diff --git a/nuclei-templates/2013/CVE-2013-0291-58ddfbc8f08958c578758b38baef9c64.yaml b/nuclei-templates/2013/CVE-2013-0291-58ddfbc8f08958c578758b38baef9c64.yaml new file mode 100644 index 0000000000..20866b31a0 --- /dev/null +++ b/nuclei-templates/2013/CVE-2013-0291-58ddfbc8f08958c578758b38baef9c64.yaml @@ -0,0 +1,58 @@ +id: CVE-2013-0291-58ddfbc8f08958c578758b38baef9c64 + +info: + name: > + NextGEN Gallery Plugin <= 0.96 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7ff27af-2b78-4214-9232-042357287ba8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: CVE-2013-0291 + metadata: + fofa-query: "wp-content/plugins/UNKNOWN-CVE-2013-0291-DELETEME/" + google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2013-0291-DELETEME/" + shodan-query: 'vuln:CVE-2013-0291' + tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2013-0291-DELETEME,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2013-0291-DELETEME/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "UNKNOWN-CVE-2013-0291-DELETEME" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.96') \ No newline at end of file diff --git a/nuclei-templates/2014/CVE-2014-4663-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/2014/CVE-2014-4663-086335e3764d29c07c7d7cc4e2750c93.yaml new file mode 100644 index 0000000000..c95ec7f11b --- /dev/null +++ b/nuclei-templates/2014/CVE-2014-4663-086335e3764d29c07c7d7cc4e2750c93.yaml @@ -0,0 +1,58 @@ +id: CVE-2014-4663-086335e3764d29c07c7d7cc4e2750c93 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: CVE-2014-4663 + metadata: + fofa-query: "wp-content/plugins/UNKNOWN-CVE-2014-4663/" + google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2014-4663/" + shodan-query: 'vuln:CVE-2014-4663' + tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2014-4663,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2014-4663/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "UNKNOWN-CVE-2014-4663" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.15.3') \ No newline at end of file diff --git a/nuclei-templates/2022/CVE-2022-28700-eee72fcaef7d6d7710f8503cc05b2365.yaml b/nuclei-templates/2022/CVE-2022-28700-eee72fcaef7d6d7710f8503cc05b2365.yaml new file mode 100644 index 0000000000..4daeb13a08 --- /dev/null +++ b/nuclei-templates/2022/CVE-2022-28700-eee72fcaef7d6d7710f8503cc05b2365.yaml @@ -0,0 +1,58 @@ +id: CVE-2022-28700-eee72fcaef7d6d7710f8503cc05b2365 + +info: + name: > + GiveWP <= 2.20.2 - Authenticated Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3fe1bb24-1f60-40f6-9b5e-58e0158bdfd3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: CVE-2022-28700 + metadata: + fofa-query: "wp-content/plugins/UNKNOWN-CVE-2022-28700/" + google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2022-28700/" + shodan-query: 'vuln:CVE-2022-28700' + tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2022-28700,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2022-28700/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "UNKNOWN-CVE-2022-28700" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.2') \ No newline at end of file diff --git a/nuclei-templates/2023/CVE-2023-6485-3e71b451d444e56f20cac2bd5a92795e.yaml b/nuclei-templates/2023/CVE-2023-6485-3e71b451d444e56f20cac2bd5a92795e.yaml new file mode 100644 index 0000000000..76a9412656 --- /dev/null +++ b/nuclei-templates/2023/CVE-2023-6485-3e71b451d444e56f20cac2bd5a92795e.yaml @@ -0,0 +1,58 @@ +id: CVE-2023-6485-3e71b451d444e56f20cac2bd5a92795e + +info: + name: > + HTML5 Video Player <= 2.5.24 - Unauthenticated SQL Injection via id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0abd2533-5cb3-4568-8ad2-f2852ab3a8db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: CVE-2023-6485 + metadata: + fofa-query: "wp-content/plugins/UNKNOWN-CVE-2023-6485-1/" + google-query: inurl:"/wp-content/plugins/UNKNOWN-CVE-2023-6485-1/" + shodan-query: 'vuln:CVE-2023-6485' + tags: cve,wordpress,wp-plugin,UNKNOWN-CVE-2023-6485-1,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/UNKNOWN-CVE-2023-6485-1/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "UNKNOWN-CVE-2023-6485-1" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/0mk-shortener-17c0f8c5353b51c76be9ea996254e492.yaml b/nuclei-templates/cve-less/plugins/0mk-shortener-17c0f8c5353b51c76be9ea996254e492.yaml new file mode 100644 index 0000000000..52b6ed6364 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/0mk-shortener-17c0f8c5353b51c76be9ea996254e492.yaml @@ -0,0 +1,58 @@ +id: 0mk-shortener-17c0f8c5353b51c76be9ea996254e492 + +info: + name: > + 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b798c64-3434-427d-b578-5abbdac8cd0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/0mk-shortener/" + google-query: inurl:"/wp-content/plugins/0mk-shortener/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,0mk-shortener,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/0mk-shortener/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "0mk-shortener" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/0mk-shortener-cbd2f40afcea324b1b6628d63c264b5b.yaml b/nuclei-templates/cve-less/plugins/0mk-shortener-cbd2f40afcea324b1b6628d63c264b5b.yaml new file mode 100644 index 0000000000..87862ea2a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/0mk-shortener-cbd2f40afcea324b1b6628d63c264b5b.yaml @@ -0,0 +1,58 @@ +id: 0mk-shortener-cbd2f40afcea324b1b6628d63c264b5b + +info: + name: > + 0mk Shortener <= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de9f3b83-4575-4566-9731-0af9107c7c30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/0mk-shortener/" + google-query: inurl:"/wp-content/plugins/0mk-shortener/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,0mk-shortener,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/0mk-shortener/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "0mk-shortener" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/1-jquery-photo-gallery-slideshow-flash-205a1fbb250b5543ad54712c5ab85794.yaml b/nuclei-templates/cve-less/plugins/1-jquery-photo-gallery-slideshow-flash-205a1fbb250b5543ad54712c5ab85794.yaml new file mode 100644 index 0000000000..93ade19ec8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/1-jquery-photo-gallery-slideshow-flash-205a1fbb250b5543ad54712c5ab85794.yaml @@ -0,0 +1,58 @@ +id: 1-jquery-photo-gallery-slideshow-flash-205a1fbb250b5543ad54712c5ab85794 + +info: + name: > + ZooEffect Plugin for Video player, Photo Gallery Slideshow jQuery and audio / music / podcast – HTML5 <= 1.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7be3688d-61f5-457d-a38b-0560205b2f8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/1-jquery-photo-gallery-slideshow-flash/" + google-query: inurl:"/wp-content/plugins/1-jquery-photo-gallery-slideshow-flash/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,1-jquery-photo-gallery-slideshow-flash,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/1-jquery-photo-gallery-slideshow-flash/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "1-jquery-photo-gallery-slideshow-flash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/1003-mortgage-application-5d3b862e6e4baaf71b24925f067433ca.yaml b/nuclei-templates/cve-less/plugins/1003-mortgage-application-5d3b862e6e4baaf71b24925f067433ca.yaml new file mode 100644 index 0000000000..42afdd1858 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/1003-mortgage-application-5d3b862e6e4baaf71b24925f067433ca.yaml @@ -0,0 +1,58 @@ +id: 1003-mortgage-application-5d3b862e6e4baaf71b24925f067433ca + +info: + name: > + 1003 Mortgage Application <= 1.75 - Authenticated (Subscriber+) Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5d77105-19a8-40eb-8a9c-aa519a757a8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/1003-mortgage-application/" + google-query: inurl:"/wp-content/plugins/1003-mortgage-application/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,1003-mortgage-application,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/1003-mortgage-application/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "1003-mortgage-application" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.75') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/1003-mortgage-application-ced1428c6198f92ade552b4de59a878b.yaml b/nuclei-templates/cve-less/plugins/1003-mortgage-application-ced1428c6198f92ade552b4de59a878b.yaml new file mode 100644 index 0000000000..d9b4d98307 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/1003-mortgage-application-ced1428c6198f92ade552b4de59a878b.yaml @@ -0,0 +1,58 @@ +id: 1003-mortgage-application-ced1428c6198f92ade552b4de59a878b + +info: + name: > + 1003 Mortgage Application <= 1.75 - Unauthenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63567094-9fb1-44b2-a3e6-99194389c4b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/1003-mortgage-application/" + google-query: inurl:"/wp-content/plugins/1003-mortgage-application/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,1003-mortgage-application,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/1003-mortgage-application/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "1003-mortgage-application" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.75') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/10to8-online-booking-22fe25cfef73eeb94b97da8f9108cc4a.yaml b/nuclei-templates/cve-less/plugins/10to8-online-booking-22fe25cfef73eeb94b97da8f9108cc4a.yaml new file mode 100644 index 0000000000..3886600cb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/10to8-online-booking-22fe25cfef73eeb94b97da8f9108cc4a.yaml @@ -0,0 +1,58 @@ +id: 10to8-online-booking-22fe25cfef73eeb94b97da8f9108cc4a + +info: + name: > + 10to8 Online Appointment Booking System <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fbb5ed0-ed76-44fe-88c4-eb05ad87e510?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/10to8-online-booking/" + google-query: inurl:"/wp-content/plugins/10to8-online-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,10to8-online-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/10to8-online-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "10to8-online-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/12-step-meeting-list-3884d9a5a5a83b7a3dc7015b6e93594e.yaml b/nuclei-templates/cve-less/plugins/12-step-meeting-list-3884d9a5a5a83b7a3dc7015b6e93594e.yaml new file mode 100644 index 0000000000..83c8a8d7b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/12-step-meeting-list-3884d9a5a5a83b7a3dc7015b6e93594e.yaml @@ -0,0 +1,58 @@ +id: 12-step-meeting-list-3884d9a5a5a83b7a3dc7015b6e93594e + +info: + name: > + 12 Step Meeting List <= 3.14.24 - Authenticated (Contributor+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d6e9cb0-6b90-4a5b-8626-0b3f378fbc92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/12-step-meeting-list/" + google-query: inurl:"/wp-content/plugins/12-step-meeting-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,12-step-meeting-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/12-step-meeting-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "12-step-meeting-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.14.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/12-step-meeting-list-63b258c691616cbc41ef567bfa0329d4.yaml b/nuclei-templates/cve-less/plugins/12-step-meeting-list-63b258c691616cbc41ef567bfa0329d4.yaml new file mode 100644 index 0000000000..53078400e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/12-step-meeting-list-63b258c691616cbc41ef567bfa0329d4.yaml @@ -0,0 +1,58 @@ +id: 12-step-meeting-list-63b258c691616cbc41ef567bfa0329d4 + +info: + name: > + 12 Step Meeting List <= 3.14.28 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8269f83b-5d7d-4f01-85ee-fd7262fed5b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/12-step-meeting-list/" + google-query: inurl:"/wp-content/plugins/12-step-meeting-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,12-step-meeting-list,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/12-step-meeting-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "12-step-meeting-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.14.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/123-chat-videochat-93f5b1d9d41a68948272932dc6addd39.yaml b/nuclei-templates/cve-less/plugins/123-chat-videochat-93f5b1d9d41a68948272932dc6addd39.yaml new file mode 100644 index 0000000000..a2f6ef6d2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/123-chat-videochat-93f5b1d9d41a68948272932dc6addd39.yaml @@ -0,0 +1,58 @@ +id: 123-chat-videochat-93f5b1d9d41a68948272932dc6addd39 + +info: + name: > + 123.chat <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a0ced4d-368d-4f12-9099-1f8c0b0fe245?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/123-chat-videochat/" + google-query: inurl:"/wp-content/plugins/123-chat-videochat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,123-chat-videochat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/123-chat-videochat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "123-chat-videochat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/1app-business-forms-0bb8bade373073a31c7eae43154f4462.yaml b/nuclei-templates/cve-less/plugins/1app-business-forms-0bb8bade373073a31c7eae43154f4462.yaml new file mode 100644 index 0000000000..eb5f5a4798 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/1app-business-forms-0bb8bade373073a31c7eae43154f4462.yaml @@ -0,0 +1,58 @@ +id: 1app-business-forms-0bb8bade373073a31c7eae43154f4462 + +info: + name: > + 1app Business Forms <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30295480-3d20-412f-a7fd-3f18d425fdc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/1app-business-forms/" + google-query: inurl:"/wp-content/plugins/1app-business-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,1app-business-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/1app-business-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "1app-business-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/1app-business-forms-3a92cf2d3b454c13398f20f7a203cccd.yaml b/nuclei-templates/cve-less/plugins/1app-business-forms-3a92cf2d3b454c13398f20f7a203cccd.yaml new file mode 100644 index 0000000000..fb0d57083c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/1app-business-forms-3a92cf2d3b454c13398f20f7a203cccd.yaml @@ -0,0 +1,58 @@ +id: 1app-business-forms-3a92cf2d3b454c13398f20f7a203cccd + +info: + name: > + 1app Business Forms <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65ab07e8-4cba-4d81-8e80-8c6c96c1095e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/1app-business-forms/" + google-query: inurl:"/wp-content/plugins/1app-business-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,1app-business-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/1app-business-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "1app-business-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/2-click-socialmedia-buttons-50d503ecab241e54444834a8beaebf25.yaml b/nuclei-templates/cve-less/plugins/2-click-socialmedia-buttons-50d503ecab241e54444834a8beaebf25.yaml new file mode 100644 index 0000000000..04ed457612 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/2-click-socialmedia-buttons-50d503ecab241e54444834a8beaebf25.yaml @@ -0,0 +1,58 @@ +id: 2-click-socialmedia-buttons-50d503ecab241e54444834a8beaebf25 + +info: + name: > + 2 Click Social Media Buttons < 0.34 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82da75f4-f036-40e0-ae4c-5011d6a39df4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/2-click-socialmedia-buttons/" + google-query: inurl:"/wp-content/plugins/2-click-socialmedia-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,2-click-socialmedia-buttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "2-click-socialmedia-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/2-click-socialmedia-buttons-a6ea9efcd2b00d833f3dd3cae90d9348.yaml b/nuclei-templates/cve-less/plugins/2-click-socialmedia-buttons-a6ea9efcd2b00d833f3dd3cae90d9348.yaml new file mode 100644 index 0000000000..e5bfd3950c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/2-click-socialmedia-buttons-a6ea9efcd2b00d833f3dd3cae90d9348.yaml @@ -0,0 +1,58 @@ +id: 2-click-socialmedia-buttons-a6ea9efcd2b00d833f3dd3cae90d9348 + +info: + name: > + 2 Click Social Media Buttons <= 0.33 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40b5d7e4-97a0-4a1c-8000-f2cfd1e751a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/2-click-socialmedia-buttons/" + google-query: inurl:"/wp-content/plugins/2-click-socialmedia-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,2-click-socialmedia-buttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/2-click-socialmedia-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "2-click-socialmedia-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/2j-slideshow-32bdd04e0affc46dfffa9d8a81425f9b.yaml b/nuclei-templates/cve-less/plugins/2j-slideshow-32bdd04e0affc46dfffa9d8a81425f9b.yaml new file mode 100644 index 0000000000..aa9c9c9b08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/2j-slideshow-32bdd04e0affc46dfffa9d8a81425f9b.yaml @@ -0,0 +1,58 @@ +id: 2j-slideshow-32bdd04e0affc46dfffa9d8a81425f9b + +info: + name: > + Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5abfc19-dc34-4458-a0af-5587b7d5a6b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/2j-slideshow/" + google-query: inurl:"/wp-content/plugins/2j-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,2j-slideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/2j-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "2j-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.54') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/2j-slideshow-6009aafd4759ca9a9de1f0b928158a27.yaml b/nuclei-templates/cve-less/plugins/2j-slideshow-6009aafd4759ca9a9de1f0b928158a27.yaml new file mode 100644 index 0000000000..52cdbf4b67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/2j-slideshow-6009aafd4759ca9a9de1f0b928158a27.yaml @@ -0,0 +1,58 @@ +id: 2j-slideshow-6009aafd4759ca9a9de1f0b928158a27 + +info: + name: > + Slideshow, Image Slider by 2J <= 1.3.31 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f06d1b9e-e27d-4c43-a69b-7641518e4615?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/2j-slideshow/" + google-query: inurl:"/wp-content/plugins/2j-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,2j-slideshow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/2j-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "2j-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/2j-slideshow-c5c3a05f327c9f5ee9273cd2dd422a24.yaml b/nuclei-templates/cve-less/plugins/2j-slideshow-c5c3a05f327c9f5ee9273cd2dd422a24.yaml new file mode 100644 index 0000000000..fc0d527d16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/2j-slideshow-c5c3a05f327c9f5ee9273cd2dd422a24.yaml @@ -0,0 +1,58 @@ +id: 2j-slideshow-c5c3a05f327c9f5ee9273cd2dd422a24 + +info: + name: > + Slideshow, Image Slider by 2J <= 1.3.54 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bbccacf-0c34-4656-834b-b3b4c0a84abe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/2j-slideshow/" + google-query: inurl:"/wp-content/plugins/2j-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,2j-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/2j-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "2j-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.54') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/2kb-amazon-affiliates-store-8030149fcea03a9895d089120ebb4064.yaml b/nuclei-templates/cve-less/plugins/2kb-amazon-affiliates-store-8030149fcea03a9895d089120ebb4064.yaml new file mode 100644 index 0000000000..2c2b9d6335 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/2kb-amazon-affiliates-store-8030149fcea03a9895d089120ebb4064.yaml @@ -0,0 +1,58 @@ +id: 2kb-amazon-affiliates-store-8030149fcea03a9895d089120ebb4064 + +info: + name: > + 2kb Amazon Affiliates Store < 2.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/926341b5-345a-4906-b578-b32bfe2ee4ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/2kb-amazon-affiliates-store/" + google-query: inurl:"/wp-content/plugins/2kb-amazon-affiliates-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,2kb-amazon-affiliates-store,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/2kb-amazon-affiliates-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "2kb-amazon-affiliates-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/2kb-amazon-affiliates-store-942a0a0ff8bd16dd5a3f3bf1e155403a.yaml b/nuclei-templates/cve-less/plugins/2kb-amazon-affiliates-store-942a0a0ff8bd16dd5a3f3bf1e155403a.yaml new file mode 100644 index 0000000000..df8348686b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/2kb-amazon-affiliates-store-942a0a0ff8bd16dd5a3f3bf1e155403a.yaml @@ -0,0 +1,58 @@ +id: 2kb-amazon-affiliates-store-942a0a0ff8bd16dd5a3f3bf1e155403a + +info: + name: > + 2kb Amazon Affiliates Store <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d7d9521-4814-411d-859f-c7645551d3c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/2kb-amazon-affiliates-store/" + google-query: inurl:"/wp-content/plugins/2kb-amazon-affiliates-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,2kb-amazon-affiliates-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/2kb-amazon-affiliates-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "2kb-amazon-affiliates-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/3-word-address-validation-field-9dec9c9b266000df591dc3dcef1e7d84.yaml b/nuclei-templates/cve-less/plugins/3-word-address-validation-field-9dec9c9b266000df591dc3dcef1e7d84.yaml new file mode 100644 index 0000000000..3601910212 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/3-word-address-validation-field-9dec9c9b266000df591dc3dcef1e7d84.yaml @@ -0,0 +1,58 @@ +id: 3-word-address-validation-field-9dec9c9b266000df591dc3dcef1e7d84 + +info: + name: > + what3words Address Field <= 4.0.0 - Authenticated (Administrator+) Sensitive Information Exposure in class-w3w-autosuggest-public.php + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/770fe29d-601b-487b-b102-d5027f09fc24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/3-word-address-validation-field/" + google-query: inurl:"/wp-content/plugins/3-word-address-validation-field/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,3-word-address-validation-field,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3-word-address-validation-field/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3-word-address-validation-field" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/360-product-rotation-bd56b3adb9677e584285e6d539545e56.yaml b/nuclei-templates/cve-less/plugins/360-product-rotation-bd56b3adb9677e584285e6d539545e56.yaml new file mode 100644 index 0000000000..f5825fd2bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/360-product-rotation-bd56b3adb9677e584285e6d539545e56.yaml @@ -0,0 +1,58 @@ +id: 360-product-rotation-bd56b3adb9677e584285e6d539545e56 + +info: + name: > + 360 Product Rotation < 1.4.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb1f22c2-fdb3-4e3c-b6d5-2e933ec889bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/360-product-rotation/" + google-query: inurl:"/wp-content/plugins/360-product-rotation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,360-product-rotation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/360-product-rotation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "360-product-rotation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/360deg-javascript-viewer-b160f2225fa61e39751381696b9f32c3.yaml b/nuclei-templates/cve-less/plugins/360deg-javascript-viewer-b160f2225fa61e39751381696b9f32c3.yaml new file mode 100644 index 0000000000..1e5a00b716 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/360deg-javascript-viewer-b160f2225fa61e39751381696b9f32c3.yaml @@ -0,0 +1,58 @@ +id: 360deg-javascript-viewer-b160f2225fa61e39751381696b9f32c3 + +info: + name: > + 360 Javascript Viewer <= 1.7.12 - Missing Authorization to Plugin Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba33c84-5198-4c77-8995-d0a315d68990?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/360deg-javascript-viewer/" + google-query: inurl:"/wp-content/plugins/360deg-javascript-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,360deg-javascript-viewer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/360deg-javascript-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "360deg-javascript-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/360deg-javascript-viewer-de737cfbceda5a83bf3527f7e7cd5395.yaml b/nuclei-templates/cve-less/plugins/360deg-javascript-viewer-de737cfbceda5a83bf3527f7e7cd5395.yaml new file mode 100644 index 0000000000..483f10e169 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/360deg-javascript-viewer-de737cfbceda5a83bf3527f7e7cd5395.yaml @@ -0,0 +1,58 @@ +id: 360deg-javascript-viewer-de737cfbceda5a83bf3527f7e7cd5395 + +info: + name: > + 360 Javascript Viewer <= 1.7.11 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25a8169d-1057-4cf2-9048-fb85f62d6ead?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/360deg-javascript-viewer/" + google-query: inurl:"/wp-content/plugins/360deg-javascript-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,360deg-javascript-viewer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/360deg-javascript-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "360deg-javascript-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/3com-asesor-de-cookies-2f1a45c352b73e0646091d728f0d1831.yaml b/nuclei-templates/cve-less/plugins/3com-asesor-de-cookies-2f1a45c352b73e0646091d728f0d1831.yaml new file mode 100644 index 0000000000..ffb440d212 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/3com-asesor-de-cookies-2f1a45c352b73e0646091d728f0d1831.yaml @@ -0,0 +1,58 @@ +id: 3com-asesor-de-cookies-2f1a45c352b73e0646091d728f0d1831 + +info: + name: > + 3com – Asesor de Cookies <= 3.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d4544b9-bb15-47e2-b377-0bae91aba4da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/3com-asesor-de-cookies/" + google-query: inurl:"/wp-content/plugins/3com-asesor-de-cookies/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,3com-asesor-de-cookies,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3com-asesor-de-cookies/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3com-asesor-de-cookies" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/3d-cover-carousel-8727745b12483495d5142bd68893d94d.yaml b/nuclei-templates/cve-less/plugins/3d-cover-carousel-8727745b12483495d5142bd68893d94d.yaml new file mode 100644 index 0000000000..708ddb9931 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/3d-cover-carousel-8727745b12483495d5142bd68893d94d.yaml @@ -0,0 +1,58 @@ +id: 3d-cover-carousel-8727745b12483495d5142bd68893d94d + +info: + name: > + 3D Cover Carousel <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5e14205-d31d-414b-aff2-22f589dbf04c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/3d-cover-carousel/" + google-query: inurl:"/wp-content/plugins/3d-cover-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,3d-cover-carousel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3d-cover-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3d-cover-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/3d-flipbook-dflip-lite-2c9be73a62038f3d8273efbfe3ddeeff.yaml b/nuclei-templates/cve-less/plugins/3d-flipbook-dflip-lite-2c9be73a62038f3d8273efbfe3ddeeff.yaml new file mode 100644 index 0000000000..5e5bf934c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/3d-flipbook-dflip-lite-2c9be73a62038f3d8273efbfe3ddeeff.yaml @@ -0,0 +1,58 @@ +id: 3d-flipbook-dflip-lite-2c9be73a62038f3d8273efbfe3ddeeff + +info: + name: > + PDF Flipbook, 3D Flipbook – DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/3d-flipbook-dflip-lite/" + google-query: inurl:"/wp-content/plugins/3d-flipbook-dflip-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,3d-flipbook-dflip-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3d-flipbook-dflip-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3d-flipbook-dflip-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/3d-flipbook-dflip-lite-6970693f733e5a846cb7f76630b73d22.yaml b/nuclei-templates/cve-less/plugins/3d-flipbook-dflip-lite-6970693f733e5a846cb7f76630b73d22.yaml new file mode 100644 index 0000000000..8c1a2d2e30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/3d-flipbook-dflip-lite-6970693f733e5a846cb7f76630b73d22.yaml @@ -0,0 +1,58 @@ +id: 3d-flipbook-dflip-lite-6970693f733e5a846cb7f76630b73d22 + +info: + name: > + DearFlip <= 2.2.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via force_fit + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a10cf70e-bc66-4888-b88d-c1c4847389c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/3d-flipbook-dflip-lite/" + google-query: inurl:"/wp-content/plugins/3d-flipbook-dflip-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,3d-flipbook-dflip-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3d-flipbook-dflip-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3d-flipbook-dflip-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/3d-flipbook-dflip-lite-f6e79c74546c68ce5cae314ffc286a54.yaml b/nuclei-templates/cve-less/plugins/3d-flipbook-dflip-lite-f6e79c74546c68ce5cae314ffc286a54.yaml new file mode 100644 index 0000000000..7aa378fb15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/3d-flipbook-dflip-lite-f6e79c74546c68ce5cae314ffc286a54.yaml @@ -0,0 +1,58 @@ +id: 3d-flipbook-dflip-lite-f6e79c74546c68ce5cae314ffc286a54 + +info: + name: > + PDF Flipbook, 3D Flipbook WordPress – DearFlip Lite <= 1.7.12 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efb692da-6878-420a-b16e-2cb871bef764?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/3d-flipbook-dflip-lite/" + google-query: inurl:"/wp-content/plugins/3d-flipbook-dflip-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,3d-flipbook-dflip-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3d-flipbook-dflip-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3d-flipbook-dflip-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/3dprint-d5d38bc96ea3d80c250cd1535165fc1d.yaml b/nuclei-templates/cve-less/plugins/3dprint-d5d38bc96ea3d80c250cd1535165fc1d.yaml new file mode 100644 index 0000000000..939e76f1c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/3dprint-d5d38bc96ea3d80c250cd1535165fc1d.yaml @@ -0,0 +1,58 @@ +id: 3dprint-d5d38bc96ea3d80c250cd1535165fc1d + +info: + name: > + 3DPrint <= 3.5.6.8 - Cross-Site Request Forgery to Arbitrary File Download + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/095724bb-9949-4c62-9a11-02f1cd4c6043?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/3dprint/" + google-query: inurl:"/wp-content/plugins/3dprint/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,3dprint,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3dprint/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3dprint" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/3dprint-f6f5e5b83dd05b47087018ab93dc70c8.yaml b/nuclei-templates/cve-less/plugins/3dprint-f6f5e5b83dd05b47087018ab93dc70c8.yaml new file mode 100644 index 0000000000..6ef48f7591 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/3dprint-f6f5e5b83dd05b47087018ab93dc70c8.yaml @@ -0,0 +1,58 @@ +id: 3dprint-f6f5e5b83dd05b47087018ab93dc70c8 + +info: + name: > + 3DPrint <= 3.5.4.7 - Cross-Site Request Forgery to Arbitrary File Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f89e9c46-aca3-4b2f-b935-2976c510ed8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/3dprint/" + google-query: inurl:"/wp-content/plugins/3dprint/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,3dprint,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3dprint/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3dprint" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/3dprint-lite-e32ba6270a5c504833f090f97c5f6929.yaml b/nuclei-templates/cve-less/plugins/3dprint-lite-e32ba6270a5c504833f090f97c5f6929.yaml new file mode 100644 index 0000000000..ee452f4b47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/3dprint-lite-e32ba6270a5c504833f090f97c5f6929.yaml @@ -0,0 +1,58 @@ +id: 3dprint-lite-e32ba6270a5c504833f090f97c5f6929 + +info: + name: > + 3DPrint Lite < 1.9.1.5 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d52f601b-6a80-4b6f-895b-fcbbdf73103a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/3dprint-lite/" + google-query: inurl:"/wp-content/plugins/3dprint-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,3dprint-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3dprint-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3dprint-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/3r-elementor-timeline-widget-1c97daee437b7051f2d3a3601380f79a.yaml b/nuclei-templates/cve-less/plugins/3r-elementor-timeline-widget-1c97daee437b7051f2d3a3601380f79a.yaml new file mode 100644 index 0000000000..a774294b85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/3r-elementor-timeline-widget-1c97daee437b7051f2d3a3601380f79a.yaml @@ -0,0 +1,58 @@ +id: 3r-elementor-timeline-widget-1c97daee437b7051f2d3a3601380f79a + +info: + name: > + Elementor Timeline Widget <= 2.2 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/819b3e0c-1cd0-45f9-8621-41817ad1de5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/3r-elementor-timeline-widget/" + google-query: inurl:"/wp-content/plugins/3r-elementor-timeline-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,3r-elementor-timeline-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3r-elementor-timeline-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3r-elementor-timeline-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/3xsocializer-af2ae774d22378ee0a69d1768e15e475.yaml b/nuclei-templates/cve-less/plugins/3xsocializer-af2ae774d22378ee0a69d1768e15e475.yaml new file mode 100644 index 0000000000..04e1ad666e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/3xsocializer-af2ae774d22378ee0a69d1768e15e475.yaml @@ -0,0 +1,58 @@ +id: 3xsocializer-af2ae774d22378ee0a69d1768e15e475 + +info: + name: > + 3xSocializer <= 0.98.22 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1200d2b3-2c1b-44a4-bf87-2d9b0121d6cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/3xsocializer/" + google-query: inurl:"/wp-content/plugins/3xsocializer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,3xsocializer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/3xsocializer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "3xsocializer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.98.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/404-redirection-manager-5abfc4a3a7a8a78baed36252f32bd2c8.yaml b/nuclei-templates/cve-less/plugins/404-redirection-manager-5abfc4a3a7a8a78baed36252f32bd2c8.yaml new file mode 100644 index 0000000000..ceea148301 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/404-redirection-manager-5abfc4a3a7a8a78baed36252f32bd2c8.yaml @@ -0,0 +1,58 @@ +id: 404-redirection-manager-5abfc4a3a7a8a78baed36252f32bd2c8 + +info: + name: > + 404 SEO Redirection <= 1.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d6bebb7-375c-45b8-9b54-58c6dbc0bb70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/404-redirection-manager/" + google-query: inurl:"/wp-content/plugins/404-redirection-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,404-redirection-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404-redirection-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404-redirection-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/404-redirection-manager-ab1f48347ef68d08de8af611ca6f7153.yaml b/nuclei-templates/cve-less/plugins/404-redirection-manager-ab1f48347ef68d08de8af611ca6f7153.yaml new file mode 100644 index 0000000000..ed859f7e4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/404-redirection-manager-ab1f48347ef68d08de8af611ca6f7153.yaml @@ -0,0 +1,58 @@ +id: 404-redirection-manager-ab1f48347ef68d08de8af611ca6f7153 + +info: + name: > + 404 SEO Redirection <= 1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b64921fe-1b09-49e7-b2ec-f708fba99c2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/404-redirection-manager/" + google-query: inurl:"/wp-content/plugins/404-redirection-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,404-redirection-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404-redirection-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404-redirection-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/404-solution-64f66ce5bf8a7c60ba469ac77d7c053d.yaml b/nuclei-templates/cve-less/plugins/404-solution-64f66ce5bf8a7c60ba469ac77d7c053d.yaml new file mode 100644 index 0000000000..c4d2dd9996 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/404-solution-64f66ce5bf8a7c60ba469ac77d7c053d.yaml @@ -0,0 +1,58 @@ +id: 404-solution-64f66ce5bf8a7c60ba469ac77d7c053d + +info: + name: > + 404 Solution <= 2.35.7 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/901e85b9-0948-4a00-a29f-a726b53ba51b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/404-solution/" + google-query: inurl:"/wp-content/plugins/404-solution/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,404-solution,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404-solution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404-solution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.35.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/404-solution-80092ae62e91070a929addb38cf05eeb.yaml b/nuclei-templates/cve-less/plugins/404-solution-80092ae62e91070a929addb38cf05eeb.yaml new file mode 100644 index 0000000000..e767a81d33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/404-solution-80092ae62e91070a929addb38cf05eeb.yaml @@ -0,0 +1,58 @@ +id: 404-solution-80092ae62e91070a929addb38cf05eeb + +info: + name: > + 404 Solution <= 2.33.0 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73643d45-9542-4372-a7a2-0a443819b8a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/404-solution/" + google-query: inurl:"/wp-content/plugins/404-solution/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,404-solution,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404-solution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404-solution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.33.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/404-solution-e8f10c1130d647962cf4e7ae1be8e563.yaml b/nuclei-templates/cve-less/plugins/404-solution-e8f10c1130d647962cf4e7ae1be8e563.yaml new file mode 100644 index 0000000000..31732dc8c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/404-solution-e8f10c1130d647962cf4e7ae1be8e563.yaml @@ -0,0 +1,58 @@ +id: 404-solution-e8f10c1130d647962cf4e7ae1be8e563 + +info: + name: > + 404 Solution <= 2.34.0 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/477d3d7a-6028-4dd3-b713-6098bfe32832?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/404-solution/" + google-query: inurl:"/wp-content/plugins/404-solution/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,404-solution,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404-solution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404-solution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.35.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/404-to-301-30cdceb24c9fb6269d5ab38dde655939.yaml b/nuclei-templates/cve-less/plugins/404-to-301-30cdceb24c9fb6269d5ab38dde655939.yaml new file mode 100644 index 0000000000..5bbce83f8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/404-to-301-30cdceb24c9fb6269d5ab38dde655939.yaml @@ -0,0 +1,58 @@ +id: 404-to-301-30cdceb24c9fb6269d5ab38dde655939 + +info: + name: > + 404 to 301 – Redirect, Log and Notify 404 Errors <= 2.0.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69b2f126-8f57-4bea-b0e9-14b4566ac470?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/404-to-301/" + google-query: inurl:"/wp-content/plugins/404-to-301/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,404-to-301,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404-to-301/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404-to-301" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/404-to-301-77ebf1c20a9fe589cfb00388461b5ac7.yaml b/nuclei-templates/cve-less/plugins/404-to-301-77ebf1c20a9fe589cfb00388461b5ac7.yaml new file mode 100644 index 0000000000..8ced7aecfa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/404-to-301-77ebf1c20a9fe589cfb00388461b5ac7.yaml @@ -0,0 +1,58 @@ +id: 404-to-301-77ebf1c20a9fe589cfb00388461b5ac7 + +info: + name: > + 404 to 301 <= 3.0.8 - Logs Deletion via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e229ab5e-c9e3-4a7c-ac28-ba35b6abf85e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/404-to-301/" + google-query: inurl:"/wp-content/plugins/404-to-301/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,404-to-301,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404-to-301/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404-to-301" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/404-to-301-e5012481eb3358496d9e8266284a0c72.yaml b/nuclei-templates/cve-less/plugins/404-to-301-e5012481eb3358496d9e8266284a0c72.yaml new file mode 100644 index 0000000000..31794e407c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/404-to-301-e5012481eb3358496d9e8266284a0c72.yaml @@ -0,0 +1,58 @@ +id: 404-to-301-e5012481eb3358496d9e8266284a0c72 + +info: + name: > + 404 to 301 <= 3.0.7 - Missing Authorization to Redirect Creation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05d6b27f-b1e5-4bb8-b7db-f8295a5e0d5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/404-to-301/" + google-query: inurl:"/wp-content/plugins/404-to-301/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,404-to-301,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404-to-301/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404-to-301" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/404-to-start-540d765197d5d77b942283129699e946.yaml b/nuclei-templates/cve-less/plugins/404-to-start-540d765197d5d77b942283129699e946.yaml new file mode 100644 index 0000000000..0e477e64ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/404-to-start-540d765197d5d77b942283129699e946.yaml @@ -0,0 +1,58 @@ +id: 404-to-start-540d765197d5d77b942283129699e946 + +info: + name: > + 404 to Start <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d4c5ff9-d4aa-4270-b00b-41353b32c8e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/404-to-start/" + google-query: inurl:"/wp-content/plugins/404-to-start/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,404-to-start,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404-to-start/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404-to-start" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/404like-af8b6c1405ca4fecbb6348cbb779bff6.yaml b/nuclei-templates/cve-less/plugins/404like-af8b6c1405ca4fecbb6348cbb779bff6.yaml new file mode 100644 index 0000000000..a93ad95c6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/404like-af8b6c1405ca4fecbb6348cbb779bff6.yaml @@ -0,0 +1,58 @@ +id: 404like-af8b6c1405ca4fecbb6348cbb779bff6 + +info: + name: > + 404like <= 1.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5bcad01-02ca-46a0-9196-df9f2110bc8a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/404like/" + google-query: inurl:"/wp-content/plugins/404like/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,404like,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404like/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404like" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/404s-fb3335fd014953747fe67771d5c2fe67.yaml b/nuclei-templates/cve-less/plugins/404s-fb3335fd014953747fe67771d5c2fe67.yaml new file mode 100644 index 0000000000..b525bafd0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/404s-fb3335fd014953747fe67771d5c2fe67.yaml @@ -0,0 +1,58 @@ +id: 404s-fb3335fd014953747fe67771d5c2fe67 + +info: + name: > + 404s <= 3.4.9 - Administrator+ Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ef48df5-dc3f-45d2-87af-35a3a0ed8c2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/404s/" + google-query: inurl:"/wp-content/plugins/404s/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,404s,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/404s/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "404s" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/4ecps-webforms-2d4f6a1b39a4cc9b06569630fa151900.yaml b/nuclei-templates/cve-less/plugins/4ecps-webforms-2d4f6a1b39a4cc9b06569630fa151900.yaml new file mode 100644 index 0000000000..f82be4ad5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/4ecps-webforms-2d4f6a1b39a4cc9b06569630fa151900.yaml @@ -0,0 +1,58 @@ +id: 4ecps-webforms-2d4f6a1b39a4cc9b06569630fa151900 + +info: + name: > + 4ECPS Web Forms <= 0.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/550fcbbd-254d-4b3c-a240-8afcf9f6937e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/4ecps-webforms/" + google-query: inurl:"/wp-content/plugins/4ecps-webforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,4ecps-webforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/4ecps-webforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "4ecps-webforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/4k-icon-fonts-for-visual-composer-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/4k-icon-fonts-for-visual-composer-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..00d2791e0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/4k-icon-fonts-for-visual-composer-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: 4k-icon-fonts-for-visual-composer-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/4k-icon-fonts-for-visual-composer/" + google-query: inurl:"/wp-content/plugins/4k-icon-fonts-for-visual-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,4k-icon-fonts-for-visual-composer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/4k-icon-fonts-for-visual-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "4k-icon-fonts-for-visual-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/5-anker-connect-01a4732a49ff7a9ef4ebc45204cbcc4f.yaml b/nuclei-templates/cve-less/plugins/5-anker-connect-01a4732a49ff7a9ef4ebc45204cbcc4f.yaml new file mode 100644 index 0000000000..756e0beb86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/5-anker-connect-01a4732a49ff7a9ef4ebc45204cbcc4f.yaml @@ -0,0 +1,58 @@ +id: 5-anker-connect-01a4732a49ff7a9ef4ebc45204cbcc4f + +info: + name: > + 5 Anker Connect <= 1.2.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bc1f99e-1aa8-431a-a2ab-bdee5ece602f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/5-anker-connect/" + google-query: inurl:"/wp-content/plugins/5-anker-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,5-anker-connect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/5-anker-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "5-anker-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/5-stars-rating-funnel-067c415d5e57c3f7bf3c32e31e7bfdc9.yaml b/nuclei-templates/cve-less/plugins/5-stars-rating-funnel-067c415d5e57c3f7bf3c32e31e7bfdc9.yaml new file mode 100644 index 0000000000..b160cf921c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/5-stars-rating-funnel-067c415d5e57c3f7bf3c32e31e7bfdc9.yaml @@ -0,0 +1,58 @@ +id: 5-stars-rating-funnel-067c415d5e57c3f7bf3c32e31e7bfdc9 + +info: + name: > + 5 Stars Rating Funnel <= 1.2.53 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5093d787-0357-4c28-9d27-8335b10fc499?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/5-stars-rating-funnel/" + google-query: inurl:"/wp-content/plugins/5-stars-rating-funnel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,5-stars-rating-funnel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/5-stars-rating-funnel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "5-stars-rating-funnel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.53') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/5-stars-rating-funnel-078909fc07244cccae3451c5f9a6996f.yaml b/nuclei-templates/cve-less/plugins/5-stars-rating-funnel-078909fc07244cccae3451c5f9a6996f.yaml new file mode 100644 index 0000000000..3a4786e183 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/5-stars-rating-funnel-078909fc07244cccae3451c5f9a6996f.yaml @@ -0,0 +1,58 @@ +id: 5-stars-rating-funnel-078909fc07244cccae3451c5f9a6996f + +info: + name: > + 5 Stars Rating Funnel <= 1.2.67 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/461cf8ba-a0d1-4de8-983d-170305e14f97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/5-stars-rating-funnel/" + google-query: inurl:"/wp-content/plugins/5-stars-rating-funnel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,5-stars-rating-funnel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/5-stars-rating-funnel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "5-stars-rating-funnel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/5-stars-rating-funnel-aa9afd9a4b3e913533a4ca30d7c2f62e.yaml b/nuclei-templates/cve-less/plugins/5-stars-rating-funnel-aa9afd9a4b3e913533a4ca30d7c2f62e.yaml new file mode 100644 index 0000000000..dbdf83bdc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/5-stars-rating-funnel-aa9afd9a4b3e913533a4ca30d7c2f62e.yaml @@ -0,0 +1,58 @@ +id: 5-stars-rating-funnel-aa9afd9a4b3e913533a4ca30d7c2f62e + +info: + name: > + 5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg <= 1.2.67 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/caf879a7-650e-4c70-b23a-51cac00f0cc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/5-stars-rating-funnel/" + google-query: inurl:"/wp-content/plugins/5-stars-rating-funnel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,5-stars-rating-funnel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/5-stars-rating-funnel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "5-stars-rating-funnel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.02') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/5280-bootstrap-modal-contact-form-4d5bd93e0c27080244733cb180f3f8d5.yaml b/nuclei-templates/cve-less/plugins/5280-bootstrap-modal-contact-form-4d5bd93e0c27080244733cb180f3f8d5.yaml new file mode 100644 index 0000000000..c485273272 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/5280-bootstrap-modal-contact-form-4d5bd93e0c27080244733cb180f3f8d5.yaml @@ -0,0 +1,58 @@ +id: 5280-bootstrap-modal-contact-form-4d5bd93e0c27080244733cb180f3f8d5 + +info: + name: > + 5280 Bootstrap Modal Contact Form <= 1.0 - Cross-Site Request Forgery to Bulk Delete Messages + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18464483-1d2f-4a4e-a1cc-6c1ddcc2dcf5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/5280-bootstrap-modal-contact-form/" + google-query: inurl:"/wp-content/plugins/5280-bootstrap-modal-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,5280-bootstrap-modal-contact-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/5280-bootstrap-modal-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "5280-bootstrap-modal-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android-535595f4b0854a5ba3ef769bc0a6d8a1.yaml b/nuclei-templates/cve-less/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android-535595f4b0854a5ba3ef769bc0a6d8a1.yaml new file mode 100644 index 0000000000..c7e0a8b7f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android-535595f4b0854a5ba3ef769bc0a6d8a1.yaml @@ -0,0 +1,58 @@ +id: 59sec-lite-contact-form-7-push-notifications-on-ios-and-android-535595f4b0854a5ba3ef769bc0a6d8a1 + +info: + name: > + THE Leads Management System: 59sec LITE <= 3.4.1 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65aa6694-0ed9-40a4-bd1c-1b51cd5e537d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/" + google-query: inurl:"/wp-content/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,59sec-lite-contact-form-7-push-notifications-on-ios-and-android,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "59sec-lite-contact-form-7-push-notifications-on-ios-and-android" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/8-degree-notification-bar-d7e6e52fbc5100c15dd93975c02af422.yaml b/nuclei-templates/cve-less/plugins/8-degree-notification-bar-d7e6e52fbc5100c15dd93975c02af422.yaml new file mode 100644 index 0000000000..206f5396c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/8-degree-notification-bar-d7e6e52fbc5100c15dd93975c02af422.yaml @@ -0,0 +1,58 @@ +id: 8-degree-notification-bar-d7e6e52fbc5100c15dd93975c02af422 + +info: + name: > + Notification Bar for WordPress <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c49389b5-bf5a-49b8-8d20-404195b50308?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/8-degree-notification-bar/" + google-query: inurl:"/wp-content/plugins/8-degree-notification-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,8-degree-notification-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/8-degree-notification-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "8-degree-notification-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/99fy-core-2ade9cd6a231682261bc318b1ed04cfb.yaml b/nuclei-templates/cve-less/plugins/99fy-core-2ade9cd6a231682261bc318b1ed04cfb.yaml new file mode 100644 index 0000000000..22fe8a29be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/99fy-core-2ade9cd6a231682261bc318b1ed04cfb.yaml @@ -0,0 +1,58 @@ +id: 99fy-core-2ade9cd6a231682261bc318b1ed04cfb + +info: + name: > + Free WooCommerce Theme 99fy Extension <= 1.2.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e215a5c-7a01-4a1d-b051-3abf742bf573?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/99fy-core/" + google-query: inurl:"/wp-content/plugins/99fy-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,99fy-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/99fy-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "99fy-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/99robots-header-footer-code-manager-pro-747c4bd1125204cefd447ba68faf21f5.yaml b/nuclei-templates/cve-less/plugins/99robots-header-footer-code-manager-pro-747c4bd1125204cefd447ba68faf21f5.yaml new file mode 100644 index 0000000000..490c0ee57a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/99robots-header-footer-code-manager-pro-747c4bd1125204cefd447ba68faf21f5.yaml @@ -0,0 +1,58 @@ +id: 99robots-header-footer-code-manager-pro-747c4bd1125204cefd447ba68faf21f5 + +info: + name: > + Header Footer Code Manager Pro <= 1.0.16 - Reflected Cross-Site Scripting via message + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83a35d16-526d-4e45-b2cf-a6858b2b2f21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/99robots-header-footer-code-manager-pro/" + google-query: inurl:"/wp-content/plugins/99robots-header-footer-code-manager-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,99robots-header-footer-code-manager-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/99robots-header-footer-code-manager-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "99robots-header-footer-code-manager-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/a-forms-44494ddc52293f35d4e91f03bc8a3bb3.yaml b/nuclei-templates/cve-less/plugins/a-forms-44494ddc52293f35d4e91f03bc8a3bb3.yaml new file mode 100644 index 0000000000..afbb3a0f92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/a-forms-44494ddc52293f35d4e91f03bc8a3bb3.yaml @@ -0,0 +1,58 @@ +id: a-forms-44494ddc52293f35d4e91f03bc8a3bb3 + +info: + name: > + A Forms <= 1.4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0755c8f-89c4-45a5-95a4-fcfe985f037f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/a-forms/" + google-query: inurl:"/wp-content/plugins/a-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,a-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/a-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "a-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/a2-optimized-wp-7a6dd13ed18a2e45d6c2f734b970d2e6.yaml b/nuclei-templates/cve-less/plugins/a2-optimized-wp-7a6dd13ed18a2e45d6c2f734b970d2e6.yaml new file mode 100644 index 0000000000..72bf72966a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/a2-optimized-wp-7a6dd13ed18a2e45d6c2f734b970d2e6.yaml @@ -0,0 +1,58 @@ +id: a2-optimized-wp-7a6dd13ed18a2e45d6c2f734b970d2e6 + +info: + name: > + A2 Optimized WP <= 3.0.4 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/463fdbde-1d98-4f52-b835-cba1ae567f4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/a2-optimized-wp/" + google-query: inurl:"/wp-content/plugins/a2-optimized-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,a2-optimized-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/a2-optimized-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "a2-optimized-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/a3-portfolio-69bbdafafddf73eabec5b44d29b3cf8b.yaml b/nuclei-templates/cve-less/plugins/a3-portfolio-69bbdafafddf73eabec5b44d29b3cf8b.yaml new file mode 100644 index 0000000000..d43c2baf60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/a3-portfolio-69bbdafafddf73eabec5b44d29b3cf8b.yaml @@ -0,0 +1,58 @@ +id: a3-portfolio-69bbdafafddf73eabec5b44d29b3cf8b + +info: + name: > + a3 Portfolio <= 3.1.0 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a190909-4b0f-4a44-8371-d79f64d323c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/a3-portfolio/" + google-query: inurl:"/wp-content/plugins/a3-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,a3-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/a3-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "a3-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/a4-barcode-generator-1003d8c4cbec4c692768d02c2deb833d.yaml b/nuclei-templates/cve-less/plugins/a4-barcode-generator-1003d8c4cbec4c692768d02c2deb833d.yaml new file mode 100644 index 0000000000..86a5452636 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/a4-barcode-generator-1003d8c4cbec4c692768d02c2deb833d.yaml @@ -0,0 +1,58 @@ +id: a4-barcode-generator-1003d8c4cbec4c692768d02c2deb833d + +info: + name: > + Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Templates + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2d03b83-c406-4d3f-b6be-015edcc15515?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/a4-barcode-generator/" + google-query: inurl:"/wp-content/plugins/a4-barcode-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,a4-barcode-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/a4-barcode-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "a4-barcode-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/a4-barcode-generator-96d45953f77055903959c32a94c71bbf.yaml b/nuclei-templates/cve-less/plugins/a4-barcode-generator-96d45953f77055903959c32a94c71bbf.yaml new file mode 100644 index 0000000000..52de74890f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/a4-barcode-generator-96d45953f77055903959c32a94c71bbf.yaml @@ -0,0 +1,58 @@ +id: a4-barcode-generator-96d45953f77055903959c32a94c71bbf + +info: + name: > + Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e15d285-aa1d-461d-bdc2-642e7ccd789b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/a4-barcode-generator/" + google-query: inurl:"/wp-content/plugins/a4-barcode-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,a4-barcode-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/a4-barcode-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "a4-barcode-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aa-calculator-abc87888690b19dcb77925a4c30ad407.yaml b/nuclei-templates/cve-less/plugins/aa-calculator-abc87888690b19dcb77925a4c30ad407.yaml new file mode 100644 index 0000000000..346e6260b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aa-calculator-abc87888690b19dcb77925a4c30ad407.yaml @@ -0,0 +1,58 @@ +id: aa-calculator-abc87888690b19dcb77925a4c30ad407 + +info: + name: > + AA Cash Calculator <= 1.0 - Reflected Cross-Site Scripting via invoice + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/933ea8a2-3d1d-43a3-bb14-52f37576c9e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aa-calculator/" + google-query: inurl:"/wp-content/plugins/aa-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aa-calculator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aa-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aa-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aajoda-testimonials-6d0e53ee77e3c1fef450b5cd709f1ad9.yaml b/nuclei-templates/cve-less/plugins/aajoda-testimonials-6d0e53ee77e3c1fef450b5cd709f1ad9.yaml new file mode 100644 index 0000000000..372ebce1db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aajoda-testimonials-6d0e53ee77e3c1fef450b5cd709f1ad9.yaml @@ -0,0 +1,58 @@ +id: aajoda-testimonials-6d0e53ee77e3c1fef450b5cd709f1ad9 + +info: + name: > + Aajoda Testimonials <= 2.2.1 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10f28404-acd0-40de-af42-2970b5b25bde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aajoda-testimonials/" + google-query: inurl:"/wp-content/plugins/aajoda-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aajoda-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aajoda-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aajoda-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aawp-339dac9db5bc9d83f9bdf6846ab3c955.yaml b/nuclei-templates/cve-less/plugins/aawp-339dac9db5bc9d83f9bdf6846ab3c955.yaml new file mode 100644 index 0000000000..3aa308acab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aawp-339dac9db5bc9d83f9bdf6846ab3c955.yaml @@ -0,0 +1,58 @@ +id: aawp-339dac9db5bc9d83f9bdf6846ab3c955 + +info: + name: > + Amazon Affiliate <= 3.12.2 - Reflected File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e94f9cde-5e8b-4d68-8ede-12d678a370ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aawp/" + google-query: inurl:"/wp-content/plugins/aawp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aawp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aawp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aawp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.12.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ab-google-map-travel-5b4876c37f7fd35309718a01d65b18f0.yaml b/nuclei-templates/cve-less/plugins/ab-google-map-travel-5b4876c37f7fd35309718a01d65b18f0.yaml new file mode 100644 index 0000000000..21d95b8d6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ab-google-map-travel-5b4876c37f7fd35309718a01d65b18f0.yaml @@ -0,0 +1,58 @@ +id: ab-google-map-travel-5b4876c37f7fd35309718a01d65b18f0 + +info: + name: > + AB Google Map Travel (AB-MAP) < 4.0 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/241073e4-b8f2-4dd3-ad66-6dda8c61b42c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ab-google-map-travel/" + google-query: inurl:"/wp-content/plugins/ab-google-map-travel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ab-google-map-travel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ab-google-map-travel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ab-google-map-travel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ab-press-optimizer-lite-414da17bdb4a780711966608cd7b68aa.yaml b/nuclei-templates/cve-less/plugins/ab-press-optimizer-lite-414da17bdb4a780711966608cd7b68aa.yaml new file mode 100644 index 0000000000..4c81ed7917 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ab-press-optimizer-lite-414da17bdb4a780711966608cd7b68aa.yaml @@ -0,0 +1,58 @@ +id: ab-press-optimizer-lite-414da17bdb4a780711966608cd7b68aa + +info: + name: > + AB Press Optimizer <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd8f355b-736b-442a-917e-9fa603abb853?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ab-press-optimizer-lite/" + google-query: inurl:"/wp-content/plugins/ab-press-optimizer-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ab-press-optimizer-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ab-press-optimizer-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ab-press-optimizer-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ab-rankings-testing-tool-d05a6b8d7f246d51e5c6639ab5b124d6.yaml b/nuclei-templates/cve-less/plugins/ab-rankings-testing-tool-d05a6b8d7f246d51e5c6639ab5b124d6.yaml new file mode 100644 index 0000000000..5757c8f101 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ab-rankings-testing-tool-d05a6b8d7f246d51e5c6639ab5b124d6.yaml @@ -0,0 +1,58 @@ +id: ab-rankings-testing-tool-d05a6b8d7f246d51e5c6639ab5b124d6 + +info: + name: > + SEO Scout <= 0.9.83 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44b259c7-ea91-4ab5-a46b-67aec50654c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ab-rankings-testing-tool/" + google-query: inurl:"/wp-content/plugins/ab-rankings-testing-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ab-rankings-testing-tool,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ab-rankings-testing-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ab-rankings-testing-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.83') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/abitgone-commentsafe-5f5e581ab08c36f61f1784ceff23dfca.yaml b/nuclei-templates/cve-less/plugins/abitgone-commentsafe-5f5e581ab08c36f61f1784ceff23dfca.yaml new file mode 100644 index 0000000000..bfeef74949 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/abitgone-commentsafe-5f5e581ab08c36f61f1784ceff23dfca.yaml @@ -0,0 +1,58 @@ +id: abitgone-commentsafe-5f5e581ab08c36f61f1784ceff23dfca + +info: + name: > + aBitGone CommentSafe <= 1.0.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2375027c-9619-40fc-811d-7f4ba02bee53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/abitgone-commentsafe/" + google-query: inurl:"/wp-content/plugins/abitgone-commentsafe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,abitgone-commentsafe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/abitgone-commentsafe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "abitgone-commentsafe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/about-author-box-0b3e32c5343e2d92c6dd937071e516b1.yaml b/nuclei-templates/cve-less/plugins/about-author-box-0b3e32c5343e2d92c6dd937071e516b1.yaml new file mode 100644 index 0000000000..973e919278 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/about-author-box-0b3e32c5343e2d92c6dd937071e516b1.yaml @@ -0,0 +1,58 @@ +id: about-author-box-0b3e32c5343e2d92c6dd937071e516b1 + +info: + name: > + About Author Box < 1.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b17e416-7ca5-4447-ad7e-d3da2fddab86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/about-author-box/" + google-query: inurl:"/wp-content/plugins/about-author-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,about-author-box,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/about-author-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "about-author-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/about-me-3000-d71809a4e98fe91e7030122fe36364ba.yaml b/nuclei-templates/cve-less/plugins/about-me-3000-d71809a4e98fe91e7030122fe36364ba.yaml new file mode 100644 index 0000000000..abfa669ba5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/about-me-3000-d71809a4e98fe91e7030122fe36364ba.yaml @@ -0,0 +1,58 @@ +id: about-me-3000-d71809a4e98fe91e7030122fe36364ba + +info: + name: > + About Me 3000 widget <= 2.2.6 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62c1b5ce-cd58-4805-9a40-1af529604406?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/about-me-3000/" + google-query: inurl:"/wp-content/plugins/about-me-3000/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,about-me-3000,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/about-me-3000/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "about-me-3000" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/about-me-3000-e7894ec8416d5b9bca834efe054366ef.yaml b/nuclei-templates/cve-less/plugins/about-me-3000-e7894ec8416d5b9bca834efe054366ef.yaml new file mode 100644 index 0000000000..2fc1c9fcbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/about-me-3000-e7894ec8416d5b9bca834efe054366ef.yaml @@ -0,0 +1,58 @@ +id: about-me-3000-e7894ec8416d5b9bca834efe054366ef + +info: + name: > + About Me 3000 widget <= 2.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be6f660f-041a-42f2-ab5b-72aedf75727d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/about-me-3000/" + google-query: inurl:"/wp-content/plugins/about-me-3000/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,about-me-3000,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/about-me-3000/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "about-me-3000" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/about-me-a5ad111bbf24e4213c2e76334a25e047.yaml b/nuclei-templates/cve-less/plugins/about-me-a5ad111bbf24e4213c2e76334a25e047.yaml new file mode 100644 index 0000000000..e6a6de2348 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/about-me-a5ad111bbf24e4213c2e76334a25e047.yaml @@ -0,0 +1,58 @@ +id: about-me-a5ad111bbf24e4213c2e76334a25e047 + +info: + name: > + About Me <= 1.0.12 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca21320a-ee26-47e9-bbf8-cfbb45d7a882?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/about-me/" + google-query: inurl:"/wp-content/plugins/about-me/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,about-me,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/about-me/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "about-me" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/about-rentals-e3ba97fb48a1eae9c0640e6703a15a7c.yaml b/nuclei-templates/cve-less/plugins/about-rentals-e3ba97fb48a1eae9c0640e6703a15a7c.yaml new file mode 100644 index 0000000000..d9adfc5c89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/about-rentals-e3ba97fb48a1eae9c0640e6703a15a7c.yaml @@ -0,0 +1,58 @@ +id: about-rentals-e3ba97fb48a1eae9c0640e6703a15a7c + +info: + name: > + About Rentals <= 1.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bde90d33-b36f-4ca9-87c2-f0dab723ed06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/about-rentals/" + google-query: inurl:"/wp-content/plugins/about-rentals/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,about-rentals,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/about-rentals/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "about-rentals" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/absolute-privacy-08a30537532865cd761666366968e42d.yaml b/nuclei-templates/cve-less/plugins/absolute-privacy-08a30537532865cd761666366968e42d.yaml new file mode 100644 index 0000000000..5f783a6cec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/absolute-privacy-08a30537532865cd761666366968e42d.yaml @@ -0,0 +1,58 @@ +id: absolute-privacy-08a30537532865cd761666366968e42d + +info: + name: > + Absolute Privacy <= 2.1 - Cross-Site Request Forgery to User Email/Password Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3855e84-b97e-4729-8a48-55f2a2444e2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/absolute-privacy/" + google-query: inurl:"/wp-content/plugins/absolute-privacy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,absolute-privacy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/absolute-privacy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "absolute-privacy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/absolute-reviews-bcec64a9217ef083d681e74eb6ceccde.yaml b/nuclei-templates/cve-less/plugins/absolute-reviews-bcec64a9217ef083d681e74eb6ceccde.yaml new file mode 100644 index 0000000000..c613f88755 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/absolute-reviews-bcec64a9217ef083d681e74eb6ceccde.yaml @@ -0,0 +1,58 @@ +id: absolute-reviews-bcec64a9217ef083d681e74eb6ceccde + +info: + name: > + Absolute Reviews <= 1.0.8 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec1ee47d-020c-482d-ad6f-663d78e624b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/absolute-reviews/" + google-query: inurl:"/wp-content/plugins/absolute-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,absolute-reviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/absolute-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "absolute-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/abwp-simple-counter-2583c8c1dd1479446cbf085c6134c883.yaml b/nuclei-templates/cve-less/plugins/abwp-simple-counter-2583c8c1dd1479446cbf085c6134c883.yaml new file mode 100644 index 0000000000..15db1de006 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/abwp-simple-counter-2583c8c1dd1479446cbf085c6134c883.yaml @@ -0,0 +1,58 @@ +id: abwp-simple-counter-2583c8c1dd1479446cbf085c6134c883 + +info: + name: > + Simple Counter <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb4eb28a-3dd5-4d8d-bef0-53cee7285180?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/abwp-simple-counter/" + google-query: inurl:"/wp-content/plugins/abwp-simple-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,abwp-simple-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/abwp-simple-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "abwp-simple-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/academy-2f3fe53a50f6ba1e34fffa48d4d3ffac.yaml b/nuclei-templates/cve-less/plugins/academy-2f3fe53a50f6ba1e34fffa48d4d3ffac.yaml new file mode 100644 index 0000000000..b8215e5977 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/academy-2f3fe53a50f6ba1e34fffa48d4d3ffac.yaml @@ -0,0 +1,58 @@ +id: academy-2f3fe53a50f6ba1e34fffa48d4d3ffac + +info: + name: > + Academy LMS <= 1.9.16 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/248750b0-0fed-4c31-aeeb-709da3e7e2a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/academy/" + google-query: inurl:"/wp-content/plugins/academy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,academy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/academy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "academy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/academy-74f803f6a35ab9fee5ff5f4a7905da8e.yaml b/nuclei-templates/cve-less/plugins/academy-74f803f6a35ab9fee5ff5f4a7905da8e.yaml new file mode 100644 index 0000000000..f19ddb49c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/academy-74f803f6a35ab9fee5ff5f4a7905da8e.yaml @@ -0,0 +1,58 @@ +id: academy-74f803f6a35ab9fee5ff5f4a7905da8e + +info: + name: > + Academy LMS <= 1.9.16 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ceb08ca9-e512-4a97-b323-cd9447b8bcac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/academy/" + google-query: inurl:"/wp-content/plugins/academy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,academy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/academy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "academy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/academy-9f9b469ed3c99cc2601f251ee6ef9e63.yaml b/nuclei-templates/cve-less/plugins/academy-9f9b469ed3c99cc2601f251ee6ef9e63.yaml new file mode 100644 index 0000000000..8f9911932e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/academy-9f9b469ed3c99cc2601f251ee6ef9e63.yaml @@ -0,0 +1,58 @@ +id: academy-9f9b469ed3c99cc2601f251ee6ef9e63 + +info: + name: > + Academy LMS – eLearning and online course solution for WordPress <= 1.9.19 - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/academy/" + google-query: inurl:"/wp-content/plugins/academy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,academy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/academy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "academy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-2f9298ab3f6a9cf7ac470aa68de57def.yaml b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-2f9298ab3f6a9cf7ac470aa68de57def.yaml new file mode 100644 index 0000000000..f34e82c3d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-2f9298ab3f6a9cf7ac470aa68de57def.yaml @@ -0,0 +1,58 @@ +id: accelerated-mobile-pages-2f9298ab3f6a9cf7ac470aa68de57def + +info: + name: > + AMP for WP <= 1.0.93.1 - Authenticated(Contributor+) Arbitrary Post Deletion via amppb_remove_saved_layout_data + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb70e82-355b-48f3-92d0-19659ed2550e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accelerated-mobile-pages/" + google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accelerated-mobile-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.93.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-779279c30a67e49a16a563a554fb708b.yaml b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-779279c30a67e49a16a563a554fb708b.yaml new file mode 100644 index 0000000000..26b4067e87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-779279c30a67e49a16a563a554fb708b.yaml @@ -0,0 +1,58 @@ +id: accelerated-mobile-pages-779279c30a67e49a16a563a554fb708b + +info: + name: > + Accelerated Mobile Pages <= 1.0.88.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/983e8ec0-fec4-4420-8ef6-6bf43881f5f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accelerated-mobile-pages/" + google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accelerated-mobile-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.88.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-8f9fba5d47d60ee8f1aec9a71b4f7e8a.yaml b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-8f9fba5d47d60ee8f1aec9a71b4f7e8a.yaml new file mode 100644 index 0000000000..c1f995ae0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-8f9fba5d47d60ee8f1aec9a71b4f7e8a.yaml @@ -0,0 +1,58 @@ +id: accelerated-mobile-pages-8f9fba5d47d60ee8f1aec9a71b4f7e8a + +info: + name: > + AMP for WP <= 0.9.97.20 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64a833df-1cb8-40a1-9a8f-c53dcf50c877?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accelerated-mobile-pages/" + google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accelerated-mobile-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.97.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-adc8f09209828ecd25d3a9013f76dba0.yaml b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-adc8f09209828ecd25d3a9013f76dba0.yaml new file mode 100644 index 0000000000..29cda1fe42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-adc8f09209828ecd25d3a9013f76dba0.yaml @@ -0,0 +1,58 @@ +id: accelerated-mobile-pages-adc8f09209828ecd25d3a9013f76dba0 + +info: + name: > + Accelerated Mobile Pages <= 1.0.92.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85ca96a6-7992-424b-8b88-9a0751925223?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accelerated-mobile-pages/" + google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accelerated-mobile-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.92.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-c05da70d5ed77ea30636d59ab804aaa2.yaml b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-c05da70d5ed77ea30636d59ab804aaa2.yaml new file mode 100644 index 0000000000..6cb8edf878 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-c05da70d5ed77ea30636d59ab804aaa2.yaml @@ -0,0 +1,58 @@ +id: accelerated-mobile-pages-c05da70d5ed77ea30636d59ab804aaa2 + +info: + name: > + AMP for WP – Accelerated Mobile Pages <= 1.0.77.31 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/095bee95-d3a7-4203-96eb-90f1f0eab84f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accelerated-mobile-pages/" + google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accelerated-mobile-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.77.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-c7b7a15003ffbb80a100eb159e64a8bf.yaml b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-c7b7a15003ffbb80a100eb159e64a8bf.yaml new file mode 100644 index 0000000000..a4a8d61d90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-c7b7a15003ffbb80a100eb159e64a8bf.yaml @@ -0,0 +1,58 @@ +id: accelerated-mobile-pages-c7b7a15003ffbb80a100eb159e64a8bf + +info: + name: > + AMP for WP <= 1.0.77.32 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc6f017d-b0ba-494d-9ad1-8b6cdca48fb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accelerated-mobile-pages/" + google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accelerated-mobile-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.77.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-d0f1f9dc5f8553a777fe29b0dbac4733.yaml b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-d0f1f9dc5f8553a777fe29b0dbac4733.yaml new file mode 100644 index 0000000000..00fb90f9fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accelerated-mobile-pages-d0f1f9dc5f8553a777fe29b0dbac4733.yaml @@ -0,0 +1,58 @@ +id: accelerated-mobile-pages-d0f1f9dc5f8553a777fe29b0dbac4733 + +info: + name: > + AMP for WP – Accelerated Mobile Pages <= 1.0.92 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1cae64e-caed-43c0-9a75-9aa4234946a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accelerated-mobile-pages/" + google-query: inurl:"/wp-content/plugins/accelerated-mobile-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accelerated-mobile-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accelerated-mobile-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.92') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/access-category-password-ba769ee3b56a07d054d82d24eca8d984.yaml b/nuclei-templates/cve-less/plugins/access-category-password-ba769ee3b56a07d054d82d24eca8d984.yaml new file mode 100644 index 0000000000..ef701e1c3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/access-category-password-ba769ee3b56a07d054d82d24eca8d984.yaml @@ -0,0 +1,58 @@ +id: access-category-password-ba769ee3b56a07d054d82d24eca8d984 + +info: + name: > + Access Category Password <= 1.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0b369b4-b107-4207-8d5a-4551a2adf437?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/access-category-password/" + google-query: inurl:"/wp-content/plugins/access-category-password/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,access-category-password,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/access-category-password/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "access-category-password" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/access-code-feeder-5321d52c0d483f1a186be60c117d7779.yaml b/nuclei-templates/cve-less/plugins/access-code-feeder-5321d52c0d483f1a186be60c117d7779.yaml new file mode 100644 index 0000000000..21c06f5eca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/access-code-feeder-5321d52c0d483f1a186be60c117d7779.yaml @@ -0,0 +1,58 @@ +id: access-code-feeder-5321d52c0d483f1a186be60c117d7779 + +info: + name: > + Access Code Feeder <= 1.0.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a8127e5-b5e6-4545-9e38-f3fa9daabcf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/access-code-feeder/" + google-query: inurl:"/wp-content/plugins/access-code-feeder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,access-code-feeder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/access-code-feeder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "access-code-feeder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/access-demo-importer-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/plugins/access-demo-importer-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..444d0a9ef9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/access-demo-importer-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: access-demo-importer-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/access-demo-importer/" + google-query: inurl:"/wp-content/plugins/access-demo-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,access-demo-importer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/access-demo-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "access-demo-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/access-demo-importer-87857021bf0d6b4f9e9f9a7926fd73da.yaml b/nuclei-templates/cve-less/plugins/access-demo-importer-87857021bf0d6b4f9e9f9a7926fd73da.yaml new file mode 100644 index 0000000000..3f2e102cdb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/access-demo-importer-87857021bf0d6b4f9e9f9a7926fd73da.yaml @@ -0,0 +1,58 @@ +id: access-demo-importer-87857021bf0d6b4f9e9f9a7926fd73da + +info: + name: > + Access Demo Importer <= 1.0.7 - Cross-Site Request Forgery to Data Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f994141-f361-4a0e-99dc-1e1951e1e76e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/access-demo-importer/" + google-query: inurl:"/wp-content/plugins/access-demo-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,access-demo-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/access-demo-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "access-demo-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/access-demo-importer-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/plugins/access-demo-importer-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..bb4edfcbbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/access-demo-importer-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: access-demo-importer-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/access-demo-importer/" + google-query: inurl:"/wp-content/plugins/access-demo-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,access-demo-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/access-demo-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "access-demo-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accessally-dbc81bf016cd5e5e4c2433dc1422c4ba.yaml b/nuclei-templates/cve-less/plugins/accessally-dbc81bf016cd5e5e4c2433dc1422c4ba.yaml new file mode 100644 index 0000000000..5583c98419 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accessally-dbc81bf016cd5e5e4c2433dc1422c4ba.yaml @@ -0,0 +1,58 @@ +id: accessally-dbc81bf016cd5e5e4c2433dc1422c4ba + +info: + name: > + AccessAlly <= 3.5.6 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4ce6cb2-a02a-4b4c-8887-22ee6115509f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accessally/" + google-query: inurl:"/wp-content/plugins/accessally/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accessally,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accessally/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accessally" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accessibility-2d14f404d420f837153fea14d49aa1f8.yaml b/nuclei-templates/cve-less/plugins/accessibility-2d14f404d420f837153fea14d49aa1f8.yaml new file mode 100644 index 0000000000..8da8841398 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accessibility-2d14f404d420f837153fea14d49aa1f8.yaml @@ -0,0 +1,58 @@ +id: accessibility-2d14f404d420f837153fea14d49aa1f8 + +info: + name: > + Accessibility <= 1.0.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/432effd4-5c94-4ef9-bc19-b4eacd082264?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accessibility/" + google-query: inurl:"/wp-content/plugins/accessibility/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accessibility,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accessibility/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accessibility" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accessibility-7dc4797d3de860817ed6ac2d09e72ea4.yaml b/nuclei-templates/cve-less/plugins/accessibility-7dc4797d3de860817ed6ac2d09e72ea4.yaml new file mode 100644 index 0000000000..5071995442 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accessibility-7dc4797d3de860817ed6ac2d09e72ea4.yaml @@ -0,0 +1,58 @@ +id: accessibility-7dc4797d3de860817ed6ac2d09e72ea4 + +info: + name: > + Accessibility <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0de0e5d5-7023-4026-ad82-3c2443569326?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accessibility/" + google-query: inurl:"/wp-content/plugins/accessibility/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accessibility,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accessibility/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accessibility" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accessibility-help-button-a26164aedf80b474ee438ebcd8be6953.yaml b/nuclei-templates/cve-less/plugins/accessibility-help-button-a26164aedf80b474ee438ebcd8be6953.yaml new file mode 100644 index 0000000000..554f3bed7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accessibility-help-button-a26164aedf80b474ee438ebcd8be6953.yaml @@ -0,0 +1,58 @@ +id: accessibility-help-button-a26164aedf80b474ee438ebcd8be6953 + +info: + name: > + Call Now Accessibility Button <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04df6505-46c1-4e66-a363-4ccebacb5e42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accessibility-help-button/" + google-query: inurl:"/wp-content/plugins/accessibility-help-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accessibility-help-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accessibility-help-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accessibility-help-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accessibility-widget-7e7c2d3094ebf66ce262024cc34ea145.yaml b/nuclei-templates/cve-less/plugins/accessibility-widget-7e7c2d3094ebf66ce262024cc34ea145.yaml new file mode 100644 index 0000000000..825d8e19b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accessibility-widget-7e7c2d3094ebf66ce262024cc34ea145.yaml @@ -0,0 +1,58 @@ +id: accessibility-widget-7e7c2d3094ebf66ce262024cc34ea145 + +info: + name: > + Accessibility Widget <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b805b1d1-7f3f-4bd8-9f88-eced0b2556f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accessibility-widget/" + google-query: inurl:"/wp-content/plugins/accessibility-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accessibility-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accessibility-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accessibility-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accesspress-anonymous-post-0259b7e0abb7a82246638a669050bc8a.yaml b/nuclei-templates/cve-less/plugins/accesspress-anonymous-post-0259b7e0abb7a82246638a669050bc8a.yaml new file mode 100644 index 0000000000..1dcd01331c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accesspress-anonymous-post-0259b7e0abb7a82246638a669050bc8a.yaml @@ -0,0 +1,58 @@ +id: accesspress-anonymous-post-0259b7e0abb7a82246638a669050bc8a + +info: + name: > + AccessPress Anonymous Post <= 2.8.4 - Authenticated (Contributor+) Arbitrary Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc727156-28dc-4b0a-b777-52a1bbc72f79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accesspress-anonymous-post/" + google-query: inurl:"/wp-content/plugins/accesspress-anonymous-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accesspress-anonymous-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accesspress-anonymous-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-anonymous-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accesspress-anonymous-post-ba2dfbd8bd85affc67a7972c0b9842d4.yaml b/nuclei-templates/cve-less/plugins/accesspress-anonymous-post-ba2dfbd8bd85affc67a7972c0b9842d4.yaml new file mode 100644 index 0000000000..8a3370d26c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accesspress-anonymous-post-ba2dfbd8bd85affc67a7972c0b9842d4.yaml @@ -0,0 +1,58 @@ +id: accesspress-anonymous-post-ba2dfbd8bd85affc67a7972c0b9842d4 + +info: + name: > + AccessPress Anonymous Post = 2.8.0 - Backdoored + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/415ace14-1687-4003-b385-a21a5d5e16a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accesspress-anonymous-post/" + google-query: inurl:"/wp-content/plugins/accesspress-anonymous-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accesspress-anonymous-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accesspress-anonymous-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-anonymous-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accesspress-anonymous-post-pro-2e117974c1e793e439ba4ca717328fe2.yaml b/nuclei-templates/cve-less/plugins/accesspress-anonymous-post-pro-2e117974c1e793e439ba4ca717328fe2.yaml new file mode 100644 index 0000000000..680eda61fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accesspress-anonymous-post-pro-2e117974c1e793e439ba4ca717328fe2.yaml @@ -0,0 +1,58 @@ +id: accesspress-anonymous-post-pro-2e117974c1e793e439ba4ca717328fe2 + +info: + name: > + AccessPress Anonymous Post Pro <= 3.1.9 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9758a59c-4370-4b26-b32a-004565f28d76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accesspress-anonymous-post-pro/" + google-query: inurl:"/wp-content/plugins/accesspress-anonymous-post-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accesspress-anonymous-post-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accesspress-anonymous-post-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-anonymous-post-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accesspress-facebook-auto-post-8c06a8350a61d118d6e045c1630ddff6.yaml b/nuclei-templates/cve-less/plugins/accesspress-facebook-auto-post-8c06a8350a61d118d6e045c1630ddff6.yaml new file mode 100644 index 0000000000..20a8ce8c7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accesspress-facebook-auto-post-8c06a8350a61d118d6e045c1630ddff6.yaml @@ -0,0 +1,58 @@ +id: accesspress-facebook-auto-post-8c06a8350a61d118d6e045c1630ddff6 + +info: + name: > + Social Auto Poster <= 2.1.4 - Cross-Site Request Forgery to Plugin Settings Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06daef36-0873-444f-88eb-3ede68f3afdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accesspress-facebook-auto-post/" + google-query: inurl:"/wp-content/plugins/accesspress-facebook-auto-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accesspress-facebook-auto-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accesspress-facebook-auto-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-facebook-auto-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accesspress-social-icons-3129a6f1429e82e60a76e088cdf26794.yaml b/nuclei-templates/cve-less/plugins/accesspress-social-icons-3129a6f1429e82e60a76e088cdf26794.yaml new file mode 100644 index 0000000000..c243163482 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accesspress-social-icons-3129a6f1429e82e60a76e088cdf26794.yaml @@ -0,0 +1,58 @@ +id: accesspress-social-icons-3129a6f1429e82e60a76e088cdf26794 + +info: + name: > + AccessPress Social Icons <= 1.8.0 - Author+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f082ff4a-2adb-461e-875a-b3701cfea074?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accesspress-social-icons/" + google-query: inurl:"/wp-content/plugins/accesspress-social-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accesspress-social-icons,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accesspress-social-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-social-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accesspress-twitter-feed-543905e5a70999b20f996a2b4d8c92c1.yaml b/nuclei-templates/cve-less/plugins/accesspress-twitter-feed-543905e5a70999b20f996a2b4d8c92c1.yaml new file mode 100644 index 0000000000..a87f907113 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accesspress-twitter-feed-543905e5a70999b20f996a2b4d8c92c1.yaml @@ -0,0 +1,58 @@ +id: accesspress-twitter-feed-543905e5a70999b20f996a2b4d8c92c1 + +info: + name: > + WP TFeed <= 1.6.9 - Cross-Site Request Forgery via aptf_delete_cache + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73986641-b3a4-438d-90ae-6ff0f6f73f01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accesspress-twitter-feed/" + google-query: inurl:"/wp-content/plugins/accesspress-twitter-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accesspress-twitter-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accesspress-twitter-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-twitter-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accommodation-system-e2e327ed0c82906cdc72ee6a3da6e38d.yaml b/nuclei-templates/cve-less/plugins/accommodation-system-e2e327ed0c82906cdc72ee6a3da6e38d.yaml new file mode 100644 index 0000000000..f9d9e31f8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accommodation-system-e2e327ed0c82906cdc72ee6a3da6e38d.yaml @@ -0,0 +1,58 @@ +id: accommodation-system-e2e327ed0c82906cdc72ee6a3da6e38d + +info: + name: > + Accommodation System <= 1.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8206d00c-7eb1-4ef2-b3d3-be78d39036db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accommodation-system/" + google-query: inurl:"/wp-content/plugins/accommodation-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accommodation-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accommodation-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accommodation-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordion-and-accordion-slider-124a6a229ba4bdf103aa1881e7bf0b04.yaml b/nuclei-templates/cve-less/plugins/accordion-and-accordion-slider-124a6a229ba4bdf103aa1881e7bf0b04.yaml new file mode 100644 index 0000000000..1946aeb9a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordion-and-accordion-slider-124a6a229ba4bdf103aa1881e7bf0b04.yaml @@ -0,0 +1,58 @@ +id: accordion-and-accordion-slider-124a6a229ba4bdf103aa1881e7bf0b04 + +info: + name: > + Accordion and Accordion Slider <= 1.2.4 - Missing Authorization via 'wp_aas_get_attachment_edit_form' and 'wp_aas_save_attachment_data' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c956651-4f5e-4e2d-a0f2-b02d4f25bd68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordion-and-accordion-slider/" + google-query: inurl:"/wp-content/plugins/accordion-and-accordion-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordion-and-accordion-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordion-and-accordion-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordion-and-accordion-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordion-and-accordion-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/accordion-and-accordion-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..fa9d13d717 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordion-and-accordion-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: accordion-and-accordion-slider-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordion-and-accordion-slider/" + google-query: inurl:"/wp-content/plugins/accordion-and-accordion-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordion-and-accordion-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordion-and-accordion-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordion-and-accordion-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordion-shortcodes-3091ac7532eaab098f714acca62716d7.yaml b/nuclei-templates/cve-less/plugins/accordion-shortcodes-3091ac7532eaab098f714acca62716d7.yaml new file mode 100644 index 0000000000..8d148dbd9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordion-shortcodes-3091ac7532eaab098f714acca62716d7.yaml @@ -0,0 +1,58 @@ +id: accordion-shortcodes-3091ac7532eaab098f714acca62716d7 + +info: + name: > + Accordion Shortcodes <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c84075b-4685-4706-91d0-05ce6cd276ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordion-shortcodes/" + google-query: inurl:"/wp-content/plugins/accordion-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordion-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordion-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordion-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordion-slider-9ea3c82ee3ff18eecbc44a826a19457f.yaml b/nuclei-templates/cve-less/plugins/accordion-slider-9ea3c82ee3ff18eecbc44a826a19457f.yaml new file mode 100644 index 0000000000..004c2ab163 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordion-slider-9ea3c82ee3ff18eecbc44a826a19457f.yaml @@ -0,0 +1,58 @@ +id: accordion-slider-9ea3c82ee3ff18eecbc44a826a19457f + +info: + name: > + Accordion Slider <= 1.9.6 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3dc69bba-39e0-46bd-8cdb-7cf1f7d36282?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordion-slider/" + google-query: inurl:"/wp-content/plugins/accordion-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordion-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordion-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordion-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-0a2080d70a92fba8a8847abac6eea304.yaml b/nuclei-templates/cve-less/plugins/accordions-0a2080d70a92fba8a8847abac6eea304.yaml new file mode 100644 index 0000000000..226b9b461f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-0a2080d70a92fba8a8847abac6eea304.yaml @@ -0,0 +1,58 @@ +id: accordions-0a2080d70a92fba8a8847abac6eea304 + +info: + name: > + Accordion <= 2.2.96 - Missing Authorization to Authenticated(Contributor+) Post Duplication + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7e7c70-4d07-4550-9cf8-5135b87b67ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions/" + google-query: inurl:"/wp-content/plugins/accordions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-1948bb7537e0374279551e8dbc2dad83.yaml b/nuclei-templates/cve-less/plugins/accordions-1948bb7537e0374279551e8dbc2dad83.yaml new file mode 100644 index 0000000000..1bd557ffbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-1948bb7537e0374279551e8dbc2dad83.yaml @@ -0,0 +1,58 @@ +id: accordions-1948bb7537e0374279551e8dbc2dad83 + +info: + name: > + Accordion <= 2.2.8 - Unprotected AJAX Action to Stored/Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26d504fe-38f6-4b50-ae07-c50e35fcb9e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions/" + google-query: inurl:"/wp-content/plugins/accordions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-375db66af2081253ff533757f9dca92a.yaml b/nuclei-templates/cve-less/plugins/accordions-375db66af2081253ff533757f9dca92a.yaml new file mode 100644 index 0000000000..4f30a29af3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-375db66af2081253ff533757f9dca92a.yaml @@ -0,0 +1,58 @@ +id: accordions-375db66af2081253ff533757f9dca92a + +info: + name: > + Accordion <= 2.2.29 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57051491-a56b-4a3a-9383-ba63585550be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions/" + google-query: inurl:"/wp-content/plugins/accordions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-or-faqs-1b12a289a671c54e3c29dcf0a118316b.yaml b/nuclei-templates/cve-less/plugins/accordions-or-faqs-1b12a289a671c54e3c29dcf0a118316b.yaml new file mode 100644 index 0000000000..c813067075 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-or-faqs-1b12a289a671c54e3c29dcf0a118316b.yaml @@ -0,0 +1,58 @@ +id: accordions-or-faqs-1b12a289a671c54e3c29dcf0a118316b + +info: + name: > + Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'rawdata' parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0933ea77-2de0-4cd5-a589-a4c1d474f119?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-or-faqs/" + google-query: inurl:"/wp-content/plugins/accordions-or-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-or-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-or-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-or-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-or-faqs-3b610f84d98a5bc8d0e6aaa3b08f5054.yaml b/nuclei-templates/cve-less/plugins/accordions-or-faqs-3b610f84d98a5bc8d0e6aaa3b08f5054.yaml new file mode 100644 index 0000000000..087acfeef6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-or-faqs-3b610f84d98a5bc8d0e6aaa3b08f5054.yaml @@ -0,0 +1,58 @@ +id: accordions-or-faqs-3b610f84d98a5bc8d0e6aaa3b08f5054 + +info: + name: > + Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting in post_oxi_settings function + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a90c51d9-c89a-4164-a732-89434a6e0b8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-or-faqs/" + google-query: inurl:"/wp-content/plugins/accordions-or-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-or-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-or-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-or-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-or-faqs-4032a78ffdb0269b83ac44db0e50cdc3.yaml b/nuclei-templates/cve-less/plugins/accordions-or-faqs-4032a78ffdb0269b83ac44db0e50cdc3.yaml new file mode 100644 index 0000000000..c494d11e56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-or-faqs-4032a78ffdb0269b83ac44db0e50cdc3.yaml @@ -0,0 +1,58 @@ +id: accordions-or-faqs-4032a78ffdb0269b83ac44db0e50cdc3 + +info: + name: > + Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'notice' parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e806895-40c9-44f5-97f8-becfa52c2559?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-or-faqs/" + google-query: inurl:"/wp-content/plugins/accordions-or-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-or-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-or-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-or-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-or-faqs-49cb459f51b461767e5a15017db69d79.yaml b/nuclei-templates/cve-less/plugins/accordions-or-faqs-49cb459f51b461767e5a15017db69d79.yaml new file mode 100644 index 0000000000..47512a57ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-or-faqs-49cb459f51b461767e5a15017db69d79.yaml @@ -0,0 +1,58 @@ +id: accordions-or-faqs-49cb459f51b461767e5a15017db69d79 + +info: + name: > + Accordions – Multiple Accordions or FAQs Builder <= 2.0.2 - Unauthenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7a6dee6-b3ff-4325-a356-4a65ab7a0ce5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-or-faqs/" + google-query: inurl:"/wp-content/plugins/accordions-or-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-or-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-or-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-or-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-or-faqs-4ef1f0520c09d9782f1be91688816f9a.yaml b/nuclei-templates/cve-less/plugins/accordions-or-faqs-4ef1f0520c09d9782f1be91688816f9a.yaml new file mode 100644 index 0000000000..ee22586b4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-or-faqs-4ef1f0520c09d9782f1be91688816f9a.yaml @@ -0,0 +1,58 @@ +id: accordions-or-faqs-4ef1f0520c09d9782f1be91688816f9a + +info: + name: > + Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2294565a-987e-4837-ab22-6e7bff498044?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-or-faqs/" + google-query: inurl:"/wp-content/plugins/accordions-or-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-or-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-or-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-or-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-or-faqs-4f4db8cd21765548f8ac243b07d65419.yaml b/nuclei-templates/cve-less/plugins/accordions-or-faqs-4f4db8cd21765548f8ac243b07d65419.yaml new file mode 100644 index 0000000000..24f03744bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-or-faqs-4f4db8cd21765548f8ac243b07d65419.yaml @@ -0,0 +1,58 @@ +id: accordions-or-faqs-4f4db8cd21765548f8ac243b07d65419 + +info: + name: > + Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee213b2c-b59d-4563-98d1-a26b1e8e13a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-or-faqs/" + google-query: inurl:"/wp-content/plugins/accordions-or-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-or-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-or-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-or-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-or-faqs-6e7fd75d5000c1a779cde51d0f7b0d94.yaml b/nuclei-templates/cve-less/plugins/accordions-or-faqs-6e7fd75d5000c1a779cde51d0f7b0d94.yaml new file mode 100644 index 0000000000..dcde39ca3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-or-faqs-6e7fd75d5000c1a779cde51d0f7b0d94.yaml @@ -0,0 +1,58 @@ +id: accordions-or-faqs-6e7fd75d5000c1a779cde51d0f7b0d94 + +info: + name: > + Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'layouts' parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/128f0e5e-96c7-474e-bfc9-ea18536b4a54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-or-faqs/" + google-query: inurl:"/wp-content/plugins/accordions-or-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-or-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-or-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-or-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-or-faqs-73da8bcc97724050406ff5bdd6471c84.yaml b/nuclei-templates/cve-less/plugins/accordions-or-faqs-73da8bcc97724050406ff5bdd6471c84.yaml new file mode 100644 index 0000000000..64fbe678b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-or-faqs-73da8bcc97724050406ff5bdd6471c84.yaml @@ -0,0 +1,58 @@ +id: accordions-or-faqs-73da8bcc97724050406ff5bdd6471c84 + +info: + name: > + Accordions <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Several Parameters + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/401eeb23-bf43-49a8-9c39-4fcd0db57cd3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-or-faqs/" + google-query: inurl:"/wp-content/plugins/accordions-or-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-or-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-or-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-or-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-or-faqs-805e4862296df1b32dd279bbfd5412a7.yaml b/nuclei-templates/cve-less/plugins/accordions-or-faqs-805e4862296df1b32dd279bbfd5412a7.yaml new file mode 100644 index 0000000000..5533b19625 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-or-faqs-805e4862296df1b32dd279bbfd5412a7.yaml @@ -0,0 +1,58 @@ +id: accordions-or-faqs-805e4862296df1b32dd279bbfd5412a7 + +info: + name: > + Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'pages' parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee5737b3-de32-4b5c-a9df-7909ad32ec93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-or-faqs/" + google-query: inurl:"/wp-content/plugins/accordions-or-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-or-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-or-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-or-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-or-faqs-ce7addd0eabe078cf96d1fb6e8d32578.yaml b/nuclei-templates/cve-less/plugins/accordions-or-faqs-ce7addd0eabe078cf96d1fb6e8d32578.yaml new file mode 100644 index 0000000000..278bf04d57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-or-faqs-ce7addd0eabe078cf96d1fb6e8d32578.yaml @@ -0,0 +1,58 @@ +id: accordions-or-faqs-ce7addd0eabe078cf96d1fb6e8d32578 + +info: + name: > + Accordions – Multiple Accordions or FAQs Builder <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting via 'license' parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9478d3e-d2f9-458b-a6ca-3baef21db60e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-or-faqs/" + google-query: inurl:"/wp-content/plugins/accordions-or-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-or-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-or-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-or-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-wp-5600898416ea4451dceafd9acde6424d.yaml b/nuclei-templates/cve-less/plugins/accordions-wp-5600898416ea4451dceafd9acde6424d.yaml new file mode 100644 index 0000000000..c533391e1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-wp-5600898416ea4451dceafd9acde6424d.yaml @@ -0,0 +1,58 @@ +id: accordions-wp-5600898416ea4451dceafd9acde6424d + +info: + name: > + Accordion <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8ada876-4a8b-494f-9132-d88a71b42c44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-wp/" + google-query: inurl:"/wp-content/plugins/accordions-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accordions-wp-cdf9a047d5c0c62c170cfb4f220b5807.yaml b/nuclei-templates/cve-less/plugins/accordions-wp-cdf9a047d5c0c62c170cfb4f220b5807.yaml new file mode 100644 index 0000000000..8e91d920af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accordions-wp-cdf9a047d5c0c62c170cfb4f220b5807.yaml @@ -0,0 +1,58 @@ +id: accordions-wp-cdf9a047d5c0c62c170cfb4f220b5807 + +info: + name: > + Accordion <= 2.6 - Authenticated (Editor+) Stored Cross-Site Scripting via accordion settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff656409-2344-4190-a731-5a282e21375c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accordions-wp/" + google-query: inurl:"/wp-content/plugins/accordions-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accordions-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accordions-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accordions-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/account-manager-woocommerce-b870ae481ac77b6b40f8ab9a7e8f35ed.yaml b/nuclei-templates/cve-less/plugins/account-manager-woocommerce-b870ae481ac77b6b40f8ab9a7e8f35ed.yaml new file mode 100644 index 0000000000..04ea5c6c2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/account-manager-woocommerce-b870ae481ac77b6b40f8ab9a7e8f35ed.yaml @@ -0,0 +1,58 @@ +id: account-manager-woocommerce-b870ae481ac77b6b40f8ab9a7e8f35ed + +info: + name: > + Account Manager for WooCommerce <= 2.1.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/667547a9-0dc5-4810-aba9-025f0c222d24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/account-manager-woocommerce/" + google-query: inurl:"/wp-content/plugins/account-manager-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,account-manager-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/account-manager-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "account-manager-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accredible-certificates-35886a1535b89d1815cbc273329902f1.yaml b/nuclei-templates/cve-less/plugins/accredible-certificates-35886a1535b89d1815cbc273329902f1.yaml new file mode 100644 index 0000000000..0a26487358 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accredible-certificates-35886a1535b89d1815cbc273329902f1.yaml @@ -0,0 +1,58 @@ +id: accredible-certificates-35886a1535b89d1815cbc273329902f1 + +info: + name: > + Accredible Certificates & Open Badges <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d5ac3df-ddaf-4c78-acd3-baddea42443f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accredible-certificates/" + google-query: inurl:"/wp-content/plugins/accredible-certificates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accredible-certificates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accredible-certificates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accredible-certificates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/accurate-form-data-real-time-form-validation-5c23a6c70aea6e2ef9477919b8442851.yaml b/nuclei-templates/cve-less/plugins/accurate-form-data-real-time-form-validation-5c23a6c70aea6e2ef9477919b8442851.yaml new file mode 100644 index 0000000000..d751d3907d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/accurate-form-data-real-time-form-validation-5c23a6c70aea6e2ef9477919b8442851.yaml @@ -0,0 +1,58 @@ +id: accurate-form-data-real-time-form-validation-5c23a6c70aea6e2ef9477919b8442851 + +info: + name: > + WP Accurate Form Data <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be60b765-3bd6-43dd-8cdc-d9c493a503e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/accurate-form-data-real-time-form-validation/" + google-query: inurl:"/wp-content/plugins/accurate-form-data-real-time-form-validation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,accurate-form-data-real-time-form-validation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/accurate-form-data-real-time-form-validation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accurate-form-data-real-time-form-validation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aceide-66b82cf9b546b0dbf96942572438d94e.yaml b/nuclei-templates/cve-less/plugins/aceide-66b82cf9b546b0dbf96942572438d94e.yaml new file mode 100644 index 0000000000..6cdac8bc10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aceide-66b82cf9b546b0dbf96942572438d94e.yaml @@ -0,0 +1,58 @@ +id: aceide-66b82cf9b546b0dbf96942572438d94e + +info: + name: > + AceIDE <= 2.6.2 - Authenticated (Admin+) Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fd179ab-f2ab-4ce3-851f-d6da3f0243c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aceide/" + google-query: inurl:"/wp-content/plugins/aceide/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aceide,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aceide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aceide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acf-better-search-a4fd26323192935dbbcbf3b0527f2fd4.yaml b/nuclei-templates/cve-less/plugins/acf-better-search-a4fd26323192935dbbcbf3b0527f2fd4.yaml new file mode 100644 index 0000000000..48ecefa953 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acf-better-search-a4fd26323192935dbbcbf3b0527f2fd4.yaml @@ -0,0 +1,58 @@ +id: acf-better-search-a4fd26323192935dbbcbf3b0527f2fd4 + +info: + name: > + ACF Better Search <= 3.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b536563f-b978-4ba6-8a28-d8ee6b87964a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acf-better-search/" + google-query: inurl:"/wp-content/plugins/acf-better-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acf-better-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-better-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-better-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acf-extended-386512462e991dca6695af0141e48ca0.yaml b/nuclei-templates/cve-less/plugins/acf-extended-386512462e991dca6695af0141e48ca0.yaml new file mode 100644 index 0000000000..40909f603c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acf-extended-386512462e991dca6695af0141e48ca0.yaml @@ -0,0 +1,58 @@ +id: acf-extended-386512462e991dca6695af0141e48ca0 + +info: + name: > + Advanced Custom Fields: Extended <= 0.8.8.6 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae9cd51f-e6c8-4aec-a044-376075e9540a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acf-extended/" + google-query: inurl:"/wp-content/plugins/acf-extended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acf-extended,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acf-extended-dea0414e4a9baf8defc1d9528b3ab197.yaml b/nuclei-templates/cve-less/plugins/acf-extended-dea0414e4a9baf8defc1d9528b3ab197.yaml new file mode 100644 index 0000000000..4cb906cc6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acf-extended-dea0414e4a9baf8defc1d9528b3ab197.yaml @@ -0,0 +1,58 @@ +id: acf-extended-dea0414e4a9baf8defc1d9528b3ab197 + +info: + name: > + Advanced Custom Fields: Extended <= 0.8.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcbe0c72-d518-45d3-a220-896a51071b26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acf-extended/" + google-query: inurl:"/wp-content/plugins/acf-extended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acf-extended,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acf-front-end-editor-f830b550290522c771fc5d5f581ec239.yaml b/nuclei-templates/cve-less/plugins/acf-front-end-editor-f830b550290522c771fc5d5f581ec239.yaml new file mode 100644 index 0000000000..3f4283f830 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acf-front-end-editor-f830b550290522c771fc5d5f581ec239.yaml @@ -0,0 +1,58 @@ +id: acf-front-end-editor-f830b550290522c771fc5d5f581ec239 + +info: + name: > + ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e7cbe45-5dd5-4b8f-8504-a52358156838?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acf-front-end-editor/" + google-query: inurl:"/wp-content/plugins/acf-front-end-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acf-front-end-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-front-end-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-front-end-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acf-frontend-display-72069309fe30eff95916a5572e194ede.yaml b/nuclei-templates/cve-less/plugins/acf-frontend-display-72069309fe30eff95916a5572e194ede.yaml new file mode 100644 index 0000000000..ccbc1394d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acf-frontend-display-72069309fe30eff95916a5572e194ede.yaml @@ -0,0 +1,58 @@ +id: acf-frontend-display-72069309fe30eff95916a5572e194ede + +info: + name: > + ACF Frontend Display <= 2.0.6 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/205e0b90-0d84-4b16-b968-8ec7770f0695?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acf-frontend-display/" + google-query: inurl:"/wp-content/plugins/acf-frontend-display/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acf-frontend-display,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-frontend-display/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-frontend-display" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acf-frontend-form-element-358ece292f0da9494f24c3c3237a7bf7.yaml b/nuclei-templates/cve-less/plugins/acf-frontend-form-element-358ece292f0da9494f24c3c3237a7bf7.yaml new file mode 100644 index 0000000000..389b2f622b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acf-frontend-form-element-358ece292f0da9494f24c3c3237a7bf7.yaml @@ -0,0 +1,58 @@ +id: acf-frontend-form-element-358ece292f0da9494f24c3c3237a7bf7 + +info: + name: > + Frontend Admin by DynamiApps Plugin <= 3.18.3 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7815322d-a240-4855-b458-60caa3cec96c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acf-frontend-form-element/" + google-query: inurl:"/wp-content/plugins/acf-frontend-form-element/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acf-frontend-form-element,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-frontend-form-element/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-frontend-form-element" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acf-frontend-form-element-48759f93c52619bbac694a4e94eca96c.yaml b/nuclei-templates/cve-less/plugins/acf-frontend-form-element-48759f93c52619bbac694a4e94eca96c.yaml new file mode 100644 index 0000000000..b151e310b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acf-frontend-form-element-48759f93c52619bbac694a4e94eca96c.yaml @@ -0,0 +1,58 @@ +id: acf-frontend-form-element-48759f93c52619bbac694a4e94eca96c + +info: + name: > + Frontend Admin by DynamiApps <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d22c5d-5ef5-4920-a1b5-e8284394c7e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acf-frontend-form-element/" + google-query: inurl:"/wp-content/plugins/acf-frontend-form-element/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acf-frontend-form-element,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-frontend-form-element/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-frontend-form-element" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.19.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acf-image-crop-add-on-a5f89ffe6e75548da5bcc9b8bd527e66.yaml b/nuclei-templates/cve-less/plugins/acf-image-crop-add-on-a5f89ffe6e75548da5bcc9b8bd527e66.yaml new file mode 100644 index 0000000000..7bdb99d343 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acf-image-crop-add-on-a5f89ffe6e75548da5bcc9b8bd527e66.yaml @@ -0,0 +1,58 @@ +id: acf-image-crop-add-on-a5f89ffe6e75548da5bcc9b8bd527e66 + +info: + name: > + Advanced Custom Fields: Image Crop Add-on <= 1.4.12 - Improper Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27b599af-f1f6-48af-90fe-4fc23b17a4ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acf-image-crop-add-on/" + google-query: inurl:"/wp-content/plugins/acf-image-crop-add-on/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acf-image-crop-add-on,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-image-crop-add-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-image-crop-add-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acf-on-the-go-e066b94b3267fad45f35322be08f0f07.yaml b/nuclei-templates/cve-less/plugins/acf-on-the-go-e066b94b3267fad45f35322be08f0f07.yaml new file mode 100644 index 0000000000..e0176d4900 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acf-on-the-go-e066b94b3267fad45f35322be08f0f07.yaml @@ -0,0 +1,58 @@ +id: acf-on-the-go-e066b94b3267fad45f35322be08f0f07 + +info: + name: > + ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46df438c-abff-4cf3-a732-02e0b3196bac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acf-on-the-go/" + google-query: inurl:"/wp-content/plugins/acf-on-the-go/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acf-on-the-go,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-on-the-go/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-on-the-go" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acf-to-rest-api-1e33553896157651d598bc5cf39ab65c.yaml b/nuclei-templates/cve-less/plugins/acf-to-rest-api-1e33553896157651d598bc5cf39ab65c.yaml new file mode 100644 index 0000000000..40f7685e60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acf-to-rest-api-1e33553896157651d598bc5cf39ab65c.yaml @@ -0,0 +1,58 @@ +id: acf-to-rest-api-1e33553896157651d598bc5cf39ab65c + +info: + name: > + ACF to REST API <= 3.2.0 - Insecure direct object reference via permalinks manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/738e5946-65e4-4403-bb23-f84910289a45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acf-to-rest-api/" + google-query: inurl:"/wp-content/plugins/acf-to-rest-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acf-to-rest-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acf-to-rest-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acf-to-rest-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acme-fix-images-4ba662d6b707785ba4b6d4f4f14b8096.yaml b/nuclei-templates/cve-less/plugins/acme-fix-images-4ba662d6b707785ba4b6d4f4f14b8096.yaml new file mode 100644 index 0000000000..dfc688ad80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acme-fix-images-4ba662d6b707785ba4b6d4f4f14b8096.yaml @@ -0,0 +1,58 @@ +id: acme-fix-images-4ba662d6b707785ba4b6d4f4f14b8096 + +info: + name: > + Acme Fix Images <= 1.0.0 - Missing Authorization via acme_fix_images_ajax_callback + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9047775-2d72-4eb5-9339-419f95aa19b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acme-fix-images/" + google-query: inurl:"/wp-content/plugins/acme-fix-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acme-fix-images,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acme-fix-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acme-fix-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aco-product-labels-for-woocommerce-3ec6520097de3a68210e828e99c83fad.yaml b/nuclei-templates/cve-less/plugins/aco-product-labels-for-woocommerce-3ec6520097de3a68210e828e99c83fad.yaml new file mode 100644 index 0000000000..a99f245eba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aco-product-labels-for-woocommerce-3ec6520097de3a68210e828e99c83fad.yaml @@ -0,0 +1,58 @@ +id: aco-product-labels-for-woocommerce-3ec6520097de3a68210e828e99c83fad + +info: + name: > + Product Labels For Woocommerce <= 1.5.3 - Authenticated (Shop manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24226595-6ae7-44c2-a159-5b69808273fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aco-product-labels-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/aco-product-labels-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aco-product-labels-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aco-product-labels-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aco-product-labels-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acobot-0f23eed689a75af60a6352d8c9b0e5a6.yaml b/nuclei-templates/cve-less/plugins/acobot-0f23eed689a75af60a6352d8c9b0e5a6.yaml new file mode 100644 index 0000000000..68518f0e51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acobot-0f23eed689a75af60a6352d8c9b0e5a6.yaml @@ -0,0 +1,58 @@ +id: acobot-0f23eed689a75af60a6352d8c9b0e5a6 + +info: + name: > + Acobot Live Chat & Contact Form <= 2.0 - Cross-Site Request Forgery and Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c77f6fff-8456-4979-90c3-52078ee12264?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acobot/" + google-query: inurl:"/wp-content/plugins/acobot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acobot,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acobot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acobot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activecampaign-for-woocommerce-511e748ac6289331b63ef5c4ea73256a.yaml b/nuclei-templates/cve-less/plugins/activecampaign-for-woocommerce-511e748ac6289331b63ef5c4ea73256a.yaml new file mode 100644 index 0000000000..f0d653b0ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activecampaign-for-woocommerce-511e748ac6289331b63ef5c4ea73256a.yaml @@ -0,0 +1,58 @@ +id: activecampaign-for-woocommerce-511e748ac6289331b63ef5c4ea73256a + +info: + name: > + ActiveCampaign for WooCommerce <= 1.9.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0299b95-abbf-43c4-81d0-7c383d92cffe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activecampaign-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/activecampaign-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activecampaign-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activecampaign-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activecampaign-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activecampaign-for-woocommerce-e8ed3a408ffed7b696f1556afff0400c.yaml b/nuclei-templates/cve-less/plugins/activecampaign-for-woocommerce-e8ed3a408ffed7b696f1556afff0400c.yaml new file mode 100644 index 0000000000..2bbaf5cbc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activecampaign-for-woocommerce-e8ed3a408ffed7b696f1556afff0400c.yaml @@ -0,0 +1,58 @@ +id: activecampaign-for-woocommerce-e8ed3a408ffed7b696f1556afff0400c + +info: + name: > + ActiveCampaign for WooCommerce <= 1.9.6 - Missing Authorization to Error Log Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09aa2a44-8665-4f70-97a5-2e869c4610a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activecampaign-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/activecampaign-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activecampaign-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activecampaign-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activecampaign-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activecampaign-subscription-forms-0bd5595821e6e021ded7947ef04d5401.yaml b/nuclei-templates/cve-less/plugins/activecampaign-subscription-forms-0bd5595821e6e021ded7947ef04d5401.yaml new file mode 100644 index 0000000000..57a0aad9ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activecampaign-subscription-forms-0bd5595821e6e021ded7947ef04d5401.yaml @@ -0,0 +1,58 @@ +id: activecampaign-subscription-forms-0bd5595821e6e021ded7947ef04d5401 + +info: + name: > + ActiveCampaign – Forms, Site Tracking, Live Chat <= 8.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47e25cfa-fedf-413a-bfe7-18a1de429bc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activecampaign-subscription-forms/" + google-query: inurl:"/wp-content/plugins/activecampaign-subscription-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activecampaign-subscription-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activecampaign-subscription-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activecampaign-subscription-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activecampaign-subscription-forms-7126916cd15b71eb21f56467461f8ab1.yaml b/nuclei-templates/cve-less/plugins/activecampaign-subscription-forms-7126916cd15b71eb21f56467461f8ab1.yaml new file mode 100644 index 0000000000..843c562718 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activecampaign-subscription-forms-7126916cd15b71eb21f56467461f8ab1.yaml @@ -0,0 +1,58 @@ +id: activecampaign-subscription-forms-7126916cd15b71eb21f56467461f8ab1 + +info: + name: > + ActiveCampaign < 8.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/decba9c0-36ee-4f97-9cc8-b56039233d10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activecampaign-subscription-forms/" + google-query: inurl:"/wp-content/plugins/activecampaign-subscription-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activecampaign-subscription-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activecampaign-subscription-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activecampaign-subscription-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activecampaign-subscription-forms-910b5f5663169fdea4f0325e6cf734a0.yaml b/nuclei-templates/cve-less/plugins/activecampaign-subscription-forms-910b5f5663169fdea4f0325e6cf734a0.yaml new file mode 100644 index 0000000000..cd50d662cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activecampaign-subscription-forms-910b5f5663169fdea4f0325e6cf734a0.yaml @@ -0,0 +1,58 @@ +id: activecampaign-subscription-forms-910b5f5663169fdea4f0325e6cf734a0 + +info: + name: > + ActiveCampaign <= 8.1.14 - Authenticated (Administrator+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3232aaa-189d-42cd-8eec-c167c6aa65f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activecampaign-subscription-forms/" + google-query: inurl:"/wp-content/plugins/activecampaign-subscription-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activecampaign-subscription-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activecampaign-subscription-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activecampaign-subscription-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activedemand-a4ef61682da896a77f77c008966e7b92.yaml b/nuclei-templates/cve-less/plugins/activedemand-a4ef61682da896a77f77c008966e7b92.yaml new file mode 100644 index 0000000000..14215cd767 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activedemand-a4ef61682da896a77f77c008966e7b92.yaml @@ -0,0 +1,58 @@ +id: activedemand-a4ef61682da896a77f77c008966e7b92 + +info: + name: > + ActiveDEMAND <= 0.2.41 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5baec449-59f9-47f3-af80-eb31adeacb7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activedemand/" + google-query: inurl:"/wp-content/plugins/activedemand/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activedemand,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activedemand/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activedemand" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activedemand-adf2d29be020721f57ebc8e5c323f1bc.yaml b/nuclei-templates/cve-less/plugins/activedemand-adf2d29be020721f57ebc8e5c323f1bc.yaml new file mode 100644 index 0000000000..0310b1654e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activedemand-adf2d29be020721f57ebc8e5c323f1bc.yaml @@ -0,0 +1,58 @@ +id: activedemand-adf2d29be020721f57ebc8e5c323f1bc + +info: + name: > + ActiveDEMAND <= 0.2.27 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/194f71d8-43d7-4a1f-8390-2c1efd0b0a23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activedemand/" + google-query: inurl:"/wp-content/plugins/activedemand/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activedemand,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activedemand/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activedemand" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activehelper-livehelp-98bfd8505d63ab414ff4e674e40520aa.yaml b/nuclei-templates/cve-less/plugins/activehelper-livehelp-98bfd8505d63ab414ff4e674e40520aa.yaml new file mode 100644 index 0000000000..b89013adf0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activehelper-livehelp-98bfd8505d63ab414ff4e674e40520aa.yaml @@ -0,0 +1,58 @@ +id: activehelper-livehelp-98bfd8505d63ab414ff4e674e40520aa + +info: + name: > + ActiveHelper LiveHelp Live Chat < 3.1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb91188b-71df-4aee-98f1-b77e0a33e01c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activehelper-livehelp/" + google-query: inurl:"/wp-content/plugins/activehelper-livehelp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activehelper-livehelp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activehelper-livehelp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activehelper-livehelp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activity-reactions-for-buddypress-2764a8f5acae96c89d7440a05722c172.yaml b/nuclei-templates/cve-less/plugins/activity-reactions-for-buddypress-2764a8f5acae96c89d7440a05722c172.yaml new file mode 100644 index 0000000000..2587abb118 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activity-reactions-for-buddypress-2764a8f5acae96c89d7440a05722c172.yaml @@ -0,0 +1,58 @@ +id: activity-reactions-for-buddypress-2764a8f5acae96c89d7440a05722c172 + +info: + name: > + Activity Reactions For Buddypress <= 1.0.22 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de3a6e77-47ee-4989-81a0-5447a73185bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activity-reactions-for-buddypress/" + google-query: inurl:"/wp-content/plugins/activity-reactions-for-buddypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activity-reactions-for-buddypress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activity-reactions-for-buddypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activity-reactions-for-buddypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activity-reactions-for-buddypress-f8b3cfa96a6263fb75e4e2e3d0d2b588.yaml b/nuclei-templates/cve-less/plugins/activity-reactions-for-buddypress-f8b3cfa96a6263fb75e4e2e3d0d2b588.yaml new file mode 100644 index 0000000000..d11d1fa258 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activity-reactions-for-buddypress-f8b3cfa96a6263fb75e4e2e3d0d2b588.yaml @@ -0,0 +1,58 @@ +id: activity-reactions-for-buddypress-f8b3cfa96a6263fb75e4e2e3d0d2b588 + +info: + name: > + Activity Reactions For Buddypress <= 1.0.22 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/218b4564-bfaf-4e65-94c4-b6b15b60b707?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activity-reactions-for-buddypress/" + google-query: inurl:"/wp-content/plugins/activity-reactions-for-buddypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activity-reactions-for-buddypress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activity-reactions-for-buddypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activity-reactions-for-buddypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activitypub-3492aa2f8ff8d594f214ebc3c0f6df74.yaml b/nuclei-templates/cve-less/plugins/activitypub-3492aa2f8ff8d594f214ebc3c0f6df74.yaml new file mode 100644 index 0000000000..addb45fa0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activitypub-3492aa2f8ff8d594f214ebc3c0f6df74.yaml @@ -0,0 +1,58 @@ +id: activitypub-3492aa2f8ff8d594f214ebc3c0f6df74 + +info: + name: > + ActivityPub <= 0.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Content + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/406951d8-4c61-45b3-a8a2-788921662b6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activitypub/" + google-query: inurl:"/wp-content/plugins/activitypub/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activitypub,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activitypub/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activitypub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activitypub-3d9f543216228e07e8805addbdc60815.yaml b/nuclei-templates/cve-less/plugins/activitypub-3d9f543216228e07e8805addbdc60815.yaml new file mode 100644 index 0000000000..365e73a1a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activitypub-3d9f543216228e07e8805addbdc60815.yaml @@ -0,0 +1,58 @@ +id: activitypub-3d9f543216228e07e8805addbdc60815 + +info: + name: > + ActivityPub <= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Title Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1b92249-bc18-4939-aefa-286667f6c003?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activitypub/" + google-query: inurl:"/wp-content/plugins/activitypub/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activitypub,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activitypub/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activitypub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activitypub-e408b7193fb2b136537798455a49df5e.yaml b/nuclei-templates/cve-less/plugins/activitypub-e408b7193fb2b136537798455a49df5e.yaml new file mode 100644 index 0000000000..1a776dacec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activitypub-e408b7193fb2b136537798455a49df5e.yaml @@ -0,0 +1,58 @@ +id: activitypub-e408b7193fb2b136537798455a49df5e + +info: + name: > + ActivityPub <= 0.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via User Metadata + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76e35dc6-a4d2-4dca-a186-395f0dd954aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activitypub/" + google-query: inurl:"/wp-content/plugins/activitypub/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activitypub,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activitypub/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activitypub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activitypub-ec1e17ee6b9dff2a9b24906383f33988.yaml b/nuclei-templates/cve-less/plugins/activitypub-ec1e17ee6b9dff2a9b24906383f33988.yaml new file mode 100644 index 0000000000..9cfa016d38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activitypub-ec1e17ee6b9dff2a9b24906383f33988.yaml @@ -0,0 +1,58 @@ +id: activitypub-ec1e17ee6b9dff2a9b24906383f33988 + +info: + name: > + ActivityPub <= 1.0.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3666a841-711d-4ecf-bb77-f2db4d5817ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activitypub/" + google-query: inurl:"/wp-content/plugins/activitypub/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activitypub,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activitypub/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activitypub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activitypub-f60eec61fd032c9a9193cb04ba124ce1.yaml b/nuclei-templates/cve-less/plugins/activitypub-f60eec61fd032c9a9193cb04ba124ce1.yaml new file mode 100644 index 0000000000..6b86136a1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activitypub-f60eec61fd032c9a9193cb04ba124ce1.yaml @@ -0,0 +1,58 @@ +id: activitypub-f60eec61fd032c9a9193cb04ba124ce1 + +info: + name: > + ActivityPub <= 0.17.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Sensitive Post Content Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c6ad5a-bc76-4012-acc6-35f742e0869e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activitypub/" + google-query: inurl:"/wp-content/plugins/activitypub/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activitypub,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activitypub/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activitypub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/activitytime-a43196491819b1394c39bdcafa720fd3.yaml b/nuclei-templates/cve-less/plugins/activitytime-a43196491819b1394c39bdcafa720fd3.yaml new file mode 100644 index 0000000000..14329ac2dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/activitytime-a43196491819b1394c39bdcafa720fd3.yaml @@ -0,0 +1,58 @@ +id: activitytime-a43196491819b1394c39bdcafa720fd3 + +info: + name: > + WP Sessions Time Monitoring Full Automatic <= 1.0.8 - Unauthenticated SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b50d6fd0-3698-4e16-aa76-0344306bc705?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/activitytime/" + google-query: inurl:"/wp-content/plugins/activitytime/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,activitytime,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/activitytime/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activitytime" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acurax-social-media-widget-6c3ed40b4545418647bb281d1735150e.yaml b/nuclei-templates/cve-less/plugins/acurax-social-media-widget-6c3ed40b4545418647bb281d1735150e.yaml new file mode 100644 index 0000000000..b12c8570ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acurax-social-media-widget-6c3ed40b4545418647bb281d1735150e.yaml @@ -0,0 +1,58 @@ +id: acurax-social-media-widget-6c3ed40b4545418647bb281d1735150e + +info: + name: > + Social Media Widget by Acurax <= 3.2.5 - Cross-Site Request Forgery leading to Cross-Site Scripting via the recordsArray Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af7d935b-05a2-4eaa-af98-4e6a88abab46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acurax-social-media-widget/" + google-query: inurl:"/wp-content/plugins/acurax-social-media-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acurax-social-media-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acurax-social-media-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acurax-social-media-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acymailing-240aa2bc102d76090c9b42a8f66071ad.yaml b/nuclei-templates/cve-less/plugins/acymailing-240aa2bc102d76090c9b42a8f66071ad.yaml new file mode 100644 index 0000000000..cf68827437 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acymailing-240aa2bc102d76090c9b42a8f66071ad.yaml @@ -0,0 +1,58 @@ +id: acymailing-240aa2bc102d76090c9b42a8f66071ad + +info: + name: > + AcyMailing SMTP Newsletter < 7.5.0 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1acc256-c8f5-4738-8788-d52b4e2b80ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acymailing/" + google-query: inurl:"/wp-content/plugins/acymailing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acymailing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acymailing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acymailing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/acymailing-9c2165239aea161f40d7ad21814e157b.yaml b/nuclei-templates/cve-less/plugins/acymailing-9c2165239aea161f40d7ad21814e157b.yaml new file mode 100644 index 0000000000..f23d738d0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/acymailing-9c2165239aea161f40d7ad21814e157b.yaml @@ -0,0 +1,58 @@ +id: acymailing-9c2165239aea161f40d7ad21814e157b + +info: + name: > + AcyMailing SMTP Newsletter <= 8.6.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f82ec7c-72a0-4c3b-8041-c6ad080a48f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/acymailing/" + google-query: inurl:"/wp-content/plugins/acymailing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,acymailing,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/acymailing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "acymailing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-blocking-detector-33e33b7e60f5bb1cbc3c1d66bbc57d88.yaml b/nuclei-templates/cve-less/plugins/ad-blocking-detector-33e33b7e60f5bb1cbc3c1d66bbc57d88.yaml new file mode 100644 index 0000000000..7bc5598ead --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-blocking-detector-33e33b7e60f5bb1cbc3c1d66bbc57d88.yaml @@ -0,0 +1,58 @@ +id: ad-blocking-detector-33e33b7e60f5bb1cbc3c1d66bbc57d88 + +info: + name: > + Ad Blocking Detector <= 1.2.1 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/054bb123-132c-4c32-9fd1-a9f289cfdc35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-blocking-detector/" + google-query: inurl:"/wp-content/plugins/ad-blocking-detector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-blocking-detector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-blocking-detector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-blocking-detector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-buttons-ced2fa1255261a6b95f5e5c089baa7a6.yaml b/nuclei-templates/cve-less/plugins/ad-buttons-ced2fa1255261a6b95f5e5c089baa7a6.yaml new file mode 100644 index 0000000000..47a91bc634 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-buttons-ced2fa1255261a6b95f5e5c089baa7a6.yaml @@ -0,0 +1,58 @@ +id: ad-buttons-ced2fa1255261a6b95f5e5c089baa7a6 + +info: + name: > + Ad Buttons <= 2.3.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5f36574-b4d0-4b67-baea-f5ef5e6618d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-buttons/" + google-query: inurl:"/wp-content/plugins/ad-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-buttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-injection-55f4a1b139d90fca33a89ff564faba6b.yaml b/nuclei-templates/cve-less/plugins/ad-injection-55f4a1b139d90fca33a89ff564faba6b.yaml new file mode 100644 index 0000000000..4e4d1ac168 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-injection-55f4a1b139d90fca33a89ff564faba6b.yaml @@ -0,0 +1,58 @@ +id: ad-injection-55f4a1b139d90fca33a89ff564faba6b + +info: + name: > + Ad Injection <= 1.2.0.19 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a07ca145-9349-4961-9e66-4c59ea9b5069?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-injection/" + google-query: inurl:"/wp-content/plugins/ad-injection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-injection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-injection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-injection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-inserter-05c7f4b1ec789bf87edb2e9f58b5a516.yaml b/nuclei-templates/cve-less/plugins/ad-inserter-05c7f4b1ec789bf87edb2e9f58b5a516.yaml new file mode 100644 index 0000000000..b358af1696 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-inserter-05c7f4b1ec789bf87edb2e9f58b5a516.yaml @@ -0,0 +1,58 @@ +id: ad-inserter-05c7f4b1ec789bf87edb2e9f58b5a516 + +info: + name: > + Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce457c98-c55b-4b71-a80b-393eceb9effd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-inserter/" + google-query: inurl:"/wp-content/plugins/ad-inserter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-inserter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-inserter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-inserter-05dc7f00a65d6d066b60c74e22d18787.yaml b/nuclei-templates/cve-less/plugins/ad-inserter-05dc7f00a65d6d066b60c74e22d18787.yaml new file mode 100644 index 0000000000..cdcc92c46b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-inserter-05dc7f00a65d6d066b60c74e22d18787.yaml @@ -0,0 +1,58 @@ +id: ad-inserter-05dc7f00a65d6d066b60c74e22d18787 + +info: + name: > + Ad Inserter <= 2.4.19 - Authenticated Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e4da578-aa8d-40b4-98c7-3efef911f850?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-inserter/" + google-query: inurl:"/wp-content/plugins/ad-inserter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-inserter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-inserter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-inserter-085734e6e575cc721d044070dab37117.yaml b/nuclei-templates/cve-less/plugins/ad-inserter-085734e6e575cc721d044070dab37117.yaml new file mode 100644 index 0000000000..d71a70abbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-inserter-085734e6e575cc721d044070dab37117.yaml @@ -0,0 +1,58 @@ +id: ad-inserter-085734e6e575cc721d044070dab37117 + +info: + name: > + Ad Inserter Free and Pro <= 2.7.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/573dd1ea-1f2c-4a0b-9496-82d7b65c8db2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-inserter/" + google-query: inurl:"/wp-content/plugins/ad-inserter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-inserter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-inserter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-inserter-79f632cd97a0ebb6e16d846a092aa9f0.yaml b/nuclei-templates/cve-less/plugins/ad-inserter-79f632cd97a0ebb6e16d846a092aa9f0.yaml new file mode 100644 index 0000000000..447e62ebc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-inserter-79f632cd97a0ebb6e16d846a092aa9f0.yaml @@ -0,0 +1,58 @@ +id: ad-inserter-79f632cd97a0ebb6e16d846a092aa9f0 + +info: + name: > + Ad Inserter – Ad Manager & AdSense Ads < 1.5.3 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a377ac8-7ef2-4450-9987-4d5c66378023?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-inserter/" + google-query: inurl:"/wp-content/plugins/ad-inserter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-inserter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-inserter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-inserter-c5d0a251b677b3b951be5050c3700b32.yaml b/nuclei-templates/cve-less/plugins/ad-inserter-c5d0a251b677b3b951be5050c3700b32.yaml new file mode 100644 index 0000000000..d9517d9e61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-inserter-c5d0a251b677b3b951be5050c3700b32.yaml @@ -0,0 +1,58 @@ +id: ad-inserter-c5d0a251b677b3b951be5050c3700b32 + +info: + name: > + Ad Inserter <= 2.4.21 - Authenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d17d3ce-2478-498b-8364-75d2449a9b58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-inserter/" + google-query: inurl:"/wp-content/plugins/ad-inserter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-inserter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-inserter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-inserter-e2189a48266beb6940ada2c357f2ecea.yaml b/nuclei-templates/cve-less/plugins/ad-inserter-e2189a48266beb6940ada2c357f2ecea.yaml new file mode 100644 index 0000000000..60f1fb4d36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-inserter-e2189a48266beb6940ada2c357f2ecea.yaml @@ -0,0 +1,58 @@ +id: ad-inserter-e2189a48266beb6940ada2c357f2ecea + +info: + name: > + Ad Inserter <= 2.7.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3798fb5d-f7d6-4a93-8908-c9b1f93bb05a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-inserter/" + google-query: inurl:"/wp-content/plugins/ad-inserter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-inserter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-inserter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-inserter-e9f3d7aebb0ed7cd4a6a52dea34e70b2.yaml b/nuclei-templates/cve-less/plugins/ad-inserter-e9f3d7aebb0ed7cd4a6a52dea34e70b2.yaml new file mode 100644 index 0000000000..cdc7bdaeb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-inserter-e9f3d7aebb0ed7cd4a6a52dea34e70b2.yaml @@ -0,0 +1,58 @@ +id: ad-inserter-e9f3d7aebb0ed7cd4a6a52dea34e70b2 + +info: + name: > + Ad Inserter <= 2.7.25 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c94028c-a774-45ac-817d-ad9b966a3b51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-inserter/" + google-query: inurl:"/wp-content/plugins/ad-inserter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-inserter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-inserter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-inserter-fc176b7bb57291a7a6cb64680552a9c1.yaml b/nuclei-templates/cve-less/plugins/ad-inserter-fc176b7bb57291a7a6cb64680552a9c1.yaml new file mode 100644 index 0000000000..483c725f9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-inserter-fc176b7bb57291a7a6cb64680552a9c1.yaml @@ -0,0 +1,58 @@ +id: ad-inserter-fc176b7bb57291a7a6cb64680552a9c1 + +info: + name: > + Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57b3eef3-e165-45ac-89d7-2a2a6529b310?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-inserter/" + google-query: inurl:"/wp-content/plugins/ad-inserter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-inserter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-inserter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-inserter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-inserter-pro-085734e6e575cc721d044070dab37117.yaml b/nuclei-templates/cve-less/plugins/ad-inserter-pro-085734e6e575cc721d044070dab37117.yaml new file mode 100644 index 0000000000..38f0813ff8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-inserter-pro-085734e6e575cc721d044070dab37117.yaml @@ -0,0 +1,58 @@ +id: ad-inserter-pro-085734e6e575cc721d044070dab37117 + +info: + name: > + Ad Inserter Free and Pro <= 2.7.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/573dd1ea-1f2c-4a0b-9496-82d7b65c8db2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-inserter-pro/" + google-query: inurl:"/wp-content/plugins/ad-inserter-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-inserter-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-inserter-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-inserter-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-invalid-click-protector-21d21ac863b5d217214b983983ea0861.yaml b/nuclei-templates/cve-less/plugins/ad-invalid-click-protector-21d21ac863b5d217214b983983ea0861.yaml new file mode 100644 index 0000000000..a6ad14113c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-invalid-click-protector-21d21ac863b5d217214b983983ea0861.yaml @@ -0,0 +1,58 @@ +id: ad-invalid-click-protector-21d21ac863b5d217214b983983ea0861 + +info: + name: > + Ad Invalid Click Protector (AICP) <= 1.2.5.2 - Cross-Site Request Forgery to Arbitrary Ban Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/caf61bf9-4b0f-450a-b571-b0fec42e9e39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-invalid-click-protector/" + google-query: inurl:"/wp-content/plugins/ad-invalid-click-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-invalid-click-protector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-invalid-click-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-invalid-click-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-invalid-click-protector-f2687a211e25f95aa3e0981921986366.yaml b/nuclei-templates/cve-less/plugins/ad-invalid-click-protector-f2687a211e25f95aa3e0981921986366.yaml new file mode 100644 index 0000000000..a8a0c945e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-invalid-click-protector-f2687a211e25f95aa3e0981921986366.yaml @@ -0,0 +1,58 @@ +id: ad-invalid-click-protector-f2687a211e25f95aa3e0981921986366 + +info: + name: > + Ad Invalid Click Protector <= 1.2.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf711c64-dd5e-4725-824c-fbe9063916d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-invalid-click-protector/" + google-query: inurl:"/wp-content/plugins/ad-invalid-click-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-invalid-click-protector,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-invalid-click-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-invalid-click-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-minister-8ed4f4b4804b54524ede760d18b29fad.yaml b/nuclei-templates/cve-less/plugins/ad-minister-8ed4f4b4804b54524ede760d18b29fad.yaml new file mode 100644 index 0000000000..bf233c934b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-minister-8ed4f4b4804b54524ede760d18b29fad.yaml @@ -0,0 +1,58 @@ +id: ad-minister-8ed4f4b4804b54524ede760d18b29fad + +info: + name: > + Ad-minister <= 0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6870e237-2c2f-46c7-bf00-b3f1bedb8d8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-minister/" + google-query: inurl:"/wp-content/plugins/ad-minister/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-minister,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-minister/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-minister" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ad-widget-7559c037fdee829f7bf9775d464accd0.yaml b/nuclei-templates/cve-less/plugins/ad-widget-7559c037fdee829f7bf9775d464accd0.yaml new file mode 100644 index 0000000000..c1ce235fcb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ad-widget-7559c037fdee829f7bf9775d464accd0.yaml @@ -0,0 +1,58 @@ +id: ad-widget-7559c037fdee829f7bf9775d464accd0 + +info: + name: > + WordPress Ad Widget <= 2.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9604fccc-ed8b-480b-ab56-ffa341631b52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ad-widget/" + google-query: inurl:"/wp-content/plugins/ad-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ad-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ad-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ad-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adamrob-parallax-scroll-0e52d08abcfaa24832dc556c46587054.yaml b/nuclei-templates/cve-less/plugins/adamrob-parallax-scroll-0e52d08abcfaa24832dc556c46587054.yaml new file mode 100644 index 0000000000..2909e007c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adamrob-parallax-scroll-0e52d08abcfaa24832dc556c46587054.yaml @@ -0,0 +1,58 @@ +id: adamrob-parallax-scroll-0e52d08abcfaa24832dc556c46587054 + +info: + name: > + Parallax Scroll <= 2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/976f9d0e-8ad8-4ce8-8917-b5c7f5a24cbb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adamrob-parallax-scroll/" + google-query: inurl:"/wp-content/plugins/adamrob-parallax-scroll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adamrob-parallax-scroll,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adamrob-parallax-scroll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adamrob-parallax-scroll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adaptive-images-092d91aed0440af0f2ea67a8f6a61ea3.yaml b/nuclei-templates/cve-less/plugins/adaptive-images-092d91aed0440af0f2ea67a8f6a61ea3.yaml new file mode 100644 index 0000000000..e9a02f6e1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adaptive-images-092d91aed0440af0f2ea67a8f6a61ea3.yaml @@ -0,0 +1,58 @@ +id: adaptive-images-092d91aed0440af0f2ea67a8f6a61ea3 + +info: + name: > + Adaptive Images for WordPress <= 0.6.66 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2db06b1-c823-45db-b6f5-b656978cc779?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adaptive-images/" + google-query: inurl:"/wp-content/plugins/adaptive-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adaptive-images,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adaptive-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adaptive-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.6.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adaptive-images-2cea449c252db115bc0ec944ee102d56.yaml b/nuclei-templates/cve-less/plugins/adaptive-images-2cea449c252db115bc0ec944ee102d56.yaml new file mode 100644 index 0000000000..3d2dde4bb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adaptive-images-2cea449c252db115bc0ec944ee102d56.yaml @@ -0,0 +1,58 @@ +id: adaptive-images-2cea449c252db115bc0ec944ee102d56 + +info: + name: > + Adaptive Images for WordPress <= 0.6.66 - Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8d17ee3-73b3-4f58-8d08-14bbf2d9d9d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adaptive-images/" + google-query: inurl:"/wp-content/plugins/adaptive-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adaptive-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adaptive-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adaptive-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.6.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adblock-notify-by-bweb-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/adblock-notify-by-bweb-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..c4c1c6e6f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adblock-notify-by-bweb-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: adblock-notify-by-bweb-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adblock-notify-by-bweb/" + google-query: inurl:"/wp-content/plugins/adblock-notify-by-bweb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adblock-notify-by-bweb,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adblock-notify-by-bweb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adblock-notify-by-bweb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-actions-and-filters-0c9c5d7d8c587d19d97cdd4ed72a25ce.yaml b/nuclei-templates/cve-less/plugins/add-actions-and-filters-0c9c5d7d8c587d19d97cdd4ed72a25ce.yaml new file mode 100644 index 0000000000..d87ed83f61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-actions-and-filters-0c9c5d7d8c587d19d97cdd4ed72a25ce.yaml @@ -0,0 +1,58 @@ +id: add-actions-and-filters-0c9c5d7d8c587d19d97cdd4ed72a25ce + +info: + name: > + Add Shortcodes Actions And Filters <= 2.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/228de538-90c7-4f7d-a076-dd0a01458e38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-actions-and-filters/" + google-query: inurl:"/wp-content/plugins/add-actions-and-filters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-actions-and-filters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-actions-and-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-actions-and-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-actions-and-filters-3a2ca32819bf69f7c166bffc53191044.yaml b/nuclei-templates/cve-less/plugins/add-actions-and-filters-3a2ca32819bf69f7c166bffc53191044.yaml new file mode 100644 index 0000000000..7e665fcdf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-actions-and-filters-3a2ca32819bf69f7c166bffc53191044.yaml @@ -0,0 +1,58 @@ +id: add-actions-and-filters-3a2ca32819bf69f7c166bffc53191044 + +info: + name: > + Add Shortcodes Actions And Filters <= 2.0.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44cb21f9-467a-4119-99fb-5cd21166a334?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-actions-and-filters/" + google-query: inurl:"/wp-content/plugins/add-actions-and-filters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-actions-and-filters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-actions-and-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-actions-and-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-actions-and-filters-7d55795955a6759ccf7bacae2a8fb7d5.yaml b/nuclei-templates/cve-less/plugins/add-actions-and-filters-7d55795955a6759ccf7bacae2a8fb7d5.yaml new file mode 100644 index 0000000000..740357591b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-actions-and-filters-7d55795955a6759ccf7bacae2a8fb7d5.yaml @@ -0,0 +1,58 @@ +id: add-actions-and-filters-7d55795955a6759ccf7bacae2a8fb7d5 + +info: + name: > + Add Shortcodes Actions And Filters <= 2.0.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4942de17-d141-4a6c-885e-75f540fe21b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-actions-and-filters/" + google-query: inurl:"/wp-content/plugins/add-actions-and-filters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-actions-and-filters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-actions-and-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-actions-and-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-actions-and-filters-d3a3435dfd803c8984d494bbdacab67a.yaml b/nuclei-templates/cve-less/plugins/add-actions-and-filters-d3a3435dfd803c8984d494bbdacab67a.yaml new file mode 100644 index 0000000000..4dc57d4360 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-actions-and-filters-d3a3435dfd803c8984d494bbdacab67a.yaml @@ -0,0 +1,58 @@ +id: add-actions-and-filters-d3a3435dfd803c8984d494bbdacab67a + +info: + name: > + Add Shortcodes Actions And Filters <= 2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b7da6f7-d486-44e5-9eeb-21feb119a48b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-actions-and-filters/" + google-query: inurl:"/wp-content/plugins/add-actions-and-filters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-actions-and-filters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-actions-and-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-actions-and-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-any-extension-to-pages-b90fc576a88f2023fbf4be0c7e221753.yaml b/nuclei-templates/cve-less/plugins/add-any-extension-to-pages-b90fc576a88f2023fbf4be0c7e221753.yaml new file mode 100644 index 0000000000..2a13ff759d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-any-extension-to-pages-b90fc576a88f2023fbf4be0c7e221753.yaml @@ -0,0 +1,58 @@ +id: add-any-extension-to-pages-b90fc576a88f2023fbf4be0c7e221753 + +info: + name: > + Add Any Extension to Pages <= 1.4 - Cross-Site Request Forgery via aaetp_options_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f49e727-cac4-4a46-b649-5ca48d5e2402?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-any-extension-to-pages/" + google-query: inurl:"/wp-content/plugins/add-any-extension-to-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-any-extension-to-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-any-extension-to-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-any-extension-to-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-comments-5f015fc98ebe61708b30f8e106c0dca9.yaml b/nuclei-templates/cve-less/plugins/add-comments-5f015fc98ebe61708b30f8e106c0dca9.yaml new file mode 100644 index 0000000000..53475b5ce6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-comments-5f015fc98ebe61708b30f8e106c0dca9.yaml @@ -0,0 +1,58 @@ +id: add-comments-5f015fc98ebe61708b30f8e106c0dca9 + +info: + name: > + Add Comments <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4101bd5e-94fb-4ec5-9d25-581c3211ffa7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-comments/" + google-query: inurl:"/wp-content/plugins/add-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-custom-body-class-e958f1600aa0e32635d67ccd172b77c5.yaml b/nuclei-templates/cve-less/plugins/add-custom-body-class-e958f1600aa0e32635d67ccd172b77c5.yaml new file mode 100644 index 0000000000..3500a57a6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-custom-body-class-e958f1600aa0e32635d67ccd172b77c5.yaml @@ -0,0 +1,58 @@ +id: add-custom-body-class-e958f1600aa0e32635d67ccd172b77c5 + +info: + name: > + Add Custom Body Class <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9841b57b-b869-4282-8781-60538f6f269f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-custom-body-class/" + google-query: inurl:"/wp-content/plugins/add-custom-body-class/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-custom-body-class,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-custom-body-class/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-custom-body-class" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-customer-for-woocommerce-073e94466d93432fc20ff7757afbfb89.yaml b/nuclei-templates/cve-less/plugins/add-customer-for-woocommerce-073e94466d93432fc20ff7757afbfb89.yaml new file mode 100644 index 0000000000..f0b81d0cd0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-customer-for-woocommerce-073e94466d93432fc20ff7757afbfb89.yaml @@ -0,0 +1,58 @@ +id: add-customer-for-woocommerce-073e94466d93432fc20ff7757afbfb89 + +info: + name: > + Add Customer for WooCommerce <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba08695e-009e-434a-9db0-06aa1dd6d57a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-customer-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/add-customer-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-customer-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-customer-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-customer-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-edit-delete-listing-for-member-module-1b2dceeb5f112c4d4e1d47bb3fb62e6f.yaml b/nuclei-templates/cve-less/plugins/add-edit-delete-listing-for-member-module-1b2dceeb5f112c4d4e1d47bb3fb62e6f.yaml new file mode 100644 index 0000000000..98c44e4261 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-edit-delete-listing-for-member-module-1b2dceeb5f112c4d4e1d47bb3fb62e6f.yaml @@ -0,0 +1,58 @@ +id: add-edit-delete-listing-for-member-module-1b2dceeb5f112c4d4e1d47bb3fb62e6f + +info: + name: > + Add Edit Delete Listing Module <= 1.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2baf528d-a24b-4cad-99c9-5fef9df3fe6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-edit-delete-listing-for-member-module/" + google-query: inurl:"/wp-content/plugins/add-edit-delete-listing-for-member-module/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-edit-delete-listing-for-member-module,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-edit-delete-listing-for-member-module/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-edit-delete-listing-for-member-module" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-expires-headers-a517abb9ae98faf810f5cc111ea3cf8c.yaml b/nuclei-templates/cve-less/plugins/add-expires-headers-a517abb9ae98faf810f5cc111ea3cf8c.yaml new file mode 100644 index 0000000000..f99cfab781 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-expires-headers-a517abb9ae98faf810f5cc111ea3cf8c.yaml @@ -0,0 +1,58 @@ +id: add-expires-headers-a517abb9ae98faf810f5cc111ea3cf8c + +info: + name: > + Add Expires Headers & Optimized Minify <= 2.7 - Cross-Site Request Forgery via [placeholder] + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55e6a968-153e-4d4c-a7be-65650a0c9bc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-expires-headers/" + google-query: inurl:"/wp-content/plugins/add-expires-headers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-expires-headers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-expires-headers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-expires-headers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-facebook-0445d2e77118d710e79ad9b8b4807a1f.yaml b/nuclei-templates/cve-less/plugins/add-facebook-0445d2e77118d710e79ad9b8b4807a1f.yaml new file mode 100644 index 0000000000..5a861aa9e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-facebook-0445d2e77118d710e79ad9b8b4807a1f.yaml @@ -0,0 +1,58 @@ +id: add-facebook-0445d2e77118d710e79ad9b8b4807a1f + +info: + name: > + Social Feed <= 1.5.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b145772-624e-4af0-9156-03c483bf8381?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-facebook/" + google-query: inurl:"/wp-content/plugins/add-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-facebook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-facebook-3329f436b3e9299453177bb21ca6d4b2.yaml b/nuclei-templates/cve-less/plugins/add-facebook-3329f436b3e9299453177bb21ca6d4b2.yaml new file mode 100644 index 0000000000..2b5d6d1e73 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-facebook-3329f436b3e9299453177bb21ca6d4b2.yaml @@ -0,0 +1,58 @@ +id: add-facebook-3329f436b3e9299453177bb21ca6d4b2 + +info: + name: > + Social Feed | All social media in one place <= 1.5.4.6 - Authenticated (Administrator+) Stored Cross-Site Scripting] + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a77675b-5a31-4bc1-b4bd-36dd9a612b7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-facebook/" + google-query: inurl:"/wp-content/plugins/add-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-facebook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-a100f718edfa547990462b4c8b9cca8f.yaml b/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-a100f718edfa547990462b4c8b9cca8f.yaml new file mode 100644 index 0000000000..ddc93bf944 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-a100f718edfa547990462b4c8b9cca8f.yaml @@ -0,0 +1,58 @@ +id: add-fields-to-checkout-page-woocommerce-a100f718edfa547990462b4c8b9cca8f + +info: + name: > + Custom WooCommerce Checkout Fields Editor <= 1.3.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0320c16-de32-484f-b17c-5acf0144a373?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-fields-to-checkout-page-woocommerce/" + google-query: inurl:"/wp-content/plugins/add-fields-to-checkout-page-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-fields-to-checkout-page-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-fields-to-checkout-page-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-fields-to-checkout-page-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-b9bdab270fe39bf9e158152b28713054.yaml b/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-b9bdab270fe39bf9e158152b28713054.yaml new file mode 100644 index 0000000000..daa09d7302 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-b9bdab270fe39bf9e158152b28713054.yaml @@ -0,0 +1,58 @@ +id: add-fields-to-checkout-page-woocommerce-b9bdab270fe39bf9e158152b28713054 + +info: + name: > + Custom WooCommerce Checkout Fields Editor <= 1.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92f44b-6f2b-439c-8245-ace189740425?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-fields-to-checkout-page-woocommerce/" + google-query: inurl:"/wp-content/plugins/add-fields-to-checkout-page-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-fields-to-checkout-page-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-fields-to-checkout-page-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-fields-to-checkout-page-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-d334f4c5640d489b36128befbb9349ee.yaml b/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-d334f4c5640d489b36128befbb9349ee.yaml new file mode 100644 index 0000000000..699c863361 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-fields-to-checkout-page-woocommerce-d334f4c5640d489b36128befbb9349ee.yaml @@ -0,0 +1,58 @@ +id: add-fields-to-checkout-page-woocommerce-d334f4c5640d489b36128befbb9349ee + +info: + name: > + Custom WooCommerce Checkout Fields Editor <= 1.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/698c8c4e-77ca-491c-bdd5-4a3d3b99b1b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-fields-to-checkout-page-woocommerce/" + google-query: inurl:"/wp-content/plugins/add-fields-to-checkout-page-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-fields-to-checkout-page-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-fields-to-checkout-page-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-fields-to-checkout-page-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-from-server-373c3d1e9d0bf3f43f2574269f041f82.yaml b/nuclei-templates/cve-less/plugins/add-from-server-373c3d1e9d0bf3f43f2574269f041f82.yaml new file mode 100644 index 0000000000..d54fe85441 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-from-server-373c3d1e9d0bf3f43f2574269f041f82.yaml @@ -0,0 +1,58 @@ +id: add-from-server-373c3d1e9d0bf3f43f2574269f041f82 + +info: + name: > + Add From Server <= 3.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d9a3ad3-90fa-46bc-b42a-7616c02a8b50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-from-server/" + google-query: inurl:"/wp-content/plugins/add-from-server/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-from-server,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-from-server/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-from-server" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-instagram-446660b2783c8caadc3d9d08f86fa99d.yaml b/nuclei-templates/cve-less/plugins/add-instagram-446660b2783c8caadc3d9d08f86fa99d.yaml new file mode 100644 index 0000000000..7a3527074d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-instagram-446660b2783c8caadc3d9d08f86fa99d.yaml @@ -0,0 +1,58 @@ +id: add-instagram-446660b2783c8caadc3d9d08f86fa99d + +info: + name: > + Image Social Feed Plugin <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcaa19b0-2d55-4a0c-98e7-9a38488dd922?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-instagram/" + google-query: inurl:"/wp-content/plugins/add-instagram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-instagram,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-instagram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-instagram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-link-to-facebook-3bc3a29ed4f22f4e728217981dd51f12.yaml b/nuclei-templates/cve-less/plugins/add-link-to-facebook-3bc3a29ed4f22f4e728217981dd51f12.yaml new file mode 100644 index 0000000000..09baf99b4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-link-to-facebook-3bc3a29ed4f22f4e728217981dd51f12.yaml @@ -0,0 +1,58 @@ +id: add-link-to-facebook-3bc3a29ed4f22f4e728217981dd51f12 + +info: + name: > + Add Link to Facebook <= 2.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f32c66b3-b26c-4fe3-9171-ca8780391a2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-link-to-facebook/" + google-query: inurl:"/wp-content/plugins/add-link-to-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-link-to-facebook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-link-to-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-link-to-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-local-avatar-fd5d00c088aafb595097efbcaff18f66.yaml b/nuclei-templates/cve-less/plugins/add-local-avatar-fd5d00c088aafb595097efbcaff18f66.yaml new file mode 100644 index 0000000000..af753f7b8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-local-avatar-fd5d00c088aafb595097efbcaff18f66.yaml @@ -0,0 +1,58 @@ +id: add-local-avatar-fd5d00c088aafb595097efbcaff18f66 + +info: + name: > + Add Local Avatar <= 12.1 - Cross-Site Request Forgery via manage_avatar_cache + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/241da621-b892-4263-8409-a40ac5a1ade3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-local-avatar/" + google-query: inurl:"/wp-content/plugins/add-local-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-local-avatar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-local-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-local-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-multiple-marker-5c12b38e55523c2abb1229db17d7b69c.yaml b/nuclei-templates/cve-less/plugins/add-multiple-marker-5c12b38e55523c2abb1229db17d7b69c.yaml new file mode 100644 index 0000000000..759e980294 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-multiple-marker-5c12b38e55523c2abb1229db17d7b69c.yaml @@ -0,0 +1,58 @@ +id: add-multiple-marker-5c12b38e55523c2abb1229db17d7b69c + +info: + name: > + Add Multiple Marker <= 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50932c88-994d-4904-b075-e48d2cb5bc24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-multiple-marker/" + google-query: inurl:"/wp-content/plugins/add-multiple-marker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-multiple-marker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-multiple-marker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-multiple-marker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-multiple-marker-93ed6654d55bf39f7e0ea24a9224f858.yaml b/nuclei-templates/cve-less/plugins/add-multiple-marker-93ed6654d55bf39f7e0ea24a9224f858.yaml new file mode 100644 index 0000000000..e76c4ef609 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-multiple-marker-93ed6654d55bf39f7e0ea24a9224f858.yaml @@ -0,0 +1,58 @@ +id: add-multiple-marker-93ed6654d55bf39f7e0ea24a9224f858 + +info: + name: > + Add Multiple Marker <= 1.2 - Missing Authorization Checks to Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54cccd61-35d0-432c-8832-28e7928c464d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-multiple-marker/" + google-query: inurl:"/wp-content/plugins/add-multiple-marker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-multiple-marker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-multiple-marker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-multiple-marker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-posts-to-pages-64cea71514683366dc6b4c2ffb6a6e72.yaml b/nuclei-templates/cve-less/plugins/add-posts-to-pages-64cea71514683366dc6b4c2ffb6a6e72.yaml new file mode 100644 index 0000000000..dcb83ea7c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-posts-to-pages-64cea71514683366dc6b4c2ffb6a6e72.yaml @@ -0,0 +1,58 @@ +id: add-posts-to-pages-64cea71514683366dc6b4c2ffb6a6e72 + +info: + name: > + Add Posts to Pages <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/139b081d-17b1-4e1f-9d22-cf3f9de123f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-posts-to-pages/" + google-query: inurl:"/wp-content/plugins/add-posts-to-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-posts-to-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-posts-to-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-posts-to-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-search-to-menu-0f70db17156622f62eb6b0301d900f5d.yaml b/nuclei-templates/cve-less/plugins/add-search-to-menu-0f70db17156622f62eb6b0301d900f5d.yaml new file mode 100644 index 0000000000..f696022fbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-search-to-menu-0f70db17156622f62eb6b0301d900f5d.yaml @@ -0,0 +1,58 @@ +id: add-search-to-menu-0f70db17156622f62eb6b0301d900f5d + +info: + name: > + Ivory Search <= 5.4 - Multiple Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/736cb9a4-bd43-4aaa-a918-d15ca3ff4dbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-search-to-menu/" + google-query: inurl:"/wp-content/plugins/add-search-to-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-search-to-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-search-to-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-search-to-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-search-to-menu-57c77fb954904b0b546e721dabd7febb.yaml b/nuclei-templates/cve-less/plugins/add-search-to-menu-57c77fb954904b0b546e721dabd7febb.yaml new file mode 100644 index 0000000000..80265e2042 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-search-to-menu-57c77fb954904b0b546e721dabd7febb.yaml @@ -0,0 +1,58 @@ +id: add-search-to-menu-57c77fb954904b0b546e721dabd7febb + +info: + name: > + Ivory Search <= 4.6 - Reflected Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9e3f310-5a5e-4ca8-806d-9a7aacfaf5ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-search-to-menu/" + google-query: inurl:"/wp-content/plugins/add-search-to-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-search-to-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-search-to-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-search-to-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-search-to-menu-ab5a0a3bb4872aa99cbafa75e82578af.yaml b/nuclei-templates/cve-less/plugins/add-search-to-menu-ab5a0a3bb4872aa99cbafa75e82578af.yaml new file mode 100644 index 0000000000..94c566f1de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-search-to-menu-ab5a0a3bb4872aa99cbafa75e82578af.yaml @@ -0,0 +1,58 @@ +id: add-search-to-menu-ab5a0a3bb4872aa99cbafa75e82578af + +info: + name: > + Ivory Search <= 4.6.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2268be8-f9b8-4028-b681-7793b2bd43f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-search-to-menu/" + google-query: inurl:"/wp-content/plugins/add-search-to-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-search-to-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-search-to-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-search-to-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-search-to-menu-f9cdd85e870155975fbf07ebd6c11543.yaml b/nuclei-templates/cve-less/plugins/add-search-to-menu-f9cdd85e870155975fbf07ebd6c11543.yaml new file mode 100644 index 0000000000..b6cc685696 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-search-to-menu-f9cdd85e870155975fbf07ebd6c11543.yaml @@ -0,0 +1,58 @@ +id: add-search-to-menu-f9cdd85e870155975fbf07ebd6c11543 + +info: + name: > + Ivory Search – WordPress Search Plugin <= 5.5.5 - Missing Authorization to Authenticated (Subscriber+) Index Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9935d8-7790-457b-88bf-bee5e13b0f5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-search-to-menu/" + google-query: inurl:"/wp-content/plugins/add-search-to-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-search-to-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-search-to-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-search-to-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-social-share-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/cve-less/plugins/add-social-share-6ac56b73dfbde68009426ab1366ff6c2.yaml new file mode 100644 index 0000000000..bc6ab51413 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-social-share-6ac56b73dfbde68009426ab1366ff6c2.yaml @@ -0,0 +1,58 @@ +id: add-social-share-6ac56b73dfbde68009426ab1366ff6c2 + +info: + name: > + Inisev Analyst Module <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-social-share/" + google-query: inurl:"/wp-content/plugins/add-social-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-social-share,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-social-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-social-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-social-share-buttons-b831673e867a40d3a440f96a21bff239.yaml b/nuclei-templates/cve-less/plugins/add-social-share-buttons-b831673e867a40d3a440f96a21bff239.yaml new file mode 100644 index 0000000000..0d2649fdeb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-social-share-buttons-b831673e867a40d3a440f96a21bff239.yaml @@ -0,0 +1,58 @@ +id: add-social-share-buttons-b831673e867a40d3a440f96a21bff239 + +info: + name: > + Add Social Share Buttons for Whatsapp and Viber < 1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f596af2-ff83-4c67-a8f0-e4df4a0adbd2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-social-share-buttons/" + google-query: inurl:"/wp-content/plugins/add-social-share-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-social-share-buttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-social-share-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-social-share-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-subtitle-e650ec648b3137d2000a4e41f6b87363.yaml b/nuclei-templates/cve-less/plugins/add-subtitle-e650ec648b3137d2000a4e41f6b87363.yaml new file mode 100644 index 0000000000..f50f74d900 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-subtitle-e650ec648b3137d2000a4e41f6b87363.yaml @@ -0,0 +1,58 @@ +id: add-subtitle-e650ec648b3137d2000a4e41f6b87363 + +info: + name: > + Add Subtitle <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71da4bd0-79d7-42ec-9e79-3a44411c2313?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-subtitle/" + google-query: inurl:"/wp-content/plugins/add-subtitle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-subtitle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-subtitle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-subtitle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-svg-support-for-media-uploader-inventivo-71268622d169b66d5da459dba61f1b1c.yaml b/nuclei-templates/cve-less/plugins/add-svg-support-for-media-uploader-inventivo-71268622d169b66d5da459dba61f1b1c.yaml new file mode 100644 index 0000000000..a13c6c2c07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-svg-support-for-media-uploader-inventivo-71268622d169b66d5da459dba61f1b1c.yaml @@ -0,0 +1,58 @@ +id: add-svg-support-for-media-uploader-inventivo-71268622d169b66d5da459dba61f1b1c + +info: + name: > + Add SVG Support for Media Uploader | inventivo <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca2d1d4-fcf8-4943-b9c5-9560968ae2d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-svg-support-for-media-uploader-inventivo/" + google-query: inurl:"/wp-content/plugins/add-svg-support-for-media-uploader-inventivo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-svg-support-for-media-uploader-inventivo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-svg-support-for-media-uploader-inventivo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-svg-support-for-media-uploader-inventivo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-tabs-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/add-tabs-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..c3e1a9f5b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-tabs-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: add-tabs-xforwc-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-tabs-xforwc/" + google-query: inurl:"/wp-content/plugins/add-tabs-xforwc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-tabs-xforwc,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-tabs-xforwc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-tabs-xforwc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-to-any-6b33e64acf4e555f0136d2c33ebedb80.yaml b/nuclei-templates/cve-less/plugins/add-to-any-6b33e64acf4e555f0136d2c33ebedb80.yaml new file mode 100644 index 0000000000..cfb000b5a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-to-any-6b33e64acf4e555f0136d2c33ebedb80.yaml @@ -0,0 +1,58 @@ +id: add-to-any-6b33e64acf4e555f0136d2c33ebedb80 + +info: + name: > + AddToAny Share Buttons <= 1.7.45 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/791ae60d-f2b7-4a53-9008-35cd2d465124?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-to-any/" + google-query: inurl:"/wp-content/plugins/add-to-any/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-to-any,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-to-any/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-to-any" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-to-any-ae230608473cfc56a303443ba2385f1d.yaml b/nuclei-templates/cve-less/plugins/add-to-any-ae230608473cfc56a303443ba2385f1d.yaml new file mode 100644 index 0000000000..f6386f6f06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-to-any-ae230608473cfc56a303443ba2385f1d.yaml @@ -0,0 +1,58 @@ +id: add-to-any-ae230608473cfc56a303443ba2385f1d + +info: + name: > + AddToAny Share Buttons <= 1.7.47 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8df4f144-0bf3-457f-8014-f603f7179044?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-to-any/" + google-query: inurl:"/wp-content/plugins/add-to-any/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-to-any,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-to-any/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-to-any" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.48') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-to-calendar-button-2e36e1fd5443dd09871a6501069bddbb.yaml b/nuclei-templates/cve-less/plugins/add-to-calendar-button-2e36e1fd5443dd09871a6501069bddbb.yaml new file mode 100644 index 0000000000..5de0685410 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-to-calendar-button-2e36e1fd5443dd09871a6501069bddbb.yaml @@ -0,0 +1,58 @@ +id: add-to-calendar-button-2e36e1fd5443dd09871a6501069bddbb + +info: + name: > + Add to Calendar Button <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60ba7f68-1fe1-4349-a3eb-11a63ae11e38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-to-calendar-button/" + google-query: inurl:"/wp-content/plugins/add-to-calendar-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-to-calendar-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-to-calendar-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-to-calendar-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-to-cart-direct-checkout-for-woocommerce-1f532de1970706b80de4de5a54d3380e.yaml b/nuclei-templates/cve-less/plugins/add-to-cart-direct-checkout-for-woocommerce-1f532de1970706b80de4de5a54d3380e.yaml new file mode 100644 index 0000000000..9771498567 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-to-cart-direct-checkout-for-woocommerce-1f532de1970706b80de4de5a54d3380e.yaml @@ -0,0 +1,58 @@ +id: add-to-cart-direct-checkout-for-woocommerce-1f532de1970706b80de4de5a54d3380e + +info: + name: > + Direct checkout, Add to cart redirect for Woocommerce <= 2.1.48 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cc218fb-6c2a-4676-b2d7-86abe01c1530?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-to-cart-direct-checkout-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/add-to-cart-direct-checkout-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-to-cart-direct-checkout-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-to-cart-direct-checkout-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-to-cart-direct-checkout-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.48') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-to-feedly-9327431607715dc8ad5049b0a62ebe4f.yaml b/nuclei-templates/cve-less/plugins/add-to-feedly-9327431607715dc8ad5049b0a62ebe4f.yaml new file mode 100644 index 0000000000..203e963dcf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-to-feedly-9327431607715dc8ad5049b0a62ebe4f.yaml @@ -0,0 +1,58 @@ +id: add-to-feedly-9327431607715dc8ad5049b0a62ebe4f + +info: + name: > + Add to Feedly <= 1.2.11 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1496ce98-ee19-4f37-9ec7-eb0fafb5df19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-to-feedly/" + google-query: inurl:"/wp-content/plugins/add-to-feedly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-to-feedly,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-to-feedly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-to-feedly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-user-role-473bd673aad6ebbb1666b1cd91242034.yaml b/nuclei-templates/cve-less/plugins/add-user-role-473bd673aad6ebbb1666b1cd91242034.yaml new file mode 100644 index 0000000000..3a64b5f153 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-user-role-473bd673aad6ebbb1666b1cd91242034.yaml @@ -0,0 +1,58 @@ +id: add-user-role-473bd673aad6ebbb1666b1cd91242034 + +info: + name: > + Add User Role <= 0.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e15ca55b-b8e4-4f65-87a4-e13209cfea78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-user-role/" + google-query: inurl:"/wp-content/plugins/add-user-role/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-user-role,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-user-role/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-user-role" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add-widgets-to-page-7c19600be6bfdb748bd3e60c37bbe32a.yaml b/nuclei-templates/cve-less/plugins/add-widgets-to-page-7c19600be6bfdb748bd3e60c37bbe32a.yaml new file mode 100644 index 0000000000..9331acf530 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add-widgets-to-page-7c19600be6bfdb748bd3e60c37bbe32a.yaml @@ -0,0 +1,58 @@ +id: add-widgets-to-page-7c19600be6bfdb748bd3e60c37bbe32a + +info: + name: > + Add Widgets to Page <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6af20a2c-065c-48d5-a95c-2883ceeb50c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add-widgets-to-page/" + google-query: inurl:"/wp-content/plugins/add-widgets-to-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add-widgets-to-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add-widgets-to-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add-widgets-to-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/add2fav-d039001c0af8cb5076be473a89522a72.yaml b/nuclei-templates/cve-less/plugins/add2fav-d039001c0af8cb5076be473a89522a72.yaml new file mode 100644 index 0000000000..f79ef2655b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/add2fav-d039001c0af8cb5076be473a89522a72.yaml @@ -0,0 +1,58 @@ +id: add2fav-d039001c0af8cb5076be473a89522a72 + +info: + name: > + add2fav <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7691152e-f962-4d82-b877-df1345b703cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/add2fav/" + google-query: inurl:"/wp-content/plugins/add2fav/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,add2fav,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/add2fav/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "add2fav" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addfreestats-a3cdd5fc08475bf0155bcdf233d6ccac.yaml b/nuclei-templates/cve-less/plugins/addfreestats-a3cdd5fc08475bf0155bcdf233d6ccac.yaml new file mode 100644 index 0000000000..2a24ae54dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addfreestats-a3cdd5fc08475bf0155bcdf233d6ccac.yaml @@ -0,0 +1,58 @@ +id: addfreestats-a3cdd5fc08475bf0155bcdf233d6ccac + +info: + name: > + AFS Analytics <= 4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16c70597-32a0-4771-877b-c57cf7550ee7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addfreestats/" + google-query: inurl:"/wp-content/plugins/addfreestats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addfreestats,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addfreestats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addfreestats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-abandoned-cart-recovery-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-abandoned-cart-recovery-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..ba21df2f04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-abandoned-cart-recovery-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-abandoned-cart-recovery-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-abandoned-cart-recovery/" + google-query: inurl:"/wp-content/plugins/addify-abandoned-cart-recovery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-abandoned-cart-recovery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-abandoned-cart-recovery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-abandoned-cart-recovery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-checkout-fields-manager-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-checkout-fields-manager-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..24d67107d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-checkout-fields-manager-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-checkout-fields-manager-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-checkout-fields-manager/" + google-query: inurl:"/wp-content/plugins/addify-checkout-fields-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-checkout-fields-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-checkout-fields-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-checkout-fields-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-custom-fields-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-custom-fields-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..eb06ab9d57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-custom-fields-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-custom-fields-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-custom-fields-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/addify-custom-fields-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-custom-fields-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-custom-fields-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-custom-fields-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-custom-order-number-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-custom-order-number-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..2265fde345 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-custom-order-number-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-custom-order-number-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-custom-order-number/" + google-query: inurl:"/wp-content/plugins/addify-custom-order-number/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-custom-order-number,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-custom-order-number/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-custom-order-number" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-custom-registration-forms-builder-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-custom-registration-forms-builder-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..973c71569c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-custom-registration-forms-builder-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-custom-registration-forms-builder-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-custom-registration-forms-builder/" + google-query: inurl:"/wp-content/plugins/addify-custom-registration-forms-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-custom-registration-forms-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-custom-registration-forms-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-custom-registration-forms-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-free-gifts-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-free-gifts-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..211d7576fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-free-gifts-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-free-gifts-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-free-gifts-woocommerce/" + google-query: inurl:"/wp-content/plugins/addify-free-gifts-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-free-gifts-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-free-gifts-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-free-gifts-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-gift-registry-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-gift-registry-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..f2f45b3765 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-gift-registry-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-gift-registry-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-gift-registry-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/addify-gift-registry-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-gift-registry-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-gift-registry-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-gift-registry-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-image-watermark-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-image-watermark-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..27a19dca91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-image-watermark-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-image-watermark-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-image-watermark-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/addify-image-watermark-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-image-watermark-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-image-watermark-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-image-watermark-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-order-approval-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-order-approval-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..4113837a91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-order-approval-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-order-approval-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-order-approval-woocommerce/" + google-query: inurl:"/wp-content/plugins/addify-order-approval-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-order-approval-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-order-approval-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-order-approval-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-order-tracking-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-order-tracking-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..9824619af4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-order-tracking-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-order-tracking-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-order-tracking-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/addify-order-tracking-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-order-tracking-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-order-tracking-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-order-tracking-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-price-calculator-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-price-calculator-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..cde9380931 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-price-calculator-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-price-calculator-for-woocommerce-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-price-calculator-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/addify-price-calculator-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-price-calculator-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-price-calculator-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-price-calculator-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-product-dynamic-pricing-and-discounts-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-product-dynamic-pricing-and-discounts-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..046a6dae0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-product-dynamic-pricing-and-discounts-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-product-dynamic-pricing-and-discounts-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-product-dynamic-pricing-and-discounts/" + google-query: inurl:"/wp-content/plugins/addify-product-dynamic-pricing-and-discounts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-product-dynamic-pricing-and-discounts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-product-dynamic-pricing-and-discounts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-product-dynamic-pricing-and-discounts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-product-labels-and-stickers-7f2753bfc2a0c6bb0434db7d475ab03d.yaml b/nuclei-templates/cve-less/plugins/addify-product-labels-and-stickers-7f2753bfc2a0c6bb0434db7d475ab03d.yaml new file mode 100644 index 0000000000..a12eb6fde7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-product-labels-and-stickers-7f2753bfc2a0c6bb0434db7d475ab03d.yaml @@ -0,0 +1,58 @@ +id: addify-product-labels-and-stickers-7f2753bfc2a0c6bb0434db7d475ab03d + +info: + name: > + Multiple Addify Plugins <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8065d25-2ded-4021-a53d-204242db0915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-product-labels-and-stickers/" + google-query: inurl:"/wp-content/plugins/addify-product-labels-and-stickers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-product-labels-and-stickers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-product-labels-and-stickers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-product-labels-and-stickers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addify-product-stock-manager-8e787a46ad14cecfaea14ee098f61614.yaml b/nuclei-templates/cve-less/plugins/addify-product-stock-manager-8e787a46ad14cecfaea14ee098f61614.yaml new file mode 100644 index 0000000000..9b2df9a5d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addify-product-stock-manager-8e787a46ad14cecfaea14ee098f61614.yaml @@ -0,0 +1,58 @@ +id: addify-product-stock-manager-8e787a46ad14cecfaea14ee098f61614 + +info: + name: > + Product Stock Manager < 1.0.5 - Missing Authorization and Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37ca7081-df1f-4f2e-bb52-7cb87f74fb5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addify-product-stock-manager/" + google-query: inurl:"/wp-content/plugins/addify-product-stock-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addify-product-stock-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addify-product-stock-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addify-product-stock-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/additional-order-filters-for-woocommerce-cd60ae6d86175a2b0663a7f4bb146125.yaml b/nuclei-templates/cve-less/plugins/additional-order-filters-for-woocommerce-cd60ae6d86175a2b0663a7f4bb146125.yaml new file mode 100644 index 0000000000..bc601e5815 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/additional-order-filters-for-woocommerce-cd60ae6d86175a2b0663a7f4bb146125.yaml @@ -0,0 +1,58 @@ +id: additional-order-filters-for-woocommerce-cd60ae6d86175a2b0663a7f4bb146125 + +info: + name: > + Additional Order Filters for WooCommerce <= 1.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/baa8b5ce-7ef8-4ca8-9957-2c3469f55dda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/additional-order-filters-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/additional-order-filters-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,additional-order-filters-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/additional-order-filters-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "additional-order-filters-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/additional-product-fields-for-woocommerce-f25ce468da2d85a66509b9e029e6fac8.yaml b/nuclei-templates/cve-less/plugins/additional-product-fields-for-woocommerce-f25ce468da2d85a66509b9e029e6fac8.yaml new file mode 100644 index 0000000000..89305fd1db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/additional-product-fields-for-woocommerce-f25ce468da2d85a66509b9e029e6fac8.yaml @@ -0,0 +1,58 @@ +id: additional-product-fields-for-woocommerce-f25ce468da2d85a66509b9e029e6fac8 + +info: + name: > + Extra Product Options Builder for WooCommerce <= 1.2.104 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7c05856-fbee-498d-9e9f-f0a232df6d24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/additional-product-fields-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/additional-product-fields-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,additional-product-fields-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/additional-product-fields-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "additional-product-fields-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.104') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-0ef3f8bd25033cd91b4d106c69c8559b.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-0ef3f8bd25033cd91b4d106c69c8559b.yaml new file mode 100644 index 0000000000..71b527ac8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-0ef3f8bd25033cd91b4d106c69c8559b.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-0ef3f8bd25033cd91b4d106c69c8559b + +info: + name: > + Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/472cdbc4-3bfa-4254-b35a-be7ae10782e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-0fb47ccc27ee413d414cd8b0ba979166.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-0fb47ccc27ee413d414cd8b0ba979166.yaml new file mode 100644 index 0000000000..a1fc985b7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-0fb47ccc27ee413d414cd8b0ba979166.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-0fb47ccc27ee413d414cd8b0ba979166 + +info: + name: > + Elementor Addon Elements <= 1.12.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ebb5654-ba3e-4f18-8720-a6595a771964?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.12.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-19c52dd7e875a0e50693de27a767788f.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-19c52dd7e875a0e50693de27a767788f.yaml new file mode 100644 index 0000000000..e5d73c0b47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-19c52dd7e875a0e50693de27a767788f.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-19c52dd7e875a0e50693de27a767788f + +info: + name: > + Elementor Addon Elements <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cb6639d-06ba-4bad-af73-d387a7e3f6b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-214593575ac1d3e95584c0521e8c5928.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-214593575ac1d3e95584c0521e8c5928.yaml new file mode 100644 index 0000000000..8d1a4bae7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-214593575ac1d3e95584c0521e8c5928.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-214593575ac1d3e95584c0521e8c5928 + +info: + name: > + Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18e2e0e5-495f-4f55-b7d8-94193fc2ad12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-3546c72d408f5a6ead5d764bba6d4ef6.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-3546c72d408f5a6ead5d764bba6d4ef6.yaml new file mode 100644 index 0000000000..3e952951e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-3546c72d408f5a6ead5d764bba6d4ef6.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-3546c72d408f5a6ead5d764bba6d4ef6 + +info: + name: > + Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Switcher Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0888d6-30e6-4957-b270-1968eace462e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-54120e3f5fb914e9169ba2eee6152b5b.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-54120e3f5fb914e9169ba2eee6152b5b.yaml new file mode 100644 index 0000000000..157085107d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-54120e3f5fb914e9169ba2eee6152b5b.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-54120e3f5fb914e9169ba2eee6152b5b + +info: + name: > + Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Thumbnail Slider Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/977bab12-969d-4b15-9942-2b17c8541f61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-68cc06979ff8bb95723bb04a557ffaae.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-68cc06979ff8bb95723bb04a557ffaae.yaml new file mode 100644 index 0000000000..8e95f13d42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-68cc06979ff8bb95723bb04a557ffaae.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-68cc06979ff8bb95723bb04a557ffaae + +info: + name: > + Elementor Addon Elements <= 1.12.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Dual Button Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33d7dc4d-bb41-456a-bd1a-37d8f2aada30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-8305b529a6785da6470d8457740ff920.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-8305b529a6785da6470d8457740ff920.yaml new file mode 100644 index 0000000000..f73ac3d9da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-8305b529a6785da6470d8457740ff920.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-8305b529a6785da6470d8457740ff920 + +info: + name: > + Elementor Addon Elements <= 1.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abe3cedb-53f3-48ff-a731-df6a83f0da1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-9260b43e6ac9e5101461f0e5b3ca5c55.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-9260b43e6ac9e5101461f0e5b3ca5c55.yaml new file mode 100644 index 0000000000..5b05e62e58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-9260b43e6ac9e5101461f0e5b3ca5c55.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-9260b43e6ac9e5101461f0e5b3ca5c55 + +info: + name: > + Elementor Addon Elements <= 1.12.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Modal Popup effet + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-966b2e78a79b5d63896247b963e8d55a.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-966b2e78a79b5d63896247b963e8d55a.yaml new file mode 100644 index 0000000000..da9bbe4612 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-966b2e78a79b5d63896247b963e8d55a.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-966b2e78a79b5d63896247b963e8d55a + +info: + name: > + Elementor Addon Elements <= 1.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f36fea15-0475-45ee-b913-790db6373aef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-974e69c005824474ea421d11c0a2e8fa.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-974e69c005824474ea421d11c0a2e8fa.yaml new file mode 100644 index 0000000000..718f734dc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-974e69c005824474ea421d11c0a2e8fa.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-974e69c005824474ea421d11c0a2e8fa + +info: + name: > + Elementor Addon Elements <= 1.12.12 - Directory Traversal to Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20cd3fff-0488-4bc2-961b-2427925e6a96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-b1bb95f8c4ff39f12ce42050633fe6ba.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-b1bb95f8c4ff39f12ce42050633fe6ba.yaml new file mode 100644 index 0000000000..b01b7b96a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-b1bb95f8c4ff39f12ce42050633fe6ba.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-b1bb95f8c4ff39f12ce42050633fe6ba + +info: + name: > + Elementor Addon Elements <= 1.12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd2bc2e7-960e-40db-9dcc-a6a60117bd83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-ce4e21b72cfe20823efba4862db87109.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-ce4e21b72cfe20823efba4862db87109.yaml new file mode 100644 index 0000000000..eb9a2cdfc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-ce4e21b72cfe20823efba4862db87109.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-ce4e21b72cfe20823efba4862db87109 + +info: + name: > + Elementor Addon Elements <= 1.12.7 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89489218-263f-4157-a5cd-a12bc6a0dfe6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-ea8fafa1914b33a7541d6d71c9272dbd.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-ea8fafa1914b33a7541d6d71c9272dbd.yaml new file mode 100644 index 0000000000..3c6701600e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-ea8fafa1914b33a7541d6d71c9272dbd.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-ea8fafa1914b33a7541d6d71c9272dbd + +info: + name: > + Elementor Addon Elements <= 1.13.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Text Separator' and 'Image Compare' Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcc5a611-23bf-499e-8141-684458d9ce3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-f95a6103756f27e103bcf366ca12c670.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-f95a6103756f27e103bcf366ca12c670.yaml new file mode 100644 index 0000000000..7579280b05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-f95a6103756f27e103bcf366ca12c670.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-f95a6103756f27e103bcf366ca12c670 + +info: + name: > + Elementor Addon Elements <= 1.11.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c6fe986-df68-4a62-9a43-5632c622b5fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.11.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-fbb7a174a49a3b47cc8ab51df927085f.yaml b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-fbb7a174a49a3b47cc8ab51df927085f.yaml new file mode 100644 index 0000000000..914e180af5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-elements-for-elementor-page-builder-fbb7a174a49a3b47cc8ab51df927085f.yaml @@ -0,0 +1,58 @@ +id: addon-elements-for-elementor-page-builder-fbb7a174a49a3b47cc8ab51df927085f + +info: + name: > + Elementor Addon Elements <= 1.12.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd53b4e1-c6b7-4111-911a-04b14c7a9c4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-elements-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/addon-elements-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-elements-for-elementor-page-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-elements-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addon-library-1b768170ce1555d79635fdd71ff99339.yaml b/nuclei-templates/cve-less/plugins/addon-library-1b768170ce1555d79635fdd71ff99339.yaml new file mode 100644 index 0000000000..89268d689e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addon-library-1b768170ce1555d79635fdd71ff99339.yaml @@ -0,0 +1,58 @@ +id: addon-library-1b768170ce1555d79635fdd71ff99339 + +info: + name: > + Addon Library <= 1.3.76 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addon-library/" + google-query: inurl:"/wp-content/plugins/addon-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addon-library,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addon-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addon-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.76') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-0a02674a461ee92c9bdab38333dc64d2.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-0a02674a461ee92c9bdab38333dc64d2.yaml new file mode 100644 index 0000000000..af76681cfd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-0a02674a461ee92c9bdab38333dc64d2.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-0a02674a461ee92c9bdab38333dc64d2 + +info: + name: > + Elementor Addons by Livemesh <= 8.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52d79cdd-739f-4ae9-9214-bc64ca7d8ecb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-3c3007d2c808c5107195ff3e0b9f940c.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-3c3007d2c808c5107195ff3e0b9f940c.yaml new file mode 100644 index 0000000000..f314547e85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-3c3007d2c808c5107195ff3e0b9f940c.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-3c3007d2c808c5107195ff3e0b9f940c + +info: + name: > + Elementor Addons by Livemesh <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70bda4b7-e442-4956-b3cb-8df96043bcde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-435e5a4b20bcaf9d0c9ffb3797d6604e.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-435e5a4b20bcaf9d0c9ffb3797d6604e.yaml new file mode 100644 index 0000000000..640274fc13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-435e5a4b20bcaf9d0c9ffb3797d6604e.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-435e5a4b20bcaf9d0c9ffb3797d6604e + +info: + name: > + Livemesh Addons for Elementor <= 7.2.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1280aec-f253-404e-b03c-d1b8416a6e7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-6b0cd31bdd2edf441adfecb677828dc9.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-6b0cd31bdd2edf441adfecb677828dc9.yaml new file mode 100644 index 0000000000..38e0eca12c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-6b0cd31bdd2edf441adfecb677828dc9.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-6b0cd31bdd2edf441adfecb677828dc9 + +info: + name: > + Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/604975b9-fe2f-4d8f-af13-995f08d72e8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-7278c1d5f51388c1851434ad959c1788.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-7278c1d5f51388c1851434ad959c1788.yaml new file mode 100644 index 0000000000..76fd1dc3c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-7278c1d5f51388c1851434ad959c1788.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-7278c1d5f51388c1851434ad959c1788 + +info: + name: > + Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Slider Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ce6e40e-b090-447a-9bf9-6337d30e7da3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-a2edba0b6f9194a358b22756bbd79a75.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-a2edba0b6f9194a358b22756bbd79a75.yaml new file mode 100644 index 0000000000..ffe7221699 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-a2edba0b6f9194a358b22756bbd79a75.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-a2edba0b6f9194a358b22756bbd79a75 + +info: + name: > + Elementor Addons by Livemesh <= 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69f2fc37-4c02-48da-b1e8-350ecc8ba086?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-c2bef3c139a7a3ae094de8e562cf6429.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-c2bef3c139a7a3ae094de8e562cf6429.yaml new file mode 100644 index 0000000000..a2a677375c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-c2bef3c139a7a3ae094de8e562cf6429.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-c2bef3c139a7a3ae094de8e562cf6429 + +info: + name: > + Livemesh Addons for Elementor <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via animated_text_class + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4397c99c-c37d-43da-9285-003ba91d4003?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-c4f6d0a939cffb23c47ad426a3f0d45f.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-c4f6d0a939cffb23c47ad426a3f0d45f.yaml new file mode 100644 index 0000000000..13e9702767 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-c4f6d0a939cffb23c47ad426a3f0d45f.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-c4f6d0a939cffb23c47ad426a3f0d45f + +info: + name: > + Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96bdd465-e4ca-4a32-b38a-a2a51598a3a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-e5a323ffcfde2fc677ad46470b3d50f7.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-e5a323ffcfde2fc677ad46470b3d50f7.yaml new file mode 100644 index 0000000000..f8c0d30f2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-e5a323ffcfde2fc677ad46470b3d50f7.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-e5a323ffcfde2fc677ad46470b3d50f7 + +info: + name: > + Elementor Addons by Livemesh <= 8.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/058d1aa0-2ef6-49a4-b978-43a91c8e55f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-f08da3e42125c87db99ab45bab5c3734.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-f08da3e42125c87db99ab45bab5c3734.yaml new file mode 100644 index 0000000000..e50ea30aa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-f08da3e42125c87db99ab45bab5c3734.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-f08da3e42125c87db99ab45bab5c3734 + +info: + name: > + Livemesh Addons for Elementor <= 6.7.1- Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2340ae3-3b22-4b14-9fce-4b845f2866b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-f7fd1f97dac21964944e06746d183317.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-f7fd1f97dac21964944e06746d183317.yaml new file mode 100644 index 0000000000..5c62a4df79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-f7fd1f97dac21964944e06746d183317.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-f7fd1f97dac21964944e06746d183317 + +info: + name: > + Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e28b78c3-c370-4076-836e-9f61acba064c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-elementor-fc5e0217c3dc9969d4594ab0394109b5.yaml b/nuclei-templates/cve-less/plugins/addons-for-elementor-fc5e0217c3dc9969d4594ab0394109b5.yaml new file mode 100644 index 0000000000..5b6067498a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-elementor-fc5e0217c3dc9969d4594ab0394109b5.yaml @@ -0,0 +1,58 @@ +id: addons-for-elementor-fc5e0217c3dc9969d4594ab0394109b5 + +info: + name: > + Elementor Addons by Livemesh <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9d37248-d024-4465-a1e6-d8f2d3a2e02f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-visual-composer-43cb177771740873ed7f858ac79c4db6.yaml b/nuclei-templates/cve-less/plugins/addons-for-visual-composer-43cb177771740873ed7f858ac79c4db6.yaml new file mode 100644 index 0000000000..17cbedd978 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-visual-composer-43cb177771740873ed7f858ac79c4db6.yaml @@ -0,0 +1,58 @@ +id: addons-for-visual-composer-43cb177771740873ed7f858ac79c4db6 + +info: + name: > + Livemesh Addons for WPBakery Page Builder <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60af0a7c-014b-4f71-9918-7ddc1186bee4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-visual-composer/" + google-query: inurl:"/wp-content/plugins/addons-for-visual-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-visual-composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-visual-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-visual-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-visual-composer-92680d6145a8b866d3fbe1493fdcbbd3.yaml b/nuclei-templates/cve-less/plugins/addons-for-visual-composer-92680d6145a8b866d3fbe1493fdcbbd3.yaml new file mode 100644 index 0000000000..d12668fdd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-visual-composer-92680d6145a8b866d3fbe1493fdcbbd3.yaml @@ -0,0 +1,58 @@ +id: addons-for-visual-composer-92680d6145a8b866d3fbe1493fdcbbd3 + +info: + name: > + WPBakery Page Builder Addons by Livemesh <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c07b5c8-7fae-499d-9f6c-9392166f74b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-visual-composer/" + google-query: inurl:"/wp-content/plugins/addons-for-visual-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-visual-composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-visual-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-visual-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addons-for-visual-composer-eb66f71390c85b359c35c7747a93043f.yaml b/nuclei-templates/cve-less/plugins/addons-for-visual-composer-eb66f71390c85b359c35c7747a93043f.yaml new file mode 100644 index 0000000000..7cfb6ae7bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addons-for-visual-composer-eb66f71390c85b359c35c7747a93043f.yaml @@ -0,0 +1,58 @@ +id: addons-for-visual-composer-eb66f71390c85b359c35c7747a93043f + +info: + name: > + Livemesh Addons for WPBakery Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d581a38-736a-497f-aaf7-6da0b2421618?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addons-for-visual-composer/" + google-query: inurl:"/wp-content/plugins/addons-for-visual-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addons-for-visual-composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addons-for-visual-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addons-for-visual-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/address-email-and-phone-validation-bc6751aa5110381a68bfe443bb0b5c6b.yaml b/nuclei-templates/cve-less/plugins/address-email-and-phone-validation-bc6751aa5110381a68bfe443bb0b5c6b.yaml new file mode 100644 index 0000000000..fe5bf8b950 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/address-email-and-phone-validation-bc6751aa5110381a68bfe443bb0b5c6b.yaml @@ -0,0 +1,58 @@ +id: address-email-and-phone-validation-bc6751aa5110381a68bfe443bb0b5c6b + +info: + name: > + PCA Predict <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1641758d-a7d7-4677-98a6-cb4a6fea0c63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/address-email-and-phone-validation/" + google-query: inurl:"/wp-content/plugins/address-email-and-phone-validation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,address-email-and-phone-validation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/address-email-and-phone-validation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "address-email-and-phone-validation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/addthis-400e484570b51dd745ebe0689024ac48.yaml b/nuclei-templates/cve-less/plugins/addthis-400e484570b51dd745ebe0689024ac48.yaml new file mode 100644 index 0000000000..911d749bca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/addthis-400e484570b51dd745ebe0689024ac48.yaml @@ -0,0 +1,58 @@ +id: addthis-400e484570b51dd745ebe0689024ac48 + +info: + name: > + AddThis Sharing Buttons <= 5.0.12 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49ac9c7c-d457-4709-bc10-c3de8b4f097a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/addthis/" + google-query: inurl:"/wp-content/plugins/addthis/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,addthis,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/addthis/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "addthis" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adfoxly-3bb7ea48eda3e0c286b8f4154d1c722a.yaml b/nuclei-templates/cve-less/plugins/adfoxly-3bb7ea48eda3e0c286b8f4154d1c722a.yaml new file mode 100644 index 0000000000..ab2a27e338 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adfoxly-3bb7ea48eda3e0c286b8f4154d1c722a.yaml @@ -0,0 +1,58 @@ +id: adfoxly-3bb7ea48eda3e0c286b8f4154d1c722a + +info: + name: > + AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e46513d2-65d0-4215-99a7-051603ec4569?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adfoxly/" + google-query: inurl:"/wp-content/plugins/adfoxly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adfoxly,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adfoxly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adfoxly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adfoxly-55491e6388a9facf7c82130d1d7c03fc.yaml b/nuclei-templates/cve-less/plugins/adfoxly-55491e6388a9facf7c82130d1d7c03fc.yaml new file mode 100644 index 0000000000..1d24499610 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adfoxly-55491e6388a9facf7c82130d1d7c03fc.yaml @@ -0,0 +1,58 @@ +id: adfoxly-55491e6388a9facf7c82130d1d7c03fc + +info: + name: > + AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d13ae87-f632-4eb0-bc71-5132ba6a9b13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adfoxly/" + google-query: inurl:"/wp-content/plugins/adfoxly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adfoxly,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adfoxly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adfoxly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adl-post-slider-baea03495f30d429cbcc479e7010d90b.yaml b/nuclei-templates/cve-less/plugins/adl-post-slider-baea03495f30d429cbcc479e7010d90b.yaml new file mode 100644 index 0000000000..5aa0aaebed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adl-post-slider-baea03495f30d429cbcc479e7010d90b.yaml @@ -0,0 +1,58 @@ +id: adl-post-slider-baea03495f30d429cbcc479e7010d90b + +info: + name: > + Post Slider <= 1.6.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de3cf63f-ac30-47bb-978d-d3353d06de1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adl-post-slider/" + google-query: inurl:"/wp-content/plugins/adl-post-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adl-post-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adl-post-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adl-post-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adl-team-b4bab111be528a55d6c4bef04962870e.yaml b/nuclei-templates/cve-less/plugins/adl-team-b4bab111be528a55d6c4bef04962870e.yaml new file mode 100644 index 0000000000..43ff86bec7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adl-team-b4bab111be528a55d6c4bef04962870e.yaml @@ -0,0 +1,58 @@ +id: adl-team-b4bab111be528a55d6c4bef04962870e + +info: + name: > + Team <= 1.2.6 - Authenticated (Contibutor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6921c5a7-4895-40f0-99c4-90f78416820d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adl-team/" + google-query: inurl:"/wp-content/plugins/adl-team/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adl-team,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adl-team/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adl-team" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adl-team-ddd0e9486fe68ad8ba91d2369f80747b.yaml b/nuclei-templates/cve-less/plugins/adl-team-ddd0e9486fe68ad8ba91d2369f80747b.yaml new file mode 100644 index 0000000000..e606fb7910 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adl-team-ddd0e9486fe68ad8ba91d2369f80747b.yaml @@ -0,0 +1,58 @@ +id: adl-team-ddd0e9486fe68ad8ba91d2369f80747b + +info: + name: > + Team <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbece1c4-fbb4-47e5-b5b7-482390bcbd13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adl-team/" + google-query: inurl:"/wp-content/plugins/adl-team/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adl-team,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adl-team/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adl-team" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-and-client-message-after-order-for-woocommerce-5b3434af05805f54d95301c9d2bfe97f.yaml b/nuclei-templates/cve-less/plugins/admin-and-client-message-after-order-for-woocommerce-5b3434af05805f54d95301c9d2bfe97f.yaml new file mode 100644 index 0000000000..28a23e69ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-and-client-message-after-order-for-woocommerce-5b3434af05805f54d95301c9d2bfe97f.yaml @@ -0,0 +1,58 @@ +id: admin-and-client-message-after-order-for-woocommerce-5b3434af05805f54d95301c9d2bfe97f + +info: + name: > + OrderConvo <= 12.4 - Missing Authorization to Arbitrary File Upload + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6686b67-8648-4f1b-8e05-fa67db60c8aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-and-client-message-after-order-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/admin-and-client-message-after-order-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-and-client-message-after-order-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-and-client-message-after-order-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-and-client-message-after-order-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-bar-7fb9197171618e79a095c113a75de482.yaml b/nuclei-templates/cve-less/plugins/admin-bar-7fb9197171618e79a095c113a75de482.yaml new file mode 100644 index 0000000000..09e0b1ce54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-bar-7fb9197171618e79a095c113a75de482.yaml @@ -0,0 +1,58 @@ +id: admin-bar-7fb9197171618e79a095c113a75de482 + +info: + name: > + Admin Bar Remover <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfbf2556-0509-4d8a-8949-494c6bc82ea1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-bar/" + google-query: inurl:"/wp-content/plugins/admin-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-bar-dashboard-control-11e3031fc351fbc9a833e9b97e46b6a6.yaml b/nuclei-templates/cve-less/plugins/admin-bar-dashboard-control-11e3031fc351fbc9a833e9b97e46b6a6.yaml new file mode 100644 index 0000000000..d6b6759adf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-bar-dashboard-control-11e3031fc351fbc9a833e9b97e46b6a6.yaml @@ -0,0 +1,58 @@ +id: admin-bar-dashboard-control-11e3031fc351fbc9a833e9b97e46b6a6 + +info: + name: > + Admin Bar & Dashboard Control <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37aa3d05-79b6-49ea-b698-afa78615e438?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-bar-dashboard-control/" + google-query: inurl:"/wp-content/plugins/admin-bar-dashboard-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-bar-dashboard-control,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-bar-dashboard-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-bar-dashboard-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-block-country-065bc0a5eb0849b7c6a410326eca6499.yaml b/nuclei-templates/cve-less/plugins/admin-block-country-065bc0a5eb0849b7c6a410326eca6499.yaml new file mode 100644 index 0000000000..14d51a2de6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-block-country-065bc0a5eb0849b7c6a410326eca6499.yaml @@ -0,0 +1,58 @@ +id: admin-block-country-065bc0a5eb0849b7c6a410326eca6499 + +info: + name: > + Admin Block Country <= 7.1.4 - Cross-Site Request Forgery via admin_block_country_initial_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d3bcd2c-4cdd-4a11-83a5-b727a2b2b6a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-block-country/" + google-query: inurl:"/wp-content/plugins/admin-block-country/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-block-country,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-block-country/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-block-country" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-columns-pro-2cf825b0502a2430e12833bc820c6234.yaml b/nuclei-templates/cve-less/plugins/admin-columns-pro-2cf825b0502a2430e12833bc820c6234.yaml new file mode 100644 index 0000000000..bc9094f00d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-columns-pro-2cf825b0502a2430e12833bc820c6234.yaml @@ -0,0 +1,58 @@ +id: admin-columns-pro-2cf825b0502a2430e12833bc820c6234 + +info: + name: > + Admin Columns Free < 4.3 and Pro < 5.5.1 Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/067a5f6c-7ad1-49ac-a581-b50fa89a5f39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-columns-pro/" + google-query: inurl:"/wp-content/plugins/admin-columns-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-columns-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-columns-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-columns-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-columns-pro-9a1ea12529e15f0a017ce8f0e47401f6.yaml b/nuclei-templates/cve-less/plugins/admin-columns-pro-9a1ea12529e15f0a017ce8f0e47401f6.yaml new file mode 100644 index 0000000000..4100e9ef1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-columns-pro-9a1ea12529e15f0a017ce8f0e47401f6.yaml @@ -0,0 +1,58 @@ +id: admin-columns-pro-9a1ea12529e15f0a017ce8f0e47401f6 + +info: + name: > + Admin Columns Free < 4.3.2 and Pro < 5.5.2 Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69654827-842f-483d-ae4c-b9c7ae271f82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-columns-pro/" + google-query: inurl:"/wp-content/plugins/admin-columns-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-columns-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-columns-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-columns-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-css-mu-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/admin-css-mu-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..37b397e043 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-css-mu-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: admin-css-mu-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-css-mu/" + google-query: inurl:"/wp-content/plugins/admin-css-mu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-css-mu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-css-mu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-css-mu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-custom-login-a3f7dace6308a168799f4b5efdcbf0fc.yaml b/nuclei-templates/cve-less/plugins/admin-custom-login-a3f7dace6308a168799f4b5efdcbf0fc.yaml new file mode 100644 index 0000000000..2d2b45091a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-custom-login-a3f7dace6308a168799f4b5efdcbf0fc.yaml @@ -0,0 +1,58 @@ +id: admin-custom-login-a3f7dace6308a168799f4b5efdcbf0fc + +info: + name: > + Admin Custom Login <= 3.2.7 – Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/349cada2-8154-4429-a47a-1837581da1dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-custom-login/" + google-query: inurl:"/wp-content/plugins/admin-custom-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-custom-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-custom-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-custom-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-font-editor-923aa4370429c541e105a9a0e073bc36.yaml b/nuclei-templates/cve-less/plugins/admin-font-editor-923aa4370429c541e105a9a0e073bc36.yaml new file mode 100644 index 0000000000..b6eb77c4df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-font-editor-923aa4370429c541e105a9a0e073bc36.yaml @@ -0,0 +1,58 @@ +id: admin-font-editor-923aa4370429c541e105a9a0e073bc36 + +info: + name: > + Admin Font Editor <= 1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1c2e4e5-472f-4517-90f0-8f7057d24ef8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-font-editor/" + google-query: inurl:"/wp-content/plugins/admin-font-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-font-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-font-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-font-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-form-86177d3d57734b384c40bd47dc22f497.yaml b/nuclei-templates/cve-less/plugins/admin-form-86177d3d57734b384c40bd47dc22f497.yaml new file mode 100644 index 0000000000..7fd0ab1824 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-form-86177d3d57734b384c40bd47dc22f497.yaml @@ -0,0 +1,58 @@ +id: admin-form-86177d3d57734b384c40bd47dc22f497 + +info: + name: > + ADFO – Custom data in admin dashboard <= 1.9.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d797238-f8f3-44d7-8c16-bee23ce12ae0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-form/" + google-query: inurl:"/wp-content/plugins/admin-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-form-ca4f90158895ba65bf2d705fcea04dfc.yaml b/nuclei-templates/cve-less/plugins/admin-form-ca4f90158895ba65bf2d705fcea04dfc.yaml new file mode 100644 index 0000000000..74df3ccf06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-form-ca4f90158895ba65bf2d705fcea04dfc.yaml @@ -0,0 +1,58 @@ +id: admin-form-ca4f90158895ba65bf2d705fcea04dfc + +info: + name: > + ADFO – Custom data in admin dashboard <= 1.9.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e61110fc-cc2d-4207-97b6-b21459334216?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-form/" + google-query: inurl:"/wp-content/plugins/admin-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-log-df593141a2030e92d8b8a063fe09a284.yaml b/nuclei-templates/cve-less/plugins/admin-log-df593141a2030e92d8b8a063fe09a284.yaml new file mode 100644 index 0000000000..90564fcfd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-log-df593141a2030e92d8b8a063fe09a284.yaml @@ -0,0 +1,58 @@ +id: admin-log-df593141a2030e92d8b8a063fe09a284 + +info: + name: > + Admin Log <= 1.50 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63af783b-5593-4f84-8a4b-e4a19d9c994c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-log/" + google-query: inurl:"/wp-content/plugins/admin-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-log,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-management-xtended-7c54d0c02ff88e8b029dfc7540d8d088.yaml b/nuclei-templates/cve-less/plugins/admin-management-xtended-7c54d0c02ff88e8b029dfc7540d8d088.yaml new file mode 100644 index 0000000000..a11e076a63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-management-xtended-7c54d0c02ff88e8b029dfc7540d8d088.yaml @@ -0,0 +1,58 @@ +id: admin-management-xtended-7c54d0c02ff88e8b029dfc7540d8d088 + +info: + name: > + Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery to Post Status Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/281ebead-5a30-4bfb-8280-94faf5d4fc14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-management-xtended/" + google-query: inurl:"/wp-content/plugins/admin-management-xtended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-management-xtended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-management-xtended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-management-xtended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-management-xtended-9639beb38d5d1c45bea1fc0af8299ea1.yaml b/nuclei-templates/cve-less/plugins/admin-management-xtended-9639beb38d5d1c45bea1fc0af8299ea1.yaml new file mode 100644 index 0000000000..a56a2e0cc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-management-xtended-9639beb38d5d1c45bea1fc0af8299ea1.yaml @@ -0,0 +1,58 @@ +id: admin-management-xtended-9639beb38d5d1c45bea1fc0af8299ea1 + +info: + name: > + Admin Management Xtended <= 2.4.0 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c6261f-4657-4e6e-ae23-5fa44790aa12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-management-xtended/" + google-query: inurl:"/wp-content/plugins/admin-management-xtended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-management-xtended,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-management-xtended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-management-xtended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-management-xtended-de7a5d3d23cd7a255b8c43340d197b1b.yaml b/nuclei-templates/cve-less/plugins/admin-management-xtended-de7a5d3d23cd7a255b8c43340d197b1b.yaml new file mode 100644 index 0000000000..f9e4717859 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-management-xtended-de7a5d3d23cd7a255b8c43340d197b1b.yaml @@ -0,0 +1,58 @@ +id: admin-management-xtended-de7a5d3d23cd7a255b8c43340d197b1b + +info: + name: > + Admin Management Xtended <= 2.4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1878f40e-18f4-448c-bf70-61b4eed1c0ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-management-xtended/" + google-query: inurl:"/wp-content/plugins/admin-management-xtended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-management-xtended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-management-xtended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-management-xtended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-menu-e411bd798191f2720fc8b5639b6efe9d.yaml b/nuclei-templates/cve-less/plugins/admin-menu-e411bd798191f2720fc8b5639b6efe9d.yaml new file mode 100644 index 0000000000..eef57c2355 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-menu-e411bd798191f2720fc8b5639b6efe9d.yaml @@ -0,0 +1,58 @@ +id: admin-menu-e411bd798191f2720fc8b5639b6efe9d + +info: + name: > + Admin Menu Plugin <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ade7da50-49f3-4026-a2c0-5c23c9b0f0cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-menu/" + google-query: inurl:"/wp-content/plugins/admin-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-menu-editor-b38b7cc5414ae950246e64e87c33ee56.yaml b/nuclei-templates/cve-less/plugins/admin-menu-editor-b38b7cc5414ae950246e64e87c33ee56.yaml new file mode 100644 index 0000000000..3fd642ebf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-menu-editor-b38b7cc5414ae950246e64e87c33ee56.yaml @@ -0,0 +1,58 @@ +id: admin-menu-editor-b38b7cc5414ae950246e64e87c33ee56 + +info: + name: > + Admin Menu Editor <= 1.12 - Cross-Site Request Forgery via ajax_hide_hint() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53fa9be4-a2b3-458c-af6e-d3ada639a622?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-menu-editor/" + google-query: inurl:"/wp-content/plugins/admin-menu-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-menu-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-menu-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-menu-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-menu-restriction-87b8cc0c2911555903ef563ff0be512f.yaml b/nuclei-templates/cve-less/plugins/admin-menu-restriction-87b8cc0c2911555903ef563ff0be512f.yaml new file mode 100644 index 0000000000..20c01ba1ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-menu-restriction-87b8cc0c2911555903ef563ff0be512f.yaml @@ -0,0 +1,58 @@ +id: admin-menu-restriction-87b8cc0c2911555903ef563ff0be512f + +info: + name: > + Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56f46330-20d2-48f2-8e23-cc8f968db4b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-menu-restriction/" + google-query: inurl:"/wp-content/plugins/admin-menu-restriction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-menu-restriction,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-menu-restriction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-menu-restriction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-page-framework-49f7af60a7d6ca8e6785ad7873768f2a.yaml b/nuclei-templates/cve-less/plugins/admin-page-framework-49f7af60a7d6ca8e6785ad7873768f2a.yaml new file mode 100644 index 0000000000..1056ba0876 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-page-framework-49f7af60a7d6ca8e6785ad7873768f2a.yaml @@ -0,0 +1,58 @@ +id: admin-page-framework-49f7af60a7d6ca8e6785ad7873768f2a + +info: + name: > + JQueryFileTree <= 2.1.5 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f20352f-386f-45ab-b719-8a70f5c11b02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-page-framework/" + google-query: inurl:"/wp-content/plugins/admin-page-framework/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-page-framework,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-page-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-page-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-page-spider-a7d2f24ba1d738c469db3701e7d249a6.yaml b/nuclei-templates/cve-less/plugins/admin-page-spider-a7d2f24ba1d738c469db3701e7d249a6.yaml new file mode 100644 index 0000000000..66516dce04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-page-spider-a7d2f24ba1d738c469db3701e7d249a6.yaml @@ -0,0 +1,58 @@ +id: admin-page-spider-a7d2f24ba1d738c469db3701e7d249a6 + +info: + name: > + Admin Page Spider <= 3.30 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c33d9295-0c7f-45a0-9d62-4293c8bbef0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-page-spider/" + google-query: inurl:"/wp-content/plugins/admin-page-spider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-page-spider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-page-spider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-page-spider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-renamer-extended-86ca53e4f7322bd713f7a0d173845e67.yaml b/nuclei-templates/cve-less/plugins/admin-renamer-extended-86ca53e4f7322bd713f7a0d173845e67.yaml new file mode 100644 index 0000000000..47f282e06a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-renamer-extended-86ca53e4f7322bd713f7a0d173845e67.yaml @@ -0,0 +1,58 @@ +id: admin-renamer-extended-86ca53e4f7322bd713f7a0d173845e67 + +info: + name: > + Admin renamer extended <= 3.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9caf6a8-d7f6-4686-889a-79ba9cf911c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-renamer-extended/" + google-query: inurl:"/wp-content/plugins/admin-renamer-extended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-renamer-extended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-renamer-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-renamer-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-1b189d1d5eea3b43d17277dc35a1184f.yaml b/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-1b189d1d5eea3b43d17277dc35a1184f.yaml new file mode 100644 index 0000000000..77405623e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-1b189d1d5eea3b43d17277dc35a1184f.yaml @@ -0,0 +1,58 @@ +id: admin-side-data-storage-for-contact-form-7-1b189d1d5eea3b43d17277dc35a1184f + +info: + name: > + Admin side data storage for Contact Form 7 <= 1.1.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/172b2191-6595-47dd-bf2d-97dc3d17e5ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-side-data-storage-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/admin-side-data-storage-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-side-data-storage-for-contact-form-7,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-side-data-storage-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-side-data-storage-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-1c83a92e446554fa5dca6a3142ee08a1.yaml b/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-1c83a92e446554fa5dca6a3142ee08a1.yaml new file mode 100644 index 0000000000..653756afdb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-1c83a92e446554fa5dca6a3142ee08a1.yaml @@ -0,0 +1,58 @@ +id: admin-side-data-storage-for-contact-form-7-1c83a92e446554fa5dca6a3142ee08a1 + +info: + name: > + Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52e4f79f-1148-4530-8d78-377a7365978a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-side-data-storage-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/admin-side-data-storage-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-side-data-storage-for-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-side-data-storage-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-side-data-storage-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-338378bbb7402de89fbb870142f8402e.yaml b/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-338378bbb7402de89fbb870142f8402e.yaml new file mode 100644 index 0000000000..fd4f303917 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-338378bbb7402de89fbb870142f8402e.yaml @@ -0,0 +1,58 @@ +id: admin-side-data-storage-for-contact-form-7-338378bbb7402de89fbb870142f8402e + +info: + name: > + Admin side data storage for Contact Form 7 <= 1.1.1 - Missing Authorization to Unauthenticated Bookmark Status Alteration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d74040d0-1fee-4906-af6f-a5d842c42fd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-side-data-storage-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/admin-side-data-storage-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-side-data-storage-for-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-side-data-storage-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-side-data-storage-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-6038d8499b4a66981281a09913dec32b.yaml b/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-6038d8499b4a66981281a09913dec32b.yaml new file mode 100644 index 0000000000..620696ec3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-6038d8499b4a66981281a09913dec32b.yaml @@ -0,0 +1,58 @@ +id: admin-side-data-storage-for-contact-form-7-6038d8499b4a66981281a09913dec32b + +info: + name: > + Admin side data storage for Contact Form 7 <= 1.1.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bff8172-b879-40b0-a229-a54787baa38a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-side-data-storage-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/admin-side-data-storage-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-side-data-storage-for-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-side-data-storage-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-side-data-storage-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-7ad427989216bf7651898fa8b21eefdc.yaml b/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-7ad427989216bf7651898fa8b21eefdc.yaml new file mode 100644 index 0000000000..eaf1a41b2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-side-data-storage-for-contact-form-7-7ad427989216bf7651898fa8b21eefdc.yaml @@ -0,0 +1,58 @@ +id: admin-side-data-storage-for-contact-form-7-7ad427989216bf7651898fa8b21eefdc + +info: + name: > + Admin side data storage for Contact Form 7 <= 1.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b411a97b-2f1c-4feb-b1c7-bc5a1aab7f33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-side-data-storage-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/admin-side-data-storage-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-side-data-storage-for-contact-form-7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-side-data-storage-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-side-data-storage-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-site-enhancements-66e2a6cfa3da10d668341e96b2f32949.yaml b/nuclei-templates/cve-less/plugins/admin-site-enhancements-66e2a6cfa3da10d668341e96b2f32949.yaml new file mode 100644 index 0000000000..11a32ba9df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-site-enhancements-66e2a6cfa3da10d668341e96b2f32949.yaml @@ -0,0 +1,58 @@ +id: admin-site-enhancements-66e2a6cfa3da10d668341e96b2f32949 + +info: + name: > + Admin and Site Enhancements (ASE) <= 5.7.1 - Password Protection Mode Security Feature Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0abad47f-a806-4cdd-a11f-015b997b5e86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-site-enhancements/" + google-query: inurl:"/wp-content/plugins/admin-site-enhancements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-site-enhancements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-site-enhancements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-site-enhancements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/admin-word-count-column-d5cca6b6b2563223e79910114117f74a.yaml b/nuclei-templates/cve-less/plugins/admin-word-count-column-d5cca6b6b2563223e79910114117f74a.yaml new file mode 100644 index 0000000000..02295d1454 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/admin-word-count-column-d5cca6b6b2563223e79910114117f74a.yaml @@ -0,0 +1,58 @@ +id: admin-word-count-column-d5cca6b6b2563223e79910114117f74a + +info: + name: > + Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7520010f-c402-4fe9-82dc-a973ce446765?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/admin-word-count-column/" + google-query: inurl:"/wp-content/plugins/admin-word-count-column/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,admin-word-count-column,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/admin-word-count-column/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "admin-word-count-column" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adminer-50ccd5d0a1c5b6dd13714f3e3f3f4b8d.yaml b/nuclei-templates/cve-less/plugins/adminer-50ccd5d0a1c5b6dd13714f3e3f3f4b8d.yaml new file mode 100644 index 0000000000..61726c5303 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adminer-50ccd5d0a1c5b6dd13714f3e3f3f4b8d.yaml @@ -0,0 +1,58 @@ +id: adminer-50ccd5d0a1c5b6dd13714f3e3f3f4b8d + +info: + name: > + Adminer <= 1.4.5 - Security Bypass to Database Login + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/109b4947-f690-4158-9e6a-00f2005a6938?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adminer/" + google-query: inurl:"/wp-content/plugins/adminer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adminer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adminer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adminer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adminify-01ec13470a183f703d9497a5409e83a8.yaml b/nuclei-templates/cve-less/plugins/adminify-01ec13470a183f703d9497a5409e83a8.yaml new file mode 100644 index 0000000000..840c8cdd77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adminify-01ec13470a183f703d9497a5409e83a8.yaml @@ -0,0 +1,58 @@ +id: adminify-01ec13470a183f703d9497a5409e83a8 + +info: + name: > + WP Adminify <= 3.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a600f164-7255-4590-8239-2d3e0b445e79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adminify/" + google-query: inurl:"/wp-content/plugins/adminify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adminify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adminify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adminify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adminify-41758ee37f85a4ada05dbd855bba9b0b.yaml b/nuclei-templates/cve-less/plugins/adminify-41758ee37f85a4ada05dbd855bba9b0b.yaml new file mode 100644 index 0000000000..43532b269c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adminify-41758ee37f85a4ada05dbd855bba9b0b.yaml @@ -0,0 +1,58 @@ +id: adminify-41758ee37f85a4ada05dbd855bba9b0b + +info: + name: > + WP Adminify <= 3.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ac72136-7911-4980-92b0-9bf18bed2201?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adminify/" + google-query: inurl:"/wp-content/plugins/adminify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adminify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adminify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adminify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adminify-bc021f50f994b63de0e089ca7983044c.yaml b/nuclei-templates/cve-less/plugins/adminify-bc021f50f994b63de0e089ca7983044c.yaml new file mode 100644 index 0000000000..f11dbda1b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adminify-bc021f50f994b63de0e089ca7983044c.yaml @@ -0,0 +1,58 @@ +id: adminify-bc021f50f994b63de0e089ca7983044c + +info: + name: > + WP Adminify <= 3.1.6 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/555dce5e-9868-464a-9cb4-67644cc6a61c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adminify/" + google-query: inurl:"/wp-content/plugins/adminify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adminify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adminify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adminify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adminimize-98258e7e3672ebda27bdfc41933c5290.yaml b/nuclei-templates/cve-less/plugins/adminimize-98258e7e3672ebda27bdfc41933c5290.yaml new file mode 100644 index 0000000000..6b288df013 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adminimize-98258e7e3672ebda27bdfc41933c5290.yaml @@ -0,0 +1,58 @@ +id: adminimize-98258e7e3672ebda27bdfc41933c5290 + +info: + name: > + Adminimize <= 1.7.21 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d7fec5d-895e-4366-a31c-248a3daf8937?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adminimize/" + google-query: inurl:"/wp-content/plugins/adminimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adminimize,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adminimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adminimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adminimize-a9a5808c69ac6668bf195f6fcb5a5a1a.yaml b/nuclei-templates/cve-less/plugins/adminimize-a9a5808c69ac6668bf195f6fcb5a5a1a.yaml new file mode 100644 index 0000000000..bcb9f0e12c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adminimize-a9a5808c69ac6668bf195f6fcb5a5a1a.yaml @@ -0,0 +1,58 @@ +id: adminimize-a9a5808c69ac6668bf195f6fcb5a5a1a + +info: + name: > + Adminimize < 1.7.22 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83ad7ab2-4257-4aac-9388-bfcbc2938984?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adminimize/" + google-query: inurl:"/wp-content/plugins/adminimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adminimize,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adminimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adminimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adminpad-70956e63e550605d8f25a09facb07794.yaml b/nuclei-templates/cve-less/plugins/adminpad-70956e63e550605d8f25a09facb07794.yaml new file mode 100644 index 0000000000..8f8e742736 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adminpad-70956e63e550605d8f25a09facb07794.yaml @@ -0,0 +1,58 @@ +id: adminpad-70956e63e550605d8f25a09facb07794 + +info: + name: > + AdminPad <= 2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9d545fc-fed0-428a-bad5-a0d7d09c04a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adminpad/" + google-query: inurl:"/wp-content/plugins/adminpad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adminpad,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adminpad/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adminpad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adrotate-1978bcad197f3b110297309bda97f32a.yaml b/nuclei-templates/cve-less/plugins/adrotate-1978bcad197f3b110297309bda97f32a.yaml new file mode 100644 index 0000000000..1118c6ca33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adrotate-1978bcad197f3b110297309bda97f32a.yaml @@ -0,0 +1,58 @@ +id: adrotate-1978bcad197f3b110297309bda97f32a + +info: + name: > + AdRotate – Ad manager & AdSense Ads < 3.6.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96f9c5b3-43b7-46e0-aa0c-a5179a99096b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adrotate/" + google-query: inurl:"/wp-content/plugins/adrotate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adrotate,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adrotate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adrotate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adrotate-1f31d20eb76428666b511698c9ea1c7e.yaml b/nuclei-templates/cve-less/plugins/adrotate-1f31d20eb76428666b511698c9ea1c7e.yaml new file mode 100644 index 0000000000..4a90325fa4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adrotate-1f31d20eb76428666b511698c9ea1c7e.yaml @@ -0,0 +1,58 @@ +id: adrotate-1f31d20eb76428666b511698c9ea1c7e + +info: + name: > + AdRotate – Ad manager & AdSense Ads 3.9 - 3.9.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/941233d8-f382-40a0-81b2-18a682ae07ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adrotate/" + google-query: inurl:"/wp-content/plugins/adrotate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adrotate,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adrotate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adrotate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.9', '<= 3.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adrotate-404d802e6aee5b15a871049b9ffff69a.yaml b/nuclei-templates/cve-less/plugins/adrotate-404d802e6aee5b15a871049b9ffff69a.yaml new file mode 100644 index 0000000000..5eb7d648d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adrotate-404d802e6aee5b15a871049b9ffff69a.yaml @@ -0,0 +1,58 @@ +id: adrotate-404d802e6aee5b15a871049b9ffff69a + +info: + name: > + AdRotate – Ad manager & AdSense Ads <= 5.8.22 - Authenticated Stored Cross-Site Scripting via Group Names + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07c0516b-ee3a-4a80-8db7-e6372bb294a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adrotate/" + google-query: inurl:"/wp-content/plugins/adrotate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adrotate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adrotate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adrotate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adrotate-a74fb6f00e03de1d4dc066ebae34f69d.yaml b/nuclei-templates/cve-less/plugins/adrotate-a74fb6f00e03de1d4dc066ebae34f69d.yaml new file mode 100644 index 0000000000..252b1b2fc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adrotate-a74fb6f00e03de1d4dc066ebae34f69d.yaml @@ -0,0 +1,58 @@ +id: adrotate-a74fb6f00e03de1d4dc066ebae34f69d + +info: + name: > + AdRotate Banner Manager <= 5.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f068abb4-cbe6-4698-b547-78503b2a455e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adrotate/" + google-query: inurl:"/wp-content/plugins/adrotate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adrotate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adrotate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adrotate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adrotate-b24e50f88d059b7df802d8ab2740b6f0.yaml b/nuclei-templates/cve-less/plugins/adrotate-b24e50f88d059b7df802d8ab2740b6f0.yaml new file mode 100644 index 0000000000..c5de4f7229 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adrotate-b24e50f88d059b7df802d8ab2740b6f0.yaml @@ -0,0 +1,58 @@ +id: adrotate-b24e50f88d059b7df802d8ab2740b6f0 + +info: + name: > + AdRotate – Ad manager & AdSense Ads <= 5.2 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9244775-eab8-4cf4-98bb-97e467dcc5cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adrotate/" + google-query: inurl:"/wp-content/plugins/adrotate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adrotate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adrotate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adrotate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adrotate-d07cf22ef8f576e671dbb7b3eafdf13a.yaml b/nuclei-templates/cve-less/plugins/adrotate-d07cf22ef8f576e671dbb7b3eafdf13a.yaml new file mode 100644 index 0000000000..984743e4e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adrotate-d07cf22ef8f576e671dbb7b3eafdf13a.yaml @@ -0,0 +1,58 @@ +id: adrotate-d07cf22ef8f576e671dbb7b3eafdf13a + +info: + name: > + AdRotate – Ad manager & AdSense Ads <= 5.8.22 - Authenticated Stored Cross-Site Scripting via Advert Names + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f226493-4787-4d99-999d-3e3916a8c41d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adrotate/" + google-query: inurl:"/wp-content/plugins/adrotate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adrotate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adrotate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adrotate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adrotate-d9b7905c602159e1d431254ae8993ca0.yaml b/nuclei-templates/cve-less/plugins/adrotate-d9b7905c602159e1d431254ae8993ca0.yaml new file mode 100644 index 0000000000..e68ec3d28c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adrotate-d9b7905c602159e1d431254ae8993ca0.yaml @@ -0,0 +1,58 @@ +id: adrotate-d9b7905c602159e1d431254ae8993ca0 + +info: + name: > + AdRotate – Ad manager & AdSense Ads <= 5.8.17 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ad7c3d5-fce8-4214-a7f8-5aa2b9fe0934?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adrotate/" + google-query: inurl:"/wp-content/plugins/adrotate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adrotate,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adrotate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adrotate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adrotate-f5d87ece59db37936b3fb9bdb05376cd.yaml b/nuclei-templates/cve-less/plugins/adrotate-f5d87ece59db37936b3fb9bdb05376cd.yaml new file mode 100644 index 0000000000..4c2f41ec13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adrotate-f5d87ece59db37936b3fb9bdb05376cd.yaml @@ -0,0 +1,58 @@ +id: adrotate-f5d87ece59db37936b3fb9bdb05376cd + +info: + name: > + AdRotate < 5.8.4 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed9ae337-fd2b-49c1-baac-6540f1152f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adrotate/" + google-query: inurl:"/wp-content/plugins/adrotate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adrotate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adrotate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adrotate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ads-by-datafeedrcom-b6c1a6adb8481fecb3d92549d2f5a5bd.yaml b/nuclei-templates/cve-less/plugins/ads-by-datafeedrcom-b6c1a6adb8481fecb3d92549d2f5a5bd.yaml new file mode 100644 index 0000000000..d9b4386fa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ads-by-datafeedrcom-b6c1a6adb8481fecb3d92549d2f5a5bd.yaml @@ -0,0 +1,58 @@ +id: ads-by-datafeedrcom-b6c1a6adb8481fecb3d92549d2f5a5bd + +info: + name: > + Ads by datafeedr.com <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61c71bbf-ddae-4f35-ac8d-9753fb3fb67f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ads-by-datafeedrcom/" + google-query: inurl:"/wp-content/plugins/ads-by-datafeedrcom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ads-by-datafeedrcom,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ads-by-datafeedrcom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ads-by-datafeedrcom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ads-by-datafeedrcom-f9c63ff99c5edff8a5bfda2b8b7db0d0.yaml b/nuclei-templates/cve-less/plugins/ads-by-datafeedrcom-f9c63ff99c5edff8a5bfda2b8b7db0d0.yaml new file mode 100644 index 0000000000..a13e7d3065 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ads-by-datafeedrcom-f9c63ff99c5edff8a5bfda2b8b7db0d0.yaml @@ -0,0 +1,58 @@ +id: ads-by-datafeedrcom-f9c63ff99c5edff8a5bfda2b8b7db0d0 + +info: + name: > + Ads by datafeedr.com <= 1.1.3 - Unauthenticated (Limited) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5412fd87-49bc-445c-8d16-443e38933d1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ads-by-datafeedrcom/" + google-query: inurl:"/wp-content/plugins/ads-by-datafeedrcom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ads-by-datafeedrcom,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ads-by-datafeedrcom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ads-by-datafeedrcom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ads-invalid-click-protection-d53d7fc7db0d940484e982ea2d1a452b.yaml b/nuclei-templates/cve-less/plugins/ads-invalid-click-protection-d53d7fc7db0d940484e982ea2d1a452b.yaml new file mode 100644 index 0000000000..cbc8e0eb0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ads-invalid-click-protection-d53d7fc7db0d940484e982ea2d1a452b.yaml @@ -0,0 +1,58 @@ +id: ads-invalid-click-protection-d53d7fc7db0d940484e982ea2d1a452b + +info: + name: > + Ads Invalid Click Protection <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0fa8050-6318-4528-8dd4-a3ca5467cfaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ads-invalid-click-protection/" + google-query: inurl:"/wp-content/plugins/ads-invalid-click-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ads-invalid-click-protection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ads-invalid-click-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ads-invalid-click-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ads-txt-admin-2edbd29eb6775e076f4926bb495fbd5f.yaml b/nuclei-templates/cve-less/plugins/ads-txt-admin-2edbd29eb6775e076f4926bb495fbd5f.yaml new file mode 100644 index 0000000000..8c71baa673 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ads-txt-admin-2edbd29eb6775e076f4926bb495fbd5f.yaml @@ -0,0 +1,58 @@ +id: ads-txt-admin-2edbd29eb6775e076f4926bb495fbd5f + +info: + name: > + Ads.txt Admin <= 1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d4ec326-3008-45f9-a3d7-59b3676182fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ads-txt-admin/" + google-query: inurl:"/wp-content/plugins/ads-txt-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ads-txt-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ads-txt-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ads-txt-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ads-txt-manager-bc55ea7b509124d1a77831d4400c5030.yaml b/nuclei-templates/cve-less/plugins/ads-txt-manager-bc55ea7b509124d1a77831d4400c5030.yaml new file mode 100644 index 0000000000..ba9dbcfec4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ads-txt-manager-bc55ea7b509124d1a77831d4400c5030.yaml @@ -0,0 +1,58 @@ +id: ads-txt-manager-bc55ea7b509124d1a77831d4400c5030 + +info: + name: > + simple-git < 3.16.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46fdd494-8073-4a68-a4ab-1f5767011f67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ads-txt-manager/" + google-query: inurl:"/wp-content/plugins/ads-txt-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ads-txt-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ads-txt-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ads-txt-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adsanity-76eba8cd8a4e862710149dc77a310969.yaml b/nuclei-templates/cve-less/plugins/adsanity-76eba8cd8a4e862710149dc77a310969.yaml new file mode 100644 index 0000000000..baabae2ca8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adsanity-76eba8cd8a4e862710149dc77a310969.yaml @@ -0,0 +1,58 @@ +id: adsanity-76eba8cd8a4e862710149dc77a310969 + +info: + name: > + AdSanity < 1.8.2 - Authenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/effd72d2-876d-4f8d-b1e4-5ab38eab401b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adsanity/" + google-query: inurl:"/wp-content/plugins/adsanity/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adsanity,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adsanity/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adsanity" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adsense-click-fraud-monitoring-a06b9dcd1c61939b7e3171c0fcf7e2b0.yaml b/nuclei-templates/cve-less/plugins/adsense-click-fraud-monitoring-a06b9dcd1c61939b7e3171c0fcf7e2b0.yaml new file mode 100644 index 0000000000..824d29c285 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adsense-click-fraud-monitoring-a06b9dcd1c61939b7e3171c0fcf7e2b0.yaml @@ -0,0 +1,58 @@ +id: adsense-click-fraud-monitoring-a06b9dcd1c61939b7e3171c0fcf7e2b0 + +info: + name: > + Adsense Click Fraud Monitoring <= 1.8.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/974b3894-f4e2-49c7-ba92-eaa5be0b4298?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adsense-click-fraud-monitoring/" + google-query: inurl:"/wp-content/plugins/adsense-click-fraud-monitoring/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adsense-click-fraud-monitoring,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adsense-click-fraud-monitoring/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adsense-click-fraud-monitoring" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adsense-deluxe-e6b40723167a263b6dd92aa26e882342.yaml b/nuclei-templates/cve-less/plugins/adsense-deluxe-e6b40723167a263b6dd92aa26e882342.yaml new file mode 100644 index 0000000000..e24eabcaa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adsense-deluxe-e6b40723167a263b6dd92aa26e882342.yaml @@ -0,0 +1,58 @@ +id: adsense-deluxe-e6b40723167a263b6dd92aa26e882342 + +info: + name: > + AdSense-Deluxe <= 0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d4bd61c-858d-457f-a482-77939fe0caf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adsense-deluxe/" + google-query: inurl:"/wp-content/plugins/adsense-deluxe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adsense-deluxe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adsense-deluxe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adsense-deluxe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adsense-plugin-4e7aa84fdbb125f3fa6adbf786ab8d90.yaml b/nuclei-templates/cve-less/plugins/adsense-plugin-4e7aa84fdbb125f3fa6adbf786ab8d90.yaml new file mode 100644 index 0000000000..5b203f729b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adsense-plugin-4e7aa84fdbb125f3fa6adbf786ab8d90.yaml @@ -0,0 +1,58 @@ +id: adsense-plugin-4e7aa84fdbb125f3fa6adbf786ab8d90 + +info: + name: > + AdPush <= 1.43 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fc8deda-9fb3-41e5-850b-5109d4018027?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adsense-plugin/" + google-query: inurl:"/wp-content/plugins/adsense-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adsense-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adsense-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adsense-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.43') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adsensei-b30-3fb8a6560a10a77149304b3038078ed0.yaml b/nuclei-templates/cve-less/plugins/adsensei-b30-3fb8a6560a10a77149304b3038078ed0.yaml new file mode 100644 index 0000000000..5a665cc31c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adsensei-b30-3fb8a6560a10a77149304b3038078ed0.yaml @@ -0,0 +1,58 @@ +id: adsensei-b30-3fb8a6560a10a77149304b3038078ed0 + +info: + name: > + Adsmonetizer <= 3.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d8585df-f933-4bd6-a157-56a51d4f8a4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adsensei-b30/" + google-query: inurl:"/wp-content/plugins/adsensei-b30/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adsensei-b30,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adsensei-b30/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adsensei-b30" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adserve-0be4b8a6e8c5523e50c4255a6c88e58b.yaml b/nuclei-templates/cve-less/plugins/adserve-0be4b8a6e8c5523e50c4255a6c88e58b.yaml new file mode 100644 index 0000000000..d709c31b92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adserve-0be4b8a6e8c5523e50c4255a6c88e58b.yaml @@ -0,0 +1,58 @@ +id: adserve-0be4b8a6e8c5523e50c4255a6c88e58b + +info: + name: > + AdServe < 0.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1d8ae51-5f5e-466d-9994-32c898f01f53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adserve/" + google-query: inurl:"/wp-content/plugins/adserve/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adserve,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adserve/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adserve" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/adsplacer-26120d11811fdddc12c0808afc461d28.yaml b/nuclei-templates/cve-less/plugins/adsplacer-26120d11811fdddc12c0808afc461d28.yaml new file mode 100644 index 0000000000..1d1ef3c80c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/adsplacer-26120d11811fdddc12c0808afc461d28.yaml @@ -0,0 +1,58 @@ +id: adsplacer-26120d11811fdddc12c0808afc461d28 + +info: + name: > + AdsPlace'r – Ad Manager, Inserter, AdSense Ads <= 1.1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f20fc354-e93c-4da4-8344-a71b07e04e56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/adsplacer/" + google-query: inurl:"/wp-content/plugins/adsplacer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,adsplacer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/adsplacer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adsplacer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advance-search-223f6e5ecb381f112c575b56d5d37f09.yaml b/nuclei-templates/cve-less/plugins/advance-search-223f6e5ecb381f112c575b56d5d37f09.yaml new file mode 100644 index 0000000000..c9fe6f1673 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advance-search-223f6e5ecb381f112c575b56d5d37f09.yaml @@ -0,0 +1,58 @@ +id: advance-search-223f6e5ecb381f112c575b56d5d37f09 + +info: + name: > + WP Advanced Search <= 1.1.6 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d253a001-7023-4070-81c5-35d485ffd36c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advance-search/" + google-query: inurl:"/wp-content/plugins/advance-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advance-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advance-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advance-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advance-search-65722f234323ee23193cc280e3922176.yaml b/nuclei-templates/cve-less/plugins/advance-search-65722f234323ee23193cc280e3922176.yaml new file mode 100644 index 0000000000..baec3718d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advance-search-65722f234323ee23193cc280e3922176.yaml @@ -0,0 +1,58 @@ +id: advance-search-65722f234323ee23193cc280e3922176 + +info: + name: > + Advance Search <= 1.1.6 - Cross-Site Request Forgery to Shortcode Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac646ea3-f5e5-4fe9-8e43-ceabbf3f3cc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advance-search/" + google-query: inurl:"/wp-content/plugins/advance-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advance-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advance-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advance-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advance-search-e5f9122605f16ebf468dfc1c8cf77f37.yaml b/nuclei-templates/cve-less/plugins/advance-search-e5f9122605f16ebf468dfc1c8cf77f37.yaml new file mode 100644 index 0000000000..0031eaad15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advance-search-e5f9122605f16ebf468dfc1c8cf77f37.yaml @@ -0,0 +1,58 @@ +id: advance-search-e5f9122605f16ebf468dfc1c8cf77f37 + +info: + name: > + Advance Search <= 1.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cae72c7e-9bc8-40a7-b125-c9e8c86b14bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advance-search/" + google-query: inurl:"/wp-content/plugins/advance-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advance-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advance-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advance-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-access-manager-1591ae4acd002a80b846e658ca20b8b2.yaml b/nuclei-templates/cve-less/plugins/advanced-access-manager-1591ae4acd002a80b846e658ca20b8b2.yaml new file mode 100644 index 0000000000..2671b619d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-access-manager-1591ae4acd002a80b846e658ca20b8b2.yaml @@ -0,0 +1,58 @@ +id: advanced-access-manager-1591ae4acd002a80b846e658ca20b8b2 + +info: + name: > + Advanced Access Manager <= 6.9.20 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a752e211-5ae2-4b85-ac01-872dc829d84c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-access-manager/" + google-query: inurl:"/wp-content/plugins/advanced-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-access-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-access-manager-1c25b9d9b10bd77a049e735bb0a8965a.yaml b/nuclei-templates/cve-less/plugins/advanced-access-manager-1c25b9d9b10bd77a049e735bb0a8965a.yaml new file mode 100644 index 0000000000..807fd4cef6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-access-manager-1c25b9d9b10bd77a049e735bb0a8965a.yaml @@ -0,0 +1,58 @@ +id: advanced-access-manager-1c25b9d9b10bd77a049e735bb0a8965a + +info: + name: > + Advanced Access Manager <= 6.9.20 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e96e94f8-f61c-4458-9ede-53bab30502b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-access-manager/" + google-query: inurl:"/wp-content/plugins/advanced-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-access-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-access-manager-1cbbbacebab6eafbabdd1ea3e6ed8c33.yaml b/nuclei-templates/cve-less/plugins/advanced-access-manager-1cbbbacebab6eafbabdd1ea3e6ed8c33.yaml new file mode 100644 index 0000000000..e61cf96e2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-access-manager-1cbbbacebab6eafbabdd1ea3e6ed8c33.yaml @@ -0,0 +1,58 @@ +id: advanced-access-manager-1cbbbacebab6eafbabdd1ea3e6ed8c33 + +info: + name: > + Advanced Access Manager <= 6.9.18 - Authenticated (Author+) Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1eb25ef3-28ea-4f8f-932a-e90ca1914e8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-access-manager/" + google-query: inurl:"/wp-content/plugins/advanced-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-access-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-access-manager-2239ca03e49ffeb792ff8f7c625fd4da.yaml b/nuclei-templates/cve-less/plugins/advanced-access-manager-2239ca03e49ffeb792ff8f7c625fd4da.yaml new file mode 100644 index 0000000000..510ac6d988 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-access-manager-2239ca03e49ffeb792ff8f7c625fd4da.yaml @@ -0,0 +1,58 @@ +id: advanced-access-manager-2239ca03e49ffeb792ff8f7c625fd4da + +info: + name: > + Advanced Access Manager <= 6.6.1 - Authenticated Authorization Bypass and Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e6de586-5621-4eb2-8150-cb42562d289f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-access-manager/" + google-query: inurl:"/wp-content/plugins/advanced-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-access-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-access-manager-304412fedec296474e9a664baa039b40.yaml b/nuclei-templates/cve-less/plugins/advanced-access-manager-304412fedec296474e9a664baa039b40.yaml new file mode 100644 index 0000000000..fde7f7d4b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-access-manager-304412fedec296474e9a664baa039b40.yaml @@ -0,0 +1,58 @@ +id: advanced-access-manager-304412fedec296474e9a664baa039b40 + +info: + name: > + Advanced Access Manager <= 6.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c50b451-519c-4da8-93ce-b84e594e6775?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-access-manager/" + google-query: inurl:"/wp-content/plugins/advanced-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-access-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-access-manager-3b7a2e7b6f89f58e23d11ffebc1efd41.yaml b/nuclei-templates/cve-less/plugins/advanced-access-manager-3b7a2e7b6f89f58e23d11ffebc1efd41.yaml new file mode 100644 index 0000000000..d4a3b8baf0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-access-manager-3b7a2e7b6f89f58e23d11ffebc1efd41.yaml @@ -0,0 +1,58 @@ +id: advanced-access-manager-3b7a2e7b6f89f58e23d11ffebc1efd41 + +info: + name: > + Advanced Access Manager <= 6.9.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1bf4f77-9539-4a9f-afec-f43f602c684f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-access-manager/" + google-query: inurl:"/wp-content/plugins/advanced-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-access-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-access-manager-7d84c9a9ee6bf717c602d3a38e459b86.yaml b/nuclei-templates/cve-less/plugins/advanced-access-manager-7d84c9a9ee6bf717c602d3a38e459b86.yaml new file mode 100644 index 0000000000..95e0a750d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-access-manager-7d84c9a9ee6bf717c602d3a38e459b86.yaml @@ -0,0 +1,58 @@ +id: advanced-access-manager-7d84c9a9ee6bf717c602d3a38e459b86 + +info: + name: > + Advanced Access Manager <= 6.6.1 - Authenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c9da9c-8a92-44fd-a35a-4c6d3777901f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-access-manager/" + google-query: inurl:"/wp-content/plugins/advanced-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-access-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-access-manager-86962de7248a9bc1e25d4d3ee2951f2c.yaml b/nuclei-templates/cve-less/plugins/advanced-access-manager-86962de7248a9bc1e25d4d3ee2951f2c.yaml new file mode 100644 index 0000000000..52c92094a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-access-manager-86962de7248a9bc1e25d4d3ee2951f2c.yaml @@ -0,0 +1,58 @@ +id: advanced-access-manager-86962de7248a9bc1e25d4d3ee2951f2c + +info: + name: > + Advanced Access Manager <= 6.7.9 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7e0aa7-8834-4ff1-9ced-5d740936c721?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-access-manager/" + google-query: inurl:"/wp-content/plugins/advanced-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-access-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-access-manager-aa18fa16264ca0049a45d96495a5cf8a.yaml b/nuclei-templates/cve-less/plugins/advanced-access-manager-aa18fa16264ca0049a45d96495a5cf8a.yaml new file mode 100644 index 0000000000..1bda99ea64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-access-manager-aa18fa16264ca0049a45d96495a5cf8a.yaml @@ -0,0 +1,58 @@ +id: advanced-access-manager-aa18fa16264ca0049a45d96495a5cf8a + +info: + name: > + Advanced Access Manager <= 2.8.2 - Arbitrary File Overwrite + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b526b331-8c02-44b1-9555-156afe7ad45a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-access-manager/" + google-query: inurl:"/wp-content/plugins/advanced-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-access-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-admin-search-b5af9134a0dd9c46b02e9a0fe6e4c234.yaml b/nuclei-templates/cve-less/plugins/advanced-admin-search-b5af9134a0dd9c46b02e9a0fe6e4c234.yaml new file mode 100644 index 0000000000..d116e6cfe2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-admin-search-b5af9134a0dd9c46b02e9a0fe6e4c234.yaml @@ -0,0 +1,58 @@ +id: advanced-admin-search-b5af9134a0dd9c46b02e9a0fe6e4c234 + +info: + name: > + Advanced Admin Search <= 1.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd670f5-390d-4380-b674-8846fde18d6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-admin-search/" + google-query: inurl:"/wp-content/plugins/advanced-admin-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-admin-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-admin-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-admin-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-ads-0ce7e54d96c7e37996c0287c3e487a8b.yaml b/nuclei-templates/cve-less/plugins/advanced-ads-0ce7e54d96c7e37996c0287c3e487a8b.yaml new file mode 100644 index 0000000000..65cc79b658 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-ads-0ce7e54d96c7e37996c0287c3e487a8b.yaml @@ -0,0 +1,58 @@ +id: advanced-ads-0ce7e54d96c7e37996c0287c3e487a8b + +info: + name: > + Advanced Ads – Ad Manager & AdSense <= 1.31.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d1fcdb9-215c-415b-bd47-4cbf9258685b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-ads/" + google-query: inurl:"/wp-content/plugins/advanced-ads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-ads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-ads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-ads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.31.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-ads-83e91dab60d5a445ab0bd5d25903d462.yaml b/nuclei-templates/cve-less/plugins/advanced-ads-83e91dab60d5a445ab0bd5d25903d462.yaml new file mode 100644 index 0000000000..fa68a4e491 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-ads-83e91dab60d5a445ab0bd5d25903d462.yaml @@ -0,0 +1,58 @@ +id: advanced-ads-83e91dab60d5a445ab0bd5d25903d462 + +info: + name: > + Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f64336f7-ab2a-4e22-a76f-d077c51f9c57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-ads/" + google-query: inurl:"/wp-content/plugins/advanced-ads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-ads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-ads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-ads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.52.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-ads-e81a4620e336feb8f24131c8ad7dbdcc.yaml b/nuclei-templates/cve-less/plugins/advanced-ads-e81a4620e336feb8f24131c8ad7dbdcc.yaml new file mode 100644 index 0000000000..3d22a4bd59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-ads-e81a4620e336feb8f24131c8ad7dbdcc.yaml @@ -0,0 +1,58 @@ +id: advanced-ads-e81a4620e336feb8f24131c8ad7dbdcc + +info: + name: > + Advanced Ads – Ad Manager & AdSense <= 1.52.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ea634b5-72db-428c-96b4-15ef6025ab1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-ads/" + google-query: inurl:"/wp-content/plugins/advanced-ads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-ads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-ads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-ads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.52.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-ajax-page-loader-e6b2b9642eaa28f30036533185d6907f.yaml b/nuclei-templates/cve-less/plugins/advanced-ajax-page-loader-e6b2b9642eaa28f30036533185d6907f.yaml new file mode 100644 index 0000000000..fa5260457d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-ajax-page-loader-e6b2b9642eaa28f30036533185d6907f.yaml @@ -0,0 +1,58 @@ +id: advanced-ajax-page-loader-e6b2b9642eaa28f30036533185d6907f + +info: + name: > + Advanced AJAX Page Loader < 2.7.7 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/953e10a1-df11-40d3-869c-2974a344630e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-ajax-page-loader/" + google-query: inurl:"/wp-content/plugins/advanced-ajax-page-loader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-ajax-page-loader,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-ajax-page-loader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-ajax-page-loader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-booking-calendar-02c5d62eb1659f29fbc55dae8e4463de.yaml b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-02c5d62eb1659f29fbc55dae8e4463de.yaml new file mode 100644 index 0000000000..4a28071e87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-02c5d62eb1659f29fbc55dae8e4463de.yaml @@ -0,0 +1,58 @@ +id: advanced-booking-calendar-02c5d62eb1659f29fbc55dae8e4463de + +info: + name: > + Advanced Booking Calendar <= 1.6.9 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48949329-8918-4d37-9f3a-1005e99d7e4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-booking-calendar/" + google-query: inurl:"/wp-content/plugins/advanced-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-booking-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-booking-calendar-26d3ea26eccb41307c119c75a4db08cf.yaml b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-26d3ea26eccb41307c119c75a4db08cf.yaml new file mode 100644 index 0000000000..5cbb2ef85c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-26d3ea26eccb41307c119c75a4db08cf.yaml @@ -0,0 +1,58 @@ +id: advanced-booking-calendar-26d3ea26eccb41307c119c75a4db08cf + +info: + name: > + Advanced Booking Calendar <= 1.7.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26f4e785-724b-41d3-b479-cb0150e70f9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-booking-calendar/" + google-query: inurl:"/wp-content/plugins/advanced-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-booking-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-booking-calendar-66bcdef39a721f6e9228bf986823abfb.yaml b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-66bcdef39a721f6e9228bf986823abfb.yaml new file mode 100644 index 0000000000..23a7b35c47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-66bcdef39a721f6e9228bf986823abfb.yaml @@ -0,0 +1,58 @@ +id: advanced-booking-calendar-66bcdef39a721f6e9228bf986823abfb + +info: + name: > + Advanced Booking Calendar <= 1.6.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28c8abf2-09e2-43a2-8666-ca2a896bdbbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-booking-calendar/" + google-query: inurl:"/wp-content/plugins/advanced-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-booking-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-booking-calendar-a9aa77a954191266292b06f87ea42806.yaml b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-a9aa77a954191266292b06f87ea42806.yaml new file mode 100644 index 0000000000..0137763790 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-a9aa77a954191266292b06f87ea42806.yaml @@ -0,0 +1,58 @@ +id: advanced-booking-calendar-a9aa77a954191266292b06f87ea42806 + +info: + name: > + Advanced Booking Calendar <= 1.7.0 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eee60ee9-ec48-4c09-9905-edd2dbbcccf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-booking-calendar/" + google-query: inurl:"/wp-content/plugins/advanced-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-booking-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-booking-calendar-d4656841565576de3042f9c9b59d5ada.yaml b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-d4656841565576de3042f9c9b59d5ada.yaml new file mode 100644 index 0000000000..7b34844516 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-d4656841565576de3042f9c9b59d5ada.yaml @@ -0,0 +1,58 @@ +id: advanced-booking-calendar-d4656841565576de3042f9c9b59d5ada + +info: + name: > + Advanced Booking Calendar <= 1.6.6 - Reflected Cross-Site Scripting via calId Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d20bae1-5a94-402b-9001-725b433c9d55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-booking-calendar/" + google-query: inurl:"/wp-content/plugins/advanced-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-booking-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-booking-calendar-e81bb0ad426b5246d688d9a7f2eaddcb.yaml b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-e81bb0ad426b5246d688d9a7f2eaddcb.yaml new file mode 100644 index 0000000000..fd1bfdae85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-e81bb0ad426b5246d688d9a7f2eaddcb.yaml @@ -0,0 +1,58 @@ +id: advanced-booking-calendar-e81bb0ad426b5246d688d9a7f2eaddcb + +info: + name: > + Advanced Booking Calendar <= 1.7.1 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46c40aed-1df9-4c20-9058-1ae62864fc9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-booking-calendar/" + google-query: inurl:"/wp-content/plugins/advanced-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-booking-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-booking-calendar-ee1cda86ab18e381ca4e90653a705f3b.yaml b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-ee1cda86ab18e381ca4e90653a705f3b.yaml new file mode 100644 index 0000000000..d9dae3b778 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-booking-calendar-ee1cda86ab18e381ca4e90653a705f3b.yaml @@ -0,0 +1,58 @@ +id: advanced-booking-calendar-ee1cda86ab18e381ca4e90653a705f3b + +info: + name: > + Advanced Booking Calendar <= 1.7.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7794f043-0e0b-4ff3-b2dd-1caff8d7168d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-booking-calendar/" + google-query: inurl:"/wp-content/plugins/advanced-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-booking-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-category-template-850462c19f63654938faf5f00514f8c4.yaml b/nuclei-templates/cve-less/plugins/advanced-category-template-850462c19f63654938faf5f00514f8c4.yaml new file mode 100644 index 0000000000..3dc89e9e57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-category-template-850462c19f63654938faf5f00514f8c4.yaml @@ -0,0 +1,58 @@ +id: advanced-category-template-850462c19f63654938faf5f00514f8c4 + +info: + name: > + Advanced Category Template <= 0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da09b158-3626-455b-b3bc-b1109d0fab2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-category-template/" + google-query: inurl:"/wp-content/plugins/advanced-category-template/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-category-template,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-category-template/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-category-template" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-category-template-eaf398ea01fd7dda89f0e980c07588c4.yaml b/nuclei-templates/cve-less/plugins/advanced-category-template-eaf398ea01fd7dda89f0e980c07588c4.yaml new file mode 100644 index 0000000000..db6a8f0878 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-category-template-eaf398ea01fd7dda89f0e980c07588c4.yaml @@ -0,0 +1,58 @@ +id: advanced-category-template-eaf398ea01fd7dda89f0e980c07588c4 + +info: + name: > + Advanced Category Template <= 0.1 - Stored Cross-Site Scripting via Cross-Site Request Forgery in _form.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e18ae7a9-7761-432f-a983-16ff1131c1e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-category-template/" + google-query: inurl:"/wp-content/plugins/advanced-category-template/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-category-template,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-category-template/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-category-template" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-cf7-db-0ac820af26b82917a9384c67560e13a6.yaml b/nuclei-templates/cve-less/plugins/advanced-cf7-db-0ac820af26b82917a9384c67560e13a6.yaml new file mode 100644 index 0000000000..7c15c74f9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-cf7-db-0ac820af26b82917a9384c67560e13a6.yaml @@ -0,0 +1,58 @@ +id: advanced-cf7-db-0ac820af26b82917a9384c67560e13a6 + +info: + name: > + Advanced Contact form 7 DB <= 1.8.6 - Authenticated Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4891fd3f-563b-497a-a5d9-617f4862298b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-cf7-db/" + google-query: inurl:"/wp-content/plugins/advanced-cf7-db/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-cf7-db,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-cf7-db/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-cf7-db" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-cf7-db-4039c397e350c84a436243d9a4f3eab1.yaml b/nuclei-templates/cve-less/plugins/advanced-cf7-db-4039c397e350c84a436243d9a4f3eab1.yaml new file mode 100644 index 0000000000..c3d3386a46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-cf7-db-4039c397e350c84a436243d9a4f3eab1.yaml @@ -0,0 +1,58 @@ +id: advanced-cf7-db-4039c397e350c84a436243d9a4f3eab1 + +info: + name: > + Advanced Contact form 7 DB <= 1.8.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4598202a-f883-44c9-83bf-e8b72e418e3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-cf7-db/" + google-query: inurl:"/wp-content/plugins/advanced-cf7-db/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-cf7-db,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-cf7-db/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-cf7-db" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-cf7-db-cf64bc2fcdc70126dfb7b9884847888f.yaml b/nuclei-templates/cve-less/plugins/advanced-cf7-db-cf64bc2fcdc70126dfb7b9884847888f.yaml new file mode 100644 index 0000000000..9b69589518 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-cf7-db-cf64bc2fcdc70126dfb7b9884847888f.yaml @@ -0,0 +1,58 @@ +id: advanced-cf7-db-cf64bc2fcdc70126dfb7b9884847888f + +info: + name: > + Advanced Contact Form 7 DB <= 1.6.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14d48a81-c6b5-415f-8c82-5fd40b2e790a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-cf7-db/" + google-query: inurl:"/wp-content/plugins/advanced-cf7-db/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-cf7-db,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-cf7-db/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-cf7-db" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-classifieds-and-directory-pro-7909b368603f8e81e96e69064ab1be28.yaml b/nuclei-templates/cve-less/plugins/advanced-classifieds-and-directory-pro-7909b368603f8e81e96e69064ab1be28.yaml new file mode 100644 index 0000000000..79697d82df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-classifieds-and-directory-pro-7909b368603f8e81e96e69064ab1be28.yaml @@ -0,0 +1,58 @@ +id: advanced-classifieds-and-directory-pro-7909b368603f8e81e96e69064ab1be28 + +info: + name: > + Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5da189-838d-4c0b-a734-283c4da36473?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-classifieds-and-directory-pro/" + google-query: inurl:"/wp-content/plugins/advanced-classifieds-and-directory-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-classifieds-and-directory-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-classifieds-and-directory-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-classifieds-and-directory-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-coupons-for-woocommerce-free-bf87097eab97d5618311a5d6293581ee.yaml b/nuclei-templates/cve-less/plugins/advanced-coupons-for-woocommerce-free-bf87097eab97d5618311a5d6293581ee.yaml new file mode 100644 index 0000000000..c0ba7304b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-coupons-for-woocommerce-free-bf87097eab97d5618311a5d6293581ee.yaml @@ -0,0 +1,58 @@ +id: advanced-coupons-for-woocommerce-free-bf87097eab97d5618311a5d6293581ee + +info: + name: > + Advanced Coupons for WooCommerce Coupons <= 4.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66bd0a9f-66ec-42a5-a123-0a468bb43ed8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-coupons-for-woocommerce-free/" + google-query: inurl:"/wp-content/plugins/advanced-coupons-for-woocommerce-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-coupons-for-woocommerce-free,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-coupons-for-woocommerce-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-coupons-for-woocommerce-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-cron-manager-330ef9633d0984d1501cc01b4833593f.yaml b/nuclei-templates/cve-less/plugins/advanced-cron-manager-330ef9633d0984d1501cc01b4833593f.yaml new file mode 100644 index 0000000000..d545a158f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-cron-manager-330ef9633d0984d1501cc01b4833593f.yaml @@ -0,0 +1,58 @@ +id: advanced-cron-manager-330ef9633d0984d1501cc01b4833593f + +info: + name: > + Advanced Cron Manager – debug & control <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c8faa22-ff1f-4267-b690-a2c51c4807f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-cron-manager/" + google-query: inurl:"/wp-content/plugins/advanced-cron-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-cron-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-cron-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-cron-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-cron-manager-9b156b803761678f004bbe691278814c.yaml b/nuclei-templates/cve-less/plugins/advanced-cron-manager-9b156b803761678f004bbe691278814c.yaml new file mode 100644 index 0000000000..8badad1827 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-cron-manager-9b156b803761678f004bbe691278814c.yaml @@ -0,0 +1,58 @@ +id: advanced-cron-manager-9b156b803761678f004bbe691278814c + +info: + name: > + Advanced Cron Manager <= 2.4.1 - Subscriber+ Arbitrary Events/Schedules Creation/Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/935bf651-888e-4922-81fc-7e2e5a6fe3ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-cron-manager/" + google-query: inurl:"/wp-content/plugins/advanced-cron-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-cron-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-cron-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-cron-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-cron-manager-pro-9b156b803761678f004bbe691278814c.yaml b/nuclei-templates/cve-less/plugins/advanced-cron-manager-pro-9b156b803761678f004bbe691278814c.yaml new file mode 100644 index 0000000000..52fe5def73 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-cron-manager-pro-9b156b803761678f004bbe691278814c.yaml @@ -0,0 +1,58 @@ +id: advanced-cron-manager-pro-9b156b803761678f004bbe691278814c + +info: + name: > + Advanced Cron Manager <= 2.4.1 - Subscriber+ Arbitrary Events/Schedules Creation/Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/935bf651-888e-4922-81fc-7e2e5a6fe3ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-cron-manager-pro/" + google-query: inurl:"/wp-content/plugins/advanced-cron-manager-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-cron-manager-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-cron-manager-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-cron-manager-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-27283408ce212ababfa6ab6738bcc33b.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-27283408ce212ababfa6ab6738bcc33b.yaml new file mode 100644 index 0000000000..67e0a981b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-27283408ce212ababfa6ab6738bcc33b.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-27283408ce212ababfa6ab6738bcc33b + +info: + name: > + Advanced Custom Fields <= 5.12.2 - File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5bab390-1590-44f2-8c65-bc329955ed84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.12.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-3a746fc902e2b6559213043452550064.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-3a746fc902e2b6559213043452550064.yaml new file mode 100644 index 0000000000..d2fafdcc34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-3a746fc902e2b6559213043452550064.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-3a746fc902e2b6559213043452550064 + +info: + name: > + Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c51889e4-9ca2-4c3f-addb-8285579324f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-5ab0380f0225cb3f813fd2faf9e0804b.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-5ab0380f0225cb3f813fd2faf9e0804b.yaml new file mode 100644 index 0000000000..d328b2c621 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-5ab0380f0225cb3f813fd2faf9e0804b.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-5ab0380f0225cb3f813fd2faf9e0804b + +info: + name: > + Advanced Custom Fields <= 6.0.7 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b13e1916-2a02-4a91-acf1-6e5d7c55bd57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 6.0.0', '<= 6.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-62768c2e4740e3e20150e0c67af690b3.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-62768c2e4740e3e20150e0c67af690b3.yaml new file mode 100644 index 0000000000..232ebb1fef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-62768c2e4740e3e20150e0c67af690b3.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-62768c2e4740e3e20150e0c67af690b3 + +info: + name: > + Advanced Custom Fields 6.1 - 6.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f412bdb0-953d-4375-85c2-b87f3aa77d60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 6.1', '<= 6.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-72b80dd4bc94210ab9dd3b1876e438ee.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-72b80dd4bc94210ab9dd3b1876e438ee.yaml new file mode 100644 index 0000000000..c54bedbe55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-72b80dd4bc94210ab9dd3b1876e438ee.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-72b80dd4bc94210ab9dd3b1876e438ee + +info: + name: > + Advanced Custom Fields <= 5.8.11 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70110d50-853d-4972-a5a0-b5c566ba7de6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-73ae88fd78bf0becac09b57aa5f8c767.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-73ae88fd78bf0becac09b57aa5f8c767.yaml new file mode 100644 index 0000000000..ca08bf2bf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-73ae88fd78bf0becac09b57aa5f8c767.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-73ae88fd78bf0becac09b57aa5f8c767 + +info: + name: > + Advanced Custom Fields <= 6.0.2 - Authenticated (Contributor+) Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b26093a-ffb8-4d22-add1-eecd94f88129?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-a5138dbd3ab5f7be9499c9facaa915f6.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-a5138dbd3ab5f7be9499c9facaa915f6.yaml new file mode 100644 index 0000000000..7d1ced8f4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-a5138dbd3ab5f7be9499c9facaa915f6.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-a5138dbd3ab5f7be9499c9facaa915f6 + +info: + name: > + Advanced Custom Fields <= 5.12 - Authenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76cd5762-1ad4-4b76-8161-5a4ce4fc8118?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-a56a7a539382d6f88ae2afe6cc65c72c.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-a56a7a539382d6f88ae2afe6cc65c72c.yaml new file mode 100644 index 0000000000..3f3cbd7db0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-a56a7a539382d6f88ae2afe6cc65c72c.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-a56a7a539382d6f88ae2afe6cc65c72c + +info: + name: > + Advanced Custom Fields <= 5.7.7 - Author+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36d37997-ac50-4d00-bc12-f3904483e15f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-a884ba3ced03b9e7f96ca4d17e7aff9b.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-a884ba3ced03b9e7f96ca4d17e7aff9b.yaml new file mode 100644 index 0000000000..0f24c0318a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-a884ba3ced03b9e7f96ca4d17e7aff9b.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-a884ba3ced03b9e7f96ca4d17e7aff9b + +info: + name: > + Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3593dfd-7b2a-4d01-8af0-725b444dc81b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-d907690c5c767a972864a779d8ced723.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-d907690c5c767a972864a779d8ced723.yaml new file mode 100644 index 0000000000..5a2d9507d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-d907690c5c767a972864a779d8ced723.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-d907690c5c767a972864a779d8ced723 + +info: + name: > + Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1eb0852-00ef-489a-aa39-7d8603249deb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-db2d8a1251fb5f78024e34146e92e4d0.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-db2d8a1251fb5f78024e34146e92e4d0.yaml new file mode 100644 index 0000000000..5f6c9e7219 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-db2d8a1251fb5f78024e34146e92e4d0.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-db2d8a1251fb5f78024e34146e92e4d0 + +info: + name: > + Advanced Custom Fields <= 5.10 - Missing Authorization on Option Changes + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/878246f7-17c5-4ea0-a450-27244ace2717?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-ebdf981fa373e4823561a65bb577a1a2.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-ebdf981fa373e4823561a65bb577a1a2.yaml new file mode 100644 index 0000000000..e3a3305e1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-ebdf981fa373e4823561a65bb577a1a2.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-ebdf981fa373e4823561a65bb577a1a2 + +info: + name: > + Advanced Custom Fields (Free and Pro) 5.8.10 to 5.12.5 & 6.0.0 to 6.1.5 - Reflected Cross-Site Scripting via 'post_status' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7ae8dcd-00b6-4afc-85bb-6697820bb37c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 6.0.0', '<= 6.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-195a4f0d8d0765a9379e79abc595005a.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-195a4f0d8d0765a9379e79abc595005a.yaml new file mode 100644 index 0000000000..1539ff74fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-195a4f0d8d0765a9379e79abc595005a.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-pro-195a4f0d8d0765a9379e79abc595005a + +info: + name: > + Advanced Custom Fields Pro <= 5.9.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a09771da-a423-42ba-8f59-5c3bd189d9d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-3a746fc902e2b6559213043452550064.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-3a746fc902e2b6559213043452550064.yaml new file mode 100644 index 0000000000..08ee9caa65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-3a746fc902e2b6559213043452550064.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-pro-3a746fc902e2b6559213043452550064 + +info: + name: > + Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c51889e4-9ca2-4c3f-addb-8285579324f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-a5138dbd3ab5f7be9499c9facaa915f6.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-a5138dbd3ab5f7be9499c9facaa915f6.yaml new file mode 100644 index 0000000000..204e458364 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-a5138dbd3ab5f7be9499c9facaa915f6.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-pro-a5138dbd3ab5f7be9499c9facaa915f6 + +info: + name: > + Advanced Custom Fields <= 5.12 - Authenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76cd5762-1ad4-4b76-8161-5a4ce4fc8118?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-a884ba3ced03b9e7f96ca4d17e7aff9b.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-a884ba3ced03b9e7f96ca4d17e7aff9b.yaml new file mode 100644 index 0000000000..f2165b03b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-a884ba3ced03b9e7f96ca4d17e7aff9b.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-pro-a884ba3ced03b9e7f96ca4d17e7aff9b + +info: + name: > + Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3593dfd-7b2a-4d01-8af0-725b444dc81b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-d907690c5c767a972864a779d8ced723.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-d907690c5c767a972864a779d8ced723.yaml new file mode 100644 index 0000000000..a5704d603f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-d907690c5c767a972864a779d8ced723.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-pro-d907690c5c767a972864a779d8ced723 + +info: + name: > + Advanced Custom Fields <= 5.10 - Missing Authorization to Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1eb0852-00ef-489a-aa39-7d8603249deb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-db2d8a1251fb5f78024e34146e92e4d0.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-db2d8a1251fb5f78024e34146e92e4d0.yaml new file mode 100644 index 0000000000..cca5ff5640 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-db2d8a1251fb5f78024e34146e92e4d0.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-pro-db2d8a1251fb5f78024e34146e92e4d0 + +info: + name: > + Advanced Custom Fields <= 5.10 - Missing Authorization on Option Changes + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/878246f7-17c5-4ea0-a450-27244ace2717?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-ebdf981fa373e4823561a65bb577a1a2.yaml b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-ebdf981fa373e4823561a65bb577a1a2.yaml new file mode 100644 index 0000000000..fb02c25a93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-custom-fields-pro-ebdf981fa373e4823561a65bb577a1a2.yaml @@ -0,0 +1,58 @@ +id: advanced-custom-fields-pro-ebdf981fa373e4823561a65bb577a1a2 + +info: + name: > + Advanced Custom Fields (Free and Pro) 5.8.10 to 5.12.5 & 6.0.0 to 6.1.5 - Reflected Cross-Site Scripting via 'post_status' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7ae8dcd-00b6-4afc-85bb-6697820bb37c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-custom-fields-pro/" + google-query: inurl:"/wp-content/plugins/advanced-custom-fields-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-custom-fields-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-custom-fields-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-custom-fields-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 6.0.0', '<= 6.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-database-cleaner-317c2d6753e5308f0908f9dfb1cd475a.yaml b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-317c2d6753e5308f0908f9dfb1cd475a.yaml new file mode 100644 index 0000000000..28aa616914 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-317c2d6753e5308f0908f9dfb1cd475a.yaml @@ -0,0 +1,58 @@ +id: advanced-database-cleaner-317c2d6753e5308f0908f9dfb1cd475a + +info: + name: > + Advanced Database Cleaner <= 3.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/887ca432-5412-401c-8d4e-52dcb511e5ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-database-cleaner/" + google-query: inurl:"/wp-content/plugins/advanced-database-cleaner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-database-cleaner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-database-cleaner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-database-cleaner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-database-cleaner-655a7a3d142e2b2810e2cbdce0fda49a.yaml b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-655a7a3d142e2b2810e2cbdce0fda49a.yaml new file mode 100644 index 0000000000..0fe330cbdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-655a7a3d142e2b2810e2cbdce0fda49a.yaml @@ -0,0 +1,58 @@ +id: advanced-database-cleaner-655a7a3d142e2b2810e2cbdce0fda49a + +info: + name: > + Advanced Database Cleaner <= 3.0.1 - SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db484c8a-e46d-457b-b634-28d823ff2120?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-database-cleaner/" + google-query: inurl:"/wp-content/plugins/advanced-database-cleaner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-database-cleaner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-database-cleaner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-database-cleaner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-database-cleaner-662b0d4e06b53c4127af628452071119.yaml b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-662b0d4e06b53c4127af628452071119.yaml new file mode 100644 index 0000000000..827203f63b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-662b0d4e06b53c4127af628452071119.yaml @@ -0,0 +1,58 @@ +id: advanced-database-cleaner-662b0d4e06b53c4127af628452071119 + +info: + name: > + Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62c46925-8e97-4989-8c2c-56223d6911a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-database-cleaner/" + google-query: inurl:"/wp-content/plugins/advanced-database-cleaner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-database-cleaner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-database-cleaner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-database-cleaner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-database-cleaner-672e25f5e31f63e7bd1671bc45955d6f.yaml b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-672e25f5e31f63e7bd1671bc45955d6f.yaml new file mode 100644 index 0000000000..78d708042b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-672e25f5e31f63e7bd1671bc45955d6f.yaml @@ -0,0 +1,58 @@ +id: advanced-database-cleaner-672e25f5e31f63e7bd1671bc45955d6f + +info: + name: > + Advanced Database Cleaner <= 3.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5947859-df78-475b-89b4-ad2441d9cf63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-database-cleaner/" + google-query: inurl:"/wp-content/plugins/advanced-database-cleaner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-database-cleaner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-database-cleaner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-database-cleaner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-database-cleaner-6bf8881666d7b800c84c385bcfdc33c4.yaml b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-6bf8881666d7b800c84c385bcfdc33c4.yaml new file mode 100644 index 0000000000..7c6aa415a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-6bf8881666d7b800c84c385bcfdc33c4.yaml @@ -0,0 +1,58 @@ +id: advanced-database-cleaner-6bf8881666d7b800c84c385bcfdc33c4 + +info: + name: > + Advanced Database Cleaner <= 3.1.1 - Cross-Site Request Forgery via aDBc_save_settings_callback + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5af799a4-0aee-4601-943e-82cbc860ede5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-database-cleaner/" + google-query: inurl:"/wp-content/plugins/advanced-database-cleaner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-database-cleaner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-database-cleaner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-database-cleaner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-database-cleaner-f22c4e2a2ebc3ea71e41c368cf894811.yaml b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-f22c4e2a2ebc3ea71e41c368cf894811.yaml new file mode 100644 index 0000000000..b73d44bc5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-database-cleaner-f22c4e2a2ebc3ea71e41c368cf894811.yaml @@ -0,0 +1,58 @@ +id: advanced-database-cleaner-f22c4e2a2ebc3ea71e41c368cf894811 + +info: + name: > + Advanced Database Cleaner <= 3.1.3 - Authenticated(Administrator+) PHP Object Injection via process_bulk_action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b8c24b-3e51-4637-9d8e-da065077d082?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-database-cleaner/" + google-query: inurl:"/wp-content/plugins/advanced-database-cleaner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-database-cleaner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-database-cleaner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-database-cleaner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-dewplayer-9d0309e800290fb37ba28ab13061e40e.yaml b/nuclei-templates/cve-less/plugins/advanced-dewplayer-9d0309e800290fb37ba28ab13061e40e.yaml new file mode 100644 index 0000000000..522fd9a55a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-dewplayer-9d0309e800290fb37ba28ab13061e40e.yaml @@ -0,0 +1,58 @@ +id: advanced-dewplayer-9d0309e800290fb37ba28ab13061e40e + +info: + name: > + Advanced Dewplayer < 1.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f319613-2709-449c-9e13-b0f95ee0b88b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-dewplayer/" + google-query: inurl:"/wp-content/plugins/advanced-dewplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-dewplayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-dewplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-dewplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-13af69fc3b4639d4eee1c5f8765f3113.yaml b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-13af69fc3b4639d4eee1c5f8765f3113.yaml new file mode 100644 index 0000000000..2645d7ad3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-13af69fc3b4639d4eee1c5f8765f3113.yaml @@ -0,0 +1,58 @@ +id: advanced-dynamic-pricing-for-woocommerce-13af69fc3b4639d4eee1c5f8765f3113 + +info: + name: > + Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateProductOnlyToCommon function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59ff3445-0dfd-4a1a-9ac8-d088b8f4dbf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-dynamic-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-221eba2ef4992774b45479de6031a5d3.yaml b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-221eba2ef4992774b45479de6031a5d3.yaml new file mode 100644 index 0000000000..bee0bcbe21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-221eba2ef4992774b45479de6031a5d3.yaml @@ -0,0 +1,58 @@ +id: advanced-dynamic-pricing-for-woocommerce-221eba2ef4992774b45479de6031a5d3 + +info: + name: > + Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateProductOnlyToCommon function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f062ef2-ef94-47c2-8eba-dc7ff6c2537d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-dynamic-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-2b7649bf0d1b33f22a628883cdb8312a.yaml b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-2b7649bf0d1b33f22a628883cdb8312a.yaml new file mode 100644 index 0000000000..df6dbc93cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-2b7649bf0d1b33f22a628883cdb8312a.yaml @@ -0,0 +1,58 @@ +id: advanced-dynamic-pricing-for-woocommerce-2b7649bf0d1b33f22a628883cdb8312a + +info: + name: > + Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/009a6ae4-e9b5-4199-be25-b60e06dc136b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-dynamic-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-37fc83c506180cf381ac5dfbd233eafb.yaml b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-37fc83c506180cf381ac5dfbd233eafb.yaml new file mode 100644 index 0000000000..fa60b9485a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-37fc83c506180cf381ac5dfbd233eafb.yaml @@ -0,0 +1,58 @@ +id: advanced-dynamic-pricing-for-woocommerce-37fc83c506180cf381ac5dfbd233eafb + +info: + name: > + Advanced Dynamic Pricing for WooCommerce <= 4.1.3 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d379721-d629-433d-ba89-a74c9dec537e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-dynamic-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-69850835aba43cc07b9062e15e01dfd5.yaml b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-69850835aba43cc07b9062e15e01dfd5.yaml new file mode 100644 index 0000000000..daf0f47fd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-69850835aba43cc07b9062e15e01dfd5.yaml @@ -0,0 +1,58 @@ +id: advanced-dynamic-pricing-for-woocommerce-69850835aba43cc07b9062e15e01dfd5 + +info: + name: > + Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via migrateCommonToProductOnly function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/048768bf-326c-455e-919c-9691d6537062?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-dynamic-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-739c3b6a5da1b82e1034ec2752c5a42f.yaml b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-739c3b6a5da1b82e1034ec2752c5a42f.yaml new file mode 100644 index 0000000000..4d71c5aad1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-739c3b6a5da1b82e1034ec2752c5a42f.yaml @@ -0,0 +1,58 @@ +id: advanced-dynamic-pricing-for-woocommerce-739c3b6a5da1b82e1034ec2752c5a42f + +info: + name: > + Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84b609a5-d3d6-4a30-b55e-7f7972c64ccb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-dynamic-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-9036eb8b1e0f76afba77e37799b01f92.yaml b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-9036eb8b1e0f76afba77e37799b01f92.yaml new file mode 100644 index 0000000000..3bb2b837b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-9036eb8b1e0f76afba77e37799b01f92.yaml @@ -0,0 +1,58 @@ +id: advanced-dynamic-pricing-for-woocommerce-9036eb8b1e0f76afba77e37799b01f92 + +info: + name: > + Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculateSeveralProducts function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f58f994e-0a9b-4b40-9e38-535169c793d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-dynamic-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-bb5f8ff13ce89043a17957f4917820c9.yaml b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-bb5f8ff13ce89043a17957f4917820c9.yaml new file mode 100644 index 0000000000..9a938566e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-bb5f8ff13ce89043a17957f4917820c9.yaml @@ -0,0 +1,58 @@ +id: advanced-dynamic-pricing-for-woocommerce-bb5f8ff13ce89043a17957f4917820c9 + +info: + name: > + Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Cross-Site Request Forgery via handleSubmitAction function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/272c6fbb-bc85-46d9-b139-87534b2a0842?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-dynamic-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-bcf8e746293c2a8c7e07a4dcb5e63f07.yaml b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-bcf8e746293c2a8c7e07a4dcb5e63f07.yaml new file mode 100644 index 0000000000..66a3c99cc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-bcf8e746293c2a8c7e07a4dcb5e63f07.yaml @@ -0,0 +1,58 @@ +id: advanced-dynamic-pricing-for-woocommerce-bcf8e746293c2a8c7e07a4dcb5e63f07 + +info: + name: > + Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in migrateCommonToProductOnly function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de46743b-2cc6-4a29-bbc4-bc6cfb540e26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-dynamic-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-fc8048569d06ebc90ac21a7212b76518.yaml b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-fc8048569d06ebc90ac21a7212b76518.yaml new file mode 100644 index 0000000000..b36605ae0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-dynamic-pricing-for-woocommerce-fc8048569d06ebc90ac21a7212b76518.yaml @@ -0,0 +1,58 @@ +id: advanced-dynamic-pricing-for-woocommerce-fc8048569d06ebc90ac21a7212b76518 + +info: + name: > + Advanced Dynamic Pricing for WooCommerce <= 4.1.5 - Missing Authorization in ajaxCalculatePrice function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cefa293-c934-413e-b946-07e3060472ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-dynamic-pricing-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-dynamic-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-dynamic-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-facebook-twitter-widget-04f6cc7c3ad39880573726a5f936d0a4.yaml b/nuclei-templates/cve-less/plugins/advanced-facebook-twitter-widget-04f6cc7c3ad39880573726a5f936d0a4.yaml new file mode 100644 index 0000000000..f50a4984a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-facebook-twitter-widget-04f6cc7c3ad39880573726a5f936d0a4.yaml @@ -0,0 +1,58 @@ +id: advanced-facebook-twitter-widget-04f6cc7c3ad39880573726a5f936d0a4 + +info: + name: > + Advanced Social Feeds Widget & Shortcode <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cf894fd-37c7-4006-b868-d5d33f66cc5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-facebook-twitter-widget/" + google-query: inurl:"/wp-content/plugins/advanced-facebook-twitter-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-facebook-twitter-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-facebook-twitter-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-facebook-twitter-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-flamingo-608028938d46bc393127dab9f8a1b9fb.yaml b/nuclei-templates/cve-less/plugins/advanced-flamingo-608028938d46bc393127dab9f8a1b9fb.yaml new file mode 100644 index 0000000000..5cee9aa1c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-flamingo-608028938d46bc393127dab9f8a1b9fb.yaml @@ -0,0 +1,58 @@ +id: advanced-flamingo-608028938d46bc393127dab9f8a1b9fb + +info: + name: > + Advanced Flamingo <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ce8ad5f-05e8-4279-915a-1c94559d4e56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-flamingo/" + google-query: inurl:"/wp-content/plugins/advanced-flamingo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-flamingo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-flamingo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-flamingo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-floating-content-lite-18a7728320d1ae3570e8bc349a822d19.yaml b/nuclei-templates/cve-less/plugins/advanced-floating-content-lite-18a7728320d1ae3570e8bc349a822d19.yaml new file mode 100644 index 0000000000..dbaf4f075a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-floating-content-lite-18a7728320d1ae3570e8bc349a822d19.yaml @@ -0,0 +1,58 @@ +id: advanced-floating-content-lite-18a7728320d1ae3570e8bc349a822d19 + +info: + name: > + Advanced Floating Content Lite <= 1.2.5 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a798ffe0-b81d-4c5f-a864-ed72a5312a16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-floating-content-lite/" + google-query: inurl:"/wp-content/plugins/advanced-floating-content-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-floating-content-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-floating-content-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-floating-content-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-floating-content-lite-f9f9f8843b8a77c541ca723acfae2e44.yaml b/nuclei-templates/cve-less/plugins/advanced-floating-content-lite-f9f9f8843b8a77c541ca723acfae2e44.yaml new file mode 100644 index 0000000000..9603256a9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-floating-content-lite-f9f9f8843b8a77c541ca723acfae2e44.yaml @@ -0,0 +1,58 @@ +id: advanced-floating-content-lite-f9f9f8843b8a77c541ca723acfae2e44 + +info: + name: > + Advanced Floating Content <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9346103-9773-4cda-9b32-d3ce2076e8fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-floating-content-lite/" + google-query: inurl:"/wp-content/plugins/advanced-floating-content-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-floating-content-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-floating-content-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-floating-content-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-form-integration-78c3981cb87a9d312796397fd5fb8a1d.yaml b/nuclei-templates/cve-less/plugins/advanced-form-integration-78c3981cb87a9d312796397fd5fb8a1d.yaml new file mode 100644 index 0000000000..868e74eb99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-form-integration-78c3981cb87a9d312796397fd5fb8a1d.yaml @@ -0,0 +1,58 @@ +id: advanced-form-integration-78c3981cb87a9d312796397fd5fb8a1d + +info: + name: > + Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration <= 1.62.0 - Authenticated (Admin+) Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e9458e4-570e-4871-84ac-380107037b1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-form-integration/" + google-query: inurl:"/wp-content/plugins/advanced-form-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-form-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-form-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-form-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.62.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-form-integration-796ca63acc83e02954fe943ab729646a.yaml b/nuclei-templates/cve-less/plugins/advanced-form-integration-796ca63acc83e02954fe943ab729646a.yaml new file mode 100644 index 0000000000..e1f665fea4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-form-integration-796ca63acc83e02954fe943ab729646a.yaml @@ -0,0 +1,58 @@ +id: advanced-form-integration-796ca63acc83e02954fe943ab729646a + +info: + name: > + Advanced Form Integration <= 1.75.0 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5782b71-3234-4e53-9b26-225472f604c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-form-integration/" + google-query: inurl:"/wp-content/plugins/advanced-form-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-form-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-form-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-form-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.76.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-form-integration-cc61e989c9930149472e4334372ea609.yaml b/nuclei-templates/cve-less/plugins/advanced-form-integration-cc61e989c9930149472e4334372ea609.yaml new file mode 100644 index 0000000000..5212a4afae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-form-integration-cc61e989c9930149472e4334372ea609.yaml @@ -0,0 +1,58 @@ +id: advanced-form-integration-cc61e989c9930149472e4334372ea609 + +info: + name: > + Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms <= 1.82.0 - SQL Injection to Reflected Cross-Site Scripting via integration_id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45d5a677-9b8b-4258-9cfb-101b0f0e6f6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-form-integration/" + google-query: inurl:"/wp-content/plugins/advanced-form-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-form-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-form-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-form-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.82.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-forms-019da25ecceb2c42293b8bf9c83a7180.yaml b/nuclei-templates/cve-less/plugins/advanced-forms-019da25ecceb2c42293b8bf9c83a7180.yaml new file mode 100644 index 0000000000..29db27af85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-forms-019da25ecceb2c42293b8bf9c83a7180.yaml @@ -0,0 +1,58 @@ +id: advanced-forms-019da25ecceb2c42293b8bf9c83a7180 + +info: + name: > + Advanced Forms for ACF <= 1.9.3.2 - Missing Authorization to Unauthenticated Form Settings Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-forms/" + google-query: inurl:"/wp-content/plugins/advanced-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-forms-8f7e0f2cdbd50435173e1262f75f15c5.yaml b/nuclei-templates/cve-less/plugins/advanced-forms-8f7e0f2cdbd50435173e1262f75f15c5.yaml new file mode 100644 index 0000000000..0694be0b6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-forms-8f7e0f2cdbd50435173e1262f75f15c5.yaml @@ -0,0 +1,58 @@ +id: advanced-forms-8f7e0f2cdbd50435173e1262f75f15c5 + +info: + name: > + Advanced Forms for ACF <= 1.6.8 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c021686-3c9d-4382-be5c-9d4bf989cdcd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-forms/" + google-query: inurl:"/wp-content/plugins/advanced-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-free-flat-shipping-woocommerce-7e6cf0a72223b6dafdbb68257635237d.yaml b/nuclei-templates/cve-less/plugins/advanced-free-flat-shipping-woocommerce-7e6cf0a72223b6dafdbb68257635237d.yaml new file mode 100644 index 0000000000..f9babd7588 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-free-flat-shipping-woocommerce-7e6cf0a72223b6dafdbb68257635237d.yaml @@ -0,0 +1,58 @@ +id: advanced-free-flat-shipping-woocommerce-7e6cf0a72223b6dafdbb68257635237d + +info: + name: > + Advanced Flat rate shipping Woocommerce <= 1.6.4.4 - Cross-Site Request Forgery via enableDisable and deletePost + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27b14c6e-44fe-4acb-8058-613f65b6baa4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-free-flat-shipping-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-free-flat-shipping-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-free-flat-shipping-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-free-flat-shipping-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-free-flat-shipping-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-iframe-4d70d402016d1f4b86f60918b22119da.yaml b/nuclei-templates/cve-less/plugins/advanced-iframe-4d70d402016d1f4b86f60918b22119da.yaml new file mode 100644 index 0000000000..38927ff3c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-iframe-4d70d402016d1f4b86f60918b22119da.yaml @@ -0,0 +1,58 @@ +id: advanced-iframe-4d70d402016d1f4b86f60918b22119da + +info: + name: > + Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/699e5c80-8a11-4f67-8b17-41170d9c6411?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-iframe/" + google-query: inurl:"/wp-content/plugins/advanced-iframe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-iframe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-iframe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-iframe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2024.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-iframe-5ef4900200b4415e3b14a42418354f64.yaml b/nuclei-templates/cve-less/plugins/advanced-iframe-5ef4900200b4415e3b14a42418354f64.yaml new file mode 100644 index 0000000000..605f2793ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-iframe-5ef4900200b4415e3b14a42418354f64.yaml @@ -0,0 +1,58 @@ +id: advanced-iframe-5ef4900200b4415e3b14a42418354f64 + +info: + name: > + Advanced iFrame <= 2023.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9944443-2e71-45c4-8a19-d76863cf66df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-iframe/" + google-query: inurl:"/wp-content/plugins/advanced-iframe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-iframe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-iframe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-iframe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2023.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-iframe-750d46ec675a067e58f6ca5aa716c8bb.yaml b/nuclei-templates/cve-less/plugins/advanced-iframe-750d46ec675a067e58f6ca5aa716c8bb.yaml new file mode 100644 index 0000000000..5d82ee90c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-iframe-750d46ec675a067e58f6ca5aa716c8bb.yaml @@ -0,0 +1,58 @@ +id: advanced-iframe-750d46ec675a067e58f6ca5aa716c8bb + +info: + name: > + Advanced iFrame <= 2023.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e32c51d-2d96-4545-956f-64f65c54b33b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-iframe/" + google-query: inurl:"/wp-content/plugins/advanced-iframe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-iframe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-iframe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-iframe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2023.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-iframe-7af7b97a823a315642996f534f0bd2be.yaml b/nuclei-templates/cve-less/plugins/advanced-iframe-7af7b97a823a315642996f534f0bd2be.yaml new file mode 100644 index 0000000000..b4a34efd93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-iframe-7af7b97a823a315642996f534f0bd2be.yaml @@ -0,0 +1,58 @@ +id: advanced-iframe-7af7b97a823a315642996f534f0bd2be + +info: + name: > + Advanced iFrame <= 2021.9 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b72dcc68-df81-47ac-bd73-6aee87611b90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-iframe/" + google-query: inurl:"/wp-content/plugins/advanced-iframe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-iframe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-iframe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-iframe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2021.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-iframe-8cb4e5d28c572c7b2415f308b23aba3c.yaml b/nuclei-templates/cve-less/plugins/advanced-iframe-8cb4e5d28c572c7b2415f308b23aba3c.yaml new file mode 100644 index 0000000000..72b16df754 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-iframe-8cb4e5d28c572c7b2415f308b23aba3c.yaml @@ -0,0 +1,58 @@ +id: advanced-iframe-8cb4e5d28c572c7b2415f308b23aba3c + +info: + name: > + Advanced iFrame <= 2024.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/808ef87d-298c-4622-9fcd-cf879e7157bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-iframe/" + google-query: inurl:"/wp-content/plugins/advanced-iframe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-iframe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-iframe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-iframe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2024.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-image-sitemap-d3419d10a1c15957810bab79025cae18.yaml b/nuclei-templates/cve-less/plugins/advanced-image-sitemap-d3419d10a1c15957810bab79025cae18.yaml new file mode 100644 index 0000000000..52357dcde6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-image-sitemap-d3419d10a1c15957810bab79025cae18.yaml @@ -0,0 +1,58 @@ +id: advanced-image-sitemap-d3419d10a1c15957810bab79025cae18 + +info: + name: > + Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f89ce1c-3f5e-43cb-9dd2-7ab5880d78d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-image-sitemap/" + google-query: inurl:"/wp-content/plugins/advanced-image-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-image-sitemap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-image-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-image-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-import-21d84dd234ad676a469c1b281a9da497.yaml b/nuclei-templates/cve-less/plugins/advanced-import-21d84dd234ad676a469c1b281a9da497.yaml new file mode 100644 index 0000000000..7fdf62b86d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-import-21d84dd234ad676a469c1b281a9da497.yaml @@ -0,0 +1,58 @@ +id: advanced-import-21d84dd234ad676a469c1b281a9da497 + +info: + name: > + Advanced Import <= 1.3.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f107496b-020b-4222-91f3-49caba1a39db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-import/" + google-query: inurl:"/wp-content/plugins/advanced-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-import,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-4a9af0a7a0f9267c64d43cbcc0f6e60e.yaml b/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-4a9af0a7a0f9267c64d43cbcc0f6e60e.yaml new file mode 100644 index 0000000000..ecb317810b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-4a9af0a7a0f9267c64d43cbcc0f6e60e.yaml @@ -0,0 +1,58 @@ +id: advanced-local-pickup-for-woocommerce-4a9af0a7a0f9267c64d43cbcc0f6e60e + +info: + name: > + Advanced Local Pickup for WooCommerce <= 1.5.5 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/125e7ea3-574a-4760-b10b-7a98d94c87a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-local-pickup-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-local-pickup-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-local-pickup-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-local-pickup-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-53dce218cb6cdf713c943d61cbe1c885.yaml b/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-53dce218cb6cdf713c943d61cbe1c885.yaml new file mode 100644 index 0000000000..a8347b5ddd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-53dce218cb6cdf713c943d61cbe1c885.yaml @@ -0,0 +1,58 @@ +id: advanced-local-pickup-for-woocommerce-53dce218cb6cdf713c943d61cbe1c885 + +info: + name: > + Advanced Local Pickup for WooCommerce <= 1.5.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05ff8080-59e5-4d48-a69b-275a89eef758?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-local-pickup-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-local-pickup-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-local-pickup-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-local-pickup-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-bf4905bcfa1e978b4bbdcf9e3f9b15d3.yaml b/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-bf4905bcfa1e978b4bbdcf9e3f9b15d3.yaml new file mode 100644 index 0000000000..2190f1464a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-bf4905bcfa1e978b4bbdcf9e3f9b15d3.yaml @@ -0,0 +1,58 @@ +id: advanced-local-pickup-for-woocommerce-bf4905bcfa1e978b4bbdcf9e3f9b15d3 + +info: + name: > + Advanced Local Pickup for WooCommerce <= 1.6.1 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/575ec3a9-26f7-415b-9df6-d0401557a578?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-local-pickup-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-local-pickup-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-local-pickup-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-local-pickup-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-eb7c2afb91d54b1e8be36c66e317f588.yaml b/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-eb7c2afb91d54b1e8be36c66e317f588.yaml new file mode 100644 index 0000000000..e1efe2d8c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-local-pickup-for-woocommerce-eb7c2afb91d54b1e8be36c66e317f588.yaml @@ -0,0 +1,58 @@ +id: advanced-local-pickup-for-woocommerce-eb7c2afb91d54b1e8be36c66e317f588 + +info: + name: > + Advanced Local Pickup for WooCommerce <= 1.6.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22a1920e-2a3f-4996-873d-26e3930e6929?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-local-pickup-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-local-pickup-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-local-pickup-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-local-pickup-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-local-pickup-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-menu-widget-95d0775d6527d5eae5d7126ad333b363.yaml b/nuclei-templates/cve-less/plugins/advanced-menu-widget-95d0775d6527d5eae5d7126ad333b363.yaml new file mode 100644 index 0000000000..b2e65f3d0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-menu-widget-95d0775d6527d5eae5d7126ad333b363.yaml @@ -0,0 +1,58 @@ +id: advanced-menu-widget-95d0775d6527d5eae5d7126ad333b363 + +info: + name: > + Advanced Menu Widget <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5da2dac6-940c-419e-853f-6cfd5d53d427?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-menu-widget/" + google-query: inurl:"/wp-content/plugins/advanced-menu-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-menu-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-menu-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-menu-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-most-recent-posts-mod-b02147be7bebef844df5583704a48a3c.yaml b/nuclei-templates/cve-less/plugins/advanced-most-recent-posts-mod-b02147be7bebef844df5583704a48a3c.yaml new file mode 100644 index 0000000000..4e5fc50fe7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-most-recent-posts-mod-b02147be7bebef844df5583704a48a3c.yaml @@ -0,0 +1,58 @@ +id: advanced-most-recent-posts-mod-b02147be7bebef844df5583704a48a3c + +info: + name: > + Advanced Most Recent Posts Mod <= 1.6.5.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc4752-7a47-480c-82e2-54821e754f7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-most-recent-posts-mod/" + google-query: inurl:"/wp-content/plugins/advanced-most-recent-posts-mod/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-most-recent-posts-mod,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-most-recent-posts-mod/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-most-recent-posts-mod" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-nocaptcha-recaptcha-cbb68fdfa6e0c8d1d1dcc60eddde34f0.yaml b/nuclei-templates/cve-less/plugins/advanced-nocaptcha-recaptcha-cbb68fdfa6e0c8d1d1dcc60eddde34f0.yaml new file mode 100644 index 0000000000..878bd5a3fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-nocaptcha-recaptcha-cbb68fdfa6e0c8d1d1dcc60eddde34f0.yaml @@ -0,0 +1,58 @@ +id: advanced-nocaptcha-recaptcha-cbb68fdfa6e0c8d1d1dcc60eddde34f0 + +info: + name: > + CAPTCHA 4WP <= 7.0.6.1 - Cross-Site Request Forgery to Local File Inclusion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd97ef7d-80c7-4987-be79-23eb380fa460?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-nocaptcha-recaptcha/" + google-query: inurl:"/wp-content/plugins/advanced-nocaptcha-recaptcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-nocaptcha-recaptcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-nocaptcha-recaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-nocaptcha-recaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-51ed12a9f2c55cf6d27dee66a25ab3d5.yaml b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-51ed12a9f2c55cf6d27dee66a25ab3d5.yaml new file mode 100644 index 0000000000..a330234cdc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-51ed12a9f2c55cf6d27dee66a25ab3d5.yaml @@ -0,0 +1,58 @@ +id: advanced-page-visit-counter-51ed12a9f2c55cf6d27dee66a25ab3d5 + +info: + name: > + Advanced Page Visit Counter <= 8.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b497a36-4929-413f-abfc-1d81bfaa7889?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-page-visit-counter/" + google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-page-visit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-page-visit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-6868a3f667554717afcb5780d663774e.yaml b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-6868a3f667554717afcb5780d663774e.yaml new file mode 100644 index 0000000000..fcaa9bab78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-6868a3f667554717afcb5780d663774e.yaml @@ -0,0 +1,58 @@ +id: advanced-page-visit-counter-6868a3f667554717afcb5780d663774e + +info: + name: > + Advanced Page Visit Counter <= 8.0.6 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/511f64df-4389-4ad7-b2a4-12dc57714631?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-page-visit-counter/" + google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-page-visit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-page-visit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-6b14dff49fec7b24e0d17d0c9fb34f3e.yaml b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-6b14dff49fec7b24e0d17d0c9fb34f3e.yaml new file mode 100644 index 0000000000..7f53d5ec31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-6b14dff49fec7b24e0d17d0c9fb34f3e.yaml @@ -0,0 +1,58 @@ +id: advanced-page-visit-counter-6b14dff49fec7b24e0d17d0c9fb34f3e + +info: + name: > + Advanced Page Visit Counter <= 5.0.8 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f444568c-fe4c-4fa6-9b83-2d069f851360?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-page-visit-counter/" + google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-page-visit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-page-visit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-9c6b12242aa8d580a35fa22bad685fff.yaml b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-9c6b12242aa8d580a35fa22bad685fff.yaml new file mode 100644 index 0000000000..5a885060cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-9c6b12242aa8d580a35fa22bad685fff.yaml @@ -0,0 +1,58 @@ +id: advanced-page-visit-counter-9c6b12242aa8d580a35fa22bad685fff + +info: + name: > + Advanced Page Visit Counter <= 7.1.1 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1810cea5-cfca-4699-bf09-0e474d04acb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-page-visit-counter/" + google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-page-visit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-page-visit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-a606eb221eb05ffe5dadb8dd25fec864.yaml b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-a606eb221eb05ffe5dadb8dd25fec864.yaml new file mode 100644 index 0000000000..68eac5803c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-a606eb221eb05ffe5dadb8dd25fec864.yaml @@ -0,0 +1,58 @@ +id: advanced-page-visit-counter-a606eb221eb05ffe5dadb8dd25fec864 + +info: + name: > + Advanced Page Visit Counter <= 6.1.5 - Subscriber+ Blind SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96a0ca0c-7cd5-4be4-a833-fc15fff62362?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-page-visit-counter/" + google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-page-visit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-page-visit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-fb290f4001663ab9b3572ec6c32d0eb5.yaml b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-fb290f4001663ab9b3572ec6c32d0eb5.yaml new file mode 100644 index 0000000000..e6815eaee8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-page-visit-counter-fb290f4001663ab9b3572ec6c32d0eb5.yaml @@ -0,0 +1,58 @@ +id: advanced-page-visit-counter-fb290f4001663ab9b3572ec6c32d0eb5 + +info: + name: > + Advanced Page Visit Counter <= 6.4.2 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/871e5091-bb20-4a53-83e2-85ed6f26247a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-page-visit-counter/" + google-query: inurl:"/wp-content/plugins/advanced-page-visit-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-page-visit-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-page-visit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-page-visit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-popups-b8a8e0d0fe8b5ab801f2a60f0e606d3c.yaml b/nuclei-templates/cve-less/plugins/advanced-popups-b8a8e0d0fe8b5ab801f2a60f0e606d3c.yaml new file mode 100644 index 0000000000..0e1104a62a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-popups-b8a8e0d0fe8b5ab801f2a60f0e606d3c.yaml @@ -0,0 +1,58 @@ +id: advanced-popups-b8a8e0d0fe8b5ab801f2a60f0e606d3c + +info: + name: > + Advanced Popups <= 1.1.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc7b51e5-6eb7-41ba-add3-f083fb34c5e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-popups/" + google-query: inurl:"/wp-content/plugins/advanced-popups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-popups,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-popups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-popups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-post-block-504571f3f4f99ae23a7efdf0aa6a64d7.yaml b/nuclei-templates/cve-less/plugins/advanced-post-block-504571f3f4f99ae23a7efdf0aa6a64d7.yaml new file mode 100644 index 0000000000..2489265506 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-post-block-504571f3f4f99ae23a7efdf0aa6a64d7.yaml @@ -0,0 +1,58 @@ +id: advanced-post-block-504571f3f4f99ae23a7efdf0aa6a64d7 + +info: + name: > + Advanced Post Block – Display Posts, Pages, or Custom Posts on Your Page <= 1.13.4 - Missing Authorization to Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fb6c221-d885-42b5-977c-39e8608e3e31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-post-block/" + google-query: inurl:"/wp-content/plugins/advanced-post-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-post-block,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-post-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-post-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-post-list-dd776d5a9d71139420b6706ccdb1e25f.yaml b/nuclei-templates/cve-less/plugins/advanced-post-list-dd776d5a9d71139420b6706ccdb1e25f.yaml new file mode 100644 index 0000000000..f3362eaf8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-post-list-dd776d5a9d71139420b6706ccdb1e25f.yaml @@ -0,0 +1,58 @@ +id: advanced-post-list-dd776d5a9d71139420b6706ccdb1e25f + +info: + name: > + Advanced Post List <= 0.5.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07357de3-bbf5-40d3-a171-3b624b572e6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-post-list/" + google-query: inurl:"/wp-content/plugins/advanced-post-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-post-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-post-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-post-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-product-labels-for-woocommerce-949ecf55eab79c7524cfdba1c2344ca4.yaml b/nuclei-templates/cve-less/plugins/advanced-product-labels-for-woocommerce-949ecf55eab79c7524cfdba1c2344ca4.yaml new file mode 100644 index 0000000000..f4d67c3477 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-product-labels-for-woocommerce-949ecf55eab79c7524cfdba1c2344ca4.yaml @@ -0,0 +1,58 @@ +id: advanced-product-labels-for-woocommerce-949ecf55eab79c7524cfdba1c2344ca4 + +info: + name: > + Advanced Product Labels for WooCommerce <= 1.2.3.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ad806df-0a5c-4ef0-a335-2e34c9b62662?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-product-labels-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-product-labels-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-product-labels-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-product-labels-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-product-labels-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-product-labels-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/advanced-product-labels-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..99b0fcb169 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-product-labels-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: advanced-product-labels-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-product-labels-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/advanced-product-labels-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-product-labels-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-product-labels-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-product-labels-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-quiz-1044e73f9f4c90a4318631b027811f47.yaml b/nuclei-templates/cve-less/plugins/advanced-quiz-1044e73f9f4c90a4318631b027811f47.yaml new file mode 100644 index 0000000000..2b24318cbc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-quiz-1044e73f9f4c90a4318631b027811f47.yaml @@ -0,0 +1,58 @@ +id: advanced-quiz-1044e73f9f4c90a4318631b027811f47 + +info: + name: > + Wp-Adv-Quiz <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Title + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9053995a-b1de-427f-b16d-31fa8cd026b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-quiz/" + google-query: inurl:"/wp-content/plugins/advanced-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-quiz-84ca5039f02eeb82650dbead88aee202.yaml b/nuclei-templates/cve-less/plugins/advanced-quiz-84ca5039f02eeb82650dbead88aee202.yaml new file mode 100644 index 0000000000..34fcca2783 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-quiz-84ca5039f02eeb82650dbead88aee202.yaml @@ -0,0 +1,58 @@ +id: advanced-quiz-84ca5039f02eeb82650dbead88aee202 + +info: + name: > + Wp-Adv-Quiz <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Quiz Question and Message + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a5ae9f-b57c-4a71-b976-5975ad086c74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-quiz/" + google-query: inurl:"/wp-content/plugins/advanced-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-recent-posts-aedd5bdd6732fba44f64193c96bef864.yaml b/nuclei-templates/cve-less/plugins/advanced-recent-posts-aedd5bdd6732fba44f64193c96bef864.yaml new file mode 100644 index 0000000000..355c7c8c3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-recent-posts-aedd5bdd6732fba44f64193c96bef864.yaml @@ -0,0 +1,58 @@ +id: advanced-recent-posts-aedd5bdd6732fba44f64193c96bef864 + +info: + name: > + Advanced Recent Posts <= 0.6.14 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62abc1e8-155d-4726-81d3-ed2cc7dd7373?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-recent-posts/" + google-query: inurl:"/wp-content/plugins/advanced-recent-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-recent-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-recent-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-recent-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-schedule-posts-afd12d5545489eccaee099aa3bb1c0d7.yaml b/nuclei-templates/cve-less/plugins/advanced-schedule-posts-afd12d5545489eccaee099aa3bb1c0d7.yaml new file mode 100644 index 0000000000..8fac4dfc7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-schedule-posts-afd12d5545489eccaee099aa3bb1c0d7.yaml @@ -0,0 +1,58 @@ +id: advanced-schedule-posts-afd12d5545489eccaee099aa3bb1c0d7 + +info: + name: > + Advanced Schedule Posts <= 2.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47122866-8e40-42bc-84ed-60fc81247320?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-schedule-posts/" + google-query: inurl:"/wp-content/plugins/advanced-schedule-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-schedule-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-schedule-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-schedule-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-sermons-564170441cb69873b0d861ef3dcdaa9e.yaml b/nuclei-templates/cve-less/plugins/advanced-sermons-564170441cb69873b0d861ef3dcdaa9e.yaml new file mode 100644 index 0000000000..25b6444595 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-sermons-564170441cb69873b0d861ef3dcdaa9e.yaml @@ -0,0 +1,58 @@ +id: advanced-sermons-564170441cb69873b0d861ef3dcdaa9e + +info: + name: > + Advanced Sermons <= 3.1 - Reflected Cross-Site Scripting via s + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48f69a86-1007-4565-8311-9e542bd4d66b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-sermons/" + google-query: inurl:"/wp-content/plugins/advanced-sermons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-sermons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-sermons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-sermons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-sermons-88167a3eb5eaecbe4676b38334e8f643.yaml b/nuclei-templates/cve-less/plugins/advanced-sermons-88167a3eb5eaecbe4676b38334e8f643.yaml new file mode 100644 index 0000000000..8328147e97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-sermons-88167a3eb5eaecbe4676b38334e8f643.yaml @@ -0,0 +1,58 @@ +id: advanced-sermons-88167a3eb5eaecbe4676b38334e8f643 + +info: + name: > + Advanced Sermons <= 3.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cff6b26e-bafa-4b85-b7f1-eea9bb4b6476?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-sermons/" + google-query: inurl:"/wp-content/plugins/advanced-sermons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-sermons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-sermons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-sermons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-testimonial-carousel-for-elementor-afe32fcbbc30cab4f3e35a08cf6d7b9b.yaml b/nuclei-templates/cve-less/plugins/advanced-testimonial-carousel-for-elementor-afe32fcbbc30cab4f3e35a08cf6d7b9b.yaml new file mode 100644 index 0000000000..49d428f55e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-testimonial-carousel-for-elementor-afe32fcbbc30cab4f3e35a08cf6d7b9b.yaml @@ -0,0 +1,58 @@ +id: advanced-testimonial-carousel-for-elementor-afe32fcbbc30cab4f3e35a08cf6d7b9b + +info: + name: > + Advanced Testimonial Carousel for Elementor <= 3.0.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/256fb7f0-174a-4766-afd5-bc61e358da85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-testimonial-carousel-for-elementor/" + google-query: inurl:"/wp-content/plugins/advanced-testimonial-carousel-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-testimonial-carousel-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-testimonial-carousel-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-testimonial-carousel-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-text-widget-0bc66019a5442f087e2da571324acbb0.yaml b/nuclei-templates/cve-less/plugins/advanced-text-widget-0bc66019a5442f087e2da571324acbb0.yaml new file mode 100644 index 0000000000..df6306641e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-text-widget-0bc66019a5442f087e2da571324acbb0.yaml @@ -0,0 +1,58 @@ +id: advanced-text-widget-0bc66019a5442f087e2da571324acbb0 + +info: + name: > + Advanced Text Widget <= 2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5e011d3-bd0f-46cb-9fb1-af06bcb7e307?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-text-widget/" + google-query: inurl:"/wp-content/plugins/advanced-text-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-text-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-text-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-text-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-text-widget-eec11cac81b9e7efcb35b893f28148cb.yaml b/nuclei-templates/cve-less/plugins/advanced-text-widget-eec11cac81b9e7efcb35b893f28148cb.yaml new file mode 100644 index 0000000000..231d2b6437 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-text-widget-eec11cac81b9e7efcb35b893f28148cb.yaml @@ -0,0 +1,58 @@ +id: advanced-text-widget-eec11cac81b9e7efcb35b893f28148cb + +info: + name: > + Advanced Text Widget <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f622e20-2f7e-44ed-8237-fbf25323d2ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-text-widget/" + google-query: inurl:"/wp-content/plugins/advanced-text-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-text-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-text-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-text-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-text-widget-f8ef60664eb207643cf086f83584b3db.yaml b/nuclei-templates/cve-less/plugins/advanced-text-widget-f8ef60664eb207643cf086f83584b3db.yaml new file mode 100644 index 0000000000..460bf81354 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-text-widget-f8ef60664eb207643cf086f83584b3db.yaml @@ -0,0 +1,58 @@ +id: advanced-text-widget-f8ef60664eb207643cf086f83584b3db + +info: + name: > + Advanced Text Widget <= 2.1.2 - Missing Authorization via atw_dismiss_admin_notice + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3fe1313c-1368-4bcb-9d11-25b948da5547?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-text-widget/" + google-query: inurl:"/wp-content/plugins/advanced-text-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-text-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-text-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-text-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-uploader-501a1f4c716dcfc5dbf27f3bb41b2666.yaml b/nuclei-templates/cve-less/plugins/advanced-uploader-501a1f4c716dcfc5dbf27f3bb41b2666.yaml new file mode 100644 index 0000000000..815847cc1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-uploader-501a1f4c716dcfc5dbf27f3bb41b2666.yaml @@ -0,0 +1,58 @@ +id: advanced-uploader-501a1f4c716dcfc5dbf27f3bb41b2666 + +info: + name: > + Advanced uploader <= 4.2 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4137b8a6-532a-42fb-aa16-7d1de0e2f11f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-uploader/" + google-query: inurl:"/wp-content/plugins/advanced-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-woo-search-5b7332c185aca9ac9b78f6d0d022fb37.yaml b/nuclei-templates/cve-less/plugins/advanced-woo-search-5b7332c185aca9ac9b78f6d0d022fb37.yaml new file mode 100644 index 0000000000..470e747c85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-woo-search-5b7332c185aca9ac9b78f6d0d022fb37.yaml @@ -0,0 +1,58 @@ +id: advanced-woo-search-5b7332c185aca9ac9b78f6d0d022fb37 + +info: + name: > + Advanced Woo Search <= 2.96 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-woo-search/" + google-query: inurl:"/wp-content/plugins/advanced-woo-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-woo-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-woo-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-woo-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-woo-search-8e1ec5e631a2487f0c22f50d8172463a.yaml b/nuclei-templates/cve-less/plugins/advanced-woo-search-8e1ec5e631a2487f0c22f50d8172463a.yaml new file mode 100644 index 0000000000..3dd67b3552 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-woo-search-8e1ec5e631a2487f0c22f50d8172463a.yaml @@ -0,0 +1,58 @@ +id: advanced-woo-search-8e1ec5e631a2487f0c22f50d8172463a + +info: + name: > + Advanced Woo Search <= 2.00 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/add568d4-d615-40ff-9320-89869f825f81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-woo-search/" + google-query: inurl:"/wp-content/plugins/advanced-woo-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-woo-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-woo-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-woo-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.99') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-woo-search-bafdacae26c88640cb6e30b25ba66a73.yaml b/nuclei-templates/cve-less/plugins/advanced-woo-search-bafdacae26c88640cb6e30b25ba66a73.yaml new file mode 100644 index 0000000000..b925121f79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-woo-search-bafdacae26c88640cb6e30b25ba66a73.yaml @@ -0,0 +1,58 @@ +id: advanced-woo-search-bafdacae26c88640cb6e30b25ba66a73 + +info: + name: > + Advanced Woo Search <= 2.77 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4278e9d7-aa1e-47a5-b715-09dae5156303?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-woo-search/" + google-query: inurl:"/wp-content/plugins/advanced-woo-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-woo-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-woo-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-woo-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.77') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-wp-columns-46e70ce2d5b65ea57e5b89cf696f0367.yaml b/nuclei-templates/cve-less/plugins/advanced-wp-columns-46e70ce2d5b65ea57e5b89cf696f0367.yaml new file mode 100644 index 0000000000..99ad75e07a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-wp-columns-46e70ce2d5b65ea57e5b89cf696f0367.yaml @@ -0,0 +1,58 @@ +id: advanced-wp-columns-46e70ce2d5b65ea57e5b89cf696f0367 + +info: + name: > + Advanced WP Columns <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bde76d9-34f3-46c9-a05a-e5204b661b26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-wp-columns/" + google-query: inurl:"/wp-content/plugins/advanced-wp-columns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-wp-columns,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-wp-columns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-wp-columns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-wp-reset-2bd2ae0db95f304cf533ef5905d6a487.yaml b/nuclei-templates/cve-less/plugins/advanced-wp-reset-2bd2ae0db95f304cf533ef5905d6a487.yaml new file mode 100644 index 0000000000..ee25a16d1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-wp-reset-2bd2ae0db95f304cf533ef5905d6a487.yaml @@ -0,0 +1,58 @@ +id: advanced-wp-reset-2bd2ae0db95f304cf533ef5905d6a487 + +info: + name: > + Advanced WordPress Reset <= 1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8575c46-e51d-4be9-85bf-024688c4607d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-wp-reset/" + google-query: inurl:"/wp-content/plugins/advanced-wp-reset/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-wp-reset,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-wp-reset/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-wp-reset" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-youtube-channel-pagination-843692451d0aaf769ef716bbf02853d2.yaml b/nuclei-templates/cve-less/plugins/advanced-youtube-channel-pagination-843692451d0aaf769ef716bbf02853d2.yaml new file mode 100644 index 0000000000..9eeab24a5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-youtube-channel-pagination-843692451d0aaf769ef716bbf02853d2.yaml @@ -0,0 +1,58 @@ +id: advanced-youtube-channel-pagination-843692451d0aaf769ef716bbf02853d2 + +info: + name: > + Advanced Youtube Channel Pagination <= 1.0 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91898465-55fa-417c-8f00-ffe118232516?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-youtube-channel-pagination/" + google-query: inurl:"/wp-content/plugins/advanced-youtube-channel-pagination/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-youtube-channel-pagination,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-youtube-channel-pagination/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-youtube-channel-pagination" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/advanced-youtube-channel-pagination-f6df4debeaba888aeb7941d246864164.yaml b/nuclei-templates/cve-less/plugins/advanced-youtube-channel-pagination-f6df4debeaba888aeb7941d246864164.yaml new file mode 100644 index 0000000000..d0c338c113 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/advanced-youtube-channel-pagination-f6df4debeaba888aeb7941d246864164.yaml @@ -0,0 +1,58 @@ +id: advanced-youtube-channel-pagination-f6df4debeaba888aeb7941d246864164 + +info: + name: > + Advanced Youtube Channel Pagination <= 1.0 - Cross-Site Request Forgery to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d858f96-7363-4098-af2d-f6f96fc80071?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/advanced-youtube-channel-pagination/" + google-query: inurl:"/wp-content/plugins/advanced-youtube-channel-pagination/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,advanced-youtube-channel-pagination,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/advanced-youtube-channel-pagination/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "advanced-youtube-channel-pagination" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aesop-story-engine-d882520450a9e95c908e1ad71ca03592.yaml b/nuclei-templates/cve-less/plugins/aesop-story-engine-d882520450a9e95c908e1ad71ca03592.yaml new file mode 100644 index 0000000000..35b0fbb652 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aesop-story-engine-d882520450a9e95c908e1ad71ca03592.yaml @@ -0,0 +1,58 @@ +id: aesop-story-engine-d882520450a9e95c908e1ad71ca03592 + +info: + name: > + Aesop Story Engine <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93d8277f-3c5a-4024-a7c0-27ccb1a23cfc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aesop-story-engine/" + google-query: inurl:"/wp-content/plugins/aesop-story-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aesop-story-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aesop-story-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aesop-story-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affieasy-c0f8f6f17ac93058fc835ead77535268.yaml b/nuclei-templates/cve-less/plugins/affieasy-c0f8f6f17ac93058fc835ead77535268.yaml new file mode 100644 index 0000000000..beaa96df3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affieasy-c0f8f6f17ac93058fc835ead77535268.yaml @@ -0,0 +1,58 @@ +id: affieasy-c0f8f6f17ac93058fc835ead77535268 + +info: + name: > + AffiEasy <= 1.1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ea49a07-022e-4c9a-b1d3-ff900b337067?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affieasy/" + google-query: inurl:"/wp-content/plugins/affieasy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affieasy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affieasy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affieasy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-ads-builder-for-clickbank-products-9960c486a0af8a01fba712be84f42610.yaml b/nuclei-templates/cve-less/plugins/affiliate-ads-builder-for-clickbank-products-9960c486a0af8a01fba712be84f42610.yaml new file mode 100644 index 0000000000..4c7e741f2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-ads-builder-for-clickbank-products-9960c486a0af8a01fba712be84f42610.yaml @@ -0,0 +1,58 @@ +id: affiliate-ads-builder-for-clickbank-products-9960c486a0af8a01fba712be84f42610 + +info: + name: > + Affiliate Ads for Clickbank Products < 1.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f66f2ae-af54-4dfa-9cd2-c7ff3a3e865e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-ads-builder-for-clickbank-products/" + google-query: inurl:"/wp-content/plugins/affiliate-ads-builder-for-clickbank-products/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-ads-builder-for-clickbank-products,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-ads-builder-for-clickbank-products/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-ads-builder-for-clickbank-products" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-for-woocommerce-5e2a21e34446161fac44e66bf2f9139e.yaml b/nuclei-templates/cve-less/plugins/affiliate-for-woocommerce-5e2a21e34446161fac44e66bf2f9139e.yaml new file mode 100644 index 0000000000..807f981cfa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-for-woocommerce-5e2a21e34446161fac44e66bf2f9139e.yaml @@ -0,0 +1,58 @@ +id: affiliate-for-woocommerce-5e2a21e34446161fac44e66bf2f9139e + +info: + name: > + Affiliate For WooCommerce <= 4.7.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c829217a-c5be-4713-bbf4-c1ba829c1187?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/affiliate-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-for-woocommerce-6dc63a693616ad13933a53bb0a4503d9.yaml b/nuclei-templates/cve-less/plugins/affiliate-for-woocommerce-6dc63a693616ad13933a53bb0a4503d9.yaml new file mode 100644 index 0000000000..2e6bd12f13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-for-woocommerce-6dc63a693616ad13933a53bb0a4503d9.yaml @@ -0,0 +1,58 @@ +id: affiliate-for-woocommerce-6dc63a693616ad13933a53bb0a4503d9 + +info: + name: > + Affiliate For WooCommerce premium <= 4.7.0 - Authenticated Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6c3daf6-2225-4929-8e76-169d680118ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/affiliate-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-links-a7668a1f316cb3a4a10463e8f1f4e787.yaml b/nuclei-templates/cve-less/plugins/affiliate-links-a7668a1f316cb3a4a10463e8f1f4e787.yaml new file mode 100644 index 0000000000..a147b02dd5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-links-a7668a1f316cb3a4a10463e8f1f4e787.yaml @@ -0,0 +1,58 @@ +id: affiliate-links-a7668a1f316cb3a4a10463e8f1f4e787 + +info: + name: > + Affiliate Links Lite <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9511d8f1-ab96-4695-aa8c-16a3482a6de4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-links/" + google-query: inurl:"/wp-content/plugins/affiliate-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-pro-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/affiliate-pro-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..9bf4930d7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-pro-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: affiliate-pro-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-pro/" + google-query: inurl:"/wp-content/plugins/affiliate-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-solution-5b09bbfafab13caa853913e46666c79b.yaml b/nuclei-templates/cve-less/plugins/affiliate-solution-5b09bbfafab13caa853913e46666c79b.yaml new file mode 100644 index 0000000000..cefe8984e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-solution-5b09bbfafab13caa853913e46666c79b.yaml @@ -0,0 +1,58 @@ +id: affiliate-solution-5b09bbfafab13caa853913e46666c79b + +info: + name: > + AFFILIATE Solution <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef778a1d-d4ce-47fd-932b-9e86b38e2681?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-solution/" + google-query: inurl:"/wp-content/plugins/affiliate-solution/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-solution,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-solution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-solution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-4e7b022945e1e84a41ab0b83bedcfe7a.yaml b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-4e7b022945e1e84a41ab0b83bedcfe7a.yaml new file mode 100644 index 0000000000..0e25dbcfa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-4e7b022945e1e84a41ab0b83bedcfe7a.yaml @@ -0,0 +1,58 @@ +id: affiliate-toolkit-starter-4e7b022945e1e84a41ab0b83bedcfe7a + +info: + name: > + affiliate-toolkit <= 3.4.2 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9c273a3-c8b5-4f00-8daa-76fa486df0f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-toolkit-starter/" + google-query: inurl:"/wp-content/plugins/affiliate-toolkit-starter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-toolkit-starter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-toolkit-starter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-66e9bc6784c94720522599f8e4bbc15e.yaml b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-66e9bc6784c94720522599f8e4bbc15e.yaml new file mode 100644 index 0000000000..0977025461 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-66e9bc6784c94720522599f8e4bbc15e.yaml @@ -0,0 +1,58 @@ +id: affiliate-toolkit-starter-66e9bc6784c94720522599f8e4bbc15e + +info: + name: > + affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.9 - Open Redirect via atkpout.php + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06b332de-4f94-47dc-a573-53514adaf5c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-toolkit-starter/" + google-query: inurl:"/wp-content/plugins/affiliate-toolkit-starter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-toolkit-starter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-toolkit-starter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-67b32c2b2aa638ff335d272cd6273e53.yaml b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-67b32c2b2aa638ff335d272cd6273e53.yaml new file mode 100644 index 0000000000..c54dff55a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-67b32c2b2aa638ff335d272cd6273e53.yaml @@ -0,0 +1,58 @@ +id: affiliate-toolkit-starter-67b32c2b2aa638ff335d272cd6273e53 + +info: + name: > + affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_create_list + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e256b0-e4e3-4f41-842c-80aa2b80af72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-toolkit-starter/" + google-query: inurl:"/wp-content/plugins/affiliate-toolkit-starter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-toolkit-starter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-toolkit-starter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-6af7c3d9958b5f30ac2537a2fdf59735.yaml b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-6af7c3d9958b5f30ac2537a2fdf59735.yaml new file mode 100644 index 0000000000..07462a4f02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-6af7c3d9958b5f30ac2537a2fdf59735.yaml @@ -0,0 +1,58 @@ +id: affiliate-toolkit-starter-6af7c3d9958b5f30ac2537a2fdf59735 + +info: + name: > + affiliate-toolkit – WordPress Affiliate Plugin <= 3.5.4 - Missing Authorization via atkp_import_product + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d4d0176-3b7d-4de5-95ec-365873e6f13b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-toolkit-starter/" + google-query: inurl:"/wp-content/plugins/affiliate-toolkit-starter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-toolkit-starter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-toolkit-starter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-b20121a47df1b1b276886f5bf24ee99b.yaml b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-b20121a47df1b1b276886f5bf24ee99b.yaml new file mode 100644 index 0000000000..3db35ba387 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-b20121a47df1b1b276886f5bf24ee99b.yaml @@ -0,0 +1,58 @@ +id: affiliate-toolkit-starter-b20121a47df1b1b276886f5bf24ee99b + +info: + name: > + affiliate-toolkit – WordPress Affiliate Plugin <= 3.4.3 - Reflected Cross-Site Scripting via keyword + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f45738b-fff6-438e-8870-508c622c1752?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-toolkit-starter/" + google-query: inurl:"/wp-content/plugins/affiliate-toolkit-starter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-toolkit-starter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-toolkit-starter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-c364b3be5ae879c7f6b82ff2d4ab8d09.yaml b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-c364b3be5ae879c7f6b82ff2d4ab8d09.yaml new file mode 100644 index 0000000000..83b0309814 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-c364b3be5ae879c7f6b82ff2d4ab8d09.yaml @@ -0,0 +1,58 @@ +id: affiliate-toolkit-starter-c364b3be5ae879c7f6b82ff2d4ab8d09 + +info: + name: > + affiliate-toolkit <= 3.4.5 - Authenticated (Author+) Stored Cross-Site Scripting via ratings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecae113c-c66a-4f27-bf81-6679a4717ff8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-toolkit-starter/" + google-query: inurl:"/wp-content/plugins/affiliate-toolkit-starter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-toolkit-starter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-toolkit-starter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-fb9e76e2a53a99a1061be745850fe380.yaml b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-fb9e76e2a53a99a1061be745850fe380.yaml new file mode 100644 index 0000000000..652553b13c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliate-toolkit-starter-fb9e76e2a53a99a1061be745850fe380.yaml @@ -0,0 +1,58 @@ +id: affiliate-toolkit-starter-fb9e76e2a53a99a1061be745850fe380 + +info: + name: > + affiliate-toolkit – WordPress Affiliate Plugin <= 3.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8dda7b14-c341-434b-85f1-029f384c65d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliate-toolkit-starter/" + google-query: inurl:"/wp-content/plugins/affiliate-toolkit-starter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliate-toolkit-starter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliate-toolkit-starter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliate-toolkit-starter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliatebooster-blocks-29fccdeb7b52e0d6f66d4f325a03df63.yaml b/nuclei-templates/cve-less/plugins/affiliatebooster-blocks-29fccdeb7b52e0d6f66d4f325a03df63.yaml new file mode 100644 index 0000000000..4330b24f5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliatebooster-blocks-29fccdeb7b52e0d6f66d4f325a03df63.yaml @@ -0,0 +1,58 @@ +id: affiliatebooster-blocks-29fccdeb7b52e0d6f66d4f325a03df63 + +info: + name: > + Affiliate Booster – Pros & Cons, Notice, and CTA Blocks for Affiliates <= 3.0.5 - Cross-Site Request Forgery via process_bulk_action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b9eeb9-7ce4-446d-8ac0-af9cea0c893a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliatebooster-blocks/" + google-query: inurl:"/wp-content/plugins/affiliatebooster-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliatebooster-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliatebooster-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliatebooster-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliates-manager-0664d46ebb4d5beec24f857df0859063.yaml b/nuclei-templates/cve-less/plugins/affiliates-manager-0664d46ebb4d5beec24f857df0859063.yaml new file mode 100644 index 0000000000..5945dab51a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliates-manager-0664d46ebb4d5beec24f857df0859063.yaml @@ -0,0 +1,58 @@ +id: affiliates-manager-0664d46ebb4d5beec24f857df0859063 + +info: + name: > + Affiliates Manager <= 2.9.31 - Cross-Site Request Forgery via multiple AJAX actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/756b5e3e-46fa-483e-945a-86166e79d989?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliates-manager/" + google-query: inurl:"/wp-content/plugins/affiliates-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliates-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliates-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliates-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliates-manager-33941d22287915d817c6ffb3567c4ed8.yaml b/nuclei-templates/cve-less/plugins/affiliates-manager-33941d22287915d817c6ffb3567c4ed8.yaml new file mode 100644 index 0000000000..931b7ce3da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliates-manager-33941d22287915d817c6ffb3567c4ed8.yaml @@ -0,0 +1,58 @@ +id: affiliates-manager-33941d22287915d817c6ffb3567c4ed8 + +info: + name: > + Affiliates Manager <= 2.8.9 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d68e74c2-3732-40ae-b589-3a9159aff93d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliates-manager/" + google-query: inurl:"/wp-content/plugins/affiliates-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliates-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliates-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliates-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliates-manager-5c818a45f2a9dcd466f195a8752dd840.yaml b/nuclei-templates/cve-less/plugins/affiliates-manager-5c818a45f2a9dcd466f195a8752dd840.yaml new file mode 100644 index 0000000000..68aba627e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliates-manager-5c818a45f2a9dcd466f195a8752dd840.yaml @@ -0,0 +1,58 @@ +id: affiliates-manager-5c818a45f2a9dcd466f195a8752dd840 + +info: + name: > + Affiliates Manager <= 2.6.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33f07db9-ff4f-4f81-bf32-18b04d19624d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliates-manager/" + google-query: inurl:"/wp-content/plugins/affiliates-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliates-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliates-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliates-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliates-manager-6e35e7842129d49b737d83e066ce8d1a.yaml b/nuclei-templates/cve-less/plugins/affiliates-manager-6e35e7842129d49b737d83e066ce8d1a.yaml new file mode 100644 index 0000000000..11be22a61f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliates-manager-6e35e7842129d49b737d83e066ce8d1a.yaml @@ -0,0 +1,58 @@ +id: affiliates-manager-6e35e7842129d49b737d83e066ce8d1a + +info: + name: > + Affiliates Manager <= 2.9.30 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abc3f352-8568-4649-bf3c-dd0ce0295589?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliates-manager/" + google-query: inurl:"/wp-content/plugins/affiliates-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliates-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliates-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliates-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliates-manager-9029119eb68fd27e882d54dbd4a742cd.yaml b/nuclei-templates/cve-less/plugins/affiliates-manager-9029119eb68fd27e882d54dbd4a742cd.yaml new file mode 100644 index 0000000000..4c4c9388fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliates-manager-9029119eb68fd27e882d54dbd4a742cd.yaml @@ -0,0 +1,58 @@ +id: affiliates-manager-9029119eb68fd27e882d54dbd4a742cd + +info: + name: > + Affiliates Manager <= 2.9.13 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8582af5-92e9-43ef-836f-d87d5cf827d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliates-manager/" + google-query: inurl:"/wp-content/plugins/affiliates-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliates-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliates-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliates-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliates-manager-c3402d8baeb272f8f57711f60b17c812.yaml b/nuclei-templates/cve-less/plugins/affiliates-manager-c3402d8baeb272f8f57711f60b17c812.yaml new file mode 100644 index 0000000000..10c7c17400 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliates-manager-c3402d8baeb272f8f57711f60b17c812.yaml @@ -0,0 +1,58 @@ +id: affiliates-manager-c3402d8baeb272f8f57711f60b17c812 + +info: + name: > + Affiliates Manager <= 2.9.20 - Cross-Site Request Forgery via process_bulk_action() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1a6bdc8-ae74-4d0b-9c47-f4bf69158a44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliates-manager/" + google-query: inurl:"/wp-content/plugins/affiliates-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliates-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliates-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliates-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliates-manager-d32b9642e142675d1efb9d9aa59869ca.yaml b/nuclei-templates/cve-less/plugins/affiliates-manager-d32b9642e142675d1efb9d9aa59869ca.yaml new file mode 100644 index 0000000000..af0cf9aeb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliates-manager-d32b9642e142675d1efb9d9aa59869ca.yaml @@ -0,0 +1,58 @@ +id: affiliates-manager-d32b9642e142675d1efb9d9aa59869ca + +info: + name: > + Affiliates Manager <= 2.9.34 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliates-manager/" + google-query: inurl:"/wp-content/plugins/affiliates-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliates-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliates-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliates-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliates-manager-e1c03f1ab3bdbb028e55c2429bbfb1ad.yaml b/nuclei-templates/cve-less/plugins/affiliates-manager-e1c03f1ab3bdbb028e55c2429bbfb1ad.yaml new file mode 100644 index 0000000000..562d8f1f0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliates-manager-e1c03f1ab3bdbb028e55c2429bbfb1ad.yaml @@ -0,0 +1,58 @@ +id: affiliates-manager-e1c03f1ab3bdbb028e55c2429bbfb1ad + +info: + name: > + Affiliate Manager <= 2.8.6 - Admin+ SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98adce63-69e6-4a3b-97fe-ecd0480659f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliates-manager/" + google-query: inurl:"/wp-content/plugins/affiliates-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliates-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliates-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliates-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliates-manager-faf4e22f4322606f876df1073bff3e6f.yaml b/nuclei-templates/cve-less/plugins/affiliates-manager-faf4e22f4322606f876df1073bff3e6f.yaml new file mode 100644 index 0000000000..3519eec86a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliates-manager-faf4e22f4322606f876df1073bff3e6f.yaml @@ -0,0 +1,58 @@ +id: affiliates-manager-faf4e22f4322606f876df1073bff3e6f + +info: + name: > + Affiliates Manager <= 2.9.13 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9d5c661-bc81-4706-b930-6e3309f3d705?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/affiliates-manager/" + google-query: inurl:"/wp-content/plugins/affiliates-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,affiliates-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/affiliates-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affiliates-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/affiliatewp-9d0741a170ac5d20bebb10f83abadeaa.yaml b/nuclei-templates/cve-less/plugins/affiliatewp-9d0741a170ac5d20bebb10f83abadeaa.yaml new file mode 100644 index 0000000000..26b5b625c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/affiliatewp-9d0741a170ac5d20bebb10f83abadeaa.yaml @@ -0,0 +1,58 @@ +id: affiliatewp-9d0741a170ac5d20bebb10f83abadeaa + +info: + name: > + AffiliateWP <= 2.14.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eab422b8-8cf5-441e-a21f-6a0e1b7642b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/AffiliateWP/" + google-query: inurl:"/wp-content/plugins/AffiliateWP/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,AffiliateWP,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/AffiliateWP/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "AffiliateWP" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.14.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/afterpay-gateway-for-woocommerce-936cb1425d1afce350e246d7f6629f3f.yaml b/nuclei-templates/cve-less/plugins/afterpay-gateway-for-woocommerce-936cb1425d1afce350e246d7f6629f3f.yaml new file mode 100644 index 0000000000..72b86e90b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/afterpay-gateway-for-woocommerce-936cb1425d1afce350e246d7f6629f3f.yaml @@ -0,0 +1,58 @@ +id: afterpay-gateway-for-woocommerce-936cb1425d1afce350e246d7f6629f3f + +info: + name: > + Afterpay Gateway for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac381ed7-ff6a-4fbc-965b-80f3804b3c5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/afterpay-gateway-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/afterpay-gateway-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,afterpay-gateway-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/afterpay-gateway-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "afterpay-gateway-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ag-custom-admin-0fe1889336697580123eb1971e124832.yaml b/nuclei-templates/cve-less/plugins/ag-custom-admin-0fe1889336697580123eb1971e124832.yaml new file mode 100644 index 0000000000..0fe9d941fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ag-custom-admin-0fe1889336697580123eb1971e124832.yaml @@ -0,0 +1,58 @@ +id: ag-custom-admin-0fe1889336697580123eb1971e124832 + +info: + name: > + AGCA – Custom Dashboard & Login Page <= 7.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c787d28e-c942-415d-8227-ce3e940fd0cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ag-custom-admin/" + google-query: inurl:"/wp-content/plugins/ag-custom-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ag-custom-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ag-custom-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ag-custom-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ag-custom-admin-958209cd1cdd4ea5cb260b87d6b618da.yaml b/nuclei-templates/cve-less/plugins/ag-custom-admin-958209cd1cdd4ea5cb260b87d6b618da.yaml new file mode 100644 index 0000000000..91749dab8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ag-custom-admin-958209cd1cdd4ea5cb260b87d6b618da.yaml @@ -0,0 +1,58 @@ +id: ag-custom-admin-958209cd1cdd4ea5cb260b87d6b618da + +info: + name: > + Absolutely Glamorous Custom Admin <= 6.8 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15f38932-2687-4d71-8793-843058a657d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ag-custom-admin/" + google-query: inurl:"/wp-content/plugins/ag-custom-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ag-custom-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ag-custom-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ag-custom-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ag-custom-admin-b0c570c63a16100d4cac08a03560c9a1.yaml b/nuclei-templates/cve-less/plugins/ag-custom-admin-b0c570c63a16100d4cac08a03560c9a1.yaml new file mode 100644 index 0000000000..ac403a6ccf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ag-custom-admin-b0c570c63a16100d4cac08a03560c9a1.yaml @@ -0,0 +1,58 @@ +id: ag-custom-admin-b0c570c63a16100d4cac08a03560c9a1 + +info: + name: > + Absolutely Glamorous Custom Admin <= 7.2.3 - Authenticated (Admin+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fae8288-898a-4acd-bbdf-c2fd4f1be1c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ag-custom-admin/" + google-query: inurl:"/wp-content/plugins/ag-custom-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ag-custom-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ag-custom-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ag-custom-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ag-custom-admin-c65dc1c886e5406e004d2361f156725f.yaml b/nuclei-templates/cve-less/plugins/ag-custom-admin-c65dc1c886e5406e004d2361f156725f.yaml new file mode 100644 index 0000000000..3bafef5281 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ag-custom-admin-c65dc1c886e5406e004d2361f156725f.yaml @@ -0,0 +1,58 @@ +id: ag-custom-admin-c65dc1c886e5406e004d2361f156725f + +info: + name: > + Custom Dashboard & Login Page < 6.9.5 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f85f2fbb-5bd5-4508-abb0-36543b8ddaa2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ag-custom-admin/" + google-query: inurl:"/wp-content/plugins/ag-custom-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ag-custom-admin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ag-custom-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ag-custom-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/age-gate-97022dfbeffcbfe3aa12e117163569a4.yaml b/nuclei-templates/cve-less/plugins/age-gate-97022dfbeffcbfe3aa12e117163569a4.yaml new file mode 100644 index 0000000000..0a31033255 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/age-gate-97022dfbeffcbfe3aa12e117163569a4.yaml @@ -0,0 +1,58 @@ +id: age-gate-97022dfbeffcbfe3aa12e117163569a4 + +info: + name: > + Age Gate <= 2.17.0 - Cross-Site Scripting via Data Import + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36304098-fea7-4e67-a138-5670761c6338?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/age-gate/" + google-query: inurl:"/wp-content/plugins/age-gate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,age-gate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/age-gate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "age-gate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/age-verification-a5b4dc34f38723a5d47abbf10322cc89.yaml b/nuclei-templates/cve-less/plugins/age-verification-a5b4dc34f38723a5d47abbf10322cc89.yaml new file mode 100644 index 0000000000..7aa9c5f83e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/age-verification-a5b4dc34f38723a5d47abbf10322cc89.yaml @@ -0,0 +1,58 @@ +id: age-verification-a5b4dc34f38723a5d47abbf10322cc89 + +info: + name: > + Age Verification <= 0.4 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91021b7f-06d1-4403-81bd-ba082685e58e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/age-verification/" + google-query: inurl:"/wp-content/plugins/age-verification/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,age-verification,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/age-verification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "age-verification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/agenteasy-properties-246a1b75793883d17dc885e0bfc6e4bc.yaml b/nuclei-templates/cve-less/plugins/agenteasy-properties-246a1b75793883d17dc885e0bfc6e4bc.yaml new file mode 100644 index 0000000000..d9df2f4dc7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/agenteasy-properties-246a1b75793883d17dc885e0bfc6e4bc.yaml @@ -0,0 +1,58 @@ +id: agenteasy-properties-246a1b75793883d17dc885e0bfc6e4bc + +info: + name: > + AgentEasy Properties <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe961c5-de2b-4494-9d89-6bcc7f6d8cd9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/agenteasy-properties/" + google-query: inurl:"/wp-content/plugins/agenteasy-properties/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,agenteasy-properties,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/agenteasy-properties/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "agenteasy-properties" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/agile-store-locator-589dfcdba354fa240bd819df50a6a8aa.yaml b/nuclei-templates/cve-less/plugins/agile-store-locator-589dfcdba354fa240bd819df50a6a8aa.yaml new file mode 100644 index 0000000000..8c00351ff7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/agile-store-locator-589dfcdba354fa240bd819df50a6a8aa.yaml @@ -0,0 +1,58 @@ +id: agile-store-locator-589dfcdba354fa240bd819df50a6a8aa + +info: + name: > + Store Locator WordPress <= 1.4.14 - Authenticated(Administrator+) Directory Traversal to Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cb5c386-eee3-4e88-a827-766a4901f432?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/agile-store-locator/" + google-query: inurl:"/wp-content/plugins/agile-store-locator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,agile-store-locator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/agile-store-locator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "agile-store-locator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/agile-store-locator-944ac31152268777f0456da5b0f72ab2.yaml b/nuclei-templates/cve-less/plugins/agile-store-locator-944ac31152268777f0456da5b0f72ab2.yaml new file mode 100644 index 0000000000..1aa1f42228 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/agile-store-locator-944ac31152268777f0456da5b0f72ab2.yaml @@ -0,0 +1,58 @@ +id: agile-store-locator-944ac31152268777f0456da5b0f72ab2 + +info: + name: > + Store Locator WordPress <= 1.4.12 - Reflected Cross-Site Scripting via 'asl-nounce' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/424a5c60-db14-4a45-8c62-7a11ed377f1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/agile-store-locator/" + google-query: inurl:"/wp-content/plugins/agile-store-locator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,agile-store-locator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/agile-store-locator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "agile-store-locator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/agile-store-locator-9a7bc6474013942cb9ad4b06ba961bd0.yaml b/nuclei-templates/cve-less/plugins/agile-store-locator-9a7bc6474013942cb9ad4b06ba961bd0.yaml new file mode 100644 index 0000000000..18c237dc56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/agile-store-locator-9a7bc6474013942cb9ad4b06ba961bd0.yaml @@ -0,0 +1,58 @@ +id: agile-store-locator-9a7bc6474013942cb9ad4b06ba961bd0 + +info: + name: > + Store Locator WordPress <= 1.4.9 - Authenticated (Editor+) Stored Cross-Site Scripting via 'category_name', 'description', 'description_2' parameters + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1dad9de0-5e43-4dfd-a56c-5e9efff35c0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/agile-store-locator/" + google-query: inurl:"/wp-content/plugins/agile-store-locator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,agile-store-locator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/agile-store-locator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "agile-store-locator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/agile-store-locator-9bc085475e51bc522ac86c43319af153.yaml b/nuclei-templates/cve-less/plugins/agile-store-locator-9bc085475e51bc522ac86c43319af153.yaml new file mode 100644 index 0000000000..36522117cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/agile-store-locator-9bc085475e51bc522ac86c43319af153.yaml @@ -0,0 +1,58 @@ +id: agile-store-locator-9bc085475e51bc522ac86c43319af153 + +info: + name: > + Store Locator WordPress <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62831b8a-2c6c-44cd-9ed1-f188893bed35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/agile-store-locator/" + google-query: inurl:"/wp-content/plugins/agile-store-locator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,agile-store-locator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/agile-store-locator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "agile-store-locator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/agile-store-locator-dff478252e53a4d48eba850e27632073.yaml b/nuclei-templates/cve-less/plugins/agile-store-locator-dff478252e53a4d48eba850e27632073.yaml new file mode 100644 index 0000000000..005666106c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/agile-store-locator-dff478252e53a4d48eba850e27632073.yaml @@ -0,0 +1,58 @@ +id: agile-store-locator-dff478252e53a4d48eba850e27632073 + +info: + name: > + Store Locator WordPress <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4e1fe83-678f-4368-9810-16d9cd50b15c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/agile-store-locator/" + google-query: inurl:"/wp-content/plugins/agile-store-locator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,agile-store-locator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/agile-store-locator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "agile-store-locator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/agp-font-awesome-collection-6c437d39b10b5c27652f2e2c65e1a8bd.yaml b/nuclei-templates/cve-less/plugins/agp-font-awesome-collection-6c437d39b10b5c27652f2e2c65e1a8bd.yaml new file mode 100644 index 0000000000..a43f146435 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/agp-font-awesome-collection-6c437d39b10b5c27652f2e2c65e1a8bd.yaml @@ -0,0 +1,58 @@ +id: agp-font-awesome-collection-6c437d39b10b5c27652f2e2c65e1a8bd + +info: + name: > + AGP Font Awesome Collection <= 3.2.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4df1fc3-ea7e-4f41-a5f0-d3928f8add70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/agp-font-awesome-collection/" + google-query: inurl:"/wp-content/plugins/agp-font-awesome-collection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,agp-font-awesome-collection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/agp-font-awesome-collection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "agp-font-awesome-collection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/agp-font-awesome-collection-dbfd1d48ef4c46203463363bfd6d7743.yaml b/nuclei-templates/cve-less/plugins/agp-font-awesome-collection-dbfd1d48ef4c46203463363bfd6d7743.yaml new file mode 100644 index 0000000000..bb61f59f02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/agp-font-awesome-collection-dbfd1d48ef4c46203463363bfd6d7743.yaml @@ -0,0 +1,58 @@ +id: agp-font-awesome-collection-dbfd1d48ef4c46203463363bfd6d7743 + +info: + name: > + AGP Font Awesome Collection <= 3.2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abcb2e9f-a6f1-40c3-b419-e2f65ec5dd41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/agp-font-awesome-collection/" + google-query: inurl:"/wp-content/plugins/agp-font-awesome-collection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,agp-font-awesome-collection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/agp-font-awesome-collection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "agp-font-awesome-collection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ai-assistant-by-10web-3a0831746763e4cc6e13a3b507a11959.yaml b/nuclei-templates/cve-less/plugins/ai-assistant-by-10web-3a0831746763e4cc6e13a3b507a11959.yaml new file mode 100644 index 0000000000..e64b3f5eb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ai-assistant-by-10web-3a0831746763e4cc6e13a3b507a11959.yaml @@ -0,0 +1,58 @@ +id: ai-assistant-by-10web-3a0831746763e4cc6e13a3b507a11959 + +info: + name: > + 10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin Installation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/229245a5-468d-47b9-8f26-d23d593e91da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ai-assistant-by-10web/" + google-query: inurl:"/wp-content/plugins/ai-assistant-by-10web/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ai-assistant-by-10web,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-assistant-by-10web/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-assistant-by-10web" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ai-contact-us-4cb7b1b325a065f19e4694c97bc6e095.yaml b/nuclei-templates/cve-less/plugins/ai-contact-us-4cb7b1b325a065f19e4694c97bc6e095.yaml new file mode 100644 index 0000000000..1fbc53890b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ai-contact-us-4cb7b1b325a065f19e4694c97bc6e095.yaml @@ -0,0 +1,58 @@ +id: ai-contact-us-4cb7b1b325a065f19e4694c97bc6e095 + +info: + name: > + AI Contact Us Form <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9a65dc9-4c9a-4f19-bd1f-2ca8a6ded18c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ai-contact-us/" + google-query: inurl:"/wp-content/plugins/ai-contact-us/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ai-contact-us,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-contact-us/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-contact-us" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ai-content-writing-assistant-36f9c2eff3f6b6336f95cca8929b8fac.yaml b/nuclei-templates/cve-less/plugins/ai-content-writing-assistant-36f9c2eff3f6b6336f95cca8929b8fac.yaml new file mode 100644 index 0000000000..412ff885a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ai-content-writing-assistant-36f9c2eff3f6b6336f95cca8929b8fac.yaml @@ -0,0 +1,58 @@ +id: ai-content-writing-assistant-36f9c2eff3f6b6336f95cca8929b8fac + +info: + name: > + AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One <= 1.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3de1bcd7-24a8-4566-819b-d6653344e132?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ai-content-writing-assistant/" + google-query: inurl:"/wp-content/plugins/ai-content-writing-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ai-content-writing-assistant,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-content-writing-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-content-writing-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ai-engine-3184746777b9e1e2355cf98fc7ddb576.yaml b/nuclei-templates/cve-less/plugins/ai-engine-3184746777b9e1e2355cf98fc7ddb576.yaml new file mode 100644 index 0000000000..7478ac12f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ai-engine-3184746777b9e1e2355cf98fc7ddb576.yaml @@ -0,0 +1,58 @@ +id: ai-engine-3184746777b9e1e2355cf98fc7ddb576 + +info: + name: > + AI Engine: ChatGPT Chatbot, Content Generator, GPT 3 & 4, Ultra-Customizable <= 1.6.82 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d8f59b0-da92-43aa-990d-5271aa40d6b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ai-engine/" + google-query: inurl:"/wp-content/plugins/ai-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ai-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.83') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ai-engine-780696e15f2e9c20283c58547979c77d.yaml b/nuclei-templates/cve-less/plugins/ai-engine-780696e15f2e9c20283c58547979c77d.yaml new file mode 100644 index 0000000000..3b6755dec8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ai-engine-780696e15f2e9c20283c58547979c77d.yaml @@ -0,0 +1,58 @@ +id: ai-engine-780696e15f2e9c20283c58547979c77d + +info: + name: > + AI Engine <= 2.1.4 - Authenticated(Editor+) Arbitrary File Upload via add_image_from_url + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ai-engine/" + google-query: inurl:"/wp-content/plugins/ai-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ai-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ai-engine-be2a7ea44bcbe05b9601da197fe2fcd4.yaml b/nuclei-templates/cve-less/plugins/ai-engine-be2a7ea44bcbe05b9601da197fe2fcd4.yaml new file mode 100644 index 0000000000..eb436281b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ai-engine-be2a7ea44bcbe05b9601da197fe2fcd4.yaml @@ -0,0 +1,58 @@ +id: ai-engine-be2a7ea44bcbe05b9601da197fe2fcd4 + +info: + name: > + AI Engine: ChatGPT Chatbot <= 1.9.98 - Unauthenticated Arbitrary File Upload via rest_upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3fc4bac-9be0-4a1c-b4bb-4384d80e22f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ai-engine/" + google-query: inurl:"/wp-content/plugins/ai-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ai-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.98') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ai-engine-e074a411b9f033a38afc60d73e72553d.yaml b/nuclei-templates/cve-less/plugins/ai-engine-e074a411b9f033a38afc60d73e72553d.yaml new file mode 100644 index 0000000000..e362bed4d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ai-engine-e074a411b9f033a38afc60d73e72553d.yaml @@ -0,0 +1,58 @@ +id: ai-engine-e074a411b9f033a38afc60d73e72553d + +info: + name: > + AI Engine <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54344300-6288-40bc-b539-3dc9b555ed00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ai-engine/" + google-query: inurl:"/wp-content/plugins/ai-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ai-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ai-engine-f6ef0668f114bdc3d35c493842c984d6.yaml b/nuclei-templates/cve-less/plugins/ai-engine-f6ef0668f114bdc3d35c493842c984d6.yaml new file mode 100644 index 0000000000..5f35f77fb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ai-engine-f6ef0668f114bdc3d35c493842c984d6.yaml @@ -0,0 +1,58 @@ +id: ai-engine-f6ef0668f114bdc3d35c493842c984d6 + +info: + name: > + AI Engine <= 2.1.4 - Authenticated (Editor+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/206d343d-6ed6-461c-bf7d-cf5011ed956f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ai-engine/" + google-query: inurl:"/wp-content/plugins/ai-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ai-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ai-post-generator-9eed014edec42d5cd4860053e291ce89.yaml b/nuclei-templates/cve-less/plugins/ai-post-generator-9eed014edec42d5cd4860053e291ce89.yaml new file mode 100644 index 0000000000..2e74a32e1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ai-post-generator-9eed014edec42d5cd4860053e291ce89.yaml @@ -0,0 +1,58 @@ +id: ai-post-generator-9eed014edec42d5cd4860053e291ce89 + +info: + name: > + AI Post Generator | AutoWriter <= 3.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc47ca-15ca-4817-b1b8-389245725e73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ai-post-generator/" + google-query: inurl:"/wp-content/plugins/ai-post-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ai-post-generator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-post-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-post-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ai-twitter-feeds-bec7b3aa816a59f17fd4e32834f42e90.yaml b/nuclei-templates/cve-less/plugins/ai-twitter-feeds-bec7b3aa816a59f17fd4e32834f42e90.yaml new file mode 100644 index 0000000000..6a169e0bb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ai-twitter-feeds-bec7b3aa816a59f17fd4e32834f42e90.yaml @@ -0,0 +1,58 @@ +id: ai-twitter-feeds-bec7b3aa816a59f17fd4e32834f42e90 + +info: + name: > + AI Twitter Feeds (Twitter widget & shortcode) <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84b6f093-afd4-401f-ba82-d5be10b0fff8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ai-twitter-feeds/" + google-query: inurl:"/wp-content/plugins/ai-twitter-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ai-twitter-feeds,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-twitter-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-twitter-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ai-wp-writer-77df5424b8737ee4b8f9f9f20e1fee34.yaml b/nuclei-templates/cve-less/plugins/ai-wp-writer-77df5424b8737ee4b8f9f9f20e1fee34.yaml new file mode 100644 index 0000000000..8965e8e7b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ai-wp-writer-77df5424b8737ee4b8f9f9f20e1fee34.yaml @@ -0,0 +1,58 @@ +id: ai-wp-writer-77df5424b8737ee4b8f9f9f20e1fee34 + +info: + name: > + AI WP Writer <= 3.6.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d2da608-81a4-47b5-b23d-d18ab7bc2aa9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ai-wp-writer/" + google-query: inurl:"/wp-content/plugins/ai-wp-writer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ai-wp-writer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ai-wp-writer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ai-wp-writer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aikit-wordpress-ai-writing-assistant-using-gpt3-9466631ad739782449cdf9fdc36419ff.yaml b/nuclei-templates/cve-less/plugins/aikit-wordpress-ai-writing-assistant-using-gpt3-9466631ad739782449cdf9fdc36419ff.yaml new file mode 100644 index 0000000000..75be820c56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aikit-wordpress-ai-writing-assistant-using-gpt3-9466631ad739782449cdf9fdc36419ff.yaml @@ -0,0 +1,58 @@ +id: aikit-wordpress-ai-writing-assistant-using-gpt3-9466631ad739782449cdf9fdc36419ff + +info: + name: > + AIKit <= 4.14.1 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d50d0e87-a4be-465b-8cc1-4b56201c9fc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aikit-wordpress-ai-writing-assistant-using-gpt3/" + google-query: inurl:"/wp-content/plugins/aikit-wordpress-ai-writing-assistant-using-gpt3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aikit-wordpress-ai-writing-assistant-using-gpt3,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aikit-wordpress-ai-writing-assistant-using-gpt3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aikit-wordpress-ai-writing-assistant-using-gpt3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.14.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aio-time-clock-lite-395ce3ec44ad4bf8f5ea06caea1ca7c5.yaml b/nuclei-templates/cve-less/plugins/aio-time-clock-lite-395ce3ec44ad4bf8f5ea06caea1ca7c5.yaml new file mode 100644 index 0000000000..1c56ff2f7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aio-time-clock-lite-395ce3ec44ad4bf8f5ea06caea1ca7c5.yaml @@ -0,0 +1,58 @@ +id: aio-time-clock-lite-395ce3ec44ad4bf8f5ea06caea1ca7c5 + +info: + name: > + All in One Time Clok Lite <= 1.3.320 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e5c0282-6d13-4c83-8d1f-c49430f714d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aio-time-clock-lite/" + google-query: inurl:"/wp-content/plugins/aio-time-clock-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aio-time-clock-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aio-time-clock-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aio-time-clock-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.320') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-archive-calendar-2689d661f3ccd51f254bc58895e1f11d.yaml b/nuclei-templates/cve-less/plugins/ajax-archive-calendar-2689d661f3ccd51f254bc58895e1f11d.yaml new file mode 100644 index 0000000000..9d99a43e59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-archive-calendar-2689d661f3ccd51f254bc58895e1f11d.yaml @@ -0,0 +1,58 @@ +id: ajax-archive-calendar-2689d661f3ccd51f254bc58895e1f11d + +info: + name: > + Ajax Archive Calendar <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/664d22f2-b7a3-42df-9530-4040160ead2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-archive-calendar/" + google-query: inurl:"/wp-content/plugins/ajax-archive-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-archive-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-archive-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-archive-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-bootmodal-login-f3c89d2a491437ada76310350bb04447.yaml b/nuclei-templates/cve-less/plugins/ajax-bootmodal-login-f3c89d2a491437ada76310350bb04447.yaml new file mode 100644 index 0000000000..e09e906d9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-bootmodal-login-f3c89d2a491437ada76310350bb04447.yaml @@ -0,0 +1,58 @@ +id: ajax-bootmodal-login-f3c89d2a491437ada76310350bb04447 + +info: + name: > + Ajax BootModal Login <= 1.4.3 - CAPTCHA Reuse + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcac3b4e-b80f-4201-9e56-8990013c4ab9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-bootmodal-login/" + google-query: inurl:"/wp-content/plugins/ajax-bootmodal-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-bootmodal-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-bootmodal-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-bootmodal-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-domain-checker-61e6a79f794c5261dca1b1de62bb1bb1.yaml b/nuclei-templates/cve-less/plugins/ajax-domain-checker-61e6a79f794c5261dca1b1de62bb1bb1.yaml new file mode 100644 index 0000000000..cb3d5d600c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-domain-checker-61e6a79f794c5261dca1b1de62bb1bb1.yaml @@ -0,0 +1,58 @@ +id: ajax-domain-checker-61e6a79f794c5261dca1b1de62bb1bb1 + +info: + name: > + Ajax Domain Checker <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/699459a1-d407-4561-9d08-dd5d918ea601?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-domain-checker/" + google-query: inurl:"/wp-content/plugins/ajax-domain-checker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-domain-checker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-domain-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-domain-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-filter-posts-81e36fcfaba8f47f8b0cb1d0a7f67af8.yaml b/nuclei-templates/cve-less/plugins/ajax-filter-posts-81e36fcfaba8f47f8b0cb1d0a7f67af8.yaml new file mode 100644 index 0000000000..efc7755a0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-filter-posts-81e36fcfaba8f47f8b0cb1d0a7f67af8.yaml @@ -0,0 +1,58 @@ +id: ajax-filter-posts-81e36fcfaba8f47f8b0cb1d0a7f67af8 + +info: + name: > + Post Grid Master <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ebc0e28-ced8-4fb0-818d-1452faf9660d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-filter-posts/" + google-query: inurl:"/wp-content/plugins/ajax-filter-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-filter-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-filter-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-filter-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-filter-posts-de3ad2c14ae092820725df486681b852.yaml b/nuclei-templates/cve-less/plugins/ajax-filter-posts-de3ad2c14ae092820725df486681b852.yaml new file mode 100644 index 0000000000..3603714d9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-filter-posts-de3ad2c14ae092820725df486681b852.yaml @@ -0,0 +1,58 @@ +id: ajax-filter-posts-de3ad2c14ae092820725df486681b852 + +info: + name: > + Post Grid Master <= 3.4.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb3b8d0b-4e58-408c-9527-dc17f62d3167?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-filter-posts/" + google-query: inurl:"/wp-content/plugins/ajax-filter-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-filter-posts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-filter-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-filter-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-1e202ba9a2d031ffbc5309780a3c635a.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-1e202ba9a2d031ffbc5309780a3c635a.yaml new file mode 100644 index 0000000000..4ccbc209a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-load-more-1e202ba9a2d031ffbc5309780a3c635a.yaml @@ -0,0 +1,58 @@ +id: ajax-load-more-1e202ba9a2d031ffbc5309780a3c635a + +info: + name: > + WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/040ae20d-93e3-4c65-ba74-4ff0b5c1afc7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-load-more/" + google-query: inurl:"/wp-content/plugins/ajax-load-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-load-more,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-load-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-load-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-492664286a6eb9d8fced88f47715604a.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-492664286a6eb9d8fced88f47715604a.yaml new file mode 100644 index 0000000000..db485b0bdf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-load-more-492664286a6eb9d8fced88f47715604a.yaml @@ -0,0 +1,58 @@ +id: ajax-load-more-492664286a6eb9d8fced88f47715604a + +info: + name: > + Ajax Load More plugin < 5.3.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20eff8fc-0572-40b9-ab28-758c7ab8ed73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-load-more/" + google-query: inurl:"/wp-content/plugins/ajax-load-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-load-more,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-load-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-load-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-4f9a7c8d29cfd4a2c0b16e09a2e378ae.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-4f9a7c8d29cfd4a2c0b16e09a2e378ae.yaml new file mode 100644 index 0000000000..4c132aebdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-load-more-4f9a7c8d29cfd4a2c0b16e09a2e378ae.yaml @@ -0,0 +1,58 @@ +id: ajax-load-more-4f9a7c8d29cfd4a2c0b16e09a2e378ae + +info: + name: > + WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8957413c-95e0-49c8-ba8a-02b9b5141e08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-load-more/" + google-query: inurl:"/wp-content/plugins/ajax-load-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-load-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-load-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-load-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-581efb108579060acb9ef33538e40085.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-581efb108579060acb9ef33538e40085.yaml new file mode 100644 index 0000000000..18fe6d1b65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-load-more-581efb108579060acb9ef33538e40085.yaml @@ -0,0 +1,58 @@ +id: ajax-load-more-581efb108579060acb9ef33538e40085 + +info: + name: > + WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Authenticated (Admin+) Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d643d07-7533-430b-a1d8-8e66a2a2c5e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-load-more/" + google-query: inurl:"/wp-content/plugins/ajax-load-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-load-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-load-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-load-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-638d34b4766f8e2a63bed27bf53ab9d8.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-638d34b4766f8e2a63bed27bf53ab9d8.yaml new file mode 100644 index 0000000000..8139adc261 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-load-more-638d34b4766f8e2a63bed27bf53ab9d8.yaml @@ -0,0 +1,58 @@ +id: ajax-load-more-638d34b4766f8e2a63bed27bf53ab9d8 + +info: + name: > + WordPress Infinite Scroll - Ajax Load More <= 5.6.0.2 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9595fa45-6b00-4ee0-89aa-a236dbf82423?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-load-more/" + google-query: inurl:"/wp-content/plugins/ajax-load-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-load-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-load-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-load-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-8d9637ff6f7495cd146495e0fed931b5.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-8d9637ff6f7495cd146495e0fed931b5.yaml new file mode 100644 index 0000000000..7343b7e7f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-load-more-8d9637ff6f7495cd146495e0fed931b5.yaml @@ -0,0 +1,58 @@ +id: ajax-load-more-8d9637ff6f7495cd146495e0fed931b5 + +info: + name: > + Ajax Load More <= 7.0.1 - Authenticated (Admin+) Directory Traversal to Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86090ab4-9f1d-4a92-a302-118524a5ffaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-load-more/" + google-query: inurl:"/wp-content/plugins/ajax-load-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-load-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-load-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-load-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-anything-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-anything-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..f7cc4e3d1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-load-more-anything-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: ajax-load-more-anything-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-load-more-anything/" + google-query: inurl:"/wp-content/plugins/ajax-load-more-anything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-load-more-anything,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-load-more-anything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-load-more-anything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-anything-d42480a2d6aa4bbbab085fa708ce9549.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-anything-d42480a2d6aa4bbbab085fa708ce9549.yaml new file mode 100644 index 0000000000..78721c4ed2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-load-more-anything-d42480a2d6aa4bbbab085fa708ce9549.yaml @@ -0,0 +1,58 @@ +id: ajax-load-more-anything-d42480a2d6aa4bbbab085fa708ce9549 + +info: + name: > + Load More Anything <= 3.3.3 - Missing Authorization to Plugin Settings Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/797554c9-7008-451a-8e8d-3242a207347e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-load-more-anything/" + google-query: inurl:"/wp-content/plugins/ajax-load-more-anything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-load-more-anything,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-load-more-anything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-load-more-anything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-load-more-ed883dae9c66c1836affaf918e96286d.yaml b/nuclei-templates/cve-less/plugins/ajax-load-more-ed883dae9c66c1836affaf918e96286d.yaml new file mode 100644 index 0000000000..3603ba70b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-load-more-ed883dae9c66c1836affaf918e96286d.yaml @@ -0,0 +1,58 @@ +id: ajax-load-more-ed883dae9c66c1836affaf918e96286d + +info: + name: > + WordPress Infinite Scroll – Ajax Load More <= 6.1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3bcc0aa-281f-4c59-b3de-dde4277cc989?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-load-more/" + google-query: inurl:"/wp-content/plugins/ajax-load-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-load-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-load-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-load-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-login-and-registration-modal-popup-d5f5796dec9da2bb7306be7b46162089.yaml b/nuclei-templates/cve-less/plugins/ajax-login-and-registration-modal-popup-d5f5796dec9da2bb7306be7b46162089.yaml new file mode 100644 index 0000000000..6c4b3d7c39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-login-and-registration-modal-popup-d5f5796dec9da2bb7306be7b46162089.yaml @@ -0,0 +1,58 @@ +id: ajax-login-and-registration-modal-popup-d5f5796dec9da2bb7306be7b46162089 + +info: + name: > + AJAX Login and Registration modal popup + inline form <= 2.23 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9eeee18d-a035-4de6-a2fc-19479387c4df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-login-and-registration-modal-popup/" + google-query: inurl:"/wp-content/plugins/ajax-login-and-registration-modal-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-login-and-registration-modal-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-login-and-registration-modal-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-login-and-registration-modal-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-pagination-2a977820226e88678497823102fe2796.yaml b/nuclei-templates/cve-less/plugins/ajax-pagination-2a977820226e88678497823102fe2796.yaml new file mode 100644 index 0000000000..080ec448bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-pagination-2a977820226e88678497823102fe2796.yaml @@ -0,0 +1,58 @@ +id: ajax-pagination-2a977820226e88678497823102fe2796 + +info: + name: > + Ajax Pagination (twitter Style) <= 1.1 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d42eeda5-7034-4544-be97-8064ff6d3185?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-pagination/" + google-query: inurl:"/wp-content/plugins/ajax-pagination/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-pagination,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-pagination/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-pagination" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-random-post-f5f9272c971083b586bc76b67b0f159d.yaml b/nuclei-templates/cve-less/plugins/ajax-random-post-f5f9272c971083b586bc76b67b0f159d.yaml new file mode 100644 index 0000000000..6cd50eaf7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-random-post-f5f9272c971083b586bc76b67b0f159d.yaml @@ -0,0 +1,58 @@ +id: ajax-random-post-f5f9272c971083b586bc76b67b0f159d + +info: + name: > + AJAX Random Post <= 2.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bb13936-cbc0-4cba-bd62-ef6d9728a65a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-random-post/" + google-query: inurl:"/wp-content/plugins/ajax-random-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-random-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-random-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-random-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.00') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-search-for-woocommerce-6a2b5867f4b2cb8b9df53b8ba2dbfdc3.yaml b/nuclei-templates/cve-less/plugins/ajax-search-for-woocommerce-6a2b5867f4b2cb8b9df53b8ba2dbfdc3.yaml new file mode 100644 index 0000000000..685321307c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-search-for-woocommerce-6a2b5867f4b2cb8b9df53b8ba2dbfdc3.yaml @@ -0,0 +1,58 @@ +id: ajax-search-for-woocommerce-6a2b5867f4b2cb8b9df53b8ba2dbfdc3 + +info: + name: > + FiboSearch <= 1.17.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c171fb-5053-455d-8aa0-db51b80f7a65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-search-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/ajax-search-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-search-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-search-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-search-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-search-for-woocommerce-d03e7c1b36748ce86c160cf6fe252332.yaml b/nuclei-templates/cve-less/plugins/ajax-search-for-woocommerce-d03e7c1b36748ce86c160cf6fe252332.yaml new file mode 100644 index 0000000000..d9ad6dbd6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-search-for-woocommerce-d03e7c1b36748ce86c160cf6fe252332.yaml @@ -0,0 +1,58 @@ +id: ajax-search-for-woocommerce-d03e7c1b36748ce86c160cf6fe252332 + +info: + name: > + FiboSearch - AJAX Search for WooCommerce <= 1.23.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/880573d8-6dad-4a1b-a5db-33e1dc243062?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-search-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/ajax-search-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-search-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-search-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-search-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.23.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-search-lite-83c0864a3df9b4d7703e76d7c2b55658.yaml b/nuclei-templates/cve-less/plugins/ajax-search-lite-83c0864a3df9b4d7703e76d7c2b55658.yaml new file mode 100644 index 0000000000..f8641c8bc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-search-lite-83c0864a3df9b4d7703e76d7c2b55658.yaml @@ -0,0 +1,58 @@ +id: ajax-search-lite-83c0864a3df9b4d7703e76d7c2b55658 + +info: + name: > + Ajax Search Lite <= 4.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5e6cb50-8262-406b-b01e-37d62a4bd394?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-search-lite/" + google-query: inurl:"/wp-content/plugins/ajax-search-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-search-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-search-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-search-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-search-lite-a9cc73f9037d9cdf674a96fc1a0c0e0f.yaml b/nuclei-templates/cve-less/plugins/ajax-search-lite-a9cc73f9037d9cdf674a96fc1a0c0e0f.yaml new file mode 100644 index 0000000000..e1b6795f36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-search-lite-a9cc73f9037d9cdf674a96fc1a0c0e0f.yaml @@ -0,0 +1,58 @@ +id: ajax-search-lite-a9cc73f9037d9cdf674a96fc1a0c0e0f + +info: + name: > + Ajax Search Lite <= 4.10.3 - Missing Authorization leading to Authenticated (Subscriber+) Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f2c157b-cd5a-459d-8e26-859e686148dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-search-lite/" + google-query: inurl:"/wp-content/plugins/ajax-search-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-search-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-search-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-search-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-search-lite-d1c4ab98e28efbbf6dc7bca15dda3762.yaml b/nuclei-templates/cve-less/plugins/ajax-search-lite-d1c4ab98e28efbbf6dc7bca15dda3762.yaml new file mode 100644 index 0000000000..cfa606fa29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-search-lite-d1c4ab98e28efbbf6dc7bca15dda3762.yaml @@ -0,0 +1,58 @@ +id: ajax-search-lite-d1c4ab98e28efbbf6dc7bca15dda3762 + +info: + name: > + Ajax Search Lite <= 4.11.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19418da4-bef4-4cbc-901c-f2aeee39b3cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-search-lite/" + google-query: inurl:"/wp-content/plugins/ajax-search-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-search-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-search-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-search-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.11.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-search-pro-50dadf64810a03dde8b1e065c3742494.yaml b/nuclei-templates/cve-less/plugins/ajax-search-pro-50dadf64810a03dde8b1e065c3742494.yaml new file mode 100644 index 0000000000..185a67597c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-search-pro-50dadf64810a03dde8b1e065c3742494.yaml @@ -0,0 +1,58 @@ +id: ajax-search-pro-50dadf64810a03dde8b1e065c3742494 + +info: + name: > + Ajax Search Pro <= 4.26.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1a0d54f-08f7-4ec5-8cfe-6c4a6eb26748?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-search-pro/" + google-query: inurl:"/wp-content/plugins/ajax-search-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-search-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-search-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-search-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.26.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ajax-thumbnail-rebuild-4fe952dc4f33b2225826338b2a3f9203.yaml b/nuclei-templates/cve-less/plugins/ajax-thumbnail-rebuild-4fe952dc4f33b2225826338b2a3f9203.yaml new file mode 100644 index 0000000000..d231025511 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ajax-thumbnail-rebuild-4fe952dc4f33b2225826338b2a3f9203.yaml @@ -0,0 +1,58 @@ +id: ajax-thumbnail-rebuild-4fe952dc4f33b2225826338b2a3f9203 + +info: + name: > + AJAX Thumbnail Rebuild <= 1.13 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/039d2a35-fbd9-467b-ae98-2d47ff03fb2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ajax-thumbnail-rebuild/" + google-query: inurl:"/wp-content/plugins/ajax-thumbnail-rebuild/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ajax-thumbnail-rebuild,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ajax-thumbnail-rebuild/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ajax-thumbnail-rebuild" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/akismet-0b8de7e6634f1364f8cfc6fe68a06736.yaml b/nuclei-templates/cve-less/plugins/akismet-0b8de7e6634f1364f8cfc6fe68a06736.yaml new file mode 100644 index 0000000000..b1fb320eef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/akismet-0b8de7e6634f1364f8cfc6fe68a06736.yaml @@ -0,0 +1,58 @@ +id: akismet-0b8de7e6634f1364f8cfc6fe68a06736 + +info: + name: > + Akismet Spam Protection < 2.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e69122ed-8f18-4f2d-ba77-7538c7b6de6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/akismet/" + google-query: inurl:"/wp-content/plugins/akismet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,akismet,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/akismet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "akismet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/akismet-cff9e4a18682397642168ab27f023202.yaml b/nuclei-templates/cve-less/plugins/akismet-cff9e4a18682397642168ab27f023202.yaml new file mode 100644 index 0000000000..0fa286786a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/akismet-cff9e4a18682397642168ab27f023202.yaml @@ -0,0 +1,58 @@ +id: akismet-cff9e4a18682397642168ab27f023202 + +info: + name: > + Akismet <= 3.1.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51b60e28-fb43-434a-88ca-3c73a8e89d40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/akismet/" + google-query: inurl:"/wp-content/plugins/akismet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,akismet,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/akismet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "akismet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/akismet-privacy-policies-7d62761bf9e985cd9ec96ef45ca051b2.yaml b/nuclei-templates/cve-less/plugins/akismet-privacy-policies-7d62761bf9e985cd9ec96ef45ca051b2.yaml new file mode 100644 index 0000000000..aded4af2d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/akismet-privacy-policies-7d62761bf9e985cd9ec96ef45ca051b2.yaml @@ -0,0 +1,58 @@ +id: akismet-privacy-policies-7d62761bf9e985cd9ec96ef45ca051b2 + +info: + name: > + Akismet Privacy Policies <= 2.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a195892b-75d3-4a5d-86e1-4eb4b9f62624?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/akismet-privacy-policies/" + google-query: inurl:"/wp-content/plugins/akismet-privacy-policies/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,akismet-privacy-policies,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/akismet-privacy-policies/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "akismet-privacy-policies" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-1a93903cd8703be96d5ab3384ff96410.yaml b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-1a93903cd8703be96d5ab3384ff96410.yaml new file mode 100644 index 0000000000..4fe7515b14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-1a93903cd8703be96d5ab3384ff96410.yaml @@ -0,0 +1,58 @@ +id: albo-pretorio-on-line-1a93903cd8703be96d5ab3384ff96410 + +info: + name: > + Albo Pretorio Online <= 4.6.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b186c98e-6a8d-4675-aaaa-c6748319dec1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/albo-pretorio-on-line/" + google-query: inurl:"/wp-content/plugins/albo-pretorio-on-line/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,albo-pretorio-on-line,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/albo-pretorio-on-line/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "albo-pretorio-on-line" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-5dcbe902f6c095827d48543a0e5195b8.yaml b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-5dcbe902f6c095827d48543a0e5195b8.yaml new file mode 100644 index 0000000000..eb94179f53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-5dcbe902f6c095827d48543a0e5195b8.yaml @@ -0,0 +1,58 @@ +id: albo-pretorio-on-line-5dcbe902f6c095827d48543a0e5195b8 + +info: + name: > + Albo Pretorio Online <= 4.6.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1a3ea4c-163f-406c-a819-92d3157fd93f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/albo-pretorio-on-line/" + google-query: inurl:"/wp-content/plugins/albo-pretorio-on-line/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,albo-pretorio-on-line,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/albo-pretorio-on-line/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "albo-pretorio-on-line" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-6838ce604685d145899a0da7953c236d.yaml b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-6838ce604685d145899a0da7953c236d.yaml new file mode 100644 index 0000000000..d719b4a6ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-6838ce604685d145899a0da7953c236d.yaml @@ -0,0 +1,58 @@ +id: albo-pretorio-on-line-6838ce604685d145899a0da7953c236d + +info: + name: > + Albo Pretorio Online <= 4.6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fbcd728-d2a2-4787-841d-0ce77356f737?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/albo-pretorio-on-line/" + google-query: inurl:"/wp-content/plugins/albo-pretorio-on-line/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,albo-pretorio-on-line,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/albo-pretorio-on-line/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "albo-pretorio-on-line" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-79d3f2b9565b075a8be7591881880990.yaml b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-79d3f2b9565b075a8be7591881880990.yaml new file mode 100644 index 0000000000..268d4c5981 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-79d3f2b9565b075a8be7591881880990.yaml @@ -0,0 +1,58 @@ +id: albo-pretorio-on-line-79d3f2b9565b075a8be7591881880990 + +info: + name: > + Albo Pretorio Online <= 4.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92f8e3b7-a896-494b-96cd-6ecb8918ebd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/albo-pretorio-on-line/" + google-query: inurl:"/wp-content/plugins/albo-pretorio-on-line/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,albo-pretorio-on-line,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/albo-pretorio-on-line/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "albo-pretorio-on-line" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-c50e397cbcec3a24df13ba5f0440e5c0.yaml b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-c50e397cbcec3a24df13ba5f0440e5c0.yaml new file mode 100644 index 0000000000..971d10d8f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-c50e397cbcec3a24df13ba5f0440e5c0.yaml @@ -0,0 +1,58 @@ +id: albo-pretorio-on-line-c50e397cbcec3a24df13ba5f0440e5c0 + +info: + name: > + Albo Pretorio Online <= 4.6 - Reflected Cross-Site Scripting via 'Errore' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad8f8c41-a3b9-4287-b6b2-489fb77b7553?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/albo-pretorio-on-line/" + google-query: inurl:"/wp-content/plugins/albo-pretorio-on-line/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,albo-pretorio-on-line,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/albo-pretorio-on-line/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "albo-pretorio-on-line" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-dce5f7b0fd01a31b21d6138c4476ff92.yaml b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-dce5f7b0fd01a31b21d6138c4476ff92.yaml new file mode 100644 index 0000000000..48624783df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/albo-pretorio-on-line-dce5f7b0fd01a31b21d6138c4476ff92.yaml @@ -0,0 +1,58 @@ +id: albo-pretorio-on-line-dce5f7b0fd01a31b21d6138c4476ff92 + +info: + name: > + Albo Pretorio Online <= 4.6.6 - Unauthenticated Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3535fad2-9b2d-4721-9e5d-cfe609df00ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/albo-pretorio-on-line/" + google-query: inurl:"/wp-content/plugins/albo-pretorio-on-line/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,albo-pretorio-on-line,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/albo-pretorio-on-line/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "albo-pretorio-on-line" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/album-and-image-gallery-plus-lightbox-3d269a7750029141d9d3783312ca3377.yaml b/nuclei-templates/cve-less/plugins/album-and-image-gallery-plus-lightbox-3d269a7750029141d9d3783312ca3377.yaml new file mode 100644 index 0000000000..cec720c25a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/album-and-image-gallery-plus-lightbox-3d269a7750029141d9d3783312ca3377.yaml @@ -0,0 +1,58 @@ +id: album-and-image-gallery-plus-lightbox-3d269a7750029141d9d3783312ca3377 + +info: + name: > + Album and Image Gallery plus Lightbox <= 1.6.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/467a9b16-b57c-417c-b4e1-9f3edc80b5df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/album-and-image-gallery-plus-lightbox/" + google-query: inurl:"/wp-content/plugins/album-and-image-gallery-plus-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,album-and-image-gallery-plus-lightbox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/album-and-image-gallery-plus-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "album-and-image-gallery-plus-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2.') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/album-and-image-gallery-plus-lightbox-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/album-and-image-gallery-plus-lightbox-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..40ec5aa62c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/album-and-image-gallery-plus-lightbox-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: album-and-image-gallery-plus-lightbox-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/album-and-image-gallery-plus-lightbox/" + google-query: inurl:"/wp-content/plugins/album-and-image-gallery-plus-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,album-and-image-gallery-plus-lightbox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/album-and-image-gallery-plus-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "album-and-image-gallery-plus-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alert-before-your-post-47f5d0213d6a55b30c759752f9fa351e.yaml b/nuclei-templates/cve-less/plugins/alert-before-your-post-47f5d0213d6a55b30c759752f9fa351e.yaml new file mode 100644 index 0000000000..7fd7602183 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alert-before-your-post-47f5d0213d6a55b30c759752f9fa351e.yaml @@ -0,0 +1,58 @@ +id: alert-before-your-post-47f5d0213d6a55b30c759752f9fa351e + +info: + name: > + Alert Before Your Post <= 0.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7b33c5-ced5-4ce5-acc1-4c3d935f8749?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alert-before-your-post/" + google-query: inurl:"/wp-content/plugins/alert-before-your-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alert-before-your-post,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alert-before-your-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alert-before-your-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alfred-click-collect-58928e38edbab233a84020a472a44caa.yaml b/nuclei-templates/cve-less/plugins/alfred-click-collect-58928e38edbab233a84020a472a44caa.yaml new file mode 100644 index 0000000000..5b2d859653 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alfred-click-collect-58928e38edbab233a84020a472a44caa.yaml @@ -0,0 +1,58 @@ +id: alfred-click-collect-58928e38edbab233a84020a472a44caa + +info: + name: > + alfred24 Click & Collect <= 1.1.7 - Authenticated (Administrator+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10ef8475-4ec5-4412-97f6-3abdb4442b92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alfred-click-collect/" + google-query: inurl:"/wp-content/plugins/alfred-click-collect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alfred-click-collect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alfred-click-collect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alfred-click-collect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alipay-32ce162d5a195b7dc3b119d3f49907dd.yaml b/nuclei-templates/cve-less/plugins/alipay-32ce162d5a195b7dc3b119d3f49907dd.yaml new file mode 100644 index 0000000000..e1d25ee398 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alipay-32ce162d5a195b7dc3b119d3f49907dd.yaml @@ -0,0 +1,58 @@ +id: alipay-32ce162d5a195b7dc3b119d3f49907dd + +info: + name: > + WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 <= 3.7.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e27a9cb-0df8-4570-b7b5-7aa6c15d2e43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alipay/" + google-query: inurl:"/wp-content/plugins/alipay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alipay,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alipay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alipay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alipay-e94f4c2cbdc244ce8cd5d182c9382536.yaml b/nuclei-templates/cve-less/plugins/alipay-e94f4c2cbdc244ce8cd5d182c9382536.yaml new file mode 100644 index 0000000000..038d7bbf8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alipay-e94f4c2cbdc244ce8cd5d182c9382536.yaml @@ -0,0 +1,58 @@ +id: alipay-e94f4c2cbdc244ce8cd5d182c9382536 + +info: + name: > + WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 < 3.7.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c12074f-9a19-49cb-9d74-b759c7391d3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alipay/" + google-query: inurl:"/wp-content/plugins/alipay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alipay,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alipay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alipay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-404-pages-redirect-to-homepage-bef2b57812116d5514b05222293f3067.yaml b/nuclei-templates/cve-less/plugins/all-404-pages-redirect-to-homepage-bef2b57812116d5514b05222293f3067.yaml new file mode 100644 index 0000000000..738f4c3d9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-404-pages-redirect-to-homepage-bef2b57812116d5514b05222293f3067.yaml @@ -0,0 +1,58 @@ +id: all-404-pages-redirect-to-homepage-bef2b57812116d5514b05222293f3067 + +info: + name: > + All 404 Pages Redirect to Homepage <= 1.9 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de5d5ffc-e76a-4ea9-be68-9ca5f847a363?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-404-pages-redirect-to-homepage/" + google-query: inurl:"/wp-content/plugins/all-404-pages-redirect-to-homepage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-404-pages-redirect-to-homepage,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-404-pages-redirect-to-homepage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-404-pages-redirect-to-homepage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-404-redirect-to-homepage-7172bda31ad3e76ec8fc3741d1b4007c.yaml b/nuclei-templates/cve-less/plugins/all-404-redirect-to-homepage-7172bda31ad3e76ec8fc3741d1b4007c.yaml new file mode 100644 index 0000000000..eea9d52102 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-404-redirect-to-homepage-7172bda31ad3e76ec8fc3741d1b4007c.yaml @@ -0,0 +1,58 @@ +id: all-404-redirect-to-homepage-7172bda31ad3e76ec8fc3741d1b4007c + +info: + name: > + All 404 Redirect to Homepage < 1.21 - Reflected Cross-Site Scripting via tab Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8938c153-0640-418b-87ab-ae65d6c80b97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-404-redirect-to-homepage/" + google-query: inurl:"/wp-content/plugins/all-404-redirect-to-homepage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-404-redirect-to-homepage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-404-redirect-to-homepage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-404-redirect-to-homepage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-bootstrap-blocks-9c898a5aa67433abd50514e4cc3473b7.yaml b/nuclei-templates/cve-less/plugins/all-bootstrap-blocks-9c898a5aa67433abd50514e4cc3473b7.yaml new file mode 100644 index 0000000000..bba1bdbe64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-bootstrap-blocks-9c898a5aa67433abd50514e4cc3473b7.yaml @@ -0,0 +1,58 @@ +id: all-bootstrap-blocks-9c898a5aa67433abd50514e4cc3473b7 + +info: + name: > + All Bootstrap Blocks <= 1.3.6 - Cross-Site Request Forgery to Plugin Settings Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7a15ab-4f13-4eb1-aeb5-143230308871?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-bootstrap-blocks/" + google-query: inurl:"/wp-content/plugins/all-bootstrap-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-bootstrap-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-bootstrap-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-bootstrap-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-contact-form-integration-for-elementor-561149d23bc984dc77ee30065a13dd2f.yaml b/nuclei-templates/cve-less/plugins/all-contact-form-integration-for-elementor-561149d23bc984dc77ee30065a13dd2f.yaml new file mode 100644 index 0000000000..efea12d7a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-contact-form-integration-for-elementor-561149d23bc984dc77ee30065a13dd2f.yaml @@ -0,0 +1,58 @@ +id: all-contact-form-integration-for-elementor-561149d23bc984dc77ee30065a13dd2f + +info: + name: > + EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a40ed3c-1f4b-4bf7-b6f4-fc1e145cc989?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-contact-form-integration-for-elementor/" + google-query: inurl:"/wp-content/plugins/all-contact-form-integration-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-contact-form-integration-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-contact-form-integration-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-contact-form-integration-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-contact-form-integration-for-elementor-9aa94eb00cf28342fe9feedacb199d11.yaml b/nuclei-templates/cve-less/plugins/all-contact-form-integration-for-elementor-9aa94eb00cf28342fe9feedacb199d11.yaml new file mode 100644 index 0000000000..072e77a55e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-contact-form-integration-for-elementor-9aa94eb00cf28342fe9feedacb199d11.yaml @@ -0,0 +1,58 @@ +id: all-contact-form-integration-for-elementor-9aa94eb00cf28342fe9feedacb199d11 + +info: + name: > + EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.7 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cefcd612-0ba8-4225-8f23-817b7220ee7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-contact-form-integration-for-elementor/" + google-query: inurl:"/wp-content/plugins/all-contact-form-integration-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-contact-form-integration-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-contact-form-integration-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-contact-form-integration-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-b2b-for-woocommerce-c0d39693f384de620acf92b953f594c5.yaml b/nuclei-templates/cve-less/plugins/all-in-one-b2b-for-woocommerce-c0d39693f384de620acf92b953f594c5.yaml new file mode 100644 index 0000000000..24f131c6de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-b2b-for-woocommerce-c0d39693f384de620acf92b953f594c5.yaml @@ -0,0 +1,58 @@ +id: all-in-one-b2b-for-woocommerce-c0d39693f384de620acf92b953f594c5 + +info: + name: > + All in One B2B for WooCommerce <= 1.0.3 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aab3016d-5834-4b4a-a206-0b626884b335?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-b2b-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/all-in-one-b2b-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-b2b-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-b2b-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-b2b-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-b2b-for-woocommerce-f5e8e2f7e4d09169e169fd3e043e479c.yaml b/nuclei-templates/cve-less/plugins/all-in-one-b2b-for-woocommerce-f5e8e2f7e4d09169e169fd3e043e479c.yaml new file mode 100644 index 0000000000..0b3cbf0149 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-b2b-for-woocommerce-f5e8e2f7e4d09169e169fd3e043e479c.yaml @@ -0,0 +1,58 @@ +id: all-in-one-b2b-for-woocommerce-f5e8e2f7e4d09169e169fd3e043e479c + +info: + name: > + All in One B2B for WooCommerce <= 1.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd53bc57-b10e-47a7-8c10-96bf1f1e82a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-b2b-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/all-in-one-b2b-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-b2b-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-b2b-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-b2b-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-event-calendar-d860722788c4c74050a19c2504b094da.yaml b/nuclei-templates/cve-less/plugins/all-in-one-event-calendar-d860722788c4c74050a19c2504b094da.yaml new file mode 100644 index 0000000000..d837bcc45b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-event-calendar-d860722788c4c74050a19c2504b094da.yaml @@ -0,0 +1,58 @@ +id: all-in-one-event-calendar-d860722788c4c74050a19c2504b094da + +info: + name: > + Timely All-in-One Events Calendar < 1.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0089498d-c4b3-4167-8bf4-8d9f68a4cbd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-event-calendar/" + google-query: inurl:"/wp-content/plugins/all-in-one-event-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-event-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-event-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-facebook-like-widget-ab9e9f1fd2829128e3bb4bce435b5cf7.yaml b/nuclei-templates/cve-less/plugins/all-in-one-facebook-like-widget-ab9e9f1fd2829128e3bb4bce435b5cf7.yaml new file mode 100644 index 0000000000..241c3018a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-facebook-like-widget-ab9e9f1fd2829128e3bb4bce435b5cf7.yaml @@ -0,0 +1,58 @@ +id: all-in-one-facebook-like-widget-ab9e9f1fd2829128e3bb4bce435b5cf7 + +info: + name: > + All-in-one Like Widget <= 2.2.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e6fe647-d243-43ba-b619-d181560cb230?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-facebook-like-widget/" + google-query: inurl:"/wp-content/plugins/all-in-one-facebook-like-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-facebook-like-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-facebook-like-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-facebook-like-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-favicon-1d838507fd655633d89fdd3f677085f8.yaml b/nuclei-templates/cve-less/plugins/all-in-one-favicon-1d838507fd655633d89fdd3f677085f8.yaml new file mode 100644 index 0000000000..c00a08f602 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-favicon-1d838507fd655633d89fdd3f677085f8.yaml @@ -0,0 +1,58 @@ +id: all-in-one-favicon-1d838507fd655633d89fdd3f677085f8 + +info: + name: > + All In One Favicon <= 4.7 - Authenticated(Admin+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a081788-007e-463b-b757-afefcf4c6e17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-favicon/" + google-query: inurl:"/wp-content/plugins/all-in-one-favicon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-favicon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-favicon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-favicon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-favicon-adf6fd1cec72a101892ceb2db93bece6.yaml b/nuclei-templates/cve-less/plugins/all-in-one-favicon-adf6fd1cec72a101892ceb2db93bece6.yaml new file mode 100644 index 0000000000..b803a35a5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-favicon-adf6fd1cec72a101892ceb2db93bece6.yaml @@ -0,0 +1,58 @@ +id: all-in-one-favicon-adf6fd1cec72a101892ceb2db93bece6 + +info: + name: > + All In One Favicon <= 4.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf9470c9-693b-4f36-91d9-26b2d488b377?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-favicon/" + google-query: inurl:"/wp-content/plugins/all-in-one-favicon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-favicon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-favicon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-favicon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-redirection-3222e9d54de5c7b5bf110a40b9d38190.yaml b/nuclei-templates/cve-less/plugins/all-in-one-redirection-3222e9d54de5c7b5bf110a40b9d38190.yaml new file mode 100644 index 0000000000..15afa4d055 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-redirection-3222e9d54de5c7b5bf110a40b9d38190.yaml @@ -0,0 +1,58 @@ +id: all-in-one-redirection-3222e9d54de5c7b5bf110a40b9d38190 + +info: + name: > + All In One Redirection <= 2.1.0 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/360a022d-8530-48af-be34-77d6b4b5c19d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-redirection/" + google-query: inurl:"/wp-content/plugins/all-in-one-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-redirection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-redirection-c5b1505c51ef599dd7a272165d502dfb.yaml b/nuclei-templates/cve-less/plugins/all-in-one-redirection-c5b1505c51ef599dd7a272165d502dfb.yaml new file mode 100644 index 0000000000..5cdb1a25f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-redirection-c5b1505c51ef599dd7a272165d502dfb.yaml @@ -0,0 +1,58 @@ +id: all-in-one-redirection-c5b1505c51ef599dd7a272165d502dfb + +info: + name: > + All In One Redirection <= 2.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5a07a44-98f9-4795-8615-c73a9b161c74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-redirection/" + google-query: inurl:"/wp-content/plugins/all-in-one-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-redirection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-schemaorg-rich-snippets-2c9c135fa647599d064a59e1f5f46c79.yaml b/nuclei-templates/cve-less/plugins/all-in-one-schemaorg-rich-snippets-2c9c135fa647599d064a59e1f5f46c79.yaml new file mode 100644 index 0000000000..00f5f08f40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-schemaorg-rich-snippets-2c9c135fa647599d064a59e1f5f46c79.yaml @@ -0,0 +1,58 @@ +id: all-in-one-schemaorg-rich-snippets-2c9c135fa647599d064a59e1f5f46c79 + +info: + name: > + Schema - All In One Schema Rich Snippets <= 1.6.5 - Cross-Site Request Forgery in rich_snippet_dashboard + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23b018d3-3451-4ae8-b571-07e931ad23df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-schemaorg-rich-snippets/" + google-query: inurl:"/wp-content/plugins/all-in-one-schemaorg-rich-snippets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-schemaorg-rich-snippets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-schemaorg-rich-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-schemaorg-rich-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-schemaorg-rich-snippets-4e93731af3497ed66d721b94ba1ecb7d.yaml b/nuclei-templates/cve-less/plugins/all-in-one-schemaorg-rich-snippets-4e93731af3497ed66d721b94ba1ecb7d.yaml new file mode 100644 index 0000000000..fbb6af7f8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-schemaorg-rich-snippets-4e93731af3497ed66d721b94ba1ecb7d.yaml @@ -0,0 +1,58 @@ +id: all-in-one-schemaorg-rich-snippets-4e93731af3497ed66d721b94ba1ecb7d + +info: + name: > + Schema - All In One Schema Rich Snippets <= 1.4.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd54d335-eb9c-4d0a-92c0-13462ef41a85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-schemaorg-rich-snippets/" + google-query: inurl:"/wp-content/plugins/all-in-one-schemaorg-rich-snippets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-schemaorg-rich-snippets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-schemaorg-rich-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-schemaorg-rich-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-3e5491f9c256bb6627d2d89120b86cd4.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-3e5491f9c256bb6627d2d89120b86cd4.yaml new file mode 100644 index 0000000000..986db23175 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-3e5491f9c256bb6627d2d89120b86cd4.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-3e5491f9c256bb6627d2d89120b86cd4 + +info: + name: > + All in One SEO 4.0.0 - 4.1.5.2 Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16630c5a-802e-404a-b90b-be7b906345b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.0.0', '<= 4.1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-52b9b171189fecca507b9059a4e2fc92.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-52b9b171189fecca507b9059a4e2fc92.yaml new file mode 100644 index 0000000000..ca3c1b4e34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-52b9b171189fecca507b9059a4e2fc92.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-52b9b171189fecca507b9059a4e2fc92 + +info: + name: > + All in One SEO <= 4.2.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/694c120a-d9cb-46a6-be24-9f1530bc2183?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-56c4db12334add5dab088d2ed97db3d6.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-56c4db12334add5dab088d2ed97db3d6.yaml new file mode 100644 index 0000000000..3d23dba3c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-56c4db12334add5dab088d2ed97db3d6.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-56c4db12334add5dab088d2ed97db3d6 + +info: + name: > + All in One SEO <= 2.2.5.1 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39f8c830-9f71-4ca6-8fcc-54769cef878f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-814d85e88dab797899057f8e016cf74f.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-814d85e88dab797899057f8e016cf74f.yaml new file mode 100644 index 0000000000..f89b40e35f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-814d85e88dab797899057f8e016cf74f.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-814d85e88dab797899057f8e016cf74f + +info: + name: > + All in One SEO 4.1.3.1 - 4.1.5.2 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5490dd9-20d5-4cd6-bc09-5da94d3e702f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.1.3.1', '<= 4.1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-996209252b43de8bc510aae02fc9d00b.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-996209252b43de8bc510aae02fc9d00b.yaml new file mode 100644 index 0000000000..4d5cb2af1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-996209252b43de8bc510aae02fc9d00b.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-996209252b43de8bc510aae02fc9d00b + +info: + name: > + All in One SEO <= 2.0.3 - Cross-Site Scripting via Search Parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9885db9-b1eb-4cc6-a7ea-af2c34b1d065?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-9c814d5a9ddaae393720aa3fbf301f85.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-9c814d5a9ddaae393720aa3fbf301f85.yaml new file mode 100644 index 0000000000..681db870ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-9c814d5a9ddaae393720aa3fbf301f85.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-9c814d5a9ddaae393720aa3fbf301f85 + +info: + name: > + All in One SEO <= 4.1.0.1 - Authenticated Code Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2a98c69-5f76-41f4-8a12-0523285647fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-a64ce08453bed39084d8a2cea93a9117.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-a64ce08453bed39084d8a2cea93a9117.yaml new file mode 100644 index 0000000000..4fa09d689b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-a64ce08453bed39084d8a2cea93a9117.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-a64ce08453bed39084d8a2cea93a9117 + +info: + name: > + All in One SEO Pack <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/440242e5-832f-4796-9317-b377e1c2fa2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-c08b2158511f440bda6243887c732dc7.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-c08b2158511f440bda6243887c732dc7.yaml new file mode 100644 index 0000000000..0d3736023b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-c08b2158511f440bda6243887c732dc7.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-c08b2158511f440bda6243887c732dc7 + +info: + name: > + All in One SEO Pack <= 4.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c13f00e-3048-44cf-8979-2b0b0c508f3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-d92c57db44864e6e406520d1e97fd01f.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-d92c57db44864e6e406520d1e97fd01f.yaml new file mode 100644 index 0000000000..2d060213f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-d92c57db44864e6e406520d1e97fd01f.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-d92c57db44864e6e406520d1e97fd01f + +info: + name: > + All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase Traffic <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28741ffc-4ff5-4e67-a183-bb5064b6752e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-d9419931966f7a4ced3c49a3cc9a6932.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-d9419931966f7a4ced3c49a3cc9a6932.yaml new file mode 100644 index 0000000000..3ed71522cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-d9419931966f7a4ced3c49a3cc9a6932.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-d9419931966f7a4ced3c49a3cc9a6932 + +info: + name: > + All In One SEO Pack <= 3.2.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02cf711b-69af-4869-9ebd-31c657be1bc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-f74b8b0e3c6cf42f9c7d68f58857b310.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-f74b8b0e3c6cf42f9c7d68f58857b310.yaml new file mode 100644 index 0000000000..fcb9f8971c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-f74b8b0e3c6cf42f9c7d68f58857b310.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-f74b8b0e3c6cf42f9c7d68f58857b310 + +info: + name: > + All in One SEO Pack <= 4.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3db97180-9308-4891-9de9-acefe31d088f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-pro-ed79806268ad8e12ebf6df82f872530a.yaml b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-pro-ed79806268ad8e12ebf6df82f872530a.yaml new file mode 100644 index 0000000000..af95458a48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-seo-pack-pro-ed79806268ad8e12ebf6df82f872530a.yaml @@ -0,0 +1,58 @@ +id: all-in-one-seo-pack-pro-ed79806268ad8e12ebf6df82f872530a + +info: + name: > + All in One SEO Pro <= 4.2.5.1 - Authenticated (Admin+) Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8ef792-c2a8-4fc5-bee7-4de3b6b007c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-seo-pack-pro/" + google-query: inurl:"/wp-content/plugins/all-in-one-seo-pack-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-seo-pack-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-seo-pack-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-seo-pack-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-411b1116f71957083ea7a80c47e56945.yaml b/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-411b1116f71957083ea7a80c47e56945.yaml new file mode 100644 index 0000000000..e0490980ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-411b1116f71957083ea7a80c47e56945.yaml @@ -0,0 +1,58 @@ +id: all-in-one-video-gallery-411b1116f71957083ea7a80c47e56945 + +info: + name: > + All-in-One Video Gallery <= 3.6.4 - Authenticated (Contributor+) Arbitrary File Upload via featured image + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0f295f9-1090-4b10-abc5-3f73c5b4e28d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-video-gallery/" + google-query: inurl:"/wp-content/plugins/all-in-one-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-bcb990d5b998ea9f0d9516d80108b489.yaml b/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-bcb990d5b998ea9f0d9516d80108b489.yaml new file mode 100644 index 0000000000..79c115186a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-bcb990d5b998ea9f0d9516d80108b489.yaml @@ -0,0 +1,58 @@ +id: all-in-one-video-gallery-bcb990d5b998ea9f0d9516d80108b489 + +info: + name: > + All-in-One Video Gallery <= 3.5.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b350a20e-6f86-4760-9092-27a4b365b590?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-video-gallery/" + google-query: inurl:"/wp-content/plugins/all-in-one-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-cae2253667a3a6e475a01cd76266d7d9.yaml b/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-cae2253667a3a6e475a01cd76266d7d9.yaml new file mode 100644 index 0000000000..4dc01fab1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-cae2253667a3a6e475a01cd76266d7d9.yaml @@ -0,0 +1,58 @@ +id: all-in-one-video-gallery-cae2253667a3a6e475a01cd76266d7d9 + +info: + name: > + All-In-One-Gallery <= 2.4.9 - Admin+ Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f840a96-8cda-4237-b445-284b88eaf623?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-video-gallery/" + google-query: inurl:"/wp-content/plugins/all-in-one-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-d6f77b9c72ad2f48ab3f2230e6326337.yaml b/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-d6f77b9c72ad2f48ab3f2230e6326337.yaml new file mode 100644 index 0000000000..daf39135c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-video-gallery-d6f77b9c72ad2f48ab3f2230e6326337.yaml @@ -0,0 +1,58 @@ +id: all-in-one-video-gallery-d6f77b9c72ad2f48ab3f2230e6326337 + +info: + name: > + All-in-One Video Gallery 2.5.8 - 2.6.0 - Arbitrary File Download & Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83b0534e-1b8d-46a8-9698-e7ca73e5ab57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-video-gallery/" + google-query: inurl:"/wp-content/plugins/all-in-one-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-video-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.5.8', '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-webmaster-7851eebfd119dbcb64d57949b00c8e79.yaml b/nuclei-templates/cve-less/plugins/all-in-one-webmaster-7851eebfd119dbcb64d57949b00c8e79.yaml new file mode 100644 index 0000000000..5dd4202377 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-webmaster-7851eebfd119dbcb64d57949b00c8e79.yaml @@ -0,0 +1,58 @@ +id: all-in-one-webmaster-7851eebfd119dbcb64d57949b00c8e79 + +info: + name: > + WP Webmaster < 8.2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf0f549d-1d88-415a-81f3-b50f977e2c17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-webmaster/" + google-query: inurl:"/wp-content/plugins/all-in-one-webmaster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-webmaster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-webmaster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-webmaster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-4e8189c76d0d644714db52904b337d1a.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-4e8189c76d0d644714db52904b337d1a.yaml new file mode 100644 index 0000000000..7ea0b7e446 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-4e8189c76d0d644714db52904b337d1a.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-migration-4e8189c76d0d644714db52904b337d1a + +info: + name: > + All-in-One WP Migration <= 7.58 - Directory Traversal to File Deletion on Windows Hosts + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e58634c3-7fcd-4885-b897-4e6a97fb06ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-migration/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-migration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-migration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.58') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-b0e3894c13ad13c0cec750095d3f0495.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-b0e3894c13ad13c0cec750095d3f0495.yaml new file mode 100644 index 0000000000..00c49d757f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-b0e3894c13ad13c0cec750095d3f0495.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-migration-b0e3894c13ad13c0cec750095d3f0495 + +info: + name: > + All-in-One WP Migration <= 7.62 - Unauthenticated Reflected Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9040aa36-2d3b-4470-93ae-19ad16fcd929?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-migration/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-migration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-migration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.62') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-box-extension-9c485cf198874e1abdd12011232fd4df.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-box-extension-9c485cf198874e1abdd12011232fd4df.yaml new file mode 100644 index 0000000000..8497d7fc08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-box-extension-9c485cf198874e1abdd12011232fd4df.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-migration-box-extension-9c485cf198874e1abdd12011232fd4df + +info: + name: > + Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86bb44f0-142d-4c4e-8fc5-a50526118130?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-migration-box-extension/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration-box-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-migration-box-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration-box-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-migration-box-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.53') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-dropbox-extension-9c485cf198874e1abdd12011232fd4df.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-dropbox-extension-9c485cf198874e1abdd12011232fd4df.yaml new file mode 100644 index 0000000000..636c9605f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-dropbox-extension-9c485cf198874e1abdd12011232fd4df.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-migration-dropbox-extension-9c485cf198874e1abdd12011232fd4df + +info: + name: > + Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86bb44f0-142d-4c4e-8fc5-a50526118130?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-migration-dropbox-extension/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration-dropbox-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-migration-dropbox-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration-dropbox-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-migration-dropbox-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.75') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-e4cd9a4bbacdbb2aa88bdc0cb49786e1.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-e4cd9a4bbacdbb2aa88bdc0cb49786e1.yaml new file mode 100644 index 0000000000..9de6b1c2cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-e4cd9a4bbacdbb2aa88bdc0cb49786e1.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-migration-e4cd9a4bbacdbb2aa88bdc0cb49786e1 + +info: + name: > + All-in-One WP Migration <= 7.40 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6635ff4d-cbb4-4e78-9df1-1274eaa737aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-migration/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-migration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-migration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-gdrive-extension-9c485cf198874e1abdd12011232fd4df.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-gdrive-extension-9c485cf198874e1abdd12011232fd4df.yaml new file mode 100644 index 0000000000..50146ac861 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-gdrive-extension-9c485cf198874e1abdd12011232fd4df.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-migration-gdrive-extension-9c485cf198874e1abdd12011232fd4df + +info: + name: > + Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86bb44f0-142d-4c4e-8fc5-a50526118130?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-migration-gdrive-extension/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration-gdrive-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-migration-gdrive-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration-gdrive-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-migration-gdrive-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.79') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-onedrive-extension-9c485cf198874e1abdd12011232fd4df.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-onedrive-extension-9c485cf198874e1abdd12011232fd4df.yaml new file mode 100644 index 0000000000..67c75fc39e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-migration-onedrive-extension-9c485cf198874e1abdd12011232fd4df.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-migration-onedrive-extension-9c485cf198874e1abdd12011232fd4df + +info: + name: > + Multiple ServMask Plugins <= (Various Versions) - Missing Authorization to Access Token Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86bb44f0-142d-4c4e-8fc5-a50526118130?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-migration-onedrive-extension/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-migration-onedrive-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-migration-onedrive-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-migration-onedrive-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-migration-onedrive-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.66') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-034278da31b37bb4154e8c34cebfdbb9.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-034278da31b37bb4154e8c34cebfdbb9.yaml new file mode 100644 index 0000000000..2967192e78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-034278da31b37bb4154e8c34cebfdbb9.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-034278da31b37bb4154e8c34cebfdbb9 + +info: + name: > + All In One WP Security & Firewall <= 4.0.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06b92517-5431-43ed-ad3b-80bfd0981b93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-1b948ed195be07fe30ccbe1a13374b86.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-1b948ed195be07fe30ccbe1a13374b86.yaml new file mode 100644 index 0000000000..23acf47fe6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-1b948ed195be07fe30ccbe1a13374b86.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-1b948ed195be07fe30ccbe1a13374b86 + +info: + name: > + All In One WP Security <= 5.2.6 - Cross-Site Request Forgery to IP Blocking + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05991bf2-ee61-4bf7-89df-c2f66db7caec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-1ff113267284bee6f1d42d303e8be7d2.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-1ff113267284bee6f1d42d303e8be7d2.yaml new file mode 100644 index 0000000000..937223aa09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-1ff113267284bee6f1d42d303e8be7d2.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-1ff113267284bee6f1d42d303e8be7d2 + +info: + name: > + All-In-One Security <= 5.1.2 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4a5c931-16f8-41b6-b4b6-567aa6c6c90e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-44ac07d5baafaaec1fde2cca5e220010.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-44ac07d5baafaaec1fde2cca5e220010.yaml new file mode 100644 index 0000000000..76e3b35f2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-44ac07d5baafaaec1fde2cca5e220010.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-44ac07d5baafaaec1fde2cca5e220010 + +info: + name: > + All In One WP Security & Firewall <= 3.8.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d3010a9-10fa-40ec-9791-3ac993123f93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-5ac539645eb63c949c47fcaeea5bb661.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-5ac539645eb63c949c47fcaeea5bb661.yaml new file mode 100644 index 0000000000..bf3119e688 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-5ac539645eb63c949c47fcaeea5bb661.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-5ac539645eb63c949c47fcaeea5bb661 + +info: + name: > + All In One WP Security & Firewall <= 3.8.2 - Authenticated Access or Cross-Site Request Forgery leading to SQL Injection via orderby, order Parameters + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/419b20fa-6fea-41d7-9e3d-45ac25b4131f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-5d289d7e578bce569fb34678a49e0c92.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-5d289d7e578bce569fb34678a49e0c92.yaml new file mode 100644 index 0000000000..bb72f87d85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-5d289d7e578bce569fb34678a49e0c92.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-5d289d7e578bce569fb34678a49e0c92 + +info: + name: > + All In One WP Security & Firewall <= 3.9.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32385e77-9629-4aa2-8f1e-9804809fcea3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-7195efc84ea5b8977b30b3313bab7ab8.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-7195efc84ea5b8977b30b3313bab7ab8.yaml new file mode 100644 index 0000000000..068a79d24f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-7195efc84ea5b8977b30b3313bab7ab8.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-7195efc84ea5b8977b30b3313bab7ab8 + +info: + name: > + All-In-One Security (AIOS) <= 5.1.4 - Authenticated(Admin+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03bf84e2-c101-416d-a953-c63ecd1dba7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-7567c31561b747bfa0cbc91d7005334d.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-7567c31561b747bfa0cbc91d7005334d.yaml new file mode 100644 index 0000000000..ce08aea164 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-7567c31561b747bfa0cbc91d7005334d.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-7567c31561b747bfa0cbc91d7005334d + +info: + name: > + All In One WP Security & Firewall <= 4.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48b6b9a3-c80d-4fde-9e8c-1f60781b7484?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-797698582c82d4b61a2a10f67de975cd.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-797698582c82d4b61a2a10f67de975cd.yaml new file mode 100644 index 0000000000..1b2348f1b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-797698582c82d4b61a2a10f67de975cd.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-797698582c82d4b61a2a10f67de975cd + +info: + name: > + All-In-One Security (AIOS) – Security and Firewall <= 5.0.8 - IP Spoofing to Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de39bad4-858a-4332-8ed0-bfd92a67b9cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-873b15a500e300080bf17fdd62b04ccc.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-873b15a500e300080bf17fdd62b04ccc.yaml new file mode 100644 index 0000000000..edef9d392d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-873b15a500e300080bf17fdd62b04ccc.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-873b15a500e300080bf17fdd62b04ccc + +info: + name: > + All In One WP Security & Firewall <= 5.1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce340b88-cbab-4ba8-93ae-8790f2348456?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-8a165e6adde141141ce45b5b63a01ed2.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-8a165e6adde141141ce45b5b63a01ed2.yaml new file mode 100644 index 0000000000..afed4d6f0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-8a165e6adde141141ce45b5b63a01ed2.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-8a165e6adde141141ce45b5b63a01ed2 + +info: + name: > + All In One WP Security & Firewall <= 4.1.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95c59e71-b755-4b39-bd5f-b2b2ac99f934?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-8a8f73a13c6d3fc3aaf61bd1592c30a0.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-8a8f73a13c6d3fc3aaf61bd1592c30a0.yaml new file mode 100644 index 0000000000..70912811e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-8a8f73a13c6d3fc3aaf61bd1592c30a0.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-8a8f73a13c6d3fc3aaf61bd1592c30a0 + +info: + name: > + All-In-One Security (AIOS) – Security and Firewall <= 5.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b50772e5-5142-4f50-b5c0-6116a8821cba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-a314db2bc927095a45456b220d0f28ec.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-a314db2bc927095a45456b220d0f28ec.yaml new file mode 100644 index 0000000000..56643b7be3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-a314db2bc927095a45456b220d0f28ec.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-a314db2bc927095a45456b220d0f28ec + +info: + name: > + All In One WP Security & Firewall <= 4.4.10 - Open Redirect and Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a595f862-64af-4055-aa13-5e8f4eb3f721?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-bb860d80b94ca7ade5a2893713f833b5.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-bb860d80b94ca7ade5a2893713f833b5.yaml new file mode 100644 index 0000000000..39dafa1b2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-bb860d80b94ca7ade5a2893713f833b5.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-bb860d80b94ca7ade5a2893713f833b5 + +info: + name: > + All In One WP Security & Firewall <= 3.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1899e5ec-ad87-4182-81b6-3b777d117e93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-c313a41c23d690edbe2cdbf35c825a0d.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-c313a41c23d690edbe2cdbf35c825a0d.yaml new file mode 100644 index 0000000000..a2fffafd99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-c313a41c23d690edbe2cdbf35c825a0d.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-c313a41c23d690edbe2cdbf35c825a0d + +info: + name: > + All In One WP Security & Firewall <= 3.8.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b2e210b-e5e3-46f1-b730-64d970160a5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-c43c8e4dbb43df481e0c6cf7578539a9.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-c43c8e4dbb43df481e0c6cf7578539a9.yaml new file mode 100644 index 0000000000..a73e2f0d43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-c43c8e4dbb43df481e0c6cf7578539a9.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-c43c8e4dbb43df481e0c6cf7578539a9 + +info: + name: > + All-In-One Security (AIOS) <= 5.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3ae55ad-b192-4dde-8a7c-3a4fd71d3475?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-cc351f4beec6cba9fc81f542a275a440.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-cc351f4beec6cba9fc81f542a275a440.yaml new file mode 100644 index 0000000000..1267f60921 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-cc351f4beec6cba9fc81f542a275a440.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-cc351f4beec6cba9fc81f542a275a440 + +info: + name: > + All In One WP Security & Firewall <= 3.9.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b70f5416-06e0-4b6f-b61d-b7c23575a171?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-cf8c3aa457289ad6466208862da0c244.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-cf8c3aa457289ad6466208862da0c244.yaml new file mode 100644 index 0000000000..9b95e481a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-cf8c3aa457289ad6466208862da0c244.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-cf8c3aa457289ad6466208862da0c244 + +info: + name: > + All In One WP Security & Firewall <= 4.0.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/037a8b06-18be-4443-b54c-22f50c89d5b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-d66601db34445c53f772431589140096.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-d66601db34445c53f772431589140096.yaml new file mode 100644 index 0000000000..38b1f0b14e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-d66601db34445c53f772431589140096.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-d66601db34445c53f772431589140096 + +info: + name: > + All In One WP Security & Firewall <= 4.4.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02f8faff-8629-490b-9bc7-378ebffcfd0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-e1b9583cb78e016115d982acbd157618.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-e1b9583cb78e016115d982acbd157618.yaml new file mode 100644 index 0000000000..cc402b58c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-e1b9583cb78e016115d982acbd157618.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-e1b9583cb78e016115d982acbd157618 + +info: + name: > + All In One WP Security & Firewall <= 4.0.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72505ab0-8545-4735-af15-e8794d0ac9c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-ff26968664379c67bbd03960f230d505.yaml b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-ff26968664379c67bbd03960f230d505.yaml new file mode 100644 index 0000000000..8f36124f93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-in-one-wp-security-and-firewall-ff26968664379c67bbd03960f230d505.yaml @@ -0,0 +1,58 @@ +id: all-in-one-wp-security-and-firewall-ff26968664379c67bbd03960f230d505 + +info: + name: > + All In One WP Security <= 5.2.4 - Protection Bypass of Renamed Login Page via URL Encoding + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63fc381e-ce72-4c90-bb35-daba520be40d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-in-one-wp-security-and-firewall/" + google-query: inurl:"/wp-content/plugins/all-in-one-wp-security-and-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-in-one-wp-security-and-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-in-one-wp-security-and-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-in-one-wp-security-and-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-users-messenger-64408a501c37fbcf42b9db6bc5338336.yaml b/nuclei-templates/cve-less/plugins/all-users-messenger-64408a501c37fbcf42b9db6bc5338336.yaml new file mode 100644 index 0000000000..7ef1f37710 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-users-messenger-64408a501c37fbcf42b9db6bc5338336.yaml @@ -0,0 +1,58 @@ +id: all-users-messenger-64408a501c37fbcf42b9db6bc5338336 + +info: + name: > + All Users Messenger <= 1.24 - Authenticated (Subscriber+) Insecure Direct Object Reference to Message Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d23541e-bb1c-4fcf-836b-28522a39b018?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-users-messenger/" + google-query: inurl:"/wp-content/plugins/all-users-messenger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-users-messenger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-users-messenger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-users-messenger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-video-gallery-bc135ea3b74553b0fd14eafbe49bca73.yaml b/nuclei-templates/cve-less/plugins/all-video-gallery-bc135ea3b74553b0fd14eafbe49bca73.yaml new file mode 100644 index 0000000000..fd12e76f11 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-video-gallery-bc135ea3b74553b0fd14eafbe49bca73.yaml @@ -0,0 +1,58 @@ +id: all-video-gallery-bc135ea3b74553b0fd14eafbe49bca73 + +info: + name: > + All Video Gallery <= 1.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd72ce7e-027c-49bd-8bcf-3ccda2c9b184?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-video-gallery/" + google-query: inurl:"/wp-content/plugins/all-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-video-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/all-video-gallery-e6b6d80807708af0a37d88bb4f8862c7.yaml b/nuclei-templates/cve-less/plugins/all-video-gallery-e6b6d80807708af0a37d88bb4f8862c7.yaml new file mode 100644 index 0000000000..7083fc014b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/all-video-gallery-e6b6d80807708af0a37d88bb4f8862c7.yaml @@ -0,0 +1,58 @@ +id: all-video-gallery-e6b6d80807708af0a37d88bb4f8862c7 + +info: + name: > + All Video Gallery Plugin for WordPress <= 1.2 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/142bcbdd-7495-49be-a5b3-8ba1674cd64d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/all-video-gallery/" + google-query: inurl:"/wp-content/plugins/all-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,all-video-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/all-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "all-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/allow-php-in-posts-and-pages-ab57e6fe4cbafa10ab5f9c2c276102ac.yaml b/nuclei-templates/cve-less/plugins/allow-php-in-posts-and-pages-ab57e6fe4cbafa10ab5f9c2c276102ac.yaml new file mode 100644 index 0000000000..634b07be0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/allow-php-in-posts-and-pages-ab57e6fe4cbafa10ab5f9c2c276102ac.yaml @@ -0,0 +1,58 @@ +id: allow-php-in-posts-and-pages-ab57e6fe4cbafa10ab5f9c2c276102ac + +info: + name: > + Allow PHP in Posts and Pages <= 3.0.4 - Authenticated (Subscriber+) Remote Code Execution via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d8b4bb6-3715-40c1-8140-7fcf874ccec3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/allow-php-in-posts-and-pages/" + google-query: inurl:"/wp-content/plugins/allow-php-in-posts-and-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,allow-php-in-posts-and-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/allow-php-in-posts-and-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "allow-php-in-posts-and-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/allow-svg-3108293e567a66e53a5d8bbabea561b6.yaml b/nuclei-templates/cve-less/plugins/allow-svg-3108293e567a66e53a5d8bbabea561b6.yaml new file mode 100644 index 0000000000..68f41408e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/allow-svg-3108293e567a66e53a5d8bbabea561b6.yaml @@ -0,0 +1,58 @@ +id: allow-svg-3108293e567a66e53a5d8bbabea561b6 + +info: + name: > + Allow SVG <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee725cff-959d-4078-9c2e-2d52bb904ca0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/allow-svg/" + google-query: inurl:"/wp-content/plugins/allow-svg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,allow-svg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/allow-svg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "allow-svg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/allwebmenus-wordpress-menu-plugin-31dc7219db80b05f4214d90d08edeba8.yaml b/nuclei-templates/cve-less/plugins/allwebmenus-wordpress-menu-plugin-31dc7219db80b05f4214d90d08edeba8.yaml new file mode 100644 index 0000000000..17a6b6fb26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/allwebmenus-wordpress-menu-plugin-31dc7219db80b05f4214d90d08edeba8.yaml @@ -0,0 +1,58 @@ +id: allwebmenus-wordpress-menu-plugin-31dc7219db80b05f4214d90d08edeba8 + +info: + name: > + AllWebMenus WordPress Menu Plugin < 1.1.9 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5ab090c-14fd-4d58-a915-fd68e5eaefe1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/allwebmenus-wordpress-menu-plugin/" + google-query: inurl:"/wp-content/plugins/allwebmenus-wordpress-menu-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,allwebmenus-wordpress-menu-plugin,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/allwebmenus-wordpress-menu-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "allwebmenus-wordpress-menu-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/allwebmenus-wordpress-menu-plugin-3da0a6229596dce00028400fe8617c2b.yaml b/nuclei-templates/cve-less/plugins/allwebmenus-wordpress-menu-plugin-3da0a6229596dce00028400fe8617c2b.yaml new file mode 100644 index 0000000000..badff3fb05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/allwebmenus-wordpress-menu-plugin-3da0a6229596dce00028400fe8617c2b.yaml @@ -0,0 +1,58 @@ +id: allwebmenus-wordpress-menu-plugin-3da0a6229596dce00028400fe8617c2b + +info: + name: > + AllWebMenus WordPress Menu Plugin <= 1.1.8 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5754ffd6-81bb-491b-9272-627e8c52a22c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/allwebmenus-wordpress-menu-plugin/" + google-query: inurl:"/wp-content/plugins/allwebmenus-wordpress-menu-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,allwebmenus-wordpress-menu-plugin,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/allwebmenus-wordpress-menu-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "allwebmenus-wordpress-menu-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/allwebmenus-wordpress-menu-plugin-a8f44d7ac88d056c42286ff4fcb52be6.yaml b/nuclei-templates/cve-less/plugins/allwebmenus-wordpress-menu-plugin-a8f44d7ac88d056c42286ff4fcb52be6.yaml new file mode 100644 index 0000000000..a5a0c0177c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/allwebmenus-wordpress-menu-plugin-a8f44d7ac88d056c42286ff4fcb52be6.yaml @@ -0,0 +1,58 @@ +id: allwebmenus-wordpress-menu-plugin-a8f44d7ac88d056c42286ff4fcb52be6 + +info: + name: > + AllWebMenus WordPress Menu Plugin <= 1.1.3 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45b6a72a-9aa9-4d77-b250-575d55538110?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/allwebmenus-wordpress-menu-plugin/" + google-query: inurl:"/wp-content/plugins/allwebmenus-wordpress-menu-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,allwebmenus-wordpress-menu-plugin,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/allwebmenus-wordpress-menu-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "allwebmenus-wordpress-menu-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alma-gateway-for-woocommerce-046fbaec2a225aa81dc9d68e003387fa.yaml b/nuclei-templates/cve-less/plugins/alma-gateway-for-woocommerce-046fbaec2a225aa81dc9d68e003387fa.yaml new file mode 100644 index 0000000000..9b615af9f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alma-gateway-for-woocommerce-046fbaec2a225aa81dc9d68e003387fa.yaml @@ -0,0 +1,58 @@ +id: alma-gateway-for-woocommerce-046fbaec2a225aa81dc9d68e003387fa + +info: + name: > + Alma – Pay in installments or later for WooCommerce <= 5.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/044d7480-ccd7-4ce8-bb5d-367ba5d0217c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alma-gateway-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/alma-gateway-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alma-gateway-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alma-gateway-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alma-gateway-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alo-easymail-a800af3f915adeb03a4c49e2c0c22f5f.yaml b/nuclei-templates/cve-less/plugins/alo-easymail-a800af3f915adeb03a4c49e2c0c22f5f.yaml new file mode 100644 index 0000000000..f0d5fbe91f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alo-easymail-a800af3f915adeb03a4c49e2c0c22f5f.yaml @@ -0,0 +1,58 @@ +id: alo-easymail-a800af3f915adeb03a4c49e2c0c22f5f + +info: + name: > + ALO EasyMail Newsletter <= 2.6.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fa3f24e-3e28-4e50-8801-e4f0a089e3a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alo-easymail/" + google-query: inurl:"/wp-content/plugins/alo-easymail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alo-easymail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alo-easymail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alo-easymail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alojapro-widget-7358f712002614260dfd68c7ec8f6f4a.yaml b/nuclei-templates/cve-less/plugins/alojapro-widget-7358f712002614260dfd68c7ec8f6f4a.yaml new file mode 100644 index 0000000000..00cc7b559a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alojapro-widget-7358f712002614260dfd68c7ec8f6f4a.yaml @@ -0,0 +1,58 @@ +id: alojapro-widget-7358f712002614260dfd68c7ec8f6f4a + +info: + name: > + Alojapro Widget <= 1.1.15 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab1a623-5726-45ca-9667-ed926c5d3364?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alojapro-widget/" + google-query: inurl:"/wp-content/plugins/alojapro-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alojapro-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alojapro-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alojapro-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-instagram-23db8271ff8255b01a17c8a3f5ed7743.yaml b/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-instagram-23db8271ff8255b01a17c8a3f5ed7743.yaml new file mode 100644 index 0000000000..586f53019a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-instagram-23db8271ff8255b01a17c8a3f5ed7743.yaml @@ -0,0 +1,58 @@ +id: alpine-photo-tile-for-instagram-23db8271ff8255b01a17c8a3f5ed7743 + +info: + name: > + Alpine PhotoTile for Instagram < 1.2.7.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95265186-ff13-464b-adb9-3cf1753487d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alpine-photo-tile-for-instagram/" + google-query: inurl:"/wp-content/plugins/alpine-photo-tile-for-instagram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alpine-photo-tile-for-instagram,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alpine-photo-tile-for-instagram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alpine-photo-tile-for-instagram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-instagram-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-instagram-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..1fcac6c3cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-instagram-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: alpine-photo-tile-for-instagram-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alpine-photo-tile-for-instagram/" + google-query: inurl:"/wp-content/plugins/alpine-photo-tile-for-instagram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alpine-photo-tile-for-instagram,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alpine-photo-tile-for-instagram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alpine-photo-tile-for-instagram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-pinterest-56be40d6cceb101df1647cdc9530b1ac.yaml b/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-pinterest-56be40d6cceb101df1647cdc9530b1ac.yaml new file mode 100644 index 0000000000..59576ad784 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alpine-photo-tile-for-pinterest-56be40d6cceb101df1647cdc9530b1ac.yaml @@ -0,0 +1,58 @@ +id: alpine-photo-tile-for-pinterest-56be40d6cceb101df1647cdc9530b1ac + +info: + name: > + Alpine PhotoTile for Pinterest <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb8d81c3-4a5b-491f-9868-3bb7b431f8e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alpine-photo-tile-for-pinterest/" + google-query: inurl:"/wp-content/plugins/alpine-photo-tile-for-pinterest/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alpine-photo-tile-for-pinterest,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alpine-photo-tile-for-pinterest/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alpine-photo-tile-for-pinterest" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alt-manager-d805d4a834d45dbc023ff957c63ddbf7.yaml b/nuclei-templates/cve-less/plugins/alt-manager-d805d4a834d45dbc023ff957c63ddbf7.yaml new file mode 100644 index 0000000000..2bbbb842e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alt-manager-d805d4a834d45dbc023ff957c63ddbf7.yaml @@ -0,0 +1,58 @@ +id: alt-manager-d805d4a834d45dbc023ff957c63ddbf7 + +info: + name: > + Alt Manager <= 1.6.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aaa041a3-d8e5-4637-b8da-5f07c498685a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alt-manager/" + google-query: inurl:"/wp-content/plugins/alt-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alt-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alt-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alt-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alter-c55830103f810a3363d3fb305910a1b3.yaml b/nuclei-templates/cve-less/plugins/alter-c55830103f810a3363d3fb305910a1b3.yaml new file mode 100644 index 0000000000..1e6de58886 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alter-c55830103f810a3363d3fb305910a1b3.yaml @@ -0,0 +1,58 @@ +id: alter-c55830103f810a3363d3fb305910a1b3 + +info: + name: > + Alter <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e58a45c4-06cb-4b2b-97f2-a614fc230942?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alter/" + google-query: inurl:"/wp-content/plugins/alter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/altos-connect-62fcd76831b1e2041b5f8a95a5780c32.yaml b/nuclei-templates/cve-less/plugins/altos-connect-62fcd76831b1e2041b5f8a95a5780c32.yaml new file mode 100644 index 0000000000..921094cd1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/altos-connect-62fcd76831b1e2041b5f8a95a5780c32.yaml @@ -0,0 +1,58 @@ +id: altos-connect-62fcd76831b1e2041b5f8a95a5780c32 + +info: + name: > + Altos Connect <= 1.3.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae31fb73-de38-4c30-9348-80373ed6e5cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/altos-connect/" + google-query: inurl:"/wp-content/plugins/altos-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,altos-connect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/altos-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "altos-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/alttext-ai-39af102f2f1fef516b0141731bd29ae6.yaml b/nuclei-templates/cve-less/plugins/alttext-ai-39af102f2f1fef516b0141731bd29ae6.yaml new file mode 100644 index 0000000000..ada4ed62a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/alttext-ai-39af102f2f1fef516b0141731bd29ae6.yaml @@ -0,0 +1,58 @@ +id: alttext-ai-39af102f2f1fef516b0141731bd29ae6 + +info: + name: > + Download Alt Text AI <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/633d6921-eece-4e7a-8ed8-48b7c579b5ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/alttext-ai/" + google-query: inurl:"/wp-content/plugins/alttext-ai/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,alttext-ai,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/alttext-ai/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "alttext-ai" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/am-hili-affiliate-manager-for-publishers-d9ed7ea48d292aeb09b5a69dca626c8b.yaml b/nuclei-templates/cve-less/plugins/am-hili-affiliate-manager-for-publishers-d9ed7ea48d292aeb09b5a69dca626c8b.yaml new file mode 100644 index 0000000000..a89b80eef1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/am-hili-affiliate-manager-for-publishers-d9ed7ea48d292aeb09b5a69dca626c8b.yaml @@ -0,0 +1,58 @@ +id: am-hili-affiliate-manager-for-publishers-d9ed7ea48d292aeb09b5a69dca626c8b + +info: + name: > + AM-HiLi <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0237d64-40db-4e4e-be61-893217135ef7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/am-hili-affiliate-manager-for-publishers/" + google-query: inurl:"/wp-content/plugins/am-hili-affiliate-manager-for-publishers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,am-hili-affiliate-manager-for-publishers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/am-hili-affiliate-manager-for-publishers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "am-hili-affiliate-manager-for-publishers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amazon-auto-links-2e0473e7d7a7731e63b2d6908a232799.yaml b/nuclei-templates/cve-less/plugins/amazon-auto-links-2e0473e7d7a7731e63b2d6908a232799.yaml new file mode 100644 index 0000000000..e18f908169 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amazon-auto-links-2e0473e7d7a7731e63b2d6908a232799.yaml @@ -0,0 +1,58 @@ +id: amazon-auto-links-2e0473e7d7a7731e63b2d6908a232799 + +info: + name: > + Auto Amazon Links <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b2a5938-232e-487c-b31b-f48e2b9acb65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amazon-auto-links/" + google-query: inurl:"/wp-content/plugins/amazon-auto-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amazon-auto-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amazon-auto-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amazon-auto-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amazon-auto-links-9d2a99598a00b93d061f40c1f9bcc177.yaml b/nuclei-templates/cve-less/plugins/amazon-auto-links-9d2a99598a00b93d061f40c1f9bcc177.yaml new file mode 100644 index 0000000000..9fe31bd3eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amazon-auto-links-9d2a99598a00b93d061f40c1f9bcc177.yaml @@ -0,0 +1,58 @@ +id: amazon-auto-links-9d2a99598a00b93d061f40c1f9bcc177 + +info: + name: > + Auto Amazon Links <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via style + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11ffb8a1-55d2-44c5-bcd2-ba866b94e8bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amazon-auto-links/" + google-query: inurl:"/wp-content/plugins/amazon-auto-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amazon-auto-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amazon-auto-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amazon-auto-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amazon-einzeltitellinks-179da13f00bd0c1a7dc169b4d93d8c60.yaml b/nuclei-templates/cve-less/plugins/amazon-einzeltitellinks-179da13f00bd0c1a7dc169b4d93d8c60.yaml new file mode 100644 index 0000000000..b853b704f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amazon-einzeltitellinks-179da13f00bd0c1a7dc169b4d93d8c60.yaml @@ -0,0 +1,58 @@ +id: amazon-einzeltitellinks-179da13f00bd0c1a7dc169b4d93d8c60 + +info: + name: > + Amazon Einzeltitellinks <= 1.3.3 - Cross-Site Request Forgery to Arbitrary Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b2ac807-c6e1-43de-8385-240ccae87e81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amazon-einzeltitellinks/" + google-query: inurl:"/wp-content/plugins/amazon-einzeltitellinks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amazon-einzeltitellinks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amazon-einzeltitellinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amazon-einzeltitellinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amazon-link-e8c6c87a94f00d5eab313cc9a401818b.yaml b/nuclei-templates/cve-less/plugins/amazon-link-e8c6c87a94f00d5eab313cc9a401818b.yaml new file mode 100644 index 0000000000..70a34860a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amazon-link-e8c6c87a94f00d5eab313cc9a401818b.yaml @@ -0,0 +1,58 @@ +id: amazon-link-e8c6c87a94f00d5eab313cc9a401818b + +info: + name: > + Amazon Link <= 3.2.10 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f25cdb02-4624-4a46-a622-28665e1d856e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amazon-link/" + google-query: inurl:"/wp-content/plugins/amazon-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amazon-link,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amazon-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amazon-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amazon-s3-and-cloudfront-13e3b44160360e3746c78b8d29452ac0.yaml b/nuclei-templates/cve-less/plugins/amazon-s3-and-cloudfront-13e3b44160360e3746c78b8d29452ac0.yaml new file mode 100644 index 0000000000..b1fe38d4ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amazon-s3-and-cloudfront-13e3b44160360e3746c78b8d29452ac0.yaml @@ -0,0 +1,58 @@ +id: amazon-s3-and-cloudfront-13e3b44160360e3746c78b8d29452ac0 + +info: + name: > + guzzlehttp/psr7 < 1.9.1 & 2.4.5 - Interpretation Conflict + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2638bb80-7066-45c0-ab74-4ba407d50cae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amazon-s3-and-cloudfront/" + google-query: inurl:"/wp-content/plugins/amazon-s3-and-cloudfront/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amazon-s3-and-cloudfront,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amazon-s3-and-cloudfront/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amazon-s3-and-cloudfront" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amazonify-0b5a4c4a0addd6f794e40840ce70fde3.yaml b/nuclei-templates/cve-less/plugins/amazonify-0b5a4c4a0addd6f794e40840ce70fde3.yaml new file mode 100644 index 0000000000..adaf2dc51b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amazonify-0b5a4c4a0addd6f794e40840ce70fde3.yaml @@ -0,0 +1,58 @@ +id: amazonify-0b5a4c4a0addd6f794e40840ce70fde3 + +info: + name: > + Amazonify <= 0.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41adfb58-d79f-40a3-8a7e-f3f08f64659f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amazonify/" + google-query: inurl:"/wp-content/plugins/amazonify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amazonify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amazonify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amazonify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amazonify-ac651fc6ec7fb9810b883366b31dc14b.yaml b/nuclei-templates/cve-less/plugins/amazonify-ac651fc6ec7fb9810b883366b31dc14b.yaml new file mode 100644 index 0000000000..01b5181e5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amazonify-ac651fc6ec7fb9810b883366b31dc14b.yaml @@ -0,0 +1,58 @@ +id: amazonify-ac651fc6ec7fb9810b883366b31dc14b + +info: + name: > + Amazonify <= 0.8.1 - Cross-Site Request Forgery to Amazon Tracking ID Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33f3c466-bdeb-402f-bf34-bc703f35e1e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amazonify/" + google-query: inurl:"/wp-content/plugins/amazonify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amazonify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amazonify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amazonify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amazonjs-b196a1a5480d68e35f21f441524da412.yaml b/nuclei-templates/cve-less/plugins/amazonjs-b196a1a5480d68e35f21f441524da412.yaml new file mode 100644 index 0000000000..556404aff1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amazonjs-b196a1a5480d68e35f21f441524da412.yaml @@ -0,0 +1,58 @@ +id: amazonjs-b196a1a5480d68e35f21f441524da412 + +info: + name: > + Amazon JS <= 0.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6c20cb-b3a9-41d3-bccf-5b834424a59a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amazonjs/" + google-query: inurl:"/wp-content/plugins/amazonjs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amazonjs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amazonjs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amazonjs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amazonsimpleadmin-20e17109f21cb297758d197e8d1110d1.yaml b/nuclei-templates/cve-less/plugins/amazonsimpleadmin-20e17109f21cb297758d197e8d1110d1.yaml new file mode 100644 index 0000000000..4316612905 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amazonsimpleadmin-20e17109f21cb297758d197e8d1110d1.yaml @@ -0,0 +1,58 @@ +id: amazonsimpleadmin-20e17109f21cb297758d197e8d1110d1 + +info: + name: > + Affiliate Super Assistent <= 1.5.1 - Cross-Site Request Forgery to Settings Update and Cache Clearing + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54dbd2f4-717c-4e01-afe4-c8cceca52650?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amazonsimpleadmin/" + google-query: inurl:"/wp-content/plugins/amazonsimpleadmin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amazonsimpleadmin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amazonsimpleadmin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amazonsimpleadmin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amcharts-charts-and-maps-f4919b10c6f7c2a14e1c7d5b8a3f99cb.yaml b/nuclei-templates/cve-less/plugins/amcharts-charts-and-maps-f4919b10c6f7c2a14e1c7d5b8a3f99cb.yaml new file mode 100644 index 0000000000..85534f5863 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amcharts-charts-and-maps-f4919b10c6f7c2a14e1c7d5b8a3f99cb.yaml @@ -0,0 +1,58 @@ +id: amcharts-charts-and-maps-f4919b10c6f7c2a14e1c7d5b8a3f99cb + +info: + name: > + amCharts: Charts and Maps <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67e3b25e-176f-4a0d-a10d-678ea772ce3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amcharts-charts-and-maps/" + google-query: inurl:"/wp-content/plugins/amcharts-charts-and-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amcharts-charts-and-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amcharts-charts-and-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amcharts-charts-and-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-1dec4b557f1e0bf62d3ecb5bf357937d.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-1dec4b557f1e0bf62d3ecb5bf357937d.yaml new file mode 100644 index 0000000000..4fe7eb5cc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-1dec4b557f1e0bf62d3ecb5bf357937d.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-1dec4b557f1e0bf62d3ecb5bf357937d + +info: + name: > + Booking for Appointments and Events Calendar – Amelia <= 1.0.85 - Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33398af8-7b7f-47e5-b95b-c9faa33d0c80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.85') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-1e74f382f78739ad9a39f07eff336537.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-1e74f382f78739ad9a39f07eff336537.yaml new file mode 100644 index 0000000000..76b53d9aeb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-1e74f382f78739ad9a39f07eff336537.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-1e74f382f78739ad9a39f07eff336537 + +info: + name: > + Appointment and Event Booking Calendar for WordPress - Amelia < 1.0.47 - Arbitrary Booking Update and Sensitive Data Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60c2e8eb-d01b-44f2-8e0d-009ff00887fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.47') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-21e094c4609ed338d0c6ca8ad2e72ecf.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-21e094c4609ed338d0c6ca8ad2e72ecf.yaml new file mode 100644 index 0000000000..c56fd80b26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-21e094c4609ed338d0c6ca8ad2e72ecf.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-21e094c4609ed338d0c6ca8ad2e72ecf + +info: + name: > + Appointment and Event Booking Calendar for WordPress – Amelia <= 1.0.47 - Information Disclosure and SMS Spam + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4a0bf16-1a13-4955-8198-fa195fb65905?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.48') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-2578d12fdea00971e02ae66b1e0d46ce.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-2578d12fdea00971e02ae66b1e0d46ce.yaml new file mode 100644 index 0000000000..fc36131c55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-2578d12fdea00971e02ae66b1e0d46ce.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-2578d12fdea00971e02ae66b1e0d46ce + +info: + name: > + Amelia <= 1.0.75 - Unauthenticated Reflected Cross-Site Scripting via 'code' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a41f96d-216f-4e5a-a28d-665b052666fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.75') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-2bddc689f5d338bc55ee33baa5dff25d.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-2bddc689f5d338bc55ee33baa5dff25d.yaml new file mode 100644 index 0000000000..b81cf840de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-2bddc689f5d338bc55ee33baa5dff25d.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-2bddc689f5d338bc55ee33baa5dff25d + +info: + name: > + Amelia <= 1.0.46 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/694fe940-3d0a-4a71-99d3-bcf3a8010585?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-54e594fa48b562cc05ac1592828d94dd.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-54e594fa48b562cc05ac1592828d94dd.yaml new file mode 100644 index 0000000000..5fa8db49cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-54e594fa48b562cc05ac1592828d94dd.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-54e594fa48b562cc05ac1592828d94dd + +info: + name: > + Amelia <= 1.0.95 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea984974-2835-4bad-b7ca-975ad21c80e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.95') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-7aade2b2966b32522e64422bd2ebd245.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-7aade2b2966b32522e64422bd2ebd245.yaml new file mode 100644 index 0000000000..a532593230 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-7aade2b2966b32522e64422bd2ebd245.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-7aade2b2966b32522e64422bd2ebd245 + +info: + name: > + Amelia <= 1.0.98 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39005c38-f60d-44fa-9121-a77039dc34de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.98') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-9f5c66adfa528be5333386be21bb61b4.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-9f5c66adfa528be5333386be21bb61b4.yaml new file mode 100644 index 0000000000..db05a93e91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-9f5c66adfa528be5333386be21bb61b4.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-9f5c66adfa528be5333386be21bb61b4 + +info: + name: > + Amelia <= 1.0.46 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bba7fde9-0718-4681-9a1b-7c77bc0affbd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-b59499e53223c5a8b455880f0f73a4d1.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-b59499e53223c5a8b455880f0f73a4d1.yaml new file mode 100644 index 0000000000..794c369fdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-b59499e53223c5a8b455880f0f73a4d1.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-b59499e53223c5a8b455880f0f73a4d1 + +info: + name: > + Booking for Appointments and Events Calendar – Amelia <= 1.0.98 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a849ef2-ad0a-45ea-8827-9a7233b1ca30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.98') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-bb8040f6049d728dd727ac789ea87332.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-bb8040f6049d728dd727ac789ea87332.yaml new file mode 100644 index 0000000000..0c1916a342 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-bb8040f6049d728dd727ac789ea87332.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-bb8040f6049d728dd727ac789ea87332 + +info: + name: > + Appointment and Event Booking Calendar - Amelia < 1.0.47 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd70819-57dd-4a60-9398-68d6b87da3ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.47') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-d7b2973ce1bce5f224e9a3aa96df9db7.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-d7b2973ce1bce5f224e9a3aa96df9db7.yaml new file mode 100644 index 0000000000..f0abf4cb2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-d7b2973ce1bce5f224e9a3aa96df9db7.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-d7b2973ce1bce5f224e9a3aa96df9db7 + +info: + name: > + Booking for Appointments and Events Calendar – Amelia <= 1.0.93 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aafb5402-3553-4c89-86e0-4dd556d86074?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.93') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-e3aba66b1c44c2a68545f2079a474dc7.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-e3aba66b1c44c2a68545f2079a474dc7.yaml new file mode 100644 index 0000000000..b8fa0ba2e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-e3aba66b1c44c2a68545f2079a474dc7.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-e3aba66b1c44c2a68545f2079a474dc7 + +info: + name: > + Amelia <= 1.0.46 - Stored Cross Site Scripting via lastName + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73f12f22-c0a4-4010-9634-ce7308254028?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ameliabooking-fe66c51cf4d5dab04c1eb481e6c9c787.yaml b/nuclei-templates/cve-less/plugins/ameliabooking-fe66c51cf4d5dab04c1eb481e6c9c787.yaml new file mode 100644 index 0000000000..85e3763ae8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ameliabooking-fe66c51cf4d5dab04c1eb481e6c9c787.yaml @@ -0,0 +1,58 @@ +id: ameliabooking-fe66c51cf4d5dab04c1eb481e6c9c787 + +info: + name: > + Appointment and Event Booking Calendar for WordPress – Amelia < 1.0.49 - Arbitrary Booking Update and Sensitive Data Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25a80b0b-2636-45c1-92e5-bd62c8a4ab20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ameliabooking/" + google-query: inurl:"/wp-content/plugins/ameliabooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ameliabooking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ameliabooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ameliabooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.49') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amministrazione-aperta-f5cc690dc04197cd95b8aba840195297.yaml b/nuclei-templates/cve-less/plugins/amministrazione-aperta-f5cc690dc04197cd95b8aba840195297.yaml new file mode 100644 index 0000000000..7568e699ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amministrazione-aperta-f5cc690dc04197cd95b8aba840195297.yaml @@ -0,0 +1,58 @@ +id: amministrazione-aperta-f5cc690dc04197cd95b8aba840195297 + +info: + name: > + Amministrazione Aperta <= 3.7.3 - Admin+ Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c829230-7527-4ae2-a5c8-db2371e4cd5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amministrazione-aperta/" + google-query: inurl:"/wp-content/plugins/amministrazione-aperta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amministrazione-aperta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amministrazione-aperta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amministrazione-aperta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amministrazione-trasparente-810fcfbd5671347d9b568db97f356d26.yaml b/nuclei-templates/cve-less/plugins/amministrazione-trasparente-810fcfbd5671347d9b568db97f356d26.yaml new file mode 100644 index 0000000000..c45dda7621 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amministrazione-trasparente-810fcfbd5671347d9b568db97f356d26.yaml @@ -0,0 +1,58 @@ +id: amministrazione-trasparente-810fcfbd5671347d9b568db97f356d26 + +info: + name: > + Amministrazione Trasparente <= 7.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6358fc29-5b09-481a-9040-a7890b61f419?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amministrazione-trasparente/" + google-query: inurl:"/wp-content/plugins/amministrazione-trasparente/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amministrazione-trasparente,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amministrazione-trasparente/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amministrazione-trasparente" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amministrazione-trasparente-cd1cf1735f71561e3ab5315052ee03d0.yaml b/nuclei-templates/cve-less/plugins/amministrazione-trasparente-cd1cf1735f71561e3ab5315052ee03d0.yaml new file mode 100644 index 0000000000..1ab091052b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amministrazione-trasparente-cd1cf1735f71561e3ab5315052ee03d0.yaml @@ -0,0 +1,58 @@ +id: amministrazione-trasparente-cd1cf1735f71561e3ab5315052ee03d0 + +info: + name: > + Amministrazione Trasparente <= 8.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ef02ecc-6a7b-4782-a891-a1d66d770c81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amministrazione-trasparente/" + google-query: inurl:"/wp-content/plugins/amministrazione-trasparente/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amministrazione-trasparente,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amministrazione-trasparente/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amministrazione-trasparente" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amp-extensions-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/amp-extensions-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..5bdfd6c8d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amp-extensions-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: amp-extensions-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amp-extensions/" + google-query: inurl:"/wp-content/plugins/amp-extensions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amp-extensions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amp-extensions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amp-extensions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amp-plus-d58e16875ccf06b26ad1bd06e93be82c.yaml b/nuclei-templates/cve-less/plugins/amp-plus-d58e16875ccf06b26ad1bd06e93be82c.yaml new file mode 100644 index 0000000000..3275e84c52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amp-plus-d58e16875ccf06b26ad1bd06e93be82c.yaml @@ -0,0 +1,58 @@ +id: amp-plus-d58e16875ccf06b26ad1bd06e93be82c + +info: + name: > + AMP+ Plus <= 3.0 - Reflected Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/417ff4fd-e514-4366-b9a6-c04d7434eac1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amp-plus/" + google-query: inurl:"/wp-content/plugins/amp-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amp-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amp-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amp-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amp-toolbox-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/amp-toolbox-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..7ad4dda6be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amp-toolbox-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: amp-toolbox-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amp-toolbox/" + google-query: inurl:"/wp-content/plugins/amp-toolbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amp-toolbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amp-toolbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amp-toolbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amp-wp-b9058f95d651f92a27bde9c074bdcdbe.yaml b/nuclei-templates/cve-less/plugins/amp-wp-b9058f95d651f92a27bde9c074bdcdbe.yaml new file mode 100644 index 0000000000..c6abf6fec6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amp-wp-b9058f95d651f92a27bde9c074bdcdbe.yaml @@ -0,0 +1,58 @@ +id: amp-wp-b9058f95d651f92a27bde9c074bdcdbe + +info: + name: > + AMP WP <= 1.5.15 - Cross-Site Request Forgery via multiple settings pages + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44dd7b3f-5892-43e1-acf1-61f66db0b4a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amp-wp/" + google-query: inurl:"/wp-content/plugins/amp-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amp-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amp-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amp-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ampedsense-adsense-split-tester-d3d77cd29222cddd45d79ddfc8341b95.yaml b/nuclei-templates/cve-less/plugins/ampedsense-adsense-split-tester-d3d77cd29222cddd45d79ddfc8341b95.yaml new file mode 100644 index 0000000000..d6d7674d94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ampedsense-adsense-split-tester-d3d77cd29222cddd45d79ddfc8341b95.yaml @@ -0,0 +1,58 @@ +id: ampedsense-adsense-split-tester-d3d77cd29222cddd45d79ddfc8341b95 + +info: + name: > + AmpedSense – AdSense Split Tester <= 4.68 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/266bbcab-7d41-4c38-b136-24da61728977?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ampedsense-adsense-split-tester/" + google-query: inurl:"/wp-content/plugins/ampedsense-adsense-split-tester/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ampedsense-adsense-split-tester,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ampedsense-adsense-split-tester/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ampedsense-adsense-split-tester" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amr-ical-events-list-65248f15aa94ab7dabcc81cdc7d86180.yaml b/nuclei-templates/cve-less/plugins/amr-ical-events-list-65248f15aa94ab7dabcc81cdc7d86180.yaml new file mode 100644 index 0000000000..d4aa623087 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amr-ical-events-list-65248f15aa94ab7dabcc81cdc7d86180.yaml @@ -0,0 +1,58 @@ +id: amr-ical-events-list-65248f15aa94ab7dabcc81cdc7d86180 + +info: + name: > + Amr Ical Events Lists <= 6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4531261-d76e-4419-b915-749c72830608?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amr-ical-events-list/" + google-query: inurl:"/wp-content/plugins/amr-ical-events-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amr-ical-events-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amr-ical-events-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amr-ical-events-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amr-shortcode-any-widget-957e4d84091168909dcf10979c3f829e.yaml b/nuclei-templates/cve-less/plugins/amr-shortcode-any-widget-957e4d84091168909dcf10979c3f829e.yaml new file mode 100644 index 0000000000..59b9ae2f03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amr-shortcode-any-widget-957e4d84091168909dcf10979c3f829e.yaml @@ -0,0 +1,58 @@ +id: amr-shortcode-any-widget-957e4d84091168909dcf10979c3f829e + +info: + name: > + amr shortcode any widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da86c6e0-2cff-4aca-b440-ef3fc1f61324?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amr-shortcode-any-widget/" + google-query: inurl:"/wp-content/plugins/amr-shortcode-any-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amr-shortcode-any-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amr-shortcode-any-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amr-shortcode-any-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amr-users-3b7bdb3a8404e199e1deb34a5f3502a4.yaml b/nuclei-templates/cve-less/plugins/amr-users-3b7bdb3a8404e199e1deb34a5f3502a4.yaml new file mode 100644 index 0000000000..577fb4936e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amr-users-3b7bdb3a8404e199e1deb34a5f3502a4.yaml @@ -0,0 +1,58 @@ +id: amr-users-3b7bdb3a8404e199e1deb34a5f3502a4 + +info: + name: > + amr users <= 4.59.4 - Authenticated (Subscriber+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/879e7695-3a61-4e65-b102-fcdc63fac688?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amr-users/" + google-query: inurl:"/wp-content/plugins/amr-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amr-users,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amr-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amr-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.59.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amr-users-5ff51e8e3d70f359c04a37d7bd2f99bd.yaml b/nuclei-templates/cve-less/plugins/amr-users-5ff51e8e3d70f359c04a37d7bd2f99bd.yaml new file mode 100644 index 0000000000..0369ad4160 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amr-users-5ff51e8e3d70f359c04a37d7bd2f99bd.yaml @@ -0,0 +1,58 @@ +id: amr-users-5ff51e8e3d70f359c04a37d7bd2f99bd + +info: + name: > + amr users <= 4.59.3 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb87726f-868d-4b2e-b818-d303e695c69c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amr-users/" + google-query: inurl:"/wp-content/plugins/amr-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amr-users,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amr-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amr-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.59.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amty-thumb-recent-post-95db80ffd1d934591e0e0a483a99236e.yaml b/nuclei-templates/cve-less/plugins/amty-thumb-recent-post-95db80ffd1d934591e0e0a483a99236e.yaml new file mode 100644 index 0000000000..75f45095a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amty-thumb-recent-post-95db80ffd1d934591e0e0a483a99236e.yaml @@ -0,0 +1,58 @@ +id: amty-thumb-recent-post-95db80ffd1d934591e0e0a483a99236e + +info: + name: > + amtyThumb posts <= 8.2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a29b18d4-7b9b-48c9-aea8-88f6a6fc4b29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amty-thumb-recent-post/" + google-query: inurl:"/wp-content/plugins/amty-thumb-recent-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amty-thumb-recent-post,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amty-thumb-recent-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amty-thumb-recent-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/amtythumb-96de88df50c13b090e6e70188ce8bb28.yaml b/nuclei-templates/cve-less/plugins/amtythumb-96de88df50c13b090e6e70188ce8bb28.yaml new file mode 100644 index 0000000000..bcdbd0c0f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/amtythumb-96de88df50c13b090e6e70188ce8bb28.yaml @@ -0,0 +1,58 @@ +id: amtythumb-96de88df50c13b090e6e70188ce8bb28 + +info: + name: > + amtyThumb <= 4.2.0 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dd45dc7-b37c-42f3-a4b5-c4564174148c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/amtythumb/" + google-query: inurl:"/wp-content/plugins/amtythumb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,amtythumb,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/amtythumb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amtythumb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/an-gradebook-054cd3c24ebffa75be93ee2056e1824c.yaml b/nuclei-templates/cve-less/plugins/an-gradebook-054cd3c24ebffa75be93ee2056e1824c.yaml new file mode 100644 index 0000000000..930a28b789 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/an-gradebook-054cd3c24ebffa75be93ee2056e1824c.yaml @@ -0,0 +1,58 @@ +id: an-gradebook-054cd3c24ebffa75be93ee2056e1824c + +info: + name: > + AN_GradeBook <= 5.0.1 - Authenticated (Subscriber+) SQL Injection via 'id' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60d59753-5b6b-4f3e-8faf-8053750ae05d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/an-gradebook/" + google-query: inurl:"/wp-content/plugins/an-gradebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,an-gradebook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/an-gradebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "an-gradebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/an-gradebook-9da08dd717e53fc804ec0889b3c45692.yaml b/nuclei-templates/cve-less/plugins/an-gradebook-9da08dd717e53fc804ec0889b3c45692.yaml new file mode 100644 index 0000000000..8961e50333 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/an-gradebook-9da08dd717e53fc804ec0889b3c45692.yaml @@ -0,0 +1,58 @@ +id: an-gradebook-9da08dd717e53fc804ec0889b3c45692 + +info: + name: > + AN_GradeBook <= 5.0.1 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d574ed8b-2887-4a56-9fca-914148095ba1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/an-gradebook/" + google-query: inurl:"/wp-content/plugins/an-gradebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,an-gradebook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/an-gradebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "an-gradebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anac-xml-viewer-16ea15328c267590894ffee4442a84eb.yaml b/nuclei-templates/cve-less/plugins/anac-xml-viewer-16ea15328c267590894ffee4442a84eb.yaml new file mode 100644 index 0000000000..4bd809bff9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anac-xml-viewer-16ea15328c267590894ffee4442a84eb.yaml @@ -0,0 +1,58 @@ +id: anac-xml-viewer-16ea15328c267590894ffee4442a84eb + +info: + name: > + ANAC XML Viewer <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9af963ed-8bc5-4b5e-bacd-30a2ef429ce8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anac-xml-viewer/" + google-query: inurl:"/wp-content/plugins/anac-xml-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anac-xml-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anac-xml-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anac-xml-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/analogwp-templates-28932f902044dea62ee1c6a2f1f7a4c4.yaml b/nuclei-templates/cve-less/plugins/analogwp-templates-28932f902044dea62ee1c6a2f1f7a4c4.yaml new file mode 100644 index 0000000000..9279564ed0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/analogwp-templates-28932f902044dea62ee1c6a2f1f7a4c4.yaml @@ -0,0 +1,58 @@ +id: analogwp-templates-28932f902044dea62ee1c6a2f1f7a4c4 + +info: + name: > + Style Kits <= 1.8.0 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb08fc1-fb8b-4478-8569-eb9b28aff50b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/analogwp-templates/" + google-query: inurl:"/wp-content/plugins/analogwp-templates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,analogwp-templates,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/analogwp-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "analogwp-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/analytics-cat-7d46d3a81ec6bb63cad62cde0afab07a.yaml b/nuclei-templates/cve-less/plugins/analytics-cat-7d46d3a81ec6bb63cad62cde0afab07a.yaml new file mode 100644 index 0000000000..afcd8c24b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/analytics-cat-7d46d3a81ec6bb63cad62cde0afab07a.yaml @@ -0,0 +1,58 @@ +id: analytics-cat-7d46d3a81ec6bb63cad62cde0afab07a + +info: + name: > + Analytics Cat – Google Analytics Made Easy <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98c2d04d-c401-411f-8bf0-4aebb1779e8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/analytics-cat/" + google-query: inurl:"/wp-content/plugins/analytics-cat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,analytics-cat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/analytics-cat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "analytics-cat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/analytics-cat-e08a52f680b625be47e9beebec7b3154.yaml b/nuclei-templates/cve-less/plugins/analytics-cat-e08a52f680b625be47e9beebec7b3154.yaml new file mode 100644 index 0000000000..ca7dd1c8b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/analytics-cat-e08a52f680b625be47e9beebec7b3154.yaml @@ -0,0 +1,58 @@ +id: analytics-cat-e08a52f680b625be47e9beebec7b3154 + +info: + name: > + Fatcat Apps Analytics Cat <= 1.0.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29da4c49-3608-4bff-8184-01dc08752403?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/analytics-cat/" + google-query: inurl:"/wp-content/plugins/analytics-cat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,analytics-cat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/analytics-cat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "analytics-cat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/analytics-for-wp-5b728c0f0ab67d66edeb4ee534a33e19.yaml b/nuclei-templates/cve-less/plugins/analytics-for-wp-5b728c0f0ab67d66edeb4ee534a33e19.yaml new file mode 100644 index 0000000000..75ee92e163 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/analytics-for-wp-5b728c0f0ab67d66edeb4ee534a33e19.yaml @@ -0,0 +1,58 @@ +id: analytics-for-wp-5b728c0f0ab67d66edeb4ee534a33e19 + +info: + name: > + Analytics for WP <= 1.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da4f5af6-61b2-4983-9096-66f6ff7fc060?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/analytics-for-wp/" + google-query: inurl:"/wp-content/plugins/analytics-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,analytics-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/analytics-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "analytics-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/analytics-insights-13226ec92f273d612bf06ab3bca22c10.yaml b/nuclei-templates/cve-less/plugins/analytics-insights-13226ec92f273d612bf06ab3bca22c10.yaml new file mode 100644 index 0000000000..2addcc7a89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/analytics-insights-13226ec92f273d612bf06ab3bca22c10.yaml @@ -0,0 +1,58 @@ +id: analytics-insights-13226ec92f273d612bf06ab3bca22c10 + +info: + name: > + Analytics Insights <= 6.2 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23a3a4c5-0af0-4b5f-b3c7-bf670efea84f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/analytics-insights/" + google-query: inurl:"/wp-content/plugins/analytics-insights/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,analytics-insights,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/analytics-insights/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "analytics-insights" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/analytics-tracker-8f9bc8ffd93a472c3d732de50d85129c.yaml b/nuclei-templates/cve-less/plugins/analytics-tracker-8f9bc8ffd93a472c3d732de50d85129c.yaml new file mode 100644 index 0000000000..efd6a93c09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/analytics-tracker-8f9bc8ffd93a472c3d732de50d85129c.yaml @@ -0,0 +1,58 @@ +id: analytics-tracker-8f9bc8ffd93a472c3d732de50d85129c + +info: + name: > + Analytics Tracker <= 1.1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9eb14563-7aa6-4703-96ef-95708f08beff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/analytics-tracker/" + google-query: inurl:"/wp-content/plugins/analytics-tracker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,analytics-tracker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/analytics-tracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "analytics-tracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anchor-episodes-index-843f515046670d7a382e75e7e4f584c1.yaml b/nuclei-templates/cve-less/plugins/anchor-episodes-index-843f515046670d7a382e75e7e4f584c1.yaml new file mode 100644 index 0000000000..9e1e01e7ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anchor-episodes-index-843f515046670d7a382e75e7e4f584c1.yaml @@ -0,0 +1,58 @@ +id: anchor-episodes-index-843f515046670d7a382e75e7e4f584c1 + +info: + name: > + Anchor Episodes Index (Spotify for Podcasters) <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96defcb7-6af1-4fb8-9fa0-231c6776bbc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anchor-episodes-index/" + google-query: inurl:"/wp-content/plugins/anchor-episodes-index/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anchor-episodes-index,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anchor-episodes-index/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anchor-episodes-index" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/angwp-389af4405b0ad50159ccf3ce376f93d6.yaml b/nuclei-templates/cve-less/plugins/angwp-389af4405b0ad50159ccf3ce376f93d6.yaml new file mode 100644 index 0000000000..9f48aff11a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/angwp-389af4405b0ad50159ccf3ce376f93d6.yaml @@ -0,0 +1,58 @@ +id: angwp-389af4405b0ad50159ccf3ce376f93d6 + +info: + name: > + Adning Advertising <= 1.5.5 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/angwp/" + google-query: inurl:"/wp-content/plugins/angwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,angwp,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/angwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "angwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/angwp-4ca7a80c9a74f97dd3daf1874e8c0993.yaml b/nuclei-templates/cve-less/plugins/angwp-4ca7a80c9a74f97dd3daf1874e8c0993.yaml new file mode 100644 index 0000000000..a8e456753a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/angwp-4ca7a80c9a74f97dd3daf1874e8c0993.yaml @@ -0,0 +1,58 @@ +id: angwp-4ca7a80c9a74f97dd3daf1874e8c0993 + +info: + name: > + Adning Advertising <= 1.5.5 - Unauthenticated Arbitrary File Deletion via Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/angwp/" + google-query: inurl:"/wp-content/plugins/angwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,angwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/angwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "angwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/animate-it-5cb88706cc3e4d4bdffd38343a9f038a.yaml b/nuclei-templates/cve-less/plugins/animate-it-5cb88706cc3e4d4bdffd38343a9f038a.yaml new file mode 100644 index 0000000000..9913e860a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/animate-it-5cb88706cc3e4d4bdffd38343a9f038a.yaml @@ -0,0 +1,58 @@ +id: animate-it-5cb88706cc3e4d4bdffd38343a9f038a + +info: + name: > + Animate It <= 2.3.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49b296a5-8721-4835-b2c1-ab45045be595?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/animate-it/" + google-query: inurl:"/wp-content/plugins/animate-it/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,animate-it,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/animate-it/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "animate-it" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/animate-it-61c977fb1adb33ac70d098207834a351.yaml b/nuclei-templates/cve-less/plugins/animate-it-61c977fb1adb33ac70d098207834a351.yaml new file mode 100644 index 0000000000..7001dc3ca2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/animate-it-61c977fb1adb33ac70d098207834a351.yaml @@ -0,0 +1,58 @@ +id: animate-it-61c977fb1adb33ac70d098207834a351 + +info: + name: > + Animate It <= 2.3.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e51a0db0-0ee0-463b-8d82-81a991ef9222?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/animate-it/" + google-query: inurl:"/wp-content/plugins/animate-it/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,animate-it,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/animate-it/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "animate-it" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/animate-it-6786cc650f667a015a2cad75459e0a89.yaml b/nuclei-templates/cve-less/plugins/animate-it-6786cc650f667a015a2cad75459e0a89.yaml new file mode 100644 index 0000000000..b443612740 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/animate-it-6786cc650f667a015a2cad75459e0a89.yaml @@ -0,0 +1,58 @@ +id: animate-it-6786cc650f667a015a2cad75459e0a89 + +info: + name: > + Animate It <= 2.3.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dadfc9c5-79cb-4e43-bf27-8a7f059190e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/animate-it/" + google-query: inurl:"/wp-content/plugins/animate-it/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,animate-it,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/animate-it/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "animate-it" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/animated-counters-4187eb8bb2c5fe78d6c93246f1bd60b8.yaml b/nuclei-templates/cve-less/plugins/animated-counters-4187eb8bb2c5fe78d6c93246f1bd60b8.yaml new file mode 100644 index 0000000000..941cbc45f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/animated-counters-4187eb8bb2c5fe78d6c93246f1bd60b8.yaml @@ -0,0 +1,58 @@ +id: animated-counters-4187eb8bb2c5fe78d6c93246f1bd60b8 + +info: + name: > + Animated Counters <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33c2756d-c300-479f-b3aa-8f22c3a70278?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/animated-counters/" + google-query: inurl:"/wp-content/plugins/animated-counters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,animated-counters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/animated-counters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "animated-counters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/animated-headline-b8a793584d2186fb4e0aa8046771e551.yaml b/nuclei-templates/cve-less/plugins/animated-headline-b8a793584d2186fb4e0aa8046771e551.yaml new file mode 100644 index 0000000000..48ef591b5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/animated-headline-b8a793584d2186fb4e0aa8046771e551.yaml @@ -0,0 +1,58 @@ +id: animated-headline-b8a793584d2186fb4e0aa8046771e551 + +info: + name: > + Animated Headline <= 4.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f589b5d-9cdb-4521-bc60-c8f19d0ef982?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/animated-headline/" + google-query: inurl:"/wp-content/plugins/animated-headline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,animated-headline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/animated-headline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "animated-headline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/animated-number-counters-cf48a696f82d0831c89a84db8271161e.yaml b/nuclei-templates/cve-less/plugins/animated-number-counters-cf48a696f82d0831c89a84db8271161e.yaml new file mode 100644 index 0000000000..082cccb19a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/animated-number-counters-cf48a696f82d0831c89a84db8271161e.yaml @@ -0,0 +1,58 @@ +id: animated-number-counters-cf48a696f82d0831c89a84db8271161e + +info: + name: > + Animated Number Counters <= 1.6 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e87ea6b5-4288-4ebb-8a29-e0a179e6b584?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/animated-number-counters/" + google-query: inurl:"/wp-content/plugins/animated-number-counters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,animated-number-counters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/animated-number-counters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "animated-number-counters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/animated-typing-effect-8a6899bd3b3c6951efcee5344ca06fff.yaml b/nuclei-templates/cve-less/plugins/animated-typing-effect-8a6899bd3b3c6951efcee5344ca06fff.yaml new file mode 100644 index 0000000000..7f5eded57b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/animated-typing-effect-8a6899bd3b3c6951efcee5344ca06fff.yaml @@ -0,0 +1,58 @@ +id: animated-typing-effect-8a6899bd3b3c6951efcee5344ca06fff + +info: + name: > + Typing Effect <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db12f986-580e-4e81-8bd2-124393e5d21b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/animated-typing-effect/" + google-query: inurl:"/wp-content/plugins/animated-typing-effect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,animated-typing-effect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/animated-typing-effect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "animated-typing-effect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/announce-from-the-dashboard-05ea715911776cce9345bba9207f2978.yaml b/nuclei-templates/cve-less/plugins/announce-from-the-dashboard-05ea715911776cce9345bba9207f2978.yaml new file mode 100644 index 0000000000..be4d3d5cb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/announce-from-the-dashboard-05ea715911776cce9345bba9207f2978.yaml @@ -0,0 +1,58 @@ +id: announce-from-the-dashboard-05ea715911776cce9345bba9207f2978 + +info: + name: > + Announce from the Dashboard <= 1.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0d1cf3b-5631-49bd-a7aa-86de2ee4b5b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/announce-from-the-dashboard/" + google-query: inurl:"/wp-content/plugins/announce-from-the-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,announce-from-the-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/announce-from-the-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "announce-from-the-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/announce-from-the-dashboard-4e902ac20277ef72a0ba4b9fef3685d6.yaml b/nuclei-templates/cve-less/plugins/announce-from-the-dashboard-4e902ac20277ef72a0ba4b9fef3685d6.yaml new file mode 100644 index 0000000000..90d44ef225 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/announce-from-the-dashboard-4e902ac20277ef72a0ba4b9fef3685d6.yaml @@ -0,0 +1,58 @@ +id: announce-from-the-dashboard-4e902ac20277ef72a0ba4b9fef3685d6 + +info: + name: > + Announce from the Dashboard <= 1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b75dce8-3e31-45e8-b193-5df3e4391e56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/announce-from-the-dashboard/" + google-query: inurl:"/wp-content/plugins/announce-from-the-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,announce-from-the-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/announce-from-the-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "announce-from-the-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/announcekit-59df5359f3dd97e1bd86b18fcb289b4e.yaml b/nuclei-templates/cve-less/plugins/announcekit-59df5359f3dd97e1bd86b18fcb289b4e.yaml new file mode 100644 index 0000000000..5eb959a510 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/announcekit-59df5359f3dd97e1bd86b18fcb289b4e.yaml @@ -0,0 +1,58 @@ +id: announcekit-59df5359f3dd97e1bd86b18fcb289b4e + +info: + name: > + AnnounceKit <= 2.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0417e2d7-0c0a-48e1-bf18-3f5e16b1b8a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/announcekit/" + google-query: inurl:"/wp-content/plugins/announcekit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,announcekit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/announcekit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "announcekit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/announcer-e3632f2772b0c1ed9b46e568946ebc5c.yaml b/nuclei-templates/cve-less/plugins/announcer-e3632f2772b0c1ed9b46e568946ebc5c.yaml new file mode 100644 index 0000000000..10fb40826f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/announcer-e3632f2772b0c1ed9b46e568946ebc5c.yaml @@ -0,0 +1,58 @@ +id: announcer-e3632f2772b0c1ed9b46e568946ebc5c + +info: + name: > + Announcer – Notification & message bars <= 6.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5981209b-5dc7-4823-bd90-2f9514beb616?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/announcer/" + google-query: inurl:"/wp-content/plugins/announcer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,announcer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/announcer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "announcer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anonymous-restricted-content-e64c3828b87ac23a870624916c783fb0.yaml b/nuclei-templates/cve-less/plugins/anonymous-restricted-content-e64c3828b87ac23a870624916c783fb0.yaml new file mode 100644 index 0000000000..815590a63b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anonymous-restricted-content-e64c3828b87ac23a870624916c783fb0.yaml @@ -0,0 +1,58 @@ +id: anonymous-restricted-content-e64c3828b87ac23a870624916c783fb0 + +info: + name: > + Anonymous Restricted Content <= 1.6.2 - Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anonymous-restricted-content/" + google-query: inurl:"/wp-content/plugins/anonymous-restricted-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anonymous-restricted-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anonymous-restricted-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anonymous-restricted-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-36cd8a02716876f0db4708fd488996f4.yaml b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-36cd8a02716876f0db4708fd488996f4.yaml new file mode 100644 index 0000000000..b0c5fbc261 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-36cd8a02716876f0db4708fd488996f4.yaml @@ -0,0 +1,58 @@ +id: another-wordpress-classifieds-plugin-36cd8a02716876f0db4708fd488996f4 + +info: + name: > + AWP Classifieds <= 4.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec395e79-b82a-45c3-a704-a15a5efaf26d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/" + google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/another-wordpress-classifieds-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "another-wordpress-classifieds-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-8094d83bdd6a783dc479a31b16dcc2d7.yaml b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-8094d83bdd6a783dc479a31b16dcc2d7.yaml new file mode 100644 index 0000000000..e364bd5a18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-8094d83bdd6a783dc479a31b16dcc2d7.yaml @@ -0,0 +1,58 @@ +id: another-wordpress-classifieds-plugin-8094d83bdd6a783dc479a31b16dcc2d7 + +info: + name: > + AWP Classifieds <= 4.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b06a1b66-9057-4f16-878c-4fa66489f0ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/" + google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/another-wordpress-classifieds-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "another-wordpress-classifieds-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-a0dc813b81ea3eaaf35abcdfd0e51d08.yaml b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-a0dc813b81ea3eaaf35abcdfd0e51d08.yaml new file mode 100644 index 0000000000..d19b5a9699 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-a0dc813b81ea3eaaf35abcdfd0e51d08.yaml @@ -0,0 +1,58 @@ +id: another-wordpress-classifieds-plugin-a0dc813b81ea3eaaf35abcdfd0e51d08 + +info: + name: > + AWP Classifieds <= 4.3.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/782e954f-1fdf-49fa-97bc-60f8fb8c4ecd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/" + google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/another-wordpress-classifieds-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "another-wordpress-classifieds-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-c3d1c94528da88057c08634021981f55.yaml b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-c3d1c94528da88057c08634021981f55.yaml new file mode 100644 index 0000000000..e9e4322636 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-c3d1c94528da88057c08634021981f55.yaml @@ -0,0 +1,58 @@ +id: another-wordpress-classifieds-plugin-c3d1c94528da88057c08634021981f55 + +info: + name: > + AWP Classifieds <= 4.2.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3de27b2e-2196-4b8e-816c-729462a172d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/" + google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/another-wordpress-classifieds-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "another-wordpress-classifieds-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-c888a527d839638dab34ddfabb9982e5.yaml b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-c888a527d839638dab34ddfabb9982e5.yaml new file mode 100644 index 0000000000..3260ed9f41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-c888a527d839638dab34ddfabb9982e5.yaml @@ -0,0 +1,58 @@ +id: another-wordpress-classifieds-plugin-c888a527d839638dab34ddfabb9982e5 + +info: + name: > + WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7613875-b44e-4b91-9a5b-41ea0854cd61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/" + google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/another-wordpress-classifieds-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "another-wordpress-classifieds-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-f8694c41fb21641e443ef7de9264487a.yaml b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-f8694c41fb21641e443ef7de9264487a.yaml new file mode 100644 index 0000000000..9c4bb6f663 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-f8694c41fb21641e443ef7de9264487a.yaml @@ -0,0 +1,58 @@ +id: another-wordpress-classifieds-plugin-f8694c41fb21641e443ef7de9264487a + +info: + name: > + WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 3.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a8de5b1-fefc-40b0-8f4d-435e6bd2f452?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/" + google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/another-wordpress-classifieds-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "another-wordpress-classifieds-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-fa96cc0ae3ebc5f92e1c1a93f29e6a5e.yaml b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-fa96cc0ae3ebc5f92e1c1a93f29e6a5e.yaml new file mode 100644 index 0000000000..a00db7d55a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/another-wordpress-classifieds-plugin-fa96cc0ae3ebc5f92e1c1a93f29e6a5e.yaml @@ -0,0 +1,58 @@ +id: another-wordpress-classifieds-plugin-fa96cc0ae3ebc5f92e1c1a93f29e6a5e + +info: + name: > + WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 3.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd8a4296-8a6e-4455-8a69-87cace9199a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/another-wordpress-classifieds-plugin/" + google-query: inurl:"/wp-content/plugins/another-wordpress-classifieds-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,another-wordpress-classifieds-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/another-wordpress-classifieds-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "another-wordpress-classifieds-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anthologize-ba0f1a7c1e75b12eba4e62626fd27944.yaml b/nuclei-templates/cve-less/plugins/anthologize-ba0f1a7c1e75b12eba4e62626fd27944.yaml new file mode 100644 index 0000000000..b44baf7926 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anthologize-ba0f1a7c1e75b12eba4e62626fd27944.yaml @@ -0,0 +1,58 @@ +id: anthologize-ba0f1a7c1e75b12eba4e62626fd27944 + +info: + name: > + Anthologize <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7535b43-dcf0-4d00-833a-d9d86b2520d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anthologize/" + google-query: inurl:"/wp-content/plugins/anthologize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anthologize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anthologize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anthologize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anti-plagiarism-77af612ec3dcbb3822b11616df7c8557.yaml b/nuclei-templates/cve-less/plugins/anti-plagiarism-77af612ec3dcbb3822b11616df7c8557.yaml new file mode 100644 index 0000000000..535e97fa66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anti-plagiarism-77af612ec3dcbb3822b11616df7c8557.yaml @@ -0,0 +1,58 @@ +id: anti-plagiarism-77af612ec3dcbb3822b11616df7c8557 + +info: + name: > + Anti Plagiarism <= 3.60 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb6ecb74-b337-4930-a737-f70799607d89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anti-plagiarism/" + google-query: inurl:"/wp-content/plugins/anti-plagiarism/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anti-plagiarism,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anti-plagiarism/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anti-plagiarism" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.60') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anti-spam-41cd3278684cd2fa92e7808b44952638.yaml b/nuclei-templates/cve-less/plugins/anti-spam-41cd3278684cd2fa92e7808b44952638.yaml new file mode 100644 index 0000000000..778b0671eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anti-spam-41cd3278684cd2fa92e7808b44952638.yaml @@ -0,0 +1,58 @@ +id: anti-spam-41cd3278684cd2fa92e7808b44952638 + +info: + name: > + Titan Anti Spam & Security <= 7.3.0 - IP Spoofing to Protection Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3edb95f1-aa82-4b51-957e-2039dd8624e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anti-spam/" + google-query: inurl:"/wp-content/plugins/anti-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anti-spam,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anti-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anti-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/antihacker-1198314be1810779166a4e03d8729a10.yaml b/nuclei-templates/cve-less/plugins/antihacker-1198314be1810779166a4e03d8729a10.yaml new file mode 100644 index 0000000000..c67dd15a09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/antihacker-1198314be1810779166a4e03d8729a10.yaml @@ -0,0 +1,58 @@ +id: antihacker-1198314be1810779166a4e03d8729a10 + +info: + name: > + Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d365284-73ac-4730-a83d-9202677cf161?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/antihacker/" + google-query: inurl:"/wp-content/plugins/antihacker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,antihacker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/antihacker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "antihacker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/antihacker-52d5b418dd2173338819829d8805e340.yaml b/nuclei-templates/cve-less/plugins/antihacker-52d5b418dd2173338819829d8805e340.yaml new file mode 100644 index 0000000000..d6ca1309a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/antihacker-52d5b418dd2173338819829d8805e340.yaml @@ -0,0 +1,58 @@ +id: antihacker-52d5b418dd2173338819829d8805e340 + +info: + name: > + Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.52 - Missing Authorization to Authenticated (Subscriber+) Table Truncation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b80c8888-e8d6-4458-ae93-8e4182060590?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/antihacker/" + google-query: inurl:"/wp-content/plugins/antihacker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,antihacker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/antihacker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "antihacker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/antihacker-6e0c5ff8c6831d302f08813c9570b138.yaml b/nuclei-templates/cve-less/plugins/antihacker-6e0c5ff8c6831d302f08813c9570b138.yaml new file mode 100644 index 0000000000..7006e6977f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/antihacker-6e0c5ff8c6831d302f08813c9570b138.yaml @@ -0,0 +1,58 @@ +id: antihacker-6e0c5ff8c6831d302f08813c9570b138 + +info: + name: > + Anti Hacker <= 4.19 - Missing Authorization to Arbitrary Plugin Install + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9479c9ff-6da3-4391-802d-9e3eb14eff77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/antihacker/" + google-query: inurl:"/wp-content/plugins/antihacker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,antihacker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/antihacker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "antihacker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/antihacker-ee14c893825237703550266d1fea00de.yaml b/nuclei-templates/cve-less/plugins/antihacker-ee14c893825237703550266d1fea00de.yaml new file mode 100644 index 0000000000..d0a2b1e2be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/antihacker-ee14c893825237703550266d1fea00de.yaml @@ -0,0 +1,58 @@ +id: antihacker-ee14c893825237703550266d1fea00de + +info: + name: > + Anti Hacker <= 4.34 - Cross-Site Request Forgery via antihacker_ajax_scan + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8ae5712-09a8-45a4-9f79-3e5b7786e652?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/antihacker/" + google-query: inurl:"/wp-content/plugins/antihacker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,antihacker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/antihacker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "antihacker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/antispam-bee-a7e9b1b256d670c7c0f18ffa58157054.yaml b/nuclei-templates/cve-less/plugins/antispam-bee-a7e9b1b256d670c7c0f18ffa58157054.yaml new file mode 100644 index 0000000000..ef8e1497f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/antispam-bee-a7e9b1b256d670c7c0f18ffa58157054.yaml @@ -0,0 +1,58 @@ +id: antispam-bee-a7e9b1b256d670c7c0f18ffa58157054 + +info: + name: > + Antispam Bee <= 2.11.3 - IP Address Spoofing via get_client_ip + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb102891-b4a8-4089-b70c-43866ad85b7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/antispam-bee/" + google-query: inurl:"/wp-content/plugins/antispam-bee/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,antispam-bee,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/antispam-bee/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "antispam-bee" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anual-archive-498bbeebfd7d1067e2db21072dfc82ff.yaml b/nuclei-templates/cve-less/plugins/anual-archive-498bbeebfd7d1067e2db21072dfc82ff.yaml new file mode 100644 index 0000000000..ce37985176 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anual-archive-498bbeebfd7d1067e2db21072dfc82ff.yaml @@ -0,0 +1,58 @@ +id: anual-archive-498bbeebfd7d1067e2db21072dfc82ff + +info: + name: > + Annual Archive <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78f4709b-0560-48c6-a26c-d806311758a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anual-archive/" + google-query: inurl:"/wp-content/plugins/anual-archive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anual-archive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anual-archive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anual-archive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anual-archive-633a7d922fc914b18ddc7d21035ab39d.yaml b/nuclei-templates/cve-less/plugins/anual-archive-633a7d922fc914b18ddc7d21035ab39d.yaml new file mode 100644 index 0000000000..c7a72bfc43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anual-archive-633a7d922fc914b18ddc7d21035ab39d.yaml @@ -0,0 +1,58 @@ +id: anual-archive-633a7d922fc914b18ddc7d21035ab39d + +info: + name: > + Annual Archive <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58ae3a89-200b-475c-8d32-a24502eb95c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anual-archive/" + google-query: inurl:"/wp-content/plugins/anual-archive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anual-archive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anual-archive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anual-archive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anual-archive-c19853d6227a07842c1d1043daa343e2.yaml b/nuclei-templates/cve-less/plugins/anual-archive-c19853d6227a07842c1d1043daa343e2.yaml new file mode 100644 index 0000000000..0a074fd21e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anual-archive-c19853d6227a07842c1d1043daa343e2.yaml @@ -0,0 +1,58 @@ +id: anual-archive-c19853d6227a07842c1d1043daa343e2 + +info: + name: > + Annual Archive <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20199c88-1800-4d18-a0ee-0219be77b429?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anual-archive/" + google-query: inurl:"/wp-content/plugins/anual-archive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anual-archive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anual-archive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anual-archive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/any-hostname-3bc0607c56016206aa45fc2de8e660d1.yaml b/nuclei-templates/cve-less/plugins/any-hostname-3bc0607c56016206aa45fc2de8e660d1.yaml new file mode 100644 index 0000000000..07eac69109 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/any-hostname-3bc0607c56016206aa45fc2de8e660d1.yaml @@ -0,0 +1,58 @@ +id: any-hostname-3bc0607c56016206aa45fc2de8e660d1 + +info: + name: > + Any Hostname <= 1.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09613e4a-0dbe-430a-ab75-725038218803?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/any-hostname/" + google-query: inurl:"/wp-content/plugins/any-hostname/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,any-hostname,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/any-hostname/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "any-hostname" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anycomment-186957a6ecba5765a080f5c6c5b39bcb.yaml b/nuclei-templates/cve-less/plugins/anycomment-186957a6ecba5765a080f5c6c5b39bcb.yaml new file mode 100644 index 0000000000..02035b4234 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anycomment-186957a6ecba5765a080f5c6c5b39bcb.yaml @@ -0,0 +1,58 @@ +id: anycomment-186957a6ecba5765a080f5c6c5b39bcb + +info: + name: > + AnyComment <= 0.2.17 - Race Condition + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca12f906-d896-428a-a144-a1afe045197b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anycomment/" + google-query: inurl:"/wp-content/plugins/anycomment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anycomment,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anycomment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anycomment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.2.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anycomment-b59e16af89b52cabb8769776994f8e59.yaml b/nuclei-templates/cve-less/plugins/anycomment-b59e16af89b52cabb8769776994f8e59.yaml new file mode 100644 index 0000000000..5e9fffd9d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anycomment-b59e16af89b52cabb8769776994f8e59.yaml @@ -0,0 +1,58 @@ +id: anycomment-b59e16af89b52cabb8769776994f8e59 + +info: + name: > + AnyComment <= 0.2.17 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/feecd1f9-a933-43f5-971b-459bb27340d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anycomment/" + google-query: inurl:"/wp-content/plugins/anycomment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anycomment,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anycomment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anycomment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.2.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anycomment-d22c70f9ec92b7d76f2eae20313e8d32.yaml b/nuclei-templates/cve-less/plugins/anycomment-d22c70f9ec92b7d76f2eae20313e8d32.yaml new file mode 100644 index 0000000000..313444f596 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anycomment-d22c70f9ec92b7d76f2eae20313e8d32.yaml @@ -0,0 +1,58 @@ +id: anycomment-d22c70f9ec92b7d76f2eae20313e8d32 + +info: + name: > + AnyComment <= 0.3.4 - Open Redirect via redirect parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/786d147b-2013-476b-a684-d070f07a166d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anycomment/" + google-query: inurl:"/wp-content/plugins/anycomment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anycomment,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anycomment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anycomment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anycomment-ee36904a88935929b3b15a0e036819ac.yaml b/nuclei-templates/cve-less/plugins/anycomment-ee36904a88935929b3b15a0e036819ac.yaml new file mode 100644 index 0000000000..b568da2313 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anycomment-ee36904a88935929b3b15a0e036819ac.yaml @@ -0,0 +1,58 @@ +id: anycomment-ee36904a88935929b3b15a0e036819ac + +info: + name: > + AnyComment <= 0.0.32 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebbee05c-fd32-4dd9-99d3-716ba604b859?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anycomment/" + google-query: inurl:"/wp-content/plugins/anycomment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anycomment,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anycomment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anycomment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anyfont-01e8465418f355e76abbd3d29a83c487.yaml b/nuclei-templates/cve-less/plugins/anyfont-01e8465418f355e76abbd3d29a83c487.yaml new file mode 100644 index 0000000000..7e991ebab7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anyfont-01e8465418f355e76abbd3d29a83c487.yaml @@ -0,0 +1,58 @@ +id: anyfont-01e8465418f355e76abbd3d29a83c487 + +info: + name: > + Anyfont <= 2.2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd97d688-d8af-4598-8faa-97eefad63808?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anyfont/" + google-query: inurl:"/wp-content/plugins/anyfont/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anyfont,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anyfont/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anyfont" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anymind-widget-acdadfe8e1df89f0c7d26ae29b23fa05.yaml b/nuclei-templates/cve-less/plugins/anymind-widget-acdadfe8e1df89f0c7d26ae29b23fa05.yaml new file mode 100644 index 0000000000..da5c087cd4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anymind-widget-acdadfe8e1df89f0c7d26ae29b23fa05.yaml @@ -0,0 +1,58 @@ +id: anymind-widget-acdadfe8e1df89f0c7d26ae29b23fa05 + +info: + name: > + AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/174eae70-15d7-4772-8fcd-dc4c0fca5b7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anymind-widget/" + google-query: inurl:"/wp-content/plugins/anymind-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anymind-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anymind-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anymind-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anyvar-180f313b58923b98a121e2e279750680.yaml b/nuclei-templates/cve-less/plugins/anyvar-180f313b58923b98a121e2e279750680.yaml new file mode 100644 index 0000000000..4154f9245b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anyvar-180f313b58923b98a121e2e279750680.yaml @@ -0,0 +1,58 @@ +id: anyvar-180f313b58923b98a121e2e279750680 + +info: + name: > + AnyVar <= 0.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/949effee-d99c-4965-9d89-3309d4df66cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anyvar/" + google-query: inurl:"/wp-content/plugins/anyvar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anyvar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anyvar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anyvar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anywhere-elementor-953d7c74a5cb5d227016dedae23e3cfa.yaml b/nuclei-templates/cve-less/plugins/anywhere-elementor-953d7c74a5cb5d227016dedae23e3cfa.yaml new file mode 100644 index 0000000000..eff9e50c35 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anywhere-elementor-953d7c74a5cb5d227016dedae23e3cfa.yaml @@ -0,0 +1,58 @@ +id: anywhere-elementor-953d7c74a5cb5d227016dedae23e3cfa + +info: + name: > + AnyWhere Elementor <= 1.2.7 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5782439f-a546-45f6-aec7-e600442d3c41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anywhere-elementor/" + google-query: inurl:"/wp-content/plugins/anywhere-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anywhere-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anywhere-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anywhere-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/anywhere-flash-embed-881cc93528fb94be5fa214f77b12a3dc.yaml b/nuclei-templates/cve-less/plugins/anywhere-flash-embed-881cc93528fb94be5fa214f77b12a3dc.yaml new file mode 100644 index 0000000000..3ed02eea4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/anywhere-flash-embed-881cc93528fb94be5fa214f77b12a3dc.yaml @@ -0,0 +1,58 @@ +id: anywhere-flash-embed-881cc93528fb94be5fa214f77b12a3dc + +info: + name: > + Anywhere Flash Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a95d7ff6-55ce-4d63-8433-60cece306628?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/anywhere-flash-embed/" + google-query: inurl:"/wp-content/plugins/anywhere-flash-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,anywhere-flash-embed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/anywhere-flash-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anywhere-flash-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aoi-tori-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/aoi-tori-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..44dc61ff46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aoi-tori-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: aoi-tori-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aoi-tori/" + google-query: inurl:"/wp-content/plugins/aoi-tori/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aoi-tori,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aoi-tori/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aoi-tori" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ap-custom-testimonial-e046ac5677cd6d59abd3c0371d7c020d.yaml b/nuclei-templates/cve-less/plugins/ap-custom-testimonial-e046ac5677cd6d59abd3c0371d7c020d.yaml new file mode 100644 index 0000000000..768a89a237 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ap-custom-testimonial-e046ac5677cd6d59abd3c0371d7c020d.yaml @@ -0,0 +1,58 @@ +id: ap-custom-testimonial-e046ac5677cd6d59abd3c0371d7c020d + +info: + name: > + Testimonial WordPress Plugin < 1.4.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/171faddd-c60c-4d07-834e-d8149703513b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ap-custom-testimonial/" + google-query: inurl:"/wp-content/plugins/ap-custom-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ap-custom-testimonial,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ap-custom-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ap-custom-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ap-custom-testimonial-ea71ac2a34dc7248e02bdf91d9e86e30.yaml b/nuclei-templates/cve-less/plugins/ap-custom-testimonial-ea71ac2a34dc7248e02bdf91d9e86e30.yaml new file mode 100644 index 0000000000..4dc4d2f502 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ap-custom-testimonial-ea71ac2a34dc7248e02bdf91d9e86e30.yaml @@ -0,0 +1,58 @@ +id: ap-custom-testimonial-ea71ac2a34dc7248e02bdf91d9e86e30 + +info: + name: > + AP Custom Testimonial <= 1.4.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/225900ea-ab59-4864-a65b-583730d2703f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ap-custom-testimonial/" + google-query: inurl:"/wp-content/plugins/ap-custom-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ap-custom-testimonial,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ap-custom-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ap-custom-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ap-mega-menu-415cf9b2f7bbb0e22dd8557e0a6ae54d.yaml b/nuclei-templates/cve-less/plugins/ap-mega-menu-415cf9b2f7bbb0e22dd8557e0a6ae54d.yaml new file mode 100644 index 0000000000..17c5e24337 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ap-mega-menu-415cf9b2f7bbb0e22dd8557e0a6ae54d.yaml @@ -0,0 +1,58 @@ +id: ap-mega-menu-415cf9b2f7bbb0e22dd8557e0a6ae54d + +info: + name: > + Mega Menu <= 3.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a99ccde-4c8c-4c77-9199-c21dba35c19f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ap-mega-menu/" + google-query: inurl:"/wp-content/plugins/ap-mega-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ap-mega-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ap-mega-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ap-mega-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ap-pricing-tables-lite-55621d6fc615b8d4a345ef4a0a4b8e73.yaml b/nuclei-templates/cve-less/plugins/ap-pricing-tables-lite-55621d6fc615b8d4a345ef4a0a4b8e73.yaml new file mode 100644 index 0000000000..87a384892b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ap-pricing-tables-lite-55621d6fc615b8d4a345ef4a0a4b8e73.yaml @@ -0,0 +1,58 @@ +id: ap-pricing-tables-lite-55621d6fc615b8d4a345ef4a0a4b8e73 + +info: + name: > + AP Pricing Tables Lite <= 1.1.6 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/869e57f8-7524-497a-8d24-bb9f2ee3898b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ap-pricing-tables-lite/" + google-query: inurl:"/wp-content/plugins/ap-pricing-tables-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ap-pricing-tables-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ap-pricing-tables-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ap-pricing-tables-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ap-pricing-tables-lite-dd1e137c703afe40250d4d373711d33b.yaml b/nuclei-templates/cve-less/plugins/ap-pricing-tables-lite-dd1e137c703afe40250d4d373711d33b.yaml new file mode 100644 index 0000000000..7b7d0921d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ap-pricing-tables-lite-dd1e137c703afe40250d4d373711d33b.yaml @@ -0,0 +1,58 @@ +id: ap-pricing-tables-lite-dd1e137c703afe40250d4d373711d33b + +info: + name: > + AP Pricing Tables Lite <= 1.1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95f9066c-e0dd-4909-a57b-c52070b135d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ap-pricing-tables-lite/" + google-query: inurl:"/wp-content/plugins/ap-pricing-tables-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ap-pricing-tables-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ap-pricing-tables-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ap-pricing-tables-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aparat-7c5c2b955a800f0567ad6425eb1a8e69.yaml b/nuclei-templates/cve-less/plugins/aparat-7c5c2b955a800f0567ad6425eb1a8e69.yaml new file mode 100644 index 0000000000..1b636326f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aparat-7c5c2b955a800f0567ad6425eb1a8e69.yaml @@ -0,0 +1,58 @@ +id: aparat-7c5c2b955a800f0567ad6425eb1a8e69 + +info: + name: > + Aparat <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d14dd6-ff1c-475b-8cff-efc7736124b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aparat/" + google-query: inurl:"/wp-content/plugins/aparat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aparat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aparat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aparat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apartment-management-00968ba3e8c09884c42e4fbfc8959579.yaml b/nuclei-templates/cve-less/plugins/apartment-management-00968ba3e8c09884c42e4fbfc8959579.yaml new file mode 100644 index 0000000000..19a55b4b52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apartment-management-00968ba3e8c09884c42e4fbfc8959579.yaml @@ -0,0 +1,58 @@ +id: apartment-management-00968ba3e8c09884c42e4fbfc8959579 + +info: + name: > + WPAMS - Apartment Management System for wordpress Theme < 17-07-2019 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02282e33-7e3e-42e1-a7b0-9b5ad326600d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apartment-management/" + google-query: inurl:"/wp-content/plugins/apartment-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apartment-management,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apartment-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apartment-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 17-07-2019') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apexchat-da0d789e3ff0c2c8ea9e944c14348b70.yaml b/nuclei-templates/cve-less/plugins/apexchat-da0d789e3ff0c2c8ea9e944c14348b70.yaml new file mode 100644 index 0000000000..c4aa1d67c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apexchat-da0d789e3ff0c2c8ea9e944c14348b70.yaml @@ -0,0 +1,58 @@ +id: apexchat-da0d789e3ff0c2c8ea9e944c14348b70 + +info: + name: > + ApexChat <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbe8d164-85c7-444d-80ad-4d03151b939b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apexchat/" + google-query: inurl:"/wp-content/plugins/apexchat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apexchat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apexchat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apexchat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/api-bearer-auth-fee563db4bd1e05c4270644fa9c809a1.yaml b/nuclei-templates/cve-less/plugins/api-bearer-auth-fee563db4bd1e05c4270644fa9c809a1.yaml new file mode 100644 index 0000000000..cef1005bea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/api-bearer-auth-fee563db4bd1e05c4270644fa9c809a1.yaml @@ -0,0 +1,58 @@ +id: api-bearer-auth-fee563db4bd1e05c4270644fa9c809a1 + +info: + name: > + API Bearer Auth < 20190907 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13843a16-7ae3-412d-a2ac-7a5ee556b6e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/api-bearer-auth/" + google-query: inurl:"/wp-content/plugins/api-bearer-auth/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,api-bearer-auth,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/api-bearer-auth/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "api-bearer-auth" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 20190907') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/api-bing-map-2018-d02235de5f3ca7c1b60ff50591414693.yaml b/nuclei-templates/cve-less/plugins/api-bing-map-2018-d02235de5f3ca7c1b60ff50591414693.yaml new file mode 100644 index 0000000000..1ac162b97f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/api-bing-map-2018-d02235de5f3ca7c1b60ff50591414693.yaml @@ -0,0 +1,58 @@ +id: api-bing-map-2018-d02235de5f3ca7c1b60ff50591414693 + +info: + name: > + WP Bing Map Pro <= 4.1.4 - Cross-Site Request Forgery via AJAX actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5abc627d-2d8e-44e6-8e8e-ad9f55cbb0d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/api-bing-map-2018/" + google-query: inurl:"/wp-content/plugins/api-bing-map-2018/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,api-bing-map-2018,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/api-bing-map-2018/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "api-bing-map-2018" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/api-key-for-google-maps-63bf92bd556ddc7e31ce5d5810bb1772.yaml b/nuclei-templates/cve-less/plugins/api-key-for-google-maps-63bf92bd556ddc7e31ce5d5810bb1772.yaml new file mode 100644 index 0000000000..2a30e68abd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/api-key-for-google-maps-63bf92bd556ddc7e31ce5d5810bb1772.yaml @@ -0,0 +1,58 @@ +id: api-key-for-google-maps-63bf92bd556ddc7e31ce5d5810bb1772 + +info: + name: > + API KEY for Google Maps <= 1.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/804dafd1-0f18-4248-a243-8b26d161bc85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/api-key-for-google-maps/" + google-query: inurl:"/wp-content/plugins/api-key-for-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,api-key-for-google-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/api-key-for-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "api-key-for-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/api2cart-bridge-connector-19171308e9a97bd1af9a42e88ced211e.yaml b/nuclei-templates/cve-less/plugins/api2cart-bridge-connector-19171308e9a97bd1af9a42e88ced211e.yaml new file mode 100644 index 0000000000..9fb0316c95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/api2cart-bridge-connector-19171308e9a97bd1af9a42e88ced211e.yaml @@ -0,0 +1,58 @@ +id: api2cart-bridge-connector-19171308e9a97bd1af9a42e88ced211e + +info: + name: > + Api2Cart Bridge Connector <= 1.1.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bf6d60f-57ac-4cbc-895f-a7db548cbf67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/api2cart-bridge-connector/" + google-query: inurl:"/wp-content/plugins/api2cart-bridge-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,api2cart-bridge-connector,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/api2cart-bridge-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "api2cart-bridge-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/api2cart-bridge-connector-eade6cf258216cda6b355deeb5801b73.yaml b/nuclei-templates/cve-less/plugins/api2cart-bridge-connector-eade6cf258216cda6b355deeb5801b73.yaml new file mode 100644 index 0000000000..dc4cec34b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/api2cart-bridge-connector-eade6cf258216cda6b355deeb5801b73.yaml @@ -0,0 +1,58 @@ +id: api2cart-bridge-connector-eade6cf258216cda6b355deeb5801b73 + +info: + name: > + Api2Cart Bridge Connector <= 1.1.0 - Arbitrary Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a69236d1-2164-4702-96e3-abd80fb5ffbb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/api2cart-bridge-connector/" + google-query: inurl:"/wp-content/plugins/api2cart-bridge-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,api2cart-bridge-connector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/api2cart-bridge-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "api2cart-bridge-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-07d84b9abdb8923fa8bed12fef2c739c.yaml b/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-07d84b9abdb8923fa8bed12fef2c739c.yaml new file mode 100644 index 0000000000..f17b0cf812 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-07d84b9abdb8923fa8bed12fef2c739c.yaml @@ -0,0 +1,58 @@ +id: apollo13-framework-extensions-07d84b9abdb8923fa8bed12fef2c739c + +info: + name: > + Apollo13 Framework Extensions <= 1.9.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/575b51f4-fed4-4057-9e8b-762fda275ef3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apollo13-framework-extensions/" + google-query: inurl:"/wp-content/plugins/apollo13-framework-extensions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apollo13-framework-extensions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apollo13-framework-extensions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apollo13-framework-extensions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-2c1fdb69500dc831bd46062ddc0d2b02.yaml b/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-2c1fdb69500dc831bd46062ddc0d2b02.yaml new file mode 100644 index 0000000000..29c6f5ed37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-2c1fdb69500dc831bd46062ddc0d2b02.yaml @@ -0,0 +1,58 @@ +id: apollo13-framework-extensions-2c1fdb69500dc831bd46062ddc0d2b02 + +info: + name: > + Apollo13 Framework Extensions <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c5b2ce5-d3bf-4412-b329-470a1115260b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apollo13-framework-extensions/" + google-query: inurl:"/wp-content/plugins/apollo13-framework-extensions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apollo13-framework-extensions,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apollo13-framework-extensions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apollo13-framework-extensions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-783d77b98a5b328f4a28ee2d5345a1f8.yaml b/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-783d77b98a5b328f4a28ee2d5345a1f8.yaml new file mode 100644 index 0000000000..f253fa9841 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-783d77b98a5b328f4a28ee2d5345a1f8.yaml @@ -0,0 +1,58 @@ +id: apollo13-framework-extensions-783d77b98a5b328f4a28ee2d5345a1f8 + +info: + name: > + Apollo13 Framework Extensions <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33386b7b-fae3-42a4-96d3-df3cdc342317?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apollo13-framework-extensions/" + google-query: inurl:"/wp-content/plugins/apollo13-framework-extensions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apollo13-framework-extensions,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apollo13-framework-extensions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apollo13-framework-extensions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-7c93e57058800cc97d4580d0e8797ab3.yaml b/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-7c93e57058800cc97d4580d0e8797ab3.yaml new file mode 100644 index 0000000000..e37d9c4215 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apollo13-framework-extensions-7c93e57058800cc97d4580d0e8797ab3.yaml @@ -0,0 +1,58 @@ +id: apollo13-framework-extensions-7c93e57058800cc97d4580d0e8797ab3 + +info: + name: > + Apollo13 Framework Extensions <= 1.8.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e122d75b-0bde-4886-a8e0-d07a535fc967?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apollo13-framework-extensions/" + google-query: inurl:"/wp-content/plugins/apollo13-framework-extensions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apollo13-framework-extensions,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apollo13-framework-extensions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apollo13-framework-extensions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/app-builder-41d7dedc3e3a9c3e6b69d336c29a1195.yaml b/nuclei-templates/cve-less/plugins/app-builder-41d7dedc3e3a9c3e6b69d336c29a1195.yaml new file mode 100644 index 0000000000..415b9de323 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/app-builder-41d7dedc3e3a9c3e6b69d336c29a1195.yaml @@ -0,0 +1,58 @@ +id: app-builder-41d7dedc3e3a9c3e6b69d336c29a1195 + +info: + name: > + App Builder <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62c3f844-ed88-4a6c-a8c2-7b573096ec8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/app-builder/" + google-query: inurl:"/wp-content/plugins/app-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,app-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/app-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "app-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/app-builder-e5e1ea362452a736ee3e514dade0c3d9.yaml b/nuclei-templates/cve-less/plugins/app-builder-e5e1ea362452a736ee3e514dade0c3d9.yaml new file mode 100644 index 0000000000..462046aae6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/app-builder-e5e1ea362452a736ee3e514dade0c3d9.yaml @@ -0,0 +1,58 @@ +id: app-builder-e5e1ea362452a736ee3e514dade0c3d9 + +info: + name: > + App Builder <= 3.8.7 - Open Redirection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0488a421-e725-4b64-94ee-3a81f4bc5451?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/app-builder/" + google-query: inurl:"/wp-content/plugins/app-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,app-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/app-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "app-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apply-online-5543057e7022cfec9b8ae11fa6f72d5e.yaml b/nuclei-templates/cve-less/plugins/apply-online-5543057e7022cfec9b8ae11fa6f72d5e.yaml new file mode 100644 index 0000000000..27942638ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apply-online-5543057e7022cfec9b8ae11fa6f72d5e.yaml @@ -0,0 +1,58 @@ +id: apply-online-5543057e7022cfec9b8ae11fa6f72d5e + +info: + name: > + ApplyOnline – Application Form Builder and Manager <= 2.5.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3473b5e-2f50-4845-9cfa-d19129f2a430?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apply-online/" + google-query: inurl:"/wp-content/plugins/apply-online/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apply-online,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apply-online/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apply-online" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apply-online-79807fbebc743d8cb1249f7ab347cb5d.yaml b/nuclei-templates/cve-less/plugins/apply-online-79807fbebc743d8cb1249f7ab347cb5d.yaml new file mode 100644 index 0000000000..74abd708ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apply-online-79807fbebc743d8cb1249f7ab347cb5d.yaml @@ -0,0 +1,58 @@ +id: apply-online-79807fbebc743d8cb1249f7ab347cb5d + +info: + name: > + ApplyOnline – Application Form Builder and Manager <= 2.5.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c704356-e5f7-4b91-a162-647717cbbb7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apply-online/" + google-query: inurl:"/wp-content/plugins/apply-online/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apply-online,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apply-online/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apply-online" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apply-online-acf9697c1a09f246be4d3f2a957b0449.yaml b/nuclei-templates/cve-less/plugins/apply-online-acf9697c1a09f246be4d3f2a957b0449.yaml new file mode 100644 index 0000000000..e621390b3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apply-online-acf9697c1a09f246be4d3f2a957b0449.yaml @@ -0,0 +1,58 @@ +id: apply-online-acf9697c1a09f246be4d3f2a957b0449 + +info: + name: > + ApplyOnline – Application Form Builder and Manager <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5dbcc22-ab2e-4114-a7d7-bac01a5c5b3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apply-online/" + google-query: inurl:"/wp-content/plugins/apply-online/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apply-online,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apply-online/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apply-online" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appmysite-989829020debf8c57aef5b384fb5a34d.yaml b/nuclei-templates/cve-less/plugins/appmysite-989829020debf8c57aef5b384fb5a34d.yaml new file mode 100644 index 0000000000..2ef229380a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appmysite-989829020debf8c57aef5b384fb5a34d.yaml @@ -0,0 +1,58 @@ +id: appmysite-989829020debf8c57aef5b384fb5a34d + +info: + name: > + AppMySite <= 3.11.0 - Unauthenticated Information Disclsoure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b9f171f-56d8-4ab9-bf61-0daa7c0d928f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appmysite/" + google-query: inurl:"/wp-content/plugins/appmysite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appmysite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appmysite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appmysite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-booking-calendar-08426323208aa24ee3404d3b3ddfff01.yaml b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-08426323208aa24ee3404d3b3ddfff01.yaml new file mode 100644 index 0000000000..536ff61794 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-08426323208aa24ee3404d3b3ddfff01.yaml @@ -0,0 +1,58 @@ +id: appointment-booking-calendar-08426323208aa24ee3404d3b3ddfff01 + +info: + name: > + Appointment Booking Calendar <= 1.3.82 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc6d1db-37ae-4198-84bd-944dad4926c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-booking-calendar/" + google-query: inurl:"/wp-content/plugins/appointment-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-booking-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.82') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-booking-calendar-08a6dbc5d307f61c67e7655c763c44e3.yaml b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-08a6dbc5d307f61c67e7655c763c44e3.yaml new file mode 100644 index 0000000000..a11843d4e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-08a6dbc5d307f61c67e7655c763c44e3.yaml @@ -0,0 +1,58 @@ +id: appointment-booking-calendar-08a6dbc5d307f61c67e7655c763c44e3 + +info: + name: > + Appointment Booking Calendar <= 1.1.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66ce2d12-8f57-4140-b3cf-0fc8c1c4f3d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-booking-calendar/" + google-query: inurl:"/wp-content/plugins/appointment-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-booking-calendar,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-booking-calendar-297cb3aa5bbfd9cc7b8af82349a82915.yaml b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-297cb3aa5bbfd9cc7b8af82349a82915.yaml new file mode 100644 index 0000000000..c6ac59eb10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-297cb3aa5bbfd9cc7b8af82349a82915.yaml @@ -0,0 +1,58 @@ +id: appointment-booking-calendar-297cb3aa5bbfd9cc7b8af82349a82915 + +info: + name: > + Appointment Booking Calendar <= 1.3.34 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/006544c9-09ed-4cda-a903-4e3959fdb676?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-booking-calendar/" + google-query: inurl:"/wp-content/plugins/appointment-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-booking-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-booking-calendar-5da504c8dee91299e78459069ad88795.yaml b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-5da504c8dee91299e78459069ad88795.yaml new file mode 100644 index 0000000000..bb822557a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-5da504c8dee91299e78459069ad88795.yaml @@ -0,0 +1,58 @@ +id: appointment-booking-calendar-5da504c8dee91299e78459069ad88795 + +info: + name: > + Appointment Booking Calendar <= 1.3.69 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cb1d8a3-91dd-419e-bc4e-57842afeb7b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-booking-calendar/" + google-query: inurl:"/wp-content/plugins/appointment-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-booking-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.69') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-booking-calendar-6dd0e2469be8342859a9ccb068065a86.yaml b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-6dd0e2469be8342859a9ccb068065a86.yaml new file mode 100644 index 0000000000..3187e431ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-6dd0e2469be8342859a9ccb068065a86.yaml @@ -0,0 +1,58 @@ +id: appointment-booking-calendar-6dd0e2469be8342859a9ccb068065a86 + +info: + name: > + Appointment Booking Calendar < 1.3.19 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78c19531-550d-4b97-a30d-adcaad43b53b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-booking-calendar/" + google-query: inurl:"/wp-content/plugins/appointment-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-booking-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-booking-calendar-945428d4546aafa998fc04a10d10dbe9.yaml b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-945428d4546aafa998fc04a10d10dbe9.yaml new file mode 100644 index 0000000000..4b9c3822e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-945428d4546aafa998fc04a10d10dbe9.yaml @@ -0,0 +1,58 @@ +id: appointment-booking-calendar-945428d4546aafa998fc04a10d10dbe9 + +info: + name: > + Appointment Booking Calendar <= 1.1.23 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b704c42-181b-47cb-9df8-3b82f7b830e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-booking-calendar/" + google-query: inurl:"/wp-content/plugins/appointment-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-booking-calendar,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-booking-calendar-9ab71be11dbcb0181c89ee507de51f30.yaml b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-9ab71be11dbcb0181c89ee507de51f30.yaml new file mode 100644 index 0000000000..74a0e0aec6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-9ab71be11dbcb0181c89ee507de51f30.yaml @@ -0,0 +1,58 @@ +id: appointment-booking-calendar-9ab71be11dbcb0181c89ee507de51f30 + +info: + name: > + Appointment Booking Calendar <= 1.3.34 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25b26369-76e3-44f0-8275-03fc6fc9705c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-booking-calendar/" + google-query: inurl:"/wp-content/plugins/appointment-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-booking-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-booking-calendar-e90b932522d2fa559539fe55a84e18ea.yaml b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-e90b932522d2fa559539fe55a84e18ea.yaml new file mode 100644 index 0000000000..3786c20f00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-booking-calendar-e90b932522d2fa559539fe55a84e18ea.yaml @@ -0,0 +1,58 @@ +id: appointment-booking-calendar-e90b932522d2fa559539fe55a84e18ea + +info: + name: > + Appointment Booking Calendar <= 1.1.7 - Multiple Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19f97cc8-4a35-44fd-b9f5-978f5997d08a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-booking-calendar/" + google-query: inurl:"/wp-content/plugins/appointment-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-booking-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-calendar-1c7dc157fa96adfd05a4bca562cbd9a9.yaml b/nuclei-templates/cve-less/plugins/appointment-calendar-1c7dc157fa96adfd05a4bca562cbd9a9.yaml new file mode 100644 index 0000000000..5ab1a6d2ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-calendar-1c7dc157fa96adfd05a4bca562cbd9a9.yaml @@ -0,0 +1,58 @@ +id: appointment-calendar-1c7dc157fa96adfd05a4bca562cbd9a9 + +info: + name: > + Appointment Calendar <= 2.9.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/baebd08b-1f40-4cb2-8158-c4421af68c06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-calendar/" + google-query: inurl:"/wp-content/plugins/appointment-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-calendar-a44ebccf5ee05a1c5c4e60f95c997bb4.yaml b/nuclei-templates/cve-less/plugins/appointment-calendar-a44ebccf5ee05a1c5c4e60f95c997bb4.yaml new file mode 100644 index 0000000000..c08021a302 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-calendar-a44ebccf5ee05a1c5c4e60f95c997bb4.yaml @@ -0,0 +1,58 @@ +id: appointment-calendar-a44ebccf5ee05a1c5c4e60f95c997bb4 + +info: + name: > + Appointment Calendar <= 2.9.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06a92619-5281-414e-8846-be0db38df89d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-calendar/" + google-query: inurl:"/wp-content/plugins/appointment-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-hour-booking-236c93e0abdcaccaa98b96d0eb756aaf.yaml b/nuclei-templates/cve-less/plugins/appointment-hour-booking-236c93e0abdcaccaa98b96d0eb756aaf.yaml new file mode 100644 index 0000000000..c2f850c245 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-hour-booking-236c93e0abdcaccaa98b96d0eb756aaf.yaml @@ -0,0 +1,58 @@ +id: appointment-hour-booking-236c93e0abdcaccaa98b96d0eb756aaf + +info: + name: > + Appointment Hour Booking <= 1.3.71 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c332ba8-282e-484e-9ee2-a91c9255bad0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-hour-booking/" + google-query: inurl:"/wp-content/plugins/appointment-hour-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-hour-booking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-hour-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-hour-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.71') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-hour-booking-49498beeab40d799abe54105f37dda52.yaml b/nuclei-templates/cve-less/plugins/appointment-hour-booking-49498beeab40d799abe54105f37dda52.yaml new file mode 100644 index 0000000000..b35bcf4959 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-hour-booking-49498beeab40d799abe54105f37dda52.yaml @@ -0,0 +1,58 @@ +id: appointment-hour-booking-49498beeab40d799abe54105f37dda52 + +info: + name: > + Appointment Hour Booking <= 1.3.55 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/371fef9c-1f32-4a21-b4f4-1fc364ade5a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-hour-booking/" + google-query: inurl:"/wp-content/plugins/appointment-hour-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-hour-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-hour-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-hour-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.55') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-hour-booking-8140e129d8e838ad592a5c184c1cf2c6.yaml b/nuclei-templates/cve-less/plugins/appointment-hour-booking-8140e129d8e838ad592a5c184c1cf2c6.yaml new file mode 100644 index 0000000000..bcc8c9c1e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-hour-booking-8140e129d8e838ad592a5c184c1cf2c6.yaml @@ -0,0 +1,58 @@ +id: appointment-hour-booking-8140e129d8e838ad592a5c184c1cf2c6 + +info: + name: > + Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/870ae326-a7c9-4201-bf0d-0fbda663a694?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-hour-booking/" + google-query: inurl:"/wp-content/plugins/appointment-hour-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-hour-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-hour-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-hour-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.72') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-hour-booking-93e983f709a0a8202ff094d785febb7b.yaml b/nuclei-templates/cve-less/plugins/appointment-hour-booking-93e983f709a0a8202ff094d785febb7b.yaml new file mode 100644 index 0000000000..6269347aa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-hour-booking-93e983f709a0a8202ff094d785febb7b.yaml @@ -0,0 +1,58 @@ +id: appointment-hour-booking-93e983f709a0a8202ff094d785febb7b + +info: + name: > + Appointment Hour Booking <= 1.3.16 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75cc74f6-aaab-4d5a-bd71-c238fa74a9bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-hour-booking/" + google-query: inurl:"/wp-content/plugins/appointment-hour-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-hour-booking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-hour-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-hour-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-hour-booking-aa161d7417ea73aa3cb2b51c21fd83db.yaml b/nuclei-templates/cve-less/plugins/appointment-hour-booking-aa161d7417ea73aa3cb2b51c21fd83db.yaml new file mode 100644 index 0000000000..0847acc951 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-hour-booking-aa161d7417ea73aa3cb2b51c21fd83db.yaml @@ -0,0 +1,58 @@ +id: appointment-hour-booking-aa161d7417ea73aa3cb2b51c21fd83db + +info: + name: > + Appointment Hour Booking <= 1.4.56 - Captcha Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6a3ae10-843f-484a-ad6c-221ffece7cc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-hour-booking/" + google-query: inurl:"/wp-content/plugins/appointment-hour-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-hour-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-hour-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-hour-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.56') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-hour-booking-b36315e23ade129c61fb07a902fc54b7.yaml b/nuclei-templates/cve-less/plugins/appointment-hour-booking-b36315e23ade129c61fb07a902fc54b7.yaml new file mode 100644 index 0000000000..bc86e9d993 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-hour-booking-b36315e23ade129c61fb07a902fc54b7.yaml @@ -0,0 +1,58 @@ +id: appointment-hour-booking-b36315e23ade129c61fb07a902fc54b7 + +info: + name: > + Appointment Hour Booking <= 1.3.15 Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b53e6c9e-f78f-44e8-ad0f-8cfaaac8b53f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-hour-booking/" + google-query: inurl:"/wp-content/plugins/appointment-hour-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-hour-booking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-hour-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-hour-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-hour-booking-bb0044840289e8306c7f62e7542e65ad.yaml b/nuclei-templates/cve-less/plugins/appointment-hour-booking-bb0044840289e8306c7f62e7542e65ad.yaml new file mode 100644 index 0000000000..7e86de2886 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-hour-booking-bb0044840289e8306c7f62e7542e65ad.yaml @@ -0,0 +1,58 @@ +id: appointment-hour-booking-bb0044840289e8306c7f62e7542e65ad + +info: + name: > + Appointment Hour Booking <= 1.3.72 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3a77b7a-65ad-4334-99c9-92cc79e60bee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-hour-booking/" + google-query: inurl:"/wp-content/plugins/appointment-hour-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-hour-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-hour-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-hour-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.72') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-hour-booking-e18c42540e73da21df0e80ed6910311c.yaml b/nuclei-templates/cve-less/plugins/appointment-hour-booking-e18c42540e73da21df0e80ed6910311c.yaml new file mode 100644 index 0000000000..b2aa20cc34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-hour-booking-e18c42540e73da21df0e80ed6910311c.yaml @@ -0,0 +1,58 @@ +id: appointment-hour-booking-e18c42540e73da21df0e80ed6910311c + +info: + name: > + Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e39044c6-8b72-478d-a762-418b2c58429a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-hour-booking/" + google-query: inurl:"/wp-content/plugins/appointment-hour-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-hour-booking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-hour-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-hour-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/appointment-hour-booking-f0cf91bed602f178255f06e47ead86ab.yaml b/nuclei-templates/cve-less/plugins/appointment-hour-booking-f0cf91bed602f178255f06e47ead86ab.yaml new file mode 100644 index 0000000000..8c06cd0853 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/appointment-hour-booking-f0cf91bed602f178255f06e47ead86ab.yaml @@ -0,0 +1,58 @@ +id: appointment-hour-booking-f0cf91bed602f178255f06e47ead86ab + +info: + name: > + Appointment Hour Booking <= 1.3.72 - CAPTCHA Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f62d28bd-fa33-4f0b-a116-5aacc05bfa3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/appointment-hour-booking/" + google-query: inurl:"/wp-content/plugins/appointment-hour-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,appointment-hour-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/appointment-hour-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appointment-hour-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.72') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apppresser-2f1276a08770749aab26a12f9e94025f.yaml b/nuclei-templates/cve-less/plugins/apppresser-2f1276a08770749aab26a12f9e94025f.yaml new file mode 100644 index 0000000000..0b3ca1eee1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apppresser-2f1276a08770749aab26a12f9e94025f.yaml @@ -0,0 +1,58 @@ +id: apppresser-2f1276a08770749aab26a12f9e94025f + +info: + name: > + AppPresser <= 4.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d999ef8-303e-4707-ace8-64563e899651?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apppresser/" + google-query: inurl:"/wp-content/plugins/apppresser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apppresser,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apppresser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apppresser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apppresser-36235d6783de2113be1f6010065b9add.yaml b/nuclei-templates/cve-less/plugins/apppresser-36235d6783de2113be1f6010065b9add.yaml new file mode 100644 index 0000000000..b785356c20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apppresser-36235d6783de2113be1f6010065b9add.yaml @@ -0,0 +1,58 @@ +id: apppresser-36235d6783de2113be1f6010065b9add + +info: + name: > + AppPresser <= 4.3.0 - Cross-Site Request Forgery via toggle_logging_callback() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16c7813c-7814-43f1-b051-e7e8690de21e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apppresser/" + google-query: inurl:"/wp-content/plugins/apppresser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apppresser,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apppresser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apppresser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apppresser-3f24de62c55c69c367431f554a182adc.yaml b/nuclei-templates/cve-less/plugins/apppresser-3f24de62c55c69c367431f554a182adc.yaml new file mode 100644 index 0000000000..f3a13b6655 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apppresser-3f24de62c55c69c367431f554a182adc.yaml @@ -0,0 +1,58 @@ +id: apppresser-3f24de62c55c69c367431f554a182adc + +info: + name: > + AppPresser <= 4.2.5 - Insecure Password Reset Mechanism + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c44c36a-c4c7-49c2-b750-1589e7840dde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apppresser/" + google-query: inurl:"/wp-content/plugins/apppresser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apppresser,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apppresser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apppresser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apppresser-ee0a89e3e23a3a50f6d12be73524e3c6.yaml b/nuclei-templates/cve-less/plugins/apppresser-ee0a89e3e23a3a50f6d12be73524e3c6.yaml new file mode 100644 index 0000000000..422f2fda5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apppresser-ee0a89e3e23a3a50f6d12be73524e3c6.yaml @@ -0,0 +1,58 @@ +id: apppresser-ee0a89e3e23a3a50f6d12be73524e3c6 + +info: + name: > + AppPresser <= 4.3.0 - Cross-Site Request Forgery via force_logging_off() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1417fad0-51a0-4091-8f7b-4e8925fd71a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apppresser/" + google-query: inurl:"/wp-content/plugins/apppresser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apppresser,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apppresser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apppresser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apptha-banner-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/apptha-banner-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..dc52cd9a23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apptha-banner-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: apptha-banner-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apptha-banner/" + google-query: inurl:"/wp-content/plugins/apptha-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apptha-banner,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apptha-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apptha-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apptha-slider-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/apptha-slider-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..52ad1550f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apptha-slider-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: apptha-slider-gallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apptha-slider-gallery/" + google-query: inurl:"/wp-content/plugins/apptha-slider-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apptha-slider-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apptha-slider-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apptha-slider-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/apptivo-business-site-b0a5bbc946df09d6c3b0cc9fe2eebc81.yaml b/nuclei-templates/cve-less/plugins/apptivo-business-site-b0a5bbc946df09d6c3b0cc9fe2eebc81.yaml new file mode 100644 index 0000000000..27de8c3411 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/apptivo-business-site-b0a5bbc946df09d6c3b0cc9fe2eebc81.yaml @@ -0,0 +1,58 @@ +id: apptivo-business-site-b0a5bbc946df09d6c3b0cc9fe2eebc81 + +info: + name: > + Apptivo Business Site CRM <= 3.0.12 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e570a66a-14f4-4ce9-b820-c54d09dd051d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/apptivo-business-site/" + google-query: inurl:"/wp-content/plugins/apptivo-business-site/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,apptivo-business-site,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/apptivo-business-site/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "apptivo-business-site" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aprils-super-functions-pack-6d5aea08d890e341921e43e6b4a849e2.yaml b/nuclei-templates/cve-less/plugins/aprils-super-functions-pack-6d5aea08d890e341921e43e6b4a849e2.yaml new file mode 100644 index 0000000000..fd1c9a4307 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aprils-super-functions-pack-6d5aea08d890e341921e43e6b4a849e2.yaml @@ -0,0 +1,58 @@ +id: aprils-super-functions-pack-6d5aea08d890e341921e43e6b4a849e2 + +info: + name: > + April's Super Functions Pack <= 1.4.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb3a7623-ced8-4738-8a95-a3eda7e86ec1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aprils-super-functions-pack/" + google-query: inurl:"/wp-content/plugins/aprils-super-functions-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aprils-super-functions-pack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aprils-super-functions-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aprils-super-functions-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/archives-calendar-widget-e83ff3d04c646c58cf810db301109219.yaml b/nuclei-templates/cve-less/plugins/archives-calendar-widget-e83ff3d04c646c58cf810db301109219.yaml new file mode 100644 index 0000000000..c7f30af97b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/archives-calendar-widget-e83ff3d04c646c58cf810db301109219.yaml @@ -0,0 +1,58 @@ +id: archives-calendar-widget-e83ff3d04c646c58cf810db301109219 + +info: + name: > + Archives Calendar Widget <= 1.0.15 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ffd695b-33e3-49b6-ad3a-98b2a645f827?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/archives-calendar-widget/" + google-query: inurl:"/wp-content/plugins/archives-calendar-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,archives-calendar-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/archives-calendar-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "archives-calendar-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-1c50317ba4f62105b747a16f1bd9f458.yaml b/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-1c50317ba4f62105b747a16f1bd9f458.yaml new file mode 100644 index 0000000000..9e33cb87bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-1c50317ba4f62105b747a16f1bd9f458.yaml @@ -0,0 +1,58 @@ +id: archivist-custom-archive-templates-1c50317ba4f62105b747a16f1bd9f458 + +info: + name: > + Archivist – Custom Archive Templates <= 1.7.4 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90333dc7-8bdf-4a59-8001-7eb76b4bc61d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/archivist-custom-archive-templates/" + google-query: inurl:"/wp-content/plugins/archivist-custom-archive-templates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,archivist-custom-archive-templates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/archivist-custom-archive-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "archivist-custom-archive-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-63705f2cf5933c3d0b8cb680facff791.yaml b/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-63705f2cf5933c3d0b8cb680facff791.yaml new file mode 100644 index 0000000000..89ad3bc9c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-63705f2cf5933c3d0b8cb680facff791.yaml @@ -0,0 +1,58 @@ +id: archivist-custom-archive-templates-63705f2cf5933c3d0b8cb680facff791 + +info: + name: > + Archivist – Custom Archive Templates <= 1.7.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e381ad7-efe6-48c4-af3a-22d01d73a065?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/archivist-custom-archive-templates/" + google-query: inurl:"/wp-content/plugins/archivist-custom-archive-templates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,archivist-custom-archive-templates,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/archivist-custom-archive-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "archivist-custom-archive-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-8185273926919177675b90d12fcb9ed0.yaml b/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-8185273926919177675b90d12fcb9ed0.yaml new file mode 100644 index 0000000000..725115b674 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-8185273926919177675b90d12fcb9ed0.yaml @@ -0,0 +1,58 @@ +id: archivist-custom-archive-templates-8185273926919177675b90d12fcb9ed0 + +info: + name: > + Archivist – Custom Archive Templates <= 1.7.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e230f9f-5eda-4362-973b-ada9cf425697?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/archivist-custom-archive-templates/" + google-query: inurl:"/wp-content/plugins/archivist-custom-archive-templates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,archivist-custom-archive-templates,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/archivist-custom-archive-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "archivist-custom-archive-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-97ba3b63c769d26efcad34ad353deecd.yaml b/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-97ba3b63c769d26efcad34ad353deecd.yaml new file mode 100644 index 0000000000..acf9cc4b54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/archivist-custom-archive-templates-97ba3b63c769d26efcad34ad353deecd.yaml @@ -0,0 +1,58 @@ +id: archivist-custom-archive-templates-97ba3b63c769d26efcad34ad353deecd + +info: + name: > + Archivist – Custom Archive Templates <= 1.7.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3f59671-0db2-4acf-8e97-a0ead518bebd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/archivist-custom-archive-templates/" + google-query: inurl:"/wp-content/plugins/archivist-custom-archive-templates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,archivist-custom-archive-templates,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/archivist-custom-archive-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "archivist-custom-archive-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arconix-faq-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml b/nuclei-templates/cve-less/plugins/arconix-faq-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml new file mode 100644 index 0000000000..baf0386164 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arconix-faq-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml @@ -0,0 +1,58 @@ +id: arconix-faq-1fa3ecb606b6c8eedf4f6c369e031dd5 + +info: + name: > + Multiple Plugins by tychesoftwares <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a07d293-4c50-4be0-955f-b7c4a0eaef4b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arconix-faq/" + google-query: inurl:"/wp-content/plugins/arconix-faq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arconix-faq,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arconix-faq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arconix-faq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arconix-shortcodes-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml b/nuclei-templates/cve-less/plugins/arconix-shortcodes-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml new file mode 100644 index 0000000000..3af8d00879 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arconix-shortcodes-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml @@ -0,0 +1,58 @@ +id: arconix-shortcodes-1fa3ecb606b6c8eedf4f6c369e031dd5 + +info: + name: > + Multiple Plugins by tychesoftwares <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a07d293-4c50-4be0-955f-b7c4a0eaef4b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arconix-shortcodes/" + google-query: inurl:"/wp-content/plugins/arconix-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arconix-shortcodes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arconix-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arconix-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arconix-shortcodes-2638501c4f697eb3fd2442b86e278a44.yaml b/nuclei-templates/cve-less/plugins/arconix-shortcodes-2638501c4f697eb3fd2442b86e278a44.yaml new file mode 100644 index 0000000000..3f40a6840d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arconix-shortcodes-2638501c4f697eb3fd2442b86e278a44.yaml @@ -0,0 +1,58 @@ +id: arconix-shortcodes-2638501c4f697eb3fd2442b86e278a44 + +info: + name: > + Arconix Shortcodes <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7575e290-ad31-4c1b-9a89-eaa8b3eda6d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arconix-shortcodes/" + google-query: inurl:"/wp-content/plugins/arconix-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arconix-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arconix-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arconix-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-2a8ab0eb9e4b0b2a994e3256b1961375.yaml b/nuclei-templates/cve-less/plugins/arforms-2a8ab0eb9e4b0b2a994e3256b1961375.yaml new file mode 100644 index 0000000000..1c10c0bbc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-2a8ab0eb9e4b0b2a994e3256b1961375.yaml @@ -0,0 +1,58 @@ +id: arforms-2a8ab0eb9e4b0b2a994e3256b1961375 + +info: + name: > + ARForms <= 6.4 - Missing Authorization to Arbitrary File Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67cb10e4-5d42-464b-a24f-66811a5d0991?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms/" + google-query: inurl:"/wp-content/plugins/arforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-3e021672a349a4fa909b6c3fa423b85d.yaml b/nuclei-templates/cve-less/plugins/arforms-3e021672a349a4fa909b6c3fa423b85d.yaml new file mode 100644 index 0000000000..caeb866efa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-3e021672a349a4fa909b6c3fa423b85d.yaml @@ -0,0 +1,58 @@ +id: arforms-3e021672a349a4fa909b6c3fa423b85d + +info: + name: > + ARForms <= 6.4 - Missing Authorization to Arbitrary Plugin Activation/Deactivation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5fba145-5cb6-4ea1-8691-6bad3dcfbcf4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms/" + google-query: inurl:"/wp-content/plugins/arforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-7071343c33e807accfdddf119ab9779f.yaml b/nuclei-templates/cve-less/plugins/arforms-7071343c33e807accfdddf119ab9779f.yaml new file mode 100644 index 0000000000..7a1929546b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-7071343c33e807accfdddf119ab9779f.yaml @@ -0,0 +1,58 @@ +id: arforms-7071343c33e807accfdddf119ab9779f + +info: + name: > + ARforms <= 6.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce16175a-c58e-4432-80de-7872216ae273?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms/" + google-query: inurl:"/wp-content/plugins/arforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-a0061c960a93fff2adc1360d0d280001.yaml b/nuclei-templates/cve-less/plugins/arforms-a0061c960a93fff2adc1360d0d280001.yaml new file mode 100644 index 0000000000..046eafb60d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-a0061c960a93fff2adc1360d0d280001.yaml @@ -0,0 +1,58 @@ +id: arforms-a0061c960a93fff2adc1360d0d280001 + +info: + name: > + ARforms <= 6.4 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2286e96-59e1-465a-b600-8a88e9e97418?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms/" + google-query: inurl:"/wp-content/plugins/arforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-a84b96611f097506467644350038a82b.yaml b/nuclei-templates/cve-less/plugins/arforms-a84b96611f097506467644350038a82b.yaml new file mode 100644 index 0000000000..cfe20401fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-a84b96611f097506467644350038a82b.yaml @@ -0,0 +1,58 @@ +id: arforms-a84b96611f097506467644350038a82b + +info: + name: > + ARForms <= 6.4 - Missing Authorization to Arbitrary Option Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78c6c5ff-8658-4a3d-be01-2141d1cff8bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms/" + google-query: inurl:"/wp-content/plugins/arforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-form-builder-021b10291895f49c72c52c95a60965eb.yaml b/nuclei-templates/cve-less/plugins/arforms-form-builder-021b10291895f49c72c52c95a60965eb.yaml new file mode 100644 index 0000000000..5886c81e42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-form-builder-021b10291895f49c72c52c95a60965eb.yaml @@ -0,0 +1,58 @@ +id: arforms-form-builder-021b10291895f49c72c52c95a60965eb + +info: + name: > + Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder < 1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27254411-3ae7-4659-b3c1-1c18911e3bfb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms-form-builder/" + google-query: inurl:"/wp-content/plugins/arforms-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-form-builder-2b5549b3c83c7777a1b6e0311c345bd4.yaml b/nuclei-templates/cve-less/plugins/arforms-form-builder-2b5549b3c83c7777a1b6e0311c345bd4.yaml new file mode 100644 index 0000000000..b673143a24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-form-builder-2b5549b3c83c7777a1b6e0311c345bd4.yaml @@ -0,0 +1,58 @@ +id: arforms-form-builder-2b5549b3c83c7777a1b6e0311c345bd4 + +info: + name: > + ARForms Form Builder <= 1.6.4 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Option Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/026f8d9b-a66b-4a59-8375-fba587a4eef7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms-form-builder/" + google-query: inurl:"/wp-content/plugins/arforms-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-form-builder-74c47f2edddbb589b4230d596bf5f1e4.yaml b/nuclei-templates/cve-less/plugins/arforms-form-builder-74c47f2edddbb589b4230d596bf5f1e4.yaml new file mode 100644 index 0000000000..fb3034050b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-form-builder-74c47f2edddbb589b4230d596bf5f1e4.yaml @@ -0,0 +1,58 @@ +id: arforms-form-builder-74c47f2edddbb589b4230d596bf5f1e4 + +info: + name: > + ARForms Form Builder <= 1.6.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92bdf5c9-37ef-450a-874c-e21a60b03baa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms-form-builder/" + google-query: inurl:"/wp-content/plugins/arforms-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-form-builder-934adbeaa90ed24edd97e3a659c47938.yaml b/nuclei-templates/cve-less/plugins/arforms-form-builder-934adbeaa90ed24edd97e3a659c47938.yaml new file mode 100644 index 0000000000..aedb6edd6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-form-builder-934adbeaa90ed24edd97e3a659c47938.yaml @@ -0,0 +1,58 @@ +id: arforms-form-builder-934adbeaa90ed24edd97e3a659c47938 + +info: + name: > + ARForms <= 1.5.8 - Unauthenticated Stored Cross-Site Scripting via arf_http_referrer_url + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e349cae-a996-4a32-807a-a98ebcb01edd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms-form-builder/" + google-query: inurl:"/wp-content/plugins/arforms-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-form-builder-b525a1e6aebd5326b1ab0e97e084de90.yaml b/nuclei-templates/cve-less/plugins/arforms-form-builder-b525a1e6aebd5326b1ab0e97e084de90.yaml new file mode 100644 index 0000000000..f045084354 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-form-builder-b525a1e6aebd5326b1ab0e97e084de90.yaml @@ -0,0 +1,58 @@ +id: arforms-form-builder-b525a1e6aebd5326b1ab0e97e084de90 + +info: + name: > + ARforms <= 3.7.1 - Unauthenticated Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9545cff3-fa65-4f2e-8a9f-98d884e5608f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms-form-builder/" + google-query: inurl:"/wp-content/plugins/arforms-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-form-builder-b8f70793547b459fbbb5874a8a3de62b.yaml b/nuclei-templates/cve-less/plugins/arforms-form-builder-b8f70793547b459fbbb5874a8a3de62b.yaml new file mode 100644 index 0000000000..44cb538297 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-form-builder-b8f70793547b459fbbb5874a8a3de62b.yaml @@ -0,0 +1,58 @@ +id: arforms-form-builder-b8f70793547b459fbbb5874a8a3de62b + +info: + name: > + Repute ARForms <= 3.5.1 - Unauthenticated Arbitrary File Deletion via Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8f73f1e-8f0a-4c4c-aca2-c9ae9bc4f63d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms-form-builder/" + google-query: inurl:"/wp-content/plugins/arforms-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-form-builder-bab973a9aab141bdb4381de471b4752a.yaml b/nuclei-templates/cve-less/plugins/arforms-form-builder-bab973a9aab141bdb4381de471b4752a.yaml new file mode 100644 index 0000000000..f87e7dd77c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-form-builder-bab973a9aab141bdb4381de471b4752a.yaml @@ -0,0 +1,58 @@ +id: arforms-form-builder-bab973a9aab141bdb4381de471b4752a + +info: + name: > + ARForms Form Builder <= 1.5.6 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ee7b30f-9d06-421c-af30-f20b774d389e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms-form-builder/" + google-query: inurl:"/wp-content/plugins/arforms-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arforms-form-builder-d033cc97f1c7c8d9b5f748a688df721f.yaml b/nuclei-templates/cve-less/plugins/arforms-form-builder-d033cc97f1c7c8d9b5f748a688df721f.yaml new file mode 100644 index 0000000000..6cb3fd28ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arforms-form-builder-d033cc97f1c7c8d9b5f748a688df721f.yaml @@ -0,0 +1,58 @@ +id: arforms-form-builder-d033cc97f1c7c8d9b5f748a688df721f + +info: + name: > + ARForms Form Builder <= 1.6.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20d5ff9e-9920-47c7-aa8d-e4f9f1646080?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arforms-form-builder/" + google-query: inurl:"/wp-content/plugins/arforms-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arforms-form-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arforms-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arforms-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ari-cf7-connector-09c79ac5dfe7a7e2777e5c3067dc8b55.yaml b/nuclei-templates/cve-less/plugins/ari-cf7-connector-09c79ac5dfe7a7e2777e5c3067dc8b55.yaml new file mode 100644 index 0000000000..a3fe21b3af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ari-cf7-connector-09c79ac5dfe7a7e2777e5c3067dc8b55.yaml @@ -0,0 +1,58 @@ +id: ari-cf7-connector-09c79ac5dfe7a7e2777e5c3067dc8b55 + +info: + name: > + Contact Form 7 Connector <= 1.2.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b437020c-31a3-413e-a1da-b4781da34f10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ari-cf7-connector/" + google-query: inurl:"/wp-content/plugins/ari-cf7-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ari-cf7-connector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ari-cf7-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ari-cf7-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ari-cf7-connector-38ba390551110addf63f2acef704b878.yaml b/nuclei-templates/cve-less/plugins/ari-cf7-connector-38ba390551110addf63f2acef704b878.yaml new file mode 100644 index 0000000000..4ecedee2f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ari-cf7-connector-38ba390551110addf63f2acef704b878.yaml @@ -0,0 +1,58 @@ +id: ari-cf7-connector-38ba390551110addf63f2acef704b878 + +info: + name: > + Contact Form 7 Connector <= 1.2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b74a5a4c-250a-46bc-bf08-2dd720de41ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ari-cf7-connector/" + google-query: inurl:"/wp-content/plugins/ari-cf7-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ari-cf7-connector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ari-cf7-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ari-cf7-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ari-fancy-lightbox-80735d78d7816d8ea105bb7f1037c875.yaml b/nuclei-templates/cve-less/plugins/ari-fancy-lightbox-80735d78d7816d8ea105bb7f1037c875.yaml new file mode 100644 index 0000000000..27e2f0f287 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ari-fancy-lightbox-80735d78d7816d8ea105bb7f1037c875.yaml @@ -0,0 +1,58 @@ +id: ari-fancy-lightbox-80735d78d7816d8ea105bb7f1037c875 + +info: + name: > + ARI Fancy Lightbox <= 1.3.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc0951e-8ada-4221-b154-101bad33a183?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ari-fancy-lightbox/" + google-query: inurl:"/wp-content/plugins/ari-fancy-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ari-fancy-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ari-fancy-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ari-fancy-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ari-stream-quiz-3587db01a7a28244ee4173daa03a691b.yaml b/nuclei-templates/cve-less/plugins/ari-stream-quiz-3587db01a7a28244ee4173daa03a691b.yaml new file mode 100644 index 0000000000..f5d92d20d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ari-stream-quiz-3587db01a7a28244ee4173daa03a691b.yaml @@ -0,0 +1,58 @@ +id: ari-stream-quiz-3587db01a7a28244ee4173daa03a691b + +info: + name: > + ARI Stream Quiz <= 1.3.2 - Authenticated(Contributor+) Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa6fc22e-0d30-4c4b-8c8d-13f04ed1aa7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ari-stream-quiz/" + google-query: inurl:"/wp-content/plugins/ari-stream-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ari-stream-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ari-stream-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ari-stream-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ari-stream-quiz-6f4ecb36b96c9dd745bf20e36b1a7043.yaml b/nuclei-templates/cve-less/plugins/ari-stream-quiz-6f4ecb36b96c9dd745bf20e36b1a7043.yaml new file mode 100644 index 0000000000..7888de713e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ari-stream-quiz-6f4ecb36b96c9dd745bf20e36b1a7043.yaml @@ -0,0 +1,58 @@ +id: ari-stream-quiz-6f4ecb36b96c9dd745bf20e36b1a7043 + +info: + name: > + ARI Stream Quiz <= 1.3.0 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36ad7fe2-0dc9-427d-811b-8fb1fdb78579?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ari-stream-quiz/" + google-query: inurl:"/wp-content/plugins/ari-stream-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ari-stream-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ari-stream-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ari-stream-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ari-stream-quiz-83e77c7536580dfcf15705797ee936c4.yaml b/nuclei-templates/cve-less/plugins/ari-stream-quiz-83e77c7536580dfcf15705797ee936c4.yaml new file mode 100644 index 0000000000..9ad50d453c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ari-stream-quiz-83e77c7536580dfcf15705797ee936c4.yaml @@ -0,0 +1,58 @@ +id: ari-stream-quiz-83e77c7536580dfcf15705797ee936c4 + +info: + name: > + ARI Stream Quiz <= 1.2.32 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45180c8e-0625-4a21-b3a1-673abe52d78f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ari-stream-quiz/" + google-query: inurl:"/wp-content/plugins/ari-stream-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ari-stream-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ari-stream-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ari-stream-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ari-stream-quiz-a088cd6d5872bf40384c1e2afa0283ab.yaml b/nuclei-templates/cve-less/plugins/ari-stream-quiz-a088cd6d5872bf40384c1e2afa0283ab.yaml new file mode 100644 index 0000000000..1b361d9bfe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ari-stream-quiz-a088cd6d5872bf40384c1e2afa0283ab.yaml @@ -0,0 +1,58 @@ +id: ari-stream-quiz-a088cd6d5872bf40384c1e2afa0283ab + +info: + name: > + ARI Stream Quiz <= 1.2.32 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edb4f4b7-a59c-454b-82b5-d8e91c1c82a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ari-stream-quiz/" + google-query: inurl:"/wp-content/plugins/ari-stream-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ari-stream-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ari-stream-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ari-stream-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ark-wysiwyg-comment-editor-2b16886725a873c1bee4cefe26c49349.yaml b/nuclei-templates/cve-less/plugins/ark-wysiwyg-comment-editor-2b16886725a873c1bee4cefe26c49349.yaml new file mode 100644 index 0000000000..316d2125d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ark-wysiwyg-comment-editor-2b16886725a873c1bee4cefe26c49349.yaml @@ -0,0 +1,58 @@ +id: ark-wysiwyg-comment-editor-2b16886725a873c1bee4cefe26c49349 + +info: + name: > + ark-commenteditor <= 2.15.6 - iframe Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a1179bc-6f8d-4223-a80b-9834adc08d3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ark-wysiwyg-comment-editor/" + google-query: inurl:"/wp-content/plugins/ark-wysiwyg-comment-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ark-wysiwyg-comment-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ark-wysiwyg-comment-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ark-wysiwyg-comment-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-3ca2d382a221d380504a5d9703316520.yaml b/nuclei-templates/cve-less/plugins/armember-3ca2d382a221d380504a5d9703316520.yaml new file mode 100644 index 0000000000..5e0d95c031 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-3ca2d382a221d380504a5d9703316520.yaml @@ -0,0 +1,58 @@ +id: armember-3ca2d382a221d380504a5d9703316520 + +info: + name: > + ARMember Premium <= 5.5.1 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8950b98d-7e7d-4cad-bb3d-d7a5d8edbdf5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember/" + google-query: inurl:"/wp-content/plugins/armember/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-744209b23a7e6299f52186bba738be87.yaml b/nuclei-templates/cve-less/plugins/armember-744209b23a7e6299f52186bba738be87.yaml new file mode 100644 index 0000000000..11a78f142b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-744209b23a7e6299f52186bba738be87.yaml @@ -0,0 +1,58 @@ +id: armember-744209b23a7e6299f52186bba738be87 + +info: + name: > + ARMember Premium <= 5.9.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4363600-666a-4a75-a817-4af679ab400c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember/" + google-query: inurl:"/wp-content/plugins/armember/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-0786d35a357f001d251a3bbf5eef2d35.yaml b/nuclei-templates/cve-less/plugins/armember-membership-0786d35a357f001d251a3bbf5eef2d35.yaml new file mode 100644 index 0000000000..e8cdc5ce2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-0786d35a357f001d251a3bbf5eef2d35.yaml @@ -0,0 +1,58 @@ +id: armember-membership-0786d35a357f001d251a3bbf5eef2d35 + +info: + name: > + ARMember Lite - Membership Plugin <= 4.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1022ac4-869e-415a-a7c8-3650421608ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-12b01b43b57b8f272157206cf06dc3ef.yaml b/nuclei-templates/cve-less/plugins/armember-membership-12b01b43b57b8f272157206cf06dc3ef.yaml new file mode 100644 index 0000000000..82fea799ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-12b01b43b57b8f272157206cf06dc3ef.yaml @@ -0,0 +1,58 @@ +id: armember-membership-12b01b43b57b8f272157206cf06dc3ef + +info: + name: > + ARMember <= 4.0.10 - Authenticated(Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c681d1ac-a5d0-43f2-a1e4-0684cd56a3b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-2c4f92f87bb9ef6f0a1e7c033135ace0.yaml b/nuclei-templates/cve-less/plugins/armember-membership-2c4f92f87bb9ef6f0a1e7c033135ace0.yaml new file mode 100644 index 0000000000..45e80d0523 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-2c4f92f87bb9ef6f0a1e7c033135ace0.yaml @@ -0,0 +1,58 @@ +id: armember-membership-2c4f92f87bb9ef6f0a1e7c033135ace0 + +info: + name: > + ARMember <= 4.0.24 - Improper Access Control to Sensitive Information Exposure via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-41830c974de1f3419028654a94a429d1.yaml b/nuclei-templates/cve-less/plugins/armember-membership-41830c974de1f3419028654a94a429d1.yaml new file mode 100644 index 0000000000..197b671a0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-41830c974de1f3419028654a94a429d1.yaml @@ -0,0 +1,58 @@ +id: armember-membership-41830c974de1f3419028654a94a429d1 + +info: + name: > + ARMember <= 4.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa2ed43b-cd8f-4d09-8576-d215c835a684?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-4c834bc5fa8008630a55b72e056da47e.yaml b/nuclei-templates/cve-less/plugins/armember-membership-4c834bc5fa8008630a55b72e056da47e.yaml new file mode 100644 index 0000000000..d55bf1596c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-4c834bc5fa8008630a55b72e056da47e.yaml @@ -0,0 +1,58 @@ +id: armember-membership-4c834bc5fa8008630a55b72e056da47e + +info: + name: > + ARMember <= 4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd22babc-f1a9-4f50-9756-fe692105dca3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-52377d1fb17ba651463be55fa1b78765.yaml b/nuclei-templates/cve-less/plugins/armember-membership-52377d1fb17ba651463be55fa1b78765.yaml new file mode 100644 index 0000000000..26230f52ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-52377d1fb17ba651463be55fa1b78765.yaml @@ -0,0 +1,58 @@ +id: armember-membership-52377d1fb17ba651463be55fa1b78765 + +info: + name: > + ARMember <= 4.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42f5f29b-2d83-4b15-82aa-0598f8a2317b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-6cb8297a956ab7d71fae8eaf17eed227.yaml b/nuclei-templates/cve-less/plugins/armember-membership-6cb8297a956ab7d71fae8eaf17eed227.yaml new file mode 100644 index 0000000000..3d607eb821 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-6cb8297a956ab7d71fae8eaf17eed227.yaml @@ -0,0 +1,58 @@ +id: armember-membership-6cb8297a956ab7d71fae8eaf17eed227 + +info: + name: > + ARMember <= 4.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae865f91-4c2a-4a6b-84a8-bd45c1febdb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-77d3a7baf2067b9573aef8e72c5d2033.yaml b/nuclei-templates/cve-less/plugins/armember-membership-77d3a7baf2067b9573aef8e72c5d2033.yaml new file mode 100644 index 0000000000..01415b161a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-77d3a7baf2067b9573aef8e72c5d2033.yaml @@ -0,0 +1,58 @@ +id: armember-membership-77d3a7baf2067b9573aef8e72c5d2033 + +info: + name: > + ARMember <= 4.0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d55b210f-bbed-4206-a109-99f217a2eb67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-928dd303af6c4624ef6e7653fba246d7.yaml b/nuclei-templates/cve-less/plugins/armember-membership-928dd303af6c4624ef6e7653fba246d7.yaml new file mode 100644 index 0000000000..b942664c81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-928dd303af6c4624ef6e7653fba246d7.yaml @@ -0,0 +1,58 @@ +id: armember-membership-928dd303af6c4624ef6e7653fba246d7 + +info: + name: > + ARMember <= 3.4.11 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ff230b0-c186-41fc-93a5-2ed90e8aab4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-9650322438fb16b52c4432ecc521bf68.yaml b/nuclei-templates/cve-less/plugins/armember-membership-9650322438fb16b52c4432ecc521bf68.yaml new file mode 100644 index 0000000000..a214908d98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-9650322438fb16b52c4432ecc521bf68.yaml @@ -0,0 +1,58 @@ +id: armember-membership-9650322438fb16b52c4432ecc521bf68 + +info: + name: > + ARMember <= 4.0.22 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88907f28-7b1d-4a5a-b846-67dfd21d6488?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-9b5e7b374f6bba66c7565c0c933eb6f5.yaml b/nuclei-templates/cve-less/plugins/armember-membership-9b5e7b374f6bba66c7565c0c933eb6f5.yaml new file mode 100644 index 0000000000..ccc308ebd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-9b5e7b374f6bba66c7565c0c933eb6f5.yaml @@ -0,0 +1,58 @@ +id: armember-membership-9b5e7b374f6bba66c7565c0c933eb6f5 + +info: + name: > + ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4252c092-1276-4f69-88f9-cf78799c725c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-a85248fb3ba2da0688167185e0c87249.yaml b/nuclei-templates/cve-less/plugins/armember-membership-a85248fb3ba2da0688167185e0c87249.yaml new file mode 100644 index 0000000000..dce37f7c49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-a85248fb3ba2da0688167185e0c87249.yaml @@ -0,0 +1,58 @@ +id: armember-membership-a85248fb3ba2da0688167185e0c87249 + +info: + name: > + ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.30 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80d113aa-7401-4b58-a755-f64146d9fb08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-ab42ec9d60829884112a87fe093b6c61.yaml b/nuclei-templates/cve-less/plugins/armember-membership-ab42ec9d60829884112a87fe093b6c61.yaml new file mode 100644 index 0000000000..806f98feb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-ab42ec9d60829884112a87fe093b6c61.yaml @@ -0,0 +1,58 @@ +id: armember-membership-ab42ec9d60829884112a87fe093b6c61 + +info: + name: > + ARMember <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/668d4bd3-adde-4347-9169-67c3c96e1743?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-cb6fa6f6958986304e8bc18c130022ba.yaml b/nuclei-templates/cve-less/plugins/armember-membership-cb6fa6f6958986304e8bc18c130022ba.yaml new file mode 100644 index 0000000000..47af0dea06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-cb6fa6f6958986304e8bc18c130022ba.yaml @@ -0,0 +1,58 @@ +id: armember-membership-cb6fa6f6958986304e8bc18c130022ba + +info: + name: > + ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.28 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb4487e3-4276-4a7e-bf6f-e8ec49bb29f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-df79548a0cacba87c7dd01e5f2d614e3.yaml b/nuclei-templates/cve-less/plugins/armember-membership-df79548a0cacba87c7dd01e5f2d614e3.yaml new file mode 100644 index 0000000000..217af96a24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-df79548a0cacba87c7dd01e5f2d614e3.yaml @@ -0,0 +1,58 @@ +id: armember-membership-df79548a0cacba87c7dd01e5f2d614e3 + +info: + name: > + ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 3.4.7 -Authentication Bypass via Password Reset Weakness + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9831ebf6-a6a6-4495-8cda-969c7d7d3a6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-e36fdcdf09b5a64eac64f879dc48947d.yaml b/nuclei-templates/cve-less/plugins/armember-membership-e36fdcdf09b5a64eac64f879dc48947d.yaml new file mode 100644 index 0000000000..aa9c0fa5f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-e36fdcdf09b5a64eac64f879dc48947d.yaml @@ -0,0 +1,58 @@ +id: armember-membership-e36fdcdf09b5a64eac64f879dc48947d + +info: + name: > + ARMember <= 3.4.10 - Missing Access Control leading to Authenticated (Subscriber+) Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b128fa23-090e-4449-9202-a1db572e242d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/armember-membership-fe13beada39d84f2847878b7d4da45e8.yaml b/nuclei-templates/cve-less/plugins/armember-membership-fe13beada39d84f2847878b7d4da45e8.yaml new file mode 100644 index 0000000000..3c4692f748 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/armember-membership-fe13beada39d84f2847878b7d4da45e8.yaml @@ -0,0 +1,58 @@ +id: armember-membership-fe13beada39d84f2847878b7d4da45e8 + +info: + name: > + ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup <= 4.0.26 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a59f7a1b-ae58-4015-bb77-814707579847?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/armember-membership/" + google-query: inurl:"/wp-content/plugins/armember-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,armember-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/armember-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "armember-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arprice-responsive-pricing-table-79efca326c7a11854304313bbb2dcff3.yaml b/nuclei-templates/cve-less/plugins/arprice-responsive-pricing-table-79efca326c7a11854304313bbb2dcff3.yaml new file mode 100644 index 0000000000..639e8bf5b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arprice-responsive-pricing-table-79efca326c7a11854304313bbb2dcff3.yaml @@ -0,0 +1,58 @@ +id: arprice-responsive-pricing-table-79efca326c7a11854304313bbb2dcff3 + +info: + name: > + Pricing Table Plugin <= 3.6 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91286dc8-8015-4adc-9a21-d6187997cef4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arprice-responsive-pricing-table/" + google-query: inurl:"/wp-content/plugins/arprice-responsive-pricing-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arprice-responsive-pricing-table,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arprice-responsive-pricing-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arprice-responsive-pricing-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arprice-responsive-pricing-table-a7def05240ca9e7abb72b7c9c9771694.yaml b/nuclei-templates/cve-less/plugins/arprice-responsive-pricing-table-a7def05240ca9e7abb72b7c9c9771694.yaml new file mode 100644 index 0000000000..2eb6ecda5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arprice-responsive-pricing-table-a7def05240ca9e7abb72b7c9c9771694.yaml @@ -0,0 +1,58 @@ +id: arprice-responsive-pricing-table-a7def05240ca9e7abb72b7c9c9771694 + +info: + name: > + Pricing Table Plugin - < 2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f21f757b-43f8-4371-886c-b9f7fd79c715?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arprice-responsive-pricing-table/" + google-query: inurl:"/wp-content/plugins/arprice-responsive-pricing-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arprice-responsive-pricing-table,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arprice-responsive-pricing-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arprice-responsive-pricing-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/arscode-ninja-popups-a719159263b63e2be06c98fecd13de77.yaml b/nuclei-templates/cve-less/plugins/arscode-ninja-popups-a719159263b63e2be06c98fecd13de77.yaml new file mode 100644 index 0000000000..72d870c4bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/arscode-ninja-popups-a719159263b63e2be06c98fecd13de77.yaml @@ -0,0 +1,58 @@ +id: arscode-ninja-popups-a719159263b63e2be06c98fecd13de77 + +info: + name: > + Ninja Popups <= 4.7.5 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7977fbfd-9864-4883-955e-3d5646763b1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/arscode-ninja-popups/" + google-query: inurl:"/wp-content/plugins/arscode-ninja-popups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,arscode-ninja-popups,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/arscode-ninja-popups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arscode-ninja-popups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/art-decoration-shortcode-6866d09139386202bbed5983be370086.yaml b/nuclei-templates/cve-less/plugins/art-decoration-shortcode-6866d09139386202bbed5983be370086.yaml new file mode 100644 index 0000000000..d2179bf06b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/art-decoration-shortcode-6866d09139386202bbed5983be370086.yaml @@ -0,0 +1,58 @@ +id: art-decoration-shortcode-6866d09139386202bbed5983be370086 + +info: + name: > + Art Decoration Shortcode <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b974e9e-9897-400c-b145-dc8a2d54b553?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/art-decoration-shortcode/" + google-query: inurl:"/wp-content/plugins/art-decoration-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,art-decoration-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/art-decoration-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "art-decoration-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/art-direction-47deea3f06e73d1d92fa8e2918f9b61e.yaml b/nuclei-templates/cve-less/plugins/art-direction-47deea3f06e73d1d92fa8e2918f9b61e.yaml new file mode 100644 index 0000000000..3deae6aa94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/art-direction-47deea3f06e73d1d92fa8e2918f9b61e.yaml @@ -0,0 +1,58 @@ +id: art-direction-47deea3f06e73d1d92fa8e2918f9b61e + +info: + name: > + Art Direction <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31a145d5-3c0c-436f-a1ee-afff14ef2140?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/art-direction/" + google-query: inurl:"/wp-content/plugins/art-direction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,art-direction,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/art-direction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "art-direction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/artibot-a33517bbb57428ced1cfd6968a2c3a6b.yaml b/nuclei-templates/cve-less/plugins/artibot-a33517bbb57428ced1cfd6968a2c3a6b.yaml new file mode 100644 index 0000000000..096257b5c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/artibot-a33517bbb57428ced1cfd6968a2c3a6b.yaml @@ -0,0 +1,58 @@ +id: artibot-a33517bbb57428ced1cfd6968a2c3a6b + +info: + name: > + ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/450d0748-93d6-448a-97a2-06fc2f8065b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/artibot/" + google-query: inurl:"/wp-content/plugins/artibot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,artibot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/artibot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "artibot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/artibot-a516963ffdc1c41b00bc8d54c0948a03.yaml b/nuclei-templates/cve-less/plugins/artibot-a516963ffdc1c41b00bc8d54c0948a03.yaml new file mode 100644 index 0000000000..231f8ba85d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/artibot-a516963ffdc1c41b00bc8d54c0948a03.yaml @@ -0,0 +1,58 @@ +id: artibot-a516963ffdc1c41b00bc8d54c0948a03 + +info: + name: > + ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/artibot/" + google-query: inurl:"/wp-content/plugins/artibot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,artibot,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/artibot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "artibot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/article-analytics-727442235b3241daec9b8505f42a54a7.yaml b/nuclei-templates/cve-less/plugins/article-analytics-727442235b3241daec9b8505f42a54a7.yaml new file mode 100644 index 0000000000..60c129b1c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/article-analytics-727442235b3241daec9b8505f42a54a7.yaml @@ -0,0 +1,58 @@ +id: article-analytics-727442235b3241daec9b8505f42a54a7 + +info: + name: > + Article Analytics <= 1.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6abbdecd-782a-44a2-981a-ae6caa50dd6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/article-analytics/" + google-query: inurl:"/wp-content/plugins/article-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,article-analytics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/article-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "article-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/article-directory-6ee3ff55725bf2e5894fc0e814f92fd5.yaml b/nuclei-templates/cve-less/plugins/article-directory-6ee3ff55725bf2e5894fc0e814f92fd5.yaml new file mode 100644 index 0000000000..bfd5a9bd6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/article-directory-6ee3ff55725bf2e5894fc0e814f92fd5.yaml @@ -0,0 +1,58 @@ +id: article-directory-6ee3ff55725bf2e5894fc0e814f92fd5 + +info: + name: > + Article Directory <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'publish_terms_text' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a219a232-5ff4-4855-8f29-437ed26b4f34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/article-directory/" + google-query: inurl:"/wp-content/plugins/article-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,article-directory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/article-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "article-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/article-directory-redux-bab2d740e6550ac0744f9a04322bcfe9.yaml b/nuclei-templates/cve-less/plugins/article-directory-redux-bab2d740e6550ac0744f9a04322bcfe9.yaml new file mode 100644 index 0000000000..d583042ff6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/article-directory-redux-bab2d740e6550ac0744f9a04322bcfe9.yaml @@ -0,0 +1,58 @@ +id: article-directory-redux-bab2d740e6550ac0744f9a04322bcfe9 + +info: + name: > + Article Directory Redux <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63c681e5-3110-4790-a075-4996fa1f2129?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/article-directory-redux/" + google-query: inurl:"/wp-content/plugins/article-directory-redux/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,article-directory-redux,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/article-directory-redux/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "article-directory-redux" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/article2pdf-32331c436a25ac1de1bf5da05cd58308.yaml b/nuclei-templates/cve-less/plugins/article2pdf-32331c436a25ac1de1bf5da05cd58308.yaml new file mode 100644 index 0000000000..bce07f2bf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/article2pdf-32331c436a25ac1de1bf5da05cd58308.yaml @@ -0,0 +1,58 @@ +id: article2pdf-32331c436a25ac1de1bf5da05cd58308 + +info: + name: > + article2pdf 0.24 - 0.27 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0af80be2-b80b-4a25-9df6-a8ae75ad9cdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/article2pdf/" + google-query: inurl:"/wp-content/plugins/article2pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,article2pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/article2pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "article2pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/article2pdf-bc30f477415f000a25c8cf2e28a66988.yaml b/nuclei-templates/cve-less/plugins/article2pdf-bc30f477415f000a25c8cf2e28a66988.yaml new file mode 100644 index 0000000000..640e890269 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/article2pdf-bc30f477415f000a25c8cf2e28a66988.yaml @@ -0,0 +1,58 @@ +id: article2pdf-bc30f477415f000a25c8cf2e28a66988 + +info: + name: > + article2pdf <= 0.27 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09fc8d80-8231-4183-9626-c90f4fee5eb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/article2pdf/" + google-query: inurl:"/wp-content/plugins/article2pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,article2pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/article2pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "article2pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/artplacer-widget-ab0a99467dd011ce171b426da9ac5ab8.yaml b/nuclei-templates/cve-less/plugins/artplacer-widget-ab0a99467dd011ce171b426da9ac5ab8.yaml new file mode 100644 index 0000000000..2912c81b6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/artplacer-widget-ab0a99467dd011ce171b426da9ac5ab8.yaml @@ -0,0 +1,58 @@ +id: artplacer-widget-ab0a99467dd011ce171b426da9ac5ab8 + +info: + name: > + ArtPlacer Widget <= 2.20.6 - Authenticated (Editor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bff3a160-5238-4478-ab11-3300cac51cf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/artplacer-widget/" + google-query: inurl:"/wp-content/plugins/artplacer-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,artplacer-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/artplacer-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "artplacer-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aruba-hispeed-cache-44de9a2461187be18ff94240ec7b0927.yaml b/nuclei-templates/cve-less/plugins/aruba-hispeed-cache-44de9a2461187be18ff94240ec7b0927.yaml new file mode 100644 index 0000000000..b65bd63766 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aruba-hispeed-cache-44de9a2461187be18ff94240ec7b0927.yaml @@ -0,0 +1,58 @@ +id: aruba-hispeed-cache-44de9a2461187be18ff94240ec7b0927 + +info: + name: > + Aruba HiSpeed Cache <= 2.0.6 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7391dd8c-0170-48c6-8451-9e7a00e268d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aruba-hispeed-cache/" + google-query: inurl:"/wp-content/plugins/aruba-hispeed-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aruba-hispeed-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aruba-hispeed-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aruba-hispeed-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aryo-activity-log-55d5b1ab7109cbfd7cdac31ba9a767d2.yaml b/nuclei-templates/cve-less/plugins/aryo-activity-log-55d5b1ab7109cbfd7cdac31ba9a767d2.yaml new file mode 100644 index 0000000000..3645be04c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aryo-activity-log-55d5b1ab7109cbfd7cdac31ba9a767d2.yaml @@ -0,0 +1,58 @@ +id: aryo-activity-log-55d5b1ab7109cbfd7cdac31ba9a767d2 + +info: + name: > + Activity Log <= 2.4.0 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21614b80-f632-466b-9612-f616bbbc267d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aryo-activity-log/" + google-query: inurl:"/wp-content/plugins/aryo-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aryo-activity-log,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aryo-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aryo-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aryo-activity-log-70da5885a2f28e43c5e9331e1fdeb92b.yaml b/nuclei-templates/cve-less/plugins/aryo-activity-log-70da5885a2f28e43c5e9331e1fdeb92b.yaml new file mode 100644 index 0000000000..670b915e51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aryo-activity-log-70da5885a2f28e43c5e9331e1fdeb92b.yaml @@ -0,0 +1,58 @@ +id: aryo-activity-log-70da5885a2f28e43c5e9331e1fdeb92b + +info: + name: > + Activity Log <= 2.8.3 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/506e4f47-e292-4d19-a7bb-b87d752f4007?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aryo-activity-log/" + google-query: inurl:"/wp-content/plugins/aryo-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aryo-activity-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aryo-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aryo-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aryo-activity-log-be27c4b6992c035b340ec769cdb51351.yaml b/nuclei-templates/cve-less/plugins/aryo-activity-log-be27c4b6992c035b340ec769cdb51351.yaml new file mode 100644 index 0000000000..df797d6655 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aryo-activity-log-be27c4b6992c035b340ec769cdb51351.yaml @@ -0,0 +1,58 @@ +id: aryo-activity-log-be27c4b6992c035b340ec769cdb51351 + +info: + name: > + Activity Log < 2.3.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ad45c7b-63d2-42ae-a7cf-2d60c6c4ae1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aryo-activity-log/" + google-query: inurl:"/wp-content/plugins/aryo-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aryo-activity-log,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aryo-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aryo-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aryo-activity-log-d4d7a04a467c657c90f622b79da37f85.yaml b/nuclei-templates/cve-less/plugins/aryo-activity-log-d4d7a04a467c657c90f622b79da37f85.yaml new file mode 100644 index 0000000000..ed0bc8ed4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aryo-activity-log-d4d7a04a467c657c90f622b79da37f85.yaml @@ -0,0 +1,58 @@ +id: aryo-activity-log-d4d7a04a467c657c90f622b79da37f85 + +info: + name: > + Activity Log <= 2.3.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/218f08d5-c1cb-462c-abc5-d5b41044f8aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aryo-activity-log/" + google-query: inurl:"/wp-content/plugins/aryo-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aryo-activity-log,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aryo-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aryo-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aryo-activity-log-e2708e282bb00df5e2bc3a4493f5868c.yaml b/nuclei-templates/cve-less/plugins/aryo-activity-log-e2708e282bb00df5e2bc3a4493f5868c.yaml new file mode 100644 index 0000000000..368f25ecb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aryo-activity-log-e2708e282bb00df5e2bc3a4493f5868c.yaml @@ -0,0 +1,58 @@ +id: aryo-activity-log-e2708e282bb00df5e2bc3a4493f5868c + +info: + name: > + Activity Log <= 2.8.7 - IP Address Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de821236-f878-46a4-9265-bcf6e8661910?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aryo-activity-log/" + google-query: inurl:"/wp-content/plugins/aryo-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aryo-activity-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aryo-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aryo-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/as-create-pinterest-pinboard-pages-d1f3834e2f95aaed2e601e83a20e5d59.yaml b/nuclei-templates/cve-less/plugins/as-create-pinterest-pinboard-pages-d1f3834e2f95aaed2e601e83a20e5d59.yaml new file mode 100644 index 0000000000..b7bf027635 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/as-create-pinterest-pinboard-pages-d1f3834e2f95aaed2e601e83a20e5d59.yaml @@ -0,0 +1,58 @@ +id: as-create-pinterest-pinboard-pages-d1f3834e2f95aaed2e601e83a20e5d59 + +info: + name: > + AS – Create Pinterest Pinboard Pages <= 1.0 - Authenticated Options Change to Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02e8a576-bf00-4da9-9795-bd6b22bb0b19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/as-create-pinterest-pinboard-pages/" + google-query: inurl:"/wp-content/plugins/as-create-pinterest-pinboard-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,as-create-pinterest-pinboard-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/as-create-pinterest-pinboard-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "as-create-pinterest-pinboard-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/asf-allow-svg-files-6b99b25706bc10b6938889b6d61c2c79.yaml b/nuclei-templates/cve-less/plugins/asf-allow-svg-files-6b99b25706bc10b6938889b6d61c2c79.yaml new file mode 100644 index 0000000000..8ef4446226 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/asf-allow-svg-files-6b99b25706bc10b6938889b6d61c2c79.yaml @@ -0,0 +1,58 @@ +id: asf-allow-svg-files-6b99b25706bc10b6938889b6d61c2c79 + +info: + name: > + Allow SVG Files <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce57a3eb-a71b-4335-9e6c-52648ce00062?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/asf-allow-svg-files/" + google-query: inurl:"/wp-content/plugins/asf-allow-svg-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,asf-allow-svg-files,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/asf-allow-svg-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "asf-allow-svg-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/asf-allow-svg-files-f31b01af0e36d70ece981a2da79389f8.yaml b/nuclei-templates/cve-less/plugins/asf-allow-svg-files-f31b01af0e36d70ece981a2da79389f8.yaml new file mode 100644 index 0000000000..7c40dd607d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/asf-allow-svg-files-f31b01af0e36d70ece981a2da79389f8.yaml @@ -0,0 +1,58 @@ +id: asf-allow-svg-files-f31b01af0e36d70ece981a2da79389f8 + +info: + name: > + Allow SVG Files <= 1.0 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e89b33e-fc3c-44e9-823c-e9349147acf5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/asf-allow-svg-files/" + google-query: inurl:"/wp-content/plugins/asf-allow-svg-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,asf-allow-svg-files,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/asf-allow-svg-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "asf-allow-svg-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/asgaros-forum-253ae1868772845aa5a363aeb4a8d859.yaml b/nuclei-templates/cve-less/plugins/asgaros-forum-253ae1868772845aa5a363aeb4a8d859.yaml new file mode 100644 index 0000000000..bb7b6ffcdf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/asgaros-forum-253ae1868772845aa5a363aeb4a8d859.yaml @@ -0,0 +1,58 @@ +id: asgaros-forum-253ae1868772845aa5a363aeb4a8d859 + +info: + name: > + Asgaros Forum <= 2.8.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/146b4d69-70bc-4843-b76c-d91de0cefc9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/asgaros-forum/" + google-query: inurl:"/wp-content/plugins/asgaros-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,asgaros-forum,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/asgaros-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "asgaros-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/asgaros-forum-488a5177633c5d61ff8bef1899fcdb13.yaml b/nuclei-templates/cve-less/plugins/asgaros-forum-488a5177633c5d61ff8bef1899fcdb13.yaml new file mode 100644 index 0000000000..d8d8d59953 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/asgaros-forum-488a5177633c5d61ff8bef1899fcdb13.yaml @@ -0,0 +1,58 @@ +id: asgaros-forum-488a5177633c5d61ff8bef1899fcdb13 + +info: + name: > + Asgaros Forum <= 2.1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3aecc02a-fd49-4743-9d7b-894cf657cbc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/asgaros-forum/" + google-query: inurl:"/wp-content/plugins/asgaros-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,asgaros-forum,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/asgaros-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "asgaros-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/asgaros-forum-536f8f709fcfc0e34ccf2b79f3c436d7.yaml b/nuclei-templates/cve-less/plugins/asgaros-forum-536f8f709fcfc0e34ccf2b79f3c436d7.yaml new file mode 100644 index 0000000000..d26337c0d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/asgaros-forum-536f8f709fcfc0e34ccf2b79f3c436d7.yaml @@ -0,0 +1,58 @@ +id: asgaros-forum-536f8f709fcfc0e34ccf2b79f3c436d7 + +info: + name: > + Asgaros Forums <= 1.15.13 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d39ae72-7d45-4ca9-9de1-8532ec5e043d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/asgaros-forum/" + google-query: inurl:"/wp-content/plugins/asgaros-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,asgaros-forum,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/asgaros-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "asgaros-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/asgaros-forum-6584898d6200cc68ea0f9c1ee82648c2.yaml b/nuclei-templates/cve-less/plugins/asgaros-forum-6584898d6200cc68ea0f9c1ee82648c2.yaml new file mode 100644 index 0000000000..89a815d945 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/asgaros-forum-6584898d6200cc68ea0f9c1ee82648c2.yaml @@ -0,0 +1,58 @@ +id: asgaros-forum-6584898d6200cc68ea0f9c1ee82648c2 + +info: + name: > + Asgaros Forum <= 1.15.12 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0eae9c5a-8a11-4293-a7e1-2c5d77c75284?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/asgaros-forum/" + google-query: inurl:"/wp-content/plugins/asgaros-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,asgaros-forum,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/asgaros-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "asgaros-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/asgaros-forum-9f49ea16b14f6c2511df8453564cbeeb.yaml b/nuclei-templates/cve-less/plugins/asgaros-forum-9f49ea16b14f6c2511df8453564cbeeb.yaml new file mode 100644 index 0000000000..c84caa41c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/asgaros-forum-9f49ea16b14f6c2511df8453564cbeeb.yaml @@ -0,0 +1,58 @@ +id: asgaros-forum-9f49ea16b14f6c2511df8453564cbeeb + +info: + name: > + Asgaros Forum <= 2.7.0 - Insufficient Authorization to Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63b472fb-c853-4e56-b34c-3cf986c4cf80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/asgaros-forum/" + google-query: inurl:"/wp-content/plugins/asgaros-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,asgaros-forum,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/asgaros-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "asgaros-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/asgaros-forum-d214d99e51223f558d7540a78be5f43a.yaml b/nuclei-templates/cve-less/plugins/asgaros-forum-d214d99e51223f558d7540a78be5f43a.yaml new file mode 100644 index 0000000000..ec878ce2ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/asgaros-forum-d214d99e51223f558d7540a78be5f43a.yaml @@ -0,0 +1,58 @@ +id: asgaros-forum-d214d99e51223f558d7540a78be5f43a + +info: + name: > + Asgaros Forum <= 1.15.14 - Admin+ SQL Injection via forum_id + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cffaa829-3eee-4390-b3c0-5c0f04ff9e8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/asgaros-forum/" + google-query: inurl:"/wp-content/plugins/asgaros-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,asgaros-forum,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/asgaros-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "asgaros-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/asgaros-forum-d9dc418339bf1c25423bb7e18f222c8e.yaml b/nuclei-templates/cve-less/plugins/asgaros-forum-d9dc418339bf1c25423bb7e18f222c8e.yaml new file mode 100644 index 0000000000..6f90ed53f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/asgaros-forum-d9dc418339bf1c25423bb7e18f222c8e.yaml @@ -0,0 +1,58 @@ +id: asgaros-forum-d9dc418339bf1c25423bb7e18f222c8e + +info: + name: > + Asgaros Forum < 2.0.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6d4e207-9751-4c97-b004-e97c69af81dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/asgaros-forum/" + google-query: inurl:"/wp-content/plugins/asgaros-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,asgaros-forum,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/asgaros-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "asgaros-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/asgaros-forum-eb11a26c1af4959f22b43b7df59cd527.yaml b/nuclei-templates/cve-less/plugins/asgaros-forum-eb11a26c1af4959f22b43b7df59cd527.yaml new file mode 100644 index 0000000000..c53f1f7289 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/asgaros-forum-eb11a26c1af4959f22b43b7df59cd527.yaml @@ -0,0 +1,58 @@ +id: asgaros-forum-eb11a26c1af4959f22b43b7df59cd527 + +info: + name: > + Asgaros Forum <= 2.7.2 - Unauthenticated PHP Object Injection in prepare_unread_status + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02b75034-8db1-465b-837e-014e2c2e8b4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/asgaros-forum/" + google-query: inurl:"/wp-content/plugins/asgaros-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,asgaros-forum,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/asgaros-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "asgaros-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ashe-extra-c4ac8ff1dfd268623baae850718c4ab2.yaml b/nuclei-templates/cve-less/plugins/ashe-extra-c4ac8ff1dfd268623baae850718c4ab2.yaml new file mode 100644 index 0000000000..7c6fbc09e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ashe-extra-c4ac8ff1dfd268623baae850718c4ab2.yaml @@ -0,0 +1,58 @@ +id: ashe-extra-c4ac8ff1dfd268623baae850718c4ab2 + +info: + name: > + Ashe Extra <= 1.2.9 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09551d22-c8c2-435c-9d00-bb4833497c16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ashe-extra/" + google-query: inurl:"/wp-content/plugins/ashe-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ashe-extra,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ashe-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ashe-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/askapache-firefox-adsense-3ee736065c571005f3aa44af407146c3.yaml b/nuclei-templates/cve-less/plugins/askapache-firefox-adsense-3ee736065c571005f3aa44af407146c3.yaml new file mode 100644 index 0000000000..976a639de9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/askapache-firefox-adsense-3ee736065c571005f3aa44af407146c3.yaml @@ -0,0 +1,58 @@ +id: askapache-firefox-adsense-3ee736065c571005f3aa44af407146c3 + +info: + name: > + AskApache Firefox Adsense <= 3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57d863b9-d544-4af5-afbe-268635a8dd98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/askapache-firefox-adsense/" + google-query: inurl:"/wp-content/plugins/askapache-firefox-adsense/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,askapache-firefox-adsense,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/askapache-firefox-adsense/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "askapache-firefox-adsense" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/asmember-caf355595af5171fa75c6b8b0c04dfb1.yaml b/nuclei-templates/cve-less/plugins/asmember-caf355595af5171fa75c6b8b0c04dfb1.yaml new file mode 100644 index 0000000000..fbaebb905d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/asmember-caf355595af5171fa75c6b8b0c04dfb1.yaml @@ -0,0 +1,58 @@ +id: asmember-caf355595af5171fa75c6b8b0c04dfb1 + +info: + name: > + asMember <= 1.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c70bb3d6-6acd-46b2-8e47-30be031f73e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/asmember/" + google-query: inurl:"/wp-content/plugins/asmember/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,asmember,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/asmember/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "asmember" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aspose-doc-exporter-5012da2be4de20cb472aea0abf71670b.yaml b/nuclei-templates/cve-less/plugins/aspose-doc-exporter-5012da2be4de20cb472aea0abf71670b.yaml new file mode 100644 index 0000000000..a90d3e4fe3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aspose-doc-exporter-5012da2be4de20cb472aea0abf71670b.yaml @@ -0,0 +1,58 @@ +id: aspose-doc-exporter-5012da2be4de20cb472aea0abf71670b + +info: + name: > + Aspose.Words Exporter <= 6.3.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ced42ce-2009-45f6-81c0-ad9e5a05b381?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aspose-doc-exporter/" + google-query: inurl:"/wp-content/plugins/aspose-doc-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aspose-doc-exporter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aspose-doc-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aspose-doc-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/assistant-aa77d870ecb6d6f531eb842d8f66fa4d.yaml b/nuclei-templates/cve-less/plugins/assistant-aa77d870ecb6d6f531eb842d8f66fa4d.yaml new file mode 100644 index 0000000000..7f283254b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/assistant-aa77d870ecb6d6f531eb842d8f66fa4d.yaml @@ -0,0 +1,58 @@ +id: assistant-aa77d870ecb6d6f531eb842d8f66fa4d + +info: + name: > + Assistant – Every Day Productivity Apps <= 1.4.9.1 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b5a3655-067f-4ef1-baf5-2bbc9719a8cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/assistant/" + google-query: inurl:"/wp-content/plugins/assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,assistant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/assistant-c365c40f61838d38a40469cd2e67b28b.yaml b/nuclei-templates/cve-less/plugins/assistant-c365c40f61838d38a40469cd2e67b28b.yaml new file mode 100644 index 0000000000..c0cc0acc92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/assistant-c365c40f61838d38a40469cd2e67b28b.yaml @@ -0,0 +1,58 @@ +id: assistant-c365c40f61838d38a40469cd2e67b28b + +info: + name: > + Assistant <= 1.4.3 - Authenticated (Editor+) Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d5ed6cf-ae12-4da5-809f-6a8c61eeb4f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/assistant/" + google-query: inurl:"/wp-content/plugins/assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,assistant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-addon-1ab112c9db0961813049d1b450f4b178.yaml b/nuclei-templates/cve-less/plugins/astra-addon-1ab112c9db0961813049d1b450f4b178.yaml new file mode 100644 index 0000000000..c19512069e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-addon-1ab112c9db0961813049d1b450f4b178.yaml @@ -0,0 +1,58 @@ +id: astra-addon-1ab112c9db0961813049d1b450f4b178 + +info: + name: > + Astra Pro Addon <= 3.5.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec3dd825-bee3-4d09-bc98-aff665988641?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-addon/" + google-query: inurl:"/wp-content/plugins/astra-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-addon-349353b08ad0d6204581635fb97a9527.yaml b/nuclei-templates/cve-less/plugins/astra-addon-349353b08ad0d6204581635fb97a9527.yaml new file mode 100644 index 0000000000..f9f04c4a69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-addon-349353b08ad0d6204581635fb97a9527.yaml @@ -0,0 +1,58 @@ +id: astra-addon-349353b08ad0d6204581635fb97a9527 + +info: + name: > + Astra Pro <= 4.3.1 - Authenticated(Contributor+) Remote Code Execution via Metabox + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9769bc3-236f-4c9d-a4ce-544e49eee2ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-addon/" + google-query: inurl:"/wp-content/plugins/astra-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-bulk-edit-3e0d971821f286a488f83631df3f9e8f.yaml b/nuclei-templates/cve-less/plugins/astra-bulk-edit-3e0d971821f286a488f83631df3f9e8f.yaml new file mode 100644 index 0000000000..769a588174 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-bulk-edit-3e0d971821f286a488f83631df3f9e8f.yaml @@ -0,0 +1,58 @@ +id: astra-bulk-edit-3e0d971821f286a488f83631df3f9e8f + +info: + name: > + Astra Bulk Edit <= 1.2.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2548d5b0-1f1a-4847-a5ea-e3bb6f7a5013?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-bulk-edit/" + google-query: inurl:"/wp-content/plugins/astra-bulk-edit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-bulk-edit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-bulk-edit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-bulk-edit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-import-export-d974f8d1ecb932f30e0efce7f2789451.yaml b/nuclei-templates/cve-less/plugins/astra-import-export-d974f8d1ecb932f30e0efce7f2789451.yaml new file mode 100644 index 0000000000..9b82afaa05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-import-export-d974f8d1ecb932f30e0efce7f2789451.yaml @@ -0,0 +1,58 @@ +id: astra-import-export-d974f8d1ecb932f30e0efce7f2789451 + +info: + name: > + Import / Export Customizer Settings <= 1.0.3 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/194face3-36ac-4137-af9a-0b98f60e3afb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-import-export/" + google-query: inurl:"/wp-content/plugins/astra-import-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-import-export,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-import-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-import-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-pro-sites-27ee53c7765f3cc7ca36cbf7ac963e20.yaml b/nuclei-templates/cve-less/plugins/astra-pro-sites-27ee53c7765f3cc7ca36cbf7ac963e20.yaml new file mode 100644 index 0000000000..78b420fb6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-pro-sites-27ee53c7765f3cc7ca36cbf7ac963e20.yaml @@ -0,0 +1,58 @@ +id: astra-pro-sites-27ee53c7765f3cc7ca36cbf7ac963e20 + +info: + name: > + Starter Templates <= 3.2.5 - Incorrect Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd78e52-f20d-42be-8f68-3d09d5abf837?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-pro-sites/" + google-query: inurl:"/wp-content/plugins/astra-pro-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-pro-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-pro-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-pro-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-pro-sites-53fb886a588d15854380c3b94bdeab19.yaml b/nuclei-templates/cve-less/plugins/astra-pro-sites-53fb886a588d15854380c3b94bdeab19.yaml new file mode 100644 index 0000000000..29ffaeede9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-pro-sites-53fb886a588d15854380c3b94bdeab19.yaml @@ -0,0 +1,58 @@ +id: astra-pro-sites-53fb886a588d15854380c3b94bdeab19 + +info: + name: > + Starter Templates <= 3.2.4 - Authenticated (Contributor+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e0bdbba-2b67-42b9-8c26-115d472aed0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-pro-sites/" + google-query: inurl:"/wp-content/plugins/astra-pro-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-pro-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-pro-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-pro-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-sites-27ee53c7765f3cc7ca36cbf7ac963e20.yaml b/nuclei-templates/cve-less/plugins/astra-sites-27ee53c7765f3cc7ca36cbf7ac963e20.yaml new file mode 100644 index 0000000000..cbd5b8e965 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-sites-27ee53c7765f3cc7ca36cbf7ac963e20.yaml @@ -0,0 +1,58 @@ +id: astra-sites-27ee53c7765f3cc7ca36cbf7ac963e20 + +info: + name: > + Starter Templates <= 3.2.5 - Incorrect Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd78e52-f20d-42be-8f68-3d09d5abf837?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-sites/" + google-query: inurl:"/wp-content/plugins/astra-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-sites-53fb886a588d15854380c3b94bdeab19.yaml b/nuclei-templates/cve-less/plugins/astra-sites-53fb886a588d15854380c3b94bdeab19.yaml new file mode 100644 index 0000000000..0b9b547299 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-sites-53fb886a588d15854380c3b94bdeab19.yaml @@ -0,0 +1,58 @@ +id: astra-sites-53fb886a588d15854380c3b94bdeab19 + +info: + name: > + Starter Templates <= 3.2.4 - Authenticated (Contributor+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e0bdbba-2b67-42b9-8c26-115d472aed0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-sites/" + google-query: inurl:"/wp-content/plugins/astra-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-sites-9449b2c65db0c3fbbcb51d4c753869a4.yaml b/nuclei-templates/cve-less/plugins/astra-sites-9449b2c65db0c3fbbcb51d4c753869a4.yaml new file mode 100644 index 0000000000..6cd123c198 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-sites-9449b2c65db0c3fbbcb51d4c753869a4.yaml @@ -0,0 +1,58 @@ +id: astra-sites-9449b2c65db0c3fbbcb51d4c753869a4 + +info: + name: > + Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf5075f9-9658-4a09-bd38-34a72f6560f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-sites/" + google-query: inurl:"/wp-content/plugins/astra-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-sites-b7edfb498be50e4270697b56ff65997c.yaml b/nuclei-templates/cve-less/plugins/astra-sites-b7edfb498be50e4270697b56ff65997c.yaml new file mode 100644 index 0000000000..5c5f425972 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-sites-b7edfb498be50e4270697b56ff65997c.yaml @@ -0,0 +1,58 @@ +id: astra-sites-b7edfb498be50e4270697b56ff65997c + +info: + name: > + Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25edb9e8-65ea-41d1-a95f-09be110ec1d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-sites/" + google-query: inurl:"/wp-content/plugins/astra-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-sites-dfeeecb3cd427fc07ce343314d55c42c.yaml b/nuclei-templates/cve-less/plugins/astra-sites-dfeeecb3cd427fc07ce343314d55c42c.yaml new file mode 100644 index 0000000000..7a60f921e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-sites-dfeeecb3cd427fc07ce343314d55c42c.yaml @@ -0,0 +1,58 @@ +id: astra-sites-dfeeecb3cd427fc07ce343314d55c42c + +info: + name: > + Starter Templates — Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf4f3f5e-28f7-492c-9d54-4826826bd904?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-sites/" + google-query: inurl:"/wp-content/plugins/astra-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-sites,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/astra-sites-ead0c2fc6bfbbdd6a858fbe0610f5c02.yaml b/nuclei-templates/cve-less/plugins/astra-sites-ead0c2fc6bfbbdd6a858fbe0610f5c02.yaml new file mode 100644 index 0000000000..24f9bebe64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/astra-sites-ead0c2fc6bfbbdd6a858fbe0610f5c02.yaml @@ -0,0 +1,58 @@ +id: astra-sites-ead0c2fc6bfbbdd6a858fbe0610f5c02 + +info: + name: > + Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 3.1.20 - Cross-Site Request Forgery in add_to_favorite + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/568545a4-7f73-4050-9724-d47279c340c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/astra-sites/" + google-query: inurl:"/wp-content/plugins/astra-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,astra-sites,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/astra-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/atarim-visual-collaboration-70c6c7a80871c323a0d41da757459072.yaml b/nuclei-templates/cve-less/plugins/atarim-visual-collaboration-70c6c7a80871c323a0d41da757459072.yaml new file mode 100644 index 0000000000..7976f53214 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/atarim-visual-collaboration-70c6c7a80871c323a0d41da757459072.yaml @@ -0,0 +1,58 @@ +id: atarim-visual-collaboration-70c6c7a80871c323a0d41da757459072 + +info: + name: > + Atarim <= 3.9.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc26ce1b-2427-4320-8363-f635ea02aece?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/atarim-visual-collaboration/" + google-query: inurl:"/wp-content/plugins/atarim-visual-collaboration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,atarim-visual-collaboration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/atarim-visual-collaboration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "atarim-visual-collaboration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/atarim-visual-collaboration-b5350d73ee034ae7067ab3d2b696ae06.yaml b/nuclei-templates/cve-less/plugins/atarim-visual-collaboration-b5350d73ee034ae7067ab3d2b696ae06.yaml new file mode 100644 index 0000000000..5ecd7e02dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/atarim-visual-collaboration-b5350d73ee034ae7067ab3d2b696ae06.yaml @@ -0,0 +1,58 @@ +id: atarim-visual-collaboration-b5350d73ee034ae7067ab3d2b696ae06 + +info: + name: > + Atarim <= 3.12 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f5919eb-ac74-4926-9ede-e651bb4463b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/atarim-visual-collaboration/" + google-query: inurl:"/wp-content/plugins/atarim-visual-collaboration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,atarim-visual-collaboration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/atarim-visual-collaboration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "atarim-visual-collaboration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/atomchat-f021a9b99ee30b184dab1f6f57a36751.yaml b/nuclei-templates/cve-less/plugins/atomchat-f021a9b99ee30b184dab1f6f57a36751.yaml new file mode 100644 index 0000000000..e3c591f872 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/atomchat-f021a9b99ee30b184dab1f6f57a36751.yaml @@ -0,0 +1,58 @@ +id: atomchat-f021a9b99ee30b184dab1f6f57a36751 + +info: + name: > + AtomChat <= 1.1.4 - Missing Authorization via credits REST API Endpoint + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21f917a4-efee-421b-98b1-a9b18c7527d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/atomchat/" + google-query: inurl:"/wp-content/plugins/atomchat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,atomchat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/atomchat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "atomchat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/attendance-manager-b68d1df69fccd4a3fd0f7eef890ed158.yaml b/nuclei-templates/cve-less/plugins/attendance-manager-b68d1df69fccd4a3fd0f7eef890ed158.yaml new file mode 100644 index 0000000000..fed0c1c1d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/attendance-manager-b68d1df69fccd4a3fd0f7eef890ed158.yaml @@ -0,0 +1,58 @@ +id: attendance-manager-b68d1df69fccd4a3fd0f7eef890ed158 + +info: + name: > + Attendance Manager <= 0.5.6 - Cross-site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d7440ae-f939-478c-8861-57020537dd44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/attendance-manager/" + google-query: inurl:"/wp-content/plugins/attendance-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,attendance-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/attendance-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "attendance-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/attendance-manager-c52de35daf5b13bbf0e8777d574ea5fc.yaml b/nuclei-templates/cve-less/plugins/attendance-manager-c52de35daf5b13bbf0e8777d574ea5fc.yaml new file mode 100644 index 0000000000..bc59150f15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/attendance-manager-c52de35daf5b13bbf0e8777d574ea5fc.yaml @@ -0,0 +1,58 @@ +id: attendance-manager-c52de35daf5b13bbf0e8777d574ea5fc + +info: + name: > + Attendance Manager <= 0.5.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc221b37-565d-41e4-874c-06015753045f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/attendance-manager/" + google-query: inurl:"/wp-content/plugins/attendance-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,attendance-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/attendance-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "attendance-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/attesa-extra-76e71bc12b464dcb30907399a9d0eccf.yaml b/nuclei-templates/cve-less/plugins/attesa-extra-76e71bc12b464dcb30907399a9d0eccf.yaml new file mode 100644 index 0000000000..cc84d2f77a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/attesa-extra-76e71bc12b464dcb30907399a9d0eccf.yaml @@ -0,0 +1,58 @@ +id: attesa-extra-76e71bc12b464dcb30907399a9d0eccf + +info: + name: > + Attesa Extra <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c33d972f-921b-4b93-a20d-f3f7f6cbd3d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/attesa-extra/" + google-query: inurl:"/wp-content/plugins/attesa-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,attesa-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/attesa-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "attesa-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/audio-and-video-player-9585db3736e35b2828063fe3229af0e9.yaml b/nuclei-templates/cve-less/plugins/audio-and-video-player-9585db3736e35b2828063fe3229af0e9.yaml new file mode 100644 index 0000000000..817e07eeaf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/audio-and-video-player-9585db3736e35b2828063fe3229af0e9.yaml @@ -0,0 +1,58 @@ +id: audio-and-video-player-9585db3736e35b2828063fe3229af0e9 + +info: + name: > + CP Media Player <= 1.1.3 - Cross-Site Request Forgery to Player Deletion and Duplication + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ced380a5-04a6-40c1-a731-0d3b929e4428?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/audio-and-video-player/" + google-query: inurl:"/wp-content/plugins/audio-and-video-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,audio-and-video-player,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/audio-and-video-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "audio-and-video-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/audio-merchant-07cf727b65166fc33c537ed10a4a1542.yaml b/nuclei-templates/cve-less/plugins/audio-merchant-07cf727b65166fc33c537ed10a4a1542.yaml new file mode 100644 index 0000000000..8cbab15b8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/audio-merchant-07cf727b65166fc33c537ed10a4a1542.yaml @@ -0,0 +1,58 @@ +id: audio-merchant-07cf727b65166fc33c537ed10a4a1542 + +info: + name: > + Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06513dfe-f263-48b7-ba01-2c205247095b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/audio-merchant/" + google-query: inurl:"/wp-content/plugins/audio-merchant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,audio-merchant,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/audio-merchant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "audio-merchant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/audio-merchant-40a88180b6759feac8abef362a1880e9.yaml b/nuclei-templates/cve-less/plugins/audio-merchant-40a88180b6759feac8abef362a1880e9.yaml new file mode 100644 index 0000000000..d3a369dd5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/audio-merchant-40a88180b6759feac8abef362a1880e9.yaml @@ -0,0 +1,58 @@ +id: audio-merchant-40a88180b6759feac8abef362a1880e9 + +info: + name: > + Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Settings Modifcation and Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7911337-57fa-4268-8366-d37ff13fae86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/audio-merchant/" + google-query: inurl:"/wp-content/plugins/audio-merchant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,audio-merchant,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/audio-merchant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "audio-merchant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/audio-player-c346700edac77f8ba964672619183f58.yaml b/nuclei-templates/cve-less/plugins/audio-player-c346700edac77f8ba964672619183f58.yaml new file mode 100644 index 0000000000..53d629bad9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/audio-player-c346700edac77f8ba964672619183f58.yaml @@ -0,0 +1,58 @@ +id: audio-player-c346700edac77f8ba964672619183f58 + +info: + name: > + Audio Player <= 2.0.4.5 - Cross-Site Scripting via playerID Parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b70b152-eb65-4273-8063-37cfec7ecefb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/audio-player/" + google-query: inurl:"/wp-content/plugins/audio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,audio-player,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/audio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "audio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/audio-player-with-playlist-ultimate-4a822bfcb4b13bd5154ea0a206a03b5b.yaml b/nuclei-templates/cve-less/plugins/audio-player-with-playlist-ultimate-4a822bfcb4b13bd5154ea0a206a03b5b.yaml new file mode 100644 index 0000000000..6e6a5e38a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/audio-player-with-playlist-ultimate-4a822bfcb4b13bd5154ea0a206a03b5b.yaml @@ -0,0 +1,58 @@ +id: audio-player-with-playlist-ultimate-4a822bfcb4b13bd5154ea0a206a03b5b + +info: + name: > + Audio Player with Playlist Ultimate <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7a877d3-69b2-427b-9b5c-fb3ca93b4c09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/audio-player-with-playlist-ultimate/" + google-query: inurl:"/wp-content/plugins/audio-player-with-playlist-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,audio-player-with-playlist-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/audio-player-with-playlist-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "audio-player-with-playlist-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auth0-03670bf85bbf904a0e4e7a4b5e5a3b85.yaml b/nuclei-templates/cve-less/plugins/auth0-03670bf85bbf904a0e4e7a4b5e5a3b85.yaml new file mode 100644 index 0000000000..0b7bf92399 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auth0-03670bf85bbf904a0e4e7a4b5e5a3b85.yaml @@ -0,0 +1,58 @@ +id: auth0-03670bf85bbf904a0e4e7a4b5e5a3b85 + +info: + name: > + Login by Auth0 <= 3.11.3 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30532dc1-5d40-4585-abd2-c08ed0682d72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auth0/" + google-query: inurl:"/wp-content/plugins/auth0/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auth0,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auth0/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auth0" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auth0-2b0533cd6930889b564dac0001232de1.yaml b/nuclei-templates/cve-less/plugins/auth0-2b0533cd6930889b564dac0001232de1.yaml new file mode 100644 index 0000000000..a18cc33e55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auth0-2b0533cd6930889b564dac0001232de1.yaml @@ -0,0 +1,58 @@ +id: auth0-2b0533cd6930889b564dac0001232de1 + +info: + name: > + Login by Auth0 <= 3.11.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecf36533-1dd1-43d7-b12e-7b425c13530a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auth0/" + google-query: inurl:"/wp-content/plugins/auth0/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auth0,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auth0/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auth0" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auth0-4c3165a51cada8ffcfc130121958fc36.yaml b/nuclei-templates/cve-less/plugins/auth0-4c3165a51cada8ffcfc130121958fc36.yaml new file mode 100644 index 0000000000..e3ebef06b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auth0-4c3165a51cada8ffcfc130121958fc36.yaml @@ -0,0 +1,58 @@ +id: auth0-4c3165a51cada8ffcfc130121958fc36 + +info: + name: > + Login by Auth0 <= 3.11.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/afc6aec8-e486-4c35-9e58-da6e04d88c25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auth0/" + google-query: inurl:"/wp-content/plugins/auth0/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auth0,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auth0/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auth0" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auth0-6bd4ae57c5ef629c5bc1d004189d96b3.yaml b/nuclei-templates/cve-less/plugins/auth0-6bd4ae57c5ef629c5bc1d004189d96b3.yaml new file mode 100644 index 0000000000..725eff7fea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auth0-6bd4ae57c5ef629c5bc1d004189d96b3.yaml @@ -0,0 +1,58 @@ +id: auth0-6bd4ae57c5ef629c5bc1d004189d96b3 + +info: + name: > + Login by Auth0 3.11.0 - 3.11.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/898c2851-27e9-493a-96c7-b6be1c1f5c7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auth0/" + google-query: inurl:"/wp-content/plugins/auth0/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auth0,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auth0/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auth0" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.11.0', '<= 3.11.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auth0-74d2043a574ab69cbbb11dda595211e3.yaml b/nuclei-templates/cve-less/plugins/auth0-74d2043a574ab69cbbb11dda595211e3.yaml new file mode 100644 index 0000000000..d060a1e82b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auth0-74d2043a574ab69cbbb11dda595211e3.yaml @@ -0,0 +1,58 @@ +id: auth0-74d2043a574ab69cbbb11dda595211e3 + +info: + name: > + Login by Auth0 Plugin <= 3.11.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f91992e-33fb-4384-af34-e27f68e1ca6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auth0/" + google-query: inurl:"/wp-content/plugins/auth0/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auth0,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auth0/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auth0" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auth0-90a41beee5735837ff7592583a00d291.yaml b/nuclei-templates/cve-less/plugins/auth0-90a41beee5735837ff7592583a00d291.yaml new file mode 100644 index 0000000000..76f23a6c86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auth0-90a41beee5735837ff7592583a00d291.yaml @@ -0,0 +1,58 @@ +id: auth0-90a41beee5735837ff7592583a00d291 + +info: + name: > + Login by Auth0 <= 3.11.3 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/155e43f2-d46f-413f-bedd-7ab8905c1c35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auth0/" + google-query: inurl:"/wp-content/plugins/auth0/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auth0,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auth0/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auth0" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/authenticator-ec741bccccea1c86002394aeac45c0a7.yaml b/nuclei-templates/cve-less/plugins/authenticator-ec741bccccea1c86002394aeac45c0a7.yaml new file mode 100644 index 0000000000..540e96c6e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/authenticator-ec741bccccea1c86002394aeac45c0a7.yaml @@ -0,0 +1,58 @@ +id: authenticator-ec741bccccea1c86002394aeac45c0a7 + +info: + name: > + Authenticator <= 1.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4df92b-b6b5-441e-a772-fed63cb83bf7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/authenticator/" + google-query: inurl:"/wp-content/plugins/authenticator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,authenticator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/authenticator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "authenticator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/authldap-bdd4b664f15822a6a49a236c18fe020b.yaml b/nuclei-templates/cve-less/plugins/authldap-bdd4b664f15822a6a49a236c18fe020b.yaml new file mode 100644 index 0000000000..56ac6e00a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/authldap-bdd4b664f15822a6a49a236c18fe020b.yaml @@ -0,0 +1,58 @@ +id: authldap-bdd4b664f15822a6a49a236c18fe020b + +info: + name: > + authLdap <= 2.5.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eddce6e0-2ea7-4980-97a7-857b2e1e3b69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/authldap/" + google-query: inurl:"/wp-content/plugins/authldap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,authldap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/authldap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "authldap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/authldap-cc2cca093f03fe71d2f989bb7299a3fb.yaml b/nuclei-templates/cve-less/plugins/authldap-cc2cca093f03fe71d2f989bb7299a3fb.yaml new file mode 100644 index 0000000000..797747ef36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/authldap-cc2cca093f03fe71d2f989bb7299a3fb.yaml @@ -0,0 +1,58 @@ +id: authldap-cc2cca093f03fe71d2f989bb7299a3fb + +info: + name: > + authLdap <= 2.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b91ad8b-79ec-4ef7-bb39-edb06309da5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/authldap/" + google-query: inurl:"/wp-content/plugins/authldap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,authldap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/authldap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "authldap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/author-avatars-2ba7e464285026388de6685dba844dbc.yaml b/nuclei-templates/cve-less/plugins/author-avatars-2ba7e464285026388de6685dba844dbc.yaml new file mode 100644 index 0000000000..306287bd0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/author-avatars-2ba7e464285026388de6685dba844dbc.yaml @@ -0,0 +1,58 @@ +id: author-avatars-2ba7e464285026388de6685dba844dbc + +info: + name: > + Author Avatars List/Block <= 2.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7c8380b-02ae-49d2-8c64-debe7f73ee35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/author-avatars/" + google-query: inurl:"/wp-content/plugins/author-avatars/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,author-avatars,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/author-avatars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "author-avatars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/author-bio-box-6674d09f375c0a0c6100b633268f7e7c.yaml b/nuclei-templates/cve-less/plugins/author-bio-box-6674d09f375c0a0c6100b633268f7e7c.yaml new file mode 100644 index 0000000000..11e5559e89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/author-bio-box-6674d09f375c0a0c6100b633268f7e7c.yaml @@ -0,0 +1,58 @@ +id: author-bio-box-6674d09f375c0a0c6100b633268f7e7c + +info: + name: > + Author Bio Box <= 3.3.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35f2d80a-891a-4616-a3f6-01bbf12f5f10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/author-bio-box/" + google-query: inurl:"/wp-content/plugins/author-bio-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,author-bio-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/author-bio-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "author-bio-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/authorizer-0dee3aeb64244e66a13f4201e38521ac.yaml b/nuclei-templates/cve-less/plugins/authorizer-0dee3aeb64244e66a13f4201e38521ac.yaml new file mode 100644 index 0000000000..a689da844c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/authorizer-0dee3aeb64244e66a13f4201e38521ac.yaml @@ -0,0 +1,58 @@ +id: authorizer-0dee3aeb64244e66a13f4201e38521ac + +info: + name: > + phpCAS authentication library < 1.6.0 - Service Hostname Discovery Exploitation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d8365a6-dfa2-4753-b655-3c2bcadeae75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/authorizer/" + google-query: inurl:"/wp-content/plugins/authorizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,authorizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/authorizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "authorizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/authors-list-f4f27ef7b51870c2ee29ac141ca3d041.yaml b/nuclei-templates/cve-less/plugins/authors-list-f4f27ef7b51870c2ee29ac141ca3d041.yaml new file mode 100644 index 0000000000..f97e84bf60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/authors-list-f4f27ef7b51870c2ee29ac141ca3d041.yaml @@ -0,0 +1,58 @@ +id: authors-list-f4f27ef7b51870c2ee29ac141ca3d041 + +info: + name: > + Authors List <= 2.0.2 - Reflected Cross-Site Scripting via al_id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09f590ad-c99a-4577-a709-98c88d3acc87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/authors-list/" + google-query: inurl:"/wp-content/plugins/authors-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,authors-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/authors-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "authors-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-delete-posts-558370c6db6c7d4d1eb32adfed3a020b.yaml b/nuclei-templates/cve-less/plugins/auto-delete-posts-558370c6db6c7d4d1eb32adfed3a020b.yaml new file mode 100644 index 0000000000..90ea06445c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-delete-posts-558370c6db6c7d4d1eb32adfed3a020b.yaml @@ -0,0 +1,58 @@ +id: auto-delete-posts-558370c6db6c7d4d1eb32adfed3a020b + +info: + name: > + Auto Delete Posts <= 1.3.0 - Cross-Site Request Forgery to Arbitrary Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce3ff7f9-ccad-45c0-a278-f66fbb6263ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-delete-posts/" + google-query: inurl:"/wp-content/plugins/auto-delete-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-delete-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-delete-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-delete-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-excerpt-everywhere-9438e07daceade026bfabee5db9fec5f.yaml b/nuclei-templates/cve-less/plugins/auto-excerpt-everywhere-9438e07daceade026bfabee5db9fec5f.yaml new file mode 100644 index 0000000000..02ec3998ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-excerpt-everywhere-9438e07daceade026bfabee5db9fec5f.yaml @@ -0,0 +1,58 @@ +id: auto-excerpt-everywhere-9438e07daceade026bfabee5db9fec5f + +info: + name: > + Auto Excerpt everywhere <= 1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32647c44-389a-4a6d-a32b-e19a35bc2aeb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-excerpt-everywhere/" + google-query: inurl:"/wp-content/plugins/auto-excerpt-everywhere/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-excerpt-everywhere,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-excerpt-everywhere/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-excerpt-everywhere" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-hide-admin-bar-1243017811fac8a9f67c1c02c6c11406.yaml b/nuclei-templates/cve-less/plugins/auto-hide-admin-bar-1243017811fac8a9f67c1c02c6c11406.yaml new file mode 100644 index 0000000000..8c57b18442 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-hide-admin-bar-1243017811fac8a9f67c1c02c6c11406.yaml @@ -0,0 +1,58 @@ +id: auto-hide-admin-bar-1243017811fac8a9f67c1c02c6c11406 + +info: + name: > + Auto Hide Admin Bar <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/168ff5ec-52f2-4234-aee4-6d460b72d6c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-hide-admin-bar/" + google-query: inurl:"/wp-content/plugins/auto-hide-admin-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-hide-admin-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-hide-admin-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-hide-admin-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-hyperlink-urls-0886361daf0aecc3d4f4d311809f8748.yaml b/nuclei-templates/cve-less/plugins/auto-hyperlink-urls-0886361daf0aecc3d4f4d311809f8748.yaml new file mode 100644 index 0000000000..5073bbc5f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-hyperlink-urls-0886361daf0aecc3d4f4d311809f8748.yaml @@ -0,0 +1,58 @@ +id: auto-hyperlink-urls-0886361daf0aecc3d4f4d311809f8748 + +info: + name: > + Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42e8129f-dbbd-4dd3-a7a5-c6242c43dfe8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-hyperlink-urls/" + google-query: inurl:"/wp-content/plugins/auto-hyperlink-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-hyperlink-urls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-hyperlink-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-hyperlink-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-limit-posts-reloaded-ea1f016fc610b9737d2a2631fc4d6d33.yaml b/nuclei-templates/cve-less/plugins/auto-limit-posts-reloaded-ea1f016fc610b9737d2a2631fc4d6d33.yaml new file mode 100644 index 0000000000..7a74078b39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-limit-posts-reloaded-ea1f016fc610b9737d2a2631fc4d6d33.yaml @@ -0,0 +1,58 @@ +id: auto-limit-posts-reloaded-ea1f016fc610b9737d2a2631fc4d6d33 + +info: + name: > + Auto Limit Posts Reloaded <= 2.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fedf20b2-6c21-4c91-8f79-9cac334a1313?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-limit-posts-reloaded/" + google-query: inurl:"/wp-content/plugins/auto-limit-posts-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-limit-posts-reloaded,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-limit-posts-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-limit-posts-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-listings-8b6ee3af1a9508cfbedefd1fe07951b6.yaml b/nuclei-templates/cve-less/plugins/auto-listings-8b6ee3af1a9508cfbedefd1fe07951b6.yaml new file mode 100644 index 0000000000..47c4aa90f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-listings-8b6ee3af1a9508cfbedefd1fe07951b6.yaml @@ -0,0 +1,58 @@ +id: auto-listings-8b6ee3af1a9508cfbedefd1fe07951b6 + +info: + name: > + Auto Listings <= 2.6.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1a97776-03c7-403d-b803-023647b9d0f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-listings/" + google-query: inurl:"/wp-content/plugins/auto-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-listings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-location-for-wp-job-manager-c35094b437e27c460747dae02d21159c.yaml b/nuclei-templates/cve-less/plugins/auto-location-for-wp-job-manager-c35094b437e27c460747dae02d21159c.yaml new file mode 100644 index 0000000000..764c7e508e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-location-for-wp-job-manager-c35094b437e27c460747dae02d21159c.yaml @@ -0,0 +1,58 @@ +id: auto-location-for-wp-job-manager-c35094b437e27c460747dae02d21159c + +info: + name: > + Auto Location for WP Job Manager via Google <= 1.0 - Authenticated (Administrator+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19a70aa0-7075-4922-8feb-25b7fbe9da42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-location-for-wp-job-manager/" + google-query: inurl:"/wp-content/plugins/auto-location-for-wp-job-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-location-for-wp-job-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-location-for-wp-job-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-location-for-wp-job-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-login-new-user-after-registration-3503792f93b778d8b203c79791005536.yaml b/nuclei-templates/cve-less/plugins/auto-login-new-user-after-registration-3503792f93b778d8b203c79791005536.yaml new file mode 100644 index 0000000000..cd3554587f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-login-new-user-after-registration-3503792f93b778d8b203c79791005536.yaml @@ -0,0 +1,58 @@ +id: auto-login-new-user-after-registration-3503792f93b778d8b203c79791005536 + +info: + name: > + Auto Login New User After Registration <= 1.9.6 - Cross-Site Request Forgery to Settings Modification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9311c7b6-2c32-4f30-8286-6d59c267c09d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-login-new-user-after-registration/" + google-query: inurl:"/wp-content/plugins/auto-login-new-user-after-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-login-new-user-after-registration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-login-new-user-after-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-login-new-user-after-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-login-new-user-after-registration-cbd733c7ebdd096e6d282497c4c8eb45.yaml b/nuclei-templates/cve-less/plugins/auto-login-new-user-after-registration-cbd733c7ebdd096e6d282497c4c8eb45.yaml new file mode 100644 index 0000000000..3d5b46b684 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-login-new-user-after-registration-cbd733c7ebdd096e6d282497c4c8eb45.yaml @@ -0,0 +1,58 @@ +id: auto-login-new-user-after-registration-cbd733c7ebdd096e6d282497c4c8eb45 + +info: + name: > + Auto Login New User After Registration <= 1.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via alnuar_auto_login_new_user_after_registration_redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb82b48-3cf8-47a5-b68d-e37a1823a125?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-login-new-user-after-registration/" + google-query: inurl:"/wp-content/plugins/auto-login-new-user-after-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-login-new-user-after-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-login-new-user-after-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-login-new-user-after-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-login-when-resister-8a80eb46c7edc3e736e43babb9e6251b.yaml b/nuclei-templates/cve-less/plugins/auto-login-when-resister-8a80eb46c7edc3e736e43babb9e6251b.yaml new file mode 100644 index 0000000000..b2aedfe937 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-login-when-resister-8a80eb46c7edc3e736e43babb9e6251b.yaml @@ -0,0 +1,58 @@ +id: auto-login-when-resister-8a80eb46c7edc3e736e43babb9e6251b + +info: + name: > + Enable/Disable Auto Login when Register <= 1.1.0 Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fa45fa7-b1da-42f0-945b-2a6b0db5ba91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-login-when-resister/" + google-query: inurl:"/wp-content/plugins/auto-login-when-resister/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-login-when-resister,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-login-when-resister/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-login-when-resister" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-more-tag-5181665927ed9da562e36af3ea3ec2fb.yaml b/nuclei-templates/cve-less/plugins/auto-more-tag-5181665927ed9da562e36af3ea3ec2fb.yaml new file mode 100644 index 0000000000..eb03082dce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-more-tag-5181665927ed9da562e36af3ea3ec2fb.yaml @@ -0,0 +1,58 @@ +id: auto-more-tag-5181665927ed9da562e36af3ea3ec2fb + +info: + name: > + Auto More Tag <= 4.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f93fb48-3963-4a98-9c70-eef667b254df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-more-tag/" + google-query: inurl:"/wp-content/plugins/auto-more-tag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-more-tag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-more-tag/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-more-tag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-post-thumbnail-272755bdeeb1adc01a4352f800652c09.yaml b/nuclei-templates/cve-less/plugins/auto-post-thumbnail-272755bdeeb1adc01a4352f800652c09.yaml new file mode 100644 index 0000000000..28cc448886 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-post-thumbnail-272755bdeeb1adc01a4352f800652c09.yaml @@ -0,0 +1,58 @@ +id: auto-post-thumbnail-272755bdeeb1adc01a4352f800652c09 + +info: + name: > + Auto Featured Image (Auto Post Thumbnail) <= 4.0.0 - Authenticated (Author+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/309eb1df-728f-404d-a20d-a83a0ab8ed0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-post-thumbnail/" + google-query: inurl:"/wp-content/plugins/auto-post-thumbnail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-post-thumbnail,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-post-thumbnail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-post-thumbnail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-post-thumbnail-4a832155afe3b99c1f4d2882162139df.yaml b/nuclei-templates/cve-less/plugins/auto-post-thumbnail-4a832155afe3b99c1f4d2882162139df.yaml new file mode 100644 index 0000000000..b1433fdede --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-post-thumbnail-4a832155afe3b99c1f4d2882162139df.yaml @@ -0,0 +1,58 @@ +id: auto-post-thumbnail-4a832155afe3b99c1f4d2882162139df + +info: + name: > + Auto Featured Image <= 3.9.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/222325e9-3048-45f7-9a66-a713d096d44e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-post-thumbnail/" + google-query: inurl:"/wp-content/plugins/auto-post-thumbnail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-post-thumbnail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-post-thumbnail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-post-thumbnail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-post-thumbnail-eb2326275a758827f7cb2f8622cad6ce.yaml b/nuclei-templates/cve-less/plugins/auto-post-thumbnail-eb2326275a758827f7cb2f8622cad6ce.yaml new file mode 100644 index 0000000000..72b4b10eea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-post-thumbnail-eb2326275a758827f7cb2f8622cad6ce.yaml @@ -0,0 +1,58 @@ +id: auto-post-thumbnail-eb2326275a758827f7cb2f8622cad6ce + +info: + name: > + Auto Featured Image (Auto Post Thumbnail) <= 3.9.15 - Authenticated (Author+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18ff2556-9e20-42f6-a8fb-b81473c42576?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-post-thumbnail/" + google-query: inurl:"/wp-content/plugins/auto-post-thumbnail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-post-thumbnail,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-post-thumbnail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-post-thumbnail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-poster-d78cf00c59cb04a1784e89b4d96527fd.yaml b/nuclei-templates/cve-less/plugins/auto-poster-d78cf00c59cb04a1784e89b4d96527fd.yaml new file mode 100644 index 0000000000..c3ce7b9fe2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-poster-d78cf00c59cb04a1784e89b4d96527fd.yaml @@ -0,0 +1,58 @@ +id: auto-poster-d78cf00c59cb04a1784e89b4d96527fd + +info: + name: > + Auto Poster <= 1.2 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02b24735-0310-4b00-9acc-a05557238697?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-poster/" + google-query: inurl:"/wp-content/plugins/auto-poster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-poster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-poster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-poster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-prune-posts-0853f27900d9d1d4cc0e56f1b61fc316.yaml b/nuclei-templates/cve-less/plugins/auto-prune-posts-0853f27900d9d1d4cc0e56f1b61fc316.yaml new file mode 100644 index 0000000000..264037e2f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-prune-posts-0853f27900d9d1d4cc0e56f1b61fc316.yaml @@ -0,0 +1,58 @@ +id: auto-prune-posts-0853f27900d9d1d4cc0e56f1b61fc316 + +info: + name: > + Auto Prune Posts <= 1.8.0 - Cross-Site Request Forgery via admin_menu + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f15af4eb-5752-4a85-babd-cee7e89c329d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-prune-posts/" + google-query: inurl:"/wp-content/plugins/auto-prune-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-prune-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-prune-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-prune-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-refresh-single-page-176d59252e2a1ced83fc8440cad1b0f5.yaml b/nuclei-templates/cve-less/plugins/auto-refresh-single-page-176d59252e2a1ced83fc8440cad1b0f5.yaml new file mode 100644 index 0000000000..a1eb317c1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-refresh-single-page-176d59252e2a1ced83fc8440cad1b0f5.yaml @@ -0,0 +1,58 @@ +id: auto-refresh-single-page-176d59252e2a1ced83fc8440cad1b0f5 + +info: + name: > + Auto Refresh Single Page <= 1.1 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f8f8d46-d7e7-4b07-9b10-15e579973474?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-refresh-single-page/" + google-query: inurl:"/wp-content/plugins/auto-refresh-single-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-refresh-single-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-refresh-single-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-refresh-single-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-rename-media-on-upload-9eab813e12b4ac048e7bde30bc6ba691.yaml b/nuclei-templates/cve-less/plugins/auto-rename-media-on-upload-9eab813e12b4ac048e7bde30bc6ba691.yaml new file mode 100644 index 0000000000..df87feddce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-rename-media-on-upload-9eab813e12b4ac048e7bde30bc6ba691.yaml @@ -0,0 +1,58 @@ +id: auto-rename-media-on-upload-9eab813e12b4ac048e7bde30bc6ba691 + +info: + name: > + Auto Rename Media On Upload <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25a566ed-9ed6-4c72-9728-49a0edfb5ba5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-rename-media-on-upload/" + google-query: inurl:"/wp-content/plugins/auto-rename-media-on-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-rename-media-on-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-rename-media-on-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-rename-media-on-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-tag-creator-ef92930a59c0704397081e4543f7586d.yaml b/nuclei-templates/cve-less/plugins/auto-tag-creator-ef92930a59c0704397081e4543f7586d.yaml new file mode 100644 index 0000000000..290e765821 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-tag-creator-ef92930a59c0704397081e4543f7586d.yaml @@ -0,0 +1,58 @@ +id: auto-tag-creator-ef92930a59c0704397081e4543f7586d + +info: + name: > + Auto Tag Creator <= 1.0.2 - Missing Authorization via tag_save_settings_callback + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4b6d2c6-d157-4c4c-b6e1-557b8353c742?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-tag-creator/" + google-query: inurl:"/wp-content/plugins/auto-tag-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-tag-creator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-tag-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-tag-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-thickbox-plus-1fdd6fa4d9b258037503dfcfecd3a543.yaml b/nuclei-templates/cve-less/plugins/auto-thickbox-plus-1fdd6fa4d9b258037503dfcfecd3a543.yaml new file mode 100644 index 0000000000..4c9f848b68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-thickbox-plus-1fdd6fa4d9b258037503dfcfecd3a543.yaml @@ -0,0 +1,58 @@ +id: auto-thickbox-plus-1fdd6fa4d9b258037503dfcfecd3a543 + +info: + name: > + Auto ThickBox Plus <= 1.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/becee157-8519-4f1f-b369-5f932773f282?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-thickbox-plus/" + google-query: inurl:"/wp-content/plugins/auto-thickbox-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-thickbox-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-thickbox-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-thickbox-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-upload-images-e720f99baaecf49f6cf9a7d54ee9d187.yaml b/nuclei-templates/cve-less/plugins/auto-upload-images-e720f99baaecf49f6cf9a7d54ee9d187.yaml new file mode 100644 index 0000000000..eee55d554a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-upload-images-e720f99baaecf49f6cf9a7d54ee9d187.yaml @@ -0,0 +1,58 @@ +id: auto-upload-images-e720f99baaecf49f6cf9a7d54ee9d187 + +info: + name: > + Auto Upload Images <= 3.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f8a7933-cc26-47f2-9142-df748add0745?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-upload-images/" + google-query: inurl:"/wp-content/plugins/auto-upload-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-upload-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-upload-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-upload-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auto-youtube-importer-be7901b9f5b68d7364c4afedf93335bf.yaml b/nuclei-templates/cve-less/plugins/auto-youtube-importer-be7901b9f5b68d7364c4afedf93335bf.yaml new file mode 100644 index 0000000000..ba0e97ea15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auto-youtube-importer-be7901b9f5b68d7364c4afedf93335bf.yaml @@ -0,0 +1,58 @@ +id: auto-youtube-importer-be7901b9f5b68d7364c4afedf93335bf + +info: + name: > + Auto YouTube Importer <= 1.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff7e7539-6a09-461a-a9a7-33630c396f1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auto-youtube-importer/" + google-query: inurl:"/wp-content/plugins/auto-youtube-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auto-youtube-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auto-youtube-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auto-youtube-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autocomplete-location-field-contact-form-7-4113301795a9f6abc828e53db152bc61.yaml b/nuclei-templates/cve-less/plugins/autocomplete-location-field-contact-form-7-4113301795a9f6abc828e53db152bc61.yaml new file mode 100644 index 0000000000..d572a7211f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autocomplete-location-field-contact-form-7-4113301795a9f6abc828e53db152bc61.yaml @@ -0,0 +1,58 @@ +id: autocomplete-location-field-contact-form-7-4113301795a9f6abc828e53db152bc61 + +info: + name: > + Autocomplete Location field Contact Form 7 <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13fd7509-6d61-4eb0-9f85-cc40e074b819?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autocomplete-location-field-contact-form-7/" + google-query: inurl:"/wp-content/plugins/autocomplete-location-field-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autocomplete-location-field-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autocomplete-location-field-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autocomplete-location-field-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autolinks-ad0620cb04a8c4743efa183697178556.yaml b/nuclei-templates/cve-less/plugins/autolinks-ad0620cb04a8c4743efa183697178556.yaml new file mode 100644 index 0000000000..6fd999a9ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autolinks-ad0620cb04a8c4743efa183697178556.yaml @@ -0,0 +1,58 @@ +id: autolinks-ad0620cb04a8c4743efa183697178556 + +info: + name: > + Autolinks <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1197d19-e49f-4d44-8efe-ef8d7e91bce0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autolinks/" + google-query: inurl:"/wp-content/plugins/autolinks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autolinks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autolinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autolinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/automated-editor-3a906cc64f922d280ee100fae46edd10.yaml b/nuclei-templates/cve-less/plugins/automated-editor-3a906cc64f922d280ee100fae46edd10.yaml new file mode 100644 index 0000000000..065bcc3c58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/automated-editor-3a906cc64f922d280ee100fae46edd10.yaml @@ -0,0 +1,58 @@ +id: automated-editor-3a906cc64f922d280ee100fae46edd10 + +info: + name: > + Automated Editor <= 1.3 - Cross-Site Request Forgery via admin menu pages + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27799988-cb2b-41c7-ad9a-aade59d31fa3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automated-editor/" + google-query: inurl:"/wp-content/plugins/automated-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automated-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automated-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automated-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/automatewoo-4dae001d6d6e08996c09e2836f10b44d.yaml b/nuclei-templates/cve-less/plugins/automatewoo-4dae001d6d6e08996c09e2836f10b44d.yaml new file mode 100644 index 0000000000..9a78268740 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/automatewoo-4dae001d6d6e08996c09e2836f10b44d.yaml @@ -0,0 +1,58 @@ +id: automatewoo-4dae001d6d6e08996c09e2836f10b44d + +info: + name: > + AutomateWoo <= 5.7.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a33c8a80-e11e-403d-9eb0-e1c5b59204b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automatewoo/" + google-query: inurl:"/wp-content/plugins/automatewoo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automatewoo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatewoo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatewoo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/automatewoo-62fe87d4141e78303e17a76d693266f0.yaml b/nuclei-templates/cve-less/plugins/automatewoo-62fe87d4141e78303e17a76d693266f0.yaml new file mode 100644 index 0000000000..073ef76700 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/automatewoo-62fe87d4141e78303e17a76d693266f0.yaml @@ -0,0 +1,58 @@ +id: automatewoo-62fe87d4141e78303e17a76d693266f0 + +info: + name: > + AutomateWoo <= 5.7.1 - Authenticated (Shop manager+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9202cb4d-7fd4-444d-ab44-8f6d9e68d869?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automatewoo/" + google-query: inurl:"/wp-content/plugins/automatewoo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automatewoo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatewoo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatewoo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/automatewoo-ccfc84b5a73050c155c0bdabcf1ece75.yaml b/nuclei-templates/cve-less/plugins/automatewoo-ccfc84b5a73050c155c0bdabcf1ece75.yaml new file mode 100644 index 0000000000..5c66513543 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/automatewoo-ccfc84b5a73050c155c0bdabcf1ece75.yaml @@ -0,0 +1,58 @@ +id: automatewoo-ccfc84b5a73050c155c0bdabcf1ece75 + +info: + name: > + AutomateWoo <= 5.7.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/540de1b8-eb1f-4f9d-b45c-d3d5f11b642d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automatewoo/" + google-query: inurl:"/wp-content/plugins/automatewoo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automatewoo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatewoo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatewoo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/automatewoo-d7fca3e11b3b0863de2f43ab6c4390c1.yaml b/nuclei-templates/cve-less/plugins/automatewoo-d7fca3e11b3b0863de2f43ab6c4390c1.yaml new file mode 100644 index 0000000000..ab5dd857db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/automatewoo-d7fca3e11b3b0863de2f43ab6c4390c1.yaml @@ -0,0 +1,58 @@ +id: automatewoo-d7fca3e11b3b0863de2f43ab6c4390c1 + +info: + name: > + AutomateWoo <= 5.7.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb51383f-03c8-4e81-bfed-40fd9f5c4d20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automatewoo/" + google-query: inurl:"/wp-content/plugins/automatewoo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automatewoo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatewoo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatewoo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/automatic-grid-image-listing-b320e1c5f0dacab6b03f963021265f72.yaml b/nuclei-templates/cve-less/plugins/automatic-grid-image-listing-b320e1c5f0dacab6b03f963021265f72.yaml new file mode 100644 index 0000000000..7a3f6bf14b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/automatic-grid-image-listing-b320e1c5f0dacab6b03f963021265f72.yaml @@ -0,0 +1,58 @@ +id: automatic-grid-image-listing-b320e1c5f0dacab6b03f963021265f72 + +info: + name: > + AGIL(Automatic Grid Image Listing) <= 1.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a75c179f-236b-4a1b-8566-b74e0c5fda27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automatic-grid-image-listing/" + google-query: inurl:"/wp-content/plugins/automatic-grid-image-listing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automatic-grid-image-listing,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatic-grid-image-listing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatic-grid-image-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/automatic-user-roles-switcher-3117c9f6ca4b5d0c58f750cb4d3a545e.yaml b/nuclei-templates/cve-less/plugins/automatic-user-roles-switcher-3117c9f6ca4b5d0c58f750cb4d3a545e.yaml new file mode 100644 index 0000000000..824cb748fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/automatic-user-roles-switcher-3117c9f6ca4b5d0c58f750cb4d3a545e.yaml @@ -0,0 +1,58 @@ +id: automatic-user-roles-switcher-3117c9f6ca4b5d0c58f750cb4d3a545e + +info: + name: > + Automatic User Roles Switcher <= 1.1.1 - Missing Authorization to Privilege Escalation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd74bcec-df6f-4f82-8f88-6cb1adde35ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automatic-user-roles-switcher/" + google-query: inurl:"/wp-content/plugins/automatic-user-roles-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automatic-user-roles-switcher,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatic-user-roles-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatic-user-roles-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/automatic-youtube-gallery-41e70074e724b3d58c82d2325b25db5e.yaml b/nuclei-templates/cve-less/plugins/automatic-youtube-gallery-41e70074e724b3d58c82d2325b25db5e.yaml new file mode 100644 index 0000000000..275ded9486 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/automatic-youtube-gallery-41e70074e724b3d58c82d2325b25db5e.yaml @@ -0,0 +1,58 @@ +id: automatic-youtube-gallery-41e70074e724b3d58c82d2325b25db5e + +info: + name: > + Automatic YouTube Gallery <= 2.3.3 - Missing Authorization via AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a58d45b-c91b-4141-992e-336650d7252b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automatic-youtube-gallery/" + google-query: inurl:"/wp-content/plugins/automatic-youtube-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automatic-youtube-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatic-youtube-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatic-youtube-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/automatic-youtube-video-posts-0a33d637c29ba75c2b509bcefbd3461e.yaml b/nuclei-templates/cve-less/plugins/automatic-youtube-video-posts-0a33d637c29ba75c2b509bcefbd3461e.yaml new file mode 100644 index 0000000000..0c271299b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/automatic-youtube-video-posts-0a33d637c29ba75c2b509bcefbd3461e.yaml @@ -0,0 +1,58 @@ +id: automatic-youtube-video-posts-0a33d637c29ba75c2b509bcefbd3461e + +info: + name: > + Automatic Youtube Video Posts Plugin <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a595b3c-2b21-43fe-8d4e-6721f4541c9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automatic-youtube-video-posts/" + google-query: inurl:"/wp-content/plugins/automatic-youtube-video-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automatic-youtube-video-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatic-youtube-video-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatic-youtube-video-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/automatorwp-bb200d907df69c9c4fcee1658bb3b23d.yaml b/nuclei-templates/cve-less/plugins/automatorwp-bb200d907df69c9c4fcee1658bb3b23d.yaml new file mode 100644 index 0000000000..916c69eb23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/automatorwp-bb200d907df69c9c4fcee1658bb3b23d.yaml @@ -0,0 +1,58 @@ +id: automatorwp-bb200d907df69c9c4fcee1658bb3b23d + +info: + name: > + AutomatorWP <= 2.5.0 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c189a778-0338-408c-bcca-a0ac76d8eb44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automatorwp/" + google-query: inurl:"/wp-content/plugins/automatorwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automatorwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatorwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatorwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/automatorwp-ecd15bc5f3de0e81bd280c25d15be5a4.yaml b/nuclei-templates/cve-less/plugins/automatorwp-ecd15bc5f3de0e81bd280c25d15be5a4.yaml new file mode 100644 index 0000000000..2a8a60be5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/automatorwp-ecd15bc5f3de0e81bd280c25d15be5a4.yaml @@ -0,0 +1,58 @@ +id: automatorwp-ecd15bc5f3de0e81bd280c25d15be5a4 + +info: + name: > + AutomatorWP <= 1.7.5 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b95fe0e-4677-4667-9a84-96801b547088?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/automatorwp/" + google-query: inurl:"/wp-content/plugins/automatorwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,automatorwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/automatorwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "automatorwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoptimize-4cdab5a4c9d1ef359c9ea3e65c6cdb07.yaml b/nuclei-templates/cve-less/plugins/autoptimize-4cdab5a4c9d1ef359c9ea3e65c6cdb07.yaml new file mode 100644 index 0000000000..57f2ad3951 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoptimize-4cdab5a4c9d1ef359c9ea3e65c6cdb07.yaml @@ -0,0 +1,58 @@ +id: autoptimize-4cdab5a4c9d1ef359c9ea3e65c6cdb07 + +info: + name: > + Autoptimize <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f787cad3-cf99-413a-952f-082fae973bef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoptimize/" + google-query: inurl:"/wp-content/plugins/autoptimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoptimize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoptimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoptimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoptimize-6be16d4dc7a3396a4e2044185bf46f84.yaml b/nuclei-templates/cve-less/plugins/autoptimize-6be16d4dc7a3396a4e2044185bf46f84.yaml new file mode 100644 index 0000000000..948d8f6374 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoptimize-6be16d4dc7a3396a4e2044185bf46f84.yaml @@ -0,0 +1,58 @@ +id: autoptimize-6be16d4dc7a3396a4e2044185bf46f84 + +info: + name: > + Autoptimize <= 2.7.6 - Authenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09152aa7-5c10-416a-aa77-a0cde1b6442e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoptimize/" + google-query: inurl:"/wp-content/plugins/autoptimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoptimize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoptimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoptimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoptimize-75251abfce703752327c7069170783ae.yaml b/nuclei-templates/cve-less/plugins/autoptimize-75251abfce703752327c7069170783ae.yaml new file mode 100644 index 0000000000..59ffd6afad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoptimize-75251abfce703752327c7069170783ae.yaml @@ -0,0 +1,58 @@ +id: autoptimize-75251abfce703752327c7069170783ae + +info: + name: > + Autoptimize <= 3.0.4 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f9d237c-110e-4e71-9d2c-db99358468e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoptimize/" + google-query: inurl:"/wp-content/plugins/autoptimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoptimize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoptimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoptimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoptimize-967efd081266df53c7d5c10295955cd0.yaml b/nuclei-templates/cve-less/plugins/autoptimize-967efd081266df53c7d5c10295955cd0.yaml new file mode 100644 index 0000000000..cd61d3574c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoptimize-967efd081266df53c7d5c10295955cd0.yaml @@ -0,0 +1,58 @@ +id: autoptimize-967efd081266df53c7d5c10295955cd0 + +info: + name: > + Autoptimize <= 2.7.7 - Race Condition leading to Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef9a6ef5-368e-40df-9a17-2779e453dfcc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoptimize/" + google-query: inurl:"/wp-content/plugins/autoptimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoptimize,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoptimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoptimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoptimize-9b6d789ab9054bec8f3668e533e7af06.yaml b/nuclei-templates/cve-less/plugins/autoptimize-9b6d789ab9054bec8f3668e533e7af06.yaml new file mode 100644 index 0000000000..2af21ad115 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoptimize-9b6d789ab9054bec8f3668e533e7af06.yaml @@ -0,0 +1,58 @@ +id: autoptimize-9b6d789ab9054bec8f3668e533e7af06 + +info: + name: > + Autoptimize <= 2.7.7 - Unsafe File Upload to Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c95210ba-65f6-4bf8-8986-f537f1854d02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoptimize/" + google-query: inurl:"/wp-content/plugins/autoptimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoptimize,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoptimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoptimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoptimize-a168ad5542ffc3cded569dbf621954d3.yaml b/nuclei-templates/cve-less/plugins/autoptimize-a168ad5542ffc3cded569dbf621954d3.yaml new file mode 100644 index 0000000000..62e89b467d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoptimize-a168ad5542ffc3cded569dbf621954d3.yaml @@ -0,0 +1,58 @@ +id: autoptimize-a168ad5542ffc3cded569dbf621954d3 + +info: + name: > + Autoptimize <= 2.8.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be24d47e-4880-4d7f-9be2-cf8eb1afe888?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoptimize/" + google-query: inurl:"/wp-content/plugins/autoptimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoptimize,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoptimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoptimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoptimize-c98cc11ba230cb93eea39872b453bb99.yaml b/nuclei-templates/cve-less/plugins/autoptimize-c98cc11ba230cb93eea39872b453bb99.yaml new file mode 100644 index 0000000000..4717b2e512 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoptimize-c98cc11ba230cb93eea39872b453bb99.yaml @@ -0,0 +1,58 @@ +id: autoptimize-c98cc11ba230cb93eea39872b453bb99 + +info: + name: > + Autoptimize <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting via Critical CSS Rules + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d16a3da0-9539-4555-8dfc-65cb4f4d7b4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoptimize/" + google-query: inurl:"/wp-content/plugins/autoptimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoptimize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoptimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoptimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoptimize-dac1811f2f42b2f9bf0fce4cd043df4e.yaml b/nuclei-templates/cve-less/plugins/autoptimize-dac1811f2f42b2f9bf0fce4cd043df4e.yaml new file mode 100644 index 0000000000..4f58442f9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoptimize-dac1811f2f42b2f9bf0fce4cd043df4e.yaml @@ -0,0 +1,58 @@ +id: autoptimize-dac1811f2f42b2f9bf0fce4cd043df4e + +info: + name: > + Autoptimize <= 2.7.7 - Arbitrary File Upload (and Remote Code Execution) via Import Settings + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/640f2616-f3a5-4be6-901e-848d2d77506e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoptimize/" + google-query: inurl:"/wp-content/plugins/autoptimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoptimize,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoptimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoptimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoresponder-gwa-d0a082141e820d78d2c62d7167bca620.yaml b/nuclei-templates/cve-less/plugins/autoresponder-gwa-d0a082141e820d78d2c62d7167bca620.yaml new file mode 100644 index 0000000000..ebeac763ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoresponder-gwa-d0a082141e820d78d2c62d7167bca620.yaml @@ -0,0 +1,58 @@ +id: autoresponder-gwa-d0a082141e820d78d2c62d7167bca620 + +info: + name: > + [GWA] AutoResponder <= 2.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e278df67-e4d3-416c-ac7d-6e43442dde17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoresponder-gwa/" + google-query: inurl:"/wp-content/plugins/autoresponder-gwa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoresponder-gwa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoresponder-gwa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoresponder-gwa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoshare-for-twitter-1f6e5011b7adf7858fca1938316d62fe.yaml b/nuclei-templates/cve-less/plugins/autoshare-for-twitter-1f6e5011b7adf7858fca1938316d62fe.yaml new file mode 100644 index 0000000000..c7369a4759 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoshare-for-twitter-1f6e5011b7adf7858fca1938316d62fe.yaml @@ -0,0 +1,58 @@ +id: autoshare-for-twitter-1f6e5011b7adf7858fca1938316d62fe + +info: + name: > + decode-uri-component <= 0.2.1 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3147a94-056a-4454-8815-44c0b9d1de81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoshare-for-twitter/" + google-query: inurl:"/wp-content/plugins/autoshare-for-twitter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoshare-for-twitter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoshare-for-twitter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoshare-for-twitter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoshare-for-twitter-73081b1f6f4e13a9e6e969eba5e746fc.yaml b/nuclei-templates/cve-less/plugins/autoshare-for-twitter-73081b1f6f4e13a9e6e969eba5e746fc.yaml new file mode 100644 index 0000000000..874f57e072 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoshare-for-twitter-73081b1f6f4e13a9e6e969eba5e746fc.yaml @@ -0,0 +1,58 @@ +id: autoshare-for-twitter-73081b1f6f4e13a9e6e969eba5e746fc + +info: + name: > + simple-git < 3.15.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c747e6f-31fc-41b0-ba62-f009b5483696?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoshare-for-twitter/" + google-query: inurl:"/wp-content/plugins/autoshare-for-twitter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoshare-for-twitter,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoshare-for-twitter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoshare-for-twitter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autoshare-for-twitter-f9078038dec7d199edb0413f76661495.yaml b/nuclei-templates/cve-less/plugins/autoshare-for-twitter-f9078038dec7d199edb0413f76661495.yaml new file mode 100644 index 0000000000..ad5d850d45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autoshare-for-twitter-f9078038dec7d199edb0413f76661495.yaml @@ -0,0 +1,58 @@ +id: autoshare-for-twitter-f9078038dec7d199edb0413f76661495 + +info: + name: > + Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d535c069-cfa3-4c41-9a01-b4c4e7c75764?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autoshare-for-twitter/" + google-query: inurl:"/wp-content/plugins/autoshare-for-twitter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autoshare-for-twitter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autoshare-for-twitter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autoshare-for-twitter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/autotitle-for-wordpress-4914e87d81ced1cde016cf120e762a4b.yaml b/nuclei-templates/cve-less/plugins/autotitle-for-wordpress-4914e87d81ced1cde016cf120e762a4b.yaml new file mode 100644 index 0000000000..9037119482 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/autotitle-for-wordpress-4914e87d81ced1cde016cf120e762a4b.yaml @@ -0,0 +1,58 @@ +id: autotitle-for-wordpress-4914e87d81ced1cde016cf120e762a4b + +info: + name: > + Autotitle for WordPress <= 1.0.3 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/062d906d-5a6e-4180-a2f2-18411334b9a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/autotitle-for-wordpress/" + google-query: inurl:"/wp-content/plugins/autotitle-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,autotitle-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/autotitle-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "autotitle-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-700e36ec39fe3e8c88c494279e29f4d3.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-700e36ec39fe3e8c88c494279e29f4d3.yaml new file mode 100644 index 0000000000..3a9d84d66b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-700e36ec39fe3e8c88c494279e29f4d3.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-700e36ec39fe3e8c88c494279e29f4d3 + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95d61096-8e44-4b70-a409-c02cb3d1e32c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-730a6fdf4be6bb50ac42ce16cbcc6d77.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-730a6fdf4be6bb50ac42ce16cbcc6d77.yaml new file mode 100644 index 0000000000..b076c1d140 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-730a6fdf4be6bb50ac42ce16cbcc6d77.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-730a6fdf4be6bb50ac42ce16cbcc6d77 + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.10.5 - PHP Objection Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/743f6e8b-4694-4d6a-94db-093162ba94b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-7c56383fa31fa34806b79179038f9c39.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-7c56383fa31fa34806b79179038f9c39.yaml new file mode 100644 index 0000000000..ac765e0d47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-7c56383fa31fa34806b79179038f9c39.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-7c56383fa31fa34806b79179038f9c39 + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4541890-4c0d-4348-91df-42cf4b575514?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-7cb2639ce12fe262360726f38fcd9d92.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-7cb2639ce12fe262360726f38fcd9d92.yaml new file mode 100644 index 0000000000..93365c5971 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-7cb2639ce12fe262360726f38fcd9d92.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-7cb2639ce12fe262360726f38fcd9d92 + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe175315-99ef-438a-b5b0-a5f190403116?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-9eb8fddd5a9f0696ed91d545e4dd965c.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-9eb8fddd5a9f0696ed91d545e4dd965c.yaml new file mode 100644 index 0000000000..e224e1a99b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-9eb8fddd5a9f0696ed91d545e4dd965c.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-9eb8fddd5a9f0696ed91d545e4dd965c + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.14.0 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09437329-f01a-4998-90ec-e4b2e271e896?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.14.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-a06dc2822d205c30829a39942b5c0aee.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-a06dc2822d205c30829a39942b5c0aee.yaml new file mode 100644 index 0000000000..e590c2e883 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-a06dc2822d205c30829a39942b5c0aee.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-a06dc2822d205c30829a39942b5c0aee + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/546aee7b-60a6-44bc-8664-0e917974cb6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-a3c60d763b55ba109d8e7ef5cc4b73cf.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-a3c60d763b55ba109d8e7ef5cc4b73cf.yaml new file mode 100644 index 0000000000..76a170fc48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-a3c60d763b55ba109d8e7ef5cc4b73cf.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-a3c60d763b55ba109d8e7ef5cc4b73cf + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bcd2c5e-4969-4530-b3ab-930c5051d8f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-c1fa4ca90d68aef3b1e407c4bbb8f6e9.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-c1fa4ca90d68aef3b1e407c4bbb8f6e9.yaml new file mode 100644 index 0000000000..f3a5e189d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-c1fa4ca90d68aef3b1e407c4bbb8f6e9.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-c1fa4ca90d68aef3b1e407c4bbb8f6e9 + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_gmaps' Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3705f028-9c8d-48b1-8950-160e10038294?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-ce1baa6ffb742e3e4c86c030e2aaf287.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-ce1baa6ffb742e3e4c86c030e2aaf287.yaml new file mode 100644 index 0000000000..104fea16c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-ce1baa6ffb742e3e4c86c030e2aaf287.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-ce1baa6ffb742e3e4c86c030e2aaf287 + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.15.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b3c7359-4de3-485f-b1b4-9e83b95c7f7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-d5f51941abb9e332fec6da6716857cba.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-d5f51941abb9e332fec6da6716857cba.yaml new file mode 100644 index 0000000000..4a49cc5375 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-d5f51941abb9e332fec6da6716857cba.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-d5f51941abb9e332fec6da6716857cba + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.15.2 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0882205-3037-4ada-9e44-ddd55d88fcb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-d69e955ab6caeeb527fcd68ff48fdaa2.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-d69e955ab6caeeb527fcd68ff48fdaa2.yaml new file mode 100644 index 0000000000..5d135efa53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-d69e955ab6caeeb527fcd68ff48fdaa2.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-d69e955ab6caeeb527fcd68ff48fdaa2 + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.9.7 - Reflected Cross-Site-Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/101a3dfd-101e-4ae2-85d1-a6b3c9d6ca71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-elements-efcaa0147762fa54393728f49e9affeb.yaml b/nuclei-templates/cve-less/plugins/auxin-elements-efcaa0147762fa54393728f49e9affeb.yaml new file mode 100644 index 0000000000..ccc37d63d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-elements-efcaa0147762fa54393728f49e9affeb.yaml @@ -0,0 +1,58 @@ +id: auxin-elements-efcaa0147762fa54393728f49e9affeb + +info: + name: > + Shortcodes and extra features for Phlox theme <= 2.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9324ba-1cbf-4326-80b5-7b9d969441ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-elements/" + google-query: inurl:"/wp-content/plugins/auxin-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-portfolio-bd574799289bf82115af4f7319ebe51c.yaml b/nuclei-templates/cve-less/plugins/auxin-portfolio-bd574799289bf82115af4f7319ebe51c.yaml new file mode 100644 index 0000000000..ca04f40344 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-portfolio-bd574799289bf82115af4f7319ebe51c.yaml @@ -0,0 +1,58 @@ +id: auxin-portfolio-bd574799289bf82115af4f7319ebe51c + +info: + name: > + Phlox Portfolio <= 2.3.1 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f3f82e-6b1b-4138-b8f3-82e8dcd24479?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-portfolio/" + google-query: inurl:"/wp-content/plugins/auxin-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auxin-shop-e3bcf24a15914a9cc834e70ea4b9adc8.yaml b/nuclei-templates/cve-less/plugins/auxin-shop-e3bcf24a15914a9cc834e70ea4b9adc8.yaml new file mode 100644 index 0000000000..693c0408f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auxin-shop-e3bcf24a15914a9cc834e70ea4b9adc8.yaml @@ -0,0 +1,58 @@ +id: auxin-shop-e3bcf24a15914a9cc834e70ea4b9adc8 + +info: + name: > + Phlox Shop <= 2.0.0 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e11e4bab-f8a9-4ecb-b36e-09a55e47f1ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auxin-shop/" + google-query: inurl:"/wp-content/plugins/auxin-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auxin-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auxin-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auxin-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/auyautochat-for-wp-1c7bd7b413a535860c5a3694b104e04c.yaml b/nuclei-templates/cve-less/plugins/auyautochat-for-wp-1c7bd7b413a535860c5a3694b104e04c.yaml new file mode 100644 index 0000000000..2d956f1fe9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/auyautochat-for-wp-1c7bd7b413a535860c5a3694b104e04c.yaml @@ -0,0 +1,58 @@ +id: auyautochat-for-wp-1c7bd7b413a535860c5a3694b104e04c + +info: + name: > + Autochat Automatic Conversation <= 1.1.7 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9ad533d-4ec0-42a0-99fc-75fc59498c94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/auyautochat-for-wp/" + google-query: inurl:"/wp-content/plugins/auyautochat-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,auyautochat-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/auyautochat-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auyautochat-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/availability-calendar-1fa01304932da158500562eabc5ce5d0.yaml b/nuclei-templates/cve-less/plugins/availability-calendar-1fa01304932da158500562eabc5ce5d0.yaml new file mode 100644 index 0000000000..c3b9344c88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/availability-calendar-1fa01304932da158500562eabc5ce5d0.yaml @@ -0,0 +1,58 @@ +id: availability-calendar-1fa01304932da158500562eabc5ce5d0 + +info: + name: > + Availability Calendar <= 1.2.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f46ab3d-83fc-46a2-863e-7ce9b5391524?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/availability-calendar/" + google-query: inurl:"/wp-content/plugins/availability-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,availability-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/availability-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "availability-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/availability-calendar-3850f9fd40f943ca2e9ea3445b1f1e23.yaml b/nuclei-templates/cve-less/plugins/availability-calendar-3850f9fd40f943ca2e9ea3445b1f1e23.yaml new file mode 100644 index 0000000000..696e6be391 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/availability-calendar-3850f9fd40f943ca2e9ea3445b1f1e23.yaml @@ -0,0 +1,58 @@ +id: availability-calendar-3850f9fd40f943ca2e9ea3445b1f1e23 + +info: + name: > + Availability Calendar < 1.2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fca9bd3a-2489-4672-95c1-9e00d60d6525?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/availability-calendar/" + google-query: inurl:"/wp-content/plugins/availability-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,availability-calendar,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/availability-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "availability-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/availability-calendar-562eae7f881850beb009ee88869dd234.yaml b/nuclei-templates/cve-less/plugins/availability-calendar-562eae7f881850beb009ee88869dd234.yaml new file mode 100644 index 0000000000..050a16a3a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/availability-calendar-562eae7f881850beb009ee88869dd234.yaml @@ -0,0 +1,58 @@ +id: availability-calendar-562eae7f881850beb009ee88869dd234 + +info: + name: > + Availability Calendar <= 1.2.6 - Cross-Site Request Forgery via add_availability_calendar_create_admin_page() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b13388b-19f9-4f5c-9599-efd6ccf978c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/availability-calendar/" + google-query: inurl:"/wp-content/plugins/availability-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,availability-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/availability-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "availability-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/avalex-9bcf1b21f2afb149521c1b2b2eae8a87.yaml b/nuclei-templates/cve-less/plugins/avalex-9bcf1b21f2afb149521c1b2b2eae8a87.yaml new file mode 100644 index 0000000000..ccac263da5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/avalex-9bcf1b21f2afb149521c1b2b2eae8a87.yaml @@ -0,0 +1,58 @@ +id: avalex-9bcf1b21f2afb149521c1b2b2eae8a87 + +info: + name: > + avalex – Automatisch sichere Rechtstexte <= 3.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a76b224-9b55-4294-8a04-44c94a3115f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/avalex/" + google-query: inurl:"/wp-content/plugins/avalex/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,avalex,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/avalex/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "avalex" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/avartan-slider-lite-d11978412fa07cd9d2358fa468a9d42e.yaml b/nuclei-templates/cve-less/plugins/avartan-slider-lite-d11978412fa07cd9d2358fa468a9d42e.yaml new file mode 100644 index 0000000000..5ba416e7a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/avartan-slider-lite-d11978412fa07cd9d2358fa468a9d42e.yaml @@ -0,0 +1,58 @@ +id: avartan-slider-lite-d11978412fa07cd9d2358fa468a9d42e + +info: + name: > + Avartan Slider Lite <= 1.5.3 - Reflected Cross-Site Scripting via 'asview-nouce' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e78116a6-5ce5-4567-95d4-2c19fc1b085a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/avartan-slider-lite/" + google-query: inurl:"/wp-content/plugins/avartan-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,avartan-slider-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/avartan-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "avartan-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/avcp-28b0382bdb3605846c741b0b29e57d1e.yaml b/nuclei-templates/cve-less/plugins/avcp-28b0382bdb3605846c741b0b29e57d1e.yaml new file mode 100644 index 0000000000..4eb01448b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/avcp-28b0382bdb3605846c741b0b29e57d1e.yaml @@ -0,0 +1,58 @@ +id: avcp-28b0382bdb3605846c741b0b29e57d1e + +info: + name: > + ANAC XML Bandi di Gara <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/101945f6-d709-4c99-8c80-def9dd2fa636?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/avcp/" + google-query: inurl:"/wp-content/plugins/avcp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,avcp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/avcp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "avcp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/avenirsoft-directdownload-3231c8774c4d66bff9d3f46fb317e754.yaml b/nuclei-templates/cve-less/plugins/avenirsoft-directdownload-3231c8774c4d66bff9d3f46fb317e754.yaml new file mode 100644 index 0000000000..3748eda08b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/avenirsoft-directdownload-3231c8774c4d66bff9d3f46fb317e754.yaml @@ -0,0 +1,58 @@ +id: avenirsoft-directdownload-3231c8774c4d66bff9d3f46fb317e754 + +info: + name: > + Avenir-soft Direct Download <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78823184-e90a-4f5c-9f08-5ffc22787f16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/avenirsoft-directdownload/" + google-query: inurl:"/wp-content/plugins/avenirsoft-directdownload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,avenirsoft-directdownload,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/avenirsoft-directdownload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "avenirsoft-directdownload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aviary-image-editor-add-on-for-gravity-forms-2837065b3a48acc8f4f2b3e0459274f1.yaml b/nuclei-templates/cve-less/plugins/aviary-image-editor-add-on-for-gravity-forms-2837065b3a48acc8f4f2b3e0459274f1.yaml new file mode 100644 index 0000000000..b93ba8833f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aviary-image-editor-add-on-for-gravity-forms-2837065b3a48acc8f4f2b3e0459274f1.yaml @@ -0,0 +1,58 @@ +id: aviary-image-editor-add-on-for-gravity-forms-2837065b3a48acc8f4f2b3e0459274f1 + +info: + name: > + Aviary Image Editor Add-on For Gravity Forms <= 3.0 (Beta r7) - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51d3c250-301c-4f91-9fe5-56879a65fde7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aviary-image-editor-add-on-for-gravity-forms/" + google-query: inurl:"/wp-content/plugins/aviary-image-editor-add-on-for-gravity-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aviary-image-editor-add-on-for-gravity-forms,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aviary-image-editor-add-on-for-gravity-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aviary-image-editor-add-on-for-gravity-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0 (Beta r7)') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/avirato-calendar-f27c37237edad62fdf365ba901d07da8.yaml b/nuclei-templates/cve-less/plugins/avirato-calendar-f27c37237edad62fdf365ba901d07da8.yaml new file mode 100644 index 0000000000..15c0f354b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/avirato-calendar-f27c37237edad62fdf365ba901d07da8.yaml @@ -0,0 +1,58 @@ +id: avirato-calendar-f27c37237edad62fdf365ba901d07da8 + +info: + name: > + Avirato hotels online booking engine <= 5.0.5 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b62fb1a8-d62d-4d1f-bcce-a081432b9e61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/avirato-calendar/" + google-query: inurl:"/wp-content/plugins/avirato-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,avirato-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/avirato-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "avirato-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aweber-web-form-widget-16c74e447f178d9a81be3266e07ecdda.yaml b/nuclei-templates/cve-less/plugins/aweber-web-form-widget-16c74e447f178d9a81be3266e07ecdda.yaml new file mode 100644 index 0000000000..f4e6e4a43a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aweber-web-form-widget-16c74e447f178d9a81be3266e07ecdda.yaml @@ -0,0 +1,58 @@ +id: aweber-web-form-widget-16c74e447f178d9a81be3266e07ecdda + +info: + name: > + AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth By AWeber <= 7.3.14 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ae3bca-d363-4c4b-809f-0625385bc9a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aweber-web-form-widget/" + google-query: inurl:"/wp-content/plugins/aweber-web-form-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aweber-web-form-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aweber-web-form-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aweber-web-form-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aweber-web-form-widget-cbc652a67aafb71a7a53197a032b3a41.yaml b/nuclei-templates/cve-less/plugins/aweber-web-form-widget-cbc652a67aafb71a7a53197a032b3a41.yaml new file mode 100644 index 0000000000..1cb97bed34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aweber-web-form-widget-cbc652a67aafb71a7a53197a032b3a41.yaml @@ -0,0 +1,58 @@ +id: aweber-web-form-widget-cbc652a67aafb71a7a53197a032b3a41 + +info: + name: > + AWeber <= 7.3.9 - Missing Authorization via AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/397f20d8-2400-4403-8543-f57141378012?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aweber-web-form-widget/" + google-query: inurl:"/wp-content/plugins/aweber-web-form-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aweber-web-form-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aweber-web-form-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aweber-web-form-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-18b2efc80a79b2c683b250abf8605dd3.yaml b/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-18b2efc80a79b2c683b250abf8605dd3.yaml new file mode 100644 index 0000000000..25bb17421e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-18b2efc80a79b2c683b250abf8605dd3.yaml @@ -0,0 +1,58 @@ +id: awesome-filterable-portfolio-18b2efc80a79b2c683b250abf8605dd3 + +info: + name: > + Awesome Filterable Portfolio < 1.9 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bea1f918-d966-4214-8331-e389e4080ca5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-filterable-portfolio/" + google-query: inurl:"/wp-content/plugins/awesome-filterable-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-filterable-portfolio,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-filterable-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-filterable-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-d959830a068b86235ba87177aa38047a.yaml b/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-d959830a068b86235ba87177aa38047a.yaml new file mode 100644 index 0000000000..bb99b0708f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-d959830a068b86235ba87177aa38047a.yaml @@ -0,0 +1,58 @@ +id: awesome-filterable-portfolio-d959830a068b86235ba87177aa38047a + +info: + name: > + Awesome Filterable Portfolio < 1.9 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3c36821-f780-4944-95c9-bcf3bbb73da5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-filterable-portfolio/" + google-query: inurl:"/wp-content/plugins/awesome-filterable-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-filterable-portfolio,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-filterable-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-filterable-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-dd607130eb4cdf70c195f7eed039edc6.yaml b/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-dd607130eb4cdf70c195f7eed039edc6.yaml new file mode 100644 index 0000000000..5aec885b5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-dd607130eb4cdf70c195f7eed039edc6.yaml @@ -0,0 +1,58 @@ +id: awesome-filterable-portfolio-dd607130eb4cdf70c195f7eed039edc6 + +info: + name: > + Awesome Filterable Portfolio <= 1.9.7 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b37a2260-0791-435d-8413-2bf68c388906?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-filterable-portfolio/" + google-query: inurl:"/wp-content/plugins/awesome-filterable-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-filterable-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-filterable-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-filterable-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-ff6624786e8e60814d172183c9a7bf5f.yaml b/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-ff6624786e8e60814d172183c9a7bf5f.yaml new file mode 100644 index 0000000000..09ada8a1cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-filterable-portfolio-ff6624786e8e60814d172183c9a7bf5f.yaml @@ -0,0 +1,58 @@ +id: awesome-filterable-portfolio-ff6624786e8e60814d172183c9a7bf5f + +info: + name: > + Awesome Filterable Portfolio <= 1.9.7 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fb9ceb4-84a6-41bc-97e4-5e4e12a6ea15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-filterable-portfolio/" + google-query: inurl:"/wp-content/plugins/awesome-filterable-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-filterable-portfolio,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-filterable-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-filterable-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-1dd9869669e4a7c4f20b2235d2df68c5.yaml b/nuclei-templates/cve-less/plugins/awesome-support-1dd9869669e4a7c4f20b2235d2df68c5.yaml new file mode 100644 index 0000000000..0240ff2b65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-1dd9869669e4a7c4f20b2235d2df68c5.yaml @@ -0,0 +1,58 @@ +id: awesome-support-1dd9869669e4a7c4f20b2235d2df68c5 + +info: + name: > + Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via editor_html() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-1f2a06a643f40ca267bd342499fdc692.yaml b/nuclei-templates/cve-less/plugins/awesome-support-1f2a06a643f40ca267bd342499fdc692.yaml new file mode 100644 index 0000000000..31aa1408d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-1f2a06a643f40ca267bd342499fdc692.yaml @@ -0,0 +1,58 @@ +id: awesome-support-1f2a06a643f40ca267bd342499fdc692 + +info: + name: > + Awesome Support <= 6.0.7 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9771d688-9c96-4ffb-823e-dcdf8b1cbc51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-266ba42edca3ad9aefeac2a819615d83.yaml b/nuclei-templates/cve-less/plugins/awesome-support-266ba42edca3ad9aefeac2a819615d83.yaml new file mode 100644 index 0000000000..3f6a20a0bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-266ba42edca3ad9aefeac2a819615d83.yaml @@ -0,0 +1,58 @@ +id: awesome-support-266ba42edca3ad9aefeac2a819615d83 + +info: + name: > + Awesome Support – WordPress HelpDesk & Support Plugin < 3.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8faecb99-df49-40b5-a5cb-7a8a21cb512c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-41afc2537de7dc4ac1f3ebf67c718802.yaml b/nuclei-templates/cve-less/plugins/awesome-support-41afc2537de7dc4ac1f3ebf67c718802.yaml new file mode 100644 index 0000000000..a94bfdc127 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-41afc2537de7dc4ac1f3ebf67c718802.yaml @@ -0,0 +1,58 @@ +id: awesome-support-41afc2537de7dc4ac1f3ebf67c718802 + +info: + name: > + Awesome Support – WordPress HelpDesk & Support Plugin <= 3.1.6 - Arbitrary Shortcode Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd7916f3-7844-4f3f-87ae-a8a66a9f3dec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-44e9c5f94ff15d80337fbc26acc2f9ad.yaml b/nuclei-templates/cve-less/plugins/awesome-support-44e9c5f94ff15d80337fbc26acc2f9ad.yaml new file mode 100644 index 0000000000..78fe0e5a01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-44e9c5f94ff15d80337fbc26acc2f9ad.yaml @@ -0,0 +1,58 @@ +id: awesome-support-44e9c5f94ff15d80337fbc26acc2f9ad + +info: + name: > + Awesome Support <= 6.1.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd9f1385-6457-4bc9-9c75-0fcd399a5956?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/awesome-support-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..808479b744 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: awesome-support-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-4d46668ff9f00851738b6095ebac210e.yaml b/nuclei-templates/cve-less/plugins/awesome-support-4d46668ff9f00851738b6095ebac210e.yaml new file mode 100644 index 0000000000..39ed625e6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-4d46668ff9f00851738b6095ebac210e.yaml @@ -0,0 +1,58 @@ +id: awesome-support-4d46668ff9f00851738b6095ebac210e + +info: + name: > + Awesome Support <= 6.1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d69915e9-af9b-4c07-ac43-21c6e350c3c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-57028c13cec1060b66617f5f07c85c6f.yaml b/nuclei-templates/cve-less/plugins/awesome-support-57028c13cec1060b66617f5f07c85c6f.yaml new file mode 100644 index 0000000000..c657c98afb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-57028c13cec1060b66617f5f07c85c6f.yaml @@ -0,0 +1,58 @@ +id: awesome-support-57028c13cec1060b66617f5f07c85c6f + +info: + name: > + Awesome Support <= 6.1.6 - Insufficient Authorization via wpas_can_delete_attachments() + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb8a285-43c6-4956-ad37-484269463b2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-8712cc1632e225c594b19df34ae596ee.yaml b/nuclei-templates/cve-less/plugins/awesome-support-8712cc1632e225c594b19df34ae596ee.yaml new file mode 100644 index 0000000000..4722e16290 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-8712cc1632e225c594b19df34ae596ee.yaml @@ -0,0 +1,58 @@ +id: awesome-support-8712cc1632e225c594b19df34ae596ee + +info: + name: > + Awesome Support <= 6.1.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbb59e76-5256-4883-b9cf-7c336b4ff8a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-89ce07ac930dc51991979cb98280bbb8.yaml b/nuclei-templates/cve-less/plugins/awesome-support-89ce07ac930dc51991979cb98280bbb8.yaml new file mode 100644 index 0000000000..0d8bb2c7a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-89ce07ac930dc51991979cb98280bbb8.yaml @@ -0,0 +1,58 @@ +id: awesome-support-89ce07ac930dc51991979cb98280bbb8 + +info: + name: > + Awesome Support <= 6.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a162132a-f893-42fa-85f1-b42f738891a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-938da0cde8319acbc8cd634349637fad.yaml b/nuclei-templates/cve-less/plugins/awesome-support-938da0cde8319acbc8cd634349637fad.yaml new file mode 100644 index 0000000000..a5cd20c16a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-938da0cde8319acbc8cd634349637fad.yaml @@ -0,0 +1,58 @@ +id: awesome-support-938da0cde8319acbc8cd634349637fad + +info: + name: > + Awesome Support – WordPress HelpDesk & Support Plugin <= 6.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eba7ab33-bcb6-4ada-ae5f-0df758fc719a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-95ed715a05e3d26da6f74ccbd6ab85ad.yaml b/nuclei-templates/cve-less/plugins/awesome-support-95ed715a05e3d26da6f74ccbd6ab85ad.yaml new file mode 100644 index 0000000000..0442266a08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-95ed715a05e3d26da6f74ccbd6ab85ad.yaml @@ -0,0 +1,58 @@ +id: awesome-support-95ed715a05e3d26da6f74ccbd6ab85ad + +info: + name: > + Awesome Support <= 6.1.4 - Cross-Site Request Forgery via wpas_edit_reply_ajax() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/579b887a-4140-4e12-9a9a-ba52d212b8a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-b26029d3fea40b72701a527b04841a5f.yaml b/nuclei-templates/cve-less/plugins/awesome-support-b26029d3fea40b72701a527b04841a5f.yaml new file mode 100644 index 0000000000..cf93a528e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-b26029d3fea40b72701a527b04841a5f.yaml @@ -0,0 +1,58 @@ +id: awesome-support-b26029d3fea40b72701a527b04841a5f + +info: + name: > + Awesome Support <= 6.1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eee27f2c-bc21-4b0f-9de5-da1035c54857?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-b6e9ca61c7913b93778f0505c3d8b45b.yaml b/nuclei-templates/cve-less/plugins/awesome-support-b6e9ca61c7913b93778f0505c3d8b45b.yaml new file mode 100644 index 0000000000..4b5124d777 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-b6e9ca61c7913b93778f0505c3d8b45b.yaml @@ -0,0 +1,58 @@ +id: awesome-support-b6e9ca61c7913b93778f0505c3d8b45b + +info: + name: > + Awesome Support <= 6.1.5 - Missing Authorization via wpas_load_reply_history + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d713de0-40a4-4926-9942-e5e2bf7434c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-d27639e06760fb0c9830c5a72e87ab5f.yaml b/nuclei-templates/cve-less/plugins/awesome-support-d27639e06760fb0c9830c5a72e87ab5f.yaml new file mode 100644 index 0000000000..25895b2de3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-d27639e06760fb0c9830c5a72e87ab5f.yaml @@ -0,0 +1,58 @@ +id: awesome-support-d27639e06760fb0c9830c5a72e87ab5f + +info: + name: > + Awesome Support <= 6.1.4 - Authenticated (Submitter+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f32cd8e4-51bf-4fdf-ae14-155f8661dbdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-d4c78d8203546198e179a467ececd0d8.yaml b/nuclei-templates/cve-less/plugins/awesome-support-d4c78d8203546198e179a467ececd0d8.yaml new file mode 100644 index 0000000000..63332cb7d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-d4c78d8203546198e179a467ececd0d8.yaml @@ -0,0 +1,58 @@ +id: awesome-support-d4c78d8203546198e179a467ececd0d8 + +info: + name: > + Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Missing Authorization via wpas_get_users() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-de2f88d15a1b5aecd6a16f406646e9a9.yaml b/nuclei-templates/cve-less/plugins/awesome-support-de2f88d15a1b5aecd6a16f406646e9a9.yaml new file mode 100644 index 0000000000..d37c92564c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-de2f88d15a1b5aecd6a16f406646e9a9.yaml @@ -0,0 +1,58 @@ +id: awesome-support-de2f88d15a1b5aecd6a16f406646e9a9 + +info: + name: > + Awesome Support <= 6.1.4 - Missing Authorization via wpas_edit_reply_ajax() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dec91d7-19cf-480d-871c-427cd1e691a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-e5141ff592bd9997e23b1aad269872cc.yaml b/nuclei-templates/cve-less/plugins/awesome-support-e5141ff592bd9997e23b1aad269872cc.yaml new file mode 100644 index 0000000000..70652a45a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-e5141ff592bd9997e23b1aad269872cc.yaml @@ -0,0 +1,58 @@ +id: awesome-support-e5141ff592bd9997e23b1aad269872cc + +info: + name: > + Awesome Support – WordPress HelpDesk & Support Plugin <= 6.0.13 - Cross-Site Scripting via post_title + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e52f799e-9174-45a2-9ed6-7aedb26b36bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-e5b491b44226f62122b1d1d362aae078.yaml b/nuclei-templates/cve-less/plugins/awesome-support-e5b491b44226f62122b1d1d362aae078.yaml new file mode 100644 index 0000000000..8ef6439cbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-e5b491b44226f62122b1d1d362aae078.yaml @@ -0,0 +1,58 @@ +id: awesome-support-e5b491b44226f62122b1d1d362aae078 + +info: + name: > + Awesome Support <= 6.1.1 - Insecure Direct Object Reference to (Subscriber+) Ticket Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a94c5e7-a3d6-435b-9d10-0c325a13124f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-support-f3efba04fcdce6cec3efa7cec92aedc6.yaml b/nuclei-templates/cve-less/plugins/awesome-support-f3efba04fcdce6cec3efa7cec92aedc6.yaml new file mode 100644 index 0000000000..8d85ca78b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-support-f3efba04fcdce6cec3efa7cec92aedc6.yaml @@ -0,0 +1,58 @@ +id: awesome-support-f3efba04fcdce6cec3efa7cec92aedc6 + +info: + name: > + Awesome Support – WordPress HelpDesk & Support Plugin <= 6.1.7 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8494a0f6-7079-4fba-9901-76932b002c5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-support/" + google-query: inurl:"/wp-content/plugins/awesome-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-weather-24dc0fb35229c989c41ed2754572ea29.yaml b/nuclei-templates/cve-less/plugins/awesome-weather-24dc0fb35229c989c41ed2754572ea29.yaml new file mode 100644 index 0000000000..9fbfb0ef42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-weather-24dc0fb35229c989c41ed2754572ea29.yaml @@ -0,0 +1,58 @@ +id: awesome-weather-24dc0fb35229c989c41ed2754572ea29 + +info: + name: > + Awesome Weather Widget <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bf77988-370b-437f-83a0-18a147e3e087?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-weather/" + google-query: inurl:"/wp-content/plugins/awesome-weather/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-weather,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-weather/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-weather" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awesome-weather-906c7d163a05db6b1db16532f52ba291.yaml b/nuclei-templates/cve-less/plugins/awesome-weather-906c7d163a05db6b1db16532f52ba291.yaml new file mode 100644 index 0000000000..526ed9d3b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awesome-weather-906c7d163a05db6b1db16532f52ba291.yaml @@ -0,0 +1,58 @@ +id: awesome-weather-906c7d163a05db6b1db16532f52ba291 + +info: + name: > + Awesome Weather Widget <= 3.0.2 - Reflected Cross-site Scripting via id Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d261e25-7355-4220-882c-f3266c64252a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awesome-weather/" + google-query: inurl:"/wp-content/plugins/awesome-weather/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awesome-weather,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awesome-weather/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awesome-weather" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awin-data-feed-8c4a0974b3df67f7339b8c6388934e6e.yaml b/nuclei-templates/cve-less/plugins/awin-data-feed-8c4a0974b3df67f7339b8c6388934e6e.yaml new file mode 100644 index 0000000000..88c6ce27c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awin-data-feed-8c4a0974b3df67f7339b8c6388934e6e.yaml @@ -0,0 +1,58 @@ +id: awin-data-feed-8c4a0974b3df67f7339b8c6388934e6e + +info: + name: > + Awin Data Feed <= 1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c36181aa-39c2-4009-b687-5964a6cc45c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awin-data-feed/" + google-query: inurl:"/wp-content/plugins/awin-data-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awin-data-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awin-data-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awin-data-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/awin-data-feed-b0fddc41ffe057bf823e73bc28d298ac.yaml b/nuclei-templates/cve-less/plugins/awin-data-feed-b0fddc41ffe057bf823e73bc28d298ac.yaml new file mode 100644 index 0000000000..46efb3ef24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/awin-data-feed-b0fddc41ffe057bf823e73bc28d298ac.yaml @@ -0,0 +1,58 @@ +id: awin-data-feed-b0fddc41ffe057bf823e73bc28d298ac + +info: + name: > + Awin Data Feed <= 1.7 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cae284dd-34e0-4dc5-a954-b37935f3cfbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/awin-data-feed/" + google-query: inurl:"/wp-content/plugins/awin-data-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,awin-data-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/awin-data-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "awin-data-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/aws-cdn-by-wpadmin-69ff1cf9c2667131344592beac8a2eff.yaml b/nuclei-templates/cve-less/plugins/aws-cdn-by-wpadmin-69ff1cf9c2667131344592beac8a2eff.yaml new file mode 100644 index 0000000000..aa809a6d9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/aws-cdn-by-wpadmin-69ff1cf9c2667131344592beac8a2eff.yaml @@ -0,0 +1,58 @@ +id: aws-cdn-by-wpadmin-69ff1cf9c2667131344592beac8a2eff + +info: + name: > + WPAdmin AWS CDN <= 2.0.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b039c23-51d4-422a-a57b-59abaeca682c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/aws-cdn-by-wpadmin/" + google-query: inurl:"/wp-content/plugins/aws-cdn-by-wpadmin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,aws-cdn-by-wpadmin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/aws-cdn-by-wpadmin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aws-cdn-by-wpadmin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-6b7b2b04e942b5d2f162bf42039d4c12.yaml b/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-6b7b2b04e942b5d2f162bf42039d4c12.yaml new file mode 100644 index 0000000000..6d755b99ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-6b7b2b04e942b5d2f162bf42039d4c12.yaml @@ -0,0 +1,58 @@ +id: ays-facebook-popup-likebox-6b7b2b04e942b5d2f162bf42039d4c12 + +info: + name: > + Popup Like box <= 3.6.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e00b187-9a28-45fb-8d4d-e9401d739486?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-facebook-popup-likebox/" + google-query: inurl:"/wp-content/plugins/ays-facebook-popup-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-facebook-popup-likebox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-facebook-popup-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-facebook-popup-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-90c4cbfb7712449319d9759e0ded5087.yaml b/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-90c4cbfb7712449319d9759e0ded5087.yaml new file mode 100644 index 0000000000..50e6bbfdc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-90c4cbfb7712449319d9759e0ded5087.yaml @@ -0,0 +1,58 @@ +id: ays-facebook-popup-likebox-90c4cbfb7712449319d9759e0ded5087 + +info: + name: > + Popup Like box – Page <= 3.7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87b49bae-05e6-44cd-86a1-8df3249a25f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-facebook-popup-likebox/" + google-query: inurl:"/wp-content/plugins/ays-facebook-popup-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-facebook-popup-likebox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-facebook-popup-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-facebook-popup-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-c5dca15da955e97b5160cc77880cc971.yaml b/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-c5dca15da955e97b5160cc77880cc971.yaml new file mode 100644 index 0000000000..f656853146 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-facebook-popup-likebox-c5dca15da955e97b5160cc77880cc971.yaml @@ -0,0 +1,58 @@ +id: ays-facebook-popup-likebox-c5dca15da955e97b5160cc77880cc971 + +info: + name: > + Popup Like box – Page Plugin < 3.5.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1df74d3d-b7c9-4cf8-b1a7-d2b0b4f706d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-facebook-popup-likebox/" + google-query: inurl:"/wp-content/plugins/ays-facebook-popup-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-facebook-popup-likebox,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-facebook-popup-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-facebook-popup-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-popup-box-248e31ef2c55014a53d3afdb1f6ae07b.yaml b/nuclei-templates/cve-less/plugins/ays-popup-box-248e31ef2c55014a53d3afdb1f6ae07b.yaml new file mode 100644 index 0000000000..40facd6dc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-popup-box-248e31ef2c55014a53d3afdb1f6ae07b.yaml @@ -0,0 +1,58 @@ +id: ays-popup-box-248e31ef2c55014a53d3afdb1f6ae07b + +info: + name: > + Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22ff0b0c-ffd9-4aae-9e49-069fd1b47f17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-popup-box/" + google-query: inurl:"/wp-content/plugins/ays-popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-popup-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-popup-box-4f73bdbdeaed18569d9edce85c2c628c.yaml b/nuclei-templates/cve-less/plugins/ays-popup-box-4f73bdbdeaed18569d9edce85c2c628c.yaml new file mode 100644 index 0000000000..90fa6e31bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-popup-box-4f73bdbdeaed18569d9edce85c2c628c.yaml @@ -0,0 +1,58 @@ +id: ays-popup-box-4f73bdbdeaed18569d9edce85c2c628c + +info: + name: > + Popup Box Pro < 20.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27a36e90-9678-4832-9f37-b54fe75f5571?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-popup-box/" + google-query: inurl:"/wp-content/plugins/ays-popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-popup-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 7.0.0', '< 20.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-popup-box-5d4640c4264ffacd4152e50de3f3f317.yaml b/nuclei-templates/cve-less/plugins/ays-popup-box-5d4640c4264ffacd4152e50de3f3f317.yaml new file mode 100644 index 0000000000..b94882900c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-popup-box-5d4640c4264ffacd4152e50de3f3f317.yaml @@ -0,0 +1,58 @@ +id: ays-popup-box-5d4640c4264ffacd4152e50de3f3f317 + +info: + name: > + Popup box <= 3.4.4 - Reflected Cross-Site Scripting via 'ays_pb_tab' Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01f60df7-0602-4a00-9905-a91348811dfe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-popup-box/" + google-query: inurl:"/wp-content/plugins/ays-popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-popup-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-popup-box-5f0f062620e3c5241de7c7fa9457553a.yaml b/nuclei-templates/cve-less/plugins/ays-popup-box-5f0f062620e3c5241de7c7fa9457553a.yaml new file mode 100644 index 0000000000..e9f98ad6b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-popup-box-5f0f062620e3c5241de7c7fa9457553a.yaml @@ -0,0 +1,58 @@ +id: ays-popup-box-5f0f062620e3c5241de7c7fa9457553a + +info: + name: > + Popup box <= 4.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffae2808-454e-4380-af83-b181cf2e8fbd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-popup-box/" + google-query: inurl:"/wp-content/plugins/ays-popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-popup-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-popup-box-74192cf75d7a306906b056f839712e82.yaml b/nuclei-templates/cve-less/plugins/ays-popup-box-74192cf75d7a306906b056f839712e82.yaml new file mode 100644 index 0000000000..1ca70b5116 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-popup-box-74192cf75d7a306906b056f839712e82.yaml @@ -0,0 +1,58 @@ +id: ays-popup-box-74192cf75d7a306906b056f839712e82 + +info: + name: > + Popup Box – Best WordPress Popup Plugin <= 4.3.6 - Missing Authorization to Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e71e3624-ccda-4c9c-90e9-e557dd19b644?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-popup-box/" + google-query: inurl:"/wp-content/plugins/ays-popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-popup-box,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-popup-box-8198c675532e8f307d66f6e19540bf63.yaml b/nuclei-templates/cve-less/plugins/ays-popup-box-8198c675532e8f307d66f6e19540bf63.yaml new file mode 100644 index 0000000000..3270896d65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-popup-box-8198c675532e8f307d66f6e19540bf63.yaml @@ -0,0 +1,58 @@ +id: ays-popup-box-8198c675532e8f307d66f6e19540bf63 + +info: + name: > + Popup box < 2.3.4 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edacede9-8a31-4d7f-b075-8265e3bbe2d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-popup-box/" + google-query: inurl:"/wp-content/plugins/ays-popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-popup-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-popup-box-838e3be64c22dc1203b2c46a22794d70.yaml b/nuclei-templates/cve-less/plugins/ays-popup-box-838e3be64c22dc1203b2c46a22794d70.yaml new file mode 100644 index 0000000000..39e7889c37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-popup-box-838e3be64c22dc1203b2c46a22794d70.yaml @@ -0,0 +1,58 @@ +id: ays-popup-box-838e3be64c22dc1203b2c46a22794d70 + +info: + name: > + Popup Box <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a40bac7-d3b8-486d-938a-30591ff3016c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-popup-box/" + google-query: inurl:"/wp-content/plugins/ays-popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-popup-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-popup-box-c01322d993d29040f70fca990f38339c.yaml b/nuclei-templates/cve-less/plugins/ays-popup-box-c01322d993d29040f70fca990f38339c.yaml new file mode 100644 index 0000000000..e7677c66c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-popup-box-c01322d993d29040f70fca990f38339c.yaml @@ -0,0 +1,58 @@ +id: ays-popup-box-c01322d993d29040f70fca990f38339c + +info: + name: > + Popup Box – Best WordPress Popup Plugin <= 3.7.8 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b947bd68-2dfa-4637-8f10-39c283fdac70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-popup-box/" + google-query: inurl:"/wp-content/plugins/ays-popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-popup-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-popup-box-ffda73ee0ac47c439700ae8ebfad208d.yaml b/nuclei-templates/cve-less/plugins/ays-popup-box-ffda73ee0ac47c439700ae8ebfad208d.yaml new file mode 100644 index 0000000000..d221c18c30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-popup-box-ffda73ee0ac47c439700ae8ebfad208d.yaml @@ -0,0 +1,58 @@ +id: ays-popup-box-ffda73ee0ac47c439700ae8ebfad208d + +info: + name: > + Popup Box <= 3.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6dbbb52-4202-4d69-837f-c7d5ca06fab5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-popup-box/" + google-query: inurl:"/wp-content/plugins/ays-popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-popup-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ays-slider-46069454c6ba944e642bfecf69aa0fc3.yaml b/nuclei-templates/cve-less/plugins/ays-slider-46069454c6ba944e642bfecf69aa0fc3.yaml new file mode 100644 index 0000000000..16f6a26b64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ays-slider-46069454c6ba944e642bfecf69aa0fc3.yaml @@ -0,0 +1,58 @@ +id: ays-slider-46069454c6ba944e642bfecf69aa0fc3 + +info: + name: > + Image Slider by Ays- Responsive Slider and Carousel < 2.5.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a522fb0b-ce75-4593-90dd-f7c04d2ba9e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ays-slider/" + google-query: inurl:"/wp-content/plugins/ays-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ays-slider,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ays-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ays-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/b-slider-f176e53a42ca2011d6f5c8a03ade6f30.yaml b/nuclei-templates/cve-less/plugins/b-slider-f176e53a42ca2011d6f5c8a03ade6f30.yaml new file mode 100644 index 0000000000..94e012c10e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/b-slider-f176e53a42ca2011d6f5c8a03ade6f30.yaml @@ -0,0 +1,58 @@ +id: b-slider-f176e53a42ca2011d6f5c8a03ade6f30 + +info: + name: > + B Slider - Slider for your block editor <= 1.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cfe91e6-238b-4652-892c-0016c1330088?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/b-slider/" + google-query: inurl:"/wp-content/plugins/b-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,b-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/b-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "b-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/b2bking-wholesale-for-woocommerce-5676c8d193c6c7c7c19f827a6027fe03.yaml b/nuclei-templates/cve-less/plugins/b2bking-wholesale-for-woocommerce-5676c8d193c6c7c7c19f827a6027fe03.yaml new file mode 100644 index 0000000000..adb3885fac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/b2bking-wholesale-for-woocommerce-5676c8d193c6c7c7c19f827a6027fe03.yaml @@ -0,0 +1,58 @@ +id: b2bking-wholesale-for-woocommerce-5676c8d193c6c7c7c19f827a6027fe03 + +info: + name: > + B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2e3ac14-1421-49f0-9c60-7f7d5c9d7654?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/b2bking-wholesale-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/b2bking-wholesale-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,b2bking-wholesale-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/b2bking-wholesale-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "b2bking-wholesale-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.00') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/b2bking-wholesale-for-woocommerce-eef58a96354df2086d4576efe4313ff1.yaml b/nuclei-templates/cve-less/plugins/b2bking-wholesale-for-woocommerce-eef58a96354df2086d4576efe4313ff1.yaml new file mode 100644 index 0000000000..c9886f0998 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/b2bking-wholesale-for-woocommerce-eef58a96354df2086d4576efe4313ff1.yaml @@ -0,0 +1,58 @@ +id: b2bking-wholesale-for-woocommerce-eef58a96354df2086d4576efe4313ff1 + +info: + name: > + B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Price Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3f2c4c3-73d6-4b3b-8eb3-c494f52dc183?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/b2bking-wholesale-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/b2bking-wholesale-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,b2bking-wholesale-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/b2bking-wholesale-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "b2bking-wholesale-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.00') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ba-book-everything-08de41cb2b0c0b28a5deead53bb308d8.yaml b/nuclei-templates/cve-less/plugins/ba-book-everything-08de41cb2b0c0b28a5deead53bb308d8.yaml new file mode 100644 index 0000000000..a3d2569385 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ba-book-everything-08de41cb2b0c0b28a5deead53bb308d8.yaml @@ -0,0 +1,58 @@ +id: ba-book-everything-08de41cb2b0c0b28a5deead53bb308d8 + +info: + name: > + BA Book Everything <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ce06d3-491e-4565-8b26-f33937aee3e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ba-book-everything/" + google-query: inurl:"/wp-content/plugins/ba-book-everything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ba-book-everything,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ba-book-everything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ba-book-everything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ba-book-everything-32308cb2a86eba1af06f28c633448e1e.yaml b/nuclei-templates/cve-less/plugins/ba-book-everything-32308cb2a86eba1af06f28c633448e1e.yaml new file mode 100644 index 0000000000..c1f81d7510 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ba-book-everything-32308cb2a86eba1af06f28c633448e1e.yaml @@ -0,0 +1,58 @@ +id: ba-book-everything-32308cb2a86eba1af06f28c633448e1e + +info: + name: > + BA Book Everything <= 1.6.4 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/107c82fa-fcb1-40df-9c53-bc8f23810f2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ba-book-everything/" + google-query: inurl:"/wp-content/plugins/ba-book-everything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ba-book-everything,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ba-book-everything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ba-book-everything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ba-book-everything-4012f134749539452de47052e41b95bf.yaml b/nuclei-templates/cve-less/plugins/ba-book-everything-4012f134749539452de47052e41b95bf.yaml new file mode 100644 index 0000000000..5273988e03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ba-book-everything-4012f134749539452de47052e41b95bf.yaml @@ -0,0 +1,58 @@ +id: ba-book-everything-4012f134749539452de47052e41b95bf + +info: + name: > + BA Book Everything <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad374338-2bf4-4322-be5e-b4fe07acf80d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ba-book-everything/" + google-query: inurl:"/wp-content/plugins/ba-book-everything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ba-book-everything,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ba-book-everything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ba-book-everything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ba-plus-before-after-image-slider-free-a65ff3a4b26159a2c4e25124ed20b089.yaml b/nuclei-templates/cve-less/plugins/ba-plus-before-after-image-slider-free-a65ff3a4b26159a2c4e25124ed20b089.yaml new file mode 100644 index 0000000000..3cd14551b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ba-plus-before-after-image-slider-free-a65ff3a4b26159a2c4e25124ed20b089.yaml @@ -0,0 +1,58 @@ +id: ba-plus-before-after-image-slider-free-a65ff3a4b26159a2c4e25124ed20b089 + +info: + name: > + BA Plus <= 1.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab6f54d-0358-4f0c-aba5-b4053e1a345d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ba-plus-before-after-image-slider-free/" + google-query: inurl:"/wp-content/plugins/ba-plus-before-after-image-slider-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ba-plus-before-after-image-slider-free,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ba-plus-before-after-image-slider-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ba-plus-before-after-image-slider-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/back-button-widget-9a6e06a6f52e0f7856e09ef8ac51eff2.yaml b/nuclei-templates/cve-less/plugins/back-button-widget-9a6e06a6f52e0f7856e09ef8ac51eff2.yaml new file mode 100644 index 0000000000..4b57c4c8c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/back-button-widget-9a6e06a6f52e0f7856e09ef8ac51eff2.yaml @@ -0,0 +1,58 @@ +id: back-button-widget-9a6e06a6f52e0f7856e09ef8ac51eff2 + +info: + name: > + Back Button Widget <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcd28bc3-f893-4eb7-946f-34a2e9c7ff27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/back-button-widget/" + google-query: inurl:"/wp-content/plugins/back-button-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,back-button-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/back-button-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "back-button-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/back-in-stock-notifier-for-woocommerce-c6eded4721823fad177e3bbf3127c4c2.yaml b/nuclei-templates/cve-less/plugins/back-in-stock-notifier-for-woocommerce-c6eded4721823fad177e3bbf3127c4c2.yaml new file mode 100644 index 0000000000..e06b059a17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/back-in-stock-notifier-for-woocommerce-c6eded4721823fad177e3bbf3127c4c2.yaml @@ -0,0 +1,58 @@ +id: back-in-stock-notifier-for-woocommerce-c6eded4721823fad177e3bbf3127c4c2 + +info: + name: > + Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7f59489-9bff-4d22-8f99-6ea52d702ecf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/back-in-stock-notifier-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/back-in-stock-notifier-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,back-in-stock-notifier-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/back-in-stock-notifier-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "back-in-stock-notifier-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/back-to-the-top-button-0adc72a8beddf445761ccd2b42cda0f5.yaml b/nuclei-templates/cve-less/plugins/back-to-the-top-button-0adc72a8beddf445761ccd2b42cda0f5.yaml new file mode 100644 index 0000000000..cf47a76ef1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/back-to-the-top-button-0adc72a8beddf445761ccd2b42cda0f5.yaml @@ -0,0 +1,58 @@ +id: back-to-the-top-button-0adc72a8beddf445761ccd2b42cda0f5 + +info: + name: > + Back To The Top Button <= 2.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed8cd92a-c791-4781-a7bc-9b2a4d559d7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/back-to-the-top-button/" + google-query: inurl:"/wp-content/plugins/back-to-the-top-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,back-to-the-top-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/back-to-the-top-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "back-to-the-top-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backend-designer-8a00d4110806870e5118fa117a1c5da6.yaml b/nuclei-templates/cve-less/plugins/backend-designer-8a00d4110806870e5118fa117a1c5da6.yaml new file mode 100644 index 0000000000..d7742095c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backend-designer-8a00d4110806870e5118fa117a1c5da6.yaml @@ -0,0 +1,58 @@ +id: backend-designer-8a00d4110806870e5118fa117a1c5da6 + +info: + name: > + Backend Designer <= 1.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0829035-7782-456d-acd5-639051d7ebc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backend-designer/" + google-query: inurl:"/wp-content/plugins/backend-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backend-designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backend-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backend-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-31705d92f5b0540e46103bf0e8f5290e.yaml b/nuclei-templates/cve-less/plugins/backup-31705d92f5b0540e46103bf0e8f5290e.yaml new file mode 100644 index 0000000000..2ae36fd23a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-31705d92f5b0540e46103bf0e8f5290e.yaml @@ -0,0 +1,58 @@ +id: backup-31705d92f5b0540e46103bf0e8f5290e + +info: + name: > + JetBackup – WP Backup, Migrate & Restore <= 1.4.0 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e2a9d71-21ef-45a1-99ed-477066ce9620?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup/" + google-query: inurl:"/wp-content/plugins/backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-506d872307a475af76e6ae5402a1e474.yaml b/nuclei-templates/cve-less/plugins/backup-506d872307a475af76e6ae5402a1e474.yaml new file mode 100644 index 0000000000..6acaaa4617 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-506d872307a475af76e6ae5402a1e474.yaml @@ -0,0 +1,58 @@ +id: backup-506d872307a475af76e6ae5402a1e474 + +info: + name: > + JetBackup – WP Backup, Migrate & Restore <= 1.4.1 - Missing Authorization to Unauthorized Backup Location Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59532447-1d74-4d34-85f5-d89b65a001d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup/" + google-query: inurl:"/wp-content/plugins/backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-892437eb68b329dd17b3be2557272f56.yaml b/nuclei-templates/cve-less/plugins/backup-892437eb68b329dd17b3be2557272f56.yaml new file mode 100644 index 0000000000..51a273a003 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-892437eb68b329dd17b3be2557272f56.yaml @@ -0,0 +1,58 @@ +id: backup-892437eb68b329dd17b3be2557272f56 + +info: + name: > + Backup Guard <= 1.5.9 - Authenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01e8e53c-8d23-4bd3-9291-29f97df7c984?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup/" + google-query: inurl:"/wp-content/plugins/backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-8bb122c471113121afc3ab2c199c2c7d.yaml b/nuclei-templates/cve-less/plugins/backup-8bb122c471113121afc3ab2c199c2c7d.yaml new file mode 100644 index 0000000000..fe0a00face --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-8bb122c471113121afc3ab2c199c2c7d.yaml @@ -0,0 +1,58 @@ +id: backup-8bb122c471113121afc3ab2c199c2c7d + +info: + name: > + JetBackup – WP Backup, Migrate & Restore <= 1.3.9 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae8de00-ba4c-48d2-a566-13dac0bc4312?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup/" + google-query: inurl:"/wp-content/plugins/backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-8eae7ffaabe0ed4cfdd5b1537b7b4d67.yaml b/nuclei-templates/cve-less/plugins/backup-8eae7ffaabe0ed4cfdd5b1537b7b4d67.yaml new file mode 100644 index 0000000000..27247a1963 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-8eae7ffaabe0ed4cfdd5b1537b7b4d67.yaml @@ -0,0 +1,58 @@ +id: backup-8eae7ffaabe0ed4cfdd5b1537b7b4d67 + +info: + name: > + Backup Guard <= 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a581d5e-11c3-468a-b4a1-6507f898f5ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup/" + google-query: inurl:"/wp-content/plugins/backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-9458fe34c744167704f938702ae6ca24.yaml b/nuclei-templates/cve-less/plugins/backup-9458fe34c744167704f938702ae6ca24.yaml new file mode 100644 index 0000000000..d78f107a18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-9458fe34c744167704f938702ae6ca24.yaml @@ -0,0 +1,58 @@ +id: backup-9458fe34c744167704f938702ae6ca24 + +info: + name: > + BackupGuard <= 1.1.46 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e61c868-b430-4aa6-8664-ae237db73d66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup/" + google-query: inurl:"/wp-content/plugins/backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-9b7d6017f1a72f048acef7512ee0eb68.yaml b/nuclei-templates/cve-less/plugins/backup-9b7d6017f1a72f048acef7512ee0eb68.yaml new file mode 100644 index 0000000000..8d47bd2858 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-9b7d6017f1a72f048acef7512ee0eb68.yaml @@ -0,0 +1,58 @@ +id: backup-9b7d6017f1a72f048acef7512ee0eb68 + +info: + name: > + JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd978ac0-42f2-4746-9430-37458375b588?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup/" + google-query: inurl:"/wp-content/plugins/backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-backup-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/cve-less/plugins/backup-backup-25a10466c42d47292b8a71c862e9a26a.yaml new file mode 100644 index 0000000000..9080ade6ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-backup-25a10466c42d47292b8a71c862e9a26a.yaml @@ -0,0 +1,58 @@ +id: backup-backup-25a10466c42d47292b8a71c862e9a26a + +info: + name: > + Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-backup/" + google-query: inurl:"/wp-content/plugins/backup-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-backup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-backup-5143c97c48d7dbc931ae167f87839db5.yaml b/nuclei-templates/cve-less/plugins/backup-backup-5143c97c48d7dbc931ae167f87839db5.yaml new file mode 100644 index 0000000000..dc55173ff8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-backup-5143c97c48d7dbc931ae167f87839db5.yaml @@ -0,0 +1,58 @@ +id: backup-backup-5143c97c48d7dbc931ae167f87839db5 + +info: + name: > + Backup Migration 1.0.8 - 1.3.9 - Remote File Inclusion via content-dir + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b380283c-0dbb-4d67-9f66-cb7c400c0427?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-backup/" + google-query: inurl:"/wp-content/plugins/backup-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-backup,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.8', '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-backup-62786f2608f27a539a0474c4d2ebfa59.yaml b/nuclei-templates/cve-less/plugins/backup-backup-62786f2608f27a539a0474c4d2ebfa59.yaml new file mode 100644 index 0000000000..89be435916 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-backup-62786f2608f27a539a0474c4d2ebfa59.yaml @@ -0,0 +1,58 @@ +id: backup-backup-62786f2608f27a539a0474c4d2ebfa59 + +info: + name: > + Backup Migration <= 1.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cb4a14a-8bef-4747-ac89-70891f5c44bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-backup/" + google-query: inurl:"/wp-content/plugins/backup-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-backup-69b19f14e2d5ec73b6d0b29b5ce933ea.yaml b/nuclei-templates/cve-less/plugins/backup-backup-69b19f14e2d5ec73b6d0b29b5ce933ea.yaml new file mode 100644 index 0000000000..65034fa886 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-backup-69b19f14e2d5ec73b6d0b29b5ce933ea.yaml @@ -0,0 +1,58 @@ +id: backup-backup-69b19f14e2d5ec73b6d0b29b5ce933ea + +info: + name: > + Backup Migration <= 1.3.9 - Authenticated (Admin+) OS Command Injection via url + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc49db10-988d-42bd-a9cf-9a86f4c79568?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-backup/" + google-query: inurl:"/wp-content/plugins/backup-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-backup-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/cve-less/plugins/backup-backup-6ac56b73dfbde68009426ab1366ff6c2.yaml new file mode 100644 index 0000000000..7f1a2de22e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-backup-6ac56b73dfbde68009426ab1366ff6c2.yaml @@ -0,0 +1,58 @@ +id: backup-backup-6ac56b73dfbde68009426ab1366ff6c2 + +info: + name: > + Inisev Analyst Module <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-backup/" + google-query: inurl:"/wp-content/plugins/backup-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-backup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-backup-87fc5ec6b1d8ce88fa24b6d37dc7769d.yaml b/nuclei-templates/cve-less/plugins/backup-backup-87fc5ec6b1d8ce88fa24b6d37dc7769d.yaml new file mode 100644 index 0000000000..b2d1468306 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-backup-87fc5ec6b1d8ce88fa24b6d37dc7769d.yaml @@ -0,0 +1,58 @@ +id: backup-backup-87fc5ec6b1d8ce88fa24b6d37dc7769d + +info: + name: > + Backup Migration <= 1.4.3 - Information Exposure via Log Files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af870e80-ad9e-4f45-952f-9ffb07ceca9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-backup/" + google-query: inurl:"/wp-content/plugins/backup-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-backup-a95d754905d3f53fb57a0e2d890050ed.yaml b/nuclei-templates/cve-less/plugins/backup-backup-a95d754905d3f53fb57a0e2d890050ed.yaml new file mode 100644 index 0000000000..bea05938bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-backup-a95d754905d3f53fb57a0e2d890050ed.yaml @@ -0,0 +1,58 @@ +id: backup-backup-a95d754905d3f53fb57a0e2d890050ed + +info: + name: > + Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3511ba64-56a3-43d7-8ab8-c6e40e3b686e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-backup/" + google-query: inurl:"/wp-content/plugins/backup-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-backup-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/cve-less/plugins/backup-backup-c451f687ef3559dbeeebe92c1e87ed44.yaml new file mode 100644 index 0000000000..2dd9cabf4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-backup-c451f687ef3559dbeeebe92c1e87ed44.yaml @@ -0,0 +1,58 @@ +id: backup-backup-c451f687ef3559dbeeebe92c1e87ed44 + +info: + name: > + Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-backup/" + google-query: inurl:"/wp-content/plugins/backup-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-backup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-backup-d0b7defb1dd587ee6e11e3b384bd4e57.yaml b/nuclei-templates/cve-less/plugins/backup-backup-d0b7defb1dd587ee6e11e3b384bd4e57.yaml new file mode 100644 index 0000000000..c235e0ffcd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-backup-d0b7defb1dd587ee6e11e3b384bd4e57.yaml @@ -0,0 +1,58 @@ +id: backup-backup-d0b7defb1dd587ee6e11e3b384bd4e57 + +info: + name: > + Backup Migration <= 1.3.6 - Unauthenticated Arbitrary File Download to Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08801f53-3c57-41a3-a637-4b52637cc612?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-backup/" + google-query: inurl:"/wp-content/plugins/backup-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-backup-dc13d87f49a5c107f5d523c7a6538ca9.yaml b/nuclei-templates/cve-less/plugins/backup-backup-dc13d87f49a5c107f5d523c7a6538ca9.yaml new file mode 100644 index 0000000000..eb26fab461 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-backup-dc13d87f49a5c107f5d523c7a6538ca9.yaml @@ -0,0 +1,58 @@ +id: backup-backup-dc13d87f49a5c107f5d523c7a6538ca9 + +info: + name: > + Backup Migration <= 1.3.9 - Unauthenticated Path Traversal to Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a3ae696-f67d-4ed2-b307-d2f36b6f188c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-backup/" + google-query: inurl:"/wp-content/plugins/backup-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-backup-e15cd5eb900eec690c6bd9ba7205617d.yaml b/nuclei-templates/cve-less/plugins/backup-backup-e15cd5eb900eec690c6bd9ba7205617d.yaml new file mode 100644 index 0000000000..36d88f431d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-backup-e15cd5eb900eec690c6bd9ba7205617d.yaml @@ -0,0 +1,58 @@ +id: backup-backup-e15cd5eb900eec690c6bd9ba7205617d + +info: + name: > + Backup Migration <= 1.3.5 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f661f19d-fdd4-4cd3-8fb3-8b6073d94596?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-backup/" + google-query: inurl:"/wp-content/plugins/backup-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-bolt-e92ff64cb5237b7fef80c551a995240d.yaml b/nuclei-templates/cve-less/plugins/backup-bolt-e92ff64cb5237b7fef80c551a995240d.yaml new file mode 100644 index 0000000000..ead391a4f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-bolt-e92ff64cb5237b7fef80c551a995240d.yaml @@ -0,0 +1,58 @@ +id: backup-bolt-e92ff64cb5237b7fef80c551a995240d + +info: + name: > + Backup Bolt <= 1.3.0 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/440e2618-5b45-4bad-8a97-2fb1a6e991ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-bolt/" + google-query: inurl:"/wp-content/plugins/backup-bolt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-bolt,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-bolt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-bolt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-ec758abe67d8493d911d656fdfa690f2.yaml b/nuclei-templates/cve-less/plugins/backup-ec758abe67d8493d911d656fdfa690f2.yaml new file mode 100644 index 0000000000..568dc97e49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-ec758abe67d8493d911d656fdfa690f2.yaml @@ -0,0 +1,58 @@ +id: backup-ec758abe67d8493d911d656fdfa690f2 + +info: + name: > + Backup Guard <= 1.1.46 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/463fd745-92ea-4e55-b470-a5f08884169f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup/" + google-query: inurl:"/wp-content/plugins/backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.47') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-scheduler-897959e22c40ecc199bf5dc5042856a0.yaml b/nuclei-templates/cve-less/plugins/backup-scheduler-897959e22c40ecc199bf5dc5042856a0.yaml new file mode 100644 index 0000000000..96f53bd870 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-scheduler-897959e22c40ecc199bf5dc5042856a0.yaml @@ -0,0 +1,58 @@ +id: backup-scheduler-897959e22c40ecc199bf5dc5042856a0 + +info: + name: > + Backup Scheduler <= 1.5.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85d8bfaa-db94-4c15-8f55-eeefe5882f90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-scheduler/" + google-query: inurl:"/wp-content/plugins/backup-scheduler/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-scheduler,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-scheduler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-scheduler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backup-wd-38b12fb47f5d220861d665c3785bcfc8.yaml b/nuclei-templates/cve-less/plugins/backup-wd-38b12fb47f5d220861d665c3785bcfc8.yaml new file mode 100644 index 0000000000..b823b7c560 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backup-wd-38b12fb47f5d220861d665c3785bcfc8.yaml @@ -0,0 +1,58 @@ +id: backup-wd-38b12fb47f5d220861d665c3785bcfc8 + +info: + name: > + Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c73e6889-78f1-4118-ba76-4cd696d24800?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backup-wd/" + google-query: inurl:"/wp-content/plugins/backup-wd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backup-wd,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backup-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backup-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backupbuddy-141ab8478a476872f09ca6589d710d31.yaml b/nuclei-templates/cve-less/plugins/backupbuddy-141ab8478a476872f09ca6589d710d31.yaml new file mode 100644 index 0000000000..c4f5535b40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backupbuddy-141ab8478a476872f09ca6589d710d31.yaml @@ -0,0 +1,58 @@ +id: backupbuddy-141ab8478a476872f09ca6589d710d31 + +info: + name: > + BackupBuddy 8.5.8.0 - 8.7.4.1 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91221712-8f66-4c6f-94fb-75c34a7f1fa8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backupbuddy/" + google-query: inurl:"/wp-content/plugins/backupbuddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backupbuddy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backupbuddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backupbuddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 8.5.8.0', '<= 8.7.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backupbuddy-2a4553829059c88ea2966fb66da7e42a.yaml b/nuclei-templates/cve-less/plugins/backupbuddy-2a4553829059c88ea2966fb66da7e42a.yaml new file mode 100644 index 0000000000..6bbe449c9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backupbuddy-2a4553829059c88ea2966fb66da7e42a.yaml @@ -0,0 +1,58 @@ +id: backupbuddy-2a4553829059c88ea2966fb66da7e42a + +info: + name: > + BackupBuddy < 3.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0ea7279-bba3-49c4-b36a-0d51c96a23cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backupbuddy/" + google-query: inurl:"/wp-content/plugins/backupbuddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backupbuddy,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backupbuddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backupbuddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backupbuddy-4644df3f89f37fce826cc2d06ead9821.yaml b/nuclei-templates/cve-less/plugins/backupbuddy-4644df3f89f37fce826cc2d06ead9821.yaml new file mode 100644 index 0000000000..8761fab1c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backupbuddy-4644df3f89f37fce826cc2d06ead9821.yaml @@ -0,0 +1,58 @@ +id: backupbuddy-4644df3f89f37fce826cc2d06ead9821 + +info: + name: > + BackupBuddy <= 8.8.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb428db-b56b-4c21-b119-ca7a1a95181e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backupbuddy/" + google-query: inurl:"/wp-content/plugins/backupbuddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backupbuddy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backupbuddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backupbuddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backupbuddy-928b2ae49df36c8a8c06f8fa9afee383.yaml b/nuclei-templates/cve-less/plugins/backupbuddy-928b2ae49df36c8a8c06f8fa9afee383.yaml new file mode 100644 index 0000000000..0e9c0f4109 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backupbuddy-928b2ae49df36c8a8c06f8fa9afee383.yaml @@ -0,0 +1,58 @@ +id: backupbuddy-928b2ae49df36c8a8c06f8fa9afee383 + +info: + name: > + BackupBuddy < 3.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dcc3c09-8bd2-4a08-a368-3f406170081e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backupbuddy/" + google-query: inurl:"/wp-content/plugins/backupbuddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backupbuddy,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backupbuddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backupbuddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backupbuddy-a43e4c1368e5181d1a16d6caef32b605.yaml b/nuclei-templates/cve-less/plugins/backupbuddy-a43e4c1368e5181d1a16d6caef32b605.yaml new file mode 100644 index 0000000000..12eda18a1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backupbuddy-a43e4c1368e5181d1a16d6caef32b605.yaml @@ -0,0 +1,58 @@ +id: backupbuddy-a43e4c1368e5181d1a16d6caef32b605 + +info: + name: > + BackupBuddy <= 2.2.28 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/481bbdd6-9546-4c1f-a4ec-023ad7b37217?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backupbuddy/" + google-query: inurl:"/wp-content/plugins/backupbuddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backupbuddy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backupbuddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backupbuddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backupbuddy-bb9a3765668a45566332d836d123f363.yaml b/nuclei-templates/cve-less/plugins/backupbuddy-bb9a3765668a45566332d836d123f363.yaml new file mode 100644 index 0000000000..8372f74593 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backupbuddy-bb9a3765668a45566332d836d123f363.yaml @@ -0,0 +1,58 @@ +id: backupbuddy-bb9a3765668a45566332d836d123f363 + +info: + name: > + BackupBuddy < 3.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d893edd0-8a60-43fd-94bb-3b52cea1d00e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backupbuddy/" + google-query: inurl:"/wp-content/plugins/backupbuddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backupbuddy,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backupbuddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backupbuddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backuply-471be969472b8d0ef26e1ed1be3ca7b8.yaml b/nuclei-templates/cve-less/plugins/backuply-471be969472b8d0ef26e1ed1be3ca7b8.yaml new file mode 100644 index 0000000000..acefe49759 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backuply-471be969472b8d0ef26e1ed1be3ca7b8.yaml @@ -0,0 +1,58 @@ +id: backuply-471be969472b8d0ef26e1ed1be3ca7b8 + +info: + name: > + Backuply – Backup, Restore, Migrate and Clone <= 1.2.7 - Authenticated (Admin+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be3bd1f2-092c-47c4-a4e4-3365e107c57f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backuply/" + google-query: inurl:"/wp-content/plugins/backuply/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backuply,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backuply/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backuply" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backuply-6cad3fdbb1d6f65f827e62fa999a9d63.yaml b/nuclei-templates/cve-less/plugins/backuply-6cad3fdbb1d6f65f827e62fa999a9d63.yaml new file mode 100644 index 0000000000..6d4280e446 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backuply-6cad3fdbb1d6f65f827e62fa999a9d63.yaml @@ -0,0 +1,58 @@ +id: backuply-6cad3fdbb1d6f65f827e62fa999a9d63 + +info: + name: > + Backuply – Backup, Restore, Migrate and Clone <= 1.2.3 - Authenticated (Administrator+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backuply/" + google-query: inurl:"/wp-content/plugins/backuply/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backuply,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backuply/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backuply" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backuply-ea428ee30f7eac0893dba990c7647b20.yaml b/nuclei-templates/cve-less/plugins/backuply-ea428ee30f7eac0893dba990c7647b20.yaml new file mode 100644 index 0000000000..b7bf36721b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backuply-ea428ee30f7eac0893dba990c7647b20.yaml @@ -0,0 +1,58 @@ +id: backuply-ea428ee30f7eac0893dba990c7647b20 + +info: + name: > + Backuply - Backup, Restore, Migrate and Clone <= 1.2.6 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backuply/" + google-query: inurl:"/wp-content/plugins/backuply/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backuply,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backuply/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backuply" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backupwordpress-d55df6ea0549bd5bc1a28b66aeed72e9.yaml b/nuclei-templates/cve-less/plugins/backupwordpress-d55df6ea0549bd5bc1a28b66aeed72e9.yaml new file mode 100644 index 0000000000..9225747efc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backupwordpress-d55df6ea0549bd5bc1a28b66aeed72e9.yaml @@ -0,0 +1,58 @@ +id: backupwordpress-d55df6ea0549bd5bc1a28b66aeed72e9 + +info: + name: > + BackUpWordPress <= 3.13 - Authenticated (Admin+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2805cb0-8913-4487-8445-031b7d920e2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backupwordpress/" + google-query: inurl:"/wp-content/plugins/backupwordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backupwordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backupwordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backupwordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backupwordpress-f5711bcfafc45228fc0a872f3e3fae05.yaml b/nuclei-templates/cve-less/plugins/backupwordpress-f5711bcfafc45228fc0a872f3e3fae05.yaml new file mode 100644 index 0000000000..afffb55bd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backupwordpress-f5711bcfafc45228fc0a872f3e3fae05.yaml @@ -0,0 +1,58 @@ +id: backupwordpress-f5711bcfafc45228fc0a872f3e3fae05 + +info: + name: > + BackupWordPress <= 3.12 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/747c86f4-118b-4a9c-899c-e9067d2c7a02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backupwordpress/" + google-query: inurl:"/wp-content/plugins/backupwordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backupwordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backupwordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backupwordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backupwordpress-ff88c3f150fa8c25d9c92672f9b00beb.yaml b/nuclei-templates/cve-less/plugins/backupwordpress-ff88c3f150fa8c25d9c92672f9b00beb.yaml new file mode 100644 index 0000000000..d01cf863df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backupwordpress-ff88c3f150fa8c25d9c92672f9b00beb.yaml @@ -0,0 +1,58 @@ +id: backupwordpress-ff88c3f150fa8c25d9c92672f9b00beb + +info: + name: > + BackUpWordPress <= 0.4.2b - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2250fa2d-82f5-4553-a52e-0c43d215aaba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backupwordpress/" + google-query: inurl:"/wp-content/plugins/backupwordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backupwordpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backupwordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backupwordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backwpup-1298f4a06721cabe055b21858243d155.yaml b/nuclei-templates/cve-less/plugins/backwpup-1298f4a06721cabe055b21858243d155.yaml new file mode 100644 index 0000000000..697635c74d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backwpup-1298f4a06721cabe055b21858243d155.yaml @@ -0,0 +1,58 @@ +id: backwpup-1298f4a06721cabe055b21858243d155 + +info: + name: > + BackWPup – WordPress Backup Plugin < 1.4.1 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a7d3b1-ceb7-4ff9-84e4-bc58a597b2cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backwpup/" + google-query: inurl:"/wp-content/plugins/backwpup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backwpup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backwpup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backwpup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backwpup-2bca208b2748ce062cd1cca09cfae994.yaml b/nuclei-templates/cve-less/plugins/backwpup-2bca208b2748ce062cd1cca09cfae994.yaml new file mode 100644 index 0000000000..a8fb0cdff9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backwpup-2bca208b2748ce062cd1cca09cfae994.yaml @@ -0,0 +1,58 @@ +id: backwpup-2bca208b2748ce062cd1cca09cfae994 + +info: + name: > + BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e830fe1e-1171-46da-8ee7-0a6654153f18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backwpup/" + google-query: inurl:"/wp-content/plugins/backwpup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backwpup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backwpup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backwpup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backwpup-356feecea26ff4c40d9fa77a244963ee.yaml b/nuclei-templates/cve-less/plugins/backwpup-356feecea26ff4c40d9fa77a244963ee.yaml new file mode 100644 index 0000000000..e5bfbce811 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backwpup-356feecea26ff4c40d9fa77a244963ee.yaml @@ -0,0 +1,58 @@ +id: backwpup-356feecea26ff4c40d9fa77a244963ee + +info: + name: > + BackWPup < 3.0.13 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8c0726-82b7-487e-ba9e-7adc892979d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backwpup/" + google-query: inurl:"/wp-content/plugins/backwpup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backwpup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backwpup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backwpup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backwpup-58ee338d74c3490fd7f800caad932984.yaml b/nuclei-templates/cve-less/plugins/backwpup-58ee338d74c3490fd7f800caad932984.yaml new file mode 100644 index 0000000000..d9928550b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backwpup-58ee338d74c3490fd7f800caad932984.yaml @@ -0,0 +1,58 @@ +id: backwpup-58ee338d74c3490fd7f800caad932984 + +info: + name: > + BackWPup <= 3.4.1 - Unauthenticated Backup Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4c58479-2924-4b56-9c27-3bdf4be388a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backwpup/" + google-query: inurl:"/wp-content/plugins/backwpup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backwpup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backwpup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backwpup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backwpup-86bb89c01ac64d331e5e9e535a06cf97.yaml b/nuclei-templates/cve-less/plugins/backwpup-86bb89c01ac64d331e5e9e535a06cf97.yaml new file mode 100644 index 0000000000..a370210154 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backwpup-86bb89c01ac64d331e5e9e535a06cf97.yaml @@ -0,0 +1,58 @@ +id: backwpup-86bb89c01ac64d331e5e9e535a06cf97 + +info: + name: > + BackWPup <= 4.0.3 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85abf905-ec47-4847-b3d6-8570fd5eb287?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backwpup/" + google-query: inurl:"/wp-content/plugins/backwpup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backwpup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backwpup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backwpup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backwpup-e260f5dd85134184a7b4e8005c4f1616.yaml b/nuclei-templates/cve-less/plugins/backwpup-e260f5dd85134184a7b4e8005c4f1616.yaml new file mode 100644 index 0000000000..5054bdb6a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backwpup-e260f5dd85134184a7b4e8005c4f1616.yaml @@ -0,0 +1,58 @@ +id: backwpup-e260f5dd85134184a7b4e8005c4f1616 + +info: + name: > + BackWPup <= 1.7.1 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/515d6e6c-e20d-4fc4-9c56-80020196f2f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backwpup/" + google-query: inurl:"/wp-content/plugins/backwpup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backwpup,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backwpup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backwpup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/backwpup-eaf4d65714ae3e70ffdd0fc233476145.yaml b/nuclei-templates/cve-less/plugins/backwpup-eaf4d65714ae3e70ffdd0fc233476145.yaml new file mode 100644 index 0000000000..1ae4a92873 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/backwpup-eaf4d65714ae3e70ffdd0fc233476145.yaml @@ -0,0 +1,58 @@ +id: backwpup-eaf4d65714ae3e70ffdd0fc233476145 + +info: + name: > + BackWPup <= 4.0.2 - Plaintext Storage of Backup Destination Password + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4bce4f04-e622-468a-ac7e-5903ad50cc13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/backwpup/" + google-query: inurl:"/wp-content/plugins/backwpup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,backwpup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/backwpup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "backwpup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bacola-core-0e249eccad21574e2f41d6b727c12756.yaml b/nuclei-templates/cve-less/plugins/bacola-core-0e249eccad21574e2f41d6b727c12756.yaml new file mode 100644 index 0000000000..537320ea03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bacola-core-0e249eccad21574e2f41d6b727c12756.yaml @@ -0,0 +1,58 @@ +id: bacola-core-0e249eccad21574e2f41d6b727c12756 + +info: + name: > + Multiple Plugins by KlbTheme <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fb06315-30ad-4d98-af75-b04933583be7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bacola-core/" + google-query: inurl:"/wp-content/plugins/bacola-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bacola-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bacola-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bacola-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bad-behavior-0638cf0d113b279b6ab4547692f6759f.yaml b/nuclei-templates/cve-less/plugins/bad-behavior-0638cf0d113b279b6ab4547692f6759f.yaml new file mode 100644 index 0000000000..37bf2c9d3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bad-behavior-0638cf0d113b279b6ab4547692f6759f.yaml @@ -0,0 +1,58 @@ +id: bad-behavior-0638cf0d113b279b6ab4547692f6759f + +info: + name: > + Bad Behavior < 2.0.47 & 2.2.0 - 2.2.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4704495-8342-4846-9242-f1eab4de25d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bad-behavior/" + google-query: inurl:"/wp-content/plugins/bad-behavior/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bad-behavior,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bad-behavior/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bad-behavior" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.2.0', '< 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/badgeos-6a3c999f177d3f3a9005f7b86b4e26cb.yaml b/nuclei-templates/cve-less/plugins/badgeos-6a3c999f177d3f3a9005f7b86b4e26cb.yaml new file mode 100644 index 0000000000..4c04207d03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/badgeos-6a3c999f177d3f3a9005f7b86b4e26cb.yaml @@ -0,0 +1,58 @@ +id: badgeos-6a3c999f177d3f3a9005f7b86b4e26cb + +info: + name: > + BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64e0adbc-c524-4f9d-9741-ce69edf888f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/badgeos/" + google-query: inurl:"/wp-content/plugins/badgeos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,badgeos,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/badgeos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "badgeos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/badgeos-8e5d590ef949dabd3bb7265d663cdfbb.yaml b/nuclei-templates/cve-less/plugins/badgeos-8e5d590ef949dabd3bb7265d663cdfbb.yaml new file mode 100644 index 0000000000..1ba89f799b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/badgeos-8e5d590ef949dabd3bb7265d663cdfbb.yaml @@ -0,0 +1,58 @@ +id: badgeos-8e5d590ef949dabd3bb7265d663cdfbb + +info: + name: > + BadgeOS <= 3.7.1.2 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d6ddee9-d9c3-4cea-85f1-a1ddd101aac1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/badgeos/" + google-query: inurl:"/wp-content/plugins/badgeos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,badgeos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/badgeos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "badgeos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/badgeos-948fbb4659b9489d63a6dcbbe5ab82b2.yaml b/nuclei-templates/cve-less/plugins/badgeos-948fbb4659b9489d63a6dcbbe5ab82b2.yaml new file mode 100644 index 0000000000..867cb0bf93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/badgeos-948fbb4659b9489d63a6dcbbe5ab82b2.yaml @@ -0,0 +1,58 @@ +id: badgeos-948fbb4659b9489d63a6dcbbe5ab82b2 + +info: + name: > + BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dae8e82-e252-48d9-ae1f-62acfcd17e2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/badgeos/" + google-query: inurl:"/wp-content/plugins/badgeos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,badgeos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/badgeos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "badgeos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/badgeos-99d724e78c6e3ca9e817c7ab41561c22.yaml b/nuclei-templates/cve-less/plugins/badgeos-99d724e78c6e3ca9e817c7ab41561c22.yaml new file mode 100644 index 0000000000..b66c37b365 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/badgeos-99d724e78c6e3ca9e817c7ab41561c22.yaml @@ -0,0 +1,58 @@ +id: badgeos-99d724e78c6e3ca9e817c7ab41561c22 + +info: + name: > + BadgeOS <= 3.7.1.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/515e62ba-c3b8-42d0-95e3-be347b8851a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/badgeos/" + google-query: inurl:"/wp-content/plugins/badgeos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,badgeos,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/badgeos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "badgeos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/badgeos-d8de339d3ac4f62207036cc196c6166a.yaml b/nuclei-templates/cve-less/plugins/badgeos-d8de339d3ac4f62207036cc196c6166a.yaml new file mode 100644 index 0000000000..e57f9b8034 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/badgeos-d8de339d3ac4f62207036cc196c6166a.yaml @@ -0,0 +1,58 @@ +id: badgeos-d8de339d3ac4f62207036cc196c6166a + +info: + name: > + BadgeOS <= 3.7.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b431493-fd96-495b-aaa7-6dfeef04b011?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/badgeos/" + google-query: inurl:"/wp-content/plugins/badgeos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,badgeos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/badgeos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "badgeos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/badgeos-e1ab43eefd1268f41af50d790136abb5.yaml b/nuclei-templates/cve-less/plugins/badgeos-e1ab43eefd1268f41af50d790136abb5.yaml new file mode 100644 index 0000000000..a7329b9aef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/badgeos-e1ab43eefd1268f41af50d790136abb5.yaml @@ -0,0 +1,58 @@ +id: badgeos-e1ab43eefd1268f41af50d790136abb5 + +info: + name: > + BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74a280e1-e4b6-4bd9-882b-d9f185332d61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/badgeos/" + google-query: inurl:"/wp-content/plugins/badgeos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,badgeos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/badgeos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "badgeos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/badgeos-ee566a4e5dfcb43b5aa7224c7fc505bf.yaml b/nuclei-templates/cve-less/plugins/badgeos-ee566a4e5dfcb43b5aa7224c7fc505bf.yaml new file mode 100644 index 0000000000..47c41f967a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/badgeos-ee566a4e5dfcb43b5aa7224c7fc505bf.yaml @@ -0,0 +1,58 @@ +id: badgeos-ee566a4e5dfcb43b5aa7224c7fc505bf + +info: + name: > + BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebb9e37c-9e8b-429b-b4ef-cd875351852c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/badgeos/" + google-query: inurl:"/wp-content/plugins/badgeos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,badgeos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/badgeos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "badgeos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/badgeos-ef94b2f85f2ba20fe6f83fee3d6d311f.yaml b/nuclei-templates/cve-less/plugins/badgeos-ef94b2f85f2ba20fe6f83fee3d6d311f.yaml new file mode 100644 index 0000000000..2b3df9edd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/badgeos-ef94b2f85f2ba20fe6f83fee3d6d311f.yaml @@ -0,0 +1,58 @@ +id: badgeos-ef94b2f85f2ba20fe6f83fee3d6d311f + +info: + name: > + BadgeOS <= 3.7.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bb1be6d-5af9-4b58-a641-05a913548fe7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/badgeos/" + google-query: inurl:"/wp-content/plugins/badgeos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,badgeos,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/badgeos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "badgeos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/baidu-submit-link-9c6d171f6c42d066e20b0847cb9e2d62.yaml b/nuclei-templates/cve-less/plugins/baidu-submit-link-9c6d171f6c42d066e20b0847cb9e2d62.yaml new file mode 100644 index 0000000000..b809c5c353 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/baidu-submit-link-9c6d171f6c42d066e20b0847cb9e2d62.yaml @@ -0,0 +1,58 @@ +id: baidu-submit-link-9c6d171f6c42d066e20b0847cb9e2d62 + +info: + name: > + 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 <= 4.2.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72d18504-7b12-43f0-b2ea-40dbc25912c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/baidu-submit-link/" + google-query: inurl:"/wp-content/plugins/baidu-submit-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,baidu-submit-link,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/baidu-submit-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "baidu-submit-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/baidu-tongji-generator-d91574fca4b237a59bfef53213c75bb6.yaml b/nuclei-templates/cve-less/plugins/baidu-tongji-generator-d91574fca4b237a59bfef53213c75bb6.yaml new file mode 100644 index 0000000000..4bf3f643ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/baidu-tongji-generator-d91574fca4b237a59bfef53213c75bb6.yaml @@ -0,0 +1,58 @@ +id: baidu-tongji-generator-d91574fca4b237a59bfef53213c75bb6 + +info: + name: > + Baidu Tongji generator <= 1.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8438ea46-9ac1-4ef5-a436-e438c35a4321?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/baidu-tongji-generator/" + google-query: inurl:"/wp-content/plugins/baidu-tongji-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,baidu-tongji-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/baidu-tongji-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "baidu-tongji-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/baidu-tongji-generator-ee80f8c937a77ba9a3b8602ebbefd769.yaml b/nuclei-templates/cve-less/plugins/baidu-tongji-generator-ee80f8c937a77ba9a3b8602ebbefd769.yaml new file mode 100644 index 0000000000..1e02e02ebe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/baidu-tongji-generator-ee80f8c937a77ba9a3b8602ebbefd769.yaml @@ -0,0 +1,58 @@ +id: baidu-tongji-generator-ee80f8c937a77ba9a3b8602ebbefd769 + +info: + name: > + Baidu Tongji generator <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2b9b6f4-6ee7-498d-9693-a5ae5f7f4719?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/baidu-tongji-generator/" + google-query: inurl:"/wp-content/plugins/baidu-tongji-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,baidu-tongji-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/baidu-tongji-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "baidu-tongji-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bamboo-columns-414a4199455e61f63d4f1a06e321a38b.yaml b/nuclei-templates/cve-less/plugins/bamboo-columns-414a4199455e61f63d4f1a06e321a38b.yaml new file mode 100644 index 0000000000..ba067838a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bamboo-columns-414a4199455e61f63d4f1a06e321a38b.yaml @@ -0,0 +1,58 @@ +id: bamboo-columns-414a4199455e61f63d4f1a06e321a38b + +info: + name: > + Bamboo Columns <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e7b40e4-c80a-4317-acff-77696fd8098f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bamboo-columns/" + google-query: inurl:"/wp-content/plugins/bamboo-columns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bamboo-columns,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bamboo-columns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bamboo-columns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ban-users-137251846c7319666c4983642238e856.yaml b/nuclei-templates/cve-less/plugins/ban-users-137251846c7319666c4983642238e856.yaml new file mode 100644 index 0000000000..e3f5cb2059 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ban-users-137251846c7319666c4983642238e856.yaml @@ -0,0 +1,58 @@ +id: ban-users-137251846c7319666c4983642238e856 + +info: + name: > + BAN Users <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update & Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af6bd2db-47a4-4381-a881-d5f97a159f8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ban-users/" + google-query: inurl:"/wp-content/plugins/ban-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ban-users,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ban-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ban-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bangladeshi-payment-gateways-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/bangladeshi-payment-gateways-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..46b0629757 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bangladeshi-payment-gateways-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: bangladeshi-payment-gateways-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bangladeshi-payment-gateways/" + google-query: inurl:"/wp-content/plugins/bangladeshi-payment-gateways/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bangladeshi-payment-gateways,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bangladeshi-payment-gateways/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bangladeshi-payment-gateways" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bank-mellat-226ccdc58627d396ab167a357486235f.yaml b/nuclei-templates/cve-less/plugins/bank-mellat-226ccdc58627d396ab167a357486235f.yaml new file mode 100644 index 0000000000..3e68643c1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bank-mellat-226ccdc58627d396ab167a357486235f.yaml @@ -0,0 +1,58 @@ +id: bank-mellat-226ccdc58627d396ab167a357486235f + +info: + name: > + Bank Mellat <= 1.3.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b510ffb-27fe-41f2-8176-676cf9540ee8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bank-mellat/" + google-query: inurl:"/wp-content/plugins/bank-mellat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bank-mellat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bank-mellat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bank-mellat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/banner-cycler-b587c5b6b45c195ebb12bd5f55ed780d.yaml b/nuclei-templates/cve-less/plugins/banner-cycler-b587c5b6b45c195ebb12bd5f55ed780d.yaml new file mode 100644 index 0000000000..a9904ff6b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/banner-cycler-b587c5b6b45c195ebb12bd5f55ed780d.yaml @@ -0,0 +1,58 @@ +id: banner-cycler-b587c5b6b45c195ebb12bd5f55ed780d + +info: + name: > + Banner Cycler <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cc1d7f2-053d-42d4-afb7-6fb69fd71b91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/banner-cycler/" + google-query: inurl:"/wp-content/plugins/banner-cycler/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,banner-cycler,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/banner-cycler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "banner-cycler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/banner-effect-header-434911a5447ed5d05a669b67b9efd816.yaml b/nuclei-templates/cve-less/plugins/banner-effect-header-434911a5447ed5d05a669b67b9efd816.yaml new file mode 100644 index 0000000000..1db3446841 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/banner-effect-header-434911a5447ed5d05a669b67b9efd816.yaml @@ -0,0 +1,58 @@ +id: banner-effect-header-434911a5447ed5d05a669b67b9efd816 + +info: + name: > + Banner Effect Header <= 1.2.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fcd3eec-057a-44f9-a255-e6814a22471b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/banner-effect-header/" + google-query: inurl:"/wp-content/plugins/banner-effect-header/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,banner-effect-header,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/banner-effect-header/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "banner-effect-header" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/banner-effect-header-f7325cb69c59d2a2951bb8ec98779e8d.yaml b/nuclei-templates/cve-less/plugins/banner-effect-header-f7325cb69c59d2a2951bb8ec98779e8d.yaml new file mode 100644 index 0000000000..91d810cc40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/banner-effect-header-f7325cb69c59d2a2951bb8ec98779e8d.yaml @@ -0,0 +1,58 @@ +id: banner-effect-header-f7325cb69c59d2a2951bb8ec98779e8d + +info: + name: > + Banner Effect Header < 1.2.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fd1cbbe-68b8-4a19-aea9-1e943d97c9c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/banner-effect-header/" + google-query: inurl:"/wp-content/plugins/banner-effect-header/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,banner-effect-header,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/banner-effect-header/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "banner-effect-header" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/banner-management-for-woocommerce-0167f45d0f324e4791bf42a58fe0f3d4.yaml b/nuclei-templates/cve-less/plugins/banner-management-for-woocommerce-0167f45d0f324e4791bf42a58fe0f3d4.yaml new file mode 100644 index 0000000000..2cd549620e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/banner-management-for-woocommerce-0167f45d0f324e4791bf42a58fe0f3d4.yaml @@ -0,0 +1,58 @@ +id: banner-management-for-woocommerce-0167f45d0f324e4791bf42a58fe0f3d4 + +info: + name: > + Woocommerce Category Banner Management <= 1.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d02bed5-c45b-46db-a2c2-9c741f8b1dc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/banner-management-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/banner-management-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,banner-management-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/banner-management-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "banner-management-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/banner-management-for-woocommerce-fccced4c8f4a5e0806978ddedbe57a10.yaml b/nuclei-templates/cve-less/plugins/banner-management-for-woocommerce-fccced4c8f4a5e0806978ddedbe57a10.yaml new file mode 100644 index 0000000000..e214372f2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/banner-management-for-woocommerce-fccced4c8f4a5e0806978ddedbe57a10.yaml @@ -0,0 +1,58 @@ +id: banner-management-for-woocommerce-fccced4c8f4a5e0806978ddedbe57a10 + +info: + name: > + Woocommerce Category Banner Management <= 2.4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/223a6c35-712a-458c-8708-6981c9041fe1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/banner-management-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/banner-management-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,banner-management-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/banner-management-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "banner-management-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bannerlid-55df23e4f01ef0022903c3f40bc900ce.yaml b/nuclei-templates/cve-less/plugins/bannerlid-55df23e4f01ef0022903c3f40bc900ce.yaml new file mode 100644 index 0000000000..c2e07a3a87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bannerlid-55df23e4f01ef0022903c3f40bc900ce.yaml @@ -0,0 +1,58 @@ +id: bannerlid-55df23e4f01ef0022903c3f40bc900ce + +info: + name: > + Bannerlid <= 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/602d1302-138f-4ee4-a36c-179f24a2bf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bannerlid/" + google-query: inurl:"/wp-content/plugins/bannerlid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bannerlid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bannerlid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bannerlid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bannerman-1bdbe0eed23754132ebb7324a7cbafe1.yaml b/nuclei-templates/cve-less/plugins/bannerman-1bdbe0eed23754132ebb7324a7cbafe1.yaml new file mode 100644 index 0000000000..f1bf5cc240 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bannerman-1bdbe0eed23754132ebb7324a7cbafe1.yaml @@ -0,0 +1,58 @@ +id: bannerman-1bdbe0eed23754132ebb7324a7cbafe1 + +info: + name: > + BannerMan <= 0.2.4 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e608c75f-dd84-4921-ae61-2bfa5cd717a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bannerman/" + google-query: inurl:"/wp-content/plugins/bannerman/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bannerman,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bannerman/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bannerman" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bannerman-acb1c7356c04fc668153a6e512559aa7.yaml b/nuclei-templates/cve-less/plugins/bannerman-acb1c7356c04fc668153a6e512559aa7.yaml new file mode 100644 index 0000000000..a128ae6374 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bannerman-acb1c7356c04fc668153a6e512559aa7.yaml @@ -0,0 +1,58 @@ +id: bannerman-acb1c7356c04fc668153a6e512559aa7 + +info: + name: > + BannerMan <= 0.2.4 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c85b895-7a55-45c6-aafb-66c7447be355?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bannerman/" + google-query: inurl:"/wp-content/plugins/bannerman/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bannerman,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bannerman/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bannerman" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-3fe433fa04cbd74a4139a79417d6ceaa.yaml b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-3fe433fa04cbd74a4139a79417d6ceaa.yaml new file mode 100644 index 0000000000..acb41abf2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-3fe433fa04cbd74a4139a79417d6ceaa.yaml @@ -0,0 +1,58 @@ +id: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-3fe433fa04cbd74a4139a79417d6ceaa + +info: + name: > + Barcode Scanner with Inventory & Order Manager <= 1.5.4 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c8ba503-db7e-4ac1-898f-a301854db60f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + google-query: inurl:"/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-40a18728cfe568ff4c836d2215f1bab4.yaml b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-40a18728cfe568ff4c836d2215f1bab4.yaml new file mode 100644 index 0000000000..c9b6d55809 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-40a18728cfe568ff4c836d2215f1bab4.yaml @@ -0,0 +1,58 @@ +id: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-40a18728cfe568ff4c836d2215f1bab4 + +info: + name: > + Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/191759f5-8801-4483-933c-77811b63eb4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + google-query: inurl:"/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-6598da95314501b73bd8f49d12607cda.yaml b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-6598da95314501b73bd8f49d12607cda.yaml new file mode 100644 index 0000000000..7eedec7936 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-6598da95314501b73bd8f49d12607cda.yaml @@ -0,0 +1,58 @@ +id: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-6598da95314501b73bd8f49d12607cda + +info: + name: > + Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e268dfa-7761-4e52-9e97-288c58d2e5c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + google-query: inurl:"/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-762974517202b3d8e87994dd1daef458.yaml b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-762974517202b3d8e87994dd1daef458.yaml new file mode 100644 index 0000000000..8c25639a45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-762974517202b3d8e87994dd1daef458.yaml @@ -0,0 +1,58 @@ +id: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-762974517202b3d8e87994dd1daef458 + +info: + name: > + Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated SQL Injection via userToken + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba18bd0c-ba6c-4f98-ac29-660a79affa6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + google-query: inurl:"/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-91fab9aed123b89a5ffac035c0489ae7.yaml b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-91fab9aed123b89a5ffac035c0489ae7.yaml new file mode 100644 index 0000000000..cfe5c414b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-91fab9aed123b89a5ffac035c0489ae7.yaml @@ -0,0 +1,58 @@ +id: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-91fab9aed123b89a5ffac035c0489ae7 + +info: + name: > + Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dffaf909-72f5-466f-8dd0-d46a81402caf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + google-query: inurl:"/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-c1bec35c5489d7d12ae6b841d923b29e.yaml b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-c1bec35c5489d7d12ae6b841d923b29e.yaml new file mode 100644 index 0000000000..771e5dc724 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-c1bec35c5489d7d12ae6b841d923b29e.yaml @@ -0,0 +1,58 @@ +id: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-c1bec35c5489d7d12ae6b841d923b29e + +info: + name: > + Barcode Scanner with Inventory & Order Manager <= 1.5.1 - Unauthenticated Arbitrary File Upload via uploadFile + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34439db4-1b66-4ccb-bf84-fddef6bc1f88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + google-query: inurl:"/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-ea61aaf0b841c4447233caa711d245e0.yaml b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-ea61aaf0b841c4447233caa711d245e0.yaml new file mode 100644 index 0000000000..ab27cc0eaf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-ea61aaf0b841c4447233caa711d245e0.yaml @@ -0,0 +1,58 @@ +id: barcode-scanner-lite-pos-to-manage-products-inventory-and-orders-ea61aaf0b841c4447233caa711d245e0 + +info: + name: > + Barcode Scanner with Inventory & Order Manager <= 1.5.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b2c2d52-7d76-4b7a-98e5-d3843720954a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + google-query: inurl:"/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,barcode-scanner-lite-pos-to-manage-products-inventory-and-orders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "barcode-scanner-lite-pos-to-manage-products-inventory-and-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/basepress-a5afc25e9a9bba6762e73f63456f868e.yaml b/nuclei-templates/cve-less/plugins/basepress-a5afc25e9a9bba6762e73f63456f868e.yaml new file mode 100644 index 0000000000..e146ae297d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/basepress-a5afc25e9a9bba6762e73f63456f868e.yaml @@ -0,0 +1,58 @@ +id: basepress-a5afc25e9a9bba6762e73f63456f868e + +info: + name: > + Knowledge Base documentation & wiki plugin – BasePress <= 2.16.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc4ec554-f7f5-4c0a-9f86-8d5c74bfe0ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/basepress/" + google-query: inurl:"/wp-content/plugins/basepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,basepress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/basepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "basepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/basepress-fdf5e229c491f2ee061576794ec1d5c1.yaml b/nuclei-templates/cve-less/plugins/basepress-fdf5e229c491f2ee061576794ec1d5c1.yaml new file mode 100644 index 0000000000..983e26ceda --- /dev/null +++ b/nuclei-templates/cve-less/plugins/basepress-fdf5e229c491f2ee061576794ec1d5c1.yaml @@ -0,0 +1,58 @@ +id: basepress-fdf5e229c491f2ee061576794ec1d5c1 + +info: + name: > + Knowledge Base documentation & wiki plugin – BasePress <= 2.16.1 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47f05812-b873-4092-9014-20ca1d0e484a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/basepress/" + google-query: inurl:"/wp-content/plugins/basepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,basepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/basepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "basepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/basic-interactive-world-map-b5b7bc46aa5c73951c7934c79faf05ff.yaml b/nuclei-templates/cve-less/plugins/basic-interactive-world-map-b5b7bc46aa5c73951c7934c79faf05ff.yaml new file mode 100644 index 0000000000..97661ab81f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/basic-interactive-world-map-b5b7bc46aa5c73951c7934c79faf05ff.yaml @@ -0,0 +1,58 @@ +id: basic-interactive-world-map-b5b7bc46aa5c73951c7934c79faf05ff + +info: + name: > + Basic Interactive World Map <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/321b2b0d-8169-4e80-b86f-2ae29d9b8b7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/basic-interactive-world-map/" + google-query: inurl:"/wp-content/plugins/basic-interactive-world-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,basic-interactive-world-map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/basic-interactive-world-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "basic-interactive-world-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/baslider-6df2df1f538663a4b281d00b01155047.yaml b/nuclei-templates/cve-less/plugins/baslider-6df2df1f538663a4b281d00b01155047.yaml new file mode 100644 index 0000000000..fd93a55d9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/baslider-6df2df1f538663a4b281d00b01155047.yaml @@ -0,0 +1,58 @@ +id: baslider-6df2df1f538663a4b281d00b01155047 + +info: + name: > + Image Slider by NextCode <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e340264-7cc0-4598-972f-aaa1fda2096b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/baslider/" + google-query: inurl:"/wp-content/plugins/baslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,baslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/baslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "baslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/baslider-8d331ddadf2ec92c698925fb701e1625.yaml b/nuclei-templates/cve-less/plugins/baslider-8d331ddadf2ec92c698925fb701e1625.yaml new file mode 100644 index 0000000000..eabacd9368 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/baslider-8d331ddadf2ec92c698925fb701e1625.yaml @@ -0,0 +1,58 @@ +id: baslider-8d331ddadf2ec92c698925fb701e1625 + +info: + name: > + Image Slider by NextCode <= 1.1.2 - Cross-Site Request Forgery to Slide Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce90db0c-d4ca-4b32-8a64-681642aaf032?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/baslider/" + google-query: inurl:"/wp-content/plugins/baslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,baslider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/baslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "baslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/baslider-9ea1bb5d162409cd77ba612423f2f166.yaml b/nuclei-templates/cve-less/plugins/baslider-9ea1bb5d162409cd77ba612423f2f166.yaml new file mode 100644 index 0000000000..c4215d43f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/baslider-9ea1bb5d162409cd77ba612423f2f166.yaml @@ -0,0 +1,58 @@ +id: baslider-9ea1bb5d162409cd77ba612423f2f166 + +info: + name: > + Image Slider by NextCode <= 1.1.2 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07aee352-dfef-4762-a93d-e131737d0535?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/baslider/" + google-query: inurl:"/wp-content/plugins/baslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,baslider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/baslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "baslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/batch-cat-5fc1378196caf660cea9b35242972f9a.yaml b/nuclei-templates/cve-less/plugins/batch-cat-5fc1378196caf660cea9b35242972f9a.yaml new file mode 100644 index 0000000000..4cd8a94206 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/batch-cat-5fc1378196caf660cea9b35242972f9a.yaml @@ -0,0 +1,58 @@ +id: batch-cat-5fc1378196caf660cea9b35242972f9a + +info: + name: > + Batch Cat <= 0.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2799ede9-1905-44b9-b731-ce5398d561b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/batch-cat/" + google-query: inurl:"/wp-content/plugins/batch-cat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,batch-cat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/batch-cat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "batch-cat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/baw-login-logout-menu-4d7cf09bd61a740d1d041e4a547bb223.yaml b/nuclei-templates/cve-less/plugins/baw-login-logout-menu-4d7cf09bd61a740d1d041e4a547bb223.yaml new file mode 100644 index 0000000000..4e005fb6c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/baw-login-logout-menu-4d7cf09bd61a740d1d041e4a547bb223.yaml @@ -0,0 +1,58 @@ +id: baw-login-logout-menu-4d7cf09bd61a740d1d041e4a547bb223 + +info: + name: > + Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9acb6e7d-990d-4ed7-93ab-79ba94aa9016?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/baw-login-logout-menu/" + google-query: inurl:"/wp-content/plugins/baw-login-logout-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,baw-login-logout-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/baw-login-logout-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "baw-login-logout-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/baw-post-views-count-689bba03a0123069bb521d413df5bf54.yaml b/nuclei-templates/cve-less/plugins/baw-post-views-count-689bba03a0123069bb521d413df5bf54.yaml new file mode 100644 index 0000000000..d1f7b82b69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/baw-post-views-count-689bba03a0123069bb521d413df5bf54.yaml @@ -0,0 +1,58 @@ +id: baw-post-views-count-689bba03a0123069bb521d413df5bf54 + +info: + name: > + Post Views Count <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36c3107d-f125-4715-999e-8862e4103313?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/baw-post-views-count/" + google-query: inurl:"/wp-content/plugins/baw-post-views-count/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,baw-post-views-count,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/baw-post-views-count/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "baw-post-views-count" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bb-bootstrap-cards-42392b45ae66f65286752e395147b8a3.yaml b/nuclei-templates/cve-less/plugins/bb-bootstrap-cards-42392b45ae66f65286752e395147b8a3.yaml new file mode 100644 index 0000000000..a4082230f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bb-bootstrap-cards-42392b45ae66f65286752e395147b8a3.yaml @@ -0,0 +1,58 @@ +id: bb-bootstrap-cards-42392b45ae66f65286752e395147b8a3 + +info: + name: > + Cards for Beaver Builder <= 1.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via bootstrapcard link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac0dfaac-cce6-45f7-ad5b-d7dcb66453bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bb-bootstrap-cards/" + google-query: inurl:"/wp-content/plugins/bb-bootstrap-cards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bb-bootstrap-cards,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bb-bootstrap-cards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bb-bootstrap-cards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bb-ultimate-addon-1c74e3df9173084b9bb7ea805c234e58.yaml b/nuclei-templates/cve-less/plugins/bb-ultimate-addon-1c74e3df9173084b9bb7ea805c234e58.yaml new file mode 100644 index 0000000000..95aba493b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bb-ultimate-addon-1c74e3df9173084b9bb7ea805c234e58.yaml @@ -0,0 +1,58 @@ +id: bb-ultimate-addon-1c74e3df9173084b9bb7ea805c234e58 + +info: + name: > + Ultimate Addons for Beaver Builder <= 1.35.14 - Authenticated(Contributor+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b29048e-cf06-463c-82e0-f1d973e50232?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bb-ultimate-addon/" + google-query: inurl:"/wp-content/plugins/bb-ultimate-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bb-ultimate-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bb-ultimate-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bb-ultimate-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.35.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bb-ultimate-addon-8495527ac09a59599c4f06adeea443c8.yaml b/nuclei-templates/cve-less/plugins/bb-ultimate-addon-8495527ac09a59599c4f06adeea443c8.yaml new file mode 100644 index 0000000000..200f551380 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bb-ultimate-addon-8495527ac09a59599c4f06adeea443c8.yaml @@ -0,0 +1,58 @@ +id: bb-ultimate-addon-8495527ac09a59599c4f06adeea443c8 + +info: + name: > + Ultimate Addons for Beaver Builder <= 1.35.13 - Authenticated(Contributor+) Directory Traversal to Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38a5be0c-f905-4e27-b5c3-8c0606d71a61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bb-ultimate-addon/" + google-query: inurl:"/wp-content/plugins/bb-ultimate-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bb-ultimate-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bb-ultimate-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bb-ultimate-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.35.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbp-move-topics-2d66a242a2a2a1cad4298e09bf72f7ae.yaml b/nuclei-templates/cve-less/plugins/bbp-move-topics-2d66a242a2a2a1cad4298e09bf72f7ae.yaml new file mode 100644 index 0000000000..15774057ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbp-move-topics-2d66a242a2a2a1cad4298e09bf72f7ae.yaml @@ -0,0 +1,58 @@ +id: bbp-move-topics-2d66a242a2a2a1cad4298e09bf72f7ae + +info: + name: > + bbPress Move Topics <= 1.1.4 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b23b71d-1231-44ce-b992-5e74ddafb4bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbp-move-topics/" + google-query: inurl:"/wp-content/plugins/bbp-move-topics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbp-move-topics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbp-move-topics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbp-move-topics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbp-move-topics-7d2d77fb555165867755ecf651af34c0.yaml b/nuclei-templates/cve-less/plugins/bbp-move-topics-7d2d77fb555165867755ecf651af34c0.yaml new file mode 100644 index 0000000000..b511cbc00b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbp-move-topics-7d2d77fb555165867755ecf651af34c0.yaml @@ -0,0 +1,58 @@ +id: bbp-move-topics-7d2d77fb555165867755ecf651af34c0 + +info: + name: > + bbPress Move Topics <= 1.1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61bbd7fe-cacf-4390-b976-3b931fc84af3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbp-move-topics/" + google-query: inurl:"/wp-content/plugins/bbp-move-topics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbp-move-topics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbp-move-topics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbp-move-topics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbp-style-pack-a8af060628ffa49f9121f24c1f544243.yaml b/nuclei-templates/cve-less/plugins/bbp-style-pack-a8af060628ffa49f9121f24c1f544243.yaml new file mode 100644 index 0000000000..a0a5cc1ee4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbp-style-pack-a8af060628ffa49f9121f24c1f544243.yaml @@ -0,0 +1,58 @@ +id: bbp-style-pack-a8af060628ffa49f9121f24c1f544243 + +info: + name: > + bbp style pack <= 5.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/169cb1b8-8a37-4a8b-b824-c31ef132b88a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbp-style-pack/" + google-query: inurl:"/wp-content/plugins/bbp-style-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbp-style-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbp-style-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbp-style-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbp-style-pack-b166ccca1e33f4281f58142489d93a0e.yaml b/nuclei-templates/cve-less/plugins/bbp-style-pack-b166ccca1e33f4281f58142489d93a0e.yaml new file mode 100644 index 0000000000..da676d72de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbp-style-pack-b166ccca1e33f4281f58142489d93a0e.yaml @@ -0,0 +1,58 @@ +id: bbp-style-pack-b166ccca1e33f4281f58142489d93a0e + +info: + name: > + bbp style pack <= 5.5.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49e82146-e8ad-4bc5-94a7-a4ae694b7039?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbp-style-pack/" + google-query: inurl:"/wp-content/plugins/bbp-style-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbp-style-pack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbp-style-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbp-style-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbp-toolkit-1c16449f8bc6ec80daa181529883284c.yaml b/nuclei-templates/cve-less/plugins/bbp-toolkit-1c16449f8bc6ec80daa181529883284c.yaml new file mode 100644 index 0000000000..5dbfab70aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbp-toolkit-1c16449f8bc6ec80daa181529883284c.yaml @@ -0,0 +1,58 @@ +id: bbp-toolkit-1c16449f8bc6ec80daa181529883284c + +info: + name: > + bbPress Toolkit <= 1.0.12 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11305d35-07d6-4c61-a0c7-035671229f07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbp-toolkit/" + google-query: inurl:"/wp-content/plugins/bbp-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbp-toolkit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbp-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbp-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbp-toolkit-f0f195114e43b21943298311709b9cdf.yaml b/nuclei-templates/cve-less/plugins/bbp-toolkit-f0f195114e43b21943298311709b9cdf.yaml new file mode 100644 index 0000000000..55f2b9ba3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbp-toolkit-f0f195114e43b21943298311709b9cdf.yaml @@ -0,0 +1,58 @@ +id: bbp-toolkit-f0f195114e43b21943298311709b9cdf + +info: + name: > + bbPress Toolkit <= 1.0.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a9b2ec2-edbe-45c5-bd36-45a6101356d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbp-toolkit/" + google-query: inurl:"/wp-content/plugins/bbp-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbp-toolkit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbp-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbp-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbp-voting-40b2967e127caf7495ebfc36b3279860.yaml b/nuclei-templates/cve-less/plugins/bbp-voting-40b2967e127caf7495ebfc36b3279860.yaml new file mode 100644 index 0000000000..f418442f41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbp-voting-40b2967e127caf7495ebfc36b3279860.yaml @@ -0,0 +1,58 @@ +id: bbp-voting-40b2967e127caf7495ebfc36b3279860 + +info: + name: > + bbPress Voting <= 2.1.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33adf97e-c0f9-488b-b9cf-e703578c4d1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbp-voting/" + google-query: inurl:"/wp-content/plugins/bbp-voting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbp-voting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbp-voting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbp-voting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbpress-4cbf85b774e16b710e92618758678558.yaml b/nuclei-templates/cve-less/plugins/bbpress-4cbf85b774e16b710e92618758678558.yaml new file mode 100644 index 0000000000..658831e472 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbpress-4cbf85b774e16b710e92618758678558.yaml @@ -0,0 +1,58 @@ +id: bbpress-4cbf85b774e16b710e92618758678558 + +info: + name: > + bbPress <= 2.6.4 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57be90d8-dab7-49c8-bcdf-32e967ee1716?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbpress/" + google-query: inurl:"/wp-content/plugins/bbpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbpress-a08c651ad045a182d61e4a734b04e24d.yaml b/nuclei-templates/cve-less/plugins/bbpress-a08c651ad045a182d61e4a734b04e24d.yaml new file mode 100644 index 0000000000..f4c8158afb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbpress-a08c651ad045a182d61e4a734b04e24d.yaml @@ -0,0 +1,58 @@ +id: bbpress-a08c651ad045a182d61e4a734b04e24d + +info: + name: > + bbPress <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting via the forums list table + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f20aff55-f9c9-42f7-9c7b-3f4a709f4a60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbpress/" + google-query: inurl:"/wp-content/plugins/bbpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbs-e-popup-47cb3cea5c7ee929fdb9a30f97cd8b93.yaml b/nuclei-templates/cve-less/plugins/bbs-e-popup-47cb3cea5c7ee929fdb9a30f97cd8b93.yaml new file mode 100644 index 0000000000..5af56c2829 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbs-e-popup-47cb3cea5c7ee929fdb9a30f97cd8b93.yaml @@ -0,0 +1,58 @@ +id: bbs-e-popup-47cb3cea5c7ee929fdb9a30f97cd8b93 + +info: + name: > + BBS e-Popup <= 2.4.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ae5bbd0-2f95-41f3-a484-a9bb21b23b0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbs-e-popup/" + google-query: inurl:"/wp-content/plugins/bbs-e-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbs-e-popup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbs-e-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbs-e-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbs-e-popup-cf929e621e4b1d597c324db37b74c90e.yaml b/nuclei-templates/cve-less/plugins/bbs-e-popup-cf929e621e4b1d597c324db37b74c90e.yaml new file mode 100644 index 0000000000..dcf2e95b1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbs-e-popup-cf929e621e4b1d597c324db37b74c90e.yaml @@ -0,0 +1,58 @@ +id: bbs-e-popup-cf929e621e4b1d597c324db37b74c90e + +info: + name: > + BBS e-Popup <= 2.4.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f715947-e379-4a05-9ab8-5d9e94ffc136?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbs-e-popup/" + google-query: inurl:"/wp-content/plugins/bbs-e-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbs-e-popup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbs-e-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbs-e-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bbspoiler-3b3faa72335204be9fd1e5395bb7377e.yaml b/nuclei-templates/cve-less/plugins/bbspoiler-3b3faa72335204be9fd1e5395bb7377e.yaml new file mode 100644 index 0000000000..c0660e5c7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bbspoiler-3b3faa72335204be9fd1e5395bb7377e.yaml @@ -0,0 +1,58 @@ +id: bbspoiler-3b3faa72335204be9fd1e5395bb7377e + +info: + name: > + BBSpoiler <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/789497b1-36cf-4de2-bca0-52c0c2a08f72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bbspoiler/" + google-query: inurl:"/wp-content/plugins/bbspoiler/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bbspoiler,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bbspoiler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbspoiler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bc-menu-cart-woo-e37de4c1f7c016da27e52bf7ca80605e.yaml b/nuclei-templates/cve-less/plugins/bc-menu-cart-woo-e37de4c1f7c016da27e52bf7ca80605e.yaml new file mode 100644 index 0000000000..864b97ed76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bc-menu-cart-woo-e37de4c1f7c016da27e52bf7ca80605e.yaml @@ -0,0 +1,58 @@ +id: bc-menu-cart-woo-e37de4c1f7c016da27e52bf7ca80605e + +info: + name: > + BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter <= 1.49.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc626bdb-e962-407c-95c3-3f9e28dc5876?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bc-menu-cart-woo/" + google-query: inurl:"/wp-content/plugins/bc-menu-cart-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bc-menu-cart-woo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bc-menu-cart-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bc-menu-cart-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.49.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bc-woo-custom-thank-you-pages-b81dbbcc402e93364fc6c79f5c55b224.yaml b/nuclei-templates/cve-less/plugins/bc-woo-custom-thank-you-pages-b81dbbcc402e93364fc6c79f5c55b224.yaml new file mode 100644 index 0000000000..91af78ed18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bc-woo-custom-thank-you-pages-b81dbbcc402e93364fc6c79f5c55b224.yaml @@ -0,0 +1,58 @@ +id: bc-woo-custom-thank-you-pages-b81dbbcc402e93364fc6c79f5c55b224 + +info: + name: > + Custom Thank You Page Customize For WooCommerce by Binary Carpenter <= 1.4.13 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af6b7cba-56cc-4e78-a3c1-228eecb98120?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bc-woo-custom-thank-you-pages/" + google-query: inurl:"/wp-content/plugins/bc-woo-custom-thank-you-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bc-woo-custom-thank-you-pages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bc-woo-custom-thank-you-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bc-woo-custom-thank-you-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bcorp-shortcodes-e46e0878d80b0d8d4416a50916ac9925.yaml b/nuclei-templates/cve-less/plugins/bcorp-shortcodes-e46e0878d80b0d8d4416a50916ac9925.yaml new file mode 100644 index 0000000000..4701b6ac75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bcorp-shortcodes-e46e0878d80b0d8d4416a50916ac9925.yaml @@ -0,0 +1,58 @@ +id: bcorp-shortcodes-e46e0878d80b0d8d4416a50916ac9925 + +info: + name: > + BCorp Shortcodes <= 0.23 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94696151-9f99-4847-bd67-8fb77f8b6a0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bcorp-shortcodes/" + google-query: inurl:"/wp-content/plugins/bcorp-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bcorp-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bcorp-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bcorp-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-element-pack-c32e665e9be4b817092efeaf96853d74.yaml b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-c32e665e9be4b817092efeaf96853d74.yaml new file mode 100644 index 0000000000..e2702fb682 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-c32e665e9be4b817092efeaf96853d74.yaml @@ -0,0 +1,58 @@ +id: bdthemes-element-pack-c32e665e9be4b817092efeaf96853d74 + +info: + name: > + Element Pack Pro <= 7.7.4 - Authenticated (Contributor+) Arbitrary File Read and PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41395c95-230d-441a-a261-cd67b95b76e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-46bd5e871ffddefa69b74900fbbdea14.yaml b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-46bd5e871ffddefa69b74900fbbdea14.yaml new file mode 100644 index 0000000000..9f92a046de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-46bd5e871ffddefa69b74900fbbdea14.yaml @@ -0,0 +1,58 @@ +id: bdthemes-element-pack-lite-46bd5e871ffddefa69b74900fbbdea14 + +info: + name: > + Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.5.6 - Sensitive Information Exposure via element_pack_ajax_search + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39e0fd33-4071-4510-a7d5-b499a8a3543c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-7e6a3b2c412bc3d13ddc87f480a49f5e.yaml b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-7e6a3b2c412bc3d13ddc87f480a49f5e.yaml new file mode 100644 index 0000000000..828d4d7936 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-7e6a3b2c412bc3d13ddc87f480a49f5e.yaml @@ -0,0 +1,58 @@ +id: bdthemes-element-pack-lite-7e6a3b2c412bc3d13ddc87f480a49f5e + +info: + name: > + Element Pack Elementor Addons <= 5.5.3 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0aced5de-e9df-4ffe-9d10-93dc3897ef4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-88c402ced2fc7c5811d5e082ac94297b.yaml b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-88c402ced2fc7c5811d5e082ac94297b.yaml new file mode 100644 index 0000000000..5faed17f7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-88c402ced2fc7c5811d5e082ac94297b.yaml @@ -0,0 +1,58 @@ +id: bdthemes-element-pack-lite-88c402ced2fc7c5811d5e082ac94297b + +info: + name: > + Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Panel Slider Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ec6b03c-e594-4b20-9da0-78413048ba70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-91833325e07473e81e8f172735b05fa1.yaml b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-91833325e07473e81e8f172735b05fa1.yaml new file mode 100644 index 0000000000..7f688d21bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-91833325e07473e81e8f172735b05fa1.yaml @@ -0,0 +1,58 @@ +id: bdthemes-element-pack-lite-91833325e07473e81e8f172735b05fa1 + +info: + name: > + Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Custom Gallery' Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a54c2a89-4297-48f5-bbff-e5c20c26a632?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-a5718896caa8539c5806c104b13a2ecf.yaml b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-a5718896caa8539c5806c104b13a2ecf.yaml new file mode 100644 index 0000000000..e86cc19ccf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-a5718896caa8539c5806c104b13a2ecf.yaml @@ -0,0 +1,58 @@ +id: bdthemes-element-pack-lite-a5718896caa8539c5806c104b13a2ecf + +info: + name: > + Element Pack Elementor Addons <= 5.4.11 - Missing Authorization via bdt_duplicate_as_draft + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/164a1e09-e967-450c-8938-84c18ebf267d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-e0e7d7ae87e3b7c89bbdeabc1a752e7d.yaml b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-e0e7d7ae87e3b7c89bbdeabc1a752e7d.yaml new file mode 100644 index 0000000000..7780075441 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-e0e7d7ae87e3b7c89bbdeabc1a752e7d.yaml @@ -0,0 +1,58 @@ +id: bdthemes-element-pack-lite-e0e7d7ae87e3b7c89bbdeabc1a752e7d + +info: + name: > + Element Pack Elementor Addons <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/932ba486-d98d-4c16-afe5-3aaf030a1e48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-e5cbcd667f6374a7cacb1531a9b3233c.yaml b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-e5cbcd667f6374a7cacb1531a9b3233c.yaml new file mode 100644 index 0000000000..a26377eab2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-e5cbcd667f6374a7cacb1531a9b3233c.yaml @@ -0,0 +1,58 @@ +id: bdthemes-element-pack-lite-e5cbcd667f6374a7cacb1531a9b3233c + +info: + name: > + Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2edfceaf-e719-4351-8f5c-2d7dd401c84e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-f4f911fdf61cb94da9a5aa199fbba441.yaml b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-f4f911fdf61cb94da9a5aa199fbba441.yaml new file mode 100644 index 0000000000..be383aff23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-element-pack-lite-f4f911fdf61cb94da9a5aa199fbba441.yaml @@ -0,0 +1,58 @@ +id: bdthemes-element-pack-lite-f4f911fdf61cb94da9a5aa199fbba441 + +info: + name: > + Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/543c4d52-0e47-4bbb-b53e-dbe3f104734f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-element-pack-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-element-pack-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-element-pack-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-element-pack-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-element-pack-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-332edd099b0a24d5cedbd6ff5e1c921f.yaml b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-332edd099b0a24d5cedbd6ff5e1c921f.yaml new file mode 100644 index 0000000000..4729c1b2bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-332edd099b0a24d5cedbd6ff5e1c921f.yaml @@ -0,0 +1,58 @@ +id: bdthemes-prime-slider-lite-332edd099b0a24d5cedbd6ff5e1c921f + +info: + name: > + Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b97e41a7-dd0a-41cf-ba74-84b117192088?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-prime-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-prime-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-4475ed600e0c7aee761684483f573ae1.yaml b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-4475ed600e0c7aee761684483f573ae1.yaml new file mode 100644 index 0000000000..a424a49fb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-4475ed600e0c7aee761684483f573ae1.yaml @@ -0,0 +1,58 @@ +id: bdthemes-prime-slider-lite-4475ed600e0c7aee761684483f573ae1 + +info: + name: > + Prime Slider – Addons For Elementor <= 3.11.10 - Incorrect Authorization via bdt_duplicate_as_draft + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/691b7428-73e5-4800-85a1-19daa85aff4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-prime-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-prime-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-4856ea4fa23608af898ff19809065029.yaml b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-4856ea4fa23608af898ff19809065029.yaml new file mode 100644 index 0000000000..9ea9ae50c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-4856ea4fa23608af898ff19809065029.yaml @@ -0,0 +1,58 @@ +id: bdthemes-prime-slider-lite-4856ea4fa23608af898ff19809065029 + +info: + name: > + Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fiestar Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbb3ee94-e631-47ee-9f16-6bf7c23abab1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-prime-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-prime-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-58cf3685b6d061649f14b9a15a1de69b.yaml b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-58cf3685b6d061649f14b9a15a1de69b.yaml new file mode 100644 index 0000000000..198b6d05c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-58cf3685b6d061649f14b9a15a1de69b.yaml @@ -0,0 +1,58 @@ +id: bdthemes-prime-slider-lite-58cf3685b6d061649f14b9a15a1de69b + +info: + name: > + Prime Slider – Addons For Elementor <= 3.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via title + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7683a91d-8c16-481e-a300-590ac378890a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-prime-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-prime-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-7c8990ed736a3cb5113e28a3af38b444.yaml b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-7c8990ed736a3cb5113e28a3af38b444.yaml new file mode 100644 index 0000000000..678296ad80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-7c8990ed736a3cb5113e28a3af38b444.yaml @@ -0,0 +1,58 @@ +id: bdthemes-prime-slider-lite-7c8990ed736a3cb5113e28a3af38b444 + +info: + name: > + Prime Slider – Addons For Elementor <= 3.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Mercury Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7da00af0-edd1-4c39-ae33-a0dc21bd25a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-prime-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-prime-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-889847d33809b1d03070e688df75ac6b.yaml b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-889847d33809b1d03070e688df75ac6b.yaml new file mode 100644 index 0000000000..eb551b15e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-889847d33809b1d03070e688df75ac6b.yaml @@ -0,0 +1,58 @@ +id: bdthemes-prime-slider-lite-889847d33809b1d03070e688df75ac6b + +info: + name: > + Prime Slider – Addons For Elementor <= 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rubix Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09f2cb22-07e2-4fe5-8c2a-9d4420ee26ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-prime-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-prime-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-b5d8ae30fccbde3a30e869d152e37902.yaml b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-b5d8ae30fccbde3a30e869d152e37902.yaml new file mode 100644 index 0000000000..6873ab08da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-b5d8ae30fccbde3a30e869d152e37902.yaml @@ -0,0 +1,58 @@ +id: bdthemes-prime-slider-lite-b5d8ae30fccbde3a30e869d152e37902 + +info: + name: > + Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) <= 3.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5a2ed81-254e-460c-b3a4-0cb38e089142?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-prime-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-prime-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.14.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-c0add8aac27f340c1c289e5c63a1598d.yaml b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-c0add8aac27f340c1c289e5c63a1598d.yaml new file mode 100644 index 0000000000..e31463a65e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-c0add8aac27f340c1c289e5c63a1598d.yaml @@ -0,0 +1,58 @@ +id: bdthemes-prime-slider-lite-c0add8aac27f340c1c289e5c63a1598d + +info: + name: > + Prime Slider – Addons For Elementor <= 3.13.2 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85013657-51a6-4d7f-bb9a-aca52d8669bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-prime-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-prime-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-dea28b24d7e53b89e98cd471b0652d7a.yaml b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-dea28b24d7e53b89e98cd471b0652d7a.yaml new file mode 100644 index 0000000000..48f4f70450 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdthemes-prime-slider-lite-dea28b24d7e53b89e98cd471b0652d7a.yaml @@ -0,0 +1,58 @@ +id: bdthemes-prime-slider-lite-dea28b24d7e53b89e98cd471b0652d7a + +info: + name: > + Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eba6056-e087-4347-ad36-96501ceb4cdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdthemes-prime-slider-lite/" + google-query: inurl:"/wp-content/plugins/bdthemes-prime-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdthemes-prime-slider-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdthemes-prime-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdthemes-prime-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.14.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bdvs-password-reset-1a189dbfcf27a170ebf674465bd67d58.yaml b/nuclei-templates/cve-less/plugins/bdvs-password-reset-1a189dbfcf27a170ebf674465bd67d58.yaml new file mode 100644 index 0000000000..48fb455ee6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bdvs-password-reset-1a189dbfcf27a170ebf674465bd67d58.yaml @@ -0,0 +1,58 @@ +id: bdvs-password-reset-1a189dbfcf27a170ebf674465bd67d58 + +info: + name: > + Password Reset with Code for WordPress REST API <= 0.0.15 - Weak Password Recovery Mechanism + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f44b9e6d-2f84-45f6-9f74-3f23b03c5a49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bdvs-password-reset/" + google-query: inurl:"/wp-content/plugins/bdvs-password-reset/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bdvs-password-reset,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bdvs-password-reset/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bdvs-password-reset" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/be-popia-compliant-7d6d3ed82fbce25bd8d4d72adc5dbb85.yaml b/nuclei-templates/cve-less/plugins/be-popia-compliant-7d6d3ed82fbce25bd8d4d72adc5dbb85.yaml new file mode 100644 index 0000000000..339e63505b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/be-popia-compliant-7d6d3ed82fbce25bd8d4d72adc5dbb85.yaml @@ -0,0 +1,58 @@ +id: be-popia-compliant-7d6d3ed82fbce25bd8d4d72adc5dbb85 + +info: + name: > + Be POPIA Compliant <= 1.2.0 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eecd1497-c94e-4f67-8cc5-72afffe9fae2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/be-popia-compliant/" + google-query: inurl:"/wp-content/plugins/be-popia-compliant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,be-popia-compliant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/be-popia-compliant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "be-popia-compliant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/be-popia-compliant-89d00060ada213715ac2f4cc10816ef2.yaml b/nuclei-templates/cve-less/plugins/be-popia-compliant-89d00060ada213715ac2f4cc10816ef2.yaml new file mode 100644 index 0000000000..bac46bd279 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/be-popia-compliant-89d00060ada213715ac2f4cc10816ef2.yaml @@ -0,0 +1,58 @@ +id: be-popia-compliant-89d00060ada213715ac2f4cc10816ef2 + +info: + name: > + Be POPIA Compliant <= 1.1.5 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fcdd6b5-a273-4916-a894-a753be0a7921?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/be-popia-compliant/" + google-query: inurl:"/wp-content/plugins/be-popia-compliant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,be-popia-compliant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/be-popia-compliant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "be-popia-compliant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaf-before-and-after-gallery-5866d53824f6a21c318e64067df5b3af.yaml b/nuclei-templates/cve-less/plugins/beaf-before-and-after-gallery-5866d53824f6a21c318e64067df5b3af.yaml new file mode 100644 index 0000000000..df57b35242 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaf-before-and-after-gallery-5866d53824f6a21c318e64067df5b3af.yaml @@ -0,0 +1,58 @@ +id: beaf-before-and-after-gallery-5866d53824f6a21c318e64067df5b3af + +info: + name: > + BEAF <= 4.5.4 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0bf0bf1-91c3-4f91-b5e4-189944b6a557?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaf-before-and-after-gallery/" + google-query: inurl:"/wp-content/plugins/beaf-before-and-after-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaf-before-and-after-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaf-before-and-after-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaf-before-and-after-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beautiful-and-responsive-cookie-consent-2f0c52f572204949d9dfa707ba4715b5.yaml b/nuclei-templates/cve-less/plugins/beautiful-and-responsive-cookie-consent-2f0c52f572204949d9dfa707ba4715b5.yaml new file mode 100644 index 0000000000..e6f0bedfde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beautiful-and-responsive-cookie-consent-2f0c52f572204949d9dfa707ba4715b5.yaml @@ -0,0 +1,58 @@ +id: beautiful-and-responsive-cookie-consent-2f0c52f572204949d9dfa707ba4715b5 + +info: + name: > + Beautiful Cookie Consent Banner <= 2.9.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd1b6b89-6c3c-4956-aa99-798ce186eb97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beautiful-and-responsive-cookie-consent/" + google-query: inurl:"/wp-content/plugins/beautiful-and-responsive-cookie-consent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beautiful-and-responsive-cookie-consent,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beautiful-and-responsive-cookie-consent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beautiful-and-responsive-cookie-consent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beautiful-and-responsive-cookie-consent-e17b32fc1c537aa75c208693d7d1b8f0.yaml b/nuclei-templates/cve-less/plugins/beautiful-and-responsive-cookie-consent-e17b32fc1c537aa75c208693d7d1b8f0.yaml new file mode 100644 index 0000000000..a3bb36f69f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beautiful-and-responsive-cookie-consent-e17b32fc1c537aa75c208693d7d1b8f0.yaml @@ -0,0 +1,58 @@ +id: beautiful-and-responsive-cookie-consent-e17b32fc1c537aa75c208693d7d1b8f0 + +info: + name: > + Beautiful Cookie Consent Banner <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/542a4079-b1a2-49bc-9ddd-ba7978c9992e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beautiful-and-responsive-cookie-consent/" + google-query: inurl:"/wp-content/plugins/beautiful-and-responsive-cookie-consent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beautiful-and-responsive-cookie-consent,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beautiful-and-responsive-cookie-consent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beautiful-and-responsive-cookie-consent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-03b179e5beb399c252262dca2e1c2a47.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-03b179e5beb399c252262dca2e1c2a47.yaml new file mode 100644 index 0000000000..52e3a967e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-03b179e5beb399c252262dca2e1c2a47.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-03b179e5beb399c252262dca2e1c2a47 + +info: + name: > + Beaver Builder <= 2.5.4.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28f0a927-a92e-45ab-8ef3-7a7c9368e1e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-31a5f54f51f59ec02334f6066d4afc3a.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-31a5f54f51f59ec02334f6066d4afc3a.yaml new file mode 100644 index 0000000000..37110397cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-31a5f54f51f59ec02334f6066d4afc3a.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-31a5f54f51f59ec02334f6066d4afc3a + +info: + name: > + Beaver Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26bfef74-214f-4257-afc7-730e82e80946?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-3deace4984f0c809f54b31e2e6aaea40.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-3deace4984f0c809f54b31e2e6aaea40.yaml new file mode 100644 index 0000000000..c76c2f0552 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-3deace4984f0c809f54b31e2e6aaea40.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-3deace4984f0c809f54b31e2e6aaea40 + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via 'caption' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/afbf1813-9023-4e3d-989a-19ddd6f6d358?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-49f8c3ec41639ad41107106a61b3b652.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-49f8c3ec41639ad41107106a61b3b652.yaml new file mode 100644 index 0000000000..cbe9a2ffd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-49f8c3ec41639ad41107106a61b3b652.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-49f8c3ec41639ad41107106a61b3b652 + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.8.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311170c-db2b-4c23-aa43-98d7e92839bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-4a6425bd134427fc325c845997202a57.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-4a6425bd134427fc325c845997202a57.yaml new file mode 100644 index 0000000000..43d1968875 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-4a6425bd134427fc325c845997202a57.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-4a6425bd134427fc325c845997202a57 + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a13c7a1-f904-41b1-ab7f-2df95c9b2880?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-73d0b7fc0e78937e14e64656fc0eec81.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-73d0b7fc0e78937e14e64656fc0eec81.yaml new file mode 100644 index 0000000000..029560a226 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-73d0b7fc0e78937e14e64656fc0eec81.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-73d0b7fc0e78937e14e64656fc0eec81 + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Audio Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a49e4f5a-ac9d-4f9b-8de2-c7871da8de35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a0f8dbe86bd25cb76ecd0536100264a1.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a0f8dbe86bd25cb76ecd0536100264a1.yaml new file mode 100644 index 0000000000..c554195e25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a0f8dbe86bd25cb76ecd0536100264a1.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-a0f8dbe86bd25cb76ecd0536100264a1 + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Reflected (DOM-Based) Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2cc2776-9496-42b5-a242-c572ae5462fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a11c0611909385052cd0aaeced3bbff4.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a11c0611909385052cd0aaeced3bbff4.yaml new file mode 100644 index 0000000000..2356ee7b9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a11c0611909385052cd0aaeced3bbff4.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-a11c0611909385052cd0aaeced3bbff4 + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05de06b1-52bb-47f7-af5e-e9320cf0437f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a48a705bfc66279fa96d49ee01ec64a4.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a48a705bfc66279fa96d49ee01ec64a4.yaml new file mode 100644 index 0000000000..0c2bdca7c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a48a705bfc66279fa96d49ee01ec64a4.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-a48a705bfc66279fa96d49ee01ec64a4 + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96086886-72f4-4a62-8f31-fc20e5240ba4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a4b84494f2ca0459161168fd007453cd.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a4b84494f2ca0459161168fd007453cd.yaml new file mode 100644 index 0000000000..1ddeb31ab3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-a4b84494f2ca0459161168fd007453cd.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-a4b84494f2ca0459161168fd007453cd + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Caption - On Hover + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/325dd035-db3d-49b4-a422-7c2c734bfd32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-ac5ea49d172b7aeae239859f4682fe56.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-ac5ea49d172b7aeae239859f4682fe56.yaml new file mode 100644 index 0000000000..863079deb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-ac5ea49d172b7aeae239859f4682fe56.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-ac5ea49d172b7aeae239859f4682fe56 + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.7.4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via heading tag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d62d3ca5-5795-46ef-ad8c-4474ff1e504e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-b00000526bce4d638ca8288e0858fb40.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-b00000526bce4d638ca8288e0858fb40.yaml new file mode 100644 index 0000000000..8a76a42300 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-b00000526bce4d638ca8288e0858fb40.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-b00000526bce4d638ca8288e0858fb40 + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.7.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21d1feae-e70f-439d-8992-f136211fdde0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-c20cb20ff14b1ed9f84a7525784a41bc.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-c20cb20ff14b1ed9f84a7525784a41bc.yaml new file mode 100644 index 0000000000..abb5bf698f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-c20cb20ff14b1ed9f84a7525784a41bc.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-c20cb20ff14b1ed9f84a7525784a41bc + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99960ff7-62e1-4c44-ae8e-ebda3e075781?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-dd8649decc08f39c4790db22c44b5be7.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-dd8649decc08f39c4790db22c44b5be7.yaml new file mode 100644 index 0000000000..527894fdb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-dd8649decc08f39c4790db22c44b5be7.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-dd8649decc08f39c4790db22c44b5be7 + +info: + name: > + Beaver Builder <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd6ed285-f215-44d3-9db9-9b2bfffee60a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-e9ae67bcdb286ec58db8997d8a78829a.yaml b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-e9ae67bcdb286ec58db8997d8a78829a.yaml new file mode 100644 index 0000000000..3c9f5013f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-builder-lite-version-e9ae67bcdb286ec58db8997d8a78829a.yaml @@ -0,0 +1,58 @@ +id: beaver-builder-lite-version-e9ae67bcdb286ec58db8997d8a78829a + +info: + name: > + Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/797768b3-5e4b-4f6e-8c5b-3513eace447d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-builder-lite-version/" + google-query: inurl:"/wp-content/plugins/beaver-builder-lite-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-builder-lite-version,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-builder-lite-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-builder-lite-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-themer-b957cb5f454b449f583a6eef42317102.yaml b/nuclei-templates/cve-less/plugins/beaver-themer-b957cb5f454b449f583a6eef42317102.yaml new file mode 100644 index 0000000000..fda052a7d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-themer-b957cb5f454b449f583a6eef42317102.yaml @@ -0,0 +1,58 @@ +id: beaver-themer-b957cb5f454b449f583a6eef42317102 + +info: + name: > + Beaver Themer <= 1.4.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8428a92-8b0a-4a9a-8f7e-571c252973c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-themer/" + google-query: inurl:"/wp-content/plugins/beaver-themer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-themer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-themer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-themer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beaver-themer-c8a7f0039447f90c8cdf2d5bac0144d4.yaml b/nuclei-templates/cve-less/plugins/beaver-themer-c8a7f0039447f90c8cdf2d5bac0144d4.yaml new file mode 100644 index 0000000000..8228a3f105 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beaver-themer-c8a7f0039447f90c8cdf2d5bac0144d4.yaml @@ -0,0 +1,58 @@ +id: beaver-themer-c8a7f0039447f90c8cdf2d5bac0144d4 + +info: + name: > + Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4165cff7-457d-4790-8678-84c4365a191a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beaver-themer/" + google-query: inurl:"/wp-content/plugins/beaver-themer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beaver-themer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beaver-themer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beaver-themer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/becustom-1b89b5eb4288496d851956ba01f7ee38.yaml b/nuclei-templates/cve-less/plugins/becustom-1b89b5eb4288496d851956ba01f7ee38.yaml new file mode 100644 index 0000000000..751a4f9e9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/becustom-1b89b5eb4288496d851956ba01f7ee38.yaml @@ -0,0 +1,58 @@ +id: becustom-1b89b5eb4288496d851956ba01f7ee38 + +info: + name: > + Becustom <= 1.0.5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83c0e096-f054-4367-a85f-582c0771e3fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/becustom/" + google-query: inurl:"/wp-content/plugins/becustom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,becustom,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/becustom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "becustom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beds24-online-booking-362ca4d6e33d614fc53fac12799f63e4.yaml b/nuclei-templates/cve-less/plugins/beds24-online-booking-362ca4d6e33d614fc53fac12799f63e4.yaml new file mode 100644 index 0000000000..40024ce251 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beds24-online-booking-362ca4d6e33d614fc53fac12799f63e4.yaml @@ -0,0 +1,58 @@ +id: beds24-online-booking-362ca4d6e33d614fc53fac12799f63e4 + +info: + name: > + Beds24 Online Booking <= 2.0.23 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca5bc2af-394b-4fc1-b6c3-ed9ff0a5959a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beds24-online-booking/" + google-query: inurl:"/wp-content/plugins/beds24-online-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beds24-online-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beds24-online-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beds24-online-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beds24-online-booking-843511a1c7a253d8815f1011e5416ca7.yaml b/nuclei-templates/cve-less/plugins/beds24-online-booking-843511a1c7a253d8815f1011e5416ca7.yaml new file mode 100644 index 0000000000..5e5634983c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beds24-online-booking-843511a1c7a253d8815f1011e5416ca7.yaml @@ -0,0 +1,58 @@ +id: beds24-online-booking-843511a1c7a253d8815f1011e5416ca7 + +info: + name: > + Beds24 Online Booking <= 2.0.24 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fc2b2a5-00b0-424e-8678-c6b5cd76baec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beds24-online-booking/" + google-query: inurl:"/wp-content/plugins/beds24-online-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beds24-online-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beds24-online-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beds24-online-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beebee-mini-56db8ce4b9ff6871db6cca64bbbcf0dc.yaml b/nuclei-templates/cve-less/plugins/beebee-mini-56db8ce4b9ff6871db6cca64bbbcf0dc.yaml new file mode 100644 index 0000000000..d5d2468815 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beebee-mini-56db8ce4b9ff6871db6cca64bbbcf0dc.yaml @@ -0,0 +1,58 @@ +id: beebee-mini-56db8ce4b9ff6871db6cca64bbbcf0dc + +info: + name: > + Beebee Mini <= 1.2.0 - Unauthorized File Upload via ACF + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27ca0d04-9796-415f-a6e6-7c1752a74fea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beebee-mini/" + google-query: inurl:"/wp-content/plugins/beebee-mini/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beebee-mini,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beebee-mini/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beebee-mini" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/beepress-7d84dd587f6a41715457eb91e2b1b3ae.yaml b/nuclei-templates/cve-less/plugins/beepress-7d84dd587f6a41715457eb91e2b1b3ae.yaml new file mode 100644 index 0000000000..b6a00c4200 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/beepress-7d84dd587f6a41715457eb91e2b1b3ae.yaml @@ -0,0 +1,58 @@ +id: beepress-7d84dd587f6a41715457eb91e2b1b3ae + +info: + name: > + BeePress <= 6.9.8 - Cross-Site Request Forgery via beepress-pro.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/334839c2-6844-4531-ab16-26f32ddcaba1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/beepress/" + google-query: inurl:"/wp-content/plugins/beepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,beepress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/beepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/before-after-image-slider-c52273b2cf56d5474ff79f10bc5133f6.yaml b/nuclei-templates/cve-less/plugins/before-after-image-slider-c52273b2cf56d5474ff79f10bc5133f6.yaml new file mode 100644 index 0000000000..256f51d5a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/before-after-image-slider-c52273b2cf56d5474ff79f10bc5133f6.yaml @@ -0,0 +1,58 @@ +id: before-after-image-slider-c52273b2cf56d5474ff79f10bc5133f6 + +info: + name: > + Before After Image Slider WP <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af76e32b-ba7d-4eaa-97c8-ed6a25e8f387?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/before-after-image-slider/" + google-query: inurl:"/wp-content/plugins/before-after-image-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,before-after-image-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/before-after-image-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "before-after-image-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/before-and-after-9868c860ce207929896c4fa67bae9575.yaml b/nuclei-templates/cve-less/plugins/before-and-after-9868c860ce207929896c4fa67bae9575.yaml new file mode 100644 index 0000000000..99bcad78e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/before-and-after-9868c860ce207929896c4fa67bae9575.yaml @@ -0,0 +1,58 @@ +id: before-and-after-9868c860ce207929896c4fa67bae9575 + +info: + name: > + Before And After <= 3.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c988b505-d42a-4d23-a641-f2fc8ab9c988?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/before-and-after/" + google-query: inurl:"/wp-content/plugins/before-and-after/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,before-and-after,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/before-and-after/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "before-and-after" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bellows-accordion-menu-a2e597896da84d8e5ead12576f9d50bb.yaml b/nuclei-templates/cve-less/plugins/bellows-accordion-menu-a2e597896da84d8e5ead12576f9d50bb.yaml new file mode 100644 index 0000000000..0229f34736 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bellows-accordion-menu-a2e597896da84d8e5ead12576f9d50bb.yaml @@ -0,0 +1,58 @@ +id: bellows-accordion-menu-a2e597896da84d8e5ead12576f9d50bb + +info: + name: > + Bellows Accordion Menu <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50283a4f-ea59-488a-bab0-dd6bc5718556?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bellows-accordion-menu/" + google-query: inurl:"/wp-content/plugins/bellows-accordion-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bellows-accordion-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bellows-accordion-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bellows-accordion-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/benchmark-email-lite-f47f4e7914a77fceef2cac004cb55a1b.yaml b/nuclei-templates/cve-less/plugins/benchmark-email-lite-f47f4e7914a77fceef2cac004cb55a1b.yaml new file mode 100644 index 0000000000..d4559f4143 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/benchmark-email-lite-f47f4e7914a77fceef2cac004cb55a1b.yaml @@ -0,0 +1,58 @@ +id: benchmark-email-lite-f47f4e7914a77fceef2cac004cb55a1b + +info: + name: > + Benchmark Email Lite <= 4.1 - Cross-Site Request Forgery via page_settings() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b52dab9-f518-4b66-ba2d-2e5b4aeb2bb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/benchmark-email-lite/" + google-query: inurl:"/wp-content/plugins/benchmark-email-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,benchmark-email-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/benchmark-email-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "benchmark-email-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bertha-ai-free-b518bec195877c390c9c609530bbaa4b.yaml b/nuclei-templates/cve-less/plugins/bertha-ai-free-b518bec195877c390c9c609530bbaa4b.yaml new file mode 100644 index 0000000000..16044622c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bertha-ai-free-b518bec195877c390c9c609530bbaa4b.yaml @@ -0,0 +1,58 @@ +id: bertha-ai-free-b518bec195877c390c9c609530bbaa4b + +info: + name: > + BERTHA AI Plugin <= 1.11.10.7 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b4630f7-74db-46c4-bf86-f1ff64be3463?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bertha-ai-free/" + google-query: inurl:"/wp-content/plugins/bertha-ai-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bertha-ai-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bertha-ai-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bertha-ai-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.11.10.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/best-restaurant-menu-by-pricelisto-6c6dcf20e63f7dc387f2f85722e8901c.yaml b/nuclei-templates/cve-less/plugins/best-restaurant-menu-by-pricelisto-6c6dcf20e63f7dc387f2f85722e8901c.yaml new file mode 100644 index 0000000000..336c54fa05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/best-restaurant-menu-by-pricelisto-6c6dcf20e63f7dc387f2f85722e8901c.yaml @@ -0,0 +1,58 @@ +id: best-restaurant-menu-by-pricelisto-6c6dcf20e63f7dc387f2f85722e8901c + +info: + name: > + Best Restaurant Menu by PriceListo <= 1.3.1 - Cross-Site Request Forgery via menu_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c24f881-52bc-4210-9037-bcdd1e4aa895?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/best-restaurant-menu-by-pricelisto/" + google-query: inurl:"/wp-content/plugins/best-restaurant-menu-by-pricelisto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,best-restaurant-menu-by-pricelisto,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/best-restaurant-menu-by-pricelisto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "best-restaurant-menu-by-pricelisto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/best-woocommerce-feed-339c653ee99c338c15ef4d1eade1d929.yaml b/nuclei-templates/cve-less/plugins/best-woocommerce-feed-339c653ee99c338c15ef4d1eade1d929.yaml new file mode 100644 index 0000000000..4b9e36e1f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/best-woocommerce-feed-339c653ee99c338c15ef4d1eade1d929.yaml @@ -0,0 +1,58 @@ +id: best-woocommerce-feed-339c653ee99c338c15ef4d1eade1d929 + +info: + name: > + Product Feed Manager <= 7.3.15 - Authenticated (Admin+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a20b65a-6d3a-41fc-80c5-94cce0459a6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/best-woocommerce-feed/" + google-query: inurl:"/wp-content/plugins/best-woocommerce-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,best-woocommerce-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/best-woocommerce-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "best-woocommerce-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bestbooks-2a2a7cb185c86a125aeb5500ccc53d3d.yaml b/nuclei-templates/cve-less/plugins/bestbooks-2a2a7cb185c86a125aeb5500ccc53d3d.yaml new file mode 100644 index 0000000000..287fb3e503 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bestbooks-2a2a7cb185c86a125aeb5500ccc53d3d.yaml @@ -0,0 +1,58 @@ +id: bestbooks-2a2a7cb185c86a125aeb5500ccc53d3d + +info: + name: > + Bestbooks <= 2.6.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd2d82f4-1493-4829-a4e9-adbb98301324?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bestbooks/" + google-query: inurl:"/wp-content/plugins/bestbooks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bestbooks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bestbooks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bestbooks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-anchor-links-237b2843475a8f4f4f800677c6af1b8b.yaml b/nuclei-templates/cve-less/plugins/better-anchor-links-237b2843475a8f4f4f800677c6af1b8b.yaml new file mode 100644 index 0000000000..108bcf06bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-anchor-links-237b2843475a8f4f4f800677c6af1b8b.yaml @@ -0,0 +1,58 @@ +id: better-anchor-links-237b2843475a8f4f4f800677c6af1b8b + +info: + name: > + Better Anchor Links <= 1.7.5 - Cross-Site Request Forgery via admin/options.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f51ea60-7bda-4627-9b65-d1ff402dfc88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-anchor-links/" + google-query: inurl:"/wp-content/plugins/better-anchor-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-anchor-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-anchor-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-anchor-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-click-to-tweet-d23e433446769426d4aae17f6fe2a04a.yaml b/nuclei-templates/cve-less/plugins/better-click-to-tweet-d23e433446769426d4aae17f6fe2a04a.yaml new file mode 100644 index 0000000000..e2fe89b75a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-click-to-tweet-d23e433446769426d4aae17f6fe2a04a.yaml @@ -0,0 +1,58 @@ +id: better-click-to-tweet-d23e433446769426d4aae17f6fe2a04a + +info: + name: > + Better Click To Tweet <= 5.10.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfd1e59a-a76d-4f6d-9d22-021afd45d9af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-click-to-tweet/" + google-query: inurl:"/wp-content/plugins/better-click-to-tweet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-click-to-tweet,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-click-to-tweet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-click-to-tweet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-comments-7585bdd855a3ce213df577df1a0cf7c5.yaml b/nuclei-templates/cve-less/plugins/better-comments-7585bdd855a3ce213df577df1a0cf7c5.yaml new file mode 100644 index 0000000000..f3d0d35d68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-comments-7585bdd855a3ce213df577df1a0cf7c5.yaml @@ -0,0 +1,58 @@ +id: better-comments-7585bdd855a3ce213df577df1a0cf7c5 + +info: + name: > + Better Comments <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78b79a03-f2d0-42bb-a6e9-298c6cdd2ffa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-comments/" + google-query: inurl:"/wp-content/plugins/better-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-comments-cca7855a039dbac1182b0b2fae34c3b0.yaml b/nuclei-templates/cve-less/plugins/better-comments-cca7855a039dbac1182b0b2fae34c3b0.yaml new file mode 100644 index 0000000000..980187fb6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-comments-cca7855a039dbac1182b0b2fae34c3b0.yaml @@ -0,0 +1,58 @@ +id: better-comments-cca7855a039dbac1182b0b2fae34c3b0 + +info: + name: > + Better Comments <= 1.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4afbe34b-121e-41d2-ab12-c3d70a0d80d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-comments/" + google-query: inurl:"/wp-content/plugins/better-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-delete-revision-fdec0718eabbae53872d03fa70d141a9.yaml b/nuclei-templates/cve-less/plugins/better-delete-revision-fdec0718eabbae53872d03fa70d141a9.yaml new file mode 100644 index 0000000000..61825de124 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-delete-revision-fdec0718eabbae53872d03fa70d141a9.yaml @@ -0,0 +1,58 @@ +id: better-delete-revision-fdec0718eabbae53872d03fa70d141a9 + +info: + name: > + Better Delete Revision <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42156e9f-711a-4592-b92c-d4af845d686a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-delete-revision/" + google-query: inurl:"/wp-content/plugins/better-delete-revision/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-delete-revision,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-delete-revision/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-delete-revision" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-elementor-addons-267d7435385a9582ef7c8199e8931303.yaml b/nuclei-templates/cve-less/plugins/better-elementor-addons-267d7435385a9582ef7c8199e8931303.yaml new file mode 100644 index 0000000000..cc1f6777d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-elementor-addons-267d7435385a9582ef7c8199e8931303.yaml @@ -0,0 +1,58 @@ +id: better-elementor-addons-267d7435385a9582ef7c8199e8931303 + +info: + name: > + Better Elementor Addons <= 1.3.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a628eef-937c-4391-afac-22128ec5b51c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-elementor-addons/" + google-query: inurl:"/wp-content/plugins/better-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-elementor-addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-elementor-addons-9167001bdde424000d6bf79c1d596a20.yaml b/nuclei-templates/cve-less/plugins/better-elementor-addons-9167001bdde424000d6bf79c1d596a20.yaml new file mode 100644 index 0000000000..feb4792c6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-elementor-addons-9167001bdde424000d6bf79c1d596a20.yaml @@ -0,0 +1,58 @@ +id: better-elementor-addons-9167001bdde424000d6bf79c1d596a20 + +info: + name: > + Better Elementor Addons <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db8437ee-d917-406d-810d-6b7cbe7976c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-elementor-addons/" + google-query: inurl:"/wp-content/plugins/better-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-elementor-addons-b4d70a86acec874506b4ab2dcb06e399.yaml b/nuclei-templates/cve-less/plugins/better-elementor-addons-b4d70a86acec874506b4ab2dcb06e399.yaml new file mode 100644 index 0000000000..da4985ddcc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-elementor-addons-b4d70a86acec874506b4ab2dcb06e399.yaml @@ -0,0 +1,58 @@ +id: better-elementor-addons-b4d70a86acec874506b4ab2dcb06e399 + +info: + name: > + Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8d7ace3-af34-4951-810b-87923ef2ec30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-elementor-addons/" + google-query: inurl:"/wp-content/plugins/better-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-elementor-addons-c71bf414dec349bec3e4220e85ee81e5.yaml b/nuclei-templates/cve-less/plugins/better-elementor-addons-c71bf414dec349bec3e4220e85ee81e5.yaml new file mode 100644 index 0000000000..3338f6ac25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-elementor-addons-c71bf414dec349bec3e4220e85ee81e5.yaml @@ -0,0 +1,58 @@ +id: better-elementor-addons-c71bf414dec349bec3e4220e85ee81e5 + +info: + name: > + Better Elementor Addons <= 1.4.1 - Authenticated(Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/437712f5-a493-4625-a314-856f0d0d9758?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-elementor-addons/" + google-query: inurl:"/wp-content/plugins/better-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-follow-button-for-jetpack-bf3890ad3455b3c44beacb3bebc6b11a.yaml b/nuclei-templates/cve-less/plugins/better-follow-button-for-jetpack-bf3890ad3455b3c44beacb3bebc6b11a.yaml new file mode 100644 index 0000000000..83d8473c92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-follow-button-for-jetpack-bf3890ad3455b3c44beacb3bebc6b11a.yaml @@ -0,0 +1,58 @@ +id: better-follow-button-for-jetpack-bf3890ad3455b3c44beacb3bebc6b11a + +info: + name: > + Better Follow Button for Jetpack <= 8.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fec06875-f6b4-4e57-917f-e80ece3744e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-follow-button-for-jetpack/" + google-query: inurl:"/wp-content/plugins/better-follow-button-for-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-follow-button-for-jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-follow-button-for-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-follow-button-for-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-font-awesome-367b17bcc7fd153764ffbb7e174fed0a.yaml b/nuclei-templates/cve-less/plugins/better-font-awesome-367b17bcc7fd153764ffbb7e174fed0a.yaml new file mode 100644 index 0000000000..01f230c4be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-font-awesome-367b17bcc7fd153764ffbb7e174fed0a.yaml @@ -0,0 +1,58 @@ +id: better-font-awesome-367b17bcc7fd153764ffbb7e174fed0a + +info: + name: > + Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d70b9b6-a1f0-4449-8d1a-ae16dbcc844d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-font-awesome/" + google-query: inurl:"/wp-content/plugins/better-font-awesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-font-awesome,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-font-awesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-font-awesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-font-awesome-415ed972729f96565976948d92875199.yaml b/nuclei-templates/cve-less/plugins/better-font-awesome-415ed972729f96565976948d92875199.yaml new file mode 100644 index 0000000000..c76e232c26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-font-awesome-415ed972729f96565976948d92875199.yaml @@ -0,0 +1,58 @@ +id: better-font-awesome-415ed972729f96565976948d92875199 + +info: + name: > + Better Font Awesome <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f7f9d85-c376-45c5-91ab-559864f598c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-font-awesome/" + google-query: inurl:"/wp-content/plugins/better-font-awesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-font-awesome,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-font-awesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-font-awesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-font-awesome-e128c0c0167442ae481665888471e921.yaml b/nuclei-templates/cve-less/plugins/better-font-awesome-e128c0c0167442ae481665888471e921.yaml new file mode 100644 index 0000000000..15e9555125 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-font-awesome-e128c0c0167442ae481665888471e921.yaml @@ -0,0 +1,58 @@ +id: better-font-awesome-e128c0c0167442ae481665888471e921 + +info: + name: > + Better Font Awesome <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/787ab3f0-c8c4-46cd-bfbe-ac1ca508898a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-font-awesome/" + google-query: inurl:"/wp-content/plugins/better-font-awesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-font-awesome,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-font-awesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-font-awesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-robots-txt-0e514fdd87f87b672172ceb862e2efda.yaml b/nuclei-templates/cve-less/plugins/better-robots-txt-0e514fdd87f87b672172ceb862e2efda.yaml new file mode 100644 index 0000000000..5194490863 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-robots-txt-0e514fdd87f87b672172ceb862e2efda.yaml @@ -0,0 +1,58 @@ +id: better-robots-txt-0e514fdd87f87b672172ceb862e2efda + +info: + name: > + Robots.txt optimization <= 1.4.5 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03eed366-c018-44b9-bb72-56911e9957b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-robots-txt/" + google-query: inurl:"/wp-content/plugins/better-robots-txt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-robots-txt,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-robots-txt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-robots-txt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-rss-widget-e9bfeb55edc6f8bed127152a2312d037.yaml b/nuclei-templates/cve-less/plugins/better-rss-widget-e9bfeb55edc6f8bed127152a2312d037.yaml new file mode 100644 index 0000000000..472d85aa87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-rss-widget-e9bfeb55edc6f8bed127152a2312d037.yaml @@ -0,0 +1,58 @@ +id: better-rss-widget-e9bfeb55edc6f8bed127152a2312d037 + +info: + name: > + Better RSS Widget <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12660e7a-51fc-42c5-8a09-49df1db51efb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-rss-widget/" + google-query: inurl:"/wp-content/plugins/better-rss-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-rss-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-rss-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-rss-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-search-1bccfaa95263e0cba6cdbff0fea9a636.yaml b/nuclei-templates/cve-less/plugins/better-search-1bccfaa95263e0cba6cdbff0fea9a636.yaml new file mode 100644 index 0000000000..e1974342bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-search-1bccfaa95263e0cba6cdbff0fea9a636.yaml @@ -0,0 +1,58 @@ +id: better-search-1bccfaa95263e0cba6cdbff0fea9a636 + +info: + name: > + Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc6c595-dad2-4abc-8187-ed72355273b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-search/" + google-query: inurl:"/wp-content/plugins/better-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-search-44c47555058dcc87f8d2d8e62dfb89fe.yaml b/nuclei-templates/cve-less/plugins/better-search-44c47555058dcc87f8d2d8e62dfb89fe.yaml new file mode 100644 index 0000000000..24789ee347 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-search-44c47555058dcc87f8d2d8e62dfb89fe.yaml @@ -0,0 +1,58 @@ +id: better-search-44c47555058dcc87f8d2d8e62dfb89fe + +info: + name: > + Better Search <= 2.5.2 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7acbcf74-2bae-412b-bf9d-70287a91deea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-search/" + google-query: inurl:"/wp-content/plugins/better-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-search-6cd471916f03102419bfc2ce43f76e09.yaml b/nuclei-templates/cve-less/plugins/better-search-6cd471916f03102419bfc2ce43f76e09.yaml new file mode 100644 index 0000000000..8cf96ecb64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-search-6cd471916f03102419bfc2ce43f76e09.yaml @@ -0,0 +1,58 @@ +id: better-search-6cd471916f03102419bfc2ce43f76e09 + +info: + name: > + Better Search <= 3.3.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4e1638a-ddfb-44e5-951e-3e779971a3a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-search/" + google-query: inurl:"/wp-content/plugins/better-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-search-replace-116a3711d1ab72d436ec5c35678ceddf.yaml b/nuclei-templates/cve-less/plugins/better-search-replace-116a3711d1ab72d436ec5c35678ceddf.yaml new file mode 100644 index 0000000000..06b8765367 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-search-replace-116a3711d1ab72d436ec5c35678ceddf.yaml @@ -0,0 +1,58 @@ +id: better-search-replace-116a3711d1ab72d436ec5c35678ceddf + +info: + name: > + Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/895f2db1-a2ed-4a17-a4f6-cd13ee8f84af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-search-replace/" + google-query: inurl:"/wp-content/plugins/better-search-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-search-replace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-search-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-search-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-search-replace-3d5b724b4980f24cb96bdfad9d38ad3d.yaml b/nuclei-templates/cve-less/plugins/better-search-replace-3d5b724b4980f24cb96bdfad9d38ad3d.yaml new file mode 100644 index 0000000000..ef7b5c26ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-search-replace-3d5b724b4980f24cb96bdfad9d38ad3d.yaml @@ -0,0 +1,58 @@ +id: better-search-replace-3d5b724b4980f24cb96bdfad9d38ad3d + +info: + name: > + Better Search Replace <= 1.4 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd2f495e-63fd-49e4-9d6b-320ed007dacb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-search-replace/" + google-query: inurl:"/wp-content/plugins/better-search-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-search-replace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-search-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-search-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-search-tmc-49f7af60a7d6ca8e6785ad7873768f2a.yaml b/nuclei-templates/cve-less/plugins/better-search-tmc-49f7af60a7d6ca8e6785ad7873768f2a.yaml new file mode 100644 index 0000000000..471af851c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-search-tmc-49f7af60a7d6ca8e6785ad7873768f2a.yaml @@ -0,0 +1,58 @@ +id: better-search-tmc-49f7af60a7d6ca8e6785ad7873768f2a + +info: + name: > + JQueryFileTree <= 2.1.5 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f20352f-386f-45ab-b719-8a70f5c11b02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-search-tmc/" + google-query: inurl:"/wp-content/plugins/better-search-tmc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-search-tmc,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-search-tmc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-search-tmc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-wp-security-0997b0e1fcb7c16b9cb4f5f402cc298d.yaml b/nuclei-templates/cve-less/plugins/better-wp-security-0997b0e1fcb7c16b9cb4f5f402cc298d.yaml new file mode 100644 index 0000000000..e016e28808 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-wp-security-0997b0e1fcb7c16b9cb4f5f402cc298d.yaml @@ -0,0 +1,58 @@ +id: better-wp-security-0997b0e1fcb7c16b9cb4f5f402cc298d + +info: + name: > + iThemes Security < 3.2.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5350e519-3fa5-4463-b7b4-12bbe6fd5591?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-wp-security/" + google-query: inurl:"/wp-content/plugins/better-wp-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-wp-security,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-wp-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-wp-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-wp-security-5914e98b8f19f72e002d683195cf84b7.yaml b/nuclei-templates/cve-less/plugins/better-wp-security-5914e98b8f19f72e002d683195cf84b7.yaml new file mode 100644 index 0000000000..ff3a04de69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-wp-security-5914e98b8f19f72e002d683195cf84b7.yaml @@ -0,0 +1,58 @@ +id: better-wp-security-5914e98b8f19f72e002d683195cf84b7 + +info: + name: > + iThemes Security <= 7.6.1 - Broken Password Mechanism + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5749a496-930a-4e31-968e-0c2a72e03555?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-wp-security/" + google-query: inurl:"/wp-content/plugins/better-wp-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-wp-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-wp-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-wp-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-wp-security-8a1c6c8c0e2f1e2277e0443f4946d572.yaml b/nuclei-templates/cve-less/plugins/better-wp-security-8a1c6c8c0e2f1e2277e0443f4946d572.yaml new file mode 100644 index 0000000000..feede23486 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-wp-security-8a1c6c8c0e2f1e2277e0443f4946d572.yaml @@ -0,0 +1,58 @@ +id: better-wp-security-8a1c6c8c0e2f1e2277e0443f4946d572 + +info: + name: > + iThemes Security <= 7.0.2 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a355a83-fece-4303-af37-8c01d159776a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-wp-security/" + google-query: inurl:"/wp-content/plugins/better-wp-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-wp-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-wp-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-wp-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-wp-security-d3827d64e2bdf966f3d9c111c132ea14.yaml b/nuclei-templates/cve-less/plugins/better-wp-security-d3827d64e2bdf966f3d9c111c132ea14.yaml new file mode 100644 index 0000000000..731972f916 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-wp-security-d3827d64e2bdf966f3d9c111c132ea14.yaml @@ -0,0 +1,58 @@ +id: better-wp-security-d3827d64e2bdf966f3d9c111c132ea14 + +info: + name: > + Better WP Security <= 3.2.4 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2ccdafb-39f4-4249-95fa-a3d752c435f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-wp-security/" + google-query: inurl:"/wp-content/plugins/better-wp-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-wp-security,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-wp-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-wp-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-wp-security-d859b6b56bcc909202cbeb832d5a6748.yaml b/nuclei-templates/cve-less/plugins/better-wp-security-d859b6b56bcc909202cbeb832d5a6748.yaml new file mode 100644 index 0000000000..3dafeee062 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-wp-security-d859b6b56bcc909202cbeb832d5a6748.yaml @@ -0,0 +1,58 @@ +id: better-wp-security-d859b6b56bcc909202cbeb832d5a6748 + +info: + name: > + iThemes Security <= 8.1.4 - Open Redirection via redirect_to_https + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/047cd34e-f2a1-4643-a1c5-3ead926b83ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-wp-security/" + google-query: inurl:"/wp-content/plugins/better-wp-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-wp-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-wp-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-wp-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/better-wp-security-d99359e94988cec585163990a9f996b0.yaml b/nuclei-templates/cve-less/plugins/better-wp-security-d99359e94988cec585163990a9f996b0.yaml new file mode 100644 index 0000000000..3eb7ace078 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/better-wp-security-d99359e94988cec585163990a9f996b0.yaml @@ -0,0 +1,58 @@ +id: better-wp-security-d99359e94988cec585163990a9f996b0 + +info: + name: > + iThemes Security <= 6.9.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b1dc818-75c6-45b7-9f0f-88275cc6e946?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/better-wp-security/" + google-query: inurl:"/wp-content/plugins/better-wp-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,better-wp-security,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/better-wp-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "better-wp-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/betterdocs-757fc98134d873ee7c2bce4cfa1cf695.yaml b/nuclei-templates/cve-less/plugins/betterdocs-757fc98134d873ee7c2bce4cfa1cf695.yaml new file mode 100644 index 0000000000..d86cc3ca51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/betterdocs-757fc98134d873ee7c2bce4cfa1cf695.yaml @@ -0,0 +1,58 @@ +id: betterdocs-757fc98134d873ee7c2bce4cfa1cf695 + +info: + name: > + BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d113191-b550-4752-b536-644206ab56c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/betterdocs/" + google-query: inurl:"/wp-content/plugins/betterdocs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,betterdocs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/betterdocs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betterdocs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/betterdocs-808772ef0715e55e48845eb09fe27708.yaml b/nuclei-templates/cve-less/plugins/betterdocs-808772ef0715e55e48845eb09fe27708.yaml new file mode 100644 index 0000000000..39500f0028 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/betterdocs-808772ef0715e55e48845eb09fe27708.yaml @@ -0,0 +1,58 @@ +id: betterdocs-808772ef0715e55e48845eb09fe27708 + +info: + name: > + BetterDocs <= 2.5.2 - Missing Authorization via AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a7d6059-4cef-4bd1-a14d-ad544bfaeea3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/betterdocs/" + google-query: inurl:"/wp-content/plugins/betterdocs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,betterdocs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/betterdocs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betterdocs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/betterlinks-7f5e21acda03d1d7fde69a880719d61b.yaml b/nuclei-templates/cve-less/plugins/betterlinks-7f5e21acda03d1d7fde69a880719d61b.yaml new file mode 100644 index 0000000000..dfadfa6605 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/betterlinks-7f5e21acda03d1d7fde69a880719d61b.yaml @@ -0,0 +1,58 @@ +id: betterlinks-7f5e21acda03d1d7fde69a880719d61b + +info: + name: > + BetterLinks – Shorten, Track and Manage any URL <= 1.2.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/793082f8-5b5e-4973-819c-d2f11d1a596e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/betterlinks/" + google-query: inurl:"/wp-content/plugins/betterlinks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,betterlinks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/betterlinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betterlinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/betterlinks-f079e6954da62257f11ff80bfdb93326.yaml b/nuclei-templates/cve-less/plugins/betterlinks-f079e6954da62257f11ff80bfdb93326.yaml new file mode 100644 index 0000000000..acfe0326d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/betterlinks-f079e6954da62257f11ff80bfdb93326.yaml @@ -0,0 +1,58 @@ +id: betterlinks-f079e6954da62257f11ff80bfdb93326 + +info: + name: > + BetterLinks <= 1.6.0 - Improper Authorization to Data Import and Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92b8829e-a8eb-4fdb-a772-9efbb5aaeb6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/betterlinks/" + google-query: inurl:"/wp-content/plugins/betterlinks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,betterlinks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/betterlinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betterlinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/betteroptin-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/betteroptin-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..4100eca6d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/betteroptin-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: betteroptin-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/betteroptin/" + google-query: inurl:"/wp-content/plugins/betteroptin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,betteroptin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/betteroptin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betteroptin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-0e6fd2b1537d8a018f72311524eaf46b.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-0e6fd2b1537d8a018f72311524eaf46b.yaml new file mode 100644 index 0000000000..9f4b090bc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-0e6fd2b1537d8a018f72311524eaf46b.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-0e6fd2b1537d8a018f72311524eaf46b + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6f7da0b-cc2c-43e5-8ae9-ef7d6d6f0ae9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-23eb31c668264c3c5aee5b4814654a30.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-23eb31c668264c3c5aee5b4814654a30.yaml new file mode 100644 index 0000000000..c42cc0e6ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-23eb31c668264c3c5aee5b4814654a30.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-23eb31c668264c3c5aee5b4814654a30 + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.7.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00fa12c7-5814-45f3-a35e-363cd0920e43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-33bf8f8eb63499d2436cf7f9e5a448fa.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-33bf8f8eb63499d2436cf7f9e5a448fa.yaml new file mode 100644 index 0000000000..5ff4ccf510 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-33bf8f8eb63499d2436cf7f9e5a448fa.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-33bf8f8eb63499d2436cf7f9e5a448fa + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.5.1.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4939efc-889a-4d1d-b916-dcf3b064dc81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-3c224c321d9ba7c36132b340a7d491de.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-3c224c321d9ba7c36132b340a7d491de.yaml new file mode 100644 index 0000000000..8d5a1b851c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-3c224c321d9ba7c36132b340a7d491de.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-3c224c321d9ba7c36132b340a7d491de + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.5.1.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba677822-a588-484e-a0aa-a9eda2954d01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-4270b682ebfb5d58e498fa26615a2af8.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-4270b682ebfb5d58e498fa26615a2af8.yaml new file mode 100644 index 0000000000..1dc15144b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-4270b682ebfb5d58e498fa26615a2af8.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-4270b682ebfb5d58e498fa26615a2af8 + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1db421d-d935-4441-ae5e-cc01123e80e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-53f4d866310c8c093dd280b48d69df62.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-53f4d866310c8c093dd280b48d69df62.yaml new file mode 100644 index 0000000000..7837ce475c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-53f4d866310c8c093dd280b48d69df62.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-53f4d866310c8c093dd280b48d69df62 + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.5.1.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb6719d8-18d2-4fa3-9b52-ba11cf567bb2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-85e7a548980a393d1ae0ce58883c267a.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-85e7a548980a393d1ae0ce58883c267a.yaml new file mode 100644 index 0000000000..c9b31e8f96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-85e7a548980a393d1ae0ce58883c267a.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-85e7a548980a393d1ae0ce58883c267a + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/755b53e4-051a-4a25-8fd9-fe10c28acc25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-a324da45179a3a5384dabaa9a7992990.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-a324da45179a3a5384dabaa9a7992990.yaml new file mode 100644 index 0000000000..a10127b0e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-a324da45179a3a5384dabaa9a7992990.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-a324da45179a3a5384dabaa9a7992990 + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7863f63c-11b5-43ac-9d68-8eb9925cdf7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-a4456a392889d99a207556dae46d468a.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-a4456a392889d99a207556dae46d468a.yaml new file mode 100644 index 0000000000..1c1566acc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-a4456a392889d99a207556dae46d468a.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-a4456a392889d99a207556dae46d468a + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.7 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d87d225-7de4-49f8-9cba-391d718af7fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-a749224e64254fa4b744badbc098456b.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-a749224e64254fa4b744badbc098456b.yaml new file mode 100644 index 0000000000..b25692fd61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-a749224e64254fa4b744badbc098456b.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-a749224e64254fa4b744badbc098456b + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ef79c77-53e7-439d-985a-786eb73c44eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-a99d654d3052252ef402e0749a9ce566.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-a99d654d3052252ef402e0749a9ce566.yaml new file mode 100644 index 0000000000..bd9d2f93f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-a99d654d3052252ef402e0749a9ce566.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-a99d654d3052252ef402e0749a9ce566 + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e77bb0b8-e101-4230-b707-10a3a126192d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-b4b2a249b6f5481511775013e7ebd58b.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-b4b2a249b6f5481511775013e7ebd58b.yaml new file mode 100644 index 0000000000..2b3a237a55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-b4b2a249b6f5481511775013e7ebd58b.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-b4b2a249b6f5481511775013e7ebd58b + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27bf9abc-b715-442e-9353-ec2154f658c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-b82f68ac873a5cd389e13e2f431350c2.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-b82f68ac873a5cd389e13e2f431350c2.yaml new file mode 100644 index 0000000000..66b1bbe97b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-b82f68ac873a5cd389e13e2f431350c2.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-b82f68ac873a5cd389e13e2f431350c2 + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.7.2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bf798b5-2a5c-42d9-a4b3-d3ed056e1fdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-ee5009aa999f8729af055978227a592d.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-ee5009aa999f8729af055978227a592d.yaml new file mode 100644 index 0000000000..d30c8ee377 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-ee5009aa999f8729af055978227a592d.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-ee5009aa999f8729af055978227a592d + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea087a7-197b-4dbe-b551-8074a0ea23ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-f39e8e9f12f06ce6e02dc29ac3b8f718.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-f39e8e9f12f06ce6e02dc29ac3b8f718.yaml new file mode 100644 index 0000000000..0c54f78207 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-f39e8e9f12f06ce6e02dc29ac3b8f718.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-f39e8e9f12f06ce6e02dc29ac3b8f718 + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.5.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92474491-b9fa-49f8-9256-8400af9eef95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bft-autoresponder-fa4a6ca6cb5f0ed29a506220c9fcc52b.yaml b/nuclei-templates/cve-less/plugins/bft-autoresponder-fa4a6ca6cb5f0ed29a506220c9fcc52b.yaml new file mode 100644 index 0000000000..31e99bc3d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bft-autoresponder-fa4a6ca6cb5f0ed29a506220c9fcc52b.yaml @@ -0,0 +1,58 @@ +id: bft-autoresponder-fa4a6ca6cb5f0ed29a506220c9fcc52b + +info: + name: > + Arigato Autoresponder and Newsletter <= 2.1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4dbab86-926d-4438-8310-19373c9bdd99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bft-autoresponder/" + google-query: inurl:"/wp-content/plugins/bft-autoresponder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bft-autoresponder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bft-autoresponder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bft-autoresponder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bg-biblie-references-9e36b0cf17e47fe4192107564b677097.yaml b/nuclei-templates/cve-less/plugins/bg-biblie-references-9e36b0cf17e47fe4192107564b677097.yaml new file mode 100644 index 0000000000..4bb1dc8dce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bg-biblie-references-9e36b0cf17e47fe4192107564b677097.yaml @@ -0,0 +1,58 @@ +id: bg-biblie-references-9e36b0cf17e47fe4192107564b677097 + +info: + name: > + Bg Bible References <= 3.8.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29c97617-78b1-4798-99a6-488176070e4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bg-biblie-references/" + google-query: inurl:"/wp-content/plugins/bg-biblie-references/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bg-biblie-references,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bg-biblie-references/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bg-biblie-references" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bib2html-94f4e4e5606b83b8d91c368a5ee77e4b.yaml b/nuclei-templates/cve-less/plugins/bib2html-94f4e4e5606b83b8d91c368a5ee77e4b.yaml new file mode 100644 index 0000000000..b699a56637 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bib2html-94f4e4e5606b83b8d91c368a5ee77e4b.yaml @@ -0,0 +1,58 @@ +id: bib2html-94f4e4e5606b83b8d91c368a5ee77e4b + +info: + name: > + bib2html <= 0.9.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be53bdbd-e797-4198-8ef9-bc01b5da68f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bib2html/" + google-query: inurl:"/wp-content/plugins/bib2html/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bib2html,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bib2html/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bib2html" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bic-media-4f0f10f376030e01ed907ee127ea7f81.yaml b/nuclei-templates/cve-less/plugins/bic-media-4f0f10f376030e01ed907ee127ea7f81.yaml new file mode 100644 index 0000000000..4b8c8b6e7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bic-media-4f0f10f376030e01ed907ee127ea7f81.yaml @@ -0,0 +1,58 @@ +id: bic-media-4f0f10f376030e01ed907ee127ea7f81 + +info: + name: > + BIC Media Widget <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/946bff00-32ff-4d9b-93e1-77e6ee4cd987?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bic-media/" + google-query: inurl:"/wp-content/plugins/bic-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bic-media,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bic-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bic-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bigbluebutton-985f213479d8daa64d5f4a16ef20cb10.yaml b/nuclei-templates/cve-less/plugins/bigbluebutton-985f213479d8daa64d5f4a16ef20cb10.yaml new file mode 100644 index 0000000000..07b38f5ad0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bigbluebutton-985f213479d8daa64d5f4a16ef20cb10.yaml @@ -0,0 +1,58 @@ +id: bigbluebutton-985f213479d8daa64d5f4a16ef20cb10 + +info: + name: > + BigBlueButton <= 3.0.0-beta.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c799ee5-d8ee-4aec-b9a5-f93c150de6bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bigbluebutton/" + google-query: inurl:"/wp-content/plugins/bigbluebutton/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bigbluebutton,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bigbluebutton/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bigbluebutton" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0-beta.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bigcommerce-a40fe25194e0ab57cda985c21cea16d8.yaml b/nuclei-templates/cve-less/plugins/bigcommerce-a40fe25194e0ab57cda985c21cea16d8.yaml new file mode 100644 index 0000000000..da86b284d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bigcommerce-a40fe25194e0ab57cda985c21cea16d8.yaml @@ -0,0 +1,58 @@ +id: bigcommerce-a40fe25194e0ab57cda985c21cea16d8 + +info: + name: > + BigCommerce <= 5.0.7 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3a7e0b6-dc6d-4e3a-bb05-12d6ace330df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bigcommerce/" + google-query: inurl:"/wp-content/plugins/bigcommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bigcommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bigcommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bigcommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bigcontact-307decab8c86de849610b37252ca6e15.yaml b/nuclei-templates/cve-less/plugins/bigcontact-307decab8c86de849610b37252ca6e15.yaml new file mode 100644 index 0000000000..9b8b52387e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bigcontact-307decab8c86de849610b37252ca6e15.yaml @@ -0,0 +1,58 @@ +id: bigcontact-307decab8c86de849610b37252ca6e15 + +info: + name: > + BigContact <= 1.5.8 - Cross-Site Request Forgery leading to Plugin Settings Updates + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0403adb-08c4-4697-a7d9-50e39d46cd43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bigcontact/" + google-query: inurl:"/wp-content/plugins/bigcontact/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bigcontact,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bigcontact/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bigcontact" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/billingo-cfe50efdb1ba541e0424c762743e3772.yaml b/nuclei-templates/cve-less/plugins/billingo-cfe50efdb1ba541e0424c762743e3772.yaml new file mode 100644 index 0000000000..766e29674b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/billingo-cfe50efdb1ba541e0424c762743e3772.yaml @@ -0,0 +1,58 @@ +id: billingo-cfe50efdb1ba541e0424c762743e3772 + +info: + name: > + Official Integration for Billingo <= 3.3.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37ea39bd-58c5-49f6-9956-8e0089e8192d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/billingo/" + google-query: inurl:"/wp-content/plugins/billingo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,billingo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/billingo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "billingo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bing-site-verification-using-meta-tag-bc281b421f8fff950362929962ab0019.yaml b/nuclei-templates/cve-less/plugins/bing-site-verification-using-meta-tag-bc281b421f8fff950362929962ab0019.yaml new file mode 100644 index 0000000000..13afd4cd65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bing-site-verification-using-meta-tag-bc281b421f8fff950362929962ab0019.yaml @@ -0,0 +1,58 @@ +id: bing-site-verification-using-meta-tag-bc281b421f8fff950362929962ab0019 + +info: + name: > + Binge Site Verification using Meta Tag <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b050fa45-05b7-49ff-bb24-179150f3f959?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bing-site-verification-using-meta-tag/" + google-query: inurl:"/wp-content/plugins/bing-site-verification-using-meta-tag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bing-site-verification-using-meta-tag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bing-site-verification-using-meta-tag/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bing-site-verification-using-meta-tag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bird-feeder-028571cd7473a719693f2daa6ec95f68.yaml b/nuclei-templates/cve-less/plugins/bird-feeder-028571cd7473a719693f2daa6ec95f68.yaml new file mode 100644 index 0000000000..855d6afa0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bird-feeder-028571cd7473a719693f2daa6ec95f68.yaml @@ -0,0 +1,58 @@ +id: bird-feeder-028571cd7473a719693f2daa6ec95f68 + +info: + name: > + Bird Feeder <= 1.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34728e7a-2242-49fe-a11f-77258e302bab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bird-feeder/" + google-query: inurl:"/wp-content/plugins/bird-feeder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bird-feeder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bird-feeder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bird-feeder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/birthdays-widget-c350cdbcabbf0c6c2cbe275725809f83.yaml b/nuclei-templates/cve-less/plugins/birthdays-widget-c350cdbcabbf0c6c2cbe275725809f83.yaml new file mode 100644 index 0000000000..a5d0c9fc3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/birthdays-widget-c350cdbcabbf0c6c2cbe275725809f83.yaml @@ -0,0 +1,58 @@ +id: birthdays-widget-c350cdbcabbf0c6c2cbe275725809f83 + +info: + name: > + Birthdays Widget <= 1.7.18 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d1e0423-a91b-4096-ad65-19e2d11cfea1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/birthdays-widget/" + google-query: inurl:"/wp-content/plugins/birthdays-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,birthdays-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/birthdays-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "birthdays-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bit-assist-2a0968e3dc51c0d6442ac11d19f9e211.yaml b/nuclei-templates/cve-less/plugins/bit-assist-2a0968e3dc51c0d6442ac11d19f9e211.yaml new file mode 100644 index 0000000000..418c5470e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bit-assist-2a0968e3dc51c0d6442ac11d19f9e211.yaml @@ -0,0 +1,58 @@ +id: bit-assist-2a0968e3dc51c0d6442ac11d19f9e211 + +info: + name: > + Bit Assist <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb88e629-6811-4651-99b9-7394e4a787b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bit-assist/" + google-query: inurl:"/wp-content/plugins/bit-assist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bit-assist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bit-assist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bit-assist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bit-assist-5ca89842f69cd4e87dbd74d08645e3d9.yaml b/nuclei-templates/cve-less/plugins/bit-assist-5ca89842f69cd4e87dbd74d08645e3d9.yaml new file mode 100644 index 0000000000..8a7f52e4a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bit-assist-5ca89842f69cd4e87dbd74d08645e3d9.yaml @@ -0,0 +1,58 @@ +id: bit-assist-5ca89842f69cd4e87dbd74d08645e3d9 + +info: + name: > + Bit Assist <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77a923d5-b73e-45cf-9617-09b4d5c8bb5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bit-assist/" + google-query: inurl:"/wp-content/plugins/bit-assist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bit-assist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bit-assist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bit-assist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bit-form-9d1eaa00002183482a2bac30ce7a0865.yaml b/nuclei-templates/cve-less/plugins/bit-form-9d1eaa00002183482a2bac30ce7a0865.yaml new file mode 100644 index 0000000000..c4d41a6051 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bit-form-9d1eaa00002183482a2bac30ce7a0865.yaml @@ -0,0 +1,58 @@ +id: bit-form-9d1eaa00002183482a2bac30ce7a0865 + +info: + name: > + Bit Form <= 1.8.1 - Unauthenticated Arbitrary File Upload to Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faa3f6ab-43d6-4874-b16e-93abbb4ba72e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bit-form/" + google-query: inurl:"/wp-content/plugins/bit-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bit-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bit-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bit-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bit-form-ec6c4566c5b89e861708c86d4c662f99.yaml b/nuclei-templates/cve-less/plugins/bit-form-ec6c4566c5b89e861708c86d4c662f99.yaml new file mode 100644 index 0000000000..aad3321d20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bit-form-ec6c4566c5b89e861708c86d4c662f99.yaml @@ -0,0 +1,58 @@ +id: bit-form-ec6c4566c5b89e861708c86d4c662f99 + +info: + name: > + Contact Form Builder by Bit Form <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cb6384a-f9dc-454c-be39-c2c681e57d36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bit-form/" + google-query: inurl:"/wp-content/plugins/bit-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bit-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bit-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bit-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bit-form-fc27afcbd3ffc5123db575382c98ea40.yaml b/nuclei-templates/cve-less/plugins/bit-form-fc27afcbd3ffc5123db575382c98ea40.yaml new file mode 100644 index 0000000000..27c9f8016b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bit-form-fc27afcbd3ffc5123db575382c98ea40.yaml @@ -0,0 +1,58 @@ +id: bit-form-fc27afcbd3ffc5123db575382c98ea40 + +info: + name: > + Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49ed7d6a-4a65-4efc-90e5-ffa5470d4011?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bit-form/" + google-query: inurl:"/wp-content/plugins/bit-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bit-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bit-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bit-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bitcoin-faucet-1ad3a36baf4c9ef732b67d8d092f21e4.yaml b/nuclei-templates/cve-less/plugins/bitcoin-faucet-1ad3a36baf4c9ef732b67d8d092f21e4.yaml new file mode 100644 index 0000000000..23994ccac0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bitcoin-faucet-1ad3a36baf4c9ef732b67d8d092f21e4.yaml @@ -0,0 +1,58 @@ +id: bitcoin-faucet-1ad3a36baf4c9ef732b67d8d092f21e4 + +info: + name: > + Bitcoin / Altcoin Faucet <= 1.6.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30f7a858-6caf-44c3-8fc9-476e9fa86543?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bitcoin-faucet/" + google-query: inurl:"/wp-content/plugins/bitcoin-faucet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bitcoin-faucet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bitcoin-faucet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bitcoin-faucet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/biteship-4952fa6645076ab711fade644ad856a2.yaml b/nuclei-templates/cve-less/plugins/biteship-4952fa6645076ab711fade644ad856a2.yaml new file mode 100644 index 0000000000..aa6b9a832e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/biteship-4952fa6645076ab711fade644ad856a2.yaml @@ -0,0 +1,58 @@ +id: biteship-4952fa6645076ab711fade644ad856a2 + +info: + name: > + Biteship <= 2.2.24 - Reflected Cross-Site Scripting via biteship_error and biteship_message + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0247ba6-d193-4b7d-969d-0cd239c57faa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/biteship/" + google-query: inurl:"/wp-content/plugins/biteship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,biteship,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/biteship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "biteship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/biteship-a18213c9c980e2ab86f946c3cc789f65.yaml b/nuclei-templates/cve-less/plugins/biteship-a18213c9c980e2ab86f946c3cc789f65.yaml new file mode 100644 index 0000000000..ce541b34b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/biteship-a18213c9c980e2ab86f946c3cc789f65.yaml @@ -0,0 +1,58 @@ +id: biteship-a18213c9c980e2ab86f946c3cc789f65 + +info: + name: > + Biteship <= 2.2.27 - Authenticated (Shop manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a78c46ac-22dd-48f2-a10b-016205f7e7fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/biteship/" + google-query: inurl:"/wp-content/plugins/biteship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,biteship,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/biteship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "biteship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bitpay-checkout-for-woocommerce-bb0ef31fb16bd70576b63c47a36e1c9e.yaml b/nuclei-templates/cve-less/plugins/bitpay-checkout-for-woocommerce-bb0ef31fb16bd70576b63c47a36e1c9e.yaml new file mode 100644 index 0000000000..be534a9118 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bitpay-checkout-for-woocommerce-bb0ef31fb16bd70576b63c47a36e1c9e.yaml @@ -0,0 +1,58 @@ +id: bitpay-checkout-for-woocommerce-bb0ef31fb16bd70576b63c47a36e1c9e + +info: + name: > + BitPay Checkout for WooCommerce <= 4.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea489c69-d4d9-4e05-8cac-25fd17d48506?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bitpay-checkout-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/bitpay-checkout-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bitpay-checkout-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bitpay-checkout-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bitpay-checkout-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bizcalendar-web-d5a1c9a6ee7e97f923697ab3631f023c.yaml b/nuclei-templates/cve-less/plugins/bizcalendar-web-d5a1c9a6ee7e97f923697ab3631f023c.yaml new file mode 100644 index 0000000000..e690983146 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bizcalendar-web-d5a1c9a6ee7e97f923697ab3631f023c.yaml @@ -0,0 +1,58 @@ +id: bizcalendar-web-d5a1c9a6ee7e97f923697ab3631f023c + +info: + name: > + BizCalendar Web <= 1.1.0.19 - Reflected Cross-Site Scripting via 'tab' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b76b12ed-1bb4-4aa9-ab9f-06084c667f40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bizcalendar-web/" + google-query: inurl:"/wp-content/plugins/bizcalendar-web/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bizcalendar-web,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bizcalendar-web/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bizcalendar-web" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bizlibrary-84478af058257dde74ad587387b8e0c5.yaml b/nuclei-templates/cve-less/plugins/bizlibrary-84478af058257dde74ad587387b8e0c5.yaml new file mode 100644 index 0000000000..a763bc08e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bizlibrary-84478af058257dde74ad587387b8e0c5.yaml @@ -0,0 +1,58 @@ +id: bizlibrary-84478af058257dde74ad587387b8e0c5 + +info: + name: > + BizLibrary <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee7513d9-e76c-4da4-919b-ba376f0c4022?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bizlibrary/" + google-query: inurl:"/wp-content/plugins/bizlibrary/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bizlibrary,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bizlibrary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bizlibrary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bj-lazy-load-2a10558db0160ae54882e46d43e98878.yaml b/nuclei-templates/cve-less/plugins/bj-lazy-load-2a10558db0160ae54882e46d43e98878.yaml new file mode 100644 index 0000000000..acfebc46ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bj-lazy-load-2a10558db0160ae54882e46d43e98878.yaml @@ -0,0 +1,58 @@ +id: bj-lazy-load-2a10558db0160ae54882e46d43e98878 + +info: + name: > + BJ Lazy Load < 1.0 - Remote File Inclusion via TimThumb + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/022f6239-67f2-4680-aeed-34c98c953bea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bj-lazy-load/" + google-query: inurl:"/wp-content/plugins/bj-lazy-load/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bj-lazy-load,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bj-lazy-load/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bj-lazy-load" + part: body + + - type: dsl + dsl: + - compare_versions(version, '0.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blackhole-bad-bots-d6d7d32a1720382a929420a5407cae07.yaml b/nuclei-templates/cve-less/plugins/blackhole-bad-bots-d6d7d32a1720382a929420a5407cae07.yaml new file mode 100644 index 0000000000..512cabea23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blackhole-bad-bots-d6d7d32a1720382a929420a5407cae07.yaml @@ -0,0 +1,58 @@ +id: blackhole-bad-bots-d6d7d32a1720382a929420a5407cae07 + +info: + name: > + Blackhole for Bad Bots <= 3.3.1 - Arbitrary IP Address Blocking via IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8447fa0-f994-4de3-b6e7-2fe61e06bed1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blackhole-bad-bots/" + google-query: inurl:"/wp-content/plugins/blackhole-bad-bots/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blackhole-bad-bots,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blackhole-bad-bots/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blackhole-bad-bots" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blaze-slide-show-for-wordpress-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/blaze-slide-show-for-wordpress-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..e73720b1e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blaze-slide-show-for-wordpress-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: blaze-slide-show-for-wordpress-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blaze-slide-show-for-wordpress/" + google-query: inurl:"/wp-content/plugins/blaze-slide-show-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blaze-slide-show-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blaze-slide-show-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blaze-slide-show-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/block-for-font-awesome-69676cf2f0074a9838e0f912aa1e46f1.yaml b/nuclei-templates/cve-less/plugins/block-for-font-awesome-69676cf2f0074a9838e0f912aa1e46f1.yaml new file mode 100644 index 0000000000..5589e53b1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/block-for-font-awesome-69676cf2f0074a9838e0f912aa1e46f1.yaml @@ -0,0 +1,58 @@ +id: block-for-font-awesome-69676cf2f0074a9838e0f912aa1e46f1 + +info: + name: > + Block for Font Awesome <= 1.4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d255ca7-37a5-4c1b-84be-356ae3900f7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/block-for-font-awesome/" + google-query: inurl:"/wp-content/plugins/block-for-font-awesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,block-for-font-awesome,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/block-for-font-awesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "block-for-font-awesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/block-options-009566ddcb125b1bb12196db82871dc9.yaml b/nuclei-templates/cve-less/plugins/block-options-009566ddcb125b1bb12196db82871dc9.yaml new file mode 100644 index 0000000000..711dcb4f8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/block-options-009566ddcb125b1bb12196db82871dc9.yaml @@ -0,0 +1,58 @@ +id: block-options-009566ddcb125b1bb12196db82871dc9 + +info: + name: > + EditorsKit <= 1.40.3 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4528f9a1-7027-4aa9-b006-bea84aa19c84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/block-options/" + google-query: inurl:"/wp-content/plugins/block-options/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,block-options,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/block-options/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "block-options" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.40.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/block-options-3b363f50f63e2252e93a4eaf65f7fc9e.yaml b/nuclei-templates/cve-less/plugins/block-options-3b363f50f63e2252e93a4eaf65f7fc9e.yaml new file mode 100644 index 0000000000..e1ae5106b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/block-options-3b363f50f63e2252e93a4eaf65f7fc9e.yaml @@ -0,0 +1,58 @@ +id: block-options-3b363f50f63e2252e93a4eaf65f7fc9e + +info: + name: > + EditorsKit <= 1.31.5 - Authenticated (Contributor+) Code Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0725c0ac-91a7-4359-b911-a450635b09bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/block-options/" + google-query: inurl:"/wp-content/plugins/block-options/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,block-options,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/block-options/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "block-options" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.31.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/block-options-b24d1d3e12abe16b131b78c39c76f1e6.yaml b/nuclei-templates/cve-less/plugins/block-options-b24d1d3e12abe16b131b78c39c76f1e6.yaml new file mode 100644 index 0000000000..3a23b63c0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/block-options-b24d1d3e12abe16b131b78c39c76f1e6.yaml @@ -0,0 +1,58 @@ +id: block-options-b24d1d3e12abe16b131b78c39c76f1e6 + +info: + name: > + Gutenberg Block Editor Toolkit – EditorsKit <= 1.40.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/814cce39-ef25-4d0f-b793-dca5c873f468?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/block-options/" + google-query: inurl:"/wp-content/plugins/block-options/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,block-options,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/block-options/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "block-options" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.40.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/block-referer-spam-a9d78c30300919411b59e3816f76e46c.yaml b/nuclei-templates/cve-less/plugins/block-referer-spam-a9d78c30300919411b59e3816f76e46c.yaml new file mode 100644 index 0000000000..8533763eb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/block-referer-spam-a9d78c30300919411b59e3816f76e46c.yaml @@ -0,0 +1,58 @@ +id: block-referer-spam-a9d78c30300919411b59e3816f76e46c + +info: + name: > + Block Referer Spam <= 1.1.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd97fba9-513b-46e1-9613-2f64c4272f34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/block-referer-spam/" + google-query: inurl:"/wp-content/plugins/block-referer-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,block-referer-spam,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/block-referer-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "block-referer-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/block-specific-plugin-updates-5d7f25544963dc4081c5c5f1f1e89a49.yaml b/nuclei-templates/cve-less/plugins/block-specific-plugin-updates-5d7f25544963dc4081c5c5f1f1e89a49.yaml new file mode 100644 index 0000000000..b67baf18d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/block-specific-plugin-updates-5d7f25544963dc4081c5c5f1f1e89a49.yaml @@ -0,0 +1,58 @@ +id: block-specific-plugin-updates-5d7f25544963dc4081c5c5f1f1e89a49 + +info: + name: > + Block Plugin Update <= 3.3.1 - Cross-Site Request Forgery via bspu_plugin_select.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a998de7-fa46-495c-a4ca-15df4e59457f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/block-specific-plugin-updates/" + google-query: inurl:"/wp-content/plugins/block-specific-plugin-updates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,block-specific-plugin-updates,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/block-specific-plugin-updates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "block-specific-plugin-updates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blockonomics-bitcoin-payments-8a9e3a258561fd11df73e03998dab8aa.yaml b/nuclei-templates/cve-less/plugins/blockonomics-bitcoin-payments-8a9e3a258561fd11df73e03998dab8aa.yaml new file mode 100644 index 0000000000..39f8557a2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blockonomics-bitcoin-payments-8a9e3a258561fd11df73e03998dab8aa.yaml @@ -0,0 +1,58 @@ +id: blockonomics-bitcoin-payments-8a9e3a258561fd11df73e03998dab8aa + +info: + name: > + WordPress Bitcoin Payments – Blockonomics <= 3.5.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67b14116-8708-401c-a037-4976a360256a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blockonomics-bitcoin-payments/" + google-query: inurl:"/wp-content/plugins/blockonomics-bitcoin-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blockonomics-bitcoin-payments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blockonomics-bitcoin-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blockonomics-bitcoin-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blocks-3d078edbe634b7f5d57ec87a78fa8d02.yaml b/nuclei-templates/cve-less/plugins/blocks-3d078edbe634b7f5d57ec87a78fa8d02.yaml new file mode 100644 index 0000000000..7296efbad9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blocks-3d078edbe634b7f5d57ec87a78fa8d02.yaml @@ -0,0 +1,58 @@ +id: blocks-3d078edbe634b7f5d57ec87a78fa8d02 + +info: + name: > + Blocks <= 1.6.42 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66925385-d89e-45c0-a87b-4ad4f7b89d60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blocks/" + google-query: inurl:"/wp-content/plugins/blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blocksy-companion-10dffc5e6c324ec1dc8ebf67decddde7.yaml b/nuclei-templates/cve-less/plugins/blocksy-companion-10dffc5e6c324ec1dc8ebf67decddde7.yaml new file mode 100644 index 0000000000..8fea28054f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blocksy-companion-10dffc5e6c324ec1dc8ebf67decddde7.yaml @@ -0,0 +1,58 @@ +id: blocksy-companion-10dffc5e6c324ec1dc8ebf67decddde7 + +info: + name: > + Blocksy Companion <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b937cbfb-d43c-4cda-b247-921661cbc0ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blocksy-companion/" + google-query: inurl:"/wp-content/plugins/blocksy-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blocksy-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blocksy-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blocksy-companion-388e6ad87200512eea2e328c413a87c2.yaml b/nuclei-templates/cve-less/plugins/blocksy-companion-388e6ad87200512eea2e328c413a87c2.yaml new file mode 100644 index 0000000000..1c642bd151 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blocksy-companion-388e6ad87200512eea2e328c413a87c2.yaml @@ -0,0 +1,58 @@ +id: blocksy-companion-388e6ad87200512eea2e328c413a87c2 + +info: + name: > + Blocksy Companion <= 1.8.81 - Authenticated(Subscriber+) Sensitive Information Exposure via blocksy_posts shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d31aad1c-89d4-4f71-bfed-a795f7a4f209?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blocksy-companion/" + google-query: inurl:"/wp-content/plugins/blocksy-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blocksy-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blocksy-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.81') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blocksy-companion-487e89618ab2c9b35b3c1576f9f20c5d.yaml b/nuclei-templates/cve-less/plugins/blocksy-companion-487e89618ab2c9b35b3c1576f9f20c5d.yaml new file mode 100644 index 0000000000..d54ac090ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blocksy-companion-487e89618ab2c9b35b3c1576f9f20c5d.yaml @@ -0,0 +1,58 @@ +id: blocksy-companion-487e89618ab2c9b35b3c1576f9f20c5d + +info: + name: > + Blocksy Companion <= 1.8.67 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e485949f-f48e-4a8c-b799-d1a41f36848c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blocksy-companion/" + google-query: inurl:"/wp-content/plugins/blocksy-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blocksy-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blocksy-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blocksy-companion-56a40035beb7c39c52fc3da1e76c20df.yaml b/nuclei-templates/cve-less/plugins/blocksy-companion-56a40035beb7c39c52fc3da1e76c20df.yaml new file mode 100644 index 0000000000..0825a415f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blocksy-companion-56a40035beb7c39c52fc3da1e76c20df.yaml @@ -0,0 +1,58 @@ +id: blocksy-companion-56a40035beb7c39c52fc3da1e76c20df + +info: + name: > + Blocksy Companion <= 2.0.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG Uploads + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5208529c-4ac3-42a4-82d0-7f4d2e486236?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blocksy-companion/" + google-query: inurl:"/wp-content/plugins/blocksy-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blocksy-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blocksy-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.45') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blocksy-companion-a84b51b86b24a12fc85c3fc5e41345c9.yaml b/nuclei-templates/cve-less/plugins/blocksy-companion-a84b51b86b24a12fc85c3fc5e41345c9.yaml new file mode 100644 index 0000000000..8cbb12e7bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blocksy-companion-a84b51b86b24a12fc85c3fc5e41345c9.yaml @@ -0,0 +1,58 @@ +id: blocksy-companion-a84b51b86b24a12fc85c3fc5e41345c9 + +info: + name: > + Blocksy Companion <= 2.0.28 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb15611-85a4-4efb-81e5-7352c348c4a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blocksy-companion/" + google-query: inurl:"/wp-content/plugins/blocksy-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blocksy-companion,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blocksy-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog-designer-for-post-and-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/blog-designer-for-post-and-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..f757b2e492 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog-designer-for-post-and-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: blog-designer-for-post-and-widget-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog-designer-for-post-and-widget/" + google-query: inurl:"/wp-content/plugins/blog-designer-for-post-and-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog-designer-for-post-and-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog-designer-for-post-and-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog-designer-for-post-and-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog-designer-for-post-and-widget-c371054500c25911223fb4e88ae17274.yaml b/nuclei-templates/cve-less/plugins/blog-designer-for-post-and-widget-c371054500c25911223fb4e88ae17274.yaml new file mode 100644 index 0000000000..ba888f860e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog-designer-for-post-and-widget-c371054500c25911223fb4e88ae17274.yaml @@ -0,0 +1,58 @@ +id: blog-designer-for-post-and-widget-c371054500c25911223fb4e88ae17274 + +info: + name: > + Blog Designer - Post and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64694d30-a780-4655-9a65-af1cfa542ccc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog-designer-for-post-and-widget/" + google-query: inurl:"/wp-content/plugins/blog-designer-for-post-and-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog-designer-for-post-and-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog-designer-for-post-and-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog-designer-for-post-and-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog-designer-pack-940c3e462fa88340681bbbfe05c2ceb9.yaml b/nuclei-templates/cve-less/plugins/blog-designer-pack-940c3e462fa88340681bbbfe05c2ceb9.yaml new file mode 100644 index 0000000000..fae4b9d9f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog-designer-pack-940c3e462fa88340681bbbfe05c2ceb9.yaml @@ -0,0 +1,58 @@ +id: blog-designer-pack-940c3e462fa88340681bbbfe05c2ceb9 + +info: + name: > + News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Remote Code Execution via Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2bdf11-401a-48af-b1dc-aeeb40b9a384?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog-designer-pack/" + google-query: inurl:"/wp-content/plugins/blog-designer-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog-designer-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog-designer-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog-designer-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog-designer-pack-95eff066a45135b12edbc92f481f5d74.yaml b/nuclei-templates/cve-less/plugins/blog-designer-pack-95eff066a45135b12edbc92f481f5d74.yaml new file mode 100644 index 0000000000..c30cb621dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog-designer-pack-95eff066a45135b12edbc92f481f5d74.yaml @@ -0,0 +1,58 @@ +id: blog-designer-pack-95eff066a45135b12edbc92f481f5d74 + +info: + name: > + News & Blog Designer Pack <= 3.2 - Authenticated (Contributor+) Stored Cross-Site SQcripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c021296-e0e8-481d-a46d-a97934492857?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog-designer-pack/" + google-query: inurl:"/wp-content/plugins/blog-designer-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog-designer-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog-designer-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog-designer-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog-filter-0fe998643673fbc89bdce1d6f1c4acbf.yaml b/nuclei-templates/cve-less/plugins/blog-filter-0fe998643673fbc89bdce1d6f1c4acbf.yaml new file mode 100644 index 0000000000..b25f1ab87e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog-filter-0fe998643673fbc89bdce1d6f1c4acbf.yaml @@ -0,0 +1,58 @@ +id: blog-filter-0fe998643673fbc89bdce1d6f1c4acbf + +info: + name: > + Blog Filter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b95c1bf7-bb05-44d3-a185-7e38e62b7201?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog-filter/" + google-query: inurl:"/wp-content/plugins/blog-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog-floating-button-5dd5fb8b74d5846a17aa6d905d9963d8.yaml b/nuclei-templates/cve-less/plugins/blog-floating-button-5dd5fb8b74d5846a17aa6d905d9963d8.yaml new file mode 100644 index 0000000000..ade0c87192 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog-floating-button-5dd5fb8b74d5846a17aa6d905d9963d8.yaml @@ -0,0 +1,58 @@ +id: blog-floating-button-5dd5fb8b74d5846a17aa6d905d9963d8 + +info: + name: > + Blog Floating Button <= 1.4.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ba56b4c-0573-4911-97a4-a51e867daa75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog-floating-button/" + google-query: inurl:"/wp-content/plugins/blog-floating-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog-floating-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog-floating-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog-floating-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog-in-blog-97602b372ac2dff313ee6b7601be8c2a.yaml b/nuclei-templates/cve-less/plugins/blog-in-blog-97602b372ac2dff313ee6b7601be8c2a.yaml new file mode 100644 index 0000000000..8621180055 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog-in-blog-97602b372ac2dff313ee6b7601be8c2a.yaml @@ -0,0 +1,58 @@ +id: blog-in-blog-97602b372ac2dff313ee6b7601be8c2a + +info: + name: > + Blog-in-Blog <= 1.1.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c6a88c3-18b7-470f-8014-373ead66dcfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog-in-blog/" + google-query: inurl:"/wp-content/plugins/blog-in-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog-in-blog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog-in-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog-in-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog-in-blog-e95a6a45d70dd7149f957cc2dea209d3.yaml b/nuclei-templates/cve-less/plugins/blog-in-blog-e95a6a45d70dd7149f957cc2dea209d3.yaml new file mode 100644 index 0000000000..35fb5633e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog-in-blog-e95a6a45d70dd7149f957cc2dea209d3.yaml @@ -0,0 +1,58 @@ +id: blog-in-blog-e95a6a45d70dd7149f957cc2dea209d3 + +info: + name: > + Blog-in-Blog <= 1.1.1 - Authenticated (Editor+) Local File Inclusion via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d53161ad-cc5f-4433-b288-a8095cdfd7db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog-in-blog/" + google-query: inurl:"/wp-content/plugins/blog-in-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog-in-blog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog-in-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog-in-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog-manager-light-2091e63be6d7dbb4cc291d8c18478150.yaml b/nuclei-templates/cve-less/plugins/blog-manager-light-2091e63be6d7dbb4cc291d8c18478150.yaml new file mode 100644 index 0000000000..0e55f872b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog-manager-light-2091e63be6d7dbb4cc291d8c18478150.yaml @@ -0,0 +1,58 @@ +id: blog-manager-light-2091e63be6d7dbb4cc291d8c18478150 + +info: + name: > + Blog Manager Light <= 1.20 - Cross-Site Request Forgery via bml_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38307432-399e-4887-867c-9eb2a0d90d70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog-manager-light/" + google-query: inurl:"/wp-content/plugins/blog-manager-light/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog-manager-light,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog-manager-light/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog-manager-light" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog2social-0e2341ee2d418b0b91267b97433b22e1.yaml b/nuclei-templates/cve-less/plugins/blog2social-0e2341ee2d418b0b91267b97433b22e1.yaml new file mode 100644 index 0000000000..b8c097f1b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog2social-0e2341ee2d418b0b91267b97433b22e1.yaml @@ -0,0 +1,58 @@ +id: blog2social-0e2341ee2d418b0b91267b97433b22e1 + +info: + name: > + Blog2Social: Social Media Auto Post & Scheduler <= 7.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a00147db-2ca5-4290-ae13-27be6119b751?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog2social/" + google-query: inurl:"/wp-content/plugins/blog2social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog2social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog2social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog2social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog2social-21019b02ab939e1588f34c6a653e9f06.yaml b/nuclei-templates/cve-less/plugins/blog2social-21019b02ab939e1588f34c6a653e9f06.yaml new file mode 100644 index 0000000000..d020b5e555 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog2social-21019b02ab939e1588f34c6a653e9f06.yaml @@ -0,0 +1,58 @@ +id: blog2social-21019b02ab939e1588f34c6a653e9f06 + +info: + name: > + Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog2social/" + google-query: inurl:"/wp-content/plugins/blog2social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog2social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog2social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog2social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog2social-3fd3ad86b8b959b5f946903b7447c084.yaml b/nuclei-templates/cve-less/plugins/blog2social-3fd3ad86b8b959b5f946903b7447c084.yaml new file mode 100644 index 0000000000..2ce9d86d4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog2social-3fd3ad86b8b959b5f946903b7447c084.yaml @@ -0,0 +1,58 @@ +id: blog2social-3fd3ad86b8b959b5f946903b7447c084 + +info: + name: > + Blog2Social: Social Media Auto Post & Scheduler <= 5.5.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b5e5b0a-dd6a-401f-86db-940b3386ed21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog2social/" + google-query: inurl:"/wp-content/plugins/blog2social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog2social,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog2social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog2social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog2social-5b5598cebbb5b08b875d9ea03d9a72bc.yaml b/nuclei-templates/cve-less/plugins/blog2social-5b5598cebbb5b08b875d9ea03d9a72bc.yaml new file mode 100644 index 0000000000..488f150921 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog2social-5b5598cebbb5b08b875d9ea03d9a72bc.yaml @@ -0,0 +1,58 @@ +id: blog2social-5b5598cebbb5b08b875d9ea03d9a72bc + +info: + name: > + Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6de73c31-a58d-41d9-aaed-2d7853ad1f25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog2social/" + google-query: inurl:"/wp-content/plugins/blog2social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog2social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog2social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog2social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog2social-73117910b29a1c368fce71745504290c.yaml b/nuclei-templates/cve-less/plugins/blog2social-73117910b29a1c368fce71745504290c.yaml new file mode 100644 index 0000000000..cd8e59b58a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog2social-73117910b29a1c368fce71745504290c.yaml @@ -0,0 +1,58 @@ +id: blog2social-73117910b29a1c368fce71745504290c + +info: + name: > + Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2812b31d-11c0-4efe-95e2-ea713293dad1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog2social/" + google-query: inurl:"/wp-content/plugins/blog2social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog2social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog2social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog2social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog2social-763aed0421435f4023b6ace21a8f066e.yaml b/nuclei-templates/cve-less/plugins/blog2social-763aed0421435f4023b6ace21a8f066e.yaml new file mode 100644 index 0000000000..f03f164d0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog2social-763aed0421435f4023b6ace21a8f066e.yaml @@ -0,0 +1,58 @@ +id: blog2social-763aed0421435f4023b6ace21a8f066e + +info: + name: > + Blog2Social: Social Media Auto Post & Scheduler < 5.9.0 - Reflected Cross-Site Scripting via b2s_id Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81108abb-69e5-4571-8209-484b4b0f5617?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog2social/" + google-query: inurl:"/wp-content/plugins/blog2social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog2social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog2social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog2social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog2social-98ef59566a56f0d321854bb5454562cb.yaml b/nuclei-templates/cve-less/plugins/blog2social-98ef59566a56f0d321854bb5454562cb.yaml new file mode 100644 index 0000000000..bf3c10c725 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog2social-98ef59566a56f0d321854bb5454562cb.yaml @@ -0,0 +1,58 @@ +id: blog2social-98ef59566a56f0d321854bb5454562cb + +info: + name: > + Blog2Social <= 6.8.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7817f343-1ed6-4b76-afbe-1054de892422?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog2social/" + google-query: inurl:"/wp-content/plugins/blog2social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog2social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog2social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog2social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog2social-bd94973d379cdc38fafbad6fbe8d2f5c.yaml b/nuclei-templates/cve-less/plugins/blog2social-bd94973d379cdc38fafbad6fbe8d2f5c.yaml new file mode 100644 index 0000000000..9085224110 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog2social-bd94973d379cdc38fafbad6fbe8d2f5c.yaml @@ -0,0 +1,58 @@ +id: blog2social-bd94973d379cdc38fafbad6fbe8d2f5c + +info: + name: > + Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2dea1bcb-14c2-4ec9-8a4d-087bac2db486?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog2social/" + google-query: inurl:"/wp-content/plugins/blog2social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog2social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog2social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog2social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog2social-cefe6e830adb746b2199d03b92e9b0d3.yaml b/nuclei-templates/cve-less/plugins/blog2social-cefe6e830adb746b2199d03b92e9b0d3.yaml new file mode 100644 index 0000000000..6de230009c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog2social-cefe6e830adb746b2199d03b92e9b0d3.yaml @@ -0,0 +1,58 @@ +id: blog2social-cefe6e830adb746b2199d03b92e9b0d3 + +info: + name: > + Blog2Social <= 6.9.9 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25baf78e-e9bc-421b-8a66-9571ac3625c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog2social/" + google-query: inurl:"/wp-content/plugins/blog2social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog2social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog2social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog2social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blog2social-edba2b974302ba40bc2fe3d88269ff10.yaml b/nuclei-templates/cve-less/plugins/blog2social-edba2b974302ba40bc2fe3d88269ff10.yaml new file mode 100644 index 0000000000..6d19ecd1d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blog2social-edba2b974302ba40bc2fe3d88269ff10.yaml @@ -0,0 +1,58 @@ +id: blog2social-edba2b974302ba40bc2fe3d88269ff10 + +info: + name: > + Blog2Social: Social Media Auto Post & Scheduler <= 5.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3dccecb-893c-4746-9047-5c32ca227508?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blog2social/" + google-query: inurl:"/wp-content/plugins/blog2social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blog2social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blog2social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blog2social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blogger-importer-86bf587683902d78762ff4957c96a94c.yaml b/nuclei-templates/cve-less/plugins/blogger-importer-86bf587683902d78762ff4957c96a94c.yaml new file mode 100644 index 0000000000..7cce2265ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blogger-importer-86bf587683902d78762ff4957c96a94c.yaml @@ -0,0 +1,58 @@ +id: blogger-importer-86bf587683902d78762ff4957c96a94c + +info: + name: > + Blogger Importer <= 0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2c702a5-8677-49f3-8824-1e8345ff54ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blogger-importer/" + google-query: inurl:"/wp-content/plugins/blogger-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blogger-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blogger-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blogger-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blogstand-smart-banner-6ccf09aa4f6f92564c1ba185250a9b6d.yaml b/nuclei-templates/cve-less/plugins/blogstand-smart-banner-6ccf09aa4f6f92564c1ba185250a9b6d.yaml new file mode 100644 index 0000000000..89f76f60c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blogstand-smart-banner-6ccf09aa4f6f92564c1ba185250a9b6d.yaml @@ -0,0 +1,58 @@ +id: blogstand-smart-banner-6ccf09aa4f6f92564c1ba185250a9b6d + +info: + name: > + Blogstand Banner <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9224b37-d6ce-4847-afb0-9a42c9fa665c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blogstand-smart-banner/" + google-query: inurl:"/wp-content/plugins/blogstand-smart-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blogstand-smart-banner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blogstand-smart-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blogstand-smart-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bloom-a2b478ab05dc0dd0616e45e762ef893a.yaml b/nuclei-templates/cve-less/plugins/bloom-a2b478ab05dc0dd0616e45e762ef893a.yaml new file mode 100644 index 0000000000..8e35d96113 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bloom-a2b478ab05dc0dd0616e45e762ef893a.yaml @@ -0,0 +1,58 @@ +id: bloom-a2b478ab05dc0dd0616e45e762ef893a + +info: + name: > + Elegant Themes Monarch < 1.2.7 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0195bddf-eafe-45f2-9424-ffa235d9b4dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bloom/" + google-query: inurl:"/wp-content/plugins/bloom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bloom,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bloom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bloom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bloom-a6745ab870958e9a36acad5aaba242da.yaml b/nuclei-templates/cve-less/plugins/bloom-a6745ab870958e9a36acad5aaba242da.yaml new file mode 100644 index 0000000000..def487f112 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bloom-a6745ab870958e9a36acad5aaba242da.yaml @@ -0,0 +1,58 @@ +id: bloom-a6745ab870958e9a36acad5aaba242da + +info: + name: > + Bloom Email Opt-In < 1.1.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d015c7d-bace-4d00-8ba5-1c85acb08d57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bloom/" + google-query: inurl:"/wp-content/plugins/bloom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bloom,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bloom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bloom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blossom-recipe-maker-d5a23abb517a497649fa5fae9ebed1d6.yaml b/nuclei-templates/cve-less/plugins/blossom-recipe-maker-d5a23abb517a497649fa5fae9ebed1d6.yaml new file mode 100644 index 0000000000..0eca302021 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blossom-recipe-maker-d5a23abb517a497649fa5fae9ebed1d6.yaml @@ -0,0 +1,58 @@ +id: blossom-recipe-maker-d5a23abb517a497649fa5fae9ebed1d6 + +info: + name: > + Blossom Recipe Maker <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66c0a19a-d94f-4de0-85a8-de7c7e489e33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blossom-recipe-maker/" + google-query: inurl:"/wp-content/plugins/blossom-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blossom-recipe-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blossom-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blossom-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blossomthemes-email-newsletter-9c222eb6bd53905ec6dff84bf0b52c03.yaml b/nuclei-templates/cve-less/plugins/blossomthemes-email-newsletter-9c222eb6bd53905ec6dff84bf0b52c03.yaml new file mode 100644 index 0000000000..b9c449473d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blossomthemes-email-newsletter-9c222eb6bd53905ec6dff84bf0b52c03.yaml @@ -0,0 +1,58 @@ +id: blossomthemes-email-newsletter-9c222eb6bd53905ec6dff84bf0b52c03 + +info: + name: > + BlossomThemes Email Newsletter <= 2.2.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e98b763-29b9-435d-a436-d4df64234b4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blossomthemes-email-newsletter/" + google-query: inurl:"/wp-content/plugins/blossomthemes-email-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blossomthemes-email-newsletter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blossomthemes-email-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blossomthemes-email-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blue-admin-2eb580b3f81928dc01b4da13b3317526.yaml b/nuclei-templates/cve-less/plugins/blue-admin-2eb580b3f81928dc01b4da13b3317526.yaml new file mode 100644 index 0000000000..f093f1e9ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blue-admin-2eb580b3f81928dc01b4da13b3317526.yaml @@ -0,0 +1,58 @@ +id: blue-admin-2eb580b3f81928dc01b4da13b3317526 + +info: + name: > + Blue Admin <= 21.06.01 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d79ebec-2a80-4b9a-b6d3-f3e9be30047a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blue-admin/" + google-query: inurl:"/wp-content/plugins/blue-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blue-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blue-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blue-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.06.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blue-triad-ezanalytics-5427934b8eab07d0d5e4f82f464ce7f4.yaml b/nuclei-templates/cve-less/plugins/blue-triad-ezanalytics-5427934b8eab07d0d5e4f82f464ce7f4.yaml new file mode 100644 index 0000000000..c76d561482 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blue-triad-ezanalytics-5427934b8eab07d0d5e4f82f464ce7f4.yaml @@ -0,0 +1,58 @@ +id: blue-triad-ezanalytics-5427934b8eab07d0d5e4f82f464ce7f4 + +info: + name: > + Blue Triad EZAnalytics <= 1.0 - Reflected Cross-Site Scripting via 'bt_webid' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cae2bb8-33e7-47b0-861d-b976a67660ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blue-triad-ezanalytics/" + google-query: inurl:"/wp-content/plugins/blue-triad-ezanalytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blue-triad-ezanalytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blue-triad-ezanalytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blue-triad-ezanalytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/blue-wrench-videos-widget-683c8ae1178fe6f9d3ed4e7dea6abbfa.yaml b/nuclei-templates/cve-less/plugins/blue-wrench-videos-widget-683c8ae1178fe6f9d3ed4e7dea6abbfa.yaml new file mode 100644 index 0000000000..b50d0306be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/blue-wrench-videos-widget-683c8ae1178fe6f9d3ed4e7dea6abbfa.yaml @@ -0,0 +1,58 @@ +id: blue-wrench-videos-widget-683c8ae1178fe6f9d3ed4e7dea6abbfa + +info: + name: > + Blue Wrench Video Widget < 2.0.0 - Cross-Site Request Forgery and to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b540fed-e358-485f-8c12-f2241078459a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/blue-wrench-videos-widget/" + google-query: inurl:"/wp-content/plugins/blue-wrench-videos-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,blue-wrench-videos-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/blue-wrench-videos-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blue-wrench-videos-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bluet-keywords-tooltip-generator-7485636761a29a7581b6c5a9a59a849c.yaml b/nuclei-templates/cve-less/plugins/bluet-keywords-tooltip-generator-7485636761a29a7581b6c5a9a59a849c.yaml new file mode 100644 index 0000000000..583ab44537 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bluet-keywords-tooltip-generator-7485636761a29a7581b6c5a9a59a849c.yaml @@ -0,0 +1,58 @@ +id: bluet-keywords-tooltip-generator-7485636761a29a7581b6c5a9a59a849c + +info: + name: > + Tooltipy (tooltips for WP) <= 5.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04a79c2c-8178-4311-9c1f-f4eb5128dec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bluet-keywords-tooltip-generator/" + google-query: inurl:"/wp-content/plugins/bluet-keywords-tooltip-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bluet-keywords-tooltip-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bluet-keywords-tooltip-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bluet-keywords-tooltip-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bluet-keywords-tooltip-generator-89c277020720d7e5b4106e25f34686a0.yaml b/nuclei-templates/cve-less/plugins/bluet-keywords-tooltip-generator-89c277020720d7e5b4106e25f34686a0.yaml new file mode 100644 index 0000000000..6eca607dd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bluet-keywords-tooltip-generator-89c277020720d7e5b4106e25f34686a0.yaml @@ -0,0 +1,58 @@ +id: bluet-keywords-tooltip-generator-89c277020720d7e5b4106e25f34686a0 + +info: + name: > + Tooltipy < 5.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7c37c4e-7a01-447c-a1d5-595c2012eb8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bluet-keywords-tooltip-generator/" + google-query: inurl:"/wp-content/plugins/bluet-keywords-tooltip-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bluet-keywords-tooltip-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bluet-keywords-tooltip-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bluet-keywords-tooltip-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bmi-adultkid-calculator-3e4297109cfe1e3292757dea8d3ced9f.yaml b/nuclei-templates/cve-less/plugins/bmi-adultkid-calculator-3e4297109cfe1e3292757dea8d3ced9f.yaml new file mode 100644 index 0000000000..7acaf144b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bmi-adultkid-calculator-3e4297109cfe1e3292757dea8d3ced9f.yaml @@ -0,0 +1,58 @@ +id: bmi-adultkid-calculator-3e4297109cfe1e3292757dea8d3ced9f + +info: + name: > + BMI Adult & Kid Calculator <= 1.2.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed494a5a-2edf-43c9-a88a-331448c4e6d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bmi-adultkid-calculator/" + google-query: inurl:"/wp-content/plugins/bmi-adultkid-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bmi-adultkid-calculator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bmi-adultkid-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bmi-adultkid-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bmi-bmr-calculator-08456b78a7e27d7a315067ad64f8b5ca.yaml b/nuclei-templates/cve-less/plugins/bmi-bmr-calculator-08456b78a7e27d7a315067ad64f8b5ca.yaml new file mode 100644 index 0000000000..ced7778f94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bmi-bmr-calculator-08456b78a7e27d7a315067ad64f8b5ca.yaml @@ -0,0 +1,58 @@ +id: bmi-bmr-calculator-08456b78a7e27d7a315067ad64f8b5ca + +info: + name: > + BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e262772-06b7-4490-a342-5b1abc421b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bmi-bmr-calculator/" + google-query: inurl:"/wp-content/plugins/bmi-bmr-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bmi-bmr-calculator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bmi-bmr-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bmi-bmr-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bmi-calculator-shortcode-0d15cc8e701957684f6f3b30c5023ccf.yaml b/nuclei-templates/cve-less/plugins/bmi-calculator-shortcode-0d15cc8e701957684f6f3b30c5023ccf.yaml new file mode 100644 index 0000000000..eaa4350188 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bmi-calculator-shortcode-0d15cc8e701957684f6f3b30c5023ccf.yaml @@ -0,0 +1,58 @@ +id: bmi-calculator-shortcode-0d15cc8e701957684f6f3b30c5023ccf + +info: + name: > + BMI Calculator Plugin <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bf0e224-d8c7-4bf9-b9a3-97545da9d90c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bmi-calculator-shortcode/" + google-query: inurl:"/wp-content/plugins/bmi-calculator-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bmi-calculator-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bmi-calculator-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bmi-calculator-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bne-testimonials-aec5b406433b53e4f92df5e66d0bb478.yaml b/nuclei-templates/cve-less/plugins/bne-testimonials-aec5b406433b53e4f92df5e66d0bb478.yaml new file mode 100644 index 0000000000..9143a3ed93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bne-testimonials-aec5b406433b53e4f92df5e66d0bb478.yaml @@ -0,0 +1,58 @@ +id: bne-testimonials-aec5b406433b53e4f92df5e66d0bb478 + +info: + name: > + BNE Testimonials <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6c93ec9-668d-4b8d-abc4-edd04cbf9839?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bne-testimonials/" + google-query: inurl:"/wp-content/plugins/bne-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bne-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bne-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bne-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bnfw-659d041771a16c5c0a237cb39f903338.yaml b/nuclei-templates/cve-less/plugins/bnfw-659d041771a16c5c0a237cb39f903338.yaml new file mode 100644 index 0000000000..70dda02e70 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bnfw-659d041771a16c5c0a237cb39f903338.yaml @@ -0,0 +1,58 @@ +id: bnfw-659d041771a16c5c0a237cb39f903338 + +info: + name: > + Better Notifications for WP <= 1.8.6 - Email Address Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c675f883-7e6f-43c3-a901-82ed2d2b3772?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bnfw/" + google-query: inurl:"/wp-content/plugins/bnfw/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bnfw,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bnfw/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bnfw" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bnfw-8eba613f6cf1178ae1e4bc455157c83a.yaml b/nuclei-templates/cve-less/plugins/bnfw-8eba613f6cf1178ae1e4bc455157c83a.yaml new file mode 100644 index 0000000000..bf236d8b8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bnfw-8eba613f6cf1178ae1e4bc455157c83a.yaml @@ -0,0 +1,58 @@ +id: bnfw-8eba613f6cf1178ae1e4bc455157c83a + +info: + name: > + Better Notifications for WP <= 1.9.2 - Cross-Site Request Forgery via handle_actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ddabda2-1e27-4b87-b643-b0166112a890?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bnfw/" + google-query: inurl:"/wp-content/plugins/bnfw/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bnfw,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bnfw/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bnfw" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/boilerplate-extension-6d4992572a9f9bd5311ba2254f8b32c1.yaml b/nuclei-templates/cve-less/plugins/boilerplate-extension-6d4992572a9f9bd5311ba2254f8b32c1.yaml new file mode 100644 index 0000000000..294972b78d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/boilerplate-extension-6d4992572a9f9bd5311ba2254f8b32c1.yaml @@ -0,0 +1,58 @@ +id: boilerplate-extension-6d4992572a9f9bd5311ba2254f8b32c1 + +info: + name: > + MainWP Boilerplate Extension <= 4.1 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cad4c72d-9374-410a-91b7-5e9aff01738b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/boilerplate-extension/" + google-query: inurl:"/wp-content/plugins/boilerplate-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,boilerplate-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/boilerplate-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "boilerplate-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-005e163e7b395198e1ed48634c687240.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-005e163e7b395198e1ed48634c687240.yaml new file mode 100644 index 0000000000..2a70f4ea28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-005e163e7b395198e1ed48634c687240.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-005e163e7b395198e1ed48634c687240 + +info: + name: > + Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e166a7db-45f7-4a0d-9966-dbec9ade204a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-1c83761e8850a90348fc378dc1547a09.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-1c83761e8850a90348fc378dc1547a09.yaml new file mode 100644 index 0000000000..c82746f4d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-1c83761e8850a90348fc378dc1547a09.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-1c83761e8850a90348fc378dc1547a09 + +info: + name: > + Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/650b5677-7c70-415f-81bf-12514393e4c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-2109981df34c3c3e10e9a3ff3ab51437.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-2109981df34c3c3e10e9a3ff3ab51437.yaml new file mode 100644 index 0000000000..cb3e95ac95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-2109981df34c3c3e10e9a3ff3ab51437.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-2109981df34c3c3e10e9a3ff3ab51437 + +info: + name: > + Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Raw Content + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e71386ea-0546-4aa7-b77a-e1824e80accc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-48cb8d5c20069dd21ff6f85ee4f57b84.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-48cb8d5c20069dd21ff6f85ee4f57b84.yaml new file mode 100644 index 0000000000..f4977cbc6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-48cb8d5c20069dd21ff6f85ee4f57b84.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-48cb8d5c20069dd21ff6f85ee4f57b84 + +info: + name: > + Bold Page Builder <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c99f70b-77a6-4bd7-99b1-ad4ec76d50c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-5289bbf92c9bdc3c3c0e4f0086563240.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-5289bbf92c9bdc3c3c0e4f0086563240.yaml new file mode 100644 index 0000000000..3d6f0f5bf9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-5289bbf92c9bdc3c3c0e4f0086563240.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-5289bbf92c9bdc3c3c0e4f0086563240 + +info: + name: > + Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21fed5a3-1bb2-4581-95b4-badff98bed42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-5b50680d973f4b29013f914d7a1b34f3.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-5b50680d973f4b29013f914d7a1b34f3.yaml new file mode 100644 index 0000000000..63325d4d79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-5b50680d973f4b29013f914d7a1b34f3.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-5b50680d973f4b29013f914d7a1b34f3 + +info: + name: > + Bold Page Builder <= 3.1.5 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09ac96f8-e138-48fe-bd95-5356fc222004?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-7f9f186670238d7e784b2f81e1301181.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-7f9f186670238d7e784b2f81e1301181.yaml new file mode 100644 index 0000000000..26de110377 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-7f9f186670238d7e784b2f81e1301181.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-7f9f186670238d7e784b2f81e1301181 + +info: + name: > + Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via "Price List" Element + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cc4a67b-81fa-4ef6-9167-eab5cb9002ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-7fcbda1cfae66ee74a18ccdfe4753dbb.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-7fcbda1cfae66ee74a18ccdfe4753dbb.yaml new file mode 100644 index 0000000000..2364e3eaf7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-7fcbda1cfae66ee74a18ccdfe4753dbb.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-7fcbda1cfae66ee74a18ccdfe4753dbb + +info: + name: > + Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eed667d2-e53e-47b9-8012-2b9b46022f3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-8b94055b335b8fd181b35e0e5b73b692.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-8b94055b335b8fd181b35e0e5b73b692.yaml new file mode 100644 index 0000000000..d97a99df60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-8b94055b335b8fd181b35e0e5b73b692.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-8b94055b335b8fd181b35e0e5b73b692 + +info: + name: > + Bold Page Builder <= 4.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via class + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46e53bf4-49af-45d8-b672-1f9b2f2dd91f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-8e1e2ed917edbc0807da4afd84ddc7ed.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-8e1e2ed917edbc0807da4afd84ddc7ed.yaml new file mode 100644 index 0000000000..09a5cd3c12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-8e1e2ed917edbc0807da4afd84ddc7ed.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-8e1e2ed917edbc0807da4afd84ddc7ed + +info: + name: > + Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Separator Element + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2db39ae2-6c44-4a4c-84de-9b7041bece37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-9f377f95856b4156effc9e05a81da19a.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-9f377f95856b4156effc9e05a81da19a.yaml new file mode 100644 index 0000000000..eb3747276d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-9f377f95856b4156effc9e05a81da19a.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-9f377f95856b4156effc9e05a81da19a + +info: + name: > + Bold Page Builder <= 2.3.1 - Missing Authorization to Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/684b0166-56fc-433f-ae34-0ff5071e7f05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-b332e32a470aff42684e131c72a2c94a.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-b332e32a470aff42684e131c72a2c94a.yaml new file mode 100644 index 0000000000..408a0d1ef8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-b332e32a470aff42684e131c72a2c94a.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-b332e32a470aff42684e131c72a2c94a + +info: + name: > + Bold Page Builder <= 4.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e25a0df-c548-45d0-8672-c35fbc71e0c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-dd7568e4d3ea5ea32920ba4a6563336b.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-dd7568e4d3ea5ea32920ba4a6563336b.yaml new file mode 100644 index 0000000000..0a6fd59d6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-dd7568e4d3ea5ea32920ba4a6563336b.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-dd7568e4d3ea5ea32920ba4a6563336b + +info: + name: > + Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86cf664f-5de1-4692-96b3-2fd8ae35110b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-page-builder-e2f4a51da7010a4270e848488a346f79.yaml b/nuclei-templates/cve-less/plugins/bold-page-builder-e2f4a51da7010a4270e848488a346f79.yaml new file mode 100644 index 0000000000..0abbdad79b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-page-builder-e2f4a51da7010a4270e848488a346f79.yaml @@ -0,0 +1,58 @@ +id: bold-page-builder-e2f4a51da7010a4270e848488a346f79 + +info: + name: > + Bold Page Builder <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/818d3418-8e14-49b9-a112-8eab9eb3c283?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-page-builder/" + google-query: inurl:"/wp-content/plugins/bold-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-timeline-lite-263cb8027fbba6881585c49ec8985e2c.yaml b/nuclei-templates/cve-less/plugins/bold-timeline-lite-263cb8027fbba6881585c49ec8985e2c.yaml new file mode 100644 index 0000000000..fd82d844b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-timeline-lite-263cb8027fbba6881585c49ec8985e2c.yaml @@ -0,0 +1,58 @@ +id: bold-timeline-lite-263cb8027fbba6881585c49ec8985e2c + +info: + name: > + Bold Timeline Lite <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ec4bd64-f13f-4e13-9829-8ccf2b8fd196?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-timeline-lite/" + google-query: inurl:"/wp-content/plugins/bold-timeline-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-timeline-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-timeline-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-timeline-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bold-timeline-lite-d090aa5f37413bd2a82801bde518653e.yaml b/nuclei-templates/cve-less/plugins/bold-timeline-lite-d090aa5f37413bd2a82801bde518653e.yaml new file mode 100644 index 0000000000..77156a4825 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bold-timeline-lite-d090aa5f37413bd2a82801bde518653e.yaml @@ -0,0 +1,58 @@ +id: bold-timeline-lite-d090aa5f37413bd2a82801bde518653e + +info: + name: > + Bold Timeline Lite <= 1.1.9 - Missing Authorization to Admin Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bbabf5e-dbfc-4b01-94ae-0e8fd6b3cc26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bold-timeline-lite/" + google-query: inurl:"/wp-content/plugins/bold-timeline-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bold-timeline-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bold-timeline-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bold-timeline-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/boldgrid-backup-a66a38c6ab7f828962843ef151472f92.yaml b/nuclei-templates/cve-less/plugins/boldgrid-backup-a66a38c6ab7f828962843ef151472f92.yaml new file mode 100644 index 0000000000..60892a44e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/boldgrid-backup-a66a38c6ab7f828962843ef151472f92.yaml @@ -0,0 +1,58 @@ +id: boldgrid-backup-a66a38c6ab7f828962843ef151472f92 + +info: + name: > + Total Upkeep <= 1.15.8 - Improper Authorization to Unauthenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/159e14fc-0512-421a-8bbe-d16c0b04ddf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/boldgrid-backup/" + google-query: inurl:"/wp-content/plugins/boldgrid-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,boldgrid-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/boldgrid-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "boldgrid-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/boldgrid-backup-faa8cb9cb5e4fa47467175ce98c14091.yaml b/nuclei-templates/cve-less/plugins/boldgrid-backup-faa8cb9cb5e4fa47467175ce98c14091.yaml new file mode 100644 index 0000000000..3379b39fb5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/boldgrid-backup-faa8cb9cb5e4fa47467175ce98c14091.yaml @@ -0,0 +1,58 @@ +id: boldgrid-backup-faa8cb9cb5e4fa47467175ce98c14091 + +info: + name: > + Total Upkeep <= 1.14.13 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e346146-1c00-4e03-a6c7-372566d7ffc9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/boldgrid-backup/" + google-query: inurl:"/wp-content/plugins/boldgrid-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,boldgrid-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/boldgrid-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "boldgrid-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/boldgrid-easy-seo-cbd6f11a9e82c5a5f837c5dd0976e92e.yaml b/nuclei-templates/cve-less/plugins/boldgrid-easy-seo-cbd6f11a9e82c5a5f837c5dd0976e92e.yaml new file mode 100644 index 0000000000..3ddfc37729 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/boldgrid-easy-seo-cbd6f11a9e82c5a5f837c5dd0976e92e.yaml @@ -0,0 +1,58 @@ +id: boldgrid-easy-seo-cbd6f11a9e82c5a5f837c5dd0976e92e + +info: + name: > + BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.14 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d502e617-a59f-4385-b050-3702a1b1ed7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/boldgrid-easy-seo/" + google-query: inurl:"/wp-content/plugins/boldgrid-easy-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,boldgrid-easy-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/boldgrid-easy-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "boldgrid-easy-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/boldgrid-easy-seo-facd15a60590ce98592dd0da5f942c33.yaml b/nuclei-templates/cve-less/plugins/boldgrid-easy-seo-facd15a60590ce98592dd0da5f942c33.yaml new file mode 100644 index 0000000000..54271dea50 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/boldgrid-easy-seo-facd15a60590ce98592dd0da5f942c33.yaml @@ -0,0 +1,58 @@ +id: boldgrid-easy-seo-facd15a60590ce98592dd0da5f942c33 + +info: + name: > + BoldGrid Easy SEO – Simple and Effective SEO <= 1.6.13 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Description + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a308fde-1c44-4c34-ace5-6820dc949f53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/boldgrid-easy-seo/" + google-query: inurl:"/wp-content/plugins/boldgrid-easy-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,boldgrid-easy-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/boldgrid-easy-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "boldgrid-easy-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bonus-for-woo-d1a09c4c8a10014e2eab3f97a79ce973.yaml b/nuclei-templates/cve-less/plugins/bonus-for-woo-d1a09c4c8a10014e2eab3f97a79ce973.yaml new file mode 100644 index 0000000000..e23c80e562 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bonus-for-woo-d1a09c4c8a10014e2eab3f97a79ce973.yaml @@ -0,0 +1,58 @@ +id: bonus-for-woo-d1a09c4c8a10014e2eab3f97a79ce973 + +info: + name: > + Bonus for Woo <= 5.8.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b959b65-16ad-45f9-9ad9-dfc97bda571e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bonus-for-woo/" + google-query: inurl:"/wp-content/plugins/bonus-for-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bonus-for-woo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bonus-for-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bonus-for-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/book-appointment-online-edbb23e6d1dd3c6d3b98a72a827de16d.yaml b/nuclei-templates/cve-less/plugins/book-appointment-online-edbb23e6d1dd3c6d3b98a72a827de16d.yaml new file mode 100644 index 0000000000..2e7aacb172 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/book-appointment-online-edbb23e6d1dd3c6d3b98a72a827de16d.yaml @@ -0,0 +1,58 @@ +id: book-appointment-online-edbb23e6d1dd3c6d3b98a72a827de16d + +info: + name: > + Book appointment online <= 1.38 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b8b7ee8-4c11-4353-b664-761955d49b8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/book-appointment-online/" + google-query: inurl:"/wp-content/plugins/book-appointment-online/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,book-appointment-online,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/book-appointment-online/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "book-appointment-online" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.38') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booked-42e35e0cb682e934fb2b734db4cdfce2.yaml b/nuclei-templates/cve-less/plugins/booked-42e35e0cb682e934fb2b734db4cdfce2.yaml new file mode 100644 index 0000000000..440681a07d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booked-42e35e0cb682e934fb2b734db4cdfce2.yaml @@ -0,0 +1,58 @@ +id: booked-42e35e0cb682e934fb2b734db4cdfce2 + +info: + name: > + Booked <= 2.4 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f917973-e207-4ba3-b61b-e562e884fe0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booked/" + google-query: inurl:"/wp-content/plugins/booked/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booked,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booked/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booked" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-64d2238bd20222d178f28431616be0e3.yaml b/nuclei-templates/cve-less/plugins/booking-64d2238bd20222d178f28431616be0e3.yaml new file mode 100644 index 0000000000..0dc5bed744 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-64d2238bd20222d178f28431616be0e3.yaml @@ -0,0 +1,58 @@ +id: booking-64d2238bd20222d178f28431616be0e3 + +info: + name: > + Booking Calendar <= 8.4.3 - SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93a4d653-a852-41c1-8942-8f059420aeb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking/" + google-query: inurl:"/wp-content/plugins/booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-74317d53fd76ca3a1801e928aa95e907.yaml b/nuclei-templates/cve-less/plugins/booking-74317d53fd76ca3a1801e928aa95e907.yaml new file mode 100644 index 0000000000..fdcca2428c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-74317d53fd76ca3a1801e928aa95e907.yaml @@ -0,0 +1,58 @@ +id: booking-74317d53fd76ca3a1801e928aa95e907 + +info: + name: > + Booking Calendar <= 9.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/982be9d7-fe9f-40c6-a474-fcc2d6455839?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking/" + google-query: inurl:"/wp-content/plugins/booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-882a83d7e6d94e3f6111d1f0063b43d9.yaml b/nuclei-templates/cve-less/plugins/booking-882a83d7e6d94e3f6111d1f0063b43d9.yaml new file mode 100644 index 0000000000..f2bd690968 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-882a83d7e6d94e3f6111d1f0063b43d9.yaml @@ -0,0 +1,58 @@ +id: booking-882a83d7e6d94e3f6111d1f0063b43d9 + +info: + name: > + Booking Calendar <= 8.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad177f89-2cc0-4ab3-a787-3b0bd3bf3e47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking/" + google-query: inurl:"/wp-content/plugins/booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-a720a32e95724b99f716e58fddc9c585.yaml b/nuclei-templates/cve-less/plugins/booking-a720a32e95724b99f716e58fddc9c585.yaml new file mode 100644 index 0000000000..202e9dd20f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-a720a32e95724b99f716e58fddc9c585.yaml @@ -0,0 +1,58 @@ +id: booking-a720a32e95724b99f716e58fddc9c585 + +info: + name: > + Booking Calendar <= 9.7.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08814d06-0039-49cc-bcbb-96cb01129e3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking/" + google-query: inurl:"/wp-content/plugins/booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 9.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-activities-362486302d19ffc4bedbec14216dc7ba.yaml b/nuclei-templates/cve-less/plugins/booking-activities-362486302d19ffc4bedbec14216dc7ba.yaml new file mode 100644 index 0000000000..d349063bdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-activities-362486302d19ffc4bedbec14216dc7ba.yaml @@ -0,0 +1,58 @@ +id: booking-activities-362486302d19ffc4bedbec14216dc7ba + +info: + name: > + Booking Activities <= 1.15.19 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45873654-bf0d-4538-b07c-56ed8db3bafb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-activities/" + google-query: inurl:"/wp-content/plugins/booking-activities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-activities,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-activities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-activities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-and-rental-manager-for-woocommerce-de725b70e5d07ce131e255467578f038.yaml b/nuclei-templates/cve-less/plugins/booking-and-rental-manager-for-woocommerce-de725b70e5d07ce131e255467578f038.yaml new file mode 100644 index 0000000000..840c9e2e9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-and-rental-manager-for-woocommerce-de725b70e5d07ce131e255467578f038.yaml @@ -0,0 +1,58 @@ +id: booking-and-rental-manager-for-woocommerce-de725b70e5d07ce131e255467578f038 + +info: + name: > + Booking and Rental Manager <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e7c629f-e9c6-4254-ba37-46de5206d77d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-and-rental-manager-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booking-and-rental-manager-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-and-rental-manager-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-and-rental-manager-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-and-rental-manager-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-b3c2fa102dc78b18cc1d35e379c8dc7a.yaml b/nuclei-templates/cve-less/plugins/booking-b3c2fa102dc78b18cc1d35e379c8dc7a.yaml new file mode 100644 index 0000000000..816ac5d5ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-b3c2fa102dc78b18cc1d35e379c8dc7a.yaml @@ -0,0 +1,58 @@ +id: booking-b3c2fa102dc78b18cc1d35e379c8dc7a + +info: + name: > + Booking Calendar <= 9.7.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f883823f-c225-4cd2-a0f6-39013476ed83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking/" + google-query: inurl:"/wp-content/plugins/booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-0cfb154efea7a6cd97d79b7c9bd11b19.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-0cfb154efea7a6cd97d79b7c9bd11b19.yaml new file mode 100644 index 0000000000..096e2b931b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-0cfb154efea7a6cd97d79b7c9bd11b19.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-0cfb154efea7a6cd97d79b7c9bd11b19 + +info: + name: > + Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e84b1f01-1c3b-4498-aea9-02ced5f1109e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar/" + google-query: inurl:"/wp-content/plugins/booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-52b3904a98bc3991ae688cb27d9acbe7.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-52b3904a98bc3991ae688cb27d9acbe7.yaml new file mode 100644 index 0000000000..cb1bf2e4ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-52b3904a98bc3991ae688cb27d9acbe7.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-52b3904a98bc3991ae688cb27d9acbe7 + +info: + name: > + Booking calendar, Appointment Booking System <= 3.2.1 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9eb34cb2-ebf8-4913-b8e0-152a436963ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar/" + google-query: inurl:"/wp-content/plugins/booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-6a9d80e8fa30f682db502c67279e3ece.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-6a9d80e8fa30f682db502c67279e3ece.yaml new file mode 100644 index 0000000000..547fff68c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-6a9d80e8fa30f682db502c67279e3ece.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-6a9d80e8fa30f682db502c67279e3ece + +info: + name: > + Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b9741c6-4038-45ad-a7b4-fa8f65664f4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar/" + google-query: inurl:"/wp-content/plugins/booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-78f758aca2b7adcaf11ee6e697616163.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-78f758aca2b7adcaf11ee6e697616163.yaml new file mode 100644 index 0000000000..ac8d380433 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-78f758aca2b7adcaf11ee6e697616163.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-78f758aca2b7adcaf11ee6e697616163 + +info: + name: > + Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ebc05b6-89dd-4373-a632-75c783716643?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar/" + google-query: inurl:"/wp-content/plugins/booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-86234e029258ca45a99eefee2aff4d20.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-86234e029258ca45a99eefee2aff4d20.yaml new file mode 100644 index 0000000000..1fe85e4526 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-86234e029258ca45a99eefee2aff4d20.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-86234e029258ca45a99eefee2aff4d20 + +info: + name: > + Booking calendar, Appointment Booking System <= 3.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faf5c00e-e92a-4c1f-9081-20cf36ecabbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar/" + google-query: inurl:"/wp-content/plugins/booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-aacd8cf9b8bd0dfbb9f05d6cc01da96f.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-aacd8cf9b8bd0dfbb9f05d6cc01da96f.yaml new file mode 100644 index 0000000000..7f29302297 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-aacd8cf9b8bd0dfbb9f05d6cc01da96f.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-aacd8cf9b8bd0dfbb9f05d6cc01da96f + +info: + name: > + Booking calendar, Appointment Booking System < 2.2.3 - Unauthenticated Parameter Manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a94708ec-ab09-4604-80ec-5bd85799c6e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar/" + google-query: inurl:"/wp-content/plugins/booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-c3498fe08662af21fd3da077be763084.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-c3498fe08662af21fd3da077be763084.yaml new file mode 100644 index 0000000000..ff576caedc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-c3498fe08662af21fd3da077be763084.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-c3498fe08662af21fd3da077be763084 + +info: + name: > + Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20deedff-8980-4ac2-a74e-c52cfe57e839?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar/" + google-query: inurl:"/wp-content/plugins/booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-2c05a2f96b41f067812b952900469965.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-2c05a2f96b41f067812b952900469965.yaml new file mode 100644 index 0000000000..4137bacf7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-2c05a2f96b41f067812b952900469965.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-contact-form-2c05a2f96b41f067812b952900469965 + +info: + name: > + Booking Calendar Contact Form <= 1.2.40 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f4a3d17-d9fd-4ff4-a4b2-43030cdc7739?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar-contact-form/" + google-query: inurl:"/wp-content/plugins/booking-calendar-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar-contact-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-5e09860a3e9bed6cd5fc9927ca9a87b8.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-5e09860a3e9bed6cd5fc9927ca9a87b8.yaml new file mode 100644 index 0000000000..6fae85f51b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-5e09860a3e9bed6cd5fc9927ca9a87b8.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-contact-form-5e09860a3e9bed6cd5fc9927ca9a87b8 + +info: + name: > + Booking Calendar Contact Form < 1.0.24 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5eb066b-8ab4-47e7-b055-4a9d7a897a3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar-contact-form/" + google-query: inurl:"/wp-content/plugins/booking-calendar-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar-contact-form,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-66b0b9e68fee422256033ff3686e7914.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-66b0b9e68fee422256033ff3686e7914.yaml new file mode 100644 index 0000000000..b906bcc4ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-66b0b9e68fee422256033ff3686e7914.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-contact-form-66b0b9e68fee422256033ff3686e7914 + +info: + name: > + Booking Calendar Contact Form <= 1.2.34 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0563d2f0-fb29-4030-8d01-c257dda78241?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar-contact-form/" + google-query: inurl:"/wp-content/plugins/booking-calendar-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-8e9a2657d58363938f72aae51c6cd0a3.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-8e9a2657d58363938f72aae51c6cd0a3.yaml new file mode 100644 index 0000000000..66b026264e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-contact-form-8e9a2657d58363938f72aae51c6cd0a3.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-contact-form-8e9a2657d58363938f72aae51c6cd0a3 + +info: + name: > + Booking Calendar Contact Form <= 1.0.23 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd3bfdc0-8e1b-49e9-b800-cb2dde2d5acb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar-contact-form/" + google-query: inurl:"/wp-content/plugins/booking-calendar-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar-contact-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-d11c386e86541e81dcae4e94a2860a10.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-d11c386e86541e81dcae4e94a2860a10.yaml new file mode 100644 index 0000000000..28c41d4171 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-d11c386e86541e81dcae4e94a2860a10.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-d11c386e86541e81dcae4e94a2860a10 + +info: + name: > + Booking calendar, Appointment Booking System <= 3.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2675177-8b85-4fb8-ba10-ae02cb5c6c72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar/" + google-query: inurl:"/wp-content/plugins/booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-calendar-e44a87677c68a494baa8ed72b523a10f.yaml b/nuclei-templates/cve-less/plugins/booking-calendar-e44a87677c68a494baa8ed72b523a10f.yaml new file mode 100644 index 0000000000..f9eb0ea600 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-calendar-e44a87677c68a494baa8ed72b523a10f.yaml @@ -0,0 +1,58 @@ +id: booking-calendar-e44a87677c68a494baa8ed72b523a10f + +info: + name: > + Booking calendar, Appointment Booking System <= 3.2.6 - Authenticated (Administrator+) SQL Injection via *_selected + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c44b6e5-7fb2-402e-8c8c-79d811ff0e9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-calendar/" + google-query: inurl:"/wp-content/plugins/booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-e064d299c84a7a932db5e1b086223b4a.yaml b/nuclei-templates/cve-less/plugins/booking-e064d299c84a7a932db5e1b086223b4a.yaml new file mode 100644 index 0000000000..116d331b8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-e064d299c84a7a932db5e1b086223b4a.yaml @@ -0,0 +1,58 @@ +id: booking-e064d299c84a7a932db5e1b086223b4a + +info: + name: > + Booking Calendar <= 9.4.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a69576e-4796-421a-b6ee-08a3b40d4805?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking/" + google-query: inurl:"/wp-content/plugins/booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-e9dd2b4943d62b4d4eacb38332a5b454.yaml b/nuclei-templates/cve-less/plugins/booking-e9dd2b4943d62b4d4eacb38332a5b454.yaml new file mode 100644 index 0000000000..cac3736354 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-e9dd2b4943d62b4d4eacb38332a5b454.yaml @@ -0,0 +1,58 @@ +id: booking-e9dd2b4943d62b4d4eacb38332a5b454 + +info: + name: > + Booking Calendar <= 9.9 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking/" + google-query: inurl:"/wp-content/plugins/booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-eb4b31f33272ec5c989c730f7ccb3d9f.yaml b/nuclei-templates/cve-less/plugins/booking-eb4b31f33272ec5c989c730f7ccb3d9f.yaml new file mode 100644 index 0000000000..f7424a2917 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-eb4b31f33272ec5c989c730f7ccb3d9f.yaml @@ -0,0 +1,58 @@ +id: booking-eb4b31f33272ec5c989c730f7ccb3d9f + +info: + name: > + Booking Calendar <= 9.1 - PHP Object Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55491c64-e4b5-4919-bdcb-7285f2a3c3cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking/" + google-query: inurl:"/wp-content/plugins/booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-manager-701997e59be83cd9ba4ad233278f4aaf.yaml b/nuclei-templates/cve-less/plugins/booking-manager-701997e59be83cd9ba4ad233278f4aaf.yaml new file mode 100644 index 0000000000..a680d5b476 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-manager-701997e59be83cd9ba4ad233278f4aaf.yaml @@ -0,0 +1,58 @@ +id: booking-manager-701997e59be83cd9ba4ad233278f4aaf + +info: + name: > + Booking Manager <= 2.1.5 - Authenticated(Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9829ec10-ad37-4345-b4d6-cd0429b2d8f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-manager/" + google-query: inurl:"/wp-content/plugins/booking-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-manager-ffbb08b3382f9c076d19dfa65caa3e3a.yaml b/nuclei-templates/cve-less/plugins/booking-manager-ffbb08b3382f9c076d19dfa65caa3e3a.yaml new file mode 100644 index 0000000000..2c7f4cbd6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-manager-ffbb08b3382f9c076d19dfa65caa3e3a.yaml @@ -0,0 +1,58 @@ +id: booking-manager-ffbb08b3382f9c076d19dfa65caa3e3a + +info: + name: > + Booking Manager <= 2.0.28 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9ee709d-6590-4c07-9788-6150733c1691?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-manager/" + google-query: inurl:"/wp-content/plugins/booking-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-package-6104fab3d6323129ecb2671e037b46ea.yaml b/nuclei-templates/cve-less/plugins/booking-package-6104fab3d6323129ecb2671e037b46ea.yaml new file mode 100644 index 0000000000..e540840456 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-package-6104fab3d6323129ecb2671e037b46ea.yaml @@ -0,0 +1,58 @@ +id: booking-package-6104fab3d6323129ecb2671e037b46ea + +info: + name: > + Booking Package <= 1.5.98 - Authorization Bypass to Arbitrary Password Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65166432-a877-4070-94c1-cdaf7e5d7586?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-package/" + google-query: inurl:"/wp-content/plugins/booking-package/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-package,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-package/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-package" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.99') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-package-64d367b3cacb5cf8c295e6ccc3504c04.yaml b/nuclei-templates/cve-less/plugins/booking-package-64d367b3cacb5cf8c295e6ccc3504c04.yaml new file mode 100644 index 0000000000..34b1efd5fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-package-64d367b3cacb5cf8c295e6ccc3504c04.yaml @@ -0,0 +1,58 @@ +id: booking-package-64d367b3cacb5cf8c295e6ccc3504c04 + +info: + name: > + Booking Package <= 1.5.28 - Unauthenticated Sensitive Data Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c5a065a-a81e-4963-af54-21f145632bed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-package/" + google-query: inurl:"/wp-content/plugins/booking-package/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-package,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-package/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-package" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-package-6b73dfda9277bb390c84251b69303827.yaml b/nuclei-templates/cve-less/plugins/booking-package-6b73dfda9277bb390c84251b69303827.yaml new file mode 100644 index 0000000000..dba04cfd4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-package-6b73dfda9277bb390c84251b69303827.yaml @@ -0,0 +1,58 @@ +id: booking-package-6b73dfda9277bb390c84251b69303827 + +info: + name: > + Booking Package <= 1.6.27 - Unauthenticated Price Manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b611abb-460c-44d4-9f77-052a208f8d85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-package/" + google-query: inurl:"/wp-content/plugins/booking-package/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-package,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-package/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-package" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-package-bea3389dfa395e208890fd90e5f6c66b.yaml b/nuclei-templates/cve-less/plugins/booking-package-bea3389dfa395e208890fd90e5f6c66b.yaml new file mode 100644 index 0000000000..a6fff9c12e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-package-bea3389dfa395e208890fd90e5f6c66b.yaml @@ -0,0 +1,58 @@ +id: booking-package-bea3389dfa395e208890fd90e5f6c66b + +info: + name: > + Booking Package <= 1.6.01 - Reflected Cross-Site Scripting via 'mode' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d460cc34-c8b0-453b-9b6b-3bd53137625a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-package/" + google-query: inurl:"/wp-content/plugins/booking-package/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-package,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-package/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-package" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-package-eb4f476f66236ca8f6047b9846303766.yaml b/nuclei-templates/cve-less/plugins/booking-package-eb4f476f66236ca8f6047b9846303766.yaml new file mode 100644 index 0000000000..7100f3f869 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-package-eb4f476f66236ca8f6047b9846303766.yaml @@ -0,0 +1,58 @@ +id: booking-package-eb4f476f66236ca8f6047b9846303766 + +info: + name: > + Booking Package <= 1.5.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3884cb24-3f46-4feb-a6b9-4445ca8fd0e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-package/" + google-query: inurl:"/wp-content/plugins/booking-package/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-package,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-package/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-package" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-sms-167d9672411be44feb72a5175fd0987c.yaml b/nuclei-templates/cve-less/plugins/booking-sms-167d9672411be44feb72a5175fd0987c.yaml new file mode 100644 index 0000000000..4f56193a9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-sms-167d9672411be44feb72a5175fd0987c.yaml @@ -0,0 +1,58 @@ +id: booking-sms-167d9672411be44feb72a5175fd0987c + +info: + name: > + Clockwork SMS Plugins - Multiple Versions - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f35a20-ffcf-4413-b1ea-748cd6aa6f20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-sms/" + google-query: inurl:"/wp-content/plugins/booking-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-sms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-sms-a5d93553709e3d7ff537bf5a7307a899.yaml b/nuclei-templates/cve-less/plugins/booking-sms-a5d93553709e3d7ff537bf5a7307a899.yaml new file mode 100644 index 0000000000..643b43d077 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-sms-a5d93553709e3d7ff537bf5a7307a899.yaml @@ -0,0 +1,58 @@ +id: booking-sms-a5d93553709e3d7ff537bf5a7307a899 + +info: + name: > + Booking Calendar - Clockwork SMS <= 1.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf44639-60ce-4a3c-aa4a-550dd9327039?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-sms/" + google-query: inurl:"/wp-content/plugins/booking-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-sms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-system-044e0b800aae833468f672b3d52648b9.yaml b/nuclei-templates/cve-less/plugins/booking-system-044e0b800aae833468f672b3d52648b9.yaml new file mode 100644 index 0000000000..3a3cc600dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-system-044e0b800aae833468f672b3d52648b9.yaml @@ -0,0 +1,58 @@ +id: booking-system-044e0b800aae833468f672b3d52648b9 + +info: + name: > + Pinpoint Booking System – #1 WordPress Booking Plugin < 2.1 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/437e8d95-2ab3-4cb0-94ca-110f742d6eff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-system/" + google-query: inurl:"/wp-content/plugins/booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-system-18e973bad98be5b94dffe02819323b60.yaml b/nuclei-templates/cve-less/plugins/booking-system-18e973bad98be5b94dffe02819323b60.yaml new file mode 100644 index 0000000000..673a79c44b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-system-18e973bad98be5b94dffe02819323b60.yaml @@ -0,0 +1,58 @@ +id: booking-system-18e973bad98be5b94dffe02819323b60 + +info: + name: > + Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcd9df9c-e1f8-467a-8f1c-ab5c402004da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-system/" + google-query: inurl:"/wp-content/plugins/booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.9.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-system-38e29be67779459d45a16e8dcf062abc.yaml b/nuclei-templates/cve-less/plugins/booking-system-38e29be67779459d45a16e8dcf062abc.yaml new file mode 100644 index 0000000000..e593ab7f5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-system-38e29be67779459d45a16e8dcf062abc.yaml @@ -0,0 +1,58 @@ +id: booking-system-38e29be67779459d45a16e8dcf062abc + +info: + name: > + Pinpoint Booking System <= 2.9.9.2.8 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b14bc75a-0bfb-4d46-89db-c31fb6bfa7cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-system/" + google-query: inurl:"/wp-content/plugins/booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-system-47ded31f222bc2d2f0264df68174ce6d.yaml b/nuclei-templates/cve-less/plugins/booking-system-47ded31f222bc2d2f0264df68174ce6d.yaml new file mode 100644 index 0000000000..2201597db1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-system-47ded31f222bc2d2f0264df68174ce6d.yaml @@ -0,0 +1,58 @@ +id: booking-system-47ded31f222bc2d2f0264df68174ce6d + +info: + name: > + Pinpoint Booking System <= 2.9.9.4.0 - Cross-Site Request Forgery via initBackEndAJAX + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4dfb4b5-b2a5-40bd-9dfb-863baa563d06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-system/" + google-query: inurl:"/wp-content/plugins/booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-system-7983ddc66df9d17c37dd89bbc4e4f416.yaml b/nuclei-templates/cve-less/plugins/booking-system-7983ddc66df9d17c37dd89bbc4e4f416.yaml new file mode 100644 index 0000000000..fcae6e2d63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-system-7983ddc66df9d17c37dd89bbc4e4f416.yaml @@ -0,0 +1,58 @@ +id: booking-system-7983ddc66df9d17c37dd89bbc4e4f416 + +info: + name: > + Pinpoint Booking System – #1 WordPress Booking Plugin < 1.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9461354-0e69-47d9-a11c-838cfa94be67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-system/" + google-query: inurl:"/wp-content/plugins/booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-system,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-system-b9395679d8a85b69727aeef7e08a5667.yaml b/nuclei-templates/cve-less/plugins/booking-system-b9395679d8a85b69727aeef7e08a5667.yaml new file mode 100644 index 0000000000..2e8756ce0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-system-b9395679d8a85b69727aeef7e08a5667.yaml @@ -0,0 +1,58 @@ +id: booking-system-b9395679d8a85b69727aeef7e08a5667 + +info: + name: > + Pinpoint Booking System <= 2.9.9.3.4 - Content Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ad895db-5fe9-419b-8884-9a840bd350f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-system/" + google-query: inurl:"/wp-content/plugins/booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-ultra-pro-437e935b70b10e1a496119f3d8fbac5b.yaml b/nuclei-templates/cve-less/plugins/booking-ultra-pro-437e935b70b10e1a496119f3d8fbac5b.yaml new file mode 100644 index 0000000000..ebd2099c8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-ultra-pro-437e935b70b10e1a496119f3d8fbac5b.yaml @@ -0,0 +1,58 @@ +id: booking-ultra-pro-437e935b70b10e1a496119f3d8fbac5b + +info: + name: > + Booking Ultra Pro <= 1.1.6 - Missing Authorization via save_fields_settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c0f8f3-22fe-4139-93bb-0e9bacf9dafb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-ultra-pro/" + google-query: inurl:"/wp-content/plugins/booking-ultra-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-ultra-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-ultra-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-ultra-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-ultra-pro-5b1c2add49d2a47b01ab11a65c17a099.yaml b/nuclei-templates/cve-less/plugins/booking-ultra-pro-5b1c2add49d2a47b01ab11a65c17a099.yaml new file mode 100644 index 0000000000..dea717dda1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-ultra-pro-5b1c2add49d2a47b01ab11a65c17a099.yaml @@ -0,0 +1,58 @@ +id: booking-ultra-pro-5b1c2add49d2a47b01ab11a65c17a099 + +info: + name: > + Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/701910b7-6da3-40db-a48b-46a93398953a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-ultra-pro/" + google-query: inurl:"/wp-content/plugins/booking-ultra-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-ultra-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-ultra-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-ultra-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-ultra-pro-7075591051dde0bd8bf5f75302619dd9.yaml b/nuclei-templates/cve-less/plugins/booking-ultra-pro-7075591051dde0bd8bf5f75302619dd9.yaml new file mode 100644 index 0000000000..28bb7ef106 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-ultra-pro-7075591051dde0bd8bf5f75302619dd9.yaml @@ -0,0 +1,58 @@ +id: booking-ultra-pro-7075591051dde0bd8bf5f75302619dd9 + +info: + name: > + Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cd1b975-ac38-4393-9928-109db507828c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-ultra-pro/" + google-query: inurl:"/wp-content/plugins/booking-ultra-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-ultra-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-ultra-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-ultra-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-ultra-pro-770cacdb7e6dbbed594d0162d09eaa1e.yaml b/nuclei-templates/cve-less/plugins/booking-ultra-pro-770cacdb7e6dbbed594d0162d09eaa1e.yaml new file mode 100644 index 0000000000..11c0e7d19e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-ultra-pro-770cacdb7e6dbbed594d0162d09eaa1e.yaml @@ -0,0 +1,58 @@ +id: booking-ultra-pro-770cacdb7e6dbbed594d0162d09eaa1e + +info: + name: > + Booking Ultra Pro <= 1.1.8 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6572733-3b3a-49c5-9ee3-52a7ab61c98d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-ultra-pro/" + google-query: inurl:"/wp-content/plugins/booking-ultra-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-ultra-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-ultra-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-ultra-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-ultra-pro-946e2c8cf66089d544e720fc4e253df1.yaml b/nuclei-templates/cve-less/plugins/booking-ultra-pro-946e2c8cf66089d544e720fc4e253df1.yaml new file mode 100644 index 0000000000..a41fe27f49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-ultra-pro-946e2c8cf66089d544e720fc4e253df1.yaml @@ -0,0 +1,58 @@ +id: booking-ultra-pro-946e2c8cf66089d544e720fc4e253df1 + +info: + name: > + Booking Ultra Pro <= 1.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01370a71-2611-4826-b08b-485839ca606a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-ultra-pro/" + google-query: inurl:"/wp-content/plugins/booking-ultra-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-ultra-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-ultra-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-ultra-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-ultra-pro-a730585b1aab8262e7f092340f9d0036.yaml b/nuclei-templates/cve-less/plugins/booking-ultra-pro-a730585b1aab8262e7f092340f9d0036.yaml new file mode 100644 index 0000000000..c911fba7d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-ultra-pro-a730585b1aab8262e7f092340f9d0036.yaml @@ -0,0 +1,58 @@ +id: booking-ultra-pro-a730585b1aab8262e7f092340f9d0036 + +info: + name: > + Booking Ultra Pro <= 1.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/803e9059-7606-42eb-9193-1a18d57153b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-ultra-pro/" + google-query: inurl:"/wp-content/plugins/booking-ultra-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-ultra-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-ultra-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-ultra-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-ultra-pro-b37c04c35cc1fc9903c14f0d3df33b2d.yaml b/nuclei-templates/cve-less/plugins/booking-ultra-pro-b37c04c35cc1fc9903c14f0d3df33b2d.yaml new file mode 100644 index 0000000000..960d4eea5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-ultra-pro-b37c04c35cc1fc9903c14f0d3df33b2d.yaml @@ -0,0 +1,58 @@ +id: booking-ultra-pro-b37c04c35cc1fc9903c14f0d3df33b2d + +info: + name: > + Booking Ultra Pro <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd8fb3e9-34eb-4b37-9a7e-00309a1ca81d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-ultra-pro/" + google-query: inurl:"/wp-content/plugins/booking-ultra-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-ultra-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-ultra-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-ultra-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booking-ultra-pro-cec3580e3bef11008dce66e6706b0fc0.yaml b/nuclei-templates/cve-less/plugins/booking-ultra-pro-cec3580e3bef11008dce66e6706b0fc0.yaml new file mode 100644 index 0000000000..3f01748760 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booking-ultra-pro-cec3580e3bef11008dce66e6706b0fc0.yaml @@ -0,0 +1,58 @@ +id: booking-ultra-pro-cec3580e3bef11008dce66e6706b0fc0 + +info: + name: > + Booking Ultra Pro <= 1.1.12 - Authenticated (Contributor+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f65fdde9-1133-4e29-a70a-be977f96acce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booking-ultra-pro/" + google-query: inurl:"/wp-content/plugins/booking-ultra-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booking-ultra-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booking-ultra-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booking-ultra-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookingcom-banner-creator-792631ba5cdfc566598ea26dfe895270.yaml b/nuclei-templates/cve-less/plugins/bookingcom-banner-creator-792631ba5cdfc566598ea26dfe895270.yaml new file mode 100644 index 0000000000..782f03d428 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookingcom-banner-creator-792631ba5cdfc566598ea26dfe895270.yaml @@ -0,0 +1,58 @@ +id: bookingcom-banner-creator-792631ba5cdfc566598ea26dfe895270 + +info: + name: > + Booking.com Banner Creator <= 1.4.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2fee7aa-5289-4bf0-b175-5a64b16fdd40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookingcom-banner-creator/" + google-query: inurl:"/wp-content/plugins/bookingcom-banner-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookingcom-banner-creator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingcom-banner-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingcom-banner-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookingcom-product-helper-97d71a5a3da44a42d764845b5a062c1f.yaml b/nuclei-templates/cve-less/plugins/bookingcom-product-helper-97d71a5a3da44a42d764845b5a062c1f.yaml new file mode 100644 index 0000000000..8cc07d6582 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookingcom-product-helper-97d71a5a3da44a42d764845b5a062c1f.yaml @@ -0,0 +1,58 @@ +id: bookingcom-product-helper-97d71a5a3da44a42d764845b5a062c1f + +info: + name: > + Booking.com Product Helper <= 1.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1212dfc7-41d4-4c16-960a-7afc882ec4db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookingcom-product-helper/" + google-query: inurl:"/wp-content/plugins/bookingcom-product-helper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookingcom-product-helper,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingcom-product-helper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingcom-product-helper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-31c57dd6605d62ca0d6cd98ec04a3787.yaml b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-31c57dd6605d62ca0d6cd98ec04a3787.yaml new file mode 100644 index 0000000000..8be389356e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-31c57dd6605d62ca0d6cd98ec04a3787.yaml @@ -0,0 +1,58 @@ +id: bookingpress-appointment-booking-31c57dd6605d62ca0d6cd98ec04a3787 + +info: + name: > + BookingPress <= 1.0.72 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1a3cc98-3bee-4d52-a4bf-2a1a284b9311?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookingpress-appointment-booking/" + google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingpress-appointment-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingpress-appointment-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.72') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-631d4cb99a459c16e4abfaa250ae1a0d.yaml b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-631d4cb99a459c16e4abfaa250ae1a0d.yaml new file mode 100644 index 0000000000..aa854391b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-631d4cb99a459c16e4abfaa250ae1a0d.yaml @@ -0,0 +1,58 @@ +id: bookingpress-appointment-booking-631d4cb99a459c16e4abfaa250ae1a0d + +info: + name: > + BookingPress <= 1.0.76 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/710b8e4e-01de-4e99-8cf2-31abc2419b29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookingpress-appointment-booking/" + google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingpress-appointment-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingpress-appointment-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.76') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-65f544c282d9d1cc0fbf1f6438a4d682.yaml b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-65f544c282d9d1cc0fbf1f6438a4d682.yaml new file mode 100644 index 0000000000..e55d860b77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-65f544c282d9d1cc0fbf1f6438a4d682.yaml @@ -0,0 +1,58 @@ +id: bookingpress-appointment-booking-65f544c282d9d1cc0fbf1f6438a4d682 + +info: + name: > + BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.0.87 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/049ec264-3ed1-4741-937d-8a633ef0a627?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookingpress-appointment-booking/" + google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingpress-appointment-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingpress-appointment-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.87') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-6afeb2ce393f64d78e2ee60294c65cf9.yaml b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-6afeb2ce393f64d78e2ee60294c65cf9.yaml new file mode 100644 index 0000000000..89dc5687c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-6afeb2ce393f64d78e2ee60294c65cf9.yaml @@ -0,0 +1,58 @@ +id: bookingpress-appointment-booking-6afeb2ce393f64d78e2ee60294c65cf9 + +info: + name: > + BookingPress <= 1.0.81 - Authenticated (Customer+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a86fc949-6caf-48b7-beda-ca0c653c9b29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookingpress-appointment-booking/" + google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingpress-appointment-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingpress-appointment-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.81') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-7012d2201a7455c1e6a2f89c3d28d2a8.yaml b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-7012d2201a7455c1e6a2f89c3d28d2a8.yaml new file mode 100644 index 0000000000..1583aabc61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-7012d2201a7455c1e6a2f89c3d28d2a8.yaml @@ -0,0 +1,58 @@ +id: bookingpress-appointment-booking-7012d2201a7455c1e6a2f89c3d28d2a8 + +info: + name: > + BookingPress < 1.0.11 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffa0d1ff-a1df-4a90-bfe5-3f4c8a7942c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookingpress-appointment-booking/" + google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingpress-appointment-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingpress-appointment-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-7693fcc00d13cef3033e8801e5f162a4.yaml b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-7693fcc00d13cef3033e8801e5f162a4.yaml new file mode 100644 index 0000000000..b797b3c4e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-7693fcc00d13cef3033e8801e5f162a4.yaml @@ -0,0 +1,58 @@ +id: bookingpress-appointment-booking-7693fcc00d13cef3033e8801e5f162a4 + +info: + name: > + BookingPress <= 1.0.74 - Booking Price Manipulation via bookingpress_confirm_booking + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08f55882-d19f-43a3-a370-17d041493944?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookingpress-appointment-booking/" + google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingpress-appointment-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingpress-appointment-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.74') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-939a2361df462af629884dcbb9b0b778.yaml b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-939a2361df462af629884dcbb9b0b778.yaml new file mode 100644 index 0000000000..22ac448654 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-939a2361df462af629884dcbb9b0b778.yaml @@ -0,0 +1,58 @@ +id: bookingpress-appointment-booking-939a2361df462af629884dcbb9b0b778 + +info: + name: > + BookingPress <= 1.0.64 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a720ad0e-6194-4df4-951e-e818518e79b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookingpress-appointment-booking/" + google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingpress-appointment-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingpress-appointment-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.64') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-97d20ad28c50ce54c99b6663434336ca.yaml b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-97d20ad28c50ce54c99b6663434336ca.yaml new file mode 100644 index 0000000000..e19bdfa687 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookingpress-appointment-booking-97d20ad28c50ce54c99b6663434336ca.yaml @@ -0,0 +1,58 @@ +id: bookingpress-appointment-booking-97d20ad28c50ce54c99b6663434336ca + +info: + name: > + BookingPress <= 1.0.30 - Unauthenticated Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8019da67-fd2c-48f8-8983-6fb8fb30510b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookingpress-appointment-booking/" + google-query: inurl:"/wp-content/plugins/bookingpress-appointment-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookingpress-appointment-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookingpress-appointment-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookingpress-appointment-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookit-11aab719a7f95d840a71a26506348060.yaml b/nuclei-templates/cve-less/plugins/bookit-11aab719a7f95d840a71a26506348060.yaml new file mode 100644 index 0000000000..7ade829697 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookit-11aab719a7f95d840a71a26506348060.yaml @@ -0,0 +1,58 @@ +id: bookit-11aab719a7f95d840a71a26506348060 + +info: + name: > + BookIt <= 2.3.7 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfd32e46-a4fc-4c10-b546-9f9da75db791?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookit/" + google-query: inurl:"/wp-content/plugins/bookit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookit,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookit-3617ec07999a872e306f9b352b63ebdd.yaml b/nuclei-templates/cve-less/plugins/bookit-3617ec07999a872e306f9b352b63ebdd.yaml new file mode 100644 index 0000000000..84c8d45fa8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookit-3617ec07999a872e306f9b352b63ebdd.yaml @@ -0,0 +1,58 @@ +id: bookit-3617ec07999a872e306f9b352b63ebdd + +info: + name: > + BookIt <= 2.4.3 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4e97c01-7e8a-41b7-90ad-029d8c5fd37c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookit/" + google-query: inurl:"/wp-content/plugins/bookit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookit-bc903096388fe8f2ee39329af87a5f0b.yaml b/nuclei-templates/cve-less/plugins/bookit-bc903096388fe8f2ee39329af87a5f0b.yaml new file mode 100644 index 0000000000..09fe7d5e9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookit-bc903096388fe8f2ee39329af87a5f0b.yaml @@ -0,0 +1,58 @@ +id: bookit-bc903096388fe8f2ee39329af87a5f0b + +info: + name: > + BookIt <=2.4.0 - Price Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9938c7d-ef0d-45a2-900f-ac8bda9ce75a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookit/" + google-query: inurl:"/wp-content/plugins/bookit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-1609915cce06136e2f0af7da1d5a5d40.yaml b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-1609915cce06136e2f0af7da1d5a5d40.yaml new file mode 100644 index 0000000000..cf0f91264e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-1609915cce06136e2f0af7da1d5a5d40.yaml @@ -0,0 +1,58 @@ +id: bookly-responsive-appointment-booking-tool-1609915cce06136e2f0af7da1d5a5d40 + +info: + name: > + Bookly <= 21.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4cdf774-c93b-4b94-85ba-aa56bf401873?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookly-responsive-appointment-booking-tool/" + google-query: inurl:"/wp-content/plugins/bookly-responsive-appointment-booking-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookly-responsive-appointment-booking-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookly-responsive-appointment-booking-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '21.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-5e7a34d7ec594c161e3b32965c332df1.yaml b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-5e7a34d7ec594c161e3b32965c332df1.yaml new file mode 100644 index 0000000000..0d89a12746 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-5e7a34d7ec594c161e3b32965c332df1.yaml @@ -0,0 +1,58 @@ +id: bookly-responsive-appointment-booking-tool-5e7a34d7ec594c161e3b32965c332df1 + +info: + name: > + Bookly <= 21.7.1 - Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a7609bf-5b20-440c-9984-eeb26962ada8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookly-responsive-appointment-booking-tool/" + google-query: inurl:"/wp-content/plugins/bookly-responsive-appointment-booking-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookly-responsive-appointment-booking-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookly-responsive-appointment-booking-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-8001bfb6e3adcf1d41f5f6700841da72.yaml b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-8001bfb6e3adcf1d41f5f6700841da72.yaml new file mode 100644 index 0000000000..006087a7e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-8001bfb6e3adcf1d41f5f6700841da72.yaml @@ -0,0 +1,58 @@ +id: bookly-responsive-appointment-booking-tool-8001bfb6e3adcf1d41f5f6700841da72 + +info: + name: > + WordPress Online Booking and Scheduling Plugin – Bookly <= 14.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e3931c2-c9b4-412e-941d-840c5bb9be89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookly-responsive-appointment-booking-tool/" + google-query: inurl:"/wp-content/plugins/bookly-responsive-appointment-booking-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookly-responsive-appointment-booking-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookly-responsive-appointment-booking-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-818af94ff212e6efa6d6c820fd265294.yaml b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-818af94ff212e6efa6d6c820fd265294.yaml new file mode 100644 index 0000000000..6733bd3cac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-818af94ff212e6efa6d6c820fd265294.yaml @@ -0,0 +1,58 @@ +id: bookly-responsive-appointment-booking-tool-818af94ff212e6efa6d6c820fd265294 + +info: + name: > + Bookly <= 21.5 - Unauthenticated Stored Cross-Site Scripting via Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3efbd9d-e2b5-4915-a964-29a49c7fba86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookly-responsive-appointment-booking-tool/" + google-query: inurl:"/wp-content/plugins/bookly-responsive-appointment-booking-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookly-responsive-appointment-booking-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookly-responsive-appointment-booking-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '21.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-8558d7a24f00d0b4c6ef650bca69a892.yaml b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-8558d7a24f00d0b4c6ef650bca69a892.yaml new file mode 100644 index 0000000000..9c3c812e68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-8558d7a24f00d0b4c6ef650bca69a892.yaml @@ -0,0 +1,58 @@ +id: bookly-responsive-appointment-booking-tool-8558d7a24f00d0b4c6ef650bca69a892 + +info: + name: > + Bookly <= 22.3.1 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ade6f9f2-2a35-4bb0-ab13-33b84394d965?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookly-responsive-appointment-booking-tool/" + google-query: inurl:"/wp-content/plugins/bookly-responsive-appointment-booking-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookly-responsive-appointment-booking-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookly-responsive-appointment-booking-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 22.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-9ae477d5648cc901734eab0eec621bd2.yaml b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-9ae477d5648cc901734eab0eec621bd2.yaml new file mode 100644 index 0000000000..49b72e9e03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-9ae477d5648cc901734eab0eec621bd2.yaml @@ -0,0 +1,58 @@ +id: bookly-responsive-appointment-booking-tool-9ae477d5648cc901734eab0eec621bd2 + +info: + name: > + Bookly <= 20.3 - Staff Member Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd6cddeb-c812-4496-9377-cc8832842c51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookly-responsive-appointment-booking-tool/" + google-query: inurl:"/wp-content/plugins/bookly-responsive-appointment-booking-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookly-responsive-appointment-booking-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookly-responsive-appointment-booking-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-9fa7c4fbd0089213898129a94fb855e3.yaml b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-9fa7c4fbd0089213898129a94fb855e3.yaml new file mode 100644 index 0000000000..7503da964c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookly-responsive-appointment-booking-tool-9fa7c4fbd0089213898129a94fb855e3.yaml @@ -0,0 +1,58 @@ +id: bookly-responsive-appointment-booking-tool-9fa7c4fbd0089213898129a94fb855e3 + +info: + name: > + WordPress Online Booking and Scheduling Plugin – Bookly <= 22.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48ffd408-ef7b-4b78-90c3-e1645d7354b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookly-responsive-appointment-booking-tool/" + google-query: inurl:"/wp-content/plugins/bookly-responsive-appointment-booking-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookly-responsive-appointment-booking-tool,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookly-responsive-appointment-booking-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookly-responsive-appointment-booking-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 22.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookmarkify-2b409575c7974f5c970ac5bf63b20b84.yaml b/nuclei-templates/cve-less/plugins/bookmarkify-2b409575c7974f5c970ac5bf63b20b84.yaml new file mode 100644 index 0000000000..bed1ace74c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookmarkify-2b409575c7974f5c970ac5bf63b20b84.yaml @@ -0,0 +1,58 @@ +id: bookmarkify-2b409575c7974f5c970ac5bf63b20b84 + +info: + name: > + Bookmarkify <= 1.1.3 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/824b27e8-1f07-4cd0-9335-5860d1b58562?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookmarkify/" + google-query: inurl:"/wp-content/plugins/bookmarkify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookmarkify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookmarkify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookmarkify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/books-papers-01ed1eb8aac2e68ae5c276ba61ed6aed.yaml b/nuclei-templates/cve-less/plugins/books-papers-01ed1eb8aac2e68ae5c276ba61ed6aed.yaml new file mode 100644 index 0000000000..70cf370ae7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/books-papers-01ed1eb8aac2e68ae5c276ba61ed6aed.yaml @@ -0,0 +1,58 @@ +id: books-papers-01ed1eb8aac2e68ae5c276ba61ed6aed + +info: + name: > + Books & Papers <= 0.20210223 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e51eb56-e2f7-433c-8db7-bcf7539aee29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/books-papers/" + google-query: inurl:"/wp-content/plugins/books-papers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,books-papers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/books-papers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "books-papers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.20210223') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookshelf-0e3f0bd6a580d466d037adb8757f5f4f.yaml b/nuclei-templates/cve-less/plugins/bookshelf-0e3f0bd6a580d466d037adb8757f5f4f.yaml new file mode 100644 index 0000000000..5de910cdc7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookshelf-0e3f0bd6a580d466d037adb8757f5f4f.yaml @@ -0,0 +1,58 @@ +id: bookshelf-0e3f0bd6a580d466d037adb8757f5f4f + +info: + name: > + Bookshelf <= 2.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61d6b2b8-dcaa-4419-b61d-4def743def95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookshelf/" + google-query: inurl:"/wp-content/plugins/bookshelf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookshelf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookshelf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookshelf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bookx-a1af99e36ad926e6fbfffb28e9e0b399.yaml b/nuclei-templates/cve-less/plugins/bookx-a1af99e36ad926e6fbfffb28e9e0b399.yaml new file mode 100644 index 0000000000..f6f33e25c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bookx-a1af99e36ad926e6fbfffb28e9e0b399.yaml @@ -0,0 +1,58 @@ +id: bookx-a1af99e36ad926e6fbfffb28e9e0b399 + +info: + name: > + BookX <= 1.7 - Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/424a30d7-4806-4274-8c5e-75dcc12e9f3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bookx/" + google-query: inurl:"/wp-content/plugins/bookx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bookx,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bookx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bookx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booqable-rental-reservations-aa0b3a997f2af2400ed5816a52c96615.yaml b/nuclei-templates/cve-less/plugins/booqable-rental-reservations-aa0b3a997f2af2400ed5816a52c96615.yaml new file mode 100644 index 0000000000..342286052c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booqable-rental-reservations-aa0b3a997f2af2400ed5816a52c96615.yaml @@ -0,0 +1,58 @@ +id: booqable-rental-reservations-aa0b3a997f2af2400ed5816a52c96615 + +info: + name: > + Booqable Rental Plugin <= 2.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16f183a6-b8db-461e-b17d-2faa528ff0ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booqable-rental-reservations/" + google-query: inurl:"/wp-content/plugins/booqable-rental-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booqable-rental-reservations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booqable-rental-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booqable-rental-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-2594adb9a7b091439405e835629ab066.yaml b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-2594adb9a7b091439405e835629ab066.yaml new file mode 100644 index 0000000000..a8bde7d6ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-2594adb9a7b091439405e835629ab066.yaml @@ -0,0 +1,58 @@ +id: booster-elite-for-woocommerce-2594adb9a7b091439405e835629ab066 + +info: + name: > + Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21cc3f71-7591-4111-a58a-d863df74587f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-elite-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-2b5138240155c353b3e1835e93054ec3.yaml b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-2b5138240155c353b3e1835e93054ec3.yaml new file mode 100644 index 0000000000..8ab00a1f6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-2b5138240155c353b3e1835e93054ec3.yaml @@ -0,0 +1,58 @@ +id: booster-elite-for-woocommerce-2b5138240155c353b3e1835e93054ec3 + +info: + name: > + Booster Elite for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4afcb16-9c97-483f-be48-31b5156bcca3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-elite-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-58678de90c143fa9b35140b23ca7ba6c.yaml b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-58678de90c143fa9b35140b23ca7ba6c.yaml new file mode 100644 index 0000000000..62ae26d31d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-58678de90c143fa9b35140b23ca7ba6c.yaml @@ -0,0 +1,58 @@ +id: booster-elite-for-woocommerce-58678de90c143fa9b35140b23ca7ba6c + +info: + name: > + Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0af6e55d-def9-4bb1-ade9-56aa8184961c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-elite-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-882bdd3fdb6681642f156a22924c9a36.yaml b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-882bdd3fdb6681642f156a22924c9a36.yaml new file mode 100644 index 0000000000..10707fc95d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-882bdd3fdb6681642f156a22924c9a36.yaml @@ -0,0 +1,58 @@ +id: booster-elite-for-woocommerce-882bdd3fdb6681642f156a22924c9a36 + +info: + name: > + Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4d86204-51df-4adf-aac4-f5e007d9f3c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-elite-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-a64fce4b936462ae9966af0a7b1ddcf3.yaml b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-a64fce4b936462ae9966af0a7b1ddcf3.yaml new file mode 100644 index 0000000000..9f34b09a6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-a64fce4b936462ae9966af0a7b1ddcf3.yaml @@ -0,0 +1,58 @@ +id: booster-elite-for-woocommerce-a64fce4b936462ae9966af0a7b1ddcf3 + +info: + name: > + Booster Elite for WooCommerce <= 7.1.2 - Authenticated(Subscriber+) Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/995a086a-4795-4092-823c-b941445dc361?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-elite-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-bd1638a89aa7173589958124d15f2afb.yaml b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-bd1638a89aa7173589958124d15f2afb.yaml new file mode 100644 index 0000000000..365c280101 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-bd1638a89aa7173589958124d15f2afb.yaml @@ -0,0 +1,58 @@ +id: booster-elite-for-woocommerce-bd1638a89aa7173589958124d15f2afb + +info: + name: > + Booster Elite for WooCommerce < 1.1.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60679026-13a3-4702-91a3-876636f3c5bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-elite-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-da8ac31a9cff4acdc3e67efcf5be4751.yaml b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-da8ac31a9cff4acdc3e67efcf5be4751.yaml new file mode 100644 index 0000000000..8b3bed6d2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-da8ac31a9cff4acdc3e67efcf5be4751.yaml @@ -0,0 +1,58 @@ +id: booster-elite-for-woocommerce-da8ac31a9cff4acdc3e67efcf5be4751 + +info: + name: > + Elite Booster for WooCommerce <= 7.1.7 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c2fb7f-a05b-4852-97eb-7befe880d703?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-elite-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-ed8996a111dbc40e1e02c2318552499b.yaml b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-ed8996a111dbc40e1e02c2318552499b.yaml new file mode 100644 index 0000000000..62a6f671e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-elite-for-woocommerce-ed8996a111dbc40e1e02c2318552499b.yaml @@ -0,0 +1,58 @@ +id: booster-elite-for-woocommerce-ed8996a111dbc40e1e02c2318552499b + +info: + name: > + Booster Elite for WooCommerce < 1.1.7 - Authenticated (Admin/Shop Manager+) Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c1e63df-d326-40bf-a428-fdb11150e8d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-elite-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-elite-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-elite-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-elite-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-elite-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-extension-1f9b8670b25d19d8fd0aa7ae1c76967d.yaml b/nuclei-templates/cve-less/plugins/booster-extension-1f9b8670b25d19d8fd0aa7ae1c76967d.yaml new file mode 100644 index 0000000000..d40add7cfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-extension-1f9b8670b25d19d8fd0aa7ae1c76967d.yaml @@ -0,0 +1,58 @@ +id: booster-extension-1f9b8670b25d19d8fd0aa7ae1c76967d + +info: + name: > + Booster Extension <= 1.2.0 - Basic Information Exposure via booster_extension_authorbox_shortcode_display + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89458095-2efe-4162-961a-7dc80852d312?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-extension/" + google-query: inurl:"/wp-content/plugins/booster-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-for-elementor-37d5b7622ee837d13b79238620e127af.yaml b/nuclei-templates/cve-less/plugins/booster-for-elementor-37d5b7622ee837d13b79238620e127af.yaml new file mode 100644 index 0000000000..98ab63d0c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-for-elementor-37d5b7622ee837d13b79238620e127af.yaml @@ -0,0 +1,58 @@ +id: booster-for-elementor-37d5b7622ee837d13b79238620e127af + +info: + name: > + Booster Elementor Addons <= 1.4.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60ee9cfc-016d-45ee-b3f4-da999d093776?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-for-elementor/" + google-query: inurl:"/wp-content/plugins/booster-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-0927d29209569b3fa6ca414e42a83816.yaml b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-0927d29209569b3fa6ca414e42a83816.yaml new file mode 100644 index 0000000000..97bc560185 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-0927d29209569b3fa6ca414e42a83816.yaml @@ -0,0 +1,58 @@ +id: booster-plus-for-woocommerce-0927d29209569b3fa6ca414e42a83816 + +info: + name: > + Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Arbitrary Page/Post Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df65af54-ce55-4c50-8a62-5541a1879ad4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-plus-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-127ab045dd12eca20b1f05cdaef8b291.yaml b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-127ab045dd12eca20b1f05cdaef8b291.yaml new file mode 100644 index 0000000000..0823344b17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-127ab045dd12eca20b1f05cdaef8b291.yaml @@ -0,0 +1,58 @@ +id: booster-plus-for-woocommerce-127ab045dd12eca20b1f05cdaef8b291 + +info: + name: > + Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d8f7252-5e91-4e42-a6a5-056da491b4f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-plus-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-1fe649382158471b98650df856d70fee.yaml b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-1fe649382158471b98650df856d70fee.yaml new file mode 100644 index 0000000000..5da142df20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-1fe649382158471b98650df856d70fee.yaml @@ -0,0 +1,58 @@ +id: booster-plus-for-woocommerce-1fe649382158471b98650df856d70fee + +info: + name: > + Booster Plus for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38a90190-569f-46d8-bef4-fe28caf5e2fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-plus-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-2594adb9a7b091439405e835629ab066.yaml b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-2594adb9a7b091439405e835629ab066.yaml new file mode 100644 index 0000000000..526328f2be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-2594adb9a7b091439405e835629ab066.yaml @@ -0,0 +1,58 @@ +id: booster-plus-for-woocommerce-2594adb9a7b091439405e835629ab066 + +info: + name: > + Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21cc3f71-7591-4111-a58a-d863df74587f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-plus-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-3ae6c1779315005d2af44a96ee77af2d.yaml b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-3ae6c1779315005d2af44a96ee77af2d.yaml new file mode 100644 index 0000000000..5358a4e8d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-3ae6c1779315005d2af44a96ee77af2d.yaml @@ -0,0 +1,58 @@ +id: booster-plus-for-woocommerce-3ae6c1779315005d2af44a96ee77af2d + +info: + name: > + Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3acbdb2a-e7c6-4062-b48a-7035e464edaf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-plus-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-58678de90c143fa9b35140b23ca7ba6c.yaml b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-58678de90c143fa9b35140b23ca7ba6c.yaml new file mode 100644 index 0000000000..9640a8a3ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-58678de90c143fa9b35140b23ca7ba6c.yaml @@ -0,0 +1,58 @@ +id: booster-plus-for-woocommerce-58678de90c143fa9b35140b23ca7ba6c + +info: + name: > + Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0af6e55d-def9-4bb1-ade9-56aa8184961c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-plus-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-672dfc933502a4edaa8116764ba522b6.yaml b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-672dfc933502a4edaa8116764ba522b6.yaml new file mode 100644 index 0000000000..254262b382 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-672dfc933502a4edaa8116764ba522b6.yaml @@ -0,0 +1,58 @@ +id: booster-plus-for-woocommerce-672dfc933502a4edaa8116764ba522b6 + +info: + name: > + Booster Plus for WooCommerce < 7.1.3 - Missing Authorization to Arbitrary Options Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd0a4212-fe04-4c3b-9d78-b1a0bf97e274?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-plus-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-882bdd3fdb6681642f156a22924c9a36.yaml b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-882bdd3fdb6681642f156a22924c9a36.yaml new file mode 100644 index 0000000000..1ba60d3804 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/booster-plus-for-woocommerce-882bdd3fdb6681642f156a22924c9a36.yaml @@ -0,0 +1,58 @@ +id: booster-plus-for-woocommerce-882bdd3fdb6681642f156a22924c9a36 + +info: + name: > + Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4d86204-51df-4adf-aac4-f5e007d9f3c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/booster-plus-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/booster-plus-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,booster-plus-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/booster-plus-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "booster-plus-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/boostify-header-footer-builder-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/boostify-header-footer-builder-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..acc810e592 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/boostify-header-footer-builder-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: boostify-header-footer-builder-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/boostify-header-footer-builder/" + google-query: inurl:"/wp-content/plugins/boostify-header-footer-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,boostify-header-footer-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/boostify-header-footer-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "boostify-header-footer-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/boostify-header-footer-builder-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/boostify-header-footer-builder-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..d58fc6b171 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/boostify-header-footer-builder-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: boostify-header-footer-builder-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/boostify-header-footer-builder/" + google-query: inurl:"/wp-content/plugins/boostify-header-footer-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,boostify-header-footer-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/boostify-header-footer-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "boostify-header-footer-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-0063be3832ab01645d83916172a49901.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-0063be3832ab01645d83916172a49901.yaml new file mode 100644 index 0000000000..b53d0e29db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-0063be3832ab01645d83916172a49901.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-0063be3832ab01645d83916172a49901 + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b1dc849-e306-4c09-a565-14d4e2427c69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-1c682460ea1b975e2214df2ecfd2a316.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-1c682460ea1b975e2214df2ecfd2a316.yaml new file mode 100644 index 0000000000..744944931c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-1c682460ea1b975e2214df2ecfd2a316.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-1c682460ea1b975e2214df2ecfd2a316 + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f97bc19-c600-4819-ae75-d80b119a7575?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-3cdf082bedfada27b24599e0f1cfd2ca.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-3cdf082bedfada27b24599e0f1cfd2ca.yaml new file mode 100644 index 0000000000..64c5288acf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-3cdf082bedfada27b24599e0f1cfd2ca.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-3cdf082bedfada27b24599e0f1cfd2ca + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc2eebb-d232-4aef-94e5-68876bba0f93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-4162fc0aa9f89a19a3b0d9a16f341e8b.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-4162fc0aa9f89a19a3b0d9a16f341e8b.yaml new file mode 100644 index 0000000000..4bcce5485a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-4162fc0aa9f89a19a3b0d9a16f341e8b.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-4162fc0aa9f89a19a3b0d9a16f341e8b + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fab0e10-d388-41d4-a01f-9bbb8c3cfb5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-548b1bf05be2eb1395c8483d4525a9fd.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-548b1bf05be2eb1395c8483d4525a9fd.yaml new file mode 100644 index 0000000000..cce4433117 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-548b1bf05be2eb1395c8483d4525a9fd.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-548b1bf05be2eb1395c8483d4525a9fd + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44b8659a-c88d-44d3-8eab-71b0a49d97b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-56e13ca8937773de3612c03bb63c62f7.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-56e13ca8937773de3612c03bb63c62f7.yaml new file mode 100644 index 0000000000..a93a77ea14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-56e13ca8937773de3612c03bb63c62f7.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-56e13ca8937773de3612c03bb63c62f7 + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7416f5e2-5c59-4192-a87c-b3174fd84a01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-5baab614c3a64c60d1e33947fef5d35a.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-5baab614c3a64c60d1e33947fef5d35a.yaml new file mode 100644 index 0000000000..6462f875c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-5baab614c3a64c60d1e33947fef5d35a.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-5baab614c3a64c60d1e33947fef5d35a + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a187fa8b-daf1-4955-92b3-2937d0f6a159?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-9fb1ec0e705e68a81b6b6afdf66e55e5.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-9fb1ec0e705e68a81b6b6afdf66e55e5.yaml new file mode 100644 index 0000000000..1fd71afe22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-9fb1ec0e705e68a81b6b6afdf66e55e5.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-9fb1ec0e705e68a81b6b6afdf66e55e5 + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77122403-5865-40d7-96d5-557147098c4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-b9a97b0935a5ed2529aec7b450e17238.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-b9a97b0935a5ed2529aec7b450e17238.yaml new file mode 100644 index 0000000000..4635d68ad8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-b9a97b0935a5ed2529aec7b450e17238.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-b9a97b0935a5ed2529aec7b450e17238 + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/974a3228-5eab-41be-b3c1-82e71cde8de7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-dac296fb931bf261709dca85eb4e38f9.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-dac296fb931bf261709dca85eb4e38f9.yaml new file mode 100644 index 0000000000..6896e32fe9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-dac296fb931bf261709dca85eb4e38f9.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-dac296fb931bf261709dca85eb4e38f9 + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5235a235-911e-4462-90c5-05b0c7cb45a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-ee646c363ad3189cf7438d75312013e3.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-ee646c363ad3189cf7438d75312013e3.yaml new file mode 100644 index 0000000000..b4337c88d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-ee646c363ad3189cf7438d75312013e3.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-ee646c363ad3189cf7438d75312013e3 + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e97e603-b864-41ef-98c8-b0304a72ec44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-f8952c598fe28f01e932d940cff08de2.yaml b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-f8952c598fe28f01e932d940cff08de2.yaml new file mode 100644 index 0000000000..88fd930044 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bootstrap-shortcodes-f8952c598fe28f01e932d940cff08de2.yaml @@ -0,0 +1,58 @@ +id: bootstrap-shortcodes-f8952c598fe28f01e932d940cff08de2 + +info: + name: > + BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7e504ef-9989-468f-9bd0-dd8416f16d85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/border-loading-bar-0355d1e8eb46bcc87e42a81e780a30de.yaml b/nuclei-templates/cve-less/plugins/border-loading-bar-0355d1e8eb46bcc87e42a81e780a30de.yaml new file mode 100644 index 0000000000..d3bd2061b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/border-loading-bar-0355d1e8eb46bcc87e42a81e780a30de.yaml @@ -0,0 +1,58 @@ +id: border-loading-bar-0355d1e8eb46bcc87e42a81e780a30de + +info: + name: > + Border Loading Bar <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f47d38d2-d388-4a79-a47b-af41cd85e404?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/border-loading-bar/" + google-query: inurl:"/wp-content/plugins/border-loading-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,border-loading-bar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/border-loading-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "border-loading-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/border-loading-bar-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/border-loading-bar-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..813aa9bd57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/border-loading-bar-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: border-loading-bar-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/border-loading-bar/" + google-query: inurl:"/wp-content/plugins/border-loading-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,border-loading-bar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/border-loading-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "border-loading-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/borderless-2504b2285582e1e86e6e013779bb055f.yaml b/nuclei-templates/cve-less/plugins/borderless-2504b2285582e1e86e6e013779bb055f.yaml new file mode 100644 index 0000000000..920783fe9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/borderless-2504b2285582e1e86e6e013779bb055f.yaml @@ -0,0 +1,58 @@ +id: borderless-2504b2285582e1e86e6e013779bb055f + +info: + name: > + Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.4.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb93a5f2-9bcf-4b06-aad7-ba36c7dea714?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/borderless/" + google-query: inurl:"/wp-content/plugins/borderless/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,borderless,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/borderless/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "borderless" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-activity-social-share-0c3c59a360a5bdbf267be8b305e5b01c.yaml b/nuclei-templates/cve-less/plugins/bp-activity-social-share-0c3c59a360a5bdbf267be8b305e5b01c.yaml new file mode 100644 index 0000000000..0fcdfc1292 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-activity-social-share-0c3c59a360a5bdbf267be8b305e5b01c.yaml @@ -0,0 +1,58 @@ +id: bp-activity-social-share-0c3c59a360a5bdbf267be8b305e5b01c + +info: + name: > + Wbcom Designs – BuddyPress Activity Social Share <= 3.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8152c5-7d72-48a1-9140-8b0341c86023?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-activity-social-share/" + google-query: inurl:"/wp-content/plugins/bp-activity-social-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-activity-social-share,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-activity-social-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-activity-social-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-better-messages-27610b5571a30e556b64bf5b8d096808.yaml b/nuclei-templates/cve-less/plugins/bp-better-messages-27610b5571a30e556b64bf5b8d096808.yaml new file mode 100644 index 0000000000..5c7a21348e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-better-messages-27610b5571a30e556b64bf5b8d096808.yaml @@ -0,0 +1,58 @@ +id: bp-better-messages-27610b5571a30e556b64bf5b8d096808 + +info: + name: > + Better Messages <= 1.9.9.148 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f67ce101-3b4f-45be-9aed-d9055cc09fd3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-better-messages/" + google-query: inurl:"/wp-content/plugins/bp-better-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-better-messages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-better-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-better-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9.148') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-better-messages-453a8422f88d4cb86f0bfdbbb1968f0b.yaml b/nuclei-templates/cve-less/plugins/bp-better-messages-453a8422f88d4cb86f0bfdbbb1968f0b.yaml new file mode 100644 index 0000000000..e2706afbaa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-better-messages-453a8422f88d4cb86f0bfdbbb1968f0b.yaml @@ -0,0 +1,58 @@ +id: bp-better-messages-453a8422f88d4cb86f0bfdbbb1968f0b + +info: + name: > + BP Better Messages <= 1.9.9.37 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c322841a-4134-4c21-8028-0ccacd46335b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-better-messages/" + google-query: inurl:"/wp-content/plugins/bp-better-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-better-messages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-better-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-better-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.9.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-better-messages-83e4f665f1af2e601634717e68062856.yaml b/nuclei-templates/cve-less/plugins/bp-better-messages-83e4f665f1af2e601634717e68062856.yaml new file mode 100644 index 0000000000..6ca82ba0da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-better-messages-83e4f665f1af2e601634717e68062856.yaml @@ -0,0 +1,58 @@ +id: bp-better-messages-83e4f665f1af2e601634717e68062856 + +info: + name: > + Better Messages <= 1.9.9.148 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e34ec7-eeb2-4966-bac3-c7d4723355d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-better-messages/" + google-query: inurl:"/wp-content/plugins/bp-better-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-better-messages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-better-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-better-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9.148') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-better-messages-aa4a0e71714152916ddf88945c46dfa0.yaml b/nuclei-templates/cve-less/plugins/bp-better-messages-aa4a0e71714152916ddf88945c46dfa0.yaml new file mode 100644 index 0000000000..d7a8a772a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-better-messages-aa4a0e71714152916ddf88945c46dfa0.yaml @@ -0,0 +1,58 @@ +id: bp-better-messages-aa4a0e71714152916ddf88945c46dfa0 + +info: + name: > + BP Better Messages <= 1.9.9.37 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb89a16c-fae0-4d36-85aa-79beab753cba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-better-messages/" + google-query: inurl:"/wp-content/plugins/bp-better-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-better-messages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-better-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-better-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.9.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-better-messages-b9ebb0412655a1be395c1fd4d44393e3.yaml b/nuclei-templates/cve-less/plugins/bp-better-messages-b9ebb0412655a1be395c1fd4d44393e3.yaml new file mode 100644 index 0000000000..9708a62135 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-better-messages-b9ebb0412655a1be395c1fd4d44393e3.yaml @@ -0,0 +1,58 @@ +id: bp-better-messages-b9ebb0412655a1be395c1fd4d44393e3 + +info: + name: > + BP Better Messages <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4ccc7f8-c8e0-457a-b437-2a23530a9df4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-better-messages/" + google-query: inurl:"/wp-content/plugins/bp-better-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-better-messages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-better-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-better-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-better-messages-bcaba1132a8ac1a695b97d03ca9be0db.yaml b/nuclei-templates/cve-less/plugins/bp-better-messages-bcaba1132a8ac1a695b97d03ca9be0db.yaml new file mode 100644 index 0000000000..f427fddd34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-better-messages-bcaba1132a8ac1a695b97d03ca9be0db.yaml @@ -0,0 +1,58 @@ +id: bp-better-messages-bcaba1132a8ac1a695b97d03ca9be0db + +info: + name: > + BP Better Messages <= 2.4.32 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e6327b0-a047-4f8c-8e95-88f2e4b7089f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-better-messages/" + google-query: inurl:"/wp-content/plugins/bp-better-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-better-messages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-better-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-better-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-better-messages-c908fd3552b679e573e25a7e48dd7e10.yaml b/nuclei-templates/cve-less/plugins/bp-better-messages-c908fd3552b679e573e25a7e48dd7e10.yaml new file mode 100644 index 0000000000..308e8b2313 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-better-messages-c908fd3552b679e573e25a7e48dd7e10.yaml @@ -0,0 +1,58 @@ +id: bp-better-messages-c908fd3552b679e573e25a7e48dd7e10 + +info: + name: > + Better Messages <= 1.9.10.68 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70f2965a-37fe-4b7e-890a-9bf73b5de1c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-better-messages/" + google-query: inurl:"/wp-content/plugins/bp-better-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-better-messages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-better-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-better-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.10.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-better-messages-cf8da83f0f83eb1a574fe335e5527411.yaml b/nuclei-templates/cve-less/plugins/bp-better-messages-cf8da83f0f83eb1a574fe335e5527411.yaml new file mode 100644 index 0000000000..68f9464c9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-better-messages-cf8da83f0f83eb1a574fe335e5527411.yaml @@ -0,0 +1,58 @@ +id: bp-better-messages-cf8da83f0f83eb1a574fe335e5527411 + +info: + name: > + Better Messages <= 1.9.10.68 - Authorization Bypass to Blocking Control Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e7f310e-1e10-44dd-9928-23e63af21fef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-better-messages/" + google-query: inurl:"/wp-content/plugins/bp-better-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-better-messages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-better-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-better-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.10.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-better-messages-e17bce1a8a59b23cca6c3786e7d0e9d3.yaml b/nuclei-templates/cve-less/plugins/bp-better-messages-e17bce1a8a59b23cca6c3786e7d0e9d3.yaml new file mode 100644 index 0000000000..e4302e1c90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-better-messages-e17bce1a8a59b23cca6c3786e7d0e9d3.yaml @@ -0,0 +1,58 @@ +id: bp-better-messages-e17bce1a8a59b23cca6c3786e7d0e9d3 + +info: + name: > + Better Messages <= 1.9.10.57 - Resource Exhaustion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68fee8cb-476d-4962-b830-59fd823329ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-better-messages/" + google-query: inurl:"/wp-content/plugins/bp-better-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-better-messages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-better-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-better-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.10.57') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-profile-search-8abf5a60713230c7b3ea5764184f876d.yaml b/nuclei-templates/cve-less/plugins/bp-profile-search-8abf5a60713230c7b3ea5764184f876d.yaml new file mode 100644 index 0000000000..9531a4e3e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-profile-search-8abf5a60713230c7b3ea5764184f876d.yaml @@ -0,0 +1,58 @@ +id: bp-profile-search-8abf5a60713230c7b3ea5764184f876d + +info: + name: > + BP Profile Search <= 5.5 - Reflected Cross-Site Scripting via BPS_FORM + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8051fb03-7c38-4902-bbff-049c270d2be2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-profile-search/" + google-query: inurl:"/wp-content/plugins/bp-profile-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-profile-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-profile-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-profile-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-profile-shortcodes-extra-1c0f40dcfb4caae9a4327cd7172a7b18.yaml b/nuclei-templates/cve-less/plugins/bp-profile-shortcodes-extra-1c0f40dcfb4caae9a4327cd7172a7b18.yaml new file mode 100644 index 0000000000..28a6957758 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-profile-shortcodes-extra-1c0f40dcfb4caae9a4327cd7172a7b18.yaml @@ -0,0 +1,58 @@ +id: bp-profile-shortcodes-extra-1c0f40dcfb4caae9a4327cd7172a7b18 + +info: + name: > + BP Profile Shortcodes Extra <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea9eaca6-3441-4976-8556-0ce288d1a0c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-profile-shortcodes-extra/" + google-query: inurl:"/wp-content/plugins/bp-profile-shortcodes-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-profile-shortcodes-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-profile-shortcodes-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-profile-shortcodes-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bp-social-connect-93264bce58bf86815d047dde89423fc8.yaml b/nuclei-templates/cve-less/plugins/bp-social-connect-93264bce58bf86815d047dde89423fc8.yaml new file mode 100644 index 0000000000..1c793b6f2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bp-social-connect-93264bce58bf86815d047dde89423fc8.yaml @@ -0,0 +1,58 @@ +id: bp-social-connect-93264bce58bf86815d047dde89423fc8 + +info: + name: > + BP Social Connect <= 1.5 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44c96df2-530a-4ebe-b722-c606a7b135f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bp-social-connect/" + google-query: inurl:"/wp-content/plugins/bp-social-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bp-social-connect,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bp-social-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bp-social-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bradesco-gateway-3dc139e568d48b3719f09d74e5c6ac5a.yaml b/nuclei-templates/cve-less/plugins/bradesco-gateway-3dc139e568d48b3719f09d74e5c6ac5a.yaml new file mode 100644 index 0000000000..1983d8f262 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bradesco-gateway-3dc139e568d48b3719f09d74e5c6ac5a.yaml @@ -0,0 +1,58 @@ +id: bradesco-gateway-3dc139e568d48b3719f09d74e5c6ac5a + +info: + name: > + Bradesco Gateway <= 2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d2d22bb-e29e-4d4b-a97d-e128777712b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bradesco-gateway/" + google-query: inurl:"/wp-content/plugins/bradesco-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bradesco-gateway,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bradesco-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bradesco-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/braftonwordpressplugin-421b45189c95e21b02ed0def677eee30.yaml b/nuclei-templates/cve-less/plugins/braftonwordpressplugin-421b45189c95e21b02ed0def677eee30.yaml new file mode 100644 index 0000000000..569dc1dd42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/braftonwordpressplugin-421b45189c95e21b02ed0def677eee30.yaml @@ -0,0 +1,58 @@ +id: braftonwordpressplugin-421b45189c95e21b02ed0def677eee30 + +info: + name: > + Brafton < 3.4.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12263ca7-41d8-4ef2-b644-ddfcae8c9665?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/BraftonWordpressPlugin/" + google-query: inurl:"/wp-content/plugins/BraftonWordpressPlugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,BraftonWordpressPlugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/BraftonWordpressPlugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "BraftonWordpressPlugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/branda-white-labeling-7c37f00fa8e3ffb07ac6ec246eebe54b.yaml b/nuclei-templates/cve-less/plugins/branda-white-labeling-7c37f00fa8e3ffb07ac6ec246eebe54b.yaml new file mode 100644 index 0000000000..a4bff651a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/branda-white-labeling-7c37f00fa8e3ffb07ac6ec246eebe54b.yaml @@ -0,0 +1,58 @@ +id: branda-white-labeling-7c37f00fa8e3ffb07ac6ec246eebe54b + +info: + name: > + Branda <= 3.4.14 - IP Address Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/552bc1cc-df98-4608-a50e-db1381ca8e0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/branda-white-labeling/" + google-query: inurl:"/wp-content/plugins/branda-white-labeling/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,branda-white-labeling,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/branda-white-labeling/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "branda-white-labeling" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/branded-social-images-296dca83f7d30b213a3d42f8baefd9aa.yaml b/nuclei-templates/cve-less/plugins/branded-social-images-296dca83f7d30b213a3d42f8baefd9aa.yaml new file mode 100644 index 0000000000..16b86c782b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/branded-social-images-296dca83f7d30b213a3d42f8baefd9aa.yaml @@ -0,0 +1,58 @@ +id: branded-social-images-296dca83f7d30b213a3d42f8baefd9aa + +info: + name: > + Branded Social Images <= 1.1.0 - Missing Authorization leading to Unauthenticated Plugin Settings Updates + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cbc0b70-c8a4-4924-a67f-cea81ab19cdc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/branded-social-images/" + google-query: inurl:"/wp-content/plugins/branded-social-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,branded-social-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/branded-social-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "branded-social-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brands-for-woocommerce-558e7a9aa7fa3c2ac2fdb51e4f62875d.yaml b/nuclei-templates/cve-less/plugins/brands-for-woocommerce-558e7a9aa7fa3c2ac2fdb51e4f62875d.yaml new file mode 100644 index 0000000000..c18174dc2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brands-for-woocommerce-558e7a9aa7fa3c2ac2fdb51e4f62875d.yaml @@ -0,0 +1,58 @@ +id: brands-for-woocommerce-558e7a9aa7fa3c2ac2fdb51e4f62875d + +info: + name: > + Brands for WooCommerce <= 3.7.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b6dc426-7066-46fb-886a-0bf005829abf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brands-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/brands-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brands-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brands-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brands-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brands-for-woocommerce-825f1e0aa5ff97544f2d8803cf6504ca.yaml b/nuclei-templates/cve-less/plugins/brands-for-woocommerce-825f1e0aa5ff97544f2d8803cf6504ca.yaml new file mode 100644 index 0000000000..98ec270904 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brands-for-woocommerce-825f1e0aa5ff97544f2d8803cf6504ca.yaml @@ -0,0 +1,58 @@ +id: brands-for-woocommerce-825f1e0aa5ff97544f2d8803cf6504ca + +info: + name: > + Brands for WooCommerce <= 3.8.2.2 - Missing Authorization to Unauthenticated Order Manipulation and Information Retrieval + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7afbe2b-72a8-40da-bc94-ff2a1b9569b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brands-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/brands-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brands-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brands-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brands-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brands-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/brands-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..177886aa51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brands-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: brands-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brands-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/brands-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brands-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brands-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brands-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brave-popup-builder-997d1000e8574991f2c13cb7aa2ef7b7.yaml b/nuclei-templates/cve-less/plugins/brave-popup-builder-997d1000e8574991f2c13cb7aa2ef7b7.yaml new file mode 100644 index 0000000000..5c504b2707 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brave-popup-builder-997d1000e8574991f2c13cb7aa2ef7b7.yaml @@ -0,0 +1,58 @@ +id: brave-popup-builder-997d1000e8574991f2c13cb7aa2ef7b7 + +info: + name: > + Brave Popup Builder <= 0.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88cf21c3-52d7-472f-8f55-8e1a5819f133?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brave-popup-builder/" + google-query: inurl:"/wp-content/plugins/brave-popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brave-popup-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brave-popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brave-popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brave-popup-builder-9cb937babec24c7a5f1e798bac3533ef.yaml b/nuclei-templates/cve-less/plugins/brave-popup-builder-9cb937babec24c7a5f1e798bac3533ef.yaml new file mode 100644 index 0000000000..f8c30d83b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brave-popup-builder-9cb937babec24c7a5f1e798bac3533ef.yaml @@ -0,0 +1,58 @@ +id: brave-popup-builder-9cb937babec24c7a5f1e798bac3533ef + +info: + name: > + Brave Popup Builder <= 0.6.5 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9511f60-b07d-4601-aa2f-25083b24d9aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brave-popup-builder/" + google-query: inurl:"/wp-content/plugins/brave-popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brave-popup-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brave-popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brave-popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bravo-translate-ce76e5efada5037a3e4a2325d3d70d7f.yaml b/nuclei-templates/cve-less/plugins/bravo-translate-ce76e5efada5037a3e4a2325d3d70d7f.yaml new file mode 100644 index 0000000000..2bc4d1f06c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bravo-translate-ce76e5efada5037a3e4a2325d3d70d7f.yaml @@ -0,0 +1,58 @@ +id: bravo-translate-ce76e5efada5037a3e4a2325d3d70d7f + +info: + name: > + Bravo Translate <= 1.2 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f256518c-9a3e-4e6e-8d49-d309e397c14d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bravo-translate/" + google-query: inurl:"/wp-content/plugins/bravo-translate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bravo-translate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bravo-translate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bravo-translate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/breadcrumb-27fbae7541522bd11e17939b8913ef50.yaml b/nuclei-templates/cve-less/plugins/breadcrumb-27fbae7541522bd11e17939b8913ef50.yaml new file mode 100644 index 0000000000..f6f28010f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/breadcrumb-27fbae7541522bd11e17939b8913ef50.yaml @@ -0,0 +1,58 @@ +id: breadcrumb-27fbae7541522bd11e17939b8913ef50 + +info: + name: > + Breadcrumb <= 1.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee396f94-8934-47db-9bc8-783a2b20f427?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/breadcrumb/" + google-query: inurl:"/wp-content/plugins/breadcrumb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,breadcrumb,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/breadcrumb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "breadcrumb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/breadcrumb-simple-8507164d3055217cb96ce83c182ad6aa.yaml b/nuclei-templates/cve-less/plugins/breadcrumb-simple-8507164d3055217cb96ce83c182ad6aa.yaml new file mode 100644 index 0000000000..526f60c5d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/breadcrumb-simple-8507164d3055217cb96ce83c182ad6aa.yaml @@ -0,0 +1,58 @@ +id: breadcrumb-simple-8507164d3055217cb96ce83c182ad6aa + +info: + name: > + breadcrumb simple <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/598e38d7-b5a9-43c1-b908-dab8bbe24115?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/breadcrumb-simple/" + google-query: inurl:"/wp-content/plugins/breadcrumb-simple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,breadcrumb-simple,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/breadcrumb-simple/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "breadcrumb-simple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/breadcrumbs-by-menu-49ba2e496df198082592a83af2dd4d61.yaml b/nuclei-templates/cve-less/plugins/breadcrumbs-by-menu-49ba2e496df198082592a83af2dd4d61.yaml new file mode 100644 index 0000000000..5e48f641f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/breadcrumbs-by-menu-49ba2e496df198082592a83af2dd4d61.yaml @@ -0,0 +1,58 @@ +id: breadcrumbs-by-menu-49ba2e496df198082592a83af2dd4d61 + +info: + name: > + Breadcrumbs by menu <= 1.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d189baf-e0d4-4b23-91b8-0c802941b982?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/breadcrumbs-by-menu/" + google-query: inurl:"/wp-content/plugins/breadcrumbs-by-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,breadcrumbs-by-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/breadcrumbs-by-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "breadcrumbs-by-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/breadcrumbs-by-menu-d4f39f41edde6809c1e3f1995c35c774.yaml b/nuclei-templates/cve-less/plugins/breadcrumbs-by-menu-d4f39f41edde6809c1e3f1995c35c774.yaml new file mode 100644 index 0000000000..96ceddb16a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/breadcrumbs-by-menu-d4f39f41edde6809c1e3f1995c35c774.yaml @@ -0,0 +1,58 @@ +id: breadcrumbs-by-menu-d4f39f41edde6809c1e3f1995c35c774 + +info: + name: > + Breadcrumbs by menu < 1.0.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0694b4f7-c28d-4456-8157-d20446790f3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/breadcrumbs-by-menu/" + google-query: inurl:"/wp-content/plugins/breadcrumbs-by-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,breadcrumbs-by-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/breadcrumbs-by-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "breadcrumbs-by-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/breakdance-b2885ea30200f7cd94ec6f28c25609a5.yaml b/nuclei-templates/cve-less/plugins/breakdance-b2885ea30200f7cd94ec6f28c25609a5.yaml new file mode 100644 index 0000000000..56a5a78022 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/breakdance-b2885ea30200f7cd94ec6f28c25609a5.yaml @@ -0,0 +1,58 @@ +id: breakdance-b2885ea30200f7cd94ec6f28c25609a5 + +info: + name: > + Breakdance <= 1.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom postmeta + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e92a0387-bd09-46d3-9f6c-09f701b9e550?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/breakdance/" + google-query: inurl:"/wp-content/plugins/breakdance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,breakdance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/breakdance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "breakdance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/breakdance-f5d920633ee9565486368ab785adab3b.yaml b/nuclei-templates/cve-less/plugins/breakdance-f5d920633ee9565486368ab785adab3b.yaml new file mode 100644 index 0000000000..4022ea4f08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/breakdance-f5d920633ee9565486368ab785adab3b.yaml @@ -0,0 +1,58 @@ +id: breakdance-f5d920633ee9565486368ab785adab3b + +info: + name: > + Breakdance <= 1.7.1 - Authenticated (Contributor+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/095b23b7-71ab-41eb-b666-73df2e1a7eb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/breakdance/" + google-query: inurl:"/wp-content/plugins/breakdance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,breakdance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/breakdance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "breakdance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/breeze-310b89b29fc26cf3b3da141667d5a42b.yaml b/nuclei-templates/cve-less/plugins/breeze-310b89b29fc26cf3b3da141667d5a42b.yaml new file mode 100644 index 0000000000..9aded832d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/breeze-310b89b29fc26cf3b3da141667d5a42b.yaml @@ -0,0 +1,58 @@ +id: breeze-310b89b29fc26cf3b3da141667d5a42b + +info: + name: > + Breeze – WordPress Cache Plugin <= 2.0.2 - Unprotected AJAX Actions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc045440-a8ca-40d3-b198-421b197e6928?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/breeze/" + google-query: inurl:"/wp-content/plugins/breeze/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,breeze,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/breeze/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "breeze" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/breeze-59a7cb3ce7ab42429819a5af71285080.yaml b/nuclei-templates/cve-less/plugins/breeze-59a7cb3ce7ab42429819a5af71285080.yaml new file mode 100644 index 0000000000..a0ad388c9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/breeze-59a7cb3ce7ab42429819a5af71285080.yaml @@ -0,0 +1,58 @@ +id: breeze-59a7cb3ce7ab42429819a5af71285080 + +info: + name: > + Breeze <= 2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via breeze_api_token + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c56b1dca-3841-48df-837e-7973940e74e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/breeze/" + google-query: inurl:"/wp-content/plugins/breeze/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,breeze,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/breeze/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "breeze" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bricksforge-08c2f711dab885b1524ebbd7b0782f00.yaml b/nuclei-templates/cve-less/plugins/bricksforge-08c2f711dab885b1524ebbd7b0782f00.yaml new file mode 100644 index 0000000000..ce2b9fd7af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bricksforge-08c2f711dab885b1524ebbd7b0782f00.yaml @@ -0,0 +1,58 @@ +id: bricksforge-08c2f711dab885b1524ebbd7b0782f00 + +info: + name: > + Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated Arbitrary Email Sending + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/701a037d-bbd5-436d-bfc8-394c9dcf6bab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bricksforge/" + google-query: inurl:"/wp-content/plugins/bricksforge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bricksforge,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bricksforge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bricksforge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bricksforge-20d94fa7cbaa795926bd10e9c360bcb7.yaml b/nuclei-templates/cve-less/plugins/bricksforge-20d94fa7cbaa795926bd10e9c360bcb7.yaml new file mode 100644 index 0000000000..cdb479a549 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bricksforge-20d94fa7cbaa795926bd10e9c360bcb7.yaml @@ -0,0 +1,58 @@ +id: bricksforge-20d94fa7cbaa795926bd10e9c360bcb7 + +info: + name: > + Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated WordPress Settings Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc82745a-f1d3-48fc-ba7b-3ff726edae34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bricksforge/" + google-query: inurl:"/wp-content/plugins/bricksforge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bricksforge,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bricksforge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bricksforge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bricksforge-fe10205699bf88a71e4460031e80e0cf.yaml b/nuclei-templates/cve-less/plugins/bricksforge-fe10205699bf88a71e4460031e80e0cf.yaml new file mode 100644 index 0000000000..a513dbb031 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bricksforge-fe10205699bf88a71e4460031e80e0cf.yaml @@ -0,0 +1,58 @@ +id: bricksforge-fe10205699bf88a71e4460031e80e0cf + +info: + name: > + Bricksforge <= 2.0.17 - Missing Authorization to Unauthenticated WordPress Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73445d8f-1f9c-4ba7-9e3c-3e6221f3b23e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bricksforge/" + google-query: inurl:"/wp-content/plugins/bricksforge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bricksforge,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bricksforge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bricksforge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bridge-core-3b4f016c7ae4d3dd29540472e7fdd513.yaml b/nuclei-templates/cve-less/plugins/bridge-core-3b4f016c7ae4d3dd29540472e7fdd513.yaml new file mode 100644 index 0000000000..ce0dce9b8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bridge-core-3b4f016c7ae4d3dd29540472e7fdd513.yaml @@ -0,0 +1,58 @@ +id: bridge-core-3b4f016c7ae4d3dd29540472e7fdd513 + +info: + name: > + Bridge Core <= 3.0.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc698c40-4a2b-4dab-93f0-647e4db79d2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bridge-core/" + google-query: inurl:"/wp-content/plugins/bridge-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bridge-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bridge-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bridge-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-223fd164cbed0be2e156fefd83517bf1.yaml b/nuclei-templates/cve-less/plugins/brizy-223fd164cbed0be2e156fefd83517bf1.yaml new file mode 100644 index 0000000000..c42a66f9bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-223fd164cbed0be2e156fefd83517bf1.yaml @@ -0,0 +1,58 @@ +id: brizy-223fd164cbed0be2e156fefd83517bf1 + +info: + name: > + Brizy Page Builder <= 2.4.18 - IP Address Spoofing to Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae342dd9-2f5f-4356-8fb4-9a3e5f4f8316?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-22707a3d55e78cedf2f7dfb41d94bfbd.yaml b/nuclei-templates/cve-less/plugins/brizy-22707a3d55e78cedf2f7dfb41d94bfbd.yaml new file mode 100644 index 0000000000..b3e70bcae0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-22707a3d55e78cedf2f7dfb41d94bfbd.yaml @@ -0,0 +1,58 @@ +id: brizy-22707a3d55e78cedf2f7dfb41d94bfbd + +info: + name: > + Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f8f8378-676e-455a-aaad-b80c1a4dc717?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-2731966af274d5e5b3eb099c6bdc40aa.yaml b/nuclei-templates/cve-less/plugins/brizy-2731966af274d5e5b3eb099c6bdc40aa.yaml new file mode 100644 index 0000000000..d55fb2d2fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-2731966af274d5e5b3eb099c6bdc40aa.yaml @@ -0,0 +1,58 @@ +id: brizy-2731966af274d5e5b3eb099c6bdc40aa + +info: + name: > + Brizy < 1.0.126 - Authorization Bypass to Settings Updates + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9495e25d-a5a6-4f25-9363-783626e58a4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.126') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-44eea350bc1338780b2a377c7a4acfdc.yaml b/nuclei-templates/cve-less/plugins/brizy-44eea350bc1338780b2a377c7a4acfdc.yaml new file mode 100644 index 0000000000..80f3eb6822 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-44eea350bc1338780b2a377c7a4acfdc.yaml @@ -0,0 +1,58 @@ +id: brizy-44eea350bc1338780b2a377c7a4acfdc + +info: + name: > + Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57dac6de-545f-49e5-9f45-d90a48d6b05f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-475d1ffae41ddc61dae5fe3b295751d5.yaml b/nuclei-templates/cve-less/plugins/brizy-475d1ffae41ddc61dae5fe3b295751d5.yaml new file mode 100644 index 0000000000..bc62e2e2e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-475d1ffae41ddc61dae5fe3b295751d5.yaml @@ -0,0 +1,58 @@ +id: brizy-475d1ffae41ddc61dae5fe3b295751d5 + +info: + name: > + Brizy Page Builder <= 2.4.1 - Authenticated Stored Cross-Site Scripting via Element Content + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f38fc5ed-d4e7-46a8-9983-9bf28444db99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-4f15003c85cf67398b6ba79713bb96a7.yaml b/nuclei-templates/cve-less/plugins/brizy-4f15003c85cf67398b6ba79713bb96a7.yaml new file mode 100644 index 0000000000..962e97fc6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-4f15003c85cf67398b6ba79713bb96a7.yaml @@ -0,0 +1,58 @@ +id: brizy-4f15003c85cf67398b6ba79713bb96a7 + +info: + name: > + Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e1008ad-daa9-4785-9dd5-4cdeb10d7e59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-51d48891356faa4b5ee750ea40af7e8d.yaml b/nuclei-templates/cve-less/plugins/brizy-51d48891356faa4b5ee750ea40af7e8d.yaml new file mode 100644 index 0000000000..e79f840fb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-51d48891356faa4b5ee750ea40af7e8d.yaml @@ -0,0 +1,58 @@ +id: brizy-51d48891356faa4b5ee750ea40af7e8d + +info: + name: > + Brizy - Page Builder <= 2.3.11 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8774f448-ba63-428c-8a82-b229718fdd10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-7310ba3269deb60929ca945cac8767e0.yaml b/nuclei-templates/cve-less/plugins/brizy-7310ba3269deb60929ca945cac8767e0.yaml new file mode 100644 index 0000000000..3577b8b49f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-7310ba3269deb60929ca945cac8767e0.yaml @@ -0,0 +1,58 @@ +id: brizy-7310ba3269deb60929ca945cac8767e0 + +info: + name: > + Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc023c1b-7ec6-45b6-b50a-f0d823065843?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.4.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-7d6d564d16561c7bab08d495e46b51fb.yaml b/nuclei-templates/cve-less/plugins/brizy-7d6d564d16561c7bab08d495e46b51fb.yaml new file mode 100644 index 0000000000..9af8bd5780 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-7d6d564d16561c7bab08d495e46b51fb.yaml @@ -0,0 +1,58 @@ +id: brizy-7d6d564d16561c7bab08d495e46b51fb + +info: + name: > + Brizy – Page Builder <= 2.4.40 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb4b5165-35a6-47e9-922e-b244b0d006e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-827a8d5ffa28fd47c13e94e0a15edf68.yaml b/nuclei-templates/cve-less/plugins/brizy-827a8d5ffa28fd47c13e94e0a15edf68.yaml new file mode 100644 index 0000000000..9bbb73af66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-827a8d5ffa28fd47c13e94e0a15edf68.yaml @@ -0,0 +1,58 @@ +id: brizy-827a8d5ffa28fd47c13e94e0a15edf68 + +info: + name: > + Brizy Page Builder <= 2.3.11 - Incorrect Authorization Checks Allowing Post Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1161f41b-1594-4b1b-8a89-44a5a5a9dca6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.127', '<= 2.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-9ac7de23b3d67dbdcd278f6e1494759d.yaml b/nuclei-templates/cve-less/plugins/brizy-9ac7de23b3d67dbdcd278f6e1494759d.yaml new file mode 100644 index 0000000000..3b28d8f252 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-9ac7de23b3d67dbdcd278f6e1494759d.yaml @@ -0,0 +1,58 @@ +id: brizy-9ac7de23b3d67dbdcd278f6e1494759d + +info: + name: > + Brizy <= 2.4.29 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/546cd218-3f6d-4e8f-83d5-e9aceb6f33ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-a5ce2d4f9e1b1bb323f57b01146d769b.yaml b/nuclei-templates/cve-less/plugins/brizy-a5ce2d4f9e1b1bb323f57b01146d769b.yaml new file mode 100644 index 0000000000..d8dd898772 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-a5ce2d4f9e1b1bb323f57b01146d769b.yaml @@ -0,0 +1,58 @@ +id: brizy-a5ce2d4f9e1b1bb323f57b01146d769b + +info: + name: > + Brizy Page Builder <= 2.3.11 - Authenticated File Upload and Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd56e59b-3879-4ab6-ae9a-7a301ee6aa20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brizy-a6227d9d923140efcf18978d7c277e53.yaml b/nuclei-templates/cve-less/plugins/brizy-a6227d9d923140efcf18978d7c277e53.yaml new file mode 100644 index 0000000000..37038bd99b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brizy-a6227d9d923140efcf18978d7c277e53.yaml @@ -0,0 +1,58 @@ +id: brizy-a6227d9d923140efcf18978d7c277e53 + +info: + name: > + Brizy – Page Builder <= 2.4.39 - Authenticated (Contributor+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brizy/" + google-query: inurl:"/wp-content/plugins/brizy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brizy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brizy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brizy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-checker-2c732f7d3e8ac28c93dbfa9cd10c3d81.yaml b/nuclei-templates/cve-less/plugins/broken-link-checker-2c732f7d3e8ac28c93dbfa9cd10c3d81.yaml new file mode 100644 index 0000000000..bf0612d476 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-checker-2c732f7d3e8ac28c93dbfa9cd10c3d81.yaml @@ -0,0 +1,58 @@ +id: broken-link-checker-2c732f7d3e8ac28c93dbfa9cd10c3d81 + +info: + name: > + Broken Link Checker <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a374d8a-3754-4228-95ed-dc0ba1df40da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-checker/" + google-query: inurl:"/wp-content/plugins/broken-link-checker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-checker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-checker-3120d6067a3e5e251eec4212f4e5aeb5.yaml b/nuclei-templates/cve-less/plugins/broken-link-checker-3120d6067a3e5e251eec4212f4e5aeb5.yaml new file mode 100644 index 0000000000..16315fd8c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-checker-3120d6067a3e5e251eec4212f4e5aeb5.yaml @@ -0,0 +1,58 @@ +id: broken-link-checker-3120d6067a3e5e251eec4212f4e5aeb5 + +info: + name: > + Broken Link Checker <= 1.10.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94d522bc-9808-435d-804d-e979a6c8be66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-checker/" + google-query: inurl:"/wp-content/plugins/broken-link-checker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-checker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.10.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-checker-4673047ca29ad4630d7b8bb30f727df8.yaml b/nuclei-templates/cve-less/plugins/broken-link-checker-4673047ca29ad4630d7b8bb30f727df8.yaml new file mode 100644 index 0000000000..df9cb2eae6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-checker-4673047ca29ad4630d7b8bb30f727df8.yaml @@ -0,0 +1,58 @@ +id: broken-link-checker-4673047ca29ad4630d7b8bb30f727df8 + +info: + name: > + Broken Link Checker < 1.10.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca6b7886-790a-4f00-855c-6dc913ea01db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-checker/" + google-query: inurl:"/wp-content/plugins/broken-link-checker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-checker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-checker-4787aca2f4649ac09a5532468944b982.yaml b/nuclei-templates/cve-less/plugins/broken-link-checker-4787aca2f4649ac09a5532468944b982.yaml new file mode 100644 index 0000000000..7f82b87d02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-checker-4787aca2f4649ac09a5532468944b982.yaml @@ -0,0 +1,58 @@ +id: broken-link-checker-4787aca2f4649ac09a5532468944b982 + +info: + name: > + Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62fd472e-208b-48db-8f98-3d935c7a678c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-checker/" + google-query: inurl:"/wp-content/plugins/broken-link-checker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-checker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-checker-64556376243051c6c3bc87690377ce32.yaml b/nuclei-templates/cve-less/plugins/broken-link-checker-64556376243051c6c3bc87690377ce32.yaml new file mode 100644 index 0000000000..dce01784da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-checker-64556376243051c6c3bc87690377ce32.yaml @@ -0,0 +1,58 @@ +id: broken-link-checker-64556376243051c6c3bc87690377ce32 + +info: + name: > + Broken Link Checker <= 1.11.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58b59e65-420c-45f5-a34c-2d2003f4e3ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-checker/" + google-query: inurl:"/wp-content/plugins/broken-link-checker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-checker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.11.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-checker-a9a979661add0df60253539d4415e8c1.yaml b/nuclei-templates/cve-less/plugins/broken-link-checker-a9a979661add0df60253539d4415e8c1.yaml new file mode 100644 index 0000000000..f94ca4c92d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-checker-a9a979661add0df60253539d4415e8c1.yaml @@ -0,0 +1,58 @@ +id: broken-link-checker-a9a979661add0df60253539d4415e8c1 + +info: + name: > + Broken Link Checker <= 1.11.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a7709fd-bb53-47a6-9fae-d5a6be513b39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-checker/" + google-query: inurl:"/wp-content/plugins/broken-link-checker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-checker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.11.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-checker-bada82132f6cbfd33d5760be8742a9cb.yaml b/nuclei-templates/cve-less/plugins/broken-link-checker-bada82132f6cbfd33d5760be8742a9cb.yaml new file mode 100644 index 0000000000..28a9b35f7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-checker-bada82132f6cbfd33d5760be8742a9cb.yaml @@ -0,0 +1,58 @@ +id: broken-link-checker-bada82132f6cbfd33d5760be8742a9cb + +info: + name: > + Broken Link Checker <= 1.11.19 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9ee4f4e-5098-406c-b712-a2484180a07d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-checker/" + google-query: inurl:"/wp-content/plugins/broken-link-checker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-checker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-checker-e1d1d0387e0e80a55061f8f78f966bcd.yaml b/nuclei-templates/cve-less/plugins/broken-link-checker-e1d1d0387e0e80a55061f8f78f966bcd.yaml new file mode 100644 index 0000000000..f38b41c105 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-checker-e1d1d0387e0e80a55061f8f78f966bcd.yaml @@ -0,0 +1,58 @@ +id: broken-link-checker-e1d1d0387e0e80a55061f8f78f966bcd + +info: + name: > + Broken Link Checker < 1.10.6 - Reflected Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a334947-296d-4f26-95e1-594487e8b6c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-checker/" + google-query: inurl:"/wp-content/plugins/broken-link-checker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-checker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.10.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-checker-for-youtube-e58df3f9e159a90a2b75adb9058879da.yaml b/nuclei-templates/cve-less/plugins/broken-link-checker-for-youtube-e58df3f9e159a90a2b75adb9058879da.yaml new file mode 100644 index 0000000000..94bae1d29b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-checker-for-youtube-e58df3f9e159a90a2b75adb9058879da.yaml @@ -0,0 +1,58 @@ +id: broken-link-checker-for-youtube-e58df3f9e159a90a2b75adb9058879da + +info: + name: > + Broken Link Checker for YouTube <= 1.3 - Cross-Site Request Forgery via plugin_settings_page() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9993d84e-7337-4eda-af3c-039b6d8c8fe6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-checker-for-youtube/" + google-query: inurl:"/wp-content/plugins/broken-link-checker-for-youtube/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-checker-for-youtube,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-checker-for-youtube/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-checker-for-youtube" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-finder-ae16dab4cf6e57b86cebb9a4da6eafa8.yaml b/nuclei-templates/cve-less/plugins/broken-link-finder-ae16dab4cf6e57b86cebb9a4da6eafa8.yaml new file mode 100644 index 0000000000..20e4bfc99f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-finder-ae16dab4cf6e57b86cebb9a4da6eafa8.yaml @@ -0,0 +1,58 @@ +id: broken-link-finder-ae16dab4cf6e57b86cebb9a4da6eafa8 + +info: + name: > + Broken Link Checker | Finder <= 2.4.2 - Missing Authorization via moblc_auth_save_settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4383f41-bd08-4fab-9491-4cf9f7326300?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-finder/" + google-query: inurl:"/wp-content/plugins/broken-link-finder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-finder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-finder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-finder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-manager-0e68c0b9eccc4d13ea9a31e72c5947b1.yaml b/nuclei-templates/cve-less/plugins/broken-link-manager-0e68c0b9eccc4d13ea9a31e72c5947b1.yaml new file mode 100644 index 0000000000..ca2b2c9aa9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-manager-0e68c0b9eccc4d13ea9a31e72c5947b1.yaml @@ -0,0 +1,58 @@ +id: broken-link-manager-0e68c0b9eccc4d13ea9a31e72c5947b1 + +info: + name: > + Broken Link Manager < 0.6.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7982828-bc67-48ee-be80-3203b081e29b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-manager/" + google-query: inurl:"/wp-content/plugins/broken-link-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-manager-426b7dfdb8bc5b0834ad851cf8e9ecfc.yaml b/nuclei-templates/cve-less/plugins/broken-link-manager-426b7dfdb8bc5b0834ad851cf8e9ecfc.yaml new file mode 100644 index 0000000000..fc2ec18daa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-manager-426b7dfdb8bc5b0834ad851cf8e9ecfc.yaml @@ -0,0 +1,58 @@ +id: broken-link-manager-426b7dfdb8bc5b0834ad851cf8e9ecfc + +info: + name: > + Broken Link Manager <= 0.4.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bf67b6d-5e72-433d-9e41-9fdf8d99a3ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-manager/" + google-query: inurl:"/wp-content/plugins/broken-link-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-manager-47bfe206cfaf86d87b1c99f3c44195fd.yaml b/nuclei-templates/cve-less/plugins/broken-link-manager-47bfe206cfaf86d87b1c99f3c44195fd.yaml new file mode 100644 index 0000000000..fa0d32e5a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-manager-47bfe206cfaf86d87b1c99f3c44195fd.yaml @@ -0,0 +1,58 @@ +id: broken-link-manager-47bfe206cfaf86d87b1c99f3c44195fd + +info: + name: > + Broken Link Manager <= 0.6.5 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05042006-aff6-4ba6-ae67-249dc0dcbb93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-manager/" + google-query: inurl:"/wp-content/plugins/broken-link-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/broken-link-manager-4d4a758d5270914e8644a21140cebd3a.yaml b/nuclei-templates/cve-less/plugins/broken-link-manager-4d4a758d5270914e8644a21140cebd3a.yaml new file mode 100644 index 0000000000..7edbb304a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/broken-link-manager-4d4a758d5270914e8644a21140cebd3a.yaml @@ -0,0 +1,58 @@ +id: broken-link-manager-4d4a758d5270914e8644a21140cebd3a + +info: + name: > + Broken Link Manager < 0.5.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b803ee40-733a-49bf-a134-406747541eb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/broken-link-manager/" + google-query: inurl:"/wp-content/plugins/broken-link-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,broken-link-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/broken-link-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "broken-link-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/browser-and-operating-system-finder-99e41ed657ab27362dc617dd94edb65f.yaml b/nuclei-templates/cve-less/plugins/browser-and-operating-system-finder-99e41ed657ab27362dc617dd94edb65f.yaml new file mode 100644 index 0000000000..814014ba1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/browser-and-operating-system-finder-99e41ed657ab27362dc617dd94edb65f.yaml @@ -0,0 +1,58 @@ +id: browser-and-operating-system-finder-99e41ed657ab27362dc617dd94edb65f + +info: + name: > + Browser and Operating System Finder <= 1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d10336c2-656f-40f7-a95a-dbf829c2ce38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/browser-and-operating-system-finder/" + google-query: inurl:"/wp-content/plugins/browser-and-operating-system-finder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,browser-and-operating-system-finder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/browser-and-operating-system-finder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "browser-and-operating-system-finder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/browser-shots-e8da5022574661b62f1a47c50584d384.yaml b/nuclei-templates/cve-less/plugins/browser-shots-e8da5022574661b62f1a47c50584d384.yaml new file mode 100644 index 0000000000..49dbcbbd4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/browser-shots-e8da5022574661b62f1a47c50584d384.yaml @@ -0,0 +1,58 @@ +id: browser-shots-e8da5022574661b62f1a47c50584d384 + +info: + name: > + Browser Screenshots < 1.7.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fc1e720-46ba-4f57-8694-551936371e2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/browser-shots/" + google-query: inurl:"/wp-content/plugins/browser-shots/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,browser-shots,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/browser-shots/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "browser-shots" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/browser-theme-color-b6c60215d191e78bbb1469004f73341c.yaml b/nuclei-templates/cve-less/plugins/browser-theme-color-b6c60215d191e78bbb1469004f73341c.yaml new file mode 100644 index 0000000000..038fffb968 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/browser-theme-color-b6c60215d191e78bbb1469004f73341c.yaml @@ -0,0 +1,58 @@ +id: browser-theme-color-b6c60215d191e78bbb1469004f73341c + +info: + name: > + Browser Theme Color <= 1.3 - Cross-Site Request Forgery via btc_settings_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef4c6f76-4d3e-4ab0-9e12-1df55a8edae5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/browser-theme-color/" + google-query: inurl:"/wp-content/plugins/browser-theme-color/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,browser-theme-color,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/browser-theme-color/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "browser-theme-color" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brute-force-login-protection-48e518f6131232316ecd7bce4c25cf68.yaml b/nuclei-templates/cve-less/plugins/brute-force-login-protection-48e518f6131232316ecd7bce4c25cf68.yaml new file mode 100644 index 0000000000..2e4fee1406 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brute-force-login-protection-48e518f6131232316ecd7bce4c25cf68.yaml @@ -0,0 +1,58 @@ +id: brute-force-login-protection-48e518f6131232316ecd7bce4c25cf68 + +info: + name: > + Brute Force Login Protection <= 1.5.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2d46ac3-6751-475d-8d91-eabbc27a6295?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brute-force-login-protection/" + google-query: inurl:"/wp-content/plugins/brute-force-login-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brute-force-login-protection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brute-force-login-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brute-force-login-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/brutebank-dbb7d441461d213063eb891cf460c431.yaml b/nuclei-templates/cve-less/plugins/brutebank-dbb7d441461d213063eb891cf460c431.yaml new file mode 100644 index 0000000000..38dc3293b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/brutebank-dbb7d441461d213063eb891cf460c431.yaml @@ -0,0 +1,58 @@ +id: brutebank-dbb7d441461d213063eb891cf460c431 + +info: + name: > + BruteBank - WP Security & Firewall <= 1.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef0dc868-f617-408f-9333-ebfee4897701?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/brutebank/" + google-query: inurl:"/wp-content/plugins/brutebank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,brutebank,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/brutebank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brutebank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bs-shortcode-ultimate-c6a7ed723d2b968d4f9df70823302086.yaml b/nuclei-templates/cve-less/plugins/bs-shortcode-ultimate-c6a7ed723d2b968d4f9df70823302086.yaml new file mode 100644 index 0000000000..51fbb8ea71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bs-shortcode-ultimate-c6a7ed723d2b968d4f9df70823302086.yaml @@ -0,0 +1,58 @@ +id: bs-shortcode-ultimate-c6a7ed723d2b968d4f9df70823302086 + +info: + name: > + Bootstrap Shortcodes Ultimate <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e93efec-371c-4050-b24b-e5e978059549?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bs-shortcode-ultimate/" + google-query: inurl:"/wp-content/plugins/bs-shortcode-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bs-shortcode-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bs-shortcode-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bs-shortcode-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bsi-hotel-pro-bfcbe695fa101c3e16c8d87ef093b6cf.yaml b/nuclei-templates/cve-less/plugins/bsi-hotel-pro-bfcbe695fa101c3e16c8d87ef093b6cf.yaml new file mode 100644 index 0000000000..e35753a6c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bsi-hotel-pro-bfcbe695fa101c3e16c8d87ef093b6cf.yaml @@ -0,0 +1,58 @@ +id: bsi-hotel-pro-bfcbe695fa101c3e16c8d87ef093b6cf + +info: + name: > + Online Hotel Booking System Pro <= 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7f947ee-6bb0-455f-9824-effa1164c7b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bsi-hotel-pro/" + google-query: inurl:"/wp-content/plugins/bsi-hotel-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bsi-hotel-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bsi-hotel-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bsi-hotel-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bsk-contact-form-7-blacklist-ad738a9e4dada70c7860d495c6a31281.yaml b/nuclei-templates/cve-less/plugins/bsk-contact-form-7-blacklist-ad738a9e4dada70c7860d495c6a31281.yaml new file mode 100644 index 0000000000..fdf120455c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bsk-contact-form-7-blacklist-ad738a9e4dada70c7860d495c6a31281.yaml @@ -0,0 +1,58 @@ +id: bsk-contact-form-7-blacklist-ad738a9e4dada70c7860d495c6a31281 + +info: + name: > + BSK Contact Form 7 Blacklist <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e27b0a8-e052-49ed-8744-a2376aa386f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bsk-contact-form-7-blacklist/" + google-query: inurl:"/wp-content/plugins/bsk-contact-form-7-blacklist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bsk-contact-form-7-blacklist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bsk-contact-form-7-blacklist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bsk-contact-form-7-blacklist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bsk-gravityforms-blacklist-9d98910f079017bb745e5dfdd7b3a383.yaml b/nuclei-templates/cve-less/plugins/bsk-gravityforms-blacklist-9d98910f079017bb745e5dfdd7b3a383.yaml new file mode 100644 index 0000000000..1a11609ab5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bsk-gravityforms-blacklist-9d98910f079017bb745e5dfdd7b3a383.yaml @@ -0,0 +1,58 @@ +id: bsk-gravityforms-blacklist-9d98910f079017bb745e5dfdd7b3a383 + +info: + name: > + BSK Forms Blacklist <= 3.6.2 - Authenticated (Administrator+) SQL Injection via 'order' and 'orderby' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4550681f-d115-4451-9839-7862b84714fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bsk-gravityforms-blacklist/" + google-query: inurl:"/wp-content/plugins/bsk-gravityforms-blacklist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bsk-gravityforms-blacklist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bsk-gravityforms-blacklist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bsk-gravityforms-blacklist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bsk-gravityforms-blacklist-e0096662f4021341254048a6332cbd3c.yaml b/nuclei-templates/cve-less/plugins/bsk-gravityforms-blacklist-e0096662f4021341254048a6332cbd3c.yaml new file mode 100644 index 0000000000..f4d747a8a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bsk-gravityforms-blacklist-e0096662f4021341254048a6332cbd3c.yaml @@ -0,0 +1,58 @@ +id: bsk-gravityforms-blacklist-e0096662f4021341254048a6332cbd3c + +info: + name: > + BSK Forms Blacklist <= 3.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8283a502-6fb8-43ff-8f46-8afbfdbb22f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bsk-gravityforms-blacklist/" + google-query: inurl:"/wp-content/plugins/bsk-gravityforms-blacklist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bsk-gravityforms-blacklist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bsk-gravityforms-blacklist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bsk-gravityforms-blacklist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bsk-pdf-manager-127715120e5f598c6f6d3ae7380f9898.yaml b/nuclei-templates/cve-less/plugins/bsk-pdf-manager-127715120e5f598c6f6d3ae7380f9898.yaml new file mode 100644 index 0000000000..be7b3ff20c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bsk-pdf-manager-127715120e5f598c6f6d3ae7380f9898.yaml @@ -0,0 +1,58 @@ +id: bsk-pdf-manager-127715120e5f598c6f6d3ae7380f9898 + +info: + name: > + BSK PDF Manager <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60de55c6-e4fa-453e-84bd-309f2887e3cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bsk-pdf-manager/" + google-query: inurl:"/wp-content/plugins/bsk-pdf-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bsk-pdf-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bsk-pdf-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bsk-pdf-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bsk-pdf-manager-3a7bd82599c0011e05818b715925a7ed.yaml b/nuclei-templates/cve-less/plugins/bsk-pdf-manager-3a7bd82599c0011e05818b715925a7ed.yaml new file mode 100644 index 0000000000..f9244ac0e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bsk-pdf-manager-3a7bd82599c0011e05818b715925a7ed.yaml @@ -0,0 +1,58 @@ +id: bsk-pdf-manager-3a7bd82599c0011e05818b715925a7ed + +info: + name: > + BSK PDF Manager <= 1.4 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b748dc9-4d44-41dd-b159-380214e7646a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bsk-pdf-manager/" + google-query: inurl:"/wp-content/plugins/bsk-pdf-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bsk-pdf-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bsk-pdf-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bsk-pdf-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bsk-pdf-manager-a6117f5c5b129c85596c75822f81da17.yaml b/nuclei-templates/cve-less/plugins/bsk-pdf-manager-a6117f5c5b129c85596c75822f81da17.yaml new file mode 100644 index 0000000000..dd413cd094 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bsk-pdf-manager-a6117f5c5b129c85596c75822f81da17.yaml @@ -0,0 +1,58 @@ +id: bsk-pdf-manager-a6117f5c5b129c85596c75822f81da17 + +info: + name: > + BSK PDF Manager <= 3.1.1 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a2ee9bb-ae20-47ae-b792-438bf7be6cc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bsk-pdf-manager/" + google-query: inurl:"/wp-content/plugins/bsk-pdf-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bsk-pdf-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bsk-pdf-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bsk-pdf-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bsuite-596c399ca77f6898f5eb2e3e553223f2.yaml b/nuclei-templates/cve-less/plugins/bsuite-596c399ca77f6898f5eb2e3e553223f2.yaml new file mode 100644 index 0000000000..25997704c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bsuite-596c399ca77f6898f5eb2e3e553223f2.yaml @@ -0,0 +1,58 @@ +id: bsuite-596c399ca77f6898f5eb2e3e553223f2 + +info: + name: > + bSuite <= 5 alpha 2 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dea175f-3728-4aee-9296-1bb595c83925?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bsuite/" + google-query: inurl:"/wp-content/plugins/bsuite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bsuite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bsuite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bsuite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5 alpha 2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bubble-menu-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/bubble-menu-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..a6c0a6654e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bubble-menu-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: bubble-menu-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bubble-menu/" + google-query: inurl:"/wp-content/plugins/bubble-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bubble-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bubble-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bubble-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bubble-menu-7343e5b259d4e1cfb4df95c545aa69f5.yaml b/nuclei-templates/cve-less/plugins/bubble-menu-7343e5b259d4e1cfb4df95c545aa69f5.yaml new file mode 100644 index 0000000000..f41934b461 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bubble-menu-7343e5b259d4e1cfb4df95c545aa69f5.yaml @@ -0,0 +1,58 @@ +id: bubble-menu-7343e5b259d4e1cfb4df95c545aa69f5 + +info: + name: > + Bubble Menu – circle floating menu <= 3.0.1 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02409698-5421-4760-afcd-e53939082bfc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bubble-menu/" + google-query: inurl:"/wp-content/plugins/bubble-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bubble-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bubble-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bubble-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddybadges-0b4ca30f3ad4ec80ff7de93b32a4ae21.yaml b/nuclei-templates/cve-less/plugins/buddybadges-0b4ca30f3ad4ec80ff7de93b32a4ae21.yaml new file mode 100644 index 0000000000..a39a229cfd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddybadges-0b4ca30f3ad4ec80ff7de93b32a4ae21.yaml @@ -0,0 +1,58 @@ +id: buddybadges-0b4ca30f3ad4ec80ff7de93b32a4ae21 + +info: + name: > + Buddybadges <= 1.0.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8624f48-9938-4114-a55a-e635ca0dff2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddybadges/" + google-query: inurl:"/wp-content/plugins/buddybadges/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddybadges,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddybadges/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddybadges" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddyboss-media-1cf8853774794c9a185058bff3041a9d.yaml b/nuclei-templates/cve-less/plugins/buddyboss-media-1cf8853774794c9a185058bff3041a9d.yaml new file mode 100644 index 0000000000..fbb9e20630 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddyboss-media-1cf8853774794c9a185058bff3041a9d.yaml @@ -0,0 +1,58 @@ +id: buddyboss-media-1cf8853774794c9a185058bff3041a9d + +info: + name: > + BuddyBoss Media <= 3.2.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e485f089-689f-4f73-bb0d-eca6815388be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddyboss-media/" + google-query: inurl:"/wp-content/plugins/buddyboss-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddyboss-media,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyboss-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyboss-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddyforms-004b4a4b5a4f50cb7e2b7f31cbe37f6d.yaml b/nuclei-templates/cve-less/plugins/buddyforms-004b4a4b5a4f50cb7e2b7f31cbe37f6d.yaml new file mode 100644 index 0000000000..aa0891b597 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddyforms-004b4a4b5a4f50cb7e2b7f31cbe37f6d.yaml @@ -0,0 +1,58 @@ +id: buddyforms-004b4a4b5a4f50cb7e2b7f31cbe37f6d + +info: + name: > + BuddyForms <= 2.7.7 - PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f6669aa-e53c-45bb-88c4-2e1350993423?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddyforms/" + google-query: inurl:"/wp-content/plugins/buddyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddyforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddyforms-04719c2aa85ce103d2b347cbc1de6bf9.yaml b/nuclei-templates/cve-less/plugins/buddyforms-04719c2aa85ce103d2b347cbc1de6bf9.yaml new file mode 100644 index 0000000000..5a93e1aef3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddyforms-04719c2aa85ce103d2b347cbc1de6bf9.yaml @@ -0,0 +1,58 @@ +id: buddyforms-04719c2aa85ce103d2b347cbc1de6bf9 + +info: + name: > + Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms <= 2.2.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/599c6984-5d52-4d0f-86a1-b88f6c9797ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddyforms/" + google-query: inurl:"/wp-content/plugins/buddyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddyforms,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddyforms-3c4ad527262d00d607d5c7466a5e3a23.yaml b/nuclei-templates/cve-less/plugins/buddyforms-3c4ad527262d00d607d5c7466a5e3a23.yaml new file mode 100644 index 0000000000..24fcc0b05f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddyforms-3c4ad527262d00d607d5c7466a5e3a23.yaml @@ -0,0 +1,58 @@ +id: buddyforms-3c4ad527262d00d607d5c7466a5e3a23 + +info: + name: > + Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20793de1-468f-4b9d-8e1f-b05dc204c0fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddyforms/" + google-query: inurl:"/wp-content/plugins/buddyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddyforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddyforms-5a3c975faaff05174a403394f594d251.yaml b/nuclei-templates/cve-less/plugins/buddyforms-5a3c975faaff05174a403394f594d251.yaml new file mode 100644 index 0000000000..03e1422747 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddyforms-5a3c975faaff05174a403394f594d251.yaml @@ -0,0 +1,58 @@ +id: buddyforms-5a3c975faaff05174a403394f594d251 + +info: + name: > + Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/198cb3bb-73fe-45ae-b8e0-b7ee8dda9547?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddyforms/" + google-query: inurl:"/wp-content/plugins/buddyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddyforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddyforms-6410ce52f11ad48713df208e717c6bdf.yaml b/nuclei-templates/cve-less/plugins/buddyforms-6410ce52f11ad48713df208e717c6bdf.yaml new file mode 100644 index 0000000000..a7a73b9848 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddyforms-6410ce52f11ad48713df208e717c6bdf.yaml @@ -0,0 +1,58 @@ +id: buddyforms-6410ce52f11ad48713df208e717c6bdf + +info: + name: > + Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddyforms/" + google-query: inurl:"/wp-content/plugins/buddyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddyforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddyforms-6c9eb31202fa41d32a09d5fd559fe8f5.yaml b/nuclei-templates/cve-less/plugins/buddyforms-6c9eb31202fa41d32a09d5fd559fe8f5.yaml new file mode 100644 index 0000000000..5699304b3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddyforms-6c9eb31202fa41d32a09d5fd559fe8f5.yaml @@ -0,0 +1,58 @@ +id: buddyforms-6c9eb31202fa41d32a09d5fd559fe8f5 + +info: + name: > + Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.7 - Missing Authorization to Unauthenticated Media Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d14a90d-65ea-45da-956b-0735e2e2b538?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddyforms/" + google-query: inurl:"/wp-content/plugins/buddyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddyforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddyforms-b917e284e5115c137684e2852a491ab5.yaml b/nuclei-templates/cve-less/plugins/buddyforms-b917e284e5115c137684e2852a491ab5.yaml new file mode 100644 index 0000000000..b2aee090b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddyforms-b917e284e5115c137684e2852a491ab5.yaml @@ -0,0 +1,58 @@ +id: buddyforms-b917e284e5115c137684e2852a491ab5 + +info: + name: > + BuddyForms <= 2.8.5 - Reflected Cross-Site Scripting via page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/701d6bee-6eb2-4497-bf54-fbc384d9d2e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddyforms/" + google-query: inurl:"/wp-content/plugins/buddyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddyforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddyforms-c0fe1fee8a4f48d20fef6e8a451cadaa.yaml b/nuclei-templates/cve-less/plugins/buddyforms-c0fe1fee8a4f48d20fef6e8a451cadaa.yaml new file mode 100644 index 0000000000..b4f94bf67d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddyforms-c0fe1fee8a4f48d20fef6e8a451cadaa.yaml @@ -0,0 +1,58 @@ +id: buddyforms-c0fe1fee8a4f48d20fef6e8a451cadaa + +info: + name: > + BuddyForms <= 2.7.2 - Authenticated (Contributor+) Stored Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c32eb5b-dc4b-42f6-8454-d2ad57d7051d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddyforms/" + google-query: inurl:"/wp-content/plugins/buddyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddyforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddyforms-e466bc3583e942d1065171a722796cc7.yaml b/nuclei-templates/cve-less/plugins/buddyforms-e466bc3583e942d1065171a722796cc7.yaml new file mode 100644 index 0000000000..174638c7fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddyforms-e466bc3583e942d1065171a722796cc7.yaml @@ -0,0 +1,58 @@ +id: buddyforms-e466bc3583e942d1065171a722796cc7 + +info: + name: > + BuddyForms <= 2.8.8 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23d762e9-d43f-4520-a6f1-c920417a2436?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddyforms/" + google-query: inurl:"/wp-content/plugins/buddyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddyforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddymeet-848807325cc6df7207551325cd628ce9.yaml b/nuclei-templates/cve-less/plugins/buddymeet-848807325cc6df7207551325cd628ce9.yaml new file mode 100644 index 0000000000..8807f3572c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddymeet-848807325cc6df7207551325cd628ce9.yaml @@ -0,0 +1,58 @@ +id: buddymeet-848807325cc6df7207551325cd628ce9 + +info: + name: > + BuddyMeet <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75dafb36-7596-492f-a377-32315b1abe33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddymeet/" + google-query: inurl:"/wp-content/plugins/buddymeet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddymeet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddymeet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddymeet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-08cd70ed7dd5c5c6156967f8c0e81815.yaml b/nuclei-templates/cve-less/plugins/buddypress-08cd70ed7dd5c5c6156967f8c0e81815.yaml new file mode 100644 index 0000000000..6f06260d91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-08cd70ed7dd5c5c6156967f8c0e81815.yaml @@ -0,0 +1,58 @@ +id: buddypress-08cd70ed7dd5c5c6156967f8c0e81815 + +info: + name: > + BuddyPress <= 5.1.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8457c5e1-9c31-4a1a-a221-36647753a877?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress/" + google-query: inurl:"/wp-content/plugins/buddypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-13a0f9bc92fbfe82f8148720984ec395.yaml b/nuclei-templates/cve-less/plugins/buddypress-13a0f9bc92fbfe82f8148720984ec395.yaml new file mode 100644 index 0000000000..659640d14e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-13a0f9bc92fbfe82f8148720984ec395.yaml @@ -0,0 +1,58 @@ +id: buddypress-13a0f9bc92fbfe82f8148720984ec395 + +info: + name: > + BuddyPress - 1.5-1.5.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a4cc739-0563-4ca2-931d-818a0c285257?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress/" + google-query: inurl:"/wp-content/plugins/buddypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.5', '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-1f93d822784f1c50c03c1335049e7dfa.yaml b/nuclei-templates/cve-less/plugins/buddypress-1f93d822784f1c50c03c1335049e7dfa.yaml new file mode 100644 index 0000000000..99fdb78540 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-1f93d822784f1c50c03c1335049e7dfa.yaml @@ -0,0 +1,58 @@ +id: buddypress-1f93d822784f1c50c03c1335049e7dfa + +info: + name: > + BuddyPress 5.0.0-7.2.0 - Privilege Escalation via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3da10da-8de3-4547-abe4-202002728c80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress/" + google-query: inurl:"/wp-content/plugins/buddypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 5.0.0', '<= 7.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-376f3b7be651ac6251ca8825ec683915.yaml b/nuclei-templates/cve-less/plugins/buddypress-376f3b7be651ac6251ca8825ec683915.yaml new file mode 100644 index 0000000000..83155f0b2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-376f3b7be651ac6251ca8825ec683915.yaml @@ -0,0 +1,58 @@ +id: buddypress-376f3b7be651ac6251ca8825ec683915 + +info: + name: > + BuddyPress <= 11.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b824cab6-d340-487d-90ba-5b554db1da14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress/" + google-query: inurl:"/wp-content/plugins/buddypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-430f35a9a91f48c97c43930a9ef1c8e0.yaml b/nuclei-templates/cve-less/plugins/buddypress-430f35a9a91f48c97c43930a9ef1c8e0.yaml new file mode 100644 index 0000000000..ff56e8ced5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-430f35a9a91f48c97c43930a9ef1c8e0.yaml @@ -0,0 +1,58 @@ +id: buddypress-430f35a9a91f48c97c43930a9ef1c8e0 + +info: + name: > + BuddyPress <= 12.4.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3657384e-025a-44ad-8b7e-1a2fea17dcc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress/" + google-query: inurl:"/wp-content/plugins/buddypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-88c5b961644bad4c49d63ba50954d1ef.yaml b/nuclei-templates/cve-less/plugins/buddypress-88c5b961644bad4c49d63ba50954d1ef.yaml new file mode 100644 index 0000000000..fa16365575 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-88c5b961644bad4c49d63ba50954d1ef.yaml @@ -0,0 +1,58 @@ +id: buddypress-88c5b961644bad4c49d63ba50954d1ef + +info: + name: > + BuddyPress <= 1.9.1 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd85da97-f62c-4c4e-ae29-dea5aa529f54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress/" + google-query: inurl:"/wp-content/plugins/buddypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-activity-plus-5f432c656be335dcd6d93a860c52a8ba.yaml b/nuclei-templates/cve-less/plugins/buddypress-activity-plus-5f432c656be335dcd6d93a860c52a8ba.yaml new file mode 100644 index 0000000000..3da028524c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-activity-plus-5f432c656be335dcd6d93a860c52a8ba.yaml @@ -0,0 +1,58 @@ +id: buddypress-activity-plus-5f432c656be335dcd6d93a860c52a8ba + +info: + name: > + BuddyPress Activity Plus <= 1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8dc9fd0-929e-447f-be05-085be98e4d0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress-activity-plus/" + google-query: inurl:"/wp-content/plugins/buddypress-activity-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress-activity-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress-activity-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress-activity-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-c3337fb47eeb04c822819fd17c433268.yaml b/nuclei-templates/cve-less/plugins/buddypress-c3337fb47eeb04c822819fd17c433268.yaml new file mode 100644 index 0000000000..a6431affd5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-c3337fb47eeb04c822819fd17c433268.yaml @@ -0,0 +1,58 @@ +id: buddypress-c3337fb47eeb04c822819fd17c433268 + +info: + name: > + BuddyPress <= 1.9.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2fe3724-f71c-4548-9410-838c0337f887?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress/" + google-query: inurl:"/wp-content/plugins/buddypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-docs-8dce3163a90bed75fd5b9e557a28f3b3.yaml b/nuclei-templates/cve-less/plugins/buddypress-docs-8dce3163a90bed75fd5b9e557a28f3b3.yaml new file mode 100644 index 0000000000..d8b6520a56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-docs-8dce3163a90bed75fd5b9e557a28f3b3.yaml @@ -0,0 +1,58 @@ +id: buddypress-docs-8dce3163a90bed75fd5b9e557a28f3b3 + +info: + name: > + BuddyPress Docs <= 1.9.2 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a6c16dd-3681-4867-b608-5501ff9e9331?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress-docs/" + google-query: inurl:"/wp-content/plugins/buddypress-docs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress-docs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress-docs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress-docs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-extended-friendship-request-a103c2e3cc97ab522767ac0230b22480.yaml b/nuclei-templates/cve-less/plugins/buddypress-extended-friendship-request-a103c2e3cc97ab522767ac0230b22480.yaml new file mode 100644 index 0000000000..8a7e3e9dfe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-extended-friendship-request-a103c2e3cc97ab522767ac0230b22480.yaml @@ -0,0 +1,58 @@ +id: buddypress-extended-friendship-request-a103c2e3cc97ab522767ac0230b22480 + +info: + name: > + BuddyPress Extended Friendship Request < 1.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa0b67b-edc8-4f91-bf67-167df63cf7bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress-extended-friendship-request/" + google-query: inurl:"/wp-content/plugins/buddypress-extended-friendship-request/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress-extended-friendship-request,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress-extended-friendship-request/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress-extended-friendship-request" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-global-search-ed89c8160fc54a5150ed5e4f427981e4.yaml b/nuclei-templates/cve-less/plugins/buddypress-global-search-ed89c8160fc54a5150ed5e4f427981e4.yaml new file mode 100644 index 0000000000..35126a608a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-global-search-ed89c8160fc54a5150ed5e4f427981e4.yaml @@ -0,0 +1,58 @@ +id: buddypress-global-search-ed89c8160fc54a5150ed5e4f427981e4 + +info: + name: > + BuddyPress Global Search <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f78cc71a-db22-4f5f-9231-52c66561df02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress-global-search/" + google-query: inurl:"/wp-content/plugins/buddypress-global-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress-global-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress-global-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress-global-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-media-5185077331b584e736df6ae601c45310.yaml b/nuclei-templates/cve-less/plugins/buddypress-media-5185077331b584e736df6ae601c45310.yaml new file mode 100644 index 0000000000..66df108a3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-media-5185077331b584e736df6ae601c45310.yaml @@ -0,0 +1,58 @@ +id: buddypress-media-5185077331b584e736df6ae601c45310 + +info: + name: > + rtMedia for WordPress, BuddyPress and bbPress WordPress <= 4.6.15 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d619d300-8bba-45a1-bd0a-d82e9066a43d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress-media/" + google-query: inurl:"/wp-content/plugins/buddypress-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress-media,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-media-58b37148ce0bdaa5522c3559b2f37ff0.yaml b/nuclei-templates/cve-less/plugins/buddypress-media-58b37148ce0bdaa5522c3559b2f37ff0.yaml new file mode 100644 index 0000000000..0d3fe8f61e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-media-58b37148ce0bdaa5522c3559b2f37ff0.yaml @@ -0,0 +1,58 @@ +id: buddypress-media-58b37148ce0bdaa5522c3559b2f37ff0 + +info: + name: > + rtMedia for WordPress, BuddyPress and bbPress <= 4.6.15 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb022e51-32fd-403e-a9b3-34114e957020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress-media/" + google-query: inurl:"/wp-content/plugins/buddypress-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress-media,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-media-85898493501c4d75829911d4553b254e.yaml b/nuclei-templates/cve-less/plugins/buddypress-media-85898493501c4d75829911d4553b254e.yaml new file mode 100644 index 0000000000..5d8d9472ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-media-85898493501c4d75829911d4553b254e.yaml @@ -0,0 +1,58 @@ +id: buddypress-media-85898493501c4d75829911d4553b254e + +info: + name: > + rtMedia for WordPress, BuddyPress and bbPress <= 4.6.14 - Missing Authorization via export_settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cb5df54-a6a7-4c2e-8df0-5d050218622e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress-media/" + google-query: inurl:"/wp-content/plugins/buddypress-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress-media,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddypress-media-aeff462ac51a8748cbda344eafd679be.yaml b/nuclei-templates/cve-less/plugins/buddypress-media-aeff462ac51a8748cbda344eafd679be.yaml new file mode 100644 index 0000000000..81e6613882 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddypress-media-aeff462ac51a8748cbda344eafd679be.yaml @@ -0,0 +1,58 @@ +id: buddypress-media-aeff462ac51a8748cbda344eafd679be + +info: + name: > + rtMedia for WordPress, BuddyPress and bbPress <= 4.6.18 - Authenticated (Contributor+) SQL Injection via rtmedia_gallery Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32b6938a-0566-46c8-8761-0403b3a0e3e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddypress-media/" + google-query: inurl:"/wp-content/plugins/buddypress-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddypress-media,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddypress-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddypress-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buddystream-f5631d6e08f23256931384659c340b7c.yaml b/nuclei-templates/cve-less/plugins/buddystream-f5631d6e08f23256931384659c340b7c.yaml new file mode 100644 index 0000000000..cafaf05594 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buddystream-f5631d6e08f23256931384659c340b7c.yaml @@ -0,0 +1,58 @@ +id: buddystream-f5631d6e08f23256931384659c340b7c + +info: + name: > + BuddyStream <= 3.6.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e947abb8-be40-4090-80a6-5255692ef693?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buddystream/" + google-query: inurl:"/wp-content/plugins/buddystream/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buddystream,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buddystream/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddystream" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bug-library-16a4534effaaeb1466ec5e74fc661c70.yaml b/nuclei-templates/cve-less/plugins/bug-library-16a4534effaaeb1466ec5e74fc661c70.yaml new file mode 100644 index 0000000000..f56f43c6be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bug-library-16a4534effaaeb1466ec5e74fc661c70.yaml @@ -0,0 +1,58 @@ +id: bug-library-16a4534effaaeb1466ec5e74fc661c70 + +info: + name: > + Bug Library <= 2.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffe33097-66fc-45f1-bc08-93a2b2234501?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bug-library/" + google-query: inurl:"/wp-content/plugins/bug-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bug-library,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bug-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bug-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/build-app-online-02a886272dd2cdcd86a1f09e85f56770.yaml b/nuclei-templates/cve-less/plugins/build-app-online-02a886272dd2cdcd86a1f09e85f56770.yaml new file mode 100644 index 0000000000..80e0136ef3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/build-app-online-02a886272dd2cdcd86a1f09e85f56770.yaml @@ -0,0 +1,58 @@ +id: build-app-online-02a886272dd2cdcd86a1f09e85f56770 + +info: + name: > + Build App Online <= 1.0.18 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f15f85c6-0bba-4bbd-b097-d205b9e0a075?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/build-app-online/" + google-query: inurl:"/wp-content/plugins/build-app-online/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,build-app-online,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/build-app-online/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "build-app-online" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/build-app-online-26189f152df8893b52731b2bdd16e94e.yaml b/nuclei-templates/cve-less/plugins/build-app-online-26189f152df8893b52731b2bdd16e94e.yaml new file mode 100644 index 0000000000..1ce222f1a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/build-app-online-26189f152df8893b52731b2bdd16e94e.yaml @@ -0,0 +1,58 @@ +id: build-app-online-26189f152df8893b52731b2bdd16e94e + +info: + name: > + Build App Online <= 1.0.19 - Missing Authorization Authenticated(Subscriber+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3551218-e272-4c96-94fe-9db0aee0d4f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/build-app-online/" + google-query: inurl:"/wp-content/plugins/build-app-online/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,build-app-online,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/build-app-online/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "build-app-online" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/build-app-online-af6a1540ae3f6f386fc5dcefbac66cbb.yaml b/nuclei-templates/cve-less/plugins/build-app-online-af6a1540ae3f6f386fc5dcefbac66cbb.yaml new file mode 100644 index 0000000000..0b3bd3ed0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/build-app-online-af6a1540ae3f6f386fc5dcefbac66cbb.yaml @@ -0,0 +1,58 @@ +id: build-app-online-af6a1540ae3f6f386fc5dcefbac66cbb + +info: + name: > + Build App Online <= 1.0.19 - Account Takeover via Weak Password Reset Mechanism + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/743e40f6-dde3-4d8f-938e-b2a0dcdfb901?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/build-app-online/" + google-query: inurl:"/wp-content/plugins/build-app-online/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,build-app-online,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/build-app-online/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "build-app-online" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/builder-style-manager-f87c4c6d53b29231a0f57635f4d257a4.yaml b/nuclei-templates/cve-less/plugins/builder-style-manager-f87c4c6d53b29231a0f57635f4d257a4.yaml new file mode 100644 index 0000000000..e4068691ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/builder-style-manager-f87c4c6d53b29231a0f57635f4d257a4.yaml @@ -0,0 +1,58 @@ +id: builder-style-manager-f87c4c6d53b29231a0f57635f4d257a4 + +info: + name: > + iThemes Builder Style Manager < 0.7.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b761292e-375c-4657-a7a8-e11af28f45fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/builder-style-manager/" + google-query: inurl:"/wp-content/plugins/builder-style-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,builder-style-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/builder-style-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "builder-style-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/builderall-cheetah-for-wp-262146db4fdf9dc0247b51f04e7c7b5d.yaml b/nuclei-templates/cve-less/plugins/builderall-cheetah-for-wp-262146db4fdf9dc0247b51f04e7c7b5d.yaml new file mode 100644 index 0000000000..9236eae021 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/builderall-cheetah-for-wp-262146db4fdf9dc0247b51f04e7c7b5d.yaml @@ -0,0 +1,58 @@ +id: builderall-cheetah-for-wp-262146db4fdf9dc0247b51f04e7c7b5d + +info: + name: > + Builderall Builder for WordPress <= 2.0.1 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c65519c-06f6-4303-9d22-980dbe36f0b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/builderall-cheetah-for-wp/" + google-query: inurl:"/wp-content/plugins/builderall-cheetah-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,builderall-cheetah-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/builderall-cheetah-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "builderall-cheetah-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulgarisation-for-woocommerce-b71f43cf539320adcdf753a5632e031f.yaml b/nuclei-templates/cve-less/plugins/bulgarisation-for-woocommerce-b71f43cf539320adcdf753a5632e031f.yaml new file mode 100644 index 0000000000..71b9fd3bfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulgarisation-for-woocommerce-b71f43cf539320adcdf753a5632e031f.yaml @@ -0,0 +1,58 @@ +id: bulgarisation-for-woocommerce-b71f43cf539320adcdf753a5632e031f + +info: + name: > + Bulgarisation for WooCommerce <= 3.0.14 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ff1d12e-1129-40d3-8c29-3a46ffc77872?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulgarisation-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/bulgarisation-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulgarisation-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulgarisation-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulgarisation-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulgarisation-for-woocommerce-f361db7993b168bd9190093a1decfa83.yaml b/nuclei-templates/cve-less/plugins/bulgarisation-for-woocommerce-f361db7993b168bd9190093a1decfa83.yaml new file mode 100644 index 0000000000..48cd29ca5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulgarisation-for-woocommerce-f361db7993b168bd9190093a1decfa83.yaml @@ -0,0 +1,58 @@ +id: bulgarisation-for-woocommerce-f361db7993b168bd9190093a1decfa83 + +info: + name: > + Bulgarisation for WooCommerce <= 3.0.14 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulgarisation-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/bulgarisation-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulgarisation-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulgarisation-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulgarisation-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-add-to-cart-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/bulk-add-to-cart-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..0521ce7198 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-add-to-cart-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: bulk-add-to-cart-xforwc-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-add-to-cart-xforwc/" + google-query: inurl:"/wp-content/plugins/bulk-add-to-cart-xforwc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-add-to-cart-xforwc,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-add-to-cart-xforwc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-add-to-cart-xforwc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-block-converter-c38ba88828239a3fc9d444831fba05d4.yaml b/nuclei-templates/cve-less/plugins/bulk-block-converter-c38ba88828239a3fc9d444831fba05d4.yaml new file mode 100644 index 0000000000..9fd1a7779f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-block-converter-c38ba88828239a3fc9d444831fba05d4.yaml @@ -0,0 +1,58 @@ +id: bulk-block-converter-c38ba88828239a3fc9d444831fba05d4 + +info: + name: > + Bulk Block Converter <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69711a11-96c2-458d-87f5-a3d8152ab20c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-block-converter/" + google-query: inurl:"/wp-content/plugins/bulk-block-converter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-block-converter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-block-converter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-block-converter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-comment-remove-5508f1f637e90aba06cb7afdc5129513.yaml b/nuclei-templates/cve-less/plugins/bulk-comment-remove-5508f1f637e90aba06cb7afdc5129513.yaml new file mode 100644 index 0000000000..227bd92bcc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-comment-remove-5508f1f637e90aba06cb7afdc5129513.yaml @@ -0,0 +1,58 @@ +id: bulk-comment-remove-5508f1f637e90aba06cb7afdc5129513 + +info: + name: > + Bulk Comment Remove <= 2 - Cross-Site Request Forgery via brc_admin() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42303b60-cbb5-4176-94f9-b2ed29f59cc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-comment-remove/" + google-query: inurl:"/wp-content/plugins/bulk-comment-remove/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-comment-remove,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-comment-remove/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-comment-remove" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-creator-c3fa207f4b7e44a252f8db84f79dbd3d.yaml b/nuclei-templates/cve-less/plugins/bulk-creator-c3fa207f4b7e44a252f8db84f79dbd3d.yaml new file mode 100644 index 0000000000..8835b6eee1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-creator-c3fa207f4b7e44a252f8db84f79dbd3d.yaml @@ -0,0 +1,58 @@ +id: bulk-creator-c3fa207f4b7e44a252f8db84f79dbd3d + +info: + name: > + Bulk Creator <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64abe00c-05b7-4661-b560-bae3957ad3e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-creator/" + google-query: inurl:"/wp-content/plugins/bulk-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-creator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-datetime-change-29b5be50bbb53513769398d4dbd36872.yaml b/nuclei-templates/cve-less/plugins/bulk-datetime-change-29b5be50bbb53513769398d4dbd36872.yaml new file mode 100644 index 0000000000..d6845d687c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-datetime-change-29b5be50bbb53513769398d4dbd36872.yaml @@ -0,0 +1,58 @@ +id: bulk-datetime-change-29b5be50bbb53513769398d4dbd36872 + +info: + name: > + Bulk Datetime Change <= 1.11 - Missing Authorisation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/505e9ba4-a19c-4d51-8ba7-4891bbac603e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-datetime-change/" + google-query: inurl:"/wp-content/plugins/bulk-datetime-change/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-datetime-change,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-datetime-change/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-datetime-change" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-delete-users-by-email-66ff52bda667dbc0abbc88dbfecf89ff.yaml b/nuclei-templates/cve-less/plugins/bulk-delete-users-by-email-66ff52bda667dbc0abbc88dbfecf89ff.yaml new file mode 100644 index 0000000000..982d895d43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-delete-users-by-email-66ff52bda667dbc0abbc88dbfecf89ff.yaml @@ -0,0 +1,58 @@ +id: bulk-delete-users-by-email-66ff52bda667dbc0abbc88dbfecf89ff + +info: + name: > + Bulk Delete Users by Email <= 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c9aaa7a-d6a7-488f-9800-7e978a765288?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-delete-users-by-email/" + google-query: inurl:"/wp-content/plugins/bulk-delete-users-by-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-delete-users-by-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-delete-users-by-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-delete-users-by-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-delete-users-by-email-aa16febdbc946ef586052ff28c269ebe.yaml b/nuclei-templates/cve-less/plugins/bulk-delete-users-by-email-aa16febdbc946ef586052ff28c269ebe.yaml new file mode 100644 index 0000000000..7fcc6f8c6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-delete-users-by-email-aa16febdbc946ef586052ff28c269ebe.yaml @@ -0,0 +1,58 @@ +id: bulk-delete-users-by-email-aa16febdbc946ef586052ff28c269ebe + +info: + name: > + Bulk Delete Users by Email <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/712ffe0a-45a5-41c7-a2b9-e88fb381a684?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-delete-users-by-email/" + google-query: inurl:"/wp-content/plugins/bulk-delete-users-by-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-delete-users-by-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-delete-users-by-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-delete-users-by-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-edit-post-titles-d1e689eb00e15a822c5a4bc69f8d4926.yaml b/nuclei-templates/cve-less/plugins/bulk-edit-post-titles-d1e689eb00e15a822c5a4bc69f8d4926.yaml new file mode 100644 index 0000000000..a223fc4c65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-edit-post-titles-d1e689eb00e15a822c5a4bc69f8d4926.yaml @@ -0,0 +1,58 @@ +id: bulk-edit-post-titles-d1e689eb00e15a822c5a4bc69f8d4926 + +info: + name: > + Bulk Edit Post Titles <= 5.0.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbdeaa77-72c9-4afc-8913-7a1e44cdeb82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-edit-post-titles/" + google-query: inurl:"/wp-content/plugins/bulk-edit-post-titles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-edit-post-titles,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-edit-post-titles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-edit-post-titles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-edit-post-titles-e79dfaa6d6a126465f94617b43a94699.yaml b/nuclei-templates/cve-less/plugins/bulk-edit-post-titles-e79dfaa6d6a126465f94617b43a94699.yaml new file mode 100644 index 0000000000..511ee97551 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-edit-post-titles-e79dfaa6d6a126465f94617b43a94699.yaml @@ -0,0 +1,58 @@ +id: bulk-edit-post-titles-e79dfaa6d6a126465f94617b43a94699 + +info: + name: > + Bulk Edit Post Titles <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-edit-post-titles/" + google-query: inurl:"/wp-content/plugins/bulk-edit-post-titles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-edit-post-titles,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-edit-post-titles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-edit-post-titles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-edit-user-profiles-in-spreadsheet-4f2b194ecb7432206d5e63b6f9923644.yaml b/nuclei-templates/cve-less/plugins/bulk-edit-user-profiles-in-spreadsheet-4f2b194ecb7432206d5e63b6f9923644.yaml new file mode 100644 index 0000000000..2a4ff173db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-edit-user-profiles-in-spreadsheet-4f2b194ecb7432206d5e63b6f9923644.yaml @@ -0,0 +1,58 @@ +id: bulk-edit-user-profiles-in-spreadsheet-4f2b194ecb7432206d5e63b6f9923644 + +info: + name: > + Bulk Edit and Create User Profiles – WP Sheet Editor <= 1.5.13 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc783305-1cd0-4ec1-b4e2-57afeeec8034?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/" + google-query: inurl:"/wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-edit-user-profiles-in-spreadsheet,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-edit-user-profiles-in-spreadsheet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-edit-user-profiles-in-spreadsheet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-editor-10360815e5a20aeed5671b4b975451a1.yaml b/nuclei-templates/cve-less/plugins/bulk-editor-10360815e5a20aeed5671b4b975451a1.yaml new file mode 100644 index 0000000000..82d1d1279e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-editor-10360815e5a20aeed5671b4b975451a1.yaml @@ -0,0 +1,58 @@ +id: bulk-editor-10360815e5a20aeed5671b4b975451a1 + +info: + name: > + WOLF <= 1.0.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85b439ea-08f9-4b4e-80da-7c5f80bc2818?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-editor/" + google-query: inurl:"/wp-content/plugins/bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-editor-4d37b5938e435e55d1b784b692eb0059.yaml b/nuclei-templates/cve-less/plugins/bulk-editor-4d37b5938e435e55d1b784b692eb0059.yaml new file mode 100644 index 0000000000..55540913bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-editor-4d37b5938e435e55d1b784b692eb0059.yaml @@ -0,0 +1,58 @@ +id: bulk-editor-4d37b5938e435e55d1b784b692eb0059 + +info: + name: > + WOLF <= 1.0.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wpbe_update_page_field + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2be16ee8-6bae-44d9-bde7-8e893293c3f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-editor/" + google-query: inurl:"/wp-content/plugins/bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-editor-78b9d1af7b3a60f9f86a06190eb42653.yaml b/nuclei-templates/cve-less/plugins/bulk-editor-78b9d1af7b3a60f9f86a06190eb42653.yaml new file mode 100644 index 0000000000..bca1319372 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-editor-78b9d1af7b3a60f9f86a06190eb42653.yaml @@ -0,0 +1,58 @@ +id: bulk-editor-78b9d1af7b3a60f9f86a06190eb42653 + +info: + name: > + WOLF <= 1.0.7 - Cross-Site Request Forgery via create_profile + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98dffc17-ac45-4ccd-ae57-96b36bd02be3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-editor/" + google-query: inurl:"/wp-content/plugins/bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-editor-89b2790236539e015ae4e5bc957d832c.yaml b/nuclei-templates/cve-less/plugins/bulk-editor-89b2790236539e015ae4e5bc957d832c.yaml new file mode 100644 index 0000000000..d4af073811 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-editor-89b2790236539e015ae4e5bc957d832c.yaml @@ -0,0 +1,58 @@ +id: bulk-editor-89b2790236539e015ae4e5bc957d832c + +info: + name: > + WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13c66a8f-b35f-4943-8880-0799b0d150f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-editor/" + google-query: inurl:"/wp-content/plugins/bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-editor-bfb67ddb86bdaa0fb13f07ddf26fc0aa.yaml b/nuclei-templates/cve-less/plugins/bulk-editor-bfb67ddb86bdaa0fb13f07ddf26fc0aa.yaml new file mode 100644 index 0000000000..bc77e491d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-editor-bfb67ddb86bdaa0fb13f07ddf26fc0aa.yaml @@ -0,0 +1,58 @@ +id: bulk-editor-bfb67ddb86bdaa0fb13f07ddf26fc0aa + +info: + name: > + BEAR <= 1.1.4.1 & WOLF <= 1.0.8.1 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12188a74-b1a6-4aa4-88b4-2d0d0dd32916?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-editor/" + google-query: inurl:"/wp-content/plugins/bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-editor-c2e59525aa8afa93502c3fb0824f336b.yaml b/nuclei-templates/cve-less/plugins/bulk-editor-c2e59525aa8afa93502c3fb0824f336b.yaml new file mode 100644 index 0000000000..386a798795 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-editor-c2e59525aa8afa93502c3fb0824f336b.yaml @@ -0,0 +1,58 @@ +id: bulk-editor-c2e59525aa8afa93502c3fb0824f336b + +info: + name: > + WOLF <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via profile_title + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10339a77-7c1a-4030-9061-15c699545b16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-editor/" + google-query: inurl:"/wp-content/plugins/bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-editor-e34822239e7a06946c13777f1af5a66d.yaml b/nuclei-templates/cve-less/plugins/bulk-editor-e34822239e7a06946c13777f1af5a66d.yaml new file mode 100644 index 0000000000..60dfdbed51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-editor-e34822239e7a06946c13777f1af5a66d.yaml @@ -0,0 +1,58 @@ +id: bulk-editor-e34822239e7a06946c13777f1af5a66d + +info: + name: > + WOLF <= 1.0.7.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b771d76-b79a-4ff2-9433-8d35734a4396?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-editor/" + google-query: inurl:"/wp-content/plugins/bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-editor-fb0e4f9dfbe427b130769e6af2734cfc.yaml b/nuclei-templates/cve-less/plugins/bulk-editor-fb0e4f9dfbe427b130769e6af2734cfc.yaml new file mode 100644 index 0000000000..2737475946 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-editor-fb0e4f9dfbe427b130769e6af2734cfc.yaml @@ -0,0 +1,58 @@ +id: bulk-editor-fb0e4f9dfbe427b130769e6af2734cfc + +info: + name: > + WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c48f94b-d193-429a-9383-628ae12bfdf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-editor/" + google-query: inurl:"/wp-content/plugins/bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish-aab8828fbd21352e7bbaf9cbf0ad1810.yaml b/nuclei-templates/cve-less/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish-aab8828fbd21352e7bbaf9cbf0ad1810.yaml new file mode 100644 index 0000000000..500c659df9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish-aab8828fbd21352e7bbaf9cbf0ad1810.yaml @@ -0,0 +1,58 @@ +id: bulk-noindex-nofollow-toolkit-by-mad-fish-aab8828fbd21352e7bbaf9cbf0ad1810 + +info: + name: > + Bulk NoIndex & NoFollow Toolkit <= 2.01 - Reflected Cross-Site Scripting via tab, order, and orderby + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/451d4ecd-f3d7-4029-8d39-85d2a7ed459c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/" + google-query: inurl:"/wp-content/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-noindex-nofollow-toolkit-by-mad-fish,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-noindex-nofollow-toolkit-by-mad-fish" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish-cf39fd16fb8f788c8db751f0dadfb29c.yaml b/nuclei-templates/cve-less/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish-cf39fd16fb8f788c8db751f0dadfb29c.yaml new file mode 100644 index 0000000000..e88edeba50 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish-cf39fd16fb8f788c8db751f0dadfb29c.yaml @@ -0,0 +1,58 @@ +id: bulk-noindex-nofollow-toolkit-by-mad-fish-cf39fd16fb8f788c8db751f0dadfb29c + +info: + name: > + Bulk NoIndex & NoFollow Toolkit <= 1.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cb79fbc-705a-4fb4-b441-7fe7ab6dea10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/" + google-query: inurl:"/wp-content/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-noindex-nofollow-toolkit-by-mad-fish,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-noindex-nofollow-toolkit-by-mad-fish" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish-eff805b4d7ec1d79e32d68ca80330ad6.yaml b/nuclei-templates/cve-less/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish-eff805b4d7ec1d79e32d68ca80330ad6.yaml new file mode 100644 index 0000000000..9772e6232d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish-eff805b4d7ec1d79e32d68ca80330ad6.yaml @@ -0,0 +1,58 @@ +id: bulk-noindex-nofollow-toolkit-by-mad-fish-eff805b4d7ec1d79e32d68ca80330ad6 + +info: + name: > + Bulk NoIndex & NoFollow Toolkit <= 1.42 - Reflected Cross-Site Scripting via 's' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e4f6305-d003-478e-a8ef-0b254084f56f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/" + google-query: inurl:"/wp-content/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-noindex-nofollow-toolkit-by-mad-fish,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-noindex-nofollow-toolkit-by-mad-fish/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-noindex-nofollow-toolkit-by-mad-fish" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-page-creator-8f6754331835c0e520f1fdc12e539318.yaml b/nuclei-templates/cve-less/plugins/bulk-page-creator-8f6754331835c0e520f1fdc12e539318.yaml new file mode 100644 index 0000000000..f65f57218d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-page-creator-8f6754331835c0e520f1fdc12e539318.yaml @@ -0,0 +1,58 @@ +id: bulk-page-creator-8f6754331835c0e520f1fdc12e539318 + +info: + name: > + Bulk Page Creator <= 1.1.3 - Cross-Site Request Forgery to Arbitrary Page Creation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee18df2-75ea-416a-8aa6-139018016b9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-page-creator/" + google-query: inurl:"/wp-content/plugins/bulk-page-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-page-creator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-page-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-page-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulk-resize-media-bb9fce36721cf5452da89d5517df1cbd.yaml b/nuclei-templates/cve-less/plugins/bulk-resize-media-bb9fce36721cf5452da89d5517df1cbd.yaml new file mode 100644 index 0000000000..adccae867c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulk-resize-media-bb9fce36721cf5452da89d5517df1cbd.yaml @@ -0,0 +1,58 @@ +id: bulk-resize-media-bb9fce36721cf5452da89d5517df1cbd + +info: + name: > + Bulk Resize Media <= 1.1 - Cross-Site Request Forgery via bulk_resize_resize_image + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/605fbfb9-85d8-43ff-a738-ad1a8a9584c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulk-resize-media/" + google-query: inurl:"/wp-content/plugins/bulk-resize-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulk-resize-media,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulk-resize-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulk-resize-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletin-announcements-0716e418df849204967cfc79352f5ba7.yaml b/nuclei-templates/cve-less/plugins/bulletin-announcements-0716e418df849204967cfc79352f5ba7.yaml new file mode 100644 index 0000000000..d3950c465d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletin-announcements-0716e418df849204967cfc79352f5ba7.yaml @@ -0,0 +1,58 @@ +id: bulletin-announcements-0716e418df849204967cfc79352f5ba7 + +info: + name: > + Announcement & Notification Banner – Bulletin <= 3.6.0 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d242a466-0611-4e64-8145-29f64100e62b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletin-announcements/" + google-query: inurl:"/wp-content/plugins/bulletin-announcements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletin-announcements,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletin-announcements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletin-announcements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletin-announcements-5eb89c28ff961004bce910abdba4c1a6.yaml b/nuclei-templates/cve-less/plugins/bulletin-announcements-5eb89c28ff961004bce910abdba4c1a6.yaml new file mode 100644 index 0000000000..244e5a0ec4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletin-announcements-5eb89c28ff961004bce910abdba4c1a6.yaml @@ -0,0 +1,58 @@ +id: bulletin-announcements-5eb89c28ff961004bce910abdba4c1a6 + +info: + name: > + WordPress Announcement & Notification Banner Plugin – Bulletin <= 3.8.5 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66cd0ed5-070a-4408-9faa-b3d840279f77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletin-announcements/" + google-query: inurl:"/wp-content/plugins/bulletin-announcements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletin-announcements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletin-announcements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletin-announcements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletin-announcements-a1b8f44a7ac7bccab5a1c94f60d1251a.yaml b/nuclei-templates/cve-less/plugins/bulletin-announcements-a1b8f44a7ac7bccab5a1c94f60d1251a.yaml new file mode 100644 index 0000000000..d69f721328 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletin-announcements-a1b8f44a7ac7bccab5a1c94f60d1251a.yaml @@ -0,0 +1,58 @@ +id: bulletin-announcements-a1b8f44a7ac7bccab5a1c94f60d1251a + +info: + name: > + Announcement & Notification Banner – Bulletin <= 3.7.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b808450f-0ebf-4c49-a9e3-f1c1f2b1f632?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletin-announcements/" + google-query: inurl:"/wp-content/plugins/bulletin-announcements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletin-announcements,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletin-announcements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletin-announcements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletproof-security-05b396118a681cd132367b6e58e8468f.yaml b/nuclei-templates/cve-less/plugins/bulletproof-security-05b396118a681cd132367b6e58e8468f.yaml new file mode 100644 index 0000000000..2dc12eefdf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletproof-security-05b396118a681cd132367b6e58e8468f.yaml @@ -0,0 +1,58 @@ +id: bulletproof-security-05b396118a681cd132367b6e58e8468f + +info: + name: > + BulletProof Security < .52.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/171ee69a-d0d6-4d1e-b477-4d285be918f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletproof-security/" + google-query: inurl:"/wp-content/plugins/bulletproof-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletproof-security,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletproof-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletproof-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< .52.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletproof-security-123845e838da3a6daa580f3b2ed445cb.yaml b/nuclei-templates/cve-less/plugins/bulletproof-security-123845e838da3a6daa580f3b2ed445cb.yaml new file mode 100644 index 0000000000..392ba8bbfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletproof-security-123845e838da3a6daa580f3b2ed445cb.yaml @@ -0,0 +1,58 @@ +id: bulletproof-security-123845e838da3a6daa580f3b2ed445cb + +info: + name: > + BulletProof Security <= .48.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d875969e-3749-4f0b-a807-36609bfca4d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletproof-security/" + google-query: inurl:"/wp-content/plugins/bulletproof-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletproof-security,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletproof-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletproof-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= .48.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletproof-security-2269359ddd46edefa6d111262722719c.yaml b/nuclei-templates/cve-less/plugins/bulletproof-security-2269359ddd46edefa6d111262722719c.yaml new file mode 100644 index 0000000000..3ece106e67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletproof-security-2269359ddd46edefa6d111262722719c.yaml @@ -0,0 +1,58 @@ +id: bulletproof-security-2269359ddd46edefa6d111262722719c + +info: + name: > + BulletProof Security < .51.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0897d622-8e73-4bc0-a5f9-77bf8ddb4f93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletproof-security/" + google-query: inurl:"/wp-content/plugins/bulletproof-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletproof-security,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletproof-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletproof-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< .51.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletproof-security-42f3a7532bbf8a08643a30303225bc1a.yaml b/nuclei-templates/cve-less/plugins/bulletproof-security-42f3a7532bbf8a08643a30303225bc1a.yaml new file mode 100644 index 0000000000..12f6825ae0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletproof-security-42f3a7532bbf8a08643a30303225bc1a.yaml @@ -0,0 +1,58 @@ +id: bulletproof-security-42f3a7532bbf8a08643a30303225bc1a + +info: + name: > + BulletProof Security <= 5.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4735c491-9595-42b8-bb1c-1b18c89fcf7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletproof-security/" + google-query: inurl:"/wp-content/plugins/bulletproof-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletproof-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletproof-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletproof-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletproof-security-69678c7361dde97e99f926d45953a3db.yaml b/nuclei-templates/cve-less/plugins/bulletproof-security-69678c7361dde97e99f926d45953a3db.yaml new file mode 100644 index 0000000000..706dab5ccb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletproof-security-69678c7361dde97e99f926d45953a3db.yaml @@ -0,0 +1,58 @@ +id: bulletproof-security-69678c7361dde97e99f926d45953a3db + +info: + name: > + BulletProof Security < .51.1 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecf73f3a-5f7b-4ef4-a31a-f282b953f294?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletproof-security/" + google-query: inurl:"/wp-content/plugins/bulletproof-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletproof-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletproof-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletproof-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= .51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletproof-security-80f01f8956a520ccda68d02885c8eaae.yaml b/nuclei-templates/cve-less/plugins/bulletproof-security-80f01f8956a520ccda68d02885c8eaae.yaml new file mode 100644 index 0000000000..54603fa184 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletproof-security-80f01f8956a520ccda68d02885c8eaae.yaml @@ -0,0 +1,58 @@ +id: bulletproof-security-80f01f8956a520ccda68d02885c8eaae + +info: + name: > + BulletProof Security < .51.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7d475d5-9c00-409c-ac07-276242540123?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletproof-security/" + google-query: inurl:"/wp-content/plugins/bulletproof-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletproof-security,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletproof-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletproof-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< .51.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletproof-security-8d9d8e003ce03da674f1adc87ce55135.yaml b/nuclei-templates/cve-less/plugins/bulletproof-security-8d9d8e003ce03da674f1adc87ce55135.yaml new file mode 100644 index 0000000000..6c4875604d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletproof-security-8d9d8e003ce03da674f1adc87ce55135.yaml @@ -0,0 +1,58 @@ +id: bulletproof-security-8d9d8e003ce03da674f1adc87ce55135 + +info: + name: > + BulletProof Security <= 6.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e66d0c9c-39a2-4f09-b87f-630f1a8054ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletproof-security/" + google-query: inurl:"/wp-content/plugins/bulletproof-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletproof-security,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletproof-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletproof-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletproof-security-ae058acace8503cc8d5660ee1d5bf68e.yaml b/nuclei-templates/cve-less/plugins/bulletproof-security-ae058acace8503cc8d5660ee1d5bf68e.yaml new file mode 100644 index 0000000000..aed8ac7d98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletproof-security-ae058acace8503cc8d5660ee1d5bf68e.yaml @@ -0,0 +1,58 @@ +id: bulletproof-security-ae058acace8503cc8d5660ee1d5bf68e + +info: + name: > + BulletProof Security < .47.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7448983b-47ad-4a71-84a8-ee1f96b3f6cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletproof-security/" + google-query: inurl:"/wp-content/plugins/bulletproof-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletproof-security,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletproof-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletproof-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< .47.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bulletproof-security-cad2b6b8af5079972fa1531cce991f4d.yaml b/nuclei-templates/cve-less/plugins/bulletproof-security-cad2b6b8af5079972fa1531cce991f4d.yaml new file mode 100644 index 0000000000..92b514afd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bulletproof-security-cad2b6b8af5079972fa1531cce991f4d.yaml @@ -0,0 +1,58 @@ +id: bulletproof-security-cad2b6b8af5079972fa1531cce991f4d + +info: + name: > + BulletProof Security <= 5.7 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcbb6614-09fc-4f41-81f7-d70aa92101bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bulletproof-security/" + google-query: inurl:"/wp-content/plugins/bulletproof-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bulletproof-security,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bulletproof-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bulletproof-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bunnycdn-c7b13d17993dc7e235bed80189f9bc22.yaml b/nuclei-templates/cve-less/plugins/bunnycdn-c7b13d17993dc7e235bed80189f9bc22.yaml new file mode 100644 index 0000000000..f66ad5fa55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bunnycdn-c7b13d17993dc7e235bed80189f9bc22.yaml @@ -0,0 +1,58 @@ +id: bunnycdn-c7b13d17993dc7e235bed80189f9bc22 + +info: + name: > + bunny.net – WordPress CDN Plugin <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a31147b-791c-436f-9407-43485ec2ef50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bunnycdn/" + google-query: inurl:"/wp-content/plugins/bunnycdn/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bunnycdn,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bunnycdn/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bunnycdn" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/burst-pro-106e6826f0718372efc6e503171c8663.yaml b/nuclei-templates/cve-less/plugins/burst-pro-106e6826f0718372efc6e503171c8663.yaml new file mode 100644 index 0000000000..1f15474483 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/burst-pro-106e6826f0718372efc6e503171c8663.yaml @@ -0,0 +1,58 @@ +id: burst-pro-106e6826f0718372efc6e503171c8663 + +info: + name: > + Burst Statistics – Privacy-Friendly Analytics for WordPress 1.4.0 to 1.4.6.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30f8419c-c7b9-4c68-a845-26c0308d76f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/burst-pro/" + google-query: inurl:"/wp-content/plugins/burst-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,burst-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/burst-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "burst-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.4.0', '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/burst-statistics-106e6826f0718372efc6e503171c8663.yaml b/nuclei-templates/cve-less/plugins/burst-statistics-106e6826f0718372efc6e503171c8663.yaml new file mode 100644 index 0000000000..7ff476f970 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/burst-statistics-106e6826f0718372efc6e503171c8663.yaml @@ -0,0 +1,58 @@ +id: burst-statistics-106e6826f0718372efc6e503171c8663 + +info: + name: > + Burst Statistics – Privacy-Friendly Analytics for WordPress 1.4.0 to 1.4.6.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30f8419c-c7b9-4c68-a845-26c0308d76f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/burst-statistics/" + google-query: inurl:"/wp-content/plugins/burst-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,burst-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/burst-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "burst-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.4.0', '<= 1.4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/burst-statistics-a36b6c8064388eb19a8195201a1f8d8d.yaml b/nuclei-templates/cve-less/plugins/burst-statistics-a36b6c8064388eb19a8195201a1f8d8d.yaml new file mode 100644 index 0000000000..84e0eef184 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/burst-statistics-a36b6c8064388eb19a8195201a1f8d8d.yaml @@ -0,0 +1,58 @@ +id: burst-statistics-a36b6c8064388eb19a8195201a1f8d8d + +info: + name: > + Burst Statistics – Privacy-Friendly Analytics for WordPress <= 1.5.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via burst_total_pageviews_count + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa587df5-9d96-4cac-ae5d-2a0485a3a789?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/burst-statistics/" + google-query: inurl:"/wp-content/plugins/burst-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,burst-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/burst-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "burst-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/burst-statistics-fd93b73cf46336153d1b2692824ed6b3.yaml b/nuclei-templates/cve-less/plugins/burst-statistics-fd93b73cf46336153d1b2692824ed6b3.yaml new file mode 100644 index 0000000000..5ad2f29c8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/burst-statistics-fd93b73cf46336153d1b2692824ed6b3.yaml @@ -0,0 +1,58 @@ +id: burst-statistics-fd93b73cf46336153d1b2692824ed6b3 + +info: + name: > + Burst Statistics Really Simple Plugins <= 1.5.3 - Authenticated (Editor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e349f07d-a520-4700-a6e0-25e68c1deeae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/burst-statistics/" + google-query: inurl:"/wp-content/plugins/burst-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,burst-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/burst-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "burst-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bus-ticket-booking-with-seat-reservation-2954a20fc20c80e75db1c146dc2ce5bb.yaml b/nuclei-templates/cve-less/plugins/bus-ticket-booking-with-seat-reservation-2954a20fc20c80e75db1c146dc2ce5bb.yaml new file mode 100644 index 0000000000..002d533cad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bus-ticket-booking-with-seat-reservation-2954a20fc20c80e75db1c146dc2ce5bb.yaml @@ -0,0 +1,58 @@ +id: bus-ticket-booking-with-seat-reservation-2954a20fc20c80e75db1c146dc2ce5bb + +info: + name: > + Bus Ticket Booking with Seat Reservation <= 5.2.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff2855cb-e4a8-4412-af24-4cee03ae2d43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bus-ticket-booking-with-seat-reservation/" + google-query: inurl:"/wp-content/plugins/bus-ticket-booking-with-seat-reservation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bus-ticket-booking-with-seat-reservation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bus-ticket-booking-with-seat-reservation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bus-ticket-booking-with-seat-reservation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bus-ticket-booking-with-seat-reservation-dec87833cedb03a8980db3616c32b95d.yaml b/nuclei-templates/cve-less/plugins/bus-ticket-booking-with-seat-reservation-dec87833cedb03a8980db3616c32b95d.yaml new file mode 100644 index 0000000000..f4c7baba51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bus-ticket-booking-with-seat-reservation-dec87833cedb03a8980db3616c32b95d.yaml @@ -0,0 +1,58 @@ +id: bus-ticket-booking-with-seat-reservation-dec87833cedb03a8980db3616c32b95d + +info: + name: > + Bus Ticket Booking with Seat Reservation <= 5.2.5 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9960282-4730-4ee8-b338-adcc57f01cc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bus-ticket-booking-with-seat-reservation/" + google-query: inurl:"/wp-content/plugins/bus-ticket-booking-with-seat-reservation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bus-ticket-booking-with-seat-reservation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bus-ticket-booking-with-seat-reservation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bus-ticket-booking-with-seat-reservation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-5e4c1e870696b3efcdbf85ce990788dc.yaml b/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-5e4c1e870696b3efcdbf85ce990788dc.yaml new file mode 100644 index 0000000000..d4937b75ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-5e4c1e870696b3efcdbf85ce990788dc.yaml @@ -0,0 +1,58 @@ +id: business-card-by-esterox-100-5e4c1e870696b3efcdbf85ce990788dc + +info: + name: > + Business Card <= 1.0.0 - Cross-Site Request Forgery to Category Edit + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0c14e4e-9437-4e98-b720-72d6aab9e05f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-card-by-esterox-100/" + google-query: inurl:"/wp-content/plugins/business-card-by-esterox-100/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-card-by-esterox-100,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-card-by-esterox-100/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-card-by-esterox-100" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-7fc47d45293f896fc846aa4ca502d2b2.yaml b/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-7fc47d45293f896fc846aa4ca502d2b2.yaml new file mode 100644 index 0000000000..0c5056d494 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-7fc47d45293f896fc846aa4ca502d2b2.yaml @@ -0,0 +1,58 @@ +id: business-card-by-esterox-100-7fc47d45293f896fc846aa4ca502d2b2 + +info: + name: > + Business Card <= 1.0.0 - Cross-Site Request Forgery to Category Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef1362b5-576d-4d22-ad5d-89f38e8e3743?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-card-by-esterox-100/" + google-query: inurl:"/wp-content/plugins/business-card-by-esterox-100/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-card-by-esterox-100,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-card-by-esterox-100/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-card-by-esterox-100" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-8c18151f3e9775aa380622b4246d4bad.yaml b/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-8c18151f3e9775aa380622b4246d4bad.yaml new file mode 100644 index 0000000000..7d0825c880 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-8c18151f3e9775aa380622b4246d4bad.yaml @@ -0,0 +1,58 @@ +id: business-card-by-esterox-100-8c18151f3e9775aa380622b4246d4bad + +info: + name: > + Business Card <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Card Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/148ca1d5-c20d-40dc-b078-ecd76d4d6c0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-card-by-esterox-100/" + google-query: inurl:"/wp-content/plugins/business-card-by-esterox-100/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-card-by-esterox-100,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-card-by-esterox-100/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-card-by-esterox-100" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-95fc25676cc1a333e3b3171b175734a4.yaml b/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-95fc25676cc1a333e3b3171b175734a4.yaml new file mode 100644 index 0000000000..e1adbe3872 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-card-by-esterox-100-95fc25676cc1a333e3b3171b175734a4.yaml @@ -0,0 +1,58 @@ +id: business-card-by-esterox-100-95fc25676cc1a333e3b3171b175734a4 + +info: + name: > + Business Card <= 1.0.0 - Cross-Site Request Forgery to Card Edit + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bad1f8-0351-421e-ab00-015e15643f0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-card-by-esterox-100/" + google-query: inurl:"/wp-content/plugins/business-card-by-esterox-100/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-card-by-esterox-100,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-card-by-esterox-100/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-card-by-esterox-100" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-directory-plugin-167e61af371a8f35ae376105d3215900.yaml b/nuclei-templates/cve-less/plugins/business-directory-plugin-167e61af371a8f35ae376105d3215900.yaml new file mode 100644 index 0000000000..74a95c69a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-directory-plugin-167e61af371a8f35ae376105d3215900.yaml @@ -0,0 +1,58 @@ +id: business-directory-plugin-167e61af371a8f35ae376105d3215900 + +info: + name: > + Business Directory Plugin < 5.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2984b9ca-e821-4c23-b792-4d0e54e44a7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-directory-plugin/" + google-query: inurl:"/wp-content/plugins/business-directory-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-directory-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-directory-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-directory-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-directory-plugin-3640b3daf83d6cd1e2aa52d4c7a270ac.yaml b/nuclei-templates/cve-less/plugins/business-directory-plugin-3640b3daf83d6cd1e2aa52d4c7a270ac.yaml new file mode 100644 index 0000000000..e0d7fca8c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-directory-plugin-3640b3daf83d6cd1e2aa52d4c7a270ac.yaml @@ -0,0 +1,58 @@ +id: business-directory-plugin-3640b3daf83d6cd1e2aa52d4c7a270ac + +info: + name: > + Business Directory Plugin – Easy Listing Directories for WordPress <= 5.11.1 - Cross-Site Request Forgery to Arbitrary Listing Export + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3c8b3fa-dc27-4c00-844f-e95cac028247?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-directory-plugin/" + google-query: inurl:"/wp-content/plugins/business-directory-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-directory-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-directory-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-directory-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-directory-plugin-3950561f5b69ad2aadeaa54bf293ca85.yaml b/nuclei-templates/cve-less/plugins/business-directory-plugin-3950561f5b69ad2aadeaa54bf293ca85.yaml new file mode 100644 index 0000000000..4500e86b7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-directory-plugin-3950561f5b69ad2aadeaa54bf293ca85.yaml @@ -0,0 +1,58 @@ +id: business-directory-plugin-3950561f5b69ad2aadeaa54bf293ca85 + +info: + name: > + Business Directory Plugin <= 5.11.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44e70eb9-f411-49da-b169-a5af8a9ace0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-directory-plugin/" + google-query: inurl:"/wp-content/plugins/business-directory-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-directory-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-directory-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-directory-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-directory-plugin-3fa1d19f6ab4b3b413035e0d19283cea.yaml b/nuclei-templates/cve-less/plugins/business-directory-plugin-3fa1d19f6ab4b3b413035e0d19283cea.yaml new file mode 100644 index 0000000000..6c937cdf5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-directory-plugin-3fa1d19f6ab4b3b413035e0d19283cea.yaml @@ -0,0 +1,58 @@ +id: business-directory-plugin-3fa1d19f6ab4b3b413035e0d19283cea + +info: + name: > + Business Directory Plugin <= 6.3.9 - Missing Authorization via dispatch + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea3c5188-4570-4958-8b2d-69048b10c5f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-directory-plugin/" + google-query: inurl:"/wp-content/plugins/business-directory-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-directory-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-directory-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-directory-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-directory-plugin-6896fd40fd840eb45a889008aea0c67e.yaml b/nuclei-templates/cve-less/plugins/business-directory-plugin-6896fd40fd840eb45a889008aea0c67e.yaml new file mode 100644 index 0000000000..466ecf4bf5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-directory-plugin-6896fd40fd840eb45a889008aea0c67e.yaml @@ -0,0 +1,58 @@ +id: business-directory-plugin-6896fd40fd840eb45a889008aea0c67e + +info: + name: > + Business Directory Plugin <= 6.3.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ab0cad4-1a82-4127-bedb-c0ddfce4ec10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-directory-plugin/" + google-query: inurl:"/wp-content/plugins/business-directory-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-directory-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-directory-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-directory-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-directory-plugin-70e9f9d703b7871b412f99e0b65bc826.yaml b/nuclei-templates/cve-less/plugins/business-directory-plugin-70e9f9d703b7871b412f99e0b65bc826.yaml new file mode 100644 index 0000000000..1390c2425e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-directory-plugin-70e9f9d703b7871b412f99e0b65bc826.yaml @@ -0,0 +1,58 @@ +id: business-directory-plugin-70e9f9d703b7871b412f99e0b65bc826 + +info: + name: > + Business Directory Plugin <= 5.11 - Authenticated PHP4 Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e84fbbf-05b0-497b-81d8-1b029d24cddd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-directory-plugin/" + google-query: inurl:"/wp-content/plugins/business-directory-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-directory-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-directory-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-directory-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-directory-plugin-c7ee5314e18860cb525cd22fac24dbf3.yaml b/nuclei-templates/cve-less/plugins/business-directory-plugin-c7ee5314e18860cb525cd22fac24dbf3.yaml new file mode 100644 index 0000000000..2a0e503fa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-directory-plugin-c7ee5314e18860cb525cd22fac24dbf3.yaml @@ -0,0 +1,58 @@ +id: business-directory-plugin-c7ee5314e18860cb525cd22fac24dbf3 + +info: + name: > + Business Directory Plugin <= 5.11.1 - Cross-Site Request Forgery to Arbitrary Payment History Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2487a5e-f038-414b-bc88-ed2c7f2c624c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-directory-plugin/" + google-query: inurl:"/wp-content/plugins/business-directory-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-directory-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-directory-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-directory-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-directory-plugin-f1a649593702eb632f6f553b9ae25e5a.yaml b/nuclei-templates/cve-less/plugins/business-directory-plugin-f1a649593702eb632f6f553b9ae25e5a.yaml new file mode 100644 index 0000000000..4ec3133e0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-directory-plugin-f1a649593702eb632f6f553b9ae25e5a.yaml @@ -0,0 +1,58 @@ +id: business-directory-plugin-f1a649593702eb632f6f553b9ae25e5a + +info: + name: > + Business Directory Plugin <= 5.10.1 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35e220c0-1e4d-4365-a1be-de66930fa559?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-directory-plugin/" + google-query: inurl:"/wp-content/plugins/business-directory-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-directory-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-directory-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-directory-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-hours-indicator-b0f7eacb55c0790170a8a4009593c548.yaml b/nuclei-templates/cve-less/plugins/business-hours-indicator-b0f7eacb55c0790170a8a4009593c548.yaml new file mode 100644 index 0000000000..115ab31217 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-hours-indicator-b0f7eacb55c0790170a8a4009593c548.yaml @@ -0,0 +1,58 @@ +id: business-hours-indicator-b0f7eacb55c0790170a8a4009593c548 + +info: + name: > + Business Hours Indicator <= 2.3.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b38d892-6797-43ae-9f17-f8f90222911e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-hours-indicator/" + google-query: inurl:"/wp-content/plugins/business-hours-indicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-hours-indicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-hours-indicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-hours-indicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-manager-24e7ccbee7ca416ae56183733be3750e.yaml b/nuclei-templates/cve-less/plugins/business-manager-24e7ccbee7ca416ae56183733be3750e.yaml new file mode 100644 index 0000000000..4e913e44a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-manager-24e7ccbee7ca416ae56183733be3750e.yaml @@ -0,0 +1,58 @@ +id: business-manager-24e7ccbee7ca416ae56183733be3750e + +info: + name: > + Business Manager <= 1.4.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94cbd525-de3b-448a-b65b-21c63208b8b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-manager/" + google-query: inurl:"/wp-content/plugins/business-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/business-profile-828427f0b9437525d7829a16b68575dc.yaml b/nuclei-templates/cve-less/plugins/business-profile-828427f0b9437525d7829a16b68575dc.yaml new file mode 100644 index 0000000000..d2840e50c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/business-profile-828427f0b9437525d7829a16b68575dc.yaml @@ -0,0 +1,58 @@ +id: business-profile-828427f0b9437525d7829a16b68575dc + +info: + name: > + Five Star Business Profile and Schema <= 2.1.6 - Subscriber+ Page Creation & Settings Update to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0daeb94-1028-4163-af9d-0a6d7a00269f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/business-profile/" + google-query: inurl:"/wp-content/plugins/business-profile/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,business-profile,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/business-profile/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-profile" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/button-3e24dfff2b5771f43f4fe5ad4a241e28.yaml b/nuclei-templates/cve-less/plugins/button-3e24dfff2b5771f43f4fe5ad4a241e28.yaml new file mode 100644 index 0000000000..a3bfa2f2ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/button-3e24dfff2b5771f43f4fe5ad4a241e28.yaml @@ -0,0 +1,58 @@ +id: button-3e24dfff2b5771f43f4fe5ad4a241e28 + +info: + name: > + Button <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3d26aa4-8bea-48e8-ad14-513690a31831?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/button/" + google-query: inurl:"/wp-content/plugins/button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/button-63f1bf4087d9427b6d24f67f8ffe6d66.yaml b/nuclei-templates/cve-less/plugins/button-63f1bf4087d9427b6d24f67f8ffe6d66.yaml new file mode 100644 index 0000000000..cbdeccb1be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/button-63f1bf4087d9427b6d24f67f8ffe6d66.yaml @@ -0,0 +1,58 @@ +id: button-63f1bf4087d9427b6d24f67f8ffe6d66 + +info: + name: > + Button <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9905517f-236c-4e98-8026-8d54bf64c7c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/button/" + google-query: inurl:"/wp-content/plugins/button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/button-contact-vr-978cbd8cd586092e7c39e28ce0b70684.yaml b/nuclei-templates/cve-less/plugins/button-contact-vr-978cbd8cd586092e7c39e28ce0b70684.yaml new file mode 100644 index 0000000000..37b4627fd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/button-contact-vr-978cbd8cd586092e7c39e28ce0b70684.yaml @@ -0,0 +1,58 @@ +id: button-contact-vr-978cbd8cd586092e7c39e28ce0b70684 + +info: + name: > + Button contact VR <= 4.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/007d8935-974f-4bc4-833e-25ca50a50a29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/button-contact-vr/" + google-query: inurl:"/wp-content/plugins/button-contact-vr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,button-contact-vr,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-contact-vr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-contact-vr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/button-generation-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/button-generation-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..d742f35379 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/button-generation-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: button-generation-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/button-generation/" + google-query: inurl:"/wp-content/plugins/button-generation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,button-generation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-generation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-generation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/button-generation-0ad7f5a9c3342b7aeba5a03db14c71d0.yaml b/nuclei-templates/cve-less/plugins/button-generation-0ad7f5a9c3342b7aeba5a03db14c71d0.yaml new file mode 100644 index 0000000000..e373497a52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/button-generation-0ad7f5a9c3342b7aeba5a03db14c71d0.yaml @@ -0,0 +1,58 @@ +id: button-generation-0ad7f5a9c3342b7aeba5a03db14c71d0 + +info: + name: > + Button Generator – easily Button Builder <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ac9262a-96a6-439a-a2b0-a05f24654d06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/button-generation/" + google-query: inurl:"/wp-content/plugins/button-generation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,button-generation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-generation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-generation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/button-generation-0ea9d75794d2c7486ec9098022942b0a.yaml b/nuclei-templates/cve-less/plugins/button-generation-0ea9d75794d2c7486ec9098022942b0a.yaml new file mode 100644 index 0000000000..82b00793e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/button-generation-0ea9d75794d2c7486ec9098022942b0a.yaml @@ -0,0 +1,58 @@ +id: button-generation-0ea9d75794d2c7486ec9098022942b0a + +info: + name: > + Button Generator – easily Button Builder <= 2.3.5 - Cross-Site Request Forgery in tools-data-base.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af803612-96ae-41ee-8ad3-8f9319b147e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/button-generation/" + google-query: inurl:"/wp-content/plugins/button-generation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,button-generation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-generation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-generation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/button-generation-42e2e881f29393c821ce6d432bf2a46a.yaml b/nuclei-templates/cve-less/plugins/button-generation-42e2e881f29393c821ce6d432bf2a46a.yaml new file mode 100644 index 0000000000..89bc9ae438 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/button-generation-42e2e881f29393c821ce6d432bf2a46a.yaml @@ -0,0 +1,58 @@ +id: button-generation-42e2e881f29393c821ce6d432bf2a46a + +info: + name: > + Button Generator – easily Button Builder <= 2.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e78097a6-6828-4d62-abf0-995a906ad68b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/button-generation/" + google-query: inurl:"/wp-content/plugins/button-generation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,button-generation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-generation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-generation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/button-generation-82603c2847e2ca1ee15bc23d829fbc4a.yaml b/nuclei-templates/cve-less/plugins/button-generation-82603c2847e2ca1ee15bc23d829fbc4a.yaml new file mode 100644 index 0000000000..f57acaf868 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/button-generation-82603c2847e2ca1ee15bc23d829fbc4a.yaml @@ -0,0 +1,58 @@ +id: button-generation-82603c2847e2ca1ee15bc23d829fbc4a + +info: + name: > + Button Generator – easily Button Builder <= 2.3.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73dd286e-5338-42d2-9928-1e14150ccf56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/button-generation/" + google-query: inurl:"/wp-content/plugins/button-generation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,button-generation,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-generation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-generation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/button-generation-913a26462c41f8def73f8a9767771136.yaml b/nuclei-templates/cve-less/plugins/button-generation-913a26462c41f8def73f8a9767771136.yaml new file mode 100644 index 0000000000..594b3d4fe9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/button-generation-913a26462c41f8def73f8a9767771136.yaml @@ -0,0 +1,58 @@ +id: button-generation-913a26462c41f8def73f8a9767771136 + +info: + name: > + Button Generator – easily Button Builder <= 2.3.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b73467de-fb0c-45e3-b3ae-5158b261907b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/button-generation/" + google-query: inurl:"/wp-content/plugins/button-generation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,button-generation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-generation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-generation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/button-generation-fb1c9dec29fbcdf7eb9112a479b097f2.yaml b/nuclei-templates/cve-less/plugins/button-generation-fb1c9dec29fbcdf7eb9112a479b097f2.yaml new file mode 100644 index 0000000000..c20740c740 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/button-generation-fb1c9dec29fbcdf7eb9112a479b097f2.yaml @@ -0,0 +1,58 @@ +id: button-generation-fb1c9dec29fbcdf7eb9112a479b097f2 + +info: + name: > + Button Generator – easily Button Builder <= 2.3.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88ca14d5-bbdd-4efa-a729-40a73f701aae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/button-generation/" + google-query: inurl:"/wp-content/plugins/button-generation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,button-generation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/button-generation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "button-generation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buttonizer-multifunctional-button-456677c70a49bc1c088cafa5c6ef9da9.yaml b/nuclei-templates/cve-less/plugins/buttonizer-multifunctional-button-456677c70a49bc1c088cafa5c6ef9da9.yaml new file mode 100644 index 0000000000..31ed6477d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buttonizer-multifunctional-button-456677c70a49bc1c088cafa5c6ef9da9.yaml @@ -0,0 +1,58 @@ +id: buttonizer-multifunctional-button-456677c70a49bc1c088cafa5c6ef9da9 + +info: + name: > + Buttonizer - Smart Floating Action Button <= 2.5.4 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15aba6ee-8345-401d-adf9-3fde0f5169bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buttonizer-multifunctional-button/" + google-query: inurl:"/wp-content/plugins/buttonizer-multifunctional-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buttonizer-multifunctional-button,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buttonizer-multifunctional-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buttonizer-multifunctional-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buttons-shortcode-and-widget-b4d222d7f6fbba49026992c33a4f820f.yaml b/nuclei-templates/cve-less/plugins/buttons-shortcode-and-widget-b4d222d7f6fbba49026992c33a4f820f.yaml new file mode 100644 index 0000000000..d6a6bd510e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buttons-shortcode-and-widget-b4d222d7f6fbba49026992c33a4f820f.yaml @@ -0,0 +1,58 @@ +id: buttons-shortcode-and-widget-b4d222d7f6fbba49026992c33a4f820f + +info: + name: > + Buttons Shortcode and Widget <= 1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea6e0856-ba3d-4fa1-ac90-45a51ff994ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buttons-shortcode-and-widget/" + google-query: inurl:"/wp-content/plugins/buttons-shortcode-and-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buttons-shortcode-and-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buttons-shortcode-and-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buttons-shortcode-and-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buttons-x-f3522c3cb0ccfb1220b311f9a238555b.yaml b/nuclei-templates/cve-less/plugins/buttons-x-f3522c3cb0ccfb1220b311f9a238555b.yaml new file mode 100644 index 0000000000..ad29a1443f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buttons-x-f3522c3cb0ccfb1220b311f9a238555b.yaml @@ -0,0 +1,58 @@ +id: buttons-x-f3522c3cb0ccfb1220b311f9a238555b + +info: + name: > + Button Builder – Buttons X <= 0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1aea8fe3-7c75-4d3a-847a-ce0d1f9700f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buttons-x/" + google-query: inurl:"/wp-content/plugins/buttons-x/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buttons-x,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buttons-x/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buttons-x" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buymeacoffee-0caf8903231ef8666af5245315083b74.yaml b/nuclei-templates/cve-less/plugins/buymeacoffee-0caf8903231ef8666af5245315083b74.yaml new file mode 100644 index 0000000000..e3ec5e0c21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buymeacoffee-0caf8903231ef8666af5245315083b74.yaml @@ -0,0 +1,58 @@ +id: buymeacoffee-0caf8903231ef8666af5245315083b74 + +info: + name: > + Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed9f8948-085b-4ac5-befd-c70085aa23cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buymeacoffee/" + google-query: inurl:"/wp-content/plugins/buymeacoffee/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buymeacoffee,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buymeacoffee/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buymeacoffee" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buymeacoffee-514e5589e35f6de5b251e63d9ba1561e.yaml b/nuclei-templates/cve-less/plugins/buymeacoffee-514e5589e35f6de5b251e63d9ba1561e.yaml new file mode 100644 index 0000000000..51245a2f3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buymeacoffee-514e5589e35f6de5b251e63d9ba1561e.yaml @@ -0,0 +1,58 @@ +id: buymeacoffee-514e5589e35f6de5b251e63d9ba1561e + +info: + name: > + Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6309258e-e4fc-4edf-a771-2d82a9a85a5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buymeacoffee/" + google-query: inurl:"/wp-content/plugins/buymeacoffee/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buymeacoffee,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buymeacoffee/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buymeacoffee" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buymeacoffee-9c9be48d36983f46c1dafc5a934e6547.yaml b/nuclei-templates/cve-less/plugins/buymeacoffee-9c9be48d36983f46c1dafc5a934e6547.yaml new file mode 100644 index 0000000000..12cfb5ab8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buymeacoffee-9c9be48d36983f46c1dafc5a934e6547.yaml @@ -0,0 +1,58 @@ +id: buymeacoffee-9c9be48d36983f46c1dafc5a934e6547 + +info: + name: > + Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1c218c6-1599-4dc9-846f-e0ef74821488?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buymeacoffee/" + google-query: inurl:"/wp-content/plugins/buymeacoffee/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buymeacoffee,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buymeacoffee/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buymeacoffee" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buymeacoffee-e74780b7e51cbe82d58b11a6033838ff.yaml b/nuclei-templates/cve-less/plugins/buymeacoffee-e74780b7e51cbe82d58b11a6033838ff.yaml new file mode 100644 index 0000000000..b12d04ef0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buymeacoffee-e74780b7e51cbe82d58b11a6033838ff.yaml @@ -0,0 +1,58 @@ +id: buymeacoffee-e74780b7e51cbe82d58b11a6033838ff + +info: + name: > + Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f3ce3d-ae8a-4c0f-a74d-657225a932f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buymeacoffee/" + google-query: inurl:"/wp-content/plugins/buymeacoffee/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buymeacoffee,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buymeacoffee/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buymeacoffee" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/buzzsprout-podcasting-469ce07115e491efc4cb1c8371dce59b.yaml b/nuclei-templates/cve-less/plugins/buzzsprout-podcasting-469ce07115e491efc4cb1c8371dce59b.yaml new file mode 100644 index 0000000000..bdc9bf358b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/buzzsprout-podcasting-469ce07115e491efc4cb1c8371dce59b.yaml @@ -0,0 +1,58 @@ +id: buzzsprout-podcasting-469ce07115e491efc4cb1c8371dce59b + +info: + name: > + Buzzsprout Podcasting <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be7f8b73-801d-46e8-81c1-8bb0bb576700?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/buzzsprout-podcasting/" + google-query: inurl:"/wp-content/plugins/buzzsprout-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,buzzsprout-podcasting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/buzzsprout-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buzzsprout-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bwl-advanced-faq-manager-1fb9c20f2dc722c53163029233b7680b.yaml b/nuclei-templates/cve-less/plugins/bwl-advanced-faq-manager-1fb9c20f2dc722c53163029233b7680b.yaml new file mode 100644 index 0000000000..e712cfb901 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bwl-advanced-faq-manager-1fb9c20f2dc722c53163029233b7680b.yaml @@ -0,0 +1,58 @@ +id: bwl-advanced-faq-manager-1fb9c20f2dc722c53163029233b7680b + +info: + name: > + BWL Advanced FAQ Manager <= 2.0.3 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa66da82-8733-41cb-a276-620577d79e44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bwl-advanced-faq-manager/" + google-query: inurl:"/wp-content/plugins/bwl-advanced-faq-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bwl-advanced-faq-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bwl-advanced-faq-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bwl-advanced-faq-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bwp-google-xml-sitemaps-e5558e0a5f22ef3f76543aa9614d9789.yaml b/nuclei-templates/cve-less/plugins/bwp-google-xml-sitemaps-e5558e0a5f22ef3f76543aa9614d9789.yaml new file mode 100644 index 0000000000..c5b3ec4fba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bwp-google-xml-sitemaps-e5558e0a5f22ef3f76543aa9614d9789.yaml @@ -0,0 +1,58 @@ +id: bwp-google-xml-sitemaps-e5558e0a5f22ef3f76543aa9614d9789 + +info: + name: > + Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5675962-7d7f-46f4-b588-e46af212e9c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bwp-google-xml-sitemaps/" + google-query: inurl:"/wp-content/plugins/bwp-google-xml-sitemaps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bwp-google-xml-sitemaps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bwp-google-xml-sitemaps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bwp-google-xml-sitemaps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bws-google-analytics-1758588699ac13a0da770bd7cd456b77.yaml b/nuclei-templates/cve-less/plugins/bws-google-analytics-1758588699ac13a0da770bd7cd456b77.yaml new file mode 100644 index 0000000000..0ccaec4b1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bws-google-analytics-1758588699ac13a0da770bd7cd456b77.yaml @@ -0,0 +1,58 @@ +id: bws-google-analytics-1758588699ac13a0da770bd7cd456b77 + +info: + name: > + Analytics <= 1.7.0 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9900533-0724-445f-9d56-8a0422479448?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bws-google-analytics/" + google-query: inurl:"/wp-content/plugins/bws-google-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bws-google-analytics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bws-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bws-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bws-google-maps-f5ede402fdf5293b860276b605ce4e8f.yaml b/nuclei-templates/cve-less/plugins/bws-google-maps-f5ede402fdf5293b860276b605ce4e8f.yaml new file mode 100644 index 0000000000..b7e5a6349d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bws-google-maps-f5ede402fdf5293b860276b605ce4e8f.yaml @@ -0,0 +1,58 @@ +id: bws-google-maps-f5ede402fdf5293b860276b605ce4e8f + +info: + name: > + Maps by BestWebSoft <= 1.3.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/419df0c4-1e78-47da-b28d-5ab1cb66729a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bws-google-maps/" + google-query: inurl:"/wp-content/plugins/bws-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bws-google-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bws-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bws-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bws-linkedin-b2f000587e20cf237a45ef2d6036a9a0.yaml b/nuclei-templates/cve-less/plugins/bws-linkedin-b2f000587e20cf237a45ef2d6036a9a0.yaml new file mode 100644 index 0000000000..9b29207696 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bws-linkedin-b2f000587e20cf237a45ef2d6036a9a0.yaml @@ -0,0 +1,58 @@ +id: bws-linkedin-b2f000587e20cf237a45ef2d6036a9a0 + +info: + name: > + BestWebSoft's LinkedIn < 1.0.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3db65e14-50c6-4afe-84e5-0785fe9bf77a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bws-linkedin/" + google-query: inurl:"/wp-content/plugins/bws-linkedin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bws-linkedin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bws-linkedin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bws-linkedin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bws-pinterest-e64b2928f117109f88452f28d939f5ac.yaml b/nuclei-templates/cve-less/plugins/bws-pinterest-e64b2928f117109f88452f28d939f5ac.yaml new file mode 100644 index 0000000000..18fe643a56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bws-pinterest-e64b2928f117109f88452f28d939f5ac.yaml @@ -0,0 +1,58 @@ +id: bws-pinterest-e64b2928f117109f88452f28d939f5ac + +info: + name: > + BestWebSoft's Pinterest <= 1.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b631ba7f-105d-4fe4-9173-4f7eade92d54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bws-pinterest/" + google-query: inurl:"/wp-content/plugins/bws-pinterest/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bws-pinterest,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bws-pinterest/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bws-pinterest" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bws-smtp-6356cf8af8f87c1115ab1b364de5897a.yaml b/nuclei-templates/cve-less/plugins/bws-smtp-6356cf8af8f87c1115ab1b364de5897a.yaml new file mode 100644 index 0000000000..0888cc2af1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bws-smtp-6356cf8af8f87c1115ab1b364de5897a.yaml @@ -0,0 +1,58 @@ +id: bws-smtp-6356cf8af8f87c1115ab1b364de5897a + +info: + name: > + SMTP by BestWebSoft <= 1.0.9 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ff464d0-7aa4-4a79-a8d2-ea51398c40f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bws-smtp/" + google-query: inurl:"/wp-content/plugins/bws-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bws-smtp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bws-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bws-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bws-testimonials-11832d8ff71b77f5c5443c834508a4b9.yaml b/nuclei-templates/cve-less/plugins/bws-testimonials-11832d8ff71b77f5c5443c834508a4b9.yaml new file mode 100644 index 0000000000..24585d3c2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bws-testimonials-11832d8ff71b77f5c5443c834508a4b9.yaml @@ -0,0 +1,58 @@ +id: bws-testimonials-11832d8ff71b77f5c5443c834508a4b9 + +info: + name: > + Testimonials by BestWebSoft <= 0.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba426d2f-aa05-4316-86ca-228f21785f63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bws-testimonials/" + google-query: inurl:"/wp-content/plugins/bws-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bws-testimonials,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bws-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bws-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bxslider-wp-629a86e61ae281b9190188a5f16e6d8f.yaml b/nuclei-templates/cve-less/plugins/bxslider-wp-629a86e61ae281b9190188a5f16e6d8f.yaml new file mode 100644 index 0000000000..a53f5175cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bxslider-wp-629a86e61ae281b9190188a5f16e6d8f.yaml @@ -0,0 +1,58 @@ +id: bxslider-wp-629a86e61ae281b9190188a5f16e6d8f + +info: + name: > + BxSlider WP <= 2.0.0 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfa2af3d-ef5a-484b-83a3-552b03b16f4b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bxslider-wp/" + google-query: inurl:"/wp-content/plugins/bxslider-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bxslider-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bxslider-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bxslider-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/byconsole-woo-order-delivery-time-9473021a502a63a62049e1b92de7e47f.yaml b/nuclei-templates/cve-less/plugins/byconsole-woo-order-delivery-time-9473021a502a63a62049e1b92de7e47f.yaml new file mode 100644 index 0000000000..ead41f11e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/byconsole-woo-order-delivery-time-9473021a502a63a62049e1b92de7e47f.yaml @@ -0,0 +1,58 @@ +id: byconsole-woo-order-delivery-time-9473021a502a63a62049e1b92de7e47f + +info: + name: > + WooODT Lite <= 2.4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ede4b8ad-3c12-4ed8-9eda-806afa580bad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/byconsole-woo-order-delivery-time/" + google-query: inurl:"/wp-content/plugins/byconsole-woo-order-delivery-time/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,byconsole-woo-order-delivery-time,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/byconsole-woo-order-delivery-time/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "byconsole-woo-order-delivery-time" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/byconsole-woo-order-delivery-time-cd5b979265c6693d84b238525b6e2413.yaml b/nuclei-templates/cve-less/plugins/byconsole-woo-order-delivery-time-cd5b979265c6693d84b238525b6e2413.yaml new file mode 100644 index 0000000000..2c81d9481d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/byconsole-woo-order-delivery-time-cd5b979265c6693d84b238525b6e2413.yaml @@ -0,0 +1,58 @@ +id: byconsole-woo-order-delivery-time-cd5b979265c6693d84b238525b6e2413 + +info: + name: > + WooODT Lite <= 2.4.6 - Missing Authorization to Arbitrary Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9939f297-e3ca-4d7d-9acd-c416ee2014c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/byconsole-woo-order-delivery-time/" + google-query: inurl:"/wp-content/plugins/byconsole-woo-order-delivery-time/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,byconsole-woo-order-delivery-time,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/byconsole-woo-order-delivery-time/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "byconsole-woo-order-delivery-time" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/bzscore-live-score-192e415b611335b3538e5f2af9fbc394.yaml b/nuclei-templates/cve-less/plugins/bzscore-live-score-192e415b611335b3538e5f2af9fbc394.yaml new file mode 100644 index 0000000000..f06c5a8b1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/bzscore-live-score-192e415b611335b3538e5f2af9fbc394.yaml @@ -0,0 +1,58 @@ +id: bzscore-live-score-192e415b611335b3538e5f2af9fbc394 + +info: + name: > + BZScore – Live Score <= 1.03 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/438a94c4-a7f2-4c08-960b-e18c19196169?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/bzscore-live-score/" + google-query: inurl:"/wp-content/plugins/bzscore-live-score/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,bzscore-live-score,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/bzscore-live-score/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bzscore-live-score" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.03') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cab-fare-calculator-850cdc2bb11e2c84c49d36aadc35f92a.yaml b/nuclei-templates/cve-less/plugins/cab-fare-calculator-850cdc2bb11e2c84c49d36aadc35f92a.yaml new file mode 100644 index 0000000000..595ad551eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cab-fare-calculator-850cdc2bb11e2c84c49d36aadc35f92a.yaml @@ -0,0 +1,58 @@ +id: cab-fare-calculator-850cdc2bb11e2c84c49d36aadc35f92a + +info: + name: > + Cab fare calculator <= 1.0.3 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6990abdc-232f-4c25-8cba-c2639f315434?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cab-fare-calculator/" + google-query: inurl:"/wp-content/plugins/cab-fare-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cab-fare-calculator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cab-fare-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cab-fare-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cab-grid-e859444e797e41b8d664b82e23a899ba.yaml b/nuclei-templates/cve-less/plugins/cab-grid-e859444e797e41b8d664b82e23a899ba.yaml new file mode 100644 index 0000000000..c8dc91f5d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cab-grid-e859444e797e41b8d664b82e23a899ba.yaml @@ -0,0 +1,58 @@ +id: cab-grid-e859444e797e41b8d664b82e23a899ba + +info: + name: > + Cab Grid <= 1.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e09c629b-9908-4548-b828-9e6140ff5670?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cab-grid/" + google-query: inurl:"/wp-content/plugins/cab-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cab-grid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cab-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cab-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cache-images-182ea68949b1ee6faae255d4de23157d.yaml b/nuclei-templates/cve-less/plugins/cache-images-182ea68949b1ee6faae255d4de23157d.yaml new file mode 100644 index 0000000000..ef175a5c9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cache-images-182ea68949b1ee6faae255d4de23157d.yaml @@ -0,0 +1,58 @@ +id: cache-images-182ea68949b1ee6faae255d4de23157d + +info: + name: > + Cache Images <= 3.2 - Cross-Site Request Forgery to Image Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a70eec-ee14-4bef-8d23-5954b1f1baf5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cache-images/" + google-query: inurl:"/wp-content/plugins/cache-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cache-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cache-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cache-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/caddy-b41c7809a15dd29e69a83cb3726570dc.yaml b/nuclei-templates/cve-less/plugins/caddy-b41c7809a15dd29e69a83cb3726570dc.yaml new file mode 100644 index 0000000000..f8443b5ae2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/caddy-b41c7809a15dd29e69a83cb3726570dc.yaml @@ -0,0 +1,58 @@ +id: caddy-b41c7809a15dd29e69a83cb3726570dc + +info: + name: > + Caddy <= 1.9.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b331c32e-7341-458b-80be-574cfa915159?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/caddy/" + google-query: inurl:"/wp-content/plugins/caddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,caddy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/caddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "caddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cafe-lite-dddec61512fe66c6bc2775d423f59680.yaml b/nuclei-templates/cve-less/plugins/cafe-lite-dddec61512fe66c6bc2775d423f59680.yaml new file mode 100644 index 0000000000..e1fcfe7325 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cafe-lite-dddec61512fe66c6bc2775d423f59680.yaml @@ -0,0 +1,58 @@ +id: cafe-lite-dddec61512fe66c6bc2775d423f59680 + +info: + name: > + Clever Addons for Elementor <=2.0.15 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a680db1-3db2-4884-b2fe-c6d29457df4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cafe-lite/" + google-query: inurl:"/wp-content/plugins/cafe-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cafe-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cafe-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cafe-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calculated-fields-form-13cb55c1f508982488cee2289cc6f8a4.yaml b/nuclei-templates/cve-less/plugins/calculated-fields-form-13cb55c1f508982488cee2289cc6f8a4.yaml new file mode 100644 index 0000000000..375e1947ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calculated-fields-form-13cb55c1f508982488cee2289cc6f8a4.yaml @@ -0,0 +1,58 @@ +id: calculated-fields-form-13cb55c1f508982488cee2289cc6f8a4 + +info: + name: > + Calculated Fields Form <= 1.2.28 - Authenticated (Contributor+) Open Redirect via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85555a8f-5d23-458d-9166-d30f8f0551e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calculated-fields-form/" + google-query: inurl:"/wp-content/plugins/calculated-fields-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calculated-fields-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculated-fields-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculated-fields-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calculated-fields-form-447e8d03dfe04fdb92ac705bfa6b054a.yaml b/nuclei-templates/cve-less/plugins/calculated-fields-form-447e8d03dfe04fdb92ac705bfa6b054a.yaml new file mode 100644 index 0000000000..9e0fffc8a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calculated-fields-form-447e8d03dfe04fdb92ac705bfa6b054a.yaml @@ -0,0 +1,58 @@ +id: calculated-fields-form-447e8d03dfe04fdb92ac705bfa6b054a + +info: + name: > + Calculated Fields Form <= 1.2.40 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c879123c-531e-43d8-a7d3-16a3c86b68a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calculated-fields-form/" + google-query: inurl:"/wp-content/plugins/calculated-fields-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calculated-fields-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculated-fields-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculated-fields-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calculated-fields-form-4b4ac88975e8590a6a5fd0cf4302a336.yaml b/nuclei-templates/cve-less/plugins/calculated-fields-form-4b4ac88975e8590a6a5fd0cf4302a336.yaml new file mode 100644 index 0000000000..4cca025e79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calculated-fields-form-4b4ac88975e8590a6a5fd0cf4302a336.yaml @@ -0,0 +1,58 @@ +id: calculated-fields-form-4b4ac88975e8590a6a5fd0cf4302a336 + +info: + name: > + Calculated Fields Form <= 1.1.120 - Missing Authorization to Feedback Submission + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9370f05a-9c69-45f4-9fd8-7017bfcf4d1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calculated-fields-form/" + google-query: inurl:"/wp-content/plugins/calculated-fields-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calculated-fields-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculated-fields-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculated-fields-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.120') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calculated-fields-form-4c3327ab228513e0bba5f6564699d19d.yaml b/nuclei-templates/cve-less/plugins/calculated-fields-form-4c3327ab228513e0bba5f6564699d19d.yaml new file mode 100644 index 0000000000..e796a61f02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calculated-fields-form-4c3327ab228513e0bba5f6564699d19d.yaml @@ -0,0 +1,58 @@ +id: calculated-fields-form-4c3327ab228513e0bba5f6564699d19d + +info: + name: > + Calculated Fields Form Professional <= 5.1.56 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45bfa9fb-f35b-4fd4-8553-cf87bf69df6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calculated-fields-form/" + google-query: inurl:"/wp-content/plugins/calculated-fields-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calculated-fields-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculated-fields-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculated-fields-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.56') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calculated-fields-form-83141551066454cfa3570b7b645030aa.yaml b/nuclei-templates/cve-less/plugins/calculated-fields-form-83141551066454cfa3570b7b645030aa.yaml new file mode 100644 index 0000000000..f7a3f7587f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calculated-fields-form-83141551066454cfa3570b7b645030aa.yaml @@ -0,0 +1,58 @@ +id: calculated-fields-form-83141551066454cfa3570b7b645030aa + +info: + name: > + Calculated Fields Form <= 1.0.353 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/334ff8d7-1313-4c19-aed3-0c4625b895ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calculated-fields-form/" + google-query: inurl:"/wp-content/plugins/calculated-fields-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calculated-fields-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculated-fields-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculated-fields-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.353') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calculated-fields-form-a09cb353956813c158f3eacbd53365c2.yaml b/nuclei-templates/cve-less/plugins/calculated-fields-form-a09cb353956813c158f3eacbd53365c2.yaml new file mode 100644 index 0000000000..0e43195326 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calculated-fields-form-a09cb353956813c158f3eacbd53365c2.yaml @@ -0,0 +1,58 @@ +id: calculated-fields-form-a09cb353956813c158f3eacbd53365c2 + +info: + name: > + Calculated Fields Form <= 1.1.120 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4785012-d160-42cc-bd06-d9b8e65652a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calculated-fields-form/" + google-query: inurl:"/wp-content/plugins/calculated-fields-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calculated-fields-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculated-fields-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculated-fields-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.120') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calculated-fields-form-a7620f303af6467e51bdd4f84801b80c.yaml b/nuclei-templates/cve-less/plugins/calculated-fields-form-a7620f303af6467e51bdd4f84801b80c.yaml new file mode 100644 index 0000000000..8e3ee78239 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calculated-fields-form-a7620f303af6467e51bdd4f84801b80c.yaml @@ -0,0 +1,58 @@ +id: calculated-fields-form-a7620f303af6467e51bdd4f84801b80c + +info: + name: > + Calculated Fields Form <= 1.1.150 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2036c08-3aaf-4e41-bcd6-787f4b8fba9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calculated-fields-form/" + google-query: inurl:"/wp-content/plugins/calculated-fields-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calculated-fields-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculated-fields-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculated-fields-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.150') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calculated-fields-form-b6900545e2e4c40eddb286d1788c8880.yaml b/nuclei-templates/cve-less/plugins/calculated-fields-form-b6900545e2e4c40eddb286d1788c8880.yaml new file mode 100644 index 0000000000..ba97a866cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calculated-fields-form-b6900545e2e4c40eddb286d1788c8880.yaml @@ -0,0 +1,58 @@ +id: calculated-fields-form-b6900545e2e4c40eddb286d1788c8880 + +info: + name: > + Calculated Fields Form <= 1.2.52 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calculated-fields-form/" + google-query: inurl:"/wp-content/plugins/calculated-fields-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calculated-fields-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculated-fields-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculated-fields-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calculated-fields-form-d066e564c9d177f69ad8edb9aa85d9a0.yaml b/nuclei-templates/cve-less/plugins/calculated-fields-form-d066e564c9d177f69ad8edb9aa85d9a0.yaml new file mode 100644 index 0000000000..31911cdc2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calculated-fields-form-d066e564c9d177f69ad8edb9aa85d9a0.yaml @@ -0,0 +1,58 @@ +id: calculated-fields-form-d066e564c9d177f69ad8edb9aa85d9a0 + +info: + name: > + Calculated Fields Form <= 1.2.54 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a76116a-1e84-4114-9baa-3986be92d051?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calculated-fields-form/" + google-query: inurl:"/wp-content/plugins/calculated-fields-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calculated-fields-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculated-fields-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculated-fields-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.54') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calculator-builder-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/calculator-builder-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..b7a3b1e455 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calculator-builder-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: calculator-builder-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calculator-builder/" + google-query: inurl:"/wp-content/plugins/calculator-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calculator-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculator-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculator-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calculatorpro-calculators-bf9560c62dd0208ea0e7d6c1046859e5.yaml b/nuclei-templates/cve-less/plugins/calculatorpro-calculators-bf9560c62dd0208ea0e7d6c1046859e5.yaml new file mode 100644 index 0000000000..117e50cbfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calculatorpro-calculators-bf9560c62dd0208ea0e7d6c1046859e5.yaml @@ -0,0 +1,58 @@ +id: calculatorpro-calculators-bf9560c62dd0208ea0e7d6c1046859e5 + +info: + name: > + CalculatorPro Calculators <= 1.1.7 - Reflected Cross-Site Scripting via CP_preview_calc + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0de79672-f0ba-42d3-a44a-01b93801d7de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calculatorpro-calculators/" + google-query: inurl:"/wp-content/plugins/calculatorpro-calculators/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calculatorpro-calculators,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calculatorpro-calculators/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calculatorpro-calculators" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/caldera-forms-7c34573376626471f92815a30e26e5cb.yaml b/nuclei-templates/cve-less/plugins/caldera-forms-7c34573376626471f92815a30e26e5cb.yaml new file mode 100644 index 0000000000..e0f339e518 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/caldera-forms-7c34573376626471f92815a30e26e5cb.yaml @@ -0,0 +1,58 @@ +id: caldera-forms-7c34573376626471f92815a30e26e5cb + +info: + name: > + Caldera Forms <= 1.9.6 - Reflected Cross-Site Scripting via cf-api + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2e99867-4992-47b5-a642-abd104eee18f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/caldera-forms/" + google-query: inurl:"/wp-content/plugins/caldera-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,caldera-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/caldera-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "caldera-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/caldera-forms-b4c4ff584d962e0bfb58568b73a5ecd3.yaml b/nuclei-templates/cve-less/plugins/caldera-forms-b4c4ff584d962e0bfb58568b73a5ecd3.yaml new file mode 100644 index 0000000000..00714fd4eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/caldera-forms-b4c4ff584d962e0bfb58568b73a5ecd3.yaml @@ -0,0 +1,58 @@ +id: caldera-forms-b4c4ff584d962e0bfb58568b73a5ecd3 + +info: + name: > + Caldera forms <= 1.9.4 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6838714-4128-47c5-b596-91cfc68abade?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/caldera-forms/" + google-query: inurl:"/wp-content/plugins/caldera-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,caldera-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/caldera-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "caldera-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/caldera-forms-de09ecc40e8ef125eed740508fee8b16.yaml b/nuclei-templates/cve-less/plugins/caldera-forms-de09ecc40e8ef125eed740508fee8b16.yaml new file mode 100644 index 0000000000..3fe2d9e02a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/caldera-forms-de09ecc40e8ef125eed740508fee8b16.yaml @@ -0,0 +1,58 @@ +id: caldera-forms-de09ecc40e8ef125eed740508fee8b16 + +info: + name: > + Caldera Forms <= 1.5.9.1 - Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa8df7ee-5308-4993-ac49-e2e58f3eaf60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/caldera-forms/" + google-query: inurl:"/wp-content/plugins/caldera-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,caldera-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/caldera-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "caldera-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calderawp-license-manager-b88cf8c0086678b4179593db6bed64e7.yaml b/nuclei-templates/cve-less/plugins/calderawp-license-manager-b88cf8c0086678b4179593db6bed64e7.yaml new file mode 100644 index 0000000000..84527b1f6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calderawp-license-manager-b88cf8c0086678b4179593db6bed64e7.yaml @@ -0,0 +1,58 @@ +id: calderawp-license-manager-b88cf8c0086678b4179593db6bed64e7 + +info: + name: > + CalderaWP License Manager <= 1.2.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fecb12c5-8f8d-4f72-a349-c5df315b523e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calderawp-license-manager/" + google-query: inurl:"/wp-content/plugins/calderawp-license-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calderawp-license-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calderawp-license-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calderawp-license-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calendar-2ac1b11dfdd4d8aec9aef19739eee675.yaml b/nuclei-templates/cve-less/plugins/calendar-2ac1b11dfdd4d8aec9aef19739eee675.yaml new file mode 100644 index 0000000000..920e760742 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calendar-2ac1b11dfdd4d8aec9aef19739eee675.yaml @@ -0,0 +1,58 @@ +id: calendar-2ac1b11dfdd4d8aec9aef19739eee675 + +info: + name: > + Calendar <= 1.3.14 - Authenticated (Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0886fa16-4292-4223-af01-9aa1f36490f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calendar/" + google-query: inurl:"/wp-content/plugins/calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calendar-610a8079730189f1c51d4e425058e93f.yaml b/nuclei-templates/cve-less/plugins/calendar-610a8079730189f1c51d4e425058e93f.yaml new file mode 100644 index 0000000000..06dd2050da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calendar-610a8079730189f1c51d4e425058e93f.yaml @@ -0,0 +1,58 @@ +id: calendar-610a8079730189f1c51d4e425058e93f + +info: + name: > + Calendar <= 1.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe996511-f29a-4e28-b6de-3633d45b10c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calendar/" + google-query: inurl:"/wp-content/plugins/calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calendar-8b25a4024805d97b0bbe39b2b083bd09.yaml b/nuclei-templates/cve-less/plugins/calendar-8b25a4024805d97b0bbe39b2b083bd09.yaml new file mode 100644 index 0000000000..f987605cf5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calendar-8b25a4024805d97b0bbe39b2b083bd09.yaml @@ -0,0 +1,58 @@ +id: calendar-8b25a4024805d97b0bbe39b2b083bd09 + +info: + name: > + Calendar <= 1.3.10 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e2efbf-11ac-4a85-8136-cb40468089e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calendar/" + google-query: inurl:"/wp-content/plugins/calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calendar-booking-b0ee79ee6bfacccc5c859ba67a33f0de.yaml b/nuclei-templates/cve-less/plugins/calendar-booking-b0ee79ee6bfacccc5c859ba67a33f0de.yaml new file mode 100644 index 0000000000..e8982164d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calendar-booking-b0ee79ee6bfacccc5c859ba67a33f0de.yaml @@ -0,0 +1,58 @@ +id: calendar-booking-b0ee79ee6bfacccc5c859ba67a33f0de + +info: + name: > + Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71a0aa95-f2a9-4537-a8d1-d78336e36125?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calendar-booking/" + google-query: inurl:"/wp-content/plugins/calendar-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calendar-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calendar-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calendar-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calendar-event-09740a555ab133389f0f6571fce0ae84.yaml b/nuclei-templates/cve-less/plugins/calendar-event-09740a555ab133389f0f6571fce0ae84.yaml new file mode 100644 index 0000000000..6ac149bb88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calendar-event-09740a555ab133389f0f6571fce0ae84.yaml @@ -0,0 +1,58 @@ +id: calendar-event-09740a555ab133389f0f6571fce0ae84 + +info: + name: > + Event Calendar <= 1.4.6 - Missing Authorization to Event Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e149dd-636e-47ce-9ade-e1ae337612da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calendar-event/" + google-query: inurl:"/wp-content/plugins/calendar-event/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calendar-event,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calendar-event/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calendar-event" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calendar-event-cee3839418561c0992d928e881decc00.yaml b/nuclei-templates/cve-less/plugins/calendar-event-cee3839418561c0992d928e881decc00.yaml new file mode 100644 index 0000000000..f6ef440898 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calendar-event-cee3839418561c0992d928e881decc00.yaml @@ -0,0 +1,58 @@ +id: calendar-event-cee3839418561c0992d928e881decc00 + +info: + name: > + Event Calendar <= 1.4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/430a981c-7856-493c-bf66-11506b5963a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calendar-event/" + google-query: inurl:"/wp-content/plugins/calendar-event/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calendar-event,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calendar-event/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calendar-event" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calendar-plugin-27b6ebe3ed4381bb3c55ec596f477456.yaml b/nuclei-templates/cve-less/plugins/calendar-plugin-27b6ebe3ed4381bb3c55ec596f477456.yaml new file mode 100644 index 0000000000..e3ed90a56c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calendar-plugin-27b6ebe3ed4381bb3c55ec596f477456.yaml @@ -0,0 +1,58 @@ +id: calendar-plugin-27b6ebe3ed4381bb3c55ec596f477456 + +info: + name: > + Calendar_plugin <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11aa7971-9770-47fc-960e-44fe43321b53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calendar-plugin/" + google-query: inurl:"/wp-content/plugins/calendar-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calendar-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calendar-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calendar-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calendarista-basic-edition-7ca52430035acd6a97700e0a1293791e.yaml b/nuclei-templates/cve-less/plugins/calendarista-basic-edition-7ca52430035acd6a97700e0a1293791e.yaml new file mode 100644 index 0000000000..e18684a7cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calendarista-basic-edition-7ca52430035acd6a97700e0a1293791e.yaml @@ -0,0 +1,58 @@ +id: calendarista-basic-edition-7ca52430035acd6a97700e0a1293791e + +info: + name: > + Calendarista Basic Edition <= 3.0.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15b831eb-ab28-4e42-940b-6943d836d230?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calendarista-basic-edition/" + google-query: inurl:"/wp-content/plugins/calendarista-basic-edition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calendarista-basic-edition,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calendarista-basic-edition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calendarista-basic-edition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calendarista-basic-edition-be21de51738bde44b4ff85eb79707aec.yaml b/nuclei-templates/cve-less/plugins/calendarista-basic-edition-be21de51738bde44b4ff85eb79707aec.yaml new file mode 100644 index 0000000000..b24eed5276 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calendarista-basic-edition-be21de51738bde44b4ff85eb79707aec.yaml @@ -0,0 +1,58 @@ +id: calendarista-basic-edition-be21de51738bde44b4ff85eb79707aec + +info: + name: > + Calendarista Basic Edition <= 3.0.2 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4beb0b7-e287-43bd-b8d1-3aa65e268ead?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calendarista-basic-edition/" + google-query: inurl:"/wp-content/plugins/calendarista-basic-edition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calendarista-basic-edition,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calendarista-basic-edition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calendarista-basic-edition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calendarista-basic-edition-cc489789b5cb387a9c3918987d9c41fb.yaml b/nuclei-templates/cve-less/plugins/calendarista-basic-edition-cc489789b5cb387a9c3918987d9c41fb.yaml new file mode 100644 index 0000000000..c3d6453ad4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calendarista-basic-edition-cc489789b5cb387a9c3918987d9c41fb.yaml @@ -0,0 +1,58 @@ +id: calendarista-basic-edition-cc489789b5cb387a9c3918987d9c41fb + +info: + name: > + Calendarista Basic Edition <= 3.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bb90162-314a-4d49-8fd3-2b1b42c5ad63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calendarista-basic-edition/" + google-query: inurl:"/wp-content/plugins/calendarista-basic-edition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calendarista-basic-edition,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calendarista-basic-edition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calendarista-basic-edition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/calendarista-dc0d3deddd939ceb7da2b7a2e45dc103.yaml b/nuclei-templates/cve-less/plugins/calendarista-dc0d3deddd939ceb7da2b7a2e45dc103.yaml new file mode 100644 index 0000000000..c22ed9d145 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/calendarista-dc0d3deddd939ceb7da2b7a2e45dc103.yaml @@ -0,0 +1,58 @@ +id: calendarista-dc0d3deddd939ceb7da2b7a2e45dc103 + +info: + name: > + Calendarista <= 15.5.7 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/381ea693-3e59-4ecb-a96b-4b58d47298c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/calendarista/" + google-query: inurl:"/wp-content/plugins/calendarista/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,calendarista,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/calendarista/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calendarista" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 15.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/call-now-button-f1b22b19f1452ccdd593cc23416c662b.yaml b/nuclei-templates/cve-less/plugins/call-now-button-f1b22b19f1452ccdd593cc23416c662b.yaml new file mode 100644 index 0000000000..5ae3e745a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/call-now-button-f1b22b19f1452ccdd593cc23416c662b.yaml @@ -0,0 +1,58 @@ +id: call-now-button-f1b22b19f1452ccdd593cc23416c662b + +info: + name: > + Call Now Button <= 1.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c00f3c0-8374-4966-9496-dd62f183f75a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/call-now-button/" + google-query: inurl:"/wp-content/plugins/call-now-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,call-now-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/call-now-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "call-now-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/call-now-icon-animate-cfbef64f1e1fba4c3a45a9c3c672157f.yaml b/nuclei-templates/cve-less/plugins/call-now-icon-animate-cfbef64f1e1fba4c3a45a9c3c672157f.yaml new file mode 100644 index 0000000000..bb44b3500b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/call-now-icon-animate-cfbef64f1e1fba4c3a45a9c3c672157f.yaml @@ -0,0 +1,58 @@ +id: call-now-icon-animate-cfbef64f1e1fba4c3a45a9c3c672157f + +info: + name: > + Call Now Icon Animate <= 0.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82f5e976-2564-4f8b-96d5-cfac9945737c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/call-now-icon-animate/" + google-query: inurl:"/wp-content/plugins/call-now-icon-animate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,call-now-icon-animate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/call-now-icon-animate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "call-now-icon-animate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/callbook-mobile-bar-2ea25ed58e645deebc4c9ee26219463e.yaml b/nuclei-templates/cve-less/plugins/callbook-mobile-bar-2ea25ed58e645deebc4c9ee26219463e.yaml new file mode 100644 index 0000000000..bd4c814922 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/callbook-mobile-bar-2ea25ed58e645deebc4c9ee26219463e.yaml @@ -0,0 +1,58 @@ +id: callbook-mobile-bar-2ea25ed58e645deebc4c9ee26219463e + +info: + name: > + Call&Book Mobile Bar <= 1.2.2 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0df0a4e-282e-483a-8d5e-a192620ed2d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/callbook-mobile-bar/" + google-query: inurl:"/wp-content/plugins/callbook-mobile-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,callbook-mobile-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/callbook-mobile-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "callbook-mobile-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/callrail-phone-call-tracking-1c049cc07d2d3d3aff9e887e6aede6d7.yaml b/nuclei-templates/cve-less/plugins/callrail-phone-call-tracking-1c049cc07d2d3d3aff9e887e6aede6d7.yaml new file mode 100644 index 0000000000..8db6aff517 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/callrail-phone-call-tracking-1c049cc07d2d3d3aff9e887e6aede6d7.yaml @@ -0,0 +1,58 @@ +id: callrail-phone-call-tracking-1c049cc07d2d3d3aff9e887e6aede6d7 + +info: + name: > + CallRail Phone Call Tracking <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35def866-7460-4cad-8d86-7b9e4905cbe4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/callrail-phone-call-tracking/" + google-query: inurl:"/wp-content/plugins/callrail-phone-call-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,callrail-phone-call-tracking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/callrail-phone-call-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "callrail-phone-call-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/callrail-phone-call-tracking-4e96ec415742df4383d4f15264a5ba1f.yaml b/nuclei-templates/cve-less/plugins/callrail-phone-call-tracking-4e96ec415742df4383d4f15264a5ba1f.yaml new file mode 100644 index 0000000000..e3b6026b94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/callrail-phone-call-tracking-4e96ec415742df4383d4f15264a5ba1f.yaml @@ -0,0 +1,58 @@ +id: callrail-phone-call-tracking-4e96ec415742df4383d4f15264a5ba1f + +info: + name: > + CallRail Phone Call Tracking <= 0.4.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/452ed03a-2f02-417d-93c9-d883a616a153?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/callrail-phone-call-tracking/" + google-query: inurl:"/wp-content/plugins/callrail-phone-call-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,callrail-phone-call-tracking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/callrail-phone-call-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "callrail-phone-call-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/camera-slideshow-010b13dab325ad4db18460bf37133fe2.yaml b/nuclei-templates/cve-less/plugins/camera-slideshow-010b13dab325ad4db18460bf37133fe2.yaml new file mode 100644 index 0000000000..9ee5fa5631 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/camera-slideshow-010b13dab325ad4db18460bf37133fe2.yaml @@ -0,0 +1,58 @@ +id: camera-slideshow-010b13dab325ad4db18460bf37133fe2 + +info: + name: > + Camera slideshow <= 1.4.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c568897-a8ff-4d3d-88b5-b7aeff454cf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/camera-slideshow/" + google-query: inurl:"/wp-content/plugins/camera-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,camera-slideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/camera-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "camera-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/campaign-monitor-wp-c8dbdfc73ab33e8afe0f3263d7ef0673.yaml b/nuclei-templates/cve-less/plugins/campaign-monitor-wp-c8dbdfc73ab33e8afe0f3263d7ef0673.yaml new file mode 100644 index 0000000000..4da2b5c937 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/campaign-monitor-wp-c8dbdfc73ab33e8afe0f3263d7ef0673.yaml @@ -0,0 +1,58 @@ +id: campaign-monitor-wp-c8dbdfc73ab33e8afe0f3263d7ef0673 + +info: + name: > + Campaign Monitor Forms <= 2.5.5 - Missing Authorization to Authenticated(Subscriber+) Options Update via ajax_dismiss_notice + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f11416c-c981-4c85-822c-497ecfaa842d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/campaign-monitor-wp/" + google-query: inurl:"/wp-content/plugins/campaign-monitor-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,campaign-monitor-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/campaign-monitor-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "campaign-monitor-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/campaign-url-builder-a735151e1a4f287ab4567ad75cce9a30.yaml b/nuclei-templates/cve-less/plugins/campaign-url-builder-a735151e1a4f287ab4567ad75cce9a30.yaml new file mode 100644 index 0000000000..d32431d4bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/campaign-url-builder-a735151e1a4f287ab4567ad75cce9a30.yaml @@ -0,0 +1,58 @@ +id: campaign-url-builder-a735151e1a4f287ab4567ad75cce9a30 + +info: + name: > + Campaign URL Builder <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2839fdc-5904-4c3b-894f-7bf7e8b2986a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/campaign-url-builder/" + google-query: inurl:"/wp-content/plugins/campaign-url-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,campaign-url-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/campaign-url-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "campaign-url-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/camptix-1b1736563be4cd48928200e2f20f46f4.yaml b/nuclei-templates/cve-less/plugins/camptix-1b1736563be4cd48928200e2f20f46f4.yaml new file mode 100644 index 0000000000..f05384d4da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/camptix-1b1736563be4cd48928200e2f20f46f4.yaml @@ -0,0 +1,58 @@ +id: camptix-1b1736563be4cd48928200e2f20f46f4 + +info: + name: > + CampTix Event Ticketing < 1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be091637-0fcb-4d30-8eaa-2fe18d8eb42c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/camptix/" + google-query: inurl:"/wp-content/plugins/camptix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,camptix,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/camptix/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "camptix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/camptix-6821f0debd453e2dc059a8ca2d3fede9.yaml b/nuclei-templates/cve-less/plugins/camptix-6821f0debd453e2dc059a8ca2d3fede9.yaml new file mode 100644 index 0000000000..0ec12ee1a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/camptix-6821f0debd453e2dc059a8ca2d3fede9.yaml @@ -0,0 +1,58 @@ +id: camptix-6821f0debd453e2dc059a8ca2d3fede9 + +info: + name: > + CampTix Event Ticketing <= 1.4.2 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/694005fc-7703-4343-a7b4-d36906869df3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/camptix/" + google-query: inurl:"/wp-content/plugins/camptix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,camptix,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/camptix/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "camptix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cancel-order-request-woocommerce-5b5a80245567937203123aecaa90cc27.yaml b/nuclei-templates/cve-less/plugins/cancel-order-request-woocommerce-5b5a80245567937203123aecaa90cc27.yaml new file mode 100644 index 0000000000..a20ad1958a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cancel-order-request-woocommerce-5b5a80245567937203123aecaa90cc27.yaml @@ -0,0 +1,58 @@ +id: cancel-order-request-woocommerce-5b5a80245567937203123aecaa90cc27 + +info: + name: > + Cancel order request WooCommerce <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f49477f-7a43-489b-8d3c-db8d0efeb596?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cancel-order-request-woocommerce/" + google-query: inurl:"/wp-content/plugins/cancel-order-request-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cancel-order-request-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cancel-order-request-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cancel-order-request-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/candidate-application-form-f979531e448b7af410cfe697c4a56a83.yaml b/nuclei-templates/cve-less/plugins/candidate-application-form-f979531e448b7af410cfe697c4a56a83.yaml new file mode 100644 index 0000000000..19d5fae377 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/candidate-application-form-f979531e448b7af410cfe697c4a56a83.yaml @@ -0,0 +1,58 @@ +id: candidate-application-form-f979531e448b7af410cfe697c4a56a83 + +info: + name: > + Candidate Application Form <= 1.3 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1772e79-85c7-4a8e-a5d8-8d73013e6de3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/candidate-application-form/" + google-query: inurl:"/wp-content/plugins/candidate-application-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,candidate-application-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/candidate-application-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "candidate-application-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/canto-01407881ecb8410d18cf22fb6eadefa6.yaml b/nuclei-templates/cve-less/plugins/canto-01407881ecb8410d18cf22fb6eadefa6.yaml new file mode 100644 index 0000000000..7dabe97435 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/canto-01407881ecb8410d18cf22fb6eadefa6.yaml @@ -0,0 +1,58 @@ +id: canto-01407881ecb8410d18cf22fb6eadefa6 + +info: + name: > + Canto <= 3.0.4 - Unauthenticated Remote File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a76077c6-700a-4d21-a930-b0d6455d959c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/canto/" + google-query: inurl:"/wp-content/plugins/canto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,canto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/canto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "canto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/canto-3a9821f8d5cc2355d8fbcd9465b098d5.yaml b/nuclei-templates/cve-less/plugins/canto-3a9821f8d5cc2355d8fbcd9465b098d5.yaml new file mode 100644 index 0000000000..1ce2c60caf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/canto-3a9821f8d5cc2355d8fbcd9465b098d5.yaml @@ -0,0 +1,58 @@ +id: canto-3a9821f8d5cc2355d8fbcd9465b098d5 + +info: + name: > + Canto <= 1.9.0 - Blind Server-Side Request Forgery via tree.php + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c03cf3a2-3be9-44da-a050-a5978eb3eadc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/canto/" + google-query: inurl:"/wp-content/plugins/canto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,canto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/canto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "canto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/canto-5bb05314b65c718b289ec510721af0ea.yaml b/nuclei-templates/cve-less/plugins/canto-5bb05314b65c718b289ec510721af0ea.yaml new file mode 100644 index 0000000000..8b95743d25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/canto-5bb05314b65c718b289ec510721af0ea.yaml @@ -0,0 +1,58 @@ +id: canto-5bb05314b65c718b289ec510721af0ea + +info: + name: > + Canto <= 3.0.6 - Remote File Inclusion to Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa080b36-01ce-496a-9938-9715f0131e29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/canto/" + google-query: inurl:"/wp-content/plugins/canto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,canto,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/canto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "canto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/canto-5f3e8a4fee8c983cab0188c7dcf05d7b.yaml b/nuclei-templates/cve-less/plugins/canto-5f3e8a4fee8c983cab0188c7dcf05d7b.yaml new file mode 100644 index 0000000000..8928ac6fa3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/canto-5f3e8a4fee8c983cab0188c7dcf05d7b.yaml @@ -0,0 +1,58 @@ +id: canto-5f3e8a4fee8c983cab0188c7dcf05d7b + +info: + name: > + Canto <= 1.9.0 - Blind Server-Side Request Forgery via download.php + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/904e407c-5ec7-433f-9161-eb4d6d263a97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/canto/" + google-query: inurl:"/wp-content/plugins/canto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,canto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/canto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "canto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/canto-62aaab2000dfd7cd8870403602e59565.yaml b/nuclei-templates/cve-less/plugins/canto-62aaab2000dfd7cd8870403602e59565.yaml new file mode 100644 index 0000000000..33b8854772 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/canto-62aaab2000dfd7cd8870403602e59565.yaml @@ -0,0 +1,58 @@ +id: canto-62aaab2000dfd7cd8870403602e59565 + +info: + name: > + Canto <= 1.9.0 - Blind Server-Side Request Forgery via get.php + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a330416-f867-4a1a-a692-6003e231ed54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/canto/" + google-query: inurl:"/wp-content/plugins/canto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,canto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/canto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "canto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/canto-63e4f5d4e15b76376a440d71c38d9660.yaml b/nuclei-templates/cve-less/plugins/canto-63e4f5d4e15b76376a440d71c38d9660.yaml new file mode 100644 index 0000000000..94f05667b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/canto-63e4f5d4e15b76376a440d71c38d9660.yaml @@ -0,0 +1,58 @@ +id: canto-63e4f5d4e15b76376a440d71c38d9660 + +info: + name: > + Canto <= 1.9.0 - Blind Server-Side Request Forgery via detail.php + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5781420d-b1e0-435f-8bf2-193cc7b095ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/canto/" + google-query: inurl:"/wp-content/plugins/canto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,canto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/canto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "canto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/canva-e04c0229e8744dd1a1d90594b9aeb97f.yaml b/nuclei-templates/cve-less/plugins/canva-e04c0229e8744dd1a1d90594b9aeb97f.yaml new file mode 100644 index 0000000000..ba666651b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/canva-e04c0229e8744dd1a1d90594b9aeb97f.yaml @@ -0,0 +1,58 @@ +id: canva-e04c0229e8744dd1a1d90594b9aeb97f + +info: + name: > + Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ebebe75-155a-4097-95ec-f31c6047f19a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/canva/" + google-query: inurl:"/wp-content/plugins/canva/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,canva,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/canva/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "canva" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/canvasio3d-light-07f4ebdf99bc6bc543918be1a478a57b.yaml b/nuclei-templates/cve-less/plugins/canvasio3d-light-07f4ebdf99bc6bc543918be1a478a57b.yaml new file mode 100644 index 0000000000..c626af22d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/canvasio3d-light-07f4ebdf99bc6bc543918be1a478a57b.yaml @@ -0,0 +1,58 @@ +id: canvasio3d-light-07f4ebdf99bc6bc543918be1a478a57b + +info: + name: > + Download canvasio3D Light <= 2.5.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39b8f6d8-bca2-4bf2-93ab-868270df8752?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/canvasio3d-light/" + google-query: inurl:"/wp-content/plugins/canvasio3d-light/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,canvasio3d-light,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/canvasio3d-light/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "canvasio3d-light" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/canvasio3d-light-85fcd9779448a368c2c74d702cd2f30d.yaml b/nuclei-templates/cve-less/plugins/canvasio3d-light-85fcd9779448a368c2c74d702cd2f30d.yaml new file mode 100644 index 0000000000..f847fcb5d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/canvasio3d-light-85fcd9779448a368c2c74d702cd2f30d.yaml @@ -0,0 +1,58 @@ +id: canvasio3d-light-85fcd9779448a368c2c74d702cd2f30d + +info: + name: > + Download canvasio3D Light <= 2.5.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11795557-74c0-469a-9751-adc759f9214b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/canvasio3d-light/" + google-query: inurl:"/wp-content/plugins/canvasio3d-light/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,canvasio3d-light,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/canvasio3d-light/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "canvasio3d-light" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/capa-aacd4552800caf4d2cb49989fbc6ad61.yaml b/nuclei-templates/cve-less/plugins/capa-aacd4552800caf4d2cb49989fbc6ad61.yaml new file mode 100644 index 0000000000..a2239e114c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/capa-aacd4552800caf4d2cb49989fbc6ad61.yaml @@ -0,0 +1,58 @@ +id: capa-aacd4552800caf4d2cb49989fbc6ad61 + +info: + name: > + CaPa Protect <= 0.5.8.2 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba4e982d-b8ac-4407-97b0-c725b8f43bbd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/capa/" + google-query: inurl:"/wp-content/plugins/capa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,capa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/capa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "capa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/capabilities-pro-90e136f1c49e3c12cb6162b882a23711.yaml b/nuclei-templates/cve-less/plugins/capabilities-pro-90e136f1c49e3c12cb6162b882a23711.yaml new file mode 100644 index 0000000000..d4cde9d8c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/capabilities-pro-90e136f1c49e3c12cb6162b882a23711.yaml @@ -0,0 +1,58 @@ +id: capabilities-pro-90e136f1c49e3c12cb6162b882a23711 + +info: + name: > + PublishPress Capabilities <= 2.5.1 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6da7046e-2717-4a3c-bba9-88f27de29ede?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/capabilities-pro/" + google-query: inurl:"/wp-content/plugins/capabilities-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,capabilities-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/capabilities-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "capabilities-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/capability-manager-enhanced-90e136f1c49e3c12cb6162b882a23711.yaml b/nuclei-templates/cve-less/plugins/capability-manager-enhanced-90e136f1c49e3c12cb6162b882a23711.yaml new file mode 100644 index 0000000000..a08a7b80a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/capability-manager-enhanced-90e136f1c49e3c12cb6162b882a23711.yaml @@ -0,0 +1,58 @@ +id: capability-manager-enhanced-90e136f1c49e3c12cb6162b882a23711 + +info: + name: > + PublishPress Capabilities <= 2.5.1 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6da7046e-2717-4a3c-bba9-88f27de29ede?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/capability-manager-enhanced/" + google-query: inurl:"/wp-content/plugins/capability-manager-enhanced/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,capability-manager-enhanced,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/capability-manager-enhanced/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "capability-manager-enhanced" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/capability-manager-enhanced-ffa44387e06e48e98303b52781d92b69.yaml b/nuclei-templates/cve-less/plugins/capability-manager-enhanced-ffa44387e06e48e98303b52781d92b69.yaml new file mode 100644 index 0000000000..526b07ca4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/capability-manager-enhanced-ffa44387e06e48e98303b52781d92b69.yaml @@ -0,0 +1,58 @@ +id: capability-manager-enhanced-ffa44387e06e48e98303b52781d92b69 + +info: + name: > + PublishPress Capabilities <= 2.3 - Unauthenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf3df923-9426-4e5b-ba59-eda0b5c18d40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/capability-manager-enhanced/" + google-query: inurl:"/wp-content/plugins/capability-manager-enhanced/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,capability-manager-enhanced,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/capability-manager-enhanced/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "capability-manager-enhanced" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/captain-slider-c23ce008dc2473271851552ad5775c2c.yaml b/nuclei-templates/cve-less/plugins/captain-slider-c23ce008dc2473271851552ad5775c2c.yaml new file mode 100644 index 0000000000..bf835e9f3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/captain-slider-c23ce008dc2473271851552ad5775c2c.yaml @@ -0,0 +1,58 @@ +id: captain-slider-c23ce008dc2473271851552ad5775c2c + +info: + name: > + Captain Slider <= 1.0.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0936f5b-a0b2-466b-bb92-143db6c32456?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/captain-slider/" + google-query: inurl:"/wp-content/plugins/captain-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,captain-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captain-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captain-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/captainform-84e047e46e28d58fa1b7c6a8e2da02e0.yaml b/nuclei-templates/cve-less/plugins/captainform-84e047e46e28d58fa1b7c6a8e2da02e0.yaml new file mode 100644 index 0000000000..8814dfcc8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/captainform-84e047e46e28d58fa1b7c6a8e2da02e0.yaml @@ -0,0 +1,58 @@ +id: captainform-84e047e46e28d58fa1b7c6a8e2da02e0 + +info: + name: > + Forms by CaptainForm <= 2.5.3 - Reflected Cross-Site Scripting via REQUEST_URI + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f690ea9-b773-49d4-9fa4-2a8bb7593d62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/captainform/" + google-query: inurl:"/wp-content/plugins/captainform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,captainform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captainform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captainform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/captainform-d6b551c8eebbc07aebd60fb21b086030.yaml b/nuclei-templates/cve-less/plugins/captainform-d6b551c8eebbc07aebd60fb21b086030.yaml new file mode 100644 index 0000000000..31030b9e82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/captainform-d6b551c8eebbc07aebd60fb21b086030.yaml @@ -0,0 +1,58 @@ +id: captainform-d6b551c8eebbc07aebd60fb21b086030 + +info: + name: > + Forms by CaptainForm <= 2.5.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5db42c7e-49bc-48ee-8129-b8a0df0c8d98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/captainform/" + google-query: inurl:"/wp-content/plugins/captainform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,captainform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captainform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captainform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/captcha-bws-eadf748bcfc719d5710c4f372c6fc3a8.yaml b/nuclei-templates/cve-less/plugins/captcha-bws-eadf748bcfc719d5710c4f372c6fc3a8.yaml new file mode 100644 index 0000000000..84bb9fd85b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/captcha-bws-eadf748bcfc719d5710c4f372c6fc3a8.yaml @@ -0,0 +1,58 @@ +id: captcha-bws-eadf748bcfc719d5710c4f372c6fc3a8 + +info: + name: > + Captcha by BestWebSoft <= 5.2.0 - Captcha Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d672fcb9-6607-477e-b168-546669886ea4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/captcha-bws/" + google-query: inurl:"/wp-content/plugins/captcha-bws/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,captcha-bws,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captcha-bws/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captcha-bws" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/captcha-bws-f2483f1e9fa6d9c3c1a5e1dc23e31a6f.yaml b/nuclei-templates/cve-less/plugins/captcha-bws-f2483f1e9fa6d9c3c1a5e1dc23e31a6f.yaml new file mode 100644 index 0000000000..9ea023420e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/captcha-bws-f2483f1e9fa6d9c3c1a5e1dc23e31a6f.yaml @@ -0,0 +1,58 @@ +id: captcha-bws-f2483f1e9fa6d9c3c1a5e1dc23e31a6f + +info: + name: > + BestWebSoft Captcha <= 4.0.6 - CAPTCHA Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0490667e-4b82-4687-9354-205c37f13331?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/captcha-bws/" + google-query: inurl:"/wp-content/plugins/captcha-bws/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,captcha-bws,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captcha-bws/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captcha-bws" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/captcha-code-authentication-31a8072de701550e4edcf2604b9e23bf.yaml b/nuclei-templates/cve-less/plugins/captcha-code-authentication-31a8072de701550e4edcf2604b9e23bf.yaml new file mode 100644 index 0000000000..094534a15f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/captcha-code-authentication-31a8072de701550e4edcf2604b9e23bf.yaml @@ -0,0 +1,58 @@ +id: captcha-code-authentication-31a8072de701550e4edcf2604b9e23bf + +info: + name: > + Captcha Code <= 2.7 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66182fc4-863a-4a7b-92a8-2f43717b8579?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/captcha-code-authentication/" + google-query: inurl:"/wp-content/plugins/captcha-code-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,captcha-code-authentication,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captcha-code-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captcha-code-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/captcha-code-authentication-870cf9f4b157c60e42faef24d8dd195e.yaml b/nuclei-templates/cve-less/plugins/captcha-code-authentication-870cf9f4b157c60e42faef24d8dd195e.yaml new file mode 100644 index 0000000000..6a975c0003 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/captcha-code-authentication-870cf9f4b157c60e42faef24d8dd195e.yaml @@ -0,0 +1,58 @@ +id: captcha-code-authentication-870cf9f4b157c60e42faef24d8dd195e + +info: + name: > + Captcha Code <= 2.9 - Captcha Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1dd3845-a88d-41aa-acf4-66fd1a6819ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/captcha-code-authentication/" + google-query: inurl:"/wp-content/plugins/captcha-code-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,captcha-code-authentication,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captcha-code-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captcha-code-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/captcha-for-contact-form-7-1aaed89497f863004f63bac937997897.yaml b/nuclei-templates/cve-less/plugins/captcha-for-contact-form-7-1aaed89497f863004f63bac937997897.yaml new file mode 100644 index 0000000000..20c7dfe003 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/captcha-for-contact-form-7-1aaed89497f863004f63bac937997897.yaml @@ -0,0 +1,58 @@ +id: captcha-for-contact-form-7-1aaed89497f863004f63bac937997897 + +info: + name: > + Captcha/Honeypot for Contact Form 7 <= 1.11.3 - Captcha Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60e9351a-302b-4a31-8a9c-c0a0b6ee3fcd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/captcha-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/captcha-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,captcha-for-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captcha-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captcha-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/captcha-offrepo-e23766eb69c1e01b61ceb05404bdb9f5.yaml b/nuclei-templates/cve-less/plugins/captcha-offrepo-e23766eb69c1e01b61ceb05404bdb9f5.yaml new file mode 100644 index 0000000000..ebe8403599 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/captcha-offrepo-e23766eb69c1e01b61ceb05404bdb9f5.yaml @@ -0,0 +1,58 @@ +id: captcha-offrepo-e23766eb69c1e01b61ceb05404bdb9f5 + +info: + name: > + Captcha! <= 2.5d - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f9760f8-459d-4dcf-941d-f8f3f1e266ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/captcha-offrepo/" + google-query: inurl:"/wp-content/plugins/captcha-offrepo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,captcha-offrepo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captcha-offrepo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captcha-offrepo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5d') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/captcha-them-all-1772bca649ab5b99b71eb70af7333d0b.yaml b/nuclei-templates/cve-less/plugins/captcha-them-all-1772bca649ab5b99b71eb70af7333d0b.yaml new file mode 100644 index 0000000000..d7b866a1d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/captcha-them-all-1772bca649ab5b99b71eb70af7333d0b.yaml @@ -0,0 +1,58 @@ +id: captcha-them-all-1772bca649ab5b99b71eb70af7333d0b + +info: + name: > + Captcha Them All <= 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e2c83b6-3444-4cd1-82ec-567937c563b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/captcha-them-all/" + google-query: inurl:"/wp-content/plugins/captcha-them-all/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,captcha-them-all,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captcha-them-all/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captcha-them-all" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/captchinoo-captcha-for-login-form-protection-cf2f1acbf24407737a2ea0faf858d6e4.yaml b/nuclei-templates/cve-less/plugins/captchinoo-captcha-for-login-form-protection-cf2f1acbf24407737a2ea0faf858d6e4.yaml new file mode 100644 index 0000000000..50ba0d98cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/captchinoo-captcha-for-login-form-protection-cf2f1acbf24407737a2ea0faf858d6e4.yaml @@ -0,0 +1,58 @@ +id: captchinoo-captcha-for-login-form-protection-cf2f1acbf24407737a2ea0faf858d6e4 + +info: + name: > + Captchinoo Captcha <= 2.3 - Missing Authorization to Arbitrary Plugin Installation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d387a5c-717c-4383-af7d-5a5f48628cb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/captchinoo-captcha-for-login-form-protection/" + google-query: inurl:"/wp-content/plugins/captchinoo-captcha-for-login-form-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,captchinoo-captcha-for-login-form-protection,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/captchinoo-captcha-for-login-form-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "captchinoo-captcha-for-login-form-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/car-e6c806cffb708ac14203b6a177746aad.yaml b/nuclei-templates/cve-less/plugins/car-e6c806cffb708ac14203b6a177746aad.yaml new file mode 100644 index 0000000000..aa591dac32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/car-e6c806cffb708ac14203b6a177746aad.yaml @@ -0,0 +1,58 @@ +id: car-e6c806cffb708ac14203b6a177746aad + +info: + name: > + Car Rental System <= 1.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4143849-1cd1-4241-acf6-a34aaf7d369c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/car/" + google-query: inurl:"/wp-content/plugins/car/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,car,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/car/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "car" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/car-rental-840d0f5e27379db8cc72bc8207e84fc7.yaml b/nuclei-templates/cve-less/plugins/car-rental-840d0f5e27379db8cc72bc8207e84fc7.yaml new file mode 100644 index 0000000000..29895fe116 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/car-rental-840d0f5e27379db8cc72bc8207e84fc7.yaml @@ -0,0 +1,58 @@ +id: car-rental-840d0f5e27379db8cc72bc8207e84fc7 + +info: + name: > + Car Rental by BestWebSoft <= 1.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8eda641b-eddc-4255-80e4-c77c217f979f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/car-rental/" + google-query: inurl:"/wp-content/plugins/car-rental/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,car-rental,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/car-rental/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "car-rental" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cardealer-6b187667244750832b7e539032f73d81.yaml b/nuclei-templates/cve-less/plugins/cardealer-6b187667244750832b7e539032f73d81.yaml new file mode 100644 index 0000000000..51282daa36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cardealer-6b187667244750832b7e539032f73d81.yaml @@ -0,0 +1,58 @@ +id: cardealer-6b187667244750832b7e539032f73d81 + +info: + name: > + Car Dealer <= 3.04 - Missing Authorization to Arbitrary Plugin Installation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/621e3b3f-9647-41ec-aa06-e961e3525fea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cardealer/" + google-query: inurl:"/wp-content/plugins/cardealer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cardealer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cardealer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardealer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.04') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cardealer-87691ec7eeba77afd606ae3cf92f6d8b.yaml b/nuclei-templates/cve-less/plugins/cardealer-87691ec7eeba77afd606ae3cf92f6d8b.yaml new file mode 100644 index 0000000000..64198f125a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cardealer-87691ec7eeba77afd606ae3cf92f6d8b.yaml @@ -0,0 +1,58 @@ +id: cardealer-87691ec7eeba77afd606ae3cf92f6d8b + +info: + name: > + Car Dealer <= 4.15 - Authenticated (Admin+) Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db25e8f7-07f2-470e-850e-b8cd3388baea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cardealer/" + google-query: inurl:"/wp-content/plugins/cardealer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cardealer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cardealer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardealer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cardgate-24f679f9f324edb55cd9d46a91aafdf6.yaml b/nuclei-templates/cve-less/plugins/cardgate-24f679f9f324edb55cd9d46a91aafdf6.yaml new file mode 100644 index 0000000000..bd54e083f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cardgate-24f679f9f324edb55cd9d46a91aafdf6.yaml @@ -0,0 +1,58 @@ +id: cardgate-24f679f9f324edb55cd9d46a91aafdf6 + +info: + name: > + CardGate Payments for WooCommerce <= 3.1.15 - Lack of Origin Validation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24aadf0c-0266-4c39-ac7b-d6f09053d903?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cardgate/" + google-query: inurl:"/wp-content/plugins/cardgate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cardgate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cardgate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardgate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cardoza-3d-tag-cloud-27fde2e6c4a806f7a102ac0a7cda9a14.yaml b/nuclei-templates/cve-less/plugins/cardoza-3d-tag-cloud-27fde2e6c4a806f7a102ac0a7cda9a14.yaml new file mode 100644 index 0000000000..8cf40b62c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cardoza-3d-tag-cloud-27fde2e6c4a806f7a102ac0a7cda9a14.yaml @@ -0,0 +1,58 @@ +id: cardoza-3d-tag-cloud-27fde2e6c4a806f7a102ac0a7cda9a14 + +info: + name: > + 3D Tag Cloud <= 3.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8540a39-87e4-4a78-abf2-c7e09dbfa4f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cardoza-3d-tag-cloud/" + google-query: inurl:"/wp-content/plugins/cardoza-3d-tag-cloud/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cardoza-3d-tag-cloud,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cardoza-3d-tag-cloud/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardoza-3d-tag-cloud" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cardoza-3d-tag-cloud-65f120a185fc7462303fec7b1afa9585.yaml b/nuclei-templates/cve-less/plugins/cardoza-3d-tag-cloud-65f120a185fc7462303fec7b1afa9585.yaml new file mode 100644 index 0000000000..210aa7d6d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cardoza-3d-tag-cloud-65f120a185fc7462303fec7b1afa9585.yaml @@ -0,0 +1,58 @@ +id: cardoza-3d-tag-cloud-65f120a185fc7462303fec7b1afa9585 + +info: + name: > + 3D Tag Cloud <= 3.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dfa825c-b0f7-4588-9bf8-cd186a5fc0ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cardoza-3d-tag-cloud/" + google-query: inurl:"/wp-content/plugins/cardoza-3d-tag-cloud/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cardoza-3d-tag-cloud,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cardoza-3d-tag-cloud/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardoza-3d-tag-cloud" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cardoza-ajax-search-b8b3a3fbd66ce4f7e79e6dafb76c83ed.yaml b/nuclei-templates/cve-less/plugins/cardoza-ajax-search-b8b3a3fbd66ce4f7e79e6dafb76c83ed.yaml new file mode 100644 index 0000000000..de53085b15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cardoza-ajax-search-b8b3a3fbd66ce4f7e79e6dafb76c83ed.yaml @@ -0,0 +1,58 @@ +id: cardoza-ajax-search-b8b3a3fbd66ce4f7e79e6dafb76c83ed + +info: + name: > + Cardoza AJAX Search < 1.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73aa7b26-dbdf-4859-8fb9-f71dc734bb87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cardoza-ajax-search/" + google-query: inurl:"/wp-content/plugins/cardoza-ajax-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cardoza-ajax-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cardoza-ajax-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardoza-ajax-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cardoza-facebook-like-box-9ad733bd3bff15d00b8cf7407f8d01f4.yaml b/nuclei-templates/cve-less/plugins/cardoza-facebook-like-box-9ad733bd3bff15d00b8cf7407f8d01f4.yaml new file mode 100644 index 0000000000..43e27a86d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cardoza-facebook-like-box-9ad733bd3bff15d00b8cf7407f8d01f4.yaml @@ -0,0 +1,58 @@ +id: cardoza-facebook-like-box-9ad733bd3bff15d00b8cf7407f8d01f4 + +info: + name: > + Easy Social Like Box – Popup – Sidebar Widget < 2.8.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9269e358-83cb-42e7-a30d-79f1504e576c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cardoza-facebook-like-box/" + google-query: inurl:"/wp-content/plugins/cardoza-facebook-like-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cardoza-facebook-like-box,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cardoza-facebook-like-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardoza-facebook-like-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cardoza-wordpress-poll-51e3e4afb8caf590d3f3c081b5b24b7d.yaml b/nuclei-templates/cve-less/plugins/cardoza-wordpress-poll-51e3e4afb8caf590d3f3c081b5b24b7d.yaml new file mode 100644 index 0000000000..ed79c22e96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cardoza-wordpress-poll-51e3e4afb8caf590d3f3c081b5b24b7d.yaml @@ -0,0 +1,58 @@ +id: cardoza-wordpress-poll-51e3e4afb8caf590d3f3c081b5b24b7d + +info: + name: > + WordPress Poll <= 34.05 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21d244f4-f0cd-4d4d-8c6a-edea6b7b8145?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cardoza-wordpress-poll/" + google-query: inurl:"/wp-content/plugins/cardoza-wordpress-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cardoza-wordpress-poll,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cardoza-wordpress-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardoza-wordpress-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 34.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cardoza-wordpress-poll-94d04ee1ef58708b41d6145bfcae5eba.yaml b/nuclei-templates/cve-less/plugins/cardoza-wordpress-poll-94d04ee1ef58708b41d6145bfcae5eba.yaml new file mode 100644 index 0000000000..fe634ffbf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cardoza-wordpress-poll-94d04ee1ef58708b41d6145bfcae5eba.yaml @@ -0,0 +1,58 @@ +id: cardoza-wordpress-poll-94d04ee1ef58708b41d6145bfcae5eba + +info: + name: > + WordPress Poll <= 36 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2facf62b-33cf-4438-a501-f96730077fa2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cardoza-wordpress-poll/" + google-query: inurl:"/wp-content/plugins/cardoza-wordpress-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cardoza-wordpress-poll,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cardoza-wordpress-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardoza-wordpress-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cardoza-wordpress-poll-eb36c7e115c0d22d7762853e6f5759cf.yaml b/nuclei-templates/cve-less/plugins/cardoza-wordpress-poll-eb36c7e115c0d22d7762853e6f5759cf.yaml new file mode 100644 index 0000000000..726bddc87f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cardoza-wordpress-poll-eb36c7e115c0d22d7762853e6f5759cf.yaml @@ -0,0 +1,58 @@ +id: cardoza-wordpress-poll-eb36c7e115c0d22d7762853e6f5759cf + +info: + name: > + WordPress Poll < 34.06 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d048878-12ae-442a-921d-c02a4e1e3974?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cardoza-wordpress-poll/" + google-query: inurl:"/wp-content/plugins/cardoza-wordpress-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cardoza-wordpress-poll,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cardoza-wordpress-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardoza-wordpress-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 34.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/careerfy-1af02924d8ed846b859206c9bcd93941.yaml b/nuclei-templates/cve-less/plugins/careerfy-1af02924d8ed846b859206c9bcd93941.yaml new file mode 100644 index 0000000000..793b9e14fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/careerfy-1af02924d8ed846b859206c9bcd93941.yaml @@ -0,0 +1,58 @@ +id: careerfy-1af02924d8ed846b859206c9bcd93941 + +info: + name: > + WP JobSearch < 1.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6290c671-c8e5-4cc3-a233-9fed584ca02f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/careerfy/" + google-query: inurl:"/wp-content/plugins/careerfy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,careerfy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/careerfy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "careerfy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/careerfy-b6b5ac51737dc25240c45d0d6e3809e0.yaml b/nuclei-templates/cve-less/plugins/careerfy-b6b5ac51737dc25240c45d0d6e3809e0.yaml new file mode 100644 index 0000000000..71421f05ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/careerfy-b6b5ac51737dc25240c45d0d6e3809e0.yaml @@ -0,0 +1,58 @@ +id: careerfy-b6b5ac51737dc25240c45d0d6e3809e0 + +info: + name: > + WP JobSearch <= 1.7.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2a537a9-a1db-465e-8e04-2306e0d6998c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/careerfy/" + google-query: inurl:"/wp-content/plugins/careerfy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,careerfy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/careerfy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "careerfy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/caret-country-access-limit-cc17c22adecd59067c0b764ef4c8f084.yaml b/nuclei-templates/cve-less/plugins/caret-country-access-limit-cc17c22adecd59067c0b764ef4c8f084.yaml new file mode 100644 index 0000000000..928772ae38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/caret-country-access-limit-cc17c22adecd59067c0b764ef4c8f084.yaml @@ -0,0 +1,58 @@ +id: caret-country-access-limit-cc17c22adecd59067c0b764ef4c8f084 + +info: + name: > + Caret Country Access Limit <= 1.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f8c5853-6e21-4a70-a547-e3f0f4b1d7d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/caret-country-access-limit/" + google-query: inurl:"/wp-content/plugins/caret-country-access-limit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,caret-country-access-limit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/caret-country-access-limit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "caret-country-access-limit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/carousel-anything-894cd49c8916bb82c60619f3c2cf8165.yaml b/nuclei-templates/cve-less/plugins/carousel-anything-894cd49c8916bb82c60619f3c2cf8165.yaml new file mode 100644 index 0000000000..7ef36bc5cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/carousel-anything-894cd49c8916bb82c60619f3c2cf8165.yaml @@ -0,0 +1,58 @@ +id: carousel-anything-894cd49c8916bb82c60619f3c2cf8165 + +info: + name: > + Carousel Anything For WPBakery Page Builder <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1921dcf9-d23b-4566-a0e5-9e9d5875ef82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/carousel-anything/" + google-query: inurl:"/wp-content/plugins/carousel-anything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,carousel-anything,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/carousel-anything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "carousel-anything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/carousel-ck-3a426a819fa4af21ed44f2fbb809eae0.yaml b/nuclei-templates/cve-less/plugins/carousel-ck-3a426a819fa4af21ed44f2fbb809eae0.yaml new file mode 100644 index 0000000000..104d63450f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/carousel-ck-3a426a819fa4af21ed44f2fbb809eae0.yaml @@ -0,0 +1,58 @@ +id: carousel-ck-3a426a819fa4af21ed44f2fbb809eae0 + +info: + name: > + Carousel CK <= 1.1.0 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b778048c-22e8-42ea-9d60-6e58b31a3035?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/carousel-ck/" + google-query: inurl:"/wp-content/plugins/carousel-ck/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,carousel-ck,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/carousel-ck/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "carousel-ck" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/carousel-slider-0aea1b28544eff7de492a84d0e135b73.yaml b/nuclei-templates/cve-less/plugins/carousel-slider-0aea1b28544eff7de492a84d0e135b73.yaml new file mode 100644 index 0000000000..8bfb64e466 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/carousel-slider-0aea1b28544eff7de492a84d0e135b73.yaml @@ -0,0 +1,58 @@ +id: carousel-slider-0aea1b28544eff7de492a84d0e135b73 + +info: + name: > + Carousel Slider <= 2.2.10 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/160dd5b9-ed70-4617-9bff-59e33f9ea2d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/carousel-slider/" + google-query: inurl:"/wp-content/plugins/carousel-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,carousel-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/carousel-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "carousel-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/carousel-slider-24a3397fbf299aff4ecd7a231ef53936.yaml b/nuclei-templates/cve-less/plugins/carousel-slider-24a3397fbf299aff4ecd7a231ef53936.yaml new file mode 100644 index 0000000000..fdcfbeef27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/carousel-slider-24a3397fbf299aff4ecd7a231ef53936.yaml @@ -0,0 +1,58 @@ +id: carousel-slider-24a3397fbf299aff4ecd7a231ef53936 + +info: + name: > + Carousel Slider <= 2.2.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5465eaab-03c0-438a-8553-c1f8b06b82bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/carousel-slider/" + google-query: inurl:"/wp-content/plugins/carousel-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,carousel-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/carousel-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "carousel-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/carousel-slider-630df0c98158fef2598199d5ff83a48f.yaml b/nuclei-templates/cve-less/plugins/carousel-slider-630df0c98158fef2598199d5ff83a48f.yaml new file mode 100644 index 0000000000..f2daa378af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/carousel-slider-630df0c98158fef2598199d5ff83a48f.yaml @@ -0,0 +1,58 @@ +id: carousel-slider-630df0c98158fef2598199d5ff83a48f + +info: + name: > + Carousel Slider <= 2.2.9 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2857e6c1-f6c4-46fb-9837-a6a6f5e48369?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/carousel-slider/" + google-query: inurl:"/wp-content/plugins/carousel-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,carousel-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/carousel-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "carousel-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/carrrot-d0bff2c3c4777b0c5230adf64beddf0b.yaml b/nuclei-templates/cve-less/plugins/carrrot-d0bff2c3c4777b0c5230adf64beddf0b.yaml new file mode 100644 index 0000000000..57182e605b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/carrrot-d0bff2c3c4777b0c5230adf64beddf0b.yaml @@ -0,0 +1,58 @@ +id: carrrot-d0bff2c3c4777b0c5230adf64beddf0b + +info: + name: > + Carrot <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77fa042d-1e4f-4344-bf5a-3860add7aae3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/carrrot/" + google-query: inurl:"/wp-content/plugins/carrrot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,carrrot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/carrrot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "carrrot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cars-seller-auto-classifieds-script-67c6ac36101695384c180d0d88713f05.yaml b/nuclei-templates/cve-less/plugins/cars-seller-auto-classifieds-script-67c6ac36101695384c180d0d88713f05.yaml new file mode 100644 index 0000000000..636d75da85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cars-seller-auto-classifieds-script-67c6ac36101695384c180d0d88713f05.yaml @@ -0,0 +1,58 @@ +id: cars-seller-auto-classifieds-script-67c6ac36101695384c180d0d88713f05 + +info: + name: > + Car Seller - Auto Classifieds Script <= 2.1.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b80c2a5a-49f2-4b93-a1eb-a0be53aa921d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cars-seller-auto-classifieds-script/" + google-query: inurl:"/wp-content/plugins/cars-seller-auto-classifieds-script/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cars-seller-auto-classifieds-script,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cars-seller-auto-classifieds-script/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cars-seller-auto-classifieds-script" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cart-lift-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/cart-lift-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..c178137acc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cart-lift-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: cart-lift-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cart-lift/" + google-query: inurl:"/wp-content/plugins/cart-lift/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cart-lift,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart-lift/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart-lift" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cart-lift-e8d0684b467b2dbd613cfc306a1e44bc.yaml b/nuclei-templates/cve-less/plugins/cart-lift-e8d0684b467b2dbd613cfc306a1e44bc.yaml new file mode 100644 index 0000000000..681a8ecda4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cart-lift-e8d0684b467b2dbd613cfc306a1e44bc.yaml @@ -0,0 +1,58 @@ +id: cart-lift-e8d0684b467b2dbd613cfc306a1e44bc + +info: + name: > + Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD <= 3.1.5 - Reflected Cross-Site Scripting via cart_search + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eebe1bf7-0366-4226-bcbc-027186136008?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cart-lift/" + google-query: inurl:"/wp-content/plugins/cart-lift/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cart-lift,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart-lift/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart-lift" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cart-notices-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/cart-notices-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..df722f9678 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cart-notices-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: cart-notices-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cart-notices-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/cart-notices-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cart-notices-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart-notices-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart-notices-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cart-products-suggestions-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/cart-products-suggestions-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..21d457504f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cart-products-suggestions-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: cart-products-suggestions-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cart-products-suggestions-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/cart-products-suggestions-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cart-products-suggestions-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart-products-suggestions-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart-products-suggestions-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cart-rest-api-for-woocommerce-f86a366b83ee22a3c8a02c83ac209077.yaml b/nuclei-templates/cve-less/plugins/cart-rest-api-for-woocommerce-f86a366b83ee22a3c8a02c83ac209077.yaml new file mode 100644 index 0000000000..266d5b16c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cart-rest-api-for-woocommerce-f86a366b83ee22a3c8a02c83ac209077.yaml @@ -0,0 +1,58 @@ +id: cart-rest-api-for-woocommerce-f86a366b83ee22a3c8a02c83ac209077 + +info: + name: > + CoCart – Headless ecommerce <= 3.11.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98e8e09c-f2fe-40ab-b1ce-62a1627b6b65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cart-rest-api-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/cart-rest-api-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cart-rest-api-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart-rest-api-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart-rest-api-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cart2cart-magento-to-woocommerce-migration-b1456c2b0a44366db809a824b44e5c5b.yaml b/nuclei-templates/cve-less/plugins/cart2cart-magento-to-woocommerce-migration-b1456c2b0a44366db809a824b44e5c5b.yaml new file mode 100644 index 0000000000..b5152ed145 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cart2cart-magento-to-woocommerce-migration-b1456c2b0a44366db809a824b44e5c5b.yaml @@ -0,0 +1,58 @@ +id: cart2cart-magento-to-woocommerce-migration-b1456c2b0a44366db809a824b44e5c5b + +info: + name: > + Cart2Cart: Magento to WooCommerce Migration <= 2.0.0 - Missing Authorization via setToken + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d9ab83f-6d0b-4fe4-a121-87b09dcc0953?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cart2cart-magento-to-woocommerce-migration/" + google-query: inurl:"/wp-content/plugins/cart2cart-magento-to-woocommerce-migration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cart2cart-magento-to-woocommerce-migration,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart2cart-magento-to-woocommerce-migration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart2cart-magento-to-woocommerce-migration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cart66-lite-06ef746af3d0592e05a038c507873a93.yaml b/nuclei-templates/cve-less/plugins/cart66-lite-06ef746af3d0592e05a038c507873a93.yaml new file mode 100644 index 0000000000..8d7a0db3ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cart66-lite-06ef746af3d0592e05a038c507873a93.yaml @@ -0,0 +1,58 @@ +id: cart66-lite-06ef746af3d0592e05a038c507873a93 + +info: + name: > + Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20de9544-b2fe-470c-a7a4-b662b59d6d31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cart66-lite/" + google-query: inurl:"/wp-content/plugins/cart66-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cart66-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart66-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart66-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cart66-lite-412eb3ff2c6b3450ae105bf1638dee64.yaml b/nuclei-templates/cve-less/plugins/cart66-lite-412eb3ff2c6b3450ae105bf1638dee64.yaml new file mode 100644 index 0000000000..a96696a513 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cart66-lite-412eb3ff2c6b3450ae105bf1638dee64.yaml @@ -0,0 +1,58 @@ +id: cart66-lite-412eb3ff2c6b3450ae105bf1638dee64 + +info: + name: > + Cart66 Lite :: WordPress Ecommerce <= 1.5.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34d8ecee-ad52-47cd-ac78-4a82aa2ff58a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cart66-lite/" + google-query: inurl:"/wp-content/plugins/cart66-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cart66-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart66-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart66-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cart66-lite-67c99f9c8f327331a1d82c5ff5d685e7.yaml b/nuclei-templates/cve-less/plugins/cart66-lite-67c99f9c8f327331a1d82c5ff5d685e7.yaml new file mode 100644 index 0000000000..4cfc361b73 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cart66-lite-67c99f9c8f327331a1d82c5ff5d685e7.yaml @@ -0,0 +1,58 @@ +id: cart66-lite-67c99f9c8f327331a1d82c5ff5d685e7 + +info: + name: > + Cart66 Lite :: WordPress Ecommerce < 1.5.1.15 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d819b54-f057-4875-8e40-f5c77db2e5fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cart66-lite/" + google-query: inurl:"/wp-content/plugins/cart66-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cart66-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart66-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart66-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cart66-lite-73c7b664803cc72f6ed74c19b2560471.yaml b/nuclei-templates/cve-less/plugins/cart66-lite-73c7b664803cc72f6ed74c19b2560471.yaml new file mode 100644 index 0000000000..ef0f7312c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cart66-lite-73c7b664803cc72f6ed74c19b2560471.yaml @@ -0,0 +1,58 @@ +id: cart66-lite-73c7b664803cc72f6ed74c19b2560471 + +info: + name: > + Cart66 Lite :: WordPress Ecommerce < 1.5.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/675c86fb-e01f-4957-a49c-31b96383304f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cart66-lite/" + google-query: inurl:"/wp-content/plugins/cart66-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cart66-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart66-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart66-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cart66-lite-e1efc7cab467c2f5bb9e0770c86a7f44.yaml b/nuclei-templates/cve-less/plugins/cart66-lite-e1efc7cab467c2f5bb9e0770c86a7f44.yaml new file mode 100644 index 0000000000..fe08d6dfa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cart66-lite-e1efc7cab467c2f5bb9e0770c86a7f44.yaml @@ -0,0 +1,58 @@ +id: cart66-lite-e1efc7cab467c2f5bb9e0770c86a7f44 + +info: + name: > + Cart66 Lite - WordPress Ecommerce < 1.5.4 - Directory Traversal to Arbitrary File Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d9736e0-1a10-4ea0-a514-62ff49e36c43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cart66-lite/" + google-query: inurl:"/wp-content/plugins/cart66-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cart66-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cart66-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cart66-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cartflows-2031b341cdd31868784b73bf44a323dc.yaml b/nuclei-templates/cve-less/plugins/cartflows-2031b341cdd31868784b73bf44a323dc.yaml new file mode 100644 index 0000000000..befc4a925c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cartflows-2031b341cdd31868784b73bf44a323dc.yaml @@ -0,0 +1,58 @@ +id: cartflows-2031b341cdd31868784b73bf44a323dc + +info: + name: > + WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 1.5.15 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d98c849-4178-4cee-846b-2c136bc56daf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cartflows/" + google-query: inurl:"/wp-content/plugins/cartflows/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cartflows,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cartflows/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cartflows" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cartflows-2af5d7487ceb106d0bc29f7a8108e53c.yaml b/nuclei-templates/cve-less/plugins/cartflows-2af5d7487ceb106d0bc29f7a8108e53c.yaml new file mode 100644 index 0000000000..06e4bc8959 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cartflows-2af5d7487ceb106d0bc29f7a8108e53c.yaml @@ -0,0 +1,58 @@ +id: cartflows-2af5d7487ceb106d0bc29f7a8108e53c + +info: + name: > + Funnel Builder <= 1.3.0 - Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0b95670-0767-4325-88d0-4ae6d7302558?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cartflows/" + google-query: inurl:"/wp-content/plugins/cartflows/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cartflows,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cartflows/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cartflows" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cartflows-9051aa7c81fdec9135cd53a28b43a964.yaml b/nuclei-templates/cve-less/plugins/cartflows-9051aa7c81fdec9135cd53a28b43a964.yaml new file mode 100644 index 0000000000..e902f26302 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cartflows-9051aa7c81fdec9135cd53a28b43a964.yaml @@ -0,0 +1,58 @@ +id: cartflows-9051aa7c81fdec9135cd53a28b43a964 + +info: + name: > + Funnel Builder by CartFlows <= 1.6.12 - Authenticated Stored Cross-Site scripting via FB Pixel ID and Google Analytics ID + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/083d368c-ba38-433a-b499-c00d205bd331?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cartflows/" + google-query: inurl:"/wp-content/plugins/cartflows/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cartflows,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cartflows/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cartflows" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cartflows-ef918f495b11d984490181ededbf81f0.yaml b/nuclei-templates/cve-less/plugins/cartflows-ef918f495b11d984490181ededbf81f0.yaml new file mode 100644 index 0000000000..794a1cffa8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cartflows-ef918f495b11d984490181ededbf81f0.yaml @@ -0,0 +1,58 @@ +id: cartflows-ef918f495b11d984490181ededbf81f0 + +info: + name: > + Funnel Builder by CartFlows <= 2.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f75e37d-a94e-4103-b706-5fead24f1f73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cartflows/" + google-query: inurl:"/wp-content/plugins/cartflows/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cartflows,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cartflows/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cartflows" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cartflows-pro-5f1b3c571aefdb13a941afd0f6a1e2f0.yaml b/nuclei-templates/cve-less/plugins/cartflows-pro-5f1b3c571aefdb13a941afd0f6a1e2f0.yaml new file mode 100644 index 0000000000..d0c8034875 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cartflows-pro-5f1b3c571aefdb13a941afd0f6a1e2f0.yaml @@ -0,0 +1,58 @@ +id: cartflows-pro-5f1b3c571aefdb13a941afd0f6a1e2f0 + +info: + name: > + CartFlows Pro <= 1.11.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0631ec9-fb72-4573-a41b-9b6b01aeaae9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cartflows-pro/" + google-query: inurl:"/wp-content/plugins/cartflows-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cartflows-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cartflows-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cartflows-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cartflows-pro-90187049563f57856c792eeb068a786a.yaml b/nuclei-templates/cve-less/plugins/cartflows-pro-90187049563f57856c792eeb068a786a.yaml new file mode 100644 index 0000000000..2eb0a4cf7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cartflows-pro-90187049563f57856c792eeb068a786a.yaml @@ -0,0 +1,58 @@ +id: cartflows-pro-90187049563f57856c792eeb068a786a + +info: + name: > + CartFlows Pro <= 1.11.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85ba90ae-8144-42f0-90db-e7f2638fec47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cartflows-pro/" + google-query: inurl:"/wp-content/plugins/cartflows-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cartflows-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cartflows-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cartflows-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cartpauj-register-captcha-7feee71659763988d044dea046c00a68.yaml b/nuclei-templates/cve-less/plugins/cartpauj-register-captcha-7feee71659763988d044dea046c00a68.yaml new file mode 100644 index 0000000000..b81d398770 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cartpauj-register-captcha-7feee71659763988d044dea046c00a68.yaml @@ -0,0 +1,58 @@ +id: cartpauj-register-captcha-7feee71659763988d044dea046c00a68 + +info: + name: > + Cartpauj Register Captcha <= 1.0.02 - CAPTCHA Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b004132-b2a6-422d-882e-5122708d9709?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cartpauj-register-captcha/" + google-query: inurl:"/wp-content/plugins/cartpauj-register-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cartpauj-register-captcha,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cartpauj-register-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cartpauj-register-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.02') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/carts-guru-484f6782156958a3ab27ac5661456a24.yaml b/nuclei-templates/cve-less/plugins/carts-guru-484f6782156958a3ab27ac5661456a24.yaml new file mode 100644 index 0000000000..81dda187bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/carts-guru-484f6782156958a3ab27ac5661456a24.yaml @@ -0,0 +1,58 @@ +id: carts-guru-484f6782156958a3ab27ac5661456a24 + +info: + name: > + Carts Guru <= 1.4.5 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fcde31b-6a58-4d8a-887f-1b2221b72c77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/carts-guru/" + google-query: inurl:"/wp-content/plugins/carts-guru/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,carts-guru,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/carts-guru/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "carts-guru" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cashtomer-652b592a23d9d8ef3233d28a405d4909.yaml b/nuclei-templates/cve-less/plugins/cashtomer-652b592a23d9d8ef3233d28a405d4909.yaml new file mode 100644 index 0000000000..3d512eb00f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cashtomer-652b592a23d9d8ef3233d28a405d4909.yaml @@ -0,0 +1,58 @@ +id: cashtomer-652b592a23d9d8ef3233d28a405d4909 + +info: + name: > + Cashtomer <= 1.0.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9965ea42-56c4-4ec9-9159-d971e913469e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cashtomer/" + google-query: inurl:"/wp-content/plugins/cashtomer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cashtomer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cashtomer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cashtomer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catablog-1319960b548fb4b068018632e6f16db7.yaml b/nuclei-templates/cve-less/plugins/catablog-1319960b548fb4b068018632e6f16db7.yaml new file mode 100644 index 0000000000..c0eef7d32c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catablog-1319960b548fb4b068018632e6f16db7.yaml @@ -0,0 +1,58 @@ +id: catablog-1319960b548fb4b068018632e6f16db7 + +info: + name: > + CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8794854d-e931-4a85-b767-2ab81bfcb780?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catablog/" + google-query: inurl:"/wp-content/plugins/catablog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catablog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catablog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catablog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catablog-457555c66db611fbfa678adc71e787e6.yaml b/nuclei-templates/cve-less/plugins/catablog-457555c66db611fbfa678adc71e787e6.yaml new file mode 100644 index 0000000000..78a8d15148 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catablog-457555c66db611fbfa678adc71e787e6.yaml @@ -0,0 +1,58 @@ +id: catablog-457555c66db611fbfa678adc71e787e6 + +info: + name: > + CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18d1ba80-ddf6-4076-bc78-78647b964bcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catablog/" + google-query: inurl:"/wp-content/plugins/catablog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catablog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catablog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catablog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catalog-ba6ce63fd5cf470afef6a6aae7117079.yaml b/nuclei-templates/cve-less/plugins/catalog-ba6ce63fd5cf470afef6a6aae7117079.yaml new file mode 100644 index 0000000000..4be72e21bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catalog-ba6ce63fd5cf470afef6a6aae7117079.yaml @@ -0,0 +1,58 @@ +id: catalog-ba6ce63fd5cf470afef6a6aae7117079 + +info: + name: > + SpiderCatalog <= 1.7.3 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53124575-ca94-47d6-b0dd-033ac17c24ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catalog/" + google-query: inurl:"/wp-content/plugins/catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catalog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catalyst-connect-client-portal-0444dd694cfe16cd55e5d0cab9135b80.yaml b/nuclei-templates/cve-less/plugins/catalyst-connect-client-portal-0444dd694cfe16cd55e5d0cab9135b80.yaml new file mode 100644 index 0000000000..494e0538b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catalyst-connect-client-portal-0444dd694cfe16cd55e5d0cab9135b80.yaml @@ -0,0 +1,58 @@ +id: catalyst-connect-client-portal-0444dd694cfe16cd55e5d0cab9135b80 + +info: + name: > + Catalyst Connect Zoho CRM Client Portal <= 2.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d63543f9-4865-444f-9a32-3b23e92b0bd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catalyst-connect-client-portal/" + google-query: inurl:"/wp-content/plugins/catalyst-connect-client-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catalyst-connect-client-portal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catalyst-connect-client-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catalyst-connect-client-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catalyst-connect-client-portal-719aecac015dde0f14f4cf5400965308.yaml b/nuclei-templates/cve-less/plugins/catalyst-connect-client-portal-719aecac015dde0f14f4cf5400965308.yaml new file mode 100644 index 0000000000..fa55c0e7b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catalyst-connect-client-portal-719aecac015dde0f14f4cf5400965308.yaml @@ -0,0 +1,58 @@ +id: catalyst-connect-client-portal-719aecac015dde0f14f4cf5400965308 + +info: + name: > + Catalyst Connect Zoho CRM Client Portal <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88cea535-1042-4011-aee9-684d7661e193?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catalyst-connect-client-portal/" + google-query: inurl:"/wp-content/plugins/catalyst-connect-client-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catalyst-connect-client-portal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catalyst-connect-client-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catalyst-connect-client-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-breadcrumb-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-breadcrumb-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..0d18f435b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-breadcrumb-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-breadcrumb-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-breadcrumb/" + google-query: inurl:"/wp-content/plugins/catch-breadcrumb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-breadcrumb,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-breadcrumb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-breadcrumb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-breadcrumb-4ba0680f325fbd064afe994053bfe704.yaml b/nuclei-templates/cve-less/plugins/catch-breadcrumb-4ba0680f325fbd064afe994053bfe704.yaml new file mode 100644 index 0000000000..d39dfbccba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-breadcrumb-4ba0680f325fbd064afe994053bfe704.yaml @@ -0,0 +1,58 @@ +id: catch-breadcrumb-4ba0680f325fbd064afe994053bfe704 + +info: + name: > + Catch Breadcrumb <= 1.5.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4983c2f-f9f6-4bd9-9c38-0ad3756f92b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-breadcrumb/" + google-query: inurl:"/wp-content/plugins/catch-breadcrumb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-breadcrumb,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-breadcrumb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-breadcrumb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-duplicate-switcher-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-duplicate-switcher-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..eedd5f5fb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-duplicate-switcher-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-duplicate-switcher-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-duplicate-switcher/" + google-query: inurl:"/wp-content/plugins/catch-duplicate-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-duplicate-switcher,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-duplicate-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-duplicate-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-gallery-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-gallery-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..780e779d22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-gallery-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-gallery-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-gallery/" + google-query: inurl:"/wp-content/plugins/catch-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-ids-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-ids-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..0bc1a64b11 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-ids-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-ids-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-ids/" + google-query: inurl:"/wp-content/plugins/catch-ids/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-ids,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-ids/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-ids" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-import-export-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-import-export-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..ec7d4402b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-import-export-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-import-export-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-import-export/" + google-query: inurl:"/wp-content/plugins/catch-import-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-import-export,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-import-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-import-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-infinite-scroll-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-infinite-scroll-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..539a010979 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-infinite-scroll-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-infinite-scroll-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-infinite-scroll/" + google-query: inurl:"/wp-content/plugins/catch-infinite-scroll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-infinite-scroll,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-infinite-scroll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-infinite-scroll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-instagram-feed-gallery-widget-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-instagram-feed-gallery-widget-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..aa7710bf91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-instagram-feed-gallery-widget-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-instagram-feed-gallery-widget-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-instagram-feed-gallery-widget/" + google-query: inurl:"/wp-content/plugins/catch-instagram-feed-gallery-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-instagram-feed-gallery-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-instagram-feed-gallery-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-instagram-feed-gallery-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-scroll-progress-bar-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-scroll-progress-bar-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..e6b065cc36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-scroll-progress-bar-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-scroll-progress-bar-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-scroll-progress-bar/" + google-query: inurl:"/wp-content/plugins/catch-scroll-progress-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-scroll-progress-bar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-scroll-progress-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-scroll-progress-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-sticky-menu-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-sticky-menu-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..095eb6692c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-sticky-menu-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-sticky-menu-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-sticky-menu/" + google-query: inurl:"/wp-content/plugins/catch-sticky-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-sticky-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-sticky-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-sticky-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-themes-demo-import-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-themes-demo-import-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..ec7ffa8338 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-themes-demo-import-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-themes-demo-import-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-themes-demo-import/" + google-query: inurl:"/wp-content/plugins/catch-themes-demo-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-themes-demo-import,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-themes-demo-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-themes-demo-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-themes-demo-import-b60d38a6f27b4184d7cf8b134a701e36.yaml b/nuclei-templates/cve-less/plugins/catch-themes-demo-import-b60d38a6f27b4184d7cf8b134a701e36.yaml new file mode 100644 index 0000000000..45099f6210 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-themes-demo-import-b60d38a6f27b4184d7cf8b134a701e36.yaml @@ -0,0 +1,58 @@ +id: catch-themes-demo-import-b60d38a6f27b4184d7cf8b134a701e36 + +info: + name: > + Catch Themes Demo Import <= 2.1 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7f10f62-98cf-4629-9a48-59a42490276d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-themes-demo-import/" + google-query: inurl:"/wp-content/plugins/catch-themes-demo-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-themes-demo-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-themes-demo-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-themes-demo-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-themes-demo-import-ede5967c43f0c429d90aef07bf32832d.yaml b/nuclei-templates/cve-less/plugins/catch-themes-demo-import-ede5967c43f0c429d90aef07bf32832d.yaml new file mode 100644 index 0000000000..c7c374e86f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-themes-demo-import-ede5967c43f0c429d90aef07bf32832d.yaml @@ -0,0 +1,58 @@ +id: catch-themes-demo-import-ede5967c43f0c429d90aef07bf32832d + +info: + name: > + Catch Themes Demo Import <= 1.7 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/007ec879-7241-4dd2-9b81-93e44786bbcb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-themes-demo-import/" + google-query: inurl:"/wp-content/plugins/catch-themes-demo-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-themes-demo-import,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-themes-demo-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-themes-demo-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-under-construction-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-under-construction-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..fea087ffa3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-under-construction-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-under-construction-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-under-construction/" + google-query: inurl:"/wp-content/plugins/catch-under-construction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-under-construction,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-under-construction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-under-construction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catch-web-tools-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/catch-web-tools-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..94ebcd4934 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catch-web-tools-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: catch-web-tools-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catch-web-tools/" + google-query: inurl:"/wp-content/plugins/catch-web-tools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catch-web-tools,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catch-web-tools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catch-web-tools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/catchers-helpdesk-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/catchers-helpdesk-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..4f80f8dff3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/catchers-helpdesk-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: catchers-helpdesk-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/catchers-helpdesk/" + google-query: inurl:"/wp-content/plugins/catchers-helpdesk/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,catchers-helpdesk,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/catchers-helpdesk/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "catchers-helpdesk" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categories-gallery-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/categories-gallery-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..beae659fad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categories-gallery-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: categories-gallery-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categories-gallery/" + google-query: inurl:"/wp-content/plugins/categories-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categories-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categories-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categories-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categories-gallery-woocommerce-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/categories-gallery-woocommerce-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..4e4b2356b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categories-gallery-woocommerce-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: categories-gallery-woocommerce-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categories-gallery-woocommerce/" + google-query: inurl:"/wp-content/plugins/categories-gallery-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categories-gallery-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categories-gallery-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categories-gallery-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categorify-2f5fc8a76419fe6bea249f884a02d85d.yaml b/nuclei-templates/cve-less/plugins/categorify-2f5fc8a76419fe6bea249f884a02d85d.yaml new file mode 100644 index 0000000000..8ee1560a71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categorify-2f5fc8a76419fe6bea249f884a02d85d.yaml @@ -0,0 +1,58 @@ +id: categorify-2f5fc8a76419fe6bea249f884a02d85d + +info: + name: > + Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9a3dc87-5309-41fe-bfc3-60b5878b6c57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categorify/" + google-query: inurl:"/wp-content/plugins/categorify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categorify,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categorify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categorify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categorify-5151b196e7969f448d1e0346e210bd82.yaml b/nuclei-templates/cve-less/plugins/categorify-5151b196e7969f448d1e0346e210bd82.yaml new file mode 100644 index 0000000000..438dd9f8ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categorify-5151b196e7969f448d1e0346e210bd82.yaml @@ -0,0 +1,58 @@ +id: categorify-5151b196e7969f448d1e0346e210bd82 + +info: + name: > + Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxRenameCategory + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58b29729-e9c3-4d57-affd-6142dfa8cc6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categorify/" + google-query: inurl:"/wp-content/plugins/categorify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categorify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categorify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categorify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categorify-5f87f741e48b627a6080cd7b2aa94d46.yaml b/nuclei-templates/cve-less/plugins/categorify-5f87f741e48b627a6080cd7b2aa94d46.yaml new file mode 100644 index 0000000000..0e6efe3c1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categorify-5f87f741e48b627a6080cd7b2aa94d46.yaml @@ -0,0 +1,58 @@ +id: categorify-5f87f741e48b627a6080cd7b2aa94d46 + +info: + name: > + Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categorify/" + google-query: inurl:"/wp-content/plugins/categorify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categorify,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categorify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categorify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categorify-714c67b8b7c104cb121813dc61b2219b.yaml b/nuclei-templates/cve-less/plugins/categorify-714c67b8b7c104cb121813dc61b2219b.yaml new file mode 100644 index 0000000000..0ac205199c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categorify-714c67b8b7c104cb121813dc61b2219b.yaml @@ -0,0 +1,58 @@ +id: categorify-714c67b8b7c104cb121813dc61b2219b + +info: + name: > + Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca28c91-f75e-4691-91cf-459cc9da5ad8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categorify/" + google-query: inurl:"/wp-content/plugins/categorify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categorify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categorify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categorify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categorify-aca00b4de03dae498ba9e363cc7669df.yaml b/nuclei-templates/cve-less/plugins/categorify-aca00b4de03dae498ba9e363cc7669df.yaml new file mode 100644 index 0000000000..531d54a8af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categorify-aca00b4de03dae498ba9e363cc7669df.yaml @@ -0,0 +1,58 @@ +id: categorify-aca00b4de03dae498ba9e363cc7669df + +info: + name: > + Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categorify/" + google-query: inurl:"/wp-content/plugins/categorify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categorify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categorify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categorify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categorify-b283da624a496380d695ed4b3e4a8065.yaml b/nuclei-templates/cve-less/plugins/categorify-b283da624a496380d695ed4b3e4a8065.yaml new file mode 100644 index 0000000000..2cf97447bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categorify-b283da624a496380d695ed4b3e4a8065.yaml @@ -0,0 +1,58 @@ +id: categorify-b283da624a496380d695ed4b3e4a8065 + +info: + name: > + Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxAddCategory + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78422a30-bdc6-4e7c-a018-c3dc4b4be6a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categorify/" + google-query: inurl:"/wp-content/plugins/categorify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categorify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categorify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categorify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categorify-bf5e4013e055d945f3801300e58d2936.yaml b/nuclei-templates/cve-less/plugins/categorify-bf5e4013e055d945f3801300e58d2936.yaml new file mode 100644 index 0000000000..d62c3ade1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categorify-bf5e4013e055d945f3801300e58d2936.yaml @@ -0,0 +1,58 @@ +id: categorify-bf5e4013e055d945f3801300e58d2936 + +info: + name: > + Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxClearCategory + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acccc6ae-553d-4ed5-8ba9-06a9061d725c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categorify/" + google-query: inurl:"/wp-content/plugins/categorify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categorify,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categorify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categorify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categorify-c408e44047c03520c426eb804c18a88a.yaml b/nuclei-templates/cve-less/plugins/categorify-c408e44047c03520c426eb804c18a88a.yaml new file mode 100644 index 0000000000..ffd5658144 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categorify-c408e44047c03520c426eb804c18a88a.yaml @@ -0,0 +1,58 @@ +id: categorify-c408e44047c03520c426eb804c18a88a + +info: + name: > + Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxUpdateFolderPosition + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45badd20-1ba8-44be-8a7c-2ce21261e208?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categorify/" + google-query: inurl:"/wp-content/plugins/categorify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categorify,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categorify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categorify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categorify-dd16da990120154a69703f2e9dcba084.yaml b/nuclei-templates/cve-less/plugins/categorify-dd16da990120154a69703f2e9dcba084.yaml new file mode 100644 index 0000000000..8f5f87db33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categorify-dd16da990120154a69703f2e9dcba084.yaml @@ -0,0 +1,58 @@ +id: categorify-dd16da990120154a69703f2e9dcba084 + +info: + name: > + Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategory + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c63ddc62-a4f1-4da4-a65e-4573369d6c30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categorify/" + google-query: inurl:"/wp-content/plugins/categorify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categorify,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categorify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categorify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/categorify-f9749bdc11799874266b6a084bbe85ae.yaml b/nuclei-templates/cve-less/plugins/categorify-f9749bdc11799874266b6a084bbe85ae.yaml new file mode 100644 index 0000000000..8ab18c5506 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/categorify-f9749bdc11799874266b6a084bbe85ae.yaml @@ -0,0 +1,58 @@ +id: categorify-f9749bdc11799874266b6a084bbe85ae + +info: + name: > + Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08c79118-9dad-44fd-b683-7950276d3808?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/categorify/" + google-query: inurl:"/wp-content/plugins/categorify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,categorify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/categorify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "categorify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/category-grid-view-gallery-f90056d9800bc9f38b8a269e9be583b2.yaml b/nuclei-templates/cve-less/plugins/category-grid-view-gallery-f90056d9800bc9f38b8a269e9be583b2.yaml new file mode 100644 index 0000000000..33c4f59495 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/category-grid-view-gallery-f90056d9800bc9f38b8a269e9be583b2.yaml @@ -0,0 +1,58 @@ +id: category-grid-view-gallery-f90056d9800bc9f38b8a269e9be583b2 + +info: + name: > + Category Grid View Gallery <= 2.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf85717-179a-4539-b57d-fccd8d9dda58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/category-grid-view-gallery/" + google-query: inurl:"/wp-content/plugins/category-grid-view-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,category-grid-view-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-grid-view-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-grid-view-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/category-list-portfolio-page-a4aa366f217005e74322ff2bf7a0e182.yaml b/nuclei-templates/cve-less/plugins/category-list-portfolio-page-a4aa366f217005e74322ff2bf7a0e182.yaml new file mode 100644 index 0000000000..b745d77662 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/category-list-portfolio-page-a4aa366f217005e74322ff2bf7a0e182.yaml @@ -0,0 +1,58 @@ +id: category-list-portfolio-page-a4aa366f217005e74322ff2bf7a0e182 + +info: + name: > + TimThumb <= 1.33 - Remote File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e062c794-1ab7-4d44-95da-40cd401f3a37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/category-list-portfolio-page/" + google-query: inurl:"/wp-content/plugins/category-list-portfolio-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,category-list-portfolio-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-list-portfolio-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-list-portfolio-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/category-post-list-widget-4f664c5f9a6ed3cf0ca52dbb21a8c73c.yaml b/nuclei-templates/cve-less/plugins/category-post-list-widget-4f664c5f9a6ed3cf0ca52dbb21a8c73c.yaml new file mode 100644 index 0000000000..0abd0fcdb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/category-post-list-widget-4f664c5f9a6ed3cf0ca52dbb21a8c73c.yaml @@ -0,0 +1,58 @@ +id: category-post-list-widget-4f664c5f9a6ed3cf0ca52dbb21a8c73c + +info: + name: > + Category Post List Widget <= 2.0 - Unauthenticated Stored Cross-Site Scripting via custom_css + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0182ca6c-23f8-4212-bfd8-cb898e98b37b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/category-post-list-widget/" + google-query: inurl:"/wp-content/plugins/category-post-list-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,category-post-list-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-post-list-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-post-list-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/category-post-list-widget-86c2efd6cd386af606e7ebf660f34040.yaml b/nuclei-templates/cve-less/plugins/category-post-list-widget-86c2efd6cd386af606e7ebf660f34040.yaml new file mode 100644 index 0000000000..0ef80901cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/category-post-list-widget-86c2efd6cd386af606e7ebf660f34040.yaml @@ -0,0 +1,58 @@ +id: category-post-list-widget-86c2efd6cd386af606e7ebf660f34040 + +info: + name: > + Category Post List Widget <= 2.0 - Cross-Site Request Forgery via get_cplw_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04ffc248-2b5c-4c64-8bfd-361a8ff6a8af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/category-post-list-widget/" + google-query: inurl:"/wp-content/plugins/category-post-list-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,category-post-list-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-post-list-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-post-list-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/category-seo-meta-tags-37be0ad02414c3e78dc60922e377602e.yaml b/nuclei-templates/cve-less/plugins/category-seo-meta-tags-37be0ad02414c3e78dc60922e377602e.yaml new file mode 100644 index 0000000000..72e28e34d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/category-seo-meta-tags-37be0ad02414c3e78dc60922e377602e.yaml @@ -0,0 +1,58 @@ +id: category-seo-meta-tags-37be0ad02414c3e78dc60922e377602e + +info: + name: > + Category SEO Meta Tags <= 2.5 - Cross-Site Request Forgery via csmt_admin_options + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de6048e7-75c6-44b1-bc68-e36dce936c78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/category-seo-meta-tags/" + google-query: inurl:"/wp-content/plugins/category-seo-meta-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,category-seo-meta-tags,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-seo-meta-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-seo-meta-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/category-seo-meta-tags-44b23b8882e9805e87909dc573565952.yaml b/nuclei-templates/cve-less/plugins/category-seo-meta-tags-44b23b8882e9805e87909dc573565952.yaml new file mode 100644 index 0000000000..a38b2e3cc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/category-seo-meta-tags-44b23b8882e9805e87909dc573565952.yaml @@ -0,0 +1,58 @@ +id: category-seo-meta-tags-44b23b8882e9805e87909dc573565952 + +info: + name: > + Category SEO Meta Tags <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6985a8bb-0ad5-4b02-9a95-9dbc6018dec0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/category-seo-meta-tags/" + google-query: inurl:"/wp-content/plugins/category-seo-meta-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,category-seo-meta-tags,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-seo-meta-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-seo-meta-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/category-specific-rss-feed-menu-0ff74c47b60a2c36a0f0a3f6185c5446.yaml b/nuclei-templates/cve-less/plugins/category-specific-rss-feed-menu-0ff74c47b60a2c36a0f0a3f6185c5446.yaml new file mode 100644 index 0000000000..80e819d6ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/category-specific-rss-feed-menu-0ff74c47b60a2c36a0f0a3f6185c5446.yaml @@ -0,0 +1,58 @@ +id: category-specific-rss-feed-menu-0ff74c47b60a2c36a0f0a3f6185c5446 + +info: + name: > + Category Specific RSS feed Subscription <= 2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ad5db8f-c3c2-4b76-abc6-3d95e0567ab0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/category-specific-rss-feed-menu/" + google-query: inurl:"/wp-content/plugins/category-specific-rss-feed-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,category-specific-rss-feed-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-specific-rss-feed-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-specific-rss-feed-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/category-specific-rss-feed-menu-299c560ce9cc99513d88a13d89852030.yaml b/nuclei-templates/cve-less/plugins/category-specific-rss-feed-menu-299c560ce9cc99513d88a13d89852030.yaml new file mode 100644 index 0000000000..09afae83db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/category-specific-rss-feed-menu-299c560ce9cc99513d88a13d89852030.yaml @@ -0,0 +1,58 @@ +id: category-specific-rss-feed-menu-299c560ce9cc99513d88a13d89852030 + +info: + name: > + Category Specific RSS Feed Subscription <= 2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41e5de5d-fea6-4be0-bcf3-b282599317d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/category-specific-rss-feed-menu/" + google-query: inurl:"/wp-content/plugins/category-specific-rss-feed-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,category-specific-rss-feed-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-specific-rss-feed-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-specific-rss-feed-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/category-specific-rss-feed-menu-4f38551b81bcc12b9f18d5f308341508.yaml b/nuclei-templates/cve-less/plugins/category-specific-rss-feed-menu-4f38551b81bcc12b9f18d5f308341508.yaml new file mode 100644 index 0000000000..06e3930385 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/category-specific-rss-feed-menu-4f38551b81bcc12b9f18d5f308341508.yaml @@ -0,0 +1,58 @@ +id: category-specific-rss-feed-menu-4f38551b81bcc12b9f18d5f308341508 + +info: + name: > + Category Specific RSS feed Subscription <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ac9c146-5065-46fc-b2ae-20b820a8016b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/category-specific-rss-feed-menu/" + google-query: inurl:"/wp-content/plugins/category-specific-rss-feed-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,category-specific-rss-feed-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/category-specific-rss-feed-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "category-specific-rss-feed-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cbcurrencyconverter-6ab6a237cf19832f12a2229f950a0a08.yaml b/nuclei-templates/cve-less/plugins/cbcurrencyconverter-6ab6a237cf19832f12a2229f950a0a08.yaml new file mode 100644 index 0000000000..9f51fe5545 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cbcurrencyconverter-6ab6a237cf19832f12a2229f950a0a08.yaml @@ -0,0 +1,58 @@ +id: cbcurrencyconverter-6ab6a237cf19832f12a2229f950a0a08 + +info: + name: > + CBX Currency Converter <= 3.0.3 - Cross-Site Request Forgery leading to Plugin Settings Leakage/Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/711d2c4d-700d-4d6e-911f-99abf86eff32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cbcurrencyconverter/" + google-query: inurl:"/wp-content/plugins/cbcurrencyconverter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cbcurrencyconverter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cbcurrencyconverter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cbcurrencyconverter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cbi-referral-manager-20bdedbec4b7794610e6cc496e884cca.yaml b/nuclei-templates/cve-less/plugins/cbi-referral-manager-20bdedbec4b7794610e6cc496e884cca.yaml new file mode 100644 index 0000000000..4e080d7154 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cbi-referral-manager-20bdedbec4b7794610e6cc496e884cca.yaml @@ -0,0 +1,58 @@ +id: cbi-referral-manager-20bdedbec4b7794610e6cc496e884cca + +info: + name: > + CBI Referral Manager <= 1.2.1 Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bc9d02d-7916-4845-bb9d-f5eb2666b772?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cbi-referral-manager/" + google-query: inurl:"/wp-content/plugins/cbi-referral-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cbi-referral-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cbi-referral-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cbi-referral-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cbxgooglemap-3af00e1da087fccdad50b389a0a1a76d.yaml b/nuclei-templates/cve-less/plugins/cbxgooglemap-3af00e1da087fccdad50b389a0a1a76d.yaml new file mode 100644 index 0000000000..24b44c3842 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cbxgooglemap-3af00e1da087fccdad50b389a0a1a76d.yaml @@ -0,0 +1,58 @@ +id: cbxgooglemap-3af00e1da087fccdad50b389a0a1a76d + +info: + name: > + CBX Map for Google Map & OpenStreetMap <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fc860d4-fa26-489a-acd5-edbf7116d817?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cbxgooglemap/" + google-query: inurl:"/wp-content/plugins/cbxgooglemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cbxgooglemap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cbxgooglemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cbxgooglemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cbxgooglemap-4965c11c4afc77625d19c06034b78a11.yaml b/nuclei-templates/cve-less/plugins/cbxgooglemap-4965c11c4afc77625d19c06034b78a11.yaml new file mode 100644 index 0000000000..8d46cdb538 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cbxgooglemap-4965c11c4afc77625d19c06034b78a11.yaml @@ -0,0 +1,58 @@ +id: cbxgooglemap-4965c11c4afc77625d19c06034b78a11 + +info: + name: > + CBX Map for Google Map & OpenStreetMap <= 1.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa5505b7-2d9e-4a03-9655-75d004f53259?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cbxgooglemap/" + google-query: inurl:"/wp-content/plugins/cbxgooglemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cbxgooglemap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cbxgooglemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cbxgooglemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cbxpetition-a3872c1aa8a56f8dfa0964ede1e7d0e0.yaml b/nuclei-templates/cve-less/plugins/cbxpetition-a3872c1aa8a56f8dfa0964ede1e7d0e0.yaml new file mode 100644 index 0000000000..b69298bf6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cbxpetition-a3872c1aa8a56f8dfa0964ede1e7d0e0.yaml @@ -0,0 +1,58 @@ +id: cbxpetition-a3872c1aa8a56f8dfa0964ede1e7d0e0 + +info: + name: > + CBX Petition for WordPress <= 1.0.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f380786-7fd8-4a01-b491-63a2c6098a9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cbxpetition/" + google-query: inurl:"/wp-content/plugins/cbxpetition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cbxpetition,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cbxpetition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cbxpetition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cbxwpbookmark-4eab0b03120e29e0608c25e79fc1f7b1.yaml b/nuclei-templates/cve-less/plugins/cbxwpbookmark-4eab0b03120e29e0608c25e79fc1f7b1.yaml new file mode 100644 index 0000000000..b680715b3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cbxwpbookmark-4eab0b03120e29e0608c25e79fc1f7b1.yaml @@ -0,0 +1,58 @@ +id: cbxwpbookmark-4eab0b03120e29e0608c25e79fc1f7b1 + +info: + name: > + CBX Bookmark & Favorite <= 1.7.20 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9affd2b9-9576-435e-931d-f60816af0b91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cbxwpbookmark/" + google-query: inurl:"/wp-content/plugins/cbxwpbookmark/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cbxwpbookmark,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cbxwpbookmark/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cbxwpbookmark" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cbxwpbookmark-c8761ad8d517d60679bd97ecd8a6c050.yaml b/nuclei-templates/cve-less/plugins/cbxwpbookmark-c8761ad8d517d60679bd97ecd8a6c050.yaml new file mode 100644 index 0000000000..efa41be447 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cbxwpbookmark-c8761ad8d517d60679bd97ecd8a6c050.yaml @@ -0,0 +1,58 @@ +id: cbxwpbookmark-c8761ad8d517d60679bd97ecd8a6c050 + +info: + name: > + CBX Bookmark & Favorite <= 1.7.21 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04a6f9f1-1a59-482c-8a42-6f41e4c41cb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cbxwpbookmark/" + google-query: inurl:"/wp-content/plugins/cbxwpbookmark/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cbxwpbookmark,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cbxwpbookmark/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cbxwpbookmark" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cbxwpbookmark-de7d8d5a0d1dee1ddf8eeecb2547d31f.yaml b/nuclei-templates/cve-less/plugins/cbxwpbookmark-de7d8d5a0d1dee1ddf8eeecb2547d31f.yaml new file mode 100644 index 0000000000..56fda1e101 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cbxwpbookmark-de7d8d5a0d1dee1ddf8eeecb2547d31f.yaml @@ -0,0 +1,58 @@ +id: cbxwpbookmark-de7d8d5a0d1dee1ddf8eeecb2547d31f + +info: + name: > + CBX Bookmark & Favorite <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cddda02e-c36f-4ed8-b3ac-6cb3f17c6ce2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cbxwpbookmark/" + google-query: inurl:"/wp-content/plugins/cbxwpbookmark/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cbxwpbookmark,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cbxwpbookmark/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cbxwpbookmark" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cc-bmi-calculator-3049339e7a57ef7848a40fe1f1e47b95.yaml b/nuclei-templates/cve-less/plugins/cc-bmi-calculator-3049339e7a57ef7848a40fe1f1e47b95.yaml new file mode 100644 index 0000000000..a83f1e56be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cc-bmi-calculator-3049339e7a57ef7848a40fe1f1e47b95.yaml @@ -0,0 +1,58 @@ +id: cc-bmi-calculator-3049339e7a57ef7848a40fe1f1e47b95 + +info: + name: > + CC BMI Calculator <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed0e7717-d9ac-4333-8e79-fc030a410dab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cc-bmi-calculator/" + google-query: inurl:"/wp-content/plugins/cc-bmi-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cc-bmi-calculator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cc-bmi-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cc-bmi-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cc-child-pages-16f9ec159f7aada4bb87cabf3c4d9411.yaml b/nuclei-templates/cve-less/plugins/cc-child-pages-16f9ec159f7aada4bb87cabf3c4d9411.yaml new file mode 100644 index 0000000000..957e42bc90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cc-child-pages-16f9ec159f7aada4bb87cabf3c4d9411.yaml @@ -0,0 +1,58 @@ +id: cc-child-pages-16f9ec159f7aada4bb87cabf3c4d9411 + +info: + name: > + CC Child Pages <= 1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40a94a1e-da9e-4173-a21d-106d859c7f8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cc-child-pages/" + google-query: inurl:"/wp-content/plugins/cc-child-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cc-child-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cc-child-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cc-child-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cc-coming-soon-61f33b76950c42b803451a29637fa07c.yaml b/nuclei-templates/cve-less/plugins/cc-coming-soon-61f33b76950c42b803451a29637fa07c.yaml new file mode 100644 index 0000000000..5867179c99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cc-coming-soon-61f33b76950c42b803451a29637fa07c.yaml @@ -0,0 +1,58 @@ +id: cc-coming-soon-61f33b76950c42b803451a29637fa07c + +info: + name: > + Coming Soon Chop Chop <= 2.2.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ae4ffe1-ecb6-4bde-8ac4-baeea82a0299?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cc-coming-soon/" + google-query: inurl:"/wp-content/plugins/cc-coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cc-coming-soon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cc-coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cc-coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cc-custom-taxonmy-bc617b508aff51ac43ff170f5e7c19e9.yaml b/nuclei-templates/cve-less/plugins/cc-custom-taxonmy-bc617b508aff51ac43ff170f5e7c19e9.yaml new file mode 100644 index 0000000000..4c25ef55cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cc-custom-taxonmy-bc617b508aff51ac43ff170f5e7c19e9.yaml @@ -0,0 +1,58 @@ +id: cc-custom-taxonmy-bc617b508aff51ac43ff170f5e7c19e9 + +info: + name: > + CC Custom Taxonomy <= 1.0.1 - Authenticated (Administrator+) Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/facfa21a-4136-4161-ac39-8b18948ec073?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cc-custom-taxonmy/" + google-query: inurl:"/wp-content/plugins/cc-custom-taxonmy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cc-custom-taxonmy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cc-custom-taxonmy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cc-custom-taxonmy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cdnvote-0c5cfe7358bda15b692d66201e48f291.yaml b/nuclei-templates/cve-less/plugins/cdnvote-0c5cfe7358bda15b692d66201e48f291.yaml new file mode 100644 index 0000000000..ee51229b0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cdnvote-0c5cfe7358bda15b692d66201e48f291.yaml @@ -0,0 +1,58 @@ +id: cdnvote-0c5cfe7358bda15b692d66201e48f291 + +info: + name: > + CDN Vote < 0.4.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dac658b5-4253-4095-9fda-4d3cdc7f7e2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cdnvote/" + google-query: inurl:"/wp-content/plugins/cdnvote/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cdnvote,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cdnvote/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cdnvote" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cds-simple-seo-0a5cc290bf065b9d61dd8d6424548f9c.yaml b/nuclei-templates/cve-less/plugins/cds-simple-seo-0a5cc290bf065b9d61dd8d6424548f9c.yaml new file mode 100644 index 0000000000..acdfea3aa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cds-simple-seo-0a5cc290bf065b9d61dd8d6424548f9c.yaml @@ -0,0 +1,58 @@ +id: cds-simple-seo-0a5cc290bf065b9d61dd8d6424548f9c + +info: + name: > + Simple SEO <= 1.8.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0c646b7-8f4d-4966-b866-8764ca98af35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cds-simple-seo/" + google-query: inurl:"/wp-content/plugins/cds-simple-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cds-simple-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cds-simple-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cds-simple-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cds-simple-seo-5acab9ad0ccb5e44fc932f6fa0ba244a.yaml b/nuclei-templates/cve-less/plugins/cds-simple-seo-5acab9ad0ccb5e44fc932f6fa0ba244a.yaml new file mode 100644 index 0000000000..ccf0d3009e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cds-simple-seo-5acab9ad0ccb5e44fc932f6fa0ba244a.yaml @@ -0,0 +1,58 @@ +id: cds-simple-seo-5acab9ad0ccb5e44fc932f6fa0ba244a + +info: + name: > + Simple SEO <= 1.7.91 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59bc1c34-15f4-473b-a988-a1c80997e438?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cds-simple-seo/" + google-query: inurl:"/wp-content/plugins/cds-simple-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cds-simple-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cds-simple-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cds-simple-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.91') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cds-simple-seo-7a3d9d99e440e4df9bd78305e509f883.yaml b/nuclei-templates/cve-less/plugins/cds-simple-seo-7a3d9d99e440e4df9bd78305e509f883.yaml new file mode 100644 index 0000000000..e46e58b6b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cds-simple-seo-7a3d9d99e440e4df9bd78305e509f883.yaml @@ -0,0 +1,58 @@ +id: cds-simple-seo-7a3d9d99e440e4df9bd78305e509f883 + +info: + name: > + Simple SEO <= 1.8.12 - Cross-Site Request Forgery to Sitemap Deletion/Creation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bc34490-66a1-4e43-83a4-b6e680237008?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cds-simple-seo/" + google-query: inurl:"/wp-content/plugins/cds-simple-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cds-simple-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cds-simple-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cds-simple-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cds-simple-seo-901981c5d4aab63f7790ceb08b75d467.yaml b/nuclei-templates/cve-less/plugins/cds-simple-seo-901981c5d4aab63f7790ceb08b75d467.yaml new file mode 100644 index 0000000000..51ee844859 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cds-simple-seo-901981c5d4aab63f7790ceb08b75d467.yaml @@ -0,0 +1,58 @@ +id: cds-simple-seo-901981c5d4aab63f7790ceb08b75d467 + +info: + name: > + Simple SEO <= 2.0.25 - Cross-Site Request Forgery via multiple admin_post functions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/053b72c6-07bb-4e9f-ae25-da4bce91ae6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cds-simple-seo/" + google-query: inurl:"/wp-content/plugins/cds-simple-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cds-simple-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cds-simple-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cds-simple-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf-geoplugin-51cc9e8778ef47abd167df4053287906.yaml b/nuclei-templates/cve-less/plugins/cf-geoplugin-51cc9e8778ef47abd167df4053287906.yaml new file mode 100644 index 0000000000..3c5762243e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf-geoplugin-51cc9e8778ef47abd167df4053287906.yaml @@ -0,0 +1,58 @@ +id: cf-geoplugin-51cc9e8778ef47abd167df4053287906 + +info: + name: > + Geo Controller <= 8.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6faf7e36-52d7-4578-bb71-2b64a761692b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf-geoplugin/" + google-query: inurl:"/wp-content/plugins/cf-geoplugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf-geoplugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf-geoplugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf-geoplugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf-geoplugin-682168a7f6b8d8c54e16ca072c08d0b8.yaml b/nuclei-templates/cve-less/plugins/cf-geoplugin-682168a7f6b8d8c54e16ca072c08d0b8.yaml new file mode 100644 index 0000000000..0029750c40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf-geoplugin-682168a7f6b8d8c54e16ca072c08d0b8.yaml @@ -0,0 +1,58 @@ +id: cf-geoplugin-682168a7f6b8d8c54e16ca072c08d0b8 + +info: + name: > + Geo Controller <= 8.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e4dd2c-5f6a-4bce-a46b-7bdd9d460804?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf-geoplugin/" + google-query: inurl:"/wp-content/plugins/cf-geoplugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf-geoplugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf-geoplugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf-geoplugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf-geoplugin-dc2ceae7a9d01dd85dd05b54d27673ad.yaml b/nuclei-templates/cve-less/plugins/cf-geoplugin-dc2ceae7a9d01dd85dd05b54d27673ad.yaml new file mode 100644 index 0000000000..c864700c5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf-geoplugin-dc2ceae7a9d01dd85dd05b54d27673ad.yaml @@ -0,0 +1,58 @@ +id: cf-geoplugin-dc2ceae7a9d01dd85dd05b54d27673ad + +info: + name: > + Geo Controller <= 8.6.4 - Unauthenticated PHP Object Injection via shortcode REST API Route + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f00bbab-ef84-42cf-baa7-23c434416981?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf-geoplugin/" + google-query: inurl:"/wp-content/plugins/cf-geoplugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf-geoplugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf-geoplugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf-geoplugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-antispam-e8894e8512ac5d54a44ce89e1645ca1f.yaml b/nuclei-templates/cve-less/plugins/cf7-antispam-e8894e8512ac5d54a44ce89e1645ca1f.yaml new file mode 100644 index 0000000000..4fecee4818 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-antispam-e8894e8512ac5d54a44ce89e1645ca1f.yaml @@ -0,0 +1,58 @@ +id: cf7-antispam-e8894e8512ac5d54a44ce89e1645ca1f + +info: + name: > + AntiSpam for Contact Form 7 <= 0.6.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6b289c2-0e04-43b1-baf1-6a594cc47ea0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-antispam/" + google-query: inurl:"/wp-content/plugins/cf7-antispam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-antispam,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-antispam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-antispam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-conditional-fields-c2bf3837de0efe09eb976b0292e9ae9c.yaml b/nuclei-templates/cve-less/plugins/cf7-conditional-fields-c2bf3837de0efe09eb976b0292e9ae9c.yaml new file mode 100644 index 0000000000..3aed32db23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-conditional-fields-c2bf3837de0efe09eb976b0292e9ae9c.yaml @@ -0,0 +1,58 @@ +id: cf7-conditional-fields-c2bf3837de0efe09eb976b0292e9ae9c + +info: + name: > + Conditional Fields for Contact Form 7 <= 2.4.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cfd8b2d-cf2a-439d-9f9a-dbe499b1cd48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-conditional-fields/" + google-query: inurl:"/wp-content/plugins/cf7-conditional-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-conditional-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-conditional-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-conditional-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-constant-contact-d8e7f6cb9c19a44c84604c82e55187be.yaml b/nuclei-templates/cve-less/plugins/cf7-constant-contact-d8e7f6cb9c19a44c84604c82e55187be.yaml new file mode 100644 index 0000000000..6103004179 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-constant-contact-d8e7f6cb9c19a44c84604c82e55187be.yaml @@ -0,0 +1,58 @@ +id: cf7-constant-contact-d8e7f6cb9c19a44c84604c82e55187be + +info: + name: > + Integration for Contact Form 7 and Constant Contact <= 1.1.4 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c8404d2-7b37-40df-b756-328f827f273d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-constant-contact/" + google-query: inurl:"/wp-content/plugins/cf7-constant-contact/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-constant-contact,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-constant-contact/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-constant-contact" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-customizer-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/cf7-customizer-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..88ebe5b41c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-customizer-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: cf7-customizer-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-customizer/" + google-query: inurl:"/wp-content/plugins/cf7-customizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-database-406a8beae5e2073e89eddace606a906a.yaml b/nuclei-templates/cve-less/plugins/cf7-database-406a8beae5e2073e89eddace606a906a.yaml new file mode 100644 index 0000000000..aeb57efb68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-database-406a8beae5e2073e89eddace606a906a.yaml @@ -0,0 +1,58 @@ +id: cf7-database-406a8beae5e2073e89eddace606a906a + +info: + name: > + Database for Contact Form 7 <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a496d065-5821-4128-9363-79f388fdd246?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-database/" + google-query: inurl:"/wp-content/plugins/cf7-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-database,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-field-validation-779ca838360ffafbdcec116be7a4214b.yaml b/nuclei-templates/cve-less/plugins/cf7-field-validation-779ca838360ffafbdcec116be7a4214b.yaml new file mode 100644 index 0000000000..5f1d773714 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-field-validation-779ca838360ffafbdcec116be7a4214b.yaml @@ -0,0 +1,58 @@ +id: cf7-field-validation-779ca838360ffafbdcec116be7a4214b + +info: + name: > + Contact form 7 Custom validation <= 1.1.3 - Unauthenticated SQL Injection via 'post' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbfc52a4-6c9d-480b-9247-1513318ff84b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-field-validation/" + google-query: inurl:"/wp-content/plugins/cf7-field-validation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-field-validation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-field-validation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-field-validation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-file-download-d3779debb6d6eb8ad0d25988128d76ec.yaml b/nuclei-templates/cve-less/plugins/cf7-file-download-d3779debb6d6eb8ad0d25988128d76ec.yaml new file mode 100644 index 0000000000..a900da017c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-file-download-d3779debb6d6eb8ad0d25988128d76ec.yaml @@ -0,0 +1,58 @@ +id: cf7-file-download-d3779debb6d6eb8ad0d25988128d76ec + +info: + name: > + CF7 File Download – File Download for CF7 <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a04652bc-f815-4840-b791-3fb12d3b4f7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-file-download/" + google-query: inurl:"/wp-content/plugins/cf7-file-download/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-file-download,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-file-download/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-file-download" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-google-sheets-connector-1ed11c7c0b7e8b4ad6e63123437cef8f.yaml b/nuclei-templates/cve-less/plugins/cf7-google-sheets-connector-1ed11c7c0b7e8b4ad6e63123437cef8f.yaml new file mode 100644 index 0000000000..9c5f7d31a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-google-sheets-connector-1ed11c7c0b7e8b4ad6e63123437cef8f.yaml @@ -0,0 +1,58 @@ +id: cf7-google-sheets-connector-1ed11c7c0b7e8b4ad6e63123437cef8f + +info: + name: > + CF7 Google Sheets Connector <= 5.0.1 - Reflected Cross-Site Scripting via 'code' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c6b2c4b-5ea5-471d-9114-d2b469b6c59b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-google-sheets-connector/" + google-query: inurl:"/wp-content/plugins/cf7-google-sheets-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-google-sheets-connector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-google-sheets-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-google-sheets-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-google-sheets-connector-3ba45c08f1c81a3b4f346669dc635f8c.yaml b/nuclei-templates/cve-less/plugins/cf7-google-sheets-connector-3ba45c08f1c81a3b4f346669dc635f8c.yaml new file mode 100644 index 0000000000..346a8e747b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-google-sheets-connector-3ba45c08f1c81a3b4f346669dc635f8c.yaml @@ -0,0 +1,58 @@ +id: cf7-google-sheets-connector-3ba45c08f1c81a3b4f346669dc635f8c + +info: + name: > + CF7 Google Sheets Connector <= 5.0.5 - Unauthenticated Sensitive Information Exposure via Debug Log + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fad510b7-85f4-4cae-aaf0-eb68a32cf1b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-google-sheets-connector/" + google-query: inurl:"/wp-content/plugins/cf7-google-sheets-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-google-sheets-connector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-google-sheets-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-google-sheets-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-google-sheets-connector-pro-1ed11c7c0b7e8b4ad6e63123437cef8f.yaml b/nuclei-templates/cve-less/plugins/cf7-google-sheets-connector-pro-1ed11c7c0b7e8b4ad6e63123437cef8f.yaml new file mode 100644 index 0000000000..961e95e028 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-google-sheets-connector-pro-1ed11c7c0b7e8b4ad6e63123437cef8f.yaml @@ -0,0 +1,58 @@ +id: cf7-google-sheets-connector-pro-1ed11c7c0b7e8b4ad6e63123437cef8f + +info: + name: > + CF7 Google Sheets Connector <= 5.0.1 - Reflected Cross-Site Scripting via 'code' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c6b2c4b-5ea5-471d-9114-d2b469b6c59b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-google-sheets-connector-pro/" + google-query: inurl:"/wp-content/plugins/cf7-google-sheets-connector-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-google-sheets-connector-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-google-sheets-connector-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-google-sheets-connector-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-hubspot-78d1a3ea4011830cf6a4045c4e76d9c4.yaml b/nuclei-templates/cve-less/plugins/cf7-hubspot-78d1a3ea4011830cf6a4045c4e76d9c4.yaml new file mode 100644 index 0000000000..7d3300b562 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-hubspot-78d1a3ea4011830cf6a4045c4e76d9c4.yaml @@ -0,0 +1,58 @@ +id: cf7-hubspot-78d1a3ea4011830cf6a4045c4e76d9c4 + +info: + name: > + Integration for Contact Form 7 HubSpot <= 1.2.8 - Open Redirect via state parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a60a9981-c945-4438-a844-f7942b86c4c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-hubspot/" + google-query: inurl:"/wp-content/plugins/cf7-hubspot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-hubspot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-hubspot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-hubspot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-invisible-recaptcha-4e7be8550ac4c225de3b247432067648.yaml b/nuclei-templates/cve-less/plugins/cf7-invisible-recaptcha-4e7be8550ac4c225de3b247432067648.yaml new file mode 100644 index 0000000000..532707e85b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-invisible-recaptcha-4e7be8550ac4c225de3b247432067648.yaml @@ -0,0 +1,58 @@ +id: cf7-invisible-recaptcha-4e7be8550ac4c225de3b247432067648 + +info: + name: > + CF7 Invisible reCAPTCHA <= 1.3.3 - Cross-Site Request Forgery via vsz_cf7_invisible_recaptcha_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fa1048e-bdcd-41d1-a7c4-196731a60843?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-invisible-recaptcha/" + google-query: inurl:"/wp-content/plugins/cf7-invisible-recaptcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-invisible-recaptcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-invisible-recaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-invisible-recaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-invisible-recaptcha-aed7ae7e4d2ac15e64bf03771c3aeb20.yaml b/nuclei-templates/cve-less/plugins/cf7-invisible-recaptcha-aed7ae7e4d2ac15e64bf03771c3aeb20.yaml new file mode 100644 index 0000000000..42d9c90f3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-invisible-recaptcha-aed7ae7e4d2ac15e64bf03771c3aeb20.yaml @@ -0,0 +1,58 @@ +id: cf7-invisible-recaptcha-aed7ae7e4d2ac15e64bf03771c3aeb20 + +info: + name: > + CF7 Invisible reCAPTCHA < 1.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a95f73a-eaf7-4b8c-b127-0ceef87c80fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-invisible-recaptcha/" + google-query: inurl:"/wp-content/plugins/cf7-invisible-recaptcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-invisible-recaptcha,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-invisible-recaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-invisible-recaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-live-preview-a6d4da7080e5e33e606a2bdd628cb1b5.yaml b/nuclei-templates/cve-less/plugins/cf7-live-preview-a6d4da7080e5e33e606a2bdd628cb1b5.yaml new file mode 100644 index 0000000000..c6c84ec560 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-live-preview-a6d4da7080e5e33e606a2bdd628cb1b5.yaml @@ -0,0 +1,58 @@ +id: cf7-live-preview-a6d4da7080e5e33e606a2bdd628cb1b5 + +info: + name: > + Live Preview for Contact Form 7 <= 1.2.0 - Missing Authorization via update_option + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89dbf14f-1cc8-4a66-b3d3-3568cba9a0aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-live-preview/" + google-query: inurl:"/wp-content/plugins/cf7-live-preview/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-live-preview,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-live-preview/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-live-preview" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-redirect-thank-you-page-1adae250456b8ff3c36bf7b47cd9ad26.yaml b/nuclei-templates/cve-less/plugins/cf7-redirect-thank-you-page-1adae250456b8ff3c36bf7b47cd9ad26.yaml new file mode 100644 index 0000000000..8d33633147 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-redirect-thank-you-page-1adae250456b8ff3c36bf7b47cd9ad26.yaml @@ -0,0 +1,58 @@ +id: cf7-redirect-thank-you-page-1adae250456b8ff3c36bf7b47cd9ad26 + +info: + name: > + Contact Form 7 Redirect & Thank You Page <= 1.0.3 - Cross-Site Request Forgery via cf7rl_admin_table + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99f831f2-fb96-4dc8-ba3d-6015fbc7e2e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-redirect-thank-you-page/" + google-query: inurl:"/wp-content/plugins/cf7-redirect-thank-you-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-redirect-thank-you-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-redirect-thank-you-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-redirect-thank-you-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-salesforce-f6809789bc3db192511a7eb7008b1a2b.yaml b/nuclei-templates/cve-less/plugins/cf7-salesforce-f6809789bc3db192511a7eb7008b1a2b.yaml new file mode 100644 index 0000000000..341520dc2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-salesforce-f6809789bc3db192511a7eb7008b1a2b.yaml @@ -0,0 +1,58 @@ +id: cf7-salesforce-f6809789bc3db192511a7eb7008b1a2b + +info: + name: > + Integration for Contact Form 7 and Salesforce <= 1.3.3 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e64a688c-c150-4b10-81ef-bbe7f6dd1b8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-salesforce/" + google-query: inurl:"/wp-content/plugins/cf7-salesforce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-salesforce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-salesforce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-salesforce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-store-to-db-lite-457136e7a482f19e1fb7eda420cd0512.yaml b/nuclei-templates/cve-less/plugins/cf7-store-to-db-lite-457136e7a482f19e1fb7eda420cd0512.yaml new file mode 100644 index 0000000000..08d7ce60a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-store-to-db-lite-457136e7a482f19e1fb7eda420cd0512.yaml @@ -0,0 +1,58 @@ +id: cf7-store-to-db-lite-457136e7a482f19e1fb7eda420cd0512 + +info: + name: > + Form Store to DB <= 1.1.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f0f50e0-7015-4f00-880b-6eb94961177f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-store-to-db-lite/" + google-query: inurl:"/wp-content/plugins/cf7-store-to-db-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-store-to-db-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-store-to-db-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-store-to-db-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-widget-elementor-0a3c0452d5847fbc8bf97c2978948097.yaml b/nuclei-templates/cve-less/plugins/cf7-widget-elementor-0a3c0452d5847fbc8bf97c2978948097.yaml new file mode 100644 index 0000000000..9341aab756 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-widget-elementor-0a3c0452d5847fbc8bf97c2978948097.yaml @@ -0,0 +1,58 @@ +id: cf7-widget-elementor-0a3c0452d5847fbc8bf97c2978948097 + +info: + name: > + Void Contact Form 7 Widget For Elementor Page Builder <= 2.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93784c84-93b3-4f43-84a0-5aeed3ba9cfd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-widget-elementor/" + google-query: inurl:"/wp-content/plugins/cf7-widget-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-widget-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-widget-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-widget-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-widget-elementor-f7129e84ad88621ffd1e743ea53941ad.yaml b/nuclei-templates/cve-less/plugins/cf7-widget-elementor-f7129e84ad88621ffd1e743ea53941ad.yaml new file mode 100644 index 0000000000..60ea7d12a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-widget-elementor-f7129e84ad88621ffd1e743ea53941ad.yaml @@ -0,0 +1,58 @@ +id: cf7-widget-elementor-f7129e84ad88621ffd1e743ea53941ad + +info: + name: > + Void Contact Form 7 Widget For Elementor Page Builder <= 2.1.1 - Cross-Site Request Forgery in void_cf7_opt_in_user_data_track + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56a2084c-5120-4115-a027-625900d23ebc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-widget-elementor/" + google-query: inurl:"/wp-content/plugins/cf7-widget-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-widget-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-widget-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-widget-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-zoho-1e95da79eb44567d35aa35ba90fa7af9.yaml b/nuclei-templates/cve-less/plugins/cf7-zoho-1e95da79eb44567d35aa35ba90fa7af9.yaml new file mode 100644 index 0000000000..6e996b29ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-zoho-1e95da79eb44567d35aa35ba90fa7af9.yaml @@ -0,0 +1,58 @@ +id: cf7-zoho-1e95da79eb44567d35aa35ba90fa7af9 + +info: + name: > + Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.2 - Cross-Site Request Forgery via settings_page function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bb330be-f12c-475c-97b6-745a1e6edb58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-zoho/" + google-query: inurl:"/wp-content/plugins/cf7-zoho/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-zoho,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-zoho/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-zoho" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cf7-zoho-2fe05eeb0f074422838b91d061a270ed.yaml b/nuclei-templates/cve-less/plugins/cf7-zoho-2fe05eeb0f074422838b91d061a270ed.yaml new file mode 100644 index 0000000000..32182242f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cf7-zoho-2fe05eeb0f074422838b91d061a270ed.yaml @@ -0,0 +1,58 @@ +id: cf7-zoho-2fe05eeb0f074422838b91d061a270ed + +info: + name: > + Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.2.3 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b4e6dae-f38c-4f5b-ae1d-cf998946c675?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cf7-zoho/" + google-query: inurl:"/wp-content/plugins/cf7-zoho/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cf7-zoho,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cf7-zoho/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cf7-zoho" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms-8e029958bdc3ff72cf62f3277afe0ddc.yaml b/nuclei-templates/cve-less/plugins/cforms-8e029958bdc3ff72cf62f3277afe0ddc.yaml new file mode 100644 index 0000000000..b7aa7a425b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms-8e029958bdc3ff72cf62f3277afe0ddc.yaml @@ -0,0 +1,58 @@ +id: cforms-8e029958bdc3ff72cf62f3277afe0ddc + +info: + name: > + cformsII <= 10.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7b694f-8926-4bba-be77-42ade5d1c3b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms/" + google-query: inurl:"/wp-content/plugins/cforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 10.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms-ad9f5965c16c8246b424703d21435589.yaml b/nuclei-templates/cve-less/plugins/cforms-ad9f5965c16c8246b424703d21435589.yaml new file mode 100644 index 0000000000..8c2bd2dab4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms-ad9f5965c16c8246b424703d21435589.yaml @@ -0,0 +1,58 @@ +id: cforms-ad9f5965c16c8246b424703d21435589 + +info: + name: > + Cforms <= 10.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cbd3bf0-6b20-41c2-8265-786dbba123d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms/" + google-query: inurl:"/wp-content/plugins/cforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms2-0a7e50f278580c630584ee885abf7fbb.yaml b/nuclei-templates/cve-less/plugins/cforms2-0a7e50f278580c630584ee885abf7fbb.yaml new file mode 100644 index 0000000000..f94b49a3fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms2-0a7e50f278580c630584ee885abf7fbb.yaml @@ -0,0 +1,58 @@ +id: cforms2-0a7e50f278580c630584ee885abf7fbb + +info: + name: > + cformsII < 14.6.10 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/361f3fec-7176-4a25-943b-44a44dd77784?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms2/" + google-query: inurl:"/wp-content/plugins/cforms2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms2,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 14.6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms2-435be2da19b4391be47c1eff3c320bfa.yaml b/nuclei-templates/cve-less/plugins/cforms2-435be2da19b4391be47c1eff3c320bfa.yaml new file mode 100644 index 0000000000..f5bba75da7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms2-435be2da19b4391be47c1eff3c320bfa.yaml @@ -0,0 +1,58 @@ +id: cforms2-435be2da19b4391be47c1eff3c320bfa + +info: + name: > + CformsII <=11.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a32c6c0c-4a4a-44c7-9724-153467699b3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms2/" + google-query: inurl:"/wp-content/plugins/cforms2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms2,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms2-6e2fc253c488c9fb6b9867ac9b52ef35.yaml b/nuclei-templates/cve-less/plugins/cforms2-6e2fc253c488c9fb6b9867ac9b52ef35.yaml new file mode 100644 index 0000000000..b1278c2d8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms2-6e2fc253c488c9fb6b9867ac9b52ef35.yaml @@ -0,0 +1,58 @@ +id: cforms2-6e2fc253c488c9fb6b9867ac9b52ef35 + +info: + name: > + cformsII <= 14.13.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab3ea93a-521a-45af-ac67-9f4417f3db59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms2/" + google-query: inurl:"/wp-content/plugins/cforms2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms2,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms2-746dbfeca03bdbf3d2fc4d83e4a0ed40.yaml b/nuclei-templates/cve-less/plugins/cforms2-746dbfeca03bdbf3d2fc4d83e4a0ed40.yaml new file mode 100644 index 0000000000..95e5bccafd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms2-746dbfeca03bdbf3d2fc4d83e4a0ed40.yaml @@ -0,0 +1,58 @@ +id: cforms2-746dbfeca03bdbf3d2fc4d83e4a0ed40 + +info: + name: > + CformsII <= 15.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72800e9b-8e2c-4725-9a87-a9b187ad5967?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms2/" + google-query: inurl:"/wp-content/plugins/cforms2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms2,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 15.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms2-84b6699e5f738c5aa2a22a553abe9531.yaml b/nuclei-templates/cve-less/plugins/cforms2-84b6699e5f738c5aa2a22a553abe9531.yaml new file mode 100644 index 0000000000..028a7075eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms2-84b6699e5f738c5aa2a22a553abe9531.yaml @@ -0,0 +1,58 @@ +id: cforms2-84b6699e5f738c5aa2a22a553abe9531 + +info: + name: > + cformsII <= 14.12.3 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f533b3a-6d25-4c74-929f-ee4ee3a62926?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms2/" + google-query: inurl:"/wp-content/plugins/cforms2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms2,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 14.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms2-8564fd78eda1e5e95c5755fd00c36fad.yaml b/nuclei-templates/cve-less/plugins/cforms2-8564fd78eda1e5e95c5755fd00c36fad.yaml new file mode 100644 index 0000000000..8e8fbb5c30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms2-8564fd78eda1e5e95c5755fd00c36fad.yaml @@ -0,0 +1,58 @@ +id: cforms2-8564fd78eda1e5e95c5755fd00c36fad + +info: + name: > + CformsII <= 15.0.5 - Unauthenticated stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/097fdc88-9424-4de9-9a03-d4ea724da13f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms2/" + google-query: inurl:"/wp-content/plugins/cforms2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms2,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 15.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms2-9a7daf03bb65349e79adecac5d21db12.yaml b/nuclei-templates/cve-less/plugins/cforms2-9a7daf03bb65349e79adecac5d21db12.yaml new file mode 100644 index 0000000000..d6d131aed3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms2-9a7daf03bb65349e79adecac5d21db12.yaml @@ -0,0 +1,58 @@ +id: cforms2-9a7daf03bb65349e79adecac5d21db12 + +info: + name: > + cformsII <= 15.0.4 - Cross-Site Request Forgery leading to Settings Updates + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5798de72-b589-4474-82b2-df6ef26325a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms2/" + google-query: inurl:"/wp-content/plugins/cforms2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms2,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 15.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms2-b4c6a4aeabe2851a3af8facd90e9e06e.yaml b/nuclei-templates/cve-less/plugins/cforms2-b4c6a4aeabe2851a3af8facd90e9e06e.yaml new file mode 100644 index 0000000000..10c1d2a8af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms2-b4c6a4aeabe2851a3af8facd90e9e06e.yaml @@ -0,0 +1,58 @@ +id: cforms2-b4c6a4aeabe2851a3af8facd90e9e06e + +info: + name: > + CformsII <= 15.0.1 - Unauthenticated HTML Injection & Cross-Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acff00f2-586d-474c-8dec-f27c488e9045?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms2/" + google-query: inurl:"/wp-content/plugins/cforms2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms2,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 15.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms2-f8d3e5b9686014f5cd0d4b3b339a644d.yaml b/nuclei-templates/cve-less/plugins/cforms2-f8d3e5b9686014f5cd0d4b3b339a644d.yaml new file mode 100644 index 0000000000..2a2ac871f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms2-f8d3e5b9686014f5cd0d4b3b339a644d.yaml @@ -0,0 +1,58 @@ +id: cforms2-f8d3e5b9686014f5cd0d4b3b339a644d + +info: + name: > + cformsII < 14.8 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22356f42-af5e-4479-919c-9ceac42e686f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms2/" + google-query: inurl:"/wp-content/plugins/cforms2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms2,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 14.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cforms2-fe5830586f1fe4c6f5f3c3dcee633ecb.yaml b/nuclei-templates/cve-less/plugins/cforms2-fe5830586f1fe4c6f5f3c3dcee633ecb.yaml new file mode 100644 index 0000000000..1efdc0e2d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cforms2-fe5830586f1fe4c6f5f3c3dcee633ecb.yaml @@ -0,0 +1,58 @@ +id: cforms2-fe5830586f1fe4c6f5f3c3dcee633ecb + +info: + name: > + cformsII <= 13.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ab2882e-60c6-4eb9-91e7-3be4fa625711?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cforms2/" + google-query: inurl:"/wp-content/plugins/cforms2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cforms2,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cforms2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cforms2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cgc-maintenance-mode-16302374c3729c860ad18fd6cf163b27.yaml b/nuclei-templates/cve-less/plugins/cgc-maintenance-mode-16302374c3729c860ad18fd6cf163b27.yaml new file mode 100644 index 0000000000..77c5600c8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cgc-maintenance-mode-16302374c3729c860ad18fd6cf163b27.yaml @@ -0,0 +1,58 @@ +id: cgc-maintenance-mode-16302374c3729c860ad18fd6cf163b27 + +info: + name: > + CGC Maintenance Mode <= 1.2 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b05191b-4f4a-487a-9fbf-843a4787511e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cgc-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/cgc-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cgc-maintenance-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cgc-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cgc-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cgc-maintenance-mode-ba2f4df1d4ab7f80e3d41245c7258128.yaml b/nuclei-templates/cve-less/plugins/cgc-maintenance-mode-ba2f4df1d4ab7f80e3d41245c7258128.yaml new file mode 100644 index 0000000000..f5cd6718d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cgc-maintenance-mode-ba2f4df1d4ab7f80e3d41245c7258128.yaml @@ -0,0 +1,58 @@ +id: cgc-maintenance-mode-ba2f4df1d4ab7f80e3d41245c7258128 + +info: + name: > + CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cd5fa89-ed3b-4ac1-9200-9f5eb26cb534?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cgc-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/cgc-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cgc-maintenance-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cgc-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cgc-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-160920c3b93078e89551079e7b5eaf71.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-160920c3b93078e89551079e7b5eaf71.yaml new file mode 100644 index 0000000000..14bc59ce09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-160920c3b93078e89551079e7b5eaf71.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-160920c3b93078e89551079e7b5eaf71 + +info: + name: > + Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf96887c-6e0d-43d9-a3f2-88981adb4c98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-18bb670f149f3ce453ab41abb0ba94e6.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-18bb670f149f3ce453ab41abb0ba94e6.yaml new file mode 100644 index 0000000000..dc8fa38d1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-18bb670f149f3ce453ab41abb0ba94e6.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-18bb670f149f3ce453ab41abb0ba94e6 + +info: + name: > + Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Mailchimp API Key + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93a07027-1068-41fa-bd6b-74ccc0441a16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-1a479aba51042862bdb0c5caaca911dd.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-1a479aba51042862bdb0c5caaca911dd.yaml new file mode 100644 index 0000000000..43db7b7152 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-1a479aba51042862bdb0c5caaca911dd.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-1a479aba51042862bdb0c5caaca911dd + +info: + name: > + Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Arbitrary Quiz Deletion and Copying + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49333c6b-58f6-4d5a-a605-46484160175a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-2d3408ffedaf3db88a6330ec42f826f9.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-2d3408ffedaf3db88a6330ec42f826f9.yaml new file mode 100644 index 0000000000..2774a2f986 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-2d3408ffedaf3db88a6330ec42f826f9.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-2d3408ffedaf3db88a6330ec42f826f9 + +info: + name: > + Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via datef + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a316c0a-452a-4205-b79b-8bd911016ab2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-3202568d0ef30adfbc4903b533249872.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-3202568d0ef30adfbc4903b533249872.yaml new file mode 100644 index 0000000000..9d370afc48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-3202568d0ef30adfbc4903b533249872.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-3202568d0ef30adfbc4903b533249872 + +info: + name: > + Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via emailf + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6781b7b7-c11a-4328-8d14-ffafc2ccb127?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-328d39d28a95cf7b4841489a8ffe5709.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-328d39d28a95cf7b4841489a8ffe5709.yaml new file mode 100644 index 0000000000..24494036cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-328d39d28a95cf7b4841489a8ffe5709.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-328d39d28a95cf7b4841489a8ffe5709 + +info: + name: > + Chained Quiz <= 1.0.8.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6ef0c41-e498-4de6-a86a-d23f65a7a824?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-36a32b4cb0e29bcda79b2aacf4de5bad.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-36a32b4cb0e29bcda79b2aacf4de5bad.yaml new file mode 100644 index 0000000000..8d58ba583d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-36a32b4cb0e29bcda79b2aacf4de5bad.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-36a32b4cb0e29bcda79b2aacf4de5bad + +info: + name: > + Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via dnf + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8a49064-ad48-410e-9b32-f94109830ccf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-465e906926b7ad2f7695941c2d2f3545.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-465e906926b7ad2f7695941c2d2f3545.yaml new file mode 100644 index 0000000000..83ea8e9ca1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-465e906926b7ad2f7695941c2d2f3545.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-465e906926b7ad2f7695941c2d2f3545 + +info: + name: > + Chained Quiz <= 1.1.8.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d553ff1-9f05-47c2-83be-66dba318e63e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-4932bcd4df2882e039a7b09a90097299.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-4932bcd4df2882e039a7b09a90097299.yaml new file mode 100644 index 0000000000..c730b3071e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-4932bcd4df2882e039a7b09a90097299.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-4932bcd4df2882e039a7b09a90097299 + +info: + name: > + Chained Quiz <= 1.3.2.2 - Reflected Cross-Site Scripting via dn + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d46edcfe-ab6b-4966-9d85-40a2e2ee3d44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-4a26e6944326e51fbc6f1bb093dd580e.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-4a26e6944326e51fbc6f1bb093dd580e.yaml new file mode 100644 index 0000000000..45bcbc0a6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-4a26e6944326e51fbc6f1bb093dd580e.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-4a26e6944326e51fbc6f1bb093dd580e + +info: + name: > + Chained Quiz < 1.2.7.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e05142e-04a3-483e-a4af-035df3609b9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-4acb85f5976a533776dda534630f7468.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-4acb85f5976a533776dda534630f7468.yaml new file mode 100644 index 0000000000..90a1f550a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-4acb85f5976a533776dda534630f7468.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-4acb85f5976a533776dda534630f7468 + +info: + name: > + Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/966a3a33-3d22-4671-8893-7a64ff838f39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-53813c475afa70818392401295ac8091.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-53813c475afa70818392401295ac8091.yaml new file mode 100644 index 0000000000..fdf3af3ed9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-53813c475afa70818392401295ac8091.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-53813c475afa70818392401295ac8091 + +info: + name: > + Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c031d2a4-d009-4422-a751-b8476e15a808?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-65db5904362ad316155a2ed2c78eb032.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-65db5904362ad316155a2ed2c78eb032.yaml new file mode 100644 index 0000000000..0dc5c73ba6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-65db5904362ad316155a2ed2c78eb032.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-65db5904362ad316155a2ed2c78eb032 + +info: + name: > + Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via date + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6bb8fea-8b2c-42da-a224-0719a584d92b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-7943d082ee4cf7c0ecdfc0080489be58.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-7943d082ee4cf7c0ecdfc0080489be58.yaml new file mode 100644 index 0000000000..718e8f1291 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-7943d082ee4cf7c0ecdfc0080489be58.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-7943d082ee4cf7c0ecdfc0080489be58 + +info: + name: > + Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via ipf + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99555021-68f4-4395-978d-ff1bbae9ebd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-95b04656752bb123878499817b8956fb.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-95b04656752bb123878499817b8956fb.yaml new file mode 100644 index 0000000000..f9bdb4122f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-95b04656752bb123878499817b8956fb.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-95b04656752bb123878499817b8956fb + +info: + name: > + Chained Quiz <= 1.3.2.3 - Reflected Cross-Site Scripting via ip + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9145ce0d-311c-4be1-be15-7e1791c17860?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-b648d871623ad477887d3a2ad417ce75.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-b648d871623ad477887d3a2ad417ce75.yaml new file mode 100644 index 0000000000..27fa62de2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-b648d871623ad477887d3a2ad417ce75.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-b648d871623ad477887d3a2ad417ce75 + +info: + name: > + Chained Quiz Plugin < 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8dc895-8caa-4a37-80f0-3a5516c25dfe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-c2f2835d90a3f3c6d22ed640d7b5a35a.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-c2f2835d90a3f3c6d22ed640d7b5a35a.yaml new file mode 100644 index 0000000000..8ffb9428e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-c2f2835d90a3f3c6d22ed640d7b5a35a.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-c2f2835d90a3f3c6d22ed640d7b5a35a + +info: + name: > + Chained Quiz <= 1.3.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68ec28e8-345c-4017-ab0d-04ac4facd60c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chained-quiz-d0976f5c2f9eb3654eb8c7ee13a935fb.yaml b/nuclei-templates/cve-less/plugins/chained-quiz-d0976f5c2f9eb3654eb8c7ee13a935fb.yaml new file mode 100644 index 0000000000..ee9c3a0b29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chained-quiz-d0976f5c2f9eb3654eb8c7ee13a935fb.yaml @@ -0,0 +1,58 @@ +id: chained-quiz-d0976f5c2f9eb3654eb8c7ee13a935fb + +info: + name: > + Chained Quiz <= 1.3.2 - Reflected Cross-Site Scripting via pointsf + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b708b72f-d906-47c9-9bf7-a9397956db3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chained-quiz/" + google-query: inurl:"/wp-content/plugins/chained-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chained-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chained-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chained-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chamber-dashboard-business-directory-285685ddf3c4cea5af33e325a30ef210.yaml b/nuclei-templates/cve-less/plugins/chamber-dashboard-business-directory-285685ddf3c4cea5af33e325a30ef210.yaml new file mode 100644 index 0000000000..8e7efdd818 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chamber-dashboard-business-directory-285685ddf3c4cea5af33e325a30ef210.yaml @@ -0,0 +1,58 @@ +id: chamber-dashboard-business-directory-285685ddf3c4cea5af33e325a30ef210 + +info: + name: > + Chamber Dashboard Business Directory < 3.3.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2ed28cd-44e6-416a-a252-8341104f5ef3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chamber-dashboard-business-directory/" + google-query: inurl:"/wp-content/plugins/chamber-dashboard-business-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chamber-dashboard-business-directory,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chamber-dashboard-business-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chamber-dashboard-business-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chameleon-6c023e252025477e682e7148561b6604.yaml b/nuclei-templates/cve-less/plugins/chameleon-6c023e252025477e682e7148561b6604.yaml new file mode 100644 index 0000000000..4b1d528329 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chameleon-6c023e252025477e682e7148561b6604.yaml @@ -0,0 +1,58 @@ +id: chameleon-6c023e252025477e682e7148561b6604 + +info: + name: > + Chameleon <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc79e104-47c0-4f4a-9a7b-dc0d6337ea05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chameleon/" + google-query: inurl:"/wp-content/plugins/chameleon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chameleon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chameleon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chameleon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chameleon-css-6e87e05f951d4532dd6f6de3b88ad77d.yaml b/nuclei-templates/cve-less/plugins/chameleon-css-6e87e05f951d4532dd6f6de3b88ad77d.yaml new file mode 100644 index 0000000000..a88139645c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chameleon-css-6e87e05f951d4532dd6f6de3b88ad77d.yaml @@ -0,0 +1,58 @@ +id: chameleon-css-6e87e05f951d4532dd6f6de3b88ad77d + +info: + name: > + Chameleon CSS <= 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0363732-0a67-4a58-9b54-6315328c70ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chameleon-css/" + google-query: inurl:"/wp-content/plugins/chameleon-css/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chameleon-css,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chameleon-css/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chameleon-css" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/change-default-login-logo-url-and-title-85ca7cedd2597831c97a27e7d00fa427.yaml b/nuclei-templates/cve-less/plugins/change-default-login-logo-url-and-title-85ca7cedd2597831c97a27e7d00fa427.yaml new file mode 100644 index 0000000000..c224efd566 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/change-default-login-logo-url-and-title-85ca7cedd2597831c97a27e7d00fa427.yaml @@ -0,0 +1,58 @@ +id: change-default-login-logo-url-and-title-85ca7cedd2597831c97a27e7d00fa427 + +info: + name: > + Change default login logo,url and title <= 2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c935ec2-c51e-4760-bccc-3a6988bd4262?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/change-default-login-logo-url-and-title/" + google-query: inurl:"/wp-content/plugins/change-default-login-logo-url-and-title/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,change-default-login-logo-url-and-title,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/change-default-login-logo-url-and-title/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "change-default-login-logo-url-and-title" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/change-memory-limit-37d8f4614be006df7ea5c5c8ccf22b6a.yaml b/nuclei-templates/cve-less/plugins/change-memory-limit-37d8f4614be006df7ea5c5c8ccf22b6a.yaml new file mode 100644 index 0000000000..9cb2d091be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/change-memory-limit-37d8f4614be006df7ea5c5c8ccf22b6a.yaml @@ -0,0 +1,58 @@ +id: change-memory-limit-37d8f4614be006df7ea5c5c8ccf22b6a + +info: + name: > + Change Memory Limit <= 1.0 - Missing Authorization via admin_logic() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/change-memory-limit/" + google-query: inurl:"/wp-content/plugins/change-memory-limit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,change-memory-limit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/change-memory-limit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "change-memory-limit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/change-table-prefix-ca722f2c2467f4f9c95321209d16faa6.yaml b/nuclei-templates/cve-less/plugins/change-table-prefix-ca722f2c2467f4f9c95321209d16faa6.yaml new file mode 100644 index 0000000000..af065baab3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/change-table-prefix-ca722f2c2467f4f9c95321209d16faa6.yaml @@ -0,0 +1,58 @@ +id: change-table-prefix-ca722f2c2467f4f9c95321209d16faa6 + +info: + name: > + Change Table Prefix <= 2.0 - Cross-Site Request Forgery via change_prefix_form + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d154587-e396-45ba-80ad-b532b612823a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/change-table-prefix/" + google-query: inurl:"/wp-content/plugins/change-table-prefix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,change-table-prefix,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/change-table-prefix/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "change-table-prefix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/change-uploaded-file-permissions-b3c283ecfc25af9f10f9c937f229f24c.yaml b/nuclei-templates/cve-less/plugins/change-uploaded-file-permissions-b3c283ecfc25af9f10f9c937f229f24c.yaml new file mode 100644 index 0000000000..1137cbd850 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/change-uploaded-file-permissions-b3c283ecfc25af9f10f9c937f229f24c.yaml @@ -0,0 +1,58 @@ +id: change-uploaded-file-permissions-b3c283ecfc25af9f10f9c937f229f24c + +info: + name: > + Change Uploaded File Permissions <= 4.0.0 - Cross-Site Request Forgery to Options Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7a61446-a5ef-44e4-bd64-9c2e844953fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/change-uploaded-file-permissions/" + google-query: inurl:"/wp-content/plugins/change-uploaded-file-permissions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,change-uploaded-file-permissions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/change-uploaded-file-permissions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "change-uploaded-file-permissions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/change-woocommerce-add-to-cart-button-text-a483253d605901e000058299d42af1c9.yaml b/nuclei-templates/cve-less/plugins/change-woocommerce-add-to-cart-button-text-a483253d605901e000058299d42af1c9.yaml new file mode 100644 index 0000000000..e12c890336 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/change-woocommerce-add-to-cart-button-text-a483253d605901e000058299d42af1c9.yaml @@ -0,0 +1,58 @@ +id: change-woocommerce-add-to-cart-button-text-a483253d605901e000058299d42af1c9 + +info: + name: > + Change WooCommerce Add To Cart Button Text <= 1.3 - Missing Authorization via rexvs_settings_submit + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d47f5d90-dc7d-4500-a6e6-e585e4a5c11b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/change-woocommerce-add-to-cart-button-text/" + google-query: inurl:"/wp-content/plugins/change-woocommerce-add-to-cart-button-text/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,change-woocommerce-add-to-cart-button-text,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/change-woocommerce-add-to-cart-button-text/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "change-woocommerce-add-to-cart-button-text" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/change-wp-admin-login-4490549b2215d97aa7dcad6a865e6752.yaml b/nuclei-templates/cve-less/plugins/change-wp-admin-login-4490549b2215d97aa7dcad6a865e6752.yaml new file mode 100644 index 0000000000..7d52ce310e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/change-wp-admin-login-4490549b2215d97aa7dcad6a865e6752.yaml @@ -0,0 +1,58 @@ +id: change-wp-admin-login-4490549b2215d97aa7dcad6a865e6752 + +info: + name: > + Change WP Admin Login <= 1.0.9 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/616c8ab8-3200-41fb-9d31-5d36873742cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/change-wp-admin-login/" + google-query: inurl:"/wp-content/plugins/change-wp-admin-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,change-wp-admin-login,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/change-wp-admin-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "change-wp-admin-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/change-wp-admin-login-5385baa6493f36fd557c3aebaffd13c8.yaml b/nuclei-templates/cve-less/plugins/change-wp-admin-login-5385baa6493f36fd557c3aebaffd13c8.yaml new file mode 100644 index 0000000000..802d38d745 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/change-wp-admin-login-5385baa6493f36fd557c3aebaffd13c8.yaml @@ -0,0 +1,58 @@ +id: change-wp-admin-login-5385baa6493f36fd557c3aebaffd13c8 + +info: + name: > + Change WP Admin Login <= 1.1.3 - Protection Mechanism Failure to Login Page Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9410b5b8-1bb2-42d7-8d4d-721131d392e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/change-wp-admin-login/" + google-query: inurl:"/wp-content/plugins/change-wp-admin-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,change-wp-admin-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/change-wp-admin-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "change-wp-admin-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/charitable-2242cb39ce05f115de2cf4c2d7f707ea.yaml b/nuclei-templates/cve-less/plugins/charitable-2242cb39ce05f115de2cf4c2d7f707ea.yaml new file mode 100644 index 0000000000..1a35542918 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/charitable-2242cb39ce05f115de2cf4c2d7f707ea.yaml @@ -0,0 +1,58 @@ +id: charitable-2242cb39ce05f115de2cf4c2d7f707ea + +info: + name: > + Donation Forms by Charitable <= 1.7.0.12 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/522ecc1c-5834-4325-9234-79cf712213f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/charitable/" + google-query: inurl:"/wp-content/plugins/charitable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,charitable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/charitable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "charitable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/charitable-3ebd40bb61580d15dfcd12d2fb7e83aa.yaml b/nuclei-templates/cve-less/plugins/charitable-3ebd40bb61580d15dfcd12d2fb7e83aa.yaml new file mode 100644 index 0000000000..4da922ce96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/charitable-3ebd40bb61580d15dfcd12d2fb7e83aa.yaml @@ -0,0 +1,58 @@ +id: charitable-3ebd40bb61580d15dfcd12d2fb7e83aa + +info: + name: > + Charitable <= 1.7.0.13 - Authenticated(Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbaedb36-6710-48ab-8bb5-e6065fa8df51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/charitable/" + google-query: inurl:"/wp-content/plugins/charitable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,charitable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/charitable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "charitable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/charitable-6af09e3fae008ebc46d2a7e390514583.yaml b/nuclei-templates/cve-less/plugins/charitable-6af09e3fae008ebc46d2a7e390514583.yaml new file mode 100644 index 0000000000..38170ae59e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/charitable-6af09e3fae008ebc46d2a7e390514583.yaml @@ -0,0 +1,58 @@ +id: charitable-6af09e3fae008ebc46d2a7e390514583 + +info: + name: > + Charitable <= 1.7.0.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b3b9576-7c7d-4665-92d5-03aa292cdbbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/charitable/" + google-query: inurl:"/wp-content/plugins/charitable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,charitable,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/charitable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "charitable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/charitable-8a3943e3e4b63a520dbb0168b24f856a.yaml b/nuclei-templates/cve-less/plugins/charitable-8a3943e3e4b63a520dbb0168b24f856a.yaml new file mode 100644 index 0000000000..9be1e9c6ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/charitable-8a3943e3e4b63a520dbb0168b24f856a.yaml @@ -0,0 +1,58 @@ +id: charitable-8a3943e3e4b63a520dbb0168b24f856a + +info: + name: > + Charitable – Donation Plugin <= 1.6.50 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23a01c60-d843-4fc5-a5fa-677f452008b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/charitable/" + google-query: inurl:"/wp-content/plugins/charitable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,charitable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/charitable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "charitable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/charitable-f4e452921028a365c12034905b529473.yaml b/nuclei-templates/cve-less/plugins/charitable-f4e452921028a365c12034905b529473.yaml new file mode 100644 index 0000000000..d456ea1107 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/charitable-f4e452921028a365c12034905b529473.yaml @@ -0,0 +1,58 @@ +id: charitable-f4e452921028a365c12034905b529473 + +info: + name: > + Charitable <= 1.5.13 - Unauthorized Access to Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5be1b4b2-4b33-45d7-82fd-b4d51e16535c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/charitable/" + google-query: inurl:"/wp-content/plugins/charitable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,charitable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/charitable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "charitable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chart-builder-9c920cf674baacb0579f3b1f4946e20e.yaml b/nuclei-templates/cve-less/plugins/chart-builder-9c920cf674baacb0579f3b1f4946e20e.yaml new file mode 100644 index 0000000000..c97068ec6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chart-builder-9c920cf674baacb0579f3b1f4946e20e.yaml @@ -0,0 +1,58 @@ +id: chart-builder-9c920cf674baacb0579f3b1f4946e20e + +info: + name: > + Chartify <= 2.0.6 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49d0315e-fcb2-4232-8797-0421cf5d3cd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chart-builder/" + google-query: inurl:"/wp-content/plugins/chart-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chart-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chart-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chart-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chat-bee-66589665af0b647ad01185928e32cee5.yaml b/nuclei-templates/cve-less/plugins/chat-bee-66589665af0b647ad01185928e32cee5.yaml new file mode 100644 index 0000000000..42b34f39a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chat-bee-66589665af0b647ad01185928e32cee5.yaml @@ -0,0 +1,58 @@ +id: chat-bee-66589665af0b647ad01185928e32cee5 + +info: + name: > + Chat Bee <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bf4ffaa-5192-4fb6-95d0-d19c4fe45b93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chat-bee/" + google-query: inurl:"/wp-content/plugins/chat-bee/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chat-bee,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chat-bee/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chat-bee" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chat-bubble-036e41317f960475dab82c492d364c11.yaml b/nuclei-templates/cve-less/plugins/chat-bubble-036e41317f960475dab82c492d364c11.yaml new file mode 100644 index 0000000000..d488cf4ec0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chat-bubble-036e41317f960475dab82c492d364c11.yaml @@ -0,0 +1,58 @@ +id: chat-bubble-036e41317f960475dab82c492d364c11 + +info: + name: > + Chat Bubble <= 2.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61584724-fa1d-4823-af3d-d44501dc1f60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chat-bubble/" + google-query: inurl:"/wp-content/plugins/chat-bubble/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chat-bubble,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chat-bubble/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chat-bubble" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chat-bubble-9273f5ba0fae5fff2a4a50e2ed96c406.yaml b/nuclei-templates/cve-less/plugins/chat-bubble-9273f5ba0fae5fff2a4a50e2ed96c406.yaml new file mode 100644 index 0000000000..4a6dcd923e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chat-bubble-9273f5ba0fae5fff2a4a50e2ed96c406.yaml @@ -0,0 +1,58 @@ +id: chat-bubble-9273f5ba0fae5fff2a4a50e2ed96c406 + +info: + name: > + Chat Bubble <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chat-bubble/" + google-query: inurl:"/wp-content/plugins/chat-bubble/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chat-bubble,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chat-bubble/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chat-bubble" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chat-bubble-f0274c328c4fa319248646b0f1fefd1a.yaml b/nuclei-templates/cve-less/plugins/chat-bubble-f0274c328c4fa319248646b0f1fefd1a.yaml new file mode 100644 index 0000000000..dfa116b605 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chat-bubble-f0274c328c4fa319248646b0f1fefd1a.yaml @@ -0,0 +1,58 @@ +id: chat-bubble-f0274c328c4fa319248646b0f1fefd1a + +info: + name: > + Chat Bubble <= 2.3 - Cross-Site Request Forgery via cbb_submit_settings_data + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/206261fa-58b6-4407-b8e1-2315836b6c88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chat-bubble/" + google-query: inurl:"/wp-content/plugins/chat-bubble/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chat-bubble,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chat-bubble/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chat-bubble" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chat-help-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/chat-help-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..718e8902f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chat-help-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: chat-help-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chat-help/" + google-query: inurl:"/wp-content/plugins/chat-help/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chat-help,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chat-help/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chat-help" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-196434d911f0f2030523284b9ab4ed7d.yaml b/nuclei-templates/cve-less/plugins/chatbot-196434d911f0f2030523284b9ab4ed7d.yaml new file mode 100644 index 0000000000..57212ef9a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-196434d911f0f2030523284b9ab4ed7d.yaml @@ -0,0 +1,58 @@ +id: chatbot-196434d911f0f2030523284b9ab4ed7d + +info: + name: > + AI ChatBot <= 4.8.9 and 4.9.2 - Missing Authorization on AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9db002f-ff41-493a-87b1-5f0b4b07cfc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-2b374eb61066305fce645375b473ec81.yaml b/nuclei-templates/cve-less/plugins/chatbot-2b374eb61066305fce645375b473ec81.yaml new file mode 100644 index 0000000000..a042dd72d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-2b374eb61066305fce645375b473ec81.yaml @@ -0,0 +1,58 @@ +id: chatbot-2b374eb61066305fce645375b473ec81 + +info: + name: > + ChatBot <= 4.2.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Settings Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04a79a78-a6d3-40ef-9b26-8e2e00534b7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-43f628ea46bf1b19a83b42111a34194e.yaml b/nuclei-templates/cve-less/plugins/chatbot-43f628ea46bf1b19a83b42111a34194e.yaml new file mode 100644 index 0000000000..8835455544 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-43f628ea46bf1b19a83b42111a34194e.yaml @@ -0,0 +1,58 @@ +id: chatbot-43f628ea46bf1b19a83b42111a34194e + +info: + name: > + AI ChatBot <= 4.8.9 - Unauthenticated SQL Injection via qc_wpbo_search_response + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ad12146-200b-48e5-82de-7572541edcc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-45a7d47baac99a733e5ee7898a52f7c4.yaml b/nuclei-templates/cve-less/plugins/chatbot-45a7d47baac99a733e5ee7898a52f7c4.yaml new file mode 100644 index 0000000000..d6ef318722 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-45a7d47baac99a733e5ee7898a52f7c4.yaml @@ -0,0 +1,58 @@ +id: chatbot-45a7d47baac99a733e5ee7898a52f7c4 + +info: + name: > + ChatBot <= 4.4.4 - Unauthenticated Stored Cross-Site Scripting via Cross-Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56fad8de-6646-4305-83a9-0ed443c3aa7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-4b541be8b8519e80f2cec24d1b2f8ef6.yaml b/nuclei-templates/cve-less/plugins/chatbot-4b541be8b8519e80f2cec24d1b2f8ef6.yaml new file mode 100644 index 0000000000..7eaa9db7ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-4b541be8b8519e80f2cec24d1b2f8ef6.yaml @@ -0,0 +1,58 @@ +id: chatbot-4b541be8b8519e80f2cec24d1b2f8ef6 + +info: + name: > + ChatBot <= 5.1.0 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75432cfd-7c0d-4d93-9b62-cac0fd9b49d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-584e49f9f9bb47c562f3e0a8463d6240.yaml b/nuclei-templates/cve-less/plugins/chatbot-584e49f9f9bb47c562f3e0a8463d6240.yaml new file mode 100644 index 0000000000..5521356223 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-584e49f9f9bb47c562f3e0a8463d6240.yaml @@ -0,0 +1,58 @@ +id: chatbot-584e49f9f9bb47c562f3e0a8463d6240 + +info: + name: > + ChatBot 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in Language Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f5f8bd5-435a-4a53-8fa2-55674f39b78b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-5d770457008ba85c2ccd6a7b3ee7247f.yaml b/nuclei-templates/cve-less/plugins/chatbot-5d770457008ba85c2ccd6a7b3ee7247f.yaml new file mode 100644 index 0000000000..77d1766c7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-5d770457008ba85c2ccd6a7b3ee7247f.yaml @@ -0,0 +1,58 @@ +id: chatbot-5d770457008ba85c2ccd6a7b3ee7247f + +info: + name: > + AI ChatBot <= 4.8.9 and 4.9.2- Authenticated (Subscriber+) Arbitrary File Deletion via qcld_openai_delete_training_file + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3f4ccb-fcc6-42ec-8e9e-03d69ae7acf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-5eba30f00f0fc37dca7e730267948bfb.yaml b/nuclei-templates/cve-less/plugins/chatbot-5eba30f00f0fc37dca7e730267948bfb.yaml new file mode 100644 index 0000000000..7277587341 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-5eba30f00f0fc37dca7e730267948bfb.yaml @@ -0,0 +1,58 @@ +id: chatbot-5eba30f00f0fc37dca7e730267948bfb + +info: + name: > + AI ChatBot <= 4.8.9 and 4.9.2 - Cross-Site Request Forgery on AJAX actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/846bd929-45cd-4e91-b232-ae16dd2b12a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-5ef5a5a8c6cb4692922673fc79eb4970.yaml b/nuclei-templates/cve-less/plugins/chatbot-5ef5a5a8c6cb4692922673fc79eb4970.yaml new file mode 100644 index 0000000000..bdc603bdc3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-5ef5a5a8c6cb4692922673fc79eb4970.yaml @@ -0,0 +1,58 @@ +id: chatbot-5ef5a5a8c6cb4692922673fc79eb4970 + +info: + name: > + ChatBot <= 4.4.8 - Unauthenticated Stored Cross-Site Scripting in Admin Dashboard + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4feb8e8-8620-44b9-9e8d-7ea513e168ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-67e61488b97755fd204f3e38d91bbcf2.yaml b/nuclei-templates/cve-less/plugins/chatbot-67e61488b97755fd204f3e38d91bbcf2.yaml new file mode 100644 index 0000000000..fb64311214 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-67e61488b97755fd204f3e38d91bbcf2.yaml @@ -0,0 +1,58 @@ +id: chatbot-67e61488b97755fd204f3e38d91bbcf2 + +info: + name: > + ChatBot <= 4.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cc50245-365a-419d-a85c-fbd658d004ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-711d5e4371b5307e83aafa75e094a16d.yaml b/nuclei-templates/cve-less/plugins/chatbot-711d5e4371b5307e83aafa75e094a16d.yaml new file mode 100644 index 0000000000..df5027b437 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-711d5e4371b5307e83aafa75e094a16d.yaml @@ -0,0 +1,58 @@ +id: chatbot-711d5e4371b5307e83aafa75e094a16d + +info: + name: > + AI ChatBot <= 4.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb3fbaa-4d33-4754-848b-77e902ea4a85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-94f813d00f5c832ee527c5c3251318bb.yaml b/nuclei-templates/cve-less/plugins/chatbot-94f813d00f5c832ee527c5c3251318bb.yaml new file mode 100644 index 0000000000..8686c246a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-94f813d00f5c832ee527c5c3251318bb.yaml @@ -0,0 +1,58 @@ +id: chatbot-94f813d00f5c832ee527c5c3251318bb + +info: + name: > + ChatBot <= 4.7.8 - Cross-Site Request Forgery via qc_wp_latest_update_check + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be9522c8-3561-48fe-89ef-62e0fcb085b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-96bcbe0539bed3ce58849487848c2a2e.yaml b/nuclei-templates/cve-less/plugins/chatbot-96bcbe0539bed3ce58849487848c2a2e.yaml new file mode 100644 index 0000000000..b10263d091 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-96bcbe0539bed3ce58849487848c2a2e.yaml @@ -0,0 +1,58 @@ +id: chatbot-96bcbe0539bed3ce58849487848c2a2e + +info: + name: > + AI ChatBot <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c40752df-1337-475b-8b5e-0d171946bfe9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-9f74a97e65247db4961da7465a48826a.yaml b/nuclei-templates/cve-less/plugins/chatbot-9f74a97e65247db4961da7465a48826a.yaml new file mode 100644 index 0000000000..080be2c0a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-9f74a97e65247db4961da7465a48826a.yaml @@ -0,0 +1,58 @@ +id: chatbot-9f74a97e65247db4961da7465a48826a + +info: + name: > + ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db1bb11d-4752-42d0-b538-2d2a4c827226?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-a8d129ffa611a0e2860f9a0cb3ae87ba.yaml b/nuclei-templates/cve-less/plugins/chatbot-a8d129ffa611a0e2860f9a0cb3ae87ba.yaml new file mode 100644 index 0000000000..0c0f4787bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-a8d129ffa611a0e2860f9a0cb3ae87ba.yaml @@ -0,0 +1,58 @@ +id: chatbot-a8d129ffa611a0e2860f9a0cb3ae87ba + +info: + name: > + AI ChatBot <= 4.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ed1c2a2-54ee-4dc8-a54d-01d7a6dbc22e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-b0f34e3010de519cd369f7b9dbab99cd.yaml b/nuclei-templates/cve-less/plugins/chatbot-b0f34e3010de519cd369f7b9dbab99cd.yaml new file mode 100644 index 0000000000..f0dd998f1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-b0f34e3010de519cd369f7b9dbab99cd.yaml @@ -0,0 +1,58 @@ +id: chatbot-b0f34e3010de519cd369f7b9dbab99cd + +info: + name: > + ChatBot <= 4.4.6 - Unauthenticated PHP Object Injection via Cookies + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/364fe5b3-561e-4005-a589-c7c2b9e85b99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-c8b00e3a8ae7ee111daecc90a5a50970.yaml b/nuclei-templates/cve-less/plugins/chatbot-c8b00e3a8ae7ee111daecc90a5a50970.yaml new file mode 100644 index 0000000000..a4596d48a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-c8b00e3a8ae7ee111daecc90a5a50970.yaml @@ -0,0 +1,58 @@ +id: chatbot-c8b00e3a8ae7ee111daecc90a5a50970 + +info: + name: > + AI ChatBot <= 4.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9df97805-b425-49b1-86c1-e66213dacd2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-chatgpt-916951fd750c41452dbc03c332006408.yaml b/nuclei-templates/cve-less/plugins/chatbot-chatgpt-916951fd750c41452dbc03c332006408.yaml new file mode 100644 index 0000000000..e322d1ea46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-chatgpt-916951fd750c41452dbc03c332006408.yaml @@ -0,0 +1,58 @@ +id: chatbot-chatgpt-916951fd750c41452dbc03c332006408 + +info: + name: > + Kognetiks Chatbot for WordPress <= 1.9.9 - Unauthenticated Arbitrary File Upload via chatbot_chatgpt_upload_file_to_assistant Function + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc33a05-d462-492e-9ea5-cf37b887cc94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot-chatgpt/" + google-query: inurl:"/wp-content/plugins/chatbot-chatgpt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot-chatgpt,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot-chatgpt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot-chatgpt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-d3213062fc9b1a2c7b785c61361d34fc.yaml b/nuclei-templates/cve-less/plugins/chatbot-d3213062fc9b1a2c7b785c61361d34fc.yaml new file mode 100644 index 0000000000..8eb2e34e52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-d3213062fc9b1a2c7b785c61361d34fc.yaml @@ -0,0 +1,58 @@ +id: chatbot-d3213062fc9b1a2c7b785c61361d34fc + +info: + name: > + AI ChatBot <= 4.8.9 and 4.9.2 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Write via qcld_openai_upload_pagetraining_file + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25199281-5286-4d75-8d27-26ce215e0993?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-dacff2143dd0506c8bdad1a273f67459.yaml b/nuclei-templates/cve-less/plugins/chatbot-dacff2143dd0506c8bdad1a273f67459.yaml new file mode 100644 index 0000000000..6917d35c96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-dacff2143dd0506c8bdad1a273f67459.yaml @@ -0,0 +1,58 @@ +id: chatbot-dacff2143dd0506c8bdad1a273f67459 + +info: + name: > + ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc305c48-8337-42b7-ad61-61aea8018def?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.8.6', '<= 4.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-e91e697ef1f971cda16c40acfd5a2dfb.yaml b/nuclei-templates/cve-less/plugins/chatbot-e91e697ef1f971cda16c40acfd5a2dfb.yaml new file mode 100644 index 0000000000..c02030d3ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-e91e697ef1f971cda16c40acfd5a2dfb.yaml @@ -0,0 +1,58 @@ +id: chatbot-e91e697ef1f971cda16c40acfd5a2dfb + +info: + name: > + ChatBot <= 4.3.0 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ed8f004-f68d-40fb-bca1-b0b92cf24fdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-f715c92150b63b8634910eb743badf7e.yaml b/nuclei-templates/cve-less/plugins/chatbot-f715c92150b63b8634910eb743badf7e.yaml new file mode 100644 index 0000000000..26e3556272 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-f715c92150b63b8634910eb743badf7e.yaml @@ -0,0 +1,58 @@ +id: chatbot-f715c92150b63b8634910eb743badf7e + +info: + name: > + ChatBot <= 4.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via openai_settings_option_callback + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d69cfed9-7369-40f3-b9a7-0cf2430e8eed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chatbot-fb85a7124dad283264113a73b1162be4.yaml b/nuclei-templates/cve-less/plugins/chatbot-fb85a7124dad283264113a73b1162be4.yaml new file mode 100644 index 0000000000..e40c8fa661 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chatbot-fb85a7124dad283264113a73b1162be4.yaml @@ -0,0 +1,58 @@ +id: chatbot-fb85a7124dad283264113a73b1162be4 + +info: + name: > + AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d897daf8-5320-4546-9a63-1d34a15b2a58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chatbot/" + google-query: inurl:"/wp-content/plugins/chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chatbot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chaty-07056c447bdab5ad6a1bdd36170bd91a.yaml b/nuclei-templates/cve-less/plugins/chaty-07056c447bdab5ad6a1bdd36170bd91a.yaml new file mode 100644 index 0000000000..cb653810da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chaty-07056c447bdab5ad6a1bdd36170bd91a.yaml @@ -0,0 +1,58 @@ +id: chaty-07056c447bdab5ad6a1bdd36170bd91a + +info: + name: > + Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button – Chaty <= 2.8.3 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15705cf2-f396-4b19-b58a-144b000f61e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chaty/" + google-query: inurl:"/wp-content/plugins/chaty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chaty,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chaty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chaty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chaty-1afdb113a8eb638275401757c0567e46.yaml b/nuclei-templates/cve-less/plugins/chaty-1afdb113a8eb638275401757c0567e46.yaml new file mode 100644 index 0000000000..c26e9768e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chaty-1afdb113a8eb638275401757c0567e46.yaml @@ -0,0 +1,58 @@ +id: chaty-1afdb113a8eb638275401757c0567e46 + +info: + name: > + Floating Chat Widget <= 3.1.8 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a18baa1d-2400-496d-8e8b-1c3983484706?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chaty/" + google-query: inurl:"/wp-content/plugins/chaty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chaty,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chaty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chaty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chaty-63f126067f4ae4bb5668663357185275.yaml b/nuclei-templates/cve-less/plugins/chaty-63f126067f4ae4bb5668663357185275.yaml new file mode 100644 index 0000000000..c0a4286b96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chaty-63f126067f4ae4bb5668663357185275.yaml @@ -0,0 +1,58 @@ +id: chaty-63f126067f4ae4bb5668663357185275 + +info: + name: > + Chaty <= 3.0.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36741b46-57ac-402e-bfb1-8424c7e70598?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chaty/" + google-query: inurl:"/wp-content/plugins/chaty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chaty,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chaty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chaty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chaty-6fb60bc9485708489fdd72c16e1fb82c.yaml b/nuclei-templates/cve-less/plugins/chaty-6fb60bc9485708489fdd72c16e1fb82c.yaml new file mode 100644 index 0000000000..49cdd67376 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chaty-6fb60bc9485708489fdd72c16e1fb82c.yaml @@ -0,0 +1,58 @@ +id: chaty-6fb60bc9485708489fdd72c16e1fb82c + +info: + name: > + Chaty <= 3.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/361deac0-f675-432c-b7d2-b99f168d476d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chaty/" + google-query: inurl:"/wp-content/plugins/chaty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chaty,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chaty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chaty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chaty-6ffb854c265938eec5a761ac2ea74cda.yaml b/nuclei-templates/cve-less/plugins/chaty-6ffb854c265938eec5a761ac2ea74cda.yaml new file mode 100644 index 0000000000..725546c073 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chaty-6ffb854c265938eec5a761ac2ea74cda.yaml @@ -0,0 +1,58 @@ +id: chaty-6ffb854c265938eec5a761ac2ea74cda + +info: + name: > + Floating Chat Widget - Chaty <= 3.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a158653-f80c-48a3-840e-20ee7e85925a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chaty/" + google-query: inurl:"/wp-content/plugins/chaty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chaty,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chaty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chaty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chaty-a21592f489772d448729c01eea1a3d4d.yaml b/nuclei-templates/cve-less/plugins/chaty-a21592f489772d448729c01eea1a3d4d.yaml new file mode 100644 index 0000000000..6e6ccc80d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chaty-a21592f489772d448729c01eea1a3d4d.yaml @@ -0,0 +1,58 @@ +id: chaty-a21592f489772d448729c01eea1a3d4d + +info: + name: > + Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button - Chaty <= 2.8.2 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0716471e-388c-43e5-abc3-84c78569e61a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chaty/" + google-query: inurl:"/wp-content/plugins/chaty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chaty,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chaty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chaty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chaty-d2f186fae58d1b5afd77fc5306fc26bf.yaml b/nuclei-templates/cve-less/plugins/chaty-d2f186fae58d1b5afd77fc5306fc26bf.yaml new file mode 100644 index 0000000000..79a7a95b93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chaty-d2f186fae58d1b5afd77fc5306fc26bf.yaml @@ -0,0 +1,58 @@ +id: chaty-d2f186fae58d1b5afd77fc5306fc26bf + +info: + name: > + Floating Chat Widget - Chaty <= 3.0.2 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04a937d0-9844-49d1-bcb5-0ee6026c3947?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chaty/" + google-query: inurl:"/wp-content/plugins/chaty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chaty,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chaty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chaty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chauffeur-booking-system-b40844c1e763e67ca14e58da5d8219ab.yaml b/nuclei-templates/cve-less/plugins/chauffeur-booking-system-b40844c1e763e67ca14e58da5d8219ab.yaml new file mode 100644 index 0000000000..f9d59ebd07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chauffeur-booking-system-b40844c1e763e67ca14e58da5d8219ab.yaml @@ -0,0 +1,58 @@ +id: chauffeur-booking-system-b40844c1e763e67ca14e58da5d8219ab + +info: + name: > + Chauffeur Taxi Booking System for WordPress <= 6.9 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4143febf-92b3-42e7-9499-9ea83d7727d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chauffeur-booking-system/" + google-query: inurl:"/wp-content/plugins/chauffeur-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chauffeur-booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chauffeur-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chauffeur-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/check-email-212007d229cb11caf3b5098b0d076057.yaml b/nuclei-templates/cve-less/plugins/check-email-212007d229cb11caf3b5098b0d076057.yaml new file mode 100644 index 0000000000..2fe8dc73d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/check-email-212007d229cb11caf3b5098b0d076057.yaml @@ -0,0 +1,58 @@ +id: check-email-212007d229cb11caf3b5098b0d076057 + +info: + name: > + Check & Log Email <= 1.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa4bf7dc-07be-4397-957c-ef0c1d61b40a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/check-email/" + google-query: inurl:"/wp-content/plugins/check-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,check-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/check-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "check-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/check-email-57441a6bd13b11b69e9f1629f83e2faa.yaml b/nuclei-templates/cve-less/plugins/check-email-57441a6bd13b11b69e9f1629f83e2faa.yaml new file mode 100644 index 0000000000..082b0bad24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/check-email-57441a6bd13b11b69e9f1629f83e2faa.yaml @@ -0,0 +1,58 @@ +id: check-email-57441a6bd13b11b69e9f1629f83e2faa + +info: + name: > + Check & Log email <= 1.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9680fed3-e8fe-4845-9807-f139f9e22e79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/check-email/" + google-query: inurl:"/wp-content/plugins/check-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,check-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/check-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "check-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/check-email-88a3c1a86120c49f8c7acdd40fc0ba9b.yaml b/nuclei-templates/cve-less/plugins/check-email-88a3c1a86120c49f8c7acdd40fc0ba9b.yaml new file mode 100644 index 0000000000..7996a92a02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/check-email-88a3c1a86120c49f8c7acdd40fc0ba9b.yaml @@ -0,0 +1,58 @@ +id: check-email-88a3c1a86120c49f8c7acdd40fc0ba9b + +info: + name: > + Check & Log Email <= 1.0.2 - Admin+ SQL Injection via Order and OrderBy parameters + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67aee1ec-44af-4904-8a9b-ecfbb8d3b302?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/check-email/" + google-query: inurl:"/wp-content/plugins/check-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,check-email,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/check-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "check-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/check-email-a582597ac626e8033a80d456beb664e8.yaml b/nuclei-templates/cve-less/plugins/check-email-a582597ac626e8033a80d456beb664e8.yaml new file mode 100644 index 0000000000..6207762f07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/check-email-a582597ac626e8033a80d456beb664e8.yaml @@ -0,0 +1,58 @@ +id: check-email-a582597ac626e8033a80d456beb664e8 + +info: + name: > + Check & Log Email <= 0.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33153ebe-65fc-4db8-84fe-df22554be3ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/check-email/" + google-query: inurl:"/wp-content/plugins/check-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,check-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/check-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "check-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/check-email-d739207b5203bbaf9071af23095dbb99.yaml b/nuclei-templates/cve-less/plugins/check-email-d739207b5203bbaf9071af23095dbb99.yaml new file mode 100644 index 0000000000..d93bc56a88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/check-email-d739207b5203bbaf9071af23095dbb99.yaml @@ -0,0 +1,58 @@ +id: check-email-d739207b5203bbaf9071af23095dbb99 + +info: + name: > + Check & Log Email <= 1.0.9 - Unauthenticated Hook Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/check-email/" + google-query: inurl:"/wp-content/plugins/check-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,check-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/check-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "check-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/checkfront-wp-booking-a9bc73625028a7b9d27c51cb883237c9.yaml b/nuclei-templates/cve-less/plugins/checkfront-wp-booking-a9bc73625028a7b9d27c51cb883237c9.yaml new file mode 100644 index 0000000000..09cb26d27d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/checkfront-wp-booking-a9bc73625028a7b9d27c51cb883237c9.yaml @@ -0,0 +1,58 @@ +id: checkfront-wp-booking-a9bc73625028a7b9d27c51cb883237c9 + +info: + name: > + Checkfront Online Booking System <= 3.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc5a8506-b191-4ab3-9c59-4f1150be6a38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/checkfront-wp-booking/" + google-query: inurl:"/wp-content/plugins/checkfront-wp-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,checkfront-wp-booking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/checkfront-wp-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "checkfront-wp-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/checklist-d4f973711f83e484b1ab150d8a07fcda.yaml b/nuclei-templates/cve-less/plugins/checklist-d4f973711f83e484b1ab150d8a07fcda.yaml new file mode 100644 index 0000000000..844f6f17f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/checklist-d4f973711f83e484b1ab150d8a07fcda.yaml @@ -0,0 +1,58 @@ +id: checklist-d4f973711f83e484b1ab150d8a07fcda + +info: + name: > + Checklist <= 1.1.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48b31324-c6a3-4550-939e-06f7b3c7067a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/checklist/" + google-query: inurl:"/wp-content/plugins/checklist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,checklist,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/checklist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "checklist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/checkout-fees-for-woocommerce-d46c47231d5f7c1d21cefa0fd0efa427.yaml b/nuclei-templates/cve-less/plugins/checkout-fees-for-woocommerce-d46c47231d5f7c1d21cefa0fd0efa427.yaml new file mode 100644 index 0000000000..7ea6bd455c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/checkout-fees-for-woocommerce-d46c47231d5f7c1d21cefa0fd0efa427.yaml @@ -0,0 +1,58 @@ +id: checkout-fees-for-woocommerce-d46c47231d5f7c1d21cefa0fd0efa427 + +info: + name: > + Payment Gateway Based Fees and Discounts for WooCommerce <= 2.12.1 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbfe3f7d-d653-421b-a054-a4ab266866c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/checkout-fees-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/checkout-fees-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,checkout-fees-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/checkout-fees-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "checkout-fees-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/checkout-files-upload-woocommerce-d9b04ea1292b41be830780f6e6d01550.yaml b/nuclei-templates/cve-less/plugins/checkout-files-upload-woocommerce-d9b04ea1292b41be830780f6e6d01550.yaml new file mode 100644 index 0000000000..1738686011 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/checkout-files-upload-woocommerce-d9b04ea1292b41be830780f6e6d01550.yaml @@ -0,0 +1,58 @@ +id: checkout-files-upload-woocommerce-d9b04ea1292b41be830780f6e6d01550 + +info: + name: > + Checkout Files Upload for WooCommerce <= 2.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f7c1848-d49f-4f34-8869-3ddbdccdc38f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/checkout-files-upload-woocommerce/" + google-query: inurl:"/wp-content/plugins/checkout-files-upload-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,checkout-files-upload-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/checkout-files-upload-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "checkout-files-upload-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/checkout-for-paypal-8648ead24f8ede303ab8621f146c3147.yaml b/nuclei-templates/cve-less/plugins/checkout-for-paypal-8648ead24f8ede303ab8621f146c3147.yaml new file mode 100644 index 0000000000..acf4b683ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/checkout-for-paypal-8648ead24f8ede303ab8621f146c3147.yaml @@ -0,0 +1,58 @@ +id: checkout-for-paypal-8648ead24f8ede303ab8621f146c3147 + +info: + name: > + Checkout for PayPal <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9e998fd-aae7-4e1e-8134-a28670a4704b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/checkout-for-paypal/" + google-query: inurl:"/wp-content/plugins/checkout-for-paypal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,checkout-for-paypal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/checkout-for-paypal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "checkout-for-paypal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/checkout-mestres-wp-1e6a2a2317e6c0646d9912b475c2283c.yaml b/nuclei-templates/cve-less/plugins/checkout-mestres-wp-1e6a2a2317e6c0646d9912b475c2283c.yaml new file mode 100644 index 0000000000..afaabefdf0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/checkout-mestres-wp-1e6a2a2317e6c0646d9912b475c2283c.yaml @@ -0,0 +1,58 @@ +id: checkout-mestres-wp-1e6a2a2317e6c0646d9912b475c2283c + +info: + name: > + Checkout Mestres WP <= 7.1.9.6 - Missing Authorization to Unauthenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a52bf70-667b-400f-8912-75fae20a3f5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/checkout-mestres-wp/" + google-query: inurl:"/wp-content/plugins/checkout-mestres-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,checkout-mestres-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/checkout-mestres-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "checkout-mestres-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/checkout-mestres-wp-d54d63e5f680e91069c2712ba5d24580.yaml b/nuclei-templates/cve-less/plugins/checkout-mestres-wp-d54d63e5f680e91069c2712ba5d24580.yaml new file mode 100644 index 0000000000..968989a9f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/checkout-mestres-wp-d54d63e5f680e91069c2712ba5d24580.yaml @@ -0,0 +1,58 @@ +id: checkout-mestres-wp-d54d63e5f680e91069c2712ba5d24580 + +info: + name: > + Checkout Mestres WP <= 7.1.9.6 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e068573d-bc3e-48de-b4e7-6a0666086ac3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/checkout-mestres-wp/" + google-query: inurl:"/wp-content/plugins/checkout-mestres-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,checkout-mestres-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/checkout-mestres-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "checkout-mestres-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/checkout-mestres-wp-e80edd6c2880294918a0f04214b9aef1.yaml b/nuclei-templates/cve-less/plugins/checkout-mestres-wp-e80edd6c2880294918a0f04214b9aef1.yaml new file mode 100644 index 0000000000..6557e008b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/checkout-mestres-wp-e80edd6c2880294918a0f04214b9aef1.yaml @@ -0,0 +1,58 @@ +id: checkout-mestres-wp-e80edd6c2880294918a0f04214b9aef1 + +info: + name: > + Checkout Mestres WP <= 7.1.9.6 - Authentication Bypass via Password Reset + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ad16d1e-e778-4cb4-a15d-ddb906f27762?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/checkout-mestres-wp/" + google-query: inurl:"/wp-content/plugins/checkout-mestres-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,checkout-mestres-wp,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/checkout-mestres-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "checkout-mestres-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/checkout-plugins-stripe-woo-15e030858694c0a02fa97544922bfe88.yaml b/nuclei-templates/cve-less/plugins/checkout-plugins-stripe-woo-15e030858694c0a02fa97544922bfe88.yaml new file mode 100644 index 0000000000..9ac8960732 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/checkout-plugins-stripe-woo-15e030858694c0a02fa97544922bfe88.yaml @@ -0,0 +1,58 @@ +id: checkout-plugins-stripe-woo-15e030858694c0a02fa97544922bfe88 + +info: + name: > + Stripe Payments For WooCommerce by Checkout Plugins <= 1.4.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af0579f3-09f8-46cc-9ba8-647a8ec83076?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/checkout-plugins-stripe-woo/" + google-query: inurl:"/wp-content/plugins/checkout-plugins-stripe-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,checkout-plugins-stripe-woo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/checkout-plugins-stripe-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "checkout-plugins-stripe-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/child-theme-generator-ed864fc86a7fe870d57e87a3dcd3af49.yaml b/nuclei-templates/cve-less/plugins/child-theme-generator-ed864fc86a7fe870d57e87a3dcd3af49.yaml new file mode 100644 index 0000000000..03d1e204a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/child-theme-generator-ed864fc86a7fe870d57e87a3dcd3af49.yaml @@ -0,0 +1,58 @@ +id: child-theme-generator-ed864fc86a7fe870d57e87a3dcd3af49 + +info: + name: > + Child Theme Generator <= 2.2.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73d89f61-e34a-493b-a856-63f1553f3000?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/child-theme-generator/" + google-query: inurl:"/wp-content/plugins/child-theme-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,child-theme-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/child-theme-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "child-theme-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chilexpress-oficial-29ab94320ed945dea921e0756254429b.yaml b/nuclei-templates/cve-less/plugins/chilexpress-oficial-29ab94320ed945dea921e0756254429b.yaml new file mode 100644 index 0000000000..85b2ef0ced --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chilexpress-oficial-29ab94320ed945dea921e0756254429b.yaml @@ -0,0 +1,58 @@ +id: chilexpress-oficial-29ab94320ed945dea921e0756254429b + +info: + name: > + Chilexpress woo oficial <= 1.2.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0999a738-9fae-4043-99eb-ff222a7608fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chilexpress-oficial/" + google-query: inurl:"/wp-content/plugins/chilexpress-oficial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chilexpress-oficial,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chilexpress-oficial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chilexpress-oficial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chopslider-b9df60ed6459d260336415d2d308e184.yaml b/nuclei-templates/cve-less/plugins/chopslider-b9df60ed6459d260336415d2d308e184.yaml new file mode 100644 index 0000000000..7b7d467380 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chopslider-b9df60ed6459d260336415d2d308e184.yaml @@ -0,0 +1,58 @@ +id: chopslider-b9df60ed6459d260336415d2d308e184 + +info: + name: > + Chop Slider 3 <= 3.4 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1d26326-c5c5-4993-aadf-298759eb873d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chopslider/" + google-query: inurl:"/wp-content/plugins/chopslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chopslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chopslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chopslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chp-ads-block-detector-8ecff4070b265868b558d6084036a925.yaml b/nuclei-templates/cve-less/plugins/chp-ads-block-detector-8ecff4070b265868b558d6084036a925.yaml new file mode 100644 index 0000000000..3da001a59c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chp-ads-block-detector-8ecff4070b265868b558d6084036a925.yaml @@ -0,0 +1,58 @@ +id: chp-ads-block-detector-8ecff4070b265868b558d6084036a925 + +info: + name: > + CHP Ads Block Detector <= 3.9.4 - Missing Authorization to Plugin Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4eca64d7-6e33-4b8e-af37-a3e8bbf2b76f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chp-ads-block-detector/" + google-query: inurl:"/wp-content/plugins/chp-ads-block-detector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chp-ads-block-detector,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chp-ads-block-detector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chp-ads-block-detector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chp-ads-block-detector-98c26ef05457073952420479d08234d0.yaml b/nuclei-templates/cve-less/plugins/chp-ads-block-detector-98c26ef05457073952420479d08234d0.yaml new file mode 100644 index 0000000000..5b9a0d1a7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chp-ads-block-detector-98c26ef05457073952420479d08234d0.yaml @@ -0,0 +1,58 @@ +id: chp-ads-block-detector-98c26ef05457073952420479d08234d0 + +info: + name: > + CHP Ads Block Detector <= 3.9.4 - Cross-Site Request Forgery via chp_abd_action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5a9cced-0e5e-4b6e-8291-0a862c9f9523?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chp-ads-block-detector/" + google-query: inurl:"/wp-content/plugins/chp-ads-block-detector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chp-ads-block-detector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chp-ads-block-detector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chp-ads-block-detector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chp-ads-block-detector-a6450bbcf1d391d632396e4291c55731.yaml b/nuclei-templates/cve-less/plugins/chp-ads-block-detector-a6450bbcf1d391d632396e4291c55731.yaml new file mode 100644 index 0000000000..721c38e939 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chp-ads-block-detector-a6450bbcf1d391d632396e4291c55731.yaml @@ -0,0 +1,58 @@ +id: chp-ads-block-detector-a6450bbcf1d391d632396e4291c55731 + +info: + name: > + CHP Ads Block Detector <= 3.9.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f8514c9-0e11-4e26-ba0b-1d08a990b56c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chp-ads-block-detector/" + google-query: inurl:"/wp-content/plugins/chp-ads-block-detector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chp-ads-block-detector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chp-ads-block-detector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chp-ads-block-detector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/christmas-greetings-d9f5e61a49fbbfbd69a5c0f7460c4648.yaml b/nuclei-templates/cve-less/plugins/christmas-greetings-d9f5e61a49fbbfbd69a5c0f7460c4648.yaml new file mode 100644 index 0000000000..91a1514a3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/christmas-greetings-d9f5e61a49fbbfbd69a5c0f7460c4648.yaml @@ -0,0 +1,58 @@ +id: christmas-greetings-d9f5e61a49fbbfbd69a5c0f7460c4648 + +info: + name: > + Christmas Greetings <= 1.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/466d6087-1e4d-4010-b3c7-87e9e2d64f06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/christmas-greetings/" + google-query: inurl:"/wp-content/plugins/christmas-greetings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,christmas-greetings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/christmas-greetings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "christmas-greetings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chronoforms-0f50287e721edfee647a952371440e59.yaml b/nuclei-templates/cve-less/plugins/chronoforms-0f50287e721edfee647a952371440e59.yaml new file mode 100644 index 0000000000..89ccf415e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chronoforms-0f50287e721edfee647a952371440e59.yaml @@ -0,0 +1,58 @@ +id: chronoforms-0f50287e721edfee647a952371440e59 + +info: + name: > + Chronoforms <= 7.0.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c02b9b2-b41e-4a30-b69a-9cdae86dd7a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chronoforms/" + google-query: inurl:"/wp-content/plugins/chronoforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chronoforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chronoforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chronoforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/chronosly-events-calendar-32fc78061d3eb7ab5ce33b0356499170.yaml b/nuclei-templates/cve-less/plugins/chronosly-events-calendar-32fc78061d3eb7ab5ce33b0356499170.yaml new file mode 100644 index 0000000000..82e01d1e3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/chronosly-events-calendar-32fc78061d3eb7ab5ce33b0356499170.yaml @@ -0,0 +1,58 @@ +id: chronosly-events-calendar-32fc78061d3eb7ab5ce33b0356499170 + +info: + name: > + Chronosly Events Calendar <= 2.6.2 - Cross-Site Request Forgery via plugin_settings_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57580c2c-c3de-44a3-b586-f7092c06dc6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/chronosly-events-calendar/" + google-query: inurl:"/wp-content/plugins/chronosly-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,chronosly-events-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/chronosly-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chronosly-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-211d17907ac598fe9fa7fe583c9712b5.yaml b/nuclei-templates/cve-less/plugins/church-admin-211d17907ac598fe9fa7fe583c9712b5.yaml new file mode 100644 index 0000000000..28ce04979c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-211d17907ac598fe9fa7fe583c9712b5.yaml @@ -0,0 +1,58 @@ +id: church-admin-211d17907ac598fe9fa7fe583c9712b5 + +info: + name: > + Church Admin <= 4.1.5 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cc178d7-da99-4fbc-9277-52c6299f0417?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-2552c36873674cea120ccc38e69f7427.yaml b/nuclei-templates/cve-less/plugins/church-admin-2552c36873674cea120ccc38e69f7427.yaml new file mode 100644 index 0000000000..2405c6b098 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-2552c36873674cea120ccc38e69f7427.yaml @@ -0,0 +1,58 @@ +id: church-admin-2552c36873674cea120ccc38e69f7427 + +info: + name: > + Church Admin <= 4.1.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62998f65-5c99-490d-829f-4d63a9a20287?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-5730fd190ef48d8c13b621a11b022d51.yaml b/nuclei-templates/cve-less/plugins/church-admin-5730fd190ef48d8c13b621a11b022d51.yaml new file mode 100644 index 0000000000..b5290a9b37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-5730fd190ef48d8c13b621a11b022d51.yaml @@ -0,0 +1,58 @@ +id: church-admin-5730fd190ef48d8c13b621a11b022d51 + +info: + name: > + Church Admin <= 3.4.134 - Cross-Site Request Forgery leading to Plugin Backup Disclosure + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab78f245-ab2d-4e9a-bd43-caa3afd1366b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.135') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-5b5631c6755ba3e58cfcfbe9ec90f71c.yaml b/nuclei-templates/cve-less/plugins/church-admin-5b5631c6755ba3e58cfcfbe9ec90f71c.yaml new file mode 100644 index 0000000000..f4e17f0735 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-5b5631c6755ba3e58cfcfbe9ec90f71c.yaml @@ -0,0 +1,58 @@ +id: church-admin-5b5631c6755ba3e58cfcfbe9ec90f71c + +info: + name: > + Church Admin <= 4.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4429eb0-2b9a-4366-9f93-90484872c48e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-5e04848eef304ee1fb47854040c71b18.yaml b/nuclei-templates/cve-less/plugins/church-admin-5e04848eef304ee1fb47854040c71b18.yaml new file mode 100644 index 0000000000..225f1b6431 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-5e04848eef304ee1fb47854040c71b18.yaml @@ -0,0 +1,58 @@ +id: church-admin-5e04848eef304ee1fb47854040c71b18 + +info: + name: > + Church Admin <= 3.7.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2204017a-0363-4f2f-909a-e0826463477c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-62fad85c6fa5b7fb3d8634d94c62f43f.yaml b/nuclei-templates/cve-less/plugins/church-admin-62fad85c6fa5b7fb3d8634d94c62f43f.yaml new file mode 100644 index 0000000000..e1c5d67e7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-62fad85c6fa5b7fb3d8634d94c62f43f.yaml @@ -0,0 +1,58 @@ +id: church-admin-62fad85c6fa5b7fb3d8634d94c62f43f + +info: + name: > + Church Admin <= 4.0.27 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07693689-2f61-41dc-9fa1-b6e5f0073dc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-85e68d609db8f93e17b14e0a7511b5c8.yaml b/nuclei-templates/cve-less/plugins/church-admin-85e68d609db8f93e17b14e0a7511b5c8.yaml new file mode 100644 index 0000000000..5bdcc07276 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-85e68d609db8f93e17b14e0a7511b5c8.yaml @@ -0,0 +1,58 @@ +id: church-admin-85e68d609db8f93e17b14e0a7511b5c8 + +info: + name: > + Church Admin <= 4.1.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/473eab06-67c8-4143-9d00-eb2866f101c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-8c1d8b54955c02df9ba77ea482839214.yaml b/nuclei-templates/cve-less/plugins/church-admin-8c1d8b54955c02df9ba77ea482839214.yaml new file mode 100644 index 0000000000..a3312eb901 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-8c1d8b54955c02df9ba77ea482839214.yaml @@ -0,0 +1,58 @@ +id: church-admin-8c1d8b54955c02df9ba77ea482839214 + +info: + name: > + Church Admin <= 4.0.27 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97312cf2-dcff-466f-a27c-25686216ed04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-be26aafc9c00248210b5b5ec8b8d8831.yaml b/nuclei-templates/cve-less/plugins/church-admin-be26aafc9c00248210b5b5ec8b8d8831.yaml new file mode 100644 index 0000000000..0022d0b8a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-be26aafc9c00248210b5b5ec8b8d8831.yaml @@ -0,0 +1,58 @@ +id: church-admin-be26aafc9c00248210b5b5ec8b8d8831 + +info: + name: > + Church Admin <= 3.7.56 - Server-Side Request Forgery via church_admin_import_csv + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ff53647-572f-419f-ad39-965658a10263?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.56') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-c1356627585be8298fc5154daa83bb1f.yaml b/nuclei-templates/cve-less/plugins/church-admin-c1356627585be8298fc5154daa83bb1f.yaml new file mode 100644 index 0000000000..22f2cf094c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-c1356627585be8298fc5154daa83bb1f.yaml @@ -0,0 +1,58 @@ +id: church-admin-c1356627585be8298fc5154daa83bb1f + +info: + name: > + Church Admin < 1.2550 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fca3dae-43a9-4130-ad04-8624aeb0c26b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2550') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-ce1d4ccc883e8bf5f82fe00f2d94fe35.yaml b/nuclei-templates/cve-less/plugins/church-admin-ce1d4ccc883e8bf5f82fe00f2d94fe35.yaml new file mode 100644 index 0000000000..36ad24f542 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-ce1d4ccc883e8bf5f82fe00f2d94fe35.yaml @@ -0,0 +1,58 @@ +id: church-admin-ce1d4ccc883e8bf5f82fe00f2d94fe35 + +info: + name: > + Church Admin < 0.810 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54e7ccaf-2b16-4e36-a8ec-8f1f61193ffd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.810') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-d0a63c61f1af91f397e1af950dda23c4.yaml b/nuclei-templates/cve-less/plugins/church-admin-d0a63c61f1af91f397e1af950dda23c4.yaml new file mode 100644 index 0000000000..dba25db139 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-d0a63c61f1af91f397e1af950dda23c4.yaml @@ -0,0 +1,58 @@ +id: church-admin-d0a63c61f1af91f397e1af950dda23c4 + +info: + name: > + Church Admin <= 3.7.29 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e85efdc1-cffc-411a-a2f7-6fa1132e2910?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-dada2db55c799a5508c295a160b1fcaf.yaml b/nuclei-templates/cve-less/plugins/church-admin-dada2db55c799a5508c295a160b1fcaf.yaml new file mode 100644 index 0000000000..556e06be98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-dada2db55c799a5508c295a160b1fcaf.yaml @@ -0,0 +1,58 @@ +id: church-admin-dada2db55c799a5508c295a160b1fcaf + +info: + name: > + Church Admin <= 4.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via meta-text + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/379825e2-61bf-4d11-8eea-05ad08200e9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-admin-dd67ce4e359afe3a28fa3105db87a235.yaml b/nuclei-templates/cve-less/plugins/church-admin-dd67ce4e359afe3a28fa3105db87a235.yaml new file mode 100644 index 0000000000..f8ce4b50cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-admin-dd67ce4e359afe3a28fa3105db87a235.yaml @@ -0,0 +1,58 @@ +id: church-admin-dd67ce4e359afe3a28fa3105db87a235 + +info: + name: > + Church Admin <= 4.1.18 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a268550-af65-405a-a16a-9083533e4acc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-admin/" + google-query: inurl:"/wp-content/plugins/church-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-admin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-management-a6893186307907fca26272a54fd950bf.yaml b/nuclei-templates/cve-less/plugins/church-management-a6893186307907fca26272a54fd950bf.yaml new file mode 100644 index 0000000000..cfb57c992b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-management-a6893186307907fca26272a54fd950bf.yaml @@ -0,0 +1,58 @@ +id: church-management-a6893186307907fca26272a54fd950bf + +info: + name: > + WPCHURCH - Church Management System for Wordpress Theme < 13-07-2019 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25a05249-d899-429b-a7d3-c283c03a48a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-management/" + google-query: inurl:"/wp-content/plugins/church-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-management,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 13-07-2019') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/church-theme-content-3e8d1d694647ed5b6d6bc051900f98be.yaml b/nuclei-templates/cve-less/plugins/church-theme-content-3e8d1d694647ed5b6d6bc051900f98be.yaml new file mode 100644 index 0000000000..8d9e70c8de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/church-theme-content-3e8d1d694647ed5b6d6bc051900f98be.yaml @@ -0,0 +1,58 @@ +id: church-theme-content-3e8d1d694647ed5b6d6bc051900f98be + +info: + name: > + Church Content – Sermons, Events and More <= 2.6 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9f7f66f-5d58-4a23-8444-805569ec8294?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/church-theme-content/" + google-query: inurl:"/wp-content/plugins/church-theme-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,church-theme-content,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/church-theme-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "church-theme-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cimy-header-image-rotator-b77d972bfa12e86d544c2057da2d9c61.yaml b/nuclei-templates/cve-less/plugins/cimy-header-image-rotator-b77d972bfa12e86d544c2057da2d9c61.yaml new file mode 100644 index 0000000000..92a7ca6113 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cimy-header-image-rotator-b77d972bfa12e86d544c2057da2d9c61.yaml @@ -0,0 +1,58 @@ +id: cimy-header-image-rotator-b77d972bfa12e86d544c2057da2d9c61 + +info: + name: > + Cimy Header Image Rotator <= 6.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cfec2b8-1df0-4f3f-b6cc-ed0adecaeb16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cimy-header-image-rotator/" + google-query: inurl:"/wp-content/plugins/cimy-header-image-rotator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cimy-header-image-rotator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cimy-header-image-rotator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cimy-header-image-rotator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/circle-image-slider-with-lightbox-42e55306470e6d1ac0240deaf313219c.yaml b/nuclei-templates/cve-less/plugins/circle-image-slider-with-lightbox-42e55306470e6d1ac0240deaf313219c.yaml new file mode 100644 index 0000000000..8c546b26d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/circle-image-slider-with-lightbox-42e55306470e6d1ac0240deaf313219c.yaml @@ -0,0 +1,58 @@ +id: circle-image-slider-with-lightbox-42e55306470e6d1ac0240deaf313219c + +info: + name: > + Team Circle Image Slider With Lightbox <= 1.0.17 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2627ac2b-25a8-480d-ac83-ee0ca323b3a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/circle-image-slider-with-lightbox/" + google-query: inurl:"/wp-content/plugins/circle-image-slider-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,circle-image-slider-with-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/circle-image-slider-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "circle-image-slider-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/circle-image-slider-with-lightbox-93dba1cadeafcd73215feec69fcf5f63.yaml b/nuclei-templates/cve-less/plugins/circle-image-slider-with-lightbox-93dba1cadeafcd73215feec69fcf5f63.yaml new file mode 100644 index 0000000000..efda4ba972 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/circle-image-slider-with-lightbox-93dba1cadeafcd73215feec69fcf5f63.yaml @@ -0,0 +1,58 @@ +id: circle-image-slider-with-lightbox-93dba1cadeafcd73215feec69fcf5f63 + +info: + name: > + Team Circle Image Slider With Lightbox 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6a54470-fc66-43c5-a523-ddbefd47ee1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/circle-image-slider-with-lightbox/" + google-query: inurl:"/wp-content/plugins/circle-image-slider-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,circle-image-slider-with-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/circle-image-slider-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "circle-image-slider-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/circle-image-slider-with-lightbox-ef03a122b111711054e748e01eb53a23.yaml b/nuclei-templates/cve-less/plugins/circle-image-slider-with-lightbox-ef03a122b111711054e748e01eb53a23.yaml new file mode 100644 index 0000000000..91dd27afba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/circle-image-slider-with-lightbox-ef03a122b111711054e748e01eb53a23.yaml @@ -0,0 +1,58 @@ +id: circle-image-slider-with-lightbox-ef03a122b111711054e748e01eb53a23 + +info: + name: > + Team Circle Image Slider With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f160f474-de8d-4120-9f46-a185b035a627?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/circle-image-slider-with-lightbox/" + google-query: inurl:"/wp-content/plugins/circle-image-slider-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,circle-image-slider-with-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/circle-image-slider-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "circle-image-slider-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/circles-gallery-ae8255f2994549b36706bb9a56ad3c0f.yaml b/nuclei-templates/cve-less/plugins/circles-gallery-ae8255f2994549b36706bb9a56ad3c0f.yaml new file mode 100644 index 0000000000..c5fc39caa9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/circles-gallery-ae8255f2994549b36706bb9a56ad3c0f.yaml @@ -0,0 +1,58 @@ +id: circles-gallery-ae8255f2994549b36706bb9a56ad3c0f + +info: + name: > + Circles Gallery <= 1.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting via Admin Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/882caa58-b56f-455f-ab3e-1fd8fd4e10e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/circles-gallery/" + google-query: inurl:"/wp-content/plugins/circles-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,circles-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/circles-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "circles-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/citadela-directory-cbb621b3a6e8313b4fce0a47ef22d371.yaml b/nuclei-templates/cve-less/plugins/citadela-directory-cbb621b3a6e8313b4fce0a47ef22d371.yaml new file mode 100644 index 0000000000..98d6ea5825 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/citadela-directory-cbb621b3a6e8313b4fce0a47ef22d371.yaml @@ -0,0 +1,58 @@ +id: citadela-directory-cbb621b3a6e8313b4fce0a47ef22d371 + +info: + name: > + Citadela Listing <= 5.18.1 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/676c8ed5-5a59-413f-af7a-49d6927cd9b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/citadela-directory/" + google-query: inurl:"/wp-content/plugins/citadela-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,citadela-directory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/citadela-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "citadela-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.18.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/citadela-directory-da4e2303d14d4ccfc14a24b1a1b01b04.yaml b/nuclei-templates/cve-less/plugins/citadela-directory-da4e2303d14d4ccfc14a24b1a1b01b04.yaml new file mode 100644 index 0000000000..e31355f335 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/citadela-directory-da4e2303d14d4ccfc14a24b1a1b01b04.yaml @@ -0,0 +1,58 @@ +id: citadela-directory-da4e2303d14d4ccfc14a24b1a1b01b04 + +info: + name: > + Citadela Listing <= 5.18.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/911d083a-57d2-4574-a5b3-b299c368400c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/citadela-directory/" + google-query: inurl:"/wp-content/plugins/citadela-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,citadela-directory,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/citadela-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "citadela-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.18.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cits-support-svg-webp-media-upload-4e81e30f96ac2459f5d1b33071468659.yaml b/nuclei-templates/cve-less/plugins/cits-support-svg-webp-media-upload-4e81e30f96ac2459f5d1b33071468659.yaml new file mode 100644 index 0000000000..64e52d4264 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cits-support-svg-webp-media-upload-4e81e30f96ac2459f5d1b33071468659.yaml @@ -0,0 +1,58 @@ +id: cits-support-svg-webp-media-upload-4e81e30f96ac2459f5d1b33071468659 + +info: + name: > + CITS Support svg, webp Media and TTF,OTF File Upload <= 2.1.0 - Authenticated(Author+) Stored Cross-Site Scripting via SVG Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7d3edf5-245f-42f2-9add-e87de6839ed1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cits-support-svg-webp-media-upload/" + google-query: inurl:"/wp-content/plugins/cits-support-svg-webp-media-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cits-support-svg-webp-media-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cits-support-svg-webp-media-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cits-support-svg-webp-media-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/civicrm-7c25c077af82ab884cd08d532650e9f1.yaml b/nuclei-templates/cve-less/plugins/civicrm-7c25c077af82ab884cd08d532650e9f1.yaml new file mode 100644 index 0000000000..a5a42208c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/civicrm-7c25c077af82ab884cd08d532650e9f1.yaml @@ -0,0 +1,58 @@ +id: civicrm-7c25c077af82ab884cd08d532650e9f1 + +info: + name: > + CiviCRM < 5.28.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82fe99af-f254-4f4f-ac27-3e1997c370f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/civicrm/" + google-query: inurl:"/wp-content/plugins/civicrm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,civicrm,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/civicrm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "civicrm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.28.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ckeditor-for-wordpress-e7b1c96e657c95612bee61206db60673.yaml b/nuclei-templates/cve-less/plugins/ckeditor-for-wordpress-e7b1c96e657c95612bee61206db60673.yaml new file mode 100644 index 0000000000..c4842c88ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ckeditor-for-wordpress-e7b1c96e657c95612bee61206db60673.yaml @@ -0,0 +1,58 @@ +id: ckeditor-for-wordpress-e7b1c96e657c95612bee61206db60673 + +info: + name: > + CKEditor for WordPress <= 4.5.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15f3ca33-50b8-4cd3-bcd1-5a73a3a06fc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ckeditor-for-wordpress/" + google-query: inurl:"/wp-content/plugins/ckeditor-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ckeditor-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ckeditor-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ckeditor-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/classic-editor-and-classic-widgets-0d765d8e5ca0f1a3232d36cbff05684c.yaml b/nuclei-templates/cve-less/plugins/classic-editor-and-classic-widgets-0d765d8e5ca0f1a3232d36cbff05684c.yaml new file mode 100644 index 0000000000..6f58c9c1d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/classic-editor-and-classic-widgets-0d765d8e5ca0f1a3232d36cbff05684c.yaml @@ -0,0 +1,58 @@ +id: classic-editor-and-classic-widgets-0d765d8e5ca0f1a3232d36cbff05684c + +info: + name: > + Classic Editor and Classic Widgets <= 1.2.5 - Cross-Site Request Forgery via render_settings_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce2bef2f-fe28-48ea-8b83-052eebd31622?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/classic-editor-and-classic-widgets/" + google-query: inurl:"/wp-content/plugins/classic-editor-and-classic-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,classic-editor-and-classic-widgets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classic-editor-and-classic-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classic-editor-and-classic-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/classified-core-94f85d394521a13053659cf48cf14634.yaml b/nuclei-templates/cve-less/plugins/classified-core-94f85d394521a13053659cf48cf14634.yaml new file mode 100644 index 0000000000..e5e7771ee4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/classified-core-94f85d394521a13053659cf48cf14634.yaml @@ -0,0 +1,58 @@ +id: classified-core-94f85d394521a13053659cf48cf14634 + +info: + name: > + Classima < 2.1.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cfee2e2-3486-4be8-954f-6d7f9b6d54ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/classified-core/" + google-query: inurl:"/wp-content/plugins/classified-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,classified-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classified-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classified-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/classified-listing-095d7ac917f72e37e9bb35fbb61b06e5.yaml b/nuclei-templates/cve-less/plugins/classified-listing-095d7ac917f72e37e9bb35fbb61b06e5.yaml new file mode 100644 index 0000000000..e5cbeea251 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/classified-listing-095d7ac917f72e37e9bb35fbb61b06e5.yaml @@ -0,0 +1,58 @@ +id: classified-listing-095d7ac917f72e37e9bb35fbb61b06e5 + +info: + name: > + Classified Listing – Classified ads & Business Directory Plugin <= 3.0.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5da4cdd-15c7-41a6-be2f-e31bd407ae05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/classified-listing/" + google-query: inurl:"/wp-content/plugins/classified-listing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,classified-listing,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classified-listing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classified-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/classified-listing-4133059c81c533e7538f4a29d7f3ad01.yaml b/nuclei-templates/cve-less/plugins/classified-listing-4133059c81c533e7538f4a29d7f3ad01.yaml new file mode 100644 index 0000000000..fcb4807190 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/classified-listing-4133059c81c533e7538f4a29d7f3ad01.yaml @@ -0,0 +1,58 @@ +id: classified-listing-4133059c81c533e7538f4a29d7f3ad01 + +info: + name: > + Classified Listing <= 2.4.5 - Cross-Site Request Forgery via rtcl_ajax_thumbnail_delete + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2352dce7-5302-4892-9ae2-bf814f029af4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/classified-listing/" + google-query: inurl:"/wp-content/plugins/classified-listing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,classified-listing,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classified-listing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classified-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/classified-listing-94f85d394521a13053659cf48cf14634.yaml b/nuclei-templates/cve-less/plugins/classified-listing-94f85d394521a13053659cf48cf14634.yaml new file mode 100644 index 0000000000..b05a66e7b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/classified-listing-94f85d394521a13053659cf48cf14634.yaml @@ -0,0 +1,58 @@ +id: classified-listing-94f85d394521a13053659cf48cf14634 + +info: + name: > + Classima < 2.1.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cfee2e2-3486-4be8-954f-6d7f9b6d54ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/classified-listing/" + google-query: inurl:"/wp-content/plugins/classified-listing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,classified-listing,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classified-listing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classified-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/classified-listing-e39757704ab66d7ab58f6ee33ac96e65.yaml b/nuclei-templates/cve-less/plugins/classified-listing-e39757704ab66d7ab58f6ee33ac96e65.yaml new file mode 100644 index 0000000000..3face0a872 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/classified-listing-e39757704ab66d7ab58f6ee33ac96e65.yaml @@ -0,0 +1,58 @@ +id: classified-listing-e39757704ab66d7ab58f6ee33ac96e65 + +info: + name: > + Classified Listing <= 3.0.4 - Cross-Site Request Forgery to Account Takeover via rtcl_update_user_account + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5439651e-5557-4b13-813a-4fc0ad876104?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/classified-listing/" + google-query: inurl:"/wp-content/plugins/classified-listing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,classified-listing,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classified-listing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classified-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/classified-listing-f4bbfecaa3b9697ac9c466359f202f2b.yaml b/nuclei-templates/cve-less/plugins/classified-listing-f4bbfecaa3b9697ac9c466359f202f2b.yaml new file mode 100644 index 0000000000..c3fe87ba68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/classified-listing-f4bbfecaa3b9697ac9c466359f202f2b.yaml @@ -0,0 +1,58 @@ +id: classified-listing-f4bbfecaa3b9697ac9c466359f202f2b + +info: + name: > + Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7113b1c-78dc-4648-b14a-52ff6668fd1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/classified-listing/" + google-query: inurl:"/wp-content/plugins/classified-listing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,classified-listing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classified-listing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classified-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/classified-listing-pro-3bf83b01db180da0cd7fc6578f1451d0.yaml b/nuclei-templates/cve-less/plugins/classified-listing-pro-3bf83b01db180da0cd7fc6578f1451d0.yaml new file mode 100644 index 0000000000..f4f1882548 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/classified-listing-pro-3bf83b01db180da0cd7fc6578f1451d0.yaml @@ -0,0 +1,58 @@ +id: classified-listing-pro-3bf83b01db180da0cd7fc6578f1451d0 + +info: + name: > + Classified Listing Pro < 2.0.20 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc491c2b-0ae2-4002-a745-435a183d8e01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/classified-listing-pro/" + google-query: inurl:"/wp-content/plugins/classified-listing-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,classified-listing-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classified-listing-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classified-listing-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/classified-listing-pro-94f85d394521a13053659cf48cf14634.yaml b/nuclei-templates/cve-less/plugins/classified-listing-pro-94f85d394521a13053659cf48cf14634.yaml new file mode 100644 index 0000000000..f28714c697 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/classified-listing-pro-94f85d394521a13053659cf48cf14634.yaml @@ -0,0 +1,58 @@ +id: classified-listing-pro-94f85d394521a13053659cf48cf14634 + +info: + name: > + Classima < 2.1.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cfee2e2-3486-4be8-954f-6d7f9b6d54ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/classified-listing-pro/" + google-query: inurl:"/wp-content/plugins/classified-listing-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,classified-listing-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classified-listing-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classified-listing-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/classified-listing-store-94f85d394521a13053659cf48cf14634.yaml b/nuclei-templates/cve-less/plugins/classified-listing-store-94f85d394521a13053659cf48cf14634.yaml new file mode 100644 index 0000000000..227a4c289e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/classified-listing-store-94f85d394521a13053659cf48cf14634.yaml @@ -0,0 +1,58 @@ +id: classified-listing-store-94f85d394521a13053659cf48cf14634 + +info: + name: > + Classima < 2.1.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cfee2e2-3486-4be8-954f-6d7f9b6d54ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/classified-listing-store/" + google-query: inurl:"/wp-content/plugins/classified-listing-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,classified-listing-store,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classified-listing-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classified-listing-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/classyfrieds-f47e6eae64c804173012f23d96ac47f1.yaml b/nuclei-templates/cve-less/plugins/classyfrieds-f47e6eae64c804173012f23d96ac47f1.yaml new file mode 100644 index 0000000000..ec3b1254e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/classyfrieds-f47e6eae64c804173012f23d96ac47f1.yaml @@ -0,0 +1,58 @@ +id: classyfrieds-f47e6eae64c804173012f23d96ac47f1 + +info: + name: > + classyfrieds <= 3.8 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8185c7a4-3d8e-4a24-9746-536337afbcfe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/classyfrieds/" + google-query: inurl:"/wp-content/plugins/classyfrieds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,classyfrieds,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/classyfrieds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classyfrieds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clean-and-simple-contact-form-by-meg-nicholas-f5690c4ae22224ef33491e3a8f293f4d.yaml b/nuclei-templates/cve-less/plugins/clean-and-simple-contact-form-by-meg-nicholas-f5690c4ae22224ef33491e3a8f293f4d.yaml new file mode 100644 index 0000000000..811a11f3b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clean-and-simple-contact-form-by-meg-nicholas-f5690c4ae22224ef33491e3a8f293f4d.yaml @@ -0,0 +1,58 @@ +id: clean-and-simple-contact-form-by-meg-nicholas-f5690c4ae22224ef33491e3a8f293f4d + +info: + name: > + Contact Form Clean and Simple < 4.4.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72e7dbe0-0e48-4511-9e35-77af7d3d13e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/" + google-query: inurl:"/wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clean-and-simple-contact-form-by-meg-nicholas,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clean-and-simple-contact-form-by-meg-nicholas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clean-and-simple-contact-form-by-meg-nicholas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clean-contact-800e55dd995f58ca489269cf15bde8aa.yaml b/nuclei-templates/cve-less/plugins/clean-contact-800e55dd995f58ca489269cf15bde8aa.yaml new file mode 100644 index 0000000000..2a73392163 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clean-contact-800e55dd995f58ca489269cf15bde8aa.yaml @@ -0,0 +1,58 @@ +id: clean-contact-800e55dd995f58ca489269cf15bde8aa + +info: + name: > + Clean-Contact <= 1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e96b3d21-edeb-4dec-b13c-3688d3996cb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clean-contact/" + google-query: inurl:"/wp-content/plugins/clean-contact/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clean-contact,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clean-contact/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clean-contact" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clean-login-1603de092dffce494eb91c592d08f004.yaml b/nuclei-templates/cve-less/plugins/clean-login-1603de092dffce494eb91c592d08f004.yaml new file mode 100644 index 0000000000..c483da1046 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clean-login-1603de092dffce494eb91c592d08f004.yaml @@ -0,0 +1,58 @@ +id: clean-login-1603de092dffce494eb91c592d08f004 + +info: + name: > + Clean Login <= 1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3436916c-a7ab-4960-8afe-145b3799392e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clean-login/" + google-query: inurl:"/wp-content/plugins/clean-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clean-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clean-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clean-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clean-login-ac790c964325ea0370bae2df48218a78.yaml b/nuclei-templates/cve-less/plugins/clean-login-ac790c964325ea0370bae2df48218a78.yaml new file mode 100644 index 0000000000..48037081d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clean-login-ac790c964325ea0370bae2df48218a78.yaml @@ -0,0 +1,58 @@ +id: clean-login-ac790c964325ea0370bae2df48218a78 + +info: + name: > + Clean Login <= 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/490944a6-96e8-4416-a63b-c7a7ba9172ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clean-login/" + google-query: inurl:"/wp-content/plugins/clean-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clean-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clean-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clean-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clean-login-b85e6f076cf78bc83dad21e66d70a2d9.yaml b/nuclei-templates/cve-less/plugins/clean-login-b85e6f076cf78bc83dad21e66d70a2d9.yaml new file mode 100644 index 0000000000..e20a8eabb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clean-login-b85e6f076cf78bc83dad21e66d70a2d9.yaml @@ -0,0 +1,58 @@ +id: clean-login-b85e6f076cf78bc83dad21e66d70a2d9 + +info: + name: > + Clean Login <= 1.10.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f630773-f65a-44a5-9b84-ea542c78a69a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clean-login/" + google-query: inurl:"/wp-content/plugins/clean-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clean-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clean-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clean-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-212daaad6857839ca091cc2dcc90e7c8.yaml b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-212daaad6857839ca091cc2dcc90e7c8.yaml new file mode 100644 index 0000000000..608f412d32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-212daaad6857839ca091cc2dcc90e7c8.yaml @@ -0,0 +1,58 @@ +id: cleantalk-spam-protect-212daaad6857839ca091cc2dcc90e7c8 + +info: + name: > + Spam protection, AntiSpam, FireWall by CleanTalk <= 5.153.3 - Unauthenticated Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fe50510-6736-4bcf-b62f-0b8d2cb8ff3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cleantalk-spam-protect/" + google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cleantalk-spam-protect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cleantalk-spam-protect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.153.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-4459115a144ee37cdfb4079325938d4b.yaml b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-4459115a144ee37cdfb4079325938d4b.yaml new file mode 100644 index 0000000000..a4b3edcbbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-4459115a144ee37cdfb4079325938d4b.yaml @@ -0,0 +1,58 @@ +id: cleantalk-spam-protect-4459115a144ee37cdfb4079325938d4b + +info: + name: > + Anti-Spam by CleanTalk < 5.149 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67631693-ae8a-4532-a9e3-f21b385131a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cleantalk-spam-protect/" + google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cleantalk-spam-protect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cleantalk-spam-protect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.149') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-6ffa9b277924d8aa648b0bee9bf4b06d.yaml b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-6ffa9b277924d8aa648b0bee9bf4b06d.yaml new file mode 100644 index 0000000000..0a4d31fde9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-6ffa9b277924d8aa648b0bee9bf4b06d.yaml @@ -0,0 +1,58 @@ +id: cleantalk-spam-protect-6ffa9b277924d8aa648b0bee9bf4b06d + +info: + name: > + Spam protection, AntiSpam, FireWall by CleanTalk <= 6.20 - Cross-Site Request Forgery via apbct_settings__update_account_email + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19dd6670-2813-4944-abcd-c26fb9b82092?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cleantalk-spam-protect/" + google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cleantalk-spam-protect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cleantalk-spam-protect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-a8def04824c95aa61e5602395bc3c9b4.yaml b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-a8def04824c95aa61e5602395bc3c9b4.yaml new file mode 100644 index 0000000000..0c03bcffd5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-a8def04824c95aa61e5602395bc3c9b4.yaml @@ -0,0 +1,58 @@ +id: cleantalk-spam-protect-a8def04824c95aa61e5602395bc3c9b4 + +info: + name: > + Spam protection, AntiSpam, FireWall by CleanTalk <= 6.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89dab433-91e9-4500-ab40-f4b500e66983?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cleantalk-spam-protect/" + google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cleantalk-spam-protect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cleantalk-spam-protect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-bf15f8f75324665dbab0a976954762a4.yaml b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-bf15f8f75324665dbab0a976954762a4.yaml new file mode 100644 index 0000000000..7c97ca23df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-bf15f8f75324665dbab0a976954762a4.yaml @@ -0,0 +1,58 @@ +id: cleantalk-spam-protect-bf15f8f75324665dbab0a976954762a4 + +info: + name: > + AntiSpam by CleanTalk <= 5.185 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21e06220-c8f0-4754-ba19-8df519be4038?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cleantalk-spam-protect/" + google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cleantalk-spam-protect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cleantalk-spam-protect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.185') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-cde99dbef0431b3a59324e5afac3b480.yaml b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-cde99dbef0431b3a59324e5afac3b480.yaml new file mode 100644 index 0000000000..85054c385b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-cde99dbef0431b3a59324e5afac3b480.yaml @@ -0,0 +1,58 @@ +id: cleantalk-spam-protect-cde99dbef0431b3a59324e5afac3b480 + +info: + name: > + Spam protection, AntiSpam, FireWall by CleanTalk <= 5.173 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebb33fdc-fd89-4d4f-9107-287a64abc150?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cleantalk-spam-protect/" + google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cleantalk-spam-protect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cleantalk-spam-protect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.173') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-d289b479a5c784ed3d240622792b7f9a.yaml b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-d289b479a5c784ed3d240622792b7f9a.yaml new file mode 100644 index 0000000000..85007a55e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-d289b479a5c784ed3d240622792b7f9a.yaml @@ -0,0 +1,58 @@ +id: cleantalk-spam-protect-d289b479a5c784ed3d240622792b7f9a + +info: + name: > + Spam protection, AntiSpam, FireWall by CleanTalk <= 5.127.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3855918-960e-487d-9d5f-6dbeba45523e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cleantalk-spam-protect/" + google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cleantalk-spam-protect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cleantalk-spam-protect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.127.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-de9d4da93fc4bb5251225efa35d16a3e.yaml b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-de9d4da93fc4bb5251225efa35d16a3e.yaml new file mode 100644 index 0000000000..a53bafbfcd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-de9d4da93fc4bb5251225efa35d16a3e.yaml @@ -0,0 +1,58 @@ +id: cleantalk-spam-protect-de9d4da93fc4bb5251225efa35d16a3e + +info: + name: > + Spam protection, AntiSpam, FireWall by CleanTalk <= 5.173 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0df6f15f-308f-4397-9a67-6a6dab992568?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cleantalk-spam-protect/" + google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cleantalk-spam-protect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cleantalk-spam-protect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.173') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-efa9a2b8677e473b07061cec22c03e03.yaml b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-efa9a2b8677e473b07061cec22c03e03.yaml new file mode 100644 index 0000000000..e1a1ab0385 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cleantalk-spam-protect-efa9a2b8677e473b07061cec22c03e03.yaml @@ -0,0 +1,58 @@ +id: cleantalk-spam-protect-efa9a2b8677e473b07061cec22c03e03 + +info: + name: > + Spam protection, AntiSpam, FireWall by CleanTalk <= 6.20 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4eb4400d-d629-4c88-9ec5-06da9089f6d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cleantalk-spam-protect/" + google-query: inurl:"/wp-content/plugins/cleantalk-spam-protect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cleantalk-spam-protect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cleantalk-spam-protect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cleantalk-spam-protect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clerkio-c0684cce94d057969c2bd8df09557f34.yaml b/nuclei-templates/cve-less/plugins/clerkio-c0684cce94d057969c2bd8df09557f34.yaml new file mode 100644 index 0000000000..fab2acaac7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clerkio-c0684cce94d057969c2bd8df09557f34.yaml @@ -0,0 +1,58 @@ +id: clerkio-c0684cce94d057969c2bd8df09557f34 + +info: + name: > + Clerk <= 3.8.2 - Authorization Bypass via Insufficient Validation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c929a742-6481-40a0-94b5-76ddb8494896?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clerkio/" + google-query: inurl:"/wp-content/plugins/clerkio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clerkio,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clerkio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clerkio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cleverwise-daily-quotes-38c76ee17f970b2f9f7455a9aafdaf8f.yaml b/nuclei-templates/cve-less/plugins/cleverwise-daily-quotes-38c76ee17f970b2f9f7455a9aafdaf8f.yaml new file mode 100644 index 0000000000..cf61fbb2da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cleverwise-daily-quotes-38c76ee17f970b2f9f7455a9aafdaf8f.yaml @@ -0,0 +1,58 @@ +id: cleverwise-daily-quotes-38c76ee17f970b2f9f7455a9aafdaf8f + +info: + name: > + Cleverwise Daily Quotes <= 3.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71f7733a-1350-4e22-98d8-28be401aee69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cleverwise-daily-quotes/" + google-query: inurl:"/wp-content/plugins/cleverwise-daily-quotes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cleverwise-daily-quotes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cleverwise-daily-quotes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cleverwise-daily-quotes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/click-datos-lopd-72faeb48932ddf0ca0fa007188dbfbf8.yaml b/nuclei-templates/cve-less/plugins/click-datos-lopd-72faeb48932ddf0ca0fa007188dbfbf8.yaml new file mode 100644 index 0000000000..6fab571b88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/click-datos-lopd-72faeb48932ddf0ca0fa007188dbfbf8.yaml @@ -0,0 +1,58 @@ +id: click-datos-lopd-72faeb48932ddf0ca0fa007188dbfbf8 + +info: + name: > + Protección de Datos RGPD <= 3.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eaebcae4-cdf5-4eb7-9246-07185fe62d07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/click-datos-lopd/" + google-query: inurl:"/wp-content/plugins/click-datos-lopd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,click-datos-lopd,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/click-datos-lopd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "click-datos-lopd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/click-to-call-or-chat-buttons-7abc665e21c65fbf0435b861d32be85d.yaml b/nuclei-templates/cve-less/plugins/click-to-call-or-chat-buttons-7abc665e21c65fbf0435b861d32be85d.yaml new file mode 100644 index 0000000000..c425cc4237 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/click-to-call-or-chat-buttons-7abc665e21c65fbf0435b861d32be85d.yaml @@ -0,0 +1,58 @@ +id: click-to-call-or-chat-buttons-7abc665e21c65fbf0435b861d32be85d + +info: + name: > + Click to Call or Chat Buttons <= 1.4.0 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92880588-a733-43df-adf6-74fe6291822d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/click-to-call-or-chat-buttons/" + google-query: inurl:"/wp-content/plugins/click-to-call-or-chat-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,click-to-call-or-chat-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/click-to-call-or-chat-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "click-to-call-or-chat-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/click-to-chat-for-whatsapp-902cce6bbff4fff8307b6fb241b9a8f3.yaml b/nuclei-templates/cve-less/plugins/click-to-chat-for-whatsapp-902cce6bbff4fff8307b6fb241b9a8f3.yaml new file mode 100644 index 0000000000..6dde0534a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/click-to-chat-for-whatsapp-902cce6bbff4fff8307b6fb241b9a8f3.yaml @@ -0,0 +1,58 @@ +id: click-to-chat-for-whatsapp-902cce6bbff4fff8307b6fb241b9a8f3 + +info: + name: > + Click to Chat – HoliThemes <= 3.35 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe25bfef-34f0-4d57-9cba-9dcbf58281c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/click-to-chat-for-whatsapp/" + google-query: inurl:"/wp-content/plugins/click-to-chat-for-whatsapp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,click-to-chat-for-whatsapp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/click-to-chat-for-whatsapp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "click-to-chat-for-whatsapp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/click-to-chat-for-whatsapp-a875d85b1acd34789210b1b8be6e7c70.yaml b/nuclei-templates/cve-less/plugins/click-to-chat-for-whatsapp-a875d85b1acd34789210b1b8be6e7c70.yaml new file mode 100644 index 0000000000..79309134b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/click-to-chat-for-whatsapp-a875d85b1acd34789210b1b8be6e7c70.yaml @@ -0,0 +1,58 @@ +id: click-to-chat-for-whatsapp-a875d85b1acd34789210b1b8be6e7c70 + +info: + name: > + Click to Chat <= 3.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19b7cadd-b1b9-4f1d-ab30-78e0b46ad21a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/click-to-chat-for-whatsapp/" + google-query: inurl:"/wp-content/plugins/click-to-chat-for-whatsapp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,click-to-chat-for-whatsapp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/click-to-chat-for-whatsapp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "click-to-chat-for-whatsapp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/click-to-top-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/click-to-top-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..494928256a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/click-to-top-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: click-to-top-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/click-to-top/" + google-query: inurl:"/wp-content/plugins/click-to-top/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,click-to-top,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/click-to-top/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "click-to-top" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/click-to-tweet-83ab7ae2d1f6873a9d18c0bfa8619354.yaml b/nuclei-templates/cve-less/plugins/click-to-tweet-83ab7ae2d1f6873a9d18c0bfa8619354.yaml new file mode 100644 index 0000000000..8aa9093ae2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/click-to-tweet-83ab7ae2d1f6873a9d18c0bfa8619354.yaml @@ -0,0 +1,58 @@ +id: click-to-tweet-83ab7ae2d1f6873a9d18c0bfa8619354 + +info: + name: > + Click To Tweet <= 2.0.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5031140-9a48-43da-b946-00ce9c70258b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/click-to-tweet/" + google-query: inurl:"/wp-content/plugins/click-to-tweet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,click-to-tweet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/click-to-tweet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "click-to-tweet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/click-to-tweet-935ebeacc0c73d89223e844fd2aaeaeb.yaml b/nuclei-templates/cve-less/plugins/click-to-tweet-935ebeacc0c73d89223e844fd2aaeaeb.yaml new file mode 100644 index 0000000000..17724d1f23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/click-to-tweet-935ebeacc0c73d89223e844fd2aaeaeb.yaml @@ -0,0 +1,58 @@ +id: click-to-tweet-935ebeacc0c73d89223e844fd2aaeaeb + +info: + name: > + Click To Tweet <= 2.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7eee591c-2676-479c-ab15-96da10f51ae0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/click-to-tweet/" + google-query: inurl:"/wp-content/plugins/click-to-tweet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,click-to-tweet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/click-to-tweet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "click-to-tweet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/click-to-tweet-b512f326cf614df599ebd00014aea201.yaml b/nuclei-templates/cve-less/plugins/click-to-tweet-b512f326cf614df599ebd00014aea201.yaml new file mode 100644 index 0000000000..c838fc2eb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/click-to-tweet-b512f326cf614df599ebd00014aea201.yaml @@ -0,0 +1,58 @@ +id: click-to-tweet-b512f326cf614df599ebd00014aea201 + +info: + name: > + Click To Tweet <= 2.0.14 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f765327-3872-46cc-a4f9-40219bf0dd99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/click-to-tweet/" + google-query: inurl:"/wp-content/plugins/click-to-tweet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,click-to-tweet,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/click-to-tweet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "click-to-tweet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clickbank-ads-clickbank-widget-55592f88afc85caec6c62b369547bd3e.yaml b/nuclei-templates/cve-less/plugins/clickbank-ads-clickbank-widget-55592f88afc85caec6c62b369547bd3e.yaml new file mode 100644 index 0000000000..c6936d4ca4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clickbank-ads-clickbank-widget-55592f88afc85caec6c62b369547bd3e.yaml @@ -0,0 +1,58 @@ +id: clickbank-ads-clickbank-widget-55592f88afc85caec6c62b369547bd3e + +info: + name: > + ClickBank Affiliate Ads <= 1.20 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3eff7a6f-7098-4298-b399-91974b16fda2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clickbank-ads-clickbank-widget/" + google-query: inurl:"/wp-content/plugins/clickbank-ads-clickbank-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clickbank-ads-clickbank-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clickbank-ads-clickbank-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clickbank-ads-clickbank-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clickbank-ads-clickbank-widget-b1bcff9d2efb787a948b3f8018f345ae.yaml b/nuclei-templates/cve-less/plugins/clickbank-ads-clickbank-widget-b1bcff9d2efb787a948b3f8018f345ae.yaml new file mode 100644 index 0000000000..80a49dd158 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clickbank-ads-clickbank-widget-b1bcff9d2efb787a948b3f8018f345ae.yaml @@ -0,0 +1,58 @@ +id: clickbank-ads-clickbank-widget-b1bcff9d2efb787a948b3f8018f345ae + +info: + name: > + ClickBank Affiliate Ads < 1.31 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e579b7fd-141f-4d5f-9e0e-a1e6b985f0b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clickbank-ads-clickbank-widget/" + google-query: inurl:"/wp-content/plugins/clickbank-ads-clickbank-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clickbank-ads-clickbank-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clickbank-ads-clickbank-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clickbank-ads-clickbank-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clickcease-click-fraud-protection-002091a126b1a7dfb25af78b55c0c684.yaml b/nuclei-templates/cve-less/plugins/clickcease-click-fraud-protection-002091a126b1a7dfb25af78b55c0c684.yaml new file mode 100644 index 0000000000..af8bca9b42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clickcease-click-fraud-protection-002091a126b1a7dfb25af78b55c0c684.yaml @@ -0,0 +1,58 @@ +id: clickcease-click-fraud-protection-002091a126b1a7dfb25af78b55c0c684 + +info: + name: > + ClickCease Click Fraud Protection <= 3.2.4 - Improper Authorization to sensitive information exposure via get_settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d572cac-b8e3-4c52-9b35-80fe5ee9e900?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clickcease-click-fraud-protection/" + google-query: inurl:"/wp-content/plugins/clickcease-click-fraud-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clickcease-click-fraud-protection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clickcease-click-fraud-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clickcease-click-fraud-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clickcease-click-fraud-protection-006e48b094cc72cebf7417cf47b157bd.yaml b/nuclei-templates/cve-less/plugins/clickcease-click-fraud-protection-006e48b094cc72cebf7417cf47b157bd.yaml new file mode 100644 index 0000000000..3cd5685dab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clickcease-click-fraud-protection-006e48b094cc72cebf7417cf47b157bd.yaml @@ -0,0 +1,58 @@ +id: clickcease-click-fraud-protection-006e48b094cc72cebf7417cf47b157bd + +info: + name: > + ClickCease Click Fraud Protection <= 3.2.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e03f95ae-c1ba-4679-888b-055293e1351f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clickcease-click-fraud-protection/" + google-query: inurl:"/wp-content/plugins/clickcease-click-fraud-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clickcease-click-fraud-protection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clickcease-click-fraud-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clickcease-click-fraud-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clickdesk-live-support-chat-plugin-41d06e1c542cc99b348ba7db58f2c892.yaml b/nuclei-templates/cve-less/plugins/clickdesk-live-support-chat-plugin-41d06e1c542cc99b348ba7db58f2c892.yaml new file mode 100644 index 0000000000..30a5c50a88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clickdesk-live-support-chat-plugin-41d06e1c542cc99b348ba7db58f2c892.yaml @@ -0,0 +1,58 @@ +id: clickdesk-live-support-chat-plugin-41d06e1c542cc99b348ba7db58f2c892 + +info: + name: > + Live Chat from ClickDesk – Live Chat – Help Desk Plugin for Websites <= 2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbcf65b9-0114-46e6-a51f-61d606c68e5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clickdesk-live-support-chat-plugin/" + google-query: inurl:"/wp-content/plugins/clickdesk-live-support-chat-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clickdesk-live-support-chat-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clickdesk-live-support-chat-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clickdesk-live-support-chat-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clickfunnels-6402d67cbcfcbc43cbb160f004d8a96c.yaml b/nuclei-templates/cve-less/plugins/clickfunnels-6402d67cbcfcbc43cbb160f004d8a96c.yaml new file mode 100644 index 0000000000..1ace95e69f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clickfunnels-6402d67cbcfcbc43cbb160f004d8a96c.yaml @@ -0,0 +1,58 @@ +id: clickfunnels-6402d67cbcfcbc43cbb160f004d8a96c + +info: + name: > + ClickFunnels <= 3.1.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65581fa6-110f-4ae3-a903-dbf649b44417?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clickfunnels/" + google-query: inurl:"/wp-content/plugins/clickfunnels/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clickfunnels,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clickfunnels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clickfunnels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clickfunnels-b375402f4d94456be8a455efbe0b59a8.yaml b/nuclei-templates/cve-less/plugins/clickfunnels-b375402f4d94456be8a455efbe0b59a8.yaml new file mode 100644 index 0000000000..5502954046 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clickfunnels-b375402f4d94456be8a455efbe0b59a8.yaml @@ -0,0 +1,58 @@ +id: clickfunnels-b375402f4d94456be8a455efbe0b59a8 + +info: + name: > + ClickFunnels <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3daa3a7d-bb92-41c7-92ad-71f6ff0bb50a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clickfunnels/" + google-query: inurl:"/wp-content/plugins/clickfunnels/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clickfunnels,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clickfunnels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clickfunnels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clictracker-da7f33487455bd9ca64c5f5b0b3257c0.yaml b/nuclei-templates/cve-less/plugins/clictracker-da7f33487455bd9ca64c5f5b0b3257c0.yaml new file mode 100644 index 0000000000..fd5e3e6fa9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clictracker-da7f33487455bd9ca64c5f5b0b3257c0.yaml @@ -0,0 +1,58 @@ +id: clictracker-da7f33487455bd9ca64c5f5b0b3257c0 + +info: + name: > + WP Clictracker <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f27853e0-1785-4670-a7b2-f72c19f4a6ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clictracker/" + google-query: inurl:"/wp-content/plugins/clictracker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clictracker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clictracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clictracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/client-dash-0f5e9e59b2ad6fbf734b7cc14c76890d.yaml b/nuclei-templates/cve-less/plugins/client-dash-0f5e9e59b2ad6fbf734b7cc14c76890d.yaml new file mode 100644 index 0000000000..f79129f603 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/client-dash-0f5e9e59b2ad6fbf734b7cc14c76890d.yaml @@ -0,0 +1,58 @@ +id: client-dash-0f5e9e59b2ad6fbf734b7cc14c76890d + +info: + name: > + Client Dash <= 2.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f8839cf-9e48-4981-8a0d-bb0c06cdf441?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/client-dash/" + google-query: inurl:"/wp-content/plugins/client-dash/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,client-dash,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/client-dash/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "client-dash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/client-dash-1ed96ac73f1ecde8fe792ec7cdde085c.yaml b/nuclei-templates/cve-less/plugins/client-dash-1ed96ac73f1ecde8fe792ec7cdde085c.yaml new file mode 100644 index 0000000000..34013b57e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/client-dash-1ed96ac73f1ecde8fe792ec7cdde085c.yaml @@ -0,0 +1,58 @@ +id: client-dash-1ed96ac73f1ecde8fe792ec7cdde085c + +info: + name: > + Client Dash <= 2.2.0 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6cd7986-6d3b-426b-a539-8dc11f0d7b04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/client-dash/" + google-query: inurl:"/wp-content/plugins/client-dash/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,client-dash,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/client-dash/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "client-dash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/client-dash-c20c39f747c7f70cb8ab495d6417a431.yaml b/nuclei-templates/cve-less/plugins/client-dash-c20c39f747c7f70cb8ab495d6417a431.yaml new file mode 100644 index 0000000000..83c5782044 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/client-dash-c20c39f747c7f70cb8ab495d6417a431.yaml @@ -0,0 +1,58 @@ +id: client-dash-c20c39f747c7f70cb8ab495d6417a431 + +info: + name: > + Client Dash <= 2.2.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af3105ed-d383-4ce6-9317-5762f97b14e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/client-dash/" + google-query: inurl:"/wp-content/plugins/client-dash/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,client-dash,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/client-dash/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "client-dash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/client-portal-73ba9c23c0821b68df8f36806d87a69d.yaml b/nuclei-templates/cve-less/plugins/client-portal-73ba9c23c0821b68df8f36806d87a69d.yaml new file mode 100644 index 0000000000..db61dfb223 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/client-portal-73ba9c23c0821b68df8f36806d87a69d.yaml @@ -0,0 +1,58 @@ +id: client-portal-73ba9c23c0821b68df8f36806d87a69d + +info: + name: > + Client Portal – Private user pages and login <= 1.1.8 - Cross-Site Request Forgery via cp_create_private_pages_for_all_users function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b89185c1-f7f9-47fb-ae8b-ba4c9f4e1d3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/client-portal/" + google-query: inurl:"/wp-content/plugins/client-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,client-portal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/client-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "client-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/client-portal-suitedash-login-0b15ae4e67ed167e4179722b43d42dc7.yaml b/nuclei-templates/cve-less/plugins/client-portal-suitedash-login-0b15ae4e67ed167e4179722b43d42dc7.yaml new file mode 100644 index 0000000000..157ad900ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/client-portal-suitedash-login-0b15ae4e67ed167e4179722b43d42dc7.yaml @@ -0,0 +1,58 @@ +id: client-portal-suitedash-login-0b15ae4e67ed167e4179722b43d42dc7 + +info: + name: > + Client Portal : SuiteDash Direct Login <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d10d609-eb0f-492a-be87-2ac7db9c63b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/client-portal-suitedash-login/" + google-query: inurl:"/wp-content/plugins/client-portal-suitedash-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,client-portal-suitedash-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/client-portal-suitedash-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "client-portal-suitedash-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clinicalwp-core-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/clinicalwp-core-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..5428734ba7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clinicalwp-core-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: clinicalwp-core-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clinicalwp-core/" + google-query: inurl:"/wp-content/plugins/clinicalwp-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clinicalwp-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clinicalwp-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clinicalwp-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clio-grow-form-cc0d4514b7c79b3cb4d1496328155c24.yaml b/nuclei-templates/cve-less/plugins/clio-grow-form-cc0d4514b7c79b3cb4d1496328155c24.yaml new file mode 100644 index 0000000000..711a085ccf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clio-grow-form-cc0d4514b7c79b3cb4d1496328155c24.yaml @@ -0,0 +1,58 @@ +id: clio-grow-form-cc0d4514b7c79b3cb4d1496328155c24 + +info: + name: > + Clio Grow <= 1.0.0 - Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72835a3e-e842-4146-ae7d-4aea722de11f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clio-grow-form/" + google-query: inurl:"/wp-content/plugins/clio-grow-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clio-grow-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clio-grow-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clio-grow-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clipr-e96b7ac8a29e8b231c1f7265734f9442.yaml b/nuclei-templates/cve-less/plugins/clipr-e96b7ac8a29e8b231c1f7265734f9442.yaml new file mode 100644 index 0000000000..e94a2a7b27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clipr-e96b7ac8a29e8b231c1f7265734f9442.yaml @@ -0,0 +1,58 @@ +id: clipr-e96b7ac8a29e8b231c1f7265734f9442 + +info: + name: > + Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01def852-367b-4f64-9c5a-58dcc3478b2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clipr/" + google-query: inurl:"/wp-content/plugins/clipr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clipr,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clipr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clipr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cloak-front-end-email-8f88ca251b34c3f9441215db0d0eb986.yaml b/nuclei-templates/cve-less/plugins/cloak-front-end-email-8f88ca251b34c3f9441215db0d0eb986.yaml new file mode 100644 index 0000000000..5d157d6d38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cloak-front-end-email-8f88ca251b34c3f9441215db0d0eb986.yaml @@ -0,0 +1,58 @@ +id: cloak-front-end-email-8f88ca251b34c3f9441215db0d0eb986 + +info: + name: > + Cloak Front End Email <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0eedeba-cdff-4e84-8182-1bebf48c76e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cloak-front-end-email/" + google-query: inurl:"/wp-content/plugins/cloak-front-end-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cloak-front-end-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cloak-front-end-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cloak-front-end-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clock-in-portal-0541b61acd6f59d8dbe0825e7d0780e4.yaml b/nuclei-templates/cve-less/plugins/clock-in-portal-0541b61acd6f59d8dbe0825e7d0780e4.yaml new file mode 100644 index 0000000000..763b821a11 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clock-in-portal-0541b61acd6f59d8dbe0825e7d0780e4.yaml @@ -0,0 +1,58 @@ +id: clock-in-portal-0541b61acd6f59d8dbe0825e7d0780e4 + +info: + name: > + Clock In Portal <= 2.1 - Cross-Site Request Forgery To Staff Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51ce7b71-0a19-48ef-8748-3848742c542b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clock-in-portal/" + google-query: inurl:"/wp-content/plugins/clock-in-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clock-in-portal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clock-in-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clock-in-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clock-in-portal-300b9d97cc08f164b31a4377dbab9d4c.yaml b/nuclei-templates/cve-less/plugins/clock-in-portal-300b9d97cc08f164b31a4377dbab9d4c.yaml new file mode 100644 index 0000000000..aa625a9842 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clock-in-portal-300b9d97cc08f164b31a4377dbab9d4c.yaml @@ -0,0 +1,58 @@ +id: clock-in-portal-300b9d97cc08f164b31a4377dbab9d4c + +info: + name: > + Clock In Portal <= 2.1 - Cross-Site Request Forgery to Designation Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc97109c-187f-43b7-b5ed-5afeec5ea8fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clock-in-portal/" + google-query: inurl:"/wp-content/plugins/clock-in-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clock-in-portal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clock-in-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clock-in-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clock-in-portal-5b61cdb6d6ba8def275e2059b874af65.yaml b/nuclei-templates/cve-less/plugins/clock-in-portal-5b61cdb6d6ba8def275e2059b874af65.yaml new file mode 100644 index 0000000000..c318a18e79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clock-in-portal-5b61cdb6d6ba8def275e2059b874af65.yaml @@ -0,0 +1,58 @@ +id: clock-in-portal-5b61cdb6d6ba8def275e2059b874af65 + +info: + name: > + Clock In Portal <= 2.1 - Cross-Site Request Forgery to Staff Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8ec03c6-6ea9-4017-915a-e10b757d98ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clock-in-portal/" + google-query: inurl:"/wp-content/plugins/clock-in-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clock-in-portal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clock-in-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clock-in-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clock-in-portal-7e6ed21add5029121985af000727b133.yaml b/nuclei-templates/cve-less/plugins/clock-in-portal-7e6ed21add5029121985af000727b133.yaml new file mode 100644 index 0000000000..1d716378f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clock-in-portal-7e6ed21add5029121985af000727b133.yaml @@ -0,0 +1,58 @@ +id: clock-in-portal-7e6ed21add5029121985af000727b133 + +info: + name: > + Clock In Portal <= 2.1 - Cross-Site Request Forgery to Holidays Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c852fa1-698b-4e72-b781-095e2a98df81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clock-in-portal/" + google-query: inurl:"/wp-content/plugins/clock-in-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clock-in-portal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clock-in-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clock-in-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clock-in-portal-ad4c52a60f74c08cbf0949e67b843c74.yaml b/nuclei-templates/cve-less/plugins/clock-in-portal-ad4c52a60f74c08cbf0949e67b843c74.yaml new file mode 100644 index 0000000000..898749a457 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clock-in-portal-ad4c52a60f74c08cbf0949e67b843c74.yaml @@ -0,0 +1,58 @@ +id: clock-in-portal-ad4c52a60f74c08cbf0949e67b843c74 + +info: + name: > + Clock In Portal <= 2.1 - Cross-Site Request Forgery To Designation Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6b17e90-42df-47ed-9e92-f5f1b990f921?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clock-in-portal/" + google-query: inurl:"/wp-content/plugins/clock-in-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clock-in-portal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clock-in-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clock-in-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clock-in-portal-df02e428fa69a24d16a3d7cce97f1bcc.yaml b/nuclei-templates/cve-less/plugins/clock-in-portal-df02e428fa69a24d16a3d7cce97f1bcc.yaml new file mode 100644 index 0000000000..0abeacc4f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clock-in-portal-df02e428fa69a24d16a3d7cce97f1bcc.yaml @@ -0,0 +1,58 @@ +id: clock-in-portal-df02e428fa69a24d16a3d7cce97f1bcc + +info: + name: > + Clock In Portal <= 2.1 - Cross-Site Request Forgery To Holiday Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddc0261d-56ed-47a6-a0b2-0ab5f9dee815?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clock-in-portal/" + google-query: inurl:"/wp-content/plugins/clock-in-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clock-in-portal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clock-in-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clock-in-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clockwork-two-factor-authentication-167d9672411be44feb72a5175fd0987c.yaml b/nuclei-templates/cve-less/plugins/clockwork-two-factor-authentication-167d9672411be44feb72a5175fd0987c.yaml new file mode 100644 index 0000000000..5749840c52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clockwork-two-factor-authentication-167d9672411be44feb72a5175fd0987c.yaml @@ -0,0 +1,58 @@ +id: clockwork-two-factor-authentication-167d9672411be44feb72a5175fd0987c + +info: + name: > + Clockwork SMS Plugins - Multiple Versions - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f35a20-ffcf-4413-b1ea-748cd6aa6f20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clockwork-two-factor-authentication/" + google-query: inurl:"/wp-content/plugins/clockwork-two-factor-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clockwork-two-factor-authentication,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clockwork-two-factor-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clockwork-two-factor-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clone-menu-bb2e17c35167609647005349850505d1.yaml b/nuclei-templates/cve-less/plugins/clone-menu-bb2e17c35167609647005349850505d1.yaml new file mode 100644 index 0000000000..146dafcaea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clone-menu-bb2e17c35167609647005349850505d1.yaml @@ -0,0 +1,58 @@ +id: clone-menu-bb2e17c35167609647005349850505d1 + +info: + name: > + WP Clone Menu <= 1.0.1 - Missing Authorization to Menu Clone + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bbbefce-4451-410d-bc19-f489318dda4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clone-menu/" + google-query: inurl:"/wp-content/plugins/clone-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clone-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clone-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clone-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clotya-core-0e249eccad21574e2f41d6b727c12756.yaml b/nuclei-templates/cve-less/plugins/clotya-core-0e249eccad21574e2f41d6b727c12756.yaml new file mode 100644 index 0000000000..d25817982b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clotya-core-0e249eccad21574e2f41d6b727c12756.yaml @@ -0,0 +1,58 @@ +id: clotya-core-0e249eccad21574e2f41d6b727c12756 + +info: + name: > + Multiple Plugins by KlbTheme <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fb06315-30ad-4d98-af75-b04933583be7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clotya-core/" + google-query: inurl:"/wp-content/plugins/clotya-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clotya-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clotya-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clotya-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cloud-manager-9f8e06f58bb3d62fb41a0d24a3483a49.yaml b/nuclei-templates/cve-less/plugins/cloud-manager-9f8e06f58bb3d62fb41a0d24a3483a49.yaml new file mode 100644 index 0000000000..7ab4ab4384 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cloud-manager-9f8e06f58bb3d62fb41a0d24a3483a49.yaml @@ -0,0 +1,58 @@ +id: cloud-manager-9f8e06f58bb3d62fb41a0d24a3483a49 + +info: + name: > + Cloud Manager <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d896366-a85d-49c9-9509-3f7454712474?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cloud-manager/" + google-query: inurl:"/wp-content/plugins/cloud-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cloud-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cloud-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cloud-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cloudflare-82dd6e10056d4e2acdde095ee3c87000.yaml b/nuclei-templates/cve-less/plugins/cloudflare-82dd6e10056d4e2acdde095ee3c87000.yaml new file mode 100644 index 0000000000..ebbfec7fbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cloudflare-82dd6e10056d4e2acdde095ee3c87000.yaml @@ -0,0 +1,58 @@ +id: cloudflare-82dd6e10056d4e2acdde095ee3c87000 + +info: + name: > + Cloudflare <= 4.12.2 - Missing Authorization via initProxy + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/902c0c84-fcae-4ce4-9885-89fd135a4ffd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cloudflare/" + google-query: inurl:"/wp-content/plugins/cloudflare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cloudflare,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cloudflare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cloudflare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.12.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cloudnet-sync-31b36ec0444d32e3c3a9acc4186c5727.yaml b/nuclei-templates/cve-less/plugins/cloudnet-sync-31b36ec0444d32e3c3a9acc4186c5727.yaml new file mode 100644 index 0000000000..6e8943f094 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cloudnet-sync-31b36ec0444d32e3c3a9acc4186c5727.yaml @@ -0,0 +1,58 @@ +id: cloudnet-sync-31b36ec0444d32e3c3a9acc4186c5727 + +info: + name: > + Download CloudNet360 <= 3.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54b88702-ec41-414b-87f1-1859b130a713?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cloudnet-sync/" + google-query: inurl:"/wp-content/plugins/cloudnet-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cloudnet-sync,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cloudnet-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cloudnet-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clover-online-orders-0f96dcc46121deff356e0d1a5d840b39.yaml b/nuclei-templates/cve-less/plugins/clover-online-orders-0f96dcc46121deff356e0d1a5d840b39.yaml new file mode 100644 index 0000000000..f795840022 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clover-online-orders-0f96dcc46121deff356e0d1a5d840b39.yaml @@ -0,0 +1,58 @@ +id: clover-online-orders-0f96dcc46121deff356e0d1a5d840b39 + +info: + name: > + Smart Online Order for Clover <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfa62776-0502-49b4-8beb-74bbf7f20633?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clover-online-orders/" + google-query: inurl:"/wp-content/plugins/clover-online-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clover-online-orders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clover-online-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clover-online-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clover-online-orders-3211ecfd0817984e803716532365c05f.yaml b/nuclei-templates/cve-less/plugins/clover-online-orders-3211ecfd0817984e803716532365c05f.yaml new file mode 100644 index 0000000000..dffe6424cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clover-online-orders-3211ecfd0817984e803716532365c05f.yaml @@ -0,0 +1,58 @@ +id: clover-online-orders-3211ecfd0817984e803716532365c05f + +info: + name: > + Smart Online Order for Clover <= 1.5.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06781d74-ed45-432d-8d80-d90918b85e04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clover-online-orders/" + google-query: inurl:"/wp-content/plugins/clover-online-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clover-online-orders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clover-online-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clover-online-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/clover-online-orders-e55440d3ef9cff783b9861081230c8c6.yaml b/nuclei-templates/cve-less/plugins/clover-online-orders-e55440d3ef9cff783b9861081230c8c6.yaml new file mode 100644 index 0000000000..9bdecc2599 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/clover-online-orders-e55440d3ef9cff783b9861081230c8c6.yaml @@ -0,0 +1,58 @@ +id: clover-online-orders-e55440d3ef9cff783b9861081230c8c6 + +info: + name: > + Smart Online Order for Clover <= 1.5.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f1e0dfa-f99a-43d1-bdc9-6fc7a4ea381d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/clover-online-orders/" + google-query: inurl:"/wp-content/plugins/clover-online-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,clover-online-orders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/clover-online-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clover-online-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/club-management-software-3e4694078ceef16f755ef9eb324edfcb.yaml b/nuclei-templates/cve-less/plugins/club-management-software-3e4694078ceef16f755ef9eb324edfcb.yaml new file mode 100644 index 0000000000..83cff1a655 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/club-management-software-3e4694078ceef16f755ef9eb324edfcb.yaml @@ -0,0 +1,58 @@ +id: club-management-software-3e4694078ceef16f755ef9eb324edfcb + +info: + name: > + WordPress Membership SwiftCloud.io <= 1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0bc1909-5002-44ab-9a5e-694c4ef946e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/club-management-software/" + google-query: inurl:"/wp-content/plugins/club-management-software/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,club-management-software,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/club-management-software/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "club-management-software" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cluevo-lms-9424f0d1add83019568a32a2d432a588.yaml b/nuclei-templates/cve-less/plugins/cluevo-lms-9424f0d1add83019568a32a2d432a588.yaml new file mode 100644 index 0000000000..36a1b74e21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cluevo-lms-9424f0d1add83019568a32a2d432a588.yaml @@ -0,0 +1,58 @@ +id: cluevo-lms-9424f0d1add83019568a32a2d432a588 + +info: + name: > + CLUEVO E-Learning Platform <= 1.8.0 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1a0d446-63b6-4265-a542-345d766faf15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cluevo-lms/" + google-query: inurl:"/wp-content/plugins/cluevo-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cluevo-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cluevo-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cluevo-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cluevo-lms-f070e8d35eccf1703741e9fc7f61600d.yaml b/nuclei-templates/cve-less/plugins/cluevo-lms-f070e8d35eccf1703741e9fc7f61600d.yaml new file mode 100644 index 0000000000..69f29a52c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cluevo-lms-f070e8d35eccf1703741e9fc7f61600d.yaml @@ -0,0 +1,58 @@ +id: cluevo-lms-f070e8d35eccf1703741e9fc7f61600d + +info: + name: > + CLUEVO LMS, E-Learning Platform <= 1.10.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/414165a3-78f8-4254-ac24-2de177cad3dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cluevo-lms/" + google-query: inurl:"/wp-content/plugins/cluevo-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cluevo-lms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cluevo-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cluevo-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-answers-2ace3607ba6999f91533535a3a2816d7.yaml b/nuclei-templates/cve-less/plugins/cm-answers-2ace3607ba6999f91533535a3a2816d7.yaml new file mode 100644 index 0000000000..6f16c06ee5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-answers-2ace3607ba6999f91533535a3a2816d7.yaml @@ -0,0 +1,58 @@ +id: cm-answers-2ace3607ba6999f91533535a3a2816d7 + +info: + name: > + CM Answers <= 3.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b23d276c-69c5-47e0-99bd-f20ff1d45904?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-answers/" + google-query: inurl:"/wp-content/plugins/cm-answers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-answers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-answers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-answers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-download-manager-0892bb5b73a2988ec7694336ad4f4900.yaml b/nuclei-templates/cve-less/plugins/cm-download-manager-0892bb5b73a2988ec7694336ad4f4900.yaml new file mode 100644 index 0000000000..aba38e3048 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-download-manager-0892bb5b73a2988ec7694336ad4f4900.yaml @@ -0,0 +1,58 @@ +id: cm-download-manager-0892bb5b73a2988ec7694336ad4f4900 + +info: + name: > + CM Download Manager < 2.9.1 - Cross-Site Request Forgery via editHeader + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8dad1a7c-a5a5-486b-bf15-6fd455e6612c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-download-manager/" + google-query: inurl:"/wp-content/plugins/cm-download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-download-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-download-manager-16f2bcb5cfa3d079c1a300d23d7f7166.yaml b/nuclei-templates/cve-less/plugins/cm-download-manager-16f2bcb5cfa3d079c1a300d23d7f7166.yaml new file mode 100644 index 0000000000..b4fca66aba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-download-manager-16f2bcb5cfa3d079c1a300d23d7f7166.yaml @@ -0,0 +1,58 @@ +id: cm-download-manager-16f2bcb5cfa3d079c1a300d23d7f7166 + +info: + name: > + CM Download Manager <= 2.7.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21dd96e0-8c1c-4593-8a75-079125192001?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-download-manager/" + google-query: inurl:"/wp-content/plugins/cm-download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-download-manager-4ad8dd096306cdfdd3b295e2def3a2c7.yaml b/nuclei-templates/cve-less/plugins/cm-download-manager-4ad8dd096306cdfdd3b295e2def3a2c7.yaml new file mode 100644 index 0000000000..079f80bb96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-download-manager-4ad8dd096306cdfdd3b295e2def3a2c7.yaml @@ -0,0 +1,58 @@ +id: cm-download-manager-4ad8dd096306cdfdd3b295e2def3a2c7 + +info: + name: > + CM Download Manager < 2.8.0 - Directory Traversal to Arbitrary File Deletion and Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c866b3b7-50cf-41a5-bdc2-60384b15df79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-download-manager/" + google-query: inurl:"/wp-content/plugins/cm-download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-download-manager-5fc74cc66f5330c5bc45fdae1ec9ced1.yaml b/nuclei-templates/cve-less/plugins/cm-download-manager-5fc74cc66f5330c5bc45fdae1ec9ced1.yaml new file mode 100644 index 0000000000..359d4849b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-download-manager-5fc74cc66f5330c5bc45fdae1ec9ced1.yaml @@ -0,0 +1,58 @@ +id: cm-download-manager-5fc74cc66f5330c5bc45fdae1ec9ced1 + +info: + name: > + CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f7e2323-42e9-4cc7-b3f4-d133e0073b7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-download-manager/" + google-query: inurl:"/wp-content/plugins/cm-download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-download-manager-60df52935f4401dddac85a54784a5e69.yaml b/nuclei-templates/cve-less/plugins/cm-download-manager-60df52935f4401dddac85a54784a5e69.yaml new file mode 100644 index 0000000000..52fcdaafe3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-download-manager-60df52935f4401dddac85a54784a5e69.yaml @@ -0,0 +1,58 @@ +id: cm-download-manager-60df52935f4401dddac85a54784a5e69 + +info: + name: > + CM Download Manager < 2.9.0 - Cross-Site Request Forgery via unpublishHeader + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6a0d6df-60a6-42e3-9e9b-6171bb589f4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-download-manager/" + google-query: inurl:"/wp-content/plugins/cm-download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-download-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-download-manager-846117b538ab9ba30f69a12efe0f9e57.yaml b/nuclei-templates/cve-less/plugins/cm-download-manager-846117b538ab9ba30f69a12efe0f9e57.yaml new file mode 100644 index 0000000000..72aa8e9371 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-download-manager-846117b538ab9ba30f69a12efe0f9e57.yaml @@ -0,0 +1,58 @@ +id: cm-download-manager-846117b538ab9ba30f69a12efe0f9e57 + +info: + name: > + CM Download Manager <= 2.7.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87d064fc-923a-41f1-a14f-09ff91b2aaee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-download-manager/" + google-query: inurl:"/wp-content/plugins/cm-download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-download-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-download-manager-aa2a9b71c269086e8f022720378d80bb.yaml b/nuclei-templates/cve-less/plugins/cm-download-manager-aa2a9b71c269086e8f022720378d80bb.yaml new file mode 100644 index 0000000000..9536ada65a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-download-manager-aa2a9b71c269086e8f022720378d80bb.yaml @@ -0,0 +1,58 @@ +id: cm-download-manager-aa2a9b71c269086e8f022720378d80bb + +info: + name: > + CM Download Manager < 2.9.0 - Cross-Site Request Forgery via delHeader + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e58fe046-0119-48e6-ac90-8b70d7eb9956?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-download-manager/" + google-query: inurl:"/wp-content/plugins/cm-download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-download-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-download-manager-bd35c16b70884879b92d89ef15ca63e5.yaml b/nuclei-templates/cve-less/plugins/cm-download-manager-bd35c16b70884879b92d89ef15ca63e5.yaml new file mode 100644 index 0000000000..7f01a929ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-download-manager-bd35c16b70884879b92d89ef15ca63e5.yaml @@ -0,0 +1,58 @@ +id: cm-download-manager-bd35c16b70884879b92d89ef15ca63e5 + +info: + name: > + CM Download Manager <= 2.0.6 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fabd576c-6990-40a1-9a94-ecb63e2b0189?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-download-manager/" + google-query: inurl:"/wp-content/plugins/cm-download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-download-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-download-manager-ecc77de29f842207c628b7046d3e4a17.yaml b/nuclei-templates/cve-less/plugins/cm-download-manager-ecc77de29f842207c628b7046d3e4a17.yaml new file mode 100644 index 0000000000..f069236704 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-download-manager-ecc77de29f842207c628b7046d3e4a17.yaml @@ -0,0 +1,58 @@ +id: cm-download-manager-ecc77de29f842207c628b7046d3e4a17 + +info: + name: > + CM Download Manager <= 2.0.3 - Code Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d517094-8038-4951-b16a-db7bf2c31851?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-download-manager/" + google-query: inurl:"/wp-content/plugins/cm-download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-on-demand-search-and-replace-420882c95451d067f82426e7b79441c3.yaml b/nuclei-templates/cve-less/plugins/cm-on-demand-search-and-replace-420882c95451d067f82426e7b79441c3.yaml new file mode 100644 index 0000000000..b33324fc33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-on-demand-search-and-replace-420882c95451d067f82426e7b79441c3.yaml @@ -0,0 +1,58 @@ +id: cm-on-demand-search-and-replace-420882c95451d067f82426e7b79441c3 + +info: + name: > + CM On Demand Search And Replace <= 1.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fde1157b-5b99-4e9c-9c51-ebaa0eddfd73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-on-demand-search-and-replace/" + google-query: inurl:"/wp-content/plugins/cm-on-demand-search-and-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-on-demand-search-and-replace,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-on-demand-search-and-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-on-demand-search-and-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-on-demand-search-and-replace-514273203d780a9cda87e275d81e2d5f.yaml b/nuclei-templates/cve-less/plugins/cm-on-demand-search-and-replace-514273203d780a9cda87e275d81e2d5f.yaml new file mode 100644 index 0000000000..0a556724dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-on-demand-search-and-replace-514273203d780a9cda87e275d81e2d5f.yaml @@ -0,0 +1,58 @@ +id: cm-on-demand-search-and-replace-514273203d780a9cda87e275d81e2d5f + +info: + name: > + CM On Demand Search And Replace <= 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3be9ffb4-5614-4a5f-bc2a-38ad626f8e3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-on-demand-search-and-replace/" + google-query: inurl:"/wp-content/plugins/cm-on-demand-search-and-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-on-demand-search-and-replace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-on-demand-search-and-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-on-demand-search-and-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-pop-up-banners-ad88df41b076143465006e1296e02fd7.yaml b/nuclei-templates/cve-less/plugins/cm-pop-up-banners-ad88df41b076143465006e1296e02fd7.yaml new file mode 100644 index 0000000000..b2903b2311 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-pop-up-banners-ad88df41b076143465006e1296e02fd7.yaml @@ -0,0 +1,58 @@ +id: cm-pop-up-banners-ad88df41b076143465006e1296e02fd7 + +info: + name: > + CM Pop-Up banners <= 1.5.10 - Authenticated (Subscriber+) SQL Injection via getStatistics + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff29e160-993b-422c-b49b-a216db5a0765?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-pop-up-banners/" + google-query: inurl:"/wp-content/plugins/cm-pop-up-banners/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-pop-up-banners,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-pop-up-banners/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-pop-up-banners" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-video-lesson-manager-d10884d848b4b49b542895ed8b750487.yaml b/nuclei-templates/cve-less/plugins/cm-video-lesson-manager-d10884d848b4b49b542895ed8b750487.yaml new file mode 100644 index 0000000000..2df0b5b262 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-video-lesson-manager-d10884d848b4b49b542895ed8b750487.yaml @@ -0,0 +1,58 @@ +id: cm-video-lesson-manager-d10884d848b4b49b542895ed8b750487 + +info: + name: > + Video Lessons Manager < 1.7.2 and Video Lessons Manager Pro < 3.5.9 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c9a2045-7d24-4871-b962-32bc0fdf5476?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-video-lesson-manager/" + google-query: inurl:"/wp-content/plugins/cm-video-lesson-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-video-lesson-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-video-lesson-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-video-lesson-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cm-video-lesson-manager-pro-d10884d848b4b49b542895ed8b750487.yaml b/nuclei-templates/cve-less/plugins/cm-video-lesson-manager-pro-d10884d848b4b49b542895ed8b750487.yaml new file mode 100644 index 0000000000..54022ccc9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cm-video-lesson-manager-pro-d10884d848b4b49b542895ed8b750487.yaml @@ -0,0 +1,58 @@ +id: cm-video-lesson-manager-pro-d10884d848b4b49b542895ed8b750487 + +info: + name: > + Video Lessons Manager < 1.7.2 and Video Lessons Manager Pro < 3.5.9 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c9a2045-7d24-4871-b962-32bc0fdf5476?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cm-video-lesson-manager-pro/" + google-query: inurl:"/wp-content/plugins/cm-video-lesson-manager-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cm-video-lesson-manager-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cm-video-lesson-manager-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cm-video-lesson-manager-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cmb2-8c74a48bb6b992ea1d77056b8703ebf9.yaml b/nuclei-templates/cve-less/plugins/cmb2-8c74a48bb6b992ea1d77056b8703ebf9.yaml new file mode 100644 index 0000000000..5904320172 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cmb2-8c74a48bb6b992ea1d77056b8703ebf9.yaml @@ -0,0 +1,58 @@ +id: cmb2-8c74a48bb6b992ea1d77056b8703ebf9 + +info: + name: > + CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3f37ef5-ddf5-4bd5-b6aa-121dda22fb01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cmb2/" + google-query: inurl:"/wp-content/plugins/cmb2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cmb2,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cmb2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cmb2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-166fef08e9b74456a644f0a9d21fb872.yaml b/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-166fef08e9b74456a644f0a9d21fb872.yaml new file mode 100644 index 0000000000..b296a0d6af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-166fef08e9b74456a644f0a9d21fb872.yaml @@ -0,0 +1,58 @@ +id: cmp-coming-soon-maintenance-166fef08e9b74456a644f0a9d21fb872 + +info: + name: > + CMP <= 3.8.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1ef067b-e4b4-4174-b6ff-ec94a7afd55d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cmp-coming-soon-maintenance/" + google-query: inurl:"/wp-content/plugins/cmp-coming-soon-maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cmp-coming-soon-maintenance,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cmp-coming-soon-maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cmp-coming-soon-maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-4532b4dbcf2e547347daa5207db523f5.yaml b/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-4532b4dbcf2e547347daa5207db523f5.yaml new file mode 100644 index 0000000000..7e86cb8758 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-4532b4dbcf2e547347daa5207db523f5.yaml @@ -0,0 +1,58 @@ +id: cmp-coming-soon-maintenance-4532b4dbcf2e547347daa5207db523f5 + +info: + name: > + CMP – Coming Soon & Maintenance <= 4.1.10 - Authenticated (Admin+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fdc2dac-b3ea-40bd-987b-e6c47e74aefc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cmp-coming-soon-maintenance/" + google-query: inurl:"/wp-content/plugins/cmp-coming-soon-maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cmp-coming-soon-maintenance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cmp-coming-soon-maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cmp-coming-soon-maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-8ec76f6766e0fda899f0bc8eebfb4339.yaml b/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-8ec76f6766e0fda899f0bc8eebfb4339.yaml new file mode 100644 index 0000000000..4e04ace530 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-8ec76f6766e0fda899f0bc8eebfb4339.yaml @@ -0,0 +1,58 @@ +id: cmp-coming-soon-maintenance-8ec76f6766e0fda899f0bc8eebfb4339 + +info: + name: > + CMP – Coming Soon & Maintenance <= 4.1.7 - Maintenance Mode Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af955f69-b18c-446e-b05e-6a57a5f16dfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cmp-coming-soon-maintenance/" + google-query: inurl:"/wp-content/plugins/cmp-coming-soon-maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cmp-coming-soon-maintenance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cmp-coming-soon-maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cmp-coming-soon-maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-8ee98246eb8d1e952fa8185b436e76db.yaml b/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-8ee98246eb8d1e952fa8185b436e76db.yaml new file mode 100644 index 0000000000..bd6060289c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-8ee98246eb8d1e952fa8185b436e76db.yaml @@ -0,0 +1,58 @@ +id: cmp-coming-soon-maintenance-8ee98246eb8d1e952fa8185b436e76db + +info: + name: > + CMP – Coming Soon & Maintenance Plugin by NiteoThemes <= 4.1.6 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e01b4259-ed8d-44a4-9771-470de45b14a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cmp-coming-soon-maintenance/" + google-query: inurl:"/wp-content/plugins/cmp-coming-soon-maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cmp-coming-soon-maintenance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cmp-coming-soon-maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cmp-coming-soon-maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-a905768098fb049d17090a5880f96add.yaml b/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-a905768098fb049d17090a5880f96add.yaml new file mode 100644 index 0000000000..3f7c5e0e5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cmp-coming-soon-maintenance-a905768098fb049d17090a5880f96add.yaml @@ -0,0 +1,58 @@ +id: cmp-coming-soon-maintenance-a905768098fb049d17090a5880f96add + +info: + name: > + CMP - Coming Soon & Maintenance Plugin <= 4.0.18 - Unauthenticated Arbitrary CSS Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4956173-b306-401c-b966-df884e8979e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cmp-coming-soon-maintenance/" + google-query: inurl:"/wp-content/plugins/cmp-coming-soon-maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cmp-coming-soon-maintenance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cmp-coming-soon-maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cmp-coming-soon-maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cms-commander-client-5e8b0e22556acc1ddd3b390056ee15b3.yaml b/nuclei-templates/cve-less/plugins/cms-commander-client-5e8b0e22556acc1ddd3b390056ee15b3.yaml new file mode 100644 index 0000000000..df67a4dc98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cms-commander-client-5e8b0e22556acc1ddd3b390056ee15b3.yaml @@ -0,0 +1,58 @@ +id: cms-commander-client-5e8b0e22556acc1ddd3b390056ee15b3 + +info: + name: > + CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca37d453-9f9a-46b2-a17f-65a16e3e2ed1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cms-commander-client/" + google-query: inurl:"/wp-content/plugins/cms-commander-client/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cms-commander-client,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cms-commander-client/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cms-commander-client" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.287') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cms-press-a3fcccf439bdac9208ecc47d006e929e.yaml b/nuclei-templates/cve-less/plugins/cms-press-a3fcccf439bdac9208ecc47d006e929e.yaml new file mode 100644 index 0000000000..fced3f9be6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cms-press-a3fcccf439bdac9208ecc47d006e929e.yaml @@ -0,0 +1,58 @@ +id: cms-press-a3fcccf439bdac9208ecc47d006e929e + +info: + name: > + CMS Press <= 0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/905cb57b-70ec-4324-ae66-9c06d1737939?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cms-press/" + google-query: inurl:"/wp-content/plugins/cms-press/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cms-press,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cms-press/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cms-press" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cms-tree-page-view-72fe0a438fb0e3368285665d2037073e.yaml b/nuclei-templates/cve-less/plugins/cms-tree-page-view-72fe0a438fb0e3368285665d2037073e.yaml new file mode 100644 index 0000000000..2858d62b04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cms-tree-page-view-72fe0a438fb0e3368285665d2037073e.yaml @@ -0,0 +1,58 @@ +id: cms-tree-page-view-72fe0a438fb0e3368285665d2037073e + +info: + name: > + CMS Tree Page View <= 1.6.7 - Reflected Cross-Site Scripting via 'post_type' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19796773-3d5f-458d-aab1-743b6835c71b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cms-tree-page-view/" + google-query: inurl:"/wp-content/plugins/cms-tree-page-view/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cms-tree-page-view,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cms-tree-page-view/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cms-tree-page-view" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cms-tree-page-view-ad3b6e67373c173a68de7fe25df960c3.yaml b/nuclei-templates/cve-less/plugins/cms-tree-page-view-ad3b6e67373c173a68de7fe25df960c3.yaml new file mode 100644 index 0000000000..88830eeeff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cms-tree-page-view-ad3b6e67373c173a68de7fe25df960c3.yaml @@ -0,0 +1,58 @@ +id: cms-tree-page-view-ad3b6e67373c173a68de7fe25df960c3 + +info: + name: > + CMS Tree Page View < 0.8.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f4052ab-ff9e-48a6-8406-72e9b6237668?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cms-tree-page-view/" + google-query: inurl:"/wp-content/plugins/cms-tree-page-view/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cms-tree-page-view,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cms-tree-page-view/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cms-tree-page-view" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cmyee-momentopress-549edad2ce245fbc28f77db9aee80ff6.yaml b/nuclei-templates/cve-less/plugins/cmyee-momentopress-549edad2ce245fbc28f77db9aee80ff6.yaml new file mode 100644 index 0000000000..60d05ea827 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cmyee-momentopress-549edad2ce245fbc28f77db9aee80ff6.yaml @@ -0,0 +1,58 @@ +id: cmyee-momentopress-549edad2ce245fbc28f77db9aee80ff6 + +info: + name: > + MomentoPress for Momento360 <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0fdee40-9d60-4657-9e2b-42d548dea1c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cmyee-momentopress/" + google-query: inurl:"/wp-content/plugins/cmyee-momentopress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cmyee-momentopress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cmyee-momentopress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cmyee-momentopress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/co-marquage-service-public-a60a30a5dd8e8a555825a7d98c57da43.yaml b/nuclei-templates/cve-less/plugins/co-marquage-service-public-a60a30a5dd8e8a555825a7d98c57da43.yaml new file mode 100644 index 0000000000..2609d4894d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/co-marquage-service-public-a60a30a5dd8e8a555825a7d98c57da43.yaml @@ -0,0 +1,58 @@ +id: co-marquage-service-public-a60a30a5dd8e8a555825a7d98c57da43 + +info: + name: > + Co-marquage service-public.fr <= 0.5.72 - Reflected Cross-Site Scripting via search_term + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ce2dc45-0e23-4fba-8ef3-543db2a02eda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/co-marquage-service-public/" + google-query: inurl:"/wp-content/plugins/co-marquage-service-public/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,co-marquage-service-public,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/co-marquage-service-public/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "co-marquage-service-public" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.72') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/co-marquage-service-public-baef1d0e01440a39ac30bd5826a2469a.yaml b/nuclei-templates/cve-less/plugins/co-marquage-service-public-baef1d0e01440a39ac30bd5826a2469a.yaml new file mode 100644 index 0000000000..ec0b55ba96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/co-marquage-service-public-baef1d0e01440a39ac30bd5826a2469a.yaml @@ -0,0 +1,58 @@ +id: co-marquage-service-public-baef1d0e01440a39ac30bd5826a2469a + +info: + name: > + Co-marquage service-public.fr <= 0.5.71 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c74209e2-52cc-4ea1-967f-65fb9031e9a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/co-marquage-service-public/" + google-query: inurl:"/wp-content/plugins/co-marquage-service-public/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,co-marquage-service-public,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/co-marquage-service-public/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "co-marquage-service-public" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.71') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coblocks-4086933ae9a93ef9f0adb45c61ef5080.yaml b/nuclei-templates/cve-less/plugins/coblocks-4086933ae9a93ef9f0adb45c61ef5080.yaml new file mode 100644 index 0000000000..0dba2a429d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coblocks-4086933ae9a93ef9f0adb45c61ef5080.yaml @@ -0,0 +1,58 @@ +id: coblocks-4086933ae9a93ef9f0adb45c61ef5080 + +info: + name: > + Page Builder Gutenberg Blocks – CoBlocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d1d152-946f-47c9-b0d5-76513370677f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coblocks/" + google-query: inurl:"/wp-content/plugins/coblocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coblocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coblocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coblocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coblocks-fdd365ece4b9b292b937aee693d1c5a6.yaml b/nuclei-templates/cve-less/plugins/coblocks-fdd365ece4b9b292b937aee693d1c5a6.yaml new file mode 100644 index 0000000000..63bd1c8f2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coblocks-fdd365ece4b9b292b937aee693d1c5a6.yaml @@ -0,0 +1,58 @@ +id: coblocks-fdd365ece4b9b292b937aee693d1c5a6 + +info: + name: > + Page Builder Gutenberg Blocks – CoBlocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d692242-4779-449a-94a7-88e202aaefc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coblocks/" + google-query: inurl:"/wp-content/plugins/coblocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coblocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coblocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coblocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/code-snippets-2a2cec7651f5442eb2c1435c40fb232d.yaml b/nuclei-templates/cve-less/plugins/code-snippets-2a2cec7651f5442eb2c1435c40fb232d.yaml new file mode 100644 index 0000000000..58026ec740 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/code-snippets-2a2cec7651f5442eb2c1435c40fb232d.yaml @@ -0,0 +1,58 @@ +id: code-snippets-2a2cec7651f5442eb2c1435c40fb232d + +info: + name: > + Code Snippets <= 2.14.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/caf0d33d-4bfd-460f-b21c-df36b1452b2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/code-snippets/" + google-query: inurl:"/wp-content/plugins/code-snippets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,code-snippets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/code-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "code-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.14.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/code-snippets-39bc2edd346e28405d70531e51a8164a.yaml b/nuclei-templates/cve-less/plugins/code-snippets-39bc2edd346e28405d70531e51a8164a.yaml new file mode 100644 index 0000000000..820fa94b37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/code-snippets-39bc2edd346e28405d70531e51a8164a.yaml @@ -0,0 +1,58 @@ +id: code-snippets-39bc2edd346e28405d70531e51a8164a + +info: + name: > + Code Snippets <= 2.13.3 - Cross-Site Request Forgery to Remote Code Execution + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b230ff1-4971-4ec5-a0e9-21df90fc6e98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/code-snippets/" + google-query: inurl:"/wp-content/plugins/code-snippets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,code-snippets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/code-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "code-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.13.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/code-snippets-aa298dcdd541921aa6e5a62400773be6.yaml b/nuclei-templates/cve-less/plugins/code-snippets-aa298dcdd541921aa6e5a62400773be6.yaml new file mode 100644 index 0000000000..ac41db773e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/code-snippets-aa298dcdd541921aa6e5a62400773be6.yaml @@ -0,0 +1,58 @@ +id: code-snippets-aa298dcdd541921aa6e5a62400773be6 + +info: + name: > + Code Snippets <= 3.5.0 - Cross-Site Request Forgery via load + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28aae3d4-c4c4-4cda-9f4b-7f2ea58629aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/code-snippets/" + google-query: inurl:"/wp-content/plugins/code-snippets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,code-snippets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/code-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "code-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/code-snippets-aceeb583ba4064a9ac66804525abc9eb.yaml b/nuclei-templates/cve-less/plugins/code-snippets-aceeb583ba4064a9ac66804525abc9eb.yaml new file mode 100644 index 0000000000..a07a7dbab8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/code-snippets-aceeb583ba4064a9ac66804525abc9eb.yaml @@ -0,0 +1,58 @@ +id: code-snippets-aceeb583ba4064a9ac66804525abc9eb + +info: + name: > + Code Snippets <= 2.14.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77ff6195-e2e6-49bd-a96e-d2f60b309368?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/code-snippets/" + google-query: inurl:"/wp-content/plugins/code-snippets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,code-snippets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/code-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "code-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.14.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/code-snippets-extended-429616022004f10edfb6da5df655ced8.yaml b/nuclei-templates/cve-less/plugins/code-snippets-extended-429616022004f10edfb6da5df655ced8.yaml new file mode 100644 index 0000000000..1f5229cee5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/code-snippets-extended-429616022004f10edfb6da5df655ced8.yaml @@ -0,0 +1,58 @@ +id: code-snippets-extended-429616022004f10edfb6da5df655ced8 + +info: + name: > + Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21ab1a1e-53f5-4cd2-a9c5-0b0065f14a6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/code-snippets-extended/" + google-query: inurl:"/wp-content/plugins/code-snippets-extended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,code-snippets-extended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/code-snippets-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "code-snippets-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/code-snippets-extended-989eb9c3cbf3a8a65b24266fa6fa3458.yaml b/nuclei-templates/cve-less/plugins/code-snippets-extended-989eb9c3cbf3a8a65b24266fa6fa3458.yaml new file mode 100644 index 0000000000..ed545ca592 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/code-snippets-extended-989eb9c3cbf3a8a65b24266fa6fa3458.yaml @@ -0,0 +1,58 @@ +id: code-snippets-extended-989eb9c3cbf3a8a65b24266fa6fa3458 + +info: + name: > + Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery to Remote Code Execution + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c7d208b-84e4-4759-8b61-3ef43c1d0732?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/code-snippets-extended/" + google-query: inurl:"/wp-content/plugins/code-snippets-extended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,code-snippets-extended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/code-snippets-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "code-snippets-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/code-snippets-extended-e82db8a28efe18641f3e717f9b09b84e.yaml b/nuclei-templates/cve-less/plugins/code-snippets-extended-e82db8a28efe18641f3e717f9b09b84e.yaml new file mode 100644 index 0000000000..dbb96c0745 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/code-snippets-extended-e82db8a28efe18641f3e717f9b09b84e.yaml @@ -0,0 +1,58 @@ +id: code-snippets-extended-e82db8a28efe18641f3e717f9b09b84e + +info: + name: > + Code Snippets Extended <= 1.4.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd4fa08-e326-47ab-96b1-be7b702a32ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/code-snippets-extended/" + google-query: inurl:"/wp-content/plugins/code-snippets-extended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,code-snippets-extended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/code-snippets-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "code-snippets-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/codecolorer-6a2386cdcd3910d335805b9ddf952385.yaml b/nuclei-templates/cve-less/plugins/codecolorer-6a2386cdcd3910d335805b9ddf952385.yaml new file mode 100644 index 0000000000..2c432a9920 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/codecolorer-6a2386cdcd3910d335805b9ddf952385.yaml @@ -0,0 +1,58 @@ +id: codecolorer-6a2386cdcd3910d335805b9ddf952385 + +info: + name: > + CodeColorer <= 0.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c78ec44e-c3e4-410e-9937-46657664d6cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/codecolorer/" + google-query: inurl:"/wp-content/plugins/codecolorer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,codecolorer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/codecolorer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "codecolorer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/codeflavors-vimeo-video-post-lite-d5eb243a63ca847d2586e41fb57f6f14.yaml b/nuclei-templates/cve-less/plugins/codeflavors-vimeo-video-post-lite-d5eb243a63ca847d2586e41fb57f6f14.yaml new file mode 100644 index 0000000000..9353caf57b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/codeflavors-vimeo-video-post-lite-d5eb243a63ca847d2586e41fb57f6f14.yaml @@ -0,0 +1,58 @@ +id: codeflavors-vimeo-video-post-lite-d5eb243a63ca847d2586e41fb57f6f14 + +info: + name: > + Vimeotheque <= 2.2.1 - Reflected Cross-Site Scripting via 'view' and 'page' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72256ac2-72a7-4c3c-a892-1f1795671c5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/codeflavors-vimeo-video-post-lite/" + google-query: inurl:"/wp-content/plugins/codeflavors-vimeo-video-post-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,codeflavors-vimeo-video-post-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/codeflavors-vimeo-video-post-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "codeflavors-vimeo-video-post-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/codelights-shortcodes-and-widgets-4f0e3223d5ea7b01c767c6e564ea2ada.yaml b/nuclei-templates/cve-less/plugins/codelights-shortcodes-and-widgets-4f0e3223d5ea7b01c767c6e564ea2ada.yaml new file mode 100644 index 0000000000..c0100f79ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/codelights-shortcodes-and-widgets-4f0e3223d5ea7b01c767c6e564ea2ada.yaml @@ -0,0 +1,58 @@ +id: codelights-shortcodes-and-widgets-4f0e3223d5ea7b01c767c6e564ea2ada + +info: + name: > + Sidebar Widgets by CodeLights <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3feb84c9-fc98-4f59-a124-b6434e5b8a44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/codelights-shortcodes-and-widgets/" + google-query: inurl:"/wp-content/plugins/codelights-shortcodes-and-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,codelights-shortcodes-and-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/codelights-shortcodes-and-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "codelights-shortcodes-and-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/codelights-shortcodes-and-widgets-5a9c4861ed09ce785a6f69836ddbac67.yaml b/nuclei-templates/cve-less/plugins/codelights-shortcodes-and-widgets-5a9c4861ed09ce785a6f69836ddbac67.yaml new file mode 100644 index 0000000000..a85f79578f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/codelights-shortcodes-and-widgets-5a9c4861ed09ce785a6f69836ddbac67.yaml @@ -0,0 +1,58 @@ +id: codelights-shortcodes-and-widgets-5a9c4861ed09ce785a6f69836ddbac67 + +info: + name: > + Sidebar Widgets by CodeLights <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/baee7e34-0ed0-4702-9ccc-94177b6284c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/codelights-shortcodes-and-widgets/" + google-query: inurl:"/wp-content/plugins/codelights-shortcodes-and-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,codelights-shortcodes-and-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/codelights-shortcodes-and-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "codelights-shortcodes-and-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/codepeople-post-map-1123677072a0d47589707f79eb0e7e54.yaml b/nuclei-templates/cve-less/plugins/codepeople-post-map-1123677072a0d47589707f79eb0e7e54.yaml new file mode 100644 index 0000000000..a847ed9183 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/codepeople-post-map-1123677072a0d47589707f79eb0e7e54.yaml @@ -0,0 +1,58 @@ +id: codepeople-post-map-1123677072a0d47589707f79eb0e7e54 + +info: + name: > + Google Maps CP <= 1.0.43 - Missing Authorization to Authenticated (Subscriber+) Feedback Form Submission + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc9a2639-cec8-408e-9ba2-ffb6c8c7da21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/codepeople-post-map/" + google-query: inurl:"/wp-content/plugins/codepeople-post-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,codepeople-post-map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/codepeople-post-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "codepeople-post-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.43') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/codepress-admin-columns-1b44920a5aedb519e7cd543d04a01fe4.yaml b/nuclei-templates/cve-less/plugins/codepress-admin-columns-1b44920a5aedb519e7cd543d04a01fe4.yaml new file mode 100644 index 0000000000..6fac11a145 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/codepress-admin-columns-1b44920a5aedb519e7cd543d04a01fe4.yaml @@ -0,0 +1,58 @@ +id: codepress-admin-columns-1b44920a5aedb519e7cd543d04a01fe4 + +info: + name: > + Admin Columns <= 3.4.6 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79ae6c3e-5584-448b-a5c5-0a105377b81d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/codepress-admin-columns/" + google-query: inurl:"/wp-content/plugins/codepress-admin-columns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,codepress-admin-columns,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/codepress-admin-columns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "codepress-admin-columns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/codepress-admin-columns-2cf825b0502a2430e12833bc820c6234.yaml b/nuclei-templates/cve-less/plugins/codepress-admin-columns-2cf825b0502a2430e12833bc820c6234.yaml new file mode 100644 index 0000000000..a40c84bee7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/codepress-admin-columns-2cf825b0502a2430e12833bc820c6234.yaml @@ -0,0 +1,58 @@ +id: codepress-admin-columns-2cf825b0502a2430e12833bc820c6234 + +info: + name: > + Admin Columns Free < 4.3 and Pro < 5.5.1 Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/067a5f6c-7ad1-49ac-a581-b50fa89a5f39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/codepress-admin-columns/" + google-query: inurl:"/wp-content/plugins/codepress-admin-columns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,codepress-admin-columns,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/codepress-admin-columns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "codepress-admin-columns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/codepress-admin-columns-9a1ea12529e15f0a017ce8f0e47401f6.yaml b/nuclei-templates/cve-less/plugins/codepress-admin-columns-9a1ea12529e15f0a017ce8f0e47401f6.yaml new file mode 100644 index 0000000000..b3c5096293 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/codepress-admin-columns-9a1ea12529e15f0a017ce8f0e47401f6.yaml @@ -0,0 +1,58 @@ +id: codepress-admin-columns-9a1ea12529e15f0a017ce8f0e47401f6 + +info: + name: > + Admin Columns Free < 4.3.2 and Pro < 5.5.2 Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69654827-842f-483d-ae4c-b9c7ae271f82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/codepress-admin-columns/" + google-query: inurl:"/wp-content/plugins/codepress-admin-columns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,codepress-admin-columns,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/codepress-admin-columns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "codepress-admin-columns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/codestyling-localization-ddc63b74125a60840010b54470ac437e.yaml b/nuclei-templates/cve-less/plugins/codestyling-localization-ddc63b74125a60840010b54470ac437e.yaml new file mode 100644 index 0000000000..5b2e389ca8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/codestyling-localization-ddc63b74125a60840010b54470ac437e.yaml @@ -0,0 +1,58 @@ +id: codestyling-localization-ddc63b74125a60840010b54470ac437e + +info: + name: > + Codestyling Localization <= 1.99.30 - Cross-Site Request Forgery to Remote Code Execution + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed2796b0-0667-451d-9208-272651bc6a4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/codestyling-localization/" + google-query: inurl:"/wp-content/plugins/codestyling-localization/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,codestyling-localization,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/codestyling-localization/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "codestyling-localization" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.99.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colibri-page-builder-01e0b89afcfee7ee0b87257825f06c59.yaml b/nuclei-templates/cve-less/plugins/colibri-page-builder-01e0b89afcfee7ee0b87257825f06c59.yaml new file mode 100644 index 0000000000..55472f746d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colibri-page-builder-01e0b89afcfee7ee0b87257825f06c59.yaml @@ -0,0 +1,58 @@ +id: colibri-page-builder-01e0b89afcfee7ee0b87257825f06c59 + +info: + name: > + Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri_breadcrumb_element' Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ae4226-0089-47fb-87b9-94e9faf764e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colibri-page-builder/" + google-query: inurl:"/wp-content/plugins/colibri-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colibri-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colibri-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.272') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colibri-page-builder-06110f65fe21eb76cccfd39d7f91d25b.yaml b/nuclei-templates/cve-less/plugins/colibri-page-builder-06110f65fe21eb76cccfd39d7f91d25b.yaml new file mode 100644 index 0000000000..d5d5c25bd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colibri-page-builder-06110f65fe21eb76cccfd39d7f91d25b.yaml @@ -0,0 +1,58 @@ +id: colibri-page-builder-06110f65fe21eb76cccfd39d7f91d25b + +info: + name: > + Colibri Page Builder <= 1.0.253 - Cross-Site Request Fogery via cp_shortcode_refresh + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5e7a994-c489-4aea-a9bb-898bc92cae4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colibri-page-builder/" + google-query: inurl:"/wp-content/plugins/colibri-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colibri-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colibri-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.253') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colibri-page-builder-21f9461e5270818af4357d314ab90f57.yaml b/nuclei-templates/cve-less/plugins/colibri-page-builder-21f9461e5270818af4357d314ab90f57.yaml new file mode 100644 index 0000000000..f31a9490bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colibri-page-builder-21f9461e5270818af4357d314ab90f57.yaml @@ -0,0 +1,58 @@ +id: colibri-page-builder-21f9461e5270818af4357d314ab90f57 + +info: + name: > + Colibri Page Builder <= 1.0.248 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9759e1f0-e134-4c7f-88aa-63dbae7067f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colibri-page-builder/" + google-query: inurl:"/wp-content/plugins/colibri-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colibri-page-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colibri-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.248') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colibri-page-builder-29c3e0ef4de33c7a54c9e5adeed782a1.yaml b/nuclei-templates/cve-less/plugins/colibri-page-builder-29c3e0ef4de33c7a54c9e5adeed782a1.yaml new file mode 100644 index 0000000000..1e8cc326c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colibri-page-builder-29c3e0ef4de33c7a54c9e5adeed782a1.yaml @@ -0,0 +1,58 @@ +id: colibri-page-builder-29c3e0ef4de33c7a54c9e5adeed782a1 + +info: + name: > + Colibri Page Builder <= 1.0.227 - Authenticated (Administrator+) SQL Injection via post_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c73d4b78-72aa-409a-a787-898179773b82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colibri-page-builder/" + google-query: inurl:"/wp-content/plugins/colibri-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colibri-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colibri-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.227') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colibri-page-builder-3bb3b1b877c8539475d5edd92db3636e.yaml b/nuclei-templates/cve-less/plugins/colibri-page-builder-3bb3b1b877c8539475d5edd92db3636e.yaml new file mode 100644 index 0000000000..80bda32d83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colibri-page-builder-3bb3b1b877c8539475d5edd92db3636e.yaml @@ -0,0 +1,58 @@ +id: colibri-page-builder-3bb3b1b877c8539475d5edd92db3636e + +info: + name: > + Colibri Page Builder <= 1.0.263 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9466e5f-d8eb-4de4-a1d2-e5ef15bf1e4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colibri-page-builder/" + google-query: inurl:"/wp-content/plugins/colibri-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colibri-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colibri-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.263') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colibri-page-builder-411de6e419140a33390e4cf84e25eb26.yaml b/nuclei-templates/cve-less/plugins/colibri-page-builder-411de6e419140a33390e4cf84e25eb26.yaml new file mode 100644 index 0000000000..06465e22f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colibri-page-builder-411de6e419140a33390e4cf84e25eb26.yaml @@ -0,0 +1,58 @@ +id: colibri-page-builder-411de6e419140a33390e4cf84e25eb26 + +info: + name: > + Colibri Page Builder <= 1.0.239 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/300b24af-10a1-45b9-87ec-7c98dc94e76b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colibri-page-builder/" + google-query: inurl:"/wp-content/plugins/colibri-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colibri-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colibri-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.239') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colibri-page-builder-461ccdb0bda3c12c709b07472ce088e7.yaml b/nuclei-templates/cve-less/plugins/colibri-page-builder-461ccdb0bda3c12c709b07472ce088e7.yaml new file mode 100644 index 0000000000..f12af72a76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colibri-page-builder-461ccdb0bda3c12c709b07472ce088e7.yaml @@ -0,0 +1,58 @@ +id: colibri-page-builder-461ccdb0bda3c12c709b07472ce088e7 + +info: + name: > + Colibri Page Builder <= 1.0.253 - Cross-Site Request Fogery via extend_builder + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/233a29f5-12bf-4849-9b28-4458a0b0c940?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colibri-page-builder/" + google-query: inurl:"/wp-content/plugins/colibri-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colibri-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colibri-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.253') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colibri-page-builder-72c77f134254f33afbd956d2661ee799.yaml b/nuclei-templates/cve-less/plugins/colibri-page-builder-72c77f134254f33afbd956d2661ee799.yaml new file mode 100644 index 0000000000..8840472f78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colibri-page-builder-72c77f134254f33afbd956d2661ee799.yaml @@ -0,0 +1,58 @@ +id: colibri-page-builder-72c77f134254f33afbd956d2661ee799 + +info: + name: > + Colibri Page Builder <= 1.0.272 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'colibri-gallery-slideshow' Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5ba832e-98bc-421d-9b60-e6260c408815?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colibri-page-builder/" + google-query: inurl:"/wp-content/plugins/colibri-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colibri-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colibri-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.272') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colibri-page-builder-7af76cb753c181fa25d318d1a52543d2.yaml b/nuclei-templates/cve-less/plugins/colibri-page-builder-7af76cb753c181fa25d318d1a52543d2.yaml new file mode 100644 index 0000000000..401ecebc9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colibri-page-builder-7af76cb753c181fa25d318d1a52543d2.yaml @@ -0,0 +1,58 @@ +id: colibri-page-builder-7af76cb753c181fa25d318d1a52543d2 + +info: + name: > + Colibri Page Builder <= 1.0.260 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/130637ce-d70a-4831-8b88-a2a6e8a95c42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colibri-page-builder/" + google-query: inurl:"/wp-content/plugins/colibri-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colibri-page-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colibri-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.260') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colibri-page-builder-aaee16898f3cb4f4d7a9fcaef31839c3.yaml b/nuclei-templates/cve-less/plugins/colibri-page-builder-aaee16898f3cb4f4d7a9fcaef31839c3.yaml new file mode 100644 index 0000000000..91611e547e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colibri-page-builder-aaee16898f3cb4f4d7a9fcaef31839c3.yaml @@ -0,0 +1,58 @@ +id: colibri-page-builder-aaee16898f3cb4f4d7a9fcaef31839c3 + +info: + name: > + Colibri Page Builder <= 1.0.240 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/532d185c-4384-4b15-a104-42f8d2a1ca23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colibri-page-builder/" + google-query: inurl:"/wp-content/plugins/colibri-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colibri-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colibri-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.240') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colibri-page-builder-f731e8529b33108bde99e03616dec459.yaml b/nuclei-templates/cve-less/plugins/colibri-page-builder-f731e8529b33108bde99e03616dec459.yaml new file mode 100644 index 0000000000..fd257ea94e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colibri-page-builder-f731e8529b33108bde99e03616dec459.yaml @@ -0,0 +1,58 @@ +id: colibri-page-builder-f731e8529b33108bde99e03616dec459 + +info: + name: > + Colibri Page Builder <= 1.0.262 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a066eae-4040-4d76-b730-47d98dc37662?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colibri-page-builder/" + google-query: inurl:"/wp-content/plugins/colibri-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colibri-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colibri-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.262') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/collect-and-deliver-interface-for-woocommerce-ac850d5730363d3bbd84ae6609135f15.yaml b/nuclei-templates/cve-less/plugins/collect-and-deliver-interface-for-woocommerce-ac850d5730363d3bbd84ae6609135f15.yaml new file mode 100644 index 0000000000..3fc2a6288d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/collect-and-deliver-interface-for-woocommerce-ac850d5730363d3bbd84ae6609135f15.yaml @@ -0,0 +1,58 @@ +id: collect-and-deliver-interface-for-woocommerce-ac850d5730363d3bbd84ae6609135f15 + +info: + name: > + CDI – Collect and Deliver Interface for Woocommerce <= 5.1.9 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94c2dab9-40b3-4863-a5f3-fcaba10d2e20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/collect-and-deliver-interface-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/collect-and-deliver-interface-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,collect-and-deliver-interface-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/collect-and-deliver-interface-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "collect-and-deliver-interface-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/collectchat-a85aa1b9a47ecb9d1b901a00495b06ae.yaml b/nuclei-templates/cve-less/plugins/collectchat-a85aa1b9a47ecb9d1b901a00495b06ae.yaml new file mode 100644 index 0000000000..6324b0598e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/collectchat-a85aa1b9a47ecb9d1b901a00495b06ae.yaml @@ -0,0 +1,58 @@ +id: collectchat-a85aa1b9a47ecb9d1b901a00495b06ae + +info: + name: > + collectchat <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5afb3c3a-17d1-4cfb-9058-ae6a58e04c6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/collectchat/" + google-query: inurl:"/wp-content/plugins/collectchat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,collectchat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/collectchat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "collectchat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/collectchat-fdf2ccd0e27bd38fe570f70f1b82c105.yaml b/nuclei-templates/cve-less/plugins/collectchat-fdf2ccd0e27bd38fe570f70f1b82c105.yaml new file mode 100644 index 0000000000..c1ec490608 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/collectchat-fdf2ccd0e27bd38fe570f70f1b82c105.yaml @@ -0,0 +1,58 @@ +id: collectchat-fdf2ccd0e27bd38fe570f70f1b82c105 + +info: + name: > + Chatbot for WordPress <= 2.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd67329-11b1-4f00-a422-bb4833a3181d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/collectchat/" + google-query: inurl:"/wp-content/plugins/collectchat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,collectchat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/collectchat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "collectchat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/college-publisher-import-c719c1fa9d94cb4a4d6e24f4ded47412.yaml b/nuclei-templates/cve-less/plugins/college-publisher-import-c719c1fa9d94cb4a4d6e24f4ded47412.yaml new file mode 100644 index 0000000000..c0e310a522 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/college-publisher-import-c719c1fa9d94cb4a4d6e24f4ded47412.yaml @@ -0,0 +1,58 @@ +id: college-publisher-import-c719c1fa9d94cb4a4d6e24f4ded47412 + +info: + name: > + College publisher Import <= 0.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2849cb5-9277-460d-a429-6253c98c1554?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/college-publisher-import/" + google-query: inurl:"/wp-content/plugins/college-publisher-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,college-publisher-import,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/college-publisher-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "college-publisher-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colorful-categories-ce863d77586ccc4b8e169d7ca2f897a8.yaml b/nuclei-templates/cve-less/plugins/colorful-categories-ce863d77586ccc4b8e169d7ca2f897a8.yaml new file mode 100644 index 0000000000..ecc5c72d49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colorful-categories-ce863d77586ccc4b8e169d7ca2f897a8.yaml @@ -0,0 +1,58 @@ +id: colorful-categories-ce863d77586ccc4b8e169d7ca2f897a8 + +info: + name: > + Colorful Categories < 2.0.15 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62988723-4e58-4eb3-a483-127b23574a40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colorful-categories/" + google-query: inurl:"/wp-content/plugins/colorful-categories/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colorful-categories,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colorful-categories/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colorful-categories" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colorlib-coming-soon-maintenance-699697d906ce98da7e0a75001998e24b.yaml b/nuclei-templates/cve-less/plugins/colorlib-coming-soon-maintenance-699697d906ce98da7e0a75001998e24b.yaml new file mode 100644 index 0000000000..acb8e4729b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colorlib-coming-soon-maintenance-699697d906ce98da7e0a75001998e24b.yaml @@ -0,0 +1,58 @@ +id: colorlib-coming-soon-maintenance-699697d906ce98da7e0a75001998e24b + +info: + name: > + Coming Soon & Maintenance Mode by Colorlib <= 1.0.98 - Administrator+ Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e85df0dc-d3da-4503-9249-939bb36f18ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colorlib-coming-soon-maintenance/" + google-query: inurl:"/wp-content/plugins/colorlib-coming-soon-maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colorlib-coming-soon-maintenance,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colorlib-coming-soon-maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colorlib-coming-soon-maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.98') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/colorlib-coming-soon-maintenance-a149337d8133aa025f4ace42f65c06da.yaml b/nuclei-templates/cve-less/plugins/colorlib-coming-soon-maintenance-a149337d8133aa025f4ace42f65c06da.yaml new file mode 100644 index 0000000000..476019f3fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/colorlib-coming-soon-maintenance-a149337d8133aa025f4ace42f65c06da.yaml @@ -0,0 +1,58 @@ +id: colorlib-coming-soon-maintenance-a149337d8133aa025f4ace42f65c06da + +info: + name: > + Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48dc10a9-7bb9-401f-befd-1bf620858825?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/colorlib-coming-soon-maintenance/" + google-query: inurl:"/wp-content/plugins/colorlib-coming-soon-maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,colorlib-coming-soon-maintenance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/colorlib-coming-soon-maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colorlib-coming-soon-maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.99') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/column-matic-468f187fbaef8b522a9247e1a677ec05.yaml b/nuclei-templates/cve-less/plugins/column-matic-468f187fbaef8b522a9247e1a677ec05.yaml new file mode 100644 index 0000000000..237bb00d0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/column-matic-468f187fbaef8b522a9247e1a677ec05.yaml @@ -0,0 +1,58 @@ +id: column-matic-468f187fbaef8b522a9247e1a677ec05 + +info: + name: > + Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9dc640c8-3740-4770-b729-fb45ecec2b45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/column-matic/" + google-query: inurl:"/wp-content/plugins/column-matic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,column-matic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/column-matic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "column-matic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comic-easel-919a5f84339755a5d7406eb8d1eb9388.yaml b/nuclei-templates/cve-less/plugins/comic-easel-919a5f84339755a5d7406eb8d1eb9388.yaml new file mode 100644 index 0000000000..d8c16e787c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comic-easel-919a5f84339755a5d7406eb8d1eb9388.yaml @@ -0,0 +1,58 @@ +id: comic-easel-919a5f84339755a5d7406eb8d1eb9388 + +info: + name: > + Comic Easel <= 1.15 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d38cf4d5-a2b3-46c7-9cbc-777ebf6a68be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comic-easel/" + google-query: inurl:"/wp-content/plugins/comic-easel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comic-easel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comic-easel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comic-easel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comicbookmanagementsystemweeklypicks-d103dcd12252c06ef076f4cb74df842f.yaml b/nuclei-templates/cve-less/plugins/comicbookmanagementsystemweeklypicks-d103dcd12252c06ef076f4cb74df842f.yaml new file mode 100644 index 0000000000..8877cd84df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comicbookmanagementsystemweeklypicks-d103dcd12252c06ef076f4cb74df842f.yaml @@ -0,0 +1,58 @@ +id: comicbookmanagementsystemweeklypicks-d103dcd12252c06ef076f4cb74df842f + +info: + name: > + Comic Book Management System < 2.2.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c387a20-47dd-42d9-bf22-a28c613c5bde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comicbookmanagementsystemweeklypicks/" + google-query: inurl:"/wp-content/plugins/comicbookmanagementsystemweeklypicks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comicbookmanagementsystemweeklypicks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comicbookmanagementsystemweeklypicks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comicbookmanagementsystemweeklypicks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-a811d729e46b4e2f338038f266981191.yaml b/nuclei-templates/cve-less/plugins/coming-soon-a811d729e46b4e2f338038f266981191.yaml new file mode 100644 index 0000000000..6fdf845917 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-a811d729e46b4e2f338038f266981191.yaml @@ -0,0 +1,58 @@ +id: coming-soon-a811d729e46b4e2f338038f266981191 + +info: + name: > + Website Builder by SeedProd <= 6.15.13.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cb5370f-14aa-445d-bda3-62a0dd068fc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon/" + google-query: inurl:"/wp-content/plugins/coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.15.13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-by-supsystic-40172980791539d9cbc1458226ed5fdf.yaml b/nuclei-templates/cve-less/plugins/coming-soon-by-supsystic-40172980791539d9cbc1458226ed5fdf.yaml new file mode 100644 index 0000000000..ea9025e19a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-by-supsystic-40172980791539d9cbc1458226ed5fdf.yaml @@ -0,0 +1,58 @@ +id: coming-soon-by-supsystic-40172980791539d9cbc1458226ed5fdf + +info: + name: > + Coming Soon by Supsystic <= 1.7.10 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29e49f76-9769-41c9-aeed-9e2857ebbd25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-by-supsystic/" + google-query: inurl:"/wp-content/plugins/coming-soon-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-by-supsystic-c5f1b8086e41aba21eb0fa4dcda314d9.yaml b/nuclei-templates/cve-less/plugins/coming-soon-by-supsystic-c5f1b8086e41aba21eb0fa4dcda314d9.yaml new file mode 100644 index 0000000000..81cafd5ffc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-by-supsystic-c5f1b8086e41aba21eb0fa4dcda314d9.yaml @@ -0,0 +1,58 @@ +id: coming-soon-by-supsystic-c5f1b8086e41aba21eb0fa4dcda314d9 + +info: + name: > + Coming Soon by Supsystic <= 1.7.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48ebeb6a-c585-4ddc-92ab-144f66193991?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-by-supsystic/" + google-query: inurl:"/wp-content/plugins/coming-soon-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-c76087a23749b6d57d9ddfc097bcae08.yaml b/nuclei-templates/cve-less/plugins/coming-soon-c76087a23749b6d57d9ddfc097bcae08.yaml new file mode 100644 index 0000000000..f97bd188f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-c76087a23749b6d57d9ddfc097bcae08.yaml @@ -0,0 +1,58 @@ +id: coming-soon-c76087a23749b6d57d9ddfc097bcae08 + +info: + name: > + Coming Soon Page, Under Construction & Maintenance Mode by SeedProd <= 6.15.20 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60c6c9a8-e04d-49e2-96e8-16d7580a3e2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon/" + google-query: inurl:"/wp-content/plugins/coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.15.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-dc8b61de30b02b2cff6abe2f9142cec9.yaml b/nuclei-templates/cve-less/plugins/coming-soon-dc8b61de30b02b2cff6abe2f9142cec9.yaml new file mode 100644 index 0000000000..a3ae69a28f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-dc8b61de30b02b2cff6abe2f9142cec9.yaml @@ -0,0 +1,58 @@ +id: coming-soon-dc8b61de30b02b2cff6abe2f9142cec9 + +info: + name: > + Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode <= 6.15.21 - Missing Authorization via seedprod_lite_new_lpage + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78d7920b-3e20-43c7-a522-72bac824c2cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon/" + google-query: inurl:"/wp-content/plugins/coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.15.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-fbe96ae280b99abe5e90ec130aefb23d.yaml b/nuclei-templates/cve-less/plugins/coming-soon-fbe96ae280b99abe5e90ec130aefb23d.yaml new file mode 100644 index 0000000000..302a3d4181 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-fbe96ae280b99abe5e90ec130aefb23d.yaml @@ -0,0 +1,58 @@ +id: coming-soon-fbe96ae280b99abe5e90ec130aefb23d + +info: + name: > + Coming Soon Page by SeedProd <= 5.1.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/caa0f581-3fe8-4b9f-b69c-ec38ee25d697?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon/" + google-query: inurl:"/wp-content/plugins/coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-09f85e9adfb4624c22adfc3bca4cbc18.yaml b/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-09f85e9adfb4624c22adfc3bca4cbc18.yaml new file mode 100644 index 0000000000..46ce0d0b5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-09f85e9adfb4624c22adfc3bca4cbc18.yaml @@ -0,0 +1,58 @@ +id: coming-soon-maintenance-mode-09f85e9adfb4624c22adfc3bca4cbc18 + +info: + name: > + Coming Soon Maintenance Mode <= 1.0.5 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44e4a1a3-71d0-4cad-9807-f6bbc99ccb13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/coming-soon-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-maintenance-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-from-acurax-801d1a90cceafe559a3466d4f67a8f10.yaml b/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-from-acurax-801d1a90cceafe559a3466d4f67a8f10.yaml new file mode 100644 index 0000000000..c952479c66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-from-acurax-801d1a90cceafe559a3466d4f67a8f10.yaml @@ -0,0 +1,58 @@ +id: coming-soon-maintenance-mode-from-acurax-801d1a90cceafe559a3466d4f67a8f10 + +info: + name: > + Under Construction / Maintenance Mode from Acurax <= 2.6 - Authenticated (Subscriber+) Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a75f4eb-698b-4c92-9829-de6c55e21ecb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-maintenance-mode-from-acurax/" + google-query: inurl:"/wp-content/plugins/coming-soon-maintenance-mode-from-acurax/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-maintenance-mode-from-acurax,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-maintenance-mode-from-acurax/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-maintenance-mode-from-acurax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-from-acurax-89444fbeceae5055dd4381ae452bd0d1.yaml b/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-from-acurax-89444fbeceae5055dd4381ae452bd0d1.yaml new file mode 100644 index 0000000000..77345e5a6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-from-acurax-89444fbeceae5055dd4381ae452bd0d1.yaml @@ -0,0 +1,58 @@ +id: coming-soon-maintenance-mode-from-acurax-89444fbeceae5055dd4381ae452bd0d1 + +info: + name: > + Under Construction / Maintenance Mode from Acurax <= 2.6 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f28c47e6-a37d-4328-afb2-6a9e6b3fe20a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-maintenance-mode-from-acurax/" + google-query: inurl:"/wp-content/plugins/coming-soon-maintenance-mode-from-acurax/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-maintenance-mode-from-acurax,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-maintenance-mode-from-acurax/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-maintenance-mode-from-acurax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-from-acurax-90c77c994b57286cd58b89b0a94442a5.yaml b/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-from-acurax-90c77c994b57286cd58b89b0a94442a5.yaml new file mode 100644 index 0000000000..447a42e3eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-maintenance-mode-from-acurax-90c77c994b57286cd58b89b0a94442a5.yaml @@ -0,0 +1,58 @@ +id: coming-soon-maintenance-mode-from-acurax-90c77c994b57286cd58b89b0a94442a5 + +info: + name: > + Under Construction / Maintenance Mode from Acurax <= 2.6 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/359b8977-6d0d-4856-8d72-17091a420f67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-maintenance-mode-from-acurax/" + google-query: inurl:"/wp-content/plugins/coming-soon-maintenance-mode-from-acurax/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-maintenance-mode-from-acurax,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-maintenance-mode-from-acurax/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-maintenance-mode-from-acurax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-page-03aed27f86819ca17f9267263897b2d4.yaml b/nuclei-templates/cve-less/plugins/coming-soon-page-03aed27f86819ca17f9267263897b2d4.yaml new file mode 100644 index 0000000000..7c3837cef1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-page-03aed27f86819ca17f9267263897b2d4.yaml @@ -0,0 +1,58 @@ +id: coming-soon-page-03aed27f86819ca17f9267263897b2d4 + +info: + name: > + Coming soon and Maintenance mode <= 3.6.7 - Cross-Site request Forgery to Arbitrary Email Send + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b83e971-7e97-47e3-81a5-ff357692bca2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-page/" + google-query: inurl:"/wp-content/plugins/coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-page-590623a5d7befa81a3dd4c5d938153e0.yaml b/nuclei-templates/cve-less/plugins/coming-soon-page-590623a5d7befa81a3dd4c5d938153e0.yaml new file mode 100644 index 0000000000..9450c481bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-page-590623a5d7befa81a3dd4c5d938153e0.yaml @@ -0,0 +1,58 @@ +id: coming-soon-page-590623a5d7befa81a3dd4c5d938153e0 + +info: + name: > + Coming soon and Maintenance mode <= 3.6.6 - Missing Authorization to Arbitrary Email Send + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e07649c0-b2eb-421b-95ae-a9530524470a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-page/" + google-query: inurl:"/wp-content/plugins/coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-page-604cc742b0731a1b0e3b91222daa2367.yaml b/nuclei-templates/cve-less/plugins/coming-soon-page-604cc742b0731a1b0e3b91222daa2367.yaml new file mode 100644 index 0000000000..ee3125a4c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-page-604cc742b0731a1b0e3b91222daa2367.yaml @@ -0,0 +1,58 @@ +id: coming-soon-page-604cc742b0731a1b0e3b91222daa2367 + +info: + name: > + Coming soon and Maintenance mode <= 3.5.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b59ac36c-41b7-46eb-9677-639e45187992?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-page/" + google-query: inurl:"/wp-content/plugins/coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-page-c6f17fa36993cabcda8dd7acf64ac9f3.yaml b/nuclei-templates/cve-less/plugins/coming-soon-page-c6f17fa36993cabcda8dd7acf64ac9f3.yaml new file mode 100644 index 0000000000..2a755ca13e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-page-c6f17fa36993cabcda8dd7acf64ac9f3.yaml @@ -0,0 +1,58 @@ +id: coming-soon-page-c6f17fa36993cabcda8dd7acf64ac9f3 + +info: + name: > + Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fd9c076-d36c-4cda-b636-aa65195956d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-page/" + google-query: inurl:"/wp-content/plugins/coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-wp-22b32b6b74cc9eb676a736f279318419.yaml b/nuclei-templates/cve-less/plugins/coming-soon-wp-22b32b6b74cc9eb676a736f279318419.yaml new file mode 100644 index 0000000000..4ea5ec984d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-wp-22b32b6b74cc9eb676a736f279318419.yaml @@ -0,0 +1,58 @@ +id: coming-soon-wp-22b32b6b74cc9eb676a736f279318419 + +info: + name: > + Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 2.1.2 - Maintenance Mode Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc144cd-7119-477f-9fa1-b00cab215077?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-wp/" + google-query: inurl:"/wp-content/plugins/coming-soon-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soon-wp-c725a8bb61c1af435931beba79cf59e0.yaml b/nuclei-templates/cve-less/plugins/coming-soon-wp-c725a8bb61c1af435931beba79cf59e0.yaml new file mode 100644 index 0000000000..bb9559a01a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soon-wp-c725a8bb61c1af435931beba79cf59e0.yaml @@ -0,0 +1,58 @@ +id: coming-soon-wp-c725a8bb61c1af435931beba79cf59e0 + +info: + name: > + Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 1.6.3 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e9506bd-10a6-40ab-8162-cf4fad9cb882?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soon-wp/" + google-query: inurl:"/wp-content/plugins/coming-soon-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soon-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soon-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soon-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coming-soons-943971993cbe3a7f3e1700395fdc37bf.yaml b/nuclei-templates/cve-less/plugins/coming-soons-943971993cbe3a7f3e1700395fdc37bf.yaml new file mode 100644 index 0000000000..5b0c3437ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coming-soons-943971993cbe3a7f3e1700395fdc37bf.yaml @@ -0,0 +1,58 @@ +id: coming-soons-943971993cbe3a7f3e1700395fdc37bf + +info: + name: > + Coming Soon – Under Construction <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ff184e6-c36b-4bbb-8dc2-f87d1d800d53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coming-soons/" + google-query: inurl:"/wp-content/plugins/coming-soons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coming-soons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coming-soons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coming-soons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comment-attachment-9d710f138a80414743d12fd42c3bd26f.yaml b/nuclei-templates/cve-less/plugins/comment-attachment-9d710f138a80414743d12fd42c3bd26f.yaml new file mode 100644 index 0000000000..ab16b13b5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comment-attachment-9d710f138a80414743d12fd42c3bd26f.yaml @@ -0,0 +1,58 @@ +id: comment-attachment-9d710f138a80414743d12fd42c3bd26f + +info: + name: > + Comment Attachment <= 1.5.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2c62f42-b649-4873-a330-4a0f268cab21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comment-attachment/" + google-query: inurl:"/wp-content/plugins/comment-attachment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comment-attachment,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-attachment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-attachment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comment-blacklist-updater-07a92bda75c6219e8b222de62ff37e0a.yaml b/nuclei-templates/cve-less/plugins/comment-blacklist-updater-07a92bda75c6219e8b222de62ff37e0a.yaml new file mode 100644 index 0000000000..07e89fe732 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comment-blacklist-updater-07a92bda75c6219e8b222de62ff37e0a.yaml @@ -0,0 +1,58 @@ +id: comment-blacklist-updater-07a92bda75c6219e8b222de62ff37e0a + +info: + name: > + Comment Blacklist Updater <= 1.1.0 - Cross-Site Request Forgery via update_blacklist_manual + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc7bab78-4ebb-4be9-8891-1ac0e3ed0af3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comment-blacklist-updater/" + google-query: inurl:"/wp-content/plugins/comment-blacklist-updater/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comment-blacklist-updater,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-blacklist-updater/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-blacklist-updater" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comment-engine-pro-2faa74d51969fb024a7d850a91d6917b.yaml b/nuclei-templates/cve-less/plugins/comment-engine-pro-2faa74d51969fb024a7d850a91d6917b.yaml new file mode 100644 index 0000000000..1fef0d229d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comment-engine-pro-2faa74d51969fb024a7d850a91d6917b.yaml @@ -0,0 +1,58 @@ +id: comment-engine-pro-2faa74d51969fb024a7d850a91d6917b + +info: + name: > + Comment Engine Pro <= 1.0 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bddba0a8-03cf-441f-9411-f770766b4f63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comment-engine-pro/" + google-query: inurl:"/wp-content/plugins/comment-engine-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comment-engine-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-engine-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-engine-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comment-extra-field-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/comment-extra-field-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..9949c1fd2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comment-extra-field-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: comment-extra-field-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comment-extra-field/" + google-query: inurl:"/wp-content/plugins/comment-extra-field/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comment-extra-field,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-extra-field/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-extra-field" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comment-form-c25a227d2616b1e266b27ae90761f594.yaml b/nuclei-templates/cve-less/plugins/comment-form-c25a227d2616b1e266b27ae90761f594.yaml new file mode 100644 index 0000000000..68b0ba45c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comment-form-c25a227d2616b1e266b27ae90761f594.yaml @@ -0,0 +1,58 @@ +id: comment-form-c25a227d2616b1e266b27ae90761f594 + +info: + name: > + Advanced Comment Form <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd163f14-c638-4185-8e14-f3a03312ee42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comment-form/" + google-query: inurl:"/wp-content/plugins/comment-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comment-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comment-guestbook-8a14e10c4e61da2c2574a977cb4dd78d.yaml b/nuclei-templates/cve-less/plugins/comment-guestbook-8a14e10c4e61da2c2574a977cb4dd78d.yaml new file mode 100644 index 0000000000..82f724f1f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comment-guestbook-8a14e10c4e61da2c2574a977cb4dd78d.yaml @@ -0,0 +1,58 @@ +id: comment-guestbook-8a14e10c4e61da2c2574a977cb4dd78d + +info: + name: > + Comment Guestbook <= 0.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d964e1e-6361-435b-8527-e241f5a28b0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comment-guestbook/" + google-query: inurl:"/wp-content/plugins/comment-guestbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comment-guestbook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-guestbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-guestbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comment-highlighter-8912ce3f5c5896ec3ae73a9aecfa4081.yaml b/nuclei-templates/cve-less/plugins/comment-highlighter-8912ce3f5c5896ec3ae73a9aecfa4081.yaml new file mode 100644 index 0000000000..2a5e9cd6f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comment-highlighter-8912ce3f5c5896ec3ae73a9aecfa4081.yaml @@ -0,0 +1,58 @@ +id: comment-highlighter-8912ce3f5c5896ec3ae73a9aecfa4081 + +info: + name: > + Comment Highlighter <= 0.13 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48e3976a-5dfc-44f5-8d01-0bd1b68575be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comment-highlighter/" + google-query: inurl:"/wp-content/plugins/comment-highlighter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comment-highlighter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-highlighter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-highlighter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comment-license-1af6a7823a6a8a142bc89c08631d8f4b.yaml b/nuclei-templates/cve-less/plugins/comment-license-1af6a7823a6a8a142bc89c08631d8f4b.yaml new file mode 100644 index 0000000000..6b4f0c2f3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comment-license-1af6a7823a6a8a142bc89c08631d8f4b.yaml @@ -0,0 +1,58 @@ +id: comment-license-1af6a7823a6a8a142bc89c08631d8f4b + +info: + name: > + Comment License <= 1.3.0 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a88e8853-3a52-462b-bde8-658a794545dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comment-license/" + google-query: inurl:"/wp-content/plugins/comment-license/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comment-license,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-license/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-license" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comment-link-remove-7cee7594ab82d9cb202fec2e242ded86.yaml b/nuclei-templates/cve-less/plugins/comment-link-remove-7cee7594ab82d9cb202fec2e242ded86.yaml new file mode 100644 index 0000000000..715a0ce55a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comment-link-remove-7cee7594ab82d9cb202fec2e242ded86.yaml @@ -0,0 +1,58 @@ +id: comment-link-remove-7cee7594ab82d9cb202fec2e242ded86 + +info: + name: > + Comment Link Remove and Other Comment Tools <= 2.1.4 - Arbitrary Comment Deletion via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9d63462-04ec-4b46-91cf-25b7dd098fc7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comment-link-remove/" + google-query: inurl:"/wp-content/plugins/comment-link-remove/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comment-link-remove,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-link-remove/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-link-remove" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comment-reply-email-2958b08ce41d2a089d276808ef68e4bc.yaml b/nuclei-templates/cve-less/plugins/comment-reply-email-2958b08ce41d2a089d276808ef68e4bc.yaml new file mode 100644 index 0000000000..142e23b582 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comment-reply-email-2958b08ce41d2a089d276808ef68e4bc.yaml @@ -0,0 +1,58 @@ +id: comment-reply-email-2958b08ce41d2a089d276808ef68e4bc + +info: + name: > + Comment Reply Email <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba7d0ab4-55a5-47f4-b66e-27e963ab2268?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comment-reply-email/" + google-query: inurl:"/wp-content/plugins/comment-reply-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comment-reply-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-reply-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-reply-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comment-reply-notification-3aca7cdedcb176c4ccf669f0b5b15aaf.yaml b/nuclei-templates/cve-less/plugins/comment-reply-notification-3aca7cdedcb176c4ccf669f0b5b15aaf.yaml new file mode 100644 index 0000000000..f54136b231 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comment-reply-notification-3aca7cdedcb176c4ccf669f0b5b15aaf.yaml @@ -0,0 +1,58 @@ +id: comment-reply-notification-3aca7cdedcb176c4ccf669f0b5b15aaf + +info: + name: > + Comment Reply Notification <= 1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27eb0101-b3d1-458d-b7d7-69d92e3a4bb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comment-reply-notification/" + google-query: inurl:"/wp-content/plugins/comment-reply-notification/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comment-reply-notification,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comment-reply-notification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comment-reply-notification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/commenter-emails-5a219153bb99d5d72b2a78882890f4e2.yaml b/nuclei-templates/cve-less/plugins/commenter-emails-5a219153bb99d5d72b2a78882890f4e2.yaml new file mode 100644 index 0000000000..71a6db9d33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/commenter-emails-5a219153bb99d5d72b2a78882890f4e2.yaml @@ -0,0 +1,58 @@ +id: commenter-emails-5a219153bb99d5d72b2a78882890f4e2 + +info: + name: > + Commenter Emails <= 2.6.1 - Unauthenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faffd8e3-b110-4ba3-98c1-22aee7f19586?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/commenter-emails/" + google-query: inurl:"/wp-content/plugins/commenter-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,commenter-emails,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/commenter-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "commenter-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/commentluv-1115fbab8a2d4cca53dfc23d9cb02714.yaml b/nuclei-templates/cve-less/plugins/commentluv-1115fbab8a2d4cca53dfc23d9cb02714.yaml new file mode 100644 index 0000000000..f90a09c38b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/commentluv-1115fbab8a2d4cca53dfc23d9cb02714.yaml @@ -0,0 +1,58 @@ +id: commentluv-1115fbab8a2d4cca53dfc23d9cb02714 + +info: + name: > + CommentLuv < 2.92.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8a8be59-d4c1-4cce-b474-8d885b4d89c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/commentluv/" + google-query: inurl:"/wp-content/plugins/commentluv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,commentluv,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/commentluv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "commentluv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.92.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/commentluv-b5d9a629551e35099f17ad23fa529784.yaml b/nuclei-templates/cve-less/plugins/commentluv-b5d9a629551e35099f17ad23fa529784.yaml new file mode 100644 index 0000000000..c2a7fa8747 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/commentluv-b5d9a629551e35099f17ad23fa529784.yaml @@ -0,0 +1,58 @@ +id: commentluv-b5d9a629551e35099f17ad23fa529784 + +info: + name: > + CommentLuv <= 3.0.4 - Server Side Request Forgery via do_click + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eeef2a59-47a1-4d8d-b815-8c74cc608e6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/commentluv/" + google-query: inurl:"/wp-content/plugins/commentluv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,commentluv,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/commentluv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "commentluv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comments-from-facebook-cf20fa8408c9425d9c1e30f3c5cdbbda.yaml b/nuclei-templates/cve-less/plugins/comments-from-facebook-cf20fa8408c9425d9c1e30f3c5cdbbda.yaml new file mode 100644 index 0000000000..dffee9746a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comments-from-facebook-cf20fa8408c9425d9c1e30f3c5cdbbda.yaml @@ -0,0 +1,58 @@ +id: comments-from-facebook-cf20fa8408c9425d9c1e30f3c5cdbbda + +info: + name: > + Social comments by WpDevArt <= 2.4.9 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e481c916-0789-4b04-a7f8-dbde554a5e8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comments-from-facebook/" + google-query: inurl:"/wp-content/plugins/comments-from-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comments-from-facebook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-from-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-from-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml b/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml new file mode 100644 index 0000000000..865707b66f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml @@ -0,0 +1,58 @@ +id: comments-import-export-woocommerce-0088814ed74fd156e9ee132de51ef1d2 + +info: + name: > + WebToffee Plugins <= (Various Versions) - Arbitrary User Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27ac48a7-52ee-46cb-a6d0-efbd2b516445?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comments-import-export-woocommerce/" + google-query: inurl:"/wp-content/plugins/comments-import-export-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comments-import-export-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-import-export-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-import-export-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-ad95e7e9eeb384d7cc8919d4327ff669.yaml b/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-ad95e7e9eeb384d7cc8919d4327ff669.yaml new file mode 100644 index 0000000000..94836296e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-ad95e7e9eeb384d7cc8919d4327ff669.yaml @@ -0,0 +1,58 @@ +id: comments-import-export-woocommerce-ad95e7e9eeb384d7cc8919d4327ff669 + +info: + name: > + WordPress Comments Import & Export <= 2.0.4 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3011f85c-fa30-4ccf-b067-dba45e491acb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comments-import-export-woocommerce/" + google-query: inurl:"/wp-content/plugins/comments-import-export-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comments-import-export-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-import-export-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-import-export-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-df538269ee619b35cd6276912789d0c2.yaml b/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-df538269ee619b35cd6276912789d0c2.yaml new file mode 100644 index 0000000000..657a988d1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-df538269ee619b35cd6276912789d0c2.yaml @@ -0,0 +1,58 @@ +id: comments-import-export-woocommerce-df538269ee619b35cd6276912789d0c2 + +info: + name: > + WordPress Comments Import & Export <= 2.3.1 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5196a9f2-177d-48e1-b0dc-72e0727132d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comments-import-export-woocommerce/" + google-query: inurl:"/wp-content/plugins/comments-import-export-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comments-import-export-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-import-export-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-import-export-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-ec4b91dfb2713f41a9889afeb0c19f09.yaml b/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-ec4b91dfb2713f41a9889afeb0c19f09.yaml new file mode 100644 index 0000000000..d638d7dda2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comments-import-export-woocommerce-ec4b91dfb2713f41a9889afeb0c19f09.yaml @@ -0,0 +1,58 @@ +id: comments-import-export-woocommerce-ec4b91dfb2713f41a9889afeb0c19f09 + +info: + name: > + WordPress Comments Import & Export <= 2.3.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9269c3e7-2495-4665-ad08-d6dcf659db21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comments-import-export-woocommerce/" + google-query: inurl:"/wp-content/plugins/comments-import-export-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comments-import-export-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-import-export-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-import-export-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comments-like-dislike-42b4c4c9ef55b9cbba64c1b7340638c8.yaml b/nuclei-templates/cve-less/plugins/comments-like-dislike-42b4c4c9ef55b9cbba64c1b7340638c8.yaml new file mode 100644 index 0000000000..76d5da8e71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comments-like-dislike-42b4c4c9ef55b9cbba64c1b7340638c8.yaml @@ -0,0 +1,58 @@ +id: comments-like-dislike-42b4c4c9ef55b9cbba64c1b7340638c8 + +info: + name: > + Comments Like Dislike <= 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66019297-a8a8-4bbc-99db-4b47066f3e50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comments-like-dislike/" + google-query: inurl:"/wp-content/plugins/comments-like-dislike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comments-like-dislike,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-like-dislike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-like-dislike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comments-like-dislike-857b0e2bae5fe7d9b0d48bfa9ff32d2c.yaml b/nuclei-templates/cve-less/plugins/comments-like-dislike-857b0e2bae5fe7d9b0d48bfa9ff32d2c.yaml new file mode 100644 index 0000000000..434ad06ae3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comments-like-dislike-857b0e2bae5fe7d9b0d48bfa9ff32d2c.yaml @@ -0,0 +1,58 @@ +id: comments-like-dislike-857b0e2bae5fe7d9b0d48bfa9ff32d2c + +info: + name: > + Comments Like Dislike <= 1.2.2 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33275cdc-21d4-42b7-bd0e-f5154faf2d6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comments-like-dislike/" + google-query: inurl:"/wp-content/plugins/comments-like-dislike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comments-like-dislike,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-like-dislike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-like-dislike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comments-like-dislike-c44115ca320af6609e9d0557523edcce.yaml b/nuclei-templates/cve-less/plugins/comments-like-dislike-c44115ca320af6609e9d0557523edcce.yaml new file mode 100644 index 0000000000..3d693444c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comments-like-dislike-c44115ca320af6609e9d0557523edcce.yaml @@ -0,0 +1,58 @@ +id: comments-like-dislike-c44115ca320af6609e9d0557523edcce + +info: + name: > + Comments Like Dislike <= 1.1.2 - Add Like/Dislike Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f71e60b9-68e9-408a-8047-7f74b7fb72b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comments-like-dislike/" + google-query: inurl:"/wp-content/plugins/comments-like-dislike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comments-like-dislike,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-like-dislike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-like-dislike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comments-ratings-8271075d3a50d2c7e6256973269145fa.yaml b/nuclei-templates/cve-less/plugins/comments-ratings-8271075d3a50d2c7e6256973269145fa.yaml new file mode 100644 index 0000000000..c2bafb1c56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comments-ratings-8271075d3a50d2c7e6256973269145fa.yaml @@ -0,0 +1,58 @@ +id: comments-ratings-8271075d3a50d2c7e6256973269145fa + +info: + name: > + Comments Ratings <= 1.1.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8035484b-dc2f-4d54-802b-b09bd88a8bf6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comments-ratings/" + google-query: inurl:"/wp-content/plugins/comments-ratings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comments-ratings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-ratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-ratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comments-ratings-8c52e6f03af939f0f311c40af30d7f63.yaml b/nuclei-templates/cve-less/plugins/comments-ratings-8c52e6f03af939f0f311c40af30d7f63.yaml new file mode 100644 index 0000000000..3b52accd0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comments-ratings-8c52e6f03af939f0f311c40af30d7f63.yaml @@ -0,0 +1,58 @@ +id: comments-ratings-8c52e6f03af939f0f311c40af30d7f63 + +info: + name: > + Comments Ratings <= 1.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5786b859-3ee9-45ab-8926-f4a09e323e3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comments-ratings/" + google-query: inurl:"/wp-content/plugins/comments-ratings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comments-ratings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-ratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-ratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/comments-ratings-ce5f44b2a1a66b11d6fba979058869f7.yaml b/nuclei-templates/cve-less/plugins/comments-ratings-ce5f44b2a1a66b11d6fba979058869f7.yaml new file mode 100644 index 0000000000..01d6779d9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/comments-ratings-ce5f44b2a1a66b11d6fba979058869f7.yaml @@ -0,0 +1,58 @@ +id: comments-ratings-ce5f44b2a1a66b11d6fba979058869f7 + +info: + name: > + Comments Ratings <= 1.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bbf9526-1a82-496e-b762-6fa114ba8d46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/comments-ratings/" + google-query: inurl:"/wp-content/plugins/comments-ratings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,comments-ratings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/comments-ratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "comments-ratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/commenttweets-92f3371642f241b95162e034abcbcb33.yaml b/nuclei-templates/cve-less/plugins/commenttweets-92f3371642f241b95162e034abcbcb33.yaml new file mode 100644 index 0000000000..d61581008d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/commenttweets-92f3371642f241b95162e034abcbcb33.yaml @@ -0,0 +1,58 @@ +id: commenttweets-92f3371642f241b95162e034abcbcb33 + +info: + name: > + CommentTweets <= 0.6 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4aab594d-1901-4f88-874c-204578eebda0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/commenttweets/" + google-query: inurl:"/wp-content/plugins/commenttweets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,commenttweets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/commenttweets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "commenttweets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/commonsbooking-20bdb039adecbb0f3e200e117849b94d.yaml b/nuclei-templates/cve-less/plugins/commonsbooking-20bdb039adecbb0f3e200e117849b94d.yaml new file mode 100644 index 0000000000..5019d4613d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/commonsbooking-20bdb039adecbb0f3e200e117849b94d.yaml @@ -0,0 +1,58 @@ +id: commonsbooking-20bdb039adecbb0f3e200e117849b94d + +info: + name: > + CommonsBooking < 2.6.8 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a260c173-9d3f-4b2d-b443-86488bd26292?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/commonsbooking/" + google-query: inurl:"/wp-content/plugins/commonsbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,commonsbooking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/commonsbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "commonsbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/community-events-39d6469c1d7f12365cd669891d431a45.yaml b/nuclei-templates/cve-less/plugins/community-events-39d6469c1d7f12365cd669891d431a45.yaml new file mode 100644 index 0000000000..9e704287a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/community-events-39d6469c1d7f12365cd669891d431a45.yaml @@ -0,0 +1,58 @@ +id: community-events-39d6469c1d7f12365cd669891d431a45 + +info: + name: > + Community Events < 1.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f6870fa-e11b-4d59-9008-8b156417e93b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/community-events/" + google-query: inurl:"/wp-content/plugins/community-events/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,community-events,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/community-events/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "community-events" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/community-events-6b9f6e01b27ac33a42a061d16a244031.yaml b/nuclei-templates/cve-less/plugins/community-events-6b9f6e01b27ac33a42a061d16a244031.yaml new file mode 100644 index 0000000000..a87d31d9b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/community-events-6b9f6e01b27ac33a42a061d16a244031.yaml @@ -0,0 +1,58 @@ +id: community-events-6b9f6e01b27ac33a42a061d16a244031 + +info: + name: > + Community Events <= 1.4.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a541f0db-d41f-4827-b311-815cab9f9bf8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/community-events/" + google-query: inurl:"/wp-content/plugins/community-events/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,community-events,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/community-events/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "community-events" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/community-events-c74241ceba44be19e7ba6e8fb09c27d6.yaml b/nuclei-templates/cve-less/plugins/community-events-c74241ceba44be19e7ba6e8fb09c27d6.yaml new file mode 100644 index 0000000000..22597f2ec8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/community-events-c74241ceba44be19e7ba6e8fb09c27d6.yaml @@ -0,0 +1,58 @@ +id: community-events-c74241ceba44be19e7ba6e8fb09c27d6 + +info: + name: > + Community Events <= 1.4.8 - Authenticated (Administrator+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e2c40ea-5d0a-4f1c-99e8-ef0b54bbd20a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/community-events/" + google-query: inurl:"/wp-content/plugins/community-events/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,community-events,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/community-events/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "community-events" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/compact-wp-audio-player-313b605e10bb673c24b20248a65978eb.yaml b/nuclei-templates/cve-less/plugins/compact-wp-audio-player-313b605e10bb673c24b20248a65978eb.yaml new file mode 100644 index 0000000000..d9904317c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/compact-wp-audio-player-313b605e10bb673c24b20248a65978eb.yaml @@ -0,0 +1,58 @@ +id: compact-wp-audio-player-313b605e10bb673c24b20248a65978eb + +info: + name: > + Compact WP Audio Player <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fileurl + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4505b5a-de80-41e2-852f-d2290c1e42e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/compact-wp-audio-player/" + google-query: inurl:"/wp-content/plugins/compact-wp-audio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,compact-wp-audio-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/compact-wp-audio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "compact-wp-audio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/compact-wp-audio-player-950a80cc7b38cd4c46587704ae88fbc4.yaml b/nuclei-templates/cve-less/plugins/compact-wp-audio-player-950a80cc7b38cd4c46587704ae88fbc4.yaml new file mode 100644 index 0000000000..24e3e1f4f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/compact-wp-audio-player-950a80cc7b38cd4c46587704ae88fbc4.yaml @@ -0,0 +1,58 @@ +id: compact-wp-audio-player-950a80cc7b38cd4c46587704ae88fbc4 + +info: + name: > + Compact WP Audio Player <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bdaf7575-0f72-4436-8a37-b3001890b710?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/compact-wp-audio-player/" + google-query: inurl:"/wp-content/plugins/compact-wp-audio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,compact-wp-audio-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/compact-wp-audio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "compact-wp-audio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/compact-wp-audio-player-bd35c1f22ebbbba8b36bd6df988b805a.yaml b/nuclei-templates/cve-less/plugins/compact-wp-audio-player-bd35c1f22ebbbba8b36bd6df988b805a.yaml new file mode 100644 index 0000000000..04cd860d29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/compact-wp-audio-player-bd35c1f22ebbbba8b36bd6df988b805a.yaml @@ -0,0 +1,58 @@ +id: compact-wp-audio-player-bd35c1f22ebbbba8b36bd6df988b805a + +info: + name: > + Compact WP Audio Player <= 1.9.6 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86cee705-6874-4fcc-b13c-bd20f6e0704b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/compact-wp-audio-player/" + google-query: inurl:"/wp-content/plugins/compact-wp-audio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,compact-wp-audio-player,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/compact-wp-audio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "compact-wp-audio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/compact-wp-audio-player-ee5672596a78a94ff41b76c62c23328e.yaml b/nuclei-templates/cve-less/plugins/compact-wp-audio-player-ee5672596a78a94ff41b76c62c23328e.yaml new file mode 100644 index 0000000000..82a6c2baae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/compact-wp-audio-player-ee5672596a78a94ff41b76c62c23328e.yaml @@ -0,0 +1,58 @@ +id: compact-wp-audio-player-ee5672596a78a94ff41b76c62c23328e + +info: + name: > + Compact WP Audio Player <= 1.9.6 - Setting Change via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d82ab22-da6d-4526-a70a-519589b29187?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/compact-wp-audio-player/" + google-query: inurl:"/wp-content/plugins/compact-wp-audio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,compact-wp-audio-player,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/compact-wp-audio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "compact-wp-audio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/companion-auto-update-2bc216cec70480009970bca04436c777.yaml b/nuclei-templates/cve-less/plugins/companion-auto-update-2bc216cec70480009970bca04436c777.yaml new file mode 100644 index 0000000000..dcbff3c7d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/companion-auto-update-2bc216cec70480009970bca04436c777.yaml @@ -0,0 +1,58 @@ +id: companion-auto-update-2bc216cec70480009970bca04436c777 + +info: + name: > + Companion Auto Update <= 3.2.0 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7f3e583-a486-4e25-bc40-e437cf5b3ebd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/companion-auto-update/" + google-query: inurl:"/wp-content/plugins/companion-auto-update/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,companion-auto-update,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/companion-auto-update/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "companion-auto-update" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/companion-auto-update-df1246639b8669a251f2bf76a6725ade.yaml b/nuclei-templates/cve-less/plugins/companion-auto-update-df1246639b8669a251f2bf76a6725ade.yaml new file mode 100644 index 0000000000..ee5de84f75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/companion-auto-update-df1246639b8669a251f2bf76a6725ade.yaml @@ -0,0 +1,58 @@ +id: companion-auto-update-df1246639b8669a251f2bf76a6725ade + +info: + name: > + Companion Auto Update <= 3.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38bf21c4-bf2e-4096-b4e3-9e3a5a60f1ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/companion-auto-update/" + google-query: inurl:"/wp-content/plugins/companion-auto-update/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,companion-auto-update,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/companion-auto-update/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "companion-auto-update" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/companion-sitemap-generator-3b5f66bc28ba8ff54368e43564c0ea04.yaml b/nuclei-templates/cve-less/plugins/companion-sitemap-generator-3b5f66bc28ba8ff54368e43564c0ea04.yaml new file mode 100644 index 0000000000..d24d255728 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/companion-sitemap-generator-3b5f66bc28ba8ff54368e43564c0ea04.yaml @@ -0,0 +1,58 @@ +id: companion-sitemap-generator-3b5f66bc28ba8ff54368e43564c0ea04 + +info: + name: > + Companion Sitemap Generator – HTML & XML <= 3.6.6 - Cross-Site Request Forgery and Local File Inclusion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01c1dd65-4cf9-487f-ae3f-9cfaea177385?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/companion-sitemap-generator/" + google-query: inurl:"/wp-content/plugins/companion-sitemap-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,companion-sitemap-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/companion-sitemap-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "companion-sitemap-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/companion-sitemap-generator-99e9d7c301861638ef81beb6515cc7d4.yaml b/nuclei-templates/cve-less/plugins/companion-sitemap-generator-99e9d7c301861638ef81beb6515cc7d4.yaml new file mode 100644 index 0000000000..09ebde6455 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/companion-sitemap-generator-99e9d7c301861638ef81beb6515cc7d4.yaml @@ -0,0 +1,58 @@ +id: companion-sitemap-generator-99e9d7c301861638ef81beb6515cc7d4 + +info: + name: > + Companion Sitemap Generator <= 4.5.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a9df582-0ead-45ff-aeaa-1bee9d470b41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/companion-sitemap-generator/" + google-query: inurl:"/wp-content/plugins/companion-sitemap-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,companion-sitemap-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/companion-sitemap-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "companion-sitemap-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/companion-sitemap-generator-c4c4cf320f9d5a30f314d45c9905f1fd.yaml b/nuclei-templates/cve-less/plugins/companion-sitemap-generator-c4c4cf320f9d5a30f314d45c9905f1fd.yaml new file mode 100644 index 0000000000..757f618ab7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/companion-sitemap-generator-c4c4cf320f9d5a30f314d45c9905f1fd.yaml @@ -0,0 +1,58 @@ +id: companion-sitemap-generator-c4c4cf320f9d5a30f314d45c9905f1fd + +info: + name: > + Companion Sitemap Generator <= 4.5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccf0d482-b4a1-47a8-8741-0970531e9630?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/companion-sitemap-generator/" + google-query: inurl:"/wp-content/plugins/companion-sitemap-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,companion-sitemap-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/companion-sitemap-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "companion-sitemap-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/company-updates-for-linkedin-ae77789cf095ebe5a3c15cc04f8354ae.yaml b/nuclei-templates/cve-less/plugins/company-updates-for-linkedin-ae77789cf095ebe5a3c15cc04f8354ae.yaml new file mode 100644 index 0000000000..864f3f97be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/company-updates-for-linkedin-ae77789cf095ebe5a3c15cc04f8354ae.yaml @@ -0,0 +1,58 @@ +id: company-updates-for-linkedin-ae77789cf095ebe5a3c15cc04f8354ae + +info: + name: > + LinkedIn Company Updates <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ce350cb-78ae-4d76-99a7-8a81d342a9c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/company-updates-for-linkedin/" + google-query: inurl:"/wp-content/plugins/company-updates-for-linkedin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,company-updates-for-linkedin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/company-updates-for-linkedin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "company-updates-for-linkedin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/compfight-87dc229e61795edde01adbbcb4d66d06.yaml b/nuclei-templates/cve-less/plugins/compfight-87dc229e61795edde01adbbcb4d66d06.yaml new file mode 100644 index 0000000000..9e2f312517 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/compfight-87dc229e61795edde01adbbcb4d66d06.yaml @@ -0,0 +1,58 @@ +id: compfight-87dc229e61795edde01adbbcb4d66d06 + +info: + name: > + Compfight < 1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8228b0d-be97-4e7c-8346-d203f7130958?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/compfight/" + google-query: inurl:"/wp-content/plugins/compfight/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,compfight,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/compfight/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "compfight" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/compfight-cb154639cc7c0dc0d262bce9d7d2811e.yaml b/nuclei-templates/cve-less/plugins/compfight-cb154639cc7c0dc0d262bce9d7d2811e.yaml new file mode 100644 index 0000000000..12ca45b679 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/compfight-cb154639cc7c0dc0d262bce9d7d2811e.yaml @@ -0,0 +1,58 @@ +id: compfight-cb154639cc7c0dc0d262bce9d7d2811e + +info: + name: > + Compfight < 1.5 - Cross-Site Scrpting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04afce48-88a0-4d46-af19-a534f89f70d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/compfight/" + google-query: inurl:"/wp-content/plugins/compfight/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,compfight,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/compfight/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "compfight" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complete-gallery-manager-8b102422bdbae79fcfd828ee3dff2e44.yaml b/nuclei-templates/cve-less/plugins/complete-gallery-manager-8b102422bdbae79fcfd828ee3dff2e44.yaml new file mode 100644 index 0000000000..33a47c7c76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complete-gallery-manager-8b102422bdbae79fcfd828ee3dff2e44.yaml @@ -0,0 +1,58 @@ +id: complete-gallery-manager-8b102422bdbae79fcfd828ee3dff2e44 + +info: + name: > + Complete Gallery Manager <= 3.3.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09c59fb5-8264-4277-a821-dbfee0900f64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complete-gallery-manager/" + google-query: inurl:"/wp-content/plugins/complete-gallery-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complete-gallery-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complete-gallery-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complete-gallery-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complete-open-graph-036ea79db83fe96391d5364e9f6a5d01.yaml b/nuclei-templates/cve-less/plugins/complete-open-graph-036ea79db83fe96391d5364e9f6a5d01.yaml new file mode 100644 index 0000000000..9be71bb2e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complete-open-graph-036ea79db83fe96391d5364e9f6a5d01.yaml @@ -0,0 +1,58 @@ +id: complete-open-graph-036ea79db83fe96391d5364e9f6a5d01 + +info: + name: > + Complete Open Graph <= 3.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f3303db-9ba6-4638-ba96-151cf91db85b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complete-open-graph/" + google-query: inurl:"/wp-content/plugins/complete-open-graph/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complete-open-graph,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complete-open-graph/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complete-open-graph" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-0601046a507e54e46df377f0ecc6ed20.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-0601046a507e54e46df377f0ecc6ed20.yaml new file mode 100644 index 0000000000..a91a0bccc9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-0601046a507e54e46df377f0ecc6ed20.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-0601046a507e54e46df377f0ecc6ed20 + +info: + name: > + Complianz | GDPR/CCPA Cookie Consent <= 6.4.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a92d5176-4cf0-4a31-9dcc-a2dc3259d29b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-0ace082d96b626b2ad5accfe37aabeee.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-0ace082d96b626b2ad5accfe37aabeee.yaml new file mode 100644 index 0000000000..b2986a4434 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-0ace082d96b626b2ad5accfe37aabeee.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-0ace082d96b626b2ad5accfe37aabeee + +info: + name: > + Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_add + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ef8f39e-6e5d-4ef6-a81d-0b2be3506ec1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-0dd9d84ae74328eec6905560ff06dc90.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-0dd9d84ae74328eec6905560ff06dc90.yaml new file mode 100644 index 0000000000..625c42b798 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-0dd9d84ae74328eec6905560ff06dc90.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-0dd9d84ae74328eec6905560ff06dc90 + +info: + name: > + Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via maybe_install_suggested_plugins + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07300429-c445-4d2a-90aa-5072a17f8113?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-20f199eadcf56055af91390c7aa42269.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-20f199eadcf56055af91390c7aa42269.yaml new file mode 100644 index 0000000000..1d02d2d4c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-20f199eadcf56055af91390c7aa42269.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-20f199eadcf56055af91390c7aa42269 + +info: + name: > + Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_delete_snapshot + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1c106e8-9642-4294-90fd-6838cc551b90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-36baea2a40cd4c21b07e642ec98d1598.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-36baea2a40cd4c21b07e642ec98d1598.yaml new file mode 100644 index 0000000000..82b6609e1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-36baea2a40cd4c21b07e642ec98d1598.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-36baea2a40cd4c21b07e642ec98d1598 + +info: + name: > + Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via run_sync + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5c704f9-4fcb-455e-a1c7-f48d47b12dec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-3d78e2be612fb18102a14015e146e5ed.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-3d78e2be612fb18102a14015e146e5ed.yaml new file mode 100644 index 0000000000..67811150a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-3d78e2be612fb18102a14015e146e5ed.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-3d78e2be612fb18102a14015e146e5ed + +info: + name: > + Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_edit_item + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8edaf5ce-6a26-44cc-b4d8-e3b0ccfa9c11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-3faec85547682ca0daca65d7bcfe4f48.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-3faec85547682ca0daca65d7bcfe4f48.yaml new file mode 100644 index 0000000000..69b32177af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-3faec85547682ca0daca65d7bcfe4f48.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-3faec85547682ca0daca65d7bcfe4f48 + +info: + name: > + Complianz <= 6.4.5 (Premium <= 6.4.7) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17ab4800-0afd-4c39-970a-bd8dcc6a8b93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-4df8cf40ac1883817a3463195832ddff.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-4df8cf40ac1883817a3463195832ddff.yaml new file mode 100644 index 0000000000..289abff342 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-4df8cf40ac1883817a3463195832ddff.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-4df8cf40ac1883817a3463195832ddff + +info: + name: > + Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_save + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1034f0f4-52e4-4f4c-81fc-51b4720f306a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-52cfe6de8dc0e7f48422a0ddba0a4485.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-52cfe6de8dc0e7f48422a0ddba0a4485.yaml new file mode 100644 index 0000000000..64e8900f5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-52cfe6de8dc0e7f48422a0ddba0a4485.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-52cfe6de8dc0e7f48422a0ddba0a4485 + +info: + name: > + Complianz – GDPR/CCPA Cookie Consent <= 6.5.6 - Cross-Site Request Forgery to Data Request Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b524fc5-4beb-49f6-bafa-c788c6d1d78c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-5e5f3cf37fc64d7bac2aaac542661852.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-5e5f3cf37fc64d7bac2aaac542661852.yaml new file mode 100644 index 0000000000..0ed316d736 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-5e5f3cf37fc64d7bac2aaac542661852.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-5e5f3cf37fc64d7bac2aaac542661852 + +info: + name: > + Complianz | GDPR/CCPA Cookie Consent <= 6.5.5 - Authenticated(Administrator+) Stored Cross-site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01c1458d-3e38-4dbf-bb65-80465ea6d0ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-6f528eadb66a9354628a303cdece4106.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-6f528eadb66a9354628a303cdece4106.yaml new file mode 100644 index 0000000000..3f8f9b6f7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-6f528eadb66a9354628a303cdece4106.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-6f528eadb66a9354628a303cdece4106 + +info: + name: > + Complianz Free <= 6.3.3 & Premium <= 6.3.5 - SQL Injection via Translations + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ea53fb7-9bf8-445b-ad33-f3b6e6ed1665?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-83ba977a44de14ef1ffafdedd6dd629e.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-83ba977a44de14ef1ffafdedd6dd629e.yaml new file mode 100644 index 0000000000..d82f8ec49c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-83ba977a44de14ef1ffafdedd6dd629e.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-83ba977a44de14ef1ffafdedd6dd629e + +info: + name: > + Complianz <= 6.4.4 (Premium <= 6.4.6.1) - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47941722-acaf-4f72-a64d-d01dc5e84adf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-bd01bd53f32252ceb586f6e4a82fddff.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-bd01bd53f32252ceb586f6e4a82fddff.yaml new file mode 100644 index 0000000000..63d62cb199 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-bd01bd53f32252ceb586f6e4a82fddff.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-bd01bd53f32252ceb586f6e4a82fddff + +info: + name: > + Complianz - GDPR/CCPA Cookie Consent <= 5.5.2 - Reflected Cross-Site Scripting via s parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78f90656-49cb-4f13-8488-45a601048ade?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-e9c38ea48203d6f34c8dd4e716a1108d.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-e9c38ea48203d6f34c8dd4e716a1108d.yaml new file mode 100644 index 0000000000..2661e9cb3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-e9c38ea48203d6f34c8dd4e716a1108d.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-e9c38ea48203d6f34c8dd4e716a1108d + +info: + name: > + Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_create_pages + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74f92bd4-c752-4620-b506-d7588ff2e586?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-ec46b5347c7ba7bc9f7cdc74d17b2526.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-ec46b5347c7ba7bc9f7cdc74d17b2526.yaml new file mode 100644 index 0000000000..a8fa439db2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-ec46b5347c7ba7bc9f7cdc74d17b2526.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-ec46b5347c7ba7bc9f7cdc74d17b2526 + +info: + name: > + Complianz - GDPR/CCPA Cookie Consent <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7397898c-8d43-4399-9c2b-22f9287aa12d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-3faec85547682ca0daca65d7bcfe4f48.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-3faec85547682ca0daca65d7bcfe4f48.yaml new file mode 100644 index 0000000000..63dc0db482 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-3faec85547682ca0daca65d7bcfe4f48.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-premium-3faec85547682ca0daca65d7bcfe4f48 + +info: + name: > + Complianz <= 6.4.5 (Premium <= 6.4.7) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17ab4800-0afd-4c39-970a-bd8dcc6a8b93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr-premium/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr-premium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-6f528eadb66a9354628a303cdece4106.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-6f528eadb66a9354628a303cdece4106.yaml new file mode 100644 index 0000000000..6f6c29e632 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-6f528eadb66a9354628a303cdece4106.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-premium-6f528eadb66a9354628a303cdece4106 + +info: + name: > + Complianz Free <= 6.3.3 & Premium <= 6.3.5 - SQL Injection via Translations + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ea53fb7-9bf8-445b-ad33-f3b6e6ed1665?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr-premium/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr-premium,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-83ba977a44de14ef1ffafdedd6dd629e.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-83ba977a44de14ef1ffafdedd6dd629e.yaml new file mode 100644 index 0000000000..8e726237b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-83ba977a44de14ef1ffafdedd6dd629e.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-premium-83ba977a44de14ef1ffafdedd6dd629e + +info: + name: > + Complianz <= 6.4.4 (Premium <= 6.4.6.1) - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47941722-acaf-4f72-a64d-d01dc5e84adf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr-premium/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr-premium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-ec46b5347c7ba7bc9f7cdc74d17b2526.yaml b/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-ec46b5347c7ba7bc9f7cdc74d17b2526.yaml new file mode 100644 index 0000000000..b06947bbb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/complianz-gdpr-premium-ec46b5347c7ba7bc9f7cdc74d17b2526.yaml @@ -0,0 +1,58 @@ +id: complianz-gdpr-premium-ec46b5347c7ba7bc9f7cdc74d17b2526 + +info: + name: > + Complianz - GDPR/CCPA Cookie Consent <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7397898c-8d43-4399-9c2b-22f9287aa12d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/complianz-gdpr-premium/" + google-query: inurl:"/wp-content/plugins/complianz-gdpr-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,complianz-gdpr-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/complianz-gdpr-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "complianz-gdpr-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conditional-checkout-fields-for-woocommerce-9b415d0d3fdf05f04e00c8b364d66a56.yaml b/nuclei-templates/cve-less/plugins/conditional-checkout-fields-for-woocommerce-9b415d0d3fdf05f04e00c8b364d66a56.yaml new file mode 100644 index 0000000000..45d006411e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conditional-checkout-fields-for-woocommerce-9b415d0d3fdf05f04e00c8b364d66a56.yaml @@ -0,0 +1,58 @@ +id: conditional-checkout-fields-for-woocommerce-9b415d0d3fdf05f04e00c8b364d66a56 + +info: + name: > + Conditional Checkout Fields & Edit Checkout Fields for WooCommerce <= 1.2.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fb0cb21-6645-4a28-a78c-d5dbeaddbf21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conditional-checkout-fields-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/conditional-checkout-fields-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conditional-checkout-fields-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conditional-checkout-fields-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conditional-checkout-fields-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conditional-extra-fees-for-woocommerce-216a466c53c0f9dbd8311fa0afa66753.yaml b/nuclei-templates/cve-less/plugins/conditional-extra-fees-for-woocommerce-216a466c53c0f9dbd8311fa0afa66753.yaml new file mode 100644 index 0000000000..5319ac3864 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conditional-extra-fees-for-woocommerce-216a466c53c0f9dbd8311fa0afa66753.yaml @@ -0,0 +1,58 @@ +id: conditional-extra-fees-for-woocommerce-216a466c53c0f9dbd8311fa0afa66753 + +info: + name: > + Conditional cart fee / Extra charge rule for WooCommerce extra fees <= 1.0.96 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/797840ba-5589-42d6-9d50-52bf8c131d6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conditional-extra-fees-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/conditional-extra-fees-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conditional-extra-fees-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conditional-extra-fees-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conditional-extra-fees-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conditional-menus-134da546d2df4f04ca01066992554ee0.yaml b/nuclei-templates/cve-less/plugins/conditional-menus-134da546d2df4f04ca01066992554ee0.yaml new file mode 100644 index 0000000000..cefd4811dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conditional-menus-134da546d2df4f04ca01066992554ee0.yaml @@ -0,0 +1,58 @@ +id: conditional-menus-134da546d2df4f04ca01066992554ee0 + +info: + name: > + Conditional Menus <= 1.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57d3506c-8db8-4e1b-9587-7f2bdb632890?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conditional-menus/" + google-query: inurl:"/wp-content/plugins/conditional-menus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conditional-menus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conditional-menus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conditional-menus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conditional-payment-methods-for-woocommerce-47ed991bbc14dda7a2d912876312ff28.yaml b/nuclei-templates/cve-less/plugins/conditional-payment-methods-for-woocommerce-47ed991bbc14dda7a2d912876312ff28.yaml new file mode 100644 index 0000000000..190cadcd80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conditional-payment-methods-for-woocommerce-47ed991bbc14dda7a2d912876312ff28.yaml @@ -0,0 +1,58 @@ +id: conditional-payment-methods-for-woocommerce-47ed991bbc14dda7a2d912876312ff28 + +info: + name: > + Conditional Payment Methods for WooCommerce <= 1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bf4fe42-435b-449e-bb8c-57cef3b93471?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conditional-payment-methods-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/conditional-payment-methods-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conditional-payment-methods-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conditional-payment-methods-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conditional-payment-methods-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conditional-payments-for-woocommerce-687e0bfbb6d2f1a8953da32fe9e3e746.yaml b/nuclei-templates/cve-less/plugins/conditional-payments-for-woocommerce-687e0bfbb6d2f1a8953da32fe9e3e746.yaml new file mode 100644 index 0000000000..7514585b99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conditional-payments-for-woocommerce-687e0bfbb6d2f1a8953da32fe9e3e746.yaml @@ -0,0 +1,58 @@ +id: conditional-payments-for-woocommerce-687e0bfbb6d2f1a8953da32fe9e3e746 + +info: + name: > + Conditional Payments for WooCommerce <= 2.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db15295f-505f-4a0a-bb3a-3ff6daf73008?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conditional-payments-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/conditional-payments-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conditional-payments-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conditional-payments-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conditional-payments-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conditional-shipping-for-woocommerce-f546949dea525a0c95c8895c66b00552.yaml b/nuclei-templates/cve-less/plugins/conditional-shipping-for-woocommerce-f546949dea525a0c95c8895c66b00552.yaml new file mode 100644 index 0000000000..bd7b5722a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conditional-shipping-for-woocommerce-f546949dea525a0c95c8895c66b00552.yaml @@ -0,0 +1,58 @@ +id: conditional-shipping-for-woocommerce-f546949dea525a0c95c8895c66b00552 + +info: + name: > + Conditional Shipping for WooCommerce <= 2.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53e2f7d5-ceb3-4c15-a761-a9f7c7585358?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conditional-shipping-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/conditional-shipping-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conditional-shipping-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conditional-shipping-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conditional-shipping-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conference-scheduler-cf3e255501522f24f949ee2a8f39ee25.yaml b/nuclei-templates/cve-less/plugins/conference-scheduler-cf3e255501522f24f949ee2a8f39ee25.yaml new file mode 100644 index 0000000000..519becd996 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conference-scheduler-cf3e255501522f24f949ee2a8f39ee25.yaml @@ -0,0 +1,58 @@ +id: conference-scheduler-cf3e255501522f24f949ee2a8f39ee25 + +info: + name: > + Conference Scheduler <= 2.4.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eed6306a-317b-40ed-b7f5-7f930b3509e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conference-scheduler/" + google-query: inurl:"/wp-content/plugins/conference-scheduler/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conference-scheduler,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conference-scheduler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conference-scheduler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/configurable-tag-cloud-widget-cf1b7f4c03fcd556e540f11fea53f35a.yaml b/nuclei-templates/cve-less/plugins/configurable-tag-cloud-widget-cf1b7f4c03fcd556e540f11fea53f35a.yaml new file mode 100644 index 0000000000..af9080f903 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/configurable-tag-cloud-widget-cf1b7f4c03fcd556e540f11fea53f35a.yaml @@ -0,0 +1,58 @@ +id: configurable-tag-cloud-widget-cf1b7f4c03fcd556e540f11fea53f35a + +info: + name: > + Configurable Tag Cloud <= 5.2 - Cross-Site Request Forgery via ctc_options_page() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0775b36b-d543-41f9-a20d-f629b40c70d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/configurable-tag-cloud-widget/" + google-query: inurl:"/wp-content/plugins/configurable-tag-cloud-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,configurable-tag-cloud-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/configurable-tag-cloud-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "configurable-tag-cloud-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/configure-smtp-66c31f4c6740f8ad7d7b89dba2cbfd5f.yaml b/nuclei-templates/cve-less/plugins/configure-smtp-66c31f4c6740f8ad7d7b89dba2cbfd5f.yaml new file mode 100644 index 0000000000..edcdab3476 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/configure-smtp-66c31f4c6740f8ad7d7b89dba2cbfd5f.yaml @@ -0,0 +1,58 @@ +id: configure-smtp-66c31f4c6740f8ad7d7b89dba2cbfd5f + +info: + name: > + Configure SMTP <= 3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d770e25-3b76-49a1-896b-adbdd91d1e47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/configure-smtp/" + google-query: inurl:"/wp-content/plugins/configure-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,configure-smtp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/configure-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "configure-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/confirm-data-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/confirm-data-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..3f15671f6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/confirm-data-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: confirm-data-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/confirm-data/" + google-query: inurl:"/wp-content/plugins/confirm-data/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,confirm-data,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/confirm-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "confirm-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/connect-daily-web-calendar-73dac6bf00e8c2bb53faafd1de73576a.yaml b/nuclei-templates/cve-less/plugins/connect-daily-web-calendar-73dac6bf00e8c2bb53faafd1de73576a.yaml new file mode 100644 index 0000000000..8e4e8031fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/connect-daily-web-calendar-73dac6bf00e8c2bb53faafd1de73576a.yaml @@ -0,0 +1,58 @@ +id: connect-daily-web-calendar-73dac6bf00e8c2bb53faafd1de73576a + +info: + name: > + connectDaily <= 1.4.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/650f7232-7279-401d-beb1-26f70c69164b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/connect-daily-web-calendar/" + google-query: inurl:"/wp-content/plugins/connect-daily-web-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,connect-daily-web-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/connect-daily-web-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "connect-daily-web-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/connections-1f71cd156c1c7a7919178911b00bc151.yaml b/nuclei-templates/cve-less/plugins/connections-1f71cd156c1c7a7919178911b00bc151.yaml new file mode 100644 index 0000000000..35e7df860d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/connections-1f71cd156c1c7a7919178911b00bc151.yaml @@ -0,0 +1,58 @@ +id: connections-1f71cd156c1c7a7919178911b00bc151 + +info: + name: > + Connections Business Directory <= 10.4.2 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b0d6b1f-5601-4c96-893c-e296511a2996?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/connections/" + google-query: inurl:"/wp-content/plugins/connections/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,connections,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/connections/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "connections" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 10.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/connections-2e3f61534eb2162d57847e92682b9bbd.yaml b/nuclei-templates/cve-less/plugins/connections-2e3f61534eb2162d57847e92682b9bbd.yaml new file mode 100644 index 0000000000..55035acd34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/connections-2e3f61534eb2162d57847e92682b9bbd.yaml @@ -0,0 +1,58 @@ +id: connections-2e3f61534eb2162d57847e92682b9bbd + +info: + name: > + Connections Business Directory < 0.7.1.6 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54c154a9-e751-4e8f-a26e-7eb208fa7ffe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/connections/" + google-query: inurl:"/wp-content/plugins/connections/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,connections,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/connections/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "connections" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/connections-6869d4da7d1da9e6712437e8840c161b.yaml b/nuclei-templates/cve-less/plugins/connections-6869d4da7d1da9e6712437e8840c161b.yaml new file mode 100644 index 0000000000..ae4f88abe0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/connections-6869d4da7d1da9e6712437e8840c161b.yaml @@ -0,0 +1,58 @@ +id: connections-6869d4da7d1da9e6712437e8840c161b + +info: + name: > + Connections Business Directory <= 10.4.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae40fd4a-8448-48ea-9b31-067643972b44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/connections/" + google-query: inurl:"/wp-content/plugins/connections/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,connections,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/connections/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "connections" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.4.36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/connections-b0b49bce1c15ad148a5058e1154b417c.yaml b/nuclei-templates/cve-less/plugins/connections-b0b49bce1c15ad148a5058e1154b417c.yaml new file mode 100644 index 0000000000..aa16a60ce5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/connections-b0b49bce1c15ad148a5058e1154b417c.yaml @@ -0,0 +1,58 @@ +id: connections-b0b49bce1c15ad148a5058e1154b417c + +info: + name: > + Connections Business Directory <= 9.6 - Authenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70f2c885-14b6-4ac3-b819-502bc618d9c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/connections/" + google-query: inurl:"/wp-content/plugins/connections/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,connections,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/connections/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "connections" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/connections-cf74b8fc2d5310123c3eee779bc13fa4.yaml b/nuclei-templates/cve-less/plugins/connections-cf74b8fc2d5310123c3eee779bc13fa4.yaml new file mode 100644 index 0000000000..d2d2ea7eee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/connections-cf74b8fc2d5310123c3eee779bc13fa4.yaml @@ -0,0 +1,58 @@ +id: connections-cf74b8fc2d5310123c3eee779bc13fa4 + +info: + name: > + Connections Business Directory < 8.5.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/070fd387-c0ca-47bf-a37a-530c1ffdb6ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/connections/" + google-query: inurl:"/wp-content/plugins/connections/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,connections,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/connections/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "connections" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/consensu-io-f1b98a2e76b778879a86c711e73365c4.yaml b/nuclei-templates/cve-less/plugins/consensu-io-f1b98a2e76b778879a86c711e73365c4.yaml new file mode 100644 index 0000000000..6728de0ec4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/consensu-io-f1b98a2e76b778879a86c711e73365c4.yaml @@ -0,0 +1,58 @@ +id: consensu-io-f1b98a2e76b778879a86c711e73365c4 + +info: + name: > + Consensu.io <= 1.0.2 - Missing Authorization via update_config_db() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc1963cc-7e9e-4998-8338-c3e83b70d441?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/consensu-io/" + google-query: inurl:"/wp-content/plugins/consensu-io/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,consensu-io,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/consensu-io/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "consensu-io" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/constant-contact-forms-903a37844bea1fdaf4cd48ec6980337e.yaml b/nuclei-templates/cve-less/plugins/constant-contact-forms-903a37844bea1fdaf4cd48ec6980337e.yaml new file mode 100644 index 0000000000..f520ff498b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/constant-contact-forms-903a37844bea1fdaf4cd48ec6980337e.yaml @@ -0,0 +1,58 @@ +id: constant-contact-forms-903a37844bea1fdaf4cd48ec6980337e + +info: + name: > + Constant Contact Forms <= 1.14.0 - Missing Authorization via constant_contact_optin_ajax_handler + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85b6262c-2576-4177-a683-44464dba0978?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/constant-contact-forms/" + google-query: inurl:"/wp-content/plugins/constant-contact-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,constant-contact-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/constant-contact-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "constant-contact-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/constant-contact-forms-b14574939a93e002a63be522534dc429.yaml b/nuclei-templates/cve-less/plugins/constant-contact-forms-b14574939a93e002a63be522534dc429.yaml new file mode 100644 index 0000000000..f62e4380da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/constant-contact-forms-b14574939a93e002a63be522534dc429.yaml @@ -0,0 +1,58 @@ +id: constant-contact-forms-b14574939a93e002a63be522534dc429 + +info: + name: > + Constant Contact Forms <= 1.8.7 Editor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64f4009e-2715-4c58-acbd-e516f1a76646?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/constant-contact-forms/" + google-query: inurl:"/wp-content/plugins/constant-contact-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,constant-contact-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/constant-contact-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "constant-contact-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/constant-contact-forms-by-mailmunch-1a317e1cdbb26d9e49f5aa3bc192b26e.yaml b/nuclei-templates/cve-less/plugins/constant-contact-forms-by-mailmunch-1a317e1cdbb26d9e49f5aa3bc192b26e.yaml new file mode 100644 index 0000000000..e132bd8f93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/constant-contact-forms-by-mailmunch-1a317e1cdbb26d9e49f5aa3bc192b26e.yaml @@ -0,0 +1,58 @@ +id: constant-contact-forms-by-mailmunch-1a317e1cdbb26d9e49f5aa3bc192b26e + +info: + name: > + Constant Contact Forms by MailMunch <= 2.0.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f8dcbd2-af51-4cc9-9962-53fe644985e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/constant-contact-forms-by-mailmunch/" + google-query: inurl:"/wp-content/plugins/constant-contact-forms-by-mailmunch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,constant-contact-forms-by-mailmunch,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/constant-contact-forms-by-mailmunch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "constant-contact-forms-by-mailmunch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/constant-contact-forms-by-mailmunch-437bae7c2a82ed4347741e0e69e1ae61.yaml b/nuclei-templates/cve-less/plugins/constant-contact-forms-by-mailmunch-437bae7c2a82ed4347741e0e69e1ae61.yaml new file mode 100644 index 0000000000..6ac670b024 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/constant-contact-forms-by-mailmunch-437bae7c2a82ed4347741e0e69e1ae61.yaml @@ -0,0 +1,58 @@ +id: constant-contact-forms-by-mailmunch-437bae7c2a82ed4347741e0e69e1ae61 + +info: + name: > + Constant Contact Forms by MailMunch <= 2.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a84bd9c8-97bd-4572-8bfa-5191d98c9523?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/constant-contact-forms-by-mailmunch/" + google-query: inurl:"/wp-content/plugins/constant-contact-forms-by-mailmunch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,constant-contact-forms-by-mailmunch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/constant-contact-forms-by-mailmunch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "constant-contact-forms-by-mailmunch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/constant-contact-forms-d81bd0f10f327ed0fb83b12edeec74bf.yaml b/nuclei-templates/cve-less/plugins/constant-contact-forms-d81bd0f10f327ed0fb83b12edeec74bf.yaml new file mode 100644 index 0000000000..18acba2e1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/constant-contact-forms-d81bd0f10f327ed0fb83b12edeec74bf.yaml @@ -0,0 +1,58 @@ +id: constant-contact-forms-d81bd0f10f327ed0fb83b12edeec74bf + +info: + name: > + Constant Contact Forms <= 2.4.2 - Information Disclosure via Log Files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2990b307-2b07-4daf-917b-d9587253cbeb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/constant-contact-forms/" + google-query: inurl:"/wp-content/plugins/constant-contact-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,constant-contact-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/constant-contact-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "constant-contact-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-bank-6d98c218699b93985ac97a3eec99201e.yaml b/nuclei-templates/cve-less/plugins/contact-bank-6d98c218699b93985ac97a3eec99201e.yaml new file mode 100644 index 0000000000..5ee914935b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-bank-6d98c218699b93985ac97a3eec99201e.yaml @@ -0,0 +1,58 @@ +id: contact-bank-6d98c218699b93985ac97a3eec99201e + +info: + name: > + Contact Bank – Contact Form Builder for WordPress <= 2.0.19 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14039d7d-bd5a-4c6b-96b0-46f86536e085?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-bank/" + google-query: inurl:"/wp-content/plugins/contact-bank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-bank,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-bank-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/contact-bank-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..0ab357f329 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-bank-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: contact-bank-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-bank/" + google-query: inurl:"/wp-content/plugins/contact-bank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-bank,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.227') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-bank-e445dff1dbcdaa9bae7b0592b35676e6.yaml b/nuclei-templates/cve-less/plugins/contact-bank-e445dff1dbcdaa9bae7b0592b35676e6.yaml new file mode 100644 index 0000000000..f4cd03a485 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-bank-e445dff1dbcdaa9bae7b0592b35676e6.yaml @@ -0,0 +1,58 @@ +id: contact-bank-e445dff1dbcdaa9bae7b0592b35676e6 + +info: + name: > + Contact Bank <= 3.0.30 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a367b5a-cfba-41fa-9243-256a391a4661?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-bank/" + google-query: inurl:"/wp-content/plugins/contact-bank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-bank,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-bank-faf9b6b6bd7098d550180128b47f75fe.yaml b/nuclei-templates/cve-less/plugins/contact-bank-faf9b6b6bd7098d550180128b47f75fe.yaml new file mode 100644 index 0000000000..882808f6ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-bank-faf9b6b6bd7098d550180128b47f75fe.yaml @@ -0,0 +1,58 @@ +id: contact-bank-faf9b6b6bd7098d550180128b47f75fe + +info: + name: > + Contact Bank – Contact Form Builder for WordPress <= 2.0.69 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e560fb5f-0548-4b3e-9f8d-9e80af364c04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-bank/" + google-query: inurl:"/wp-content/plugins/contact-bank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-bank,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.69') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-1ff3b8d002a210c8bcbac1471cb6f6f6.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-1ff3b8d002a210c8bcbac1471cb6f6f6.yaml new file mode 100644 index 0000000000..7a54c35b2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-1ff3b8d002a210c8bcbac1471cb6f6f6.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-1ff3b8d002a210c8bcbac1471cb6f6f6 + +info: + name: > + Contact Form 7 < 3.7.2 - CAPTCHA Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e421cb35-e9f4-43f3-a39e-d51d197bc279?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7/" + google-query: inurl:"/wp-content/plugins/contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-6e59234554b04ec8d40e5e3ef21541b6.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-6e59234554b04ec8d40e5e3ef21541b6.yaml new file mode 100644 index 0000000000..be9082f023 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-6e59234554b04ec8d40e5e3ef21541b6.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-6e59234554b04ec8d40e5e3ef21541b6 + +info: + name: > + Contact Form 7 <= 5.0.3 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1814d2ad-73b1-4440-9cd6-7c5c569c4fb2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7/" + google-query: inurl:"/wp-content/plugins/contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-7f88047eb913450e01c938cb65d8b8a9.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-7f88047eb913450e01c938cb65d8b8a9.yaml new file mode 100644 index 0000000000..c3516a1ee5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-7f88047eb913450e01c938cb65d8b8a9.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-7f88047eb913450e01c938cb65d8b8a9 + +info: + name: > + Contact Form 7 <= 5.3.1 - Arbitrary File Upload via Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2f54e8d-9e81-4902-9111-b826ef5da164?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7/" + google-query: inurl:"/wp-content/plugins/contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-8d379cb370e88332eb6d842ed734aa6a.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-8d379cb370e88332eb6d842ed734aa6a.yaml new file mode 100644 index 0000000000..42c7d1dd55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-8d379cb370e88332eb6d842ed734aa6a.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-8d379cb370e88332eb6d842ed734aa6a + +info: + name: > + Contact Form 7 <= 5.8.3 - Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7fb020-6acb-445e-a46b-bdb5aaf8f2b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7/" + google-query: inurl:"/wp-content/plugins/contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-datepicker-dd80fd1aa8e8ecdfc56af18872d295e2.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-datepicker-dd80fd1aa8e8ecdfc56af18872d295e2.yaml new file mode 100644 index 0000000000..276032b0aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-datepicker-dd80fd1aa8e8ecdfc56af18872d295e2.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-datepicker-dd80fd1aa8e8ecdfc56af18872d295e2 + +info: + name: > + Contact Form 7 Datepicker <= 2.6.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6da4cf6-4b3b-4015-9106-b2a4467f34f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-datepicker/" + google-query: inurl:"/wp-content/plugins/contact-form-7-datepicker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-datepicker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-datepicker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-datepicker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-dynamic-text-extension-ad3bf812c0907ec51a65ebf62ff94eb1.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-dynamic-text-extension-ad3bf812c0907ec51a65ebf62ff94eb1.yaml new file mode 100644 index 0000000000..034de0d74c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-dynamic-text-extension-ad3bf812c0907ec51a65ebf62ff94eb1.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-dynamic-text-extension-ad3bf812c0907ec51a65ebf62ff94eb1 + +info: + name: > + Contact Form 7 – Dynamic Text Extension <= 4.1.0 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f1d836-da32-414f-9f2b-d485c44b2486?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-dynamic-text-extension/" + google-query: inurl:"/wp-content/plugins/contact-form-7-dynamic-text-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-dynamic-text-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-dynamic-text-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-dynamic-text-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-f9c76f792a0cb9c9d573c3bb2df06a93.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-f9c76f792a0cb9c9d573c3bb2df06a93.yaml new file mode 100644 index 0000000000..c027ee13ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-f9c76f792a0cb9c9d573c3bb2df06a93.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-f9c76f792a0cb9c9d573c3bb2df06a93 + +info: + name: > + Contact Form 7 <= 5.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7/" + google-query: inurl:"/wp-content/plugins/contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-integrations-4d9d22b8536ad510aca448861c4763dd.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-integrations-4d9d22b8536ad510aca448861c4763dd.yaml new file mode 100644 index 0000000000..cecda71bfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-integrations-4d9d22b8536ad510aca448861c4763dd.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-integrations-4d9d22b8536ad510aca448861c4763dd + +info: + name: > + Contact Form 7 Integrations 1.0 - 1.3.10 - Multiple Cross-Site scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd4446b0-3274-46c7-865a-0a168acb960f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-integrations/" + google-query: inurl:"/wp-content/plugins/contact-form-7-integrations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-integrations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-integrations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-integrations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0', '<= 1.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-mailchimp-extension-01288e737e4ae077215c04412343fc17.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-mailchimp-extension-01288e737e4ae077215c04412343fc17.yaml new file mode 100644 index 0000000000..dee6c09619 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-mailchimp-extension-01288e737e4ae077215c04412343fc17.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-mailchimp-extension-01288e737e4ae077215c04412343fc17 + +info: + name: > + Contact Form 7 Extension For Mailchimp <= 0.5.70 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9f5be49-e099-4862-af9d-4ddbb6decfc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-mailchimp-extension/" + google-query: inurl:"/wp-content/plugins/contact-form-7-mailchimp-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-mailchimp-extension,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-mailchimp-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-mailchimp-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.70') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-mailchimp-extension-905c45437d6ba639495cb537666e1306.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-mailchimp-extension-905c45437d6ba639495cb537666e1306.yaml new file mode 100644 index 0000000000..1057491a96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-mailchimp-extension-905c45437d6ba639495cb537666e1306.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-mailchimp-extension-905c45437d6ba639495cb537666e1306 + +info: + name: > + Contact Form 7 Extension For Mailchimp <= 0.5.70 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bed25977-040e-4427-b1e3-e9be9733b31f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-mailchimp-extension/" + google-query: inurl:"/wp-content/plugins/contact-form-7-mailchimp-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-mailchimp-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-mailchimp-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-mailchimp-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.70') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-newsletter-60ccaab36d8d291d989ebdd0beef30b5.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-newsletter-60ccaab36d8d291d989ebdd0beef30b5.yaml new file mode 100644 index 0000000000..c1c94929c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-newsletter-60ccaab36d8d291d989ebdd0beef30b5.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-newsletter-60ccaab36d8d291d989ebdd0beef30b5 + +info: + name: > + Contact Form 7 Newsletter <= 2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ecf2247-5861-4206-9329-f0389a35076b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-newsletter/" + google-query: inurl:"/wp-content/plugins/contact-form-7-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-newsletter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-paypal-add-on-46d92974df5823a07d95144ce4cc0f85.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-paypal-add-on-46d92974df5823a07d95144ce4cc0f85.yaml new file mode 100644 index 0000000000..719398d4a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-paypal-add-on-46d92974df5823a07d95144ce4cc0f85.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-paypal-add-on-46d92974df5823a07d95144ce4cc0f85 + +info: + name: > + Contact Form 7 – PayPal & Stripe Add-on <= 1.9.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0c13b83-6885-46db-bf33-0b2b63ff06db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-paypal-add-on/" + google-query: inurl:"/wp-content/plugins/contact-form-7-paypal-add-on/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-paypal-add-on,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-paypal-add-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-paypal-add-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-paypal-add-on-a742d112c80df865f27dc03fd5bad80a.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-paypal-add-on-a742d112c80df865f27dc03fd5bad80a.yaml new file mode 100644 index 0000000000..dbfb2862e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-paypal-add-on-a742d112c80df865f27dc03fd5bad80a.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-paypal-add-on-a742d112c80df865f27dc03fd5bad80a + +info: + name: > + Easy PayPal & Stripe Buy Now Button <= 1.8.3 & Contact Form 7 – PayPal & Stripe Add-on <= 2.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5276227-9bd4-4ad8-a6b7-ac7d05e8b056?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-paypal-add-on/" + google-query: inurl:"/wp-content/plugins/contact-form-7-paypal-add-on/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-paypal-add-on,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-paypal-add-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-paypal-add-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-paypal-add-on-d4ad0651fbd050ca5d0c0b31b84449cb.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-paypal-add-on-d4ad0651fbd050ca5d0c0b31b84449cb.yaml new file mode 100644 index 0000000000..b6af3c709a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-paypal-add-on-d4ad0651fbd050ca5d0c0b31b84449cb.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-paypal-add-on-d4ad0651fbd050ca5d0c0b31b84449cb + +info: + name: > + Contact Form 7 – PayPal & Stripe Add-on <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99be8703-b462-4589-9918-76c0ebbb3bcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-paypal-add-on/" + google-query: inurl:"/wp-content/plugins/contact-form-7-paypal-add-on/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-paypal-add-on,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-paypal-add-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-paypal-add-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-simple-recaptcha-14d0e5668206cef97d18962e8ae7b83f.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-simple-recaptcha-14d0e5668206cef97d18962e8ae7b83f.yaml new file mode 100644 index 0000000000..bf15548f1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-simple-recaptcha-14d0e5668206cef97d18962e8ae7b83f.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-simple-recaptcha-14d0e5668206cef97d18962e8ae7b83f + +info: + name: > + Contact Form 7 Captcha <= 0.0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d2236cd-dfed-42d0-a77f-4573e74a4781?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-simple-recaptcha/" + google-query: inurl:"/wp-content/plugins/contact-form-7-simple-recaptcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-simple-recaptcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-simple-recaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-simple-recaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-simple-recaptcha-8adb7b06ec664dfb56f6f7d6b4e86d31.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-simple-recaptcha-8adb7b06ec664dfb56f6f7d6b4e86d31.yaml new file mode 100644 index 0000000000..e0019a662c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-simple-recaptcha-8adb7b06ec664dfb56f6f7d6b4e86d31.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-simple-recaptcha-8adb7b06ec664dfb56f6f7d6b4e86d31 + +info: + name: > + Contact Form 7 Captcha <= 0.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24e8513c-f8d4-4e32-8212-191f5b5893b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-simple-recaptcha/" + google-query: inurl:"/wp-content/plugins/contact-form-7-simple-recaptcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-simple-recaptcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-simple-recaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-simple-recaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-skins-2914c51da091e199d25a3dc8786db638.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-skins-2914c51da091e199d25a3dc8786db638.yaml new file mode 100644 index 0000000000..ad4254b7b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-skins-2914c51da091e199d25a3dc8786db638.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-skins-2914c51da091e199d25a3dc8786db638 + +info: + name: > + Contact Form 7 Skins <= 2.5.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7df753a-5399-45ff-894f-8f35868fe072?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-skins/" + google-query: inurl:"/wp-content/plugins/contact-form-7-skins/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-skins,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-skins/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-skins" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-sms-addon-167d9672411be44feb72a5175fd0987c.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-sms-addon-167d9672411be44feb72a5175fd0987c.yaml new file mode 100644 index 0000000000..9c87d2d9a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-sms-addon-167d9672411be44feb72a5175fd0987c.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-sms-addon-167d9672411be44feb72a5175fd0987c + +info: + name: > + Clockwork SMS Plugins - Multiple Versions - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f35a20-ffcf-4413-b1ea-748cd6aa6f20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-sms-addon/" + google-query: inurl:"/wp-content/plugins/contact-form-7-sms-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-sms-addon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-sms-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-sms-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-sms-addon-be2731d38b6a95683208b89df2a4165d.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-sms-addon-be2731d38b6a95683208b89df2a4165d.yaml new file mode 100644 index 0000000000..63009a50cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-sms-addon-be2731d38b6a95683208b89df2a4165d.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-sms-addon-be2731d38b6a95683208b89df2a4165d + +info: + name: > + Contact Form 7 – Clockwork SMS < 2.4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3c5aafc-e75a-472e-9b62-10bb5a9da9b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-sms-addon/" + google-query: inurl:"/wp-content/plugins/contact-form-7-sms-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-sms-addon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-sms-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-sms-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-style-a1fcf6f91e16b2992432e60b1b4c9234.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-style-a1fcf6f91e16b2992432e60b1b4c9234.yaml new file mode 100644 index 0000000000..076d54b45b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-style-a1fcf6f91e16b2992432e60b1b4c9234.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-style-a1fcf6f91e16b2992432e60b1b4c9234 + +info: + name: > + Contact Form 7 Style <= 3.1.9 Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7b540b9-cdf1-40ea-b693-c237e76c0958?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-style/" + google-query: inurl:"/wp-content/plugins/contact-form-7-style/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-style,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-style/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-style" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-style-ea1c126ca110ea032d6fcb986fdd350e.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-style-ea1c126ca110ea032d6fcb986fdd350e.yaml new file mode 100644 index 0000000000..76383a0ea0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-style-ea1c126ca110ea032d6fcb986fdd350e.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-style-ea1c126ca110ea032d6fcb986fdd350e + +info: + name: > + Contact Form 7 Style <= 3.2 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2972cdaf-2d0a-4b55-b4f5-ccf01ff5352c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-style/" + google-query: inurl:"/wp-content/plugins/contact-form-7-style/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-style,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-style/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-style" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-6fadcf5f17b5915346db50e851606480.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-6fadcf5f17b5915346db50e851606480.yaml new file mode 100644 index 0000000000..2b06648070 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-6fadcf5f17b5915346db50e851606480.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-to-database-extension-6fadcf5f17b5915346db50e851606480 + +info: + name: > + Contact Form DB <= 2.8.29 - Cross-site request forgery via a request in the CF7DBPluginSubmissions page to wp-admin/admin.php + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/642012fa-28a5-46dc-a68f-3a4ce1cbced3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-to-database-extension/" + google-query: inurl:"/wp-content/plugins/contact-form-7-to-database-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-to-database-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-to-database-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-to-database-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-9307d10c2323b14a9686cf4c27778940.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-9307d10c2323b14a9686cf4c27778940.yaml new file mode 100644 index 0000000000..ffaa778f97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-9307d10c2323b14a9686cf4c27778940.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-to-database-extension-9307d10c2323b14a9686cf4c27778940 + +info: + name: > + Contact Form 7 to Database Extension 2.10.32 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c694f5e5-43eb-453c-98d7-0d575d53df1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-to-database-extension/" + google-query: inurl:"/wp-content/plugins/contact-form-7-to-database-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-to-database-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-to-database-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-to-database-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.10.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-b08c80c889936db0e80107b8d6e7f7c2.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-b08c80c889936db0e80107b8d6e7f7c2.yaml new file mode 100644 index 0000000000..fcd2d1ce71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-b08c80c889936db0e80107b8d6e7f7c2.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-to-database-extension-b08c80c889936db0e80107b8d6e7f7c2 + +info: + name: > + Contact Form DB <= 2.8.26 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecb40bc2-aff5-4ced-8ded-1505d7b9db45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-to-database-extension/" + google-query: inurl:"/wp-content/plugins/contact-form-7-to-database-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-to-database-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-to-database-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-to-database-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-b47f4196237e18a984049178586c33fe.yaml b/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-b47f4196237e18a984049178586c33fe.yaml new file mode 100644 index 0000000000..6f847295b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-7-to-database-extension-b47f4196237e18a984049178586c33fe.yaml @@ -0,0 +1,58 @@ +id: contact-form-7-to-database-extension-b47f4196237e18a984049178586c33fe + +info: + name: > + Contact Form DB <= 2.8.19 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f210f6b-091f-45bf-be1e-872db3ab7b59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-7-to-database-extension/" + google-query: inurl:"/wp-content/plugins/contact-form-7-to-database-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-7-to-database-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-7-to-database-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-7-to-database-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-add-2d5c4c1875b8b7afff532ee362cb19b6.yaml b/nuclei-templates/cve-less/plugins/contact-form-add-2d5c4c1875b8b7afff532ee362cb19b6.yaml new file mode 100644 index 0000000000..654ab5165c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-add-2d5c4c1875b8b7afff532ee362cb19b6.yaml @@ -0,0 +1,58 @@ +id: contact-form-add-2d5c4c1875b8b7afff532ee362cb19b6 + +info: + name: > + Form Builder <= 1.9.8.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39041c15-dc85-49bc-b5d1-5b4bff05397b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-add/" + google-query: inurl:"/wp-content/plugins/contact-form-add/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-add,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-add/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-add" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-add-7688a1f2aea8d38e34484935054bb963.yaml b/nuclei-templates/cve-less/plugins/contact-form-add-7688a1f2aea8d38e34484935054bb963.yaml new file mode 100644 index 0000000000..5646310901 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-add-7688a1f2aea8d38e34484935054bb963.yaml @@ -0,0 +1,58 @@ +id: contact-form-add-7688a1f2aea8d38e34484935054bb963 + +info: + name: > + Form Builder <= 1.9.9.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f8a69ba-2663-4c54-8aef-4c5b0f851186?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-add/" + google-query: inurl:"/wp-content/plugins/contact-form-add/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-add,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-add/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-add" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-add-b5a086a164f76d9f65ec8c84b98c931b.yaml b/nuclei-templates/cve-less/plugins/contact-form-add-b5a086a164f76d9f65ec8c84b98c931b.yaml new file mode 100644 index 0000000000..b0027dd2e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-add-b5a086a164f76d9f65ec8c84b98c931b.yaml @@ -0,0 +1,58 @@ +id: contact-form-add-b5a086a164f76d9f65ec8c84b98c931b + +info: + name: > + Form Builder <= 1.9.9.0 - Unauthenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/432807d0-64d8-49b1-a4ab-33aa8fbc5189?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-add/" + google-query: inurl:"/wp-content/plugins/contact-form-add/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-add,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-add/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-add" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-advanced-database-7d7f5d445c1f890434d5685044d9c36e.yaml b/nuclei-templates/cve-less/plugins/contact-form-advanced-database-7d7f5d445c1f890434d5685044d9c36e.yaml new file mode 100644 index 0000000000..a7514a7624 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-advanced-database-7d7f5d445c1f890434d5685044d9c36e.yaml @@ -0,0 +1,58 @@ +id: contact-form-advanced-database-7d7f5d445c1f890434d5685044d9c36e + +info: + name: > + Contact Form Advanced Database <= 1.0.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a54038e1-e9e4-48aa-b368-e8d9ec687e85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-advanced-database/" + google-query: inurl:"/wp-content/plugins/contact-form-advanced-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-advanced-database,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-advanced-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-advanced-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-builder-0dd2df3f5b8d5d1265b1558506e0a48b.yaml b/nuclei-templates/cve-less/plugins/contact-form-builder-0dd2df3f5b8d5d1265b1558506e0a48b.yaml new file mode 100644 index 0000000000..620d8970d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-builder-0dd2df3f5b8d5d1265b1558506e0a48b.yaml @@ -0,0 +1,58 @@ +id: contact-form-builder-0dd2df3f5b8d5d1265b1558506e0a48b + +info: + name: > + WDContactFormBuilder <= 1.0.68 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c190c2d7-961b-4643-a7fe-6d4a22b0d5d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-builder/" + google-query: inurl:"/wp-content/plugins/contact-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.69') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-builder-eff7610d5a81227a5c58edb7e81bb7b8.yaml b/nuclei-templates/cve-less/plugins/contact-form-builder-eff7610d5a81227a5c58edb7e81bb7b8.yaml new file mode 100644 index 0000000000..fce626ad56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-builder-eff7610d5a81227a5c58edb7e81bb7b8.yaml @@ -0,0 +1,58 @@ +id: contact-form-builder-eff7610d5a81227a5c58edb7e81bb7b8 + +info: + name: > + WDContactFormBuilder <= 1.0.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7152253a-7bb8-4b5c-bffd-86e46df54b7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-builder/" + google-query: inurl:"/wp-content/plugins/contact-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.72') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-2fa0b1455e44ce08beb9843b8aba88e0.yaml b/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-2fa0b1455e44ce08beb9843b8aba88e0.yaml new file mode 100644 index 0000000000..7a52c76a9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-2fa0b1455e44ce08beb9843b8aba88e0.yaml @@ -0,0 +1,58 @@ +id: contact-form-by-supsystic-2fa0b1455e44ce08beb9843b8aba88e0 + +info: + name: > + Contact Form by Supsystic <= 1.7.14 - Reflected Cross-Site scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b48e0cc-5691-4df0-81ef-72f47d29ce30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-by-supsystic/" + google-query: inurl:"/wp-content/plugins/contact-form-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-4d5e40c3dba04c280b662fef0150a3f4.yaml b/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-4d5e40c3dba04c280b662fef0150a3f4.yaml new file mode 100644 index 0000000000..7f7982f60e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-4d5e40c3dba04c280b662fef0150a3f4.yaml @@ -0,0 +1,58 @@ +id: contact-form-by-supsystic-4d5e40c3dba04c280b662fef0150a3f4 + +info: + name: > + Contact Form by Supsystic <= 1.7.24 - Cross-Site Request Forgery via AJAX action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c387b07-baf6-4c62-943e-4bd121160ceb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-by-supsystic/" + google-query: inurl:"/wp-content/plugins/contact-form-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-8aec4bc7a4f45a1f32781336a736062d.yaml b/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-8aec4bc7a4f45a1f32781336a736062d.yaml new file mode 100644 index 0000000000..b4927c1702 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-by-supsystic-8aec4bc7a4f45a1f32781336a736062d.yaml @@ -0,0 +1,58 @@ +id: contact-form-by-supsystic-8aec4bc7a4f45a1f32781336a736062d + +info: + name: > + Contact Form by Supsystic <= 1.7.28 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16dc1927-2171-4234-805b-6e4eed99fa90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-by-supsystic/" + google-query: inurl:"/wp-content/plugins/contact-form-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-cfdb7-1870dbf4bb41dccecc97cff36f308cb8.yaml b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-1870dbf4bb41dccecc97cff36f308cb8.yaml new file mode 100644 index 0000000000..ecd80189cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-1870dbf4bb41dccecc97cff36f308cb8.yaml @@ -0,0 +1,58 @@ +id: contact-form-cfdb7-1870dbf4bb41dccecc97cff36f308cb8 + +info: + name: > + Contact Form 7 Database Addon – CFDB7 <= 1.2.6.8 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/995a6c1d-fb49-4953-9828-f6594ac45fa7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-cfdb7/" + google-query: inurl:"/wp-content/plugins/contact-form-cfdb7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-cfdb7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-cfdb7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-cfdb7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-cfdb7-75518625380bcaa62f1a02064912f140.yaml b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-75518625380bcaa62f1a02064912f140.yaml new file mode 100644 index 0000000000..81b3c68ca2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-75518625380bcaa62f1a02064912f140.yaml @@ -0,0 +1,58 @@ +id: contact-form-cfdb7-75518625380bcaa62f1a02064912f140 + +info: + name: > + Contact Form 7 Database Addon <= 1.2.6.3 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15679ce4-984a-4933-86c5-c8349b03abf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-cfdb7/" + google-query: inurl:"/wp-content/plugins/contact-form-cfdb7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-cfdb7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-cfdb7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-cfdb7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-cfdb7-75ff620cd218a38029d3e52c745f6285.yaml b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-75ff620cd218a38029d3e52c745f6285.yaml new file mode 100644 index 0000000000..6a0707a21d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-75ff620cd218a38029d3e52c745f6285.yaml @@ -0,0 +1,58 @@ +id: contact-form-cfdb7-75ff620cd218a38029d3e52c745f6285 + +info: + name: > + Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.5.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f2c46f7-b7c9-41a5-8cf9-61a683c3922c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-cfdb7/" + google-query: inurl:"/wp-content/plugins/contact-form-cfdb7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-cfdb7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-cfdb7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-cfdb7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-cfdb7-7a93aae5a1b0a527454a7a7e7a2079a6.yaml b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-7a93aae5a1b0a527454a7a7e7a2079a6.yaml new file mode 100644 index 0000000000..a859a002bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-7a93aae5a1b0a527454a7a7e7a2079a6.yaml @@ -0,0 +1,58 @@ +id: contact-form-cfdb7-7a93aae5a1b0a527454a7a7e7a2079a6 + +info: + name: > + Contact Form 7 Database Addon <= 1.2.5.4 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83e53dc4-84fe-4835-aaea-b72dfe8f7475?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-cfdb7/" + google-query: inurl:"/wp-content/plugins/contact-form-cfdb7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-cfdb7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-cfdb7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-cfdb7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-cfdb7-a479da98606812ed965dd3889c1983c1.yaml b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-a479da98606812ed965dd3889c1983c1.yaml new file mode 100644 index 0000000000..b3d8d4ec1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-cfdb7-a479da98606812ed965dd3889c1983c1.yaml @@ -0,0 +1,58 @@ +id: contact-form-cfdb7-a479da98606812ed965dd3889c1983c1 + +info: + name: > + Contact Form 7 Database Addon – CFDB7 <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e9ba1cb-62f5-4d6a-9727-ae62bb0edb98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-cfdb7/" + google-query: inurl:"/wp-content/plugins/contact-form-cfdb7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-cfdb7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-cfdb7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-cfdb7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-check-tester-8399de040479bedb6b313106c99e1459.yaml b/nuclei-templates/cve-less/plugins/contact-form-check-tester-8399de040479bedb6b313106c99e1459.yaml new file mode 100644 index 0000000000..e59df86119 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-check-tester-8399de040479bedb6b313106c99e1459.yaml @@ -0,0 +1,58 @@ +id: contact-form-check-tester-8399de040479bedb6b313106c99e1459 + +info: + name: > + Contact Form Check Tester <= 1.0.2 - Authenticated (Subscriber+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1313c714-d4d4-4ec8-bae8-99af0cee2f43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-check-tester/" + google-query: inurl:"/wp-content/plugins/contact-form-check-tester/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-check-tester,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-check-tester/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-check-tester" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-entries-0ae9ca018a23708b259b56e1909be0dd.yaml b/nuclei-templates/cve-less/plugins/contact-form-entries-0ae9ca018a23708b259b56e1909be0dd.yaml new file mode 100644 index 0000000000..f03a8e9e3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-entries-0ae9ca018a23708b259b56e1909be0dd.yaml @@ -0,0 +1,58 @@ +id: contact-form-entries-0ae9ca018a23708b259b56e1909be0dd + +info: + name: > + Contact Form Entries <= 1.2.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ffeec7b-cd4d-4555-acc0-22b44f237da6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-entries/" + google-query: inurl:"/wp-content/plugins/contact-form-entries/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-entries,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-entries/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-entries" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-entries-11d2084b4b4824db42a1247a4ad4b029.yaml b/nuclei-templates/cve-less/plugins/contact-form-entries-11d2084b4b4824db42a1247a4ad4b029.yaml new file mode 100644 index 0000000000..098fd42f60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-entries-11d2084b4b4824db42a1247a4ad4b029.yaml @@ -0,0 +1,58 @@ +id: contact-form-entries-11d2084b4b4824db42a1247a4ad4b029 + +info: + name: > + Contact Form Entries <= 1.1.6 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38e40a74-c4b7-4960-880d-a14e77fe1904?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-entries/" + google-query: inurl:"/wp-content/plugins/contact-form-entries/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-entries,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-entries/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-entries" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-entries-27391e149ab2871748f52ce997dd4e34.yaml b/nuclei-templates/cve-less/plugins/contact-form-entries-27391e149ab2871748f52ce997dd4e34.yaml new file mode 100644 index 0000000000..84028080a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-entries-27391e149ab2871748f52ce997dd4e34.yaml @@ -0,0 +1,58 @@ +id: contact-form-entries-27391e149ab2871748f52ce997dd4e34 + +info: + name: > + Contact Form Entries <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via vx-entries shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51986a76-933b-4c25-af79-d0c3f9e1d513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-entries/" + google-query: inurl:"/wp-content/plugins/contact-form-entries/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-entries,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-entries/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-entries" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-entries-4b0e1b091043f35eaaaa251df8ddc4b2.yaml b/nuclei-templates/cve-less/plugins/contact-form-entries-4b0e1b091043f35eaaaa251df8ddc4b2.yaml new file mode 100644 index 0000000000..f241ca6871 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-entries-4b0e1b091043f35eaaaa251df8ddc4b2.yaml @@ -0,0 +1,58 @@ +id: contact-form-entries-4b0e1b091043f35eaaaa251df8ddc4b2 + +info: + name: > + Database for Contact Form 7, WPforms, Elementor forms <= 1.3.8 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adbc23b3-fa9d-4303-8283-1cabb2a6bb71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-entries/" + google-query: inurl:"/wp-content/plugins/contact-form-entries/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-entries,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-entries/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-entries" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-entries-572e59930dcc24f750ce3dae22510652.yaml b/nuclei-templates/cve-less/plugins/contact-form-entries-572e59930dcc24f750ce3dae22510652.yaml new file mode 100644 index 0000000000..7241994a6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-entries-572e59930dcc24f750ce3dae22510652.yaml @@ -0,0 +1,58 @@ +id: contact-form-entries-572e59930dcc24f750ce3dae22510652 + +info: + name: > + Contact Form Entries <= 1.3.0 - Authenticated (Contributor+) SQL Injection via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b475ada-3b31-40a3-9a81-5a7b1a1e190a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-entries/" + google-query: inurl:"/wp-content/plugins/contact-form-entries/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-entries,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-entries/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-entries" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-entries-7e31455dbe1dd61224e4a9a69904e9bc.yaml b/nuclei-templates/cve-less/plugins/contact-form-entries-7e31455dbe1dd61224e4a9a69904e9bc.yaml new file mode 100644 index 0000000000..cf263948cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-entries-7e31455dbe1dd61224e4a9a69904e9bc.yaml @@ -0,0 +1,58 @@ +id: contact-form-entries-7e31455dbe1dd61224e4a9a69904e9bc + +info: + name: > + Contact Form Entries <= 1.2.9 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e345e3a-a3d4-4533-b8bb-90795f991cbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-entries/" + google-query: inurl:"/wp-content/plugins/contact-form-entries/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-entries,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-entries/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-entries" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-entries-a7ecc95184b3ade18a4afbbf2cc86f31.yaml b/nuclei-templates/cve-less/plugins/contact-form-entries-a7ecc95184b3ade18a4afbbf2cc86f31.yaml new file mode 100644 index 0000000000..8780b38879 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-entries-a7ecc95184b3ade18a4afbbf2cc86f31.yaml @@ -0,0 +1,58 @@ +id: contact-form-entries-a7ecc95184b3ade18a4afbbf2cc86f31 + +info: + name: > + Database for Contact Form 7, WPforms, Elementor forms <= 1.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4528b63-8d8e-44a4-a71f-2ad1636ac93c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-entries/" + google-query: inurl:"/wp-content/plugins/contact-form-entries/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-entries,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-entries/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-entries" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-entries-b1d3b6bac2cc1e1f3e245ca1837d27ff.yaml b/nuclei-templates/cve-less/plugins/contact-form-entries-b1d3b6bac2cc1e1f3e245ca1837d27ff.yaml new file mode 100644 index 0000000000..0bd11dbf22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-entries-b1d3b6bac2cc1e1f3e245ca1837d27ff.yaml @@ -0,0 +1,58 @@ +id: contact-form-entries-b1d3b6bac2cc1e1f3e245ca1837d27ff + +info: + name: > + Contact Form Entries <= 1.3.2 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/120313be-9f98-4448-9f5d-a77186a6ff08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-entries/" + google-query: inurl:"/wp-content/plugins/contact-form-entries/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-entries,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-entries/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-entries" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-generator-4493ed5056e4671039baf554adba702c.yaml b/nuclei-templates/cve-less/plugins/contact-form-generator-4493ed5056e4671039baf554adba702c.yaml new file mode 100644 index 0000000000..a1671555c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-generator-4493ed5056e4671039baf554adba702c.yaml @@ -0,0 +1,58 @@ +id: contact-form-generator-4493ed5056e4671039baf554adba702c + +info: + name: > + Contact Form Generator <= 2.7.1 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa586468-d6ff-46a3-97f3-e2e1d365e5b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-generator/" + google-query: inurl:"/wp-content/plugins/contact-form-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-generator-45055b7313617f4962d20d0d3cd73e8b.yaml b/nuclei-templates/cve-less/plugins/contact-form-generator-45055b7313617f4962d20d0d3cd73e8b.yaml new file mode 100644 index 0000000000..39fa677df7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-generator-45055b7313617f4962d20d0d3cd73e8b.yaml @@ -0,0 +1,58 @@ +id: contact-form-generator-45055b7313617f4962d20d0d3cd73e8b + +info: + name: > + Contact Form Generator : Creative form builder for WordPress <= 2.1.86 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbb57de9-210e-4983-965b-9a74ca10c494?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-generator/" + google-query: inurl:"/wp-content/plugins/contact-form-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.86') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-generator-60c9bfea8eebe4996b281df81354bfeb.yaml b/nuclei-templates/cve-less/plugins/contact-form-generator-60c9bfea8eebe4996b281df81354bfeb.yaml new file mode 100644 index 0000000000..dd87906c38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-generator-60c9bfea8eebe4996b281df81354bfeb.yaml @@ -0,0 +1,58 @@ +id: contact-form-generator-60c9bfea8eebe4996b281df81354bfeb + +info: + name: > + Contact Form Generator <= 2.5.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acdac8a7-6ac5-481d-a636-dd791fda89a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-generator/" + google-query: inurl:"/wp-content/plugins/contact-form-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-integrated-with-google-maps-9b4261e2d1c94c9960e52f01252bbfd4.yaml b/nuclei-templates/cve-less/plugins/contact-form-integrated-with-google-maps-9b4261e2d1c94c9960e52f01252bbfd4.yaml new file mode 100644 index 0000000000..6dc7664b64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-integrated-with-google-maps-9b4261e2d1c94c9960e52f01252bbfd4.yaml @@ -0,0 +1,58 @@ +id: contact-form-integrated-with-google-maps-9b4261e2d1c94c9960e52f01252bbfd4 + +info: + name: > + Contact Form Integrated With Google Maps 1.0 - 2.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68b202f7-fff1-4056-9b5b-b42b25189706?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-integrated-with-google-maps/" + google-query: inurl:"/wp-content/plugins/contact-form-integrated-with-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-integrated-with-google-maps,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-integrated-with-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-integrated-with-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0', '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-lite-3ecd0cc847951c575bdce3ab52ae1765.yaml b/nuclei-templates/cve-less/plugins/contact-form-lite-3ecd0cc847951c575bdce3ab52ae1765.yaml new file mode 100644 index 0000000000..713a47eebe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-lite-3ecd0cc847951c575bdce3ab52ae1765.yaml @@ -0,0 +1,58 @@ +id: contact-form-lite-3ecd0cc847951c575bdce3ab52ae1765 + +info: + name: > + Contact Form Plugin <= 4.0.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07f97b57-4258-4bd0-88f0-851e87dfd061?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-lite/" + google-query: inurl:"/wp-content/plugins/contact-form-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-lite-97d382f4c9bc6b17c25a76a092e5b852.yaml b/nuclei-templates/cve-less/plugins/contact-form-lite-97d382f4c9bc6b17c25a76a092e5b852.yaml new file mode 100644 index 0000000000..c9082fbef4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-lite-97d382f4c9bc6b17c25a76a092e5b852.yaml @@ -0,0 +1,58 @@ +id: contact-form-lite-97d382f4c9bc6b17c25a76a092e5b852 + +info: + name: > + Easy Contact Form Lite <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93427a3a-8cbe-4aa7-93e2-c6807bc3390c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-lite/" + google-query: inurl:"/wp-content/plugins/contact-form-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-maker-5530cad0a9767bd88d96d829bf733779.yaml b/nuclei-templates/cve-less/plugins/contact-form-maker-5530cad0a9767bd88d96d829bf733779.yaml new file mode 100644 index 0000000000..57d5587421 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-maker-5530cad0a9767bd88d96d829bf733779.yaml @@ -0,0 +1,58 @@ +id: contact-form-maker-5530cad0a9767bd88d96d829bf733779 + +info: + name: > + Contact Form Maker <= 1.13.23 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb56c071-d7b9-40e0-8cc5-2dd48c93b8cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-maker/" + google-query: inurl:"/wp-content/plugins/contact-form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-maker-b9705619b7c26905bbb7df74ccb4fdad.yaml b/nuclei-templates/cve-less/plugins/contact-form-maker-b9705619b7c26905bbb7df74ccb4fdad.yaml new file mode 100644 index 0000000000..a2c5747407 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-maker-b9705619b7c26905bbb7df74ccb4fdad.yaml @@ -0,0 +1,58 @@ +id: contact-form-maker-b9705619b7c26905bbb7df74ccb4fdad + +info: + name: > + Contact Form by WD <= 1.13.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55852490-7087-41b8-9848-758e443ae04b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-maker/" + google-query: inurl:"/wp-content/plugins/contact-form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.13.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-manager-362c09e706e4df3c312dbda6ffdf171c.yaml b/nuclei-templates/cve-less/plugins/contact-form-manager-362c09e706e4df3c312dbda6ffdf171c.yaml new file mode 100644 index 0000000000..b3d556f6df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-manager-362c09e706e4df3c312dbda6ffdf171c.yaml @@ -0,0 +1,58 @@ +id: contact-form-manager-362c09e706e4df3c312dbda6ffdf171c + +info: + name: > + Contact Form Manager <= 1.4.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1ecfa60-9b43-4b70-bd60-278dfb0e7dbb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-manager/" + google-query: inurl:"/wp-content/plugins/contact-form-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-manager-dd0f7c53e188e7bf56ca28fcdda5f28e.yaml b/nuclei-templates/cve-less/plugins/contact-form-manager-dd0f7c53e188e7bf56ca28fcdda5f28e.yaml new file mode 100644 index 0000000000..e296544223 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-manager-dd0f7c53e188e7bf56ca28fcdda5f28e.yaml @@ -0,0 +1,58 @@ +id: contact-form-manager-dd0f7c53e188e7bf56ca28fcdda5f28e + +info: + name: > + Contact Form Manager <= 1.4.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/365ec9c9-7bf4-4e5c-953e-58e3a7150cdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-manager/" + google-query: inurl:"/wp-content/plugins/contact-form-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-multi-78a680d0afadd06452bb6d0bff3dabe2.yaml b/nuclei-templates/cve-less/plugins/contact-form-multi-78a680d0afadd06452bb6d0bff3dabe2.yaml new file mode 100644 index 0000000000..22ada87e7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-multi-78a680d0afadd06452bb6d0bff3dabe2.yaml @@ -0,0 +1,58 @@ +id: contact-form-multi-78a680d0afadd06452bb6d0bff3dabe2 + +info: + name: > + Contact Form Multi by BestWebSoft – Multiple Forms Plugin for Single WordPress Website < 1.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/887ccf72-9ae1-4b7e-9f62-253dea459652?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-multi/" + google-query: inurl:"/wp-content/plugins/contact-form-multi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-multi,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-multi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-multi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-plugin-0c860e72b162cc9055e799dc4f8c2b43.yaml b/nuclei-templates/cve-less/plugins/contact-form-plugin-0c860e72b162cc9055e799dc4f8c2b43.yaml new file mode 100644 index 0000000000..1822924f48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-plugin-0c860e72b162cc9055e799dc4f8c2b43.yaml @@ -0,0 +1,58 @@ +id: contact-form-plugin-0c860e72b162cc9055e799dc4f8c2b43 + +info: + name: > + Contact Form By BestWebSoft<= 3.34 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a58685a5-d57a-42c9-86c7-344015952885?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-plugin/" + google-query: inurl:"/wp-content/plugins/contact-form-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-plugin-28ac556db560c4dbe8e302546acf1314.yaml b/nuclei-templates/cve-less/plugins/contact-form-plugin-28ac556db560c4dbe8e302546acf1314.yaml new file mode 100644 index 0000000000..ffd9e8e6ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-plugin-28ac556db560c4dbe8e302546acf1314.yaml @@ -0,0 +1,58 @@ +id: contact-form-plugin-28ac556db560c4dbe8e302546acf1314 + +info: + name: > + Contact Form by BestWebSoft – Advanced Contact Us Form Builder for WordPress <= 4.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed43e0ee-0b0e-4367-ba33-a8f08fafcd33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-plugin/" + google-query: inurl:"/wp-content/plugins/contact-form-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-plugin-32db8ca06e20ab6daa51c97bb6564bc7.yaml b/nuclei-templates/cve-less/plugins/contact-form-plugin-32db8ca06e20ab6daa51c97bb6564bc7.yaml new file mode 100644 index 0000000000..21df2869d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-plugin-32db8ca06e20ab6daa51c97bb6564bc7.yaml @@ -0,0 +1,58 @@ +id: contact-form-plugin-32db8ca06e20ab6daa51c97bb6564bc7 + +info: + name: > + Advanced Contact Us Form Builder for WordPress <= 4.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7c36911-4afe-4ac7-9a76-7365bb86f81c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-plugin/" + google-query: inurl:"/wp-content/plugins/contact-form-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-plugin-7d2288f1e4c8fb646fdb55a372b6200a.yaml b/nuclei-templates/cve-less/plugins/contact-form-plugin-7d2288f1e4c8fb646fdb55a372b6200a.yaml new file mode 100644 index 0000000000..620152addc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-plugin-7d2288f1e4c8fb646fdb55a372b6200a.yaml @@ -0,0 +1,58 @@ +id: contact-form-plugin-7d2288f1e4c8fb646fdb55a372b6200a + +info: + name: > + Contact Form by BestWebSoft <= 3.95 - ReflectedCross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e283a5a-98b7-464e-9426-cb414f3e3abf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-plugin/" + google-query: inurl:"/wp-content/plugins/contact-form-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-plugin-b2200c29280205b8f648b84224e222a3.yaml b/nuclei-templates/cve-less/plugins/contact-form-plugin-b2200c29280205b8f648b84224e222a3.yaml new file mode 100644 index 0000000000..6786da9493 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-plugin-b2200c29280205b8f648b84224e222a3.yaml @@ -0,0 +1,58 @@ +id: contact-form-plugin-b2200c29280205b8f648b84224e222a3 + +info: + name: > + Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_address + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5eb66ca3-768e-4d8c-a0fa-74e78250aee3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-plugin/" + google-query: inurl:"/wp-content/plugins/contact-form-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-plugin-b74320f496d843edce06a2ca91d6d756.yaml b/nuclei-templates/cve-less/plugins/contact-form-plugin-b74320f496d843edce06a2ca91d6d756.yaml new file mode 100644 index 0000000000..822dc89bbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-plugin-b74320f496d843edce06a2ca91d6d756.yaml @@ -0,0 +1,58 @@ +id: contact-form-plugin-b74320f496d843edce06a2ca91d6d756 + +info: + name: > + Contact Form Plugin <= 3.81 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8b47cc6-437b-45c9-b263-ee43c7ec7d14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-plugin/" + google-query: inurl:"/wp-content/plugins/contact-form-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.81') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-plugin-db0677cd0c6ea98a43e8b2ad4b143537.yaml b/nuclei-templates/cve-less/plugins/contact-form-plugin-db0677cd0c6ea98a43e8b2ad4b143537.yaml new file mode 100644 index 0000000000..41db717bb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-plugin-db0677cd0c6ea98a43e8b2ad4b143537.yaml @@ -0,0 +1,58 @@ +id: contact-form-plugin-db0677cd0c6ea98a43e8b2ad4b143537 + +info: + name: > + Contact Form by BestWebSoft <= 3.51 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73a15b12-20d5-4448-b69c-9a577ff907b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-plugin/" + google-query: inurl:"/wp-content/plugins/contact-form-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-plugin-dddf3ae843aadf68e8fa30f4a8366d3d.yaml b/nuclei-templates/cve-less/plugins/contact-form-plugin-dddf3ae843aadf68e8fa30f4a8366d3d.yaml new file mode 100644 index 0000000000..31bb5588e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-plugin-dddf3ae843aadf68e8fa30f4a8366d3d.yaml @@ -0,0 +1,58 @@ +id: contact-form-plugin-dddf3ae843aadf68e8fa30f4a8366d3d + +info: + name: > + Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28524702-3428-4fca-afe8-71b3f2dd983d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-plugin/" + google-query: inurl:"/wp-content/plugins/contact-form-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-ready-91e28682a12b6a160969ea8bdc14d2e1.yaml b/nuclei-templates/cve-less/plugins/contact-form-ready-91e28682a12b6a160969ea8bdc14d2e1.yaml new file mode 100644 index 0000000000..ab872f3058 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-ready-91e28682a12b6a160969ea8bdc14d2e1.yaml @@ -0,0 +1,58 @@ +id: contact-form-ready-91e28682a12b6a160969ea8bdc14d2e1 + +info: + name: > + Contact Form <= 2.0.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bdba43c-0156-4a6b-b7b9-3f74b506e8f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-ready/" + google-query: inurl:"/wp-content/plugins/contact-form-ready/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-ready,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-ready/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-ready" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-submissions-5591c3e066a7e4066f46ad9259d47c7a.yaml b/nuclei-templates/cve-less/plugins/contact-form-submissions-5591c3e066a7e4066f46ad9259d47c7a.yaml new file mode 100644 index 0000000000..99dee48fef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-submissions-5591c3e066a7e4066f46ad9259d47c7a.yaml @@ -0,0 +1,58 @@ +id: contact-form-submissions-5591c3e066a7e4066f46ad9259d47c7a + +info: + name: > + Contact Form Submissions <= 1.7.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cb02d7c-5014-46e9-9d4c-c207e58a1b0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-submissions/" + google-query: inurl:"/wp-content/plugins/contact-form-submissions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-submissions,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-submissions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-submissions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-submissions-fa320a52a4bd2b6a6f52aad5ce1ea74d.yaml b/nuclei-templates/cve-less/plugins/contact-form-submissions-fa320a52a4bd2b6a6f52aad5ce1ea74d.yaml new file mode 100644 index 0000000000..3d555ab9fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-submissions-fa320a52a4bd2b6a6f52aad5ce1ea74d.yaml @@ -0,0 +1,58 @@ +id: contact-form-submissions-fa320a52a4bd2b6a6f52aad5ce1ea74d + +info: + name: > + Contact Form Submissions <= 1.7 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ab883bf-d6b4-4b0e-b8f4-69e6c0f90c70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-submissions/" + google-query: inurl:"/wp-content/plugins/contact-form-submissions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-submissions,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-submissions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-submissions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-any-api-23ce5fe03a72b8b92f4c0373c289ac85.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-any-api-23ce5fe03a72b8b92f4c0373c289ac85.yaml new file mode 100644 index 0000000000..ceced95476 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-any-api-23ce5fe03a72b8b92f4c0373c289ac85.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-any-api-23ce5fe03a72b8b92f4c0373c289ac85 + +info: + name: > + Contact Form to Any API <= 1.1.8 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2912f693-c8fd-48f7-8030-5e1f0edd715f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-any-api/" + google-query: inurl:"/wp-content/plugins/contact-form-to-any-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-any-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-any-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-any-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-any-api-2cc77b5ea4b45b7ee724687c14467261.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-any-api-2cc77b5ea4b45b7ee724687c14467261.yaml new file mode 100644 index 0000000000..e0e64eb021 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-any-api-2cc77b5ea4b45b7ee724687c14467261.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-any-api-2cc77b5ea4b45b7ee724687c14467261 + +info: + name: > + Contact Form to Any API <= 1.1.2 - Authenticated (Administrator+) SQL Injection via 'form_id' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fc6c23c-1c5c-4fd8-aeea-8eb431e33b39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-any-api/" + google-query: inurl:"/wp-content/plugins/contact-form-to-any-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-any-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-any-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-any-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-any-api-d34228fe0ea5aea58ceb8ad3c32ed940.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-any-api-d34228fe0ea5aea58ceb8ad3c32ed940.yaml new file mode 100644 index 0000000000..89ea7d8bdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-any-api-d34228fe0ea5aea58ceb8ad3c32ed940.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-any-api-d34228fe0ea5aea58ceb8ad3c32ed940 + +info: + name: > + Contact Form to Any API <= 1.1.6 - Missing Authorization via delete_cf7_records() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4a7c647-4c57-499a-8e46-ca273985bd6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-any-api/" + google-query: inurl:"/wp-content/plugins/contact-form-to-any-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-any-api,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-any-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-any-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-db-008dc0e9968f6799131ae4b8b208b112.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-db-008dc0e9968f6799131ae4b8b208b112.yaml new file mode 100644 index 0000000000..ca9e140bca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-db-008dc0e9968f6799131ae4b8b208b112.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-db-008dc0e9968f6799131ae4b8b208b112 + +info: + name: > + Contact Form to DB <= 1.5.6 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98e47920-fb99-478d-9d6c-1612e8b4aca1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-db/" + google-query: inurl:"/wp-content/plugins/contact-form-to-db/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-db,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-db/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-db" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-db-0bc37b5f5d5498d8771db41a1e16a982.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-db-0bc37b5f5d5498d8771db41a1e16a982.yaml new file mode 100644 index 0000000000..108b7c3e14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-db-0bc37b5f5d5498d8771db41a1e16a982.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-db-0bc37b5f5d5498d8771db41a1e16a982 + +info: + name: > + Contact Form to DB by BestWebSoft <= 1.7.0 - Authenticated (Contributor+) SQL Injection via cntctfrmtdb_department + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba317acb-d45c-42c0-b5fb-b163bcd59340?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-db/" + google-query: inurl:"/wp-content/plugins/contact-form-to-db/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-db,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-db/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-db" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-db-74041a1cd73f08568e0ec3ed47a172de.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-db-74041a1cd73f08568e0ec3ed47a172de.yaml new file mode 100644 index 0000000000..1485faccf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-db-74041a1cd73f08568e0ec3ed47a172de.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-db-74041a1cd73f08568e0ec3ed47a172de + +info: + name: > + Contact Form to DB by BestWebSoft <= 1.7.1 - Authenticated (Administrator+) SQL Injection via 's' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0e582e3-9ca3-4601-81f2-cb6ef827a468?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-db/" + google-query: inurl:"/wp-content/plugins/contact-form-to-db/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-db,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-db/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-db" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-email-19c454491469bb4baac868d543f48c48.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-email-19c454491469bb4baac868d543f48c48.yaml new file mode 100644 index 0000000000..50c170ac97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-email-19c454491469bb4baac868d543f48c48.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-email-19c454491469bb4baac868d543f48c48 + +info: + name: > + Contact Form Email <= 1.2.65 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4515507c-a0a4-4e45-8112-fedd117e425f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-email/" + google-query: inurl:"/wp-content/plugins/contact-form-to-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.66') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-email-2c888a383975451b85f071f96c07a849.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-email-2c888a383975451b85f071f96c07a849.yaml new file mode 100644 index 0000000000..08e4a4a156 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-email-2c888a383975451b85f071f96c07a849.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-email-2c888a383975451b85f071f96c07a849 + +info: + name: > + Contact Form Email <= 1.2.65 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52ac7ccf-89fd-47d3-ba61-7bcf84908a57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-email/" + google-query: inurl:"/wp-content/plugins/contact-form-to-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-email,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.65') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-email-334f4f62624615af2cc14829ff37be7b.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-email-334f4f62624615af2cc14829ff37be7b.yaml new file mode 100644 index 0000000000..d75ab1fee9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-email-334f4f62624615af2cc14829ff37be7b.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-email-334f4f62624615af2cc14829ff37be7b + +info: + name: > + Contact Form Email <= 1.3.41 - Captcha Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b637ebfd-c273-428b-985c-6f5b6a03f263?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-email/" + google-query: inurl:"/wp-content/plugins/contact-form-to-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-email-523f9782716d9d1f6a85039ec487ef5a.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-email-523f9782716d9d1f6a85039ec487ef5a.yaml new file mode 100644 index 0000000000..7be060c30e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-email-523f9782716d9d1f6a85039ec487ef5a.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-email-523f9782716d9d1f6a85039ec487ef5a + +info: + name: > + Contact Form Email <= 1.2.65 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cab2f0d7-f288-4462-b2a7-7a999cd47466?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-email/" + google-query: inurl:"/wp-content/plugins/contact-form-to-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.65') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-email-73e00ca7db916ed6c728c1ea942e0577.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-email-73e00ca7db916ed6c728c1ea942e0577.yaml new file mode 100644 index 0000000000..9e94d51af5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-email-73e00ca7db916ed6c728c1ea942e0577.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-email-73e00ca7db916ed6c728c1ea942e0577 + +info: + name: > + Contact Form Email <= 1.3.43 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86f67129-2042-4dff-85de-e189e9f6b53d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-email/" + google-query: inurl:"/wp-content/plugins/contact-form-to-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.43') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-email-97fdf4928bbd76fae340c4c5446a338a.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-email-97fdf4928bbd76fae340c4c5446a338a.yaml new file mode 100644 index 0000000000..5213ede3d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-email-97fdf4928bbd76fae340c4c5446a338a.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-email-97fdf4928bbd76fae340c4c5446a338a + +info: + name: > + Contact Form Email <= 1.3.44 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1daaab1a-ce0e-461d-940e-27b5b3f60e32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-email/" + google-query: inurl:"/wp-content/plugins/contact-form-to-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-email-b66a39c48610a87259a172e4f5cf2fee.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-email-b66a39c48610a87259a172e4f5cf2fee.yaml new file mode 100644 index 0000000000..08942a6b63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-email-b66a39c48610a87259a172e4f5cf2fee.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-email-b66a39c48610a87259a172e4f5cf2fee + +info: + name: > + Contact Form Email <= 1.3.24 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96b58c2c-f292-4a48-bd1e-c33cf464c1ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-email/" + google-query: inurl:"/wp-content/plugins/contact-form-to-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-email-c7e1acab172697ab915921160c7d0087.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-email-c7e1acab172697ab915921160c7d0087.yaml new file mode 100644 index 0000000000..13e2a3ced1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-email-c7e1acab172697ab915921160c7d0087.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-email-c7e1acab172697ab915921160c7d0087 + +info: + name: > + Contact Form Email <= 1.3.37 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d5c6566-a890-4b95-b349-3874eb57b45a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-email/" + google-query: inurl:"/wp-content/plugins/contact-form-to-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-to-email-fa3064d32c24f2074e60835d6d0ebe62.yaml b/nuclei-templates/cve-less/plugins/contact-form-to-email-fa3064d32c24f2074e60835d6d0ebe62.yaml new file mode 100644 index 0000000000..38d838a395 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-to-email-fa3064d32c24f2074e60835d6d0ebe62.yaml @@ -0,0 +1,58 @@ +id: contact-form-to-email-fa3064d32c24f2074e60835d6d0ebe62 + +info: + name: > + Contact Form Email <= 1.3.31 - Missing Authorization to Feedback Submission + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9596c243-4099-420a-aa2a-381b6299f927?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-to-email/" + google-query: inurl:"/wp-content/plugins/contact-form-to-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-to-email,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-to-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-to-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-with-a-meeting-scheduler-by-vcita-6c834138798466361126510722b04f6a.yaml b/nuclei-templates/cve-less/plugins/contact-form-with-a-meeting-scheduler-by-vcita-6c834138798466361126510722b04f6a.yaml new file mode 100644 index 0000000000..126b3f63a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-with-a-meeting-scheduler-by-vcita-6c834138798466361126510722b04f6a.yaml @@ -0,0 +1,58 @@ +id: contact-form-with-a-meeting-scheduler-by-vcita-6c834138798466361126510722b04f6a + +info: + name: > + Contact Form Builder by vcita <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12ce97ba-8053-481f-bcd7-05d5e8292adb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/" + google-query: inurl:"/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-with-a-meeting-scheduler-by-vcita,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-with-a-meeting-scheduler-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-with-a-meeting-scheduler-by-vcita-87393b6cbe65ceec06a5ec19e419100f.yaml b/nuclei-templates/cve-less/plugins/contact-form-with-a-meeting-scheduler-by-vcita-87393b6cbe65ceec06a5ec19e419100f.yaml new file mode 100644 index 0000000000..0e34291333 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-with-a-meeting-scheduler-by-vcita-87393b6cbe65ceec06a5ec19e419100f.yaml @@ -0,0 +1,58 @@ +id: contact-form-with-a-meeting-scheduler-by-vcita-87393b6cbe65ceec06a5ec19e419100f + +info: + name: > + Contact Form and Calls To Action by vcita <= 2.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2345c972-9fd4-4709-8bde-315ab54f60e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/" + google-query: inurl:"/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-with-a-meeting-scheduler-by-vcita,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-with-a-meeting-scheduler-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-with-a-meeting-scheduler-by-vcita-c64d112b09ccd6fd1b8f5dd595338d1e.yaml b/nuclei-templates/cve-less/plugins/contact-form-with-a-meeting-scheduler-by-vcita-c64d112b09ccd6fd1b8f5dd595338d1e.yaml new file mode 100644 index 0000000000..7aa1373326 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-with-a-meeting-scheduler-by-vcita-c64d112b09ccd6fd1b8f5dd595338d1e.yaml @@ -0,0 +1,58 @@ +id: contact-form-with-a-meeting-scheduler-by-vcita-c64d112b09ccd6fd1b8f5dd595338d1e + +info: + name: > + Contact Form Builder by vcita <= 4.9.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61c39f5f-3b17-4e4d-824e-241159a73400?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/" + google-query: inurl:"/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-with-a-meeting-scheduler-by-vcita,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-with-a-meeting-scheduler-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-with-a-meeting-scheduler-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-with-captcha-cae1c922212fa7c1549f820e13a75cb7.yaml b/nuclei-templates/cve-less/plugins/contact-form-with-captcha-cae1c922212fa7c1549f820e13a75cb7.yaml new file mode 100644 index 0000000000..3990d25ad6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-with-captcha-cae1c922212fa7c1549f820e13a75cb7.yaml @@ -0,0 +1,58 @@ +id: contact-form-with-captcha-cae1c922212fa7c1549f820e13a75cb7 + +info: + name: > + Contact Form With Captcha <= 1.6.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f618a350-e089-40f7-b731-7ffb9ece30b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-with-captcha/" + google-query: inurl:"/wp-content/plugins/contact-form-with-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-with-captcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-with-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-with-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-with-captcha-e81493486edc65b51a46933e4d69c1ae.yaml b/nuclei-templates/cve-less/plugins/contact-form-with-captcha-e81493486edc65b51a46933e4d69c1ae.yaml new file mode 100644 index 0000000000..587f23d069 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-with-captcha-e81493486edc65b51a46933e4d69c1ae.yaml @@ -0,0 +1,58 @@ +id: contact-form-with-captcha-e81493486edc65b51a46933e4d69c1ae + +info: + name: > + Contact Form With Captcha <= 1.6.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e30187da-c25d-4651-a32d-abdc6da53978?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-with-captcha/" + google-query: inurl:"/wp-content/plugins/contact-form-with-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-with-captcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-with-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-with-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-form-x-3ac76b892c0315db178c6ad3b771092a.yaml b/nuclei-templates/cve-less/plugins/contact-form-x-3ac76b892c0315db178c6ad3b771092a.yaml new file mode 100644 index 0000000000..cb73e494ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-form-x-3ac76b892c0315db178c6ad3b771092a.yaml @@ -0,0 +1,58 @@ +id: contact-form-x-3ac76b892c0315db178c6ad3b771092a + +info: + name: > + Contact Form X <= 2.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b996e76-770f-41cc-9601-4e1a3e0127bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-form-x/" + google-query: inurl:"/wp-content/plugins/contact-form-x/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-form-x,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-form-x/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-form-x" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-14cc2ff52c2662c5bebf9121075ccf4f.yaml b/nuclei-templates/cve-less/plugins/contact-forms-14cc2ff52c2662c5bebf9121075ccf4f.yaml new file mode 100644 index 0000000000..105f570ba7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-14cc2ff52c2662c5bebf9121075ccf4f.yaml @@ -0,0 +1,58 @@ +id: contact-forms-14cc2ff52c2662c5bebf9121075ccf4f + +info: + name: > + Cimatti Contact Forms <= 1.4.11 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09952b56-a064-46f9-b037-be86cf6df781?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms/" + google-query: inurl:"/wp-content/plugins/contact-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-6077f7a94c87d9a1b005a233e3c6fd5d.yaml b/nuclei-templates/cve-less/plugins/contact-forms-6077f7a94c87d9a1b005a233e3c6fd5d.yaml new file mode 100644 index 0000000000..f2c12f0d05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-6077f7a94c87d9a1b005a233e3c6fd5d.yaml @@ -0,0 +1,58 @@ +id: contact-forms-6077f7a94c87d9a1b005a233e3c6fd5d + +info: + name: > + Contact Forms by Cimatti <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41c71f86-a2f7-4e0e-9145-ba50830f6dba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms/" + google-query: inurl:"/wp-content/plugins/contact-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-6dcd6771f1f0746a16b380bac310ab87.yaml b/nuclei-templates/cve-less/plugins/contact-forms-6dcd6771f1f0746a16b380bac310ab87.yaml new file mode 100644 index 0000000000..153bc4be46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-6dcd6771f1f0746a16b380bac310ab87.yaml @@ -0,0 +1,58 @@ +id: contact-forms-6dcd6771f1f0746a16b380bac310ab87 + +info: + name: > + Contact Forms by Cimatti <= 1.6.0 - Cross-Site Request Forgery via accua_forms_list_page_table + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab795923-2ec0-49eb-a911-56a74d90ca3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms/" + google-query: inurl:"/wp-content/plugins/contact-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-79bb03ced62c925cc3980f7773c8b468.yaml b/nuclei-templates/cve-less/plugins/contact-forms-79bb03ced62c925cc3980f7773c8b468.yaml new file mode 100644 index 0000000000..8d6735a0ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-79bb03ced62c925cc3980f7773c8b468.yaml @@ -0,0 +1,58 @@ +id: contact-forms-79bb03ced62c925cc3980f7773c8b468 + +info: + name: > + Contact Forms by Cimatti <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ef2196d-3617-44ba-a8c5-dc1b45408293?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms/" + google-query: inurl:"/wp-content/plugins/contact-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-8da30969bcacb440bbb986e6162d8445.yaml b/nuclei-templates/cve-less/plugins/contact-forms-8da30969bcacb440bbb986e6162d8445.yaml new file mode 100644 index 0000000000..f5983e027b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-8da30969bcacb440bbb986e6162d8445.yaml @@ -0,0 +1,58 @@ +id: contact-forms-8da30969bcacb440bbb986e6162d8445 + +info: + name: > + WordPress Contact Forms by Cimatti <= 1.5.7 - Cross-Site Request Forgery via _accua_forms_form_edit_action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f80a1f13-c1b9-4259-8d96-71a3cbcaf4ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms/" + google-query: inurl:"/wp-content/plugins/contact-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-20311a33f3f379efbba8f0342b6a65da.yaml b/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-20311a33f3f379efbba8f0342b6a65da.yaml new file mode 100644 index 0000000000..99dab8be8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-20311a33f3f379efbba8f0342b6a65da.yaml @@ -0,0 +1,58 @@ +id: contact-forms-anti-spam-20311a33f3f379efbba8f0342b6a65da + +info: + name: > + Maspik – Spam blacklist <= 0.9.2 - Unauthenticated Stored Cross-Site Scripting via efas_add_to_log + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8db52ce-fbc3-4fe1-b9b4-cb2ce7d88a67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms-anti-spam/" + google-query: inurl:"/wp-content/plugins/contact-forms-anti-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms-anti-spam,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms-anti-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms-anti-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-87058e9c1b26afbdd8a6e1c7e1f576f5.yaml b/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-87058e9c1b26afbdd8a6e1c7e1f576f5.yaml new file mode 100644 index 0000000000..c4b2b68573 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-87058e9c1b26afbdd8a6e1c7e1f576f5.yaml @@ -0,0 +1,58 @@ +id: contact-forms-anti-spam-87058e9c1b26afbdd8a6e1c7e1f576f5 + +info: + name: > + Maspik – Spam blacklist <= 0.10.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1703f90-17ad-4988-a60c-e56f88f3a317?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms-anti-spam/" + google-query: inurl:"/wp-content/plugins/contact-forms-anti-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms-anti-spam,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms-anti-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms-anti-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.10.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-cac5b9f1e3e6750110efd6bb6787f157.yaml b/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-cac5b9f1e3e6750110efd6bb6787f157.yaml new file mode 100644 index 0000000000..af482fadea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-cac5b9f1e3e6750110efd6bb6787f157.yaml @@ -0,0 +1,58 @@ +id: contact-forms-anti-spam-cac5b9f1e3e6750110efd6bb6787f157 + +info: + name: > + Maspik – Spam blacklist <= 0.7.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0206aead-d146-453d-99ed-3870f7dfdae9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms-anti-spam/" + google-query: inurl:"/wp-content/plugins/contact-forms-anti-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms-anti-spam,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms-anti-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms-anti-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-ff4c8819921d9a081116a64b6a2918f8.yaml b/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-ff4c8819921d9a081116a64b6a2918f8.yaml new file mode 100644 index 0000000000..e354832759 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-anti-spam-ff4c8819921d9a081116a64b6a2918f8.yaml @@ -0,0 +1,58 @@ +id: contact-forms-anti-spam-ff4c8819921d9a081116a64b6a2918f8 + +info: + name: > + Maspik – Spam blacklist <= 0.10.3 - Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3a8273e-2439-4138-941e-379d130e0c74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms-anti-spam/" + google-query: inurl:"/wp-content/plugins/contact-forms-anti-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms-anti-spam,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms-anti-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms-anti-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-bb71699aa4349b6b3064f95e45538058.yaml b/nuclei-templates/cve-less/plugins/contact-forms-bb71699aa4349b6b3064f95e45538058.yaml new file mode 100644 index 0000000000..846a71cab0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-bb71699aa4349b6b3064f95e45538058.yaml @@ -0,0 +1,58 @@ +id: contact-forms-bb71699aa4349b6b3064f95e45538058 + +info: + name: > + WordPress Contact Forms by Cimatti <= 1.5.4 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4b2587a-e84e-4149-b9ac-ecf36451f815?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms/" + google-query: inurl:"/wp-content/plugins/contact-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-builder-e7eeb43a188e099bb735454caeee5ee1.yaml b/nuclei-templates/cve-less/plugins/contact-forms-builder-e7eeb43a188e099bb735454caeee5ee1.yaml new file mode 100644 index 0000000000..52c3b6b9a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-builder-e7eeb43a188e099bb735454caeee5ee1.yaml @@ -0,0 +1,58 @@ +id: contact-forms-builder-e7eeb43a188e099bb735454caeee5ee1 + +info: + name: > + Contact Form Builder, Contact Widget <= 2.1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43ea0665-2c6e-4c78-8bc5-056f47f190ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms-builder/" + google-query: inurl:"/wp-content/plugins/contact-forms-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-forms-f0c94fb1e754e56b41cc5bd812bd2131.yaml b/nuclei-templates/cve-less/plugins/contact-forms-f0c94fb1e754e56b41cc5bd812bd2131.yaml new file mode 100644 index 0000000000..94f70fbfeb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-forms-f0c94fb1e754e56b41cc5bd812bd2131.yaml @@ -0,0 +1,58 @@ +id: contact-forms-f0c94fb1e754e56b41cc5bd812bd2131 + +info: + name: > + Contact Forms by Cimatti <= 1.5.4 - Reflected Cross-Site Scripting via 'form-field-id', 'edit-fid', 'id', 'name', 'type', 'description' Parameters + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b512f9a9-6c83-416c-bacc-ee3bba8dfe29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-forms/" + google-query: inurl:"/wp-content/plugins/contact-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-b847bc73a92d46d668812fa6ef8e89b3.yaml b/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-b847bc73a92d46d668812fa6ef8e89b3.yaml new file mode 100644 index 0000000000..885cab6c1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contact-us-page-contact-people-b847bc73a92d46d668812fa6ef8e89b3.yaml @@ -0,0 +1,58 @@ +id: contact-us-page-contact-people-b847bc73a92d46d668812fa6ef8e89b3 + +info: + name: > + Contact Us Page – Contact People <= 3.7.0 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cec03d3-0e80-4025-b782-1ce9c3237569?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contact-us-page-contact-people/" + google-query: inurl:"/wp-content/plugins/contact-us-page-contact-people/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contact-us-page-contact-people,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contact-us-page-contact-people/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contact-us-page-contact-people" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contactme-96de724cebfb88ce342c3f1cd99b7f35.yaml b/nuclei-templates/cve-less/plugins/contactme-96de724cebfb88ce342c3f1cd99b7f35.yaml new file mode 100644 index 0000000000..e1810cb17b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contactme-96de724cebfb88ce342c3f1cd99b7f35.yaml @@ -0,0 +1,58 @@ +id: contactme-96de724cebfb88ce342c3f1cd99b7f35 + +info: + name: > + Contact Form by ContactMe.com <= 2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/904f8881-1513-43b7-a9cf-1b81d8493b12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contactme/" + google-query: inurl:"/wp-content/plugins/contactme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contactme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contactme/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contactme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-audit-a03a0aef3cdb2ee1e486094cc570f1e0.yaml b/nuclei-templates/cve-less/plugins/content-audit-a03a0aef3cdb2ee1e486094cc570f1e0.yaml new file mode 100644 index 0000000000..5009e15172 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-audit-a03a0aef3cdb2ee1e486094cc570f1e0.yaml @@ -0,0 +1,58 @@ +id: content-audit-a03a0aef3cdb2ee1e486094cc570f1e0 + +info: + name: > + Content Audit <= 1.9.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c801dfe6-a39f-4212-9cd7-71ef921c43ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-audit/" + google-query: inurl:"/wp-content/plugins/content-audit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-audit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-audit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-audit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-audit-bdf28a131c7bd7c8afd4060cccc1802a.yaml b/nuclei-templates/cve-less/plugins/content-audit-bdf28a131c7bd7c8afd4060cccc1802a.yaml new file mode 100644 index 0000000000..5ccf53f5aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-audit-bdf28a131c7bd7c8afd4060cccc1802a.yaml @@ -0,0 +1,58 @@ +id: content-audit-bdf28a131c7bd7c8afd4060cccc1802a + +info: + name: > + Content Audit <= 1.6.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/436dc261-66b8-4b6c-9932-82513c3e5461?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-audit/" + google-query: inurl:"/wp-content/plugins/content-audit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-audit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-audit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-audit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-cards-3504e7e5ce554ea17877d4ad4d619862.yaml b/nuclei-templates/cve-less/plugins/content-cards-3504e7e5ce554ea17877d4ad4d619862.yaml new file mode 100644 index 0000000000..2172d49625 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-cards-3504e7e5ce554ea17877d4ad4d619862.yaml @@ -0,0 +1,58 @@ +id: content-cards-3504e7e5ce554ea17877d4ad4d619862 + +info: + name: > + Content Cards <= 0.9.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/054f6ed4-75fc-4431-9249-48f41860d682?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-cards/" + google-query: inurl:"/wp-content/plugins/content-cards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-cards,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-cards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-cards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-cards-c0ae11bcf65a3a05752255a9835cc822.yaml b/nuclei-templates/cve-less/plugins/content-cards-c0ae11bcf65a3a05752255a9835cc822.yaml new file mode 100644 index 0000000000..ad17986773 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-cards-c0ae11bcf65a3a05752255a9835cc822.yaml @@ -0,0 +1,58 @@ +id: content-cards-c0ae11bcf65a3a05752255a9835cc822 + +info: + name: > + Content Cards <= 0.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e7d10ab-2525-407b-b814-ef7d884d5287?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-cards/" + google-query: inurl:"/wp-content/plugins/content-cards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-cards,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-cards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-cards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-control-65043d39bf222f68f6c9850d424ae1bf.yaml b/nuclei-templates/cve-less/plugins/content-control-65043d39bf222f68f6c9850d424ae1bf.yaml new file mode 100644 index 0000000000..75d6bd5bc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-control-65043d39bf222f68f6c9850d424ae1bf.yaml @@ -0,0 +1,58 @@ +id: content-control-65043d39bf222f68f6c9850d424ae1bf + +info: + name: > + Content Control <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6e8d21a-8c67-4e35-b18e-e100f31b2863?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-control/" + google-query: inurl:"/wp-content/plugins/content-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-control,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-control-6cd803f0fa2a9a46d6f2307a3acf4872.yaml b/nuclei-templates/cve-less/plugins/content-control-6cd803f0fa2a9a46d6f2307a3acf4872.yaml new file mode 100644 index 0000000000..c7d3dc6ace --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-control-6cd803f0fa2a9a46d6f2307a3acf4872.yaml @@ -0,0 +1,58 @@ +id: content-control-6cd803f0fa2a9a46d6f2307a3acf4872 + +info: + name: > + Content Control <= 2.1.0 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a14cce74-6432-4b92-85c8-8b899e4248fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-control/" + google-query: inurl:"/wp-content/plugins/content-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-control,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-egg-b1d431b2d71fecfb14bc9d5f71e53d5a.yaml b/nuclei-templates/cve-less/plugins/content-egg-b1d431b2d71fecfb14bc9d5f71e53d5a.yaml new file mode 100644 index 0000000000..4d6bc0cf19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-egg-b1d431b2d71fecfb14bc9d5f71e53d5a.yaml @@ -0,0 +1,58 @@ +id: content-egg-b1d431b2d71fecfb14bc9d5f71e53d5a + +info: + name: > + Content Egg <= 5.3.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c26ecf2-f5bb-427f-9f09-6b3d1fb5da3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-egg/" + google-query: inurl:"/wp-content/plugins/content-egg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-egg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-egg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-egg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-egg-e3ab5ea87cccc6d9dbd7e7c3ec127075.yaml b/nuclei-templates/cve-less/plugins/content-egg-e3ab5ea87cccc6d9dbd7e7c3ec127075.yaml new file mode 100644 index 0000000000..0b8c03e5f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-egg-e3ab5ea87cccc6d9dbd7e7c3ec127075.yaml @@ -0,0 +1,58 @@ +id: content-egg-e3ab5ea87cccc6d9dbd7e7c3ec127075 + +info: + name: > + Content Egg <= 5.4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/925ca72b-3761-42e5-aace-b31d42bc9a73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-egg/" + google-query: inurl:"/wp-content/plugins/content-egg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-egg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-egg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-egg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-excel-importer-d376b4d580b7428d3bfbfcb6ac5ff40d.yaml b/nuclei-templates/cve-less/plugins/content-excel-importer-d376b4d580b7428d3bfbfcb6ac5ff40d.yaml new file mode 100644 index 0000000000..0d20fa4aab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-excel-importer-d376b4d580b7428d3bfbfcb6ac5ff40d.yaml @@ -0,0 +1,58 @@ +id: content-excel-importer-d376b4d580b7428d3bfbfcb6ac5ff40d + +info: + name: > + Import Content in WordPress & WooCommerce with Excel <= 4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a8cb8ef-a2e5-47ef-8d8c-759ed83a015b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-excel-importer/" + google-query: inurl:"/wp-content/plugins/content-excel-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-excel-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-excel-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-excel-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-grabber-d1c8ca034f832b8e22c96845d2890940.yaml b/nuclei-templates/cve-less/plugins/content-grabber-d1c8ca034f832b8e22c96845d2890940.yaml new file mode 100644 index 0000000000..f23c5871bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-grabber-d1c8ca034f832b8e22c96845d2890940.yaml @@ -0,0 +1,58 @@ +id: content-grabber-d1c8ca034f832b8e22c96845d2890940 + +info: + name: > + Content Grabber <= 1.0 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cd3c84b-dacc-44e8-a236-bfc80e6dceba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-grabber/" + google-query: inurl:"/wp-content/plugins/content-grabber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-grabber,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-grabber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-grabber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-mask-1c3db202ed4136234a7dba357e335f3e.yaml b/nuclei-templates/cve-less/plugins/content-mask-1c3db202ed4136234a7dba357e335f3e.yaml new file mode 100644 index 0000000000..c72a76599a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-mask-1c3db202ed4136234a7dba357e335f3e.yaml @@ -0,0 +1,58 @@ +id: content-mask-1c3db202ed4136234a7dba357e335f3e + +info: + name: > + Content Mask <= 1.8.4 - Authenticated (Subscriber+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/267d2b02-6365-4553-9809-bc3a8b070c7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-mask/" + google-query: inurl:"/wp-content/plugins/content-mask/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-mask,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-mask/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-mask" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-protector-0585d1bea582d0ee6fb87cab95609406.yaml b/nuclei-templates/cve-less/plugins/content-protector-0585d1bea582d0ee6fb87cab95609406.yaml new file mode 100644 index 0000000000..8afd038a8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-protector-0585d1bea582d0ee6fb87cab95609406.yaml @@ -0,0 +1,58 @@ +id: content-protector-0585d1bea582d0ee6fb87cab95609406 + +info: + name: > + Passster <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_protector Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/880f1f3f-857c-46da-a65c-082348260f89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-protector/" + google-query: inurl:"/wp-content/plugins/content-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-protector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-protector-457bded7758897bb7b11c24dee26d4c2.yaml b/nuclei-templates/cve-less/plugins/content-protector-457bded7758897bb7b11c24dee26d4c2.yaml new file mode 100644 index 0000000000..61c02ae3df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-protector-457bded7758897bb7b11c24dee26d4c2.yaml @@ -0,0 +1,58 @@ +id: content-protector-457bded7758897bb7b11c24dee26d4c2 + +info: + name: > + Passster <= 3.5.5.8 - Missing Authentication leading to Sensitive Information Disclosure (Private Post Leakage) + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ac2559a-c622-417c-a655-e92e8ac96770?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-protector/" + google-query: inurl:"/wp-content/plugins/content-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-protector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-protector-5a70a8d7dfb4ee35e96ebed234af90de.yaml b/nuclei-templates/cve-less/plugins/content-protector-5a70a8d7dfb4ee35e96ebed234af90de.yaml new file mode 100644 index 0000000000..3c3270a0c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-protector-5a70a8d7dfb4ee35e96ebed234af90de.yaml @@ -0,0 +1,58 @@ +id: content-protector-5a70a8d7dfb4ee35e96ebed234af90de + +info: + name: > + Passster <= 3.5.5.5.1 - Insecure Password Storage to Sensitive Data Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97dd7e1a-9189-4a35-9cd0-e80b5d9a0e9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-protector/" + google-query: inurl:"/wp-content/plugins/content-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-protector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.5.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-protector-bd26cb20f513a11738059a698b560137.yaml b/nuclei-templates/cve-less/plugins/content-protector-bd26cb20f513a11738059a698b560137.yaml new file mode 100644 index 0000000000..f6d69c9fba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-protector-bd26cb20f513a11738059a698b560137.yaml @@ -0,0 +1,58 @@ +id: content-protector-bd26cb20f513a11738059a698b560137 + +info: + name: > + Passster – Password Protect Pages and Content <= 4.2.6.2 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00b81467-8d00-4816-895a-89d67c541c17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-protector/" + google-query: inurl:"/wp-content/plugins/content-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-protector,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-protector-d2daaa3d964f6f32895fca6e21e6cab6.yaml b/nuclei-templates/cve-less/plugins/content-protector-d2daaa3d964f6f32895fca6e21e6cab6.yaml new file mode 100644 index 0000000000..43c15a91cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-protector-d2daaa3d964f6f32895fca6e21e6cab6.yaml @@ -0,0 +1,58 @@ +id: content-protector-d2daaa3d964f6f32895fca6e21e6cab6 + +info: + name: > + Passster – Password Protection <= 3.5.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b60e693-472e-48ba-81c7-869c9b255762?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-protector/" + google-query: inurl:"/wp-content/plugins/content-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-protector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-repeater-8bc6ce24c222c874630a145ef16e8d93.yaml b/nuclei-templates/cve-less/plugins/content-repeater-8bc6ce24c222c874630a145ef16e8d93.yaml new file mode 100644 index 0000000000..60cfcb4814 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-repeater-8bc6ce24c222c874630a145ef16e8d93.yaml @@ -0,0 +1,58 @@ +id: content-repeater-8bc6ce24c222c874630a145ef16e8d93 + +info: + name: > + Content Repeater – Custom Posts Simplified <= 1.1.13 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9ad3a88-fcfd-45c5-a23d-ca544cad3ab2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-repeater/" + google-query: inurl:"/wp-content/plugins/content-repeater/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-repeater,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-repeater/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-repeater" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-repeater-ab2b677573aede58b8661a8c8b875adf.yaml b/nuclei-templates/cve-less/plugins/content-repeater-ab2b677573aede58b8661a8c8b875adf.yaml new file mode 100644 index 0000000000..43ab6ad07b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-repeater-ab2b677573aede58b8661a8c8b875adf.yaml @@ -0,0 +1,58 @@ +id: content-repeater-ab2b677573aede58b8661a8c8b875adf + +info: + name: > + Content Repeater <= 1.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21ae9136-a60c-483d-bdf4-b0c55796560d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-repeater/" + google-query: inurl:"/wp-content/plugins/content-repeater/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-repeater,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-repeater/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-repeater" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-slide-8acf2c0ab08c8e98004387e8ebf54bb0.yaml b/nuclei-templates/cve-less/plugins/content-slide-8acf2c0ab08c8e98004387e8ebf54bb0.yaml new file mode 100644 index 0000000000..7700fc001c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-slide-8acf2c0ab08c8e98004387e8ebf54bb0.yaml @@ -0,0 +1,58 @@ +id: content-slide-8acf2c0ab08c8e98004387e8ebf54bb0 + +info: + name: > + Content Slide <= 1.4.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d767b710-0bef-4f36-8edd-eccd845a2b07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-slide/" + google-query: inurl:"/wp-content/plugins/content-slide/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-slide,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-slide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-slide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-staging-a29cb4528fb3dd359faf1d68a8cf9ee1.yaml b/nuclei-templates/cve-less/plugins/content-staging-a29cb4528fb3dd359faf1d68a8cf9ee1.yaml new file mode 100644 index 0000000000..bb4396345c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-staging-a29cb4528fb3dd359faf1d68a8cf9ee1.yaml @@ -0,0 +1,58 @@ +id: content-staging-a29cb4528fb3dd359faf1d68a8cf9ee1 + +info: + name: > + Content Staging <= 2.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8270ef0-7c98-4bb1-af83-bdcc2c7867ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-staging/" + google-query: inurl:"/wp-content/plugins/content-staging/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-staging,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-staging/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-staging" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-text-slider-on-post-321e86531ce3a7401f2a887940f1ca1d.yaml b/nuclei-templates/cve-less/plugins/content-text-slider-on-post-321e86531ce3a7401f2a887940f1ca1d.yaml new file mode 100644 index 0000000000..5076342330 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-text-slider-on-post-321e86531ce3a7401f2a887940f1ca1d.yaml @@ -0,0 +1,58 @@ +id: content-text-slider-on-post-321e86531ce3a7401f2a887940f1ca1d + +info: + name: > + Content text slider on post < 6.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51a49b5b-c0a3-4aac-84cc-6e1ebf3a442e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-text-slider-on-post/" + google-query: inurl:"/wp-content/plugins/content-text-slider-on-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-text-slider-on-post,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-text-slider-on-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-text-slider-on-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-views-query-and-display-post-page-32b155c617c0c335f9330107a2737ef9.yaml b/nuclei-templates/cve-less/plugins/content-views-query-and-display-post-page-32b155c617c0c335f9330107a2737ef9.yaml new file mode 100644 index 0000000000..67c48c03fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-views-query-and-display-post-page-32b155c617c0c335f9330107a2737ef9.yaml @@ -0,0 +1,58 @@ +id: content-views-query-and-display-post-page-32b155c617c0c335f9330107a2737ef9 + +info: + name: > + Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagingType Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65504747-7f1b-43f9-be4d-48b9547e7c45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-views-query-and-display-post-page/" + google-query: inurl:"/wp-content/plugins/content-views-query-and-display-post-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-views-query-and-display-post-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-views-query-and-display-post-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-views-query-and-display-post-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-views-query-and-display-post-page-96403daec96064716d990b4ed68fc604.yaml b/nuclei-templates/cve-less/plugins/content-views-query-and-display-post-page-96403daec96064716d990b4ed68fc604.yaml new file mode 100644 index 0000000000..14b7a8f6af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-views-query-and-display-post-page-96403daec96064716d990b4ed68fc604.yaml @@ -0,0 +1,58 @@ +id: content-views-query-and-display-post-page-96403daec96064716d990b4ed68fc604 + +info: + name: > + Content Views <= 3.6.2 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-views-query-and-display-post-page/" + google-query: inurl:"/wp-content/plugins/content-views-query-and-display-post-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-views-query-and-display-post-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-views-query-and-display-post-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-views-query-and-display-post-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content-views-query-and-display-post-page-f50e7448551c79441add3846b2a5874b.yaml b/nuclei-templates/cve-less/plugins/content-views-query-and-display-post-page-f50e7448551c79441add3846b2a5874b.yaml new file mode 100644 index 0000000000..e59b6750da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content-views-query-and-display-post-page-f50e7448551c79441add3846b2a5874b.yaml @@ -0,0 +1,58 @@ +id: content-views-query-and-display-post-page-f50e7448551c79441add3846b2a5874b + +info: + name: > + Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Post Overlay + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5666da4a-ffb6-47ed-8b48-a80f09dd2501?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content-views-query-and-display-post-page/" + google-query: inurl:"/wp-content/plugins/content-views-query-and-display-post-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content-views-query-and-display-post-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content-views-query-and-display-post-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content-views-query-and-display-post-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/content_timeline-7f9ad1d6a2154bddb398590843df9930.yaml b/nuclei-templates/cve-less/plugins/content_timeline-7f9ad1d6a2154bddb398590843df9930.yaml new file mode 100644 index 0000000000..a60c526e44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/content_timeline-7f9ad1d6a2154bddb398590843df9930.yaml @@ -0,0 +1,58 @@ +id: content_timeline-7f9ad1d6a2154bddb398590843df9930 + +info: + name: > + Content Timeline <= 4.4.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c66d88a1-0936-40c4-adcf-ad79b9c57a80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/content_timeline/" + google-query: inurl:"/wp-content/plugins/content_timeline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,content_timeline,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/content_timeline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "content_timeline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contentstudio-64bd1922f633605cf49031a3735ffb86.yaml b/nuclei-templates/cve-less/plugins/contentstudio-64bd1922f633605cf49031a3735ffb86.yaml new file mode 100644 index 0000000000..2626b9f093 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contentstudio-64bd1922f633605cf49031a3735ffb86.yaml @@ -0,0 +1,58 @@ +id: contentstudio-64bd1922f633605cf49031a3735ffb86 + +info: + name: > + ContentStudio <= 1.2.5 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c31828dc-ef94-4895-8395-a5d52a0a82bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contentstudio/" + google-query: inurl:"/wp-content/plugins/contentstudio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contentstudio,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contentstudio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contentstudio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contentstudio-93d0c9fb7bc094c24fb138bae4f602fc.yaml b/nuclei-templates/cve-less/plugins/contentstudio-93d0c9fb7bc094c24fb138bae4f602fc.yaml new file mode 100644 index 0000000000..b7c44acd01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contentstudio-93d0c9fb7bc094c24fb138bae4f602fc.yaml @@ -0,0 +1,58 @@ +id: contentstudio-93d0c9fb7bc094c24fb138bae4f602fc + +info: + name: > + ContentStudio <= 1.2.5 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62eb136f-3cb0-40dc-a154-015a7fa1077b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contentstudio/" + google-query: inurl:"/wp-content/plugins/contentstudio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contentstudio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contentstudio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contentstudio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contentstudio-9dbce4bd062a39cef5c1a852c279047e.yaml b/nuclei-templates/cve-less/plugins/contentstudio-9dbce4bd062a39cef5c1a852c279047e.yaml new file mode 100644 index 0000000000..feb40b52b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contentstudio-9dbce4bd062a39cef5c1a852c279047e.yaml @@ -0,0 +1,58 @@ +id: contentstudio-9dbce4bd062a39cef5c1a852c279047e + +info: + name: > + ContentStudio <= 1.2.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52db8d41-859a-4d68-8b83-3d3af8f1bf64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contentstudio/" + google-query: inurl:"/wp-content/plugins/contentstudio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contentstudio,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contentstudio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contentstudio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-1ac52ae7a1da8b0bd7a9bd3597d76efd.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-1ac52ae7a1da8b0bd7a9bd3597d76efd.yaml new file mode 100644 index 0000000000..42a5183478 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-1ac52ae7a1da8b0bd7a9bd3597d76efd.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-1ac52ae7a1da8b0bd7a9bd3597d76efd + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f185709e-0d13-48d3-9c15-03466b72dac2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-1fcba72eb855bf7a2b762f45f8e9327d.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-1fcba72eb855bf7a2b762f45f8e9327d.yaml new file mode 100644 index 0000000000..66e7da1af4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-1fcba72eb855bf7a2b762f45f8e9327d.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-1fcba72eb855bf7a2b762f45f8e9327d + +info: + name: > + Photos and Files Contest Gallery <= 21.3.4 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79fb4f24-8a59-4e57-b583-c87ee2493cdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-2613b63d2aee689ccf6be1c1b97a178f.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-2613b63d2aee689ccf6be1c1b97a178f.yaml new file mode 100644 index 0000000000..95f1ebdbf7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-2613b63d2aee689ccf6be1c1b97a178f.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-2613b63d2aee689ccf6be1c1b97a178f + +info: + name: > + Contest Gallery <= 21.3.4 - Authenticated (Author+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ed63de5-ef65-4e90-afc1-b7a075e99316?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-4b9ef62a2d3dd2d1bbf6db4d54a3bb14.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-4b9ef62a2d3dd2d1bbf6db4d54a3bb14.yaml new file mode 100644 index 0000000000..9d502ed79d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-4b9ef62a2d3dd2d1bbf6db4d54a3bb14.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-4b9ef62a2d3dd2d1bbf6db4d54a3bb14 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b1b1a55-7872-456f-a754-023aad354359?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-4f98def5aafbaedc907582ddf709a1ef.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-4f98def5aafbaedc907582ddf709a1ef.yaml new file mode 100644 index 0000000000..e44abe7d20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-4f98def5aafbaedc907582ddf709a1ef.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-4f98def5aafbaedc907582ddf709a1ef + +info: + name: > + Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[] + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf24ee30-7d9f-47c3-bc2a-1c3c92971ba8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-534d85fc0380423c37750b4f71b369b0.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-534d85fc0380423c37750b4f71b369b0.yaml new file mode 100644 index 0000000000..4914ff15f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-534d85fc0380423c37750b4f71b369b0.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-534d85fc0380423c37750b4f71b369b0 + +info: + name: > + Photos and Files Contest Gallery <= 21.3.2 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3150b3-fba1-4e89-8f4e-b6c605227395?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-53642a245d326d7cbf44af5789554e3c.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-53642a245d326d7cbf44af5789554e3c.yaml new file mode 100644 index 0000000000..4588e69bce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-53642a245d326d7cbf44af5789554e3c.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-53642a245d326d7cbf44af5789554e3c + +info: + name: > + Contest Gallery <= 21.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dbd3b23-cebc-4212-bcae-c6f23031c040?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-53bd8ee68daf44e8898790dff3d4d891.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-53bd8ee68daf44e8898790dff3d4d891.yaml new file mode 100644 index 0000000000..f4fa9406bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-53bd8ee68daf44e8898790dff3d4d891.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-53bd8ee68daf44e8898790dff3d4d891 + +info: + name: > + Contest Gallery <= 13.1.0.9 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78f745f9-c44e-4458-9381-f639c842a31e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-53c528c4b38bd34834da864bf5436a73.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-53c528c4b38bd34834da864bf5436a73.yaml new file mode 100644 index 0000000000..1b4e6e3e37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-53c528c4b38bd34834da864bf5436a73.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-53c528c4b38bd34834da864bf5436a73 + +info: + name: > + Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b24625d7-2a38-451b-ab79-a1d9c5b8822a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-5e73e241c87c5dbc4d6ce35aa938828e.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-5e73e241c87c5dbc4d6ce35aa938828e.yaml new file mode 100644 index 0000000000..e28ec0df71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-5e73e241c87c5dbc4d6ce35aa938828e.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-5e73e241c87c5dbc4d6ce35aa938828e + +info: + name: > + Contest Gallery <= 21.2.8.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4ed8c6e-5f80-4360-9478-fff49b1fee94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-757bd659f9146e7fed02497d3559c2e8.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-757bd659f9146e7fed02497d3559c2e8.yaml new file mode 100644 index 0000000000..de0e66078e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-757bd659f9146e7fed02497d3559c2e8.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-757bd659f9146e7fed02497d3559c2e8 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/407d8ebe-f3fc-433a-856f-de2ad4e58b9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-89931846724982da840bead82e16369b.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-89931846724982da840bead82e16369b.yaml new file mode 100644 index 0000000000..fec30b2849 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-89931846724982da840bead82e16369b.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-89931846724982da840bead82e16369b + +info: + name: > + Contest Gallery – Photo Contest Plugin for WordPress <= 10.4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb4b6d33-82cd-4c41-ba54-dbc7fe5f6ac6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-8a640d3ed297a8a63d17c701796646c2.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-8a640d3ed297a8a63d17c701796646c2.yaml new file mode 100644 index 0000000000..66e6359c44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-8a640d3ed297a8a63d17c701796646c2.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-8a640d3ed297a8a63d17c701796646c2 + +info: + name: > + Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a0fa7f6-cc1a-45fe-881d-694c81b841c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-8df0bbe5e4c9e759af91d2ae7c77ecd4.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-8df0bbe5e4c9e759af91d2ae7c77ecd4.yaml new file mode 100644 index 0000000000..15321cf4fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-8df0bbe5e4c9e759af91d2ae7c77ecd4.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-8df0bbe5e4c9e759af91d2ae7c77ecd4 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/691eb4c1-18ba-433b-8725-70f2ecf89b0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-8e81f52602da7d34f1be2c2a8e304501.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-8e81f52602da7d34f1be2c2a8e304501.yaml new file mode 100644 index 0000000000..10c99bb261 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-8e81f52602da7d34f1be2c2a8e304501.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-8e81f52602da7d34f1be2c2a8e304501 + +info: + name: > + Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Competition Plugin for WordPress <= 21.3.0 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ef37e72-f98f-4df6-8adb-514690350a82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-9580adf700b409fcf11b1b8ce6a8f986.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-9580adf700b409fcf11b1b8ce6a8f986.yaml new file mode 100644 index 0000000000..4b63e01e44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-9580adf700b409fcf11b1b8ce6a8f986.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-9580adf700b409fcf11b1b8ce6a8f986 + +info: + name: > + Contest Gallery < 21.2.8.1 - Unauthenticated Stored Cross-Site Scripting via headers + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e3c9f08-9e73-4791-b6ca-2c8b9dc3fb81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 21.2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-9ac93e930052c6b551d522a1a37f90fe.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-9ac93e930052c6b551d522a1a37f90fe.yaml new file mode 100644 index 0000000000..b635255b49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-9ac93e930052c6b551d522a1a37f90fe.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-9ac93e930052c6b551d522a1a37f90fe + +info: + name: > + Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10e05707-02cb-42de-8399-4556d76b01b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-9c0847af71db5cbde2297c6d8117181e.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-9c0847af71db5cbde2297c6d8117181e.yaml new file mode 100644 index 0000000000..336650f3f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-9c0847af71db5cbde2297c6d8117181e.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-9c0847af71db5cbde2297c6d8117181e + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d080f5b-6646-47ef-8ae7-8b94270f9f59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-a3fa9aa05831cbe48f93e588aa23d79b.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-a3fa9aa05831cbe48f93e588aa23d79b.yaml new file mode 100644 index 0000000000..197927cdc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-a3fa9aa05831cbe48f93e588aa23d79b.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-a3fa9aa05831cbe48f93e588aa23d79b + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31196bdf-2ddd-49ea-840d-8fd78611629e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-aa986981c75263be7a2313fe5bb981c0.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-aa986981c75263be7a2313fe5bb981c0.yaml new file mode 100644 index 0000000000..fbc95d1608 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-aa986981c75263be7a2313fe5bb981c0.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-aa986981c75263be7a2313fe5bb981c0 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/213fde1b-13dc-442a-8f48-4b1074155a6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-b3fb140ad00234395ef28e4892077821.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-b3fb140ad00234395ef28e4892077821.yaml new file mode 100644 index 0000000000..9e318cca7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-b3fb140ad00234395ef28e4892077821.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-b3fb140ad00234395ef28e4892077821 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e9672b1-6d00-45bc-91ef-0c5583b5306e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-c747e3cc597300516c2ada9764e8c1be.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-c747e3cc597300516c2ada9764e8c1be.yaml new file mode 100644 index 0000000000..be627f3813 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-c747e3cc597300516c2ada9764e8c1be.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-c747e3cc597300516c2ada9764e8c1be + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75c6697c-bc1d-456f-baee-ee9c57e40d21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-cad4f56715717797069f7a87850b72f0.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-cad4f56715717797069f7a87850b72f0.yaml new file mode 100644 index 0000000000..b027bfd2eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-cad4f56715717797069f7a87850b72f0.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-cad4f56715717797069f7a87850b72f0 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/250788a8-55d1-416b-bf1c-2170e8483ccc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-cadc46493e5e64619719bfd06035e262.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-cadc46493e5e64619719bfd06035e262.yaml new file mode 100644 index 0000000000..158c01c7d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-cadc46493e5e64619719bfd06035e262.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-cadc46493e5e64619719bfd06035e262 + +info: + name: > + Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7fcda2b-d679-44af-9592-4a96a0115a08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-cd8aaefa2a1be6647748a924e3adf35e.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-cd8aaefa2a1be6647748a924e3adf35e.yaml new file mode 100644 index 0000000000..9ad82f58b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-cd8aaefa2a1be6647748a924e3adf35e.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-cd8aaefa2a1be6647748a924e3adf35e + +info: + name: > + Contest Gallery – Photo Contest Plugin for WordPress <= 13.1.0.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3184c304-52d3-4baa-b3c2-90957e1d8e79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-e13fa86cb5f0a76818b71a18a333569e.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-e13fa86cb5f0a76818b71a18a333569e.yaml new file mode 100644 index 0000000000..13c69593db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-e13fa86cb5f0a76818b71a18a333569e.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-e13fa86cb5f0a76818b71a18a333569e + +info: + name: > + Contest Gallery <= 13.1.0.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f36af71c-78af-402c-9d3a-3752368e7584?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-f468941db7d975cc4bd3298b085b669f.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-f468941db7d975cc4bd3298b085b669f.yaml new file mode 100644 index 0000000000..23f0e38815 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-f468941db7d975cc4bd3298b085b669f.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-f468941db7d975cc4bd3298b085b669f + +info: + name: > + Contest Gallery <= 21.3.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0c54f2-3942-48bd-b821-b66a57fd1506?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-f4eafb52aedd774a77d6abb99f32e10c.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-f4eafb52aedd774a77d6abb99f32e10c.yaml new file mode 100644 index 0000000000..c287420273 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-f4eafb52aedd774a77d6abb99f32e10c.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-f4eafb52aedd774a77d6abb99f32e10c + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f946251-c7be-4ef6-885f-8b378c0c234c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-f99fe05b2429bd9e4943506324d48d85.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-f99fe05b2429bd9e4943506324d48d85.yaml new file mode 100644 index 0000000000..442954cbd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-f99fe05b2429bd9e4943506324d48d85.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-f99fe05b2429bd9e4943506324d48d85 + +info: + name: > + Contest Gallery <= 17.0.4 - Authenticated (Author+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9b90e03-cdaa-4bd3-9afd-5d5c91a17962?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery/" + google-query: inurl:"/wp-content/plugins/contest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 17.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-1ac52ae7a1da8b0bd7a9bd3597d76efd.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-1ac52ae7a1da8b0bd7a9bd3597d76efd.yaml new file mode 100644 index 0000000000..98ac186ec1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-1ac52ae7a1da8b0bd7a9bd3597d76efd.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-1ac52ae7a1da8b0bd7a9bd3597d76efd + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via addCountS + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f185709e-0d13-48d3-9c15-03466b72dac2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-4b9ef62a2d3dd2d1bbf6db4d54a3bb14.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-4b9ef62a2d3dd2d1bbf6db4d54a3bb14.yaml new file mode 100644 index 0000000000..b798eb349f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-4b9ef62a2d3dd2d1bbf6db4d54a3bb14.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-4b9ef62a2d3dd2d1bbf6db4d54a3bb14 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_multiple_files_for_post + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b1b1a55-7872-456f-a754-023aad354359?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-4f98def5aafbaedc907582ddf709a1ef.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-4f98def5aafbaedc907582ddf709a1ef.yaml new file mode 100644 index 0000000000..27a719c757 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-4f98def5aafbaedc907582ddf709a1ef.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-4f98def5aafbaedc907582ddf709a1ef + +info: + name: > + Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via upload[] + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf24ee30-7d9f-47c3-bc2a-1c3c92971ba8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-53c528c4b38bd34834da864bf5436a73.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-53c528c4b38bd34834da864bf5436a73.yaml new file mode 100644 index 0000000000..dd6f8b4327 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-53c528c4b38bd34834da864bf5436a73.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-53c528c4b38bd34834da864bf5436a73 + +info: + name: > + Contest Gallery <= 19.1.5 - Authenticated (Author+) SQL Injection via cg_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b24625d7-2a38-451b-ab79-a1d9c5b8822a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-757bd659f9146e7fed02497d3559c2e8.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-757bd659f9146e7fed02497d3559c2e8.yaml new file mode 100644 index 0000000000..4de09bae04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-757bd659f9146e7fed02497d3559c2e8.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-757bd659f9146e7fed02497d3559c2e8 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_start + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/407d8ebe-f3fc-433a-856f-de2ad4e58b9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-82c2c907402b124f31a2f373f11be562.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-82c2c907402b124f31a2f373f11be562.yaml new file mode 100644 index 0000000000..8b1145090f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-82c2c907402b124f31a2f373f11be562.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-82c2c907402b124f31a2f373f11be562 + +info: + name: > + Contest Gallery Pro <= 19.1.4.1 - Authenticated (Administrator+) SQL Injection via wp_user_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4284c31c-fa58-49fe-89ed-35d7b1bd6ec8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-8a640d3ed297a8a63d17c701796646c2.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-8a640d3ed297a8a63d17c701796646c2.yaml new file mode 100644 index 0000000000..5069ff852c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-8a640d3ed297a8a63d17c701796646c2.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-8a640d3ed297a8a63d17c701796646c2 + +info: + name: > + Contest Gallery <= 19.1.5 - Unauthenticated SQL Injection via user_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a0fa7f6-cc1a-45fe-881d-694c81b841c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-8df0bbe5e4c9e759af91d2ae7c77ecd4.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-8df0bbe5e4c9e759af91d2ae7c77ecd4.yaml new file mode 100644 index 0000000000..1f1d55395d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-8df0bbe5e4c9e759af91d2ae7c77ecd4.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-8df0bbe5e4c9e759af91d2ae7c77ecd4 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id GET + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/691eb4c1-18ba-433b-8725-70f2ecf89b0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-9ac93e930052c6b551d522a1a37f90fe.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-9ac93e930052c6b551d522a1a37f90fe.yaml new file mode 100644 index 0000000000..100d5b5001 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-9ac93e930052c6b551d522a1a37f90fe.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-9ac93e930052c6b551d522a1a37f90fe + +info: + name: > + Contest Gallery <= 19.1.4.1 - Unauthenticated SQL Injection via cg_Fields + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10e05707-02cb-42de-8399-4556d76b01b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-9c0847af71db5cbde2297c6d8117181e.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-9c0847af71db5cbde2297c6d8117181e.yaml new file mode 100644 index 0000000000..0c796e4c5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-9c0847af71db5cbde2297c6d8117181e.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-9c0847af71db5cbde2297c6d8117181e + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_activate and cg_deactivate + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d080f5b-6646-47ef-8ae7-8b94270f9f59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-a3fa9aa05831cbe48f93e588aa23d79b.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-a3fa9aa05831cbe48f93e588aa23d79b.yaml new file mode 100644 index 0000000000..2a13ff43a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-a3fa9aa05831cbe48f93e588aa23d79b.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-a3fa9aa05831cbe48f93e588aa23d79b + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via option_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31196bdf-2ddd-49ea-840d-8fd78611629e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-aa986981c75263be7a2313fe5bb981c0.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-aa986981c75263be7a2313fe5bb981c0.yaml new file mode 100644 index 0000000000..05bc0d3e90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-aa986981c75263be7a2313fe5bb981c0.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-aa986981c75263be7a2313fe5bb981c0 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_option_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/213fde1b-13dc-442a-8f48-4b1074155a6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-b3fb140ad00234395ef28e4892077821.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-b3fb140ad00234395ef28e4892077821.yaml new file mode 100644 index 0000000000..05e265a5c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-b3fb140ad00234395ef28e4892077821.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-b3fb140ad00234395ef28e4892077821 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_copy_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e9672b1-6d00-45bc-91ef-0c5583b5306e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-c747e3cc597300516c2ada9764e8c1be.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-c747e3cc597300516c2ada9764e8c1be.yaml new file mode 100644 index 0000000000..a39b116b64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-c747e3cc597300516c2ada9764e8c1be.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-c747e3cc597300516c2ada9764e8c1be + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_row + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75c6697c-bc1d-456f-baee-ee9c57e40d21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-cad4f56715717797069f7a87850b72f0.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-cad4f56715717797069f7a87850b72f0.yaml new file mode 100644 index 0000000000..b32f7f2190 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-cad4f56715717797069f7a87850b72f0.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-cad4f56715717797069f7a87850b72f0 + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via wp_user_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/250788a8-55d1-416b-bf1c-2170e8483ccc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-cadc46493e5e64619719bfd06035e262.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-cadc46493e5e64619719bfd06035e262.yaml new file mode 100644 index 0000000000..21e6d4bf93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-cadc46493e5e64619719bfd06035e262.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-cadc46493e5e64619719bfd06035e262 + +info: + name: > + Contest Gallery (Pro) <= 19.1.5 - SQL Injection via option_id + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7fcda2b-d679-44af-9592-4a96a0115a08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contest-gallery-pro-f4eafb52aedd774a77d6abb99f32e10c.yaml b/nuclei-templates/cve-less/plugins/contest-gallery-pro-f4eafb52aedd774a77d6abb99f32e10c.yaml new file mode 100644 index 0000000000..bb2596d45f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contest-gallery-pro-f4eafb52aedd774a77d6abb99f32e10c.yaml @@ -0,0 +1,58 @@ +id: contest-gallery-pro-f4eafb52aedd774a77d6abb99f32e10c + +info: + name: > + Contest Gallery <= 19.1.4.1 - Authenticated (Author+) SQL Injection via cg_order + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f946251-c7be-4ef6-885f-8b378c0c234c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contest-gallery-pro/" + google-query: inurl:"/wp-content/plugins/contest-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contest-gallery-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contest-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contest-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contests-from-rewards-fuel-45ed5bc2a620f7b73012888c5d094ada.yaml b/nuclei-templates/cve-less/plugins/contests-from-rewards-fuel-45ed5bc2a620f7b73012888c5d094ada.yaml new file mode 100644 index 0000000000..3e084e322f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contests-from-rewards-fuel-45ed5bc2a620f7b73012888c5d094ada.yaml @@ -0,0 +1,58 @@ +id: contests-from-rewards-fuel-45ed5bc2a620f7b73012888c5d094ada + +info: + name: > + Contests by Rewards Fuel <= 2.0.64 - Authenticated (Contributor+) Stored Cross-Site Scripting via update_rewards_fuel_api_key + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9eeec949-e440-4df3-8c26-db92498cada3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contests-from-rewards-fuel/" + google-query: inurl:"/wp-content/plugins/contests-from-rewards-fuel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contests-from-rewards-fuel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contests-from-rewards-fuel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contests-from-rewards-fuel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.64') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contests-from-rewards-fuel-7445eca3ede10516578f424839049031.yaml b/nuclei-templates/cve-less/plugins/contests-from-rewards-fuel-7445eca3ede10516578f424839049031.yaml new file mode 100644 index 0000000000..9f8ff70783 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contests-from-rewards-fuel-7445eca3ede10516578f424839049031.yaml @@ -0,0 +1,58 @@ +id: contests-from-rewards-fuel-7445eca3ede10516578f424839049031 + +info: + name: > + Contests by Rewards Fuel <= 2.0.62 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/689f3667-2dda-40a8-8627-d38c6c6816fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contests-from-rewards-fuel/" + google-query: inurl:"/wp-content/plugins/contests-from-rewards-fuel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contests-from-rewards-fuel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contests-from-rewards-fuel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contests-from-rewards-fuel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.62') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contextual-related-posts-3e85c71c88d12aeaac665ff72e05dcde.yaml b/nuclei-templates/cve-less/plugins/contextual-related-posts-3e85c71c88d12aeaac665ff72e05dcde.yaml new file mode 100644 index 0000000000..09465e2ca3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contextual-related-posts-3e85c71c88d12aeaac665ff72e05dcde.yaml @@ -0,0 +1,58 @@ +id: contextual-related-posts-3e85c71c88d12aeaac665ff72e05dcde + +info: + name: > + Contextual Related Posts < 1.8.10.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead6a38-b495-47d2-8d40-1f17e64fd1ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contextual-related-posts/" + google-query: inurl:"/wp-content/plugins/contextual-related-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contextual-related-posts,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contextual-related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contextual-related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contextual-related-posts-507e2521f54c5e6ca19bac49a7a788fa.yaml b/nuclei-templates/cve-less/plugins/contextual-related-posts-507e2521f54c5e6ca19bac49a7a788fa.yaml new file mode 100644 index 0000000000..63a11add07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contextual-related-posts-507e2521f54c5e6ca19bac49a7a788fa.yaml @@ -0,0 +1,58 @@ +id: contextual-related-posts-507e2521f54c5e6ca19bac49a7a788fa + +info: + name: > + Contextual Related Posts <= 1.8.6 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81a7afc0-05be-4966-b762-081ef553d4e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contextual-related-posts/" + google-query: inurl:"/wp-content/plugins/contextual-related-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contextual-related-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contextual-related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contextual-related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contextual-related-posts-ab86f3a4c1a5f2be4ec7926458a9f257.yaml b/nuclei-templates/cve-less/plugins/contextual-related-posts-ab86f3a4c1a5f2be4ec7926458a9f257.yaml new file mode 100644 index 0000000000..577ec7dcb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contextual-related-posts-ab86f3a4c1a5f2be4ec7926458a9f257.yaml @@ -0,0 +1,58 @@ +id: contextual-related-posts-ab86f3a4c1a5f2be4ec7926458a9f257 + +info: + name: > + Contextual Related Posts <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9af843e-dcbb-4b09-b131-4e470c006d38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contextual-related-posts/" + google-query: inurl:"/wp-content/plugins/contextual-related-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contextual-related-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contextual-related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contextual-related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contexture-page-security-9a80eb4e9ae6ba3b2c9128c9152fe450.yaml b/nuclei-templates/cve-less/plugins/contexture-page-security-9a80eb4e9ae6ba3b2c9128c9152fe450.yaml new file mode 100644 index 0000000000..08b86e2cba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contexture-page-security-9a80eb4e9ae6ba3b2c9128c9152fe450.yaml @@ -0,0 +1,58 @@ +id: contexture-page-security-9a80eb4e9ae6ba3b2c9128c9152fe450 + +info: + name: > + Page Security & Membership <= 1.5.15 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddbc76d0-23cd-4f49-939b-b8f19ff55d5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contexture-page-security/" + google-query: inurl:"/wp-content/plugins/contexture-page-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contexture-page-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contexture-page-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contexture-page-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/continuous-announcement-scroller-bbd95e8edaa114935e8c46570e7cf3d6.yaml b/nuclei-templates/cve-less/plugins/continuous-announcement-scroller-bbd95e8edaa114935e8c46570e7cf3d6.yaml new file mode 100644 index 0000000000..52e937c8b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/continuous-announcement-scroller-bbd95e8edaa114935e8c46570e7cf3d6.yaml @@ -0,0 +1,58 @@ +id: continuous-announcement-scroller-bbd95e8edaa114935e8c46570e7cf3d6 + +info: + name: > + Continuous announcement scroller <= 13.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d88eb628-09c9-451c-b5ae-f26a93514447?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/continuous-announcement-scroller/" + google-query: inurl:"/wp-content/plugins/continuous-announcement-scroller/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,continuous-announcement-scroller,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/continuous-announcement-scroller/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "continuous-announcement-scroller" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/continuous-image-carousel-with-lightbox-4afaae0eb67cba7aee3bb7f48388cd03.yaml b/nuclei-templates/cve-less/plugins/continuous-image-carousel-with-lightbox-4afaae0eb67cba7aee3bb7f48388cd03.yaml new file mode 100644 index 0000000000..23d0b4294f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/continuous-image-carousel-with-lightbox-4afaae0eb67cba7aee3bb7f48388cd03.yaml @@ -0,0 +1,58 @@ +id: continuous-image-carousel-with-lightbox-4afaae0eb67cba7aee3bb7f48388cd03 + +info: + name: > + Continuous Image Carousel With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting via search_term, order_by and order_pos + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b4651d8-dad7-4f6f-a47d-2095b9d2bdca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/continuous-image-carousel-with-lightbox/" + google-query: inurl:"/wp-content/plugins/continuous-image-carousel-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,continuous-image-carousel-with-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/continuous-image-carousel-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "continuous-image-carousel-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/continuous-image-carousel-with-lightbox-d1d5a17953a33d04ba0957e7769eee44.yaml b/nuclei-templates/cve-less/plugins/continuous-image-carousel-with-lightbox-d1d5a17953a33d04ba0957e7769eee44.yaml new file mode 100644 index 0000000000..03c05bd960 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/continuous-image-carousel-with-lightbox-d1d5a17953a33d04ba0957e7769eee44.yaml @@ -0,0 +1,58 @@ +id: continuous-image-carousel-with-lightbox-d1d5a17953a33d04ba0957e7769eee44 + +info: + name: > + Continuous Image Carousel With Lightbox <= 1.0.15 - Reflected Cross-Site Scripting via search_term, order_by and order_pos + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a196177-2786-4f6d-8076-f0232e4d5a5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/continuous-image-carousel-with-lightbox/" + google-query: inurl:"/wp-content/plugins/continuous-image-carousel-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,continuous-image-carousel-with-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/continuous-image-carousel-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "continuous-image-carousel-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contractor-contact-form-website-to-workflow-tool-9a55a55c80f33af03798b4f5b44c2509.yaml b/nuclei-templates/cve-less/plugins/contractor-contact-form-website-to-workflow-tool-9a55a55c80f33af03798b4f5b44c2509.yaml new file mode 100644 index 0000000000..56ca134309 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contractor-contact-form-website-to-workflow-tool-9a55a55c80f33af03798b4f5b44c2509.yaml @@ -0,0 +1,58 @@ +id: contractor-contact-form-website-to-workflow-tool-9a55a55c80f33af03798b4f5b44c2509 + +info: + name: > + Contractor Contact Form Website to Workflow Tool <= 4.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da4684b8-20f6-4dc1-8f29-d79f64ccb9d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contractor-contact-form-website-to-workflow-tool/" + google-query: inurl:"/wp-content/plugins/contractor-contact-form-website-to-workflow-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contractor-contact-form-website-to-workflow-tool,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contractor-contact-form-website-to-workflow-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contractor-contact-form-website-to-workflow-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/control-block-patterns-c4ae84dae7d5de9c58b9c493377ad809.yaml b/nuclei-templates/cve-less/plugins/control-block-patterns-c4ae84dae7d5de9c58b9c493377ad809.yaml new file mode 100644 index 0000000000..c263d5f35e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/control-block-patterns-c4ae84dae7d5de9c58b9c493377ad809.yaml @@ -0,0 +1,58 @@ +id: control-block-patterns-c4ae84dae7d5de9c58b9c493377ad809 + +info: + name: > + Build & Control Block Patterns – Boost up Gutenberg Editor <= 1.3.5.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38f09a45-2b11-47c7-af16-c7f9c3a46e0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/control-block-patterns/" + google-query: inurl:"/wp-content/plugins/control-block-patterns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,control-block-patterns,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/control-block-patterns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "control-block-patterns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/controlled-admin-access-a7fbc15e992c578892e165c742bd4873.yaml b/nuclei-templates/cve-less/plugins/controlled-admin-access-a7fbc15e992c578892e165c742bd4873.yaml new file mode 100644 index 0000000000..753af34923 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/controlled-admin-access-a7fbc15e992c578892e165c742bd4873.yaml @@ -0,0 +1,58 @@ +id: controlled-admin-access-a7fbc15e992c578892e165c742bd4873 + +info: + name: > + Controlled Admin Access <= 1.5.1 - Improper Access Control & Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/505b1f87-52c6-439c-a108-e2003971dc07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/controlled-admin-access/" + google-query: inurl:"/wp-content/plugins/controlled-admin-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,controlled-admin-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/controlled-admin-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "controlled-admin-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/controlled-admin-access-c49ea2c86d8c93655dddbd6be61fd77e.yaml b/nuclei-templates/cve-less/plugins/controlled-admin-access-c49ea2c86d8c93655dddbd6be61fd77e.yaml new file mode 100644 index 0000000000..845ade5377 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/controlled-admin-access-c49ea2c86d8c93655dddbd6be61fd77e.yaml @@ -0,0 +1,58 @@ +id: controlled-admin-access-c49ea2c86d8c93655dddbd6be61fd77e + +info: + name: > + Controlled Admin Access < 1.5.6 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c57211a-f59d-4379-b09e-7c6049a6b04d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/controlled-admin-access/" + google-query: inurl:"/wp-content/plugins/controlled-admin-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,controlled-admin-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/controlled-admin-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "controlled-admin-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contus-hd-flv-player-931a68fe7b31a6c4742b24a2e8784e8f.yaml b/nuclei-templates/cve-less/plugins/contus-hd-flv-player-931a68fe7b31a6c4742b24a2e8784e8f.yaml new file mode 100644 index 0000000000..f03ff98136 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contus-hd-flv-player-931a68fe7b31a6c4742b24a2e8784e8f.yaml @@ -0,0 +1,58 @@ +id: contus-hd-flv-player-931a68fe7b31a6c4742b24a2e8784e8f + +info: + name: > + HD FLV Player <= 1.7 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f24af4f2-bb05-4833-a2bc-771143970e00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contus-hd-flv-player/" + google-query: inurl:"/wp-content/plugins/contus-hd-flv-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contus-hd-flv-player,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contus-hd-flv-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contus-hd-flv-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contus-video-comments-c9875ec40b4bfff20efe07d7ffbd5d06.yaml b/nuclei-templates/cve-less/plugins/contus-video-comments-c9875ec40b4bfff20efe07d7ffbd5d06.yaml new file mode 100644 index 0000000000..f2ba120181 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contus-video-comments-c9875ec40b4bfff20efe07d7ffbd5d06.yaml @@ -0,0 +1,58 @@ +id: contus-video-comments-c9875ec40b4bfff20efe07d7ffbd5d06 + +info: + name: > + Contus Video Comments <= 1.0 - Remote File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16af4d96-e7e0-4b13-90a5-ddf62909271a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contus-video-comments/" + google-query: inurl:"/wp-content/plugins/contus-video-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contus-video-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contus-video-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contus-video-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contus-video-gallery-27521f4f3d223c8b6a8b829305f4c5c6.yaml b/nuclei-templates/cve-less/plugins/contus-video-gallery-27521f4f3d223c8b6a8b829305f4c5c6.yaml new file mode 100644 index 0000000000..cfd386aba2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contus-video-gallery-27521f4f3d223c8b6a8b829305f4c5c6.yaml @@ -0,0 +1,58 @@ +id: contus-video-gallery-27521f4f3d223c8b6a8b829305f4c5c6 + +info: + name: > + Wordpress Video Gallery <= 2.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c035ac71-54f9-471b-93f3-6bd6a5b86ab2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contus-video-gallery/" + google-query: inurl:"/wp-content/plugins/contus-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contus-video-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contus-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contus-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contus-video-gallery-439a38f99b97f598550cea829cc025f1.yaml b/nuclei-templates/cve-less/plugins/contus-video-gallery-439a38f99b97f598550cea829cc025f1.yaml new file mode 100644 index 0000000000..41f89894c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contus-video-gallery-439a38f99b97f598550cea829cc025f1.yaml @@ -0,0 +1,58 @@ +id: contus-video-gallery-439a38f99b97f598550cea829cc025f1 + +info: + name: > + WORDPRESS VIDEO GALLERY < 2.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/775860e5-87c9-4878-a629-d7a7cd0cbf1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contus-video-gallery/" + google-query: inurl:"/wp-content/plugins/contus-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contus-video-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contus-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contus-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contus-video-gallery-5a110fd311341876d97192705d1ff40f.yaml b/nuclei-templates/cve-less/plugins/contus-video-gallery-5a110fd311341876d97192705d1ff40f.yaml new file mode 100644 index 0000000000..70f5dd8d6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contus-video-gallery-5a110fd311341876d97192705d1ff40f.yaml @@ -0,0 +1,58 @@ +id: contus-video-gallery-5a110fd311341876d97192705d1ff40f + +info: + name: > + WORDPRESS VIDEO GALLERY <= 2.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4eff91bd-efc2-4e54-b871-df567ca99bca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contus-video-gallery/" + google-query: inurl:"/wp-content/plugins/contus-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contus-video-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contus-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contus-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/contus-video-gallery-e26e50c2a1f74878104460c1a935b34d.yaml b/nuclei-templates/cve-less/plugins/contus-video-gallery-e26e50c2a1f74878104460c1a935b34d.yaml new file mode 100644 index 0000000000..04a00405c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/contus-video-gallery-e26e50c2a1f74878104460c1a935b34d.yaml @@ -0,0 +1,58 @@ +id: contus-video-gallery-e26e50c2a1f74878104460c1a935b34d + +info: + name: > + WordPress Video Gallery < 2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54553005-1869-4334-92ec-e37e8935d769?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/contus-video-gallery/" + google-query: inurl:"/wp-content/plugins/contus-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,contus-video-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/contus-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "contus-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conversador-2888b8004776c21ebddecea6ec731145.yaml b/nuclei-templates/cve-less/plugins/conversador-2888b8004776c21ebddecea6ec731145.yaml new file mode 100644 index 0000000000..3f105063de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conversador-2888b8004776c21ebddecea6ec731145.yaml @@ -0,0 +1,58 @@ +id: conversador-2888b8004776c21ebddecea6ec731145 + +info: + name: > + Conversador <= 2.61 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2b62226-cf9b-4713-9734-67bf1c48895b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conversador/" + google-query: inurl:"/wp-content/plugins/conversador/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conversador,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conversador/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conversador" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.61') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conversation-watson-a48a527c714ec711ca739eed07091779.yaml b/nuclei-templates/cve-less/plugins/conversation-watson-a48a527c714ec711ca739eed07091779.yaml new file mode 100644 index 0000000000..543d7c99be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conversation-watson-a48a527c714ec711ca739eed07091779.yaml @@ -0,0 +1,58 @@ +id: conversation-watson-a48a527c714ec711ca739eed07091779 + +info: + name: > + Chatbot with IBM Watson < 0.8.21 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/257aba03-bb41-4798-b62c-b51310d70264?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conversation-watson/" + google-query: inurl:"/wp-content/plugins/conversation-watson/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conversation-watson,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conversation-watson/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conversation-watson" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.8.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conversational-forms-1c83e2fc407fdbaee8e0a7b1d33de8b3.yaml b/nuclei-templates/cve-less/plugins/conversational-forms-1c83e2fc407fdbaee8e0a7b1d33de8b3.yaml new file mode 100644 index 0000000000..ce410f1202 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conversational-forms-1c83e2fc407fdbaee8e0a7b1d33de8b3.yaml @@ -0,0 +1,58 @@ +id: conversational-forms-1c83e2fc407fdbaee8e0a7b1d33de8b3 + +info: + name: > + Conversational Forms for ChatBot <= 1.1.8 - Unauthenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54db4d53-7c4f-47d9-811d-8282eaf2d074?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conversational-forms/" + google-query: inurl:"/wp-content/plugins/conversational-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conversational-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conversational-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conversational-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conversational-forms-22b31e4572f874fba75c72ff00d007de.yaml b/nuclei-templates/cve-less/plugins/conversational-forms-22b31e4572f874fba75c72ff00d007de.yaml new file mode 100644 index 0000000000..9d2131a007 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conversational-forms-22b31e4572f874fba75c72ff00d007de.yaml @@ -0,0 +1,58 @@ +id: conversational-forms-22b31e4572f874fba75c72ff00d007de + +info: + name: > + Conversational Forms for ChatBot <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/028a90c7-ded7-45ad-90ea-9f1a7d3743a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conversational-forms/" + google-query: inurl:"/wp-content/plugins/conversational-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conversational-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conversational-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conversational-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conversational-forms-d06ae0bd2926a035277d571533319f2e.yaml b/nuclei-templates/cve-less/plugins/conversational-forms-d06ae0bd2926a035277d571533319f2e.yaml new file mode 100644 index 0000000000..0321bfb4a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conversational-forms-d06ae0bd2926a035277d571533319f2e.yaml @@ -0,0 +1,58 @@ +id: conversational-forms-d06ae0bd2926a035277d571533319f2e + +info: + name: > + Conversational Forms for ChatBot <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2251c72-cc98-477e-bd4d-0e134b86acce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conversational-forms/" + google-query: inurl:"/wp-content/plugins/conversational-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conversational-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conversational-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conversational-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conversionninja-f35417e8a6d1f5736025e50e8ca1a9dc.yaml b/nuclei-templates/cve-less/plugins/conversionninja-f35417e8a6d1f5736025e50e8ca1a9dc.yaml new file mode 100644 index 0000000000..310a3c68c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conversionninja-f35417e8a6d1f5736025e50e8ca1a9dc.yaml @@ -0,0 +1,58 @@ +id: conversionninja-f35417e8a6d1f5736025e50e8ca1a9dc + +info: + name: > + Conversion Ninja (Unspecified Version) - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1877f94c-3761-4af2-b093-cd2a4e60d63b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conversionninja/" + google-query: inurl:"/wp-content/plugins/conversionninja/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conversionninja,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conversionninja/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conversionninja" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/convert-post-types-8cfa5c88e9f41fa81abd69a4c0a4495b.yaml b/nuclei-templates/cve-less/plugins/convert-post-types-8cfa5c88e9f41fa81abd69a4c0a4495b.yaml new file mode 100644 index 0000000000..5292c94c7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/convert-post-types-8cfa5c88e9f41fa81abd69a4c0a4495b.yaml @@ -0,0 +1,58 @@ +id: convert-post-types-8cfa5c88e9f41fa81abd69a4c0a4495b + +info: + name: > + Convert Post Types <= 1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9de2fe9-c1d7-4898-806d-68628061a98d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/convert-post-types/" + google-query: inurl:"/wp-content/plugins/convert-post-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,convert-post-types,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convert-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convert-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/convert-post-types-c58d543f66167e9552cf6cc989b83b2e.yaml b/nuclei-templates/cve-less/plugins/convert-post-types-c58d543f66167e9552cf6cc989b83b2e.yaml new file mode 100644 index 0000000000..556213e601 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/convert-post-types-c58d543f66167e9552cf6cc989b83b2e.yaml @@ -0,0 +1,58 @@ +id: convert-post-types-c58d543f66167e9552cf6cc989b83b2e + +info: + name: > + Convert Post Types <= 1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a434d66-ac97-4801-8985-047dcc7c3eb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/convert-post-types/" + google-query: inurl:"/wp-content/plugins/convert-post-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,convert-post-types,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convert-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convert-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/convertbox-auto-embed-8451bc0b3344f88890ab58dfe6424c23.yaml b/nuclei-templates/cve-less/plugins/convertbox-auto-embed-8451bc0b3344f88890ab58dfe6424c23.yaml new file mode 100644 index 0000000000..52979a21d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/convertbox-auto-embed-8451bc0b3344f88890ab58dfe6424c23.yaml @@ -0,0 +1,58 @@ +id: convertbox-auto-embed-8451bc0b3344f88890ab58dfe6424c23 + +info: + name: > + ConvertBox Auto Embed WordPress plugin <= 1.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8a4e9b8-9794-48b7-8c53-cfad37ed530c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/convertbox-auto-embed/" + google-query: inurl:"/wp-content/plugins/convertbox-auto-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,convertbox-auto-embed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convertbox-auto-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convertbox-auto-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/convertful-0f483e5b57556e64c6fcbf6984188e67.yaml b/nuclei-templates/cve-less/plugins/convertful-0f483e5b57556e64c6fcbf6984188e67.yaml new file mode 100644 index 0000000000..dcef0ed0bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/convertful-0f483e5b57556e64c6fcbf6984188e67.yaml @@ -0,0 +1,58 @@ +id: convertful-0f483e5b57556e64c6fcbf6984188e67 + +info: + name: > + Convertful – Your Ultimate On-Site Conversion Tool <= 2.5 - Missing Authorization via add_woo_coupon + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e8c311e-7cf2-4aaf-8059-30f872475ee5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/convertful/" + google-query: inurl:"/wp-content/plugins/convertful/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,convertful,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convertful/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convertful" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/convertkit-530ef54f0cce1110a26e13d9009961ab.yaml b/nuclei-templates/cve-less/plugins/convertkit-530ef54f0cce1110a26e13d9009961ab.yaml new file mode 100644 index 0000000000..c8b7a76bb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/convertkit-530ef54f0cce1110a26e13d9009961ab.yaml @@ -0,0 +1,58 @@ +id: convertkit-530ef54f0cce1110a26e13d9009961ab + +info: + name: > + ConvertKit <= 2.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf3a16b6-7256-4fad-b3f2-d1d9d833f45e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/convertkit/" + google-query: inurl:"/wp-content/plugins/convertkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,convertkit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convertkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convertkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/convertkit-5ccba34100497998aa68e15dc82c8875.yaml b/nuclei-templates/cve-less/plugins/convertkit-5ccba34100497998aa68e15dc82c8875.yaml new file mode 100644 index 0000000000..67162ef519 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/convertkit-5ccba34100497998aa68e15dc82c8875.yaml @@ -0,0 +1,58 @@ +id: convertkit-5ccba34100497998aa68e15dc82c8875 + +info: + name: > + ConvertKit <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/443ceb13-bc6e-4d8d-a415-1a0d4fecf38e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/convertkit/" + google-query: inurl:"/wp-content/plugins/convertkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,convertkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convertkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convertkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/convertkit-a064b7a7a37c845ee9c4b53a944b4505.yaml b/nuclei-templates/cve-less/plugins/convertkit-a064b7a7a37c845ee9c4b53a944b4505.yaml new file mode 100644 index 0000000000..171addc976 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/convertkit-a064b7a7a37c845ee9c4b53a944b4505.yaml @@ -0,0 +1,58 @@ +id: convertkit-a064b7a7a37c845ee9c4b53a944b4505 + +info: + name: > + ConvertKit <= 2.4.5 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dd3c146-534f-41be-b805-7eef2483614e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/convertkit/" + google-query: inurl:"/wp-content/plugins/convertkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,convertkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convertkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convertkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/convertplug-3445f10edb771a060415612c26e8b8f1.yaml b/nuclei-templates/cve-less/plugins/convertplug-3445f10edb771a060415612c26e8b8f1.yaml new file mode 100644 index 0000000000..896ca13956 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/convertplug-3445f10edb771a060415612c26e8b8f1.yaml @@ -0,0 +1,58 @@ +id: convertplug-3445f10edb771a060415612c26e8b8f1 + +info: + name: > + ConvertPlug <= 3.5.25 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fca3259b-bf0e-4b4a-815f-1eb399b8b674?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/convertplug/" + google-query: inurl:"/wp-content/plugins/convertplug/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,convertplug,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convertplug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convertplug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/convertplug-350d1c9101b958bff14b2cd20f908108.yaml b/nuclei-templates/cve-less/plugins/convertplug-350d1c9101b958bff14b2cd20f908108.yaml new file mode 100644 index 0000000000..7d424b6879 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/convertplug-350d1c9101b958bff14b2cd20f908108.yaml @@ -0,0 +1,58 @@ +id: convertplug-350d1c9101b958bff14b2cd20f908108 + +info: + name: > + ConvertPlus <= 3.4.4 - Unauthorized Account Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1836b1e-6c37-4a07-ac29-687d2eebd3ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/convertplug/" + google-query: inurl:"/wp-content/plugins/convertplug/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,convertplug,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convertplug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convertplug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/convertplug-c180a9b603d8380fb7d1168376590f63.yaml b/nuclei-templates/cve-less/plugins/convertplug-c180a9b603d8380fb7d1168376590f63.yaml new file mode 100644 index 0000000000..0a85a77a6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/convertplug-c180a9b603d8380fb7d1168376590f63.yaml @@ -0,0 +1,58 @@ +id: convertplug-c180a9b603d8380fb7d1168376590f63 + +info: + name: > + ConvertPlug <= 3.5.25 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd72420-dca1-455d-92a6-a178b4b26eab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/convertplug/" + google-query: inurl:"/wp-content/plugins/convertplug/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,convertplug,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convertplug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convertplug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/convertpro-144ed0d6a5cb015106c17c6c273b534a.yaml b/nuclei-templates/cve-less/plugins/convertpro-144ed0d6a5cb015106c17c6c273b534a.yaml new file mode 100644 index 0000000000..a297ec7287 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/convertpro-144ed0d6a5cb015106c17c6c273b534a.yaml @@ -0,0 +1,58 @@ +id: convertpro-144ed0d6a5cb015106c17c6c273b534a + +info: + name: > + Convert Pro <= 1.7.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44f2a414-245b-4c2d-a7ef-ca33b399f6b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/convertpro/" + google-query: inurl:"/wp-content/plugins/convertpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,convertpro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/convertpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "convertpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/conveythis-translate-553b8c0b3cbb1236b177498b5b57ae88.yaml b/nuclei-templates/cve-less/plugins/conveythis-translate-553b8c0b3cbb1236b177498b5b57ae88.yaml new file mode 100644 index 0000000000..dd654b8a8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/conveythis-translate-553b8c0b3cbb1236b177498b5b57ae88.yaml @@ -0,0 +1,58 @@ +id: conveythis-translate-553b8c0b3cbb1236b177498b5b57ae88 + +info: + name: > + Language Translate Widget for WordPress – ConveyThis <= 223 - Unauthenticated Stored Cross-Site Scripting via api_key + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/093af92e-bbc2-463a-8547-0e48fb356655?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/conveythis-translate/" + google-query: inurl:"/wp-content/plugins/conveythis-translate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,conveythis-translate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/conveythis-translate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "conveythis-translate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 223') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cooked-6e286583f72963c211e1187360769087.yaml b/nuclei-templates/cve-less/plugins/cooked-6e286583f72963c211e1187360769087.yaml new file mode 100644 index 0000000000..e4b882f747 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cooked-6e286583f72963c211e1187360769087.yaml @@ -0,0 +1,58 @@ +id: cooked-6e286583f72963c211e1187360769087 + +info: + name: > + Cooked <= 1.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76ba273d-0919-45b3-8044-b8f0ff3972ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cooked/" + google-query: inurl:"/wp-content/plugins/cooked/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cooked,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cooked/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cooked" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cooked-pro-48bbdd821c29a9665fc692ef526172c1.yaml b/nuclei-templates/cve-less/plugins/cooked-pro-48bbdd821c29a9665fc692ef526172c1.yaml new file mode 100644 index 0000000000..41e97f0245 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cooked-pro-48bbdd821c29a9665fc692ef526172c1.yaml @@ -0,0 +1,58 @@ +id: cooked-pro-48bbdd821c29a9665fc692ef526172c1 + +info: + name: > + Cooked Pro <= 1.7.5.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3553044e-c109-4e6d-8ba1-f0d5cd1f72ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cooked-pro/" + google-query: inurl:"/wp-content/plugins/cooked-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cooked-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cooked-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cooked-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cooked-pro-e81fd7787c96dcecf9ab7ed7e0fa064a.yaml b/nuclei-templates/cve-less/plugins/cooked-pro-e81fd7787c96dcecf9ab7ed7e0fa064a.yaml new file mode 100644 index 0000000000..188aa8f844 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cooked-pro-e81fd7787c96dcecf9ab7ed7e0fa064a.yaml @@ -0,0 +1,58 @@ +id: cooked-pro-e81fd7787c96dcecf9ab7ed7e0fa064a + +info: + name: > + Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fb09a77-aba1-422c-961b-dc2c7ce82320?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cooked-pro/" + google-query: inurl:"/wp-content/plugins/cooked-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cooked-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cooked-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cooked-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookie-bar-13b25bc0903a03574dd9d52d17a8d7fb.yaml b/nuclei-templates/cve-less/plugins/cookie-bar-13b25bc0903a03574dd9d52d17a8d7fb.yaml new file mode 100644 index 0000000000..e015c35ade --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookie-bar-13b25bc0903a03574dd9d52d17a8d7fb.yaml @@ -0,0 +1,58 @@ +id: cookie-bar-13b25bc0903a03574dd9d52d17a8d7fb + +info: + name: > + Cookie Bar <= 1.8.8 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11401ad7-6064-475c-92f6-ce72a56e9a83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookie-bar/" + google-query: inurl:"/wp-content/plugins/cookie-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookie-bar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookie-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookie-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookie-bar-5f63dbab28102f21dce668e1dd09a569.yaml b/nuclei-templates/cve-less/plugins/cookie-bar-5f63dbab28102f21dce668e1dd09a569.yaml new file mode 100644 index 0000000000..10cd8b737c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookie-bar-5f63dbab28102f21dce668e1dd09a569.yaml @@ -0,0 +1,58 @@ +id: cookie-bar-5f63dbab28102f21dce668e1dd09a569 + +info: + name: > + Cookie Bar <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80afca9d-8f9c-412f-b2dd-f0078ec8173c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookie-bar/" + google-query: inurl:"/wp-content/plugins/cookie-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookie-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookie-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookie-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookie-consent-box-0a7db26507a2752830d796f872bfc74f.yaml b/nuclei-templates/cve-less/plugins/cookie-consent-box-0a7db26507a2752830d796f872bfc74f.yaml new file mode 100644 index 0000000000..1efc72a5c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookie-consent-box-0a7db26507a2752830d796f872bfc74f.yaml @@ -0,0 +1,58 @@ +id: cookie-consent-box-0a7db26507a2752830d796f872bfc74f + +info: + name: > + GDPR Cookie Consent Notice Box <= 1.1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f44b8e21-4bfd-487f-96f1-d264d335f54f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookie-consent-box/" + google-query: inurl:"/wp-content/plugins/cookie-consent-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookie-consent-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookie-consent-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookie-consent-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookie-law-info-c794524768b79fbeacb43dc638d96e23.yaml b/nuclei-templates/cve-less/plugins/cookie-law-info-c794524768b79fbeacb43dc638d96e23.yaml new file mode 100644 index 0000000000..84da50ee07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookie-law-info-c794524768b79fbeacb43dc638d96e23.yaml @@ -0,0 +1,58 @@ +id: cookie-law-info-c794524768b79fbeacb43dc638d96e23 + +info: + name: > + GDPR Cookie Consent & Compliance Notice <= 1.8.2 - Authenticated Stored Cross-Site Scripting and Authorization Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2f3c007-6ecc-4003-87ed-352984b9a83c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookie-law-info/" + google-query: inurl:"/wp-content/plugins/cookie-law-info/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookie-law-info,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookie-law-info/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookie-law-info" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookie-notice-4871efeec934efc06ef8f938e4a88d59.yaml b/nuclei-templates/cve-less/plugins/cookie-notice-4871efeec934efc06ef8f938e4a88d59.yaml new file mode 100644 index 0000000000..49bbe6cd23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookie-notice-4871efeec934efc06ef8f938e4a88d59.yaml @@ -0,0 +1,58 @@ +id: cookie-notice-4871efeec934efc06ef8f938e4a88d59 + +info: + name: > + Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_revoke_shortcode' Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/914de8f3-e052-4256-af14-4a08eaa464b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookie-notice/" + google-query: inurl:"/wp-content/plugins/cookie-notice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookie-notice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookie-notice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookie-notice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookie-notice-94366e72b8b16247e4525177a190a390.yaml b/nuclei-templates/cve-less/plugins/cookie-notice-94366e72b8b16247e4525177a190a390.yaml new file mode 100644 index 0000000000..400832c6c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookie-notice-94366e72b8b16247e4525177a190a390.yaml @@ -0,0 +1,58 @@ +id: cookie-notice-94366e72b8b16247e4525177a190a390 + +info: + name: > + Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_policy_link' Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95acec2a-ba1b-4b61-a4d6-3b0250a32835?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookie-notice/" + google-query: inurl:"/wp-content/plugins/cookie-notice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookie-notice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookie-notice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookie-notice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookie-notice-and-consent-banner-0f75bb052c76ac287df6a3cedb6cbaf7.yaml b/nuclei-templates/cve-less/plugins/cookie-notice-and-consent-banner-0f75bb052c76ac287df6a3cedb6cbaf7.yaml new file mode 100644 index 0000000000..47fcd24974 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookie-notice-and-consent-banner-0f75bb052c76ac287df6a3cedb6cbaf7.yaml @@ -0,0 +1,58 @@ +id: cookie-notice-and-consent-banner-0f75bb052c76ac287df6a3cedb6cbaf7 + +info: + name: > + Cookie Notice & Consent Banner for GDPR & CCPA Compliance <= 1.7.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67e0e59d-879c-434f-9ffb-1b97d8105bfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookie-notice-and-consent-banner/" + google-query: inurl:"/wp-content/plugins/cookie-notice-and-consent-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookie-notice-and-consent-banner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookie-notice-and-consent-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookie-notice-and-consent-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookie-notice-consent-bd04f483d63aabca8f2d0d86dcbe84f9.yaml b/nuclei-templates/cve-less/plugins/cookie-notice-consent-bd04f483d63aabca8f2d0d86dcbe84f9.yaml new file mode 100644 index 0000000000..f31f3f49fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookie-notice-consent-bd04f483d63aabca8f2d0d86dcbe84f9.yaml @@ -0,0 +1,58 @@ +id: cookie-notice-consent-bd04f483d63aabca8f2d0d86dcbe84f9 + +info: + name: > + Cookie Notice & Consent 1.6.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/489dc156-b8cb-4e08-a847-73a891398d5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookie-notice-consent/" + google-query: inurl:"/wp-content/plugins/cookie-notice-consent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookie-notice-consent,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookie-notice-consent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookie-notice-consent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookie-notice-f08aff12bfc66296ae4f842e638dd13b.yaml b/nuclei-templates/cve-less/plugins/cookie-notice-f08aff12bfc66296ae4f842e638dd13b.yaml new file mode 100644 index 0000000000..d01ad6f0f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookie-notice-f08aff12bfc66296ae4f842e638dd13b.yaml @@ -0,0 +1,58 @@ +id: cookie-notice-f08aff12bfc66296ae4f842e638dd13b + +info: + name: > + Cookie Notice & Compliance for GDPR / CCPA <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eeae71a6-53b2-4eab-82c0-d23cff3f0f7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookie-notice/" + google-query: inurl:"/wp-content/plugins/cookie-notice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookie-notice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookie-notice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookie-notice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookiehub-2606febac98b5b77708f94f9707ab5ad.yaml b/nuclei-templates/cve-less/plugins/cookiehub-2606febac98b5b77708f94f9707ab5ad.yaml new file mode 100644 index 0000000000..f41035c44d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookiehub-2606febac98b5b77708f94f9707ab5ad.yaml @@ -0,0 +1,58 @@ +id: cookiehub-2606febac98b5b77708f94f9707ab5ad + +info: + name: > + CookieHub <= 1.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46122be7-5e88-4656-8944-a747f5cdc69e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookiehub/" + google-query: inurl:"/wp-content/plugins/cookiehub/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookiehub,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookiehub/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookiehub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookiemonster-5b40ee65b1caa7d96e4e60846451b515.yaml b/nuclei-templates/cve-less/plugins/cookiemonster-5b40ee65b1caa7d96e4e60846451b515.yaml new file mode 100644 index 0000000000..e7e5e2a4ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookiemonster-5b40ee65b1caa7d96e4e60846451b515.yaml @@ -0,0 +1,58 @@ +id: cookiemonster-5b40ee65b1caa7d96e4e60846451b515 + +info: + name: > + Cookie Monster <= 1.51 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f040075-83a0-4c9a-8d93-99aa36606b31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookiemonster/" + google-query: inurl:"/wp-content/plugins/cookiemonster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookiemonster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookiemonster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookiemonster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookies-and-content-security-policy-f0ed757a74607e0e7be560cb144e0abe.yaml b/nuclei-templates/cve-less/plugins/cookies-and-content-security-policy-f0ed757a74607e0e7be560cb144e0abe.yaml new file mode 100644 index 0000000000..2da3952ce3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookies-and-content-security-policy-f0ed757a74607e0e7be560cb144e0abe.yaml @@ -0,0 +1,58 @@ +id: cookies-and-content-security-policy-f0ed757a74607e0e7be560cb144e0abe + +info: + name: > + Cookies and Content Security Policy <= 2.15 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79e68c5b-1f1a-4af3-acf4-1a38f2d72424?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookies-and-content-security-policy/" + google-query: inurl:"/wp-content/plugins/cookies-and-content-security-policy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookies-and-content-security-policy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookies-and-content-security-policy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookies-and-content-security-policy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cookies-by-jm-b9008bcb5ccd36f2981a1df579798a3b.yaml b/nuclei-templates/cve-less/plugins/cookies-by-jm-b9008bcb5ccd36f2981a1df579798a3b.yaml new file mode 100644 index 0000000000..7e0db45e36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cookies-by-jm-b9008bcb5ccd36f2981a1df579798a3b.yaml @@ -0,0 +1,58 @@ +id: cookies-by-jm-b9008bcb5ccd36f2981a1df579798a3b + +info: + name: > + Cookies by JM <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3aa2a693-831b-44e7-b158-99fecf6506be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cookies-by-jm/" + google-query: inurl:"/wp-content/plugins/cookies-by-jm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cookies-by-jm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cookies-by-jm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cookies-by-jm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cool-facebook-page-feed-timeline-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/cool-facebook-page-feed-timeline-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..1718e6d4f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cool-facebook-page-feed-timeline-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: cool-facebook-page-feed-timeline-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cool-facebook-page-feed-timeline/" + google-query: inurl:"/wp-content/plugins/cool-facebook-page-feed-timeline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cool-facebook-page-feed-timeline,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cool-facebook-page-feed-timeline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cool-facebook-page-feed-timeline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cool-tag-cloud-02f969afa585249fd7cbd8abedb25b46.yaml b/nuclei-templates/cve-less/plugins/cool-tag-cloud-02f969afa585249fd7cbd8abedb25b46.yaml new file mode 100644 index 0000000000..c6b2a62420 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cool-tag-cloud-02f969afa585249fd7cbd8abedb25b46.yaml @@ -0,0 +1,58 @@ +id: cool-tag-cloud-02f969afa585249fd7cbd8abedb25b46 + +info: + name: > + Cool Tag Cloud <= 2.25 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbd5dc98-ac5b-4548-9f98-faa91f5b1e2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cool-tag-cloud/" + google-query: inurl:"/wp-content/plugins/cool-tag-cloud/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cool-tag-cloud,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cool-tag-cloud/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cool-tag-cloud" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cool-timeline-218c9a934953359a2e2d8f63be0a287c.yaml b/nuclei-templates/cve-less/plugins/cool-timeline-218c9a934953359a2e2d8f63be0a287c.yaml new file mode 100644 index 0000000000..65131a642d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cool-timeline-218c9a934953359a2e2d8f63be0a287c.yaml @@ -0,0 +1,58 @@ +id: cool-timeline-218c9a934953359a2e2d8f63be0a287c + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cool-timeline/" + google-query: inurl:"/wp-content/plugins/cool-timeline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cool-timeline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cool-timeline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cool-timeline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cool-timeline-6ce37c385f3376e7926c7b8faa81bc2f.yaml b/nuclei-templates/cve-less/plugins/cool-timeline-6ce37c385f3376e7926c7b8faa81bc2f.yaml new file mode 100644 index 0000000000..e1efb26d4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cool-timeline-6ce37c385f3376e7926c7b8faa81bc2f.yaml @@ -0,0 +1,58 @@ +id: cool-timeline-6ce37c385f3376e7926c7b8faa81bc2f + +info: + name: > + Cool Timeline (Horizontal & Vertical Timeline) <= 2.0.2 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ce7c895-e94c-46bd-9de1-f5fde29c3475?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cool-timeline/" + google-query: inurl:"/wp-content/plugins/cool-timeline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cool-timeline,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cool-timeline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cool-timeline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cool-video-gallery-1a5984e73d9bda9668de2c9f32433df9.yaml b/nuclei-templates/cve-less/plugins/cool-video-gallery-1a5984e73d9bda9668de2c9f32433df9.yaml new file mode 100644 index 0000000000..0f5954bbb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cool-video-gallery-1a5984e73d9bda9668de2c9f32433df9.yaml @@ -0,0 +1,58 @@ +id: cool-video-gallery-1a5984e73d9bda9668de2c9f32433df9 + +info: + name: > + Cool Video Gallery <= 1.9 - Authenticated Command Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f098d66f-43a6-44e9-b836-2994d2c97782?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cool-video-gallery/" + google-query: inurl:"/wp-content/plugins/cool-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cool-video-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cool-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cool-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coolclock-d3f53759db6cbb2a0f47408beaf6dbd0.yaml b/nuclei-templates/cve-less/plugins/coolclock-d3f53759db6cbb2a0f47408beaf6dbd0.yaml new file mode 100644 index 0000000000..c4b112e4e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coolclock-d3f53759db6cbb2a0f47408beaf6dbd0.yaml @@ -0,0 +1,58 @@ +id: coolclock-d3f53759db6cbb2a0f47408beaf6dbd0 + +info: + name: > + CoolClock <= 4.3.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bb45de4-2c83-4c77-aec0-f28ade966468?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coolclock/" + google-query: inurl:"/wp-content/plugins/coolclock/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coolclock,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coolclock/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coolclock" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/copify-d08d0840632760096f6b8acd75a58e66.yaml b/nuclei-templates/cve-less/plugins/copify-d08d0840632760096f6b8acd75a58e66.yaml new file mode 100644 index 0000000000..06167a8948 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/copify-d08d0840632760096f6b8acd75a58e66.yaml @@ -0,0 +1,58 @@ +id: copify-d08d0840632760096f6b8acd75a58e66 + +info: + name: > + Copify <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e92c6374-d11d-458c-b089-0ee79c33e4a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/copify/" + google-query: inurl:"/wp-content/plugins/copify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,copify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/copy-delete-posts-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/cve-less/plugins/copy-delete-posts-25a10466c42d47292b8a71c862e9a26a.yaml new file mode 100644 index 0000000000..6a595a7e44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/copy-delete-posts-25a10466c42d47292b8a71c862e9a26a.yaml @@ -0,0 +1,58 @@ +id: copy-delete-posts-25a10466c42d47292b8a71c862e9a26a + +info: + name: > + Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/copy-delete-posts/" + google-query: inurl:"/wp-content/plugins/copy-delete-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,copy-delete-posts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copy-delete-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copy-delete-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/copy-delete-posts-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/cve-less/plugins/copy-delete-posts-6ac56b73dfbde68009426ab1366ff6c2.yaml new file mode 100644 index 0000000000..0b49c3ca35 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/copy-delete-posts-6ac56b73dfbde68009426ab1366ff6c2.yaml @@ -0,0 +1,58 @@ +id: copy-delete-posts-6ac56b73dfbde68009426ab1366ff6c2 + +info: + name: > + Inisev Analyst Module <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/copy-delete-posts/" + google-query: inurl:"/wp-content/plugins/copy-delete-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,copy-delete-posts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copy-delete-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copy-delete-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/copy-delete-posts-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/cve-less/plugins/copy-delete-posts-c451f687ef3559dbeeebe92c1e87ed44.yaml new file mode 100644 index 0000000000..155a277d36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/copy-delete-posts-c451f687ef3559dbeeebe92c1e87ed44.yaml @@ -0,0 +1,58 @@ +id: copy-delete-posts-c451f687ef3559dbeeebe92c1e87ed44 + +info: + name: > + Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/copy-delete-posts/" + google-query: inurl:"/wp-content/plugins/copy-delete-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,copy-delete-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copy-delete-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copy-delete-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/copy-delete-posts-f8c9b929aeaeb9c8fafdde93d3c6755f.yaml b/nuclei-templates/cve-less/plugins/copy-delete-posts-f8c9b929aeaeb9c8fafdde93d3c6755f.yaml new file mode 100644 index 0000000000..707b1186fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/copy-delete-posts-f8c9b929aeaeb9c8fafdde93d3c6755f.yaml @@ -0,0 +1,58 @@ +id: copy-delete-posts-f8c9b929aeaeb9c8fafdde93d3c6755f + +info: + name: > + Duplicate Post WordPress Plugin <= 1.1.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7a0b40b-560a-4f2a-ad6d-6b2284fd5f25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/copy-delete-posts/" + google-query: inurl:"/wp-content/plugins/copy-delete-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,copy-delete-posts,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copy-delete-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copy-delete-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/copy-me-0605116109dea812447b77431db29f66.yaml b/nuclei-templates/cve-less/plugins/copy-me-0605116109dea812447b77431db29f66.yaml new file mode 100644 index 0000000000..c79e448608 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/copy-me-0605116109dea812447b77431db29f66.yaml @@ -0,0 +1,58 @@ +id: copy-me-0605116109dea812447b77431db29f66 + +info: + name: > + copy-me <= 1.0.0 - Missing Authorization & Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ff866c0-1b4c-4ad8-bde3-353ed0f44f42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/copy-me/" + google-query: inurl:"/wp-content/plugins/copy-me/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,copy-me,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copy-me/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copy-me" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/copy-or-move-comments-3199c52f1f975758dfffb8998d727e53.yaml b/nuclei-templates/cve-less/plugins/copy-or-move-comments-3199c52f1f975758dfffb8998d727e53.yaml new file mode 100644 index 0000000000..27475d2577 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/copy-or-move-comments-3199c52f1f975758dfffb8998d727e53.yaml @@ -0,0 +1,58 @@ +id: copy-or-move-comments-3199c52f1f975758dfffb8998d727e53 + +info: + name: > + Copy Or Move Comments <= 5.0.4 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2b020c3-0eb9-4ff1-b94e-e32452695b5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/copy-or-move-comments/" + google-query: inurl:"/wp-content/plugins/copy-or-move-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,copy-or-move-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copy-or-move-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copy-or-move-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/copy-or-move-comments-7b6f5ddd1a73a6079392a4dafa7418fb.yaml b/nuclei-templates/cve-less/plugins/copy-or-move-comments-7b6f5ddd1a73a6079392a4dafa7418fb.yaml new file mode 100644 index 0000000000..7efd7dba37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/copy-or-move-comments-7b6f5ddd1a73a6079392a4dafa7418fb.yaml @@ -0,0 +1,58 @@ +id: copy-or-move-comments-7b6f5ddd1a73a6079392a4dafa7418fb + +info: + name: > + Copy Or Move Comments <= 5.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a7bf74b-1dc7-4159-a874-29694fe5895e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/copy-or-move-comments/" + google-query: inurl:"/wp-content/plugins/copy-or-move-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,copy-or-move-comments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copy-or-move-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copy-or-move-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/copy-the-code-54ab7472cf90fa30b87c2b5f7b48020b.yaml b/nuclei-templates/cve-less/plugins/copy-the-code-54ab7472cf90fa30b87c2b5f7b48020b.yaml new file mode 100644 index 0000000000..4a26124bc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/copy-the-code-54ab7472cf90fa30b87c2b5f7b48020b.yaml @@ -0,0 +1,58 @@ +id: copy-the-code-54ab7472cf90fa30b87c2b5f7b48020b + +info: + name: > + Copy Anything to Clipboard <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e834a211-ccc8-4a30-a15d-879ba34184e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/copy-the-code/" + google-query: inurl:"/wp-content/plugins/copy-the-code/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,copy-the-code,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copy-the-code/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copy-the-code" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/copyrightpro-04bb0fa287a9e5d3f21854cb26990e9b.yaml b/nuclei-templates/cve-less/plugins/copyrightpro-04bb0fa287a9e5d3f21854cb26990e9b.yaml new file mode 100644 index 0000000000..cf7a40f572 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/copyrightpro-04bb0fa287a9e5d3f21854cb26990e9b.yaml @@ -0,0 +1,58 @@ +id: copyrightpro-04bb0fa287a9e5d3f21854cb26990e9b + +info: + name: > + CopyRightPro <= 2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83b48cfc-04e7-4929-8da2-cf6beee6d88e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/copyrightpro/" + google-query: inurl:"/wp-content/plugins/copyrightpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,copyrightpro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/copyrightpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "copyrightpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/core-control-eeca82a89fbac0124d669de2f8301089.yaml b/nuclei-templates/cve-less/plugins/core-control-eeca82a89fbac0124d669de2f8301089.yaml new file mode 100644 index 0000000000..0bacad3d9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/core-control-eeca82a89fbac0124d669de2f8301089.yaml @@ -0,0 +1,58 @@ +id: core-control-eeca82a89fbac0124d669de2f8301089 + +info: + name: > + Core Control <= 1.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d92ce83-03de-4981-8d90-0b8d2a2d16ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/core-control/" + google-query: inurl:"/wp-content/plugins/core-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,core-control,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/core-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "core-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/core-web-vitals-pagespeed-booster-848d3b967ba51cd5adfd6ee6af7f2576.yaml b/nuclei-templates/cve-less/plugins/core-web-vitals-pagespeed-booster-848d3b967ba51cd5adfd6ee6af7f2576.yaml new file mode 100644 index 0000000000..0ade87f18f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/core-web-vitals-pagespeed-booster-848d3b967ba51cd5adfd6ee6af7f2576.yaml @@ -0,0 +1,58 @@ +id: core-web-vitals-pagespeed-booster-848d3b967ba51cd5adfd6ee6af7f2576 + +info: + name: > + Core Web Vitals & PageSpeed Booster <= 1.0.12 - Open Redirect via _wp_http_referer + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fe374ff-85eb-4285-8d51-71e9275613cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/core-web-vitals-pagespeed-booster/" + google-query: inurl:"/wp-content/plugins/core-web-vitals-pagespeed-booster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,core-web-vitals-pagespeed-booster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/core-web-vitals-pagespeed-booster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "core-web-vitals-pagespeed-booster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coreactivity-90b890e5600ae938f133578a1bc1190d.yaml b/nuclei-templates/cve-less/plugins/coreactivity-90b890e5600ae938f133578a1bc1190d.yaml new file mode 100644 index 0000000000..7072814f66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coreactivity-90b890e5600ae938f133578a1bc1190d.yaml @@ -0,0 +1,58 @@ +id: coreactivity-90b890e5600ae938f133578a1bc1190d + +info: + name: > + coreActivity <= 2.0.1 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c17ba3-4fc8-439c-8ce3-bd95d7ed2474?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coreactivity/" + google-query: inurl:"/wp-content/plugins/coreactivity/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coreactivity,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coreactivity/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coreactivity" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coreactivity-d3a19cbbaa27911e489d78dc5e2a05f1.yaml b/nuclei-templates/cve-less/plugins/coreactivity-d3a19cbbaa27911e489d78dc5e2a05f1.yaml new file mode 100644 index 0000000000..6a6a32121d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coreactivity-d3a19cbbaa27911e489d78dc5e2a05f1.yaml @@ -0,0 +1,58 @@ +id: coreactivity-d3a19cbbaa27911e489d78dc5e2a05f1 + +info: + name: > + coreActivity <= 1.8 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2432a0a-d262-4460-bd2d-2cb200d51f6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coreactivity/" + google-query: inurl:"/wp-content/plugins/coreactivity/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coreactivity,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coreactivity/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coreactivity" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/corner-ad-34e1ea4c84115991aa9040d8463cc384.yaml b/nuclei-templates/cve-less/plugins/corner-ad-34e1ea4c84115991aa9040d8463cc384.yaml new file mode 100644 index 0000000000..6051fa312f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/corner-ad-34e1ea4c84115991aa9040d8463cc384.yaml @@ -0,0 +1,58 @@ +id: corner-ad-34e1ea4c84115991aa9040d8463cc384 + +info: + name: > + Corner Ad <= 1.0.56 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a6c5e9a-754f-41c8-b27b-caa133b5070f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/corner-ad/" + google-query: inurl:"/wp-content/plugins/corner-ad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,corner-ad,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/corner-ad/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "corner-ad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.56') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/corner-ad-490cf4e76b6c86f1bd637de80c3840f0.yaml b/nuclei-templates/cve-less/plugins/corner-ad-490cf4e76b6c86f1bd637de80c3840f0.yaml new file mode 100644 index 0000000000..085e6a2a4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/corner-ad-490cf4e76b6c86f1bd637de80c3840f0.yaml @@ -0,0 +1,58 @@ +id: corner-ad-490cf4e76b6c86f1bd637de80c3840f0 + +info: + name: > + Corner Ad < 1.0.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efd81ba5-b9e6-493a-a6a4-55c9e2971378?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/corner-ad/" + google-query: inurl:"/wp-content/plugins/corner-ad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,corner-ad,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/corner-ad/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "corner-ad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cornerstone-df57edbeaacf1839941749d528a6f8bc.yaml b/nuclei-templates/cve-less/plugins/cornerstone-df57edbeaacf1839941749d528a6f8bc.yaml new file mode 100644 index 0000000000..91272bdd60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cornerstone-df57edbeaacf1839941749d528a6f8bc.yaml @@ -0,0 +1,58 @@ +id: cornerstone-df57edbeaacf1839941749d528a6f8bc + +info: + name: > + Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f75dfef-b30f-45a5-ba3e-cb82c1443800?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cornerstone/" + google-query: inurl:"/wp-content/plugins/cornerstone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cornerstone,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cornerstone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cornerstone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cornerstone-e6194f3012a16cad12df41e5eff8a678.yaml b/nuclei-templates/cve-less/plugins/cornerstone-e6194f3012a16cad12df41e5eff8a678.yaml new file mode 100644 index 0000000000..773108e7e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cornerstone-e6194f3012a16cad12df41e5eff8a678.yaml @@ -0,0 +1,58 @@ +id: cornerstone-e6194f3012a16cad12df41e5eff8a678 + +info: + name: > + Cornerstone <= 0.8.0 - Reflected Cross-Site Scripting via PHP_SELF + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c18a9b8-5041-4451-a3cc-91952c234d9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cornerstone/" + google-query: inurl:"/wp-content/plugins/cornerstone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cornerstone,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cornerstone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cornerstone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/corona-virus-covid-19-banner-e740d0f5f3811a1aac1ce94a356e0d8f.yaml b/nuclei-templates/cve-less/plugins/corona-virus-covid-19-banner-e740d0f5f3811a1aac1ce94a356e0d8f.yaml new file mode 100644 index 0000000000..325fb8146e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/corona-virus-covid-19-banner-e740d0f5f3811a1aac1ce94a356e0d8f.yaml @@ -0,0 +1,58 @@ +id: corona-virus-covid-19-banner-e740d0f5f3811a1aac1ce94a356e0d8f + +info: + name: > + Corona Virus (COVID-19) Banner & Live Data <= 1.7.0.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8773fa6e-6e81-4565-a9be-36ad0ea6ac88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/corona-virus-covid-19-banner/" + google-query: inurl:"/wp-content/plugins/corona-virus-covid-19-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,corona-virus-covid-19-banner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/corona-virus-covid-19-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "corona-virus-covid-19-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/correos-express-0395bd0434174482278f530635a1d70c.yaml b/nuclei-templates/cve-less/plugins/correos-express-0395bd0434174482278f530635a1d70c.yaml new file mode 100644 index 0000000000..94b81e7766 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/correos-express-0395bd0434174482278f530635a1d70c.yaml @@ -0,0 +1,58 @@ +id: correos-express-0395bd0434174482278f530635a1d70c + +info: + name: > + CorreosExpress <= 2.6.0 - Sensitive Data Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7126e39a-f3aa-4815-b039-485995d6bba3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/correos-express/" + google-query: inurl:"/wp-content/plugins/correos-express/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,correos-express,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/correos-express/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "correos-express" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/correos-oficial-ef4882c3d4c4772ce7530ff30b7b1640.yaml b/nuclei-templates/cve-less/plugins/correos-oficial-ef4882c3d4c4772ce7530ff30b7b1640.yaml new file mode 100644 index 0000000000..4fcebbd781 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/correos-oficial-ef4882c3d4c4772ce7530ff30b7b1640.yaml @@ -0,0 +1,58 @@ +id: correos-oficial-ef4882c3d4c4772ce7530ff30b7b1640 + +info: + name: > + Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eed2941-d9fe-4020-b1ab-fb0885f47d80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/correos-oficial/" + google-query: inurl:"/wp-content/plugins/correos-oficial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,correos-oficial,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/correos-oficial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "correos-oficial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coru-lfmember-55f7bc7dbafb42aecc9f8ebab372d604.yaml b/nuclei-templates/cve-less/plugins/coru-lfmember-55f7bc7dbafb42aecc9f8ebab372d604.yaml new file mode 100644 index 0000000000..b383c2346b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coru-lfmember-55f7bc7dbafb42aecc9f8ebab372d604.yaml @@ -0,0 +1,58 @@ +id: coru-lfmember-55f7bc7dbafb42aecc9f8ebab372d604 + +info: + name: > + Coru LFMember <= 1.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46226921-a445-4fb7-9c90-bd2d6841dec7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coru-lfmember/" + google-query: inurl:"/wp-content/plugins/coru-lfmember/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coru-lfmember,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coru-lfmember/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coru-lfmember" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coschedule-by-todaymade-515b13054c00d74df0dd204b8f66cac0.yaml b/nuclei-templates/cve-less/plugins/coschedule-by-todaymade-515b13054c00d74df0dd204b8f66cac0.yaml new file mode 100644 index 0000000000..5cb721ec6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coschedule-by-todaymade-515b13054c00d74df0dd204b8f66cac0.yaml @@ -0,0 +1,58 @@ +id: coschedule-by-todaymade-515b13054c00d74df0dd204b8f66cac0 + +info: + name: > + CoSchedule <= 3.3.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca55a7a0-da31-4d3f-845b-80f89ffbadf5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coschedule-by-todaymade/" + google-query: inurl:"/wp-content/plugins/coschedule-by-todaymade/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coschedule-by-todaymade,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coschedule-by-todaymade/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coschedule-by-todaymade" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cosmetsy-core-0e249eccad21574e2f41d6b727c12756.yaml b/nuclei-templates/cve-less/plugins/cosmetsy-core-0e249eccad21574e2f41d6b727c12756.yaml new file mode 100644 index 0000000000..a1c61df482 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cosmetsy-core-0e249eccad21574e2f41d6b727c12756.yaml @@ -0,0 +1,58 @@ +id: cosmetsy-core-0e249eccad21574e2f41d6b727c12756 + +info: + name: > + Multiple Plugins by KlbTheme <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fb06315-30ad-4d98-af75-b04933583be7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cosmetsy-core/" + google-query: inurl:"/wp-content/plugins/cosmetsy-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cosmetsy-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cosmetsy-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cosmetsy-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cost-calculator-builder-7ea277ec9b125c8bb0dc05cbc37ef294.yaml b/nuclei-templates/cve-less/plugins/cost-calculator-builder-7ea277ec9b125c8bb0dc05cbc37ef294.yaml new file mode 100644 index 0000000000..528c0529cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cost-calculator-builder-7ea277ec9b125c8bb0dc05cbc37ef294.yaml @@ -0,0 +1,58 @@ +id: cost-calculator-builder-7ea277ec9b125c8bb0dc05cbc37ef294 + +info: + name: > + Cost Calculator Builder <= 3.1.42 - Improper Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94d60fcb-a542-41a9-b6ac-6ac2607068aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cost-calculator-builder/" + google-query: inurl:"/wp-content/plugins/cost-calculator-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cost-calculator-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cost-calculator-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cost-calculator-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.43') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cost-calculator-builder-pro-2a7584a9fe53a3524213cd8679c71b87.yaml b/nuclei-templates/cve-less/plugins/cost-calculator-builder-pro-2a7584a9fe53a3524213cd8679c71b87.yaml new file mode 100644 index 0000000000..0367362ea0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cost-calculator-builder-pro-2a7584a9fe53a3524213cd8679c71b87.yaml @@ -0,0 +1,58 @@ +id: cost-calculator-builder-pro-2a7584a9fe53a3524213cd8679c71b87 + +info: + name: > + Cost Calculator Builder Pro <= 3.1.67 - Unauthenticated Cross-Site Scripting via SVG Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/526add70-4fcf-44d1-b4d8-4cc35652b1f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cost-calculator-builder-pro/" + google-query: inurl:"/wp-content/plugins/cost-calculator-builder-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cost-calculator-builder-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cost-calculator-builder-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cost-calculator-builder-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cost-of-goods-for-woocommerce-bdd35485646018dc29c3dede2e0cfc31.yaml b/nuclei-templates/cve-less/plugins/cost-of-goods-for-woocommerce-bdd35485646018dc29c3dede2e0cfc31.yaml new file mode 100644 index 0000000000..431b94ebbc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cost-of-goods-for-woocommerce-bdd35485646018dc29c3dede2e0cfc31.yaml @@ -0,0 +1,58 @@ +id: cost-of-goods-for-woocommerce-bdd35485646018dc29c3dede2e0cfc31 + +info: + name: > + Cost of Goods for WooCommerce <= 2.8.6 - Missing Authorization in save_costs + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/984ca0d3-26c3-40cf-8e77-2ec1e3b89ce2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cost-of-goods-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/cost-of-goods-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cost-of-goods-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cost-of-goods-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cost-of-goods-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cost-of-goods-for-woocommerce-c1f81ab3aa2788ffb3caf7e813611f11.yaml b/nuclei-templates/cve-less/plugins/cost-of-goods-for-woocommerce-c1f81ab3aa2788ffb3caf7e813611f11.yaml new file mode 100644 index 0000000000..fd829d7068 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cost-of-goods-for-woocommerce-c1f81ab3aa2788ffb3caf7e813611f11.yaml @@ -0,0 +1,58 @@ +id: cost-of-goods-for-woocommerce-c1f81ab3aa2788ffb3caf7e813611f11 + +info: + name: > + Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce <= 3.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cost-of-goods-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/cost-of-goods-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cost-of-goods-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cost-of-goods-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cost-of-goods-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/count-per-day-1424f14be2dcb113b8417a6cefda326b.yaml b/nuclei-templates/cve-less/plugins/count-per-day-1424f14be2dcb113b8417a6cefda326b.yaml new file mode 100644 index 0000000000..e3cb85359d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/count-per-day-1424f14be2dcb113b8417a6cefda326b.yaml @@ -0,0 +1,58 @@ +id: count-per-day-1424f14be2dcb113b8417a6cefda326b + +info: + name: > + Count per Day <= 3.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d48c52b-f42f-4c25-892f-3cce9ed8cbee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/count-per-day/" + google-query: inurl:"/wp-content/plugins/count-per-day/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,count-per-day,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/count-per-day/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "count-per-day" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/count-per-day-178ad27fec6356c0ff4786fef5ed9b55.yaml b/nuclei-templates/cve-less/plugins/count-per-day-178ad27fec6356c0ff4786fef5ed9b55.yaml new file mode 100644 index 0000000000..a1b6a479c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/count-per-day-178ad27fec6356c0ff4786fef5ed9b55.yaml @@ -0,0 +1,58 @@ +id: count-per-day-178ad27fec6356c0ff4786fef5ed9b55 + +info: + name: > + Count per Day < 3.2.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a1a727e-3b06-41ca-b684-f31d48f685c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/count-per-day/" + google-query: inurl:"/wp-content/plugins/count-per-day/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,count-per-day,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/count-per-day/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "count-per-day" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/count-per-day-39efec1d687062290aa82ba498987905.yaml b/nuclei-templates/cve-less/plugins/count-per-day-39efec1d687062290aa82ba498987905.yaml new file mode 100644 index 0000000000..7dcd456081 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/count-per-day-39efec1d687062290aa82ba498987905.yaml @@ -0,0 +1,58 @@ +id: count-per-day-39efec1d687062290aa82ba498987905 + +info: + name: > + Count per Day <= 3.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30eda147-f02a-4b3c-a51c-665aa4c75c93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/count-per-day/" + google-query: inurl:"/wp-content/plugins/count-per-day/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,count-per-day,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/count-per-day/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "count-per-day" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/count-per-day-3d16ca713159983964ffa612b7a2f5b4.yaml b/nuclei-templates/cve-less/plugins/count-per-day-3d16ca713159983964ffa612b7a2f5b4.yaml new file mode 100644 index 0000000000..bcbe77cb16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/count-per-day-3d16ca713159983964ffa612b7a2f5b4.yaml @@ -0,0 +1,58 @@ +id: count-per-day-3d16ca713159983964ffa612b7a2f5b4 + +info: + name: > + Count per Day <= 3.1 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/102ed3c9-33ed-462a-83df-5a57f2621780?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/count-per-day/" + google-query: inurl:"/wp-content/plugins/count-per-day/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,count-per-day,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/count-per-day/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "count-per-day" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/count-per-day-ba663052cd3e15a64b57c5574e6284ee.yaml b/nuclei-templates/cve-less/plugins/count-per-day-ba663052cd3e15a64b57c5574e6284ee.yaml new file mode 100644 index 0000000000..408ca7aedd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/count-per-day-ba663052cd3e15a64b57c5574e6284ee.yaml @@ -0,0 +1,58 @@ +id: count-per-day-ba663052cd3e15a64b57c5574e6284ee + +info: + name: > + Count Per Day <= 3.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6b3e014-fb08-41e9-a667-b70f96602134?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/count-per-day/" + google-query: inurl:"/wp-content/plugins/count-per-day/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,count-per-day,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/count-per-day/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "count-per-day" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/count-per-day-ecd06ad3b241a40ab31e78d6ecc1667e.yaml b/nuclei-templates/cve-less/plugins/count-per-day-ecd06ad3b241a40ab31e78d6ecc1667e.yaml new file mode 100644 index 0000000000..e4ceccd759 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/count-per-day-ecd06ad3b241a40ab31e78d6ecc1667e.yaml @@ -0,0 +1,58 @@ +id: count-per-day-ecd06ad3b241a40ab31e78d6ecc1667e + +info: + name: > + Count per Day Plugin < 3.2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9d4ac3d-08ec-4783-8ccd-d64ab07d5d7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/count-per-day/" + google-query: inurl:"/wp-content/plugins/count-per-day/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,count-per-day,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/count-per-day/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "count-per-day" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/countdown-builder-1400c910950cfb3abe9cd7aa01e509c4.yaml b/nuclei-templates/cve-less/plugins/countdown-builder-1400c910950cfb3abe9cd7aa01e509c4.yaml new file mode 100644 index 0000000000..acd8fbf0ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/countdown-builder-1400c910950cfb3abe9cd7aa01e509c4.yaml @@ -0,0 +1,58 @@ +id: countdown-builder-1400c910950cfb3abe9cd7aa01e509c4 + +info: + name: > + Countdown & Clock <= 2.3.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/022e4506-fe49-469d-ae48-641f121fc53b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/countdown-builder/" + google-query: inurl:"/wp-content/plugins/countdown-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,countdown-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/countdown-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "countdown-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/countdown-builder-2e3506811e52ec17c7634c4366161915.yaml b/nuclei-templates/cve-less/plugins/countdown-builder-2e3506811e52ec17c7634c4366161915.yaml new file mode 100644 index 0000000000..805a197c83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/countdown-builder-2e3506811e52ec17c7634c4366161915.yaml @@ -0,0 +1,58 @@ +id: countdown-builder-2e3506811e52ec17c7634c4366161915 + +info: + name: > + Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fa62862-5b98-4864-9bf1-4e05deedeb9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/countdown-builder/" + google-query: inurl:"/wp-content/plugins/countdown-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,countdown-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/countdown-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "countdown-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/countdown-builder-8078b4f9949ef9f89bc0fb06a9571b7f.yaml b/nuclei-templates/cve-less/plugins/countdown-builder-8078b4f9949ef9f89bc0fb06a9571b7f.yaml new file mode 100644 index 0000000000..ea954b22af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/countdown-builder-8078b4f9949ef9f89bc0fb06a9571b7f.yaml @@ -0,0 +1,58 @@ +id: countdown-builder-8078b4f9949ef9f89bc0fb06a9571b7f + +info: + name: > + Countdown & Clock <= 2.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24ba8d30-843f-4178-9b10-3c3dc720205c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/countdown-builder/" + google-query: inurl:"/wp-content/plugins/countdown-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,countdown-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/countdown-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "countdown-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/countdown-builder-9fa44d8d4f03281cc0e3d7ac38bce0cf.yaml b/nuclei-templates/cve-less/plugins/countdown-builder-9fa44d8d4f03281cc0e3d7ac38bce0cf.yaml new file mode 100644 index 0000000000..7b5569f059 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/countdown-builder-9fa44d8d4f03281cc0e3d7ac38bce0cf.yaml @@ -0,0 +1,58 @@ +id: countdown-builder-9fa44d8d4f03281cc0e3d7ac38bce0cf + +info: + name: > + Countdown & Clock <= 2.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38191721-8d5d-4a13-8271-c7ca96c3f6b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/countdown-builder/" + google-query: inurl:"/wp-content/plugins/countdown-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,countdown-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/countdown-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "countdown-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/countdown-builder-a8426729df158cf9f48bc7ffef172f3b.yaml b/nuclei-templates/cve-less/plugins/countdown-builder-a8426729df158cf9f48bc7ffef172f3b.yaml new file mode 100644 index 0000000000..0fd097e158 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/countdown-builder-a8426729df158cf9f48bc7ffef172f3b.yaml @@ -0,0 +1,58 @@ +id: countdown-builder-a8426729df158cf9f48bc7ffef172f3b + +info: + name: > + Countdown & Clock <= 2.3.2 - Pro Features Lock Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca7f72bf-5271-42a2-99cb-3021f10ea5f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/countdown-builder/" + google-query: inurl:"/wp-content/plugins/countdown-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,countdown-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/countdown-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "countdown-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/countdown-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml b/nuclei-templates/cve-less/plugins/countdown-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml new file mode 100644 index 0000000000..83572e40e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/countdown-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml @@ -0,0 +1,58 @@ +id: countdown-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/countdown-for-the-events-calendar/" + google-query: inurl:"/wp-content/plugins/countdown-for-the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,countdown-for-the-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/countdown-for-the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "countdown-for-the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/countdown-timer-ultimate-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/countdown-timer-ultimate-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..5992f18dc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/countdown-timer-ultimate-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: countdown-timer-ultimate-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/countdown-timer-ultimate/" + google-query: inurl:"/wp-content/plugins/countdown-timer-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,countdown-timer-ultimate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/countdown-timer-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "countdown-timer-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/countdown-wpdevart-extended-a267ad47aaacbda283b13d30d0de08e1.yaml b/nuclei-templates/cve-less/plugins/countdown-wpdevart-extended-a267ad47aaacbda283b13d30d0de08e1.yaml new file mode 100644 index 0000000000..325fbebc5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/countdown-wpdevart-extended-a267ad47aaacbda283b13d30d0de08e1.yaml @@ -0,0 +1,58 @@ +id: countdown-wpdevart-extended-a267ad47aaacbda283b13d30d0de08e1 + +info: + name: > + Countdown and CountUp, WooCommerce Sales Timers <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbf9a765-3718-4957-aa18-562654824fbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/countdown-wpdevart-extended/" + google-query: inurl:"/wp-content/plugins/countdown-wpdevart-extended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,countdown-wpdevart-extended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/countdown-wpdevart-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "countdown-wpdevart-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/countdown-wpdevart-extended-c8561a6d177892f154af9b7c10500c01.yaml b/nuclei-templates/cve-less/plugins/countdown-wpdevart-extended-c8561a6d177892f154af9b7c10500c01.yaml new file mode 100644 index 0000000000..6a65867a59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/countdown-wpdevart-extended-c8561a6d177892f154af9b7c10500c01.yaml @@ -0,0 +1,58 @@ +id: countdown-wpdevart-extended-c8561a6d177892f154af9b7c10500c01 + +info: + name: > + Countdown and CountUp, WooCommerce Sales Timer <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1ec113c-d11f-4b0b-8d4a-46d37687b3b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/countdown-wpdevart-extended/" + google-query: inurl:"/wp-content/plugins/countdown-wpdevart-extended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,countdown-wpdevart-extended,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/countdown-wpdevart-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "countdown-wpdevart-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/counter-box-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/counter-box-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..ae4f3e5f43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/counter-box-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: counter-box-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/counter-box/" + google-query: inurl:"/wp-content/plugins/counter-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,counter-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/counter-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "counter-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/counter-box-cb0d923b3f440d22cb21cc4f45b630a7.yaml b/nuclei-templates/cve-less/plugins/counter-box-cb0d923b3f440d22cb21cc4f45b630a7.yaml new file mode 100644 index 0000000000..a5f16b98c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/counter-box-cb0d923b3f440d22cb21cc4f45b630a7.yaml @@ -0,0 +1,58 @@ +id: counter-box-cb0d923b3f440d22cb21cc4f45b630a7 + +info: + name: > + Counter Box – WordPress plugin for countdown, timer, counter <= 1.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9f71433-7b86-46c7-b91e-bc59679f0351?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/counter-box/" + google-query: inurl:"/wp-content/plugins/counter-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,counter-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/counter-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "counter-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/counter-box-d41f2371740382f5fe12f9b2729e260d.yaml b/nuclei-templates/cve-less/plugins/counter-box-d41f2371740382f5fe12f9b2729e260d.yaml new file mode 100644 index 0000000000..976918f2ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/counter-box-d41f2371740382f5fe12f9b2729e260d.yaml @@ -0,0 +1,58 @@ +id: counter-box-d41f2371740382f5fe12f9b2729e260d + +info: + name: > + Counter Box <= 1.1.1 - Authenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbd76c3d-028a-48e3-9a80-1a8da934d097?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/counter-box/" + google-query: inurl:"/wp-content/plugins/counter-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,counter-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/counter-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "counter-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/counter-box-e218b5d377826292a46ae91919228725.yaml b/nuclei-templates/cve-less/plugins/counter-box-e218b5d377826292a46ae91919228725.yaml new file mode 100644 index 0000000000..03e6d3ed15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/counter-box-e218b5d377826292a46ae91919228725.yaml @@ -0,0 +1,58 @@ +id: counter-box-e218b5d377826292a46ae91919228725 + +info: + name: > + Counter Box <= 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/332f8a7e-2342-4b77-a7d6-17137e432b5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/counter-box/" + google-query: inurl:"/wp-content/plugins/counter-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,counter-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/counter-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "counter-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/counter-yandex-metrica-ffdf4101e49b7fe440cdcd6bd244561e.yaml b/nuclei-templates/cve-less/plugins/counter-yandex-metrica-ffdf4101e49b7fe440cdcd6bd244561e.yaml new file mode 100644 index 0000000000..dc9a693f2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/counter-yandex-metrica-ffdf4101e49b7fe440cdcd6bd244561e.yaml @@ -0,0 +1,58 @@ +id: counter-yandex-metrica-ffdf4101e49b7fe440cdcd6bd244561e + +info: + name: > + Yandex Metrica Counter <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/173661aa-6895-41d6-8869-6abfd2eadf31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/counter-yandex-metrica/" + google-query: inurl:"/wp-content/plugins/counter-yandex-metrica/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,counter-yandex-metrica,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/counter-yandex-metrica/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "counter-yandex-metrica" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/country-state-city-auto-dropdown-b77c5c4f0c4cc702e5668e3bdfcce6f7.yaml b/nuclei-templates/cve-less/plugins/country-state-city-auto-dropdown-b77c5c4f0c4cc702e5668e3bdfcce6f7.yaml new file mode 100644 index 0000000000..94fe5602b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/country-state-city-auto-dropdown-b77c5c4f0c4cc702e5668e3bdfcce6f7.yaml @@ -0,0 +1,58 @@ +id: country-state-city-auto-dropdown-b77c5c4f0c4cc702e5668e3bdfcce6f7 + +info: + name: > + Country State City Dropdown CF7 <= 2.7.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08ccd4a3-ea1f-49b3-b4ce-ab1e247e1f76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/country-state-city-auto-dropdown/" + google-query: inurl:"/wp-content/plugins/country-state-city-auto-dropdown/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,country-state-city-auto-dropdown,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/country-state-city-auto-dropdown/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "country-state-city-auto-dropdown" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coupon-creator-143ae01b8a1b2078f71457c5b9d33fd9.yaml b/nuclei-templates/cve-less/plugins/coupon-creator-143ae01b8a1b2078f71457c5b9d33fd9.yaml new file mode 100644 index 0000000000..3193d2c0b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coupon-creator-143ae01b8a1b2078f71457c5b9d33fd9.yaml @@ -0,0 +1,58 @@ +id: coupon-creator-143ae01b8a1b2078f71457c5b9d33fd9 + +info: + name: > + Coupon Creator <= 3.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab57f010-4fd2-40c2-950f-c03888521c8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coupon-creator/" + google-query: inurl:"/wp-content/plugins/coupon-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coupon-creator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coupon-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coupon-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coupon-referral-program-8e1c97786e963545019da486b6c3016e.yaml b/nuclei-templates/cve-less/plugins/coupon-referral-program-8e1c97786e963545019da486b6c3016e.yaml new file mode 100644 index 0000000000..4765e69fb5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coupon-referral-program-8e1c97786e963545019da486b6c3016e.yaml @@ -0,0 +1,58 @@ +id: coupon-referral-program-8e1c97786e963545019da486b6c3016e + +info: + name: > + Coupon Referral Program <= 1.7.2 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e556ca2-1b83-4589-bff8-64323eb594e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coupon-referral-program/" + google-query: inurl:"/wp-content/plugins/coupon-referral-program/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coupon-referral-program,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coupon-referral-program/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coupon-referral-program" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coupon-referral-program-eb26b5bf441be9e4d97a8d78bbf90a65.yaml b/nuclei-templates/cve-less/plugins/coupon-referral-program-eb26b5bf441be9e4d97a8d78bbf90a65.yaml new file mode 100644 index 0000000000..ef2cab263d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coupon-referral-program-eb26b5bf441be9e4d97a8d78bbf90a65.yaml @@ -0,0 +1,58 @@ +id: coupon-referral-program-eb26b5bf441be9e4d97a8d78bbf90a65 + +info: + name: > + Coupon Referral Program <= 1.7.2 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6015e204-1e07-4c75-ad22-969045934468?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coupon-referral-program/" + google-query: inurl:"/wp-content/plugins/coupon-referral-program/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coupon-referral-program,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coupon-referral-program/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coupon-referral-program" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coupon-reveal-button-058f94a7273615ab6b78bfcaa4aea16c.yaml b/nuclei-templates/cve-less/plugins/coupon-reveal-button-058f94a7273615ab6b78bfcaa4aea16c.yaml new file mode 100644 index 0000000000..4e1bccae70 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coupon-reveal-button-058f94a7273615ab6b78bfcaa4aea16c.yaml @@ -0,0 +1,58 @@ +id: coupon-reveal-button-058f94a7273615ab6b78bfcaa4aea16c + +info: + name: > + Coupon & Discount Code Reveal Button <= 1.2.5 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a108f8bf-a77c-4f29-a63b-c535a054dcaf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coupon-reveal-button/" + google-query: inurl:"/wp-content/plugins/coupon-reveal-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coupon-reveal-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coupon-reveal-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coupon-reveal-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/coupon-zen-110c4d87a801a711ff37411fb7b2a2b0.yaml b/nuclei-templates/cve-less/plugins/coupon-zen-110c4d87a801a711ff37411fb7b2a2b0.yaml new file mode 100644 index 0000000000..b823cba542 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/coupon-zen-110c4d87a801a711ff37411fb7b2a2b0.yaml @@ -0,0 +1,58 @@ +id: coupon-zen-110c4d87a801a711ff37411fb7b2a2b0 + +info: + name: > + Coupon Zen <= 1.0.5 - Cross-Site Request Forgery to Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53d39276-5d92-4a5b-848d-33aefb18a970?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/coupon-zen/" + google-query: inurl:"/wp-content/plugins/coupon-zen/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,coupon-zen,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/coupon-zen/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "coupon-zen" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-blocks-b6fdd6c618695aebb9014f9dd705ea55.yaml b/nuclei-templates/cve-less/plugins/cp-blocks-b6fdd6c618695aebb9014f9dd705ea55.yaml new file mode 100644 index 0000000000..75851d598f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-blocks-b6fdd6c618695aebb9014f9dd705ea55.yaml @@ -0,0 +1,58 @@ +id: cp-blocks-b6fdd6c618695aebb9014f9dd705ea55 + +info: + name: > + CP Blocks <= 1.0.14 - Authenticated Stored Cross-Site Scripting via License ID settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a69fa8-c2a8-4d63-8db4-823122632b3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-blocks/" + google-query: inurl:"/wp-content/plugins/cp-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-blocks-b8cbfee14c6231d74725cad73dbf5ac2.yaml b/nuclei-templates/cve-less/plugins/cp-blocks-b8cbfee14c6231d74725cad73dbf5ac2.yaml new file mode 100644 index 0000000000..ea421ec361 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-blocks-b8cbfee14c6231d74725cad73dbf5ac2.yaml @@ -0,0 +1,58 @@ +id: cp-blocks-b8cbfee14c6231d74725cad73dbf5ac2 + +info: + name: > + CP Blocks <= 1.0.20 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35cd1788-1756-4d03-8f6f-e5e4153e3f4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-blocks/" + google-query: inurl:"/wp-content/plugins/cp-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-33bb20c48315e8c455839c78ef66e1b1.yaml b/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-33bb20c48315e8c455839c78ef66e1b1.yaml new file mode 100644 index 0000000000..bc576bc540 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-33bb20c48315e8c455839c78ef66e1b1.yaml @@ -0,0 +1,58 @@ +id: cp-contact-form-with-paypal-33bb20c48315e8c455839c78ef66e1b1 + +info: + name: > + CP Contact Form with PayPal < 1.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5137244c-584f-4b48-869a-b6669c84eaac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-contact-form-with-paypal/" + google-query: inurl:"/wp-content/plugins/cp-contact-form-with-paypal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-contact-form-with-paypal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-contact-form-with-paypal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-4612690a2b5b9e2adc467251d2200410.yaml b/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-4612690a2b5b9e2adc467251d2200410.yaml new file mode 100644 index 0000000000..3eeecbcc3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-4612690a2b5b9e2adc467251d2200410.yaml @@ -0,0 +1,58 @@ +id: cp-contact-form-with-paypal-4612690a2b5b9e2adc467251d2200410 + +info: + name: > + CP Contact Form with PayPal < 1.1.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bacd7942-99f6-46e0-85ef-863ab1bdfa6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-contact-form-with-paypal/" + google-query: inurl:"/wp-content/plugins/cp-contact-form-with-paypal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-contact-form-with-paypal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-contact-form-with-paypal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-beee0c1304e0da531df84f8029d7259b.yaml b/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-beee0c1304e0da531df84f8029d7259b.yaml new file mode 100644 index 0000000000..ae64067b59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-beee0c1304e0da531df84f8029d7259b.yaml @@ -0,0 +1,58 @@ +id: cp-contact-form-with-paypal-beee0c1304e0da531df84f8029d7259b + +info: + name: > + CP Contact Form with PayPal <= 1.3.01 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9c20584-d791-4788-8dc3-77069b92601f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-contact-form-with-paypal/" + google-query: inurl:"/wp-content/plugins/cp-contact-form-with-paypal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-contact-form-with-paypal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-contact-form-with-paypal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-c94ec523ba103bad6a372ee7e463bd4f.yaml b/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-c94ec523ba103bad6a372ee7e463bd4f.yaml new file mode 100644 index 0000000000..e8c14e1398 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-c94ec523ba103bad6a372ee7e463bd4f.yaml @@ -0,0 +1,58 @@ +id: cp-contact-form-with-paypal-c94ec523ba103bad6a372ee7e463bd4f + +info: + name: > + CP Contact Form with PayPal <= 1.3.01 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f26fcef3-6d94-46f6-9832-bdb03b6cb867?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-contact-form-with-paypal/" + google-query: inurl:"/wp-content/plugins/cp-contact-form-with-paypal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-contact-form-with-paypal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-contact-form-with-paypal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.02') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-e62ea330281841ac90814f51a2e6e358.yaml b/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-e62ea330281841ac90814f51a2e6e358.yaml new file mode 100644 index 0000000000..e49883510b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-contact-form-with-paypal-e62ea330281841ac90814f51a2e6e358.yaml @@ -0,0 +1,58 @@ +id: cp-contact-form-with-paypal-e62ea330281841ac90814f51a2e6e358 + +info: + name: > + CP Contact Form with Paypal <= 1.3.34 - Authenticated Feedback Submission + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba56d68-e104-4a79-b5b4-627f9617043b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-contact-form-with-paypal/" + google-query: inurl:"/wp-content/plugins/cp-contact-form-with-paypal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-contact-form-with-paypal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-contact-form-with-paypal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-contact-form-with-paypal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-easy-form-builder-7cb4dee16a7431d0aa1859c958e33f53.yaml b/nuclei-templates/cve-less/plugins/cp-easy-form-builder-7cb4dee16a7431d0aa1859c958e33f53.yaml new file mode 100644 index 0000000000..f81df91fd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-easy-form-builder-7cb4dee16a7431d0aa1859c958e33f53.yaml @@ -0,0 +1,58 @@ +id: cp-easy-form-builder-7cb4dee16a7431d0aa1859c958e33f53 + +info: + name: > + Form Builder CP <= 1.2.31 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15e86f80-b18c-42f7-bc41-6a3112cbb162?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-easy-form-builder/" + google-query: inurl:"/wp-content/plugins/cp-easy-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-easy-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-easy-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-easy-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-image-store-49c455ef861d32e49a005dd8ccd33e8b.yaml b/nuclei-templates/cve-less/plugins/cp-image-store-49c455ef861d32e49a005dd8ccd33e8b.yaml new file mode 100644 index 0000000000..35152955b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-image-store-49c455ef861d32e49a005dd8ccd33e8b.yaml @@ -0,0 +1,58 @@ +id: cp-image-store-49c455ef861d32e49a005dd8ccd33e8b + +info: + name: > + CP Image Store with Slideshow <= 1.0.67 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ded1b46e-b4b0-4f0d-929e-e1caf93576a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-image-store/" + google-query: inurl:"/wp-content/plugins/cp-image-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-image-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-image-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-image-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-00da8a794f6f0b78648d305ed7e6dd04.yaml b/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-00da8a794f6f0b78648d305ed7e6dd04.yaml new file mode 100644 index 0000000000..dea493713f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-00da8a794f6f0b78648d305ed7e6dd04.yaml @@ -0,0 +1,58 @@ +id: cp-multi-view-calendar-00da8a794f6f0b78648d305ed7e6dd04 + +info: + name: > + Calendar Event Multi View <= 1.3.99 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66351875-42d7-45f4-a47f-22e3e26b2770?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-multi-view-calendar/" + google-query: inurl:"/wp-content/plugins/cp-multi-view-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-multi-view-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-multi-view-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-multi-view-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.99') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-0bfff3a27e6168b67b0fbc2473230506.yaml b/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-0bfff3a27e6168b67b0fbc2473230506.yaml new file mode 100644 index 0000000000..f8533a568c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-0bfff3a27e6168b67b0fbc2473230506.yaml @@ -0,0 +1,58 @@ +id: cp-multi-view-calendar-0bfff3a27e6168b67b0fbc2473230506 + +info: + name: > + Calendar Event Multi View < 1.0.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7085e16a-cdf3-4467-b957-23ab372416e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-multi-view-calendar/" + google-query: inurl:"/wp-content/plugins/cp-multi-view-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-multi-view-calendar,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-multi-view-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-multi-view-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-184f300745326a1b6a8a5b5650121584.yaml b/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-184f300745326a1b6a8a5b5650121584.yaml new file mode 100644 index 0000000000..3558075516 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-184f300745326a1b6a8a5b5650121584.yaml @@ -0,0 +1,58 @@ +id: cp-multi-view-calendar-184f300745326a1b6a8a5b5650121584 + +info: + name: > + Calendar Event Multi View <= 1.4.06 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/488bafe4-746a-4531-95ac-30d17ace2239?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-multi-view-calendar/" + google-query: inurl:"/wp-content/plugins/cp-multi-view-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-multi-view-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-multi-view-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-multi-view-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.06') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-43693b5261d7e0528a3c7e646e9f1d6c.yaml b/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-43693b5261d7e0528a3c7e646e9f1d6c.yaml new file mode 100644 index 0000000000..9c0bb79b04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-43693b5261d7e0528a3c7e646e9f1d6c.yaml @@ -0,0 +1,58 @@ +id: cp-multi-view-calendar-43693b5261d7e0528a3c7e646e9f1d6c + +info: + name: > + CP Multi View Event Calendar <= 1.4.13 - Insufficient Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13d0eb8a-5b63-460e-b4ba-a3ed80c84fc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-multi-view-calendar/" + google-query: inurl:"/wp-content/plugins/cp-multi-view-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-multi-view-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-multi-view-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-multi-view-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-7f3bbc96f4be604cf6114ca81b08ca3f.yaml b/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-7f3bbc96f4be604cf6114ca81b08ca3f.yaml new file mode 100644 index 0000000000..37fe5b0caa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-multi-view-calendar-7f3bbc96f4be604cf6114ca81b08ca3f.yaml @@ -0,0 +1,58 @@ +id: cp-multi-view-calendar-7f3bbc96f4be604cf6114ca81b08ca3f + +info: + name: > + CP Multi View Event Calendar <= 1.4.10 - Missing Authentication leading to Authenticated (Subscriber+) Private Form Submission + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49ebff14-ce09-4607-8246-50ae028957f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-multi-view-calendar/" + google-query: inurl:"/wp-content/plugins/cp-multi-view-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-multi-view-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-multi-view-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-multi-view-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-polls-49a01bc79b6fdfb5a76a16441b827dc7.yaml b/nuclei-templates/cve-less/plugins/cp-polls-49a01bc79b6fdfb5a76a16441b827dc7.yaml new file mode 100644 index 0000000000..f67ee0eec0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-polls-49a01bc79b6fdfb5a76a16441b827dc7.yaml @@ -0,0 +1,58 @@ +id: cp-polls-49a01bc79b6fdfb5a76a16441b827dc7 + +info: + name: > + Polls CP <= 1.0.1 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed1f3d5a-9551-421e-8f38-416976a704ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-polls/" + google-query: inurl:"/wp-content/plugins/cp-polls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-polls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-polls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-polls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-polls-51f0935847f259142e562e47f27b4145.yaml b/nuclei-templates/cve-less/plugins/cp-polls-51f0935847f259142e562e47f27b4145.yaml new file mode 100644 index 0000000000..feb876d22c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-polls-51f0935847f259142e562e47f27b4145.yaml @@ -0,0 +1,58 @@ +id: cp-polls-51f0935847f259142e562e47f27b4145 + +info: + name: > + CP Polls <= 1.0.71 - Unauthenticated Poll Limit Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c80de83-3996-4048-8aa3-3611b002fc01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-polls/" + google-query: inurl:"/wp-content/plugins/cp-polls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-polls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-polls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-polls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.71') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-polls-87b936573487d2a82b44f72e3ce646b8.yaml b/nuclei-templates/cve-less/plugins/cp-polls-87b936573487d2a82b44f72e3ce646b8.yaml new file mode 100644 index 0000000000..0f3ef6b6b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-polls-87b936573487d2a82b44f72e3ce646b8.yaml @@ -0,0 +1,58 @@ +id: cp-polls-87b936573487d2a82b44f72e3ce646b8 + +info: + name: > + Polls CP < 1.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e3e73b4-591d-4520-afd5-44e2bb76e4f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-polls/" + google-query: inurl:"/wp-content/plugins/cp-polls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-polls,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-polls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-polls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-polls-ab3c3e9805ecb63c9f5865d7cc04e6fb.yaml b/nuclei-templates/cve-less/plugins/cp-polls-ab3c3e9805ecb63c9f5865d7cc04e6fb.yaml new file mode 100644 index 0000000000..aba9c1196a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-polls-ab3c3e9805ecb63c9f5865d7cc04e6fb.yaml @@ -0,0 +1,58 @@ +id: cp-polls-ab3c3e9805ecb63c9f5865d7cc04e6fb + +info: + name: > + Polls CP < 1.0.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3137db18-6032-4ba5-9790-c1a7a95072b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-polls/" + google-query: inurl:"/wp-content/plugins/cp-polls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-polls,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-polls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-polls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-polls-e2d507e5368356b0023e6347145e20b6.yaml b/nuclei-templates/cve-less/plugins/cp-polls-e2d507e5368356b0023e6347145e20b6.yaml new file mode 100644 index 0000000000..923fb96c64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-polls-e2d507e5368356b0023e6347145e20b6.yaml @@ -0,0 +1,58 @@ +id: cp-polls-e2d507e5368356b0023e6347145e20b6 + +info: + name: > + CP Polls <= 1.0.71 - Unauthenticated Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f28d7659-9244-4da8-97e9-4539d7d874f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-polls/" + google-query: inurl:"/wp-content/plugins/cp-polls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-polls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-polls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-polls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.71') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cp-reservation-calendar-264c8b14fe403c6cf4002aa9134524ee.yaml b/nuclei-templates/cve-less/plugins/cp-reservation-calendar-264c8b14fe403c6cf4002aa9134524ee.yaml new file mode 100644 index 0000000000..0861587722 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cp-reservation-calendar-264c8b14fe403c6cf4002aa9134524ee.yaml @@ -0,0 +1,58 @@ +id: cp-reservation-calendar-264c8b14fe403c6cf4002aa9134524ee + +info: + name: > + CP Reservation Calendar < 1.1.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f93ecf7-ba49-47f6-abe3-33e3bc6e7054?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cp-reservation-calendar/" + google-query: inurl:"/wp-content/plugins/cp-reservation-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cp-reservation-calendar,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cp-reservation-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cp-reservation-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpl-8f2565646e20d8caed1d049227635516.yaml b/nuclei-templates/cve-less/plugins/cpl-8f2565646e20d8caed1d049227635516.yaml new file mode 100644 index 0000000000..b4ab8c2b54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpl-8f2565646e20d8caed1d049227635516.yaml @@ -0,0 +1,58 @@ +id: cpl-8f2565646e20d8caed1d049227635516 + +info: + name: > + Copperleaf Photolog <= 0.16- SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cccbdb49-d423-4955-a078-ae0acdb79804?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpl/" + google-query: inurl:"/wp-content/plugins/cpl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpl,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpo-companion-1cb9694a410b975eefa3459fd9bd670b.yaml b/nuclei-templates/cve-less/plugins/cpo-companion-1cb9694a410b975eefa3459fd9bd670b.yaml new file mode 100644 index 0000000000..a9c5441792 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpo-companion-1cb9694a410b975eefa3459fd9bd670b.yaml @@ -0,0 +1,58 @@ +id: cpo-companion-1cb9694a410b975eefa3459fd9bd670b + +info: + name: > + CPO Companion <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5a4ebe-5d01-4d5e-b62b-a264b61fc6ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpo-companion/" + google-query: inurl:"/wp-content/plugins/cpo-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpo-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpo-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpo-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpo-companion-4e988801588842dadfebdadb774a426e.yaml b/nuclei-templates/cve-less/plugins/cpo-companion-4e988801588842dadfebdadb774a426e.yaml new file mode 100644 index 0000000000..a4b00117b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpo-companion-4e988801588842dadfebdadb774a426e.yaml @@ -0,0 +1,58 @@ +id: cpo-companion-4e988801588842dadfebdadb774a426e + +info: + name: > + CPO Companion <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/920dbe31-ccbd-4ad9-9c5f-f7389c1b4318?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpo-companion/" + google-query: inurl:"/wp-content/plugins/cpo-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpo-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpo-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpo-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpo-companion-a426d8604178ea06fd441814d816d538.yaml b/nuclei-templates/cve-less/plugins/cpo-companion-a426d8604178ea06fd441814d816d538.yaml new file mode 100644 index 0000000000..79aaa6933b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpo-companion-a426d8604178ea06fd441814d816d538.yaml @@ -0,0 +1,58 @@ +id: cpo-companion-a426d8604178ea06fd441814d816d538 + +info: + name: > + CPO Companion <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9195ac7e-2995-44d0-b5c6-8ffb47395f24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpo-companion/" + google-query: inurl:"/wp-content/plugins/cpo-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpo-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpo-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpo-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpo-content-types-20277bf2aad5677f3f9bd4eac5f630c9.yaml b/nuclei-templates/cve-less/plugins/cpo-content-types-20277bf2aad5677f3f9bd4eac5f630c9.yaml new file mode 100644 index 0000000000..ed68e33e6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpo-content-types-20277bf2aad5677f3f9bd4eac5f630c9.yaml @@ -0,0 +1,58 @@ +id: cpo-content-types-20277bf2aad5677f3f9bd4eac5f630c9 + +info: + name: > + CPO Content Types <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d0b1e05-0e28-4cf5-a278-ea91b6c9d253?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpo-content-types/" + google-query: inurl:"/wp-content/plugins/cpo-content-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpo-content-types,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpo-content-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpo-content-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpo-shortcodes-95b40623fcd88a0f55eead954c03a159.yaml b/nuclei-templates/cve-less/plugins/cpo-shortcodes-95b40623fcd88a0f55eead954c03a159.yaml new file mode 100644 index 0000000000..06428b95c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpo-shortcodes-95b40623fcd88a0f55eead954c03a159.yaml @@ -0,0 +1,58 @@ +id: cpo-shortcodes-95b40623fcd88a0f55eead954c03a159 + +info: + name: > + CPO Shortcodes <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8ba38c3-51d2-43a7-89ff-c72a8edc946b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpo-shortcodes/" + google-query: inurl:"/wp-content/plugins/cpo-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpo-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpo-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpo-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpo-shortcodes-f0281688d74f818cfad7334eba1cc561.yaml b/nuclei-templates/cve-less/plugins/cpo-shortcodes-f0281688d74f818cfad7334eba1cc561.yaml new file mode 100644 index 0000000000..75f86b98aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpo-shortcodes-f0281688d74f818cfad7334eba1cc561.yaml @@ -0,0 +1,58 @@ +id: cpo-shortcodes-f0281688d74f818cfad7334eba1cc561 + +info: + name: > + CPO Shortcodes <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/978159d3-39b2-49b7-a59a-2da72f1792fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpo-shortcodes/" + google-query: inurl:"/wp-content/plugins/cpo-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpo-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpo-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpo-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpt-bootstrap-carousel-690a69806e87114ee81f4affa15549cd.yaml b/nuclei-templates/cve-less/plugins/cpt-bootstrap-carousel-690a69806e87114ee81f4affa15549cd.yaml new file mode 100644 index 0000000000..5647ad9a51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpt-bootstrap-carousel-690a69806e87114ee81f4affa15549cd.yaml @@ -0,0 +1,58 @@ +id: cpt-bootstrap-carousel-690a69806e87114ee81f4affa15549cd + +info: + name: > + CPT Bootstrap Carousel <= 1.12 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a78321b7-b62b-40ab-a15d-037ebd905d8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpt-bootstrap-carousel/" + google-query: inurl:"/wp-content/plugins/cpt-bootstrap-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpt-bootstrap-carousel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpt-bootstrap-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpt-bootstrap-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpt-bootstrap-carousel-e983f7dc1644cbc367524173b0bfd556.yaml b/nuclei-templates/cve-less/plugins/cpt-bootstrap-carousel-e983f7dc1644cbc367524173b0bfd556.yaml new file mode 100644 index 0000000000..ffb44723f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpt-bootstrap-carousel-e983f7dc1644cbc367524173b0bfd556.yaml @@ -0,0 +1,58 @@ +id: cpt-bootstrap-carousel-e983f7dc1644cbc367524173b0bfd556 + +info: + name: > + CPT Bootstrap Carousel <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44370988-3c55-490e-b428-da9cb6df1a4b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpt-bootstrap-carousel/" + google-query: inurl:"/wp-content/plugins/cpt-bootstrap-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpt-bootstrap-carousel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpt-bootstrap-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpt-bootstrap-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpt-shortcode-62cbd308ef66719516de2026de43669c.yaml b/nuclei-templates/cve-less/plugins/cpt-shortcode-62cbd308ef66719516de2026de43669c.yaml new file mode 100644 index 0000000000..b7e61183be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpt-shortcode-62cbd308ef66719516de2026de43669c.yaml @@ -0,0 +1,58 @@ +id: cpt-shortcode-62cbd308ef66719516de2026de43669c + +info: + name: > + CPT Shortcode Generator <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4782d4ea-3d79-40d2-850d-1a7583267616?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpt-shortcode/" + google-query: inurl:"/wp-content/plugins/cpt-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpt-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpt-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpt-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpt-shortcode-f4d676108d638d4ae50c1c8a6da03c12.yaml b/nuclei-templates/cve-less/plugins/cpt-shortcode-f4d676108d638d4ae50c1c8a6da03c12.yaml new file mode 100644 index 0000000000..309c409e42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpt-shortcode-f4d676108d638d4ae50c1c8a6da03c12.yaml @@ -0,0 +1,58 @@ +id: cpt-shortcode-f4d676108d638d4ae50c1c8a6da03c12 + +info: + name: > + CPT Shortcode Generator <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6125a8e6-4c87-4136-ba39-c3a089948733?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpt-shortcode/" + google-query: inurl:"/wp-content/plugins/cpt-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpt-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpt-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpt-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cpt-speakers-0fbf5aeb9219f7fac5b857b809c640a1.yaml b/nuclei-templates/cve-less/plugins/cpt-speakers-0fbf5aeb9219f7fac5b857b809c640a1.yaml new file mode 100644 index 0000000000..b60a80026f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cpt-speakers-0fbf5aeb9219f7fac5b857b809c640a1.yaml @@ -0,0 +1,58 @@ +id: cpt-speakers-0fbf5aeb9219f7fac5b857b809c640a1 + +info: + name: > + CPT – Speakers <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae7c41fd-6ad6-49da-a213-686157e029d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cpt-speakers/" + google-query: inurl:"/wp-content/plugins/cpt-speakers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cpt-speakers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cpt-speakers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cpt-speakers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crafty-social-buttons-10ee5b6870d72574cd2ceacdf76db39e.yaml b/nuclei-templates/cve-less/plugins/crafty-social-buttons-10ee5b6870d72574cd2ceacdf76db39e.yaml new file mode 100644 index 0000000000..424b05534e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crafty-social-buttons-10ee5b6870d72574cd2ceacdf76db39e.yaml @@ -0,0 +1,58 @@ +id: crafty-social-buttons-10ee5b6870d72574cd2ceacdf76db39e + +info: + name: > + Crafty Social Buttons < 1.5.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07d1c715-3620-4b82-a883-57b24c8cd031?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crafty-social-buttons/" + google-query: inurl:"/wp-content/plugins/crafty-social-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crafty-social-buttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crafty-social-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crafty-social-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/craw-data-ba3212d4cf255eee79a1e340ae3eb317.yaml b/nuclei-templates/cve-less/plugins/craw-data-ba3212d4cf255eee79a1e340ae3eb317.yaml new file mode 100644 index 0000000000..1b9965809b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/craw-data-ba3212d4cf255eee79a1e340ae3eb317.yaml @@ -0,0 +1,58 @@ +id: craw-data-ba3212d4cf255eee79a1e340ae3eb317 + +info: + name: > + Craw Data <= 1.0.0 - Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8fe569a-62dd-4be5-915d-de589663658f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/craw-data/" + google-query: inurl:"/wp-content/plugins/craw-data/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,craw-data,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/craw-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "craw-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-a24d4eae978465f1c7539ec2afb5d89a.yaml b/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-a24d4eae978465f1c7539ec2afb5d89a.yaml new file mode 100644 index 0000000000..2912fbe6ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-a24d4eae978465f1c7539ec2afb5d89a.yaml @@ -0,0 +1,58 @@ +id: crayon-syntax-highlighter-a24d4eae978465f1c7539ec2afb5d89a + +info: + name: > + Crayon Syntax Highlighter < 2.8.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd4336a9-35db-4994-9e2a-5ed9b51a74ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crayon-syntax-highlighter/" + google-query: inurl:"/wp-content/plugins/crayon-syntax-highlighter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crayon-syntax-highlighter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crayon-syntax-highlighter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crayon-syntax-highlighter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-b80148cb4f7c1ba75ee55b0181d810f7.yaml b/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-b80148cb4f7c1ba75ee55b0181d810f7.yaml new file mode 100644 index 0000000000..484f5ded17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-b80148cb4f7c1ba75ee55b0181d810f7.yaml @@ -0,0 +1,58 @@ +id: crayon-syntax-highlighter-b80148cb4f7c1ba75ee55b0181d810f7 + +info: + name: > + Crayon Syntax Highlighter <= 2.8.4 - Authenticated (Contributor+) Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/527f75f1-6361-4e16-8ae4-d38ca4589811?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crayon-syntax-highlighter/" + google-query: inurl:"/wp-content/plugins/crayon-syntax-highlighter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crayon-syntax-highlighter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crayon-syntax-highlighter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crayon-syntax-highlighter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-d47618ad7b3ff873ed22aa3e5efab3e0.yaml b/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-d47618ad7b3ff873ed22aa3e5efab3e0.yaml new file mode 100644 index 0000000000..9082202cf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crayon-syntax-highlighter-d47618ad7b3ff873ed22aa3e5efab3e0.yaml @@ -0,0 +1,58 @@ +id: crayon-syntax-highlighter-d47618ad7b3ff873ed22aa3e5efab3e0 + +info: + name: > + Crayon Syntax Highlighter <= 2.8.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/225ea5b3-08a9-40c2-a755-7783475946c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crayon-syntax-highlighter/" + google-query: inurl:"/wp-content/plugins/crayon-syntax-highlighter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crayon-syntax-highlighter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crayon-syntax-highlighter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crayon-syntax-highlighter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crazy-bone-cbc819d180f6774324bc2ec20985637c.yaml b/nuclei-templates/cve-less/plugins/crazy-bone-cbc819d180f6774324bc2ec20985637c.yaml new file mode 100644 index 0000000000..98fe0299cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crazy-bone-cbc819d180f6774324bc2ec20985637c.yaml @@ -0,0 +1,58 @@ +id: crazy-bone-cbc819d180f6774324bc2ec20985637c + +info: + name: > + Crazy Bone <= 0.6.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e3f4e4f-6781-4134-b0ba-3625d7009d0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crazy-bone/" + google-query: inurl:"/wp-content/plugins/crazy-bone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crazy-bone,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crazy-bone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crazy-bone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crazy-bone-fc9bfd70a66ba0377d47424bbce696e0.yaml b/nuclei-templates/cve-less/plugins/crazy-bone-fc9bfd70a66ba0377d47424bbce696e0.yaml new file mode 100644 index 0000000000..ebaa126c0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crazy-bone-fc9bfd70a66ba0377d47424bbce696e0.yaml @@ -0,0 +1,58 @@ +id: crazy-bone-fc9bfd70a66ba0377d47424bbce696e0 + +info: + name: > + Crazy Bone < 0.6.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99dfacb4-f784-4e8d-b411-7cab7683c7c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crazy-bone/" + google-query: inurl:"/wp-content/plugins/crazy-bone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crazy-bone,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crazy-bone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crazy-bone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/creative-addons-for-elementor-20f6bee077964f1739b79a57d0927952.yaml b/nuclei-templates/cve-less/plugins/creative-addons-for-elementor-20f6bee077964f1739b79a57d0927952.yaml new file mode 100644 index 0000000000..d3c2de0d40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/creative-addons-for-elementor-20f6bee077964f1739b79a57d0927952.yaml @@ -0,0 +1,58 @@ +id: creative-addons-for-elementor-20f6bee077964f1739b79a57d0927952 + +info: + name: > + Creative Addons for Elementor <= 1.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33581898-067b-445c-8ad0-12ff4778a13c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/creative-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/creative-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,creative-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/creative-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "creative-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/creative-image-slider-57ebfd8af23d19d638563ef7a40bf411.yaml b/nuclei-templates/cve-less/plugins/creative-image-slider-57ebfd8af23d19d638563ef7a40bf411.yaml new file mode 100644 index 0000000000..e5cb1f9a47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/creative-image-slider-57ebfd8af23d19d638563ef7a40bf411.yaml @@ -0,0 +1,58 @@ +id: creative-image-slider-57ebfd8af23d19d638563ef7a40bf411 + +info: + name: > + Creative Image Slider – Responsive Slider Plugin <= 2.1.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd6cc95c-451b-4ad7-bb5b-bbb9bc3c89c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/creative-image-slider/" + google-query: inurl:"/wp-content/plugins/creative-image-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,creative-image-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/creative-image-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "creative-image-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/creative-mail-by-constant-contact-20e49640b2d172fe60c3e66f7c5c2961.yaml b/nuclei-templates/cve-less/plugins/creative-mail-by-constant-contact-20e49640b2d172fe60c3e66f7c5c2961.yaml new file mode 100644 index 0000000000..b1d5371491 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/creative-mail-by-constant-contact-20e49640b2d172fe60c3e66f7c5c2961.yaml @@ -0,0 +1,58 @@ +id: creative-mail-by-constant-contact-20e49640b2d172fe60c3e66f7c5c2961 + +info: + name: > + Creative Mail <= 1.5.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8a67cad-b52d-4294-9c27-13b1dc1f2e59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/creative-mail-by-constant-contact/" + google-query: inurl:"/wp-content/plugins/creative-mail-by-constant-contact/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,creative-mail-by-constant-contact,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/creative-mail-by-constant-contact/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "creative-mail-by-constant-contact" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/creative-mail-by-constant-contact-883ac125446954bc56b63a659310e326.yaml b/nuclei-templates/cve-less/plugins/creative-mail-by-constant-contact-883ac125446954bc56b63a659310e326.yaml new file mode 100644 index 0000000000..b3efef96b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/creative-mail-by-constant-contact-883ac125446954bc56b63a659310e326.yaml @@ -0,0 +1,58 @@ +id: creative-mail-by-constant-contact-883ac125446954bc56b63a659310e326 + +info: + name: > + Creative Mail <= 1.5.4 - Cross-Site Request Forgery to Settings Disconnect + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d143cefc-e387-47bd-aff6-a2099f704d20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/creative-mail-by-constant-contact/" + google-query: inurl:"/wp-content/plugins/creative-mail-by-constant-contact/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,creative-mail-by-constant-contact,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/creative-mail-by-constant-contact/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "creative-mail-by-constant-contact" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/creative-mail-by-constant-contact-f890a87599d700193f94857dcecd8b3d.yaml b/nuclei-templates/cve-less/plugins/creative-mail-by-constant-contact-f890a87599d700193f94857dcecd8b3d.yaml new file mode 100644 index 0000000000..21b290eb75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/creative-mail-by-constant-contact-f890a87599d700193f94857dcecd8b3d.yaml @@ -0,0 +1,58 @@ +id: creative-mail-by-constant-contact-f890a87599d700193f94857dcecd8b3d + +info: + name: > + Creative Mail <= 1.5.4 - Cross-Site Request Forgery to Plugin Deactivation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23a20e57-0228-4e37-a105-e693c05a0a24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/creative-mail-by-constant-contact/" + google-query: inurl:"/wp-content/plugins/creative-mail-by-constant-contact/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,creative-mail-by-constant-contact,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/creative-mail-by-constant-contact/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "creative-mail-by-constant-contact" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/credit-tracker-1adc9982ddc5e20d6e411f5dbc1caf02.yaml b/nuclei-templates/cve-less/plugins/credit-tracker-1adc9982ddc5e20d6e411f5dbc1caf02.yaml new file mode 100644 index 0000000000..f83fb2c7b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/credit-tracker-1adc9982ddc5e20d6e411f5dbc1caf02.yaml @@ -0,0 +1,58 @@ +id: credit-tracker-1adc9982ddc5e20d6e411f5dbc1caf02 + +info: + name: > + Credit Tracker <= 1.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b611f3ba-ac36-49fc-a75f-10003c5ca955?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/credit-tracker/" + google-query: inurl:"/wp-content/plugins/credit-tracker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,credit-tracker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/credit-tracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "credit-tracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/credova-financial-bed2d5e11413b5522569fa9192fcca60.yaml b/nuclei-templates/cve-less/plugins/credova-financial-bed2d5e11413b5522569fa9192fcca60.yaml new file mode 100644 index 0000000000..c1f5e2fd83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/credova-financial-bed2d5e11413b5522569fa9192fcca60.yaml @@ -0,0 +1,58 @@ +id: credova-financial-bed2d5e11413b5522569fa9192fcca60 + +info: + name: > + Credova_Financial <= 1.4.8 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/034246b2-e123-480d-afaf-cce9d42f1f03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/credova-financial/" + google-query: inurl:"/wp-content/plugins/credova-financial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,credova-financial,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/credova-financial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "credova-financial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crelly-slider-11611891705bb620b2fbc93feb153c11.yaml b/nuclei-templates/cve-less/plugins/crelly-slider-11611891705bb620b2fbc93feb153c11.yaml new file mode 100644 index 0000000000..bda10f63b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crelly-slider-11611891705bb620b2fbc93feb153c11.yaml @@ -0,0 +1,58 @@ +id: crelly-slider-11611891705bb620b2fbc93feb153c11 + +info: + name: > + Crelly Slider <= 1.3.4 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9fbd7ee-cfd0-4621-9eb9-df0202657ce9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crelly-slider/" + google-query: inurl:"/wp-content/plugins/crelly-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crelly-slider,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crelly-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crelly-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crelly-slider-4ff3f91a93b3247cebd7620836598b68.yaml b/nuclei-templates/cve-less/plugins/crelly-slider-4ff3f91a93b3247cebd7620836598b68.yaml new file mode 100644 index 0000000000..bb6179002a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crelly-slider-4ff3f91a93b3247cebd7620836598b68.yaml @@ -0,0 +1,58 @@ +id: crelly-slider-4ff3f91a93b3247cebd7620836598b68 + +info: + name: > + Crelly Slider <= 1.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4acc1fd2-0024-4c35-b8c6-94203b91e985?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crelly-slider/" + google-query: inurl:"/wp-content/plugins/crelly-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crelly-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crelly-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crelly-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crelly-slider-f264ee9267574176bc2aef0a4dad14ac.yaml b/nuclei-templates/cve-less/plugins/crelly-slider-f264ee9267574176bc2aef0a4dad14ac.yaml new file mode 100644 index 0000000000..1e87718be0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crelly-slider-f264ee9267574176bc2aef0a4dad14ac.yaml @@ -0,0 +1,58 @@ +id: crelly-slider-f264ee9267574176bc2aef0a4dad14ac + +info: + name: > + Crelly Slider <= 1.4.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a885e5db-dc84-46db-960e-63f62709e1b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crelly-slider/" + google-query: inurl:"/wp-content/plugins/crelly-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crelly-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crelly-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crelly-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crisp-2b1c5b57df30a34984198b5c1016c519.yaml b/nuclei-templates/cve-less/plugins/crisp-2b1c5b57df30a34984198b5c1016c519.yaml new file mode 100644 index 0000000000..dcdacd02f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crisp-2b1c5b57df30a34984198b5c1016c519.yaml @@ -0,0 +1,58 @@ +id: crisp-2b1c5b57df30a34984198b5c1016c519 + +info: + name: > + Crisp <= 0.44 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e97d9dd-7d4a-4862-abba-6e8816bbbe9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crisp/" + google-query: inurl:"/wp-content/plugins/crisp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crisp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crisp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crisp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crisp-3e9db5ca5f74e03bc884849a472e7363.yaml b/nuclei-templates/cve-less/plugins/crisp-3e9db5ca5f74e03bc884849a472e7363.yaml new file mode 100644 index 0000000000..bf89b6d50b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crisp-3e9db5ca5f74e03bc884849a472e7363.yaml @@ -0,0 +1,58 @@ +id: crisp-3e9db5ca5f74e03bc884849a472e7363 + +info: + name: > + Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bcc8b84-34ac-4f8f-9a74-43b230877e92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crisp/" + google-query: inurl:"/wp-content/plugins/crisp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crisp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crisp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crisp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crm-customer-relationship-management-by-vcita-6c0eb1e7574e09726dcd946f510854bd.yaml b/nuclei-templates/cve-less/plugins/crm-customer-relationship-management-by-vcita-6c0eb1e7574e09726dcd946f510854bd.yaml new file mode 100644 index 0000000000..2c4554d160 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crm-customer-relationship-management-by-vcita-6c0eb1e7574e09726dcd946f510854bd.yaml @@ -0,0 +1,58 @@ +id: crm-customer-relationship-management-by-vcita-6c0eb1e7574e09726dcd946f510854bd + +info: + name: > + CRM and Lead Management by vcita <= 2.6.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f75c6bf-1b93-49d5-b5fb-e59b4e67432f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crm-customer-relationship-management-by-vcita/" + google-query: inurl:"/wp-content/plugins/crm-customer-relationship-management-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crm-customer-relationship-management-by-vcita,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crm-customer-relationship-management-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crm-customer-relationship-management-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crm-customer-relationship-management-by-vcita-8a9c908ec048eb5db70aedddafa15d74.yaml b/nuclei-templates/cve-less/plugins/crm-customer-relationship-management-by-vcita-8a9c908ec048eb5db70aedddafa15d74.yaml new file mode 100644 index 0000000000..64ada606d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crm-customer-relationship-management-by-vcita-8a9c908ec048eb5db70aedddafa15d74.yaml @@ -0,0 +1,58 @@ +id: crm-customer-relationship-management-by-vcita-8a9c908ec048eb5db70aedddafa15d74 + +info: + name: > + CRM and Lead Management by vcita <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e26ccd06-22e0-4d91-a53a-df6ead8a8e3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crm-customer-relationship-management-by-vcita/" + google-query: inurl:"/wp-content/plugins/crm-customer-relationship-management-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crm-customer-relationship-management-by-vcita,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crm-customer-relationship-management-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crm-customer-relationship-management-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crm-memberships-f670252b93de10e17e15c533cbe48519.yaml b/nuclei-templates/cve-less/plugins/crm-memberships-f670252b93de10e17e15c533cbe48519.yaml new file mode 100644 index 0000000000..2ed61c202d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crm-memberships-f670252b93de10e17e15c533cbe48519.yaml @@ -0,0 +1,58 @@ +id: crm-memberships-f670252b93de10e17e15c533cbe48519 + +info: + name: > + CRM Memberships <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07c3c8d9-64c9-4d16-9a35-8477b358123f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crm-memberships/" + google-query: inurl:"/wp-content/plugins/crm-memberships/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crm-memberships,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crm-memberships/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crm-memberships" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crm-perks-forms-5b58119863530e15cb2cb1eb0cca6c45.yaml b/nuclei-templates/cve-less/plugins/crm-perks-forms-5b58119863530e15cb2cb1eb0cca6c45.yaml new file mode 100644 index 0000000000..15ce99be4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crm-perks-forms-5b58119863530e15cb2cb1eb0cca6c45.yaml @@ -0,0 +1,58 @@ +id: crm-perks-forms-5b58119863530e15cb2cb1eb0cca6c45 + +info: + name: > + CRM Perks Forms <= 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/793df609-77bb-47fd-8383-93884675f217?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crm-perks-forms/" + google-query: inurl:"/wp-content/plugins/crm-perks-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crm-perks-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crm-perks-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crm-perks-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crm-perks-forms-6323dfe519d667ba98cb2cb3a674b49d.yaml b/nuclei-templates/cve-less/plugins/crm-perks-forms-6323dfe519d667ba98cb2cb3a674b49d.yaml new file mode 100644 index 0000000000..f4ef722d71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crm-perks-forms-6323dfe519d667ba98cb2cb3a674b49d.yaml @@ -0,0 +1,58 @@ +id: crm-perks-forms-6323dfe519d667ba98cb2cb3a674b49d + +info: + name: > + CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22e09431-dd71-4a90-84ba-4b676ec8ccb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crm-perks-forms/" + google-query: inurl:"/wp-content/plugins/crm-perks-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crm-perks-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crm-perks-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crm-perks-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crm-perks-forms-84e13e367dca55445350e25af8c4c3b9.yaml b/nuclei-templates/cve-less/plugins/crm-perks-forms-84e13e367dca55445350e25af8c4c3b9.yaml new file mode 100644 index 0000000000..565399eef7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crm-perks-forms-84e13e367dca55445350e25af8c4c3b9.yaml @@ -0,0 +1,58 @@ +id: crm-perks-forms-84e13e367dca55445350e25af8c4c3b9 + +info: + name: > + CRM Perks Forms <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de11636b-a051-4e76-bc26-ed76f66fe0df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crm-perks-forms/" + google-query: inurl:"/wp-content/plugins/crm-perks-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crm-perks-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crm-perks-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crm-perks-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crm-perks-forms-aa8353adb3620cf0044ffd866cd1ea46.yaml b/nuclei-templates/cve-less/plugins/crm-perks-forms-aa8353adb3620cf0044ffd866cd1ea46.yaml new file mode 100644 index 0000000000..ddd902707d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crm-perks-forms-aa8353adb3620cf0044ffd866cd1ea46.yaml @@ -0,0 +1,58 @@ +id: crm-perks-forms-aa8353adb3620cf0044ffd866cd1ea46 + +info: + name: > + CRM Perks Forms <= 1.1.4 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3abba90-9503-484e-bc2b-c6105bec698b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crm-perks-forms/" + google-query: inurl:"/wp-content/plugins/crm-perks-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crm-perks-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crm-perks-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crm-perks-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crm-perks-forms-c0c58834ca90dc6201d9f559b76ed213.yaml b/nuclei-templates/cve-less/plugins/crm-perks-forms-c0c58834ca90dc6201d9f559b76ed213.yaml new file mode 100644 index 0000000000..f8c62c074e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crm-perks-forms-c0c58834ca90dc6201d9f559b76ed213.yaml @@ -0,0 +1,58 @@ +id: crm-perks-forms-c0c58834ca90dc6201d9f559b76ed213 + +info: + name: > + CRM Perks Forms <= 1.1.4 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e84d50e1-65fe-4323-981f-e2ae6da0ddab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crm-perks-forms/" + google-query: inurl:"/wp-content/plugins/crm-perks-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crm-perks-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crm-perks-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crm-perks-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crm-perks-forms-f99e157b145b06140fa576ea488dbce3.yaml b/nuclei-templates/cve-less/plugins/crm-perks-forms-f99e157b145b06140fa576ea488dbce3.yaml new file mode 100644 index 0000000000..56f667a08f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crm-perks-forms-f99e157b145b06140fa576ea488dbce3.yaml @@ -0,0 +1,58 @@ +id: crm-perks-forms-f99e157b145b06140fa576ea488dbce3 + +info: + name: > + CRM Perks Forms <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca954d68-18a5-47e2-af56-261c7a55b017?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crm-perks-forms/" + google-query: inurl:"/wp-content/plugins/crm-perks-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crm-perks-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crm-perks-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crm-perks-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crony-0a163e61bcc69936d2e5119ad16f6e94.yaml b/nuclei-templates/cve-less/plugins/crony-0a163e61bcc69936d2e5119ad16f6e94.yaml new file mode 100644 index 0000000000..3b302a00d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crony-0a163e61bcc69936d2e5119ad16f6e94.yaml @@ -0,0 +1,58 @@ +id: crony-0a163e61bcc69936d2e5119ad16f6e94 + +info: + name: > + Crony Cronjob Manager <= 0.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29b81e96-d950-405a-abcb-c457e104b86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crony/" + google-query: inurl:"/wp-content/plugins/crony/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crony,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crony/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crony" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crony-44c866df4156e18647ea081befd62b4f.yaml b/nuclei-templates/cve-less/plugins/crony-44c866df4156e18647ea081befd62b4f.yaml new file mode 100644 index 0000000000..117d1e39d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crony-44c866df4156e18647ea081befd62b4f.yaml @@ -0,0 +1,58 @@ +id: crony-44c866df4156e18647ea081befd62b4f + +info: + name: > + Crony Cronjob Manager < 0.4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b86ff40d-45dd-4cb6-9a4e-16aaf1d35196?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crony/" + google-query: inurl:"/wp-content/plugins/crony/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crony,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crony/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crony" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cross-linker-6efe820f12fb9f3137c56cee070730c7.yaml b/nuclei-templates/cve-less/plugins/cross-linker-6efe820f12fb9f3137c56cee070730c7.yaml new file mode 100644 index 0000000000..8df3e1303c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cross-linker-6efe820f12fb9f3137c56cee070730c7.yaml @@ -0,0 +1,58 @@ +id: cross-linker-6efe820f12fb9f3137c56cee070730c7 + +info: + name: > + Cross-Linker <= 3.0.1.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/009899d4-4139-43ea-a7a1-dc3a1a9ea1e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cross-linker/" + google-query: inurl:"/wp-content/plugins/cross-linker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cross-linker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cross-linker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cross-linker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cross-rss-477b707e65a4938013b3152b7f4ee656.yaml b/nuclei-templates/cve-less/plugins/cross-rss-477b707e65a4938013b3152b7f4ee656.yaml new file mode 100644 index 0000000000..3dacf482fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cross-rss-477b707e65a4938013b3152b7f4ee656.yaml @@ -0,0 +1,58 @@ +id: cross-rss-477b707e65a4938013b3152b7f4ee656 + +info: + name: > + Cross-RSS <= 1.7 - Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca72924f-23fc-42ef-9556-8fb9f5e88add?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cross-rss/" + google-query: inurl:"/wp-content/plugins/cross-rss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cross-rss,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cross-rss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cross-rss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crossslide-jquery-plugin-for-wordpress-66a96d7ee2557e873f3475f1e86dd229.yaml b/nuclei-templates/cve-less/plugins/crossslide-jquery-plugin-for-wordpress-66a96d7ee2557e873f3475f1e86dd229.yaml new file mode 100644 index 0000000000..0a8ccc915f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crossslide-jquery-plugin-for-wordpress-66a96d7ee2557e873f3475f1e86dd229.yaml @@ -0,0 +1,58 @@ +id: crossslide-jquery-plugin-for-wordpress-66a96d7ee2557e873f3475f1e86dd229 + +info: + name: > + CrossSlide jQuery Plugin <= 2.0.5 - Multiple Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14d44753-fbfb-4538-b8ae-0e2a13b14c8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crossslide-jquery-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/crossslide-jquery-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crossslide-jquery-plugin-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crossslide-jquery-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crossslide-jquery-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryout-serious-slider-059632153ccb2185cede1112e5adabf5.yaml b/nuclei-templates/cve-less/plugins/cryout-serious-slider-059632153ccb2185cede1112e5adabf5.yaml new file mode 100644 index 0000000000..969cac0a24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryout-serious-slider-059632153ccb2185cede1112e5adabf5.yaml @@ -0,0 +1,58 @@ +id: cryout-serious-slider-059632153ccb2185cede1112e5adabf5 + +info: + name: > + Serious Slider <= 1.2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41aeb465-48c2-48db-90ea-186ceeac6753?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryout-serious-slider/" + google-query: inurl:"/wp-content/plugins/cryout-serious-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryout-serious-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryout-serious-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryout-serious-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crypto-converter-widget-306b847d2e6035c47912eb7c67152660.yaml b/nuclei-templates/cve-less/plugins/crypto-converter-widget-306b847d2e6035c47912eb7c67152660.yaml new file mode 100644 index 0000000000..a04cc5a161 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crypto-converter-widget-306b847d2e6035c47912eb7c67152660.yaml @@ -0,0 +1,58 @@ +id: crypto-converter-widget-306b847d2e6035c47912eb7c67152660 + +info: + name: > + Crypto Converter Widget <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04d9c206-b40d-436a-93f3-bd7e3bb49892?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crypto-converter-widget/" + google-query: inurl:"/wp-content/plugins/crypto-converter-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crypto-converter-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crypto-converter-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crypto-converter-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/crypto-converter-widget-56a618b5c71170cabc6b19e08404193b.yaml b/nuclei-templates/cve-less/plugins/crypto-converter-widget-56a618b5c71170cabc6b19e08404193b.yaml new file mode 100644 index 0000000000..1aa4cb496e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/crypto-converter-widget-56a618b5c71170cabc6b19e08404193b.yaml @@ -0,0 +1,58 @@ +id: crypto-converter-widget-56a618b5c71170cabc6b19e08404193b + +info: + name: > + Crypto Converter Widget <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d621869c-31f7-4243-9815-f6d1bbe469e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/crypto-converter-widget/" + google-query: inurl:"/wp-content/plugins/crypto-converter-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,crypto-converter-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/crypto-converter-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "crypto-converter-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-donation-box-218c9a934953359a2e2d8f63be0a287c.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-donation-box-218c9a934953359a2e2d8f63be0a287c.yaml new file mode 100644 index 0000000000..f4f9142d85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptocurrency-donation-box-218c9a934953359a2e2d8f63be0a287c.yaml @@ -0,0 +1,58 @@ +id: cryptocurrency-donation-box-218c9a934953359a2e2d8f63be0a287c + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-donation-box/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-donation-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptocurrency-donation-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-donation-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-donation-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-donation-box-6c67c1bd228e1520f2b8d5bf20bbed3b.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-donation-box-6c67c1bd228e1520f2b8d5bf20bbed3b.yaml new file mode 100644 index 0000000000..60a153d766 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptocurrency-donation-box-6c67c1bd228e1520f2b8d5bf20bbed3b.yaml @@ -0,0 +1,58 @@ +id: cryptocurrency-donation-box-6c67c1bd228e1520f2b8d5bf20bbed3b + +info: + name: > + Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.7 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c98430d-0881-4f45-b934-c393739ef71c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-donation-box/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-donation-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptocurrency-donation-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-donation-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-donation-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-218c9a934953359a2e2d8f63be0a287c.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-218c9a934953359a2e2d8f63be0a287c.yaml new file mode 100644 index 0000000000..1f59abfcd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-218c9a934953359a2e2d8f63be0a287c.yaml @@ -0,0 +1,58 @@ +id: cryptocurrency-price-ticker-widget-218c9a934953359a2e2d8f63be0a287c + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-price-ticker-widget/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-price-ticker-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptocurrency-price-ticker-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-price-ticker-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-price-ticker-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-ad516406623ae6ecf9dab15916a4b830.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-ad516406623ae6ecf9dab15916a4b830.yaml new file mode 100644 index 0000000000..fad598220b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-ad516406623ae6ecf9dab15916a4b830.yaml @@ -0,0 +1,58 @@ +id: cryptocurrency-price-ticker-widget-ad516406623ae6ecf9dab15916a4b830 + +info: + name: > + Cryptocurrency Widgets – Price Ticker & Coins List <= 2.6.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dec2855c-71a8-46b2-819a-d85cd11a1a24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-price-ticker-widget/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-price-ticker-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptocurrency-price-ticker-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-price-ticker-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-price-ticker-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-bdc2096d72e0a42fecec9d81de2115f0.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-bdc2096d72e0a42fecec9d81de2115f0.yaml new file mode 100644 index 0000000000..9a88cdf276 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-bdc2096d72e0a42fecec9d81de2115f0.yaml @@ -0,0 +1,58 @@ +id: cryptocurrency-price-ticker-widget-bdc2096d72e0a42fecec9d81de2115f0 + +info: + name: > + Cryptocurrency Widgets – Price Ticker & Coins List 2.0 - 2.6.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0603621-4521-4eb0-b4dd-e2257c133cee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-price-ticker-widget/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-price-ticker-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptocurrency-price-ticker-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-price-ticker-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-price-ticker-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0', '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-d5383d4e717242611eb588cd04425c5a.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-d5383d4e717242611eb588cd04425c5a.yaml new file mode 100644 index 0000000000..9419264a29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptocurrency-price-ticker-widget-d5383d4e717242611eb588cd04425c5a.yaml @@ -0,0 +1,58 @@ +id: cryptocurrency-price-ticker-widget-d5383d4e717242611eb588cd04425c5a + +info: + name: > + Cryptocurrency Widgets – Price Ticker & Coins List <= 2.6.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c371fc-4cf0-478e-b6ae-3bb258c5062e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-price-ticker-widget/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-price-ticker-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptocurrency-price-ticker-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-price-ticker-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-price-ticker-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-prices-c5c657b48dcb3ae9c728f121d2d0aa85.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-prices-c5c657b48dcb3ae9c728f121d2d0aa85.yaml new file mode 100644 index 0000000000..050c995451 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptocurrency-prices-c5c657b48dcb3ae9c728f121d2d0aa85.yaml @@ -0,0 +1,58 @@ +id: cryptocurrency-prices-c5c657b48dcb3ae9c728f121d2d0aa85 + +info: + name: > + Cryptocurrency All-in-One <= 3.0.19 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7492cffe-6e17-4c59-8979-2fa168b4f41d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-prices/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-prices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptocurrency-prices,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-prices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-prices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-pricing-list-204c631f27f2150998aee71c01b37779.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-pricing-list-204c631f27f2150998aee71c01b37779.yaml new file mode 100644 index 0000000000..db3fa87a5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptocurrency-pricing-list-204c631f27f2150998aee71c01b37779.yaml @@ -0,0 +1,58 @@ +id: cryptocurrency-pricing-list-204c631f27f2150998aee71c01b37779 + +info: + name: > + Cryptocurrency Pricing list and Ticker <= 1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dd95956-d86b-4198-a3b9-d5d9308f36dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-pricing-list/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-pricing-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptocurrency-pricing-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-pricing-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-pricing-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-widgets-for-elementor-218c9a934953359a2e2d8f63be0a287c.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-widgets-for-elementor-218c9a934953359a2e2d8f63be0a287c.yaml new file mode 100644 index 0000000000..beeb8071fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptocurrency-widgets-for-elementor-218c9a934953359a2e2d8f63be0a287c.yaml @@ -0,0 +1,58 @@ +id: cryptocurrency-widgets-for-elementor-218c9a934953359a2e2d8f63be0a287c + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-widgets-for-elementor/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-widgets-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptocurrency-widgets-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-widgets-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-widgets-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-widgets-pack-b49e5a0564db1b49d18da40f1e13555b.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-widgets-pack-b49e5a0564db1b49d18da40f1e13555b.yaml new file mode 100644 index 0000000000..c445a5bc86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptocurrency-widgets-pack-b49e5a0564db1b49d18da40f1e13555b.yaml @@ -0,0 +1,58 @@ +id: cryptocurrency-widgets-pack-b49e5a0564db1b49d18da40f1e13555b + +info: + name: > + Cryptocurrency Widgets Pack <= 1.8.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8064526f-edd3-43e4-9732-47b25ab256fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-widgets-pack/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-widgets-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptocurrency-widgets-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-widgets-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-widgets-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptocurrency-widgets-pack-e0f9049a8a7ec17a668bbeb16a71bba1.yaml b/nuclei-templates/cve-less/plugins/cryptocurrency-widgets-pack-e0f9049a8a7ec17a668bbeb16a71bba1.yaml new file mode 100644 index 0000000000..07ed84f1a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptocurrency-widgets-pack-e0f9049a8a7ec17a668bbeb16a71bba1.yaml @@ -0,0 +1,58 @@ +id: cryptocurrency-widgets-pack-e0f9049a8a7ec17a668bbeb16a71bba1 + +info: + name: > + Cryptocurrency Widgets Pack <= 2.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f173b6-f039-4865-8882-8ef7d1f88413?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptocurrency-widgets-pack/" + google-query: inurl:"/wp-content/plugins/cryptocurrency-widgets-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptocurrency-widgets-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptocurrency-widgets-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptocurrency-widgets-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cryptographp-6fe350acb2d7b08afd5696f747d0413e.yaml b/nuclei-templates/cve-less/plugins/cryptographp-6fe350acb2d7b08afd5696f747d0413e.yaml new file mode 100644 index 0000000000..719b6bd86c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cryptographp-6fe350acb2d7b08afd5696f747d0413e.yaml @@ -0,0 +1,58 @@ +id: cryptographp-6fe350acb2d7b08afd5696f747d0413e + +info: + name: > + Cryptographp <= 1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/120514af-41d8-49ca-be87-28c7d4777fee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cryptographp/" + google-query: inurl:"/wp-content/plugins/cryptographp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cryptographp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cryptographp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cryptographp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/csprite-2707f1b08a4a34c3e1947ca39cd73e06.yaml b/nuclei-templates/cve-less/plugins/csprite-2707f1b08a4a34c3e1947ca39cd73e06.yaml new file mode 100644 index 0000000000..dedf23bcba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/csprite-2707f1b08a4a34c3e1947ca39cd73e06.yaml @@ -0,0 +1,58 @@ +id: csprite-2707f1b08a4a34c3e1947ca39cd73e06 + +info: + name: > + CSprite <= 1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5da3a4f-7084-4ba9-89c9-5a480efc7eca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/csprite/" + google-query: inurl:"/wp-content/plugins/csprite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,csprite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/csprite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "csprite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/css-adder-by-agence-press-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/css-adder-by-agence-press-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..81deb57490 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/css-adder-by-agence-press-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: css-adder-by-agence-press-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/css-adder-by-agence-press/" + google-query: inurl:"/wp-content/plugins/css-adder-by-agence-press/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,css-adder-by-agence-press,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/css-adder-by-agence-press/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "css-adder-by-agence-press" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/css-hero-c65a895d58bf856765c9e28ed468f2ea.yaml b/nuclei-templates/cve-less/plugins/css-hero-c65a895d58bf856765c9e28ed468f2ea.yaml new file mode 100644 index 0000000000..c055730451 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/css-hero-c65a895d58bf856765c9e28ed468f2ea.yaml @@ -0,0 +1,58 @@ +id: css-hero-c65a895d58bf856765c9e28ed468f2ea + +info: + name: > + CSS Hero <= 4.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb97fa2-456c-4bc4-a09c-54daa17be3e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/css-hero/" + google-query: inurl:"/wp-content/plugins/css-hero/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,css-hero,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/css-hero/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "css-hero" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.03') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/css-javascript-toolbox-72b05538a975fe47e341442f2bdeeabf.yaml b/nuclei-templates/cve-less/plugins/css-javascript-toolbox-72b05538a975fe47e341442f2bdeeabf.yaml new file mode 100644 index 0000000000..0f0c7ac81d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/css-javascript-toolbox-72b05538a975fe47e341442f2bdeeabf.yaml @@ -0,0 +1,58 @@ +id: css-javascript-toolbox-72b05538a975fe47e341442f2bdeeabf + +info: + name: > + CSS & JavaScript Toolbox <= 11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ace85b25-251b-4549-8f6e-1a1494cbabb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/css-javascript-toolbox/" + google-query: inurl:"/wp-content/plugins/css-javascript-toolbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,css-javascript-toolbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/css-javascript-toolbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "css-javascript-toolbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/css-js-manager-61c2b811bcc6041f6a82b35f50d9b2b3.yaml b/nuclei-templates/cve-less/plugins/css-js-manager-61c2b811bcc6041f6a82b35f50d9b2b3.yaml new file mode 100644 index 0000000000..df824bb08c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/css-js-manager-61c2b811bcc6041f6a82b35f50d9b2b3.yaml @@ -0,0 +1,58 @@ +id: css-js-manager-61c2b811bcc6041f6a82b35f50d9b2b3 + +info: + name: > + CSS JS Manager <= 2.4.49 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f167c3c5-df35-456c-a5f1-139cc3c02ffb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/css-js-manager/" + google-query: inurl:"/wp-content/plugins/css-js-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,css-js-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/css-js-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "css-js-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.49') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/css3-rotating-words-035f7dbab49cd7102e78202706c7a9af.yaml b/nuclei-templates/cve-less/plugins/css3-rotating-words-035f7dbab49cd7102e78202706c7a9af.yaml new file mode 100644 index 0000000000..bf906221e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/css3-rotating-words-035f7dbab49cd7102e78202706c7a9af.yaml @@ -0,0 +1,58 @@ +id: css3-rotating-words-035f7dbab49cd7102e78202706c7a9af + +info: + name: > + Animated Rotating Words <= 5.4 - Cross-Site Request Forgery via save_admin_options + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15b7008f-07fc-4f8a-b214-8ac0c4cf6d99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/css3-rotating-words/" + google-query: inurl:"/wp-content/plugins/css3-rotating-words/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,css3-rotating-words,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/css3-rotating-words/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "css3-rotating-words" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/css3-rotating-words-8fa029836e390a41910a91e1df99c734.yaml b/nuclei-templates/cve-less/plugins/css3-rotating-words-8fa029836e390a41910a91e1df99c734.yaml new file mode 100644 index 0000000000..8a91d500c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/css3-rotating-words-8fa029836e390a41910a91e1df99c734.yaml @@ -0,0 +1,58 @@ +id: css3-rotating-words-8fa029836e390a41910a91e1df99c734 + +info: + name: > + Animated Rotating Words <= 5.4 - Missing Authorization via save_admin_options + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41d9786e-4ce3-42d6-a0d6-8eb863103d5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/css3-rotating-words/" + google-query: inurl:"/wp-content/plugins/css3-rotating-words/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,css3-rotating-words,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/css3-rotating-words/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "css3-rotating-words" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/csv-import-export-888fd755a466f61b6b5975477e6bfb5b.yaml b/nuclei-templates/cve-less/plugins/csv-import-export-888fd755a466f61b6b5975477e6bfb5b.yaml new file mode 100644 index 0000000000..55e7645707 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/csv-import-export-888fd755a466f61b6b5975477e6bfb5b.yaml @@ -0,0 +1,58 @@ +id: csv-import-export-888fd755a466f61b6b5975477e6bfb5b + +info: + name: > + CSV Import Export <= 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7036400d-022c-4e7e-a463-6ac6f5373474?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/csv-import-export/" + google-query: inurl:"/wp-content/plugins/csv-import-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,csv-import-export,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/csv-import-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "csv-import-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/csv-importer-87391130a959fbd6c64c577ce3bb974c.yaml b/nuclei-templates/cve-less/plugins/csv-importer-87391130a959fbd6c64c577ce3bb974c.yaml new file mode 100644 index 0000000000..31e46cdefc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/csv-importer-87391130a959fbd6c64c577ce3bb974c.yaml @@ -0,0 +1,58 @@ +id: csv-importer-87391130a959fbd6c64c577ce3bb974c + +info: + name: > + CSV Importer <= 0.3.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/252153ec-3811-484a-984f-eeb6ed9229a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/csv-importer/" + google-query: inurl:"/wp-content/plugins/csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,csv-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/csv2wpec-coupon-f4d3fb2528b229e51486f812ddf75b90.yaml b/nuclei-templates/cve-less/plugins/csv2wpec-coupon-f4d3fb2528b229e51486f812ddf75b90.yaml new file mode 100644 index 0000000000..5c3cda63b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/csv2wpec-coupon-f4d3fb2528b229e51486f812ddf75b90.yaml @@ -0,0 +1,58 @@ +id: csv2wpec-coupon-f4d3fb2528b229e51486f812ddf75b90 + +info: + name: > + Csv2WPeC Coupon <= 1.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24a88f20-ddc4-4544-ac18-ed538ecfa1c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/csv2wpec-coupon/" + google-query: inurl:"/wp-content/plugins/csv2wpec-coupon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,csv2wpec-coupon,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/csv2wpec-coupon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "csv2wpec-coupon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ct-commerce-62cb33b4f205d311d390e62fba25cd36.yaml b/nuclei-templates/cve-less/plugins/ct-commerce-62cb33b4f205d311d390e62fba25cd36.yaml new file mode 100644 index 0000000000..f239e78197 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ct-commerce-62cb33b4f205d311d390e62fba25cd36.yaml @@ -0,0 +1,58 @@ +id: ct-commerce-62cb33b4f205d311d390e62fba25cd36 + +info: + name: > + CT Commerce <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/399109be-7efe-428e-a9b8-7a68864b2790?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ct-commerce/" + google-query: inurl:"/wp-content/plugins/ct-commerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ct-commerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ct-commerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ct-commerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ct-ultimate-gdpr-949e3c48d41e3ab6ec3beff5ca3c241d.yaml b/nuclei-templates/cve-less/plugins/ct-ultimate-gdpr-949e3c48d41e3ab6ec3beff5ca3c241d.yaml new file mode 100644 index 0000000000..61eb98c708 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ct-ultimate-gdpr-949e3c48d41e3ab6ec3beff5ca3c241d.yaml @@ -0,0 +1,58 @@ +id: ct-ultimate-gdpr-949e3c48d41e3ab6ec3beff5ca3c241d + +info: + name: > + Ultimate GDPR & CCPA <= 2.4 - Unauthenticated Settings Import & Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40e2e8fb-ea36-4602-bead-8daf75d6dfb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ct-ultimate-gdpr/" + google-query: inurl:"/wp-content/plugins/ct-ultimate-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ct-ultimate-gdpr,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ct-ultimate-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ct-ultimate-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cta-7ebd0ae08ee9eace1c6d1e72c60c16e5.yaml b/nuclei-templates/cve-less/plugins/cta-7ebd0ae08ee9eace1c6d1e72c60c16e5.yaml new file mode 100644 index 0000000000..4fc873859f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cta-7ebd0ae08ee9eace1c6d1e72c60c16e5.yaml @@ -0,0 +1,58 @@ +id: cta-7ebd0ae08ee9eace1c6d1e72c60c16e5 + +info: + name: > + WordPress Calls to Action < 2.5.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ac2e50-1eef-46e6-8d57-c9d2dc04f933?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cta/" + google-query: inurl:"/wp-content/plugins/cta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cta,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ctt-expresso-para-woocommerce-7f12ff16273eb990bb45ef4156cd86e1.yaml b/nuclei-templates/cve-less/plugins/ctt-expresso-para-woocommerce-7f12ff16273eb990bb45ef4156cd86e1.yaml new file mode 100644 index 0000000000..2b5268758b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ctt-expresso-para-woocommerce-7f12ff16273eb990bb45ef4156cd86e1.yaml @@ -0,0 +1,58 @@ +id: ctt-expresso-para-woocommerce-7f12ff16273eb990bb45ef4156cd86e1 + +info: + name: > + CTT Expresso para WooCommerce <= 3.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/598768fe-e36d-48d8-925e-64513f36b18b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ctt-expresso-para-woocommerce/" + google-query: inurl:"/wp-content/plugins/ctt-expresso-para-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ctt-expresso-para-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ctt-expresso-para-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ctt-expresso-para-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cube-slider-bee7ee097d9c2854b2e0df3652ff1065.yaml b/nuclei-templates/cve-less/plugins/cube-slider-bee7ee097d9c2854b2e0df3652ff1065.yaml new file mode 100644 index 0000000000..c79f3a56e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cube-slider-bee7ee097d9c2854b2e0df3652ff1065.yaml @@ -0,0 +1,58 @@ +id: cube-slider-bee7ee097d9c2854b2e0df3652ff1065 + +info: + name: > + CUBE SLIDER <= 1.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57ebde8e-dd1f-4a33-9c7b-6c9e2060d1ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cube-slider/" + google-query: inurl:"/wp-content/plugins/cube-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cube-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cube-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cube-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cubewp-framework-c805577cc74fac959884880eefb7ff71.yaml b/nuclei-templates/cve-less/plugins/cubewp-framework-c805577cc74fac959884880eefb7ff71.yaml new file mode 100644 index 0000000000..6848d04995 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cubewp-framework-c805577cc74fac959884880eefb7ff71.yaml @@ -0,0 +1,58 @@ +id: cubewp-framework-c805577cc74fac959884880eefb7ff71 + +info: + name: > + CubeWP – All-in-One Dynamic Content Framework <= 1.1.12 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bef7dcd-920b-4aee-b227-c7eec9fe73fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cubewp-framework/" + google-query: inurl:"/wp-content/plugins/cubewp-framework/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cubewp-framework,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cubewp-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cubewp-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/culqi-checkout-36e8e0f9a5511d98ca66f925304a3a33.yaml b/nuclei-templates/cve-less/plugins/culqi-checkout-36e8e0f9a5511d98ca66f925304a3a33.yaml new file mode 100644 index 0000000000..5d140d1d06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/culqi-checkout-36e8e0f9a5511d98ca66f925304a3a33.yaml @@ -0,0 +1,58 @@ +id: culqi-checkout-36e8e0f9a5511d98ca66f925304a3a33 + +info: + name: > + Culqi <= 3.0.14 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61206bfb-1669-4c67-a9bd-ba3a20ceb810?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/culqi-checkout/" + google-query: inurl:"/wp-content/plugins/culqi-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,culqi-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/culqi-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "culqi-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/culture-object-b758c0c37fd1d990bf9268c1c848eb10.yaml b/nuclei-templates/cve-less/plugins/culture-object-b758c0c37fd1d990bf9268c1c848eb10.yaml new file mode 100644 index 0000000000..3270623782 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/culture-object-b758c0c37fd1d990bf9268c1c848eb10.yaml @@ -0,0 +1,58 @@ +id: culture-object-b758c0c37fd1d990bf9268c1c848eb10 + +info: + name: > + Culture Object <= 4.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04aa7307-03c6-42f9-8219-fb6002c85050?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/culture-object/" + google-query: inurl:"/wp-content/plugins/culture-object/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,culture-object,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/culture-object/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "culture-object" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-converter-calculator-d34575a4acf043c178e1c507a8583e51.yaml b/nuclei-templates/cve-less/plugins/currency-converter-calculator-d34575a4acf043c178e1c507a8583e51.yaml new file mode 100644 index 0000000000..c54a70969a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-converter-calculator-d34575a4acf043c178e1c507a8583e51.yaml @@ -0,0 +1,58 @@ +id: currency-converter-calculator-d34575a4acf043c178e1c507a8583e51 + +info: + name: > + Currency Converter Calculator <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a423266-89e1-422d-b1e3-6368051eb2fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-converter-calculator/" + google-query: inurl:"/wp-content/plugins/currency-converter-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-converter-calculator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-converter-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-converter-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-converter-widget-07141f22dbd69d711616f0823783fd10.yaml b/nuclei-templates/cve-less/plugins/currency-converter-widget-07141f22dbd69d711616f0823783fd10.yaml new file mode 100644 index 0000000000..4f2e309d6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-converter-widget-07141f22dbd69d711616f0823783fd10.yaml @@ -0,0 +1,58 @@ +id: currency-converter-widget-07141f22dbd69d711616f0823783fd10 + +info: + name: > + Currency Converter Widget <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47f051dd-138c-4c71-8a92-150c9ffd3601?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-converter-widget/" + google-query: inurl:"/wp-content/plugins/currency-converter-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-converter-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-converter-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-converter-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-exchange-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/currency-exchange-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..c9ff148b5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-exchange-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: currency-exchange-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-exchange-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/currency-exchange-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-exchange-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-exchange-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-exchange-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-per-product-for-woocommerce-1435e710f882ca24fd63e6f30e30c39b.yaml b/nuclei-templates/cve-less/plugins/currency-per-product-for-woocommerce-1435e710f882ca24fd63e6f30e30c39b.yaml new file mode 100644 index 0000000000..ceeb4b6f52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-per-product-for-woocommerce-1435e710f882ca24fd63e6f30e30c39b.yaml @@ -0,0 +1,58 @@ +id: currency-per-product-for-woocommerce-1435e710f882ca24fd63e6f30e30c39b + +info: + name: > + Currency per Product for WooCommerce <= 1.6.0 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/570e72de-1f6a-4bbe-9df1-f0d1ca290a0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-per-product-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/currency-per-product-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-per-product-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-per-product-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-per-product-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-switcher-181f8727807ba64411fbc27b7d06a7f7.yaml b/nuclei-templates/cve-less/plugins/currency-switcher-181f8727807ba64411fbc27b7d06a7f7.yaml new file mode 100644 index 0000000000..41fd11a77a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-switcher-181f8727807ba64411fbc27b7d06a7f7.yaml @@ -0,0 +1,58 @@ +id: currency-switcher-181f8727807ba64411fbc27b7d06a7f7 + +info: + name: > + WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be054481-89b4-47d8-ad06-8622edea367f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-switcher/" + google-query: inurl:"/wp-content/plugins/currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-switcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-switcher-24c409175b75dd74bfd113d5f584dc08.yaml b/nuclei-templates/cve-less/plugins/currency-switcher-24c409175b75dd74bfd113d5f584dc08.yaml new file mode 100644 index 0000000000..55ec3b3cf0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-switcher-24c409175b75dd74bfd113d5f584dc08.yaml @@ -0,0 +1,58 @@ +id: currency-switcher-24c409175b75dd74bfd113d5f584dc08 + +info: + name: > + Currency Switcher <= 1.1.6 - Cross-site request forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a56a838-5dfa-477a-92b2-fdac3d1ab2af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-switcher/" + google-query: inurl:"/wp-content/plugins/currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-switcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-switcher-2d27e10efdfec8fc58acf4cf64107b4a.yaml b/nuclei-templates/cve-less/plugins/currency-switcher-2d27e10efdfec8fc58acf4cf64107b4a.yaml new file mode 100644 index 0000000000..6cad2203ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-switcher-2d27e10efdfec8fc58acf4cf64107b4a.yaml @@ -0,0 +1,58 @@ +id: currency-switcher-2d27e10efdfec8fc58acf4cf64107b4a + +info: + name: > + WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Editing + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4c79242-5c89-40c0-abcc-c112f7a64a74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-switcher/" + google-query: inurl:"/wp-content/plugins/currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-switcher,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-switcher-666b2fb2c881bde28dcf6538f4e79c83.yaml b/nuclei-templates/cve-less/plugins/currency-switcher-666b2fb2c881bde28dcf6538f4e79c83.yaml new file mode 100644 index 0000000000..101f85468d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-switcher-666b2fb2c881bde28dcf6538f4e79c83.yaml @@ -0,0 +1,58 @@ +id: currency-switcher-666b2fb2c881bde28dcf6538f4e79c83 + +info: + name: > + WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Arbitrary Custom Drop-Down Currency Switcher Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc44c95e-9ca0-46d0-8315-72612ef3f855?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-switcher/" + google-query: inurl:"/wp-content/plugins/currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-switcher,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-switcher-8355052ed50773dfc024174bf5f762ad.yaml b/nuclei-templates/cve-less/plugins/currency-switcher-8355052ed50773dfc024174bf5f762ad.yaml new file mode 100644 index 0000000000..63ff07f4b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-switcher-8355052ed50773dfc024174bf5f762ad.yaml @@ -0,0 +1,58 @@ +id: currency-switcher-8355052ed50773dfc024174bf5f762ad + +info: + name: > + WPCS <= 1.2.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2227cde8-5ed6-44dd-80cc-2a85aaa172c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-switcher/" + google-query: inurl:"/wp-content/plugins/currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-switcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-switcher-d88f90595d62f553e29356fc831883af.yaml b/nuclei-templates/cve-less/plugins/currency-switcher-d88f90595d62f553e29356fc831883af.yaml new file mode 100644 index 0000000000..1f57f94ddb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-switcher-d88f90595d62f553e29356fc831883af.yaml @@ -0,0 +1,58 @@ +id: currency-switcher-d88f90595d62f553e29356fc831883af + +info: + name: > + WPCS – WordPress Currency Switcher Professional <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72a06690-f40a-472b-b9d1-985a49b914b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-switcher/" + google-query: inurl:"/wp-content/plugins/currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-switcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-switcher-fc8e4381ea5ebd79c418e0830ad7aa41.yaml b/nuclei-templates/cve-less/plugins/currency-switcher-fc8e4381ea5ebd79c418e0830ad7aa41.yaml new file mode 100644 index 0000000000..20080c2f77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-switcher-fc8e4381ea5ebd79c418e0830ad7aa41.yaml @@ -0,0 +1,58 @@ +id: currency-switcher-fc8e4381ea5ebd79c418e0830ad7aa41 + +info: + name: > + WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Missing Authorization to Custom Drop-Down Currency Switcher Creation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd6b5d6d-5f5b-4b38-a25a-02cc1c041d37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-switcher/" + google-query: inurl:"/wp-content/plugins/currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-switcher,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/currency-switcher-woocommerce-57f78642fa9cede94bd35b0316b99b78.yaml b/nuclei-templates/cve-less/plugins/currency-switcher-woocommerce-57f78642fa9cede94bd35b0316b99b78.yaml new file mode 100644 index 0000000000..ed26212038 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/currency-switcher-woocommerce-57f78642fa9cede94bd35b0316b99b78.yaml @@ -0,0 +1,58 @@ +id: currency-switcher-woocommerce-57f78642fa9cede94bd35b0316b99b78 + +info: + name: > + Currency Switcher <= 2.11.1 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f9863b2-177d-4b72-8337-90fbedfd5b54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/currency-switcher-woocommerce/" + google-query: inurl:"/wp-content/plugins/currency-switcher-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,currency-switcher-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/currency-switcher-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "currency-switcher-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.11.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/current-book-538fbd9fdeb83d5c5aab2ed683914a16.yaml b/nuclei-templates/cve-less/plugins/current-book-538fbd9fdeb83d5c5aab2ed683914a16.yaml new file mode 100644 index 0000000000..f920bc343b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/current-book-538fbd9fdeb83d5c5aab2ed683914a16.yaml @@ -0,0 +1,58 @@ +id: current-book-538fbd9fdeb83d5c5aab2ed683914a16 + +info: + name: > + Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffde541b-5e2b-437b-a123-8522beca52ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/current-book/" + google-query: inurl:"/wp-content/plugins/current-book/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,current-book,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/current-book/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "current-book" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/current-menu-item-for-custom-post-types-8cec5dcdfbdfde2c1732a5fcb98c3da8.yaml b/nuclei-templates/cve-less/plugins/current-menu-item-for-custom-post-types-8cec5dcdfbdfde2c1732a5fcb98c3da8.yaml new file mode 100644 index 0000000000..316916e471 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/current-menu-item-for-custom-post-types-8cec5dcdfbdfde2c1732a5fcb98c3da8.yaml @@ -0,0 +1,58 @@ +id: current-menu-item-for-custom-post-types-8cec5dcdfbdfde2c1732a5fcb98c3da8 + +info: + name: > + Current Menu Item for Custom Post Types <= 1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d75f1475-fa81-4eed-87da-0a0fa48ac082?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/current-menu-item-for-custom-post-types/" + google-query: inurl:"/wp-content/plugins/current-menu-item-for-custom-post-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,current-menu-item-for-custom-post-types,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/current-menu-item-for-custom-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "current-menu-item-for-custom-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/current-template-name-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/current-template-name-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..ca68ffb818 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/current-template-name-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: current-template-name-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/current-template-name/" + google-query: inurl:"/wp-content/plugins/current-template-name/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,current-template-name,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/current-template-name/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "current-template-name" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/curtain-c8c8f457de7ea311efa222b66a51a434.yaml b/nuclei-templates/cve-less/plugins/curtain-c8c8f457de7ea311efa222b66a51a434.yaml new file mode 100644 index 0000000000..da9524a856 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/curtain-c8c8f457de7ea311efa222b66a51a434.yaml @@ -0,0 +1,58 @@ +id: curtain-c8c8f457de7ea311efa222b66a51a434 + +info: + name: > + Curtain <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e25a511-f176-4532-bb9f-a7a3134ee29a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/curtain/" + google-query: inurl:"/wp-content/plugins/curtain/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,curtain,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/curtain/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "curtain" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-404-pro-030f26819c32911a473f408d586efb1e.yaml b/nuclei-templates/cve-less/plugins/custom-404-pro-030f26819c32911a473f408d586efb1e.yaml new file mode 100644 index 0000000000..d2ea7708bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-404-pro-030f26819c32911a473f408d586efb1e.yaml @@ -0,0 +1,58 @@ +id: custom-404-pro-030f26819c32911a473f408d586efb1e + +info: + name: > + Custom 404 Pro <= 3.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4aceec4-4832-4d83-98b3-f705c391b0c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-404-pro/" + google-query: inurl:"/wp-content/plugins/custom-404-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-404-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-404-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-404-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-404-pro-200c405b0773aa3952229a5ad35202ef.yaml b/nuclei-templates/cve-less/plugins/custom-404-pro-200c405b0773aa3952229a5ad35202ef.yaml new file mode 100644 index 0000000000..13b39d2994 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-404-pro-200c405b0773aa3952229a5ad35202ef.yaml @@ -0,0 +1,58 @@ +id: custom-404-pro-200c405b0773aa3952229a5ad35202ef + +info: + name: > + Custom 404 Pro <= 3.7.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/968920b9-febf-4d76-a16b-f27954cd72e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-404-pro/" + google-query: inurl:"/wp-content/plugins/custom-404-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-404-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-404-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-404-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-404-pro-67e917a11cbf398c051530dabd0fa5db.yaml b/nuclei-templates/cve-less/plugins/custom-404-pro-67e917a11cbf398c051530dabd0fa5db.yaml new file mode 100644 index 0000000000..02f5a5e2de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-404-pro-67e917a11cbf398c051530dabd0fa5db.yaml @@ -0,0 +1,58 @@ +id: custom-404-pro-67e917a11cbf398c051530dabd0fa5db + +info: + name: > + Custom 404 Pro <= 3.7.2 - Reflected Cross-Site Scripting via 's' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e5bdc92-e682-4121-9ba5-167742f61138?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-404-pro/" + google-query: inurl:"/wp-content/plugins/custom-404-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-404-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-404-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-404-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-404-pro-68585d4bba03002044d20ac970108ad9.yaml b/nuclei-templates/cve-less/plugins/custom-404-pro-68585d4bba03002044d20ac970108ad9.yaml new file mode 100644 index 0000000000..6c0e638cc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-404-pro-68585d4bba03002044d20ac970108ad9.yaml @@ -0,0 +1,58 @@ +id: custom-404-pro-68585d4bba03002044d20ac970108ad9 + +info: + name: > + Custom 404 Pro <= 3.8.1 - Reflected Cross-Site Scripting via 'page' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d90dad3-d7ef-4060-8328-fd551cee92e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-404-pro/" + google-query: inurl:"/wp-content/plugins/custom-404-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-404-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-404-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-404-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-404-pro-96f5c1ab6101dad2bb86f8e89d978872.yaml b/nuclei-templates/cve-less/plugins/custom-404-pro-96f5c1ab6101dad2bb86f8e89d978872.yaml new file mode 100644 index 0000000000..dafaf95f91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-404-pro-96f5c1ab6101dad2bb86f8e89d978872.yaml @@ -0,0 +1,58 @@ +id: custom-404-pro-96f5c1ab6101dad2bb86f8e89d978872 + +info: + name: > + Custom 404 Pro <= 3.8.0 - Unauthenticated SQL Injection via 's' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebacd411-6def-4026-a619-5e08a181507b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-404-pro/" + google-query: inurl:"/wp-content/plugins/custom-404-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-404-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-404-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-404-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-404-pro-b5d35374c7a9af094e4ec14c748dcfa5.yaml b/nuclei-templates/cve-less/plugins/custom-404-pro-b5d35374c7a9af094e4ec14c748dcfa5.yaml new file mode 100644 index 0000000000..58b67b895e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-404-pro-b5d35374c7a9af094e4ec14c748dcfa5.yaml @@ -0,0 +1,58 @@ +id: custom-404-pro-b5d35374c7a9af094e4ec14c748dcfa5 + +info: + name: > + Custom 404 Pro <= 3.10.0 - Unauthenticated Stored Cross-Site Scripting via logging + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1106e7b2-eac7-459d-8eb3-fe84c76f3b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-404-pro/" + google-query: inurl:"/wp-content/plugins/custom-404-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-404-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-404-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-404-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-404-pro-c4be63bba4a89fa3e83779737577feda.yaml b/nuclei-templates/cve-less/plugins/custom-404-pro-c4be63bba4a89fa3e83779737577feda.yaml new file mode 100644 index 0000000000..c12707ad84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-404-pro-c4be63bba4a89fa3e83779737577feda.yaml @@ -0,0 +1,58 @@ +id: custom-404-pro-c4be63bba4a89fa3e83779737577feda + +info: + name: > + Custom 404 Pro <= 3.7.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20d989d9-6bf0-4f9f-acf4-b4c3452855cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-404-pro/" + google-query: inurl:"/wp-content/plugins/custom-404-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-404-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-404-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-404-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-404-pro-f1094be99ae561ef22eac5b48376079f.yaml b/nuclei-templates/cve-less/plugins/custom-404-pro-f1094be99ae561ef22eac5b48376079f.yaml new file mode 100644 index 0000000000..6a2363fa98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-404-pro-f1094be99ae561ef22eac5b48376079f.yaml @@ -0,0 +1,58 @@ +id: custom-404-pro-f1094be99ae561ef22eac5b48376079f + +info: + name: > + Custom 404 Pro <= 3.2.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/856f8b5f-809e-4ce2-8ef1-3ed169bc2b19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-404-pro/" + google-query: inurl:"/wp-content/plugins/custom-404-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-404-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-404-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-404-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-add-user-f2aee954ea519a4193f03af67cb64cc8.yaml b/nuclei-templates/cve-less/plugins/custom-add-user-f2aee954ea519a4193f03af67cb64cc8.yaml new file mode 100644 index 0000000000..bd80062c19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-add-user-f2aee954ea519a4193f03af67cb64cc8.yaml @@ -0,0 +1,58 @@ +id: custom-add-user-f2aee954ea519a4193f03af67cb64cc8 + +info: + name: > + Custom Add User <= 2.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15672f90-3192-452c-a4f2-be6db00b7888?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-add-user/" + google-query: inurl:"/wp-content/plugins/custom-add-user/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-add-user,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-add-user/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-add-user" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-admin-login-styler-wpzest-0e96d2ec3c953050a17aaa45bf8227cd.yaml b/nuclei-templates/cve-less/plugins/custom-admin-login-styler-wpzest-0e96d2ec3c953050a17aaa45bf8227cd.yaml new file mode 100644 index 0000000000..d273e5be82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-admin-login-styler-wpzest-0e96d2ec3c953050a17aaa45bf8227cd.yaml @@ -0,0 +1,58 @@ +id: custom-admin-login-styler-wpzest-0e96d2ec3c953050a17aaa45bf8227cd + +info: + name: > + Custom Admin Login Page | WPZest <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/906dcf2a-6be1-4966-9a70-1ef9a8f1017d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-admin-login-styler-wpzest/" + google-query: inurl:"/wp-content/plugins/custom-admin-login-styler-wpzest/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-admin-login-styler-wpzest,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-admin-login-styler-wpzest/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-admin-login-styler-wpzest" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-admin-page-991c1eac5fa7c61140560d60fd4bd8b2.yaml b/nuclei-templates/cve-less/plugins/custom-admin-page-991c1eac5fa7c61140560d60fd4bd8b2.yaml new file mode 100644 index 0000000000..826d6ed95b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-admin-page-991c1eac5fa7c61140560d60fd4bd8b2.yaml @@ -0,0 +1,58 @@ +id: custom-admin-page-991c1eac5fa7c61140560d60fd4bd8b2 + +info: + name: > + Custom Admin Page by BestWebSoft <= 0.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a6c4945-68d3-4ce9-b00c-40591fa15ada?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-admin-page/" + google-query: inurl:"/wp-content/plugins/custom-admin-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-admin-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-admin-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-admin-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-banners-3a4fdaa86716f7a2bccd54fbc792c9e7.yaml b/nuclei-templates/cve-less/plugins/custom-banners-3a4fdaa86716f7a2bccd54fbc792c9e7.yaml new file mode 100644 index 0000000000..91a314cc5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-banners-3a4fdaa86716f7a2bccd54fbc792c9e7.yaml @@ -0,0 +1,58 @@ +id: custom-banners-3a4fdaa86716f7a2bccd54fbc792c9e7 + +info: + name: > + Custom Banners <= 3.2.2 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f4c086d-8209-4212-9d91-67238c1a9143?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-banners/" + google-query: inurl:"/wp-content/plugins/custom-banners/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-banners,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-banners/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-banners" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-banners-75a7478c504eb31e010492e08d11afbc.yaml b/nuclei-templates/cve-less/plugins/custom-banners-75a7478c504eb31e010492e08d11afbc.yaml new file mode 100644 index 0000000000..66cd6cafb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-banners-75a7478c504eb31e010492e08d11afbc.yaml @@ -0,0 +1,58 @@ +id: custom-banners-75a7478c504eb31e010492e08d11afbc + +info: + name: > + Custom Banners < 2.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6de66ee-08f6-47f6-b6d1-edbf7bea70d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-banners/" + google-query: inurl:"/wp-content/plugins/custom-banners/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-banners,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-banners/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-banners" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-base-terms-59797dde213a6367a6157622c3715782.yaml b/nuclei-templates/cve-less/plugins/custom-base-terms-59797dde213a6367a6157622c3715782.yaml new file mode 100644 index 0000000000..bb001683f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-base-terms-59797dde213a6367a6157622c3715782.yaml @@ -0,0 +1,58 @@ +id: custom-base-terms-59797dde213a6367a6157622c3715782 + +info: + name: > + Custom Base Terms <= 1.0.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'base' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6292935-a67e-4b59-9b3c-0b71365193b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-base-terms/" + google-query: inurl:"/wp-content/plugins/custom-base-terms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-base-terms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-base-terms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-base-terms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-content-by-country-d5a15b7cded52d19f32afbdd2169bb8f.yaml b/nuclei-templates/cve-less/plugins/custom-content-by-country-d5a15b7cded52d19f32afbdd2169bb8f.yaml new file mode 100644 index 0000000000..c513d8be25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-content-by-country-d5a15b7cded52d19f32afbdd2169bb8f.yaml @@ -0,0 +1,58 @@ +id: custom-content-by-country-d5a15b7cded52d19f32afbdd2169bb8f + +info: + name: > + Custom Content by Country <= 3.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b84cc59-3820-4aba-a2d7-fa884b46c5b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-content-by-country/" + google-query: inurl:"/wp-content/plugins/custom-content-by-country/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-content-by-country,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-content-by-country/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-content-by-country" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-content-shortcode-250d58918649c83e91a9349c1cb1cbf0.yaml b/nuclei-templates/cve-less/plugins/custom-content-shortcode-250d58918649c83e91a9349c1cb1cbf0.yaml new file mode 100644 index 0000000000..19d81a369d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-content-shortcode-250d58918649c83e91a9349c1cb1cbf0.yaml @@ -0,0 +1,58 @@ +id: custom-content-shortcode-250d58918649c83e91a9349c1cb1cbf0 + +info: + name: > + Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Local File Inclusion via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d245dc6c-c579-4e28-a953-9227261911d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-content-shortcode/" + google-query: inurl:"/wp-content/plugins/custom-content-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-content-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-content-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-content-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-content-shortcode-2c26192ebe7847230519e6e8ccb48b5f.yaml b/nuclei-templates/cve-less/plugins/custom-content-shortcode-2c26192ebe7847230519e6e8ccb48b5f.yaml new file mode 100644 index 0000000000..f5941faf83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-content-shortcode-2c26192ebe7847230519e6e8ccb48b5f.yaml @@ -0,0 +1,58 @@ +id: custom-content-shortcode-2c26192ebe7847230519e6e8ccb48b5f + +info: + name: > + Custom Content Shortcode <= 4.0.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53459a4d-6ffd-46bf-926a-761db4cfb50c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-content-shortcode/" + google-query: inurl:"/wp-content/plugins/custom-content-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-content-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-content-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-content-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-content-shortcode-bdd19c036429e94932241df6aef820bd.yaml b/nuclei-templates/cve-less/plugins/custom-content-shortcode-bdd19c036429e94932241df6aef820bd.yaml new file mode 100644 index 0000000000..4ba80488fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-content-shortcode-bdd19c036429e94932241df6aef820bd.yaml @@ -0,0 +1,58 @@ +id: custom-content-shortcode-bdd19c036429e94932241df6aef820bd + +info: + name: > + Custom Content Shortcode <= 3.8.8 - Unauthorised Arbitrary Post Metadata Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d2e3252-454c-47a2-a09d-5d0474c82e2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-content-shortcode/" + google-query: inurl:"/wp-content/plugins/custom-content-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-content-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-content-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-content-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-content-shortcode-ef34cbe0110e2c6603d8d105d71a9566.yaml b/nuclei-templates/cve-less/plugins/custom-content-shortcode-ef34cbe0110e2c6603d8d105d71a9566.yaml new file mode 100644 index 0000000000..f5e26568f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-content-shortcode-ef34cbe0110e2c6603d8d105d71a9566.yaml @@ -0,0 +1,58 @@ +id: custom-content-shortcode-ef34cbe0110e2c6603d8d105d71a9566 + +info: + name: > + Custom Content Shortcode <= 4.0.1 - Authenticated Arbitrary File Access / Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2a825e4-3ffc-4412-81f4-6992dbbe756b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-content-shortcode/" + google-query: inurl:"/wp-content/plugins/custom-content-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-content-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-content-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-content-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-content-shortcode-fe4470deb32fffc7ae711831b5c4f60c.yaml b/nuclei-templates/cve-less/plugins/custom-content-shortcode-fe4470deb32fffc7ae711831b5c4f60c.yaml new file mode 100644 index 0000000000..4c614ed175 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-content-shortcode-fe4470deb32fffc7ae711831b5c4f60c.yaml @@ -0,0 +1,58 @@ +id: custom-content-shortcode-fe4470deb32fffc7ae711831b5c4f60c + +info: + name: > + Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c26e2aea-835e-4462-b4e3-99d2caf3a014?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-content-shortcode/" + google-query: inurl:"/wp-content/plugins/custom-content-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-content-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-content-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-content-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-content-type-manager-262dd6c0036b365e35ff5544b3d1cf02.yaml b/nuclei-templates/cve-less/plugins/custom-content-type-manager-262dd6c0036b365e35ff5544b3d1cf02.yaml new file mode 100644 index 0000000000..3fe4685765 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-content-type-manager-262dd6c0036b365e35ff5544b3d1cf02.yaml @@ -0,0 +1,58 @@ +id: custom-content-type-manager-262dd6c0036b365e35ff5544b3d1cf02 + +info: + name: > + Custom Content Type Manager <= 0.9.8.5 - Authenticated (Admin+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb483db-56f7-4d12-9022-46c829091cc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-content-type-manager/" + google-query: inurl:"/wp-content/plugins/custom-content-type-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-content-type-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-content-type-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-content-type-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-css-ae09c1b4732804e06d23d0fb90974789.yaml b/nuclei-templates/cve-less/plugins/custom-css-ae09c1b4732804e06d23d0fb90974789.yaml new file mode 100644 index 0000000000..bba450b314 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-css-ae09c1b4732804e06d23d0fb90974789.yaml @@ -0,0 +1,58 @@ +id: custom-css-ae09c1b4732804e06d23d0fb90974789 + +info: + name: > + Custom CSS, JS & PHP <= 2.0.7 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d21dc02f-789c-497e-9d01-02fa49bf9e30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-css/" + google-query: inurl:"/wp-content/plugins/custom-css/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-css,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-css/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-css" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-css-js-237f33dd283cbe8ba991ef6c6d099f49.yaml b/nuclei-templates/cve-less/plugins/custom-css-js-237f33dd283cbe8ba991ef6c6d099f49.yaml new file mode 100644 index 0000000000..c29fffae9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-css-js-237f33dd283cbe8ba991ef6c6d099f49.yaml @@ -0,0 +1,58 @@ +id: custom-css-js-237f33dd283cbe8ba991ef6c6d099f49 + +info: + name: > + Simple Custom CSS and JS <= 3.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01c9f196-bcf1-401b-992a-e7a60f9447f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-css-js/" + google-query: inurl:"/wp-content/plugins/custom-css-js/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-css-js,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-css-js/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-css-js" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-css-pro-ee68c39b627e562f2e3f279eade2d8f3.yaml b/nuclei-templates/cve-less/plugins/custom-css-pro-ee68c39b627e562f2e3f279eade2d8f3.yaml new file mode 100644 index 0000000000..1bfdf44fa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-css-pro-ee68c39b627e562f2e3f279eade2d8f3.yaml @@ -0,0 +1,58 @@ +id: custom-css-pro-ee68c39b627e562f2e3f279eade2d8f3 + +info: + name: > + Custom CSS Pro <= 1.0.3 - Cross-site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bb785cf-9924-4b47-ac89-5273c6ba8ee6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-css-pro/" + google-query: inurl:"/wp-content/plugins/custom-css-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-css-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-css-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-css-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-dashboard-widgets-521091f698c90705cd994fe26c1eef68.yaml b/nuclei-templates/cve-less/plugins/custom-dashboard-widgets-521091f698c90705cd994fe26c1eef68.yaml new file mode 100644 index 0000000000..d91af9b94c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-dashboard-widgets-521091f698c90705cd994fe26c1eef68.yaml @@ -0,0 +1,58 @@ +id: custom-dashboard-widgets-521091f698c90705cd994fe26c1eef68 + +info: + name: > + Custom Dashboard Widgets <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via cdw_DashboardWidgets + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3208426a-379d-46b9-a9e7-654604169929?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-dashboard-widgets/" + google-query: inurl:"/wp-content/plugins/custom-dashboard-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-dashboard-widgets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-dashboard-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-dashboard-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-facebook-feed-167f18c0fe5e035801a709b220b7d533.yaml b/nuclei-templates/cve-less/plugins/custom-facebook-feed-167f18c0fe5e035801a709b220b7d533.yaml new file mode 100644 index 0000000000..c7b7d8860b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-facebook-feed-167f18c0fe5e035801a709b220b7d533.yaml @@ -0,0 +1,58 @@ +id: custom-facebook-feed-167f18c0fe5e035801a709b220b7d533 + +info: + name: > + Smash Balloon Social Post Feed <= 4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01889c7b-f47b-4caf-8e35-4f8af188426e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-facebook-feed/" + google-query: inurl:"/wp-content/plugins/custom-facebook-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-facebook-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-facebook-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-facebook-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-facebook-feed-4c7bbe6117155e4a798748fa2ed8fb9c.yaml b/nuclei-templates/cve-less/plugins/custom-facebook-feed-4c7bbe6117155e4a798748fa2ed8fb9c.yaml new file mode 100644 index 0000000000..c349c7d5a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-facebook-feed-4c7bbe6117155e4a798748fa2ed8fb9c.yaml @@ -0,0 +1,58 @@ +id: custom-facebook-feed-4c7bbe6117155e4a798748fa2ed8fb9c + +info: + name: > + Smash Balloon Social Post Feed <= 2.19.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a2c96a1-bbab-41ed-aafd-6a6f569242f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-facebook-feed/" + google-query: inurl:"/wp-content/plugins/custom-facebook-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-facebook-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-facebook-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-facebook-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.19.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-facebook-feed-4f470840b5c22d9fdd8f597a9956aef0.yaml b/nuclei-templates/cve-less/plugins/custom-facebook-feed-4f470840b5c22d9fdd8f597a9956aef0.yaml new file mode 100644 index 0000000000..5774011f79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-facebook-feed-4f470840b5c22d9fdd8f597a9956aef0.yaml @@ -0,0 +1,58 @@ +id: custom-facebook-feed-4f470840b5c22d9fdd8f597a9956aef0 + +info: + name: > + Smash Balloon Social Post Feed <= 4.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fb28dab-1c65-47da-98f7-9eecf5f7466d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-facebook-feed/" + google-query: inurl:"/wp-content/plugins/custom-facebook-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-facebook-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-facebook-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-facebook-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-facebook-feed-58a423ad62b9e5f8da38c911a8b01c5e.yaml b/nuclei-templates/cve-less/plugins/custom-facebook-feed-58a423ad62b9e5f8da38c911a8b01c5e.yaml new file mode 100644 index 0000000000..97bd6fd686 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-facebook-feed-58a423ad62b9e5f8da38c911a8b01c5e.yaml @@ -0,0 +1,58 @@ +id: custom-facebook-feed-58a423ad62b9e5f8da38c911a8b01c5e + +info: + name: > + Smash Balloon Social Post Feed <= 4.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/623b139e-c5a1-4d2e-b05c-72707f421ef8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-facebook-feed/" + google-query: inurl:"/wp-content/plugins/custom-facebook-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-facebook-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-facebook-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-facebook-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-facebook-feed-da6dd99d1493b082c05d60ab888f9ef0.yaml b/nuclei-templates/cve-less/plugins/custom-facebook-feed-da6dd99d1493b082c05d60ab888f9ef0.yaml new file mode 100644 index 0000000000..d29cd413a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-facebook-feed-da6dd99d1493b082c05d60ab888f9ef0.yaml @@ -0,0 +1,58 @@ +id: custom-facebook-feed-da6dd99d1493b082c05d60ab888f9ef0 + +info: + name: > + Smash Balloon Social Post Feed <= 4.0 - Arbitrary Plugin Settings Update to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74fac72d-6f16-475c-bc80-e77968dd23ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-facebook-feed/" + google-query: inurl:"/wp-content/plugins/custom-facebook-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-facebook-feed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-facebook-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-facebook-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-bulk-editor-5dbb9b01c1ce63e54b37aeec51a21a8e.yaml b/nuclei-templates/cve-less/plugins/custom-field-bulk-editor-5dbb9b01c1ce63e54b37aeec51a21a8e.yaml new file mode 100644 index 0000000000..ae1b9e5d93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-bulk-editor-5dbb9b01c1ce63e54b37aeec51a21a8e.yaml @@ -0,0 +1,58 @@ +id: custom-field-bulk-editor-5dbb9b01c1ce63e54b37aeec51a21a8e + +info: + name: > + Custom Field Bulk Editor <= 1.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e127217-fd2a-4b8b-a6a5-85e246bc1289?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-bulk-editor/" + google-query: inurl:"/wp-content/plugins/custom-field-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-finder-38fb53416dee6ab7b6bba5cadf55c4c5.yaml b/nuclei-templates/cve-less/plugins/custom-field-finder-38fb53416dee6ab7b6bba5cadf55c4c5.yaml new file mode 100644 index 0000000000..e2b33c97d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-finder-38fb53416dee6ab7b6bba5cadf55c4c5.yaml @@ -0,0 +1,58 @@ +id: custom-field-finder-38fb53416dee6ab7b6bba5cadf55c4c5 + +info: + name: > + Custom field finder <= 0.3 - Authenticated (Author+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc78684-fdb7-4ce1-8464-0d057b48a7fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-finder/" + google-query: inurl:"/wp-content/plugins/custom-field-finder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-finder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-finder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-finder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-for-wp-job-manager-1b076d88024e9e8fa50fb517fb49e6d5.yaml b/nuclei-templates/cve-less/plugins/custom-field-for-wp-job-manager-1b076d88024e9e8fa50fb517fb49e6d5.yaml new file mode 100644 index 0000000000..89f195e4e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-for-wp-job-manager-1b076d88024e9e8fa50fb517fb49e6d5.yaml @@ -0,0 +1,58 @@ +id: custom-field-for-wp-job-manager-1b076d88024e9e8fa50fb517fb49e6d5 + +info: + name: > + Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f504434-2de9-4d2e-848d-6c7fc0880672?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-for-wp-job-manager/" + google-query: inurl:"/wp-content/plugins/custom-field-for-wp-job-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-for-wp-job-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-for-wp-job-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-for-wp-job-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-for-wp-job-manager-c6eebad0122883aa540363f1389d9ced.yaml b/nuclei-templates/cve-less/plugins/custom-field-for-wp-job-manager-c6eebad0122883aa540363f1389d9ced.yaml new file mode 100644 index 0000000000..52b00b84f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-for-wp-job-manager-c6eebad0122883aa540363f1389d9ced.yaml @@ -0,0 +1,58 @@ +id: custom-field-for-wp-job-manager-c6eebad0122883aa540363f1389d9ced + +info: + name: > + Custom Field For WP Job Manager <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e651766b-705d-415d-90bc-8b4f4418222c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-for-wp-job-manager/" + google-query: inurl:"/wp-content/plugins/custom-field-for-wp-job-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-for-wp-job-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-for-wp-job-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-for-wp-job-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-suite-30ced7d36e2903b8ecf83d1c6ae8e869.yaml b/nuclei-templates/cve-less/plugins/custom-field-suite-30ced7d36e2903b8ecf83d1c6ae8e869.yaml new file mode 100644 index 0000000000..7ddaff2d25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-suite-30ced7d36e2903b8ecf83d1c6ae8e869.yaml @@ -0,0 +1,58 @@ +id: custom-field-suite-30ced7d36e2903b8ecf83d1c6ae8e869 + +info: + name: > + Custom Field Suite <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e967ce-fd36-44de-acca-c1985642ee5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-suite/" + google-query: inurl:"/wp-content/plugins/custom-field-suite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-suite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-suite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-suite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-suite-5914d2a62c6e9fda2e52358bd6a051ee.yaml b/nuclei-templates/cve-less/plugins/custom-field-suite-5914d2a62c6e9fda2e52358bd6a051ee.yaml new file mode 100644 index 0000000000..b460c3f27a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-suite-5914d2a62c6e9fda2e52358bd6a051ee.yaml @@ -0,0 +1,58 @@ +id: custom-field-suite-5914d2a62c6e9fda2e52358bd6a051ee + +info: + name: > + Custom Field Suite <= 2.6.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a15946b-c4df-43e8-9e1d-7a8367cfda6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-suite/" + google-query: inurl:"/wp-content/plugins/custom-field-suite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-suite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-suite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-suite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-suite-aeb1af030c75596a2eb738838b5e8bf8.yaml b/nuclei-templates/cve-less/plugins/custom-field-suite-aeb1af030c75596a2eb738838b5e8bf8.yaml new file mode 100644 index 0000000000..efdcd3fa84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-suite-aeb1af030c75596a2eb738838b5e8bf8.yaml @@ -0,0 +1,58 @@ +id: custom-field-suite-aeb1af030c75596a2eb738838b5e8bf8 + +info: + name: > + Custom Field Suite <= 2.5.14 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e4fec06-13d3-49ce-afe5-8dca15cf1f0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-suite/" + google-query: inurl:"/wp-content/plugins/custom-field-suite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-suite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-suite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-suite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-suite-f388cd40277e7ac72bbf02fcf8235c63.yaml b/nuclei-templates/cve-less/plugins/custom-field-suite-f388cd40277e7ac72bbf02fcf8235c63.yaml new file mode 100644 index 0000000000..21ab4f7b44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-suite-f388cd40277e7ac72bbf02fcf8235c63.yaml @@ -0,0 +1,58 @@ +id: custom-field-suite-f388cd40277e7ac72bbf02fcf8235c63 + +info: + name: > + Custom Field Suite <= 2.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ab546cc-b099-4d26-bf42-785952fcfd8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-suite/" + google-query: inurl:"/wp-content/plugins/custom-field-suite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-suite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-suite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-suite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-template-41a8bca5b4e509ff5992617799743aa0.yaml b/nuclei-templates/cve-less/plugins/custom-field-template-41a8bca5b4e509ff5992617799743aa0.yaml new file mode 100644 index 0000000000..1a4b99dab5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-template-41a8bca5b4e509ff5992617799743aa0.yaml @@ -0,0 +1,58 @@ +id: custom-field-template-41a8bca5b4e509ff5992617799743aa0 + +info: + name: > + Custom Field Template <= 2.5.7 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22a5020a-ab81-43be-b160-082347a2a2d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-template/" + google-query: inurl:"/wp-content/plugins/custom-field-template/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-template,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-template/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-template" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-template-994931528097feea63f63eaaf2d7d1d0.yaml b/nuclei-templates/cve-less/plugins/custom-field-template-994931528097feea63f63eaaf2d7d1d0.yaml new file mode 100644 index 0000000000..3bf9c835ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-template-994931528097feea63f63eaaf2d7d1d0.yaml @@ -0,0 +1,58 @@ +id: custom-field-template-994931528097feea63f63eaaf2d7d1d0 + +info: + name: > + Custom Field Template <= 2.5.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3444c4b0-4619-482f-8313-d3006aa1e845?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-template/" + google-query: inurl:"/wp-content/plugins/custom-field-template/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-template,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-template/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-template" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-template-bf719546b14904a6ed90c49ad64d0d09.yaml b/nuclei-templates/cve-less/plugins/custom-field-template-bf719546b14904a6ed90c49ad64d0d09.yaml new file mode 100644 index 0000000000..c65678e728 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-template-bf719546b14904a6ed90c49ad64d0d09.yaml @@ -0,0 +1,58 @@ +id: custom-field-template-bf719546b14904a6ed90c49ad64d0d09 + +info: + name: > + Custom Field Template <= 2.5.8 - Cross-Site Request Forgery via Plugin Options Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b55853e1-2f20-417f-b07e-eda758eaed32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-template/" + google-query: inurl:"/wp-content/plugins/custom-field-template/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-template,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-template/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-template" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-template-d21e7c2b8075bc32648e9e728716b83f.yaml b/nuclei-templates/cve-less/plugins/custom-field-template-d21e7c2b8075bc32648e9e728716b83f.yaml new file mode 100644 index 0000000000..4600198ea8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-template-d21e7c2b8075bc32648e9e728716b83f.yaml @@ -0,0 +1,58 @@ +id: custom-field-template-d21e7c2b8075bc32648e9e728716b83f + +info: + name: > + Custom Field Template <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via $search_label + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec47ffee-0599-4f16-a71d-d17dcfe9b183?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-template/" + google-query: inurl:"/wp-content/plugins/custom-field-template/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-template,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-template/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-template" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-field-template-e43554bdd9278f30da878de76ec696d2.yaml b/nuclei-templates/cve-less/plugins/custom-field-template-e43554bdd9278f30da878de76ec696d2.yaml new file mode 100644 index 0000000000..ddee8b6341 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-field-template-e43554bdd9278f30da878de76ec696d2.yaml @@ -0,0 +1,58 @@ +id: custom-field-template-e43554bdd9278f30da878de76ec696d2 + +info: + name: > + Custom Field Template <= 2.5.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/752a07c4-ae88-4152-b449-68228a54604a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-field-template/" + google-query: inurl:"/wp-content/plugins/custom-field-template/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-field-template,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-field-template/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-field-template" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-fields-shortcode-8199a4f2b40a6eabf0daf50bba86ea3b.yaml b/nuclei-templates/cve-less/plugins/custom-fields-shortcode-8199a4f2b40a6eabf0daf50bba86ea3b.yaml new file mode 100644 index 0000000000..8118308417 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-fields-shortcode-8199a4f2b40a6eabf0daf50bba86ea3b.yaml @@ -0,0 +1,58 @@ +id: custom-fields-shortcode-8199a4f2b40a6eabf0daf50bba86ea3b + +info: + name: > + Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99d3d5aa-dd82-415a-bc40-9d2c677d9248?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-fields-shortcode/" + google-query: inurl:"/wp-content/plugins/custom-fields-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-fields-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-fields-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-fields-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-global-variables-1e3e94ac66c9cccf9af54623829f9f1e.yaml b/nuclei-templates/cve-less/plugins/custom-global-variables-1e3e94ac66c9cccf9af54623829f9f1e.yaml new file mode 100644 index 0000000000..0c2709b321 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-global-variables-1e3e94ac66c9cccf9af54623829f9f1e.yaml @@ -0,0 +1,58 @@ +id: custom-global-variables-1e3e94ac66c9cccf9af54623829f9f1e + +info: + name: > + Custom Global Variables <= 1.0.5 - Stored Cross-Site Scripting via 'name' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec6f2c0d-4d92-4982-995d-5d8a9866b888?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-global-variables/" + google-query: inurl:"/wp-content/plugins/custom-global-variables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-global-variables,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-global-variables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-global-variables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-header-images-efdfea6c2ba24e39c6bc0574220a9327.yaml b/nuclei-templates/cve-less/plugins/custom-header-images-efdfea6c2ba24e39c6bc0574220a9327.yaml new file mode 100644 index 0000000000..211b583fb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-header-images-efdfea6c2ba24e39c6bc0574220a9327.yaml @@ -0,0 +1,58 @@ +id: custom-header-images-efdfea6c2ba24e39c6bc0574220a9327 + +info: + name: > + Custom Header Images <= 1.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0beaa7ce-40aa-429e-80fd-d04e75489b92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-header-images/" + google-query: inurl:"/wp-content/plugins/custom-header-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-header-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-header-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-header-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-landing-pages-leadmagic-c0cb327a973fcb4e19ac20c22cf757a3.yaml b/nuclei-templates/cve-less/plugins/custom-landing-pages-leadmagic-c0cb327a973fcb4e19ac20c22cf757a3.yaml new file mode 100644 index 0000000000..a373a56ac3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-landing-pages-leadmagic-c0cb327a973fcb4e19ac20c22cf757a3.yaml @@ -0,0 +1,58 @@ +id: custom-landing-pages-leadmagic-c0cb327a973fcb4e19ac20c22cf757a3 + +info: + name: > + User Registration, Login & Landing Pages <= 1.2.7 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82173c1b-dce8-4713-87c7-2c54ba8cc02c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-landing-pages-leadmagic/" + google-query: inurl:"/wp-content/plugins/custom-landing-pages-leadmagic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-landing-pages-leadmagic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-landing-pages-leadmagic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-landing-pages-leadmagic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-login-325931d9fc1c27761908e3875605b580.yaml b/nuclei-templates/cve-less/plugins/custom-login-325931d9fc1c27761908e3875605b580.yaml new file mode 100644 index 0000000000..10d069d0e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-login-325931d9fc1c27761908e3875605b580.yaml @@ -0,0 +1,58 @@ +id: custom-login-325931d9fc1c27761908e3875605b580 + +info: + name: > + Custom Login <= 4.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b23afc11-c31d-4569-8f4b-8141eef7b3d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-login/" + google-query: inurl:"/wp-content/plugins/custom-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-login,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-login-admin-front-end-css-with-multisite-support-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/custom-login-admin-front-end-css-with-multisite-support-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..ca99bcc09e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-login-admin-front-end-css-with-multisite-support-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: custom-login-admin-front-end-css-with-multisite-support-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-login-admin-front-end-css-with-multisite-support/" + google-query: inurl:"/wp-content/plugins/custom-login-admin-front-end-css-with-multisite-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-login-admin-front-end-css-with-multisite-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-login-admin-front-end-css-with-multisite-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-login-admin-front-end-css-with-multisite-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-login-redirect-58218c3064ab4e32ea67258adcb97a88.yaml b/nuclei-templates/cve-less/plugins/custom-login-redirect-58218c3064ab4e32ea67258adcb97a88.yaml new file mode 100644 index 0000000000..f08421fde8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-login-redirect-58218c3064ab4e32ea67258adcb97a88.yaml @@ -0,0 +1,58 @@ +id: custom-login-redirect-58218c3064ab4e32ea67258adcb97a88 + +info: + name: > + Custom Login Redirect <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfeee1b9-2490-40ad-a49c-f18ed7b11070?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-login-redirect/" + google-query: inurl:"/wp-content/plugins/custom-login-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-login-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-login-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-login-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-map-afd7cbc1a6da1a4ae770134f7fa61d59.yaml b/nuclei-templates/cve-less/plugins/custom-map-afd7cbc1a6da1a4ae770134f7fa61d59.yaml new file mode 100644 index 0000000000..e1ead560a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-map-afd7cbc1a6da1a4ae770134f7fa61d59.yaml @@ -0,0 +1,58 @@ +id: custom-map-afd7cbc1a6da1a4ae770134f7fa61d59 + +info: + name: > + Custom Map <= 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2694fd0-0ad6-4b64-b332-aa7bc2f74cd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-map/" + google-query: inurl:"/wp-content/plugins/custom-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-map,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-more-link-complete-38be090459bf4011b3b41398d60796a6.yaml b/nuclei-templates/cve-less/plugins/custom-more-link-complete-38be090459bf4011b3b41398d60796a6.yaml new file mode 100644 index 0000000000..9dd838fc7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-more-link-complete-38be090459bf4011b3b41398d60796a6.yaml @@ -0,0 +1,58 @@ +id: custom-more-link-complete-38be090459bf4011b3b41398d60796a6 + +info: + name: > + Custom More Link Complete <= 1.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/698079d0-b539-431c-98c3-c69d0352d214?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-more-link-complete/" + google-query: inurl:"/wp-content/plugins/custom-more-link-complete/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-more-link-complete,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-more-link-complete/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-more-link-complete" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-my-account-for-woocommerce-8d1f98a443fa11a68eb0fbc9dc6290fa.yaml b/nuclei-templates/cve-less/plugins/custom-my-account-for-woocommerce-8d1f98a443fa11a68eb0fbc9dc6290fa.yaml new file mode 100644 index 0000000000..bdefc4fd67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-my-account-for-woocommerce-8d1f98a443fa11a68eb0fbc9dc6290fa.yaml @@ -0,0 +1,58 @@ +id: custom-my-account-for-woocommerce-8d1f98a443fa11a68eb0fbc9dc6290fa + +info: + name: > + Custom My Account for Woocommerce <= 2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd00c5cc-1a28-4d94-815d-46219ce0e0e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-my-account-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/custom-my-account-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-my-account-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-my-account-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-my-account-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-options-plus-6a0d7503e007dc4edef85efcc548b100.yaml b/nuclei-templates/cve-less/plugins/custom-options-plus-6a0d7503e007dc4edef85efcc548b100.yaml new file mode 100644 index 0000000000..002f69d37c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-options-plus-6a0d7503e007dc4edef85efcc548b100.yaml @@ -0,0 +1,58 @@ +id: custom-options-plus-6a0d7503e007dc4edef85efcc548b100 + +info: + name: > + Custom Options Plus <= 1.8.1 - Cross-Site Request Forgery via custom_options_plus_adm + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97c8858a-f05d-4159-b914-4e6ae9bf0d79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-options-plus/" + google-query: inurl:"/wp-content/plugins/custom-options-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-options-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-options-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-options-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-order-numbers-for-woocommerce-8f61fbaad0ace89497c5a7515dc4a1eb.yaml b/nuclei-templates/cve-less/plugins/custom-order-numbers-for-woocommerce-8f61fbaad0ace89497c5a7515dc4a1eb.yaml new file mode 100644 index 0000000000..b2f71dbd47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-order-numbers-for-woocommerce-8f61fbaad0ace89497c5a7515dc4a1eb.yaml @@ -0,0 +1,58 @@ +id: custom-order-numbers-for-woocommerce-8f61fbaad0ace89497c5a7515dc4a1eb + +info: + name: > + Custom Order Numbers for WooCommerce <= 1.4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d19800a-bff3-414f-a809-0159f49d263a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-order-numbers-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/custom-order-numbers-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-order-numbers-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-order-numbers-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-order-numbers-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-order-statuses-for-woocommerce-2862da944ba4b374cef11881cc898ccb.yaml b/nuclei-templates/cve-less/plugins/custom-order-statuses-for-woocommerce-2862da944ba4b374cef11881cc898ccb.yaml new file mode 100644 index 0000000000..b91f2dc60b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-order-statuses-for-woocommerce-2862da944ba4b374cef11881cc898ccb.yaml @@ -0,0 +1,58 @@ +id: custom-order-statuses-for-woocommerce-2862da944ba4b374cef11881cc898ccb + +info: + name: > + Custom Order Statuses for WooCommerce <= 1.5.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0981349-e627-4a3c-9972-01111a6b6140?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-order-statuses-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/custom-order-statuses-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-order-statuses-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-order-statuses-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-order-statuses-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-order-statuses-for-woocommerce-a9ddfb16bfebca41780e91a8896bacce.yaml b/nuclei-templates/cve-less/plugins/custom-order-statuses-for-woocommerce-a9ddfb16bfebca41780e91a8896bacce.yaml new file mode 100644 index 0000000000..538dc8d894 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-order-statuses-for-woocommerce-a9ddfb16bfebca41780e91a8896bacce.yaml @@ -0,0 +1,58 @@ +id: custom-order-statuses-for-woocommerce-a9ddfb16bfebca41780e91a8896bacce + +info: + name: > + Custom Order Statuses for WooCommerce <= 1.5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6dadbb0-1ebe-43ff-b220-0c93d0f51d87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-order-statuses-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/custom-order-statuses-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-order-statuses-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-order-statuses-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-order-statuses-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-post-type-cpt-cusom-taxonomy-ct-manager-2ec0e7698cdea1d83725ecb0fba1cce8.yaml b/nuclei-templates/cve-less/plugins/custom-post-type-cpt-cusom-taxonomy-ct-manager-2ec0e7698cdea1d83725ecb0fba1cce8.yaml new file mode 100644 index 0000000000..82f1f31be1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-post-type-cpt-cusom-taxonomy-ct-manager-2ec0e7698cdea1d83725ecb0fba1cce8.yaml @@ -0,0 +1,58 @@ +id: custom-post-type-cpt-cusom-taxonomy-ct-manager-2ec0e7698cdea1d83725ecb0fba1cce8 + +info: + name: > + Custom Post Type and Taxonomy GUI Manager <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26c75a0a-8590-4ac7-814e-29e0c2d0822e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-post-type-cpt-cusom-taxonomy-ct-manager/" + google-query: inurl:"/wp-content/plugins/custom-post-type-cpt-cusom-taxonomy-ct-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-post-type-cpt-cusom-taxonomy-ct-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-post-type-cpt-cusom-taxonomy-ct-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-post-type-cpt-cusom-taxonomy-ct-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-post-type-generator-b832c46935cda704a801fdf109478436.yaml b/nuclei-templates/cve-less/plugins/custom-post-type-generator-b832c46935cda704a801fdf109478436.yaml new file mode 100644 index 0000000000..616e84161f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-post-type-generator-b832c46935cda704a801fdf109478436.yaml @@ -0,0 +1,58 @@ +id: custom-post-type-generator-b832c46935cda704a801fdf109478436 + +info: + name: > + Custom Post Type Generator <= 2.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23a2b1ac-2183-48ae-8376-fb950fe83fd9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-post-type-generator/" + google-query: inurl:"/wp-content/plugins/custom-post-type-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-post-type-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-post-type-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-post-type-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-post-type-list-shortcode-7a94ec5884e06f0a302f2bb4d1ea7e80.yaml b/nuclei-templates/cve-less/plugins/custom-post-type-list-shortcode-7a94ec5884e06f0a302f2bb4d1ea7e80.yaml new file mode 100644 index 0000000000..8c93d29752 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-post-type-list-shortcode-7a94ec5884e06f0a302f2bb4d1ea7e80.yaml @@ -0,0 +1,58 @@ +id: custom-post-type-list-shortcode-7a94ec5884e06f0a302f2bb4d1ea7e80 + +info: + name: > + Custom Post Type List Shortcode <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b702f507-475a-4d45-8bb1-635f5f377c88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-post-type-list-shortcode/" + google-query: inurl:"/wp-content/plugins/custom-post-type-list-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-post-type-list-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-post-type-list-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-post-type-list-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-post-type-page-template-41234e0f9201b9670d0979855b89255d.yaml b/nuclei-templates/cve-less/plugins/custom-post-type-page-template-41234e0f9201b9670d0979855b89255d.yaml new file mode 100644 index 0000000000..bd593e958c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-post-type-page-template-41234e0f9201b9670d0979855b89255d.yaml @@ -0,0 +1,58 @@ +id: custom-post-type-page-template-41234e0f9201b9670d0979855b89255d + +info: + name: > + Custom Post Type Page Template <= 1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff05617-61b1-4d1f-9230-c771f23d3283?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-post-type-page-template/" + google-query: inurl:"/wp-content/plugins/custom-post-type-page-template/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-post-type-page-template,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-post-type-page-template/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-post-type-page-template" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-post-type-relations-e40fd02f8747cfe679a9add88aabc8af.yaml b/nuclei-templates/cve-less/plugins/custom-post-type-relations-e40fd02f8747cfe679a9add88aabc8af.yaml new file mode 100644 index 0000000000..2a94f74a63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-post-type-relations-e40fd02f8747cfe679a9add88aabc8af.yaml @@ -0,0 +1,58 @@ +id: custom-post-type-relations-e40fd02f8747cfe679a9add88aabc8af + +info: + name: > + Custom Post Type Relations <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74cc9d91-5b6a-48fc-8bd1-01100b45ffdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-post-type-relations/" + google-query: inurl:"/wp-content/plugins/custom-post-type-relations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-post-type-relations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-post-type-relations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-post-type-relations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-post-type-ui-797454d6297b04e0aa32a4dcc6b7a524.yaml b/nuclei-templates/cve-less/plugins/custom-post-type-ui-797454d6297b04e0aa32a4dcc6b7a524.yaml new file mode 100644 index 0000000000..60c8152994 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-post-type-ui-797454d6297b04e0aa32a4dcc6b7a524.yaml @@ -0,0 +1,58 @@ +id: custom-post-type-ui-797454d6297b04e0aa32a4dcc6b7a524 + +info: + name: > + Custom Post Type UI <= 1.13.4 - Cross-Site Request Forgery to Sensitive Information Exposure + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f28afb93-b72a-4a56-994b-144124202147?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-post-type-ui/" + google-query: inurl:"/wp-content/plugins/custom-post-type-ui/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-post-type-ui,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-post-type-ui/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-post-type-ui" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-post-types-03278634b9340d2d49106fefa161e7cd.yaml b/nuclei-templates/cve-less/plugins/custom-post-types-03278634b9340d2d49106fefa161e7cd.yaml new file mode 100644 index 0000000000..0f0a7a7efb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-post-types-03278634b9340d2d49106fefa161e7cd.yaml @@ -0,0 +1,58 @@ +id: custom-post-types-03278634b9340d2d49106fefa161e7cd + +info: + name: > + Custom post types <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58ee5f31-7d10-4772-929c-98249a351342?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-post-types/" + google-query: inurl:"/wp-content/plugins/custom-post-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-post-types,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-post-types-134091eb792475d128936c227b127601.yaml b/nuclei-templates/cve-less/plugins/custom-post-types-134091eb792475d128936c227b127601.yaml new file mode 100644 index 0000000000..66f066f7c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-post-types-134091eb792475d128936c227b127601.yaml @@ -0,0 +1,58 @@ +id: custom-post-types-134091eb792475d128936c227b127601 + +info: + name: > + Custom post types, Custom Fields & more <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b1449a9-6c89-4dec-8107-86cf8a295025?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-post-types/" + google-query: inurl:"/wp-content/plugins/custom-post-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-post-types,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-post-view-generator-ba5dfaad8cf69b254b291ccd03ab7c28.yaml b/nuclei-templates/cve-less/plugins/custom-post-view-generator-ba5dfaad8cf69b254b291ccd03ab7c28.yaml new file mode 100644 index 0000000000..c31765d2b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-post-view-generator-ba5dfaad8cf69b254b291ccd03ab7c28.yaml @@ -0,0 +1,58 @@ +id: custom-post-view-generator-ba5dfaad8cf69b254b291ccd03ab7c28 + +info: + name: > + Custom Post View Generator <= 0.4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf9d2008-a397-413d-868d-23afb55a8947?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-post-view-generator/" + google-query: inurl:"/wp-content/plugins/custom-post-view-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-post-view-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-post-view-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-post-view-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-03faf5c8e4483bcb72677008477fdf8f.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-03faf5c8e4483bcb72677008477fdf8f.yaml new file mode 100644 index 0000000000..463aa6dbd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-03faf5c8e4483bcb72677008477fdf8f.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-03faf5c8e4483bcb72677008477fdf8f + +info: + name: > + RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.1.0 - Authenticated (Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6478cdbc-a20e-4fe2-bbd6-8a550e5da895?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-161c815356a117f2a7d79bcb200b7ff9.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-161c815356a117f2a7d79bcb200b7ff9.yaml new file mode 100644 index 0000000000..a46c4300f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-161c815356a117f2a7d79bcb200b7ff9.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-161c815356a117f2a7d79bcb200b7ff9 + +info: + name: > + RegistrationMagic <= 5.2.2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dcde10d-4eb7-42fe-926e-05e56affc521?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-1ae4dd533f16291d906e419f9b6a90b5.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-1ae4dd533f16291d906e419f9b6a90b5.yaml new file mode 100644 index 0000000000..1ac987401a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-1ae4dd533f16291d906e419f9b6a90b5.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-1ae4dd533f16291d906e419f9b6a90b5 + +info: + name: > + RegistrationMagic <= 5.0.1.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8ba4a74-6649-4566-b9d5-19662539158b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-1d190b0241a92bf4c0712f3b939e7393.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-1d190b0241a92bf4c0712f3b939e7393.yaml new file mode 100644 index 0000000000..b46ff2e60e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-1d190b0241a92bf4c0712f3b939e7393.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-1d190b0241a92bf4c0712f3b939e7393 + +info: + name: > + RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/241dc2e4-b079-407b-b610-c40b23d038cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-49f8b17fd3f7202d469cd36057801698.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-49f8b17fd3f7202d469cd36057801698.yaml new file mode 100644 index 0000000000..13046fb9d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-49f8b17fd3f7202d469cd36057801698.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-49f8b17fd3f7202d469cd36057801698 + +info: + name: > + RegistrationMagic <= 5.1.9.2 - Missing Authorization to Unauthenticated Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fde0ab44-a354-4cbe-8548-0e5c08529082?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-4a6f7a73f2b2510b444077fe0160d05b.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-4a6f7a73f2b2510b444077fe0160d05b.yaml new file mode 100644 index 0000000000..a25ae0759a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-4a6f7a73f2b2510b444077fe0160d05b.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-4a6f7a73f2b2510b444077fe0160d05b + +info: + name: > + RegistrationMagic <= 5.2.5.0 - Form Submission Limit Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86ebb3d1-5fd1-48cb-95b7-f82014323f01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-4ebf8466ab7647227779ddf8d6ac3494.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-4ebf8466ab7647227779ddf8d6ac3494.yaml new file mode 100644 index 0000000000..3a3cfd92bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-4ebf8466ab7647227779ddf8d6ac3494.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-4ebf8466ab7647227779ddf8d6ac3494 + +info: + name: > + RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Settings and User Data Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f7d16d2-ecc0-4352-b7b9-2c3242f43dbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-560537cf7e37552cc5fc20cab905a672.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-560537cf7e37552cc5fc20cab905a672.yaml new file mode 100644 index 0000000000..3e91945369 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-560537cf7e37552cc5fc20cab905a672.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-560537cf7e37552cc5fc20cab905a672 + +info: + name: > + RegistrationMagic <= 5.2.1.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87ec5542-b6e7-4b18-a3ec-c258e749d32e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-5b9008ba421c01f99bc8a2b66d06c955.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-5b9008ba421c01f99bc8a2b66d06c955.yaml new file mode 100644 index 0000000000..20cc05fe8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-5b9008ba421c01f99bc8a2b66d06c955.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-5b9008ba421c01f99bc8a2b66d06c955 + +info: + name: > + RegistrationMagic <= 5.3.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6da046f-a16f-4a93-b3c6-04270538b7a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-5d65a7992972ebe63734d1fdf7ce6dcd.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-5d65a7992972ebe63734d1fdf7ce6dcd.yaml new file mode 100644 index 0000000000..54e45a744e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-5d65a7992972ebe63734d1fdf7ce6dcd.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-5d65a7992972ebe63734d1fdf7ce6dcd + +info: + name: > + RegistrationMagic - Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b71b187-2e05-4bea-9177-cbf66fe08a44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-66c19504108f80a4369db438b2de733d.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-66c19504108f80a4369db438b2de733d.yaml new file mode 100644 index 0000000000..4fe2f5e230 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-66c19504108f80a4369db438b2de733d.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-66c19504108f80a4369db438b2de733d + +info: + name: > + RegistrationMagic <= 5.2.5.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9396c350-d72e-472b-8cbc-44edce557256?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-750b74705bdff8d7fe8b29d226f6a7fb.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-750b74705bdff8d7fe8b29d226f6a7fb.yaml new file mode 100644 index 0000000000..1ad54740b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-750b74705bdff8d7fe8b29d226f6a7fb.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-750b74705bdff8d7fe8b29d226f6a7fb + +info: + name: > + RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Settings Import to Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7939401-822c-4d27-9d8c-c5680165e6a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-7db9573a3e8af958ed29c7bf6f04dd8e.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-7db9573a3e8af958ed29c7bf6f04dd8e.yaml new file mode 100644 index 0000000000..d5620d4486 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-7db9573a3e8af958ed29c7bf6f04dd8e.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-7db9573a3e8af958ed29c7bf6f04dd8e + +info: + name: > + RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/766e3966-157a-4db3-9179-813032343f76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-813e709d3dd48a31f481e32297dc8503.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-813e709d3dd48a31f481e32297dc8503.yaml new file mode 100644 index 0000000000..d361bc3840 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-813e709d3dd48a31f481e32297dc8503.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-813e709d3dd48a31f481e32297dc8503 + +info: + name: > + RegistrationMagic <= 5.3.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24f2eafc-c8eb-4d78-af5e-1a589d7e4d21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-85fa0155b108ebd593447d4fb927111e.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-85fa0155b108ebd593447d4fb927111e.yaml new file mode 100644 index 0000000000..d647e058b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-85fa0155b108ebd593447d4fb927111e.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-85fa0155b108ebd593447d4fb927111e + +info: + name: > + RegistrationMagic <= 5.0.1.7 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbd978fd-f759-4983-90b0-af7338e21d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-8f8b97c7d5c0b9ba282a6dfa6a5c0131.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-8f8b97c7d5c0b9ba282a6dfa6a5c0131.yaml new file mode 100644 index 0000000000..acc9b457d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-8f8b97c7d5c0b9ba282a6dfa6a5c0131.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-8f8b97c7d5c0b9ba282a6dfa6a5c0131 + +info: + name: > + RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Authenticated Email Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a023cdc5-3814-4120-86b2-6a60d385f898?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-98507312be61996148f27924ae96d00e.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-98507312be61996148f27924ae96d00e.yaml new file mode 100644 index 0000000000..be54671925 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-98507312be61996148f27924ae96d00e.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-98507312be61996148f27924ae96d00e + +info: + name: > + RegistrationMagic <= 5.2.4.1 - Reflected Cross-Site Scripting via section_id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d010e55-d57a-49f7-a991-76b676b88f1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-a93b511e834ddd2e10f787cf551e0214.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-a93b511e834ddd2e10f787cf551e0214.yaml new file mode 100644 index 0000000000..2307740a5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-a93b511e834ddd2e10f787cf551e0214.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-a93b511e834ddd2e10f787cf551e0214 + +info: + name: > + RegistrationMagic <= 5.0.2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52efc168-fed9-45c6-9a2c-1e3a198f71f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-bb05c43d4858d2cd6e99aeda4ad6534f.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-bb05c43d4858d2cd6e99aeda4ad6534f.yaml new file mode 100644 index 0000000000..0c3afb6bc7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-bb05c43d4858d2cd6e99aeda4ad6534f.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-bb05c43d4858d2cd6e99aeda4ad6534f + +info: + name: > + RegistrationMagic <= 5.2.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d041b14-0d05-4bfe-bd5c-7e06d7b108b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-bc39873d86ab4150675c8c4fc220361f.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-bc39873d86ab4150675c8c4fc220361f.yaml new file mode 100644 index 0000000000..736c0bbae7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-bc39873d86ab4150675c8c4fc220361f.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-bc39873d86ab4150675c8c4fc220361f + +info: + name: > + RegistrationMagic <= 5.1.9.2 - Cross-Site Request Forgery leading to Form Metadata Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcfb3a6e-7b58-4568-8439-e9c68a2223b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-d2f77ed0cac474a6437fa2cee0cecb6e.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-d2f77ed0cac474a6437fa2cee0cecb6e.yaml new file mode 100644 index 0000000000..c95af1d351 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-d2f77ed0cac474a6437fa2cee0cecb6e.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-d2f77ed0cac474a6437fa2cee0cecb6e + +info: + name: > + RegistrationMagic Plugin <= 5.2.4.5 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b378df7-b182-4a56-a7fa-3228c06f960f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-e04842ca04263f6508eb41a6732d11e2.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-e04842ca04263f6508eb41a6732d11e2.yaml new file mode 100644 index 0000000000..ed84a7fe7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-e04842ca04263f6508eb41a6732d11e2.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-e04842ca04263f6508eb41a6732d11e2 + +info: + name: > + Registration Magic <= 5.0.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/547e5814-0201-4dbf-9d2d-8028ca055402?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-e518e10775fef314a3432a0ef6a78cf1.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-e518e10775fef314a3432a0ef6a78cf1.yaml new file mode 100644 index 0000000000..bad7eca55b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-e518e10775fef314a3432a0ef6a78cf1.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-e518e10775fef314a3432a0ef6a78cf1 + +info: + name: > + RegistrationMagic <= 5.2.5.0 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b37b57c-4a11-4971-b38f-12c70d71b76b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-e8759c1eba32b6985f221d449c7045d7.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-e8759c1eba32b6985f221d449c7045d7.yaml new file mode 100644 index 0000000000..a6cb8a4fd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-e8759c1eba32b6985f221d449c7045d7.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-e8759c1eba32b6985f221d449c7045d7 + +info: + name: > + RegistrationMagic <= 5.2.5.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26d70dee-c098-40f1-962a-db56791ae221?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-eab40a7edf5f2e1a98131d79813fdf48.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-eab40a7edf5f2e1a98131d79813fdf48.yaml new file mode 100644 index 0000000000..e99b212010 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-eab40a7edf5f2e1a98131d79813fdf48.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-eab40a7edf5f2e1a98131d79813fdf48 + +info: + name: > + RegistrationMagic – Custom Registration Forms and User Login <= 4.6.0.3 - Cross-Site Request Forgery to Settings Modification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c23d163-1053-403f-80bc-ea8f76fff4e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-f0faf18308a797e616df68af878bf053.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-f0faf18308a797e616df68af878bf053.yaml new file mode 100644 index 0000000000..492c273474 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-f0faf18308a797e616df68af878bf053.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-f0faf18308a797e616df68af878bf053 + +info: + name: > + RegistrationMagic <= 5.1.9.2 - Improper Authorization to Price Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/feeb70e4-b602-40ce-bdeb-d947c6b6784d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-f7a999ea17927c5e9ebebc775b43318c.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-f7a999ea17927c5e9ebebc775b43318c.yaml new file mode 100644 index 0000000000..b497874634 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-f7a999ea17927c5e9ebebc775b43318c.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-f7a999ea17927c5e9ebebc775b43318c + +info: + name: > + RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin <= 4.6.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d46f8e8a-80cb-4407-ac07-f4c93be691b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-fcd65c8735954219062dc7bc27977dbf.yaml b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-fcd65c8735954219062dc7bc27977dbf.yaml new file mode 100644 index 0000000000..f1b2aabc82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-registration-form-builder-with-submission-manager-fcd65c8735954219062dc7bc27977dbf.yaml @@ -0,0 +1,58 @@ +id: custom-registration-form-builder-with-submission-manager-fcd65c8735954219062dc7bc27977dbf + +info: + name: > + RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfbc406b-49af-419e-adeb-0510794b7e3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + google-query: inurl:"/wp-content/plugins/custom-registration-form-builder-with-submission-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-registration-form-builder-with-submission-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-registration-form-builder-with-submission-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-registration-form-builder-with-submission-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-scroll-bar-designer-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/custom-scroll-bar-designer-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..507f027ff6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-scroll-bar-designer-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: custom-scroll-bar-designer-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-scroll-bar-designer/" + google-query: inurl:"/wp-content/plugins/custom-scroll-bar-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-scroll-bar-designer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-scroll-bar-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-scroll-bar-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-search-plugin-ea2aae884b82aaf10a9b6d9e08e6be98.yaml b/nuclei-templates/cve-less/plugins/custom-search-plugin-ea2aae884b82aaf10a9b6d9e08e6be98.yaml new file mode 100644 index 0000000000..8bdf5ebef8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-search-plugin-ea2aae884b82aaf10a9b6d9e08e6be98.yaml @@ -0,0 +1,58 @@ +id: custom-search-plugin-ea2aae884b82aaf10a9b6d9e08e6be98 + +info: + name: > + Custom Search by BestWebSoft <= 1.35 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/711a7307-0a7a-4640-8d88-5c370b0156de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-search-plugin/" + google-query: inurl:"/wp-content/plugins/custom-search-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-search-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-search-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-search-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-searchable-data-entry-system-503f25d9a3f350dbb09e33967b718028.yaml b/nuclei-templates/cve-less/plugins/custom-searchable-data-entry-system-503f25d9a3f350dbb09e33967b718028.yaml new file mode 100644 index 0000000000..dd3d69b5b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-searchable-data-entry-system-503f25d9a3f350dbb09e33967b718028.yaml @@ -0,0 +1,58 @@ +id: custom-searchable-data-entry-system-503f25d9a3f350dbb09e33967b718028 + +info: + name: > + Custom Searchable Data Entry System <= 1.7.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eada519e-a647-4425-9e41-b8527b592c8a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-searchable-data-entry-system/" + google-query: inurl:"/wp-content/plugins/custom-searchable-data-entry-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-searchable-data-entry-system,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-searchable-data-entry-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-searchable-data-entry-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-settings-73efd5c8bcd4c1bfe4df6f8b395749d7.yaml b/nuclei-templates/cve-less/plugins/custom-settings-73efd5c8bcd4c1bfe4df6f8b395749d7.yaml new file mode 100644 index 0000000000..8d08ce6019 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-settings-73efd5c8bcd4c1bfe4df6f8b395749d7.yaml @@ -0,0 +1,58 @@ +id: custom-settings-73efd5c8bcd4c1bfe4df6f8b395749d7 + +info: + name: > + WordPress Custom Settings <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23f7f4ad-f9d5-44b7-8354-5145b003fd20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-settings/" + google-query: inurl:"/wp-content/plugins/custom-settings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-settings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-settings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-settings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-share-buttons-with-floating-sidebar-e1e48d10961945b3a2fc571529bab9c7.yaml b/nuclei-templates/cve-less/plugins/custom-share-buttons-with-floating-sidebar-e1e48d10961945b3a2fc571529bab9c7.yaml new file mode 100644 index 0000000000..d7c215fad5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-share-buttons-with-floating-sidebar-e1e48d10961945b3a2fc571529bab9c7.yaml @@ -0,0 +1,58 @@ +id: custom-share-buttons-with-floating-sidebar-e1e48d10961945b3a2fc571529bab9c7 + +info: + name: > + Custom Share Buttons with Floating Sidebar <= 4.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5628fb28-03fd-407d-874e-7801b17098f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-share-buttons-with-floating-sidebar/" + google-query: inurl:"/wp-content/plugins/custom-share-buttons-with-floating-sidebar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-share-buttons-with-floating-sidebar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-share-buttons-with-floating-sidebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-share-buttons-with-floating-sidebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-sidebars-aea09105f0f61d6ceb820ac11ed09e51.yaml b/nuclei-templates/cve-less/plugins/custom-sidebars-aea09105f0f61d6ceb820ac11ed09e51.yaml new file mode 100644 index 0000000000..f3974a6cbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-sidebars-aea09105f0f61d6ceb820ac11ed09e51.yaml @@ -0,0 +1,58 @@ +id: custom-sidebars-aea09105f0f61d6ceb820ac11ed09e51 + +info: + name: > + Custom Sidebars <= 3.0.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eee88bc6-b7e3-4eff-afc7-59b9a1cc9d2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-sidebars/" + google-query: inurl:"/wp-content/plugins/custom-sidebars/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-sidebars,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-sidebars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-sidebars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-sidebars-e7cf3375d8a38efd1be42356dbb74de4.yaml b/nuclei-templates/cve-less/plugins/custom-sidebars-e7cf3375d8a38efd1be42356dbb74de4.yaml new file mode 100644 index 0000000000..f8af9af193 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-sidebars-e7cf3375d8a38efd1be42356dbb74de4.yaml @@ -0,0 +1,58 @@ +id: custom-sidebars-e7cf3375d8a38efd1be42356dbb74de4 + +info: + name: > + Custom Sidebars <= 3.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aff4d42c-133e-4ca8-9664-6878a22f7058?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-sidebars/" + google-query: inurl:"/wp-content/plugins/custom-sidebars/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-sidebars,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-sidebars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-sidebars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-simple-rss-c55993b506252ecc7087422b008f250c.yaml b/nuclei-templates/cve-less/plugins/custom-simple-rss-c55993b506252ecc7087422b008f250c.yaml new file mode 100644 index 0000000000..4b195a4fc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-simple-rss-c55993b506252ecc7087422b008f250c.yaml @@ -0,0 +1,58 @@ +id: custom-simple-rss-c55993b506252ecc7087422b008f250c + +info: + name: > + Custom Simple RSS < 2.0.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ee333a6-6b4b-4abb-9fc9-1afd9598b321?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-simple-rss/" + google-query: inurl:"/wp-content/plugins/custom-simple-rss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-simple-rss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-simple-rss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-simple-rss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-sub-menus-f50829abfd0ab0292550a897d206e4fb.yaml b/nuclei-templates/cve-less/plugins/custom-sub-menus-f50829abfd0ab0292550a897d206e4fb.yaml new file mode 100644 index 0000000000..75da3b13cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-sub-menus-f50829abfd0ab0292550a897d206e4fb.yaml @@ -0,0 +1,58 @@ +id: custom-sub-menus-f50829abfd0ab0292550a897d206e4fb + +info: + name: > + Custom Menu <= 1.3.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c70206d-5c4a-4068-8182-e93378c26350?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-sub-menus/" + google-query: inurl:"/wp-content/plugins/custom-sub-menus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-sub-menus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-sub-menus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-sub-menus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-text-selection-colors-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/custom-text-selection-colors-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..e6ed58bccf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-text-selection-colors-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: custom-text-selection-colors-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-text-selection-colors/" + google-query: inurl:"/wp-content/plugins/custom-text-selection-colors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-text-selection-colors,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-text-selection-colors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-text-selection-colors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-tinymce-shortcode-button-f62cbc07d0c97caefc6751d0180dc663.yaml b/nuclei-templates/cve-less/plugins/custom-tinymce-shortcode-button-f62cbc07d0c97caefc6751d0180dc663.yaml new file mode 100644 index 0000000000..c069f6b35a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-tinymce-shortcode-button-f62cbc07d0c97caefc6751d0180dc663.yaml @@ -0,0 +1,58 @@ +id: custom-tinymce-shortcode-button-f62cbc07d0c97caefc6751d0180dc663 + +info: + name: > + Custom TinyMCE Shortcode Button <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f5bc5cc-fe96-48f6-b9c9-a2b9d83406b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-tinymce-shortcode-button/" + google-query: inurl:"/wp-content/plugins/custom-tinymce-shortcode-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-tinymce-shortcode-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-tinymce-shortcode-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-tinymce-shortcode-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-twitter-feeds-05b7197cf734fac5f20338febaf0428b.yaml b/nuclei-templates/cve-less/plugins/custom-twitter-feeds-05b7197cf734fac5f20338febaf0428b.yaml new file mode 100644 index 0000000000..9f5051390a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-twitter-feeds-05b7197cf734fac5f20338febaf0428b.yaml @@ -0,0 +1,58 @@ +id: custom-twitter-feeds-05b7197cf734fac5f20338febaf0428b + +info: + name: > + Custom Twitter Feeds – A Tweets Widget or X Feed Widget <= 2.2.1 - Cross-Site Request Forgery to Plugin Options Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29e2ff11-053b-45cc-adf1-d276f1ee576e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-twitter-feeds/" + google-query: inurl:"/wp-content/plugins/custom-twitter-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-twitter-feeds,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-twitter-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-twitter-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-twitter-feeds-0787c7b553a6a5c88dae74eba6fc4fd1.yaml b/nuclei-templates/cve-less/plugins/custom-twitter-feeds-0787c7b553a6a5c88dae74eba6fc4fd1.yaml new file mode 100644 index 0000000000..779c79d1ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-twitter-feeds-0787c7b553a6a5c88dae74eba6fc4fd1.yaml @@ -0,0 +1,58 @@ +id: custom-twitter-feeds-0787c7b553a6a5c88dae74eba6fc4fd1 + +info: + name: > + Custom Twitter Feeds (Tweets Widget) <= 1.8.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a5f8c2-3fd6-4d31-a3b5-60bdb8c18491?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-twitter-feeds/" + google-query: inurl:"/wp-content/plugins/custom-twitter-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-twitter-feeds,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-twitter-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-twitter-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/custom-user-css-6543643d1ea175fa61a5d758cd6fec45.yaml b/nuclei-templates/cve-less/plugins/custom-user-css-6543643d1ea175fa61a5d758cd6fec45.yaml new file mode 100644 index 0000000000..74c8365504 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/custom-user-css-6543643d1ea175fa61a5d758cd6fec45.yaml @@ -0,0 +1,58 @@ +id: custom-user-css-6543643d1ea175fa61a5d758cd6fec45 + +info: + name: > + Custom User CSS <= 0.2 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b53ed24-2821-440f-9aba-69d75b7459a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/custom-user-css/" + google-query: inurl:"/wp-content/plugins/custom-user-css/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,custom-user-css,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/custom-user-css/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "custom-user-css" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-area-5946d00520fcf71340c79730911fdae4.yaml b/nuclei-templates/cve-less/plugins/customer-area-5946d00520fcf71340c79730911fdae4.yaml new file mode 100644 index 0000000000..2a411067ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-area-5946d00520fcf71340c79730911fdae4.yaml @@ -0,0 +1,58 @@ +id: customer-area-5946d00520fcf71340c79730911fdae4 + +info: + name: > + WP Customer Area <= 8.2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-area/" + google-query: inurl:"/wp-content/plugins/customer-area/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-area,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-area/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-area" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-area-638180480b8e5ea2f7bb663f12fd87db.yaml b/nuclei-templates/cve-less/plugins/customer-area-638180480b8e5ea2f7bb663f12fd87db.yaml new file mode 100644 index 0000000000..d24658978a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-area-638180480b8e5ea2f7bb663f12fd87db.yaml @@ -0,0 +1,58 @@ +id: customer-area-638180480b8e5ea2f7bb663f12fd87db + +info: + name: > + WP Customer Area <= 8.2.0 - Insecure Direct Object Reference to Account Address Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc0087a8-ec3a-4c16-8ce3-d346ae0ca58d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-area/" + google-query: inurl:"/wp-content/plugins/customer-area/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-area,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-area/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-area" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-area-64194ddc20aa7461447b4d03da264c07.yaml b/nuclei-templates/cve-less/plugins/customer-area-64194ddc20aa7461447b4d03da264c07.yaml new file mode 100644 index 0000000000..661754ff77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-area-64194ddc20aa7461447b4d03da264c07.yaml @@ -0,0 +1,58 @@ +id: customer-area-64194ddc20aa7461447b4d03da264c07 + +info: + name: > + WP Customer Area <= 8.1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad5aeea0-ba5a-488a-9087-9b7567f31c70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-area/" + google-query: inurl:"/wp-content/plugins/customer-area/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-area,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-area/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-area" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-area-88e7e4a086d6356c7121d61d5de285a2.yaml b/nuclei-templates/cve-less/plugins/customer-area-88e7e4a086d6356c7121d61d5de285a2.yaml new file mode 100644 index 0000000000..af515d69ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-area-88e7e4a086d6356c7121d61d5de285a2.yaml @@ -0,0 +1,58 @@ +id: customer-area-88e7e4a086d6356c7121d61d5de285a2 + +info: + name: > + WP Customer Area <= 8.2.1 - Insecure Direct Object Reference to Address Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32713069-ea40-46ef-a789-9646eab2e651?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-area/" + google-query: inurl:"/wp-content/plugins/customer-area/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-area,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-area/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-area" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-area-f9650549fbf42fb03bc206714accabe1.yaml b/nuclei-templates/cve-less/plugins/customer-area-f9650549fbf42fb03bc206714accabe1.yaml new file mode 100644 index 0000000000..2327996aaa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-area-f9650549fbf42fb03bc206714accabe1.yaml @@ -0,0 +1,58 @@ +id: customer-area-f9650549fbf42fb03bc206714accabe1 + +info: + name: > + WP Customer Area <= 7.4.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec015f49-cdb6-4a08-81cd-6fa505086537?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-area/" + google-query: inurl:"/wp-content/plugins/customer-area/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-area,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-area/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-area" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-collector-for-woocommerce-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-collector-for-woocommerce-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..e232347a7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-collector-for-woocommerce-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-collector-for-woocommerce-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-collector-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-collector-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-collector-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-collector-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-collector-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-03f52e4edfa7408cb52c9d72fc195004.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-03f52e4edfa7408cb52c9d72fc195004.yaml new file mode 100644 index 0000000000..4ca8d2d6ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-03f52e4edfa7408cb52c9d72fc195004.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-03f52e4edfa7408cb52c9d72fc195004 + +info: + name: > + Customer Reviews for WooCommerce <= 5.15.0 - Authenticated (Subscriber+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6e7b44c-fe94-493b-846b-57c40e00d8fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.15.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-087ab6a6409aed64b5c6d0e8d25ec639.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-087ab6a6409aed64b5c6d0e8d25ec639.yaml new file mode 100644 index 0000000000..e45a918a9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-087ab6a6409aed64b5c6d0e8d25ec639.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-087ab6a6409aed64b5c6d0e8d25ec639 + +info: + name: > + Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e80e63-f4f7-44cc-ae29-72e7847d7448?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.46.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-2d6698f89f32609adbc6e12eed98ca62.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-2d6698f89f32609adbc6e12eed98ca62.yaml new file mode 100644 index 0000000000..08e7edef9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-2d6698f89f32609adbc6e12eed98ca62.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-2d6698f89f32609adbc6e12eed98ca62 + +info: + name: > + Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.38.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-33080b0d5149a7811a842330fcd02a9a.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-33080b0d5149a7811a842330fcd02a9a.yaml new file mode 100644 index 0000000000..7cd3661696 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-33080b0d5149a7811a842330fcd02a9a.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-33080b0d5149a7811a842330fcd02a9a + +info: + name: > + Customer Reviews for WooCommerce <= 5.16.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f00ef5c1-1025-489c-a294-a87e10afde2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.16.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-34547cf35ff55eca1aec11c82238db2e.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-34547cf35ff55eca1aec11c82238db2e.yaml new file mode 100644 index 0000000000..a297507ea8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-34547cf35ff55eca1aec11c82238db2e.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-34547cf35ff55eca1aec11c82238db2e + +info: + name: > + Customer Reviews for WooCommerce <= 5.38.12 - Improper Authorization via submit_review + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.38.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-5b09804fb0f54f039756dc2dbfaca10d.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-5b09804fb0f54f039756dc2dbfaca10d.yaml new file mode 100644 index 0000000000..0d0037d867 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-5b09804fb0f54f039756dc2dbfaca10d.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-5b09804fb0f54f039756dc2dbfaca10d + +info: + name: > + Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/881e8096-e75f-49a7-87ed-c230e93ea378?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.46.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-704e8a4e646ad70dffa4b5a4a231b7e5.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-704e8a4e646ad70dffa4b5a4a231b7e5.yaml new file mode 100644 index 0000000000..c7558b2a84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-704e8a4e646ad70dffa4b5a4a231b7e5.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-704e8a4e646ad70dffa4b5a4a231b7e5 + +info: + name: > + Customer Reviews for WooCommerce <= 5.38.1 - Missing Authorization via CR_Manual + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e093d1f-9c5a-44f8-bc27-9c320e220358?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.38.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-72807f145d4d787ee0d78e0f3adf0196.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-72807f145d4d787ee0d78e0f3adf0196.yaml new file mode 100644 index 0000000000..7dc263215b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-72807f145d4d787ee0d78e0f3adf0196.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-72807f145d4d787ee0d78e0f3adf0196 + +info: + name: > + Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization in Reviews Exporter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d60f3da1-1184-4629-880c-ce3893fb55a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.36.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-aba3e00a2a63250607e79d5288cb4fd8.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-aba3e00a2a63250607e79d5288cb4fd8.yaml new file mode 100644 index 0000000000..feb6878c4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-aba3e00a2a63250607e79d5288cb4fd8.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-aba3e00a2a63250607e79d5288cb4fd8 + +info: + name: > + Customer Reviews for WooCommerce <= 5.3.5 - Multiple Unprotected AJAX Actions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0a47e0-5be1-418c-afdf-8bb2d784bcc9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-b617065e23c3fb2d068c8fc7c1e18a76.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-b617065e23c3fb2d068c8fc7c1e18a76.yaml new file mode 100644 index 0000000000..eec08cb831 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-b617065e23c3fb2d068c8fc7c1e18a76.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-b617065e23c3fb2d068c8fc7c1e18a76 + +info: + name: > + Customer Reviews for WooCommerce <= 5.47.0 - Reflected Cross-Site Scripting via 's' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3489038-2833-4080-b802-5733afab5de8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.47.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-b9103fa25ff1df562a7ef31b16b8ad03.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-b9103fa25ff1df562a7ef31b16b8ad03.yaml new file mode 100644 index 0000000000..bd41f37d5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-b9103fa25ff1df562a7ef31b16b8ad03.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-b9103fa25ff1df562a7ef31b16b8ad03 + +info: + name: > + Customer Reviews for WooCommerce <= 5.3.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43100062-c6bd-4d08-a88b-fbcf24f7e605?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-ccbfe5f4150b2a60a0b0de9e47423628.yaml b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-ccbfe5f4150b2a60a0b0de9e47423628.yaml new file mode 100644 index 0000000000..dff1b0f938 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customer-reviews-woocommerce-ccbfe5f4150b2a60a0b0de9e47423628.yaml @@ -0,0 +1,58 @@ +id: customer-reviews-woocommerce-ccbfe5f4150b2a60a0b0de9e47423628 + +info: + name: > + Customer Reviews for WooCommerce <= 5.3.5 - Sensitive Data Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34eaee0f-7a5b-4496-a5c8-5f6c69e24417?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customer-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/customer-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customer-reviews-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customer-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customer-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customify-e6ebb86ebbdc2c2465c0fad6241913af.yaml b/nuclei-templates/cve-less/plugins/customify-e6ebb86ebbdc2c2465c0fad6241913af.yaml new file mode 100644 index 0000000000..c87d30cf2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customify-e6ebb86ebbdc2c2465c0fad6241913af.yaml @@ -0,0 +1,58 @@ +id: customify-e6ebb86ebbdc2c2465c0fad6241913af + +info: + name: > + Customify <= 2.10.4 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b1c0ee5-5329-411c-8030-14bec586d74d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customify/" + google-query: inurl:"/wp-content/plugins/customify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customify-sites-c0b24144ee5f50c90a86d55930aab983.yaml b/nuclei-templates/cve-less/plugins/customify-sites-c0b24144ee5f50c90a86d55930aab983.yaml new file mode 100644 index 0000000000..9e969aa156 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customify-sites-c0b24144ee5f50c90a86d55930aab983.yaml @@ -0,0 +1,58 @@ +id: customify-sites-c0b24144ee5f50c90a86d55930aab983 + +info: + name: > + Customify Site Library <= 0.0.9 - Unauthenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dbf982f-c83f-4980-b758-9e241e0de67b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customify-sites/" + google-query: inurl:"/wp-content/plugins/customify-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customify-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customify-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customify-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customily-v2-43a2744fa82afcde1f284cbd5aa55b86.yaml b/nuclei-templates/cve-less/plugins/customily-v2-43a2744fa82afcde1f284cbd5aa55b86.yaml new file mode 100644 index 0000000000..eaa3270a5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customily-v2-43a2744fa82afcde1f284cbd5aa55b86.yaml @@ -0,0 +1,58 @@ +id: customily-v2-43a2744fa82afcde1f284cbd5aa55b86 + +info: + name: > + Customily Product Personalizer <= 1.23.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f8aa38b-85c5-45a7-b5cd-9ecd43a3c340?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customily-v2/" + google-query: inurl:"/wp-content/plugins/customily-v2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customily-v2,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customily-v2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customily-v2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customize-login-image-cdd44eb1f0b901b8f5061171a068c613.yaml b/nuclei-templates/cve-less/plugins/customize-login-image-cdd44eb1f0b901b8f5061171a068c613.yaml new file mode 100644 index 0000000000..c4b4b554f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customize-login-image-cdd44eb1f0b901b8f5061171a068c613.yaml @@ -0,0 +1,58 @@ +id: customize-login-image-cdd44eb1f0b901b8f5061171a068c613 + +info: + name: > + Customize Login Image <= 3.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f9b02c1-2cd7-48ee-b568-4c42bc0ded96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customize-login-image/" + google-query: inurl:"/wp-content/plugins/customize-login-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customize-login-image,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customize-login-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customize-login-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customize-my-account-for-woocommerce-c07ce33288471d0dce242b9d0edc14b3.yaml b/nuclei-templates/cve-less/plugins/customize-my-account-for-woocommerce-c07ce33288471d0dce242b9d0edc14b3.yaml new file mode 100644 index 0000000000..3e6db8260b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customize-my-account-for-woocommerce-c07ce33288471d0dce242b9d0edc14b3.yaml @@ -0,0 +1,58 @@ +id: customize-my-account-for-woocommerce-c07ce33288471d0dce242b9d0edc14b3 + +info: + name: > + Customize My Account for WooCommerce <= 1.8.3 - Cross-Site Request Forgery via restore_my_account_tabs + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f79f9385-f8d1-44a0-9e53-7576a9453163?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customize-my-account-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/customize-my-account-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customize-my-account-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customize-my-account-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customize-my-account-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customizer-export-import-6aade0ab1cd3e84f1c328d12c13c28e5.yaml b/nuclei-templates/cve-less/plugins/customizer-export-import-6aade0ab1cd3e84f1c328d12c13c28e5.yaml new file mode 100644 index 0000000000..6171456ebf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customizer-export-import-6aade0ab1cd3e84f1c328d12c13c28e5.yaml @@ -0,0 +1,58 @@ +id: customizer-export-import-6aade0ab1cd3e84f1c328d12c13c28e5 + +info: + name: > + Customizer Export/Import <= 0.9.5 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd7312ec-9654-4ddc-aec6-71c7e684fac0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customizer-export-import/" + google-query: inurl:"/wp-content/plugins/customizer-export-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customizer-export-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customizer-export-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customizer-export-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/customizer-export-import-c7389b248c40364239ac72c9e1e9985e.yaml b/nuclei-templates/cve-less/plugins/customizer-export-import-c7389b248c40364239ac72c9e1e9985e.yaml new file mode 100644 index 0000000000..f9820a2d69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/customizer-export-import-c7389b248c40364239ac72c9e1e9985e.yaml @@ -0,0 +1,58 @@ +id: customizer-export-import-c7389b248c40364239ac72c9e1e9985e + +info: + name: > + Customizer Export/Import <= 0.9.4 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72fadfa8-4b53-4661-8b6c-69cdb79d3fd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/customizer-export-import/" + google-query: inurl:"/wp-content/plugins/customizer-export-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,customizer-export-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/customizer-export-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customizer-export-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cwicly-62e4a961ffac0b881f8af1cc15505b69.yaml b/nuclei-templates/cve-less/plugins/cwicly-62e4a961ffac0b881f8af1cc15505b69.yaml new file mode 100644 index 0000000000..bd89a004f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cwicly-62e4a961ffac0b881f8af1cc15505b69.yaml @@ -0,0 +1,58 @@ +id: cwicly-62e4a961ffac0b881f8af1cc15505b69 + +info: + name: > + Cwicly <= 1.4.0.2 - Authenticated (Contributor+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21bcb740-6340-4ff7-815f-539175936ca1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cwicly/" + google-query: inurl:"/wp-content/plugins/cwicly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cwicly,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cwicly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cwicly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cww-companion-3712f3d2b17172eb0c737744e9767b9d.yaml b/nuclei-templates/cve-less/plugins/cww-companion-3712f3d2b17172eb0c737744e9767b9d.yaml new file mode 100644 index 0000000000..fc2e369656 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cww-companion-3712f3d2b17172eb0c737744e9767b9d.yaml @@ -0,0 +1,58 @@ +id: cww-companion-3712f3d2b17172eb0c737744e9767b9d + +info: + name: > + CWW Companion <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d82d43b9-4c70-4525-88ba-eec7c81a62c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cww-companion/" + google-query: inurl:"/wp-content/plugins/cww-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cww-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cww-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cww-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cybersoldier-a97afd1d52e8ec7c0950d3b4bfa966dc.yaml b/nuclei-templates/cve-less/plugins/cybersoldier-a97afd1d52e8ec7c0950d3b4bfa966dc.yaml new file mode 100644 index 0000000000..2011f6fcf4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cybersoldier-a97afd1d52e8ec7c0950d3b4bfa966dc.yaml @@ -0,0 +1,58 @@ +id: cybersoldier-a97afd1d52e8ec7c0950d3b4bfa966dc + +info: + name: > + Cybersoldier < 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/606b9002-5f3a-49ef-9714-49eeac86f800?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cybersoldier/" + google-query: inurl:"/wp-content/plugins/cybersoldier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cybersoldier,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cybersoldier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cybersoldier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cyberus-key-589eb0de3c09a1f6b4b85bf3ecf20784.yaml b/nuclei-templates/cve-less/plugins/cyberus-key-589eb0de3c09a1f6b4b85bf3ecf20784.yaml new file mode 100644 index 0000000000..b33208a463 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cyberus-key-589eb0de3c09a1f6b4b85bf3ecf20784.yaml @@ -0,0 +1,58 @@ +id: cyberus-key-589eb0de3c09a1f6b4b85bf3ecf20784 + +info: + name: > + Cyberus Key <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'uid' in 'cyberkey_settings' Plugin Setting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf5e5eaf-b42d-49b9-8f55-6025e64748c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cyberus-key/" + google-query: inurl:"/wp-content/plugins/cyberus-key/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cyberus-key,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cyberus-key/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cyberus-key" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cyklodev-wp-notify-e785890064729677b76cdb50e8ed4af9.yaml b/nuclei-templates/cve-less/plugins/cyklodev-wp-notify-e785890064729677b76cdb50e8ed4af9.yaml new file mode 100644 index 0000000000..0abcc51497 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cyklodev-wp-notify-e785890064729677b76cdb50e8ed4af9.yaml @@ -0,0 +1,58 @@ +id: cyklodev-wp-notify-e785890064729677b76cdb50e8ed4af9 + +info: + name: > + Cyklodev WP Notify <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f6f8412-f1b1-4566-ad31-f006c19de948?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cyklodev-wp-notify/" + google-query: inurl:"/wp-content/plugins/cyklodev-wp-notify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cyklodev-wp-notify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cyklodev-wp-notify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cyklodev-wp-notify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cyr3lat-dfe9d916adc4339b514e6f246a1ff502.yaml b/nuclei-templates/cve-less/plugins/cyr3lat-dfe9d916adc4339b514e6f246a1ff502.yaml new file mode 100644 index 0000000000..9c2df013a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cyr3lat-dfe9d916adc4339b514e6f246a1ff502.yaml @@ -0,0 +1,58 @@ +id: cyr3lat-dfe9d916adc4339b514e6f246a1ff502 + +info: + name: > + Cyr to Lat <= 3.5 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c29130-1b42-4edd-ad62-6f635e03ae31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cyr3lat/" + google-query: inurl:"/wp-content/plugins/cyr3lat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cyr3lat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cyr3lat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cyr3lat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/cysteme-finder-d8cba654f3eadea699e2d001c5aee33d.yaml b/nuclei-templates/cve-less/plugins/cysteme-finder-d8cba654f3eadea699e2d001c5aee33d.yaml new file mode 100644 index 0000000000..b540a9643f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/cysteme-finder-d8cba654f3eadea699e2d001c5aee33d.yaml @@ -0,0 +1,58 @@ +id: cysteme-finder-d8cba654f3eadea699e2d001c5aee33d + +info: + name: > + CYSTEME Finder <= 1.3 - Arbitrary File Upload/Read + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c3fe714-94c9-47ea-b073-a082e4713977?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/cysteme-finder/" + google-query: inurl:"/wp-content/plugins/cysteme-finder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,cysteme-finder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/cysteme-finder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cysteme-finder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/d-bargain-416f60ea7c83625605d6748aec7fe39d.yaml b/nuclei-templates/cve-less/plugins/d-bargain-416f60ea7c83625605d6748aec7fe39d.yaml new file mode 100644 index 0000000000..090bdec510 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/d-bargain-416f60ea7c83625605d6748aec7fe39d.yaml @@ -0,0 +1,58 @@ +id: d-bargain-416f60ea7c83625605d6748aec7fe39d + +info: + name: > + DBargain <= 3.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3ab817c-3677-4251-adaf-f340bf4c5336?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/d-bargain/" + google-query: inurl:"/wp-content/plugins/d-bargain/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,d-bargain,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/d-bargain/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "d-bargain" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/daext-autolinks-manager-5325e87d52794ad590ce110a225276ac.yaml b/nuclei-templates/cve-less/plugins/daext-autolinks-manager-5325e87d52794ad590ce110a225276ac.yaml new file mode 100644 index 0000000000..18f9cc2601 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/daext-autolinks-manager-5325e87d52794ad590ce110a225276ac.yaml @@ -0,0 +1,58 @@ +id: daext-autolinks-manager-5325e87d52794ad590ce110a225276ac + +info: + name: > + Autolinks Manager <= 1.10.04 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ec5d29e-43e2-4cd3-8164-94b01fab4d64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/daext-autolinks-manager/" + google-query: inurl:"/wp-content/plugins/daext-autolinks-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,daext-autolinks-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/daext-autolinks-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "daext-autolinks-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.04') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/daggerhart-openid-connect-generic-203fbe5cb049e55d1de84283cabe5bc1.yaml b/nuclei-templates/cve-less/plugins/daggerhart-openid-connect-generic-203fbe5cb049e55d1de84283cabe5bc1.yaml new file mode 100644 index 0000000000..e6ccc92904 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/daggerhart-openid-connect-generic-203fbe5cb049e55d1de84283cabe5bc1.yaml @@ -0,0 +1,58 @@ +id: daggerhart-openid-connect-generic-203fbe5cb049e55d1de84283cabe5bc1 + +info: + name: > + OpenID Connect Generic Client 3.8.0-3.8.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2f94d61-a3ec-4e25-bbd0-651b553b9c7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/daggerhart-openid-connect-generic/" + google-query: inurl:"/wp-content/plugins/daggerhart-openid-connect-generic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,daggerhart-openid-connect-generic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/daggerhart-openid-connect-generic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "daggerhart-openid-connect-generic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.8.0', '< 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-1924e010841990f8a5472d7ce0d4475a.yaml b/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-1924e010841990f8a5472d7ce0d4475a.yaml new file mode 100644 index 0000000000..49028ee69c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-1924e010841990f8a5472d7ce0d4475a.yaml @@ -0,0 +1,58 @@ +id: daily-prayer-time-for-mosques-1924e010841990f8a5472d7ce0d4475a + +info: + name: > + Daily Prayer Time <= 2021.08.09 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d62d0971-c4bc-40f7-80b4-a3d54ce4f3ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/daily-prayer-time-for-mosques/" + google-query: inurl:"/wp-content/plugins/daily-prayer-time-for-mosques/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,daily-prayer-time-for-mosques,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/daily-prayer-time-for-mosques/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "daily-prayer-time-for-mosques" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2021.08.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-1c709780f30cba2883c1f114a8ebe301.yaml b/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-1c709780f30cba2883c1f114a8ebe301.yaml new file mode 100644 index 0000000000..0c18f503db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-1c709780f30cba2883c1f114a8ebe301.yaml @@ -0,0 +1,58 @@ +id: daily-prayer-time-for-mosques-1c709780f30cba2883c1f114a8ebe301 + +info: + name: > + Daily Prayer Time <= 2023.10.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0ccd265-2e64-4b23-a032-aaeb9941df34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/daily-prayer-time-for-mosques/" + google-query: inurl:"/wp-content/plugins/daily-prayer-time-for-mosques/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,daily-prayer-time-for-mosques,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/daily-prayer-time-for-mosques/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "daily-prayer-time-for-mosques" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2023.10.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-2af4f586d3d7a602ecd50af91c2499d1.yaml b/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-2af4f586d3d7a602ecd50af91c2499d1.yaml new file mode 100644 index 0000000000..afbff1dd51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-2af4f586d3d7a602ecd50af91c2499d1.yaml @@ -0,0 +1,58 @@ +id: daily-prayer-time-for-mosques-2af4f586d3d7a602ecd50af91c2499d1 + +info: + name: > + Daily Prayer Time <= 2023.03.08 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9060bb2a-b9d9-466d-bb8d-14173a51d145?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/daily-prayer-time-for-mosques/" + google-query: inurl:"/wp-content/plugins/daily-prayer-time-for-mosques/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,daily-prayer-time-for-mosques,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/daily-prayer-time-for-mosques/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "daily-prayer-time-for-mosques" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2023.03.08') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-3824f011eab5214f502db246222a2a64.yaml b/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-3824f011eab5214f502db246222a2a64.yaml new file mode 100644 index 0000000000..f651be0e56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-3824f011eab5214f502db246222a2a64.yaml @@ -0,0 +1,58 @@ +id: daily-prayer-time-for-mosques-3824f011eab5214f502db246222a2a64 + +info: + name: > + Daily Prayer Time <= 2023.03.20 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95691873-a16a-4e41-9456-41fa07efd6ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/daily-prayer-time-for-mosques/" + google-query: inurl:"/wp-content/plugins/daily-prayer-time-for-mosques/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,daily-prayer-time-for-mosques,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/daily-prayer-time-for-mosques/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "daily-prayer-time-for-mosques" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2023.03.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-efb19c791feda5e8b127998d60bcf234.yaml b/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-efb19c791feda5e8b127998d60bcf234.yaml new file mode 100644 index 0000000000..8b9a321089 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/daily-prayer-time-for-mosques-efb19c791feda5e8b127998d60bcf234.yaml @@ -0,0 +1,58 @@ +id: daily-prayer-time-for-mosques-efb19c791feda5e8b127998d60bcf234 + +info: + name: > + Daily Prayer Time < 2022.03.01 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab46b494-e7c5-42fd-9906-2a7a529e2794?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/daily-prayer-time-for-mosques/" + google-query: inurl:"/wp-content/plugins/daily-prayer-time-for-mosques/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,daily-prayer-time-for-mosques,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/daily-prayer-time-for-mosques/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "daily-prayer-time-for-mosques" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2022.03.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dandyid-services-9018d0e2961530505f24475e2d5e362f.yaml b/nuclei-templates/cve-less/plugins/dandyid-services-9018d0e2961530505f24475e2d5e362f.yaml new file mode 100644 index 0000000000..56c5bb91ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dandyid-services-9018d0e2961530505f24475e2d5e362f.yaml @@ -0,0 +1,58 @@ +id: dandyid-services-9018d0e2961530505f24475e2d5e362f + +info: + name: > + DandyID Services <= 1.5.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd1c1c0-0eb4-430d-a65b-9bf30a7dd52a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dandyid-services/" + google-query: inurl:"/wp-content/plugins/dandyid-services/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dandyid-services,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dandyid-services/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dandyid-services" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dans-gcal-1c6832c32d7ec7d1a800137a443af3a0.yaml b/nuclei-templates/cve-less/plugins/dans-gcal-1c6832c32d7ec7d1a800137a443af3a0.yaml new file mode 100644 index 0000000000..72736b346c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dans-gcal-1c6832c32d7ec7d1a800137a443af3a0.yaml @@ -0,0 +1,58 @@ +id: dans-gcal-1c6832c32d7ec7d1a800137a443af3a0 + +info: + name: > + Dan's Embedder for Google Calendar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbca88e0-1563-43cb-adf4-4f89856a07d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dans-gcal/" + google-query: inurl:"/wp-content/plugins/dans-gcal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dans-gcal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dans-gcal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dans-gcal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dark-mode-1955d2bf9e3369181a1e0d457e568aab.yaml b/nuclei-templates/cve-less/plugins/dark-mode-1955d2bf9e3369181a1e0d457e568aab.yaml new file mode 100644 index 0000000000..03e121a931 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dark-mode-1955d2bf9e3369181a1e0d457e568aab.yaml @@ -0,0 +1,58 @@ +id: dark-mode-1955d2bf9e3369181a1e0d457e568aab + +info: + name: > + WP Markdown Editor (Formerly Dark Mode) < 1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52af7568-061d-4352-b85c-11f9829bc8a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dark-mode/" + google-query: inurl:"/wp-content/plugins/dark-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dark-mode,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dark-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dark-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dark-mode-854c79af36aba0da3346494de4eaf39a.yaml b/nuclei-templates/cve-less/plugins/dark-mode-854c79af36aba0da3346494de4eaf39a.yaml new file mode 100644 index 0000000000..aef06e0a84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dark-mode-854c79af36aba0da3346494de4eaf39a.yaml @@ -0,0 +1,58 @@ +id: dark-mode-854c79af36aba0da3346494de4eaf39a + +info: + name: > + WP Markdown Editor (Formerly Dark Mode) < 1.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6830f98b-21f8-4089-9091-1dcd31697425?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dark-mode/" + google-query: inurl:"/wp-content/plugins/dark-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dark-mode,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dark-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dark-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..ef2e9441d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dark-mode/" + google-query: inurl:"/wp-content/plugins/dark-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dark-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dark-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dark-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/darklup-lite-wp-dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/darklup-lite-wp-dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..4d15aa3b75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/darklup-lite-wp-dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: darklup-lite-wp-dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/darklup-lite-wp-dark-mode/" + google-query: inurl:"/wp-content/plugins/darklup-lite-wp-dark-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,darklup-lite-wp-dark-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/darklup-lite-wp-dark-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "darklup-lite-wp-dark-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dashboard-to-do-list-59a2c5c80739fa0eba22f8a13d17e144.yaml b/nuclei-templates/cve-less/plugins/dashboard-to-do-list-59a2c5c80739fa0eba22f8a13d17e144.yaml new file mode 100644 index 0000000000..36c024f7f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dashboard-to-do-list-59a2c5c80739fa0eba22f8a13d17e144.yaml @@ -0,0 +1,58 @@ +id: dashboard-to-do-list-59a2c5c80739fa0eba22f8a13d17e144 + +info: + name: > + Dashboard To-Do List <= 1.3.1 - Cross-Site Request Forgery via ardtdw_widgetupdate() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbc8cc43-8509-44e5-bd16-367eca02c24e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dashboard-to-do-list/" + google-query: inurl:"/wp-content/plugins/dashboard-to-do-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dashboard-to-do-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dashboard-to-do-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dashboard-to-do-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dashboard-welcome-for-elementor-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/dashboard-welcome-for-elementor-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..2456dd7620 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dashboard-welcome-for-elementor-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: dashboard-welcome-for-elementor-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dashboard-welcome-for-elementor/" + google-query: inurl:"/wp-content/plugins/dashboard-welcome-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dashboard-welcome-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dashboard-welcome-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dashboard-welcome-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dashboard-welcome-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/dashboard-welcome-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..b2418b72ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dashboard-welcome-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: dashboard-welcome-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dashboard-welcome-for-elementor/" + google-query: inurl:"/wp-content/plugins/dashboard-welcome-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dashboard-welcome-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dashboard-welcome-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dashboard-welcome-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dashboard-widgets-suite-2f94c3f833650d494dcd027c8f5b2a1d.yaml b/nuclei-templates/cve-less/plugins/dashboard-widgets-suite-2f94c3f833650d494dcd027c8f5b2a1d.yaml new file mode 100644 index 0000000000..27fb3f33a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dashboard-widgets-suite-2f94c3f833650d494dcd027c8f5b2a1d.yaml @@ -0,0 +1,58 @@ +id: dashboard-widgets-suite-2f94c3f833650d494dcd027c8f5b2a1d + +info: + name: > + Dashboard Widgets Suite <= 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/503a44ed-25c2-4178-aeec-756c5b533e04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dashboard-widgets-suite/" + google-query: inurl:"/wp-content/plugins/dashboard-widgets-suite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dashboard-widgets-suite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dashboard-widgets-suite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dashboard-widgets-suite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dashboard-widgets-suite-669f088fb31a1c784e368a7e51016243.yaml b/nuclei-templates/cve-less/plugins/dashboard-widgets-suite-669f088fb31a1c784e368a7e51016243.yaml new file mode 100644 index 0000000000..4b471d258b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dashboard-widgets-suite-669f088fb31a1c784e368a7e51016243.yaml @@ -0,0 +1,58 @@ +id: dashboard-widgets-suite-669f088fb31a1c784e368a7e51016243 + +info: + name: > + Dashboard Widgets Suite <= 3.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cba77ced-412e-4461-8d2a-980371c78a17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dashboard-widgets-suite/" + google-query: inurl:"/wp-content/plugins/dashboard-widgets-suite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dashboard-widgets-suite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dashboard-widgets-suite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dashboard-widgets-suite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dashicons-cpt-38a12cf4a56d072e88962074fdeb9b47.yaml b/nuclei-templates/cve-less/plugins/dashicons-cpt-38a12cf4a56d072e88962074fdeb9b47.yaml new file mode 100644 index 0000000000..2cab66e793 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dashicons-cpt-38a12cf4a56d072e88962074fdeb9b47.yaml @@ -0,0 +1,58 @@ +id: dashicons-cpt-38a12cf4a56d072e88962074fdeb9b47 + +info: + name: > + Dashicons + Custom Post Types <= 1.0.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22d58028-a12c-4d72-b275-ba37a58dc10d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dashicons-cpt/" + google-query: inurl:"/wp-content/plugins/dashicons-cpt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dashicons-cpt,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dashicons-cpt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dashicons-cpt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-384cfba7d4e3422564ffd94f08c53230.yaml b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-384cfba7d4e3422564ffd94f08c53230.yaml new file mode 100644 index 0000000000..992619cba2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-384cfba7d4e3422564ffd94f08c53230.yaml @@ -0,0 +1,58 @@ +id: data-tables-generator-by-supsystic-384cfba7d4e3422564ffd94f08c53230 + +info: + name: > + Data Tables Generator by Supsystic <= 1.9.91 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/406857f1-6bd6-4888-b5c5-d2c8be1b8ef9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/data-tables-generator-by-supsystic/" + google-query: inurl:"/wp-content/plugins/data-tables-generator-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/data-tables-generator-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "data-tables-generator-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.91') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-3ca2d0288841fb102eec504b49f4dc79.yaml b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-3ca2d0288841fb102eec504b49f4dc79.yaml new file mode 100644 index 0000000000..1fb0df3419 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-3ca2d0288841fb102eec504b49f4dc79.yaml @@ -0,0 +1,58 @@ +id: data-tables-generator-by-supsystic-3ca2d0288841fb102eec504b49f4dc79 + +info: + name: > + Data Tables Generator by Supsystic <= 1.9.91 - Missing Authorization on AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56f9d46f-5c21-4e8e-8e77-c96c4a0562d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/data-tables-generator-by-supsystic/" + google-query: inurl:"/wp-content/plugins/data-tables-generator-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/data-tables-generator-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "data-tables-generator-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.91') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-7bb51482172811e3c51edf370ad2cde3.yaml b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-7bb51482172811e3c51edf370ad2cde3.yaml new file mode 100644 index 0000000000..5aa8184d0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-7bb51482172811e3c51edf370ad2cde3.yaml @@ -0,0 +1,58 @@ +id: data-tables-generator-by-supsystic-7bb51482172811e3c51edf370ad2cde3 + +info: + name: > + Data Tables Generator By Supsystic <= 1.10.19 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c788d06-6a80-4e34-92bb-b87f21916810?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/data-tables-generator-by-supsystic/" + google-query: inurl:"/wp-content/plugins/data-tables-generator-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/data-tables-generator-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "data-tables-generator-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-c639be60406ab3b6aefe17af97aa1a3c.yaml b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-c639be60406ab3b6aefe17af97aa1a3c.yaml new file mode 100644 index 0000000000..e34aaed059 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-c639be60406ab3b6aefe17af97aa1a3c.yaml @@ -0,0 +1,58 @@ +id: data-tables-generator-by-supsystic-c639be60406ab3b6aefe17af97aa1a3c + +info: + name: > + Data Tables Generator by Supsystic <= 1.10.31 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c61b3a7-25a9-4890-a294-378883ebe11d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/data-tables-generator-by-supsystic/" + google-query: inurl:"/wp-content/plugins/data-tables-generator-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/data-tables-generator-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "data-tables-generator-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-c974ccf1587cec2eccea9add62a9571f.yaml b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-c974ccf1587cec2eccea9add62a9571f.yaml new file mode 100644 index 0000000000..07c517defb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/data-tables-generator-by-supsystic-c974ccf1587cec2eccea9add62a9571f.yaml @@ -0,0 +1,58 @@ +id: data-tables-generator-by-supsystic-c974ccf1587cec2eccea9add62a9571f + +info: + name: > + Data Tables Generator by Supsystic <= 1.10.25 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae98e3bd-f663-4609-92ed-ed0431047d85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/data-tables-generator-by-supsystic/" + google-query: inurl:"/wp-content/plugins/data-tables-generator-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,data-tables-generator-by-supsystic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/data-tables-generator-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "data-tables-generator-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/database-backups-e75e8a53a3e5f421e8dff4ebc1472f1b.yaml b/nuclei-templates/cve-less/plugins/database-backups-e75e8a53a3e5f421e8dff4ebc1472f1b.yaml new file mode 100644 index 0000000000..2859470079 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/database-backups-e75e8a53a3e5f421e8dff4ebc1472f1b.yaml @@ -0,0 +1,58 @@ +id: database-backups-e75e8a53a3e5f421e8dff4ebc1472f1b + +info: + name: > + Database Backups <= 1.2.2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0cae039-e112-48b4-8e8b-f617108601df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/database-backups/" + google-query: inurl:"/wp-content/plugins/database-backups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,database-backups,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/database-backups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "database-backups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/database-cleaner-8497dd1697d238f17e5ca2e374ee6979.yaml b/nuclei-templates/cve-less/plugins/database-cleaner-8497dd1697d238f17e5ca2e374ee6979.yaml new file mode 100644 index 0000000000..666a00c145 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/database-cleaner-8497dd1697d238f17e5ca2e374ee6979.yaml @@ -0,0 +1,58 @@ +id: database-cleaner-8497dd1697d238f17e5ca2e374ee6979 + +info: + name: > + Database Cleaner <= 0.9.8 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4031f857-9712-4f4a-93e8-0b01f9a9c32d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/database-cleaner/" + google-query: inurl:"/wp-content/plugins/database-cleaner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,database-cleaner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/database-cleaner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "database-cleaner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/database-collation-fix-fcc1a4da03b48b602844cc8edd8898d5.yaml b/nuclei-templates/cve-less/plugins/database-collation-fix-fcc1a4da03b48b602844cc8edd8898d5.yaml new file mode 100644 index 0000000000..b4b843a523 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/database-collation-fix-fcc1a4da03b48b602844cc8edd8898d5.yaml @@ -0,0 +1,58 @@ +id: database-collation-fix-fcc1a4da03b48b602844cc8edd8898d5 + +info: + name: > + Database Collation Fix <= 1.2.7 - Cross-Site Request Forgery via admin_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31612b4b-a75f-4fa4-831b-43f62a8d5fad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/database-collation-fix/" + google-query: inurl:"/wp-content/plugins/database-collation-fix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,database-collation-fix,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/database-collation-fix/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "database-collation-fix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/database-for-cf7-95d14048da02f26059f2e07a39b028ec.yaml b/nuclei-templates/cve-less/plugins/database-for-cf7-95d14048da02f26059f2e07a39b028ec.yaml new file mode 100644 index 0000000000..bf7cf16c12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/database-for-cf7-95d14048da02f26059f2e07a39b028ec.yaml @@ -0,0 +1,58 @@ +id: database-for-cf7-95d14048da02f26059f2e07a39b028ec + +info: + name: > + Database for CF7 <= 1.2.4 - Missing Authorization via wpcf7db_delete AJAX action + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fcaab95-7940-45f9-a3c2-c3b0dc540b61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/database-for-cf7/" + google-query: inurl:"/wp-content/plugins/database-for-cf7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,database-for-cf7,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/database-for-cf7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "database-for-cf7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/database-peek-f5177dce5f851a784de6243f1a4812de.yaml b/nuclei-templates/cve-less/plugins/database-peek-f5177dce5f851a784de6243f1a4812de.yaml new file mode 100644 index 0000000000..aeb91fea1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/database-peek-f5177dce5f851a784de6243f1a4812de.yaml @@ -0,0 +1,58 @@ +id: database-peek-f5177dce5f851a784de6243f1a4812de + +info: + name: > + Database Peek <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/205d639c-6fc9-425c-b7ec-89217e02a028?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/database-peek/" + google-query: inurl:"/wp-content/plugins/database-peek/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,database-peek,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/database-peek/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "database-peek" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/daves-wordpress-live-search-00d2f835919a4763491bb6e0afc99ba1.yaml b/nuclei-templates/cve-less/plugins/daves-wordpress-live-search-00d2f835919a4763491bb6e0afc99ba1.yaml new file mode 100644 index 0000000000..6fe0560e90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/daves-wordpress-live-search-00d2f835919a4763491bb6e0afc99ba1.yaml @@ -0,0 +1,58 @@ +id: daves-wordpress-live-search-00d2f835919a4763491bb6e0afc99ba1 + +info: + name: > + Dave's WordPress Live Search <= 4.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/046ecbe5-4b2f-40d3-8585-4d4230ba33f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/daves-wordpress-live-search/" + google-query: inurl:"/wp-content/plugins/daves-wordpress-live-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,daves-wordpress-live-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/daves-wordpress-live-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "daves-wordpress-live-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dazzlersoft-teams-a68d2dddb296088b38bf42abce9933d3.yaml b/nuclei-templates/cve-less/plugins/dazzlersoft-teams-a68d2dddb296088b38bf42abce9933d3.yaml new file mode 100644 index 0000000000..7ed08c2cff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dazzlersoft-teams-a68d2dddb296088b38bf42abce9933d3.yaml @@ -0,0 +1,58 @@ +id: dazzlersoft-teams-a68d2dddb296088b38bf42abce9933d3 + +info: + name: > + Team Members Showcase <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad88c661-601c-411f-9495-2c3b8a568c6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dazzlersoft-teams/" + google-query: inurl:"/wp-content/plugins/dazzlersoft-teams/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dazzlersoft-teams,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dazzlersoft-teams/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dazzlersoft-teams" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/db-backup-3d0fd8af5f0a8aec16cd6e87b25d281e.yaml b/nuclei-templates/cve-less/plugins/db-backup-3d0fd8af5f0a8aec16cd6e87b25d281e.yaml new file mode 100644 index 0000000000..7ba28ca081 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/db-backup-3d0fd8af5f0a8aec16cd6e87b25d281e.yaml @@ -0,0 +1,58 @@ +id: db-backup-3d0fd8af5f0a8aec16cd6e87b25d281e + +info: + name: > + DB Backup < 5.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faaade72-35d9-4597-812b-758fa2641472?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/db-backup/" + google-query: inurl:"/wp-content/plugins/db-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,db-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/db-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "db-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dbox-slider-lite-801a0dacfdb031773ac30c73693f41e6.yaml b/nuclei-templates/cve-less/plugins/dbox-slider-lite-801a0dacfdb031773ac30c73693f41e6.yaml new file mode 100644 index 0000000000..4408dcde53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dbox-slider-lite-801a0dacfdb031773ac30c73693f41e6.yaml @@ -0,0 +1,58 @@ +id: dbox-slider-lite-801a0dacfdb031773ac30c73693f41e6 + +info: + name: > + Dbox 3D Slider Lite <= 1.2.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb3aa518-ef12-4168-a524-ad36397f67cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dbox-slider-lite/" + google-query: inurl:"/wp-content/plugins/dbox-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dbox-slider-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dbox-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dbox-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-050701771ca0e37751fe39d80669e4d1.yaml b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-050701771ca0e37751fe39d80669e4d1.yaml new file mode 100644 index 0000000000..98b77caede --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-050701771ca0e37751fe39d80669e4d1.yaml @@ -0,0 +1,58 @@ +id: dc-woocommerce-multi-vendor-050701771ca0e37751fe39d80669e4d1 + +info: + name: > + WC Marketplace <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b42ba6a-b618-4633-9372-879c3253a956?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/" + google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dc-woocommerce-multi-vendor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dc-woocommerce-multi-vendor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-0cabe3cbdd9087635cb4a8e92f2b6354.yaml b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-0cabe3cbdd9087635cb4a8e92f2b6354.yaml new file mode 100644 index 0000000000..f3b8232cdf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-0cabe3cbdd9087635cb4a8e92f2b6354.yaml @@ -0,0 +1,58 @@ +id: dc-woocommerce-multi-vendor-0cabe3cbdd9087635cb4a8e92f2b6354 + +info: + name: > + Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Multiple Unprotected AJAX Actions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61bd2f32-23a2-4dfe-90f3-81d597b97592?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/" + google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dc-woocommerce-multi-vendor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dc-woocommerce-multi-vendor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.11.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-115f84062be09f43cd6446e8e537d648.yaml b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-115f84062be09f43cd6446e8e537d648.yaml new file mode 100644 index 0000000000..3a623b98ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-115f84062be09f43cd6446e8e537d648.yaml @@ -0,0 +1,58 @@ +id: dc-woocommerce-multi-vendor-115f84062be09f43cd6446e8e537d648 + +info: + name: > + MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c3d9fa7-8ea2-4213-8b28-2ca9191a8223?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/" + google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dc-woocommerce-multi-vendor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dc-woocommerce-multi-vendor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-3813d137aafb06301157470b18da5221.yaml b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-3813d137aafb06301157470b18da5221.yaml new file mode 100644 index 0000000000..2c544994d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-3813d137aafb06301157470b18da5221.yaml @@ -0,0 +1,58 @@ +id: dc-woocommerce-multi-vendor-3813d137aafb06301157470b18da5221 + +info: + name: > + WC Marketplace <= 4.0.23 - Missing Authorization via mvx_save_dashpages + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cdc0096-8e21-4b82-b9d0-961f48907a09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/" + google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dc-woocommerce-multi-vendor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dc-woocommerce-multi-vendor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-d57f8fd6151dd1d65a65a746b8a04b7a.yaml b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-d57f8fd6151dd1d65a65a746b8a04b7a.yaml new file mode 100644 index 0000000000..7d20fd574f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-d57f8fd6151dd1d65a65a746b8a04b7a.yaml @@ -0,0 +1,58 @@ +id: dc-woocommerce-multi-vendor-d57f8fd6151dd1d65a65a746b8a04b7a + +info: + name: > + WC Marketplace <= 4.1.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9049ac31-b79a-4872-a522-2930fb1dfea6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/" + google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dc-woocommerce-multi-vendor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dc-woocommerce-multi-vendor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-df1e63906c41c42e055b484618d26045.yaml b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-df1e63906c41c42e055b484618d26045.yaml new file mode 100644 index 0000000000..0d4ba0b629 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-df1e63906c41c42e055b484618d26045.yaml @@ -0,0 +1,58 @@ +id: dc-woocommerce-multi-vendor-df1e63906c41c42e055b484618d26045 + +info: + name: > + MultiVendorX Marketplace <= 4.1.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26e07115-efee-4db5-ba24-25a063286e90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/" + google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dc-woocommerce-multi-vendor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dc-woocommerce-multi-vendor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-fb02750d498a9fe091fa40a841ae2cde.yaml b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-fb02750d498a9fe091fa40a841ae2cde.yaml new file mode 100644 index 0000000000..b892a5808e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dc-woocommerce-multi-vendor-fb02750d498a9fe091fa40a841ae2cde.yaml @@ -0,0 +1,58 @@ +id: dc-woocommerce-multi-vendor-fb02750d498a9fe091fa40a841ae2cde + +info: + name: > + Multivendor Marketplace Solution for WooCommerce – WC Marketplace <= 3.8.11.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f42c8a0-2dbc-4902-83e4-d9d9ea441e1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dc-woocommerce-multi-vendor/" + google-query: inurl:"/wp-content/plugins/dc-woocommerce-multi-vendor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dc-woocommerce-multi-vendor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dc-woocommerce-multi-vendor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dc-woocommerce-multi-vendor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.11.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dd-post-carousel-90dc0d96ef7711389c28489eadab8c4d.yaml b/nuclei-templates/cve-less/plugins/dd-post-carousel-90dc0d96ef7711389c28489eadab8c4d.yaml new file mode 100644 index 0000000000..0b6def6258 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dd-post-carousel-90dc0d96ef7711389c28489eadab8c4d.yaml @@ -0,0 +1,58 @@ +id: dd-post-carousel-90dc0d96ef7711389c28489eadab8c4d + +info: + name: > + Custom Post Carousels with Owl <= 1.4.6 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a89f795d-246d-4a3c-a7a7-5c9867d7a01e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dd-post-carousel/" + google-query: inurl:"/wp-content/plugins/dd-post-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dd-post-carousel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dd-post-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dd-post-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dd-rating-ab9e9f7a6a475ad09ac9f13cde54db19.yaml b/nuclei-templates/cve-less/plugins/dd-rating-ab9e9f7a6a475ad09ac9f13cde54db19.yaml new file mode 100644 index 0000000000..1fab61195b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dd-rating-ab9e9f7a6a475ad09ac9f13cde54db19.yaml @@ -0,0 +1,58 @@ +id: dd-rating-ab9e9f7a6a475ad09ac9f13cde54db19 + +info: + name: > + DD Rating <= 1.7.1 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad62fd9b-fbd5-4e3d-b910-29143c6813b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dd-rating/" + google-query: inurl:"/wp-content/plugins/dd-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dd-rating,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dd-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dd-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dearpdf-lite-68faa1f3e16f9348cbcda9eee2cb1dfc.yaml b/nuclei-templates/cve-less/plugins/dearpdf-lite-68faa1f3e16f9348cbcda9eee2cb1dfc.yaml new file mode 100644 index 0000000000..1571587868 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dearpdf-lite-68faa1f3e16f9348cbcda9eee2cb1dfc.yaml @@ -0,0 +1,58 @@ +id: dearpdf-lite-68faa1f3e16f9348cbcda9eee2cb1dfc + +info: + name: > + PDF Viewer & 3D PDF Flipbook – DearPDF <= 2.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/317b2035-e5c7-47a9-a76c-11157127b6c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dearpdf-lite/" + google-query: inurl:"/wp-content/plugins/dearpdf-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dearpdf-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dearpdf-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dearpdf-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.38') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dearpdf-lite-6fd235aefa59090c5fd7d5db3ca17c7f.yaml b/nuclei-templates/cve-less/plugins/dearpdf-lite-6fd235aefa59090c5fd7d5db3ca17c7f.yaml new file mode 100644 index 0000000000..048feafe60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dearpdf-lite-6fd235aefa59090c5fd7d5db3ca17c7f.yaml @@ -0,0 +1,58 @@ +id: dearpdf-lite-6fd235aefa59090c5fd7d5db3ca17c7f + +info: + name: > + PDF Viewer & 3D PDF Flipbook – DearPDF <= 2.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b9aa41e-34bf-4bfb-a341-e101e3771f7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dearpdf-lite/" + google-query: inurl:"/wp-content/plugins/dearpdf-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dearpdf-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dearpdf-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dearpdf-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.38') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/debug-assistant-7341f9a401e387eb541b7f0ce957b3d9.yaml b/nuclei-templates/cve-less/plugins/debug-assistant-7341f9a401e387eb541b7f0ce957b3d9.yaml new file mode 100644 index 0000000000..4a3fbf6207 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/debug-assistant-7341f9a401e387eb541b7f0ce957b3d9.yaml @@ -0,0 +1,58 @@ +id: debug-assistant-7341f9a401e387eb541b7f0ce957b3d9 + +info: + name: > + Debug Assistant <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4421782-8a7a-4bca-8c5a-7152dfafe902?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/debug-assistant/" + google-query: inurl:"/wp-content/plugins/debug-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,debug-assistant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debug-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debug-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/debug-assistant-c4cb405587c7aac808cc9a0330f4a287.yaml b/nuclei-templates/cve-less/plugins/debug-assistant-c4cb405587c7aac808cc9a0330f4a287.yaml new file mode 100644 index 0000000000..e38c6a6fa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/debug-assistant-c4cb405587c7aac808cc9a0330f4a287.yaml @@ -0,0 +1,58 @@ +id: debug-assistant-c4cb405587c7aac808cc9a0330f4a287 + +info: + name: > + Debug Assistant <= 1.4 - Cross-Site Request Forgery via imlt_create_admin + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/429ce9e6-e51b-4f1e-8e26-f679b08d68d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/debug-assistant/" + google-query: inurl:"/wp-content/plugins/debug-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,debug-assistant,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debug-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debug-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/debug-bar-9f879610fe035743b89a5d4d742c5ccf.yaml b/nuclei-templates/cve-less/plugins/debug-bar-9f879610fe035743b89a5d4d742c5ccf.yaml new file mode 100644 index 0000000000..12c9d69d5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/debug-bar-9f879610fe035743b89a5d4d742c5ccf.yaml @@ -0,0 +1,58 @@ +id: debug-bar-9f879610fe035743b89a5d4d742c5ccf + +info: + name: > + Debug Bar <= 0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af71ca13-781d-49ca-948c-03d52d91d11b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/debug-bar/" + google-query: inurl:"/wp-content/plugins/debug-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,debug-bar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debug-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debug-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/debug-d2a83c1dca589216a7517243ae0b440b.yaml b/nuclei-templates/cve-less/plugins/debug-d2a83c1dca589216a7517243ae0b440b.yaml new file mode 100644 index 0000000000..90dae129f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/debug-d2a83c1dca589216a7517243ae0b440b.yaml @@ -0,0 +1,58 @@ +id: debug-d2a83c1dca589216a7517243ae0b440b + +info: + name: > + Debug <= 1.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa7276bb-6a9b-4cbd-8333-14c4dfac4108?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/debug/" + google-query: inurl:"/wp-content/plugins/debug/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,debug,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/debug-log-manager-5aedf0ec7cb5703a0c4feb9fa97466c2.yaml b/nuclei-templates/cve-less/plugins/debug-log-manager-5aedf0ec7cb5703a0c4feb9fa97466c2.yaml new file mode 100644 index 0000000000..3a4209d923 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/debug-log-manager-5aedf0ec7cb5703a0c4feb9fa97466c2.yaml @@ -0,0 +1,58 @@ +id: debug-log-manager-5aedf0ec7cb5703a0c4feb9fa97466c2 + +info: + name: > + Debug Log Manager <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16d1eb4a-c68a-43b9-a514-d8751687709a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/debug-log-manager/" + google-query: inurl:"/wp-content/plugins/debug-log-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,debug-log-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debug-log-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debug-log-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/debug-log-manager-815fdb5c2ecc295dab6e7b3bac455dda.yaml b/nuclei-templates/cve-less/plugins/debug-log-manager-815fdb5c2ecc295dab6e7b3bac455dda.yaml new file mode 100644 index 0000000000..4628ebc6bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/debug-log-manager-815fdb5c2ecc295dab6e7b3bac455dda.yaml @@ -0,0 +1,58 @@ +id: debug-log-manager-815fdb5c2ecc295dab6e7b3bac455dda + +info: + name: > + Debug Log Manager <= 2.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e539549-1125-4b0e-aa3c-c8844041c23a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/debug-log-manager/" + google-query: inurl:"/wp-content/plugins/debug-log-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,debug-log-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debug-log-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debug-log-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/debug-log-manager-b42518648b89a6c8b5bea17f9a27b0ef.yaml b/nuclei-templates/cve-less/plugins/debug-log-manager-b42518648b89a6c8b5bea17f9a27b0ef.yaml new file mode 100644 index 0000000000..399f14dc15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/debug-log-manager-b42518648b89a6c8b5bea17f9a27b0ef.yaml @@ -0,0 +1,58 @@ +id: debug-log-manager-b42518648b89a6c8b5bea17f9a27b0ef + +info: + name: > + Debug Log Manager <= 2.3.1 - Missing Authorization via toggle_debugging + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48cb5d7b-afbc-4387-ad32-13d2fcb19061?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/debug-log-manager/" + google-query: inurl:"/wp-content/plugins/debug-log-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,debug-log-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debug-log-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debug-log-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/debug-log-manager-cdec87c9979cc4a76acefcf4b849c659.yaml b/nuclei-templates/cve-less/plugins/debug-log-manager-cdec87c9979cc4a76acefcf4b849c659.yaml new file mode 100644 index 0000000000..030881fe5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/debug-log-manager-cdec87c9979cc4a76acefcf4b849c659.yaml @@ -0,0 +1,58 @@ +id: debug-log-manager-cdec87c9979cc4a76acefcf4b849c659 + +info: + name: > + Debug Log Manager <= 2.2.2 - Directory Listing to Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53dfe8e5-5f13-4c8c-a62e-9da57379da7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/debug-log-manager/" + google-query: inurl:"/wp-content/plugins/debug-log-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,debug-log-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debug-log-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debug-log-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/debug-log-manager-f18de85deaea25c6fbd01540999d6426.yaml b/nuclei-templates/cve-less/plugins/debug-log-manager-f18de85deaea25c6fbd01540999d6426.yaml new file mode 100644 index 0000000000..1b92fba149 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/debug-log-manager-f18de85deaea25c6fbd01540999d6426.yaml @@ -0,0 +1,58 @@ +id: debug-log-manager-f18de85deaea25c6fbd01540999d6426 + +info: + name: > + Debug Log Manager <= 2.2.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33a54cae-0fa3-4c25-bf81-8423f5e01e84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/debug-log-manager/" + google-query: inurl:"/wp-content/plugins/debug-log-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,debug-log-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debug-log-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debug-log-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/debug-meta-data-6ecc3e1b29dcd6c7c18d4d37331ca11a.yaml b/nuclei-templates/cve-less/plugins/debug-meta-data-6ecc3e1b29dcd6c7c18d4d37331ca11a.yaml new file mode 100644 index 0000000000..8b89ad1589 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/debug-meta-data-6ecc3e1b29dcd6c7c18d4d37331ca11a.yaml @@ -0,0 +1,58 @@ +id: debug-meta-data-6ecc3e1b29dcd6c7c18d4d37331ca11a + +info: + name: > + Debug Meta Data <= 1.1.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34c98bb0-2e28-4ed4-8848-04edb66eef96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/debug-meta-data/" + google-query: inurl:"/wp-content/plugins/debug-meta-data/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,debug-meta-data,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/debug-meta-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "debug-meta-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/decalog-2701fe0e6794c06d119a81cdcc54c2d8.yaml b/nuclei-templates/cve-less/plugins/decalog-2701fe0e6794c06d119a81cdcc54c2d8.yaml new file mode 100644 index 0000000000..16c2b00877 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/decalog-2701fe0e6794c06d119a81cdcc54c2d8.yaml @@ -0,0 +1,58 @@ +id: decalog-2701fe0e6794c06d119a81cdcc54c2d8 + +info: + name: > + DecaLog <= 3.9.0 - Authenticated (Admin+) SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c458e6d6-28ba-4465-ace2-5da9e99ca2c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/decalog/" + google-query: inurl:"/wp-content/plugins/decalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,decalog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/decalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "decalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/decalog-4cad88483ff2a2bf5cf9989b8721b221.yaml b/nuclei-templates/cve-less/plugins/decalog-4cad88483ff2a2bf5cf9989b8721b221.yaml new file mode 100644 index 0000000000..772db20414 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/decalog-4cad88483ff2a2bf5cf9989b8721b221.yaml @@ -0,0 +1,58 @@ +id: decalog-4cad88483ff2a2bf5cf9989b8721b221 + +info: + name: > + DecaLog <= 3.7.0 - Cross-Site Request Forgery via get_settings_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5de953ee-8a01-4372-a376-74a4cff674ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/decalog/" + google-query: inurl:"/wp-content/plugins/decalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,decalog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/decalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "decalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/decon-wp-sms-09af6d4d8c4435a3e0935a8eb5df6c7f.yaml b/nuclei-templates/cve-less/plugins/decon-wp-sms-09af6d4d8c4435a3e0935a8eb5df6c7f.yaml new file mode 100644 index 0000000000..623dfe7554 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/decon-wp-sms-09af6d4d8c4435a3e0935a8eb5df6c7f.yaml @@ -0,0 +1,58 @@ +id: decon-wp-sms-09af6d4d8c4435a3e0935a8eb5df6c7f + +info: + name: > + Decon WP SMS <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bd7b0e-aae3-4ac9-b092-3101da441e1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/decon-wp-sms/" + google-query: inurl:"/wp-content/plugins/decon-wp-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,decon-wp-sms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/decon-wp-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "decon-wp-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/decorator-woocommerce-email-customizer-1f3875e7da43782ec8defe59eb7968b1.yaml b/nuclei-templates/cve-less/plugins/decorator-woocommerce-email-customizer-1f3875e7da43782ec8defe59eb7968b1.yaml new file mode 100644 index 0000000000..01d73e2016 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/decorator-woocommerce-email-customizer-1f3875e7da43782ec8defe59eb7968b1.yaml @@ -0,0 +1,58 @@ +id: decorator-woocommerce-email-customizer-1f3875e7da43782ec8defe59eb7968b1 + +info: + name: > + Decorator - WooCommerce Email Customizer <= 1.2.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db664d0a-a58d-4d8b-ae0a-074f32d8710c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/decorator-woocommerce-email-customizer/" + google-query: inurl:"/wp-content/plugins/decorator-woocommerce-email-customizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,decorator-woocommerce-email-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/decorator-woocommerce-email-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "decorator-woocommerce-email-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/defa-online-image-protector-13bfe589bdd47f65243e9b0ade34cdf3.yaml b/nuclei-templates/cve-less/plugins/defa-online-image-protector-13bfe589bdd47f65243e9b0ade34cdf3.yaml new file mode 100644 index 0000000000..f3c155eff0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/defa-online-image-protector-13bfe589bdd47f65243e9b0ade34cdf3.yaml @@ -0,0 +1,58 @@ +id: defa-online-image-protector-13bfe589bdd47f65243e9b0ade34cdf3 + +info: + name: > + Defa Online Image Protector Free Edition <= 3.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8b69e14-1c21-4f52-a1fb-6da34b00b1fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/defa-online-image-protector/" + google-query: inurl:"/wp-content/plugins/defa-online-image-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,defa-online-image-protector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/defa-online-image-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "defa-online-image-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/defender-security-709a1cb6d6df454bb23d66adb846b221.yaml b/nuclei-templates/cve-less/plugins/defender-security-709a1cb6d6df454bb23d66adb846b221.yaml new file mode 100644 index 0000000000..3ef07e5eba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/defender-security-709a1cb6d6df454bb23d66adb846b221.yaml @@ -0,0 +1,58 @@ +id: defender-security-709a1cb6d6df454bb23d66adb846b221 + +info: + name: > + Defender Security <= 4.2.0 - Masked Login Area Security Feature Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66122be6-7c28-44cc-a8dd-7b2ec64346f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/defender-security/" + google-query: inurl:"/wp-content/plugins/defender-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,defender-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/defender-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "defender-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/defender-security-b3243229c8f5a6b1156c39447c936dd3.yaml b/nuclei-templates/cve-less/plugins/defender-security-b3243229c8f5a6b1156c39447c936dd3.yaml new file mode 100644 index 0000000000..4eb49c54b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/defender-security-b3243229c8f5a6b1156c39447c936dd3.yaml @@ -0,0 +1,58 @@ +id: defender-security-b3243229c8f5a6b1156c39447c936dd3 + +info: + name: > + Defender Security <= 3.3.2 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/662ca451-5c69-4973-afc8-5dc1caf57ad7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/defender-security/" + google-query: inurl:"/wp-content/plugins/defender-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,defender-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/defender-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "defender-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/defender-security-c1ef6631b77d67c9c8c86d2d8178a478.yaml b/nuclei-templates/cve-less/plugins/defender-security-c1ef6631b77d67c9c8c86d2d8178a478.yaml new file mode 100644 index 0000000000..d37514102e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/defender-security-c1ef6631b77d67c9c8c86d2d8178a478.yaml @@ -0,0 +1,58 @@ +id: defender-security-c1ef6631b77d67c9c8c86d2d8178a478 + +info: + name: > + Defender Security <= 4.0.2 - Hide Login Page Feature Protection Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08dee232-7373-4da4-9c2c-c3aa52f9b588?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/defender-security/" + google-query: inurl:"/wp-content/plugins/defender-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,defender-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/defender-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "defender-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/defender-security-c321ccd5d4d39fbb513def54b28e9e2a.yaml b/nuclei-templates/cve-less/plugins/defender-security-c321ccd5d4d39fbb513def54b28e9e2a.yaml new file mode 100644 index 0000000000..69fdf37d80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/defender-security-c321ccd5d4d39fbb513def54b28e9e2a.yaml @@ -0,0 +1,58 @@ +id: defender-security-c321ccd5d4d39fbb513def54b28e9e2a + +info: + name: > + Defender Security <= 4.1.0 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94c8979a-db2e-490f-b055-cdf19a48cf73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/defender-security/" + google-query: inurl:"/wp-content/plugins/defender-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,defender-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/defender-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "defender-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/defender-security-d7852421719681a9a67e3d9678703a82.yaml b/nuclei-templates/cve-less/plugins/defender-security-d7852421719681a9a67e3d9678703a82.yaml new file mode 100644 index 0000000000..96e1d18db9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/defender-security-d7852421719681a9a67e3d9678703a82.yaml @@ -0,0 +1,58 @@ +id: defender-security-d7852421719681a9a67e3d9678703a82 + +info: + name: > + Defender Security <= 4.4.1 - IP Address Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e014d8b6-9ce3-40ec-862e-ab5f220f1b6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/defender-security/" + google-query: inurl:"/wp-content/plugins/defender-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,defender-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/defender-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "defender-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/defender-security-ef25625daa30e1c21a7eef5298a77b22.yaml b/nuclei-templates/cve-less/plugins/defender-security-ef25625daa30e1c21a7eef5298a77b22.yaml new file mode 100644 index 0000000000..e037250a4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/defender-security-ef25625daa30e1c21a7eef5298a77b22.yaml @@ -0,0 +1,58 @@ +id: defender-security-ef25625daa30e1c21a7eef5298a77b22 + +info: + name: > + Defender Security <= 2.4.6 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e772fbbe-33d5-46fa-a041-ab07d3f9318f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/defender-security/" + google-query: inurl:"/wp-content/plugins/defender-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,defender-security,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/defender-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "defender-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delete-all-comments-9ba6d95c0360c569d14b9d24ed1b35ed.yaml b/nuclei-templates/cve-less/plugins/delete-all-comments-9ba6d95c0360c569d14b9d24ed1b35ed.yaml new file mode 100644 index 0000000000..013557b1d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delete-all-comments-9ba6d95c0360c569d14b9d24ed1b35ed.yaml @@ -0,0 +1,58 @@ +id: delete-all-comments-9ba6d95c0360c569d14b9d24ed1b35ed + +info: + name: > + Delete All Comments <= 2.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1e98d2d-20b1-4fff-96d4-0fb8e0d2615a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delete-all-comments/" + google-query: inurl:"/wp-content/plugins/delete-all-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delete-all-comments,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delete-all-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delete-all-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delete-all-comments-easily-e054a1d4839545a4a78c6e2e05d738b6.yaml b/nuclei-templates/cve-less/plugins/delete-all-comments-easily-e054a1d4839545a4a78c6e2e05d738b6.yaml new file mode 100644 index 0000000000..33ff992de5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delete-all-comments-easily-e054a1d4839545a4a78c6e2e05d738b6.yaml @@ -0,0 +1,58 @@ +id: delete-all-comments-easily-e054a1d4839545a4a78c6e2e05d738b6 + +info: + name: > + Delete All Comments Easily <= 1.3 - All Comments Deletion via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f562b4c-8934-45fd-b9a4-eeb3a6bcf609?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delete-all-comments-easily/" + google-query: inurl:"/wp-content/plugins/delete-all-comments-easily/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delete-all-comments-easily,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delete-all-comments-easily/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delete-all-comments-easily" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delete-custom-fields-348c099c8d52b86e029274e932206d2d.yaml b/nuclei-templates/cve-less/plugins/delete-custom-fields-348c099c8d52b86e029274e932206d2d.yaml new file mode 100644 index 0000000000..fd01205742 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delete-custom-fields-348c099c8d52b86e029274e932206d2d.yaml @@ -0,0 +1,58 @@ +id: delete-custom-fields-348c099c8d52b86e029274e932206d2d + +info: + name: > + Delete Custom Fields <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c13ba1df-25fa-4cc8-9745-2d6f6168788a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delete-custom-fields/" + google-query: inurl:"/wp-content/plugins/delete-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delete-custom-fields,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delete-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delete-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delete-duplicate-posts-7b26661f47c6a54bac357fc46b5b57fd.yaml b/nuclei-templates/cve-less/plugins/delete-duplicate-posts-7b26661f47c6a54bac357fc46b5b57fd.yaml new file mode 100644 index 0000000000..4301754ca5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delete-duplicate-posts-7b26661f47c6a54bac357fc46b5b57fd.yaml @@ -0,0 +1,58 @@ +id: delete-duplicate-posts-7b26661f47c6a54bac357fc46b5b57fd + +info: + name: > + Delete Duplicate Posts <= 4.8.9 - Missing Authorization via AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f603a25f-7d56-4cf4-89aa-de87ee49522a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delete-duplicate-posts/" + google-query: inurl:"/wp-content/plugins/delete-duplicate-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delete-duplicate-posts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delete-duplicate-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delete-duplicate-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delete-me-da29ae9abf29175dd27fb6efb7642506.yaml b/nuclei-templates/cve-less/plugins/delete-me-da29ae9abf29175dd27fb6efb7642506.yaml new file mode 100644 index 0000000000..6b5d04f15e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delete-me-da29ae9abf29175dd27fb6efb7642506.yaml @@ -0,0 +1,58 @@ +id: delete-me-da29ae9abf29175dd27fb6efb7642506 + +info: + name: > + Delete Me <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a5123a7-8eb4-481e-88fe-6310be37a077?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delete-me/" + google-query: inurl:"/wp-content/plugins/delete-me/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delete-me,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delete-me/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delete-me" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delete-old-orders-7dc8aae42850432c949900f96b92f1dc.yaml b/nuclei-templates/cve-less/plugins/delete-old-orders-7dc8aae42850432c949900f96b92f1dc.yaml new file mode 100644 index 0000000000..4d9c2baca6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delete-old-orders-7dc8aae42850432c949900f96b92f1dc.yaml @@ -0,0 +1,58 @@ +id: delete-old-orders-7dc8aae42850432c949900f96b92f1dc + +info: + name: > + Delete Old Order <= 0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32a24a9d-b902-4a66-83d5-c8e3b8dd7923?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delete-old-orders/" + google-query: inurl:"/wp-content/plugins/delete-old-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delete-old-orders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delete-old-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delete-old-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delete-post-revisions-on-single-click-7898f5c5139842babbcbee2306b1e703.yaml b/nuclei-templates/cve-less/plugins/delete-post-revisions-on-single-click-7898f5c5139842babbcbee2306b1e703.yaml new file mode 100644 index 0000000000..b6913c1a94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delete-post-revisions-on-single-click-7898f5c5139842babbcbee2306b1e703.yaml @@ -0,0 +1,58 @@ +id: delete-post-revisions-on-single-click-7898f5c5139842babbcbee2306b1e703 + +info: + name: > + Delete Post Revisions In WordPress <= 4.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1946a48-c1d6-4ca9-909f-0d4b78c25c36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delete-post-revisions-on-single-click/" + google-query: inurl:"/wp-content/plugins/delete-post-revisions-on-single-click/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delete-post-revisions-on-single-click,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delete-post-revisions-on-single-click/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delete-post-revisions-on-single-click" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delete-usermetas-12a6d01f8c93264a681f271c8f676a9a.yaml b/nuclei-templates/cve-less/plugins/delete-usermetas-12a6d01f8c93264a681f271c8f676a9a.yaml new file mode 100644 index 0000000000..1c478709a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delete-usermetas-12a6d01f8c93264a681f271c8f676a9a.yaml @@ -0,0 +1,58 @@ +id: delete-usermetas-12a6d01f8c93264a681f271c8f676a9a + +info: + name: > + Delete Usermetas <= 1.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23b46e5b-ce1e-4215-921c-edea7fd6c56a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delete-usermetas/" + google-query: inurl:"/wp-content/plugins/delete-usermetas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delete-usermetas,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delete-usermetas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delete-usermetas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delhivery-logistics-courier-c21b3a23e799a524e3a35bb5025290a6.yaml b/nuclei-templates/cve-less/plugins/delhivery-logistics-courier-c21b3a23e799a524e3a35bb5025290a6.yaml new file mode 100644 index 0000000000..27c5b06187 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delhivery-logistics-courier-c21b3a23e799a524e3a35bb5025290a6.yaml @@ -0,0 +1,58 @@ +id: delhivery-logistics-courier-c21b3a23e799a524e3a35bb5025290a6 + +info: + name: > + Delhivery Logistics Courier <= 1.0.107 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90465354-0174-4f85-a66b-589d9408c3c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delhivery-logistics-courier/" + google-query: inurl:"/wp-content/plugins/delhivery-logistics-courier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delhivery-logistics-courier,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delhivery-logistics-courier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delhivery-logistics-courier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.107') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delightful-downloads-49f7af60a7d6ca8e6785ad7873768f2a.yaml b/nuclei-templates/cve-less/plugins/delightful-downloads-49f7af60a7d6ca8e6785ad7873768f2a.yaml new file mode 100644 index 0000000000..4b6403c5cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delightful-downloads-49f7af60a7d6ca8e6785ad7873768f2a.yaml @@ -0,0 +1,58 @@ +id: delightful-downloads-49f7af60a7d6ca8e6785ad7873768f2a + +info: + name: > + JQueryFileTree <= 2.1.5 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f20352f-386f-45ab-b719-8a70f5c11b02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delightful-downloads/" + google-query: inurl:"/wp-content/plugins/delightful-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delightful-downloads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delightful-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delightful-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delucks-seo-5457d1ce3892ed5603310b359ae787b8.yaml b/nuclei-templates/cve-less/plugins/delucks-seo-5457d1ce3892ed5603310b359ae787b8.yaml new file mode 100644 index 0000000000..3e7d7de128 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delucks-seo-5457d1ce3892ed5603310b359ae787b8.yaml @@ -0,0 +1,58 @@ +id: delucks-seo-5457d1ce3892ed5603310b359ae787b8 + +info: + name: > + DELUCKS SEO <= 2.5.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4653f0fd-5369-4e3c-9bce-3f4200c0bddb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delucks-seo/" + google-query: inurl:"/wp-content/plugins/delucks-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delucks-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delucks-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delucks-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/delucks-seo-9ff713bb61b0eb3f270aa06433895190.yaml b/nuclei-templates/cve-less/plugins/delucks-seo-9ff713bb61b0eb3f270aa06433895190.yaml new file mode 100644 index 0000000000..6b945431fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/delucks-seo-9ff713bb61b0eb3f270aa06433895190.yaml @@ -0,0 +1,58 @@ +id: delucks-seo-9ff713bb61b0eb3f270aa06433895190 + +info: + name: > + DELUCKS SEO < 2.1.8 - Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aaa2f738-4764-467c-9544-889ca8ba73d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/delucks-seo/" + google-query: inurl:"/wp-content/plugins/delucks-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,delucks-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/delucks-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "delucks-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/demo-my-wordpress-507a6642fe4ac3f015f5c85064630dbd.yaml b/nuclei-templates/cve-less/plugins/demo-my-wordpress-507a6642fe4ac3f015f5c85064630dbd.yaml new file mode 100644 index 0000000000..049e95e8f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/demo-my-wordpress-507a6642fe4ac3f015f5c85064630dbd.yaml @@ -0,0 +1,58 @@ +id: demo-my-wordpress-507a6642fe4ac3f015f5c85064630dbd + +info: + name: > + Demo My WordPress <= 1.0.9.1 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc57d762-1e26-4980-ac82-ba35bf252ef8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/demo-my-wordpress/" + google-query: inurl:"/wp-content/plugins/demo-my-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,demo-my-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/demo-my-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "demo-my-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/democracy-poll-2e7b0b07966525201b04f4b815659d00.yaml b/nuclei-templates/cve-less/plugins/democracy-poll-2e7b0b07966525201b04f4b815659d00.yaml new file mode 100644 index 0000000000..257496057a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/democracy-poll-2e7b0b07966525201b04f4b815659d00.yaml @@ -0,0 +1,58 @@ +id: democracy-poll-2e7b0b07966525201b04f4b815659d00 + +info: + name: > + Democracy Poll < 5.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56acae44-6f22-440c-bee1-4cd3831a99ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/democracy-poll/" + google-query: inurl:"/wp-content/plugins/democracy-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,democracy-poll,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/democracy-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "democracy-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/democracy-poll-9547ac03aa22594531f4f7ecb05105d2.yaml b/nuclei-templates/cve-less/plugins/democracy-poll-9547ac03aa22594531f4f7ecb05105d2.yaml new file mode 100644 index 0000000000..d515fd3d87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/democracy-poll-9547ac03aa22594531f4f7ecb05105d2.yaml @@ -0,0 +1,58 @@ +id: democracy-poll-9547ac03aa22594531f4f7ecb05105d2 + +info: + name: > + Democracy Poll <= 6.0.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b29144f7-08cb-4703-a977-4fece763abbd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/democracy-poll/" + google-query: inurl:"/wp-content/plugins/democracy-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,democracy-poll,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/democracy-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "democracy-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/democracy-poll-a76e6fad4bf5d5ba93f81a78338ef54e.yaml b/nuclei-templates/cve-less/plugins/democracy-poll-a76e6fad4bf5d5ba93f81a78338ef54e.yaml new file mode 100644 index 0000000000..ff492b6eca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/democracy-poll-a76e6fad4bf5d5ba93f81a78338ef54e.yaml @@ -0,0 +1,58 @@ +id: democracy-poll-a76e6fad4bf5d5ba93f81a78338ef54e + +info: + name: > + Democracy Poll <= 5.3.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9567f63-9161-49a3-9b94-dd6dee5a5628?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/democracy-poll/" + google-query: inurl:"/wp-content/plugins/democracy-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,democracy-poll,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/democracy-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "democracy-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/demomentsomtres-wp-export-5c8e28251cab5b1205b7a87c4a2a1426.yaml b/nuclei-templates/cve-less/plugins/demomentsomtres-wp-export-5c8e28251cab5b1205b7a87c4a2a1426.yaml new file mode 100644 index 0000000000..9943b21281 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/demomentsomtres-wp-export-5c8e28251cab5b1205b7a87c4a2a1426.yaml @@ -0,0 +1,58 @@ +id: demomentsomtres-wp-export-5c8e28251cab5b1205b7a87c4a2a1426 + +info: + name: > + DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Missing Authorization to Blog Data Export + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a43ec32-ed48-4590-8fef-c4f460ffcabc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/demomentsomtres-wp-export/" + google-query: inurl:"/wp-content/plugins/demomentsomtres-wp-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,demomentsomtres-wp-export,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/demomentsomtres-wp-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "demomentsomtres-wp-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20220825') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/demon-image-annotation-13d81033dab55eac53421a579e93f29f.yaml b/nuclei-templates/cve-less/plugins/demon-image-annotation-13d81033dab55eac53421a579e93f29f.yaml new file mode 100644 index 0000000000..0b64e14b21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/demon-image-annotation-13d81033dab55eac53421a579e93f29f.yaml @@ -0,0 +1,58 @@ +id: demon-image-annotation-13d81033dab55eac53421a579e93f29f + +info: + name: > + demon image annotation <= 5.0 - Improper Input Restriction Validation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/demon-image-annotation/" + google-query: inurl:"/wp-content/plugins/demon-image-annotation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,demon-image-annotation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/demon-image-annotation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "demon-image-annotation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/demon-image-annotation-14a6574b6d9fc13262269a727d440dc3.yaml b/nuclei-templates/cve-less/plugins/demon-image-annotation-14a6574b6d9fc13262269a727d440dc3.yaml new file mode 100644 index 0000000000..1907f1eca0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/demon-image-annotation-14a6574b6d9fc13262269a727d440dc3.yaml @@ -0,0 +1,58 @@ +id: demon-image-annotation-14a6574b6d9fc13262269a727d440dc3 + +info: + name: > + demon image annotation <= 4.7 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/052dce55-c02d-4e66-b500-bf6160a5b188?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/demon-image-annotation/" + google-query: inurl:"/wp-content/plugins/demon-image-annotation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,demon-image-annotation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/demon-image-annotation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "demon-image-annotation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0', '<= 4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/demon-image-annotation-9c1a7ab296fd9381f729867ce6c145d6.yaml b/nuclei-templates/cve-less/plugins/demon-image-annotation-9c1a7ab296fd9381f729867ce6c145d6.yaml new file mode 100644 index 0000000000..b05bbe5bd7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/demon-image-annotation-9c1a7ab296fd9381f729867ce6c145d6.yaml @@ -0,0 +1,58 @@ +id: demon-image-annotation-9c1a7ab296fd9381f729867ce6c145d6 + +info: + name: > + Demon image annotation <= 5.3 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f093dfc8-8a2f-4614-b7c1-4fbf1afa9589?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/demon-image-annotation/" + google-query: inurl:"/wp-content/plugins/demon-image-annotation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,demon-image-annotation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/demon-image-annotation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "demon-image-annotation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/denk-internet-solutions-2e3087c002dc76b9a7567526587e8736.yaml b/nuclei-templates/cve-less/plugins/denk-internet-solutions-2e3087c002dc76b9a7567526587e8736.yaml new file mode 100644 index 0000000000..7f87b44600 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/denk-internet-solutions-2e3087c002dc76b9a7567526587e8736.yaml @@ -0,0 +1,58 @@ +id: denk-internet-solutions-2e3087c002dc76b9a7567526587e8736 + +info: + name: > + Actueel Financieel Nieuws – Denk Internet Solutions <= 5.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e0ad29a-b7a0-407e-8fb0-0917b8671afb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/denk-internet-solutions/" + google-query: inurl:"/wp-content/plugins/denk-internet-solutions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,denk-internet-solutions,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/denk-internet-solutions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "denk-internet-solutions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/deny-all-firewall-b61c46947c98daf3d7e5aee079c69c53.yaml b/nuclei-templates/cve-less/plugins/deny-all-firewall-b61c46947c98daf3d7e5aee079c69c53.yaml new file mode 100644 index 0000000000..91c602af27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/deny-all-firewall-b61c46947c98daf3d7e5aee079c69c53.yaml @@ -0,0 +1,58 @@ +id: deny-all-firewall-b61c46947c98daf3d7e5aee079c69c53 + +info: + name: > + Deny All Firewall <= 1.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0b60313-042b-4e85-a117-9abd95824402?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/deny-all-firewall/" + google-query: inurl:"/wp-content/plugins/deny-all-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,deny-all-firewall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/deny-all-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "deny-all-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/depicter-27cd6d77b0299e752388a04327a5ef2a.yaml b/nuclei-templates/cve-less/plugins/depicter-27cd6d77b0299e752388a04327a5ef2a.yaml new file mode 100644 index 0000000000..b52056c280 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/depicter-27cd6d77b0299e752388a04327a5ef2a.yaml @@ -0,0 +1,58 @@ +id: depicter-27cd6d77b0299e752388a04327a5ef2a + +info: + name: > + Depicter Slider – Responsive Image Slider, Video Slider & Post Slider <= 2.0.6 - Cross-Site Request Forgery via save + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c907ea-3ab4-4674-8945-ade4f6ff2679?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/depicter/" + google-query: inurl:"/wp-content/plugins/depicter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,depicter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/depicter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "depicter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/depicter-69e238d5564cebaab229183900098117.yaml b/nuclei-templates/cve-less/plugins/depicter-69e238d5564cebaab229183900098117.yaml new file mode 100644 index 0000000000..d5ebc5933c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/depicter-69e238d5564cebaab229183900098117.yaml @@ -0,0 +1,58 @@ +id: depicter-69e238d5564cebaab229183900098117 + +info: + name: > + Depicter Slider <= 1.9.0 - Missing Authorization on 'make' function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed79e382-acb4-4348-9bc6-b44ec0d75fb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/depicter/" + google-query: inurl:"/wp-content/plugins/depicter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,depicter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/depicter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "depicter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/design-approval-system-eaff27608bcf6deda804f06712a1b098.yaml b/nuclei-templates/cve-less/plugins/design-approval-system-eaff27608bcf6deda804f06712a1b098.yaml new file mode 100644 index 0000000000..5832771cae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/design-approval-system-eaff27608bcf6deda804f06712a1b098.yaml @@ -0,0 +1,58 @@ +id: design-approval-system-eaff27608bcf6deda804f06712a1b098 + +info: + name: > + Design Approval System <= 3.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a52dc13f-50b3-4aa3-9924-beb75351673e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/design-approval-system/" + google-query: inurl:"/wp-content/plugins/design-approval-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,design-approval-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/design-approval-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "design-approval-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dethemekit-for-elementor-9e56ce0a564cde270ffad1e5997baa50.yaml b/nuclei-templates/cve-less/plugins/dethemekit-for-elementor-9e56ce0a564cde270ffad1e5997baa50.yaml new file mode 100644 index 0000000000..d27ed315db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dethemekit-for-elementor-9e56ce0a564cde270ffad1e5997baa50.yaml @@ -0,0 +1,58 @@ +id: dethemekit-for-elementor-9e56ce0a564cde270ffad1e5997baa50 + +info: + name: > + DethemeKit For Elementor <= 1.5.5.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3c77d8-0e90-41ee-b7e4-6160f1d5760f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dethemekit-for-elementor/" + google-query: inurl:"/wp-content/plugins/dethemekit-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dethemekit-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dethemekit-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dethemekit-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dethemekit-for-elementor-f509147c445359dac8de4743426be1bb.yaml b/nuclei-templates/cve-less/plugins/dethemekit-for-elementor-f509147c445359dac8de4743426be1bb.yaml new file mode 100644 index 0000000000..530189a96a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dethemekit-for-elementor-f509147c445359dac8de4743426be1bb.yaml @@ -0,0 +1,58 @@ +id: dethemekit-for-elementor-f509147c445359dac8de4743426be1bb + +info: + name: > + DethemeKit For Elementor <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2132d5b4-583d-46c0-be5e-6664bee9cad2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dethemekit-for-elementor/" + google-query: inurl:"/wp-content/plugins/dethemekit-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dethemekit-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dethemekit-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dethemekit-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/devbuddy-twitter-feed-539276d00e4422db414565e796e54c45.yaml b/nuclei-templates/cve-less/plugins/devbuddy-twitter-feed-539276d00e4422db414565e796e54c45.yaml new file mode 100644 index 0000000000..fe01807748 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/devbuddy-twitter-feed-539276d00e4422db414565e796e54c45.yaml @@ -0,0 +1,58 @@ +id: devbuddy-twitter-feed-539276d00e4422db414565e796e54c45 + +info: + name: > + DevBuddy Twitter Feed <= 4.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92a20a1f-6403-4561-acd8-5b076fe2999f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/devbuddy-twitter-feed/" + google-query: inurl:"/wp-content/plugins/devbuddy-twitter-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,devbuddy-twitter-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/devbuddy-twitter-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "devbuddy-twitter-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/device-theme-switcher-b029a1561cc2b382c267a1eedf8dbeeb.yaml b/nuclei-templates/cve-less/plugins/device-theme-switcher-b029a1561cc2b382c267a1eedf8dbeeb.yaml new file mode 100644 index 0000000000..a6ec42eea0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/device-theme-switcher-b029a1561cc2b382c267a1eedf8dbeeb.yaml @@ -0,0 +1,58 @@ +id: device-theme-switcher-b029a1561cc2b382c267a1eedf8dbeeb + +info: + name: > + Plugin Name: Device Theme Switcher <= 3.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d64d711-f2d9-4447-9ac1-80c5ea51c23e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/device-theme-switcher/" + google-query: inurl:"/wp-content/plugins/device-theme-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,device-theme-switcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/device-theme-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "device-theme-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dh-anti-adblocker-57412b2a8ecc09f7b642fb706ae35e4e.yaml b/nuclei-templates/cve-less/plugins/dh-anti-adblocker-57412b2a8ecc09f7b642fb706ae35e4e.yaml new file mode 100644 index 0000000000..8c26948ce9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dh-anti-adblocker-57412b2a8ecc09f7b642fb706ae35e4e.yaml @@ -0,0 +1,58 @@ +id: dh-anti-adblocker-57412b2a8ecc09f7b642fb706ae35e4e + +info: + name: > + DH – Anti AdBlocker <= 36 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f79d3938-bf85-4e0d-80a3-2ff365482d36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dh-anti-adblocker/" + google-query: inurl:"/wp-content/plugins/dh-anti-adblocker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dh-anti-adblocker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dh-anti-adblocker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dh-anti-adblocker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dhtmlxspreadsheet-c9ddd0481037c81ec76638f9cdd36097.yaml b/nuclei-templates/cve-less/plugins/dhtmlxspreadsheet-c9ddd0481037c81ec76638f9cdd36097.yaml new file mode 100644 index 0000000000..f5ff50d544 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dhtmlxspreadsheet-c9ddd0481037c81ec76638f9cdd36097.yaml @@ -0,0 +1,58 @@ +id: dhtmlxspreadsheet-c9ddd0481037c81ec76638f9cdd36097 + +info: + name: > + dhtmlxSpreadsheet <= 2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97bff7aa-d304-4ccd-bfca-d3f18568df6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dhtmlxspreadsheet/" + google-query: inurl:"/wp-content/plugins/dhtmlxspreadsheet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dhtmlxspreadsheet,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dhtmlxspreadsheet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dhtmlxspreadsheet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/diary-availability-calendar-93b21f556464132da5e236e1e43ab9a3.yaml b/nuclei-templates/cve-less/plugins/diary-availability-calendar-93b21f556464132da5e236e1e43ab9a3.yaml new file mode 100644 index 0000000000..52bcb1d0f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/diary-availability-calendar-93b21f556464132da5e236e1e43ab9a3.yaml @@ -0,0 +1,58 @@ +id: diary-availability-calendar-93b21f556464132da5e236e1e43ab9a3 + +info: + name: > + Diary & Availability Calendar <= 1.0.3 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7e83cee-f2c6-4de0-8801-fb63398f98fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/diary-availability-calendar/" + google-query: inurl:"/wp-content/plugins/diary-availability-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,diary-availability-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/diary-availability-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "diary-availability-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/different-menus-in-different-pages-793865077bcac4ea4b5fe53bac436ec4.yaml b/nuclei-templates/cve-less/plugins/different-menus-in-different-pages-793865077bcac4ea4b5fe53bac436ec4.yaml new file mode 100644 index 0000000000..aad36a66ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/different-menus-in-different-pages-793865077bcac4ea4b5fe53bac436ec4.yaml @@ -0,0 +1,58 @@ +id: different-menus-in-different-pages-793865077bcac4ea4b5fe53bac436ec4 + +info: + name: > + Different Menu in Different Pages – Control Menu Visibility (All in One) <= 2.3.2 - Missing Authorization to Menu Duplication + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f9d4d86-9d5f-4888-9cc4-d55c117ae4ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/different-menus-in-different-pages/" + google-query: inurl:"/wp-content/plugins/different-menus-in-different-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,different-menus-in-different-pages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/different-menus-in-different-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "different-menus-in-different-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/digg-digg-20201ad3e5b2ef096de0c5e50dbc6858.yaml b/nuclei-templates/cve-less/plugins/digg-digg-20201ad3e5b2ef096de0c5e50dbc6858.yaml new file mode 100644 index 0000000000..5347c90921 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/digg-digg-20201ad3e5b2ef096de0c5e50dbc6858.yaml @@ -0,0 +1,58 @@ +id: digg-digg-20201ad3e5b2ef096de0c5e50dbc6858 + +info: + name: > + Digg Digg < 5.3.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5df8983e-16c9-4a23-9bf4-331d70384e74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/digg-digg/" + google-query: inurl:"/wp-content/plugins/digg-digg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,digg-digg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/digg-digg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digg-digg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/digiproveblog-a302b746a2ef51c079999dc7f35e46c2.yaml b/nuclei-templates/cve-less/plugins/digiproveblog-a302b746a2ef51c079999dc7f35e46c2.yaml new file mode 100644 index 0000000000..513fbb7ba9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/digiproveblog-a302b746a2ef51c079999dc7f35e46c2.yaml @@ -0,0 +1,58 @@ +id: digiproveblog-a302b746a2ef51c079999dc7f35e46c2 + +info: + name: > + Copyright Proof <= 4.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/487a6c5e-226b-4b30-a402-bd5132d17ea8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/digiproveblog/" + google-query: inurl:"/wp-content/plugins/digiproveblog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,digiproveblog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/digiproveblog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digiproveblog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/digirisk-23a7b6466caf75eb82c1916af3aba873.yaml b/nuclei-templates/cve-less/plugins/digirisk-23a7b6466caf75eb82c1916af3aba873.yaml new file mode 100644 index 0000000000..8121c20079 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/digirisk-23a7b6466caf75eb82c1916af3aba873.yaml @@ -0,0 +1,58 @@ +id: digirisk-23a7b6466caf75eb82c1916af3aba873 + +info: + name: > + Digirisk 6.0.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d41355ed-77d0-48b3-bbb3-4cc3b4df4b2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/digirisk/" + google-query: inurl:"/wp-content/plugins/digirisk/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,digirisk,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/digirisk/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digirisk" + part: body + + - type: dsl + dsl: + - compare_versions(version, '6.0.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-317667951b7644dbd1a4529b628afac3.yaml b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-317667951b7644dbd1a4529b628afac3.yaml new file mode 100644 index 0000000000..5be30bc78d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-317667951b7644dbd1a4529b628afac3.yaml @@ -0,0 +1,58 @@ +id: digital-publications-by-supsystic-317667951b7644dbd1a4529b628afac3 + +info: + name: > + Digital Publications by Supsystic <= 1.7.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/763f0c23-49c8-4e7a-b1c1-d33eb5b1b7c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/digital-publications-by-supsystic/" + google-query: inurl:"/wp-content/plugins/digital-publications-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/digital-publications-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digital-publications-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-eadc3f836bcbd93a1ac6bfbe3a4ccd12.yaml b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-eadc3f836bcbd93a1ac6bfbe3a4ccd12.yaml new file mode 100644 index 0000000000..9bb23ce2da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-eadc3f836bcbd93a1ac6bfbe3a4ccd12.yaml @@ -0,0 +1,58 @@ +id: digital-publications-by-supsystic-eadc3f836bcbd93a1ac6bfbe3a4ccd12 + +info: + name: > + Digital Publications by Supsystic <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bd803c7-c120-4967-84e3-5f97fc35a79e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/digital-publications-by-supsystic/" + google-query: inurl:"/wp-content/plugins/digital-publications-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/digital-publications-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digital-publications-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-f0509869323a911d6d3e4dec2a00653a.yaml b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-f0509869323a911d6d3e4dec2a00653a.yaml new file mode 100644 index 0000000000..d04b95909e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-f0509869323a911d6d3e4dec2a00653a.yaml @@ -0,0 +1,58 @@ +id: digital-publications-by-supsystic-f0509869323a911d6d3e4dec2a00653a + +info: + name: > + Digital Publications by Supsystic <= 1.7.6 - Cross-Site Request Forgery via AJAX action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2304e4dc-0dc6-4ded-b8e6-8d76d70f63d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/digital-publications-by-supsystic/" + google-query: inurl:"/wp-content/plugins/digital-publications-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/digital-publications-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digital-publications-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-f546fb5d8bed24f06bc4f3f7768fcf06.yaml b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-f546fb5d8bed24f06bc4f3f7768fcf06.yaml new file mode 100644 index 0000000000..6f78e812ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/digital-publications-by-supsystic-f546fb5d8bed24f06bc4f3f7768fcf06.yaml @@ -0,0 +1,58 @@ +id: digital-publications-by-supsystic-f546fb5d8bed24f06bc4f3f7768fcf06 + +info: + name: > + Digital Publications by Supsystic <= 1.7.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdea1999-a282-4374-a093-5cbd5b05497a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/digital-publications-by-supsystic/" + google-query: inurl:"/wp-content/plugins/digital-publications-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,digital-publications-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/digital-publications-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digital-publications-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/digits-b7d7504fc6882ec831aaed54e5e753c7.yaml b/nuclei-templates/cve-less/plugins/digits-b7d7504fc6882ec831aaed54e5e753c7.yaml new file mode 100644 index 0000000000..acbc4dde79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/digits-b7d7504fc6882ec831aaed54e5e753c7.yaml @@ -0,0 +1,58 @@ +id: digits-b7d7504fc6882ec831aaed54e5e753c7 + +info: + name: > + Digits <= 8.4.1 - Cross-Site Request Forgery to Privilege Escalation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/digits/" + google-query: inurl:"/wp-content/plugins/digits/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,digits,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/digits/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digits" + part: body + + - type: dsl + dsl: + - compare_versions(version, '8.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directories-a6efeec3a539abed47ad7c21c911bb3f.yaml b/nuclei-templates/cve-less/plugins/directories-a6efeec3a539abed47ad7c21c911bb3f.yaml new file mode 100644 index 0000000000..4a2697bf44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directories-a6efeec3a539abed47ad7c21c911bb3f.yaml @@ -0,0 +1,58 @@ +id: directories-a6efeec3a539abed47ad7c21c911bb3f + +info: + name: > + DirectoriesPro by SabaiApps <= 1.3.45 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b864aa4-f7e0-4910-b950-ef8b1190c5ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directories/" + google-query: inurl:"/wp-content/plugins/directories/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directories,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directories/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directories" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directories-f9f8b8101f4a39f1a6ed5a0936c6104f.yaml b/nuclei-templates/cve-less/plugins/directories-f9f8b8101f4a39f1a6ed5a0936c6104f.yaml new file mode 100644 index 0000000000..006cddec5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directories-f9f8b8101f4a39f1a6ed5a0936c6104f.yaml @@ -0,0 +1,58 @@ +id: directories-f9f8b8101f4a39f1a6ed5a0936c6104f + +info: + name: > + DirectoriesPro Plugin by SabaiApps <= 1.3.45 - Cross-Site Scripting via _drts_form_build_id, _t_ Parameters + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65e68147-84cc-4b2d-85b9-e5b7bde2e604?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directories/" + google-query: inurl:"/wp-content/plugins/directories/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directories,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directories/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directories" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-01ea85ddd8a050d4ed49539de0e44b17.yaml b/nuclei-templates/cve-less/plugins/directorist-01ea85ddd8a050d4ed49539de0e44b17.yaml new file mode 100644 index 0000000000..69b866b9a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-01ea85ddd8a050d4ed49539de0e44b17.yaml @@ -0,0 +1,58 @@ +id: directorist-01ea85ddd8a050d4ed49539de0e44b17 + +info: + name: > + Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b47edd57-cac7-463f-88cc-8922f1b34612?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-0a59eb8864ee4a82b1288b61fa9c3b30.yaml b/nuclei-templates/cve-less/plugins/directorist-0a59eb8864ee4a82b1288b61fa9c3b30.yaml new file mode 100644 index 0000000000..6e09330069 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-0a59eb8864ee4a82b1288b61fa9c3b30.yaml @@ -0,0 +1,58 @@ +id: directorist-0a59eb8864ee4a82b1288b61fa9c3b30 + +info: + name: > + Directorist <= 7.7.1 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab233ceb-270c-4694-9cf9-2de8ddfcbbfd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-0ac5cc81243c959ab88705244a2988b3.yaml b/nuclei-templates/cve-less/plugins/directorist-0ac5cc81243c959ab88705244a2988b3.yaml new file mode 100644 index 0000000000..54934a5766 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-0ac5cc81243c959ab88705244a2988b3.yaml @@ -0,0 +1,58 @@ +id: directorist-0ac5cc81243c959ab88705244a2988b3 + +info: + name: > + Directorist – WordPress Business Directory Plugin with Classified Ads Listings <= 7.2.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec03840e-807b-4a9c-87e7-a1560b8b7f5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-1187996edf4177af89ef3ea40b60db53.yaml b/nuclei-templates/cve-less/plugins/directorist-1187996edf4177af89ef3ea40b60db53.yaml new file mode 100644 index 0000000000..8426593469 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-1187996edf4177af89ef3ea40b60db53.yaml @@ -0,0 +1,58 @@ +id: directorist-1187996edf4177af89ef3ea40b60db53 + +info: + name: > + Directorist <= 7.2.2 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f52ec39-18d8-41eb-8712-7369680b8a58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-133afc4fd6bf43efcd46913bc74537a5.yaml b/nuclei-templates/cve-less/plugins/directorist-133afc4fd6bf43efcd46913bc74537a5.yaml new file mode 100644 index 0000000000..3e1f2977c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-133afc4fd6bf43efcd46913bc74537a5.yaml @@ -0,0 +1,58 @@ +id: directorist-133afc4fd6bf43efcd46913bc74537a5 + +info: + name: > + Directorist <= 7.0.6.1 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41896fb5-1b6b-4a35-b3e9-9c4b5215b153?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-2cbbaa813e0954a798f362d364a25dbe.yaml b/nuclei-templates/cve-less/plugins/directorist-2cbbaa813e0954a798f362d364a25dbe.yaml new file mode 100644 index 0000000000..acac7b910e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-2cbbaa813e0954a798f362d364a25dbe.yaml @@ -0,0 +1,58 @@ +id: directorist-2cbbaa813e0954a798f362d364a25dbe + +info: + name: > + Directorist <= 7.3.0 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b20fa367-a12f-402a-a74a-2bb5fe090036?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-3ca2c37cf2bcc2a6f7bd7d384d01930f.yaml b/nuclei-templates/cve-less/plugins/directorist-3ca2c37cf2bcc2a6f7bd7d384d01930f.yaml new file mode 100644 index 0000000000..2600ee53c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-3ca2c37cf2bcc2a6f7bd7d384d01930f.yaml @@ -0,0 +1,58 @@ +id: directorist-3ca2c37cf2bcc2a6f7bd7d384d01930f + +info: + name: > + Directorist <= 7.4.2.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86ff2412-23c6-450e-b351-ba994d68aae6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-50115b9c428a5ad33912876ac3e59d68.yaml b/nuclei-templates/cve-less/plugins/directorist-50115b9c428a5ad33912876ac3e59d68.yaml new file mode 100644 index 0000000000..0252e43f92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-50115b9c428a5ad33912876ac3e59d68.yaml @@ -0,0 +1,58 @@ +id: directorist-50115b9c428a5ad33912876ac3e59d68 + +info: + name: > + Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01943559-e05b-4dca-b322-d880b2729ee7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-6547c1d240217acd0e74acb8773a56d3.yaml b/nuclei-templates/cve-less/plugins/directorist-6547c1d240217acd0e74acb8773a56d3.yaml new file mode 100644 index 0000000000..b9a16bcf21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-6547c1d240217acd0e74acb8773a56d3.yaml @@ -0,0 +1,58 @@ +id: directorist-6547c1d240217acd0e74acb8773a56d3 + +info: + name: > + Directorist <= 7.4.3 - Authenticated (Subscriber+) Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df0b25cb-5233-412d-8704-63f037b4fcec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-9461e6fbc59ff2af30e33bb31e92efcb.yaml b/nuclei-templates/cve-less/plugins/directorist-9461e6fbc59ff2af30e33bb31e92efcb.yaml new file mode 100644 index 0000000000..b6b1f1d054 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-9461e6fbc59ff2af30e33bb31e92efcb.yaml @@ -0,0 +1,58 @@ +id: directorist-9461e6fbc59ff2af30e33bb31e92efcb + +info: + name: > + Directorist <= 7.8.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0655cd61-8ebe-47f8-a21b-6311c98a7193?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-9576bd28245508413e199ad3d8acfb19.yaml b/nuclei-templates/cve-less/plugins/directorist-9576bd28245508413e199ad3d8acfb19.yaml new file mode 100644 index 0000000000..c7fe9f512a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-9576bd28245508413e199ad3d8acfb19.yaml @@ -0,0 +1,58 @@ +id: directorist-9576bd28245508413e199ad3d8acfb19 + +info: + name: > + Directorist <= 7.5.3 - Authenticated (Administrator+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e571ded0-ea7a-40ec-b90b-c5009b463d87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-a3e8c0ce1e12ba9e5616261592070d69.yaml b/nuclei-templates/cve-less/plugins/directorist-a3e8c0ce1e12ba9e5616261592070d69.yaml new file mode 100644 index 0000000000..cb27db91db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-a3e8c0ce1e12ba9e5616261592070d69.yaml @@ -0,0 +1,58 @@ +id: directorist-a3e8c0ce1e12ba9e5616261592070d69 + +info: + name: > + Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorist-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/directorist-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..71f2fe0a4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorist-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: directorist-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorist/" + google-query: inurl:"/wp-content/plugins/directorist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directory-pro-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/cve-less/plugins/directory-pro-c1fc6421a52e6ac7d9b0f476667cd29a.yaml new file mode 100644 index 0000000000..ba1b060af1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directory-pro-c1fc6421a52e6ac7d9b0f476667cd29a.yaml @@ -0,0 +1,58 @@ +id: directory-pro-c1fc6421a52e6ac7d9b0f476667cd29a + +info: + name: > + Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directory-pro/" + google-query: inurl:"/wp-content/plugins/directory-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directory-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directory-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directory-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorypress-63e9460ae343812c425f6b6a9cf8cd2b.yaml b/nuclei-templates/cve-less/plugins/directorypress-63e9460ae343812c425f6b6a9cf8cd2b.yaml new file mode 100644 index 0000000000..8ab345caac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorypress-63e9460ae343812c425f6b6a9cf8cd2b.yaml @@ -0,0 +1,58 @@ +id: directorypress-63e9460ae343812c425f6b6a9cf8cd2b + +info: + name: > + DirectoryPress – Business Directory And Classified Ad Listing <= 3.6.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14acb770-9a32-4308-993d-a3d3dec91f78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorypress/" + google-query: inurl:"/wp-content/plugins/directorypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorypress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/directorypress-95913a8fbfffbbc5d9172b93ca770d6c.yaml b/nuclei-templates/cve-less/plugins/directorypress-95913a8fbfffbbc5d9172b93ca770d6c.yaml new file mode 100644 index 0000000000..1c4a3d36b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/directorypress-95913a8fbfffbbc5d9172b93ca770d6c.yaml @@ -0,0 +1,58 @@ +id: directorypress-95913a8fbfffbbc5d9172b93ca770d6c + +info: + name: > + DirectoryPress <= 3.6.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f75f83bf-3c86-44e9-b535-cd721061ee93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/directorypress/" + google-query: inurl:"/wp-content/plugins/directorypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,directorypress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/directorypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "directorypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dirtysuds-embed-pdf-ed0ef3463be2d5aaf2ed1f44e5427cec.yaml b/nuclei-templates/cve-less/plugins/dirtysuds-embed-pdf-ed0ef3463be2d5aaf2ed1f44e5427cec.yaml new file mode 100644 index 0000000000..44e752c752 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dirtysuds-embed-pdf-ed0ef3463be2d5aaf2ed1f44e5427cec.yaml @@ -0,0 +1,58 @@ +id: dirtysuds-embed-pdf-ed0ef3463be2d5aaf2ed1f44e5427cec + +info: + name: > + Embed PDF <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2af76ad6-9c78-4b44-b104-d66f0014b5cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dirtysuds-embed-pdf/" + google-query: inurl:"/wp-content/plugins/dirtysuds-embed-pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dirtysuds-embed-pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dirtysuds-embed-pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dirtysuds-embed-pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/disable-comments-20729b5326c844ceb8ab014ad17df6e2.yaml b/nuclei-templates/cve-less/plugins/disable-comments-20729b5326c844ceb8ab014ad17df6e2.yaml new file mode 100644 index 0000000000..df3aa55adf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/disable-comments-20729b5326c844ceb8ab014ad17df6e2.yaml @@ -0,0 +1,58 @@ +id: disable-comments-20729b5326c844ceb8ab014ad17df6e2 + +info: + name: > + Disable Comments – Remove Comments & Stop Spam [Multi-Site Support] < 1.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b530d1a3-dd3c-4efb-9cff-39b6908f11c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disable-comments/" + google-query: inurl:"/wp-content/plugins/disable-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disable-comments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disable-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disable-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/disable-comments-wpz-51b13cbe3f0c79746e5808bdafa8107c.yaml b/nuclei-templates/cve-less/plugins/disable-comments-wpz-51b13cbe3f0c79746e5808bdafa8107c.yaml new file mode 100644 index 0000000000..6c6e8baf3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/disable-comments-wpz-51b13cbe3f0c79746e5808bdafa8107c.yaml @@ -0,0 +1,58 @@ +id: disable-comments-wpz-51b13cbe3f0c79746e5808bdafa8107c + +info: + name: > + Disable Comments | WPZest <= 1.51 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ef0410-3f8d-40e1-9188-43ec4e7077cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disable-comments-wpz/" + google-query: inurl:"/wp-content/plugins/disable-comments-wpz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disable-comments-wpz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disable-comments-wpz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disable-comments-wpz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/disable-image-right-click-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/disable-image-right-click-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..0463536cc3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/disable-image-right-click-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: disable-image-right-click-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disable-image-right-click/" + google-query: inurl:"/wp-content/plugins/disable-image-right-click/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disable-image-right-click,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disable-image-right-click/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disable-image-right-click" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/disable-right-click-for-wp-675306159873a1cd00d34f2536abffba.yaml b/nuclei-templates/cve-less/plugins/disable-right-click-for-wp-675306159873a1cd00d34f2536abffba.yaml new file mode 100644 index 0000000000..431c35fb24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/disable-right-click-for-wp-675306159873a1cd00d34f2536abffba.yaml @@ -0,0 +1,58 @@ +id: disable-right-click-for-wp-675306159873a1cd00d34f2536abffba + +info: + name: > + Disable Right Click For WP <= 1.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44e61ac0-f420-4603-a81f-031a22e01927?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disable-right-click-for-wp/" + google-query: inurl:"/wp-content/plugins/disable-right-click-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disable-right-click-for-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disable-right-click-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disable-right-click-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/disable-update-notifications-d95a2dcd05217531d4ed458d73ee033a.yaml b/nuclei-templates/cve-less/plugins/disable-update-notifications-d95a2dcd05217531d4ed458d73ee033a.yaml new file mode 100644 index 0000000000..62fc589261 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/disable-update-notifications-d95a2dcd05217531d4ed458d73ee033a.yaml @@ -0,0 +1,58 @@ +id: disable-update-notifications-d95a2dcd05217531d4ed458d73ee033a + +info: + name: > + Disable WordPress Update Notifications <= 2.3.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/658ba848-fbfe-4cee-b997-77bc4cae53dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disable-update-notifications/" + google-query: inurl:"/wp-content/plugins/disable-update-notifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disable-update-notifications,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disable-update-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disable-update-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/disable-user-login-3955cce33eb34bd1a4fd37bd19c83679.yaml b/nuclei-templates/cve-less/plugins/disable-user-login-3955cce33eb34bd1a4fd37bd19c83679.yaml new file mode 100644 index 0000000000..a8d07d797e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/disable-user-login-3955cce33eb34bd1a4fd37bd19c83679.yaml @@ -0,0 +1,58 @@ +id: disable-user-login-3955cce33eb34bd1a4fd37bd19c83679 + +info: + name: > + Disable User Login <= 1.3.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/056819fb-7087-4794-9936-312ab54c96cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disable-user-login/" + google-query: inurl:"/wp-content/plugins/disable-user-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disable-user-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disable-user-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disable-user-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/disabler-ae33a39eb3dc9b47978010832e99346a.yaml b/nuclei-templates/cve-less/plugins/disabler-ae33a39eb3dc9b47978010832e99346a.yaml new file mode 100644 index 0000000000..4011a369eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/disabler-ae33a39eb3dc9b47978010832e99346a.yaml @@ -0,0 +1,58 @@ +id: disabler-ae33a39eb3dc9b47978010832e99346a + +info: + name: > + Disabler <= 3.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1375c43c-498f-4d68-ac9c-201592d26919?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disabler/" + google-query: inurl:"/wp-content/plugins/disabler/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disabler,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disabler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disabler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/display-custom-post-5b28a734c59e3ed66297833eac37980a.yaml b/nuclei-templates/cve-less/plugins/display-custom-post-5b28a734c59e3ed66297833eac37980a.yaml new file mode 100644 index 0000000000..96fd878020 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/display-custom-post-5b28a734c59e3ed66297833eac37980a.yaml @@ -0,0 +1,58 @@ +id: display-custom-post-5b28a734c59e3ed66297833eac37980a + +info: + name: > + Display Custom Post <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18531eed-3150-424c-970c-5975afe7546a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/display-custom-post/" + google-query: inurl:"/wp-content/plugins/display-custom-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,display-custom-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/display-custom-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "display-custom-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/display-metadata-7d1a4c06854607da91f0cfd973b64e55.yaml b/nuclei-templates/cve-less/plugins/display-metadata-7d1a4c06854607da91f0cfd973b64e55.yaml new file mode 100644 index 0000000000..b2afa14f6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/display-metadata-7d1a4c06854607da91f0cfd973b64e55.yaml @@ -0,0 +1,58 @@ +id: display-metadata-7d1a4c06854607da91f0cfd973b64e55 + +info: + name: > + Display post meta, term meta, comment meta, and user meta <= 0.4.1 - Authenticated(Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f90c0d8-ede6-4f24-870f-19e888238e93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/display-metadata/" + google-query: inurl:"/wp-content/plugins/display-metadata/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,display-metadata,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/display-metadata/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "display-metadata" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/display-post-metadata-68e029abe789ad7c1ac8726ecdc73f1e.yaml b/nuclei-templates/cve-less/plugins/display-post-metadata-68e029abe789ad7c1ac8726ecdc73f1e.yaml new file mode 100644 index 0000000000..6c1963a765 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/display-post-metadata-68e029abe789ad7c1ac8726ecdc73f1e.yaml @@ -0,0 +1,58 @@ +id: display-post-metadata-68e029abe789ad7c1ac8726ecdc73f1e + +info: + name: > + Display Post Metadata <= 1.4.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca17fd4a-fd14-46e6-9348-19b74fec5df8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/display-post-metadata/" + google-query: inurl:"/wp-content/plugins/display-post-metadata/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,display-post-metadata,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/display-post-metadata/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "display-post-metadata" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/display-widgets-c88811f07a28a64dae50ff3a4d1213f5.yaml b/nuclei-templates/cve-less/plugins/display-widgets-c88811f07a28a64dae50ff3a4d1213f5.yaml new file mode 100644 index 0000000000..2da7dae0b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/display-widgets-c88811f07a28a64dae50ff3a4d1213f5.yaml @@ -0,0 +1,58 @@ +id: display-widgets-c88811f07a28a64dae50ff3a4d1213f5 + +info: + name: > + Display Widgets <= 2.03 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/179c4920-5a03-4cf4-9e77-a814c3004769?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/display-widgets/" + google-query: inurl:"/wp-content/plugins/display-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,display-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/display-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "display-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.03') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/disqus-comment-system-6e244b00897597cd6328a4e5cd1875e2.yaml b/nuclei-templates/cve-less/plugins/disqus-comment-system-6e244b00897597cd6328a4e5cd1875e2.yaml new file mode 100644 index 0000000000..c4a9b6d510 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/disqus-comment-system-6e244b00897597cd6328a4e5cd1875e2.yaml @@ -0,0 +1,58 @@ +id: disqus-comment-system-6e244b00897597cd6328a4e5cd1875e2 + +info: + name: > + Disqus Comment System < 2.79 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa60ed7c-baf3-4308-b4bf-1baa928d8e37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disqus-comment-system/" + google-query: inurl:"/wp-content/plugins/disqus-comment-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disqus-comment-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disqus-comment-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disqus-comment-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.79') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/disqus-comment-system-7a1c147c4cb293f32f92c2501e47596f.yaml b/nuclei-templates/cve-less/plugins/disqus-comment-system-7a1c147c4cb293f32f92c2501e47596f.yaml new file mode 100644 index 0000000000..229c6df8c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/disqus-comment-system-7a1c147c4cb293f32f92c2501e47596f.yaml @@ -0,0 +1,58 @@ +id: disqus-comment-system-7a1c147c4cb293f32f92c2501e47596f + +info: + name: > + Disqus Comment System < 2.76 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2020323-b08d-4a5c-818f-1c440e057e75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disqus-comment-system/" + google-query: inurl:"/wp-content/plugins/disqus-comment-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disqus-comment-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disqus-comment-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disqus-comment-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.76') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/disqus-comment-system-bf623412f81fa76fc573618af8d6d1f2.yaml b/nuclei-templates/cve-less/plugins/disqus-comment-system-bf623412f81fa76fc573618af8d6d1f2.yaml new file mode 100644 index 0000000000..c345b2dae6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/disqus-comment-system-bf623412f81fa76fc573618af8d6d1f2.yaml @@ -0,0 +1,58 @@ +id: disqus-comment-system-bf623412f81fa76fc573618af8d6d1f2 + +info: + name: > + Disqus Comment System < 2.76 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ec2f684-fa04-4201-a826-1eed328821de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disqus-comment-system/" + google-query: inurl:"/wp-content/plugins/disqus-comment-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disqus-comment-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disqus-comment-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disqus-comment-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.76') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/disqus-conditional-load-764235f1dad8997c7feda04c94cf2850.yaml b/nuclei-templates/cve-less/plugins/disqus-conditional-load-764235f1dad8997c7feda04c94cf2850.yaml new file mode 100644 index 0000000000..93a87543c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/disqus-conditional-load-764235f1dad8997c7feda04c94cf2850.yaml @@ -0,0 +1,58 @@ +id: disqus-conditional-load-764235f1dad8997c7feda04c94cf2850 + +info: + name: > + Disqus Conditional Load <= 11.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings. + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/762190dc-cd19-4bc1-8204-9219881d95e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/disqus-conditional-load/" + google-query: inurl:"/wp-content/plugins/disqus-conditional-load/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,disqus-conditional-load,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/disqus-conditional-load/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "disqus-conditional-load" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ditty-news-ticker-2fe97b6a7d11daeda44ed66f389013e0.yaml b/nuclei-templates/cve-less/plugins/ditty-news-ticker-2fe97b6a7d11daeda44ed66f389013e0.yaml new file mode 100644 index 0000000000..4172420841 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ditty-news-ticker-2fe97b6a7d11daeda44ed66f389013e0.yaml @@ -0,0 +1,58 @@ +id: ditty-news-ticker-2fe97b6a7d11daeda44ed66f389013e0 + +info: + name: > + Ditty <= 3.1.24 - Missing Authorization via save_ditty_permissions_check + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08630dfd-df43-4a5a-8fc7-ba8ff753db3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ditty-news-ticker/" + google-query: inurl:"/wp-content/plugins/ditty-news-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ditty-news-ticker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ditty-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ditty-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ditty-news-ticker-4d06425a78ba626ae09d9e74b3028b1c.yaml b/nuclei-templates/cve-less/plugins/ditty-news-ticker-4d06425a78ba626ae09d9e74b3028b1c.yaml new file mode 100644 index 0000000000..390cb807d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ditty-news-ticker-4d06425a78ba626ae09d9e74b3028b1c.yaml @@ -0,0 +1,58 @@ +id: ditty-news-ticker-4d06425a78ba626ae09d9e74b3028b1c + +info: + name: > + Ditty <= 3.1.24 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cabf7aae-0673-4358-a2df-0ca22c8432b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ditty-news-ticker/" + google-query: inurl:"/wp-content/plugins/ditty-news-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ditty-news-ticker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ditty-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ditty-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ditty-news-ticker-4fab6ad196fce7e90d2e5e9e3343b264.yaml b/nuclei-templates/cve-less/plugins/ditty-news-ticker-4fab6ad196fce7e90d2e5e9e3343b264.yaml new file mode 100644 index 0000000000..abb3b22682 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ditty-news-ticker-4fab6ad196fce7e90d2e5e9e3343b264.yaml @@ -0,0 +1,58 @@ +id: ditty-news-ticker-4fab6ad196fce7e90d2e5e9e3343b264 + +info: + name: > + Ditty (formerly Ditty News Ticker) <= 3.0.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e647fcde-e36a-4432-abec-73e414991e96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ditty-news-ticker/" + google-query: inurl:"/wp-content/plugins/ditty-news-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ditty-news-ticker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ditty-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ditty-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ditty-news-ticker-b0853238e27436d970fc9e4c9b697d95.yaml b/nuclei-templates/cve-less/plugins/ditty-news-ticker-b0853238e27436d970fc9e4c9b697d95.yaml new file mode 100644 index 0000000000..e52ce8e986 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ditty-news-ticker-b0853238e27436d970fc9e4c9b697d95.yaml @@ -0,0 +1,58 @@ +id: ditty-news-ticker-b0853238e27436d970fc9e4c9b697d95 + +info: + name: > + Ditty <= 3.1.35 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/426280c1-0ecb-4973-915e-bb63ac240bca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ditty-news-ticker/" + google-query: inurl:"/wp-content/plugins/ditty-news-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ditty-news-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ditty-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ditty-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ditty-news-ticker-cb44b891144850987aa067ef65bfd80b.yaml b/nuclei-templates/cve-less/plugins/ditty-news-ticker-cb44b891144850987aa067ef65bfd80b.yaml new file mode 100644 index 0000000000..004c6efd3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ditty-news-ticker-cb44b891144850987aa067ef65bfd80b.yaml @@ -0,0 +1,58 @@ +id: ditty-news-ticker-cb44b891144850987aa067ef65bfd80b + +info: + name: > + Ditty <= 3.0.32 - Authenticated (Contributor+) Stored Cross-Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef8697a2-7c58-43be-aaa9-05273fc3114b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ditty-news-ticker/" + google-query: inurl:"/wp-content/plugins/ditty-news-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ditty-news-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ditty-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ditty-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ditty-news-ticker-f95f25f2a333f8597e744c121fcbe5fe.yaml b/nuclei-templates/cve-less/plugins/ditty-news-ticker-f95f25f2a333f8597e744c121fcbe5fe.yaml new file mode 100644 index 0000000000..248fde1952 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ditty-news-ticker-f95f25f2a333f8597e744c121fcbe5fe.yaml @@ -0,0 +1,58 @@ +id: ditty-news-ticker-f95f25f2a333f8597e744c121fcbe5fe + +info: + name: > + Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f00b138-5c4b-4f75-94b1-82721cba2668?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ditty-news-ticker/" + google-query: inurl:"/wp-content/plugins/ditty-news-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ditty-news-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ditty-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ditty-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.38') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ditty-news-ticker-f9974cc25b2b5474809876c63c837de9.yaml b/nuclei-templates/cve-less/plugins/ditty-news-ticker-f9974cc25b2b5474809876c63c837de9.yaml new file mode 100644 index 0000000000..e5188c0449 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ditty-news-ticker-f9974cc25b2b5474809876c63c837de9.yaml @@ -0,0 +1,58 @@ +id: ditty-news-ticker-f9974cc25b2b5474809876c63c837de9 + +info: + name: > + Ditty – Responsive News Tickers, Sliders, and Lists <= 3.1.31 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3233f6f-7488-43ed-a626-b2150c5516fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ditty-news-ticker/" + google-query: inurl:"/wp-content/plugins/ditty-news-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ditty-news-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ditty-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ditty-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/divebook-2fd703146be88e52db7e37909148b8fe.yaml b/nuclei-templates/cve-less/plugins/divebook-2fd703146be88e52db7e37909148b8fe.yaml new file mode 100644 index 0000000000..c0d8919838 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/divebook-2fd703146be88e52db7e37909148b8fe.yaml @@ -0,0 +1,58 @@ +id: divebook-2fd703146be88e52db7e37909148b8fe + +info: + name: > + DiveBook <= 1.1.4 - Improper Access Control + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebb76379-0cac-47c6-a0eb-34780bc837bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/divebook/" + google-query: inurl:"/wp-content/plugins/divebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,divebook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/divebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "divebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/divebook-5a66a977b640a93acacfabeb4be863f1.yaml b/nuclei-templates/cve-less/plugins/divebook-5a66a977b640a93acacfabeb4be863f1.yaml new file mode 100644 index 0000000000..1c018ad228 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/divebook-5a66a977b640a93acacfabeb4be863f1.yaml @@ -0,0 +1,58 @@ +id: divebook-5a66a977b640a93acacfabeb4be863f1 + +info: + name: > + DiveBook <= 1.1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e850aca1-72b3-4436-bc35-2d52c439a7b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/divebook/" + google-query: inurl:"/wp-content/plugins/divebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,divebook,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/divebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "divebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/divebook-8f2eed89cd34dbb395902a31efbdb53c.yaml b/nuclei-templates/cve-less/plugins/divebook-8f2eed89cd34dbb395902a31efbdb53c.yaml new file mode 100644 index 0000000000..8cd7a91c8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/divebook-8f2eed89cd34dbb395902a31efbdb53c.yaml @@ -0,0 +1,58 @@ +id: divebook-8f2eed89cd34dbb395902a31efbdb53c + +info: + name: > + DiveBook <= 1.1.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23239fc1-8683-446e-bc61-03d819edf99d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/divebook/" + google-query: inurl:"/wp-content/plugins/divebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,divebook,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/divebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "divebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/divi-builder-4f3dfe26281afe74af18534af8dcf024.yaml b/nuclei-templates/cve-less/plugins/divi-builder-4f3dfe26281afe74af18534af8dcf024.yaml new file mode 100644 index 0000000000..1ed8f98fcf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/divi-builder-4f3dfe26281afe74af18534af8dcf024.yaml @@ -0,0 +1,58 @@ +id: divi-builder-4f3dfe26281afe74af18534af8dcf024 + +info: + name: > + Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efac70f6-d959-41f7-bdef-d554f1c9133e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/divi-builder/" + google-query: inurl:"/wp-content/plugins/divi-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,divi-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/divi-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "divi-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.25.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/divi-builder-a2b478ab05dc0dd0616e45e762ef893a.yaml b/nuclei-templates/cve-less/plugins/divi-builder-a2b478ab05dc0dd0616e45e762ef893a.yaml new file mode 100644 index 0000000000..86753925ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/divi-builder-a2b478ab05dc0dd0616e45e762ef893a.yaml @@ -0,0 +1,58 @@ +id: divi-builder-a2b478ab05dc0dd0616e45e762ef893a + +info: + name: > + Elegant Themes Monarch < 1.2.7 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0195bddf-eafe-45f2-9424-ffa235d9b4dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/divi-builder/" + google-query: inurl:"/wp-content/plugins/divi-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,divi-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/divi-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "divi-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/divi-builder-ec458e7be91893393a96a7bb4f01d557.yaml b/nuclei-templates/cve-less/plugins/divi-builder-ec458e7be91893393a96a7bb4f01d557.yaml new file mode 100644 index 0000000000..61bca1b862 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/divi-builder-ec458e7be91893393a96a7bb4f01d557.yaml @@ -0,0 +1,58 @@ +id: divi-builder-ec458e7be91893393a96a7bb4f01d557 + +info: + name: > + Elegant Themes (Multiple Versions) - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e03bc79-b42e-4015-8476-2b0488c71028?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/divi-builder/" + google-query: inurl:"/wp-content/plugins/divi-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,divi-builder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/divi-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "divi-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dj-email-publish-e6640ec95c6580e68f9599cfab145307.yaml b/nuclei-templates/cve-less/plugins/dj-email-publish-e6640ec95c6580e68f9599cfab145307.yaml new file mode 100644 index 0000000000..10fd57f8ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dj-email-publish-e6640ec95c6580e68f9599cfab145307.yaml @@ -0,0 +1,58 @@ +id: dj-email-publish-e6640ec95c6580e68f9599cfab145307 + +info: + name: > + DJ EmailPublish <= 1.7.2 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f18a07f-c7de-49ac-9a11-f9cbc48b125a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dj-email-publish/" + google-query: inurl:"/wp-content/plugins/dj-email-publish/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dj-email-publish,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dj-email-publish/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dj-email-publish" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-03f17f31cd71196d3e8108e1dfd1705d.yaml b/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-03f17f31cd71196d3e8108e1dfd1705d.yaml new file mode 100644 index 0000000000..bd0f34776f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-03f17f31cd71196d3e8108e1dfd1705d.yaml @@ -0,0 +1,58 @@ +id: dk-pricr-responsive-pricing-table-03f17f31cd71196d3e8108e1dfd1705d + +info: + name: > + Responsive Pricing Table <= 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a530a55-44d7-4f78-9cbd-513ef290908a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dk-pricr-responsive-pricing-table/" + google-query: inurl:"/wp-content/plugins/dk-pricr-responsive-pricing-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dk-pricr-responsive-pricing-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dk-pricr-responsive-pricing-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-05afb40274ed6e7e7ee85f9181367788.yaml b/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-05afb40274ed6e7e7ee85f9181367788.yaml new file mode 100644 index 0000000000..3924800fde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-05afb40274ed6e7e7ee85f9181367788.yaml @@ -0,0 +1,58 @@ +id: dk-pricr-responsive-pricing-table-05afb40274ed6e7e7ee85f9181367788 + +info: + name: > + Responsive Pricing Table <= 5.1.10 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75a1f49d-2352-40f0-a830-7cff0e5163f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dk-pricr-responsive-pricing-table/" + google-query: inurl:"/wp-content/plugins/dk-pricr-responsive-pricing-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dk-pricr-responsive-pricing-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dk-pricr-responsive-pricing-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-932d8591d976abf910e4179bc489f078.yaml b/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-932d8591d976abf910e4179bc489f078.yaml new file mode 100644 index 0000000000..3660f6ad82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-932d8591d976abf910e4179bc489f078.yaml @@ -0,0 +1,58 @@ +id: dk-pricr-responsive-pricing-table-932d8591d976abf910e4179bc489f078 + +info: + name: > + Responsive Pricing Table < 5.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fb7dd8f-6258-46e1-9cc5-87ec73d5736c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dk-pricr-responsive-pricing-table/" + google-query: inurl:"/wp-content/plugins/dk-pricr-responsive-pricing-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dk-pricr-responsive-pricing-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dk-pricr-responsive-pricing-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-c74224b712fc0c2fb7b3dedfadd9ee64.yaml b/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-c74224b712fc0c2fb7b3dedfadd9ee64.yaml new file mode 100644 index 0000000000..69619112f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dk-pricr-responsive-pricing-table-c74224b712fc0c2fb7b3dedfadd9ee64.yaml @@ -0,0 +1,58 @@ +id: dk-pricr-responsive-pricing-table-c74224b712fc0c2fb7b3dedfadd9ee64 + +info: + name: > + Responsive Pricing Table <= 5.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b90c0a2-19b2-4846-9f62-2b02d28cc13b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dk-pricr-responsive-pricing-table/" + google-query: inurl:"/wp-content/plugins/dk-pricr-responsive-pricing-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dk-pricr-responsive-pricing-table,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dk-pricr-responsive-pricing-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dk-pricr-responsive-pricing-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dm-albums-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/dm-albums-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..363aa525d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dm-albums-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: dm-albums-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dm-albums/" + google-query: inurl:"/wp-content/plugins/dm-albums/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dm-albums,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dm-albums/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dm-albums" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dm-albums-f74320833916c503bc8924181a242988.yaml b/nuclei-templates/cve-less/plugins/dm-albums-f74320833916c503bc8924181a242988.yaml new file mode 100644 index 0000000000..8a9b4d2d87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dm-albums-f74320833916c503bc8924181a242988.yaml @@ -0,0 +1,58 @@ +id: dm-albums-f74320833916c503bc8924181a242988 + +info: + name: > + DM Albums <= 1.9.2 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc83b0ff-7228-466a-b831-53cca252a3f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dm-albums/" + google-query: inurl:"/wp-content/plugins/dm-albums/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dm-albums,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dm-albums/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dm-albums" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dmca-watermarker-e4bec7dd7a04a9998930ce7422960fa5.yaml b/nuclei-templates/cve-less/plugins/dmca-watermarker-e4bec7dd7a04a9998930ce7422960fa5.yaml new file mode 100644 index 0000000000..aa4c888971 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dmca-watermarker-e4bec7dd7a04a9998930ce7422960fa5.yaml @@ -0,0 +1,58 @@ +id: dmca-watermarker-e4bec7dd7a04a9998930ce7422960fa5 + +info: + name: > + DMCA WaterMarker < 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59be2283-1356-48aa-bbda-f796fd799330?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dmca-watermarker/" + google-query: inurl:"/wp-content/plugins/dmca-watermarker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dmca-watermarker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dmca-watermarker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dmca-watermarker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dmsguestbook-0720f12ed328d9f8394eeb8c7b25a318.yaml b/nuclei-templates/cve-less/plugins/dmsguestbook-0720f12ed328d9f8394eeb8c7b25a318.yaml new file mode 100644 index 0000000000..4e0f697d7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dmsguestbook-0720f12ed328d9f8394eeb8c7b25a318.yaml @@ -0,0 +1,58 @@ +id: dmsguestbook-0720f12ed328d9f8394eeb8c7b25a318 + +info: + name: > + DMSGuestbook < 1.9.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/607a5846-4112-4f0d-b353-68903b2a4cb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dmsguestbook/" + google-query: inurl:"/wp-content/plugins/dmsguestbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dmsguestbook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dmsguestbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dmsguestbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dmsguestbook-2b7d96b5ce8ab425f2e121a2dd72ecf0.yaml b/nuclei-templates/cve-less/plugins/dmsguestbook-2b7d96b5ce8ab425f2e121a2dd72ecf0.yaml new file mode 100644 index 0000000000..88cb5ae9e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dmsguestbook-2b7d96b5ce8ab425f2e121a2dd72ecf0.yaml @@ -0,0 +1,58 @@ +id: dmsguestbook-2b7d96b5ce8ab425f2e121a2dd72ecf0 + +info: + name: > + DMSGuestbook <= 1.8.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a70a91f3-ec87-472a-9cb0-98c874b7825f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dmsguestbook/" + google-query: inurl:"/wp-content/plugins/dmsguestbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dmsguestbook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dmsguestbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dmsguestbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dmsguestbook-464fda924b91446d67088565fa366b6b.yaml b/nuclei-templates/cve-less/plugins/dmsguestbook-464fda924b91446d67088565fa366b6b.yaml new file mode 100644 index 0000000000..d7d26fb5a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dmsguestbook-464fda924b91446d67088565fa366b6b.yaml @@ -0,0 +1,58 @@ +id: dmsguestbook-464fda924b91446d67088565fa366b6b + +info: + name: > + DMSGuestbook < 1.9.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbe4688e-19a4-412a-8fe3-167badcfafdf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dmsguestbook/" + google-query: inurl:"/wp-content/plugins/dmsguestbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dmsguestbook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dmsguestbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dmsguestbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dmsguestbook-81cd7c7b4d1173a363d79c9374f22f96.yaml b/nuclei-templates/cve-less/plugins/dmsguestbook-81cd7c7b4d1173a363d79c9374f22f96.yaml new file mode 100644 index 0000000000..fab4d953cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dmsguestbook-81cd7c7b4d1173a363d79c9374f22f96.yaml @@ -0,0 +1,58 @@ +id: dmsguestbook-81cd7c7b4d1173a363d79c9374f22f96 + +info: + name: > + DMSGuestbook <= 1.7.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46706adb-fc2e-47d4-b1ff-748b89b1decf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dmsguestbook/" + google-query: inurl:"/wp-content/plugins/dmsguestbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dmsguestbook,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dmsguestbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dmsguestbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dnui-delete-not-used-image-wordpress-0d2acb1823da711b074d38421e878cbc.yaml b/nuclei-templates/cve-less/plugins/dnui-delete-not-used-image-wordpress-0d2acb1823da711b074d38421e878cbc.yaml new file mode 100644 index 0000000000..e4b3398931 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dnui-delete-not-used-image-wordpress-0d2acb1823da711b074d38421e878cbc.yaml @@ -0,0 +1,58 @@ +id: dnui-delete-not-used-image-wordpress-0d2acb1823da711b074d38421e878cbc + +info: + name: > + DNUI <= 2.8.1 - Cross-Site Request Forgery leading to Unused Image Deletion and Database Image Access + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de5397c2-b23c-412a-b419-e36023daa989?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dnui-delete-not-used-image-wordpress/" + google-query: inurl:"/wp-content/plugins/dnui-delete-not-used-image-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dnui-delete-not-used-image-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dnui-delete-not-used-image-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dnui-delete-not-used-image-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/docollipics-faustball-de-2b530454070b0701fff7ade24fa23420.yaml b/nuclei-templates/cve-less/plugins/docollipics-faustball-de-2b530454070b0701fff7ade24fa23420.yaml new file mode 100644 index 0000000000..9cd34e8610 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/docollipics-faustball-de-2b530454070b0701fff7ade24fa23420.yaml @@ -0,0 +1,58 @@ +id: docollipics-faustball-de-2b530454070b0701fff7ade24fa23420 + +info: + name: > + Tabellen von faustball.com <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7417e25-be35-4134-9d38-f8ee91f0d1cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/docollipics-faustball-de/" + google-query: inurl:"/wp-content/plugins/docollipics-faustball-de/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,docollipics-faustball-de,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/docollipics-faustball-de/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "docollipics-faustball-de" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/doctor-listing-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/cve-less/plugins/doctor-listing-c1fc6421a52e6ac7d9b0f476667cd29a.yaml new file mode 100644 index 0000000000..c6b335cf21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/doctor-listing-c1fc6421a52e6ac7d9b0f476667cd29a.yaml @@ -0,0 +1,58 @@ +id: doctor-listing-c1fc6421a52e6ac7d9b0f476667cd29a + +info: + name: > + Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/doctor-listing/" + google-query: inurl:"/wp-content/plugins/doctor-listing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,doctor-listing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/doctor-listing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "doctor-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/document-emberdder-9726bedc4772feb78308da203819877a.yaml b/nuclei-templates/cve-less/plugins/document-emberdder-9726bedc4772feb78308da203819877a.yaml new file mode 100644 index 0000000000..c7bc90eaed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/document-emberdder-9726bedc4772feb78308da203819877a.yaml @@ -0,0 +1,58 @@ +id: document-emberdder-9726bedc4772feb78308da203819877a + +info: + name: > + Document Embedder < 1.7.6 - Sensitive Data Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/041851d8-99ce-48a6-8ff5-85418d8807be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/document-emberdder/" + google-query: inurl:"/wp-content/plugins/document-emberdder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,document-emberdder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/document-emberdder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "document-emberdder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/document-emberdder-ab269c118fc3257cdc712b5cba24b2d9.yaml b/nuclei-templates/cve-less/plugins/document-emberdder-ab269c118fc3257cdc712b5cba24b2d9.yaml new file mode 100644 index 0000000000..26482f8cd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/document-emberdder-ab269c118fc3257cdc712b5cba24b2d9.yaml @@ -0,0 +1,58 @@ +id: document-emberdder-ab269c118fc3257cdc712b5cba24b2d9 + +info: + name: > + Document Embedder <= 1.7.8 - Subscriber+ Arbitrary Private/Draft Post Title Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1baf7c7e-b5e9-40b5-9c96-abe6ebcf2b2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/document-emberdder/" + google-query: inurl:"/wp-content/plugins/document-emberdder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,document-emberdder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/document-emberdder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "document-emberdder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/documentor-lite-d8a488996304707ccbeb5881d0d3a2c5.yaml b/nuclei-templates/cve-less/plugins/documentor-lite-d8a488996304707ccbeb5881d0d3a2c5.yaml new file mode 100644 index 0000000000..563bf2d6cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/documentor-lite-d8a488996304707ccbeb5881d0d3a2c5.yaml @@ -0,0 +1,58 @@ +id: documentor-lite-d8a488996304707ccbeb5881d0d3a2c5 + +info: + name: > + Documentor – Create Product Documentation <= 1.5.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da51b3ef-b12f-4af0-90b7-1ea61595b661?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/documentor-lite/" + google-query: inurl:"/wp-content/plugins/documentor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,documentor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/documentor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "documentor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dofollow-case-by-case-945f1c78b2a3586f190550f87e150c27.yaml b/nuclei-templates/cve-less/plugins/dofollow-case-by-case-945f1c78b2a3586f190550f87e150c27.yaml new file mode 100644 index 0000000000..244543b76b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dofollow-case-by-case-945f1c78b2a3586f190550f87e150c27.yaml @@ -0,0 +1,58 @@ +id: dofollow-case-by-case-945f1c78b2a3586f190550f87e150c27 + +info: + name: > + DoFollow Case by Case <= 3.4.2 Cross-Site Request Forgery via getEmail and getUrl + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60c63be2-dd17-4224-ba96-ba30ed0b25ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dofollow-case-by-case/" + google-query: inurl:"/wp-content/plugins/dofollow-case-by-case/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dofollow-case-by-case,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dofollow-case-by-case/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dofollow-case-by-case" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dokan-lite-3a87cd2c194cd815db2ec636b84e643a.yaml b/nuclei-templates/cve-less/plugins/dokan-lite-3a87cd2c194cd815db2ec636b84e643a.yaml new file mode 100644 index 0000000000..2baa061a1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dokan-lite-3a87cd2c194cd815db2ec636b84e643a.yaml @@ -0,0 +1,58 @@ +id: dokan-lite-3a87cd2c194cd815db2ec636b84e643a + +info: + name: > + Dokan <= 3.7.12 - Authenticated (Vendor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4967c95-8eb6-4c9b-ae6e-082dbc6af7f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dokan-lite/" + google-query: inurl:"/wp-content/plugins/dokan-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dokan-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dokan-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dokan-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dokan-lite-5ad44d8edf07e29935fd9f2a379a8bdf.yaml b/nuclei-templates/cve-less/plugins/dokan-lite-5ad44d8edf07e29935fd9f2a379a8bdf.yaml new file mode 100644 index 0000000000..9dc83fe4aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dokan-lite-5ad44d8edf07e29935fd9f2a379a8bdf.yaml @@ -0,0 +1,58 @@ +id: dokan-lite-5ad44d8edf07e29935fd9f2a379a8bdf + +info: + name: > + Dokan <= 3.6.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18e8f72b-daa0-4a9f-a67b-d9be9a0862d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dokan-lite/" + google-query: inurl:"/wp-content/plugins/dokan-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dokan-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dokan-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dokan-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dokan-lite-7cae0337ec5d8357b2096a13255ff0e5.yaml b/nuclei-templates/cve-less/plugins/dokan-lite-7cae0337ec5d8357b2096a13255ff0e5.yaml new file mode 100644 index 0000000000..ea457533b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dokan-lite-7cae0337ec5d8357b2096a13255ff0e5.yaml @@ -0,0 +1,58 @@ +id: dokan-lite-7cae0337ec5d8357b2096a13255ff0e5 + +info: + name: > + Dokan <= 3.0.8 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/894c875a-078f-4c1f-83d2-4a6e4a309c3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dokan-lite/" + google-query: inurl:"/wp-content/plugins/dokan-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dokan-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dokan-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dokan-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dokan-lite-83ceb85b9d98ac0ba31cc54d7c02a615.yaml b/nuclei-templates/cve-less/plugins/dokan-lite-83ceb85b9d98ac0ba31cc54d7c02a615.yaml new file mode 100644 index 0000000000..bbe195b845 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dokan-lite-83ceb85b9d98ac0ba31cc54d7c02a615.yaml @@ -0,0 +1,58 @@ +id: dokan-lite-83ceb85b9d98ac0ba31cc54d7c02a615 + +info: + name: > + Dokan <= 3.7.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e4d84ad-ab02-45b1-aecb-dc2c08c097fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dokan-lite/" + google-query: inurl:"/wp-content/plugins/dokan-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dokan-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dokan-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dokan-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dokan-lite-98e27e4b860cdb80f775d8dcf8849471.yaml b/nuclei-templates/cve-less/plugins/dokan-lite-98e27e4b860cdb80f775d8dcf8849471.yaml new file mode 100644 index 0000000000..3809e456d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dokan-lite-98e27e4b860cdb80f775d8dcf8849471.yaml @@ -0,0 +1,58 @@ +id: dokan-lite-98e27e4b860cdb80f775d8dcf8849471 + +info: + name: > + Dokan <= 3.6.3 - Authenticated (Vendor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2da02a0e-4bc5-4dc6-b46e-7e74e0eb36dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dokan-lite/" + google-query: inurl:"/wp-content/plugins/dokan-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dokan-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dokan-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dokan-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dokan-lite-e63e30ec60f147aa93db545efe75d6f6.yaml b/nuclei-templates/cve-less/plugins/dokan-lite-e63e30ec60f147aa93db545efe75d6f6.yaml new file mode 100644 index 0000000000..dff3b9e803 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dokan-lite-e63e30ec60f147aa93db545efe75d6f6.yaml @@ -0,0 +1,58 @@ +id: dokan-lite-e63e30ec60f147aa93db545efe75d6f6 + +info: + name: > + Dokan <=3.7.19 - Authenticated(Shop Manager+) PHP Object Injection via create_dummy_vendor + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1597859c-2808-4e0f-aa8d-4e2727728e22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dokan-lite/" + google-query: inurl:"/wp-content/plugins/dokan-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dokan-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dokan-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dokan-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dologin-3e791f294648bb07f6f5d09991cd807c.yaml b/nuclei-templates/cve-less/plugins/dologin-3e791f294648bb07f6f5d09991cd807c.yaml new file mode 100644 index 0000000000..816625ed51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dologin-3e791f294648bb07f6f5d09991cd807c.yaml @@ -0,0 +1,58 @@ +id: dologin-3e791f294648bb07f6f5d09991cd807c + +info: + name: > + DoLogin Security <= 3.6 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad34d657-da59-46ff-a54a-64e6c8974b69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dologin/" + google-query: inurl:"/wp-content/plugins/dologin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dologin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dologin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dologin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dologin-76c4f32766bf14b6bbf96fbeaaac68ab.yaml b/nuclei-templates/cve-less/plugins/dologin-76c4f32766bf14b6bbf96fbeaaac68ab.yaml new file mode 100644 index 0000000000..7b58cbf7c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dologin-76c4f32766bf14b6bbf96fbeaaac68ab.yaml @@ -0,0 +1,58 @@ +id: dologin-76c4f32766bf14b6bbf96fbeaaac68ab + +info: + name: > + DoLogin Security <= 3.7 - Missing Authorization on Dashboard Widget + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24e2b96c-665f-4616-ac99-1a2b1b0a9ccd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dologin/" + google-query: inurl:"/wp-content/plugins/dologin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dologin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dologin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dologin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dologin-9b93ca969f1fec7d267bf68ade76e649.yaml b/nuclei-templates/cve-less/plugins/dologin-9b93ca969f1fec7d267bf68ade76e649.yaml new file mode 100644 index 0000000000..0891db279c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dologin-9b93ca969f1fec7d267bf68ade76e649.yaml @@ -0,0 +1,58 @@ +id: dologin-9b93ca969f1fec7d267bf68ade76e649 + +info: + name: > + DoLogin Security <= 3.6 - IP Address Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/def06edd-ea4f-4b49-9902-b179d40e4133?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dologin/" + google-query: inurl:"/wp-content/plugins/dologin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dologin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dologin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dologin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dologin-bd8336f3b7891bca7cf2acd9eb9176f8.yaml b/nuclei-templates/cve-less/plugins/dologin-bd8336f3b7891bca7cf2acd9eb9176f8.yaml new file mode 100644 index 0000000000..fc03a27823 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dologin-bd8336f3b7891bca7cf2acd9eb9176f8.yaml @@ -0,0 +1,58 @@ +id: dologin-bd8336f3b7891bca7cf2acd9eb9176f8 + +info: + name: > + DoLogin Security <= 3.7.1 - Missing Authorization via REST Endpoints + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af93f4f5-4c6d-4178-b7f7-c66c341bde87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dologin/" + google-query: inurl:"/wp-content/plugins/dologin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dologin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dologin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dologin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/domain-check-7bb785cc55f83f670623beb2518f8d46.yaml b/nuclei-templates/cve-less/plugins/domain-check-7bb785cc55f83f670623beb2518f8d46.yaml new file mode 100644 index 0000000000..fbbd9e73fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/domain-check-7bb785cc55f83f670623beb2518f8d46.yaml @@ -0,0 +1,58 @@ +id: domain-check-7bb785cc55f83f670623beb2518f8d46 + +info: + name: > + Domain Check <= 1.0.16 - Reflected Cross-Site Scripting via domain + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6b3d91c-591b-444d-888b-1b443e72afca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/domain-check/" + google-query: inurl:"/wp-content/plugins/domain-check/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,domain-check,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/domain-check/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "domain-check" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/domain-replace-c2b0322b1c47551232078fdb7ec624e5.yaml b/nuclei-templates/cve-less/plugins/domain-replace-c2b0322b1c47551232078fdb7ec624e5.yaml new file mode 100644 index 0000000000..69309d7869 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/domain-replace-c2b0322b1c47551232078fdb7ec624e5.yaml @@ -0,0 +1,58 @@ +id: domain-replace-c2b0322b1c47551232078fdb7ec624e5 + +info: + name: > + Domain Replace <= 1.3.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad81c6b6-dbf5-40a3-894d-e2fbab69d38a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/domain-replace/" + google-query: inurl:"/wp-content/plugins/domain-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,domain-replace,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/domain-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "domain-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/don8-147a2c380c511ff89f6007b5ad85a430.yaml b/nuclei-templates/cve-less/plugins/don8-147a2c380c511ff89f6007b5ad85a430.yaml new file mode 100644 index 0000000000..79acf4f7ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/don8-147a2c380c511ff89f6007b5ad85a430.yaml @@ -0,0 +1,58 @@ +id: don8-147a2c380c511ff89f6007b5ad85a430 + +info: + name: > + Don8 <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9b2b094-9a2d-4c73-be5f-b2a6f3da9233?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/don8/" + google-query: inurl:"/wp-content/plugins/don8/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,don8,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/don8/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "don8" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/donate-extra-bf2a986ee34d32b284b49248c2116049.yaml b/nuclei-templates/cve-less/plugins/donate-extra-bf2a986ee34d32b284b49248c2116049.yaml new file mode 100644 index 0000000000..c330532453 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/donate-extra-bf2a986ee34d32b284b49248c2116049.yaml @@ -0,0 +1,58 @@ +id: donate-extra-bf2a986ee34d32b284b49248c2116049 + +info: + name: > + Donate Extra <= 2.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93c940a5-1145-47ac-b55f-bf346719e584?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/donate-extra/" + google-query: inurl:"/wp-content/plugins/donate-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,donate-extra,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/donate-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "donate-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.02') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/donate-with-qrcode-737595c2ea3449d9afc6f182f87c2e0c.yaml b/nuclei-templates/cve-less/plugins/donate-with-qrcode-737595c2ea3449d9afc6f182f87c2e0c.yaml new file mode 100644 index 0000000000..855c304c2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/donate-with-qrcode-737595c2ea3449d9afc6f182f87c2e0c.yaml @@ -0,0 +1,58 @@ +id: donate-with-qrcode-737595c2ea3449d9afc6f182f87c2e0c + +info: + name: > + Donate With QRCode <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a4c327c-f756-4f50-8121-363791c6bd8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/donate-with-qrcode/" + google-query: inurl:"/wp-content/plugins/donate-with-qrcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,donate-with-qrcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/donate-with-qrcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "donate-with-qrcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/donation-button-2930d925944c874731b469b90d98e5da.yaml b/nuclei-templates/cve-less/plugins/donation-button-2930d925944c874731b469b90d98e5da.yaml new file mode 100644 index 0000000000..3aae578e4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/donation-button-2930d925944c874731b469b90d98e5da.yaml @@ -0,0 +1,58 @@ +id: donation-button-2930d925944c874731b469b90d98e5da + +info: + name: > + Donation Button <= 4.0.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2b809f5-0384-43f5-8839-67bf059360eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/donation-button/" + google-query: inurl:"/wp-content/plugins/donation-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,donation-button,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/donation-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "donation-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/donation-button-40014647f15550cd9dd8d5556a2d8ae1.yaml b/nuclei-templates/cve-less/plugins/donation-button-40014647f15550cd9dd8d5556a2d8ae1.yaml new file mode 100644 index 0000000000..8f1fd8e774 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/donation-button-40014647f15550cd9dd8d5556a2d8ae1.yaml @@ -0,0 +1,58 @@ +id: donation-button-40014647f15550cd9dd8d5556a2d8ae1 + +info: + name: > + Donation Button <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b35e5228-7f1a-43e1-b65d-d13bdd6bcfaf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/donation-button/" + google-query: inurl:"/wp-content/plugins/donation-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,donation-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/donation-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "donation-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/donation-thermometer-11d8842f155c393e0c8cf7dd8d4ce45b.yaml b/nuclei-templates/cve-less/plugins/donation-thermometer-11d8842f155c393e0c8cf7dd8d4ce45b.yaml new file mode 100644 index 0000000000..b44ed722f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/donation-thermometer-11d8842f155c393e0c8cf7dd8d4ce45b.yaml @@ -0,0 +1,58 @@ +id: donation-thermometer-11d8842f155c393e0c8cf7dd8d4ce45b + +info: + name: > + Donation Thermometer <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc67ff08-b660-477a-9457-b681cf0381f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/donation-thermometer/" + google-query: inurl:"/wp-content/plugins/donation-thermometer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,donation-thermometer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/donation-thermometer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "donation-thermometer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/donations-block-28e3179254b4fd139125a16ede646345.yaml b/nuclei-templates/cve-less/plugins/donations-block-28e3179254b4fd139125a16ede646345.yaml new file mode 100644 index 0000000000..b3e9b36728 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/donations-block-28e3179254b4fd139125a16ede646345.yaml @@ -0,0 +1,58 @@ +id: donations-block-28e3179254b4fd139125a16ede646345 + +info: + name: > + Donation Block For PayPal <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5e60125-35e2-4d6d-8ea7-078df0b9e55f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/donations-block/" + google-query: inurl:"/wp-content/plugins/donations-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,donations-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/donations-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "donations-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/donations-for-woocommerce-89b8de7fceb27a44be5a7a24e0cb685a.yaml b/nuclei-templates/cve-less/plugins/donations-for-woocommerce-89b8de7fceb27a44be5a7a24e0cb685a.yaml new file mode 100644 index 0000000000..00dd615526 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/donations-for-woocommerce-89b8de7fceb27a44be5a7a24e0cb685a.yaml @@ -0,0 +1,58 @@ +id: donations-for-woocommerce-89b8de7fceb27a44be5a7a24e0cb685a + +info: + name: > + Potent Donations for WooCommerce <= 1.1.9 - Cross-Site Request Forgery in hm_wcdon_admin_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98358366-7cb0-40ae-a931-10985c916af1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/donations-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/donations-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,donations-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/donations-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "donations-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/doneren-met-mollie-5d341faba5a243bc1f91722340667935.yaml b/nuclei-templates/cve-less/plugins/doneren-met-mollie-5d341faba5a243bc1f91722340667935.yaml new file mode 100644 index 0000000000..f877a08414 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/doneren-met-mollie-5d341faba5a243bc1f91722340667935.yaml @@ -0,0 +1,58 @@ +id: doneren-met-mollie-5d341faba5a243bc1f91722340667935 + +info: + name: > + Doneren met Mollie <= 2.8.4 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed99a056-42c6-4540-950e-12f8b547b64d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/doneren-met-mollie/" + google-query: inurl:"/wp-content/plugins/doneren-met-mollie/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,doneren-met-mollie,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/doneren-met-mollie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "doneren-met-mollie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/doneren-met-mollie-c68aefc2513365ae0004ad9eeebe270b.yaml b/nuclei-templates/cve-less/plugins/doneren-met-mollie-c68aefc2513365ae0004ad9eeebe270b.yaml new file mode 100644 index 0000000000..26023d166d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/doneren-met-mollie-c68aefc2513365ae0004ad9eeebe270b.yaml @@ -0,0 +1,58 @@ +id: doneren-met-mollie-c68aefc2513365ae0004ad9eeebe270b + +info: + name: > + Doneren met Mollie <= 2.10.2 - Unauthenticated Reflected Cross-Site Scripting via search + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f494ca7-3f2f-4535-92ff-1ed5c469bf45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/doneren-met-mollie/" + google-query: inurl:"/wp-content/plugins/doneren-met-mollie/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,doneren-met-mollie,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/doneren-met-mollie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "doneren-met-mollie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/donorbox-donation-form-074326e7470f284764101e6fc9e53f79.yaml b/nuclei-templates/cve-less/plugins/donorbox-donation-form-074326e7470f284764101e6fc9e53f79.yaml new file mode 100644 index 0000000000..664fe21969 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/donorbox-donation-form-074326e7470f284764101e6fc9e53f79.yaml @@ -0,0 +1,58 @@ +id: donorbox-donation-form-074326e7470f284764101e6fc9e53f79 + +info: + name: > + Donorbox – Free Recurring Donation Form <= 7.1.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4aea6ac-0b36-481c-aa22-db96665404f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/donorbox-donation-form/" + google-query: inurl:"/wp-content/plugins/donorbox-donation-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,donorbox-donation-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/donorbox-donation-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "donorbox-donation-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dont-muck-my-markup-2ead875f47442aad0463d1658f74b76e.yaml b/nuclei-templates/cve-less/plugins/dont-muck-my-markup-2ead875f47442aad0463d1658f74b76e.yaml new file mode 100644 index 0000000000..785dcf2008 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dont-muck-my-markup-2ead875f47442aad0463d1658f74b76e.yaml @@ -0,0 +1,58 @@ +id: dont-muck-my-markup-2ead875f47442aad0463d1658f74b76e + +info: + name: > + Don't Muck My Markup <= 1.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1390c22-3c8d-47f1-b225-1bcbc215832a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dont-muck-my-markup/" + google-query: inurl:"/wp-content/plugins/dont-muck-my-markup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dont-muck-my-markup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dont-muck-my-markup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dont-muck-my-markup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-4cda745fb6b624bf244c2f741ab1add8.yaml b/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-4cda745fb6b624bf244c2f741ab1add8.yaml new file mode 100644 index 0000000000..eabab50f7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-4cda745fb6b624bf244c2f741ab1add8.yaml @@ -0,0 +1,58 @@ +id: doofinder-for-woocommerce-4cda745fb6b624bf244c2f741ab1add8 + +info: + name: > + Doofinder for WooCommerce <= 2.1.7 - Reflected Cross-Site Scripting via tab + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e46a2031-e304-43fb-85bf-ec9abf0b2f90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/doofinder-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/doofinder-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,doofinder-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/doofinder-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "doofinder-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-5e9722517850435a4c6751ba68e3f182.yaml b/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-5e9722517850435a4c6751ba68e3f182.yaml new file mode 100644 index 0000000000..cdd807d3c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-5e9722517850435a4c6751ba68e3f182.yaml @@ -0,0 +1,58 @@ +id: doofinder-for-woocommerce-5e9722517850435a4c6751ba68e3f182 + +info: + name: > + Doofinder for WooCommerce <= 2.0.33 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad50e216-f522-4294-a4dc-7f3bd52820b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/doofinder-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/doofinder-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,doofinder-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/doofinder-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "doofinder-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-ccf7ae7c58d11c91be50450cab57d66e.yaml b/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-ccf7ae7c58d11c91be50450cab57d66e.yaml new file mode 100644 index 0000000000..8880eb4db0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-ccf7ae7c58d11c91be50450cab57d66e.yaml @@ -0,0 +1,58 @@ +id: doofinder-for-woocommerce-ccf7ae7c58d11c91be50450cab57d66e + +info: + name: > + Doofinder for WooCommerce <= 2.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13159a71-c183-4fc2-98af-8b9e60508a1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/doofinder-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/doofinder-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,doofinder-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/doofinder-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "doofinder-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-dbc6d35b9d97e2d76a522059041b4184.yaml b/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-dbc6d35b9d97e2d76a522059041b4184.yaml new file mode 100644 index 0000000000..dc6b681203 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/doofinder-for-woocommerce-dbc6d35b9d97e2d76a522059041b4184.yaml @@ -0,0 +1,58 @@ +id: doofinder-for-woocommerce-dbc6d35b9d97e2d76a522059041b4184 + +info: + name: > + Doofinder for WooCommerce <= 1.5.49 - Unauthenticated Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7414779e-7241-4ab2-9b1f-34c3e1acc66b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/doofinder-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/doofinder-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,doofinder-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/doofinder-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "doofinder-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.49') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/double-opt-in-for-download-de1a73429738ac6f52decf46ff2bdf86.yaml b/nuclei-templates/cve-less/plugins/double-opt-in-for-download-de1a73429738ac6f52decf46ff2bdf86.yaml new file mode 100644 index 0000000000..df700d1b9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/double-opt-in-for-download-de1a73429738ac6f52decf46ff2bdf86.yaml @@ -0,0 +1,58 @@ +id: double-opt-in-for-download-de1a73429738ac6f52decf46ff2bdf86 + +info: + name: > + Double Opt-In for Download <= 2.0.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/540ac650-6bfd-4ee2-b3c8-b6444a209b6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/double-opt-in-for-download/" + google-query: inurl:"/wp-content/plugins/double-opt-in-for-download/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,double-opt-in-for-download,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/double-opt-in-for-download/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "double-opt-in-for-download" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dovetail-9a176796080675b246543fba168c027a.yaml b/nuclei-templates/cve-less/plugins/dovetail-9a176796080675b246543fba168c027a.yaml new file mode 100644 index 0000000000..477abdf5de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dovetail-9a176796080675b246543fba168c027a.yaml @@ -0,0 +1,58 @@ +id: dovetail-9a176796080675b246543fba168c027a + +info: + name: > + Dovetail <= 1.2.13 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52983bf6-908a-4287-b89e-cd09b4c48efe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dovetail/" + google-query: inurl:"/wp-content/plugins/dovetail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dovetail,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dovetail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dovetail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/down-as-pdf-7cecc34bfe19dc68894d7b020addf743.yaml b/nuclei-templates/cve-less/plugins/down-as-pdf-7cecc34bfe19dc68894d7b020addf743.yaml new file mode 100644 index 0000000000..8a30749f81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/down-as-pdf-7cecc34bfe19dc68894d7b020addf743.yaml @@ -0,0 +1,58 @@ +id: down-as-pdf-7cecc34bfe19dc68894d7b020addf743 + +info: + name: > + Hacklog Down As PDF <= 2.3.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cad85e1-9af0-44fa-97c7-a108b30891e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/down-as-pdf/" + google-query: inurl:"/wp-content/plugins/down-as-pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,down-as-pdf,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/down-as-pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "down-as-pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-attachments-6f48b6d420d1eeb4f46e78496cf4eb1b.yaml b/nuclei-templates/cve-less/plugins/download-attachments-6f48b6d420d1eeb4f46e78496cf4eb1b.yaml new file mode 100644 index 0000000000..5bee963de2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-attachments-6f48b6d420d1eeb4f46e78496cf4eb1b.yaml @@ -0,0 +1,58 @@ +id: download-attachments-6f48b6d420d1eeb4f46e78496cf4eb1b + +info: + name: > + Download Attachments <= 1.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e977be1-d346-4fcc-89a5-332cbd010d18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-attachments/" + google-query: inurl:"/wp-content/plugins/download-attachments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-attachments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-attachments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-attachments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-info-page-3f433c20605e0478560f661cae839ad8.yaml b/nuclei-templates/cve-less/plugins/download-info-page-3f433c20605e0478560f661cae839ad8.yaml new file mode 100644 index 0000000000..8d7b36bec2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-info-page-3f433c20605e0478560f661cae839ad8.yaml @@ -0,0 +1,58 @@ +id: download-info-page-3f433c20605e0478560f661cae839ad8 + +info: + name: > + WP资源下载管理 <= 1.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa7aad43-54b4-4b9f-9584-292e40be71bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-info-page/" + google-query: inurl:"/wp-content/plugins/download-info-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-info-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-info-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-info-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-010922f26f33a94ab231b7f0fdab049f.yaml b/nuclei-templates/cve-less/plugins/download-manager-010922f26f33a94ab231b7f0fdab049f.yaml new file mode 100644 index 0000000000..872870dc37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-010922f26f33a94ab231b7f0fdab049f.yaml @@ -0,0 +1,58 @@ +id: download-manager-010922f26f33a94ab231b7f0fdab049f + +info: + name: > + WordPress Download Manager <= 3.1.24 - Authenticated File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cde1f4d-0212-48b1-a0ef-ba923c37ab50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-07b6f9539cc79b55c833c05dca993fdb.yaml b/nuclei-templates/cve-less/plugins/download-manager-07b6f9539cc79b55c833c05dca993fdb.yaml new file mode 100644 index 0000000000..faea53f474 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-07b6f9539cc79b55c833c05dca993fdb.yaml @@ -0,0 +1,58 @@ +id: download-manager-07b6f9539cc79b55c833c05dca993fdb + +info: + name: > + WordPress Download Manager <= 2.7.2 - Authenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/567782f9-a050-4e68-9491-e038d7e383f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-1c63696c8009b48d027fd7d86fee0dcb.yaml b/nuclei-templates/cve-less/plugins/download-manager-1c63696c8009b48d027fd7d86fee0dcb.yaml new file mode 100644 index 0000000000..f4cfa7baf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-1c63696c8009b48d027fd7d86fee0dcb.yaml @@ -0,0 +1,58 @@ +id: download-manager-1c63696c8009b48d027fd7d86fee0dcb + +info: + name: > + Download Manager <= 3.2.70 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a66bc196-e5f8-46b4-a81c-c888eb64021c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.70') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-300ac7058f885b1b1ecbf0131074eaf1.yaml b/nuclei-templates/cve-less/plugins/download-manager-300ac7058f885b1b1ecbf0131074eaf1.yaml new file mode 100644 index 0000000000..4f89948720 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-300ac7058f885b1b1ecbf0131074eaf1.yaml @@ -0,0 +1,58 @@ +id: download-manager-300ac7058f885b1b1ecbf0131074eaf1 + +info: + name: > + Download Manager <= 3.2.48 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41b3a62c-9586-4c87-828a-584dfe386a37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.48') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-30d61c53466fa58934f9b72c5790a166.yaml b/nuclei-templates/cve-less/plugins/download-manager-30d61c53466fa58934f9b72c5790a166.yaml new file mode 100644 index 0000000000..e27c16d97e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-30d61c53466fa58934f9b72c5790a166.yaml @@ -0,0 +1,58 @@ +id: download-manager-30d61c53466fa58934f9b72c5790a166 + +info: + name: > + Download Manager <= 3.2.54 - Authenticated (Admin+) Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e2527d4-750d-4e36-ae27-920105958c21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.55') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-31395bccdb490b805531cabc85d6de58.yaml b/nuclei-templates/cve-less/plugins/download-manager-31395bccdb490b805531cabc85d6de58.yaml new file mode 100644 index 0000000000..9a1ae5b35f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-31395bccdb490b805531cabc85d6de58.yaml @@ -0,0 +1,58 @@ +id: download-manager-31395bccdb490b805531cabc85d6de58 + +info: + name: > + Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/471957f6-54c1-4268-b2e1-8efa391dcaec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.49') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-31bb9a1a6021af8a029348a6ecc96852.yaml b/nuclei-templates/cve-less/plugins/download-manager-31bb9a1a6021af8a029348a6ecc96852.yaml new file mode 100644 index 0000000000..ee2a279d48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-31bb9a1a6021af8a029348a6ecc96852.yaml @@ -0,0 +1,58 @@ +id: download-manager-31bb9a1a6021af8a029348a6ecc96852 + +info: + name: > + Download Manager <= 3.2.46 - Contributor+ Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b399929a-db33-419f-9218-b86ee88a9f1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-36d2ad9a774b3ffdb359958bc8b37040.yaml b/nuclei-templates/cve-less/plugins/download-manager-36d2ad9a774b3ffdb359958bc8b37040.yaml new file mode 100644 index 0000000000..2d2d578618 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-36d2ad9a774b3ffdb359958bc8b37040.yaml @@ -0,0 +1,58 @@ +id: download-manager-36d2ad9a774b3ffdb359958bc8b37040 + +info: + name: > + WordPress Download Manager < 2.9.51 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97690bde-f2c6-429b-8d5a-51bee4a981ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-46f8f7fca478042503cff5486b63739f.yaml b/nuclei-templates/cve-less/plugins/download-manager-46f8f7fca478042503cff5486b63739f.yaml new file mode 100644 index 0000000000..967a184cc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-46f8f7fca478042503cff5486b63739f.yaml @@ -0,0 +1,58 @@ +id: download-manager-46f8f7fca478042503cff5486b63739f + +info: + name: > + Download Manager <= 3.2.38 - Unauthenticated Brute Force of File Master Key + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/feb056b0-5ea0-4257-8d58-0e29b3c304bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-5425379653c5c62de7cbdf4b522ef322.yaml b/nuclei-templates/cve-less/plugins/download-manager-5425379653c5c62de7cbdf4b522ef322.yaml new file mode 100644 index 0000000000..35f1d25bdf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-5425379653c5c62de7cbdf4b522ef322.yaml @@ -0,0 +1,58 @@ +id: download-manager-5425379653c5c62de7cbdf4b522ef322 + +info: + name: > + WordPress Download Manager <= 2.9.49 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf90d284-9db8-464b-ae01-f1979408b351?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-6811835f1b3b62a667088ec060a91ec5.yaml b/nuclei-templates/cve-less/plugins/download-manager-6811835f1b3b62a667088ec060a91ec5.yaml new file mode 100644 index 0000000000..67acd60696 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-6811835f1b3b62a667088ec060a91ec5.yaml @@ -0,0 +1,58 @@ +id: download-manager-6811835f1b3b62a667088ec060a91ec5 + +info: + name: > + Download Manager <= 3.2.50 - Authenticated (Contributor+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3c9c798-8545-475e-879b-7e44dac493f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-6855332cd5767d389db903e31b1c4f88.yaml b/nuclei-templates/cve-less/plugins/download-manager-6855332cd5767d389db903e31b1c4f88.yaml new file mode 100644 index 0000000000..5c3a2019ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-6855332cd5767d389db903e31b1c4f88.yaml @@ -0,0 +1,58 @@ +id: download-manager-6855332cd5767d389db903e31b1c4f88 + +info: + name: > + Download Manager <= 3.2.59 - Refleced Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10b46c11-1b34-4da4-a24d-103c663ca315?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-6aa900a875605d12f51c36a7aee68e0c.yaml b/nuclei-templates/cve-less/plugins/download-manager-6aa900a875605d12f51c36a7aee68e0c.yaml new file mode 100644 index 0000000000..2d439b6eec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-6aa900a875605d12f51c36a7aee68e0c.yaml @@ -0,0 +1,58 @@ +id: download-manager-6aa900a875605d12f51c36a7aee68e0c + +info: + name: > + WordPress Download Manager <= 3.1.24 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/776fc47e-a86c-43dc-8d5e-50273c4411b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-7381977dcbbf38890f97270b77e9814a.yaml b/nuclei-templates/cve-less/plugins/download-manager-7381977dcbbf38890f97270b77e9814a.yaml new file mode 100644 index 0000000000..c55a7b4464 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-7381977dcbbf38890f97270b77e9814a.yaml @@ -0,0 +1,58 @@ +id: download-manager-7381977dcbbf38890f97270b77e9814a + +info: + name: > + WordPress Download Manager <= 2.9.93 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b602f33-ae2f-4349-a8be-901a9eec91c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.94') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-899169b3fe14c55dc2775d2907a0f4d5.yaml b/nuclei-templates/cve-less/plugins/download-manager-899169b3fe14c55dc2775d2907a0f4d5.yaml new file mode 100644 index 0000000000..c1cd065bff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-899169b3fe14c55dc2775d2907a0f4d5.yaml @@ -0,0 +1,58 @@ +id: download-manager-899169b3fe14c55dc2775d2907a0f4d5 + +info: + name: > + Download Manager < 2.5.9 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/446b160a-299e-4f91-bd49-02a7a16b6e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-93730c80f26663486b577cf1ff9df8f4.yaml b/nuclei-templates/cve-less/plugins/download-manager-93730c80f26663486b577cf1ff9df8f4.yaml new file mode 100644 index 0000000000..5746098729 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-93730c80f26663486b577cf1ff9df8f4.yaml @@ -0,0 +1,58 @@ +id: download-manager-93730c80f26663486b577cf1ff9df8f4 + +info: + name: > + Download Manager <= 3.2.43 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cace29fd-95d0-48ea-8dfa-6fd12dd9ccbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.43') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-93832a5ea647bdf515b56a86b8d86d79.yaml b/nuclei-templates/cve-less/plugins/download-manager-93832a5ea647bdf515b56a86b8d86d79.yaml new file mode 100644 index 0000000000..9a4b96ddf5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-93832a5ea647bdf515b56a86b8d86d79.yaml @@ -0,0 +1,58 @@ +id: download-manager-93832a5ea647bdf515b56a86b8d86d79 + +info: + name: > + Download Manager <= 3.2.82 - Unauthenticated Password Leak + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f9cece7-a158-41ae-816b-1054da830724?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.82') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-9a4aa24f23eceeee8bc7c02ddb1c2cce.yaml b/nuclei-templates/cve-less/plugins/download-manager-9a4aa24f23eceeee8bc7c02ddb1c2cce.yaml new file mode 100644 index 0000000000..94accfe8af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-9a4aa24f23eceeee8bc7c02ddb1c2cce.yaml @@ -0,0 +1,58 @@ +id: download-manager-9a4aa24f23eceeee8bc7c02ddb1c2cce + +info: + name: > + Download Manager <= 3.2.34 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8f24fae-6a8b-4c67-a204-c085ae43552f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-9b3649e551e8d75fa74f183c3fac393e.yaml b/nuclei-templates/cve-less/plugins/download-manager-9b3649e551e8d75fa74f183c3fac393e.yaml new file mode 100644 index 0000000000..ced85d079f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-9b3649e551e8d75fa74f183c3fac393e.yaml @@ -0,0 +1,58 @@ +id: download-manager-9b3649e551e8d75fa74f183c3fac393e + +info: + name: > + Download Manager Pro <= 6.2.9 - Unauthenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88d80702-a987-4b12-a003-2fa564fda409?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.0', '< 6.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-a251d6368bb7c15c47f1a00b82a60c06.yaml b/nuclei-templates/cve-less/plugins/download-manager-a251d6368bb7c15c47f1a00b82a60c06.yaml new file mode 100644 index 0000000000..897919311b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-a251d6368bb7c15c47f1a00b82a60c06.yaml @@ -0,0 +1,58 @@ +id: download-manager-a251d6368bb7c15c47f1a00b82a60c06 + +info: + name: > + Download Manager <= 3.2.49 - IP Blocking Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9611732-67aa-4940-8df1-c0ed7baad985?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.49') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-baeb593e80daf8c0e9aa6de629d61f7e.yaml b/nuclei-templates/cve-less/plugins/download-manager-baeb593e80daf8c0e9aa6de629d61f7e.yaml new file mode 100644 index 0000000000..01d86f821f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-baeb593e80daf8c0e9aa6de629d61f7e.yaml @@ -0,0 +1,58 @@ +id: download-manager-baeb593e80daf8c0e9aa6de629d61f7e + +info: + name: > + Download Manager <= 3.2.84 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3608ca-8ed6-46ff-8e57-d8b68f91b9f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.84') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-bc9258a94f7c2dba9bd7d9f332571167.yaml b/nuclei-templates/cve-less/plugins/download-manager-bc9258a94f7c2dba9bd7d9f332571167.yaml new file mode 100644 index 0000000000..f5fc8df63c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-bc9258a94f7c2dba9bd7d9f332571167.yaml @@ -0,0 +1,58 @@ +id: download-manager-bc9258a94f7c2dba9bd7d9f332571167 + +info: + name: > + WordPress Download Manager <= 3.2.15 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a73d326-cd27-4719-8c26-3aa5dce837c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-c1281bc3be6489439619d6a7c7e1abac.yaml b/nuclei-templates/cve-less/plugins/download-manager-c1281bc3be6489439619d6a7c7e1abac.yaml new file mode 100644 index 0000000000..b0dd98c28e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-c1281bc3be6489439619d6a7c7e1abac.yaml @@ -0,0 +1,58 @@ +id: download-manager-c1281bc3be6489439619d6a7c7e1abac + +info: + name: > + Download Manager <= 3.2.84 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfb0da20-99f1-4bf1-8b30-3c8d15bf9679?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.84') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-c202e0ac545cb4289f68113596303c38.yaml b/nuclei-templates/cve-less/plugins/download-manager-c202e0ac545cb4289f68113596303c38.yaml new file mode 100644 index 0000000000..7e2bd5025c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-c202e0ac545cb4289f68113596303c38.yaml @@ -0,0 +1,58 @@ +id: download-manager-c202e0ac545cb4289f68113596303c38 + +info: + name: > + Download Manager <= 3.2.61 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07a31d5c-b8c5-4523-8883-ba1e919c0ab1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.61') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-ca1ac4d2663fee70b0283b8708b4ae50.yaml b/nuclei-templates/cve-less/plugins/download-manager-ca1ac4d2663fee70b0283b8708b4ae50.yaml new file mode 100644 index 0000000000..973b66c4ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-ca1ac4d2663fee70b0283b8708b4ae50.yaml @@ -0,0 +1,58 @@ +id: download-manager-ca1ac4d2663fee70b0283b8708b4ae50 + +info: + name: > + Download Manager <= 3.2.70 - Insufficient Authorization to Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b48bc632-c825-48e0-8766-3ac59e5b87c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.70') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-cb8528ea228de7c195be74b03a1cf056.yaml b/nuclei-templates/cve-less/plugins/download-manager-cb8528ea228de7c195be74b03a1cf056.yaml new file mode 100644 index 0000000000..34781963f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-cb8528ea228de7c195be74b03a1cf056.yaml @@ -0,0 +1,58 @@ +id: download-manager-cb8528ea228de7c195be74b03a1cf056 + +info: + name: > + Download Manager <= 3.2.48 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/228147c2-97c6-4910-b9b2-d6ca62fc1760?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.48') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-cf4fa8f0c990098bbe171db8d667a080.yaml b/nuclei-templates/cve-less/plugins/download-manager-cf4fa8f0c990098bbe171db8d667a080.yaml new file mode 100644 index 0000000000..91318734e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-cf4fa8f0c990098bbe171db8d667a080.yaml @@ -0,0 +1,58 @@ +id: download-manager-cf4fa8f0c990098bbe171db8d667a080 + +info: + name: > + WordPress Download Manager <= 3.2.21 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a03e67-f36f-441a-a2fd-a545efa06c00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-dc6aa910a851ae74e5606d96e36b1052.yaml b/nuclei-templates/cve-less/plugins/download-manager-dc6aa910a851ae74e5606d96e36b1052.yaml new file mode 100644 index 0000000000..bcd5f1dc1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-dc6aa910a851ae74e5606d96e36b1052.yaml @@ -0,0 +1,58 @@ +id: download-manager-dc6aa910a851ae74e5606d96e36b1052 + +info: + name: > + WordPress Download Manager <= 2.9.51 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44c31db3-6dfa-4d42-9c3b-73dde9bc49b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-dc8ff7d3332154eb2062f549788da3cc.yaml b/nuclei-templates/cve-less/plugins/download-manager-dc8ff7d3332154eb2062f549788da3cc.yaml new file mode 100644 index 0000000000..a5bcef77bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-dc8ff7d3332154eb2062f549788da3cc.yaml @@ -0,0 +1,58 @@ +id: download-manager-dc8ff7d3332154eb2062f549788da3cc + +info: + name: > + Download Manager <= 3.2.48 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4654609e-ed3e-4268-a9a4-80bc563e0a64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.48') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-de1ce77814c2edc391436dd273126a1e.yaml b/nuclei-templates/cve-less/plugins/download-manager-de1ce77814c2edc391436dd273126a1e.yaml new file mode 100644 index 0000000000..204a4bb38e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-de1ce77814c2edc391436dd273126a1e.yaml @@ -0,0 +1,58 @@ +id: download-manager-de1ce77814c2edc391436dd273126a1e + +info: + name: > + Download Manager <= 3.2.85 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cdd64a4-040b-4dc9-a8df-dbecfeb928c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.85') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-e505994846479615d49d4f4342d7b65f.yaml b/nuclei-templates/cve-less/plugins/download-manager-e505994846479615d49d4f4342d7b65f.yaml new file mode 100644 index 0000000000..64f72a5d41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-e505994846479615d49d4f4342d7b65f.yaml @@ -0,0 +1,58 @@ +id: download-manager-e505994846479615d49d4f4342d7b65f + +info: + name: > + Download Manager <= 3.2.42 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79fcf18e-39f7-42f2-90e4-3a5bac3382e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-manager-e5651ec96e6ca99165a7dcf4611fe4ad.yaml b/nuclei-templates/cve-less/plugins/download-manager-e5651ec96e6ca99165a7dcf4611fe4ad.yaml new file mode 100644 index 0000000000..a90d339253 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-manager-e5651ec96e6ca99165a7dcf4611fe4ad.yaml @@ -0,0 +1,58 @@ +id: download-manager-e5651ec96e6ca99165a7dcf4611fe4ad + +info: + name: > + WordPress Download Manager <= 3.2.33 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed6e0136-f4fa-4739-b02d-b53091991e58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-manager/" + google-query: inurl:"/wp-content/plugins/download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-media-43eedc047028750edf0998930243bbd6.yaml b/nuclei-templates/cve-less/plugins/download-media-43eedc047028750edf0998930243bbd6.yaml new file mode 100644 index 0000000000..41e7682ab5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-media-43eedc047028750edf0998930243bbd6.yaml @@ -0,0 +1,58 @@ +id: download-media-43eedc047028750edf0998930243bbd6 + +info: + name: > + Download Media <= 1.4.2 - Missing Authorization via generate_link_for_media + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f4f7cb9-22ef-46fb-bb0a-98fe9af32d38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-media/" + google-query: inurl:"/wp-content/plugins/download-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-media,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-2ee20ef00c8dffbd5ed7b6a797548996.yaml b/nuclei-templates/cve-less/plugins/download-monitor-2ee20ef00c8dffbd5ed7b6a797548996.yaml new file mode 100644 index 0000000000..d0f591f8e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-2ee20ef00c8dffbd5ed7b6a797548996.yaml @@ -0,0 +1,58 @@ +id: download-monitor-2ee20ef00c8dffbd5ed7b6a797548996 + +info: + name: > + Download Monitor <= 4.5.97 - Authenticated (Administrator+) Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6aa0dfdf-95b0-48a2-8281-1872b99b87d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.97') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-5c72e030a59da55164488a0121d8367a.yaml b/nuclei-templates/cve-less/plugins/download-monitor-5c72e030a59da55164488a0121d8367a.yaml new file mode 100644 index 0000000000..c5d5c62271 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-5c72e030a59da55164488a0121d8367a.yaml @@ -0,0 +1,58 @@ +id: download-monitor-5c72e030a59da55164488a0121d8367a + +info: + name: > + Download Monitor <= 4.8.3 - Authenticated(Subscriber+) Arbitrary File Upload via upload_file + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/657b1b7b-eac2-4935-a50f-0849c4e96b16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-8d4bf28803761cae038f398e0f1dd848.yaml b/nuclei-templates/cve-less/plugins/download-monitor-8d4bf28803761cae038f398e0f1dd848.yaml new file mode 100644 index 0000000000..44ab865e72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-8d4bf28803761cae038f398e0f1dd848.yaml @@ -0,0 +1,58 @@ +id: download-monitor-8d4bf28803761cae038f398e0f1dd848 + +info: + name: > + Download Monitor <= 4.5.9 - Authenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ce15d38-c5bc-441b-976a-60a3e90b5a30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-9156a008e8a44bce922b7f9ab6484346.yaml b/nuclei-templates/cve-less/plugins/download-monitor-9156a008e8a44bce922b7f9ab6484346.yaml new file mode 100644 index 0000000000..f97e512193 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-9156a008e8a44bce922b7f9ab6484346.yaml @@ -0,0 +1,58 @@ +id: download-monitor-9156a008e8a44bce922b7f9ab6484346 + +info: + name: > + Download Monitor <= 4.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/748d01ca-9dd5-4d03-88e7-e80932744fdc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-94ab1a5e48ccfc01b2ab43a21b16e2fe.yaml b/nuclei-templates/cve-less/plugins/download-monitor-94ab1a5e48ccfc01b2ab43a21b16e2fe.yaml new file mode 100644 index 0000000000..601df218ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-94ab1a5e48ccfc01b2ab43a21b16e2fe.yaml @@ -0,0 +1,58 @@ +id: download-monitor-94ab1a5e48ccfc01b2ab43a21b16e2fe + +info: + name: > + Download Monitor <= 3.3.5.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5df79e6-649e-4213-b2ff-bc994b372224?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-9c43290fa22148f68ff47d72abec5161.yaml b/nuclei-templates/cve-less/plugins/download-monitor-9c43290fa22148f68ff47d72abec5161.yaml new file mode 100644 index 0000000000..de0253ac8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-9c43290fa22148f68ff47d72abec5161.yaml @@ -0,0 +1,58 @@ +id: download-monitor-9c43290fa22148f68ff47d72abec5161 + +info: + name: > + Download Monitor < 1.7.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8305be9c-cad5-4bbc-beab-0730a9abe1d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-9ecbfebe7e10d279275667a070df122b.yaml b/nuclei-templates/cve-less/plugins/download-monitor-9ecbfebe7e10d279275667a070df122b.yaml new file mode 100644 index 0000000000..f910e9af43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-9ecbfebe7e10d279275667a070df122b.yaml @@ -0,0 +1,58 @@ +id: download-monitor-9ecbfebe7e10d279275667a070df122b + +info: + name: > + Download Monitor <= 4.9.4 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/105ae6be-2cb7-4ab2-8e4c-5d3ff84c5b9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-a760bafd1cd95a91af8a27215ef05ba2.yaml b/nuclei-templates/cve-less/plugins/download-monitor-a760bafd1cd95a91af8a27215ef05ba2.yaml new file mode 100644 index 0000000000..70b960c1a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-a760bafd1cd95a91af8a27215ef05ba2.yaml @@ -0,0 +1,58 @@ +id: download-monitor-a760bafd1cd95a91af8a27215ef05ba2 + +info: + name: > + Download Monitor < 3.3.6.2 - Cross-Site Scripting via p Parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/134b6e4d-c38f-4d52-b6dd-fd49ea0e6581?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-bdf53bf0d4580f34f6ebb2e5285d2f9e.yaml b/nuclei-templates/cve-less/plugins/download-monitor-bdf53bf0d4580f34f6ebb2e5285d2f9e.yaml new file mode 100644 index 0000000000..66a64e9eab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-bdf53bf0d4580f34f6ebb2e5285d2f9e.yaml @@ -0,0 +1,58 @@ +id: download-monitor-bdf53bf0d4580f34f6ebb2e5285d2f9e + +info: + name: > + Download Monitor <= 4.4.6 - Authenticated (Admin+) Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b515142-4e04-4570-b5cb-18261974c659?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-c5272b0ed6c4fa11625cff04681b3b2d.yaml b/nuclei-templates/cve-less/plugins/download-monitor-c5272b0ed6c4fa11625cff04681b3b2d.yaml new file mode 100644 index 0000000000..6afbca943e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-c5272b0ed6c4fa11625cff04681b3b2d.yaml @@ -0,0 +1,58 @@ +id: download-monitor-c5272b0ed6c4fa11625cff04681b3b2d + +info: + name: > + Download Monitor <= 2.0.6 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4770441f-5d8b-4edb-93e3-d2d73f145d26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-cae783a6ecd0d5e0f3f782adb9bd7358.yaml b/nuclei-templates/cve-less/plugins/download-monitor-cae783a6ecd0d5e0f3f782adb9bd7358.yaml new file mode 100644 index 0000000000..874aee488d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-cae783a6ecd0d5e0f3f782adb9bd7358.yaml @@ -0,0 +1,58 @@ +id: download-monitor-cae783a6ecd0d5e0f3f782adb9bd7358 + +info: + name: > + Download Monitor < 3.3.6.2 - Cross-Site Scripting via sort Parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1774b9b6-b98b-410c-98eb-326eda53adca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-ce4d8c6c1d15b00a6a80a41c19c0a53f.yaml b/nuclei-templates/cve-less/plugins/download-monitor-ce4d8c6c1d15b00a6a80a41c19c0a53f.yaml new file mode 100644 index 0000000000..9ba8358927 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-ce4d8c6c1d15b00a6a80a41c19c0a53f.yaml @@ -0,0 +1,58 @@ +id: download-monitor-ce4d8c6c1d15b00a6a80a41c19c0a53f + +info: + name: > + Download Monitor <= 4.8.1 - Authenticated (Admin+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a03f0780-796c-41a3-8f06-04f76e0da2da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-e38136ce40ff372555239319f35c2227.yaml b/nuclei-templates/cve-less/plugins/download-monitor-e38136ce40ff372555239319f35c2227.yaml new file mode 100644 index 0000000000..9f62d193cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-e38136ce40ff372555239319f35c2227.yaml @@ -0,0 +1,58 @@ +id: download-monitor-e38136ce40ff372555239319f35c2227 + +info: + name: > + Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddf67d69-f362-4380-a396-300c7edbd9f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.60') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-e73148573c5807bdfaeaab5f8604f081.yaml b/nuclei-templates/cve-less/plugins/download-monitor-e73148573c5807bdfaeaab5f8604f081.yaml new file mode 100644 index 0000000000..05d57a5250 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-e73148573c5807bdfaeaab5f8604f081.yaml @@ -0,0 +1,58 @@ +id: download-monitor-e73148573c5807bdfaeaab5f8604f081 + +info: + name: > + Download Monitor <= 4.4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/306facf0-b1e4-4ba7-9462-f94af01d628d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-monitor-ee37641121dd5ca3e58a921bd679af5c.yaml b/nuclei-templates/cve-less/plugins/download-monitor-ee37641121dd5ca3e58a921bd679af5c.yaml new file mode 100644 index 0000000000..14e6ae5f28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-monitor-ee37641121dd5ca3e58a921bd679af5c.yaml @@ -0,0 +1,58 @@ +id: download-monitor-ee37641121dd5ca3e58a921bd679af5c + +info: + name: > + Download Monitor <= 4.4.4 - Admin+ SQL Injection via orderby parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96b68824-3080-4959-a7d7-43d29c5c4119?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-monitor/" + google-query: inurl:"/wp-content/plugins/download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-monitor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-now-for-woocommerce-d82977967e8370fff3f7aa446912e4fd.yaml b/nuclei-templates/cve-less/plugins/download-now-for-woocommerce-d82977967e8370fff3f7aa446912e4fd.yaml new file mode 100644 index 0000000000..556c7cd294 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-now-for-woocommerce-d82977967e8370fff3f7aa446912e4fd.yaml @@ -0,0 +1,58 @@ +id: download-now-for-woocommerce-d82977967e8370fff3f7aa446912e4fd + +info: + name: > + Free Downloads WooCommerce <= 3.5.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1793922f-c03a-4b66-a2e0-5729f0d4c4d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-now-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/download-now-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-now-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-now-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-now-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-plugin-10e0131bc3cbf1f9a7e37ed7d5c2a1cf.yaml b/nuclei-templates/cve-less/plugins/download-plugin-10e0131bc3cbf1f9a7e37ed7d5c2a1cf.yaml new file mode 100644 index 0000000000..d7fc63ab3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-plugin-10e0131bc3cbf1f9a7e37ed7d5c2a1cf.yaml @@ -0,0 +1,58 @@ +id: download-plugin-10e0131bc3cbf1f9a7e37ed7d5c2a1cf + +info: + name: > + Download Plugin < 1.6.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/585a7332-b063-463c-8077-68a860e14df2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-plugin/" + google-query: inurl:"/wp-content/plugins/download-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-plugin-8a3bfba63e8785572c67f2c51b59a6d0.yaml b/nuclei-templates/cve-less/plugins/download-plugin-8a3bfba63e8785572c67f2c51b59a6d0.yaml new file mode 100644 index 0000000000..64fe1e9fde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-plugin-8a3bfba63e8785572c67f2c51b59a6d0.yaml @@ -0,0 +1,58 @@ +id: download-plugin-8a3bfba63e8785572c67f2c51b59a6d0 + +info: + name: > + Download Plugin <= 1.6.2 - Missing Authorization and Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/634bec5f-e511-4047-9a46-09147ccc3a25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-plugin/" + google-query: inurl:"/wp-content/plugins/download-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-plugin-e331a48b9ae531e85ab7c6eb7fe0575f.yaml b/nuclei-templates/cve-less/plugins/download-plugin-e331a48b9ae531e85ab7c6eb7fe0575f.yaml new file mode 100644 index 0000000000..e7e1024abf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-plugin-e331a48b9ae531e85ab7c6eb7fe0575f.yaml @@ -0,0 +1,58 @@ +id: download-plugin-e331a48b9ae531e85ab7c6eb7fe0575f + +info: + name: > + Download Plugin <= 2.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e48639e-01bb-4980-be6f-bcea3dd16fc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-plugin/" + google-query: inurl:"/wp-content/plugins/download-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-plugins-dashboard-5c3c1a4d657c9a945c9b03f1e7ed6d15.yaml b/nuclei-templates/cve-less/plugins/download-plugins-dashboard-5c3c1a4d657c9a945c9b03f1e7ed6d15.yaml new file mode 100644 index 0000000000..aae3596526 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-plugins-dashboard-5c3c1a4d657c9a945c9b03f1e7ed6d15.yaml @@ -0,0 +1,58 @@ +id: download-plugins-dashboard-5c3c1a4d657c9a945c9b03f1e7ed6d15 + +info: + name: > + Download Plugins and Themes from Dashboard <= 1.5.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab8a13d5-911a-4c25-8d5a-391146971c0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-plugins-dashboard/" + google-query: inurl:"/wp-content/plugins/download-plugins-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-plugins-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-plugins-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-plugins-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-shortcode-075f2aa698fd0722386a96df1a3100c2.yaml b/nuclei-templates/cve-less/plugins/download-shortcode-075f2aa698fd0722386a96df1a3100c2.yaml new file mode 100644 index 0000000000..10bf4af835 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-shortcode-075f2aa698fd0722386a96df1a3100c2.yaml @@ -0,0 +1,58 @@ +id: download-shortcode-075f2aa698fd0722386a96df1a3100c2 + +info: + name: > + Download Shortcode <= 0.2.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bae7516-e9dd-4c0c-b687-9cbe09b4c8bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-shortcode/" + google-query: inurl:"/wp-content/plugins/download-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-theme-132341ac397ed9029ecd03f993b8bfaa.yaml b/nuclei-templates/cve-less/plugins/download-theme-132341ac397ed9029ecd03f993b8bfaa.yaml new file mode 100644 index 0000000000..440d918d82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-theme-132341ac397ed9029ecd03f993b8bfaa.yaml @@ -0,0 +1,58 @@ +id: download-theme-132341ac397ed9029ecd03f993b8bfaa + +info: + name: > + Download Theme <= 1.0.9 - Cross-Site Request Forgery via dtwap_download() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50ca7cf8-bb47-42ea-badc-8bfe0328cbb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-theme/" + google-query: inurl:"/wp-content/plugins/download-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-theme,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-theme/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/download-zip-attachments-dd3d09b236f4e0306f62e328db6df55a.yaml b/nuclei-templates/cve-less/plugins/download-zip-attachments-dd3d09b236f4e0306f62e328db6df55a.yaml new file mode 100644 index 0000000000..ca775ebdbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/download-zip-attachments-dd3d09b236f4e0306f62e328db6df55a.yaml @@ -0,0 +1,58 @@ +id: download-zip-attachments-dd3d09b236f4e0306f62e328db6df55a + +info: + name: > + Download ZIP Attachments <= 1.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad4784ce-38f2-49b7-8323-ce08a16a311b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/download-zip-attachments/" + google-query: inurl:"/wp-content/plugins/download-zip-attachments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,download-zip-attachments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/download-zip-attachments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "download-zip-attachments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/downloader-tiktok-92fda4d05082e41cb8ccd1d0178b61a6.yaml b/nuclei-templates/cve-less/plugins/downloader-tiktok-92fda4d05082e41cb8ccd1d0178b61a6.yaml new file mode 100644 index 0000000000..4bdc18f97f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/downloader-tiktok-92fda4d05082e41cb8ccd1d0178b61a6.yaml @@ -0,0 +1,58 @@ +id: downloader-tiktok-92fda4d05082e41cb8ccd1d0178b61a6 + +info: + name: > + Video Downloader for TikTok < 1.4 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80e85c7e-41e5-4b21-aa99-aa2097dfc4a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/downloader-tiktok/" + google-query: inurl:"/wp-content/plugins/downloader-tiktok/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,downloader-tiktok,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/downloader-tiktok/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "downloader-tiktok" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/downloader-tiktok-e50a1a1ba5097a77ccf546f0f88efdf8.yaml b/nuclei-templates/cve-less/plugins/downloader-tiktok-e50a1a1ba5097a77ccf546f0f88efdf8.yaml new file mode 100644 index 0000000000..48c6049228 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/downloader-tiktok-e50a1a1ba5097a77ccf546f0f88efdf8.yaml @@ -0,0 +1,58 @@ +id: downloader-tiktok-e50a1a1ba5097a77ccf546f0f88efdf8 + +info: + name: > + Video Downloader for TikTok < 1.4 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9aae623-abff-4216-981f-dcd13f367a8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/downloader-tiktok/" + google-query: inurl:"/wp-content/plugins/downloader-tiktok/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,downloader-tiktok,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/downloader-tiktok/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "downloader-tiktok" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/downloadmanager-90ce5b5c6d8ae42fe1a7818063e130ea.yaml b/nuclei-templates/cve-less/plugins/downloadmanager-90ce5b5c6d8ae42fe1a7818063e130ea.yaml new file mode 100644 index 0000000000..792fe586cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/downloadmanager-90ce5b5c6d8ae42fe1a7818063e130ea.yaml @@ -0,0 +1,58 @@ +id: downloadmanager-90ce5b5c6d8ae42fe1a7818063e130ea + +info: + name: > + Download Manager <= 3.2.82 - Password Protected File Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38fd8881-94f6-4330-a519-7582e253e057?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/downloadmanager/" + google-query: inurl:"/wp-content/plugins/downloadmanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,downloadmanager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/downloadmanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "downloadmanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.82') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/downloads-manager-4995a23c57ea82d00ee47f5cbb214fc8.yaml b/nuclei-templates/cve-less/plugins/downloads-manager-4995a23c57ea82d00ee47f5cbb214fc8.yaml new file mode 100644 index 0000000000..fa71d8f56e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/downloads-manager-4995a23c57ea82d00ee47f5cbb214fc8.yaml @@ -0,0 +1,58 @@ +id: downloads-manager-4995a23c57ea82d00ee47f5cbb214fc8 + +info: + name: > + Downloads Manager <= 0.2 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b458323-5fca-4fed-8c98-dfe69fd7a997?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/downloads-manager/" + google-query: inurl:"/wp-content/plugins/downloads-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,downloads-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/downloads-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "downloads-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dp-maintenance-mode-lite-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/dp-maintenance-mode-lite-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..321c03921b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dp-maintenance-mode-lite-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: dp-maintenance-mode-lite-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dp-maintenance-mode-lite/" + google-query: inurl:"/wp-content/plugins/dp-maintenance-mode-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dp-maintenance-mode-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dp-maintenance-mode-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dp-maintenance-mode-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dpt-oauth-client-809d63af1f69964de8a6d451fb63eac3.yaml b/nuclei-templates/cve-less/plugins/dpt-oauth-client-809d63af1f69964de8a6d451fb63eac3.yaml new file mode 100644 index 0000000000..da76f83ddf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dpt-oauth-client-809d63af1f69964de8a6d451fb63eac3.yaml @@ -0,0 +1,58 @@ +id: dpt-oauth-client-809d63af1f69964de8a6d451fb63eac3 + +info: + name: > + OAuth Client by DigitialPixies <= 1.1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c643074-d57e-4878-b61d-2790ce9dadaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dpt-oauth-client/" + google-query: inurl:"/wp-content/plugins/dpt-oauth-client/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dpt-oauth-client,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dpt-oauth-client/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dpt-oauth-client" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dpt-oauth-client-c6fe3e98ca720b92fad33bdf271aacdd.yaml b/nuclei-templates/cve-less/plugins/dpt-oauth-client-c6fe3e98ca720b92fad33bdf271aacdd.yaml new file mode 100644 index 0000000000..eeae4f9a65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dpt-oauth-client-c6fe3e98ca720b92fad33bdf271aacdd.yaml @@ -0,0 +1,58 @@ +id: dpt-oauth-client-c6fe3e98ca720b92fad33bdf271aacdd + +info: + name: > + OAuth Client by DigitialPixies <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb4d6d2c-a69d-492e-a2d5-fabfaef82f68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dpt-oauth-client/" + google-query: inurl:"/wp-content/plugins/dpt-oauth-client/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dpt-oauth-client,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dpt-oauth-client/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dpt-oauth-client" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dracula-dark-mode-e474bd135ff4b7c6170c11705966b7d8.yaml b/nuclei-templates/cve-less/plugins/dracula-dark-mode-e474bd135ff4b7c6170c11705966b7d8.yaml new file mode 100644 index 0000000000..fec258f7e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dracula-dark-mode-e474bd135ff4b7c6170c11705966b7d8.yaml @@ -0,0 +1,58 @@ +id: dracula-dark-mode-e474bd135ff4b7c6170c11705966b7d8 + +info: + name: > + Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb2918c4-b9b5-4cc3-a4fa-625944984a20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dracula-dark-mode/" + google-query: inurl:"/wp-content/plugins/dracula-dark-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dracula-dark-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dracula-dark-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dracula-dark-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-0ef90759a645e5a0a85f1ab3e04c6459.yaml b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-0ef90759a645e5a0a85f1ab3e04c6459.yaml new file mode 100644 index 0000000000..4da36d5190 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-0ef90759a645e5a0a85f1ab3e04c6459.yaml @@ -0,0 +1,58 @@ +id: drag-and-drop-multiple-file-upload-contact-form-7-0ef90759a645e5a0a85f1ab3e04c6459 + +info: + name: > + Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.4 - File Upload Size Limit Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd46539-a55e-45ab-93b2-6a1703a91271?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drag-and-drop-multiple-file-upload-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-230e494196dc43c26e1062437fc400cf.yaml b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-230e494196dc43c26e1062437fc400cf.yaml new file mode 100644 index 0000000000..1a67f15cf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-230e494196dc43c26e1062437fc400cf.yaml @@ -0,0 +1,58 @@ +id: drag-and-drop-multiple-file-upload-contact-form-7-230e494196dc43c26e1062437fc400cf + +info: + name: > + Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.7.3 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b3be300-5b7f-4844-8637-1bb8c939ed4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drag-and-drop-multiple-file-upload-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-3a4354d7b58ccedc4bd821a299d4d814.yaml b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-3a4354d7b58ccedc4bd821a299d4d814.yaml new file mode 100644 index 0000000000..37c18b8428 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-3a4354d7b58ccedc4bd821a299d4d814.yaml @@ -0,0 +1,58 @@ +id: drag-and-drop-multiple-file-upload-contact-form-7-3a4354d7b58ccedc4bd821a299d4d814 + +info: + name: > + Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.6.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbaba6cb-a829-4c07-b068-bdcb6a646450?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drag-and-drop-multiple-file-upload-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-7e7eb2b24e63bfc8cd18835a55a41f43.yaml b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-7e7eb2b24e63bfc8cd18835a55a41f43.yaml new file mode 100644 index 0000000000..f71748d83c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-7e7eb2b24e63bfc8cd18835a55a41f43.yaml @@ -0,0 +1,58 @@ +id: drag-and-drop-multiple-file-upload-contact-form-7-7e7eb2b24e63bfc8cd18835a55a41f43 + +info: + name: > + Drag and Drop Multiple File Upload - Contact Form 7 <= 1.3.3.2 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/023910d0-c2eb-41cd-9d42-606c4cbb8059?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-contact-form-7,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drag-and-drop-multiple-file-upload-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-c5b846fbda39bbc2b213c6450fb38da1.yaml b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-c5b846fbda39bbc2b213c6450fb38da1.yaml new file mode 100644 index 0000000000..0af4149d8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-c5b846fbda39bbc2b213c6450fb38da1.yaml @@ -0,0 +1,58 @@ +id: drag-and-drop-multiple-file-upload-contact-form-7-c5b846fbda39bbc2b213c6450fb38da1 + +info: + name: > + Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.5 - Cross-Site Request Forgery in dnd_upload_cf7_upload and dnd_codedropz_upload_delete + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8b1015f-6825-4813-b5db-71f1c1e88310?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-contact-form-7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drag-and-drop-multiple-file-upload-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-dfa883323c53046606f4e4db00277596.yaml b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-dfa883323c53046606f4e4db00277596.yaml new file mode 100644 index 0000000000..50fbf0ef46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-contact-form-7-dfa883323c53046606f4e4db00277596.yaml @@ -0,0 +1,58 @@ +id: drag-and-drop-multiple-file-upload-contact-form-7-dfa883323c53046606f4e4db00277596 + +info: + name: > + Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.7.7 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/153cb585-4eea-4959-85b1-2487be11f116?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drag-and-drop-multiple-file-upload-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drag-and-drop-multiple-file-upload-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-for-woocommerce-7ae73592996d92a88095adedd13bc8f2.yaml b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-for-woocommerce-7ae73592996d92a88095adedd13bc8f2.yaml new file mode 100644 index 0000000000..35043304bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-for-woocommerce-7ae73592996d92a88095adedd13bc8f2.yaml @@ -0,0 +1,58 @@ +id: drag-and-drop-multiple-file-upload-for-woocommerce-7ae73592996d92a88095adedd13bc8f2 + +info: + name: > + Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Cross-Site Request Forgery in upload and delete_file + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7087221f-c092-4803-8725-687ffbbbd941?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drag-and-drop-multiple-file-upload-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-for-woocommerce-b6756a6cb324fb647e3fbdda3c2bb0bf.yaml b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-for-woocommerce-b6756a6cb324fb647e3fbdda3c2bb0bf.yaml new file mode 100644 index 0000000000..b87cb402e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drag-and-drop-multiple-file-upload-for-woocommerce-b6756a6cb324fb647e3fbdda3c2bb0bf.yaml @@ -0,0 +1,58 @@ +id: drag-and-drop-multiple-file-upload-for-woocommerce-b6756a6cb324fb647e3fbdda3c2bb0bf + +info: + name: > + Drag and Drop Multiple File Upload for WooCommerce <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abc8ee11-c149-4a2b-a388-7bd234c2cc64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drag-and-drop-multiple-file-upload-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drag-and-drop-multiple-file-upload-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drag-and-drop-multiple-file-upload-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drag-n-drop-upload-cf7-pro-538294a6deb271080d96f98811f3c4f6.yaml b/nuclei-templates/cve-less/plugins/drag-n-drop-upload-cf7-pro-538294a6deb271080d96f98811f3c4f6.yaml new file mode 100644 index 0000000000..03b25f608f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drag-n-drop-upload-cf7-pro-538294a6deb271080d96f98811f3c4f6.yaml @@ -0,0 +1,58 @@ +id: drag-n-drop-upload-cf7-pro-538294a6deb271080d96f98811f3c4f6 + +info: + name: > + Drag and Drop Multiple File Upload PRO <= 2.10.9 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1add47ea-6a7b-443a-b31d-3bb6c0d5d72d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drag-n-drop-upload-cf7-pro/" + google-query: inurl:"/wp-content/plugins/drag-n-drop-upload-cf7-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drag-n-drop-upload-cf7-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drag-n-drop-upload-cf7-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drag-n-drop-upload-cf7-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drag-n-drop-upload-cf7-pro-a9a7c8e5b6f35ebf19a42e787080a55e.yaml b/nuclei-templates/cve-less/plugins/drag-n-drop-upload-cf7-pro-a9a7c8e5b6f35ebf19a42e787080a55e.yaml new file mode 100644 index 0000000000..f8c05bc63d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drag-n-drop-upload-cf7-pro-a9a7c8e5b6f35ebf19a42e787080a55e.yaml @@ -0,0 +1,58 @@ +id: drag-n-drop-upload-cf7-pro-a9a7c8e5b6f35ebf19a42e787080a55e + +info: + name: > + Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard <= 5.0.6.3 and <= 2.11.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60ae8b8f-bc65-40df-b6ae-4ec8e328dbe5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drag-n-drop-upload-cf7-pro/" + google-query: inurl:"/wp-content/plugins/drag-n-drop-upload-cf7-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drag-n-drop-upload-cf7-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drag-n-drop-upload-cf7-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drag-n-drop-upload-cf7-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 5.0', '<= 5.0.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dragfy-addons-for-elementor-93d3ba9b108e1112ee15e322299a4fea.yaml b/nuclei-templates/cve-less/plugins/dragfy-addons-for-elementor-93d3ba9b108e1112ee15e322299a4fea.yaml new file mode 100644 index 0000000000..7bc886baef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dragfy-addons-for-elementor-93d3ba9b108e1112ee15e322299a4fea.yaml @@ -0,0 +1,58 @@ +id: dragfy-addons-for-elementor-93d3ba9b108e1112ee15e322299a4fea + +info: + name: > + Dragfy Addons for Elementor <= 1.0.2 - Missing Authorization via save_settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7caaaaef-075b-44f6-8809-a02d5f034f26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dragfy-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/dragfy-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dragfy-addons-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dragfy-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dragfy-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/draw-attention-02fac00b4da69e9fe78fc7130f860fe9.yaml b/nuclei-templates/cve-less/plugins/draw-attention-02fac00b4da69e9fe78fc7130f860fe9.yaml new file mode 100644 index 0000000000..136eafe23c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/draw-attention-02fac00b4da69e9fe78fc7130f860fe9.yaml @@ -0,0 +1,58 @@ +id: draw-attention-02fac00b4da69e9fe78fc7130f860fe9 + +info: + name: > + Draw Attention <= 2.0.11 - Missing Authorization to Arbitrary Post Featured Image Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18530601-a294-448c-a1b2-c3995f9042ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/draw-attention/" + google-query: inurl:"/wp-content/plugins/draw-attention/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,draw-attention,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/draw-attention/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "draw-attention" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/draw-attention-791dd23f996b2b0738face7fcbca2b1b.yaml b/nuclei-templates/cve-less/plugins/draw-attention-791dd23f996b2b0738face7fcbca2b1b.yaml new file mode 100644 index 0000000000..6e33c7815f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/draw-attention-791dd23f996b2b0738face7fcbca2b1b.yaml @@ -0,0 +1,58 @@ +id: draw-attention-791dd23f996b2b0738face7fcbca2b1b + +info: + name: > + Draw Attention <= 2.0.15 - Improper Access Control via register_cpt + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d635669-ee85-4fb5-8238-3edb3bbb8fb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/draw-attention/" + google-query: inurl:"/wp-content/plugins/draw-attention/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,draw-attention,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/draw-attention/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "draw-attention" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drawblog-ae76e34d6e644abc4667be59d0e2e0dc.yaml b/nuclei-templates/cve-less/plugins/drawblog-ae76e34d6e644abc4667be59d0e2e0dc.yaml new file mode 100644 index 0000000000..8ee14c89c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drawblog-ae76e34d6e644abc4667be59d0e2e0dc.yaml @@ -0,0 +1,58 @@ +id: drawblog-ae76e34d6e644abc4667be59d0e2e0dc + +info: + name: > + DrawBlog <= 0.90 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fde163fa-2dbf-43bc-8edc-cbbab2a35bd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drawblog/" + google-query: inurl:"/wp-content/plugins/drawblog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drawblog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drawblog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drawblog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.90') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drawit-697b1f32d4ef6920c80a41e74d1c7116.yaml b/nuclei-templates/cve-less/plugins/drawit-697b1f32d4ef6920c80a41e74d1c7116.yaml new file mode 100644 index 0000000000..1d44d4ae9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drawit-697b1f32d4ef6920c80a41e74d1c7116.yaml @@ -0,0 +1,58 @@ +id: drawit-697b1f32d4ef6920c80a41e74d1c7116 + +info: + name: > + DrawIt (draw.io) <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddde9db5-3ed7-42f7-97c1-4ff9b9d1f627?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drawit/" + google-query: inurl:"/wp-content/plugins/drawit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drawit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drawit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drawit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dreamgrow-scroll-triggered-box-b33caca512f21869a1112d26d070a67d.yaml b/nuclei-templates/cve-less/plugins/dreamgrow-scroll-triggered-box-b33caca512f21869a1112d26d070a67d.yaml new file mode 100644 index 0000000000..9537830ade --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dreamgrow-scroll-triggered-box-b33caca512f21869a1112d26d070a67d.yaml @@ -0,0 +1,58 @@ +id: dreamgrow-scroll-triggered-box-b33caca512f21869a1112d26d070a67d + +info: + name: > + Scroll Triggered Box <= 2.3 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b92c3d68-2e3e-4500-8da9-f89373126445?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dreamgrow-scroll-triggered-box/" + google-query: inurl:"/wp-content/plugins/dreamgrow-scroll-triggered-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dreamgrow-scroll-triggered-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dreamgrow-scroll-triggered-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dreamgrow-scroll-triggered-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/droit-dark-mode-8fff7b43d5e853aae2c55c13111f8f63.yaml b/nuclei-templates/cve-less/plugins/droit-dark-mode-8fff7b43d5e853aae2c55c13111f8f63.yaml new file mode 100644 index 0000000000..bf453903e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/droit-dark-mode-8fff7b43d5e853aae2c55c13111f8f63.yaml @@ -0,0 +1,58 @@ +id: droit-dark-mode-8fff7b43d5e853aae2c55c13111f8f63 + +info: + name: > + Droit Dark Mode <= 1.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3afaa85-9eb5-4cc4-883a-11d42504a8e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/droit-dark-mode/" + google-query: inurl:"/wp-content/plugins/droit-dark-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,droit-dark-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/droit-dark-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "droit-dark-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/droit-elementor-addons-b0e1b65089f5019f1d7bcee627168a5a.yaml b/nuclei-templates/cve-less/plugins/droit-elementor-addons-b0e1b65089f5019f1d7bcee627168a5a.yaml new file mode 100644 index 0000000000..2651fd0a2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/droit-elementor-addons-b0e1b65089f5019f1d7bcee627168a5a.yaml @@ -0,0 +1,58 @@ +id: droit-elementor-addons-b0e1b65089f5019f1d7bcee627168a5a + +info: + name: > + Droit Elementor Addons <= 3.1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b49fd1-2d1e-4083-bc1d-010a9c8f4c2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/droit-elementor-addons/" + google-query: inurl:"/wp-content/plugins/droit-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,droit-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/droit-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "droit-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/droit-elementor-addons-e42d0569342324174ad2b7b5b34acfd1.yaml b/nuclei-templates/cve-less/plugins/droit-elementor-addons-e42d0569342324174ad2b7b5b34acfd1.yaml new file mode 100644 index 0000000000..0546641da9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/droit-elementor-addons-e42d0569342324174ad2b7b5b34acfd1.yaml @@ -0,0 +1,58 @@ +id: droit-elementor-addons-e42d0569342324174ad2b7b5b34acfd1 + +info: + name: > + Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed0a9db6-24bd-48ba-befa-ce537304ab52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/droit-elementor-addons/" + google-query: inurl:"/wp-content/plugins/droit-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,droit-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/droit-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "droit-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drop-shadow-boxes-7907c4688f5f43998579c328082a69f9.yaml b/nuclei-templates/cve-less/plugins/drop-shadow-boxes-7907c4688f5f43998579c328082a69f9.yaml new file mode 100644 index 0000000000..fe77c1da7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drop-shadow-boxes-7907c4688f5f43998579c328082a69f9.yaml @@ -0,0 +1,58 @@ +id: drop-shadow-boxes-7907c4688f5f43998579c328082a69f9 + +info: + name: > + Drop Shadow Boxes <= 1.7.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0b3911c-a960-4f28-b289-389b26282741?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drop-shadow-boxes/" + google-query: inurl:"/wp-content/plugins/drop-shadow-boxes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drop-shadow-boxes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drop-shadow-boxes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drop-shadow-boxes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/drop-shadow-boxes-e9fd5a8f4cb940c05dfbd60e736ab50a.yaml b/nuclei-templates/cve-less/plugins/drop-shadow-boxes-e9fd5a8f4cb940c05dfbd60e736ab50a.yaml new file mode 100644 index 0000000000..ebddbedab4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/drop-shadow-boxes-e9fd5a8f4cb940c05dfbd60e736ab50a.yaml @@ -0,0 +1,58 @@ +id: drop-shadow-boxes-e9fd5a8f4cb940c05dfbd60e736ab50a + +info: + name: > + Drop Shadow Boxes <= 1.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f2b4ac7-f888-408b-a77a-bd73ac8e967d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/drop-shadow-boxes/" + google-query: inurl:"/wp-content/plugins/drop-shadow-boxes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,drop-shadow-boxes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/drop-shadow-boxes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "drop-shadow-boxes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dropbox-folder-share-0508c37bf22986b5e27ea5c3d8bc9c4d.yaml b/nuclei-templates/cve-less/plugins/dropbox-folder-share-0508c37bf22986b5e27ea5c3d8bc9c4d.yaml new file mode 100644 index 0000000000..32c3aff47b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dropbox-folder-share-0508c37bf22986b5e27ea5c3d8bc9c4d.yaml @@ -0,0 +1,58 @@ +id: dropbox-folder-share-0508c37bf22986b5e27ea5c3d8bc9c4d + +info: + name: > + Dropbox Folder Share <= 1.9.7 - Unauthenticated Server-Side Request Forgery via 'link' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d62bd2bd-db01-479f-89e4-8031d69a912f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dropbox-folder-share/" + google-query: inurl:"/wp-content/plugins/dropbox-folder-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dropbox-folder-share,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dropbox-folder-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dropbox-folder-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dropbox-folder-share-fc82d74dbac5a3353b964b24a832d1d9.yaml b/nuclei-templates/cve-less/plugins/dropbox-folder-share-fc82d74dbac5a3353b964b24a832d1d9.yaml new file mode 100644 index 0000000000..a1be3723b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dropbox-folder-share-fc82d74dbac5a3353b964b24a832d1d9.yaml @@ -0,0 +1,58 @@ +id: dropbox-folder-share-fc82d74dbac5a3353b964b24a832d1d9 + +info: + name: > + Dropbox Folder Share <= 1.9.7 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/647a2f27-092a-4db1-932d-87ae8c2efcca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dropbox-folder-share/" + google-query: inurl:"/wp-content/plugins/dropbox-folder-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dropbox-folder-share,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dropbox-folder-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dropbox-folder-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dropdown-and-scrollable-text-10e7110787ae61a1849daa9fe6489aae.yaml b/nuclei-templates/cve-less/plugins/dropdown-and-scrollable-text-10e7110787ae61a1849daa9fe6489aae.yaml new file mode 100644 index 0000000000..8ae1e4126c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dropdown-and-scrollable-text-10e7110787ae61a1849daa9fe6489aae.yaml @@ -0,0 +1,58 @@ +id: dropdown-and-scrollable-text-10e7110787ae61a1849daa9fe6489aae + +info: + name: > + Dropdown and scrollable Text <= 2.0 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/586c8952-a427-47f8-8d2d-117e527b0f74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dropdown-and-scrollable-text/" + google-query: inurl:"/wp-content/plugins/dropdown-and-scrollable-text/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dropdown-and-scrollable-text,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dropdown-and-scrollable-text/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dropdown-and-scrollable-text" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dropdown-menu-widget-16dc3f3aa085dd7f2e3dfd536ed2021e.yaml b/nuclei-templates/cve-less/plugins/dropdown-menu-widget-16dc3f3aa085dd7f2e3dfd536ed2021e.yaml new file mode 100644 index 0000000000..a79f6031d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dropdown-menu-widget-16dc3f3aa085dd7f2e3dfd536ed2021e.yaml @@ -0,0 +1,58 @@ +id: dropdown-menu-widget-16dc3f3aa085dd7f2e3dfd536ed2021e + +info: + name: > + Dropdown Menu Widget <= 1.9.7 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f18437c-2258-4f5b-a114-fb099f115f2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dropdown-menu-widget/" + google-query: inurl:"/wp-content/plugins/dropdown-menu-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dropdown-menu-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dropdown-menu-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dropdown-menu-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dropdown-menu-widget-831ca3a67ae53eee79512c998867b523.yaml b/nuclei-templates/cve-less/plugins/dropdown-menu-widget-831ca3a67ae53eee79512c998867b523.yaml new file mode 100644 index 0000000000..c57b7ba486 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dropdown-menu-widget-831ca3a67ae53eee79512c998867b523.yaml @@ -0,0 +1,58 @@ +id: dropdown-menu-widget-831ca3a67ae53eee79512c998867b523 + +info: + name: > + Dropdown Menu Widget <= 1.9.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66b86375-81e3-4ac8-90e3-8ae34c28c1c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dropdown-menu-widget/" + google-query: inurl:"/wp-content/plugins/dropdown-menu-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dropdown-menu-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dropdown-menu-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dropdown-menu-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dropdown-multisite-selector-7156ef80890822c55e70bd957b9a6411.yaml b/nuclei-templates/cve-less/plugins/dropdown-multisite-selector-7156ef80890822c55e70bd957b9a6411.yaml new file mode 100644 index 0000000000..4e9a2cb3d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dropdown-multisite-selector-7156ef80890822c55e70bd957b9a6411.yaml @@ -0,0 +1,58 @@ +id: dropdown-multisite-selector-7156ef80890822c55e70bd957b9a6411 + +info: + name: > + Dropdown Multisite selector <= 0.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/212e33f8-438b-4781-913f-a4f9f6d24a89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dropdown-multisite-selector/" + google-query: inurl:"/wp-content/plugins/dropdown-multisite-selector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dropdown-multisite-selector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dropdown-multisite-selector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dropdown-multisite-selector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dsgvo-all-in-one-for-wp-1a5f08a913b9e66bca4a1d7c16d1cb52.yaml b/nuclei-templates/cve-less/plugins/dsgvo-all-in-one-for-wp-1a5f08a913b9e66bca4a1d7c16d1cb52.yaml new file mode 100644 index 0000000000..9c6f59792a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dsgvo-all-in-one-for-wp-1a5f08a913b9e66bca4a1d7c16d1cb52.yaml @@ -0,0 +1,58 @@ +id: dsgvo-all-in-one-for-wp-1a5f08a913b9e66bca4a1d7c16d1cb52 + +info: + name: > + DSGVO All in one for WP <= 4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05fe1929-9e39-4b2f-a3fc-e692267d731b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dsgvo-all-in-one-for-wp/" + google-query: inurl:"/wp-content/plugins/dsgvo-all-in-one-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dsgvo-all-in-one-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dsgvo-all-in-one-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dsgvo-all-in-one-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dsgvo-all-in-one-for-wp-295363837d1454c8802423d79b02460d.yaml b/nuclei-templates/cve-less/plugins/dsgvo-all-in-one-for-wp-295363837d1454c8802423d79b02460d.yaml new file mode 100644 index 0000000000..4473c74bde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dsgvo-all-in-one-for-wp-295363837d1454c8802423d79b02460d.yaml @@ -0,0 +1,58 @@ +id: dsgvo-all-in-one-for-wp-295363837d1454c8802423d79b02460d + +info: + name: > + DSGVO All in one for WP <= 3.9 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac7aca5f-657d-45a9-bb10-f3e75dc3eeba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dsgvo-all-in-one-for-wp/" + google-query: inurl:"/wp-content/plugins/dsgvo-all-in-one-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dsgvo-all-in-one-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dsgvo-all-in-one-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dsgvo-all-in-one-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dsgvo-all-in-one-for-wp-b82caad6c0c8bf440388b6328560de71.yaml b/nuclei-templates/cve-less/plugins/dsgvo-all-in-one-for-wp-b82caad6c0c8bf440388b6328560de71.yaml new file mode 100644 index 0000000000..eedf76c173 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dsgvo-all-in-one-for-wp-b82caad6c0c8bf440388b6328560de71.yaml @@ -0,0 +1,58 @@ +id: dsgvo-all-in-one-for-wp-b82caad6c0c8bf440388b6328560de71 + +info: + name: > + DSGVO All in one for WP <= 4.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f31a42c1-afb7-4a44-b4e8-f68c622bc43e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dsgvo-all-in-one-for-wp/" + google-query: inurl:"/wp-content/plugins/dsgvo-all-in-one-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dsgvo-all-in-one-for-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dsgvo-all-in-one-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dsgvo-all-in-one-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dsgvo-youtube-eeffd2576729af4c20ea0d0989cea07e.yaml b/nuclei-templates/cve-less/plugins/dsgvo-youtube-eeffd2576729af4c20ea0d0989cea07e.yaml new file mode 100644 index 0000000000..4c8ed63d26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dsgvo-youtube-eeffd2576729af4c20ea0d0989cea07e.yaml @@ -0,0 +1,58 @@ +id: dsgvo-youtube-eeffd2576729af4c20ea0d0989cea07e + +info: + name: > + DSGVO Youtube <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c9cc5d4-7ddc-4af7-b433-7d75db739970?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dsgvo-youtube/" + google-query: inurl:"/wp-content/plugins/dsgvo-youtube/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dsgvo-youtube,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dsgvo-youtube/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dsgvo-youtube" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dsidxpress-d1ad636a904712d275c068316d9921ca.yaml b/nuclei-templates/cve-less/plugins/dsidxpress-d1ad636a904712d275c068316d9921ca.yaml new file mode 100644 index 0000000000..54d610fbf9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dsidxpress-d1ad636a904712d275c068316d9921ca.yaml @@ -0,0 +1,58 @@ +id: dsidxpress-d1ad636a904712d275c068316d9921ca + +info: + name: > + dsIDXpress < 2.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8d67bc0-8c21-43e8-bdcc-1235eca94fa7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dsidxpress/" + google-query: inurl:"/wp-content/plugins/dsidxpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dsidxpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dsidxpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dsidxpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dsp_dating-98886bf050f4aa01cda5000bdbc8e584.yaml b/nuclei-templates/cve-less/plugins/dsp_dating-98886bf050f4aa01cda5000bdbc8e584.yaml new file mode 100644 index 0000000000..22f6b5f859 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dsp_dating-98886bf050f4aa01cda5000bdbc8e584.yaml @@ -0,0 +1,58 @@ +id: dsp_dating-98886bf050f4aa01cda5000bdbc8e584 + +info: + name: > + WPDating <= 7.4.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74ee6bf0-7091-40b8-a3e7-9ba1411b7ea4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dsp_dating/" + google-query: inurl:"/wp-content/plugins/dsp_dating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dsp_dating,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dsp_dating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dsp_dating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dssearchagent-wordpress-edition-42d462182add4a54a9067be955a98019.yaml b/nuclei-templates/cve-less/plugins/dssearchagent-wordpress-edition-42d462182add4a54a9067be955a98019.yaml new file mode 100644 index 0000000000..11abc48279 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dssearchagent-wordpress-edition-42d462182add4a54a9067be955a98019.yaml @@ -0,0 +1,58 @@ +id: dssearchagent-wordpress-edition-42d462182add4a54a9067be955a98019 + +info: + name: > + dsSearchAgent: WordPress Edition <= 1.0-beta10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c7b4263-0c7b-4a1a-b168-88e6591c82bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dssearchagent-wordpress-edition/" + google-query: inurl:"/wp-content/plugins/dssearchagent-wordpress-edition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dssearchagent-wordpress-edition,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dssearchagent-wordpress-edition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dssearchagent-wordpress-edition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0-beta10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dtabs-bdf306cf1fa53c2e200c922d232a9b13.yaml b/nuclei-templates/cve-less/plugins/dtabs-bdf306cf1fa53c2e200c922d232a9b13.yaml new file mode 100644 index 0000000000..db6c34554a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dtabs-bdf306cf1fa53c2e200c922d232a9b13.yaml @@ -0,0 +1,58 @@ +id: dtabs-bdf306cf1fa53c2e200c922d232a9b13 + +info: + name: > + dTabs <= 1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b847d10d-254b-40e5-b5f9-1391834d63b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dtabs/" + google-query: inurl:"/wp-content/plugins/dtabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dtabs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dtabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dtabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dtracker-53b973a947651cec1a2155ab2e3c223a.yaml b/nuclei-templates/cve-less/plugins/dtracker-53b973a947651cec1a2155ab2e3c223a.yaml new file mode 100644 index 0000000000..13d392e2a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dtracker-53b973a947651cec1a2155ab2e3c223a.yaml @@ -0,0 +1,58 @@ +id: dtracker-53b973a947651cec1a2155ab2e3c223a + +info: + name: > + DTracker <= 1.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03b9187e-022a-48c1-a79c-c4629357de5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dtracker/" + google-query: inurl:"/wp-content/plugins/dtracker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dtracker,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dtracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dtracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dtracker-78c62de2a8f7c6f108d2de7498401127.yaml b/nuclei-templates/cve-less/plugins/dtracker-78c62de2a8f7c6f108d2de7498401127.yaml new file mode 100644 index 0000000000..f937cc2dd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dtracker-78c62de2a8f7c6f108d2de7498401127.yaml @@ -0,0 +1,58 @@ +id: dtracker-78c62de2a8f7c6f108d2de7498401127 + +info: + name: > + DTracker <= 1.5 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/907a02b8-6965-4d0b-b4bf-c8fc0201ee12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dtracker/" + google-query: inurl:"/wp-content/plugins/dtracker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dtracker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dtracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dtracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dtracker-8fe2149458ea063852f82a98766c0a1b.yaml b/nuclei-templates/cve-less/plugins/dtracker-8fe2149458ea063852f82a98766c0a1b.yaml new file mode 100644 index 0000000000..53e864ffa3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dtracker-8fe2149458ea063852f82a98766c0a1b.yaml @@ -0,0 +1,58 @@ +id: dtracker-8fe2149458ea063852f82a98766c0a1b + +info: + name: > + Dtracker <= 1.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f24db166-93d6-4a61-a8fe-455eebde0777?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dtracker/" + google-query: inurl:"/wp-content/plugins/dtracker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dtracker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dtracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dtracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dtracker-e60c9facdf470d59f212ff7b56e40a91.yaml b/nuclei-templates/cve-less/plugins/dtracker-e60c9facdf470d59f212ff7b56e40a91.yaml new file mode 100644 index 0000000000..2e60e294de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dtracker-e60c9facdf470d59f212ff7b56e40a91.yaml @@ -0,0 +1,58 @@ +id: dtracker-e60c9facdf470d59f212ff7b56e40a91 + +info: + name: > + DTracker <= 1.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1782c82-bfdb-4104-a3f5-b1a07aede555?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dtracker/" + google-query: inurl:"/wp-content/plugins/dtracker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dtracker,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dtracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dtracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duitku-social-payment-gateway-3f2cad5626e189b4a9fbbf4f777a78e7.yaml b/nuclei-templates/cve-less/plugins/duitku-social-payment-gateway-3f2cad5626e189b4a9fbbf4f777a78e7.yaml new file mode 100644 index 0000000000..2f6e6c98ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duitku-social-payment-gateway-3f2cad5626e189b4a9fbbf4f777a78e7.yaml @@ -0,0 +1,58 @@ +id: duitku-social-payment-gateway-3f2cad5626e189b4a9fbbf4f777a78e7 + +info: + name: > + Duitku Payment Gateway <= 2.11.6 - Missing Authorization via check_duitku_response + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duitku-social-payment-gateway/" + google-query: inurl:"/wp-content/plugins/duitku-social-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duitku-social-payment-gateway,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duitku-social-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duitku-social-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dukapress-9517b97fe7566a06a9d352900cf24cf1.yaml b/nuclei-templates/cve-less/plugins/dukapress-9517b97fe7566a06a9d352900cf24cf1.yaml new file mode 100644 index 0000000000..280375ba8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dukapress-9517b97fe7566a06a9d352900cf24cf1.yaml @@ -0,0 +1,58 @@ +id: dukapress-9517b97fe7566a06a9d352900cf24cf1 + +info: + name: > + DukaPress < 2.5.4 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c226d83-2886-4b7c-978c-ad723709145f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dukapress/" + google-query: inurl:"/wp-content/plugins/dukapress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dukapress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dukapress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dukapress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dukapress-9c5144d0854754a379c2d4994fc71dd3.yaml b/nuclei-templates/cve-less/plugins/dukapress-9c5144d0854754a379c2d4994fc71dd3.yaml new file mode 100644 index 0000000000..ecd8360822 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dukapress-9c5144d0854754a379c2d4994fc71dd3.yaml @@ -0,0 +1,58 @@ +id: dukapress-9c5144d0854754a379c2d4994fc71dd3 + +info: + name: > + DukaPress <= 2.5.9 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d98d1782-a6cc-403a-b0fa-43282daa1136?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dukapress/" + google-query: inurl:"/wp-content/plugins/dukapress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dukapress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dukapress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dukapress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duofaq-responsive-flat-simple-faq-eb38ab4fa2ba998f57df5784c60738ed.yaml b/nuclei-templates/cve-less/plugins/duofaq-responsive-flat-simple-faq-eb38ab4fa2ba998f57df5784c60738ed.yaml new file mode 100644 index 0000000000..78d6ab63d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duofaq-responsive-flat-simple-faq-eb38ab4fa2ba998f57df5784c60738ed.yaml @@ -0,0 +1,58 @@ +id: duofaq-responsive-flat-simple-faq-eb38ab4fa2ba998f57df5784c60738ed + +info: + name: > + duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ba4e993-bf75-4570-bd9d-003339f4e214?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duofaq-responsive-flat-simple-faq/" + google-query: inurl:"/wp-content/plugins/duofaq-responsive-flat-simple-faq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duofaq-responsive-flat-simple-faq,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duofaq-responsive-flat-simple-faq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duofaq-responsive-flat-simple-faq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dupeoff-9a41ab0a37a3b754d3385603b40bbab6.yaml b/nuclei-templates/cve-less/plugins/dupeoff-9a41ab0a37a3b754d3385603b40bbab6.yaml new file mode 100644 index 0000000000..b028c4b9ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dupeoff-9a41ab0a37a3b754d3385603b40bbab6.yaml @@ -0,0 +1,58 @@ +id: dupeoff-9a41ab0a37a3b754d3385603b40bbab6 + +info: + name: > + DupeOff <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e615833a-0408-4e39-b63d-075bff39a9bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dupeoff/" + google-query: inurl:"/wp-content/plugins/dupeoff/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dupeoff,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dupeoff/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dupeoff" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicate-page-d66fba0caf4197da913cda06e8bae43e.yaml b/nuclei-templates/cve-less/plugins/duplicate-page-d66fba0caf4197da913cda06e8bae43e.yaml new file mode 100644 index 0000000000..53665e8a0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicate-page-d66fba0caf4197da913cda06e8bae43e.yaml @@ -0,0 +1,58 @@ +id: duplicate-page-d66fba0caf4197da913cda06e8bae43e + +info: + name: > + Duplicate Page <= 4.4.1 Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43df6d4d-960e-4eb7-809b-684ba0d67f58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicate-page/" + google-query: inurl:"/wp-content/plugins/duplicate-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicate-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicate-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicate-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicate-page-or-post-b4ec89e0637e2a12e7606215722e4f54.yaml b/nuclei-templates/cve-less/plugins/duplicate-page-or-post-b4ec89e0637e2a12e7606215722e4f54.yaml new file mode 100644 index 0000000000..562511a579 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicate-page-or-post-b4ec89e0637e2a12e7606215722e4f54.yaml @@ -0,0 +1,58 @@ +id: duplicate-page-or-post-b4ec89e0637e2a12e7606215722e4f54 + +info: + name: > + Duplicate Page or Post <= 1.5.0 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5182843b-03d0-4b0b-ba97-8e9602916c5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicate-page-or-post/" + google-query: inurl:"/wp-content/plugins/duplicate-page-or-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicate-page-or-post,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicate-page-or-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicate-page-or-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicate-post-11953d0632dfa94f70f928a189af1971.yaml b/nuclei-templates/cve-less/plugins/duplicate-post-11953d0632dfa94f70f928a189af1971.yaml new file mode 100644 index 0000000000..6ca554364e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicate-post-11953d0632dfa94f70f928a189af1971.yaml @@ -0,0 +1,58 @@ +id: duplicate-post-11953d0632dfa94f70f928a189af1971 + +info: + name: > + Yoast Duplicate Post <= 2.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cefe584-c1b0-418c-bade-ca4092807b1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicate-post/" + google-query: inurl:"/wp-content/plugins/duplicate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicate-post,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicate-post-4fd25d208fa1eb71c396970325cd56c1.yaml b/nuclei-templates/cve-less/plugins/duplicate-post-4fd25d208fa1eb71c396970325cd56c1.yaml new file mode 100644 index 0000000000..ac0e4b91f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicate-post-4fd25d208fa1eb71c396970325cd56c1.yaml @@ -0,0 +1,58 @@ +id: duplicate-post-4fd25d208fa1eb71c396970325cd56c1 + +info: + name: > + Yoast Duplicate Post <= 2.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68263c7d-6da0-46b2-bb78-45acf615359d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicate-post/" + google-query: inurl:"/wp-content/plugins/duplicate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicate-post,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicate-post-page-menu-custom-post-type-373dd0a06bd13b32d55487814dbab124.yaml b/nuclei-templates/cve-less/plugins/duplicate-post-page-menu-custom-post-type-373dd0a06bd13b32d55487814dbab124.yaml new file mode 100644 index 0000000000..b3c10ef6e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicate-post-page-menu-custom-post-type-373dd0a06bd13b32d55487814dbab124.yaml @@ -0,0 +1,58 @@ +id: duplicate-post-page-menu-custom-post-type-373dd0a06bd13b32d55487814dbab124 + +info: + name: > + Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44e84fd9-bc83-4780-ab7a-8898a8c5c78a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicate-post-page-menu-custom-post-type/" + google-query: inurl:"/wp-content/plugins/duplicate-post-page-menu-custom-post-type/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicate-post-page-menu-custom-post-type,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicate-post-page-menu-custom-post-type/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicate-post-page-menu-custom-post-type" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicate-post-page-menu-custom-post-type-87909a557eede328b649d626c4448f38.yaml b/nuclei-templates/cve-less/plugins/duplicate-post-page-menu-custom-post-type-87909a557eede328b649d626c4448f38.yaml new file mode 100644 index 0000000000..0e191e8356 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicate-post-page-menu-custom-post-type-87909a557eede328b649d626c4448f38.yaml @@ -0,0 +1,58 @@ +id: duplicate-post-page-menu-custom-post-type-87909a557eede328b649d626c4448f38 + +info: + name: > + Duplicate Post Page Menu & Custom Post Type <= 2.3.1 - Missing Authorization to Post Duplication + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6bb08e8-9ef5-41db-a111-c377a5dfae77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicate-post-page-menu-custom-post-type/" + google-query: inurl:"/wp-content/plugins/duplicate-post-page-menu-custom-post-type/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicate-post-page-menu-custom-post-type,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicate-post-page-menu-custom-post-type/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicate-post-page-menu-custom-post-type" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicate-theme-0924f82ec3f5be000a2e6547a544a598.yaml b/nuclei-templates/cve-less/plugins/duplicate-theme-0924f82ec3f5be000a2e6547a544a598.yaml new file mode 100644 index 0000000000..e18133ae40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicate-theme-0924f82ec3f5be000a2e6547a544a598.yaml @@ -0,0 +1,58 @@ +id: duplicate-theme-0924f82ec3f5be000a2e6547a544a598 + +info: + name: > + Duplicate Theme <= 0.1.6 - Cross-Site Request Forgery via themeDuplicationAction + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d93e0175-db55-42ab-8475-cd0f47e5dcbb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicate-theme/" + google-query: inurl:"/wp-content/plugins/duplicate-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicate-theme,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicate-theme/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicate-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicate-wp-page-post-79f880a7e6c6b5f19edddfee4238c580.yaml b/nuclei-templates/cve-less/plugins/duplicate-wp-page-post-79f880a7e6c6b5f19edddfee4238c580.yaml new file mode 100644 index 0000000000..38fdda1d58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicate-wp-page-post-79f880a7e6c6b5f19edddfee4238c580.yaml @@ -0,0 +1,58 @@ +id: duplicate-wp-page-post-79f880a7e6c6b5f19edddfee4238c580 + +info: + name: > + Duplicate Page and Post <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad5a13d9-5ba4-4e66-8374-f45bcd6c716f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicate-wp-page-post/" + google-query: inurl:"/wp-content/plugins/duplicate-wp-page-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicate-wp-page-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicate-wp-page-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicate-wp-page-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-0244633df1d46b9b703b5c746fbc6e51.yaml b/nuclei-templates/cve-less/plugins/duplicator-0244633df1d46b9b703b5c746fbc6e51.yaml new file mode 100644 index 0000000000..65d2b5bb47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-0244633df1d46b9b703b5c746fbc6e51.yaml @@ -0,0 +1,58 @@ +id: duplicator-0244633df1d46b9b703b5c746fbc6e51 + +info: + name: > + Duplicator – WordPress Migration Plugin <= 0.4.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b69831e-19ab-4812-b657-dc4febe15077?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator/" + google-query: inurl:"/wp-content/plugins/duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-195b7c4b6c3a0504f0fb2ed5065020a7.yaml b/nuclei-templates/cve-less/plugins/duplicator-195b7c4b6c3a0504f0fb2ed5065020a7.yaml new file mode 100644 index 0000000000..f0e555b2d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-195b7c4b6c3a0504f0fb2ed5065020a7.yaml @@ -0,0 +1,58 @@ +id: duplicator-195b7c4b6c3a0504f0fb2ed5065020a7 + +info: + name: > + Duplicator <= 1.5.7 - Cross-Site Request Forgery via views/tools/diagnostics/information.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/416da5d4-3d47-443b-a82c-c059c38f5218?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator/" + google-query: inurl:"/wp-content/plugins/duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-2d581ac63f9fa320743d3174a6ca4961.yaml b/nuclei-templates/cve-less/plugins/duplicator-2d581ac63f9fa320743d3174a6ca4961.yaml new file mode 100644 index 0000000000..421a29b41b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-2d581ac63f9fa320743d3174a6ca4961.yaml @@ -0,0 +1,58 @@ +id: duplicator-2d581ac63f9fa320743d3174a6ca4961 + +info: + name: > + Duplicator <= 1.2.41 - Sensitive Information Disclosure leading to Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aff754d6-8624-4068-8e31-738f6041d3a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator/" + google-query: inurl:"/wp-content/plugins/duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-2e6e6e36243681b3cf144f17aaebf064.yaml b/nuclei-templates/cve-less/plugins/duplicator-2e6e6e36243681b3cf144f17aaebf064.yaml new file mode 100644 index 0000000000..64ff5b5392 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-2e6e6e36243681b3cf144f17aaebf064.yaml @@ -0,0 +1,58 @@ +id: duplicator-2e6e6e36243681b3cf144f17aaebf064 + +info: + name: > + Duplicator <= 1.2.32 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/010ce1c3-dd07-4ed6-8908-0909c0842be8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator/" + google-query: inurl:"/wp-content/plugins/duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-435788aa8fd2d67e24f049a6e4d48777.yaml b/nuclei-templates/cve-less/plugins/duplicator-435788aa8fd2d67e24f049a6e4d48777.yaml new file mode 100644 index 0000000000..f1e66977e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-435788aa8fd2d67e24f049a6e4d48777.yaml @@ -0,0 +1,58 @@ +id: duplicator-435788aa8fd2d67e24f049a6e4d48777 + +info: + name: > + Duplicator – WordPress Migration Plugin <= 1.4.7 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/843ef712-6ca6-44d2-825f-7ce9a82d74e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator/" + google-query: inurl:"/wp-content/plugins/duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-45ca25ef969a9c785b481aa6dd42b6ce.yaml b/nuclei-templates/cve-less/plugins/duplicator-45ca25ef969a9c785b481aa6dd42b6ce.yaml new file mode 100644 index 0000000000..c9708e8c84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-45ca25ef969a9c785b481aa6dd42b6ce.yaml @@ -0,0 +1,58 @@ +id: duplicator-45ca25ef969a9c785b481aa6dd42b6ce + +info: + name: > + Duplicator – WordPress Migration Plugin <= 1.4.7 - Unauthenticated Backup Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5136409-d843-4774-afe7-211a23f65da9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator/" + google-query: inurl:"/wp-content/plugins/duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-718986dcd5947a1beb7efad526e28827.yaml b/nuclei-templates/cve-less/plugins/duplicator-718986dcd5947a1beb7efad526e28827.yaml new file mode 100644 index 0000000000..c861913be6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-718986dcd5947a1beb7efad526e28827.yaml @@ -0,0 +1,58 @@ +id: duplicator-718986dcd5947a1beb7efad526e28827 + +info: + name: > + Duplicator <= 1.2.28 – Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bdf7b10-6a3e-47aa-86ae-479b4cd29c49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator/" + google-query: inurl:"/wp-content/plugins/duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-84e8025814ede80f77a1696e5326822b.yaml b/nuclei-templates/cve-less/plugins/duplicator-84e8025814ede80f77a1696e5326822b.yaml new file mode 100644 index 0000000000..37a78f4bb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-84e8025814ede80f77a1696e5326822b.yaml @@ -0,0 +1,58 @@ +id: duplicator-84e8025814ede80f77a1696e5326822b + +info: + name: > + Duplicator < 1.3.28 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9ae9aba-fa0e-4a3d-a970-e45216685cc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator/" + google-query: inurl:"/wp-content/plugins/duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-9b8a6c665915ed37184ee04d4ad10c93.yaml b/nuclei-templates/cve-less/plugins/duplicator-9b8a6c665915ed37184ee04d4ad10c93.yaml new file mode 100644 index 0000000000..d2461d4de7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-9b8a6c665915ed37184ee04d4ad10c93.yaml @@ -0,0 +1,58 @@ +id: duplicator-9b8a6c665915ed37184ee04d4ad10c93 + +info: + name: > + Duplicator < 0.5.10 - Arbitrary Backup Creation and Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b85b44ed-94cd-4d85-bcc5-60b50cdb94f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator/" + google-query: inurl:"/wp-content/plugins/duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.5.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-cf9463289c46f678c704f21fa0d76e71.yaml b/nuclei-templates/cve-less/plugins/duplicator-cf9463289c46f678c704f21fa0d76e71.yaml new file mode 100644 index 0000000000..818b0c1d52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-cf9463289c46f678c704f21fa0d76e71.yaml @@ -0,0 +1,58 @@ +id: duplicator-cf9463289c46f678c704f21fa0d76e71 + +info: + name: > + Duplicator <= 1.5.7 AND Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3f7a88c-a09b-46ac-b345-139c2d20a3d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator/" + google-query: inurl:"/wp-content/plugins/duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-fa14deacc63665329cc2a6a4da97d369.yaml b/nuclei-templates/cve-less/plugins/duplicator-fa14deacc63665329cc2a6a4da97d369.yaml new file mode 100644 index 0000000000..e58b40b6f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-fa14deacc63665329cc2a6a4da97d369.yaml @@ -0,0 +1,58 @@ +id: duplicator-fa14deacc63665329cc2a6a4da97d369 + +info: + name: > + Duplicator < 1.3.0 - Unauthenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5757abd-33dc-4751-bc55-afd944ff2341?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator/" + google-query: inurl:"/wp-content/plugins/duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-pro-84e8025814ede80f77a1696e5326822b.yaml b/nuclei-templates/cve-less/plugins/duplicator-pro-84e8025814ede80f77a1696e5326822b.yaml new file mode 100644 index 0000000000..d927816904 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-pro-84e8025814ede80f77a1696e5326822b.yaml @@ -0,0 +1,58 @@ +id: duplicator-pro-84e8025814ede80f77a1696e5326822b + +info: + name: > + Duplicator < 1.3.28 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9ae9aba-fa0e-4a3d-a970-e45216685cc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator-pro/" + google-query: inurl:"/wp-content/plugins/duplicator-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-pro-cf9463289c46f678c704f21fa0d76e71.yaml b/nuclei-templates/cve-less/plugins/duplicator-pro-cf9463289c46f678c704f21fa0d76e71.yaml new file mode 100644 index 0000000000..bf589da3be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-pro-cf9463289c46f678c704f21fa0d76e71.yaml @@ -0,0 +1,58 @@ +id: duplicator-pro-cf9463289c46f678c704f21fa0d76e71 + +info: + name: > + Duplicator <= 1.5.7 AND Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3f7a88c-a09b-46ac-b345-139c2d20a3d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator-pro/" + google-query: inurl:"/wp-content/plugins/duplicator-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5.14.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duplicator-pro-de0ba6f29dfa0f03254fb0a76e6f99c6.yaml b/nuclei-templates/cve-less/plugins/duplicator-pro-de0ba6f29dfa0f03254fb0a76e6f99c6.yaml new file mode 100644 index 0000000000..be04d3d593 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duplicator-pro-de0ba6f29dfa0f03254fb0a76e6f99c6.yaml @@ -0,0 +1,58 @@ +id: duplicator-pro-de0ba6f29dfa0f03254fb0a76e6f99c6 + +info: + name: > + Duplicator Pro <= 4.5.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1426bebe-d3c4-4f83-9b50-fae8c2373209?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duplicator-pro/" + google-query: inurl:"/wp-content/plugins/duplicator-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duplicator-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duplicator-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duplicator-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duracelltomi-google-tag-manager-7adc7eb8c094a09a98664c4579c84eb8.yaml b/nuclei-templates/cve-less/plugins/duracelltomi-google-tag-manager-7adc7eb8c094a09a98664c4579c84eb8.yaml new file mode 100644 index 0000000000..cfb145cc5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duracelltomi-google-tag-manager-7adc7eb8c094a09a98664c4579c84eb8.yaml @@ -0,0 +1,58 @@ +id: duracelltomi-google-tag-manager-7adc7eb8c094a09a98664c4579c84eb8 + +info: + name: > + Google Tag Manager for WordPress (GTM4WP) <= 1.15.1 - Stored Cross-Site Scripting via Content Element ID + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/202c14d0-9207-47cb-9410-ca4c70d7b6d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duracelltomi-google-tag-manager/" + google-query: inurl:"/wp-content/plugins/duracelltomi-google-tag-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duracelltomi-google-tag-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duracelltomi-google-tag-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duracelltomi-google-tag-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/duracelltomi-google-tag-manager-9cdc8d9b3ff8215825fa26b48709bf41.yaml b/nuclei-templates/cve-less/plugins/duracelltomi-google-tag-manager-9cdc8d9b3ff8215825fa26b48709bf41.yaml new file mode 100644 index 0000000000..c54be8e2a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/duracelltomi-google-tag-manager-9cdc8d9b3ff8215825fa26b48709bf41.yaml @@ -0,0 +1,58 @@ +id: duracelltomi-google-tag-manager-9cdc8d9b3ff8215825fa26b48709bf41 + +info: + name: > + Google Tag Manager for WordPress <= 1.15 - Reflected Cross-Site Scripting via Site Search + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0435ae14-c1fd-4611-acbe-5f3bafd4bb6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/duracelltomi-google-tag-manager/" + google-query: inurl:"/wp-content/plugins/duracelltomi-google-tag-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,duracelltomi-google-tag-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/duracelltomi-google-tag-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "duracelltomi-google-tag-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dvs-custom-notification-668be2a6a44dad3bba943de0f544a515.yaml b/nuclei-templates/cve-less/plugins/dvs-custom-notification-668be2a6a44dad3bba943de0f544a515.yaml new file mode 100644 index 0000000000..96ac168e77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dvs-custom-notification-668be2a6a44dad3bba943de0f544a515.yaml @@ -0,0 +1,58 @@ +id: dvs-custom-notification-668be2a6a44dad3bba943de0f544a515 + +info: + name: > + DVS Custom Notification <= 1.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36d02d5f-d534-4567-9587-1f6e4b21ca90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dvs-custom-notification/" + google-query: inurl:"/wp-content/plugins/dvs-custom-notification/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dvs-custom-notification,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dvs-custom-notification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dvs-custom-notification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dw-promobar-6ebbfbf7f4ff52ef90502e505dd10d64.yaml b/nuclei-templates/cve-less/plugins/dw-promobar-6ebbfbf7f4ff52ef90502e505dd10d64.yaml new file mode 100644 index 0000000000..fe4b06c45a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dw-promobar-6ebbfbf7f4ff52ef90502e505dd10d64.yaml @@ -0,0 +1,58 @@ +id: dw-promobar-6ebbfbf7f4ff52ef90502e505dd10d64 + +info: + name: > + DW Promobar <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c101b579-de72-4f33-8fd2-7fcd7c25044c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dw-promobar/" + google-query: inurl:"/wp-content/plugins/dw-promobar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dw-promobar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dw-promobar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dw-promobar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dw-question-answer-5c4144b3a2f4c4a33c4c23a4eb7aa6d3.yaml b/nuclei-templates/cve-less/plugins/dw-question-answer-5c4144b3a2f4c4a33c4c23a4eb7aa6d3.yaml new file mode 100644 index 0000000000..7a727f413b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dw-question-answer-5c4144b3a2f4c4a33c4c23a4eb7aa6d3.yaml @@ -0,0 +1,58 @@ +id: dw-question-answer-5c4144b3a2f4c4a33c4c23a4eb7aa6d3 + +info: + name: > + DW Question & Answer <= 1.5.8 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9852e499-f413-4218-9bac-6c2be62ecc32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dw-question-answer/" + google-query: inurl:"/wp-content/plugins/dw-question-answer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dw-question-answer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dw-question-answer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dw-question-answer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dw-question-answer-pro-076d6aabf5652856b3ecd43b1d4071c7.yaml b/nuclei-templates/cve-less/plugins/dw-question-answer-pro-076d6aabf5652856b3ecd43b1d4071c7.yaml new file mode 100644 index 0000000000..ccbfe129ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dw-question-answer-pro-076d6aabf5652856b3ecd43b1d4071c7.yaml @@ -0,0 +1,58 @@ +id: dw-question-answer-pro-076d6aabf5652856b3ecd43b1d4071c7 + +info: + name: > + DW Question & Answer Pro <= 1.3.4 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c58fa0a0-0b22-42df-8d3a-c3de78e12aa7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dw-question-answer-pro/" + google-query: inurl:"/wp-content/plugins/dw-question-answer-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dw-question-answer-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dw-question-answer-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dw-question-answer-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dw-question-answer-pro-b9a51b76cf54230b7233fe27914bddd2.yaml b/nuclei-templates/cve-less/plugins/dw-question-answer-pro-b9a51b76cf54230b7233fe27914bddd2.yaml new file mode 100644 index 0000000000..792a52732c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dw-question-answer-pro-b9a51b76cf54230b7233fe27914bddd2.yaml @@ -0,0 +1,58 @@ +id: dw-question-answer-pro-b9a51b76cf54230b7233fe27914bddd2 + +info: + name: > + DW Question & Answer Pro <= 1.3.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3282244f-2b5f-4795-9f3f-461c4fd2e296?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dw-question-answer-pro/" + google-query: inurl:"/wp-content/plugins/dw-question-answer-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dw-question-answer-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dw-question-answer-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dw-question-answer-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dwnldr-266cec63957d7dffbe45528e32eb40a1.yaml b/nuclei-templates/cve-less/plugins/dwnldr-266cec63957d7dffbe45528e32eb40a1.yaml new file mode 100644 index 0000000000..74fa2f0a68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dwnldr-266cec63957d7dffbe45528e32eb40a1.yaml @@ -0,0 +1,58 @@ +id: dwnldr-266cec63957d7dffbe45528e32eb40a1 + +info: + name: > + dwnldr < 1.01 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e98b1bc7-8dcb-4fcf-9238-598ce53e443e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dwnldr/" + google-query: inurl:"/wp-content/plugins/dwnldr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dwnldr,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dwnldr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dwnldr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dx-auto-save-images-d54d87fc848bb0b810cc40fffbda1954.yaml b/nuclei-templates/cve-less/plugins/dx-auto-save-images-d54d87fc848bb0b810cc40fffbda1954.yaml new file mode 100644 index 0000000000..6a37eb9aff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dx-auto-save-images-d54d87fc848bb0b810cc40fffbda1954.yaml @@ -0,0 +1,58 @@ +id: dx-auto-save-images-d54d87fc848bb0b810cc40fffbda1954 + +info: + name: > + DX-auto-save-images <= 1.4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2fb51b-984c-4b82-98d4-9a681a1855a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dx-auto-save-images/" + google-query: inurl:"/wp-content/plugins/dx-auto-save-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dx-auto-save-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dx-auto-save-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dx-auto-save-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dx-delete-attached-media-f556636fbe9fc4c5e3ffdb7df7f017ee.yaml b/nuclei-templates/cve-less/plugins/dx-delete-attached-media-f556636fbe9fc4c5e3ffdb7df7f017ee.yaml new file mode 100644 index 0000000000..c6e3b4a523 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dx-delete-attached-media-f556636fbe9fc4c5e3ffdb7df7f017ee.yaml @@ -0,0 +1,58 @@ +id: dx-delete-attached-media-f556636fbe9fc4c5e3ffdb7df7f017ee + +info: + name: > + DX Delete Attached Media <= 2.0.5.1 - Cross-Site Request Forgery via add_to_base + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/961d6d1d-46e8-489f-ac5f-51b55c5a0460?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dx-delete-attached-media/" + google-query: inurl:"/wp-content/plugins/dx-delete-attached-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dx-delete-attached-media,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dx-delete-attached-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dx-delete-attached-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dx-share-selection-34871fd2757b31ede448958147d678fa.yaml b/nuclei-templates/cve-less/plugins/dx-share-selection-34871fd2757b31ede448958147d678fa.yaml new file mode 100644 index 0000000000..54ac283f3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dx-share-selection-34871fd2757b31ede448958147d678fa.yaml @@ -0,0 +1,58 @@ +id: dx-share-selection-34871fd2757b31ede448958147d678fa + +info: + name: > + DX Share Selection <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a85fe7f-2d28-4509-99f2-875cb63c6500?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dx-share-selection/" + google-query: inurl:"/wp-content/plugins/dx-share-selection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dx-share-selection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dx-share-selection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dx-share-selection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dx-watermark-bee89c93ea84d7cced331403d3d3e739.yaml b/nuclei-templates/cve-less/plugins/dx-watermark-bee89c93ea84d7cced331403d3d3e739.yaml new file mode 100644 index 0000000000..7dca286bfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dx-watermark-bee89c93ea84d7cced331403d3d3e739.yaml @@ -0,0 +1,58 @@ +id: dx-watermark-bee89c93ea84d7cced331403d3d3e739 + +info: + name: > + DX-Watermark <= 1.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18a9953c-e3a0-46ee-9a53-984c411ce408?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dx-watermark/" + google-query: inurl:"/wp-content/plugins/dx-watermark/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dx-watermark,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dx-watermark/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dx-watermark" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dynamic-content-for-elementor-698a88e923e2d2acd18664fa1b6321ce.yaml b/nuclei-templates/cve-less/plugins/dynamic-content-for-elementor-698a88e923e2d2acd18664fa1b6321ce.yaml new file mode 100644 index 0000000000..7480d368b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dynamic-content-for-elementor-698a88e923e2d2acd18664fa1b6321ce.yaml @@ -0,0 +1,58 @@ +id: dynamic-content-for-elementor-698a88e923e2d2acd18664fa1b6321ce + +info: + name: > + Dynamic Content for Elementor < 2.12.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77a85024-33ff-4056-89f6-991182d71b80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dynamic-content-for-elementor/" + google-query: inurl:"/wp-content/plugins/dynamic-content-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dynamic-content-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dynamic-content-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dynamic-content-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.12.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dynamic-qr-code-generator-4446ca17737c11e44353bd7340e7ea63.yaml b/nuclei-templates/cve-less/plugins/dynamic-qr-code-generator-4446ca17737c11e44353bd7340e7ea63.yaml new file mode 100644 index 0000000000..59973a8e23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dynamic-qr-code-generator-4446ca17737c11e44353bd7340e7ea63.yaml @@ -0,0 +1,58 @@ +id: dynamic-qr-code-generator-4446ca17737c11e44353bd7340e7ea63 + +info: + name: > + Dynamic QR Code Generator <= 0.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65f30cd4-1d47-4ebe-a6de-acdb3a813c9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dynamic-qr-code-generator/" + google-query: inurl:"/wp-content/plugins/dynamic-qr-code-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dynamic-qr-code-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dynamic-qr-code-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dynamic-qr-code-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dynamic-visibility-for-elementor-a835e225538d98a6a0f49f942c25b6a5.yaml b/nuclei-templates/cve-less/plugins/dynamic-visibility-for-elementor-a835e225538d98a6a0f49f942c25b6a5.yaml new file mode 100644 index 0000000000..2405e5b54d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dynamic-visibility-for-elementor-a835e225538d98a6a0f49f942c25b6a5.yaml @@ -0,0 +1,58 @@ +id: dynamic-visibility-for-elementor-a835e225538d98a6a0f49f942c25b6a5 + +info: + name: > + Dynamic Visibility for Elementor <= 5.0.5 - Missing Authorization to Authenticated(Subscriber+) Post Visibility Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e704333-ad88-42c9-b632-babc9d54cb13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dynamic-visibility-for-elementor/" + google-query: inurl:"/wp-content/plugins/dynamic-visibility-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dynamic-visibility-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dynamic-visibility-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dynamic-visibility-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dynamic-widgets-7c8cf3109f4d4b196459b75b96aa728e.yaml b/nuclei-templates/cve-less/plugins/dynamic-widgets-7c8cf3109f4d4b196459b75b96aa728e.yaml new file mode 100644 index 0000000000..319d65984f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dynamic-widgets-7c8cf3109f4d4b196459b75b96aa728e.yaml @@ -0,0 +1,58 @@ +id: dynamic-widgets-7c8cf3109f4d4b196459b75b96aa728e + +info: + name: > + Dynamic Widgets <= 1.5.10 - Refletced Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88f78dd8-f720-4c10-98e8-bd7d522c3ceb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dynamic-widgets/" + google-query: inurl:"/wp-content/plugins/dynamic-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dynamic-widgets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dynamic-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dynamic-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dynamic-widgets-a4d9b1fab913268578f318671b68ca36.yaml b/nuclei-templates/cve-less/plugins/dynamic-widgets-a4d9b1fab913268578f318671b68ca36.yaml new file mode 100644 index 0000000000..01dd9d25ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dynamic-widgets-a4d9b1fab913268578f318671b68ca36.yaml @@ -0,0 +1,58 @@ +id: dynamic-widgets-a4d9b1fab913268578f318671b68ca36 + +info: + name: > + Dynamic Widgets <= 1.5.10 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d4a546a-1c15-4fc5-a2ae-8640457a0c22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dynamic-widgets/" + google-query: inurl:"/wp-content/plugins/dynamic-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dynamic-widgets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dynamic-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dynamic-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dynamic-widgets-d5d0747062745dca3a4a43c62a5b0669.yaml b/nuclei-templates/cve-less/plugins/dynamic-widgets-d5d0747062745dca3a4a43c62a5b0669.yaml new file mode 100644 index 0000000000..cbc48afb2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dynamic-widgets-d5d0747062745dca3a4a43c62a5b0669.yaml @@ -0,0 +1,58 @@ +id: dynamic-widgets-d5d0747062745dca3a4a43c62a5b0669 + +info: + name: > + Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46271ab0-5f24-4cdb-9e1f-12db7bcbea6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dynamic-widgets/" + google-query: inurl:"/wp-content/plugins/dynamic-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dynamic-widgets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dynamic-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dynamic-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dynamically-register-sidebars-5127fd9a578ab8f75789be1aab665dea.yaml b/nuclei-templates/cve-less/plugins/dynamically-register-sidebars-5127fd9a578ab8f75789be1aab665dea.yaml new file mode 100644 index 0000000000..6908f13d3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dynamically-register-sidebars-5127fd9a578ab8f75789be1aab665dea.yaml @@ -0,0 +1,58 @@ +id: dynamically-register-sidebars-5127fd9a578ab8f75789be1aab665dea + +info: + name: > + Dynamically Register Sidebars <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e6b39da-26d4-4615-b6c7-68909bdf0a61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dynamically-register-sidebars/" + google-query: inurl:"/wp-content/plugins/dynamically-register-sidebars/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dynamically-register-sidebars,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dynamically-register-sidebars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dynamically-register-sidebars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dyslexiefont-53a08acd73ef559302d82929e1a8c837.yaml b/nuclei-templates/cve-less/plugins/dyslexiefont-53a08acd73ef559302d82929e1a8c837.yaml new file mode 100644 index 0000000000..f496d60e80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dyslexiefont-53a08acd73ef559302d82929e1a8c837.yaml @@ -0,0 +1,58 @@ +id: dyslexiefont-53a08acd73ef559302d82929e1a8c837 + +info: + name: > + Dyslexiefont Free <= 1.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d75f6c80-ffbf-47a5-9180-5153b705cb28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dyslexiefont/" + google-query: inurl:"/wp-content/plugins/dyslexiefont/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dyslexiefont,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dyslexiefont/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dyslexiefont" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dzs-videogallery-415af7715839a7a4186f1ea1fe3682a1.yaml b/nuclei-templates/cve-less/plugins/dzs-videogallery-415af7715839a7a4186f1ea1fe3682a1.yaml new file mode 100644 index 0000000000..83f9447aec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dzs-videogallery-415af7715839a7a4186f1ea1fe3682a1.yaml @@ -0,0 +1,58 @@ +id: dzs-videogallery-415af7715839a7a4186f1ea1fe3682a1 + +info: + name: > + DZS Video Gallery < 7.95 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d546f05-4aad-49c8-aefd-9f5d10529be5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dzs-videogallery/" + google-query: inurl:"/wp-content/plugins/dzs-videogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dzs-videogallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dzs-videogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dzs-videogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.95') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dzs-videogallery-e983e659503cdb77c86c6aa843d06bc4.yaml b/nuclei-templates/cve-less/plugins/dzs-videogallery-e983e659503cdb77c86c6aa843d06bc4.yaml new file mode 100644 index 0000000000..2c50ddfc77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dzs-videogallery-e983e659503cdb77c86c6aa843d06bc4.yaml @@ -0,0 +1,58 @@ +id: dzs-videogallery-e983e659503cdb77c86c6aa843d06bc4 + +info: + name: > + DZS Video Gallery < 7.95 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/675b029a-70f2-434d-8d14-0b9e9c02bd6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dzs-videogallery/" + google-query: inurl:"/wp-content/plugins/dzs-videogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dzs-videogallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dzs-videogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dzs-videogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.95') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dzs-zoomsounds-b343996b367c5fa680b75a4664349ae7.yaml b/nuclei-templates/cve-less/plugins/dzs-zoomsounds-b343996b367c5fa680b75a4664349ae7.yaml new file mode 100644 index 0000000000..c09bdab5e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dzs-zoomsounds-b343996b367c5fa680b75a4664349ae7.yaml @@ -0,0 +1,58 @@ +id: dzs-zoomsounds-b343996b367c5fa680b75a4664349ae7 + +info: + name: > + ZoomSounds <= 2.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fcb1237-5d96-47f6-9f0c-3a0fd72ca91f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dzs-zoomsounds/" + google-query: inurl:"/wp-content/plugins/dzs-zoomsounds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dzs-zoomsounds,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dzs-zoomsounds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dzs-zoomsounds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/dzs-zoomsounds-bf8cf019bdb5cedf2f07acf0dbbd9293.yaml b/nuclei-templates/cve-less/plugins/dzs-zoomsounds-bf8cf019bdb5cedf2f07acf0dbbd9293.yaml new file mode 100644 index 0000000000..49b1939c7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/dzs-zoomsounds-bf8cf019bdb5cedf2f07acf0dbbd9293.yaml @@ -0,0 +1,58 @@ +id: dzs-zoomsounds-bf8cf019bdb5cedf2f07acf0dbbd9293 + +info: + name: > + ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.45 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cffeac2c-8ca3-44f7-b54c-3c23b7a849a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/dzs-zoomsounds/" + google-query: inurl:"/wp-content/plugins/dzs-zoomsounds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,dzs-zoomsounds,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/dzs-zoomsounds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dzs-zoomsounds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.45') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/e-search-bbab653de7c22eabac485618a7984b27.yaml b/nuclei-templates/cve-less/plugins/e-search-bbab653de7c22eabac485618a7984b27.yaml new file mode 100644 index 0000000000..23d8fd955b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/e-search-bbab653de7c22eabac485618a7984b27.yaml @@ -0,0 +1,58 @@ +id: e-search-bbab653de7c22eabac485618a7984b27 + +info: + name: > + E Search <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67e1f412-3b3d-4b36-b4ff-557c4790362a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/e-search/" + google-query: inurl:"/wp-content/plugins/e-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,e-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/e-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "e-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/e-search-d9ec6670d2ff89bdcf34f0cd3338db3d.yaml b/nuclei-templates/cve-less/plugins/e-search-d9ec6670d2ff89bdcf34f0cd3338db3d.yaml new file mode 100644 index 0000000000..0ef05da628 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/e-search-d9ec6670d2ff89bdcf34f0cd3338db3d.yaml @@ -0,0 +1,58 @@ +id: e-search-d9ec6670d2ff89bdcf34f0cd3338db3d + +info: + name: > + E-Search <= 1.0 - Reflected Cross-Site Scripting via title_az parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cae1194-2247-44bf-a1a0-0cb0068f56e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/e-search/" + google-query: inurl:"/wp-content/plugins/e-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,e-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/e-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "e-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/e-unlocked-student-result-46393c1e973f37162a617bc152661e74.yaml b/nuclei-templates/cve-less/plugins/e-unlocked-student-result-46393c1e973f37162a617bc152661e74.yaml new file mode 100644 index 0000000000..34b9e5c0df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/e-unlocked-student-result-46393c1e973f37162a617bc152661e74.yaml @@ -0,0 +1,58 @@ +id: e-unlocked-student-result-46393c1e973f37162a617bc152661e74 + +info: + name: > + E Unlocked - Student Result <= 1.0.4 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec7b77d8-490e-4eaf-a9df-54de63f128d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/e-unlocked-student-result/" + google-query: inurl:"/wp-content/plugins/e-unlocked-student-result/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,e-unlocked-student-result,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/e-unlocked-student-result/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "e-unlocked-student-result" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/e2pdf-4c337287b3ea29b58d22de863f5e59bf.yaml b/nuclei-templates/cve-less/plugins/e2pdf-4c337287b3ea29b58d22de863f5e59bf.yaml new file mode 100644 index 0000000000..5afd68719e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/e2pdf-4c337287b3ea29b58d22de863f5e59bf.yaml @@ -0,0 +1,58 @@ +id: e2pdf-4c337287b3ea29b58d22de863f5e59bf + +info: + name: > + e2pdf < 1.20.20 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ec401d8-bbdf-4be6-bcc5-51f8c8ec7cfd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/e2pdf/" + google-query: inurl:"/wp-content/plugins/e2pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,e2pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/e2pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "e2pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.20.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/e2pdf-a6097b32439b60cacd59d47b3a1c8c61.yaml b/nuclei-templates/cve-less/plugins/e2pdf-a6097b32439b60cacd59d47b3a1c8c61.yaml new file mode 100644 index 0000000000..a0bb19da6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/e2pdf-a6097b32439b60cacd59d47b3a1c8c61.yaml @@ -0,0 +1,58 @@ +id: e2pdf-a6097b32439b60cacd59d47b3a1c8c61 + +info: + name: > + E2Pdf <= 1.20.18 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea7f654b-88d1-4ed8-bab0-701e2e66e060?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/e2pdf/" + google-query: inurl:"/wp-content/plugins/e2pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,e2pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/e2pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "e2pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.20.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/e2pdf-aa33e37a5a268fafeb4ae3c73aa43c7a.yaml b/nuclei-templates/cve-less/plugins/e2pdf-aa33e37a5a268fafeb4ae3c73aa43c7a.yaml new file mode 100644 index 0000000000..bf008dfc89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/e2pdf-aa33e37a5a268fafeb4ae3c73aa43c7a.yaml @@ -0,0 +1,58 @@ +id: e2pdf-aa33e37a5a268fafeb4ae3c73aa43c7a + +info: + name: > + E2Pdf <= 1.20.23 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f0ed355-b5c8-4143-b391-7436d67ba0de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/e2pdf/" + google-query: inurl:"/wp-content/plugins/e2pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,e2pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/e2pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "e2pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.20.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/e2pdf-cc85fecce61e81ebcfd16fc13ed35220.yaml b/nuclei-templates/cve-less/plugins/e2pdf-cc85fecce61e81ebcfd16fc13ed35220.yaml new file mode 100644 index 0000000000..fdbd8c2089 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/e2pdf-cc85fecce61e81ebcfd16fc13ed35220.yaml @@ -0,0 +1,58 @@ +id: e2pdf-cc85fecce61e81ebcfd16fc13ed35220 + +info: + name: > + E2Pdf <= 1.16.44 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5748252-d02a-463b-abb4-537144ccd608?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/e2pdf/" + google-query: inurl:"/wp-content/plugins/e2pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,e2pdf,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/e2pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "e2pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/e2pdf-d89b8d067839983b7d38b29c3f8dcaaa.yaml b/nuclei-templates/cve-less/plugins/e2pdf-d89b8d067839983b7d38b29c3f8dcaaa.yaml new file mode 100644 index 0000000000..a2c9009d89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/e2pdf-d89b8d067839983b7d38b29c3f8dcaaa.yaml @@ -0,0 +1,58 @@ +id: e2pdf-d89b8d067839983b7d38b29c3f8dcaaa + +info: + name: > + E2Pdf <= 1.20.25 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03faec37-2cce-4e14-92f2-d941ab1b4ce9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/e2pdf/" + google-query: inurl:"/wp-content/plugins/e2pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,e2pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/e2pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "e2pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.20.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/e2pdf-e3339c8e6a8ccbe16b78f0e2c9ca3674.yaml b/nuclei-templates/cve-less/plugins/e2pdf-e3339c8e6a8ccbe16b78f0e2c9ca3674.yaml new file mode 100644 index 0000000000..e8a23ffb7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/e2pdf-e3339c8e6a8ccbe16b78f0e2c9ca3674.yaml @@ -0,0 +1,58 @@ +id: e2pdf-e3339c8e6a8ccbe16b78f0e2c9ca3674 + +info: + name: > + e2pdf <= 1.20.27 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56f146e8-ec70-45c4-9ff2-94cb44fef5c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/e2pdf/" + google-query: inurl:"/wp-content/plugins/e2pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,e2pdf,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/e2pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "e2pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.20.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ean-for-woocommerce-4e6a565e3f0523a8457d5186515c7331.yaml b/nuclei-templates/cve-less/plugins/ean-for-woocommerce-4e6a565e3f0523a8457d5186515c7331.yaml new file mode 100644 index 0000000000..d7454e3b1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ean-for-woocommerce-4e6a565e3f0523a8457d5186515c7331.yaml @@ -0,0 +1,58 @@ +id: ean-for-woocommerce-4e6a565e3f0523a8457d5186515c7331 + +info: + name: > + EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17b20df5-4adf-47ce-bddf-2ec0b9499de8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ean-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/ean-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ean-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ean-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ean-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ean-for-woocommerce-7aa0e1773e8e5c34cf563aa138c0d2da.yaml b/nuclei-templates/cve-less/plugins/ean-for-woocommerce-7aa0e1773e8e5c34cf563aa138c0d2da.yaml new file mode 100644 index 0000000000..689f6601bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ean-for-woocommerce-7aa0e1773e8e5c34cf563aa138c0d2da.yaml @@ -0,0 +1,58 @@ +id: ean-for-woocommerce-7aa0e1773e8e5c34cf563aa138c0d2da + +info: + name: > + EAN for WooCommerce <= 4.8.9 - Authenticated (Shop Manager+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13be8a88-bcd3-4ce9-9538-e93c78323456?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ean-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/ean-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ean-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ean-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ean-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ean-for-woocommerce-c34557dbe7e75a157fffc6005c83f4ba.yaml b/nuclei-templates/cve-less/plugins/ean-for-woocommerce-c34557dbe7e75a157fffc6005c83f4ba.yaml new file mode 100644 index 0000000000..4b01dddeb5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ean-for-woocommerce-c34557dbe7e75a157fffc6005c83f4ba.yaml @@ -0,0 +1,58 @@ +id: ean-for-woocommerce-c34557dbe7e75a157fffc6005c83f4ba + +info: + name: > + EAN for WooCommerce <= 4.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_ean_product_meta Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d798406b-2b7f-4ca0-8d05-8aff4bf44dd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ean-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/ean-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ean-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ean-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ean-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ean-for-woocommerce-c623741b8b5dbd96eac005af1ef14987.yaml b/nuclei-templates/cve-less/plugins/ean-for-woocommerce-c623741b8b5dbd96eac005af1ef14987.yaml new file mode 100644 index 0000000000..f9e1bf025c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ean-for-woocommerce-c623741b8b5dbd96eac005af1ef14987.yaml @@ -0,0 +1,58 @@ +id: ean-for-woocommerce-c623741b8b5dbd96eac005af1ef14987 + +info: + name: > + EAN for WooCommerce <= 4.4.2 - Authenticated (Contributor+ )Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c77ef86e-ea5b-46fc-a3d7-d11a20f3f871?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ean-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/ean-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ean-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ean-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ean-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easily-generate-rest-api-url-667161af8562bbf0616cde527e940c70.yaml b/nuclei-templates/cve-less/plugins/easily-generate-rest-api-url-667161af8562bbf0616cde527e940c70.yaml new file mode 100644 index 0000000000..0f94ee4ee2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easily-generate-rest-api-url-667161af8562bbf0616cde527e940c70.yaml @@ -0,0 +1,58 @@ +id: easily-generate-rest-api-url-667161af8562bbf0616cde527e940c70 + +info: + name: > + Easily Generate Rest API Url <= 1.0.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7e58c6d-5b95-4b22-a7fc-e5e8324ed52a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easily-generate-rest-api-url/" + google-query: inurl:"/wp-content/plugins/easily-generate-rest-api-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easily-generate-rest-api-url,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easily-generate-rest-api-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easily-generate-rest-api-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easing-slider-28d8e466f42a7ea620fa3fe2f98c9634.yaml b/nuclei-templates/cve-less/plugins/easing-slider-28d8e466f42a7ea620fa3fe2f98c9634.yaml new file mode 100644 index 0000000000..fe4395e49d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easing-slider-28d8e466f42a7ea620fa3fe2f98c9634.yaml @@ -0,0 +1,58 @@ +id: easing-slider-28d8e466f42a7ea620fa3fe2f98c9634 + +info: + name: > + Easing Slider <= 3.0.8 - Missing Authorization to Unauthenticated Settings Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e04a2f8-5071-4c85-b4f8-cb914ee509b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easing-slider/" + google-query: inurl:"/wp-content/plugins/easing-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easing-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easing-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easing-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easing-slider-7a859a74f0e39d83ee989a269a737923.yaml b/nuclei-templates/cve-less/plugins/easing-slider-7a859a74f0e39d83ee989a269a737923.yaml new file mode 100644 index 0000000000..f25dbcc651 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easing-slider-7a859a74f0e39d83ee989a269a737923.yaml @@ -0,0 +1,58 @@ +id: easing-slider-7a859a74f0e39d83ee989a269a737923 + +info: + name: > + Easing Slider <= 2.2.0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/019f4735-a25c-46c7-8a7d-55351197bdf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easing-slider/" + google-query: inurl:"/wp-content/plugins/easing-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easing-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easing-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easing-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-accordion-free-3253e2e7de1175aa67f3d6d5696567c5.yaml b/nuclei-templates/cve-less/plugins/easy-accordion-free-3253e2e7de1175aa67f3d6d5696567c5.yaml new file mode 100644 index 0000000000..4f02f4e5eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-accordion-free-3253e2e7de1175aa67f3d6d5696567c5.yaml @@ -0,0 +1,58 @@ +id: easy-accordion-free-3253e2e7de1175aa67f3d6d5696567c5 + +info: + name: > + Easy Accordion <= 2.0.21 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c4f9958-0e5a-483c-926e-ceaee00ffa45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-accordion-free/" + google-query: inurl:"/wp-content/plugins/easy-accordion-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-accordion-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-accordion-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-accordion-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-accordion-free-5c300627494a1ad1099275af163a3e49.yaml b/nuclei-templates/cve-less/plugins/easy-accordion-free-5c300627494a1ad1099275af163a3e49.yaml new file mode 100644 index 0000000000..b7f06c96e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-accordion-free-5c300627494a1ad1099275af163a3e49.yaml @@ -0,0 +1,58 @@ +id: easy-accordion-free-5c300627494a1ad1099275af163a3e49 + +info: + name: > + Easy Accordion – Best Accordion FAQ Plugin for WordPress <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88f2fa28-5bb2-4633-b2bc-27cc6a4e304c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-accordion-free/" + google-query: inurl:"/wp-content/plugins/easy-accordion-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-accordion-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-accordion-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-accordion-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-accordion-free-6139caeaed9293c95d17b26944e3e8d5.yaml b/nuclei-templates/cve-less/plugins/easy-accordion-free-6139caeaed9293c95d17b26944e3e8d5.yaml new file mode 100644 index 0000000000..334e25be7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-accordion-free-6139caeaed9293c95d17b26944e3e8d5.yaml @@ -0,0 +1,58 @@ +id: easy-accordion-free-6139caeaed9293c95d17b26944e3e8d5 + +info: + name: > + Easy Accordion <= 2.1.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1dab93f3-8068-4655-aa3d-a9f4c8dc9d61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-accordion-free/" + google-query: inurl:"/wp-content/plugins/easy-accordion-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-accordion-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-accordion-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-accordion-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-ad-manager-70088a82bdb29c81346c08fa9d47c687.yaml b/nuclei-templates/cve-less/plugins/easy-ad-manager-70088a82bdb29c81346c08fa9d47c687.yaml new file mode 100644 index 0000000000..4f72ed0ed9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-ad-manager-70088a82bdb29c81346c08fa9d47c687.yaml @@ -0,0 +1,58 @@ +id: easy-ad-manager-70088a82bdb29c81346c08fa9d47c687 + +info: + name: > + Easy Ad Manager <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7750f70-e79c-45fb-b792-ba6a4da59964?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-ad-manager/" + google-query: inurl:"/wp-content/plugins/easy-ad-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-ad-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-ad-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-ad-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-admin-menu-3b5f830cc2d293978dbe39244d121ee0.yaml b/nuclei-templates/cve-less/plugins/easy-admin-menu-3b5f830cc2d293978dbe39244d121ee0.yaml new file mode 100644 index 0000000000..1ac79eca45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-admin-menu-3b5f830cc2d293978dbe39244d121ee0.yaml @@ -0,0 +1,58 @@ +id: easy-admin-menu-3b5f830cc2d293978dbe39244d121ee0 + +info: + name: > + Easy Admin Menu <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fefab999-12e0-4866-a5a2-60f8faa64f89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-admin-menu/" + google-query: inurl:"/wp-content/plugins/easy-admin-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-admin-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-admin-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-admin-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-adsense-lite-b9d3eb363a683c73c14fb5271b86198a.yaml b/nuclei-templates/cve-less/plugins/easy-adsense-lite-b9d3eb363a683c73c14fb5271b86198a.yaml new file mode 100644 index 0000000000..e5c361c856 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-adsense-lite-b9d3eb363a683c73c14fb5271b86198a.yaml @@ -0,0 +1,58 @@ +id: easy-adsense-lite-b9d3eb363a683c73c14fb5271b86198a + +info: + name: > + Easy Plugin for AdSense < 6.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9bac4c-3a07-4a76-b2bd-365aae455086?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-adsense-lite/" + google-query: inurl:"/wp-content/plugins/easy-adsense-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-adsense-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-adsense-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-adsense-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-affiliate-links-4e96720039ccc700f05ab77c703ff32b.yaml b/nuclei-templates/cve-less/plugins/easy-affiliate-links-4e96720039ccc700f05ab77c703ff32b.yaml new file mode 100644 index 0000000000..4d1d6c73be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-affiliate-links-4e96720039ccc700f05ab77c703ff32b.yaml @@ -0,0 +1,58 @@ +id: easy-affiliate-links-4e96720039ccc700f05ab77c703ff32b + +info: + name: > + Easy Affiliate Links <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d30e813-010f-4881-8b8e-f3d62d928c57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-affiliate-links/" + google-query: inurl:"/wp-content/plugins/easy-affiliate-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-affiliate-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-affiliate-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-affiliate-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-appointments-2302a07c8ff1ee9859f41cba989fe323.yaml b/nuclei-templates/cve-less/plugins/easy-appointments-2302a07c8ff1ee9859f41cba989fe323.yaml new file mode 100644 index 0000000000..a6c0feceee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-appointments-2302a07c8ff1ee9859f41cba989fe323.yaml @@ -0,0 +1,58 @@ +id: easy-appointments-2302a07c8ff1ee9859f41cba989fe323 + +info: + name: > + Easy Appointments <= 3.11.18 - Insufficient Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0d8ac01-ac73-47ea-839b-edc820436f27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-appointments/" + google-query: inurl:"/wp-content/plugins/easy-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-appointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-appointments-84cb3311236885a9e904cbe429619629.yaml b/nuclei-templates/cve-less/plugins/easy-appointments-84cb3311236885a9e904cbe429619629.yaml new file mode 100644 index 0000000000..95f9999fc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-appointments-84cb3311236885a9e904cbe429619629.yaml @@ -0,0 +1,58 @@ +id: easy-appointments-84cb3311236885a9e904cbe429619629 + +info: + name: > + Easy Appointments < 1.12.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f62045b-4fb7-4dde-8d3c-d04b4e5e4810?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-appointments/" + google-query: inurl:"/wp-content/plugins/easy-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-appointments,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-appointments-afa229bd02db847384791980963680d0.yaml b/nuclei-templates/cve-less/plugins/easy-appointments-afa229bd02db847384791980963680d0.yaml new file mode 100644 index 0000000000..8cad277344 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-appointments-afa229bd02db847384791980963680d0.yaml @@ -0,0 +1,58 @@ +id: easy-appointments-afa229bd02db847384791980963680d0 + +info: + name: > + Easy Appointments <= 3.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfe8d13b-f387-4c82-ba9f-efadda18c882?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-appointments/" + google-query: inurl:"/wp-content/plugins/easy-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-appointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-appointments-b4ee9cff24049609b5e28a42cf47dee5.yaml b/nuclei-templates/cve-less/plugins/easy-appointments-b4ee9cff24049609b5e28a42cf47dee5.yaml new file mode 100644 index 0000000000..c9a2765d22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-appointments-b4ee9cff24049609b5e28a42cf47dee5.yaml @@ -0,0 +1,58 @@ +id: easy-appointments-b4ee9cff24049609b5e28a42cf47dee5 + +info: + name: > + Easy Appointments <= 3.11.18 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e1514c8-3752-4d0a-87a3-3f245a7cb914?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-appointments/" + google-query: inurl:"/wp-content/plugins/easy-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-appointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-appointments-e2ec209c741fed7cc95066eb8c9d077f.yaml b/nuclei-templates/cve-less/plugins/easy-appointments-e2ec209c741fed7cc95066eb8c9d077f.yaml new file mode 100644 index 0000000000..e48844ffc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-appointments-e2ec209c741fed7cc95066eb8c9d077f.yaml @@ -0,0 +1,58 @@ +id: easy-appointments-e2ec209c741fed7cc95066eb8c9d077f + +info: + name: > + Easy Appointments <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3906c668-6a0a-4beb-8ed9-08f661ce82cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-appointments/" + google-query: inurl:"/wp-content/plugins/easy-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-appointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-appointments-e5114063e08dd4dd3989e0a929dd3452.yaml b/nuclei-templates/cve-less/plugins/easy-appointments-e5114063e08dd4dd3989e0a929dd3452.yaml new file mode 100644 index 0000000000..84b9e3363b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-appointments-e5114063e08dd4dd3989e0a929dd3452.yaml @@ -0,0 +1,58 @@ +id: easy-appointments-e5114063e08dd4dd3989e0a929dd3452 + +info: + name: > + Easy Appointments <= 3.11.9 - Cross-Site Request Forgery via multiple AJAX actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/461cec8c-77e4-4f20-8dff-c4f675dc235f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-appointments/" + google-query: inurl:"/wp-content/plugins/easy-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-appointments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-banners-bbb1e092b9ae97dcfd27d316846c9ee9.yaml b/nuclei-templates/cve-less/plugins/easy-banners-bbb1e092b9ae97dcfd27d316846c9ee9.yaml new file mode 100644 index 0000000000..4ac79061b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-banners-bbb1e092b9ae97dcfd27d316846c9ee9.yaml @@ -0,0 +1,58 @@ +id: easy-banners-bbb1e092b9ae97dcfd27d316846c9ee9 + +info: + name: > + Easy Banners <= 1.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea25e80-af12-4845-b505-16654a68b009?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-banners/" + google-query: inurl:"/wp-content/plugins/easy-banners/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-banners,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-banners/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-banners" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-bet-49c0957ce7beb86c6cd3610ef85cd2a3.yaml b/nuclei-templates/cve-less/plugins/easy-bet-49c0957ce7beb86c6cd3610ef85cd2a3.yaml new file mode 100644 index 0000000000..40fcf00f7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-bet-49c0957ce7beb86c6cd3610ef85cd2a3.yaml @@ -0,0 +1,58 @@ +id: easy-bet-49c0957ce7beb86c6cd3610ef85cd2a3 + +info: + name: > + Easy Bet <= 1.0.2 - Authenticated(Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a833fe01-caf5-434a-82f9-8d3ac755a66f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-bet/" + google-query: inurl:"/wp-content/plugins/easy-bet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-bet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-bet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-bet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-bootstrap-shortcodes-05c1130a0be4b028fb1b748819924a55.yaml b/nuclei-templates/cve-less/plugins/easy-bootstrap-shortcodes-05c1130a0be4b028fb1b748819924a55.yaml new file mode 100644 index 0000000000..86fa868ede --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-bootstrap-shortcodes-05c1130a0be4b028fb1b748819924a55.yaml @@ -0,0 +1,58 @@ +id: easy-bootstrap-shortcodes-05c1130a0be4b028fb1b748819924a55 + +info: + name: > + Easy Bootstrap Shortcode <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6245d74b-89ad-4229-8c99-dbfeaa048400?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-bootstrap-shortcodes/" + google-query: inurl:"/wp-content/plugins/easy-bootstrap-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-bootstrap-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-bootstrap-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-bootstrap-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-call-now-d24e798e6ecdde0cd2e6b3ca9f8356c6.yaml b/nuclei-templates/cve-less/plugins/easy-call-now-d24e798e6ecdde0cd2e6b3ca9f8356c6.yaml new file mode 100644 index 0000000000..7a2e4c4321 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-call-now-d24e798e6ecdde0cd2e6b3ca9f8356c6.yaml @@ -0,0 +1,58 @@ +id: easy-call-now-d24e798e6ecdde0cd2e6b3ca9f8356c6 + +info: + name: > + Easy Call Now by ThikShare <= 1.1.0 - Cross-Site Request Forgery via settings_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bd8c4e5-ef53-47e8-8658-291509e9b987?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-call-now/" + google-query: inurl:"/wp-content/plugins/easy-call-now/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-call-now,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-call-now/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-call-now" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-captcha-20715ecda27605f90ac0c1717bd4bb1b.yaml b/nuclei-templates/cve-less/plugins/easy-captcha-20715ecda27605f90ac0c1717bd4bb1b.yaml new file mode 100644 index 0000000000..b10715ee20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-captcha-20715ecda27605f90ac0c1717bd4bb1b.yaml @@ -0,0 +1,58 @@ +id: easy-captcha-20715ecda27605f90ac0c1717bd4bb1b + +info: + name: > + Easy Captcha <= 1.0 - Missing Authorization via easy_captcha_update_settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8efe2ccf-33cb-4db3-bc3d-ead826adb7d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-captcha/" + google-query: inurl:"/wp-content/plugins/easy-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-captcha,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-captcha-b7a34904a121ea28e68ab7539af86648.yaml b/nuclei-templates/cve-less/plugins/easy-captcha-b7a34904a121ea28e68ab7539af86648.yaml new file mode 100644 index 0000000000..5757ca2049 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-captcha-b7a34904a121ea28e68ab7539af86648.yaml @@ -0,0 +1,58 @@ +id: easy-captcha-b7a34904a121ea28e68ab7539af86648 + +info: + name: > + Easy Captcha <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd73cf64-289d-4401-bef7-9a4398a85055?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-captcha/" + google-query: inurl:"/wp-content/plugins/easy-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-captcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-career-openings-2dcf73eb82f83432e780c74c23beb2a4.yaml b/nuclei-templates/cve-less/plugins/easy-career-openings-2dcf73eb82f83432e780c74c23beb2a4.yaml new file mode 100644 index 0000000000..6f9ed48bf0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-career-openings-2dcf73eb82f83432e780c74c23beb2a4.yaml @@ -0,0 +1,58 @@ +id: easy-career-openings-2dcf73eb82f83432e780c74c23beb2a4 + +info: + name: > + Easy Career Opening <= 0.4 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d541f86a-744e-498e-bfab-b1a917c6ac49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-career-openings/" + google-query: inurl:"/wp-content/plugins/easy-career-openings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-career-openings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-career-openings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-career-openings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-coming-soon-4b7a2f690ab23a9c56fa493203cfb340.yaml b/nuclei-templates/cve-less/plugins/easy-coming-soon-4b7a2f690ab23a9c56fa493203cfb340.yaml new file mode 100644 index 0000000000..7c5e8d7b93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-coming-soon-4b7a2f690ab23a9c56fa493203cfb340.yaml @@ -0,0 +1,58 @@ +id: easy-coming-soon-4b7a2f690ab23a9c56fa493203cfb340 + +info: + name: > + Easy Coming Soon <= 2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e46139c8-dd7e-4904-81b2-283952cea9b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-coming-soon/" + google-query: inurl:"/wp-content/plugins/easy-coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-coming-soon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-contact-form-pro-7ddd7913775f2842bdb03b5dd83ed7fe.yaml b/nuclei-templates/cve-less/plugins/easy-contact-form-pro-7ddd7913775f2842bdb03b5dd83ed7fe.yaml new file mode 100644 index 0000000000..3e4cb93839 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-contact-form-pro-7ddd7913775f2842bdb03b5dd83ed7fe.yaml @@ -0,0 +1,58 @@ +id: easy-contact-form-pro-7ddd7913775f2842bdb03b5dd83ed7fe + +info: + name: > + Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10ede689-4434-47fc-bf94-ca6da678ae01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-contact-form-pro/" + google-query: inurl:"/wp-content/plugins/easy-contact-form-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-contact-form-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-contact-form-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-contact-form-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-contact-form-solution-ec82173ebd40f930fa2890b83a9358a8.yaml b/nuclei-templates/cve-less/plugins/easy-contact-form-solution-ec82173ebd40f930fa2890b83a9358a8.yaml new file mode 100644 index 0000000000..a2ee7016a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-contact-form-solution-ec82173ebd40f930fa2890b83a9358a8.yaml @@ -0,0 +1,58 @@ +id: easy-contact-form-solution-ec82173ebd40f930fa2890b83a9358a8 + +info: + name: > + Easy Contact Form Solution <= 1.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02b9a40a-2fb6-4d75-b4b4-a83b95df90e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-contact-form-solution/" + google-query: inurl:"/wp-content/plugins/easy-contact-form-solution/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-contact-form-solution,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-contact-form-solution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-contact-form-solution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-cookie-law-5d8f13ec518cdd664ccdf095210c75bb.yaml b/nuclei-templates/cve-less/plugins/easy-cookie-law-5d8f13ec518cdd664ccdf095210c75bb.yaml new file mode 100644 index 0000000000..dfbd45b48a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-cookie-law-5d8f13ec518cdd664ccdf095210c75bb.yaml @@ -0,0 +1,58 @@ +id: easy-cookie-law-5d8f13ec518cdd664ccdf095210c75bb + +info: + name: > + Easy Cookie Law <= 3.1 - Cross-Site Request Forgery via 'ecl_options' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40487921-b9eb-4a18-b6f5-194611d2ef82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-cookie-law/" + google-query: inurl:"/wp-content/plugins/easy-cookie-law/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-cookie-law,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-cookie-law/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-cookie-law" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-cookies-policy-217c5fbd6c523ea432120eff4f82682f.yaml b/nuclei-templates/cve-less/plugins/easy-cookies-policy-217c5fbd6c523ea432120eff4f82682f.yaml new file mode 100644 index 0000000000..c28ce32343 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-cookies-policy-217c5fbd6c523ea432120eff4f82682f.yaml @@ -0,0 +1,58 @@ +id: easy-cookies-policy-217c5fbd6c523ea432120eff4f82682f + +info: + name: > + Easy Cookies Policy <= 1.6.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f7a00e-9cb4-4640-bda9-0cd7341d0c41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-cookies-policy/" + google-query: inurl:"/wp-content/plugins/easy-cookies-policy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-cookies-policy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-cookies-policy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-cookies-policy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-countdowner-13544ef8fd49a172f51f21a85f5f216f.yaml b/nuclei-templates/cve-less/plugins/easy-countdowner-13544ef8fd49a172f51f21a85f5f216f.yaml new file mode 100644 index 0000000000..376b611867 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-countdowner-13544ef8fd49a172f51f21a85f5f216f.yaml @@ -0,0 +1,58 @@ +id: easy-countdowner-13544ef8fd49a172f51f21a85f5f216f + +info: + name: > + Easy CountDowner <= 1.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39c751c7-0480-4b92-bebb-a69114d79378?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-countdowner/" + google-query: inurl:"/wp-content/plugins/easy-countdowner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-countdowner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-countdowner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-countdowner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-custom-auto-excerpt-0574327d2925f2e5b1baa6cdafa54603.yaml b/nuclei-templates/cve-less/plugins/easy-custom-auto-excerpt-0574327d2925f2e5b1baa6cdafa54603.yaml new file mode 100644 index 0000000000..c722a0682d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-custom-auto-excerpt-0574327d2925f2e5b1baa6cdafa54603.yaml @@ -0,0 +1,58 @@ +id: easy-custom-auto-excerpt-0574327d2925f2e5b1baa6cdafa54603 + +info: + name: > + Easy Custom Auto Excerpt < 2.4.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32ca6e56-add9-4024-831f-5dfa5130a7d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-custom-auto-excerpt/" + google-query: inurl:"/wp-content/plugins/easy-custom-auto-excerpt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-custom-auto-excerpt,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-custom-auto-excerpt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-custom-auto-excerpt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-custom-auto-excerpt-8bbf318086664bbd3967cf3760be4186.yaml b/nuclei-templates/cve-less/plugins/easy-custom-auto-excerpt-8bbf318086664bbd3967cf3760be4186.yaml new file mode 100644 index 0000000000..3bfcb60c50 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-custom-auto-excerpt-8bbf318086664bbd3967cf3760be4186.yaml @@ -0,0 +1,58 @@ +id: easy-custom-auto-excerpt-8bbf318086664bbd3967cf3760be4186 + +info: + name: > + Easy Custom Auto Excerpt <= 2.4.12 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c1e1fe4-23be-4f66-ae9f-cabb83811b71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-custom-auto-excerpt/" + google-query: inurl:"/wp-content/plugins/easy-custom-auto-excerpt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-custom-auto-excerpt,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-custom-auto-excerpt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-custom-auto-excerpt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-227b9ec56c4c7cc21d26de58db461ac5.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-227b9ec56c4c7cc21d26de58db461ac5.yaml new file mode 100644 index 0000000000..279d1834aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-227b9ec56c4c7cc21d26de58db461ac5.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-227b9ec56c4c7cc21d26de58db461ac5 + +info: + name: > + Easy Digital Downloads <= 3.2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44777529-660f-4038-bbee-566ca3a8d24e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-3e264890774be501312d562a2e66b9a4.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-3e264890774be501312d562a2e66b9a4.yaml new file mode 100644 index 0000000000..9ac320856a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-3e264890774be501312d562a2e66b9a4.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-3e264890774be501312d562a2e66b9a4 + +info: + name: > + Easy Digital Downloads <= 3.1.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbce48b2-aa7c-4c92-8df8-ee3a17336e97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-47dc8b23e46c86e99fa06304aa8794ea.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-47dc8b23e46c86e99fa06304aa8794ea.yaml new file mode 100644 index 0000000000..49b9ba4e74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-47dc8b23e46c86e99fa06304aa8794ea.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-47dc8b23e46c86e99fa06304aa8794ea + +info: + name: > + Easy Digital Downloads 3.1 - 3.1.1.4.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3e07c8-8fd0-4966-8276-aece794b75b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.1', '< 3.1.1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-4ada8035109d6dc47e94b2c651edea20.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-4ada8035109d6dc47e94b2c651edea20.yaml new file mode 100644 index 0000000000..97f00e124f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-4ada8035109d6dc47e94b2c651edea20.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-4ada8035109d6dc47e94b2c651edea20 + +info: + name: > + Easy Digital Downloads (Various Versions) - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/456f038c-85a4-426e-b9e0-3acf91f9b93a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.3', '<= 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-50401a72166a704fa2626edd9085598a.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-50401a72166a704fa2626edd9085598a.yaml new file mode 100644 index 0000000000..ba8ed432c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-50401a72166a704fa2626edd9085598a.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-50401a72166a704fa2626edd9085598a + +info: + name: > + Easy Digital Downloads <= 3.1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da94a7dc-f666-44fd-9f76-e610cbd2b610?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-54c8692b5e555318ec75bfc89238f380.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-54c8692b5e555318ec75bfc89238f380.yaml new file mode 100644 index 0000000000..88c23e7bea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-54c8692b5e555318ec75bfc89238f380.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-54c8692b5e555318ec75bfc89238f380 + +info: + name: > + Easy Digital Downloads < 3.1.0.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/508b6466-2786-4d6b-9ab2-772050af4803?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-58382c0384c54d2d71e941fcf6b84e29.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-58382c0384c54d2d71e941fcf6b84e29.yaml new file mode 100644 index 0000000000..42396f2f14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-58382c0384c54d2d71e941fcf6b84e29.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-58382c0384c54d2d71e941fcf6b84e29 + +info: + name: > + Easy Digital Downloads <= 3.1.0.1.1 - Unauthenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4966f96-713c-471f-8f36-55977a547f12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-58ad5ca81c9faa1c9bf4e8d6a87f5f2f.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-58ad5ca81c9faa1c9bf4e8d6a87f5f2f.yaml new file mode 100644 index 0000000000..9b362387b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-58ad5ca81c9faa1c9bf4e8d6a87f5f2f.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-58ad5ca81c9faa1c9bf4e8d6a87f5f2f + +info: + name: > + Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.9.15 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82259b54-0313-41a2-ace4-41e583b93e8a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-592d413a31d24bf2ca8e9ee4d3ed0b4b.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-592d413a31d24bf2ca8e9ee4d3ed0b4b.yaml new file mode 100644 index 0000000000..c2fcd48103 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-592d413a31d24bf2ca8e9ee4d3ed0b4b.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-592d413a31d24bf2ca8e9ee4d3ed0b4b + +info: + name: > + Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.2.9 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0837ba20-4b47-4cc8-9eb3-322289513d79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-6b70f3503530aa0d1601aef153ce564c.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-6b70f3503530aa0d1601aef153ce564c.yaml new file mode 100644 index 0000000000..554ccc991e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-6b70f3503530aa0d1601aef153ce564c.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-6b70f3503530aa0d1601aef153ce564c + +info: + name: > + Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.3.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c6a4c5f-7a02-4c53-a0ba-a2c7f592a3a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-8bf5f3c88eae040df5c93bb90ba373a1.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-8bf5f3c88eae040df5c93bb90ba373a1.yaml new file mode 100644 index 0000000000..4f4a991e43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-8bf5f3c88eae040df5c93bb90ba373a1.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-8bf5f3c88eae040df5c93bb90ba373a1 + +info: + name: > + Easy Digital Downloads <= 2.11.5 - Admin+ Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/301d273e-5cd2-49b8-b2ce-b30731ab4550?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-a21c37325364d975a3c7e649a4cca551.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-a21c37325364d975a3c7e649a4cca551.yaml new file mode 100644 index 0000000000..ed6cda9f03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-a21c37325364d975a3c7e649a4cca551.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-a21c37325364d975a3c7e649a4cca551 + +info: + name: > + Easy Digital Downloads <= 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d19a9c96-918f-4f19-82a9-badd5765cea3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-a5ae13191d707f6528df2db00d64b11b.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-a5ae13191d707f6528df2db00d64b11b.yaml new file mode 100644 index 0000000000..dc75a73da8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-a5ae13191d707f6528df2db00d64b11b.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-a5ae13191d707f6528df2db00d64b11b + +info: + name: > + Easy Digital Downloads <= 2.11.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14ad420b-df09-48de-8e36-d8edf0647837?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-a71d6df449db20ab9c26824728336769.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-a71d6df449db20ab9c26824728336769.yaml new file mode 100644 index 0000000000..4c825eb069 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-a71d6df449db20ab9c26824728336769.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-a71d6df449db20ab9c26824728336769 + +info: + name: > + Easy Digital Downloads – Simple eCommerce for Selling Digital Files <= 2.3.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be60027e-9d6a-4740-b20c-6be3e115d9fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.3', '< 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-bc7e0ce97309f84318e7a566c436b814.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-bc7e0ce97309f84318e7a566c436b814.yaml new file mode 100644 index 0000000000..7ce6d0dc7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-bc7e0ce97309f84318e7a566c436b814.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-bc7e0ce97309f84318e7a566c436b814 + +info: + name: > + Easy Digital Downloads <= 3.0.1 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1e563e1-5381-4353-aa09-b09971b830c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-bd2f40761a0dbf1803fa7290e415ab2f.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-bd2f40761a0dbf1803fa7290e415ab2f.yaml new file mode 100644 index 0000000000..46df515db9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-bd2f40761a0dbf1803fa7290e415ab2f.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-bd2f40761a0dbf1803fa7290e415ab2f + +info: + name: > + Easy Digital Downloads <= 2.11.7 - Cross-Site Request Forgery to Arbitrary Post Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea99795f-45fa-4d4c-a6bd-2197b58efcb2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-da73522010deacccd257b4e9a1315635.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-da73522010deacccd257b4e9a1315635.yaml new file mode 100644 index 0000000000..befd0a8d02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-da73522010deacccd257b4e9a1315635.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-da73522010deacccd257b4e9a1315635 + +info: + name: > + Easy Digital Downloads <= 3.2.6 - Authenticated(Shop Manager+) Stored Cross-Site Scripting via variable pricing options + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-f04987be0566d1eab3eaf27afc6eec08.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-f04987be0566d1eab3eaf27afc6eec08.yaml new file mode 100644 index 0000000000..dd8d924c77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-f04987be0566d1eab3eaf27afc6eec08.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-f04987be0566d1eab3eaf27afc6eec08 + +info: + name: > + Easy Digital Downloads <= 2.11.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56a362f3-dc4e-454d-9d94-9f4cb540d4b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-digital-downloads-htaccess-editor-c7caaada028e0b85fc2ec25ebcdc9cfe.yaml b/nuclei-templates/cve-less/plugins/easy-digital-downloads-htaccess-editor-c7caaada028e0b85fc2ec25ebcdc9cfe.yaml new file mode 100644 index 0000000000..5a23110a17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-digital-downloads-htaccess-editor-c7caaada028e0b85fc2ec25ebcdc9cfe.yaml @@ -0,0 +1,58 @@ +id: easy-digital-downloads-htaccess-editor-c7caaada028e0b85fc2ec25ebcdc9cfe + +info: + name: > + Easy Digital Downloads – htaccess Editor < 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/090c1ba1-1b73-4c83-a17f-993293c5621b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-digital-downloads-htaccess-editor/" + google-query: inurl:"/wp-content/plugins/easy-digital-downloads-htaccess-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-digital-downloads-htaccess-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-digital-downloads-htaccess-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-digital-downloads-htaccess-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-event-calendar-35d6cb483985201ac59c669cec20a881.yaml b/nuclei-templates/cve-less/plugins/easy-event-calendar-35d6cb483985201ac59c669cec20a881.yaml new file mode 100644 index 0000000000..5c149d1b12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-event-calendar-35d6cb483985201ac59c669cec20a881.yaml @@ -0,0 +1,58 @@ +id: easy-event-calendar-35d6cb483985201ac59c669cec20a881 + +info: + name: > + Easy Event calendar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57dda8e6-54d1-41db-a54d-4a5d635e23b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-event-calendar/" + google-query: inurl:"/wp-content/plugins/easy-event-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-event-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-event-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-event-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-like-box-97fb5b5839a832ac7ff02fb0d708c5d7.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-like-box-97fb5b5839a832ac7ff02fb0d708c5d7.yaml new file mode 100644 index 0000000000..eb5c068b39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-facebook-like-box-97fb5b5839a832ac7ff02fb0d708c5d7.yaml @@ -0,0 +1,58 @@ +id: easy-facebook-like-box-97fb5b5839a832ac7ff02fb0d708c5d7 + +info: + name: > + Easy Social Box / Page Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f051566-ac84-4ab6-b0ce-4dbcafc09d67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-facebook-like-box/" + google-query: inurl:"/wp-content/plugins/easy-facebook-like-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-facebook-like-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-like-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-like-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-09160f3fbb1916544cfbb6eb640a286b.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-09160f3fbb1916544cfbb6eb640a286b.yaml new file mode 100644 index 0000000000..8889b519bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-09160f3fbb1916544cfbb6eb640a286b.yaml @@ -0,0 +1,58 @@ +id: easy-facebook-likebox-09160f3fbb1916544cfbb6eb640a286b + +info: + name: > + Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aaf62045-b9ce-40d7-92b3-7ab683e5a08c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-308ac408c3111d0f21a07a5be08fe876.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-308ac408c3111d0f21a07a5be08fe876.yaml new file mode 100644 index 0000000000..b66d7b821d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-308ac408c3111d0f21a07a5be08fe876.yaml @@ -0,0 +1,58 @@ +id: easy-facebook-likebox-308ac408c3111d0f21a07a5be08fe876 + +info: + name: > + Easy Social Feed <= 6.5.1 - Missing Authorization via hide_free_sidebar() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4ffb3ef-9d77-463f-92c4-4bc799ac16aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-455ef09d7d7d2085e1e76af071d802ad.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-455ef09d7d7d2085e1e76af071d802ad.yaml new file mode 100644 index 0000000000..a842b2d9fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-455ef09d7d7d2085e1e76af071d802ad.yaml @@ -0,0 +1,58 @@ +id: easy-facebook-likebox-455ef09d7d7d2085e1e76af071d802ad + +info: + name: > + Easy Social Feed <= 6.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a586bab-df87-4e21-9b05-994c4fc991de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-566c183277ddddc5541276b2514b770a.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-566c183277ddddc5541276b2514b770a.yaml new file mode 100644 index 0000000000..50b13b372e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-566c183277ddddc5541276b2514b770a.yaml @@ -0,0 +1,58 @@ +id: easy-facebook-likebox-566c183277ddddc5541276b2514b770a + +info: + name: > + Easy Social Feed <= 6.5.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9381244-5ab9-4927-8e18-d6030a399d7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-5e1243e1e25d813c82b94fbe494798e2.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-5e1243e1e25d813c82b94fbe494798e2.yaml new file mode 100644 index 0000000000..02e753cc23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-5e1243e1e25d813c82b94fbe494798e2.yaml @@ -0,0 +1,58 @@ +id: easy-facebook-likebox-5e1243e1e25d813c82b94fbe494798e2 + +info: + name: > + Easy Social Feed <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via fb_appid + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ce726da-4860-4809-b579-9ec0d31a2fb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-6a4b9abd38157d4627731558a0b86be9.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-6a4b9abd38157d4627731558a0b86be9.yaml new file mode 100644 index 0000000000..6a909f7e98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-6a4b9abd38157d4627731558a0b86be9.yaml @@ -0,0 +1,58 @@ +id: easy-facebook-likebox-6a4b9abd38157d4627731558a0b86be9 + +info: + name: > + Easy Social Feed <= 6.5.2 - Missing Authorization to Settings Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3deee9b5-2e36-447d-a492-e22e3dc6a5ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-6fdd9a10958cc151010736328ad8d63f.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-6fdd9a10958cc151010736328ad8d63f.yaml new file mode 100644 index 0000000000..208c053a6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-6fdd9a10958cc151010736328ad8d63f.yaml @@ -0,0 +1,58 @@ +id: easy-facebook-likebox-6fdd9a10958cc151010736328ad8d63f + +info: + name: > + Easy Social Feed <= 6.5.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/262dcea7-3ac4-43ee-90d7-91f200c3496c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-7e2aa27b61aaa1e5ca65bdc32112a6a9.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-7e2aa27b61aaa1e5ca65bdc32112a6a9.yaml new file mode 100644 index 0000000000..7b43c9110d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-7e2aa27b61aaa1e5ca65bdc32112a6a9.yaml @@ -0,0 +1,58 @@ +id: easy-facebook-likebox-7e2aa27b61aaa1e5ca65bdc32112a6a9 + +info: + name: > + Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b76bddf3-96ad-4bb0-a37b-33b451da6713?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-dcded48546674d8a7147bd7b9ee5af2d.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-dcded48546674d8a7147bd7b9ee5af2d.yaml new file mode 100644 index 0000000000..34fa477f21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-dcded48546674d8a7147bd7b9ee5af2d.yaml @@ -0,0 +1,58 @@ +id: easy-facebook-likebox-dcded48546674d8a7147bd7b9ee5af2d + +info: + name: > + Easy Social Feed <= 6.2.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24c7e7da-39b4-4969-b24f-be7a8628236b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-facebook-likebox-f32c6b2b7d3eb58c4682087aa288b3f1.yaml b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-f32c6b2b7d3eb58c4682087aa288b3f1.yaml new file mode 100644 index 0000000000..3f57e2b50e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-facebook-likebox-f32c6b2b7d3eb58c4682087aa288b3f1.yaml @@ -0,0 +1,58 @@ +id: easy-facebook-likebox-f32c6b2b7d3eb58c4682087aa288b3f1 + +info: + name: > + Easy Social Feed <= 6.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7df85c11-6308-4b23-8c41-eea6bff5ca50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/easy-facebook-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-facebook-likebox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-fancybox-192f3751511f8b242f0945f1aac116aa.yaml b/nuclei-templates/cve-less/plugins/easy-fancybox-192f3751511f8b242f0945f1aac116aa.yaml new file mode 100644 index 0000000000..98ee045d57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-fancybox-192f3751511f8b242f0945f1aac116aa.yaml @@ -0,0 +1,58 @@ +id: easy-fancybox-192f3751511f8b242f0945f1aac116aa + +info: + name: > + Easy Fancybox <= 1.8.17 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b85306d-ffb6-487d-a981-6fc04b27e751?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-fancybox/" + google-query: inurl:"/wp-content/plugins/easy-fancybox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-fancybox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-fancybox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-fancybox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-faq-with-expanding-text-7ed4275b69b36875b8deb7c4de847800.yaml b/nuclei-templates/cve-less/plugins/easy-faq-with-expanding-text-7ed4275b69b36875b8deb7c4de847800.yaml new file mode 100644 index 0000000000..26f88513b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-faq-with-expanding-text-7ed4275b69b36875b8deb7c4de847800.yaml @@ -0,0 +1,58 @@ +id: easy-faq-with-expanding-text-7ed4275b69b36875b8deb7c4de847800 + +info: + name: > + Easy FAQ with Expanding Text <= 3.2.8.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b20e5257-1fb7-40b4-8ad8-798372b60972?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-faq-with-expanding-text/" + google-query: inurl:"/wp-content/plugins/easy-faq-with-expanding-text/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-faq-with-expanding-text,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-faq-with-expanding-text/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-faq-with-expanding-text" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.8.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-form-2e8ccf164adc8951aa826c00f9317ffc.yaml b/nuclei-templates/cve-less/plugins/easy-form-2e8ccf164adc8951aa826c00f9317ffc.yaml new file mode 100644 index 0000000000..15fbd95f78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-form-2e8ccf164adc8951aa826c00f9317ffc.yaml @@ -0,0 +1,58 @@ +id: easy-form-2e8ccf164adc8951aa826c00f9317ffc + +info: + name: > + Easy Form by AYS <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/765b09ef-dd6d-4c4e-a381-7bb0dc8d6652?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-form/" + google-query: inurl:"/wp-content/plugins/easy-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-form-builder-9f2fa558a3b450f42672af408bb3b106.yaml b/nuclei-templates/cve-less/plugins/easy-form-builder-9f2fa558a3b450f42672af408bb3b106.yaml new file mode 100644 index 0000000000..a36e5652f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-form-builder-9f2fa558a3b450f42672af408bb3b106.yaml @@ -0,0 +1,58 @@ +id: easy-form-builder-9f2fa558a3b450f42672af408bb3b106 + +info: + name: > + Easy Form Builder <= 3.3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a018ba2b-8188-41f9-bdab-64cae3362e0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-form-builder/" + google-query: inurl:"/wp-content/plugins/easy-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-form-builder-bdcfb7f870a9c9d99dad2a66d5149c6d.yaml b/nuclei-templates/cve-less/plugins/easy-form-builder-bdcfb7f870a9c9d99dad2a66d5149c6d.yaml new file mode 100644 index 0000000000..1b3f14f1b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-form-builder-bdcfb7f870a9c9d99dad2a66d5149c6d.yaml @@ -0,0 +1,58 @@ +id: easy-form-builder-bdcfb7f870a9c9d99dad2a66d5149c6d + +info: + name: > + Easy Form Builder <= 3.7.4 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4257d4ca-0e92-4d2f-b65b-dff9d7d48cb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-form-builder/" + google-query: inurl:"/wp-content/plugins/easy-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-form-builder-by-bitware-1cdb0a1c4888e43e483d5ba8e84b6d9c.yaml b/nuclei-templates/cve-less/plugins/easy-form-builder-by-bitware-1cdb0a1c4888e43e483d5ba8e84b6d9c.yaml new file mode 100644 index 0000000000..2da97ba009 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-form-builder-by-bitware-1cdb0a1c4888e43e483d5ba8e84b6d9c.yaml @@ -0,0 +1,58 @@ +id: easy-form-builder-by-bitware-1cdb0a1c4888e43e483d5ba8e84b6d9c + +info: + name: > + Easy Form Builder <= 1.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1af5f7be-cfe2-4e0b-ae84-e44095644d84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-form-builder-by-bitware/" + google-query: inurl:"/wp-content/plugins/easy-form-builder-by-bitware/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-form-builder-by-bitware,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-form-builder-by-bitware/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-form-builder-by-bitware" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-gallery-slideshow-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/easy-gallery-slideshow-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..4d395e4309 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-gallery-slideshow-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: easy-gallery-slideshow-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-gallery-slideshow/" + google-query: inurl:"/wp-content/plugins/easy-gallery-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-gallery-slideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-gallery-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-gallery-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-google-analytics-for-wordpress-da9bd5e9b4433e9c21c5e76b9f3bc74b.yaml b/nuclei-templates/cve-less/plugins/easy-google-analytics-for-wordpress-da9bd5e9b4433e9c21c5e76b9f3bc74b.yaml new file mode 100644 index 0000000000..b4dbfea819 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-google-analytics-for-wordpress-da9bd5e9b4433e9c21c5e76b9f3bc74b.yaml @@ -0,0 +1,58 @@ +id: easy-google-analytics-for-wordpress-da9bd5e9b4433e9c21c5e76b9f3bc74b + +info: + name: > + Easy Google Analytics for WordPress <= 1.6.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37e707ef-fe66-4c21-9c37-7b65fb7690db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-google-analytics-for-wordpress/" + google-query: inurl:"/wp-content/plugins/easy-google-analytics-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-google-analytics-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-google-analytics-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-google-analytics-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-google-map-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/easy-google-map-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..3f0de964ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-google-map-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: easy-google-map-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-google-map/" + google-query: inurl:"/wp-content/plugins/easy-google-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-google-map,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-google-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-google-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-hide-login-5db1bc17d104f6fabd7d82e060cec486.yaml b/nuclei-templates/cve-less/plugins/easy-hide-login-5db1bc17d104f6fabd7d82e060cec486.yaml new file mode 100644 index 0000000000..6b5f684ac8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-hide-login-5db1bc17d104f6fabd7d82e060cec486.yaml @@ -0,0 +1,58 @@ +id: easy-hide-login-5db1bc17d104f6fabd7d82e060cec486 + +info: + name: > + Easy Hide Login <= 1.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42fff63c-62ec-466e-9a05-60d76f80039e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-hide-login/" + google-query: inurl:"/wp-content/plugins/easy-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-hide-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-hide-login-6046df75d04ba248b7035ff17b16ffc4.yaml b/nuclei-templates/cve-less/plugins/easy-hide-login-6046df75d04ba248b7035ff17b16ffc4.yaml new file mode 100644 index 0000000000..fb16ef1ab1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-hide-login-6046df75d04ba248b7035ff17b16ffc4.yaml @@ -0,0 +1,58 @@ +id: easy-hide-login-6046df75d04ba248b7035ff17b16ffc4 + +info: + name: > + Easy Hide Login <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/745cf98c-ad3a-4ec9-9ee8-ae817d5d7358?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-hide-login/" + google-query: inurl:"/wp-content/plugins/easy-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-hide-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-justified-gallery-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/easy-justified-gallery-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..a468254815 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-justified-gallery-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: easy-justified-gallery-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-justified-gallery/" + google-query: inurl:"/wp-content/plugins/easy-justified-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-justified-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-justified-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-justified-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-login-styler-7876e3e9a0cea227500debf5d1a1674e.yaml b/nuclei-templates/cve-less/plugins/easy-login-styler-7876e3e9a0cea227500debf5d1a1674e.yaml new file mode 100644 index 0000000000..9b006a29d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-login-styler-7876e3e9a0cea227500debf5d1a1674e.yaml @@ -0,0 +1,58 @@ +id: easy-login-styler-7876e3e9a0cea227500debf5d1a1674e + +info: + name: > + Easy Login Styler – White Label Admin Login Page for WordPress <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbb65d61-c7e1-4884-8b10-a26df504724c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-login-styler/" + google-query: inurl:"/wp-content/plugins/easy-login-styler/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-login-styler,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-login-styler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-login-styler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-login-woocommerce-16223cc2976f7faa5fb929bf7546e0a0.yaml b/nuclei-templates/cve-less/plugins/easy-login-woocommerce-16223cc2976f7faa5fb929bf7546e0a0.yaml new file mode 100644 index 0000000000..e1538d1b86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-login-woocommerce-16223cc2976f7faa5fb929bf7546e0a0.yaml @@ -0,0 +1,58 @@ +id: easy-login-woocommerce-16223cc2976f7faa5fb929bf7546e0a0 + +info: + name: > + Login/Signup Popup <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc6d943d-32c0-45d7-9de9-b576199e6fe7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-login-woocommerce/" + google-query: inurl:"/wp-content/plugins/easy-login-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-login-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-login-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-login-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-login-woocommerce-eb7a1f00c95af7d29372c7231c49405b.yaml b/nuclei-templates/cve-less/plugins/easy-login-woocommerce-eb7a1f00c95af7d29372c7231c49405b.yaml new file mode 100644 index 0000000000..fe5ca04210 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-login-woocommerce-eb7a1f00c95af7d29372c7231c49405b.yaml @@ -0,0 +1,58 @@ +id: easy-login-woocommerce-eb7a1f00c95af7d29372c7231c49405b + +info: + name: > + Login/Signup Popup < 1.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96d264fe-e7e1-4eec-b235-9d288bc5a22f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-login-woocommerce/" + google-query: inurl:"/wp-content/plugins/easy-login-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-login-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-login-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-login-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-maintenance-mode-coming-soon-c6f7d89996a803ee8eb7814d6f5734cd.yaml b/nuclei-templates/cve-less/plugins/easy-maintenance-mode-coming-soon-c6f7d89996a803ee8eb7814d6f5734cd.yaml new file mode 100644 index 0000000000..c898042c7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-maintenance-mode-coming-soon-c6f7d89996a803ee8eb7814d6f5734cd.yaml @@ -0,0 +1,58 @@ +id: easy-maintenance-mode-coming-soon-c6f7d89996a803ee8eb7814d6f5734cd + +info: + name: > + Easy Maintenance Mode <= 1.4.2 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a12f472-0ae1-4c3c-b7e3-85f637fe58c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-maintenance-mode-coming-soon/" + google-query: inurl:"/wp-content/plugins/easy-maintenance-mode-coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-maintenance-mode-coming-soon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-maintenance-mode-coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-maintenance-mode-coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-media-download-91ba8b6ec0e7e434577621e62a4faeec.yaml b/nuclei-templates/cve-less/plugins/easy-media-download-91ba8b6ec0e7e434577621e62a4faeec.yaml new file mode 100644 index 0000000000..31a1f57a1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-media-download-91ba8b6ec0e7e434577621e62a4faeec.yaml @@ -0,0 +1,58 @@ +id: easy-media-download-91ba8b6ec0e7e434577621e62a4faeec + +info: + name: > + Easy Media Download <= 1.1.5 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1e38cdc-7bc5-4963-9ebe-efd6c6ea228d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-media-download/" + google-query: inurl:"/wp-content/plugins/easy-media-download/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-media-download,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-media-download/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-media-download" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-media-gallery-e35ccf6a5d1ddada5f10422331d300df.yaml b/nuclei-templates/cve-less/plugins/easy-media-gallery-e35ccf6a5d1ddada5f10422331d300df.yaml new file mode 100644 index 0000000000..5bf2d3b23a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-media-gallery-e35ccf6a5d1ddada5f10422331d300df.yaml @@ -0,0 +1,58 @@ +id: easy-media-gallery-e35ccf6a5d1ddada5f10422331d300df + +info: + name: > + Gallery – Photo Albums Plugin < 1.3.47 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42030492-5802-42db-b88b-8a0f1552de12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-media-gallery/" + google-query: inurl:"/wp-content/plugins/easy-media-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-media-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-media-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-media-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-media-replace-1f6ddf0ce56b9b9d3d870c2c339aeff1.yaml b/nuclei-templates/cve-less/plugins/easy-media-replace-1f6ddf0ce56b9b9d3d870c2c339aeff1.yaml new file mode 100644 index 0000000000..90571ab4da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-media-replace-1f6ddf0ce56b9b9d3d870c2c339aeff1.yaml @@ -0,0 +1,58 @@ +id: easy-media-replace-1f6ddf0ce56b9b9d3d870c2c339aeff1 + +info: + name: > + Easy Media Replace <= 0.1.3 - Authenticated (Author+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abb4af63-37fe-49b7-8f70-ac9c7e47e939?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-media-replace/" + google-query: inurl:"/wp-content/plugins/easy-media-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-media-replace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-media-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-media-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-modal-c2574a7a9b79ad452c99c332f592fe5f.yaml b/nuclei-templates/cve-less/plugins/easy-modal-c2574a7a9b79ad452c99c332f592fe5f.yaml new file mode 100644 index 0000000000..e4205f715e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-modal-c2574a7a9b79ad452c99c332f592fe5f.yaml @@ -0,0 +1,58 @@ +id: easy-modal-c2574a7a9b79ad452c99c332f592fe5f + +info: + name: > + Easy Modal < 2.1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b82f5da-42ef-40b4-bfa4-26b88a3328db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-modal/" + google-query: inurl:"/wp-content/plugins/easy-modal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-modal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-modal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-modal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-modal-f615078fb53a8f47f20c6cb2792c121c.yaml b/nuclei-templates/cve-less/plugins/easy-modal-f615078fb53a8f47f20c6cb2792c121c.yaml new file mode 100644 index 0000000000..21d1e317c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-modal-f615078fb53a8f47f20c6cb2792c121c.yaml @@ -0,0 +1,58 @@ +id: easy-modal-f615078fb53a8f47f20c6cb2792c121c + +info: + name: > + Easy Modal < 2.1.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4757590a-f5dc-48d6-aef1-80158f728b6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-modal/" + google-query: inurl:"/wp-content/plugins/easy-modal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-modal,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-modal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-modal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-newsletter-signups-2b77677bf3f1770d1f2637876cb7abee.yaml b/nuclei-templates/cve-less/plugins/easy-newsletter-signups-2b77677bf3f1770d1f2637876cb7abee.yaml new file mode 100644 index 0000000000..25364e1f8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-newsletter-signups-2b77677bf3f1770d1f2637876cb7abee.yaml @@ -0,0 +1,58 @@ +id: easy-newsletter-signups-2b77677bf3f1770d1f2637876cb7abee + +info: + name: > + Easy Newsletter Signups <= 1.0.4 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2799c74a-4ebf-4996-b681-08c32bf07114?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-newsletter-signups/" + google-query: inurl:"/wp-content/plugins/easy-newsletter-signups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-newsletter-signups,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-newsletter-signups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-newsletter-signups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-newsletter-signups-e1e05c3d687b12217db0b7b57b7d94d7.yaml b/nuclei-templates/cve-less/plugins/easy-newsletter-signups-e1e05c3d687b12217db0b7b57b7d94d7.yaml new file mode 100644 index 0000000000..b1504f7245 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-newsletter-signups-e1e05c3d687b12217db0b7b57b7d94d7.yaml @@ -0,0 +1,58 @@ +id: easy-newsletter-signups-e1e05c3d687b12217db0b7b57b7d94d7 + +info: + name: > + Easy Newsletter Signups <= 1.0.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/288946ae-6e58-42e6-89d1-8951539728d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-newsletter-signups/" + google-query: inurl:"/wp-content/plugins/easy-newsletter-signups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-newsletter-signups,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-newsletter-signups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-newsletter-signups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-org-chart-c452417a821be37f2cab44c35d2fb224.yaml b/nuclei-templates/cve-less/plugins/easy-org-chart-c452417a821be37f2cab44c35d2fb224.yaml new file mode 100644 index 0000000000..bfe154b6bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-org-chart-c452417a821be37f2cab44c35d2fb224.yaml @@ -0,0 +1,58 @@ +id: easy-org-chart-c452417a821be37f2cab44c35d2fb224 + +info: + name: > + Easy Org Chart <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43d141e3-1e62-4126-b914-bdc98577de3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-org-chart/" + google-query: inurl:"/wp-content/plugins/easy-org-chart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-org-chart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-org-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-org-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-panorama-0fb85e5ea92cfc0152cd39c07cc97431.yaml b/nuclei-templates/cve-less/plugins/easy-panorama-0fb85e5ea92cfc0152cd39c07cc97431.yaml new file mode 100644 index 0000000000..9019b95aeb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-panorama-0fb85e5ea92cfc0152cd39c07cc97431.yaml @@ -0,0 +1,58 @@ +id: easy-panorama-0fb85e5ea92cfc0152cd39c07cc97431 + +info: + name: > + Easy Panorama <= 1.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/783829c2-fe09-44a1-bbb5-2a694ad816ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-panorama/" + google-query: inurl:"/wp-content/plugins/easy-panorama/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-panorama,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-panorama/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-panorama" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-paypal-donation-00976904f98e30f11e675f02667fdeb3.yaml b/nuclei-templates/cve-less/plugins/easy-paypal-donation-00976904f98e30f11e675f02667fdeb3.yaml new file mode 100644 index 0000000000..bfa9d1a140 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-paypal-donation-00976904f98e30f11e675f02667fdeb3.yaml @@ -0,0 +1,58 @@ +id: easy-paypal-donation-00976904f98e30f11e675f02667fdeb3 + +info: + name: > + Accept Donations with PayPal <= 1.3.3 - Arbitrary Post Deletion via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/641e52d1-d046-4c15-9624-3b1919cd674f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-paypal-donation/" + google-query: inurl:"/wp-content/plugins/easy-paypal-donation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-paypal-donation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-paypal-donation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-paypal-donation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-paypal-donation-83b7e3214e301bc8ce0a2ff3a2e28649.yaml b/nuclei-templates/cve-less/plugins/easy-paypal-donation-83b7e3214e301bc8ce0a2ff3a2e28649.yaml new file mode 100644 index 0000000000..c85758c552 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-paypal-donation-83b7e3214e301bc8ce0a2ff3a2e28649.yaml @@ -0,0 +1,58 @@ +id: easy-paypal-donation-83b7e3214e301bc8ce0a2ff3a2e28649 + +info: + name: > + Paypal Donation <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0ec4f27-2057-468e-bfcd-818c50952cac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-paypal-donation/" + google-query: inurl:"/wp-content/plugins/easy-paypal-donation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-paypal-donation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-paypal-donation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-paypal-donation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-paypal-donation-89760f3ab457772708d08bbbb7ce1092.yaml b/nuclei-templates/cve-less/plugins/easy-paypal-donation-89760f3ab457772708d08bbbb7ce1092.yaml new file mode 100644 index 0000000000..bcd1149a3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-paypal-donation-89760f3ab457772708d08bbbb7ce1092.yaml @@ -0,0 +1,58 @@ +id: easy-paypal-donation-89760f3ab457772708d08bbbb7ce1092 + +info: + name: > + Paypal Donation <= 1.3.1 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d7860bf-3f3d-4bd2-82b0-7bb94d00ff30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-paypal-donation/" + google-query: inurl:"/wp-content/plugins/easy-paypal-donation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-paypal-donation,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-paypal-donation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-paypal-donation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-paypal-donation-96fff1abfd750f8db5e7b15f8178a35a.yaml b/nuclei-templates/cve-less/plugins/easy-paypal-donation-96fff1abfd750f8db5e7b15f8178a35a.yaml new file mode 100644 index 0000000000..0279ccd592 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-paypal-donation-96fff1abfd750f8db5e7b15f8178a35a.yaml @@ -0,0 +1,58 @@ +id: easy-paypal-donation-96fff1abfd750f8db5e7b15f8178a35a + +info: + name: > + Accept Donations with PayPal <= 1.3.0 Cross-Site Request Forgery to Post Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7220537-aad0-48e0-81f1-7104ec15ffbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-paypal-donation/" + google-query: inurl:"/wp-content/plugins/easy-paypal-donation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-paypal-donation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-paypal-donation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-paypal-donation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-paypal-shopping-cart-6956ece992f5fba93947f810cb6c0062.yaml b/nuclei-templates/cve-less/plugins/easy-paypal-shopping-cart-6956ece992f5fba93947f810cb6c0062.yaml new file mode 100644 index 0000000000..5d4739c889 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-paypal-shopping-cart-6956ece992f5fba93947f810cb6c0062.yaml @@ -0,0 +1,58 @@ +id: easy-paypal-shopping-cart-6956ece992f5fba93947f810cb6c0062 + +info: + name: > + Easy PayPal Shopping Cart <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf6e3552-9616-4da1-8d8e-a6144ba1d0a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-paypal-shopping-cart/" + google-query: inurl:"/wp-content/plugins/easy-paypal-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-paypal-shopping-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-paypal-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-paypal-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-pdf-restaurant-menu-upload-40be5fedd5539e32999075c425fecfed.yaml b/nuclei-templates/cve-less/plugins/easy-pdf-restaurant-menu-upload-40be5fedd5539e32999075c425fecfed.yaml new file mode 100644 index 0000000000..2555336034 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-pdf-restaurant-menu-upload-40be5fedd5539e32999075c425fecfed.yaml @@ -0,0 +1,58 @@ +id: easy-pdf-restaurant-menu-upload-40be5fedd5539e32999075c425fecfed + +info: + name: > + Easy restaurant menu manager <= 1.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/816573b7-e720-4470-a929-a6cad0d73dc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-pdf-restaurant-menu-upload/" + google-query: inurl:"/wp-content/plugins/easy-pdf-restaurant-menu-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-pdf-restaurant-menu-upload,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-pdf-restaurant-menu-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-pdf-restaurant-menu-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-pie-coming-soon-8e2fcddafd26ffe986aba71521006509.yaml b/nuclei-templates/cve-less/plugins/easy-pie-coming-soon-8e2fcddafd26ffe986aba71521006509.yaml new file mode 100644 index 0000000000..1969333732 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-pie-coming-soon-8e2fcddafd26ffe986aba71521006509.yaml @@ -0,0 +1,58 @@ +id: easy-pie-coming-soon-8e2fcddafd26ffe986aba71521006509 + +info: + name: > + EZP Coming Soon Page <= 1.0.7.3 - Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05614ee6-ce14-44fe-a819-8f116563dbdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-pie-coming-soon/" + google-query: inurl:"/wp-content/plugins/easy-pie-coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-pie-coming-soon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-pie-coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-pie-coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.73') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-pie-maintenance-mode-276fdddefb69d404e325809486a9c5a4.yaml b/nuclei-templates/cve-less/plugins/easy-pie-maintenance-mode-276fdddefb69d404e325809486a9c5a4.yaml new file mode 100644 index 0000000000..e6464fd82d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-pie-maintenance-mode-276fdddefb69d404e325809486a9c5a4.yaml @@ -0,0 +1,58 @@ +id: easy-pie-maintenance-mode-276fdddefb69d404e325809486a9c5a4 + +info: + name: > + EZP Maintenance Mode <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac1239c9-72a6-44d8-911f-70a528c66c62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-pie-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/easy-pie-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-pie-maintenance-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-pie-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-pie-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-popup-show-eb0df5a7745874fdf5ef88eb67a5ec63.yaml b/nuclei-templates/cve-less/plugins/easy-popup-show-eb0df5a7745874fdf5ef88eb67a5ec63.yaml new file mode 100644 index 0000000000..e99352f324 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-popup-show-eb0df5a7745874fdf5ef88eb67a5ec63.yaml @@ -0,0 +1,58 @@ +id: easy-popup-show-eb0df5a7745874fdf5ef88eb67a5ec63 + +info: + name: > + Easy PopUp Show <= 0.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28d622b3-e8a7-4a3b-9f0b-e344b085284d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-popup-show/" + google-query: inurl:"/wp-content/plugins/easy-popup-show/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-popup-show,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-popup-show/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-popup-show" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-post-types-75e8a53ab865623ebf98c15a4f6ef027.yaml b/nuclei-templates/cve-less/plugins/easy-post-types-75e8a53ab865623ebf98c15a4f6ef027.yaml new file mode 100644 index 0000000000..3cf6d061f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-post-types-75e8a53ab865623ebf98c15a4f6ef027.yaml @@ -0,0 +1,58 @@ +id: easy-post-types-75e8a53ab865623ebf98c15a4f6ef027 + +info: + name: > + WP Easy Post Types < 1.4.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63af18df-a3e4-48e6-be84-15d33edf3b46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-post-types/" + google-query: inurl:"/wp-content/plugins/easy-post-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-post-types,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-preloader-8a961b077a643c6dcf8e7dd2b515541b.yaml b/nuclei-templates/cve-less/plugins/easy-preloader-8a961b077a643c6dcf8e7dd2b515541b.yaml new file mode 100644 index 0000000000..726a2ba3fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-preloader-8a961b077a643c6dcf8e7dd2b515541b.yaml @@ -0,0 +1,58 @@ +id: easy-preloader-8a961b077a643c6dcf8e7dd2b515541b + +info: + name: > + Easy Preloader <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27f09e0e-ddd0-4440-9a58-a7fc60b49776?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-preloader/" + google-query: inurl:"/wp-content/plugins/easy-preloader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-preloader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-preloader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-preloader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-pricing-tables-2c80874fb8fd4cd567be9f10e0fc4aab.yaml b/nuclei-templates/cve-less/plugins/easy-pricing-tables-2c80874fb8fd4cd567be9f10e0fc4aab.yaml new file mode 100644 index 0000000000..56539ad1d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-pricing-tables-2c80874fb8fd4cd567be9f10e0fc4aab.yaml @@ -0,0 +1,58 @@ +id: easy-pricing-tables-2c80874fb8fd4cd567be9f10e0fc4aab + +info: + name: > + Easy Pricing Tables <= 3.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55b08fca-65af-4535-aa94-a9bfaef67b4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-pricing-tables/" + google-query: inurl:"/wp-content/plugins/easy-pricing-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-pricing-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-pricing-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-pricing-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-pricing-tables-8074409c2ea9229ad0a8c825dc05c21d.yaml b/nuclei-templates/cve-less/plugins/easy-pricing-tables-8074409c2ea9229ad0a8c825dc05c21d.yaml new file mode 100644 index 0000000000..1ee336230f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-pricing-tables-8074409c2ea9229ad0a8c825dc05c21d.yaml @@ -0,0 +1,58 @@ +id: easy-pricing-tables-8074409c2ea9229ad0a8c825dc05c21d + +info: + name: > + Easy Pricing Tables <= 3.1.2 - Arbitrary Post Removal via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd64b4cb-955a-4942-9837-bdf0e6a1b48a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-pricing-tables/" + google-query: inurl:"/wp-content/plugins/easy-pricing-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-pricing-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-pricing-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-pricing-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-pricing-tables-99e94192bf6d19eb379533764c917cb6.yaml b/nuclei-templates/cve-less/plugins/easy-pricing-tables-99e94192bf6d19eb379533764c917cb6.yaml new file mode 100644 index 0000000000..f191e80df0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-pricing-tables-99e94192bf6d19eb379533764c917cb6.yaml @@ -0,0 +1,58 @@ +id: easy-pricing-tables-99e94192bf6d19eb379533764c917cb6 + +info: + name: > + Easy Pricing Tables <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa51a7b8-be74-450f-afb8-6a6c5c8afaa4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-pricing-tables/" + google-query: inurl:"/wp-content/plugins/easy-pricing-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-pricing-tables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-pricing-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-pricing-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-pricing-tables-e4f1d5f5dc814ad4d0bdfba0ea143852.yaml b/nuclei-templates/cve-less/plugins/easy-pricing-tables-e4f1d5f5dc814ad4d0bdfba0ea143852.yaml new file mode 100644 index 0000000000..4bf47e0550 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-pricing-tables-e4f1d5f5dc814ad4d0bdfba0ea143852.yaml @@ -0,0 +1,58 @@ +id: easy-pricing-tables-e4f1d5f5dc814ad4d0bdfba0ea143852 + +info: + name: > + Easy Pricing Tables <= 3.1.2 - Author+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f09584f9-7ea3-4cfb-bbdf-7ca241e64bb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-pricing-tables/" + google-query: inurl:"/wp-content/plugins/easy-pricing-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-pricing-tables,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-pricing-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-pricing-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-property-listings-19a8a46d3531a17a737d3cfe8d4f708e.yaml b/nuclei-templates/cve-less/plugins/easy-property-listings-19a8a46d3531a17a737d3cfe8d4f708e.yaml new file mode 100644 index 0000000000..e2a965e52a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-property-listings-19a8a46d3531a17a737d3cfe8d4f708e.yaml @@ -0,0 +1,58 @@ +id: easy-property-listings-19a8a46d3531a17a737d3cfe8d4f708e + +info: + name: > + Easy Property Listings <= 3.3.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8af7c85-977f-41aa-acbe-293dfa913577?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-property-listings/" + google-query: inurl:"/wp-content/plugins/easy-property-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-property-listings,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-property-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-property-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-property-listings-7e74a978e0fcd8ce34e332a78ac6415d.yaml b/nuclei-templates/cve-less/plugins/easy-property-listings-7e74a978e0fcd8ce34e332a78ac6415d.yaml new file mode 100644 index 0000000000..69e2165745 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-property-listings-7e74a978e0fcd8ce34e332a78ac6415d.yaml @@ -0,0 +1,58 @@ +id: easy-property-listings-7e74a978e0fcd8ce34e332a78ac6415d + +info: + name: > + Easy Property Listings <= 3.5.2 - Authenticated(Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7ac96db-2d9a-4eaf-8916-a02e3e64ca4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-property-listings/" + google-query: inurl:"/wp-content/plugins/easy-property-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-property-listings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-property-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-property-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-property-listings-e049cf9cff2a64ed7bf022044d018fad.yaml b/nuclei-templates/cve-less/plugins/easy-property-listings-e049cf9cff2a64ed7bf022044d018fad.yaml new file mode 100644 index 0000000000..63b2bfc2ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-property-listings-e049cf9cff2a64ed7bf022044d018fad.yaml @@ -0,0 +1,58 @@ +id: easy-property-listings-e049cf9cff2a64ed7bf022044d018fad + +info: + name: > + Easy Property Listings < 3.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/516261b5-4356-40e1-9418-3243086bc1b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-property-listings/" + google-query: inurl:"/wp-content/plugins/easy-property-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-property-listings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-property-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-property-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-property-listings-f26d5492f0770f1b4f41cabb1dbfd120.yaml b/nuclei-templates/cve-less/plugins/easy-property-listings-f26d5492f0770f1b4f41cabb1dbfd120.yaml new file mode 100644 index 0000000000..f83f0714be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-property-listings-f26d5492f0770f1b4f41cabb1dbfd120.yaml @@ -0,0 +1,58 @@ +id: easy-property-listings-f26d5492f0770f1b4f41cabb1dbfd120 + +info: + name: > + Easy Property Listings <= 3.5.3 - Missing Authorization via epl_update_listing_coordinates() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6647856b-19f2-475a-8d45-d33c7b3a8f92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-property-listings/" + google-query: inurl:"/wp-content/plugins/easy-property-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-property-listings,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-property-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-property-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-redirect-manager-ced2dcf72a4e26ecb3f884cfc4438e2f.yaml b/nuclei-templates/cve-less/plugins/easy-redirect-manager-ced2dcf72a4e26ecb3f884cfc4438e2f.yaml new file mode 100644 index 0000000000..331c4d7ca8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-redirect-manager-ced2dcf72a4e26ecb3f884cfc4438e2f.yaml @@ -0,0 +1,58 @@ +id: easy-redirect-manager-ced2dcf72a4e26ecb3f884cfc4438e2f + +info: + name: > + Easy Redirect Manager <= 2.18.18 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e57ba2b-a95c-4410-9ba6-a66c6da36883?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-redirect-manager/" + google-query: inurl:"/wp-content/plugins/easy-redirect-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-redirect-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-redirect-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-redirect-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-registration-forms-1988ed1c56a6e8e4ba81a01e51929328.yaml b/nuclei-templates/cve-less/plugins/easy-registration-forms-1988ed1c56a6e8e4ba81a01e51929328.yaml new file mode 100644 index 0000000000..1ecccf9a0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-registration-forms-1988ed1c56a6e8e4ba81a01e51929328.yaml @@ -0,0 +1,58 @@ +id: easy-registration-forms-1988ed1c56a6e8e4ba81a01e51929328 + +info: + name: > + Easy Registration Forms <= 2.0.6 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43a60896-3b88-4b36-b6d9-46812b8ba35b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-registration-forms/" + google-query: inurl:"/wp-content/plugins/easy-registration-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-registration-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-registration-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-registration-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-registration-forms-3cf0c7158d6fa6e72389913fb8e96f48.yaml b/nuclei-templates/cve-less/plugins/easy-registration-forms-3cf0c7158d6fa6e72389913fb8e96f48.yaml new file mode 100644 index 0000000000..29e1d16349 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-registration-forms-3cf0c7158d6fa6e72389913fb8e96f48.yaml @@ -0,0 +1,58 @@ +id: easy-registration-forms-3cf0c7158d6fa6e72389913fb8e96f48 + +info: + name: > + Easy Registration Forms <= 2.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d794052-1ba2-4772-bc15-5d9732e015e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-registration-forms/" + google-query: inurl:"/wp-content/plugins/easy-registration-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-registration-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-registration-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-registration-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-registration-forms-d3595d30820755045dbe80d57c0f600c.yaml b/nuclei-templates/cve-less/plugins/easy-registration-forms-d3595d30820755045dbe80d57c0f600c.yaml new file mode 100644 index 0000000000..95827d3c5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-registration-forms-d3595d30820755045dbe80d57c0f600c.yaml @@ -0,0 +1,58 @@ +id: easy-registration-forms-d3595d30820755045dbe80d57c0f600c + +info: + name: > + Easy Registration Forms <= 2.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/562fe11f-36a0-4f23-9eed-50ada7ab2961?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-registration-forms/" + google-query: inurl:"/wp-content/plugins/easy-registration-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-registration-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-registration-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-registration-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-set-favicon-c65d467c803cb05436e2b506583569bb.yaml b/nuclei-templates/cve-less/plugins/easy-set-favicon-c65d467c803cb05436e2b506583569bb.yaml new file mode 100644 index 0000000000..9c700dd381 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-set-favicon-c65d467c803cb05436e2b506583569bb.yaml @@ -0,0 +1,58 @@ +id: easy-set-favicon-c65d467c803cb05436e2b506583569bb + +info: + name: > + Easy Set Favicon <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/825af974-dccd-4409-8f22-fa70240b0c66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-set-favicon/" + google-query: inurl:"/wp-content/plugins/easy-set-favicon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-set-favicon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-set-favicon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-set-favicon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-sign-up-c3d61b837adb4506fbea73b489e751f0.yaml b/nuclei-templates/cve-less/plugins/easy-sign-up-c3d61b837adb4506fbea73b489e751f0.yaml new file mode 100644 index 0000000000..66925dd09e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-sign-up-c3d61b837adb4506fbea73b489e751f0.yaml @@ -0,0 +1,58 @@ +id: easy-sign-up-c3d61b837adb4506fbea73b489e751f0 + +info: + name: > + Easy Sign Up <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af718d65-9f8f-4ed8-80ed-e7ed34169016?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-sign-up/" + google-query: inurl:"/wp-content/plugins/easy-sign-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-sign-up,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-sign-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-sign-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-slider-revolution-97f7a332ae5645762ec8464bbe228dfc.yaml b/nuclei-templates/cve-less/plugins/easy-slider-revolution-97f7a332ae5645762ec8464bbe228dfc.yaml new file mode 100644 index 0000000000..c755652ec3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-slider-revolution-97f7a332ae5645762ec8464bbe228dfc.yaml @@ -0,0 +1,58 @@ +id: easy-slider-revolution-97f7a332ae5645762ec8464bbe228dfc + +info: + name: > + Easy Slider Revolution <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via esrcpt_slider_allow_iframes_filter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14a20f9c-cf5a-4d57-b723-ad29a12c8881?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-slider-revolution/" + google-query: inurl:"/wp-content/plugins/easy-slider-revolution/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-slider-revolution,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-slider-revolution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-slider-revolution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-social-icons-41e74ccfba32267621605ffd0d327b1c.yaml b/nuclei-templates/cve-less/plugins/easy-social-icons-41e74ccfba32267621605ffd0d327b1c.yaml new file mode 100644 index 0000000000..5fa78213a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-social-icons-41e74ccfba32267621605ffd0d327b1c.yaml @@ -0,0 +1,58 @@ +id: easy-social-icons-41e74ccfba32267621605ffd0d327b1c + +info: + name: > + Easy Social Icons <= 3.0.8 – Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ef3a657-28ce-4a27-b4d8-617db8027ffc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-social-icons/" + google-query: inurl:"/wp-content/plugins/easy-social-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-social-icons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-social-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-social-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-social-icons-61a927bc340bb105a879f38c8d71f797.yaml b/nuclei-templates/cve-less/plugins/easy-social-icons-61a927bc340bb105a879f38c8d71f797.yaml new file mode 100644 index 0000000000..d69c55b714 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-social-icons-61a927bc340bb105a879f38c8d71f797.yaml @@ -0,0 +1,58 @@ +id: easy-social-icons-61a927bc340bb105a879f38c8d71f797 + +info: + name: > + Easy Social Icons <= 3.1.3 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97c7b0bc-4c73-4330-851a-2d6d6d0b62c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-social-icons/" + google-query: inurl:"/wp-content/plugins/easy-social-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-social-icons,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-social-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-social-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-social-icons-d9a381f55de2cbcc100fd4387b57379e.yaml b/nuclei-templates/cve-less/plugins/easy-social-icons-d9a381f55de2cbcc100fd4387b57379e.yaml new file mode 100644 index 0000000000..80bf98dae1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-social-icons-d9a381f55de2cbcc100fd4387b57379e.yaml @@ -0,0 +1,58 @@ +id: easy-social-icons-d9a381f55de2cbcc100fd4387b57379e + +info: + name: > + Easy Social Icons <= 3.2.0 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c59871cc-2d62-4eea-a78b-19810570c47d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-social-icons/" + google-query: inurl:"/wp-content/plugins/easy-social-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-social-icons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-social-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-social-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-social-icons-ecb72206512391b63853fcec98ca443c.yaml b/nuclei-templates/cve-less/plugins/easy-social-icons-ecb72206512391b63853fcec98ca443c.yaml new file mode 100644 index 0000000000..2610aced3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-social-icons-ecb72206512391b63853fcec98ca443c.yaml @@ -0,0 +1,58 @@ +id: easy-social-icons-ecb72206512391b63853fcec98ca443c + +info: + name: > + Easy Social Icons <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab888ee1-bdc2-4b8b-9b16-a7d146f123df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-social-icons/" + google-query: inurl:"/wp-content/plugins/easy-social-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-social-icons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-social-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-social-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-social-icons-f48220ff86f125e37c7a8dfee9752f3b.yaml b/nuclei-templates/cve-less/plugins/easy-social-icons-f48220ff86f125e37c7a8dfee9752f3b.yaml new file mode 100644 index 0000000000..5e37e80f50 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-social-icons-f48220ff86f125e37c7a8dfee9752f3b.yaml @@ -0,0 +1,58 @@ +id: easy-social-icons-f48220ff86f125e37c7a8dfee9752f3b + +info: + name: > + Easy Social Icons <= 3.2.4 - Missing Authorization via cnss_save_ajax_order + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3bdc0c4-34fb-43cc-ba2b-340347bca146?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-social-icons/" + google-query: inurl:"/wp-content/plugins/easy-social-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-social-icons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-social-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-social-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-social-icons-f8dda67401c83c106e4913ae42963922.yaml b/nuclei-templates/cve-less/plugins/easy-social-icons-f8dda67401c83c106e4913ae42963922.yaml new file mode 100644 index 0000000000..c1053343cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-social-icons-f8dda67401c83c106e4913ae42963922.yaml @@ -0,0 +1,58 @@ +id: easy-social-icons-f8dda67401c83c106e4913ae42963922 + +info: + name: > + Easy Social Icons <= 1.2.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f00a12ed-d8c2-40b2-b0c8-71507469ee95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-social-icons/" + google-query: inurl:"/wp-content/plugins/easy-social-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-social-icons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-social-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-social-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-social-share-buttons3-47b99cb97f68327c811e482acf82f22d.yaml b/nuclei-templates/cve-less/plugins/easy-social-share-buttons3-47b99cb97f68327c811e482acf82f22d.yaml new file mode 100644 index 0000000000..4f497ef90a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-social-share-buttons3-47b99cb97f68327c811e482acf82f22d.yaml @@ -0,0 +1,58 @@ +id: easy-social-share-buttons3-47b99cb97f68327c811e482acf82f22d + +info: + name: > + Easy Social Share Buttons <= 9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/797faa73-401d-492c-a99d-0724df57b6e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-social-share-buttons3/" + google-query: inurl:"/wp-content/plugins/easy-social-share-buttons3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-social-share-buttons3,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-social-share-buttons3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-social-share-buttons3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-social-share-buttons3-731324aeee016bb6f029892372fbf4ce.yaml b/nuclei-templates/cve-less/plugins/easy-social-share-buttons3-731324aeee016bb6f029892372fbf4ce.yaml new file mode 100644 index 0000000000..92939db530 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-social-share-buttons3-731324aeee016bb6f029892372fbf4ce.yaml @@ -0,0 +1,58 @@ +id: easy-social-share-buttons3-731324aeee016bb6f029892372fbf4ce + +info: + name: > + Easy Social Share Buttons <= 9.4 - Authenticated (Subscriber+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fc28132-eae6-4082-988c-2d9e56ff1283?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-social-share-buttons3/" + google-query: inurl:"/wp-content/plugins/easy-social-share-buttons3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-social-share-buttons3,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-social-share-buttons3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-social-share-buttons3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-social-share-buttons3-d90e5ac159925d0ab3971b3b6d358c41.yaml b/nuclei-templates/cve-less/plugins/easy-social-share-buttons3-d90e5ac159925d0ab3971b3b6d358c41.yaml new file mode 100644 index 0000000000..1f85241474 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-social-share-buttons3-d90e5ac159925d0ab3971b3b6d358c41.yaml @@ -0,0 +1,58 @@ +id: easy-social-share-buttons3-d90e5ac159925d0ab3971b3b6d358c41 + +info: + name: > + Easy Social Share Buttons <= 9.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22b742d7-e9fe-48ea-ae7f-579bd3c32c44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-social-share-buttons3/" + google-query: inurl:"/wp-content/plugins/easy-social-share-buttons3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-social-share-buttons3,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-social-share-buttons3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-social-share-buttons3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-sticky-sidebar-98193019af2a73f9695ff639de4023e0.yaml b/nuclei-templates/cve-less/plugins/easy-sticky-sidebar-98193019af2a73f9695ff639de4023e0.yaml new file mode 100644 index 0000000000..0b863e1119 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-sticky-sidebar-98193019af2a73f9695ff639de4023e0.yaml @@ -0,0 +1,58 @@ +id: easy-sticky-sidebar-98193019af2a73f9695ff639de4023e0 + +info: + name: > + WordPress CTA <= 1.5.8 - Missing Authorization via Multiple AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a65a1f25-04e5-4ca3-9b2d-1b78254a8871?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-sticky-sidebar/" + google-query: inurl:"/wp-content/plugins/easy-sticky-sidebar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-sticky-sidebar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-sticky-sidebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-sticky-sidebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-sticky-sidebar-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/easy-sticky-sidebar-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..114be2585a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-sticky-sidebar-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: easy-sticky-sidebar-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-sticky-sidebar/" + google-query: inurl:"/wp-content/plugins/easy-sticky-sidebar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-sticky-sidebar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-sticky-sidebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-sticky-sidebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-student-results-429ff280452993df8646f6def7c9d328.yaml b/nuclei-templates/cve-less/plugins/easy-student-results-429ff280452993df8646f6def7c9d328.yaml new file mode 100644 index 0000000000..ce04ad1b8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-student-results-429ff280452993df8646f6def7c9d328.yaml @@ -0,0 +1,58 @@ +id: easy-student-results-429ff280452993df8646f6def7c9d328 + +info: + name: > + Easy Student Results <= 2.2.8 - Missing Authorization to Sensitive Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1efe450-d081-421e-95c3-f2d79c328a33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-student-results/" + google-query: inurl:"/wp-content/plugins/easy-student-results/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-student-results,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-student-results/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-student-results" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-student-results-c4969b59b8b4cdf482f721bc206c229a.yaml b/nuclei-templates/cve-less/plugins/easy-student-results-c4969b59b8b4cdf482f721bc206c229a.yaml new file mode 100644 index 0000000000..11347faa37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-student-results-c4969b59b8b4cdf482f721bc206c229a.yaml @@ -0,0 +1,58 @@ +id: easy-student-results-c4969b59b8b4cdf482f721bc206c229a + +info: + name: > + Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da5ba18a-97ec-42c5-a7c4-ca38611c1fcd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-student-results/" + google-query: inurl:"/wp-content/plugins/easy-student-results/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-student-results,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-student-results/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-student-results" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-svg-73a4ba5237a6c747115a7db7e60454a1.yaml b/nuclei-templates/cve-less/plugins/easy-svg-73a4ba5237a6c747115a7db7e60454a1.yaml new file mode 100644 index 0000000000..292db3a48f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-svg-73a4ba5237a6c747115a7db7e60454a1.yaml @@ -0,0 +1,58 @@ +id: easy-svg-73a4ba5237a6c747115a7db7e60454a1 + +info: + name: > + Easy SVG Support <= 3.2.0 - Cross-Site Scripting via SVG Upload + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e736e75-5ad4-4773-b1f7-358dc74848f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-svg/" + google-query: inurl:"/wp-content/plugins/easy-svg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-svg,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-svg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-svg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-svg-image-allow-99ad02b61917183fbf0c75dc39e4e9c8.yaml b/nuclei-templates/cve-less/plugins/easy-svg-image-allow-99ad02b61917183fbf0c75dc39e4e9c8.yaml new file mode 100644 index 0000000000..c4a9003445 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-svg-image-allow-99ad02b61917183fbf0c75dc39e4e9c8.yaml @@ -0,0 +1,58 @@ +id: easy-svg-image-allow-99ad02b61917183fbf0c75dc39e4e9c8 + +info: + name: > + Easy SVG Allow <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a766b5b-e21e-4009-86d9-7f0a5c91ed51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-svg-image-allow/" + google-query: inurl:"/wp-content/plugins/easy-svg-image-allow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-svg-image-allow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-svg-image-allow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-svg-image-allow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-table-1d7d7c5febd898bd86b248bdd1c64ad3.yaml b/nuclei-templates/cve-less/plugins/easy-table-1d7d7c5febd898bd86b248bdd1c64ad3.yaml new file mode 100644 index 0000000000..8b4e7430e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-table-1d7d7c5febd898bd86b248bdd1c64ad3.yaml @@ -0,0 +1,58 @@ +id: easy-table-1d7d7c5febd898bd86b248bdd1c64ad3 + +info: + name: > + Easy Table <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea0d5859-7304-4d65-9ba9-679d0fc3c3fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-table/" + google-query: inurl:"/wp-content/plugins/easy-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-table,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-table-booking-86987ea9b36773133771b8d624c0f2b6.yaml b/nuclei-templates/cve-less/plugins/easy-table-booking-86987ea9b36773133771b8d624c0f2b6.yaml new file mode 100644 index 0000000000..047347af5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-table-booking-86987ea9b36773133771b8d624c0f2b6.yaml @@ -0,0 +1,58 @@ +id: easy-table-booking-86987ea9b36773133771b8d624c0f2b6 + +info: + name: > + Easy Restaurant Table Booking <= 1.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1492440d-c6c8-46c0-bc88-c9e3f9933ad4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-table-booking/" + google-query: inurl:"/wp-content/plugins/easy-table-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-table-booking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-table-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-table-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-table-of-contents-3d0e7652c5954cde6070c6634683929c.yaml b/nuclei-templates/cve-less/plugins/easy-table-of-contents-3d0e7652c5954cde6070c6634683929c.yaml new file mode 100644 index 0000000000..bea9b53e69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-table-of-contents-3d0e7652c5954cde6070c6634683929c.yaml @@ -0,0 +1,58 @@ +id: easy-table-of-contents-3d0e7652c5954cde6070c6634683929c + +info: + name: > + Easy Table of Contents <= 2.0.45.2 - Missing Authorization via eztoc_reset_options_to_default + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff937860-c4e0-4172-9f0f-d66578fa7203?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-table-of-contents/" + google-query: inurl:"/wp-content/plugins/easy-table-of-contents/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-table-of-contents,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-table-of-contents/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-table-of-contents" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.45.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-team-manager-1ff79c544d50f2338de3189197eb1777.yaml b/nuclei-templates/cve-less/plugins/easy-team-manager-1ff79c544d50f2338de3189197eb1777.yaml new file mode 100644 index 0000000000..7e6cb6e240 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-team-manager-1ff79c544d50f2338de3189197eb1777.yaml @@ -0,0 +1,58 @@ +id: easy-team-manager-1ff79c544d50f2338de3189197eb1777 + +info: + name: > + Easy Team Manager <= 1.3.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2407d25-75da-4a04-8a39-04cb1711ae33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-team-manager/" + google-query: inurl:"/wp-content/plugins/easy-team-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-team-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-team-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-team-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-testimonial-manager-6fbfd79bf661b65b2359132741b885f3.yaml b/nuclei-templates/cve-less/plugins/easy-testimonial-manager-6fbfd79bf661b65b2359132741b885f3.yaml new file mode 100644 index 0000000000..36da2348e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-testimonial-manager-6fbfd79bf661b65b2359132741b885f3.yaml @@ -0,0 +1,58 @@ +id: easy-testimonial-manager-6fbfd79bf661b65b2359132741b885f3 + +info: + name: > + Easy Testimonial Manager <= 1.2.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e0426e9-f6d8-40aa-9ceb-a3e5515ac316?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-testimonial-manager/" + google-query: inurl:"/wp-content/plugins/easy-testimonial-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-testimonial-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-testimonial-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-testimonial-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-testimonial-rotator-13b96d2f8807051b1c5765c2cfc941c7.yaml b/nuclei-templates/cve-less/plugins/easy-testimonial-rotator-13b96d2f8807051b1c5765c2cfc941c7.yaml new file mode 100644 index 0000000000..7450adbe92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-testimonial-rotator-13b96d2f8807051b1c5765c2cfc941c7.yaml @@ -0,0 +1,58 @@ +id: easy-testimonial-rotator-13b96d2f8807051b1c5765c2cfc941c7 + +info: + name: > + Easy Testimonial Slider and Form <= 1.0.15 - Unauthenticated Reflected Cross-Site Scripting via search_term + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6b16ffe-1c65-49d3-9e30-407bc75d7d49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-testimonial-rotator/" + google-query: inurl:"/wp-content/plugins/easy-testimonial-rotator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-testimonial-rotator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-testimonial-rotator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-testimonial-rotator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-testimonial-rotator-95ad70daa5a42e22046c057a639de555.yaml b/nuclei-templates/cve-less/plugins/easy-testimonial-rotator-95ad70daa5a42e22046c057a639de555.yaml new file mode 100644 index 0000000000..cc78aeaaa9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-testimonial-rotator-95ad70daa5a42e22046c057a639de555.yaml @@ -0,0 +1,58 @@ +id: easy-testimonial-rotator-95ad70daa5a42e22046c057a639de555 + +info: + name: > + Easy Testimonial Slider and Form <= 1.0.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01da1829-e3f4-4246-ae3d-72377c4b232e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-testimonial-rotator/" + google-query: inurl:"/wp-content/plugins/easy-testimonial-rotator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-testimonial-rotator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-testimonial-rotator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-testimonial-rotator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-testimonials-139542bed79cb071600ed5c3c1e9d45c.yaml b/nuclei-templates/cve-less/plugins/easy-testimonials-139542bed79cb071600ed5c3c1e9d45c.yaml new file mode 100644 index 0000000000..07f648fc23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-testimonials-139542bed79cb071600ed5c3c1e9d45c.yaml @@ -0,0 +1,58 @@ +id: easy-testimonials-139542bed79cb071600ed5c3c1e9d45c + +info: + name: > + Easy Testimonials <= 3.5.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/537acaf7-8d44-484d-9516-774a3de5573f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-testimonials/" + google-query: inurl:"/wp-content/plugins/easy-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-testimonials,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-testimonials-3e13ae2b6b41b4f67d87446a43e49fcf.yaml b/nuclei-templates/cve-less/plugins/easy-testimonials-3e13ae2b6b41b4f67d87446a43e49fcf.yaml new file mode 100644 index 0000000000..bc9ba48894 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-testimonials-3e13ae2b6b41b4f67d87446a43e49fcf.yaml @@ -0,0 +1,58 @@ +id: easy-testimonials-3e13ae2b6b41b4f67d87446a43e49fcf + +info: + name: > + Easy Testimonials <= 3.6.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8da49c2e-576c-490b-b812-96d15b6d2b1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-testimonials/" + google-query: inurl:"/wp-content/plugins/easy-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-testimonials,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-testimonials-63f488767eed871fd699454a474174aa.yaml b/nuclei-templates/cve-less/plugins/easy-testimonials-63f488767eed871fd699454a474174aa.yaml new file mode 100644 index 0000000000..32279c2767 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-testimonials-63f488767eed871fd699454a474174aa.yaml @@ -0,0 +1,58 @@ +id: easy-testimonials-63f488767eed871fd699454a474174aa + +info: + name: > + Easy Testimonials <= 3.5.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b47f9624-1829-42b7-8afb-fe25b234df72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-testimonials/" + google-query: inurl:"/wp-content/plugins/easy-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-testimonials-aeef249fc57afd724305e4aa12ba4e2c.yaml b/nuclei-templates/cve-less/plugins/easy-testimonials-aeef249fc57afd724305e4aa12ba4e2c.yaml new file mode 100644 index 0000000000..5b19b22be2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-testimonials-aeef249fc57afd724305e4aa12ba4e2c.yaml @@ -0,0 +1,58 @@ +id: easy-testimonials-aeef249fc57afd724305e4aa12ba4e2c + +info: + name: > + Easy Testimonials <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42e54e09-242f-49ab-9fff-a9ffc62dd4bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-testimonials/" + google-query: inurl:"/wp-content/plugins/easy-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-testimonials-ded406378489866866417fd6ec210840.yaml b/nuclei-templates/cve-less/plugins/easy-testimonials-ded406378489866866417fd6ec210840.yaml new file mode 100644 index 0000000000..9c9af57de7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-testimonials-ded406378489866866417fd6ec210840.yaml @@ -0,0 +1,58 @@ +id: easy-testimonials-ded406378489866866417fd6ec210840 + +info: + name: > + Easy Testimonials <= 3.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a5d7c3-b9dd-46e8-92e2-455ef1394b50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-testimonials/" + google-query: inurl:"/wp-content/plugins/easy-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-testimonials,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-textillate-2411b4426d78f7ca35565f6c5d4b0e5b.yaml b/nuclei-templates/cve-less/plugins/easy-textillate-2411b4426d78f7ca35565f6c5d4b0e5b.yaml new file mode 100644 index 0000000000..1fda47a37e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-textillate-2411b4426d78f7ca35565f6c5d4b0e5b.yaml @@ -0,0 +1,58 @@ +id: easy-textillate-2411b4426d78f7ca35565f6c5d4b0e5b + +info: + name: > + Easy Textillate <= 2.01 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66529116-7b0e-4e2f-96f1-a4d91fa7f956?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-textillate/" + google-query: inurl:"/wp-content/plugins/easy-textillate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-textillate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-textillate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-textillate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-textillate-52d571dc3064574a067b92facc54ed54.yaml b/nuclei-templates/cve-less/plugins/easy-textillate-52d571dc3064574a067b92facc54ed54.yaml new file mode 100644 index 0000000000..3d53d7a663 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-textillate-52d571dc3064574a067b92facc54ed54.yaml @@ -0,0 +1,58 @@ +id: easy-textillate-52d571dc3064574a067b92facc54ed54 + +info: + name: > + Easy Textillate <= 2.02 - Authenticated(Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cee8cd9-7fa9-4154-9d74-ab54da18e521?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-textillate/" + google-query: inurl:"/wp-content/plugins/easy-textillate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-textillate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-textillate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-textillate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.02') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-twitter-feeds-376e635d9c344dbb946b8ae2b1699cff.yaml b/nuclei-templates/cve-less/plugins/easy-twitter-feeds-376e635d9c344dbb946b8ae2b1699cff.yaml new file mode 100644 index 0000000000..904fde9b8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-twitter-feeds-376e635d9c344dbb946b8ae2b1699cff.yaml @@ -0,0 +1,58 @@ +id: easy-twitter-feeds-376e635d9c344dbb946b8ae2b1699cff + +info: + name: > + Easy Twitter Feed < 1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad9272e3-fa81-440e-8d77-207145123ad2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-twitter-feeds/" + google-query: inurl:"/wp-content/plugins/easy-twitter-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-twitter-feeds,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-twitter-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-twitter-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-video-player-b2f775a90d3415bc2313e385ff781703.yaml b/nuclei-templates/cve-less/plugins/easy-video-player-b2f775a90d3415bc2313e385ff781703.yaml new file mode 100644 index 0000000000..bb661dab82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-video-player-b2f775a90d3415bc2313e385ff781703.yaml @@ -0,0 +1,58 @@ +id: easy-video-player-b2f775a90d3415bc2313e385ff781703 + +info: + name: > + Easy Video Player <= 1.2.2.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd28f7f0-ed52-45d0-8d97-5ff95d17eb26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-video-player/" + google-query: inurl:"/wp-content/plugins/easy-video-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-video-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-video-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-video-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-video-player-cdfd3455a6f46d912895a672ab21e1b5.yaml b/nuclei-templates/cve-less/plugins/easy-video-player-cdfd3455a6f46d912895a672ab21e1b5.yaml new file mode 100644 index 0000000000..27ff888644 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-video-player-cdfd3455a6f46d912895a672ab21e1b5.yaml @@ -0,0 +1,58 @@ +id: easy-video-player-cdfd3455a6f46d912895a672ab21e1b5 + +info: + name: > + Easy Video Player <= 1.2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/996b5e29-beea-4678-8596-04e96a343584?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-video-player/" + google-query: inurl:"/wp-content/plugins/easy-video-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-video-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-video-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-video-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-video-reviews-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/easy-video-reviews-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..6dd465e387 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-video-reviews-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: easy-video-reviews-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-video-reviews/" + google-query: inurl:"/wp-content/plugins/easy-video-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-video-reviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-video-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-video-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-wp-cleaner-7334a0dc3d35cec714b6fff3c35d6fab.yaml b/nuclei-templates/cve-less/plugins/easy-wp-cleaner-7334a0dc3d35cec714b6fff3c35d6fab.yaml new file mode 100644 index 0000000000..3da5d50a68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-wp-cleaner-7334a0dc3d35cec714b6fff3c35d6fab.yaml @@ -0,0 +1,58 @@ +id: easy-wp-cleaner-7334a0dc3d35cec714b6fff3c35d6fab + +info: + name: > + Easy WP Cleaner <= 1.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4c2689d-be51-4907-b624-c85da39f545d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-wp-cleaner/" + google-query: inurl:"/wp-content/plugins/easy-wp-cleaner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-wp-cleaner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-wp-cleaner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-wp-cleaner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-wp-smtp-3c68c1399fad8442e05257bec4405849.yaml b/nuclei-templates/cve-less/plugins/easy-wp-smtp-3c68c1399fad8442e05257bec4405849.yaml new file mode 100644 index 0000000000..4166d95207 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-wp-smtp-3c68c1399fad8442e05257bec4405849.yaml @@ -0,0 +1,58 @@ +id: easy-wp-smtp-3c68c1399fad8442e05257bec4405849 + +info: + name: > + Easy WP SMTP <= 1.3.9 - Missing Authorization to Arbitrary Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84b75f7d-7258-46f6-aee6-b96d70bee264?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-wp-smtp/" + google-query: inurl:"/wp-content/plugins/easy-wp-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-wp-smtp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-wp-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-wp-smtp-3fc9a3fcf79cc1897ce2e887e3d3f73c.yaml b/nuclei-templates/cve-less/plugins/easy-wp-smtp-3fc9a3fcf79cc1897ce2e887e3d3f73c.yaml new file mode 100644 index 0000000000..50618c17bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-wp-smtp-3fc9a3fcf79cc1897ce2e887e3d3f73c.yaml @@ -0,0 +1,58 @@ +id: easy-wp-smtp-3fc9a3fcf79cc1897ce2e887e3d3f73c + +info: + name: > + Easy WP SMTP <= 1.4.9 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc972855-6bd5-43cd-96e6-3b1aa1c6255b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-wp-smtp/" + google-query: inurl:"/wp-content/plugins/easy-wp-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-wp-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-wp-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-wp-smtp-9a16f7dd8fd77a0633f39e5cb1c0fe95.yaml b/nuclei-templates/cve-less/plugins/easy-wp-smtp-9a16f7dd8fd77a0633f39e5cb1c0fe95.yaml new file mode 100644 index 0000000000..1197251634 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-wp-smtp-9a16f7dd8fd77a0633f39e5cb1c0fe95.yaml @@ -0,0 +1,58 @@ +id: easy-wp-smtp-9a16f7dd8fd77a0633f39e5cb1c0fe95 + +info: + name: > + Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/748220a6-9882-458c-8f80-a928f449c400?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-wp-smtp/" + google-query: inurl:"/wp-content/plugins/easy-wp-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-wp-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-wp-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-wp-smtp-bc7fc430ade2f2b736ad2cc1fe4fe700.yaml b/nuclei-templates/cve-less/plugins/easy-wp-smtp-bc7fc430ade2f2b736ad2cc1fe4fe700.yaml new file mode 100644 index 0000000000..38aad3f825 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-wp-smtp-bc7fc430ade2f2b736ad2cc1fe4fe700.yaml @@ -0,0 +1,58 @@ +id: easy-wp-smtp-bc7fc430ade2f2b736ad2cc1fe4fe700 + +info: + name: > + Easy WP SMTP <= 1.4.2 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/837eea49-0b2c-46b4-a325-526d7c143fdc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-wp-smtp/" + google-query: inurl:"/wp-content/plugins/easy-wp-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-wp-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-wp-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-wp-smtp-c7d1f2ed116b346313eed1fb0d2a8296.yaml b/nuclei-templates/cve-less/plugins/easy-wp-smtp-c7d1f2ed116b346313eed1fb0d2a8296.yaml new file mode 100644 index 0000000000..7189034564 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-wp-smtp-c7d1f2ed116b346313eed1fb0d2a8296.yaml @@ -0,0 +1,58 @@ +id: easy-wp-smtp-c7d1f2ed116b346313eed1fb0d2a8296 + +info: + name: > + Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94f0041d-eed6-4980-a7b8-f7410ca68e67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-wp-smtp/" + google-query: inurl:"/wp-content/plugins/easy-wp-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-wp-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-wp-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-wp-smtp-e3ac7cfb196d6042fdf4cb82d4ed4384.yaml b/nuclei-templates/cve-less/plugins/easy-wp-smtp-e3ac7cfb196d6042fdf4cb82d4ed4384.yaml new file mode 100644 index 0000000000..18d9093946 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-wp-smtp-e3ac7cfb196d6042fdf4cb82d4ed4384.yaml @@ -0,0 +1,58 @@ +id: easy-wp-smtp-e3ac7cfb196d6042fdf4cb82d4ed4384 + +info: + name: > + Easy WP SMTP <= 1.5.1 - Authenticated (Admin+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75e02357-391a-4f21-9024-ca4a0ea24d50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-wp-smtp/" + google-query: inurl:"/wp-content/plugins/easy-wp-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-wp-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-wp-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy-wp-smtp-e3f24a45c97373cce269e0ae75379f47.yaml b/nuclei-templates/cve-less/plugins/easy-wp-smtp-e3f24a45c97373cce269e0ae75379f47.yaml new file mode 100644 index 0000000000..78913b59b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy-wp-smtp-e3f24a45c97373cce269e0ae75379f47.yaml @@ -0,0 +1,58 @@ +id: easy-wp-smtp-e3f24a45c97373cce269e0ae75379f47 + +info: + name: > + Easy WP SMTP <= 1.2.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b94f7ca-9848-4fd5-848b-e341258f9c47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy-wp-smtp/" + google-query: inurl:"/wp-content/plugins/easy-wp-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy-wp-smtp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy-wp-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy2map-164bec1494162189ba7115d5dd5c222b.yaml b/nuclei-templates/cve-less/plugins/easy2map-164bec1494162189ba7115d5dd5c222b.yaml new file mode 100644 index 0000000000..c8fbdc9d64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy2map-164bec1494162189ba7115d5dd5c222b.yaml @@ -0,0 +1,58 @@ +id: easy2map-164bec1494162189ba7115d5dd5c222b + +info: + name: > + Easy2Map <= 1.2.9 - Directory Traversal and Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f5b4f9a-4067-4514-9027-b645921d807f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy2map/" + google-query: inurl:"/wp-content/plugins/easy2map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy2map,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy2map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy2map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy2map-281571699228cab1d5beb867576443c8.yaml b/nuclei-templates/cve-less/plugins/easy2map-281571699228cab1d5beb867576443c8.yaml new file mode 100644 index 0000000000..fb78e45c34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy2map-281571699228cab1d5beb867576443c8.yaml @@ -0,0 +1,58 @@ +id: easy2map-281571699228cab1d5beb867576443c8 + +info: + name: > + Easy2Map <= 1.2.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3cc99df-b709-40e7-a911-ea19f5af2c82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy2map/" + google-query: inurl:"/wp-content/plugins/easy2map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy2map,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy2map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy2map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy2map-ad10f6931e20f26aa8f27ac8a7f0eba7.yaml b/nuclei-templates/cve-less/plugins/easy2map-ad10f6931e20f26aa8f27ac8a7f0eba7.yaml new file mode 100644 index 0000000000..8020117f6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy2map-ad10f6931e20f26aa8f27ac8a7f0eba7.yaml @@ -0,0 +1,58 @@ +id: easy2map-ad10f6931e20f26aa8f27ac8a7f0eba7 + +info: + name: > + Easy2Map <= 1.2.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd25026-f507-47f0-bf4e-5b58c37f398c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy2map/" + google-query: inurl:"/wp-content/plugins/easy2map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy2map,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy2map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy2map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy2map-d7ec8c507a9ed2e2307abe588cfe9f0d.yaml b/nuclei-templates/cve-less/plugins/easy2map-d7ec8c507a9ed2e2307abe588cfe9f0d.yaml new file mode 100644 index 0000000000..ff79b89e86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy2map-d7ec8c507a9ed2e2307abe588cfe9f0d.yaml @@ -0,0 +1,58 @@ +id: easy2map-d7ec8c507a9ed2e2307abe588cfe9f0d + +info: + name: > + Easy2Map <= 1.2.4 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97c07a3e-4538-4e0f-a597-6b843ff7feb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy2map/" + google-query: inurl:"/wp-content/plugins/easy2map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy2map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy2map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy2map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy2map-photos-02351a704f122ed7e237be1c0b97be24.yaml b/nuclei-templates/cve-less/plugins/easy2map-photos-02351a704f122ed7e237be1c0b97be24.yaml new file mode 100644 index 0000000000..e54699dcfa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy2map-photos-02351a704f122ed7e237be1c0b97be24.yaml @@ -0,0 +1,58 @@ +id: easy2map-photos-02351a704f122ed7e237be1c0b97be24 + +info: + name: > + Easy2Map Photos <= 1.0.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af7163da-79b3-45df-a33c-01367205bb6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy2map-photos/" + google-query: inurl:"/wp-content/plugins/easy2map-photos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy2map-photos,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy2map-photos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy2map-photos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easy2map-photos-e1e2d018531f7235196dc9a4085ec51e.yaml b/nuclei-templates/cve-less/plugins/easy2map-photos-e1e2d018531f7235196dc9a4085ec51e.yaml new file mode 100644 index 0000000000..8985018a02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easy2map-photos-e1e2d018531f7235196dc9a4085ec51e.yaml @@ -0,0 +1,58 @@ +id: easy2map-photos-e1e2d018531f7235196dc9a4085ec51e + +info: + name: > + Easy2map-photos <= 1.0.9 - Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ef8906b-be0a-45d2-b1ec-6f480306d9f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easy2map-photos/" + google-query: inurl:"/wp-content/plugins/easy2map-photos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easy2map-photos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easy2map-photos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easy2map-photos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easyappointments-38d608cacdc80db417ded65078eef410.yaml b/nuclei-templates/cve-less/plugins/easyappointments-38d608cacdc80db417ded65078eef410.yaml new file mode 100644 index 0000000000..b22bba3383 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easyappointments-38d608cacdc80db417ded65078eef410.yaml @@ -0,0 +1,58 @@ +id: easyappointments-38d608cacdc80db417ded65078eef410 + +info: + name: > + Easy!Appointments <= 1.3.1 - Authenticated(Subscriber+) Arbitrary File Deletion via 'disconnect' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35fc9a16-3775-48c0-82af-692974f54c33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easyappointments/" + google-query: inurl:"/wp-content/plugins/easyappointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easyappointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easyappointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easyappointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easyappointments-72000fe0c780a49eca561c11357809c0.yaml b/nuclei-templates/cve-less/plugins/easyappointments-72000fe0c780a49eca561c11357809c0.yaml new file mode 100644 index 0000000000..bd831b3c39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easyappointments-72000fe0c780a49eca561c11357809c0.yaml @@ -0,0 +1,58 @@ +id: easyappointments-72000fe0c780a49eca561c11357809c0 + +info: + name: > + Easy!Appointments < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b002e40-712d-4c3f-b168-9132e7b77e60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easyappointments/" + google-query: inurl:"/wp-content/plugins/easyappointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easyappointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easyappointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easyappointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easyappointments-f934be2103cf424f8b0313022bdc21ec.yaml b/nuclei-templates/cve-less/plugins/easyappointments-f934be2103cf424f8b0313022bdc21ec.yaml new file mode 100644 index 0000000000..41d3298a87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easyappointments-f934be2103cf424f8b0313022bdc21ec.yaml @@ -0,0 +1,58 @@ +id: easyappointments-f934be2103cf424f8b0313022bdc21ec + +info: + name: > + Easy!Appointments <= 1.3.2 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87c99299-d23b-4cab-b2dc-abeed89155ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easyappointments/" + google-query: inurl:"/wp-content/plugins/easyappointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easyappointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easyappointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easyappointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easyazon-78a77e4a1a5aa34cbb515f8d429a5d22.yaml b/nuclei-templates/cve-less/plugins/easyazon-78a77e4a1a5aa34cbb515f8d429a5d22.yaml new file mode 100644 index 0000000000..3aadc41ac5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easyazon-78a77e4a1a5aa34cbb515f8d429a5d22.yaml @@ -0,0 +1,58 @@ +id: easyazon-78a77e4a1a5aa34cbb515f8d429a5d22 + +info: + name: > + EasyAzon – Amazon Associates Affiliate <= 5.1.0 - Missing Authorization on AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91ba93de-4c5f-4611-8296-adfc85c8dd2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easyazon/" + google-query: inurl:"/wp-content/plugins/easyazon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easyazon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easyazon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easyazon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easyevent-3155b6afdeb6949fabf56095cff40791.yaml b/nuclei-templates/cve-less/plugins/easyevent-3155b6afdeb6949fabf56095cff40791.yaml new file mode 100644 index 0000000000..72f9733cd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easyevent-3155b6afdeb6949fabf56095cff40791.yaml @@ -0,0 +1,58 @@ +id: easyevent-3155b6afdeb6949fabf56095cff40791 + +info: + name: > + EasyEvent <= 1.0.0 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0868b6ba-3b73-4b8a-a8b4-3cea8771ba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easyevent/" + google-query: inurl:"/wp-content/plugins/easyevent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easyevent,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easyevent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easyevent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easyjobs-1a89597b1bd6bb139b0cbb0c2a6cdcf9.yaml b/nuclei-templates/cve-less/plugins/easyjobs-1a89597b1bd6bb139b0cbb0c2a6cdcf9.yaml new file mode 100644 index 0000000000..17fbc499c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easyjobs-1a89597b1bd6bb139b0cbb0c2a6cdcf9.yaml @@ -0,0 +1,58 @@ +id: easyjobs-1a89597b1bd6bb139b0cbb0c2a6cdcf9 + +info: + name: > + easy.jobs <= 2.4.6 - Missing Authorization to Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33cdd58b-9e5e-492e-a211-78de592f0663?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easyjobs/" + google-query: inurl:"/wp-content/plugins/easyjobs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easyjobs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easyjobs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easyjobs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easylogo-27956200aea3cb3bd27e1108bb27c97b.yaml b/nuclei-templates/cve-less/plugins/easylogo-27956200aea3cb3bd27e1108bb27c97b.yaml new file mode 100644 index 0000000000..613dc93c90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easylogo-27956200aea3cb3bd27e1108bb27c97b.yaml @@ -0,0 +1,58 @@ +id: easylogo-27956200aea3cb3bd27e1108bb27c97b + +info: + name: > + Easy Logo <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2181ede3-d8ac-4b62-98e5-7f4448a8cee4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easylogo/" + google-query: inurl:"/wp-content/plugins/easylogo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easylogo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easylogo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easylogo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easync-booking-1ab98d23b8f5715db32cf93509d555f7.yaml b/nuclei-templates/cve-less/plugins/easync-booking-1ab98d23b8f5715db32cf93509d555f7.yaml new file mode 100644 index 0000000000..931a38e4ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easync-booking-1ab98d23b8f5715db32cf93509d555f7.yaml @@ -0,0 +1,58 @@ +id: easync-booking-1ab98d23b8f5715db32cf93509d555f7 + +info: + name: > + Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC <= 1.1.15 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0295711d-5da6-4e28-9151-b0ce762c7eb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easync-booking/" + google-query: inurl:"/wp-content/plugins/easync-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easync-booking,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easync-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easync-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easync-booking-ad05fb4f71116fd5943d1a28593a9d80.yaml b/nuclei-templates/cve-less/plugins/easync-booking-ad05fb4f71116fd5943d1a28593a9d80.yaml new file mode 100644 index 0000000000..70ce027b49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easync-booking-ad05fb4f71116fd5943d1a28593a9d80.yaml @@ -0,0 +1,58 @@ +id: easync-booking-ad05fb4f71116fd5943d1a28593a9d80 + +info: + name: > + eaSYNC <= 1.3.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2148809e-b7fe-4104-b70f-d4137c85e92f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easync-booking/" + google-query: inurl:"/wp-content/plugins/easync-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easync-booking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easync-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easync-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easyrecipe-a78a16c3432adee203e9f1b257d4b189.yaml b/nuclei-templates/cve-less/plugins/easyrecipe-a78a16c3432adee203e9f1b257d4b189.yaml new file mode 100644 index 0000000000..9ec8a79192 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easyrecipe-a78a16c3432adee203e9f1b257d4b189.yaml @@ -0,0 +1,58 @@ +id: easyrecipe-a78a16c3432adee203e9f1b257d4b189 + +info: + name: > + EasyRecipe <= 3.5.3251 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35906df7-5eaf-494a-8184-48e2ca22301e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easyrecipe/" + google-query: inurl:"/wp-content/plugins/easyrecipe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easyrecipe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easyrecipe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easyrecipe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.3251') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easyrotator-for-wordpress-078c8808dfcbfebd119f13a67915c352.yaml b/nuclei-templates/cve-less/plugins/easyrotator-for-wordpress-078c8808dfcbfebd119f13a67915c352.yaml new file mode 100644 index 0000000000..9600722956 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easyrotator-for-wordpress-078c8808dfcbfebd119f13a67915c352.yaml @@ -0,0 +1,58 @@ +id: easyrotator-for-wordpress-078c8808dfcbfebd119f13a67915c352 + +info: + name: > + EasyRotator for WordPress <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3041e28e-d965-4672-ab10-8b1f3d874f19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easyrotator-for-wordpress/" + google-query: inurl:"/wp-content/plugins/easyrotator-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easyrotator-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easyrotator-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easyrotator-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/easyship-woocommerce-shipping-rates-a80bdd8568c61aa45e987adfac4d1b71.yaml b/nuclei-templates/cve-less/plugins/easyship-woocommerce-shipping-rates-a80bdd8568c61aa45e987adfac4d1b71.yaml new file mode 100644 index 0000000000..0ead0cee38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/easyship-woocommerce-shipping-rates-a80bdd8568c61aa45e987adfac4d1b71.yaml @@ -0,0 +1,58 @@ +id: easyship-woocommerce-shipping-rates-a80bdd8568c61aa45e987adfac4d1b71 + +info: + name: > + Easyship WooCommerce Shipping Rates <= 0.8.9 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/788fdee8-2eae-437e-8a8d-1d01776cbe6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/easyship-woocommerce-shipping-rates/" + google-query: inurl:"/wp-content/plugins/easyship-woocommerce-shipping-rates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,easyship-woocommerce-shipping-rates,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/easyship-woocommerce-shipping-rates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easyship-woocommerce-shipping-rates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eazydocs-15118c222c3d3efe10e0b60b12d7cf6e.yaml b/nuclei-templates/cve-less/plugins/eazydocs-15118c222c3d3efe10e0b60b12d7cf6e.yaml new file mode 100644 index 0000000000..5dd86ba4db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eazydocs-15118c222c3d3efe10e0b60b12d7cf6e.yaml @@ -0,0 +1,58 @@ +id: eazydocs-15118c222c3d3efe10e0b60b12d7cf6e + +info: + name: > + EazyDocs 2.3.8 - 2.3.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1a2a09d-b50e-499d-8cfd-6e2884e66127?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eazydocs/" + google-query: inurl:"/wp-content/plugins/eazydocs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eazydocs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eazydocs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eazydocs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.3.8', '<= 2.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eazydocs-19e34a16c1a810dff7996ec5d94f691f.yaml b/nuclei-templates/cve-less/plugins/eazydocs-19e34a16c1a810dff7996ec5d94f691f.yaml new file mode 100644 index 0000000000..6054db5754 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eazydocs-19e34a16c1a810dff7996ec5d94f691f.yaml @@ -0,0 +1,58 @@ +id: eazydocs-19e34a16c1a810dff7996ec5d94f691f + +info: + name: > + EazyDocs <= 2.3.5 - Unauthenticated Stored Cross-Site Scripting via edit_doc_one_page + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38145ad1-f441-40a4-9e92-6837cfeba656?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eazydocs/" + google-query: inurl:"/wp-content/plugins/eazydocs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eazydocs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eazydocs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eazydocs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eazydocs-405b16e90fe11a6da428eb58c52f2070.yaml b/nuclei-templates/cve-less/plugins/eazydocs-405b16e90fe11a6da428eb58c52f2070.yaml new file mode 100644 index 0000000000..b8ebe5e064 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eazydocs-405b16e90fe11a6da428eb58c52f2070.yaml @@ -0,0 +1,58 @@ +id: eazydocs-405b16e90fe11a6da428eb58c52f2070 + +info: + name: > + EazyDocs <= 2.3.5 - Missing Authorization via doc_one_page and edit_doc_one_page + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ec64507-b77e-4685-978f-7408fe8db5ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eazydocs/" + google-query: inurl:"/wp-content/plugins/eazydocs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eazydocs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eazydocs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eazydocs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eazydocs-be6b3b7884ff27a71c7f24387abeb572.yaml b/nuclei-templates/cve-less/plugins/eazydocs-be6b3b7884ff27a71c7f24387abeb572.yaml new file mode 100644 index 0000000000..5173ad646e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eazydocs-be6b3b7884ff27a71c7f24387abeb572.yaml @@ -0,0 +1,58 @@ +id: eazydocs-be6b3b7884ff27a71c7f24387abeb572 + +info: + name: > + EazyDocs <= 2.3.3 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/296f8a23-8223-4d9c-a238-d93fcd5abd87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eazydocs/" + google-query: inurl:"/wp-content/plugins/eazydocs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eazydocs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eazydocs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eazydocs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ebay-feeds-for-wordpress-08485cb22c15bc9351789c0be0e79565.yaml b/nuclei-templates/cve-less/plugins/ebay-feeds-for-wordpress-08485cb22c15bc9351789c0be0e79565.yaml new file mode 100644 index 0000000000..6d28b7abad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ebay-feeds-for-wordpress-08485cb22c15bc9351789c0be0e79565.yaml @@ -0,0 +1,58 @@ +id: ebay-feeds-for-wordpress-08485cb22c15bc9351789c0be0e79565 + +info: + name: > + WP eBay Product Feeds <= 3.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4d552a7-499f-4946-b0ec-5f733c01a365?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ebay-feeds-for-wordpress/" + google-query: inurl:"/wp-content/plugins/ebay-feeds-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ebay-feeds-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ebay-feeds-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ebay-feeds-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ebay-feeds-for-wordpress-492078688f68b5c1a6aec5a98ed76f29.yaml b/nuclei-templates/cve-less/plugins/ebay-feeds-for-wordpress-492078688f68b5c1a6aec5a98ed76f29.yaml new file mode 100644 index 0000000000..2092a30355 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ebay-feeds-for-wordpress-492078688f68b5c1a6aec5a98ed76f29.yaml @@ -0,0 +1,58 @@ +id: ebay-feeds-for-wordpress-492078688f68b5c1a6aec5a98ed76f29 + +info: + name: > + WP eBay Product Feeds < 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6a1e7c1-0ff1-4d59-ac60-35790bf0318e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ebay-feeds-for-wordpress/" + google-query: inurl:"/wp-content/plugins/ebay-feeds-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ebay-feeds-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ebay-feeds-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ebay-feeds-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ebecas-994e6758795c8c6e11e9f43c7bd4ac1c.yaml b/nuclei-templates/cve-less/plugins/ebecas-994e6758795c8c6e11e9f43c7bd4ac1c.yaml new file mode 100644 index 0000000000..b7446e79d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ebecas-994e6758795c8c6e11e9f43c7bd4ac1c.yaml @@ -0,0 +1,58 @@ +id: ebecas-994e6758795c8c6e11e9f43c7bd4ac1c + +info: + name: > + eBecas <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33770bfd-c481-4e18-838b-89a5fb5b15f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ebecas/" + google-query: inurl:"/wp-content/plugins/ebecas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ebecas,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ebecas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ebecas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ebook-download-6ad6b5074b24fa1505e13d3a89bb00ed.yaml b/nuclei-templates/cve-less/plugins/ebook-download-6ad6b5074b24fa1505e13d3a89bb00ed.yaml new file mode 100644 index 0000000000..1fe19fee9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ebook-download-6ad6b5074b24fa1505e13d3a89bb00ed.yaml @@ -0,0 +1,58 @@ +id: ebook-download-6ad6b5074b24fa1505e13d3a89bb00ed + +info: + name: > + Zedna eBook download < 1.2 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07aee46a-a32d-4d31-9541-4e183299b09c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ebook-download/" + google-query: inurl:"/wp-content/plugins/ebook-download/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ebook-download,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ebook-download/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ebook-download" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ebook-store-0b18a98b24cbdb105ec0fbddf0f9fc1f.yaml b/nuclei-templates/cve-less/plugins/ebook-store-0b18a98b24cbdb105ec0fbddf0f9fc1f.yaml new file mode 100644 index 0000000000..ab05b034f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ebook-store-0b18a98b24cbdb105ec0fbddf0f9fc1f.yaml @@ -0,0 +1,58 @@ +id: ebook-store-0b18a98b24cbdb105ec0fbddf0f9fc1f + +info: + name: > + Ebook Store < 5.78 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/097f6887-e15f-4e35-ab12-1115630e13cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ebook-store/" + google-query: inurl:"/wp-content/plugins/ebook-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ebook-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ebook-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ebook-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.78') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ebook-store-898935c481a1816ebd33c0960cec20d4.yaml b/nuclei-templates/cve-less/plugins/ebook-store-898935c481a1816ebd33c0960cec20d4.yaml new file mode 100644 index 0000000000..fc8c58e351 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ebook-store-898935c481a1816ebd33c0960cec20d4.yaml @@ -0,0 +1,58 @@ +id: ebook-store-898935c481a1816ebd33c0960cec20d4 + +info: + name: > + Ebook Store <= 5.788 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e36eed5b-f76d-451e-a0f8-fd4b91bcf9f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ebook-store/" + google-query: inurl:"/wp-content/plugins/ebook-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ebook-store,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ebook-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ebook-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.788') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ebook-store-b6e604dc0c4bb898e75726aff1be1de2.yaml b/nuclei-templates/cve-less/plugins/ebook-store-b6e604dc0c4bb898e75726aff1be1de2.yaml new file mode 100644 index 0000000000..ae383ce285 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ebook-store-b6e604dc0c4bb898e75726aff1be1de2.yaml @@ -0,0 +1,58 @@ +id: ebook-store-b6e604dc0c4bb898e75726aff1be1de2 + +info: + name: > + Ebook Store <= 5.8001 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ad4949-b7e8-4c50-af64-c59e053cfd0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ebook-store/" + google-query: inurl:"/wp-content/plugins/ebook-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ebook-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ebook-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ebook-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8001') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ebook-store-e077433f57a559397a844ed63a88920a.yaml b/nuclei-templates/cve-less/plugins/ebook-store-e077433f57a559397a844ed63a88920a.yaml new file mode 100644 index 0000000000..143e57ace1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ebook-store-e077433f57a559397a844ed63a88920a.yaml @@ -0,0 +1,58 @@ +id: ebook-store-e077433f57a559397a844ed63a88920a + +info: + name: > + Ebook Store <= 5.775 - Missing Authorization via ebook_store_export_orders + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4b17cce-bb52-4125-8c85-6da15517275f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ebook-store/" + google-query: inurl:"/wp-content/plugins/ebook-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ebook-store,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ebook-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ebook-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.775') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/echo-knowledge-base-90823deeda228cab8f47ba8bfd583141.yaml b/nuclei-templates/cve-less/plugins/echo-knowledge-base-90823deeda228cab8f47ba8bfd583141.yaml new file mode 100644 index 0000000000..9f28a524c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/echo-knowledge-base-90823deeda228cab8f47ba8bfd583141.yaml @@ -0,0 +1,58 @@ +id: echo-knowledge-base-90823deeda228cab8f47ba8bfd583141 + +info: + name: > + Knowledge Base for Documentation, FAQs with AI Assistance <= 11.30.2 - Unauthenticated PHP Object Injection in is_article_recently_viewed + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41cfe1d7-2fab-413c-80e5-40d77133d229?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/echo-knowledge-base/" + google-query: inurl:"/wp-content/plugins/echo-knowledge-base/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,echo-knowledge-base,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/echo-knowledge-base/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "echo-knowledge-base" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.30.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/echosign-0dc068ee145b8173a92e905141be0d9e.yaml b/nuclei-templates/cve-less/plugins/echosign-0dc068ee145b8173a92e905141be0d9e.yaml new file mode 100644 index 0000000000..3821c21db5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/echosign-0dc068ee145b8173a92e905141be0d9e.yaml @@ -0,0 +1,58 @@ +id: echosign-0dc068ee145b8173a92e905141be0d9e + +info: + name: > + Echo Sign < 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3fc1686-06a0-4d48-bb79-470e63cd3600?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/echosign/" + google-query: inurl:"/wp-content/plugins/echosign/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,echosign,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/echosign/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "echosign" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/echosign-9cf68cc8a68a2c81ff64f2eb044f1190.yaml b/nuclei-templates/cve-less/plugins/echosign-9cf68cc8a68a2c81ff64f2eb044f1190.yaml new file mode 100644 index 0000000000..1b6909ab94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/echosign-9cf68cc8a68a2c81ff64f2eb044f1190.yaml @@ -0,0 +1,58 @@ +id: echosign-9cf68cc8a68a2c81ff64f2eb044f1190 + +info: + name: > + Echo Sign < 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3302110-60ae-4ad1-8a8c-3511027da3a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/echosign/" + google-query: inurl:"/wp-content/plugins/echosign/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,echosign,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/echosign/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "echosign" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-0e1a3b18a1b946d1c273b3cccc408050.yaml b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-0e1a3b18a1b946d1c273b3cccc408050.yaml new file mode 100644 index 0000000000..7e013224b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-0e1a3b18a1b946d1c273b3cccc408050.yaml @@ -0,0 +1,58 @@ +id: ecommerce-product-catalog-0e1a3b18a1b946d1c273b3cccc408050 + +info: + name: > + eCommerce Product Catalog Plugin for WordPress <= 3.3.32 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc15bc48-31f6-4829-8f9b-cd2d1c7c5280?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecommerce-product-catalog/" + google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecommerce-product-catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecommerce-product-catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-292ccea97458e988671a2f5d1ab07fab.yaml b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-292ccea97458e988671a2f5d1ab07fab.yaml new file mode 100644 index 0000000000..a71ffe54ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-292ccea97458e988671a2f5d1ab07fab.yaml @@ -0,0 +1,58 @@ +id: ecommerce-product-catalog-292ccea97458e988671a2f5d1ab07fab + +info: + name: > + eCommerce Product Catalog Plugin for WordPress <= 2.9.43 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2eb963dd-41c3-43cd-afb7-1be054829ea3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecommerce-product-catalog/" + google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecommerce-product-catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecommerce-product-catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-3319cf0ede499d0a15c5de919fc4d867.yaml b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-3319cf0ede499d0a15c5de919fc4d867.yaml new file mode 100644 index 0000000000..e36381b363 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-3319cf0ede499d0a15c5de919fc4d867.yaml @@ -0,0 +1,58 @@ +id: ecommerce-product-catalog-3319cf0ede499d0a15c5de919fc4d867 + +info: + name: > + eCommerce Product Catalog Plugin for WordPress <= 3.0.17 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12ecf3d5-1457-405a-8856-517c7d2f2db1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecommerce-product-catalog/" + google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecommerce-product-catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecommerce-product-catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-90a088835020a5c787dfade0eee8a2e0.yaml b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-90a088835020a5c787dfade0eee8a2e0.yaml new file mode 100644 index 0000000000..90b6201564 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-90a088835020a5c787dfade0eee8a2e0.yaml @@ -0,0 +1,58 @@ +id: ecommerce-product-catalog-90a088835020a5c787dfade0eee8a2e0 + +info: + name: > + eCommerce Product Catalog plugin for WordPress <= 3.3.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26b7438e-438b-41eb-9458-2fba8ab1964d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecommerce-product-catalog/" + google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecommerce-product-catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecommerce-product-catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-9daff448e161c27a1010bad80a987a15.yaml b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-9daff448e161c27a1010bad80a987a15.yaml new file mode 100644 index 0000000000..6a397671cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-9daff448e161c27a1010bad80a987a15.yaml @@ -0,0 +1,58 @@ +id: ecommerce-product-catalog-9daff448e161c27a1010bad80a987a15 + +info: + name: > + eCommerce Product Catalog for WordPress <= 3.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39695b53-9af7-42f0-8bde-3969398a7186?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecommerce-product-catalog/" + google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecommerce-product-catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecommerce-product-catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-9f4117fe62888ab2f2b714ed12570706.yaml b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-9f4117fe62888ab2f2b714ed12570706.yaml new file mode 100644 index 0000000000..044ed70467 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-9f4117fe62888ab2f2b714ed12570706.yaml @@ -0,0 +1,58 @@ +id: ecommerce-product-catalog-9f4117fe62888ab2f2b714ed12570706 + +info: + name: > + eCommerce Product Catalog <= 3.0.38 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5eba6825-9a3a-4af5-8d8a-9439ab374cc7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecommerce-product-catalog/" + google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecommerce-product-catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecommerce-product-catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-9f6d47d07822136b59fe192df481593b.yaml b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-9f6d47d07822136b59fe192df481593b.yaml new file mode 100644 index 0000000000..bc31fe591b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-9f6d47d07822136b59fe192df481593b.yaml @@ -0,0 +1,58 @@ +id: ecommerce-product-catalog-9f6d47d07822136b59fe192df481593b + +info: + name: > + eCommerce Product Catalog <= 3.3.28 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5c0ff52-57c2-447f-bb22-2079607c3217?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecommerce-product-catalog/" + google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecommerce-product-catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecommerce-product-catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-cbd1d41b26b0296545c9edd7581d3ebc.yaml b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-cbd1d41b26b0296545c9edd7581d3ebc.yaml new file mode 100644 index 0000000000..25f2d80acf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-cbd1d41b26b0296545c9edd7581d3ebc.yaml @@ -0,0 +1,58 @@ +id: ecommerce-product-catalog-cbd1d41b26b0296545c9edd7581d3ebc + +info: + name: > + eCommerce Product Catalog <= 3.3.26 - Sensitive Information Exposure via CSV Files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b48b9170-4dd9-4004-a081-488cafbc7597?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecommerce-product-catalog/" + google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecommerce-product-catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecommerce-product-catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-f239cdbdbea64adf739686a8765fc6ab.yaml b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-f239cdbdbea64adf739686a8765fc6ab.yaml new file mode 100644 index 0000000000..e7a63ccfc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-f239cdbdbea64adf739686a8765fc6ab.yaml @@ -0,0 +1,58 @@ +id: ecommerce-product-catalog-f239cdbdbea64adf739686a8765fc6ab + +info: + name: > + Vulnerability: eCommerce Product Catalog plugin for WordPress <= 3.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46db2d07-66a6-4d9e-b0fd-ddf6119ba5be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecommerce-product-catalog/" + google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecommerce-product-catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecommerce-product-catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-fae58dcbc303cd1d67051f496ccc1326.yaml b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-fae58dcbc303cd1d67051f496ccc1326.yaml new file mode 100644 index 0000000000..9953d7edb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecommerce-product-catalog-fae58dcbc303cd1d67051f496ccc1326.yaml @@ -0,0 +1,58 @@ +id: ecommerce-product-catalog-fae58dcbc303cd1d67051f496ccc1326 + +info: + name: > + eCommerce Product Catalog for WordPress <= 3.3.25 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba70f811-543f-4da4-ba45-715dbd6be6be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecommerce-product-catalog/" + google-query: inurl:"/wp-content/plugins/ecommerce-product-catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecommerce-product-catalog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecommerce-product-catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecommerce-product-catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-46eb2de249c5ae6cf9fd3c49e21bb4bd.yaml b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-46eb2de249c5ae6cf9fd3c49e21bb4bd.yaml new file mode 100644 index 0000000000..6d746c46fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-46eb2de249c5ae6cf9fd3c49e21bb4bd.yaml @@ -0,0 +1,58 @@ +id: ecwid-shopping-cart-46eb2de249c5ae6cf9fd3c49e21bb4bd + +info: + name: > + Ecwid Ecommerce Shopping Cart <= 6.11.3 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f02cc66-7782-45fe-ae5e-340ff7ae1fe9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecwid-shopping-cart/" + google-query: inurl:"/wp-content/plugins/ecwid-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecwid-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecwid-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-b6af58199f4bb361c122e5469834d6a6.yaml b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-b6af58199f4bb361c122e5469834d6a6.yaml new file mode 100644 index 0000000000..a0c313af96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-b6af58199f4bb361c122e5469834d6a6.yaml @@ -0,0 +1,58 @@ +id: ecwid-shopping-cart-b6af58199f4bb361c122e5469834d6a6 + +info: + name: > + Ecwid Shopping Cart <= 6.11.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8c530e2-ce42-40f3-82ab-1df9089a5407?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecwid-shopping-cart/" + google-query: inurl:"/wp-content/plugins/ecwid-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecwid-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecwid-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.11.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-cbb1fea9bfad5a9264ec67a1ffb3cfd0.yaml b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-cbb1fea9bfad5a9264ec67a1ffb3cfd0.yaml new file mode 100644 index 0000000000..8af4d52756 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-cbb1fea9bfad5a9264ec67a1ffb3cfd0.yaml @@ -0,0 +1,58 @@ +id: ecwid-shopping-cart-cbb1fea9bfad5a9264ec67a1ffb3cfd0 + +info: + name: > + Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/757938f4-c6ef-4152-a0d6-f14d2a043c85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecwid-shopping-cart/" + google-query: inurl:"/wp-content/plugins/ecwid-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecwid-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecwid-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.10.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-e67a592d479a1912f830dde99db21328.yaml b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-e67a592d479a1912f830dde99db21328.yaml new file mode 100644 index 0000000000..d6d328eca5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-e67a592d479a1912f830dde99db21328.yaml @@ -0,0 +1,58 @@ +id: ecwid-shopping-cart-e67a592d479a1912f830dde99db21328 + +info: + name: > + Ecwid Ecommerce Shopping Cart <= 6.12.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db5d6cc9-24d7-42bf-905e-4c3764c659ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecwid-shopping-cart/" + google-query: inurl:"/wp-content/plugins/ecwid-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecwid-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecwid-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.12.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-e96409adbbb169ea331189d4d409f4de.yaml b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-e96409adbbb169ea331189d4d409f4de.yaml new file mode 100644 index 0000000000..9f98f74b01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ecwid-shopping-cart-e96409adbbb169ea331189d4d409f4de.yaml @@ -0,0 +1,58 @@ +id: ecwid-shopping-cart-e96409adbbb169ea331189d4d409f4de + +info: + name: > + Ecwid Ecommerce Shopping Cart <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e10127aa-a5a5-4394-8b54-b57ba1369d77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ecwid-shopping-cart/" + google-query: inurl:"/wp-content/plugins/ecwid-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ecwid-shopping-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ecwid-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ecwid-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.12.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-amazon-s3-188892e32d2c439c02d6eec7a4adfdb5.yaml b/nuclei-templates/cve-less/plugins/edd-amazon-s3-188892e32d2c439c02d6eec7a4adfdb5.yaml new file mode 100644 index 0000000000..960bccb1ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-amazon-s3-188892e32d2c439c02d6eec7a4adfdb5.yaml @@ -0,0 +1,58 @@ +id: edd-amazon-s3-188892e32d2c439c02d6eec7a4adfdb5 + +info: + name: > + Easy Digital Downloads – Amazon S3 <= 2.1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfca0fe-5b15-4276-896a-9ad12b9a9478?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-amazon-s3/" + google-query: inurl:"/wp-content/plugins/edd-amazon-s3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-amazon-s3,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-amazon-s3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-amazon-s3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-attach-accounts-to-orders-aff649abeaf4857a79fa8884fa07fcd1.yaml b/nuclei-templates/cve-less/plugins/edd-attach-accounts-to-orders-aff649abeaf4857a79fa8884fa07fcd1.yaml new file mode 100644 index 0000000000..53894ec9de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-attach-accounts-to-orders-aff649abeaf4857a79fa8884fa07fcd1.yaml @@ -0,0 +1,58 @@ +id: edd-attach-accounts-to-orders-aff649abeaf4857a79fa8884fa07fcd1 + +info: + name: > + Easy Digital Downloads – Attach Accounts to Orders <= 2.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/980d1726-375f-41b2-a67c-1b934e20312c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-attach-accounts-to-orders/" + google-query: inurl:"/wp-content/plugins/edd-attach-accounts-to-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-attach-accounts-to-orders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-attach-accounts-to-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-attach-accounts-to-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-commissions-dccce9109c5a84af7a34cbb0742260bc.yaml b/nuclei-templates/cve-less/plugins/edd-commissions-dccce9109c5a84af7a34cbb0742260bc.yaml new file mode 100644 index 0000000000..4f6aedec45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-commissions-dccce9109c5a84af7a34cbb0742260bc.yaml @@ -0,0 +1,58 @@ +id: edd-commissions-dccce9109c5a84af7a34cbb0742260bc + +info: + name: > + Easy Digital Downloads – Commissions <= 3.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf356066-fb25-4f6a-8600-91c7f1d098bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-commissions/" + google-query: inurl:"/wp-content/plugins/edd-commissions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-commissions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-commissions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-commissions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-conditional-success-redirects-3b1d00a18f864c139ec613a9e0ffecf2.yaml b/nuclei-templates/cve-less/plugins/edd-conditional-success-redirects-3b1d00a18f864c139ec613a9e0ffecf2.yaml new file mode 100644 index 0000000000..c072a79fc3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-conditional-success-redirects-3b1d00a18f864c139ec613a9e0ffecf2.yaml @@ -0,0 +1,58 @@ +id: edd-conditional-success-redirects-3b1d00a18f864c139ec613a9e0ffecf2 + +info: + name: > + Easy Digital Downloads – Conditional Success Redirects < 1.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ce8258f-64f7-4d5e-870a-973500eed0eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-conditional-success-redirects/" + google-query: inurl:"/wp-content/plugins/edd-conditional-success-redirects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-conditional-success-redirects,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-conditional-success-redirects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-conditional-success-redirects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-content-restriction-d192f8275b2c7772bc52294d4963918a.yaml b/nuclei-templates/cve-less/plugins/edd-content-restriction-d192f8275b2c7772bc52294d4963918a.yaml new file mode 100644 index 0000000000..ff62ac3e30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-content-restriction-d192f8275b2c7772bc52294d4963918a.yaml @@ -0,0 +1,58 @@ +id: edd-content-restriction-d192f8275b2c7772bc52294d4963918a + +info: + name: > + Easy Digital Downloads – Content Restriction <= 2.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0485897-4d1d-442d-9c81-4b4bb40e3983?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-content-restriction/" + google-query: inurl:"/wp-content/plugins/edd-content-restriction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-content-restriction,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-content-restriction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-content-restriction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-cross-sell-and-upsell-e8637d731d41eb4cc5029aaa77c50673.yaml b/nuclei-templates/cve-less/plugins/edd-cross-sell-and-upsell-e8637d731d41eb4cc5029aaa77c50673.yaml new file mode 100644 index 0000000000..3d33bf05d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-cross-sell-and-upsell-e8637d731d41eb4cc5029aaa77c50673.yaml @@ -0,0 +1,58 @@ +id: edd-cross-sell-and-upsell-e8637d731d41eb4cc5029aaa77c50673 + +info: + name: > + Easy Digital Downloads - Cross-Sell and Upsell <= 1.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0f2fe23-c77c-4e24-a1e4-0aa3697370e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-cross-sell-and-upsell/" + google-query: inurl:"/wp-content/plugins/edd-cross-sell-and-upsell/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-cross-sell-and-upsell,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-cross-sell-and-upsell/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-cross-sell-and-upsell" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-favorites-4f94094a1cb01e1f7943775986788b65.yaml b/nuclei-templates/cve-less/plugins/edd-favorites-4f94094a1cb01e1f7943775986788b65.yaml new file mode 100644 index 0000000000..2d82dfe977 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-favorites-4f94094a1cb01e1f7943775986788b65.yaml @@ -0,0 +1,58 @@ +id: edd-favorites-4f94094a1cb01e1f7943775986788b65 + +info: + name: > + Easy Digital Downloads – Favorites <= 1.0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33836cee-c3f6-4c49-9acb-7c8f00839fdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-favorites/" + google-query: inurl:"/wp-content/plugins/edd-favorites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-favorites,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-favorites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-favorites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-free-downloads-96ff2499f32e58024088e6b7c6dc3990.yaml b/nuclei-templates/cve-less/plugins/edd-free-downloads-96ff2499f32e58024088e6b7c6dc3990.yaml new file mode 100644 index 0000000000..bb2153a688 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-free-downloads-96ff2499f32e58024088e6b7c6dc3990.yaml @@ -0,0 +1,58 @@ +id: edd-free-downloads-96ff2499f32e58024088e6b7c6dc3990 + +info: + name: > + Easy Digital Downloads – Free Downloads <= 1.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f203fb35-e217-4912-aa80-0bb6b3de1830?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-free-downloads/" + google-query: inurl:"/wp-content/plugins/edd-free-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-free-downloads,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-free-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-free-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-invoices-61717663c17e62c7f08a76483f0eeff3.yaml b/nuclei-templates/cve-less/plugins/edd-invoices-61717663c17e62c7f08a76483f0eeff3.yaml new file mode 100644 index 0000000000..7ce0046497 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-invoices-61717663c17e62c7f08a76483f0eeff3.yaml @@ -0,0 +1,58 @@ +id: edd-invoices-61717663c17e62c7f08a76483f0eeff3 + +info: + name: > + Easy Digital Downloads – Invoices <= 1.0.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca8c676a-144c-4809-b8f6-50cb9e1390b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-invoices/" + google-query: inurl:"/wp-content/plugins/edd-invoices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-invoices,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-invoices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-invoices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-invoices-d21243f7c0461744fbee4b3ace491e32.yaml b/nuclei-templates/cve-less/plugins/edd-invoices-d21243f7c0461744fbee4b3ace491e32.yaml new file mode 100644 index 0000000000..82ea8f878c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-invoices-d21243f7c0461744fbee4b3ace491e32.yaml @@ -0,0 +1,58 @@ +id: edd-invoices-d21243f7c0461744fbee4b3ace491e32 + +info: + name: > + Easy Digital Downloads – PDF Invoices < 1.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e83475e-03fc-47b8-b23c-a7b16641351b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-invoices/" + google-query: inurl:"/wp-content/plugins/edd-invoices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-invoices,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-invoices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-invoices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-manual-purchases-ece0f7db12607af6e93bd47b255fcaad.yaml b/nuclei-templates/cve-less/plugins/edd-manual-purchases-ece0f7db12607af6e93bd47b255fcaad.yaml new file mode 100644 index 0000000000..378d216cb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-manual-purchases-ece0f7db12607af6e93bd47b255fcaad.yaml @@ -0,0 +1,58 @@ +id: edd-manual-purchases-ece0f7db12607af6e93bd47b255fcaad + +info: + name: > + Easy Digital Downloads – Manual Purchases < 1.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdaea9be-64ef-4567-ae17-08ae44293b5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-manual-purchases/" + google-query: inurl:"/wp-content/plugins/edd-manual-purchases/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-manual-purchases,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-manual-purchases/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-manual-purchases" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-pdf-stamper-7028a373145887022c971f45128fcdba.yaml b/nuclei-templates/cve-less/plugins/edd-pdf-stamper-7028a373145887022c971f45128fcdba.yaml new file mode 100644 index 0000000000..267ae0ae89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-pdf-stamper-7028a373145887022c971f45128fcdba.yaml @@ -0,0 +1,58 @@ +id: edd-pdf-stamper-7028a373145887022c971f45128fcdba + +info: + name: > + Easy Digital Downloads – PDF Stamper <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/438f98f7-b966-4e07-a62e-a918cce3f6c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-pdf-stamper/" + google-query: inurl:"/wp-content/plugins/edd-pdf-stamper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-pdf-stamper,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-pdf-stamper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-pdf-stamper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-per-product-emails-d51efaf8de0ecaf24f9a181bc5d20bee.yaml b/nuclei-templates/cve-less/plugins/edd-per-product-emails-d51efaf8de0ecaf24f9a181bc5d20bee.yaml new file mode 100644 index 0000000000..3b3b8c24a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-per-product-emails-d51efaf8de0ecaf24f9a181bc5d20bee.yaml @@ -0,0 +1,58 @@ +id: edd-per-product-emails-d51efaf8de0ecaf24f9a181bc5d20bee + +info: + name: > + Easy Digital Downloads – Per Product Emails < 1.0.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29125de3-eeed-4537-8915-e8100d2e65ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-per-product-emails/" + google-query: inurl:"/wp-content/plugins/edd-per-product-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-per-product-emails,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-per-product-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-per-product-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-product-reviews-2a6ac5f100690b8d0b4a16d1c12f679f.yaml b/nuclei-templates/cve-less/plugins/edd-product-reviews-2a6ac5f100690b8d0b4a16d1c12f679f.yaml new file mode 100644 index 0000000000..0e80baa477 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-product-reviews-2a6ac5f100690b8d0b4a16d1c12f679f.yaml @@ -0,0 +1,58 @@ +id: edd-product-reviews-2a6ac5f100690b8d0b4a16d1c12f679f + +info: + name: > + Easy Digital Downloads – Product Reviews <= 1.3.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d88a7c35-fe98-48eb-960b-0e4f8fcab4cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-product-reviews/" + google-query: inurl:"/wp-content/plugins/edd-product-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-product-reviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-product-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-product-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-pushover-notifications-0a523ea5e4a860d6c23793246d1e5019.yaml b/nuclei-templates/cve-less/plugins/edd-pushover-notifications-0a523ea5e4a860d6c23793246d1e5019.yaml new file mode 100644 index 0000000000..a0aef19fc9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-pushover-notifications-0a523ea5e4a860d6c23793246d1e5019.yaml @@ -0,0 +1,58 @@ +id: edd-pushover-notifications-0a523ea5e4a860d6c23793246d1e5019 + +info: + name: > + Easy Digital Downloads – Pushover notifications <= 1.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b17c5b5e-26d9-485d-881e-bd4414f29f1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-pushover-notifications/" + google-query: inurl:"/wp-content/plugins/edd-pushover-notifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-pushover-notifications,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-pushover-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-pushover-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-qr-codes-4bf1b8de6af96f98a7a1f3714d0ed32c.yaml b/nuclei-templates/cve-less/plugins/edd-qr-codes-4bf1b8de6af96f98a7a1f3714d0ed32c.yaml new file mode 100644 index 0000000000..1a8ba7fc95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-qr-codes-4bf1b8de6af96f98a7a1f3714d0ed32c.yaml @@ -0,0 +1,58 @@ +id: edd-qr-codes-4bf1b8de6af96f98a7a1f3714d0ed32c + +info: + name: > + Easy Digital Downloads – QR Codes <= 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef08c1ad-fc85-4154-8634-21c506436317?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-qr-codes/" + google-query: inurl:"/wp-content/plugins/edd-qr-codes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-qr-codes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-qr-codes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-qr-codes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-recount-earnings-5c7b076501be3d3c98666ffe30ae6a26.yaml b/nuclei-templates/cve-less/plugins/edd-recount-earnings-5c7b076501be3d3c98666ffe30ae6a26.yaml new file mode 100644 index 0000000000..36e5574460 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-recount-earnings-5c7b076501be3d3c98666ffe30ae6a26.yaml @@ -0,0 +1,58 @@ +id: edd-recount-earnings-5c7b076501be3d3c98666ffe30ae6a26 + +info: + name: > + Easy Digital Downloads – Recount Earnings <= 1.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34a46c3a-22f9-4f61-844b-dd03c5208be7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-recount-earnings/" + google-query: inurl:"/wp-content/plugins/edd-recount-earnings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-recount-earnings,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-recount-earnings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-recount-earnings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-recurring-payments-099ead226109d18c4bc71e3d4e743b55.yaml b/nuclei-templates/cve-less/plugins/edd-recurring-payments-099ead226109d18c4bc71e3d4e743b55.yaml new file mode 100644 index 0000000000..e5676ae527 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-recurring-payments-099ead226109d18c4bc71e3d4e743b55.yaml @@ -0,0 +1,58 @@ +id: edd-recurring-payments-099ead226109d18c4bc71e3d4e743b55 + +info: + name: > + Easy Digital Downloads – Recurring Payments <= 2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f958ed28-0520-47c7-9b60-94e7c6504d20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-recurring-payments/" + google-query: inurl:"/wp-content/plugins/edd-recurring-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-recurring-payments,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-recurring-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-recurring-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-software-licensing-52e4049030db45f1344545c480f7a4ef.yaml b/nuclei-templates/cve-less/plugins/edd-software-licensing-52e4049030db45f1344545c480f7a4ef.yaml new file mode 100644 index 0000000000..9776035472 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-software-licensing-52e4049030db45f1344545c480f7a4ef.yaml @@ -0,0 +1,58 @@ +id: edd-software-licensing-52e4049030db45f1344545c480f7a4ef + +info: + name: > + Easy Digital Downloads – Software Licensing < 3.2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a9f17e3-f1cf-44c5-a4eb-38b43b00f912?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-software-licensing/" + google-query: inurl:"/wp-content/plugins/edd-software-licensing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-software-licensing,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-software-licensing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-software-licensing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-upload-file-268f9394678ef20df569fe0eb2e92a44.yaml b/nuclei-templates/cve-less/plugins/edd-upload-file-268f9394678ef20df569fe0eb2e92a44.yaml new file mode 100644 index 0000000000..4e76d99803 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-upload-file-268f9394678ef20df569fe0eb2e92a44.yaml @@ -0,0 +1,58 @@ +id: edd-upload-file-268f9394678ef20df569fe0eb2e92a44 + +info: + name: > + Easy Digital Downloads – Upload File <= 1.0.4 - Arbitrary File Upload/Deletion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/186517cd-e444-457a-9e10-583f41595511?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-upload-file/" + google-query: inurl:"/wp-content/plugins/edd-upload-file/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-upload-file,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-upload-file/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-upload-file" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edd-wish-lists-0633b5d5c2288fd164f50f774a52dac5.yaml b/nuclei-templates/cve-less/plugins/edd-wish-lists-0633b5d5c2288fd164f50f774a52dac5.yaml new file mode 100644 index 0000000000..fab5e2df66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edd-wish-lists-0633b5d5c2288fd164f50f774a52dac5.yaml @@ -0,0 +1,58 @@ +id: edd-wish-lists-0633b5d5c2288fd164f50f774a52dac5 + +info: + name: > + Easy Digital Downloads – Wish Lists < 1.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0d96341-049c-4554-946b-12e2bf3e972e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edd-wish-lists/" + google-query: inurl:"/wp-content/plugins/edd-wish-lists/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edd-wish-lists,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edd-wish-lists/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edd-wish-lists" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edit-comments-7b827ab34d96ee14e9116ea8db988679.yaml b/nuclei-templates/cve-less/plugins/edit-comments-7b827ab34d96ee14e9116ea8db988679.yaml new file mode 100644 index 0000000000..9fe70f5908 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edit-comments-7b827ab34d96ee14e9116ea8db988679.yaml @@ -0,0 +1,58 @@ +id: edit-comments-7b827ab34d96ee14e9116ea8db988679 + +info: + name: > + Edit Comments <= 0.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7c94c68-bf3c-49b0-b7eb-39374c6002aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edit-comments/" + google-query: inurl:"/wp-content/plugins/edit-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edit-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edit-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edit-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edit-comments-xt-c955d255994c77fa2afb0b159f25b5a9.yaml b/nuclei-templates/cve-less/plugins/edit-comments-xt-c955d255994c77fa2afb0b159f25b5a9.yaml new file mode 100644 index 0000000000..aa643ab109 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edit-comments-xt-c955d255994c77fa2afb0b159f25b5a9.yaml @@ -0,0 +1,58 @@ +id: edit-comments-xt-c955d255994c77fa2afb0b159f25b5a9 + +info: + name: > + Edit Comments XT <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00622a39-7230-4263-8e25-b0917df80191?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edit-comments-xt/" + google-query: inurl:"/wp-content/plugins/edit-comments-xt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edit-comments-xt,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edit-comments-xt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edit-comments-xt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/editable-table-3f51c790e689dcb447adc1ee79fee545.yaml b/nuclei-templates/cve-less/plugins/editable-table-3f51c790e689dcb447adc1ee79fee545.yaml new file mode 100644 index 0000000000..fd05cc8658 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/editable-table-3f51c790e689dcb447adc1ee79fee545.yaml @@ -0,0 +1,58 @@ +id: editable-table-3f51c790e689dcb447adc1ee79fee545 + +info: + name: > + Editable Table Simple Fast FrontEnd From Sql tables <= 0.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70aaef82-c93b-4f2b-8d57-6c28d45942ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/editable-table/" + google-query: inurl:"/wp-content/plugins/editable-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,editable-table,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/editable-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "editable-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/editorial-calendar-a85ca9a2b7f246b28c6ccf181717216e.yaml b/nuclei-templates/cve-less/plugins/editorial-calendar-a85ca9a2b7f246b28c6ccf181717216e.yaml new file mode 100644 index 0000000000..08eb21e89b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/editorial-calendar-a85ca9a2b7f246b28c6ccf181717216e.yaml @@ -0,0 +1,58 @@ +id: editorial-calendar-a85ca9a2b7f246b28c6ccf181717216e + +info: + name: > + Editorial Calendar <= 3.7.12 - Authenticated (Contributor+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f01ad95-7a51-408c-917f-4350dbeabb2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/editorial-calendar/" + google-query: inurl:"/wp-content/plugins/editorial-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,editorial-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/editorial-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "editorial-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/editorial-calendar-b0561191aff3bb3e5af8336a71c1ffcc.yaml b/nuclei-templates/cve-less/plugins/editorial-calendar-b0561191aff3bb3e5af8336a71c1ffcc.yaml new file mode 100644 index 0000000000..4a3e2137d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/editorial-calendar-b0561191aff3bb3e5af8336a71c1ffcc.yaml @@ -0,0 +1,58 @@ +id: editorial-calendar-b0561191aff3bb3e5af8336a71c1ffcc + +info: + name: > + Editorial Calendar <= 3.8.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via edcal_saveoptions AJAX action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3dac7b6-512d-4fd6-8294-f0b1c0a2efd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/editorial-calendar/" + google-query: inurl:"/wp-content/plugins/editorial-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,editorial-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/editorial-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "editorial-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/editorial-calendar-c978227ed54be6d80dbe1ecf4f522c4f.yaml b/nuclei-templates/cve-less/plugins/editorial-calendar-c978227ed54be6d80dbe1ecf4f522c4f.yaml new file mode 100644 index 0000000000..354339fc64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/editorial-calendar-c978227ed54be6d80dbe1ecf4f522c4f.yaml @@ -0,0 +1,58 @@ +id: editorial-calendar-c978227ed54be6d80dbe1ecf4f522c4f + +info: + name: > + Editorial Calendar <= 2.6 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58f9ba6c-1754-4da2-8bfd-b473c7928805?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/editorial-calendar/" + google-query: inurl:"/wp-content/plugins/editorial-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,editorial-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/editorial-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "editorial-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edoc-employee-application-4f76a0450248571403ef40c78dab60dd.yaml b/nuclei-templates/cve-less/plugins/edoc-employee-application-4f76a0450248571403ef40c78dab60dd.yaml new file mode 100644 index 0000000000..c59d294eb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edoc-employee-application-4f76a0450248571403ef40c78dab60dd.yaml @@ -0,0 +1,58 @@ +id: edoc-employee-application-4f76a0450248571403ef40c78dab60dd + +info: + name: > + eDoc Employee Job Application <= 1.13 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbfbd7c2-7a46-4292-9173-f90298a7fcc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edoc-employee-application/" + google-query: inurl:"/wp-content/plugins/edoc-employee-application/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edoc-employee-application,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edoc-employee-application/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edoc-employee-application" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/educare-cf9e561567f8ec0f7f05155ec9df9eb6.yaml b/nuclei-templates/cve-less/plugins/educare-cf9e561567f8ec0f7f05155ec9df9eb6.yaml new file mode 100644 index 0000000000..f43e61cd58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/educare-cf9e561567f8ec0f7f05155ec9df9eb6.yaml @@ -0,0 +1,58 @@ +id: educare-cf9e561567f8ec0f7f05155ec9df9eb6 + +info: + name: > + Educare – Students & Result Management System <= 1.4.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5292fcb2-4084-42e6-b78b-62e36123829a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/educare/" + google-query: inurl:"/wp-content/plugins/educare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,educare,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/educare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "educare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edwiser-bridge-44337a15956fb6efe76c43a84f40d4df.yaml b/nuclei-templates/cve-less/plugins/edwiser-bridge-44337a15956fb6efe76c43a84f40d4df.yaml new file mode 100644 index 0000000000..3c4c87e1a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edwiser-bridge-44337a15956fb6efe76c43a84f40d4df.yaml @@ -0,0 +1,58 @@ +id: edwiser-bridge-44337a15956fb6efe76c43a84f40d4df + +info: + name: > + Edwiser Bridge <= 3.0.2 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4fc23cb-e443-4c8e-b1a0-b8eefbb25dae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edwiser-bridge/" + google-query: inurl:"/wp-content/plugins/edwiser-bridge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edwiser-bridge,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edwiser-bridge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edwiser-bridge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edwiser-bridge-a97648905a16e731980d6d512636856b.yaml b/nuclei-templates/cve-less/plugins/edwiser-bridge-a97648905a16e731980d6d512636856b.yaml new file mode 100644 index 0000000000..03ea9e35a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edwiser-bridge-a97648905a16e731980d6d512636856b.yaml @@ -0,0 +1,58 @@ +id: edwiser-bridge-a97648905a16e731980d6d512636856b + +info: + name: > + Edwiser Bridge <= 3.0.5 - Authentication Bypass due to Missing Empty Value Check + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6969d281-f280-4714-9859-38ac66e9cc60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edwiser-bridge/" + google-query: inurl:"/wp-content/plugins/edwiser-bridge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edwiser-bridge,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edwiser-bridge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edwiser-bridge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/edwiser-bridge-e57ee015b5a3bc1cbb61b42c2d7af862.yaml b/nuclei-templates/cve-less/plugins/edwiser-bridge-e57ee015b5a3bc1cbb61b42c2d7af862.yaml new file mode 100644 index 0000000000..da85e727b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/edwiser-bridge-e57ee015b5a3bc1cbb61b42c2d7af862.yaml @@ -0,0 +1,58 @@ +id: edwiser-bridge-e57ee015b5a3bc1cbb61b42c2d7af862 + +info: + name: > + Edwiser Bridge <= 2.0.6 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6450dafd-5992-4831-87af-e5e47cc8663e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/edwiser-bridge/" + google-query: inurl:"/wp-content/plugins/edwiser-bridge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,edwiser-bridge,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/edwiser-bridge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edwiser-bridge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eelv-newsletter-777e4f42d98591ca2b51ba0e588ed585.yaml b/nuclei-templates/cve-less/plugins/eelv-newsletter-777e4f42d98591ca2b51ba0e588ed585.yaml new file mode 100644 index 0000000000..8b9f2fa790 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eelv-newsletter-777e4f42d98591ca2b51ba0e588ed585.yaml @@ -0,0 +1,58 @@ +id: eelv-newsletter-777e4f42d98591ca2b51ba0e588ed585 + +info: + name: > + EELV Newsletter <= 3.3.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4013a22a-701b-43ef-90fb-f8eddf65acf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eelv-newsletter/" + google-query: inurl:"/wp-content/plugins/eelv-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eelv-newsletter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eelv-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eelv-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eelv-newsletter-77b95b2fd3fc9982f02a243980235615.yaml b/nuclei-templates/cve-less/plugins/eelv-newsletter-77b95b2fd3fc9982f02a243980235615.yaml new file mode 100644 index 0000000000..792b8f7bd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eelv-newsletter-77b95b2fd3fc9982f02a243980235615.yaml @@ -0,0 +1,58 @@ +id: eelv-newsletter-77b95b2fd3fc9982f02a243980235615 + +info: + name: > + EELV Newsletter <= 4.6.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84888ea6-122d-4480-8262-d87c33113bd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eelv-newsletter/" + google-query: inurl:"/wp-content/plugins/eelv-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eelv-newsletter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eelv-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eelv-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eelv-newsletter-af90005e3634d51c613c584f0861c0a2.yaml b/nuclei-templates/cve-less/plugins/eelv-newsletter-af90005e3634d51c613c584f0861c0a2.yaml new file mode 100644 index 0000000000..e45098c5e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eelv-newsletter-af90005e3634d51c613c584f0861c0a2.yaml @@ -0,0 +1,58 @@ +id: eelv-newsletter-af90005e3634d51c613c584f0861c0a2 + +info: + name: > + EELV Newsletter < 4.6.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10c41b59-c83e-4f72-8b20-10db731e23c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eelv-newsletter/" + google-query: inurl:"/wp-content/plugins/eelv-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eelv-newsletter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eelv-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eelv-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eexamhall-64357c63e9789d2ab1bb69c47d5337ab.yaml b/nuclei-templates/cve-less/plugins/eexamhall-64357c63e9789d2ab1bb69c47d5337ab.yaml new file mode 100644 index 0000000000..45f38f5560 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eexamhall-64357c63e9789d2ab1bb69c47d5337ab.yaml @@ -0,0 +1,58 @@ +id: eexamhall-64357c63e9789d2ab1bb69c47d5337ab + +info: + name: > + eExamhall <= 4.0 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d80d583f-42c8-48fb-b757-88346c740b0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eexamhall/" + google-query: inurl:"/wp-content/plugins/eexamhall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eexamhall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eexamhall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eexamhall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/efence-e5f4c0414a585004ed1f35745c5931f6.yaml b/nuclei-templates/cve-less/plugins/efence-e5f4c0414a585004ed1f35745c5931f6.yaml new file mode 100644 index 0000000000..92ab650770 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/efence-e5f4c0414a585004ed1f35745c5931f6.yaml @@ -0,0 +1,58 @@ +id: efence-e5f4c0414a585004ed1f35745c5931f6 + +info: + name: > + efence <= 1.3.2 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0f5e62-aa81-4a2e-8187-917391548a31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/efence/" + google-query: inurl:"/wp-content/plugins/efence/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,efence,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/efence/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "efence" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eg-attachments-f006ae96918e8c435b20f1e9d28e9e41.yaml b/nuclei-templates/cve-less/plugins/eg-attachments-f006ae96918e8c435b20f1e9d28e9e41.yaml new file mode 100644 index 0000000000..c9cb6ebfa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eg-attachments-f006ae96918e8c435b20f1e9d28e9e41.yaml @@ -0,0 +1,58 @@ +id: eg-attachments-f006ae96918e8c435b20f1e9d28e9e41 + +info: + name: > + EG-Attachments <= 2.1.3 - Reflected Cross-Site Scripting via 'paged' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b63ccc9a-222d-4119-909b-d04bab78d663?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eg-attachments/" + google-query: inurl:"/wp-content/plugins/eg-attachments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eg-attachments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eg-attachments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eg-attachments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ehive-account-details-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/ehive-account-details-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..6514c18e1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ehive-account-details-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: ehive-account-details-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ehive-account-details/" + google-query: inurl:"/wp-content/plugins/ehive-account-details/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ehive-account-details,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ehive-account-details/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ehive-account-details" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ehive-object-details-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/ehive-object-details-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..2dfe38a4d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ehive-object-details-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: ehive-object-details-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ehive-object-details/" + google-query: inurl:"/wp-content/plugins/ehive-object-details/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ehive-object-details,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ehive-object-details/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ehive-object-details" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elastic-email-sender-7666fb1e1d2345dc70da7aee12ac3253.yaml b/nuclei-templates/cve-less/plugins/elastic-email-sender-7666fb1e1d2345dc70da7aee12ac3253.yaml new file mode 100644 index 0000000000..28a5c125ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elastic-email-sender-7666fb1e1d2345dc70da7aee12ac3253.yaml @@ -0,0 +1,58 @@ +id: elastic-email-sender-7666fb1e1d2345dc70da7aee12ac3253 + +info: + name: > + Elastic Email Sender <= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/106a604f-0bff-444e-9d76-f6508bcc0cea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elastic-email-sender/" + google-query: inurl:"/wp-content/plugins/elastic-email-sender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elastic-email-sender,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elastic-email-sender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elastic-email-sender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elasticpress-0046efcaf372ceea3cbda093fc9866d7.yaml b/nuclei-templates/cve-less/plugins/elasticpress-0046efcaf372ceea3cbda093fc9866d7.yaml new file mode 100644 index 0000000000..a2c9e620ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elasticpress-0046efcaf372ceea3cbda093fc9866d7.yaml @@ -0,0 +1,58 @@ +id: elasticpress-0046efcaf372ceea3cbda093fc9866d7 + +info: + name: > + webpack JS package <= 5.75.0 - Sandbox Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cda31a4-4c79-4567-a527-6510c31d2843?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elasticpress/" + google-query: inurl:"/wp-content/plugins/elasticpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elasticpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elasticpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elasticpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elasticpress-1951707b594e6f4a4e8e4243b43c9841.yaml b/nuclei-templates/cve-less/plugins/elasticpress-1951707b594e6f4a4e8e4243b43c9841.yaml new file mode 100644 index 0000000000..4574edfa3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elasticpress-1951707b594e6f4a4e8e4243b43c9841.yaml @@ -0,0 +1,58 @@ +id: elasticpress-1951707b594e6f4a4e8e4243b43c9841 + +info: + name: > + loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb93138-f2f9-4a3f-a0a2-d79a315c44f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elasticpress/" + google-query: inurl:"/wp-content/plugins/elasticpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elasticpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elasticpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elasticpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elasticpress-54bc1daf26907dc59a5c7876a142ff1b.yaml b/nuclei-templates/cve-less/plugins/elasticpress-54bc1daf26907dc59a5c7876a142ff1b.yaml new file mode 100644 index 0000000000..1f2415f912 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elasticpress-54bc1daf26907dc59a5c7876a142ff1b.yaml @@ -0,0 +1,58 @@ +id: elasticpress-54bc1daf26907dc59a5c7876a142ff1b + +info: + name: > + loader-utils (JS package) < 2.0.3 - Prototype Pollution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45a49dca-2ed2-44cf-a0fe-0f1440a78cc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elasticpress/" + google-query: inurl:"/wp-content/plugins/elasticpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elasticpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elasticpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elasticpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elasticpress-5dc312330e1225a6fb2a9d319cc31d3c.yaml b/nuclei-templates/cve-less/plugins/elasticpress-5dc312330e1225a6fb2a9d319cc31d3c.yaml new file mode 100644 index 0000000000..44ecb7aaa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elasticpress-5dc312330e1225a6fb2a9d319cc31d3c.yaml @@ -0,0 +1,58 @@ +id: elasticpress-5dc312330e1225a6fb2a9d319cc31d3c + +info: + name: > + ElasticPress <= 3.5.3 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ab8eb9d-1427-4e99-8986-179147e0862e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elasticpress/" + google-query: inurl:"/wp-content/plugins/elasticpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elasticpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elasticpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elasticpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elasticpress-73081b1f6f4e13a9e6e969eba5e746fc.yaml b/nuclei-templates/cve-less/plugins/elasticpress-73081b1f6f4e13a9e6e969eba5e746fc.yaml new file mode 100644 index 0000000000..0879c6bb0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elasticpress-73081b1f6f4e13a9e6e969eba5e746fc.yaml @@ -0,0 +1,58 @@ +id: elasticpress-73081b1f6f4e13a9e6e969eba5e746fc + +info: + name: > + simple-git < 3.15.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c747e6f-31fc-41b0-ba62-f009b5483696?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elasticpress/" + google-query: inurl:"/wp-content/plugins/elasticpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elasticpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elasticpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elasticpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elasticpress-bd26ccd939104e13f73f569b312459d6.yaml b/nuclei-templates/cve-less/plugins/elasticpress-bd26ccd939104e13f73f569b312459d6.yaml new file mode 100644 index 0000000000..be39163e6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elasticpress-bd26ccd939104e13f73f569b312459d6.yaml @@ -0,0 +1,58 @@ +id: elasticpress-bd26ccd939104e13f73f569b312459d6 + +info: + name: > + loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2954a007-37ac-4811-a258-b3fdd738043f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elasticpress/" + google-query: inurl:"/wp-content/plugins/elasticpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elasticpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elasticpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elasticpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elasticpress-c3dca1d1ef3a946c9ddf3e33caa00021.yaml b/nuclei-templates/cve-less/plugins/elasticpress-c3dca1d1ef3a946c9ddf3e33caa00021.yaml new file mode 100644 index 0000000000..94dccb0f97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elasticpress-c3dca1d1ef3a946c9ddf3e33caa00021.yaml @@ -0,0 +1,58 @@ +id: elasticpress-c3dca1d1ef3a946c9ddf3e33caa00021 + +info: + name: > + terser (JS Package) < 5.14.2 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1c08c10-7358-4618-b892-7d222ba460de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elasticpress/" + google-query: inurl:"/wp-content/plugins/elasticpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elasticpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elasticpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elasticpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ele-blog-fd2502bc424033ec4b34f2309e987add.yaml b/nuclei-templates/cve-less/plugins/ele-blog-fd2502bc424033ec4b34f2309e987add.yaml new file mode 100644 index 0000000000..c75a2c25e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ele-blog-fd2502bc424033ec4b34f2309e987add.yaml @@ -0,0 +1,58 @@ +id: ele-blog-fd2502bc424033ec4b34f2309e987add + +info: + name: > + Eleblog – Elementor Blog And Magazine Addons <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ffb494a-e9b3-46f5-825a-35ad88d5d6fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ele-blog/" + google-query: inurl:"/wp-content/plugins/ele-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ele-blog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ele-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ele-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/electric-studio-client-login-f63b97efbb567f61e36df93bf47a02fe.yaml b/nuclei-templates/cve-less/plugins/electric-studio-client-login-f63b97efbb567f61e36df93bf47a02fe.yaml new file mode 100644 index 0000000000..b852158272 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/electric-studio-client-login-f63b97efbb567f61e36df93bf47a02fe.yaml @@ -0,0 +1,58 @@ +id: electric-studio-client-login-f63b97efbb567f61e36df93bf47a02fe + +info: + name: > + Electric Studio Client Login <= 0.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e797c0ca-f348-4d9c-815e-0c1756686690?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/electric-studio-client-login/" + google-query: inurl:"/wp-content/plugins/electric-studio-client-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,electric-studio-client-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/electric-studio-client-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "electric-studio-client-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elegant-custom-fonts-f10c9b43de964c20f74a052f0a107e7c.yaml b/nuclei-templates/cve-less/plugins/elegant-custom-fonts-f10c9b43de964c20f74a052f0a107e7c.yaml new file mode 100644 index 0000000000..3994108092 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elegant-custom-fonts-f10c9b43de964c20f74a052f0a107e7c.yaml @@ -0,0 +1,58 @@ +id: elegant-custom-fonts-f10c9b43de964c20f74a052f0a107e7c + +info: + name: > + Elegant Custom Fonts <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dadb6bf5-dbbd-4afb-8783-f6880dec2cbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elegant-custom-fonts/" + google-query: inurl:"/wp-content/plugins/elegant-custom-fonts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elegant-custom-fonts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elegant-custom-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elegant-custom-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/element-ready-lite-e8533877c8cc904267c19512d475d608.yaml b/nuclei-templates/cve-less/plugins/element-ready-lite-e8533877c8cc904267c19512d475d608.yaml new file mode 100644 index 0000000000..199d497051 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/element-ready-lite-e8533877c8cc904267c19512d475d608.yaml @@ -0,0 +1,58 @@ +id: element-ready-lite-e8533877c8cc904267c19512d475d608 + +info: + name: > + ElementsReady Addons for Elementor <= 5.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/530ccf41-f596-4783-b177-36fc9a3a6e81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/element-ready-lite/" + google-query: inurl:"/wp-content/plugins/element-ready-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,element-ready-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/element-ready-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "element-ready-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementinvader-addons-for-elementor-1b9ddc8767486e6841efc7560084f93c.yaml b/nuclei-templates/cve-less/plugins/elementinvader-addons-for-elementor-1b9ddc8767486e6841efc7560084f93c.yaml new file mode 100644 index 0000000000..a152416698 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementinvader-addons-for-elementor-1b9ddc8767486e6841efc7560084f93c.yaml @@ -0,0 +1,58 @@ +id: elementinvader-addons-for-elementor-1b9ddc8767486e6841efc7560084f93c + +info: + name: > + ElementInvader Addons for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40a272dc-cb2a-472f-be42-733efcb2fa61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementinvader-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/elementinvader-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementinvader-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementinvader-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementinvader-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-03fe440b02e44feccf06b79164360aca.yaml b/nuclei-templates/cve-less/plugins/elementor-03fe440b02e44feccf06b79164360aca.yaml new file mode 100644 index 0000000000..03b73d3cbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-03fe440b02e44feccf06b79164360aca.yaml @@ -0,0 +1,58 @@ +id: elementor-03fe440b02e44feccf06b79164360aca + +info: + name: > + Elementor Website Builder <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7f08d0a-b3ac-4363-ba6e-91a8e13605ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-151a3d01fba73eb2e03af896af5366b4.yaml b/nuclei-templates/cve-less/plugins/elementor-151a3d01fba73eb2e03af896af5366b4.yaml new file mode 100644 index 0000000000..8094d62cb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-151a3d01fba73eb2e03af896af5366b4.yaml @@ -0,0 +1,58 @@ +id: elementor-151a3d01fba73eb2e03af896af5366b4 + +info: + name: > + Elementor Website Builder <= 2.9.13 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c43e292b-8344-4842-bed1-32e7f8cb992b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-26fe6330bdb19cfffb8c82c950ab810e.yaml b/nuclei-templates/cve-less/plugins/elementor-26fe6330bdb19cfffb8c82c950ab810e.yaml new file mode 100644 index 0000000000..80a758ed36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-26fe6330bdb19cfffb8c82c950ab810e.yaml @@ -0,0 +1,58 @@ +id: elementor-26fe6330bdb19cfffb8c82c950ab810e + +info: + name: > + Elementor Website Builder <= 2.8.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d021636e-2d23-4fb3-baf7-0f40d4ade3db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-287536d4e13889455f637b6c851d2004.yaml b/nuclei-templates/cve-less/plugins/elementor-287536d4e13889455f637b6c851d2004.yaml new file mode 100644 index 0000000000..c51c4e4887 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-287536d4e13889455f637b6c851d2004.yaml @@ -0,0 +1,58 @@ +id: elementor-287536d4e13889455f637b6c851d2004 + +info: + name: > + Elementor <= 3.13.2 Authenticated(Contributor+) Arbitrary Post Type Creation via save_item + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/525cb51c-23f1-446f-a247-0f69ec5029d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.13.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-2a3ca00c5df2d9ec07efb3c8b755e2fe.yaml b/nuclei-templates/cve-less/plugins/elementor-2a3ca00c5df2d9ec07efb3c8b755e2fe.yaml new file mode 100644 index 0000000000..62039c4e9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-2a3ca00c5df2d9ec07efb3c8b755e2fe.yaml @@ -0,0 +1,58 @@ +id: elementor-2a3ca00c5df2d9ec07efb3c8b755e2fe + +info: + name: > + Elementor Website Builder – More than Just a Page Builder <= 3.18.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4473d3f6-e324-40f5-b92b-167f76b17332?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-2f027571e136822dc3132e7a5b6f47eb.yaml b/nuclei-templates/cve-less/plugins/elementor-2f027571e136822dc3132e7a5b6f47eb.yaml new file mode 100644 index 0000000000..71938f7fa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-2f027571e136822dc3132e7a5b6f47eb.yaml @@ -0,0 +1,58 @@ +id: elementor-2f027571e136822dc3132e7a5b6f47eb + +info: + name: > + Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_html_tag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14dd84e5-69fa-4de9-b72c-dfedfd85582c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-5076d4232fcfbe5d646915f67652404a.yaml b/nuclei-templates/cve-less/plugins/elementor-5076d4232fcfbe5d646915f67652404a.yaml new file mode 100644 index 0000000000..045cc7b8d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-5076d4232fcfbe5d646915f67652404a.yaml @@ -0,0 +1,58 @@ +id: elementor-5076d4232fcfbe5d646915f67652404a + +info: + name: > + Elementor Website Builder <= 2.8.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee27a988-6afd-4da7-a750-0af801d7fa15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-5721e5b5b859df336ecc013b38726f93.yaml b/nuclei-templates/cve-less/plugins/elementor-5721e5b5b859df336ecc013b38726f93.yaml new file mode 100644 index 0000000000..3428c148c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-5721e5b5b859df336ecc013b38726f93.yaml @@ -0,0 +1,58 @@ +id: elementor-5721e5b5b859df336ecc013b38726f93 + +info: + name: > + Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_size + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90f96795-8df7-4388-b58e-fc3611bc215c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.1.0', '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-5e6768e991caa45e72cc5f93d69cc8a5.yaml b/nuclei-templates/cve-less/plugins/elementor-5e6768e991caa45e72cc5f93d69cc8a5.yaml new file mode 100644 index 0000000000..22e53cd5c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-5e6768e991caa45e72cc5f93d69cc8a5.yaml @@ -0,0 +1,58 @@ +id: elementor-5e6768e991caa45e72cc5f93d69cc8a5 + +info: + name: > + Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via html_tag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e264af7c-84bb-4bfa-a433-39dd94a9d83b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.1.0', '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-5f7ca58c2ad3d25f19da443baa193352.yaml b/nuclei-templates/cve-less/plugins/elementor-5f7ca58c2ad3d25f19da443baa193352.yaml new file mode 100644 index 0000000000..a1f4d72c3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-5f7ca58c2ad3d25f19da443baa193352.yaml @@ -0,0 +1,58 @@ +id: elementor-5f7ca58c2ad3d25f19da443baa193352 + +info: + name: > + Elementor Website Builder <= 2.9.8 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e8822cd-5ced-42d5-907e-72066d8fb835?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-660b23de83aeeb4aa32118217df234cf.yaml b/nuclei-templates/cve-less/plugins/elementor-660b23de83aeeb4aa32118217df234cf.yaml new file mode 100644 index 0000000000..e7f1321e7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-660b23de83aeeb4aa32118217df234cf.yaml @@ -0,0 +1,58 @@ +id: elementor-660b23de83aeeb4aa32118217df234cf + +info: + name: > + Elementor Website Builder <= 3.0.13 - Unrestricted SVG Uploads + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3999c48f-bae6-48ea-b35f-d8307d9c3898?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-669dc6b32158d01ea3af647aee0ce2e6.yaml b/nuclei-templates/cve-less/plugins/elementor-669dc6b32158d01ea3af647aee0ce2e6.yaml new file mode 100644 index 0000000000..f7bc1365b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-669dc6b32158d01ea3af647aee0ce2e6.yaml @@ -0,0 +1,58 @@ +id: elementor-669dc6b32158d01ea3af647aee0ce2e6 + +info: + name: > + Elementor <= 3.5.4 - DOM-Based iFrame Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b00290ee-ad63-4544-818a-c0d7471e60fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-727d2f92da48e178eefceef10fd279f0.yaml b/nuclei-templates/cve-less/plugins/elementor-727d2f92da48e178eefceef10fd279f0.yaml new file mode 100644 index 0000000000..b63fd21f57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-727d2f92da48e178eefceef10fd279f0.yaml @@ -0,0 +1,58 @@ +id: elementor-727d2f92da48e178eefceef10fd279f0 + +info: + name: > + Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42db52ae-f881-4082-b475-8577a28641c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-7df4e23827630859e3a047cf49f19af4.yaml b/nuclei-templates/cve-less/plugins/elementor-7df4e23827630859e3a047cf49f19af4.yaml new file mode 100644 index 0000000000..41f311916a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-7df4e23827630859e3a047cf49f19af4.yaml @@ -0,0 +1,58 @@ +id: elementor-7df4e23827630859e3a047cf49f19af4 + +info: + name: > + Elementor <= 3.12.1 - Authenticated(Administrator+) SQL Injection via 'replace_urls' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7bd173c-dc61-4cc6-b42f-311acf728080?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.12.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-88f2e8b62006d8f70eead27b7d5c23f7.yaml b/nuclei-templates/cve-less/plugins/elementor-88f2e8b62006d8f70eead27b7d5c23f7.yaml new file mode 100644 index 0000000000..aec06a448f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-88f2e8b62006d8f70eead27b7d5c23f7.yaml @@ -0,0 +1,58 @@ +id: elementor-88f2e8b62006d8f70eead27b7d5c23f7 + +info: + name: > + Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_size Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51887d22-2cfa-46b8-822c-9e6e183de4ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-8f2ebff96481ee5356699783e44b68ea.yaml b/nuclei-templates/cve-less/plugins/elementor-8f2ebff96481ee5356699783e44b68ea.yaml new file mode 100644 index 0000000000..4e6b70b0d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-8f2ebff96481ee5356699783e44b68ea.yaml @@ -0,0 +1,58 @@ +id: elementor-8f2ebff96481ee5356699783e44b68ea + +info: + name: > + Elementor Website Builder <= 2.9.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/877a42c9-958d-46ed-8f9a-5972bd5f43f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-95ed8c023906e2f70f01592d99282d0b.yaml b/nuclei-templates/cve-less/plugins/elementor-95ed8c023906e2f70f01592d99282d0b.yaml new file mode 100644 index 0000000000..4f99badca4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-95ed8c023906e2f70f01592d99282d0b.yaml @@ -0,0 +1,58 @@ +id: elementor-95ed8c023906e2f70f01592d99282d0b + +info: + name: > + Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_size + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37f60fe5-2ece-48aa-8005-e220541bdd62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.1.0', '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-97ebb96fdd3db87faf02d7c0a7e706c7.yaml b/nuclei-templates/cve-less/plugins/elementor-97ebb96fdd3db87faf02d7c0a7e706c7.yaml new file mode 100644 index 0000000000..25f7925244 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-97ebb96fdd3db87faf02d7c0a7e706c7.yaml @@ -0,0 +1,58 @@ +id: elementor-97ebb96fdd3db87faf02d7c0a7e706c7 + +info: + name: > + Elementor Website Builder – More than Just a Page Builder <= 3.20.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Path Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8d7448a-b8a6-4b0b-92df-a15272fc56bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.20.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-98c8e6a6d80acb851afcee0bde588eea.yaml b/nuclei-templates/cve-less/plugins/elementor-98c8e6a6d80acb851afcee0bde588eea.yaml new file mode 100644 index 0000000000..51d07dbddb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-98c8e6a6d80acb851afcee0bde588eea.yaml @@ -0,0 +1,58 @@ +id: elementor-98c8e6a6d80acb851afcee0bde588eea + +info: + name: > + Elementor Website Builder <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via html_tag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4feed0da-f5b1-47eb-9454-8539f62335fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.1.0', '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-b165aaaa725c1983b238dd197ed1a7e5.yaml b/nuclei-templates/cve-less/plugins/elementor-b165aaaa725c1983b238dd197ed1a7e5.yaml new file mode 100644 index 0000000000..6e4a613ace --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-b165aaaa725c1983b238dd197ed1a7e5.yaml @@ -0,0 +1,58 @@ +id: elementor-b165aaaa725c1983b238dd197ed1a7e5 + +info: + name: > + Elementor Website Builder <= 2.9.5 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/249caa5b-c1b0-4b72-98f3-31bbb574c834?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-b58bfdaaa39d4e7d694c40523cac0a71.yaml b/nuclei-templates/cve-less/plugins/elementor-b58bfdaaa39d4e7d694c40523cac0a71.yaml new file mode 100644 index 0000000000..d09a1ad97d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-b58bfdaaa39d4e7d694c40523cac0a71.yaml @@ -0,0 +1,58 @@ +id: elementor-b58bfdaaa39d4e7d694c40523cac0a71 + +info: + name: > + Elementor Website Builder <= 3.16.4 - Missing Authorization to Arbitrary Attachment Read + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c873c76a-144e-4945-8fa2-c9ffe0e3c061?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.16.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-bdfd3cb15fc22fa823679d0ba1d3fc73.yaml b/nuclei-templates/cve-less/plugins/elementor-bdfd3cb15fc22fa823679d0ba1d3fc73.yaml new file mode 100644 index 0000000000..4a1702e217 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-bdfd3cb15fc22fa823679d0ba1d3fc73.yaml @@ -0,0 +1,58 @@ +id: elementor-bdfd3cb15fc22fa823679d0ba1d3fc73 + +info: + name: > + Elementor <= 3.18.1 - Authenticated(Contributor+) Arbitrary File Upload to Remote Code Execution via Template Import + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b6d0a38-ac28-41c9-9da1-b30b3657b463?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.18.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-c04510d8ae6604902066b55cfed338f7.yaml b/nuclei-templates/cve-less/plugins/elementor-c04510d8ae6604902066b55cfed338f7.yaml new file mode 100644 index 0000000000..7b6ee8d885 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-c04510d8ae6604902066b55cfed338f7.yaml @@ -0,0 +1,58 @@ +id: elementor-c04510d8ae6604902066b55cfed338f7 + +info: + name: > + Elementor Website Builder <= 2.9.8 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2e39fe4-8c22-4da6-8cb6-737ddd4dc36e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-cba36394f848d0e615f1c12018c52329.yaml b/nuclei-templates/cve-less/plugins/elementor-cba36394f848d0e615f1c12018c52329.yaml new file mode 100644 index 0000000000..0a2a44acea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-cba36394f848d0e615f1c12018c52329.yaml @@ -0,0 +1,58 @@ +id: elementor-cba36394f848d0e615f1c12018c52329 + +info: + name: > + Elementor Website Builder <= 1.7.12 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d847e26b-8c11-4612-84d7-ff319ca374dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-d16f5d5a117e59e23a5a604664dfe044.yaml b/nuclei-templates/cve-less/plugins/elementor-d16f5d5a117e59e23a5a604664dfe044.yaml new file mode 100644 index 0000000000..8f32aed77a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-d16f5d5a117e59e23a5a604664dfe044.yaml @@ -0,0 +1,58 @@ +id: elementor-d16f5d5a117e59e23a5a604664dfe044 + +info: + name: > + Elementor Website Builder <= 2.7.4 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ef8ee4-7388-4263-ad6a-bb043b09c97c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-e1d6d92659e9b697c29f278d3aacc568.yaml b/nuclei-templates/cve-less/plugins/elementor-e1d6d92659e9b697c29f278d3aacc568.yaml new file mode 100644 index 0000000000..bbfacc9d89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-e1d6d92659e9b697c29f278d3aacc568.yaml @@ -0,0 +1,58 @@ +id: elementor-e1d6d92659e9b697c29f278d3aacc568 + +info: + name: > + Elementor Website Builder <= 3.4.7 - DOM-based Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/175b64d3-0abd-4a65-b419-d6248a7deb2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.1.0', '<= 3.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-ed7ec795a9e5769e2593c8bc7106e945.yaml b/nuclei-templates/cve-less/plugins/elementor-ed7ec795a9e5769e2593c8bc7106e945.yaml new file mode 100644 index 0000000000..6cda378e00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-ed7ec795a9e5769e2593c8bc7106e945.yaml @@ -0,0 +1,58 @@ +id: elementor-ed7ec795a9e5769e2593c8bc7106e945 + +info: + name: > + Elementor Website Builder <= 3.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_inline_svg() + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b44ef21f-464e-487a-ba5a-fe889e4c488c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.16.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-fa47ef3a071af26f7cb8467307b46f4c.yaml b/nuclei-templates/cve-less/plugins/elementor-fa47ef3a071af26f7cb8467307b46f4c.yaml new file mode 100644 index 0000000000..a03416275a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-fa47ef3a071af26f7cb8467307b46f4c.yaml @@ -0,0 +1,58 @@ +id: elementor-fa47ef3a071af26f7cb8467307b46f4c + +info: + name: > + Elementor <= 3.19.0 - Authenticated(Contributor+) Arbitrary File Deletion and PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4915b769-9499-40ac-835e-279e3a910558?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.19.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-fe43bc61a2c4502126731a0d72fb43ba.yaml b/nuclei-templates/cve-less/plugins/elementor-fe43bc61a2c4502126731a0d72fb43ba.yaml new file mode 100644 index 0000000000..d2d2dd0c9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-fe43bc61a2c4502126731a0d72fb43ba.yaml @@ -0,0 +1,58 @@ +id: elementor-fe43bc61a2c4502126731a0d72fb43ba + +info: + name: > + Elementor Website Builder 3.6.0 - 3.6.2 - Missing Authorization to Remote Code Execution + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2421108-d4b0-480e-a020-95712cdfae8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor/" + google-query: inurl:"/wp-content/plugins/elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.6.0', '<= 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-0f93fc1c537d4354bd5e942ea05347cf.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-0f93fc1c537d4354bd5e942ea05347cf.yaml new file mode 100644 index 0000000000..6b133d77a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-0f93fc1c537d4354bd5e942ea05347cf.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-0f93fc1c537d4354bd5e942ea05347cf + +info: + name: > + Elementor Pro <= 3.19.2 - Authenticated (Contributor+) Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc8996a-d95c-4711-ac7d-523f5100c7fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.19.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-25aa395084f363ecfd02447bcee9b684.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-25aa395084f363ecfd02447bcee9b684.yaml new file mode 100644 index 0000000000..53408d367a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-25aa395084f363ecfd02447bcee9b684.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-25aa395084f363ecfd02447bcee9b684 + +info: + name: > + Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de1742d4-f498-4ad4-b6a1-88cb60e83afc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.20.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-4227a0d8303b8be51d7b7784befed50f.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-4227a0d8303b8be51d7b7784befed50f.yaml new file mode 100644 index 0000000000..e1105acf82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-4227a0d8303b8be51d7b7784befed50f.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-4227a0d8303b8be51d7b7784befed50f + +info: + name: > + Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via video_html_tag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54970085-5206-45b6-adcf-11e6dd4cd633?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.20.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-495b1b12b50b14325e42d32d8b21fb76.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-495b1b12b50b14325e42d32d8b21fb76.yaml new file mode 100644 index 0000000000..416fb9ff47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-495b1b12b50b14325e42d32d8b21fb76.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-495b1b12b50b14325e42d32d8b21fb76 + +info: + name: > + Elementor Pro <= 3.11.6 - Authenticated(Subscriber+) Privilege Escalation via update_page_option + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/570474f2-c118-45e1-a237-c70b849b2d3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-500730a31af9acbaf8945d735529d69e.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-500730a31af9acbaf8945d735529d69e.yaml new file mode 100644 index 0000000000..58380ef478 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-500730a31af9acbaf8945d735529d69e.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-500730a31af9acbaf8945d735529d69e + +info: + name: > + Elementor Pro <= 3.13.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cba362e-c1e3-4840-941f-b8af8469f771?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-52d465c21905272814a823dbfaac019a.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-52d465c21905272814a823dbfaac019a.yaml new file mode 100644 index 0000000000..cd18ee610b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-52d465c21905272814a823dbfaac019a.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-52d465c21905272814a823dbfaac019a + +info: + name: > + Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Widget SVGZ File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecd01ea6-9476-47e1-9959-3f8d9ce1c1f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.20.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-5ecb61edb8f014ffed25792497a59fa8.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-5ecb61edb8f014ffed25792497a59fa8.yaml new file mode 100644 index 0000000000..fa71028e98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-5ecb61edb8f014ffed25792497a59fa8.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-5ecb61edb8f014ffed25792497a59fa8 + +info: + name: > + Elementor Website Builder Pro <= 3.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8698d6dd-7376-4d29-8a5c-21c239a7aa03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.20.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-68b5f15989ca60b284d4dce6601af76b.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-68b5f15989ca60b284d4dce6601af76b.yaml new file mode 100644 index 0000000000..72cd93d52a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-68b5f15989ca60b284d4dce6601af76b.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-68b5f15989ca60b284d4dce6601af76b + +info: + name: > + Elementor Pro <= 2.9.3 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ec997c8-3f47-45c8-8fa2-019b01c97c94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-6b5638f86300bb8cb925bbc8ddae3c32.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-6b5638f86300bb8cb925bbc8ddae3c32.yaml new file mode 100644 index 0000000000..59c0f981aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-6b5638f86300bb8cb925bbc8ddae3c32.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-6b5638f86300bb8cb925bbc8ddae3c32 + +info: + name: > + Elementor Website Builder Pro <= 3.20.1 - Authententicated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/531954dd-ed3f-4626-adab-c1bba8407c89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.20.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-74f6871329004558f0dbc4c0f34288a7.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-74f6871329004558f0dbc4c0f34288a7.yaml new file mode 100644 index 0000000000..b29bacef26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-74f6871329004558f0dbc4c0f34288a7.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-74f6871329004558f0dbc4c0f34288a7 + +info: + name: > + Elementor Website Builder Pro <= 3.21.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d5d47bd-4f05-4dc7-84c1-f7bc1196ee16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.21.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-d8cb62391dd6a20fc4b59fa893c8943a.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-d8cb62391dd6a20fc4b59fa893c8943a.yaml new file mode 100644 index 0000000000..4ee0f53b5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-d8cb62391dd6a20fc4b59fa893c8943a.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-d8cb62391dd6a20fc4b59fa893c8943a + +info: + name: > + Elementor Pro <= 2.0.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e340f400-1d20-4fa1-9cc7-8c0f49075bc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementor-pro-f9bf203df336a8e0915eb488a89feed1.yaml b/nuclei-templates/cve-less/plugins/elementor-pro-f9bf203df336a8e0915eb488a89feed1.yaml new file mode 100644 index 0000000000..1274021230 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementor-pro-f9bf203df336a8e0915eb488a89feed1.yaml @@ -0,0 +1,58 @@ +id: elementor-pro-f9bf203df336a8e0915eb488a89feed1 + +info: + name: > + Elementor Pro <= 3.0.5 - Authenticated Remote Code Execution in Dynamic OOO Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ef3f7a2-4ed2-4235-8a6b-f2a5cf288029?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementor-pro/" + google-query: inurl:"/wp-content/plugins/elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elements-plus-3da99f6ccd8b569aa4895183dacec31a.yaml b/nuclei-templates/cve-less/plugins/elements-plus-3da99f6ccd8b569aa4895183dacec31a.yaml new file mode 100644 index 0000000000..daf47beb75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elements-plus-3da99f6ccd8b569aa4895183dacec31a.yaml @@ -0,0 +1,58 @@ +id: elements-plus-3da99f6ccd8b569aa4895183dacec31a + +info: + name: > + Elements Plus! <= 2.16.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget links + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9efb7dc8-d0a1-4707-a465-6a55b2d4a426?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elements-plus/" + google-query: inurl:"/wp-content/plugins/elements-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elements-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elements-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elements-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elements-plus-c23e4efbffee4d6fedc761f6f4283de6.yaml b/nuclei-templates/cve-less/plugins/elements-plus-c23e4efbffee4d6fedc761f6f4283de6.yaml new file mode 100644 index 0000000000..9aa6ea675f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elements-plus-c23e4efbffee4d6fedc761f6f4283de6.yaml @@ -0,0 +1,58 @@ +id: elements-plus-c23e4efbffee4d6fedc761f6f4283de6 + +info: + name: > + Elements Plus! <= 2.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7812dd30-2896-45a7-8920-92ea061f4da3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elements-plus/" + google-query: inurl:"/wp-content/plugins/elements-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elements-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elements-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elements-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-7b0e7eea2756aa9a3fb9bd9d76ac83fe.yaml b/nuclei-templates/cve-less/plugins/elementskit-7b0e7eea2756aa9a3fb9bd9d76ac83fe.yaml new file mode 100644 index 0000000000..5f4669e7e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-7b0e7eea2756aa9a3fb9bd9d76ac83fe.yaml @@ -0,0 +1,58 @@ +id: elementskit-7b0e7eea2756aa9a3fb9bd9d76ac83fe + +info: + name: > + ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Local File Inclusion via Price Menu, Hotspot, and Advanced Toggle Widgets + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8ae0a47-cba5-468e-8d25-7b7176373b9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit/" + google-query: inurl:"/wp-content/plugins/elementskit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-7ccdd8fc797e3fab9fea1a77280ae2aa.yaml b/nuclei-templates/cve-less/plugins/elementskit-7ccdd8fc797e3fab9fea1a77280ae2aa.yaml new file mode 100644 index 0000000000..04546d6f38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-7ccdd8fc797e3fab9fea1a77280ae2aa.yaml @@ -0,0 +1,58 @@ +id: elementskit-7ccdd8fc797e3fab9fea1a77280ae2aa + +info: + name: > + ElementsKit Pro <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ekit_btn_id' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9e4b14f-0f55-47bc-8e40-19b262e50561?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit/" + google-query: inurl:"/wp-content/plugins/elementskit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-lite-01583a85c3bb765e7b9d1e3e575dd138.yaml b/nuclei-templates/cve-less/plugins/elementskit-lite-01583a85c3bb765e7b9d1e3e575dd138.yaml new file mode 100644 index 0000000000..2bcb5b416e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-lite-01583a85c3bb765e7b9d1e3e575dd138.yaml @@ -0,0 +1,58 @@ +id: elementskit-lite-01583a85c3bb765e7b9d1e3e575dd138 + +info: + name: > + Elements kit Elementor addons <= 2.9.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ff589ec-756d-4183-8bb8-61dae9be7c5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-lite-55933111032f4be98ad6ab7b8ab899fc.yaml b/nuclei-templates/cve-less/plugins/elementskit-lite-55933111032f4be98ad6ab7b8ab899fc.yaml new file mode 100644 index 0000000000..e046c9471f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-lite-55933111032f4be98ad6ab7b8ab899fc.yaml @@ -0,0 +1,58 @@ +id: elementskit-lite-55933111032f4be98ad6ab7b8ab899fc + +info: + name: > + ElementsKit Elementor addons <= 3.0.3 - Authenticated(Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e724394d-97aa-42e4-b36e-6e49bfefa2f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-lite-7a76232802e20b0ab3fa4ab939317696.yaml b/nuclei-templates/cve-less/plugins/elementskit-lite-7a76232802e20b0ab3fa4ab939317696.yaml new file mode 100644 index 0000000000..6a0d9c1117 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-lite-7a76232802e20b0ab3fa4ab939317696.yaml @@ -0,0 +1,58 @@ +id: elementskit-lite-7a76232802e20b0ab3fa4ab939317696 + +info: + name: > + ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/413e6326-14c6-4734-8adc-114a7842c574?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-lite-8951eb99c398a311cfe985bad4ff4e0c.yaml b/nuclei-templates/cve-less/plugins/elementskit-lite-8951eb99c398a311cfe985bad4ff4e0c.yaml new file mode 100644 index 0000000000..fa5e2b716b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-lite-8951eb99c398a311cfe985bad4ff4e0c.yaml @@ -0,0 +1,58 @@ +id: elementskit-lite-8951eb99c398a311cfe985bad4ff4e0c + +info: + name: > + ElementsKit Elementor addons <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c44ad9-e61e-4f29-9c0b-7c0a89b0c8da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-lite-998f619282ed25afacc39847ff214ad0.yaml b/nuclei-templates/cve-less/plugins/elementskit-lite-998f619282ed25afacc39847ff214ad0.yaml new file mode 100644 index 0000000000..c35141556f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-lite-998f619282ed25afacc39847ff214ad0.yaml @@ -0,0 +1,58 @@ +id: elementskit-lite-998f619282ed25afacc39847ff214ad0 + +info: + name: > + ElementsKit Elementor addons <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1822fd58-0dba-4b15-9702-32e3aa4405b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-lite-a391f7553cca71ac204345c2d728e50d.yaml b/nuclei-templates/cve-less/plugins/elementskit-lite-a391f7553cca71ac204345c2d728e50d.yaml new file mode 100644 index 0000000000..1d0315782d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-lite-a391f7553cca71ac204345c2d728e50d.yaml @@ -0,0 +1,58 @@ +id: elementskit-lite-a391f7553cca71ac204345c2d728e50d + +info: + name: > + ElementsKit Elementor addons <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be4ce3e6-8baa-419f-a48e-4256c306fbc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-lite-b5aa1e2113ade8542174b19f6a7b50fe.yaml b/nuclei-templates/cve-less/plugins/elementskit-lite-b5aa1e2113ade8542174b19f6a7b50fe.yaml new file mode 100644 index 0000000000..8dbec0e891 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-lite-b5aa1e2113ade8542174b19f6a7b50fe.yaml @@ -0,0 +1,58 @@ +id: elementskit-lite-b5aa1e2113ade8542174b19f6a7b50fe + +info: + name: > + Elements Kit Lite/Pro <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75d5366e-2908-4b8d-9ee2-1f11e483add1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-lite-b81f70d3babfec3365a985059b1ef475.yaml b/nuclei-templates/cve-less/plugins/elementskit-lite-b81f70d3babfec3365a985059b1ef475.yaml new file mode 100644 index 0000000000..c11215ff65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-lite-b81f70d3babfec3365a985059b1ef475.yaml @@ -0,0 +1,58 @@ +id: elementskit-lite-b81f70d3babfec3365a985059b1ef475 + +info: + name: > + ElementsKit Elementor addons 3.0.7 - 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93dcbab7-fdf5-4631-8605-77f8f190512d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.7', '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-lite-c5f80f50585482477dae3983763ad356.yaml b/nuclei-templates/cve-less/plugins/elementskit-lite-c5f80f50585482477dae3983763ad356.yaml new file mode 100644 index 0000000000..3eb3028921 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-lite-c5f80f50585482477dae3983763ad356.yaml @@ -0,0 +1,58 @@ +id: elementskit-lite-c5f80f50585482477dae3983763ad356 + +info: + name: > + ElementsKit Elementor addons <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Onepage Scroll Module + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6158ec37-a6fb-42f9-bab6-bf547ea28ea0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-lite-cebcb9a4981e79bfafb93e65195f6976.yaml b/nuclei-templates/cve-less/plugins/elementskit-lite-cebcb9a4981e79bfafb93e65195f6976.yaml new file mode 100644 index 0000000000..e2a3323930 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-lite-cebcb9a4981e79bfafb93e65195f6976.yaml @@ -0,0 +1,58 @@ +id: elementskit-lite-cebcb9a4981e79bfafb93e65195f6976 + +info: + name: > + ElementsKit Lite <= 3.0.3 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4ae5c8-d164-4c2f-9bf3-83934c22cf4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elementskit-lite-e064b41fe8a39fcee76359d8531bca53.yaml b/nuclei-templates/cve-less/plugins/elementskit-lite-e064b41fe8a39fcee76359d8531bca53.yaml new file mode 100644 index 0000000000..abd7e91664 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elementskit-lite-e064b41fe8a39fcee76359d8531bca53.yaml @@ -0,0 +1,58 @@ +id: elementskit-lite-e064b41fe8a39fcee76359d8531bca53 + +info: + name: > + ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf195cca-4e07-41ff-bf26-9ad5fca3635d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elementskit-lite/" + google-query: inurl:"/wp-content/plugins/elementskit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elementskit-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elementskit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elementskit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elespare-e41adc177b897ccc45ae52e5f4de56b3.yaml b/nuclei-templates/cve-less/plugins/elespare-e41adc177b897ccc45ae52e5f4de56b3.yaml new file mode 100644 index 0000000000..47be3cde75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elespare-e41adc177b897ccc45ae52e5f4de56b3.yaml @@ -0,0 +1,58 @@ +id: elespare-e41adc177b897ccc45ae52e5f4de56b3 + +info: + name: > + Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! <= 2.1.2 - Missing Authorization to Subscriber+ Arbitrary Post Creation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f94efa6-b88b-442d-8162-f03efa7f2f65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elespare/" + google-query: inurl:"/wp-content/plugins/elespare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elespare,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elespare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elespare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elex-woocommerce-dynamic-pricing-and-discounts-1ceda12447caf192b9b71c29d944dec3.yaml b/nuclei-templates/cve-less/plugins/elex-woocommerce-dynamic-pricing-and-discounts-1ceda12447caf192b9b71c29d944dec3.yaml new file mode 100644 index 0000000000..dc6146b553 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elex-woocommerce-dynamic-pricing-and-discounts-1ceda12447caf192b9b71c29d944dec3.yaml @@ -0,0 +1,58 @@ +id: elex-woocommerce-dynamic-pricing-and-discounts-1ceda12447caf192b9b71c29d944dec3 + +info: + name: > + ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6fd7da8-d203-4076-8c7d-b8532d9d0bed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elex-woocommerce-dynamic-pricing-and-discounts/" + google-query: inurl:"/wp-content/plugins/elex-woocommerce-dynamic-pricing-and-discounts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elex-woocommerce-dynamic-pricing-and-discounts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elex-woocommerce-dynamic-pricing-and-discounts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elex-woocommerce-dynamic-pricing-and-discounts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elex-woocommerce-dynamic-pricing-and-discounts-5803c54654296625cc9282007e3bc732.yaml b/nuclei-templates/cve-less/plugins/elex-woocommerce-dynamic-pricing-and-discounts-5803c54654296625cc9282007e3bc732.yaml new file mode 100644 index 0000000000..6b6c3ed529 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elex-woocommerce-dynamic-pricing-and-discounts-5803c54654296625cc9282007e3bc732.yaml @@ -0,0 +1,58 @@ +id: elex-woocommerce-dynamic-pricing-and-discounts-5803c54654296625cc9282007e3bc732 + +info: + name: > + ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24ddc594-e06b-4559-acb0-9a3277579bb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elex-woocommerce-dynamic-pricing-and-discounts/" + google-query: inurl:"/wp-content/plugins/elex-woocommerce-dynamic-pricing-and-discounts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elex-woocommerce-dynamic-pricing-and-discounts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elex-woocommerce-dynamic-pricing-and-discounts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elex-woocommerce-dynamic-pricing-and-discounts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/elex-woocommerce-dynamic-pricing-and-discounts-a95a041f663a4c62aff19b3c367f951b.yaml b/nuclei-templates/cve-less/plugins/elex-woocommerce-dynamic-pricing-and-discounts-a95a041f663a4c62aff19b3c367f951b.yaml new file mode 100644 index 0000000000..d2d51ad1e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/elex-woocommerce-dynamic-pricing-and-discounts-a95a041f663a4c62aff19b3c367f951b.yaml @@ -0,0 +1,58 @@ +id: elex-woocommerce-dynamic-pricing-and-discounts-a95a041f663a4c62aff19b3c367f951b + +info: + name: > + ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca13db03-74ee-4fdf-96ea-28219f9324e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/elex-woocommerce-dynamic-pricing-and-discounts/" + google-query: inurl:"/wp-content/plugins/elex-woocommerce-dynamic-pricing-and-discounts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,elex-woocommerce-dynamic-pricing-and-discounts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/elex-woocommerce-dynamic-pricing-and-discounts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elex-woocommerce-dynamic-pricing-and-discounts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/emag-marketplace-connector-3b02e02d41cec8d9db34b3c05317b116.yaml b/nuclei-templates/cve-less/plugins/emag-marketplace-connector-3b02e02d41cec8d9db34b3c05317b116.yaml new file mode 100644 index 0000000000..f01c2393a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/emag-marketplace-connector-3b02e02d41cec8d9db34b3c05317b116.yaml @@ -0,0 +1,58 @@ +id: emag-marketplace-connector-3b02e02d41cec8d9db34b3c05317b116 + +info: + name: > + Emag Marketplace Connector < 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddc889bf-8062-4a2c-9d50-d1c76a3c3386?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/emag-marketplace-connector/" + google-query: inurl:"/wp-content/plugins/emag-marketplace-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,emag-marketplace-connector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/emag-marketplace-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "emag-marketplace-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-address-encoder-b24c287a46f17f82649a53242631be85.yaml b/nuclei-templates/cve-less/plugins/email-address-encoder-b24c287a46f17f82649a53242631be85.yaml new file mode 100644 index 0000000000..ae38f5f9a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-address-encoder-b24c287a46f17f82649a53242631be85.yaml @@ -0,0 +1,58 @@ +id: email-address-encoder-b24c287a46f17f82649a53242631be85 + +info: + name: > + Email Address Encoder 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab5b7dc4-113d-4f58-956e-2a9284e1e25e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-address-encoder/" + google-query: inurl:"/wp-content/plugins/email-address-encoder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-address-encoder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-address-encoder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-address-encoder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-artillery-20b7ddc5d1ffcbeda215596162f60f8b.yaml b/nuclei-templates/cve-less/plugins/email-artillery-20b7ddc5d1ffcbeda215596162f60f8b.yaml new file mode 100644 index 0000000000..45403baf7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-artillery-20b7ddc5d1ffcbeda215596162f60f8b.yaml @@ -0,0 +1,58 @@ +id: email-artillery-20b7ddc5d1ffcbeda215596162f60f8b + +info: + name: > + Email Artillery (MASS EMAIL) <= 4.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cbb309c-015b-4bdb-917a-a67e028484e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-artillery/" + google-query: inurl:"/wp-content/plugins/email-artillery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-artillery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-artillery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-artillery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-before-download-6ebfe44ebffa047243d43e4d8e8b6f78.yaml b/nuclei-templates/cve-less/plugins/email-before-download-6ebfe44ebffa047243d43e4d8e8b6f78.yaml new file mode 100644 index 0000000000..476575d9d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-before-download-6ebfe44ebffa047243d43e4d8e8b6f78.yaml @@ -0,0 +1,58 @@ +id: email-before-download-6ebfe44ebffa047243d43e4d8e8b6f78 + +info: + name: > + Email Before Download <= 6.7 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f08ad322-6458-4608-b53a-6aaed38a9ef2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-before-download/" + google-query: inurl:"/wp-content/plugins/email-before-download/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-before-download,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-before-download/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-before-download" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-before-download-ccee5c3d44686cfe8d0fc73e53e58d49.yaml b/nuclei-templates/cve-less/plugins/email-before-download-ccee5c3d44686cfe8d0fc73e53e58d49.yaml new file mode 100644 index 0000000000..809e10c166 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-before-download-ccee5c3d44686cfe8d0fc73e53e58d49.yaml @@ -0,0 +1,58 @@ +id: email-before-download-ccee5c3d44686cfe8d0fc73e53e58d49 + +info: + name: > + Email Before Download <= 6.9.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa918a65-0021-4c32-9f6d-d978926c3ef3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-before-download/" + google-query: inurl:"/wp-content/plugins/email-before-download/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-before-download,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-before-download/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-before-download" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-customizer-for-woocommerce-2dc01355a72cc0cc9990304f23aef74b.yaml b/nuclei-templates/cve-less/plugins/email-customizer-for-woocommerce-2dc01355a72cc0cc9990304f23aef74b.yaml new file mode 100644 index 0000000000..a731e02b60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-customizer-for-woocommerce-2dc01355a72cc0cc9990304f23aef74b.yaml @@ -0,0 +1,58 @@ +id: email-customizer-for-woocommerce-2dc01355a72cc0cc9990304f23aef74b + +info: + name: > + Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.0 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e25015c9-d764-44b2-ad54-edf5d248e56c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-customizer-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/email-customizer-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-customizer-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-customizer-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-customizer-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-customizer-woocommerce-240ee5ac158ce434b1247f54a6208c44.yaml b/nuclei-templates/cve-less/plugins/email-customizer-woocommerce-240ee5ac158ce434b1247f54a6208c44.yaml new file mode 100644 index 0000000000..18944083b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-customizer-woocommerce-240ee5ac158ce434b1247f54a6208c44.yaml @@ -0,0 +1,58 @@ +id: email-customizer-woocommerce-240ee5ac158ce434b1247f54a6208c44 + +info: + name: > + Visual Email Designer for WooCommerce <= 1.7.1 - Authenticated (Author+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/039b7dcc-fad6-4bc1-b0f9-7e888eb54412?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-customizer-woocommerce/" + google-query: inurl:"/wp-content/plugins/email-customizer-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-customizer-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-customizer-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-customizer-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-download-link-6fee77016a00b31c59636a01ae709575.yaml b/nuclei-templates/cve-less/plugins/email-download-link-6fee77016a00b31c59636a01ae709575.yaml new file mode 100644 index 0000000000..2c9866d7ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-download-link-6fee77016a00b31c59636a01ae709575.yaml @@ -0,0 +1,58 @@ +id: email-download-link-6fee77016a00b31c59636a01ae709575 + +info: + name: > + Email download link <= 3.7 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29d6df4e-eaf6-42ec-8cd9-7cf86908f4ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-download-link/" + google-query: inurl:"/wp-content/plugins/email-download-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-download-link,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-download-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-download-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-encoder-bundle-39cc187a3eccc87804cc421fe29b611f.yaml b/nuclei-templates/cve-less/plugins/email-encoder-bundle-39cc187a3eccc87804cc421fe29b611f.yaml new file mode 100644 index 0000000000..5daecdd9b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-encoder-bundle-39cc187a3eccc87804cc421fe29b611f.yaml @@ -0,0 +1,58 @@ +id: email-encoder-bundle-39cc187a3eccc87804cc421fe29b611f + +info: + name: > + Email Encoder <= 2.1.1 - Reflected Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69025975-9fb7-47a7-9dea-68f4c01d5fdc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-encoder-bundle/" + google-query: inurl:"/wp-content/plugins/email-encoder-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-encoder-bundle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-encoder-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-encoder-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-encoder-bundle-83be75cbe83d286de0e56bf13cde5945.yaml b/nuclei-templates/cve-less/plugins/email-encoder-bundle-83be75cbe83d286de0e56bf13cde5945.yaml new file mode 100644 index 0000000000..6a7ba6b084 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-encoder-bundle-83be75cbe83d286de0e56bf13cde5945.yaml @@ -0,0 +1,58 @@ +id: email-encoder-bundle-83be75cbe83d286de0e56bf13cde5945 + +info: + name: > + Email Encoder – Protect Email Addresses and Phone Numbers <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78da1f88-2446-4ea5-9437-a118324ab6c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-encoder-bundle/" + google-query: inurl:"/wp-content/plugins/email-encoder-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-encoder-bundle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-encoder-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-encoder-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-encoder-bundle-9a66ad8b0967001fd55d0d45f6e42869.yaml b/nuclei-templates/cve-less/plugins/email-encoder-bundle-9a66ad8b0967001fd55d0d45f6e42869.yaml new file mode 100644 index 0000000000..df1af80b42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-encoder-bundle-9a66ad8b0967001fd55d0d45f6e42869.yaml @@ -0,0 +1,58 @@ +id: email-encoder-bundle-9a66ad8b0967001fd55d0d45f6e42869 + +info: + name: > + Email Encoder – Protect Email Addresses and Phone Numbers <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5afe6ea-93b8-4782-8593-76468e370a45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-encoder-bundle/" + google-query: inurl:"/wp-content/plugins/email-encoder-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-encoder-bundle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-encoder-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-encoder-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-encoder-bundle-9c882237ff7863bee4225b027eaf1086.yaml b/nuclei-templates/cve-less/plugins/email-encoder-bundle-9c882237ff7863bee4225b027eaf1086.yaml new file mode 100644 index 0000000000..286459b937 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-encoder-bundle-9c882237ff7863bee4225b027eaf1086.yaml @@ -0,0 +1,58 @@ +id: email-encoder-bundle-9c882237ff7863bee4225b027eaf1086 + +info: + name: > + Email Encoder <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e90f04e4-eb4c-4822-89c6-79f553987c37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-encoder-bundle/" + google-query: inurl:"/wp-content/plugins/email-encoder-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-encoder-bundle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-encoder-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-encoder-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-encoder-bundle-c754ba54f7d343b7382e51da7c21880e.yaml b/nuclei-templates/cve-less/plugins/email-encoder-bundle-c754ba54f7d343b7382e51da7c21880e.yaml new file mode 100644 index 0000000000..d54f371e17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-encoder-bundle-c754ba54f7d343b7382e51da7c21880e.yaml @@ -0,0 +1,58 @@ +id: email-encoder-bundle-c754ba54f7d343b7382e51da7c21880e + +info: + name: > + Email Encoder Bundle <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09f328f6-8a66-46bf-80d9-3ffeaecfec32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-encoder-bundle/" + google-query: inurl:"/wp-content/plugins/email-encoder-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-encoder-bundle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-encoder-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-encoder-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-log-ed713a06b3f7e4b3455b2dcdb9972457.yaml b/nuclei-templates/cve-less/plugins/email-log-ed713a06b3f7e4b3455b2dcdb9972457.yaml new file mode 100644 index 0000000000..da41493f01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-log-ed713a06b3f7e4b3455b2dcdb9972457.yaml @@ -0,0 +1,58 @@ +id: email-log-ed713a06b3f7e4b3455b2dcdb9972457 + +info: + name: > + Email Log <= 2.4.6 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ca4fa28-53b0-4bc4-99f8-fa6dfa14d500?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-log/" + google-query: inurl:"/wp-content/plugins/email-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-log,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-log-f236054487317139ae48591f97952a0e.yaml b/nuclei-templates/cve-less/plugins/email-log-f236054487317139ae48591f97952a0e.yaml new file mode 100644 index 0000000000..f9d137249f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-log-f236054487317139ae48591f97952a0e.yaml @@ -0,0 +1,58 @@ +id: email-log-f236054487317139ae48591f97952a0e + +info: + name: > + Email Log <= 2.4.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6042e3d9-cced-43b8-8b3c-eaca9855b842?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-log/" + google-query: inurl:"/wp-content/plugins/email-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-log,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-my-posts-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/email-my-posts-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..9b8f563057 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-my-posts-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: email-my-posts-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-my-posts/" + google-query: inurl:"/wp-content/plugins/email-my-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-my-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-my-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-my-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-newsletter-faced947f330f89d07bbb1dcb1b4213e.yaml b/nuclei-templates/cve-less/plugins/email-newsletter-faced947f330f89d07bbb1dcb1b4213e.yaml new file mode 100644 index 0000000000..c87f7273df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-newsletter-faced947f330f89d07bbb1dcb1b4213e.yaml @@ -0,0 +1,58 @@ +id: email-newsletter-faced947f330f89d07bbb1dcb1b4213e + +info: + name: > + Email Newsletter <= 20.15 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f41eecf8-dad9-4f98-91f5-c6ac472b8810?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-newsletter/" + google-query: inurl:"/wp-content/plugins/email-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-newsletter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-posts-to-subscribers-4eac7176009c682727808e01e866ef23.yaml b/nuclei-templates/cve-less/plugins/email-posts-to-subscribers-4eac7176009c682727808e01e866ef23.yaml new file mode 100644 index 0000000000..b37b658353 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-posts-to-subscribers-4eac7176009c682727808e01e866ef23.yaml @@ -0,0 +1,58 @@ +id: email-posts-to-subscribers-4eac7176009c682727808e01e866ef23 + +info: + name: > + Email posts to subscribers <= 6.2 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7730d670-d270-4755-bc9a-550498a28edb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-posts-to-subscribers/" + google-query: inurl:"/wp-content/plugins/email-posts-to-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-posts-to-subscribers,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-posts-to-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-posts-to-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-posts-to-subscribers-70d540971be97a9211e2d9d5341f5f1e.yaml b/nuclei-templates/cve-less/plugins/email-posts-to-subscribers-70d540971be97a9211e2d9d5341f5f1e.yaml new file mode 100644 index 0000000000..3a389bbfd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-posts-to-subscribers-70d540971be97a9211e2d9d5341f5f1e.yaml @@ -0,0 +1,58 @@ +id: email-posts-to-subscribers-70d540971be97a9211e2d9d5341f5f1e + +info: + name: > + Email posts to subscribers <= 6.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51f73041-927d-42da-92cc-14242a397356?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-posts-to-subscribers/" + google-query: inurl:"/wp-content/plugins/email-posts-to-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-posts-to-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-posts-to-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-posts-to-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-posts-to-subscribers-8758f22404dd62cde026b1679050e44a.yaml b/nuclei-templates/cve-less/plugins/email-posts-to-subscribers-8758f22404dd62cde026b1679050e44a.yaml new file mode 100644 index 0000000000..c7027acd46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-posts-to-subscribers-8758f22404dd62cde026b1679050e44a.yaml @@ -0,0 +1,58 @@ +id: email-posts-to-subscribers-8758f22404dd62cde026b1679050e44a + +info: + name: > + Email posts to subscribers <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e818a5db-acb7-4b16-80b1-939904e93791?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-posts-to-subscribers/" + google-query: inurl:"/wp-content/plugins/email-posts-to-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-posts-to-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-posts-to-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-posts-to-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribe-42d0690a93913679d6541673c2295e13.yaml b/nuclei-templates/cve-less/plugins/email-subscribe-42d0690a93913679d6541673c2295e13.yaml new file mode 100644 index 0000000000..9f0c556a6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribe-42d0690a93913679d6541673c2295e13.yaml @@ -0,0 +1,58 @@ +id: email-subscribe-42d0690a93913679d6541673c2295e13 + +info: + name: > + Email Subscription Popup <= 1.2.19 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14ffe10e-e1a6-4752-9ff9-d2b01a49521e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribe/" + google-query: inurl:"/wp-content/plugins/email-subscribe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribe-61d643ab5e58be99a89f898a95037035.yaml b/nuclei-templates/cve-less/plugins/email-subscribe-61d643ab5e58be99a89f898a95037035.yaml new file mode 100644 index 0000000000..2b60ab4151 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribe-61d643ab5e58be99a89f898a95037035.yaml @@ -0,0 +1,58 @@ +id: email-subscribe-61d643ab5e58be99a89f898a95037035 + +info: + name: > + Email Subscription Popup <= 1.2.20 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce2a438c-8506-4f07-ac1d-b682ad5a038b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribe/" + google-query: inurl:"/wp-content/plugins/email-subscribe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribe-630f34845af5e5fc95882bb14f5c2a50.yaml b/nuclei-templates/cve-less/plugins/email-subscribe-630f34845af5e5fc95882bb14f5c2a50.yaml new file mode 100644 index 0000000000..622d64ff32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribe-630f34845af5e5fc95882bb14f5c2a50.yaml @@ -0,0 +1,58 @@ +id: email-subscribe-630f34845af5e5fc95882bb14f5c2a50 + +info: + name: > + Email Subscription Popup <= 1.2.18 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f84814e-f7b7-4228-b331-63027a0770af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribe/" + google-query: inurl:"/wp-content/plugins/email-subscribe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribe-7d502a4de060d367bcc9b0de4a22c634.yaml b/nuclei-templates/cve-less/plugins/email-subscribe-7d502a4de060d367bcc9b0de4a22c634.yaml new file mode 100644 index 0000000000..6ddf556b83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribe-7d502a4de060d367bcc9b0de4a22c634.yaml @@ -0,0 +1,58 @@ +id: email-subscribe-7d502a4de060d367bcc9b0de4a22c634 + +info: + name: > + Email Subscription Popup <= 1.2.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63b30d03-43d2-4696-aa36-8b39ec2c4ed0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribe/" + google-query: inurl:"/wp-content/plugins/email-subscribe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscriber-59026d3a8bc5d6798f6f8303efbe2f34.yaml b/nuclei-templates/cve-less/plugins/email-subscriber-59026d3a8bc5d6798f6f8303efbe2f34.yaml new file mode 100644 index 0000000000..57a503cb6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscriber-59026d3a8bc5d6798f6f8303efbe2f34.yaml @@ -0,0 +1,58 @@ +id: email-subscriber-59026d3a8bc5d6798f6f8303efbe2f34 + +info: + name: > + Email Subscriber <= 1.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d501415-39ab-4c2a-bcd3-fda97b7a3235?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscriber/" + google-query: inurl:"/wp-content/plugins/email-subscriber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscriber,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscriber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscriber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-030bdddcac86d2bf18f94090df9f83ed.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-030bdddcac86d2bf18f94090df9f83ed.yaml new file mode 100644 index 0000000000..ce6a8f4f40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-030bdddcac86d2bf18f94090df9f83ed.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-030bdddcac86d2bf18f94090df9f83ed + +info: + name: > + Icegram Express <= 5.5.2 - Unauthenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8077d07-acaf-40f2-bc0f-e28a44ead94c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-250405dd7d7ac0936ba8e7cd74ae07f6.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-250405dd7d7ac0936ba8e7cd74ae07f6.yaml new file mode 100644 index 0000000000..de16bc2aca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-250405dd7d7ac0936ba8e7cd74ae07f6.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-250405dd7d7ac0936ba8e7cd74ae07f6 + +info: + name: > + Email Subscribers & Newsletters <= 4.5.5 - Unauthenticated Email Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/715dc265-253e-4409-b57d-474d3740adbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-3042e18a6deb29dac6c8bd45ef1b1544.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-3042e18a6deb29dac6c8bd45ef1b1544.yaml new file mode 100644 index 0000000000..0fc9f3fcc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-3042e18a6deb29dac6c8bd45ef1b1544.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-3042e18a6deb29dac6c8bd45ef1b1544 + +info: + name: > + Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization to Test Email + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a04870e0-41c8-464b-b30e-0bf7900e1433?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-44b2c7a52835b66ee714b700c4849cf7.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-44b2c7a52835b66ee714b700c4849cf7.yaml new file mode 100644 index 0000000000..a1883aa372 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-44b2c7a52835b66ee714b700c4849cf7.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-44b2c7a52835b66ee714b700c4849cf7 + +info: + name: > + Email Subscribers & Newsletters <= 3.4.7 - Unauthenticated Subscriber Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/802c83c6-4da2-4286-b1a3-f964cf5e789a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-52ad0bdca5afebb4c884c4a9d304e243.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-52ad0bdca5afebb4c884c4a9d304e243.yaml new file mode 100644 index 0000000000..71ce71631e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-52ad0bdca5afebb4c884c4a9d304e243.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-52ad0bdca5afebb4c884c4a9d304e243 + +info: + name: > + Icegram Email Subscribers & Newsletters <= 4.5.0 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61b28b8c-4588-4b4e-85e8-d3d37b791f3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-611a77108bb5f90997b0fce9e22206d7.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-611a77108bb5f90997b0fce9e22206d7.yaml new file mode 100644 index 0000000000..7e360a1813 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-611a77108bb5f90997b0fce9e22206d7.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-611a77108bb5f90997b0fce9e22206d7 + +info: + name: > + Email Subscribers & Newsletters <= 4.2.2 - Unauthenticated File Download w/ Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c77b0d79-5738-4ce2-b219-cb557216890f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-648aa8a954870cce461eed81133035e4.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-648aa8a954870cce461eed81133035e4.yaml new file mode 100644 index 0000000000..ba684dff2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-648aa8a954870cce461eed81133035e4.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-648aa8a954870cce461eed81133035e4 + +info: + name: > + Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0ca6ac4-0d89-4601-94fc-cce5a0af9c56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-64ebdeacfb7857f81240b567b724e6b3.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-64ebdeacfb7857f81240b567b724e6b3.yaml new file mode 100644 index 0000000000..4b3bd59be2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-64ebdeacfb7857f81240b567b724e6b3.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-64ebdeacfb7857f81240b567b724e6b3 + +info: + name: > + Icegram Express <= 5.4.19 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbf85cbc-88fa-4430-b005-a1f1e141241b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-6d5548494ee66c8a74f29f22d03a7935.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-6d5548494ee66c8a74f29f22d03a7935.yaml new file mode 100644 index 0000000000..4f93c02202 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-6d5548494ee66c8a74f29f22d03a7935.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-6d5548494ee66c8a74f29f22d03a7935 + +info: + name: > + Email Subscribers & Newsletters < 4.3.1 - Unauthenticated Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00187815-6706-4ec9-a566-4836de0d17c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-827bc1bb21b15b99a01d332b7037ec11.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-827bc1bb21b15b99a01d332b7037ec11.yaml new file mode 100644 index 0000000000..c9c8fcddf9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-827bc1bb21b15b99a01d332b7037ec11.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-827bc1bb21b15b99a01d332b7037ec11 + +info: + name: > + Email Subscribers & Newsletters <= 4.1.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/933d8f1a-ae6e-4c49-92bc-a0b6bd3a0598?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-865ecb5d1f3a9d92057b3c2510337cb0.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-865ecb5d1f3a9d92057b3c2510337cb0.yaml new file mode 100644 index 0000000000..584ab067f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-865ecb5d1f3a9d92057b3c2510337cb0.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-865ecb5d1f3a9d92057b3c2510337cb0 + +info: + name: > + Email Subscribers & Newsletters <= 3.4.12 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/083cc89e-0352-44ff-abcb-87f3c5375a31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-880b88155b22c7b6bb28fecc96be5e0e.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-880b88155b22c7b6bb28fecc96be5e0e.yaml new file mode 100644 index 0000000000..4b1a236e38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-880b88155b22c7b6bb28fecc96be5e0e.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-880b88155b22c7b6bb28fecc96be5e0e + +info: + name: > + Icegram Email Subscribers & Newsletters Plugin for WordPress <= 4.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd154b26-985b-4e72-976f-1858a783c667?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-9ac9f5b4519b4e9d1529f25c11daa2ab.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-9ac9f5b4519b4e9d1529f25c11daa2ab.yaml new file mode 100644 index 0000000000..6f711a815f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-9ac9f5b4519b4e9d1529f25c11daa2ab.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-9ac9f5b4519b4e9d1529f25c11daa2ab + +info: + name: > + Email Subscribers & Newsletters <= 4.2.2 - Unauthenticated Option Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff5d8f5f-c7af-4789-9920-a09d2733b8ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-9fe142798845207512b358a2cd4c8c4d.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-9fe142798845207512b358a2cd4c8c4d.yaml new file mode 100644 index 0000000000..408f96a79d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-9fe142798845207512b358a2cd4c8c4d.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-9fe142798845207512b358a2cd4c8c4d + +info: + name: > + Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/159ddb06-e7c4-4279-a8a1-c78a02e15891?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-a1ba03b1aedf70c25268c48aaf5fa097.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-a1ba03b1aedf70c25268c48aaf5fa097.yaml new file mode 100644 index 0000000000..23859bb5f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-a1ba03b1aedf70c25268c48aaf5fa097.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-a1ba03b1aedf70c25268c48aaf5fa097 + +info: + name: > + Email Subscribers & Newsletters <= 5.7.11 - Reflected Cross-Site Scripting via campaign_id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a84d6f64-9ebb-4773-a9c1-8f23fb2801a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-aa4af80a7f91093ad7b6f879bc08fdf0.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-aa4af80a7f91093ad7b6f879bc08fdf0.yaml new file mode 100644 index 0000000000..7aa15f95e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-aa4af80a7f91093ad7b6f879bc08fdf0.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-aa4af80a7f91093ad7b6f879bc08fdf0 + +info: + name: > + Email Subscribers & Newsletters <= 4.1.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e999e0f-463c-4676-ad18-f4b467bc4bfc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-abc4377868fee7cd682ebf8a6fc03b43.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-abc4377868fee7cd682ebf8a6fc03b43.yaml new file mode 100644 index 0000000000..adcdb53e1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-abc4377868fee7cd682ebf8a6fc03b43.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-abc4377868fee7cd682ebf8a6fc03b43 + +info: + name: > + Email Subscribers & Newsletters <= 4.2.2 - Cross-Site Request Forgery on Settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2152db7-be9a-4e09-97cf-60445d87b576?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-b5e4b4063141fbe3f98d4c057142e54f.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-b5e4b4063141fbe3f98d4c057142e54f.yaml new file mode 100644 index 0000000000..79e04ed188 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-b5e4b4063141fbe3f98d4c057142e54f.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-b5e4b4063141fbe3f98d4c057142e54f + +info: + name: > + Email Subscribers & Newsletters <= 5.3.1 - Authenticated (or Cross-Site Request Forgery) Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b9e3aaf-5182-4622-9b5b-d67af200e2b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-bbb33bf45ae299a4c2e1d54441bd6458.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-bbb33bf45ae299a4c2e1d54441bd6458.yaml new file mode 100644 index 0000000000..47a550dbc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-bbb33bf45ae299a4c2e1d54441bd6458.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-bbb33bf45ae299a4c2e1d54441bd6458 + +info: + name: > + Email Subscribers & Newsletters <= 5.7.13 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d09d8ac7-67f4-490b-8d09-6811f132fede?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-f324ead36f3eeb3ed11630cd0ba7e8ed.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-f324ead36f3eeb3ed11630cd0ba7e8ed.yaml new file mode 100644 index 0000000000..2e35542434 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-f324ead36f3eeb3ed11630cd0ba7e8ed.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-f324ead36f3eeb3ed11630cd0ba7e8ed + +info: + name: > + Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49008e63-d369-49b8-9dd7-3dff6dbea17c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-subscribers-fedbaf9b75c3966253ac9d4ff4472b7e.yaml b/nuclei-templates/cve-less/plugins/email-subscribers-fedbaf9b75c3966253ac9d4ff4472b7e.yaml new file mode 100644 index 0000000000..8fc1288970 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-subscribers-fedbaf9b75c3966253ac9d4ff4472b7e.yaml @@ -0,0 +1,58 @@ +id: email-subscribers-fedbaf9b75c3966253ac9d4ff4472b7e + +info: + name: > + Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-subscribers/" + google-query: inurl:"/wp-content/plugins/email-subscribers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-subscribers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-subscribers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-subscribers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-templates-57946d1dd6e11e1c396ef81b832dc135.yaml b/nuclei-templates/cve-less/plugins/email-templates-57946d1dd6e11e1c396ef81b832dc135.yaml new file mode 100644 index 0000000000..e977ef4093 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-templates-57946d1dd6e11e1c396ef81b832dc135.yaml @@ -0,0 +1,58 @@ +id: email-templates-57946d1dd6e11e1c396ef81b832dc135 + +info: + name: > + Email Templates <= 1.3 - HTML Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5c449f1-4715-4033-b0a3-6a8ca968aabc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-templates/" + google-query: inurl:"/wp-content/plugins/email-templates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-templates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-templates-917b82f603a027a526dfc9cab63f789f.yaml b/nuclei-templates/cve-less/plugins/email-templates-917b82f603a027a526dfc9cab63f789f.yaml new file mode 100644 index 0000000000..db6d5d7e8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-templates-917b82f603a027a526dfc9cab63f789f.yaml @@ -0,0 +1,58 @@ +id: email-templates-917b82f603a027a526dfc9cab63f789f + +info: + name: > + Email Templates <= 1.4.2 - Cross-Site Request Forgery via send_test_email + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3e1851a-9545-4687-b58b-5cdad3291525?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-templates/" + google-query: inurl:"/wp-content/plugins/email-templates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-templates,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-tracker-2aa4582e387e2f0aff6a161bf2999899.yaml b/nuclei-templates/cve-less/plugins/email-tracker-2aa4582e387e2f0aff6a161bf2999899.yaml new file mode 100644 index 0000000000..6c12220681 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-tracker-2aa4582e387e2f0aff6a161bf2999899.yaml @@ -0,0 +1,58 @@ +id: email-tracker-2aa4582e387e2f0aff6a161bf2999899 + +info: + name: > + Email Tracker <= 5.2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac86043d-caf9-4c25-86b2-0e063c21b2d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-tracker/" + google-query: inurl:"/wp-content/plugins/email-tracker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-tracker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-tracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-tracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/email-users-f8b327a38c9f793227404396765e7078.yaml b/nuclei-templates/cve-less/plugins/email-users-f8b327a38c9f793227404396765e7078.yaml new file mode 100644 index 0000000000..c6a31efa05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/email-users-f8b327a38c9f793227404396765e7078.yaml @@ -0,0 +1,58 @@ +id: email-users-f8b327a38c9f793227404396765e7078 + +info: + name: > + Email Users <= 4.8.8 - Arbitrary Settings Update via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8a1127c-308d-4347-bd42-2071b906e247?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/email-users/" + google-query: inurl:"/wp-content/plugins/email-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,email-users,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/email-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "email-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/emails-verification-for-woocommerce-4a3c747c05de1c383de7ec2aa84fdb32.yaml b/nuclei-templates/cve-less/plugins/emails-verification-for-woocommerce-4a3c747c05de1c383de7ec2aa84fdb32.yaml new file mode 100644 index 0000000000..7898085a3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/emails-verification-for-woocommerce-4a3c747c05de1c383de7ec2aa84fdb32.yaml @@ -0,0 +1,58 @@ +id: emails-verification-for-woocommerce-4a3c747c05de1c383de7ec2aa84fdb32 + +info: + name: > + Customer Email Verification for WooCommerce <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebae4b18-5b5f-45c3-86e2-02eefd7abdb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/emails-verification-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/emails-verification-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,emails-verification-for-woocommerce,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/emails-verification-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "emails-verification-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embed-any-document-da04799a8ee55b9edffd7e84cb258c78.yaml b/nuclei-templates/cve-less/plugins/embed-any-document-da04799a8ee55b9edffd7e84cb258c78.yaml new file mode 100644 index 0000000000..b216a9935c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embed-any-document-da04799a8ee55b9edffd7e84cb258c78.yaml @@ -0,0 +1,58 @@ +id: embed-any-document-da04799a8ee55b9edffd7e84cb258c78 + +info: + name: > + Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files <= 2.7.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eebe37bf-2983-47c0-afd8-0aa3e7982196?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embed-any-document/" + google-query: inurl:"/wp-content/plugins/embed-any-document/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embed-any-document,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-any-document/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-any-document" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embed-calendly-scheduling-6520a4a851336aa904cc04b7b33623a5.yaml b/nuclei-templates/cve-less/plugins/embed-calendly-scheduling-6520a4a851336aa904cc04b7b33623a5.yaml new file mode 100644 index 0000000000..6bb1b4f10a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embed-calendly-scheduling-6520a4a851336aa904cc04b7b33623a5.yaml @@ -0,0 +1,58 @@ +id: embed-calendly-scheduling-6520a4a851336aa904cc04b7b33623a5 + +info: + name: > + Embed Calendly <= 3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1bf83df-7a1f-4572-9c8d-1013750d51d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embed-calendly-scheduling/" + google-query: inurl:"/wp-content/plugins/embed-calendly-scheduling/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embed-calendly-scheduling,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-calendly-scheduling/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-calendly-scheduling" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embed-comment-images-ce946f2b4359bb7fac48391b993074ae.yaml b/nuclei-templates/cve-less/plugins/embed-comment-images-ce946f2b4359bb7fac48391b993074ae.yaml new file mode 100644 index 0000000000..60c608051e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embed-comment-images-ce946f2b4359bb7fac48391b993074ae.yaml @@ -0,0 +1,58 @@ +id: embed-comment-images-ce946f2b4359bb7fac48391b993074ae + +info: + name: > + Embed Images in Comments < 0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7088e84-a138-452b-bc4d-8ca9427ca8ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embed-comment-images/" + google-query: inurl:"/wp-content/plugins/embed-comment-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embed-comment-images,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-comment-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-comment-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embed-form-22880b987be0b07f46689049fd2458ff.yaml b/nuclei-templates/cve-less/plugins/embed-form-22880b987be0b07f46689049fd2458ff.yaml new file mode 100644 index 0000000000..0ca10ee4be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embed-form-22880b987be0b07f46689049fd2458ff.yaml @@ -0,0 +1,58 @@ +id: embed-form-22880b987be0b07f46689049fd2458ff + +info: + name: > + Jotform Online Forms <= 1.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90c34a01-a0d1-4305-b74b-b5a568a42b13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embed-form/" + google-query: inurl:"/wp-content/plugins/embed-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embed-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embed-google-fonts-48e682e482ecb4079ded015fff88c4de.yaml b/nuclei-templates/cve-less/plugins/embed-google-fonts-48e682e482ecb4079ded015fff88c4de.yaml new file mode 100644 index 0000000000..7489669b17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embed-google-fonts-48e682e482ecb4079ded015fff88c4de.yaml @@ -0,0 +1,58 @@ +id: embed-google-fonts-48e682e482ecb4079ded015fff88c4de + +info: + name: > + Embed Google Fonts <= 3.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec6ea6e7-9c43-4b58-a1df-947a3aa7cd54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embed-google-fonts/" + google-query: inurl:"/wp-content/plugins/embed-google-fonts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embed-google-fonts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-google-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-google-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embed-google-photos-album-easily-83ccb1e8ea2bc379358acbb752bc4542.yaml b/nuclei-templates/cve-less/plugins/embed-google-photos-album-easily-83ccb1e8ea2bc379358acbb752bc4542.yaml new file mode 100644 index 0000000000..661f88361d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embed-google-photos-album-easily-83ccb1e8ea2bc379358acbb752bc4542.yaml @@ -0,0 +1,58 @@ +id: embed-google-photos-album-easily-83ccb1e8ea2bc379358acbb752bc4542 + +info: + name: > + Embed Google Photos album <= 2.1.9 - Authenticated (Contributor+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a090167-0ea9-47f9-be8f-fe392da9ec38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embed-google-photos-album-easily/" + google-query: inurl:"/wp-content/plugins/embed-google-photos-album-easily/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embed-google-photos-album-easily,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-google-photos-album-easily/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-google-photos-album-easily" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embed-privacy-bf9717887c7854e5283687233b3eaf88.yaml b/nuclei-templates/cve-less/plugins/embed-privacy-bf9717887c7854e5283687233b3eaf88.yaml new file mode 100644 index 0000000000..f0fa2cc31d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embed-privacy-bf9717887c7854e5283687233b3eaf88.yaml @@ -0,0 +1,58 @@ +id: embed-privacy-bf9717887c7854e5283687233b3eaf88 + +info: + name: > + Embed Privacy <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26d9dfc7-151c-4b32-9ae4-3085d08f137c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embed-privacy/" + google-query: inurl:"/wp-content/plugins/embed-privacy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embed-privacy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-privacy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-privacy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embed-swagger-92781f05f816d6c99cfd35413990ba55.yaml b/nuclei-templates/cve-less/plugins/embed-swagger-92781f05f816d6c99cfd35413990ba55.yaml new file mode 100644 index 0000000000..435189a6a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embed-swagger-92781f05f816d6c99cfd35413990ba55.yaml @@ -0,0 +1,58 @@ +id: embed-swagger-92781f05f816d6c99cfd35413990ba55 + +info: + name: > + Embed Swagger <= 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df54a888-fe7a-43ef-a77f-fb6e3401defe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embed-swagger/" + google-query: inurl:"/wp-content/plugins/embed-swagger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embed-swagger,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-swagger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-swagger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embed-youtube-video-d936ad16c92f96a8d361e8354b08642f.yaml b/nuclei-templates/cve-less/plugins/embed-youtube-video-d936ad16c92f96a8d361e8354b08642f.yaml new file mode 100644 index 0000000000..51a307ee32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embed-youtube-video-d936ad16c92f96a8d361e8354b08642f.yaml @@ -0,0 +1,58 @@ +id: embed-youtube-video-d936ad16c92f96a8d361e8354b08642f + +info: + name: > + Embed Youtube Video <= 1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdec0d79-a78a-499d-a7d0-94b65bfb84bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embed-youtube-video/" + google-query: inurl:"/wp-content/plugins/embed-youtube-video/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embed-youtube-video,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embed-youtube-video/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embed-youtube-video" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedalbum-pro-db16305504754334b65159ac40ded503.yaml b/nuclei-templates/cve-less/plugins/embedalbum-pro-db16305504754334b65159ac40ded503.yaml new file mode 100644 index 0000000000..1302eb7b7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedalbum-pro-db16305504754334b65159ac40ded503.yaml @@ -0,0 +1,58 @@ +id: embedalbum-pro-db16305504754334b65159ac40ded503 + +info: + name: > + EmbedSocial – Social Media Feeds, Reviews and Galleries = 1.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0aeef472-0f09-458f-a0dc-b7de190b9b6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedalbum-pro/" + google-query: inurl:"/wp-content/plugins/embedalbum-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedalbum-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedalbum-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedalbum-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedded-video-with-link-2330137ae1ec8d7b8306559ca1c520ca.yaml b/nuclei-templates/cve-less/plugins/embedded-video-with-link-2330137ae1ec8d7b8306559ca1c520ca.yaml new file mode 100644 index 0000000000..5238459268 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedded-video-with-link-2330137ae1ec8d7b8306559ca1c520ca.yaml @@ -0,0 +1,58 @@ +id: embedded-video-with-link-2330137ae1ec8d7b8306559ca1c520ca + +info: + name: > + Embedded Video <= 4.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3dd8dac6-b969-498a-a1f8-2a00009ae1d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedded-video-with-link/" + google-query: inurl:"/wp-content/plugins/embedded-video-with-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedded-video-with-link,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedded-video-with-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedded-video-with-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedplus-for-wordpress-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/embedplus-for-wordpress-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..21e234b864 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedplus-for-wordpress-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: embedplus-for-wordpress-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedplus-for-wordpress/" + google-query: inurl:"/wp-content/plugins/embedplus-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedplus-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedplus-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedplus-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-115e00c651433aced451e63d84a0be40.yaml b/nuclei-templates/cve-less/plugins/embedpress-115e00c651433aced451e63d84a0be40.yaml new file mode 100644 index 0000000000..ca46406222 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-115e00c651433aced451e63d84a0be40.yaml @@ -0,0 +1,58 @@ +id: embedpress-115e00c651433aced451e63d84a0be40 + +info: + name: > + EmbedPress <= 3.7.3 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1033b4d-82a0-4484-aebf-f35d6a2a9a13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-1d3dbd02fa5b7205872c8a687215c897.yaml b/nuclei-templates/cve-less/plugins/embedpress-1d3dbd02fa5b7205872c8a687215c897.yaml new file mode 100644 index 0000000000..cb1cc43433 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-1d3dbd02fa5b7205872c8a687215c897.yaml @@ -0,0 +1,58 @@ +id: embedpress-1d3dbd02fa5b7205872c8a687215c897 + +info: + name: > + EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Wistia Block + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48511d1a-2fd5-4be4-8409-e99d4aadcdfe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-1f31c2ba6ee46d152a9920d8ef0adb22.yaml b/nuclei-templates/cve-less/plugins/embedpress-1f31c2ba6ee46d152a9920d8ef0adb22.yaml new file mode 100644 index 0000000000..b4b7e0962c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-1f31c2ba6ee46d152a9920d8ef0adb22.yaml @@ -0,0 +1,58 @@ +id: embedpress-1f31c2ba6ee46d152a9920d8ef0adb22 + +info: + name: > + EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ceae0115-268c-401b-876b-3477d10c10e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-1fc5887f904fbbe1b31241f4769801b5.yaml b/nuclei-templates/cve-less/plugins/embedpress-1fc5887f904fbbe1b31241f4769801b5.yaml new file mode 100644 index 0000000000..71f97508fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-1fc5887f904fbbe1b31241f4769801b5.yaml @@ -0,0 +1,58 @@ +id: embedpress-1fc5887f904fbbe1b31241f4769801b5 + +info: + name: > + EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Authenticated (Contributor+) Stored Cross-site Scripting via 'embedpress_doc_custom_color' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b67927-5993-4e21-af52-8ebe7fee48ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-3c6a3e77a7ff2e2c086feda205237c52.yaml b/nuclei-templates/cve-less/plugins/embedpress-3c6a3e77a7ff2e2c086feda205237c52.yaml new file mode 100644 index 0000000000..157ed70dc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-3c6a3e77a7ff2e2c086feda205237c52.yaml @@ -0,0 +1,58 @@ +id: embedpress-3c6a3e77a7ff2e2c086feda205237c52 + +info: + name: > + EmbedPress <= 3.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d41fb15c-9e0b-46d2-b60b-4213facc02a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-55354669981e5b8e2367ee7fd327c426.yaml b/nuclei-templates/cve-less/plugins/embedpress-55354669981e5b8e2367ee7fd327c426.yaml new file mode 100644 index 0000000000..516d7f6b52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-55354669981e5b8e2367ee7fd327c426.yaml @@ -0,0 +1,58 @@ +id: embedpress-55354669981e5b8e2367ee7fd327c426 + +info: + name: > + EmbedPress Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2af03168-9344-4db0-9b69-2ad1fdb6d472?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-70a205acd44742a9f8e261e79a40ad0f.yaml b/nuclei-templates/cve-less/plugins/embedpress-70a205acd44742a9f8e261e79a40ad0f.yaml new file mode 100644 index 0000000000..81e2e71321 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-70a205acd44742a9f8e261e79a40ad0f.yaml @@ -0,0 +1,58 @@ +id: embedpress-70a205acd44742a9f8e261e79a40ad0f + +info: + name: > + EmbedPress <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/631d200f-7b0b-4105-b91e-030af459ba99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-735922333648d19765f3918bee1c33f6.yaml b/nuclei-templates/cve-less/plugins/embedpress-735922333648d19765f3918bee1c33f6.yaml new file mode 100644 index 0000000000..4af2c40ad9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-735922333648d19765f3918bee1c33f6.yaml @@ -0,0 +1,58 @@ +id: embedpress-735922333648d19765f3918bee1c33f6 + +info: + name: > + EmbedPress <= 3.8.2 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Delete via admin_post_remove and remove_private_data + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fa2ec9e-2859-4a96-9e33-9e22d37e544f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-7ebfb915654b21bb1907517d4349fa05.yaml b/nuclei-templates/cve-less/plugins/embedpress-7ebfb915654b21bb1907517d4349fa05.yaml new file mode 100644 index 0000000000..5068211f71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-7ebfb915654b21bb1907517d4349fa05.yaml @@ -0,0 +1,58 @@ +id: embedpress-7ebfb915654b21bb1907517d4349fa05 + +info: + name: > + EmbedPress <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b340eda1-e9d2-40b6-89f9-41d995ce3555?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-880737228fe55f5d920474a43f87af97.yaml b/nuclei-templates/cve-less/plugins/embedpress-880737228fe55f5d920474a43f87af97.yaml new file mode 100644 index 0000000000..9de067fb34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-880737228fe55f5d920474a43f87af97.yaml @@ -0,0 +1,58 @@ +id: embedpress-880737228fe55f5d920474a43f87af97 + +info: + name: > + EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6189368d-5925-4c84-9f0f-694b9ebcd45e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-8d8dc52792f8d60124d8fa4fa4f53a0c.yaml b/nuclei-templates/cve-less/plugins/embedpress-8d8dc52792f8d60124d8fa4fa4f53a0c.yaml new file mode 100644 index 0000000000..eb1cb48f43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-8d8dc52792f8d60124d8fa4fa4f53a0c.yaml @@ -0,0 +1,58 @@ +id: embedpress-8d8dc52792f8d60124d8fa4fa4f53a0c + +info: + name: > + EmbedPress <= 3.9.11 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ce738ee-bbb6-462a-aeae-0523200e320f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-af797cbd3361f1f4f2cd0edf1a785a5a.yaml b/nuclei-templates/cve-less/plugins/embedpress-af797cbd3361f1f4f2cd0edf1a785a5a.yaml new file mode 100644 index 0000000000..f05ec8bea9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-af797cbd3361f1f4f2cd0edf1a785a5a.yaml @@ -0,0 +1,58 @@ +id: embedpress-af797cbd3361f1f4f2cd0edf1a785a5a + +info: + name: > + EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Youtube Block + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a427c798-f546-4ca1-98ab-32b433ee5b59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-c976de4a293db59cf9e14c118fa6d0c4.yaml b/nuclei-templates/cve-less/plugins/embedpress-c976de4a293db59cf9e14c118fa6d0c4.yaml new file mode 100644 index 0000000000..82e69dff62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-c976de4a293db59cf9e14c118fa6d0c4.yaml @@ -0,0 +1,58 @@ +id: embedpress-c976de4a293db59cf9e14c118fa6d0c4 + +info: + name: > + EmbedPress <= 3.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41edf49a-18a2-4cf0-b498-738e77287b90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-cefa3854b69334bef3c2d36906bda58c.yaml b/nuclei-templates/cve-less/plugins/embedpress-cefa3854b69334bef3c2d36906bda58c.yaml new file mode 100644 index 0000000000..4d7cc763e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-cefa3854b69334bef3c2d36906bda58c.yaml @@ -0,0 +1,58 @@ +id: embedpress-cefa3854b69334bef3c2d36906bda58c + +info: + name: > + EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/778d8443-fc0f-4e97-8460-e5ceee8b62a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-e6bef9cbc42ae7e22a44d23e311b7552.yaml b/nuclei-templates/cve-less/plugins/embedpress-e6bef9cbc42ae7e22a44d23e311b7552.yaml new file mode 100644 index 0000000000..88369ed2a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-e6bef9cbc42ae7e22a44d23e311b7552.yaml @@ -0,0 +1,58 @@ +id: embedpress-e6bef9cbc42ae7e22a44d23e311b7552 + +info: + name: > + EmbedPress <= 3.8.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36ba23ea-7e79-4048-8030-7ed6b2ff45a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-ebf721c6b992d7c7bdcbf869b188ed93.yaml b/nuclei-templates/cve-less/plugins/embedpress-ebf721c6b992d7c7bdcbf869b188ed93.yaml new file mode 100644 index 0000000000..376df4d2ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-ebf721c6b992d7c7bdcbf869b188ed93.yaml @@ -0,0 +1,58 @@ +id: embedpress-ebf721c6b992d7c7bdcbf869b188ed93 + +info: + name: > + EmbedPress <= 3.9.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Google Calendar Widget Link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d4568c8-f58c-4c37-94b9-6154e5c46928?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-ef5a725ea594e708f6f726a1ed538862.yaml b/nuclei-templates/cve-less/plugins/embedpress-ef5a725ea594e708f6f726a1ed538862.yaml new file mode 100644 index 0000000000..cd187c9882 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-ef5a725ea594e708f6f726a1ed538862.yaml @@ -0,0 +1,58 @@ +id: embedpress-ef5a725ea594e708f6f726a1ed538862 + +info: + name: > + EmbedPress <= 3.9.8 - Missing Authorization via handle_calendly_data + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be33065e-dae8-44cf-9f8a-f9971f2743ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedpress-f70dc70f946daa66696d6fbc7263d880.yaml b/nuclei-templates/cve-less/plugins/embedpress-f70dc70f946daa66696d6fbc7263d880.yaml new file mode 100644 index 0000000000..c0e5bf57ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedpress-f70dc70f946daa66696d6fbc7263d880.yaml @@ -0,0 +1,58 @@ +id: embedpress-f70dc70f946daa66696d6fbc7263d880 + +info: + name: > + EmbedPress <= 3.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce3f1310-4d2e-45aa-a3ee-3972a6a31c2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedpress/" + google-query: inurl:"/wp-content/plugins/embedpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/embedstories-a14026f64e5ecc9508ff272952e95205.yaml b/nuclei-templates/cve-less/plugins/embedstories-a14026f64e5ecc9508ff272952e95205.yaml new file mode 100644 index 0000000000..c45abc11a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/embedstories-a14026f64e5ecc9508ff272952e95205.yaml @@ -0,0 +1,58 @@ +id: embedstories-a14026f64e5ecc9508ff272952e95205 + +info: + name: > + EmbedStories <= 0.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a452cb6f-8381-4f23-b808-3473db159894?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/embedstories/" + google-query: inurl:"/wp-content/plugins/embedstories/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,embedstories,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/embedstories/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "embedstories" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enable-accessibility-66918096b133f0822c2cd20e34605973.yaml b/nuclei-templates/cve-less/plugins/enable-accessibility-66918096b133f0822c2cd20e34605973.yaml new file mode 100644 index 0000000000..4aebb213f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enable-accessibility-66918096b133f0822c2cd20e34605973.yaml @@ -0,0 +1,58 @@ +id: enable-accessibility-66918096b133f0822c2cd20e34605973 + +info: + name: > + Enable Accessibility <= 1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0b8c4c3-eba2-4c20-b790-48eceeba898e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enable-accessibility/" + google-query: inurl:"/wp-content/plugins/enable-accessibility/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enable-accessibility,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enable-accessibility/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enable-accessibility" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enable-media-replace-47f4114397364fc89b3a25b4215574b4.yaml b/nuclei-templates/cve-less/plugins/enable-media-replace-47f4114397364fc89b3a25b4215574b4.yaml new file mode 100644 index 0000000000..587f21276b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enable-media-replace-47f4114397364fc89b3a25b4215574b4.yaml @@ -0,0 +1,58 @@ +id: enable-media-replace-47f4114397364fc89b3a25b4215574b4 + +info: + name: > + Enable Media Replace <= 3.6.3 - Authenticated (Administrator+) Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea56f0a1-7359-4beb-aae6-e2a3757ec8cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enable-media-replace/" + google-query: inurl:"/wp-content/plugins/enable-media-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enable-media-replace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enable-media-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enable-media-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enable-media-replace-bbc7fa54925890b55e253bb27ea68d3f.yaml b/nuclei-templates/cve-less/plugins/enable-media-replace-bbc7fa54925890b55e253bb27ea68d3f.yaml new file mode 100644 index 0000000000..54213db3dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enable-media-replace-bbc7fa54925890b55e253bb27ea68d3f.yaml @@ -0,0 +1,58 @@ +id: enable-media-replace-bbc7fa54925890b55e253bb27ea68d3f + +info: + name: > + Enable Media Replace <= 4.1.2 - Authenticated(Author+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e7e6445-c1c5-48a8-a76d-819f2db1efc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enable-media-replace/" + google-query: inurl:"/wp-content/plugins/enable-media-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enable-media-replace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enable-media-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enable-media-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enable-media-replace-dead64d1305225210f2390b6b61b5201.yaml b/nuclei-templates/cve-less/plugins/enable-media-replace-dead64d1305225210f2390b6b61b5201.yaml new file mode 100644 index 0000000000..079afb9fc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enable-media-replace-dead64d1305225210f2390b6b61b5201.yaml @@ -0,0 +1,58 @@ +id: enable-media-replace-dead64d1305225210f2390b6b61b5201 + +info: + name: > + Enable Media Replace <= 4.0.1 - Authenticated (Author+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38a079c8-181c-4bd8-a45d-e132711029ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enable-media-replace/" + google-query: inurl:"/wp-content/plugins/enable-media-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enable-media-replace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enable-media-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enable-media-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enable-media-replace-deb23a0fc9d87cc73b65165406099d91.yaml b/nuclei-templates/cve-less/plugins/enable-media-replace-deb23a0fc9d87cc73b65165406099d91.yaml new file mode 100644 index 0000000000..f2dbb34ba3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enable-media-replace-deb23a0fc9d87cc73b65165406099d91.yaml @@ -0,0 +1,58 @@ +id: enable-media-replace-deb23a0fc9d87cc73b65165406099d91 + +info: + name: > + Enable Media Replace <= 4.1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37d8218-6059-46f2-a5d9-d7c22486211e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enable-media-replace/" + google-query: inurl:"/wp-content/plugins/enable-media-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enable-media-replace,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enable-media-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enable-media-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enable-svg-de18c34baf9718449b89d0d38543217b.yaml b/nuclei-templates/cve-less/plugins/enable-svg-de18c34baf9718449b89d0d38543217b.yaml new file mode 100644 index 0000000000..b8e1781b9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enable-svg-de18c34baf9718449b89d0d38543217b.yaml @@ -0,0 +1,58 @@ +id: enable-svg-de18c34baf9718449b89d0d38543217b + +info: + name: > + Enable SVG <= 1.3.1 - Cross-Site Scripting via SVG + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad979f36-319f-48ce-a620-5ea9ae5401eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enable-svg/" + google-query: inurl:"/wp-content/plugins/enable-svg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enable-svg,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enable-svg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enable-svg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enable-svg-uploads-a61a2dfac8b16f216b2c313ed531d97e.yaml b/nuclei-templates/cve-less/plugins/enable-svg-uploads-a61a2dfac8b16f216b2c313ed531d97e.yaml new file mode 100644 index 0000000000..f0bb357405 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enable-svg-uploads-a61a2dfac8b16f216b2c313ed531d97e.yaml @@ -0,0 +1,58 @@ +id: enable-svg-uploads-a61a2dfac8b16f216b2c313ed531d97e + +info: + name: > + Enable SVG Uploads <= 2.1.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58354ce0-e166-431a-9fac-6c6d81e39e88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enable-svg-uploads/" + google-query: inurl:"/wp-content/plugins/enable-svg-uploads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enable-svg-uploads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enable-svg-uploads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enable-svg-uploads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enable-svg-webp-ico-upload-165d37e436f1584c4d3db5b3ec68fd79.yaml b/nuclei-templates/cve-less/plugins/enable-svg-webp-ico-upload-165d37e436f1584c4d3db5b3ec68fd79.yaml new file mode 100644 index 0000000000..feff15a5dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enable-svg-webp-ico-upload-165d37e436f1584c4d3db5b3ec68fd79.yaml @@ -0,0 +1,58 @@ +id: enable-svg-webp-ico-upload-165d37e436f1584c4d3db5b3ec68fd79 + +info: + name: > + Enable SVG, WebP & ICO Upload <= 1.0.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6df7bd57-7d2f-4098-b2d0-ffb2e8ed5868?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enable-svg-webp-ico-upload/" + google-query: inurl:"/wp-content/plugins/enable-svg-webp-ico-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enable-svg-webp-ico-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enable-svg-webp-ico-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enable-svg-webp-ico-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enable-svg-webp-ico-upload-653a3ab56e5af63ff26288de711fb273.yaml b/nuclei-templates/cve-less/plugins/enable-svg-webp-ico-upload-653a3ab56e5af63ff26288de711fb273.yaml new file mode 100644 index 0000000000..ca0e25f2be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enable-svg-webp-ico-upload-653a3ab56e5af63ff26288de711fb273.yaml @@ -0,0 +1,58 @@ +id: enable-svg-webp-ico-upload-653a3ab56e5af63ff26288de711fb273 + +info: + name: > + Enable SVG, WebP & ICO Upload <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f47c6c4-2d74-4f37-8232-d54d5f0c24cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enable-svg-webp-ico-upload/" + google-query: inurl:"/wp-content/plugins/enable-svg-webp-ico-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enable-svg-webp-ico-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enable-svg-webp-ico-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enable-svg-webp-ico-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enable-svg-webp-ico-upload-ac9050df076297964363495b9c075e7f.yaml b/nuclei-templates/cve-less/plugins/enable-svg-webp-ico-upload-ac9050df076297964363495b9c075e7f.yaml new file mode 100644 index 0000000000..56eb4b6f91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enable-svg-webp-ico-upload-ac9050df076297964363495b9c075e7f.yaml @@ -0,0 +1,58 @@ +id: enable-svg-webp-ico-upload-ac9050df076297964363495b9c075e7f + +info: + name: > + Enable SVG, WebP & ICO Upload <= 1.0.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb14a79a-32ba-4d7a-b706-4e602a25e9cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enable-svg-webp-ico-upload/" + google-query: inurl:"/wp-content/plugins/enable-svg-webp-ico-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enable-svg-webp-ico-upload,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enable-svg-webp-ico-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enable-svg-webp-ico-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/encrypted-contact-form-2fb0bdf5e86e962a718dd05b2ce83f93.yaml b/nuclei-templates/cve-less/plugins/encrypted-contact-form-2fb0bdf5e86e962a718dd05b2ce83f93.yaml new file mode 100644 index 0000000000..8437486837 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/encrypted-contact-form-2fb0bdf5e86e962a718dd05b2ce83f93.yaml @@ -0,0 +1,58 @@ +id: encrypted-contact-form-2fb0bdf5e86e962a718dd05b2ce83f93 + +info: + name: > + Encrypted Contact Form < 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac3a359c-bdcf-42c5-9e54-c704a358b561?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/encrypted-contact-form/" + google-query: inurl:"/wp-content/plugins/encrypted-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,encrypted-contact-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/encrypted-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "encrypted-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/english-wp-admin-450ea91a4d60d7431414f8be13b7c9b7.yaml b/nuclei-templates/cve-less/plugins/english-wp-admin-450ea91a4d60d7431414f8be13b7c9b7.yaml new file mode 100644 index 0000000000..e96d301a8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/english-wp-admin-450ea91a4d60d7431414f8be13b7c9b7.yaml @@ -0,0 +1,58 @@ +id: english-wp-admin-450ea91a4d60d7431414f8be13b7c9b7 + +info: + name: > + English WordPress Admin <= 1.5.1.1 - Unauthenticated Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bd007fd-eee9-4c3c-b509-63e180e3fd28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/english-wp-admin/" + google-query: inurl:"/wp-content/plugins/english-wp-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,english-wp-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/english-wp-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "english-wp-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-3a5678cecd4cbb7e481b97acb528f036.yaml b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-3a5678cecd4cbb7e481b97acb528f036.yaml new file mode 100644 index 0000000000..6477fb5a34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-3a5678cecd4cbb7e481b97acb528f036.yaml @@ -0,0 +1,58 @@ +id: enhanced-e-commerce-for-woocommerce-store-3a5678cecd4cbb7e481b97acb528f036 + +info: + name: > + Conversios.io <= 6.5.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ad84e6e-5498-4bf1-b662-15b7628ceba2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + google-query: inurl:"/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-e-commerce-for-woocommerce-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-88bf9af12ef5e38595f378ad9f2dcf87.yaml b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-88bf9af12ef5e38595f378ad9f2dcf87.yaml new file mode 100644 index 0000000000..5c7d219be9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-88bf9af12ef5e38595f378ad9f2dcf87.yaml @@ -0,0 +1,58 @@ +id: enhanced-e-commerce-for-woocommerce-store-88bf9af12ef5e38595f378ad9f2dcf87 + +info: + name: > + Conversios.io - Google Analytics and Google Shopping plugin for WooCommerce <= 4.6.1 Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92f6f3f7-c49b-4290-806f-6add333159b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + google-query: inurl:"/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-e-commerce-for-woocommerce-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-9549871153d587a10461e3eb973b5757.yaml b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-9549871153d587a10461e3eb973b5757.yaml new file mode 100644 index 0000000000..54dc939b19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-9549871153d587a10461e3eb973b5757.yaml @@ -0,0 +1,58 @@ +id: enhanced-e-commerce-for-woocommerce-store-9549871153d587a10461e3eb973b5757 + +info: + name: > + Conversios.io <= 6.5.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae007dc0-9ac7-459d-bfe6-bcde87028b14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + google-query: inurl:"/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-e-commerce-for-woocommerce-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-9c674f0198c44bbc3b97237db4078df1.yaml b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-9c674f0198c44bbc3b97237db4078df1.yaml new file mode 100644 index 0000000000..eedec18caf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-9c674f0198c44bbc3b97237db4078df1.yaml @@ -0,0 +1,58 @@ +id: enhanced-e-commerce-for-woocommerce-store-9c674f0198c44bbc3b97237db4078df1 + +info: + name: > + All-in-one Google Analytics, Pixels and Product Feed Manager for WooCommerce <= 5.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aae70da2-fcd8-4e33-8f38-5e19e0c14733?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + google-query: inurl:"/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-e-commerce-for-woocommerce-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-ad1bab22a9b739c47d96ab770ca5f753.yaml b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-ad1bab22a9b739c47d96ab770ca5f753.yaml new file mode 100644 index 0000000000..43832a4344 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-ad1bab22a9b739c47d96ab770ca5f753.yaml @@ -0,0 +1,58 @@ +id: enhanced-e-commerce-for-woocommerce-store-ad1bab22a9b739c47d96ab770ca5f753 + +info: + name: > + Conversios.io <= 6.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7d1c57c-7aa2-4317-94ac-3fc48f87b98c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + google-query: inurl:"/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-e-commerce-for-woocommerce-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-d482e085c2e103ed9accb9a0cd94ae4d.yaml b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-d482e085c2e103ed9accb9a0cd94ae4d.yaml new file mode 100644 index 0000000000..b3949381a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-d482e085c2e103ed9accb9a0cd94ae4d.yaml @@ -0,0 +1,58 @@ +id: enhanced-e-commerce-for-woocommerce-store-d482e085c2e103ed9accb9a0cd94ae4d + +info: + name: > + Conversios <= 7.0.7 - Authenticated (Subscriber+) SQL Injection via ee_syncProductCategory + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c30801d1-9335-4bba-b344-f0ff57cecf84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + google-query: inurl:"/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-e-commerce-for-woocommerce-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-ed938d6748a55c68d3afc00fc2604d10.yaml b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-ed938d6748a55c68d3afc00fc2604d10.yaml new file mode 100644 index 0000000000..f9cdd8efee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-e-commerce-for-woocommerce-store-ed938d6748a55c68d3afc00fc2604d10.yaml @@ -0,0 +1,58 @@ +id: enhanced-e-commerce-for-woocommerce-store-ed938d6748a55c68d3afc00fc2604d10 + +info: + name: > + Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7eb7d499-28ba-48ef-9798-b7c8cbb7aa3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + google-query: inurl:"/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-e-commerce-for-woocommerce-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-e-commerce-for-woocommerce-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-e-commerce-for-woocommerce-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-media-library-6039d2569df090d7d3093a78e0441287.yaml b/nuclei-templates/cve-less/plugins/enhanced-media-library-6039d2569df090d7d3093a78e0441287.yaml new file mode 100644 index 0000000000..dba9e76527 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-media-library-6039d2569df090d7d3093a78e0441287.yaml @@ -0,0 +1,58 @@ +id: enhanced-media-library-6039d2569df090d7d3093a78e0441287 + +info: + name: > + Enhanced Media Library <= 2.8.9 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15b30ecb-e3ce-4092-841b-3a1b2553596a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-media-library/" + google-query: inurl:"/wp-content/plugins/enhanced-media-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-media-library,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-media-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-media-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-plugin-admin-7b7a151dfcca0b5faecc4b73e9e5942a.yaml b/nuclei-templates/cve-less/plugins/enhanced-plugin-admin-7b7a151dfcca0b5faecc4b73e9e5942a.yaml new file mode 100644 index 0000000000..7d271e4e23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-plugin-admin-7b7a151dfcca0b5faecc4b73e9e5942a.yaml @@ -0,0 +1,58 @@ +id: enhanced-plugin-admin-7b7a151dfcca0b5faecc4b73e9e5942a + +info: + name: > + Enhanced Plugin Admin <= 1.16 - Cross-Site Request Forgery via epa_options_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b5bc030-7739-4eb4-b85d-99e5d0f2643a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-plugin-admin/" + google-query: inurl:"/wp-content/plugins/enhanced-plugin-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-plugin-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-plugin-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-plugin-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-text-widget-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/cve-less/plugins/enhanced-text-widget-25a10466c42d47292b8a71c862e9a26a.yaml new file mode 100644 index 0000000000..8bd61ec4d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-text-widget-25a10466c42d47292b8a71c862e9a26a.yaml @@ -0,0 +1,58 @@ +id: enhanced-text-widget-25a10466c42d47292b8a71c862e9a26a + +info: + name: > + Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-text-widget/" + google-query: inurl:"/wp-content/plugins/enhanced-text-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-text-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-text-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-text-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-text-widget-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/cve-less/plugins/enhanced-text-widget-6ac56b73dfbde68009426ab1366ff6c2.yaml new file mode 100644 index 0000000000..eb4b1d7bb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-text-widget-6ac56b73dfbde68009426ab1366ff6c2.yaml @@ -0,0 +1,58 @@ +id: enhanced-text-widget-6ac56b73dfbde68009426ab1366ff6c2 + +info: + name: > + Inisev Analyst Module <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-text-widget/" + google-query: inurl:"/wp-content/plugins/enhanced-text-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-text-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-text-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-text-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-text-widget-a9a1d45bfcbca6c173ea125c110bda5d.yaml b/nuclei-templates/cve-less/plugins/enhanced-text-widget-a9a1d45bfcbca6c173ea125c110bda5d.yaml new file mode 100644 index 0000000000..1cb585db10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-text-widget-a9a1d45bfcbca6c173ea125c110bda5d.yaml @@ -0,0 +1,58 @@ +id: enhanced-text-widget-a9a1d45bfcbca6c173ea125c110bda5d + +info: + name: > + Enhanced Text Widget <= 1.6.3 - Missing Authorization via etw_hide_admin_notification_callback + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25122475-fc2c-4a8c-90d3-f4a85fb3a8cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-text-widget/" + google-query: inurl:"/wp-content/plugins/enhanced-text-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-text-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-text-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-text-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-text-widget-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/cve-less/plugins/enhanced-text-widget-c451f687ef3559dbeeebe92c1e87ed44.yaml new file mode 100644 index 0000000000..29ff965ac0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-text-widget-c451f687ef3559dbeeebe92c1e87ed44.yaml @@ -0,0 +1,58 @@ +id: enhanced-text-widget-c451f687ef3559dbeeebe92c1e87ed44 + +info: + name: > + Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-text-widget/" + google-query: inurl:"/wp-content/plugins/enhanced-text-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-text-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-text-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-text-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-text-widget-d68b3bd827fa2538356da72861992193.yaml b/nuclei-templates/cve-less/plugins/enhanced-text-widget-d68b3bd827fa2538356da72861992193.yaml new file mode 100644 index 0000000000..8ddc6e1390 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-text-widget-d68b3bd827fa2538356da72861992193.yaml @@ -0,0 +1,58 @@ +id: enhanced-text-widget-d68b3bd827fa2538356da72861992193 + +info: + name: > + Enhanced Text Widget <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f42b59e-42a3-4c1d-805d-dfe8c692223e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-text-widget/" + google-query: inurl:"/wp-content/plugins/enhanced-text-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-text-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-text-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-text-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-text-widget-d8eaeaf9f69a4b2de6a788086b60bfc0.yaml b/nuclei-templates/cve-less/plugins/enhanced-text-widget-d8eaeaf9f69a4b2de6a788086b60bfc0.yaml new file mode 100644 index 0000000000..fd3144cc38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-text-widget-d8eaeaf9f69a4b2de6a788086b60bfc0.yaml @@ -0,0 +1,58 @@ +id: enhanced-text-widget-d8eaeaf9f69a4b2de6a788086b60bfc0 + +info: + name: > + Enhanced Text Widget <= 1.5.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7487f72c-9852-4651-a848-239d4882bbf8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-text-widget/" + google-query: inurl:"/wp-content/plugins/enhanced-text-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-text-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-text-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-text-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-tooltipglossary-5597c388852b3462017f5bc3ca0328fd.yaml b/nuclei-templates/cve-less/plugins/enhanced-tooltipglossary-5597c388852b3462017f5bc3ca0328fd.yaml new file mode 100644 index 0000000000..34af958d3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-tooltipglossary-5597c388852b3462017f5bc3ca0328fd.yaml @@ -0,0 +1,58 @@ +id: enhanced-tooltipglossary-5597c388852b3462017f5bc3ca0328fd + +info: + name: > + CM Tooltip Glossary – Better SEO and UEX for your WP site <= 3.3.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb1576f8-0586-4ad8-befb-b502d30fab52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-tooltipglossary/" + google-query: inurl:"/wp-content/plugins/enhanced-tooltipglossary/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-tooltipglossary,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-tooltipglossary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-tooltipglossary-6bc3c65cb1ca8d7f84584a1599bace9a.yaml b/nuclei-templates/cve-less/plugins/enhanced-tooltipglossary-6bc3c65cb1ca8d7f84584a1599bace9a.yaml new file mode 100644 index 0000000000..e4f6177824 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-tooltipglossary-6bc3c65cb1ca8d7f84584a1599bace9a.yaml @@ -0,0 +1,58 @@ +id: enhanced-tooltipglossary-6bc3c65cb1ca8d7f84584a1599bace9a + +info: + name: > + CM Tooltip Glossary <= 3.9.20 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f4ac2c0-2c22-431c-b892-b4bf6a7319ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-tooltipglossary/" + google-query: inurl:"/wp-content/plugins/enhanced-tooltipglossary/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-tooltipglossary,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-tooltipglossary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-tooltipglossary-7c07c1ab091dafa6dc739a4dcb0453d1.yaml b/nuclei-templates/cve-less/plugins/enhanced-tooltipglossary-7c07c1ab091dafa6dc739a4dcb0453d1.yaml new file mode 100644 index 0000000000..cf9bcc621f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-tooltipglossary-7c07c1ab091dafa6dc739a4dcb0453d1.yaml @@ -0,0 +1,58 @@ +id: enhanced-tooltipglossary-7c07c1ab091dafa6dc739a4dcb0453d1 + +info: + name: > + CM Tooltip Glossary – Powerful Glossary Plugin <= 4.2.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3e2ddde-1421-4352-b93a-1492574f624e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-tooltipglossary/" + google-query: inurl:"/wp-content/plugins/enhanced-tooltipglossary/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-tooltipglossary,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-tooltipglossary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-tooltipglossary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enhanced-wordpress-contactform-71e56d0f97e8b4d7649e09ad58dd5927.yaml b/nuclei-templates/cve-less/plugins/enhanced-wordpress-contactform-71e56d0f97e8b4d7649e09ad58dd5927.yaml new file mode 100644 index 0000000000..20998b3cf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enhanced-wordpress-contactform-71e56d0f97e8b4d7649e09ad58dd5927.yaml @@ -0,0 +1,58 @@ +id: enhanced-wordpress-contactform-71e56d0f97e8b4d7649e09ad58dd5927 + +info: + name: > + Enhanced WP Contact Form <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e91a6bd-05ae-4088-8c1f-bc5598545606?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enhanced-wordpress-contactform/" + google-query: inurl:"/wp-content/plugins/enhanced-wordpress-contactform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enhanced-wordpress-contactform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enhanced-wordpress-contactform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enhanced-wordpress-contactform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enigma-chartjs-1d70e5d002efa976ab87b56edcf9f0b9.yaml b/nuclei-templates/cve-less/plugins/enigma-chartjs-1d70e5d002efa976ab87b56edcf9f0b9.yaml new file mode 100644 index 0000000000..901e6395ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enigma-chartjs-1d70e5d002efa976ab87b56edcf9f0b9.yaml @@ -0,0 +1,58 @@ +id: enigma-chartjs-1d70e5d002efa976ab87b56edcf9f0b9 + +info: + name: > + Chartjs <= 2023.2 - Authenticated(Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e1864e7-bd3b-431f-9a9d-378b376298f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enigma-chartjs/" + google-query: inurl:"/wp-content/plugins/enigma-chartjs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enigma-chartjs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enigma-chartjs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enigma-chartjs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2023.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enigma-chartjs-ace575e194919fed8a75c5778dd0bfab.yaml b/nuclei-templates/cve-less/plugins/enigma-chartjs-ace575e194919fed8a75c5778dd0bfab.yaml new file mode 100644 index 0000000000..abe9152c68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enigma-chartjs-ace575e194919fed8a75c5778dd0bfab.yaml @@ -0,0 +1,58 @@ +id: enigma-chartjs-ace575e194919fed8a75c5778dd0bfab + +info: + name: > + Chartjs <= 2023.2 - Authenticated(Editor+) Stored Cross-Site Scripting via chart + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd5a1ab9-8d59-464a-a227-9f6ee768e35c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enigma-chartjs/" + google-query: inurl:"/wp-content/plugins/enigma-chartjs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enigma-chartjs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enigma-chartjs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enigma-chartjs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2023.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel-47817571e00845c157bd7b162b48263f.yaml b/nuclei-templates/cve-less/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel-47817571e00845c157bd7b162b48263f.yaml new file mode 100644 index 0000000000..74f31ef64c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel-47817571e00845c157bd7b162b48263f.yaml @@ -0,0 +1,58 @@ +id: enjoy-instagram-instagram-responsive-images-gallery-and-carousel-47817571e00845c157bd7b162b48263f + +info: + name: > + Enjoy Social Feed plugin for WordPress website <= 6.2.2 - Missing Authorization to Database Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57ef2e79-08b7-4e2a-ae63-957d197e24ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/" + google-query: inurl:"/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enjoy-instagram-instagram-responsive-images-gallery-and-carousel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enjoy-instagram-instagram-responsive-images-gallery-and-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel-8100bca7f40bd5eec7ce73b26e775600.yaml b/nuclei-templates/cve-less/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel-8100bca7f40bd5eec7ce73b26e775600.yaml new file mode 100644 index 0000000000..d74879d89e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel-8100bca7f40bd5eec7ce73b26e775600.yaml @@ -0,0 +1,58 @@ +id: enjoy-instagram-instagram-responsive-images-gallery-and-carousel-8100bca7f40bd5eec7ce73b26e775600 + +info: + name: > + Enjoy Social Feed <= 6.2.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c20ff80c-75da-4879-ba1c-e14edf779f58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/" + google-query: inurl:"/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enjoy-instagram-instagram-responsive-images-gallery-and-carousel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enjoy-instagram-instagram-responsive-images-gallery-and-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enjoy-instagram-instagram-responsive-images-gallery-and-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enl-newsletter-450d379738a3ed762b9b5b46fb6f58a1.yaml b/nuclei-templates/cve-less/plugins/enl-newsletter-450d379738a3ed762b9b5b46fb6f58a1.yaml new file mode 100644 index 0000000000..75b769c248 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enl-newsletter-450d379738a3ed762b9b5b46fb6f58a1.yaml @@ -0,0 +1,58 @@ +id: enl-newsletter-450d379738a3ed762b9b5b46fb6f58a1 + +info: + name: > + ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfec4c31-ba09-4832-a095-4ca5f5192674?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enl-newsletter/" + google-query: inurl:"/wp-content/plugins/enl-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enl-newsletter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enl-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enl-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enl-newsletter-84f324614693ea073f92a44e128e4cc4.yaml b/nuclei-templates/cve-less/plugins/enl-newsletter-84f324614693ea073f92a44e128e4cc4.yaml new file mode 100644 index 0000000000..9f9630a19e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enl-newsletter-84f324614693ea073f92a44e128e4cc4.yaml @@ -0,0 +1,58 @@ +id: enl-newsletter-84f324614693ea073f92a44e128e4cc4 + +info: + name: > + ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/419270e7-c781-41fe-9893-473074825b36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enl-newsletter/" + google-query: inurl:"/wp-content/plugins/enl-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enl-newsletter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enl-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enl-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enl-newsletter-9e2d3a35dbbc0898dce1216c2073fa6e.yaml b/nuclei-templates/cve-less/plugins/enl-newsletter-9e2d3a35dbbc0898dce1216c2073fa6e.yaml new file mode 100644 index 0000000000..d8dc52f2c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enl-newsletter-9e2d3a35dbbc0898dce1216c2073fa6e.yaml @@ -0,0 +1,58 @@ +id: enl-newsletter-9e2d3a35dbbc0898dce1216c2073fa6e + +info: + name: > + ENL Newsletter <= 1.0.1 - Cross-Site Request Forgery to Campaign Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/891a625e-8248-4d21-a796-bf0cff6fc253?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enl-newsletter/" + google-query: inurl:"/wp-content/plugins/enl-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enl-newsletter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enl-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enl-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enl-newsletter-eca3d823dd426887bd9194913fe758fe.yaml b/nuclei-templates/cve-less/plugins/enl-newsletter-eca3d823dd426887bd9194913fe758fe.yaml new file mode 100644 index 0000000000..95fd1d32e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enl-newsletter-eca3d823dd426887bd9194913fe758fe.yaml @@ -0,0 +1,58 @@ +id: enl-newsletter-eca3d823dd426887bd9194913fe758fe + +info: + name: > + ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0298f5e6-36b6-4005-b6ef-d38f2f86f0b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enl-newsletter/" + google-query: inurl:"/wp-content/plugins/enl-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enl-newsletter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enl-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enl-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enqueue-anything-a1f55b7e935f65d8ec08ab5f8854d26f.yaml b/nuclei-templates/cve-less/plugins/enqueue-anything-a1f55b7e935f65d8ec08ab5f8854d26f.yaml new file mode 100644 index 0000000000..be2770e451 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enqueue-anything-a1f55b7e935f65d8ec08ab5f8854d26f.yaml @@ -0,0 +1,58 @@ +id: enqueue-anything-a1f55b7e935f65d8ec08ab5f8854d26f + +info: + name: > + Enqueue Anything <= 1.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e353d938-8844-41dc-96dc-7e2facf96446?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enqueue-anything/" + google-query: inurl:"/wp-content/plugins/enqueue-anything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enqueue-anything,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enqueue-anything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enqueue-anything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enquiry-quotation-for-woocommerce-e5a8f42155cebe6939f0ccac8621a6a2.yaml b/nuclei-templates/cve-less/plugins/enquiry-quotation-for-woocommerce-e5a8f42155cebe6939f0ccac8621a6a2.yaml new file mode 100644 index 0000000000..e05fc02656 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enquiry-quotation-for-woocommerce-e5a8f42155cebe6939f0ccac8621a6a2.yaml @@ -0,0 +1,58 @@ +id: enquiry-quotation-for-woocommerce-e5a8f42155cebe6939f0ccac8621a6a2 + +info: + name: > + Product Enquiry for WooCommerce <= 2.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/889986f8-224e-4af4-a1d2-ef4b04a7e83f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enquiry-quotation-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/enquiry-quotation-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enquiry-quotation-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enquiry-quotation-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enquiry-quotation-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enteraddons-0e079d604a8bf155d8a2cb48193c6100.yaml b/nuclei-templates/cve-less/plugins/enteraddons-0e079d604a8bf155d8a2cb48193c6100.yaml new file mode 100644 index 0000000000..463c521b63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enteraddons-0e079d604a8bf155d8a2cb48193c6100.yaml @@ -0,0 +1,58 @@ +id: enteraddons-0e079d604a8bf155d8a2cb48193c6100 + +info: + name: > + Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animation Title widget img tag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29cc82cb-f3fd-4de5-9731-7ceb1212b0f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enteraddons/" + google-query: inurl:"/wp-content/plugins/enteraddons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enteraddons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enteraddons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enteraddons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/enteraddons-82e1dbec0eac00504fe2d5c8d1c53a7b.yaml b/nuclei-templates/cve-less/plugins/enteraddons-82e1dbec0eac00504fe2d5c8d1c53a7b.yaml new file mode 100644 index 0000000000..fbb6297b94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/enteraddons-82e1dbec0eac00504fe2d5c8d1c53a7b.yaml @@ -0,0 +1,58 @@ +id: enteraddons-82e1dbec0eac00504fe2d5c8d1c53a7b + +info: + name: > + Enter Addons – Ultimate Template Builder for Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62a4dd6a-f970-483e-b1a8-d57f604b7b66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/enteraddons/" + google-query: inurl:"/wp-content/plugins/enteraddons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,enteraddons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/enteraddons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enteraddons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envato-elements-e259392e4e0f5c005c71447bf33a289e.yaml b/nuclei-templates/cve-less/plugins/envato-elements-e259392e4e0f5c005c71447bf33a289e.yaml new file mode 100644 index 0000000000..2dd90a08ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envato-elements-e259392e4e0f5c005c71447bf33a289e.yaml @@ -0,0 +1,58 @@ +id: envato-elements-e259392e4e0f5c005c71447bf33a289e + +info: + name: > + Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68fe17e2-d5ab-4ebd-a5c6-d65cea327abd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envato-elements/" + google-query: inurl:"/wp-content/plugins/envato-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envato-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envato-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envato-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-514cd5f6862b902abdfe45e0c2ceab5f.yaml b/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-514cd5f6862b902abdfe45e0c2ceab5f.yaml new file mode 100644 index 0000000000..6783933e65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-514cd5f6862b902abdfe45e0c2ceab5f.yaml @@ -0,0 +1,58 @@ +id: envialosimple-email-marketing-y-newsletters-gratis-514cd5f6862b902abdfe45e0c2ceab5f + +info: + name: > + EnvíaloSimple <= 2.1 Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13245eab-9a72-44d7-bbcd-a0d3e2879814?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/" + google-query: inurl:"/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envialosimple-email-marketing-y-newsletters-gratis,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envialosimple-email-marketing-y-newsletters-gratis" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-6b955e7831b4476315ace7bb8d5f3ecb.yaml b/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-6b955e7831b4476315ace7bb8d5f3ecb.yaml new file mode 100644 index 0000000000..0fdd7637fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-6b955e7831b4476315ace7bb8d5f3ecb.yaml @@ -0,0 +1,58 @@ +id: envialosimple-email-marketing-y-newsletters-gratis-6b955e7831b4476315ace7bb8d5f3ecb + +info: + name: > + EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b39abc8-9281-4d58-a9ec-877c5bae805a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/" + google-query: inurl:"/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envialosimple-email-marketing-y-newsletters-gratis,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envialosimple-email-marketing-y-newsletters-gratis" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-77c5f9441620c4484058d80cea50d864.yaml b/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-77c5f9441620c4484058d80cea50d864.yaml new file mode 100644 index 0000000000..fa929efc34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-77c5f9441620c4484058d80cea50d864.yaml @@ -0,0 +1,58 @@ +id: envialosimple-email-marketing-y-newsletters-gratis-77c5f9441620c4484058d80cea50d864 + +info: + name: > + EnvíaloSimple: Email Marketing y Newsletters <= 2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dee07a1-9f48-4e8f-89dc-99270f55f17c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/" + google-query: inurl:"/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envialosimple-email-marketing-y-newsletters-gratis,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envialosimple-email-marketing-y-newsletters-gratis" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-b6be086ceb5c1e62386aaf5cf54e66b3.yaml b/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-b6be086ceb5c1e62386aaf5cf54e66b3.yaml new file mode 100644 index 0000000000..d39d100fce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-b6be086ceb5c1e62386aaf5cf54e66b3.yaml @@ -0,0 +1,58 @@ +id: envialosimple-email-marketing-y-newsletters-gratis-b6be086ceb5c1e62386aaf5cf54e66b3 + +info: + name: > + EnvíaloSimple <= 2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c533277-5cea-419f-93ec-e510c0fbd75d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/" + google-query: inurl:"/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envialosimple-email-marketing-y-newsletters-gratis,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envialosimple-email-marketing-y-newsletters-gratis" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-e9f65fad0edf93964d95edc6a82cf394.yaml b/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-e9f65fad0edf93964d95edc6a82cf394.yaml new file mode 100644 index 0000000000..384be61ceb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envialosimple-email-marketing-y-newsletters-gratis-e9f65fad0edf93964d95edc6a82cf394.yaml @@ -0,0 +1,58 @@ +id: envialosimple-email-marketing-y-newsletters-gratis-e9f65fad0edf93964d95edc6a82cf394 + +info: + name: > + EnvialoSimple: Email Marketing y Newsletters < 1.98 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1032227b-f2bc-4fc5-bc8d-91a84c631680?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/" + google-query: inurl:"/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envialosimple-email-marketing-y-newsletters-gratis,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envialosimple-email-marketing-y-newsletters-gratis/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envialosimple-email-marketing-y-newsletters-gratis" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.97') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envira-gallery-lite-493dd00fbad457efffd98380feee37ad.yaml b/nuclei-templates/cve-less/plugins/envira-gallery-lite-493dd00fbad457efffd98380feee37ad.yaml new file mode 100644 index 0000000000..328e3c3310 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envira-gallery-lite-493dd00fbad457efffd98380feee37ad.yaml @@ -0,0 +1,58 @@ +id: envira-gallery-lite-493dd00fbad457efffd98380feee37ad + +info: + name: > + Envira Photo Gallery <= 1.7.6 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f05b82c3-bb29-494e-a020-427cb1a816a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envira-gallery-lite/" + google-query: inurl:"/wp-content/plugins/envira-gallery-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envira-gallery-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envira-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envira-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envira-gallery-lite-91259d563d9ff9cc3660b0bcf5beec5d.yaml b/nuclei-templates/cve-less/plugins/envira-gallery-lite-91259d563d9ff9cc3660b0bcf5beec5d.yaml new file mode 100644 index 0000000000..7701687cf5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envira-gallery-lite-91259d563d9ff9cc3660b0bcf5beec5d.yaml @@ -0,0 +1,58 @@ +id: envira-gallery-lite-91259d563d9ff9cc3660b0bcf5beec5d + +info: + name: > + Gallery Plugin for WordPress – Envira Photo Gallery <= 1.8.4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ae9392a-591c-4be0-9f90-aa6ec81d3a10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envira-gallery-lite/" + google-query: inurl:"/wp-content/plugins/envira-gallery-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envira-gallery-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envira-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envira-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envira-gallery-lite-cc4dabd01e1338fc09aa2ef444904587.yaml b/nuclei-templates/cve-less/plugins/envira-gallery-lite-cc4dabd01e1338fc09aa2ef444904587.yaml new file mode 100644 index 0000000000..1ab36e70fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envira-gallery-lite-cc4dabd01e1338fc09aa2ef444904587.yaml @@ -0,0 +1,58 @@ +id: envira-gallery-lite-cc4dabd01e1338fc09aa2ef444904587 + +info: + name: > + Envira Gallery Lite <= 1.8.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98361cfd-1277-43fd-b0da-db2549628383?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envira-gallery-lite/" + google-query: inurl:"/wp-content/plugins/envira-gallery-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envira-gallery-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envira-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envira-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envira-gallery-lite-d0a21350c57dcbddba5f33bc0580065b.yaml b/nuclei-templates/cve-less/plugins/envira-gallery-lite-d0a21350c57dcbddba5f33bc0580065b.yaml new file mode 100644 index 0000000000..bdf6ea781e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envira-gallery-lite-d0a21350c57dcbddba5f33bc0580065b.yaml @@ -0,0 +1,58 @@ +id: envira-gallery-lite-d0a21350c57dcbddba5f33bc0580065b + +info: + name: > + Envira Gallery Lite <= 1.8.7.2 - Missing Authorization to Gallery Modification via envira_gallery_insert_images + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40655278-6915-4a76-ac2d-bb161d3cee92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envira-gallery-lite/" + google-query: inurl:"/wp-content/plugins/envira-gallery-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envira-gallery-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envira-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envira-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envo-elementor-for-woocommerce-99a74c6c9556a6c727c6aed622ee1c96.yaml b/nuclei-templates/cve-less/plugins/envo-elementor-for-woocommerce-99a74c6c9556a6c727c6aed622ee1c96.yaml new file mode 100644 index 0000000000..2e7b0ce465 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envo-elementor-for-woocommerce-99a74c6c9556a6c727c6aed622ee1c96.yaml @@ -0,0 +1,58 @@ +id: envo-elementor-for-woocommerce-99a74c6c9556a6c727c6aed622ee1c96 + +info: + name: > + Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6504ae5c-a36d-495e-aa93-40a3753857c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envo-elementor-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/envo-elementor-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envo-elementor-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envo-elementor-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envo-elementor-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envo-elementor-for-woocommerce-aa0d08f997d780bef53fffda596a65a2.yaml b/nuclei-templates/cve-less/plugins/envo-elementor-for-woocommerce-aa0d08f997d780bef53fffda596a65a2.yaml new file mode 100644 index 0000000000..48b6b07efd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envo-elementor-for-woocommerce-aa0d08f997d780bef53fffda596a65a2.yaml @@ -0,0 +1,58 @@ +id: envo-elementor-for-woocommerce-aa0d08f997d780bef53fffda596a65a2 + +info: + name: > + Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/996c7433-dd82-4216-86b9-005f43c06c3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envo-elementor-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/envo-elementor-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envo-elementor-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envo-elementor-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envo-elementor-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envo-elementor-for-woocommerce-da8d9bf1ad46e0cc886ba0015417b54e.yaml b/nuclei-templates/cve-less/plugins/envo-elementor-for-woocommerce-da8d9bf1ad46e0cc886ba0015417b54e.yaml new file mode 100644 index 0000000000..bb1e471e1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envo-elementor-for-woocommerce-da8d9bf1ad46e0cc886ba0015417b54e.yaml @@ -0,0 +1,58 @@ +id: envo-elementor-for-woocommerce-da8d9bf1ad46e0cc886ba0015417b54e + +info: + name: > + Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cca71257-05dc-43d5-8de6-faf0a2feab2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envo-elementor-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/envo-elementor-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envo-elementor-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envo-elementor-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envo-elementor-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/envo-extra-c26f84b3b737dca9d0e2ab2c400f43b7.yaml b/nuclei-templates/cve-less/plugins/envo-extra-c26f84b3b737dca9d0e2ab2c400f43b7.yaml new file mode 100644 index 0000000000..d4134ab389 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/envo-extra-c26f84b3b737dca9d0e2ab2c400f43b7.yaml @@ -0,0 +1,58 @@ +id: envo-extra-c26f84b3b737dca9d0e2ab2c400f43b7 + +info: + name: > + Envo Extra <= 1.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bfda384-2b39-471d-bf2a-4a8f580ddd1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/envo-extra/" + google-query: inurl:"/wp-content/plugins/envo-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,envo-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/envo-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "envo-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eonet-manual-user-approve-bce2c57392aa12eefee039fe25226280.yaml b/nuclei-templates/cve-less/plugins/eonet-manual-user-approve-bce2c57392aa12eefee039fe25226280.yaml new file mode 100644 index 0000000000..cd101a8155 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eonet-manual-user-approve-bce2c57392aa12eefee039fe25226280.yaml @@ -0,0 +1,58 @@ +id: eonet-manual-user-approve-bce2c57392aa12eefee039fe25226280 + +info: + name: > + Eonet Manual User Approve <= 2.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b696e0b-d4e1-4a81-9204-929100ade073?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eonet-manual-user-approve/" + google-query: inurl:"/wp-content/plugins/eonet-manual-user-approve/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eonet-manual-user-approve,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eonet-manual-user-approve/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eonet-manual-user-approve" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/epoll-wp-voting-17700405f02a76d34273fd6f63bdac56.yaml b/nuclei-templates/cve-less/plugins/epoll-wp-voting-17700405f02a76d34273fd6f63bdac56.yaml new file mode 100644 index 0000000000..eff0adf6c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/epoll-wp-voting-17700405f02a76d34273fd6f63bdac56.yaml @@ -0,0 +1,58 @@ +id: epoll-wp-voting-17700405f02a76d34273fd6f63bdac56 + +info: + name: > + WP Poll Maker <= 3.1 - Authenticated (Subscriber+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59c41620-c6f3-4728-a849-156c5f0ca1a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/epoll-wp-voting/" + google-query: inurl:"/wp-content/plugins/epoll-wp-voting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,epoll-wp-voting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/epoll-wp-voting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "epoll-wp-voting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/epoll-wp-voting-8119e5403d3a32487dee582a940781b5.yaml b/nuclei-templates/cve-less/plugins/epoll-wp-voting-8119e5403d3a32487dee582a940781b5.yaml new file mode 100644 index 0000000000..23e9340eec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/epoll-wp-voting-8119e5403d3a32487dee582a940781b5.yaml @@ -0,0 +1,58 @@ +id: epoll-wp-voting-8119e5403d3a32487dee582a940781b5 + +info: + name: > + Poll Maker <= 3.4 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c2707ae-8dc0-417c-be4b-83db7dda9c76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/epoll-wp-voting/" + google-query: inurl:"/wp-content/plugins/epoll-wp-voting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,epoll-wp-voting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/epoll-wp-voting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "epoll-wp-voting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/epoll-wp-voting-e39a71ad2e4c4fe07f9341861c3e2c8f.yaml b/nuclei-templates/cve-less/plugins/epoll-wp-voting-e39a71ad2e4c4fe07f9341861c3e2c8f.yaml new file mode 100644 index 0000000000..be05d160ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/epoll-wp-voting-e39a71ad2e4c4fe07f9341861c3e2c8f.yaml @@ -0,0 +1,58 @@ +id: epoll-wp-voting-e39a71ad2e4c4fe07f9341861c3e2c8f + +info: + name: > + WP Poll Maker <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9fe2885-d9ef-4506-945a-69bdddf41718?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/epoll-wp-voting/" + google-query: inurl:"/wp-content/plugins/epoll-wp-voting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,epoll-wp-voting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/epoll-wp-voting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "epoll-wp-voting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eprolo-dropshipping-ad0ff157f5be17af68fa4347894dd5e7.yaml b/nuclei-templates/cve-less/plugins/eprolo-dropshipping-ad0ff157f5be17af68fa4347894dd5e7.yaml new file mode 100644 index 0000000000..94c7825bee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eprolo-dropshipping-ad0ff157f5be17af68fa4347894dd5e7.yaml @@ -0,0 +1,58 @@ +id: eprolo-dropshipping-ad0ff157f5be17af68fa4347894dd5e7 + +info: + name: > + EPROLO Dropshipping <= 1.7.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77f12178-dc92-41fe-a289-222e83f72a27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eprolo-dropshipping/" + google-query: inurl:"/wp-content/plugins/eprolo-dropshipping/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eprolo-dropshipping,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eprolo-dropshipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eprolo-dropshipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eps-301-redirects-60796296d5bd5b2c076a796a73e81fc7.yaml b/nuclei-templates/cve-less/plugins/eps-301-redirects-60796296d5bd5b2c076a796a73e81fc7.yaml new file mode 100644 index 0000000000..ba2a855094 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eps-301-redirects-60796296d5bd5b2c076a796a73e81fc7.yaml @@ -0,0 +1,58 @@ +id: eps-301-redirects-60796296d5bd5b2c076a796a73e81fc7 + +info: + name: > + 301 Redirects - Easy Redirect Manager < 2.51 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e7b24b5-13e4-4164-8462-fd81b1033f2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eps-301-redirects/" + google-query: inurl:"/wp-content/plugins/eps-301-redirects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eps-301-redirects,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eps-301-redirects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eps-301-redirects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eps-301-redirects-65fec51a84e4dae8b6ac8a6f543cb922.yaml b/nuclei-templates/cve-less/plugins/eps-301-redirects-65fec51a84e4dae8b6ac8a6f543cb922.yaml new file mode 100644 index 0000000000..b4d7db4e19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eps-301-redirects-65fec51a84e4dae8b6ac8a6f543cb922.yaml @@ -0,0 +1,58 @@ +id: eps-301-redirects-65fec51a84e4dae8b6ac8a6f543cb922 + +info: + name: > + 301 Redirects - Easy Redirect Manager <= 2.40 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fe758c4-027f-4667-a22a-9e859894a40f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eps-301-redirects/" + google-query: inurl:"/wp-content/plugins/eps-301-redirects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eps-301-redirects,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eps-301-redirects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eps-301-redirects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ere-recently-viewed-c28abeb41bd6624cef6af021a381a425.yaml b/nuclei-templates/cve-less/plugins/ere-recently-viewed-c28abeb41bd6624cef6af021a381a425.yaml new file mode 100644 index 0000000000..46d4f28933 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ere-recently-viewed-c28abeb41bd6624cef6af021a381a425.yaml @@ -0,0 +1,58 @@ +id: ere-recently-viewed-c28abeb41bd6624cef6af021a381a425 + +info: + name: > + ERE Recently Viewed <= 1.3 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7332fe2e-9bef-42b7-946e-4a2ee812ca26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ere-recently-viewed/" + google-query: inurl:"/wp-content/plugins/ere-recently-viewed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ere-recently-viewed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ere-recently-viewed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ere-recently-viewed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erident-custom-login-and-dashboard-1bd28f72c9296305fff71e613d0c8c82.yaml b/nuclei-templates/cve-less/plugins/erident-custom-login-and-dashboard-1bd28f72c9296305fff71e613d0c8c82.yaml new file mode 100644 index 0000000000..3353737576 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erident-custom-login-and-dashboard-1bd28f72c9296305fff71e613d0c8c82.yaml @@ -0,0 +1,58 @@ +id: erident-custom-login-and-dashboard-1bd28f72c9296305fff71e613d0c8c82 + +info: + name: > + Erident Custom Login and Dashboard <= 3.4.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7fb6233-3f58-4237-aaaf-4bc60c5cc8ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erident-custom-login-and-dashboard/" + google-query: inurl:"/wp-content/plugins/erident-custom-login-and-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erident-custom-login-and-dashboard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erident-custom-login-and-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erident-custom-login-and-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erident-custom-login-and-dashboard-bd06eea54f94d4f00b121a93f672de21.yaml b/nuclei-templates/cve-less/plugins/erident-custom-login-and-dashboard-bd06eea54f94d4f00b121a93f672de21.yaml new file mode 100644 index 0000000000..fc0e10fe56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erident-custom-login-and-dashboard-bd06eea54f94d4f00b121a93f672de21.yaml @@ -0,0 +1,58 @@ +id: erident-custom-login-and-dashboard-bd06eea54f94d4f00b121a93f672de21 + +info: + name: > + Erident Custom Login and Dashboard <= 3.5.8 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb714378-ed60-4bf1-8c9c-b37515ddb353?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erident-custom-login-and-dashboard/" + google-query: inurl:"/wp-content/plugins/erident-custom-login-and-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erident-custom-login-and-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erident-custom-login-and-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erident-custom-login-and-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erocket-9babf2cf45788c102d8f9d4588bf3e93.yaml b/nuclei-templates/cve-less/plugins/erocket-9babf2cf45788c102d8f9d4588bf3e93.yaml new file mode 100644 index 0000000000..3b93268978 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erocket-9babf2cf45788c102d8f9d4588bf3e93.yaml @@ -0,0 +1,58 @@ +id: erocket-9babf2cf45788c102d8f9d4588bf3e93 + +info: + name: > + eRocket <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb9b8f3a-6f49-455d-99c6-cdf5671af49d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erocket/" + google-query: inurl:"/wp-content/plugins/erocket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erocket,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erocket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erocket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-5ea4e509f820ba7667284a234b2ed4c9.yaml b/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-5ea4e509f820ba7667284a234b2ed4c9.yaml new file mode 100644 index 0000000000..2d898dd75d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-5ea4e509f820ba7667284a234b2ed4c9.yaml @@ -0,0 +1,58 @@ +id: eroom-zoom-meetings-webinar-5ea4e509f820ba7667284a234b2ed4c9 + +info: + name: > + eRoom – Zoom Meetings & Webinar <= 1.4.18 - Missing Authorization to Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60e0fd59-a69c-4ddf-80cd-4312d2689397?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eroom-zoom-meetings-webinar/" + google-query: inurl:"/wp-content/plugins/eroom-zoom-meetings-webinar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eroom-zoom-meetings-webinar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eroom-zoom-meetings-webinar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eroom-zoom-meetings-webinar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-cfb7ab3df6961d91dd158fd90d7552c0.yaml b/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-cfb7ab3df6961d91dd158fd90d7552c0.yaml new file mode 100644 index 0000000000..44196e4039 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-cfb7ab3df6961d91dd158fd90d7552c0.yaml @@ -0,0 +1,58 @@ +id: eroom-zoom-meetings-webinar-cfb7ab3df6961d91dd158fd90d7552c0 + +info: + name: > + eRoom – Zoom Meetings & Webinar <= 1.3.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/317b1bac-cd9c-4eac-b42b-d7719ecd135c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eroom-zoom-meetings-webinar/" + google-query: inurl:"/wp-content/plugins/eroom-zoom-meetings-webinar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eroom-zoom-meetings-webinar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eroom-zoom-meetings-webinar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eroom-zoom-meetings-webinar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-d77ed1e2b83213ba479b850a5dfc79e1.yaml b/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-d77ed1e2b83213ba479b850a5dfc79e1.yaml new file mode 100644 index 0000000000..8355dd923f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-d77ed1e2b83213ba479b850a5dfc79e1.yaml @@ -0,0 +1,58 @@ +id: eroom-zoom-meetings-webinar-d77ed1e2b83213ba479b850a5dfc79e1 + +info: + name: > + eRoom – Zoom Meetings & Webinar <= 1.3.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce695f15-557c-47b1-a5c4-ce68cc84d721?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eroom-zoom-meetings-webinar/" + google-query: inurl:"/wp-content/plugins/eroom-zoom-meetings-webinar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eroom-zoom-meetings-webinar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eroom-zoom-meetings-webinar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eroom-zoom-meetings-webinar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-e081d559a96dc283eb19909827c9469c.yaml b/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-e081d559a96dc283eb19909827c9469c.yaml new file mode 100644 index 0000000000..98e4a6a5fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eroom-zoom-meetings-webinar-e081d559a96dc283eb19909827c9469c.yaml @@ -0,0 +1,58 @@ +id: eroom-zoom-meetings-webinar-e081d559a96dc283eb19909827c9469c + +info: + name: > + eRoom – Zoom Meetings & Webinar <= 1.4.6 - Missing Authorization via stm_wpcfto_get_settings_callback + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e0767a8-9e82-4ce4-9df9-19b458dc5ce0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eroom-zoom-meetings-webinar/" + google-query: inurl:"/wp-content/plugins/eroom-zoom-meetings-webinar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eroom-zoom-meetings-webinar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eroom-zoom-meetings-webinar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eroom-zoom-meetings-webinar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-028f2396fc3224cdf799828543a80de4.yaml b/nuclei-templates/cve-less/plugins/erp-028f2396fc3224cdf799828543a80de4.yaml new file mode 100644 index 0000000000..292eec4bae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-028f2396fc3224cdf799828543a80de4.yaml @@ -0,0 +1,58 @@ +id: erp-028f2396fc3224cdf799828543a80de4 + +info: + name: > + WP ERP <= 1.12.6 - Missing Authorization via admin notice dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/048277c4-f313-484d-a330-420e0682eee2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-1ecaadeb4176f89b0523e2b0bb90c06a.yaml b/nuclei-templates/cve-less/plugins/erp-1ecaadeb4176f89b0523e2b0bb90c06a.yaml new file mode 100644 index 0000000000..639e705031 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-1ecaadeb4176f89b0523e2b0bb90c06a.yaml @@ -0,0 +1,58 @@ +id: erp-1ecaadeb4176f89b0523e2b0bb90c06a + +info: + name: > + WP ERP <= 1.12.8 - Authenticated (Accounting manager+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7d85921-9d70-4812-9c5f-11ee1d0821be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-28fd0d7c469dc40d11dbc75326d45936.yaml b/nuclei-templates/cve-less/plugins/erp-28fd0d7c469dc40d11dbc75326d45936.yaml new file mode 100644 index 0000000000..6d764a6085 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-28fd0d7c469dc40d11dbc75326d45936.yaml @@ -0,0 +1,58 @@ +id: erp-28fd0d7c469dc40d11dbc75326d45936 + +info: + name: > + WP ERP <= 1.12.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a073c2f1-88d3-4410-b9f5-45b04becbfcb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.12.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-2c7b7c699deb0493bc338eec94d29af3.yaml b/nuclei-templates/cve-less/plugins/erp-2c7b7c699deb0493bc338eec94d29af3.yaml new file mode 100644 index 0000000000..33c98d7c53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-2c7b7c699deb0493bc338eec94d29af3.yaml @@ -0,0 +1,58 @@ +id: erp-2c7b7c699deb0493bc338eec94d29af3 + +info: + name: > + WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97964ebd-be0b-4187-b393-17edf4ba5caf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-3b72f620df35cbae939967377ac621cd.yaml b/nuclei-templates/cve-less/plugins/erp-3b72f620df35cbae939967377ac621cd.yaml new file mode 100644 index 0000000000..5d1c6fb988 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-3b72f620df35cbae939967377ac621cd.yaml @@ -0,0 +1,58 @@ +id: erp-3b72f620df35cbae939967377ac621cd + +info: + name: > + WP ERP <= 1.12.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5863e9b-3f98-41ea-97ed-26563493cffd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-4ba36f479c72328d41a5d7367a3a95ba.yaml b/nuclei-templates/cve-less/plugins/erp-4ba36f479c72328d41a5d7367a3a95ba.yaml new file mode 100644 index 0000000000..d26e2d35c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-4ba36f479c72328d41a5d7367a3a95ba.yaml @@ -0,0 +1,58 @@ +id: erp-4ba36f479c72328d41a5d7367a3a95ba + +info: + name: > + WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection via id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ba06f9-de51-49ea-87c1-4583e939314b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-4cd083213286b4e4a8589cde5bcde660.yaml b/nuclei-templates/cve-less/plugins/erp-4cd083213286b4e4a8589cde5bcde660.yaml new file mode 100644 index 0000000000..1c9ac78baa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-4cd083213286b4e4a8589cde5bcde660.yaml @@ -0,0 +1,58 @@ +id: erp-4cd083213286b4e4a8589cde5bcde660 + +info: + name: > + WP ERP <= 1.12.9 - Authenticated (AccountingManager+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4e04650-624a-4440-b166-8de0f24bb1dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-8acf66d52cca352214a80a527274b5a4.yaml b/nuclei-templates/cve-less/plugins/erp-8acf66d52cca352214a80a527274b5a4.yaml new file mode 100644 index 0000000000..8bd08331e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-8acf66d52cca352214a80a527274b5a4.yaml @@ -0,0 +1,58 @@ +id: erp-8acf66d52cca352214a80a527274b5a4 + +info: + name: > + WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01b90498-0ddb-4eb3-b76d-de30ed03d7d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-b10ae50c79331d4dcb069789ed2ad609.yaml b/nuclei-templates/cve-less/plugins/erp-b10ae50c79331d4dcb069789ed2ad609.yaml new file mode 100644 index 0000000000..fa76e8d35e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-b10ae50c79331d4dcb069789ed2ad609.yaml @@ -0,0 +1,58 @@ +id: erp-b10ae50c79331d4dcb069789ed2ad609 + +info: + name: > + WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.12.9 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79da7239-0343-465e-8dda-44ff440939c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-b7e69e83c8c59004ad0e6d101ab301ac.yaml b/nuclei-templates/cve-less/plugins/erp-b7e69e83c8c59004ad0e6d101ab301ac.yaml new file mode 100644 index 0000000000..a37e2a51d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-b7e69e83c8c59004ad0e6d101ab301ac.yaml @@ -0,0 +1,58 @@ +id: erp-b7e69e83c8c59004ad0e6d101ab301ac + +info: + name: > + WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94772de9-6ab8-45ff-8b56-19b50a81b66f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-d1b821dbb873ab8f28cd2cb8f033062c.yaml b/nuclei-templates/cve-less/plugins/erp-d1b821dbb873ab8f28cd2cb8f033062c.yaml new file mode 100644 index 0000000000..804a9d8bac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-d1b821dbb873ab8f28cd2cb8f033062c.yaml @@ -0,0 +1,58 @@ +id: erp-d1b821dbb873ab8f28cd2cb8f033062c + +info: + name: > + WP ERP <= 1.12.3 - Authenticated (Administrator+) SQL Injection via 'type' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e0c77a6-08fd-4d54-8ecd-6e5fe0e03e14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.12.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/erp-d1fe516e72277a6efd50d79a0cef3b2d.yaml b/nuclei-templates/cve-less/plugins/erp-d1fe516e72277a6efd50d79a0cef3b2d.yaml new file mode 100644 index 0000000000..f0e06d8219 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/erp-d1fe516e72277a6efd50d79a0cef3b2d.yaml @@ -0,0 +1,58 @@ +id: erp-d1fe516e72277a6efd50d79a0cef3b2d + +info: + name: > + WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/592440ab-60ac-419f-b615-e5617460aea9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/erp/" + google-query: inurl:"/wp-content/plugins/erp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,erp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/erp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "erp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/error-log-viewer-379b9f1826ea14bff8cb3dd2f951214d.yaml b/nuclei-templates/cve-less/plugins/error-log-viewer-379b9f1826ea14bff8cb3dd2f951214d.yaml new file mode 100644 index 0000000000..f2ef87577e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/error-log-viewer-379b9f1826ea14bff8cb3dd2f951214d.yaml @@ -0,0 +1,58 @@ +id: error-log-viewer-379b9f1826ea14bff8cb3dd2f951214d + +info: + name: > + Error Log Viewer <= 1.1.1 - Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37bfc71f-e1f9-4374-ab65-9b1c321ff386?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/error-log-viewer/" + google-query: inurl:"/wp-content/plugins/error-log-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,error-log-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/error-log-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "error-log-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/error-log-viewer-4c143b0897524c6ae94ca24b5d894e6a.yaml b/nuclei-templates/cve-less/plugins/error-log-viewer-4c143b0897524c6ae94ca24b5d894e6a.yaml new file mode 100644 index 0000000000..010a8135df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/error-log-viewer-4c143b0897524c6ae94ca24b5d894e6a.yaml @@ -0,0 +1,58 @@ +id: error-log-viewer-4c143b0897524c6ae94ca24b5d894e6a + +info: + name: > + Error Log Viewer by BestWebSoft <= 1.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9fc747c-3b13-4a49-a181-fe6a952a4ce3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/error-log-viewer/" + google-query: inurl:"/wp-content/plugins/error-log-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,error-log-viewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/error-log-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "error-log-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/error-log-viewer-85f600cb7a38ce6985c36103e27ab0e2.yaml b/nuclei-templates/cve-less/plugins/error-log-viewer-85f600cb7a38ce6985c36103e27ab0e2.yaml new file mode 100644 index 0000000000..2107a0d4c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/error-log-viewer-85f600cb7a38ce6985c36103e27ab0e2.yaml @@ -0,0 +1,58 @@ +id: error-log-viewer-85f600cb7a38ce6985c36103e27ab0e2 + +info: + name: > + Error Log Viewer by BestWebSoft < 1.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4fd12c-824c-44b9-a5be-d2f1abf79acc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/error-log-viewer/" + google-query: inurl:"/wp-content/plugins/error-log-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,error-log-viewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/error-log-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "error-log-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/error-log-viewer-a66a4d5df510beea3bf0ab3d3982bdad.yaml b/nuclei-templates/cve-less/plugins/error-log-viewer-a66a4d5df510beea3bf0ab3d3982bdad.yaml new file mode 100644 index 0000000000..0113f67a7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/error-log-viewer-a66a4d5df510beea3bf0ab3d3982bdad.yaml @@ -0,0 +1,58 @@ +id: error-log-viewer-a66a4d5df510beea3bf0ab3d3982bdad + +info: + name: > + Error Log Viewer <= 1.1.2 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07c719fd-690e-42e6-90ac-c4d55553a7cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/error-log-viewer/" + google-query: inurl:"/wp-content/plugins/error-log-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,error-log-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/error-log-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "error-log-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eshop-4712ac1bb5ac602fc210b88a33fdaf9f.yaml b/nuclei-templates/cve-less/plugins/eshop-4712ac1bb5ac602fc210b88a33fdaf9f.yaml new file mode 100644 index 0000000000..6fd7a5577b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eshop-4712ac1bb5ac602fc210b88a33fdaf9f.yaml @@ -0,0 +1,58 @@ +id: eshop-4712ac1bb5ac602fc210b88a33fdaf9f + +info: + name: > + eshop <= 6.3.13 - Cross-Site Forgery Request and Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33823749-e977-4c91-b8c4-d9774ba46dd9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eshop/" + google-query: inurl:"/wp-content/plugins/eshop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eshop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eshop-6b1f692527a7829aa26f6946e0d77ddd.yaml b/nuclei-templates/cve-less/plugins/eshop-6b1f692527a7829aa26f6946e0d77ddd.yaml new file mode 100644 index 0000000000..6ce6017d4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eshop-6b1f692527a7829aa26f6946e0d77ddd.yaml @@ -0,0 +1,58 @@ +id: eshop-6b1f692527a7829aa26f6946e0d77ddd + +info: + name: > + eShop <= 6.3.14 - Multiple SQL Injections + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa8f75dc-7ecd-498d-b41a-e788b4d4bcdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eshop/" + google-query: inurl:"/wp-content/plugins/eshop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eshop,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eshop-7e99952543b7586dc6b3250a2122b0f9.yaml b/nuclei-templates/cve-less/plugins/eshop-7e99952543b7586dc6b3250a2122b0f9.yaml new file mode 100644 index 0000000000..4dc8b8e57a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eshop-7e99952543b7586dc6b3250a2122b0f9.yaml @@ -0,0 +1,58 @@ +id: eshop-7e99952543b7586dc6b3250a2122b0f9 + +info: + name: > + eShop <= 6.3.14 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef4a7a20-663e-4e6a-af23-e8a87b18521e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eshop/" + google-query: inurl:"/wp-content/plugins/eshop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eshop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eshop-b63e841ec4f7ba03a92d7fcbed9249bc.yaml b/nuclei-templates/cve-less/plugins/eshop-b63e841ec4f7ba03a92d7fcbed9249bc.yaml new file mode 100644 index 0000000000..373b205a94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eshop-b63e841ec4f7ba03a92d7fcbed9249bc.yaml @@ -0,0 +1,58 @@ +id: eshop-b63e841ec4f7ba03a92d7fcbed9249bc + +info: + name: > + eShop <= 6.3.11 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/093dc35d-3d7d-4fa4-af57-835b96df8984?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eshop/" + google-query: inurl:"/wp-content/plugins/eshop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eshop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-elementor-298ee3ac56fa2818652ccdcf0f94081c.yaml b/nuclei-templates/cve-less/plugins/essential-addons-elementor-298ee3ac56fa2818652ccdcf0f94081c.yaml new file mode 100644 index 0000000000..2b50a70a4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-elementor-298ee3ac56fa2818652ccdcf0f94081c.yaml @@ -0,0 +1,58 @@ +id: essential-addons-elementor-298ee3ac56fa2818652ccdcf0f94081c + +info: + name: > + Essential Addons for Elementor Pro <= 5.8.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_html_tag' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fdad62e-d43a-4eb8-a637-0a257f3f18d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-elementor/" + google-query: inurl:"/wp-content/plugins/essential-addons-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-elementor-4efdbc3738e2b809632b64ac3cda51fe.yaml b/nuclei-templates/cve-less/plugins/essential-addons-elementor-4efdbc3738e2b809632b64ac3cda51fe.yaml new file mode 100644 index 0000000000..e55987737b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-elementor-4efdbc3738e2b809632b64ac3cda51fe.yaml @@ -0,0 +1,58 @@ +id: essential-addons-elementor-4efdbc3738e2b809632b64ac3cda51fe + +info: + name: > + Essential Addons for Elementor Pro <= 5.4.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f86293-a32f-49a6-8c8c-d37354ab040a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-elementor/" + google-query: inurl:"/wp-content/plugins/essential-addons-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-elementor-f34ebd6d445ec4bbd536ce24fec37483.yaml b/nuclei-templates/cve-less/plugins/essential-addons-elementor-f34ebd6d445ec4bbd536ce24fec37483.yaml new file mode 100644 index 0000000000..20e070dbbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-elementor-f34ebd6d445ec4bbd536ce24fec37483.yaml @@ -0,0 +1,58 @@ +id: essential-addons-elementor-f34ebd6d445ec4bbd536ce24fec37483 + +info: + name: > + Essential Addons for Elementor Pro <= 5.4.8 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1a193b7-21e5-4f57-aaa6-e55c79f8e957?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-elementor/" + google-query: inurl:"/wp-content/plugins/essential-addons-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-1a4b02751bb2128579758045cc80caa1.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-1a4b02751bb2128579758045cc80caa1.yaml new file mode 100644 index 0000000000..9d20ef7a6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-1a4b02751bb2128579758045cc80caa1.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-1a4b02751bb2128579758045cc80caa1 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ff2cc6-b584-442b-890b-033a0a047c24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-1a9b2b84b94bf133577af40ec3afb2be.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-1a9b2b84b94bf133577af40ec3afb2be.yaml new file mode 100644 index 0000000000..aebd15ac14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-1a9b2b84b94bf133577af40ec3afb2be.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-1a9b2b84b94bf133577af40ec3afb2be + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image URl + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/417baa1c-29f0-4fec-8008-5b52359b3328?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-200d6c881afb4e097be1558e49c07780.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-200d6c881afb4e097be1558e49c07780.yaml new file mode 100644 index 0000000000..a43dffddcd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-200d6c881afb4e097be1558e49c07780.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-200d6c881afb4e097be1558e49c07780 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fafdd087-9637-41df-bc5a-97e1a02ea744?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-24bb86aa2326eca80531d492521a5d29.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-24bb86aa2326eca80531d492521a5d29.yaml new file mode 100644 index 0000000000..7f7802147c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-24bb86aa2326eca80531d492521a5d29.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-24bb86aa2326eca80531d492521a5d29 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91f50b65-f001-4c73-bfe3-1aed3fc10d26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-3336686541cab0beb9c572eb91b49251.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-3336686541cab0beb9c572eb91b49251.yaml new file mode 100644 index 0000000000..dcd7a2f31f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-3336686541cab0beb9c572eb91b49251.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-3336686541cab0beb9c572eb91b49251 + +info: + name: > + Essential Addons for Elementor <= 5.0.4 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/014f1aae-10a0-4bc8-b176-dbdad94a6ad8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.0', '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-622d5312417c1581aa63ff2faa690a9c.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-622d5312417c1581aa63ff2faa690a9c.yaml new file mode 100644 index 0000000000..1a71551c0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-622d5312417c1581aa63ff2faa690a9c.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-622d5312417c1581aa63ff2faa690a9c + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.17 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23a66e6b-cec0-4110-9bef-a5d41ce1c954?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-641fbcb7693eaa3a03da6b383765a523.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-641fbcb7693eaa3a03da6b383765a523.yaml new file mode 100644 index 0000000000..f57115dd55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-641fbcb7693eaa3a03da6b383765a523.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-641fbcb7693eaa3a03da6b383765a523 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78f96d7f-aeca-4959-9573-0fb6402de007?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-73185f41beb88e54f54a80787c1d789a.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-73185f41beb88e54f54a80787c1d789a.yaml new file mode 100644 index 0000000000..f4dc8dc75e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-73185f41beb88e54f54a80787c1d789a.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-73185f41beb88e54f54a80787c1d789a + +info: + name: > + Essential Addons for Elementor Lite <= 4.5.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de614bbd-42ae-4c2a-aec6-31245124de76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-84d7b8eee39d9201723ad33de86e3865.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-84d7b8eee39d9201723ad33de86e3865.yaml new file mode 100644 index 0000000000..0d5bade1d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-84d7b8eee39d9201723ad33de86e3865.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-84d7b8eee39d9201723ad33de86e3865 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43014ecd-72d9-44cc-be24-c0c9790ddc20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-8bd60d8d3ae1eb23eefce0f380d89e1c.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-8bd60d8d3ae1eb23eefce0f380d89e1c.yaml new file mode 100644 index 0000000000..7d74305ec7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-8bd60d8d3ae1eb23eefce0f380d89e1c.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-8bd60d8d3ae1eb23eefce0f380d89e1c + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Data Table + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81a48c61-4191-4252-9230-9df8fc5e3443?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-8e520f19b2730c335f2344f32b135ff7.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-8e520f19b2730c335f2344f32b135ff7.yaml new file mode 100644 index 0000000000..4ee38d341b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-8e520f19b2730c335f2344f32b135ff7.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-8e520f19b2730c335f2344f32b135ff7 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af8bee01-15bc-485e-8b01-8b68b199b34d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-b435c087d203d9fb2850a517c55bcc97.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-b435c087d203d9fb2850a517c55bcc97.yaml new file mode 100644 index 0000000000..9351f3f7f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-b435c087d203d9fb2850a517c55bcc97.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-b435c087d203d9fb2850a517c55bcc97 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d604f7a-947c-43f4-bba6-e7e98b2d7844?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-b4aa2ee32c8d094c0d7d3b9c1a221104.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-b4aa2ee32c8d094c0d7d3b9c1a221104.yaml new file mode 100644 index 0000000000..3b09c4575c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-b4aa2ee32c8d094c0d7d3b9c1a221104.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-b4aa2ee32c8d094c0d7d3b9c1a221104 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/baa92aee-a0a0-45d4-aa12-1449a829930c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-b90105c25730b4d746a6acc92069913e.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-b90105c25730b4d746a6acc92069913e.yaml new file mode 100644 index 0000000000..56b9867ddd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-b90105c25730b4d746a6acc92069913e.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-b90105c25730b4d746a6acc92069913e + +info: + name: > + Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/342049e5-834e-4867-8174-01ca7bb0caa2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-baba429a98395d144623d60921070685.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-baba429a98395d144623d60921070685.yaml new file mode 100644 index 0000000000..396a1f3293 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-baba429a98395d144623d60921070685.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-baba429a98395d144623d60921070685 + +info: + name: > + Essential Addons for Elementor <= 5.7.1 - Unauthenticated Arbitrary Password Reset to Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e988d042-147c-4782-b728-71f5a50cecd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c784400f0eb0916fb123587bb1f7a008.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c784400f0eb0916fb123587bb1f7a008.yaml new file mode 100644 index 0000000000..ea64c8f1c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c784400f0eb0916fb123587bb1f7a008.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-c784400f0eb0916fb123587bb1f7a008 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/875db71d-c799-40b9-95e1-74d53046b0a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c7afeb04136868c455da71b1177f088f.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c7afeb04136868c455da71b1177f088f.yaml new file mode 100644 index 0000000000..b2d7a49390 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c7afeb04136868c455da71b1177f088f.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-c7afeb04136868c455da71b1177f088f + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e770e98-3c13-4e37-b51b-4c39bce2cb42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c900b7eac90dcb368c77b66b5bee17b3.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c900b7eac90dcb368c77b66b5bee17b3.yaml new file mode 100644 index 0000000000..1c16f81105 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c900b7eac90dcb368c77b66b5bee17b3.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-c900b7eac90dcb368c77b66b5bee17b3 + +info: + name: > + Essential Addons for Elementor <= 5.9.14 - Authenticated (Contributor+) Store Cross-Site Scripting via Widget URL Attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa5bdaf9-fbde-40d4-a72a-fd24489818b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c945e86e64bc195e431c6da83e2cc2c3.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c945e86e64bc195e431c6da83e2cc2c3.yaml new file mode 100644 index 0000000000..694d64f989 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-c945e86e64bc195e431c6da83e2cc2c3.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-c945e86e64bc195e431c6da83e2cc2c3 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scritping + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-cbede89175ad7b3a47d5ac8fb29d35bb.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-cbede89175ad7b3a47d5ac8fb29d35bb.yaml new file mode 100644 index 0000000000..2b1af42043 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-cbede89175ad7b3a47d5ac8fb29d35bb.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-cbede89175ad7b3a47d5ac8fb29d35bb + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12dc9e63-17bb-4755-be3c-ae8b26edd3cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-d36603d2844e0ef2710cb2cbe62e45a6.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-d36603d2844e0ef2710cb2cbe62e45a6.yaml new file mode 100644 index 0000000000..ccd062ec97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-d36603d2844e0ef2710cb2cbe62e45a6.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-d36603d2844e0ef2710cb2cbe62e45a6 + +info: + name: > + Essential Addons for Elementor Lite <= 5.0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8869a4fc-279f-4828-a271-8680d037fa85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-d4efcf3c752e65b8bb0f68965ff8309b.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-d4efcf3c752e65b8bb0f68965ff8309b.yaml new file mode 100644 index 0000000000..fc18b082d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-d4efcf3c752e65b8bb0f68965ff8309b.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-d4efcf3c752e65b8bb0f68965ff8309b + +info: + name: > + Essential Addons For Elementor <=5.8.1 - Unauthenticated MailChimp API Key Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e007c713-74bc-4ff5-a198-70dcc8a8ee68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-d621d242ab564fd8e6e924445af60a72.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-d621d242ab564fd8e6e924445af60a72.yaml new file mode 100644 index 0000000000..9ae8a1816c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-d621d242ab564fd8e6e924445af60a72.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-d621d242ab564fd8e6e924445af60a72 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7242d808-9c33-4b3f-bda6-b4b72ca37de9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-da6c348f533c2442c083b7568ed9771b.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-da6c348f533c2442c083b7568ed9771b.yaml new file mode 100644 index 0000000000..2de2438245 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-da6c348f533c2442c083b7568ed9771b.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-da6c348f533c2442c083b7568ed9771b + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf3190c-e247-4bcc-99e0-2ab2d2fa0590?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-e5a55bdcc25518bd7b994104c01d9391.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-e5a55bdcc25518bd7b994104c01d9391.yaml new file mode 100644 index 0000000000..0f19b6064a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-e5a55bdcc25518bd7b994104c01d9391.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-e5a55bdcc25518bd7b994104c01d9391 + +info: + name: > + Essential Addons for Elementor <= 5.8.8 - Authenticated (Contributor+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c13701e-424d-462f-b152-4dc5ad3ef197?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-e9df6b62593e703fd734b693ccc67b68.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-e9df6b62593e703fd734b693ccc67b68.yaml new file mode 100644 index 0000000000..b1d1e63dd4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-e9df6b62593e703fd734b693ccc67b68.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-e9df6b62593e703fd734b693ccc67b68 + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21e12c72-7898-4896-9852-ebb10e5f9a3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-eeb15b3523994497219c24e4ab9f075e.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-eeb15b3523994497219c24e4ab9f075e.yaml new file mode 100644 index 0000000000..592868f336 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-eeb15b3523994497219c24e4ab9f075e.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-eeb15b3523994497219c24e4ab9f075e + +info: + name: > + Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/284ea577-ff67-4681-995b-f7bb5ef0ff3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-fd0c27ea93cffb5177b96e76bbc2aa5f.yaml b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-fd0c27ea93cffb5177b96e76bbc2aa5f.yaml new file mode 100644 index 0000000000..d201e952f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-addons-for-elementor-lite-fd0c27ea93cffb5177b96e76bbc2aa5f.yaml @@ -0,0 +1,58 @@ +id: essential-addons-for-elementor-lite-fd0c27ea93cffb5177b96e76bbc2aa5f + +info: + name: > + Essential Addons for Elementor <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57ed6c7e-ca8d-476d-adce-905b2cd2eda8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-addons-for-elementor-lite/" + google-query: inurl:"/wp-content/plugins/essential-addons-for-elementor-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-addons-for-elementor-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-addons-for-elementor-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-1092f82974f0d44c05422ba456183db5.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-1092f82974f0d44c05422ba456183db5.yaml new file mode 100644 index 0000000000..3e384a8fa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-1092f82974f0d44c05422ba456183db5.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-1092f82974f0d44c05422ba456183db5 + +info: + name: > + Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f969cb24-734f-46e5-a74d-fddf8e61e096?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-6092ac059aadb6e2fb447935fafb717a.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-6092ac059aadb6e2fb447935fafb717a.yaml new file mode 100644 index 0000000000..27ab00f878 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-6092ac059aadb6e2fb447935fafb717a.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-6092ac059aadb6e2fb447935fafb717a + +info: + name: > + Essential Blocks for Gutenberg <= 4.2.0 - Missing Authorization via AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2136e1c-5f69-434d-bdc7-72a144da744b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-61d212d2e307b78bf3e793271bc28e50.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-61d212d2e307b78bf3e793271bc28e50.yaml new file mode 100644 index 0000000000..fb9a8109a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-61d212d2e307b78bf3e793271bc28e50.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-61d212d2e307b78bf3e793271bc28e50 + +info: + name: > + Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86364b6f-dec8-48d8-9d2d-de1ee4901872?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-65769acec1aefbf22b461433a4ab976c.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-65769acec1aefbf22b461433a4ab976c.yaml new file mode 100644 index 0000000000..7aa61fd8b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-65769acec1aefbf22b461433a4ab976c.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-65769acec1aefbf22b461433a4ab976c + +info: + name: > + Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfcd59ae-085f-47d2-a4d2-2d1239f035d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-670002c777730edbb2cb892efe1340bc.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-670002c777730edbb2cb892efe1340bc.yaml new file mode 100644 index 0000000000..f7f8d0e2b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-670002c777730edbb2cb892efe1340bc.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-670002c777730edbb2cb892efe1340bc + +info: + name: > + Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.9 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting via "Social Icons" Block + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b226067-0287-4f7e-9415-dc3c83f2fd27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-6bd5ec9d4799550acfbe6978f43129c9.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-6bd5ec9d4799550acfbe6978f43129c9.yaml new file mode 100644 index 0000000000..964297633c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-6bd5ec9d4799550acfbe6978f43129c9.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-6bd5ec9d4799550acfbe6978f43129c9 + +info: + name: > + Essential Blocks for Gutenberg <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8aa0eada-dc6c-4cd5-9ced-f162416ec439?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-7daa2f9a38772e28d5c088d50297e34a.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-7daa2f9a38772e28d5c088d50297e34a.yaml new file mode 100644 index 0000000000..a261409406 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-7daa2f9a38772e28d5c088d50297e34a.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-7daa2f9a38772e28d5c088d50297e34a + +info: + name: > + Essential Blocks <= 4.0.6 - Missing Authorization via get + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0be8c668-0f1c-4f83-8a71-49c8bb9b67ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-809bef969b735d714b42168e6770e1c0.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-809bef969b735d714b42168e6770e1c0.yaml new file mode 100644 index 0000000000..75e63e3169 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-809bef969b735d714b42168e6770e1c0.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-809bef969b735d714b42168e6770e1c0 + +info: + name: > + Essential Blocks <= 4.0.6 - Cross-Site Request Forgery via save + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d38d41c7-8786-4145-9591-3e24eff3b79c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-86a5e7d3d7ed00baf83310ad8f227a5e.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-86a5e7d3d7ed00baf83310ad8f227a5e.yaml new file mode 100644 index 0000000000..6982a7dcc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-86a5e7d3d7ed00baf83310ad8f227a5e.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-86a5e7d3d7ed00baf83310ad8f227a5e + +info: + name: > + Essential Blocks for Gutenberg <= 4.4.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/569b5522-8f38-454b-a8b5-12e3959c3348?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-8e520ae3c19cbf656f990691a6cb724f.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-8e520ae3c19cbf656f990691a6cb724f.yaml new file mode 100644 index 0000000000..7c1166e7ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-8e520ae3c19cbf656f990691a6cb724f.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-8e520ae3c19cbf656f990691a6cb724f + +info: + name: > + Essential Blocks for Gutenberg <= 3.8.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ddfd5d9-a7e4-42a8-8419-9a35b4781d3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-9de5506c980e28c9e55c18a88ab23a5f.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-9de5506c980e28c9e55c18a88ab23a5f.yaml new file mode 100644 index 0000000000..096f05d2c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-9de5506c980e28c9e55c18a88ab23a5f.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-9de5506c980e28c9e55c18a88ab23a5f + +info: + name: > + Essential Blocks <= 4.0.6 - Missing Authorization via save + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8bf0933-1c97-4374-b323-c55b91fe4d27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-b8c50e487b4b0337b88f73b897d2ea2b.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-b8c50e487b4b0337b88f73b897d2ea2b.yaml new file mode 100644 index 0000000000..94998b2dc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-b8c50e487b4b0337b88f73b897d2ea2b.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-b8c50e487b4b0337b88f73b897d2ea2b + +info: + name: > + Essential Blocks <= 4.0.6 - Missing Authorization via template_count + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9efc782a-ec61-4741-81fd-a263a2739e16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-cc9e9a844434f90c7c28fe24a22a2f2b.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-cc9e9a844434f90c7c28fe24a22a2f2b.yaml new file mode 100644 index 0000000000..9a593af417 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-cc9e9a844434f90c7c28fe24a22a2f2b.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-cc9e9a844434f90c7c28fe24a22a2f2b + +info: + name: > + Essential Blocks for Gutenberg <= 4.2.0 - Incorrect Authorization Checks + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eca703ec-645c-4d12-ae57-75db14e08f3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-d11264f27a09e4fdbe795eb60f43ac5c.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-d11264f27a09e4fdbe795eb60f43ac5c.yaml new file mode 100644 index 0000000000..669278ea5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-d11264f27a09e4fdbe795eb60f43ac5c.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-d11264f27a09e4fdbe795eb60f43ac5c + +info: + name: > + Essential Blocks <= 4.4.2 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c52435f3-cc1c-4d3a-a664-a07e60fad6ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-daec7d39bacac9f0d791f41eb89b64b4.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-daec7d39bacac9f0d791f41eb89b64b4.yaml new file mode 100644 index 0000000000..5660055f27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-daec7d39bacac9f0d791f41eb89b64b4.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-daec7d39bacac9f0d791f41eb89b64b4 + +info: + name: > + Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-de6bb81e5776b8853821078d5af9e37e.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-de6bb81e5776b8853821078d5af9e37e.yaml new file mode 100644 index 0000000000..eeb4bb0427 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-de6bb81e5776b8853821078d5af9e37e.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-de6bb81e5776b8853821078d5af9e37e + +info: + name: > + Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-ec83c952597cd4d48032e81f82ee4086.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-ec83c952597cd4d48032e81f82ee4086.yaml new file mode 100644 index 0000000000..b1833d7114 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-ec83c952597cd4d48032e81f82ee4086.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-ec83c952597cd4d48032e81f82ee4086 + +info: + name: > + Essential Blocks <= 4.0.6 - Missing Authorization via templates + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad2c1ab6-5c78-4317-b5e7-c86e2eebeb4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks/" + google-query: inurl:"/wp-content/plugins/essential-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-pro-daec7d39bacac9f0d791f41eb89b64b4.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-pro-daec7d39bacac9f0d791f41eb89b64b4.yaml new file mode 100644 index 0000000000..4b0049de5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-pro-daec7d39bacac9f0d791f41eb89b64b4.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-pro-daec7d39bacac9f0d791f41eb89b64b4 + +info: + name: > + Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks-pro/" + google-query: inurl:"/wp-content/plugins/essential-blocks-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-blocks-pro-de6bb81e5776b8853821078d5af9e37e.yaml b/nuclei-templates/cve-less/plugins/essential-blocks-pro-de6bb81e5776b8853821078d5af9e37e.yaml new file mode 100644 index 0000000000..5f075884b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-blocks-pro-de6bb81e5776b8853821078d5af9e37e.yaml @@ -0,0 +1,58 @@ +id: essential-blocks-pro-de6bb81e5776b8853821078d5af9e37e + +info: + name: > + Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-blocks-pro/" + google-query: inurl:"/wp-content/plugins/essential-blocks-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-blocks-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-blocks-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-blocks-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-content-types-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/essential-content-types-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..6cd5444943 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-content-types-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: essential-content-types-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-content-types/" + google-query: inurl:"/wp-content/plugins/essential-content-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-content-types,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-content-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-content-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-grid-252d8b0817c1504c9d368093cbed6570.yaml b/nuclei-templates/cve-less/plugins/essential-grid-252d8b0817c1504c9d368093cbed6570.yaml new file mode 100644 index 0000000000..d20baf9fba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-grid-252d8b0817c1504c9d368093cbed6570.yaml @@ -0,0 +1,58 @@ +id: essential-grid-252d8b0817c1504c9d368093cbed6570 + +info: + name: > + Essential Grid <= 3.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02eadae8-7aa6-42f5-b807-9ed82332fa72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-grid/" + google-query: inurl:"/wp-content/plugins/essential-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-grid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-grid-615a59dfb372c45c35b57f6455c9a01a.yaml b/nuclei-templates/cve-less/plugins/essential-grid-615a59dfb372c45c35b57f6455c9a01a.yaml new file mode 100644 index 0000000000..e13cc2dc5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-grid-615a59dfb372c45c35b57f6455c9a01a.yaml @@ -0,0 +1,58 @@ +id: essential-grid-615a59dfb372c45c35b57f6455c9a01a + +info: + name: > + Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adadac1e-3d92-41a5-90d4-b2028c8c40c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-grid/" + google-query: inurl:"/wp-content/plugins/essential-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-grid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-grid-ffdce410a6a7ddacc9790163fef8faa4.yaml b/nuclei-templates/cve-less/plugins/essential-grid-ffdce410a6a7ddacc9790163fef8faa4.yaml new file mode 100644 index 0000000000..a59c9b4fe8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-grid-ffdce410a6a7ddacc9790163fef8faa4.yaml @@ -0,0 +1,58 @@ +id: essential-grid-ffdce410a6a7ddacc9790163fef8faa4 + +info: + name: > + Essential Grid <= 3.0.18 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/326618eb-186b-44a2-a779-00d5366bfff2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-grid/" + google-query: inurl:"/wp-content/plugins/essential-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-grid,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-real-estate-00a2a2e9797fc1a0dfdb2c0093e34725.yaml b/nuclei-templates/cve-less/plugins/essential-real-estate-00a2a2e9797fc1a0dfdb2c0093e34725.yaml new file mode 100644 index 0000000000..7327b17b3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-real-estate-00a2a2e9797fc1a0dfdb2c0093e34725.yaml @@ -0,0 +1,58 @@ +id: essential-real-estate-00a2a2e9797fc1a0dfdb2c0093e34725 + +info: + name: > + Essential Real Estate <= 4.3.5 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fd93a48-72ab-4475-a25d-d68c98939533?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-real-estate/" + google-query: inurl:"/wp-content/plugins/essential-real-estate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-real-estate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-real-estate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-real-estate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-real-estate-495047757cee7d3f3cdfc2d78c597016.yaml b/nuclei-templates/cve-less/plugins/essential-real-estate-495047757cee7d3f3cdfc2d78c597016.yaml new file mode 100644 index 0000000000..94b1eec46c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-real-estate-495047757cee7d3f3cdfc2d78c597016.yaml @@ -0,0 +1,58 @@ +id: essential-real-estate-495047757cee7d3f3cdfc2d78c597016 + +info: + name: > + Essential Real Estate <= 3.9.5 - Reflected Cross-Site-Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e959ac0-e5ac-4d28-8161-311d952b993c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-real-estate/" + google-query: inurl:"/wp-content/plugins/essential-real-estate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-real-estate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-real-estate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-real-estate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-real-estate-54b8dea2a513397d549565f2d6307194.yaml b/nuclei-templates/cve-less/plugins/essential-real-estate-54b8dea2a513397d549565f2d6307194.yaml new file mode 100644 index 0000000000..5cd8bddc2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-real-estate-54b8dea2a513397d549565f2d6307194.yaml @@ -0,0 +1,58 @@ +id: essential-real-estate-54b8dea2a513397d549565f2d6307194 + +info: + name: > + Essential Real Estate <= 4.3.5 - Missing Authorization to Denial of Service + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74fa5a77-3c66-4aa5-aa58-3e608e3cba70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-real-estate/" + google-query: inurl:"/wp-content/plugins/essential-real-estate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-real-estate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-real-estate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-real-estate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-real-estate-79c84a24ae01cae4e07f5d580bc271de.yaml b/nuclei-templates/cve-less/plugins/essential-real-estate-79c84a24ae01cae4e07f5d580bc271de.yaml new file mode 100644 index 0000000000..2105fe4bb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-real-estate-79c84a24ae01cae4e07f5d580bc271de.yaml @@ -0,0 +1,58 @@ +id: essential-real-estate-79c84a24ae01cae4e07f5d580bc271de + +info: + name: > + Essential Real Estate <= 4.3.5 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bb2ce22-077b-41dd-a2ff-cc1db9d20d38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-real-estate/" + google-query: inurl:"/wp-content/plugins/essential-real-estate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-real-estate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-real-estate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-real-estate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/essential-widgets-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/essential-widgets-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..76a5b3cdd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/essential-widgets-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: essential-widgets-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/essential-widgets/" + google-query: inurl:"/wp-content/plugins/essential-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,essential-widgets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/essential-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "essential-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/estatik-2dab9495e3032fc043db0a21d11fd446.yaml b/nuclei-templates/cve-less/plugins/estatik-2dab9495e3032fc043db0a21d11fd446.yaml new file mode 100644 index 0000000000..3bd893c52f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/estatik-2dab9495e3032fc043db0a21d11fd446.yaml @@ -0,0 +1,58 @@ +id: estatik-2dab9495e3032fc043db0a21d11fd446 + +info: + name: > + Estatik <= 2.3.0 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54b3eaf4-5f45-4b94-8a7b-03da76d6ea83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/estatik/" + google-query: inurl:"/wp-content/plugins/estatik/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,estatik,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/estatik/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "estatik" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/estatik-4a2a3f2d6fcad8ba2e9fd4989dbe6a53.yaml b/nuclei-templates/cve-less/plugins/estatik-4a2a3f2d6fcad8ba2e9fd4989dbe6a53.yaml new file mode 100644 index 0000000000..8bbb811467 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/estatik-4a2a3f2d6fcad8ba2e9fd4989dbe6a53.yaml @@ -0,0 +1,58 @@ +id: estatik-4a2a3f2d6fcad8ba2e9fd4989dbe6a53 + +info: + name: > + Estatik <= 2.2.5 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64188179-1d7d-476f-866c-62bc10c85a3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/estatik/" + google-query: inurl:"/wp-content/plugins/estatik/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,estatik,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/estatik/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "estatik" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/estatik-735edcca81533a941d73b22fd3c790b1.yaml b/nuclei-templates/cve-less/plugins/estatik-735edcca81533a941d73b22fd3c790b1.yaml new file mode 100644 index 0000000000..fb90eca822 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/estatik-735edcca81533a941d73b22fd3c790b1.yaml @@ -0,0 +1,58 @@ +id: estatik-735edcca81533a941d73b22fd3c790b1 + +info: + name: > + Estatik Real Estate Plugin <= 4.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/720d1d50-06ae-4b47-ac64-115c00d81223?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/estatik/" + google-query: inurl:"/wp-content/plugins/estatik/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,estatik,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/estatik/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "estatik" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/estatik-c13a04653b2bd4332fed19d99c861058.yaml b/nuclei-templates/cve-less/plugins/estatik-c13a04653b2bd4332fed19d99c861058.yaml new file mode 100644 index 0000000000..359ca97e09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/estatik-c13a04653b2bd4332fed19d99c861058.yaml @@ -0,0 +1,58 @@ +id: estatik-c13a04653b2bd4332fed19d99c861058 + +info: + name: > + Estatik Real Estate Plugin <= 4.1.0 - Missing Authorization to Limited Arbitrary Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae6a00ef-1a3f-47cd-9e55-f28b74999198?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/estatik/" + google-query: inurl:"/wp-content/plugins/estatik/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,estatik,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/estatik/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "estatik" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/estatik-dffb7325ebaf69230baa15ff0c7b5c62.yaml b/nuclei-templates/cve-less/plugins/estatik-dffb7325ebaf69230baa15ff0c7b5c62.yaml new file mode 100644 index 0000000000..7e66040b55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/estatik-dffb7325ebaf69230baa15ff0c7b5c62.yaml @@ -0,0 +1,58 @@ +id: estatik-dffb7325ebaf69230baa15ff0c7b5c62 + +info: + name: > + Estatik Real Estate Plugin <= 4.1.0 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce0dcbe6-9231-45d9-9658-5d775e02cfcb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/estatik/" + google-query: inurl:"/wp-content/plugins/estatik/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,estatik,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/estatik/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "estatik" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/estatik-mortgage-calculator-4963e2b8018a63e397cd2fd1ef358d47.yaml b/nuclei-templates/cve-less/plugins/estatik-mortgage-calculator-4963e2b8018a63e397cd2fd1ef358d47.yaml new file mode 100644 index 0000000000..3a6a3f1032 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/estatik-mortgage-calculator-4963e2b8018a63e397cd2fd1ef358d47.yaml @@ -0,0 +1,58 @@ +id: estatik-mortgage-calculator-4963e2b8018a63e397cd2fd1ef358d47 + +info: + name: > + WordPress Mortgage Calculator Estatik <= 2.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ce9dd21-3c89-4ddd-9022-f1edf1224e2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/estatik-mortgage-calculator/" + google-query: inurl:"/wp-content/plugins/estatik-mortgage-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,estatik-mortgage-calculator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/estatik-mortgage-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "estatik-mortgage-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/estatik-mortgage-calculator-b9268068741b5afa10930c2a68504f76.yaml b/nuclei-templates/cve-less/plugins/estatik-mortgage-calculator-b9268068741b5afa10930c2a68504f76.yaml new file mode 100644 index 0000000000..8381130c43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/estatik-mortgage-calculator-b9268068741b5afa10930c2a68504f76.yaml @@ -0,0 +1,58 @@ +id: estatik-mortgage-calculator-b9268068741b5afa10930c2a68504f76 + +info: + name: > + Mortgage Calculator Estatik <= 2.0.7 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb73e92b-b807-4406-b378-cef6cff9eb82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/estatik-mortgage-calculator/" + google-query: inurl:"/wp-content/plugins/estatik-mortgage-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,estatik-mortgage-calculator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/estatik-mortgage-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "estatik-mortgage-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/et-core-plugin-2b061e047e658e61d8ebbd4e7e809bba.yaml b/nuclei-templates/cve-less/plugins/et-core-plugin-2b061e047e658e61d8ebbd4e7e809bba.yaml new file mode 100644 index 0000000000..ec38a65dc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/et-core-plugin-2b061e047e658e61d8ebbd4e7e809bba.yaml @@ -0,0 +1,58 @@ +id: et-core-plugin-2b061e047e658e61d8ebbd4e7e809bba + +info: + name: > + XStore Core <= 5.3.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46bc15d6-dc1b-40ec-8bb9-5342a4f84372?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/et-core-plugin/" + google-query: inurl:"/wp-content/plugins/et-core-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,et-core-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/et-core-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "et-core-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/et-core-plugin-3e529ad3f40187427736b7fab3732fc7.yaml b/nuclei-templates/cve-less/plugins/et-core-plugin-3e529ad3f40187427736b7fab3732fc7.yaml new file mode 100644 index 0000000000..19252b026a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/et-core-plugin-3e529ad3f40187427736b7fab3732fc7.yaml @@ -0,0 +1,58 @@ +id: et-core-plugin-3e529ad3f40187427736b7fab3732fc7 + +info: + name: > + XStore Core <= 5.3.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/050b6ad4-f1e4-403f-9e0e-7fc18504f661?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/et-core-plugin/" + google-query: inurl:"/wp-content/plugins/et-core-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,et-core-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/et-core-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "et-core-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/et-core-plugin-4a822947b182a8ad769234c031d65105.yaml b/nuclei-templates/cve-less/plugins/et-core-plugin-4a822947b182a8ad769234c031d65105.yaml new file mode 100644 index 0000000000..20ba169af4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/et-core-plugin-4a822947b182a8ad769234c031d65105.yaml @@ -0,0 +1,58 @@ +id: et-core-plugin-4a822947b182a8ad769234c031d65105 + +info: + name: > + XStore Core <= 5.3.5 - Authenticated (Subscriber+) Limited Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4167f0ad-aeef-4525-82c9-336f9f48a55e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/et-core-plugin/" + google-query: inurl:"/wp-content/plugins/et-core-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,et-core-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/et-core-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "et-core-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/et-core-plugin-67b6d13fd5c91dcaea1d0b5a3d6ef9e6.yaml b/nuclei-templates/cve-less/plugins/et-core-plugin-67b6d13fd5c91dcaea1d0b5a3d6ef9e6.yaml new file mode 100644 index 0000000000..256a7c4dd1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/et-core-plugin-67b6d13fd5c91dcaea1d0b5a3d6ef9e6.yaml @@ -0,0 +1,58 @@ +id: et-core-plugin-67b6d13fd5c91dcaea1d0b5a3d6ef9e6 + +info: + name: > + XStore Core <= 5.3.5 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba502aac-13f7-40e2-9672-bf26a0fefef7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/et-core-plugin/" + google-query: inurl:"/wp-content/plugins/et-core-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,et-core-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/et-core-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "et-core-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/et-core-plugin-69dc88dae2977364ee23f133476679d5.yaml b/nuclei-templates/cve-less/plugins/et-core-plugin-69dc88dae2977364ee23f133476679d5.yaml new file mode 100644 index 0000000000..c054fe7134 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/et-core-plugin-69dc88dae2977364ee23f133476679d5.yaml @@ -0,0 +1,58 @@ +id: et-core-plugin-69dc88dae2977364ee23f133476679d5 + +info: + name: > + XStore Core <= 5.3.5 - Authenticated (Subscriber+) Limited Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6986569-a273-4aea-bc74-ef7277781661?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/et-core-plugin/" + google-query: inurl:"/wp-content/plugins/et-core-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,et-core-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/et-core-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "et-core-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/et-core-plugin-778530516424ce1a3968690bf84c44c4.yaml b/nuclei-templates/cve-less/plugins/et-core-plugin-778530516424ce1a3968690bf84c44c4.yaml new file mode 100644 index 0000000000..63f8fd0e95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/et-core-plugin-778530516424ce1a3968690bf84c44c4.yaml @@ -0,0 +1,58 @@ +id: et-core-plugin-778530516424ce1a3968690bf84c44c4 + +info: + name: > + XStore Core <= 5.3.5 - Authenticated (Subscriber+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/856e3e77-d330-4fa0-9f07-f77a56dbb5bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/et-core-plugin/" + google-query: inurl:"/wp-content/plugins/et-core-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,et-core-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/et-core-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "et-core-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/et-core-plugin-7c1fbc71424269552780f75d587dc6d3.yaml b/nuclei-templates/cve-less/plugins/et-core-plugin-7c1fbc71424269552780f75d587dc6d3.yaml new file mode 100644 index 0000000000..b5c1ec0c1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/et-core-plugin-7c1fbc71424269552780f75d587dc6d3.yaml @@ -0,0 +1,58 @@ +id: et-core-plugin-7c1fbc71424269552780f75d587dc6d3 + +info: + name: > + XStore Core <= 5.3.5 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7019b542-9b9a-4d16-94a0-412cccf1e6eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/et-core-plugin/" + google-query: inurl:"/wp-content/plugins/et-core-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,et-core-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/et-core-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "et-core-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/et-core-plugin-dfb4659d00ee25c056f5c89962f45122.yaml b/nuclei-templates/cve-less/plugins/et-core-plugin-dfb4659d00ee25c056f5c89962f45122.yaml new file mode 100644 index 0000000000..8c7ee635c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/et-core-plugin-dfb4659d00ee25c056f5c89962f45122.yaml @@ -0,0 +1,58 @@ +id: et-core-plugin-dfb4659d00ee25c056f5c89962f45122 + +info: + name: > + XStore Core <= 5.3.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02399fc5-fe74-4ee5-ac63-78d971d2f99e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/et-core-plugin/" + google-query: inurl:"/wp-content/plugins/et-core-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,et-core-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/et-core-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "et-core-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/etsy-shop-006e837e29a04be28f23fcb621fc7c5f.yaml b/nuclei-templates/cve-less/plugins/etsy-shop-006e837e29a04be28f23fcb621fc7c5f.yaml new file mode 100644 index 0000000000..b4b93f7bab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/etsy-shop-006e837e29a04be28f23fcb621fc7c5f.yaml @@ -0,0 +1,58 @@ +id: etsy-shop-006e837e29a04be28f23fcb621fc7c5f + +info: + name: > + Etsy Shop <= 3.0.3 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/474494ad-6713-4167-b40d-c29c533f169e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/etsy-shop/" + google-query: inurl:"/wp-content/plugins/etsy-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,etsy-shop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/etsy-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "etsy-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/etsy-shop-12af00d20d6054e6e52d985c87c55f02.yaml b/nuclei-templates/cve-less/plugins/etsy-shop-12af00d20d6054e6e52d985c87c55f02.yaml new file mode 100644 index 0000000000..67956fe5fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/etsy-shop-12af00d20d6054e6e52d985c87c55f02.yaml @@ -0,0 +1,58 @@ +id: etsy-shop-12af00d20d6054e6e52d985c87c55f02 + +info: + name: > + Etsy Shop <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4696f7a-8b87-4376-b4c9-596eca30b38c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/etsy-shop/" + google-query: inurl:"/wp-content/plugins/etsy-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,etsy-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/etsy-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "etsy-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eu-cookie-law-0598f02cdb42ad5878825a4305d0cd60.yaml b/nuclei-templates/cve-less/plugins/eu-cookie-law-0598f02cdb42ad5878825a4305d0cd60.yaml new file mode 100644 index 0000000000..aa32aacdae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eu-cookie-law-0598f02cdb42ad5878825a4305d0cd60.yaml @@ -0,0 +1,58 @@ +id: eu-cookie-law-0598f02cdb42ad5878825a4305d0cd60 + +info: + name: > + EU Cookie Law <= 3.1.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e7cde2e-28e6-417a-900a-38d0a77800d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eu-cookie-law/" + google-query: inurl:"/wp-content/plugins/eu-cookie-law/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eu-cookie-law,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eu-cookie-law/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eu-cookie-law" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eu-cookie-law-7bd73acb3e7a0bf377aeb77c95eb6b8a.yaml b/nuclei-templates/cve-less/plugins/eu-cookie-law-7bd73acb3e7a0bf377aeb77c95eb6b8a.yaml new file mode 100644 index 0000000000..1a14ac1c9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eu-cookie-law-7bd73acb3e7a0bf377aeb77c95eb6b8a.yaml @@ -0,0 +1,58 @@ +id: eu-cookie-law-7bd73acb3e7a0bf377aeb77c95eb6b8a + +info: + name: > + EU Cookie Law <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15ec3b68-0461-4b99-81e1-0d776b97a4eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eu-cookie-law/" + google-query: inurl:"/wp-content/plugins/eu-cookie-law/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eu-cookie-law,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eu-cookie-law/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eu-cookie-law" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eupago-gateway-for-woocommerce-138945608ab96d8fde0710ddccd28d61.yaml b/nuclei-templates/cve-less/plugins/eupago-gateway-for-woocommerce-138945608ab96d8fde0710ddccd28d61.yaml new file mode 100644 index 0000000000..adecb9b80c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eupago-gateway-for-woocommerce-138945608ab96d8fde0710ddccd28d61.yaml @@ -0,0 +1,58 @@ +id: eupago-gateway-for-woocommerce-138945608ab96d8fde0710ddccd28d61 + +info: + name: > + Eupago Gateway For Woocommerce <= 3.1.9 - Cross-Site Request Forgery via eupago_page_content + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f1dcec6-1fcf-40e8-a15b-647b7161b6b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eupago-gateway-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/eupago-gateway-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eupago-gateway-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eupago-gateway-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eupago-gateway-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/evaluate-c206b1ef471fcab481cc325e40071db1.yaml b/nuclei-templates/cve-less/plugins/evaluate-c206b1ef471fcab481cc325e40071db1.yaml new file mode 100644 index 0000000000..c091ce25ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/evaluate-c206b1ef471fcab481cc325e40071db1.yaml @@ -0,0 +1,58 @@ +id: evaluate-c206b1ef471fcab481cc325e40071db1 + +info: + name: > + Evaluate <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b11f2ad4-5a89-4387-a307-350cead20491?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/evaluate/" + google-query: inurl:"/wp-content/plugins/evaluate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,evaluate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/evaluate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "evaluate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-calendar-wd-209b175b2921345ce72870696dcb5d5d.yaml b/nuclei-templates/cve-less/plugins/event-calendar-wd-209b175b2921345ce72870696dcb5d5d.yaml new file mode 100644 index 0000000000..44a860b3e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-calendar-wd-209b175b2921345ce72870696dcb5d5d.yaml @@ -0,0 +1,58 @@ +id: event-calendar-wd-209b175b2921345ce72870696dcb5d5d + +info: + name: > + EventCalendar <= 1.1.21 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3a5bb9c-0fc3-4a1b-8b4d-a700cbf9dacc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-calendar-wd/" + google-query: inurl:"/wp-content/plugins/event-calendar-wd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-calendar-wd,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-calendar-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-calendar-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-calendar-wd-4f2124ce38e5b11836dd224eb87f80c1.yaml b/nuclei-templates/cve-less/plugins/event-calendar-wd-4f2124ce38e5b11836dd224eb87f80c1.yaml new file mode 100644 index 0000000000..4509448d21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-calendar-wd-4f2124ce38e5b11836dd224eb87f80c1.yaml @@ -0,0 +1,58 @@ +id: event-calendar-wd-4f2124ce38e5b11836dd224eb87f80c1 + +info: + name: > + EventCalendar < 1.0.94 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5860fe2a-edb4-4542-9a87-d0ab6819dd77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-calendar-wd/" + google-query: inurl:"/wp-content/plugins/event-calendar-wd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-calendar-wd,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-calendar-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-calendar-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.94') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-calendar-wd-c04a7619437a5f30e58f107b65d00343.yaml b/nuclei-templates/cve-less/plugins/event-calendar-wd-c04a7619437a5f30e58f107b65d00343.yaml new file mode 100644 index 0000000000..e5e421a209 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-calendar-wd-c04a7619437a5f30e58f107b65d00343.yaml @@ -0,0 +1,58 @@ +id: event-calendar-wd-c04a7619437a5f30e58f107b65d00343 + +info: + name: > + Event Calendar <= 1.1.50 - Subscriber+ Event Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/835941f1-e2f6-41aa-9a46-cdbeb5741d20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-calendar-wd/" + google-query: inurl:"/wp-content/plugins/event-calendar-wd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-calendar-wd,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-calendar-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-calendar-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-calendar-wd-f87eb9062acaa622ccaad44a0da4055e.yaml b/nuclei-templates/cve-less/plugins/event-calendar-wd-f87eb9062acaa622ccaad44a0da4055e.yaml new file mode 100644 index 0000000000..cf612083ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-calendar-wd-f87eb9062acaa622ccaad44a0da4055e.yaml @@ -0,0 +1,58 @@ +id: event-calendar-wd-f87eb9062acaa622ccaad44a0da4055e + +info: + name: > + Event Calendar <= 1.1.50 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f773ef2f-c33d-414e-9c2f-df22b9d00234?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-calendar-wd/" + google-query: inurl:"/wp-content/plugins/event-calendar-wd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-calendar-wd,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-calendar-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-calendar-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-espresso-core-64738de487a64bb84aa49f1cb2905c9b.yaml b/nuclei-templates/cve-less/plugins/event-espresso-core-64738de487a64bb84aa49f1cb2905c9b.yaml new file mode 100644 index 0000000000..eddfcb8023 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-espresso-core-64738de487a64bb84aa49f1cb2905c9b.yaml @@ -0,0 +1,58 @@ +id: event-espresso-core-64738de487a64bb84aa49f1cb2905c9b + +info: + name: > + Event Espresso Core <= 4.10.6.p - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0cf53e3-1d5b-4f02-b1a1-61f6fc3ffe58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-espresso-core/" + google-query: inurl:"/wp-content/plugins/event-espresso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-espresso-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-espresso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-espresso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.6.p') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-espresso-decaf-58a3697a69c8ed53be8155b2e125899c.yaml b/nuclei-templates/cve-less/plugins/event-espresso-decaf-58a3697a69c8ed53be8155b2e125899c.yaml new file mode 100644 index 0000000000..3f6c679bc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-espresso-decaf-58a3697a69c8ed53be8155b2e125899c.yaml @@ -0,0 +1,58 @@ +id: event-espresso-decaf-58a3697a69c8ed53be8155b2e125899c + +info: + name: > + Event Espresso 4 Decaf <= 4.10.11 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89d3a9da-2496-4f75-ad8f-65629f198fe5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-espresso-decaf/" + google-query: inurl:"/wp-content/plugins/event-espresso-decaf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-espresso-decaf,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-espresso-decaf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-espresso-decaf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-espresso-decaf-b570b273a03a0fa29b5a4d4db2c58011.yaml b/nuclei-templates/cve-less/plugins/event-espresso-decaf-b570b273a03a0fa29b5a4d4db2c58011.yaml new file mode 100644 index 0000000000..abcb87257f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-espresso-decaf-b570b273a03a0fa29b5a4d4db2c58011.yaml @@ -0,0 +1,58 @@ +id: event-espresso-decaf-b570b273a03a0fa29b5a4d4db2c58011 + +info: + name: > + Event Espresso 4 Decaf <= 4.10.44.decaf - Feature Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d55f10f3-5484-4b90-80da-3d91f409fe04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-espresso-decaf/" + google-query: inurl:"/wp-content/plugins/event-espresso-decaf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-espresso-decaf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-espresso-decaf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-espresso-decaf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.44.decaf') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-espresso-free-11785a74a8a2ea2253fb0fe61f67d120.yaml b/nuclei-templates/cve-less/plugins/event-espresso-free-11785a74a8a2ea2253fb0fe61f67d120.yaml new file mode 100644 index 0000000000..dfa80281ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-espresso-free-11785a74a8a2ea2253fb0fe61f67d120.yaml @@ -0,0 +1,58 @@ +id: event-espresso-free-11785a74a8a2ea2253fb0fe61f67d120 + +info: + name: > + Event Espresso Free/Lite <= 3.1.37.12.L - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa14909c-58f6-40f1-af50-eb1a0d2333de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-espresso-free/" + google-query: inurl:"/wp-content/plugins/event-espresso-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-espresso-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-espresso-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-espresso-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.37.12.L') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-espresso-free-3faf59fe255a23ab6371375fbe88c459.yaml b/nuclei-templates/cve-less/plugins/event-espresso-free-3faf59fe255a23ab6371375fbe88c459.yaml new file mode 100644 index 0000000000..9309fefaa8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-espresso-free-3faf59fe255a23ab6371375fbe88c459.yaml @@ -0,0 +1,58 @@ +id: event-espresso-free-3faf59fe255a23ab6371375fbe88c459 + +info: + name: > + Event Expresso Free <= 3.1.37.11.L - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39f12569-ff89-4c6b-afcf-a8c4421749cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-espresso-free/" + google-query: inurl:"/wp-content/plugins/event-espresso-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-espresso-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-espresso-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-espresso-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.37.11.L') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-geek-895b9710054cceeb59eef3658e032c99.yaml b/nuclei-templates/cve-less/plugins/event-geek-895b9710054cceeb59eef3658e032c99.yaml new file mode 100644 index 0000000000..c4661984b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-geek-895b9710054cceeb59eef3658e032c99.yaml @@ -0,0 +1,58 @@ +id: event-geek-895b9710054cceeb59eef3658e032c99 + +info: + name: > + Event Geek <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/961b2b60-2026-42fc-be55-e7023e8ef3df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-geek/" + google-query: inurl:"/wp-content/plugins/event-geek/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-geek,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-geek/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-geek" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-list-1b4409ad110c3c389ee584578fde5c3f.yaml b/nuclei-templates/cve-less/plugins/event-list-1b4409ad110c3c389ee584578fde5c3f.yaml new file mode 100644 index 0000000000..0d4f68e994 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-list-1b4409ad110c3c389ee584578fde5c3f.yaml @@ -0,0 +1,58 @@ +id: event-list-1b4409ad110c3c389ee584578fde5c3f + +info: + name: > + Event List <= 0.7.9 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6153d71e-66c8-49d1-80d8-6a121883172d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-list/" + google-query: inurl:"/wp-content/plugins/event-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-list-8aead4340d12e591a0e0e1fb46dd9226.yaml b/nuclei-templates/cve-less/plugins/event-list-8aead4340d12e591a0e0e1fb46dd9226.yaml new file mode 100644 index 0000000000..229b8b882e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-list-8aead4340d12e591a0e0e1fb46dd9226.yaml @@ -0,0 +1,58 @@ +id: event-list-8aead4340d12e591a0e0e1fb46dd9226 + +info: + name: > + Event List < 0.8.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69693a9a-fc9e-49ea-8c41-438ee6af7ee8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-list/" + google-query: inurl:"/wp-content/plugins/event-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-list-b6feac7a7902db970215a4fc933d4825.yaml b/nuclei-templates/cve-less/plugins/event-list-b6feac7a7902db970215a4fc933d4825.yaml new file mode 100644 index 0000000000..7783f7665d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-list-b6feac7a7902db970215a4fc933d4825.yaml @@ -0,0 +1,58 @@ +id: event-list-b6feac7a7902db970215a4fc933d4825 + +info: + name: > + Event List < 0.7.9 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71d657d4-b326-4655-808a-913bbc9a8d1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-list/" + google-query: inurl:"/wp-content/plugins/event-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-monster-2ce3da9cb13ca01fe4975c718c0361d4.yaml b/nuclei-templates/cve-less/plugins/event-monster-2ce3da9cb13ca01fe4975c718c0361d4.yaml new file mode 100644 index 0000000000..9d11ad25c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-monster-2ce3da9cb13ca01fe4975c718c0361d4.yaml @@ -0,0 +1,58 @@ +id: event-monster-2ce3da9cb13ca01fe4975c718c0361d4 + +info: + name: > + Event Monster <= 1.2.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb9ca8e0-741c-4763-b677-61f16e5a3b50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-monster/" + google-query: inurl:"/wp-content/plugins/event-monster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-monster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-monster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-monster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-monster-5b36fd20286674ebec29c5f8c3b598c9.yaml b/nuclei-templates/cve-less/plugins/event-monster-5b36fd20286674ebec29c5f8c3b598c9.yaml new file mode 100644 index 0000000000..46f365c525 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-monster-5b36fd20286674ebec29c5f8c3b598c9.yaml @@ -0,0 +1,58 @@ +id: event-monster-5b36fd20286674ebec29c5f8c3b598c9 + +info: + name: > + Event Management Tickets Booking <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f4f2317-945e-4fd8-8a0b-981b88a8412c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-monster/" + google-query: inurl:"/wp-content/plugins/event-monster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-monster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-monster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-monster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-monster-6be2333e24bb1c10a3a6c889899366b0.yaml b/nuclei-templates/cve-less/plugins/event-monster-6be2333e24bb1c10a3a6c889899366b0.yaml new file mode 100644 index 0000000000..c02f9c3088 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-monster-6be2333e24bb1c10a3a6c889899366b0.yaml @@ -0,0 +1,58 @@ +id: event-monster-6be2333e24bb1c10a3a6c889899366b0 + +info: + name: > + Event Monster – Event Management, Tickets Booking, Upcoming Event <= 1.1.20 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/018912c2-befc-403c-8e60-161580e84f55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-monster/" + google-query: inurl:"/wp-content/plugins/event-monster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-monster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-monster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-monster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-monster-86218768d044c8a0a41ad3c63743810a.yaml b/nuclei-templates/cve-less/plugins/event-monster-86218768d044c8a0a41ad3c63743810a.yaml new file mode 100644 index 0000000000..07ae55aab4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-monster-86218768d044c8a0a41ad3c63743810a.yaml @@ -0,0 +1,58 @@ +id: event-monster-86218768d044c8a0a41ad3c63743810a + +info: + name: > + Event Monster <= 1.3.4 - Authenticated(Contributor+) PHP Object Injection via Custom Meta + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41d7b3f1-a133-4678-b2d9-3f9951cbc005?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-monster/" + google-query: inurl:"/wp-content/plugins/event-monster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-monster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-monster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-monster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-notifier-a1a48fe23ddfed810a2068245669c30f.yaml b/nuclei-templates/cve-less/plugins/event-notifier-a1a48fe23ddfed810a2068245669c30f.yaml new file mode 100644 index 0000000000..4afb56036a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-notifier-a1a48fe23ddfed810a2068245669c30f.yaml @@ -0,0 +1,58 @@ +id: event-notifier-a1a48fe23ddfed810a2068245669c30f + +info: + name: > + Event Notifier <= 1.2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/181be35c-0aec-48b0-a43b-181284cdb2e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-notifier/" + google-query: inurl:"/wp-content/plugins/event-notifier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-notifier,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-notifier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-notifier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-page-templates-addon-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml b/nuclei-templates/cve-less/plugins/event-page-templates-addon-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml new file mode 100644 index 0000000000..da160b114b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-page-templates-addon-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml @@ -0,0 +1,58 @@ +id: event-page-templates-addon-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-page-templates-addon-for-the-events-calendar/" + google-query: inurl:"/wp-content/plugins/event-page-templates-addon-for-the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-page-templates-addon-for-the-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-page-templates-addon-for-the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-page-templates-addon-for-the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-post-7d0df8a0008135defe46e0244de6dafd.yaml b/nuclei-templates/cve-less/plugins/event-post-7d0df8a0008135defe46e0244de6dafd.yaml new file mode 100644 index 0000000000..a893b5a471 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-post-7d0df8a0008135defe46e0244de6dafd.yaml @@ -0,0 +1,58 @@ +id: event-post-7d0df8a0008135defe46e0244de6dafd + +info: + name: > + Event post <= 5.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a92b96b-ecbc-4414-8e42-04b5c3a02131?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-post/" + google-query: inurl:"/wp-content/plugins/event-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-registration-calendar-by-vcita-75fa36bac06fa043ebc71b72e7bf53b3.yaml b/nuclei-templates/cve-less/plugins/event-registration-calendar-by-vcita-75fa36bac06fa043ebc71b72e7bf53b3.yaml new file mode 100644 index 0000000000..ae2db838bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-registration-calendar-by-vcita-75fa36bac06fa043ebc71b72e7bf53b3.yaml @@ -0,0 +1,58 @@ +id: event-registration-calendar-by-vcita-75fa36bac06fa043ebc71b72e7bf53b3 + +info: + name: > + Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ab05954-9999-43ff-8e3c-a987e2da1956?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-registration-calendar-by-vcita/" + google-query: inurl:"/wp-content/plugins/event-registration-calendar-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-registration-calendar-by-vcita,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-registration-calendar-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-registration-calendar-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-registration-calendar-by-vcita-90aaaaca062b8a7ccd7c1e4f2b79b8c4.yaml b/nuclei-templates/cve-less/plugins/event-registration-calendar-by-vcita-90aaaaca062b8a7ccd7c1e4f2b79b8c4.yaml new file mode 100644 index 0000000000..503734c46c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-registration-calendar-by-vcita-90aaaaca062b8a7ccd7c1e4f2b79b8c4.yaml @@ -0,0 +1,58 @@ +id: event-registration-calendar-by-vcita-90aaaaca062b8a7ccd7c1e4f2b79b8c4 + +info: + name: > + Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.9.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/207b40fa-2062-48d6-990b-f05cbbf8fb8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-registration-calendar-by-vcita/" + google-query: inurl:"/wp-content/plugins/event-registration-calendar-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-registration-calendar-by-vcita,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-registration-calendar-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-registration-calendar-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-registration-e5636efc611147282df108916f2ce8de.yaml b/nuclei-templates/cve-less/plugins/event-registration-e5636efc611147282df108916f2ce8de.yaml new file mode 100644 index 0000000000..aec3b4c368 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-registration-e5636efc611147282df108916f2ce8de.yaml @@ -0,0 +1,58 @@ +id: event-registration-e5636efc611147282df108916f2ce8de + +info: + name: > + Event Registration < 6.00.03 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd328738-7467-4f30-83bb-9e1c836fa940?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-registration/" + google-query: inurl:"/wp-content/plugins/event-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-registration,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.00.03') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-tickets-2581131a04f529b6a1d76a0e92f4b955.yaml b/nuclei-templates/cve-less/plugins/event-tickets-2581131a04f529b6a1d76a0e92f4b955.yaml new file mode 100644 index 0000000000..d009b7ac0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-tickets-2581131a04f529b6a1d76a0e92f4b955.yaml @@ -0,0 +1,58 @@ +id: event-tickets-2581131a04f529b6a1d76a0e92f4b955 + +info: + name: > + Event Tickets and Registration <= 5.8.0 Events Tickets Plus <= 5.9.0 - Authenticated (Contributor+) Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c9d08f5-7c94-40e7-979f-023456aeb54e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-tickets/" + google-query: inurl:"/wp-content/plugins/event-tickets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-tickets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-tickets-2f07eb6c891e38765db750c63d86a120.yaml b/nuclei-templates/cve-less/plugins/event-tickets-2f07eb6c891e38765db750c63d86a120.yaml new file mode 100644 index 0000000000..e991e92d7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-tickets-2f07eb6c891e38765db750c63d86a120.yaml @@ -0,0 +1,58 @@ +id: event-tickets-2f07eb6c891e38765db750c63d86a120 + +info: + name: > + Event Tickets and Registration <= 5.8.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-tickets/" + google-query: inurl:"/wp-content/plugins/event-tickets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-tickets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-tickets-c4921b839172d2af0f48284749d41b1d.yaml b/nuclei-templates/cve-less/plugins/event-tickets-c4921b839172d2af0f48284749d41b1d.yaml new file mode 100644 index 0000000000..60cfcb8491 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-tickets-c4921b839172d2af0f48284749d41b1d.yaml @@ -0,0 +1,58 @@ +id: event-tickets-c4921b839172d2af0f48284749d41b1d + +info: + name: > + Event Tickets <= 4.10.7.1 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e25914f-f2c6-4224-a2f4-0b691d1e77aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-tickets/" + google-query: inurl:"/wp-content/plugins/event-tickets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-tickets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-tickets-cb6c55d4733797bb415d8f13c3aeab2d.yaml b/nuclei-templates/cve-less/plugins/event-tickets-cb6c55d4733797bb415d8f13c3aeab2d.yaml new file mode 100644 index 0000000000..ff1cc7a11d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-tickets-cb6c55d4733797bb415d8f13c3aeab2d.yaml @@ -0,0 +1,58 @@ +id: event-tickets-cb6c55d4733797bb415d8f13c3aeab2d + +info: + name: > + Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e42dd1c-adf7-471a-a14a-9038c56413a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-tickets/" + google-query: inurl:"/wp-content/plugins/event-tickets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-tickets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-tickets-f8870005841795b1f61974063b04cd70.yaml b/nuclei-templates/cve-less/plugins/event-tickets-f8870005841795b1f61974063b04cd70.yaml new file mode 100644 index 0000000000..c68f787dbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-tickets-f8870005841795b1f61974063b04cd70.yaml @@ -0,0 +1,58 @@ +id: event-tickets-f8870005841795b1f61974063b04cd70 + +info: + name: > + Event Tickets <= 5.2.1 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9ce2107-18bd-4331-bd8e-578f56fdebf7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-tickets/" + google-query: inurl:"/wp-content/plugins/event-tickets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-tickets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-tickets-plus-2581131a04f529b6a1d76a0e92f4b955.yaml b/nuclei-templates/cve-less/plugins/event-tickets-plus-2581131a04f529b6a1d76a0e92f4b955.yaml new file mode 100644 index 0000000000..dc358f95d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-tickets-plus-2581131a04f529b6a1d76a0e92f4b955.yaml @@ -0,0 +1,58 @@ +id: event-tickets-plus-2581131a04f529b6a1d76a0e92f4b955 + +info: + name: > + Event Tickets and Registration <= 5.8.0 Events Tickets Plus <= 5.9.0 - Authenticated (Contributor+) Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c9d08f5-7c94-40e7-979f-023456aeb54e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-tickets-plus/" + google-query: inurl:"/wp-content/plugins/event-tickets-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-tickets-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-tickets-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-tickets-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/event-tickets-plus-4df3cdb7c674def16735b8e037827c43.yaml b/nuclei-templates/cve-less/plugins/event-tickets-plus-4df3cdb7c674def16735b8e037827c43.yaml new file mode 100644 index 0000000000..6ff9ed6314 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/event-tickets-plus-4df3cdb7c674def16735b8e037827c43.yaml @@ -0,0 +1,58 @@ +id: event-tickets-plus-4df3cdb7c674def16735b8e037827c43 + +info: + name: > + Events Tickets Plus <= 5.9.0 - Missing Authorization to Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28e16994-a03f-4b3a-9f45-e6b0a1334c98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/event-tickets-plus/" + google-query: inurl:"/wp-content/plugins/event-tickets-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,event-tickets-plus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/event-tickets-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "event-tickets-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventify-a2935a109cadc5c6b15de3c6e258096e.yaml b/nuclei-templates/cve-less/plugins/eventify-a2935a109cadc5c6b15de3c6e258096e.yaml new file mode 100644 index 0000000000..a21e21ec82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventify-a2935a109cadc5c6b15de3c6e258096e.yaml @@ -0,0 +1,58 @@ +id: eventify-a2935a109cadc5c6b15de3c6e258096e + +info: + name: > + Eventify <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b95749b-c522-42cd-aa99-36bdf15541c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventify/" + google-query: inurl:"/wp-content/plugins/eventify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-187d65743de5f807e3a3561c30924b2f.yaml b/nuclei-templates/cve-less/plugins/eventon-187d65743de5f807e3a3561c30924b2f.yaml new file mode 100644 index 0000000000..07746e9cc7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-187d65743de5f807e3a3561c30924b2f.yaml @@ -0,0 +1,58 @@ +id: eventon-187d65743de5f807e3a3561c30924b2f + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Cross-Site Request Forgery via evo_eventpost_update_meta + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8e9a333-a6b7-4b5e-93c1-b95566e5d6fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon/" + google-query: inurl:"/wp-content/plugins/eventon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-2c733617d0e1924a092044fd73aaa5a5.yaml b/nuclei-templates/cve-less/plugins/eventon-2c733617d0e1924a092044fd73aaa5a5.yaml new file mode 100644 index 0000000000..2bc7bb3e7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-2c733617d0e1924a092044fd73aaa5a5.yaml @@ -0,0 +1,58 @@ +id: eventon-2c733617d0e1924a092044fd73aaa5a5 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Missing Authorization via config_virtual_event + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae603d27-aea5-49d9-beab-db18746ffe87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon/" + google-query: inurl:"/wp-content/plugins/eventon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-34378358cea5d52c68afc57717376111.yaml b/nuclei-templates/cve-less/plugins/eventon-34378358cea5d52c68afc57717376111.yaml new file mode 100644 index 0000000000..9acc088a49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-34378358cea5d52c68afc57717376111.yaml @@ -0,0 +1,58 @@ +id: eventon-34378358cea5d52c68afc57717376111 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec2daf19-51ef-4e1b-becb-252955a61523?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon/" + google-query: inurl:"/wp-content/plugins/eventon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-40551e34986076f096f391a092597f50.yaml b/nuclei-templates/cve-less/plugins/eventon-40551e34986076f096f391a092597f50.yaml new file mode 100644 index 0000000000..05d10aefbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-40551e34986076f096f391a092597f50.yaml @@ -0,0 +1,58 @@ +id: eventon-40551e34986076f096f391a092597f50 + +info: + name: > + EventON <= 4.4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0d5b1a5-0078-402b-b834-8091bfc02dd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon/" + google-query: inurl:"/wp-content/plugins/eventon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-4534912fcab3ecf2a9fe501762efc225.yaml b/nuclei-templates/cve-less/plugins/eventon-4534912fcab3ecf2a9fe501762efc225.yaml new file mode 100644 index 0000000000..1444ce6587 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-4534912fcab3ecf2a9fe501762efc225.yaml @@ -0,0 +1,58 @@ +id: eventon-4534912fcab3ecf2a9fe501762efc225 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Missing Authorization via get_virtual_users + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2994fbb-29b0-4725-a046-edeca4bcbcd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon/" + google-query: inurl:"/wp-content/plugins/eventon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-537515ca49a9f4b41a11d36cd380e6f4.yaml b/nuclei-templates/cve-less/plugins/eventon-537515ca49a9f4b41a11d36cd380e6f4.yaml new file mode 100644 index 0000000000..bf6166faf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-537515ca49a9f4b41a11d36cd380e6f4.yaml @@ -0,0 +1,58 @@ +id: eventon-537515ca49a9f4b41a11d36cd380e6f4 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19f94c4f-145b-4058-aabd-06525fce3cea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon/" + google-query: inurl:"/wp-content/plugins/eventon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-68358961295abb7462ad91426e0c3310.yaml b/nuclei-templates/cve-less/plugins/eventon-68358961295abb7462ad91426e0c3310.yaml new file mode 100644 index 0000000000..1baf2761be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-68358961295abb7462ad91426e0c3310.yaml @@ -0,0 +1,58 @@ +id: eventon-68358961295abb7462ad91426e0c3310 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.8 (Free) - Cross-Site Request Forgery via save_virtual_event_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fcc3a82-f116-446e-9e5f-4f074e20403b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon/" + google-query: inurl:"/wp-content/plugins/eventon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-6c5fd9bdbd84a5f94cf449613dea61df.yaml b/nuclei-templates/cve-less/plugins/eventon-6c5fd9bdbd84a5f94cf449613dea61df.yaml new file mode 100644 index 0000000000..3a525ac6a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-6c5fd9bdbd84a5f94cf449613dea61df.yaml @@ -0,0 +1,58 @@ +id: eventon-6c5fd9bdbd84a5f94cf449613dea61df + +info: + name: > + EventON <= 2.1 - Insecure Direct Object Reference to Unauthorized Post Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1485dda6-bf83-4076-80c9-dc7ea9d58155?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon/" + google-query: inurl:"/wp-content/plugins/eventon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-83c99024de6733ef722985ade6213db3.yaml b/nuclei-templates/cve-less/plugins/eventon-83c99024de6733ef722985ade6213db3.yaml new file mode 100644 index 0000000000..ef4cfed81f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-83c99024de6733ef722985ade6213db3.yaml @@ -0,0 +1,58 @@ +id: eventon-83c99024de6733ef722985ade6213db3 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67fc4141-7875-459b-98d8-d14e0a6f566c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon/" + google-query: inurl:"/wp-content/plugins/eventon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-9a365d69136d08070aadedc43ca85c95.yaml b/nuclei-templates/cve-less/plugins/eventon-9a365d69136d08070aadedc43ca85c95.yaml new file mode 100644 index 0000000000..c09fcf5488 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-9a365d69136d08070aadedc43ca85c95.yaml @@ -0,0 +1,58 @@ +id: eventon-9a365d69136d08070aadedc43ca85c95 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.8 (Pro) & <= 2.2.7 (Free) - Missing Authorization via eventon_save_virtual_event_settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/220ca462-6a5b-440e-badf-d253e2b6b1f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon/" + google-query: inurl:"/wp-content/plugins/eventon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-bfc5e831d060dfacf2a5fc44dc2fba98.yaml b/nuclei-templates/cve-less/plugins/eventon-bfc5e831d060dfacf2a5fc44dc2fba98.yaml new file mode 100644 index 0000000000..f7b7fa1263 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-bfc5e831d060dfacf2a5fc44dc2fba98.yaml @@ -0,0 +1,58 @@ +id: eventon-bfc5e831d060dfacf2a5fc44dc2fba98 + +info: + name: > + EventON <= 3.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/577b4738-fa58-44b2-a8e7-ef59925f26a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon/" + google-query: inurl:"/wp-content/plugins/eventon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-187d65743de5f807e3a3561c30924b2f.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-187d65743de5f807e3a3561c30924b2f.yaml new file mode 100644 index 0000000000..c71aa79219 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-187d65743de5f807e3a3561c30924b2f.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-187d65743de5f807e3a3561c30924b2f + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Cross-Site Request Forgery via evo_eventpost_update_meta + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8e9a333-a6b7-4b5e-93c1-b95566e5d6fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-2c733617d0e1924a092044fd73aaa5a5.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-2c733617d0e1924a092044fd73aaa5a5.yaml new file mode 100644 index 0000000000..f8302f7e51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-2c733617d0e1924a092044fd73aaa5a5.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-2c733617d0e1924a092044fd73aaa5a5 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Missing Authorization via config_virtual_event + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae603d27-aea5-49d9-beab-db18746ffe87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-32a06eefdb3abe2eefd8adc33ab67b7c.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-32a06eefdb3abe2eefd8adc33ab67b7c.yaml new file mode 100644 index 0000000000..e4d143a003 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-32a06eefdb3abe2eefd8adc33ab67b7c.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-32a06eefdb3abe2eefd8adc33ab67b7c + +info: + name: > + EventON <= 2.1.7 - Authenticated (Admin+) HTML Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f9bd960-01ef-41dd-ab05-0a5f734484a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-34378358cea5d52c68afc57717376111.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-34378358cea5d52c68afc57717376111.yaml new file mode 100644 index 0000000000..fd572fe68d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-34378358cea5d52c68afc57717376111.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-34378358cea5d52c68afc57717376111 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec2daf19-51ef-4e1b-becb-252955a61523?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-4534912fcab3ecf2a9fe501762efc225.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-4534912fcab3ecf2a9fe501762efc225.yaml new file mode 100644 index 0000000000..ba0f687a7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-4534912fcab3ecf2a9fe501762efc225.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-4534912fcab3ecf2a9fe501762efc225 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Missing Authorization via get_virtual_users + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2994fbb-29b0-4725-a046-edeca4bcbcd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-537515ca49a9f4b41a11d36cd380e6f4.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-537515ca49a9f4b41a11d36cd380e6f4.yaml new file mode 100644 index 0000000000..4e2d285dfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-537515ca49a9f4b41a11d36cd380e6f4.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-537515ca49a9f4b41a11d36cd380e6f4 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19f94c4f-145b-4058-aabd-06525fce3cea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-68358961295abb7462ad91426e0c3310.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-68358961295abb7462ad91426e0c3310.yaml new file mode 100644 index 0000000000..4ab48cb49b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-68358961295abb7462ad91426e0c3310.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-68358961295abb7462ad91426e0c3310 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.8 (Free) - Cross-Site Request Forgery via save_virtual_event_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fcc3a82-f116-446e-9e5f-4f074e20403b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-6c5fd9bdbd84a5f94cf449613dea61df.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-6c5fd9bdbd84a5f94cf449613dea61df.yaml new file mode 100644 index 0000000000..4f54c714b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-6c5fd9bdbd84a5f94cf449613dea61df.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-6c5fd9bdbd84a5f94cf449613dea61df + +info: + name: > + EventON <= 2.1 - Insecure Direct Object Reference to Unauthorized Post Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1485dda6-bf83-4076-80c9-dc7ea9d58155?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-83c99024de6733ef722985ade6213db3.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-83c99024de6733ef722985ade6213db3.yaml new file mode 100644 index 0000000000..d84530628b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-83c99024de6733ef722985ade6213db3.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-83c99024de6733ef722985ade6213db3 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67fc4141-7875-459b-98d8-d14e0a6f566c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-9854f6b7648b36ab18b7baf1bd96dfc8.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-9854f6b7648b36ab18b7baf1bd96dfc8.yaml new file mode 100644 index 0000000000..0e20d0feb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-9854f6b7648b36ab18b7baf1bd96dfc8.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-9854f6b7648b36ab18b7baf1bd96dfc8 + +info: + name: > + EventON <= 2.2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/115ad0b2-febe-485a-8fb5-9bd6edc37ef7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-9a365d69136d08070aadedc43ca85c95.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-9a365d69136d08070aadedc43ca85c95.yaml new file mode 100644 index 0000000000..ee7d7ac484 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-9a365d69136d08070aadedc43ca85c95.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-9a365d69136d08070aadedc43ca85c95 + +info: + name: > + EventON - WordPress Virtual Event Calendar Plugin <= 4.5.8 (Pro) & <= 2.2.7 (Free) - Missing Authorization via eventon_save_virtual_event_settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/220ca462-6a5b-440e-badf-d253e2b6b1f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-b285571aa8961228c020fb748a563a39.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-b285571aa8961228c020fb748a563a39.yaml new file mode 100644 index 0000000000..3b1eda522d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-b285571aa8961228c020fb748a563a39.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-b285571aa8961228c020fb748a563a39 + +info: + name: > + EventON <= 2.1 - Missing Authorization to Event Access + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dba3f3a6-3f55-4f4e-98e4-bb98d9c94bdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-eb5eba3fb055e3f1a65941e7a11b92d0.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-eb5eba3fb055e3f1a65941e7a11b92d0.yaml new file mode 100644 index 0000000000..3cc6a6df90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-eb5eba3fb055e3f1a65941e7a11b92d0.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-eb5eba3fb055e3f1a65941e7a11b92d0 + +info: + name: > + EventON <= 2.2.14 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a044983-1ec7-464b-aa5d-d479be45bb1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-lite-fb01f61580a3daa6743e2536b3904a23.yaml b/nuclei-templates/cve-less/plugins/eventon-lite-fb01f61580a3daa6743e2536b3904a23.yaml new file mode 100644 index 0000000000..ae873f531b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-lite-fb01f61580a3daa6743e2536b3904a23.yaml @@ -0,0 +1,58 @@ +id: eventon-lite-fb01f61580a3daa6743e2536b3904a23 + +info: + name: > + EventON <= 2.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bba6567f-457b-44fd-993a-3f5380a2c3fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-lite/" + google-query: inurl:"/wp-content/plugins/eventon-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventon-rsvp-e0185b582d68cb517dbdd113cf354faa.yaml b/nuclei-templates/cve-less/plugins/eventon-rsvp-e0185b582d68cb517dbdd113cf354faa.yaml new file mode 100644 index 0000000000..eb52da0d34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventon-rsvp-e0185b582d68cb517dbdd113cf354faa.yaml @@ -0,0 +1,58 @@ +id: eventon-rsvp-e0185b582d68cb517dbdd113cf354faa + +info: + name: > + RSVP Events <= 2.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aac9be6c-7498-482e-8c38-da17a2c7f00a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventon-rsvp/" + google-query: inurl:"/wp-content/plugins/eventon-rsvp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventon-rsvp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventon-rsvp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventon-rsvp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-0518a583283f442e889b7000a0f04a7c.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-0518a583283f442e889b7000a0f04a7c.yaml new file mode 100644 index 0000000000..7ef52c4d07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-0518a583283f442e889b7000a0f04a7c.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-0518a583283f442e889b7000a0f04a7c + +info: + name: > + EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/346049ca-1bc5-4e02-9f38-d1f64338709d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-0ce22c0fe7f774ad920004b34c3c97f2.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-0ce22c0fe7f774ad920004b34c3c97f2.yaml new file mode 100644 index 0000000000..13d785e88c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-0ce22c0fe7f774ad920004b34c3c97f2.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-0ce22c0fe7f774ad920004b34c3c97f2 + +info: + name: > + EventPrime <= 3.3.2 - Improper Server-Side Checks to Booking Payment Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98ef80a3-4d57-45ae-87cf-d5768b26c27e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-3bc30bc01f7305f10a41312e9c39291f.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-3bc30bc01f7305f10a41312e9c39291f.yaml new file mode 100644 index 0000000000..51885c381a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-3bc30bc01f7305f10a41312e9c39291f.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-3bc30bc01f7305f10a41312e9c39291f + +info: + name: > + EventPrime <= 3.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3d71289-e5a3-4145-817f-c2cac8405202?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-3d6ad1520c77aad1133699654b17aff7.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-3d6ad1520c77aad1133699654b17aff7.yaml new file mode 100644 index 0000000000..f1005ee330 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-3d6ad1520c77aad1133699654b17aff7.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-3d6ad1520c77aad1133699654b17aff7 + +info: + name: > + EventPrime <= 3.3.5 - Missing Authorization to Private Event Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5baea929-0c46-4a43-b2af-367c0b5037bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-3fbde3febf513db2a577aee06321eb0b.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-3fbde3febf513db2a577aee06321eb0b.yaml new file mode 100644 index 0000000000..533308b0bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-3fbde3febf513db2a577aee06321eb0b.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-3fbde3febf513db2a577aee06321eb0b + +info: + name: > + EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39da62be-e630-48cd-b732-80ed3d337638?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-42040b470560c747a13bf2788592d50b.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-42040b470560c747a13bf2788592d50b.yaml new file mode 100644 index 0000000000..0a3480ceac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-42040b470560c747a13bf2788592d50b.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-42040b470560c747a13bf2788592d50b + +info: + name: > + EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-4d3269fa7a276b2eee412016f196b38c.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-4d3269fa7a276b2eee412016f196b38c.yaml new file mode 100644 index 0000000000..8690cca447 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-4d3269fa7a276b2eee412016f196b38c.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-4d3269fa7a276b2eee412016f196b38c + +info: + name: > + EventPrime < 3.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8ffdd43-b353-4296-bcb6-978751aae1b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-5484a37a07e396bedb80a8478f30a008.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-5484a37a07e396bedb80a8478f30a008.yaml new file mode 100644 index 0000000000..8ed94a882e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-5484a37a07e396bedb80a8478f30a008.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-5484a37a07e396bedb80a8478f30a008 + +info: + name: > + EventPrime <= 2.8.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22479c6a-83ea-4c09-b192-4384ffbdcbf7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-5610b8d447f64bccab677eca7d6526f5.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-5610b8d447f64bccab677eca7d6526f5.yaml new file mode 100644 index 0000000000..202de85c7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-5610b8d447f64bccab677eca7d6526f5.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-5610b8d447f64bccab677eca7d6526f5 + +info: + name: > + EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-7e0a85cefa9d78b7f58f293d006f3397.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-7e0a85cefa9d78b7f58f293d006f3397.yaml new file mode 100644 index 0000000000..e75db7e5ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-7e0a85cefa9d78b7f58f293d006f3397.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-7e0a85cefa9d78b7f58f293d006f3397 + +info: + name: > + EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/765d0933-8db2-471c-ad4e-e19d3b4ff015?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-7faa6bde45e1f2f5ce5eafbc2fbeb516.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-7faa6bde45e1f2f5ce5eafbc2fbeb516.yaml new file mode 100644 index 0000000000..68057d1a63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-7faa6bde45e1f2f5ce5eafbc2fbeb516.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-7faa6bde45e1f2f5ce5eafbc2fbeb516 + +info: + name: > + EventPrime <= 3.3.9 - Improper Input Validation via save_event_booking + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17cbcf67-f10d-41bc-acf7-98e5d99b50af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-8aeb2b8f9fd8f5408bc5cbce23cde23a.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-8aeb2b8f9fd8f5408bc5cbce23cde23a.yaml new file mode 100644 index 0000000000..73000c8ae5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-8aeb2b8f9fd8f5408bc5cbce23cde23a.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-8aeb2b8f9fd8f5408bc5cbce23cde23a + +info: + name: > + EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/351926d4-a9be-4fbd-bdf2-8bbff41d97ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-98364cc3fafc257904edef9d7b1a931a.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-98364cc3fafc257904edef9d7b1a931a.yaml new file mode 100644 index 0000000000..b4cddf62f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-98364cc3fafc257904edef9d7b1a931a.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-98364cc3fafc257904edef9d7b1a931a + +info: + name: > + EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e82e1c5-0ed4-4dee-9990-976591693eb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-aaa60a656a1631ccb0bbf7769cde29dc.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-aaa60a656a1631ccb0bbf7769cde29dc.yaml new file mode 100644 index 0000000000..0221d96542 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-aaa60a656a1631ccb0bbf7769cde29dc.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-aaa60a656a1631ccb0bbf7769cde29dc + +info: + name: > + EventPrime <= 3.1.5 - Reflected Cross-Site Scripting via 'event_id' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/399848fd-e9f6-40e4-bfeb-08f53eb511c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-c14577a628b19f58f816579d213106ef.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-c14577a628b19f58f816579d213106ef.yaml new file mode 100644 index 0000000000..d40c5f9ea5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-c14577a628b19f58f816579d213106ef.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-c14577a628b19f58f816579d213106ef + +info: + name: > + EventPrime <= 3.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0aad7f55-d1f0-45f9-ba8b-74170c32374f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-d621f315674a851e95757dca3af1ff0a.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-d621f315674a851e95757dca3af1ff0a.yaml new file mode 100644 index 0000000000..44f7969510 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-d621f315674a851e95757dca3af1ff0a.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-d621f315674a851e95757dca3af1ff0a + +info: + name: > + EventPrime <= 2.8.6 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fdd0a4c-ce47-44bc-b9a5-a8f2af12da85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-e40a3e8ea03e0231ec1106a753934528.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-e40a3e8ea03e0231ec1106a753934528.yaml new file mode 100644 index 0000000000..8074067170 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-e40a3e8ea03e0231ec1106a753934528.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-e40a3e8ea03e0231ec1106a753934528 + +info: + name: > + EventPrime <= 3.3.4 - Missing Authorization to Booking Price Maniputlation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9516e64c-1959-4980-9a96-c6f5f1baa6f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-ee51cf1fa55e4a9d226a63dcaad1a260.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-ee51cf1fa55e4a9d226a63dcaad1a260.yaml new file mode 100644 index 0000000000..e3ac9502d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-ee51cf1fa55e4a9d226a63dcaad1a260.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-ee51cf1fa55e4a9d226a63dcaad1a260 + +info: + name: > + EventPrime < 3.2.0 - Reflected HTML Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed881d06-e652-45ac-8f56-c2db9e403485?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-ef2d23d82a10c333e2eaaf91d1a798ba.yaml b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-ef2d23d82a10c333e2eaaf91d1a798ba.yaml new file mode 100644 index 0000000000..d74b605ddb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventprime-event-calendar-management-ef2d23d82a10c333e2eaaf91d1a798ba.yaml @@ -0,0 +1,58 @@ +id: eventprime-event-calendar-management-ef2d23d82a10c333e2eaaf91d1a798ba + +info: + name: > + EventPrime < 3.2.0 - Reflected Cross-Site Scripting via keyword and ep_filter_date + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/766e34a9-ed95-4049-ba48-0bf69134e4ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventprime-event-calendar-management/" + google-query: inurl:"/wp-content/plugins/eventprime-event-calendar-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventprime-event-calendar-management,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventprime-event-calendar-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventprime-event-calendar-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventr-3555e671fb855ca8a86dbba28248a06b.yaml b/nuclei-templates/cve-less/plugins/eventr-3555e671fb855ca8a86dbba28248a06b.yaml new file mode 100644 index 0000000000..ab5e5f37f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventr-3555e671fb855ca8a86dbba28248a06b.yaml @@ -0,0 +1,58 @@ +id: eventr-3555e671fb855ca8a86dbba28248a06b + +info: + name: > + eventr <= 1.02.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b26d61de-651c-43de-ba90-33ef170755e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventr/" + google-query: inurl:"/wp-content/plugins/eventr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventr,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.02.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eventr-55a68c58c48b9986849ddaa1407aa30f.yaml b/nuclei-templates/cve-less/plugins/eventr-55a68c58c48b9986849ddaa1407aa30f.yaml new file mode 100644 index 0000000000..68d87afbf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eventr-55a68c58c48b9986849ddaa1407aa30f.yaml @@ -0,0 +1,58 @@ +id: eventr-55a68c58c48b9986849ddaa1407aa30f + +info: + name: > + Eventr <= 1.02.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29adf3d2-b3a4-43f3-9aaa-bd2cf6cd115b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eventr/" + google-query: inurl:"/wp-content/plugins/eventr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eventr,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eventr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eventr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.02.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-2ad357ed5ae7046d44da5210b6526312.yaml b/nuclei-templates/cve-less/plugins/events-2ad357ed5ae7046d44da5210b6526312.yaml new file mode 100644 index 0000000000..5264599de0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-2ad357ed5ae7046d44da5210b6526312.yaml @@ -0,0 +1,58 @@ +id: events-2ad357ed5ae7046d44da5210b6526312 + +info: + name: > + WP Events Calendar Plugin <= 1.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e630401-0409-443c-944d-553a372d150d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events/" + google-query: inurl:"/wp-content/plugins/events/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-addon-for-elementor-a83b5885cc29169b3a804ccaa82ed3fd.yaml b/nuclei-templates/cve-less/plugins/events-addon-for-elementor-a83b5885cc29169b3a804ccaa82ed3fd.yaml new file mode 100644 index 0000000000..c7d2d37798 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-addon-for-elementor-a83b5885cc29169b3a804ccaa82ed3fd.yaml @@ -0,0 +1,58 @@ +id: events-addon-for-elementor-a83b5885cc29169b3a804ccaa82ed3fd + +info: + name: > + Events Addon for Elementor <= 2.1.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7f52e71-da35-4b46-b658-d293f81b5dc9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-addon-for-elementor/" + google-query: inurl:"/wp-content/plugins/events-addon-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-addon-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-addon-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-addon-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-made-easy-6f97964629a2d8890727a9938703cfc3.yaml b/nuclei-templates/cve-less/plugins/events-made-easy-6f97964629a2d8890727a9938703cfc3.yaml new file mode 100644 index 0000000000..9e9f7253b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-made-easy-6f97964629a2d8890727a9938703cfc3.yaml @@ -0,0 +1,58 @@ +id: events-made-easy-6f97964629a2d8890727a9938703cfc3 + +info: + name: > + Events Made Easy <= 2.3.14 - Authenticated (Subscriber+) SQL Injection via 'search_name' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2550461-2546-4dc4-85ff-decf2fca3f10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-made-easy/" + google-query: inurl:"/wp-content/plugins/events-made-easy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-made-easy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-made-easy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-made-easy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-made-easy-9bcf64c7dbe781ab40d3670dc81b8e8c.yaml b/nuclei-templates/cve-less/plugins/events-made-easy-9bcf64c7dbe781ab40d3670dc81b8e8c.yaml new file mode 100644 index 0000000000..48dbe3b0e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-made-easy-9bcf64c7dbe781ab40d3670dc81b8e8c.yaml @@ -0,0 +1,58 @@ +id: events-made-easy-9bcf64c7dbe781ab40d3670dc81b8e8c + +info: + name: > + Events Made Easy <= 2.3.16 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a9e62de-3e70-424f-b8e5-2a5f07ca182d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-made-easy/" + google-query: inurl:"/wp-content/plugins/events-made-easy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-made-easy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-made-easy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-made-easy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-made-easy-a5068346d1e00e358b18b96ff80d8028.yaml b/nuclei-templates/cve-less/plugins/events-made-easy-a5068346d1e00e358b18b96ff80d8028.yaml new file mode 100644 index 0000000000..c122a2d86f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-made-easy-a5068346d1e00e358b18b96ff80d8028.yaml @@ -0,0 +1,58 @@ +id: events-made-easy-a5068346d1e00e358b18b96ff80d8028 + +info: + name: > + Events Made Easy <= 2.2.23 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a4488c8-7138-4046-88ea-84f9462eec93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-made-easy/" + google-query: inurl:"/wp-content/plugins/events-made-easy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-made-easy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-made-easy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-made-easy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-made-easy-c2b3f954259c6ede40d68798a9520dde.yaml b/nuclei-templates/cve-less/plugins/events-made-easy-c2b3f954259c6ede40d68798a9520dde.yaml new file mode 100644 index 0000000000..5c80084ecd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-made-easy-c2b3f954259c6ede40d68798a9520dde.yaml @@ -0,0 +1,58 @@ +id: events-made-easy-c2b3f954259c6ede40d68798a9520dde + +info: + name: > + Events Made Easy <= 2.2.80 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/613f4bd1-e29a-4853-84a2-3e1437f06d33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-made-easy/" + google-query: inurl:"/wp-content/plugins/events-made-easy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-made-easy,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-made-easy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-made-easy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.80') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-made-easy-fb606eac6f1cd09b63793985561a9ded.yaml b/nuclei-templates/cve-less/plugins/events-made-easy-fb606eac6f1cd09b63793985561a9ded.yaml new file mode 100644 index 0000000000..b4be8ad504 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-made-easy-fb606eac6f1cd09b63793985561a9ded.yaml @@ -0,0 +1,58 @@ +id: events-made-easy-fb606eac6f1cd09b63793985561a9ded + +info: + name: > + Events Made Easy <= 2.2.35 - Subscriber+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb23c4d7-d9be-4162-bb7b-8a74f3c339eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-made-easy/" + google-query: inurl:"/wp-content/plugins/events-made-easy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-made-easy,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-made-easy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-made-easy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-1c184d32846ab99f4fc87c2987b808cb.yaml b/nuclei-templates/cve-less/plugins/events-manager-1c184d32846ab99f4fc87c2987b808cb.yaml new file mode 100644 index 0000000000..4451ec294a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-1c184d32846ab99f4fc87c2987b808cb.yaml @@ -0,0 +1,58 @@ +id: events-manager-1c184d32846ab99f4fc87c2987b808cb + +info: + name: > + Events Manager <= 6.4.7.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0538999-0a09-4d24-a530-a32fb5b4e5e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-33af423ffa646dbaa07cc6063b09bc62.yaml b/nuclei-templates/cve-less/plugins/events-manager-33af423ffa646dbaa07cc6063b09bc62.yaml new file mode 100644 index 0000000000..394681437a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-33af423ffa646dbaa07cc6063b09bc62.yaml @@ -0,0 +1,58 @@ +id: events-manager-33af423ffa646dbaa07cc6063b09bc62 + +info: + name: > + Events Manager <= 6.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95ded4bf-9964-4bb3-b6e5-5ad37360f87d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-3f14554541d5c07fa1b8df4c175de3d3.yaml b/nuclei-templates/cve-less/plugins/events-manager-3f14554541d5c07fa1b8df4c175de3d3.yaml new file mode 100644 index 0000000000..c62abfb705 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-3f14554541d5c07fa1b8df4c175de3d3.yaml @@ -0,0 +1,58 @@ +id: events-manager-3f14554541d5c07fa1b8df4c175de3d3 + +info: + name: > + Events Manager < 5.5.7.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df4ad83f-280e-46fa-ad47-3822fa67b10d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.5.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-60e9ce57276e284607640edd3669122a.yaml b/nuclei-templates/cve-less/plugins/events-manager-60e9ce57276e284607640edd3669122a.yaml new file mode 100644 index 0000000000..d2cfffc6e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-60e9ce57276e284607640edd3669122a.yaml @@ -0,0 +1,58 @@ +id: events-manager-60e9ce57276e284607640edd3669122a + +info: + name: > + Events Manager <= 5.5.7.1 - Code Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb66378c-4e64-4f05-a466-72a3c2d0b330?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-644174d3b6cb573b8ad1e776e7aafb01.yaml b/nuclei-templates/cve-less/plugins/events-manager-644174d3b6cb573b8ad1e776e7aafb01.yaml new file mode 100644 index 0000000000..695b34a12d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-644174d3b6cb573b8ad1e776e7aafb01.yaml @@ -0,0 +1,58 @@ +id: events-manager-644174d3b6cb573b8ad1e776e7aafb01 + +info: + name: > + Events Manager <= 6.4.6.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb0aa16-a269-4297-861f-6bad88066c68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-7961a00c8fec25ebf767309437be3781.yaml b/nuclei-templates/cve-less/plugins/events-manager-7961a00c8fec25ebf767309437be3781.yaml new file mode 100644 index 0000000000..dc722e2120 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-7961a00c8fec25ebf767309437be3781.yaml @@ -0,0 +1,58 @@ +id: events-manager-7961a00c8fec25ebf767309437be3781 + +info: + name: > + Events Manager <= 5.9.7.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2244c29-9d79-47d5-b077-bf04a9199cdc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-7f61d132e9ad7bb4333f632fb4ac561f.yaml b/nuclei-templates/cve-less/plugins/events-manager-7f61d132e9ad7bb4333f632fb4ac561f.yaml new file mode 100644 index 0000000000..59800f963c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-7f61d132e9ad7bb4333f632fb4ac561f.yaml @@ -0,0 +1,58 @@ +id: events-manager-7f61d132e9ad7bb4333f632fb4ac561f + +info: + name: > + Events Manager < 5.5.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a43ffb6e-8044-4496-9496-11fa8e52a044?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-83ef28839c75055ae7537f111049194c.yaml b/nuclei-templates/cve-less/plugins/events-manager-83ef28839c75055ae7537f111049194c.yaml new file mode 100644 index 0000000000..e06e8049e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-83ef28839c75055ae7537f111049194c.yaml @@ -0,0 +1,58 @@ +id: events-manager-83ef28839c75055ae7537f111049194c + +info: + name: > + Events Manager <= 5.9.7.3 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0ccb39b-faf1-428b-bfa7-c30d402bd34d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-944355331d4d9eab9649c96fbc1339dc.yaml b/nuclei-templates/cve-less/plugins/events-manager-944355331d4d9eab9649c96fbc1339dc.yaml new file mode 100644 index 0000000000..4931d5a171 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-944355331d4d9eab9649c96fbc1339dc.yaml @@ -0,0 +1,58 @@ +id: events-manager-944355331d4d9eab9649c96fbc1339dc + +info: + name: > + Events Manager < 5.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/207f7684-aeee-4267-ba29-ca9aacc0a690?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-96287411a0b4f9828a8db098282ac68f.yaml b/nuclei-templates/cve-less/plugins/events-manager-96287411a0b4f9828a8db098282ac68f.yaml new file mode 100644 index 0000000000..ad200edb3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-96287411a0b4f9828a8db098282ac68f.yaml @@ -0,0 +1,58 @@ +id: events-manager-96287411a0b4f9828a8db098282ac68f + +info: + name: > + Events Manager <= 6.4.7.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86351e2c-8c5a-4d71-bd73-d5ae1f03038f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-9691566897b1cf3f102fa4ca66fa2b90.yaml b/nuclei-templates/cve-less/plugins/events-manager-9691566897b1cf3f102fa4ca66fa2b90.yaml new file mode 100644 index 0000000000..070f6ddee5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-9691566897b1cf3f102fa4ca66fa2b90.yaml @@ -0,0 +1,58 @@ +id: events-manager-9691566897b1cf3f102fa4ca66fa2b90 + +info: + name: > + Events Manager <= 5.9.5 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/249acca6-49b4-4ddf-af75-31f68921fc19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-9dd081367b7c3b91dad73b336bd866df.yaml b/nuclei-templates/cve-less/plugins/events-manager-9dd081367b7c3b91dad73b336bd866df.yaml new file mode 100644 index 0000000000..8d1b6bfd57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-9dd081367b7c3b91dad73b336bd866df.yaml @@ -0,0 +1,58 @@ +id: events-manager-9dd081367b7c3b91dad73b336bd866df + +info: + name: > + Events Manager <= 6.4.6.4 - Authenticated(Administator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6288fddf-926f-4506-94de-696e0a23766d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-ad055d1685348a8fa4aef50dfdf0211f.yaml b/nuclei-templates/cve-less/plugins/events-manager-ad055d1685348a8fa4aef50dfdf0211f.yaml new file mode 100644 index 0000000000..01615c5e6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-ad055d1685348a8fa4aef50dfdf0211f.yaml @@ -0,0 +1,58 @@ +id: events-manager-ad055d1685348a8fa4aef50dfdf0211f + +info: + name: > + Events Manager < 5.3.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb95e28-449b-4ed7-9c44-ade171e0ecee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-af430c9858b5bde975d56075509bcf57.yaml b/nuclei-templates/cve-less/plugins/events-manager-af430c9858b5bde975d56075509bcf57.yaml new file mode 100644 index 0000000000..354e49ee1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-af430c9858b5bde975d56075509bcf57.yaml @@ -0,0 +1,58 @@ +id: events-manager-af430c9858b5bde975d56075509bcf57 + +info: + name: > + Events Manager <= 5.5.7.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee4e08e0-25b7-47b2-9ec2-de93afc437a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-b1f45416f5a631250c26ec095bcb39a3.yaml b/nuclei-templates/cve-less/plugins/events-manager-b1f45416f5a631250c26ec095bcb39a3.yaml new file mode 100644 index 0000000000..2cdaab1f03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-b1f45416f5a631250c26ec095bcb39a3.yaml @@ -0,0 +1,58 @@ +id: events-manager-b1f45416f5a631250c26ec095bcb39a3 + +info: + name: > + Events Manager < 5.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e247c919-6210-4769-9022-d7f7a0178f14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-bb7f415bbeb4b2bf0d001b37770eebf6.yaml b/nuclei-templates/cve-less/plugins/events-manager-bb7f415bbeb4b2bf0d001b37770eebf6.yaml new file mode 100644 index 0000000000..969ae058ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-bb7f415bbeb4b2bf0d001b37770eebf6.yaml @@ -0,0 +1,58 @@ +id: events-manager-bb7f415bbeb4b2bf0d001b37770eebf6 + +info: + name: > + Events Manager <= 6.4.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9053cf91-0af1-44f8-9fdf-7ecbd457545b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-bf648a28f236904436ac42427351efb1.yaml b/nuclei-templates/cve-less/plugins/events-manager-bf648a28f236904436ac42427351efb1.yaml new file mode 100644 index 0000000000..68659dd0a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-bf648a28f236904436ac42427351efb1.yaml @@ -0,0 +1,58 @@ +id: events-manager-bf648a28f236904436ac42427351efb1 + +info: + name: > + Events Manager <= 5.8.1.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/738a9651-974e-4861-be7a-2d9b191d582b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-e976dbcc632c2ee3b143a7604910e2c0.yaml b/nuclei-templates/cve-less/plugins/events-manager-e976dbcc632c2ee3b143a7604910e2c0.yaml new file mode 100644 index 0000000000..a6c3ea37f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-e976dbcc632c2ee3b143a7604910e2c0.yaml @@ -0,0 +1,58 @@ +id: events-manager-e976dbcc632c2ee3b143a7604910e2c0 + +info: + name: > + Events Manager <= 5.3.6 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efd25f74-3c4a-4f5a-8c81-f1d42ca2a541?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-eb6226c8060abd8c26fc61f24da2a61e.yaml b/nuclei-templates/cve-less/plugins/events-manager-eb6226c8060abd8c26fc61f24da2a61e.yaml new file mode 100644 index 0000000000..05e36dc232 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-eb6226c8060abd8c26fc61f24da2a61e.yaml @@ -0,0 +1,58 @@ +id: events-manager-eb6226c8060abd8c26fc61f24da2a61e + +info: + name: > + Events Manager <= 5.5.1 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/734b6ae0-b2f6-4bad-a6d3-bef48fd8cdd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-eb8f98aa61e3c3db7506a6098f7ccbda.yaml b/nuclei-templates/cve-less/plugins/events-manager-eb8f98aa61e3c3db7506a6098f7ccbda.yaml new file mode 100644 index 0000000000..91fa6c34c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-eb8f98aa61e3c3db7506a6098f7ccbda.yaml @@ -0,0 +1,58 @@ +id: events-manager-eb8f98aa61e3c3db7506a6098f7ccbda + +info: + name: > + Events Manager < 5.3.5 & Events Manager Pro < 2.2.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c4d2829-9f99-4a2d-9bde-476fae2c99a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-ee6754b66c3dcc79f507ad42121825d8.yaml b/nuclei-templates/cve-less/plugins/events-manager-ee6754b66c3dcc79f507ad42121825d8.yaml new file mode 100644 index 0000000000..7bcd488d34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-ee6754b66c3dcc79f507ad42121825d8.yaml @@ -0,0 +1,58 @@ +id: events-manager-ee6754b66c3dcc79f507ad42121825d8 + +info: + name: > + Events Manager <= 5.9.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94d2eaed-048b-40b6-9880-fa32fbb66f92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-fb28659ef74c6816e9ff94aaba73e076.yaml b/nuclei-templates/cve-less/plugins/events-manager-fb28659ef74c6816e9ff94aaba73e076.yaml new file mode 100644 index 0000000000..2e5699ade3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-fb28659ef74c6816e9ff94aaba73e076.yaml @@ -0,0 +1,58 @@ +id: events-manager-fb28659ef74c6816e9ff94aaba73e076 + +info: + name: > + Events Manager <= 5.8.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73241750-cd21-4eee-9d43-8c5e26f9b9cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager/" + google-query: inurl:"/wp-content/plugins/events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-manager-pro-eb8f98aa61e3c3db7506a6098f7ccbda.yaml b/nuclei-templates/cve-less/plugins/events-manager-pro-eb8f98aa61e3c3db7506a6098f7ccbda.yaml new file mode 100644 index 0000000000..e637bacfe2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-manager-pro-eb8f98aa61e3c3db7506a6098f7ccbda.yaml @@ -0,0 +1,58 @@ +id: events-manager-pro-eb8f98aa61e3c3db7506a6098f7ccbda + +info: + name: > + Events Manager < 5.3.5 & Events Manager Pro < 2.2.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c4d2829-9f99-4a2d-9bde-476fae2c99a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-manager-pro/" + google-query: inurl:"/wp-content/plugins/events-manager-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-manager-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-manager-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-manager-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-notification-bar-addon-218c9a934953359a2e2d8f63be0a287c.yaml b/nuclei-templates/cve-less/plugins/events-notification-bar-addon-218c9a934953359a2e2d8f63be0a287c.yaml new file mode 100644 index 0000000000..73bbdf9b56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-notification-bar-addon-218c9a934953359a2e2d8f63be0a287c.yaml @@ -0,0 +1,58 @@ +id: events-notification-bar-addon-218c9a934953359a2e2d8f63be0a287c + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-notification-bar-addon/" + google-query: inurl:"/wp-content/plugins/events-notification-bar-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-notification-bar-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-notification-bar-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-notification-bar-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-search-addon-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml b/nuclei-templates/cve-less/plugins/events-search-addon-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml new file mode 100644 index 0000000000..ea2d12a9cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-search-addon-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml @@ -0,0 +1,58 @@ +id: events-search-addon-for-the-events-calendar-218c9a934953359a2e2d8f63be0a287c + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-search-addon-for-the-events-calendar/" + google-query: inurl:"/wp-content/plugins/events-search-addon-for-the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-search-addon-for-the-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-search-addon-for-the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-search-addon-for-the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/events-widgets-for-elementor-and-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml b/nuclei-templates/cve-less/plugins/events-widgets-for-elementor-and-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml new file mode 100644 index 0000000000..8e37673fd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/events-widgets-for-elementor-and-the-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml @@ -0,0 +1,58 @@ +id: events-widgets-for-elementor-and-the-events-calendar-218c9a934953359a2e2d8f63be0a287c + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/events-widgets-for-elementor-and-the-events-calendar/" + google-query: inurl:"/wp-content/plugins/events-widgets-for-elementor-and-the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,events-widgets-for-elementor-and-the-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/events-widgets-for-elementor-and-the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "events-widgets-for-elementor-and-the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ever-compare-29989c774c0deb7fd695ddb2569712e6.yaml b/nuclei-templates/cve-less/plugins/ever-compare-29989c774c0deb7fd695ddb2569712e6.yaml new file mode 100644 index 0000000000..2f1b746c3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ever-compare-29989c774c0deb7fd695ddb2569712e6.yaml @@ -0,0 +1,58 @@ +id: ever-compare-29989c774c0deb7fd695ddb2569712e6 + +info: + name: > + Ever Compare <= 1.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/702aa972-7b74-4417-8d33-a26c3831934f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ever-compare/" + google-query: inurl:"/wp-content/plugins/ever-compare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ever-compare,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ever-compare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ever-compare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/everest-backup-5c5b5355efecc468361938b2443e7783.yaml b/nuclei-templates/cve-less/plugins/everest-backup-5c5b5355efecc468361938b2443e7783.yaml new file mode 100644 index 0000000000..7a40ced919 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/everest-backup-5c5b5355efecc468361938b2443e7783.yaml @@ -0,0 +1,58 @@ +id: everest-backup-5c5b5355efecc468361938b2443e7783 + +info: + name: > + Everest Backup <= 2.2.4 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52b13188-5630-4ae9-9b2b-bd4dcadd240a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/everest-backup/" + google-query: inurl:"/wp-content/plugins/everest-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,everest-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/everest-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/everest-backup-a3c1423112a235a586d65da99a810a94.yaml b/nuclei-templates/cve-less/plugins/everest-backup-a3c1423112a235a586d65da99a810a94.yaml new file mode 100644 index 0000000000..8c00508d0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/everest-backup-a3c1423112a235a586d65da99a810a94.yaml @@ -0,0 +1,58 @@ +id: everest-backup-a3c1423112a235a586d65da99a810a94 + +info: + name: > + Everest Backup <= 2.1.9 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31a54705-99e8-4e41-bf57-9365ab387228?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/everest-backup/" + google-query: inurl:"/wp-content/plugins/everest-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,everest-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/everest-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/everest-forms-0234441805a1275e4ae695da76693b08.yaml b/nuclei-templates/cve-less/plugins/everest-forms-0234441805a1275e4ae695da76693b08.yaml new file mode 100644 index 0000000000..4e96ddcaeb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/everest-forms-0234441805a1275e4ae695da76693b08.yaml @@ -0,0 +1,58 @@ +id: everest-forms-0234441805a1275e4ae695da76693b08 + +info: + name: > + Everest Forms <= 2.0.3 - Unauthorized Form Submission via Disabled Forms + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc3d49c5-3054-4e1f-b571-6591a0b31d69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/everest-forms/" + google-query: inurl:"/wp-content/plugins/everest-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,everest-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/everest-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/everest-forms-5c3a1e24593bd044c08416c2f87d02e7.yaml b/nuclei-templates/cve-less/plugins/everest-forms-5c3a1e24593bd044c08416c2f87d02e7.yaml new file mode 100644 index 0000000000..cd65d8c362 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/everest-forms-5c3a1e24593bd044c08416c2f87d02e7.yaml @@ -0,0 +1,58 @@ +id: everest-forms-5c3a1e24593bd044c08416c2f87d02e7 + +info: + name: > + Everest Forms <= 1.7.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5d67eb3-c399-437e-a504-2ccdda7c7882?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/everest-forms/" + google-query: inurl:"/wp-content/plugins/everest-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,everest-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/everest-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/everest-forms-7d693e04f09654267524d7ec908313ae.yaml b/nuclei-templates/cve-less/plugins/everest-forms-7d693e04f09654267524d7ec908313ae.yaml new file mode 100644 index 0000000000..a9d49cfc91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/everest-forms-7d693e04f09654267524d7ec908313ae.yaml @@ -0,0 +1,58 @@ +id: everest-forms-7d693e04f09654267524d7ec908313ae + +info: + name: > + Everest Forms <= 2.0.7 - Unauthenticated Server-Side Request Forgery via font_url + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4561441-d147-4c02-a837-c1656e17627d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/everest-forms/" + google-query: inurl:"/wp-content/plugins/everest-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,everest-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/everest-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/everest-forms-baf3d29a2681cdd1e172041c4de8c0ca.yaml b/nuclei-templates/cve-less/plugins/everest-forms-baf3d29a2681cdd1e172041c4de8c0ca.yaml new file mode 100644 index 0000000000..ddbb0490d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/everest-forms-baf3d29a2681cdd1e172041c4de8c0ca.yaml @@ -0,0 +1,58 @@ +id: everest-forms-baf3d29a2681cdd1e172041c4de8c0ca + +info: + name: > + Contact Form, Drag and Drop Form Builder for WordPress – Everest Forms <= 1.4.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d5256ea-61ba-4b2d-90d6-714176bc19aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/everest-forms/" + google-query: inurl:"/wp-content/plugins/everest-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,everest-forms,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/everest-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/everest-forms-f3431b49cff580f3171934059274a2a5.yaml b/nuclei-templates/cve-less/plugins/everest-forms-f3431b49cff580f3171934059274a2a5.yaml new file mode 100644 index 0000000000..3e2c6896b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/everest-forms-f3431b49cff580f3171934059274a2a5.yaml @@ -0,0 +1,58 @@ +id: everest-forms-f3431b49cff580f3171934059274a2a5 + +info: + name: > + Everest Forms <= 2.0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/381ec612-2086-4925-98cd-652a6c2ac081?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/everest-forms/" + google-query: inurl:"/wp-content/plugins/everest-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,everest-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/everest-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/evergreen-content-poster-8c8032347c8a676583142ccf856ffd1b.yaml b/nuclei-templates/cve-less/plugins/evergreen-content-poster-8c8032347c8a676583142ccf856ffd1b.yaml new file mode 100644 index 0000000000..b9651e1050 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/evergreen-content-poster-8c8032347c8a676583142ccf856ffd1b.yaml @@ -0,0 +1,58 @@ +id: evergreen-content-poster-8c8032347c8a676583142ccf856ffd1b + +info: + name: > + Evergreen Content Poster <= 1.4.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/232e6464-bd6c-4086-989a-00b84056c431?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/evergreen-content-poster/" + google-query: inurl:"/wp-content/plugins/evergreen-content-poster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,evergreen-content-poster,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/evergreen-content-poster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "evergreen-content-poster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/evergreen-content-poster-92de377343f9b56c26e4f5ac1766852a.yaml b/nuclei-templates/cve-less/plugins/evergreen-content-poster-92de377343f9b56c26e4f5ac1766852a.yaml new file mode 100644 index 0000000000..28d890b5c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/evergreen-content-poster-92de377343f9b56c26e4f5ac1766852a.yaml @@ -0,0 +1,58 @@ +id: evergreen-content-poster-92de377343f9b56c26e4f5ac1766852a + +info: + name: > + Evergreen Content Poster <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7b67c83-7fb7-4bac-a8eb-7fc318f2ff50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/evergreen-content-poster/" + google-query: inurl:"/wp-content/plugins/evergreen-content-poster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,evergreen-content-poster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/evergreen-content-poster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "evergreen-content-poster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/evergreen-content-poster-d6daa696f95c257bf8628b3447d01ec3.yaml b/nuclei-templates/cve-less/plugins/evergreen-content-poster-d6daa696f95c257bf8628b3447d01ec3.yaml new file mode 100644 index 0000000000..abf6dc5ad0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/evergreen-content-poster-d6daa696f95c257bf8628b3447d01ec3.yaml @@ -0,0 +1,58 @@ +id: evergreen-content-poster-d6daa696f95c257bf8628b3447d01ec3 + +info: + name: > + Evergreen Content Poster <= 1.4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa31e932-7fbf-4933-9747-bd7427db7f5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/evergreen-content-poster/" + google-query: inurl:"/wp-content/plugins/evergreen-content-poster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,evergreen-content-poster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/evergreen-content-poster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "evergreen-content-poster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ewww-image-optimizer-3213ee891b4642b7b3ba63568830b33f.yaml b/nuclei-templates/cve-less/plugins/ewww-image-optimizer-3213ee891b4642b7b3ba63568830b33f.yaml new file mode 100644 index 0000000000..341cb425bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ewww-image-optimizer-3213ee891b4642b7b3ba63568830b33f.yaml @@ -0,0 +1,58 @@ +id: ewww-image-optimizer-3213ee891b4642b7b3ba63568830b33f + +info: + name: > + EWWW Image Optimizer <= 7.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/074d7b46-60e0-4d4a-904a-696ac7948a35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ewww-image-optimizer/" + google-query: inurl:"/wp-content/plugins/ewww-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ewww-image-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ewww-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ewww-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ewww-image-optimizer-9693067e67d7ff6cc419426aa56eeabf.yaml b/nuclei-templates/cve-less/plugins/ewww-image-optimizer-9693067e67d7ff6cc419426aa56eeabf.yaml new file mode 100644 index 0000000000..fa1e54032f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ewww-image-optimizer-9693067e67d7ff6cc419426aa56eeabf.yaml @@ -0,0 +1,58 @@ +id: ewww-image-optimizer-9693067e67d7ff6cc419426aa56eeabf + +info: + name: > + EWWW Image Optimizer <= 2.8.4 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ffac29d-d1cc-4d5d-aff8-0cb639a1e3d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ewww-image-optimizer/" + google-query: inurl:"/wp-content/plugins/ewww-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ewww-image-optimizer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ewww-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ewww-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ewww-image-optimizer-da711e4ca0aefdf6c9cb2b9eee9b6839.yaml b/nuclei-templates/cve-less/plugins/ewww-image-optimizer-da711e4ca0aefdf6c9cb2b9eee9b6839.yaml new file mode 100644 index 0000000000..960130b345 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ewww-image-optimizer-da711e4ca0aefdf6c9cb2b9eee9b6839.yaml @@ -0,0 +1,58 @@ +id: ewww-image-optimizer-da711e4ca0aefdf6c9cb2b9eee9b6839 + +info: + name: > + EWWW Image Optimizer <= 5.8.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ef33e3c-187a-45d9-9dac-0895dce34216?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ewww-image-optimizer/" + google-query: inurl:"/wp-content/plugins/ewww-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ewww-image-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ewww-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ewww-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ewww-image-optimizer-e39053204ece48a5897a197753f103d3.yaml b/nuclei-templates/cve-less/plugins/ewww-image-optimizer-e39053204ece48a5897a197753f103d3.yaml new file mode 100644 index 0000000000..cace1b70fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ewww-image-optimizer-e39053204ece48a5897a197753f103d3.yaml @@ -0,0 +1,58 @@ +id: ewww-image-optimizer-e39053204ece48a5897a197753f103d3 + +info: + name: > + EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d20ff1a8-8794-41e1-9e66-1cda90f9ff77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ewww-image-optimizer/" + google-query: inurl:"/wp-content/plugins/ewww-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ewww-image-optimizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ewww-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ewww-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ewww-image-optimizer-fc7819dbc087612847b613b7048bbd69.yaml b/nuclei-templates/cve-less/plugins/ewww-image-optimizer-fc7819dbc087612847b613b7048bbd69.yaml new file mode 100644 index 0000000000..9af1d28af8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ewww-image-optimizer-fc7819dbc087612847b613b7048bbd69.yaml @@ -0,0 +1,58 @@ +id: ewww-image-optimizer-fc7819dbc087612847b613b7048bbd69 + +info: + name: > + EWWW Image Optimizer <= 2.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5b24f80-d3a4-452b-bc83-3576bdc62829?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ewww-image-optimizer/" + google-query: inurl:"/wp-content/plugins/ewww-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ewww-image-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ewww-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ewww-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/examapp-1c6e8ef696086c4cf5cf1464c84048ce.yaml b/nuclei-templates/cve-less/plugins/examapp-1c6e8ef696086c4cf5cf1464c84048ce.yaml new file mode 100644 index 0000000000..2036173c58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/examapp-1c6e8ef696086c4cf5cf1464c84048ce.yaml @@ -0,0 +1,58 @@ +id: examapp-1c6e8ef696086c4cf5cf1464c84048ce + +info: + name: > + IBPS Online Exam Plugin for WordPress <= 1.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81c80424-3ecb-4740-b458-00a983f35298?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/examapp/" + google-query: inurl:"/wp-content/plugins/examapp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,examapp,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/examapp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "examapp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/examapp-1cb146595e5a6af092ba6cf697572ca5.yaml b/nuclei-templates/cve-less/plugins/examapp-1cb146595e5a6af092ba6cf697572ca5.yaml new file mode 100644 index 0000000000..ff535870c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/examapp-1cb146595e5a6af092ba6cf697572ca5.yaml @@ -0,0 +1,58 @@ +id: examapp-1cb146595e5a6af092ba6cf697572ca5 + +info: + name: > + IBPS Online Exam <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/160740a2-f5e1-49d6-a380-e6bf33646300?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/examapp/" + google-query: inurl:"/wp-content/plugins/examapp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,examapp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/examapp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "examapp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-2checkout-d7709cb27cfd7779480afac87a08fa8a.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-2checkout-d7709cb27cfd7779480afac87a08fa8a.yaml new file mode 100644 index 0000000000..40679ce7b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-2checkout-d7709cb27cfd7779480afac87a08fa8a.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-2checkout-d7709cb27cfd7779480afac87a08fa8a + +info: + name: > + 2Checkout Add-on for iThemes Exchange < 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca036121-072c-4944-84e9-3b8b69f3e17c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-2checkout/" + google-query: inurl:"/wp-content/plugins/exchange-addon-2checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-2checkout,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-2checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-2checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-authorize-net-de87b01d88a6a2f904015f5ea84ebf1e.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-authorize-net-de87b01d88a6a2f904015f5ea84ebf1e.yaml new file mode 100644 index 0000000000..78b14b4a22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-authorize-net-de87b01d88a6a2f904015f5ea84ebf1e.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-authorize-net-de87b01d88a6a2f904015f5ea84ebf1e + +info: + name: > + Authorize.net Add-on for iThemes Exchange < 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d3e6c49-e686-463c-bc50-b0ce94702075?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-authorize-net/" + google-query: inurl:"/wp-content/plugins/exchange-addon-authorize-net/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-authorize-net,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-authorize-net/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-authorize-net" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-custom-url-tracking-34e10a41c5c20c0cdcc396ab3433b41a.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-custom-url-tracking-34e10a41c5c20c0cdcc396ab3433b41a.yaml new file mode 100644 index 0000000000..9d8e47b4f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-custom-url-tracking-34e10a41c5c20c0cdcc396ab3433b41a.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-custom-url-tracking-34e10a41c5c20c0cdcc396ab3433b41a + +info: + name: > + Exchange Addon Custom URL Tracking < 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffc2e04f-6e71-4783-bded-7d7782e2e84e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-custom-url-tracking/" + google-query: inurl:"/wp-content/plugins/exchange-addon-custom-url-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-custom-url-tracking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-custom-url-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-custom-url-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-easy-canadian-sales-taxes-5d1048d4b4ff4e9d4fc21662470b4351.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-easy-canadian-sales-taxes-5d1048d4b4ff4e9d4fc21662470b4351.yaml new file mode 100644 index 0000000000..e3a9c844bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-easy-canadian-sales-taxes-5d1048d4b4ff4e9d4fc21662470b4351.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-easy-canadian-sales-taxes-5d1048d4b4ff4e9d4fc21662470b4351 + +info: + name: > + Easy Canadian Sales Taxes Add-On for iThemes Exchange < 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8059ea88-55b9-423e-9827-075d0aa90938?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-easy-canadian-sales-taxes/" + google-query: inurl:"/wp-content/plugins/exchange-addon-easy-canadian-sales-taxes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-easy-canadian-sales-taxes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-easy-canadian-sales-taxes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-easy-canadian-sales-taxes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-easy-eu-vat-taxes-7dbba6eb5e75b04ea05ba2ba683d8c34.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-easy-eu-vat-taxes-7dbba6eb5e75b04ea05ba2ba683d8c34.yaml new file mode 100644 index 0000000000..55f9b15191 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-easy-eu-vat-taxes-7dbba6eb5e75b04ea05ba2ba683d8c34.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-easy-eu-vat-taxes-7dbba6eb5e75b04ea05ba2ba683d8c34 + +info: + name: > + Easy EU Value Added (VAT) Taxes < 1.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d6faee0-716e-4aa9-a841-5231c7aaff21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-easy-eu-vat-taxes/" + google-query: inurl:"/wp-content/plugins/exchange-addon-easy-eu-vat-taxes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-easy-eu-vat-taxes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-easy-eu-vat-taxes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-easy-eu-vat-taxes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-easy-us-sales-taxes-4c3c3f049b1bc0e13ddc430f9c3318dc.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-easy-us-sales-taxes-4c3c3f049b1bc0e13ddc430f9c3318dc.yaml new file mode 100644 index 0000000000..8b910add88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-easy-us-sales-taxes-4c3c3f049b1bc0e13ddc430f9c3318dc.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-easy-us-sales-taxes-4c3c3f049b1bc0e13ddc430f9c3318dc + +info: + name: > + Easy US Sales Taxes Add-on for iThemes Exchange < 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c55487f9-dc8a-41a0-b052-625665c1543f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-easy-us-sales-taxes/" + google-query: inurl:"/wp-content/plugins/exchange-addon-easy-us-sales-taxes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-easy-us-sales-taxes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-easy-us-sales-taxes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-easy-us-sales-taxes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-invoices-fce7ebf61e0bbaa70b1a47fedc604d75.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-invoices-fce7ebf61e0bbaa70b1a47fedc604d75.yaml new file mode 100644 index 0000000000..5b9dd8c07c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-invoices-fce7ebf61e0bbaa70b1a47fedc604d75.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-invoices-fce7ebf61e0bbaa70b1a47fedc604d75 + +info: + name: > + Exchange Addon Invoices < 1.4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/642f0ad9-1085-4590-b736-9dd88440d047?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-invoices/" + google-query: inurl:"/wp-content/plugins/exchange-addon-invoices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-invoices,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-invoices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-invoices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-manual-purchases-4b04963b90b4f582746b4536b75f0fd9.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-manual-purchases-4b04963b90b4f582746b4536b75f0fd9.yaml new file mode 100644 index 0000000000..45cc24577c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-manual-purchases-4b04963b90b4f582746b4536b75f0fd9.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-manual-purchases-4b04963b90b4f582746b4536b75f0fd9 + +info: + name: > + Manual Purchases < 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2bc0449-b5cc-403b-a943-f53d0d9c663a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-manual-purchases/" + google-query: inurl:"/wp-content/plugins/exchange-addon-manual-purchases/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-manual-purchases,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-manual-purchases/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-manual-purchases" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-membership-8167878f448149a825352a74752a3f9b.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-membership-8167878f448149a825352a74752a3f9b.yaml new file mode 100644 index 0000000000..32f99d47f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-membership-8167878f448149a825352a74752a3f9b.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-membership-8167878f448149a825352a74752a3f9b + +info: + name: > + Exchange Addon Membership < 1.3.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eab729ed-ec00-4be1-a738-fce8a4f26100?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-membership/" + google-query: inurl:"/wp-content/plugins/exchange-addon-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-paypal-pro-bf5b301e59797812833300e7fc88f201.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-paypal-pro-bf5b301e59797812833300e7fc88f201.yaml new file mode 100644 index 0000000000..1f0ce2e027 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-paypal-pro-bf5b301e59797812833300e7fc88f201.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-paypal-pro-bf5b301e59797812833300e7fc88f201 + +info: + name: > + PayPal Pro Add-on for iThemes Exchange < 1.1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1507628c-4a81-47de-a06f-a5d573eebffb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-paypal-pro/" + google-query: inurl:"/wp-content/plugins/exchange-addon-paypal-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-paypal-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-paypal-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-paypal-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-stripe-b13a4a7fbd4cd3ebf80c43d8be8323aa.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-stripe-b13a4a7fbd4cd3ebf80c43d8be8323aa.yaml new file mode 100644 index 0000000000..e324885b51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-stripe-b13a4a7fbd4cd3ebf80c43d8be8323aa.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-stripe-b13a4a7fbd4cd3ebf80c43d8be8323aa + +info: + name: > + Stripe Add-on for iThemes Exchange < 1.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3ce7e7-c816-49d3-b794-91b71cb3e9c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-stripe/" + google-query: inurl:"/wp-content/plugins/exchange-addon-stripe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-stripe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-stripe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-stripe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-addon-table-rate-shipping-3a6771ca38d2c7d158262d9fbdbb7826.yaml b/nuclei-templates/cve-less/plugins/exchange-addon-table-rate-shipping-3a6771ca38d2c7d158262d9fbdbb7826.yaml new file mode 100644 index 0000000000..683e9e1b0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-addon-table-rate-shipping-3a6771ca38d2c7d158262d9fbdbb7826.yaml @@ -0,0 +1,58 @@ +id: exchange-addon-table-rate-shipping-3a6771ca38d2c7d158262d9fbdbb7826 + +info: + name: > + Exchange Addon Table Rate Shipping < 1.1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a03792a-7e14-41c6-a60c-cb5d389f7539?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-addon-table-rate-shipping/" + google-query: inurl:"/wp-content/plugins/exchange-addon-table-rate-shipping/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-addon-table-rate-shipping,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-addon-table-rate-shipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-addon-table-rate-shipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exchange-rates-widget-776b8b2ca961da26b6b406dc75d9298e.yaml b/nuclei-templates/cve-less/plugins/exchange-rates-widget-776b8b2ca961da26b6b406dc75d9298e.yaml new file mode 100644 index 0000000000..6edc4412f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exchange-rates-widget-776b8b2ca961da26b6b406dc75d9298e.yaml @@ -0,0 +1,58 @@ +id: exchange-rates-widget-776b8b2ca961da26b6b406dc75d9298e + +info: + name: > + Exchange Rates Widget <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2970bea4-4641-4885-b996-2bf0b848e1ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exchange-rates-widget/" + google-query: inurl:"/wp-content/plugins/exchange-rates-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exchange-rates-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exchange-rates-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exchange-rates-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-007d55abdcc3037b38fa1f4866ebcef6.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-007d55abdcc3037b38fa1f4866ebcef6.yaml new file mode 100644 index 0000000000..159d04700d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-007d55abdcc3037b38fa1f4866ebcef6.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-007d55abdcc3037b38fa1f4866ebcef6 + +info: + name: > + Exclusive Addons Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6ba3ce1-7c50-4e9d-b9e0-bcefc9ca74fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-03413c94281e9bdcb28cf85f17f56cbd.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-03413c94281e9bdcb28cf85f17f56cbd.yaml new file mode 100644 index 0000000000..20780ed3e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-03413c94281e9bdcb28cf85f17f56cbd.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-03413c94281e9bdcb28cf85f17f56cbd + +info: + name: > + Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Covid-19 Stats Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d44ecf8a-d19a-403a-96c7-89e223a5cc22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-26c4a41ab859ae4dbf470aba313f594b.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-26c4a41ab859ae4dbf470aba313f594b.yaml new file mode 100644 index 0000000000..c237004d42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-26c4a41ab859ae4dbf470aba313f594b.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-26c4a41ab859ae4dbf470aba313f594b + +info: + name: > + Exclusive Addons for Elementor <= 2.6.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64792dd9-f16b-4929-a2ba-a6f53b2e975f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-27f5aa34f1beb8f61eb1e953a98567c3.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-27f5aa34f1beb8f61eb1e953a98567c3.yaml new file mode 100644 index 0000000000..9f12b12e5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-27f5aa34f1beb8f61eb1e953a98567c3.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-27f5aa34f1beb8f61eb1e953a98567c3 + +info: + name: > + Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/206c5736-d9d9-4029-afdf-d76251cc81ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-2f36bf28ff455df3f6e5bee8596dc834.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-2f36bf28ff455df3f6e5bee8596dc834.yaml new file mode 100644 index 0000000000..653f2071c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-2f36bf28ff455df3f6e5bee8596dc834.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-2f36bf28ff455df3f6e5bee8596dc834 + +info: + name: > + Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-34bbbe6df5443652a8ecc2885cf36469.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-34bbbe6df5443652a8ecc2885cf36469.yaml new file mode 100644 index 0000000000..329ab9f0f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-34bbbe6df5443652a8ecc2885cf36469.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-34bbbe6df5443652a8ecc2885cf36469 + +info: + name: > + Exclusive Addons Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75da181d-3162-448f-afb8-dc05748184f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-4ab49877e45f4a964303177554e78a85.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-4ab49877e45f4a964303177554e78a85.yaml new file mode 100644 index 0000000000..0a03545a86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-4ab49877e45f4a964303177554e78a85.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-4ab49877e45f4a964303177554e78a85 + +info: + name: > + Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f40956e0-6e5c-4965-84f8-2420ad14a299?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-824dccfdb78b425ce34b0edfaef506c4.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-824dccfdb78b425ce34b0edfaef506c4.yaml new file mode 100644 index 0000000000..614c1a03a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-824dccfdb78b425ce34b0edfaef506c4.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-824dccfdb78b425ce34b0edfaef506c4 + +info: + name: > + Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a12acf0-932e-4dff-9da6-9fbace11dbe1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..feba94a022 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-8639b20a2b1f76694c89791c1b2d91eb.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-8639b20a2b1f76694c89791c1b2d91eb.yaml new file mode 100644 index 0000000000..90db8ce1bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-8639b20a2b1f76694c89791c1b2d91eb.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-8639b20a2b1f76694c89791c1b2d91eb + +info: + name: > + Exclusive Addons for Elementor <= 2.6.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Expired Title + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76b987f1-2524-498a-a02c-a3ca390026e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-b68fc6d974fd5ff5ec00e24e4a23388f.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-b68fc6d974fd5ff5ec00e24e4a23388f.yaml new file mode 100644 index 0000000000..4e5171a8df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-b68fc6d974fd5ff5ec00e24e4a23388f.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-b68fc6d974fd5ff5ec00e24e4a23388f + +info: + name: > + Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via InfoBox + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9ad2dff-0c6d-4d91-a35d-803b97def01f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..2cf5ab26c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-ba61abda2c1a03aab77d7d30f615bf9e.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-ba61abda2c1a03aab77d7d30f615bf9e.yaml new file mode 100644 index 0000000000..3294687bcc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-ba61abda2c1a03aab77d7d30f615bf9e.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-ba61abda2c1a03aab77d7d30f615bf9e + +info: + name: > + Exclusive Addons Elementor <= 2.6.9.1 - Missing Authorization to Post Duplication + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eae9b960-36b1-4b83-855a-d1beaa60a93f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-d0e696248d665e9f0a517c6587bde743.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-d0e696248d665e9f0a517c6587bde743.yaml new file mode 100644 index 0000000000..f92674f717 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-d0e696248d665e9f0a517c6587bde743.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-d0e696248d665e9f0a517c6587bde743 + +info: + name: > + Exclusive Addons for Elementor <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Anything + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/925b0a86-ed23-471c-84e2-ae78a01b1876?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-dc46778586f851feacb609ba4df93bd9.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-dc46778586f851feacb609ba4df93bd9.yaml new file mode 100644 index 0000000000..eec16f82c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-dc46778586f851feacb609ba4df93bd9.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-dc46778586f851feacb609ba4df93bd9 + +info: + name: > + Exclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3011b783-e4b4-45d2-81af-2f8d166a30ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-f3fab83347fba28adb4199c2198991f2.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-f3fab83347fba28adb4199c2198991f2.yaml new file mode 100644 index 0000000000..53839b0673 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-f3fab83347fba28adb4199c2198991f2.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-f3fab83347fba28adb4199c2198991f2 + +info: + name: > + Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b87fe3d-a88d-477a-8d91-4d7c2dba4a43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-f6158c89533171b67393d05399849800.yaml b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-f6158c89533171b67393d05399849800.yaml new file mode 100644 index 0000000000..1350bc5f97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-addons-for-elementor-f6158c89533171b67393d05399849800.yaml @@ -0,0 +1,58 @@ +id: exclusive-addons-for-elementor-f6158c89533171b67393d05399849800 + +info: + name: > + Exclusive Addons for Elementor <= 2.6.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Post Grid + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bd53172-ddfa-481a-818d-626b9db6fe41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exclusive-team-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/exclusive-team-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..2be93f2447 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exclusive-team-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: exclusive-team-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exclusive-team-for-elementor/" + google-query: inurl:"/wp-content/plugins/exclusive-team-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exclusive-team-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exclusive-team-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exclusive-team-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exit-intent-popups-by-optimonk-f9d8d4d48e517849984915b0fb71d1b5.yaml b/nuclei-templates/cve-less/plugins/exit-intent-popups-by-optimonk-f9d8d4d48e517849984915b0fb71d1b5.yaml new file mode 100644 index 0000000000..72375a371a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exit-intent-popups-by-optimonk-f9d8d4d48e517849984915b0fb71d1b5.yaml @@ -0,0 +1,58 @@ +id: exit-intent-popups-by-optimonk-f9d8d4d48e517849984915b0fb71d1b5 + +info: + name: > + Exit Popups & Onsite Retargeting by OptiMonk <= 2.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfa8328b-5932-4396-b0ef-e16a7ec3b365?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exit-intent-popups-by-optimonk/" + google-query: inurl:"/wp-content/plugins/exit-intent-popups-by-optimonk/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exit-intent-popups-by-optimonk,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exit-intent-popups-by-optimonk/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exit-intent-popups-by-optimonk" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exit-popup-show-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/exit-popup-show-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..792ea3ba1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exit-popup-show-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: exit-popup-show-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exit-popup-show/" + google-query: inurl:"/wp-content/plugins/exit-popup-show/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exit-popup-show,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exit-popup-show/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exit-popup-show" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exit-strategy-c407ae94c2e09109c54e22295b58f6a2.yaml b/nuclei-templates/cve-less/plugins/exit-strategy-c407ae94c2e09109c54e22295b58f6a2.yaml new file mode 100644 index 0000000000..4ff5c1c4e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exit-strategy-c407ae94c2e09109c54e22295b58f6a2.yaml @@ -0,0 +1,58 @@ +id: exit-strategy-c407ae94c2e09109c54e22295b58f6a2 + +info: + name: > + WordPress Exit Strategy <= 1.55 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c7115f9-a0b0-43ed-9153-a9fe87176e4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exit-strategy/" + google-query: inurl:"/wp-content/plugins/exit-strategy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exit-strategy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exit-strategy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exit-strategy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.55') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exmage-wp-image-links-83161de0c1fd793802b927949569bb1f.yaml b/nuclei-templates/cve-less/plugins/exmage-wp-image-links-83161de0c1fd793802b927949569bb1f.yaml new file mode 100644 index 0000000000..e4171221fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exmage-wp-image-links-83161de0c1fd793802b927949569bb1f.yaml @@ -0,0 +1,58 @@ +id: exmage-wp-image-links-83161de0c1fd793802b927949569bb1f + +info: + name: > + EXMAGE – WordPress Image Links <= 1.0.6 - Admin+ Blind SSRF + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0dd1ded1-8966-4247-ab75-17980f00f9b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exmage-wp-image-links/" + google-query: inurl:"/wp-content/plugins/exmage-wp-image-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exmage-wp-image-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exmage-wp-image-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exmage-wp-image-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/expand-maker-20e2ffcefe24845b4b4e6344c91c5c95.yaml b/nuclei-templates/cve-less/plugins/expand-maker-20e2ffcefe24845b4b4e6344c91c5c95.yaml new file mode 100644 index 0000000000..4c33c16413 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/expand-maker-20e2ffcefe24845b4b4e6344c91c5c95.yaml @@ -0,0 +1,58 @@ +id: expand-maker-20e2ffcefe24845b4b4e6344c91c5c95 + +info: + name: > + Read More & Accordion <= 3.2.6.1 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73ab9f95-05cc-47fc-bfcb-1787f6f80789?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/expand-maker/" + google-query: inurl:"/wp-content/plugins/expand-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,expand-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/expand-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "expand-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/expivi-434bdc3a2d6d4c7bf3a3c2d6bf17f8ff.yaml b/nuclei-templates/cve-less/plugins/expivi-434bdc3a2d6d4c7bf3a3c2d6bf17f8ff.yaml new file mode 100644 index 0000000000..5ec345c6fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/expivi-434bdc3a2d6d4c7bf3a3c2d6bf17f8ff.yaml @@ -0,0 +1,58 @@ +id: expivi-434bdc3a2d6d4c7bf3a3c2d6bf17f8ff + +info: + name: > + Product Configurator for WooCommerce <= 1.2.31 - Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79766bb2-a796-48b4-afb5-520303a73739?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/expivi/" + google-query: inurl:"/wp-content/plugins/expivi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,expivi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/expivi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "expivi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-all-urls-171d0fe1d81993f6ce1992662fece84b.yaml b/nuclei-templates/cve-less/plugins/export-all-urls-171d0fe1d81993f6ce1992662fece84b.yaml new file mode 100644 index 0000000000..efdefda3da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-all-urls-171d0fe1d81993f6ce1992662fece84b.yaml @@ -0,0 +1,58 @@ +id: export-all-urls-171d0fe1d81993f6ce1992662fece84b + +info: + name: > + Export All URLs <= 4.2 - Cross-Site Request Forgery to Sensitive Data Export + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ac8e551-7995-4201-b711-87773da1be9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-all-urls/" + google-query: inurl:"/wp-content/plugins/export-all-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-all-urls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-all-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-all-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-all-urls-4f798a978754f7760bf888652cfdf4e3.yaml b/nuclei-templates/cve-less/plugins/export-all-urls-4f798a978754f7760bf888652cfdf4e3.yaml new file mode 100644 index 0000000000..86bded33f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-all-urls-4f798a978754f7760bf888652cfdf4e3.yaml @@ -0,0 +1,58 @@ +id: export-all-urls-4f798a978754f7760bf888652cfdf4e3 + +info: + name: > + Export All URLs <= 4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a7afe2c-13ca-4df4-89c9-1544db016cdc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-all-urls/" + google-query: inurl:"/wp-content/plugins/export-all-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-all-urls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-all-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-all-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-all-urls-a2bd93b9a3b512bd46c713fd9b617e38.yaml b/nuclei-templates/cve-less/plugins/export-all-urls-a2bd93b9a3b512bd46c713fd9b617e38.yaml new file mode 100644 index 0000000000..b8acf81242 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-all-urls-a2bd93b9a3b512bd46c713fd9b617e38.yaml @@ -0,0 +1,58 @@ +id: export-all-urls-a2bd93b9a3b512bd46c713fd9b617e38 + +info: + name: > + Export All URLs <= 4.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/066c9327-6d72-41f9-895e-d14fe6471832?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-all-urls/" + google-query: inurl:"/wp-content/plugins/export-all-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-all-urls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-all-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-all-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-all-urls-b5b013b649a98c215832bbde298896e0.yaml b/nuclei-templates/cve-less/plugins/export-all-urls-b5b013b649a98c215832bbde298896e0.yaml new file mode 100644 index 0000000000..16bf572892 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-all-urls-b5b013b649a98c215832bbde298896e0.yaml @@ -0,0 +1,58 @@ +id: export-all-urls-b5b013b649a98c215832bbde298896e0 + +info: + name: > + Export All URLs <= 4.1 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c14b1d49-efea-4c09-9448-533223c6d2e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-all-urls/" + google-query: inurl:"/wp-content/plugins/export-all-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-all-urls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-all-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-all-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-all-urls-e300fc2b33c3e4cbe76c5a5f26d2b663.yaml b/nuclei-templates/cve-less/plugins/export-all-urls-e300fc2b33c3e4cbe76c5a5f26d2b663.yaml new file mode 100644 index 0000000000..7f6502e0ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-all-urls-e300fc2b33c3e4cbe76c5a5f26d2b663.yaml @@ -0,0 +1,58 @@ +id: export-all-urls-e300fc2b33c3e4cbe76c5a5f26d2b663 + +info: + name: > + Export All URLs <= 4.3 - Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2493a2f8-d4e4-4c42-b748-5632b96b085e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-all-urls/" + google-query: inurl:"/wp-content/plugins/export-all-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-all-urls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-all-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-all-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-import-menus-554b3becffafc2d7533a6574bfe4f7de.yaml b/nuclei-templates/cve-less/plugins/export-import-menus-554b3becffafc2d7533a6574bfe4f7de.yaml new file mode 100644 index 0000000000..ef9a2aa975 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-import-menus-554b3becffafc2d7533a6574bfe4f7de.yaml @@ -0,0 +1,58 @@ +id: export-import-menus-554b3becffafc2d7533a6574bfe4f7de + +info: + name: > + Export Import Menus <= 1.8.0 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d74efb03-4a1c-4163-bd79-ef17975a609e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-import-menus/" + google-query: inurl:"/wp-content/plugins/export-import-menus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-import-menus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-import-menus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-import-menus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-media-urls-04fd004ccf778c74722c06c23011f3f9.yaml b/nuclei-templates/cve-less/plugins/export-media-urls-04fd004ccf778c74722c06c23011f3f9.yaml new file mode 100644 index 0000000000..c59dae1eca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-media-urls-04fd004ccf778c74722c06c23011f3f9.yaml @@ -0,0 +1,58 @@ +id: export-media-urls-04fd004ccf778c74722c06c23011f3f9 + +info: + name: > + Export Media URLs <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b121abf-3842-43ac-a3dc-bde6d5e0b263?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-media-urls/" + google-query: inurl:"/wp-content/plugins/export-media-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-media-urls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-media-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-media-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-post-info-0bf76c13f5d059f24c33a04b1579ea8d.yaml b/nuclei-templates/cve-less/plugins/export-post-info-0bf76c13f5d059f24c33a04b1579ea8d.yaml new file mode 100644 index 0000000000..42251626ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-post-info-0bf76c13f5d059f24c33a04b1579ea8d.yaml @@ -0,0 +1,58 @@ +id: export-post-info-0bf76c13f5d059f24c33a04b1579ea8d + +info: + name: > + Export Post Info <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890f83dc-d8d2-4fb2-a04a-c7b70d104b49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-post-info/" + google-query: inurl:"/wp-content/plugins/export-post-info/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-post-info,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-post-info/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-post-info" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-post-info-80eb51ecba5ec678d038fbafb9f76a3a.yaml b/nuclei-templates/cve-less/plugins/export-post-info-80eb51ecba5ec678d038fbafb9f76a3a.yaml new file mode 100644 index 0000000000..3c23d10742 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-post-info-80eb51ecba5ec678d038fbafb9f76a3a.yaml @@ -0,0 +1,58 @@ +id: export-post-info-80eb51ecba5ec678d038fbafb9f76a3a + +info: + name: > + Export Post Info <= 1.2.0 - Authenticated (Author+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e033dd4a-bc82-403a-82aa-cd8516290f4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-post-info/" + google-query: inurl:"/wp-content/plugins/export-post-info/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-post-info,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-post-info/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-post-info" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-users-947efea3054054e672bdea86aa02538b.yaml b/nuclei-templates/cve-less/plugins/export-users-947efea3054054e672bdea86aa02538b.yaml new file mode 100644 index 0000000000..2be92b1414 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-users-947efea3054054e672bdea86aa02538b.yaml @@ -0,0 +1,58 @@ +id: export-users-947efea3054054e672bdea86aa02538b + +info: + name: > + Export Users to CSV < 1.4 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa309da6-6552-43e4-aeea-f822493dd029?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-users/" + google-query: inurl:"/wp-content/plugins/export-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-users,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-users-data-csv-e05fa458a1f240ccb4e1b67dcb2e1cc1.yaml b/nuclei-templates/cve-less/plugins/export-users-data-csv-e05fa458a1f240ccb4e1b67dcb2e1cc1.yaml new file mode 100644 index 0000000000..717c0738cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-users-data-csv-e05fa458a1f240ccb4e1b67dcb2e1cc1.yaml @@ -0,0 +1,58 @@ +id: export-users-data-csv-e05fa458a1f240ccb4e1b67dcb2e1cc1 + +info: + name: > + Export Users Data CSV <= 2.1 - Authenticated (Subscriber+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a53430c1-7a2d-4c05-94ee-691e06759797?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-users-data-csv/" + google-query: inurl:"/wp-content/plugins/export-users-data-csv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-users-data-csv,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-users-data-csv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-users-data-csv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-users-data-distinct-8972c0084426af137e3ac2a4f9b562c5.yaml b/nuclei-templates/cve-less/plugins/export-users-data-distinct-8972c0084426af137e3ac2a4f9b562c5.yaml new file mode 100644 index 0000000000..55a1a185de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-users-data-distinct-8972c0084426af137e3ac2a4f9b562c5.yaml @@ -0,0 +1,58 @@ +id: export-users-data-distinct-8972c0084426af137e3ac2a4f9b562c5 + +info: + name: > + Export Users Data Distinct <= 1.3 - Authenticated (Subscriber+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03a1724c-8fea-4e9f-a4a1-9de236e1f15a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-users-data-distinct/" + google-query: inurl:"/wp-content/plugins/export-users-data-distinct/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-users-data-distinct,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-users-data-distinct/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-users-data-distinct" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-users-to-csv-6f6838754144cfba3c6bd90cbbf7e92a.yaml b/nuclei-templates/cve-less/plugins/export-users-to-csv-6f6838754144cfba3c6bd90cbbf7e92a.yaml new file mode 100644 index 0000000000..3875fd1a02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-users-to-csv-6f6838754144cfba3c6bd90cbbf7e92a.yaml @@ -0,0 +1,58 @@ +id: export-users-to-csv-6f6838754144cfba3c6bd90cbbf7e92a + +info: + name: > + Export Users to CSV <= 1.1.1 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fc72cff-b708-4fa2-a734-481446641a61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-users-to-csv/" + google-query: inurl:"/wp-content/plugins/export-users-to-csv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-users-to-csv,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-users-to-csv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-users-to-csv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-woocommerce-466267eb695f096848ba3c66efa093ba.yaml b/nuclei-templates/cve-less/plugins/export-woocommerce-466267eb695f096848ba3c66efa093ba.yaml new file mode 100644 index 0000000000..7b43d2e9ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-woocommerce-466267eb695f096848ba3c66efa093ba.yaml @@ -0,0 +1,58 @@ +id: export-woocommerce-466267eb695f096848ba3c66efa093ba + +info: + name: > + Products & Order Export for WooCommerce <= 2.0.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da1f68a5-8ca7-4744-9b73-09e767072885?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-woocommerce/" + google-query: inurl:"/wp-content/plugins/export-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-woocommerce-9c4ed2f25624ef8c0b44e775a33394e9.yaml b/nuclei-templates/cve-less/plugins/export-woocommerce-9c4ed2f25624ef8c0b44e775a33394e9.yaml new file mode 100644 index 0000000000..de3b3b3f3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-woocommerce-9c4ed2f25624ef8c0b44e775a33394e9.yaml @@ -0,0 +1,58 @@ +id: export-woocommerce-9c4ed2f25624ef8c0b44e775a33394e9 + +info: + name: > + Products, Order & Customers Export for WooCommerce <= 2.0.10 - Reflected Cross-Site Scripting via date parameters + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eac8685b-8ed9-432d-8912-b66bd62c950f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-woocommerce/" + google-query: inurl:"/wp-content/plugins/export-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-woocommerce-customer-list-555fded38156b09a0ae4a96c58cecb2d.yaml b/nuclei-templates/cve-less/plugins/export-woocommerce-customer-list-555fded38156b09a0ae4a96c58cecb2d.yaml new file mode 100644 index 0000000000..6145025091 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-woocommerce-customer-list-555fded38156b09a0ae4a96c58cecb2d.yaml @@ -0,0 +1,58 @@ +id: export-woocommerce-customer-list-555fded38156b09a0ae4a96c58cecb2d + +info: + name: > + Export customers list csv for WooCommerce <= 2.0.67 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cede7e6f-e3e8-479b-9c7b-91c390ed3936?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-woocommerce-customer-list/" + google-query: inurl:"/wp-content/plugins/export-woocommerce-customer-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-woocommerce-customer-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-woocommerce-customer-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-woocommerce-customer-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-wp-page-to-static-html-40abb9e32e5d663357bcdf2c7ce0ff79.yaml b/nuclei-templates/cve-less/plugins/export-wp-page-to-static-html-40abb9e32e5d663357bcdf2c7ce0ff79.yaml new file mode 100644 index 0000000000..8f18ac82b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-wp-page-to-static-html-40abb9e32e5d663357bcdf2c7ce0ff79.yaml @@ -0,0 +1,58 @@ +id: export-wp-page-to-static-html-40abb9e32e5d663357bcdf2c7ce0ff79 + +info: + name: > + Export WP Page to Static HTML/CSS <= 2.1.9 - Cross-Site Request Forgery via Multiple AJAX Actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7781e20b-c258-4bfd-9050-75a50a335628?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-wp-page-to-static-html/" + google-query: inurl:"/wp-content/plugins/export-wp-page-to-static-html/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-wp-page-to-static-html,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-wp-page-to-static-html/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-wp-page-to-static-html" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/export-wp-page-to-static-html-96488db43481ee059de402cf95554483.yaml b/nuclei-templates/cve-less/plugins/export-wp-page-to-static-html-96488db43481ee059de402cf95554483.yaml new file mode 100644 index 0000000000..bcd72d628f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/export-wp-page-to-static-html-96488db43481ee059de402cf95554483.yaml @@ -0,0 +1,58 @@ +id: export-wp-page-to-static-html-96488db43481ee059de402cf95554483 + +info: + name: > + Export WP Page to Static HTML/CSS <= 2.1.9 - Missing Authorization via Multiple AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47cb48aa-b556-4f25-ac68-ff0a812972c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/export-wp-page-to-static-html/" + google-query: inurl:"/wp-content/plugins/export-wp-page-to-static-html/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,export-wp-page-to-static-html,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/export-wp-page-to-static-html/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "export-wp-page-to-static-html" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exportfeed-for-woocommerce-google-product-feed-b2d6fe0a5065d0107b2198e03dfa4409.yaml b/nuclei-templates/cve-less/plugins/exportfeed-for-woocommerce-google-product-feed-b2d6fe0a5065d0107b2198e03dfa4409.yaml new file mode 100644 index 0000000000..752978aa42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exportfeed-for-woocommerce-google-product-feed-b2d6fe0a5065d0107b2198e03dfa4409.yaml @@ -0,0 +1,58 @@ +id: exportfeed-for-woocommerce-google-product-feed-b2d6fe0a5065d0107b2198e03dfa4409 + +info: + name: > + Sync WooCommerce Product feed to Google Shopping <= 1.2.4 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eee9e199-00c6-4640-bd7c-e1316e2bba51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exportfeed-for-woocommerce-google-product-feed/" + google-query: inurl:"/wp-content/plugins/exportfeed-for-woocommerce-google-product-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exportfeed-for-woocommerce-google-product-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exportfeed-for-woocommerce-google-product-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exportfeed-for-woocommerce-google-product-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exportfeed-for-woocommerce-product-to-etsy-2b0c3de81abe87f7163c2ade96d864cf.yaml b/nuclei-templates/cve-less/plugins/exportfeed-for-woocommerce-product-to-etsy-2b0c3de81abe87f7163c2ade96d864cf.yaml new file mode 100644 index 0000000000..c3d130f6e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exportfeed-for-woocommerce-product-to-etsy-2b0c3de81abe87f7163c2ade96d864cf.yaml @@ -0,0 +1,58 @@ +id: exportfeed-for-woocommerce-product-to-etsy-2b0c3de81abe87f7163c2ade96d864cf + +info: + name: > + WooCommerce Etsy Integration <= 3.3.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99489cc0-2e73-4d55-b95f-46d574897fac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/" + google-query: inurl:"/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exportfeed-for-woocommerce-product-to-etsy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exportfeed-for-woocommerce-product-to-etsy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exportfeed-for-woocommerce-product-to-etsy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exportfeed-list-woocommerce-products-on-ebay-store-e3d531049fbe8d4cfc0687a776a83ff1.yaml b/nuclei-templates/cve-less/plugins/exportfeed-list-woocommerce-products-on-ebay-store-e3d531049fbe8d4cfc0687a776a83ff1.yaml new file mode 100644 index 0000000000..fa8f8d145e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exportfeed-list-woocommerce-products-on-ebay-store-e3d531049fbe8d4cfc0687a776a83ff1.yaml @@ -0,0 +1,58 @@ +id: exportfeed-list-woocommerce-products-on-ebay-store-e3d531049fbe8d4cfc0687a776a83ff1 + +info: + name: > + ExportFeed <= 2.0.1.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32179cca-2253-49c7-89f7-aa48bcfad716?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exportfeed-list-woocommerce-products-on-ebay-store/" + google-query: inurl:"/wp-content/plugins/exportfeed-list-woocommerce-products-on-ebay-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exportfeed-list-woocommerce-products-on-ebay-store,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exportfeed-list-woocommerce-products-on-ebay-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exportfeed-list-woocommerce-products-on-ebay-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exports-and-reports-cfd16ad8dc5bcf726c8b8727896a65ef.yaml b/nuclei-templates/cve-less/plugins/exports-and-reports-cfd16ad8dc5bcf726c8b8727896a65ef.yaml new file mode 100644 index 0000000000..c6d2f6dc0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exports-and-reports-cfd16ad8dc5bcf726c8b8727896a65ef.yaml @@ -0,0 +1,58 @@ +id: exports-and-reports-cfd16ad8dc5bcf726c8b8727896a65ef + +info: + name: > + Exports and Reports <= 0.9.1 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8dc41ac8-1126-4fcc-942e-89e15b1ebfb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exports-and-reports/" + google-query: inurl:"/wp-content/plugins/exports-and-reports/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exports-and-reports,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exports-and-reports/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exports-and-reports" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exquisite-paypal-donation-d864c9b876d3aee646e414b358c69b64.yaml b/nuclei-templates/cve-less/plugins/exquisite-paypal-donation-d864c9b876d3aee646e414b358c69b64.yaml new file mode 100644 index 0000000000..b468f8dccb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exquisite-paypal-donation-d864c9b876d3aee646e414b358c69b64.yaml @@ -0,0 +1,58 @@ +id: exquisite-paypal-donation-d864c9b876d3aee646e414b358c69b64 + +info: + name: > + Exquisite PayPal Donation <= v2.0.0 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46f7dc18-fc07-400a-bb79-0d9821299023?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exquisite-paypal-donation/" + google-query: inurl:"/wp-content/plugins/exquisite-paypal-donation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exquisite-paypal-donation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exquisite-paypal-donation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exquisite-paypal-donation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/extended-post-status-c787c6531ee0637047c0b6f0c28238e9.yaml b/nuclei-templates/cve-less/plugins/extended-post-status-c787c6531ee0637047c0b6f0c28238e9.yaml new file mode 100644 index 0000000000..ce6defb8c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/extended-post-status-c787c6531ee0637047c0b6f0c28238e9.yaml @@ -0,0 +1,58 @@ +id: extended-post-status-c787c6531ee0637047c0b6f0c28238e9 + +info: + name: > + Extended Post Status <= 1.0.19 - Missing Authorization via wp_insert_post_data + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6369b41-d93f-4959-8fad-be69ef724b24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/extended-post-status/" + google-query: inurl:"/wp-content/plugins/extended-post-status/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,extended-post-status,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/extended-post-status/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extended-post-status" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/extensions-for-cf7-b10d47efef131454e92762a235006179.yaml b/nuclei-templates/cve-less/plugins/extensions-for-cf7-b10d47efef131454e92762a235006179.yaml new file mode 100644 index 0000000000..11b3628cc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/extensions-for-cf7-b10d47efef131454e92762a235006179.yaml @@ -0,0 +1,58 @@ +id: extensions-for-cf7-b10d47efef131454e92762a235006179 + +info: + name: > + Extensions For CF7 <= 2.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05144b8d-2dad-4a40-abe7-ecde837ec350?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/extensions-for-cf7/" + google-query: inurl:"/wp-content/plugins/extensions-for-cf7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,extensions-for-cf7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/extensions-for-cf7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extensions-for-cf7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/extensions-for-cf7-d198bd5481953eb6029357e7049666d3.yaml b/nuclei-templates/cve-less/plugins/extensions-for-cf7-d198bd5481953eb6029357e7049666d3.yaml new file mode 100644 index 0000000000..d57866bd82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/extensions-for-cf7-d198bd5481953eb6029357e7049666d3.yaml @@ -0,0 +1,58 @@ +id: extensions-for-cf7-d198bd5481953eb6029357e7049666d3 + +info: + name: > + Extensions For CF7 <= 3.0.6 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bad00612-d98e-4b5e-88e8-664064588bdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/extensions-for-cf7/" + google-query: inurl:"/wp-content/plugins/extensions-for-cf7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,extensions-for-cf7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/extensions-for-cf7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extensions-for-cf7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/extensions-leaflet-map-e5ccc984a06602c5eeeca3eee991fc34.yaml b/nuclei-templates/cve-less/plugins/extensions-leaflet-map-e5ccc984a06602c5eeeca3eee991fc34.yaml new file mode 100644 index 0000000000..665b09e083 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/extensions-leaflet-map-e5ccc984a06602c5eeeca3eee991fc34.yaml @@ -0,0 +1,58 @@ +id: extensions-leaflet-map-e5ccc984a06602c5eeeca3eee991fc34 + +info: + name: > + Extensions for Leaflet Map <= 3.4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e332a52-071c-4725-99db-3cc10ee50230?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/extensions-leaflet-map/" + google-query: inurl:"/wp-content/plugins/extensions-leaflet-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,extensions-leaflet-map,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/extensions-leaflet-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extensions-leaflet-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/extensive-vc-addon-8b8ebcc1129f204595ea40775fe38d9a.yaml b/nuclei-templates/cve-less/plugins/extensive-vc-addon-8b8ebcc1129f204595ea40775fe38d9a.yaml new file mode 100644 index 0000000000..dbdcf6d948 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/extensive-vc-addon-8b8ebcc1129f204595ea40775fe38d9a.yaml @@ -0,0 +1,58 @@ +id: extensive-vc-addon-8b8ebcc1129f204595ea40775fe38d9a + +info: + name: > + Extensive VC Addons for WPBakery page builder <= 1.9 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c85fa04e-477e-4ac9-b112-02b2ab18ca32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/extensive-vc-addon/" + google-query: inurl:"/wp-content/plugins/extensive-vc-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,extensive-vc-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/extensive-vc-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extensive-vc-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/external-media-2b23e7bc36f5649501747aa394af6972.yaml b/nuclei-templates/cve-less/plugins/external-media-2b23e7bc36f5649501747aa394af6972.yaml new file mode 100644 index 0000000000..058052d77c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/external-media-2b23e7bc36f5649501747aa394af6972.yaml @@ -0,0 +1,58 @@ +id: external-media-2b23e7bc36f5649501747aa394af6972 + +info: + name: > + External Media <= 1.0.35 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2121162-68db-47c4-80f6-222f013f48c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/external-media/" + google-query: inurl:"/wp-content/plugins/external-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,external-media,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/external-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "external-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/external-media-937a14986e699492c9c7f6e0e211e4a4.yaml b/nuclei-templates/cve-less/plugins/external-media-937a14986e699492c9c7f6e0e211e4a4.yaml new file mode 100644 index 0000000000..ccdcf01818 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/external-media-937a14986e699492c9c7f6e0e211e4a4.yaml @@ -0,0 +1,58 @@ +id: external-media-937a14986e699492c9c7f6e0e211e4a4 + +info: + name: > + External Media <= 1.0.33 - Authenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8f31b4b-c8d8-4028-b419-f8396a5cb2a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/external-media/" + google-query: inurl:"/wp-content/plugins/external-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,external-media,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/external-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "external-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/external-media-without-import-47882f7a2bc08ac13c7e58b547c2a0c7.yaml b/nuclei-templates/cve-less/plugins/external-media-without-import-47882f7a2bc08ac13c7e58b547c2a0c7.yaml new file mode 100644 index 0000000000..d894a9ffe6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/external-media-without-import-47882f7a2bc08ac13c7e58b547c2a0c7.yaml @@ -0,0 +1,58 @@ +id: external-media-without-import-47882f7a2bc08ac13c7e58b547c2a0c7 + +info: + name: > + External Media without Import <= 1.1.2 - Authenticated (Subscriber+) Blind Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e330894-9a15-4ce3-b388-90fda3d98f8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/external-media-without-import/" + google-query: inurl:"/wp-content/plugins/external-media-without-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,external-media-without-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/external-media-without-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "external-media-without-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/external-media-without-import-55f57d9ee6e02fda2c4bc79302123377.yaml b/nuclei-templates/cve-less/plugins/external-media-without-import-55f57d9ee6e02fda2c4bc79302123377.yaml new file mode 100644 index 0000000000..63d63d213b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/external-media-without-import-55f57d9ee6e02fda2c4bc79302123377.yaml @@ -0,0 +1,58 @@ +id: external-media-without-import-55f57d9ee6e02fda2c4bc79302123377 + +info: + name: > + External Media without Import < 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdaaffa7-eb5e-4cb9-aa26-12cfeb7dabd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/external-media-without-import/" + google-query: inurl:"/wp-content/plugins/external-media-without-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,external-media-without-import,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/external-media-without-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "external-media-without-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/external-videos-c96e975122963919f6930b9c017e5991.yaml b/nuclei-templates/cve-less/plugins/external-videos-c96e975122963919f6930b9c017e5991.yaml new file mode 100644 index 0000000000..64babe5d68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/external-videos-c96e975122963919f6930b9c017e5991.yaml @@ -0,0 +1,58 @@ +id: external-videos-c96e975122963919f6930b9c017e5991 + +info: + name: > + External Videos <= 2.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/168e8512-d551-47f9-bc2b-c458180a6d13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/external-videos/" + google-query: inurl:"/wp-content/plugins/external-videos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,external-videos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/external-videos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "external-videos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/extra-product-options-for-woocommerce-17ad0651e8a5c8de6d9430b66387dde0.yaml b/nuclei-templates/cve-less/plugins/extra-product-options-for-woocommerce-17ad0651e8a5c8de6d9430b66387dde0.yaml new file mode 100644 index 0000000000..08af1025f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/extra-product-options-for-woocommerce-17ad0651e8a5c8de6d9430b66387dde0.yaml @@ -0,0 +1,58 @@ +id: extra-product-options-for-woocommerce-17ad0651e8a5c8de6d9430b66387dde0 + +info: + name: > + Extra Product Options for WooCommerce <= 3.0.3 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/393a856e-dc13-4fb6-8ff3-5880631953c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/extra-product-options-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/extra-product-options-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,extra-product-options-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/extra-product-options-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extra-product-options-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/extra-user-details-d6041cf221293372ef1d7c4da6af5933.yaml b/nuclei-templates/cve-less/plugins/extra-user-details-d6041cf221293372ef1d7c4da6af5933.yaml new file mode 100644 index 0000000000..55e099ad34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/extra-user-details-d6041cf221293372ef1d7c4da6af5933.yaml @@ -0,0 +1,58 @@ +id: extra-user-details-d6041cf221293372ef1d7c4da6af5933 + +info: + name: > + Extra User Details <= 0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81463022-c075-40e8-962d-b2ca27fd4f70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/extra-user-details/" + google-query: inurl:"/wp-content/plugins/extra-user-details/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,extra-user-details,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/extra-user-details/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extra-user-details" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/extra-user-details-ff2f93ef83cef5530210b6c4053efbfa.yaml b/nuclei-templates/cve-less/plugins/extra-user-details-ff2f93ef83cef5530210b6c4053efbfa.yaml new file mode 100644 index 0000000000..e3c5a67aad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/extra-user-details-ff2f93ef83cef5530210b6c4053efbfa.yaml @@ -0,0 +1,58 @@ +id: extra-user-details-ff2f93ef83cef5530210b6c4053efbfa + +info: + name: > + Extra User Details <= 0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2362dea-8c4a-426f-9482-b7e19b8f5f4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/extra-user-details/" + google-query: inurl:"/wp-content/plugins/extra-user-details/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,extra-user-details,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/extra-user-details/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extra-user-details" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/exxp-wp-21d6fb0129ec0276cbb256583b4e5048.yaml b/nuclei-templates/cve-less/plugins/exxp-wp-21d6fb0129ec0276cbb256583b4e5048.yaml new file mode 100644 index 0000000000..2c087bcdeb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/exxp-wp-21d6fb0129ec0276cbb256583b4e5048.yaml @@ -0,0 +1,58 @@ +id: exxp-wp-21d6fb0129ec0276cbb256583b4e5048 + +info: + name: > + Exxp <= 2.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0de75f3f-1e6b-42ea-9f08-54c32e37b4c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/exxp-wp/" + google-query: inurl:"/wp-content/plugins/exxp-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,exxp-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/exxp-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exxp-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/eyes-only-user-access-shortcode-6ae4507849a8e19efb73377acf163d95.yaml b/nuclei-templates/cve-less/plugins/eyes-only-user-access-shortcode-6ae4507849a8e19efb73377acf163d95.yaml new file mode 100644 index 0000000000..b8de52e60c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/eyes-only-user-access-shortcode-6ae4507849a8e19efb73377acf163d95.yaml @@ -0,0 +1,58 @@ +id: eyes-only-user-access-shortcode-6ae4507849a8e19efb73377acf163d95 + +info: + name: > + Eyes Only: User Access Shortcode <= 1.8.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bbc181f-318e-48ea-a2f7-c668ad15c8a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/eyes-only-user-access-shortcode/" + google-query: inurl:"/wp-content/plugins/eyes-only-user-access-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,eyes-only-user-access-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/eyes-only-user-access-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eyes-only-user-access-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ez-form-calculator-ce2576aadbb4f84195b6b6013f98bb8b.yaml b/nuclei-templates/cve-less/plugins/ez-form-calculator-ce2576aadbb4f84195b6b6013f98bb8b.yaml new file mode 100644 index 0000000000..edfebe13f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ez-form-calculator-ce2576aadbb4f84195b6b6013f98bb8b.yaml @@ -0,0 +1,58 @@ +id: ez-form-calculator-ce2576aadbb4f84195b6b6013f98bb8b + +info: + name: > + EZ Form Calculator <= 2.14.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ba1844f-96fb-458e-b428-bbc896977cd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ez-form-calculator/" + google-query: inurl:"/wp-content/plugins/ez-form-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ez-form-calculator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ez-form-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ez-form-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.14.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ezoic-integration-26aceda847c1eb3f25bb17474245905f.yaml b/nuclei-templates/cve-less/plugins/ezoic-integration-26aceda847c1eb3f25bb17474245905f.yaml new file mode 100644 index 0000000000..8e8fb24bad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ezoic-integration-26aceda847c1eb3f25bb17474245905f.yaml @@ -0,0 +1,58 @@ +id: ezoic-integration-26aceda847c1eb3f25bb17474245905f + +info: + name: > + Ezoic <= 2.8.8 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18368ad4-4c35-4b08-8297-2ebdf1bb6e46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ezoic-integration/" + google-query: inurl:"/wp-content/plugins/ezoic-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ezoic-integration,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ezoic-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ezoic-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ezoic-integration-f68243f27ec6cdc816f3b8c11a5b90ea.yaml b/nuclei-templates/cve-less/plugins/ezoic-integration-f68243f27ec6cdc816f3b8c11a5b90ea.yaml new file mode 100644 index 0000000000..482519829f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ezoic-integration-f68243f27ec6cdc816f3b8c11a5b90ea.yaml @@ -0,0 +1,58 @@ +id: ezoic-integration-f68243f27ec6cdc816f3b8c11a5b90ea + +info: + name: > + Ezoic <= 2.8.8 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f082a21e-0239-45fc-a7f2-9600f215783a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ezoic-integration/" + google-query: inurl:"/wp-content/plugins/ezoic-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ezoic-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ezoic-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ezoic-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ezpz-one-click-backup-d8d381cfd52ebd0caccc2d10110d0603.yaml b/nuclei-templates/cve-less/plugins/ezpz-one-click-backup-d8d381cfd52ebd0caccc2d10110d0603.yaml new file mode 100644 index 0000000000..e1bb35d6fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ezpz-one-click-backup-d8d381cfd52ebd0caccc2d10110d0603.yaml @@ -0,0 +1,58 @@ +id: ezpz-one-click-backup-d8d381cfd52ebd0caccc2d10110d0603 + +info: + name: > + EZPZ One Click Backup <= 12.03.10 - Unauthenticated Command Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf24216c-7882-4359-b526-44d845de0249?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ezpz-one-click-backup/" + google-query: inurl:"/wp-content/plugins/ezpz-one-click-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ezpz-one-click-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ezpz-one-click-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ezpz-one-click-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.03.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/f4-improvements-0ef9782b82fa8d84264b6b12b21ce750.yaml b/nuclei-templates/cve-less/plugins/f4-improvements-0ef9782b82fa8d84264b6b12b21ce750.yaml new file mode 100644 index 0000000000..4f3758c7cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/f4-improvements-0ef9782b82fa8d84264b6b12b21ce750.yaml @@ -0,0 +1,58 @@ +id: f4-improvements-0ef9782b82fa8d84264b6b12b21ce750 + +info: + name: > + F4 Improvements <= 1.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f628801-8c11-4464-a440-879f97949bf6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/f4-improvements/" + google-query: inurl:"/wp-content/plugins/f4-improvements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,f4-improvements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/f4-improvements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "f4-improvements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-button-plugin-9c248fffb99934b64b2404b3183ad52f.yaml b/nuclei-templates/cve-less/plugins/facebook-button-plugin-9c248fffb99934b64b2404b3183ad52f.yaml new file mode 100644 index 0000000000..020307e7a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-button-plugin-9c248fffb99934b64b2404b3183ad52f.yaml @@ -0,0 +1,58 @@ +id: facebook-button-plugin-9c248fffb99934b64b2404b3183ad52f + +info: + name: > + BestWebSoft's Like & Share <= 2.73 - Unauthenticated Password Protected Post Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a36310c-8a61-40aa-9520-89ead37553c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-button-plugin/" + google-query: inurl:"/wp-content/plugins/facebook-button-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-button-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-button-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-button-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.73') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-by-weblizar-281277016a09cf7dcda0f71c2e15f07f.yaml b/nuclei-templates/cve-less/plugins/facebook-by-weblizar-281277016a09cf7dcda0f71c2e15f07f.yaml new file mode 100644 index 0000000000..ae0ac1c48f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-by-weblizar-281277016a09cf7dcda0f71c2e15f07f.yaml @@ -0,0 +1,58 @@ +id: facebook-by-weblizar-281277016a09cf7dcda0f71c2e15f07f + +info: + name: > + Social LikeBox & Feed <= 2.8.4 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c5b6501-23c5-401b-815d-1729594e6a59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-by-weblizar/" + google-query: inurl:"/wp-content/plugins/facebook-by-weblizar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-by-weblizar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-by-weblizar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-by-weblizar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-comment-by-vivacity-ec95efd2e63d9d89b0c3d769bde2a40b.yaml b/nuclei-templates/cve-less/plugins/facebook-comment-by-vivacity-ec95efd2e63d9d89b0c3d769bde2a40b.yaml new file mode 100644 index 0000000000..53cd61ec06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-comment-by-vivacity-ec95efd2e63d9d89b0c3d769bde2a40b.yaml @@ -0,0 +1,58 @@ +id: facebook-comment-by-vivacity-ec95efd2e63d9d89b0c3d769bde2a40b + +info: + name: > + Comments by Startbit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/602b3b9c-76a7-4b0b-8aad-e554c2fd6910?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-comment-by-vivacity/" + google-query: inurl:"/wp-content/plugins/facebook-comment-by-vivacity/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-comment-by-vivacity,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-comment-by-vivacity/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-comment-by-vivacity" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-conversion-pixel-45d861039b945e03d43af50c9dafa301.yaml b/nuclei-templates/cve-less/plugins/facebook-conversion-pixel-45d861039b945e03d43af50c9dafa301.yaml new file mode 100644 index 0000000000..1db2ed2b54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-conversion-pixel-45d861039b945e03d43af50c9dafa301.yaml @@ -0,0 +1,58 @@ +id: facebook-conversion-pixel-45d861039b945e03d43af50c9dafa301 + +info: + name: > + Pixel Cat – Conversion Pixel Manager <= 2.6.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42901dcd-d318-4a37-b70f-bf6c5c58769d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-conversion-pixel/" + google-query: inurl:"/wp-content/plugins/facebook-conversion-pixel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-conversion-pixel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-conversion-pixel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-conversion-pixel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-conversion-pixel-e7103d15c56bf4b3a7eff2cebe3d9729.yaml b/nuclei-templates/cve-less/plugins/facebook-conversion-pixel-e7103d15c56bf4b3a7eff2cebe3d9729.yaml new file mode 100644 index 0000000000..cdd9a6bf72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-conversion-pixel-e7103d15c56bf4b3a7eff2cebe3d9729.yaml @@ -0,0 +1,58 @@ +id: facebook-conversion-pixel-e7103d15c56bf4b3a7eff2cebe3d9729 + +info: + name: > + Pixel Cat Lite <= 2.6.2 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f8af7fd-5800-4179-849e-a7ffaf8c3ad4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-conversion-pixel/" + google-query: inurl:"/wp-content/plugins/facebook-conversion-pixel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-conversion-pixel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-conversion-pixel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-conversion-pixel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-fan-page-widget-c912d868bff6df29fc1013dc04c342d0.yaml b/nuclei-templates/cve-less/plugins/facebook-fan-page-widget-c912d868bff6df29fc1013dc04c342d0.yaml new file mode 100644 index 0000000000..8f740935c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-fan-page-widget-c912d868bff6df29fc1013dc04c342d0.yaml @@ -0,0 +1,58 @@ +id: facebook-fan-page-widget-c912d868bff6df29fc1013dc04c342d0 + +info: + name: > + Fan Page Widget by ThemeNcode <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b66ef488-0efe-43dd-8938-a1881ed2560a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-fan-page-widget/" + google-query: inurl:"/wp-content/plugins/facebook-fan-page-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-fan-page-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-fan-page-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-fan-page-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-for-woocommerce-9534faef8d85288ee99452de6c7c430a.yaml b/nuclei-templates/cve-less/plugins/facebook-for-woocommerce-9534faef8d85288ee99452de6c7c430a.yaml new file mode 100644 index 0000000000..a6b6171255 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-for-woocommerce-9534faef8d85288ee99452de6c7c430a.yaml @@ -0,0 +1,58 @@ +id: facebook-for-woocommerce-9534faef8d85288ee99452de6c7c430a + +info: + name: > + Facebook for WooCommerce <= 1.9.12 - Cross-Site Request Forgery allowing Option Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/655b3a54-34b1-4c1a-a1b5-51d87e3134d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/facebook-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-for-woocommerce-d27b9b5016915435f37e3d3e6a022f76.yaml b/nuclei-templates/cve-less/plugins/facebook-for-woocommerce-d27b9b5016915435f37e3d3e6a022f76.yaml new file mode 100644 index 0000000000..6d5650b7e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-for-woocommerce-d27b9b5016915435f37e3d3e6a022f76.yaml @@ -0,0 +1,58 @@ +id: facebook-for-woocommerce-d27b9b5016915435f37e3d3e6a022f76 + +info: + name: > + Facebook for WooCommerce <= 1.9.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/010df788-42cf-4455-9f5f-b23d03905afb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/facebook-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-like-send-button-3ff2a2ae71a0269c8c6a199dba440423.yaml b/nuclei-templates/cve-less/plugins/facebook-like-send-button-3ff2a2ae71a0269c8c6a199dba440423.yaml new file mode 100644 index 0000000000..0493508e2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-like-send-button-3ff2a2ae71a0269c8c6a199dba440423.yaml @@ -0,0 +1,58 @@ +id: facebook-like-send-button-3ff2a2ae71a0269c8c6a199dba440423 + +info: + name: > + Peadig's Like & Share Button <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d8e0ad2-3cfb-443f-9958-9639d0745dd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-like-send-button/" + google-query: inurl:"/wp-content/plugins/facebook-like-send-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-like-send-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-like-send-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-like-send-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-likebox-widget-and-shortcode-81e5332e3881680e9eac9f42ea7f36ca.yaml b/nuclei-templates/cve-less/plugins/facebook-likebox-widget-and-shortcode-81e5332e3881680e9eac9f42ea7f36ca.yaml new file mode 100644 index 0000000000..60a4b2dec1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-likebox-widget-and-shortcode-81e5332e3881680e9eac9f42ea7f36ca.yaml @@ -0,0 +1,58 @@ +id: facebook-likebox-widget-and-shortcode-81e5332e3881680e9eac9f42ea7f36ca + +info: + name: > + Profile Box Shortcode And Widget <= 1.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b3d68d9-fa82-4be3-8692-39a9dc216d17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-likebox-widget-and-shortcode/" + google-query: inurl:"/wp-content/plugins/facebook-likebox-widget-and-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-likebox-widget-and-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-likebox-widget-and-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-likebox-widget-and-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-members-72f73bf14c806744336e445356e6090f.yaml b/nuclei-templates/cve-less/plugins/facebook-members-72f73bf14c806744336e445356e6090f.yaml new file mode 100644 index 0000000000..b0dc81ac2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-members-72f73bf14c806744336e445356e6090f.yaml @@ -0,0 +1,58 @@ +id: facebook-members-72f73bf14c806744336e445356e6090f + +info: + name: > + Facebook Members < 5.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0652b19c-52c8-4d77-973f-1e93a5ba811c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-members/" + google-query: inurl:"/wp-content/plugins/facebook-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-members,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-page-feed-graph-api-cfdb8d7325e93947d2061002a4b258f4.yaml b/nuclei-templates/cve-less/plugins/facebook-page-feed-graph-api-cfdb8d7325e93947d2061002a4b258f4.yaml new file mode 100644 index 0000000000..3db3ff88ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-page-feed-graph-api-cfdb8d7325e93947d2061002a4b258f4.yaml @@ -0,0 +1,58 @@ +id: facebook-page-feed-graph-api-cfdb8d7325e93947d2061002a4b258f4 + +info: + name: > + Mongoose Page Plugin <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fbb7a39-936b-48f1-97f1-46dc23180b00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-page-feed-graph-api/" + google-query: inurl:"/wp-content/plugins/facebook-page-feed-graph-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-page-feed-graph-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-page-feed-graph-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-page-feed-graph-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-pagelike-widget-f5225829b9851280f9730cc7388f8c93.yaml b/nuclei-templates/cve-less/plugins/facebook-pagelike-widget-f5225829b9851280f9730cc7388f8c93.yaml new file mode 100644 index 0000000000..7119a9c130 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-pagelike-widget-f5225829b9851280f9730cc7388f8c93.yaml @@ -0,0 +1,58 @@ +id: facebook-pagelike-widget-f5225829b9851280f9730cc7388f8c93 + +info: + name: > + Widget for Social Page Feeds <= 6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b08f457-0864-41e0-b45e-cbd597d87752?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-pagelike-widget/" + google-query: inurl:"/wp-content/plugins/facebook-pagelike-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-pagelike-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-pagelike-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-pagelike-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/facebook-wall-and-social-integration-0c15ed5f69fa39b17ef98a0065e40d8c.yaml b/nuclei-templates/cve-less/plugins/facebook-wall-and-social-integration-0c15ed5f69fa39b17ef98a0065e40d8c.yaml new file mode 100644 index 0000000000..d37ff4a826 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/facebook-wall-and-social-integration-0c15ed5f69fa39b17ef98a0065e40d8c.yaml @@ -0,0 +1,58 @@ +id: facebook-wall-and-social-integration-0c15ed5f69fa39b17ef98a0065e40d8c + +info: + name: > + Mitsol Social Post Feed <= 1.10 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86264c7d-d1a5-4f3a-872f-b27a94d796e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/facebook-wall-and-social-integration/" + google-query: inurl:"/wp-content/plugins/facebook-wall-and-social-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,facebook-wall-and-social-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/facebook-wall-and-social-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "facebook-wall-and-social-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/faculty-weekly-schedule-49f7af60a7d6ca8e6785ad7873768f2a.yaml b/nuclei-templates/cve-less/plugins/faculty-weekly-schedule-49f7af60a7d6ca8e6785ad7873768f2a.yaml new file mode 100644 index 0000000000..243cc6c71b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/faculty-weekly-schedule-49f7af60a7d6ca8e6785ad7873768f2a.yaml @@ -0,0 +1,58 @@ +id: faculty-weekly-schedule-49f7af60a7d6ca8e6785ad7873768f2a + +info: + name: > + JQueryFileTree <= 2.1.5 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f20352f-386f-45ab-b719-8a70f5c11b02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/faculty-weekly-schedule/" + google-query: inurl:"/wp-content/plugins/faculty-weekly-schedule/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,faculty-weekly-schedule,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/faculty-weekly-schedule/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "faculty-weekly-schedule" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/falang-32c41bb49a17f6a6d495a0dfbe10790b.yaml b/nuclei-templates/cve-less/plugins/falang-32c41bb49a17f6a6d495a0dfbe10790b.yaml new file mode 100644 index 0000000000..aca50722e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/falang-32c41bb49a17f6a6d495a0dfbe10790b.yaml @@ -0,0 +1,58 @@ +id: falang-32c41bb49a17f6a6d495a0dfbe10790b + +info: + name: > + Falang multilanguage <= 1.3.47 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03c8a13e-7484-40f1-907f-f3a5ace9f7e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/falang/" + google-query: inurl:"/wp-content/plugins/falang/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,falang,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/falang/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "falang" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.47') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/falang-8f62194e57a27510760b3cae99e669fe.yaml b/nuclei-templates/cve-less/plugins/falang-8f62194e57a27510760b3cae99e669fe.yaml new file mode 100644 index 0000000000..18ff5ed369 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/falang-8f62194e57a27510760b3cae99e669fe.yaml @@ -0,0 +1,58 @@ +id: falang-8f62194e57a27510760b3cae99e669fe + +info: + name: > + Falang multilanguage for WordPress <= 1.3.49 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b62949fd-d73f-4c42-82c7-c29986bca1da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/falang/" + google-query: inurl:"/wp-content/plugins/falang/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,falang,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/falang/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "falang" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.49') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/falang-d0610fbd136beeb3618a2a0d3d1b4015.yaml b/nuclei-templates/cve-less/plugins/falang-d0610fbd136beeb3618a2a0d3d1b4015.yaml new file mode 100644 index 0000000000..b0e5f97830 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/falang-d0610fbd136beeb3618a2a0d3d1b4015.yaml @@ -0,0 +1,58 @@ +id: falang-d0610fbd136beeb3618a2a0d3d1b4015 + +info: + name: > + Falang multilanguage <= 1.3.39 - Cross-Site Request Forgery via add_language + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac10b30d-1fe3-46f4-a4fc-fa2acd7f9db4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/falang/" + google-query: inurl:"/wp-content/plugins/falang/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,falang,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/falang/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "falang" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/famethemes-demo-importer-f93b5106a9e7f989d008def1a9504779.yaml b/nuclei-templates/cve-less/plugins/famethemes-demo-importer-f93b5106a9e7f989d008def1a9504779.yaml new file mode 100644 index 0000000000..dddfdca7e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/famethemes-demo-importer-f93b5106a9e7f989d008def1a9504779.yaml @@ -0,0 +1,58 @@ +id: famethemes-demo-importer-f93b5106a9e7f989d008def1a9504779 + +info: + name: > + FameTheme Demo Importer <= 1.1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09f450bb-28c1-4c1e-ae13-afd53759e02f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/famethemes-demo-importer/" + google-query: inurl:"/wp-content/plugins/famethemes-demo-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,famethemes-demo-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/famethemes-demo-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "famethemes-demo-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancier-author-box-7e3662ab11c3565756d75a405c4e3374.yaml b/nuclei-templates/cve-less/plugins/fancier-author-box-7e3662ab11c3565756d75a405c4e3374.yaml new file mode 100644 index 0000000000..e5ca966bc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancier-author-box-7e3662ab11c3565756d75a405c4e3374.yaml @@ -0,0 +1,58 @@ +id: fancier-author-box-7e3662ab11c3565756d75a405c4e3374 + +info: + name: > + Fancier Author Box by ThematoSoup <= 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90706a16-cd71-4040-ab0e-be8649110d3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancier-author-box/" + google-query: inurl:"/wp-content/plugins/fancier-author-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancier-author-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancier-author-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancier-author-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-elementor-flipbox-4eb5559b22a18e9337a5880d5e2f32aa.yaml b/nuclei-templates/cve-less/plugins/fancy-elementor-flipbox-4eb5559b22a18e9337a5880d5e2f32aa.yaml new file mode 100644 index 0000000000..50015a6f89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-elementor-flipbox-4eb5559b22a18e9337a5880d5e2f32aa.yaml @@ -0,0 +1,58 @@ +id: fancy-elementor-flipbox-4eb5559b22a18e9337a5880d5e2f32aa + +info: + name: > + Fancy Elementor Flipbox <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Elementor Flipbox Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c877ac24-a6da-4e61-a669-a0224c9e3bb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-elementor-flipbox/" + google-query: inurl:"/wp-content/plugins/fancy-elementor-flipbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-elementor-flipbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-elementor-flipbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-elementor-flipbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-facebook-comments-0cc8ff0d29654f0f83c0bf1830dddb43.yaml b/nuclei-templates/cve-less/plugins/fancy-facebook-comments-0cc8ff0d29654f0f83c0bf1830dddb43.yaml new file mode 100644 index 0000000000..435611e134 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-facebook-comments-0cc8ff0d29654f0f83c0bf1830dddb43.yaml @@ -0,0 +1,58 @@ +id: fancy-facebook-comments-0cc8ff0d29654f0f83c0bf1830dddb43 + +info: + name: > + Fancy Comments WordPress <= 1.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21597f22-2690-4a3d-965f-bc99326b7e64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-facebook-comments/" + google-query: inurl:"/wp-content/plugins/fancy-facebook-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-facebook-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-facebook-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-facebook-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-facebook-comments-cedfa6f88d2bc9a6561954401e5a9b61.yaml b/nuclei-templates/cve-less/plugins/fancy-facebook-comments-cedfa6f88d2bc9a6561954401e5a9b61.yaml new file mode 100644 index 0000000000..2213d77efb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-facebook-comments-cedfa6f88d2bc9a6561954401e5a9b61.yaml @@ -0,0 +1,58 @@ +id: fancy-facebook-comments-cedfa6f88d2bc9a6561954401e5a9b61 + +info: + name: > + WordPress Fancy Comments <= 1.2.10 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2508adc4-2a2f-4b6c-9b5a-da85d94226a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-facebook-comments/" + google-query: inurl:"/wp-content/plugins/fancy-facebook-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-facebook-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-facebook-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-facebook-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-gallery-d80de73f9f6546e4a52cda1c1451f11a.yaml b/nuclei-templates/cve-less/plugins/fancy-gallery-d80de73f9f6546e4a52cda1c1451f11a.yaml new file mode 100644 index 0000000000..538f0f8ddd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-gallery-d80de73f9f6546e4a52cda1c1451f11a.yaml @@ -0,0 +1,58 @@ +id: fancy-gallery-d80de73f9f6546e4a52cda1c1451f11a + +info: + name: > + Gallery Manager <= 1.5.12 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26766830-c772-46a3-a045-7bfbb530b50a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-gallery/" + google-query: inurl:"/wp-content/plugins/fancy-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-product-designer-16fc618536c8b0d70612472b29c155c9.yaml b/nuclei-templates/cve-less/plugins/fancy-product-designer-16fc618536c8b0d70612472b29c155c9.yaml new file mode 100644 index 0000000000..4e8056a7dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-product-designer-16fc618536c8b0d70612472b29c155c9.yaml @@ -0,0 +1,58 @@ +id: fancy-product-designer-16fc618536c8b0d70612472b29c155c9 + +info: + name: > + Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/232a274f-c194-4c5b-a1a8-899a822e47fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-product-designer/" + google-query: inurl:"/wp-content/plugins/fancy-product-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-product-designer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-product-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-product-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-product-designer-39de068f6a175124d260efb8485f212d.yaml b/nuclei-templates/cve-less/plugins/fancy-product-designer-39de068f6a175124d260efb8485f212d.yaml new file mode 100644 index 0000000000..54ccdda0bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-product-designer-39de068f6a175124d260efb8485f212d.yaml @@ -0,0 +1,58 @@ +id: fancy-product-designer-39de068f6a175124d260efb8485f212d + +info: + name: > + Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/644624d8-c193-4ee6-bc82-7ccda5d7f2ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-product-designer/" + google-query: inurl:"/wp-content/plugins/fancy-product-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-product-designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-product-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-product-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-product-designer-4db617a8e70c447eb683850e9e2a4ba2.yaml b/nuclei-templates/cve-less/plugins/fancy-product-designer-4db617a8e70c447eb683850e9e2a4ba2.yaml new file mode 100644 index 0000000000..927a92955a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-product-designer-4db617a8e70c447eb683850e9e2a4ba2.yaml @@ -0,0 +1,58 @@ +id: fancy-product-designer-4db617a8e70c447eb683850e9e2a4ba2 + +info: + name: > + Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-product-designer/" + google-query: inurl:"/wp-content/plugins/fancy-product-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-product-designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-product-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-product-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-product-designer-4e867da6f1b40e5f079dbf8385eca830.yaml b/nuclei-templates/cve-less/plugins/fancy-product-designer-4e867da6f1b40e5f079dbf8385eca830.yaml new file mode 100644 index 0000000000..5037d9a973 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-product-designer-4e867da6f1b40e5f079dbf8385eca830.yaml @@ -0,0 +1,58 @@ +id: fancy-product-designer-4e867da6f1b40e5f079dbf8385eca830 + +info: + name: > + Fancy Product Designer <= 6.1.4 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7167a731-8677-4ae2-a790-00a8295c9191?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-product-designer/" + google-query: inurl:"/wp-content/plugins/fancy-product-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-product-designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-product-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-product-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-product-designer-9feb5154944f3d4b90bd9e0974af5d4e.yaml b/nuclei-templates/cve-less/plugins/fancy-product-designer-9feb5154944f3d4b90bd9e0974af5d4e.yaml new file mode 100644 index 0000000000..3dca5377a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-product-designer-9feb5154944f3d4b90bd9e0974af5d4e.yaml @@ -0,0 +1,58 @@ +id: fancy-product-designer-9feb5154944f3d4b90bd9e0974af5d4e + +info: + name: > + Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via Product Title + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f032d32-9e7d-4510-b4ea-4b57c0b80977?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-product-designer/" + google-query: inurl:"/wp-content/plugins/fancy-product-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-product-designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-product-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-product-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.1.81') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-product-designer-af9dbe3dcd6f267d4b1ed941cf9ecbc0.yaml b/nuclei-templates/cve-less/plugins/fancy-product-designer-af9dbe3dcd6f267d4b1ed941cf9ecbc0.yaml new file mode 100644 index 0000000000..1cc95fa538 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-product-designer-af9dbe3dcd6f267d4b1ed941cf9ecbc0.yaml @@ -0,0 +1,58 @@ +id: fancy-product-designer-af9dbe3dcd6f267d4b1ed941cf9ecbc0 + +info: + name: > + Fancy Product Designer <= 6.1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d23ac5df-3331-47e0-94b7-53ac8f228935?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-product-designer/" + google-query: inurl:"/wp-content/plugins/fancy-product-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-product-designer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-product-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-product-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-product-designer-d07dd36048efbcee10cf1bb88265d662.yaml b/nuclei-templates/cve-less/plugins/fancy-product-designer-d07dd36048efbcee10cf1bb88265d662.yaml new file mode 100644 index 0000000000..b28b6268b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-product-designer-d07dd36048efbcee10cf1bb88265d662.yaml @@ -0,0 +1,58 @@ +id: fancy-product-designer-d07dd36048efbcee10cf1bb88265d662 + +info: + name: > + Fancy Product Designer <= 4.6.8 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bb4674e-71e4-43db-ad9e-36ab15432149?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-product-designer/" + google-query: inurl:"/wp-content/plugins/fancy-product-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-product-designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-product-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-product-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-product-designer-d8e9444efeb93debc442fb77c567fbad.yaml b/nuclei-templates/cve-less/plugins/fancy-product-designer-d8e9444efeb93debc442fb77c567fbad.yaml new file mode 100644 index 0000000000..48d7ad229f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-product-designer-d8e9444efeb93debc442fb77c567fbad.yaml @@ -0,0 +1,58 @@ +id: fancy-product-designer-d8e9444efeb93debc442fb77c567fbad + +info: + name: > + Fancy Product Designer <= 4.7.4 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17dd97b6-a186-4351-b08b-1eff696e25b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-product-designer/" + google-query: inurl:"/wp-content/plugins/fancy-product-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-product-designer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-product-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-product-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancy-product-designer-fccc44e164a0cbb0e0c232ae976cbb5f.yaml b/nuclei-templates/cve-less/plugins/fancy-product-designer-fccc44e164a0cbb0e0c232ae976cbb5f.yaml new file mode 100644 index 0000000000..20c2750faf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancy-product-designer-fccc44e164a0cbb0e0c232ae976cbb5f.yaml @@ -0,0 +1,58 @@ +id: fancy-product-designer-fccc44e164a0cbb0e0c232ae976cbb5f + +info: + name: > + Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting via License Field + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eda538ef-c053-4347-b345-d5d03db25a01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancy-product-designer/" + google-query: inurl:"/wp-content/plugins/fancy-product-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancy-product-designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancy-product-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancy-product-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.1.81') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancybox-for-wordpress-b8e3a07576df90727675ec278a1f9eb2.yaml b/nuclei-templates/cve-less/plugins/fancybox-for-wordpress-b8e3a07576df90727675ec278a1f9eb2.yaml new file mode 100644 index 0000000000..a26300647e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancybox-for-wordpress-b8e3a07576df90727675ec278a1f9eb2.yaml @@ -0,0 +1,58 @@ +id: fancybox-for-wordpress-b8e3a07576df90727675ec278a1f9eb2 + +info: + name: > + FancyBox for WordPress <= 3.0.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/646e3a57-92e1-4502-a0dd-8921e99cfe2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancybox-for-wordpress/" + google-query: inurl:"/wp-content/plugins/fancybox-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancybox-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancybox-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancybox-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancybox-for-wordpress-f5917cabea5f4d2844b07d04e1880958.yaml b/nuclei-templates/cve-less/plugins/fancybox-for-wordpress-f5917cabea5f4d2844b07d04e1880958.yaml new file mode 100644 index 0000000000..c6d6448bb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancybox-for-wordpress-f5917cabea5f4d2844b07d04e1880958.yaml @@ -0,0 +1,58 @@ +id: fancybox-for-wordpress-f5917cabea5f4d2844b07d04e1880958 + +info: + name: > + FancyBox for WordPress 3.0.2 - 3.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55f8d7e6-7bcd-4556-932b-7bf422db0b39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancybox-for-wordpress/" + google-query: inurl:"/wp-content/plugins/fancybox-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancybox-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancybox-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancybox-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.2', '<= 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fancyflickr-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/fancyflickr-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..4a03d39f2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fancyflickr-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: fancyflickr-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fancyflickr/" + google-query: inurl:"/wp-content/plugins/fancyflickr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fancyflickr,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fancyflickr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fancyflickr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fantastic-content-protector-free-36f733a53254d69782057e16be93c1ec.yaml b/nuclei-templates/cve-less/plugins/fantastic-content-protector-free-36f733a53254d69782057e16be93c1ec.yaml new file mode 100644 index 0000000000..8f066a5808 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fantastic-content-protector-free-36f733a53254d69782057e16be93c1ec.yaml @@ -0,0 +1,58 @@ +id: fantastic-content-protector-free-36f733a53254d69782057e16be93c1ec + +info: + name: > + Fantastic Content Protector Free <= 2.6 - Missing Authorization via update_setting_fantastic_content_protector + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b93f8036-4a89-45e6-b86f-9d57e1662a35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fantastic-content-protector-free/" + google-query: inurl:"/wp-content/plugins/fantastic-content-protector-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fantastic-content-protector-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fantastic-content-protector-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fantastic-content-protector-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/faq-builder-ays-050ac633edcdd8103878bb1a391274ca.yaml b/nuclei-templates/cve-less/plugins/faq-builder-ays-050ac633edcdd8103878bb1a391274ca.yaml new file mode 100644 index 0000000000..9205729374 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/faq-builder-ays-050ac633edcdd8103878bb1a391274ca.yaml @@ -0,0 +1,58 @@ +id: faq-builder-ays-050ac633edcdd8103878bb1a391274ca + +info: + name: > + FAQ Builder AYS <= 1.3.5 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0a2a379-bd33-4c7d-8b79-e48a2df7e281?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/faq-builder-ays/" + google-query: inurl:"/wp-content/plugins/faq-builder-ays/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,faq-builder-ays,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/faq-builder-ays/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "faq-builder-ays" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/faq-for-woocommerce-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/faq-for-woocommerce-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..f93a952734 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/faq-for-woocommerce-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: faq-for-woocommerce-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/faq-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/faq-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,faq-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/faq-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "faq-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/far-future-expiry-header-77b48f1e08249dfc6423fc64fae31250.yaml b/nuclei-templates/cve-less/plugins/far-future-expiry-header-77b48f1e08249dfc6423fc64fae31250.yaml new file mode 100644 index 0000000000..4a5779f40d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/far-future-expiry-header-77b48f1e08249dfc6423fc64fae31250.yaml @@ -0,0 +1,58 @@ +id: far-future-expiry-header-77b48f1e08249dfc6423fc64fae31250 + +info: + name: > + Far Future Expiry Header <= 1.4 - Plugin's Settings Update via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68e6675e-b9f4-41e5-8ebf-abab53f5d542?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/far-future-expiry-header/" + google-query: inurl:"/wp-content/plugins/far-future-expiry-header/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,far-future-expiry-header,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/far-future-expiry-header/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "far-future-expiry-header" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fareharbor-64d859df68bf3f0a0838ef413ae7d21e.yaml b/nuclei-templates/cve-less/plugins/fareharbor-64d859df68bf3f0a0838ef413ae7d21e.yaml new file mode 100644 index 0000000000..6bc06018c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fareharbor-64d859df68bf3f0a0838ef413ae7d21e.yaml @@ -0,0 +1,58 @@ +id: fareharbor-64d859df68bf3f0a0838ef413ae7d21e + +info: + name: > + FareHarbor for WordPress <= 3.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42ad6fef-4280-45db-a3e2-6d7522751fa7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fareharbor/" + google-query: inurl:"/wp-content/plugins/fareharbor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fareharbor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fareharbor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fareharbor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fareharbor-bb190962067ba33976cc3f88e434b44c.yaml b/nuclei-templates/cve-less/plugins/fareharbor-bb190962067ba33976cc3f88e434b44c.yaml new file mode 100644 index 0000000000..a965c98f07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fareharbor-bb190962067ba33976cc3f88e434b44c.yaml @@ -0,0 +1,58 @@ +id: fareharbor-bb190962067ba33976cc3f88e434b44c + +info: + name: > + FareHarbor for WordPress <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b40165b-17e3-4b87-8d0d-90d60ba4bf81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fareharbor/" + google-query: inurl:"/wp-content/plugins/fareharbor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fareharbor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fareharbor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fareharbor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fast-custom-social-share-by-codebard-67c3c53f919818b53462cf301e3b0e2a.yaml b/nuclei-templates/cve-less/plugins/fast-custom-social-share-by-codebard-67c3c53f919818b53462cf301e3b0e2a.yaml new file mode 100644 index 0000000000..2ddf3db261 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fast-custom-social-share-by-codebard-67c3c53f919818b53462cf301e3b0e2a.yaml @@ -0,0 +1,58 @@ +id: fast-custom-social-share-by-codebard-67c3c53f919818b53462cf301e3b0e2a + +info: + name: > + Fast Custom Social Share by CodeBard <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3eece451-65a3-4c9d-a8eb-05f6f3e2d1d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fast-custom-social-share-by-codebard/" + google-query: inurl:"/wp-content/plugins/fast-custom-social-share-by-codebard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fast-custom-social-share-by-codebard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fast-custom-social-share-by-codebard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fast-custom-social-share-by-codebard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fast-flow-dashboard-02b84b42a8b3e6e7dc009b5046e38b5a.yaml b/nuclei-templates/cve-less/plugins/fast-flow-dashboard-02b84b42a8b3e6e7dc009b5046e38b5a.yaml new file mode 100644 index 0000000000..8aded987dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fast-flow-dashboard-02b84b42a8b3e6e7dc009b5046e38b5a.yaml @@ -0,0 +1,58 @@ +id: fast-flow-dashboard-02b84b42a8b3e6e7dc009b5046e38b5a + +info: + name: > + Fast Flow <= 1.2.10 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39bbe18a-0212-4bfe-861f-2a213d67baec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fast-flow-dashboard/" + google-query: inurl:"/wp-content/plugins/fast-flow-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fast-flow-dashboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fast-flow-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fast-flow-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fast-flow-dashboard-b95feef4ddcb37164d4f7af73136c4f2.yaml b/nuclei-templates/cve-less/plugins/fast-flow-dashboard-b95feef4ddcb37164d4f7af73136c4f2.yaml new file mode 100644 index 0000000000..6f240756ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fast-flow-dashboard-b95feef4ddcb37164d4f7af73136c4f2.yaml @@ -0,0 +1,58 @@ +id: fast-flow-dashboard-b95feef4ddcb37164d4f7af73136c4f2 + +info: + name: > + Fast Flow <= 1.2.12 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1eeea385-734c-4403-8886-e3ad6dc47140?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fast-flow-dashboard/" + google-query: inurl:"/wp-content/plugins/fast-flow-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fast-flow-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fast-flow-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fast-flow-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fast-image-adder-de501746396265e937381399a0559403.yaml b/nuclei-templates/cve-less/plugins/fast-image-adder-de501746396265e937381399a0559403.yaml new file mode 100644 index 0000000000..e64971fae7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fast-image-adder-de501746396265e937381399a0559403.yaml @@ -0,0 +1,58 @@ +id: fast-image-adder-de501746396265e937381399a0559403 + +info: + name: > + Fast Image Adder < 1.2 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a330f907-37d5-484c-94c5-b8d191796cd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fast-image-adder/" + google-query: inurl:"/wp-content/plugins/fast-image-adder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fast-image-adder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fast-image-adder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fast-image-adder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fast-search-powered-by-solr-10798c3024f1dbe228591af7cfe4af9e.yaml b/nuclei-templates/cve-less/plugins/fast-search-powered-by-solr-10798c3024f1dbe228591af7cfe4af9e.yaml new file mode 100644 index 0000000000..b27a57b166 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fast-search-powered-by-solr-10798c3024f1dbe228591af7cfe4af9e.yaml @@ -0,0 +1,58 @@ +id: fast-search-powered-by-solr-10798c3024f1dbe228591af7cfe4af9e + +info: + name: > + Sunny Search <= 1.0.2 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f1902e7-66e9-417f-97ba-4db766cf29f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fast-search-powered-by-solr/" + google-query: inurl:"/wp-content/plugins/fast-search-powered-by-solr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fast-search-powered-by-solr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fast-search-powered-by-solr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fast-search-powered-by-solr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fast-search-powered-by-solr-6c441629c885cb1da3fc16e4bca4f23b.yaml b/nuclei-templates/cve-less/plugins/fast-search-powered-by-solr-6c441629c885cb1da3fc16e4bca4f23b.yaml new file mode 100644 index 0000000000..c1be6383d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fast-search-powered-by-solr-6c441629c885cb1da3fc16e4bca4f23b.yaml @@ -0,0 +1,58 @@ +id: fast-search-powered-by-solr-6c441629c885cb1da3fc16e4bca4f23b + +info: + name: > + Sunny Search <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b977e3f8-46e7-4294-ab5c-e42e81c900e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fast-search-powered-by-solr/" + google-query: inurl:"/wp-content/plugins/fast-search-powered-by-solr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fast-search-powered-by-solr,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fast-search-powered-by-solr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fast-search-powered-by-solr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fast-velocity-minify-eaab2de07f74987f7d28979a545e7860.yaml b/nuclei-templates/cve-less/plugins/fast-velocity-minify-eaab2de07f74987f7d28979a545e7860.yaml new file mode 100644 index 0000000000..c0c129c2fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fast-velocity-minify-eaab2de07f74987f7d28979a545e7860.yaml @@ -0,0 +1,58 @@ +id: fast-velocity-minify-eaab2de07f74987f7d28979a545e7860 + +info: + name: > + Fast Velocity Minify <= 2.7.6 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea13aebb-c853-4828-8d7f-b607aa83b702?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fast-velocity-minify/" + google-query: inurl:"/wp-content/plugins/fast-velocity-minify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fast-velocity-minify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fast-velocity-minify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fast-velocity-minify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fast-wp-speed-3cef17acd88883b32927f0569aa64da5.yaml b/nuclei-templates/cve-less/plugins/fast-wp-speed-3cef17acd88883b32927f0569aa64da5.yaml new file mode 100644 index 0000000000..a1540239e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fast-wp-speed-3cef17acd88883b32927f0569aa64da5.yaml @@ -0,0 +1,58 @@ +id: fast-wp-speed-3cef17acd88883b32927f0569aa64da5 + +info: + name: > + Fast WP Speed <= 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd5a3d4b-6e8b-4abe-9f38-58accada2f57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fast-wp-speed/" + google-query: inurl:"/wp-content/plugins/fast-wp-speed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fast-wp-speed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fast-wp-speed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fast-wp-speed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fastdup-039ae8d5d3a67b23c1725f1bdffda73f.yaml b/nuclei-templates/cve-less/plugins/fastdup-039ae8d5d3a67b23c1725f1bdffda73f.yaml new file mode 100644 index 0000000000..f23067c501 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fastdup-039ae8d5d3a67b23c1725f1bdffda73f.yaml @@ -0,0 +1,58 @@ +id: fastdup-039ae8d5d3a67b23c1725f1bdffda73f + +info: + name: > + FastDup <= 2.1.9 - Sensitive Information Exposure via Directory Listing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fb646c4-6269-4354-b3a6-872c6303a6d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fastdup/" + google-query: inurl:"/wp-content/plugins/fastdup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fastdup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fastdup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fastdup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fastdup-3f7e597b394edb376b06e6e36b03a12d.yaml b/nuclei-templates/cve-less/plugins/fastdup-3f7e597b394edb376b06e6e36b03a12d.yaml new file mode 100644 index 0000000000..2450483779 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fastdup-3f7e597b394edb376b06e6e36b03a12d.yaml @@ -0,0 +1,58 @@ +id: fastdup-3f7e597b394edb376b06e6e36b03a12d + +info: + name: > + FastDup <= 2.1.7 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8261317-462b-49c5-9526-20b695895e49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fastdup/" + google-query: inurl:"/wp-content/plugins/fastdup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fastdup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fastdup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fastdup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fastly-c285ca083315515fededeb2a0a197394.yaml b/nuclei-templates/cve-less/plugins/fastly-c285ca083315515fededeb2a0a197394.yaml new file mode 100644 index 0000000000..2fb004ee3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fastly-c285ca083315515fededeb2a0a197394.yaml @@ -0,0 +1,58 @@ +id: fastly-c285ca083315515fededeb2a0a197394 + +info: + name: > + Fastly <= 0.97 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0042d5ba-62de-404e-9516-67cae618f684?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fastly/" + google-query: inurl:"/wp-content/plugins/fastly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fastly,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fastly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fastly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.97') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fat-rat-collect-c3880379f0826cf949058267ed182aec.yaml b/nuclei-templates/cve-less/plugins/fat-rat-collect-c3880379f0826cf949058267ed182aec.yaml new file mode 100644 index 0000000000..c0ece65bf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fat-rat-collect-c3880379f0826cf949058267ed182aec.yaml @@ -0,0 +1,58 @@ +id: fat-rat-collect-c3880379f0826cf949058267ed182aec + +info: + name: > + Fat Rat Collect <= 2.6.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/279cebb5-4be4-485a-92c7-e0bcc961f93e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fat-rat-collect/" + google-query: inurl:"/wp-content/plugins/fat-rat-collect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fat-rat-collect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fat-rat-collect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fat-rat-collect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fatal-error-notify-e34616bfa39928844a257bee23d26881.yaml b/nuclei-templates/cve-less/plugins/fatal-error-notify-e34616bfa39928844a257bee23d26881.yaml new file mode 100644 index 0000000000..621494a3b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fatal-error-notify-e34616bfa39928844a257bee23d26881.yaml @@ -0,0 +1,58 @@ +id: fatal-error-notify-e34616bfa39928844a257bee23d26881 + +info: + name: > + Fatal Error Notify <= 1.5.2 - Missing Authorization to Test Error Email Sending + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50499cd6-0e27-494a-892c-5ca827d4433b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fatal-error-notify/" + google-query: inurl:"/wp-content/plugins/fatal-error-notify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fatal-error-notify,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fatal-error-notify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fatal-error-notify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fathom-analytics-b1767ac6c4058810b3f215f7aa0668ab.yaml b/nuclei-templates/cve-less/plugins/fathom-analytics-b1767ac6c4058810b3f215f7aa0668ab.yaml new file mode 100644 index 0000000000..52a82634e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fathom-analytics-b1767ac6c4058810b3f215f7aa0668ab.yaml @@ -0,0 +1,58 @@ +id: fathom-analytics-b1767ac6c4058810b3f215f7aa0668ab + +info: + name: > + Fathom Analytics <= 3.0.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/728cec6e-a246-4e2c-a906-750518bae0a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fathom-analytics/" + google-query: inurl:"/wp-content/plugins/fathom-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fathom-analytics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fathom-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fathom-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fattura24-0997377af0d71afd8bec87a13519fcf6.yaml b/nuclei-templates/cve-less/plugins/fattura24-0997377af0d71afd8bec87a13519fcf6.yaml new file mode 100644 index 0000000000..cd9cb5c368 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fattura24-0997377af0d71afd8bec87a13519fcf6.yaml @@ -0,0 +1,58 @@ +id: fattura24-0997377af0d71afd8bec87a13519fcf6 + +info: + name: > + Fattura24 <= 6.2.7 - Reflected Cross-Site Scripting via 'id' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a19bff99-b680-40a6-8a5c-7a0233b293ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fattura24/" + google-query: inurl:"/wp-content/plugins/fattura24/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fattura24,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fattura24/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fattura24" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-04adb1c439e43352ed4b6cca99f5cd66.yaml b/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-04adb1c439e43352ed4b6cca99f5cd66.yaml new file mode 100644 index 0000000000..85be978a61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-04adb1c439e43352ed4b6cca99f5cd66.yaml @@ -0,0 +1,58 @@ +id: favicon-by-realfavicongenerator-04adb1c439e43352ed4b6cca99f5cd66 + +info: + name: > + Favicon by RealFaviconGenerator <= 1.3.22 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ebc4c47-a286-4135-90ee-eccad8579661?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/favicon-by-realfavicongenerator/" + google-query: inurl:"/wp-content/plugins/favicon-by-realfavicongenerator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,favicon-by-realfavicongenerator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/favicon-by-realfavicongenerator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "favicon-by-realfavicongenerator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-2a790c8bfc2f91a748cff8286de5f526.yaml b/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-2a790c8bfc2f91a748cff8286de5f526.yaml new file mode 100644 index 0000000000..f5a47aeb52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-2a790c8bfc2f91a748cff8286de5f526.yaml @@ -0,0 +1,58 @@ +id: favicon-by-realfavicongenerator-2a790c8bfc2f91a748cff8286de5f526 + +info: + name: > + Favicon by RealFaviconGenerator <= 1.2.12 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b78e1e8-2298-4889-955c-e9b7472ffbff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/favicon-by-realfavicongenerator/" + google-query: inurl:"/wp-content/plugins/favicon-by-realfavicongenerator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,favicon-by-realfavicongenerator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/favicon-by-realfavicongenerator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "favicon-by-realfavicongenerator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-c944b74833c9d564f3c694b934416df0.yaml b/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-c944b74833c9d564f3c694b934416df0.yaml new file mode 100644 index 0000000000..1b49208a16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-c944b74833c9d564f3c694b934416df0.yaml @@ -0,0 +1,58 @@ +id: favicon-by-realfavicongenerator-c944b74833c9d564f3c694b934416df0 + +info: + name: > + Favicon by RealFaviconGenerator <= 1.3.21 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b14cada2-5d04-47a1-b648-048fcbabd2b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/favicon-by-realfavicongenerator/" + google-query: inurl:"/wp-content/plugins/favicon-by-realfavicongenerator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,favicon-by-realfavicongenerator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/favicon-by-realfavicongenerator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "favicon-by-realfavicongenerator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-d2c74ce8c17fcc02d9a06b8743990dd7.yaml b/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-d2c74ce8c17fcc02d9a06b8743990dd7.yaml new file mode 100644 index 0000000000..e63f84099d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/favicon-by-realfavicongenerator-d2c74ce8c17fcc02d9a06b8743990dd7.yaml @@ -0,0 +1,58 @@ +id: favicon-by-realfavicongenerator-d2c74ce8c17fcc02d9a06b8743990dd7 + +info: + name: > + Favicon <= 1.3.29 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a5d59da-dcac-44b4-a697-38eef650c6de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/favicon-by-realfavicongenerator/" + google-query: inurl:"/wp-content/plugins/favicon-by-realfavicongenerator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,favicon-by-realfavicongenerator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/favicon-by-realfavicongenerator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "favicon-by-realfavicongenerator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/favicon-rotator-7a9bf969e6086f1f35cf7f6bd6e6d0d3.yaml b/nuclei-templates/cve-less/plugins/favicon-rotator-7a9bf969e6086f1f35cf7f6bd6e6d0d3.yaml new file mode 100644 index 0000000000..58ce931bc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/favicon-rotator-7a9bf969e6086f1f35cf7f6bd6e6d0d3.yaml @@ -0,0 +1,58 @@ +id: favicon-rotator-7a9bf969e6086f1f35cf7f6bd6e6d0d3 + +info: + name: > + Favicon Rotator <= 1.2.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4197dd30-bfd8-4d6c-80f5-b13e3844adf8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/favicon-rotator/" + google-query: inurl:"/wp-content/plugins/favicon-rotator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,favicon-rotator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/favicon-rotator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "favicon-rotator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/favicon-switcher-0f224f68bb34d36af769db2549696ba9.yaml b/nuclei-templates/cve-less/plugins/favicon-switcher-0f224f68bb34d36af769db2549696ba9.yaml new file mode 100644 index 0000000000..a6cb94c42e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/favicon-switcher-0f224f68bb34d36af769db2549696ba9.yaml @@ -0,0 +1,58 @@ +id: favicon-switcher-0f224f68bb34d36af769db2549696ba9 + +info: + name: > + FavIcon Switcher <= 1.2.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e900c98-5ab1-4674-b820-553c44df7c02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/favicon-switcher/" + google-query: inurl:"/wp-content/plugins/favicon-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,favicon-switcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/favicon-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "favicon-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/favorites-46a2cdc68c7e07f12ed856fe3a47afc0.yaml b/nuclei-templates/cve-less/plugins/favorites-46a2cdc68c7e07f12ed856fe3a47afc0.yaml new file mode 100644 index 0000000000..ac87370593 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/favorites-46a2cdc68c7e07f12ed856fe3a47afc0.yaml @@ -0,0 +1,58 @@ +id: favorites-46a2cdc68c7e07f12ed856fe3a47afc0 + +info: + name: > + Favorites <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38a87046-9a46-40c2-b10d-d1a7d5ef8742?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/favorites/" + google-query: inurl:"/wp-content/plugins/favorites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,favorites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/favorites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "favorites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/favorites-f2c467fe9ec6884b9a3fd8b065881ed3.yaml b/nuclei-templates/cve-less/plugins/favorites-f2c467fe9ec6884b9a3fd8b065881ed3.yaml new file mode 100644 index 0000000000..e4564eaaec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/favorites-f2c467fe9ec6884b9a3fd8b065881ed3.yaml @@ -0,0 +1,58 @@ +id: favorites-f2c467fe9ec6884b9a3fd8b065881ed3 + +info: + name: > + Favorites <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bd03cd0-34f0-491c-8247-79656eba32a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/favorites/" + google-query: inurl:"/wp-content/plugins/favorites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,favorites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/favorites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "favorites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fbgorilla-b397f1751be329a0c2dee713557b74c5.yaml b/nuclei-templates/cve-less/plugins/fbgorilla-b397f1751be329a0c2dee713557b74c5.yaml new file mode 100644 index 0000000000..6600b17cd4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fbgorilla-b397f1751be329a0c2dee713557b74c5.yaml @@ -0,0 +1,58 @@ +id: fbgorilla-b397f1751be329a0c2dee713557b74c5 + +info: + name: > + FBGorilla (All Versions) - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7183288f-47f1-477b-974d-e5e21c170d0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fbgorilla/" + google-query: inurl:"/wp-content/plugins/fbgorilla/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fbgorilla,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fbgorilla/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fbgorilla" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fbpromotions-26cfa8bd44fa751562e056cb1d39d345.yaml b/nuclei-templates/cve-less/plugins/fbpromotions-26cfa8bd44fa751562e056cb1d39d345.yaml new file mode 100644 index 0000000000..4c54251cf4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fbpromotions-26cfa8bd44fa751562e056cb1d39d345.yaml @@ -0,0 +1,58 @@ +id: fbpromotions-26cfa8bd44fa751562e056cb1d39d345 + +info: + name: > + Bugs Go Viral : Facebook Promotion Generator <= 1.3.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9259875-c63f-48ed-a3c8-4d6d0ffe8004?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fbpromotions/" + google-query: inurl:"/wp-content/plugins/fbpromotions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fbpromotions,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fbpromotions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fbpromotions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fcchat-50a85ccbd8f65581857b36c230e78a0e.yaml b/nuclei-templates/cve-less/plugins/fcchat-50a85ccbd8f65581857b36c230e78a0e.yaml new file mode 100644 index 0000000000..330fb9888b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fcchat-50a85ccbd8f65581857b36c230e78a0e.yaml @@ -0,0 +1,58 @@ +id: fcchat-50a85ccbd8f65581857b36c230e78a0e + +info: + name: > + FCChat Widget < 2.2.13.7 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e849fb-76e0-427a-8e05-d340add1c150?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fcchat/" + google-query: inurl:"/wp-content/plugins/fcchat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fcchat,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fcchat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fcchat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.13.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fd-elementor-imagebox-c24b6fa8b7a5214338fb56e211d63730.yaml b/nuclei-templates/cve-less/plugins/fd-elementor-imagebox-c24b6fa8b7a5214338fb56e211d63730.yaml new file mode 100644 index 0000000000..44fd7af515 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fd-elementor-imagebox-c24b6fa8b7a5214338fb56e211d63730.yaml @@ -0,0 +1,58 @@ +id: fd-elementor-imagebox-c24b6fa8b7a5214338fb56e211d63730 + +info: + name: > + Elementor ImageBox <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e24c8f4-32c9-4c21-88d9-588913cbb474?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fd-elementor-imagebox/" + google-query: inurl:"/wp-content/plugins/fd-elementor-imagebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fd-elementor-imagebox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fd-elementor-imagebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fd-elementor-imagebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feather-login-page-466b2b2c45e70711b7c7f49150c81d51.yaml b/nuclei-templates/cve-less/plugins/feather-login-page-466b2b2c45e70711b7c7f49150c81d51.yaml new file mode 100644 index 0000000000..9b664f2ff1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feather-login-page-466b2b2c45e70711b7c7f49150c81d51.yaml @@ -0,0 +1,58 @@ +id: feather-login-page-466b2b2c45e70711b7c7f49150c81d51 + +info: + name: > + Feather Login Page <= 1.1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1a85bc2-0b00-4635-86f6-26e96cc0616e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feather-login-page/" + google-query: inurl:"/wp-content/plugins/feather-login-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feather-login-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feather-login-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feather-login-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feather-login-page-5f677e9c4742e755f3a729c6304d8024.yaml b/nuclei-templates/cve-less/plugins/feather-login-page-5f677e9c4742e755f3a729c6304d8024.yaml new file mode 100644 index 0000000000..86e867a23e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feather-login-page-5f677e9c4742e755f3a729c6304d8024.yaml @@ -0,0 +1,58 @@ +id: feather-login-page-5f677e9c4742e755f3a729c6304d8024 + +info: + name: > + Feather Login Page <= 1.1.5 - Cross-Site Request Forgery via saveData() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89d42a87-6adc-43e6-868f-b9b2c51ed8e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feather-login-page/" + google-query: inurl:"/wp-content/plugins/feather-login-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feather-login-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feather-login-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feather-login-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feather-login-page-a766deff845672c22971718a646cf246.yaml b/nuclei-templates/cve-less/plugins/feather-login-page-a766deff845672c22971718a646cf246.yaml new file mode 100644 index 0000000000..f18aca3f3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feather-login-page-a766deff845672c22971718a646cf246.yaml @@ -0,0 +1,58 @@ +id: feather-login-page-a766deff845672c22971718a646cf246 + +info: + name: > + Feather Login Page 1.0.7 - 1.1.1 - Missing Authorization to Non-Arbitrary User Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d58a6a4-de2c-485f-a8b0-7a7d144fbf3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feather-login-page/" + google-query: inurl:"/wp-content/plugins/feather-login-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feather-login-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feather-login-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feather-login-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.7', '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feather-login-page-a8cea4062eea92bba71d4c0d54416fa2.yaml b/nuclei-templates/cve-less/plugins/feather-login-page-a8cea4062eea92bba71d4c0d54416fa2.yaml new file mode 100644 index 0000000000..d505120ee4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feather-login-page-a8cea4062eea92bba71d4c0d54416fa2.yaml @@ -0,0 +1,58 @@ +id: feather-login-page-a8cea4062eea92bba71d4c0d54416fa2 + +info: + name: > + Feather Login Page 1.0.7 - 1.1.1 - Cross-Site Request Forgery to Privilege Escalation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12560b8e-9c47-4f7f-ac9c-d86f17914ba3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feather-login-page/" + google-query: inurl:"/wp-content/plugins/feather-login-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feather-login-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feather-login-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feather-login-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.7', '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feather-login-page-d93191ee66b814104763b1eec2af5866.yaml b/nuclei-templates/cve-less/plugins/feather-login-page-d93191ee66b814104763b1eec2af5866.yaml new file mode 100644 index 0000000000..d6a8e53186 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feather-login-page-d93191ee66b814104763b1eec2af5866.yaml @@ -0,0 +1,58 @@ +id: feather-login-page-d93191ee66b814104763b1eec2af5866 + +info: + name: > + Feather Login Page 1.0.7 - 1.1.1 - Missing Authorization to Authentication Bypass and Privilege Escalation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ab2178-7438-43ef-961e-b54d0d230f4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feather-login-page/" + google-query: inurl:"/wp-content/plugins/feather-login-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feather-login-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feather-login-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feather-login-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.7', '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feature-comments-785672d467101767144e711ae7fe2d35.yaml b/nuclei-templates/cve-less/plugins/feature-comments-785672d467101767144e711ae7fe2d35.yaml new file mode 100644 index 0000000000..f5ffa30bc3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feature-comments-785672d467101767144e711ae7fe2d35.yaml @@ -0,0 +1,58 @@ +id: feature-comments-785672d467101767144e711ae7fe2d35 + +info: + name: > + Featured Comments < 1.2.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23b5cc65-70d2-46b1-a37a-97af231aff51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feature-comments/" + google-query: inurl:"/wp-content/plugins/feature-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feature-comments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feature-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feature-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feature-comments-80de44f32a39260a4242f01334cdbfd5.yaml b/nuclei-templates/cve-less/plugins/feature-comments-80de44f32a39260a4242f01334cdbfd5.yaml new file mode 100644 index 0000000000..07a66d5609 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feature-comments-80de44f32a39260a4242f01334cdbfd5.yaml @@ -0,0 +1,58 @@ +id: feature-comments-80de44f32a39260a4242f01334cdbfd5 + +info: + name: > + Featured Comments < 1.2.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8107ed0c-c4eb-4704-9261-4e320e10cdb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feature-comments/" + google-query: inurl:"/wp-content/plugins/feature-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feature-comments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feature-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feature-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/featured-image-caption-b18da97ec3842241538c439eaed13219.yaml b/nuclei-templates/cve-less/plugins/featured-image-caption-b18da97ec3842241538c439eaed13219.yaml new file mode 100644 index 0000000000..1a2622bac1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/featured-image-caption-b18da97ec3842241538c439eaed13219.yaml @@ -0,0 +1,58 @@ +id: featured-image-caption-b18da97ec3842241538c439eaed13219 + +info: + name: > + Featured Image Caption <= 0.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c43a88c-6374-414f-97ae-26ba15d75cdc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/featured-image-caption/" + google-query: inurl:"/wp-content/plugins/featured-image-caption/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,featured-image-caption,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-image-caption/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-image-caption" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/featured-image-from-url-3f695144fde56e5e68c9d7f131f8380c.yaml b/nuclei-templates/cve-less/plugins/featured-image-from-url-3f695144fde56e5e68c9d7f131f8380c.yaml new file mode 100644 index 0000000000..025cd605eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/featured-image-from-url-3f695144fde56e5e68c9d7f131f8380c.yaml @@ -0,0 +1,58 @@ +id: featured-image-from-url-3f695144fde56e5e68c9d7f131f8380c + +info: + name: > + Featured Image from URL (FIFU) <= 3.9.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09ed1806-31b9-4851-99b1-a30eef4979a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/featured-image-from-url/" + google-query: inurl:"/wp-content/plugins/featured-image-from-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,featured-image-from-url,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-image-from-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-image-from-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/featured-image-from-url-7420b38eef61601a8533cd300d3acef6.yaml b/nuclei-templates/cve-less/plugins/featured-image-from-url-7420b38eef61601a8533cd300d3acef6.yaml new file mode 100644 index 0000000000..a759155965 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/featured-image-from-url-7420b38eef61601a8533cd300d3acef6.yaml @@ -0,0 +1,58 @@ +id: featured-image-from-url-7420b38eef61601a8533cd300d3acef6 + +info: + name: > + Featured Image from URL (FIFU) <= 4.0.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89ea4709-f637-4932-9dbd-8b3fccab45a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/featured-image-from-url/" + google-query: inurl:"/wp-content/plugins/featured-image-from-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,featured-image-from-url,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-image-from-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-image-from-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/featured-image-from-url-ec1b9ba6cd34426926dd05163ef9cdaf.yaml b/nuclei-templates/cve-less/plugins/featured-image-from-url-ec1b9ba6cd34426926dd05163ef9cdaf.yaml new file mode 100644 index 0000000000..83eabb2e4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/featured-image-from-url-ec1b9ba6cd34426926dd05163ef9cdaf.yaml @@ -0,0 +1,58 @@ +id: featured-image-from-url-ec1b9ba6cd34426926dd05163ef9cdaf + +info: + name: > + Featured Image from URL (FIFU) <= 4.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via fifu_input_url + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d1ea1c5-6a9e-4b77-bfdf-62e50d4a4c03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/featured-image-from-url/" + google-query: inurl:"/wp-content/plugins/featured-image-from-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,featured-image-from-url,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-image-from-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-image-from-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/featured-image-from-url-f05edbcd117bd78991a113d104243207.yaml b/nuclei-templates/cve-less/plugins/featured-image-from-url-f05edbcd117bd78991a113d104243207.yaml new file mode 100644 index 0000000000..16f3909338 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/featured-image-from-url-f05edbcd117bd78991a113d104243207.yaml @@ -0,0 +1,58 @@ +id: featured-image-from-url-f05edbcd117bd78991a113d104243207 + +info: + name: > + Featured Image from URL (FIFU) <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via featured image alt text + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4d5ae93-000e-4001-adfa-c11058032469?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/featured-image-from-url/" + google-query: inurl:"/wp-content/plugins/featured-image-from-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,featured-image-from-url,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-image-from-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-image-from-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/featured-image-pro-03f178f78e73af9717f96f4261197534.yaml b/nuclei-templates/cve-less/plugins/featured-image-pro-03f178f78e73af9717f96f4261197534.yaml new file mode 100644 index 0000000000..6b8a605bfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/featured-image-pro-03f178f78e73af9717f96f4261197534.yaml @@ -0,0 +1,58 @@ +id: featured-image-pro-03f178f78e73af9717f96f4261197534 + +info: + name: > + Featured Image Pro Post Grid <= 5.14 - Reflected Cross-Site Scripting via page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1efb9215-542b-46a1-b358-f3d27339a920?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/featured-image-pro/" + google-query: inurl:"/wp-content/plugins/featured-image-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,featured-image-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-image-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-image-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/featured-post-creative-947aab9c660d0a41bcf7e37fa45491b8.yaml b/nuclei-templates/cve-less/plugins/featured-post-creative-947aab9c660d0a41bcf7e37fa45491b8.yaml new file mode 100644 index 0000000000..aea600d2a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/featured-post-creative-947aab9c660d0a41bcf7e37fa45491b8.yaml @@ -0,0 +1,58 @@ +id: featured-post-creative-947aab9c660d0a41bcf7e37fa45491b8 + +info: + name: > + Featured Post Creative <= 1.2.7 - Missing Authorization via wpfp_update_featured_post + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61585a02-fe7b-4a54-959f-346e4e0d6658?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/featured-post-creative/" + google-query: inurl:"/wp-content/plugins/featured-post-creative/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,featured-post-creative,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-post-creative/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-post-creative" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/featured-post-creative-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/featured-post-creative-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..dafaf9ad95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/featured-post-creative-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: featured-post-creative-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/featured-post-creative/" + google-query: inurl:"/wp-content/plugins/featured-post-creative/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,featured-post-creative,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-post-creative/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-post-creative" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/featured-post-creative-d494024f4c91e4cd37b950448b8c612e.yaml b/nuclei-templates/cve-less/plugins/featured-post-creative-d494024f4c91e4cd37b950448b8c612e.yaml new file mode 100644 index 0000000000..7110e5bc72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/featured-post-creative-d494024f4c91e4cd37b950448b8c612e.yaml @@ -0,0 +1,58 @@ +id: featured-post-creative-d494024f4c91e4cd37b950448b8c612e + +info: + name: > + Featured Post Creative <= 1.2.7 - Cross-Site Request Forgery via wpfp_update_featured_post + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33a47156-ee93-4b59-9f73-56be5c9e3b00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/featured-post-creative/" + google-query: inurl:"/wp-content/plugins/featured-post-creative/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,featured-post-creative,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featured-post-creative/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featured-post-creative" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/featurific-for-wordpress-9bc357ece2cde706b261987c1bf85bfa.yaml b/nuclei-templates/cve-less/plugins/featurific-for-wordpress-9bc357ece2cde706b261987c1bf85bfa.yaml new file mode 100644 index 0000000000..956415325c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/featurific-for-wordpress-9bc357ece2cde706b261987c1bf85bfa.yaml @@ -0,0 +1,58 @@ +id: featurific-for-wordpress-9bc357ece2cde706b261987c1bf85bfa + +info: + name: > + Featurific For WordPress <= 1.6.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b76734b-96ed-4643-b11b-bba0f0f228ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/featurific-for-wordpress/" + google-query: inurl:"/wp-content/plugins/featurific-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,featurific-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/featurific-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "featurific-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-changer-2344762ab01ebc08578d7b685bed6e58.yaml b/nuclei-templates/cve-less/plugins/feed-changer-2344762ab01ebc08578d7b685bed6e58.yaml new file mode 100644 index 0000000000..2e29b30e38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-changer-2344762ab01ebc08578d7b685bed6e58.yaml @@ -0,0 +1,58 @@ +id: feed-changer-2344762ab01ebc08578d7b685bed6e58 + +info: + name: > + Feed Changer <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9198ffe4-2f9e-4d80-9f5d-cf967b3feb43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-changer/" + google-query: inurl:"/wp-content/plugins/feed-changer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-changer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-changer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-changer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-instagram-lite-44a3ea00d7c2ac41df4b3a6ac3cf83ba.yaml b/nuclei-templates/cve-less/plugins/feed-instagram-lite-44a3ea00d7c2ac41df4b3a6ac3cf83ba.yaml new file mode 100644 index 0000000000..053b442829 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-instagram-lite-44a3ea00d7c2ac41df4b3a6ac3cf83ba.yaml @@ -0,0 +1,58 @@ +id: feed-instagram-lite-44a3ea00d7c2ac41df4b3a6ac3cf83ba + +info: + name: > + Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6683edc-8c77-446c-bd7e-e97b8c5d0c57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-instagram-lite/" + google-query: inurl:"/wp-content/plugins/feed-instagram-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-instagram-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-instagram-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-instagram-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-193e887d8efbd63f7ee64b85c4a576a5.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-193e887d8efbd63f7ee64b85c4a576a5.yaml new file mode 100644 index 0000000000..ebf13f4fd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-them-social-193e887d8efbd63f7ee64b85c4a576a5.yaml @@ -0,0 +1,58 @@ +id: feed-them-social-193e887d8efbd63f7ee64b85c4a576a5 + +info: + name: > + Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Subscriber+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d07eefc-f406-4da4-addb-559caa6dc208?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-them-social/" + google-query: inurl:"/wp-content/plugins/feed-them-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-them-social,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-them-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-them-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-2476012a7e618bdb63629cf9e6f2cc39.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-2476012a7e618bdb63629cf9e6f2cc39.yaml new file mode 100644 index 0000000000..ea3b424448 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-them-social-2476012a7e618bdb63629cf9e6f2cc39.yaml @@ -0,0 +1,58 @@ +id: feed-them-social-2476012a7e618bdb63629cf9e6f2cc39 + +info: + name: > + Feed Them Social <= 3.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/736d08ca-3f65-4232-96a9-303bafbf3471?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-them-social/" + google-query: inurl:"/wp-content/plugins/feed-them-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-them-social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-them-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-them-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-59dd174ba212cc11295537a27e4487d1.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-59dd174ba212cc11295537a27e4487d1.yaml new file mode 100644 index 0000000000..142e1ed163 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-them-social-59dd174ba212cc11295537a27e4487d1.yaml @@ -0,0 +1,58 @@ +id: feed-them-social-59dd174ba212cc11295537a27e4487d1 + +info: + name: > + Feed Them Social <= 4.2.0 - Cross-Site Request Forgery via review_nag_check + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e86152a6-cd8d-4466-bcc5-830413500e12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-them-social/" + google-query: inurl:"/wp-content/plugins/feed-them-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-them-social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-them-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-them-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-9019681407afd47da5b4816b7ae1001d.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-9019681407afd47da5b4816b7ae1001d.yaml new file mode 100644 index 0000000000..d2567d8e40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-them-social-9019681407afd47da5b4816b7ae1001d.yaml @@ -0,0 +1,58 @@ +id: feed-them-social-9019681407afd47da5b4816b7ae1001d + +info: + name: > + Feed Them Social – for Twitter feed, Youtube and more <= 2.9.8.5 - Unauthenticated PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50bcea94-b12a-4b31-b0c1-bba834ea9bd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-them-social/" + google-query: inurl:"/wp-content/plugins/feed-them-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-them-social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-them-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-them-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-9573f0bb03be4cafb0dc4630394c3c88.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-9573f0bb03be4cafb0dc4630394c3c88.yaml new file mode 100644 index 0000000000..37379474b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-them-social-9573f0bb03be4cafb0dc4630394c3c88.yaml @@ -0,0 +1,58 @@ +id: feed-them-social-9573f0bb03be4cafb0dc4630394c3c88 + +info: + name: > + Feed Them Social <= 1.6.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5d69895-2fe6-40cf-8d4d-aa274067495a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-them-social/" + google-query: inurl:"/wp-content/plugins/feed-them-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-them-social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-them-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-them-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-9d9f62e188b5181406f57379c674b86e.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-9d9f62e188b5181406f57379c674b86e.yaml new file mode 100644 index 0000000000..340d23a84c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-them-social-9d9f62e188b5181406f57379c674b86e.yaml @@ -0,0 +1,58 @@ +id: feed-them-social-9d9f62e188b5181406f57379c674b86e + +info: + name: > + Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa9c2a67-e254-4dde-9f58-81281e98cdb2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-them-social/" + google-query: inurl:"/wp-content/plugins/feed-them-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-them-social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-them-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-them-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-a23e521e782f280a44a30c5f1b1f5875.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-a23e521e782f280a44a30c5f1b1f5875.yaml new file mode 100644 index 0000000000..c96771fd09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-them-social-a23e521e782f280a44a30c5f1b1f5875.yaml @@ -0,0 +1,58 @@ +id: feed-them-social-a23e521e782f280a44a30c5f1b1f5875 + +info: + name: > + Feed Them Social <= 1.6.9 - Arbitrary Shortcode Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67c7e67e-3e68-4f49-9d81-fa0ed451376e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-them-social/" + google-query: inurl:"/wp-content/plugins/feed-them-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-them-social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-them-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-them-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-b04dd0f6bbdb43801b1ffc8fb55026f1.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-b04dd0f6bbdb43801b1ffc8fb55026f1.yaml new file mode 100644 index 0000000000..9e23687e90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-them-social-b04dd0f6bbdb43801b1ffc8fb55026f1.yaml @@ -0,0 +1,58 @@ +id: feed-them-social-b04dd0f6bbdb43801b1ffc8fb55026f1 + +info: + name: > + Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b000835-7f9d-44b4-92a3-ffce6e06d2ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-them-social/" + google-query: inurl:"/wp-content/plugins/feed-them-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-them-social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-them-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-them-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-d72ce46972faf10b71efe8ec5768d82c.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-d72ce46972faf10b71efe8ec5768d82c.yaml new file mode 100644 index 0000000000..35bd24c432 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-them-social-d72ce46972faf10b71efe8ec5768d82c.yaml @@ -0,0 +1,58 @@ +id: feed-them-social-d72ce46972faf10b71efe8ec5768d82c + +info: + name: > + Feed Them Social – Page, Post, Video, and Photo Galleries <= 2.8.6 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fcbe3d1-449c-4135-bbf5-9ea9236e5328?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-them-social/" + google-query: inurl:"/wp-content/plugins/feed-them-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-them-social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-them-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-them-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-e4fb6d249b711115cf1c72af2ed8bb4d.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-e4fb6d249b711115cf1c72af2ed8bb4d.yaml new file mode 100644 index 0000000000..4dc050e15c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-them-social-e4fb6d249b711115cf1c72af2ed8bb4d.yaml @@ -0,0 +1,58 @@ +id: feed-them-social-e4fb6d249b711115cf1c72af2ed8bb4d + +info: + name: > + Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Cross-Site Request Forgery to Settings update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97460a9c-e996-4170-afa3-47db9097f3f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-them-social/" + google-query: inurl:"/wp-content/plugins/feed-them-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-them-social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-them-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-them-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feed-them-social-fafa2caced18a7c0c4666d573df5d9d1.yaml b/nuclei-templates/cve-less/plugins/feed-them-social-fafa2caced18a7c0c4666d573df5d9d1.yaml new file mode 100644 index 0000000000..36465b8369 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feed-them-social-fafa2caced18a7c0c4666d573df5d9d1.yaml @@ -0,0 +1,58 @@ +id: feed-them-social-fafa2caced18a7c0c4666d573df5d9d1 + +info: + name: > + Feed Them Social – for Twitter feed, Youtube and more <= 2.9.9 - Subscriber+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cf5879f-82ae-41de-b220-aaec45c96c87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feed-them-social/" + google-query: inurl:"/wp-content/plugins/feed-them-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feed-them-social,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feed-them-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feed-them-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedburner-alternative-and-rss-redirect-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/cve-less/plugins/feedburner-alternative-and-rss-redirect-25a10466c42d47292b8a71c862e9a26a.yaml new file mode 100644 index 0000000000..00c8eca8e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedburner-alternative-and-rss-redirect-25a10466c42d47292b8a71c862e9a26a.yaml @@ -0,0 +1,58 @@ +id: feedburner-alternative-and-rss-redirect-25a10466c42d47292b8a71c862e9a26a + +info: + name: > + Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedburner-alternative-and-rss-redirect/" + google-query: inurl:"/wp-content/plugins/feedburner-alternative-and-rss-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedburner-alternative-and-rss-redirect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedburner-alternative-and-rss-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedburner-alternative-and-rss-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedburner-alternative-and-rss-redirect-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/cve-less/plugins/feedburner-alternative-and-rss-redirect-6ac56b73dfbde68009426ab1366ff6c2.yaml new file mode 100644 index 0000000000..8cb4b6c113 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedburner-alternative-and-rss-redirect-6ac56b73dfbde68009426ab1366ff6c2.yaml @@ -0,0 +1,58 @@ +id: feedburner-alternative-and-rss-redirect-6ac56b73dfbde68009426ab1366ff6c2 + +info: + name: > + Inisev Analyst Module <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedburner-alternative-and-rss-redirect/" + google-query: inurl:"/wp-content/plugins/feedburner-alternative-and-rss-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedburner-alternative-and-rss-redirect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedburner-alternative-and-rss-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedburner-alternative-and-rss-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedburner-alternative-and-rss-redirect-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/cve-less/plugins/feedburner-alternative-and-rss-redirect-c451f687ef3559dbeeebe92c1e87ed44.yaml new file mode 100644 index 0000000000..cfb39a328b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedburner-alternative-and-rss-redirect-c451f687ef3559dbeeebe92c1e87ed44.yaml @@ -0,0 +1,58 @@ +id: feedburner-alternative-and-rss-redirect-c451f687ef3559dbeeebe92c1e87ed44 + +info: + name: > + Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedburner-alternative-and-rss-redirect/" + google-query: inurl:"/wp-content/plugins/feedburner-alternative-and-rss-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedburner-alternative-and-rss-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedburner-alternative-and-rss-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedburner-alternative-and-rss-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedburner-feedsmith-95305525d7820973fed879d8dfc49664.yaml b/nuclei-templates/cve-less/plugins/feedburner-feedsmith-95305525d7820973fed879d8dfc49664.yaml new file mode 100644 index 0000000000..78b3d5fdf0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedburner-feedsmith-95305525d7820973fed879d8dfc49664.yaml @@ -0,0 +1,58 @@ +id: feedburner-feedsmith-95305525d7820973fed879d8dfc49664 + +info: + name: > + FeedBurner FeedSmith <= 2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0c72033-ab9b-49bb-be28-e09a810137fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedburner-feedsmith/" + google-query: inurl:"/wp-content/plugins/feedburner-feedsmith/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedburner-feedsmith,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedburner-feedsmith/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedburner-feedsmith" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedfocal-033552000c57d4d0e9b8f1077c9a1953.yaml b/nuclei-templates/cve-less/plugins/feedfocal-033552000c57d4d0e9b8f1077c9a1953.yaml new file mode 100644 index 0000000000..5cc953aa54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedfocal-033552000c57d4d0e9b8f1077c9a1953.yaml @@ -0,0 +1,58 @@ +id: feedfocal-033552000c57d4d0e9b8f1077c9a1953 + +info: + name: > + FeedFocal <= 1.2.2 - Missing Authorization via feedfocal_api_setup REST function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/489fe6ac-5437-44a2-93dc-00e75eefbc45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedfocal/" + google-query: inurl:"/wp-content/plugins/feedfocal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedfocal,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedfocal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedfocal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedlist-f30fee0809d10f803c0d4d592f397270.yaml b/nuclei-templates/cve-less/plugins/feedlist-f30fee0809d10f803c0d4d592f397270.yaml new file mode 100644 index 0000000000..545bb08b23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedlist-f30fee0809d10f803c0d4d592f397270.yaml @@ -0,0 +1,58 @@ +id: feedlist-f30fee0809d10f803c0d4d592f397270 + +info: + name: > + FeedList <= 2.61.03 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae135c3-2b2b-4cd2-a17b-3b1e9de9dbac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedlist/" + google-query: inurl:"/wp-content/plugins/feedlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedlist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.61.03') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feeds-for-youtube-50baee01b43a26ee8e4d58a0c9e6da8f.yaml b/nuclei-templates/cve-less/plugins/feeds-for-youtube-50baee01b43a26ee8e4d58a0c9e6da8f.yaml new file mode 100644 index 0000000000..fb9d8fd85d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feeds-for-youtube-50baee01b43a26ee8e4d58a0c9e6da8f.yaml @@ -0,0 +1,58 @@ +id: feeds-for-youtube-50baee01b43a26ee8e4d58a0c9e6da8f + +info: + name: > + Feeds for YouTube <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376e2638-a873-4142-ad7d-067ae3333709?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feeds-for-youtube/" + google-query: inurl:"/wp-content/plugins/feeds-for-youtube/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feeds-for-youtube,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feeds-for-youtube/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feeds-for-youtube" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedstats-de-0cb6e32bbaac252186a04f8bf825e2e9.yaml b/nuclei-templates/cve-less/plugins/feedstats-de-0cb6e32bbaac252186a04f8bf825e2e9.yaml new file mode 100644 index 0000000000..ab27c66999 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedstats-de-0cb6e32bbaac252186a04f8bf825e2e9.yaml @@ -0,0 +1,58 @@ +id: feedstats-de-0cb6e32bbaac252186a04f8bf825e2e9 + +info: + name: > + FeedStats < 2.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd903ec3-893e-4dd8-ad90-2e25a926ac4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedstats-de/" + google-query: inurl:"/wp-content/plugins/feedstats-de/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedstats-de,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedstats-de/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedstats-de" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedweb-42f14cb098faa7900818b46106b42afa.yaml b/nuclei-templates/cve-less/plugins/feedweb-42f14cb098faa7900818b46106b42afa.yaml new file mode 100644 index 0000000000..36601c3b52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedweb-42f14cb098faa7900818b46106b42afa.yaml @@ -0,0 +1,58 @@ +id: feedweb-42f14cb098faa7900818b46106b42afa + +info: + name: > + Feedweb < 1.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa3d4308-0e34-4749-a7da-935d416ad2d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedweb/" + google-query: inurl:"/wp-content/plugins/feedweb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedweb,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedweb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedweb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedwordpress-4cd6dbf8c953f54b11c7fded30755c74.yaml b/nuclei-templates/cve-less/plugins/feedwordpress-4cd6dbf8c953f54b11c7fded30755c74.yaml new file mode 100644 index 0000000000..230b9df2df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedwordpress-4cd6dbf8c953f54b11c7fded30755c74.yaml @@ -0,0 +1,58 @@ +id: feedwordpress-4cd6dbf8c953f54b11c7fded30755c74 + +info: + name: > + FeedWordPress <= 2021.0713 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96320410-48e2-42a6-9a1e-1641c1229256?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedwordpress/" + google-query: inurl:"/wp-content/plugins/feedwordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedwordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedwordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedwordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2021.0713') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedwordpress-6729304530e54584e7440ebda94579e0.yaml b/nuclei-templates/cve-less/plugins/feedwordpress-6729304530e54584e7440ebda94579e0.yaml new file mode 100644 index 0000000000..00bc434e81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedwordpress-6729304530e54584e7440ebda94579e0.yaml @@ -0,0 +1,58 @@ +id: feedwordpress-6729304530e54584e7440ebda94579e0 + +info: + name: > + FeedWordPress <= 2022.0222 - Insecure Direct Object Referece + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedwordpress/" + google-query: inurl:"/wp-content/plugins/feedwordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedwordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedwordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedwordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2022.0222') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedwordpress-a5bd104322a21c6fe50fb764879c5682.yaml b/nuclei-templates/cve-less/plugins/feedwordpress-a5bd104322a21c6fe50fb764879c5682.yaml new file mode 100644 index 0000000000..0e2646365d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedwordpress-a5bd104322a21c6fe50fb764879c5682.yaml @@ -0,0 +1,58 @@ +id: feedwordpress-a5bd104322a21c6fe50fb764879c5682 + +info: + name: > + FeedWordPress < 2015.0514 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da95086a-6ae2-4b4d-8312-78e3800ded7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedwordpress/" + google-query: inurl:"/wp-content/plugins/feedwordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedwordpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedwordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedwordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2015.0514') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedwordpress-de2b65d20701ca8d9c4d34a5b9680868.yaml b/nuclei-templates/cve-less/plugins/feedwordpress-de2b65d20701ca8d9c4d34a5b9680868.yaml new file mode 100644 index 0000000000..f461fba935 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedwordpress-de2b65d20701ca8d9c4d34a5b9680868.yaml @@ -0,0 +1,58 @@ +id: feedwordpress-de2b65d20701ca8d9c4d34a5b9680868 + +info: + name: > + FeedWordPress < 2015.0514 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/108a2ea3-a612-46a2-b29a-7ae794f8470c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedwordpress/" + google-query: inurl:"/wp-content/plugins/feedwordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedwordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedwordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedwordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2015.0514') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-49fc80b8d756a56dfe95c5a6032f1087.yaml b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-49fc80b8d756a56dfe95c5a6032f1087.yaml new file mode 100644 index 0000000000..bd9773e38d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-49fc80b8d756a56dfe95c5a6032f1087.yaml @@ -0,0 +1,58 @@ +id: feedzy-rss-feeds-49fc80b8d756a56dfe95c5a6032f1087 + +info: + name: > + RSS Aggregator by Feedzy <= 4.4.2 - Missing Authorization to Arbitrary Page Creation and Publication + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/181edcec-a57d-4516-935d-6777d2de77ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedzy-rss-feeds/" + google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedzy-rss-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedzy-rss-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-507b936e6df45800b9063c2207c957aa.yaml b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-507b936e6df45800b9063c2207c957aa.yaml new file mode 100644 index 0000000000..188bfa4580 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-507b936e6df45800b9063c2207c957aa.yaml @@ -0,0 +1,58 @@ +id: feedzy-rss-feeds-507b936e6df45800b9063c2207c957aa + +info: + name: > + RSS Aggregator by Feedzy <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d78ac022-6f07-4da5-a657-cafa78dc1845?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedzy-rss-feeds/" + google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedzy-rss-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedzy-rss-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-566fe474170295f900e413573209c71a.yaml b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-566fe474170295f900e413573209c71a.yaml new file mode 100644 index 0000000000..94bf7e98c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-566fe474170295f900e413573209c71a.yaml @@ -0,0 +1,58 @@ +id: feedzy-rss-feeds-566fe474170295f900e413573209c71a + +info: + name: > + RSS Aggregator by Feedzy <= 4.4.2 - Authenticated(Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf57aeaa-e37e-4b22-aeaa-f0a9f4877484?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedzy-rss-feeds/" + google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedzy-rss-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedzy-rss-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-915f28ed1e0ddfda2fff50d4304f5401.yaml b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-915f28ed1e0ddfda2fff50d4304f5401.yaml new file mode 100644 index 0000000000..d463c4bcc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-915f28ed1e0ddfda2fff50d4304f5401.yaml @@ -0,0 +1,58 @@ +id: feedzy-rss-feeds-915f28ed1e0ddfda2fff50d4304f5401 + +info: + name: > + RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a713d897-c549-4e0d-9cb3-7002ef2b127f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedzy-rss-feeds/" + google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedzy-rss-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedzy-rss-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..80d58f5e11 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: feedzy-rss-feeds-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedzy-rss-feeds/" + google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedzy-rss-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedzy-rss-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-9e24f5f31aefd98727b13ebb0dfe3151.yaml b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-9e24f5f31aefd98727b13ebb0dfe3151.yaml new file mode 100644 index 0000000000..f5902e2fda --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-9e24f5f31aefd98727b13ebb0dfe3151.yaml @@ -0,0 +1,58 @@ +id: feedzy-rss-feeds-9e24f5f31aefd98727b13ebb0dfe3151 + +info: + name: > + RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98053141-fe97-4bd4-b820-b6cca3426109?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedzy-rss-feeds/" + google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedzy-rss-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedzy-rss-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-a371f0288a138d0c57e459d338c39157.yaml b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-a371f0288a138d0c57e459d338c39157.yaml new file mode 100644 index 0000000000..0ed8a3ead2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-a371f0288a138d0c57e459d338c39157.yaml @@ -0,0 +1,58 @@ +id: feedzy-rss-feeds-a371f0288a138d0c57e459d338c39157 + +info: + name: > + RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Error Message + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d25e85f-28f7-4cc5-9856-25cc5aaf1418?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedzy-rss-feeds/" + google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedzy-rss-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedzy-rss-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-a69ba668991cc895684ef6a2a0130022.yaml b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-a69ba668991cc895684ef6a2a0130022.yaml new file mode 100644 index 0000000000..7b63c69588 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-a69ba668991cc895684ef6a2a0130022.yaml @@ -0,0 +1,58 @@ +id: feedzy-rss-feeds-a69ba668991cc895684ef6a2a0130022 + +info: + name: > + RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.3.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2cdf4e5-0a40-42ca-b5ac-78511fdd2b77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedzy-rss-feeds/" + google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedzy-rss-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedzy-rss-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-dc84242672f23048124ef1d4e4b55e53.yaml b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-dc84242672f23048124ef1d4e4b55e53.yaml new file mode 100644 index 0000000000..eb5100822a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-dc84242672f23048124ef1d4e4b55e53.yaml @@ -0,0 +1,58 @@ +id: feedzy-rss-feeds-dc84242672f23048124ef1d4e4b55e53 + +info: + name: > + RSS Aggregator by Feedzy <= 3.4.2 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3b916dc-3b94-4319-a805-0ea99d14429f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedzy-rss-feeds/" + google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedzy-rss-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedzy-rss-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-e0ef3d1097adeccc2f12bfdbdbab9d9c.yaml b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-e0ef3d1097adeccc2f12bfdbdbab9d9c.yaml new file mode 100644 index 0000000000..f60c20ea77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/feedzy-rss-feeds-e0ef3d1097adeccc2f12bfdbdbab9d9c.yaml @@ -0,0 +1,58 @@ +id: feedzy-rss-feeds-e0ef3d1097adeccc2f12bfdbdbab9d9c + +info: + name: > + RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator <= 4.4.7 - Authenticated(Contributor+) Blind Server-Side Request Forgery (SSRF) + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46978e1d-7adb-49f6-8e41-093f177c9a4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/feedzy-rss-feeds/" + google-query: inurl:"/wp-content/plugins/feedzy-rss-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,feedzy-rss-feeds,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/feedzy-rss-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "feedzy-rss-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fg-drupal-to-wp-6124da6a0c9e2e52db4d825fb2c383a6.yaml b/nuclei-templates/cve-less/plugins/fg-drupal-to-wp-6124da6a0c9e2e52db4d825fb2c383a6.yaml new file mode 100644 index 0000000000..1bf77ea43a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fg-drupal-to-wp-6124da6a0c9e2e52db4d825fb2c383a6.yaml @@ -0,0 +1,58 @@ +id: fg-drupal-to-wp-6124da6a0c9e2e52db4d825fb2c383a6 + +info: + name: > + FG Drupal to WordPress <= 3.70.3 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/426554d8-e6dc-496f-adce-61a22880a4c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fg-drupal-to-wp/" + google-query: inurl:"/wp-content/plugins/fg-drupal-to-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fg-drupal-to-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fg-drupal-to-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fg-drupal-to-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.70.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fg-drupal-to-wp-bb1647b449a57413306bcf1ebbfb2090.yaml b/nuclei-templates/cve-less/plugins/fg-drupal-to-wp-bb1647b449a57413306bcf1ebbfb2090.yaml new file mode 100644 index 0000000000..5b685b7fa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fg-drupal-to-wp-bb1647b449a57413306bcf1ebbfb2090.yaml @@ -0,0 +1,58 @@ +id: fg-drupal-to-wp-bb1647b449a57413306bcf1ebbfb2090 + +info: + name: > + FG Drupal to WordPress <= 3.67.0 - Cross-Site Request Forgery via ajax_importer + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc34ff1-1b7e-4974-907a-745911df5dc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fg-drupal-to-wp/" + google-query: inurl:"/wp-content/plugins/fg-drupal-to-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fg-drupal-to-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fg-drupal-to-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fg-drupal-to-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.67.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fg-joomla-to-wordpress-1e37c7574b8a6b340ccf9300cdecf15e.yaml b/nuclei-templates/cve-less/plugins/fg-joomla-to-wordpress-1e37c7574b8a6b340ccf9300cdecf15e.yaml new file mode 100644 index 0000000000..e3980ffdf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fg-joomla-to-wordpress-1e37c7574b8a6b340ccf9300cdecf15e.yaml @@ -0,0 +1,58 @@ +id: fg-joomla-to-wordpress-1e37c7574b8a6b340ccf9300cdecf15e + +info: + name: > + FG Joomla to WordPress <= 4.20.2 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab87321b-d326-498d-9a75-44692258cae6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fg-joomla-to-wordpress/" + google-query: inurl:"/wp-content/plugins/fg-joomla-to-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fg-joomla-to-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fg-joomla-to-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fg-joomla-to-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.20.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fg-joomla-to-wordpress-bb1647b449a57413306bcf1ebbfb2090.yaml b/nuclei-templates/cve-less/plugins/fg-joomla-to-wordpress-bb1647b449a57413306bcf1ebbfb2090.yaml new file mode 100644 index 0000000000..ce76d8615f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fg-joomla-to-wordpress-bb1647b449a57413306bcf1ebbfb2090.yaml @@ -0,0 +1,58 @@ +id: fg-joomla-to-wordpress-bb1647b449a57413306bcf1ebbfb2090 + +info: + name: > + FG Drupal to WordPress <= 3.67.0 - Cross-Site Request Forgery via ajax_importer + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc34ff1-1b7e-4974-907a-745911df5dc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fg-joomla-to-wordpress/" + google-query: inurl:"/wp-content/plugins/fg-joomla-to-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fg-joomla-to-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fg-joomla-to-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fg-joomla-to-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fg-prestashop-to-woocommerce-0eeffa23476d007efd123124288a7278.yaml b/nuclei-templates/cve-less/plugins/fg-prestashop-to-woocommerce-0eeffa23476d007efd123124288a7278.yaml new file mode 100644 index 0000000000..6f83c6af27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fg-prestashop-to-woocommerce-0eeffa23476d007efd123124288a7278.yaml @@ -0,0 +1,58 @@ +id: fg-prestashop-to-woocommerce-0eeffa23476d007efd123124288a7278 + +info: + name: > + FG PrestaShop to WooCommerce <= 4.45.1 - Unauthenticated Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9df6792-d208-44c9-b04b-00e86d76cbfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fg-prestashop-to-woocommerce/" + google-query: inurl:"/wp-content/plugins/fg-prestashop-to-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fg-prestashop-to-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fg-prestashop-to-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fg-prestashop-to-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.45.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fg-prestashop-to-woocommerce-bb1647b449a57413306bcf1ebbfb2090.yaml b/nuclei-templates/cve-less/plugins/fg-prestashop-to-woocommerce-bb1647b449a57413306bcf1ebbfb2090.yaml new file mode 100644 index 0000000000..05aa813b5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fg-prestashop-to-woocommerce-bb1647b449a57413306bcf1ebbfb2090.yaml @@ -0,0 +1,58 @@ +id: fg-prestashop-to-woocommerce-bb1647b449a57413306bcf1ebbfb2090 + +info: + name: > + FG Drupal to WordPress <= 3.67.0 - Cross-Site Request Forgery via ajax_importer + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dc34ff1-1b7e-4974-907a-745911df5dc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fg-prestashop-to-woocommerce/" + google-query: inurl:"/wp-content/plugins/fg-prestashop-to-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fg-prestashop-to-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fg-prestashop-to-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fg-prestashop-to-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.44.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fgallery-565b56570e9a0eaaf33a27883cc6e4ea.yaml b/nuclei-templates/cve-less/plugins/fgallery-565b56570e9a0eaaf33a27883cc6e4ea.yaml new file mode 100644 index 0000000000..617efb21ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fgallery-565b56570e9a0eaaf33a27883cc6e4ea.yaml @@ -0,0 +1,58 @@ +id: fgallery-565b56570e9a0eaaf33a27883cc6e4ea + +info: + name: > + fGallery 2.4.1 - SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96e2ba3d-4e6d-42b8-832c-03ef4915cadb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fgallery/" + google-query: inurl:"/wp-content/plugins/fgallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fgallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fgallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fgallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/file-away-466048d1971518e0b30eb580a52cc9ff.yaml b/nuclei-templates/cve-less/plugins/file-away-466048d1971518e0b30eb580a52cc9ff.yaml new file mode 100644 index 0000000000..6e46c9de11 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/file-away-466048d1971518e0b30eb580a52cc9ff.yaml @@ -0,0 +1,58 @@ +id: file-away-466048d1971518e0b30eb580a52cc9ff + +info: + name: > + File Away <= 3.9.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f78dd75-d853-4b16-843e-e0c9c55a103c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/file-away/" + google-query: inurl:"/wp-content/plugins/file-away/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,file-away,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-away/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-away" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.9.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/file-gallery-2ff1bc044255f45b7cf3b45392cb2e17.yaml b/nuclei-templates/cve-less/plugins/file-gallery-2ff1bc044255f45b7cf3b45392cb2e17.yaml new file mode 100644 index 0000000000..adc1f4a7e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/file-gallery-2ff1bc044255f45b7cf3b45392cb2e17.yaml @@ -0,0 +1,58 @@ +id: file-gallery-2ff1bc044255f45b7cf3b45392cb2e17 + +info: + name: > + File Gallery <= 1.8.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_gallery_shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c11be4ba-1bed-4234-b475-468394b7be90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/file-gallery/" + google-query: inurl:"/wp-content/plugins/file-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,file-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/file-gallery-9030229f25561b555ab5bd8cf6a1c26d.yaml b/nuclei-templates/cve-less/plugins/file-gallery-9030229f25561b555ab5bd8cf6a1c26d.yaml new file mode 100644 index 0000000000..1bfe6a4eba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/file-gallery-9030229f25561b555ab5bd8cf6a1c26d.yaml @@ -0,0 +1,58 @@ +id: file-gallery-9030229f25561b555ab5bd8cf6a1c26d + +info: + name: > + File Gallery < 1.7.9.2 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54bdacd9-49e4-4f45-99bb-baa9eba97ecf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/file-gallery/" + google-query: inurl:"/wp-content/plugins/file-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,file-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/file-gallery-bb0f68d3ec28f4af1bec229baa1a1db9.yaml b/nuclei-templates/cve-less/plugins/file-gallery-bb0f68d3ec28f4af1bec229baa1a1db9.yaml new file mode 100644 index 0000000000..eed766b702 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/file-gallery-bb0f68d3ec28f4af1bec229baa1a1db9.yaml @@ -0,0 +1,58 @@ +id: file-gallery-bb0f68d3ec28f4af1bec229baa1a1db9 + +info: + name: > + File Gallery <= 1.8.5.4 - Reflected Cross-Site Scripting via post_id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b51caf3-eff4-491f-b354-7d8939548a64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/file-gallery/" + google-query: inurl:"/wp-content/plugins/file-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,file-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/file-manager-48a8d2f0d5a63315df776c831690e09c.yaml b/nuclei-templates/cve-less/plugins/file-manager-48a8d2f0d5a63315df776c831690e09c.yaml new file mode 100644 index 0000000000..f9ee97376f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/file-manager-48a8d2f0d5a63315df776c831690e09c.yaml @@ -0,0 +1,58 @@ +id: file-manager-48a8d2f0d5a63315df776c831690e09c + +info: + name: > + Bit File Manager <= 5.2.7 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24458c37-ebcc-471b-9044-78f24667f7a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/file-manager/" + google-query: inurl:"/wp-content/plugins/file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,file-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/file-manager-5c40de81086d557f84896e9d9e366a14.yaml b/nuclei-templates/cve-less/plugins/file-manager-5c40de81086d557f84896e9d9e366a14.yaml new file mode 100644 index 0000000000..a871a16ea3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/file-manager-5c40de81086d557f84896e9d9e366a14.yaml @@ -0,0 +1,58 @@ +id: file-manager-5c40de81086d557f84896e9d9e366a14 + +info: + name: > + File Manager <= 6.3 - Authenticated (Admin+) Arbitrary OS File Access via Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/640b1800-3b59-4b06-a803-08cb76d62d99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/file-manager/" + google-query: inurl:"/wp-content/plugins/file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,file-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/file-manager-7e2f90e6940d531b994c0538fa57bc34.yaml b/nuclei-templates/cve-less/plugins/file-manager-7e2f90e6940d531b994c0538fa57bc34.yaml new file mode 100644 index 0000000000..02c5a1a0de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/file-manager-7e2f90e6940d531b994c0538fa57bc34.yaml @@ -0,0 +1,58 @@ +id: file-manager-7e2f90e6940d531b994c0538fa57bc34 + +info: + name: > + Bit File Manager <= 5.0.0 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ae27c4-0381-4622-90e8-f4fee29767a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/file-manager/" + google-query: inurl:"/wp-content/plugins/file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,file-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/file-manager-80453d1eac09488f23a96583710827a5.yaml b/nuclei-templates/cve-less/plugins/file-manager-80453d1eac09488f23a96583710827a5.yaml new file mode 100644 index 0000000000..1997b26ad8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/file-manager-80453d1eac09488f23a96583710827a5.yaml @@ -0,0 +1,58 @@ +id: file-manager-80453d1eac09488f23a96583710827a5 + +info: + name: > + Bit File Manager – 100% free file manager for WordPress <= 5.2.2 - Subscriber+ Arbitrary File Creation/Upload/Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02a6428f-beef-4491-ab5f-130a9e7924c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/file-manager/" + google-query: inurl:"/wp-content/plugins/file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,file-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/file-manager-advanced-1ced58320fa56965f50860e215f3e06d.yaml b/nuclei-templates/cve-less/plugins/file-manager-advanced-1ced58320fa56965f50860e215f3e06d.yaml new file mode 100644 index 0000000000..066001cd5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/file-manager-advanced-1ced58320fa56965f50860e215f3e06d.yaml @@ -0,0 +1,58 @@ +id: file-manager-advanced-1ced58320fa56965f50860e215f3e06d + +info: + name: > + Advanced File Manager <= 5.1 - Authenticated(Administrator+) Arbitrary File and Folder Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ceba35c3-16b0-4366-b33c-603bdc2c1006?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/file-manager-advanced/" + google-query: inurl:"/wp-content/plugins/file-manager-advanced/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,file-manager-advanced,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-manager-advanced/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-manager-advanced" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/file-manager-advanced-shortcode-07670443f68f4b9a28c2be946c910346.yaml b/nuclei-templates/cve-less/plugins/file-manager-advanced-shortcode-07670443f68f4b9a28c2be946c910346.yaml new file mode 100644 index 0000000000..b13a8b211d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/file-manager-advanced-shortcode-07670443f68f4b9a28c2be946c910346.yaml @@ -0,0 +1,58 @@ +id: file-manager-advanced-shortcode-07670443f68f4b9a28c2be946c910346 + +info: + name: > + File Manager Advanced Shortcode WordPress <= 2.3.2 - Unauthenticated Arbitrary File Upload to Remote Code Execution via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea40d06e-672c-42db-9378-d382de5838d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/file-manager-advanced-shortcode/" + google-query: inurl:"/wp-content/plugins/file-manager-advanced-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,file-manager-advanced-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-manager-advanced-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-manager-advanced-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/file-renaming-on-upload-ca9ee22d1cc41a724720db8fe33326bf.yaml b/nuclei-templates/cve-less/plugins/file-renaming-on-upload-ca9ee22d1cc41a724720db8fe33326bf.yaml new file mode 100644 index 0000000000..ac3d935a7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/file-renaming-on-upload-ca9ee22d1cc41a724720db8fe33326bf.yaml @@ -0,0 +1,58 @@ +id: file-renaming-on-upload-ca9ee22d1cc41a724720db8fe33326bf + +info: + name: > + File Renaming on Upload <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/550c3f56-d188-4be1-82cd-db076c09cf61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/file-renaming-on-upload/" + google-query: inurl:"/wp-content/plugins/file-renaming-on-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,file-renaming-on-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/file-renaming-on-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "file-renaming-on-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filebird-1298f4e0dd08f4cb0ce7e4baa39d0151.yaml b/nuclei-templates/cve-less/plugins/filebird-1298f4e0dd08f4cb0ce7e4baa39d0151.yaml new file mode 100644 index 0000000000..1cf22d31fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filebird-1298f4e0dd08f4cb0ce7e4baa39d0151.yaml @@ -0,0 +1,58 @@ +id: filebird-1298f4e0dd08f4cb0ce7e4baa39d0151 + +info: + name: > + Filebird 4.7.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2491d502-8087-4e95-b047-a3b196322d94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filebird/" + google-query: inurl:"/wp-content/plugins/filebird/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filebird,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filebird/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filebird" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filebird-16b2d22f9ed4777d1430ed12968eaafe.yaml b/nuclei-templates/cve-less/plugins/filebird-16b2d22f9ed4777d1430ed12968eaafe.yaml new file mode 100644 index 0000000000..369c4f58fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filebird-16b2d22f9ed4777d1430ed12968eaafe.yaml @@ -0,0 +1,58 @@ +id: filebird-16b2d22f9ed4777d1430ed12968eaafe + +info: + name: > + FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/129cc3b0-4f48-4846-902e-be5cd339f537?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filebird/" + google-query: inurl:"/wp-content/plugins/filebird/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filebird,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filebird/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filebird" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filebird-4e2e155c281ae60022e2ed5429179c85.yaml b/nuclei-templates/cve-less/plugins/filebird-4e2e155c281ae60022e2ed5429179c85.yaml new file mode 100644 index 0000000000..067be7cd94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filebird-4e2e155c281ae60022e2ed5429179c85.yaml @@ -0,0 +1,58 @@ +id: filebird-4e2e155c281ae60022e2ed5429179c85 + +info: + name: > + Filebird <= 5.1.4 - Missing Authorization via resAdminPermissionsCheck + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5a6e9f4-dbc3-4af0-b9e4-4c9ad7b5fe9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filebird/" + google-query: inurl:"/wp-content/plugins/filebird/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filebird,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filebird/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filebird" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filebird-61cc715601cb540fc69b978e74da1091.yaml b/nuclei-templates/cve-less/plugins/filebird-61cc715601cb540fc69b978e74da1091.yaml new file mode 100644 index 0000000000..adee005497 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filebird-61cc715601cb540fc69b978e74da1091.yaml @@ -0,0 +1,58 @@ +id: filebird-61cc715601cb540fc69b978e74da1091 + +info: + name: > + FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82cde234-ae87-438f-911e-bdd0e3ac1132?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filebird/" + google-query: inurl:"/wp-content/plugins/filebird/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filebird,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filebird/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filebird" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filebird-7d0952eb6cd34263da0c111b4d2da259.yaml b/nuclei-templates/cve-less/plugins/filebird-7d0952eb6cd34263da0c111b4d2da259.yaml new file mode 100644 index 0000000000..5f977a223f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filebird-7d0952eb6cd34263da0c111b4d2da259.yaml @@ -0,0 +1,58 @@ +id: filebird-7d0952eb6cd34263da0c111b4d2da259 + +info: + name: > + FileBird <= 5.6.0 - Authenticated(Administrator+) Stored Cross-Site Scripting via Folder Import + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filebird/" + google-query: inurl:"/wp-content/plugins/filebird/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filebird,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filebird/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filebird" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filedownload-16949f85deca6c76da36cc5d46cabd06.yaml b/nuclei-templates/cve-less/plugins/filedownload-16949f85deca6c76da36cc5d46cabd06.yaml new file mode 100644 index 0000000000..c4a2a9b3c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filedownload-16949f85deca6c76da36cc5d46cabd06.yaml @@ -0,0 +1,58 @@ +id: filedownload-16949f85deca6c76da36cc5d46cabd06 + +info: + name: > + filedownload plugin <= 1.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b79fa47-f045-44e9-84b8-60aa3a302dac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filedownload/" + google-query: inurl:"/wp-content/plugins/filedownload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filedownload,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filedownload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filedownload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filedownload-e3e5ad58c58ff0e4a41d1a39f9aad248.yaml b/nuclei-templates/cve-less/plugins/filedownload-e3e5ad58c58ff0e4a41d1a39f9aad248.yaml new file mode 100644 index 0000000000..37609e71ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filedownload-e3e5ad58c58ff0e4a41d1a39f9aad248.yaml @@ -0,0 +1,58 @@ +id: filedownload-e3e5ad58c58ff0e4a41d1a39f9aad248 + +info: + name: > + filedownload < 1.4 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24d081e3-4291-427c-bf2c-726d93aa00ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filedownload/" + google-query: inurl:"/wp-content/plugins/filedownload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filedownload,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filedownload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filedownload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filedownload-f50c03151ba977d208d9edbd82053474.yaml b/nuclei-templates/cve-less/plugins/filedownload-f50c03151ba977d208d9edbd82053474.yaml new file mode 100644 index 0000000000..8b12b0968d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filedownload-f50c03151ba977d208d9edbd82053474.yaml @@ -0,0 +1,58 @@ +id: filedownload-f50c03151ba977d208d9edbd82053474 + +info: + name: > + File Download <= 1.4 - Open Proxy + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1e98579-6e23-4309-9db5-e47d1e77ab07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filedownload/" + google-query: inurl:"/wp-content/plugins/filedownload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filedownload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filedownload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filedownload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fileorganizer-d61a99b7dbe136f85e3e2b350556f349.yaml b/nuclei-templates/cve-less/plugins/fileorganizer-d61a99b7dbe136f85e3e2b350556f349.yaml new file mode 100644 index 0000000000..2f31e5d5c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fileorganizer-d61a99b7dbe136f85e3e2b350556f349.yaml @@ -0,0 +1,58 @@ +id: fileorganizer-d61a99b7dbe136f85e3e2b350556f349 + +info: + name: > + FileOrganizer <= 1.0.3 - Authenticated (Admin+) Arbitrary File Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11c9124d-80e0-435d-9eb4-901c4f481a6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fileorganizer/" + google-query: inurl:"/wp-content/plugins/fileorganizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fileorganizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fileorganizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fileorganizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fileorganizer-fe85729fdce83d2abcd870326a089bf5.yaml b/nuclei-templates/cve-less/plugins/fileorganizer-fe85729fdce83d2abcd870326a089bf5.yaml new file mode 100644 index 0000000000..7f28792334 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fileorganizer-fe85729fdce83d2abcd870326a089bf5.yaml @@ -0,0 +1,58 @@ +id: fileorganizer-fe85729fdce83d2abcd870326a089bf5 + +info: + name: > + FileOrganizer and FileOrganizer Pro <= 1.0.6 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffaefd79-57a7-43b8-af1c-e108567eba67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fileorganizer/" + google-query: inurl:"/wp-content/plugins/fileorganizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fileorganizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fileorganizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fileorganizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/files-download-delay-83711b9f4415eeef12b96843272e6f77.yaml b/nuclei-templates/cve-less/plugins/files-download-delay-83711b9f4415eeef12b96843272e6f77.yaml new file mode 100644 index 0000000000..a3eac3a84e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/files-download-delay-83711b9f4415eeef12b96843272e6f77.yaml @@ -0,0 +1,58 @@ +id: files-download-delay-83711b9f4415eeef12b96843272e6f77 + +info: + name: > + Files Download Delay <= 1.0.6 - Missing Authorization to Settings Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/570942bf-49b1-4217-abc6-5e83f27d9824?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/files-download-delay/" + google-query: inurl:"/wp-content/plugins/files-download-delay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,files-download-delay,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/files-download-delay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "files-download-delay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filester-0fbaccf0dcc3983d2d26c8ef7aee1143.yaml b/nuclei-templates/cve-less/plugins/filester-0fbaccf0dcc3983d2d26c8ef7aee1143.yaml new file mode 100644 index 0000000000..e9d343f860 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filester-0fbaccf0dcc3983d2d26c8ef7aee1143.yaml @@ -0,0 +1,58 @@ +id: filester-0fbaccf0dcc3983d2d26c8ef7aee1143 + +info: + name: > + File Manager Pro – Filester <= 1.8 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99b2e3c3-b5e5-4648-81c8-da2f42ceec66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filester/" + google-query: inurl:"/wp-content/plugins/filester/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filester,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filester/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filester" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filester-3a0b06a228abc56684c0fecc37877b4c.yaml b/nuclei-templates/cve-less/plugins/filester-3a0b06a228abc56684c0fecc37877b4c.yaml new file mode 100644 index 0000000000..de7b68413f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filester-3a0b06a228abc56684c0fecc37877b4c.yaml @@ -0,0 +1,58 @@ +id: filester-3a0b06a228abc56684c0fecc37877b4c + +info: + name: > + File Manager Pro – Filester - <= 1.7.6 - Cross-Site Request Forgery to Arbitrary File Rename + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfbc7af2-1e2c-4aaf-b73c-870f7519aff1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filester/" + google-query: inurl:"/wp-content/plugins/filester/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filester,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filester/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filester" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filester-a9fb42c2dd47680db83577cec894ace4.yaml b/nuclei-templates/cve-less/plugins/filester-a9fb42c2dd47680db83577cec894ace4.yaml new file mode 100644 index 0000000000..3a9e7be27e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filester-a9fb42c2dd47680db83577cec894ace4.yaml @@ -0,0 +1,58 @@ +id: filester-a9fb42c2dd47680db83577cec894ace4 + +info: + name: > + File Manager Pro <= 1.8 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/927696bd-bf0c-4f15-9b06-21c3d0a11aed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filester/" + google-query: inurl:"/wp-content/plugins/filester/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filester,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filester/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filester" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fileviewer-beab7dee3648c51c868a41f9c4244298.yaml b/nuclei-templates/cve-less/plugins/fileviewer-beab7dee3648c51c868a41f9c4244298.yaml new file mode 100644 index 0000000000..c7dd6834ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fileviewer-beab7dee3648c51c868a41f9c4244298.yaml @@ -0,0 +1,58 @@ +id: fileviewer-beab7dee3648c51c868a41f9c4244298 + +info: + name: > + Fileviewer <= 2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57f56362-da35-44ae-b1f5-4f5a6c21930e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fileviewer/" + google-query: inurl:"/wp-content/plugins/fileviewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fileviewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fileviewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fileviewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filr-protection-3978ba038f6fabf500896400bafac46f.yaml b/nuclei-templates/cve-less/plugins/filr-protection-3978ba038f6fabf500896400bafac46f.yaml new file mode 100644 index 0000000000..6205fe8b62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filr-protection-3978ba038f6fabf500896400bafac46f.yaml @@ -0,0 +1,58 @@ +id: filr-protection-3978ba038f6fabf500896400bafac46f + +info: + name: > + Filr – Secure document library <= 1.2.3.5 - Authenticated (Author+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee23629c-6147-4527-929f-8c932cd7d7a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filr-protection/" + google-query: inurl:"/wp-content/plugins/filr-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filr-protection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filr-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filr-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filr-protection-e71ba64e3ce13e58bab0fc3eb80546e8.yaml b/nuclei-templates/cve-less/plugins/filr-protection-e71ba64e3ce13e58bab0fc3eb80546e8.yaml new file mode 100644 index 0000000000..d0276d16d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filr-protection-e71ba64e3ce13e58bab0fc3eb80546e8.yaml @@ -0,0 +1,58 @@ +id: filr-protection-e71ba64e3ce13e58bab0fc3eb80546e8 + +info: + name: > + Filr – Secure document library <= 1.2.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02d4bc64-d05d-4151-bc38-523cbb2ef60c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filr-protection/" + google-query: inurl:"/wp-content/plugins/filr-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filr-protection,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filr-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filr-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filter-custom-fields-taxonomies-light-7ec734b1370cfa2c11baf0ce838e63f7.yaml b/nuclei-templates/cve-less/plugins/filter-custom-fields-taxonomies-light-7ec734b1370cfa2c11baf0ce838e63f7.yaml new file mode 100644 index 0000000000..03362a7ca5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filter-custom-fields-taxonomies-light-7ec734b1370cfa2c11baf0ce838e63f7.yaml @@ -0,0 +1,58 @@ +id: filter-custom-fields-taxonomies-light-7ec734b1370cfa2c11baf0ce838e63f7 + +info: + name: > + Filter Custom Fields & Taxonomies Light <= 1.05 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/880e5752-cc69-4c38-bd00-a3b8517e5fa6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filter-custom-fields-taxonomies-light/" + google-query: inurl:"/wp-content/plugins/filter-custom-fields-taxonomies-light/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filter-custom-fields-taxonomies-light,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filter-custom-fields-taxonomies-light/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filter-custom-fields-taxonomies-light" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filter-custom-fields-taxonomies-light-8cd6ae2b6361cbc9077a21e229786a98.yaml b/nuclei-templates/cve-less/plugins/filter-custom-fields-taxonomies-light-8cd6ae2b6361cbc9077a21e229786a98.yaml new file mode 100644 index 0000000000..f6a5ea74c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filter-custom-fields-taxonomies-light-8cd6ae2b6361cbc9077a21e229786a98.yaml @@ -0,0 +1,58 @@ +id: filter-custom-fields-taxonomies-light-8cd6ae2b6361cbc9077a21e229786a98 + +info: + name: > + Filter Custom Fields & Taxonomies Light <= 1.05 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80f39182-9835-4bd5-b3cd-41fe20983e1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filter-custom-fields-taxonomies-light/" + google-query: inurl:"/wp-content/plugins/filter-custom-fields-taxonomies-light/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filter-custom-fields-taxonomies-light,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filter-custom-fields-taxonomies-light/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filter-custom-fields-taxonomies-light" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filter-gallery-cf862152b16dd1f39286055ed51b17b7.yaml b/nuclei-templates/cve-less/plugins/filter-gallery-cf862152b16dd1f39286055ed51b17b7.yaml new file mode 100644 index 0000000000..4e26138429 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filter-gallery-cf862152b16dd1f39286055ed51b17b7.yaml @@ -0,0 +1,58 @@ +id: filter-gallery-cf862152b16dd1f39286055ed51b17b7 + +info: + name: > + WordPress Filter Gallery Plugin <= 0.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cea044c-3117-4722-a696-5b7368d31d63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filter-gallery/" + google-query: inurl:"/wp-content/plugins/filter-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filter-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filter-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filter-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/filter-portfolio-gallery-aa602beb5c908376cceff63e3f2e405f.yaml b/nuclei-templates/cve-less/plugins/filter-portfolio-gallery-aa602beb5c908376cceff63e3f2e405f.yaml new file mode 100644 index 0000000000..c24b7708ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/filter-portfolio-gallery-aa602beb5c908376cceff63e3f2e405f.yaml @@ -0,0 +1,58 @@ +id: filter-portfolio-gallery-aa602beb5c908376cceff63e3f2e405f + +info: + name: > + Filter Portfolio Gallery <= 1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb291c79-8b8e-476b-b6e4-e8428bf60d6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/filter-portfolio-gallery/" + google-query: inurl:"/wp-content/plugins/filter-portfolio-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,filter-portfolio-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/filter-portfolio-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "filter-portfolio-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/final-tiles-grid-gallery-lite-40a15a1270025c5cb430a29eea6824ae.yaml b/nuclei-templates/cve-less/plugins/final-tiles-grid-gallery-lite-40a15a1270025c5cb430a29eea6824ae.yaml new file mode 100644 index 0000000000..67b10a7a04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/final-tiles-grid-gallery-lite-40a15a1270025c5cb430a29eea6824ae.yaml @@ -0,0 +1,58 @@ +id: final-tiles-grid-gallery-lite-40a15a1270025c5cb430a29eea6824ae + +info: + name: > + Image Photo Gallery Final Tiles Grid <= 3.5.2 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba44ec7c-7c71-4c19-8b1e-5d78bb3a3a03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/final-tiles-grid-gallery-lite/" + google-query: inurl:"/wp-content/plugins/final-tiles-grid-gallery-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,final-tiles-grid-gallery-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/final-tiles-grid-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "final-tiles-grid-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/final-tiles-grid-gallery-lite-45a46be6bf0ef23f92774359273b99be.yaml b/nuclei-templates/cve-less/plugins/final-tiles-grid-gallery-lite-45a46be6bf0ef23f92774359273b99be.yaml new file mode 100644 index 0000000000..1d40945387 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/final-tiles-grid-gallery-lite-45a46be6bf0ef23f92774359273b99be.yaml @@ -0,0 +1,58 @@ +id: final-tiles-grid-gallery-lite-45a46be6bf0ef23f92774359273b99be + +info: + name: > + Final Tiles Gallery <= 3.4.18 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/656bf2b4-1930-4e96-b92b-01593889a43f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/final-tiles-grid-gallery-lite/" + google-query: inurl:"/wp-content/plugins/final-tiles-grid-gallery-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,final-tiles-grid-gallery-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/final-tiles-grid-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "final-tiles-grid-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/final-user-wp-frontend-user-profiles-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/cve-less/plugins/final-user-wp-frontend-user-profiles-c1fc6421a52e6ac7d9b0f476667cd29a.yaml new file mode 100644 index 0000000000..6e3e6d9d9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/final-user-wp-frontend-user-profiles-c1fc6421a52e6ac7d9b0f476667cd29a.yaml @@ -0,0 +1,58 @@ +id: final-user-wp-frontend-user-profiles-c1fc6421a52e6ac7d9b0f476667cd29a + +info: + name: > + Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/final-user-wp-frontend-user-profiles/" + google-query: inurl:"/wp-content/plugins/final-user-wp-frontend-user-profiles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,final-user-wp-frontend-user-profiles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/final-user-wp-frontend-user-profiles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "final-user-wp-frontend-user-profiles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-13f75b4807aa41447c76b6287198f0e6.yaml b/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-13f75b4807aa41447c76b6287198f0e6.yaml new file mode 100644 index 0000000000..01e4d8c948 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-13f75b4807aa41447c76b6287198f0e6.yaml @@ -0,0 +1,58 @@ +id: finale-woocommerce-sales-countdown-timer-discount-13f75b4807aa41447c76b6287198f0e6 + +info: + name: > + NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d9332be-2cf0-46cd-81e4-6436aeec0f83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/" + google-query: inurl:"/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,finale-woocommerce-sales-countdown-timer-discount,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "finale-woocommerce-sales-countdown-timer-discount" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-281ba59699e771f7b8298c529c863776.yaml b/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-281ba59699e771f7b8298c529c863776.yaml new file mode 100644 index 0000000000..369cd13ec2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-281ba59699e771f7b8298c529c863776.yaml @@ -0,0 +1,58 @@ +id: finale-woocommerce-sales-countdown-timer-discount-281ba59699e771f7b8298c529c863776 + +info: + name: > + Finale Lite <= 2.16.0 - Missing Authorization to Content Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/725bce1b-ec76-411d-928c-2aea47867292?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/" + google-query: inurl:"/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,finale-woocommerce-sales-countdown-timer-discount,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "finale-woocommerce-sales-countdown-timer-discount" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-b2f9a3131a92b1faa45907be05feafe5.yaml b/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-b2f9a3131a92b1faa45907be05feafe5.yaml new file mode 100644 index 0000000000..6bf024c226 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-b2f9a3131a92b1faa45907be05feafe5.yaml @@ -0,0 +1,58 @@ +id: finale-woocommerce-sales-countdown-timer-discount-b2f9a3131a92b1faa45907be05feafe5 + +info: + name: > + Finale Lite <= 2.18.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa290a4b-06b6-4057-ae56-1c0b74b2ee5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/" + google-query: inurl:"/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,finale-woocommerce-sales-countdown-timer-discount,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "finale-woocommerce-sales-countdown-timer-discount" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-b7d8017025d96230e362095b35be8556.yaml b/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-b7d8017025d96230e362095b35be8556.yaml new file mode 100644 index 0000000000..31a412e224 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/finale-woocommerce-sales-countdown-timer-discount-b7d8017025d96230e362095b35be8556.yaml @@ -0,0 +1,58 @@ +id: finale-woocommerce-sales-countdown-timer-discount-b7d8017025d96230e362095b35be8556 + +info: + name: > + Finale Lite <= 2.18.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d80199a2-8a12-44f7-ba20-169d7af88c26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/" + google-query: inurl:"/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,finale-woocommerce-sales-countdown-timer-discount,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/finale-woocommerce-sales-countdown-timer-discount/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "finale-woocommerce-sales-countdown-timer-discount" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/find-and-replace-all-3a24a068d1ed9da16159938c4295f7f7.yaml b/nuclei-templates/cve-less/plugins/find-and-replace-all-3a24a068d1ed9da16159938c4295f7f7.yaml new file mode 100644 index 0000000000..5e60d4eefc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/find-and-replace-all-3a24a068d1ed9da16159938c4295f7f7.yaml @@ -0,0 +1,58 @@ +id: find-and-replace-all-3a24a068d1ed9da16159938c4295f7f7 + +info: + name: > + Find and Replace All <= 1.3 - Cross-Site Request Forgery to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4f188f-ca84-44df-9738-d61094c2e695?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/find-and-replace-all/" + google-query: inurl:"/wp-content/plugins/find-and-replace-all/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,find-and-replace-all,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/find-and-replace-all/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "find-and-replace-all" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/find-and-replace-all-ef26eea08cd48a0673b556bc7ad08135.yaml b/nuclei-templates/cve-less/plugins/find-and-replace-all-ef26eea08cd48a0673b556bc7ad08135.yaml new file mode 100644 index 0000000000..16f2047476 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/find-and-replace-all-ef26eea08cd48a0673b556bc7ad08135.yaml @@ -0,0 +1,58 @@ +id: find-and-replace-all-ef26eea08cd48a0673b556bc7ad08135 + +info: + name: > + Find and Replace All <= 1.3 - Cross-Site Request Forgery to Arbitrary Content Replacement + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ed74f7f-d629-4d07-b73e-eaa78f11ea70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/find-and-replace-all/" + google-query: inurl:"/wp-content/plugins/find-and-replace-all/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,find-and-replace-all,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/find-and-replace-all/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "find-and-replace-all" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/find-any-think-de57c9c6347745d9dac6d12ee00f13b8.yaml b/nuclei-templates/cve-less/plugins/find-any-think-de57c9c6347745d9dac6d12ee00f13b8.yaml new file mode 100644 index 0000000000..5e654fd4ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/find-any-think-de57c9c6347745d9dac6d12ee00f13b8.yaml @@ -0,0 +1,58 @@ +id: find-any-think-de57c9c6347745d9dac6d12ee00f13b8 + +info: + name: > + WPMK Ajax Finder <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d063d01-5f67-4c7f-ab71-01708456e82b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/find-any-think/" + google-query: inurl:"/wp-content/plugins/find-any-think/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,find-any-think,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/find-any-think/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "find-any-think" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/find-duplicates-4976580f662d856b0ec790e30c784e5a.yaml b/nuclei-templates/cve-less/plugins/find-duplicates-4976580f662d856b0ec790e30c784e5a.yaml new file mode 100644 index 0000000000..39eeeddd04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/find-duplicates-4976580f662d856b0ec790e30c784e5a.yaml @@ -0,0 +1,58 @@ +id: find-duplicates-4976580f662d856b0ec790e30c784e5a + +info: + name: > + Find Duplicates <= 1.4.6 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/466eec4a-8aac-4b0d-ba18-9667aa70de5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/find-duplicates/" + google-query: inurl:"/wp-content/plugins/find-duplicates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,find-duplicates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/find-duplicates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "find-duplicates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/find-my-blocks-032b6d67d90bdb80edcbded91586f3c0.yaml b/nuclei-templates/cve-less/plugins/find-my-blocks-032b6d67d90bdb80edcbded91586f3c0.yaml new file mode 100644 index 0000000000..2fa887cadd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/find-my-blocks-032b6d67d90bdb80edcbded91586f3c0.yaml @@ -0,0 +1,58 @@ +id: find-my-blocks-032b6d67d90bdb80edcbded91586f3c0 + +info: + name: > + Find My Blocks < 3.4.0 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a8a202-e44a-4874-9e7a-c8224edd8591?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/find-my-blocks/" + google-query: inurl:"/wp-content/plugins/find-my-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,find-my-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/find-my-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "find-my-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/findeo-41837fb37d737478db2ea9f3e428404e.yaml b/nuclei-templates/cve-less/plugins/findeo-41837fb37d737478db2ea9f3e428404e.yaml new file mode 100644 index 0000000000..3a6e377c87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/findeo-41837fb37d737478db2ea9f3e428404e.yaml @@ -0,0 +1,58 @@ +id: findeo-41837fb37d737478db2ea9f3e428404e + +info: + name: > + Realteo <= 1.2.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb81956-856a-49cc-a437-a2094d958b5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/findeo/" + google-query: inurl:"/wp-content/plugins/findeo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,findeo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/findeo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "findeo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/findeo-d1bbc50d843df9b465aead854697cdc8.yaml b/nuclei-templates/cve-less/plugins/findeo-d1bbc50d843df9b465aead854697cdc8.yaml new file mode 100644 index 0000000000..45b427f2d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/findeo-d1bbc50d843df9b465aead854697cdc8.yaml @@ -0,0 +1,58 @@ +id: findeo-d1bbc50d843df9b465aead854697cdc8 + +info: + name: > + Realteo < 1.2.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72f3541e-e589-4f21-ab51-89dba704b271?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/findeo/" + google-query: inurl:"/wp-content/plugins/findeo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,findeo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/findeo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "findeo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/firestats-116359fea7fe1422fcee6d92fc7e8d15.yaml b/nuclei-templates/cve-less/plugins/firestats-116359fea7fe1422fcee6d92fc7e8d15.yaml new file mode 100644 index 0000000000..404a07682b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/firestats-116359fea7fe1422fcee6d92fc7e8d15.yaml @@ -0,0 +1,58 @@ +id: firestats-116359fea7fe1422fcee6d92fc7e8d15 + +info: + name: > + FireStats <1.6.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc59efb-5ecd-4822-998c-6c79fbeb4c3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/firestats/" + google-query: inurl:"/wp-content/plugins/firestats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,firestats,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/firestats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "firestats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/firestats-8d2b8d85e3990e663a1d1eeba9e988ea.yaml b/nuclei-templates/cve-less/plugins/firestats-8d2b8d85e3990e663a1d1eeba9e988ea.yaml new file mode 100644 index 0000000000..833facc49d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/firestats-8d2b8d85e3990e663a1d1eeba9e988ea.yaml @@ -0,0 +1,58 @@ +id: firestats-8d2b8d85e3990e663a1d1eeba9e988ea + +info: + name: > + FireStats < 1.6.2 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05544f69-bc9b-4270-80c9-96afe4793cb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/firestats/" + google-query: inurl:"/wp-content/plugins/firestats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,firestats,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/firestats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "firestats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/first-graders-toolbox-7b6c4a5d491c136298d22f463e5441b8.yaml b/nuclei-templates/cve-less/plugins/first-graders-toolbox-7b6c4a5d491c136298d22f463e5441b8.yaml new file mode 100644 index 0000000000..e47967b7d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/first-graders-toolbox-7b6c4a5d491c136298d22f463e5441b8.yaml @@ -0,0 +1,58 @@ +id: first-graders-toolbox-7b6c4a5d491c136298d22f463e5441b8 + +info: + name: > + 1 click disable all <= 1.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7c98de6-7e76-48f3-aa79-57bf4f387428?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/first-graders-toolbox/" + google-query: inurl:"/wp-content/plugins/first-graders-toolbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,first-graders-toolbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/first-graders-toolbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "first-graders-toolbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/first-order-discount-woocommerce-1249a65de4506f62402e8cab0fdcd2b8.yaml b/nuclei-templates/cve-less/plugins/first-order-discount-woocommerce-1249a65de4506f62402e8cab0fdcd2b8.yaml new file mode 100644 index 0000000000..b5f281c974 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/first-order-discount-woocommerce-1249a65de4506f62402e8cab0fdcd2b8.yaml @@ -0,0 +1,58 @@ +id: first-order-discount-woocommerce-1249a65de4506f62402e8cab0fdcd2b8 + +info: + name: > + First Order Discount Woocommerce <= 1.21 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9d161a3-eb9f-447f-b2d2-b8b193678d20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/first-order-discount-woocommerce/" + google-query: inurl:"/wp-content/plugins/first-order-discount-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,first-order-discount-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/first-order-discount-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "first-order-discount-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fitness-calculators-642950df2f7522b38841579e45f2fa32.yaml b/nuclei-templates/cve-less/plugins/fitness-calculators-642950df2f7522b38841579e45f2fa32.yaml new file mode 100644 index 0000000000..4ba944c6f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fitness-calculators-642950df2f7522b38841579e45f2fa32.yaml @@ -0,0 +1,58 @@ +id: fitness-calculators-642950df2f7522b38841579e45f2fa32 + +info: + name: > + Fitness calculators plugin <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aafbdd50-c78b-4aad-a3e2-f1339d698e77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fitness-calculators/" + google-query: inurl:"/wp-content/plugins/fitness-calculators/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fitness-calculators,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fitness-calculators/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fitness-calculators" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fitness-calculators-99086c0a0b024a064c1e5677b2106531.yaml b/nuclei-templates/cve-less/plugins/fitness-calculators-99086c0a0b024a064c1e5677b2106531.yaml new file mode 100644 index 0000000000..623f527f2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fitness-calculators-99086c0a0b024a064c1e5677b2106531.yaml @@ -0,0 +1,58 @@ +id: fitness-calculators-99086c0a0b024a064c1e5677b2106531 + +info: + name: > + Fitness Calculators <= 1.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/659f5a99-84f4-44b0-8546-445831c7e0d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fitness-calculators/" + google-query: inurl:"/wp-content/plugins/fitness-calculators/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fitness-calculators,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fitness-calculators/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fitness-calculators" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fitness-trainer-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/cve-less/plugins/fitness-trainer-c1fc6421a52e6ac7d9b0f476667cd29a.yaml new file mode 100644 index 0000000000..ec0d3fd618 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fitness-trainer-c1fc6421a52e6ac7d9b0f476667cd29a.yaml @@ -0,0 +1,58 @@ +id: fitness-trainer-c1fc6421a52e6ac7d9b0f476667cd29a + +info: + name: > + Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fitness-trainer/" + google-query: inurl:"/wp-content/plugins/fitness-trainer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fitness-trainer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fitness-trainer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fitness-trainer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/five-minute-webshop-22c242de8477403c11aa170395108645.yaml b/nuclei-templates/cve-less/plugins/five-minute-webshop-22c242de8477403c11aa170395108645.yaml new file mode 100644 index 0000000000..8074725c89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/five-minute-webshop-22c242de8477403c11aa170395108645.yaml @@ -0,0 +1,58 @@ +id: five-minute-webshop-22c242de8477403c11aa170395108645 + +info: + name: > + Five Minute Webshop <= 1.3.2 - Authenticated (Admin+) SQL Injection via orderby + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/213b6dec-a64d-4597-a079-8fb82df9c8b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/five-minute-webshop/" + google-query: inurl:"/wp-content/plugins/five-minute-webshop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,five-minute-webshop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/five-minute-webshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "five-minute-webshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/five-minute-webshop-8eccbee0dd1899147fba577f29a00bda.yaml b/nuclei-templates/cve-less/plugins/five-minute-webshop-8eccbee0dd1899147fba577f29a00bda.yaml new file mode 100644 index 0000000000..1885a6df20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/five-minute-webshop-8eccbee0dd1899147fba577f29a00bda.yaml @@ -0,0 +1,58 @@ +id: five-minute-webshop-8eccbee0dd1899147fba577f29a00bda + +info: + name: > + Five Minute Webshop <= 1.3.2 - Authenticated (Admin+) SQL Injection via id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a7298ae-e1e6-4d3f-b4fb-9f9db9f3832d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/five-minute-webshop/" + google-query: inurl:"/wp-content/plugins/five-minute-webshop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,five-minute-webshop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/five-minute-webshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "five-minute-webshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fix-my-feed-rss-repair-2a21d5a31d3b98e1018a3dbbd691f093.yaml b/nuclei-templates/cve-less/plugins/fix-my-feed-rss-repair-2a21d5a31d3b98e1018a3dbbd691f093.yaml new file mode 100644 index 0000000000..e1a4fdb002 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fix-my-feed-rss-repair-2a21d5a31d3b98e1018a3dbbd691f093.yaml @@ -0,0 +1,58 @@ +id: fix-my-feed-rss-repair-2a21d5a31d3b98e1018a3dbbd691f093 + +info: + name: > + Fix My Feed RSS Repair <= 1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/038742d8-3da9-4e2a-bbd4-9ed6b31e8767?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fix-my-feed-rss-repair/" + google-query: inurl:"/wp-content/plugins/fix-my-feed-rss-repair/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fix-my-feed-rss-repair,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fix-my-feed-rss-repair/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fix-my-feed-rss-repair" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fixed-html-toolbar-39995b4a98bd80010d8be7d8f66f2d38.yaml b/nuclei-templates/cve-less/plugins/fixed-html-toolbar-39995b4a98bd80010d8be7d8f66f2d38.yaml new file mode 100644 index 0000000000..6c50aaca54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fixed-html-toolbar-39995b4a98bd80010d8be7d8f66f2d38.yaml @@ -0,0 +1,58 @@ +id: fixed-html-toolbar-39995b4a98bd80010d8be7d8f66f2d38 + +info: + name: > + Fixed HTML Toolbar <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31e11aff-056f-47c4-b5d1-c67af350585d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fixed-html-toolbar/" + google-query: inurl:"/wp-content/plugins/fixed-html-toolbar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fixed-html-toolbar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fixed-html-toolbar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fixed-html-toolbar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fl3r-feelbox-30d0f494aa8b20416d51df052e0c844e.yaml b/nuclei-templates/cve-less/plugins/fl3r-feelbox-30d0f494aa8b20416d51df052e0c844e.yaml new file mode 100644 index 0000000000..7c758c5531 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fl3r-feelbox-30d0f494aa8b20416d51df052e0c844e.yaml @@ -0,0 +1,58 @@ +id: fl3r-feelbox-30d0f494aa8b20416d51df052e0c844e + +info: + name: > + FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Plugin Settings Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a830d58-14e8-4929-a0f8-08ee4efae340?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fl3r-feelbox/" + google-query: inurl:"/wp-content/plugins/fl3r-feelbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fl3r-feelbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fl3r-feelbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fl3r-feelbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fl3r-feelbox-7a1fe9dbd3e35a123780e19c329830c8.yaml b/nuclei-templates/cve-less/plugins/fl3r-feelbox-7a1fe9dbd3e35a123780e19c329830c8.yaml new file mode 100644 index 0000000000..b9bb7759ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fl3r-feelbox-7a1fe9dbd3e35a123780e19c329830c8.yaml @@ -0,0 +1,58 @@ +id: fl3r-feelbox-7a1fe9dbd3e35a123780e19c329830c8 + +info: + name: > + FL3R FeelBox <= 8.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e770d1fc-b941-4f0f-87ee-8b0c9edb640b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fl3r-feelbox/" + google-query: inurl:"/wp-content/plugins/fl3r-feelbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fl3r-feelbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fl3r-feelbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fl3r-feelbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8..1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fl3r-feelbox-817d9bd5ced767540dd82a3d7ff4067c.yaml b/nuclei-templates/cve-less/plugins/fl3r-feelbox-817d9bd5ced767540dd82a3d7ff4067c.yaml new file mode 100644 index 0000000000..ac5415036c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fl3r-feelbox-817d9bd5ced767540dd82a3d7ff4067c.yaml @@ -0,0 +1,58 @@ +id: fl3r-feelbox-817d9bd5ced767540dd82a3d7ff4067c + +info: + name: > + FL3R FeelBox <= 8.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ab311f-26c1-4165-80bc-512348fcc0c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fl3r-feelbox/" + google-query: inurl:"/wp-content/plugins/fl3r-feelbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fl3r-feelbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fl3r-feelbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fl3r-feelbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flash-album-gallery-0b070c6bccd03db5dad9fdc1c059c617.yaml b/nuclei-templates/cve-less/plugins/flash-album-gallery-0b070c6bccd03db5dad9fdc1c059c617.yaml new file mode 100644 index 0000000000..a200e3a885 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flash-album-gallery-0b070c6bccd03db5dad9fdc1c059c617.yaml @@ -0,0 +1,58 @@ +id: flash-album-gallery-0b070c6bccd03db5dad9fdc1c059c617 + +info: + name: > + Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 1.57 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55773c6c-85e8-4023-8dd6-4feb0f6254b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flash-album-gallery/" + google-query: inurl:"/wp-content/plugins/flash-album-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flash-album-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flash-album-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flash-album-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.57') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flash-album-gallery-201957a4954f30a5d4ed40f134fba1c6.yaml b/nuclei-templates/cve-less/plugins/flash-album-gallery-201957a4954f30a5d4ed40f134fba1c6.yaml new file mode 100644 index 0000000000..659070774e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flash-album-gallery-201957a4954f30a5d4ed40f134fba1c6.yaml @@ -0,0 +1,58 @@ +id: flash-album-gallery-201957a4954f30a5d4ed40f134fba1c6 + +info: + name: > + Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 4.25 - Sensitive Data Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56382dd8-7f02-4544-a530-31c012407ab7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flash-album-gallery/" + google-query: inurl:"/wp-content/plugins/flash-album-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flash-album-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flash-album-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flash-album-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flash-album-gallery-4a78286f0fa257bf74920260dae5103f.yaml b/nuclei-templates/cve-less/plugins/flash-album-gallery-4a78286f0fa257bf74920260dae5103f.yaml new file mode 100644 index 0000000000..9a7274b2d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flash-album-gallery-4a78286f0fa257bf74920260dae5103f.yaml @@ -0,0 +1,58 @@ +id: flash-album-gallery-4a78286f0fa257bf74920260dae5103f + +info: + name: > + Album and Image Gallery with Lightbox – Flagallery Photo Portfolio < 2.72 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/582a536c-950e-424b-80a7-83608d220b87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flash-album-gallery/" + google-query: inurl:"/wp-content/plugins/flash-album-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flash-album-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flash-album-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flash-album-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.71') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flash-album-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/flash-album-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..f841675c95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flash-album-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: flash-album-gallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flash-album-gallery/" + google-query: inurl:"/wp-content/plugins/flash-album-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flash-album-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flash-album-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flash-album-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flash-album-gallery-eca8e288e4dc717ec25c774372f69b42.yaml b/nuclei-templates/cve-less/plugins/flash-album-gallery-eca8e288e4dc717ec25c774372f69b42.yaml new file mode 100644 index 0000000000..2ac28c320d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flash-album-gallery-eca8e288e4dc717ec25c774372f69b42.yaml @@ -0,0 +1,58 @@ +id: flash-album-gallery-eca8e288e4dc717ec25c774372f69b42 + +info: + name: > + Album and Image Gallery with Lightbox – Flagallery Photo Portfolio <= 6.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f6ee92e-4ccb-41b3-855f-adbfae4888ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flash-album-gallery/" + google-query: inurl:"/wp-content/plugins/flash-album-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flash-album-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flash-album-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flash-album-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flash-photo-gallery-b3551195333886afba6c43fd173acb65.yaml b/nuclei-templates/cve-less/plugins/flash-photo-gallery-b3551195333886afba6c43fd173acb65.yaml new file mode 100644 index 0000000000..da7e420ce5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flash-photo-gallery-b3551195333886afba6c43fd173acb65.yaml @@ -0,0 +1,58 @@ +id: flash-photo-gallery-b3551195333886afba6c43fd173acb65 + +info: + name: > + Flash Photo Gallery <= 0.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b57fbe8-0c8d-4ddb-8768-03ed354b2d21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flash-photo-gallery/" + google-query: inurl:"/wp-content/plugins/flash-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flash-photo-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flash-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flash-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flash-video-player-e36d4622c7c94ab3537e4da3e23c5c2d.yaml b/nuclei-templates/cve-less/plugins/flash-video-player-e36d4622c7c94ab3537e4da3e23c5c2d.yaml new file mode 100644 index 0000000000..18d14383b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flash-video-player-e36d4622c7c94ab3537e4da3e23c5c2d.yaml @@ -0,0 +1,58 @@ +id: flash-video-player-e36d4622c7c94ab3537e4da3e23c5c2d + +info: + name: > + Flash Video Player <= 5.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d3bb015-5a01-4450-80d3-c37d5d7d8926?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flash-video-player/" + google-query: inurl:"/wp-content/plugins/flash-video-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flash-video-player,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flash-video-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flash-video-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flat-preloader-18d1a7d6e453e6e958428b87d731de75.yaml b/nuclei-templates/cve-less/plugins/flat-preloader-18d1a7d6e453e6e958428b87d731de75.yaml new file mode 100644 index 0000000000..51586f5b57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flat-preloader-18d1a7d6e453e6e958428b87d731de75.yaml @@ -0,0 +1,58 @@ +id: flat-preloader-18d1a7d6e453e6e958428b87d731de75 + +info: + name: > + Flat Preloader <= 1.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2a61a12-df0c-47a2-ba39-b70dbfaddf0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flat-preloader/" + google-query: inurl:"/wp-content/plugins/flat-preloader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flat-preloader,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flat-preloader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flat-preloader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flat-preloader-49a588fa69586f2484ce1bba5358bbd9.yaml b/nuclei-templates/cve-less/plugins/flat-preloader-49a588fa69586f2484ce1bba5358bbd9.yaml new file mode 100644 index 0000000000..98bec5d344 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flat-preloader-49a588fa69586f2484ce1bba5358bbd9.yaml @@ -0,0 +1,58 @@ +id: flat-preloader-49a588fa69586f2484ce1bba5358bbd9 + +info: + name: > + Flat Preloader < 1.5.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1832b11a-0706-438a-9a25-d384ac49d2bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flat-preloader/" + google-query: inurl:"/wp-content/plugins/flat-preloader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flat-preloader,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flat-preloader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flat-preloader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flatpm-wp-783b91bae7d265f558a1870f59bc1ef0.yaml b/nuclei-templates/cve-less/plugins/flatpm-wp-783b91bae7d265f558a1870f59bc1ef0.yaml new file mode 100644 index 0000000000..4fd57d77a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flatpm-wp-783b91bae7d265f558a1870f59bc1ef0.yaml @@ -0,0 +1,58 @@ +id: flatpm-wp-783b91bae7d265f558a1870f59bc1ef0 + +info: + name: > + FlatPM < 3.1.05 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ae9640f-b088-4d9f-9ced-6bf7940345a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flatpm-wp/" + google-query: inurl:"/wp-content/plugins/flatpm-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flatpm-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flatpm-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flatpm-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flatpm-wp-b7ea054dad22d02b62197c8fa3fba822.yaml b/nuclei-templates/cve-less/plugins/flatpm-wp-b7ea054dad22d02b62197c8fa3fba822.yaml new file mode 100644 index 0000000000..41e9528945 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flatpm-wp-b7ea054dad22d02b62197c8fa3fba822.yaml @@ -0,0 +1,58 @@ +id: flatpm-wp-b7ea054dad22d02b62197c8fa3fba822 + +info: + name: > + Flat PM <= 2.661 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a15fd2da-5897-4eb8-81c3-79e800e94122?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flatpm-wp/" + google-query: inurl:"/wp-content/plugins/flatpm-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flatpm-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flatpm-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flatpm-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.661') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flattr-466a1f62f3b9e3cbc883b22ebc0c11de.yaml b/nuclei-templates/cve-less/plugins/flattr-466a1f62f3b9e3cbc883b22ebc0c11de.yaml new file mode 100644 index 0000000000..cf2a38959e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flattr-466a1f62f3b9e3cbc883b22ebc0c11de.yaml @@ -0,0 +1,58 @@ +id: flattr-466a1f62f3b9e3cbc883b22ebc0c11de + +info: + name: > + Flattr <= 1.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52f98de0-ad91-4b5a-91ef-6fe705f2bf60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flattr/" + google-query: inurl:"/wp-content/plugins/flattr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flattr,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flattr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flattr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexi-8180b2e535d97180306ef769873324d8.yaml b/nuclei-templates/cve-less/plugins/flexi-8180b2e535d97180306ef769873324d8.yaml new file mode 100644 index 0000000000..46624c410a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexi-8180b2e535d97180306ef769873324d8.yaml @@ -0,0 +1,58 @@ +id: flexi-8180b2e535d97180306ef769873324d8 + +info: + name: > + Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e7a78e1-8c1a-4fb4-9959-d8fb7f9ee917?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexi/" + google-query: inurl:"/wp-content/plugins/flexi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexi,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexi-quote-rotator-13464676c956740d86ef6b835803b913.yaml b/nuclei-templates/cve-less/plugins/flexi-quote-rotator-13464676c956740d86ef6b835803b913.yaml new file mode 100644 index 0000000000..e5bf6aaa93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexi-quote-rotator-13464676c956740d86ef6b835803b913.yaml @@ -0,0 +1,58 @@ +id: flexi-quote-rotator-13464676c956740d86ef6b835803b913 + +info: + name: > + Flexi Quote Rotator <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f25b355a-edeb-4d88-8419-ab0d716ec5bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexi-quote-rotator/" + google-query: inurl:"/wp-content/plugins/flexi-quote-rotator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexi-quote-rotator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexi-quote-rotator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexi-quote-rotator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexible-captcha-5ba06f6e9e576d3b96edab291a35b673.yaml b/nuclei-templates/cve-less/plugins/flexible-captcha-5ba06f6e9e576d3b96edab291a35b673.yaml new file mode 100644 index 0000000000..64617064c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexible-captcha-5ba06f6e9e576d3b96edab291a35b673.yaml @@ -0,0 +1,58 @@ +id: flexible-captcha-5ba06f6e9e576d3b96edab291a35b673 + +info: + name: > + Flexible Captcha <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efbcac1c-854c-4521-848a-d403bc27328f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexible-captcha/" + google-query: inurl:"/wp-content/plugins/flexible-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexible-captcha,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexible-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexible-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexible-checkout-fields-313211003f16b9f4f6fba43486ffd622.yaml b/nuclei-templates/cve-less/plugins/flexible-checkout-fields-313211003f16b9f4f6fba43486ffd622.yaml new file mode 100644 index 0000000000..0092c5aed3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexible-checkout-fields-313211003f16b9f4f6fba43486ffd622.yaml @@ -0,0 +1,58 @@ +id: flexible-checkout-fields-313211003f16b9f4f6fba43486ffd622 + +info: + name: > + Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd12a952-2e99-41f7-b74c-55c2b7d8deed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexible-checkout-fields/" + google-query: inurl:"/wp-content/plugins/flexible-checkout-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexible-checkout-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexible-checkout-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexible-checkout-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexible-checkout-fields-af1c4837148181f6207e66eb6c3b9ff3.yaml b/nuclei-templates/cve-less/plugins/flexible-checkout-fields-af1c4837148181f6207e66eb6c3b9ff3.yaml new file mode 100644 index 0000000000..6251f0bac5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexible-checkout-fields-af1c4837148181f6207e66eb6c3b9ff3.yaml @@ -0,0 +1,58 @@ +id: flexible-checkout-fields-af1c4837148181f6207e66eb6c3b9ff3 + +info: + name: > + Flexible Checkout Fields for WooCommerce <= 4.1.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99e332d8-92a4-4643-a63c-3642bab0b007?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexible-checkout-fields/" + google-query: inurl:"/wp-content/plugins/flexible-checkout-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexible-checkout-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexible-checkout-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexible-checkout-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexible-custom-post-type-9fb1e67eb818f983f8dbfc23b2a0c064.yaml b/nuclei-templates/cve-less/plugins/flexible-custom-post-type-9fb1e67eb818f983f8dbfc23b2a0c064.yaml new file mode 100644 index 0000000000..d95bb8ba5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexible-custom-post-type-9fb1e67eb818f983f8dbfc23b2a0c064.yaml @@ -0,0 +1,58 @@ +id: flexible-custom-post-type-9fb1e67eb818f983f8dbfc23b2a0c064 + +info: + name: > + Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd8f5406-bbd2-44ab-9d98-3857216efc28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexible-custom-post-type/" + google-query: inurl:"/wp-content/plugins/flexible-custom-post-type/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexible-custom-post-type,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexible-custom-post-type/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexible-custom-post-type" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexible-elementor-panel-7dea148c446a704ce10e41cb5e2e70c3.yaml b/nuclei-templates/cve-less/plugins/flexible-elementor-panel-7dea148c446a704ce10e41cb5e2e70c3.yaml new file mode 100644 index 0000000000..5c3787777a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexible-elementor-panel-7dea148c446a704ce10e41cb5e2e70c3.yaml @@ -0,0 +1,58 @@ +id: flexible-elementor-panel-7dea148c446a704ce10e41cb5e2e70c3 + +info: + name: > + Flexible Elementor Panel <= 2.3.8 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e5381fe-940b-404e-b2f2-1fd1c4ee5d78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexible-elementor-panel/" + google-query: inurl:"/wp-content/plugins/flexible-elementor-panel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexible-elementor-panel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexible-elementor-panel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexible-elementor-panel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexible-shipping-cb1263fe7cf23ae55fdda5b42af76fdf.yaml b/nuclei-templates/cve-less/plugins/flexible-shipping-cb1263fe7cf23ae55fdda5b42af76fdf.yaml new file mode 100644 index 0000000000..51a969e8f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexible-shipping-cb1263fe7cf23ae55fdda5b42af76fdf.yaml @@ -0,0 +1,58 @@ +id: flexible-shipping-cb1263fe7cf23ae55fdda5b42af76fdf + +info: + name: > + Flexible Shipping <= 4.24.15 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb879587-6210-4e23-8f02-9ce93a271962?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexible-shipping/" + google-query: inurl:"/wp-content/plugins/flexible-shipping/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexible-shipping,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexible-shipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexible-shipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.24.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexible-shipping-ups-6b12163f0814856a86494d984e656633.yaml b/nuclei-templates/cve-less/plugins/flexible-shipping-ups-6b12163f0814856a86494d984e656633.yaml new file mode 100644 index 0000000000..e564bd1a98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexible-shipping-ups-6b12163f0814856a86494d984e656633.yaml @@ -0,0 +1,58 @@ +id: flexible-shipping-ups-6b12163f0814856a86494d984e656633 + +info: + name: > + WooCommerce UPS Shipping – Live Rates and Access Points <= 2.2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2183a22-fba5-48d2-a68a-6914f04fb902?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexible-shipping-ups/" + google-query: inurl:"/wp-content/plugins/flexible-shipping-ups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexible-shipping-ups,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexible-shipping-ups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexible-shipping-ups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexible-shipping-usps-4e5d4a35614ae6a4ee59ec1f48b231d3.yaml b/nuclei-templates/cve-less/plugins/flexible-shipping-usps-4e5d4a35614ae6a4ee59ec1f48b231d3.yaml new file mode 100644 index 0000000000..bbe41a0a6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexible-shipping-usps-4e5d4a35614ae6a4ee59ec1f48b231d3.yaml @@ -0,0 +1,58 @@ +id: flexible-shipping-usps-4e5d4a35614ae6a4ee59ec1f48b231d3 + +info: + name: > + USPS Shipping for WooCommerce – Live Rates <= 1.9.4 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0da1ed2-3ffc-4da8-a8b4-8f5544ed157b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexible-shipping-usps/" + google-query: inurl:"/wp-content/plugins/flexible-shipping-usps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexible-shipping-usps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexible-shipping-usps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexible-shipping-usps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexible-shipping-usps-addd443476959ed1e0edf984e54a6c38.yaml b/nuclei-templates/cve-less/plugins/flexible-shipping-usps-addd443476959ed1e0edf984e54a6c38.yaml new file mode 100644 index 0000000000..3452379100 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexible-shipping-usps-addd443476959ed1e0edf984e54a6c38.yaml @@ -0,0 +1,58 @@ +id: flexible-shipping-usps-addd443476959ed1e0edf984e54a6c38 + +info: + name: > + USPS Shipping for WooCommerce – Live Rates <= 1.9.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4083d48-a1a8-4ab7-a67f-308bbbbcb4d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexible-shipping-usps/" + google-query: inurl:"/wp-content/plugins/flexible-shipping-usps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexible-shipping-usps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexible-shipping-usps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexible-shipping-usps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flexible-woocommerce-checkout-field-editor-40dad92f1e274f70a2212adefbc68e38.yaml b/nuclei-templates/cve-less/plugins/flexible-woocommerce-checkout-field-editor-40dad92f1e274f70a2212adefbc68e38.yaml new file mode 100644 index 0000000000..6b2770c411 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flexible-woocommerce-checkout-field-editor-40dad92f1e274f70a2212adefbc68e38.yaml @@ -0,0 +1,58 @@ +id: flexible-woocommerce-checkout-field-editor-40dad92f1e274f70a2212adefbc68e38 + +info: + name: > + Flexible Woocommerce Checkout Field Editor <= 2.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5947f7cb-de84-4a62-bef7-cbeb1f20bb72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flexible-woocommerce-checkout-field-editor/" + google-query: inurl:"/wp-content/plugins/flexible-woocommerce-checkout-field-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flexible-woocommerce-checkout-field-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flexible-woocommerce-checkout-field-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flexible-woocommerce-checkout-field-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flickr-justified-gallery-43150c91e86c385735f6eec13fd0a597.yaml b/nuclei-templates/cve-less/plugins/flickr-justified-gallery-43150c91e86c385735f6eec13fd0a597.yaml new file mode 100644 index 0000000000..68c99a9fbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flickr-justified-gallery-43150c91e86c385735f6eec13fd0a597.yaml @@ -0,0 +1,58 @@ +id: flickr-justified-gallery-43150c91e86c385735f6eec13fd0a597 + +info: + name: > + Flickr Justified Gallery < 3.4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43e72eef-4e66-4789-959b-163c9cbea584?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flickr-justified-gallery/" + google-query: inurl:"/wp-content/plugins/flickr-justified-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flickr-justified-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flickr-justified-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flickr-justified-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flickr-justified-gallery-601901ac64242d401542d9abeeaae03f.yaml b/nuclei-templates/cve-less/plugins/flickr-justified-gallery-601901ac64242d401542d9abeeaae03f.yaml new file mode 100644 index 0000000000..256e7ca888 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flickr-justified-gallery-601901ac64242d401542d9abeeaae03f.yaml @@ -0,0 +1,58 @@ +id: flickr-justified-gallery-601901ac64242d401542d9abeeaae03f + +info: + name: > + Flickr Justified Gallery <= 3.5 - Cross-Site Request Forgery via fjgwpp_settings() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76a1d39e-8d69-4507-b75c-d376a2122d15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flickr-justified-gallery/" + google-query: inurl:"/wp-content/plugins/flickr-justified-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flickr-justified-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flickr-justified-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flickr-justified-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flickr-picture-backup-f8ecc349c28ee0e39936813fba025244.yaml b/nuclei-templates/cve-less/plugins/flickr-picture-backup-f8ecc349c28ee0e39936813fba025244.yaml new file mode 100644 index 0000000000..e1dec4d668 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flickr-picture-backup-f8ecc349c28ee0e39936813fba025244.yaml @@ -0,0 +1,58 @@ +id: flickr-picture-backup-f8ecc349c28ee0e39936813fba025244 + +info: + name: > + flickr-picture-backup <= 0.7 - Arbitrary file upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4240c04b-cad3-496f-b12f-7718bb498fe0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flickr-picture-backup/" + google-query: inurl:"/wp-content/plugins/flickr-picture-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flickr-picture-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flickr-picture-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flickr-picture-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flickr-rss-0e4fc74efc949999cf345512b761619e.yaml b/nuclei-templates/cve-less/plugins/flickr-rss-0e4fc74efc949999cf345512b761619e.yaml new file mode 100644 index 0000000000..608c427665 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flickr-rss-0e4fc74efc949999cf345512b761619e.yaml @@ -0,0 +1,58 @@ +id: flickr-rss-0e4fc74efc949999cf345512b761619e + +info: + name: > + flickrRSS <= 5.3.1 - Cross-Site Scripting via flickrRSS_id + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b90503b-6186-48b5-a85a-3602f318872e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flickr-rss/" + google-query: inurl:"/wp-content/plugins/flickr-rss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flickr-rss,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flickr-rss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flickr-rss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flickr-rss-3bc9ed0b3cbfe53ac89e5748fc0bf57c.yaml b/nuclei-templates/cve-less/plugins/flickr-rss-3bc9ed0b3cbfe53ac89e5748fc0bf57c.yaml new file mode 100644 index 0000000000..fcb2a8f131 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flickr-rss-3bc9ed0b3cbfe53ac89e5748fc0bf57c.yaml @@ -0,0 +1,58 @@ +id: flickr-rss-3bc9ed0b3cbfe53ac89e5748fc0bf57c + +info: + name: > + flickrRSS <= 5.3.1 - Cross-Site Scripting via flickrRSS_tags + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8a598cf-bdd6-4249-a367-e3e8c6e3ef15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flickr-rss/" + google-query: inurl:"/wp-content/plugins/flickr-rss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flickr-rss,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flickr-rss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flickr-rss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flickr-rss-4f5e1d138ae43eaa500111874f55d52e.yaml b/nuclei-templates/cve-less/plugins/flickr-rss-4f5e1d138ae43eaa500111874f55d52e.yaml new file mode 100644 index 0000000000..afae885919 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flickr-rss-4f5e1d138ae43eaa500111874f55d52e.yaml @@ -0,0 +1,58 @@ +id: flickr-rss-4f5e1d138ae43eaa500111874f55d52e + +info: + name: > + flickrRSS <= 5.3.1 - Cross-Site Scripting via flickrRSS_set + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8f91e58-942c-417f-ad82-5bd99ab5e81a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flickr-rss/" + google-query: inurl:"/wp-content/plugins/flickr-rss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flickr-rss,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flickr-rss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flickr-rss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flickr-rss-ab05255cd8fd175d06143e7aa3177450.yaml b/nuclei-templates/cve-less/plugins/flickr-rss-ab05255cd8fd175d06143e7aa3177450.yaml new file mode 100644 index 0000000000..66fff3aeca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flickr-rss-ab05255cd8fd175d06143e7aa3177450.yaml @@ -0,0 +1,58 @@ +id: flickr-rss-ab05255cd8fd175d06143e7aa3177450 + +info: + name: > + flickrRSS <= 5.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68cc2aec-f21d-482d-a8bd-bbc60f593cb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flickr-rss/" + google-query: inurl:"/wp-content/plugins/flickr-rss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flickr-rss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flickr-rss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flickr-rss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flight-search-widget-blocks-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/flight-search-widget-blocks-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..edfbad9d39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flight-search-widget-blocks-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: flight-search-widget-blocks-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flight-search-widget-blocks/" + google-query: inurl:"/wp-content/plugins/flight-search-widget-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flight-search-widget-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flight-search-widget-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flight-search-widget-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flightlog-019716f1cdfed62fc1f8666dedb59747.yaml b/nuclei-templates/cve-less/plugins/flightlog-019716f1cdfed62fc1f8666dedb59747.yaml new file mode 100644 index 0000000000..b4834b1b36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flightlog-019716f1cdfed62fc1f8666dedb59747.yaml @@ -0,0 +1,58 @@ +id: flightlog-019716f1cdfed62fc1f8666dedb59747 + +info: + name: > + FlightLog <= 3.0.2 - Authenticated (Editor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60b16755-ac0e-4069-b21a-cca003fecbdc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flightlog/" + google-query: inurl:"/wp-content/plugins/flightlog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flightlog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flightlog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flightlog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flo-forms-31993563048effdc0827881e9344d84c.yaml b/nuclei-templates/cve-less/plugins/flo-forms-31993563048effdc0827881e9344d84c.yaml new file mode 100644 index 0000000000..ab67aa9eb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flo-forms-31993563048effdc0827881e9344d84c.yaml @@ -0,0 +1,58 @@ +id: flo-forms-31993563048effdc0827881e9344d84c + +info: + name: > + Flo Forms <= 1.0.41 - Missing Authorization via flo_send_test_email + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04401d7e-996d-4b46-b391-bfb0b065900b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flo-forms/" + google-query: inurl:"/wp-content/plugins/flo-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flo-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flo-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flo-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flo-forms-bbbaa8f4798af45f432fee689b1a5feb.yaml b/nuclei-templates/cve-less/plugins/flo-forms-bbbaa8f4798af45f432fee689b1a5feb.yaml new file mode 100644 index 0000000000..d1aa0cb1b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flo-forms-bbbaa8f4798af45f432fee689b1a5feb.yaml @@ -0,0 +1,58 @@ +id: flo-forms-bbbaa8f4798af45f432fee689b1a5feb + +info: + name: > + Flo Forms <= 1.0.40 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bdd35d61-0777-4e64-8a51-55fe928e75ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flo-forms/" + google-query: inurl:"/wp-content/plugins/flo-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flo-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flo-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flo-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flo-forms-ec6ef7f01d456e74c1ef5bcee54d14d6.yaml b/nuclei-templates/cve-less/plugins/flo-forms-ec6ef7f01d456e74c1ef5bcee54d14d6.yaml new file mode 100644 index 0000000000..9a53e8d3f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flo-forms-ec6ef7f01d456e74c1ef5bcee54d14d6.yaml @@ -0,0 +1,58 @@ +id: flo-forms-ec6ef7f01d456e74c1ef5bcee54d14d6 + +info: + name: > + Flo Forms – Easy Drag & Drop Form Builder <= 1.0.35 - Options Change to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a175e103-ab89-404b-8736-94d0d93d6cf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flo-forms/" + google-query: inurl:"/wp-content/plugins/flo-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flo-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flo-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flo-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flo-launch-9447e0c2ffa1a53245e3f3fb0bac226a.yaml b/nuclei-templates/cve-less/plugins/flo-launch-9447e0c2ffa1a53245e3f3fb0bac226a.yaml new file mode 100644 index 0000000000..5d84dae2f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flo-launch-9447e0c2ffa1a53245e3f3fb0bac226a.yaml @@ -0,0 +1,58 @@ +id: flo-launch-9447e0c2ffa1a53245e3f3fb0bac226a + +info: + name: > + FloLaunch <= 2.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdd2919-396b-41ff-ae92-1b6fee5c6f5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flo-launch/" + google-query: inurl:"/wp-content/plugins/flo-launch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flo-launch,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flo-launch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flo-launch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/float-menu-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/float-menu-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..9d37802641 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/float-menu-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: float-menu-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/float-menu/" + google-query: inurl:"/wp-content/plugins/float-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,float-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/float-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "float-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/float-menu-5fb9bec95a707650ef979fd037b97227.yaml b/nuclei-templates/cve-less/plugins/float-menu-5fb9bec95a707650ef979fd037b97227.yaml new file mode 100644 index 0000000000..518afe4b38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/float-menu-5fb9bec95a707650ef979fd037b97227.yaml @@ -0,0 +1,58 @@ +id: float-menu-5fb9bec95a707650ef979fd037b97227 + +info: + name: > + Float menu <= 5.0.2 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b6739b5-0df4-49b2-a655-4f0cff5886b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/float-menu/" + google-query: inurl:"/wp-content/plugins/float-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,float-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/float-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "float-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/float-menu-c5eebb4553286e34a5dfcc1fcfb216a1.yaml b/nuclei-templates/cve-less/plugins/float-menu-c5eebb4553286e34a5dfcc1fcfb216a1.yaml new file mode 100644 index 0000000000..0b1c94da64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/float-menu-c5eebb4553286e34a5dfcc1fcfb216a1.yaml @@ -0,0 +1,58 @@ +id: float-menu-c5eebb4553286e34a5dfcc1fcfb216a1 + +info: + name: > + Float menu – awesome floating side menu <= 6.0 - Cross-Site Request Forgery to Menu Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2959ae2f-ef16-45d8-920f-56b141ad955e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/float-menu/" + google-query: inurl:"/wp-content/plugins/float-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,float-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/float-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "float-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/float-menu-cfe127cd973bbf2d8609c8c59c7606df.yaml b/nuclei-templates/cve-less/plugins/float-menu-cfe127cd973bbf2d8609c8c59c7606df.yaml new file mode 100644 index 0000000000..a87a2b7b64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/float-menu-cfe127cd973bbf2d8609c8c59c7606df.yaml @@ -0,0 +1,58 @@ +id: float-menu-cfe127cd973bbf2d8609c8c59c7606df + +info: + name: > + Float Menu <= 4.3 - Arbitrary Menu Deletion via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b15a2ddb-ed74-4ac3-8cfb-e8553dad90d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/float-menu/" + google-query: inurl:"/wp-content/plugins/float-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,float-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/float-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "float-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/float-to-top-button-402db9fc1f91d6a610e9186418e3f339.yaml b/nuclei-templates/cve-less/plugins/float-to-top-button-402db9fc1f91d6a610e9186418e3f339.yaml new file mode 100644 index 0000000000..31e4a5a211 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/float-to-top-button-402db9fc1f91d6a610e9186418e3f339.yaml @@ -0,0 +1,58 @@ +id: float-to-top-button-402db9fc1f91d6a610e9186418e3f339 + +info: + name: > + Float to Top Button <= 2.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70fee28f-7a2b-4d57-9fca-04a805dca3f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/float-to-top-button/" + google-query: inurl:"/wp-content/plugins/float-to-top-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,float-to-top-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/float-to-top-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "float-to-top-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/floating-action-button-9d446cc2ded70f849208be8a7ce22b70.yaml b/nuclei-templates/cve-less/plugins/floating-action-button-9d446cc2ded70f849208be8a7ce22b70.yaml new file mode 100644 index 0000000000..6ced02329f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/floating-action-button-9d446cc2ded70f849208be8a7ce22b70.yaml @@ -0,0 +1,58 @@ +id: floating-action-button-9d446cc2ded70f849208be8a7ce22b70 + +info: + name: > + Floating Action Button <= <=1.2.1 - Cross-Site Request Forgery to Settings Modification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14bf654e-c4f1-4267-811e-6d796c14834a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/floating-action-button/" + google-query: inurl:"/wp-content/plugins/floating-action-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,floating-action-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/floating-action-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "floating-action-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/floating-button-ef334e622eec391697c0d5a0070dc0e8.yaml b/nuclei-templates/cve-less/plugins/floating-button-ef334e622eec391697c0d5a0070dc0e8.yaml new file mode 100644 index 0000000000..178710d646 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/floating-button-ef334e622eec391697c0d5a0070dc0e8.yaml @@ -0,0 +1,58 @@ +id: floating-button-ef334e622eec391697c0d5a0070dc0e8 + +info: + name: > + Floating Button <= 6.0 - Cross-Site Request Forgery via process_bulk_action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20151f80-c25f-482e-a2b0-34607dba9d1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/floating-button/" + google-query: inurl:"/wp-content/plugins/floating-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,floating-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/floating-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "floating-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/floating-cart-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/floating-cart-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..ac1f2644bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/floating-cart-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: floating-cart-xforwc-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/floating-cart-xforwc/" + google-query: inurl:"/wp-content/plugins/floating-cart-xforwc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,floating-cart-xforwc,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/floating-cart-xforwc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "floating-cart-xforwc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/floating-div-f7eaf9b938a6df4b39be6616b2432caf.yaml b/nuclei-templates/cve-less/plugins/floating-div-f7eaf9b938a6df4b39be6616b2432caf.yaml new file mode 100644 index 0000000000..193520d395 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/floating-div-f7eaf9b938a6df4b39be6616b2432caf.yaml @@ -0,0 +1,58 @@ +id: floating-div-f7eaf9b938a6df4b39be6616b2432caf + +info: + name: > + Floating Div <= 3.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa63a325-9e0e-4ce2-996d-37a0637b0471?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/floating-div/" + google-query: inurl:"/wp-content/plugins/floating-div/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,floating-div,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/floating-div/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "floating-div" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/floating-social-bar-6a69a2fa108e4cf956a3388af5834004.yaml b/nuclei-templates/cve-less/plugins/floating-social-bar-6a69a2fa108e4cf956a3388af5834004.yaml new file mode 100644 index 0000000000..c33d76713a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/floating-social-bar-6a69a2fa108e4cf956a3388af5834004.yaml @@ -0,0 +1,58 @@ +id: floating-social-bar-6a69a2fa108e4cf956a3388af5834004 + +info: + name: > + Floating Social Bar <= 1.1.6 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d1e9de3-da94-4f90-b72a-b38d5d131246?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/floating-social-bar/" + google-query: inurl:"/wp-content/plugins/floating-social-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,floating-social-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/floating-social-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "floating-social-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/floating-social-bar-6f67eba72e7035f4406a73d70218218a.yaml b/nuclei-templates/cve-less/plugins/floating-social-bar-6f67eba72e7035f4406a73d70218218a.yaml new file mode 100644 index 0000000000..0999e7924f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/floating-social-bar-6f67eba72e7035f4406a73d70218218a.yaml @@ -0,0 +1,58 @@ +id: floating-social-bar-6f67eba72e7035f4406a73d70218218a + +info: + name: > + Floating Social Bar < 1.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd1a98d4-bf67-4678-b30b-ca13e63c665a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/floating-social-bar/" + google-query: inurl:"/wp-content/plugins/floating-social-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,floating-social-bar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/floating-social-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "floating-social-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/floating-social-media-icon-3b1c84fb06bbfd928bb6bd8a2dc656bc.yaml b/nuclei-templates/cve-less/plugins/floating-social-media-icon-3b1c84fb06bbfd928bb6bd8a2dc656bc.yaml new file mode 100644 index 0000000000..373c982de7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/floating-social-media-icon-3b1c84fb06bbfd928bb6bd8a2dc656bc.yaml @@ -0,0 +1,58 @@ +id: floating-social-media-icon-3b1c84fb06bbfd928bb6bd8a2dc656bc + +info: + name: > + Social Media Flying Icons | Floating Social Media Icon <= 4.3.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e86ab1ea-5b3c-4a14-9de1-3bae14f587c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/floating-social-media-icon/" + google-query: inurl:"/wp-content/plugins/floating-social-media-icon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,floating-social-media-icon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/floating-social-media-icon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "floating-social-media-icon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flog-59446fd68b7784d882498e25f909137d.yaml b/nuclei-templates/cve-less/plugins/flog-59446fd68b7784d882498e25f909137d.yaml new file mode 100644 index 0000000000..0b2c8cd6c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flog-59446fd68b7784d882498e25f909137d.yaml @@ -0,0 +1,58 @@ +id: flog-59446fd68b7784d882498e25f909137d + +info: + name: > + Flog <= 0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be16c229-1092-4090-83bc-38e42f6377b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flog/" + google-query: inurl:"/wp-content/plugins/flog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flog,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flower-delivery-by-florist-one-4d590f8cfc3cb04affd33a6ac18e5217.yaml b/nuclei-templates/cve-less/plugins/flower-delivery-by-florist-one-4d590f8cfc3cb04affd33a6ac18e5217.yaml new file mode 100644 index 0000000000..924759ba3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flower-delivery-by-florist-one-4d590f8cfc3cb04affd33a6ac18e5217.yaml @@ -0,0 +1,58 @@ +id: flower-delivery-by-florist-one-4d590f8cfc3cb04affd33a6ac18e5217 + +info: + name: > + Flower Delivery by Florist One <= 3.5.8 - (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0ba19a2-0a30-4346-88a2-d1166ab13388?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flower-delivery-by-florist-one/" + google-query: inurl:"/wp-content/plugins/flower-delivery-by-florist-one/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flower-delivery-by-florist-one,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flower-delivery-by-florist-one/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flower-delivery-by-florist-one" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flowfact-wp-connector-a645bae2135580862fc251332e7ccf27.yaml b/nuclei-templates/cve-less/plugins/flowfact-wp-connector-a645bae2135580862fc251332e7ccf27.yaml new file mode 100644 index 0000000000..7488cf7c3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flowfact-wp-connector-a645bae2135580862fc251332e7ccf27.yaml @@ -0,0 +1,58 @@ +id: flowfact-wp-connector-a645bae2135580862fc251332e7ccf27 + +info: + name: > + FLOWFACT WP Connector <= 2.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4b61b5b-e5e8-41d4-bf37-d9427a204ea6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flowfact-wp-connector/" + google-query: inurl:"/wp-content/plugins/flowfact-wp-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flowfact-wp-connector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flowfact-wp-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flowfact-wp-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flowpaper-lite-pdf-flipbook-652d56be5b505867587dc16b9cc45713.yaml b/nuclei-templates/cve-less/plugins/flowpaper-lite-pdf-flipbook-652d56be5b505867587dc16b9cc45713.yaml new file mode 100644 index 0000000000..884f0045fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flowpaper-lite-pdf-flipbook-652d56be5b505867587dc16b9cc45713.yaml @@ -0,0 +1,58 @@ +id: flowpaper-lite-pdf-flipbook-652d56be5b505867587dc16b9cc45713 + +info: + name: > + flowpaper <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e59b75cf-491a-4894-8a4a-567832b47048?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flowpaper-lite-pdf-flipbook/" + google-query: inurl:"/wp-content/plugins/flowpaper-lite-pdf-flipbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flowpaper-lite-pdf-flipbook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flowpaper-lite-pdf-flipbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flowpaper-lite-pdf-flipbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flowpaper-lite-pdf-flipbook-d7435fb5e236cc613a20b63eff30b011.yaml b/nuclei-templates/cve-less/plugins/flowpaper-lite-pdf-flipbook-d7435fb5e236cc613a20b63eff30b011.yaml new file mode 100644 index 0000000000..dab55d1f95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flowpaper-lite-pdf-flipbook-d7435fb5e236cc613a20b63eff30b011.yaml @@ -0,0 +1,58 @@ +id: flowpaper-lite-pdf-flipbook-d7435fb5e236cc613a20b63eff30b011 + +info: + name: > + flowpaper <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31d6288d-87f0-4822-b3f4-541f70cf99fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flowpaper-lite-pdf-flipbook/" + google-query: inurl:"/wp-content/plugins/flowpaper-lite-pdf-flipbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flowpaper-lite-pdf-flipbook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flowpaper-lite-pdf-flipbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flowpaper-lite-pdf-flipbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flowplayer6-video-player-91cbfc58418f178a67da5f57d5fe8aa8.yaml b/nuclei-templates/cve-less/plugins/flowplayer6-video-player-91cbfc58418f178a67da5f57d5fe8aa8.yaml new file mode 100644 index 0000000000..b6a1fe8ffa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flowplayer6-video-player-91cbfc58418f178a67da5f57d5fe8aa8.yaml @@ -0,0 +1,58 @@ +id: flowplayer6-video-player-91cbfc58418f178a67da5f57d5fe8aa8 + +info: + name: > + Flowerplayer Video Player <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21d0af22-ecce-4533-ba5d-46d6f49fff52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flowplayer6-video-player/" + google-query: inurl:"/wp-content/plugins/flowplayer6-video-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flowplayer6-video-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flowplayer6-video-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flowplayer6-video-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluent-crm-2021aef7227818f1c21db36c31bdbd79.yaml b/nuclei-templates/cve-less/plugins/fluent-crm-2021aef7227818f1c21db36c31bdbd79.yaml new file mode 100644 index 0000000000..d5ba19532b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluent-crm-2021aef7227818f1c21db36c31bdbd79.yaml @@ -0,0 +1,58 @@ +id: fluent-crm-2021aef7227818f1c21db36c31bdbd79 + +info: + name: > + Fluent CRM <= 2.8.44 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35b1853f-0c19-4fc8-8878-9e8a9330f76a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluent-crm/" + google-query: inurl:"/wp-content/plugins/fluent-crm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluent-crm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluent-crm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluent-crm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluent-crm-bb26b6ff3e85d19e956ebfa35e2cc95c.yaml b/nuclei-templates/cve-less/plugins/fluent-crm-bb26b6ff3e85d19e956ebfa35e2cc95c.yaml new file mode 100644 index 0000000000..5b5e9f648f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluent-crm-bb26b6ff3e85d19e956ebfa35e2cc95c.yaml @@ -0,0 +1,58 @@ +id: fluent-crm-bb26b6ff3e85d19e956ebfa35e2cc95c + +info: + name: > + FluentCRM - Marketing Automation For WordPress <= 2.8.01 - Insufficient Use of Hash as Authorization Control + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de6da87e-8f7d-4120-8a1b-390ef7733d84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluent-crm/" + google-query: inurl:"/wp-content/plugins/fluent-crm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluent-crm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluent-crm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluent-crm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluent-security-09c9894def0e25d05735b59cb11535d0.yaml b/nuclei-templates/cve-less/plugins/fluent-security-09c9894def0e25d05735b59cb11535d0.yaml new file mode 100644 index 0000000000..2518325e06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluent-security-09c9894def0e25d05735b59cb11535d0.yaml @@ -0,0 +1,58 @@ +id: fluent-security-09c9894def0e25d05735b59cb11535d0 + +info: + name: > + FluentAuth <= 1.0.1 - IP Spoofing to Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b4f563c-a17b-4d69-9e94-7287da976e85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluent-security/" + google-query: inurl:"/wp-content/plugins/fluent-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluent-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluent-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluent-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluent-smtp-a0c235af0e0f30fc06e113ce304c9fbb.yaml b/nuclei-templates/cve-less/plugins/fluent-smtp-a0c235af0e0f30fc06e113ce304c9fbb.yaml new file mode 100644 index 0000000000..5738cca94e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluent-smtp-a0c235af0e0f30fc06e113ce304c9fbb.yaml @@ -0,0 +1,58 @@ +id: fluent-smtp-a0c235af0e0f30fc06e113ce304c9fbb + +info: + name: > + FluentSMTP <= 2.2.4 - Unauthenticated Stored Cross-Site Scripting via Email Subject + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa47a794-e5ce-491d-a10b-c7c5718aa853?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluent-smtp/" + google-query: inurl:"/wp-content/plugins/fluent-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluent-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluent-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluent-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluent-smtp-b77eedd011caf310b24c6086fb4f9f02.yaml b/nuclei-templates/cve-less/plugins/fluent-smtp-b77eedd011caf310b24c6086fb4f9f02.yaml new file mode 100644 index 0000000000..96614b286e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluent-smtp-b77eedd011caf310b24c6086fb4f9f02.yaml @@ -0,0 +1,58 @@ +id: fluent-smtp-b77eedd011caf310b24c6086fb4f9f02 + +info: + name: > + FluentSMTP <= 2.2.2 - Authenticated (Author+) Stored Cross-Site Scripting via Email Logs + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/803c32e9-665c-40a0-b52d-f2c0b8fbe931?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluent-smtp/" + google-query: inurl:"/wp-content/plugins/fluent-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluent-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluent-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluent-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluent-smtp-e7db547069bdcddc296155dd435cd330.yaml b/nuclei-templates/cve-less/plugins/fluent-smtp-e7db547069bdcddc296155dd435cd330.yaml new file mode 100644 index 0000000000..214dafe897 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluent-smtp-e7db547069bdcddc296155dd435cd330.yaml @@ -0,0 +1,58 @@ +id: fluent-smtp-e7db547069bdcddc296155dd435cd330 + +info: + name: > + FluentSMTP <= 2.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b99248e9-b34f-4f99-9db1-a4dc2dd45b9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluent-smtp/" + google-query: inurl:"/wp-content/plugins/fluent-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluent-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluent-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluent-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluent-support-239bba6a118f3c2dcf8340e2790b882b.yaml b/nuclei-templates/cve-less/plugins/fluent-support-239bba6a118f3c2dcf8340e2790b882b.yaml new file mode 100644 index 0000000000..eecd996f2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluent-support-239bba6a118f3c2dcf8340e2790b882b.yaml @@ -0,0 +1,58 @@ +id: fluent-support-239bba6a118f3c2dcf8340e2790b882b + +info: + name: > + Fluent Support <= 1.7.6 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8909dafa-3383-405e-a264-f0770e6714a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluent-support/" + google-query: inurl:"/wp-content/plugins/fluent-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluent-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluent-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluent-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluent-support-da98de7f074ffd80f7cb587c569cdd12.yaml b/nuclei-templates/cve-less/plugins/fluent-support-da98de7f074ffd80f7cb587c569cdd12.yaml new file mode 100644 index 0000000000..8465394d64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluent-support-da98de7f074ffd80f7cb587c569cdd12.yaml @@ -0,0 +1,58 @@ +id: fluent-support-da98de7f074ffd80f7cb587c569cdd12 + +info: + name: > + Fluent Support <= 1.5.7 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcf54e27-e2d1-4d87-8eb6-2881054b70fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluent-support/" + google-query: inurl:"/wp-content/plugins/fluent-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluent-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluent-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluent-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluentform-31bfcad1a946ead477cc4d9cae0f33ff.yaml b/nuclei-templates/cve-less/plugins/fluentform-31bfcad1a946ead477cc4d9cae0f33ff.yaml new file mode 100644 index 0000000000..9fc217bdb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluentform-31bfcad1a946ead477cc4d9cae0f33ff.yaml @@ -0,0 +1,58 @@ +id: fluentform-31bfcad1a946ead477cc4d9cae0f33ff + +info: + name: > + Fluent Forms <= 5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4050403-6b8c-4023-b170-39f3cb68583e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluentform/" + google-query: inurl:"/wp-content/plugins/fluentform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluentform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluentform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluentform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluentform-4e36da2b6076ab0fa4395c3975079942.yaml b/nuclei-templates/cve-less/plugins/fluentform-4e36da2b6076ab0fa4395c3975079942.yaml new file mode 100644 index 0000000000..2e6a523a3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluentform-4e36da2b6076ab0fa4395c3975079942.yaml @@ -0,0 +1,58 @@ +id: fluentform-4e36da2b6076ab0fa4395c3975079942 + +info: + name: > + WP Fluent Forms < 3.6.67 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e039295-2ccf-450c-8f2a-d113117b9dce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluentform/" + google-query: inurl:"/wp-content/plugins/fluentform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluentform,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluentform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluentform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluentform-7505baf43f2a97f13623d8a9e01f067a.yaml b/nuclei-templates/cve-less/plugins/fluentform-7505baf43f2a97f13623d8a9e01f067a.yaml new file mode 100644 index 0000000000..287c68ec96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluentform-7505baf43f2a97f13623d8a9e01f067a.yaml @@ -0,0 +1,58 @@ +id: fluentform-7505baf43f2a97f13623d8a9e01f067a + +info: + name: > + FluentForm <= 4.3.25 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/954e7509-3ebf-429a-8c65-9825ea190d53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluentform/" + google-query: inurl:"/wp-content/plugins/fluentform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluentform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluentform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluentform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluentform-768d5a8c5da389ebb9689ad662d253aa.yaml b/nuclei-templates/cve-less/plugins/fluentform-768d5a8c5da389ebb9689ad662d253aa.yaml new file mode 100644 index 0000000000..33cc81c873 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluentform-768d5a8c5da389ebb9689ad662d253aa.yaml @@ -0,0 +1,58 @@ +id: fluentform-768d5a8c5da389ebb9689ad662d253aa + +info: + name: > + Contact Form for Plugin by Fluent Forms <= 5.0.8 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20f31e48-0dbb-498a-a400-681cacea7c9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluentform/" + google-query: inurl:"/wp-content/plugins/fluentform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluentform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluentform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluentform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluentform-875a676a20644f9b257dd61453cbe7b9.yaml b/nuclei-templates/cve-less/plugins/fluentform-875a676a20644f9b257dd61453cbe7b9.yaml new file mode 100644 index 0000000000..cab1413662 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluentform-875a676a20644f9b257dd61453cbe7b9.yaml @@ -0,0 +1,58 @@ +id: fluentform-875a676a20644f9b257dd61453cbe7b9 + +info: + name: > + Fluent Forms <= 5.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via imported form title + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0348d465-f351-4c52-b293-8b3b058292b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluentform/" + google-query: inurl:"/wp-content/plugins/fluentform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluentform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluentform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluentform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluentform-a7309b89079395b33b2cb7915ba03d32.yaml b/nuclei-templates/cve-less/plugins/fluentform-a7309b89079395b33b2cb7915ba03d32.yaml new file mode 100644 index 0000000000..5f89685abe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluentform-a7309b89079395b33b2cb7915ba03d32.yaml @@ -0,0 +1,58 @@ +id: fluentform-a7309b89079395b33b2cb7915ba03d32 + +info: + name: > + FluentForms <= 4.3.24 - Authenticated(Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b79a851-1212-4a9c-89fe-b5f2d50ec18c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluentform/" + google-query: inurl:"/wp-content/plugins/fluentform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluentform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluentform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluentform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluentform-f587eb392e2056a4aa7f3a9cfdb47c3a.yaml b/nuclei-templates/cve-less/plugins/fluentform-f587eb392e2056a4aa7f3a9cfdb47c3a.yaml new file mode 100644 index 0000000000..aa70e0f2b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluentform-f587eb392e2056a4aa7f3a9cfdb47c3a.yaml @@ -0,0 +1,58 @@ +id: fluentform-f587eb392e2056a4aa7f3a9cfdb47c3a + +info: + name: > + Contact Form Plugin by FluentForm <= 4.3.12 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e6a1af3-d53c-4e23-95d2-3b799bc10827?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluentform/" + google-query: inurl:"/wp-content/plugins/fluentform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluentform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluentform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluentform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluentforms-pdf-150204c3648be383cc7b37e155a5d6bc.yaml b/nuclei-templates/cve-less/plugins/fluentforms-pdf-150204c3648be383cc7b37e155a5d6bc.yaml new file mode 100644 index 0000000000..0bc5d5249a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluentforms-pdf-150204c3648be383cc7b37e155a5d6bc.yaml @@ -0,0 +1,58 @@ +id: fluentforms-pdf-150204c3648be383cc7b37e155a5d6bc + +info: + name: > + PDF Generator For Fluent Forms <= 1.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6675c48-43d4-4394-a4a3-f753bdaa5c4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluentforms-pdf/" + google-query: inurl:"/wp-content/plugins/fluentforms-pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluentforms-pdf,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluentforms-pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluentforms-pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluid-accessible-pager-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/fluid-accessible-pager-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..20a5d67922 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluid-accessible-pager-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: fluid-accessible-pager-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluid-accessible-pager/" + google-query: inurl:"/wp-content/plugins/fluid-accessible-pager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluid-accessible-pager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluid-accessible-pager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluid-accessible-pager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluid-accessible-rich-inline-edit-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/fluid-accessible-rich-inline-edit-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..ab8a344171 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluid-accessible-rich-inline-edit-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: fluid-accessible-rich-inline-edit-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluid-accessible-rich-inline-edit/" + google-query: inurl:"/wp-content/plugins/fluid-accessible-rich-inline-edit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluid-accessible-rich-inline-edit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluid-accessible-rich-inline-edit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluid-accessible-rich-inline-edit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluid-accessible-ui-options-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/fluid-accessible-ui-options-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..7fbd54532f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluid-accessible-ui-options-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: fluid-accessible-ui-options-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluid-accessible-ui-options/" + google-query: inurl:"/wp-content/plugins/fluid-accessible-ui-options/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluid-accessible-ui-options,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluid-accessible-ui-options/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluid-accessible-ui-options" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluid-accessible-uploader-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/fluid-accessible-uploader-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..b897f33de7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluid-accessible-uploader-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: fluid-accessible-uploader-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluid-accessible-uploader/" + google-query: inurl:"/wp-content/plugins/fluid-accessible-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluid-accessible-uploader,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluid-accessible-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluid-accessible-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluid-responsive-slideshow-656ffc00f499b97cc92334beba62fc4e.yaml b/nuclei-templates/cve-less/plugins/fluid-responsive-slideshow-656ffc00f499b97cc92334beba62fc4e.yaml new file mode 100644 index 0000000000..11f6f3425b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluid-responsive-slideshow-656ffc00f499b97cc92334beba62fc4e.yaml @@ -0,0 +1,58 @@ +id: fluid-responsive-slideshow-656ffc00f499b97cc92334beba62fc4e + +info: + name: > + Fluid Responsive Slideshow < 2.2.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9d58fde-54f6-4892-b5ed-2029593c3fa4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluid-responsive-slideshow/" + google-query: inurl:"/wp-content/plugins/fluid-responsive-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluid-responsive-slideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluid-responsive-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluid-responsive-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fluid-responsive-slideshow-bd607ad7864f2c8f03d9043c5fbd64bb.yaml b/nuclei-templates/cve-less/plugins/fluid-responsive-slideshow-bd607ad7864f2c8f03d9043c5fbd64bb.yaml new file mode 100644 index 0000000000..ffe340e63e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fluid-responsive-slideshow-bd607ad7864f2c8f03d9043c5fbd64bb.yaml @@ -0,0 +1,58 @@ +id: fluid-responsive-slideshow-bd607ad7864f2c8f03d9043c5fbd64bb + +info: + name: > + Fluid Responsive Slideshow < 2.2.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8009f10-85d0-4798-8b6b-c1e4452139af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fluid-responsive-slideshow/" + google-query: inurl:"/wp-content/plugins/fluid-responsive-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fluid-responsive-slideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fluid-responsive-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fluid-responsive-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flying-press-473a1cc0b0ec6c93a83a85cc6eeee218.yaml b/nuclei-templates/cve-less/plugins/flying-press-473a1cc0b0ec6c93a83a85cc6eeee218.yaml new file mode 100644 index 0000000000..4b9c9abdaa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flying-press-473a1cc0b0ec6c93a83a85cc6eeee218.yaml @@ -0,0 +1,58 @@ +id: flying-press-473a1cc0b0ec6c93a83a85cc6eeee218 + +info: + name: > + FlyingPress <= 3.9.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1d541b-7010-4dbf-9b1c-d59c84390065?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flying-press/" + google-query: inurl:"/wp-content/plugins/flying-press/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flying-press,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flying-press/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flying-press" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flynsarmy-iframe-shortcode-60b8d6d9997cb1264cf24cce0caa381a.yaml b/nuclei-templates/cve-less/plugins/flynsarmy-iframe-shortcode-60b8d6d9997cb1264cf24cce0caa381a.yaml new file mode 100644 index 0000000000..f51df10c9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flynsarmy-iframe-shortcode-60b8d6d9997cb1264cf24cce0caa381a.yaml @@ -0,0 +1,58 @@ +id: flynsarmy-iframe-shortcode-60b8d6d9997cb1264cf24cce0caa381a + +info: + name: > + IFrame Shortcode <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f28b1b2-e751-423e-b4c5-893778eebf3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flynsarmy-iframe-shortcode/" + google-query: inurl:"/wp-content/plugins/flynsarmy-iframe-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flynsarmy-iframe-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flynsarmy-iframe-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flynsarmy-iframe-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/flyzoo-b142fb65f777c01f09af0b6a529becd3.yaml b/nuclei-templates/cve-less/plugins/flyzoo-b142fb65f777c01f09af0b6a529becd3.yaml new file mode 100644 index 0000000000..d7549b986a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/flyzoo-b142fb65f777c01f09af0b6a529becd3.yaml @@ -0,0 +1,58 @@ +id: flyzoo-b142fb65f777c01f09af0b6a529becd3 + +info: + name: > + Flyzoo Chat <= 2.3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74ea8f1e-d6ff-4a32-b8bf-5d4c8e69433e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/flyzoo/" + google-query: inurl:"/wp-content/plugins/flyzoo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,flyzoo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/flyzoo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flyzoo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fmoblog-572454d38450937113117ff602a4e326.yaml b/nuclei-templates/cve-less/plugins/fmoblog-572454d38450937113117ff602a4e326.yaml new file mode 100644 index 0000000000..960d5f43bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fmoblog-572454d38450937113117ff602a4e326.yaml @@ -0,0 +1,58 @@ +id: fmoblog-572454d38450937113117ff602a4e326 + +info: + name: > + fMoblog <= 2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/509c881d-22bc-473f-b57b-4ec3ddf6abaf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fmoblog/" + google-query: inurl:"/wp-content/plugins/fmoblog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fmoblog,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fmoblog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fmoblog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/folders-0a3b78fadad1468caa114f49c5837f3b.yaml b/nuclei-templates/cve-less/plugins/folders-0a3b78fadad1468caa114f49c5837f3b.yaml new file mode 100644 index 0000000000..4d18f71a6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/folders-0a3b78fadad1468caa114f49c5837f3b.yaml @@ -0,0 +1,58 @@ +id: folders-0a3b78fadad1468caa114f49c5837f3b + +info: + name: > + Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/daa48b64-6f89-40be-a31f-31d1481dfc91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/folders/" + google-query: inurl:"/wp-content/plugins/folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,folders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/folders-aa05d3117d6e609391e83e8b970f2625.yaml b/nuclei-templates/cve-less/plugins/folders-aa05d3117d6e609391e83e8b970f2625.yaml new file mode 100644 index 0000000000..bb2756d253 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/folders-aa05d3117d6e609391e83e8b970f2625.yaml @@ -0,0 +1,58 @@ +id: folders-aa05d3117d6e609391e83e8b970f2625 + +info: + name: > + Folders <= 2.9.2 - Authenticated (Author+) Arbitrary File Upload in handle_folders_file_upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ab28410-76c5-43cb-b87a-c99f8867167c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/folders/" + google-query: inurl:"/wp-content/plugins/folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,folders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foliopress-wysiwyg-93eb8e1633c7ed38fbc4ff339a075742.yaml b/nuclei-templates/cve-less/plugins/foliopress-wysiwyg-93eb8e1633c7ed38fbc4ff339a075742.yaml new file mode 100644 index 0000000000..8a678a6f78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foliopress-wysiwyg-93eb8e1633c7ed38fbc4ff339a075742.yaml @@ -0,0 +1,58 @@ +id: foliopress-wysiwyg-93eb8e1633c7ed38fbc4ff339a075742 + +info: + name: > + Foliopress WYSIWYG < 2.6.8.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3908a923-1174-4cb4-a1e3-51b9d098dc29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foliopress-wysiwyg/" + google-query: inurl:"/wp-content/plugins/foliopress-wysiwyg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foliopress-wysiwyg,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foliopress-wysiwyg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foliopress-wysiwyg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/follow-me-de62fa1091876ce7733352db2cec2f12.yaml b/nuclei-templates/cve-less/plugins/follow-me-de62fa1091876ce7733352db2cec2f12.yaml new file mode 100644 index 0000000000..50e70771c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/follow-me-de62fa1091876ce7733352db2cec2f12.yaml @@ -0,0 +1,58 @@ +id: follow-me-de62fa1091876ce7733352db2cec2f12 + +info: + name: > + Follow Me Plugin <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25fab7b3-59ce-44ca-83fa-bd25b7f31af0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/follow-me/" + google-query: inurl:"/wp-content/plugins/follow-me/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,follow-me,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/follow-me/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "follow-me" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/font-awesome-4-menus-335b776cd554e8913d4f10e98e262ec0.yaml b/nuclei-templates/cve-less/plugins/font-awesome-4-menus-335b776cd554e8913d4f10e98e262ec0.yaml new file mode 100644 index 0000000000..dc06b4cc4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/font-awesome-4-menus-335b776cd554e8913d4f10e98e262ec0.yaml @@ -0,0 +1,58 @@ +id: font-awesome-4-menus-335b776cd554e8913d4f10e98e262ec0 + +info: + name: > + Font Awesome 4 Menus <= 4.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f13a1c9-db26-4243-b8ee-f25eac51afa2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/font-awesome-4-menus/" + google-query: inurl:"/wp-content/plugins/font-awesome-4-menus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,font-awesome-4-menus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/font-awesome-4-menus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "font-awesome-4-menus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/font-awesome-4-menus-bb75a2fa99f691c300cd6cf18948e14d.yaml b/nuclei-templates/cve-less/plugins/font-awesome-4-menus-bb75a2fa99f691c300cd6cf18948e14d.yaml new file mode 100644 index 0000000000..fb8ba73979 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/font-awesome-4-menus-bb75a2fa99f691c300cd6cf18948e14d.yaml @@ -0,0 +1,58 @@ +id: font-awesome-4-menus-bb75a2fa99f691c300cd6cf18948e14d + +info: + name: > + Font Awesome 4 Menus <= 4.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc59510c-6eaf-4526-8acb-c07e39923ad9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/font-awesome-4-menus/" + google-query: inurl:"/wp-content/plugins/font-awesome-4-menus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,font-awesome-4-menus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/font-awesome-4-menus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "font-awesome-4-menus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/font-awesome-7115ada113c9b929bcb0dd07d0bf9d4f.yaml b/nuclei-templates/cve-less/plugins/font-awesome-7115ada113c9b929bcb0dd07d0bf9d4f.yaml new file mode 100644 index 0000000000..63d99550e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/font-awesome-7115ada113c9b929bcb0dd07d0bf9d4f.yaml @@ -0,0 +1,58 @@ +id: font-awesome-7115ada113c9b929bcb0dd07d0bf9d4f + +info: + name: > + Font Awesome <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36759c8a-351b-448c-a79e-05465e99b4c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/font-awesome/" + google-query: inurl:"/wp-content/plugins/font-awesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,font-awesome,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/font-awesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "font-awesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/font-awesome-integration-238d49dd6e9480e47ebe9505e3055120.yaml b/nuclei-templates/cve-less/plugins/font-awesome-integration-238d49dd6e9480e47ebe9505e3055120.yaml new file mode 100644 index 0000000000..40eef857be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/font-awesome-integration-238d49dd6e9480e47ebe9505e3055120.yaml @@ -0,0 +1,58 @@ +id: font-awesome-integration-238d49dd6e9480e47ebe9505e3055120 + +info: + name: > + Font Awesome Integration <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2791f48-895f-4099-87ec-41aaac2494a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/font-awesome-integration/" + google-query: inurl:"/wp-content/plugins/font-awesome-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,font-awesome-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/font-awesome-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "font-awesome-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/font-awesome-more-icons-a57182d433f774a0b7467b555b805817.yaml b/nuclei-templates/cve-less/plugins/font-awesome-more-icons-a57182d433f774a0b7467b555b805817.yaml new file mode 100644 index 0000000000..7025832151 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/font-awesome-more-icons-a57182d433f774a0b7467b555b805817.yaml @@ -0,0 +1,58 @@ +id: font-awesome-more-icons-a57182d433f774a0b7467b555b805817 + +info: + name: > + Font Awesome More Icons <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15947764-a070-4715-bd44-cb79b62ed59d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/font-awesome-more-icons/" + google-query: inurl:"/wp-content/plugins/font-awesome-more-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,font-awesome-more-icons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/font-awesome-more-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "font-awesome-more-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/font-d9e88eed1e0b07c2c560dc1223a88aca.yaml b/nuclei-templates/cve-less/plugins/font-d9e88eed1e0b07c2c560dc1223a88aca.yaml new file mode 100644 index 0000000000..06cf0a1a1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/font-d9e88eed1e0b07c2c560dc1223a88aca.yaml @@ -0,0 +1,58 @@ +id: font-d9e88eed1e0b07c2c560dc1223a88aca + +info: + name: > + Font <= 7.5 - Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba0de040-5906-4a67-9306-7e6e65cca78f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/font/" + google-query: inurl:"/wp-content/plugins/font/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,font,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/font/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "font" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/font-farsi-bbb0e39e4c65975737c298f09a794bf6.yaml b/nuclei-templates/cve-less/plugins/font-farsi-bbb0e39e4c65975737c298f09a794bf6.yaml new file mode 100644 index 0000000000..30aad24d75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/font-farsi-bbb0e39e4c65975737c298f09a794bf6.yaml @@ -0,0 +1,58 @@ +id: font-farsi-bbb0e39e4c65975737c298f09a794bf6 + +info: + name: > + Font Farsi <= 1.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ec96107-ae41-4886-8a46-5a2d6dd62aae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/font-farsi/" + google-query: inurl:"/wp-content/plugins/font-farsi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,font-farsi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/font-farsi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "font-farsi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/font-organizer-92b1dcacf113aa7d72bfd995bd3a58b5.yaml b/nuclei-templates/cve-less/plugins/font-organizer-92b1dcacf113aa7d72bfd995bd3a58b5.yaml new file mode 100644 index 0000000000..f5437c1b76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/font-organizer-92b1dcacf113aa7d72bfd995bd3a58b5.yaml @@ -0,0 +1,58 @@ +id: font-organizer-92b1dcacf113aa7d72bfd995bd3a58b5 + +info: + name: > + Font Organizer <= 2.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3447c0ff-865c-4d94-9f33-a1824bf23794?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/font-organizer/" + google-query: inurl:"/wp-content/plugins/font-organizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,font-organizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/font-organizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "font-organizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/font-uploader-272e6d95680eac64b1944ce8c40ac5b7.yaml b/nuclei-templates/cve-less/plugins/font-uploader-272e6d95680eac64b1944ce8c40ac5b7.yaml new file mode 100644 index 0000000000..52d73419ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/font-uploader-272e6d95680eac64b1944ce8c40ac5b7.yaml @@ -0,0 +1,58 @@ +id: font-uploader-272e6d95680eac64b1944ce8c40ac5b7 + +info: + name: > + Font Uploader <= 1.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1069434a-b8cb-4e29-995d-f31b18d1843f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/font-uploader/" + google-query: inurl:"/wp-content/plugins/font-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,font-uploader,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/font-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "font-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fontific-7524f5b14f92599cfeabd0dc20123b14.yaml b/nuclei-templates/cve-less/plugins/fontific-7524f5b14f92599cfeabd0dc20123b14.yaml new file mode 100644 index 0000000000..c5f4f6336b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fontific-7524f5b14f92599cfeabd0dc20123b14.yaml @@ -0,0 +1,58 @@ +id: fontific-7524f5b14f92599cfeabd0dc20123b14 + +info: + name: > + Fontific | Google Fonts <= 0.1.6 - Cross-Site Request Forgery via ajax_fontific_save_all + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/177a2bda-6c40-4ff6-a53f-e6b2a8408d8a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fontific/" + google-query: inurl:"/wp-content/plugins/fontific/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fontific,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fontific/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fontific" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fontiran-ed8d60dbc212a2488ceb5fdf43131cd0.yaml b/nuclei-templates/cve-less/plugins/fontiran-ed8d60dbc212a2488ceb5fdf43131cd0.yaml new file mode 100644 index 0000000000..e3fe3ec4ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fontiran-ed8d60dbc212a2488ceb5fdf43131cd0.yaml @@ -0,0 +1,58 @@ +id: fontiran-ed8d60dbc212a2488ceb5fdf43131cd0 + +info: + name: > + Fontiran <= 2.1 - Missing Authorization via fi_add_rule and fi_delete_webfont_php + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/518b005d-5a5d-4fec-bb3a-1657af354ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fontiran/" + google-query: inurl:"/wp-content/plugins/fontiran/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fontiran,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fontiran/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fontiran" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fontmeister-315cb3873f38dcb4432456cd1e63a724.yaml b/nuclei-templates/cve-less/plugins/fontmeister-315cb3873f38dcb4432456cd1e63a724.yaml new file mode 100644 index 0000000000..562df0bae9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fontmeister-315cb3873f38dcb4432456cd1e63a724.yaml @@ -0,0 +1,58 @@ +id: fontmeister-315cb3873f38dcb4432456cd1e63a724 + +info: + name: > + FontMeister <= 1.08 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bd5c774-2c5b-47d5-9eae-614f2a1b8529?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fontmeister/" + google-query: inurl:"/wp-content/plugins/fontmeister/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fontmeister,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fontmeister/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fontmeister" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.08') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fontsy-f11e331f492b99109760c26e69316ddd.yaml b/nuclei-templates/cve-less/plugins/fontsy-f11e331f492b99109760c26e69316ddd.yaml new file mode 100644 index 0000000000..d94d2b091b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fontsy-f11e331f492b99109760c26e69316ddd.yaml @@ -0,0 +1,58 @@ +id: fontsy-f11e331f492b99109760c26e69316ddd + +info: + name: > + Fontsy <= 1.8.6 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dabd12b9-c07d-4a5d-bec3-905b90ff0dbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fontsy/" + google-query: inurl:"/wp-content/plugins/fontsy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fontsy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fontsy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fontsy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/food-and-drink-menu-414dd30601a3a8e396da28322c360c9c.yaml b/nuclei-templates/cve-less/plugins/food-and-drink-menu-414dd30601a3a8e396da28322c360c9c.yaml new file mode 100644 index 0000000000..e2d2be9ff5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/food-and-drink-menu-414dd30601a3a8e396da28322c360c9c.yaml @@ -0,0 +1,58 @@ +id: food-and-drink-menu-414dd30601a3a8e396da28322c360c9c + +info: + name: > + Five Star Restaurant Menu <= 2.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1769ed5-5f56-4b70-af36-c60119f0a356?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/food-and-drink-menu/" + google-query: inurl:"/wp-content/plugins/food-and-drink-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,food-and-drink-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/food-and-drink-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "food-and-drink-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/food-and-drink-menu-428e92a2be0374fb9f50d3efefc780e0.yaml b/nuclei-templates/cve-less/plugins/food-and-drink-menu-428e92a2be0374fb9f50d3efefc780e0.yaml new file mode 100644 index 0000000000..35f78a504e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/food-and-drink-menu-428e92a2be0374fb9f50d3efefc780e0.yaml @@ -0,0 +1,58 @@ +id: food-and-drink-menu-428e92a2be0374fb9f50d3efefc780e0 + +info: + name: > + Five Star Restaurant Menu and Food Ordering <= 2.4.10 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1cd5209-7959-49ae-a363-5fb4f06e2aec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/food-and-drink-menu/" + google-query: inurl:"/wp-content/plugins/food-and-drink-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,food-and-drink-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/food-and-drink-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "food-and-drink-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/food-and-drink-menu-58e8eb6b48043724a61dbfbade728e2c.yaml b/nuclei-templates/cve-less/plugins/food-and-drink-menu-58e8eb6b48043724a61dbfbade728e2c.yaml new file mode 100644 index 0000000000..3f02596aad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/food-and-drink-menu-58e8eb6b48043724a61dbfbade728e2c.yaml @@ -0,0 +1,58 @@ +id: food-and-drink-menu-58e8eb6b48043724a61dbfbade728e2c + +info: + name: > + Restaurant Menu and Food Ordering by Five Star Plugins <= 2.4.6 - Cross-Site Request Forgery via maybe_duplicate_item + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/044c34da-ee4e-4c18-bf9e-96a49a5ea7d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/food-and-drink-menu/" + google-query: inurl:"/wp-content/plugins/food-and-drink-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,food-and-drink-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/food-and-drink-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "food-and-drink-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/food-and-drink-menu-7a6e12751a5fafd18d6d56977b5ab766.yaml b/nuclei-templates/cve-less/plugins/food-and-drink-menu-7a6e12751a5fafd18d6d56977b5ab766.yaml new file mode 100644 index 0000000000..6c4a1000d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/food-and-drink-menu-7a6e12751a5fafd18d6d56977b5ab766.yaml @@ -0,0 +1,58 @@ +id: food-and-drink-menu-7a6e12751a5fafd18d6d56977b5ab766 + +info: + name: > + Five Star Restaurant Menu <= 2.2.0 - Unauthenticated Arbitrary Object Deserialization leading to Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b110a6c-fd6d-4c00-bdd6-08fce116b937?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/food-and-drink-menu/" + google-query: inurl:"/wp-content/plugins/food-and-drink-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,food-and-drink-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/food-and-drink-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "food-and-drink-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foogallery-21a95839a8ab979ff0016f6fbedc5a1e.yaml b/nuclei-templates/cve-less/plugins/foogallery-21a95839a8ab979ff0016f6fbedc5a1e.yaml new file mode 100644 index 0000000000..15a494d510 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foogallery-21a95839a8ab979ff0016f6fbedc5a1e.yaml @@ -0,0 +1,58 @@ +id: foogallery-21a95839a8ab979ff0016f6fbedc5a1e + +info: + name: > + FooGallery <= 2.2.35 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7181056-d2ee-4c0f-b9a8-fdb7ad042a6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foogallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foogallery-2c9cfaa1b4268406a1d78df84c0cb895.yaml b/nuclei-templates/cve-less/plugins/foogallery-2c9cfaa1b4268406a1d78df84c0cb895.yaml new file mode 100644 index 0000000000..2d904c6378 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foogallery-2c9cfaa1b4268406a1d78df84c0cb895.yaml @@ -0,0 +1,58 @@ +id: foogallery-2c9cfaa1b4268406a1d78df84c0cb895 + +info: + name: > + Best WordPress Gallery Plugin – FooGallery <= 2.4.7 -Authenticated(Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foogallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foogallery-3ced01544afaf258ab773262adacbb46.yaml b/nuclei-templates/cve-less/plugins/foogallery-3ced01544afaf258ab773262adacbb46.yaml new file mode 100644 index 0000000000..4b76079f67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foogallery-3ced01544afaf258ab773262adacbb46.yaml @@ -0,0 +1,58 @@ +id: foogallery-3ced01544afaf258ab773262adacbb46 + +info: + name: > + FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2edeb63-56ad-45e7-9e85-cdf0a8ef41e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foogallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foogallery-7acb842ebb36fed3d48b7a27908aad70.yaml b/nuclei-templates/cve-less/plugins/foogallery-7acb842ebb36fed3d48b7a27908aad70.yaml new file mode 100644 index 0000000000..1f542ae2d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foogallery-7acb842ebb36fed3d48b7a27908aad70.yaml @@ -0,0 +1,58 @@ +id: foogallery-7acb842ebb36fed3d48b7a27908aad70 + +info: + name: > + FooGallery <= 1.8.12 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6a9ae9e-17f2-4fcb-8428-f6bf1a500bc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foogallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foogallery-84b774dce1ed446fe61865bc9717d231.yaml b/nuclei-templates/cve-less/plugins/foogallery-84b774dce1ed446fe61865bc9717d231.yaml new file mode 100644 index 0000000000..86aa58e705 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foogallery-84b774dce1ed446fe61865bc9717d231.yaml @@ -0,0 +1,58 @@ +id: foogallery-84b774dce1ed446fe61865bc9717d231 + +info: + name: > + FooGallery <= 2.0.34 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13c22ad6-eecb-4f05-9dce-76a721b4744c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foogallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foogallery-a94721f1db6a21d7268903bae3160d03.yaml b/nuclei-templates/cve-less/plugins/foogallery-a94721f1db6a21d7268903bae3160d03.yaml new file mode 100644 index 0000000000..b8c745b954 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foogallery-a94721f1db6a21d7268903bae3160d03.yaml @@ -0,0 +1,58 @@ +id: foogallery-a94721f1db6a21d7268903bae3160d03 + +info: + name: > + FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dce8ac32-cab8-4e05-bf6f-cc348d0c9472?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foogallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foogallery-b1493cf8f77a9e357e523e1844c8f281.yaml b/nuclei-templates/cve-less/plugins/foogallery-b1493cf8f77a9e357e523e1844c8f281.yaml new file mode 100644 index 0000000000..c74bf1fa62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foogallery-b1493cf8f77a9e357e523e1844c8f281.yaml @@ -0,0 +1,58 @@ +id: foogallery-b1493cf8f77a9e357e523e1844c8f281 + +info: + name: > + FooGallery <= 2.2.44 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fd495e8-d7e8-4949-b7aa-43ef40063ca1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foogallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foogallery-c4af1e64fbcb95f3b91e16ac0f449bf5.yaml b/nuclei-templates/cve-less/plugins/foogallery-c4af1e64fbcb95f3b91e16ac0f449bf5.yaml new file mode 100644 index 0000000000..c4a4c760d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foogallery-c4af1e64fbcb95f3b91e16ac0f449bf5.yaml @@ -0,0 +1,58 @@ +id: foogallery-c4af1e64fbcb95f3b91e16ac0f449bf5 + +info: + name: > + FooGallery <= 2.4.14 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attachment Fields + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5d4aeb1-0a4f-49f1-b5a9-b582e271eae1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foogallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foogallery-d1db79cb95565d6ad4b74843ef9d4999.yaml b/nuclei-templates/cve-less/plugins/foogallery-d1db79cb95565d6ad4b74843ef9d4999.yaml new file mode 100644 index 0000000000..617a7787ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foogallery-d1db79cb95565d6ad4b74843ef9d4999.yaml @@ -0,0 +1,58 @@ +id: foogallery-d1db79cb95565d6ad4b74843ef9d4999 + +info: + name: > + FooGallery <= 2.2.44 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d58ca75a-f425-477d-8e48-a5d600543578?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foogallery/" + google-query: inurl:"/wp-content/plugins/foogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foogallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foogallery-premium-a94721f1db6a21d7268903bae3160d03.yaml b/nuclei-templates/cve-less/plugins/foogallery-premium-a94721f1db6a21d7268903bae3160d03.yaml new file mode 100644 index 0000000000..9d1cc8a4e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foogallery-premium-a94721f1db6a21d7268903bae3160d03.yaml @@ -0,0 +1,58 @@ +id: foogallery-premium-a94721f1db6a21d7268903bae3160d03 + +info: + name: > + FooGallery Premium <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dce8ac32-cab8-4e05-bf6f-cc348d0c9472?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foogallery-premium/" + google-query: inurl:"/wp-content/plugins/foogallery-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foogallery-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foogallery-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foogallery-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/football-pool-749aff0fcc167e558bca750035ba1596.yaml b/nuclei-templates/cve-less/plugins/football-pool-749aff0fcc167e558bca750035ba1596.yaml new file mode 100644 index 0000000000..734c41e187 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/football-pool-749aff0fcc167e558bca750035ba1596.yaml @@ -0,0 +1,58 @@ +id: football-pool-749aff0fcc167e558bca750035ba1596 + +info: + name: > + Football pool <= 2.11.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff150706-5fbf-4881-976b-89fdaf637fb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/football-pool/" + google-query: inurl:"/wp-content/plugins/football-pool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,football-pool,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/football-pool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "football-pool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/football-pool-924ca2bb4d17021fd01ade1e50b5f40f.yaml b/nuclei-templates/cve-less/plugins/football-pool-924ca2bb4d17021fd01ade1e50b5f40f.yaml new file mode 100644 index 0000000000..d9e4988c97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/football-pool-924ca2bb4d17021fd01ade1e50b5f40f.yaml @@ -0,0 +1,58 @@ +id: football-pool-924ca2bb4d17021fd01ade1e50b5f40f + +info: + name: > + Football Pool < 2.6.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23311ce1-0e94-4bff-8d92-388ccc600506?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/football-pool/" + google-query: inurl:"/wp-content/plugins/football-pool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,football-pool,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/football-pool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "football-pool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/footer-putter-947ad0b5d0e7c6896eb25c5ba15abe34.yaml b/nuclei-templates/cve-less/plugins/footer-putter-947ad0b5d0e7c6896eb25c5ba15abe34.yaml new file mode 100644 index 0000000000..4ce58761f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/footer-putter-947ad0b5d0e7c6896eb25c5ba15abe34.yaml @@ -0,0 +1,58 @@ +id: footer-putter-947ad0b5d0e7c6896eb25c5ba15abe34 + +info: + name: > + Footer Putter <= 6.1.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/688353c9-e4e5-4717-9651-15d05248554f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/footer-putter/" + google-query: inurl:"/wp-content/plugins/footer-putter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,footer-putter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/footer-putter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "footer-putter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/footer-text-51f5cc0d0e28df647c1c9e27826141db.yaml b/nuclei-templates/cve-less/plugins/footer-text-51f5cc0d0e28df647c1c9e27826141db.yaml new file mode 100644 index 0000000000..93a5b9b759 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/footer-text-51f5cc0d0e28df647c1c9e27826141db.yaml @@ -0,0 +1,58 @@ +id: footer-text-51f5cc0d0e28df647c1c9e27826141db + +info: + name: > + Footer Text <= 2.0.3 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a12ccd08-ee29-4fb9-9075-cf71dc488ffc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/footer-text/" + google-query: inurl:"/wp-content/plugins/footer-text/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,footer-text,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/footer-text/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "footer-text" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/for-the-visually-impaired-1288b290469ac9f6682339ae7faeb1d6.yaml b/nuclei-templates/cve-less/plugins/for-the-visually-impaired-1288b290469ac9f6682339ae7faeb1d6.yaml new file mode 100644 index 0000000000..793e949684 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/for-the-visually-impaired-1288b290469ac9f6682339ae7faeb1d6.yaml @@ -0,0 +1,58 @@ +id: for-the-visually-impaired-1288b290469ac9f6682339ae7faeb1d6 + +info: + name: > + For the visually impaired <= 0.58 - Cross-Site Request Forgery to Plugin Settings Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56976e5f-13e9-45e3-8cd1-7ac5f34f4248?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/for-the-visually-impaired/" + google-query: inurl:"/wp-content/plugins/for-the-visually-impaired/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,for-the-visually-impaired,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/for-the-visually-impaired/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "for-the-visually-impaired" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.58') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/force-first-last-9e22e51baaf99f342eddf6b6b8fb87ea.yaml b/nuclei-templates/cve-less/plugins/force-first-last-9e22e51baaf99f342eddf6b6b8fb87ea.yaml new file mode 100644 index 0000000000..203b7d04d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/force-first-last-9e22e51baaf99f342eddf6b6b8fb87ea.yaml @@ -0,0 +1,58 @@ +id: force-first-last-9e22e51baaf99f342eddf6b6b8fb87ea + +info: + name: > + Force First and Last Name as Display Name <= 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27d579d5-a4d2-45f7-a7bb-8f384d851d7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/force-first-last/" + google-query: inurl:"/wp-content/plugins/force-first-last/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,force-first-last,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/force-first-last/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "force-first-last" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/force-sell-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/force-sell-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..5d0e482bd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/force-sell-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: force-sell-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/force-sell-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/force-sell-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,force-sell-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/force-sell-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "force-sell-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forget-about-shortcode-buttons-53da943f73d7c6e6cd21ccb312450cb4.yaml b/nuclei-templates/cve-less/plugins/forget-about-shortcode-buttons-53da943f73d7c6e6cd21ccb312450cb4.yaml new file mode 100644 index 0000000000..77afde4d14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forget-about-shortcode-buttons-53da943f73d7c6e6cd21ccb312450cb4.yaml @@ -0,0 +1,58 @@ +id: forget-about-shortcode-buttons-53da943f73d7c6e6cd21ccb312450cb4 + +info: + name: > + Forget About Shortcode Buttons <= 2.1.2 - Missing Authorization via fasc_buttons + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/212dd123-42d4-4dd2-a2e2-bf0c43e805bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forget-about-shortcode-buttons/" + google-query: inurl:"/wp-content/plugins/forget-about-shortcode-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forget-about-shortcode-buttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forget-about-shortcode-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forget-about-shortcode-buttons-bb70f2562e10a695ac872c839d1985e9.yaml b/nuclei-templates/cve-less/plugins/forget-about-shortcode-buttons-bb70f2562e10a695ac872c839d1985e9.yaml new file mode 100644 index 0000000000..bcd7e7f3ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forget-about-shortcode-buttons-bb70f2562e10a695ac872c839d1985e9.yaml @@ -0,0 +1,58 @@ +id: forget-about-shortcode-buttons-bb70f2562e10a695ac872c839d1985e9 + +info: + name: > + Forget About Shortcode Buttons <= 1.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9faa9bd1-c7a8-4d8b-9f92-3a0aa9adbc03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forget-about-shortcode-buttons/" + google-query: inurl:"/wp-content/plugins/forget-about-shortcode-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forget-about-shortcode-buttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forget-about-shortcode-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forget-about-shortcode-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-block-3972eede365a3539d1345b6e32b15ffa.yaml b/nuclei-templates/cve-less/plugins/form-block-3972eede365a3539d1345b6e32b15ffa.yaml new file mode 100644 index 0000000000..9015dfbb4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-block-3972eede365a3539d1345b6e32b15ffa.yaml @@ -0,0 +1,58 @@ +id: form-block-3972eede365a3539d1345b6e32b15ffa + +info: + name: > + Form Block <= 1.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb18d6d8-28e5-4125-9209-a71403f678f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-block/" + google-query: inurl:"/wp-content/plugins/form-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-block,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-forms-96b39b472ca8eccbec11e47f253c80b8.yaml b/nuclei-templates/cve-less/plugins/form-forms-96b39b472ca8eccbec11e47f253c80b8.yaml new file mode 100644 index 0000000000..9d88230efe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-forms-96b39b472ca8eccbec11e47f253c80b8.yaml @@ -0,0 +1,58 @@ +id: form-forms-96b39b472ca8eccbec11e47f253c80b8 + +info: + name: > + Form – Contact Form <= 1.2.0 - Administrator+ Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da4f81c5-c796-4052-ac1a-007a1e8f5a50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-forms/" + google-query: inurl:"/wp-content/plugins/form-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-0e2b9d12590d3c7b14c8e22b3d6f6056.yaml b/nuclei-templates/cve-less/plugins/form-maker-0e2b9d12590d3c7b14c8e22b3d6f6056.yaml new file mode 100644 index 0000000000..fd4a1be672 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-0e2b9d12590d3c7b14c8e22b3d6f6056.yaml @@ -0,0 +1,58 @@ +id: form-maker-0e2b9d12590d3c7b14c8e22b3d6f6056 + +info: + name: > + Form Maker by 10Web <= 1.12.21 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7317d716-39e0-40d6-92a8-e59bd8470e5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.12.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-2420cc8c52f0171d8c5b49b0e53cd69a.yaml b/nuclei-templates/cve-less/plugins/form-maker-2420cc8c52f0171d8c5b49b0e53cd69a.yaml new file mode 100644 index 0000000000..b466b0cc45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-2420cc8c52f0171d8c5b49b0e53cd69a.yaml @@ -0,0 +1,58 @@ +id: form-maker-2420cc8c52f0171d8c5b49b0e53cd69a + +info: + name: > + Form Maker <= 1.13.59 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c3091eb-a2e7-4fc2-9f5c-5d6d582bbb89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-3a5958dc81689a4069c9b57ecbde177c.yaml b/nuclei-templates/cve-less/plugins/form-maker-3a5958dc81689a4069c9b57ecbde177c.yaml new file mode 100644 index 0000000000..93abb02d73 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-3a5958dc81689a4069c9b57ecbde177c.yaml @@ -0,0 +1,58 @@ +id: form-maker-3a5958dc81689a4069c9b57ecbde177c + +info: + name: > + Form Maker <= 1.15.20 - Captcha Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46525a06-f3a4-4c78-ba32-4b937e1dbac6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.15.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-51b281937ca7291e3b4a94f5ec043e64.yaml b/nuclei-templates/cve-less/plugins/form-maker-51b281937ca7291e3b4a94f5ec043e64.yaml new file mode 100644 index 0000000000..474699a7b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-51b281937ca7291e3b4a94f5ec043e64.yaml @@ -0,0 +1,58 @@ +id: form-maker-51b281937ca7291e3b4a94f5ec043e64 + +info: + name: > + Form Maker by 10Web <= 1.15.19 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c691d129-35db-4de8-a28e-5e77347e2280?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.15.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-54830c75db088a14f125745f43fdb1f9.yaml b/nuclei-templates/cve-less/plugins/form-maker-54830c75db088a14f125745f43fdb1f9.yaml new file mode 100644 index 0000000000..8c30b04d49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-54830c75db088a14f125745f43fdb1f9.yaml @@ -0,0 +1,58 @@ +id: form-maker-54830c75db088a14f125745f43fdb1f9 + +info: + name: > + Form Maker by 10Web <= 1.15.18 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b1db6b8-f005-488f-b2cc-667acc700b0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-5ab78d017180c321a2a306a692c78211.yaml b/nuclei-templates/cve-less/plugins/form-maker-5ab78d017180c321a2a306a692c78211.yaml new file mode 100644 index 0000000000..cd7958dd39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-5ab78d017180c321a2a306a692c78211.yaml @@ -0,0 +1,58 @@ +id: form-maker-5ab78d017180c321a2a306a692c78211 + +info: + name: > + Form Maker by 10Web <= 1.15.24 - Authenticated (Subscriber+) Stored Self-Based Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af1075a5-9efa-4b86-9798-6dbafcba4db5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-844eff1dfca0f37b0344bfc8951dcee9.yaml b/nuclei-templates/cve-less/plugins/form-maker-844eff1dfca0f37b0344bfc8951dcee9.yaml new file mode 100644 index 0000000000..a1ce0e35ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-844eff1dfca0f37b0344bfc8951dcee9.yaml @@ -0,0 +1,58 @@ +id: form-maker-844eff1dfca0f37b0344bfc8951dcee9 + +info: + name: > + Form Maker by 10Web <= 1.15.18 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05b434f7-6bce-4ad0-bd12-db5b01f14953?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-b107934a8aab930d1fab2cf0f27d13f6.yaml b/nuclei-templates/cve-less/plugins/form-maker-b107934a8aab930d1fab2cf0f27d13f6.yaml new file mode 100644 index 0000000000..fa410c1890 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-b107934a8aab930d1fab2cf0f27d13f6.yaml @@ -0,0 +1,58 @@ +id: form-maker-b107934a8aab930d1fab2cf0f27d13f6 + +info: + name: > + Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.23 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8921ea7f-5e27-4f05-b338-1c16366a8c8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-b584bc3add37b438ea9f7d52a53c499d.yaml b/nuclei-templates/cve-less/plugins/form-maker-b584bc3add37b438ea9f7d52a53c499d.yaml new file mode 100644 index 0000000000..67b7f05955 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-b584bc3add37b438ea9f7d52a53c499d.yaml @@ -0,0 +1,58 @@ +id: form-maker-b584bc3add37b438ea9f7d52a53c499d + +info: + name: > + Form Maker by 10Web <= 1.13.2 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93ff1634-d520-4895-8822-2dbfa7b5e030?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.13.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-bc7687f3a38eb76862d41bf156e272e2.yaml b/nuclei-templates/cve-less/plugins/form-maker-bc7687f3a38eb76862d41bf156e272e2.yaml new file mode 100644 index 0000000000..1fc7110978 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-bc7687f3a38eb76862d41bf156e272e2.yaml @@ -0,0 +1,58 @@ +id: form-maker-bc7687f3a38eb76862d41bf156e272e2 + +info: + name: > + Form Maker by 10Web <= 1.13.4 - Cross-Site Request Forgery to Local File Inclusion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59c1b745-7559-4b80-9118-152ee2340c47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-c060cdd161613c35be3451870d488386.yaml b/nuclei-templates/cve-less/plugins/form-maker-c060cdd161613c35be3451870d488386.yaml new file mode 100644 index 0000000000..06fdf7e1b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-c060cdd161613c35be3451870d488386.yaml @@ -0,0 +1,58 @@ +id: form-maker-c060cdd161613c35be3451870d488386 + +info: + name: > + Form-Maker (twb_form-maker) <= 1.15.21 - Cross-Site Request Forgery to Limited Code Execution via Execute + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-c4e27cd6ca86640ba05f8d3c2423655f.yaml b/nuclei-templates/cve-less/plugins/form-maker-c4e27cd6ca86640ba05f8d3c2423655f.yaml new file mode 100644 index 0000000000..30360473eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-c4e27cd6ca86640ba05f8d3c2423655f.yaml @@ -0,0 +1,58 @@ +id: form-maker-c4e27cd6ca86640ba05f8d3c2423655f + +info: + name: > + Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder <= 1.15.22 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5652f9c3-3cc9-4541-8209-40117b4d25d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-e23a8ff0f941885439bb6eaa6879d8d2.yaml b/nuclei-templates/cve-less/plugins/form-maker-e23a8ff0f941885439bb6eaa6879d8d2.yaml new file mode 100644 index 0000000000..b8008b041d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-e23a8ff0f941885439bb6eaa6879d8d2.yaml @@ -0,0 +1,58 @@ +id: form-maker-e23a8ff0f941885439bb6eaa6879d8d2 + +info: + name: > + Form Maker <= 1.15.5 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0506f360-17c3-4cc8-9ac7-988c056c3caf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-maker-fd28c2a8a8ece88ce28c75cf84e47383.yaml b/nuclei-templates/cve-less/plugins/form-maker-fd28c2a8a8ece88ce28c75cf84e47383.yaml new file mode 100644 index 0000000000..837de556e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-maker-fd28c2a8a8ece88ce28c75cf84e47383.yaml @@ -0,0 +1,58 @@ +id: form-maker-fd28c2a8a8ece88ce28c75cf84e47383 + +info: + name: > + Form Maker <= 1.14.11 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c547a2b-98fb-4936-88a5-31e5c879a364?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-maker/" + google-query: inurl:"/wp-content/plugins/form-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-maker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-to-chat-08841c16939c6ce6bfc6679725ea1281.yaml b/nuclei-templates/cve-less/plugins/form-to-chat-08841c16939c6ce6bfc6679725ea1281.yaml new file mode 100644 index 0000000000..72b19e98d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-to-chat-08841c16939c6ce6bfc6679725ea1281.yaml @@ -0,0 +1,58 @@ +id: form-to-chat-08841c16939c6ce6bfc6679725ea1281 + +info: + name: > + Form to Chat App <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6efb471-3f6a-4ec0-a2cd-fc1154d48ef5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-to-chat/" + google-query: inurl:"/wp-content/plugins/form-to-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-to-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-to-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-to-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/form-vibes-b7888b843ebf167b77c4d303a6db54de.yaml b/nuclei-templates/cve-less/plugins/form-vibes-b7888b843ebf167b77c4d303a6db54de.yaml new file mode 100644 index 0000000000..ae8b896378 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/form-vibes-b7888b843ebf167b77c4d303a6db54de.yaml @@ -0,0 +1,58 @@ +id: form-vibes-b7888b843ebf167b77c4d303a6db54de + +info: + name: > + Form Vibes <= 1.4.5 - Authenticated (Admininstrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/066e9f46-83a5-4a2f-ae09-6d06c5c66817?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/form-vibes/" + google-query: inurl:"/wp-content/plugins/form-vibes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,form-vibes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/form-vibes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "form-vibes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formassembly-web-forms-14ef39181771488f76a78ebc7f182128.yaml b/nuclei-templates/cve-less/plugins/formassembly-web-forms-14ef39181771488f76a78ebc7f182128.yaml new file mode 100644 index 0000000000..db2d4a6434 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formassembly-web-forms-14ef39181771488f76a78ebc7f182128.yaml @@ -0,0 +1,58 @@ +id: formassembly-web-forms-14ef39181771488f76a78ebc7f182128 + +info: + name: > + WP-FormAssembly <= 2.0.5 - Authenticated (Contributor+) Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/724a1790-811a-4ec5-a664-a22e6b72fba1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formassembly-web-forms/" + google-query: inurl:"/wp-content/plugins/formassembly-web-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formassembly-web-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formassembly-web-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formassembly-web-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formassembly-web-forms-40b17fbc397976bb918c3ad479c78a68.yaml b/nuclei-templates/cve-less/plugins/formassembly-web-forms-40b17fbc397976bb918c3ad479c78a68.yaml new file mode 100644 index 0000000000..f38cbc8e50 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formassembly-web-forms-40b17fbc397976bb918c3ad479c78a68.yaml @@ -0,0 +1,58 @@ +id: formassembly-web-forms-40b17fbc397976bb918c3ad479c78a68 + +info: + name: > + WP-FormAssembly <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60db100b-7a09-4ac1-81ec-9b400c9cce47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formassembly-web-forms/" + google-query: inurl:"/wp-content/plugins/formassembly-web-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formassembly-web-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formassembly-web-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formassembly-web-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formbuilder-15f3ff2fd895a09890b1601370ff17ff.yaml b/nuclei-templates/cve-less/plugins/formbuilder-15f3ff2fd895a09890b1601370ff17ff.yaml new file mode 100644 index 0000000000..a703152ab0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formbuilder-15f3ff2fd895a09890b1601370ff17ff.yaml @@ -0,0 +1,58 @@ +id: formbuilder-15f3ff2fd895a09890b1601370ff17ff + +info: + name: > + FormBuilder <= 1.05 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61737fea-cf91-4a08-bfec-363aeaca21f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formbuilder/" + google-query: inurl:"/wp-content/plugins/formbuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formbuilder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formbuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formbuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formbuilder-a6e4580408df1cc0fd425db3d3f61102.yaml b/nuclei-templates/cve-less/plugins/formbuilder-a6e4580408df1cc0fd425db3d3f61102.yaml new file mode 100644 index 0000000000..212a124ccd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formbuilder-a6e4580408df1cc0fd425db3d3f61102.yaml @@ -0,0 +1,58 @@ +id: formbuilder-a6e4580408df1cc0fd425db3d3f61102 + +info: + name: > + FormBuilder <= 0.90 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed74aebc-9d52-4fac-b308-97765db62d3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formbuilder/" + google-query: inurl:"/wp-content/plugins/formbuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formbuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formbuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formbuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.90') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formbuilder-e6475f7f5f871801f1bd4ec02d738d77.yaml b/nuclei-templates/cve-less/plugins/formbuilder-e6475f7f5f871801f1bd4ec02d738d77.yaml new file mode 100644 index 0000000000..6b5cab8b9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formbuilder-e6475f7f5f871801f1bd4ec02d738d77.yaml @@ -0,0 +1,58 @@ +id: formbuilder-e6475f7f5f871801f1bd4ec02d738d77 + +info: + name: > + FormBuilder <= 1.08 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2df2312c-56d7-4899-8342-6f6cf62298e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formbuilder/" + google-query: inurl:"/wp-content/plugins/formbuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formbuilder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formbuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formbuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.08') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formcraft-fd631c53e7ca7d0431606810665ee5df.yaml b/nuclei-templates/cve-less/plugins/formcraft-fd631c53e7ca7d0431606810665ee5df.yaml new file mode 100644 index 0000000000..41901d9aff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formcraft-fd631c53e7ca7d0431606810665ee5df.yaml @@ -0,0 +1,58 @@ +id: formcraft-fd631c53e7ca7d0431606810665ee5df + +info: + name: > + FormCraft <= 1.3.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5a26786-2b15-43ce-a992-fd8cc9cf5600?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formcraft/" + google-query: inurl:"/wp-content/plugins/formcraft/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formcraft,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formcraft/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formcraft" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formcraft-form-builder-02ff6e8f4c50ebc35c46ebd6a0282258.yaml b/nuclei-templates/cve-less/plugins/formcraft-form-builder-02ff6e8f4c50ebc35c46ebd6a0282258.yaml new file mode 100644 index 0000000000..cf128bedae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formcraft-form-builder-02ff6e8f4c50ebc35c46ebd6a0282258.yaml @@ -0,0 +1,58 @@ +id: formcraft-form-builder-02ff6e8f4c50ebc35c46ebd6a0282258 + +info: + name: > + FormCraft Basic <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c648fbb1-cc12-4334-b334-0f784542ab6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formcraft-form-builder/" + google-query: inurl:"/wp-content/plugins/formcraft-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formcraft-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formcraft-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formcraft-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formcraft-form-builder-0793f0361460e084aa156d291ce75eb6.yaml b/nuclei-templates/cve-less/plugins/formcraft-form-builder-0793f0361460e084aa156d291ce75eb6.yaml new file mode 100644 index 0000000000..8415c7a4de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formcraft-form-builder-0793f0361460e084aa156d291ce75eb6.yaml @@ -0,0 +1,58 @@ +id: formcraft-form-builder-0793f0361460e084aa156d291ce75eb6 + +info: + name: > + FormCraft Basic 1.0.5 - SQL Injection via id Parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55f507c4-8589-4fdb-92c2-935d38054817?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formcraft-form-builder/" + google-query: inurl:"/wp-content/plugins/formcraft-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formcraft-form-builder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formcraft-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formcraft-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formcraft-form-builder-27f44594eb9e99ef9e1059fc3d01b99d.yaml b/nuclei-templates/cve-less/plugins/formcraft-form-builder-27f44594eb9e99ef9e1059fc3d01b99d.yaml new file mode 100644 index 0000000000..44b0cb92f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formcraft-form-builder-27f44594eb9e99ef9e1059fc3d01b99d.yaml @@ -0,0 +1,58 @@ +id: formcraft-form-builder-27f44594eb9e99ef9e1059fc3d01b99d + +info: + name: > + FormCraft <= 1.2.7 - Missing Authorization via formcraft_nag_update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25d5735a-8eed-4b4a-9bbe-9e42fb18ddf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formcraft-form-builder/" + google-query: inurl:"/wp-content/plugins/formcraft-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formcraft-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formcraft-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formcraft-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formcraft-form-builder-527f36f790da1a74645e814e4fe52934.yaml b/nuclei-templates/cve-less/plugins/formcraft-form-builder-527f36f790da1a74645e814e4fe52934.yaml new file mode 100644 index 0000000000..3a412776ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formcraft-form-builder-527f36f790da1a74645e814e4fe52934.yaml @@ -0,0 +1,58 @@ +id: formcraft-form-builder-527f36f790da1a74645e814e4fe52934 + +info: + name: > + FormCraft <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fcb shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf17a817-6f61-43d5-9da2-58fbbef458d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formcraft-form-builder/" + google-query: inurl:"/wp-content/plugins/formcraft-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formcraft-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formcraft-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formcraft-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formcraft-form-builder-5fa24ba82d6b7dec5ee5fc8a5b73d9f8.yaml b/nuclei-templates/cve-less/plugins/formcraft-form-builder-5fa24ba82d6b7dec5ee5fc8a5b73d9f8.yaml new file mode 100644 index 0000000000..75eabafa9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formcraft-form-builder-5fa24ba82d6b7dec5ee5fc8a5b73d9f8.yaml @@ -0,0 +1,58 @@ +id: formcraft-form-builder-5fa24ba82d6b7dec5ee5fc8a5b73d9f8 + +info: + name: > + FormCraft <= 1.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f49408da-79d5-4653-b4c2-a9247f597380?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formcraft-form-builder/" + google-query: inurl:"/wp-content/plugins/formcraft-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formcraft-form-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formcraft-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formcraft-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formcraft-form-builder-8ab11785066028af40a069df806e2ad0.yaml b/nuclei-templates/cve-less/plugins/formcraft-form-builder-8ab11785066028af40a069df806e2ad0.yaml new file mode 100644 index 0000000000..e5bf28034d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formcraft-form-builder-8ab11785066028af40a069df806e2ad0.yaml @@ -0,0 +1,58 @@ +id: formcraft-form-builder-8ab11785066028af40a069df806e2ad0 + +info: + name: > + FormCraft <= 1.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77a2d64f-852f-4cc2-9905-98c8f0930817?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formcraft-form-builder/" + google-query: inurl:"/wp-content/plugins/formcraft-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formcraft-form-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formcraft-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formcraft-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formcraft-form-builder-98163a520e2e6ad1b536bf4759e7aff4.yaml b/nuclei-templates/cve-less/plugins/formcraft-form-builder-98163a520e2e6ad1b536bf4759e7aff4.yaml new file mode 100644 index 0000000000..824af67ab4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formcraft-form-builder-98163a520e2e6ad1b536bf4759e7aff4.yaml @@ -0,0 +1,58 @@ +id: formcraft-form-builder-98163a520e2e6ad1b536bf4759e7aff4 + +info: + name: > + FormCraft Premium <= 3.9.6 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72b4f6bb-59dd-453c-b089-4777dcefb11f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formcraft-form-builder/" + google-query: inurl:"/wp-content/plugins/formcraft-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formcraft-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formcraft-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formcraft-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formcraft-form-builder-d35055f56360f454d611ea478b5c8142.yaml b/nuclei-templates/cve-less/plugins/formcraft-form-builder-d35055f56360f454d611ea478b5c8142.yaml new file mode 100644 index 0000000000..40c12cb68e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formcraft-form-builder-d35055f56360f454d611ea478b5c8142.yaml @@ -0,0 +1,58 @@ +id: formcraft-form-builder-d35055f56360f454d611ea478b5c8142 + +info: + name: > + Formcraft3 <= 3.8.27 - Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5d23a02-11b6-4674-a13a-884de2d51ed7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formcraft-form-builder/" + google-query: inurl:"/wp-content/plugins/formcraft-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formcraft-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formcraft-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formcraft-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formcraft-form-builder-e2849c772d6e6f64d56860e36e54564f.yaml b/nuclei-templates/cve-less/plugins/formcraft-form-builder-e2849c772d6e6f64d56860e36e54564f.yaml new file mode 100644 index 0000000000..749ac3846d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formcraft-form-builder-e2849c772d6e6f64d56860e36e54564f.yaml @@ -0,0 +1,58 @@ +id: formcraft-form-builder-e2849c772d6e6f64d56860e36e54564f + +info: + name: > + FormCraft <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c17967a4-20df-4b23-973f-591a0caeea39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formcraft-form-builder/" + google-query: inurl:"/wp-content/plugins/formcraft-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formcraft-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formcraft-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formcraft-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formcraft3-633d0b293826c4a61b61e1d3210e0346.yaml b/nuclei-templates/cve-less/plugins/formcraft3-633d0b293826c4a61b61e1d3210e0346.yaml new file mode 100644 index 0000000000..78042370b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formcraft3-633d0b293826c4a61b61e1d3210e0346.yaml @@ -0,0 +1,58 @@ +id: formcraft3-633d0b293826c4a61b61e1d3210e0346 + +info: + name: > + Premium WordPress Form Builder <= 3.2.31 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d943691-66cf-4018-9eb6-5f20db0a95a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formcraft3/" + google-query: inurl:"/wp-content/plugins/formcraft3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formcraft3,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formcraft3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formcraft3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formfacade-240756f87690e8bd859858034bc8c975.yaml b/nuclei-templates/cve-less/plugins/formfacade-240756f87690e8bd859858034bc8c975.yaml new file mode 100644 index 0000000000..75b17eb67a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formfacade-240756f87690e8bd859858034bc8c975.yaml @@ -0,0 +1,58 @@ +id: formfacade-240756f87690e8bd859858034bc8c975 + +info: + name: > + FormFacade <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94a4123b-c21b-4f3e-b1cc-96c8f07c3fc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formfacade/" + google-query: inurl:"/wp-content/plugins/formfacade/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formfacade,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formfacade/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formfacade" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formforall-76bb7b1a62378179c2a3a748f3a4ef7c.yaml b/nuclei-templates/cve-less/plugins/formforall-76bb7b1a62378179c2a3a748f3a4ef7c.yaml new file mode 100644 index 0000000000..f94f89b3ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formforall-76bb7b1a62378179c2a3a748f3a4ef7c.yaml @@ -0,0 +1,58 @@ +id: formforall-76bb7b1a62378179c2a3a748f3a4ef7c + +info: + name: > + Contact form Form For All <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abe2f596-b2c3-49d3-b646-0f4b64f15674?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formforall/" + google-query: inurl:"/wp-content/plugins/formforall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formforall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formforall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formforall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formget-contact-form-2abba35343647b8a829e092f6dec80ee.yaml b/nuclei-templates/cve-less/plugins/formget-contact-form-2abba35343647b8a829e092f6dec80ee.yaml new file mode 100644 index 0000000000..fb67c4ea08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formget-contact-form-2abba35343647b8a829e092f6dec80ee.yaml @@ -0,0 +1,58 @@ +id: formget-contact-form-2abba35343647b8a829e092f6dec80ee + +info: + name: > + Contact Form by FormGet <= 5.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdd73289-f292-4903-951e-6a89049d39a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formget-contact-form/" + google-query: inurl:"/wp-content/plugins/formget-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formget-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formget-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formget-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-03587c706609d69bad10e8dac47e2f3e.yaml b/nuclei-templates/cve-less/plugins/formidable-03587c706609d69bad10e8dac47e2f3e.yaml new file mode 100644 index 0000000000..5e0139143d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-03587c706609d69bad10e8dac47e2f3e.yaml @@ -0,0 +1,58 @@ +id: formidable-03587c706609d69bad10e8dac47e2f3e + +info: + name: > + Formidable Form Builder <= 5.5.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02649a9e-036a-47fe-ab1a-26caf4f2be27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-08ccf69c17927ada744879c1923c390b.yaml b/nuclei-templates/cve-less/plugins/formidable-08ccf69c17927ada744879c1923c390b.yaml new file mode 100644 index 0000000000..8088f3c86a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-08ccf69c17927ada744879c1923c390b.yaml @@ -0,0 +1,58 @@ +id: formidable-08ccf69c17927ada744879c1923c390b + +info: + name: > + Formidable Form Builder <= 5.0.06 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dde57a98-06d5-4a3c-b100-170e9c339908?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.07') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-15c563e3f7d22cf323cc481f61b9eb8b.yaml b/nuclei-templates/cve-less/plugins/formidable-15c563e3f7d22cf323cc481f61b9eb8b.yaml new file mode 100644 index 0000000000..e6592d8d6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-15c563e3f7d22cf323cc481f61b9eb8b.yaml @@ -0,0 +1,58 @@ +id: formidable-15c563e3f7d22cf323cc481f61b9eb8b + +info: + name: > + Formidable Form Builder <= 4.02 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e19f4cb9-09ec-4711-a799-1ba809f2eda8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.02.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-437b9be662132aed2b43b674efcda98c.yaml b/nuclei-templates/cve-less/plugins/formidable-437b9be662132aed2b43b674efcda98c.yaml new file mode 100644 index 0000000000..44531d20b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-437b9be662132aed2b43b674efcda98c.yaml @@ -0,0 +1,58 @@ +id: formidable-437b9be662132aed2b43b674efcda98c + +info: + name: > + Formidable Form Builder <= 4.09.04 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef5028a0-6a5a-40ad-92df-ffc988cad389?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.09.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-50b07daf945144cbfd99133630410da2.yaml b/nuclei-templates/cve-less/plugins/formidable-50b07daf945144cbfd99133630410da2.yaml new file mode 100644 index 0000000000..74d6e7940c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-50b07daf945144cbfd99133630410da2.yaml @@ -0,0 +1,58 @@ +id: formidable-50b07daf945144cbfd99133630410da2 + +info: + name: > + Formidable Form Builder <= 5.5.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b647a6c5-3710-43ec-bf31-87b5a26d54b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-5ec297ac46cc1d40266a5ad0daa61699.yaml b/nuclei-templates/cve-less/plugins/formidable-5ec297ac46cc1d40266a5ad0daa61699.yaml new file mode 100644 index 0000000000..ec7efb6eae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-5ec297ac46cc1d40266a5ad0daa61699.yaml @@ -0,0 +1,58 @@ +id: formidable-5ec297ac46cc1d40266a5ad0daa61699 + +info: + name: > + Formidable Forms <= 6.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b983d22b-6cd2-4450-99e2-88bb149091fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-75cfe0d86b035fdf1639773082de267a.yaml b/nuclei-templates/cve-less/plugins/formidable-75cfe0d86b035fdf1639773082de267a.yaml new file mode 100644 index 0000000000..604894de96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-75cfe0d86b035fdf1639773082de267a.yaml @@ -0,0 +1,58 @@ +id: formidable-75cfe0d86b035fdf1639773082de267a + +info: + name: > + Formidable Forms <= 6.7 - HTML Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff294b0f-97fe-4d27-bf93-f5bbb57ac1f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-77ecffd079fc8a0b13b180178795f1cd.yaml b/nuclei-templates/cve-less/plugins/formidable-77ecffd079fc8a0b13b180178795f1cd.yaml new file mode 100644 index 0000000000..a357ce32e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-77ecffd079fc8a0b13b180178795f1cd.yaml @@ -0,0 +1,58 @@ +id: formidable-77ecffd079fc8a0b13b180178795f1cd + +info: + name: > + Formidable Forms <= 6.1.2 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7db04a93-a384-4093-8cab-6f1d6822f625?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-961c6f8ac9568871bace8745083a3696.yaml b/nuclei-templates/cve-less/plugins/formidable-961c6f8ac9568871bace8745083a3696.yaml new file mode 100644 index 0000000000..f2631191aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-961c6f8ac9568871bace8745083a3696.yaml @@ -0,0 +1,58 @@ +id: formidable-961c6f8ac9568871bace8745083a3696 + +info: + name: > + Formidable Form Builder <= 1.07.11 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d97b6f64-a596-4c83-8ab5-98b4b246897f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.07.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-987b044c3bb6f7d497d7cc053aa32728.yaml b/nuclei-templates/cve-less/plugins/formidable-987b044c3bb6f7d497d7cc053aa32728.yaml new file mode 100644 index 0000000000..d093fc7d67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-987b044c3bb6f7d497d7cc053aa32728.yaml @@ -0,0 +1,58 @@ +id: formidable-987b044c3bb6f7d497d7cc053aa32728 + +info: + name: > + Formidable Forms <= 6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47e402c3-e06c-4ac9-8c60-5666cb1101ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-a29260605777cb6f82b580e66c46fcb9.yaml b/nuclei-templates/cve-less/plugins/formidable-a29260605777cb6f82b580e66c46fcb9.yaml new file mode 100644 index 0000000000..fa76698644 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-a29260605777cb6f82b580e66c46fcb9.yaml @@ -0,0 +1,58 @@ +id: formidable-a29260605777cb6f82b580e66c46fcb9 + +info: + name: > + Formidable Forms <= 6.3 - Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9f060bd-029a-462e-b308-8366e82be383?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-f8715414342ae577e0f9a96507f17db4.yaml b/nuclei-templates/cve-less/plugins/formidable-f8715414342ae577e0f9a96507f17db4.yaml new file mode 100644 index 0000000000..b031afee27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-f8715414342ae577e0f9a96507f17db4.yaml @@ -0,0 +1,58 @@ +id: formidable-f8715414342ae577e0f9a96507f17db4 + +info: + name: > + Formidable Forms <= 6.0.1 - IP Spoofing via HTTP header + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/909b5421-210d-427a-94a0-e1ea25880cec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable/" + google-query: inurl:"/wp-content/plugins/formidable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-registration-96ed0838fd20f84264d3c063e2ba926e.yaml b/nuclei-templates/cve-less/plugins/formidable-registration-96ed0838fd20f84264d3c063e2ba926e.yaml new file mode 100644 index 0000000000..9b0b99395c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-registration-96ed0838fd20f84264d3c063e2ba926e.yaml @@ -0,0 +1,58 @@ +id: formidable-registration-96ed0838fd20f84264d3c063e2ba926e + +info: + name: > + Formidable Registration <= 2.11 - Authenticated (Contributor+) Arbitrary User Password Reset To Account Takeover + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfc04273-0d72-4b18-bcb5-eb1530aefcc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable-registration/" + google-query: inurl:"/wp-content/plugins/formidable-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidable-sms-167d9672411be44feb72a5175fd0987c.yaml b/nuclei-templates/cve-less/plugins/formidable-sms-167d9672411be44feb72a5175fd0987c.yaml new file mode 100644 index 0000000000..40779804fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidable-sms-167d9672411be44feb72a5175fd0987c.yaml @@ -0,0 +1,58 @@ +id: formidable-sms-167d9672411be44feb72a5175fd0987c + +info: + name: > + Clockwork SMS Plugins - Multiple Versions - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f35a20-ffcf-4413-b1ea-748cd6aa6f20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidable-sms/" + google-query: inurl:"/wp-content/plugins/formidable-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidable-sms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidable-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidable-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formidablepro-2-pdf-f2bfced9bfd91f1f83f4f10d9e2a4e2c.yaml b/nuclei-templates/cve-less/plugins/formidablepro-2-pdf-f2bfced9bfd91f1f83f4f10d9e2a4e2c.yaml new file mode 100644 index 0000000000..d2cead9248 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formidablepro-2-pdf-f2bfced9bfd91f1f83f4f10d9e2a4e2c.yaml @@ -0,0 +1,58 @@ +id: formidablepro-2-pdf-f2bfced9bfd91f1f83f4f10d9e2a4e2c + +info: + name: > + Formidable PRO2PDF <= 3.09 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63f6ca11-abfb-4f87-a9f7-0321f1de9abe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formidablepro-2-pdf/" + google-query: inurl:"/wp-content/plugins/formidablepro-2-pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formidablepro-2-pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formidablepro-2-pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formidablepro-2-pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.09') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formilla-live-chat-309fdaa44a67ee8c05b1363fafbc2e7a.yaml b/nuclei-templates/cve-less/plugins/formilla-live-chat-309fdaa44a67ee8c05b1363fafbc2e7a.yaml new file mode 100644 index 0000000000..87300e3d0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formilla-live-chat-309fdaa44a67ee8c05b1363fafbc2e7a.yaml @@ -0,0 +1,58 @@ +id: formilla-live-chat-309fdaa44a67ee8c05b1363fafbc2e7a + +info: + name: > + Formilla Live Chat <= 1.3.0 - Authenticated (Administrator+) Cross-Site Scripting via 'FormillaID' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/044e110d-2435-41b8-8aec-917c329b944c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formilla-live-chat/" + google-query: inurl:"/wp-content/plugins/formilla-live-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formilla-live-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formilla-live-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formilla-live-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-183d4dac6eb372129600913c83567fc9.yaml b/nuclei-templates/cve-less/plugins/forminator-183d4dac6eb372129600913c83567fc9.yaml new file mode 100644 index 0000000000..96cbf31f5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-183d4dac6eb372129600913c83567fc9.yaml @@ -0,0 +1,58 @@ +id: forminator-183d4dac6eb372129600913c83567fc9 + +info: + name: > + Forminator <= 1.14.11 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e558100a-5866-4e7f-bae7-47a1f492ab27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.14.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-1c0b534ade0c088d820f904818d49367.yaml b/nuclei-templates/cve-less/plugins/forminator-1c0b534ade0c088d820f904818d49367.yaml new file mode 100644 index 0000000000..d8e24cb828 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-1c0b534ade0c088d820f904818d49367.yaml @@ -0,0 +1,58 @@ +id: forminator-1c0b534ade0c088d820f904818d49367 + +info: + name: > + Forminator <= 1.23.3 - Race Condition to Multiple Poll Voting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a40cb2da-dc13-4e20-9602-a4e6c2eade43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-26f35acb3c0f14eb0fe591953d190a10.yaml b/nuclei-templates/cve-less/plugins/forminator-26f35acb3c0f14eb0fe591953d190a10.yaml new file mode 100644 index 0000000000..043d5cbd3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-26f35acb3c0f14eb0fe591953d190a10.yaml @@ -0,0 +1,58 @@ +id: forminator-26f35acb3c0f14eb0fe591953d190a10 + +info: + name: > + Forminator Plugin <= 1.5.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efe6c4aa-5e5d-4e3b-8a38-f85e163a9e00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-286f623357d476ca932bc8210895d763.yaml b/nuclei-templates/cve-less/plugins/forminator-286f623357d476ca932bc8210895d763.yaml new file mode 100644 index 0000000000..eca87495e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-286f623357d476ca932bc8210895d763.yaml @@ -0,0 +1,58 @@ +id: forminator-286f623357d476ca932bc8210895d763 + +info: + name: > + Forminator <= 1.24.6 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd87da6-1f4c-4a15-8ebb-6e0f8ef72513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-292cb08d9cd5bb1cf7550652732f7a0a.yaml b/nuclei-templates/cve-less/plugins/forminator-292cb08d9cd5bb1cf7550652732f7a0a.yaml new file mode 100644 index 0000000000..822fe66331 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-292cb08d9cd5bb1cf7550652732f7a0a.yaml @@ -0,0 +1,58 @@ +id: forminator-292cb08d9cd5bb1cf7550652732f7a0a + +info: + name: > + Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.27.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f34b94f-ea72-4a42-abea-2f2eb565ffdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.26.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-42f191921072c4fed5defc1af6bdccae.yaml b/nuclei-templates/cve-less/plugins/forminator-42f191921072c4fed5defc1af6bdccae.yaml new file mode 100644 index 0000000000..8e660e6283 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-42f191921072c4fed5defc1af6bdccae.yaml @@ -0,0 +1,58 @@ +id: forminator-42f191921072c4fed5defc1af6bdccae + +info: + name: > + Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.29.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via forminator_form Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19439622-6396-4f10-ab71-aa243b6812fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-64248c162e0a07dde805cd870763a3a0.yaml b/nuclei-templates/cve-less/plugins/forminator-64248c162e0a07dde805cd870763a3a0.yaml new file mode 100644 index 0000000000..95c81bf48d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-64248c162e0a07dde805cd870763a3a0.yaml @@ -0,0 +1,58 @@ +id: forminator-64248c162e0a07dde805cd870763a3a0 + +info: + name: > + Forminator Plugin <= 1.5.3.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f88286b9-16b2-42a9-b8c6-0a6fe6c136ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-7753a7f9705bcf7c075ba8ba61f788d8.yaml b/nuclei-templates/cve-less/plugins/forminator-7753a7f9705bcf7c075ba8ba61f788d8.yaml new file mode 100644 index 0000000000..bd41d4eecc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-7753a7f9705bcf7c075ba8ba61f788d8.yaml @@ -0,0 +1,58 @@ +id: forminator-7753a7f9705bcf7c075ba8ba61f788d8 + +info: + name: > + Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.13.4 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdee0cd8-b83b-4436-aebe-533f5af03ef1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.13.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-7ff8aa4516f6800dd9ef07a8f731d28e.yaml b/nuclei-templates/cve-less/plugins/forminator-7ff8aa4516f6800dd9ef07a8f731d28e.yaml new file mode 100644 index 0000000000..3672b4460f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-7ff8aa4516f6800dd9ef07a8f731d28e.yaml @@ -0,0 +1,58 @@ +id: forminator-7ff8aa4516f6800dd9ef07a8f731d28e + +info: + name: > + Forminator <= 1.15.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97cbf2d7-2fdc-4c10-872d-add54687dd9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-8893a21ace79666845ab488b8953c970.yaml b/nuclei-templates/cve-less/plugins/forminator-8893a21ace79666845ab488b8953c970.yaml new file mode 100644 index 0000000000..8a6c393f51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-8893a21ace79666845ab488b8953c970.yaml @@ -0,0 +1,58 @@ +id: forminator-8893a21ace79666845ab488b8953c970 + +info: + name: > + Forminator <= 1.28.1 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f58d5464-b12d-4d01-985a-68854b0b2fdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.28.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-956616cf620f8b1a830cdf6f68014a5e.yaml b/nuclei-templates/cve-less/plugins/forminator-956616cf620f8b1a830cdf6f68014a5e.yaml new file mode 100644 index 0000000000..0b68605309 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-956616cf620f8b1a830cdf6f68014a5e.yaml @@ -0,0 +1,58 @@ +id: forminator-956616cf620f8b1a830cdf6f68014a5e + +info: + name: > + Forminator <= 1.27.0 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13cfa202-ab90-46c0-ab53-00995bfdcaa3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.27.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-bc2f6ff7db9bb1af0cb3049e6fc69b8c.yaml b/nuclei-templates/cve-less/plugins/forminator-bc2f6ff7db9bb1af0cb3049e6fc69b8c.yaml new file mode 100644 index 0000000000..8f50a602bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-bc2f6ff7db9bb1af0cb3049e6fc69b8c.yaml @@ -0,0 +1,58 @@ +id: forminator-bc2f6ff7db9bb1af0cb3049e6fc69b8c + +info: + name: > + Forminator <= 1.29.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/224233bc-68f3-40e4-8182-4831ccce93fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-bd19f19c61a0ea2da7f41821ae297426.yaml b/nuclei-templates/cve-less/plugins/forminator-bd19f19c61a0ea2da7f41821ae297426.yaml new file mode 100644 index 0000000000..0bb7703c3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-bd19f19c61a0ea2da7f41821ae297426.yaml @@ -0,0 +1,58 @@ +id: forminator-bd19f19c61a0ea2da7f41821ae297426 + +info: + name: > + Forminator <= 1.29.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a6fbb60-811a-4763-b301-694bc8d387e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-e8992ee7cc3a04876d739dcede33aada.yaml b/nuclei-templates/cve-less/plugins/forminator-e8992ee7cc3a04876d739dcede33aada.yaml new file mode 100644 index 0000000000..114a09a177 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-e8992ee7cc3a04876d739dcede33aada.yaml @@ -0,0 +1,58 @@ +id: forminator-e8992ee7cc3a04876d739dcede33aada + +info: + name: > + Forminator <= 1.29.0 - Unauthenticated Stored Cross-Site Scripting via File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23feb72c-7e6f-436b-b56e-dc6185302d31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-ee384374dcb64224451204e7db1b00fc.yaml b/nuclei-templates/cve-less/plugins/forminator-ee384374dcb64224451204e7db1b00fc.yaml new file mode 100644 index 0000000000..d5964bc014 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-ee384374dcb64224451204e7db1b00fc.yaml @@ -0,0 +1,58 @@ +id: forminator-ee384374dcb64224451204e7db1b00fc + +info: + name: > + Forminator <= 1.15.2 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d68ab8b-38c8-47aa-8b69-8cebe0a8d24e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.15.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forminator-f4febcd0f8092108616f41cc252ca605.yaml b/nuclei-templates/cve-less/plugins/forminator-f4febcd0f8092108616f41cc252ca605.yaml new file mode 100644 index 0000000000..56f3d787f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forminator-f4febcd0f8092108616f41cc252ca605.yaml @@ -0,0 +1,58 @@ +id: forminator-f4febcd0f8092108616f41cc252ca605 + +info: + name: > + Forminator <= 1.24.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00272fe2-52aa-4183-8b57-6b51ad57c657?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forminator/" + google-query: inurl:"/wp-content/plugins/forminator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forminator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forminator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forminator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forms-ada-form-builder-95a617be3572708cabf012c967fad83d.yaml b/nuclei-templates/cve-less/plugins/forms-ada-form-builder-95a617be3572708cabf012c967fad83d.yaml new file mode 100644 index 0000000000..9cec6f4a98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forms-ada-form-builder-95a617be3572708cabf012c967fad83d.yaml @@ -0,0 +1,58 @@ +id: forms-ada-form-builder-95a617be3572708cabf012c967fad83d + +info: + name: > + Forms Ada <= 1.0 - Reflected Cross-Site Scripting via 'p' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54e330e7-d305-4254-a9e9-4d7f2c54c51c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forms-ada-form-builder/" + google-query: inurl:"/wp-content/plugins/forms-ada-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forms-ada-form-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forms-ada-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forms-ada-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forms-by-made-it-12ca01b6bd94ae75bcfa758e16b20678.yaml b/nuclei-templates/cve-less/plugins/forms-by-made-it-12ca01b6bd94ae75bcfa758e16b20678.yaml new file mode 100644 index 0000000000..447be0e955 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forms-by-made-it-12ca01b6bd94ae75bcfa758e16b20678.yaml @@ -0,0 +1,58 @@ +id: forms-by-made-it-12ca01b6bd94ae75bcfa758e16b20678 + +info: + name: > + Forms <= 1.12.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3424c187-cf71-41f0-abb8-f0e843750465?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forms-by-made-it/" + google-query: inurl:"/wp-content/plugins/forms-by-made-it/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forms-by-made-it,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forms-by-made-it/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forms-by-made-it" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.12.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forms-for-campaign-monitor-d0f30576bf7c027192f1b193ba41eddc.yaml b/nuclei-templates/cve-less/plugins/forms-for-campaign-monitor-d0f30576bf7c027192f1b193ba41eddc.yaml new file mode 100644 index 0000000000..91ee4098c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forms-for-campaign-monitor-d0f30576bf7c027192f1b193ba41eddc.yaml @@ -0,0 +1,58 @@ +id: forms-for-campaign-monitor-d0f30576bf7c027192f1b193ba41eddc + +info: + name: > + Campaign Monitor for WordPress <= 2.8.12 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4d7cab5-1641-4ed3-92c7-ad7594dcb74b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forms-for-campaign-monitor/" + google-query: inurl:"/wp-content/plugins/forms-for-campaign-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forms-for-campaign-monitor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forms-for-campaign-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forms-for-campaign-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forms-gutenberg-41cad88ff79d9f1a300cb623d000ffea.yaml b/nuclei-templates/cve-less/plugins/forms-gutenberg-41cad88ff79d9f1a300cb623d000ffea.yaml new file mode 100644 index 0000000000..c5bbe5244a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forms-gutenberg-41cad88ff79d9f1a300cb623d000ffea.yaml @@ -0,0 +1,58 @@ +id: forms-gutenberg-41cad88ff79d9f1a300cb623d000ffea + +info: + name: > + Gutenberg Forms <= 2.2.8.3 - Authenticated(Subscriber+) Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5964dd2a-e388-4454-89f6-aa71e1734d35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forms-gutenberg/" + google-query: inurl:"/wp-content/plugins/forms-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forms-gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forms-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forms-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forms-to-zapier-fdb7464284f0e3f92d05bc404992df2d.yaml b/nuclei-templates/cve-less/plugins/forms-to-zapier-fdb7464284f0e3f92d05bc404992df2d.yaml new file mode 100644 index 0000000000..cf6b8cc5e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forms-to-zapier-fdb7464284f0e3f92d05bc404992df2d.yaml @@ -0,0 +1,58 @@ +id: forms-to-zapier-fdb7464284f0e3f92d05bc404992df2d + +info: + name: > + Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook <= 1.1.12 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80303684-5e10-474b-b6be-a63327015826?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forms-to-zapier/" + google-query: inurl:"/wp-content/plugins/forms-to-zapier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forms-to-zapier,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forms-to-zapier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forms-to-zapier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formsite-064670bf29900df44464bedf16a7db27.yaml b/nuclei-templates/cve-less/plugins/formsite-064670bf29900df44464bedf16a7db27.yaml new file mode 100644 index 0000000000..96bbaa3f15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formsite-064670bf29900df44464bedf16a7db27.yaml @@ -0,0 +1,58 @@ +id: formsite-064670bf29900df44464bedf16a7db27 + +info: + name: > + Formsite | Embed online forms to collect orders, registrations, leads, and surveys <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/518174ec-44f5-4b5c-a326-0fb2aa661c86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formsite/" + google-query: inurl:"/wp-content/plugins/formsite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formsite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formsite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formsite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formzu-wp-69291e6d8dee217b57f3dde758dcad0f.yaml b/nuclei-templates/cve-less/plugins/formzu-wp-69291e6d8dee217b57f3dde758dcad0f.yaml new file mode 100644 index 0000000000..afefbfdc1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formzu-wp-69291e6d8dee217b57f3dde758dcad0f.yaml @@ -0,0 +1,58 @@ +id: formzu-wp-69291e6d8dee217b57f3dde758dcad0f + +info: + name: > + Formzu WP <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ee73abf-0ab8-48ab-bd94-18ed66f877fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formzu-wp/" + google-query: inurl:"/wp-content/plugins/formzu-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formzu-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formzu-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formzu-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/formzu-wp-f48987de7fcf2018d5328a03cdd21065.yaml b/nuclei-templates/cve-less/plugins/formzu-wp-f48987de7fcf2018d5328a03cdd21065.yaml new file mode 100644 index 0000000000..feca21dfe6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/formzu-wp-f48987de7fcf2018d5328a03cdd21065.yaml @@ -0,0 +1,58 @@ +id: formzu-wp-f48987de7fcf2018d5328a03cdd21065 + +info: + name: > + Formzu WP <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/497e0784-8953-4726-929a-7d5ef129e98e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/formzu-wp/" + google-query: inurl:"/wp-content/plugins/formzu-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,formzu-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/formzu-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "formzu-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forum-server-0856197f54ebc4b1a325747e3d0ab80c.yaml b/nuclei-templates/cve-less/plugins/forum-server-0856197f54ebc4b1a325747e3d0ab80c.yaml new file mode 100644 index 0000000000..fa1c91da80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forum-server-0856197f54ebc4b1a325747e3d0ab80c.yaml @@ -0,0 +1,58 @@ +id: forum-server-0856197f54ebc4b1a325747e3d0ab80c + +info: + name: > + WP Forum Server < 1.7.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4a6c1e4-635f-4d4d-87a4-8eeded25f07f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forum-server/" + google-query: inurl:"/wp-content/plugins/forum-server/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forum-server,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forum-server/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forum-server" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forum-server-399de5e730909b7373d74d984520d5d0.yaml b/nuclei-templates/cve-less/plugins/forum-server-399de5e730909b7373d74d984520d5d0.yaml new file mode 100644 index 0000000000..abf1bc1082 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forum-server-399de5e730909b7373d74d984520d5d0.yaml @@ -0,0 +1,58 @@ +id: forum-server-399de5e730909b7373d74d984520d5d0 + +info: + name: > + WP Forum Server <= 1.6.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85dc6513-90cb-433d-8f8f-5b56b4a76897?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forum-server/" + google-query: inurl:"/wp-content/plugins/forum-server/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forum-server,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forum-server/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forum-server" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forum-server-8cba549bfba1e71b314fc0d37ea95e7a.yaml b/nuclei-templates/cve-less/plugins/forum-server-8cba549bfba1e71b314fc0d37ea95e7a.yaml new file mode 100644 index 0000000000..0801b9379c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forum-server-8cba549bfba1e71b314fc0d37ea95e7a.yaml @@ -0,0 +1,58 @@ +id: forum-server-8cba549bfba1e71b314fc0d37ea95e7a + +info: + name: > + WP Forum Server <= 1.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/190106bd-05ac-4a8f-b7a5-a042092a5713?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forum-server/" + google-query: inurl:"/wp-content/plugins/forum-server/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forum-server,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forum-server/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forum-server" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/forum-server-a4cdd9300b8e89d6cefce68027bae177.yaml b/nuclei-templates/cve-less/plugins/forum-server-a4cdd9300b8e89d6cefce68027bae177.yaml new file mode 100644 index 0000000000..8ff205529e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/forum-server-a4cdd9300b8e89d6cefce68027bae177.yaml @@ -0,0 +1,58 @@ +id: forum-server-a4cdd9300b8e89d6cefce68027bae177 + +info: + name: > + WP Forum Server < 1.7.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65db2345-4b55-466c-b148-7d954de96a87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/forum-server/" + google-query: inurl:"/wp-content/plugins/forum-server/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,forum-server,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/forum-server/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "forum-server" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fossura-tag-miner-18c927eeaab747daf8dbc085388c3619.yaml b/nuclei-templates/cve-less/plugins/fossura-tag-miner-18c927eeaab747daf8dbc085388c3619.yaml new file mode 100644 index 0000000000..a9f809955c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fossura-tag-miner-18c927eeaab747daf8dbc085388c3619.yaml @@ -0,0 +1,58 @@ +id: fossura-tag-miner-18c927eeaab747daf8dbc085388c3619 + +info: + name: > + Tag Miner (Automatic Tag Extraction) < 1.1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a07a643e-1a4b-47fe-9e4a-b4cc070bce74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fossura-tag-miner/" + google-query: inurl:"/wp-content/plugins/fossura-tag-miner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fossura-tag-miner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fossura-tag-miner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fossura-tag-miner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fossura-tag-miner-b1f4f06fa1d08e23be33495079a7bf7e.yaml b/nuclei-templates/cve-less/plugins/fossura-tag-miner-b1f4f06fa1d08e23be33495079a7bf7e.yaml new file mode 100644 index 0000000000..b2d268ace1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fossura-tag-miner-b1f4f06fa1d08e23be33495079a7bf7e.yaml @@ -0,0 +1,58 @@ +id: fossura-tag-miner-b1f4f06fa1d08e23be33495079a7bf7e + +info: + name: > + Tag Miner (Automatic Tag Extraction) < 1.1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dafd1821-1f37-4193-b4bf-19a3d2d15946?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fossura-tag-miner/" + google-query: inurl:"/wp-content/plugins/fossura-tag-miner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fossura-tag-miner,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fossura-tag-miner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fossura-tag-miner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fotobook-7418be2024d99eec31c5374180cc36ac.yaml b/nuclei-templates/cve-less/plugins/fotobook-7418be2024d99eec31c5374180cc36ac.yaml new file mode 100644 index 0000000000..c0c97eb4ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fotobook-7418be2024d99eec31c5374180cc36ac.yaml @@ -0,0 +1,58 @@ +id: fotobook-7418be2024d99eec31c5374180cc36ac + +info: + name: > + Fotobook <= 3.2.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4580748-f5dc-4f05-81d2-a8e9b76a7a7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fotobook/" + google-query: inurl:"/wp-content/plugins/fotobook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fotobook,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fotobook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fotobook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fotomoto-8e8e8d42c36c4d2147a0654eb00c12ca.yaml b/nuclei-templates/cve-less/plugins/fotomoto-8e8e8d42c36c4d2147a0654eb00c12ca.yaml new file mode 100644 index 0000000000..d58614492f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fotomoto-8e8e8d42c36c4d2147a0654eb00c12ca.yaml @@ -0,0 +1,58 @@ +id: fotomoto-8e8e8d42c36c4d2147a0654eb00c12ca + +info: + name: > + Fotomoto <= 1.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fbeee6b-cbc0-462e-96ba-2fd4f54786b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fotomoto/" + google-query: inurl:"/wp-content/plugins/fotomoto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fotomoto,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fotomoto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fotomoto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foursquare-checkins-9b7bc1f0f7f491c09d5edf25ce5f3958.yaml b/nuclei-templates/cve-less/plugins/foursquare-checkins-9b7bc1f0f7f491c09d5edf25ce5f3958.yaml new file mode 100644 index 0000000000..7e9f1a7a34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foursquare-checkins-9b7bc1f0f7f491c09d5edf25ce5f3958.yaml @@ -0,0 +1,58 @@ +id: foursquare-checkins-9b7bc1f0f7f491c09d5edf25ce5f3958 + +info: + name: > + FourSquare Checkins < 1.3 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32d80824-c420-40e8-8c07-fb17b1b50644?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foursquare-checkins/" + google-query: inurl:"/wp-content/plugins/foursquare-checkins/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foursquare-checkins,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foursquare-checkins/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foursquare-checkins" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foxyshop-3853fc9827dc572851bdba569b2c07ee.yaml b/nuclei-templates/cve-less/plugins/foxyshop-3853fc9827dc572851bdba569b2c07ee.yaml new file mode 100644 index 0000000000..d5e359b32c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foxyshop-3853fc9827dc572851bdba569b2c07ee.yaml @@ -0,0 +1,58 @@ +id: foxyshop-3853fc9827dc572851bdba569b2c07ee + +info: + name: > + FoxyShop <= 4.8.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5af2f2a8-ab10-4623-abcd-234017424ab9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foxyshop/" + google-query: inurl:"/wp-content/plugins/foxyshop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foxyshop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foxyshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foxyshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foxyshop-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/foxyshop-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..18d22f2cf2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foxyshop-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: foxyshop-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foxyshop/" + google-query: inurl:"/wp-content/plugins/foxyshop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foxyshop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foxyshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foxyshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/foyer-b150ed41da888a826e21d66b48bee30f.yaml b/nuclei-templates/cve-less/plugins/foyer-b150ed41da888a826e21d66b48bee30f.yaml new file mode 100644 index 0000000000..f8e0a688df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/foyer-b150ed41da888a826e21d66b48bee30f.yaml @@ -0,0 +1,58 @@ +id: foyer-b150ed41da888a826e21d66b48bee30f + +info: + name: > + Foyer <= 1.7.5 - Content Injection via Improper Access Control + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97344674-15df-45e6-9906-f21a9920a6e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/foyer/" + google-query: inurl:"/wp-content/plugins/foyer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,foyer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/foyer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foyer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/free-comments-for-wordpress-vuukle-bc5c2979003bab8e2b8da8b35bec03cb.yaml b/nuclei-templates/cve-less/plugins/free-comments-for-wordpress-vuukle-bc5c2979003bab8e2b8da8b35bec03cb.yaml new file mode 100644 index 0000000000..1e2bd4740d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/free-comments-for-wordpress-vuukle-bc5c2979003bab8e2b8da8b35bec03cb.yaml @@ -0,0 +1,58 @@ +id: free-comments-for-wordpress-vuukle-bc5c2979003bab8e2b8da8b35bec03cb + +info: + name: > + Vuukle Comments, Reactions, Share Bar, Revenue <= 3.4.31 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff28f33f-85d1-4987-975b-ee3bbcb394f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/free-comments-for-wordpress-vuukle/" + google-query: inurl:"/wp-content/plugins/free-comments-for-wordpress-vuukle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,free-comments-for-wordpress-vuukle,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/free-comments-for-wordpress-vuukle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "free-comments-for-wordpress-vuukle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/free-counter-5e704515f93be9a32478b5bfd42a6016.yaml b/nuclei-templates/cve-less/plugins/free-counter-5e704515f93be9a32478b5bfd42a6016.yaml new file mode 100644 index 0000000000..5251128965 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/free-counter-5e704515f93be9a32478b5bfd42a6016.yaml @@ -0,0 +1,58 @@ +id: free-counter-5e704515f93be9a32478b5bfd42a6016 + +info: + name: > + Free counter <= 1.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/011fad07-0235-41e1-83b5-09588dd63d50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/free-counter/" + google-query: inurl:"/wp-content/plugins/free-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,free-counter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/free-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "free-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/free-event-banner-47d3ad7250426f9e950984c71ba1d1f7.yaml b/nuclei-templates/cve-less/plugins/free-event-banner-47d3ad7250426f9e950984c71ba1d1f7.yaml new file mode 100644 index 0000000000..1e88fe4fca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/free-event-banner-47d3ad7250426f9e950984c71ba1d1f7.yaml @@ -0,0 +1,58 @@ +id: free-event-banner-47d3ad7250426f9e950984c71ba1d1f7 + +info: + name: > + Event Banner <= 1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c500c5b-04b9-47d7-9296-dd5378cd5ab0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/free-event-banner/" + google-query: inurl:"/wp-content/plugins/free-event-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,free-event-banner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/free-event-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "free-event-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/free-facebook-reviews-and-recommendations-widgets-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/free-facebook-reviews-and-recommendations-widgets-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..1c7c17014e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/free-facebook-reviews-and-recommendations-widgets-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: free-facebook-reviews-and-recommendations-widgets-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/free-facebook-reviews-and-recommendations-widgets/" + google-query: inurl:"/wp-content/plugins/free-facebook-reviews-and-recommendations-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,free-facebook-reviews-and-recommendations-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/free-facebook-reviews-and-recommendations-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "free-facebook-reviews-and-recommendations-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/free-google-fonts-e969b7015915e405c8b6916d239e090c.yaml b/nuclei-templates/cve-less/plugins/free-google-fonts-e969b7015915e405c8b6916d239e090c.yaml new file mode 100644 index 0000000000..469b880272 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/free-google-fonts-e969b7015915e405c8b6916d239e090c.yaml @@ -0,0 +1,58 @@ +id: free-google-fonts-e969b7015915e405c8b6916d239e090c + +info: + name: > + Google Fonts For WordPress <= 3.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94712f92-5045-420b-9d6d-59a4c031e998?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/free-google-fonts/" + google-query: inurl:"/wp-content/plugins/free-google-fonts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,free-google-fonts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/free-google-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "free-google-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-2199233b48f19d9d270781cada038885.yaml b/nuclei-templates/cve-less/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-2199233b48f19d9d270781cada038885.yaml new file mode 100644 index 0000000000..2e24b651d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-2199233b48f19d9d270781cada038885.yaml @@ -0,0 +1,58 @@ +id: free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-2199233b48f19d9d270781cada038885 + +info: + name: > + WP Lead Plus X <= 0.98 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81f993ec-9a7f-4e55-bc88-ea832ce49773?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/" + google-query: inurl:"/wp-content/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,free-sales-funnel-squeeze-pages-landing-page-builder-templates-make,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.98') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-5b689436673a442f720046bb44c5bd16.yaml b/nuclei-templates/cve-less/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-5b689436673a442f720046bb44c5bd16.yaml new file mode 100644 index 0000000000..de1b9591a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-5b689436673a442f720046bb44c5bd16.yaml @@ -0,0 +1,58 @@ +id: free-sales-funnel-squeeze-pages-landing-page-builder-templates-make-5b689436673a442f720046bb44c5bd16 + +info: + name: > + WordPress Landing Page – Squeeze Page – Responsive Landing Page Builder Free – WP Lead Plus X <= 0.98 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cfe69ae-2d42-484e-9c35-672394219ec2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/" + google-query: inurl:"/wp-content/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,free-sales-funnel-squeeze-pages-landing-page-builder-templates-make,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/free-sales-funnel-squeeze-pages-landing-page-builder-templates-make/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "free-sales-funnel-squeeze-pages-landing-page-builder-templates-make" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.99') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/freemind-wp-browser-76c5ff841d2dc96506f10e16c9ef0103.yaml b/nuclei-templates/cve-less/plugins/freemind-wp-browser-76c5ff841d2dc96506f10e16c9ef0103.yaml new file mode 100644 index 0000000000..fefb19fc1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/freemind-wp-browser-76c5ff841d2dc96506f10e16c9ef0103.yaml @@ -0,0 +1,58 @@ +id: freemind-wp-browser-76c5ff841d2dc96506f10e16c9ef0103 + +info: + name: > + FreeMind WP Browser <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5f3e34d-07fb-4e49-a4e2-f8e92301b35e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/freemind-wp-browser/" + google-query: inurl:"/wp-content/plugins/freemind-wp-browser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,freemind-wp-browser,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/freemind-wp-browser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "freemind-wp-browser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/freesoul-deactivate-plugins-1cfbdd673750e91f71ee06cc181559e1.yaml b/nuclei-templates/cve-less/plugins/freesoul-deactivate-plugins-1cfbdd673750e91f71ee06cc181559e1.yaml new file mode 100644 index 0000000000..dfa0505753 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/freesoul-deactivate-plugins-1cfbdd673750e91f71ee06cc181559e1.yaml @@ -0,0 +1,58 @@ +id: freesoul-deactivate-plugins-1cfbdd673750e91f71ee06cc181559e1 + +info: + name: > + Freesoul Deactivate Plugins <= 1.9.4.0 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c4eb735-46bc-4eed-9d9a-b3bd42d18eed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/freesoul-deactivate-plugins/" + google-query: inurl:"/wp-content/plugins/freesoul-deactivate-plugins/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,freesoul-deactivate-plugins,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/freesoul-deactivate-plugins/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "freesoul-deactivate-plugins" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/freesoul-deactivate-plugins-5097af34e8087d4348de3729aa8f3d5b.yaml b/nuclei-templates/cve-less/plugins/freesoul-deactivate-plugins-5097af34e8087d4348de3729aa8f3d5b.yaml new file mode 100644 index 0000000000..19879f7c89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/freesoul-deactivate-plugins-5097af34e8087d4348de3729aa8f3d5b.yaml @@ -0,0 +1,58 @@ +id: freesoul-deactivate-plugins-5097af34e8087d4348de3729aa8f3d5b + +info: + name: > + Freesoul Deactivate Plugins <= 2.1.3 - Cross-Site Request Forgery via eos_dp_pro_delete_transient + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2949ff1-5c69-4189-99a9-e50c65c78461?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/freesoul-deactivate-plugins/" + google-query: inurl:"/wp-content/plugins/freesoul-deactivate-plugins/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,freesoul-deactivate-plugins,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/freesoul-deactivate-plugins/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "freesoul-deactivate-plugins" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fresh-page-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/fresh-page-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..0dccb3403e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fresh-page-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: fresh-page-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fresh-page/" + google-query: inurl:"/wp-content/plugins/fresh-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fresh-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fresh-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fresh-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/freshdesk-support-1d392651d303b5509be666b562dfa310.yaml b/nuclei-templates/cve-less/plugins/freshdesk-support-1d392651d303b5509be666b562dfa310.yaml new file mode 100644 index 0000000000..0ec5f9f161 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/freshdesk-support-1d392651d303b5509be666b562dfa310.yaml @@ -0,0 +1,58 @@ +id: freshdesk-support-1d392651d303b5509be666b562dfa310 + +info: + name: > + Freshdesk (official) <= 1.7 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6f20fc3-41e5-4220-ac8b-54eb11719f07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/freshdesk-support/" + google-query: inurl:"/wp-content/plugins/freshdesk-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,freshdesk-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/freshdesk-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "freshdesk-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/freshdesk-support-7b87f2683ffda077fe6e0a14f3353b96.yaml b/nuclei-templates/cve-less/plugins/freshdesk-support-7b87f2683ffda077fe6e0a14f3353b96.yaml new file mode 100644 index 0000000000..d5f29e53f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/freshdesk-support-7b87f2683ffda077fe6e0a14f3353b96.yaml @@ -0,0 +1,58 @@ +id: freshdesk-support-7b87f2683ffda077fe6e0a14f3353b96 + +info: + name: > + Freshdesk (official) <= 2.3.6 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36d2fbbf-ea0e-4785-9b83-b642e59c713d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/freshdesk-support/" + google-query: inurl:"/wp-content/plugins/freshdesk-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,freshdesk-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/freshdesk-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "freshdesk-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/freshmail-integration-df35942c96b3dddb6612a4cd575a5663.yaml b/nuclei-templates/cve-less/plugins/freshmail-integration-df35942c96b3dddb6612a4cd575a5663.yaml new file mode 100644 index 0000000000..d457faf809 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/freshmail-integration-df35942c96b3dddb6612a4cd575a5663.yaml @@ -0,0 +1,58 @@ +id: freshmail-integration-df35942c96b3dddb6612a4cd575a5663 + +info: + name: > + FreshMail For WordPress <= 2.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10ffe689-143a-4232-8094-45844dc5262b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/freshmail-integration/" + google-query: inurl:"/wp-content/plugins/freshmail-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,freshmail-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/freshmail-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "freshmail-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/freshmail-integration-fc5d9e94a9531f198a2342d8d3133a1e.yaml b/nuclei-templates/cve-less/plugins/freshmail-integration-fc5d9e94a9531f198a2342d8d3133a1e.yaml new file mode 100644 index 0000000000..12dc631dad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/freshmail-integration-fc5d9e94a9531f198a2342d8d3133a1e.yaml @@ -0,0 +1,58 @@ +id: freshmail-integration-fc5d9e94a9531f198a2342d8d3133a1e + +info: + name: > + FreshMail For WordPress <= 2.3.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e87fe70d-5ac3-40ee-a8d0-601d7b417562?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/freshmail-integration/" + google-query: inurl:"/wp-content/plugins/freshmail-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,freshmail-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/freshmail-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "freshmail-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/freshmail-newsletter-65920cbefe2613a05348e64d8746a7b6.yaml b/nuclei-templates/cve-less/plugins/freshmail-newsletter-65920cbefe2613a05348e64d8746a7b6.yaml new file mode 100644 index 0000000000..71b8fc6df7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/freshmail-newsletter-65920cbefe2613a05348e64d8746a7b6.yaml @@ -0,0 +1,58 @@ +id: freshmail-newsletter-65920cbefe2613a05348e64d8746a7b6 + +info: + name: > + Freshmail for WordPress <= 1.5.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db4dbbbe-1edb-47a6-8d11-8a019e05dfae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/freshmail-newsletter/" + google-query: inurl:"/wp-content/plugins/freshmail-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,freshmail-newsletter,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/freshmail-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "freshmail-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/friends-5ca6e072da0718d54bf45a16b11714b0.yaml b/nuclei-templates/cve-less/plugins/friends-5ca6e072da0718d54bf45a16b11714b0.yaml new file mode 100644 index 0000000000..5714184c2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/friends-5ca6e072da0718d54bf45a16b11714b0.yaml @@ -0,0 +1,58 @@ +id: friends-5ca6e072da0718d54bf45a16b11714b0 + +info: + name: > + Friends <= 2.8.5 - Authenticated (Admin+) Blind Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72e1fbce-86ae-4518-a613-7c322193acf4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/friends/" + google-query: inurl:"/wp-content/plugins/friends/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,friends,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/friends/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "friends" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/front-editor-6d00e8bb2297cf89cd61e97ee33f9584.yaml b/nuclei-templates/cve-less/plugins/front-editor-6d00e8bb2297cf89cd61e97ee33f9584.yaml new file mode 100644 index 0000000000..05591a33cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/front-editor-6d00e8bb2297cf89cd61e97ee33f9584.yaml @@ -0,0 +1,58 @@ +id: front-editor-6d00e8bb2297cf89cd61e97ee33f9584 + +info: + name: > + Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82eb759f-e8d5-40c6-998f-f6981d9d6644?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/front-editor/" + google-query: inurl:"/wp-content/plugins/front-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,front-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/front-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "front-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/front-editor-daaaa272b2f5cd2cb1ddbf8cf5560d23.yaml b/nuclei-templates/cve-less/plugins/front-editor-daaaa272b2f5cd2cb1ddbf8cf5560d23.yaml new file mode 100644 index 0000000000..ddf332ab6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/front-editor-daaaa272b2f5cd2cb1ddbf8cf5560d23.yaml @@ -0,0 +1,58 @@ +id: front-editor-daaaa272b2f5cd2cb1ddbf8cf5560d23 + +info: + name: > + Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor <= 4.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfea441c-2e77-47fa-8f6e-8d17d0c90ebe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/front-editor/" + google-query: inurl:"/wp-content/plugins/front-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,front-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/front-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "front-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/front-end-only-users-64fa318eea101296cd3a97fbe96ebb75.yaml b/nuclei-templates/cve-less/plugins/front-end-only-users-64fa318eea101296cd3a97fbe96ebb75.yaml new file mode 100644 index 0000000000..31b70a2fca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/front-end-only-users-64fa318eea101296cd3a97fbe96ebb75.yaml @@ -0,0 +1,58 @@ +id: front-end-only-users-64fa318eea101296cd3a97fbe96ebb75 + +info: + name: > + Front End Users <= 3.2.27 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e076e054-6a0b-4c08-b0cc-bd3a5b0751e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/front-end-only-users/" + google-query: inurl:"/wp-content/plugins/front-end-only-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,front-end-only-users,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/front-end-only-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "front-end-only-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/front-end-only-users-b32372bcfcf7108428ee834bd234fb8e.yaml b/nuclei-templates/cve-less/plugins/front-end-only-users-b32372bcfcf7108428ee834bd234fb8e.yaml new file mode 100644 index 0000000000..62783f6c68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/front-end-only-users-b32372bcfcf7108428ee834bd234fb8e.yaml @@ -0,0 +1,58 @@ +id: front-end-only-users-b32372bcfcf7108428ee834bd234fb8e + +info: + name: > + Front End Users <= 3.2.24 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee13399f-0fc9-40f3-93f5-34c913d54aa0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/front-end-only-users/" + google-query: inurl:"/wp-content/plugins/front-end-only-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,front-end-only-users,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/front-end-only-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "front-end-only-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/front-end-pm-d25fbd06f353d86f93a0e72e7cf70e64.yaml b/nuclei-templates/cve-less/plugins/front-end-pm-d25fbd06f353d86f93a0e72e7cf70e64.yaml new file mode 100644 index 0000000000..f98a3ba874 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/front-end-pm-d25fbd06f353d86f93a0e72e7cf70e64.yaml @@ -0,0 +1,58 @@ +id: front-end-pm-d25fbd06f353d86f93a0e72e7cf70e64 + +info: + name: > + Front End PM < 11.4.3 - Sensitive Information Exposure via Directory Listing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8250c277-200a-4808-98ae-ede169aad3fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/front-end-pm/" + google-query: inurl:"/wp-content/plugins/front-end-pm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,front-end-pm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/front-end-pm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "front-end-pm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 11.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/frontend-dashboard-ab5a35988c81716c4246b4eebac9618b.yaml b/nuclei-templates/cve-less/plugins/frontend-dashboard-ab5a35988c81716c4246b4eebac9618b.yaml new file mode 100644 index 0000000000..cfff4253c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/frontend-dashboard-ab5a35988c81716c4246b4eebac9618b.yaml @@ -0,0 +1,58 @@ +id: frontend-dashboard-ab5a35988c81716c4246b4eebac9618b + +info: + name: > + Frontend Dashboard <= 2.2.2 - + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2e96557-7341-4da9-81ca-2bd17a85559e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/frontend-dashboard/" + google-query: inurl:"/wp-content/plugins/frontend-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,frontend-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/frontend-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "frontend-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/frontend-dashboard-d5fd81597164f2848144dc46b48d8bc3.yaml b/nuclei-templates/cve-less/plugins/frontend-dashboard-d5fd81597164f2848144dc46b48d8bc3.yaml new file mode 100644 index 0000000000..e32f80e66f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/frontend-dashboard-d5fd81597164f2848144dc46b48d8bc3.yaml @@ -0,0 +1,58 @@ +id: frontend-dashboard-d5fd81597164f2848144dc46b48d8bc3 + +info: + name: > + Frontend Dashboard <= 2.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9ca2479-10ce-42ec-a9f3-0f91119d9525?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/frontend-dashboard/" + google-query: inurl:"/wp-content/plugins/frontend-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,frontend-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/frontend-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "frontend-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/frontend-uploader-5804085185dabeb708155bde523d6d27.yaml b/nuclei-templates/cve-less/plugins/frontend-uploader-5804085185dabeb708155bde523d6d27.yaml new file mode 100644 index 0000000000..c3d08fcde4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/frontend-uploader-5804085185dabeb708155bde523d6d27.yaml @@ -0,0 +1,58 @@ +id: frontend-uploader-5804085185dabeb708155bde523d6d27 + +info: + name: > + Frontend Uploader < 0.9.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a0974a5-cfed-4d4d-ae91-f74d9cd531e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/frontend-uploader/" + google-query: inurl:"/wp-content/plugins/frontend-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,frontend-uploader,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/frontend-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "frontend-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/frontend-uploader-968d2b25d7330f5b3338dbe58174f4a6.yaml b/nuclei-templates/cve-less/plugins/frontend-uploader-968d2b25d7330f5b3338dbe58174f4a6.yaml new file mode 100644 index 0000000000..9bfe3f146d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/frontend-uploader-968d2b25d7330f5b3338dbe58174f4a6.yaml @@ -0,0 +1,58 @@ +id: frontend-uploader-968d2b25d7330f5b3338dbe58174f4a6 + +info: + name: > + Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/770f3c25-effb-40ea-bd1c-7874c456ab0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/frontend-uploader/" + google-query: inurl:"/wp-content/plugins/frontend-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,frontend-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/frontend-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "frontend-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/frontier-post-2bc2ba180bc24d4dc3efaf03022e4d70.yaml b/nuclei-templates/cve-less/plugins/frontier-post-2bc2ba180bc24d4dc3efaf03022e4d70.yaml new file mode 100644 index 0000000000..336a987fbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/frontier-post-2bc2ba180bc24d4dc3efaf03022e4d70.yaml @@ -0,0 +1,58 @@ +id: frontier-post-2bc2ba180bc24d4dc3efaf03022e4d70 + +info: + name: > + Frontier Post <= 6.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24ef5844-93d6-4ba3-bd0a-b8837bbd7baf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/frontier-post/" + google-query: inurl:"/wp-content/plugins/frontier-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,frontier-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/frontier-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "frontier-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/frontpage-manager-ec922857042222c2b2c5391db25ce37a.yaml b/nuclei-templates/cve-less/plugins/frontpage-manager-ec922857042222c2b2c5391db25ce37a.yaml new file mode 100644 index 0000000000..5bf0c91131 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/frontpage-manager-ec922857042222c2b2c5391db25ce37a.yaml @@ -0,0 +1,58 @@ +id: frontpage-manager-ec922857042222c2b2c5391db25ce37a + +info: + name: > + Frontpage Manager <= 1.3 - Cross-Site Request Forgery via admin_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/953f4838-d0d5-4546-ac97-c1b442236c5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/frontpage-manager/" + google-query: inurl:"/wp-content/plugins/frontpage-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,frontpage-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/frontpage-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "frontpage-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fs-license-manager-28e4059a1c8041c52ed2e0e28f51c1c6.yaml b/nuclei-templates/cve-less/plugins/fs-license-manager-28e4059a1c8041c52ed2e0e28f51c1c6.yaml new file mode 100644 index 0000000000..86ee36500e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fs-license-manager-28e4059a1c8041c52ed2e0e28f51c1c6.yaml @@ -0,0 +1,58 @@ +id: fs-license-manager-28e4059a1c8041c52ed2e0e28f51c1c6 + +info: + name: > + WooCommerce License Manager <= 5.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e67b6467-b96b-431c-9a0d-91919ab1c138?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fs-license-manager/" + google-query: inurl:"/wp-content/plugins/fs-license-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fs-license-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fs-license-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fs-license-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fs-shopping-cart-41d0ef3672db9c552872805c429ef89f.yaml b/nuclei-templates/cve-less/plugins/fs-shopping-cart-41d0ef3672db9c552872805c429ef89f.yaml new file mode 100644 index 0000000000..8ff1dad46e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fs-shopping-cart-41d0ef3672db9c552872805c429ef89f.yaml @@ -0,0 +1,58 @@ +id: fs-shopping-cart-41d0ef3672db9c552872805c429ef89f + +info: + name: > + FireStorm Shopping Cart eCommerce Plugin <= 2.07.02 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87e408c4-55da-4765-8ca6-e709b9045c8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fs-shopping-cart/" + google-query: inurl:"/wp-content/plugins/fs-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fs-shopping-cart,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fs-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fs-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.07.02') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fscf-sms-167d9672411be44feb72a5175fd0987c.yaml b/nuclei-templates/cve-less/plugins/fscf-sms-167d9672411be44feb72a5175fd0987c.yaml new file mode 100644 index 0000000000..b328938bc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fscf-sms-167d9672411be44feb72a5175fd0987c.yaml @@ -0,0 +1,58 @@ +id: fscf-sms-167d9672411be44feb72a5175fd0987c + +info: + name: > + Clockwork SMS Plugins - Multiple Versions - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f35a20-ffcf-4413-b1ea-748cd6aa6f20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fscf-sms/" + google-query: inurl:"/wp-content/plugins/fscf-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fscf-sms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fscf-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fscf-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fsflex-local-fonts-4ccd73756d3ff800ac0459f5347027d3.yaml b/nuclei-templates/cve-less/plugins/fsflex-local-fonts-4ccd73756d3ff800ac0459f5347027d3.yaml new file mode 100644 index 0000000000..5625d5e1fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fsflex-local-fonts-4ccd73756d3ff800ac0459f5347027d3.yaml @@ -0,0 +1,58 @@ +id: fsflex-local-fonts-4ccd73756d3ff800ac0459f5347027d3 + +info: + name: > + Flex Local Fonts <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5744ed4-f150-48a6-9f5d-d49f9d4c8454?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fsflex-local-fonts/" + google-query: inurl:"/wp-content/plugins/fsflex-local-fonts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fsflex-local-fonts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fsflex-local-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fsflex-local-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ftp-access-3fbce7126258b6f86e3d8d39cbcb69cc.yaml b/nuclei-templates/cve-less/plugins/ftp-access-3fbce7126258b6f86e3d8d39cbcb69cc.yaml new file mode 100644 index 0000000000..7efa0457a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ftp-access-3fbce7126258b6f86e3d8d39cbcb69cc.yaml @@ -0,0 +1,58 @@ +id: ftp-access-3fbce7126258b6f86e3d8d39cbcb69cc + +info: + name: > + FTP Access <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a1e0d55-2894-450b-afaf-134a13512403?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ftp-access/" + google-query: inurl:"/wp-content/plugins/ftp-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ftp-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ftp-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ftp-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fudousan-plugin-65a4435f7b10b8d8206ed3ab27dff439.yaml b/nuclei-templates/cve-less/plugins/fudousan-plugin-65a4435f7b10b8d8206ed3ab27dff439.yaml new file mode 100644 index 0000000000..81becf3e75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fudousan-plugin-65a4435f7b10b8d8206ed3ab27dff439.yaml @@ -0,0 +1,58 @@ +id: fudousan-plugin-65a4435f7b10b8d8206ed3ab27dff439 + +info: + name: > + Fudousan Plugin <= 5.7.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/413fa88f-1f06-4386-9cc1-53009da939d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fudousan-plugin/" + google-query: inurl:"/wp-content/plugins/fudousan-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fudousan-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fudousan-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fudousan-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/full-customer-1e47a59c0ad1f7f985e2120ccff4f8d1.yaml b/nuclei-templates/cve-less/plugins/full-customer-1e47a59c0ad1f7f985e2120ccff4f8d1.yaml new file mode 100644 index 0000000000..5ab9ed5070 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/full-customer-1e47a59c0ad1f7f985e2120ccff4f8d1.yaml @@ -0,0 +1,58 @@ +id: full-customer-1e47a59c0ad1f7f985e2120ccff4f8d1 + +info: + name: > + FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Improper Authorization to Arbitrary Plugin Installation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9799df3f-e34e-42a7-8a72-fa57682f7014?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/full-customer/" + google-query: inurl:"/wp-content/plugins/full-customer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,full-customer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/full-customer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "full-customer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/full-customer-cb4a0a7493c7105139c64a6aefea1dd1.yaml b/nuclei-templates/cve-less/plugins/full-customer-cb4a0a7493c7105139c64a6aefea1dd1.yaml new file mode 100644 index 0000000000..48028e22a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/full-customer-cb4a0a7493c7105139c64a6aefea1dd1.yaml @@ -0,0 +1,58 @@ +id: full-customer-cb4a0a7493c7105139c64a6aefea1dd1 + +info: + name: > + FULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Information Disclosure via Health Check + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a77d0fb5-8829-407d-a40a-169cf0c5f837?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/full-customer/" + google-query: inurl:"/wp-content/plugins/full-customer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,full-customer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/full-customer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "full-customer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/full-site-editing-405731b58f15425302771df60a27b5be.yaml b/nuclei-templates/cve-less/plugins/full-site-editing-405731b58f15425302771df60a27b5be.yaml new file mode 100644 index 0000000000..14f31ee521 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/full-site-editing-405731b58f15425302771df60a27b5be.yaml @@ -0,0 +1,58 @@ +id: full-site-editing-405731b58f15425302771df60a27b5be + +info: + name: > + WordPress.com Editing Toolkit <= 3.78784 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b54307fb-ecbc-4742-9deb-59dbb85b4a7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/full-site-editing/" + google-query: inurl:"/wp-content/plugins/full-site-editing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,full-site-editing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/full-site-editing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "full-site-editing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.78784') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/full-width-responsive-slider-wp-c94b94b1075a77552263f3a72928ed0c.yaml b/nuclei-templates/cve-less/plugins/full-width-responsive-slider-wp-c94b94b1075a77552263f3a72928ed0c.yaml new file mode 100644 index 0000000000..227aa9b097 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/full-width-responsive-slider-wp-c94b94b1075a77552263f3a72928ed0c.yaml @@ -0,0 +1,58 @@ +id: full-width-responsive-slider-wp-c94b94b1075a77552263f3a72928ed0c + +info: + name: > + Full Width Banner Slider Wp <= 1.1.7 - Reflected Cross-Site Scripting via search_term + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb4bb127-360d-4f17-9da9-f7be17140ff3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/full-width-responsive-slider-wp/" + google-query: inurl:"/wp-content/plugins/full-width-responsive-slider-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,full-width-responsive-slider-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/full-width-responsive-slider-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "full-width-responsive-slider-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fullscreen-galleria-5800bdb88427729dfe9beda3923c95e4.yaml b/nuclei-templates/cve-less/plugins/fullscreen-galleria-5800bdb88427729dfe9beda3923c95e4.yaml new file mode 100644 index 0000000000..89089c71db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fullscreen-galleria-5800bdb88427729dfe9beda3923c95e4.yaml @@ -0,0 +1,58 @@ +id: fullscreen-galleria-5800bdb88427729dfe9beda3923c95e4 + +info: + name: > + Fullscreen Galleria <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efb0c7d9-0e93-404b-9032-54d64cfcd4c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fullscreen-galleria/" + google-query: inurl:"/wp-content/plugins/fullscreen-galleria/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fullscreen-galleria,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fullscreen-galleria/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fullscreen-galleria" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fulltext-search-b0298fb4feee8bd9ed9da9efccd4ef90.yaml b/nuclei-templates/cve-less/plugins/fulltext-search-b0298fb4feee8bd9ed9da9efccd4ef90.yaml new file mode 100644 index 0000000000..7c2546e942 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fulltext-search-b0298fb4feee8bd9ed9da9efccd4ef90.yaml @@ -0,0 +1,58 @@ +id: fulltext-search-b0298fb4feee8bd9ed9da9efccd4ef90 + +info: + name: > + WP Fast Total Search <= 1.59.211 - Authenticated (Contributor+) Stored Cross-Site Scripting via WPFTS Live Search Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec4d27d6-b54f-4fac-9a49-6798da4f0acc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fulltext-search/" + google-query: inurl:"/wp-content/plugins/fulltext-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fulltext-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fulltext-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fulltext-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.59.211') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnel-builder-156cbee34f493f34443d5f3b942f355c.yaml b/nuclei-templates/cve-less/plugins/funnel-builder-156cbee34f493f34443d5f3b942f355c.yaml new file mode 100644 index 0000000000..fe7a68fe32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnel-builder-156cbee34f493f34443d5f3b942f355c.yaml @@ -0,0 +1,58 @@ +id: funnel-builder-156cbee34f493f34443d5f3b942f355c + +info: + name: > + Funnel Builder for WordPress by FunnelKit <= 2.14.3 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf172a41-31dc-4864-9385-53decdc70aeb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnel-builder/" + google-query: inurl:"/wp-content/plugins/funnel-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnel-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnel-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnel-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.14.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnelforms-free-1389f4413b4c34ddc59ef4e67e6f0a3f.yaml b/nuclei-templates/cve-less/plugins/funnelforms-free-1389f4413b4c34ddc59ef4e67e6f0a3f.yaml new file mode 100644 index 0000000000..dd6d5b326f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnelforms-free-1389f4413b4c34ddc59ef4e67e6f0a3f.yaml @@ -0,0 +1,58 @@ +id: funnelforms-free-1389f4413b4c34ddc59ef4e67e6f0a3f + +info: + name: > + Funnelforms Free <= 3.4 - Missing Authorization to Enable/Disable Dark Mode + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccb34b44-9fa4-4ebe-b217-b2a42920247f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnelforms-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnelforms-free-1d54b8b23176b36e6deb663d5a8ceaf5.yaml b/nuclei-templates/cve-less/plugins/funnelforms-free-1d54b8b23176b36e6deb663d5a8ceaf5.yaml new file mode 100644 index 0000000000..da259f7730 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnelforms-free-1d54b8b23176b36e6deb663d5a8ceaf5.yaml @@ -0,0 +1,58 @@ +id: funnelforms-free-1d54b8b23176b36e6deb663d5a8ceaf5 + +info: + name: > + Funnelforms Free <= 3.4 - Missing Authorization to Post Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/816f5fc1-e4e6-4c0d-b222-fe733f026e33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnelforms-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnelforms-free-21adcc5933f66f0dc2a717df7e950d3b.yaml b/nuclei-templates/cve-less/plugins/funnelforms-free-21adcc5933f66f0dc2a717df7e950d3b.yaml new file mode 100644 index 0000000000..ae60d3b91d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnelforms-free-21adcc5933f66f0dc2a717df7e950d3b.yaml @@ -0,0 +1,58 @@ +id: funnelforms-free-21adcc5933f66f0dc2a717df7e950d3b + +info: + name: > + Funnelforms Free <= 3.4 - Missing Authorization to New Category Creation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ec3051e-a5e4-48ee-8f8e-eb5dbc482f33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnelforms-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnelforms-free-51b13423fa98551af760a9195cddd0e6.yaml b/nuclei-templates/cve-less/plugins/funnelforms-free-51b13423fa98551af760a9195cddd0e6.yaml new file mode 100644 index 0000000000..5dc21eb3a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnelforms-free-51b13423fa98551af760a9195cddd0e6.yaml @@ -0,0 +1,58 @@ +id: funnelforms-free-51b13423fa98551af760a9195cddd0e6 + +info: + name: > + Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Duplication + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d35ec0f0-fa7a-4531-b5f7-5adcf2af051c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnelforms-free,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnelforms-free-5627877412d66448db75b857038f84e0.yaml b/nuclei-templates/cve-less/plugins/funnelforms-free-5627877412d66448db75b857038f84e0.yaml new file mode 100644 index 0000000000..70e88c84c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnelforms-free-5627877412d66448db75b857038f84e0.yaml @@ -0,0 +1,58 @@ +id: funnelforms-free-5627877412d66448db75b857038f84e0 + +info: + name: > + Funnelforms Free <= 3.4 - Cross-Site Request Forgery to Arbitrary Post Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72e4428b-d2cd-471f-9821-947f4601fd64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnelforms-free,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnelforms-free-706745fef06bc5b6b3083d2b8e19d2e9.yaml b/nuclei-templates/cve-less/plugins/funnelforms-free-706745fef06bc5b6b3083d2b8e19d2e9.yaml new file mode 100644 index 0000000000..816705dacc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnelforms-free-706745fef06bc5b6b3083d2b8e19d2e9.yaml @@ -0,0 +1,58 @@ +id: funnelforms-free-706745fef06bc5b6b3083d2b8e19d2e9 + +info: + name: > + Funnelforms Free <= 3.3.9 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebcbf872-1420-4a57-a4b4-8a52ba74e0a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnelforms-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnelforms-free-7e168d2cbd20b0d5ec60c962781efa94.yaml b/nuclei-templates/cve-less/plugins/funnelforms-free-7e168d2cbd20b0d5ec60c962781efa94.yaml new file mode 100644 index 0000000000..444e22687d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnelforms-free-7e168d2cbd20b0d5ec60c962781efa94.yaml @@ -0,0 +1,58 @@ +id: funnelforms-free-7e168d2cbd20b0d5ec60c962781efa94 + +info: + name: > + Funnelforms Free <= 3.4 - Missing Authorization to Test Email Sending + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64248d15-e6a7-442f-b269-e9f629d297d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnelforms-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnelforms-free-8cbb632e23e9fd1207c7a31fa3fa33cd.yaml b/nuclei-templates/cve-less/plugins/funnelforms-free-8cbb632e23e9fd1207c7a31fa3fa33cd.yaml new file mode 100644 index 0000000000..f8c6206990 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnelforms-free-8cbb632e23e9fd1207c7a31fa3fa33cd.yaml @@ -0,0 +1,58 @@ +id: funnelforms-free-8cbb632e23e9fd1207c7a31fa3fa33cd + +info: + name: > + Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/400fe58b-8203-4fd5-a3d3-d30eb1b8cd85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnelforms-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnelforms-free-a0259835bb015f0f8ae0efa060f9f185.yaml b/nuclei-templates/cve-less/plugins/funnelforms-free-a0259835bb015f0f8ae0efa060f9f185.yaml new file mode 100644 index 0000000000..309a82ec1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnelforms-free-a0259835bb015f0f8ae0efa060f9f185.yaml @@ -0,0 +1,58 @@ +id: funnelforms-free-a0259835bb015f0f8ae0efa060f9f185 + +info: + name: > + Funnelforms Free <= 3.4 - Missing Authorization to Category Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/992fc98f-4b23-4596-81fb-5543d82fd615?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnelforms-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnelforms-free-e1ad7ec25f4d848d78b5d1ca911d7ff1.yaml b/nuclei-templates/cve-less/plugins/funnelforms-free-e1ad7ec25f4d848d78b5d1ca911d7ff1.yaml new file mode 100644 index 0000000000..b830f1abc3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnelforms-free-e1ad7ec25f4d848d78b5d1ca911d7ff1.yaml @@ -0,0 +1,58 @@ +id: funnelforms-free-e1ad7ec25f4d848d78b5d1ca911d7ff1 + +info: + name: > + Funnelforms Free <= 3.4 - Missing Authorization to Arbitrary Post Duplication + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2719afc-e52c-4fcc-b030-2f6aaddb5ab9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnelforms-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/funnelforms-free-e27d960770a662cb31ee7005dde8fb3c.yaml b/nuclei-templates/cve-less/plugins/funnelforms-free-e27d960770a662cb31ee7005dde8fb3c.yaml new file mode 100644 index 0000000000..9da8726ce4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/funnelforms-free-e27d960770a662cb31ee7005dde8fb3c.yaml @@ -0,0 +1,58 @@ +id: funnelforms-free-e27d960770a662cb31ee7005dde8fb3c + +info: + name: > + Funnelforms Free <= 3.4 - Missing Authorization to Category Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/148794ea-3bc9-4084-bdb9-6ee63a781a39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/funnelforms-free/" + google-query: inurl:"/wp-content/plugins/funnelforms-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,funnelforms-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/funnelforms-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "funnelforms-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/furikake-2513be2180efb8a9d99cb3b019874a28.yaml b/nuclei-templates/cve-less/plugins/furikake-2513be2180efb8a9d99cb3b019874a28.yaml new file mode 100644 index 0000000000..9f838fa9a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/furikake-2513be2180efb8a9d99cb3b019874a28.yaml @@ -0,0 +1,58 @@ +id: furikake-2513be2180efb8a9d99cb3b019874a28 + +info: + name: > + furikake <= 0.1.0 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9083d875-ff86-4f18-ad63-368bcb269ad9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/furikake/" + google-query: inurl:"/wp-content/plugins/furikake/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,furikake,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/furikake/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "furikake" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/furnob-core-0e249eccad21574e2f41d6b727c12756.yaml b/nuclei-templates/cve-less/plugins/furnob-core-0e249eccad21574e2f41d6b727c12756.yaml new file mode 100644 index 0000000000..e29e647cd0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/furnob-core-0e249eccad21574e2f41d6b727c12756.yaml @@ -0,0 +1,58 @@ +id: furnob-core-0e249eccad21574e2f41d6b727c12756 + +info: + name: > + Multiple Plugins by KlbTheme <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fb06315-30ad-4d98-af75-b04933583be7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/furnob-core/" + google-query: inurl:"/wp-content/plugins/furnob-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,furnob-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/furnob-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "furnob-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fuse-social-floating-sidebar-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/fuse-social-floating-sidebar-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..2b047acd77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fuse-social-floating-sidebar-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: fuse-social-floating-sidebar-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fuse-social-floating-sidebar/" + google-query: inurl:"/wp-content/plugins/fuse-social-floating-sidebar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fuse-social-floating-sidebar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fuse-social-floating-sidebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fuse-social-floating-sidebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fusion-builder-5a8b95e9d623c8f7e9c70ff9c8a761a0.yaml b/nuclei-templates/cve-less/plugins/fusion-builder-5a8b95e9d623c8f7e9c70ff9c8a761a0.yaml new file mode 100644 index 0000000000..83e3df6d14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fusion-builder-5a8b95e9d623c8f7e9c70ff9c8a761a0.yaml @@ -0,0 +1,58 @@ +id: fusion-builder-5a8b95e9d623c8f7e9c70ff9c8a761a0 + +info: + name: > + Fusion Builder <= 3.11.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35b3a82a-4391-41b0-b434-691743c5ff4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fusion-builder/" + google-query: inurl:"/wp-content/plugins/fusion-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fusion-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fusion-builder/languages/fusion-builder.pot" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fusion-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fusion-builder-b40b112aba812047c066895073435f9d.yaml b/nuclei-templates/cve-less/plugins/fusion-builder-b40b112aba812047c066895073435f9d.yaml new file mode 100644 index 0000000000..e3aa38dba1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fusion-builder-b40b112aba812047c066895073435f9d.yaml @@ -0,0 +1,58 @@ +id: fusion-builder-b40b112aba812047c066895073435f9d + +info: + name: > + Fusion Builder <= 3.11.1 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c734aa9-ee9e-4605-a4b8-5075ce4b941f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fusion-builder/" + google-query: inurl:"/wp-content/plugins/fusion-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fusion-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fusion-builder/languages/fusion-builder.pot" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fusion-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fusion-builder-b63d60bf3f2f663ff16710a1b09d1b70.yaml b/nuclei-templates/cve-less/plugins/fusion-builder-b63d60bf3f2f663ff16710a1b09d1b70.yaml new file mode 100644 index 0000000000..4a16aaf758 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fusion-builder-b63d60bf3f2f663ff16710a1b09d1b70.yaml @@ -0,0 +1,58 @@ +id: fusion-builder-b63d60bf3f2f663ff16710a1b09d1b70 + +info: + name: > + Fusion Builder <= 3.11.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05220967-dd42-4cb9-9c2f-9c7ac3c0926b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fusion-builder/" + google-query: inurl:"/wp-content/plugins/fusion-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fusion-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fusion-builder/languages/fusion-builder.pot" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fusion-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fusion-builder-c1980d476739c222c7099c91e363860a.yaml b/nuclei-templates/cve-less/plugins/fusion-builder-c1980d476739c222c7099c91e363860a.yaml new file mode 100644 index 0000000000..6c765d68b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fusion-builder-c1980d476739c222c7099c91e363860a.yaml @@ -0,0 +1,58 @@ +id: fusion-builder-c1980d476739c222c7099c91e363860a + +info: + name: > + Fusion Builder <= 3.11.1 - Reflected Cross-Site Scripting via User Register Element + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b173523a-e79d-4d2d-af67-5372576df220?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fusion-builder/" + google-query: inurl:"/wp-content/plugins/fusion-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fusion-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fusion-builder/languages/fusion-builder.pot" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fusion-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fusion-builder-d882958bab372a69d811837406b3986e.yaml b/nuclei-templates/cve-less/plugins/fusion-builder-d882958bab372a69d811837406b3986e.yaml new file mode 100644 index 0000000000..8f7ccfad89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fusion-builder-d882958bab372a69d811837406b3986e.yaml @@ -0,0 +1,58 @@ +id: fusion-builder-d882958bab372a69d811837406b3986e + +info: + name: > + Fusion Builder <= 3.6.1 & Avada <= 7.6.1 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad3de7e6-a080-4ce8-aa27-21e7f8fdb2c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fusion-builder/" + google-query: inurl:"/wp-content/plugins/fusion-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fusion-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fusion-builder/languages/fusion-builder.pot" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Project-Id-Version: Avada Builder ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fusion-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/futurio-extra-12800057837655525254001463af7107.yaml b/nuclei-templates/cve-less/plugins/futurio-extra-12800057837655525254001463af7107.yaml new file mode 100644 index 0000000000..84a16f3f72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/futurio-extra-12800057837655525254001463af7107.yaml @@ -0,0 +1,58 @@ +id: futurio-extra-12800057837655525254001463af7107 + +info: + name: > + Futurio Extra <= 1.6.2 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/460b5388-4862-475d-9557-f8da2d5a84f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/futurio-extra/" + google-query: inurl:"/wp-content/plugins/futurio-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,futurio-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/futurio-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "futurio-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/futurio-extra-3fb7396e595eda0e4c64d906babd7ea9.yaml b/nuclei-templates/cve-less/plugins/futurio-extra-3fb7396e595eda0e4c64d906babd7ea9.yaml new file mode 100644 index 0000000000..981278dc48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/futurio-extra-3fb7396e595eda0e4c64d906babd7ea9.yaml @@ -0,0 +1,58 @@ +id: futurio-extra-3fb7396e595eda0e4c64d906babd7ea9 + +info: + name: > + Futurio Extra <= 1.6.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f5a3ed2-1db2-47e4-9aca-8fb197174342?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/futurio-extra/" + google-query: inurl:"/wp-content/plugins/futurio-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,futurio-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/futurio-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "futurio-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/futurio-extra-d4fcc9d0c55735e1818ea178387ac0a1.yaml b/nuclei-templates/cve-less/plugins/futurio-extra-d4fcc9d0c55735e1818ea178387ac0a1.yaml new file mode 100644 index 0000000000..6d55eaf80b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/futurio-extra-d4fcc9d0c55735e1818ea178387ac0a1.yaml @@ -0,0 +1,58 @@ +id: futurio-extra-d4fcc9d0c55735e1818ea178387ac0a1 + +info: + name: > + Futurio Extra <= 1.9.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b156379a-fbb8-4fc0-9cc0-534b131bf785?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/futurio-extra/" + google-query: inurl:"/wp-content/plugins/futurio-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,futurio-extra,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/futurio-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "futurio-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/futurio-extra-fbe0be2fd36d543628c64e13771b878d.yaml b/nuclei-templates/cve-less/plugins/futurio-extra-fbe0be2fd36d543628c64e13771b878d.yaml new file mode 100644 index 0000000000..e5109e7605 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/futurio-extra-fbe0be2fd36d543628c64e13771b878d.yaml @@ -0,0 +1,58 @@ +id: futurio-extra-fbe0be2fd36d543628c64e13771b878d + +info: + name: > + Futurio Extra <= 1.8.2 - Cross-Site Request Forgery via 'futurio_extra_reset_mod' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f765e21e-938a-4110-8fdf-12315e2a79cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/futurio-extra/" + google-query: inurl:"/wp-content/plugins/futurio-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,futurio-extra,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/futurio-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "futurio-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-21b5e2cc1773e8a375d4b06283f1f75c.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-21b5e2cc1773e8a375d4b06283f1f75c.yaml new file mode 100644 index 0000000000..fb087dbfc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-21b5e2cc1773e8a375d4b06283f1f75c.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-21b5e2cc1773e8a375d4b06283f1f75c + +info: + name: > + FV Flowplayer Video Player <= 7.5.15.727 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/510c26b8-01d6-4d3c-91fd-15963152fdf1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.15.727') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-2bb90ae2c9eb7a663eb0156580d59a88.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-2bb90ae2c9eb7a663eb0156580d59a88.yaml new file mode 100644 index 0000000000..dbcf18327b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-2bb90ae2c9eb7a663eb0156580d59a88.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-2bb90ae2c9eb7a663eb0156580d59a88 + +info: + name: > + FV Flowplayer Video Player <= 7.3.14.727 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f301908-d491-492f-9347-432c462de286?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.3.15.727') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-2bd4aedc10e6362f1d46031adf65b2b5.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-2bd4aedc10e6362f1d46031adf65b2b5.yaml new file mode 100644 index 0000000000..8533b6ecfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-2bd4aedc10e6362f1d46031adf65b2b5.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-2bd4aedc10e6362f1d46031adf65b2b5 + +info: + name: > + FV Flowplayer Video Player <= 7.5.30.7210 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56bbf263-149b-4419-9745-39dc147026a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.30.7210') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-31f01989f88bd51c1337d3cf6dfb5acb.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-31f01989f88bd51c1337d3cf6dfb5acb.yaml new file mode 100644 index 0000000000..c4bab0febc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-31f01989f88bd51c1337d3cf6dfb5acb.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-31f01989f88bd51c1337d3cf6dfb5acb + +info: + name: > + FV Flowplayer Video Player <= 7.5.41.7212 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/616b34e8-d853-4176-9fda-427fc9900b97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.41.7212') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-351dfe17aa9c41d161fbfba3138330fd.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-351dfe17aa9c41d161fbfba3138330fd.yaml new file mode 100644 index 0000000000..d857e0e862 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-351dfe17aa9c41d161fbfba3138330fd.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-351dfe17aa9c41d161fbfba3138330fd + +info: + name: > + FV Flowplayer Video Player <= 7.5.44.7212 - Authenticated (Contributor+) Arbitrary Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/360010f3-9053-4c69-a4e8-12f0c77ba746?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.44.7212') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-3af842e4b028602d05da06af8493bf21.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-3af842e4b028602d05da06af8493bf21.yaml new file mode 100644 index 0000000000..925461c16e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-3af842e4b028602d05da06af8493bf21.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-3af842e4b028602d05da06af8493bf21 + +info: + name: > + FV Flowplayer Video Player 6.1.2 - 6.6.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7f294af-7702-4762-806b-2abdb1454a7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 6.1.2', '<= 6.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-4f8b60559007de9693d6bd6dbd7b9937.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-4f8b60559007de9693d6bd6dbd7b9937.yaml new file mode 100644 index 0000000000..abf993968d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-4f8b60559007de9693d6bd6dbd7b9937.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-4f8b60559007de9693d6bd6dbd7b9937 + +info: + name: > + FV Flowplayer Video Player <= 7.5.37.7212 - Insufficient Input Validation to Unauthenticated Stored Cross-Site Scripting and Arbitrary Usermeta Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c55ca7d4-6bc0-49c9-8ce0-50fff8775a76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.37.7212') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-61c688c55eb7ee42da571c3fb1a2e6d3.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-61c688c55eb7ee42da571c3fb1a2e6d3.yaml new file mode 100644 index 0000000000..7d42a00d6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-61c688c55eb7ee42da571c3fb1a2e6d3.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-61c688c55eb7ee42da571c3fb1a2e6d3 + +info: + name: > + FV Flowplayer Video Player <= 7.5.43.7212 - Authenticated (Subscriber+) Server-side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3eec839-9009-48de-80c8-911dc9b545ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.43.7212') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-730bcdecc23fd71d57d0ec1ba0d53342.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-730bcdecc23fd71d57d0ec1ba0d53342.yaml new file mode 100644 index 0000000000..06271e5cd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-730bcdecc23fd71d57d0ec1ba0d53342.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-730bcdecc23fd71d57d0ec1ba0d53342 + +info: + name: > + FV Flowplayer Video Player <= 7.3.18.727 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/232dd4fa-748e-4b65-8b78-7b2d8e9831aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.18.727') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-768117af17895fd2573e769996b5a89f.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-768117af17895fd2573e769996b5a89f.yaml new file mode 100644 index 0000000000..a50003425a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-768117af17895fd2573e769996b5a89f.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-768117af17895fd2573e769996b5a89f + +info: + name: > + FV Flowplayer Video Player <= 7.5.41.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24ebaf12-cf7c-4bc3-b028-27ee4b6b2a45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.41.7212') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-8269712f8aa3f2f54a5b3b611a3288b4.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-8269712f8aa3f2f54a5b3b611a3288b4.yaml new file mode 100644 index 0000000000..aedd6e7815 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-8269712f8aa3f2f54a5b3b611a3288b4.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-8269712f8aa3f2f54a5b3b611a3288b4 + +info: + name: > + FV Flowplayer Video Player <= 7.4.37.727 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e28aca-b95f-4041-a1ea-4be84dc55923?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.37.727') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-86d0c991bc6dd85c8051863807fe1299.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-86d0c991bc6dd85c8051863807fe1299.yaml new file mode 100644 index 0000000000..17a0a57d4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-86d0c991bc6dd85c8051863807fe1299.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-86d0c991bc6dd85c8051863807fe1299 + +info: + name: > + FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcad7322-a5d9-4d72-9983-276f9c05c27d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.13.727') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-8e904d0aa5c673b4683d6e95c3e351f3.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-8e904d0aa5c673b4683d6e95c3e351f3.yaml new file mode 100644 index 0000000000..7328daae64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-8e904d0aa5c673b4683d6e95c3e351f3.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-8e904d0aa5c673b4683d6e95c3e351f3 + +info: + name: > + FV Flowplayer Video Player <= 1.2.11 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/118b9d85-1246-47f7-bdef-af47075576f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-bb35779f0545e4fee400784885c47aca.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-bb35779f0545e4fee400784885c47aca.yaml new file mode 100644 index 0000000000..64c286892a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-bb35779f0545e4fee400784885c47aca.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-bb35779f0545e4fee400784885c47aca + +info: + name: > + FV Flowplayer Video Player 7.5.0.727 - 7.5.2.727 - Reflected Cross-Site Scripting via player_id Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b795352-fad8-485e-bd1b-68c0913555e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 7.5.0.727', '<= 7.5.2.727') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-bcc5b5d302cff6b12bb3e0ee2db5fa04.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-bcc5b5d302cff6b12bb3e0ee2db5fa04.yaml new file mode 100644 index 0000000000..c6f542d461 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-bcc5b5d302cff6b12bb3e0ee2db5fa04.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-bcc5b5d302cff6b12bb3e0ee2db5fa04 + +info: + name: > + FV Flowplayer Video Player <= 7.5.32.7212 - Reflected Cross-Site Scripting via id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b78834c-cb13-4698-aa19-65f8c6874c8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.32.7212') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-cf91d34b3b4f074c5504390aafe5f2f2.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-cf91d34b3b4f074c5504390aafe5f2f2.yaml new file mode 100644 index 0000000000..20b470a0c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-cf91d34b3b4f074c5504390aafe5f2f2.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-cf91d34b3b4f074c5504390aafe5f2f2 + +info: + name: > + FV Flowplayer Video Player <= 7.3.14.727 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a337765-b6ea-4c2a-9f1a-e408a9444b88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.14.727') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-d173f6ac48d7132b733f53a51a70ac65.yaml b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-d173f6ac48d7132b733f53a51a70ac65.yaml new file mode 100644 index 0000000000..63dca42130 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fv-wordpress-flowplayer-d173f6ac48d7132b733f53a51a70ac65.yaml @@ -0,0 +1,58 @@ +id: fv-wordpress-flowplayer-d173f6ac48d7132b733f53a51a70ac65 + +info: + name: > + FV Flowplayer Video Player <= 7.5.18.727 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7aa1f57-44c2-45ec-87a3-483f8dc9a957?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fv-wordpress-flowplayer/" + google-query: inurl:"/wp-content/plugins/fv-wordpress-flowplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fv-wordpress-flowplayer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fv-wordpress-flowplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fv-wordpress-flowplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.18.727') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fx-private-site-34e9fd3c5efdc1de6fe7fe47accd8e24.yaml b/nuclei-templates/cve-less/plugins/fx-private-site-34e9fd3c5efdc1de6fe7fe47accd8e24.yaml new file mode 100644 index 0000000000..ea159c508f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fx-private-site-34e9fd3c5efdc1de6fe7fe47accd8e24.yaml @@ -0,0 +1,58 @@ +id: fx-private-site-34e9fd3c5efdc1de6fe7fe47accd8e24 + +info: + name: > + f(x) Private Site <= 1.2.1 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fx-private-site/" + google-query: inurl:"/wp-content/plugins/fx-private-site/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fx-private-site,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fx-private-site/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fx-private-site" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/fx-toc-14de97dccf48252d3b3ac5a2e5d0250f.yaml b/nuclei-templates/cve-less/plugins/fx-toc-14de97dccf48252d3b3ac5a2e5d0250f.yaml new file mode 100644 index 0000000000..f64a99dcc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/fx-toc-14de97dccf48252d3b3ac5a2e5d0250f.yaml @@ -0,0 +1,58 @@ +id: fx-toc-14de97dccf48252d3b3ac5a2e5d0250f + +info: + name: > + f(x) TOC <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09479df1-ff7e-4df8-9aea-8c7622ecea4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/fx-toc/" + google-query: inurl:"/wp-content/plugins/fx-toc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,fx-toc,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/fx-toc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fx-toc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/g-auto-hyperlink-7e1dd5ec2f3ce921814a97005e4bdef0.yaml b/nuclei-templates/cve-less/plugins/g-auto-hyperlink-7e1dd5ec2f3ce921814a97005e4bdef0.yaml new file mode 100644 index 0000000000..bb0ca5918c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/g-auto-hyperlink-7e1dd5ec2f3ce921814a97005e4bdef0.yaml @@ -0,0 +1,58 @@ +id: g-auto-hyperlink-7e1dd5ec2f3ce921814a97005e4bdef0 + +info: + name: > + G Auto-Hyperlink <= 1.0.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67aa489c-5c54-4163-bc32-5d3ac9ba4e33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/g-auto-hyperlink/" + google-query: inurl:"/wp-content/plugins/g-auto-hyperlink/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,g-auto-hyperlink,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/g-auto-hyperlink/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "g-auto-hyperlink" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/g-business-reviews-rating-1ad67757b830dbb081c0f3324889f2b5.yaml b/nuclei-templates/cve-less/plugins/g-business-reviews-rating-1ad67757b830dbb081c0f3324889f2b5.yaml new file mode 100644 index 0000000000..effdec86d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/g-business-reviews-rating-1ad67757b830dbb081c0f3324889f2b5.yaml @@ -0,0 +1,58 @@ +id: g-business-reviews-rating-1ad67757b830dbb081c0f3324889f2b5 + +info: + name: > + Reviews and Rating – Google My Business <= 4.14 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5494cac6-1b52-43a3-995d-fc2a150edfdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/g-business-reviews-rating/" + google-query: inurl:"/wp-content/plugins/g-business-reviews-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,g-business-reviews-rating,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/g-business-reviews-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "g-business-reviews-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/galleria-0e933dc304f8275920849e5d36373b4d.yaml b/nuclei-templates/cve-less/plugins/galleria-0e933dc304f8275920849e5d36373b4d.yaml new file mode 100644 index 0000000000..6145617bd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/galleria-0e933dc304f8275920849e5d36373b4d.yaml @@ -0,0 +1,58 @@ +id: galleria-0e933dc304f8275920849e5d36373b4d + +info: + name: > + Galleria <= 1.0.3 - Cross-Site Request Forgery via showOptionsPage + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea85fa9a-78ea-4017-b72e-49db7eafa11e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/galleria/" + google-query: inurl:"/wp-content/plugins/galleria/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,galleria,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/galleria/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "galleria" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-album-0430b26f7f80d13db884ab9b0a5b4920.yaml b/nuclei-templates/cve-less/plugins/gallery-album-0430b26f7f80d13db884ab9b0a5b4920.yaml new file mode 100644 index 0000000000..87b0ad926d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-album-0430b26f7f80d13db884ab9b0a5b4920.yaml @@ -0,0 +1,58 @@ +id: gallery-album-0430b26f7f80d13db884ab9b0a5b4920 + +info: + name: > + Gallery – Image and Video Gallery with Thumbnails < 1.2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40937e18-3828-4e36-8bc1-5b8eb4838c3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-album/" + google-query: inurl:"/wp-content/plugins/gallery-album/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-album,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-album/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-album" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-album-09c2db1952a267095a68cf64b0164363.yaml b/nuclei-templates/cve-less/plugins/gallery-album-09c2db1952a267095a68cf64b0164363.yaml new file mode 100644 index 0000000000..5af101f975 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-album-09c2db1952a267095a68cf64b0164363.yaml @@ -0,0 +1,58 @@ +id: gallery-album-09c2db1952a267095a68cf64b0164363 + +info: + name: > + Gallery – Image and Video Gallery with Thumbnails <= 1.9.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2628b02e-5685-4e25-a786-4542ecbe874a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-album/" + google-query: inurl:"/wp-content/plugins/gallery-album/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-album,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-album/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-album" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-album-1aaed1324faa189ffbfd4d07f45be185.yaml b/nuclei-templates/cve-less/plugins/gallery-album-1aaed1324faa189ffbfd4d07f45be185.yaml new file mode 100644 index 0000000000..556d003866 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-album-1aaed1324faa189ffbfd4d07f45be185.yaml @@ -0,0 +1,58 @@ +id: gallery-album-1aaed1324faa189ffbfd4d07f45be185 + +info: + name: > + Responsive Image Gallery, Gallery Album <= 2.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e07593a-3d12-4afe-a21e-fc85bd6d4bef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-album/" + google-query: inurl:"/wp-content/plugins/gallery-album/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-album,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-album/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-album" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-album-63a9e6e007af9bec52f4b9f80d04c841.yaml b/nuclei-templates/cve-less/plugins/gallery-album-63a9e6e007af9bec52f4b9f80d04c841.yaml new file mode 100644 index 0000000000..ee9a77a63a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-album-63a9e6e007af9bec52f4b9f80d04c841.yaml @@ -0,0 +1,58 @@ +id: gallery-album-63a9e6e007af9bec52f4b9f80d04c841 + +info: + name: > + Gallery – Image and Video Gallery with Thumbnails <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/091d306d-cce4-426e-a18f-38bdaa802264?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-album/" + google-query: inurl:"/wp-content/plugins/gallery-album/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-album,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-album/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-album" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-album-63e26d4ba1974966e333b4b151a2c5df.yaml b/nuclei-templates/cve-less/plugins/gallery-album-63e26d4ba1974966e333b4b151a2c5df.yaml new file mode 100644 index 0000000000..ea39530631 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-album-63e26d4ba1974966e333b4b151a2c5df.yaml @@ -0,0 +1,58 @@ +id: gallery-album-63e26d4ba1974966e333b4b151a2c5df + +info: + name: > + Responsive Image Gallery, Gallery Album <= 2.0.3 - Missing Authorization via Multiple AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb08cf02-4766-4093-9306-3b4581f54f77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-album/" + google-query: inurl:"/wp-content/plugins/gallery-album/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-album,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-album/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-album" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-album-c181e74f647f3ed52bab481a97159011.yaml b/nuclei-templates/cve-less/plugins/gallery-album-c181e74f647f3ed52bab481a97159011.yaml new file mode 100644 index 0000000000..3e38f2c676 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-album-c181e74f647f3ed52bab481a97159011.yaml @@ -0,0 +1,58 @@ +id: gallery-album-c181e74f647f3ed52bab481a97159011 + +info: + name: > + Responsive Image Gallery, Gallery Album <= 2.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66efc65e-48d3-4ef9-a369-51448e47686a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-album/" + google-query: inurl:"/wp-content/plugins/gallery-album/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-album,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-album/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-album" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-album-d39f34ed184a71d23a5de1e368d430bb.yaml b/nuclei-templates/cve-less/plugins/gallery-album-d39f34ed184a71d23a5de1e368d430bb.yaml new file mode 100644 index 0000000000..480f48eb0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-album-d39f34ed184a71d23a5de1e368d430bb.yaml @@ -0,0 +1,58 @@ +id: gallery-album-d39f34ed184a71d23a5de1e368d430bb + +info: + name: > + Responsive Image Gallery, Gallery Album <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21322495-a709-45a9-b8df-c3a3aeb1f260?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-album/" + google-query: inurl:"/wp-content/plugins/gallery-album/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-album,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-album/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-album" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-album-f65c67e968e15596bef3448601bb7b39.yaml b/nuclei-templates/cve-less/plugins/gallery-album-f65c67e968e15596bef3448601bb7b39.yaml new file mode 100644 index 0000000000..e303b4e0e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-album-f65c67e968e15596bef3448601bb7b39.yaml @@ -0,0 +1,58 @@ +id: gallery-album-f65c67e968e15596bef3448601bb7b39 + +info: + name: > + Responsive Image Gallery, Gallery Album <= 2.0.3 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa9e4635-43f8-4f3c-b62c-628e74028f7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-album/" + google-query: inurl:"/wp-content/plugins/gallery-album/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-album,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-album/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-album" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-bank-3d1b14fe6d8db25f44038aa7941ff8ce.yaml b/nuclei-templates/cve-less/plugins/gallery-bank-3d1b14fe6d8db25f44038aa7941ff8ce.yaml new file mode 100644 index 0000000000..406206b51c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-bank-3d1b14fe6d8db25f44038aa7941ff8ce.yaml @@ -0,0 +1,58 @@ +id: gallery-bank-3d1b14fe6d8db25f44038aa7941ff8ce + +info: + name: > + Gallery Bank – WordPress Photo Gallery Plugin < 3.0.70 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b96c5ba8-e0a6-42b9-8ba1-637d52476d64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-bank/" + google-query: inurl:"/wp-content/plugins/gallery-bank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-bank,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.70') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-bank-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/gallery-bank-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..340001dc33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-bank-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: gallery-bank-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-bank/" + google-query: inurl:"/wp-content/plugins/gallery-bank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-bank,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.229') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-box-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/gallery-box-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..9cd016720e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-box-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: gallery-box-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-box/" + google-query: inurl:"/wp-content/plugins/gallery-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-box,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-box-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/gallery-box-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..41d2ad2513 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-box-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: gallery-box-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-box/" + google-query: inurl:"/wp-content/plugins/gallery-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-by-supsystic-2f3164fe48781902f2ffb82e4c682a7b.yaml b/nuclei-templates/cve-less/plugins/gallery-by-supsystic-2f3164fe48781902f2ffb82e4c682a7b.yaml new file mode 100644 index 0000000000..0063e8267e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-by-supsystic-2f3164fe48781902f2ffb82e4c682a7b.yaml @@ -0,0 +1,58 @@ +id: gallery-by-supsystic-2f3164fe48781902f2ffb82e4c682a7b + +info: + name: > + Photo Gallery by Supsystic <= 1.8.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b91f3db6-5331-48d4-9c79-9ecba0870be2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-by-supsystic/" + google-query: inurl:"/wp-content/plugins/gallery-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-by-supsystic-3eb246a84ff094c4b5dad08106b186b3.yaml b/nuclei-templates/cve-less/plugins/gallery-by-supsystic-3eb246a84ff094c4b5dad08106b186b3.yaml new file mode 100644 index 0000000000..fd82d23c00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-by-supsystic-3eb246a84ff094c4b5dad08106b186b3.yaml @@ -0,0 +1,58 @@ +id: gallery-by-supsystic-3eb246a84ff094c4b5dad08106b186b3 + +info: + name: > + Photo Gallery by Supsystic <= 1.15.5 - Cross-Site Request Forgery to Plugin Settings Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28fe3ec0-5e62-4a52-890d-e05b7d5bf531?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-by-supsystic/" + google-query: inurl:"/wp-content/plugins/gallery-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-by-supsystic-a442b3cb4140cc0565b34b0085780b5e.yaml b/nuclei-templates/cve-less/plugins/gallery-by-supsystic-a442b3cb4140cc0565b34b0085780b5e.yaml new file mode 100644 index 0000000000..fe130accd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-by-supsystic-a442b3cb4140cc0565b34b0085780b5e.yaml @@ -0,0 +1,58 @@ +id: gallery-by-supsystic-a442b3cb4140cc0565b34b0085780b5e + +info: + name: > + Photo Gallery by Supsystic <= 1.15.16 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/185c9962-aa4a-4049-acdb-3f439c420c5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-by-supsystic/" + google-query: inurl:"/wp-content/plugins/gallery-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-factory-lite-9266ca4886b0c646b2489433a5137061.yaml b/nuclei-templates/cve-less/plugins/gallery-factory-lite-9266ca4886b0c646b2489433a5137061.yaml new file mode 100644 index 0000000000..3e21b76994 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-factory-lite-9266ca4886b0c646b2489433a5137061.yaml @@ -0,0 +1,58 @@ +id: gallery-factory-lite-9266ca4886b0c646b2489433a5137061 + +info: + name: > + Gallery Factory Lite <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2b8e295-4183-4f84-801f-da9ffa6efce2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-factory-lite/" + google-query: inurl:"/wp-content/plugins/gallery-factory-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-factory-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-factory-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-factory-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-from-files-edf0c0f62c894ee6b53dbdcb9d2b787f.yaml b/nuclei-templates/cve-less/plugins/gallery-from-files-edf0c0f62c894ee6b53dbdcb9d2b787f.yaml new file mode 100644 index 0000000000..381b0b139f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-from-files-edf0c0f62c894ee6b53dbdcb9d2b787f.yaml @@ -0,0 +1,58 @@ +id: gallery-from-files-edf0c0f62c894ee6b53dbdcb9d2b787f + +info: + name: > + Gallery from files <= 1.60 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d76b08c3-0d28-4e81-8843-5afded9efaa6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-from-files/" + google-query: inurl:"/wp-content/plugins/gallery-from-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-from-files,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-from-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-from-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.60') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-image-gallery-photo-c27095e826fc99d4e3ff59487183eb49.yaml b/nuclei-templates/cve-less/plugins/gallery-image-gallery-photo-c27095e826fc99d4e3ff59487183eb49.yaml new file mode 100644 index 0000000000..0835f799fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-image-gallery-photo-c27095e826fc99d4e3ff59487183eb49.yaml @@ -0,0 +1,58 @@ +id: gallery-image-gallery-photo-c27095e826fc99d4e3ff59487183eb49 + +info: + name: > + Image Gallery – Grid Gallery <= 1.1.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3dc1dd6-7f35-4771-a795-f0e37088dfda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-image-gallery-photo/" + google-query: inurl:"/wp-content/plugins/gallery-image-gallery-photo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-image-gallery-photo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-image-gallery-photo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-image-gallery-photo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-images-1b866013a286b8267be128b4354cf380.yaml b/nuclei-templates/cve-less/plugins/gallery-images-1b866013a286b8267be128b4354cf380.yaml new file mode 100644 index 0000000000..33cc35c558 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-images-1b866013a286b8267be128b4354cf380.yaml @@ -0,0 +1,58 @@ +id: gallery-images-1b866013a286b8267be128b4354cf380 + +info: + name: > + Image Gallery - Responsive Photo Gallery <= 1.0.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9a2d45c-397f-4a2b-9d7f-760b7d561c2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-images/" + google-query: inurl:"/wp-content/plugins/gallery-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-images,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-images-96e3c207dd79a77d8603f9b27ced710c.yaml b/nuclei-templates/cve-less/plugins/gallery-images-96e3c207dd79a77d8603f9b27ced710c.yaml new file mode 100644 index 0000000000..020edd8670 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-images-96e3c207dd79a77d8603f9b27ced710c.yaml @@ -0,0 +1,58 @@ +id: gallery-images-96e3c207dd79a77d8603f9b27ced710c + +info: + name: > + Huge-IT gallery-images <= 1.8.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/189d22e0-c16a-48ab-a278-a132cd1057b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-images/" + google-query: inurl:"/wp-content/plugins/gallery-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-images,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-images-ape-04b351a32ea4d9e14665cfe5ee1edb27.yaml b/nuclei-templates/cve-less/plugins/gallery-images-ape-04b351a32ea4d9e14665cfe5ee1edb27.yaml new file mode 100644 index 0000000000..4a59931e75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-images-ape-04b351a32ea4d9e14665cfe5ee1edb27.yaml @@ -0,0 +1,58 @@ +id: gallery-images-ape-04b351a32ea4d9e14665cfe5ee1edb27 + +info: + name: > + Gallery Images Ape <= 2.2.8 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78e35c10-2480-4b23-8f5c-a196ccdc71f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-images-ape/" + google-query: inurl:"/wp-content/plugins/gallery-images-ape/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-images-ape,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-images-ape/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-images-ape" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-images-ape-8f53c25a7439725994fa29007a578b4d.yaml b/nuclei-templates/cve-less/plugins/gallery-images-ape-8f53c25a7439725994fa29007a578b4d.yaml new file mode 100644 index 0000000000..9a67dace2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-images-ape-8f53c25a7439725994fa29007a578b4d.yaml @@ -0,0 +1,58 @@ +id: gallery-images-ape-8f53c25a7439725994fa29007a578b4d + +info: + name: > + Gallery Images Ape <= 2.0.6 - Authenticated Plugin Deactivation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd6c2b8-b00c-49d1-930f-50397e742ac5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-images-ape/" + google-query: inurl:"/wp-content/plugins/gallery-images-ape/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-images-ape,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-images-ape/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-images-ape" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-images-ape-8f81c40c56a58242ce344610c4f30138.yaml b/nuclei-templates/cve-less/plugins/gallery-images-ape-8f81c40c56a58242ce344610c4f30138.yaml new file mode 100644 index 0000000000..ae4e49a6ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-images-ape-8f81c40c56a58242ce344610c4f30138.yaml @@ -0,0 +1,58 @@ +id: gallery-images-ape-8f81c40c56a58242ce344610c4f30138 + +info: + name: > + Gallery Images Ape <= 1.6.14 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8945cd7a-4185-4f0f-b56b-8ddd193dfed7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-images-ape/" + google-query: inurl:"/wp-content/plugins/gallery-images-ape/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-images-ape,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-images-ape/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-images-ape" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-images-ape-e82a3788d5ee1ba0ec33b3e0db2276c0.yaml b/nuclei-templates/cve-less/plugins/gallery-images-ape-e82a3788d5ee1ba0ec33b3e0db2276c0.yaml new file mode 100644 index 0000000000..7d80556831 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-images-ape-e82a3788d5ee1ba0ec33b3e0db2276c0.yaml @@ -0,0 +1,58 @@ +id: gallery-images-ape-e82a3788d5ee1ba0ec33b3e0db2276c0 + +info: + name: > + Gallery Images Ape <= 2.2.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae63e7d-c5a2-4e8d-96e8-5d3c9c9ea1bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-images-ape/" + google-query: inurl:"/wp-content/plugins/gallery-images-ape/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-images-ape,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-images-ape/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-images-ape" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-metabox-24e92d0b5bd4d59ca9bd929ad9b17b1d.yaml b/nuclei-templates/cve-less/plugins/gallery-metabox-24e92d0b5bd4d59ca9bd929ad9b17b1d.yaml new file mode 100644 index 0000000000..bf490117a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-metabox-24e92d0b5bd4d59ca9bd929ad9b17b1d.yaml @@ -0,0 +1,58 @@ +id: gallery-metabox-24e92d0b5bd4d59ca9bd929ad9b17b1d + +info: + name: > + Gallery Metabox <= 1.5 - Missing Authorization via gallery_remove + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faad339f-96d6-4937-a1f3-9d2d19bc6395?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-metabox/" + google-query: inurl:"/wp-content/plugins/gallery-metabox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-metabox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-metabox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-metabox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-metabox-9aa66e8181d06c3879c9f7626061f74d.yaml b/nuclei-templates/cve-less/plugins/gallery-metabox-9aa66e8181d06c3879c9f7626061f74d.yaml new file mode 100644 index 0000000000..6e82a1db89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-metabox-9aa66e8181d06c3879c9f7626061f74d.yaml @@ -0,0 +1,58 @@ +id: gallery-metabox-9aa66e8181d06c3879c9f7626061f74d + +info: + name: > + Gallery Metabox <= 1.5 - Cross-Site Request Forgery via gallery_remove + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f8b1103-71b2-421e-bcbe-f2716b59e367?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-metabox/" + google-query: inurl:"/wp-content/plugins/gallery-metabox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-metabox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-metabox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-metabox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-metabox-b4794af8b89126f30163809c87b8527e.yaml b/nuclei-templates/cve-less/plugins/gallery-metabox-b4794af8b89126f30163809c87b8527e.yaml new file mode 100644 index 0000000000..396a28d283 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-metabox-b4794af8b89126f30163809c87b8527e.yaml @@ -0,0 +1,58 @@ +id: gallery-metabox-b4794af8b89126f30163809c87b8527e + +info: + name: > + Gallery Metabox <= 1.5 - Missing Authorization via refresh_metabox + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/951e4651-56d6-474d-84b3-5a7cfc357b9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-metabox/" + google-query: inurl:"/wp-content/plugins/gallery-metabox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-metabox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-metabox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-metabox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-objects-94bac6252ee86efbe8c51ab00926a8e1.yaml b/nuclei-templates/cve-less/plugins/gallery-objects-94bac6252ee86efbe8c51ab00926a8e1.yaml new file mode 100644 index 0000000000..5004b93071 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-objects-94bac6252ee86efbe8c51ab00926a8e1.yaml @@ -0,0 +1,58 @@ +id: gallery-objects-94bac6252ee86efbe8c51ab00926a8e1 + +info: + name: > + Gallery Objects <= 0.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c42203bc-3f69-44d2-b165-abb55937f65b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-objects/" + google-query: inurl:"/wp-content/plugins/gallery-objects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-objects,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-objects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-objects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-photo-gallery-2e53d704a68a2528570d9bc04622f7a7.yaml b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-2e53d704a68a2528570d9bc04622f7a7.yaml new file mode 100644 index 0000000000..504a17e9c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-2e53d704a68a2528570d9bc04622f7a7.yaml @@ -0,0 +1,58 @@ +id: gallery-photo-gallery-2e53d704a68a2528570d9bc04622f7a7 + +info: + name: > + Photo Gallery by Ays - Responsive Image Gallery <= 4.4.3 - Authenticated Blind SQL Injections + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36c32212-0d52-435e-bb6a-39ea07363a86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-photo-gallery/" + google-query: inurl:"/wp-content/plugins/gallery-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-photo-gallery-75a867eaf135888f5843d1ae423e6546.yaml b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-75a867eaf135888f5843d1ae423e6546.yaml new file mode 100644 index 0000000000..94487e743f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-75a867eaf135888f5843d1ae423e6546.yaml @@ -0,0 +1,58 @@ +id: gallery-photo-gallery-75a867eaf135888f5843d1ae423e6546 + +info: + name: > + Photo Gallery by Ays <= 5.1.3 - Reflected Cross-Site Scripting via ays_gpg_settings_tab + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db48a271-e649-4dbe-901b-aa55eba9123b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-photo-gallery/" + google-query: inurl:"/wp-content/plugins/gallery-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-photo-gallery-a359586a63676f31e06ba6a30e86f44d.yaml b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-a359586a63676f31e06ba6a30e86f44d.yaml new file mode 100644 index 0000000000..4215eb9f44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-a359586a63676f31e06ba6a30e86f44d.yaml @@ -0,0 +1,58 @@ +id: gallery-photo-gallery-a359586a63676f31e06ba6a30e86f44d + +info: + name: > + Photo Gallery by Ays – Responsive Image Gallery < 1.0.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79b631a0-08a7-460f-8668-0b10b42f12d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-photo-gallery/" + google-query: inurl:"/wp-content/plugins/gallery-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-photo-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-photo-gallery-a43fcf2bf2b295c7f15edda834277892.yaml b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-a43fcf2bf2b295c7f15edda834277892.yaml new file mode 100644 index 0000000000..45df07b8b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-a43fcf2bf2b295c7f15edda834277892.yaml @@ -0,0 +1,58 @@ +id: gallery-photo-gallery-a43fcf2bf2b295c7f15edda834277892 + +info: + name: > + Photo Gallery by Ays <= 5.5.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb35b27f-e938-4a51-b441-887d23b7082a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-photo-gallery/" + google-query: inurl:"/wp-content/plugins/gallery-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-photo-gallery-b15f1d58fa6bd5d27fb5b07cf543a238.yaml b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-b15f1d58fa6bd5d27fb5b07cf543a238.yaml new file mode 100644 index 0000000000..38aac105b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-b15f1d58fa6bd5d27fb5b07cf543a238.yaml @@ -0,0 +1,58 @@ +id: gallery-photo-gallery-b15f1d58fa6bd5d27fb5b07cf543a238 + +info: + name: > + Photo Gallery by Ays <= 5.2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21f710ee-5040-4916-9fde-efc6d3b90943?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-photo-gallery/" + google-query: inurl:"/wp-content/plugins/gallery-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-photo-gallery-e682fc7edfbf166bd5ea5731aa2a90ff.yaml b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-e682fc7edfbf166bd5ea5731aa2a90ff.yaml new file mode 100644 index 0000000000..022c6331b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-photo-gallery-e682fc7edfbf166bd5ea5731aa2a90ff.yaml @@ -0,0 +1,58 @@ +id: gallery-photo-gallery-e682fc7edfbf166bd5ea5731aa2a90ff + +info: + name: > + Photo Gallery by Ays <= 5.1.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca62b54e-dde6-440f-bed9-db320179269e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-photo-gallery/" + google-query: inurl:"/wp-content/plugins/gallery-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-plugin-123e18f5d341b41bb59091344f2c4c88.yaml b/nuclei-templates/cve-less/plugins/gallery-plugin-123e18f5d341b41bb59091344f2c4c88.yaml new file mode 100644 index 0000000000..396858a811 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-plugin-123e18f5d341b41bb59091344f2c4c88.yaml @@ -0,0 +1,58 @@ +id: gallery-plugin-123e18f5d341b41bb59091344f2c4c88 + +info: + name: > + Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbfbb06c-f048-4912-9ff7-59aa10bc96bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-plugin/" + google-query: inurl:"/wp-content/plugins/gallery-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-plugin-3c52a879e5c7f6b209aeea9f28acf059.yaml b/nuclei-templates/cve-less/plugins/gallery-plugin-3c52a879e5c7f6b209aeea9f28acf059.yaml new file mode 100644 index 0000000000..474023e152 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-plugin-3c52a879e5c7f6b209aeea9f28acf059.yaml @@ -0,0 +1,58 @@ +id: gallery-plugin-3c52a879e5c7f6b209aeea9f28acf059 + +info: + name: > + Gallery by BestWebSoft <= 4.6.9 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94868d48-2d36-49f1-9da1-7965ecaeae3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-plugin/" + google-query: inurl:"/wp-content/plugins/gallery-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-portfolio-eea2926eb15d95f90b3df3b2873dbe1c.yaml b/nuclei-templates/cve-less/plugins/gallery-portfolio-eea2926eb15d95f90b3df3b2873dbe1c.yaml new file mode 100644 index 0000000000..16e9d94c10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-portfolio-eea2926eb15d95f90b3df3b2873dbe1c.yaml @@ -0,0 +1,58 @@ +id: gallery-portfolio-eea2926eb15d95f90b3df3b2873dbe1c + +info: + name: > + Portfolio Gallery – Responsive Image Gallery <= 1.4.5 - Missing Authorization to Arbitrary Gallery Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a4e66e0-85a6-4e9f-8ed7-b7ee8e75aae6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-portfolio/" + google-query: inurl:"/wp-content/plugins/gallery-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-portfolio,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-videos-724aa916d7f99f934199d401cd079892.yaml b/nuclei-templates/cve-less/plugins/gallery-videos-724aa916d7f99f934199d401cd079892.yaml new file mode 100644 index 0000000000..b3a4e3e84d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-videos-724aa916d7f99f934199d401cd079892.yaml @@ -0,0 +1,58 @@ +id: gallery-videos-724aa916d7f99f934199d401cd079892 + +info: + name: > + Video Gallery – YouTube Gallery <= 1.7.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fc8436b-f787-41dd-8404-9e85cca38cdf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-videos/" + google-query: inurl:"/wp-content/plugins/gallery-videos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-videos,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-videos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-videos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-videos-c6bd3ba187d60fb65a038a39af19f9cc.yaml b/nuclei-templates/cve-less/plugins/gallery-videos-c6bd3ba187d60fb65a038a39af19f9cc.yaml new file mode 100644 index 0000000000..60a581f50c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-videos-c6bd3ba187d60fb65a038a39af19f9cc.yaml @@ -0,0 +1,58 @@ +id: gallery-videos-c6bd3ba187d60fb65a038a39af19f9cc + +info: + name: > + Video Gallery – YouTube Gallery <= 1.7.6 - Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88f9f4db-b15b-43d4-918a-a4c83e5735d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-videos/" + google-query: inurl:"/wp-content/plugins/gallery-videos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-videos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-videos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-videos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-videos-ff831311ec70debdd240fd0dff910b29.yaml b/nuclei-templates/cve-less/plugins/gallery-videos-ff831311ec70debdd240fd0dff910b29.yaml new file mode 100644 index 0000000000..16b8495fe7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-videos-ff831311ec70debdd240fd0dff910b29.yaml @@ -0,0 +1,58 @@ +id: gallery-videos-ff831311ec70debdd240fd0dff910b29 + +info: + name: > + Video Gallery – YouTube Gallery <= 2.1.4 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8382051-ae17-4719-94b5-3cfb0b5e82b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-videos/" + google-query: inurl:"/wp-content/plugins/gallery-videos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-videos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-videos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-videos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gallery-with-thumbnail-slider-1a1fe1dc5dd307bb721b18dad6e53951.yaml b/nuclei-templates/cve-less/plugins/gallery-with-thumbnail-slider-1a1fe1dc5dd307bb721b18dad6e53951.yaml new file mode 100644 index 0000000000..362900c572 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gallery-with-thumbnail-slider-1a1fe1dc5dd307bb721b18dad6e53951.yaml @@ -0,0 +1,58 @@ +id: gallery-with-thumbnail-slider-1a1fe1dc5dd307bb721b18dad6e53951 + +info: + name: > + Gallery with thumbnail slider <= 6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/552a5d94-8727-4840-8be1-ab165ddf4eae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gallery-with-thumbnail-slider/" + google-query: inurl:"/wp-content/plugins/gallery-with-thumbnail-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gallery-with-thumbnail-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gallery-with-thumbnail-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gallery-with-thumbnail-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/game-server-status-4860564c39627d424628b36fd20f6fbc.yaml b/nuclei-templates/cve-less/plugins/game-server-status-4860564c39627d424628b36fd20f6fbc.yaml new file mode 100644 index 0000000000..60307aa81d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/game-server-status-4860564c39627d424628b36fd20f6fbc.yaml @@ -0,0 +1,58 @@ +id: game-server-status-4860564c39627d424628b36fd20f6fbc + +info: + name: > + Game Server Status <= 1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3da37b4d-3dd7-450f-8169-28141eeb19c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/game-server-status/" + google-query: inurl:"/wp-content/plugins/game-server-status/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,game-server-status,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/game-server-status/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "game-server-status" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/game-tabs-50466a7332e4b48f14aef77f62be1c1a.yaml b/nuclei-templates/cve-less/plugins/game-tabs-50466a7332e4b48f14aef77f62be1c1a.yaml new file mode 100644 index 0000000000..8080915248 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/game-tabs-50466a7332e4b48f14aef77f62be1c1a.yaml @@ -0,0 +1,58 @@ +id: game-tabs-50466a7332e4b48f14aef77f62be1c1a + +info: + name: > + Game Tabs <= 0.4.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9103c67c-d75f-469d-94f1-ce7877384417?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/game-tabs/" + google-query: inurl:"/wp-content/plugins/game-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,game-tabs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/game-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "game-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gamepress-5807ecea1e37da73a8c0fe20adcb6628.yaml b/nuclei-templates/cve-less/plugins/gamepress-5807ecea1e37da73a8c0fe20adcb6628.yaml new file mode 100644 index 0000000000..6d6e708a31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gamepress-5807ecea1e37da73a8c0fe20adcb6628.yaml @@ -0,0 +1,58 @@ +id: gamepress-5807ecea1e37da73a8c0fe20adcb6628 + +info: + name: > + GamePress – The Game Database Plugin <= 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10818590-6412-458f-a473-b24dc0b293dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gamepress/" + google-query: inurl:"/wp-content/plugins/gamepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gamepress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gamepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gamepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gamipress-2b733e03ac956657b279c0c2e7178248.yaml b/nuclei-templates/cve-less/plugins/gamipress-2b733e03ac956657b279c0c2e7178248.yaml new file mode 100644 index 0000000000..f4e642bee6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gamipress-2b733e03ac956657b279c0c2e7178248.yaml @@ -0,0 +1,58 @@ +id: gamipress-2b733e03ac956657b279c0c2e7178248 + +info: + name: > + GamiPress <= 2.5.6 - Missing Authorization to User Points Updates + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c2ce765-018a-4292-b150-7905723d1335?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gamipress/" + google-query: inurl:"/wp-content/plugins/gamipress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gamipress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gamipress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gamipress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gamipress-492436f7297ddc822ae54e1a5df2c7c8.yaml b/nuclei-templates/cve-less/plugins/gamipress-492436f7297ddc822ae54e1a5df2c7c8.yaml new file mode 100644 index 0000000000..084449fed9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gamipress-492436f7297ddc822ae54e1a5df2c7c8.yaml @@ -0,0 +1,58 @@ +id: gamipress-492436f7297ddc822ae54e1a5df2c7c8 + +info: + name: > + GamiPress <= 6.8.8 - Broken Access Control + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ba1100e-8669-4105-b8d7-27c0b81c0856?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gamipress/" + google-query: inurl:"/wp-content/plugins/gamipress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gamipress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gamipress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gamipress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gamipress-aec7b68517be6133995e008e368392d0.yaml b/nuclei-templates/cve-less/plugins/gamipress-aec7b68517be6133995e008e368392d0.yaml new file mode 100644 index 0000000000..be6ae4e94f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gamipress-aec7b68517be6133995e008e368392d0.yaml @@ -0,0 +1,58 @@ +id: gamipress-aec7b68517be6133995e008e368392d0 + +info: + name: > + GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.8.6 - Authenticated (Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f357fe2a-aa24-42cd-ac2c-c948e18a4710?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gamipress/" + google-query: inurl:"/wp-content/plugins/gamipress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gamipress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gamipress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gamipress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gamipress-b5027c0ff3d1a1043ee2d2b4a208d677.yaml b/nuclei-templates/cve-less/plugins/gamipress-b5027c0ff3d1a1043ee2d2b4a208d677.yaml new file mode 100644 index 0000000000..7b08f69ca9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gamipress-b5027c0ff3d1a1043ee2d2b4a208d677.yaml @@ -0,0 +1,58 @@ +id: gamipress-b5027c0ff3d1a1043ee2d2b4a208d677 + +info: + name: > + GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 6.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/720a3525-01dd-4cfd-9403-2bc3f87df618?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gamipress/" + google-query: inurl:"/wp-content/plugins/gamipress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gamipress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gamipress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gamipress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gamipress-button-778205eb09884149dafbca785f8423fc.yaml b/nuclei-templates/cve-less/plugins/gamipress-button-778205eb09884149dafbca785f8423fc.yaml new file mode 100644 index 0000000000..da12719125 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gamipress-button-778205eb09884149dafbca785f8423fc.yaml @@ -0,0 +1,58 @@ +id: gamipress-button-778205eb09884149dafbca785f8423fc + +info: + name: > + GamiPress – Button <= 1.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af39e563-5d88-460d-b02d-1aaa111c89dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gamipress-button/" + google-query: inurl:"/wp-content/plugins/gamipress-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gamipress-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gamipress-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gamipress-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gamipress-d1724e13d2fdf6a25faad25727547d93.yaml b/nuclei-templates/cve-less/plugins/gamipress-d1724e13d2fdf6a25faad25727547d93.yaml new file mode 100644 index 0000000000..f200aa30e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gamipress-d1724e13d2fdf6a25faad25727547d93.yaml @@ -0,0 +1,58 @@ +id: gamipress-d1724e13d2fdf6a25faad25727547d93 + +info: + name: > + GamiPress <= 6.8.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b68b6736-6552-4115-9702-bd178846544c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gamipress/" + google-query: inurl:"/wp-content/plugins/gamipress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gamipress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gamipress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gamipress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gamipress-dcab95fd687427a84724b3b04c96af59.yaml b/nuclei-templates/cve-less/plugins/gamipress-dcab95fd687427a84724b3b04c96af59.yaml new file mode 100644 index 0000000000..64bf17b372 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gamipress-dcab95fd687427a84724b3b04c96af59.yaml @@ -0,0 +1,58 @@ +id: gamipress-dcab95fd687427a84724b3b04c96af59 + +info: + name: > + GamiPress <= 2.5.7 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b097ab2-7675-4409-b22a-ad70cee35ab1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gamipress/" + google-query: inurl:"/wp-content/plugins/gamipress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gamipress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gamipress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gamipress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gamipress-de9f8e0363804898afa8fe7d0b301fdf.yaml b/nuclei-templates/cve-less/plugins/gamipress-de9f8e0363804898afa8fe7d0b301fdf.yaml new file mode 100644 index 0000000000..a02331e3f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gamipress-de9f8e0363804898afa8fe7d0b301fdf.yaml @@ -0,0 +1,58 @@ +id: gamipress-de9f8e0363804898afa8fe7d0b301fdf + +info: + name: > + GamiPress <= 2.5.6 - Cross-Site Request Forgery to User Earnings Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff4b757a-9ede-496b-b559-cf952d39fe70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gamipress/" + google-query: inurl:"/wp-content/plugins/gamipress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gamipress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gamipress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gamipress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gamipress-vimeo-integration-164be8fbabac441285f1a369205bd8e3.yaml b/nuclei-templates/cve-less/plugins/gamipress-vimeo-integration-164be8fbabac441285f1a369205bd8e3.yaml new file mode 100644 index 0000000000..ca0cbcd59f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gamipress-vimeo-integration-164be8fbabac441285f1a369205bd8e3.yaml @@ -0,0 +1,58 @@ +id: gamipress-vimeo-integration-164be8fbabac441285f1a369205bd8e3 + +info: + name: > + GamiPress – Vimeo integration <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73aebd68-4f36-4999-844c-f09b10462ef8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gamipress-vimeo-integration/" + google-query: inurl:"/wp-content/plugins/gamipress-vimeo-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gamipress-vimeo-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gamipress-vimeo-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gamipress-vimeo-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gappointments-3337ca8e284defa05fd45bda9b3ec176.yaml b/nuclei-templates/cve-less/plugins/gappointments-3337ca8e284defa05fd45bda9b3ec176.yaml new file mode 100644 index 0000000000..c5def2b992 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gappointments-3337ca8e284defa05fd45bda9b3ec176.yaml @@ -0,0 +1,58 @@ +id: gappointments-3337ca8e284defa05fd45bda9b3ec176 + +info: + name: > + gAppointments <= 1.9.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20a6a58f-b6c0-4132-932b-c6def8e9e7c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gAppointments/" + google-query: inurl:"/wp-content/plugins/gAppointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gAppointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gAppointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gAppointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gappointments-fdce74da2fc29d9a1b7b66e598acdde8.yaml b/nuclei-templates/cve-less/plugins/gappointments-fdce74da2fc29d9a1b7b66e598acdde8.yaml new file mode 100644 index 0000000000..eff2f9cfeb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gappointments-fdce74da2fc29d9a1b7b66e598acdde8.yaml @@ -0,0 +1,58 @@ +id: gappointments-fdce74da2fc29d9a1b7b66e598acdde8 + +info: + name: > + gAppointments - Appointment booking addon for Gravity Forms <= 1.9.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19983f79-b439-4bb0-8f29-8312f1ff9791?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gAppointments/" + google-query: inurl:"/wp-content/plugins/gAppointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gAppointments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gAppointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gAppointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/garagesale-a274fd2664073f0162156778e8dac986.yaml b/nuclei-templates/cve-less/plugins/garagesale-a274fd2664073f0162156778e8dac986.yaml new file mode 100644 index 0000000000..8198a47fde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/garagesale-a274fd2664073f0162156778e8dac986.yaml @@ -0,0 +1,58 @@ +id: garagesale-a274fd2664073f0162156778e8dac986 + +info: + name: > + GarageSale < 1.2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1ed7ed0-5bcd-42ca-ab56-70ebd3d3c63a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/garagesale/" + google-query: inurl:"/wp-content/plugins/garagesale/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,garagesale,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/garagesale/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "garagesale" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/garden-gnome-package-597aa63a54783e43984bca6c0a5bda16.yaml b/nuclei-templates/cve-less/plugins/garden-gnome-package-597aa63a54783e43984bca6c0a5bda16.yaml new file mode 100644 index 0000000000..a18adf7b80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/garden-gnome-package-597aa63a54783e43984bca6c0a5bda16.yaml @@ -0,0 +1,58 @@ +id: garden-gnome-package-597aa63a54783e43984bca6c0a5bda16 + +info: + name: > + Garden Gnome Package <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c7385c7-47de-4511-b474-7415c3977aa8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/garden-gnome-package/" + google-query: inurl:"/wp-content/plugins/garden-gnome-package/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,garden-gnome-package,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/garden-gnome-package/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "garden-gnome-package" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gb-gallery-slideshow-5951232c0f20a63b311a79c589b973af.yaml b/nuclei-templates/cve-less/plugins/gb-gallery-slideshow-5951232c0f20a63b311a79c589b973af.yaml new file mode 100644 index 0000000000..b8a6df59d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gb-gallery-slideshow-5951232c0f20a63b311a79c589b973af.yaml @@ -0,0 +1,58 @@ +id: gb-gallery-slideshow-5951232c0f20a63b311a79c589b973af + +info: + name: > + GB Gallery Slideshow <= 1.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb85341a-0253-41b2-992e-9202cb3e0f2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gb-gallery-slideshow/" + google-query: inurl:"/wp-content/plugins/gb-gallery-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gb-gallery-slideshow,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gb-gallery-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gb-gallery-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gc-testimonials-673bbf1cbb44b5f720028f2010c7e907.yaml b/nuclei-templates/cve-less/plugins/gc-testimonials-673bbf1cbb44b5f720028f2010c7e907.yaml new file mode 100644 index 0000000000..53c07ca607 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gc-testimonials-673bbf1cbb44b5f720028f2010c7e907.yaml @@ -0,0 +1,58 @@ +id: gc-testimonials-673bbf1cbb44b5f720028f2010c7e907 + +info: + name: > + GC Testimonials <= 1.3.2 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dd7eb74-20ec-4949-9ba2-34081849d7f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gc-testimonials/" + google-query: inurl:"/wp-content/plugins/gc-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gc-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gc-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gc-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-16c5aaa4049ec9cf0dce63beccb79a30.yaml b/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-16c5aaa4049ec9cf0dce63beccb79a30.yaml new file mode 100644 index 0000000000..508064025f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-16c5aaa4049ec9cf0dce63beccb79a30.yaml @@ -0,0 +1,58 @@ +id: gd-bbpress-attachments-16c5aaa4049ec9cf0dce63beccb79a30 + +info: + name: > + GD bbPress Attachments < 2.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a1f91a3-6b8d-4be4-817c-9c88d2349723?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-bbpress-attachments/" + google-query: inurl:"/wp-content/plugins/gd-bbpress-attachments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-bbpress-attachments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-bbpress-attachments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-bbpress-attachments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-6edbfbf441adea692ef285720c58a9cd.yaml b/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-6edbfbf441adea692ef285720c58a9cd.yaml new file mode 100644 index 0000000000..8c66ab66d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-6edbfbf441adea692ef285720c58a9cd.yaml @@ -0,0 +1,58 @@ +id: gd-bbpress-attachments-6edbfbf441adea692ef285720c58a9cd + +info: + name: > + GD bbPress Attachments <= 4.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/642c03f4-f12c-4ae2-a4ab-4f49d6bd033c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-bbpress-attachments/" + google-query: inurl:"/wp-content/plugins/gd-bbpress-attachments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-bbpress-attachments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-bbpress-attachments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-bbpress-attachments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-b5416cf2ccfb117fc0f1b193a5863e11.yaml b/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-b5416cf2ccfb117fc0f1b193a5863e11.yaml new file mode 100644 index 0000000000..b6eee55632 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-bbpress-attachments-b5416cf2ccfb117fc0f1b193a5863e11.yaml @@ -0,0 +1,58 @@ +id: gd-bbpress-attachments-b5416cf2ccfb117fc0f1b193a5863e11 + +info: + name: > + GD bbPress Attachments < 2.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25543955-15b0-4dda-9636-c116db7f2838?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-bbpress-attachments/" + google-query: inurl:"/wp-content/plugins/gd-bbpress-attachments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-bbpress-attachments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-bbpress-attachments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-bbpress-attachments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-mail-queue-859e2f1c3d7c5202926f95b0d25e1db8.yaml b/nuclei-templates/cve-less/plugins/gd-mail-queue-859e2f1c3d7c5202926f95b0d25e1db8.yaml new file mode 100644 index 0000000000..635555eddc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-mail-queue-859e2f1c3d7c5202926f95b0d25e1db8.yaml @@ -0,0 +1,58 @@ +id: gd-mail-queue-859e2f1c3d7c5202926f95b0d25e1db8 + +info: + name: > + GD Mail Queue <= 3.9.3 - Unauthenticated Stored Cross-Site Scripting via Email + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b668f45-c7fb-481b-bc8e-115e5b7248c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-mail-queue/" + google-query: inurl:"/wp-content/plugins/gd-mail-queue/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-mail-queue,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-mail-queue/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-mail-queue" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-mylist-8ac9cdbd4cf7676c20528abcd5d7ef87.yaml b/nuclei-templates/cve-less/plugins/gd-mylist-8ac9cdbd4cf7676c20528abcd5d7ef87.yaml new file mode 100644 index 0000000000..e039b74753 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-mylist-8ac9cdbd4cf7676c20528abcd5d7ef87.yaml @@ -0,0 +1,58 @@ +id: gd-mylist-8ac9cdbd4cf7676c20528abcd5d7ef87 + +info: + name: > + GD Mylist <= 1.1.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2110dbe-a625-4fa5-8426-8f11b3c33844?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-mylist/" + google-query: inurl:"/wp-content/plugins/gd-mylist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-mylist,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-mylist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-mylist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-rating-system-034ab84e882013699ca86030c39bb7c1.yaml b/nuclei-templates/cve-less/plugins/gd-rating-system-034ab84e882013699ca86030c39bb7c1.yaml new file mode 100644 index 0000000000..5b12d4fb1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-rating-system-034ab84e882013699ca86030c39bb7c1.yaml @@ -0,0 +1,58 @@ +id: gd-rating-system-034ab84e882013699ca86030c39bb7c1 + +info: + name: > + GD Rating System <= 2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c14f473f-ca49-4610-b5df-9eb0e064ece5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-rating-system/" + google-query: inurl:"/wp-content/plugins/gd-rating-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-rating-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-rating-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-rating-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-rating-system-202b289fdef0d266d30f1e52a074682a.yaml b/nuclei-templates/cve-less/plugins/gd-rating-system-202b289fdef0d266d30f1e52a074682a.yaml new file mode 100644 index 0000000000..7bae2c677b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-rating-system-202b289fdef0d266d30f1e52a074682a.yaml @@ -0,0 +1,58 @@ +id: gd-rating-system-202b289fdef0d266d30f1e52a074682a + +info: + name: > + GD Rating System <= 2.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44210443-26f8-4626-aee2-4a19d87fdd43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-rating-system/" + google-query: inurl:"/wp-content/plugins/gd-rating-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-rating-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-rating-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-rating-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-rating-system-363e85a87b5e31a1dda22e9466545bd8.yaml b/nuclei-templates/cve-less/plugins/gd-rating-system-363e85a87b5e31a1dda22e9466545bd8.yaml new file mode 100644 index 0000000000..85c8ff01db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-rating-system-363e85a87b5e31a1dda22e9466545bd8.yaml @@ -0,0 +1,58 @@ +id: gd-rating-system-363e85a87b5e31a1dda22e9466545bd8 + +info: + name: > + GD Rating System <= 2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccf80f2d-3d2d-4fe6-a4c4-5a850cf5bdc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-rating-system/" + google-query: inurl:"/wp-content/plugins/gd-rating-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-rating-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-rating-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-rating-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-rating-system-4aea8831d45ac7f2974ea4162d22b445.yaml b/nuclei-templates/cve-less/plugins/gd-rating-system-4aea8831d45ac7f2974ea4162d22b445.yaml new file mode 100644 index 0000000000..b91cb77a04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-rating-system-4aea8831d45ac7f2974ea4162d22b445.yaml @@ -0,0 +1,58 @@ +id: gd-rating-system-4aea8831d45ac7f2974ea4162d22b445 + +info: + name: > + GD Rating System < 2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10ac9e80-7aa9-4cc5-ad37-f15f8d12ed16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-rating-system/" + google-query: inurl:"/wp-content/plugins/gd-rating-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-rating-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-rating-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-rating-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-rating-system-567c0bab82561630aea9403749f896f8.yaml b/nuclei-templates/cve-less/plugins/gd-rating-system-567c0bab82561630aea9403749f896f8.yaml new file mode 100644 index 0000000000..015cf3bb1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-rating-system-567c0bab82561630aea9403749f896f8.yaml @@ -0,0 +1,58 @@ +id: gd-rating-system-567c0bab82561630aea9403749f896f8 + +info: + name: > + GD Rating System <= 2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8e768a4-09ac-4772-9e5d-b9f63bac208c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-rating-system/" + google-query: inurl:"/wp-content/plugins/gd-rating-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-rating-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-rating-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-rating-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-rating-system-651523e243c6fa14f5b8ba27b9c0bb50.yaml b/nuclei-templates/cve-less/plugins/gd-rating-system-651523e243c6fa14f5b8ba27b9c0bb50.yaml new file mode 100644 index 0000000000..ab23db0430 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-rating-system-651523e243c6fa14f5b8ba27b9c0bb50.yaml @@ -0,0 +1,58 @@ +id: gd-rating-system-651523e243c6fa14f5b8ba27b9c0bb50 + +info: + name: > + GD Rating System <= 2.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6351d3f7-2d10-4fcf-b7c1-88ce529cd9f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-rating-system/" + google-query: inurl:"/wp-content/plugins/gd-rating-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-rating-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-rating-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-rating-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-rating-system-79116f6e6f3436dd311270ae51db9449.yaml b/nuclei-templates/cve-less/plugins/gd-rating-system-79116f6e6f3436dd311270ae51db9449.yaml new file mode 100644 index 0000000000..5a6532c40f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-rating-system-79116f6e6f3436dd311270ae51db9449.yaml @@ -0,0 +1,58 @@ +id: gd-rating-system-79116f6e6f3436dd311270ae51db9449 + +info: + name: > + GD Rating System <= 2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1a7e39a-5fd1-4bb3-9cd9-4bded794f8f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-rating-system/" + google-query: inurl:"/wp-content/plugins/gd-rating-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-rating-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-rating-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-rating-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-rating-system-96454af8a6ce5f0b120ae58c0cde8af3.yaml b/nuclei-templates/cve-less/plugins/gd-rating-system-96454af8a6ce5f0b120ae58c0cde8af3.yaml new file mode 100644 index 0000000000..6dcb2386dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-rating-system-96454af8a6ce5f0b120ae58c0cde8af3.yaml @@ -0,0 +1,58 @@ +id: gd-rating-system-96454af8a6ce5f0b120ae58c0cde8af3 + +info: + name: > + GD Rating System <= 3.5.0 - Unauthenticated Stored Cross-Site Scripting via IP + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0b3662d-e369-4978-aa7a-debbb3ee37e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-rating-system/" + google-query: inurl:"/wp-content/plugins/gd-rating-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-rating-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-rating-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-rating-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-rating-system-d24dbe0a4be4e84f6cf2d04eb17d95aa.yaml b/nuclei-templates/cve-less/plugins/gd-rating-system-d24dbe0a4be4e84f6cf2d04eb17d95aa.yaml new file mode 100644 index 0000000000..98e9885088 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-rating-system-d24dbe0a4be4e84f6cf2d04eb17d95aa.yaml @@ -0,0 +1,58 @@ +id: gd-rating-system-d24dbe0a4be4e84f6cf2d04eb17d95aa + +info: + name: > + GD Rating System <= 2.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0d6c8dc-d32b-4ac8-8b0d-6d7ecbac86b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-rating-system/" + google-query: inurl:"/wp-content/plugins/gd-rating-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-rating-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-rating-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-rating-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-rating-system-f7fd1a8bc5d53786fd5110511a3a1b47.yaml b/nuclei-templates/cve-less/plugins/gd-rating-system-f7fd1a8bc5d53786fd5110511a3a1b47.yaml new file mode 100644 index 0000000000..f2497cdbf2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-rating-system-f7fd1a8bc5d53786fd5110511a3a1b47.yaml @@ -0,0 +1,58 @@ +id: gd-rating-system-f7fd1a8bc5d53786fd5110511a3a1b47 + +info: + name: > + GD Rating System <= 2.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47687614-bd79-44fd-bc82-eaa801c1387d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-rating-system/" + google-query: inurl:"/wp-content/plugins/gd-rating-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-rating-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-rating-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-rating-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-security-headers-626d7835b20c4c891b207d32709f9d9a.yaml b/nuclei-templates/cve-less/plugins/gd-security-headers-626d7835b20c4c891b207d32709f9d9a.yaml new file mode 100644 index 0000000000..d8cb509ef0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-security-headers-626d7835b20c4c891b207d32709f9d9a.yaml @@ -0,0 +1,58 @@ +id: gd-security-headers-626d7835b20c4c891b207d32709f9d9a + +info: + name: > + GD Security Headers <= 1.6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ce32ecf-6995-4794-8559-2f84533ecf50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-security-headers/" + google-query: inurl:"/wp-content/plugins/gd-security-headers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-security-headers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-security-headers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-security-headers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-security-headers-c051ed74380d85e155152ed23876ff43.yaml b/nuclei-templates/cve-less/plugins/gd-security-headers-c051ed74380d85e155152ed23876ff43.yaml new file mode 100644 index 0000000000..bc4be5b0c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-security-headers-c051ed74380d85e155152ed23876ff43.yaml @@ -0,0 +1,58 @@ +id: gd-security-headers-c051ed74380d85e155152ed23876ff43 + +info: + name: > + GD Security Headers <= 1.7 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b556bb3b-0fea-48a9-a893-3ad015559f3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-security-headers/" + google-query: inurl:"/wp-content/plugins/gd-security-headers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-security-headers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-security-headers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-security-headers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-star-rating-0b148460306247418981fb91f92502a9.yaml b/nuclei-templates/cve-less/plugins/gd-star-rating-0b148460306247418981fb91f92502a9.yaml new file mode 100644 index 0000000000..293956e0a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-star-rating-0b148460306247418981fb91f92502a9.yaml @@ -0,0 +1,58 @@ +id: gd-star-rating-0b148460306247418981fb91f92502a9 + +info: + name: > + GD Star Rating <= 1.9.22 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/211634f6-afc4-4841-8851-6c56a248af95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-star-rating/" + google-query: inurl:"/wp-content/plugins/gd-star-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-star-rating,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-star-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-star-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gd-star-rating-5ce9260c9b6d59d0d80e5fb0cb039b07.yaml b/nuclei-templates/cve-less/plugins/gd-star-rating-5ce9260c9b6d59d0d80e5fb0cb039b07.yaml new file mode 100644 index 0000000000..1e1b1a1d36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gd-star-rating-5ce9260c9b6d59d0d80e5fb0cb039b07.yaml @@ -0,0 +1,58 @@ +id: gd-star-rating-5ce9260c9b6d59d0d80e5fb0cb039b07 + +info: + name: > + GD Star Rating <= 1.9.22 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1432907e-bcd0-498f-9356-f269a252bc4b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gd-star-rating/" + google-query: inurl:"/wp-content/plugins/gd-star-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gd-star-rating,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gd-star-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gd-star-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gdpr-compliance-52a132f231403e0d19dffecc858bc7bc.yaml b/nuclei-templates/cve-less/plugins/gdpr-compliance-52a132f231403e0d19dffecc858bc7bc.yaml new file mode 100644 index 0000000000..250c9116fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gdpr-compliance-52a132f231403e0d19dffecc858bc7bc.yaml @@ -0,0 +1,58 @@ +id: gdpr-compliance-52a132f231403e0d19dffecc858bc7bc + +info: + name: > + GDPR Compliance <= 1.2.5 - Authenticated (Subscriber+) Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b56076bd-4a15-4857-9443-b36eed66d5c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gdpr-compliance/" + google-query: inurl:"/wp-content/plugins/gdpr-compliance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gdpr-compliance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gdpr-compliance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gdpr-compliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gdpr-compliance-by-supsystic-d52f1aa2c59f42390d8192c949633ea4.yaml b/nuclei-templates/cve-less/plugins/gdpr-compliance-by-supsystic-d52f1aa2c59f42390d8192c949633ea4.yaml new file mode 100644 index 0000000000..567c75e07e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gdpr-compliance-by-supsystic-d52f1aa2c59f42390d8192c949633ea4.yaml @@ -0,0 +1,58 @@ +id: gdpr-compliance-by-supsystic-d52f1aa2c59f42390d8192c949633ea4 + +info: + name: > + GDPR Cookie Consent by Supsystic <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/158a63c1-1b2e-4fbf-ac86-43471ba8ebc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gdpr-compliance-by-supsystic/" + google-query: inurl:"/wp-content/plugins/gdpr-compliance-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gdpr-compliance-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gdpr-compliance-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gdpr-compliance-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gdpr-compliance-cookie-consent-f512a45803d4900b6bd2ce597a679e7f.yaml b/nuclei-templates/cve-less/plugins/gdpr-compliance-cookie-consent-f512a45803d4900b6bd2ce597a679e7f.yaml new file mode 100644 index 0000000000..b371625037 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gdpr-compliance-cookie-consent-f512a45803d4900b6bd2ce597a679e7f.yaml @@ -0,0 +1,58 @@ +id: gdpr-compliance-cookie-consent-f512a45803d4900b6bd2ce597a679e7f + +info: + name: > + GDPR Compliance & Cookie Consent <= 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/052b345a-7b71-4de5-9bf8-8b81cc1b4e77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gdpr-compliance-cookie-consent/" + google-query: inurl:"/wp-content/plugins/gdpr-compliance-cookie-consent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gdpr-compliance-cookie-consent,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gdpr-compliance-cookie-consent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gdpr-compliance-cookie-consent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gdpr-cookie-compliance-42ff6519960f311906ae3110cd3f6c64.yaml b/nuclei-templates/cve-less/plugins/gdpr-cookie-compliance-42ff6519960f311906ae3110cd3f6c64.yaml new file mode 100644 index 0000000000..8b86ee6915 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gdpr-cookie-compliance-42ff6519960f311906ae3110cd3f6c64.yaml @@ -0,0 +1,58 @@ +id: gdpr-cookie-compliance-42ff6519960f311906ae3110cd3f6c64 + +info: + name: > + GDPR Cookie Compliance <= 4.0.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9116d719-f536-4b8a-9e73-9a8a922f8a35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gdpr-cookie-compliance/" + google-query: inurl:"/wp-content/plugins/gdpr-cookie-compliance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gdpr-cookie-compliance,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gdpr-cookie-compliance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gdpr-cookie-compliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gdpr-cookie-compliance-ebc9a2de114d9ab75adedbcfdade473e.yaml b/nuclei-templates/cve-less/plugins/gdpr-cookie-compliance-ebc9a2de114d9ab75adedbcfdade473e.yaml new file mode 100644 index 0000000000..c98f1ee8c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gdpr-cookie-compliance-ebc9a2de114d9ab75adedbcfdade473e.yaml @@ -0,0 +1,58 @@ +id: gdpr-cookie-compliance-ebc9a2de114d9ab75adedbcfdade473e + +info: + name: > + GDPR Cookie Compliance <= 4.12.4 - Cross-Site Request Forgery to License Modification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f847a61-4378-4b04-8eb4-99ef36417b6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gdpr-cookie-compliance/" + google-query: inurl:"/wp-content/plugins/gdpr-cookie-compliance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gdpr-cookie-compliance,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gdpr-cookie-compliance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gdpr-cookie-compliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.12.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gdpr-cookie-consent-6fafcaccee81c5d3208247d34dd3565c.yaml b/nuclei-templates/cve-less/plugins/gdpr-cookie-consent-6fafcaccee81c5d3208247d34dd3565c.yaml new file mode 100644 index 0000000000..a5ab91faa2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gdpr-cookie-consent-6fafcaccee81c5d3208247d34dd3565c.yaml @@ -0,0 +1,58 @@ +id: gdpr-cookie-consent-6fafcaccee81c5d3208247d34dd3565c + +info: + name: > + WP Cookie Notice for GDPR, CCPA & ePrivacy Consent <= 2.2.5 - Authenticated(Administrator+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d178852-53bc-440b-8217-67ae68749349?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gdpr-cookie-consent/" + google-query: inurl:"/wp-content/plugins/gdpr-cookie-consent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gdpr-cookie-consent,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gdpr-cookie-consent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gdpr-cookie-consent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gdpr-cookie-consent-74ceb3dd0e91d385e16d6cd94c463dea.yaml b/nuclei-templates/cve-less/plugins/gdpr-cookie-consent-74ceb3dd0e91d385e16d6cd94c463dea.yaml new file mode 100644 index 0000000000..10dda9879a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gdpr-cookie-consent-74ceb3dd0e91d385e16d6cd94c463dea.yaml @@ -0,0 +1,58 @@ +id: gdpr-cookie-consent-74ceb3dd0e91d385e16d6cd94c463dea + +info: + name: > + WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b9abbf1-d9f5-4406-9d0c-bc2f9891d0e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gdpr-cookie-consent/" + google-query: inurl:"/wp-content/plugins/gdpr-cookie-consent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gdpr-cookie-consent,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gdpr-cookie-consent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gdpr-cookie-consent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gdpr-data-request-form-aafc1366408bf54fb9b81d829a07db37.yaml b/nuclei-templates/cve-less/plugins/gdpr-data-request-form-aafc1366408bf54fb9b81d829a07db37.yaml new file mode 100644 index 0000000000..1e6f20bf09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gdpr-data-request-form-aafc1366408bf54fb9b81d829a07db37.yaml @@ -0,0 +1,58 @@ +id: gdpr-data-request-form-aafc1366408bf54fb9b81d829a07db37 + +info: + name: > + GDPR Data Request Form <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0b8fd44-75af-4fb8-bcc1-94cb5fc9e4eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gdpr-data-request-form/" + google-query: inurl:"/wp-content/plugins/gdpr-data-request-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gdpr-data-request-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gdpr-data-request-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gdpr-data-request-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gecka-terms-thumbnails-3ddf708feedcea3e47167b185d508195.yaml b/nuclei-templates/cve-less/plugins/gecka-terms-thumbnails-3ddf708feedcea3e47167b185d508195.yaml new file mode 100644 index 0000000000..acf2451762 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gecka-terms-thumbnails-3ddf708feedcea3e47167b185d508195.yaml @@ -0,0 +1,58 @@ +id: gecka-terms-thumbnails-3ddf708feedcea3e47167b185d508195 + +info: + name: > + Gecka Terms Thumbnails <= 1.1 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07abe182-370f-4241-9631-387a7930f2f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gecka-terms-thumbnails/" + google-query: inurl:"/wp-content/plugins/gecka-terms-thumbnails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gecka-terms-thumbnails,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gecka-terms-thumbnails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gecka-terms-thumbnails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/generate-child-theme-14f53d257d97b80a7d3d574dcba76821.yaml b/nuclei-templates/cve-less/plugins/generate-child-theme-14f53d257d97b80a7d3d574dcba76821.yaml new file mode 100644 index 0000000000..0e386cdb69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/generate-child-theme-14f53d257d97b80a7d3d574dcba76821.yaml @@ -0,0 +1,58 @@ +id: generate-child-theme-14f53d257d97b80a7d3d574dcba76821 + +info: + name: > + Generate Child Theme <= 2.0 - Cross-Site Request Forgery via process_create_form() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d67b1a6c-001d-452e-861c-0e5c7ab465dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/generate-child-theme/" + google-query: inurl:"/wp-content/plugins/generate-child-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,generate-child-theme,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/generate-child-theme/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "generate-child-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/generate-child-theme-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/generate-child-theme-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..db863d6538 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/generate-child-theme-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: generate-child-theme-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/generate-child-theme/" + google-query: inurl:"/wp-content/plugins/generate-child-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,generate-child-theme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/generate-child-theme/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "generate-child-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/generate-dummy-posts-177a143182cd744b54e19a39a4cfbfd2.yaml b/nuclei-templates/cve-less/plugins/generate-dummy-posts-177a143182cd744b54e19a39a4cfbfd2.yaml new file mode 100644 index 0000000000..9e46333a0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/generate-dummy-posts-177a143182cd744b54e19a39a4cfbfd2.yaml @@ -0,0 +1,58 @@ +id: generate-dummy-posts-177a143182cd744b54e19a39a4cfbfd2 + +info: + name: > + Generate Dummy Posts <= 1.0.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d797f36-f485-4049-83f0-01d0cb409a92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/generate-dummy-posts/" + google-query: inurl:"/wp-content/plugins/generate-dummy-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,generate-dummy-posts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/generate-dummy-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "generate-dummy-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/generate-pdf-using-contact-form-7-213c6c67e9f7d7367e5fa5ff895afa34.yaml b/nuclei-templates/cve-less/plugins/generate-pdf-using-contact-form-7-213c6c67e9f7d7367e5fa5ff895afa34.yaml new file mode 100644 index 0000000000..17b83e9ce4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/generate-pdf-using-contact-form-7-213c6c67e9f7d7367e5fa5ff895afa34.yaml @@ -0,0 +1,58 @@ +id: generate-pdf-using-contact-form-7-213c6c67e9f7d7367e5fa5ff895afa34 + +info: + name: > + Generate PDF using Contact Form 7 <= 3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39f1ddd0-c26b-4754-a78a-c64fab75f238?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/generate-pdf-using-contact-form-7/" + google-query: inurl:"/wp-content/plugins/generate-pdf-using-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,generate-pdf-using-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/generate-pdf-using-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "generate-pdf-using-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/generateblocks-207f8d3483b6bc918c2a6bbcc21fd35b.yaml b/nuclei-templates/cve-less/plugins/generateblocks-207f8d3483b6bc918c2a6bbcc21fd35b.yaml new file mode 100644 index 0000000000..20a3fe5001 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/generateblocks-207f8d3483b6bc918c2a6bbcc21fd35b.yaml @@ -0,0 +1,58 @@ +id: generateblocks-207f8d3483b6bc918c2a6bbcc21fd35b + +info: + name: > + GenerateBlocks <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffd3ecc8-8b76-453f-b2e9-a9c70c58edbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/generateblocks/" + google-query: inurl:"/wp-content/plugins/generateblocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,generateblocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/generateblocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "generateblocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/generateblocks-74b40b0063e22d99daacbf3fd60ee7a2.yaml b/nuclei-templates/cve-less/plugins/generateblocks-74b40b0063e22d99daacbf3fd60ee7a2.yaml new file mode 100644 index 0000000000..c0ae0bc0dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/generateblocks-74b40b0063e22d99daacbf3fd60ee7a2.yaml @@ -0,0 +1,58 @@ +id: generateblocks-74b40b0063e22d99daacbf3fd60ee7a2 + +info: + name: > + GenerateBlocks <= 1.8.2 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62f19301-2311-4989-a5f2-9f845b72dd54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/generateblocks/" + google-query: inurl:"/wp-content/plugins/generateblocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,generateblocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/generateblocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "generateblocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/generatepress-premium-616c8823c1cd69f1db936287f2d1fa7d.yaml b/nuclei-templates/cve-less/plugins/generatepress-premium-616c8823c1cd69f1db936287f2d1fa7d.yaml new file mode 100644 index 0000000000..6668c4cf26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/generatepress-premium-616c8823c1cd69f1db936287f2d1fa7d.yaml @@ -0,0 +1,58 @@ +id: generatepress-premium-616c8823c1cd69f1db936287f2d1fa7d + +info: + name: > + GeneratePress Premium <= 2.3.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom Meta + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9dcd48b8-ec9e-44b4-b531-95940adbd100?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/generatepress-premium/" + google-query: inurl:"/wp-content/plugins/generatepress-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,generatepress-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/generatepress-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "generatepress-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/genesis-blocks-81d04df7ff5b0fa9ae3cc7f6b2f9eb6d.yaml b/nuclei-templates/cve-less/plugins/genesis-blocks-81d04df7ff5b0fa9ae3cc7f6b2f9eb6d.yaml new file mode 100644 index 0000000000..78c845979b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/genesis-blocks-81d04df7ff5b0fa9ae3cc7f6b2f9eb6d.yaml @@ -0,0 +1,58 @@ +id: genesis-blocks-81d04df7ff5b0fa9ae3cc7f6b2f9eb6d + +info: + name: > + Genesis Blocks <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Content + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce116ee1-f0ea-469b-8c17-8c17c76fdc66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/genesis-blocks/" + google-query: inurl:"/wp-content/plugins/genesis-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,genesis-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/genesis-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "genesis-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/genesis-blocks-cc71ce3f07c7a7f6d2e0e309f25463b5.yaml b/nuclei-templates/cve-less/plugins/genesis-blocks-cc71ce3f07c7a7f6d2e0e309f25463b5.yaml new file mode 100644 index 0000000000..26d2d4bc3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/genesis-blocks-cc71ce3f07c7a7f6d2e0e309f25463b5.yaml @@ -0,0 +1,58 @@ +id: genesis-blocks-cc71ce3f07c7a7f6d2e0e309f25463b5 + +info: + name: > + Genesis Blocks <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via postTitleTag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4eef7f0-5f09-4618-a3f8-a9e8dabef334?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/genesis-blocks/" + google-query: inurl:"/wp-content/plugins/genesis-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,genesis-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/genesis-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "genesis-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/genesis-columns-advanced-c0043e4e0fc4abc274a0b7326af041c1.yaml b/nuclei-templates/cve-less/plugins/genesis-columns-advanced-c0043e4e0fc4abc274a0b7326af041c1.yaml new file mode 100644 index 0000000000..6ba9107ba1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/genesis-columns-advanced-c0043e4e0fc4abc274a0b7326af041c1.yaml @@ -0,0 +1,58 @@ +id: genesis-columns-advanced-c0043e4e0fc4abc274a0b7326af041c1 + +info: + name: > + Genesis Columns Advanced <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef6b80c1-7f5e-4f8d-964a-a9c9c4f2a882?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/genesis-columns-advanced/" + google-query: inurl:"/wp-content/plugins/genesis-columns-advanced/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,genesis-columns-advanced,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/genesis-columns-advanced/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "genesis-columns-advanced" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/genesis-simple-love-d3a9e47377e2967a1d3f37559f1438da.yaml b/nuclei-templates/cve-less/plugins/genesis-simple-love-d3a9e47377e2967a1d3f37559f1438da.yaml new file mode 100644 index 0000000000..98886d958d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/genesis-simple-love-d3a9e47377e2967a1d3f37559f1438da.yaml @@ -0,0 +1,58 @@ +id: genesis-simple-love-d3a9e47377e2967a1d3f37559f1438da + +info: + name: > + Genesis Simple Love <= 2.0 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55abf798-f336-4262-9f52-4526a4bae15a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/genesis-simple-love/" + google-query: inurl:"/wp-content/plugins/genesis-simple-love/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,genesis-simple-love,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/genesis-simple-love/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "genesis-simple-love" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/genie-wp-favicon-a934a7b75723aefc4d34e91dfaf7a31f.yaml b/nuclei-templates/cve-less/plugins/genie-wp-favicon-a934a7b75723aefc4d34e91dfaf7a31f.yaml new file mode 100644 index 0000000000..6548cf9e59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/genie-wp-favicon-a934a7b75723aefc4d34e91dfaf7a31f.yaml @@ -0,0 +1,58 @@ +id: genie-wp-favicon-a934a7b75723aefc4d34e91dfaf7a31f + +info: + name: > + Genie WP Favicon <= 0.5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f35c4e21-a6d6-4821-a415-2ff40ea76f99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/genie-wp-favicon/" + google-query: inurl:"/wp-content/plugins/genie-wp-favicon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,genie-wp-favicon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/genie-wp-favicon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "genie-wp-favicon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/genki-pre-publish-reminder-d4ee747485499e50fea0ef44831d0b48.yaml b/nuclei-templates/cve-less/plugins/genki-pre-publish-reminder-d4ee747485499e50fea0ef44831d0b48.yaml new file mode 100644 index 0000000000..bbe4366195 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/genki-pre-publish-reminder-d4ee747485499e50fea0ef44831d0b48.yaml @@ -0,0 +1,58 @@ +id: genki-pre-publish-reminder-d4ee747485499e50fea0ef44831d0b48 + +info: + name: > + Genki Pre-Publish Reminder <= 1.4.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15b86ae0-93f0-4035-80c3-b3a713077b32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/genki-pre-publish-reminder/" + google-query: inurl:"/wp-content/plugins/genki-pre-publish-reminder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,genki-pre-publish-reminder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/genki-pre-publish-reminder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "genki-pre-publish-reminder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geo-mashup-381d6cb0faea51f097b85258ee0a1587.yaml b/nuclei-templates/cve-less/plugins/geo-mashup-381d6cb0faea51f097b85258ee0a1587.yaml new file mode 100644 index 0000000000..991bcfaefb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geo-mashup-381d6cb0faea51f097b85258ee0a1587.yaml @@ -0,0 +1,58 @@ +id: geo-mashup-381d6cb0faea51f097b85258ee0a1587 + +info: + name: > + Geo Mashup - < 1.10.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4e812f2-78f2-4dde-96ec-2ee114ebaa60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geo-mashup/" + google-query: inurl:"/wp-content/plugins/geo-mashup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geo-mashup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geo-mashup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geo-mashup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geo-mashup-887adced0648142cd9b714a8cbded6f3.yaml b/nuclei-templates/cve-less/plugins/geo-mashup-887adced0648142cd9b714a8cbded6f3.yaml new file mode 100644 index 0000000000..c95f883bbc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geo-mashup-887adced0648142cd9b714a8cbded6f3.yaml @@ -0,0 +1,58 @@ +id: geo-mashup-887adced0648142cd9b714a8cbded6f3 + +info: + name: > + Geo Mashup < 1.8.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b7073e8-10cf-4fe0-9eb6-f9acd509598c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geo-mashup/" + google-query: inurl:"/wp-content/plugins/geo-mashup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geo-mashup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geo-mashup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geo-mashup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geo-my-wp-9764fa1268021fb445ed7c1cafd9a12b.yaml b/nuclei-templates/cve-less/plugins/geo-my-wp-9764fa1268021fb445ed7c1cafd9a12b.yaml new file mode 100644 index 0000000000..a1e6b6b290 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geo-my-wp-9764fa1268021fb445ed7c1cafd9a12b.yaml @@ -0,0 +1,58 @@ +id: geo-my-wp-9764fa1268021fb445ed7c1cafd9a12b + +info: + name: > + GEO my WordPress <= 4.0.2 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94f118c3-d470-43c4-a61a-1ec998694880?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geo-my-wp/" + google-query: inurl:"/wp-content/plugins/geo-my-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geo-my-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geo-my-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geo-my-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geo-my-wp-fcc1cf4316d93103b20ebe799631fe04.yaml b/nuclei-templates/cve-less/plugins/geo-my-wp-fcc1cf4316d93103b20ebe799631fe04.yaml new file mode 100644 index 0000000000..155f6d2b88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geo-my-wp-fcc1cf4316d93103b20ebe799631fe04.yaml @@ -0,0 +1,58 @@ +id: geo-my-wp-fcc1cf4316d93103b20ebe799631fe04 + +info: + name: > + GEO my WordPress <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a96ac71f-3dae-40eb-9268-d56688a5aa64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geo-my-wp/" + google-query: inurl:"/wp-content/plugins/geo-my-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geo-my-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geo-my-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geo-my-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geo-my-wp-ff66d6fc13b6cfdb064978e366821aab.yaml b/nuclei-templates/cve-less/plugins/geo-my-wp-ff66d6fc13b6cfdb064978e366821aab.yaml new file mode 100644 index 0000000000..d3ce808167 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geo-my-wp-ff66d6fc13b6cfdb064978e366821aab.yaml @@ -0,0 +1,58 @@ +id: geo-my-wp-ff66d6fc13b6cfdb064978e366821aab + +info: + name: > + GEO my WordPress <= 4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d9d7cab-c840-469f-ba2d-f81c785ffb8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geo-my-wp/" + google-query: inurl:"/wp-content/plugins/geo-my-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geo-my-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geo-my-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geo-my-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geo-redirector-7ff4f760c301092254ff0a3e49a089e0.yaml b/nuclei-templates/cve-less/plugins/geo-redirector-7ff4f760c301092254ff0a3e49a089e0.yaml new file mode 100644 index 0000000000..91ddfc682c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geo-redirector-7ff4f760c301092254ff0a3e49a089e0.yaml @@ -0,0 +1,58 @@ +id: geo-redirector-7ff4f760c301092254ff0a3e49a089e0 + +info: + name: > + GEO Redirector <= 1.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34a6c9af-1616-4b5d-8660-4f141bdd25c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geo-redirector/" + google-query: inurl:"/wp-content/plugins/geo-redirector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geo-redirector,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geo-redirector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geo-redirector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geodir_location_manager-f6027704921a329e98184819d6ebf0b2.yaml b/nuclei-templates/cve-less/plugins/geodir_location_manager-f6027704921a329e98184819d6ebf0b2.yaml new file mode 100644 index 0000000000..6bf23c88b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geodir_location_manager-f6027704921a329e98184819d6ebf0b2.yaml @@ -0,0 +1,58 @@ +id: geodir_location_manager-f6027704921a329e98184819d6ebf0b2 + +info: + name: > + Location Manager < 2.1.0.10 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/855ca8f0-5078-48ec-a5d0-3f43a217a91e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geodir_location_manager/" + google-query: inurl:"/wp-content/plugins/geodir_location_manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geodir_location_manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geodir_location_manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geodir_location_manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geodirectory-0c1c0e5907f82c480480fd236d7507d7.yaml b/nuclei-templates/cve-less/plugins/geodirectory-0c1c0e5907f82c480480fd236d7507d7.yaml new file mode 100644 index 0000000000..28d07c645e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geodirectory-0c1c0e5907f82c480480fd236d7507d7.yaml @@ -0,0 +1,58 @@ +id: geodirectory-0c1c0e5907f82c480480fd236d7507d7 + +info: + name: > + GeoDirectory <= 2.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb4b1871-7c13-4f7c-93b5-d5254f89da8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geodirectory/" + google-query: inurl:"/wp-content/plugins/geodirectory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geodirectory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geodirectory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geodirectory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geodirectory-10faa8f7dbe39946fc1591dc4a29cfc1.yaml b/nuclei-templates/cve-less/plugins/geodirectory-10faa8f7dbe39946fc1591dc4a29cfc1.yaml new file mode 100644 index 0000000000..99df38cbdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geodirectory-10faa8f7dbe39946fc1591dc4a29cfc1.yaml @@ -0,0 +1,58 @@ +id: geodirectory-10faa8f7dbe39946fc1591dc4a29cfc1 + +info: + name: > + GeoDirectory <= 2.1.1.2 - Authenticated (admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd8a61d1-904d-4027-8f27-6e3018862d9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geodirectory/" + google-query: inurl:"/wp-content/plugins/geodirectory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geodirectory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geodirectory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geodirectory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geodirectory-7539302587926b426117aef883b56a59.yaml b/nuclei-templates/cve-less/plugins/geodirectory-7539302587926b426117aef883b56a59.yaml new file mode 100644 index 0000000000..2e3d3a5a26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geodirectory-7539302587926b426117aef883b56a59.yaml @@ -0,0 +1,58 @@ +id: geodirectory-7539302587926b426117aef883b56a59 + +info: + name: > + GeoDirectory <= 2.3.28 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3d48aca-3db5-4585-bd71-5548f3b36ea1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geodirectory/" + google-query: inurl:"/wp-content/plugins/geodirectory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geodirectory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geodirectory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geodirectory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geodirectory-88d4547a92050d1b28fb4357c26c8ac0.yaml b/nuclei-templates/cve-less/plugins/geodirectory-88d4547a92050d1b28fb4357c26c8ac0.yaml new file mode 100644 index 0000000000..7c143611b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geodirectory-88d4547a92050d1b28fb4357c26c8ac0.yaml @@ -0,0 +1,58 @@ +id: geodirectory-88d4547a92050d1b28fb4357c26c8ac0 + +info: + name: > + GeoDirectory – WordPress Business Directory Plugin, or Classified Directory <= 2.3.48 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'gd_single_tabs' Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a91e786-f570-4c6c-b1c7-0110774cb808?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geodirectory/" + google-query: inurl:"/wp-content/plugins/geodirectory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geodirectory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geodirectory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geodirectory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.48') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/geodirectory-db82d66ee6f616f5c7fafadef247b8d1.yaml b/nuclei-templates/cve-less/plugins/geodirectory-db82d66ee6f616f5c7fafadef247b8d1.yaml new file mode 100644 index 0000000000..1c62b267d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/geodirectory-db82d66ee6f616f5c7fafadef247b8d1.yaml @@ -0,0 +1,58 @@ +id: geodirectory-db82d66ee6f616f5c7fafadef247b8d1 + +info: + name: > + GeoDirectory <= 2.2.23 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81fa4987-d019-4d0c-a002-eceef956161e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/geodirectory/" + google-query: inurl:"/wp-content/plugins/geodirectory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,geodirectory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/geodirectory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "geodirectory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gestion-pymes-ea5c3acfd64b155268d32c3228d1c82f.yaml b/nuclei-templates/cve-less/plugins/gestion-pymes-ea5c3acfd64b155268d32c3228d1c82f.yaml new file mode 100644 index 0000000000..04a2dded74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gestion-pymes-ea5c3acfd64b155268d32c3228d1c82f.yaml @@ -0,0 +1,58 @@ +id: gestion-pymes-ea5c3acfd64b155268d32c3228d1c82f + +info: + name: > + Gestion-Pymes <= 1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/165bf4d4-0f97-4c51-bc55-ad14f3e4aae9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gestion-pymes/" + google-query: inurl:"/wp-content/plugins/gestion-pymes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gestion-pymes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gestion-pymes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gestion-pymes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gestpay-for-woocommerce-0bdfa552c8e79eb2f1a91f087f9bcf9b.yaml b/nuclei-templates/cve-less/plugins/gestpay-for-woocommerce-0bdfa552c8e79eb2f1a91f087f9bcf9b.yaml new file mode 100644 index 0000000000..b85c648383 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gestpay-for-woocommerce-0bdfa552c8e79eb2f1a91f087f9bcf9b.yaml @@ -0,0 +1,58 @@ +id: gestpay-for-woocommerce-0bdfa552c8e79eb2f1a91f087f9bcf9b + +info: + name: > + Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gestpay-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/gestpay-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gestpay-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gestpay-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gestpay-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20221130') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gestpay-for-woocommerce-5d5a5e01ff4136d5ff903d7e1aa12854.yaml b/nuclei-templates/cve-less/plugins/gestpay-for-woocommerce-5d5a5e01ff4136d5ff903d7e1aa12854.yaml new file mode 100644 index 0000000000..cc31beacc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gestpay-for-woocommerce-5d5a5e01ff4136d5ff903d7e1aa12854.yaml @@ -0,0 +1,58 @@ +id: gestpay-for-woocommerce-5d5a5e01ff4136d5ff903d7e1aa12854 + +info: + name: > + Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44b62b99-99eb-424b-a04a-9bbacf5fbbaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gestpay-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/gestpay-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gestpay-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gestpay-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gestpay-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20221130') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gestpay-for-woocommerce-6e53023aaed1d0ca3bd9def3a29a1431.yaml b/nuclei-templates/cve-less/plugins/gestpay-for-woocommerce-6e53023aaed1d0ca3bd9def3a29a1431.yaml new file mode 100644 index 0000000000..b54a0a91bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gestpay-for-woocommerce-6e53023aaed1d0ca3bd9def3a29a1431.yaml @@ -0,0 +1,58 @@ +id: gestpay-for-woocommerce-6e53023aaed1d0ca3bd9def3a29a1431 + +info: + name: > + Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_set_default_card + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d3a6650-5be0-4162-93eb-369538a2ebc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gestpay-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/gestpay-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gestpay-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gestpay-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gestpay-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20221130') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/get-custom-field-values-5e4bd8f4b7fcafa58897d3309b84db77.yaml b/nuclei-templates/cve-less/plugins/get-custom-field-values-5e4bd8f4b7fcafa58897d3309b84db77.yaml new file mode 100644 index 0000000000..5a0fc4263d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/get-custom-field-values-5e4bd8f4b7fcafa58897d3309b84db77.yaml @@ -0,0 +1,58 @@ +id: get-custom-field-values-5e4bd8f4b7fcafa58897d3309b84db77 + +info: + name: > + Get Custom Field Values < 4.0 - Arbitrary Post Metadata Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff1ca68-7c71-4442-b27f-12743fc39b37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/get-custom-field-values/" + google-query: inurl:"/wp-content/plugins/get-custom-field-values/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,get-custom-field-values,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/get-custom-field-values/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "get-custom-field-values" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/get-custom-field-values-a48251c3741e5bdda10cc3847e3d84b2.yaml b/nuclei-templates/cve-less/plugins/get-custom-field-values-a48251c3741e5bdda10cc3847e3d84b2.yaml new file mode 100644 index 0000000000..00d6745112 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/get-custom-field-values-a48251c3741e5bdda10cc3847e3d84b2.yaml @@ -0,0 +1,58 @@ +id: get-custom-field-values-a48251c3741e5bdda10cc3847e3d84b2 + +info: + name: > + Get Custom Field Values <= 4.0.0 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d52779e-3c86-4823-af0e-6f8d55d35e90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/get-custom-field-values/" + google-query: inurl:"/wp-content/plugins/get-custom-field-values/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,get-custom-field-values,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/get-custom-field-values/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "get-custom-field-values" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/get-custom-field-values-c4a2060e848f8147ede668274113eb5f.yaml b/nuclei-templates/cve-less/plugins/get-custom-field-values-c4a2060e848f8147ede668274113eb5f.yaml new file mode 100644 index 0000000000..839917ccf9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/get-custom-field-values-c4a2060e848f8147ede668274113eb5f.yaml @@ -0,0 +1,58 @@ +id: get-custom-field-values-c4a2060e848f8147ede668274113eb5f + +info: + name: > + Get Custom Field Values <= 4.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e0fd85a-2164-4b83-822e-845662591a78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/get-custom-field-values/" + google-query: inurl:"/wp-content/plugins/get-custom-field-values/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,get-custom-field-values,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/get-custom-field-values/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "get-custom-field-values" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/get-site-to-phone-by-qr-code-6a303c02814b33d00fcce0ecb738b831.yaml b/nuclei-templates/cve-less/plugins/get-site-to-phone-by-qr-code-6a303c02814b33d00fcce0ecb738b831.yaml new file mode 100644 index 0000000000..4fe39e193e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/get-site-to-phone-by-qr-code-6a303c02814b33d00fcce0ecb738b831.yaml @@ -0,0 +1,58 @@ +id: get-site-to-phone-by-qr-code-6a303c02814b33d00fcce0ecb738b831 + +info: + name: > + Showing URL in QR Code <= 0.0.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e10babc-fc65-46f9-8b88-95b00f66d01b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/get-site-to-phone-by-qr-code/" + google-query: inurl:"/wp-content/plugins/get-site-to-phone-by-qr-code/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,get-site-to-phone-by-qr-code,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/get-site-to-phone-by-qr-code/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "get-site-to-phone-by-qr-code" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/get-your-number-eceee40ae071bd0838ed35de0f0e77bb.yaml b/nuclei-templates/cve-less/plugins/get-your-number-eceee40ae071bd0838ed35de0f0e77bb.yaml new file mode 100644 index 0000000000..e6e32ac1cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/get-your-number-eceee40ae071bd0838ed35de0f0e77bb.yaml @@ -0,0 +1,58 @@ +id: get-your-number-eceee40ae071bd0838ed35de0f0e77bb + +info: + name: > + Get Your Number <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fb9dc9f-1ba5-4a2c-bead-3c3a6deb61b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/get-your-number/" + google-query: inurl:"/wp-content/plugins/get-your-number/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,get-your-number,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/get-your-number/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "get-your-number" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/getresponse-integration-318af4e7ad8fddddeacf6d8489b19638.yaml b/nuclei-templates/cve-less/plugins/getresponse-integration-318af4e7ad8fddddeacf6d8489b19638.yaml new file mode 100644 index 0000000000..0d4f075acc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/getresponse-integration-318af4e7ad8fddddeacf6d8489b19638.yaml @@ -0,0 +1,58 @@ +id: getresponse-integration-318af4e7ad8fddddeacf6d8489b19638 + +info: + name: > + GetResponse for WordPress <= 5.5.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a2782de-3ce2-4626-84c4-58c1ff454753?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getresponse-integration/" + google-query: inurl:"/wp-content/plugins/getresponse-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getresponse-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getresponse-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getresponse-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/getresponse-integration-9fa773be7e5cdf580182e19b1f6e77fb.yaml b/nuclei-templates/cve-less/plugins/getresponse-integration-9fa773be7e5cdf580182e19b1f6e77fb.yaml new file mode 100644 index 0000000000..7652c917a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/getresponse-integration-9fa773be7e5cdf580182e19b1f6e77fb.yaml @@ -0,0 +1,58 @@ +id: getresponse-integration-9fa773be7e5cdf580182e19b1f6e77fb + +info: + name: > + GetResponse <= 5.5.19 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2331a587-b731-43d9-b813-9f08efc60bfc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getresponse-integration/" + google-query: inurl:"/wp-content/plugins/getresponse-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getresponse-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getresponse-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getresponse-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/getresponse-integration-ecee6fe6f960c3e32d930eed8f81ac9e.yaml b/nuclei-templates/cve-less/plugins/getresponse-integration-ecee6fe6f960c3e32d930eed8f81ac9e.yaml new file mode 100644 index 0000000000..5168270cd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/getresponse-integration-ecee6fe6f960c3e32d930eed8f81ac9e.yaml @@ -0,0 +1,58 @@ +id: getresponse-integration-ecee6fe6f960c3e32d930eed8f81ac9e + +info: + name: > + GetResponse for WordPress <= 5.5.35 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/680219f5-631e-4318-bf1b-598947bec7d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getresponse-integration/" + google-query: inurl:"/wp-content/plugins/getresponse-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getresponse-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getresponse-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getresponse-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gettext-override-translations-c3ee6aa7cf2263de71bab964716588bf.yaml b/nuclei-templates/cve-less/plugins/gettext-override-translations-c3ee6aa7cf2263de71bab964716588bf.yaml new file mode 100644 index 0000000000..018d798c61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gettext-override-translations-c3ee6aa7cf2263de71bab964716588bf.yaml @@ -0,0 +1,58 @@ +id: gettext-override-translations-c3ee6aa7cf2263de71bab964716588bf + +info: + name: > + Gettext override translations <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f782dd7-df49-4c3b-b6d9-de618ab32b87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gettext-override-translations/" + google-query: inurl:"/wp-content/plugins/gettext-override-translations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gettext-override-translations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gettext-override-translations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gettext-override-translations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/getwid-7da918d3fc3e2e8630ac4c982d69874d.yaml b/nuclei-templates/cve-less/plugins/getwid-7da918d3fc3e2e8630ac4c982d69874d.yaml new file mode 100644 index 0000000000..26b41e2223 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/getwid-7da918d3fc3e2e8630ac4c982d69874d.yaml @@ -0,0 +1,58 @@ +id: getwid-7da918d3fc3e2e8630ac4c982d69874d + +info: + name: > + Getwid – Gutenberg Blocks <= 2.0.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'Countdown' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4770184-1b96-490c-b506-f648ab3ed764?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getwid/" + google-query: inurl:"/wp-content/plugins/getwid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getwid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getwid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getwid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/getwid-860548571db1d3ac7f3a8905c5f28f8d.yaml b/nuclei-templates/cve-less/plugins/getwid-860548571db1d3ac7f3a8905c5f28f8d.yaml new file mode 100644 index 0000000000..c77829f94d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/getwid-860548571db1d3ac7f3a8905c5f28f8d.yaml @@ -0,0 +1,58 @@ +id: getwid-860548571db1d3ac7f3a8905c5f28f8d + +info: + name: > + Getwid – Gutenberg Blocks <= 2.0.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Content + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cbe4748-6e87-4332-b84f-615aec67bcec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getwid/" + google-query: inurl:"/wp-content/plugins/getwid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getwid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getwid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getwid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/getwid-9bf910117bdf6862d3ee1c26c92e6b91.yaml b/nuclei-templates/cve-less/plugins/getwid-9bf910117bdf6862d3ee1c26c92e6b91.yaml new file mode 100644 index 0000000000..a6549a0bec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/getwid-9bf910117bdf6862d3ee1c26c92e6b91.yaml @@ -0,0 +1,58 @@ +id: getwid-9bf910117bdf6862d3ee1c26c92e6b91 + +info: + name: > + Getwid – Gutenberg Blocks <= 2.0.4 - Missing Authorization to Recaptcha API Key Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/774c00fb-82cd-44ca-bf96-3f6dfd1977d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getwid/" + google-query: inurl:"/wp-content/plugins/getwid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getwid,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getwid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getwid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/getwid-ad0428bf7ab47783f2af074da8078ee3.yaml b/nuclei-templates/cve-less/plugins/getwid-ad0428bf7ab47783f2af074da8078ee3.yaml new file mode 100644 index 0000000000..0e3fb14905 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/getwid-ad0428bf7ab47783f2af074da8078ee3.yaml @@ -0,0 +1,58 @@ +id: getwid-ad0428bf7ab47783f2af074da8078ee3 + +info: + name: > + Getwid – Gutenberg Blocks <= 2.0.2 - Improper Input Validation to Arbitrary Email Sending to Admin + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1158081c-97da-4026-be16-994f4e41c92f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getwid/" + google-query: inurl:"/wp-content/plugins/getwid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getwid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getwid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getwid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/getwid-c31135ea82eaff9efa9c5f32111bb6e0.yaml b/nuclei-templates/cve-less/plugins/getwid-c31135ea82eaff9efa9c5f32111bb6e0.yaml new file mode 100644 index 0000000000..067efcb01b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/getwid-c31135ea82eaff9efa9c5f32111bb6e0.yaml @@ -0,0 +1,58 @@ +id: getwid-c31135ea82eaff9efa9c5f32111bb6e0 + +info: + name: > + Getwid – Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c2a942-c14c-4b59-92a7-6946b2e4731b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getwid/" + google-query: inurl:"/wp-content/plugins/getwid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getwid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getwid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getwid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/getwid-caf19b99b78c33b145556e4b8cd07050.yaml b/nuclei-templates/cve-less/plugins/getwid-caf19b99b78c33b145556e4b8cd07050.yaml new file mode 100644 index 0000000000..fe16c5913d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/getwid-caf19b99b78c33b145556e4b8cd07050.yaml @@ -0,0 +1,58 @@ +id: getwid-caf19b99b78c33b145556e4b8cd07050 + +info: + name: > + Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getwid/" + google-query: inurl:"/wp-content/plugins/getwid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getwid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getwid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getwid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/getwid-d8609ca02744156f56f17a032b07e7ab.yaml b/nuclei-templates/cve-less/plugins/getwid-d8609ca02744156f56f17a032b07e7ab.yaml new file mode 100644 index 0000000000..bdcbdf4244 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/getwid-d8609ca02744156f56f17a032b07e7ab.yaml @@ -0,0 +1,58 @@ +id: getwid-d8609ca02744156f56f17a032b07e7ab + +info: + name: > + Getwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd64ab0-007b-4778-9d92-06e530638fad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getwid/" + google-query: inurl:"/wp-content/plugins/getwid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getwid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getwid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getwid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/getyourguide-ticketing-e01c69283b147d24245068f3ebce49d9.yaml b/nuclei-templates/cve-less/plugins/getyourguide-ticketing-e01c69283b147d24245068f3ebce49d9.yaml new file mode 100644 index 0000000000..ab93e578e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/getyourguide-ticketing-e01c69283b147d24245068f3ebce49d9.yaml @@ -0,0 +1,58 @@ +id: getyourguide-ticketing-e01c69283b147d24245068f3ebce49d9 + +info: + name: > + GetYourGuide Ticketing <= 1.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af22365c-7d4b-48f3-b33d-d627169fda6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/getyourguide-ticketing/" + google-query: inurl:"/wp-content/plugins/getyourguide-ticketing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,getyourguide-ticketing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/getyourguide-ticketing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "getyourguide-ticketing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gf-block-ips-8cf1834702b06ccbceec487f6fa13222.yaml b/nuclei-templates/cve-less/plugins/gf-block-ips-8cf1834702b06ccbceec487f6fa13222.yaml new file mode 100644 index 0000000000..6030c8cf43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gf-block-ips-8cf1834702b06ccbceec487f6fa13222.yaml @@ -0,0 +1,58 @@ +id: gf-block-ips-8cf1834702b06ccbceec487f6fa13222 + +info: + name: > + Block IPs for Gravity Forms <= 1.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19958187-7eb1-479e-bd36-d40974ae65ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gf-block-ips/" + google-query: inurl:"/wp-content/plugins/gf-block-ips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gf-block-ips,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gf-block-ips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gf-block-ips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gg-woo-feed-53d09e4ac030b1b8d99973338cf6e155.yaml b/nuclei-templates/cve-less/plugins/gg-woo-feed-53d09e4ac030b1b8d99973338cf6e155.yaml new file mode 100644 index 0000000000..210677c8c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gg-woo-feed-53d09e4ac030b1b8d99973338cf6e155.yaml @@ -0,0 +1,58 @@ +id: gg-woo-feed-53d09e4ac030b1b8d99973338cf6e155 + +info: + name: > + GTG Product Feed for Shopping <= 1.2.8 - Missing Authorization to Unauthenticated Plugin Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce6b9b0a-e82e-459a-bddf-1c9354bcec00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gg-woo-feed/" + google-query: inurl:"/wp-content/plugins/gg-woo-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gg-woo-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gg-woo-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gg-woo-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gg-woo-feed-e977a8524d61ac2824626ef17aa0bef1.yaml b/nuclei-templates/cve-less/plugins/gg-woo-feed-e977a8524d61ac2824626ef17aa0bef1.yaml new file mode 100644 index 0000000000..bbff6a64f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gg-woo-feed-e977a8524d61ac2824626ef17aa0bef1.yaml @@ -0,0 +1,58 @@ +id: gg-woo-feed-e977a8524d61ac2824626ef17aa0bef1 + +info: + name: > + GG Woo Feed for WooCommerce Shopping Feed <= 1.2.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e65bafd-471a-498a-a6ac-1bc87d25de67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gg-woo-feed/" + google-query: inurl:"/wp-content/plugins/gg-woo-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gg-woo-feed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gg-woo-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gg-woo-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ghost-9e13f21f3e18faff07670530f9d58cc5.yaml b/nuclei-templates/cve-less/plugins/ghost-9e13f21f3e18faff07670530f9d58cc5.yaml new file mode 100644 index 0000000000..82528fba9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ghost-9e13f21f3e18faff07670530f9d58cc5.yaml @@ -0,0 +1,58 @@ +id: ghost-9e13f21f3e18faff07670530f9d58cc5 + +info: + name: > + Ghost <= 0.5.5 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acde5693-53fe-47b8-ad0b-6799ab63d0c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ghost/" + google-query: inurl:"/wp-content/plugins/ghost/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ghost,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ghost/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ghost" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gift-certificate-creator-992e494cb586ae82d8a59467cf03e6c8.yaml b/nuclei-templates/cve-less/plugins/gift-certificate-creator-992e494cb586ae82d8a59467cf03e6c8.yaml new file mode 100644 index 0000000000..6cb43f154f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gift-certificate-creator-992e494cb586ae82d8a59467cf03e6c8.yaml @@ -0,0 +1,58 @@ +id: gift-certificate-creator-992e494cb586ae82d8a59467cf03e6c8 + +info: + name: > + Gift Certificate Creator <= 1.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8b1a124-ad3a-4f17-9913-88bfda26dca9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gift-certificate-creator/" + google-query: inurl:"/wp-content/plugins/gift-certificate-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gift-certificate-creator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gift-certificate-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gift-certificate-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gift-up-22c8ae258ee7ee9005a864a39bda5496.yaml b/nuclei-templates/cve-less/plugins/gift-up-22c8ae258ee7ee9005a864a39bda5496.yaml new file mode 100644 index 0000000000..c3c5959fee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gift-up-22c8ae258ee7ee9005a864a39bda5496.yaml @@ -0,0 +1,58 @@ +id: gift-up-22c8ae258ee7ee9005a864a39bda5496 + +info: + name: > + Gift Up 2.21.3 - Cross-Site Request Forgery via consume_post + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e8d9909-7b98-4d98-8293-0c30eebc6c7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gift-up/" + google-query: inurl:"/wp-content/plugins/gift-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gift-up,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gift-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gift-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.21.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gift-up-a045ed71aa954e6a2d839e45661eb192.yaml b/nuclei-templates/cve-less/plugins/gift-up-a045ed71aa954e6a2d839e45661eb192.yaml new file mode 100644 index 0000000000..bfd76f6625 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gift-up-a045ed71aa954e6a2d839e45661eb192.yaml @@ -0,0 +1,58 @@ +id: gift-up-a045ed71aa954e6a2d839e45661eb192 + +info: + name: > + Gift Up Gift Cards for WordPress and WooCommerce <= 2.20.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e498706-3dbe-4c48-9c0d-0d90677aba0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gift-up/" + google-query: inurl:"/wp-content/plugins/gift-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gift-up,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gift-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gift-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gift-voucher-61fd2c4906855d53e38dbebcbfd74fb6.yaml b/nuclei-templates/cve-less/plugins/gift-voucher-61fd2c4906855d53e38dbebcbfd74fb6.yaml new file mode 100644 index 0000000000..b9b8e76b49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gift-voucher-61fd2c4906855d53e38dbebcbfd74fb6.yaml @@ -0,0 +1,58 @@ +id: gift-voucher-61fd2c4906855d53e38dbebcbfd74fb6 + +info: + name: > + Gift Cards (Gift Vouchers and Packages) <= 4.3.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a10a3f01-082d-4a94-89c6-b5b46891aa4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gift-voucher/" + google-query: inurl:"/wp-content/plugins/gift-voucher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gift-voucher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gift-voucher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gift-voucher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gift-voucher-8d18a006f7e8ea1576808227f78fb4e8.yaml b/nuclei-templates/cve-less/plugins/gift-voucher-8d18a006f7e8ea1576808227f78fb4e8.yaml new file mode 100644 index 0000000000..bf9316eb07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gift-voucher-8d18a006f7e8ea1576808227f78fb4e8.yaml @@ -0,0 +1,58 @@ +id: gift-voucher-8d18a006f7e8ea1576808227f78fb4e8 + +info: + name: > + Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) < 4.1.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c42428c6-5d9d-4679-91fe-8ec6f3a3bf9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gift-voucher/" + google-query: inurl:"/wp-content/plugins/gift-voucher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gift-voucher,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gift-voucher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gift-voucher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gift-voucher-cda43c8c429473025c851831200494f7.yaml b/nuclei-templates/cve-less/plugins/gift-voucher-cda43c8c429473025c851831200494f7.yaml new file mode 100644 index 0000000000..774845061f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gift-voucher-cda43c8c429473025c851831200494f7.yaml @@ -0,0 +1,58 @@ +id: gift-voucher-cda43c8c429473025c851831200494f7 + +info: + name: > + Gift Vouchers <= 4.4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d86c720b-ede6-4789-ba83-2d035e1641bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gift-voucher/" + google-query: inurl:"/wp-content/plugins/gift-voucher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gift-voucher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gift-voucher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gift-voucher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gigpress-13393dad61452f7f4e21c0de558fed80.yaml b/nuclei-templates/cve-less/plugins/gigpress-13393dad61452f7f4e21c0de558fed80.yaml new file mode 100644 index 0000000000..f04635f2ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gigpress-13393dad61452f7f4e21c0de558fed80.yaml @@ -0,0 +1,58 @@ +id: gigpress-13393dad61452f7f4e21c0de558fed80 + +info: + name: > + GigPress <= 2.3.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f4a9f9f-a342-4053-b4e0-cbaa9796e4ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gigpress/" + google-query: inurl:"/wp-content/plugins/gigpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gigpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gigpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gigpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gigpress-1a55c20ce9650829e57b6e448599ddb2.yaml b/nuclei-templates/cve-less/plugins/gigpress-1a55c20ce9650829e57b6e448599ddb2.yaml new file mode 100644 index 0000000000..61216342ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gigpress-1a55c20ce9650829e57b6e448599ddb2.yaml @@ -0,0 +1,58 @@ +id: gigpress-1a55c20ce9650829e57b6e448599ddb2 + +info: + name: > + GigPress <= 2.3.10 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9124240d-e540-4a59-a4c5-c4279bb39399?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gigpress/" + google-query: inurl:"/wp-content/plugins/gigpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gigpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gigpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gigpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gigpress-6a1e5a3fb07b5d9291ff1e62a0f08cd2.yaml b/nuclei-templates/cve-less/plugins/gigpress-6a1e5a3fb07b5d9291ff1e62a0f08cd2.yaml new file mode 100644 index 0000000000..9fa48873a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gigpress-6a1e5a3fb07b5d9291ff1e62a0f08cd2.yaml @@ -0,0 +1,58 @@ +id: gigpress-6a1e5a3fb07b5d9291ff1e62a0f08cd2 + +info: + name: > + GigPress <= 2.3.28 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb1dc7e4-a339-4760-9f63-aaa6590bd5e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gigpress/" + google-query: inurl:"/wp-content/plugins/gigpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gigpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gigpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gigpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gigpress-9b85cc5dac11e87b56eb1483e446220f.yaml b/nuclei-templates/cve-less/plugins/gigpress-9b85cc5dac11e87b56eb1483e446220f.yaml new file mode 100644 index 0000000000..55b65b225e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gigpress-9b85cc5dac11e87b56eb1483e446220f.yaml @@ -0,0 +1,58 @@ +id: gigpress-9b85cc5dac11e87b56eb1483e446220f + +info: + name: > + GigPress <= 2.3.29 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/035d9433-08db-4849-aae3-735be9f82f52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gigpress/" + google-query: inurl:"/wp-content/plugins/gigpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gigpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gigpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gigpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gigpress-df29a94c579971159744f58c90d00e43.yaml b/nuclei-templates/cve-less/plugins/gigpress-df29a94c579971159744f58c90d00e43.yaml new file mode 100644 index 0000000000..817b72aaf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gigpress-df29a94c579971159744f58c90d00e43.yaml @@ -0,0 +1,58 @@ +id: gigpress-df29a94c579971159744f58c90d00e43 + +info: + name: > + GigPress <= 2.3.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be4f5da0-77ec-41eb-85bd-c019e71d4c9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gigpress/" + google-query: inurl:"/wp-content/plugins/gigpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gigpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gigpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gigpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gigpress-f31fcdd6accb0c61ba4b73c6a548d97d.yaml b/nuclei-templates/cve-less/plugins/gigpress-f31fcdd6accb0c61ba4b73c6a548d97d.yaml new file mode 100644 index 0000000000..1b45558b39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gigpress-f31fcdd6accb0c61ba4b73c6a548d97d.yaml @@ -0,0 +1,58 @@ +id: gigpress-f31fcdd6accb0c61ba4b73c6a548d97d + +info: + name: > + GigPress <= 2.3.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37a4a181-82ba-43bd-9caf-3a56cacb86a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gigpress/" + google-query: inurl:"/wp-content/plugins/gigpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gigpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gigpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gigpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/giphypress-43352935e72ef2b8411f13007515e249.yaml b/nuclei-templates/cve-less/plugins/giphypress-43352935e72ef2b8411f13007515e249.yaml new file mode 100644 index 0000000000..17b7ef9506 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/giphypress-43352935e72ef2b8411f13007515e249.yaml @@ -0,0 +1,58 @@ +id: giphypress-43352935e72ef2b8411f13007515e249 + +info: + name: > + Giphypress <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5c29af7-f607-429a-9a1e-f8701fbb9e7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/giphypress/" + google-query: inurl:"/wp-content/plugins/giphypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,giphypress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/giphypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "giphypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gistpress-4e01c0b287f81a38f8a747fdacd53194.yaml b/nuclei-templates/cve-less/plugins/gistpress-4e01c0b287f81a38f8a747fdacd53194.yaml new file mode 100644 index 0000000000..d5ea0643d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gistpress-4e01c0b287f81a38f8a747fdacd53194.yaml @@ -0,0 +1,58 @@ +id: gistpress-4e01c0b287f81a38f8a747fdacd53194 + +info: + name: > + GistPress < 3.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5607882d-9112-45f9-bee0-a0c077419187?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gistpress/" + google-query: inurl:"/wp-content/plugins/gistpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gistpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gistpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gistpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-24d7c262b4ff77236f6549957f02bcd3.yaml b/nuclei-templates/cve-less/plugins/give-24d7c262b4ff77236f6549957f02bcd3.yaml new file mode 100644 index 0000000000..12f8abfa60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-24d7c262b4ff77236f6549957f02bcd3.yaml @@ -0,0 +1,58 @@ +id: give-24d7c262b4ff77236f6549957f02bcd3 + +info: + name: > + GiveWP <= 2.5.4 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4794858f-ebaf-4adf-ab08-309964c18c00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-37be249d4dba046bd5576085cbb2729e.yaml b/nuclei-templates/cve-less/plugins/give-37be249d4dba046bd5576085cbb2729e.yaml new file mode 100644 index 0000000000..03f2d0c73b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-37be249d4dba046bd5576085cbb2729e.yaml @@ -0,0 +1,58 @@ +id: give-37be249d4dba046bd5576085cbb2729e + +info: + name: > + GiveWP <= 2.20.2 - Authenticated Arbitrary File Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53ddfd2d-7af1-4561-ab76-5cb3238e8f8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-3f68b15356bc4e3e423989f19f97e89a.yaml b/nuclei-templates/cve-less/plugins/give-3f68b15356bc4e3e423989f19f97e89a.yaml new file mode 100644 index 0000000000..4d47c2cb3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-3f68b15356bc4e3e423989f19f97e89a.yaml @@ -0,0 +1,58 @@ +id: give-3f68b15356bc4e3e423989f19f97e89a + +info: + name: > + GiveWP <= 2.23.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89a9d925-6ca3-481f-ba7d-ea9869d51b52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.23.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-513ec2f375998d3060fe3f60b69501e3.yaml b/nuclei-templates/cve-less/plugins/give-513ec2f375998d3060fe3f60b69501e3.yaml new file mode 100644 index 0000000000..144b2438e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-513ec2f375998d3060fe3f60b69501e3.yaml @@ -0,0 +1,58 @@ +id: give-513ec2f375998d3060fe3f60b69501e3 + +info: + name: > + GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin installation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc5c511f-dc79-468b-a107-cdf50999faf8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.33.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-533fb5a34390cf0e65d667182e77a256.yaml b/nuclei-templates/cve-less/plugins/give-533fb5a34390cf0e65d667182e77a256.yaml new file mode 100644 index 0000000000..c044e96e02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-533fb5a34390cf0e65d667182e77a256.yaml @@ -0,0 +1,58 @@ +id: give-533fb5a34390cf0e65d667182e77a256 + +info: + name: > + GiveWP <= 3.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8bf1d64-8012-4588-9897-aa8bb0cacfb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-54db66d2a717e7bcc7922961c9407af7.yaml b/nuclei-templates/cve-less/plugins/give-54db66d2a717e7bcc7922961c9407af7.yaml new file mode 100644 index 0000000000..db2785fb1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-54db66d2a717e7bcc7922961c9407af7.yaml @@ -0,0 +1,58 @@ +id: give-54db66d2a717e7bcc7922961c9407af7 + +info: + name: > + GiveWP <= 2.25.1 - Unauthenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6368c397-0570-4304-a764-869bacc526c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-560e75b141006ad846ab2e105e9e507e.yaml b/nuclei-templates/cve-less/plugins/give-560e75b141006ad846ab2e105e9e507e.yaml new file mode 100644 index 0000000000..2eb85b4cdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-560e75b141006ad846ab2e105e9e507e.yaml @@ -0,0 +1,58 @@ +id: give-560e75b141006ad846ab2e105e9e507e + +info: + name: > + GiveWP <= 2.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via give_form_grid shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5f7a07-8117-4305-a72c-6afed80b6bcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-57ba3dbc250a048ad4a278836ea777a0.yaml b/nuclei-templates/cve-less/plugins/give-57ba3dbc250a048ad4a278836ea777a0.yaml new file mode 100644 index 0000000000..82d4e89f65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-57ba3dbc250a048ad4a278836ea777a0.yaml @@ -0,0 +1,58 @@ +id: give-57ba3dbc250a048ad4a278836ea777a0 + +info: + name: > + GiveWP <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d74d71a8-774a-4ebb-b254-0e65a8044319?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-57de8ad14c220bdfc73bc2840b43e6e3.yaml b/nuclei-templates/cve-less/plugins/give-57de8ad14c220bdfc73bc2840b43e6e3.yaml new file mode 100644 index 0000000000..e2b383ffb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-57de8ad14c220bdfc73bc2840b43e6e3.yaml @@ -0,0 +1,58 @@ +id: give-57de8ad14c220bdfc73bc2840b43e6e3 + +info: + name: > + GiveWP <= 2.5.9 - Missing Authorization to Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/818ef655-aef3-4808-88ae-ecf2ba209d67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-5b936937c8c0c4c278a2b778b73bea89.yaml b/nuclei-templates/cve-less/plugins/give-5b936937c8c0c4c278a2b778b73bea89.yaml new file mode 100644 index 0000000000..0adb4bf52f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-5b936937c8c0c4c278a2b778b73bea89.yaml @@ -0,0 +1,58 @@ +id: give-5b936937c8c0c4c278a2b778b73bea89 + +info: + name: > + GiveWP <= 2.10.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a5bf903-9da0-46fd-8134-3abe8e97e3b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-6377ab76651d16deea08b67670c91822.yaml b/nuclei-templates/cve-less/plugins/give-6377ab76651d16deea08b67670c91822.yaml new file mode 100644 index 0000000000..b89f209a20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-6377ab76651d16deea08b67670c91822.yaml @@ -0,0 +1,58 @@ +id: give-6377ab76651d16deea08b67670c91822 + +info: + name: > + GiveWP <= 2.25.1 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b30261e0-1fa1-4794-98f6-851532b7615c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-709d37fdda47f80274e76b38e4a9b3f0.yaml b/nuclei-templates/cve-less/plugins/give-709d37fdda47f80274e76b38e4a9b3f0.yaml new file mode 100644 index 0000000000..66c327a8d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-709d37fdda47f80274e76b38e4a9b3f0.yaml @@ -0,0 +1,58 @@ +id: give-709d37fdda47f80274e76b38e4a9b3f0 + +info: + name: > + GiveWP <= 2.33.3 - Cross-Site Request Forgery to Stripe Integration Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bff8dea-6971-47d4-bd2c-0821687033e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.33.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-78446893c956fc1d75ddd7c2d7c876e7.yaml b/nuclei-templates/cve-less/plugins/give-78446893c956fc1d75ddd7c2d7c876e7.yaml new file mode 100644 index 0000000000..2c2a8e618b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-78446893c956fc1d75ddd7c2d7c876e7.yaml @@ -0,0 +1,58 @@ +id: give-78446893c956fc1d75ddd7c2d7c876e7 + +info: + name: > + GiveWP <= 2.25.1 - Authenticated (Admin+) Server-Side Request Forgery via give_get_content_by_ajax_handler + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2379a029-cc0d-4fa2-9aeb-47a4abd6b51a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-7bb21adc4bf975d211fca6969dfaddaa.yaml b/nuclei-templates/cve-less/plugins/give-7bb21adc4bf975d211fca6969dfaddaa.yaml new file mode 100644 index 0000000000..81056d01c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-7bb21adc4bf975d211fca6969dfaddaa.yaml @@ -0,0 +1,58 @@ +id: give-7bb21adc4bf975d211fca6969dfaddaa + +info: + name: > + GiveWP – Donation Plugin and Fundraising Platform <= 2.20.2 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/addae413-1fc5-427f-a5ef-3da705cbeb5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-7e1c91d2fe86a0149b73baa7bbb169af.yaml b/nuclei-templates/cve-less/plugins/give-7e1c91d2fe86a0149b73baa7bbb169af.yaml new file mode 100644 index 0000000000..633bca9e30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-7e1c91d2fe86a0149b73baa7bbb169af.yaml @@ -0,0 +1,58 @@ +id: give-7e1c91d2fe86a0149b73baa7bbb169af + +info: + name: > + GiveWP <= 2.33.3 - Cross-Site Request Forgery to plugin deactivation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e32d9104-5a39-4455-b76a-e24ae787bdfd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.33.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-81dceb70d6b123bc1dd5fda793f142c3.yaml b/nuclei-templates/cve-less/plugins/give-81dceb70d6b123bc1dd5fda793f142c3.yaml new file mode 100644 index 0000000000..2ce53cc1b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-81dceb70d6b123bc1dd5fda793f142c3.yaml @@ -0,0 +1,58 @@ +id: give-81dceb70d6b123bc1dd5fda793f142c3 + +info: + name: > + GiveWP <= 2.23.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a20f582-10e7-4530-8d3c-9bc1e844badd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.23.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-85f432bf2dbf8ba147f83f3469bc9104.yaml b/nuclei-templates/cve-less/plugins/give-85f432bf2dbf8ba147f83f3469bc9104.yaml new file mode 100644 index 0000000000..79da1c0a4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-85f432bf2dbf8ba147f83f3469bc9104.yaml @@ -0,0 +1,58 @@ +id: give-85f432bf2dbf8ba147f83f3469bc9104 + +info: + name: > + GiveWP <= 2.25.1 - Authenticated (Contributor+) Arbitrary Content Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9af1429-32c5-4907-acf4-83efc6727bb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-86bbc19d9e21d4915eb630a058d87bcf.yaml b/nuclei-templates/cve-less/plugins/give-86bbc19d9e21d4915eb630a058d87bcf.yaml new file mode 100644 index 0000000000..e637d687d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-86bbc19d9e21d4915eb630a058d87bcf.yaml @@ -0,0 +1,58 @@ +id: give-86bbc19d9e21d4915eb630a058d87bcf + +info: + name: > + GiveWP – Donation Plugin and Fundraising Platform <= 3.6.1 -- Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61901d83-0d05-4be8-a318-43bea086293a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-87bce74e2816b9152b22f0db777f7371.yaml b/nuclei-templates/cve-less/plugins/give-87bce74e2816b9152b22f0db777f7371.yaml new file mode 100644 index 0000000000..2ab8efdaa8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-87bce74e2816b9152b22f0db777f7371.yaml @@ -0,0 +1,58 @@ +id: give-87bce74e2816b9152b22f0db777f7371 + +info: + name: > + GiveWP – Donation Plugin and Fundraising Platform <= 3.4.2 - Authenticated (GiveWP Manager+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3dc7bc0a-b209-431f-a9f1-f850b1a1d1b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-941ef3ed4e3d287ad92a76b5c6b10f89.yaml b/nuclei-templates/cve-less/plugins/give-941ef3ed4e3d287ad92a76b5c6b10f89.yaml new file mode 100644 index 0000000000..d7d4eb8557 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-941ef3ed4e3d287ad92a76b5c6b10f89.yaml @@ -0,0 +1,58 @@ +id: give-941ef3ed4e3d287ad92a76b5c6b10f89 + +info: + name: > + Give - Donation Plugin <= 2.33.0 - Authenticated(Give Manager+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22ff4b09-063b-425e-9d59-be2e5d283186?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.33.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-9507ea5164d4b920f9f2c716985b7a19.yaml b/nuclei-templates/cve-less/plugins/give-9507ea5164d4b920f9f2c716985b7a19.yaml new file mode 100644 index 0000000000..fbc5efd5ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-9507ea5164d4b920f9f2c716985b7a19.yaml @@ -0,0 +1,58 @@ +id: give-9507ea5164d4b920f9f2c716985b7a19 + +info: + name: > + GiveWP - Donation Plugin and Fundraising Platform <= 2.5.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/715b0d61-1fac-4039-b18c-e9371788c24c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-a0dbcf6f52eae1325b0e855594e29c09.yaml b/nuclei-templates/cve-less/plugins/give-a0dbcf6f52eae1325b0e855594e29c09.yaml new file mode 100644 index 0000000000..89d59e0c5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-a0dbcf6f52eae1325b0e855594e29c09.yaml @@ -0,0 +1,58 @@ +id: give-a0dbcf6f52eae1325b0e855594e29c09 + +info: + name: > + GiveWP <= 2.3.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb0b24b6-38da-4650-b542-a31ba8c98fb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-b1b366ca92b9c54e2c2fcc9208d3c99a.yaml b/nuclei-templates/cve-less/plugins/give-b1b366ca92b9c54e2c2fcc9208d3c99a.yaml new file mode 100644 index 0000000000..562ee0974e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-b1b366ca92b9c54e2c2fcc9208d3c99a.yaml @@ -0,0 +1,58 @@ +id: give-b1b366ca92b9c54e2c2fcc9208d3c99a + +info: + name: > + GiveWP – Donation Plugin and Fundraising Platform <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1710f84-e3c1-4fbc-841e-c7c9ccf3a2e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-b9cdb37818419e5c667c4243ff011f5d.yaml b/nuclei-templates/cve-less/plugins/give-b9cdb37818419e5c667c4243ff011f5d.yaml new file mode 100644 index 0000000000..cb5efc274e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-b9cdb37818419e5c667c4243ff011f5d.yaml @@ -0,0 +1,58 @@ +id: give-b9cdb37818419e5c667c4243ff011f5d + +info: + name: > + GiveWP <= 2.11.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/498087da-3887-475a-9796-676ee1d1fb99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-c2ccbf305342f3ecbc58cb5dfedcc25d.yaml b/nuclei-templates/cve-less/plugins/give-c2ccbf305342f3ecbc58cb5dfedcc25d.yaml new file mode 100644 index 0000000000..18b04a2f9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-c2ccbf305342f3ecbc58cb5dfedcc25d.yaml @@ -0,0 +1,58 @@ +id: give-c2ccbf305342f3ecbc58cb5dfedcc25d + +info: + name: > + GiveWP <= 2.25.3 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fa8c406-e64d-4093-a102-436ecfb7dd76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-cafa6e63a423db5471d38a13d54d5840.yaml b/nuclei-templates/cve-less/plugins/give-cafa6e63a423db5471d38a13d54d5840.yaml new file mode 100644 index 0000000000..1c38b082df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-cafa6e63a423db5471d38a13d54d5840.yaml @@ -0,0 +1,58 @@ +id: give-cafa6e63a423db5471d38a13d54d5840 + +info: + name: > + GiveWP <= 2.17.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f90f5f35-ed84-4284-be21-15bfaf10175f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.17.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-d338bda5ac65a8a3ce38070f7a58731b.yaml b/nuclei-templates/cve-less/plugins/give-d338bda5ac65a8a3ce38070f7a58731b.yaml new file mode 100644 index 0000000000..bfa5e3b8bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-d338bda5ac65a8a3ce38070f7a58731b.yaml @@ -0,0 +1,58 @@ +id: give-d338bda5ac65a8a3ce38070f7a58731b + +info: + name: > + GiveWP <= 2.25.1 - Cross-Site Request Forgery via give_cache_flush + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c820003b-8f30-4557-a282-e3ad7e403062?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-d69efeae16b0ba8318e8a9d732208aec.yaml b/nuclei-templates/cve-less/plugins/give-d69efeae16b0ba8318e8a9d732208aec.yaml new file mode 100644 index 0000000000..10aeafc6b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-d69efeae16b0ba8318e8a9d732208aec.yaml @@ -0,0 +1,58 @@ +id: give-d69efeae16b0ba8318e8a9d732208aec + +info: + name: > + GiveWP <= 2.4.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c177440a-4575-4202-be16-ac7ab0fbb90b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-e6953b327d094d1df94ac78f97ce3f1a.yaml b/nuclei-templates/cve-less/plugins/give-e6953b327d094d1df94ac78f97ce3f1a.yaml new file mode 100644 index 0000000000..d84b8215b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-e6953b327d094d1df94ac78f97ce3f1a.yaml @@ -0,0 +1,58 @@ +id: give-e6953b327d094d1df94ac78f97ce3f1a + +info: + name: > + GiveWP <= 2.17.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad7e3fe0-561e-40d8-b22c-bf8e7675b87f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.17.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-ed46e202f3a956c555880fedcaa0b829.yaml b/nuclei-templates/cve-less/plugins/give-ed46e202f3a956c555880fedcaa0b829.yaml new file mode 100644 index 0000000000..990e8dd1cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-ed46e202f3a956c555880fedcaa0b829.yaml @@ -0,0 +1,58 @@ +id: give-ed46e202f3a956c555880fedcaa0b829 + +info: + name: > + GiveWP <= 2.21.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50b811e0-c1f4-4970-a340-8c1619456e29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.21.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-f373f6f19e01f5b1868c8800fb906e71.yaml b/nuclei-templates/cve-less/plugins/give-f373f6f19e01f5b1868c8800fb906e71.yaml new file mode 100644 index 0000000000..a9268c9c18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-f373f6f19e01f5b1868c8800fb906e71.yaml @@ -0,0 +1,58 @@ +id: give-f373f6f19e01f5b1868c8800fb906e71 + +info: + name: > + GiveWP <= 2.17.2 - Reflected Cross-Site Scripting via Import Tool + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ccf6945-6f18-410b-9f1a-6d52a3cdda1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.17.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-f58e0252abf68aa36c1bcaab03cbf89f.yaml b/nuclei-templates/cve-less/plugins/give-f58e0252abf68aa36c1bcaab03cbf89f.yaml new file mode 100644 index 0000000000..77d1327169 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-f58e0252abf68aa36c1bcaab03cbf89f.yaml @@ -0,0 +1,58 @@ +id: give-f58e0252abf68aa36c1bcaab03cbf89f + +info: + name: > + GiveWP 2.4.0 - 2.9.7 - Reflected Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85198759-0b9c-4c8a-b650-ad268d0cb784?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.4.0', '< 2.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-fa1fef40b905a2c3c8c8c056ae496c09.yaml b/nuclei-templates/cve-less/plugins/give-fa1fef40b905a2c3c8c8c056ae496c09.yaml new file mode 100644 index 0000000000..fa6334db08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-fa1fef40b905a2c3c8c8c056ae496c09.yaml @@ -0,0 +1,58 @@ +id: give-fa1fef40b905a2c3c8c8c056ae496c09 + +info: + name: > + GiveWP <= 2.33.1 - Missing Authorization via handleBeforeGateway + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b6b1b7e-2ba4-4b72-9e3d-b54c00437cac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.33.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/give-fbf0d51e53f3797d566b99247fa5f5d8.yaml b/nuclei-templates/cve-less/plugins/give-fbf0d51e53f3797d566b99247fa5f5d8.yaml new file mode 100644 index 0000000000..a6a0891e23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/give-fbf0d51e53f3797d566b99247fa5f5d8.yaml @@ -0,0 +1,58 @@ +id: give-fbf0d51e53f3797d566b99247fa5f5d8 + +info: + name: > + GiveWP – Donation Plugin and Fundraising Platform <= 2.21.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3dc26eaa-2da5-4cd6-b613-4da2faad0f3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/give/" + google-query: inurl:"/wp-content/plugins/give/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,give,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/give/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "give" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.21.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/giveasap-3a84f9286ec25d34a996b5cb4ee829c4.yaml b/nuclei-templates/cve-less/plugins/giveasap-3a84f9286ec25d34a996b5cb4ee829c4.yaml new file mode 100644 index 0000000000..c9c44b1b5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/giveasap-3a84f9286ec25d34a996b5cb4ee829c4.yaml @@ -0,0 +1,58 @@ +id: giveasap-3a84f9286ec25d34a996b5cb4ee829c4 + +info: + name: > + Simple Giveaways <= 2.46.0 - Missing Authorization via AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/721f8943-5d59-41ee-935e-999dff2e590d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/giveasap/" + google-query: inurl:"/wp-content/plugins/giveasap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,giveasap,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/giveasap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "giveasap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.46.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/giveasap-3d832eae81d276110b2fb05b6aea23b7.yaml b/nuclei-templates/cve-less/plugins/giveasap-3d832eae81d276110b2fb05b6aea23b7.yaml new file mode 100644 index 0000000000..5e236daba4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/giveasap-3d832eae81d276110b2fb05b6aea23b7.yaml @@ -0,0 +1,58 @@ +id: giveasap-3d832eae81d276110b2fb05b6aea23b7 + +info: + name: > + Simple Giveaways <= 2.45.0 - Authenticated(Admin+) Stored Cross-Site Scripting via form fields + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91552a9b-d46b-4a75-b096-8f28bdd9fb56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/giveasap/" + google-query: inurl:"/wp-content/plugins/giveasap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,giveasap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/giveasap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "giveasap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.45.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/giveasap-6e765eeed6905cf3916d16fe5425c306.yaml b/nuclei-templates/cve-less/plugins/giveasap-6e765eeed6905cf3916d16fe5425c306.yaml new file mode 100644 index 0000000000..7503d53dad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/giveasap-6e765eeed6905cf3916d16fe5425c306.yaml @@ -0,0 +1,58 @@ +id: giveasap-6e765eeed6905cf3916d16fe5425c306 + +info: + name: > + Simple Giveaways <= 2.36.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a43db90-2a9e-4223-bf55-fef1a6bb2280?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/giveasap/" + google-query: inurl:"/wp-content/plugins/giveasap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,giveasap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/giveasap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "giveasap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.36.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/giveasap-7cc7ed508e00e037806456d02a30380e.yaml b/nuclei-templates/cve-less/plugins/giveasap-7cc7ed508e00e037806456d02a30380e.yaml new file mode 100644 index 0000000000..1c72b4839d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/giveasap-7cc7ed508e00e037806456d02a30380e.yaml @@ -0,0 +1,58 @@ +id: giveasap-7cc7ed508e00e037806456d02a30380e + +info: + name: > + Simple Giveaways <= 2.46 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8390ab61-197a-4eb7-a589-47bf46a0e123?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/giveasap/" + google-query: inurl:"/wp-content/plugins/giveasap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,giveasap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/giveasap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "giveasap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/giveasap-c518ac9593781d65f764a219f04b0aec.yaml b/nuclei-templates/cve-less/plugins/giveasap-c518ac9593781d65f764a219f04b0aec.yaml new file mode 100644 index 0000000000..ce57509260 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/giveasap-c518ac9593781d65f764a219f04b0aec.yaml @@ -0,0 +1,58 @@ +id: giveasap-c518ac9593781d65f764a219f04b0aec + +info: + name: > + Simple Giveaways <= 2.45.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86991143-d4e7-4114-b219-0deedd084858?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/giveasap/" + google-query: inurl:"/wp-content/plugins/giveasap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,giveasap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/giveasap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "giveasap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.45.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/giveasap-fece4721182fa2d84ab761adf04133ca.yaml b/nuclei-templates/cve-less/plugins/giveasap-fece4721182fa2d84ab761adf04133ca.yaml new file mode 100644 index 0000000000..523cf4638e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/giveasap-fece4721182fa2d84ab761adf04133ca.yaml @@ -0,0 +1,58 @@ +id: giveasap-fece4721182fa2d84ab761adf04133ca + +info: + name: > + Simple Giveaways <= 2.45.0 - Authenticated (Editor+) Stored Cross-Site Scripting via Form, Prize, and Sharing Method Fields + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/240691c4-35c5-40e1-b1ab-a500ffcdac73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/giveasap/" + google-query: inurl:"/wp-content/plugins/giveasap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,giveasap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/giveasap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "giveasap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.45.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/giveaway-26c15735f9b04a66bec91df3a0d7b981.yaml b/nuclei-templates/cve-less/plugins/giveaway-26c15735f9b04a66bec91df3a0d7b981.yaml new file mode 100644 index 0000000000..22ecbe3a44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/giveaway-26c15735f9b04a66bec91df3a0d7b981.yaml @@ -0,0 +1,58 @@ +id: giveaway-26c15735f9b04a66bec91df3a0d7b981 + +info: + name: > + Giveaway <= 1.2.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b02ab0cf-8bdf-4415-bae3-2193c3d75741?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/giveaway/" + google-query: inurl:"/wp-content/plugins/giveaway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,giveaway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/giveaway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "giveaway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/glass-6881e52d7cf04ebe1617491d26006f2c.yaml b/nuclei-templates/cve-less/plugins/glass-6881e52d7cf04ebe1617491d26006f2c.yaml new file mode 100644 index 0000000000..a2e59b7a72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/glass-6881e52d7cf04ebe1617491d26006f2c.yaml @@ -0,0 +1,58 @@ +id: glass-6881e52d7cf04ebe1617491d26006f2c + +info: + name: > + Glass <= 1.3.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f3448ad-61b3-4eac-a5ba-9bea41c85fd3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/glass/" + google-query: inurl:"/wp-content/plugins/glass/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,glass,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/glass/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "glass" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/global-content-blocks-6765f94f6a40bfeac4a799a7a22b461e.yaml b/nuclei-templates/cve-less/plugins/global-content-blocks-6765f94f6a40bfeac4a799a7a22b461e.yaml new file mode 100644 index 0000000000..725e5bd2da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/global-content-blocks-6765f94f6a40bfeac4a799a7a22b461e.yaml @@ -0,0 +1,58 @@ +id: global-content-blocks-6765f94f6a40bfeac4a799a7a22b461e + +info: + name: > + Global Content Blocks <= 2.1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28e74811-aae8-4276-abb1-cbe4fbcfd08b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/global-content-blocks/" + google-query: inurl:"/wp-content/plugins/global-content-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,global-content-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/global-content-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "global-content-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/global-elementor-buttons-13ea368d9bd0647c7fbc9fa83359351c.yaml b/nuclei-templates/cve-less/plugins/global-elementor-buttons-13ea368d9bd0647c7fbc9fa83359351c.yaml new file mode 100644 index 0000000000..b28d7f6962 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/global-elementor-buttons-13ea368d9bd0647c7fbc9fa83359351c.yaml @@ -0,0 +1,58 @@ +id: global-elementor-buttons-13ea368d9bd0647c7fbc9fa83359351c + +info: + name: > + Global Elementor Buttons <= 1.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via button link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d84f9b06-9127-4526-8f17-21608ec2f601?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/global-elementor-buttons/" + google-query: inurl:"/wp-content/plugins/global-elementor-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,global-elementor-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/global-elementor-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "global-elementor-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/glossary-by-codeat-bc0cf3a754a6fbdff0b7d35751f27209.yaml b/nuclei-templates/cve-less/plugins/glossary-by-codeat-bc0cf3a754a6fbdff0b7d35751f27209.yaml new file mode 100644 index 0000000000..58558eacf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/glossary-by-codeat-bc0cf3a754a6fbdff0b7d35751f27209.yaml @@ -0,0 +1,58 @@ +id: glossary-by-codeat-bc0cf3a754a6fbdff0b7d35751f27209 + +info: + name: > + Glossary <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c21c12b1-763e-4c01-bd41-5e2d0b34a50f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/glossary-by-codeat/" + google-query: inurl:"/wp-content/plugins/glossary-by-codeat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,glossary-by-codeat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/glossary-by-codeat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "glossary-by-codeat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gm-woo-product-list-widget-8b27cef0936a142b64091e4a3cd8f0d4.yaml b/nuclei-templates/cve-less/plugins/gm-woo-product-list-widget-8b27cef0936a142b64091e4a3cd8f0d4.yaml new file mode 100644 index 0000000000..76be3602b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gm-woo-product-list-widget-8b27cef0936a142b64091e4a3cd8f0d4.yaml @@ -0,0 +1,58 @@ +id: gm-woo-product-list-widget-8b27cef0936a142b64091e4a3cd8f0d4 + +info: + name: > + Product list Widget for Woocommerce <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a0f2774-4677-45a1-9c86-240a6e35f7af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gm-woo-product-list-widget/" + google-query: inurl:"/wp-content/plugins/gm-woo-product-list-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gm-woo-product-list-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gm-woo-product-list-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gm-woo-product-list-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-628e944f1865bad285b75e5824e5bb82.yaml b/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-628e944f1865bad285b75e5824e5bb82.yaml new file mode 100644 index 0000000000..8638b736b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-628e944f1865bad285b75e5824e5bb82.yaml @@ -0,0 +1,58 @@ +id: gm-woocommerce-quote-popup-628e944f1865bad285b75e5824e5bb82 + +info: + name: > + Product Enquiry for WooCommerce <= 3.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d19e6433-c248-44ff-97a9-0f351eb77763?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gm-woocommerce-quote-popup/" + google-query: inurl:"/wp-content/plugins/gm-woocommerce-quote-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gm-woocommerce-quote-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gm-woocommerce-quote-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gm-woocommerce-quote-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-9f96211fdf4dfb4e1d26bfe2d1c36496.yaml b/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-9f96211fdf4dfb4e1d26bfe2d1c36496.yaml new file mode 100644 index 0000000000..612f0beb55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-9f96211fdf4dfb4e1d26bfe2d1c36496.yaml @@ -0,0 +1,58 @@ +id: gm-woocommerce-quote-popup-9f96211fdf4dfb4e1d26bfe2d1c36496 + +info: + name: > + Product Enquiry for WooCommerce <= 3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f18b7523-fa8f-4c5d-acd7-db0e2135c796?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gm-woocommerce-quote-popup/" + google-query: inurl:"/wp-content/plugins/gm-woocommerce-quote-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gm-woocommerce-quote-popup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gm-woocommerce-quote-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gm-woocommerce-quote-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-bc43f57bd35ee24fbcd374ea171e9e72.yaml b/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-bc43f57bd35ee24fbcd374ea171e9e72.yaml new file mode 100644 index 0000000000..107fdb090c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-bc43f57bd35ee24fbcd374ea171e9e72.yaml @@ -0,0 +1,58 @@ +id: gm-woocommerce-quote-popup-bc43f57bd35ee24fbcd374ea171e9e72 + +info: + name: > + Product Enquiry for WooCommerce <= 3.1 - Unauthenticated Stored Cross-Site Scripting via name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6840add4-62db-4b99-b48b-0b51aa2451b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gm-woocommerce-quote-popup/" + google-query: inurl:"/wp-content/plugins/gm-woocommerce-quote-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gm-woocommerce-quote-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gm-woocommerce-quote-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gm-woocommerce-quote-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-d4e0a798d434cb0cbde1a32f973bc629.yaml b/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-d4e0a798d434cb0cbde1a32f973bc629.yaml new file mode 100644 index 0000000000..a0bf651068 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gm-woocommerce-quote-popup-d4e0a798d434cb0cbde1a32f973bc629.yaml @@ -0,0 +1,58 @@ +id: gm-woocommerce-quote-popup-d4e0a798d434cb0cbde1a32f973bc629 + +info: + name: > + Product Enquiry for WooCommerce <= 3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f37cc9d0-345e-4ab7-ae99-d9d7fee6c1e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gm-woocommerce-quote-popup/" + google-query: inurl:"/wp-content/plugins/gm-woocommerce-quote-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gm-woocommerce-quote-popup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gm-woocommerce-quote-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gm-woocommerce-quote-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gmace-573c28c014e533996385e54c5801eb5e.yaml b/nuclei-templates/cve-less/plugins/gmace-573c28c014e533996385e54c5801eb5e.yaml new file mode 100644 index 0000000000..599d98d3f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gmace-573c28c014e533996385e54c5801eb5e.yaml @@ -0,0 +1,58 @@ +id: gmace-573c28c014e533996385e54c5801eb5e + +info: + name: > + GMAce <= 1.5.2 - Cross-Site Request Forgery via gmace_manager_client + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6e82b46-0b10-45fe-949e-dd94dd8656c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gmace/" + google-query: inurl:"/wp-content/plugins/gmace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gmace,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gmace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gmace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gmace-91afdd80e105f88c419657c28ec390b7.yaml b/nuclei-templates/cve-less/plugins/gmace-91afdd80e105f88c419657c28ec390b7.yaml new file mode 100644 index 0000000000..7d6562bfbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gmace-91afdd80e105f88c419657c28ec390b7.yaml @@ -0,0 +1,58 @@ +id: gmace-91afdd80e105f88c419657c28ec390b7 + +info: + name: > + GMAce <= 1.5.2 - Authenticated(Admin+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3523535-6938-4922-8126-8386861ca512?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gmace/" + google-query: inurl:"/wp-content/plugins/gmace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gmace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gmace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gmace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gmace-99958bc5af6b387619c59f0368c5fbd3.yaml b/nuclei-templates/cve-less/plugins/gmace-99958bc5af6b387619c59f0368c5fbd3.yaml new file mode 100644 index 0000000000..2844b4bc08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gmace-99958bc5af6b387619c59f0368c5fbd3.yaml @@ -0,0 +1,58 @@ +id: gmace-99958bc5af6b387619c59f0368c5fbd3 + +info: + name: > + GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion) + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/826b3913-9a37-4e15-80fd-b35cefb51af8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gmace/" + google-query: inurl:"/wp-content/plugins/gmace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gmace,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gmace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gmace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gmap-embed-3d3b0b33d5d87ca799b6b79195a4eb93.yaml b/nuclei-templates/cve-less/plugins/gmap-embed-3d3b0b33d5d87ca799b6b79195a4eb93.yaml new file mode 100644 index 0000000000..f166885f37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gmap-embed-3d3b0b33d5d87ca799b6b79195a4eb93.yaml @@ -0,0 +1,58 @@ +id: gmap-embed-3d3b0b33d5d87ca799b6b79195a4eb93 + +info: + name: > + WP Google Map <= 1.8.3 - Arbitrary Post Deletion and Plugin Settings Update via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7af6721-4886-4bec-8931-992881310f26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gmap-embed/" + google-query: inurl:"/wp-content/plugins/gmap-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gmap-embed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gmap-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gmap-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gmap-embed-72366184b67914a0825758added672d3.yaml b/nuclei-templates/cve-less/plugins/gmap-embed-72366184b67914a0825758added672d3.yaml new file mode 100644 index 0000000000..da20033f5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gmap-embed-72366184b67914a0825758added672d3.yaml @@ -0,0 +1,58 @@ +id: gmap-embed-72366184b67914a0825758added672d3 + +info: + name: > + WP Google Map <= 1.8.0 - Subscriber+ Arbitrary Post Deletion and Plugin Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19e6bd3b-8d03-4617-8be2-3cdaeb85fac0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gmap-embed/" + google-query: inurl:"/wp-content/plugins/gmap-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gmap-embed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gmap-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gmap-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gmap-embed-a2596cd818b9e76da96ce78707638a4c.yaml b/nuclei-templates/cve-less/plugins/gmap-embed-a2596cd818b9e76da96ce78707638a4c.yaml new file mode 100644 index 0000000000..aca546a032 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gmap-embed-a2596cd818b9e76da96ce78707638a4c.yaml @@ -0,0 +1,58 @@ +id: gmap-embed-a2596cd818b9e76da96ce78707638a4c + +info: + name: > + WP Google Map <= 1.8.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58da5adc-bb2e-409d-a623-12b19e6da138?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gmap-embed/" + google-query: inurl:"/wp-content/plugins/gmap-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gmap-embed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gmap-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gmap-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gmap-embed-cf16a38393f700cdb2be76a3ca5de2f2.yaml b/nuclei-templates/cve-less/plugins/gmap-embed-cf16a38393f700cdb2be76a3ca5de2f2.yaml new file mode 100644 index 0000000000..c14b9247df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gmap-embed-cf16a38393f700cdb2be76a3ca5de2f2.yaml @@ -0,0 +1,58 @@ +id: gmap-embed-cf16a38393f700cdb2be76a3ca5de2f2 + +info: + name: > + WP Google Map <= 1.7.6 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb3cdf8-7563-4ccd-83fe-7ebd13fa7936?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gmap-embed/" + google-query: inurl:"/wp-content/plugins/gmap-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gmap-embed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gmap-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gmap-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gn-publisher-8fa57ae72750b34eb12df59c3f8bd733.yaml b/nuclei-templates/cve-less/plugins/gn-publisher-8fa57ae72750b34eb12df59c3f8bd733.yaml new file mode 100644 index 0000000000..beec4ef5c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gn-publisher-8fa57ae72750b34eb12df59c3f8bd733.yaml @@ -0,0 +1,58 @@ +id: gn-publisher-8fa57ae72750b34eb12df59c3f8bd733 + +info: + name: > + GN Publisher <= 1.5.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a4ee97c-63cd-4a5e-a112-6d4c4c627a57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gn-publisher/" + google-query: inurl:"/wp-content/plugins/gn-publisher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gn-publisher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gn-publisher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gn-publisher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gnu-mailman-integration-e9b21730376128cd6be89ff8a65d542e.yaml b/nuclei-templates/cve-less/plugins/gnu-mailman-integration-e9b21730376128cd6be89ff8a65d542e.yaml new file mode 100644 index 0000000000..3ac9941ec6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gnu-mailman-integration-e9b21730376128cd6be89ff8a65d542e.yaml @@ -0,0 +1,58 @@ +id: gnu-mailman-integration-e9b21730376128cd6be89ff8a65d542e + +info: + name: > + GNU-Mailman Integration <= 1.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3edc40b7-5cf6-413b-80c5-b001934bedc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gnu-mailman-integration/" + google-query: inurl:"/wp-content/plugins/gnu-mailman-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gnu-mailman-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gnu-mailman-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gnu-mailman-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gnucommerce-24f4d698ab0a491686fe5ba91eade3a1.yaml b/nuclei-templates/cve-less/plugins/gnucommerce-24f4d698ab0a491686fe5ba91eade3a1.yaml new file mode 100644 index 0000000000..8551c62dd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gnucommerce-24f4d698ab0a491686fe5ba91eade3a1.yaml @@ -0,0 +1,58 @@ +id: gnucommerce-24f4d698ab0a491686fe5ba91eade3a1 + +info: + name: > + GNUCommerce < 0.5.7-BETA - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5e6817c-02e7-4d28-9446-c316a9ff8cbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gnucommerce/" + google-query: inurl:"/wp-content/plugins/gnucommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gnucommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gnucommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gnucommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.5.7-beta') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gnucommerce-3151dcfef62c493c56c6489173f8c7fe.yaml b/nuclei-templates/cve-less/plugins/gnucommerce-3151dcfef62c493c56c6489173f8c7fe.yaml new file mode 100644 index 0000000000..c24029985f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gnucommerce-3151dcfef62c493c56c6489173f8c7fe.yaml @@ -0,0 +1,58 @@ +id: gnucommerce-3151dcfef62c493c56c6489173f8c7fe + +info: + name: > + GNUCommerce < 1.4.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bbdbd0f-19cc-4a1e-9167-fbdb6d45ffbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gnucommerce/" + google-query: inurl:"/wp-content/plugins/gnucommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gnucommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gnucommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gnucommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/go_pricing-6b34c883ba2362a8ae8903a4773f143d.yaml b/nuclei-templates/cve-less/plugins/go_pricing-6b34c883ba2362a8ae8903a4773f143d.yaml new file mode 100644 index 0000000000..7125964910 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/go_pricing-6b34c883ba2362a8ae8903a4773f143d.yaml @@ -0,0 +1,58 @@ +id: go_pricing-6b34c883ba2362a8ae8903a4773f143d + +info: + name: > + Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Improper Authorization to Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/477c6fa2-16a8-4461-b4d4-d087e13e3ca7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/go_pricing/" + google-query: inurl:"/wp-content/plugins/go_pricing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,go_pricing,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/go_pricing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "go_pricing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/go_pricing-b5e2905f3fa25ed5a268cff184f71b6b.yaml b/nuclei-templates/cve-less/plugins/go_pricing-b5e2905f3fa25ed5a268cff184f71b6b.yaml new file mode 100644 index 0000000000..765632ac80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/go_pricing-b5e2905f3fa25ed5a268cff184f71b6b.yaml @@ -0,0 +1,58 @@ +id: go_pricing-b5e2905f3fa25ed5a268cff184f71b6b + +info: + name: > + Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c3d4c96-63a7-4f3b-a9ac-095be241f840?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/go_pricing/" + google-query: inurl:"/wp-content/plugins/go_pricing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,go_pricing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/go_pricing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "go_pricing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/go_pricing-c0501d6ec7222ce135cf1060e0209955.yaml b/nuclei-templates/cve-less/plugins/go_pricing-c0501d6ec7222ce135cf1060e0209955.yaml new file mode 100644 index 0000000000..5af73f101b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/go_pricing-c0501d6ec7222ce135cf1060e0209955.yaml @@ -0,0 +1,58 @@ +id: go_pricing-c0501d6ec7222ce135cf1060e0209955 + +info: + name: > + Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7686b11-97a8-4f09-bbfa-d77120cc35b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/go_pricing/" + google-query: inurl:"/wp-content/plugins/go_pricing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,go_pricing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/go_pricing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "go_pricing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/go_pricing-d934ac1748b53a01cebaf8d5ba82ca90.yaml b/nuclei-templates/cve-less/plugins/go_pricing-d934ac1748b53a01cebaf8d5ba82ca90.yaml new file mode 100644 index 0000000000..1dfee244e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/go_pricing-d934ac1748b53a01cebaf8d5ba82ca90.yaml @@ -0,0 +1,58 @@ +id: go_pricing-d934ac1748b53a01cebaf8d5ba82ca90 + +info: + name: > + Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Missing Authorization to Limited Privilege Granting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5779914a-a168-4835-8aea-e0ab2b3be4f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/go_pricing/" + google-query: inurl:"/wp-content/plugins/go_pricing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,go_pricing,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/go_pricing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "go_pricing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gocodes-613714f5c2e87c49430822b55db25b79.yaml b/nuclei-templates/cve-less/plugins/gocodes-613714f5c2e87c49430822b55db25b79.yaml new file mode 100644 index 0000000000..24b60e4fd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gocodes-613714f5c2e87c49430822b55db25b79.yaml @@ -0,0 +1,58 @@ +id: gocodes-613714f5c2e87c49430822b55db25b79 + +info: + name: > + GoCodes <= 1.3.5 - Authenticated Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92c88e7f-9393-4e44-8a1d-314f6560bf63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gocodes/" + google-query: inurl:"/wp-content/plugins/gocodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gocodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gocodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gocodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gocodes-e2b3a3b43a72a2751316fff54c8d6a22.yaml b/nuclei-templates/cve-less/plugins/gocodes-e2b3a3b43a72a2751316fff54c8d6a22.yaml new file mode 100644 index 0000000000..d57e50d3a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gocodes-e2b3a3b43a72a2751316fff54c8d6a22.yaml @@ -0,0 +1,58 @@ +id: gocodes-e2b3a3b43a72a2751316fff54c8d6a22 + +info: + name: > + GoCodes <= 1.3.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f6683c7-182a-4cd9-be6e-9832f01c3c71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gocodes/" + google-query: inurl:"/wp-content/plugins/gocodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gocodes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gocodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gocodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/godaddy-email-marketing-sign-up-forms-e6ae143c6a0d21493b73e68beda81a51.yaml b/nuclei-templates/cve-less/plugins/godaddy-email-marketing-sign-up-forms-e6ae143c6a0d21493b73e68beda81a51.yaml new file mode 100644 index 0000000000..35387bb562 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/godaddy-email-marketing-sign-up-forms-e6ae143c6a0d21493b73e68beda81a51.yaml @@ -0,0 +1,58 @@ +id: godaddy-email-marketing-sign-up-forms-e6ae143c6a0d21493b73e68beda81a51 + +info: + name: > + GoDaddy Email Marketing <= 1.4.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8d9d19e-a080-40e9-8a71-01888393f618?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/godaddy-email-marketing-sign-up-forms/" + google-query: inurl:"/wp-content/plugins/godaddy-email-marketing-sign-up-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,godaddy-email-marketing-sign-up-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/godaddy-email-marketing-sign-up-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "godaddy-email-marketing-sign-up-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/godaddy-email-marketing-sign-up-forms-f63791a8b82a8db6f6f51f822aa27ea8.yaml b/nuclei-templates/cve-less/plugins/godaddy-email-marketing-sign-up-forms-f63791a8b82a8db6f6f51f822aa27ea8.yaml new file mode 100644 index 0000000000..50a19eaa9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/godaddy-email-marketing-sign-up-forms-f63791a8b82a8db6f6f51f822aa27ea8.yaml @@ -0,0 +1,58 @@ +id: godaddy-email-marketing-sign-up-forms-f63791a8b82a8db6f6f51f822aa27ea8 + +info: + name: > + GoDaddy Email Marketing < 1.1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb53b61-f476-4b92-b87a-de10e18428a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/godaddy-email-marketing-sign-up-forms/" + google-query: inurl:"/wp-content/plugins/godaddy-email-marketing-sign-up-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,godaddy-email-marketing-sign-up-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/godaddy-email-marketing-sign-up-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "godaddy-email-marketing-sign-up-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gold-price-chart-widget-af9b404439d9589515c5ec4e6d7f1ef0.yaml b/nuclei-templates/cve-less/plugins/gold-price-chart-widget-af9b404439d9589515c5ec4e6d7f1ef0.yaml new file mode 100644 index 0000000000..894c9bc3b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gold-price-chart-widget-af9b404439d9589515c5ec4e6d7f1ef0.yaml @@ -0,0 +1,58 @@ +id: gold-price-chart-widget-af9b404439d9589515c5ec4e6d7f1ef0 + +info: + name: > + Live Gold Price & Silver Price Charts Widgets <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c53ebf2f-44ab-4d0f-ac3d-c08806c07343?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gold-price-chart-widget/" + google-query: inurl:"/wp-content/plugins/gold-price-chart-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gold-price-chart-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gold-price-chart-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gold-price-chart-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/good-bad-comments-50f3d46f270e4758bbe32a2e3166c5bc.yaml b/nuclei-templates/cve-less/plugins/good-bad-comments-50f3d46f270e4758bbe32a2e3166c5bc.yaml new file mode 100644 index 0000000000..69241c0eb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/good-bad-comments-50f3d46f270e4758bbe32a2e3166c5bc.yaml @@ -0,0 +1,58 @@ +id: good-bad-comments-50f3d46f270e4758bbe32a2e3166c5bc + +info: + name: > + Good & Bad Comments <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8546d5d-3ac0-4eb6-9502-07f2590a943b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/good-bad-comments/" + google-query: inurl:"/wp-content/plugins/good-bad-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,good-bad-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/good-bad-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "good-bad-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/good-reviews-wp-600afe426493b29bf5509da4cbb82add.yaml b/nuclei-templates/cve-less/plugins/good-reviews-wp-600afe426493b29bf5509da4cbb82add.yaml new file mode 100644 index 0000000000..97f8019b35 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/good-reviews-wp-600afe426493b29bf5509da4cbb82add.yaml @@ -0,0 +1,58 @@ +id: good-reviews-wp-600afe426493b29bf5509da4cbb82add + +info: + name: > + Five Star Restaurant Reviews <= 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Review URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fe44e46-dfbf-4286-889c-606280d62218?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/good-reviews-wp/" + google-query: inurl:"/wp-content/plugins/good-reviews-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,good-reviews-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/good-reviews-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "good-reviews-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/goodbarber-59bc60dbb95a640744a1b35b77853c09.yaml b/nuclei-templates/cve-less/plugins/goodbarber-59bc60dbb95a640744a1b35b77853c09.yaml new file mode 100644 index 0000000000..475e8f0ef9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/goodbarber-59bc60dbb95a640744a1b35b77853c09.yaml @@ -0,0 +1,58 @@ +id: goodbarber-59bc60dbb95a640744a1b35b77853c09 + +info: + name: > + GoodBarber <= 1.0.23 - Cross-Site Request Forgery via admin_options + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57774f93-e6c0-46e6-8019-eab00b2b48ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/goodbarber/" + google-query: inurl:"/wp-content/plugins/goodbarber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,goodbarber,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/goodbarber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "goodbarber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/goodlms-29cf41f615f87d85b5f82475c8720a9f.yaml b/nuclei-templates/cve-less/plugins/goodlms-29cf41f615f87d85b5f82475c8720a9f.yaml new file mode 100644 index 0000000000..29ae961b0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/goodlms-29cf41f615f87d85b5f82475c8720a9f.yaml @@ -0,0 +1,58 @@ +id: goodlms-29cf41f615f87d85b5f82475c8720a9f + +info: + name: > + Good LMS <= 2.1.4 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6629e1a9-3b28-4c8c-95d4-3c0011a7364a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/goodlms/" + google-query: inurl:"/wp-content/plugins/goodlms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,goodlms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/goodlms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "goodlms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/goodnews5-cf8879fce150bfeedade2a46a11300d9.yaml b/nuclei-templates/cve-less/plugins/goodnews5-cf8879fce150bfeedade2a46a11300d9.yaml new file mode 100644 index 0000000000..dd90ecb126 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/goodnews5-cf8879fce150bfeedade2a46a11300d9.yaml @@ -0,0 +1,58 @@ +id: goodnews5-cf8879fce150bfeedade2a46a11300d9 + +info: + name: > + Goodnews – Responsive WordPress News/Magazine | News / Editorial <= 5.11.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e903c6-36f1-45cb-8164-23a8d1ca3966?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/goodnews5/" + google-query: inurl:"/wp-content/plugins/goodnews5/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,goodnews5,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/goodnews5/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "goodnews5" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/goods-catalog-5354899032ab4aab5f7e436527798ae7.yaml b/nuclei-templates/cve-less/plugins/goods-catalog-5354899032ab4aab5f7e436527798ae7.yaml new file mode 100644 index 0000000000..9582b2ceaf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/goods-catalog-5354899032ab4aab5f7e436527798ae7.yaml @@ -0,0 +1,58 @@ +id: goods-catalog-5354899032ab4aab5f7e436527798ae7 + +info: + name: > + Goods Catalog <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21542a9e-efa2-4655-b076-d282e3678fdf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/goods-catalog/" + google-query: inurl:"/wp-content/plugins/goods-catalog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,goods-catalog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/goods-catalog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "goods-catalog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-adsense-and-hotel-booking-9de4f56ad1c8638320783f6629c2489f.yaml b/nuclei-templates/cve-less/plugins/google-adsense-and-hotel-booking-9de4f56ad1c8638320783f6629c2489f.yaml new file mode 100644 index 0000000000..3ae6a34a75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-adsense-and-hotel-booking-9de4f56ad1c8638320783f6629c2489f.yaml @@ -0,0 +1,58 @@ +id: google-adsense-and-hotel-booking-9de4f56ad1c8638320783f6629c2489f + +info: + name: > + Google Adsense and Hotel Booking <= 1.05 - Open Proxy + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97416640-c076-4f5e-9119-adbca2fcc495?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-adsense-and-hotel-booking/" + google-query: inurl:"/wp-content/plugins/google-adsense-and-hotel-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-adsense-and-hotel-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-adsense-and-hotel-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-adsense-and-hotel-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analyticator-0d1a8a5f1814698e05f7c343a752da34.yaml b/nuclei-templates/cve-less/plugins/google-analyticator-0d1a8a5f1814698e05f7c343a752da34.yaml new file mode 100644 index 0000000000..ea6591182d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analyticator-0d1a8a5f1814698e05f7c343a752da34.yaml @@ -0,0 +1,58 @@ +id: google-analyticator-0d1a8a5f1814698e05f7c343a752da34 + +info: + name: > + Google Analyticator <= 5.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a0ce4fa-24d7-4c41-a003-999ff9f45a42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analyticator/" + google-query: inurl:"/wp-content/plugins/google-analyticator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analyticator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analyticator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analyticator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analyticator-43b0481b51b9c335093961e5a3ab3d80.yaml b/nuclei-templates/cve-less/plugins/google-analyticator-43b0481b51b9c335093961e5a3ab3d80.yaml new file mode 100644 index 0000000000..7433ba0303 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analyticator-43b0481b51b9c335093961e5a3ab3d80.yaml @@ -0,0 +1,58 @@ +id: google-analyticator-43b0481b51b9c335093961e5a3ab3d80 + +info: + name: > + Google Analyticator <= 6.4.9.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c74ea5e-e25a-4b78-b04c-ed66992d4d80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analyticator/" + google-query: inurl:"/wp-content/plugins/google-analyticator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analyticator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analyticator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analyticator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.4.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analyticator-b8c54b7d77df783a3aa06fe35c635411.yaml b/nuclei-templates/cve-less/plugins/google-analyticator-b8c54b7d77df783a3aa06fe35c635411.yaml new file mode 100644 index 0000000000..72941cb0fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analyticator-b8c54b7d77df783a3aa06fe35c635411.yaml @@ -0,0 +1,58 @@ +id: google-analyticator-b8c54b7d77df783a3aa06fe35c635411 + +info: + name: > + Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1523ba0-9cac-43e2-9441-4d02fbaaf705?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analyticator/" + google-query: inurl:"/wp-content/plugins/google-analyticator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analyticator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analyticator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analyticator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analyticator-c101bbb0e470de09f2d621ebb65fb72c.yaml b/nuclei-templates/cve-less/plugins/google-analyticator-c101bbb0e470de09f2d621ebb65fb72c.yaml new file mode 100644 index 0000000000..0eab3091a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analyticator-c101bbb0e470de09f2d621ebb65fb72c.yaml @@ -0,0 +1,58 @@ +id: google-analyticator-c101bbb0e470de09f2d621ebb65fb72c + +info: + name: > + Google Analyticator <= 6.4.9.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fddf084-2be2-4359-b318-a483dee0bd4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analyticator/" + google-query: inurl:"/wp-content/plugins/google-analyticator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analyticator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analyticator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analyticator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.4.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analyticator-d27196962105bff471a16f16aa617461.yaml b/nuclei-templates/cve-less/plugins/google-analyticator-d27196962105bff471a16f16aa617461.yaml new file mode 100644 index 0000000000..21ab79de45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analyticator-d27196962105bff471a16f16aa617461.yaml @@ -0,0 +1,58 @@ +id: google-analyticator-d27196962105bff471a16f16aa617461 + +info: + name: > + Google Analyticator <= 6.5.5 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfcc3d8c-c36a-4994-aa79-99953d9adfc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analyticator/" + google-query: inurl:"/wp-content/plugins/google-analyticator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analyticator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analyticator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analyticator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analytics-dashboard-for-wp-0afedca0afb43a5850c9c8a9aae6b215.yaml b/nuclei-templates/cve-less/plugins/google-analytics-dashboard-for-wp-0afedca0afb43a5850c9c8a9aae6b215.yaml new file mode 100644 index 0000000000..ff418f546d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analytics-dashboard-for-wp-0afedca0afb43a5850c9c8a9aae6b215.yaml @@ -0,0 +1,58 @@ +id: google-analytics-dashboard-for-wp-0afedca0afb43a5850c9c8a9aae6b215 + +info: + name: > + ExactMetrics <= 7.12.0 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9456921-e56a-402f-a80a-fd5659b9aac6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analytics-dashboard-for-wp/" + google-query: inurl:"/wp-content/plugins/google-analytics-dashboard-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analytics-dashboard-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analytics-dashboard-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analytics-dashboard-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analytics-dashboard-for-wp-9084030bbc61cd11a5b8832a564811a7.yaml b/nuclei-templates/cve-less/plugins/google-analytics-dashboard-for-wp-9084030bbc61cd11a5b8832a564811a7.yaml new file mode 100644 index 0000000000..cd0fff56af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analytics-dashboard-for-wp-9084030bbc61cd11a5b8832a564811a7.yaml @@ -0,0 +1,58 @@ +id: google-analytics-dashboard-for-wp-9084030bbc61cd11a5b8832a564811a7 + +info: + name: > + ExactMetrics <= 7.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/687c86af-915e-4028-910e-ab83bcd86a1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analytics-dashboard-for-wp/" + google-query: inurl:"/wp-content/plugins/google-analytics-dashboard-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analytics-dashboard-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analytics-dashboard-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analytics-dashboard-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.14.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-49a596fa960c73e741b497015244d412.yaml b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-49a596fa960c73e741b497015244d412.yaml new file mode 100644 index 0000000000..f5eaf75bd7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-49a596fa960c73e741b497015244d412.yaml @@ -0,0 +1,58 @@ +id: google-analytics-for-wordpress-49a596fa960c73e741b497015244d412 + +info: + name: > + Google Analytics by Monster Insights <= 8.14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c87a80ad-27bf-404d-8adf-9acc91354515?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analytics-for-wordpress/" + google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analytics-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analytics-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.14.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-5d2c8f0682b9df406ab0b4c99151d03e.yaml b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-5d2c8f0682b9df406ab0b4c99151d03e.yaml new file mode 100644 index 0000000000..685ec9d05b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-5d2c8f0682b9df406ab0b4c99151d03e.yaml @@ -0,0 +1,58 @@ +id: google-analytics-for-wordpress-5d2c8f0682b9df406ab0b4c99151d03e + +info: + name: > + MonsterInsights <= 8.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e28daa5-cdbb-464c-99d5-09a924c01b41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analytics-for-wordpress/" + google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analytics-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analytics-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-6589f8f5c2b9c61e1e02d46bf871ed81.yaml b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-6589f8f5c2b9c61e1e02d46bf871ed81.yaml new file mode 100644 index 0000000000..55984fc0cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-6589f8f5c2b9c61e1e02d46bf871ed81.yaml @@ -0,0 +1,58 @@ +id: google-analytics-for-wordpress-6589f8f5c2b9c61e1e02d46bf871ed81 + +info: + name: > + Google Analytics by Monster Insights <= 8.21.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81099cdc-bce6-4ee6-b819-c3925acf96a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analytics-for-wordpress/" + google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analytics-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analytics-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.21.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-89e45ac29496786a2f26bbad510d04b9.yaml b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-89e45ac29496786a2f26bbad510d04b9.yaml new file mode 100644 index 0000000000..d0583a451a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-89e45ac29496786a2f26bbad510d04b9.yaml @@ -0,0 +1,58 @@ +id: google-analytics-for-wordpress-89e45ac29496786a2f26bbad510d04b9 + +info: + name: > + MonsterInsights <= 8.9.0 - Unauthenticated Stored Cross-Site Scripting via Google Analytics + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0388853e-4bf8-4627-876a-b842e7016de3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analytics-for-wordpress/" + google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analytics-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analytics-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-d4b13be2a36ff961aada7107a748559a.yaml b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-d4b13be2a36ff961aada7107a748559a.yaml new file mode 100644 index 0000000000..3cc9b3b471 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analytics-for-wordpress-d4b13be2a36ff961aada7107a748559a.yaml @@ -0,0 +1,58 @@ +id: google-analytics-for-wordpress-d4b13be2a36ff961aada7107a748559a + +info: + name: > + MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy) <= 5.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5178f7ee-d7e3-4cd1-8cc2-121d217e66fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analytics-for-wordpress/" + google-query: inurl:"/wp-content/plugins/google-analytics-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analytics-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analytics-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analytics-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analytics-opt-out-7173b1dd80c7cb39c8dbdccb921d11e8.yaml b/nuclei-templates/cve-less/plugins/google-analytics-opt-out-7173b1dd80c7cb39c8dbdccb921d11e8.yaml new file mode 100644 index 0000000000..aa8715bd60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analytics-opt-out-7173b1dd80c7cb39c8dbdccb921d11e8.yaml @@ -0,0 +1,58 @@ +id: google-analytics-opt-out-7173b1dd80c7cb39c8dbdccb921d11e8 + +info: + name: > + Google Analytics Opt-Out <= 2.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a90ea845-9f7f-4a89-887d-cf4337f8471f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analytics-opt-out/" + google-query: inurl:"/wp-content/plugins/google-analytics-opt-out/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analytics-opt-out,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analytics-opt-out/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analytics-opt-out" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analytics-premium-c8bc852e0f629926f8c3b976dbc68f47.yaml b/nuclei-templates/cve-less/plugins/google-analytics-premium-c8bc852e0f629926f8c3b976dbc68f47.yaml new file mode 100644 index 0000000000..020eaeb295 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analytics-premium-c8bc852e0f629926f8c3b976dbc68f47.yaml @@ -0,0 +1,58 @@ +id: google-analytics-premium-c8bc852e0f629926f8c3b976dbc68f47 + +info: + name: > + MonsterInsights Pro <= 8.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72c5d1b1-00bf-4352-b885-a8a7875c2bc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analytics-premium/" + google-query: inurl:"/wp-content/plugins/google-analytics-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analytics-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analytics-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analytics-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.14.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-analytics-top-posts-widget-6bd671fcc5c9744eb02b51b3543e258d.yaml b/nuclei-templates/cve-less/plugins/google-analytics-top-posts-widget-6bd671fcc5c9744eb02b51b3543e258d.yaml new file mode 100644 index 0000000000..7e4468a9ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-analytics-top-posts-widget-6bd671fcc5c9744eb02b51b3543e258d.yaml @@ -0,0 +1,58 @@ +id: google-analytics-top-posts-widget-6bd671fcc5c9744eb02b51b3543e258d + +info: + name: > + Google Analytics Top Content Widget <= 1.5.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4522480a-dfbf-4ff4-93c2-68b8cc15367c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-analytics-top-posts-widget/" + google-query: inurl:"/wp-content/plugins/google-analytics-top-posts-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-analytics-top-posts-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-analytics-top-posts-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-analytics-top-posts-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-apps-login-a6981c5b5578853614f986e96039441b.yaml b/nuclei-templates/cve-less/plugins/google-apps-login-a6981c5b5578853614f986e96039441b.yaml new file mode 100644 index 0000000000..23d7b34cbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-apps-login-a6981c5b5578853614f986e96039441b.yaml @@ -0,0 +1,58 @@ +id: google-apps-login-a6981c5b5578853614f986e96039441b + +info: + name: > + Google Apps Login <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08ffb478-7280-4fbc-bc5f-482c1348091e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-apps-login/" + google-query: inurl:"/wp-content/plugins/google-apps-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-apps-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-apps-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-apps-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-calendar-events-1dfb76723d09fb5ee2cf36729147fd09.yaml b/nuclei-templates/cve-less/plugins/google-calendar-events-1dfb76723d09fb5ee2cf36729147fd09.yaml new file mode 100644 index 0000000000..9f7d821f34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-calendar-events-1dfb76723d09fb5ee2cf36729147fd09.yaml @@ -0,0 +1,58 @@ +id: google-calendar-events-1dfb76723d09fb5ee2cf36729147fd09 + +info: + name: > + Google Calendar Events <= 3.2.5 - Cross-Site Request Forgery via bulk_actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1218ed3b-badc-464e-adbc-76fb4f6af008?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-calendar-events/" + google-query: inurl:"/wp-content/plugins/google-calendar-events/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-calendar-events,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-calendar-events/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-calendar-events" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-calendar-events-da47dd8f1298c3b7dee167384f30a8a6.yaml b/nuclei-templates/cve-less/plugins/google-calendar-events-da47dd8f1298c3b7dee167384f30a8a6.yaml new file mode 100644 index 0000000000..c854164351 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-calendar-events-da47dd8f1298c3b7dee167384f30a8a6.yaml @@ -0,0 +1,58 @@ +id: google-calendar-events-da47dd8f1298c3b7dee167384f30a8a6 + +info: + name: > + Simple Calendar – Google Calendar Plugin < 2.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31dcf302-9334-476c-a0e2-d8a31bcbbe5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-calendar-events/" + google-query: inurl:"/wp-content/plugins/google-calendar-events/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-calendar-events,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-calendar-events/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-calendar-events" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-calendar-events-fc53f712d57ef35888a981283b03a790.yaml b/nuclei-templates/cve-less/plugins/google-calendar-events-fc53f712d57ef35888a981283b03a790.yaml new file mode 100644 index 0000000000..5fd7f70eb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-calendar-events-fc53f712d57ef35888a981283b03a790.yaml @@ -0,0 +1,58 @@ +id: google-calendar-events-fc53f712d57ef35888a981283b03a790 + +info: + name: > + Google Calendar Events <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c04d19fb-57b3-4361-bad3-eed98f693939?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-calendar-events/" + google-query: inurl:"/wp-content/plugins/google-calendar-events/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-calendar-events,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-calendar-events/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-calendar-events" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-captcha-6bc609f0d38e102f4943d0a60410cf7f.yaml b/nuclei-templates/cve-less/plugins/google-captcha-6bc609f0d38e102f4943d0a60410cf7f.yaml new file mode 100644 index 0000000000..a63ac92894 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-captcha-6bc609f0d38e102f4943d0a60410cf7f.yaml @@ -0,0 +1,58 @@ +id: google-captcha-6bc609f0d38e102f4943d0a60410cf7f + +info: + name: > + reCaptcha by BestWebSoft <= 1.12 - CAPTCHA Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35df1ab9-58c1-4270-96ef-bbb2c7ac7af6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-captcha/" + google-query: inurl:"/wp-content/plugins/google-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-captcha,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-document-embedder-0058c9636ab9a993ffe8aa9657a05d60.yaml b/nuclei-templates/cve-less/plugins/google-document-embedder-0058c9636ab9a993ffe8aa9657a05d60.yaml new file mode 100644 index 0000000000..ddc15f66ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-document-embedder-0058c9636ab9a993ffe8aa9657a05d60.yaml @@ -0,0 +1,58 @@ +id: google-document-embedder-0058c9636ab9a993ffe8aa9657a05d60 + +info: + name: > + Google Doc Embedder <= 2.5.18 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2e80e6f-08e7-426b-9797-97483c3dc410?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-document-embedder/" + google-query: inurl:"/wp-content/plugins/google-document-embedder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-document-embedder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-document-embedder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-document-embedder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-document-embedder-06e9ac1fc5b59d1b8d6fb6e9af4f3f0c.yaml b/nuclei-templates/cve-less/plugins/google-document-embedder-06e9ac1fc5b59d1b8d6fb6e9af4f3f0c.yaml new file mode 100644 index 0000000000..093e45879d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-document-embedder-06e9ac1fc5b59d1b8d6fb6e9af4f3f0c.yaml @@ -0,0 +1,58 @@ +id: google-document-embedder-06e9ac1fc5b59d1b8d6fb6e9af4f3f0c + +info: + name: > + Google Doc Embedder <= 2.6.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/872a6264-f0e2-4936-a942-172a99892672?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-document-embedder/" + google-query: inurl:"/wp-content/plugins/google-document-embedder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-document-embedder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-document-embedder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-document-embedder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-document-embedder-0e4cfd2e84d3d4a0dcd341ba876cfae7.yaml b/nuclei-templates/cve-less/plugins/google-document-embedder-0e4cfd2e84d3d4a0dcd341ba876cfae7.yaml new file mode 100644 index 0000000000..edcc77639a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-document-embedder-0e4cfd2e84d3d4a0dcd341ba876cfae7.yaml @@ -0,0 +1,58 @@ +id: google-document-embedder-0e4cfd2e84d3d4a0dcd341ba876cfae7 + +info: + name: > + Google Doc Embedder < 2.5.4 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/982817f8-c85c-4e25-a33a-6fbf3ab06808?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-document-embedder/" + google-query: inurl:"/wp-content/plugins/google-document-embedder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-document-embedder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-document-embedder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-document-embedder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-document-embedder-4201a049c4e3da0f1f472f8fab792578.yaml b/nuclei-templates/cve-less/plugins/google-document-embedder-4201a049c4e3da0f1f472f8fab792578.yaml new file mode 100644 index 0000000000..58e1db4465 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-document-embedder-4201a049c4e3da0f1f472f8fab792578.yaml @@ -0,0 +1,58 @@ +id: google-document-embedder-4201a049c4e3da0f1f472f8fab792578 + +info: + name: > + Google Doc Embedder <= 2.6.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5aaf9bb4-bafe-415f-923d-041ef80cabac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-document-embedder/" + google-query: inurl:"/wp-content/plugins/google-document-embedder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-document-embedder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-document-embedder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-document-embedder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-document-embedder-96e3c232ce32c0e385509a8011930dfa.yaml b/nuclei-templates/cve-less/plugins/google-document-embedder-96e3c232ce32c0e385509a8011930dfa.yaml new file mode 100644 index 0000000000..93864f621a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-document-embedder-96e3c232ce32c0e385509a8011930dfa.yaml @@ -0,0 +1,58 @@ +id: google-document-embedder-96e3c232ce32c0e385509a8011930dfa + +info: + name: > + Google Doc Embedder <= 2.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8f6d1cb-330b-4405-9249-4dd1c0e98922?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-document-embedder/" + google-query: inurl:"/wp-content/plugins/google-document-embedder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-document-embedder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-document-embedder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-document-embedder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-document-embedder-cc3e06da44808e338c8d593b5ba332ad.yaml b/nuclei-templates/cve-less/plugins/google-document-embedder-cc3e06da44808e338c8d593b5ba332ad.yaml new file mode 100644 index 0000000000..d98c034cd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-document-embedder-cc3e06da44808e338c8d593b5ba332ad.yaml @@ -0,0 +1,58 @@ +id: google-document-embedder-cc3e06da44808e338c8d593b5ba332ad + +info: + name: > + Google Doc Embedder <= 2.6.4 - Authenticated (Contributor+) Blind Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75e55138-b091-4113-89da-e1ca45fb99ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-document-embedder/" + google-query: inurl:"/wp-content/plugins/google-document-embedder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-document-embedder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-document-embedder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-document-embedder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-document-embedder-fdf6e35f0fe8eb69bf51476cf88fe9b7.yaml b/nuclei-templates/cve-less/plugins/google-document-embedder-fdf6e35f0fe8eb69bf51476cf88fe9b7.yaml new file mode 100644 index 0000000000..2c1ea30e96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-document-embedder-fdf6e35f0fe8eb69bf51476cf88fe9b7.yaml @@ -0,0 +1,58 @@ +id: google-document-embedder-fdf6e35f0fe8eb69bf51476cf88fe9b7 + +info: + name: > + Google Doc Embedder < 2.5.17 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/146c8783-ba59-41da-9e95-7401865b7b8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-document-embedder/" + google-query: inurl:"/wp-content/plugins/google-document-embedder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-document-embedder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-document-embedder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-document-embedder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-image-sitemap-533a62c8ac6b0ab46c7891e8ab20865e.yaml b/nuclei-templates/cve-less/plugins/google-image-sitemap-533a62c8ac6b0ab46c7891e8ab20865e.yaml new file mode 100644 index 0000000000..30339de056 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-image-sitemap-533a62c8ac6b0ab46c7891e8ab20865e.yaml @@ -0,0 +1,58 @@ +id: google-image-sitemap-533a62c8ac6b0ab46c7891e8ab20865e + +info: + name: > + Google XML Sitemap for Images <= 2.1.3 - Cross-Site Request Forgery via image_sitemap_generate + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1165c68d-3da4-45f3-b054-4904e54d18ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-image-sitemap/" + google-query: inurl:"/wp-content/plugins/google-image-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-image-sitemap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-image-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-image-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-language-translator-1cc23bdae3a780fc80463f59518007e6.yaml b/nuclei-templates/cve-less/plugins/google-language-translator-1cc23bdae3a780fc80463f59518007e6.yaml new file mode 100644 index 0000000000..99d0545989 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-language-translator-1cc23bdae3a780fc80463f59518007e6.yaml @@ -0,0 +1,58 @@ +id: google-language-translator-1cc23bdae3a780fc80463f59518007e6 + +info: + name: > + Google Language Translator <= 6.0.19 - Missing Authorization via admin notifications + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91e7e93d-348b-40d7-b803-5dbd7c6a684a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-language-translator/" + google-query: inurl:"/wp-content/plugins/google-language-translator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-language-translator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-language-translator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-language-translator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-language-translator-a6e38c48f14b76ed761e5c6ec8e4f3ac.yaml b/nuclei-templates/cve-less/plugins/google-language-translator-a6e38c48f14b76ed761e5c6ec8e4f3ac.yaml new file mode 100644 index 0000000000..a7dc007731 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-language-translator-a6e38c48f14b76ed761e5c6ec8e4f3ac.yaml @@ -0,0 +1,58 @@ +id: google-language-translator-a6e38c48f14b76ed761e5c6ec8e4f3ac + +info: + name: > + Google Language Translator <= 5.0.05 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68aba88f-e7f9-42d7-9dea-045e7fef7056?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-language-translator/" + google-query: inurl:"/wp-content/plugins/google-language-translator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-language-translator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-language-translator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-language-translator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.06') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-language-translator-b8c86f67e83059075ac727a634aa1bcf.yaml b/nuclei-templates/cve-less/plugins/google-language-translator-b8c86f67e83059075ac727a634aa1bcf.yaml new file mode 100644 index 0000000000..ee70d43782 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-language-translator-b8c86f67e83059075ac727a634aa1bcf.yaml @@ -0,0 +1,58 @@ +id: google-language-translator-b8c86f67e83059075ac727a634aa1bcf + +info: + name: > + Translate WordPress - Google Language Translator <= 6.0.11 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f862575-afd8-4e38-8780-40e86ad9b5da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-language-translator/" + google-query: inurl:"/wp-content/plugins/google-language-translator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-language-translator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-language-translator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-language-translator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-language-translator-d02f0d7121f40075980c3a177c578c3f.yaml b/nuclei-templates/cve-less/plugins/google-language-translator-d02f0d7121f40075980c3a177c578c3f.yaml new file mode 100644 index 0000000000..4b30d3aafe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-language-translator-d02f0d7121f40075980c3a177c578c3f.yaml @@ -0,0 +1,58 @@ +id: google-language-translator-d02f0d7121f40075980c3a177c578c3f + +info: + name: > + Translate WordPress with GTranslate <= 2.9.8 & Translate WordPress – Google Language Translator <= 6.0.13 - Missing Authorization to Sensitive Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff21e539-8ba0-4edd-a90c-27a4cd1cdbc7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-language-translator/" + google-query: inurl:"/wp-content/plugins/google-language-translator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-language-translator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-language-translator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-language-translator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-map-shortcode-4863dac3dc1435179890da283e476787.yaml b/nuclei-templates/cve-less/plugins/google-map-shortcode-4863dac3dc1435179890da283e476787.yaml new file mode 100644 index 0000000000..2332b304c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-map-shortcode-4863dac3dc1435179890da283e476787.yaml @@ -0,0 +1,58 @@ +id: google-map-shortcode-4863dac3dc1435179890da283e476787 + +info: + name: > + Google Map Shortcode <= 3.1.2 - Cross-Site Request Forgery to Plugin Setting Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3f05af5-35f5-4813-b8a3-bb90709af677?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-map-shortcode/" + google-query: inurl:"/wp-content/plugins/google-map-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-map-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-map-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-map-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-map-shortcode-5a9c8ffeceece98dba6df9f5a0d59a78.yaml b/nuclei-templates/cve-less/plugins/google-map-shortcode-5a9c8ffeceece98dba6df9f5a0d59a78.yaml new file mode 100644 index 0000000000..e223b27dff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-map-shortcode-5a9c8ffeceece98dba6df9f5a0d59a78.yaml @@ -0,0 +1,58 @@ +id: google-map-shortcode-5a9c8ffeceece98dba6df9f5a0d59a78 + +info: + name: > + Google Map Shortcode <= 3.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f6656e2-35f5-41d8-a330-7904c296ba29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-map-shortcode/" + google-query: inurl:"/wp-content/plugins/google-map-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-map-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-map-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-map-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-map-shortcode-95846903ce77a5ec41c1ed6e6284de3b.yaml b/nuclei-templates/cve-less/plugins/google-map-shortcode-95846903ce77a5ec41c1ed6e6284de3b.yaml new file mode 100644 index 0000000000..3ad0eee457 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-map-shortcode-95846903ce77a5ec41c1ed6e6284de3b.yaml @@ -0,0 +1,58 @@ +id: google-map-shortcode-95846903ce77a5ec41c1ed6e6284de3b + +info: + name: > + Google Map Shortcode <= 3.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbd4983f-bf92-45c3-95a6-6f5e39bca228?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-map-shortcode/" + google-query: inurl:"/wp-content/plugins/google-map-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-map-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-map-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-map-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-maps-advanced-bad18eab263a0541b49dc3dae830d379.yaml b/nuclei-templates/cve-less/plugins/google-maps-advanced-bad18eab263a0541b49dc3dae830d379.yaml new file mode 100644 index 0000000000..5ff5aed50e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-maps-advanced-bad18eab263a0541b49dc3dae830d379.yaml @@ -0,0 +1,58 @@ +id: google-maps-advanced-bad18eab263a0541b49dc3dae830d379 + +info: + name: > + Inline Google Maps <= 5.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91aa1f4c-ace7-43a4-a9e6-82c15e00d0eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-maps-advanced/" + google-query: inurl:"/wp-content/plugins/google-maps-advanced/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-maps-advanced,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-maps-advanced/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-maps-advanced" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-maps-anywhere-d6efc23acaa92418f6d5991825096389.yaml b/nuclei-templates/cve-less/plugins/google-maps-anywhere-d6efc23acaa92418f6d5991825096389.yaml new file mode 100644 index 0000000000..4066335049 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-maps-anywhere-d6efc23acaa92418f6d5991825096389.yaml @@ -0,0 +1,58 @@ +id: google-maps-anywhere-d6efc23acaa92418f6d5991825096389 + +info: + name: > + Google Maps Anywhere <= 1.2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0dda8e76-22aa-400b-b4c1-b24e6e1141ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-maps-anywhere/" + google-query: inurl:"/wp-content/plugins/google-maps-anywhere/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-maps-anywhere,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-maps-anywhere/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-maps-anywhere" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-maps-easy-066b2e83656aa18020e2e218de1f2a94.yaml b/nuclei-templates/cve-less/plugins/google-maps-easy-066b2e83656aa18020e2e218de1f2a94.yaml new file mode 100644 index 0000000000..c1932274b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-maps-easy-066b2e83656aa18020e2e218de1f2a94.yaml @@ -0,0 +1,58 @@ +id: google-maps-easy-066b2e83656aa18020e2e218de1f2a94 + +info: + name: > + Easy Google Maps <= 1.11.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ca7b7c0-a94e-47ff-996d-4c7bbd62f0de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-maps-easy/" + google-query: inurl:"/wp-content/plugins/google-maps-easy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-maps-easy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-maps-easy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-maps-easy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-maps-easy-071e46b1422bc01b590261a3c5a56383.yaml b/nuclei-templates/cve-less/plugins/google-maps-easy-071e46b1422bc01b590261a3c5a56383.yaml new file mode 100644 index 0000000000..974b6f66d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-maps-easy-071e46b1422bc01b590261a3c5a56383.yaml @@ -0,0 +1,58 @@ +id: google-maps-easy-071e46b1422bc01b590261a3c5a56383 + +info: + name: > + Google Maps Easy <= 1.9.33 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/586137a5-8758-400e-a66a-2382f8633578?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-maps-easy/" + google-query: inurl:"/wp-content/plugins/google-maps-easy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-maps-easy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-maps-easy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-maps-easy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-maps-easy-8055046b14f7ace81067cd61a7af0ffb.yaml b/nuclei-templates/cve-less/plugins/google-maps-easy-8055046b14f7ace81067cd61a7af0ffb.yaml new file mode 100644 index 0000000000..f7e7a2dfe7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-maps-easy-8055046b14f7ace81067cd61a7af0ffb.yaml @@ -0,0 +1,58 @@ +id: google-maps-easy-8055046b14f7ace81067cd61a7af0ffb + +info: + name: > + Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee52c6c0-c69e-46c4-9e4b-94aa69c00737?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-maps-easy/" + google-query: inurl:"/wp-content/plugins/google-maps-easy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-maps-easy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-maps-easy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-maps-easy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-maps-easy-c19921f21d9136f2954ea974f2d3b3d7.yaml b/nuclei-templates/cve-less/plugins/google-maps-easy-c19921f21d9136f2954ea974f2d3b3d7.yaml new file mode 100644 index 0000000000..a4d49489c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-maps-easy-c19921f21d9136f2954ea974f2d3b3d7.yaml @@ -0,0 +1,58 @@ +id: google-maps-easy-c19921f21d9136f2954ea974f2d3b3d7 + +info: + name: > + Easy Google Maps <= 1.9.31 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fe79ca5-2811-44eb-a340-a41383f9d42e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-maps-easy/" + google-query: inurl:"/wp-content/plugins/google-maps-easy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-maps-easy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-maps-easy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-maps-easy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-maps-easy-f4c5da0c9249d69bad94272b808223ea.yaml b/nuclei-templates/cve-less/plugins/google-maps-easy-f4c5da0c9249d69bad94272b808223ea.yaml new file mode 100644 index 0000000000..c08600de02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-maps-easy-f4c5da0c9249d69bad94272b808223ea.yaml @@ -0,0 +1,58 @@ +id: google-maps-easy-f4c5da0c9249d69bad94272b808223ea + +info: + name: > + Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ea4ca00-185b-4f5d-9c5c-f81ba4edad05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-maps-easy/" + google-query: inurl:"/wp-content/plugins/google-maps-easy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-maps-easy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-maps-easy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-maps-easy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-maps-v3-shortcode-e258e8570aa5a2a07663517678c9341e.yaml b/nuclei-templates/cve-less/plugins/google-maps-v3-shortcode-e258e8570aa5a2a07663517678c9341e.yaml new file mode 100644 index 0000000000..7cf8cbf7ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-maps-v3-shortcode-e258e8570aa5a2a07663517678c9341e.yaml @@ -0,0 +1,58 @@ +id: google-maps-v3-shortcode-e258e8570aa5a2a07663517678c9341e + +info: + name: > + Google Maps v3 Shortcode <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15123d5f-eb24-46e3-81ec-7dd4f108a42d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-maps-v3-shortcode/" + google-query: inurl:"/wp-content/plugins/google-maps-v3-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-maps-v3-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-maps-v3-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-maps-v3-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-maps-widget-47ea06b51e4d84465dbdc7ce5332226e.yaml b/nuclei-templates/cve-less/plugins/google-maps-widget-47ea06b51e4d84465dbdc7ce5332226e.yaml new file mode 100644 index 0000000000..00177a5277 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-maps-widget-47ea06b51e4d84465dbdc7ce5332226e.yaml @@ -0,0 +1,58 @@ +id: google-maps-widget-47ea06b51e4d84465dbdc7ce5332226e + +info: + name: > + Maps Widget for Google Maps <= 4.24 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de871598-e4e7-49f6-8530-68243544c06c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-maps-widget/" + google-query: inurl:"/wp-content/plugins/google-maps-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-maps-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-maps-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-maps-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-mobile-sitemap-5229e60b10dc0cc0da445f82bd6aaa7c.yaml b/nuclei-templates/cve-less/plugins/google-mobile-sitemap-5229e60b10dc0cc0da445f82bd6aaa7c.yaml new file mode 100644 index 0000000000..1d48f24ab1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-mobile-sitemap-5229e60b10dc0cc0da445f82bd6aaa7c.yaml @@ -0,0 +1,58 @@ +id: google-mobile-sitemap-5229e60b10dc0cc0da445f82bd6aaa7c + +info: + name: > + Google XML Sitemap for Mobile <= 1.6.1 - Cross-Site Request Forgery via mobile_sitemap_generate + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2b0c5f9-b734-41e6-8ecb-4cf3d891ddb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-mobile-sitemap/" + google-query: inurl:"/wp-content/plugins/google-mobile-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-mobile-sitemap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-mobile-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-mobile-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-news-sitemap-d6ab389c616dfd2cb30cbd7db8473c95.yaml b/nuclei-templates/cve-less/plugins/google-news-sitemap-d6ab389c616dfd2cb30cbd7db8473c95.yaml new file mode 100644 index 0000000000..0bbf5c823d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-news-sitemap-d6ab389c616dfd2cb30cbd7db8473c95.yaml @@ -0,0 +1,58 @@ +id: google-news-sitemap-d6ab389c616dfd2cb30cbd7db8473c95 + +info: + name: > + Andrea Pernici News Sitemap for Google <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49a0c45e-781e-4d2e-a9e8-a54ff8ef6131?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-news-sitemap/" + google-query: inurl:"/wp-content/plugins/google-news-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-news-sitemap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-news-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-news-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-pagespeed-insights-151d3e08592a36d4136c6e83ca9b4d33.yaml b/nuclei-templates/cve-less/plugins/google-pagespeed-insights-151d3e08592a36d4136c6e83ca9b4d33.yaml new file mode 100644 index 0000000000..1b3bda0552 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-pagespeed-insights-151d3e08592a36d4136c6e83ca9b4d33.yaml @@ -0,0 +1,58 @@ +id: google-pagespeed-insights-151d3e08592a36d4136c6e83ca9b4d33 + +info: + name: > + Insights from Google PageSpeed <= 4.0.6 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8440240-f652-4372-9ed8-f3eb3b8336e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-pagespeed-insights/" + google-query: inurl:"/wp-content/plugins/google-pagespeed-insights/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-pagespeed-insights,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-pagespeed-insights/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-pagespeed-insights" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-pagespeed-insights-69c002483424de642a83eb654d8e112a.yaml b/nuclei-templates/cve-less/plugins/google-pagespeed-insights-69c002483424de642a83eb654d8e112a.yaml new file mode 100644 index 0000000000..1bc4896d14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-pagespeed-insights-69c002483424de642a83eb654d8e112a.yaml @@ -0,0 +1,58 @@ +id: google-pagespeed-insights-69c002483424de642a83eb654d8e112a + +info: + name: > + Google Pagespeed Insights <= 4.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae8e245f-2458-4ffe-8e73-bed61331f39d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-pagespeed-insights/" + google-query: inurl:"/wp-content/plugins/google-pagespeed-insights/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-pagespeed-insights,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-pagespeed-insights/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-pagespeed-insights" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-site-kit-ce48369642b01844ccbae0e0917885a1.yaml b/nuclei-templates/cve-less/plugins/google-site-kit-ce48369642b01844ccbae0e0917885a1.yaml new file mode 100644 index 0000000000..c35874d3f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-site-kit-ce48369642b01844ccbae0e0917885a1.yaml @@ -0,0 +1,58 @@ +id: google-site-kit-ce48369642b01844ccbae0e0917885a1 + +info: + name: > + Site Kit by Google <= 1.7.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e358c32d-6d0b-421d-9746-aafa1252dcea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-site-kit/" + google-query: inurl:"/wp-content/plugins/google-site-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-site-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-site-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-site-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-site-verification-using-meta-tag-27da99993e67f1ff7087f357854cd3f5.yaml b/nuclei-templates/cve-less/plugins/google-site-verification-using-meta-tag-27da99993e67f1ff7087f357854cd3f5.yaml new file mode 100644 index 0000000000..4d69cc8323 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-site-verification-using-meta-tag-27da99993e67f1ff7087f357854cd3f5.yaml @@ -0,0 +1,58 @@ +id: google-site-verification-using-meta-tag-27da99993e67f1ff7087f357854cd3f5 + +info: + name: > + Google Site Verification plugin using Meta Tag <= 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecfdd114-b7bb-45bf-84df-a92f10b2fd81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-site-verification-using-meta-tag/" + google-query: inurl:"/wp-content/plugins/google-site-verification-using-meta-tag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-site-verification-using-meta-tag,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-site-verification-using-meta-tag/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-site-verification-using-meta-tag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-sitemap-generator-877bab778ddda7032844b19d4fdbee7a.yaml b/nuclei-templates/cve-less/plugins/google-sitemap-generator-877bab778ddda7032844b19d4fdbee7a.yaml new file mode 100644 index 0000000000..abc41e7c90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-sitemap-generator-877bab778ddda7032844b19d4fdbee7a.yaml @@ -0,0 +1,58 @@ +id: google-sitemap-generator-877bab778ddda7032844b19d4fdbee7a + +info: + name: > + XML Sitemaps <= 4.0.9 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a82c5ca7-5fe5-4817-bf5c-ee7779eb4427?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-sitemap-generator/" + google-query: inurl:"/wp-content/plugins/google-sitemap-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-sitemap-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-sitemap-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-sitemap-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-sitemap-generator-a8343a6c54d23e35a66b54c79a6e406e.yaml b/nuclei-templates/cve-less/plugins/google-sitemap-generator-a8343a6c54d23e35a66b54c79a6e406e.yaml new file mode 100644 index 0000000000..8aab09997b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-sitemap-generator-a8343a6c54d23e35a66b54c79a6e406e.yaml @@ -0,0 +1,58 @@ +id: google-sitemap-generator-a8343a6c54d23e35a66b54c79a6e406e + +info: + name: > + XML Sitemaps <= 4.1.1 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/455b0b34-1421-46eb-8fcf-3b68c5068249?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-sitemap-generator/" + google-query: inurl:"/wp-content/plugins/google-sitemap-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-sitemap-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-sitemap-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-sitemap-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/google-typography-cff018203a21cbec2137aca8bbff35f1.yaml b/nuclei-templates/cve-less/plugins/google-typography-cff018203a21cbec2137aca8bbff35f1.yaml new file mode 100644 index 0000000000..dc7d5c718b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/google-typography-cff018203a21cbec2137aca8bbff35f1.yaml @@ -0,0 +1,58 @@ +id: google-typography-cff018203a21cbec2137aca8bbff35f1 + +info: + name: > + Google Typography <= 1.1.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e00ae4-68a6-4835-8dd7-da5dc104feba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/google-typography/" + google-query: inurl:"/wp-content/plugins/google-typography/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,google-typography,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/google-typography/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "google-typography" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/googleanalytics-2207307382a7e5b71273a639c041b28d.yaml b/nuclei-templates/cve-less/plugins/googleanalytics-2207307382a7e5b71273a639c041b28d.yaml new file mode 100644 index 0000000000..76a22d0f08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/googleanalytics-2207307382a7e5b71273a639c041b28d.yaml @@ -0,0 +1,58 @@ +id: googleanalytics-2207307382a7e5b71273a639c041b28d + +info: + name: > + ShareThis Dashboard for Google Analytics <= 3.1.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e343489-4969-4a16-9741-34de93c8b06e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/googleanalytics/" + google-query: inurl:"/wp-content/plugins/googleanalytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,googleanalytics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/googleanalytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "googleanalytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/googleanalytics-d7f99b9c49c835552d523fc996a914ba.yaml b/nuclei-templates/cve-less/plugins/googleanalytics-d7f99b9c49c835552d523fc996a914ba.yaml new file mode 100644 index 0000000000..aa4a39098c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/googleanalytics-d7f99b9c49c835552d523fc996a914ba.yaml @@ -0,0 +1,58 @@ +id: googleanalytics-d7f99b9c49c835552d523fc996a914ba + +info: + name: > + ShareThis Dashboard for Google Analytics <= 2.5.1 - Reflected Cross-Site Scripting via ga_action parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da89e8f9-3843-4d72-92b2-cd2f717510cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/googleanalytics/" + google-query: inurl:"/wp-content/plugins/googleanalytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,googleanalytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/googleanalytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "googleanalytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/googmonify-c684be52691ba8cf475f40cbe594a992.yaml b/nuclei-templates/cve-less/plugins/googmonify-c684be52691ba8cf475f40cbe594a992.yaml new file mode 100644 index 0000000000..c5ab8cb46e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/googmonify-c684be52691ba8cf475f40cbe594a992.yaml @@ -0,0 +1,58 @@ +id: googmonify-c684be52691ba8cf475f40cbe594a992 + +info: + name: > + Googmonify <= 0.5.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff70f7aa-4c2c-4693-8b1f-d6e3ebbb0dad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/googmonify/" + google-query: inurl:"/wp-content/plugins/googmonify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,googmonify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/googmonify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "googmonify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/goolytics-simple-google-analytics-733ee63acd3da1891d75d0f23730ff92.yaml b/nuclei-templates/cve-less/plugins/goolytics-simple-google-analytics-733ee63acd3da1891d75d0f23730ff92.yaml new file mode 100644 index 0000000000..fe3bf8a3c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/goolytics-simple-google-analytics-733ee63acd3da1891d75d0f23730ff92.yaml @@ -0,0 +1,58 @@ +id: goolytics-simple-google-analytics-733ee63acd3da1891d75d0f23730ff92 + +info: + name: > + Goolytics – Simple Google Analytics <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccf2bd2a-6041-49ca-8ff9-d8541b2d2b73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/goolytics-simple-google-analytics/" + google-query: inurl:"/wp-content/plugins/goolytics-simple-google-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,goolytics-simple-google-analytics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/goolytics-simple-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "goolytics-simple-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gotmls-0a0cd233b0f3cbcbaa65976cd56fef34.yaml b/nuclei-templates/cve-less/plugins/gotmls-0a0cd233b0f3cbcbaa65976cd56fef34.yaml new file mode 100644 index 0000000000..a43012d2aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gotmls-0a0cd233b0f3cbcbaa65976cd56fef34.yaml @@ -0,0 +1,58 @@ +id: gotmls-0a0cd233b0f3cbcbaa65976cd56fef34 + +info: + name: > + Anti-Malware Security and Brute-Force Firewall <= 4.20.95 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e9ef3dd-9055-4f9f-b3af-6bf34c06292a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gotmls/" + google-query: inurl:"/wp-content/plugins/gotmls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gotmls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gotmls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gotmls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.20.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gotmls-1a3ebcec002fbbf2625550387d2d42c9.yaml b/nuclei-templates/cve-less/plugins/gotmls-1a3ebcec002fbbf2625550387d2d42c9.yaml new file mode 100644 index 0000000000..38c8911b08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gotmls-1a3ebcec002fbbf2625550387d2d42c9.yaml @@ -0,0 +1,58 @@ +id: gotmls-1a3ebcec002fbbf2625550387d2d42c9 + +info: + name: > + Anti-Malware Security and Brute-Force Firewall <= 4.21.85 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2826ac2-bb1c-4aee-ba3f-c77825fc395c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gotmls/" + google-query: inurl:"/wp-content/plugins/gotmls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gotmls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gotmls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gotmls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.21.85') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gotmls-217282597c372f234ba0f9d1d76dc65e.yaml b/nuclei-templates/cve-less/plugins/gotmls-217282597c372f234ba0f9d1d76dc65e.yaml new file mode 100644 index 0000000000..3fb9099004 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gotmls-217282597c372f234ba0f9d1d76dc65e.yaml @@ -0,0 +1,58 @@ +id: gotmls-217282597c372f234ba0f9d1d76dc65e + +info: + name: > + Anti-Malware Security and Brute-Force Firewall <= 4.20.93 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9a70e02-fdbc-43ee-9382-101391f363a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gotmls/" + google-query: inurl:"/wp-content/plugins/gotmls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gotmls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gotmls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gotmls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.20.94') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gotmls-73c5b47663cb5585bace1d303c16cc9b.yaml b/nuclei-templates/cve-less/plugins/gotmls-73c5b47663cb5585bace1d303c16cc9b.yaml new file mode 100644 index 0000000000..35e054b27b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gotmls-73c5b47663cb5585bace1d303c16cc9b.yaml @@ -0,0 +1,58 @@ +id: gotmls-73c5b47663cb5585bace1d303c16cc9b + +info: + name: > + Anti-Malware Security and Brute-Force Firewall <= 4.21.74 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07e9ae6a-7734-40ee-9287-ae0a99b1fc31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gotmls/" + google-query: inurl:"/wp-content/plugins/gotmls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gotmls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gotmls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gotmls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.21.74') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gotmls-ee46b680e67f5e4398b3104a6e695606.yaml b/nuclei-templates/cve-less/plugins/gotmls-ee46b680e67f5e4398b3104a6e695606.yaml new file mode 100644 index 0000000000..37f79add1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gotmls-ee46b680e67f5e4398b3104a6e695606.yaml @@ -0,0 +1,58 @@ +id: gotmls-ee46b680e67f5e4398b3104a6e695606 + +info: + name: > + Anti-Malware Security and Brute-Force Firewall <= 4.21.96 - Unauthenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e81331-0b39-4490-8624-38078b3d5420?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gotmls/" + google-query: inurl:"/wp-content/plugins/gotmls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gotmls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gotmls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gotmls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.21.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gotowp-1dba374d8f67142177f857791fc4897a.yaml b/nuclei-templates/cve-less/plugins/gotowp-1dba374d8f67142177f857791fc4897a.yaml new file mode 100644 index 0000000000..b61d4e5db3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gotowp-1dba374d8f67142177f857791fc4897a.yaml @@ -0,0 +1,58 @@ +id: gotowp-1dba374d8f67142177f857791fc4897a + +info: + name: > + GoToWP <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d07dcb9-ec8c-4f38-b5c2-2f4020a1c610?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gotowp/" + google-query: inurl:"/wp-content/plugins/gotowp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gotowp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gotowp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gotowp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership-3063b8281af6ebc7aeb1fd5ad46fb58d.yaml b/nuclei-templates/cve-less/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership-3063b8281af6ebc7aeb1fd5ad46fb58d.yaml new file mode 100644 index 0000000000..961e33f630 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership-3063b8281af6ebc7aeb1fd5ad46fb58d.yaml @@ -0,0 +1,58 @@ +id: gourl-bitcoin-payment-gateway-paid-downloads-membership-3063b8281af6ebc7aeb1fd5ad46fb58d + +info: + name: > + GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership <= 1.4.13 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4d99e64-1daf-4349-9702-341f05a65c21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership/" + google-query: inurl:"/wp-content/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gourl-bitcoin-payment-gateway-paid-downloads-membership,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gourl-bitcoin-payment-gateway-paid-downloads-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gourl-bitcoin-payment-gateway-paid-downloads-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gp-unique-id-0baa6a08e33ce425ecc59984cf3322d5.yaml b/nuclei-templates/cve-less/plugins/gp-unique-id-0baa6a08e33ce425ecc59984cf3322d5.yaml new file mode 100644 index 0000000000..defe719c7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gp-unique-id-0baa6a08e33ce425ecc59984cf3322d5.yaml @@ -0,0 +1,58 @@ +id: gp-unique-id-0baa6a08e33ce425ecc59984cf3322d5 + +info: + name: > + GP Unique ID <= 1.5.5 - Unauthenticated Form Submission Unique ID Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26db2d25-01b8-49c5-a4d6-284780ac97bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gp-unique-id/" + google-query: inurl:"/wp-content/plugins/gp-unique-id/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gp-unique-id,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gp-unique-id/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gp-unique-id" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gps-plotter-b434181ec4dda3f7c495c50067c97199.yaml b/nuclei-templates/cve-less/plugins/gps-plotter-b434181ec4dda3f7c495c50067c97199.yaml new file mode 100644 index 0000000000..90d089b439 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gps-plotter-b434181ec4dda3f7c495c50067c97199.yaml @@ -0,0 +1,58 @@ +id: gps-plotter-b434181ec4dda3f7c495c50067c97199 + +info: + name: > + GPS Plotter <= 5.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca449d15-b05e-4341-99b0-472a14cab8f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gps-plotter/" + google-query: inurl:"/wp-content/plugins/gps-plotter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gps-plotter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gps-plotter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gps-plotter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gpt3-ai-content-generator-045152e75b1009ce745fb0f25f86d898.yaml b/nuclei-templates/cve-less/plugins/gpt3-ai-content-generator-045152e75b1009ce745fb0f25f86d898.yaml new file mode 100644 index 0000000000..d32aa39805 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gpt3-ai-content-generator-045152e75b1009ce745fb0f25f86d898.yaml @@ -0,0 +1,58 @@ +id: gpt3-ai-content-generator-045152e75b1009ce745fb0f25f86d898 + +info: + name: > + GPT AI Power <= 1.4.37 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e1aa14-b762-40ea-9a64-b1ecb6ed7153?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gpt3-ai-content-generator/" + google-query: inurl:"/wp-content/plugins/gpt3-ai-content-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gpt3-ai-content-generator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gpt3-ai-content-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gpt3-ai-content-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gpt3-ai-content-generator-57ecfed8d0fb67d406684f95901e8e61.yaml b/nuclei-templates/cve-less/plugins/gpt3-ai-content-generator-57ecfed8d0fb67d406684f95901e8e61.yaml new file mode 100644 index 0000000000..48fbbf8519 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gpt3-ai-content-generator-57ecfed8d0fb67d406684f95901e8e61.yaml @@ -0,0 +1,58 @@ +id: gpt3-ai-content-generator-57ecfed8d0fb67d406684f95901e8e61 + +info: + name: > + GPT3 AI Content Writer <= 1.8.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5511c5f4-b71c-484b-ab6f-2389a29809cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gpt3-ai-content-generator/" + google-query: inurl:"/wp-content/plugins/gpt3-ai-content-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gpt3-ai-content-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gpt3-ai-content-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gpt3-ai-content-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gpt3-ai-content-generator-e9e7f1f63804b5a7bd339f4d7bcd16e9.yaml b/nuclei-templates/cve-less/plugins/gpt3-ai-content-generator-e9e7f1f63804b5a7bd339f4d7bcd16e9.yaml new file mode 100644 index 0000000000..a7022cc188 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gpt3-ai-content-generator-e9e7f1f63804b5a7bd339f4d7bcd16e9.yaml @@ -0,0 +1,58 @@ +id: gpt3-ai-content-generator-e9e7f1f63804b5a7bd339f4d7bcd16e9 + +info: + name: > + AI Power: Complete AI Pack – Powered by GPT-4 <= 1.8.1 - Missing Authorization to Sensitive Data Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f95c288-7710-46aa-898b-a923afa7a4ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gpt3-ai-content-generator/" + google-query: inurl:"/wp-content/plugins/gpt3-ai-content-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gpt3-ai-content-generator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gpt3-ai-content-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gpt3-ai-content-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gracemedia-media-player-639b65f134f2ebc0900152991d7d173d.yaml b/nuclei-templates/cve-less/plugins/gracemedia-media-player-639b65f134f2ebc0900152991d7d173d.yaml new file mode 100644 index 0000000000..7f7d718376 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gracemedia-media-player-639b65f134f2ebc0900152991d7d173d.yaml @@ -0,0 +1,58 @@ +id: gracemedia-media-player-639b65f134f2ebc0900152991d7d173d + +info: + name: > + GraceMedia Media Player <= 1.0 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c024c77-31a8-45b8-9fcb-7ba729bec32c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gracemedia-media-player/" + google-query: inurl:"/wp-content/plugins/gracemedia-media-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gracemedia-media-player,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gracemedia-media-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gracemedia-media-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gradient-text-widget-for-elementor-2b7b5dc8c00ef5d0c5596161adf932c4.yaml b/nuclei-templates/cve-less/plugins/gradient-text-widget-for-elementor-2b7b5dc8c00ef5d0c5596161adf932c4.yaml new file mode 100644 index 0000000000..cbfa242023 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gradient-text-widget-for-elementor-2b7b5dc8c00ef5d0c5596161adf932c4.yaml @@ -0,0 +1,58 @@ +id: gradient-text-widget-for-elementor-2b7b5dc8c00ef5d0c5596161adf932c4 + +info: + name: > + Gradient Text Widget for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32dd7de3-980d-4ade-988d-a483f16a19df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gradient-text-widget-for-elementor/" + google-query: inurl:"/wp-content/plugins/gradient-text-widget-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gradient-text-widget-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gradient-text-widget-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gradient-text-widget-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/grand-media-6f4811a1962934f7bbd6ba6e69c49111.yaml b/nuclei-templates/cve-less/plugins/grand-media-6f4811a1962934f7bbd6ba6e69c49111.yaml new file mode 100644 index 0000000000..69e7a19ba8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/grand-media-6f4811a1962934f7bbd6ba6e69c49111.yaml @@ -0,0 +1,58 @@ +id: grand-media-6f4811a1962934f7bbd6ba6e69c49111 + +info: + name: > + Gmedia Photo Gallery <= 1.6.4 - Open Proxy + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/408cd4a7-d850-40fb-9b46-9381815c1222?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/grand-media/" + google-query: inurl:"/wp-content/plugins/grand-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,grand-media,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/grand-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "grand-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/grand-media-feb8ea008986699e99b1ae18448b79c3.yaml b/nuclei-templates/cve-less/plugins/grand-media-feb8ea008986699e99b1ae18448b79c3.yaml new file mode 100644 index 0000000000..60a3ec29cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/grand-media-feb8ea008986699e99b1ae18448b79c3.yaml @@ -0,0 +1,58 @@ +id: grand-media-feb8ea008986699e99b1ae18448b79c3 + +info: + name: > + Gmedia Photo Gallery < 1.20.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c74d5ad-30f3-4fde-b240-97318fc3c7d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/grand-media/" + google-query: inurl:"/wp-content/plugins/grand-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,grand-media,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/grand-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "grand-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.20.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/graphina-elementor-charts-and-graphs-a96bb943a1852ea0b2e688a3b3910413.yaml b/nuclei-templates/cve-less/plugins/graphina-elementor-charts-and-graphs-a96bb943a1852ea0b2e688a3b3910413.yaml new file mode 100644 index 0000000000..97ad202acb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/graphina-elementor-charts-and-graphs-a96bb943a1852ea0b2e688a3b3910413.yaml @@ -0,0 +1,58 @@ +id: graphina-elementor-charts-and-graphs-a96bb943a1852ea0b2e688a3b3910413 + +info: + name: > + Graphina – Elementor Charts and Graphs <= 1.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/graphina-elementor-charts-and-graphs/" + google-query: inurl:"/wp-content/plugins/graphina-elementor-charts-and-graphs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,graphina-elementor-charts-and-graphs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/graphina-elementor-charts-and-graphs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "graphina-elementor-charts-and-graphs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce-b4bd8b09c6fbcb29788bc8bbefcbcdc0.yaml b/nuclei-templates/cve-less/plugins/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce-b4bd8b09c6fbcb29788bc8bbefcbcdc0.yaml new file mode 100644 index 0000000000..200193aa85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce-b4bd8b09c6fbcb29788bc8bbefcbcdc0.yaml @@ -0,0 +1,58 @@ +id: gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce-b4bd8b09c6fbcb29788bc8bbefcbcdc0 + +info: + name: > + Gratisfaction <= 4.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f2135ab-ef76-4539-81ad-51abc4e051ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gravitate-qa-tracker-cd3644678d89d82305da7906f47bab11.yaml b/nuclei-templates/cve-less/plugins/gravitate-qa-tracker-cd3644678d89d82305da7906f47bab11.yaml new file mode 100644 index 0000000000..775d50a33d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gravitate-qa-tracker-cd3644678d89d82305da7906f47bab11.yaml @@ -0,0 +1,58 @@ +id: gravitate-qa-tracker-cd3644678d89d82305da7906f47bab11 + +info: + name: > + Gravitate QA Tracker <= 1.2.1 - Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ef64118-b388-4260-930b-6a31992d4076?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gravitate-qa-tracker/" + google-query: inurl:"/wp-content/plugins/gravitate-qa-tracker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gravitate-qa-tracker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gravitate-qa-tracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gravitate-qa-tracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gravity-file-ajax-upload-free-aae4ca7abb59e5c604f97c05e398cdb3.yaml b/nuclei-templates/cve-less/plugins/gravity-file-ajax-upload-free-aae4ca7abb59e5c604f97c05e398cdb3.yaml new file mode 100644 index 0000000000..a05af0e541 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gravity-file-ajax-upload-free-aae4ca7abb59e5c604f97c05e398cdb3.yaml @@ -0,0 +1,58 @@ +id: gravity-file-ajax-upload-free-aae4ca7abb59e5c604f97c05e398cdb3 + +info: + name: > + Gravity Upload Ajax <= 1.1 - Unrestricted File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38bcb908-1e6e-44be-9cf5-72dcfa4c4a4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gravity-file-ajax-upload-free/" + google-query: inurl:"/wp-content/plugins/gravity-file-ajax-upload-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gravity-file-ajax-upload-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gravity-file-ajax-upload-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gravity-file-ajax-upload-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gravity-forms-dps-pxpay-c5c10bf83837ad294aabcbed9d694122.yaml b/nuclei-templates/cve-less/plugins/gravity-forms-dps-pxpay-c5c10bf83837ad294aabcbed9d694122.yaml new file mode 100644 index 0000000000..4f6e4b635b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gravity-forms-dps-pxpay-c5c10bf83837ad294aabcbed9d694122.yaml @@ -0,0 +1,58 @@ +id: gravity-forms-dps-pxpay-c5c10bf83837ad294aabcbed9d694122 + +info: + name: > + GF Windcave Free <= 1.4.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d33df4e4-6ac7-499a-9d43-d19e287f7689?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gravity-forms-dps-pxpay/" + google-query: inurl:"/wp-content/plugins/gravity-forms-dps-pxpay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gravity-forms-dps-pxpay,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gravity-forms-dps-pxpay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gravity-forms-dps-pxpay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gravity-forms-sms-notifications-167d9672411be44feb72a5175fd0987c.yaml b/nuclei-templates/cve-less/plugins/gravity-forms-sms-notifications-167d9672411be44feb72a5175fd0987c.yaml new file mode 100644 index 0000000000..eee11de393 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gravity-forms-sms-notifications-167d9672411be44feb72a5175fd0987c.yaml @@ -0,0 +1,58 @@ +id: gravity-forms-sms-notifications-167d9672411be44feb72a5175fd0987c + +info: + name: > + Clockwork SMS Plugins - Multiple Versions - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f35a20-ffcf-4413-b1ea-748cd6aa6f20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gravity-forms-sms-notifications/" + google-query: inurl:"/wp-content/plugins/gravity-forms-sms-notifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gravity-forms-sms-notifications,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gravity-forms-sms-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gravity-forms-sms-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gravityforms-5d1eddaacfc678e52758e23e8e3a8842.yaml b/nuclei-templates/cve-less/plugins/gravityforms-5d1eddaacfc678e52758e23e8e3a8842.yaml new file mode 100644 index 0000000000..d1b44685f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gravityforms-5d1eddaacfc678e52758e23e8e3a8842.yaml @@ -0,0 +1,58 @@ +id: gravityforms-5d1eddaacfc678e52758e23e8e3a8842 + +info: + name: > + Gravity Forms <= 2.7.3 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc1e5fb7-92d0-4e7f-9b1b-15673e3b852a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gravityforms/" + google-query: inurl:"/wp-content/plugins/gravityforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gravityforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gravityforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gravityforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gravityforms-6b968b7d554babf27aefcb5df3e3773f.yaml b/nuclei-templates/cve-less/plugins/gravityforms-6b968b7d554babf27aefcb5df3e3773f.yaml new file mode 100644 index 0000000000..f86f283426 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gravityforms-6b968b7d554babf27aefcb5df3e3773f.yaml @@ -0,0 +1,58 @@ +id: gravityforms-6b968b7d554babf27aefcb5df3e3773f + +info: + name: > + Gravityforms <= 2.4.8 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce047db1-b701-4903-9244-68b3ecaad78f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gravityforms/" + google-query: inurl:"/wp-content/plugins/gravityforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gravityforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gravityforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gravityforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gravityforms-7ce94184875be6701700a5e620312558.yaml b/nuclei-templates/cve-less/plugins/gravityforms-7ce94184875be6701700a5e620312558.yaml new file mode 100644 index 0000000000..f0512f03fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gravityforms-7ce94184875be6701700a5e620312558.yaml @@ -0,0 +1,58 @@ +id: gravityforms-7ce94184875be6701700a5e620312558 + +info: + name: > + Gravityforms <= 1.9.3.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0395b775-a89d-45f5-ac38-d5786f4b4d1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gravityforms/" + google-query: inurl:"/wp-content/plugins/gravityforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gravityforms,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gravityforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gravityforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gravityforms-975bf041109307c2b0234ccae26e4bc6.yaml b/nuclei-templates/cve-less/plugins/gravityforms-975bf041109307c2b0234ccae26e4bc6.yaml new file mode 100644 index 0000000000..cb203c45ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gravityforms-975bf041109307c2b0234ccae26e4bc6.yaml @@ -0,0 +1,58 @@ +id: gravityforms-975bf041109307c2b0234ccae26e4bc6 + +info: + name: > + Gravity Forms <= 2.7.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/234df0e5-d1be-4354-8bfc-761bed1e9aa9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gravityforms/" + google-query: inurl:"/wp-content/plugins/gravityforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gravityforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gravityforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gravityforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/great-quotes-a9ade0513aa1dccbdad4ffd99dcceb42.yaml b/nuclei-templates/cve-less/plugins/great-quotes-a9ade0513aa1dccbdad4ffd99dcceb42.yaml new file mode 100644 index 0000000000..30c8d0b1ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/great-quotes-a9ade0513aa1dccbdad4ffd99dcceb42.yaml @@ -0,0 +1,58 @@ +id: great-quotes-a9ade0513aa1dccbdad4ffd99dcceb42 + +info: + name: > + Great Quotes <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67b5d20b-4032-4d41-8ab7-6063b7e47827?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/great-quotes/" + google-query: inurl:"/wp-content/plugins/great-quotes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,great-quotes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/great-quotes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "great-quotes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/greeklish-permalink-c5e8439f52a72fc808844ece6ad38bdd.yaml b/nuclei-templates/cve-less/plugins/greeklish-permalink-c5e8439f52a72fc808844ece6ad38bdd.yaml new file mode 100644 index 0000000000..e7b2fe0348 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/greeklish-permalink-c5e8439f52a72fc808844ece6ad38bdd.yaml @@ -0,0 +1,58 @@ +id: greeklish-permalink-c5e8439f52a72fc808844ece6ad38bdd + +info: + name: > + Greeklish-permalink <= 3.3 - Missing Authorization via cyrtrans_ajax_old AJAX action + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3be0e82c-f9a8-42a5-9abb-24cc60e03944?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/greeklish-permalink/" + google-query: inurl:"/wp-content/plugins/greeklish-permalink/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,greeklish-permalink,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/greeklish-permalink/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greeklish-permalink" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-01c7f6a7ff2da57d8e46e6c08e382c32.yaml b/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-01c7f6a7ff2da57d8e46e6c08e382c32.yaml new file mode 100644 index 0000000000..5f2ce22352 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-01c7f6a7ff2da57d8e46e6c08e382c32.yaml @@ -0,0 +1,58 @@ +id: greenshift-animation-and-page-builder-blocks-01c7f6a7ff2da57d8e46e6c08e382c32 + +info: + name: > + Greenshift – animation and page builder blocks <= 4.9.9 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/826b5dac-4a54-44c7-979b-8901bb468777?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/greenshift-animation-and-page-builder-blocks/" + google-query: inurl:"/wp-content/plugins/greenshift-animation-and-page-builder-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/greenshift-animation-and-page-builder-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greenshift-animation-and-page-builder-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-601f7b212435b0908f5157de31e9c323.yaml b/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-601f7b212435b0908f5157de31e9c323.yaml new file mode 100644 index 0000000000..0bb2745f22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-601f7b212435b0908f5157de31e9c323.yaml @@ -0,0 +1,58 @@ +id: greenshift-animation-and-page-builder-blocks-601f7b212435b0908f5157de31e9c323 + +info: + name: > + Greenshift – animation and page builder blocks <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3498ebe-5e13-4ced-b92d-4908b8775996?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/greenshift-animation-and-page-builder-blocks/" + google-query: inurl:"/wp-content/plugins/greenshift-animation-and-page-builder-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/greenshift-animation-and-page-builder-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greenshift-animation-and-page-builder-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-c16c01b270f8ba46731b798dbc4b70f0.yaml b/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-c16c01b270f8ba46731b798dbc4b70f0.yaml new file mode 100644 index 0000000000..54d5b98715 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-c16c01b270f8ba46731b798dbc4b70f0.yaml @@ -0,0 +1,58 @@ +id: greenshift-animation-and-page-builder-blocks-c16c01b270f8ba46731b798dbc4b70f0 + +info: + name: > + Greenshift – animation and page builder blocks <= 7.6.2 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/821462d6-970e-4e3e-b91d-e7153296ba9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/greenshift-animation-and-page-builder-blocks/" + google-query: inurl:"/wp-content/plugins/greenshift-animation-and-page-builder-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/greenshift-animation-and-page-builder-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greenshift-animation-and-page-builder-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-f9a2a8b78b336f59f7555c63172782ec.yaml b/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-f9a2a8b78b336f59f7555c63172782ec.yaml new file mode 100644 index 0000000000..342965b2f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/greenshift-animation-and-page-builder-blocks-f9a2a8b78b336f59f7555c63172782ec.yaml @@ -0,0 +1,58 @@ +id: greenshift-animation-and-page-builder-blocks-f9a2a8b78b336f59f7555c63172782ec + +info: + name: > + Greenshift – animation and page builder blocks <= 4.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abbdf198-b6f3-41dd-ada1-b14fc9946142?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/greenshift-animation-and-page-builder-blocks/" + google-query: inurl:"/wp-content/plugins/greenshift-animation-and-page-builder-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,greenshift-animation-and-page-builder-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/greenshift-animation-and-page-builder-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greenshift-animation-and-page-builder-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/greenwallet-gateway-e92bd2c686e39336f450414601e8c047.yaml b/nuclei-templates/cve-less/plugins/greenwallet-gateway-e92bd2c686e39336f450414601e8c047.yaml new file mode 100644 index 0000000000..8e4f072ea7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/greenwallet-gateway-e92bd2c686e39336f450414601e8c047.yaml @@ -0,0 +1,58 @@ +id: greenwallet-gateway-e92bd2c686e39336f450414601e8c047 + +info: + name: > + WooCommerce Green Wallet Gateway <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5a99c97-19a4-41ab-a24f-3cc8f4be7073?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/greenwallet-gateway/" + google-query: inurl:"/wp-content/plugins/greenwallet-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,greenwallet-gateway,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/greenwallet-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greenwallet-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gregs-high-performance-seo-1fdcfa12049d782d5c0a8a4b15f2b5b5.yaml b/nuclei-templates/cve-less/plugins/gregs-high-performance-seo-1fdcfa12049d782d5c0a8a4b15f2b5b5.yaml new file mode 100644 index 0000000000..55e25a9ad6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gregs-high-performance-seo-1fdcfa12049d782d5c0a8a4b15f2b5b5.yaml @@ -0,0 +1,58 @@ +id: gregs-high-performance-seo-1fdcfa12049d782d5c0a8a4b15f2b5b5 + +info: + name: > + Greg's High Performance SEO <= 1.6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b6250d0-8f5e-4283-8d16-0b2f467e1224?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gregs-high-performance-seo/" + google-query: inurl:"/wp-content/plugins/gregs-high-performance-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gregs-high-performance-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gregs-high-performance-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gregs-high-performance-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/greyd_suite-5b0eec3be7323ada5d1daeb52ff32549.yaml b/nuclei-templates/cve-less/plugins/greyd_suite-5b0eec3be7323ada5d1daeb52ff32549.yaml new file mode 100644 index 0000000000..1436078861 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/greyd_suite-5b0eec3be7323ada5d1daeb52ff32549.yaml @@ -0,0 +1,58 @@ +id: greyd_suite-5b0eec3be7323ada5d1daeb52ff32549 + +info: + name: > + GREYD.SUITE <= 1.2.6 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a353133d-0b36-40cc-a4f8-d5083e6e67df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/greyd_suite/" + google-query: inurl:"/wp-content/plugins/greyd_suite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,greyd_suite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/greyd_suite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greyd_suite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/grid-kit-premium-ff22f0867ae120b77caf3636e99d73c8.yaml b/nuclei-templates/cve-less/plugins/grid-kit-premium-ff22f0867ae120b77caf3636e99d73c8.yaml new file mode 100644 index 0000000000..7e01c5e0b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/grid-kit-premium-ff22f0867ae120b77caf3636e99d73c8.yaml @@ -0,0 +1,58 @@ +id: grid-kit-premium-ff22f0867ae120b77caf3636e99d73c8 + +info: + name: > + Grid Kit Premium < 2.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3029c6-3a0f-4c83-8faf-f74d03852278?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/grid-kit-premium/" + google-query: inurl:"/wp-content/plugins/grid-kit-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,grid-kit-premium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/grid-kit-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "grid-kit-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/grid-plus-12eb7534db6d3a6b596836d9096b1dfc.yaml b/nuclei-templates/cve-less/plugins/grid-plus-12eb7534db6d3a6b596836d9096b1dfc.yaml new file mode 100644 index 0000000000..8bcb740eb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/grid-plus-12eb7534db6d3a6b596836d9096b1dfc.yaml @@ -0,0 +1,58 @@ +id: grid-plus-12eb7534db6d3a6b596836d9096b1dfc + +info: + name: > + Grid Plus <= 1.3.3 - Authenticated (Subscriber+) Local File Inclusion via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6407792-2c76-4149-a9f9-d53002135bec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/grid-plus/" + google-query: inurl:"/wp-content/plugins/grid-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,grid-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/grid-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "grid-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/grid-plus-a7efe3d7340eefdf74e75d3be0901882.yaml b/nuclei-templates/cve-less/plugins/grid-plus-a7efe3d7340eefdf74e75d3be0901882.yaml new file mode 100644 index 0000000000..c6814d1ab5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/grid-plus-a7efe3d7340eefdf74e75d3be0901882.yaml @@ -0,0 +1,58 @@ +id: grid-plus-a7efe3d7340eefdf74e75d3be0901882 + +info: + name: > + Grid Plus <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Grid Layout Add/Update/Delete + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2d34c84-473c-49f8-b55c-c869b5479974?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/grid-plus/" + google-query: inurl:"/wp-content/plugins/grid-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,grid-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/grid-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "grid-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/grid-plus-ae14a34996c3d427efe7873c20688c21.yaml b/nuclei-templates/cve-less/plugins/grid-plus-ae14a34996c3d427efe7873c20688c21.yaml new file mode 100644 index 0000000000..ba3e886b99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/grid-plus-ae14a34996c3d427efe7873c20688c21.yaml @@ -0,0 +1,58 @@ +id: grid-plus-ae14a34996c3d427efe7873c20688c21 + +info: + name: > + Grid Plus <= 1.3.4 - Reflected Cross-Site Scripting via grid_id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b213baa-8508-4eb2-ac09-d320e2b4276c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/grid-plus/" + google-query: inurl:"/wp-content/plugins/grid-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,grid-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/grid-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "grid-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/grid-shortcodes-0ddb5ade9834993cf7b74808814bcc80.yaml b/nuclei-templates/cve-less/plugins/grid-shortcodes-0ddb5ade9834993cf7b74808814bcc80.yaml new file mode 100644 index 0000000000..3ea7003ef2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/grid-shortcodes-0ddb5ade9834993cf7b74808814bcc80.yaml @@ -0,0 +1,58 @@ +id: grid-shortcodes-0ddb5ade9834993cf7b74808814bcc80 + +info: + name: > + Grid Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/722956ec-d2f5-42ad-bb95-776ad620d788?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/grid-shortcodes/" + google-query: inurl:"/wp-content/plugins/grid-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,grid-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/grid-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "grid-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gridlist-view-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/gridlist-view-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..2453e768a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gridlist-view-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: gridlist-view-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gridlist-view-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/gridlist-view-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gridlist-view-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gridlist-view-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gridlist-view-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/groundhogg-01e6da1e967018241a8f36efe6fd50ba.yaml b/nuclei-templates/cve-less/plugins/groundhogg-01e6da1e967018241a8f36efe6fd50ba.yaml new file mode 100644 index 0000000000..f61ba7bc46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/groundhogg-01e6da1e967018241a8f36efe6fd50ba.yaml @@ -0,0 +1,58 @@ +id: groundhogg-01e6da1e967018241a8f36efe6fd50ba + +info: + name: > + WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg < 1.3.5 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/344b2f80-ea86-4bf0-8ee4-4b5c7b94c34b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,groundhogg,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/groundhogg-1d9266ecaa07d410393e4d47b4c9954f.yaml b/nuclei-templates/cve-less/plugins/groundhogg-1d9266ecaa07d410393e4d47b4c9954f.yaml new file mode 100644 index 0000000000..f963b25edc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/groundhogg-1d9266ecaa07d410393e4d47b4c9954f.yaml @@ -0,0 +1,58 @@ +id: groundhogg-1d9266ecaa07d410393e4d47b4c9954f + +info: + name: > + Groundhogg <= 2.7.11 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4f2554d-c047-4be2-a4e6-2ae51f077376?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,groundhogg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/groundhogg-5c29a3cc888c2b8f4800d87269906f2c.yaml b/nuclei-templates/cve-less/plugins/groundhogg-5c29a3cc888c2b8f4800d87269906f2c.yaml new file mode 100644 index 0000000000..7dc9f52e91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/groundhogg-5c29a3cc888c2b8f4800d87269906f2c.yaml @@ -0,0 +1,58 @@ +id: groundhogg-5c29a3cc888c2b8f4800d87269906f2c + +info: + name: > + Groundhogg <= 2.7.9.3 - Authenticated (Administrator)+ SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76c468cb-8ad6-4b62-8de5-dc8efd4b8e61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,groundhogg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/groundhogg-653bfe16d9c86908e0bcfff0b6dd1c6e.yaml b/nuclei-templates/cve-less/plugins/groundhogg-653bfe16d9c86908e0bcfff0b6dd1c6e.yaml new file mode 100644 index 0000000000..694db3cc29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/groundhogg-653bfe16d9c86908e0bcfff0b6dd1c6e.yaml @@ -0,0 +1,58 @@ +id: groundhogg-653bfe16d9c86908e0bcfff0b6dd1c6e + +info: + name: > + Groundhogg <= 2.7.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22506d45-40db-47c4-91b2-ab4f49703bf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,groundhogg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/groundhogg-6f02fa76246cc8d01472e29b6032ad8f.yaml b/nuclei-templates/cve-less/plugins/groundhogg-6f02fa76246cc8d01472e29b6032ad8f.yaml new file mode 100644 index 0000000000..5d5989e179 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/groundhogg-6f02fa76246cc8d01472e29b6032ad8f.yaml @@ -0,0 +1,58 @@ +id: groundhogg-6f02fa76246cc8d01472e29b6032ad8f + +info: + name: > + Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24747507-8f24-499e-a257-d379dc171e18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,groundhogg,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/groundhogg-7690dbacbae8cf712fa24f47448d84aa.yaml b/nuclei-templates/cve-less/plugins/groundhogg-7690dbacbae8cf712fa24f47448d84aa.yaml new file mode 100644 index 0000000000..ef87c2893e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/groundhogg-7690dbacbae8cf712fa24f47448d84aa.yaml @@ -0,0 +1,58 @@ +id: groundhogg-7690dbacbae8cf712fa24f47448d84aa + +info: + name: > + Groundhogg <= 2.7.9.8 - Missing Authorization to Update License + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29700844-b41d-4f10-90a7-06c8574d8d2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,groundhogg,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/groundhogg-9bca420841e37204239e9083274e18ac.yaml b/nuclei-templates/cve-less/plugins/groundhogg-9bca420841e37204239e9083274e18ac.yaml new file mode 100644 index 0000000000..8443a97486 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/groundhogg-9bca420841e37204239e9083274e18ac.yaml @@ -0,0 +1,58 @@ +id: groundhogg-9bca420841e37204239e9083274e18ac + +info: + name: > + Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af73240c-b711-4e91-9998-5f7e6a9a4fb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,groundhogg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/groundhogg-a69ac85c2f382d8b82f7f44fd083ec69.yaml b/nuclei-templates/cve-less/plugins/groundhogg-a69ac85c2f382d8b82f7f44fd083ec69.yaml new file mode 100644 index 0000000000..fcd63677e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/groundhogg-a69ac85c2f382d8b82f7f44fd083ec69.yaml @@ -0,0 +1,58 @@ +id: groundhogg-a69ac85c2f382d8b82f7f44fd083ec69 + +info: + name: > + Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf472f1-5980-48ee-aa10-aad19b6f2456?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,groundhogg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/groundhogg-b86dfb6f9dd8aa205cbc3842be669c7a.yaml b/nuclei-templates/cve-less/plugins/groundhogg-b86dfb6f9dd8aa205cbc3842be669c7a.yaml new file mode 100644 index 0000000000..6bc2b53d09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/groundhogg-b86dfb6f9dd8aa205cbc3842be669c7a.yaml @@ -0,0 +1,58 @@ +id: groundhogg-b86dfb6f9dd8aa205cbc3842be669c7a + +info: + name: > + Groundhogg <= 2.7.11.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via Task Data + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edafc213-a95f-483e-ac5f-d5b56817d046?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,groundhogg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.11.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/groundhogg-ea3614c57e168b5cbba1a64665aa3e41.yaml b/nuclei-templates/cve-less/plugins/groundhogg-ea3614c57e168b5cbba1a64665aa3e41.yaml new file mode 100644 index 0000000000..4d609e2b66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/groundhogg-ea3614c57e168b5cbba1a64665aa3e41.yaml @@ -0,0 +1,58 @@ +id: groundhogg-ea3614c57e168b5cbba1a64665aa3e41 + +info: + name: > + Groundhogg <= 2.7.9.8 - Missing Authorization to Non-Arbitrary File Upload + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c5bde0e-3138-4995-92ae-6deaf6b7be5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,groundhogg,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/groundhogg-f995ec2617f1d8e01a76eb96ebc10f06.yaml b/nuclei-templates/cve-less/plugins/groundhogg-f995ec2617f1d8e01a76eb96ebc10f06.yaml new file mode 100644 index 0000000000..e9a70491ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/groundhogg-f995ec2617f1d8e01a76eb96ebc10f06.yaml @@ -0,0 +1,58 @@ +id: groundhogg-f995ec2617f1d8e01a76eb96ebc10f06 + +info: + name: > + Groundhogg <= 2.7.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4938206e-2ea4-47ed-a307-87cf67dd74a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/groundhogg/" + google-query: inurl:"/wp-content/plugins/groundhogg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,groundhogg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/groundhogg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "groundhogg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-books-showcase-2dfa9da72134b3fee9c376ecca6fe446.yaml b/nuclei-templates/cve-less/plugins/gs-books-showcase-2dfa9da72134b3fee9c376ecca6fe446.yaml new file mode 100644 index 0000000000..688e6da683 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-books-showcase-2dfa9da72134b3fee9c376ecca6fe446.yaml @@ -0,0 +1,58 @@ +id: gs-books-showcase-2dfa9da72134b3fee9c376ecca6fe446 + +info: + name: > + GS Books Showcase <= 1.3.0 - Authenticator (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26a9bcc5-4057-4cd5-afde-68a2d467c5a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-books-showcase/" + google-query: inurl:"/wp-content/plugins/gs-books-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-books-showcase,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-books-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-books-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-envato-portfolio-6238c45309a73e1d06001135fffb48d2.yaml b/nuclei-templates/cve-less/plugins/gs-envato-portfolio-6238c45309a73e1d06001135fffb48d2.yaml new file mode 100644 index 0000000000..6854d8750c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-envato-portfolio-6238c45309a73e1d06001135fffb48d2.yaml @@ -0,0 +1,58 @@ +id: gs-envato-portfolio-6238c45309a73e1d06001135fffb48d2 + +info: + name: > + GS Portfolio for Envato <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6816cb4-0fad-417a-a980-d35a734bce13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-envato-portfolio/" + google-query: inurl:"/wp-content/plugins/gs-envato-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-envato-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-envato-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-envato-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-facebook-comments-51018cf0109648dade76eaf03756855f.yaml b/nuclei-templates/cve-less/plugins/gs-facebook-comments-51018cf0109648dade76eaf03756855f.yaml new file mode 100644 index 0000000000..d0a09d5797 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-facebook-comments-51018cf0109648dade76eaf03756855f.yaml @@ -0,0 +1,58 @@ +id: gs-facebook-comments-51018cf0109648dade76eaf03756855f + +info: + name: > + WP Social Comments <= 1.7.3 - Missing Authorization via wpfc_allow_comments() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba2ff1ab-f981-417d-b400-13750c9320ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-facebook-comments/" + google-query: inurl:"/wp-content/plugins/gs-facebook-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-facebook-comments,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-facebook-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-facebook-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-instagram-portfolio-bb81738a1483724d89303a6a2b8b759f.yaml b/nuclei-templates/cve-less/plugins/gs-instagram-portfolio-bb81738a1483724d89303a6a2b8b759f.yaml new file mode 100644 index 0000000000..6f0a8c1300 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-instagram-portfolio-bb81738a1483724d89303a6a2b8b759f.yaml @@ -0,0 +1,58 @@ +id: gs-instagram-portfolio-bb81738a1483724d89303a6a2b8b759f + +info: + name: > + GS Insever Portfolio <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7770ab04-eb40-450e-ab8a-2a8e5d13d4a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-instagram-portfolio/" + google-query: inurl:"/wp-content/plugins/gs-instagram-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-instagram-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-instagram-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-instagram-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-instagram-portfolio-e4d780c0204ebc51d13bc9ff3d0c837f.yaml b/nuclei-templates/cve-less/plugins/gs-instagram-portfolio-e4d780c0204ebc51d13bc9ff3d0c837f.yaml new file mode 100644 index 0000000000..d97fdbed29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-instagram-portfolio-e4d780c0204ebc51d13bc9ff3d0c837f.yaml @@ -0,0 +1,58 @@ +id: gs-instagram-portfolio-e4d780c0204ebc51d13bc9ff3d0c837f + +info: + name: > + GS Insever Portfolio <= 1.4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15c8addc-e40b-4ad2-9e7b-c721d10164d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-instagram-portfolio/" + google-query: inurl:"/wp-content/plugins/gs-instagram-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-instagram-portfolio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-instagram-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-instagram-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-logo-slider-3a1240a24a2dd47c008d450b098689b3.yaml b/nuclei-templates/cve-less/plugins/gs-logo-slider-3a1240a24a2dd47c008d450b098689b3.yaml new file mode 100644 index 0000000000..e679542f04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-logo-slider-3a1240a24a2dd47c008d450b098689b3.yaml @@ -0,0 +1,58 @@ +id: gs-logo-slider-3a1240a24a2dd47c008d450b098689b3 + +info: + name: > + GS Logo Slider <= 3.5.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c89a8001-ab50-466c-aa51-62c0ff5f86dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-logo-slider/" + google-query: inurl:"/wp-content/plugins/gs-logo-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-logo-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-logo-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-logo-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-logo-slider-ee05a64bbaf03a516917796674375367.yaml b/nuclei-templates/cve-less/plugins/gs-logo-slider-ee05a64bbaf03a516917796674375367.yaml new file mode 100644 index 0000000000..7fe50571fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-logo-slider-ee05a64bbaf03a516917796674375367.yaml @@ -0,0 +1,58 @@ +id: gs-logo-slider-ee05a64bbaf03a516917796674375367 + +info: + name: > + GS Logo Slider – Ticker, Grid, List, Table & Filter Views <= 3.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d4f018c-483b-4435-a8b1-f18e5f843507?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-logo-slider/" + google-query: inurl:"/wp-content/plugins/gs-logo-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-logo-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-logo-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-logo-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-565c3a27c2a7060808c53a2711e80a32.yaml b/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-565c3a27c2a7060808c53a2711e80a32.yaml new file mode 100644 index 0000000000..8926b60304 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-565c3a27c2a7060808c53a2711e80a32.yaml @@ -0,0 +1,58 @@ +id: gs-pinterest-portfolio-565c3a27c2a7060808c53a2711e80a32 + +info: + name: > + GS Pins for Pinterest <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shorcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5fbca66-403e-41bc-8f80-3fb56d4b9c66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-pinterest-portfolio/" + google-query: inurl:"/wp-content/plugins/gs-pinterest-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-pinterest-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-pinterest-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-pinterest-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..454ee2cbe3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-pinterest-portfolio-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: gs-pinterest-portfolio-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-pinterest-portfolio/" + google-query: inurl:"/wp-content/plugins/gs-pinterest-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-pinterest-portfolio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-pinterest-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-pinterest-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-portfolio-876486fa06bffb3829a9c77f08f98e1b.yaml b/nuclei-templates/cve-less/plugins/gs-portfolio-876486fa06bffb3829a9c77f08f98e1b.yaml new file mode 100644 index 0000000000..ab560a5736 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-portfolio-876486fa06bffb3829a9c77f08f98e1b.yaml @@ -0,0 +1,58 @@ +id: gs-portfolio-876486fa06bffb3829a9c77f08f98e1b + +info: + name: > + GS Filterable Portfolio <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f531489b-a87d-41e7-a988-8b29840047ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-portfolio/" + google-query: inurl:"/wp-content/plugins/gs-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-testimonial-7cf1733a0fcabc72e1599e5c6fa6e184.yaml b/nuclei-templates/cve-less/plugins/gs-testimonial-7cf1733a0fcabc72e1599e5c6fa6e184.yaml new file mode 100644 index 0000000000..e9702bd02c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-testimonial-7cf1733a0fcabc72e1599e5c6fa6e184.yaml @@ -0,0 +1,58 @@ +id: gs-testimonial-7cf1733a0fcabc72e1599e5c6fa6e184 + +info: + name: > + GS Testimonial Slider <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/266507cf-f458-47f8-b18a-81860e6cce3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-testimonial/" + google-query: inurl:"/wp-content/plugins/gs-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-testimonial,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-testimonial-95b4227a0d3d41c249f2bf8ed2c425e5.yaml b/nuclei-templates/cve-less/plugins/gs-testimonial-95b4227a0d3d41c249f2bf8ed2c425e5.yaml new file mode 100644 index 0000000000..85ce68a9dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-testimonial-95b4227a0d3d41c249f2bf8ed2c425e5.yaml @@ -0,0 +1,58 @@ +id: gs-testimonial-95b4227a0d3d41c249f2bf8ed2c425e5 + +info: + name: > + GS Testimonial Slider <= 1.9.6 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/805d70d8-084b-4849-bf3e-c9cc7ec02bc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-testimonial/" + google-query: inurl:"/wp-content/plugins/gs-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-testimonial,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-testimonial-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/gs-testimonial-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..367961a6e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-testimonial-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: gs-testimonial-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-testimonial/" + google-query: inurl:"/wp-content/plugins/gs-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-testimonial,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-testimonial-d8076a607a4a2cad3434e6393a4159d1.yaml b/nuclei-templates/cve-less/plugins/gs-testimonial-d8076a607a4a2cad3434e6393a4159d1.yaml new file mode 100644 index 0000000000..d59eb75bc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-testimonial-d8076a607a4a2cad3434e6393a4159d1.yaml @@ -0,0 +1,58 @@ +id: gs-testimonial-d8076a607a4a2cad3434e6393a4159d1 + +info: + name: > + GS Testimonial Slider <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5402c009-f3c0-4286-9162-6e60322c5544?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-testimonial/" + google-query: inurl:"/wp-content/plugins/gs-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-testimonial,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gs-woocommerce-products-slider-1735d30fe988ff978861d4dbdb0c640e.yaml b/nuclei-templates/cve-less/plugins/gs-woocommerce-products-slider-1735d30fe988ff978861d4dbdb0c640e.yaml new file mode 100644 index 0000000000..49e27f29b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gs-woocommerce-products-slider-1735d30fe988ff978861d4dbdb0c640e.yaml @@ -0,0 +1,58 @@ +id: gs-woocommerce-products-slider-1735d30fe988ff978861d4dbdb0c640e + +info: + name: > + GS Products Slider for WooCommerce <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff129569-223d-4d38-9f3a-eb2596214d3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gs-woocommerce-products-slider/" + google-query: inurl:"/wp-content/plugins/gs-woocommerce-products-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gs-woocommerce-products-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gs-woocommerce-products-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gs-woocommerce-products-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gseor-3c35d6ca8d97eaaa9d359ed4e523fe3c.yaml b/nuclei-templates/cve-less/plugins/gseor-3c35d6ca8d97eaaa9d359ed4e523fe3c.yaml new file mode 100644 index 0000000000..6120174f92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gseor-3c35d6ca8d97eaaa9d359ed4e523fe3c.yaml @@ -0,0 +1,58 @@ +id: gseor-3c35d6ca8d97eaaa9d359ed4e523fe3c + +info: + name: > + GSEOR – WordPress SEO Plugin <= 1.3 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d534a1e-280d-418d-b497-1f3e6f3a20fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gseor/" + google-query: inurl:"/wp-content/plugins/gseor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gseor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gseor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gseor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gsheetconnector-caldera-forms-48accc4aa9cbb4e6e06e0f437230bfc4.yaml b/nuclei-templates/cve-less/plugins/gsheetconnector-caldera-forms-48accc4aa9cbb4e6e06e0f437230bfc4.yaml new file mode 100644 index 0000000000..97bdf7f005 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gsheetconnector-caldera-forms-48accc4aa9cbb4e6e06e0f437230bfc4.yaml @@ -0,0 +1,58 @@ +id: gsheetconnector-caldera-forms-48accc4aa9cbb4e6e06e0f437230bfc4 + +info: + name: > + Caldera Forms Google Sheets Connector <= 1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5ec03e9-06bb-4677-b480-4ebdb33acd08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gsheetconnector-caldera-forms/" + google-query: inurl:"/wp-content/plugins/gsheetconnector-caldera-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gsheetconnector-caldera-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gsheetconnector-caldera-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gsheetconnector-caldera-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gsheetconnector-for-elementor-forms-5bdb93ed09679c782c93a7aa96190eff.yaml b/nuclei-templates/cve-less/plugins/gsheetconnector-for-elementor-forms-5bdb93ed09679c782c93a7aa96190eff.yaml new file mode 100644 index 0000000000..574b691908 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gsheetconnector-for-elementor-forms-5bdb93ed09679c782c93a7aa96190eff.yaml @@ -0,0 +1,58 @@ +id: gsheetconnector-for-elementor-forms-5bdb93ed09679c782c93a7aa96190eff + +info: + name: > + Elementor Forms Google Sheet Connector <= 1.0.6 - Reflected Cross-Site Scripting via 'code' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ac577f4-2e61-4b72-881e-6fbbfd268f7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gsheetconnector-for-elementor-forms/" + google-query: inurl:"/wp-content/plugins/gsheetconnector-for-elementor-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gsheetconnector-for-elementor-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gsheetconnector-for-elementor-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gsheetconnector-for-elementor-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gsheetconnector-for-elementor-forms-pro-5bdb93ed09679c782c93a7aa96190eff.yaml b/nuclei-templates/cve-less/plugins/gsheetconnector-for-elementor-forms-pro-5bdb93ed09679c782c93a7aa96190eff.yaml new file mode 100644 index 0000000000..cfb5982e2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gsheetconnector-for-elementor-forms-pro-5bdb93ed09679c782c93a7aa96190eff.yaml @@ -0,0 +1,58 @@ +id: gsheetconnector-for-elementor-forms-pro-5bdb93ed09679c782c93a7aa96190eff + +info: + name: > + Elementor Forms Google Sheet Connector <= 1.0.6 - Reflected Cross-Site Scripting via 'code' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ac577f4-2e61-4b72-881e-6fbbfd268f7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gsheetconnector-for-elementor-forms-pro/" + google-query: inurl:"/wp-content/plugins/gsheetconnector-for-elementor-forms-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gsheetconnector-for-elementor-forms-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gsheetconnector-for-elementor-forms-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gsheetconnector-for-elementor-forms-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gsheetconnector-gravity-forms-d84c432825dde022913bf769b768726f.yaml b/nuclei-templates/cve-less/plugins/gsheetconnector-gravity-forms-d84c432825dde022913bf769b768726f.yaml new file mode 100644 index 0000000000..66b598e71d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gsheetconnector-gravity-forms-d84c432825dde022913bf769b768726f.yaml @@ -0,0 +1,58 @@ +id: gsheetconnector-gravity-forms-d84c432825dde022913bf769b768726f + +info: + name: > + Gravity Forms Google Sheet Connector <= 1.3.4 - Cross-Site Request Forgery via verify_code_integation_new + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dea1e775-68b4-45e6-9d90-41e39d5d0dfd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gsheetconnector-gravity-forms/" + google-query: inurl:"/wp-content/plugins/gsheetconnector-gravity-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gsheetconnector-gravity-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gsheetconnector-gravity-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gsheetconnector-gravity-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gsheetconnector-ninja-forms-faac6d1ff1697000b9b14ca585be6ab0.yaml b/nuclei-templates/cve-less/plugins/gsheetconnector-ninja-forms-faac6d1ff1697000b9b14ca585be6ab0.yaml new file mode 100644 index 0000000000..804ec59315 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gsheetconnector-ninja-forms-faac6d1ff1697000b9b14ca585be6ab0.yaml @@ -0,0 +1,58 @@ +id: gsheetconnector-ninja-forms-faac6d1ff1697000b9b14ca585be6ab0 + +info: + name: > + Ninja Forms Google Sheet Connector <= 1.2.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/559a92e0-609e-415f-aab3-649a185eb431?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gsheetconnector-ninja-forms/" + google-query: inurl:"/wp-content/plugins/gsheetconnector-ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gsheetconnector-ninja-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gsheetconnector-ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gsheetconnector-ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gsheetconnector-ninja-forms-pro-faac6d1ff1697000b9b14ca585be6ab0.yaml b/nuclei-templates/cve-less/plugins/gsheetconnector-ninja-forms-pro-faac6d1ff1697000b9b14ca585be6ab0.yaml new file mode 100644 index 0000000000..d4fd431165 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gsheetconnector-ninja-forms-pro-faac6d1ff1697000b9b14ca585be6ab0.yaml @@ -0,0 +1,58 @@ +id: gsheetconnector-ninja-forms-pro-faac6d1ff1697000b9b14ca585be6ab0 + +info: + name: > + Ninja Forms Google Sheet Connector <= 1.2.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/559a92e0-609e-415f-aab3-649a185eb431?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gsheetconnector-ninja-forms-pro/" + google-query: inurl:"/wp-content/plugins/gsheetconnector-ninja-forms-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gsheetconnector-ninja-forms-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gsheetconnector-ninja-forms-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gsheetconnector-ninja-forms-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gsheetconnector-wpforms-2c53b255c00d529e8b580e9b919c837b.yaml b/nuclei-templates/cve-less/plugins/gsheetconnector-wpforms-2c53b255c00d529e8b580e9b919c837b.yaml new file mode 100644 index 0000000000..305b9f76b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gsheetconnector-wpforms-2c53b255c00d529e8b580e9b919c837b.yaml @@ -0,0 +1,58 @@ +id: gsheetconnector-wpforms-2c53b255c00d529e8b580e9b919c837b + +info: + name: > + WPForms Google Sheet Connector <= 3.4.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75067f95-48b6-4c1d-8d8b-2601185b1f81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gsheetconnector-wpforms/" + google-query: inurl:"/wp-content/plugins/gsheetconnector-wpforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gsheetconnector-wpforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gsheetconnector-wpforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gsheetconnector-wpforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gsheetconnector-wpforms-pro-2c53b255c00d529e8b580e9b919c837b.yaml b/nuclei-templates/cve-less/plugins/gsheetconnector-wpforms-pro-2c53b255c00d529e8b580e9b919c837b.yaml new file mode 100644 index 0000000000..09bc517fd5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gsheetconnector-wpforms-pro-2c53b255c00d529e8b580e9b919c837b.yaml @@ -0,0 +1,58 @@ +id: gsheetconnector-wpforms-pro-2c53b255c00d529e8b580e9b919c837b + +info: + name: > + WPForms Google Sheet Connector <= 3.4.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75067f95-48b6-4c1d-8d8b-2601185b1f81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gsheetconnector-wpforms-pro/" + google-query: inurl:"/wp-content/plugins/gsheetconnector-wpforms-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gsheetconnector-wpforms-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gsheetconnector-wpforms-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gsheetconnector-wpforms-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gslideshow-216bc7429720f3a1737645ac0bc074a0.yaml b/nuclei-templates/cve-less/plugins/gslideshow-216bc7429720f3a1737645ac0bc074a0.yaml new file mode 100644 index 0000000000..8f3477366c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gslideshow-216bc7429720f3a1737645ac0bc074a0.yaml @@ -0,0 +1,58 @@ +id: gslideshow-216bc7429720f3a1737645ac0bc074a0 + +info: + name: > + gSlideShow <= 0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be0e0e79-00c3-4237-ac65-9c5df625dd89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gslideshow/" + google-query: inurl:"/wp-content/plugins/gslideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gslideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gslideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gslideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gt3-photo-video-gallery-931f5de56d92dfa4c2d39579eb08aff8.yaml b/nuclei-templates/cve-less/plugins/gt3-photo-video-gallery-931f5de56d92dfa4c2d39579eb08aff8.yaml new file mode 100644 index 0000000000..9cb6d45cef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gt3-photo-video-gallery-931f5de56d92dfa4c2d39579eb08aff8.yaml @@ -0,0 +1,58 @@ +id: gt3-photo-video-gallery-931f5de56d92dfa4c2d39579eb08aff8 + +info: + name: > + Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery <= 2.7.7.21 - Authenticated (Author+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06ef1f0c-fdcc-4aaf-9e48-19b5be52351d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gt3-photo-video-gallery/" + google-query: inurl:"/wp-content/plugins/gt3-photo-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gt3-photo-video-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gt3-photo-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gt3-photo-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.7.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gtmetrix-for-wordpress-118d3bbf1129a6179234e3b857cad279.yaml b/nuclei-templates/cve-less/plugins/gtmetrix-for-wordpress-118d3bbf1129a6179234e3b857cad279.yaml new file mode 100644 index 0000000000..4c73a13a82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gtmetrix-for-wordpress-118d3bbf1129a6179234e3b857cad279.yaml @@ -0,0 +1,58 @@ +id: gtmetrix-for-wordpress-118d3bbf1129a6179234e3b857cad279 + +info: + name: > + GTmetrix for WordPress <= 0.4.5 - Reflected Cross-Site Scripting via 'url' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcdf22be-8af4-4596-b138-67ebfd04c06d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gtmetrix-for-wordpress/" + google-query: inurl:"/wp-content/plugins/gtmetrix-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gtmetrix-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gtmetrix-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gtmetrix-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gtmetrix-for-wordpress-241dd4c3f2d34cca641cc14b2238e0fd.yaml b/nuclei-templates/cve-less/plugins/gtmetrix-for-wordpress-241dd4c3f2d34cca641cc14b2238e0fd.yaml new file mode 100644 index 0000000000..1fc58bb729 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gtmetrix-for-wordpress-241dd4c3f2d34cca641cc14b2238e0fd.yaml @@ -0,0 +1,58 @@ +id: gtmetrix-for-wordpress-241dd4c3f2d34cca641cc14b2238e0fd + +info: + name: > + GTmetrix for WordPress <= 0.4.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9958d7d7-ddeb-42f4-a5bd-6dd55ec9b6e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gtmetrix-for-wordpress/" + google-query: inurl:"/wp-content/plugins/gtmetrix-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gtmetrix-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gtmetrix-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gtmetrix-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gtmetrix-for-wordpress-8d4923c8fc18392ea1fb56e01269ce95.yaml b/nuclei-templates/cve-less/plugins/gtmetrix-for-wordpress-8d4923c8fc18392ea1fb56e01269ce95.yaml new file mode 100644 index 0000000000..4169087cb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gtmetrix-for-wordpress-8d4923c8fc18392ea1fb56e01269ce95.yaml @@ -0,0 +1,58 @@ +id: gtmetrix-for-wordpress-8d4923c8fc18392ea1fb56e01269ce95 + +info: + name: > + GTmetrix for WordPress <= 0.4.6 - Reflected Cross-Site Scripting via 'report_id' and 'event_id' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abe50539-f6a9-476a-a408-4f94f7f31fcc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gtmetrix-for-wordpress/" + google-query: inurl:"/wp-content/plugins/gtmetrix-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gtmetrix-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gtmetrix-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gtmetrix-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gtranslate-530119b641fe83b81bd9470a37532801.yaml b/nuclei-templates/cve-less/plugins/gtranslate-530119b641fe83b81bd9470a37532801.yaml new file mode 100644 index 0000000000..a69af53776 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gtranslate-530119b641fe83b81bd9470a37532801.yaml @@ -0,0 +1,58 @@ +id: gtranslate-530119b641fe83b81bd9470a37532801 + +info: + name: > + Translate WordPress with GTranslate <= 2.9.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69f54737-4b0f-49ba-a331-1b252a5e45cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gtranslate/" + google-query: inurl:"/wp-content/plugins/gtranslate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gtranslate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gtranslate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gtranslate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gtranslate-5ebef968ecfba23771708b1d7c8b6112.yaml b/nuclei-templates/cve-less/plugins/gtranslate-5ebef968ecfba23771708b1d7c8b6112.yaml new file mode 100644 index 0000000000..0347026e8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gtranslate-5ebef968ecfba23771708b1d7c8b6112.yaml @@ -0,0 +1,58 @@ +id: gtranslate-5ebef968ecfba23771708b1d7c8b6112 + +info: + name: > + GTranslate <= 3.0.3 - Authenticated (Administrator+) Cross-Site Scripting via Multiple Parameters + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e24be91-6a58-42c3-84dd-4090da55b720?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gtranslate/" + google-query: inurl:"/wp-content/plugins/gtranslate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gtranslate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gtranslate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gtranslate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gtranslate-d02f0d7121f40075980c3a177c578c3f.yaml b/nuclei-templates/cve-less/plugins/gtranslate-d02f0d7121f40075980c3a177c578c3f.yaml new file mode 100644 index 0000000000..0c15445a8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gtranslate-d02f0d7121f40075980c3a177c578c3f.yaml @@ -0,0 +1,58 @@ +id: gtranslate-d02f0d7121f40075980c3a177c578c3f + +info: + name: > + Translate WordPress with GTranslate <= 2.9.8 & Translate WordPress – Google Language Translator <= 6.0.13 - Missing Authorization to Sensitive Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff21e539-8ba0-4edd-a90c-27a4cd1cdbc7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gtranslate/" + google-query: inurl:"/wp-content/plugins/gtranslate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gtranslate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gtranslate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gtranslate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gtranslate-e193e03e756910d1d1e9b9cc6d320432.yaml b/nuclei-templates/cve-less/plugins/gtranslate-e193e03e756910d1d1e9b9cc6d320432.yaml new file mode 100644 index 0000000000..b47d1782a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gtranslate-e193e03e756910d1d1e9b9cc6d320432.yaml @@ -0,0 +1,58 @@ +id: gtranslate-e193e03e756910d1d1e9b9cc6d320432 + +info: + name: > + GTranslate Pro and GTranslate Enterprise <= 2.8.64 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6ae7c9f-852d-428f-a469-6bfeead53db5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gtranslate/" + google-query: inurl:"/wp-content/plugins/gtranslate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gtranslate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gtranslate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gtranslate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.65') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gtranslate-e57cb75d56b89999570d9a342a44a60a.yaml b/nuclei-templates/cve-less/plugins/gtranslate-e57cb75d56b89999570d9a342a44a60a.yaml new file mode 100644 index 0000000000..5a1239b0f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gtranslate-e57cb75d56b89999570d9a342a44a60a.yaml @@ -0,0 +1,58 @@ +id: gtranslate-e57cb75d56b89999570d9a342a44a60a + +info: + name: > + GTranslate <= 2.8.51 - Reflected Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe086290-f3d3-4d28-bb5c-11fbbb1364b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gtranslate/" + google-query: inurl:"/wp-content/plugins/gtranslate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gtranslate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gtranslate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gtranslate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/guardgiant-ca496e63542b74a88b0b8dd7fd0ebb0c.yaml b/nuclei-templates/cve-less/plugins/guardgiant-ca496e63542b74a88b0b8dd7fd0ebb0c.yaml new file mode 100644 index 0000000000..4a29fef8d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/guardgiant-ca496e63542b74a88b0b8dd7fd0ebb0c.yaml @@ -0,0 +1,58 @@ +id: guardgiant-ca496e63542b74a88b0b8dd7fd0ebb0c + +info: + name: > + WordPress Brute Force Protection – Stop Brute Force Attacks <= 2.2.5 - Authenticated (Administrator+) SQL Injection via orderby + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d3f7676-5ab0-4fe0-a0be-786f4cf84056?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/guardgiant/" + google-query: inurl:"/wp-content/plugins/guardgiant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,guardgiant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/guardgiant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "guardgiant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/guest-author-bcd6b988167c1612bb5048004783e4f5.yaml b/nuclei-templates/cve-less/plugins/guest-author-bcd6b988167c1612bb5048004783e4f5.yaml new file mode 100644 index 0000000000..0ab2b30939 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/guest-author-bcd6b988167c1612bb5048004783e4f5.yaml @@ -0,0 +1,58 @@ +id: guest-author-bcd6b988167c1612bb5048004783e4f5 + +info: + name: > + Guest Author <= 2.3 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78fd9dcf-228e-46ec-b34f-2cb0c87cc895?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/guest-author/" + google-query: inurl:"/wp-content/plugins/guest-author/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,guest-author,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/guest-author/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "guest-author" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/guest-author-name-982e9cfa43c440d5e945696eaf09286b.yaml b/nuclei-templates/cve-less/plugins/guest-author-name-982e9cfa43c440d5e945696eaf09286b.yaml new file mode 100644 index 0000000000..56a5f9c00b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/guest-author-name-982e9cfa43c440d5e945696eaf09286b.yaml @@ -0,0 +1,58 @@ +id: guest-author-name-982e9cfa43c440d5e945696eaf09286b + +info: + name: > + (Simply) Guest Author Name <= 4.34 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/guest-author-name/" + google-query: inurl:"/wp-content/plugins/guest-author-name/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,guest-author-name,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/guest-author-name/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "guest-author-name" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gum-elementor-addon-dd93174b0504049ccc03e08eec846159.yaml b/nuclei-templates/cve-less/plugins/gum-elementor-addon-dd93174b0504049ccc03e08eec846159.yaml new file mode 100644 index 0000000000..9a28935e87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gum-elementor-addon-dd93174b0504049ccc03e08eec846159.yaml @@ -0,0 +1,58 @@ +id: gum-elementor-addon-dd93174b0504049ccc03e08eec846159 + +info: + name: > + Gum Elementor Addon <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ade1eddf-cfcc-4956-8015-8d9a592cc252?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gum-elementor-addon/" + google-query: inurl:"/wp-content/plugins/gum-elementor-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gum-elementor-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gum-elementor-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gum-elementor-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gumroad-f295e8a8427ef02d3b3be1982f4ae5fa.yaml b/nuclei-templates/cve-less/plugins/gumroad-f295e8a8427ef02d3b3be1982f4ae5fa.yaml new file mode 100644 index 0000000000..ecd7107d4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gumroad-f295e8a8427ef02d3b3be1982f4ae5fa.yaml @@ -0,0 +1,58 @@ +id: gumroad-f295e8a8427ef02d3b3be1982f4ae5fa + +info: + name: > + Gumroad <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd2abab4-f93c-454d-928d-128a490da0e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gumroad/" + google-query: inurl:"/wp-content/plugins/gumroad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gumroad,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gumroad/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gumroad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/guruwalk-affiliates-a6e719c0412296476082fdb1b971690e.yaml b/nuclei-templates/cve-less/plugins/guruwalk-affiliates-a6e719c0412296476082fdb1b971690e.yaml new file mode 100644 index 0000000000..3125b57777 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/guruwalk-affiliates-a6e719c0412296476082fdb1b971690e.yaml @@ -0,0 +1,58 @@ +id: guruwalk-affiliates-a6e719c0412296476082fdb1b971690e + +info: + name: > + GuruWalk Affiliates <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b2714f7-9877-4d3d-a692-70fbf8584728?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/guruwalk-affiliates/" + google-query: inurl:"/wp-content/plugins/guruwalk-affiliates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,guruwalk-affiliates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/guruwalk-affiliates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "guruwalk-affiliates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gutenberg-8629a041445673190f74e67cf1a4f264.yaml b/nuclei-templates/cve-less/plugins/gutenberg-8629a041445673190f74e67cf1a4f264.yaml new file mode 100644 index 0000000000..857f22a1d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gutenberg-8629a041445673190f74e67cf1a4f264.yaml @@ -0,0 +1,58 @@ +id: gutenberg-8629a041445673190f74e67cf1a4f264 + +info: + name: > + WordPress Core 5.9-6.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Navigation Attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66b1f597-f357-4525-8c67-e0be3a07bcfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gutenberg/" + google-query: inurl:"/wp-content/plugins/gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 16.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gutenslider-6a7d0f10989c55df0c2d186c1333c6d5.yaml b/nuclei-templates/cve-less/plugins/gutenslider-6a7d0f10989c55df0c2d186c1333c6d5.yaml new file mode 100644 index 0000000000..981fad3e5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gutenslider-6a7d0f10989c55df0c2d186c1333c6d5.yaml @@ -0,0 +1,58 @@ +id: gutenslider-6a7d0f10989c55df0c2d186c1333c6d5 + +info: + name: > + WordPress Slider Block Gutenslider <= 5.1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/095cc3dc-7a3e-473f-a762-de327c7ef28b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gutenslider/" + google-query: inurl:"/wp-content/plugins/gutenslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gutenslider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gutenslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gutenslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gutenverse-c512399e58b223011a17608d4b51ac26.yaml b/nuclei-templates/cve-less/plugins/gutenverse-c512399e58b223011a17608d4b51ac26.yaml new file mode 100644 index 0000000000..ea4bffc848 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gutenverse-c512399e58b223011a17608d4b51ac26.yaml @@ -0,0 +1,58 @@ +id: gutenverse-c512399e58b223011a17608d4b51ac26 + +info: + name: > + Gutenverse <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8056af63-e81f-4321-991e-d201ad1095c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gutenverse/" + google-query: inurl:"/wp-content/plugins/gutenverse/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gutenverse,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gutenverse/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gutenverse" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gutenverse-f66a440cd899e10b9d3c84e8064d84c8.yaml b/nuclei-templates/cve-less/plugins/gutenverse-f66a440cd899e10b9d3c84e8064d84c8.yaml new file mode 100644 index 0000000000..cb0b74fa98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gutenverse-f66a440cd899e10b9d3c84e8064d84c8.yaml @@ -0,0 +1,58 @@ +id: gutenverse-f66a440cd899e10b9d3c84e8064d84c8 + +info: + name: > + Gutenverse <= 1.8.5 - Missing Authorization via 'data/update' API Endpoint + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c4e1d2c-bb20-40b7-90a3-96df68d083b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gutenverse/" + google-query: inurl:"/wp-content/plugins/gutenverse/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gutenverse,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gutenverse/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gutenverse" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gwolle-gb-02c38e87fc6391ec0ea333f550f5e898.yaml b/nuclei-templates/cve-less/plugins/gwolle-gb-02c38e87fc6391ec0ea333f550f5e898.yaml new file mode 100644 index 0000000000..ca378e61d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gwolle-gb-02c38e87fc6391ec0ea333f550f5e898.yaml @@ -0,0 +1,58 @@ +id: gwolle-gb-02c38e87fc6391ec0ea333f550f5e898 + +info: + name: > + Gwolle Guestbook <= 1.5.3 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e32a2644-df8a-4aea-8e70-49ab3075be9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gwolle-gb/" + google-query: inurl:"/wp-content/plugins/gwolle-gb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gwolle-gb,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gwolle-gb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gwolle-gb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gwolle-gb-8d7e82e4dc7d56e63bcdb6a68358e1ba.yaml b/nuclei-templates/cve-less/plugins/gwolle-gb-8d7e82e4dc7d56e63bcdb6a68358e1ba.yaml new file mode 100644 index 0000000000..4eb95273ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gwolle-gb-8d7e82e4dc7d56e63bcdb6a68358e1ba.yaml @@ -0,0 +1,58 @@ +id: gwolle-gb-8d7e82e4dc7d56e63bcdb6a68358e1ba + +info: + name: > + Gwolle Guestbook <= 4.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ceaf5f81-1adf-4512-b610-d1d183876762?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gwolle-gb/" + google-query: inurl:"/wp-content/plugins/gwolle-gb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gwolle-gb,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gwolle-gb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gwolle-gb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gwolle-gb-d1ded0c2f1b1f7a73c6770c120be62b6.yaml b/nuclei-templates/cve-less/plugins/gwolle-gb-d1ded0c2f1b1f7a73c6770c120be62b6.yaml new file mode 100644 index 0000000000..1f7682d5c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gwolle-gb-d1ded0c2f1b1f7a73c6770c120be62b6.yaml @@ -0,0 +1,58 @@ +id: gwolle-gb-d1ded0c2f1b1f7a73c6770c120be62b6 + +info: + name: > + Gwolle Guestbook <= 2.5.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4747f6c-d083-4f7e-a9ef-3dd9c8f6047b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gwolle-gb/" + google-query: inurl:"/wp-content/plugins/gwolle-gb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gwolle-gb,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gwolle-gb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gwolle-gb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gwp-histats-e3f2fb4bebde6fbab715925584422191.yaml b/nuclei-templates/cve-less/plugins/gwp-histats-e3f2fb4bebde6fbab715925584422191.yaml new file mode 100644 index 0000000000..bc7f8c624c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gwp-histats-e3f2fb4bebde6fbab715925584422191.yaml @@ -0,0 +1,58 @@ +id: gwp-histats-e3f2fb4bebde6fbab715925584422191 + +info: + name: > + GWP-Histats <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb5e6ff6-e70c-4b46-80fc-498becca6158?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gwp-histats/" + google-query: inurl:"/wp-content/plugins/gwp-histats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gwp-histats,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gwp-histats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gwp-histats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gwyns-imagemap-selector-a56db0fded06de81c5e370419ecf70d7.yaml b/nuclei-templates/cve-less/plugins/gwyns-imagemap-selector-a56db0fded06de81c5e370419ecf70d7.yaml new file mode 100644 index 0000000000..d09bbd3044 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gwyns-imagemap-selector-a56db0fded06de81c5e370419ecf70d7.yaml @@ -0,0 +1,58 @@ +id: gwyns-imagemap-selector-a56db0fded06de81c5e370419ecf70d7 + +info: + name: > + Gwyn's Imagemap Selector <= 0.3.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a2740bc-5d4a-4449-b28a-5bf84b03c878?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gwyns-imagemap-selector/" + google-query: inurl:"/wp-content/plugins/gwyns-imagemap-selector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gwyns-imagemap-selector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gwyns-imagemap-selector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gwyns-imagemap-selector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/gym-management-398be83e4279f1a443c4d3cb2c5b8198.yaml b/nuclei-templates/cve-less/plugins/gym-management-398be83e4279f1a443c4d3cb2c5b8198.yaml new file mode 100644 index 0000000000..3bfbe255ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/gym-management-398be83e4279f1a443c4d3cb2c5b8198.yaml @@ -0,0 +1,58 @@ +id: gym-management-398be83e4279f1a443c4d3cb2c5b8198 + +info: + name: > + WPGYM - Wordpress Gym Management System (Unknown Version) - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fef6c603-2beb-44df-8895-10ad0a9ef644?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/gym-management/" + google-query: inurl:"/wp-content/plugins/gym-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,gym-management,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/gym-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gym-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/h5p-css-editor-5203ae90ef6af25fe25fc40bdffc879a.yaml b/nuclei-templates/cve-less/plugins/h5p-css-editor-5203ae90ef6af25fe25fc40bdffc879a.yaml new file mode 100644 index 0000000000..dbf7f63d2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/h5p-css-editor-5203ae90ef6af25fe25fc40bdffc879a.yaml @@ -0,0 +1,58 @@ +id: h5p-css-editor-5203ae90ef6af25fe25fc40bdffc879a + +info: + name: > + H5P CSS Editor <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35b013c1-1574-4d5b-a3cb-e400ef7f2d32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/h5p-css-editor/" + google-query: inurl:"/wp-content/plugins/h5p-css-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,h5p-css-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/h5p-css-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "h5p-css-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hal-06dfe81bc3a355cd7801ee39e75e5076.yaml b/nuclei-templates/cve-less/plugins/hal-06dfe81bc3a355cd7801ee39e75e5076.yaml new file mode 100644 index 0000000000..5555c2db0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hal-06dfe81bc3a355cd7801ee39e75e5076.yaml @@ -0,0 +1,58 @@ +id: hal-06dfe81bc3a355cd7801ee39e75e5076 + +info: + name: > + HAL <= 2.1.1 Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e72e35de-caeb-4ecb-8d13-72fd2df4dd69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hal/" + google-query: inurl:"/wp-content/plugins/hal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hana-flv-player-dc95c582cdcd23384ad1f3f9c0a3bd57.yaml b/nuclei-templates/cve-less/plugins/hana-flv-player-dc95c582cdcd23384ad1f3f9c0a3bd57.yaml new file mode 100644 index 0000000000..c61b1b9a87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hana-flv-player-dc95c582cdcd23384ad1f3f9c0a3bd57.yaml @@ -0,0 +1,58 @@ +id: hana-flv-player-dc95c582cdcd23384ad1f3f9c0a3bd57 + +info: + name: > + Hana Flv Player <= 3.1.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/435e1af0-c4f4-42ae-b2b3-2d9ffc41c4b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hana-flv-player/" + google-query: inurl:"/wp-content/plugins/hana-flv-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hana-flv-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hana-flv-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hana-flv-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/handl-utm-grabber-8f10a7f44536cd7d542d4c451e6c6b46.yaml b/nuclei-templates/cve-less/plugins/handl-utm-grabber-8f10a7f44536cd7d542d4c451e6c6b46.yaml new file mode 100644 index 0000000000..b26db27197 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/handl-utm-grabber-8f10a7f44536cd7d542d4c451e6c6b46.yaml @@ -0,0 +1,58 @@ +id: handl-utm-grabber-8f10a7f44536cd7d542d4c451e6c6b46 + +info: + name: > + HandL UTM Grabber / Tracker <= 2.6.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/283c2b7b-b231-4a23-96be-776115676443?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/handl-utm-grabber/" + google-query: inurl:"/wp-content/plugins/handl-utm-grabber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,handl-utm-grabber,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/handl-utm-grabber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "handl-utm-grabber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/handsome-testimonials-87c27569f8277885aabdf5403aebae34.yaml b/nuclei-templates/cve-less/plugins/handsome-testimonials-87c27569f8277885aabdf5403aebae34.yaml new file mode 100644 index 0000000000..46435e5a3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/handsome-testimonials-87c27569f8277885aabdf5403aebae34.yaml @@ -0,0 +1,58 @@ +id: handsome-testimonials-87c27569f8277885aabdf5403aebae34 + +info: + name: > + Handsome Testimonials & Reviews < 2.1.1 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d151c9a1-d47e-4155-8539-133f6abd57a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/handsome-testimonials/" + google-query: inurl:"/wp-content/plugins/handsome-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,handsome-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/handsome-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "handsome-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-11da24271f65d3b23d168c3013c450d2.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-11da24271f65d3b23d168c3013c450d2.yaml new file mode 100644 index 0000000000..4e0472e28b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-11da24271f65d3b23d168c3013c450d2.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-11da24271f65d3b23d168c3013c450d2 + +info: + name: > + Happy Addons for Elementor <= 3.8.2 - Cross-Site Request Forgery via handle_optin_optout() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27439d44-f2ff-4c20-965f-25d12c83781c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-14492d14fdb2635abb58842e5c9c262d.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-14492d14fdb2635abb58842e5c9c262d.yaml new file mode 100644 index 0000000000..b791ff267e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-14492d14fdb2635abb58842e5c9c262d.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-14492d14fdb2635abb58842e5c9c262d + +info: + name: > + Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Meta Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b61eb8b7-0d89-47ef-831c-1772d01e2c85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-3ed56e73a3a43b54020334fdf48e4e7f.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-3ed56e73a3a43b54020334fdf48e4e7f.yaml new file mode 100644 index 0000000000..3cf39d7b98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-3ed56e73a3a43b54020334fdf48e4e7f.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-3ed56e73a3a43b54020334fdf48e4e7f + +info: + name: > + Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title HTML Tag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73e4ec2f-f4e1-469d-a4b7-5a10d44b7a2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-40e8b36488a6eac28e891fecfb75c2fd.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-40e8b36488a6eac28e891fecfb75c2fd.yaml new file mode 100644 index 0000000000..96a830424f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-40e8b36488a6eac28e891fecfb75c2fd.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-40e8b36488a6eac28e891fecfb75c2fd + +info: + name: > + Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title HTML Tag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea3daad1-74a1-44be-b7ed-b58b806da614?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-47a1a7c3503abffa7dc09bb7e0a3a05e.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-47a1a7c3503abffa7dc09bb7e0a3a05e.yaml new file mode 100644 index 0000000000..e69483ec1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-47a1a7c3503abffa7dc09bb7e0a3a05e.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-47a1a7c3503abffa7dc09bb7e0a3a05e + +info: + name: > + Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendy + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb93853b-a6e0-42d1-8b10-b391984603f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-554f77c669d0419c047d6805cc30482d.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-554f77c669d0419c047d6805cc30482d.yaml new file mode 100644 index 0000000000..d10b819655 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-554f77c669d0419c047d6805cc30482d.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-554f77c669d0419c047d6805cc30482d + +info: + name: > + Happy Addons for Elementor <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Calendly Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22e4eb2a-2c2b-4f4f-821e-8d2d7e558364?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-5f5be8778a8041dd72149d1e03212c77.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-5f5be8778a8041dd72149d1e03212c77.yaml new file mode 100644 index 0000000000..b3f52b161c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-5f5be8778a8041dd72149d1e03212c77.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-5f5be8778a8041dd72149d1e03212c77 + +info: + name: > + Happy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06ef69f0-34d3-4389-8a81-a4d9922f1468?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-6eaf90f575a0c36147979bc3388c8a32.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-6eaf90f575a0c36147979bc3388c8a32.yaml new file mode 100644 index 0000000000..87696f2cf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-6eaf90f575a0c36147979bc3388c8a32.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-6eaf90f575a0c36147979bc3388c8a32 + +info: + name: > + Happy Addons for Elementor <= 3.9.1.1 - Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64ae36a3-d102-4d51-b685-395283155101?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-70c45809c8b9b14259a0bbce1a7bc3da.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-70c45809c8b9b14259a0bbce1a7bc3da.yaml new file mode 100644 index 0000000000..5798a1d985 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-70c45809c8b9b14259a0bbce1a7bc3da.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-70c45809c8b9b14259a0bbce1a7bc3da + +info: + name: > + Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Photo Stack Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f43e1eed-09f8-44b3-b6fa-d0344f331dd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-72139ddfa4b65d7bc5dd06dc24f01748.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-72139ddfa4b65d7bc5dd06dc24f01748.yaml new file mode 100644 index 0000000000..137ae61c63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-72139ddfa4b65d7bc5dd06dc24f01748.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-72139ddfa4b65d7bc5dd06dc24f01748 + +info: + name: > + Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ade7f391-3824-4d0b-8718-f7995170a43d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-81f2915fd63b284fd9e4c66899667dd0.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-81f2915fd63b284fd9e4c66899667dd0.yaml new file mode 100644 index 0000000000..4b71886419 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-81f2915fd63b284fd9e4c66899667dd0.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-81f2915fd63b284fd9e4c66899667dd0 + +info: + name: > + Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aff10d5a-a2d0-461a-b52b-a25b647eaab4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-857593f7e35e0afc65d726bb57f2b738.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-857593f7e35e0afc65d726bb57f2b738.yaml new file mode 100644 index 0000000000..21e76d540f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-857593f7e35e0afc65d726bb57f2b738.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-857593f7e35e0afc65d726bb57f2b738 + +info: + name: > + Happy Addons for Elementor <= 3.10.1 - Missing Authorization via add_row_actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b25df18-dd9a-4b24-8187-283d5f3f334e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-a01bc9677b84a6e36d4cf67ad2a5dc30.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-a01bc9677b84a6e36d4cf67ad2a5dc30.yaml new file mode 100644 index 0000000000..ad0d20fc4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-a01bc9677b84a6e36d4cf67ad2a5dc30.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-a01bc9677b84a6e36d4cf67ad2a5dc30 + +info: + name: > + Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/267641fe-7490-4b8f-bb39-9531eefa2c30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-ab2437d4d93bac74a9eb7aad2f952033.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-ab2437d4d93bac74a9eb7aad2f952033.yaml new file mode 100644 index 0000000000..7ae73bf4dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-ab2437d4d93bac74a9eb7aad2f952033.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-ab2437d4d93bac74a9eb7aad2f952033 + +info: + name: > + Happy Addons for Elementor <= 3.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Stack Group, Photo Stack, & Horizontal Timeline + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/826483d7-948d-46c4-890c-71001b03847c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..c08bd6d2fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-bc1bf66d22152db23406f67a4e5cfee9.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-bc1bf66d22152db23406f67a4e5cfee9.yaml new file mode 100644 index 0000000000..cc75f4d065 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-bc1bf66d22152db23406f67a4e5cfee9.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-bc1bf66d22152db23406f67a4e5cfee9 + +info: + name: > + Happy Addons for Elementor <= 2.23.0 & Pro Version < 1.17.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8ec4c5e-fb24-4b74-9ed8-0a9060625aba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.24.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-dbb7ef50cd218fd39017d67c755de559.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-dbb7ef50cd218fd39017d67c755de559.yaml new file mode 100644 index 0000000000..a7d1ff1a57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-dbb7ef50cd218fd39017d67c755de559.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-dbb7ef50cd218fd39017d67c755de559 + +info: + name: > + Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-e18fa2425147eac664779a4e7540108b.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-e18fa2425147eac664779a4e7540108b.yaml new file mode 100644 index 0000000000..3ab6d6c282 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-e18fa2425147eac664779a4e7540108b.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-e18fa2425147eac664779a4e7540108b + +info: + name: > + Happy Addons for Elementor <= 3.10.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via title_tag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4688c1ee-335c-4adb-bd68-894ff34d001d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-e3b2d19a0133da498045d08d6862f535.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-e3b2d19a0133da498045d08d6862f535.yaml new file mode 100644 index 0000000000..6f519fe3d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-e3b2d19a0133da498045d08d6862f535.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-e3b2d19a0133da498045d08d6862f535 + +info: + name: > + Happy Addons for Elementor <= 3.10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Archive Title Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08208cb1-2d57-49f9-8ac7-b59caa0cf5fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-pro-5f5be8778a8041dd72149d1e03212c77.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-pro-5f5be8778a8041dd72149d1e03212c77.yaml new file mode 100644 index 0000000000..2949fd9ebd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-pro-5f5be8778a8041dd72149d1e03212c77.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-pro-5f5be8778a8041dd72149d1e03212c77 + +info: + name: > + Happy Addons for Elementor <= 3.9.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06ef69f0-34d3-4389-8a81-a4d9922f1468?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons-pro/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-pro-61c39bef79293723f6fa3478b1529af9.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-pro-61c39bef79293723f6fa3478b1529af9.yaml new file mode 100644 index 0000000000..42c4de3a7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-pro-61c39bef79293723f6fa3478b1529af9.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-pro-61c39bef79293723f6fa3478b1529af9 + +info: + name: > + Happy Elementor Addons Pro <= 2.8.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d536d3a8-9ac5-4ea9-8c65-16ad8b3a7106?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons-pro/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happy-elementor-addons-pro-bc1bf66d22152db23406f67a4e5cfee9.yaml b/nuclei-templates/cve-less/plugins/happy-elementor-addons-pro-bc1bf66d22152db23406f67a4e5cfee9.yaml new file mode 100644 index 0000000000..349339b456 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happy-elementor-addons-pro-bc1bf66d22152db23406f67a4e5cfee9.yaml @@ -0,0 +1,58 @@ +id: happy-elementor-addons-pro-bc1bf66d22152db23406f67a4e5cfee9 + +info: + name: > + Happy Addons for Elementor <= 2.23.0 & Pro Version < 1.17.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8ec4c5e-fb24-4b74-9ed8-0a9060625aba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happy-elementor-addons-pro/" + google-query: inurl:"/wp-content/plugins/happy-elementor-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happy-elementor-addons-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happy-elementor-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happy-elementor-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happyfiles-pro-9a4a86b73d09899b1f2fa163f3660f75.yaml b/nuclei-templates/cve-less/plugins/happyfiles-pro-9a4a86b73d09899b1f2fa163f3660f75.yaml new file mode 100644 index 0000000000..bf69d3198f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happyfiles-pro-9a4a86b73d09899b1f2fa163f3660f75.yaml @@ -0,0 +1,58 @@ +id: happyfiles-pro-9a4a86b73d09899b1f2fa163f3660f75 + +info: + name: > + HappyFiles Pro <= 1.8.1 - Missing Authorization to Arbitrary File Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bfabeb4-c57d-412a-b27b-a6387d30081f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happyfiles-pro/" + google-query: inurl:"/wp-content/plugins/happyfiles-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happyfiles-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happyfiles-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happyfiles-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happyfiles-pro-c93f15f45e4694eec856b57673b454f8.yaml b/nuclei-templates/cve-less/plugins/happyfiles-pro-c93f15f45e4694eec856b57673b454f8.yaml new file mode 100644 index 0000000000..531fca6b6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happyfiles-pro-c93f15f45e4694eec856b57673b454f8.yaml @@ -0,0 +1,58 @@ +id: happyfiles-pro-c93f15f45e4694eec856b57673b454f8 + +info: + name: > + HappyFiles Pro <= 1.8.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d293f35a-a42f-441f-b521-da0ba9887c45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happyfiles-pro/" + google-query: inurl:"/wp-content/plugins/happyfiles-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happyfiles-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happyfiles-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happyfiles-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happyforms-2707a3752ae7690ac46fe8896eb6632b.yaml b/nuclei-templates/cve-less/plugins/happyforms-2707a3752ae7690ac46fe8896eb6632b.yaml new file mode 100644 index 0000000000..be6b42c173 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happyforms-2707a3752ae7690ac46fe8896eb6632b.yaml @@ -0,0 +1,58 @@ +id: happyforms-2707a3752ae7690ac46fe8896eb6632b + +info: + name: > + Happyforms <= 1.25.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff986a66-93f7-4926-8818-7af745c0166c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happyforms/" + google-query: inurl:"/wp-content/plugins/happyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happyforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.25.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happyforms-7145c40ff1e0db4687c083ce378fc607.yaml b/nuclei-templates/cve-less/plugins/happyforms-7145c40ff1e0db4687c083ce378fc607.yaml new file mode 100644 index 0000000000..50bd406477 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happyforms-7145c40ff1e0db4687c083ce378fc607.yaml @@ -0,0 +1,58 @@ +id: happyforms-7145c40ff1e0db4687c083ce378fc607 + +info: + name: > + Happyforms <= 1.25.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0578c49e-f820-42dd-bd53-f4a281843e69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happyforms/" + google-query: inurl:"/wp-content/plugins/happyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happyforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.25.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/happyforms-74ccbff13cedef341c14f509a30bb49c.yaml b/nuclei-templates/cve-less/plugins/happyforms-74ccbff13cedef341c14f509a30bb49c.yaml new file mode 100644 index 0000000000..37c5b3f06f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/happyforms-74ccbff13cedef341c14f509a30bb49c.yaml @@ -0,0 +1,58 @@ +id: happyforms-74ccbff13cedef341c14f509a30bb49c + +info: + name: > + Happyforms <= 1.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72f1ffe1-d8af-4aa2-bc58-5f1cd4eaa856?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/happyforms/" + google-query: inurl:"/wp-content/plugins/happyforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,happyforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/happyforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happyforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.21.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hash-elements-70740ef575420bdce3307b7d6efb0e97.yaml b/nuclei-templates/cve-less/plugins/hash-elements-70740ef575420bdce3307b7d6efb0e97.yaml new file mode 100644 index 0000000000..23a873f4ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hash-elements-70740ef575420bdce3307b7d6efb0e97.yaml @@ -0,0 +1,58 @@ +id: hash-elements-70740ef575420bdce3307b7d6efb0e97 + +info: + name: > + Hash Elements <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a849338-8dd9-49d2-ab7c-29d4b729877b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hash-elements/" + google-query: inurl:"/wp-content/plugins/hash-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hash-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hash-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hash-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hashbar-wp-notification-bar-77bff58a02745412cca836e0af8ecf6c.yaml b/nuclei-templates/cve-less/plugins/hashbar-wp-notification-bar-77bff58a02745412cca836e0af8ecf6c.yaml new file mode 100644 index 0000000000..e31a0aaf38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hashbar-wp-notification-bar-77bff58a02745412cca836e0af8ecf6c.yaml @@ -0,0 +1,58 @@ +id: hashbar-wp-notification-bar-77bff58a02745412cca836e0af8ecf6c + +info: + name: > + HashBar – WordPress Notification Bar <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdde4f0d-a4d7-421c-8579-a93941eea712?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hashbar-wp-notification-bar/" + google-query: inurl:"/wp-content/plugins/hashbar-wp-notification-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hashbar-wp-notification-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hashbar-wp-notification-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hashbar-wp-notification-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hashbar-wp-notification-bar-cc04fc647a83c5a0bf41904a11665f19.yaml b/nuclei-templates/cve-less/plugins/hashbar-wp-notification-bar-cc04fc647a83c5a0bf41904a11665f19.yaml new file mode 100644 index 0000000000..230ffbb54c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hashbar-wp-notification-bar-cc04fc647a83c5a0bf41904a11665f19.yaml @@ -0,0 +1,58 @@ +id: hashbar-wp-notification-bar-cc04fc647a83c5a0bf41904a11665f19 + +info: + name: > + HashBar – WordPress Notification Bar <= 1.4.1 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f3e4e53-3a4a-4b9d-845c-927a59e03488?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hashbar-wp-notification-bar/" + google-query: inurl:"/wp-content/plugins/hashbar-wp-notification-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hashbar-wp-notification-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hashbar-wp-notification-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hashbar-wp-notification-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hashthemes-demo-importer-a59d3f4cb23477999357f88e98585933.yaml b/nuclei-templates/cve-less/plugins/hashthemes-demo-importer-a59d3f4cb23477999357f88e98585933.yaml new file mode 100644 index 0000000000..723ef5c560 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hashthemes-demo-importer-a59d3f4cb23477999357f88e98585933.yaml @@ -0,0 +1,58 @@ +id: hashthemes-demo-importer-a59d3f4cb23477999357f88e98585933 + +info: + name: > + HashThemes Demo Importer <= 1.1.1 - Missing Authorization to Database Wipe + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ea2ed8b-b24a-4da2-9ee7-5a3a4a7a4280?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hashthemes-demo-importer/" + google-query: inurl:"/wp-content/plugins/hashthemes-demo-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hashthemes-demo-importer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hashthemes-demo-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hashthemes-demo-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hc-custom-wp-admin-url-560440aa181bea8a67faa79732a41f9b.yaml b/nuclei-templates/cve-less/plugins/hc-custom-wp-admin-url-560440aa181bea8a67faa79732a41f9b.yaml new file mode 100644 index 0000000000..74ac87c56b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hc-custom-wp-admin-url-560440aa181bea8a67faa79732a41f9b.yaml @@ -0,0 +1,58 @@ +id: hc-custom-wp-admin-url-560440aa181bea8a67faa79732a41f9b + +info: + name: > + HC Custom WP-Admin URL <= 1.4 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fa986aa-e899-42e1-9b86-8b205e247cbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hc-custom-wp-admin-url/" + google-query: inurl:"/wp-content/plugins/hc-custom-wp-admin-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hc-custom-wp-admin-url,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hc-custom-wp-admin-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hc-custom-wp-admin-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hc-custom-wp-admin-url-7ac6b90fc34536c09d99f508147f9181.yaml b/nuclei-templates/cve-less/plugins/hc-custom-wp-admin-url-7ac6b90fc34536c09d99f508147f9181.yaml new file mode 100644 index 0000000000..f1d92842a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hc-custom-wp-admin-url-7ac6b90fc34536c09d99f508147f9181.yaml @@ -0,0 +1,58 @@ +id: hc-custom-wp-admin-url-7ac6b90fc34536c09d99f508147f9181 + +info: + name: > + HC Custom WP-Admin URL <= 1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f4ae82c-f249-4094-a0ef-568c3a30d16b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hc-custom-wp-admin-url/" + google-query: inurl:"/wp-content/plugins/hc-custom-wp-admin-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hc-custom-wp-admin-url,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hc-custom-wp-admin-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hc-custom-wp-admin-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hcaptcha-for-forms-and-more-7b33ec746697457281bd9e42aec2f348.yaml b/nuclei-templates/cve-less/plugins/hcaptcha-for-forms-and-more-7b33ec746697457281bd9e42aec2f348.yaml new file mode 100644 index 0000000000..73132b65eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hcaptcha-for-forms-and-more-7b33ec746697457281bd9e42aec2f348.yaml @@ -0,0 +1,58 @@ +id: hcaptcha-for-forms-and-more-7b33ec746697457281bd9e42aec2f348 + +info: + name: > + hCaptcha for WordPress <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ce70e87-6dee-4d4a-b2fc-93fd4d50957d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hcaptcha-for-forms-and-more/" + google-query: inurl:"/wp-content/plugins/hcaptcha-for-forms-and-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hcaptcha-for-forms-and-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hcaptcha-for-forms-and-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hcaptcha-for-forms-and-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hd-quiz-48f754f17606d4479811452c8745b0f0.yaml b/nuclei-templates/cve-less/plugins/hd-quiz-48f754f17606d4479811452c8745b0f0.yaml new file mode 100644 index 0000000000..062c8f4efa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hd-quiz-48f754f17606d4479811452c8745b0f0.yaml @@ -0,0 +1,58 @@ +id: hd-quiz-48f754f17606d4479811452c8745b0f0 + +info: + name: > + HD Quiz <= 1.8.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3abf6bd-bece-470e-93c7-ab9968171a3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hd-quiz/" + google-query: inurl:"/wp-content/plugins/hd-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hd-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hd-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hd-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hd-quiz-eea7979a3adae6620386ae2fd9256411.yaml b/nuclei-templates/cve-less/plugins/hd-quiz-eea7979a3adae6620386ae2fd9256411.yaml new file mode 100644 index 0000000000..0525c5c7c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hd-quiz-eea7979a3adae6620386ae2fd9256411.yaml @@ -0,0 +1,58 @@ +id: hd-quiz-eea7979a3adae6620386ae2fd9256411 + +info: + name: > + HD Quiz <= 1.8.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19d724f3-96fb-4834-aa56-6b8d30f0e34d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hd-quiz/" + google-query: inurl:"/wp-content/plugins/hd-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hd-quiz,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hd-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hd-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hdw-player-video-player-video-gallery-a27af52ed355aaf16d2ba0f06827a926.yaml b/nuclei-templates/cve-less/plugins/hdw-player-video-player-video-gallery-a27af52ed355aaf16d2ba0f06827a926.yaml new file mode 100644 index 0000000000..bb98015ea5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hdw-player-video-player-video-gallery-a27af52ed355aaf16d2ba0f06827a926.yaml @@ -0,0 +1,58 @@ +id: hdw-player-video-player-video-gallery-a27af52ed355aaf16d2ba0f06827a926 + +info: + name: > + HDW Player Plugin (Video Player & Video Gallery) <= 5.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/778aa2be-ffcb-4d28-9efe-c29c8d5391bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hdw-player-video-player-video-gallery/" + google-query: inurl:"/wp-content/plugins/hdw-player-video-player-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hdw-player-video-player-video-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hdw-player-video-player-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hdw-player-video-player-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hdw-player-video-player-video-gallery-e15109a3e2bca91cb9757f33e8ccceb0.yaml b/nuclei-templates/cve-less/plugins/hdw-player-video-player-video-gallery-e15109a3e2bca91cb9757f33e8ccceb0.yaml new file mode 100644 index 0000000000..3ae295ad03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hdw-player-video-player-video-gallery-e15109a3e2bca91cb9757f33e8ccceb0.yaml @@ -0,0 +1,58 @@ +id: hdw-player-video-player-video-gallery-e15109a3e2bca91cb9757f33e8ccceb0 + +info: + name: > + HDW Player Plugin (Video Player & Video Gallery) <= 2.4.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a540897-694a-43d1-bdd8-5aeb07389a51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hdw-player-video-player-video-gallery/" + google-query: inurl:"/wp-content/plugins/hdw-player-video-player-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hdw-player-video-player-video-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hdw-player-video-player-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hdw-player-video-player-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hdw-tube-917d7399f5fb3cc1cf39f6cce7273cc7.yaml b/nuclei-templates/cve-less/plugins/hdw-tube-917d7399f5fb3cc1cf39f6cce7273cc7.yaml new file mode 100644 index 0000000000..735b5ec2db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hdw-tube-917d7399f5fb3cc1cf39f6cce7273cc7.yaml @@ -0,0 +1,58 @@ +id: hdw-tube-917d7399f5fb3cc1cf39f6cce7273cc7 + +info: + name: > + HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting via channel parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c5d214e-65e2-4158-a88f-58bef7c9952b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hdw-tube/" + google-query: inurl:"/wp-content/plugins/hdw-tube/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hdw-tube,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hdw-tube/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hdw-tube" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hdw-tube-a307a0ae505afb842b5a198bc8bff8bf.yaml b/nuclei-templates/cve-less/plugins/hdw-tube-a307a0ae505afb842b5a198bc8bff8bf.yaml new file mode 100644 index 0000000000..d25272a467 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hdw-tube-a307a0ae505afb842b5a198bc8bff8bf.yaml @@ -0,0 +1,58 @@ +id: hdw-tube-a307a0ae505afb842b5a198bc8bff8bf + +info: + name: > + HDW WordPress Video Gallery <= 1.2 - Reflected Cross-Site Scripting via playlist parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2156af57-d98b-4d0a-b7aa-0281c951c82f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hdw-tube/" + google-query: inurl:"/wp-content/plugins/hdw-tube/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hdw-tube,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hdw-tube/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hdw-tube" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/header-enhancement-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/header-enhancement-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..da533c1743 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/header-enhancement-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: header-enhancement-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/header-enhancement/" + google-query: inurl:"/wp-content/plugins/header-enhancement/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,header-enhancement,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/header-enhancement/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "header-enhancement" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/header-footer-code-manager-29a76895e319eccbd61b3bb594faebd4.yaml b/nuclei-templates/cve-less/plugins/header-footer-code-manager-29a76895e319eccbd61b3bb594faebd4.yaml new file mode 100644 index 0000000000..7d7676cff4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/header-footer-code-manager-29a76895e319eccbd61b3bb594faebd4.yaml @@ -0,0 +1,58 @@ +id: header-footer-code-manager-29a76895e319eccbd61b3bb594faebd4 + +info: + name: > + Header Footer Code Manager <= 1.1.34 - Cross-Site Request Forgery via process_bulk_action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60493635-b1b0-4e76-8f73-16c223d7b4d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/header-footer-code-manager/" + google-query: inurl:"/wp-content/plugins/header-footer-code-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,header-footer-code-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/header-footer-code-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "header-footer-code-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/header-footer-code-manager-4e85b966f722637fb8ba38d8dce7367a.yaml b/nuclei-templates/cve-less/plugins/header-footer-code-manager-4e85b966f722637fb8ba38d8dce7367a.yaml new file mode 100644 index 0000000000..2c4474cd3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/header-footer-code-manager-4e85b966f722637fb8ba38d8dce7367a.yaml @@ -0,0 +1,58 @@ +id: header-footer-code-manager-4e85b966f722637fb8ba38d8dce7367a + +info: + name: > + Header Footer Code Manager <= 1.1.13 - Authenticated SQL Injections + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00323c12-151d-42e4-a85c-76400bce1ec8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/header-footer-code-manager/" + google-query: inurl:"/wp-content/plugins/header-footer-code-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,header-footer-code-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/header-footer-code-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "header-footer-code-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/header-footer-code-manager-54aadf8fe607e5a163f75b88f9bb6921.yaml b/nuclei-templates/cve-less/plugins/header-footer-code-manager-54aadf8fe607e5a163f75b88f9bb6921.yaml new file mode 100644 index 0000000000..0d253e8dc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/header-footer-code-manager-54aadf8fe607e5a163f75b88f9bb6921.yaml @@ -0,0 +1,58 @@ +id: header-footer-code-manager-54aadf8fe607e5a163f75b88f9bb6921 + +info: + name: > + Header Footer Code Manager <= 1.1.23 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca0681a-59ca-42e6-8ee2-574590fc3ae2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/header-footer-code-manager/" + google-query: inurl:"/wp-content/plugins/header-footer-code-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,header-footer-code-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/header-footer-code-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "header-footer-code-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/header-footer-code-manager-ebaed8da40ca133016da6dca47ef4e1c.yaml b/nuclei-templates/cve-less/plugins/header-footer-code-manager-ebaed8da40ca133016da6dca47ef4e1c.yaml new file mode 100644 index 0000000000..fac6a4441b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/header-footer-code-manager-ebaed8da40ca133016da6dca47ef4e1c.yaml @@ -0,0 +1,58 @@ +id: header-footer-code-manager-ebaed8da40ca133016da6dca47ef4e1c + +info: + name: > + Header Footer Code Manager <= 1.1.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b42be363-30b4-487b-9ffc-bfa3efbd1250?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/header-footer-code-manager/" + google-query: inurl:"/wp-content/plugins/header-footer-code-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,header-footer-code-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/header-footer-code-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "header-footer-code-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/header-footer-elementor-5adfa5eb8fa56a7df3a28304be530aa5.yaml b/nuclei-templates/cve-less/plugins/header-footer-elementor-5adfa5eb8fa56a7df3a28304be530aa5.yaml new file mode 100644 index 0000000000..0fadf6cf46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/header-footer-elementor-5adfa5eb8fa56a7df3a28304be530aa5.yaml @@ -0,0 +1,58 @@ +id: header-footer-elementor-5adfa5eb8fa56a7df3a28304be530aa5 + +info: + name: > + Elementor Header & Footer Builder <= 1.6.24 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82644c46-205b-4005-bba8-6b3e45769639?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/header-footer-elementor/" + google-query: inurl:"/wp-content/plugins/header-footer-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,header-footer-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/header-footer-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "header-footer-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/header-footer-elementor-76b99567dc5d8693687703220a992b79.yaml b/nuclei-templates/cve-less/plugins/header-footer-elementor-76b99567dc5d8693687703220a992b79.yaml new file mode 100644 index 0000000000..94202ad446 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/header-footer-elementor-76b99567dc5d8693687703220a992b79.yaml @@ -0,0 +1,58 @@ +id: header-footer-elementor-76b99567dc5d8693687703220a992b79 + +info: + name: > + Elementor Header & Footer Builder <= 1.5.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97108ad1-c7b8-4050-ba0d-7a1fd4bdedb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/header-footer-elementor/" + google-query: inurl:"/wp-content/plugins/header-footer-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,header-footer-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/header-footer-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "header-footer-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/header-image-slider-0fdfd9f22590d1df506441add4a664d1.yaml b/nuclei-templates/cve-less/plugins/header-image-slider-0fdfd9f22590d1df506441add4a664d1.yaml new file mode 100644 index 0000000000..8ada9a567a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/header-image-slider-0fdfd9f22590d1df506441add4a664d1.yaml @@ -0,0 +1,58 @@ +id: header-image-slider-0fdfd9f22590d1df506441add4a664d1 + +info: + name: > + Header Image Slider <= 0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d178b2c9-a157-4e53-a7d7-940370cb3b57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/header-image-slider/" + google-query: inurl:"/wp-content/plugins/header-image-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,header-image-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/header-image-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "header-image-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/headless-cms-924d818a306e9e6b06f3cb1274c2304e.yaml b/nuclei-templates/cve-less/plugins/headless-cms-924d818a306e9e6b06f3cb1274c2304e.yaml new file mode 100644 index 0000000000..1c3c9d4d7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/headless-cms-924d818a306e9e6b06f3cb1274c2304e.yaml @@ -0,0 +1,58 @@ +id: headless-cms-924d818a306e9e6b06f3cb1274c2304e + +info: + name: > + Headless CMS <= 2.0.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d1414f5-e705-4fd4-847b-b46d2d20943b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/headless-cms/" + google-query: inurl:"/wp-content/plugins/headless-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,headless-cms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/headless-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "headless-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/headline-analyzer-54f2c04c2c06c269e0341f13f080ec95.yaml b/nuclei-templates/cve-less/plugins/headline-analyzer-54f2c04c2c06c269e0341f13f080ec95.yaml new file mode 100644 index 0000000000..902107f90b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/headline-analyzer-54f2c04c2c06c269e0341f13f080ec95.yaml @@ -0,0 +1,58 @@ +id: headline-analyzer-54f2c04c2c06c269e0341f13f080ec95 + +info: + name: > + Headline Analyzer <= 1.3.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54e065bf-170d-4f15-879a-fd5fbcb87f79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/headline-analyzer/" + google-query: inurl:"/wp-content/plugins/headline-analyzer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,headline-analyzer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/headline-analyzer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "headline-analyzer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/headline-analyzer-8cd08637ffa8c2d1ca3b360f63505422.yaml b/nuclei-templates/cve-less/plugins/headline-analyzer-8cd08637ffa8c2d1ca3b360f63505422.yaml new file mode 100644 index 0000000000..7130601b58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/headline-analyzer-8cd08637ffa8c2d1ca3b360f63505422.yaml @@ -0,0 +1,58 @@ +id: headline-analyzer-8cd08637ffa8c2d1ca3b360f63505422 + +info: + name: > + Headline Analyzer <= 1.3.1 - Missing Authorization via REST APIs + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a057ad05-0ed7-48c4-9dc1-0e7b1d3cb270?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/headline-analyzer/" + google-query: inurl:"/wp-content/plugins/headline-analyzer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,headline-analyzer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/headline-analyzer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "headline-analyzer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/health-check-43535da8d5aa574c7cf4e311538c873d.yaml b/nuclei-templates/cve-less/plugins/health-check-43535da8d5aa574c7cf4e311538c873d.yaml new file mode 100644 index 0000000000..3f2f262595 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/health-check-43535da8d5aa574c7cf4e311538c873d.yaml @@ -0,0 +1,58 @@ +id: health-check-43535da8d5aa574c7cf4e311538c873d + +info: + name: > + Health Check & Troubleshooting <= 1.5.1 - Cross-Site Request Forgery via health_check_troubleshoot_get_captures + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8d75eb6-2a9f-4c33-9e15-db7db037b67e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/health-check/" + google-query: inurl:"/wp-content/plugins/health-check/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,health-check,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/health-check/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "health-check" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/heart-this-f0164790773e35acb9b1d44f4c95382b.yaml b/nuclei-templates/cve-less/plugins/heart-this-f0164790773e35acb9b1d44f4c95382b.yaml new file mode 100644 index 0000000000..87ffac7542 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/heart-this-f0164790773e35acb9b1d44f4c95382b.yaml @@ -0,0 +1,58 @@ +id: heart-this-f0164790773e35acb9b1d44f4c95382b + +info: + name: > + HeartThis <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/133057a1-4cd5-4e46-9407-d01d80859991?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/heart-this/" + google-query: inurl:"/wp-content/plugins/heart-this/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,heart-this,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/heart-this/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "heart-this" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/heat-trackr-96b9af98f103ae55e184925f398dbbc0.yaml b/nuclei-templates/cve-less/plugins/heat-trackr-96b9af98f103ae55e184925f398dbbc0.yaml new file mode 100644 index 0000000000..ff7432f941 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/heat-trackr-96b9af98f103ae55e184925f398dbbc0.yaml @@ -0,0 +1,58 @@ +id: heat-trackr-96b9af98f103ae55e184925f398dbbc0 + +info: + name: > + Heat Trackr < 1.01 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dbb6c21-8a70-44b9-9915-3f146a2066ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/heat-trackr/" + google-query: inurl:"/wp-content/plugins/heat-trackr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,heat-trackr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/heat-trackr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "heat-trackr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/heateor-social-comments-73dd9496dc7942d3595fe6b58faa41a3.yaml b/nuclei-templates/cve-less/plugins/heateor-social-comments-73dd9496dc7942d3595fe6b58faa41a3.yaml new file mode 100644 index 0000000000..a2875e9433 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/heateor-social-comments-73dd9496dc7942d3595fe6b58faa41a3.yaml @@ -0,0 +1,58 @@ +id: heateor-social-comments-73dd9496dc7942d3595fe6b58faa41a3 + +info: + name: > + WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/037ff4f5-7855-43e8-af25-9a0fcd5f0b64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/heateor-social-comments/" + google-query: inurl:"/wp-content/plugins/heateor-social-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,heateor-social-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/heateor-social-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "heateor-social-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/heateor-social-login-132f29f7cba1678c467fb85b9d9b820e.yaml b/nuclei-templates/cve-less/plugins/heateor-social-login-132f29f7cba1678c467fb85b9d9b820e.yaml new file mode 100644 index 0000000000..7aa5fa4ff9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/heateor-social-login-132f29f7cba1678c467fb85b9d9b820e.yaml @@ -0,0 +1,58 @@ +id: heateor-social-login-132f29f7cba1678c467fb85b9d9b820e + +info: + name: > + Heateor Social Login <= 1.1.30 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a3ebfba-7523-48a4-a315-4395be2cebef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/heateor-social-login/" + google-query: inurl:"/wp-content/plugins/heateor-social-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,heateor-social-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/heateor-social-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "heateor-social-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/helloasso-3b452da100c4d01a4273d3119ce13da9.yaml b/nuclei-templates/cve-less/plugins/helloasso-3b452da100c4d01a4273d3119ce13da9.yaml new file mode 100644 index 0000000000..753529102f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/helloasso-3b452da100c4d01a4273d3119ce13da9.yaml @@ -0,0 +1,58 @@ +id: helloasso-3b452da100c4d01a4273d3119ce13da9 + +info: + name: > + HelloAsso <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/262f7690-97ce-40ca-a277-6871acbc1546?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/helloasso/" + google-query: inurl:"/wp-content/plugins/helloasso/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,helloasso,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/helloasso/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "helloasso" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/helloprint-e743442fbb37f8e4e9406e7627aff2e1.yaml b/nuclei-templates/cve-less/plugins/helloprint-e743442fbb37f8e4e9406e7627aff2e1.yaml new file mode 100644 index 0000000000..e73ea917be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/helloprint-e743442fbb37f8e4e9406e7627aff2e1.yaml @@ -0,0 +1,58 @@ +id: helloprint-e743442fbb37f8e4e9406e7627aff2e1 + +info: + name: > + Helloprint <= 1.4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7cdfa6a-1555-494f-9802-bf92b90e7d9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/helloprint/" + google-query: inurl:"/wp-content/plugins/helloprint/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,helloprint,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/helloprint/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "helloprint" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/helloprint-fb3207d7d531ee9e551e1696ce5b366a.yaml b/nuclei-templates/cve-less/plugins/helloprint-fb3207d7d531ee9e551e1696ce5b366a.yaml new file mode 100644 index 0000000000..d6ec3722e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/helloprint-fb3207d7d531ee9e551e1696ce5b366a.yaml @@ -0,0 +1,58 @@ +id: helloprint-fb3207d7d531ee9e551e1696ce5b366a + +info: + name: > + Helloprint <= 1.4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c508d38c-f5e3-4193-8209-0083a8a18da4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/helloprint/" + google-query: inurl:"/wp-content/plugins/helloprint/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,helloprint,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/helloprint/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "helloprint" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/helpdeskwp-0aa92148d99c1bca8d88494c39b853c4.yaml b/nuclei-templates/cve-less/plugins/helpdeskwp-0aa92148d99c1bca8d88494c39b853c4.yaml new file mode 100644 index 0000000000..a68f65efc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/helpdeskwp-0aa92148d99c1bca8d88494c39b853c4.yaml @@ -0,0 +1,58 @@ +id: helpdeskwp-0aa92148d99c1bca8d88494c39b853c4 + +info: + name: > + Help Desk WP <= 1.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ec5173b-7b0d-4887-8c13-f48137aa8593?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/helpdeskwp/" + google-query: inurl:"/wp-content/plugins/helpdeskwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,helpdeskwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/helpdeskwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "helpdeskwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/helpful-7344a2ea198088e725e4c36ccf66d66c.yaml b/nuclei-templates/cve-less/plugins/helpful-7344a2ea198088e725e4c36ccf66d66c.yaml new file mode 100644 index 0000000000..fe09f48000 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/helpful-7344a2ea198088e725e4c36ccf66d66c.yaml @@ -0,0 +1,58 @@ +id: helpful-7344a2ea198088e725e4c36ccf66d66c + +info: + name: > + Helpful <= 4.4.58 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15f03dc6-2881-4f70-925c-80ef9ce40be2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/helpful/" + google-query: inurl:"/wp-content/plugins/helpful/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,helpful,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/helpful/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "helpful" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/helpful-dd20a0b7211e7318d7683dbce69df5bf.yaml b/nuclei-templates/cve-less/plugins/helpful-dd20a0b7211e7318d7683dbce69df5bf.yaml new file mode 100644 index 0000000000..ab28256120 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/helpful-dd20a0b7211e7318d7683dbce69df5bf.yaml @@ -0,0 +1,58 @@ +id: helpful-dd20a0b7211e7318d7683dbce69df5bf + +info: + name: > + Helpful <= 4.5.25 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56b4d824-96b8-40e6-97b5-17748d13574a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/helpful/" + google-query: inurl:"/wp-content/plugins/helpful/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,helpful,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/helpful/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "helpful" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/helpie-faq-fa8aa874dce84326a50185872038d6df.yaml b/nuclei-templates/cve-less/plugins/helpie-faq-fa8aa874dce84326a50185872038d6df.yaml new file mode 100644 index 0000000000..c105e1f7ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/helpie-faq-fa8aa874dce84326a50185872038d6df.yaml @@ -0,0 +1,58 @@ +id: helpie-faq-fa8aa874dce84326a50185872038d6df + +info: + name: > + Helpie FAQ <= 1.9.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f389f4bf-ffff-4862-b4e2-4465ca0556ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/helpie-faq/" + google-query: inurl:"/wp-content/plugins/helpie-faq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,helpie-faq,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/helpie-faq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "helpie-faq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hercules-core-59d8f9139af0fff2996b4a871907966d.yaml b/nuclei-templates/cve-less/plugins/hercules-core-59d8f9139af0fff2996b4a871907966d.yaml new file mode 100644 index 0000000000..0b53043b9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hercules-core-59d8f9139af0fff2996b4a871907966d.yaml @@ -0,0 +1,58 @@ +id: hercules-core-59d8f9139af0fff2996b4a871907966d + +info: + name: > + Hercules Core <= 6.4 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6428cf3c-a784-4e64-a6ef-041b3793ff67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hercules-core/" + google-query: inurl:"/wp-content/plugins/hercules-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hercules-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hercules-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hercules-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hermit-3ba7758def7bb999accbbcf70be2e182.yaml b/nuclei-templates/cve-less/plugins/hermit-3ba7758def7bb999accbbcf70be2e182.yaml new file mode 100644 index 0000000000..08365cc8c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hermit-3ba7758def7bb999accbbcf70be2e182.yaml @@ -0,0 +1,58 @@ +id: hermit-3ba7758def7bb999accbbcf70be2e182 + +info: + name: > + Hermit 音乐播放器 <= 3.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7b7b31a-2bc4-42b7-ba60-0f29fe65bbe7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hermit/" + google-query: inurl:"/wp-content/plugins/hermit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hermit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hermit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hermit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hermit-43b828ba6ca06e13c96e8d6957a25d26.yaml b/nuclei-templates/cve-less/plugins/hermit-43b828ba6ca06e13c96e8d6957a25d26.yaml new file mode 100644 index 0000000000..26b571413b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hermit-43b828ba6ca06e13c96e8d6957a25d26.yaml @@ -0,0 +1,58 @@ +id: hermit-43b828ba6ca06e13c96e8d6957a25d26 + +info: + name: > + Hermit 音乐播放器 <= 3.1.6 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60b1abeb-b11a-4de7-b747-53b166276a28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hermit/" + google-query: inurl:"/wp-content/plugins/hermit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hermit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hermit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hermit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hermit-45a494ad00222afc72c15fb1ebbba00a.yaml b/nuclei-templates/cve-less/plugins/hermit-45a494ad00222afc72c15fb1ebbba00a.yaml new file mode 100644 index 0000000000..59baf1f171 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hermit-45a494ad00222afc72c15fb1ebbba00a.yaml @@ -0,0 +1,58 @@ +id: hermit-45a494ad00222afc72c15fb1ebbba00a + +info: + name: > + Hermit 音乐播放器 <= 3.1.6 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f28e36e9-7d02-48fc-8f20-64a951af75e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hermit/" + google-query: inurl:"/wp-content/plugins/hermit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hermit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hermit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hermit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hermit-724dab272a7285745cd4df281951dbc2.yaml b/nuclei-templates/cve-less/plugins/hermit-724dab272a7285745cd4df281951dbc2.yaml new file mode 100644 index 0000000000..5ee3e721b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hermit-724dab272a7285745cd4df281951dbc2.yaml @@ -0,0 +1,58 @@ +id: hermit-724dab272a7285745cd4df281951dbc2 + +info: + name: > + Hermit 音乐播放器 <= 3.1.6 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3131eeeb-593d-443e-8641-7470bd1e556b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hermit/" + google-query: inurl:"/wp-content/plugins/hermit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hermit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hermit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hermit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hero-banner-ultimate-8e499ffbdb5eeef7ac0a6adb29663778.yaml b/nuclei-templates/cve-less/plugins/hero-banner-ultimate-8e499ffbdb5eeef7ac0a6adb29663778.yaml new file mode 100644 index 0000000000..0f97d3ce43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hero-banner-ultimate-8e499ffbdb5eeef7ac0a6adb29663778.yaml @@ -0,0 +1,58 @@ +id: hero-banner-ultimate-8e499ffbdb5eeef7ac0a6adb29663778 + +info: + name: > + Hero Banner Ultimate <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8defdd2e-e191-498e-826a-b73c6b4f2f57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hero-banner-ultimate/" + google-query: inurl:"/wp-content/plugins/hero-banner-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hero-banner-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hero-banner-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hero-banner-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hero-maps-pro-bb71b39bbb362217aeb2969b4b128fd1.yaml b/nuclei-templates/cve-less/plugins/hero-maps-pro-bb71b39bbb362217aeb2969b4b128fd1.yaml new file mode 100644 index 0000000000..714c7cc45a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hero-maps-pro-bb71b39bbb362217aeb2969b4b128fd1.yaml @@ -0,0 +1,58 @@ +id: hero-maps-pro-bb71b39bbb362217aeb2969b4b128fd1 + +info: + name: > + Hero Maps Pro <= 2.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b85c78c-da02-4871-a397-1d00a321a3c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hero-maps-pro/" + google-query: inurl:"/wp-content/plugins/hero-maps-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hero-maps-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hero-maps-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hero-maps-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/heureka-18424f590c597310c8b3007cf66d4132.yaml b/nuclei-templates/cve-less/plugins/heureka-18424f590c597310c8b3007cf66d4132.yaml new file mode 100644 index 0000000000..de92d6fca4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/heureka-18424f590c597310c8b3007cf66d4132.yaml @@ -0,0 +1,58 @@ +id: heureka-18424f590c597310c8b3007cf66d4132 + +info: + name: > + Heureka <= 1.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31f6ee4e-2106-42c8-8d52-0ce8e415c55f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/heureka/" + google-query: inurl:"/wp-content/plugins/heureka/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,heureka,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/heureka/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "heureka" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hide-login-page-d8cfd8cbb536b77db396cb96c4ec7492.yaml b/nuclei-templates/cve-less/plugins/hide-login-page-d8cfd8cbb536b77db396cb96c4ec7492.yaml new file mode 100644 index 0000000000..e2527b5b67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hide-login-page-d8cfd8cbb536b77db396cb96c4ec7492.yaml @@ -0,0 +1,58 @@ +id: hide-login-page-d8cfd8cbb536b77db396cb96c4ec7492 + +info: + name: > + Hide login page <= 1.1.7 - Login Page Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d3cff57-ea8a-4082-bc05-d62b9d92f0e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hide-login-page/" + google-query: inurl:"/wp-content/plugins/hide-login-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hide-login-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hide-login-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hide-login-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hide-my-wp-bc9fd382ebb4fba0cb4c50924f838977.yaml b/nuclei-templates/cve-less/plugins/hide-my-wp-bc9fd382ebb4fba0cb4c50924f838977.yaml new file mode 100644 index 0000000000..e2a9b69f8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hide-my-wp-bc9fd382ebb4fba0cb4c50924f838977.yaml @@ -0,0 +1,58 @@ +id: hide-my-wp-bc9fd382ebb4fba0cb4c50924f838977 + +info: + name: > + Hide My WP Ghost – Security Plugin <= 5.0.18 - IP Address Spoofing to Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cf89f94-587a-4fed-a6e4-3876b7dbc9ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hide-my-wp/" + google-query: inurl:"/wp-content/plugins/hide-my-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hide-my-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hide-my-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hide-my-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hide-my-wp-f06e932f1a72c7fb21b21c76bafdfc46.yaml b/nuclei-templates/cve-less/plugins/hide-my-wp-f06e932f1a72c7fb21b21c76bafdfc46.yaml new file mode 100644 index 0000000000..6ceb9d6e29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hide-my-wp-f06e932f1a72c7fb21b21c76bafdfc46.yaml @@ -0,0 +1,58 @@ +id: hide-my-wp-f06e932f1a72c7fb21b21c76bafdfc46 + +info: + name: > + Hide My WP Ghost <= 5.0.25 - CAPTCHA Bypass in brute_math_authenticate + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5618db77-fe74-4982-92b3-cec554640bde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hide-my-wp/" + google-query: inurl:"/wp-content/plugins/hide-my-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hide-my-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hide-my-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hide-my-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hide_my_wp-a5da2259e66916eeb957e15e5b2a199e.yaml b/nuclei-templates/cve-less/plugins/hide_my_wp-a5da2259e66916eeb957e15e5b2a199e.yaml new file mode 100644 index 0000000000..95263184ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hide_my_wp-a5da2259e66916eeb957e15e5b2a199e.yaml @@ -0,0 +1,58 @@ +id: hide_my_wp-a5da2259e66916eeb957e15e5b2a199e + +info: + name: > + Hide My WP <= 6.2.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04383919-dae0-4865-b0ff-88049f8cd4db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hide_my_wp/" + google-query: inurl:"/wp-content/plugins/hide_my_wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hide_my_wp,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hide_my_wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hide_my_wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hide_my_wp-c109e83620923dabed3942bad0a8805b.yaml b/nuclei-templates/cve-less/plugins/hide_my_wp-c109e83620923dabed3942bad0a8805b.yaml new file mode 100644 index 0000000000..2e93e65916 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hide_my_wp-c109e83620923dabed3942bad0a8805b.yaml @@ -0,0 +1,58 @@ +id: hide_my_wp-c109e83620923dabed3942bad0a8805b + +info: + name: > + Hide My WP < 6.2.9 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/396a58d2-8357-4a8b-88a7-8c4917e27eb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hide_my_wp/" + google-query: inurl:"/wp-content/plugins/hide_my_wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hide_my_wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hide_my_wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hide_my_wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hide_my_wp-f9354e3145332671221f1b57bb58f382.yaml b/nuclei-templates/cve-less/plugins/hide_my_wp-f9354e3145332671221f1b57bb58f382.yaml new file mode 100644 index 0000000000..14aab30b94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hide_my_wp-f9354e3145332671221f1b57bb58f382.yaml @@ -0,0 +1,58 @@ +id: hide_my_wp-f9354e3145332671221f1b57bb58f382 + +info: + name: > + Hide My WP <= 6.2.3 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3283f2b7-28a5-4c39-aeef-3237ecc57cf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hide_my_wp/" + google-query: inurl:"/wp-content/plugins/hide_my_wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hide_my_wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hide_my_wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hide_my_wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/high-compress-a3e9ff26d980a2a3e39533f0b78e5d83.yaml b/nuclei-templates/cve-less/plugins/high-compress-a3e9ff26d980a2a3e39533f0b78e5d83.yaml new file mode 100644 index 0000000000..fd77c61ecd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/high-compress-a3e9ff26d980a2a3e39533f0b78e5d83.yaml @@ -0,0 +1,58 @@ +id: high-compress-a3e9ff26d980a2a3e39533f0b78e5d83 + +info: + name: > + Highcompress Image Compressor <= 5.0.0 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0f2e2f4-6575-4f00-9417-3b5a19c3de40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/high-compress/" + google-query: inurl:"/wp-content/plugins/high-compress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,high-compress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/high-compress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "high-compress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/highlight-bfb136ecd8a5fcaea8f121127bb1d532.yaml b/nuclei-templates/cve-less/plugins/highlight-bfb136ecd8a5fcaea8f121127bb1d532.yaml new file mode 100644 index 0000000000..20b01734d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/highlight-bfb136ecd8a5fcaea8f121127bb1d532.yaml @@ -0,0 +1,58 @@ +id: highlight-bfb136ecd8a5fcaea8f121127bb1d532 + +info: + name: > + Highlight < 0.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/436cd742-c271-4eb7-96a3-cd6af046d26f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/highlight/" + google-query: inurl:"/wp-content/plugins/highlight/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,highlight,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/highlight/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "highlight" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/highlight-focus-4f5affe3e6d10944ac86113d1e4881da.yaml b/nuclei-templates/cve-less/plugins/highlight-focus-4f5affe3e6d10944ac86113d1e4881da.yaml new file mode 100644 index 0000000000..b01c3919a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/highlight-focus-4f5affe3e6d10944ac86113d1e4881da.yaml @@ -0,0 +1,58 @@ +id: highlight-focus-4f5affe3e6d10944ac86113d1e4881da + +info: + name: > + Highlight Focus <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1b4841b-c701-4915-9592-518e68179d20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/highlight-focus/" + google-query: inurl:"/wp-content/plugins/highlight-focus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,highlight-focus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/highlight-focus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "highlight-focus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/history-collection-a292899c8a2340a097d09b07ac49f9ad.yaml b/nuclei-templates/cve-less/plugins/history-collection-a292899c8a2340a097d09b07ac49f9ad.yaml new file mode 100644 index 0000000000..f5ed9d8c13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/history-collection-a292899c8a2340a097d09b07ac49f9ad.yaml @@ -0,0 +1,58 @@ +id: history-collection-a292899c8a2340a097d09b07ac49f9ad + +info: + name: > + History Collection <=1.1.1 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24b319e6-1903-44a9-9f69-0e5ebe891870?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/history-collection/" + google-query: inurl:"/wp-content/plugins/history-collection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,history-collection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/history-collection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "history-collection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/history-log-by-click5-8c87a28bec934dcd5364cbdca924c771.yaml b/nuclei-templates/cve-less/plugins/history-log-by-click5-8c87a28bec934dcd5364cbdca924c771.yaml new file mode 100644 index 0000000000..c6544c8cdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/history-log-by-click5-8c87a28bec934dcd5364cbdca924c771.yaml @@ -0,0 +1,58 @@ +id: history-log-by-click5-8c87a28bec934dcd5364cbdca924c771 + +info: + name: > + History Log by click5 <= 1.0.12 - Authenticated(Administrator+) Time-Based Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2881e144-a109-4034-afe8-2f72efd70360?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/history-log-by-click5/" + google-query: inurl:"/wp-content/plugins/history-log-by-click5/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,history-log-by-click5,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/history-log-by-click5/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "history-log-by-click5" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hitsteps-visitor-manager-99e03ce9a586679417b36a7850aaddc6.yaml b/nuclei-templates/cve-less/plugins/hitsteps-visitor-manager-99e03ce9a586679417b36a7850aaddc6.yaml new file mode 100644 index 0000000000..5dd486063c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hitsteps-visitor-manager-99e03ce9a586679417b36a7850aaddc6.yaml @@ -0,0 +1,58 @@ +id: hitsteps-visitor-manager-99e03ce9a586679417b36a7850aaddc6 + +info: + name: > + Hitsteps Web Analytics <= 5.86 - Cross-Site Request Forgery via hst_optionpage + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7252075f-9326-4f04-bdd9-b244609c9cd3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hitsteps-visitor-manager/" + google-query: inurl:"/wp-content/plugins/hitsteps-visitor-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hitsteps-visitor-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hitsteps-visitor-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hitsteps-visitor-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.86') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hitsteps-visitor-manager-c0963c297f9f408e178419f30ee7e022.yaml b/nuclei-templates/cve-less/plugins/hitsteps-visitor-manager-c0963c297f9f408e178419f30ee7e022.yaml new file mode 100644 index 0000000000..2f4c348c69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hitsteps-visitor-manager-c0963c297f9f408e178419f30ee7e022.yaml @@ -0,0 +1,58 @@ +id: hitsteps-visitor-manager-c0963c297f9f408e178419f30ee7e022 + +info: + name: > + Hitsteps Web Analytics <= 5.86 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f68a386b-544f-4aa2-8ae5-4d57ddd07b63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hitsteps-visitor-manager/" + google-query: inurl:"/wp-content/plugins/hitsteps-visitor-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hitsteps-visitor-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hitsteps-visitor-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hitsteps-visitor-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.86') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hiweb-migration-simple-927e2c90815a01d50a3aecbb0efc5c7c.yaml b/nuclei-templates/cve-less/plugins/hiweb-migration-simple-927e2c90815a01d50a3aecbb0efc5c7c.yaml new file mode 100644 index 0000000000..0e4f2edaea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hiweb-migration-simple-927e2c90815a01d50a3aecbb0efc5c7c.yaml @@ -0,0 +1,58 @@ +id: hiweb-migration-simple-927e2c90815a01d50a3aecbb0efc5c7c + +info: + name: > + hiWeb Migration Simple <= 2.0.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9aacc69-aa46-4cdb-a301-c0bf2836d441?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hiweb-migration-simple/" + google-query: inurl:"/wp-content/plugins/hiweb-migration-simple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hiweb-migration-simple,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hiweb-migration-simple/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hiweb-migration-simple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hk-exif-tags-f98ba84845d04638f96a14d587800f12.yaml b/nuclei-templates/cve-less/plugins/hk-exif-tags-f98ba84845d04638f96a14d587800f12.yaml new file mode 100644 index 0000000000..957faa19a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hk-exif-tags-f98ba84845d04638f96a14d587800f12.yaml @@ -0,0 +1,58 @@ +id: hk-exif-tags-f98ba84845d04638f96a14d587800f12 + +info: + name: > + HK Exif Tags <= 1.11 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/835cbcfa-bb8d-4b46-9316-500e1b47cfb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hk-exif-tags/" + google-query: inurl:"/wp-content/plugins/hk-exif-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hk-exif-tags,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hk-exif-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hk-exif-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hk-filter-and-search-dd02ae8823de431da5d5d52246acd7ff.yaml b/nuclei-templates/cve-less/plugins/hk-filter-and-search-dd02ae8823de431da5d5d52246acd7ff.yaml new file mode 100644 index 0000000000..b39708d606 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hk-filter-and-search-dd02ae8823de431da5d5d52246acd7ff.yaml @@ -0,0 +1,58 @@ +id: hk-filter-and-search-dd02ae8823de431da5d5d52246acd7ff + +info: + name: > + HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee2b4055-8cbd-49b7-bb0b-eddef85060fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hk-filter-and-search/" + google-query: inurl:"/wp-content/plugins/hk-filter-and-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hk-filter-and-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hk-filter-and-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hk-filter-and-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hk-filter-and-search-ec9f1feec044e5447ec3ac663c7a05af.yaml b/nuclei-templates/cve-less/plugins/hk-filter-and-search-ec9f1feec044e5447ec3ac663c7a05af.yaml new file mode 100644 index 0000000000..f63cb5cce1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hk-filter-and-search-ec9f1feec044e5447ec3ac663c7a05af.yaml @@ -0,0 +1,58 @@ +id: hk-filter-and-search-ec9f1feec044e5447ec3ac663c7a05af + +info: + name: > + HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/157eddd4-67f0-4a07-b3ab-11dbfb9f12aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hk-filter-and-search/" + google-query: inurl:"/wp-content/plugins/hk-filter-and-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hk-filter-and-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hk-filter-and-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hk-filter-and-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hkdev-maintenance-mode-7378070b61d09db85a0d4e6a50aa47a8.yaml b/nuclei-templates/cve-less/plugins/hkdev-maintenance-mode-7378070b61d09db85a0d4e6a50aa47a8.yaml new file mode 100644 index 0000000000..3c2818f16a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hkdev-maintenance-mode-7378070b61d09db85a0d4e6a50aa47a8.yaml @@ -0,0 +1,58 @@ +id: hkdev-maintenance-mode-7378070b61d09db85a0d4e6a50aa47a8 + +info: + name: > + Maintenance Mode by helderk <= 3.0.1 - Unauthenticated IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17906039-0130-4e24-b932-1ba19d3d58ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hkdev-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/hkdev-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hkdev-maintenance-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hkdev-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hkdev-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hkdev-maintenance-mode-c0b53a118173c14a546665b5482b078d.yaml b/nuclei-templates/cve-less/plugins/hkdev-maintenance-mode-c0b53a118173c14a546665b5482b078d.yaml new file mode 100644 index 0000000000..38516f4d35 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hkdev-maintenance-mode-c0b53a118173c14a546665b5482b078d.yaml @@ -0,0 +1,58 @@ +id: hkdev-maintenance-mode-c0b53a118173c14a546665b5482b078d + +info: + name: > + Maintenance Mode <= 3.0.1 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36def628-e09e-4da0-ab14-35aefcb67f73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hkdev-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/hkdev-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hkdev-maintenance-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hkdev-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hkdev-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hm-multiple-roles-db1c5c8b7f25d9de3f31e4725ede7e61.yaml b/nuclei-templates/cve-less/plugins/hm-multiple-roles-db1c5c8b7f25d9de3f31e4725ede7e61.yaml new file mode 100644 index 0000000000..1f77d4e8e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hm-multiple-roles-db1c5c8b7f25d9de3f31e4725ede7e61.yaml @@ -0,0 +1,58 @@ +id: hm-multiple-roles-db1c5c8b7f25d9de3f31e4725ede7e61 + +info: + name: > + HM Multiple Roles <= 1.2 - Privilege Escalation via Arbitrary Role Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14f0df3e-4333-49d8-a318-6f9fa614c23e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hm-multiple-roles/" + google-query: inurl:"/wp-content/plugins/hm-multiple-roles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hm-multiple-roles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hm-multiple-roles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hm-multiple-roles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hmapsprem-294b436d8db887cede47424adf8c58d6.yaml b/nuclei-templates/cve-less/plugins/hmapsprem-294b436d8db887cede47424adf8c58d6.yaml new file mode 100644 index 0000000000..7e3eb3c2bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hmapsprem-294b436d8db887cede47424adf8c58d6.yaml @@ -0,0 +1,58 @@ +id: hmapsprem-294b436d8db887cede47424adf8c58d6 + +info: + name: > + Hero Maps Premium <= 2.2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a1f2a7d-f91c-4dd2-b275-0e27f65498b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hmapsprem/" + google-query: inurl:"/wp-content/plugins/hmapsprem/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hmapsprem,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hmapsprem/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hmapsprem" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hms-testimonials-0edbba73cef4d5273525e9fdeb2bcb4c.yaml b/nuclei-templates/cve-less/plugins/hms-testimonials-0edbba73cef4d5273525e9fdeb2bcb4c.yaml new file mode 100644 index 0000000000..8792e925e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hms-testimonials-0edbba73cef4d5273525e9fdeb2bcb4c.yaml @@ -0,0 +1,58 @@ +id: hms-testimonials-0edbba73cef4d5273525e9fdeb2bcb4c + +info: + name: > + HMS Testimonials < 2.0.11 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2d31521-5fe1-48ce-881c-4cacdbe08f21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hms-testimonials/" + google-query: inurl:"/wp-content/plugins/hms-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hms-testimonials,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hms-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hms-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hms-testimonials-8de4556487daff9f80ef882a72ac48a1.yaml b/nuclei-templates/cve-less/plugins/hms-testimonials-8de4556487daff9f80ef882a72ac48a1.yaml new file mode 100644 index 0000000000..b27fca3bef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hms-testimonials-8de4556487daff9f80ef882a72ac48a1.yaml @@ -0,0 +1,58 @@ +id: hms-testimonials-8de4556487daff9f80ef882a72ac48a1 + +info: + name: > + HMS Testimonials <= 2.0.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0406b7a0-517d-4462-9b65-d4f708cf364d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hms-testimonials/" + google-query: inurl:"/wp-content/plugins/hms-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hms-testimonials,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hms-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hms-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/holler-box-62f024d1a6544d8128f328de7ec4ed81.yaml b/nuclei-templates/cve-less/plugins/holler-box-62f024d1a6544d8128f328de7ec4ed81.yaml new file mode 100644 index 0000000000..a15fa75519 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/holler-box-62f024d1a6544d8128f328de7ec4ed81.yaml @@ -0,0 +1,58 @@ +id: holler-box-62f024d1a6544d8128f328de7ec4ed81 + +info: + name: > + HollerBox <= 2.1.3 - Authenticated (edit_popups+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4970be62-9aad-4a5f-9dd3-4bf48bded022?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/holler-box/" + google-query: inurl:"/wp-content/plugins/holler-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,holler-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/holler-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "holler-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/holler-box-ca4ae9210ad5c6416e62ede162724557.yaml b/nuclei-templates/cve-less/plugins/holler-box-ca4ae9210ad5c6416e62ede162724557.yaml new file mode 100644 index 0000000000..403bbf15a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/holler-box-ca4ae9210ad5c6416e62ede162724557.yaml @@ -0,0 +1,58 @@ +id: holler-box-ca4ae9210ad5c6416e62ede162724557 + +info: + name: > + HollerBox <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c76871e-b774-4284-ad00-f8ef7f6df389?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/holler-box/" + google-query: inurl:"/wp-content/plugins/holler-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,holler-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/holler-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "holler-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/homepage-pop-up-48cb81f29289d3dff74b9ff9eb6ca258.yaml b/nuclei-templates/cve-less/plugins/homepage-pop-up-48cb81f29289d3dff74b9ff9eb6ca258.yaml new file mode 100644 index 0000000000..5362d6c6d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/homepage-pop-up-48cb81f29289d3dff74b9ff9eb6ca258.yaml @@ -0,0 +1,58 @@ +id: homepage-pop-up-48cb81f29289d3dff74b9ff9eb6ca258 + +info: + name: > + Homepage PopUp <= 1.2.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e61f1835-2e56-40c8-b4b9-b3b9766d7e46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/homepage-pop-up/" + google-query: inurl:"/wp-content/plugins/homepage-pop-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,homepage-pop-up,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/homepage-pop-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "homepage-pop-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/homepage-pop-up-9fb8bc0ed140e27215d75f6096a9ee6f.yaml b/nuclei-templates/cve-less/plugins/homepage-pop-up-9fb8bc0ed140e27215d75f6096a9ee6f.yaml new file mode 100644 index 0000000000..ff3f124c33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/homepage-pop-up-9fb8bc0ed140e27215d75f6096a9ee6f.yaml @@ -0,0 +1,58 @@ +id: homepage-pop-up-9fb8bc0ed140e27215d75f6096a9ee6f + +info: + name: > + Homepage Popup <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85438fad-2111-494a-9ba6-854c66d21149?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/homepage-pop-up/" + google-query: inurl:"/wp-content/plugins/homepage-pop-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,homepage-pop-up,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/homepage-pop-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "homepage-pop-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/homepage-product-organizer-for-woocommerce-61ef4484d482c37a0de9af18fac5edf6.yaml b/nuclei-templates/cve-less/plugins/homepage-product-organizer-for-woocommerce-61ef4484d482c37a0de9af18fac5edf6.yaml new file mode 100644 index 0000000000..92b5f55be4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/homepage-product-organizer-for-woocommerce-61ef4484d482c37a0de9af18fac5edf6.yaml @@ -0,0 +1,58 @@ +id: homepage-product-organizer-for-woocommerce-61ef4484d482c37a0de9af18fac5edf6 + +info: + name: > + Homepage Product Organizer for WooCommerce <= 1.1 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bd06e1e-505d-491e-a92b-61d390c97ea8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/homepage-product-organizer-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/homepage-product-organizer-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,homepage-product-organizer-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/homepage-product-organizer-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "homepage-product-organizer-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/honeypot-84ddb55655b14833e201c7e5f21d2907.yaml b/nuclei-templates/cve-less/plugins/honeypot-84ddb55655b14833e201c7e5f21d2907.yaml new file mode 100644 index 0000000000..ba3b9ba9e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/honeypot-84ddb55655b14833e201c7e5f21d2907.yaml @@ -0,0 +1,58 @@ +id: honeypot-84ddb55655b14833e201c7e5f21d2907 + +info: + name: > + WP Armour – Honeypot Anti Spam <= 2.1.13 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6e70e5f-6b4b-40c1-b43c-957ca97e162a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/honeypot/" + google-query: inurl:"/wp-content/plugins/honeypot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,honeypot,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/honeypot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "honeypot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/honeypot-for-wp-comment-2030c3497157a45619c53075fe4be64d.yaml b/nuclei-templates/cve-less/plugins/honeypot-for-wp-comment-2030c3497157a45619c53075fe4be64d.yaml new file mode 100644 index 0000000000..7ef58fd1b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/honeypot-for-wp-comment-2030c3497157a45619c53075fe4be64d.yaml @@ -0,0 +1,58 @@ +id: honeypot-for-wp-comment-2030c3497157a45619c53075fe4be64d + +info: + name: > + Honeypot for WP Comment <= 2.2.3 - Reflected Cross-Site Scripting via page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1441e68-5c41-4c90-ba99-1656af87a29d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/honeypot-for-wp-comment/" + google-query: inurl:"/wp-content/plugins/honeypot-for-wp-comment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,honeypot-for-wp-comment,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/honeypot-for-wp-comment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "honeypot-for-wp-comment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/honeypot-for-wp-comment-a8665e653501dfd87d7b7e15f79ece36.yaml b/nuclei-templates/cve-less/plugins/honeypot-for-wp-comment-a8665e653501dfd87d7b7e15f79ece36.yaml new file mode 100644 index 0000000000..93e4b15f5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/honeypot-for-wp-comment-a8665e653501dfd87d7b7e15f79ece36.yaml @@ -0,0 +1,58 @@ +id: honeypot-for-wp-comment-a8665e653501dfd87d7b7e15f79ece36 + +info: + name: > + Honeypot for WP Comment <= 2.2.3 - Directory Traversal to Unauthenticated Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6b0bb48-eb61-4236-a03f-19d5d2084a75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/honeypot-for-wp-comment/" + google-query: inurl:"/wp-content/plugins/honeypot-for-wp-comment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,honeypot-for-wp-comment,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/honeypot-for-wp-comment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "honeypot-for-wp-comment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/horizontal-scrolling-announcement-797d8c237b397ae53a63dd9186307bf3.yaml b/nuclei-templates/cve-less/plugins/horizontal-scrolling-announcement-797d8c237b397ae53a63dd9186307bf3.yaml new file mode 100644 index 0000000000..cdb1bf947b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/horizontal-scrolling-announcement-797d8c237b397ae53a63dd9186307bf3.yaml @@ -0,0 +1,58 @@ +id: horizontal-scrolling-announcement-797d8c237b397ae53a63dd9186307bf3 + +info: + name: > + Horizontal scrolling announcement <= 9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4f60e8c-2745-4930-9101-914bd73c6e1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/horizontal-scrolling-announcement/" + google-query: inurl:"/wp-content/plugins/horizontal-scrolling-announcement/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,horizontal-scrolling-announcement,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/horizontal-scrolling-announcement/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "horizontal-scrolling-announcement" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/horizontal-scrolling-announcement-c7a804f58a12769a69ea7efb7fd135b4.yaml b/nuclei-templates/cve-less/plugins/horizontal-scrolling-announcement-c7a804f58a12769a69ea7efb7fd135b4.yaml new file mode 100644 index 0000000000..8e42ac3ebb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/horizontal-scrolling-announcement-c7a804f58a12769a69ea7efb7fd135b4.yaml @@ -0,0 +1,58 @@ +id: horizontal-scrolling-announcement-c7a804f58a12769a69ea7efb7fd135b4 + +info: + name: > + Horizontal scrolling announcement <= 9.2 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf50922a-58a6-4ca4-80b7-cafb37b87216?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/horizontal-scrolling-announcement/" + google-query: inurl:"/wp-content/plugins/horizontal-scrolling-announcement/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,horizontal-scrolling-announcement,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/horizontal-scrolling-announcement/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "horizontal-scrolling-announcement" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hospital-management-6c841a99daf37cae6f46cd0d753efccb.yaml b/nuclei-templates/cve-less/plugins/hospital-management-6c841a99daf37cae6f46cd0d753efccb.yaml new file mode 100644 index 0000000000..63de3da685 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hospital-management-6c841a99daf37cae6f46cd0d753efccb.yaml @@ -0,0 +1,58 @@ +id: hospital-management-6c841a99daf37cae6f46cd0d753efccb + +info: + name: > + Mojoomla Hospital Management System for WordPress Theme < 22-05-2018 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f92355-e664-4aeb-9094-9c8aa49cd3e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hospital-management/" + google-query: inurl:"/wp-content/plugins/hospital-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hospital-management,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hospital-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hospital-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 08-03-2018') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/host-analyticsjs-local-8450871a53e20b19adaa61e1434e59d8.yaml b/nuclei-templates/cve-less/plugins/host-analyticsjs-local-8450871a53e20b19adaa61e1434e59d8.yaml new file mode 100644 index 0000000000..54f6b2dbaf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/host-analyticsjs-local-8450871a53e20b19adaa61e1434e59d8.yaml @@ -0,0 +1,58 @@ +id: host-analyticsjs-local-8450871a53e20b19adaa61e1434e59d8 + +info: + name: > + CAOS | Host Google Analytics Locally <= 4.7.14 - Missing Authorization to Unauthenticated Plugin Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ec1fd03-f865-4f58-b63b-e70c0c7e701d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/host-analyticsjs-local/" + google-query: inurl:"/wp-content/plugins/host-analyticsjs-local/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,host-analyticsjs-local,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/host-analyticsjs-local/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "host-analyticsjs-local" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/host-analyticsjs-local-fbc80c02043c699931d3e726696377ec.yaml b/nuclei-templates/cve-less/plugins/host-analyticsjs-local-fbc80c02043c699931d3e726696377ec.yaml new file mode 100644 index 0000000000..36f4fa0c47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/host-analyticsjs-local-fbc80c02043c699931d3e726696377ec.yaml @@ -0,0 +1,58 @@ +id: host-analyticsjs-local-fbc80c02043c699931d3e726696377ec + +info: + name: > + CAOS <= 4.1.8 - Admin+ Arbitrary Folder Deletion via Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a6cda1f-8af9-44b1-98e2-619d29c28a88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/host-analyticsjs-local/" + google-query: inurl:"/wp-content/plugins/host-analyticsjs-local/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,host-analyticsjs-local,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/host-analyticsjs-local/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "host-analyticsjs-local" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/host-webfonts-local-2442f509b4c40ac50640a6c02e5c1509.yaml b/nuclei-templates/cve-less/plugins/host-webfonts-local-2442f509b4c40ac50640a6c02e5c1509.yaml new file mode 100644 index 0000000000..ce428559aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/host-webfonts-local-2442f509b4c40ac50640a6c02e5c1509.yaml @@ -0,0 +1,58 @@ +id: host-webfonts-local-2442f509b4c40ac50640a6c02e5c1509 + +info: + name: > + OMGF <= 4.5.11 - Authenticated (Admin+) Arbitrary Folder Deletion via Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6c71e38-5ac3-46f1-8292-a49c6e44f1d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/host-webfonts-local/" + google-query: inurl:"/wp-content/plugins/host-webfonts-local/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,host-webfonts-local,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/host-webfonts-local/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "host-webfonts-local" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/host-webfonts-local-c613d8cee5f1f00301bb24d6fb1e61f7.yaml b/nuclei-templates/cve-less/plugins/host-webfonts-local-c613d8cee5f1f00301bb24d6fb1e61f7.yaml new file mode 100644 index 0000000000..91aa60ee94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/host-webfonts-local-c613d8cee5f1f00301bb24d6fb1e61f7.yaml @@ -0,0 +1,58 @@ +id: host-webfonts-local-c613d8cee5f1f00301bb24d6fb1e61f7 + +info: + name: > + OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. <= 5.7.9 - Missing Authorization to Unauthenticated Directory Deletion and Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e835b97-c066-4e8f-b99f-1a930105af0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/host-webfonts-local/" + google-query: inurl:"/wp-content/plugins/host-webfonts-local/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,host-webfonts-local,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/host-webfonts-local/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "host-webfonts-local" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/host-webfonts-local-ca17e2759a3859433a0fdcccce8347ca.yaml b/nuclei-templates/cve-less/plugins/host-webfonts-local-ca17e2759a3859433a0fdcccce8347ca.yaml new file mode 100644 index 0000000000..e23b73befc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/host-webfonts-local-ca17e2759a3859433a0fdcccce8347ca.yaml @@ -0,0 +1,58 @@ +id: host-webfonts-local-ca17e2759a3859433a0fdcccce8347ca + +info: + name: > + OMGF <= 4.5.3 - Subscriber+ Arbitrary File/Folder Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a00980c-2d27-4363-acad-ed9d1e7e37b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/host-webfonts-local/" + google-query: inurl:"/wp-content/plugins/host-webfonts-local/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,host-webfonts-local,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/host-webfonts-local/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "host-webfonts-local" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/host-webfonts-local-e5f4d0fbf2cb3e2ba7d87aa6af9f1099.yaml b/nuclei-templates/cve-less/plugins/host-webfonts-local-e5f4d0fbf2cb3e2ba7d87aa6af9f1099.yaml new file mode 100644 index 0000000000..7a551229b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/host-webfonts-local-e5f4d0fbf2cb3e2ba7d87aa6af9f1099.yaml @@ -0,0 +1,58 @@ +id: host-webfonts-local-e5f4d0fbf2cb3e2ba7d87aa6af9f1099 + +info: + name: > + OMGF <= 4.5.3 - Unauthenticated Path Traversal in REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b90640d2-d6f4-4c3b-8e9b-038d57f5fd6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/host-webfonts-local/" + google-query: inurl:"/wp-content/plugins/host-webfonts-local/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,host-webfonts-local,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/host-webfonts-local/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "host-webfonts-local" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hostel-16bd3db16d545cda6e318dd7aeadbea4.yaml b/nuclei-templates/cve-less/plugins/hostel-16bd3db16d545cda6e318dd7aeadbea4.yaml new file mode 100644 index 0000000000..711d67a198 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hostel-16bd3db16d545cda6e318dd7aeadbea4.yaml @@ -0,0 +1,58 @@ +id: hostel-16bd3db16d545cda6e318dd7aeadbea4 + +info: + name: > + hostel <= 1.1.5.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a8c5d9b-4535-4edb-a92e-a9b83a0d22c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hostel/" + google-query: inurl:"/wp-content/plugins/hostel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hostel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hostel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hostel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hostel-2719d6731668b9065520117203a3303c.yaml b/nuclei-templates/cve-less/plugins/hostel-2719d6731668b9065520117203a3303c.yaml new file mode 100644 index 0000000000..ba3ecc0030 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hostel-2719d6731668b9065520117203a3303c.yaml @@ -0,0 +1,58 @@ +id: hostel-2719d6731668b9065520117203a3303c + +info: + name: > + Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Manage Bookings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4865576-9929-4ce2-a220-935f1f3e0485?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hostel/" + google-query: inurl:"/wp-content/plugins/hostel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hostel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hostel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hostel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hostel-50b601cc2c81a33254df5b8d86129b71.yaml b/nuclei-templates/cve-less/plugins/hostel-50b601cc2c81a33254df5b8d86129b71.yaml new file mode 100644 index 0000000000..1507218eb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hostel-50b601cc2c81a33254df5b8d86129b71.yaml @@ -0,0 +1,58 @@ +id: hostel-50b601cc2c81a33254df5b8d86129b71 + +info: + name: > + Hostel <= 1.1.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5686bc0f-efe7-4268-a6e1-bec939504ab4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hostel/" + google-query: inurl:"/wp-content/plugins/hostel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hostel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hostel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hostel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hostel-da8a9590fd2919ac3b910c3614df54d5.yaml b/nuclei-templates/cve-less/plugins/hostel-da8a9590fd2919ac3b910c3614df54d5.yaml new file mode 100644 index 0000000000..f693d64164 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hostel-da8a9590fd2919ac3b910c3614df54d5.yaml @@ -0,0 +1,58 @@ +id: hostel-da8a9590fd2919ac3b910c3614df54d5 + +info: + name: > + Hostel <= 1.1.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb98b2ee-5c51-453f-9e55-52027237e732?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hostel/" + google-query: inurl:"/wp-content/plugins/hostel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hostel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hostel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hostel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hostinger-fda0de5b4c70706b1c7590b4b32d12b9.yaml b/nuclei-templates/cve-less/plugins/hostinger-fda0de5b4c70706b1c7590b4b32d12b9.yaml new file mode 100644 index 0000000000..87bd45fa5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hostinger-fda0de5b4c70706b1c7590b4b32d12b9.yaml @@ -0,0 +1,58 @@ +id: hostinger-fda0de5b4c70706b1c7590b4b32d12b9 + +info: + name: > + Hostinger <= 1.9.7 - Missing Authorization to Maintenance Mode Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d89cf759-5e5f-43e2-90a9-a8e554653ee1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hostinger/" + google-query: inurl:"/wp-content/plugins/hostinger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hostinger,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hostinger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hostinger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hot-linked-image-cacher-c27aea985311d8d430509d848af8ed00.yaml b/nuclei-templates/cve-less/plugins/hot-linked-image-cacher-c27aea985311d8d430509d848af8ed00.yaml new file mode 100644 index 0000000000..8ab810008f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hot-linked-image-cacher-c27aea985311d8d430509d848af8ed00.yaml @@ -0,0 +1,58 @@ +id: hot-linked-image-cacher-c27aea985311d8d430509d848af8ed00 + +info: + name: > + Hot Linked Image Cacher <= 1.16 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e3f199b-b75d-43a2-a20c-957fb1b512e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hot-linked-image-cacher/" + google-query: inurl:"/wp-content/plugins/hot-linked-image-cacher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hot-linked-image-cacher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hot-linked-image-cacher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hot-linked-image-cacher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hot-random-image-ac9cb365e503376aa31ed761706bf88b.yaml b/nuclei-templates/cve-less/plugins/hot-random-image-ac9cb365e503376aa31ed761706bf88b.yaml new file mode 100644 index 0000000000..d63922dcc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hot-random-image-ac9cb365e503376aa31ed761706bf88b.yaml @@ -0,0 +1,58 @@ +id: hot-random-image-ac9cb365e503376aa31ed761706bf88b + +info: + name: > + Hot Random Image <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8a27ec5-019b-4aa5-8317-1c832af3b7ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hot-random-image/" + google-query: inurl:"/wp-content/plugins/hot-random-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hot-random-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hot-random-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hot-random-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hotel-listing-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/cve-less/plugins/hotel-listing-c1fc6421a52e6ac7d9b0f476667cd29a.yaml new file mode 100644 index 0000000000..f4774b24cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hotel-listing-c1fc6421a52e6ac7d9b0f476667cd29a.yaml @@ -0,0 +1,58 @@ +id: hotel-listing-c1fc6421a52e6ac7d9b0f476667cd29a + +info: + name: > + Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hotel-listing/" + google-query: inurl:"/wp-content/plugins/hotel-listing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hotel-listing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hotel-listing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hotel-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hotjar-28e170e893975e3ad314a1e6dd206e77.yaml b/nuclei-templates/cve-less/plugins/hotjar-28e170e893975e3ad314a1e6dd206e77.yaml new file mode 100644 index 0000000000..d56783a667 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hotjar-28e170e893975e3ad314a1e6dd206e77.yaml @@ -0,0 +1,58 @@ +id: hotjar-28e170e893975e3ad314a1e6dd206e77 + +info: + name: > + Hotjar <= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c640bcb-b6bf-4865-b713-32ca846e4ed9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hotjar/" + google-query: inurl:"/wp-content/plugins/hotjar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hotjar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hotjar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hotjar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hotjar-connecticator-106707c65ee1208d448d3a7f0350d84b.yaml b/nuclei-templates/cve-less/plugins/hotjar-connecticator-106707c65ee1208d448d3a7f0350d84b.yaml new file mode 100644 index 0000000000..894ef92968 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hotjar-connecticator-106707c65ee1208d448d3a7f0350d84b.yaml @@ -0,0 +1,58 @@ +id: hotjar-connecticator-106707c65ee1208d448d3a7f0350d84b + +info: + name: > + Hotjar Connecticator <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bbcd280-25c3-4bc3-88bf-d109cfd1e855?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hotjar-connecticator/" + google-query: inurl:"/wp-content/plugins/hotjar-connecticator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hotjar-connecticator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hotjar-connecticator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hotjar-connecticator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hotscot-contact-form-e36d961a443fc07bfdc5e0b939b3e6e6.yaml b/nuclei-templates/cve-less/plugins/hotscot-contact-form-e36d961a443fc07bfdc5e0b939b3e6e6.yaml new file mode 100644 index 0000000000..15d4a2d412 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hotscot-contact-form-e36d961a443fc07bfdc5e0b939b3e6e6.yaml @@ -0,0 +1,58 @@ +id: hotscot-contact-form-e36d961a443fc07bfdc5e0b939b3e6e6 + +info: + name: > + Hotscot Contact Form < 1.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad85b322-204a-4d74-8dde-38571fb68dd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hotscot-contact-form/" + google-query: inurl:"/wp-content/plugins/hotscot-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hotscot-contact-form,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hotscot-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hotscot-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/houzez-crm-a2b34dc7c637e9503c30ea45277c4ce7.yaml b/nuclei-templates/cve-less/plugins/houzez-crm-a2b34dc7c637e9503c30ea45277c4ce7.yaml new file mode 100644 index 0000000000..896c6d6b45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/houzez-crm-a2b34dc7c637e9503c30ea45277c4ce7.yaml @@ -0,0 +1,58 @@ +id: houzez-crm-a2b34dc7c637e9503c30ea45277c4ce7 + +info: + name: > + Houzez CRM <= 1.3.4 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54c14f04-32ec-4d05-b47b-3ff5e70c4daf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/houzez-crm/" + google-query: inurl:"/wp-content/plugins/houzez-crm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,houzez-crm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/houzez-crm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "houzez-crm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/houzez-login-register-6dad969c863a9551ee44b8e68612f92c.yaml b/nuclei-templates/cve-less/plugins/houzez-login-register-6dad969c863a9551ee44b8e68612f92c.yaml new file mode 100644 index 0000000000..e0e1d42f54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/houzez-login-register-6dad969c863a9551ee44b8e68612f92c.yaml @@ -0,0 +1,58 @@ +id: houzez-login-register-6dad969c863a9551ee44b8e68612f92c + +info: + name: > + Houzez Login Register <= 2.6.3 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2948d8f6-4b7b-49c3-a917-4306448416ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/houzez-login-register/" + google-query: inurl:"/wp-content/plugins/houzez-login-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,houzez-login-register,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/houzez-login-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "houzez-login-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hover-effects-4e07fbfa9287b3d698591e747048b894.yaml b/nuclei-templates/cve-less/plugins/hover-effects-4e07fbfa9287b3d698591e747048b894.yaml new file mode 100644 index 0000000000..89a0ce8f70 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hover-effects-4e07fbfa9287b3d698591e747048b894.yaml @@ -0,0 +1,58 @@ +id: hover-effects-4e07fbfa9287b3d698591e747048b894 + +info: + name: > + Hover Effects – easily create any hover effect <= 2.1 - Authenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e82cdfab-8090-4979-81b6-5b860e9ae187?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hover-effects/" + google-query: inurl:"/wp-content/plugins/hover-effects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hover-effects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hover-effects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hover-effects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hover-image-4ebc9d9cf2e6c0b8863f7b05c2ec1bcd.yaml b/nuclei-templates/cve-less/plugins/hover-image-4ebc9d9cf2e6c0b8863f7b05c2ec1bcd.yaml new file mode 100644 index 0000000000..b44893d3f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hover-image-4ebc9d9cf2e6c0b8863f7b05c2ec1bcd.yaml @@ -0,0 +1,58 @@ +id: hover-image-4ebc9d9cf2e6c0b8863f7b05c2ec1bcd + +info: + name: > + Hover Image <= 1.4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/341cbd60-33b9-49f8-b8f3-3c44664ce463?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hover-image/" + google-query: inurl:"/wp-content/plugins/hover-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hover-image,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hover-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hover-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hpbtool-fd9a8180717056f9f1f968f01ca33f0b.yaml b/nuclei-templates/cve-less/plugins/hpbtool-fd9a8180717056f9f1f968f01ca33f0b.yaml new file mode 100644 index 0000000000..dd22e2fa57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hpbtool-fd9a8180717056f9f1f968f01ca33f0b.yaml @@ -0,0 +1,58 @@ +id: hpbtool-fd9a8180717056f9f1f968f01ca33f0b + +info: + name: > + hpb Dashboard <= 1.3.1 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee4a9dc6-fc0b-4bab-9511-fa0a713800ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hpbtool/" + google-query: inurl:"/wp-content/plugins/hpbtool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hpbtool,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hpbtool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hpbtool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hreflang-tags-by-dcgws-6293b091bc766206bb45c5e76ab63e4c.yaml b/nuclei-templates/cve-less/plugins/hreflang-tags-by-dcgws-6293b091bc766206bb45c5e76ab63e4c.yaml new file mode 100644 index 0000000000..9687df5138 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hreflang-tags-by-dcgws-6293b091bc766206bb45c5e76ab63e4c.yaml @@ -0,0 +1,58 @@ +id: hreflang-tags-by-dcgws-6293b091bc766206bb45c5e76ab63e4c + +info: + name: > + HREFLANG Tags Lite <= 2.0.0 - Missing Authorization to Data Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/563f7d55-1df0-4bdc-b9be-5e564241bcf6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hreflang-tags-by-dcgws/" + google-query: inurl:"/wp-content/plugins/hreflang-tags-by-dcgws/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hreflang-tags-by-dcgws,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hreflang-tags-by-dcgws/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hreflang-tags-by-dcgws" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hrm-8ce46300a9ee0c671870e83a220afb03.yaml b/nuclei-templates/cve-less/plugins/hrm-8ce46300a9ee0c671870e83a220afb03.yaml new file mode 100644 index 0000000000..17ac71a603 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hrm-8ce46300a9ee0c671870e83a220afb03.yaml @@ -0,0 +1,58 @@ +id: hrm-8ce46300a9ee0c671870e83a220afb03 + +info: + name: > + WP Human Resource Management < 2.2.6 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07cdc2db-e748-40c9-a2fe-31aef0725dad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hrm/" + google-query: inurl:"/wp-content/plugins/hrm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hrm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hrm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hrm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hrm-a36379ec9941e1d3446832e6154938a3.yaml b/nuclei-templates/cve-less/plugins/hrm-a36379ec9941e1d3446832e6154938a3.yaml new file mode 100644 index 0000000000..81ce40448c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hrm-a36379ec9941e1d3446832e6154938a3.yaml @@ -0,0 +1,58 @@ +id: hrm-a36379ec9941e1d3446832e6154938a3 + +info: + name: > + WP Human Resource Management Plugin < 2.2.6 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9ffb0ac-84cf-4a82-b89b-05e43608db52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hrm/" + google-query: inurl:"/wp-content/plugins/hrm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hrm,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hrm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hrm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-contactform-3d1cc5475dc75a23246949ead1d96006.yaml b/nuclei-templates/cve-less/plugins/ht-contactform-3d1cc5475dc75a23246949ead1d96006.yaml new file mode 100644 index 0000000000..e778e665ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-contactform-3d1cc5475dc75a23246949ead1d96006.yaml @@ -0,0 +1,58 @@ +id: ht-contactform-3d1cc5475dc75a23246949ead1d96006 + +info: + name: > + Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks <= 1.1.5 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfe6f49a-1dd1-46d9-8e15-a8a766917092?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-contactform/" + google-query: inurl:"/wp-content/plugins/ht-contactform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-contactform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-contactform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-contactform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-easy-google-analytics-164d8e023bea2a9cf66601d6c8d87f66.yaml b/nuclei-templates/cve-less/plugins/ht-easy-google-analytics-164d8e023bea2a9cf66601d6c8d87f66.yaml new file mode 100644 index 0000000000..b00669e400 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-easy-google-analytics-164d8e023bea2a9cf66601d6c8d87f66.yaml @@ -0,0 +1,58 @@ +id: ht-easy-google-analytics-164d8e023bea2a9cf66601d6c8d87f66 + +info: + name: > + HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10e1b3ac-f002-4108-9682-5fe300f07adb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-easy-google-analytics/" + google-query: inurl:"/wp-content/plugins/ht-easy-google-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-easy-google-analytics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-easy-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-easy-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-easy-google-analytics-aeabe255a52538c85557d43415e4e073.yaml b/nuclei-templates/cve-less/plugins/ht-easy-google-analytics-aeabe255a52538c85557d43415e4e073.yaml new file mode 100644 index 0000000000..098b96364d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-easy-google-analytics-aeabe255a52538c85557d43415e4e073.yaml @@ -0,0 +1,58 @@ +id: ht-easy-google-analytics-aeabe255a52538c85557d43415e4e073 + +info: + name: > + HT Easy GA4 ( Google Analytics 4 ) <= 1.1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39d69a5e-4265-4898-9fd8-736dc2297b91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-easy-google-analytics/" + google-query: inurl:"/wp-content/plugins/ht-easy-google-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-easy-google-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-easy-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-easy-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-easy-google-analytics-b50572ce7e2b149d1cbd18124538a979.yaml b/nuclei-templates/cve-less/plugins/ht-easy-google-analytics-b50572ce7e2b149d1cbd18124538a979.yaml new file mode 100644 index 0000000000..633d466039 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-easy-google-analytics-b50572ce7e2b149d1cbd18124538a979.yaml @@ -0,0 +1,58 @@ +id: ht-easy-google-analytics-b50572ce7e2b149d1cbd18124538a979 + +info: + name: > + HT Easy GA4 ( Google Analytics 4 ) <= 1.0.6 - Cross-Site Request Forgery via plugin_activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fa2fcda-69f4-4095-b23c-6e6f1613adb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-easy-google-analytics/" + google-query: inurl:"/wp-content/plugins/ht-easy-google-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-easy-google-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-easy-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-easy-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-event-eea40bebf411a89783a41e1a9b7baa9a.yaml b/nuclei-templates/cve-less/plugins/ht-event-eea40bebf411a89783a41e1a9b7baa9a.yaml new file mode 100644 index 0000000000..b9dd66fb33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-event-eea40bebf411a89783a41e1a9b7baa9a.yaml @@ -0,0 +1,58 @@ +id: ht-event-eea40bebf411a89783a41e1a9b7baa9a + +info: + name: > + HT Event <= 1.4.5 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b14c07b-23bb-4a14-8018-fa2462383b35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-event/" + google-query: inurl:"/wp-content/plugins/ht-event/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-event,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-event/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-event" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-instagram-874767d2bf3455f1a596a7c733629154.yaml b/nuclei-templates/cve-less/plugins/ht-instagram-874767d2bf3455f1a596a7c733629154.yaml new file mode 100644 index 0000000000..48fd7eb336 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-instagram-874767d2bf3455f1a596a7c733629154.yaml @@ -0,0 +1,58 @@ +id: ht-instagram-874767d2bf3455f1a596a7c733629154 + +info: + name: > + HT Feed <= 1.2.7 - Cross-Site Request Forgery leading to Limited Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95723482-a6c5-4e95-a88d-c50a88108715?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-instagram/" + google-query: inurl:"/wp-content/plugins/ht-instagram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-instagram,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-instagram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-instagram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-01300894d57947b3560cabf2dbbcd115.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-01300894d57947b3560cabf2dbbcd115.yaml new file mode 100644 index 0000000000..073c100b72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-01300894d57947b3560cabf2dbbcd115.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-01300894d57947b3560cabf2dbbcd115 + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98e74a23-b586-4d6a-b1ab-78838b0eed61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-39662c17a130cae2e0ac4d8f08110d5e.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-39662c17a130cae2e0ac4d8f08110d5e.yaml new file mode 100644 index 0000000000..23df87b371 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-39662c17a130cae2e0ac4d8f08110d5e.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-39662c17a130cae2e0ac4d8f08110d5e + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.3.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6745be2e-d151-452a-8e65-0db2409dd54d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-4352573f5cddc391c5178beba8d7f9b0.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-4352573f5cddc391c5178beba8d7f9b0.yaml new file mode 100644 index 0000000000..6ba244f37d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-4352573f5cddc391c5178beba8d7f9b0.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-4352573f5cddc391c5178beba8d7f9b0 + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.4.6 - Sensitive Information Exposure via purchased_products + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54043c6a-48a1-48e8-ba61-a7e8a1773036?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-54345d40684c0a52baa3c3ff4f72b60d.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-54345d40684c0a52baa3c3ff4f72b60d.yaml new file mode 100644 index 0000000000..4ba4180441 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-54345d40684c0a52baa3c3ff4f72b60d.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-54345d40684c0a52baa3c3ff4f72b60d + +info: + name: > + HT Mega <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/316a1ca9-e5fd-463f-ba1e-32589740270a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-70fc895faebcf1fe7c1137deedd632a4.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-70fc895faebcf1fe7c1137deedd632a4.yaml new file mode 100644 index 0000000000..c00eb1a825 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-70fc895faebcf1fe7c1137deedd632a4.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-70fc895faebcf1fe7c1137deedd632a4 + +info: + name: > + HT Mega - Absolute Addons for Elementor Page Builder <= 1.5.5 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bead5edb-402a-44bc-9e2b-89201fa4603c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-719fa4e7b6c83ab485c9d95f46e8edb7.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-719fa4e7b6c83ab485c9d95f46e8edb7.yaml new file mode 100644 index 0000000000..802ccf22c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-719fa4e7b6c83ab485c9d95f46e8edb7.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-719fa4e7b6c83ab485c9d95f46e8edb7 + +info: + name: > + HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46f3cc62-c2d8-45af-bb92-c2040789cbc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-7648aa79e50b7fbff0359c4b0f9eb60d.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-7648aa79e50b7fbff0359c4b0f9eb60d.yaml new file mode 100644 index 0000000000..5313afe9ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-7648aa79e50b7fbff0359c4b0f9eb60d.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-7648aa79e50b7fbff0359c4b0f9eb60d + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lightbox Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e5417d3-c466-4caf-9fb6-26d6e2c06fe1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-77f47958ca9f6f3aca917f2faa21c35a.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-77f47958ca9f6f3aca917f2faa21c35a.yaml new file mode 100644 index 0000000000..48481d2b27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-77f47958ca9f6f3aca917f2faa21c35a.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-77f47958ca9f6f3aca917f2faa21c35a + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.4.7 - Missing Authorization to Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/249ad768-3706-47c6-ad1d-f11900b87608?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-7bd8b052dc6ab5494250ef14b3571b9d.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-7bd8b052dc6ab5494250ef14b3571b9d.yaml new file mode 100644 index 0000000000..b86d78ea47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-7bd8b052dc6ab5494250ef14b3571b9d.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-7bd8b052dc6ab5494250ef14b3571b9d + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8452e54-7a81-4921-b531-8cb3b0953dab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-885b11bd05584acc3850df4149714f79.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-885b11bd05584acc3850df4149714f79.yaml new file mode 100644 index 0000000000..3320f728ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-885b11bd05584acc3850df4149714f79.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-885b11bd05584acc3850df4149714f79 + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03fba6bb-ff30-42bb-936b-93c009a7e3f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-8dd7019aa8a80d139d621978f8455f94.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-8dd7019aa8a80d139d621978f8455f94.yaml new file mode 100644 index 0000000000..8977eb6004 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-8dd7019aa8a80d139d621978f8455f94.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-8dd7019aa8a80d139d621978f8455f94 + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion/FAQ + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52ba91f1-21a2-4d7c-8801-b5e72a00c37d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-b8980aa84f8cc55308551be159a27546.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-b8980aa84f8cc55308551be159a27546.yaml new file mode 100644 index 0000000000..3e9d14eb61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-b8980aa84f8cc55308551be159a27546.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-b8980aa84f8cc55308551be159a27546 + +info: + name: > + HT Mega <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleTag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ac66027-14b8-4e0a-a483-c014905ef04e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-c8bc0703f7a40b6110052093d1b42354.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-c8bc0703f7a40b6110052093d1b42354.yaml new file mode 100644 index 0000000000..bb9a87041b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-c8bc0703f7a40b6110052093d1b42354.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-c8bc0703f7a40b6110052093d1b42354 + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11b5f0a1-bf22-46be-a165-c62f1077da0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-c9c8b6f666802b2f51aa7a2059e8cf31.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-c9c8b6f666802b2f51aa7a2059e8cf31.yaml new file mode 100644 index 0000000000..a6e770efd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-c9c8b6f666802b2f51aa7a2059e8cf31.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-c9c8b6f666802b2f51aa7a2059e8cf31 + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Grid Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33b5e231-1b53-4646-ae9c-48babf1ebbd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-cbef84b88c0a2eb6e68bde27c710114f.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-cbef84b88c0a2eb6e68bde27c710114f.yaml new file mode 100644 index 0000000000..0926158352 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-cbef84b88c0a2eb6e68bde27c710114f.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-cbef84b88c0a2eb6e68bde27c710114f + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Carousel Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a71cbe66-4187-4260-bb87-8579bc6e75f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-d1cffa60eaefa9d562794ce4c0d0f8a6.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-d1cffa60eaefa9d562794ce4c0d0f8a6.yaml new file mode 100644 index 0000000000..1afbc586c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-d1cffa60eaefa9d562794ce4c0d0f8a6.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-d1cffa60eaefa9d562794ce4c0d0f8a6 + +info: + name: > + HT Mega – Absolute Addons For Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9c5bed-a399-43e2-be40-d669e90d3736?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-e3441a86dca8e1266b44f1ac2828bc65.yaml b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-e3441a86dca8e1266b44f1ac2828bc65.yaml new file mode 100644 index 0000000000..0666c1ae28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-mega-for-elementor-e3441a86dca8e1266b44f1ac2828bc65.yaml @@ -0,0 +1,58 @@ +id: ht-mega-for-elementor-e3441a86dca8e1266b44f1ac2828bc65 + +info: + name: > + HT Mega <= 2.3.3 - Cross-Site Request Forgery via Several Functions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f26b04f-2a25-40a6-9b2c-27d9970acb8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-mega-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-mega-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-mega-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-mega-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-mega-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-menu-lite-c4c123ba803ff56ca56f62a58df9c1fd.yaml b/nuclei-templates/cve-less/plugins/ht-menu-lite-c4c123ba803ff56ca56f62a58df9c1fd.yaml new file mode 100644 index 0000000000..538c07d614 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-menu-lite-c4c123ba803ff56ca56f62a58df9c1fd.yaml @@ -0,0 +1,58 @@ +id: ht-menu-lite-c4c123ba803ff56ca56f62a58df9c1fd + +info: + name: > + HT Menu <= 1.2.1 - Cross-Site Request Forgery via plugin_activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/deb2544f-75ac-4d6c-bec7-9f35cfe0028d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-menu-lite/" + google-query: inurl:"/wp-content/plugins/ht-menu-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-menu-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-menu-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-menu-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-portfolio-209d06497ab8e08c218ee68cdbabb1d1.yaml b/nuclei-templates/cve-less/plugins/ht-portfolio-209d06497ab8e08c218ee68cdbabb1d1.yaml new file mode 100644 index 0000000000..ab867b690a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-portfolio-209d06497ab8e08c218ee68cdbabb1d1.yaml @@ -0,0 +1,58 @@ +id: ht-portfolio-209d06497ab8e08c218ee68cdbabb1d1 + +info: + name: > + HT Portfolio <= 1.1.5 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ed63724-c21f-4b0e-b595-e824d3519b21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-portfolio/" + google-query: inurl:"/wp-content/plugins/ht-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-portfolio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ht-slider-for-elementor-58c63b651eae675c8ca30a5097ca90d9.yaml b/nuclei-templates/cve-less/plugins/ht-slider-for-elementor-58c63b651eae675c8ca30a5097ca90d9.yaml new file mode 100644 index 0000000000..98eb8ff698 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ht-slider-for-elementor-58c63b651eae675c8ca30a5097ca90d9.yaml @@ -0,0 +1,58 @@ +id: ht-slider-for-elementor-58c63b651eae675c8ca30a5097ca90d9 + +info: + name: > + HT Slider For Elementor <= 1.3.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81258fcc-18cc-4614-a644-5cfb004d019b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ht-slider-for-elementor/" + google-query: inurl:"/wp-content/plugins/ht-slider-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ht-slider-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ht-slider-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ht-slider-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/htaccess-9345a855b917e9d7c301701fd76aad46.yaml b/nuclei-templates/cve-less/plugins/htaccess-9345a855b917e9d7c301701fd76aad46.yaml new file mode 100644 index 0000000000..f25c58f461 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/htaccess-9345a855b917e9d7c301701fd76aad46.yaml @@ -0,0 +1,58 @@ +id: htaccess-9345a855b917e9d7c301701fd76aad46 + +info: + name: > + Htaccess by BestWebSoft – WordPress Website Access Control Plugin <= 1.7.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a6eac3b-823a-4a26-acb7-339357c10a07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/htaccess/" + google-query: inurl:"/wp-content/plugins/htaccess/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,htaccess,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/htaccess/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "htaccess" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/htaccess-edec211af3b7dbc24681331832d822e4.yaml b/nuclei-templates/cve-less/plugins/htaccess-edec211af3b7dbc24681331832d822e4.yaml new file mode 100644 index 0000000000..e7150f9e01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/htaccess-edec211af3b7dbc24681331832d822e4.yaml @@ -0,0 +1,58 @@ +id: htaccess-edec211af3b7dbc24681331832d822e4 + +info: + name: > + Htaccess <= 1.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a21df06c-4e56-4625-ae8b-89c9fc046939?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/htaccess/" + google-query: inurl:"/wp-content/plugins/htaccess/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,htaccess,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/htaccess/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "htaccess" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/htaccess-redirect-9d01cf11d54833d25428e1cf81d5a407.yaml b/nuclei-templates/cve-less/plugins/htaccess-redirect-9d01cf11d54833d25428e1cf81d5a407.yaml new file mode 100644 index 0000000000..4a20fea52c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/htaccess-redirect-9d01cf11d54833d25428e1cf81d5a407.yaml @@ -0,0 +1,58 @@ +id: htaccess-redirect-9d01cf11d54833d25428e1cf81d5a407 + +info: + name: > + .htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8c89641-805f-4f23-9eae-01e05fde19d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/htaccess-redirect/" + google-query: inurl:"/wp-content/plugins/htaccess-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,htaccess-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/htaccess-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "htaccess-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html-forms-418ebe6c7dbfef34adbdede493bce943.yaml b/nuclei-templates/cve-less/plugins/html-forms-418ebe6c7dbfef34adbdede493bce943.yaml new file mode 100644 index 0000000000..4a438dbb39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html-forms-418ebe6c7dbfef34adbdede493bce943.yaml @@ -0,0 +1,58 @@ +id: html-forms-418ebe6c7dbfef34adbdede493bce943 + +info: + name: > + HTML Forms <= 1.3.28 - Authenticated (Administrator+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2921ea67-e88a-489a-8c45-cfe458f29d2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html-forms/" + google-query: inurl:"/wp-content/plugins/html-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html-forms-8afa46038c928522e1a939b693fa3626.yaml b/nuclei-templates/cve-less/plugins/html-forms-8afa46038c928522e1a939b693fa3626.yaml new file mode 100644 index 0000000000..77a26a3c80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html-forms-8afa46038c928522e1a939b693fa3626.yaml @@ -0,0 +1,58 @@ +id: html-forms-8afa46038c928522e1a939b693fa3626 + +info: + name: > + HTML Forms <= 1.3.24 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92e9af52-a9a8-4b68-8351-f1091855fedc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html-forms/" + google-query: inurl:"/wp-content/plugins/html-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html2wp-0df1e064add078cf57c6048e0292bd1f.yaml b/nuclei-templates/cve-less/plugins/html2wp-0df1e064add078cf57c6048e0292bd1f.yaml new file mode 100644 index 0000000000..d6a791dc56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html2wp-0df1e064add078cf57c6048e0292bd1f.yaml @@ -0,0 +1,58 @@ +id: html2wp-0df1e064add078cf57c6048e0292bd1f + +info: + name: > + HTML2WP <= 1.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a597d36c-72ce-44f0-af7b-2b9aad46957c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html2wp/" + google-query: inurl:"/wp-content/plugins/html2wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html2wp,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html2wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html2wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html2wp-d9d330e96ffdfe1887976502e50deb2f.yaml b/nuclei-templates/cve-less/plugins/html2wp-d9d330e96ffdfe1887976502e50deb2f.yaml new file mode 100644 index 0000000000..d4d425825d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html2wp-d9d330e96ffdfe1887976502e50deb2f.yaml @@ -0,0 +1,58 @@ +id: html2wp-d9d330e96ffdfe1887976502e50deb2f + +info: + name: > + HTML2WP <= 1.0.0 - Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72b4fe0f-13cd-4580-9010-1a3e66000251?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html2wp/" + google-query: inurl:"/wp-content/plugins/html2wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html2wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html2wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html2wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html2wp-fcada36c51980400d6b77ffead4b0c1b.yaml b/nuclei-templates/cve-less/plugins/html2wp-fcada36c51980400d6b77ffead4b0c1b.yaml new file mode 100644 index 0000000000..5ebcd6fbf9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html2wp-fcada36c51980400d6b77ffead4b0c1b.yaml @@ -0,0 +1,58 @@ +id: html2wp-fcada36c51980400d6b77ffead4b0c1b + +info: + name: > + HTML2WP <= 1.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fc67bb9-178e-466d-a6c2-adaa377924bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html2wp/" + google-query: inurl:"/wp-content/plugins/html2wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html2wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html2wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html2wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-audio-player-1ab07ec0caa3cd50e192c36d8dc28388.yaml b/nuclei-templates/cve-less/plugins/html5-audio-player-1ab07ec0caa3cd50e192c36d8dc28388.yaml new file mode 100644 index 0000000000..ef0df26824 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-audio-player-1ab07ec0caa3cd50e192c36d8dc28388.yaml @@ -0,0 +1,58 @@ +id: html5-audio-player-1ab07ec0caa3cd50e192c36d8dc28388 + +info: + name: > + Html5 Audio Player <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0059382-3e13-434a-a3d1-7892d14a371b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-audio-player/" + google-query: inurl:"/wp-content/plugins/html5-audio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-audio-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-audio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-audio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-audio-player-8c8ea74da9222b97df27e5eb58a8262e.yaml b/nuclei-templates/cve-less/plugins/html5-audio-player-8c8ea74da9222b97df27e5eb58a8262e.yaml new file mode 100644 index 0000000000..5999e7c76e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-audio-player-8c8ea74da9222b97df27e5eb58a8262e.yaml @@ -0,0 +1,58 @@ +id: html5-audio-player-8c8ea74da9222b97df27e5eb58a8262e + +info: + name: > + Html5 Audio Player <= 2.1.2 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8b09933-9634-4a8a-a899-ba500979e5aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-audio-player/" + google-query: inurl:"/wp-content/plugins/html5-audio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-audio-player,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-audio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-audio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-audio-player-9cd02c8d638c4cb01b2d319013b9422d.yaml b/nuclei-templates/cve-less/plugins/html5-audio-player-9cd02c8d638c4cb01b2d319013b9422d.yaml new file mode 100644 index 0000000000..b22bebb27c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-audio-player-9cd02c8d638c4cb01b2d319013b9422d.yaml @@ -0,0 +1,58 @@ +id: html5-audio-player-9cd02c8d638c4cb01b2d319013b9422d + +info: + name: > + HTML5 Audio Player- Best WordPress Audio Player Plugin <= 2.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca646202-b9e2-4272-b0e2-d39cd748fb8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-audio-player/" + google-query: inurl:"/wp-content/plugins/html5-audio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-audio-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-audio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-audio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-maps-891ca23ffb08d94e6434e60528a16c74.yaml b/nuclei-templates/cve-less/plugins/html5-maps-891ca23ffb08d94e6434e60528a16c74.yaml new file mode 100644 index 0000000000..657d9d3a8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-maps-891ca23ffb08d94e6434e60528a16c74.yaml @@ -0,0 +1,58 @@ +id: html5-maps-891ca23ffb08d94e6434e60528a16c74 + +info: + name: > + HTML5 Maps <= 1.6.5.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/decb80c9-8f04-4d39-8e77-220f7862995e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-maps/" + google-query: inurl:"/wp-content/plugins/html5-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-maps-bdf0d3aa1632ca3b2ca5352b8bea588e.yaml b/nuclei-templates/cve-less/plugins/html5-maps-bdf0d3aa1632ca3b2ca5352b8bea588e.yaml new file mode 100644 index 0000000000..f8cebb6ae7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-maps-bdf0d3aa1632ca3b2ca5352b8bea588e.yaml @@ -0,0 +1,58 @@ +id: html5-maps-bdf0d3aa1632ca3b2ca5352b8bea588e + +info: + name: > + HTML5 Maps <= 1.7.1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/502bc68d-778a-47df-a5c2-6bd0b4f130cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-maps/" + google-query: inurl:"/wp-content/plugins/html5-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-mp3-player-with-mp3-folder-feedburner-playlist-bd39f2dcd48837d67c4b40b69f78df98.yaml b/nuclei-templates/cve-less/plugins/html5-mp3-player-with-mp3-folder-feedburner-playlist-bd39f2dcd48837d67c4b40b69f78df98.yaml new file mode 100644 index 0000000000..536c70c1b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-mp3-player-with-mp3-folder-feedburner-playlist-bd39f2dcd48837d67c4b40b69f78df98.yaml @@ -0,0 +1,58 @@ +id: html5-mp3-player-with-mp3-folder-feedburner-playlist-bd39f2dcd48837d67c4b40b69f78df98 + +info: + name: > + HTML5 MP3 Player with Folder Feedburner <= 2.8.0 - Authenticated (Author+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b7321e8-153c-4586-8114-65583e06573e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-mp3-player-with-mp3-folder-feedburner-playlist/" + google-query: inurl:"/wp-content/plugins/html5-mp3-player-with-mp3-folder-feedburner-playlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-mp3-player-with-mp3-folder-feedburner-playlist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-mp3-player-with-mp3-folder-feedburner-playlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-mp3-player-with-mp3-folder-feedburner-playlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-mp3-player-with-playlist-0df580dacb0df6a2ca5f274d2d7147c5.yaml b/nuclei-templates/cve-less/plugins/html5-mp3-player-with-playlist-0df580dacb0df6a2ca5f274d2d7147c5.yaml new file mode 100644 index 0000000000..98ba926362 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-mp3-player-with-playlist-0df580dacb0df6a2ca5f274d2d7147c5.yaml @@ -0,0 +1,58 @@ +id: html5-mp3-player-with-playlist-0df580dacb0df6a2ca5f274d2d7147c5 + +info: + name: > + HTML5 MP3 Player with Playlist Free <= 3.0.0 - Authenticated (Author+) PHP Object Injecton + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2eac991e-fc34-456c-a9a6-d30fde39fd42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-mp3-player-with-playlist/" + google-query: inurl:"/wp-content/plugins/html5-mp3-player-with-playlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-mp3-player-with-playlist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-mp3-player-with-playlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-mp3-player-with-playlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-mp3-player-with-playlist-cfb5454ff2827b6f871f30ef976e36bf.yaml b/nuclei-templates/cve-less/plugins/html5-mp3-player-with-playlist-cfb5454ff2827b6f871f30ef976e36bf.yaml new file mode 100644 index 0000000000..2ab54663fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-mp3-player-with-playlist-cfb5454ff2827b6f871f30ef976e36bf.yaml @@ -0,0 +1,58 @@ +id: html5-mp3-player-with-playlist-cfb5454ff2827b6f871f30ef976e36bf + +info: + name: > + HTML5 MP3 Player with Playlist <= 2.7.0 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41d55e84-773d-4ec9-8dca-b93b8dac4f48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-mp3-player-with-playlist/" + google-query: inurl:"/wp-content/plugins/html5-mp3-player-with-playlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-mp3-player-with-playlist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-mp3-player-with-playlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-mp3-player-with-playlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-responsive-faq-fb9f6e5f6b739b217a3c9294b96be3ec.yaml b/nuclei-templates/cve-less/plugins/html5-responsive-faq-fb9f6e5f6b739b217a3c9294b96be3ec.yaml new file mode 100644 index 0000000000..39b0734742 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-responsive-faq-fb9f6e5f6b739b217a3c9294b96be3ec.yaml @@ -0,0 +1,58 @@ +id: html5-responsive-faq-fb9f6e5f6b739b217a3c9294b96be3ec + +info: + name: > + HTML5 Responsive FAQ <= 2.8.5 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/247a095b-0a92-4fee-85cf-c3041a061d62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-responsive-faq/" + google-query: inurl:"/wp-content/plugins/html5-responsive-faq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-responsive-faq,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-responsive-faq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-responsive-faq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-soundcloud-player-with-playlist-c00b8bf14565edfcbae67925492b03f1.yaml b/nuclei-templates/cve-less/plugins/html5-soundcloud-player-with-playlist-c00b8bf14565edfcbae67925492b03f1.yaml new file mode 100644 index 0000000000..73c17bb655 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-soundcloud-player-with-playlist-c00b8bf14565edfcbae67925492b03f1.yaml @@ -0,0 +1,58 @@ +id: html5-soundcloud-player-with-playlist-c00b8bf14565edfcbae67925492b03f1 + +info: + name: > + HTML5 SoundCloud Player <= 2.8.0 - Authenticated (Author+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/229235de-03c6-4560-b0ea-ab21fde256be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-soundcloud-player-with-playlist/" + google-query: inurl:"/wp-content/plugins/html5-soundcloud-player-with-playlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-soundcloud-player-with-playlist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-soundcloud-player-with-playlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-soundcloud-player-with-playlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-video-player-a517ff8b627b981a1fe850768f04bf42.yaml b/nuclei-templates/cve-less/plugins/html5-video-player-a517ff8b627b981a1fe850768f04bf42.yaml new file mode 100644 index 0000000000..8967f4e937 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-video-player-a517ff8b627b981a1fe850768f04bf42.yaml @@ -0,0 +1,58 @@ +id: html5-video-player-a517ff8b627b981a1fe850768f04bf42 + +info: + name: > + Html5 Video Player <= 2.5.18 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb50d3f-9e01-4e3d-a3ed-8c3fec006be6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-video-player/" + google-query: inurl:"/wp-content/plugins/html5-video-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-video-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-video-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-video-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-video-player-with-playlist-485789fe72c833fe22bf40305da52bb0.yaml b/nuclei-templates/cve-less/plugins/html5-video-player-with-playlist-485789fe72c833fe22bf40305da52bb0.yaml new file mode 100644 index 0000000000..0b86ea092a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-video-player-with-playlist-485789fe72c833fe22bf40305da52bb0.yaml @@ -0,0 +1,58 @@ +id: html5-video-player-with-playlist-485789fe72c833fe22bf40305da52bb0 + +info: + name: > + HTML5 Video Player with Playlist <= 2.4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd42227-1cc2-42ab-b64b-3fe3fe1880c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-video-player-with-playlist/" + google-query: inurl:"/wp-content/plugins/html5-video-player-with-playlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-video-player-with-playlist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-video-player-with-playlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-video-player-with-playlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-videogallery-plus-player-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/html5-videogallery-plus-player-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..8fd569a1d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-videogallery-plus-player-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: html5-videogallery-plus-player-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-videogallery-plus-player/" + google-query: inurl:"/wp-content/plugins/html5-videogallery-plus-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-videogallery-plus-player,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-videogallery-plus-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-videogallery-plus-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/html5-virtual-classroom-b0382531907f0ce8fd4932cc7bcd495c.yaml b/nuclei-templates/cve-less/plugins/html5-virtual-classroom-b0382531907f0ce8fd4932cc7bcd495c.yaml new file mode 100644 index 0000000000..0a1915181b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/html5-virtual-classroom-b0382531907f0ce8fd4932cc7bcd495c.yaml @@ -0,0 +1,58 @@ +id: html5-virtual-classroom-b0382531907f0ce8fd4932cc7bcd495c + +info: + name: > + BrainCert – HTML5 Virtual Classroom <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76b3b5b7-fefe-44fb-a30e-c55226d4aaea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/html5-virtual-classroom/" + google-query: inurl:"/wp-content/plugins/html5-virtual-classroom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,html5-virtual-classroom,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/html5-virtual-classroom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "html5-virtual-classroom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/http-auth-e90b537c5f5b2550abd571e86aaca30a.yaml b/nuclei-templates/cve-less/plugins/http-auth-e90b537c5f5b2550abd571e86aaca30a.yaml new file mode 100644 index 0000000000..0c019a3a9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/http-auth-e90b537c5f5b2550abd571e86aaca30a.yaml @@ -0,0 +1,58 @@ +id: http-auth-e90b537c5f5b2550abd571e86aaca30a + +info: + name: > + HTTP Auth <= 0.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43357daa-4dce-4851-b41b-48d3ffb8a387?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/http-auth/" + google-query: inurl:"/wp-content/plugins/http-auth/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,http-auth,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/http-auth/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "http-auth" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/http-headers-15a164b8d7acefaa3a7ae7d37647554e.yaml b/nuclei-templates/cve-less/plugins/http-headers-15a164b8d7acefaa3a7ae7d37647554e.yaml new file mode 100644 index 0000000000..8ef4939025 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/http-headers-15a164b8d7acefaa3a7ae7d37647554e.yaml @@ -0,0 +1,58 @@ +id: http-headers-15a164b8d7acefaa3a7ae7d37647554e + +info: + name: > + HTTP Headers <= 1.18.10 - Authenticated(Administrator+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75b84eae-6ff2-49af-a420-2aeef50224e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/http-headers/" + google-query: inurl:"/wp-content/plugins/http-headers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,http-headers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/http-headers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "http-headers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/http-headers-3400f4eb6ff8887592360d9448530f42.yaml b/nuclei-templates/cve-less/plugins/http-headers-3400f4eb6ff8887592360d9448530f42.yaml new file mode 100644 index 0000000000..fc2ea4168c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/http-headers-3400f4eb6ff8887592360d9448530f42.yaml @@ -0,0 +1,58 @@ +id: http-headers-3400f4eb6ff8887592360d9448530f42 + +info: + name: > + HTTP Headers <= 1.18.11 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fed4dd54-7a7e-483b-a623-3cf3392572b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/http-headers/" + google-query: inurl:"/wp-content/plugins/http-headers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,http-headers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/http-headers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "http-headers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/http-headers-51f2517f9bbfce600c2f0bf80668bc91.yaml b/nuclei-templates/cve-less/plugins/http-headers-51f2517f9bbfce600c2f0bf80668bc91.yaml new file mode 100644 index 0000000000..f246670aa8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/http-headers-51f2517f9bbfce600c2f0bf80668bc91.yaml @@ -0,0 +1,58 @@ +id: http-headers-51f2517f9bbfce600c2f0bf80668bc91 + +info: + name: > + HTTP Headers <= 1.18.11 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69971673-e317-452c-8c54-97de006a214f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/http-headers/" + google-query: inurl:"/wp-content/plugins/http-headers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,http-headers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/http-headers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "http-headers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/http-headers-5f2adc5ca6dedc40903aa1f1e563d920.yaml b/nuclei-templates/cve-less/plugins/http-headers-5f2adc5ca6dedc40903aa1f1e563d920.yaml new file mode 100644 index 0000000000..7ec2f59463 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/http-headers-5f2adc5ca6dedc40903aa1f1e563d920.yaml @@ -0,0 +1,58 @@ +id: http-headers-5f2adc5ca6dedc40903aa1f1e563d920 + +info: + name: > + HTTP Headers <= 1.18.8 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea6b79c-2a09-4a6e-9b4b-a81f96e3bc12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/http-headers/" + google-query: inurl:"/wp-content/plugins/http-headers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,http-headers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/http-headers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "http-headers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/http-https-remover-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/cve-less/plugins/http-https-remover-25a10466c42d47292b8a71c862e9a26a.yaml new file mode 100644 index 0000000000..f420c9b17b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/http-https-remover-25a10466c42d47292b8a71c862e9a26a.yaml @@ -0,0 +1,58 @@ +id: http-https-remover-25a10466c42d47292b8a71c862e9a26a + +info: + name: > + Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/http-https-remover/" + google-query: inurl:"/wp-content/plugins/http-https-remover/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,http-https-remover,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/http-https-remover/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "http-https-remover" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/http-https-remover-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/cve-less/plugins/http-https-remover-6ac56b73dfbde68009426ab1366ff6c2.yaml new file mode 100644 index 0000000000..246a3009c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/http-https-remover-6ac56b73dfbde68009426ab1366ff6c2.yaml @@ -0,0 +1,58 @@ +id: http-https-remover-6ac56b73dfbde68009426ab1366ff6c2 + +info: + name: > + Inisev Analyst Module <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/http-https-remover/" + google-query: inurl:"/wp-content/plugins/http-https-remover/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,http-https-remover,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/http-https-remover/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "http-https-remover" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/http-https-remover-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/cve-less/plugins/http-https-remover-c451f687ef3559dbeeebe92c1e87ed44.yaml new file mode 100644 index 0000000000..7ca16593dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/http-https-remover-c451f687ef3559dbeeebe92c1e87ed44.yaml @@ -0,0 +1,58 @@ +id: http-https-remover-c451f687ef3559dbeeebe92c1e87ed44 + +info: + name: > + Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/http-https-remover/" + google-query: inurl:"/wp-content/plugins/http-https-remover/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,http-https-remover,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/http-https-remover/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "http-https-remover" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hueman-addons-9b8d61323342cf7cc549ce8c8f2716e5.yaml b/nuclei-templates/cve-less/plugins/hueman-addons-9b8d61323342cf7cc549ce8c8f2716e5.yaml new file mode 100644 index 0000000000..31704f79dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hueman-addons-9b8d61323342cf7cc549ce8c8f2716e5.yaml @@ -0,0 +1,58 @@ +id: hueman-addons-9b8d61323342cf7cc549ce8c8f2716e5 + +info: + name: > + Hueman Addons <= 2.3.3 - Authenticated (Contributor+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd782479-8eab-439d-9a8e-b4105e49964c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hueman-addons/" + google-query: inurl:"/wp-content/plugins/hueman-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hueman-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hueman-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hueman-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hummingbird-performance-198731eb0d140b29cd1b351f123496f9.yaml b/nuclei-templates/cve-less/plugins/hummingbird-performance-198731eb0d140b29cd1b351f123496f9.yaml new file mode 100644 index 0000000000..3ff3234931 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hummingbird-performance-198731eb0d140b29cd1b351f123496f9.yaml @@ -0,0 +1,58 @@ +id: hummingbird-performance-198731eb0d140b29cd1b351f123496f9 + +info: + name: > + Hummingbird <= 3.3.1 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6119481-f399-4bba-a824-1d7346e7e155?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hummingbird-performance/" + google-query: inurl:"/wp-content/plugins/hummingbird-performance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hummingbird-performance,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hummingbird-performance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hummingbird-performance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hummingbird-performance-7c3ea2239a49993a972e3badf432bcfc.yaml b/nuclei-templates/cve-less/plugins/hummingbird-performance-7c3ea2239a49993a972e3badf432bcfc.yaml new file mode 100644 index 0000000000..a98320dd05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hummingbird-performance-7c3ea2239a49993a972e3badf432bcfc.yaml @@ -0,0 +1,58 @@ +id: hummingbird-performance-7c3ea2239a49993a972e3badf432bcfc + +info: + name: > + Hummingbird <= 3.4.1 - Unauthenticated Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9b8e6dc-a9ac-4afb-ad47-4f51032bb1f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hummingbird-performance/" + google-query: inurl:"/wp-content/plugins/hummingbird-performance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hummingbird-performance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hummingbird-performance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hummingbird-performance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hummingbird-performance-ec5f1fa417ea6d6d86b4d82ac0f5e65d.yaml b/nuclei-templates/cve-less/plugins/hummingbird-performance-ec5f1fa417ea6d6d86b4d82ac0f5e65d.yaml new file mode 100644 index 0000000000..6c09a2d2b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hummingbird-performance-ec5f1fa417ea6d6d86b4d82ac0f5e65d.yaml @@ -0,0 +1,58 @@ +id: hummingbird-performance-ec5f1fa417ea6d6d86b4d82ac0f5e65d + +info: + name: > + Hummingbird <= 3.7.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bd35ef1-ed28-44db-a1f6-74bc83974c71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hummingbird-performance/" + google-query: inurl:"/wp-content/plugins/hummingbird-performance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hummingbird-performance,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hummingbird-performance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hummingbird-performance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hungarian-pickup-points-for-woocommerce-4954ab56551b4ce703a0899a0107deda.yaml b/nuclei-templates/cve-less/plugins/hungarian-pickup-points-for-woocommerce-4954ab56551b4ce703a0899a0107deda.yaml new file mode 100644 index 0000000000..1cf2d889ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hungarian-pickup-points-for-woocommerce-4954ab56551b4ce703a0899a0107deda.yaml @@ -0,0 +1,58 @@ +id: hungarian-pickup-points-for-woocommerce-4954ab56551b4ce703a0899a0107deda + +info: + name: > + Csomagpontok és szállítási címkék WooCommerce hez <= 1.9.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/642a8e71-c267-41f5-bcf5-f5627be9038e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hungarian-pickup-points-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/hungarian-pickup-points-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hungarian-pickup-points-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hungarian-pickup-points-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hungarian-pickup-points-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hurrytimer-268b053a1bfe487ee9a98a976d059155.yaml b/nuclei-templates/cve-less/plugins/hurrytimer-268b053a1bfe487ee9a98a976d059155.yaml new file mode 100644 index 0000000000..1e06c09305 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hurrytimer-268b053a1bfe487ee9a98a976d059155.yaml @@ -0,0 +1,58 @@ +id: hurrytimer-268b053a1bfe487ee9a98a976d059155 + +info: + name: > + HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a8f4ec8-d66e-4892-9770-67450aaa83d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hurrytimer/" + google-query: inurl:"/wp-content/plugins/hurrytimer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hurrytimer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hurrytimer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hurrytimer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/hyphenator-ab777568922b3dcb0b2e73d6e3091f21.yaml b/nuclei-templates/cve-less/plugins/hyphenator-ab777568922b3dcb0b2e73d6e3091f21.yaml new file mode 100644 index 0000000000..8390855906 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/hyphenator-ab777568922b3dcb0b2e73d6e3091f21.yaml @@ -0,0 +1,58 @@ +id: hyphenator-ab777568922b3dcb0b2e73d6e3091f21 + +info: + name: > + Hyphenator <= 5.1.5 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b87f741-4115-4ded-8dff-dc36cfdf1df1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/hyphenator/" + google-query: inurl:"/wp-content/plugins/hyphenator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,hyphenator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/hyphenator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hyphenator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/i-recommend-this-4b04846741419fafa968ec2cd45a21dd.yaml b/nuclei-templates/cve-less/plugins/i-recommend-this-4b04846741419fafa968ec2cd45a21dd.yaml new file mode 100644 index 0000000000..557c15cbca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/i-recommend-this-4b04846741419fafa968ec2cd45a21dd.yaml @@ -0,0 +1,58 @@ +id: i-recommend-this-4b04846741419fafa968ec2cd45a21dd + +info: + name: > + I Recommend This <= 3.9.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0ee9b26-4e7f-475f-b42b-5af40b78cbca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/i-recommend-this/" + google-query: inurl:"/wp-content/plugins/i-recommend-this/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,i-recommend-this,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/i-recommend-this/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "i-recommend-this" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/i-recommend-this-91fc45f92059ad3dccdaddc100f38fa5.yaml b/nuclei-templates/cve-less/plugins/i-recommend-this-91fc45f92059ad3dccdaddc100f38fa5.yaml new file mode 100644 index 0000000000..2c895bffa4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/i-recommend-this-91fc45f92059ad3dccdaddc100f38fa5.yaml @@ -0,0 +1,58 @@ +id: i-recommend-this-91fc45f92059ad3dccdaddc100f38fa5 + +info: + name: > + I Recommend This <= 3.7.2 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca9c10b6-6d32-45c9-beb1-7a5c84d0863d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/i-recommend-this/" + google-query: inurl:"/wp-content/plugins/i-recommend-this/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,i-recommend-this,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/i-recommend-this/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "i-recommend-this" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/i-recommend-this-c8c3c4e396d486583b9e49a37e519b53.yaml b/nuclei-templates/cve-less/plugins/i-recommend-this-c8c3c4e396d486583b9e49a37e519b53.yaml new file mode 100644 index 0000000000..960278a8a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/i-recommend-this-c8c3c4e396d486583b9e49a37e519b53.yaml @@ -0,0 +1,58 @@ +id: i-recommend-this-c8c3c4e396d486583b9e49a37e519b53 + +info: + name: > + I Recommend This <= 3.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc74e973-90ab-4678-a035-82b4b2b85604?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/i-recommend-this/" + google-query: inurl:"/wp-content/plugins/i-recommend-this/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,i-recommend-this,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/i-recommend-this/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "i-recommend-this" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/i-recommend-this-f577d412a90189953cb8af4c09d74c9d.yaml b/nuclei-templates/cve-less/plugins/i-recommend-this-f577d412a90189953cb8af4c09d74c9d.yaml new file mode 100644 index 0000000000..dcd826ead5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/i-recommend-this-f577d412a90189953cb8af4c09d74c9d.yaml @@ -0,0 +1,58 @@ +id: i-recommend-this-f577d412a90189953cb8af4c09d74c9d + +info: + name: > + I Recommend This < 3.7.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20df30e2-7e59-479c-946d-e0128b7d8401?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/i-recommend-this/" + google-query: inurl:"/wp-content/plugins/i-recommend-this/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,i-recommend-this,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/i-recommend-this/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "i-recommend-this" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/i2-pro-cons-5c4c3c093dd69f631ab63d22386e6148.yaml b/nuclei-templates/cve-less/plugins/i2-pro-cons-5c4c3c093dd69f631ab63d22386e6148.yaml new file mode 100644 index 0000000000..a724d51405 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/i2-pro-cons-5c4c3c093dd69f631ab63d22386e6148.yaml @@ -0,0 +1,58 @@ +id: i2-pro-cons-5c4c3c093dd69f631ab63d22386e6148 + +info: + name: > + i2 Pros & Cons <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3dae870-9b5f-47ef-b8b2-23fac613ec00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/i2-pro-cons/" + google-query: inurl:"/wp-content/plugins/i2-pro-cons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,i2-pro-cons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/i2-pro-cons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "i2-pro-cons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ibs-mappro-2f8ca7fb94c2fd4e610b875c561d523b.yaml b/nuclei-templates/cve-less/plugins/ibs-mappro-2f8ca7fb94c2fd4e610b875c561d523b.yaml new file mode 100644 index 0000000000..c395bcfae3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ibs-mappro-2f8ca7fb94c2fd4e610b875c561d523b.yaml @@ -0,0 +1,58 @@ +id: ibs-mappro-2f8ca7fb94c2fd4e610b875c561d523b + +info: + name: > + IBS Mappro < 1.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77cea6a1-d5e8-459c-97cc-9dc8f7c0f48f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ibs-mappro/" + google-query: inurl:"/wp-content/plugins/ibs-mappro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ibs-mappro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ibs-mappro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ibs-mappro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ibtana-visual-editor-747cb2b72097d91ef1564458b7d2e373.yaml b/nuclei-templates/cve-less/plugins/ibtana-visual-editor-747cb2b72097d91ef1564458b7d2e373.yaml new file mode 100644 index 0000000000..6e7cb3bad0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ibtana-visual-editor-747cb2b72097d91ef1564458b7d2e373.yaml @@ -0,0 +1,58 @@ +id: ibtana-visual-editor-747cb2b72097d91ef1564458b7d2e373 + +info: + name: > + Ibtana – WordPress Website Builder <= 1.1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79d96a6c-6191-44d8-aab8-f01bb2692767?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ibtana-visual-editor/" + google-query: inurl:"/wp-content/plugins/ibtana-visual-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ibtana-visual-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ibtana-visual-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ibtana-visual-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ibtana-visual-editor-912a26e9536c81b126d2560cabd51139.yaml b/nuclei-templates/cve-less/plugins/ibtana-visual-editor-912a26e9536c81b126d2560cabd51139.yaml new file mode 100644 index 0000000000..e2dcffff02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ibtana-visual-editor-912a26e9536c81b126d2560cabd51139.yaml @@ -0,0 +1,58 @@ +id: ibtana-visual-editor-912a26e9536c81b126d2560cabd51139 + +info: + name: > + Ibtana – WordPress Website Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b09d496-0e03-48a4-acf7-57febe18ed0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ibtana-visual-editor/" + google-query: inurl:"/wp-content/plugins/ibtana-visual-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ibtana-visual-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ibtana-visual-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ibtana-visual-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ibtana-visual-editor-fdc54b4c35b7d9b62d80ce198388bdcb.yaml b/nuclei-templates/cve-less/plugins/ibtana-visual-editor-fdc54b4c35b7d9b62d80ce198388bdcb.yaml new file mode 100644 index 0000000000..6f515bd37e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ibtana-visual-editor-fdc54b4c35b7d9b62d80ce198388bdcb.yaml @@ -0,0 +1,58 @@ +id: ibtana-visual-editor-fdc54b4c35b7d9b62d80ce198388bdcb + +info: + name: > + Ibtana – WordPress Website Builder <= 1.1.4.7 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/196cbc3f-b794-49e2-8769-b5277c2b8f76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ibtana-visual-editor/" + google-query: inurl:"/wp-content/plugins/ibtana-visual-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ibtana-visual-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ibtana-visual-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ibtana-visual-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icalendrier-9fca0dd0c7f34e6a746c8a219eb28b95.yaml b/nuclei-templates/cve-less/plugins/icalendrier-9fca0dd0c7f34e6a746c8a219eb28b95.yaml new file mode 100644 index 0000000000..bce195ffb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icalendrier-9fca0dd0c7f34e6a746c8a219eb28b95.yaml @@ -0,0 +1,58 @@ +id: icalendrier-9fca0dd0c7f34e6a746c8a219eb28b95 + +info: + name: > + iCalendrier <= 1.80 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96fb8398-d566-439c-8ed0-78e71276b577?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icalendrier/" + google-query: inurl:"/wp-content/plugins/icalendrier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icalendrier,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icalendrier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icalendrier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.80') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icegram-1189677e87fccd5ba86b3b7c8e3828fd.yaml b/nuclei-templates/cve-less/plugins/icegram-1189677e87fccd5ba86b3b7c8e3828fd.yaml new file mode 100644 index 0000000000..1ba3d0bc7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icegram-1189677e87fccd5ba86b3b7c8e3828fd.yaml @@ -0,0 +1,58 @@ +id: icegram-1189677e87fccd5ba86b3b7c8e3828fd + +info: + name: > + Icegram <= 1.10.28.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e1bb306-c1a4-4b59-ad57-a9ca4500b049?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icegram/" + google-query: inurl:"/wp-content/plugins/icegram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icegram,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.28.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icegram-173c2f3da25ffb641f6c881b0ecd192a.yaml b/nuclei-templates/cve-less/plugins/icegram-173c2f3da25ffb641f6c881b0ecd192a.yaml new file mode 100644 index 0000000000..ba46281cd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icegram-173c2f3da25ffb641f6c881b0ecd192a.yaml @@ -0,0 +1,58 @@ +id: icegram-173c2f3da25ffb641f6c881b0ecd192a + +info: + name: > + Icegram Engage <= 3.1.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d391629-b0a0-4b85-86d3-e1c7603adc95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icegram/" + google-query: inurl:"/wp-content/plugins/icegram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icegram,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icegram-1b90a29b0e05edb9e0100d5bac6dd543.yaml b/nuclei-templates/cve-less/plugins/icegram-1b90a29b0e05edb9e0100d5bac6dd543.yaml new file mode 100644 index 0000000000..8dcb8ef39c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icegram-1b90a29b0e05edb9e0100d5bac6dd543.yaml @@ -0,0 +1,58 @@ +id: icegram-1b90a29b0e05edb9e0100d5bac6dd543 + +info: + name: > + Icegram <= 1.9.18 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbc5edda-c503-4a0c-be9e-6ce17eee2c51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icegram/" + google-query: inurl:"/wp-content/plugins/icegram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icegram,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icegram-5c5cac9fef446ce5aab816bcf883d040.yaml b/nuclei-templates/cve-less/plugins/icegram-5c5cac9fef446ce5aab816bcf883d040.yaml new file mode 100644 index 0000000000..6aa51de33a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icegram-5c5cac9fef446ce5aab816bcf883d040.yaml @@ -0,0 +1,58 @@ +id: icegram-5c5cac9fef446ce5aab816bcf883d040 + +info: + name: > + Icegram <= 2.0.4 - Reflected Cross-Site Scripting via message_id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07aeed92-f3e9-4a25-a7e0-b364cb98f5dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icegram/" + google-query: inurl:"/wp-content/plugins/icegram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icegram,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icegram-889f2c95b741c5e0897bda79fd4658fe.yaml b/nuclei-templates/cve-less/plugins/icegram-889f2c95b741c5e0897bda79fd4658fe.yaml new file mode 100644 index 0000000000..b0f2854051 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icegram-889f2c95b741c5e0897bda79fd4658fe.yaml @@ -0,0 +1,58 @@ +id: icegram-889f2c95b741c5e0897bda79fd4658fe + +info: + name: > + Icegram Engage <= 2.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e75b3cc3-5bd6-4af9-94bf-2c3b6270e1c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icegram/" + google-query: inurl:"/wp-content/plugins/icegram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icegram,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icegram-88a06d86ce607df4ff6b1b9039ea93cb.yaml b/nuclei-templates/cve-less/plugins/icegram-88a06d86ce607df4ff6b1b9039ea93cb.yaml new file mode 100644 index 0000000000..b0315e2366 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icegram-88a06d86ce607df4ff6b1b9039ea93cb.yaml @@ -0,0 +1,58 @@ +id: icegram-88a06d86ce607df4ff6b1b9039ea93cb + +info: + name: > + Icegram <= 3.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Message + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0feeca6b-b611-44d3-90a6-569e4d2ccf5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icegram/" + google-query: inurl:"/wp-content/plugins/icegram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icegram,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icegram-952c35deeae371ba14bf32adbe040582.yaml b/nuclei-templates/cve-less/plugins/icegram-952c35deeae371ba14bf32adbe040582.yaml new file mode 100644 index 0000000000..9c5cac1fa6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icegram-952c35deeae371ba14bf32adbe040582.yaml @@ -0,0 +1,58 @@ +id: icegram-952c35deeae371ba14bf32adbe040582 + +info: + name: > + Icegram <= 3.1.18 - Cross-Site Request Forgery via save_campaign_preview + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3000b140-2e38-463d-9128-b486293e3cf6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icegram/" + google-query: inurl:"/wp-content/plugins/icegram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icegram,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icegram-c7d2eaa1bef247cc946f12a77351dbbb.yaml b/nuclei-templates/cve-less/plugins/icegram-c7d2eaa1bef247cc946f12a77351dbbb.yaml new file mode 100644 index 0000000000..ce71e4c010 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icegram-c7d2eaa1bef247cc946f12a77351dbbb.yaml @@ -0,0 +1,58 @@ +id: icegram-c7d2eaa1bef247cc946f12a77351dbbb + +info: + name: > + Icegram <= 1.9.18 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b55128e9-f79f-4872-931f-c6f4d1d12032?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icegram/" + google-query: inurl:"/wp-content/plugins/icegram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icegram,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icegram-de418588fa621f09a7aaad7d1520c591.yaml b/nuclei-templates/cve-less/plugins/icegram-de418588fa621f09a7aaad7d1520c591.yaml new file mode 100644 index 0000000000..07c7fb3ab6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icegram-de418588fa621f09a7aaad7d1520c591.yaml @@ -0,0 +1,58 @@ +id: icegram-de418588fa621f09a7aaad7d1520c591 + +info: + name: > + Icegram <= 2.0.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bdb5ae36-6ce2-4c26-8047-6bbbdce530c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icegram/" + google-query: inurl:"/wp-content/plugins/icegram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icegram,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icegram-fad6995dafdb43e5ee26d12d1d4dc9b6.yaml b/nuclei-templates/cve-less/plugins/icegram-fad6995dafdb43e5ee26d12d1d4dc9b6.yaml new file mode 100644 index 0000000000..6bf98540e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icegram-fad6995dafdb43e5ee26d12d1d4dc9b6.yaml @@ -0,0 +1,58 @@ +id: icegram-fad6995dafdb43e5ee26d12d1d4dc9b6 + +info: + name: > + Icegram <= 3.1.21 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/059f526f-6769-4092-92b0-2ef6248963ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icegram/" + google-query: inurl:"/wp-content/plugins/icegram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icegram,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icegram-rainmaker-00aaf3a917048a24cf4188f68658ad92.yaml b/nuclei-templates/cve-less/plugins/icegram-rainmaker-00aaf3a917048a24cf4188f68658ad92.yaml new file mode 100644 index 0000000000..4943fa73b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icegram-rainmaker-00aaf3a917048a24cf4188f68658ad92.yaml @@ -0,0 +1,58 @@ +id: icegram-rainmaker-00aaf3a917048a24cf4188f68658ad92 + +info: + name: > + Icegram Collect <= 1.3.8 - Authenticated(Contributor+) Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93920201-fd53-45ad-983a-a2b04b96db77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icegram-rainmaker/" + google-query: inurl:"/wp-content/plugins/icegram-rainmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icegram-rainmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icegram-rainmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icegram-rainmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icon-1b71c9c29fdfc5dbc008529fa648dbe1.yaml b/nuclei-templates/cve-less/plugins/icon-1b71c9c29fdfc5dbc008529fa648dbe1.yaml new file mode 100644 index 0000000000..c6f30c1a97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icon-1b71c9c29fdfc5dbc008529fa648dbe1.yaml @@ -0,0 +1,58 @@ +id: icon-1b71c9c29fdfc5dbc008529fa648dbe1 + +info: + name: > + Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efe6d975-310d-4286-af2a-e599990e3b0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icon/" + google-query: inurl:"/wp-content/plugins/icon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icon-d0db52345c07a6211225ddd6537e55c1.yaml b/nuclei-templates/cve-less/plugins/icon-d0db52345c07a6211225ddd6537e55c1.yaml new file mode 100644 index 0000000000..2301d5812c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icon-d0db52345c07a6211225ddd6537e55c1.yaml @@ -0,0 +1,58 @@ +id: icon-d0db52345c07a6211225ddd6537e55c1 + +info: + name: > + Web Icons <= 1.0.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8af960cd-6f39-4ce1-888a-f32f01b833df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icon/" + google-query: inurl:"/wp-content/plugins/icon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icon-widget-3d89fb86525a43be8c098b0f455b9af2.yaml b/nuclei-templates/cve-less/plugins/icon-widget-3d89fb86525a43be8c098b0f455b9af2.yaml new file mode 100644 index 0000000000..9337eaf465 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icon-widget-3d89fb86525a43be8c098b0f455b9af2.yaml @@ -0,0 +1,58 @@ +id: icon-widget-3d89fb86525a43be8c098b0f455b9af2 + +info: + name: > + Icon Widget <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7352ab6d-b582-4512-a9fa-4b42b78fa862?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icon-widget/" + google-query: inurl:"/wp-content/plugins/icon-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icon-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icon-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icon-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icon-widget-8616181357e5ec901fe630838e957487.yaml b/nuclei-templates/cve-less/plugins/icon-widget-8616181357e5ec901fe630838e957487.yaml new file mode 100644 index 0000000000..fcdab156f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icon-widget-8616181357e5ec901fe630838e957487.yaml @@ -0,0 +1,58 @@ +id: icon-widget-8616181357e5ec901fe630838e957487 + +info: + name: > + Icon Widget <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81c4dd54-a248-48a0-a407-ffd3162e0abe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icon-widget/" + google-query: inurl:"/wp-content/plugins/icon-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icon-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icon-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icon-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iconic-woothumbs-de57654257372bbed35371bcf945ac46.yaml b/nuclei-templates/cve-less/plugins/iconic-woothumbs-de57654257372bbed35371bcf945ac46.yaml new file mode 100644 index 0000000000..bf23126ed1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iconic-woothumbs-de57654257372bbed35371bcf945ac46.yaml @@ -0,0 +1,58 @@ +id: iconic-woothumbs-de57654257372bbed35371bcf945ac46 + +info: + name: > + WooThumbs for WooCommerce by Iconic <= 5.5.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47feeeef-07ff-42a1-a94d-b90c25cce2e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iconic-woothumbs/" + google-query: inurl:"/wp-content/plugins/iconic-woothumbs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iconic-woothumbs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iconic-woothumbs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iconic-woothumbs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icons-font-loader-8140a3945a877628cd9d34a767c59437.yaml b/nuclei-templates/cve-less/plugins/icons-font-loader-8140a3945a877628cd9d34a767c59437.yaml new file mode 100644 index 0000000000..5c6871378d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icons-font-loader-8140a3945a877628cd9d34a767c59437.yaml @@ -0,0 +1,58 @@ +id: icons-font-loader-8140a3945a877628cd9d34a767c59437 + +info: + name: > + Icons Font Loader <= 1.1.4 - Authenticated(Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37426991-7778-4dc4-8cae-2725584fb8b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icons-font-loader/" + google-query: inurl:"/wp-content/plugins/icons-font-loader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icons-font-loader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icons-font-loader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icons-font-loader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icons-font-loader-cecbfeb5d8e878e2a09fb45c42f38adc.yaml b/nuclei-templates/cve-less/plugins/icons-font-loader-cecbfeb5d8e878e2a09fb45c42f38adc.yaml new file mode 100644 index 0000000000..e02fb19cf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icons-font-loader-cecbfeb5d8e878e2a09fb45c42f38adc.yaml @@ -0,0 +1,58 @@ +id: icons-font-loader-cecbfeb5d8e878e2a09fb45c42f38adc + +info: + name: > + Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12a9fbe8-445a-478a-b6ce-cd669ccb6a2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icons-font-loader/" + google-query: inurl:"/wp-content/plugins/icons-font-loader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icons-font-loader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icons-font-loader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icons-font-loader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icons-font-loader-d61c42f727c04f01365911b7fc14a3d5.yaml b/nuclei-templates/cve-less/plugins/icons-font-loader-d61c42f727c04f01365911b7fc14a3d5.yaml new file mode 100644 index 0000000000..ff94aa59ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icons-font-loader-d61c42f727c04f01365911b7fc14a3d5.yaml @@ -0,0 +1,58 @@ +id: icons-font-loader-d61c42f727c04f01365911b7fc14a3d5 + +info: + name: > + Icons Font Loader <= 1.1.2 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8564fc82-ff23-44b6-91b0-d63e6afb1a73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icons-font-loader/" + google-query: inurl:"/wp-content/plugins/icons-font-loader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icons-font-loader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icons-font-loader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icons-font-loader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icons-for-features-df867e267884badbbf8457b1d7257d5d.yaml b/nuclei-templates/cve-less/plugins/icons-for-features-df867e267884badbbf8457b1d7257d5d.yaml new file mode 100644 index 0000000000..1926543d81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icons-for-features-df867e267884badbbf8457b1d7257d5d.yaml @@ -0,0 +1,58 @@ +id: icons-for-features-df867e267884badbbf8457b1d7257d5d + +info: + name: > + Icons for Features <= 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35a0f4dd-7370-48da-a4ef-424c42da60e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icons-for-features/" + google-query: inurl:"/wp-content/plugins/icons-for-features/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icons-for-features,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icons-for-features/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icons-for-features" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icons-with-links-widget-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/icons-with-links-widget-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..a42aff9a90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icons-with-links-widget-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: icons-with-links-widget-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icons-with-links-widget/" + google-query: inurl:"/wp-content/plugins/icons-with-links-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icons-with-links-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icons-with-links-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icons-with-links-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ics-calendar-13f1e3e1ecb400323f6ac6db56c9c266.yaml b/nuclei-templates/cve-less/plugins/ics-calendar-13f1e3e1ecb400323f6ac6db56c9c266.yaml new file mode 100644 index 0000000000..c86e442784 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ics-calendar-13f1e3e1ecb400323f6ac6db56c9c266.yaml @@ -0,0 +1,58 @@ +id: ics-calendar-13f1e3e1ecb400323f6ac6db56c9c266 + +info: + name: > + ICS Calendar <= 10.12.0.1 - Authenticated(Contributor+) Directory Traversal via _url_get_contents + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f18a1c5-a0b7-49f9-acc1-5604304fd72f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ics-calendar/" + google-query: inurl:"/wp-content/plugins/ics-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ics-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ics-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ics-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 10.12.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ics-calendar-145fd589f9d6e521c8599d0e3d4550d9.yaml b/nuclei-templates/cve-less/plugins/ics-calendar-145fd589f9d6e521c8599d0e3d4550d9.yaml new file mode 100644 index 0000000000..5f0faab75f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ics-calendar-145fd589f9d6e521c8599d0e3d4550d9.yaml @@ -0,0 +1,58 @@ +id: ics-calendar-145fd589f9d6e521c8599d0e3d4550d9 + +info: + name: > + ICS Calendar <= 10.12.0.2 - Authenticated (Contributor+) Arbitrary File Read and Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f15415aa-b820-4697-8360-b526312c89d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ics-calendar/" + google-query: inurl:"/wp-content/plugins/ics-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ics-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ics-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ics-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.12.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/icustomizer-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/icustomizer-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..741717ecc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/icustomizer-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: icustomizer-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/icustomizer/" + google-query: inurl:"/wp-content/plugins/icustomizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,icustomizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/icustomizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "icustomizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/idbbee-6f26e9f01d61af85a0a5abec46c6e923.yaml b/nuclei-templates/cve-less/plugins/idbbee-6f26e9f01d61af85a0a5abec46c6e923.yaml new file mode 100644 index 0000000000..25b6770adf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/idbbee-6f26e9f01d61af85a0a5abec46c6e923.yaml @@ -0,0 +1,58 @@ +id: idbbee-6f26e9f01d61af85a0a5abec46c6e923 + +info: + name: > + idbbee <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac763936-7147-4100-8a46-4c6d2f2224b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/idbbee/" + google-query: inurl:"/wp-content/plugins/idbbee/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,idbbee,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/idbbee/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "idbbee" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ideal-interactive-map-9f41ca20cf9aa5ad6ef84f69ddb6f680.yaml b/nuclei-templates/cve-less/plugins/ideal-interactive-map-9f41ca20cf9aa5ad6ef84f69ddb6f680.yaml new file mode 100644 index 0000000000..d033f081c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ideal-interactive-map-9f41ca20cf9aa5ad6ef84f69ddb6f680.yaml @@ -0,0 +1,58 @@ +id: ideal-interactive-map-9f41ca20cf9aa5ad6ef84f69ddb6f680 + +info: + name: > + Ideal Interactive Map <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/019c5e06-1345-4c8e-abb9-dc0ea5d55ef5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ideal-interactive-map/" + google-query: inurl:"/wp-content/plugins/ideal-interactive-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ideal-interactive-map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ideal-interactive-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ideal-interactive-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ideapush-147226d7fc59bc73ef79b60eb67e7365.yaml b/nuclei-templates/cve-less/plugins/ideapush-147226d7fc59bc73ef79b60eb67e7365.yaml new file mode 100644 index 0000000000..76d83f6867 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ideapush-147226d7fc59bc73ef79b60eb67e7365.yaml @@ -0,0 +1,58 @@ +id: ideapush-147226d7fc59bc73ef79b60eb67e7365 + +info: + name: > + IdeaPush <= 8.52 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3673a86c-1e11-45ad-8944-84a38aad53dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ideapush/" + google-query: inurl:"/wp-content/plugins/ideapush/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ideapush,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ideapush/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ideapush" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ideapush-99da104892c6f75f32c9288294b2b02d.yaml b/nuclei-templates/cve-less/plugins/ideapush-99da104892c6f75f32c9288294b2b02d.yaml new file mode 100644 index 0000000000..87c5735daa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ideapush-99da104892c6f75f32c9288294b2b02d.yaml @@ -0,0 +1,58 @@ +id: ideapush-99da104892c6f75f32c9288294b2b02d + +info: + name: > + IdeaPush <= 8.57 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5811fc63-da34-43cb-ae33-a34a8795bb72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ideapush/" + google-query: inurl:"/wp-content/plugins/ideapush/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ideapush,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ideapush/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ideapush" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.57') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/idpay-contact-form-7-950481457b7608baa20b9048bd054085.yaml b/nuclei-templates/cve-less/plugins/idpay-contact-form-7-950481457b7608baa20b9048bd054085.yaml new file mode 100644 index 0000000000..f87eaa71bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/idpay-contact-form-7-950481457b7608baa20b9048bd054085.yaml @@ -0,0 +1,58 @@ +id: idpay-contact-form-7-950481457b7608baa20b9048bd054085 + +info: + name: > + IDPay for Contact Form 7 <= 2.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf3f82dc-3820-4c9d-adbb-ca0375078876?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/idpay-contact-form-7/" + google-query: inurl:"/wp-content/plugins/idpay-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,idpay-contact-form-7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/idpay-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "idpay-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/idx-broker-platinum-74e3a5823f9cf5e58e6b984ee0054047.yaml b/nuclei-templates/cve-less/plugins/idx-broker-platinum-74e3a5823f9cf5e58e6b984ee0054047.yaml new file mode 100644 index 0000000000..69edf44ccd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/idx-broker-platinum-74e3a5823f9cf5e58e6b984ee0054047.yaml @@ -0,0 +1,58 @@ +id: idx-broker-platinum-74e3a5823f9cf5e58e6b984ee0054047 + +info: + name: > + IMPress for IDX Broker <= 2.6.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4ca9c6-7ffd-4170-9004-f7bc3ad15df0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/idx-broker-platinum/" + google-query: inurl:"/wp-content/plugins/idx-broker-platinum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,idx-broker-platinum,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/idx-broker-platinum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "idx-broker-platinum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/idx-broker-platinum-ce70b843af38d7c69c95be8ff1b26205.yaml b/nuclei-templates/cve-less/plugins/idx-broker-platinum-ce70b843af38d7c69c95be8ff1b26205.yaml new file mode 100644 index 0000000000..7670992f6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/idx-broker-platinum-ce70b843af38d7c69c95be8ff1b26205.yaml @@ -0,0 +1,58 @@ +id: idx-broker-platinum-ce70b843af38d7c69c95be8ff1b26205 + +info: + name: > + IMPress for IDX Broker <= 2.6.1 - Authenticated Arbitrary Post Creation, Modification, and Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/426ea88f-bdd4-4da6-88c2-db82df9e01e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/idx-broker-platinum/" + google-query: inurl:"/wp-content/plugins/idx-broker-platinum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,idx-broker-platinum,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/idx-broker-platinum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "idx-broker-platinum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/if-menu-cd6ae30437be0309f27d9b8ec11e2caa.yaml b/nuclei-templates/cve-less/plugins/if-menu-cd6ae30437be0309f27d9b8ec11e2caa.yaml new file mode 100644 index 0000000000..c6994353fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/if-menu-cd6ae30437be0309f27d9b8ec11e2caa.yaml @@ -0,0 +1,58 @@ +id: if-menu-cd6ae30437be0309f27d9b8ec11e2caa + +info: + name: > + If Menu <= 0.16.3 - Missing Authorization to Admin Settings Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b5fc0ac-7a33-48da-8b0f-566b9eb0f17f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/if-menu/" + google-query: inurl:"/wp-content/plugins/if-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,if-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/if-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "if-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.16.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/if-so-a5beaca14051398b5a8cac72b33e8606.yaml b/nuclei-templates/cve-less/plugins/if-so-a5beaca14051398b5a8cac72b33e8606.yaml new file mode 100644 index 0000000000..0294bc8488 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/if-so-a5beaca14051398b5a8cac72b33e8606.yaml @@ -0,0 +1,58 @@ +id: if-so-a5beaca14051398b5a8cac72b33e8606 + +info: + name: > + If-So Dynamic Content Personalization <= 1.6.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8407b678-76c5-4232-b17e-8db05f9e7b12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/if-so/" + google-query: inurl:"/wp-content/plugins/if-so/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,if-so,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/if-so/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "if-so" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ifeature-slider-4857da40460f492fd61121c6a3d9ad96.yaml b/nuclei-templates/cve-less/plugins/ifeature-slider-4857da40460f492fd61121c6a3d9ad96.yaml new file mode 100644 index 0000000000..e00bf74a7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ifeature-slider-4857da40460f492fd61121c6a3d9ad96.yaml @@ -0,0 +1,58 @@ +id: ifeature-slider-4857da40460f492fd61121c6a3d9ad96 + +info: + name: > + iFeature Slider <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c070b9c-5bed-4f9f-8d96-70958bf294cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ifeature-slider/" + google-query: inurl:"/wp-content/plugins/ifeature-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ifeature-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ifeature-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ifeature-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iflychat-8961ac80ff2f49ea02524bf55be03a91.yaml b/nuclei-templates/cve-less/plugins/iflychat-8961ac80ff2f49ea02524bf55be03a91.yaml new file mode 100644 index 0000000000..2ccda38afe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iflychat-8961ac80ff2f49ea02524bf55be03a91.yaml @@ -0,0 +1,58 @@ +id: iflychat-8961ac80ff2f49ea02524bf55be03a91 + +info: + name: > + iFlyChat – WordPress Chat <= 4.6.4 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81141b8c-9677-4267-9026-33267e3135f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iflychat/" + google-query: inurl:"/wp-content/plugins/iflychat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iflychat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iflychat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iflychat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iflychat-a5c9dfe234305fe9b3c82a7200b4785c.yaml b/nuclei-templates/cve-less/plugins/iflychat-a5c9dfe234305fe9b3c82a7200b4785c.yaml new file mode 100644 index 0000000000..f1bedcdc1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iflychat-a5c9dfe234305fe9b3c82a7200b4785c.yaml @@ -0,0 +1,58 @@ +id: iflychat-a5c9dfe234305fe9b3c82a7200b4785c + +info: + name: > + iFlyChat – WordPress Chat <= 4.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78797c97-a5b8-4d2d-acd2-ebd508f2f836?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iflychat/" + google-query: inurl:"/wp-content/plugins/iflychat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iflychat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iflychat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iflychat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ifolders-7c92e9b689e3db3a0760660dea080463.yaml b/nuclei-templates/cve-less/plugins/ifolders-7c92e9b689e3db3a0760660dea080463.yaml new file mode 100644 index 0000000000..e561886326 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ifolders-7c92e9b689e3db3a0760660dea080463.yaml @@ -0,0 +1,58 @@ +id: ifolders-7c92e9b689e3db3a0760660dea080463 + +info: + name: > + iFolders <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1f957ce-7bb0-4701-8b2a-522211c408d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ifolders/" + google-query: inurl:"/wp-content/plugins/ifolders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ifolders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ifolders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ifolders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iframe-4e5782f54b030eb5a442bdadb5799911.yaml b/nuclei-templates/cve-less/plugins/iframe-4e5782f54b030eb5a442bdadb5799911.yaml new file mode 100644 index 0000000000..0d0b837894 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iframe-4e5782f54b030eb5a442bdadb5799911.yaml @@ -0,0 +1,58 @@ +id: iframe-4e5782f54b030eb5a442bdadb5799911 + +info: + name: > + iFrame <= 4.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7bcd458-71bf-4961-a7ce-3f88593f6f5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iframe/" + google-query: inurl:"/wp-content/plugins/iframe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iframe,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iframe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iframe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iframe-731244d7e48d469d8250ca7d6169422e.yaml b/nuclei-templates/cve-less/plugins/iframe-731244d7e48d469d8250ca7d6169422e.yaml new file mode 100644 index 0000000000..60529de4f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iframe-731244d7e48d469d8250ca7d6169422e.yaml @@ -0,0 +1,58 @@ +id: iframe-731244d7e48d469d8250ca7d6169422e + +info: + name: > + iframe <= 4.4 - Authenticated Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/742acb6b-a799-4bb8-b4dc-f7359e7fdd4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iframe/" + google-query: inurl:"/wp-content/plugins/iframe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iframe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iframe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iframe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iframe-87f3d8d7d2e5d0851519c88fc9a636a9.yaml b/nuclei-templates/cve-less/plugins/iframe-87f3d8d7d2e5d0851519c88fc9a636a9.yaml new file mode 100644 index 0000000000..b5696a57ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iframe-87f3d8d7d2e5d0851519c88fc9a636a9.yaml @@ -0,0 +1,58 @@ +id: iframe-87f3d8d7d2e5d0851519c88fc9a636a9 + +info: + name: > + iFrame <= 3.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b37fc473-d71e-47d6-b0fe-e323868244f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iframe/" + google-query: inurl:"/wp-content/plugins/iframe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iframe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iframe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iframe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iframe-c1259d5d6340f1a9bb2b4b54cbfddf23.yaml b/nuclei-templates/cve-less/plugins/iframe-c1259d5d6340f1a9bb2b4b54cbfddf23.yaml new file mode 100644 index 0000000000..5daba28843 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iframe-c1259d5d6340f1a9bb2b4b54cbfddf23.yaml @@ -0,0 +1,58 @@ +id: iframe-c1259d5d6340f1a9bb2b4b54cbfddf23 + +info: + name: > + iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3706deed-55f2-4dfb-bfed-7a14872cd15a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iframe/" + google-query: inurl:"/wp-content/plugins/iframe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iframe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iframe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iframe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iframe-f282e15c376140f7b66d206f8f96f3e6.yaml b/nuclei-templates/cve-less/plugins/iframe-f282e15c376140f7b66d206f8f96f3e6.yaml new file mode 100644 index 0000000000..41436be484 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iframe-f282e15c376140f7b66d206f8f96f3e6.yaml @@ -0,0 +1,58 @@ +id: iframe-f282e15c376140f7b66d206f8f96f3e6 + +info: + name: > + iFrame <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via srcdoc + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66f392d0-d5fb-4a8c-b972-becfac6cf6e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iframe/" + google-query: inurl:"/wp-content/plugins/iframe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iframe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iframe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iframe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iframe-forms-0e32b41ab13a7d99daea1bd1091ef1a3.yaml b/nuclei-templates/cve-less/plugins/iframe-forms-0e32b41ab13a7d99daea1bd1091ef1a3.yaml new file mode 100644 index 0000000000..f19a880c6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iframe-forms-0e32b41ab13a7d99daea1bd1091ef1a3.yaml @@ -0,0 +1,58 @@ +id: iframe-forms-0e32b41ab13a7d99daea1bd1091ef1a3 + +info: + name: > + iframe forms <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframe Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/818de7f7-913a-4ade-927e-bba281b4709a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iframe-forms/" + google-query: inurl:"/wp-content/plugins/iframe-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iframe-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iframe-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iframe-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iframe-popup-bd8810c05731a418d8d9a50b27d4228d.yaml b/nuclei-templates/cve-less/plugins/iframe-popup-bd8810c05731a418d8d9a50b27d4228d.yaml new file mode 100644 index 0000000000..0cb9270e12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iframe-popup-bd8810c05731a418d8d9a50b27d4228d.yaml @@ -0,0 +1,58 @@ +id: iframe-popup-bd8810c05731a418d8d9a50b27d4228d + +info: + name: > + iframe popup <= 3.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d2c6f19-025e-4c17-b5d9-4bbddbaf66d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iframe-popup/" + google-query: inurl:"/wp-content/plugins/iframe-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iframe-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iframe-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iframe-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iframe-shortcode-ff7d4698a1b99dc4dd381f78e045f0a7.yaml b/nuclei-templates/cve-less/plugins/iframe-shortcode-ff7d4698a1b99dc4dd381f78e045f0a7.yaml new file mode 100644 index 0000000000..e4965507a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iframe-shortcode-ff7d4698a1b99dc4dd381f78e045f0a7.yaml @@ -0,0 +1,58 @@ +id: iframe-shortcode-ff7d4698a1b99dc4dd381f78e045f0a7 + +info: + name: > + iframe Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3c323d5-59bc-4ecc-8211-2104fd22639f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iframe-shortcode/" + google-query: inurl:"/wp-content/plugins/iframe-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iframe-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iframe-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iframe-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/igniteup-063e847b7379d721b0dcf7f56e94adc2.yaml b/nuclei-templates/cve-less/plugins/igniteup-063e847b7379d721b0dcf7f56e94adc2.yaml new file mode 100644 index 0000000000..239b4d008b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/igniteup-063e847b7379d721b0dcf7f56e94adc2.yaml @@ -0,0 +1,58 @@ +id: igniteup-063e847b7379d721b0dcf7f56e94adc2 + +info: + name: > + IgniteUp – Coming Soon and Maintenance Mode <= 3.4 - Unauthenticated Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a1a4186-216e-4ed1-860c-fe345ac6e62a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/igniteup/" + google-query: inurl:"/wp-content/plugins/igniteup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,igniteup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/igniteup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "igniteup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/igniteup-2d2ac3176c43972722599e2c20bf65f9.yaml b/nuclei-templates/cve-less/plugins/igniteup-2d2ac3176c43972722599e2c20bf65f9.yaml new file mode 100644 index 0000000000..413de3498c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/igniteup-2d2ac3176c43972722599e2c20bf65f9.yaml @@ -0,0 +1,58 @@ +id: igniteup-2d2ac3176c43972722599e2c20bf65f9 + +info: + name: > + IgniteUp – Coming Soon and Maintenance Mode <= 3.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e8f63e3-6392-4152-94a5-eb953d7e53fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/igniteup/" + google-query: inurl:"/wp-content/plugins/igniteup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,igniteup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/igniteup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "igniteup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/igniteup-97d25b3e88007081f13d8a53fc8698cf.yaml b/nuclei-templates/cve-less/plugins/igniteup-97d25b3e88007081f13d8a53fc8698cf.yaml new file mode 100644 index 0000000000..f35b3c6163 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/igniteup-97d25b3e88007081f13d8a53fc8698cf.yaml @@ -0,0 +1,58 @@ +id: igniteup-97d25b3e88007081f13d8a53fc8698cf + +info: + name: > + IgniteUp – Coming Soon and Maintenance Mode <= 3.4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51cf2f40-7be8-4302-a766-88ec2f0501f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/igniteup/" + google-query: inurl:"/wp-content/plugins/igniteup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,igniteup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/igniteup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "igniteup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/igniteup-afb7fcca9f98de3c120709c28d44be7f.yaml b/nuclei-templates/cve-less/plugins/igniteup-afb7fcca9f98de3c120709c28d44be7f.yaml new file mode 100644 index 0000000000..c8d5cef524 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/igniteup-afb7fcca9f98de3c120709c28d44be7f.yaml @@ -0,0 +1,58 @@ +id: igniteup-afb7fcca9f98de3c120709c28d44be7f + +info: + name: > + IgniteUp – Coming Soon and Maintenance Mode <= 3.4.0 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc472230-bd80-4bdb-a969-fed7551cc60d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/igniteup/" + google-query: inurl:"/wp-content/plugins/igniteup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,igniteup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/igniteup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "igniteup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/igniteup-edf371c1f05d5a891d28a3a64c575117.yaml b/nuclei-templates/cve-less/plugins/igniteup-edf371c1f05d5a891d28a3a64c575117.yaml new file mode 100644 index 0000000000..be1103bf76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/igniteup-edf371c1f05d5a891d28a3a64c575117.yaml @@ -0,0 +1,58 @@ +id: igniteup-edf371c1f05d5a891d28a3a64c575117 + +info: + name: > + IgniteUp – Coming Soon and Maintenance Mode <= 3.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e33d72d-00d4-45c8-98d2-0a0a73d13b35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/igniteup/" + google-query: inurl:"/wp-content/plugins/igniteup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,igniteup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/igniteup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "igniteup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iksweb-71669f91f6c03ce43a9b92fdae9360cb.yaml b/nuclei-templates/cve-less/plugins/iksweb-71669f91f6c03ce43a9b92fdae9360cb.yaml new file mode 100644 index 0000000000..a8c7a959fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iksweb-71669f91f6c03ce43a9b92fdae9360cb.yaml @@ -0,0 +1,58 @@ +id: iksweb-71669f91f6c03ce43a9b92fdae9360cb + +info: + name: > + Старт <= 3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8121633-299d-45f9-88b1-e65e30e897d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iksweb/" + google-query: inurl:"/wp-content/plugins/iksweb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iksweb,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iksweb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iksweb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ilab-media-tools-babf60986b5038101853937d0a274e12.yaml b/nuclei-templates/cve-less/plugins/ilab-media-tools-babf60986b5038101853937d0a274e12.yaml new file mode 100644 index 0000000000..57840c5b49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ilab-media-tools-babf60986b5038101853937d0a274e12.yaml @@ -0,0 +1,58 @@ +id: ilab-media-tools-babf60986b5038101853937d0a274e12 + +info: + name: > + Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more <= 4.5.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e10e25e-7d92-4374-8c8e-479cc0dabb1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ilab-media-tools/" + google-query: inurl:"/wp-content/plugins/ilab-media-tools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ilab-media-tools,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ilab-media-tools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ilab-media-tools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-export-f6b963f6eaf79a560e9301150e1dd55c.yaml b/nuclei-templates/cve-less/plugins/image-export-f6b963f6eaf79a560e9301150e1dd55c.yaml new file mode 100644 index 0000000000..088a13681b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-export-f6b963f6eaf79a560e9301150e1dd55c.yaml @@ -0,0 +1,58 @@ +id: image-export-f6b963f6eaf79a560e9301150e1dd55c + +info: + name: > + Image Export < 1.1.1 - Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1746da3b-397d-4027-b76d-4c57fadf32c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-export/" + google-query: inurl:"/wp-content/plugins/image-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-export,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-1ec9332e58fa89c17bc632e5c37f8d95.yaml b/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-1ec9332e58fa89c17bc632e5c37f8d95.yaml new file mode 100644 index 0000000000..8076922bed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-1ec9332e58fa89c17bc632e5c37f8d95.yaml @@ -0,0 +1,58 @@ +id: image-gallery-with-slideshow-1ec9332e58fa89c17bc632e5c37f8d95 + +info: + name: > + Image Gallery with Slideshow Plugin <= 1.5.2 - Blind SQL Injection via imgid + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e820c00d-0456-49e8-aca4-bb981a9cfea1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-gallery-with-slideshow/" + google-query: inurl:"/wp-content/plugins/image-gallery-with-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-gallery-with-slideshow,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery-with-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery-with-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-34b604e60259ea80e8e107b60855d439.yaml b/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-34b604e60259ea80e8e107b60855d439.yaml new file mode 100644 index 0000000000..efde309ebe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-34b604e60259ea80e8e107b60855d439.yaml @@ -0,0 +1,58 @@ +id: image-gallery-with-slideshow-34b604e60259ea80e8e107b60855d439 + +info: + name: > + Image Gallery with Slideshow <= 1.5.2 - SQL Injection via gallery_name + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6164c161-f764-4064-8139-609caad82204?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-gallery-with-slideshow/" + google-query: inurl:"/wp-content/plugins/image-gallery-with-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-gallery-with-slideshow,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery-with-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery-with-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-3f3452426888f89fbe519623725273af.yaml b/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-3f3452426888f89fbe519623725273af.yaml new file mode 100644 index 0000000000..a8b56f42f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-3f3452426888f89fbe519623725273af.yaml @@ -0,0 +1,58 @@ +id: image-gallery-with-slideshow-3f3452426888f89fbe519623725273af + +info: + name: > + Image Gallery with Slideshow <= 1.5.2 - SQL Injection via selectMulGallery + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9ced7f4-9574-40a6-94eb-e5d3bdff8336?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-gallery-with-slideshow/" + google-query: inurl:"/wp-content/plugins/image-gallery-with-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-gallery-with-slideshow,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery-with-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery-with-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-d9744d373611452d7acba4bbb5d5e69e.yaml b/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-d9744d373611452d7acba4bbb5d5e69e.yaml new file mode 100644 index 0000000000..c85daf06bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-d9744d373611452d7acba4bbb5d5e69e.yaml @@ -0,0 +1,58 @@ +id: image-gallery-with-slideshow-d9744d373611452d7acba4bbb5d5e69e + +info: + name: > + Image Gallery with Slideshow Plugin <= 1.5.2 - SQL Injection via gid + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cef83a3e-9e8b-4c4c-9adc-cdcebefadd39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-gallery-with-slideshow/" + google-query: inurl:"/wp-content/plugins/image-gallery-with-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-gallery-with-slideshow,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery-with-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery-with-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-f04fb223e6bc1b82dc5e818d9e40fb20.yaml b/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-f04fb223e6bc1b82dc5e818d9e40fb20.yaml new file mode 100644 index 0000000000..c305835b71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-gallery-with-slideshow-f04fb223e6bc1b82dc5e818d9e40fb20.yaml @@ -0,0 +1,58 @@ +id: image-gallery-with-slideshow-f04fb223e6bc1b82dc5e818d9e40fb20 + +info: + name: > + Image Gallery with Slideshow Plugin <= 1.5.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7dac90c-d84a-4e93-a4c0-baaa5fee11c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-gallery-with-slideshow/" + google-query: inurl:"/wp-content/plugins/image-gallery-with-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-gallery-with-slideshow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-gallery-with-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-gallery-with-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-horizontal-reel-scroll-slideshow-09c9edd801d535f8b0dc361310e2bb14.yaml b/nuclei-templates/cve-less/plugins/image-horizontal-reel-scroll-slideshow-09c9edd801d535f8b0dc361310e2bb14.yaml new file mode 100644 index 0000000000..cc2bfdc24d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-horizontal-reel-scroll-slideshow-09c9edd801d535f8b0dc361310e2bb14.yaml @@ -0,0 +1,58 @@ +id: image-horizontal-reel-scroll-slideshow-09c9edd801d535f8b0dc361310e2bb14 + +info: + name: > + Image horizontal reel scroll slideshow <= 13.2 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08fb698f-c87c-4200-85fe-3fe72745633e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-horizontal-reel-scroll-slideshow/" + google-query: inurl:"/wp-content/plugins/image-horizontal-reel-scroll-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-horizontal-reel-scroll-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-horizontal-reel-scroll-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-horizontal-reel-scroll-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-horizontal-reel-scroll-slideshow-21bae7dd0ccc10547daf0010edb807de.yaml b/nuclei-templates/cve-less/plugins/image-horizontal-reel-scroll-slideshow-21bae7dd0ccc10547daf0010edb807de.yaml new file mode 100644 index 0000000000..1526e27380 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-horizontal-reel-scroll-slideshow-21bae7dd0ccc10547daf0010edb807de.yaml @@ -0,0 +1,58 @@ +id: image-horizontal-reel-scroll-slideshow-21bae7dd0ccc10547daf0010edb807de + +info: + name: > + Image horizontal reel scroll slideshow <= 13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28ba6f91-c696-4019-ae87-28ebfbe464cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-horizontal-reel-scroll-slideshow/" + google-query: inurl:"/wp-content/plugins/image-horizontal-reel-scroll-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-horizontal-reel-scroll-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-horizontal-reel-scroll-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-horizontal-reel-scroll-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-addon-for-elementor-026772a7c84514935eb2f122e1212bd7.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-addon-for-elementor-026772a7c84514935eb2f122e1212bd7.yaml new file mode 100644 index 0000000000..32a545d501 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-addon-for-elementor-026772a7c84514935eb2f122e1212bd7.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-addon-for-elementor-026772a7c84514935eb2f122e1212bd7 + +info: + name: > + Image Hover Effects – Elementor Addon <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'eihe_align' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05d26003-ae7e-480a-bd63-1c5f5e9c3cab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-addon-for-elementor/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-addon-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-addon-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-addon-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-addon-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-addon-for-elementor-23084d0a675ec1fe2de5f06c696330cf.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-addon-for-elementor-23084d0a675ec1fe2de5f06c696330cf.yaml new file mode 100644 index 0000000000..7d317e4140 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-addon-for-elementor-23084d0a675ec1fe2de5f06c696330cf.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-addon-for-elementor-23084d0a675ec1fe2de5f06c696330cf + +info: + name: > + Image Hover Effects - Elementor Addon <= 1.4.1 - Authenticated(Contributor+) DOM-based Stored Cross-Site Scripting via Image Hover Effects Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d72a57f-9acc-43e4-af81-024bc6e0d3fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-addon-for-elementor/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-addon-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-addon-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-addon-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-addon-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-addon-for-elementor-257c0e2f02ca2973a1b0fbc7bb05b9d9.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-addon-for-elementor-257c0e2f02ca2973a1b0fbc7bb05b9d9.yaml new file mode 100644 index 0000000000..fc00ec95d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-addon-for-elementor-257c0e2f02ca2973a1b0fbc7bb05b9d9.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-addon-for-elementor-257c0e2f02ca2973a1b0fbc7bb05b9d9 + +info: + name: > + Image Hover Effects – Elementor Addon <= 1.3.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd126bcb-0add-4662-a4d9-03a55a7d9a32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-addon-for-elementor/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-addon-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-addon-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-addon-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-addon-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-css3-af386a5b7a4c4897059c13e07ba6a1c2.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-css3-af386a5b7a4c4897059c13e07ba6a1c2.yaml new file mode 100644 index 0000000000..5e6596a856 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-css3-af386a5b7a4c4897059c13e07ba6a1c2.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-css3-af386a5b7a4c4897059c13e07ba6a1c2 + +info: + name: > + Image Hover Effects Css3 <= 4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e6616d0-0690-4bf4-9228-33679b926b90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-css3/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-css3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-css3,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-css3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-css3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-ec47480114d271de7f87aec48e42bcd6.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-ec47480114d271de7f87aec48e42bcd6.yaml new file mode 100644 index 0000000000..9d0fd3177f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-ec47480114d271de7f87aec48e42bcd6.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-ec47480114d271de7f87aec48e42bcd6 + +info: + name: > + Image Hover Effects <= 5.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb947f1f-8cce-448d-9c86-1d3c01a4637d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects/" + google-query: inurl:"/wp-content/plugins/image-hover-effects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-f33065d14f70bf7433189e427d984bdc.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-f33065d14f70bf7433189e427d984bdc.yaml new file mode 100644 index 0000000000..89696e4a51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-f33065d14f70bf7433189e427d984bdc.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-f33065d14f70bf7433189e427d984bdc + +info: + name: > + Image Hover Effects <= 5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4ecf437-b9f5-47d3-85b2-c8159c937473?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects/" + google-query: inurl:"/wp-content/plugins/image-hover-effects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-0291dfad8381b24ca3c37e22a37879df.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-0291dfad8381b24ca3c37e22a37879df.yaml new file mode 100644 index 0000000000..c6541bb663 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-0291dfad8381b24ca3c37e22a37879df.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-ultimate-0291dfad8381b24ca3c37e22a37879df + +info: + name: > + Image Hover Effects Ultimate <= 9.7.0 - Reflected Cross-Site Scripting via effects + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d902dfe-f16d-4795-9fcf-ee454b3d8c56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-ultimate/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-2996acb98eba30cde2adfc4ff1d39a59.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-2996acb98eba30cde2adfc4ff1d39a59.yaml new file mode 100644 index 0000000000..8f10c4430e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-2996acb98eba30cde2adfc4ff1d39a59.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-ultimate-2996acb98eba30cde2adfc4ff1d39a59 + +info: + name: > + Image Hover Effects Ultimate <= 9.6.1 - Unauthenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4fcc97-1b6b-4411-8b55-0ef7a2c8d44e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-ultimate/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-617785fa7c971048a906a08d626203c0.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-617785fa7c971048a906a08d626203c0.yaml new file mode 100644 index 0000000000..3f92a258a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-617785fa7c971048a906a08d626203c0.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-ultimate-617785fa7c971048a906a08d626203c0 + +info: + name: > + Image Hover Effects Ultimate <= 9.7.1 - Authenticated (Admin+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15c2cc20-8d10-4e77-8009-df91e171183f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-ultimate/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-8967ba956e5665f951b5fe05d1b8630c.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-8967ba956e5665f951b5fe05d1b8630c.yaml new file mode 100644 index 0000000000..1ae84c79e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-8967ba956e5665f951b5fe05d1b8630c.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-ultimate-8967ba956e5665f951b5fe05d1b8630c + +info: + name: > + Image Hover Effects Ultimate <= 9.7.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78376368-4883-48ce-aad0-e1d5a993cd74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-ultimate/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-cb1c5b7fa2f66db14c90c48d844c8b70.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-cb1c5b7fa2f66db14c90c48d844c8b70.yaml new file mode 100644 index 0000000000..f8d001e957 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-cb1c5b7fa2f66db14c90c48d844c8b70.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-ultimate-cb1c5b7fa2f66db14c90c48d844c8b70 + +info: + name: > + Image Hover Effects Ultimate 9.8.1 - 9.8.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f00cdef3-d733-4e85-8099-204ef76096b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-ultimate/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 9.8.1', '<= 9.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-d213e2e9594308f580bdffdb06a3d065.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-d213e2e9594308f580bdffdb06a3d065.yaml new file mode 100644 index 0000000000..a896e8acdc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-d213e2e9594308f580bdffdb06a3d065.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-ultimate-d213e2e9594308f580bdffdb06a3d065 + +info: + name: > + Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5a4a017-52d7-44a5-b00f-ce13eda989bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-ultimate/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-eef599f42089077d3f1367aba810ab3a.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-eef599f42089077d3f1367aba810ab3a.yaml new file mode 100644 index 0000000000..b10feb34e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-eef599f42089077d3f1367aba810ab3a.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-ultimate-eef599f42089077d3f1367aba810ab3a + +info: + name: > + Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ddfa2a1-39e1-4ead-85c5-1624749bd353?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-ultimate/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-f12c6444f5c306cf6d2f74b5d9b1f8a0.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-f12c6444f5c306cf6d2f74b5d9b1f8a0.yaml new file mode 100644 index 0000000000..60903d9b93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-f12c6444f5c306cf6d2f74b5d9b1f8a0.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-ultimate-f12c6444f5c306cf6d2f74b5d9b1f8a0 + +info: + name: > + Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Title & Description + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/224a9234-2cf3-48ca-878e-3d7207629beb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-ultimate/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-visual-composer-5dac27116865bf3a33881aeb2e87a891.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-visual-composer-5dac27116865bf3a33881aeb2e87a891.yaml new file mode 100644 index 0000000000..8860f11070 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-ultimate-visual-composer-5dac27116865bf3a33881aeb2e87a891.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-ultimate-visual-composer-5dac27116865bf3a33881aeb2e87a891 + +info: + name: > + Flipbox – Awesomes Flip Boxes Image Overlay <= 2.6.0 - Authenticated (Admin+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a63dd48-d643-41d0-84c3-2f2dbbe577dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-ultimate-visual-composer/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-ultimate-visual-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-ultimate-visual-composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-ultimate-visual-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-ultimate-visual-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-visual-composer-extension-6e8db758b1055e1e1edd16d20fa3c329.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-visual-composer-extension-6e8db758b1055e1e1edd16d20fa3c329.yaml new file mode 100644 index 0000000000..d81baad658 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-visual-composer-extension-6e8db758b1055e1e1edd16d20fa3c329.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-visual-composer-extension-6e8db758b1055e1e1edd16d20fa3c329 + +info: + name: > + Image Hover Effects For WPBakery Page Builder <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92ffaa23-08f2-4aa4-84c3-a84c26ed8474?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-visual-composer-extension/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-visual-composer-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-visual-composer-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-visual-composer-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-visual-composer-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-hover-effects-with-carousel-2cb86c3f071de1232b4e814ea1574dc8.yaml b/nuclei-templates/cve-less/plugins/image-hover-effects-with-carousel-2cb86c3f071de1232b4e814ea1574dc8.yaml new file mode 100644 index 0000000000..d292988c54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-hover-effects-with-carousel-2cb86c3f071de1232b4e814ea1574dc8.yaml @@ -0,0 +1,58 @@ +id: image-hover-effects-with-carousel-2cb86c3f071de1232b4e814ea1574dc8 + +info: + name: > + Image Hover Effects Plugin - Caption Hover with Carousel <= 2.8 - Unauthenticated Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19c2d455-ae47-49bd-9bb8-1f87b0c76c32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-hover-effects-with-carousel/" + google-query: inurl:"/wp-content/plugins/image-hover-effects-with-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-hover-effects-with-carousel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-hover-effects-with-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-hover-effects-with-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-map-pro-3dfe4a41b3f6685dbbc11ea86f232a73.yaml b/nuclei-templates/cve-less/plugins/image-map-pro-3dfe4a41b3f6685dbbc11ea86f232a73.yaml new file mode 100644 index 0000000000..e2074ec506 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-map-pro-3dfe4a41b3f6685dbbc11ea86f232a73.yaml @@ -0,0 +1,58 @@ +id: image-map-pro-3dfe4a41b3f6685dbbc11ea86f232a73 + +info: + name: > + Image Map Pro <= 5.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81330ff8-25a5-403d-abaf-e7c54467abbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-map-pro/" + google-query: inurl:"/wp-content/plugins/image-map-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-map-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-map-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-map-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-map-pro-bf2853efc06d31fecebbff0926f79cc8.yaml b/nuclei-templates/cve-less/plugins/image-map-pro-bf2853efc06d31fecebbff0926f79cc8.yaml new file mode 100644 index 0000000000..a1c6bd1689 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-map-pro-bf2853efc06d31fecebbff0926f79cc8.yaml @@ -0,0 +1,58 @@ +id: image-map-pro-bf2853efc06d31fecebbff0926f79cc8 + +info: + name: > + Image Map Pro <= 5.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88d0d6b7-f33f-4c7b-9006-d54578fbe003?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-map-pro/" + google-query: inurl:"/wp-content/plugins/image-map-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-map-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-map-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-map-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-map-pro-lite-8ab353496a7495d9f3fe5d5531e368eb.yaml b/nuclei-templates/cve-less/plugins/image-map-pro-lite-8ab353496a7495d9f3fe5d5531e368eb.yaml new file mode 100644 index 0000000000..2f6bc093cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-map-pro-lite-8ab353496a7495d9f3fe5d5531e368eb.yaml @@ -0,0 +1,58 @@ +id: image-map-pro-lite-8ab353496a7495d9f3fe5d5531e368eb + +info: + name: > + Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b58403df-af09-4d74-88e6-140e3f2f291b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-map-pro-lite/" + google-query: inurl:"/wp-content/plugins/image-map-pro-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-map-pro-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-map-pro-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-map-pro-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-map-pro-lite-b94ff74e27b8bd0a63b0e4542b5543c1.yaml b/nuclei-templates/cve-less/plugins/image-map-pro-lite-b94ff74e27b8bd0a63b0e4542b5543c1.yaml new file mode 100644 index 0000000000..8e1762e515 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-map-pro-lite-b94ff74e27b8bd0a63b0e4542b5543c1.yaml @@ -0,0 +1,58 @@ +id: image-map-pro-lite-b94ff74e27b8bd0a63b0e4542b5543c1 + +info: + name: > + Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63e108f4-5d9d-4bcf-aef9-aa856f4241ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-map-pro-lite/" + google-query: inurl:"/wp-content/plugins/image-map-pro-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-map-pro-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-map-pro-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-map-pro-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-metadata-cruncher-8c4def1f9e55d275755365eabd5c5c64.yaml b/nuclei-templates/cve-less/plugins/image-metadata-cruncher-8c4def1f9e55d275755365eabd5c5c64.yaml new file mode 100644 index 0000000000..4676882fc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-metadata-cruncher-8c4def1f9e55d275755365eabd5c5c64.yaml @@ -0,0 +1,58 @@ +id: image-metadata-cruncher-8c4def1f9e55d275755365eabd5c5c64 + +info: + name: > + Image Metadata Cruncher < 1.8 - Reflected Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cfbee75-13ef-49ad-9edd-f3077a033c1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-metadata-cruncher/" + google-query: inurl:"/wp-content/plugins/image-metadata-cruncher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-metadata-cruncher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-metadata-cruncher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-metadata-cruncher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-optimizer-wd-49d7a3ff674ce6988ed92cbb4810948c.yaml b/nuclei-templates/cve-less/plugins/image-optimizer-wd-49d7a3ff674ce6988ed92cbb4810948c.yaml new file mode 100644 index 0000000000..5e85bdf6b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-optimizer-wd-49d7a3ff674ce6988ed92cbb4810948c.yaml @@ -0,0 +1,58 @@ +id: image-optimizer-wd-49d7a3ff674ce6988ed92cbb4810948c + +info: + name: > + Image Optimizer WD <= 1.0.26 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d50d8d51-3bb4-4556-95e3-06812a31d0d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-optimizer-wd/" + google-query: inurl:"/wp-content/plugins/image-optimizer-wd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-optimizer-wd,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-optimizer-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-optimizer-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-optimizer-wd-d21df22e38f007a905fafc644bb07ec2.yaml b/nuclei-templates/cve-less/plugins/image-optimizer-wd-d21df22e38f007a905fafc644bb07ec2.yaml new file mode 100644 index 0000000000..5d675e05ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-optimizer-wd-d21df22e38f007a905fafc644bb07ec2.yaml @@ -0,0 +1,58 @@ +id: image-optimizer-wd-d21df22e38f007a905fafc644bb07ec2 + +info: + name: > + Image Optimizer by 10web <= 1.0.26 - Authenticated(Administator+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f58a5eb-53cb-4a25-b693-bcd2b7a1cd00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-optimizer-wd/" + google-query: inurl:"/wp-content/plugins/image-optimizer-wd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-optimizer-wd,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-optimizer-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-optimizer-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-over-image-vc-extension-fddf50b89fd6e037cc6266b73dceb03a.yaml b/nuclei-templates/cve-less/plugins/image-over-image-vc-extension-fddf50b89fd6e037cc6266b73dceb03a.yaml new file mode 100644 index 0000000000..8088f2cad2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-over-image-vc-extension-fddf50b89fd6e037cc6266b73dceb03a.yaml @@ -0,0 +1,58 @@ +id: image-over-image-vc-extension-fddf50b89fd6e037cc6266b73dceb03a + +info: + name: > + Image Over Image For WPBakery Page Builder <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7c3ffe-079e-4db4-9dc4-3405527c0a99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-over-image-vc-extension/" + google-query: inurl:"/wp-content/plugins/image-over-image-vc-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-over-image-vc-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-over-image-vc-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-over-image-vc-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-protector-9fd302216733e7b16fde39fa0da8b2af.yaml b/nuclei-templates/cve-less/plugins/image-protector-9fd302216733e7b16fde39fa0da8b2af.yaml new file mode 100644 index 0000000000..adb040e569 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-protector-9fd302216733e7b16fde39fa0da8b2af.yaml @@ -0,0 +1,58 @@ +id: image-protector-9fd302216733e7b16fde39fa0da8b2af + +info: + name: > + Image Protector <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8a2a23c-23bf-4f23-8b9d-1d6fe869d705?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-protector/" + google-query: inurl:"/wp-content/plugins/image-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-protector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-regenerate-select-crop-165f51757c849b44f8513611b7cd23ef.yaml b/nuclei-templates/cve-less/plugins/image-regenerate-select-crop-165f51757c849b44f8513611b7cd23ef.yaml new file mode 100644 index 0000000000..d4df855718 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-regenerate-select-crop-165f51757c849b44f8513611b7cd23ef.yaml @@ -0,0 +1,58 @@ +id: image-regenerate-select-crop-165f51757c849b44f8513611b7cd23ef + +info: + name: > + Image Regenerate & Select Crop <= 7.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb7335c0-b6ed-43bb-91b7-870093d14cb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-regenerate-select-crop/" + google-query: inurl:"/wp-content/plugins/image-regenerate-select-crop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-regenerate-select-crop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-regenerate-select-crop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-regenerate-select-crop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-regenerate-select-crop-2ad93b712d25e80c970a93c8b1dd3cdf.yaml b/nuclei-templates/cve-less/plugins/image-regenerate-select-crop-2ad93b712d25e80c970a93c8b1dd3cdf.yaml new file mode 100644 index 0000000000..6838e62c8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-regenerate-select-crop-2ad93b712d25e80c970a93c8b1dd3cdf.yaml @@ -0,0 +1,58 @@ +id: image-regenerate-select-crop-2ad93b712d25e80c970a93c8b1dd3cdf + +info: + name: > + Image Regenerate & Select Crop <= 7.3.0 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/307bfd18-840a-4cb4-86e6-33dc28e5514e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-regenerate-select-crop/" + google-query: inurl:"/wp-content/plugins/image-regenerate-select-crop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-regenerate-select-crop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-regenerate-select-crop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-regenerate-select-crop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-slider-widget-80d3ea73a73811fa5685b240e4282b5f.yaml b/nuclei-templates/cve-less/plugins/image-slider-widget-80d3ea73a73811fa5685b240e4282b5f.yaml new file mode 100644 index 0000000000..98a5b44e27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-slider-widget-80d3ea73a73811fa5685b240e4282b5f.yaml @@ -0,0 +1,58 @@ +id: image-slider-widget-80d3ea73a73811fa5685b240e4282b5f + +info: + name: > + Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6356e226-a449-4cd0-be60-2a1c9c70aa59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-slider-widget/" + google-query: inurl:"/wp-content/plugins/image-slider-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-slider-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-slider-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-slider-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.121') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-slider-widget-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/image-slider-widget-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..9ce48f7172 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-slider-widget-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: image-slider-widget-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-slider-widget/" + google-query: inurl:"/wp-content/plugins/image-slider-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-slider-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-slider-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-slider-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-slider-widget-bd950fa0617ccb3a0edff5978b31a09b.yaml b/nuclei-templates/cve-less/plugins/image-slider-widget-bd950fa0617ccb3a0edff5978b31a09b.yaml new file mode 100644 index 0000000000..b2182267bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-slider-widget-bd950fa0617ccb3a0edff5978b31a09b.yaml @@ -0,0 +1,58 @@ +id: image-slider-widget-bd950fa0617ccb3a0edff5978b31a09b + +info: + name: > + Image Slider <= 1.1.125 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7826d47-8799-446f-af3c-df2724fb26ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-slider-widget/" + google-query: inurl:"/wp-content/plugins/image-slider-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-slider-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-slider-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-slider-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.125') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-source-control-isc-1928848d7760fbdf37a1f5a91bc90146.yaml b/nuclei-templates/cve-less/plugins/image-source-control-isc-1928848d7760fbdf37a1f5a91bc90146.yaml new file mode 100644 index 0000000000..7ca06ee81e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-source-control-isc-1928848d7760fbdf37a1f5a91bc90146.yaml @@ -0,0 +1,58 @@ +id: image-source-control-isc-1928848d7760fbdf37a1f5a91bc90146 + +info: + name: > + Image Source Control Lite < 2.3.1 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab989ea-f498-4c74-b761-416d73059108?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-source-control-isc/" + google-query: inurl:"/wp-content/plugins/image-source-control-isc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-source-control-isc,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-source-control-isc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-source-control-isc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-source-control-isc-e8d6fd07d9a88fdd12cf1b98b1c2fb85.yaml b/nuclei-templates/cve-less/plugins/image-source-control-isc-e8d6fd07d9a88fdd12cf1b98b1c2fb85.yaml new file mode 100644 index 0000000000..45e7e8c147 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-source-control-isc-e8d6fd07d9a88fdd12cf1b98b1c2fb85.yaml @@ -0,0 +1,58 @@ +id: image-source-control-isc-e8d6fd07d9a88fdd12cf1b98b1c2fb85 + +info: + name: > + Image Source Control <= 2.17.0 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3b3ce65-b226-4b93-ab0c-984f774454f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-source-control-isc/" + google-query: inurl:"/wp-content/plugins/image-source-control-isc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-source-control-isc,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-source-control-isc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-source-control-isc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-tag-manager-83aa8e470a136322f24cc4f5d88ccbdd.yaml b/nuclei-templates/cve-less/plugins/image-tag-manager-83aa8e470a136322f24cc4f5d88ccbdd.yaml new file mode 100644 index 0000000000..6abb6ebe27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-tag-manager-83aa8e470a136322f24cc4f5d88ccbdd.yaml @@ -0,0 +1,58 @@ +id: image-tag-manager-83aa8e470a136322f24cc4f5d88ccbdd + +info: + name: > + Image Tag Manager <= 1.5 - Reflected Cross-Site Scripting via default_class + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ded4b93f-fd90-4803-9d20-3109512b1a24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-tag-manager/" + google-query: inurl:"/wp-content/plugins/image-tag-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-tag-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-tag-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-tag-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-upload-for-bbpress-333e897c2dbf06223644ccfe5dd16694.yaml b/nuclei-templates/cve-less/plugins/image-upload-for-bbpress-333e897c2dbf06223644ccfe5dd16694.yaml new file mode 100644 index 0000000000..fd6e93688c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-upload-for-bbpress-333e897c2dbf06223644ccfe5dd16694.yaml @@ -0,0 +1,58 @@ +id: image-upload-for-bbpress-333e897c2dbf06223644ccfe5dd16694 + +info: + name: > + Inline Image Upload for BBPress <= 1.1.18 - Cross-Site Request Forgery via hm_bbpui_admin_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86bd6ae1-e74d-4aab-98e1-3c47cb484fe9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-upload-for-bbpress/" + google-query: inurl:"/wp-content/plugins/image-upload-for-bbpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-upload-for-bbpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-upload-for-bbpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-upload-for-bbpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-vertical-reel-scroll-slideshow-7348256da9fa27f63ea541c99917352a.yaml b/nuclei-templates/cve-less/plugins/image-vertical-reel-scroll-slideshow-7348256da9fa27f63ea541c99917352a.yaml new file mode 100644 index 0000000000..92cf693995 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-vertical-reel-scroll-slideshow-7348256da9fa27f63ea541c99917352a.yaml @@ -0,0 +1,58 @@ +id: image-vertical-reel-scroll-slideshow-7348256da9fa27f63ea541c99917352a + +info: + name: > + Image vertical reel scroll slideshow <= 9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91b06d7d-7e92-49f0-b161-9b25318edfeb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-vertical-reel-scroll-slideshow/" + google-query: inurl:"/wp-content/plugins/image-vertical-reel-scroll-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-vertical-reel-scroll-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-vertical-reel-scroll-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-vertical-reel-scroll-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-vertical-reel-scroll-slideshow-f917f02f001372c0ed6a2cbacd402eae.yaml b/nuclei-templates/cve-less/plugins/image-vertical-reel-scroll-slideshow-f917f02f001372c0ed6a2cbacd402eae.yaml new file mode 100644 index 0000000000..97a1ee24b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-vertical-reel-scroll-slideshow-f917f02f001372c0ed6a2cbacd402eae.yaml @@ -0,0 +1,58 @@ +id: image-vertical-reel-scroll-slideshow-f917f02f001372c0ed6a2cbacd402eae + +info: + name: > + Image vertical reel scroll slideshow <= 9.0 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01d31d8a-4459-488a-9cbe-92761faa58b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-vertical-reel-scroll-slideshow/" + google-query: inurl:"/wp-content/plugins/image-vertical-reel-scroll-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-vertical-reel-scroll-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-vertical-reel-scroll-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-vertical-reel-scroll-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-watermark-cc02f6870e1e296858d0d36136b32112.yaml b/nuclei-templates/cve-less/plugins/image-watermark-cc02f6870e1e296858d0d36136b32112.yaml new file mode 100644 index 0000000000..28987af79c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-watermark-cc02f6870e1e296858d0d36136b32112.yaml @@ -0,0 +1,58 @@ +id: image-watermark-cc02f6870e1e296858d0d36136b32112 + +info: + name: > + Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31a66e30-972b-4a7b-9d47-ad7abd574e36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-watermark/" + google-query: inurl:"/wp-content/plugins/image-watermark/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-watermark,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-watermark/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-watermark" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/image-zoom-285b140dd354e7b55f93f22538da9394.yaml b/nuclei-templates/cve-less/plugins/image-zoom-285b140dd354e7b55f93f22538da9394.yaml new file mode 100644 index 0000000000..cfc0a335f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/image-zoom-285b140dd354e7b55f93f22538da9394.yaml @@ -0,0 +1,58 @@ +id: image-zoom-285b140dd354e7b55f93f22538da9394 + +info: + name: > + Image Zoom <= 1.8.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1009c839-849f-47ce-bfab-c297aacbc23c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/image-zoom/" + google-query: inurl:"/wp-content/plugins/image-zoom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,image-zoom,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/image-zoom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "image-zoom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imageboss-680976f321c5a9425e00ce5d5ee1cc42.yaml b/nuclei-templates/cve-less/plugins/imageboss-680976f321c5a9425e00ce5d5ee1cc42.yaml new file mode 100644 index 0000000000..0ff675124e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imageboss-680976f321c5a9425e00ce5d5ee1cc42.yaml @@ -0,0 +1,58 @@ +id: imageboss-680976f321c5a9425e00ce5d5ee1cc42 + +info: + name: > + ImageBoss – Images Up To 60% Smaller & CDN < 3.0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/993f6505-918c-45fd-8afa-4d567cc79e9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imageboss/" + google-query: inurl:"/wp-content/plugins/imageboss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imageboss,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imageboss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imageboss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagelinks-interactive-image-builder-lite-d16be1a4a8c6ae781f11c50d01685d10.yaml b/nuclei-templates/cve-less/plugins/imagelinks-interactive-image-builder-lite-d16be1a4a8c6ae781f11c50d01685d10.yaml new file mode 100644 index 0000000000..8634a0ea13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagelinks-interactive-image-builder-lite-d16be1a4a8c6ae781f11c50d01685d10.yaml @@ -0,0 +1,58 @@ +id: imagelinks-interactive-image-builder-lite-d16be1a4a8c6ae781f11c50d01685d10 + +info: + name: > + ImageLinks <= 1.5.4 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f678700-f266-4740-a98d-19f8e9734563?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagelinks-interactive-image-builder-lite/" + google-query: inurl:"/wp-content/plugins/imagelinks-interactive-image-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagelinks-interactive-image-builder-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagelinks-interactive-image-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagelinks-interactive-image-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagelinks-interactive-image-builder-lite-e18789f54f5a5fe13b8ddacd79d408fc.yaml b/nuclei-templates/cve-less/plugins/imagelinks-interactive-image-builder-lite-e18789f54f5a5fe13b8ddacd79d408fc.yaml new file mode 100644 index 0000000000..e14116af10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagelinks-interactive-image-builder-lite-e18789f54f5a5fe13b8ddacd79d408fc.yaml @@ -0,0 +1,58 @@ +id: imagelinks-interactive-image-builder-lite-e18789f54f5a5fe13b8ddacd79d408fc + +info: + name: > + ImageLinks Interactive Image Builder for WordPress <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb75b6ba-feb7-4e18-91f6-7ca1e90ef039?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagelinks-interactive-image-builder-lite/" + google-query: inurl:"/wp-content/plugins/imagelinks-interactive-image-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagelinks-interactive-image-builder-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagelinks-interactive-image-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagelinks-interactive-image-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagemagick-engine-ca0bad06790922b16f5da17ee6db4bb8.yaml b/nuclei-templates/cve-less/plugins/imagemagick-engine-ca0bad06790922b16f5da17ee6db4bb8.yaml new file mode 100644 index 0000000000..06f4f9226c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagemagick-engine-ca0bad06790922b16f5da17ee6db4bb8.yaml @@ -0,0 +1,58 @@ +id: imagemagick-engine-ca0bad06790922b16f5da17ee6db4bb8 + +info: + name: > + ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR Deserialization + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a2ca2f0-1d4a-4614-86ba-a46e765f4a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagemagick-engine/" + google-query: inurl:"/wp-content/plugins/imagemagick-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagemagick-engine,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagemagick-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagemagick-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagemagick-engine-ed507e8efb229061c654187b47c114b4.yaml b/nuclei-templates/cve-less/plugins/imagemagick-engine-ed507e8efb229061c654187b47c114b4.yaml new file mode 100644 index 0000000000..bf7441cf6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagemagick-engine-ed507e8efb229061c654187b47c114b4.yaml @@ -0,0 +1,58 @@ +id: imagemagick-engine-ed507e8efb229061c654187b47c114b4 + +info: + name: > + ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to Remote Command Execution + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1f17a83-1df0-44fe-bd86-243cff6ec91b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagemagick-engine/" + google-query: inurl:"/wp-content/plugins/imagemagick-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagemagick-engine,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagemagick-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagemagick-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagemapper-575c49a9b04a14a2dd633583f5e6e2d9.yaml b/nuclei-templates/cve-less/plugins/imagemapper-575c49a9b04a14a2dd633583f5e6e2d9.yaml new file mode 100644 index 0000000000..732aa508e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagemapper-575c49a9b04a14a2dd633583f5e6e2d9.yaml @@ -0,0 +1,58 @@ +id: imagemapper-575c49a9b04a14a2dd633583f5e6e2d9 + +info: + name: > + ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Plugin Settings Change via ajax + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a128018b-f19b-4b18-a53c-cf1310d3d0e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagemapper/" + google-query: inurl:"/wp-content/plugins/imagemapper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagemapper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagemapper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagemapper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagemapper-6bb3656a861d0a80040f9af45e87952f.yaml b/nuclei-templates/cve-less/plugins/imagemapper-6bb3656a861d0a80040f9af45e87952f.yaml new file mode 100644 index 0000000000..298eef3064 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagemapper-6bb3656a861d0a80040f9af45e87952f.yaml @@ -0,0 +1,58 @@ +id: imagemapper-6bb3656a861d0a80040f9af45e87952f + +info: + name: > + ImageMapper <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page/Post Deletion via imgmap_delete_area_ajax + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31dff395-c3ce-4ebe-8d38-5243fc4510d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagemapper/" + google-query: inurl:"/wp-content/plugins/imagemapper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagemapper,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagemapper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagemapper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagemapper-a73f55993da6bf41bdb201284b107f4f.yaml b/nuclei-templates/cve-less/plugins/imagemapper-a73f55993da6bf41bdb201284b107f4f.yaml new file mode 100644 index 0000000000..d3d05a3a5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagemapper-a73f55993da6bf41bdb201284b107f4f.yaml @@ -0,0 +1,58 @@ +id: imagemapper-a73f55993da6bf41bdb201284b107f4f + +info: + name: > + ImageMapper <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6e687e9-6ffe-4457-8d57-3c03f657eb74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagemapper/" + google-query: inurl:"/wp-content/plugins/imagemapper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagemapper,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagemapper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagemapper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagemapper-bceb80496300028196724d32dbd5c249.yaml b/nuclei-templates/cve-less/plugins/imagemapper-bceb80496300028196724d32dbd5c249.yaml new file mode 100644 index 0000000000..94d6ce77de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagemapper-bceb80496300028196724d32dbd5c249.yaml @@ -0,0 +1,58 @@ +id: imagemapper-bceb80496300028196724d32dbd5c249 + +info: + name: > + ImageMapper <= 1.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting via imgmap_save_area_title + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbb67f02-87e8-4ca3-8a9d-6663a700ab5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagemapper/" + google-query: inurl:"/wp-content/plugins/imagemapper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagemapper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagemapper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagemapper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagements-7e5494a96dcef18320683cf7875e7118.yaml b/nuclei-templates/cve-less/plugins/imagements-7e5494a96dcef18320683cf7875e7118.yaml new file mode 100644 index 0000000000..edc58a0eaa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagements-7e5494a96dcef18320683cf7875e7118.yaml @@ -0,0 +1,58 @@ +id: imagements-7e5494a96dcef18320683cf7875e7118 + +info: + name: > + Imagements <= 1.2.5 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e47f6c33-1a4b-4c4c-8323-99d06ce0731a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagements/" + google-query: inurl:"/wp-content/plugins/imagements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagements,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-0d90a3576c3d60d102b21bdca9c7c04e.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-0d90a3576c3d60d102b21bdca9c7c04e.yaml new file mode 100644 index 0000000000..236bc7b454 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-0d90a3576c3d60d102b21bdca9c7c04e.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-0d90a3576c3d60d102b21bdca9c7c04e + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in disableOptimization + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3900e4f-4ae4-4026-89df-b63bd869a763?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-0f06a0233bd37a56c0b489be748f0408.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-0f06a0233bd37a56c0b489be748f0408.yaml new file mode 100644 index 0000000000..401ad4c4c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-0f06a0233bd37a56c0b489be748f0408.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-0f06a0233bd37a56c0b489be748f0408 + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in stopOptimizeAll + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3fae909-5564-4e0a-9114-edd0e45865e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-326d3f5baee82478e64ca11a4a66dbf4.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-326d3f5baee82478e64ca11a4a66dbf4.yaml new file mode 100644 index 0000000000..970b313c66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-326d3f5baee82478e64ca11a4a66dbf4.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-326d3f5baee82478e64ca11a4a66dbf4 + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in enableOptimization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-3949ffb8c4e3dc9661a06b8913f55d38.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-3949ffb8c4e3dc9661a06b8913f55d38.yaml new file mode 100644 index 0000000000..213cb26149 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-3949ffb8c4e3dc9661a06b8913f55d38.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-3949ffb8c4e3dc9661a06b8913f55d38 + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in enableOptimization + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0318ec4a-185a-405d-90f8-008ba373114b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-433406de2bcd419520bb9dde58f80311.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-433406de2bcd419520bb9dde58f80311.yaml new file mode 100644 index 0000000000..53a4ee13b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-433406de2bcd419520bb9dde58f80311.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-433406de2bcd419520bb9dde58f80311 + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Plugin Data Removal in reinitialize + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb8b08c-a028-48bd-acad-c00313fe06b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-4b301fc4cf7dbfb7aaec9b6db232442c.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-4b301fc4cf7dbfb7aaec9b6db232442c.yaml new file mode 100644 index 0000000000..08de2d6270 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-4b301fc4cf7dbfb7aaec9b6db232442c.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-4b301fc4cf7dbfb7aaec9b6db232442c + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Plugin Data Removal in reinitialize + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d08e462-8297-477e-89da-47f26bd6beae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-4d89ea84ae0150939c78e1551488e87a.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-4d89ea84ae0150939c78e1551488e87a.yaml new file mode 100644 index 0000000000..2ef2a77e03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-4d89ea84ae0150939c78e1551488e87a.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-4d89ea84ae0150939c78e1551488e87a + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in disableOptimization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-4f4ea79c6be4308e1d54d5b19b226c52.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-4f4ea79c6be4308e1d54d5b19b226c52.yaml new file mode 100644 index 0000000000..843d927448 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-4f4ea79c6be4308e1d54d5b19b226c52.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-4f4ea79c6be4308e1d54d5b19b226c52 + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.13 - Missing Authorization to Settings Update in optimizeAllOn + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff16906-2516-4b3c-8217-e3fb24924e27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-5712ab48057831452538f91f04d0bcb6.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-5712ab48057831452538f91f04d0bcb6.yaml new file mode 100644 index 0000000000..b1c5b2fa65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-5712ab48057831452538f91f04d0bcb6.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-5712ab48057831452538f91f04d0bcb6 + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in optimizeAllOn + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca4cf299-9dee-4ebf-83f3-4c3471bd9fb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-57c14e4f565c7eb453e5b4a3b6f91099.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-57c14e4f565c7eb453e5b4a3b6f91099.yaml new file mode 100644 index 0000000000..d1ae322302 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-57c14e4f565c7eb453e5b4a3b6f91099.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-57c14e4f565c7eb453e5b4a3b6f91099 + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3253e1b3-ac63-4796-ac10-92781d5a76c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-76976bd8ff1b9e40c5faf1dc6a34729f.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-76976bd8ff1b9e40c5faf1dc6a34729f.yaml new file mode 100644 index 0000000000..66efec3c7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-76976bd8ff1b9e40c5faf1dc6a34729f.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-76976bd8ff1b9e40c5faf1dc6a34729f + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5eeae0eb-bc24-4a34-b393-e84831edaba6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-b842b7a1d1bc34dc06d2b83ecd274275.yaml b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-b842b7a1d1bc34dc06d2b83ecd274275.yaml new file mode 100644 index 0000000000..7c6f93f2dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imagerecycle-pdf-image-compression-b842b7a1d1bc34dc06d2b83ecd274275.yaml @@ -0,0 +1,58 @@ +id: imagerecycle-pdf-image-compression-b842b7a1d1bc34dc06d2b83ecd274275 + +info: + name: > + ImageRecycle pdf & image compression <= 3.1.13 - Cross-Site Request Forgery to Settings Update in stopOptimizeAll + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e3dd131-dbd8-431c-96f4-4ab2c3be4dbd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imagerecycle-pdf-image-compression/" + google-query: inurl:"/wp-content/plugins/imagerecycle-pdf-image-compression/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imagerecycle-pdf-image-compression,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imagerecycle-pdf-image-compression/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imagerecycle-pdf-image-compression" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/images-lazyload-and-slideshow-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/images-lazyload-and-slideshow-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..e55bb54af1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/images-lazyload-and-slideshow-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: images-lazyload-and-slideshow-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/images-lazyload-and-slideshow/" + google-query: inurl:"/wp-content/plugins/images-lazyload-and-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,images-lazyload-and-slideshow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/images-lazyload-and-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "images-lazyload-and-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/images-optimize-and-upload-cf7-67cbbeb086472c18cc998dc3852acd0d.yaml b/nuclei-templates/cve-less/plugins/images-optimize-and-upload-cf7-67cbbeb086472c18cc998dc3852acd0d.yaml new file mode 100644 index 0000000000..4cc68c4194 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/images-optimize-and-upload-cf7-67cbbeb086472c18cc998dc3852acd0d.yaml @@ -0,0 +1,58 @@ +id: images-optimize-and-upload-cf7-67cbbeb086472c18cc998dc3852acd0d + +info: + name: > + Images Optimize and Upload CF7 <= 2.1.4 - Missing Authorization to Arbitrary File Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8fb20fb-a795-4ab0-9614-6ae6ac4f2eda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/images-optimize-and-upload-cf7/" + google-query: inurl:"/wp-content/plugins/images-optimize-and-upload-cf7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,images-optimize-and-upload-cf7,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/images-optimize-and-upload-cf7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "images-optimize-and-upload-cf7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/images-to-webp-a060d1379e872ddbb3c1744a92296936.yaml b/nuclei-templates/cve-less/plugins/images-to-webp-a060d1379e872ddbb3c1744a92296936.yaml new file mode 100644 index 0000000000..b6aded7f61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/images-to-webp-a060d1379e872ddbb3c1744a92296936.yaml @@ -0,0 +1,58 @@ +id: images-to-webp-a060d1379e872ddbb3c1744a92296936 + +info: + name: > + Images to WebP <= 1.8 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63ae3a9d-1e6b-4784-8429-04be2a89b6cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/images-to-webp/" + google-query: inurl:"/wp-content/plugins/images-to-webp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,images-to-webp,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/images-to-webp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "images-to-webp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/images-to-webp-fe4c9ec6c5f12eda6f85dea0f4ee153f.yaml b/nuclei-templates/cve-less/plugins/images-to-webp-fe4c9ec6c5f12eda6f85dea0f4ee153f.yaml new file mode 100644 index 0000000000..0e17fcbb9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/images-to-webp-fe4c9ec6c5f12eda6f85dea0f4ee153f.yaml @@ -0,0 +1,58 @@ +id: images-to-webp-fe4c9ec6c5f12eda6f85dea0f4ee153f + +info: + name: > + Images to WebP < 1.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a26f4bb7-fe61-4343-82ee-19639c16d978?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/images-to-webp/" + google-query: inurl:"/wp-content/plugins/images-to-webp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,images-to-webp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/images-to-webp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "images-to-webp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imageseo-113db7aead34e6d2e16bace92792af9b.yaml b/nuclei-templates/cve-less/plugins/imageseo-113db7aead34e6d2e16bace92792af9b.yaml new file mode 100644 index 0000000000..c85141184f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imageseo-113db7aead34e6d2e16bace92792af9b.yaml @@ -0,0 +1,58 @@ +id: imageseo-113db7aead34e6d2e16bace92792af9b + +info: + name: > + Optimize images ALT Text <= 2.0.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b09338c-a28f-4950-b0c1-98ab85e58c0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imageseo/" + google-query: inurl:"/wp-content/plugins/imageseo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imageseo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imageseo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imageseo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imdb-info-box-d08f135748c79437965679674f4da9c2.yaml b/nuclei-templates/cve-less/plugins/imdb-info-box-d08f135748c79437965679674f4da9c2.yaml new file mode 100644 index 0000000000..81e517a214 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imdb-info-box-d08f135748c79437965679674f4da9c2.yaml @@ -0,0 +1,58 @@ +id: imdb-info-box-d08f135748c79437965679674f4da9c2 + +info: + name: > + IMDB Info Box <= 2.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/849e8ac6-73a8-4236-8c01-b341a2de3775?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imdb-info-box/" + google-query: inurl:"/wp-content/plugins/imdb-info-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imdb-info-box,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imdb-info-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imdb-info-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imdb-widget-348a1a0272fab4e16c4ec4e28b1cc2f1.yaml b/nuclei-templates/cve-less/plugins/imdb-widget-348a1a0272fab4e16c4ec4e28b1cc2f1.yaml new file mode 100644 index 0000000000..72401460ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imdb-widget-348a1a0272fab4e16c4ec4e28b1cc2f1.yaml @@ -0,0 +1,58 @@ +id: imdb-widget-348a1a0272fab4e16c4ec4e28b1cc2f1 + +info: + name: > + IMDB Profile Widget < 1.0.9 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4bfa2246-41a8-4d06-8dc9-57fc4be8e1c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imdb-widget/" + google-query: inurl:"/wp-content/plugins/imdb-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imdb-widget,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imdb-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imdb-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imember360-0cbcc4f1288df0ee24dd7a2993f69c51.yaml b/nuclei-templates/cve-less/plugins/imember360-0cbcc4f1288df0ee24dd7a2993f69c51.yaml new file mode 100644 index 0000000000..089327a174 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imember360-0cbcc4f1288df0ee24dd7a2993f69c51.yaml @@ -0,0 +1,58 @@ +id: imember360-0cbcc4f1288df0ee24dd7a2993f69c51 + +info: + name: > + iMember360 3.8.012 - 3.9.001 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/509097ae-5b20-4e91-9d82-cc6e3b64e518?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imember360/" + google-query: inurl:"/wp-content/plugins/imember360/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imember360,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imember360/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imember360" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.8.012', '<= 3.9.001') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imember360-4e3f3475e7c6375ac0400d146d374b8e.yaml b/nuclei-templates/cve-less/plugins/imember360-4e3f3475e7c6375ac0400d146d374b8e.yaml new file mode 100644 index 0000000000..87ed06782a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imember360-4e3f3475e7c6375ac0400d146d374b8e.yaml @@ -0,0 +1,58 @@ +id: imember360-4e3f3475e7c6375ac0400d146d374b8e + +info: + name: > + iMember360 < 3.9.001 - Missing Authorization and Sensitive Data Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffffedb4-633a-4490-98f1-9bc827c8ba1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imember360/" + google-query: inurl:"/wp-content/plugins/imember360/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imember360,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imember360/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imember360" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.001') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imember360-55d8a21450cbea874f3ebd26e7f32a58.yaml b/nuclei-templates/cve-less/plugins/imember360-55d8a21450cbea874f3ebd26e7f32a58.yaml new file mode 100644 index 0000000000..563a058005 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imember360-55d8a21450cbea874f3ebd26e7f32a58.yaml @@ -0,0 +1,58 @@ +id: imember360-55d8a21450cbea874f3ebd26e7f32a58 + +info: + name: > + iMember360 3.8.012 - 3.9.001 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5263fa58-18d2-49a2-bc5b-3d3fd3cd1377?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imember360/" + google-query: inurl:"/wp-content/plugins/imember360/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imember360,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imember360/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imember360" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.8.012', '< 3.9.001') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imember360-897a0fa8ed3a14f37db420497ce08cb5.yaml b/nuclei-templates/cve-less/plugins/imember360-897a0fa8ed3a14f37db420497ce08cb5.yaml new file mode 100644 index 0000000000..bbb46613fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imember360-897a0fa8ed3a14f37db420497ce08cb5.yaml @@ -0,0 +1,58 @@ +id: imember360-897a0fa8ed3a14f37db420497ce08cb5 + +info: + name: > + iMember360is 3.8.012 - 3.9.001 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87870d48-05ff-4f51-9ad9-091ce2ffaf01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imember360/" + google-query: inurl:"/wp-content/plugins/imember360/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imember360,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imember360/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imember360" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.8.012', '< 3.9.002') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/imember360-c40ba36e2109a35c573b2639a4d72291.yaml b/nuclei-templates/cve-less/plugins/imember360-c40ba36e2109a35c573b2639a4d72291.yaml new file mode 100644 index 0000000000..db0f57b13d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/imember360-c40ba36e2109a35c573b2639a4d72291.yaml @@ -0,0 +1,58 @@ +id: imember360-c40ba36e2109a35c573b2639a4d72291 + +info: + name: > + iMember360 3.8.0.12 - 3.9.001 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1621cd2-78d3-4429-862a-b425f5436f38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/imember360/" + google-query: inurl:"/wp-content/plugins/imember360/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,imember360,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/imember360/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "imember360" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.8.012', '< 3.9.001') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-csv-files-8a6b4336bdabbe2b23943219bba651ed.yaml b/nuclei-templates/cve-less/plugins/import-csv-files-8a6b4336bdabbe2b23943219bba651ed.yaml new file mode 100644 index 0000000000..eab61c992d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-csv-files-8a6b4336bdabbe2b23943219bba651ed.yaml @@ -0,0 +1,58 @@ +id: import-csv-files-8a6b4336bdabbe2b23943219bba651ed + +info: + name: > + Import CSV Files <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0dbaf893-e117-448f-a1b3-9c4b4caea7e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-csv-files/" + google-query: inurl:"/wp-content/plugins/import-csv-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-csv-files,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-csv-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-csv-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-external-images-3a14f8327aeabf7bf95eb7d9e4c0bcff.yaml b/nuclei-templates/cve-less/plugins/import-external-images-3a14f8327aeabf7bf95eb7d9e4c0bcff.yaml new file mode 100644 index 0000000000..0dab911cf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-external-images-3a14f8327aeabf7bf95eb7d9e4c0bcff.yaml @@ -0,0 +1,58 @@ +id: import-external-images-3a14f8327aeabf7bf95eb7d9e4c0bcff + +info: + name: > + Import External Images <= 1.4 - Cross-Site Request Forgery via external_image_import_all_ajax + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6785be1c-85d4-48f1-be15-275c71284b3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-external-images/" + google-query: inurl:"/wp-content/plugins/import-external-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-external-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-external-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-external-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-legacy-media-65f707df02fc4e71880af94936e28fe7.yaml b/nuclei-templates/cve-less/plugins/import-legacy-media-65f707df02fc4e71880af94936e28fe7.yaml new file mode 100644 index 0000000000..0a19185599 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-legacy-media-65f707df02fc4e71880af94936e28fe7.yaml @@ -0,0 +1,58 @@ +id: import-legacy-media-65f707df02fc4e71880af94936e28fe7 + +info: + name: > + Import Legacy Media <= 0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa4f169a-8970-499d-ad25-028c0d1c9d56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-legacy-media/" + google-query: inurl:"/wp-content/plugins/import-legacy-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-legacy-media,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-legacy-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-legacy-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-shopify-to-woocommerce-829eb8aa5088a8dfbd751ae2143f350b.yaml b/nuclei-templates/cve-less/plugins/import-shopify-to-woocommerce-829eb8aa5088a8dfbd751ae2143f350b.yaml new file mode 100644 index 0000000000..395ba5ebba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-shopify-to-woocommerce-829eb8aa5088a8dfbd751ae2143f350b.yaml @@ -0,0 +1,58 @@ +id: import-shopify-to-woocommerce-829eb8aa5088a8dfbd751ae2143f350b + +info: + name: > + S2W – Import Shopify to WooCommerce <= 1.1.12 - Authenticated (Admin+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd92b9d-b4b7-4106-bee4-d12b0479d0c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-shopify-to-woocommerce/" + google-query: inurl:"/wp-content/plugins/import-shopify-to-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-shopify-to-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-shopify-to-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-shopify-to-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-spreadsheets-from-microsoft-excel-a4a103535f33f8f1f9687c4a0228f8b0.yaml b/nuclei-templates/cve-less/plugins/import-spreadsheets-from-microsoft-excel-a4a103535f33f8f1f9687c4a0228f8b0.yaml new file mode 100644 index 0000000000..17dff1a99c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-spreadsheets-from-microsoft-excel-a4a103535f33f8f1f9687c4a0228f8b0.yaml @@ -0,0 +1,58 @@ +id: import-spreadsheets-from-microsoft-excel-a4a103535f33f8f1f9687c4a0228f8b0 + +info: + name: > + Import Spreadsheets from Microsoft Excel <= 10.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d337e39c-3a3d-4465-bc40-77f0b27aeab2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-spreadsheets-from-microsoft-excel/" + google-query: inurl:"/wp-content/plugins/import-spreadsheets-from-microsoft-excel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-spreadsheets-from-microsoft-excel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-spreadsheets-from-microsoft-excel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-spreadsheets-from-microsoft-excel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-da2b51f042521776402cd06473b8ac45.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-da2b51f042521776402cd06473b8ac45.yaml new file mode 100644 index 0000000000..d302a3e865 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-da2b51f042521776402cd06473b8ac45.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-da2b51f042521776402cd06473b8ac45 + +info: + name: > + Import Users from CSV <= 1.2 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48421787-9dc1-48ea-892b-bb43b2a6c4da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-0c813c83aee456b071e95980f729e012.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-0c813c83aee456b071e95980f729e012.yaml new file mode 100644 index 0000000000..9830f18be0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-0c813c83aee456b071e95980f729e012.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-0c813c83aee456b071e95980f729e012 + +info: + name: > + Import and export users and customers <= 1.24.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4731eb39-8c01-4a2b-80f7-15d8c13a19b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-107acb013e3444f157b376a5b20dd408.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-107acb013e3444f157b376a5b20dd408.yaml new file mode 100644 index 0000000000..9377a3c117 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-107acb013e3444f157b376a5b20dd408.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-107acb013e3444f157b376a5b20dd408 + +info: + name: > + Import and export users and customers <= 1.14.2.1 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f3b74db-22a4-4638-8662-0c8cfbee6493?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-176aadf8b8de4d702eafe02975bc433d.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-176aadf8b8de4d702eafe02975bc433d.yaml new file mode 100644 index 0000000000..99b1a0005c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-176aadf8b8de4d702eafe02975bc433d.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-176aadf8b8de4d702eafe02975bc433d + +info: + name: > + Import and export users and customers <= 1.16.3.5 - CSV injection via a customer's profile + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1df6d436-c183-4ace-bd6c-1f22fbe7240f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-1edc06e4c422303e708e12aebbe44cde.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-1edc06e4c422303e708e12aebbe44cde.yaml new file mode 100644 index 0000000000..ba43f10a8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-1edc06e4c422303e708e12aebbe44cde.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-1edc06e4c422303e708e12aebbe44cde + +info: + name: > + Import and export users and customers <= 1.14.1.3 - Cross-Site Request Forgery leading to attachment deletion & Path Traversal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b81d7fc-6050-40bb-9416-e8d7d20e8ef8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-342fee676d86d87109d08378d8dcd0b0.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-342fee676d86d87109d08378d8dcd0b0.yaml new file mode 100644 index 0000000000..6137882103 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-342fee676d86d87109d08378d8dcd0b0.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-342fee676d86d87109d08378d8dcd0b0 + +info: + name: > + Import and export users and customers <= 1.14.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78fef897-fcef-4238-9925-0ce610ee7686?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-5bda221acefc04e8d84a3c6e2be5c30e.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-5bda221acefc04e8d84a3c6e2be5c30e.yaml new file mode 100644 index 0000000000..09bb454e59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-5bda221acefc04e8d84a3c6e2be5c30e.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-5bda221acefc04e8d84a3c6e2be5c30e + +info: + name: > + Import and export users and customers <= 1.14.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8a41eb6-8fb2-4274-a50b-571e85ac87f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.14.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-67ac2a423d1da6f86cbac7c3e9485c2b.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-67ac2a423d1da6f86cbac7c3e9485c2b.yaml new file mode 100644 index 0000000000..d93f50fd72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-67ac2a423d1da6f86cbac7c3e9485c2b.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-67ac2a423d1da6f86cbac7c3e9485c2b + +info: + name: > + Import and export users and customers <= 1.26.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2fbd599-0a6c-4182-87d9-ad7cf3fb5865?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.26.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-7ae4217671bcb5c8f6efe46ca1b8db85.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-7ae4217671bcb5c8f6efe46ca1b8db85.yaml new file mode 100644 index 0000000000..e64a264f8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-7ae4217671bcb5c8f6efe46ca1b8db85.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-7ae4217671bcb5c8f6efe46ca1b8db85 + +info: + name: > + Import and export users and customers <= 1.20.4 - Authenticated (Subscriber+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50ac32ed-f83c-4afc-aac2-a79c69497091?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.20.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-7e3d963887f74672e4d9f1a2c2d7ff76.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-7e3d963887f74672e4d9f1a2c2d7ff76.yaml new file mode 100644 index 0000000000..151abd452f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-7e3d963887f74672e4d9f1a2c2d7ff76.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-7e3d963887f74672e4d9f1a2c2d7ff76 + +info: + name: > + Import and export users and customers <= 1.24.2 - Authenticated(Administrator+) Directory Traversal via Recurring Import Functionality + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac709779-36f1-4f66-8db3-95a514a5ea59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-916825c2b82546703e1e58fc1213738b.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-916825c2b82546703e1e58fc1213738b.yaml new file mode 100644 index 0000000000..3fee9789e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-916825c2b82546703e1e58fc1213738b.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-916825c2b82546703e1e58fc1213738b + +info: + name: > + Import and export users and customers <= 1.26.2 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f56494b7-0552-42d3-b3c6-fe26096f6cf5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.26.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-99e4e1e27563f717d9f8c278b33423ac.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-99e4e1e27563f717d9f8c278b33423ac.yaml new file mode 100644 index 0000000000..dea35e3358 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-99e4e1e27563f717d9f8c278b33423ac.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-99e4e1e27563f717d9f8c278b33423ac + +info: + name: > + Import users from CSV with meta <= 1.12 - Import Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b423aca-e0d2-487d-a861-a2b589c2a62e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-af8e3b1753f58bd7e46c4cccec8f000f.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-af8e3b1753f58bd7e46c4cccec8f000f.yaml new file mode 100644 index 0000000000..c67a4b1a25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-af8e3b1753f58bd7e46c4cccec8f000f.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-af8e3b1753f58bd7e46c4cccec8f000f + +info: + name: > + Import and export users and customers <= 1.14.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/617f3062-2848-4c23-89e4-17a0f0d44977?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.14.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-b7e40dcc40f790ccf1ceff5a8722305f.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-b7e40dcc40f790ccf1ceff5a8722305f.yaml new file mode 100644 index 0000000000..e5e80c44d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-b7e40dcc40f790ccf1ceff5a8722305f.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-b7e40dcc40f790ccf1ceff5a8722305f + +info: + name: > + Import and export users and customers <= 1.19.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27478d23-961d-4a88-adf5-c3cdd79cc10c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.19.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-bd9f222927714cfcc0530ce81d7d73ca.yaml b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-bd9f222927714cfcc0530ce81d7d73ca.yaml new file mode 100644 index 0000000000..de6b8cda1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-users-from-csv-with-meta-bd9f222927714cfcc0530ce81d7d73ca.yaml @@ -0,0 +1,58 @@ +id: import-users-from-csv-with-meta-bd9f222927714cfcc0530ce81d7d73ca + +info: + name: > + Import and export users and customers <= 1.24.6 - Missing Authorization via fire_cron REST endpoint + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/428feddb-c8c3-49a7-8e01-dc548c184229?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-users-from-csv-with-meta/" + google-query: inurl:"/wp-content/plugins/import-users-from-csv-with-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-users-from-csv-with-meta,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-users-from-csv-with-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-users-from-csv-with-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-xml-feed-467a5580ac1383352cd27bfadc2d264b.yaml b/nuclei-templates/cve-less/plugins/import-xml-feed-467a5580ac1383352cd27bfadc2d264b.yaml new file mode 100644 index 0000000000..9a78f383c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-xml-feed-467a5580ac1383352cd27bfadc2d264b.yaml @@ -0,0 +1,58 @@ +id: import-xml-feed-467a5580ac1383352cd27bfadc2d264b + +info: + name: > + Import XML and RSS Feeds <= 2.1.5 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cecf1bcc-ed3e-430c-80d4-d940416eed9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-xml-feed/" + google-query: inurl:"/wp-content/plugins/import-xml-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-xml-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-xml-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-xml-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-xml-feed-907bd7e9131bb850756aeaa09ab79dfd.yaml b/nuclei-templates/cve-less/plugins/import-xml-feed-907bd7e9131bb850756aeaa09ab79dfd.yaml new file mode 100644 index 0000000000..b336f92852 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-xml-feed-907bd7e9131bb850756aeaa09ab79dfd.yaml @@ -0,0 +1,58 @@ +id: import-xml-feed-907bd7e9131bb850756aeaa09ab79dfd + +info: + name: > + Import XML and RSS Feeds <= 2.0.2 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eccc47cb-9078-405b-9b09-2e14e72ee005?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-xml-feed/" + google-query: inurl:"/wp-content/plugins/import-xml-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-xml-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-xml-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-xml-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-xml-feed-9ab53108097247c27c02dfd755c3ffcf.yaml b/nuclei-templates/cve-less/plugins/import-xml-feed-9ab53108097247c27c02dfd755c3ffcf.yaml new file mode 100644 index 0000000000..e1cedfde37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-xml-feed-9ab53108097247c27c02dfd755c3ffcf.yaml @@ -0,0 +1,58 @@ +id: import-xml-feed-9ab53108097247c27c02dfd755c3ffcf + +info: + name: > + Import XML and RSS Feeds <= 2.1.3 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f45b4c43-c6c4-41da-bd59-9a355800815a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-xml-feed/" + google-query: inurl:"/wp-content/plugins/import-xml-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-xml-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-xml-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-xml-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/import-xml-feed-fe6825f2b761786a96cd0f4fa3afa83c.yaml b/nuclei-templates/cve-less/plugins/import-xml-feed-fe6825f2b761786a96cd0f4fa3afa83c.yaml new file mode 100644 index 0000000000..af4850e7a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/import-xml-feed-fe6825f2b761786a96cd0f4fa3afa83c.yaml @@ -0,0 +1,58 @@ +id: import-xml-feed-fe6825f2b761786a96cd0f4fa3afa83c + +info: + name: > + Import XML and RSS Feeds <= 2.1.4 - Unauthenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0856920-5463-4dd3-a4fd-e56901a89b83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/import-xml-feed/" + google-query: inurl:"/wp-content/plugins/import-xml-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,import-xml-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/import-xml-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "import-xml-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/importify-949bd129fe1adc15bb7653ff308658f2.yaml b/nuclei-templates/cve-less/plugins/importify-949bd129fe1adc15bb7653ff308658f2.yaml new file mode 100644 index 0000000000..cedd56b28b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/importify-949bd129fe1adc15bb7653ff308658f2.yaml @@ -0,0 +1,58 @@ +id: importify-949bd129fe1adc15bb7653ff308658f2 + +info: + name: > + Importify <= 1.0.4 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/830ff660-0265-46e5-8d16-ecd03cdf9f52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/importify/" + google-query: inurl:"/wp-content/plugins/importify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,importify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/importify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "importify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/impreza-a94493070aaa329d2ae39d70dc712c09.yaml b/nuclei-templates/cve-less/plugins/impreza-a94493070aaa329d2ae39d70dc712c09.yaml new file mode 100644 index 0000000000..e0e714db96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/impreza-a94493070aaa329d2ae39d70dc712c09.yaml @@ -0,0 +1,58 @@ +id: impreza-a94493070aaa329d2ae39d70dc712c09 + +info: + name: > + Impreza <= 8.17.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bd931a9-18ec-48fa-9382-d4c2d99258c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/impreza/" + google-query: inurl:"/wp-content/plugins/impreza/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,impreza,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/impreza/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "impreza" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.17.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/improved-include-page-300fd59e3797ac35e26fb3e33490ca99.yaml b/nuclei-templates/cve-less/plugins/improved-include-page-300fd59e3797ac35e26fb3e33490ca99.yaml new file mode 100644 index 0000000000..9bff565102 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/improved-include-page-300fd59e3797ac35e26fb3e33490ca99.yaml @@ -0,0 +1,58 @@ +id: improved-include-page-300fd59e3797ac35e26fb3e33490ca99 + +info: + name: > + Improved Include Page <= 1.2 - Authenticated (Contributor+) Arbitrary Posts/Pages Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ced4a635-f579-41fb-840c-3ba54dbe92c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/improved-include-page/" + google-query: inurl:"/wp-content/plugins/improved-include-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,improved-include-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/improved-include-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "improved-include-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/improved-sale-badges-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/improved-sale-badges-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..312491534d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/improved-sale-badges-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: improved-sale-badges-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/improved-sale-badges/" + google-query: inurl:"/wp-content/plugins/improved-sale-badges/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,improved-sale-badges,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/improved-sale-badges/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "improved-sale-badges" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/improved-user-search-in-backend-aa15ef609effcca1e90c81c1a7f1d631.yaml b/nuclei-templates/cve-less/plugins/improved-user-search-in-backend-aa15ef609effcca1e90c81c1a7f1d631.yaml new file mode 100644 index 0000000000..66015ca806 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/improved-user-search-in-backend-aa15ef609effcca1e90c81c1a7f1d631.yaml @@ -0,0 +1,58 @@ +id: improved-user-search-in-backend-aa15ef609effcca1e90c81c1a7f1d631 + +info: + name: > + Improved User Search in Backend <= 1.2.5 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e8abe63-c11b-48e7-8867-3bc1ab940b1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/improved-user-search-in-backend/" + google-query: inurl:"/wp-content/plugins/improved-user-search-in-backend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,improved-user-search-in-backend,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/improved-user-search-in-backend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "improved-user-search-in-backend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/improved-variable-product-attributes-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/improved-variable-product-attributes-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..c083ec35e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/improved-variable-product-attributes-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: improved-variable-product-attributes-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/improved-variable-product-attributes/" + google-query: inurl:"/wp-content/plugins/improved-variable-product-attributes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,improved-variable-product-attributes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/improved-variable-product-attributes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "improved-variable-product-attributes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/inactive-logout-a7d769783ca2c437e9a1a4760da51769.yaml b/nuclei-templates/cve-less/plugins/inactive-logout-a7d769783ca2c437e9a1a4760da51769.yaml new file mode 100644 index 0000000000..629b1a68cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/inactive-logout-a7d769783ca2c437e9a1a4760da51769.yaml @@ -0,0 +1,58 @@ +id: inactive-logout-a7d769783ca2c437e9a1a4760da51769 + +info: + name: > + Inactive Logout <= 3.2.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c583ef34-ddec-4d6c-9685-ef4bce5e785e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/inactive-logout/" + google-query: inurl:"/wp-content/plugins/inactive-logout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,inactive-logout,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/inactive-logout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "inactive-logout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/inactive-user-deleter-4b89abc62fd406d908566683e2dcbf5a.yaml b/nuclei-templates/cve-less/plugins/inactive-user-deleter-4b89abc62fd406d908566683e2dcbf5a.yaml new file mode 100644 index 0000000000..6f7b0a34a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/inactive-user-deleter-4b89abc62fd406d908566683e2dcbf5a.yaml @@ -0,0 +1,58 @@ +id: inactive-user-deleter-4b89abc62fd406d908566683e2dcbf5a + +info: + name: > + Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f3c706f-fcce-4bcb-9773-ced011bf6407?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/inactive-user-deleter/" + google-query: inurl:"/wp-content/plugins/inactive-user-deleter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,inactive-user-deleter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/inactive-user-deleter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "inactive-user-deleter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/include-me-7df4ba3c146c5caf3d402ff70333f208.yaml b/nuclei-templates/cve-less/plugins/include-me-7df4ba3c146c5caf3d402ff70333f208.yaml new file mode 100644 index 0000000000..244cc84820 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/include-me-7df4ba3c146c5caf3d402ff70333f208.yaml @@ -0,0 +1,58 @@ +id: include-me-7df4ba3c146c5caf3d402ff70333f208 + +info: + name: > + Include Me <= 1.2.1 - Local File Inclusion leading to Authenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75ac23b7-bcc0-41ce-8cfc-e1de3954d169?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/include-me/" + google-query: inurl:"/wp-content/plugins/include-me/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,include-me,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/include-me/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "include-me" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/incoming-links-1c5999a1196a6e32d7eacb9ae11f1a81.yaml b/nuclei-templates/cve-less/plugins/incoming-links-1c5999a1196a6e32d7eacb9ae11f1a81.yaml new file mode 100644 index 0000000000..4a5d14a8ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/incoming-links-1c5999a1196a6e32d7eacb9ae11f1a81.yaml @@ -0,0 +1,58 @@ +id: incoming-links-1c5999a1196a6e32d7eacb9ae11f1a81 + +info: + name: > + Incoming Links < 0.9.10b - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cd92993-1cda-46dc-8318-f2e938bff262?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/incoming-links/" + google-query: inurl:"/wp-content/plugins/incoming-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,incoming-links,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/incoming-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "incoming-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.9.10b') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/indeed-job-importer-738cbcde2d8ae9b069d1cee10adc6b90.yaml b/nuclei-templates/cve-less/plugins/indeed-job-importer-738cbcde2d8ae9b069d1cee10adc6b90.yaml new file mode 100644 index 0000000000..8919611945 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/indeed-job-importer-738cbcde2d8ae9b069d1cee10adc6b90.yaml @@ -0,0 +1,58 @@ +id: indeed-job-importer-738cbcde2d8ae9b069d1cee10adc6b90 + +info: + name: > + Indeed Job Importer <= 1.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/712e9754-a6f2-43b5-97be-9d23970b46ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/indeed-job-importer/" + google-query: inurl:"/wp-content/plugins/indeed-job-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,indeed-job-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/indeed-job-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "indeed-job-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/indexisto-12f4cc2153036a3efd08424c8d4576c6.yaml b/nuclei-templates/cve-less/plugins/indexisto-12f4cc2153036a3efd08424c8d4576c6.yaml new file mode 100644 index 0000000000..75dcfbccac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/indexisto-12f4cc2153036a3efd08424c8d4576c6.yaml @@ -0,0 +1,58 @@ +id: indexisto-12f4cc2153036a3efd08424c8d4576c6 + +info: + name: > + Indexisto <= 1.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae53b67a-1df9-499a-a232-cf7560a3cf02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/indexisto/" + google-query: inurl:"/wp-content/plugins/indexisto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,indexisto,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/indexisto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "indexisto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/indianic-testimonial-8a1017de3d1fd72aa86eae06b4f6a456.yaml b/nuclei-templates/cve-less/plugins/indianic-testimonial-8a1017de3d1fd72aa86eae06b4f6a456.yaml new file mode 100644 index 0000000000..9c79c0858d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/indianic-testimonial-8a1017de3d1fd72aa86eae06b4f6a456.yaml @@ -0,0 +1,58 @@ +id: indianic-testimonial-8a1017de3d1fd72aa86eae06b4f6a456 + +info: + name: > + Testimonial < 2.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96fc3ead-7ae4-4d2c-a0b5-13f3e3bf429b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/indianic-testimonial/" + google-query: inurl:"/wp-content/plugins/indianic-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,indianic-testimonial,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/indianic-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "indianic-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/indianic-testimonial-bc1fc73bd669dca4197ffa756353cd75.yaml b/nuclei-templates/cve-less/plugins/indianic-testimonial-bc1fc73bd669dca4197ffa756353cd75.yaml new file mode 100644 index 0000000000..ea63d8413b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/indianic-testimonial-bc1fc73bd669dca4197ffa756353cd75.yaml @@ -0,0 +1,58 @@ +id: indianic-testimonial-bc1fc73bd669dca4197ffa756353cd75 + +info: + name: > + Testimonial < 2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d37b10f7-ea20-47cb-913a-4286c2ee2771?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/indianic-testimonial/" + google-query: inurl:"/wp-content/plugins/indianic-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,indianic-testimonial,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/indianic-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "indianic-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/indieweb-post-kinds-76874a7b4a83992edc7c544ab3ce90f7.yaml b/nuclei-templates/cve-less/plugins/indieweb-post-kinds-76874a7b4a83992edc7c544ab3ce90f7.yaml new file mode 100644 index 0000000000..bde4b99ba2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/indieweb-post-kinds-76874a7b4a83992edc7c544ab3ce90f7.yaml @@ -0,0 +1,58 @@ +id: indieweb-post-kinds-76874a7b4a83992edc7c544ab3ce90f7 + +info: + name: > + Post Kinds < 1.3.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d570009f-0011-485a-bd14-f511cb2b60d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/indieweb-post-kinds/" + google-query: inurl:"/wp-content/plugins/indieweb-post-kinds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,indieweb-post-kinds,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/indieweb-post-kinds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "indieweb-post-kinds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/indigitall-web-push-notifications-2c744f500a4cb530f5a915c698c40d99.yaml b/nuclei-templates/cve-less/plugins/indigitall-web-push-notifications-2c744f500a4cb530f5a915c698c40d99.yaml new file mode 100644 index 0000000000..e8f38b7d91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/indigitall-web-push-notifications-2c744f500a4cb530f5a915c698c40d99.yaml @@ -0,0 +1,58 @@ +id: indigitall-web-push-notifications-2c744f500a4cb530f5a915c698c40d99 + +info: + name: > + IURNY by INDIGITALL – WhatsApp Chat, Web Push Notifications (FREE) <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/919d31a8-932e-438b-a039-89a24781524c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/indigitall-web-push-notifications/" + google-query: inurl:"/wp-content/plugins/indigitall-web-push-notifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,indigitall-web-push-notifications,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/indigitall-web-push-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "indigitall-web-push-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/infogram-b0923245191ee8b19827587a90615915.yaml b/nuclei-templates/cve-less/plugins/infogram-b0923245191ee8b19827587a90615915.yaml new file mode 100644 index 0000000000..42cc9a9963 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/infogram-b0923245191ee8b19827587a90615915.yaml @@ -0,0 +1,58 @@ +id: infogram-b0923245191ee8b19827587a90615915 + +info: + name: > + Infogram <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72e1482c-0f55-4f43-8590-d4f2758f0eea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/infogram/" + google-query: inurl:"/wp-content/plugins/infogram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,infogram,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infogram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infogram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/infographic-and-list-builder-ilist-1de8ccd3e6be5fc258bf58b1985495c8.yaml b/nuclei-templates/cve-less/plugins/infographic-and-list-builder-ilist-1de8ccd3e6be5fc258bf58b1985495c8.yaml new file mode 100644 index 0000000000..1aa798ddea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/infographic-and-list-builder-ilist-1de8ccd3e6be5fc258bf58b1985495c8.yaml @@ -0,0 +1,58 @@ +id: infographic-and-list-builder-ilist-1de8ccd3e6be5fc258bf58b1985495c8 + +info: + name: > + Infographic Maker – iList <= 4.3.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad4878fb-dd0f-473b-9887-d993a89fedd2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/infographic-and-list-builder-ilist/" + google-query: inurl:"/wp-content/plugins/infographic-and-list-builder-ilist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,infographic-and-list-builder-ilist,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infographic-and-list-builder-ilist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infographic-and-list-builder-ilist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/infographic-and-list-builder-ilist-d3e0f1a758bd59446de5b7d7cf2ab987.yaml b/nuclei-templates/cve-less/plugins/infographic-and-list-builder-ilist-d3e0f1a758bd59446de5b7d7cf2ab987.yaml new file mode 100644 index 0000000000..932c4dacde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/infographic-and-list-builder-ilist-d3e0f1a758bd59446de5b7d7cf2ab987.yaml @@ -0,0 +1,58 @@ +id: infographic-and-list-builder-ilist-d3e0f1a758bd59446de5b7d7cf2ab987 + +info: + name: > + AI Infographic Maker <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/918c418a-9d86-461d-91cb-33d04010c577?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/infographic-and-list-builder-ilist/" + google-query: inurl:"/wp-content/plugins/infographic-and-list-builder-ilist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,infographic-and-list-builder-ilist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infographic-and-list-builder-ilist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infographic-and-list-builder-ilist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/information-reel-2e8c881d695b74f611068f96c80b3487.yaml b/nuclei-templates/cve-less/plugins/information-reel-2e8c881d695b74f611068f96c80b3487.yaml new file mode 100644 index 0000000000..ac4ac2686e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/information-reel-2e8c881d695b74f611068f96c80b3487.yaml @@ -0,0 +1,58 @@ +id: information-reel-2e8c881d695b74f611068f96c80b3487 + +info: + name: > + Information Reel <= 10.0 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64db63e5-ff76-494a-be4f-d820f0cc9ab0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/information-reel/" + google-query: inurl:"/wp-content/plugins/information-reel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,information-reel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/information-reel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "information-reel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/infusionsoft-731c10dcd4a65ca76382b001a77071bb.yaml b/nuclei-templates/cve-less/plugins/infusionsoft-731c10dcd4a65ca76382b001a77071bb.yaml new file mode 100644 index 0000000000..f385865bef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/infusionsoft-731c10dcd4a65ca76382b001a77071bb.yaml @@ -0,0 +1,58 @@ +id: infusionsoft-731c10dcd4a65ca76382b001a77071bb + +info: + name: > + Infusionsoft Gravity Forms Add-on <= 1.5.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c3726fa-e3ee-4c5d-a727-b33d0d077ef1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/infusionsoft/" + google-query: inurl:"/wp-content/plugins/infusionsoft/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,infusionsoft,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infusionsoft/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infusionsoft" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/infusionsoft-8a7ecb10c894553e29bd44217c769b5a.yaml b/nuclei-templates/cve-less/plugins/infusionsoft-8a7ecb10c894553e29bd44217c769b5a.yaml new file mode 100644 index 0000000000..0c04279d63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/infusionsoft-8a7ecb10c894553e29bd44217c769b5a.yaml @@ -0,0 +1,58 @@ +id: infusionsoft-8a7ecb10c894553e29bd44217c769b5a + +info: + name: > + Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/862ab8c7-c4af-437e-a72d-31a401cd1765?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/infusionsoft/" + google-query: inurl:"/wp-content/plugins/infusionsoft/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,infusionsoft,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infusionsoft/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infusionsoft" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/infusionsoft-eb2bb0feddcf3b5f17093cd80034744c.yaml b/nuclei-templates/cve-less/plugins/infusionsoft-eb2bb0feddcf3b5f17093cd80034744c.yaml new file mode 100644 index 0000000000..5de25f262e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/infusionsoft-eb2bb0feddcf3b5f17093cd80034744c.yaml @@ -0,0 +1,58 @@ +id: infusionsoft-eb2bb0feddcf3b5f17093cd80034744c + +info: + name: > + Infusionsoft Gravity Forms Add-on 1.5.3 - 1.5.10 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8840bb3c-3e4b-48d5-bf01-2ed9bcfcf27a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/infusionsoft/" + google-query: inurl:"/wp-content/plugins/infusionsoft/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,infusionsoft,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infusionsoft/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infusionsoft" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.5.3', '<= 1.5.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/infusionsoft-landing-pages-31325fd9d39a9b170e5825b91f943680.yaml b/nuclei-templates/cve-less/plugins/infusionsoft-landing-pages-31325fd9d39a9b170e5825b91f943680.yaml new file mode 100644 index 0000000000..45919e13a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/infusionsoft-landing-pages-31325fd9d39a9b170e5825b91f943680.yaml @@ -0,0 +1,58 @@ +id: infusionsoft-landing-pages-31325fd9d39a9b170e5825b91f943680 + +info: + name: > + Keap Landing Pages <= 1.4.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/113f0cb7-a5eb-42d5-ad42-871c0381b617?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/infusionsoft-landing-pages/" + google-query: inurl:"/wp-content/plugins/infusionsoft-landing-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,infusionsoft-landing-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infusionsoft-landing-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infusionsoft-landing-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/infusionsoft-official-opt-in-forms-3c962311490d35eba5d44b2a55482b65.yaml b/nuclei-templates/cve-less/plugins/infusionsoft-official-opt-in-forms-3c962311490d35eba5d44b2a55482b65.yaml new file mode 100644 index 0000000000..94e9fb180a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/infusionsoft-official-opt-in-forms-3c962311490d35eba5d44b2a55482b65.yaml @@ -0,0 +1,58 @@ +id: infusionsoft-official-opt-in-forms-3c962311490d35eba5d44b2a55482b65 + +info: + name: > + Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a0f1006-8015-4e67-9b03-16d3ad3c0e77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/infusionsoft-official-opt-in-forms/" + google-query: inurl:"/wp-content/plugins/infusionsoft-official-opt-in-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,infusionsoft-official-opt-in-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infusionsoft-official-opt-in-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infusionsoft-official-opt-in-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/infusionsoft-official-opt-in-forms-fa11673c89d7f49c85f8e69d02b295a6.yaml b/nuclei-templates/cve-less/plugins/infusionsoft-official-opt-in-forms-fa11673c89d7f49c85f8e69d02b295a6.yaml new file mode 100644 index 0000000000..21512b223c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/infusionsoft-official-opt-in-forms-fa11673c89d7f49c85f8e69d02b295a6.yaml @@ -0,0 +1,58 @@ +id: infusionsoft-official-opt-in-forms-fa11673c89d7f49c85f8e69d02b295a6 + +info: + name: > + Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33210104-68fc-4d88-b681-b30e7abd6e18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/infusionsoft-official-opt-in-forms/" + google-query: inurl:"/wp-content/plugins/infusionsoft-official-opt-in-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,infusionsoft-official-opt-in-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/infusionsoft-official-opt-in-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "infusionsoft-official-opt-in-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/injection-guard-f1d5eaff1a5d538327565db0438aa59a.yaml b/nuclei-templates/cve-less/plugins/injection-guard-f1d5eaff1a5d538327565db0438aa59a.yaml new file mode 100644 index 0000000000..b9c221490f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/injection-guard-f1d5eaff1a5d538327565db0438aa59a.yaml @@ -0,0 +1,58 @@ +id: injection-guard-f1d5eaff1a5d538327565db0438aa59a + +info: + name: > + Injection Guard <= 1.2.1 - Missing Authorization via ig_update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c6a9cfc-0b30-456e-bac5-4ad79cd08dce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/injection-guard/" + google-query: inurl:"/wp-content/plugins/injection-guard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,injection-guard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/injection-guard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "injection-guard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/inline-google-spreadsheet-viewer-1f04a4a11c02a582deff94a7681096d8.yaml b/nuclei-templates/cve-less/plugins/inline-google-spreadsheet-viewer-1f04a4a11c02a582deff94a7681096d8.yaml new file mode 100644 index 0000000000..753459f75b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/inline-google-spreadsheet-viewer-1f04a4a11c02a582deff94a7681096d8.yaml @@ -0,0 +1,58 @@ +id: inline-google-spreadsheet-viewer-1f04a4a11c02a582deff94a7681096d8 + +info: + name: > + Inline Google Spreadsheet Viewer <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/523e80a5-dffa-4eb6-8f7a-e179e0dc4d28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/inline-google-spreadsheet-viewer/" + google-query: inurl:"/wp-content/plugins/inline-google-spreadsheet-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,inline-google-spreadsheet-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/inline-google-spreadsheet-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "inline-google-spreadsheet-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/inline-google-spreadsheet-viewer-9f8810cd387382963f3ea98eed877722.yaml b/nuclei-templates/cve-less/plugins/inline-google-spreadsheet-viewer-9f8810cd387382963f3ea98eed877722.yaml new file mode 100644 index 0000000000..1650606865 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/inline-google-spreadsheet-viewer-9f8810cd387382963f3ea98eed877722.yaml @@ -0,0 +1,58 @@ +id: inline-google-spreadsheet-viewer-9f8810cd387382963f3ea98eed877722 + +info: + name: > + Inline Google Spreadsheet Viewer <= 0.9.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0543f32-54d4-4180-95c4-c9ddc0e08384?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/inline-google-spreadsheet-viewer/" + google-query: inurl:"/wp-content/plugins/inline-google-spreadsheet-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,inline-google-spreadsheet-viewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/inline-google-spreadsheet-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "inline-google-spreadsheet-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/inline-tweet-sharer-44d79c88f80918a39ad3735f87916ce8.yaml b/nuclei-templates/cve-less/plugins/inline-tweet-sharer-44d79c88f80918a39ad3735f87916ce8.yaml new file mode 100644 index 0000000000..7c8cd349e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/inline-tweet-sharer-44d79c88f80918a39ad3735f87916ce8.yaml @@ -0,0 +1,58 @@ +id: inline-tweet-sharer-44d79c88f80918a39ad3735f87916ce8 + +info: + name: > + Inline Tweet Sharer <= 2.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a85b549-f6a4-4dc3-9f2a-35d783099f96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/inline-tweet-sharer/" + google-query: inurl:"/wp-content/plugins/inline-tweet-sharer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,inline-tweet-sharer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/inline-tweet-sharer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "inline-tweet-sharer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/inlinks-94786cf22c04d1dd0ce4fe28ab98e98a.yaml b/nuclei-templates/cve-less/plugins/inlinks-94786cf22c04d1dd0ce4fe28ab98e98a.yaml new file mode 100644 index 0000000000..e479a08744 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/inlinks-94786cf22c04d1dd0ce4fe28ab98e98a.yaml @@ -0,0 +1,58 @@ +id: inlinks-94786cf22c04d1dd0ce4fe28ab98e98a + +info: + name: > + InLinks <= 1.1 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/682b40ad-ca62-47eb-9abc-fd43122d11c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/inlinks/" + google-query: inurl:"/wp-content/plugins/inlinks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,inlinks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/inlinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "inlinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/innovs-hr-manager-e14959fa43bbd40e929542fe49cd89d7.yaml b/nuclei-templates/cve-less/plugins/innovs-hr-manager-e14959fa43bbd40e929542fe49cd89d7.yaml new file mode 100644 index 0000000000..3f796c1e21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/innovs-hr-manager-e14959fa43bbd40e929542fe49cd89d7.yaml @@ -0,0 +1,58 @@ +id: innovs-hr-manager-e14959fa43bbd40e929542fe49cd89d7 + +info: + name: > + Innovs HR – Complete Human Resource Management System for Your Business <= 1.0.3.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e806ca3b-daae-48a2-9923-315dbf86a9e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/innovs-hr-manager/" + google-query: inurl:"/wp-content/plugins/innovs-hr-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,innovs-hr-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/innovs-hr-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "innovs-hr-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/innovs-hr-manager-e6fb630fd086e11cb5135f0bd10ba86b.yaml b/nuclei-templates/cve-less/plugins/innovs-hr-manager-e6fb630fd086e11cb5135f0bd10ba86b.yaml new file mode 100644 index 0000000000..459a4701f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/innovs-hr-manager-e6fb630fd086e11cb5135f0bd10ba86b.yaml @@ -0,0 +1,58 @@ +id: innovs-hr-manager-e6fb630fd086e11cb5135f0bd10ba86b + +info: + name: > + Innovs HR <= 1.0.3.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f43b5c02-fb10-48f1-9457-f67c5008fe5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/innovs-hr-manager/" + google-query: inurl:"/wp-content/plugins/innovs-hr-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,innovs-hr-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/innovs-hr-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "innovs-hr-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/inpost-gallery-ad4acbb771f45212d6935861fe1f4c55.yaml b/nuclei-templates/cve-less/plugins/inpost-gallery-ad4acbb771f45212d6935861fe1f4c55.yaml new file mode 100644 index 0000000000..c5c98f14ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/inpost-gallery-ad4acbb771f45212d6935861fe1f4c55.yaml @@ -0,0 +1,58 @@ +id: inpost-gallery-ad4acbb771f45212d6935861fe1f4c55 + +info: + name: > + InPost Gallery <= 2.1.4.1 - Reflected Cross-Site Scripting via 'imgurl' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69fd66db-5693-4976-96c0-60dbfeccd14f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/inpost-gallery/" + google-query: inurl:"/wp-content/plugins/inpost-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,inpost-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/inpost-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "inpost-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/inpost-gallery-b3a55c8660f19eddef4075e293b358ed.yaml b/nuclei-templates/cve-less/plugins/inpost-gallery-b3a55c8660f19eddef4075e293b358ed.yaml new file mode 100644 index 0000000000..14156b9925 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/inpost-gallery-b3a55c8660f19eddef4075e293b358ed.yaml @@ -0,0 +1,58 @@ +id: inpost-gallery-b3a55c8660f19eddef4075e293b358ed + +info: + name: > + InPost Gallery <= 2.1.4.1 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c7a0b51-6626-449f-95f5-74c4847909de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/inpost-gallery/" + google-query: inurl:"/wp-content/plugins/inpost-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,inpost-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/inpost-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "inpost-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insecure-content-warning-bc55ea7b509124d1a77831d4400c5030.yaml b/nuclei-templates/cve-less/plugins/insecure-content-warning-bc55ea7b509124d1a77831d4400c5030.yaml new file mode 100644 index 0000000000..0122406487 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insecure-content-warning-bc55ea7b509124d1a77831d4400c5030.yaml @@ -0,0 +1,58 @@ +id: insecure-content-warning-bc55ea7b509124d1a77831d4400c5030 + +info: + name: > + simple-git < 3.16.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46fdd494-8073-4a68-a4ab-1f5767011f67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insecure-content-warning/" + google-query: inurl:"/wp-content/plugins/insecure-content-warning/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insecure-content-warning,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insecure-content-warning/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insecure-content-warning" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-estimated-reading-time-027f8eecce0a5762cf1bc3cc2ca92e8d.yaml b/nuclei-templates/cve-less/plugins/insert-estimated-reading-time-027f8eecce0a5762cf1bc3cc2ca92e8d.yaml new file mode 100644 index 0000000000..7f4125ed45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-estimated-reading-time-027f8eecce0a5762cf1bc3cc2ca92e8d.yaml @@ -0,0 +1,58 @@ +id: insert-estimated-reading-time-027f8eecce0a5762cf1bc3cc2ca92e8d + +info: + name: > + Insert Estimated Reading Time <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45426cdd-2721-4959-8f0b-13025f775d62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-estimated-reading-time/" + google-query: inurl:"/wp-content/plugins/insert-estimated-reading-time/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-estimated-reading-time,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-estimated-reading-time/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-estimated-reading-time" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-headers-and-footers-759e637db585d6ba715dddf7878712c3.yaml b/nuclei-templates/cve-less/plugins/insert-headers-and-footers-759e637db585d6ba715dddf7878712c3.yaml new file mode 100644 index 0000000000..e6885d9359 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-headers-and-footers-759e637db585d6ba715dddf7878712c3.yaml @@ -0,0 +1,58 @@ +id: insert-headers-and-footers-759e637db585d6ba715dddf7878712c3 + +info: + name: > + WPCode <= 2.0.13 - Unauthenticated Reflected Cross-Site Scripting via Tag Filter Links + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f2ebd89-d34f-4f08-9654-049355fdfa3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-headers-and-footers/" + google-query: inurl:"/wp-content/plugins/insert-headers-and-footers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-headers-and-footers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-headers-and-footers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-headers-and-footers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-headers-and-footers-88444b55ba593f6267560d3998cc950b.yaml b/nuclei-templates/cve-less/plugins/insert-headers-and-footers-88444b55ba593f6267560d3998cc950b.yaml new file mode 100644 index 0000000000..c67361ae96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-headers-and-footers-88444b55ba593f6267560d3998cc950b.yaml @@ -0,0 +1,58 @@ +id: insert-headers-and-footers-88444b55ba593f6267560d3998cc950b + +info: + name: > + WPCode <= 2.0.6 - Missing Authorization to Sensitive Key Disclosure/Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4b1cae3-dc08-43b1-9a20-62b7263efeba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-headers-and-footers/" + google-query: inurl:"/wp-content/plugins/insert-headers-and-footers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-headers-and-footers,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-headers-and-footers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-headers-and-footers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-headers-and-footers-b12b3184228f1ba6313c71b9719c05ba.yaml b/nuclei-templates/cve-less/plugins/insert-headers-and-footers-b12b3184228f1ba6313c71b9719c05ba.yaml new file mode 100644 index 0000000000..f2bb25c5ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-headers-and-footers-b12b3184228f1ba6313c71b9719c05ba.yaml @@ -0,0 +1,58 @@ +id: insert-headers-and-footers-b12b3184228f1ba6313c71b9719c05ba + +info: + name: > + WPCode <= 2.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e52c53c1-4f04-4075-9329-d93fabf5a6ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-headers-and-footers/" + google-query: inurl:"/wp-content/plugins/insert-headers-and-footers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-headers-and-footers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-headers-and-footers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-headers-and-footers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-243ee6cead272cdb6dc2ad831bc4986e.yaml b/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-243ee6cead272cdb6dc2ad831bc4986e.yaml new file mode 100644 index 0000000000..5fa5c84af0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-243ee6cead272cdb6dc2ad831bc4986e.yaml @@ -0,0 +1,58 @@ +id: insert-or-embed-articulate-content-into-wordpress-243ee6cead272cdb6dc2ad831bc4986e + +info: + name: > + Insert or Embed Articulate Content into WordPress < 4.2999 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7be28b54-def9-46b7-bb59-58b0ae5ea674?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/" + google-query: inurl:"/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-or-embed-articulate-content-into-wordpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-or-embed-articulate-content-into-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2999') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-867b85000a9162268b1ddc0673082505.yaml b/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-867b85000a9162268b1ddc0673082505.yaml new file mode 100644 index 0000000000..7f072a9917 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-867b85000a9162268b1ddc0673082505.yaml @@ -0,0 +1,58 @@ +id: insert-or-embed-articulate-content-into-wordpress-867b85000a9162268b1ddc0673082505 + +info: + name: > + Insert or Embed Articulate Content into WordPress < 4.29991 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c225bea-78db-4f4c-a201-833436c1df78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/" + google-query: inurl:"/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-or-embed-articulate-content-into-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-or-embed-articulate-content-into-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.29991') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-a841f648b0bdbeeaa745d6da10e2cfec.yaml b/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-a841f648b0bdbeeaa745d6da10e2cfec.yaml new file mode 100644 index 0000000000..2c886f3651 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-or-embed-articulate-content-into-wordpress-a841f648b0bdbeeaa745d6da10e2cfec.yaml @@ -0,0 +1,58 @@ +id: insert-or-embed-articulate-content-into-wordpress-a841f648b0bdbeeaa745d6da10e2cfec + +info: + name: > + Insert or Embed Articulate Content into WordPress <= 4.3000000021 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/128d3046-94a0-465c-9225-a3ce652f5282?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/" + google-query: inurl:"/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-or-embed-articulate-content-into-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-or-embed-articulate-content-into-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3000000021') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-pages-20a34e507c4fa6283c8c06e9c7d18117.yaml b/nuclei-templates/cve-less/plugins/insert-pages-20a34e507c4fa6283c8c06e9c7d18117.yaml new file mode 100644 index 0000000000..c9ca336009 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-pages-20a34e507c4fa6283c8c06e9c7d18117.yaml @@ -0,0 +1,58 @@ +id: insert-pages-20a34e507c4fa6283c8c06e9c7d18117 + +info: + name: > + Insert Pages < 3.2.4 - Authenticated Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9efac984-21ef-4e02-8ead-bf4205ddb38d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-pages/" + google-query: inurl:"/wp-content/plugins/insert-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-pages-474fa03f5b39570acd09bb99c310528b.yaml b/nuclei-templates/cve-less/plugins/insert-pages-474fa03f5b39570acd09bb99c310528b.yaml new file mode 100644 index 0000000000..91ee21e133 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-pages-474fa03f5b39570acd09bb99c310528b.yaml @@ -0,0 +1,58 @@ +id: insert-pages-474fa03f5b39570acd09bb99c310528b + +info: + name: > + Insert Pages <= 3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0336e35-eb3c-4613-b8a2-fac7b837eb6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-pages/" + google-query: inurl:"/wp-content/plugins/insert-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-pages-888c0d96bb5c45a5559094f92be9b42d.yaml b/nuclei-templates/cve-less/plugins/insert-pages-888c0d96bb5c45a5559094f92be9b42d.yaml new file mode 100644 index 0000000000..a9f8efe439 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-pages-888c0d96bb5c45a5559094f92be9b42d.yaml @@ -0,0 +1,58 @@ +id: insert-pages-888c0d96bb5c45a5559094f92be9b42d + +info: + name: > + Insert Pages <= 3.6.1 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e780461-3fda-491d-ac77-dee52f8197b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-pages/" + google-query: inurl:"/wp-content/plugins/insert-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-pages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-pages-91f8f23098584a64320691c5f2d0c50b.yaml b/nuclei-templates/cve-less/plugins/insert-pages-91f8f23098584a64320691c5f2d0c50b.yaml new file mode 100644 index 0000000000..2dc456cee2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-pages-91f8f23098584a64320691c5f2d0c50b.yaml @@ -0,0 +1,58 @@ +id: insert-pages-91f8f23098584a64320691c5f2d0c50b + +info: + name: > + Insert Pages <= 3.6.1 - Contributor+ Arbitrary Posts/Pages Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ee47f62-93f5-40ed-8c1d-555a21eb714a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-pages/" + google-query: inurl:"/wp-content/plugins/insert-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-php-57aad3805a9f2a510911c9b341933d75.yaml b/nuclei-templates/cve-less/plugins/insert-php-57aad3805a9f2a510911c9b341933d75.yaml new file mode 100644 index 0000000000..592a765a39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-php-57aad3805a9f2a510911c9b341933d75.yaml @@ -0,0 +1,58 @@ +id: insert-php-57aad3805a9f2a510911c9b341933d75 + +info: + name: > + Woody Ad Snippets <= 2.2.5 - Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/069bd7ab-1b78-4465-8e13-5ef903f7e45f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-php/" + google-query: inurl:"/wp-content/plugins/insert-php/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-php,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-php" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-php-57e5d2556ce7902a3bd2de5a68a6b052.yaml b/nuclei-templates/cve-less/plugins/insert-php-57e5d2556ce7902a3bd2de5a68a6b052.yaml new file mode 100644 index 0000000000..24e5902cbc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-php-57e5d2556ce7902a3bd2de5a68a6b052.yaml @@ -0,0 +1,58 @@ +id: insert-php-57e5d2556ce7902a3bd2de5a68a6b052 + +info: + name: > + Woody code snippets <= 2.3.9 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e573c0a4-d053-400b-828c-0d0eca880776?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-php/" + google-query: inurl:"/wp-content/plugins/insert-php/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-php,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-php" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-php-c3c6968289de386f0f53996017935a1d.yaml b/nuclei-templates/cve-less/plugins/insert-php-c3c6968289de386f0f53996017935a1d.yaml new file mode 100644 index 0000000000..6e316b331e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-php-c3c6968289de386f0f53996017935a1d.yaml @@ -0,0 +1,58 @@ +id: insert-php-c3c6968289de386f0f53996017935a1d + +info: + name: > + Woody Ad Snippets <= 2.2.8 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11681152-e4f0-4cea-8fc8-f297368e4b15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-php/" + google-query: inurl:"/wp-content/plugins/insert-php/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-php,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-php" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-php-code-snippet-2f6907ee5c2cac6fd791f40374c04e13.yaml b/nuclei-templates/cve-less/plugins/insert-php-code-snippet-2f6907ee5c2cac6fd791f40374c04e13.yaml new file mode 100644 index 0000000000..509702ca78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-php-code-snippet-2f6907ee5c2cac6fd791f40374c04e13.yaml @@ -0,0 +1,58 @@ +id: insert-php-code-snippet-2f6907ee5c2cac6fd791f40374c04e13 + +info: + name: > + Insert PHP Code Snippet <= 1.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-php-code-snippet/" + google-query: inurl:"/wp-content/plugins/insert-php-code-snippet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-php-code-snippet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-php-code-snippet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-php-code-snippet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-php-d815b281c1937dc0ed5e942ec305999d.yaml b/nuclei-templates/cve-less/plugins/insert-php-d815b281c1937dc0ed5e942ec305999d.yaml new file mode 100644 index 0000000000..a73b839627 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-php-d815b281c1937dc0ed5e942ec305999d.yaml @@ -0,0 +1,58 @@ +id: insert-php-d815b281c1937dc0ed5e942ec305999d + +info: + name: > + Woody Ad Snippets <= 2.2.4 - Missing Authorization to Settings Import + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/942ae035-91b3-4330-800c-2dbe94a4b4b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-php/" + google-query: inurl:"/wp-content/plugins/insert-php/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-php,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-php/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-php" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-special-characters-1951707b594e6f4a4e8e4243b43c9841.yaml b/nuclei-templates/cve-less/plugins/insert-special-characters-1951707b594e6f4a4e8e4243b43c9841.yaml new file mode 100644 index 0000000000..2065debba7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-special-characters-1951707b594e6f4a4e8e4243b43c9841.yaml @@ -0,0 +1,58 @@ +id: insert-special-characters-1951707b594e6f4a4e8e4243b43c9841 + +info: + name: > + loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb93138-f2f9-4a3f-a0a2-d79a315c44f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-special-characters/" + google-query: inurl:"/wp-content/plugins/insert-special-characters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-special-characters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-special-characters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-special-characters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-special-characters-54bc1daf26907dc59a5c7876a142ff1b.yaml b/nuclei-templates/cve-less/plugins/insert-special-characters-54bc1daf26907dc59a5c7876a142ff1b.yaml new file mode 100644 index 0000000000..321979cfa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-special-characters-54bc1daf26907dc59a5c7876a142ff1b.yaml @@ -0,0 +1,58 @@ +id: insert-special-characters-54bc1daf26907dc59a5c7876a142ff1b + +info: + name: > + loader-utils (JS package) < 2.0.3 - Prototype Pollution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45a49dca-2ed2-44cf-a0fe-0f1440a78cc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-special-characters/" + google-query: inurl:"/wp-content/plugins/insert-special-characters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-special-characters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-special-characters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-special-characters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-special-characters-73081b1f6f4e13a9e6e969eba5e746fc.yaml b/nuclei-templates/cve-less/plugins/insert-special-characters-73081b1f6f4e13a9e6e969eba5e746fc.yaml new file mode 100644 index 0000000000..915bc8e133 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-special-characters-73081b1f6f4e13a9e6e969eba5e746fc.yaml @@ -0,0 +1,58 @@ +id: insert-special-characters-73081b1f6f4e13a9e6e969eba5e746fc + +info: + name: > + simple-git < 3.15.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c747e6f-31fc-41b0-ba62-f009b5483696?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-special-characters/" + google-query: inurl:"/wp-content/plugins/insert-special-characters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-special-characters,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-special-characters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-special-characters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-special-characters-8de18da384e81ad90d91fef5286d3d00.yaml b/nuclei-templates/cve-less/plugins/insert-special-characters-8de18da384e81ad90d91fef5286d3d00.yaml new file mode 100644 index 0000000000..c96e6420d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-special-characters-8de18da384e81ad90d91fef5286d3d00.yaml @@ -0,0 +1,58 @@ +id: insert-special-characters-8de18da384e81ad90d91fef5286d3d00 + +info: + name: > + semver-regex <= 3.1.3 and 4.0.0-4.0.3 - Regular Expression Denial of Service (ReDoS) + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e78c539c-5b72-4043-aa5a-6234913364ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-special-characters/" + google-query: inurl:"/wp-content/plugins/insert-special-characters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-special-characters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-special-characters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-special-characters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-special-characters-bd26ccd939104e13f73f569b312459d6.yaml b/nuclei-templates/cve-less/plugins/insert-special-characters-bd26ccd939104e13f73f569b312459d6.yaml new file mode 100644 index 0000000000..27c390d3ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-special-characters-bd26ccd939104e13f73f569b312459d6.yaml @@ -0,0 +1,58 @@ +id: insert-special-characters-bd26ccd939104e13f73f569b312459d6 + +info: + name: > + loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2954a007-37ac-4811-a258-b3fdd738043f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-special-characters/" + google-query: inurl:"/wp-content/plugins/insert-special-characters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-special-characters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-special-characters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-special-characters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-special-characters-dddfaf0e8fc5a7c4646ae5e0730589aa.yaml b/nuclei-templates/cve-less/plugins/insert-special-characters-dddfaf0e8fc5a7c4646ae5e0730589aa.yaml new file mode 100644 index 0000000000..10515b368c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-special-characters-dddfaf0e8fc5a7c4646ae5e0730589aa.yaml @@ -0,0 +1,58 @@ +id: insert-special-characters-dddfaf0e8fc5a7c4646ae5e0730589aa + +info: + name: > + async <= 2.6.3 and 3-3.2.2 - Prototype Pollution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/361315ff-99ef-4fb2-946f-8ccc307bd3be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-special-characters/" + google-query: inurl:"/wp-content/plugins/insert-special-characters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-special-characters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-special-characters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-special-characters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insert-special-characters-fbefbdad33b922acaee6e93ce44b4409.yaml b/nuclei-templates/cve-less/plugins/insert-special-characters-fbefbdad33b922acaee6e93ce44b4409.yaml new file mode 100644 index 0000000000..f51b382d57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insert-special-characters-fbefbdad33b922acaee6e93ce44b4409.yaml @@ -0,0 +1,58 @@ +id: insert-special-characters-fbefbdad33b922acaee6e93ce44b4409 + +info: + name: > + guzzlehttp/psr7 <= 1.84 and 2.0.0-2.1.0 - Improper Input Validation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07b34541-25df-407b-8d56-16e3e510d83a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insert-special-characters/" + google-query: inurl:"/wp-content/plugins/insert-special-characters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insert-special-characters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insert-special-characters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insert-special-characters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insight-core-f70ed327fff0a742246ce2b66447d100.yaml b/nuclei-templates/cve-less/plugins/insight-core-f70ed327fff0a742246ce2b66447d100.yaml new file mode 100644 index 0000000000..defd5e9365 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insight-core-f70ed327fff0a742246ce2b66447d100.yaml @@ -0,0 +1,58 @@ +id: insight-core-f70ed327fff0a742246ce2b66447d100 + +info: + name: > + Insight Core <= 1.0 - Authenticated PHP Object Injection & Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce2edda2-7707-415e-9493-e1067a421f54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insight-core/" + google-query: inurl:"/wp-content/plugins/insight-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insight-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insight-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insight-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/inspirational-quote-rotator-2a97538728d15bbfb55e66c4649885a4.yaml b/nuclei-templates/cve-less/plugins/inspirational-quote-rotator-2a97538728d15bbfb55e66c4649885a4.yaml new file mode 100644 index 0000000000..ca018a8b7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/inspirational-quote-rotator-2a97538728d15bbfb55e66c4649885a4.yaml @@ -0,0 +1,58 @@ +id: inspirational-quote-rotator-2a97538728d15bbfb55e66c4649885a4 + +info: + name: > + Inspirational Quote Rotator <= 1.0.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17e4376e-2b77-4c86-b962-ea4d7d8f534d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/inspirational-quote-rotator/" + google-query: inurl:"/wp-content/plugins/inspirational-quote-rotator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,inspirational-quote-rotator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/inspirational-quote-rotator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "inspirational-quote-rotator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/insta-gallery-a977aa9a4c9e6ea956efab1274f3c128.yaml b/nuclei-templates/cve-less/plugins/insta-gallery-a977aa9a4c9e6ea956efab1274f3c128.yaml new file mode 100644 index 0000000000..9f11d36225 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/insta-gallery-a977aa9a4c9e6ea956efab1274f3c128.yaml @@ -0,0 +1,58 @@ +id: insta-gallery-a977aa9a4c9e6ea956efab1274f3c128 + +info: + name: > + Social Feed Gallery <= 2.4.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/442252f8-2896-44ba-a19c-d153b03b268b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/insta-gallery/" + google-query: inurl:"/wp-content/plugins/insta-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,insta-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/insta-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "insta-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instagram-for-wordpress-b915266e3686714da03f11dc90c6893b.yaml b/nuclei-templates/cve-less/plugins/instagram-for-wordpress-b915266e3686714da03f11dc90c6893b.yaml new file mode 100644 index 0000000000..565381b9b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instagram-for-wordpress-b915266e3686714da03f11dc90c6893b.yaml @@ -0,0 +1,58 @@ +id: instagram-for-wordpress-b915266e3686714da03f11dc90c6893b + +info: + name: > + Instagram for WordPress <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3991d8d0-57a8-42e7-a53c-97508f7e137f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instagram-for-wordpress/" + google-query: inurl:"/wp-content/plugins/instagram-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instagram-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instagram-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instagram-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instagram-slider-widget-965089db43408987ba593ca76bdc2587.yaml b/nuclei-templates/cve-less/plugins/instagram-slider-widget-965089db43408987ba593ca76bdc2587.yaml new file mode 100644 index 0000000000..a7b5e7a07f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instagram-slider-widget-965089db43408987ba593ca76bdc2587.yaml @@ -0,0 +1,58 @@ +id: instagram-slider-widget-965089db43408987ba593ca76bdc2587 + +info: + name: > + Social Slider Widget <= 1.8.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed40b50b-7d70-4abf-8895-2bf891124bae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instagram-slider-widget/" + google-query: inurl:"/wp-content/plugins/instagram-slider-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instagram-slider-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instagram-slider-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instagram-slider-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instagram-widget-by-wpzoom-76fc4346fbb39fa45316aca65b7d5177.yaml b/nuclei-templates/cve-less/plugins/instagram-widget-by-wpzoom-76fc4346fbb39fa45316aca65b7d5177.yaml new file mode 100644 index 0000000000..302e433884 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instagram-widget-by-wpzoom-76fc4346fbb39fa45316aca65b7d5177.yaml @@ -0,0 +1,58 @@ +id: instagram-widget-by-wpzoom-76fc4346fbb39fa45316aca65b7d5177 + +info: + name: > + WPZOOM Social Feed Widget & Block <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3a70510-51c8-49c3-933b-79e79dfb8611?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instagram-widget-by-wpzoom/" + google-query: inurl:"/wp-content/plugins/instagram-widget-by-wpzoom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instagram-widget-by-wpzoom,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instagram-widget-by-wpzoom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instagram-widget-by-wpzoom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instagrate-to-wordpress-87fe64aef58d57af2256ba27b8518630.yaml b/nuclei-templates/cve-less/plugins/instagrate-to-wordpress-87fe64aef58d57af2256ba27b8518630.yaml new file mode 100644 index 0000000000..8949999534 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instagrate-to-wordpress-87fe64aef58d57af2256ba27b8518630.yaml @@ -0,0 +1,58 @@ +id: instagrate-to-wordpress-87fe64aef58d57af2256ba27b8518630 + +info: + name: > + Intagrate Lite <= 1.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bef1d842-5e04-47ea-b318-55f94c941be0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instagrate-to-wordpress/" + google-query: inurl:"/wp-content/plugins/instagrate-to-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instagrate-to-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instagrate-to-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instagrate-to-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instalinker-73153b823b9be5fe13ce41cd22919fc2.yaml b/nuclei-templates/cve-less/plugins/instalinker-73153b823b9be5fe13ce41cd22919fc2.yaml new file mode 100644 index 0000000000..e98bacb2a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instalinker-73153b823b9be5fe13ce41cd22919fc2.yaml @@ -0,0 +1,58 @@ +id: instalinker-73153b823b9be5fe13ce41cd22919fc2 + +info: + name: > + Elfsight Instagram Widget – Instagram Gallery < 1.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee13ee9a-dd53-4124-a7e9-679afe362f58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instalinker/" + google-query: inurl:"/wp-content/plugins/instalinker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instalinker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instalinker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instalinker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instant-css-0dab0a18a0d2f3a2ca1ecadfb8dd6931.yaml b/nuclei-templates/cve-less/plugins/instant-css-0dab0a18a0d2f3a2ca1ecadfb8dd6931.yaml new file mode 100644 index 0000000000..b6740c31a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instant-css-0dab0a18a0d2f3a2ca1ecadfb8dd6931.yaml @@ -0,0 +1,58 @@ +id: instant-css-0dab0a18a0d2f3a2ca1ecadfb8dd6931 + +info: + name: > + Instant CSS <= 1.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30ce93b4-9e2a-4a8c-8590-ffd61d618d31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instant-css/" + google-query: inurl:"/wp-content/plugins/instant-css/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instant-css,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instant-css/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instant-css" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instant-css-417113d5b23fd45edbcf8209f3cff8e9.yaml b/nuclei-templates/cve-less/plugins/instant-css-417113d5b23fd45edbcf8209f3cff8e9.yaml new file mode 100644 index 0000000000..3f3069832b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instant-css-417113d5b23fd45edbcf8209f3cff8e9.yaml @@ -0,0 +1,58 @@ +id: instant-css-417113d5b23fd45edbcf8209f3cff8e9 + +info: + name: > + Instant CSS <= 1.1.4 - Missing Authorization via AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b82a9ae8-ff82-40bf-a5d4-5175daab9146?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instant-css/" + google-query: inurl:"/wp-content/plugins/instant-css/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instant-css,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instant-css/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instant-css" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instant-images-4c925e8fe2ce8185ac5a57769f1ea714.yaml b/nuclei-templates/cve-less/plugins/instant-images-4c925e8fe2ce8185ac5a57769f1ea714.yaml new file mode 100644 index 0000000000..dd768b2adf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instant-images-4c925e8fe2ce8185ac5a57769f1ea714.yaml @@ -0,0 +1,58 @@ +id: instant-images-4c925e8fe2ce8185ac5a57769f1ea714 + +info: + name: > + Instant Images – One Click Unsplash, Pixabay and Pexels Uploads <= 4.4.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b75da76-1a58-4f8e-9b4f-d2e40d09f9ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instant-images/" + google-query: inurl:"/wp-content/plugins/instant-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instant-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instant-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instant-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instant-images-c57f6caa20d50f7b5d4102cef52235b3.yaml b/nuclei-templates/cve-less/plugins/instant-images-c57f6caa20d50f7b5d4102cef52235b3.yaml new file mode 100644 index 0000000000..ef0736df40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instant-images-c57f6caa20d50f7b5d4102cef52235b3.yaml @@ -0,0 +1,58 @@ +id: instant-images-c57f6caa20d50f7b5d4102cef52235b3 + +info: + name: > + Instant Images <= 5.1.0.1 - Authenticated (Author+) Server-Side Request Forgery via instant_images_download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a50e142-59f4-488b-8120-5bf505a9039d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instant-images/" + google-query: inurl:"/wp-content/plugins/instant-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instant-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instant-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instant-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instant-images-f64da1b37b4c50e68b9872eff4ca509b.yaml b/nuclei-templates/cve-less/plugins/instant-images-f64da1b37b4c50e68b9872eff4ca509b.yaml new file mode 100644 index 0000000000..dcc1cbd9e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instant-images-f64da1b37b4c50e68b9872eff4ca509b.yaml @@ -0,0 +1,58 @@ +id: instant-images-f64da1b37b4c50e68b9872eff4ca509b + +info: + name: > + Instant Images <= 6.1.0 - Authenticated (Author+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instant-images/" + google-query: inurl:"/wp-content/plugins/instant-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instant-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instant-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instant-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instasqueeze-be25df600efc2e679e203dcc1fd3ddd8.yaml b/nuclei-templates/cve-less/plugins/instasqueeze-be25df600efc2e679e203dcc1fd3ddd8.yaml new file mode 100644 index 0000000000..a2e1f781fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instasqueeze-be25df600efc2e679e203dcc1fd3ddd8.yaml @@ -0,0 +1,58 @@ +id: instasqueeze-be25df600efc2e679e203dcc1fd3ddd8 + +info: + name: > + InstaSqueeze Sexy Squeeze Pages (All Known Versions) - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b94952-229c-4336-a985-d2f47c89f7de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instasqueeze/" + google-query: inurl:"/wp-content/plugins/instasqueeze/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instasqueeze,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instasqueeze/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instasqueeze" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instawp-connect-01cdcfbe9023d856c9c893d0a0c324ac.yaml b/nuclei-templates/cve-less/plugins/instawp-connect-01cdcfbe9023d856c9c893d0a0c324ac.yaml new file mode 100644 index 0000000000..263a6b24a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instawp-connect-01cdcfbe9023d856c9c893d0a0c324ac.yaml @@ -0,0 +1,58 @@ +id: instawp-connect-01cdcfbe9023d856c9c893d0a0c324ac + +info: + name: > + InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.22 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6aead8d-c136-4952-ad03-86fe0f144dea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instawp-connect/" + google-query: inurl:"/wp-content/plugins/instawp-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instawp-connect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instawp-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instawp-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.0.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instawp-connect-124137503555ee97714094a30a8333d0.yaml b/nuclei-templates/cve-less/plugins/instawp-connect-124137503555ee97714094a30a8333d0.yaml new file mode 100644 index 0000000000..dbe4be6bd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instawp-connect-124137503555ee97714094a30a8333d0.yaml @@ -0,0 +1,58 @@ +id: instawp-connect-124137503555ee97714094a30a8333d0 + +info: + name: > + InstaWP Connect <= 0.1.0.9 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/578cf704-e84d-469f-bf26-e60268506a78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instawp-connect/" + google-query: inurl:"/wp-content/plugins/instawp-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instawp-connect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instawp-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instawp-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instawp-connect-18e3fa8b070375c158cc068ed4175205.yaml b/nuclei-templates/cve-less/plugins/instawp-connect-18e3fa8b070375c158cc068ed4175205.yaml new file mode 100644 index 0000000000..800b7f30fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instawp-connect-18e3fa8b070375c158cc068ed4175205.yaml @@ -0,0 +1,58 @@ +id: instawp-connect-18e3fa8b070375c158cc068ed4175205 + +info: + name: > + InstaWP Connect <= 0.1.0.8 - Missing Authorization to Arbitrary Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6aa4fd08-a1b1-4f61-a9d1-9812071b61c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instawp-connect/" + google-query: inurl:"/wp-content/plugins/instawp-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instawp-connect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instawp-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instawp-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instawp-connect-26e6b2b2c87cae333c1a6a8f12b3eb26.yaml b/nuclei-templates/cve-less/plugins/instawp-connect-26e6b2b2c87cae333c1a6a8f12b3eb26.yaml new file mode 100644 index 0000000000..99d98e9b88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instawp-connect-26e6b2b2c87cae333c1a6a8f12b3eb26.yaml @@ -0,0 +1,58 @@ +id: instawp-connect-26e6b2b2c87cae333c1a6a8f12b3eb26 + +info: + name: > + InstaWP Connect <= 0.1.0.24 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b2a10b6-e7dc-47c7-9f59-c4350d58b0d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instawp-connect/" + google-query: inurl:"/wp-content/plugins/instawp-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instawp-connect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instawp-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instawp-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.0.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instawp-connect-54fd19cb983e5e5bd13d627c9c0487ab.yaml b/nuclei-templates/cve-less/plugins/instawp-connect-54fd19cb983e5e5bd13d627c9c0487ab.yaml new file mode 100644 index 0000000000..aa7fdcdc1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instawp-connect-54fd19cb983e5e5bd13d627c9c0487ab.yaml @@ -0,0 +1,58 @@ +id: instawp-connect-54fd19cb983e5e5bd13d627c9c0487ab + +info: + name: > + InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48e7acf2-61d4-4762-8657-0701910ce69b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instawp-connect/" + google-query: inurl:"/wp-content/plugins/instawp-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instawp-connect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instawp-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instawp-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.9.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instawp-connect-6e954d80cfdd10ddfc11dcc5cbf99755.yaml b/nuclei-templates/cve-less/plugins/instawp-connect-6e954d80cfdd10ddfc11dcc5cbf99755.yaml new file mode 100644 index 0000000000..a7787f45ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instawp-connect-6e954d80cfdd10ddfc11dcc5cbf99755.yaml @@ -0,0 +1,58 @@ +id: instawp-connect-6e954d80cfdd10ddfc11dcc5cbf99755 + +info: + name: > + InstaWP Connect <= 0.1.0.9 - Missing Authorization to Sensitive Information Dislcosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a184384-9162-4509-957b-d97dd4089856?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instawp-connect/" + google-query: inurl:"/wp-content/plugins/instawp-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instawp-connect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instawp-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instawp-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/instawp-connect-bb8913e248b8c353b00d004e9ca5f930.yaml b/nuclei-templates/cve-less/plugins/instawp-connect-bb8913e248b8c353b00d004e9ca5f930.yaml new file mode 100644 index 0000000000..f8e61753c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/instawp-connect-bb8913e248b8c353b00d004e9ca5f930.yaml @@ -0,0 +1,58 @@ +id: instawp-connect-bb8913e248b8c353b00d004e9ca5f930 + +info: + name: > + InstaWP Connect <= 0.1.0.8 - Authenticated (Subscriber+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a681cef-649f-4342-beb6-914674bbf6d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/instawp-connect/" + google-query: inurl:"/wp-content/plugins/instawp-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,instawp-connect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/instawp-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "instawp-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/institutions-directory-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/cve-less/plugins/institutions-directory-c1fc6421a52e6ac7d9b0f476667cd29a.yaml new file mode 100644 index 0000000000..457b4b5124 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/institutions-directory-c1fc6421a52e6ac7d9b0f476667cd29a.yaml @@ -0,0 +1,58 @@ +id: institutions-directory-c1fc6421a52e6ac7d9b0f476667cd29a + +info: + name: > + Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/institutions-directory/" + google-query: inurl:"/wp-content/plugins/institutions-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,institutions-directory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/institutions-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "institutions-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integracao-rd-station-29636b68c2f3ab161e7a045474b91034.yaml b/nuclei-templates/cve-less/plugins/integracao-rd-station-29636b68c2f3ab161e7a045474b91034.yaml new file mode 100644 index 0000000000..e98e823637 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integracao-rd-station-29636b68c2f3ab161e7a045474b91034.yaml @@ -0,0 +1,58 @@ +id: integracao-rd-station-29636b68c2f3ab161e7a045474b91034 + +info: + name: > + RD Station <= 5.1.3 - Cross-Site Request Forgery to Plugin Log Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1465dbb6-1ec3-425f-9b7e-6dff6b120606?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integracao-rd-station/" + google-query: inurl:"/wp-content/plugins/integracao-rd-station/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integracao-rd-station,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integracao-rd-station/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integracao-rd-station" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integracao-rd-station-54337cab42839ec3b613ba98b54eca17.yaml b/nuclei-templates/cve-less/plugins/integracao-rd-station-54337cab42839ec3b613ba98b54eca17.yaml new file mode 100644 index 0000000000..2faa0862f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integracao-rd-station-54337cab42839ec3b613ba98b54eca17.yaml @@ -0,0 +1,58 @@ +id: integracao-rd-station-54337cab42839ec3b613ba98b54eca17 + +info: + name: > + RD Station <= 5.2.0 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dad288b3-e599-460d-9b99-3bce04489557?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integracao-rd-station/" + google-query: inurl:"/wp-content/plugins/integracao-rd-station/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integracao-rd-station,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integracao-rd-station/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integracao-rd-station" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integrar-getnet-con-woo-e39068416a4f471cfb854a8f2dd045d3.yaml b/nuclei-templates/cve-less/plugins/integrar-getnet-con-woo-e39068416a4f471cfb854a8f2dd045d3.yaml new file mode 100644 index 0000000000..5e03835876 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integrar-getnet-con-woo-e39068416a4f471cfb854a8f2dd045d3.yaml @@ -0,0 +1,58 @@ +id: integrar-getnet-con-woo-e39068416a4f471cfb854a8f2dd045d3 + +info: + name: > + Getnet Argentina para Woocommerce 0.0.1 - 0.0.4 - Authorization Bypass via webhook + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/245e9117-ca63-458e-a094-60a759f5ec19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integrar-getnet-con-woo/" + google-query: inurl:"/wp-content/plugins/integrar-getnet-con-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integrar-getnet-con-woo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integrar-getnet-con-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integrar-getnet-con-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.0.1', '<= 0.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integrate-google-drive-2143d39c6a447e17fa955c9d29e9190e.yaml b/nuclei-templates/cve-less/plugins/integrate-google-drive-2143d39c6a447e17fa955c9d29e9190e.yaml new file mode 100644 index 0000000000..4d799a4336 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integrate-google-drive-2143d39c6a447e17fa955c9d29e9190e.yaml @@ -0,0 +1,58 @@ +id: integrate-google-drive-2143d39c6a447e17fa955c9d29e9190e + +info: + name: > + Integrate Google Drive <= 1.3.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e926467-51f5-4fb4-a9d8-3cb72f212cd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integrate-google-drive/" + google-query: inurl:"/wp-content/plugins/integrate-google-drive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integrate-google-drive,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integrate-google-drive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integrate-google-drive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integrate-google-drive-38e83b9a6a4293b21b59d418e1822477.yaml b/nuclei-templates/cve-less/plugins/integrate-google-drive-38e83b9a6a4293b21b59d418e1822477.yaml new file mode 100644 index 0000000000..c3f9ae76cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integrate-google-drive-38e83b9a6a4293b21b59d418e1822477.yaml @@ -0,0 +1,58 @@ +id: integrate-google-drive-38e83b9a6a4293b21b59d418e1822477 + +info: + name: > + Integrate Google Drive <= 1.3.2 - Open Redirect via state + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bccceb2d-2087-4ee6-8118-eb3fb53654dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integrate-google-drive/" + google-query: inurl:"/wp-content/plugins/integrate-google-drive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integrate-google-drive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integrate-google-drive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integrate-google-drive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integrate-google-drive-adb3487b4c23d4db1d3efcc4576dd222.yaml b/nuclei-templates/cve-less/plugins/integrate-google-drive-adb3487b4c23d4db1d3efcc4576dd222.yaml new file mode 100644 index 0000000000..91d9a9c17d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integrate-google-drive-adb3487b4c23d4db1d3efcc4576dd222.yaml @@ -0,0 +1,58 @@ +id: integrate-google-drive-adb3487b4c23d4db1d3efcc4576dd222 + +info: + name: > + Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fe8b2c8-3bb1-463a-a64c-15d7bcc29985?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integrate-google-drive/" + google-query: inurl:"/wp-content/plugins/integrate-google-drive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integrate-google-drive,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integrate-google-drive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integrate-google-drive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.99') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integrate-google-drive-c380050a7e76482fb19d38cf49fcde28.yaml b/nuclei-templates/cve-less/plugins/integrate-google-drive-c380050a7e76482fb19d38cf49fcde28.yaml new file mode 100644 index 0000000000..b4b48d04d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integrate-google-drive-c380050a7e76482fb19d38cf49fcde28.yaml @@ -0,0 +1,58 @@ +id: integrate-google-drive-c380050a7e76482fb19d38cf49fcde28 + +info: + name: > + Integrate Google Drive <= 1.3.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44579fe8-4004-4608-b2fd-3531b14e6e69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integrate-google-drive/" + google-query: inurl:"/wp-content/plugins/integrate-google-drive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integrate-google-drive,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integrate-google-drive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integrate-google-drive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integrate-google-drive-cf6efc26f721b1dd6c09ef244ad0a9a5.yaml b/nuclei-templates/cve-less/plugins/integrate-google-drive-cf6efc26f721b1dd6c09ef244ad0a9a5.yaml new file mode 100644 index 0000000000..dc89ac3336 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integrate-google-drive-cf6efc26f721b1dd6c09ef244ad0a9a5.yaml @@ -0,0 +1,58 @@ +id: integrate-google-drive-cf6efc26f721b1dd6c09ef244ad0a9a5 + +info: + name: > + Integrate Google Drive <= 1.3.3 - Missing Authorization via save_settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4c8d390-145a-4926-99e9-b386dfe5e6ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integrate-google-drive/" + google-query: inurl:"/wp-content/plugins/integrate-google-drive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integrate-google-drive,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integrate-google-drive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integrate-google-drive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integrate-google-drive-d69e956d6cb0947d53013e6316065cae.yaml b/nuclei-templates/cve-less/plugins/integrate-google-drive-d69e956d6cb0947d53013e6316065cae.yaml new file mode 100644 index 0000000000..da1deb1af4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integrate-google-drive-d69e956d6cb0947d53013e6316065cae.yaml @@ -0,0 +1,58 @@ +id: integrate-google-drive-d69e956d6cb0947d53013e6316065cae + +info: + name: > + Integrate Google Drive <= 1.3.8 - Missing Authorization to Unauthenticated Settings Modification and Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a303c798-c206-426a-9a96-263c8c069bdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integrate-google-drive/" + google-query: inurl:"/wp-content/plugins/integrate-google-drive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integrate-google-drive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integrate-google-drive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integrate-google-drive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integrate-google-drive-ff1168e2daec3177aba99d51eda07164.yaml b/nuclei-templates/cve-less/plugins/integrate-google-drive-ff1168e2daec3177aba99d51eda07164.yaml new file mode 100644 index 0000000000..06e7d3d7b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integrate-google-drive-ff1168e2daec3177aba99d51eda07164.yaml @@ -0,0 +1,58 @@ +id: integrate-google-drive-ff1168e2daec3177aba99d51eda07164 + +info: + name: > + Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39c53cd7-3ea3-4971-be51-9544ca9d488f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integrate-google-drive/" + google-query: inurl:"/wp-content/plugins/integrate-google-drive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integrate-google-drive,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integrate-google-drive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integrate-google-drive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integration-dynamics-0bafef3453580e19c740978e87d842b6.yaml b/nuclei-templates/cve-less/plugins/integration-dynamics-0bafef3453580e19c740978e87d842b6.yaml new file mode 100644 index 0000000000..757aea5aff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integration-dynamics-0bafef3453580e19c740978e87d842b6.yaml @@ -0,0 +1,58 @@ +id: integration-dynamics-0bafef3453580e19c740978e87d842b6 + +info: + name: > + Dynamics 365 Integration <= 1.3.13 - Missing Authorization via init + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01cc3955-ef2f-4e2b-8dc6-b26f5a3d2f89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integration-dynamics/" + google-query: inurl:"/wp-content/plugins/integration-dynamics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integration-dynamics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integration-dynamics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integration-dynamics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integration-dynamics-9d49312a2bc1a33dff873907673334c5.yaml b/nuclei-templates/cve-less/plugins/integration-dynamics-9d49312a2bc1a33dff873907673334c5.yaml new file mode 100644 index 0000000000..2e25639fe0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integration-dynamics-9d49312a2bc1a33dff873907673334c5.yaml @@ -0,0 +1,58 @@ +id: integration-dynamics-9d49312a2bc1a33dff873907673334c5 + +info: + name: > + Dynamics 365 Integration <= 1.3.12 - Missing Authorization via wp_ajax_wpcrm_log & wp_ajax_wpcrm_log_verbosity + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1671e437-09f0-46bc-87ef-3a5712c3dc98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integration-dynamics/" + google-query: inurl:"/wp-content/plugins/integration-dynamics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integration-dynamics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integration-dynamics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integration-dynamics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integration-for-billingo-gravity-forms-ed2236ee570598966dd60e4e75f31def.yaml b/nuclei-templates/cve-less/plugins/integration-for-billingo-gravity-forms-ed2236ee570598966dd60e4e75f31def.yaml new file mode 100644 index 0000000000..0b50fb2fcb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integration-for-billingo-gravity-forms-ed2236ee570598966dd60e4e75f31def.yaml @@ -0,0 +1,58 @@ +id: integration-for-billingo-gravity-forms-ed2236ee570598966dd60e4e75f31def + +info: + name: > + Multiple Plugins from Viszt Peter - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f70a2a58-d9b8-456d-ae4f-9c60b3d6b8a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integration-for-billingo-gravity-forms/" + google-query: inurl:"/wp-content/plugins/integration-for-billingo-gravity-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integration-for-billingo-gravity-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integration-for-billingo-gravity-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integration-for-billingo-gravity-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integration-for-szamlazz-hu-gravity-forms-ed2236ee570598966dd60e4e75f31def.yaml b/nuclei-templates/cve-less/plugins/integration-for-szamlazz-hu-gravity-forms-ed2236ee570598966dd60e4e75f31def.yaml new file mode 100644 index 0000000000..7cf7a2a7bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integration-for-szamlazz-hu-gravity-forms-ed2236ee570598966dd60e4e75f31def.yaml @@ -0,0 +1,58 @@ +id: integration-for-szamlazz-hu-gravity-forms-ed2236ee570598966dd60e4e75f31def + +info: + name: > + Multiple Plugins from Viszt Peter - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f70a2a58-d9b8-456d-ae4f-9c60b3d6b8a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integration-for-szamlazz-hu-gravity-forms/" + google-query: inurl:"/wp-content/plugins/integration-for-szamlazz-hu-gravity-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integration-for-szamlazz-hu-gravity-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integration-for-szamlazz-hu-gravity-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integration-for-szamlazz-hu-gravity-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/integration-for-szamlazzhu-woocommerce-f7bbd778de1c9c53d31f5ab55d2c4192.yaml b/nuclei-templates/cve-less/plugins/integration-for-szamlazzhu-woocommerce-f7bbd778de1c9c53d31f5ab55d2c4192.yaml new file mode 100644 index 0000000000..258aa2a7aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/integration-for-szamlazzhu-woocommerce-f7bbd778de1c9c53d31f5ab55d2c4192.yaml @@ -0,0 +1,58 @@ +id: integration-for-szamlazzhu-woocommerce-f7bbd778de1c9c53d31f5ab55d2c4192 + +info: + name: > + Integration for Szamlazz.hu & WooCommerce <= 5.6.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5eafb620-f5dd-4e60-b9a6-859832ae706c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/integration-for-szamlazzhu-woocommerce/" + google-query: inurl:"/wp-content/plugins/integration-for-szamlazzhu-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,integration-for-szamlazzhu-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/integration-for-szamlazzhu-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "integration-for-szamlazzhu-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/intelly-related-posts-8c51431cbfaf267d31cca7fde89367e4.yaml b/nuclei-templates/cve-less/plugins/intelly-related-posts-8c51431cbfaf267d31cca7fde89367e4.yaml new file mode 100644 index 0000000000..c80d21ee59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/intelly-related-posts-8c51431cbfaf267d31cca7fde89367e4.yaml @@ -0,0 +1,58 @@ +id: intelly-related-posts-8c51431cbfaf267d31cca7fde89367e4 + +info: + name: > + Inline Related Posts <= 3.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c17ef8db-98ea-47b0-8d7f-b2b3f01bf6ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/intelly-related-posts/" + google-query: inurl:"/wp-content/plugins/intelly-related-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,intelly-related-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/intelly-related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "intelly-related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/intelly-related-posts-b76f091c58ac292a18fb46e2a8af44ec.yaml b/nuclei-templates/cve-less/plugins/intelly-related-posts-b76f091c58ac292a18fb46e2a8af44ec.yaml new file mode 100644 index 0000000000..16532bd9de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/intelly-related-posts-b76f091c58ac292a18fb46e2a8af44ec.yaml @@ -0,0 +1,58 @@ +id: intelly-related-posts-b76f091c58ac292a18fb46e2a8af44ec + +info: + name: > + Inline Related Posts <= 3.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1dc1a20a-6e7e-4f5c-b0a0-cc79d6e4b0c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/intelly-related-posts/" + google-query: inurl:"/wp-content/plugins/intelly-related-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,intelly-related-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/intelly-related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "intelly-related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/intelly-related-posts-defb0310eaae752bbe598525a0823968.yaml b/nuclei-templates/cve-less/plugins/intelly-related-posts-defb0310eaae752bbe598525a0823968.yaml new file mode 100644 index 0000000000..acdc11f268 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/intelly-related-posts-defb0310eaae752bbe598525a0823968.yaml @@ -0,0 +1,58 @@ +id: intelly-related-posts-defb0310eaae752bbe598525a0823968 + +info: + name: > + Inline Related Posts <= 3.5.0 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9318d57-499b-4804-8f83-1e4a68c5790f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/intelly-related-posts/" + google-query: inurl:"/wp-content/plugins/intelly-related-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,intelly-related-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/intelly-related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "intelly-related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interact-quiz-embed-8e5650d777bfcceefcb0d09b97742288.yaml b/nuclei-templates/cve-less/plugins/interact-quiz-embed-8e5650d777bfcceefcb0d09b97742288.yaml new file mode 100644 index 0000000000..6a32f9a2d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interact-quiz-embed-8e5650d777bfcceefcb0d09b97742288.yaml @@ -0,0 +1,58 @@ +id: interact-quiz-embed-8e5650d777bfcceefcb0d09b97742288 + +info: + name: > + Interact: Embed A Quiz On Your Site <= 3.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69ba1a39-ddb0-4661-8104-d8bb71710e0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interact-quiz-embed/" + google-query: inurl:"/wp-content/plugins/interact-quiz-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interact-quiz-embed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interact-quiz-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interact-quiz-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-62c7b160f34bc3f3dc184557c1c06a9e.yaml b/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-62c7b160f34bc3f3dc184557c1c06a9e.yaml new file mode 100644 index 0000000000..5ca3a7d780 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-62c7b160f34bc3f3dc184557c1c06a9e.yaml @@ -0,0 +1,58 @@ +id: interactive-3d-flipbook-powered-physics-engine-62c7b160f34bc3f3dc184557c1c06a9e + +info: + name: > + 3D FlipBook <= 1.15.4 - Authenticated (Author+) Stored Cross-Site Scritping via Bookmark URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/016462cf-abe9-4c90-abd2-b5bb69348d7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/" + google-query: inurl:"/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-3d-flipbook-powered-physics-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-6daeff7e508f05aeef343934c15a7178.yaml b/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-6daeff7e508f05aeef343934c15a7178.yaml new file mode 100644 index 0000000000..ae270a5907 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-6daeff7e508f05aeef343934c15a7178.yaml @@ -0,0 +1,58 @@ +id: interactive-3d-flipbook-powered-physics-engine-6daeff7e508f05aeef343934c15a7178 + +info: + name: > + 3D FlipBook <= 1.12.0 - Subscriber+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15d66a77-d650-4209-9ad4-b2e157cd123a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/" + google-query: inurl:"/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-3d-flipbook-powered-physics-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-d37560ff6c6a3603574d27509821e565.yaml b/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-d37560ff6c6a3603574d27509821e565.yaml new file mode 100644 index 0000000000..989cec6f96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-d37560ff6c6a3603574d27509821e565.yaml @@ -0,0 +1,58 @@ +id: interactive-3d-flipbook-powered-physics-engine-d37560ff6c6a3603574d27509821e565 + +info: + name: > + 3D Flipbook <= 1.15.2 - Authenticated (Contributor+) Cross-Site Scripting via Ready Function + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/500fd8aa-9ad1-41ee-bbeb-cda9c80c4fcb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/" + google-query: inurl:"/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-3d-flipbook-powered-physics-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-d875c7330364cd8c2a286deccf313956.yaml b/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-d875c7330364cd8c2a286deccf313956.yaml new file mode 100644 index 0000000000..9a15e2f17f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-d875c7330364cd8c2a286deccf313956.yaml @@ -0,0 +1,58 @@ +id: interactive-3d-flipbook-powered-physics-engine-d875c7330364cd8c2a286deccf313956 + +info: + name: > + 3D FlipBook <= 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4d11477-8a9a-42a0-aafd-5ef10ca5a349?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/" + google-query: inurl:"/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-3d-flipbook-powered-physics-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-f9ee3cd75d7f36da24c7816038266548.yaml b/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-f9ee3cd75d7f36da24c7816038266548.yaml new file mode 100644 index 0000000000..79ec8b13c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-3d-flipbook-powered-physics-engine-f9ee3cd75d7f36da24c7816038266548.yaml @@ -0,0 +1,58 @@ +id: interactive-3d-flipbook-powered-physics-engine-f9ee3cd75d7f36da24c7816038266548 + +info: + name: > + 3D FlipBook – PDF Flipbook WordPress <= 1.15.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Bookmarks + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/807eadff-b39e-4d7a-9b0a-06fc18a90626?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/" + google-query: inurl:"/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-3d-flipbook-powered-physics-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-3d-flipbook-powered-physics-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-3d-flipbook-powered-physics-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-geo-maps-18a9792159e3a4315eefb0545c165734.yaml b/nuclei-templates/cve-less/plugins/interactive-geo-maps-18a9792159e3a4315eefb0545c165734.yaml new file mode 100644 index 0000000000..442b38c7d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-geo-maps-18a9792159e3a4315eefb0545c165734.yaml @@ -0,0 +1,58 @@ +id: interactive-geo-maps-18a9792159e3a4315eefb0545c165734 + +info: + name: > + Interactive Geo Maps <= 1.5.9 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95ce515a-377c-49b4-8d1b-7ac22769c759?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-geo-maps/" + google-query: inurl:"/wp-content/plugins/interactive-geo-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-geo-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-geo-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-geo-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-geo-maps-6b38cc619c1f1d13c6fce974aa8b5a90.yaml b/nuclei-templates/cve-less/plugins/interactive-geo-maps-6b38cc619c1f1d13c6fce974aa8b5a90.yaml new file mode 100644 index 0000000000..0320ccc5ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-geo-maps-6b38cc619c1f1d13c6fce974aa8b5a90.yaml @@ -0,0 +1,58 @@ +id: interactive-geo-maps-6b38cc619c1f1d13c6fce974aa8b5a90 + +info: + name: > + Interactive Geo Maps <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d667556-4cab-4f92-aa43-75e7722b3af6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-geo-maps/" + google-query: inurl:"/wp-content/plugins/interactive-geo-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-geo-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-geo-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-geo-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-image-map-builder-d58b2eb7209b77e10a0a7be6a3ad7570.yaml b/nuclei-templates/cve-less/plugins/interactive-image-map-builder-d58b2eb7209b77e10a0a7be6a3ad7570.yaml new file mode 100644 index 0000000000..cf8984ff54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-image-map-builder-d58b2eb7209b77e10a0a7be6a3ad7570.yaml @@ -0,0 +1,58 @@ +id: interactive-image-map-builder-d58b2eb7209b77e10a0a7be6a3ad7570 + +info: + name: > + Interactive SVG Image Map Builder <= 1.0 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12d84de4-d97e-40cc-9805-fc9b7de8fa21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-image-map-builder/" + google-query: inurl:"/wp-content/plugins/interactive-image-map-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-image-map-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-image-map-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-image-map-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-medical-drawing-of-human-body-205de06070622aab10eb1bdf566b37c2.yaml b/nuclei-templates/cve-less/plugins/interactive-medical-drawing-of-human-body-205de06070622aab10eb1bdf566b37c2.yaml new file mode 100644 index 0000000000..434435592a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-medical-drawing-of-human-body-205de06070622aab10eb1bdf566b37c2.yaml @@ -0,0 +1,58 @@ +id: interactive-medical-drawing-of-human-body-205de06070622aab10eb1bdf566b37c2 + +info: + name: > + Interactive Medical Drawing of Human Body < 2.4 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a37a0e5-2db5-49fb-8b00-1b820192f1af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-medical-drawing-of-human-body/" + google-query: inurl:"/wp-content/plugins/interactive-medical-drawing-of-human-body/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-medical-drawing-of-human-body,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-medical-drawing-of-human-body/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-medical-drawing-of-human-body" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-polish-map-a73b50da5126e009aa2afaa408141c1f.yaml b/nuclei-templates/cve-less/plugins/interactive-polish-map-a73b50da5126e009aa2afaa408141c1f.yaml new file mode 100644 index 0000000000..5e29710793 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-polish-map-a73b50da5126e009aa2afaa408141c1f.yaml @@ -0,0 +1,58 @@ +id: interactive-polish-map-a73b50da5126e009aa2afaa408141c1f + +info: + name: > + Interactive Polish Map <= 1.2 - Authenticated (Admi+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f728cc5e-7330-4dda-b5f7-55c33def6f02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-polish-map/" + google-query: inurl:"/wp-content/plugins/interactive-polish-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-polish-map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-polish-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-polish-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-world-map-24f9c4426e1ded4bbcd77cb8ae480628.yaml b/nuclei-templates/cve-less/plugins/interactive-world-map-24f9c4426e1ded4bbcd77cb8ae480628.yaml new file mode 100644 index 0000000000..c035339c18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-world-map-24f9c4426e1ded4bbcd77cb8ae480628.yaml @@ -0,0 +1,58 @@ +id: interactive-world-map-24f9c4426e1ded4bbcd77cb8ae480628 + +info: + name: > + Interactive World Map <= 3.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b559a48-3c8b-4f8a-9627-c4f838d20af3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-world-map/" + google-query: inurl:"/wp-content/plugins/interactive-world-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-world-map,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-world-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-world-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-world-map-63308829f599612b4399930582e4c79a.yaml b/nuclei-templates/cve-less/plugins/interactive-world-map-63308829f599612b4399930582e4c79a.yaml new file mode 100644 index 0000000000..c11dbf08ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-world-map-63308829f599612b4399930582e4c79a.yaml @@ -0,0 +1,58 @@ +id: interactive-world-map-63308829f599612b4399930582e4c79a + +info: + name: > + Interactive World Map <= 3.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09b0bfd3-93a7-4f13-828d-772f54085a60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-world-map/" + google-query: inurl:"/wp-content/plugins/interactive-world-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-world-map,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-world-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-world-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/interactive-world-maps-e458b043b3a8331f4ddf5924d17ccf2e.yaml b/nuclei-templates/cve-less/plugins/interactive-world-maps-e458b043b3a8331f4ddf5924d17ccf2e.yaml new file mode 100644 index 0000000000..bd844d3ed9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/interactive-world-maps-e458b043b3a8331f4ddf5924d17ccf2e.yaml @@ -0,0 +1,58 @@ +id: interactive-world-maps-e458b043b3a8331f4ddf5924d17ccf2e + +info: + name: > + Interactive World Maps <= 2.4.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9295b82-27c1-4f35-b40c-1ac40ebe5d5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/interactive-world-maps/" + google-query: inurl:"/wp-content/plugins/interactive-world-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,interactive-world-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/interactive-world-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "interactive-world-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/intergeo-maps-51944a4f6212afc8f585f1bcea51f2d6.yaml b/nuclei-templates/cve-less/plugins/intergeo-maps-51944a4f6212afc8f585f1bcea51f2d6.yaml new file mode 100644 index 0000000000..a82c65c19e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/intergeo-maps-51944a4f6212afc8f585f1bcea51f2d6.yaml @@ -0,0 +1,58 @@ +id: intergeo-maps-51944a4f6212afc8f585f1bcea51f2d6 + +info: + name: > + Google Maps Plugin by Intergeo <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb6d11ad-0983-4a4b-b52b-824eae8b8e3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/intergeo-maps/" + google-query: inurl:"/wp-content/plugins/intergeo-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,intergeo-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/intergeo-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "intergeo-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/internal-link-building-plugin-5f27ace6d76e064e4061fdf808767b2d.yaml b/nuclei-templates/cve-less/plugins/internal-link-building-plugin-5f27ace6d76e064e4061fdf808767b2d.yaml new file mode 100644 index 0000000000..7008fd9c18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/internal-link-building-plugin-5f27ace6d76e064e4061fdf808767b2d.yaml @@ -0,0 +1,58 @@ +id: internal-link-building-plugin-5f27ace6d76e064e4061fdf808767b2d + +info: + name: > + Internal Link Building <= 1.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd300737-dda4-4ed3-b21f-0407a5e32a05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/internal-link-building-plugin/" + google-query: inurl:"/wp-content/plugins/internal-link-building-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,internal-link-building-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/internal-link-building-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "internal-link-building-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/internal-link-building-plugin-b83d0241d6f20c42a973f309878a9cc2.yaml b/nuclei-templates/cve-less/plugins/internal-link-building-plugin-b83d0241d6f20c42a973f309878a9cc2.yaml new file mode 100644 index 0000000000..bf69ce1a53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/internal-link-building-plugin-b83d0241d6f20c42a973f309878a9cc2.yaml @@ -0,0 +1,58 @@ +id: internal-link-building-plugin-b83d0241d6f20c42a973f309878a9cc2 + +info: + name: > + Internal Link Building <= 1.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78ce6a2a-aa28-4ae9-a2e7-ca3861a9677f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/internal-link-building-plugin/" + google-query: inurl:"/wp-content/plugins/internal-link-building-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,internal-link-building-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/internal-link-building-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "internal-link-building-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/internal-links-75603149f92181c053a67aa413d7458b.yaml b/nuclei-templates/cve-less/plugins/internal-links-75603149f92181c053a67aa413d7458b.yaml new file mode 100644 index 0000000000..010d3f40a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/internal-links-75603149f92181c053a67aa413d7458b.yaml @@ -0,0 +1,58 @@ +id: internal-links-75603149f92181c053a67aa413d7458b + +info: + name: > + Internal Link Juicer <= 2.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41d39fe4-b114-4612-92f6-75d6597610f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/internal-links/" + google-query: inurl:"/wp-content/plugins/internal-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,internal-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/internal-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "internal-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.23.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-18457ce0add8e02185ec82dfe3cc1c14.yaml b/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-18457ce0add8e02185ec82dfe3cc1c14.yaml new file mode 100644 index 0000000000..662d648533 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-18457ce0add8e02185ec82dfe3cc1c14.yaml @@ -0,0 +1,58 @@ +id: intuitive-custom-post-order-18457ce0add8e02185ec82dfe3cc1c14 + +info: + name: > + Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc878508-200d-4bc7-aa99-c34e63cba4b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/intuitive-custom-post-order/" + google-query: inurl:"/wp-content/plugins/intuitive-custom-post-order/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,intuitive-custom-post-order,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/intuitive-custom-post-order/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "intuitive-custom-post-order" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-65d0be98fb7fe486ad93703d74260aa6.yaml b/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-65d0be98fb7fe486ad93703d74260aa6.yaml new file mode 100644 index 0000000000..faa5899c78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-65d0be98fb7fe486ad93703d74260aa6.yaml @@ -0,0 +1,58 @@ +id: intuitive-custom-post-order-65d0be98fb7fe486ad93703d74260aa6 + +info: + name: > + Intuitive Custom Post Order <= 3.1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2d4c7ff-ecd3-4cfb-9466-08f3e6c4bd48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/intuitive-custom-post-order/" + google-query: inurl:"/wp-content/plugins/intuitive-custom-post-order/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,intuitive-custom-post-order,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/intuitive-custom-post-order/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "intuitive-custom-post-order" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-7737e8caafd57ae5760281e5e46a68d7.yaml b/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-7737e8caafd57ae5760281e5e46a68d7.yaml new file mode 100644 index 0000000000..fb1a86e3ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/intuitive-custom-post-order-7737e8caafd57ae5760281e5e46a68d7.yaml @@ -0,0 +1,58 @@ +id: intuitive-custom-post-order-7737e8caafd57ae5760281e5e46a68d7 + +info: + name: > + Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/948b9d68-8b31-42a0-bdc5-4a8e4e969ca9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/intuitive-custom-post-order/" + google-query: inurl:"/wp-content/plugins/intuitive-custom-post-order/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,intuitive-custom-post-order,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/intuitive-custom-post-order/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "intuitive-custom-post-order" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/inventorypress-6001aefe4ed5d867371bbaa565b1d288.yaml b/nuclei-templates/cve-less/plugins/inventorypress-6001aefe4ed5d867371bbaa565b1d288.yaml new file mode 100644 index 0000000000..2813e2fd7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/inventorypress-6001aefe4ed5d867371bbaa565b1d288.yaml @@ -0,0 +1,58 @@ +id: inventorypress-6001aefe4ed5d867371bbaa565b1d288 + +info: + name: > + InventoryPress <= 1.7 - Authenticated(Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83603d33-b616-4332-aa05-b8ac61424614?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/inventorypress/" + google-query: inurl:"/wp-content/plugins/inventorypress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,inventorypress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/inventorypress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "inventorypress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/invitation-based-registrations-d4a44b7e5865ae371b4706ab716f5f69.yaml b/nuclei-templates/cve-less/plugins/invitation-based-registrations-d4a44b7e5865ae371b4706ab716f5f69.yaml new file mode 100644 index 0000000000..f5af945ab5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/invitation-based-registrations-d4a44b7e5865ae371b4706ab716f5f69.yaml @@ -0,0 +1,58 @@ +id: invitation-based-registrations-d4a44b7e5865ae371b4706ab716f5f69 + +info: + name: > + Invitation Based Registrations <= 2.2.84 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27277b3d-b4f9-4d0c-a213-988a9b8fcd34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/invitation-based-registrations/" + google-query: inurl:"/wp-content/plugins/invitation-based-registrations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,invitation-based-registrations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/invitation-based-registrations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "invitation-based-registrations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.84') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/invitation-code-content-access-7dabd50801a5dc21167037bc053f6e5e.yaml b/nuclei-templates/cve-less/plugins/invitation-code-content-access-7dabd50801a5dc21167037bc053f6e5e.yaml new file mode 100644 index 0000000000..1fc2e21be7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/invitation-code-content-access-7dabd50801a5dc21167037bc053f6e5e.yaml @@ -0,0 +1,58 @@ +id: invitation-code-content-access-7dabd50801a5dc21167037bc053f6e5e + +info: + name: > + Invitation Code Content Restriction Plugin from CreativeMinds <= 1.5.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3d0f705-2458-4cc6-8730-997314084f24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/invitation-code-content-access/" + google-query: inurl:"/wp-content/plugins/invitation-code-content-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,invitation-code-content-access,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/invitation-code-content-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "invitation-code-content-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/invite-anyone-378de5a4c8a761e6f865e9b293282366.yaml b/nuclei-templates/cve-less/plugins/invite-anyone-378de5a4c8a761e6f865e9b293282366.yaml new file mode 100644 index 0000000000..7441b89503 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/invite-anyone-378de5a4c8a761e6f865e9b293282366.yaml @@ -0,0 +1,58 @@ +id: invite-anyone-378de5a4c8a761e6f865e9b293282366 + +info: + name: > + Invite Anyone < 1.3.16 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/101edd24-3f9e-4055-8547-9cd7e2b626b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/invite-anyone/" + google-query: inurl:"/wp-content/plugins/invite-anyone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,invite-anyone,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/invite-anyone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "invite-anyone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/invite-anyone-93d72496faa88a41ccc6451bd803706b.yaml b/nuclei-templates/cve-less/plugins/invite-anyone-93d72496faa88a41ccc6451bd803706b.yaml new file mode 100644 index 0000000000..a83dbd458c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/invite-anyone-93d72496faa88a41ccc6451bd803706b.yaml @@ -0,0 +1,58 @@ +id: invite-anyone-93d72496faa88a41ccc6451bd803706b + +info: + name: > + Invite Anyone <= 1.3.14 - Change of Email Invitation Content + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80388709-77ee-4f18-9da2-b99f562a20cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/invite-anyone/" + google-query: inurl:"/wp-content/plugins/invite-anyone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,invite-anyone,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/invite-anyone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "invite-anyone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/invite-anyone-b2bde61925d9704f5bb5670b30295470.yaml b/nuclei-templates/cve-less/plugins/invite-anyone-b2bde61925d9704f5bb5670b30295470.yaml new file mode 100644 index 0000000000..d74604ffdb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/invite-anyone-b2bde61925d9704f5bb5670b30295470.yaml @@ -0,0 +1,58 @@ +id: invite-anyone-b2bde61925d9704f5bb5670b30295470 + +info: + name: > + Invite Anyone <= 1.3.15 - Improper Input Validation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a4559f8-bd13-4a38-91c2-8569a9967700?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/invite-anyone/" + google-query: inurl:"/wp-content/plugins/invite-anyone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,invite-anyone,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/invite-anyone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "invite-anyone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/invite-anyone-b6ce0f1beb89a33f3441e294aa1dd412.yaml b/nuclei-templates/cve-less/plugins/invite-anyone-b6ce0f1beb89a33f3441e294aa1dd412.yaml new file mode 100644 index 0000000000..2abed479a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/invite-anyone-b6ce0f1beb89a33f3441e294aa1dd412.yaml @@ -0,0 +1,58 @@ +id: invite-anyone-b6ce0f1beb89a33f3441e294aa1dd412 + +info: + name: > + Invite Anyone < 1.3.16 - Email Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e95ecb22-7946-4830-95a4-f145f0f99d68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/invite-anyone/" + google-query: inurl:"/wp-content/plugins/invite-anyone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,invite-anyone,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/invite-anyone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "invite-anyone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/invoicing-7c4b664dcbab81960496a17b3a66e44c.yaml b/nuclei-templates/cve-less/plugins/invoicing-7c4b664dcbab81960496a17b3a66e44c.yaml new file mode 100644 index 0000000000..5e78dc54be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/invoicing-7c4b664dcbab81960496a17b3a66e44c.yaml @@ -0,0 +1,58 @@ +id: invoicing-7c4b664dcbab81960496a17b3a66e44c + +info: + name: > + WordPress Payments Plugin | GetPaid <= 2.3.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c62860e2-8c89-4f1c-a7d8-ef13f545ad52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/invoicing/" + google-query: inurl:"/wp-content/plugins/invoicing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,invoicing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/invoicing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "invoicing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip-address-blocker-140887b5bfa7dc561500c7685b1acab8.yaml b/nuclei-templates/cve-less/plugins/ip-address-blocker-140887b5bfa7dc561500c7685b1acab8.yaml new file mode 100644 index 0000000000..126359812d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip-address-blocker-140887b5bfa7dc561500c7685b1acab8.yaml @@ -0,0 +1,58 @@ +id: ip-address-blocker-140887b5bfa7dc561500c7685b1acab8 + +info: + name: > + IP Blocker Lite <= 11.1.1 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2598795e-ea66-4c73-8fcb-6a832f65de52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip-address-blocker/" + google-query: inurl:"/wp-content/plugins/ip-address-blocker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip-address-blocker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip-address-blocker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip-address-blocker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip-address-blocker-772e15bdf31248d6b001fc7f14d684f0.yaml b/nuclei-templates/cve-less/plugins/ip-address-blocker-772e15bdf31248d6b001fc7f14d684f0.yaml new file mode 100644 index 0000000000..91de92b260 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip-address-blocker-772e15bdf31248d6b001fc7f14d684f0.yaml @@ -0,0 +1,58 @@ +id: ip-address-blocker-772e15bdf31248d6b001fc7f14d684f0 + +info: + name: > + IP Blocker Lite <= 11.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45d3f82b-9e19-4678-8995-7fe265606fd2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip-address-blocker/" + google-query: inurl:"/wp-content/plugins/ip-address-blocker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip-address-blocker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip-address-blocker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip-address-blocker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip-blacklist-cloud-6f9e9fe1fa78bdc8c8c67cbc00f8001f.yaml b/nuclei-templates/cve-less/plugins/ip-blacklist-cloud-6f9e9fe1fa78bdc8c8c67cbc00f8001f.yaml new file mode 100644 index 0000000000..b736aa5ff0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip-blacklist-cloud-6f9e9fe1fa78bdc8c8c67cbc00f8001f.yaml @@ -0,0 +1,58 @@ +id: ip-blacklist-cloud-6f9e9fe1fa78bdc8c8c67cbc00f8001f + +info: + name: > + IP Blacklist Cloud <= 3.42 - Authenticated (Admin+) Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3336f7-ee20-4f1c-92b4-f1c77aac91f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip-blacklist-cloud/" + google-query: inurl:"/wp-content/plugins/ip-blacklist-cloud/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip-blacklist-cloud,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip-blacklist-cloud/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip-blacklist-cloud" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip-blacklist-cloud-aea3cbfb921c1d1330c879b8f85a35d1.yaml b/nuclei-templates/cve-less/plugins/ip-blacklist-cloud-aea3cbfb921c1d1330c879b8f85a35d1.yaml new file mode 100644 index 0000000000..7702cb3514 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip-blacklist-cloud-aea3cbfb921c1d1330c879b8f85a35d1.yaml @@ -0,0 +1,58 @@ +id: ip-blacklist-cloud-aea3cbfb921c1d1330c879b8f85a35d1 + +info: + name: > + IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24eb524c-1705-43a5-8041-4549ebb49155?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip-blacklist-cloud/" + google-query: inurl:"/wp-content/plugins/ip-blacklist-cloud/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip-blacklist-cloud,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip-blacklist-cloud/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip-blacklist-cloud" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.00') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip-blacklist-cloud-fbcd8cab0390c5423cc4977a1f1be996.yaml b/nuclei-templates/cve-less/plugins/ip-blacklist-cloud-fbcd8cab0390c5423cc4977a1f1be996.yaml new file mode 100644 index 0000000000..de54334b7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip-blacklist-cloud-fbcd8cab0390c5423cc4977a1f1be996.yaml @@ -0,0 +1,58 @@ +id: ip-blacklist-cloud-fbcd8cab0390c5423cc4977a1f1be996 + +info: + name: > + IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01ba4259-e76a-4876-b910-fd2688680739?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip-blacklist-cloud/" + google-query: inurl:"/wp-content/plugins/ip-blacklist-cloud/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip-blacklist-cloud,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip-blacklist-cloud/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip-blacklist-cloud" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.00') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip-metaboxes-88404ad5e8128c3699e3c229a21a2eba.yaml b/nuclei-templates/cve-less/plugins/ip-metaboxes-88404ad5e8128c3699e3c229a21a2eba.yaml new file mode 100644 index 0000000000..64d064a964 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip-metaboxes-88404ad5e8128c3699e3c229a21a2eba.yaml @@ -0,0 +1,58 @@ +id: ip-metaboxes-88404ad5e8128c3699e3c229a21a2eba + +info: + name: > + IP Metaboxes <= 2.1.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9163861b-735b-4007-97f7-8f9095d93ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip-metaboxes/" + google-query: inurl:"/wp-content/plugins/ip-metaboxes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip-metaboxes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip-metaboxes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip-metaboxes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip-metaboxes-c712eff3f3bb4a9cd97ce6c7063fd4f6.yaml b/nuclei-templates/cve-less/plugins/ip-metaboxes-c712eff3f3bb4a9cd97ce6c7063fd4f6.yaml new file mode 100644 index 0000000000..1ab8c1320d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip-metaboxes-c712eff3f3bb4a9cd97ce6c7063fd4f6.yaml @@ -0,0 +1,58 @@ +id: ip-metaboxes-c712eff3f3bb4a9cd97ce6c7063fd4f6 + +info: + name: > + IP Metaboxes <= 2.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f611d609-97c5-4b77-9657-c8d9d10e786a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip-metaboxes/" + google-query: inurl:"/wp-content/plugins/ip-metaboxes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip-metaboxes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip-metaboxes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip-metaboxes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip-vault-wp-firewall-80529a3b54852ed1b40d1078928149a9.yaml b/nuclei-templates/cve-less/plugins/ip-vault-wp-firewall-80529a3b54852ed1b40d1078928149a9.yaml new file mode 100644 index 0000000000..cec86360a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip-vault-wp-firewall-80529a3b54852ed1b40d1078928149a9.yaml @@ -0,0 +1,58 @@ +id: ip-vault-wp-firewall-80529a3b54852ed1b40d1078928149a9 + +info: + name: > + IP Vault – WP Firewall <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07b075a6-2339-4562-a096-0a46b58f1e9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip-vault-wp-firewall/" + google-query: inurl:"/wp-content/plugins/ip-vault-wp-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip-vault-wp-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip-vault-wp-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip-vault-wp-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip2location-country-blocker-0c5a993c7be9746c745f0f9869cf8fb4.yaml b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-0c5a993c7be9746c745f0f9869cf8fb4.yaml new file mode 100644 index 0000000000..2893b89014 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-0c5a993c7be9746c745f0f9869cf8fb4.yaml @@ -0,0 +1,58 @@ +id: ip2location-country-blocker-0c5a993c7be9746c745f0f9869cf8fb4 + +info: + name: > + IP2Location Country Blocker <= 2.33.3 - Unauthenticated Sensitive Information Exposure via Debug Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e4aee28-d0cc-4705-9be6-fe5299f2e0fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip2location-country-blocker/" + google-query: inurl:"/wp-content/plugins/ip2location-country-blocker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip2location-country-blocker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip2location-country-blocker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip2location-country-blocker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.33.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip2location-country-blocker-28eb2dd9b394a6991989e0316614fa07.yaml b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-28eb2dd9b394a6991989e0316614fa07.yaml new file mode 100644 index 0000000000..c433132455 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-28eb2dd9b394a6991989e0316614fa07.yaml @@ -0,0 +1,58 @@ +id: ip2location-country-blocker-28eb2dd9b394a6991989e0316614fa07 + +info: + name: > + IP2Location Country Blocker <= 2.26.5 - Arbitrary Country Ban via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1532e12-b786-4b87-ae19-951297c47a6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip2location-country-blocker/" + google-query: inurl:"/wp-content/plugins/ip2location-country-blocker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip2location-country-blocker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip2location-country-blocker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip2location-country-blocker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.26.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip2location-country-blocker-2ac275b541904e5481df890267e095ba.yaml b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-2ac275b541904e5481df890267e095ba.yaml new file mode 100644 index 0000000000..00a62c7816 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-2ac275b541904e5481df890267e095ba.yaml @@ -0,0 +1,58 @@ +id: ip2location-country-blocker-2ac275b541904e5481df890267e095ba + +info: + name: > + Download IP2Location Country Blocker <= 2.29.1 - Bypass via IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/814fd060-8781-46ad-86e6-e2b75a7fffc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip2location-country-blocker/" + google-query: inurl:"/wp-content/plugins/ip2location-country-blocker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip2location-country-blocker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip2location-country-blocker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip2location-country-blocker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.29.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip2location-country-blocker-9ce1e54ae52ee82869377cad0e1b6dc4.yaml b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-9ce1e54ae52ee82869377cad0e1b6dc4.yaml new file mode 100644 index 0000000000..721e2675eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-9ce1e54ae52ee82869377cad0e1b6dc4.yaml @@ -0,0 +1,58 @@ +id: ip2location-country-blocker-9ce1e54ae52ee82869377cad0e1b6dc4 + +info: + name: > + Download IP2Location Country Blocker <= 2.34.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e8d038d-8e2d-442d-932d-0fd31a8c501c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip2location-country-blocker/" + google-query: inurl:"/wp-content/plugins/ip2location-country-blocker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip2location-country-blocker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip2location-country-blocker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip2location-country-blocker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.34.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip2location-country-blocker-be59e4061d41f159389c5e0a45f572cb.yaml b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-be59e4061d41f159389c5e0a45f572cb.yaml new file mode 100644 index 0000000000..9908e88e60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-be59e4061d41f159389c5e0a45f572cb.yaml @@ -0,0 +1,58 @@ +id: ip2location-country-blocker-be59e4061d41f159389c5e0a45f572cb + +info: + name: > + IP2Location Country Blocker <= 2.26.4 - Subscriber+ Arbitrary Country Ban + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/736e51d4-da1d-4252-a10f-d89eb6a68de4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip2location-country-blocker/" + google-query: inurl:"/wp-content/plugins/ip2location-country-blocker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip2location-country-blocker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip2location-country-blocker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip2location-country-blocker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.26.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ip2location-country-blocker-ea51da120356d8e0bf883fe872498f8e.yaml b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-ea51da120356d8e0bf883fe872498f8e.yaml new file mode 100644 index 0000000000..4e29d91fa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ip2location-country-blocker-ea51da120356d8e0bf883fe872498f8e.yaml @@ -0,0 +1,58 @@ +id: ip2location-country-blocker-ea51da120356d8e0bf883fe872498f8e + +info: + name: > + IP2Location Country Blocker <= 2.26.4 - Ban Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b8d337b-2d2c-4769-9ac0-6e22ba39a42f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ip2location-country-blocker/" + google-query: inurl:"/wp-content/plugins/ip2location-country-blocker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ip2location-country-blocker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ip2location-country-blocker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ip2location-country-blocker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.26.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ipages-flipbook-1ae1b0bb4039a24aa303fbc722996071.yaml b/nuclei-templates/cve-less/plugins/ipages-flipbook-1ae1b0bb4039a24aa303fbc722996071.yaml new file mode 100644 index 0000000000..af9eb838e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ipages-flipbook-1ae1b0bb4039a24aa303fbc722996071.yaml @@ -0,0 +1,58 @@ +id: ipages-flipbook-1ae1b0bb4039a24aa303fbc722996071 + +info: + name: > + iPages Flipbook < 1.5.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/279a02e1-7b61-4edd-ab67-6a7fed4e17c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ipages-flipbook/" + google-query: inurl:"/wp-content/plugins/ipages-flipbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ipages-flipbook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ipages-flipbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ipages-flipbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ipages-flipbook-238730b48c414c2efa3f90f95ede4e1a.yaml b/nuclei-templates/cve-less/plugins/ipages-flipbook-238730b48c414c2efa3f90f95ede4e1a.yaml new file mode 100644 index 0000000000..7ae910e047 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ipages-flipbook-238730b48c414c2efa3f90f95ede4e1a.yaml @@ -0,0 +1,58 @@ +id: ipages-flipbook-238730b48c414c2efa3f90f95ede4e1a + +info: + name: > + iPages Flipbook <= 1.5.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38b9a64f-a83a-4c0f-88df-383652fde986?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ipages-flipbook/" + google-query: inurl:"/wp-content/plugins/ipages-flipbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ipages-flipbook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ipages-flipbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ipages-flipbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ipages-flipbook-ffe84a5da8ea35eb24ec280a71f71719.yaml b/nuclei-templates/cve-less/plugins/ipages-flipbook-ffe84a5da8ea35eb24ec280a71f71719.yaml new file mode 100644 index 0000000000..6c6896ae41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ipages-flipbook-ffe84a5da8ea35eb24ec280a71f71719.yaml @@ -0,0 +1,58 @@ +id: ipages-flipbook-ffe84a5da8ea35eb24ec280a71f71719 + +info: + name: > + iPages Flipbook <= 1.4.6 - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cd82b65-eadd-4a81-a8e4-72ce58dd360d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ipages-flipbook/" + google-query: inurl:"/wp-content/plugins/ipages-flipbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ipages-flipbook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ipages-flipbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ipages-flipbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-176b60254015c7171bdde001bfef506b.yaml b/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-176b60254015c7171bdde001bfef506b.yaml new file mode 100644 index 0000000000..cb59db29e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-176b60254015c7171bdde001bfef506b.yaml @@ -0,0 +1,58 @@ +id: ipanorama-360-virtual-tour-builder-lite-176b60254015c7171bdde001bfef506b + +info: + name: > + iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d9431b3-d37e-4d19-b07d-d5357affe346?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/" + google-query: inurl:"/wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ipanorama-360-virtual-tour-builder-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ipanorama-360-virtual-tour-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-93a89e746de1b01ce58a8098e6937879.yaml b/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-93a89e746de1b01ce58a8098e6937879.yaml new file mode 100644 index 0000000000..a9b326919c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-93a89e746de1b01ce58a8098e6937879.yaml @@ -0,0 +1,58 @@ +id: ipanorama-360-virtual-tour-builder-lite-93a89e746de1b01ce58a8098e6937879 + +info: + name: > + iPanorama 360 – WordPress Virtual Tour Builder <= 1.8.0 - Authenticated (Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3566b602-c991-488f-9de2-57236c4735b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/" + google-query: inurl:"/wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ipanorama-360-virtual-tour-builder-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ipanorama-360-virtual-tour-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-db0b66a5d47c2843954a651061f51619.yaml b/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-db0b66a5d47c2843954a651061f51619.yaml new file mode 100644 index 0000000000..b1c68916db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ipanorama-360-virtual-tour-builder-lite-db0b66a5d47c2843954a651061f51619.yaml @@ -0,0 +1,58 @@ +id: ipanorama-360-virtual-tour-builder-lite-db0b66a5d47c2843954a651061f51619 + +info: + name: > + iPanorama 360 WordPress Virtual Tour Builder <= 1.8.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/924145bb-d636-4184-8f3f-578c8b11e3a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/" + google-query: inurl:"/wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ipanorama-360-virtual-tour-builder-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ipanorama-360-virtual-tour-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ipanorama-360-virtual-tour-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ipblocklist-24ffe594d50f8ec966de3f6d9723e35a.yaml b/nuclei-templates/cve-less/plugins/ipblocklist-24ffe594d50f8ec966de3f6d9723e35a.yaml new file mode 100644 index 0000000000..3f1d774973 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ipblocklist-24ffe594d50f8ec966de3f6d9723e35a.yaml @@ -0,0 +1,58 @@ +id: ipblocklist-24ffe594d50f8ec966de3f6d9723e35a + +info: + name: > + ipBlockList <= 1.0 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4372e6a4-3671-4110-bebb-85c1a97c5abb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ipblocklist/" + google-query: inurl:"/wp-content/plugins/ipblocklist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ipblocklist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ipblocklist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ipblocklist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ipushpull-1a055ae19ed953176d3ae4b152c78d6b.yaml b/nuclei-templates/cve-less/plugins/ipushpull-1a055ae19ed953176d3ae4b152c78d6b.yaml new file mode 100644 index 0000000000..4790d147c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ipushpull-1a055ae19ed953176d3ae4b152c78d6b.yaml @@ -0,0 +1,58 @@ +id: ipushpull-1a055ae19ed953176d3ae4b152c78d6b + +info: + name: > + Live updates from Excel <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab856722-e954-49de-a93f-46664da6e3e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ipushpull/" + google-query: inurl:"/wp-content/plugins/ipushpull/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ipushpull,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ipushpull/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ipushpull" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iq-block-country-13327063860a0ee0e2e86f1e87898320.yaml b/nuclei-templates/cve-less/plugins/iq-block-country-13327063860a0ee0e2e86f1e87898320.yaml new file mode 100644 index 0000000000..29b937fe19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iq-block-country-13327063860a0ee0e2e86f1e87898320.yaml @@ -0,0 +1,58 @@ +id: iq-block-country-13327063860a0ee0e2e86f1e87898320 + +info: + name: > + WordPress iQ Block Country <= 1.2.11 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b01ce539-08f4-48f7-9ddc-56e87a2c91cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iq-block-country/" + google-query: inurl:"/wp-content/plugins/iq-block-country/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iq-block-country,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iq-block-country/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iq-block-country" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iq-block-country-93b718d7dcd910cc3c0b3209a78fa52e.yaml b/nuclei-templates/cve-less/plugins/iq-block-country-93b718d7dcd910cc3c0b3209a78fa52e.yaml new file mode 100644 index 0000000000..a236b607d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iq-block-country-93b718d7dcd910cc3c0b3209a78fa52e.yaml @@ -0,0 +1,58 @@ +id: iq-block-country-93b718d7dcd910cc3c0b3209a78fa52e + +info: + name: > + iQ Block Country <= 1.2.18 - Country Blocking Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abc983c6-aa30-4d1b-b6af-99b5ba1c8481?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iq-block-country/" + google-query: inurl:"/wp-content/plugins/iq-block-country/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iq-block-country,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iq-block-country/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iq-block-country" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iq-block-country-c5db51e5f06010fca4f5938a5e56cd39.yaml b/nuclei-templates/cve-less/plugins/iq-block-country-c5db51e5f06010fca4f5938a5e56cd39.yaml new file mode 100644 index 0000000000..0c2c0005c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iq-block-country-c5db51e5f06010fca4f5938a5e56cd39.yaml @@ -0,0 +1,58 @@ +id: iq-block-country-c5db51e5f06010fca4f5938a5e56cd39 + +info: + name: > + iQ Block Country <= 1.2.13 - Protection Bypass due to IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f388049-b453-406c-abdf-2a51c7abed2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iq-block-country/" + google-query: inurl:"/wp-content/plugins/iq-block-country/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iq-block-country,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iq-block-country/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iq-block-country" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iq-block-country-f1c8fa61b4af4443e96dfc38c36b4af9.yaml b/nuclei-templates/cve-less/plugins/iq-block-country-f1c8fa61b4af4443e96dfc38c36b4af9.yaml new file mode 100644 index 0000000000..20ce0a1e3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iq-block-country-f1c8fa61b4af4443e96dfc38c36b4af9.yaml @@ -0,0 +1,58 @@ +id: iq-block-country-f1c8fa61b4af4443e96dfc38c36b4af9 + +info: + name: > + iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21e3d4a5-aaf3-4f42-8868-cd8c9bccd026?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iq-block-country/" + google-query: inurl:"/wp-content/plugins/iq-block-country/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iq-block-country,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iq-block-country/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iq-block-country" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/itempropwp-1b30aff662020c0b4f39f0c4b04b2958.yaml b/nuclei-templates/cve-less/plugins/itempropwp-1b30aff662020c0b4f39f0c4b04b2958.yaml new file mode 100644 index 0000000000..2e14e5a977 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/itempropwp-1b30aff662020c0b4f39f0c4b04b2958.yaml @@ -0,0 +1,58 @@ +id: itempropwp-1b30aff662020c0b4f39f0c4b04b2958 + +info: + name: > + itemprop WP for SERP/SEO Rich snippets <= 3.5.201706131 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5975a107-8083-4f9e-b2b2-8c6ae1ac8f39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/itempropwp/" + google-query: inurl:"/wp-content/plugins/itempropwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,itempropwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/itempropwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "itempropwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.201706131') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ithemes-exchange-f7228bc923e4f7e6b922e94dc9e73ec2.yaml b/nuclei-templates/cve-less/plugins/ithemes-exchange-f7228bc923e4f7e6b922e94dc9e73ec2.yaml new file mode 100644 index 0000000000..5781db54a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ithemes-exchange-f7228bc923e4f7e6b922e94dc9e73ec2.yaml @@ -0,0 +1,58 @@ +id: ithemes-exchange-f7228bc923e4f7e6b922e94dc9e73ec2 + +info: + name: > + iThemes Exchange < 1.12.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69150437-dfd6-436a-b100-99f5001c7fe7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ithemes-exchange/" + google-query: inurl:"/wp-content/plugins/ithemes-exchange/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ithemes-exchange,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ithemes-exchange/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ithemes-exchange" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ithemes-sync-885b35b00352c80953df3eed541d0a97.yaml b/nuclei-templates/cve-less/plugins/ithemes-sync-885b35b00352c80953df3eed541d0a97.yaml new file mode 100644 index 0000000000..2c5e05496b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ithemes-sync-885b35b00352c80953df3eed541d0a97.yaml @@ -0,0 +1,58 @@ +id: ithemes-sync-885b35b00352c80953df3eed541d0a97 + +info: + name: > + iThemes Sync <= 2.1.13 - Cross-Site Request Forgery and Missing Authorization via 'hide_authenticate_notice' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9229f2-e7dd-43c9-9c15-9b76c13e895b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ithemes-sync/" + google-query: inurl:"/wp-content/plugins/ithemes-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ithemes-sync,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ithemes-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ithemes-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/itwitter-d22a628e60dd0e0e47e495ea9eb75413.yaml b/nuclei-templates/cve-less/plugins/itwitter-d22a628e60dd0e0e47e495ea9eb75413.yaml new file mode 100644 index 0000000000..3c7f74b655 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/itwitter-d22a628e60dd0e0e47e495ea9eb75413.yaml @@ -0,0 +1,58 @@ +id: itwitter-d22a628e60dd0e0e47e495ea9eb75413 + +info: + name: > + iTwitter <= 0.04 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56cd4317-46e1-4e6c-a586-b3aacb189dd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/itwitter/" + google-query: inurl:"/wp-content/plugins/itwitter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,itwitter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/itwitter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "itwitter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.04') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iubenda-cookie-law-solution-e4dfba623e207111ac2894d0b05e0171.yaml b/nuclei-templates/cve-less/plugins/iubenda-cookie-law-solution-e4dfba623e207111ac2894d0b05e0171.yaml new file mode 100644 index 0000000000..9959ae7e29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iubenda-cookie-law-solution-e4dfba623e207111ac2894d0b05e0171.yaml @@ -0,0 +1,58 @@ +id: iubenda-cookie-law-solution-e4dfba623e207111ac2894d0b05e0171 + +info: + name: > + iubenda <= 3.3.2 - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8e8d724-60fe-4333-8c55-cb7df0d4345d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iubenda-cookie-law-solution/" + google-query: inurl:"/wp-content/plugins/iubenda-cookie-law-solution/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iubenda-cookie-law-solution,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iubenda-cookie-law-solution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iubenda-cookie-law-solution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iubenda-cookie-law-solution-e70ae286a6778ee45405a4388b04fec9.yaml b/nuclei-templates/cve-less/plugins/iubenda-cookie-law-solution-e70ae286a6778ee45405a4388b04fec9.yaml new file mode 100644 index 0000000000..48ec3b0f9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iubenda-cookie-law-solution-e70ae286a6778ee45405a4388b04fec9.yaml @@ -0,0 +1,58 @@ +id: iubenda-cookie-law-solution-e70ae286a6778ee45405a4388b04fec9 + +info: + name: > + iubenda < 2.3.5 - Failure to Restrict URL Protocol + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc06a6d7-4fd9-450d-99f2-3f40343a9555?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iubenda-cookie-law-solution/" + google-query: inurl:"/wp-content/plugins/iubenda-cookie-law-solution/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iubenda-cookie-law-solution,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iubenda-cookie-law-solution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iubenda-cookie-law-solution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iva-business-hours-pro-f3a11b810db2dd0055915ce0cd13d43a.yaml b/nuclei-templates/cve-less/plugins/iva-business-hours-pro-f3a11b810db2dd0055915ce0cd13d43a.yaml new file mode 100644 index 0000000000..d702527b6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iva-business-hours-pro-f3a11b810db2dd0055915ce0cd13d43a.yaml @@ -0,0 +1,58 @@ +id: iva-business-hours-pro-f3a11b810db2dd0055915ce0cd13d43a + +info: + name: > + Business Hours Pro <= 5.5.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/866f780e-46fa-407a-b777-951a328003dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iva-business-hours-pro/" + google-query: inurl:"/wp-content/plugins/iva-business-hours-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iva-business-hours-pro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iva-business-hours-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iva-business-hours-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iwp-client-05f450dd8aa4062aa24fbf2823c60c4a.yaml b/nuclei-templates/cve-less/plugins/iwp-client-05f450dd8aa4062aa24fbf2823c60c4a.yaml new file mode 100644 index 0000000000..571a400017 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iwp-client-05f450dd8aa4062aa24fbf2823c60c4a.yaml @@ -0,0 +1,58 @@ +id: iwp-client-05f450dd8aa4062aa24fbf2823c60c4a + +info: + name: > + InfiniteWP Client <= 1.11.1 - Authenticated (Subscriber+) Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa157c80-447f-4406-9e49-9cc6208b7b19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iwp-client/" + google-query: inurl:"/wp-content/plugins/iwp-client/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iwp-client,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iwp-client/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iwp-client" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iwp-client-6a236c689e15bb7cc8c51fe8f71c025e.yaml b/nuclei-templates/cve-less/plugins/iwp-client-6a236c689e15bb7cc8c51fe8f71c025e.yaml new file mode 100644 index 0000000000..406a033276 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iwp-client-6a236c689e15bb7cc8c51fe8f71c025e.yaml @@ -0,0 +1,58 @@ +id: iwp-client-6a236c689e15bb7cc8c51fe8f71c025e + +info: + name: > + InfiniteWP Client <= 1.12.3 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fdc32a4-adf8-4174-924b-5d0b763d010c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iwp-client/" + google-query: inurl:"/wp-content/plugins/iwp-client/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iwp-client,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iwp-client/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iwp-client" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iwp-client-79054d990e7a7a32c990ccc921c67cf1.yaml b/nuclei-templates/cve-less/plugins/iwp-client-79054d990e7a7a32c990ccc921c67cf1.yaml new file mode 100644 index 0000000000..86d7d325d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iwp-client-79054d990e7a7a32c990ccc921c67cf1.yaml @@ -0,0 +1,58 @@ +id: iwp-client-79054d990e7a7a32c990ccc921c67cf1 + +info: + name: > + InfiniteWP Client <= 1.6.0 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bd81f3c-f801-4fc6-b2db-754e5ebed688?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iwp-client/" + google-query: inurl:"/wp-content/plugins/iwp-client/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iwp-client,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iwp-client/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iwp-client" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iwp-client-c4e23e67727ce074f425f39975da1652.yaml b/nuclei-templates/cve-less/plugins/iwp-client-c4e23e67727ce074f425f39975da1652.yaml new file mode 100644 index 0000000000..bc975d2fe0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iwp-client-c4e23e67727ce074f425f39975da1652.yaml @@ -0,0 +1,58 @@ +id: iwp-client-c4e23e67727ce074f425f39975da1652 + +info: + name: > + InfiniteWP Client <= 1.9.4.4 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63f10214-69ef-4b5d-8d2b-2e2c1bafa7e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iwp-client/" + google-query: inurl:"/wp-content/plugins/iwp-client/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iwp-client,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iwp-client/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iwp-client" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/iws-geo-form-fields-9f8f05e27cd509d186ef8ebf6b358ad1.yaml b/nuclei-templates/cve-less/plugins/iws-geo-form-fields-9f8f05e27cd509d186ef8ebf6b358ad1.yaml new file mode 100644 index 0000000000..8d9499ec42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/iws-geo-form-fields-9f8f05e27cd509d186ef8ebf6b358ad1.yaml @@ -0,0 +1,58 @@ +id: iws-geo-form-fields-9f8f05e27cd509d186ef8ebf6b358ad1 + +info: + name: > + IWS - Geo Form Fields <= 1.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b994bb62-436f-4edc-8891-281483428ac0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/iws-geo-form-fields/" + google-query: inurl:"/wp-content/plugins/iws-geo-form-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,iws-geo-form-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/iws-geo-form-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "iws-geo-form-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/izeechat-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/izeechat-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..0742485f2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/izeechat-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: izeechat-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/izeechat/" + google-query: inurl:"/wp-content/plugins/izeechat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,izeechat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/izeechat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "izeechat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jackmail-newsletters-0f6f97ec8d1cc89cf7cec3ff35c09656.yaml b/nuclei-templates/cve-less/plugins/jackmail-newsletters-0f6f97ec8d1cc89cf7cec3ff35c09656.yaml new file mode 100644 index 0000000000..874f5dea81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jackmail-newsletters-0f6f97ec8d1cc89cf7cec3ff35c09656.yaml @@ -0,0 +1,58 @@ +id: jackmail-newsletters-0f6f97ec8d1cc89cf7cec3ff35c09656 + +info: + name: > + Emails & Newsletters with Jackmail <= 1.2.22 - Authenticated (Subscriber+) CSV Injecton + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/084a209f-c67b-4df9-9f4b-c537ea065a50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jackmail-newsletters/" + google-query: inurl:"/wp-content/plugins/jackmail-newsletters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jackmail-newsletters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jackmail-newsletters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jackmail-newsletters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jayj-quicktag-a6cb60a315c6c7a94894e2123d4f4da7.yaml b/nuclei-templates/cve-less/plugins/jayj-quicktag-a6cb60a315c6c7a94894e2123d4f4da7.yaml new file mode 100644 index 0000000000..99a88412f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jayj-quicktag-a6cb60a315c6c7a94894e2123d4f4da7.yaml @@ -0,0 +1,58 @@ +id: jayj-quicktag-a6cb60a315c6c7a94894e2123d4f4da7 + +info: + name: > + Jayj Quicktag < 1.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/585fc053-b54f-428e-9abc-9501508aef69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jayj-quicktag/" + google-query: inurl:"/wp-content/plugins/jayj-quicktag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jayj-quicktag,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jayj-quicktag/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jayj-quicktag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jazz-popups-d1c49397ab5d1626905204217983db24.yaml b/nuclei-templates/cve-less/plugins/jazz-popups-d1c49397ab5d1626905204217983db24.yaml new file mode 100644 index 0000000000..1150d0753c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jazz-popups-d1c49397ab5d1626905204217983db24.yaml @@ -0,0 +1,58 @@ +id: jazz-popups-d1c49397ab5d1626905204217983db24 + +info: + name: > + Jazz Popups <= 1.8.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/669f5363-22af-4526-b375-3cca2b1db0ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jazz-popups/" + google-query: inurl:"/wp-content/plugins/jazz-popups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jazz-popups,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jazz-popups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jazz-popups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jazz-popups-fd8f4b76d0911973d7f68d0007d8b9f6.yaml b/nuclei-templates/cve-less/plugins/jazz-popups-fd8f4b76d0911973d7f68d0007d8b9f6.yaml new file mode 100644 index 0000000000..5f228c7690 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jazz-popups-fd8f4b76d0911973d7f68d0007d8b9f6.yaml @@ -0,0 +1,58 @@ +id: jazz-popups-fd8f4b76d0911973d7f68d0007d8b9f6 + +info: + name: > + Jazz Popups <= 1.8.7 - Reflected Cross-Site Scripting via 'wpjazzpopup_switchonoff' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba8c5db5-48d4-4ce1-84b9-5743c7444a3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jazz-popups/" + google-query: inurl:"/wp-content/plugins/jazz-popups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jazz-popups,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jazz-popups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jazz-popups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jazzcash-woocommerce-gateway-4d6bafb19843bc6d71a91327064ee112.yaml b/nuclei-templates/cve-less/plugins/jazzcash-woocommerce-gateway-4d6bafb19843bc6d71a91327064ee112.yaml new file mode 100644 index 0000000000..a7dc91fb9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jazzcash-woocommerce-gateway-4d6bafb19843bc6d71a91327064ee112.yaml @@ -0,0 +1,58 @@ +id: jazzcash-woocommerce-gateway-4d6bafb19843bc6d71a91327064ee112 + +info: + name: > + WooCommerce JazzCash Gateway Plugin <= 2.0 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6809f7f-4495-4185-b439-820010afc305?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jazzcash-woocommerce-gateway/" + google-query: inurl:"/wp-content/plugins/jazzcash-woocommerce-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jazzcash-woocommerce-gateway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jazzcash-woocommerce-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jazzcash-woocommerce-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jc-importer-6ceb62cda68f33df94c6d2d8223676b0.yaml b/nuclei-templates/cve-less/plugins/jc-importer-6ceb62cda68f33df94c6d2d8223676b0.yaml new file mode 100644 index 0000000000..1744c0bf24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jc-importer-6ceb62cda68f33df94c6d2d8223676b0.yaml @@ -0,0 +1,58 @@ +id: jc-importer-6ceb62cda68f33df94c6d2d8223676b0 + +info: + name: > + Import WP – Export and Import CSV and XML files to WordPress <= 2.13.0 - Authenticated (Admin+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09023fe2-52dd-43af-ae4f-1fb46654f305?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jc-importer/" + google-query: inurl:"/wp-content/plugins/jc-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jc-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jc-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jc-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.13.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jc-importer-70ada96da95be698f6717e6048a6ec59.yaml b/nuclei-templates/cve-less/plugins/jc-importer-70ada96da95be698f6717e6048a6ec59.yaml new file mode 100644 index 0000000000..1fbce31e31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jc-importer-70ada96da95be698f6717e6048a6ec59.yaml @@ -0,0 +1,58 @@ +id: jc-importer-70ada96da95be698f6717e6048a6ec59 + +info: + name: > + Import WP – Import and Export WordPress data to XML or CSV files <= 2.4.5 - Authenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e518d40-deda-438a-9787-b3cf7faad7a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jc-importer/" + google-query: inurl:"/wp-content/plugins/jc-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jc-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jc-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jc-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jch-optimize-7438f6c5de0164c1ebbfea6f43fc0dba.yaml b/nuclei-templates/cve-less/plugins/jch-optimize-7438f6c5de0164c1ebbfea6f43fc0dba.yaml new file mode 100644 index 0000000000..50b69e3c76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jch-optimize-7438f6c5de0164c1ebbfea6f43fc0dba.yaml @@ -0,0 +1,58 @@ +id: jch-optimize-7438f6c5de0164c1ebbfea6f43fc0dba + +info: + name: > + JCH Optimize <= 3.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f04c83b9-33a0-4f4b-afc4-929d40c2ef67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jch-optimize/" + google-query: inurl:"/wp-content/plugins/jch-optimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jch-optimize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jch-optimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jch-optimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jcwp-youtube-channel-embed-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/jcwp-youtube-channel-embed-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..5bd63cb579 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jcwp-youtube-channel-embed-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: jcwp-youtube-channel-embed-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jcwp-youtube-channel-embed/" + google-query: inurl:"/wp-content/plugins/jcwp-youtube-channel-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jcwp-youtube-channel-embed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jcwp-youtube-channel-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jcwp-youtube-channel-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jeeng-push-notifications-c5989c384ff1fa34fed277024ca7c660.yaml b/nuclei-templates/cve-less/plugins/jeeng-push-notifications-c5989c384ff1fa34fed277024ca7c660.yaml new file mode 100644 index 0000000000..96c198829f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jeeng-push-notifications-c5989c384ff1fa34fed277024ca7c660.yaml @@ -0,0 +1,58 @@ +id: jeeng-push-notifications-c5989c384ff1fa34fed277024ca7c660 + +info: + name: > + Jeeng Push Notifications <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89b528f7-42a7-4b6a-b3f7-3176b91e0dfe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jeeng-push-notifications/" + google-query: inurl:"/wp-content/plugins/jeeng-push-notifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jeeng-push-notifications,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jeeng-push-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jeeng-push-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jeg-elementor-kit-045b6020dfc1ed99134f3177a28e643d.yaml b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-045b6020dfc1ed99134f3177a28e643d.yaml new file mode 100644 index 0000000000..19330c692e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-045b6020dfc1ed99134f3177a28e643d.yaml @@ -0,0 +1,58 @@ +id: jeg-elementor-kit-045b6020dfc1ed99134f3177a28e643d + +info: + name: > + Jeg Elementor Kit <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d108cb36-c072-483e-9746-15b8e7a880c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jeg-elementor-kit/" + google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jeg-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jeg-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jeg-elementor-kit-0b6d48f80755becad907191d56a4faea.yaml b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-0b6d48f80755becad907191d56a4faea.yaml new file mode 100644 index 0000000000..f8ed390143 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-0b6d48f80755becad907191d56a4faea.yaml @@ -0,0 +1,58 @@ +id: jeg-elementor-kit-0b6d48f80755becad907191d56a4faea + +info: + name: > + Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34a42180-9d08-4049-8da8-27ee1f64600a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jeg-elementor-kit/" + google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jeg-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jeg-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jeg-elementor-kit-1429d93adf30ca5583ea8a8bc67d75f6.yaml b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-1429d93adf30ca5583ea8a8bc67d75f6.yaml new file mode 100644 index 0000000000..d30a0a4de8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-1429d93adf30ca5583ea8a8bc67d75f6.yaml @@ -0,0 +1,58 @@ +id: jeg-elementor-kit-1429d93adf30ca5583ea8a8bc67d75f6 + +info: + name: > + Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9955d65-afb3-4d28-abd2-9f2fec92d013?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jeg-elementor-kit/" + google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jeg-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jeg-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jeg-elementor-kit-39f38e457d08269c0a24a582767d3dfd.yaml b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-39f38e457d08269c0a24a582767d3dfd.yaml new file mode 100644 index 0000000000..486e541973 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-39f38e457d08269c0a24a582767d3dfd.yaml @@ -0,0 +1,58 @@ +id: jeg-elementor-kit-39f38e457d08269c0a24a582767d3dfd + +info: + name: > + Jeg Elementor Kit <= 2.5.6 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84b616fa-ff64-49e8-8c4a-7d7bfdf758be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jeg-elementor-kit/" + google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jeg-elementor-kit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jeg-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jeg-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jeg-elementor-kit-8abead7c575d5ff9d8bcc0c1daac4379.yaml b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-8abead7c575d5ff9d8bcc0c1daac4379.yaml new file mode 100644 index 0000000000..10a889c6c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-8abead7c575d5ff9d8bcc0c1daac4379.yaml @@ -0,0 +1,58 @@ +id: jeg-elementor-kit-8abead7c575d5ff9d8bcc0c1daac4379 + +info: + name: > + Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46868a11-0c82-4bd3-82b5-9a19a5a0cef1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jeg-elementor-kit/" + google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jeg-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jeg-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jeg-elementor-kit-9ac2eb6aa79c6ee262cfc473810b750d.yaml b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-9ac2eb6aa79c6ee262cfc473810b750d.yaml new file mode 100644 index 0000000000..fce26a78e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-9ac2eb6aa79c6ee262cfc473810b750d.yaml @@ -0,0 +1,58 @@ +id: jeg-elementor-kit-9ac2eb6aa79c6ee262cfc473810b750d + +info: + name: > + Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Cross-Site Scripting via Elementor Widget URL Custom Attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/950e9042-1364-4200-8f57-171346075764?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jeg-elementor-kit/" + google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jeg-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jeg-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jeg-elementor-kit-a2e686465d8672ec5bf29632e66237cf.yaml b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-a2e686465d8672ec5bf29632e66237cf.yaml new file mode 100644 index 0000000000..cc87fef37f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-a2e686465d8672ec5bf29632e66237cf.yaml @@ -0,0 +1,58 @@ +id: jeg-elementor-kit-a2e686465d8672ec5bf29632e66237cf + +info: + name: > + Jeg Elementor Kit <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48a13fb7-bf1a-4bf2-ac3b-3b5a75fec616?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jeg-elementor-kit/" + google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jeg-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jeg-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jeg-elementor-kit-fc806cfd6ed4dc072c39a0980e8091bc.yaml b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-fc806cfd6ed4dc072c39a0980e8091bc.yaml new file mode 100644 index 0000000000..f4e03c51f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jeg-elementor-kit-fc806cfd6ed4dc072c39a0980e8091bc.yaml @@ -0,0 +1,58 @@ +id: jeg-elementor-kit-fc806cfd6ed4dc072c39a0980e8091bc + +info: + name: > + Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d54c7623-25af-4bf1-a6e0-9022ec26f391?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jeg-elementor-kit/" + google-query: inurl:"/wp-content/plugins/jeg-elementor-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jeg-elementor-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jeg-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jeg-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-blocks-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-blocks-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..c102cfee32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-blocks-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-blocks-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-blocks/" + google-query: inurl:"/wp-content/plugins/jet-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-blocks-d0c27f042f57c6d16293a23758983b37.yaml b/nuclei-templates/cve-less/plugins/jet-blocks-d0c27f042f57c6d16293a23758983b37.yaml new file mode 100644 index 0000000000..855bd7f36f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-blocks-d0c27f042f57c6d16293a23758983b37.yaml @@ -0,0 +1,58 @@ +id: jet-blocks-d0c27f042f57c6d16293a23758983b37 + +info: + name: > + JetBlocks For Elementor <= 1.3.8 - Reflected Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2614ca26-6efc-49f5-8cee-5b078721acc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-blocks/" + google-query: inurl:"/wp-content/plugins/jet-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-blocks-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-blocks-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..ab97b3898d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-blocks-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-blocks-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-blocks/" + google-query: inurl:"/wp-content/plugins/jet-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-blocks-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-blocks-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..1984c5754b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-blocks-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-blocks-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-blocks/" + google-query: inurl:"/wp-content/plugins/jet-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-blocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-blog-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-blog-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..3eb1516fc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-blog-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-blog-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-blog/" + google-query: inurl:"/wp-content/plugins/jet-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-blog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-blog-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-blog-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..bac519d94a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-blog-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-blog-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-blog/" + google-query: inurl:"/wp-content/plugins/jet-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-blog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-blog-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-blog-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..93ab6624f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-blog-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-blog-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-blog/" + google-query: inurl:"/wp-content/plugins/jet-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-blog,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-compare-wishlist-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-compare-wishlist-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..f0b543dc9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-compare-wishlist-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-compare-wishlist-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-compare-wishlist/" + google-query: inurl:"/wp-content/plugins/jet-compare-wishlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-compare-wishlist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-compare-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-compare-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-compare-wishlist-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-compare-wishlist-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..281266f54d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-compare-wishlist-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-compare-wishlist-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-compare-wishlist/" + google-query: inurl:"/wp-content/plugins/jet-compare-wishlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-compare-wishlist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-compare-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-compare-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-compare-wishlist-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-compare-wishlist-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..0d894434e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-compare-wishlist-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-compare-wishlist-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-compare-wishlist/" + google-query: inurl:"/wp-content/plugins/jet-compare-wishlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-compare-wishlist,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-compare-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-compare-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-elements-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-elements-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..fb8eba34ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-elements-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-elements-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-elements/" + google-query: inurl:"/wp-content/plugins/jet-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-elements-7ba0ab8627448e04a3557ed6ccce144f.yaml b/nuclei-templates/cve-less/plugins/jet-elements-7ba0ab8627448e04a3557ed6ccce144f.yaml new file mode 100644 index 0000000000..99ab06a026 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-elements-7ba0ab8627448e04a3557ed6ccce144f.yaml @@ -0,0 +1,58 @@ +id: jet-elements-7ba0ab8627448e04a3557ed6ccce144f + +info: + name: > + JetElements For Elementor <= 2.6.13 - Missing Authorization to Unauthenticated Arbitrary Attachment Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d199e597-64ed-4dcc-a153-b5c8e4e9e93d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-elements/" + google-query: inurl:"/wp-content/plugins/jet-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-elements-cdc0a1afbf2cc009eea0f7deda8a5515.yaml b/nuclei-templates/cve-less/plugins/jet-elements-cdc0a1afbf2cc009eea0f7deda8a5515.yaml new file mode 100644 index 0000000000..3d303aa9b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-elements-cdc0a1afbf2cc009eea0f7deda8a5515.yaml @@ -0,0 +1,58 @@ +id: jet-elements-cdc0a1afbf2cc009eea0f7deda8a5515 + +info: + name: > + JetElements <= 2.6.10 - Authenticated (Contributor+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73fca37e-c6cf-420c-b984-3ef89acf3216?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-elements/" + google-query: inurl:"/wp-content/plugins/jet-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-elements-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-elements-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..ae8586967c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-elements-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-elements-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-elements/" + google-query: inurl:"/wp-content/plugins/jet-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-elements,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-elements-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-elements-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..ea4c23edfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-elements-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-elements-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-elements/" + google-query: inurl:"/wp-content/plugins/jet-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-elements,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-engine-1671dddc3e7743782d8ec72b0e2ab60c.yaml b/nuclei-templates/cve-less/plugins/jet-engine-1671dddc3e7743782d8ec72b0e2ab60c.yaml new file mode 100644 index 0000000000..700fff7071 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-engine-1671dddc3e7743782d8ec72b0e2ab60c.yaml @@ -0,0 +1,58 @@ +id: jet-engine-1671dddc3e7743782d8ec72b0e2ab60c + +info: + name: > + Crocoblock JetEngine <= 3.1.3 - Authenticated(Author+) Arbitrary File Upload to Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e7247f-869a-4cf0-ae03-0b36ecbc1b7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-engine/" + google-query: inurl:"/wp-content/plugins/jet-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-engine-23ba9e8ddbee95a7030ba5db7648376b.yaml b/nuclei-templates/cve-less/plugins/jet-engine-23ba9e8ddbee95a7030ba5db7648376b.yaml new file mode 100644 index 0000000000..6635a162ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-engine-23ba9e8ddbee95a7030ba5db7648376b.yaml @@ -0,0 +1,58 @@ +id: jet-engine-23ba9e8ddbee95a7030ba5db7648376b + +info: + name: > + JetEngine <= 3.2.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f2c97f4-0a6e-4693-a6c8-bd81ca76988c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-engine/" + google-query: inurl:"/wp-content/plugins/jet-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-engine,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-engine-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-engine-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..ebc8127b1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-engine-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-engine-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-engine/" + google-query: inurl:"/wp-content/plugins/jet-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-engine,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-engine-f12b5bbfc5d1dcce9a91a5751dceea95.yaml b/nuclei-templates/cve-less/plugins/jet-engine-f12b5bbfc5d1dcce9a91a5751dceea95.yaml new file mode 100644 index 0000000000..6bcaba2e53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-engine-f12b5bbfc5d1dcce9a91a5751dceea95.yaml @@ -0,0 +1,58 @@ +id: jet-engine-f12b5bbfc5d1dcce9a91a5751dceea95 + +info: + name: > + JetEngine <= 3.2.4 - Authenticated (Contributor+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad66015d-7831-4590-9583-3abf7ca43c3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-engine/" + google-query: inurl:"/wp-content/plugins/jet-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-engine-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-engine-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..96da77bdfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-engine-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-engine-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-engine/" + google-query: inurl:"/wp-content/plugins/jet-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-engine,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-menu-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-menu-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..2faef7f8a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-menu-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-menu-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-menu/" + google-query: inurl:"/wp-content/plugins/jet-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-menu-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-menu-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..063a275544 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-menu-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-menu-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-menu/" + google-query: inurl:"/wp-content/plugins/jet-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-menu-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-menu-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..96190efa80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-menu-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-menu-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-menu/" + google-query: inurl:"/wp-content/plugins/jet-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-popup-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-popup-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..8b179a8c8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-popup-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-popup-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-popup/" + google-query: inurl:"/wp-content/plugins/jet-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-popup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-popup-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-popup-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..1f6ec2f2b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-popup-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-popup-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-popup/" + google-query: inurl:"/wp-content/plugins/jet-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-popup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-reviews-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-reviews-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..14f10a6a7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-reviews-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-reviews-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-reviews/" + google-query: inurl:"/wp-content/plugins/jet-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-reviews-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-reviews-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..d804f946d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-reviews-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-reviews-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-reviews/" + google-query: inurl:"/wp-content/plugins/jet-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-reviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-reviews-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-reviews-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..1a6e0d7a14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-reviews-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-reviews-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-reviews/" + google-query: inurl:"/wp-content/plugins/jet-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-reviews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-search-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-search-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..6a8891d411 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-search-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-search-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-search/" + google-query: inurl:"/wp-content/plugins/jet-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-search-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-search-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..499f12bd1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-search-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-search-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-search/" + google-query: inurl:"/wp-content/plugins/jet-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-smart-filters-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-smart-filters-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..2539319659 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-smart-filters-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-smart-filters-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-smart-filters/" + google-query: inurl:"/wp-content/plugins/jet-smart-filters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-smart-filters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-smart-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-smart-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-smart-filters-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-smart-filters-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..146c1bd33f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-smart-filters-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-smart-filters-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-smart-filters/" + google-query: inurl:"/wp-content/plugins/jet-smart-filters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-smart-filters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-smart-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-smart-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-smart-filters-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-smart-filters-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..ff906a0ef0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-smart-filters-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-smart-filters-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-smart-filters/" + google-query: inurl:"/wp-content/plugins/jet-smart-filters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-smart-filters,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-smart-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-smart-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-tabs-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-tabs-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..2efd658e68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-tabs-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-tabs-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-tabs/" + google-query: inurl:"/wp-content/plugins/jet-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.25.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-tabs-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-tabs-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..a7c83a76f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-tabs-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-tabs-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-tabs/" + google-query: inurl:"/wp-content/plugins/jet-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-tabs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.25.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-tabs-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-tabs-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..5a2ef48614 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-tabs-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-tabs-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-tabs/" + google-query: inurl:"/wp-content/plugins/jet-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-tabs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.25.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-theme-core-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-theme-core-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..9bc5ba3285 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-theme-core-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-theme-core-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-theme-core/" + google-query: inurl:"/wp-content/plugins/jet-theme-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-theme-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-theme-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-theme-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-theme-core-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-theme-core-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..2910e56ba2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-theme-core-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-theme-core-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-theme-core/" + google-query: inurl:"/wp-content/plugins/jet-theme-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-theme-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-theme-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-theme-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-theme-core-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-theme-core-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..9236068a91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-theme-core-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-theme-core-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-theme-core/" + google-query: inurl:"/wp-content/plugins/jet-theme-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-theme-core,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-theme-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-theme-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-tricks-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-tricks-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..b45aa4f76b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-tricks-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-tricks-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-tricks/" + google-query: inurl:"/wp-content/plugins/jet-tricks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-tricks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-tricks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-tricks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-tricks-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-tricks-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..12e1ac7e3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-tricks-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-tricks-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-tricks/" + google-query: inurl:"/wp-content/plugins/jet-tricks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-tricks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-tricks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-tricks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-tricks-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-tricks-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..4e2afbac72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-tricks-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-tricks-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-tricks/" + google-query: inurl:"/wp-content/plugins/jet-tricks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-tricks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-tricks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-tricks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-woo-builder-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-woo-builder-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..d8738b8948 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-woo-builder-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-woo-builder-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-woo-builder/" + google-query: inurl:"/wp-content/plugins/jet-woo-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-woo-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-woo-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-woo-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-woo-builder-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-woo-builder-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..b961af2ff2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-woo-builder-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-woo-builder-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-woo-builder/" + google-query: inurl:"/wp-content/plugins/jet-woo-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-woo-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-woo-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-woo-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-woo-builder-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-woo-builder-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..1c052ead7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-woo-builder-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-woo-builder-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-woo-builder/" + google-query: inurl:"/wp-content/plugins/jet-woo-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-woo-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-woo-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-woo-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-woo-product-gallery-320a6f011d285ddb19c436d57e994504.yaml b/nuclei-templates/cve-less/plugins/jet-woo-product-gallery-320a6f011d285ddb19c436d57e994504.yaml new file mode 100644 index 0000000000..a815269d11 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-woo-product-gallery-320a6f011d285ddb19c436d57e994504.yaml @@ -0,0 +1,58 @@ +id: jet-woo-product-gallery-320a6f011d285ddb19c436d57e994504 + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization to Unauthenticated Unauthorized Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7addc83b-cde5-4f91-b286-70db6f384a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-woo-product-gallery/" + google-query: inurl:"/wp-content/plugins/jet-woo-product-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-woo-product-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-woo-product-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-woo-product-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-woo-product-gallery-dfd0d896b1397455913caf7f911dd62c.yaml b/nuclei-templates/cve-less/plugins/jet-woo-product-gallery-dfd0d896b1397455913caf7f911dd62c.yaml new file mode 100644 index 0000000000..d371240e37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-woo-product-gallery-dfd0d896b1397455913caf7f911dd62c.yaml @@ -0,0 +1,58 @@ +id: jet-woo-product-gallery-dfd0d896b1397455913caf7f911dd62c + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c85e5e0-d8ee-46d3-99b1-df6c6744f020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-woo-product-gallery/" + google-query: inurl:"/wp-content/plugins/jet-woo-product-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-woo-product-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-woo-product-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-woo-product-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jet-woo-product-gallery-fd87adc782adc661fc2721ea4df8055a.yaml b/nuclei-templates/cve-less/plugins/jet-woo-product-gallery-fd87adc782adc661fc2721ea4df8055a.yaml new file mode 100644 index 0000000000..3f929a5dee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jet-woo-product-gallery-fd87adc782adc661fc2721ea4df8055a.yaml @@ -0,0 +1,58 @@ +id: jet-woo-product-gallery-fd87adc782adc661fc2721ea4df8055a + +info: + name: > + Multiple Plugins by Crocoblock <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/893500ba-cc16-4429-bbe1-725aa65589c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jet-woo-product-gallery/" + google-query: inurl:"/wp-content/plugins/jet-woo-product-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jet-woo-product-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jet-woo-product-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jet-woo-product-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetformbuilder-162aad8c1f1a67baa5f70490c52d6e30.yaml b/nuclei-templates/cve-less/plugins/jetformbuilder-162aad8c1f1a67baa5f70490c52d6e30.yaml new file mode 100644 index 0000000000..84c213ec3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetformbuilder-162aad8c1f1a67baa5f70490c52d6e30.yaml @@ -0,0 +1,58 @@ +id: jetformbuilder-162aad8c1f1a67baa5f70490c52d6e30 + +info: + name: > + JetFormBuilder <= 3.1.4 - Unauthenticated Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0343861-a376-43ea-826e-277c2a5ea635?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetformbuilder/" + google-query: inurl:"/wp-content/plugins/jetformbuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetformbuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetformbuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetformbuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetformbuilder-49120404cfb8d5621438564fe9eb32bd.yaml b/nuclei-templates/cve-less/plugins/jetformbuilder-49120404cfb8d5621438564fe9eb32bd.yaml new file mode 100644 index 0000000000..ecec04f4fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetformbuilder-49120404cfb8d5621438564fe9eb32bd.yaml @@ -0,0 +1,58 @@ +id: jetformbuilder-49120404cfb8d5621438564fe9eb32bd + +info: + name: > + JetFormBuilder <= 3.0.8 - Authenticated (Author+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9d58191-769c-4632-a086-4dbce9bfb6ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetformbuilder/" + google-query: inurl:"/wp-content/plugins/jetformbuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetformbuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetformbuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetformbuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetformbuilder-5af33f7a1d49eb666342cd85959401ec.yaml b/nuclei-templates/cve-less/plugins/jetformbuilder-5af33f7a1d49eb666342cd85959401ec.yaml new file mode 100644 index 0000000000..92ac12bf6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetformbuilder-5af33f7a1d49eb666342cd85959401ec.yaml @@ -0,0 +1,58 @@ +id: jetformbuilder-5af33f7a1d49eb666342cd85959401ec + +info: + name: > + JetFormBuilder <= 3.0.6 - Cross-Site Request Fogery via 'do_admin_action' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f37c4b2c-6f41-46b5-8427-b1883b39322e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetformbuilder/" + google-query: inurl:"/wp-content/plugins/jetformbuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetformbuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetformbuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetformbuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetpack-2be7d29f9bb984978a5f99c0ed30a7ed.yaml b/nuclei-templates/cve-less/plugins/jetpack-2be7d29f9bb984978a5f99c0ed30a7ed.yaml new file mode 100644 index 0000000000..e91fde6b52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetpack-2be7d29f9bb984978a5f99c0ed30a7ed.yaml @@ -0,0 +1,58 @@ +id: jetpack-2be7d29f9bb984978a5f99c0ed30a7ed + +info: + name: > + Jetpack <= 4.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2153f7e2-0d39-4784-a1f5-aa77959306a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetpack/" + google-query: inurl:"/wp-content/plugins/jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetpack,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetpack-67e0a9fec932f5d791c2a1af30baf3c7.yaml b/nuclei-templates/cve-less/plugins/jetpack-67e0a9fec932f5d791c2a1af30baf3c7.yaml new file mode 100644 index 0000000000..40cc3a7666 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetpack-67e0a9fec932f5d791c2a1af30baf3c7.yaml @@ -0,0 +1,58 @@ +id: jetpack-67e0a9fec932f5d791c2a1af30baf3c7 + +info: + name: > + Jetpack <= 12.1 - Authenticated (Author+) Arbitrary File Manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9dfca4cb-71dc-4b2d-bcf3-0ca9f88f88df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetpack/" + google-query: inurl:"/wp-content/plugins/jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 9.9', '<= 9.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetpack-8018c4071bf114403387ecc74840b848.yaml b/nuclei-templates/cve-less/plugins/jetpack-8018c4071bf114403387ecc74840b848.yaml new file mode 100644 index 0000000000..88123b5a95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetpack-8018c4071bf114403387ecc74840b848.yaml @@ -0,0 +1,58 @@ +id: jetpack-8018c4071bf114403387ecc74840b848 + +info: + name: > + Jetpack <= 12.6.2 - Improper Authorization via WPCom External Media REST endpoints + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e62fa16f-a4a1-44a7-9a66-abafd8dddf67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetpack/" + google-query: inurl:"/wp-content/plugins/jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetpack-9fc3c2f298b108af257176fa3092141b.yaml b/nuclei-templates/cve-less/plugins/jetpack-9fc3c2f298b108af257176fa3092141b.yaml new file mode 100644 index 0000000000..1bd981eb68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetpack-9fc3c2f298b108af257176fa3092141b.yaml @@ -0,0 +1,58 @@ +id: jetpack-9fc3c2f298b108af257176fa3092141b + +info: + name: > + Jetpack <= 12.8-a.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/824360ab-c797-465a-8480-baeae941af29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetpack/" + google-query: inurl:"/wp-content/plugins/jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.8-a.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetpack-aad57ee588ef69bf0761243cceff43ab.yaml b/nuclei-templates/cve-less/plugins/jetpack-aad57ee588ef69bf0761243cceff43ab.yaml new file mode 100644 index 0000000000..082765439e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetpack-aad57ee588ef69bf0761243cceff43ab.yaml @@ -0,0 +1,58 @@ +id: jetpack-aad57ee588ef69bf0761243cceff43ab + +info: + name: > + Jetpack <= 3.4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90e7951b-3834-48a3-8a40-2b6055d1b62c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetpack/" + google-query: inurl:"/wp-content/plugins/jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetpack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetpack-b0d263ca65579d9d14b154cf891cd65e.yaml b/nuclei-templates/cve-less/plugins/jetpack-b0d263ca65579d9d14b154cf891cd65e.yaml new file mode 100644 index 0000000000..4c2903c73d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetpack-b0d263ca65579d9d14b154cf891cd65e.yaml @@ -0,0 +1,58 @@ +id: jetpack-b0d263ca65579d9d14b154cf891cd65e + +info: + name: > + Jetpack <= 4.0.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91652abf-2127-40be-bcd8-4a0679707953?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetpack/" + google-query: inurl:"/wp-content/plugins/jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetpack,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetpack-b9a10340d1ee615f8f2aaccc216ca7f7.yaml b/nuclei-templates/cve-less/plugins/jetpack-b9a10340d1ee615f8f2aaccc216ca7f7.yaml new file mode 100644 index 0000000000..e8f47dadf9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetpack-b9a10340d1ee615f8f2aaccc216ca7f7.yaml @@ -0,0 +1,58 @@ +id: jetpack-b9a10340d1ee615f8f2aaccc216ca7f7 + +info: + name: > + Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92a3e622-b3b2-450e-82a7-0a942711e8c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetpack/" + google-query: inurl:"/wp-content/plugins/jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetpack-be7859a3dd693882ff3dd8991a70f093.yaml b/nuclei-templates/cve-less/plugins/jetpack-be7859a3dd693882ff3dd8991a70f093.yaml new file mode 100644 index 0000000000..cd4b08a34d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetpack-be7859a3dd693882ff3dd8991a70f093.yaml @@ -0,0 +1,58 @@ +id: jetpack-be7859a3dd693882ff3dd8991a70f093 + +info: + name: > + JetPack <= 9.7 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b4eb0a1-69ad-4e0d-9760-752ec0589314?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetpack/" + google-query: inurl:"/wp-content/plugins/jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 9.7', '< 9.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetpack-c792a1156e3fd0f41d681016940dc814.yaml b/nuclei-templates/cve-less/plugins/jetpack-c792a1156e3fd0f41d681016940dc814.yaml new file mode 100644 index 0000000000..b68e6b38ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetpack-c792a1156e3fd0f41d681016940dc814.yaml @@ -0,0 +1,58 @@ +id: jetpack-c792a1156e3fd0f41d681016940dc814 + +info: + name: > + Jetpack < 2.9.3 - Security Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8650a2e-346f-45fb-b5f5-ee99a470b2fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetpack/" + google-query: inurl:"/wp-content/plugins/jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.9', '<= 2.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-47cacf238b136edb1857adcd228879bf.yaml b/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-47cacf238b136edb1857adcd228879bf.yaml new file mode 100644 index 0000000000..6df976fb6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-47cacf238b136edb1857adcd228879bf.yaml @@ -0,0 +1,58 @@ +id: jetwidgets-for-elementor-47cacf238b136edb1857adcd228879bf + +info: + name: > + JetWidgets for Elementor <= 1.0.12 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8de3d3c7-bde2-4455-8d60-20307f0a53ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetwidgets-for-elementor/" + google-query: inurl:"/wp-content/plugins/jetwidgets-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetwidgets-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetwidgets-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-600dd698b59252da2334c219e30a3a4b.yaml b/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-600dd698b59252da2334c219e30a3a4b.yaml new file mode 100644 index 0000000000..40eab0a9e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-600dd698b59252da2334c219e30a3a4b.yaml @@ -0,0 +1,58 @@ +id: jetwidgets-for-elementor-600dd698b59252da2334c219e30a3a4b + +info: + name: > + JetWidgets For Elementor <= 1.0.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Widget Button URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a02f0a23-0b2b-4e16-9f6d-ec6302a0d23b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetwidgets-for-elementor/" + google-query: inurl:"/wp-content/plugins/jetwidgets-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetwidgets-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetwidgets-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-93b41408a78e1823934fe3d9ee7379d0.yaml b/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-93b41408a78e1823934fe3d9ee7379d0.yaml new file mode 100644 index 0000000000..d2568b3950 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-93b41408a78e1823934fe3d9ee7379d0.yaml @@ -0,0 +1,58 @@ +id: jetwidgets-for-elementor-93b41408a78e1823934fe3d9ee7379d0 + +info: + name: > + JetWidgets For Elementor <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Box Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f807b605-68a8-4340-a275-776eac0936fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetwidgets-for-elementor/" + google-query: inurl:"/wp-content/plugins/jetwidgets-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetwidgets-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetwidgets-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-c3fb6f2c99d4c5f13096c4775a849201.yaml b/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-c3fb6f2c99d4c5f13096c4775a849201.yaml new file mode 100644 index 0000000000..23c9a1ff19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-c3fb6f2c99d4c5f13096c4775a849201.yaml @@ -0,0 +1,58 @@ +id: jetwidgets-for-elementor-c3fb6f2c99d4c5f13096c4775a849201 + +info: + name: > + JetWidgets For Elementor <= 1.0.8 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21b8fcfe-bdae-414a-a0d2-f20bfd604037?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetwidgets-for-elementor/" + google-query: inurl:"/wp-content/plugins/jetwidgets-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetwidgets-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetwidgets-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-d9a90b73211e016b68ca1b3072e7a420.yaml b/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-d9a90b73211e016b68ca1b3072e7a420.yaml new file mode 100644 index 0000000000..7a144016b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jetwidgets-for-elementor-d9a90b73211e016b68ca1b3072e7a420.yaml @@ -0,0 +1,58 @@ +id: jetwidgets-for-elementor-d9a90b73211e016b68ca1b3072e7a420 + +info: + name: > + JetWidgets For Elementor <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/934db08b-7dde-43bf-848b-48fba38ef195?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jetwidgets-for-elementor/" + google-query: inurl:"/wp-content/plugins/jetwidgets-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jetwidgets-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jetwidgets-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jetwidgets-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jh-404-logger-df91ebe73a45ac966511f7792447be75.yaml b/nuclei-templates/cve-less/plugins/jh-404-logger-df91ebe73a45ac966511f7792447be75.yaml new file mode 100644 index 0000000000..685a5aac4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jh-404-logger-df91ebe73a45ac966511f7792447be75.yaml @@ -0,0 +1,58 @@ +id: jh-404-logger-df91ebe73a45ac966511f7792447be75 + +info: + name: > + JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eea754db-495a-4518-840e-0eeeeb1c31b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jh-404-logger/" + google-query: inurl:"/wp-content/plugins/jh-404-logger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jh-404-logger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jh-404-logger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jh-404-logger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jiangqie-official-website-mini-program-f73561aa7a756a9f3e5287e2a9bf11ee.yaml b/nuclei-templates/cve-less/plugins/jiangqie-official-website-mini-program-f73561aa7a756a9f3e5287e2a9bf11ee.yaml new file mode 100644 index 0000000000..442a62b3a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jiangqie-official-website-mini-program-f73561aa7a756a9f3e5287e2a9bf11ee.yaml @@ -0,0 +1,58 @@ +id: jiangqie-official-website-mini-program-f73561aa7a756a9f3e5287e2a9bf11ee + +info: + name: > + JiangQie Official Website Mini Program < 1.1.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5572fea7-a8d5-457d-88fc-57051b35aa11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jiangqie-official-website-mini-program/" + google-query: inurl:"/wp-content/plugins/jiangqie-official-website-mini-program/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jiangqie-official-website-mini-program,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jiangqie-official-website-mini-program/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jiangqie-official-website-mini-program" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jibu-pro-1318af711c3fe0fec9bc7d351421ab5e.yaml b/nuclei-templates/cve-less/plugins/jibu-pro-1318af711c3fe0fec9bc7d351421ab5e.yaml new file mode 100644 index 0000000000..9d53ffd071 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jibu-pro-1318af711c3fe0fec9bc7d351421ab5e.yaml @@ -0,0 +1,58 @@ +id: jibu-pro-1318af711c3fe0fec9bc7d351421ab5e + +info: + name: > + Jibu Pro <= 1.7 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb823899-e90d-4857-9f72-aa7fe60aaca2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jibu-pro/" + google-query: inurl:"/wp-content/plugins/jibu-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jibu-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jibu-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jibu-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jivochat-557dc76e2c2294cd33c5721f9ecf01e7.yaml b/nuclei-templates/cve-less/plugins/jivochat-557dc76e2c2294cd33c5721f9ecf01e7.yaml new file mode 100644 index 0000000000..e043991cbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jivochat-557dc76e2c2294cd33c5721f9ecf01e7.yaml @@ -0,0 +1,58 @@ +id: jivochat-557dc76e2c2294cd33c5721f9ecf01e7 + +info: + name: > + JivoChat Live Chat – WP live chat plugin for WordPress <= 1.3.5.3 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/034e77ef-fb3f-4e62-be1b-c56c454c5ba8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jivochat/" + google-query: inurl:"/wp-content/plugins/jivochat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jivochat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jivochat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jivochat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jm-twitter-cards-9ece1f8354a7e11befbd20ae11f9cc95.yaml b/nuclei-templates/cve-less/plugins/jm-twitter-cards-9ece1f8354a7e11befbd20ae11f9cc95.yaml new file mode 100644 index 0000000000..9f8079951f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jm-twitter-cards-9ece1f8354a7e11befbd20ae11f9cc95.yaml @@ -0,0 +1,58 @@ +id: jm-twitter-cards-9ece1f8354a7e11befbd20ae11f9cc95 + +info: + name: > + JM Twitter Cards <= 14 - Information Exposure via Meta Description + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b48e5973-6923-47cc-a660-ecc989f540f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jm-twitter-cards/" + google-query: inurl:"/wp-content/plugins/jm-twitter-cards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jm-twitter-cards,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jm-twitter-cards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jm-twitter-cards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-board-08107665cefdd5cc4f288c7614f8ef39.yaml b/nuclei-templates/cve-less/plugins/job-board-08107665cefdd5cc4f288c7614f8ef39.yaml new file mode 100644 index 0000000000..e3c13261f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-board-08107665cefdd5cc4f288c7614f8ef39.yaml @@ -0,0 +1,58 @@ +id: job-board-08107665cefdd5cc4f288c7614f8ef39 + +info: + name: > + Job Board by BestWebSoft <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa2bb0c0-e412-4e78-a7b5-4517f1c15481?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-board/" + google-query: inurl:"/wp-content/plugins/job-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-board,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-board-vanilla-4b6c5be1fe7b22ce9d31baa1ab6b6513.yaml b/nuclei-templates/cve-less/plugins/job-board-vanilla-4b6c5be1fe7b22ce9d31baa1ab6b6513.yaml new file mode 100644 index 0000000000..4efdd1b710 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-board-vanilla-4b6c5be1fe7b22ce9d31baa1ab6b6513.yaml @@ -0,0 +1,58 @@ +id: job-board-vanilla-4b6c5be1fe7b22ce9d31baa1ab6b6513 + +info: + name: > + Job Board Vanila Plugin <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb290fa8-206e-44c6-9107-8a896225664c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-board-vanilla/" + google-query: inurl:"/wp-content/plugins/job-board-vanilla/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-board-vanilla,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-board-vanilla/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-board-vanilla" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-manager-10474b54f82207cb48d47efc5316fa08.yaml b/nuclei-templates/cve-less/plugins/job-manager-10474b54f82207cb48d47efc5316fa08.yaml new file mode 100644 index 0000000000..c56e372e37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-manager-10474b54f82207cb48d47efc5316fa08.yaml @@ -0,0 +1,58 @@ +id: job-manager-10474b54f82207cb48d47efc5316fa08 + +info: + name: > + Job Manager <= 0.7.25 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6e47659-90d9-4990-a19d-3954d65417df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-manager/" + google-query: inurl:"/wp-content/plugins/job-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-manager-21f007f5ea27a69827ebd1e3bdac836f.yaml b/nuclei-templates/cve-less/plugins/job-manager-21f007f5ea27a69827ebd1e3bdac836f.yaml new file mode 100644 index 0000000000..293db8f7a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-manager-21f007f5ea27a69827ebd1e3bdac836f.yaml @@ -0,0 +1,58 @@ +id: job-manager-21f007f5ea27a69827ebd1e3bdac836f + +info: + name: > + Job Manager - < 0.7.23 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c107e4c-1ba5-4c22-ad56-bd03342a3418?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-manager/" + google-query: inurl:"/wp-content/plugins/job-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.7.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-manager-72d88d4156b62bb9e1abe8555a4604f1.yaml b/nuclei-templates/cve-less/plugins/job-manager-72d88d4156b62bb9e1abe8555a4604f1.yaml new file mode 100644 index 0000000000..2465005ffb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-manager-72d88d4156b62bb9e1abe8555a4604f1.yaml @@ -0,0 +1,58 @@ +id: job-manager-72d88d4156b62bb9e1abe8555a4604f1 + +info: + name: > + Job Manager <= 0.7.18 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b1771f2-6741-410d-9544-4178a0b962eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-manager/" + google-query: inurl:"/wp-content/plugins/job-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-manager-93a7a8515ae48a00a314691190815e8e.yaml b/nuclei-templates/cve-less/plugins/job-manager-93a7a8515ae48a00a314691190815e8e.yaml new file mode 100644 index 0000000000..66321b2598 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-manager-93a7a8515ae48a00a314691190815e8e.yaml @@ -0,0 +1,58 @@ +id: job-manager-93a7a8515ae48a00a314691190815e8e + +info: + name: > + Job Manager <= 0.7.25 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fec590e7-c15e-4063-892a-a945333d848e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-manager/" + google-query: inurl:"/wp-content/plugins/job-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-manager-career-02ae5a0409f3bbd65473e557e495c850.yaml b/nuclei-templates/cve-less/plugins/job-manager-career-02ae5a0409f3bbd65473e557e495c850.yaml new file mode 100644 index 0000000000..7e98fec9f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-manager-career-02ae5a0409f3bbd65473e557e495c850.yaml @@ -0,0 +1,58 @@ +id: job-manager-career-02ae5a0409f3bbd65473e557e495c850 + +info: + name: > + Job Manager & Career <= 1.4.3 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c66bc0b1-c157-4c05-ae9d-0927863c6b95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-manager-career/" + google-query: inurl:"/wp-content/plugins/job-manager-career/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-manager-career,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-manager-career/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-manager-career" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-manager-career-27d8b6ae177490f4dc5980ca233d4dfe.yaml b/nuclei-templates/cve-less/plugins/job-manager-career-27d8b6ae177490f4dc5980ca233d4dfe.yaml new file mode 100644 index 0000000000..d5ed25256b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-manager-career-27d8b6ae177490f4dc5980ca233d4dfe.yaml @@ -0,0 +1,58 @@ +id: job-manager-career-27d8b6ae177490f4dc5980ca233d4dfe + +info: + name: > + Job Manager & Career – Manage job board listings, and recruitments <= 1.4.4 - Cross-Site Request Forgery to PHP Object Injection + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8558cd96-3b2a-4282-950b-6d9753698291?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-manager-career/" + google-query: inurl:"/wp-content/plugins/job-manager-career/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-manager-career,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-manager-career/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-manager-career" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-portal-c57a50def1ef305a4e8acb9063bb5142.yaml b/nuclei-templates/cve-less/plugins/job-portal-c57a50def1ef305a4e8acb9063bb5142.yaml new file mode 100644 index 0000000000..effb879fec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-portal-c57a50def1ef305a4e8acb9063bb5142.yaml @@ -0,0 +1,58 @@ +id: job-portal-c57a50def1ef305a4e8acb9063bb5142 + +info: + name: > + job-portal <= 0.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcd12bf2-0fbe-4c9e-b6f7-43c10798eadc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-portal/" + google-query: inurl:"/wp-content/plugins/job-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-portal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-postings-654c8b4c06cccd2b893fe7f42cd13fff.yaml b/nuclei-templates/cve-less/plugins/job-postings-654c8b4c06cccd2b893fe7f42cd13fff.yaml new file mode 100644 index 0000000000..0eb4f2d471 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-postings-654c8b4c06cccd2b893fe7f42cd13fff.yaml @@ -0,0 +1,58 @@ +id: job-postings-654c8b4c06cccd2b893fe7f42cd13fff + +info: + name: > + Jobs for WordPress <= 2.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37c18340-d7aa-4410-be17-c61c286838ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-postings/" + google-query: inurl:"/wp-content/plugins/job-postings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-postings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-postings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-postings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-postings-d91c4b972affa20bd870d04861c77d26.yaml b/nuclei-templates/cve-less/plugins/job-postings-d91c4b972affa20bd870d04861c77d26.yaml new file mode 100644 index 0000000000..8334d60ddd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-postings-d91c4b972affa20bd870d04861c77d26.yaml @@ -0,0 +1,58 @@ +id: job-postings-d91c4b972affa20bd870d04861c77d26 + +info: + name: > + Jobs for WordPress <= 2.7.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fe412b3-038b-4cc7-88e9-d30f719273ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-postings/" + google-query: inurl:"/wp-content/plugins/job-postings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-postings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-postings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-postings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-postings-da0336a411f4f619331fc9d86a24bec5.yaml b/nuclei-templates/cve-less/plugins/job-postings-da0336a411f4f619331fc9d86a24bec5.yaml new file mode 100644 index 0000000000..7fa48e37f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-postings-da0336a411f4f619331fc9d86a24bec5.yaml @@ -0,0 +1,58 @@ +id: job-postings-da0336a411f4f619331fc9d86a24bec5 + +info: + name: > + Jobs for WordPress <= 2.5.10.2 - Authenticated (Author+) Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e730114e-bbe1-4385-84cc-a5484acc9da7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-postings/" + google-query: inurl:"/wp-content/plugins/job-postings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-postings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-postings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-postings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-postings-fe45354b8faab4200224637d8bf8497c.yaml b/nuclei-templates/cve-less/plugins/job-postings-fe45354b8faab4200224637d8bf8497c.yaml new file mode 100644 index 0000000000..be96cdddb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-postings-fe45354b8faab4200224637d8bf8497c.yaml @@ -0,0 +1,58 @@ +id: job-postings-fe45354b8faab4200224637d8bf8497c + +info: + name: > + Jobs for WordPress <= 2.7.5 - Reflected Cross-Site Scripting via job-search + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6710f53-34fe-4549-9e1a-7826be74c912?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-postings/" + google-query: inurl:"/wp-content/plugins/job-postings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-postings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-postings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-postings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/job-postings-fe5cb5dd50547aaa395139fc837a5f8f.yaml b/nuclei-templates/cve-less/plugins/job-postings-fe5cb5dd50547aaa395139fc837a5f8f.yaml new file mode 100644 index 0000000000..52525b8f56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/job-postings-fe5cb5dd50547aaa395139fc837a5f8f.yaml @@ -0,0 +1,58 @@ +id: job-postings-fe5cb5dd50547aaa395139fc837a5f8f + +info: + name: > + Jobs for WordPress <= 2.5.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30c34ea7-3df8-4ba8-bea8-4c785b23a4f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/job-postings/" + google-query: inurl:"/wp-content/plugins/job-postings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,job-postings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/job-postings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "job-postings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jobboardwp-bd931f434035df45531eaa63d35d55b4.yaml b/nuclei-templates/cve-less/plugins/jobboardwp-bd931f434035df45531eaa63d35d55b4.yaml new file mode 100644 index 0000000000..85d96c8ab8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jobboardwp-bd931f434035df45531eaa63d35d55b4.yaml @@ -0,0 +1,58 @@ +id: jobboardwp-bd931f434035df45531eaa63d35d55b4 + +info: + name: > + JobBoardWP <= 1.2.2 - Missing Authorization to Job Posting Manipulation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50cc1a15-bb73-4c60-b610-e0c3bf1ef841?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jobboardwp/" + google-query: inurl:"/wp-content/plugins/jobboardwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jobboardwp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jobboardwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jobboardwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jobboardwp-dbbebd9fd091a5f8a7900f65f6287602.yaml b/nuclei-templates/cve-less/plugins/jobboardwp-dbbebd9fd091a5f8a7900f65f6287602.yaml new file mode 100644 index 0000000000..c94a1ca91a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jobboardwp-dbbebd9fd091a5f8a7900f65f6287602.yaml @@ -0,0 +1,58 @@ +id: jobboardwp-dbbebd9fd091a5f8a7900f65f6287602 + +info: + name: > + JobBoardWP – Job Board Listings and Submissions <= 1.0.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b2e61aa-617b-450e-8859-50b1012fc0c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jobboardwp/" + google-query: inurl:"/wp-content/plugins/jobboardwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jobboardwp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jobboardwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jobboardwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jobboardwp-f86d763fc59c0d8f05b12bd8ecb8244c.yaml b/nuclei-templates/cve-less/plugins/jobboardwp-f86d763fc59c0d8f05b12bd8ecb8244c.yaml new file mode 100644 index 0000000000..6aa5b067ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jobboardwp-f86d763fc59c0d8f05b12bd8ecb8244c.yaml @@ -0,0 +1,58 @@ +id: jobboardwp-f86d763fc59c0d8f05b12bd8ecb8244c + +info: + name: > + JobBoardWP <= 1.2.1 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f816a32a-3c4d-447e-86a3-942b5e636cce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jobboardwp/" + google-query: inurl:"/wp-content/plugins/jobboardwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jobboardwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jobboardwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jobboardwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jobcareer-8605cf70b09f39b80921d3235eaa5a54.yaml b/nuclei-templates/cve-less/plugins/jobcareer-8605cf70b09f39b80921d3235eaa5a54.yaml new file mode 100644 index 0000000000..3fc4919c1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jobcareer-8605cf70b09f39b80921d3235eaa5a54.yaml @@ -0,0 +1,58 @@ +id: jobcareer-8605cf70b09f39b80921d3235eaa5a54 + +info: + name: > + JobCareer | Job Board Responsive WordPress Theme < 2.4 - User Enumeration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3c515e2-dc69-4686-b60f-413542bf2118?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jobcareer/" + google-query: inurl:"/wp-content/plugins/jobcareer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jobcareer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jobcareer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jobcareer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jobcareer-8b266025d0f3695c542ad07de2e9b34c.yaml b/nuclei-templates/cve-less/plugins/jobcareer-8b266025d0f3695c542ad07de2e9b34c.yaml new file mode 100644 index 0000000000..3aac306a5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jobcareer-8b266025d0f3695c542ad07de2e9b34c.yaml @@ -0,0 +1,58 @@ +id: jobcareer-8b266025d0f3695c542ad07de2e9b34c + +info: + name: > + JobCareer | Job Board Responsive WordPress Theme < 2.4 - Unauthenticated Arbitrary Password Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acbea2eb-fa87-4117-b347-049c819599c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jobcareer/" + google-query: inurl:"/wp-content/plugins/jobcareer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jobcareer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jobcareer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jobcareer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jobcareer-b9eb31c713b27c04fd47230e22de33c0.yaml b/nuclei-templates/cve-less/plugins/jobcareer-b9eb31c713b27c04fd47230e22de33c0.yaml new file mode 100644 index 0000000000..1f735be546 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jobcareer-b9eb31c713b27c04fd47230e22de33c0.yaml @@ -0,0 +1,58 @@ +id: jobcareer-b9eb31c713b27c04fd47230e22de33c0 + +info: + name: > + JobCareer | Job Board Responsive WordPress Theme <= 2.5.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebb275e9-3a5b-421e-b857-95880ebe000d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jobcareer/" + google-query: inurl:"/wp-content/plugins/jobcareer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jobcareer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jobcareer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jobcareer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jobwp-5aa8b17a95e784f5419ee88ce9b3c1f5.yaml b/nuclei-templates/cve-less/plugins/jobwp-5aa8b17a95e784f5419ee88ce9b3c1f5.yaml new file mode 100644 index 0000000000..600754f10c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jobwp-5aa8b17a95e784f5419ee88ce9b3c1f5.yaml @@ -0,0 +1,58 @@ +id: jobwp-5aa8b17a95e784f5419ee88ce9b3c1f5 + +info: + name: > + WordPress Job Board and Recruitment Plugin – JobWP <= 2.1 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c73dbc40-ba54-4836-9bb1-a35f95d5a077?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jobwp/" + google-query: inurl:"/wp-content/plugins/jobwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jobwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jobwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jobwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jobwp-dd54b2279f8b3539fee1aca11b3b21e1.yaml b/nuclei-templates/cve-less/plugins/jobwp-dd54b2279f8b3539fee1aca11b3b21e1.yaml new file mode 100644 index 0000000000..1b5fa7db38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jobwp-dd54b2279f8b3539fee1aca11b3b21e1.yaml @@ -0,0 +1,58 @@ +id: jobwp-dd54b2279f8b3539fee1aca11b3b21e1 + +info: + name: > + WordPress Job Board and Recruitment Plugin – JobWP <= 2.0 - Arbitrary File Upload via 'jobwp_upload_resume' + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88f4c567-eb57-4f98-afdc-65f8863b90c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jobwp/" + google-query: inurl:"/wp-content/plugins/jobwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jobwp,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jobwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jobwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/joli-faq-seo-cca32e49d162555543a6de6d18516ab9.yaml b/nuclei-templates/cve-less/plugins/joli-faq-seo-cca32e49d162555543a6de6d18516ab9.yaml new file mode 100644 index 0000000000..0e6f8b92a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/joli-faq-seo-cca32e49d162555543a6de6d18516ab9.yaml @@ -0,0 +1,58 @@ +id: joli-faq-seo-cca32e49d162555543a6de6d18516ab9 + +info: + name: > + Joli FAQ SEO – WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c45b6163-7ebf-4f18-afd6-735d02d9170d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/joli-faq-seo/" + google-query: inurl:"/wp-content/plugins/joli-faq-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,joli-faq-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joli-faq-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joli-faq-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/joli-table-of-contents-01876089e61a6c3ae9cebc874b7fb7a5.yaml b/nuclei-templates/cve-less/plugins/joli-table-of-contents-01876089e61a6c3ae9cebc874b7fb7a5.yaml new file mode 100644 index 0000000000..dcded884b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/joli-table-of-contents-01876089e61a6c3ae9cebc874b7fb7a5.yaml @@ -0,0 +1,58 @@ +id: joli-table-of-contents-01876089e61a6c3ae9cebc874b7fb7a5 + +info: + name: > + Joli Table of Contents <= 1.3.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3a83683-c159-4af1-b3ba-881a107d9ad6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/joli-table-of-contents/" + google-query: inurl:"/wp-content/plugins/joli-table-of-contents/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,joli-table-of-contents,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joli-table-of-contents/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joli-table-of-contents" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jonradio-private-site-584f7ea1f5eb53a996f78e6bd4374fc9.yaml b/nuclei-templates/cve-less/plugins/jonradio-private-site-584f7ea1f5eb53a996f78e6bd4374fc9.yaml new file mode 100644 index 0000000000..aeda75b4d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jonradio-private-site-584f7ea1f5eb53a996f78e6bd4374fc9.yaml @@ -0,0 +1,58 @@ +id: jonradio-private-site-584f7ea1f5eb53a996f78e6bd4374fc9 + +info: + name: > + My Private Site <= 3.0.14 - Improper Access Control to Sensitive Information Exposure via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/970bc71c-7d0a-4761-874a-379cda71418e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jonradio-private-site/" + google-query: inurl:"/wp-content/plugins/jonradio-private-site/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jonradio-private-site,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jonradio-private-site/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jonradio-private-site" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jonradio-private-site-a1936a4a25a96962401af7be405882a8.yaml b/nuclei-templates/cve-less/plugins/jonradio-private-site-a1936a4a25a96962401af7be405882a8.yaml new file mode 100644 index 0000000000..8aad37ba0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jonradio-private-site-a1936a4a25a96962401af7be405882a8.yaml @@ -0,0 +1,58 @@ +id: jonradio-private-site-a1936a4a25a96962401af7be405882a8 + +info: + name: > + My Private Site <= 3.0.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1900941d-cbb6-4384-977e-6c40f65b2789?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jonradio-private-site/" + google-query: inurl:"/wp-content/plugins/jonradio-private-site/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jonradio-private-site,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jonradio-private-site/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jonradio-private-site" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/joomdev-wp-pros-cons-fcb752a84e136c08d10cbe281ed9acb9.yaml b/nuclei-templates/cve-less/plugins/joomdev-wp-pros-cons-fcb752a84e136c08d10cbe281ed9acb9.yaml new file mode 100644 index 0000000000..2b44a5d014 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/joomdev-wp-pros-cons-fcb752a84e136c08d10cbe281ed9acb9.yaml @@ -0,0 +1,58 @@ +id: joomdev-wp-pros-cons-fcb752a84e136c08d10cbe281ed9acb9 + +info: + name: > + Mighty Classic Pros And Cons <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3316ea0d-4311-4363-b443-b4aeedb2ee36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/joomdev-wp-pros-cons/" + google-query: inurl:"/wp-content/plugins/joomdev-wp-pros-cons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,joomdev-wp-pros-cons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joomdev-wp-pros-cons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joomdev-wp-pros-cons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-00536c9d692bf537f783adb6446f271d.yaml b/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-00536c9d692bf537f783adb6446f271d.yaml new file mode 100644 index 0000000000..945bf3651f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-00536c9d692bf537f783adb6446f271d.yaml @@ -0,0 +1,58 @@ +id: joomsport-sports-league-results-management-00536c9d692bf537f783adb6446f271d + +info: + name: > + JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.1.7 - Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5400ec0-383b-4ac5-9b38-44533519e44d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/joomsport-sports-league-results-management/" + google-query: inurl:"/wp-content/plugins/joomsport-sports-league-results-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,joomsport-sports-league-results-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joomsport-sports-league-results-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joomsport-sports-league-results-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-072c39710eb7dbfbeb82cc60cf47874f.yaml b/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-072c39710eb7dbfbeb82cc60cf47874f.yaml new file mode 100644 index 0000000000..1d01d884ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-072c39710eb7dbfbeb82cc60cf47874f.yaml @@ -0,0 +1,58 @@ +id: joomsport-sports-league-results-management-072c39710eb7dbfbeb82cc60cf47874f + +info: + name: > + JoomSport – for Sports: Team & League, Football, Hockey & more < 3.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31ca2de5-d63c-4ff8-9963-b96213d17cd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/joomsport-sports-league-results-management/" + google-query: inurl:"/wp-content/plugins/joomsport-sports-league-results-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,joomsport-sports-league-results-management,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joomsport-sports-league-results-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joomsport-sports-league-results-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-14278d198b70b2e64cd570f29581f83a.yaml b/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-14278d198b70b2e64cd570f29581f83a.yaml new file mode 100644 index 0000000000..ed3ea97acb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-14278d198b70b2e64cd570f29581f83a.yaml @@ -0,0 +1,58 @@ +id: joomsport-sports-league-results-management-14278d198b70b2e64cd570f29581f83a + +info: + name: > + JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authenticated (Admin+) SQL Injection via orderby + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9eee9bec-609a-468b-8b44-ac4af409df93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/joomsport-sports-league-results-management/" + google-query: inurl:"/wp-content/plugins/joomsport-sports-league-results-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,joomsport-sports-league-results-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joomsport-sports-league-results-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joomsport-sports-league-results-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-16ee5e237a73d66076fd3bc3cb313106.yaml b/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-16ee5e237a73d66076fd3bc3cb313106.yaml new file mode 100644 index 0000000000..d6da94956b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-16ee5e237a73d66076fd3bc3cb313106.yaml @@ -0,0 +1,58 @@ +id: joomsport-sports-league-results-management-16ee5e237a73d66076fd3bc3cb313106 + +info: + name: > + JoomSport <= 5.2.7 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f202cc3-ab74-4abb-9eed-b4caf9fccb71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/joomsport-sports-league-results-management/" + google-query: inurl:"/wp-content/plugins/joomsport-sports-league-results-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,joomsport-sports-league-results-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joomsport-sports-league-results-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joomsport-sports-league-results-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-dbd794ea76909c06feaaa4b067d9c221.yaml b/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-dbd794ea76909c06feaaa4b067d9c221.yaml new file mode 100644 index 0000000000..bb5c48d4cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/joomsport-sports-league-results-management-dbd794ea76909c06feaaa4b067d9c221.yaml @@ -0,0 +1,58 @@ +id: joomsport-sports-league-results-management-dbd794ea76909c06feaaa4b067d9c221 + +info: + name: > + JoomSport – for Sports: Team & League, Football, Hockey & more <= 5.2.5 - Authentciated (Admin+) SQL Injection via orderby + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b6cf4ab-9e4d-4fd7-9e9e-c678ccc4d810?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/joomsport-sports-league-results-management/" + google-query: inurl:"/wp-content/plugins/joomsport-sports-league-results-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,joomsport-sports-league-results-management,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joomsport-sports-league-results-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joomsport-sports-league-results-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/joy-of-text-7d7e63bacfe422d65219ef49f5f2b1e7.yaml b/nuclei-templates/cve-less/plugins/joy-of-text-7d7e63bacfe422d65219ef49f5f2b1e7.yaml new file mode 100644 index 0000000000..e3bc2339c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/joy-of-text-7d7e63bacfe422d65219ef49f5f2b1e7.yaml @@ -0,0 +1,58 @@ +id: joy-of-text-7d7e63bacfe422d65219ef49f5f2b1e7 + +info: + name: > + Joy Of Text Lite – SMS messaging for WordPress <= 2.3.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb11ad61-4ee7-45d2-a8e4-388f86bf4a0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/joy-of-text/" + google-query: inurl:"/wp-content/plugins/joy-of-text/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,joy-of-text,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/joy-of-text/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "joy-of-text" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jp-staticpagex-e67b32cb7aae592e15f89a10718ce09e.yaml b/nuclei-templates/cve-less/plugins/jp-staticpagex-e67b32cb7aae592e15f89a10718ce09e.yaml new file mode 100644 index 0000000000..52760407a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jp-staticpagex-e67b32cb7aae592e15f89a10718ce09e.yaml @@ -0,0 +1,58 @@ +id: jp-staticpagex-e67b32cb7aae592e15f89a10718ce09e + +info: + name: > + Static Page eXtended <= 2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a83def40-27fa-4141-bebf-f86944e4c618?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jp-staticpagex/" + google-query: inurl:"/wp-content/plugins/jp-staticpagex/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jp-staticpagex,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jp-staticpagex/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jp-staticpagex" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jquery-accordion-slideshow-08b8cede6b6ee0e0f3a91f475dfd1447.yaml b/nuclei-templates/cve-less/plugins/jquery-accordion-slideshow-08b8cede6b6ee0e0f3a91f475dfd1447.yaml new file mode 100644 index 0000000000..c9859bf58f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jquery-accordion-slideshow-08b8cede6b6ee0e0f3a91f475dfd1447.yaml @@ -0,0 +1,58 @@ +id: jquery-accordion-slideshow-08b8cede6b6ee0e0f3a91f475dfd1447 + +info: + name: > + Jquery accordion slideshow <= 8.1 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0531ca34-5d7b-4071-a1aa-934f14b87728?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jquery-accordion-slideshow/" + google-query: inurl:"/wp-content/plugins/jquery-accordion-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jquery-accordion-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jquery-accordion-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jquery-accordion-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jquery-collapse-o-matic-4783eb0d865a9f683c0f42594f272a3d.yaml b/nuclei-templates/cve-less/plugins/jquery-collapse-o-matic-4783eb0d865a9f683c0f42594f272a3d.yaml new file mode 100644 index 0000000000..419e3620b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jquery-collapse-o-matic-4783eb0d865a9f683c0f42594f272a3d.yaml @@ -0,0 +1,58 @@ +id: jquery-collapse-o-matic-4783eb0d865a9f683c0f42594f272a3d + +info: + name: > + Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa85abba-e13f-42cd-8f13-432ed375fb37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jquery-collapse-o-matic/" + google-query: inurl:"/wp-content/plugins/jquery-collapse-o-matic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jquery-collapse-o-matic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jquery-collapse-o-matic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jquery-collapse-o-matic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jquery-collapse-o-matic-934106ff95d7bc443b715a08222f1f73.yaml b/nuclei-templates/cve-less/plugins/jquery-collapse-o-matic-934106ff95d7bc443b715a08222f1f73.yaml new file mode 100644 index 0000000000..010e63475a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jquery-collapse-o-matic-934106ff95d7bc443b715a08222f1f73.yaml @@ -0,0 +1,58 @@ +id: jquery-collapse-o-matic-934106ff95d7bc443b715a08222f1f73 + +info: + name: > + Collapse-O-Matic <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/099af779-ab6f-4fad-a4a9-832e5a892fdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jquery-collapse-o-matic/" + google-query: inurl:"/wp-content/plugins/jquery-collapse-o-matic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jquery-collapse-o-matic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jquery-collapse-o-matic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jquery-collapse-o-matic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jquery-collapse-o-matic-fd0ae4740c5dfc4422b8f4b3f77edf83.yaml b/nuclei-templates/cve-less/plugins/jquery-collapse-o-matic-fd0ae4740c5dfc4422b8f4b3f77edf83.yaml new file mode 100644 index 0000000000..a5a428a97a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jquery-collapse-o-matic-fd0ae4740c5dfc4422b8f4b3f77edf83.yaml @@ -0,0 +1,58 @@ +id: jquery-collapse-o-matic-fd0ae4740c5dfc4422b8f4b3f77edf83 + +info: + name: > + Collapse-O-Matic <= 1.8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea23bcc2-ce71-4f16-85f3-11276deb659f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jquery-collapse-o-matic/" + google-query: inurl:"/wp-content/plugins/jquery-collapse-o-matic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jquery-collapse-o-matic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jquery-collapse-o-matic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jquery-collapse-o-matic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jquery-news-ticker-179abbcb3a9b789dc00b8e0d8f532b6a.yaml b/nuclei-templates/cve-less/plugins/jquery-news-ticker-179abbcb3a9b789dc00b8e0d8f532b6a.yaml new file mode 100644 index 0000000000..56bbec015c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jquery-news-ticker-179abbcb3a9b789dc00b8e0d8f532b6a.yaml @@ -0,0 +1,58 @@ +id: jquery-news-ticker-179abbcb3a9b789dc00b8e0d8f532b6a + +info: + name: > + Jquery news ticker <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d22d9414-2df9-4528-a426-dce6e83f8d44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jquery-news-ticker/" + google-query: inurl:"/wp-content/plugins/jquery-news-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jquery-news-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jquery-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jquery-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jquery-news-ticker-ec203a9e69230c2878eb1812f2101d77.yaml b/nuclei-templates/cve-less/plugins/jquery-news-ticker-ec203a9e69230c2878eb1812f2101d77.yaml new file mode 100644 index 0000000000..a511254ee9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jquery-news-ticker-ec203a9e69230c2878eb1812f2101d77.yaml @@ -0,0 +1,58 @@ +id: jquery-news-ticker-ec203a9e69230c2878eb1812f2101d77 + +info: + name: > + Jquery news ticker <= 3.0 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b7f8739-7f40-40a7-952e-002ea3b82ac7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jquery-news-ticker/" + google-query: inurl:"/wp-content/plugins/jquery-news-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jquery-news-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jquery-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jquery-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jquery-reply-to-comment-4ce88d432edfef73000dd57a527803fa.yaml b/nuclei-templates/cve-less/plugins/jquery-reply-to-comment-4ce88d432edfef73000dd57a527803fa.yaml new file mode 100644 index 0000000000..b4792f1d2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jquery-reply-to-comment-4ce88d432edfef73000dd57a527803fa.yaml @@ -0,0 +1,58 @@ +id: jquery-reply-to-comment-4ce88d432edfef73000dd57a527803fa + +info: + name: > + jQuery Reply to Comment <= 1.31 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a18089d8-32f1-4827-af14-c45055892fb2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jquery-reply-to-comment/" + google-query: inurl:"/wp-content/plugins/jquery-reply-to-comment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jquery-reply-to-comment,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jquery-reply-to-comment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jquery-reply-to-comment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jquery-t-countdown-widget-cf29ff4800b24e4ea96e524c408240d8.yaml b/nuclei-templates/cve-less/plugins/jquery-t-countdown-widget-cf29ff4800b24e4ea96e524c408240d8.yaml new file mode 100644 index 0000000000..f750e85bc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jquery-t-countdown-widget-cf29ff4800b24e4ea96e524c408240d8.yaml @@ -0,0 +1,58 @@ +id: jquery-t-countdown-widget-cf29ff4800b24e4ea96e524c408240d8 + +info: + name: > + jQuery T(-) Countdown Widget <= 2.3.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b493316-511d-479f-b65c-c04ecd17171f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jquery-t-countdown-widget/" + google-query: inurl:"/wp-content/plugins/jquery-t-countdown-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jquery-t-countdown-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jquery-t-countdown-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jquery-t-countdown-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jquery-tagline-rotator-eab9e4fbf9582fd0da43dce31000dce5.yaml b/nuclei-templates/cve-less/plugins/jquery-tagline-rotator-eab9e4fbf9582fd0da43dce31000dce5.yaml new file mode 100644 index 0000000000..4bc749e746 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jquery-tagline-rotator-eab9e4fbf9582fd0da43dce31000dce5.yaml @@ -0,0 +1,58 @@ +id: jquery-tagline-rotator-eab9e4fbf9582fd0da43dce31000dce5 + +info: + name: > + jQuery Tagline Rotator <= 0.1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc9efc98-7815-4b9b-a180-71f1095c9b0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jquery-tagline-rotator/" + google-query: inurl:"/wp-content/plugins/jquery-tagline-rotator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jquery-tagline-rotator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jquery-tagline-rotator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jquery-tagline-rotator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jquery-validation-for-contact-form-7-fdec704444e3056cbaed479252db31c8.yaml b/nuclei-templates/cve-less/plugins/jquery-validation-for-contact-form-7-fdec704444e3056cbaed479252db31c8.yaml new file mode 100644 index 0000000000..9bc94c289c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jquery-validation-for-contact-form-7-fdec704444e3056cbaed479252db31c8.yaml @@ -0,0 +1,58 @@ +id: jquery-validation-for-contact-form-7-fdec704444e3056cbaed479252db31c8 + +info: + name: > + Jquery Validation For Contact Form 7 <= 5.2 - Cross-Site Request Forgery to Arbitrary Options Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed488dcd-7400-47ab-a161-47c7caa414c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jquery-validation-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/jquery-validation-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jquery-validation-for-contact-form-7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jquery-validation-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jquery-validation-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jquery-vertical-accordion-menu-c27c21f00fd5cfc7fcc406cc847e2987.yaml b/nuclei-templates/cve-less/plugins/jquery-vertical-accordion-menu-c27c21f00fd5cfc7fcc406cc847e2987.yaml new file mode 100644 index 0000000000..e59decf51a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jquery-vertical-accordion-menu-c27c21f00fd5cfc7fcc406cc847e2987.yaml @@ -0,0 +1,58 @@ +id: jquery-vertical-accordion-menu-c27c21f00fd5cfc7fcc406cc847e2987 + +info: + name: > + JQuery Accordion Menu Widget <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0cf3015-cdc9-4ac9-82f3-e9b4d1203e22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jquery-vertical-accordion-menu/" + google-query: inurl:"/wp-content/plugins/jquery-vertical-accordion-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jquery-vertical-accordion-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jquery-vertical-accordion-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jquery-vertical-accordion-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jrss-widget-265315e822cdfb8b9ba73135a9d29277.yaml b/nuclei-templates/cve-less/plugins/jrss-widget-265315e822cdfb8b9ba73135a9d29277.yaml new file mode 100644 index 0000000000..bf5a216ac4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jrss-widget-265315e822cdfb8b9ba73135a9d29277.yaml @@ -0,0 +1,58 @@ +id: jrss-widget-265315e822cdfb8b9ba73135a9d29277 + +info: + name: > + jRSS Widget <= 1.2 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1680078c-0dbe-4586-b793-3bf2ddea96ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jrss-widget/" + google-query: inurl:"/wp-content/plugins/jrss-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jrss-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jrss-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jrss-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-css-script-optimizer-9b9750afc0fcb77fca6e9424d2ce6b98.yaml b/nuclei-templates/cve-less/plugins/js-css-script-optimizer-9b9750afc0fcb77fca6e9424d2ce6b98.yaml new file mode 100644 index 0000000000..ca90762b6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-css-script-optimizer-9b9750afc0fcb77fca6e9424d2ce6b98.yaml @@ -0,0 +1,58 @@ +id: js-css-script-optimizer-9b9750afc0fcb77fca6e9424d2ce6b98 + +info: + name: > + JS & CSS Script Optimizer <= 0.3.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb863896-5a5a-4c65-b2a5-0901de7961f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-css-script-optimizer/" + google-query: inurl:"/wp-content/plugins/js-css-script-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-css-script-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-css-script-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-css-script-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-jobs-1f7578af7b08d6f0682dfe557a69cb45.yaml b/nuclei-templates/cve-less/plugins/js-jobs-1f7578af7b08d6f0682dfe557a69cb45.yaml new file mode 100644 index 0000000000..f88a34d323 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-jobs-1f7578af7b08d6f0682dfe557a69cb45.yaml @@ -0,0 +1,58 @@ +id: js-jobs-1f7578af7b08d6f0682dfe557a69cb45 + +info: + name: > + JS Job Manager <= 2.0.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55604ee9-7343-472c-9a29-035d18b266ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-jobs/" + google-query: inurl:"/wp-content/plugins/js-jobs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-jobs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-jobs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-jobs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-jobs-23c92f364f22c50ebf1609484d67aa5e.yaml b/nuclei-templates/cve-less/plugins/js-jobs-23c92f364f22c50ebf1609484d67aa5e.yaml new file mode 100644 index 0000000000..86bd8d8212 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-jobs-23c92f364f22c50ebf1609484d67aa5e.yaml @@ -0,0 +1,58 @@ +id: js-jobs-23c92f364f22c50ebf1609484d67aa5e + +info: + name: > + JS Job Manager <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62ea9e85-7752-4d0f-aafb-cbbc94294335?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-jobs/" + google-query: inurl:"/wp-content/plugins/js-jobs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-jobs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-jobs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-jobs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-jobs-9b43630f5837a1e7e35ee3f5d5c853aa.yaml b/nuclei-templates/cve-less/plugins/js-jobs-9b43630f5837a1e7e35ee3f5d5c853aa.yaml new file mode 100644 index 0000000000..30d8084d9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-jobs-9b43630f5837a1e7e35ee3f5d5c853aa.yaml @@ -0,0 +1,58 @@ +id: js-jobs-9b43630f5837a1e7e35ee3f5d5c853aa + +info: + name: > + JS Job Manager <= 2.0.0 - Cross-Site Request Forgery via multiple functions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0131921b-6f60-4da1-b5d9-d44a33d35cae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-jobs/" + google-query: inurl:"/wp-content/plugins/js-jobs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-jobs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-jobs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-jobs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-jobs-e2ad97f33f7abd91ea501d6e3cf80275.yaml b/nuclei-templates/cve-less/plugins/js-jobs-e2ad97f33f7abd91ea501d6e3cf80275.yaml new file mode 100644 index 0000000000..2b727e2cff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-jobs-e2ad97f33f7abd91ea501d6e3cf80275.yaml @@ -0,0 +1,58 @@ +id: js-jobs-e2ad97f33f7abd91ea501d6e3cf80275 + +info: + name: > + JS Job Manager <= 1.0.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e3da1d3-5ec3-4f94-a834-3f3a6fc23f0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-jobs/" + google-query: inurl:"/wp-content/plugins/js-jobs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-jobs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-jobs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-jobs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-multihotel-107b72d2008fc8b953e147cb55e0c002.yaml b/nuclei-templates/cve-less/plugins/js-multihotel-107b72d2008fc8b953e147cb55e0c002.yaml new file mode 100644 index 0000000000..9dbede086b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-multihotel-107b72d2008fc8b953e147cb55e0c002.yaml @@ -0,0 +1,58 @@ +id: js-multihotel-107b72d2008fc8b953e147cb55e0c002 + +info: + name: > + JS MultiHotel <= 2.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b7d7373-e38a-428c-be8c-a5b05e8dc1e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-multihotel/" + google-query: inurl:"/wp-content/plugins/js-multihotel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-multihotel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-multihotel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-multihotel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-multihotel-3be3c98bb23ebc942163786ddfe2ad5d.yaml b/nuclei-templates/cve-less/plugins/js-multihotel-3be3c98bb23ebc942163786ddfe2ad5d.yaml new file mode 100644 index 0000000000..fee77bbd39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-multihotel-3be3c98bb23ebc942163786ddfe2ad5d.yaml @@ -0,0 +1,58 @@ +id: js-multihotel-3be3c98bb23ebc942163786ddfe2ad5d + +info: + name: > + JS Multi Hotel <= 2.2.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d302f956-3f6e-41a7-a02b-d6b4431138b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-multihotel/" + google-query: inurl:"/wp-content/plugins/js-multihotel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-multihotel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-multihotel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-multihotel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-multihotel-c6f1bc8dc593e94f4ca6205f51ff1930.yaml b/nuclei-templates/cve-less/plugins/js-multihotel-c6f1bc8dc593e94f4ca6205f51ff1930.yaml new file mode 100644 index 0000000000..2beb195de1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-multihotel-c6f1bc8dc593e94f4ca6205f51ff1930.yaml @@ -0,0 +1,58 @@ +id: js-multihotel-c6f1bc8dc593e94f4ca6205f51ff1930 + +info: + name: > + JS Multi Hotel <= 2.2.1 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/085ea0e9-5b00-4038-a01b-2aebd0aa0809?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-multihotel/" + google-query: inurl:"/wp-content/plugins/js-multihotel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-multihotel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-multihotel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-multihotel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-support-ticket-05e6db992de66a60c66b532d0b52e5c0.yaml b/nuclei-templates/cve-less/plugins/js-support-ticket-05e6db992de66a60c66b532d0b52e5c0.yaml new file mode 100644 index 0000000000..bba2179fe4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-support-ticket-05e6db992de66a60c66b532d0b52e5c0.yaml @@ -0,0 +1,58 @@ +id: js-support-ticket-05e6db992de66a60c66b532d0b52e5c0 + +info: + name: > + JS Help Desk <= 2.7.1 - Missing Authorization to Plugin Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74403688-06a0-453f-ac44-bd731c389892?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-support-ticket/" + google-query: inurl:"/wp-content/plugins/js-support-ticket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-support-ticket,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-support-ticket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-support-ticket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-support-ticket-0cf1772d2edd6248b5e99ca545774eec.yaml b/nuclei-templates/cve-less/plugins/js-support-ticket-0cf1772d2edd6248b5e99ca545774eec.yaml new file mode 100644 index 0000000000..12a6417d4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-support-ticket-0cf1772d2edd6248b5e99ca545774eec.yaml @@ -0,0 +1,58 @@ +id: js-support-ticket-0cf1772d2edd6248b5e99ca545774eec + +info: + name: > + JS Help Desk <= 2.8.1 - Unauthenticated SQL Injection via email and trackingid + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a3e89cc-56cb-42d7-b4f6-bfc7ca0e03e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-support-ticket/" + google-query: inurl:"/wp-content/plugins/js-support-ticket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-support-ticket,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-support-ticket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-support-ticket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-support-ticket-10beccaa7efca5aa61a354cb6243cda6.yaml b/nuclei-templates/cve-less/plugins/js-support-ticket-10beccaa7efca5aa61a354cb6243cda6.yaml new file mode 100644 index 0000000000..c3d52b0060 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-support-ticket-10beccaa7efca5aa61a354cb6243cda6.yaml @@ -0,0 +1,58 @@ +id: js-support-ticket-10beccaa7efca5aa61a354cb6243cda6 + +info: + name: > + JS Help Desk <= 2.7.1 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65e2e9e3-2778-4baf-8269-fc13d5ef1212?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-support-ticket/" + google-query: inurl:"/wp-content/plugins/js-support-ticket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-support-ticket,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-support-ticket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-support-ticket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-support-ticket-1a072d8df8f66c1d4b2649edb7db538a.yaml b/nuclei-templates/cve-less/plugins/js-support-ticket-1a072d8df8f66c1d4b2649edb7db538a.yaml new file mode 100644 index 0000000000..0dff734d9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-support-ticket-1a072d8df8f66c1d4b2649edb7db538a.yaml @@ -0,0 +1,58 @@ +id: js-support-ticket-1a072d8df8f66c1d4b2649edb7db538a + +info: + name: > + JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa75366a-651c-43d0-a32b-cdabf5b07b66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-support-ticket/" + google-query: inurl:"/wp-content/plugins/js-support-ticket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-support-ticket,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-support-ticket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-support-ticket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-support-ticket-32e7faa52a05f68e7c002ae73c9e64c8.yaml b/nuclei-templates/cve-less/plugins/js-support-ticket-32e7faa52a05f68e7c002ae73c9e64c8.yaml new file mode 100644 index 0000000000..2902af1f96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-support-ticket-32e7faa52a05f68e7c002ae73c9e64c8.yaml @@ -0,0 +1,58 @@ +id: js-support-ticket-32e7faa52a05f68e7c002ae73c9e64c8 + +info: + name: > + JS Help Desk – Best Help Desk & Support Plugin <= 2.8.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea7b7b5-ba3a-4d9c-9a63-ed9f645c6b1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-support-ticket/" + google-query: inurl:"/wp-content/plugins/js-support-ticket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-support-ticket,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-support-ticket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-support-ticket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-support-ticket-37413a766ec0b67c1d3586422811e23c.yaml b/nuclei-templates/cve-less/plugins/js-support-ticket-37413a766ec0b67c1d3586422811e23c.yaml new file mode 100644 index 0000000000..52afc84f54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-support-ticket-37413a766ec0b67c1d3586422811e23c.yaml @@ -0,0 +1,58 @@ +id: js-support-ticket-37413a766ec0b67c1d3586422811e23c + +info: + name: > + JS Help Desk – Best Help Desk & Support Plugin <= 2.7.7 - Authenticated (Subscriber+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/962af7eb-b2eb-4190-bf0d-cb05cb28f10b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-support-ticket/" + google-query: inurl:"/wp-content/plugins/js-support-ticket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-support-ticket,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-support-ticket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-support-ticket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-support-ticket-497602ea4705020cbc78a0b19d427eba.yaml b/nuclei-templates/cve-less/plugins/js-support-ticket-497602ea4705020cbc78a0b19d427eba.yaml new file mode 100644 index 0000000000..2a8750b400 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-support-ticket-497602ea4705020cbc78a0b19d427eba.yaml @@ -0,0 +1,58 @@ +id: js-support-ticket-497602ea4705020cbc78a0b19d427eba + +info: + name: > + JS Help Desk <= 2.7.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67021dde-a21c-4281-b4f2-acc840efcc69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-support-ticket/" + google-query: inurl:"/wp-content/plugins/js-support-ticket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-support-ticket,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-support-ticket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-support-ticket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-support-ticket-8bc92a63825b5e282b7e5f164f2d0274.yaml b/nuclei-templates/cve-less/plugins/js-support-ticket-8bc92a63825b5e282b7e5f164f2d0274.yaml new file mode 100644 index 0000000000..eea309f85f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-support-ticket-8bc92a63825b5e282b7e5f164f2d0274.yaml @@ -0,0 +1,58 @@ +id: js-support-ticket-8bc92a63825b5e282b7e5f164f2d0274 + +info: + name: > + JS Help Desk – Best Help Desk & Support Plugin <= 2.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b790db69-cccd-4adf-a7fa-f7db4dd96be6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-support-ticket/" + google-query: inurl:"/wp-content/plugins/js-support-ticket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-support-ticket,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-support-ticket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-support-ticket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-support-ticket-cd695a94c9ddf898661512e7b5a151f2.yaml b/nuclei-templates/cve-less/plugins/js-support-ticket-cd695a94c9ddf898661512e7b5a151f2.yaml new file mode 100644 index 0000000000..ba4d84cca5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-support-ticket-cd695a94c9ddf898661512e7b5a151f2.yaml @@ -0,0 +1,58 @@ +id: js-support-ticket-cd695a94c9ddf898661512e7b5a151f2 + +info: + name: > + JS Help Desk <= 2.7.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89f6f1cd-91ab-416b-b76b-162b3b29d752?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-support-ticket/" + google-query: inurl:"/wp-content/plugins/js-support-ticket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-support-ticket,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-support-ticket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-support-ticket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js-support-ticket-dcc8e30c059ff6154a44599d32e5c2b6.yaml b/nuclei-templates/cve-less/plugins/js-support-ticket-dcc8e30c059ff6154a44599d32e5c2b6.yaml new file mode 100644 index 0000000000..8e6600eb69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js-support-ticket-dcc8e30c059ff6154a44599d32e5c2b6.yaml @@ -0,0 +1,58 @@ +id: js-support-ticket-dcc8e30c059ff6154a44599d32e5c2b6 + +info: + name: > + JS Help Desk <= 2.7.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/baecb227-08c4-4de7-a725-db6639587f13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js-support-ticket/" + google-query: inurl:"/wp-content/plugins/js-support-ticket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js-support-ticket,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js-support-ticket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js-support-ticket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js_composer-16bf911b12f5300e0830fe4fc1eb1ed0.yaml b/nuclei-templates/cve-less/plugins/js_composer-16bf911b12f5300e0830fe4fc1eb1ed0.yaml new file mode 100644 index 0000000000..212ace9531 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js_composer-16bf911b12f5300e0830fe4fc1eb1ed0.yaml @@ -0,0 +1,58 @@ +id: js_composer-16bf911b12f5300e0830fe4fc1eb1ed0 + +info: + name: > + WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button onclick attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a571386-fae1-4a56-8567-9d3e23249de1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js_composer/" + google-query: inurl:"/wp-content/plugins/js_composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js_composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js_composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js_composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js_composer-83ebb5cd5f6dc281ececf75915c27b14.yaml b/nuclei-templates/cve-less/plugins/js_composer-83ebb5cd5f6dc281ececf75915c27b14.yaml new file mode 100644 index 0000000000..d95527e494 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js_composer-83ebb5cd5f6dc281ececf75915c27b14.yaml @@ -0,0 +1,58 @@ +id: js_composer-83ebb5cd5f6dc281ececf75915c27b14 + +info: + name: > + WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Heading tag attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/674e6722-d293-4572-80bf-984e74c3e33f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js_composer/" + google-query: inurl:"/wp-content/plugins/js_composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js_composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js_composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js_composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js_composer-86b92217e832cff4cd144076070304be.yaml b/nuclei-templates/cve-less/plugins/js_composer-86b92217e832cff4cd144076070304be.yaml new file mode 100644 index 0000000000..e89d1dc22c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js_composer-86b92217e832cff4cd144076070304be.yaml @@ -0,0 +1,58 @@ +id: js_composer-86b92217e832cff4cd144076070304be + +info: + name: > + WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title tag attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34d21418-4faf-40bf-a960-79482a592722?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js_composer/" + google-query: inurl:"/wp-content/plugins/js_composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js_composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js_composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js_composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js_composer-9af98782950e2bb2fdcec622ba259511.yaml b/nuclei-templates/cve-less/plugins/js_composer-9af98782950e2bb2fdcec622ba259511.yaml new file mode 100644 index 0000000000..20132e4b11 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js_composer-9af98782950e2bb2fdcec622ba259511.yaml @@ -0,0 +1,58 @@ +id: js_composer-9af98782950e2bb2fdcec622ba259511 + +info: + name: > + WPBakery Visual Composer <= 7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb8ecbbc-ada9-4887-92e6-25a587ecfb84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js_composer/" + google-query: inurl:"/wp-content/plugins/js_composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js_composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js_composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js_composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js_composer-ad1820dedb4cef27ae24befa1b1daeac.yaml b/nuclei-templates/cve-less/plugins/js_composer-ad1820dedb4cef27ae24befa1b1daeac.yaml new file mode 100644 index 0000000000..0129d3ff26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js_composer-ad1820dedb4cef27ae24befa1b1daeac.yaml @@ -0,0 +1,58 @@ +id: js_composer-ad1820dedb4cef27ae24befa1b1daeac + +info: + name: > + WPBakery Page Builder for WordPress <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fab5d06-ff39-4b7c-808b-bd199c2a3329?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js_composer/" + google-query: inurl:"/wp-content/plugins/js_composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js_composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js_composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js_composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/js_composer-f10d7adc04b5a73f4d72dd21d3e9038b.yaml b/nuclei-templates/cve-less/plugins/js_composer-f10d7adc04b5a73f4d72dd21d3e9038b.yaml new file mode 100644 index 0000000000..93abd5ae0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/js_composer-f10d7adc04b5a73f4d72dd21d3e9038b.yaml @@ -0,0 +1,58 @@ +id: js_composer-f10d7adc04b5a73f4d72dd21d3e9038b + +info: + name: > + WPBakery Page Builder for WordPress <= 6.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78579ed9-1540-44be-9884-51fc2afec2bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/js_composer/" + google-query: inurl:"/wp-content/plugins/js_composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,js_composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/js_composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "js_composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jsmol2wp-0c697c5c96080eeecc8327290c3e4bbc.yaml b/nuclei-templates/cve-less/plugins/jsmol2wp-0c697c5c96080eeecc8327290c3e4bbc.yaml new file mode 100644 index 0000000000..6947b279bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jsmol2wp-0c697c5c96080eeecc8327290c3e4bbc.yaml @@ -0,0 +1,58 @@ +id: jsmol2wp-0c697c5c96080eeecc8327290c3e4bbc + +info: + name: > + JSmol2WP <= 1.07 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adc7e02f-aa95-417f-8778-d9a75beeaf13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jsmol2wp/" + google-query: inurl:"/wp-content/plugins/jsmol2wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jsmol2wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jsmol2wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jsmol2wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.07') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jsmol2wp-8f85626a3667c9d85d3c399330a92186.yaml b/nuclei-templates/cve-less/plugins/jsmol2wp-8f85626a3667c9d85d3c399330a92186.yaml new file mode 100644 index 0000000000..9b72f2e163 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jsmol2wp-8f85626a3667c9d85d3c399330a92186.yaml @@ -0,0 +1,58 @@ +id: jsmol2wp-8f85626a3667c9d85d3c399330a92186 + +info: + name: > + JSmol2WP <= 1.07 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a06dc0d-f002-4f82-b380-0e329b022dc9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jsmol2wp/" + google-query: inurl:"/wp-content/plugins/jsmol2wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jsmol2wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jsmol2wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jsmol2wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.07') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/json-content-importer-727fc100f15758606ba9bacc049862be.yaml b/nuclei-templates/cve-less/plugins/json-content-importer-727fc100f15758606ba9bacc049862be.yaml new file mode 100644 index 0000000000..64076e4649 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/json-content-importer-727fc100f15758606ba9bacc049862be.yaml @@ -0,0 +1,58 @@ +id: json-content-importer-727fc100f15758606ba9bacc049862be + +info: + name: > + Get Use APIs – JSON Content Importer <= 1.5.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/777e2e60-46c3-496c-8263-f2e253014ba5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/json-content-importer/" + google-query: inurl:"/wp-content/plugins/json-content-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,json-content-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/json-content-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "json-content-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/json-content-importer-adbb6fa0fc2db14e16c1a1b09c0380c9.yaml b/nuclei-templates/cve-less/plugins/json-content-importer-adbb6fa0fc2db14e16c1a1b09c0380c9.yaml new file mode 100644 index 0000000000..ec5e300bc3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/json-content-importer-adbb6fa0fc2db14e16c1a1b09c0380c9.yaml @@ -0,0 +1,58 @@ +id: json-content-importer-adbb6fa0fc2db14e16c1a1b09c0380c9 + +info: + name: > + JSON Content Importer <= 1.3.15 - Authenticated (Admin+) Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3839c47-5fd0-48e7-9637-d40bd237e122?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/json-content-importer/" + google-query: inurl:"/wp-content/plugins/json-content-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,json-content-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/json-content-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "json-content-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jtrt-responsive-tables-188621df0287aae144c1602d133b6eea.yaml b/nuclei-templates/cve-less/plugins/jtrt-responsive-tables-188621df0287aae144c1602d133b6eea.yaml new file mode 100644 index 0000000000..4dca5441c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jtrt-responsive-tables-188621df0287aae144c1602d133b6eea.yaml @@ -0,0 +1,58 @@ +id: jtrt-responsive-tables-188621df0287aae144c1602d133b6eea + +info: + name: > + JTRT Responsive Tables <= 4.1.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89ca9214-145e-43c6-a642-7c371f635332?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jtrt-responsive-tables/" + google-query: inurl:"/wp-content/plugins/jtrt-responsive-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jtrt-responsive-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jtrt-responsive-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jtrt-responsive-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jtrt-responsive-tables-8a2f1e9cb4e65657070d3644661c86c5.yaml b/nuclei-templates/cve-less/plugins/jtrt-responsive-tables-8a2f1e9cb4e65657070d3644661c86c5.yaml new file mode 100644 index 0000000000..9830b7ccd1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jtrt-responsive-tables-8a2f1e9cb4e65657070d3644661c86c5.yaml @@ -0,0 +1,58 @@ +id: jtrt-responsive-tables-8a2f1e9cb4e65657070d3644661c86c5 + +info: + name: > + JTRT Responsive Tables < 4.1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7110d8f1-8978-494e-afdb-ca96ee503ab7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jtrt-responsive-tables/" + google-query: inurl:"/wp-content/plugins/jtrt-responsive-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jtrt-responsive-tables,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jtrt-responsive-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jtrt-responsive-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/judgeme-product-reviews-woocommerce-e8b437aec6c6d5cf835be562d11e2a03.yaml b/nuclei-templates/cve-less/plugins/judgeme-product-reviews-woocommerce-e8b437aec6c6d5cf835be562d11e2a03.yaml new file mode 100644 index 0000000000..6857c5fa46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/judgeme-product-reviews-woocommerce-e8b437aec6c6d5cf835be562d11e2a03.yaml @@ -0,0 +1,58 @@ +id: judgeme-product-reviews-woocommerce-e8b437aec6c6d5cf835be562d11e2a03 + +info: + name: > + Judge.me Product Reviews for WooCommerce <= 1.3.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8053e812-21c0-4e3a-8d5b-52ef9991eb61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/judgeme-product-reviews-woocommerce/" + google-query: inurl:"/wp-content/plugins/judgeme-product-reviews-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,judgeme-product-reviews-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/judgeme-product-reviews-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "judgeme-product-reviews-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/juicer-1856c5e867bf1d120f63e6e0b7edcd33.yaml b/nuclei-templates/cve-less/plugins/juicer-1856c5e867bf1d120f63e6e0b7edcd33.yaml new file mode 100644 index 0000000000..97abfbf42e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/juicer-1856c5e867bf1d120f63e6e0b7edcd33.yaml @@ -0,0 +1,58 @@ +id: juicer-1856c5e867bf1d120f63e6e0b7edcd33 + +info: + name: > + Juicer <= 1.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c896da97-3100-43a8-a5e0-44b61c4431fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/juicer/" + google-query: inurl:"/wp-content/plugins/juicer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,juicer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/juicer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "juicer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jungbillig-portfolio-gallery-0f097e6e2a639803a729d611f2124080.yaml b/nuclei-templates/cve-less/plugins/jungbillig-portfolio-gallery-0f097e6e2a639803a729d611f2124080.yaml new file mode 100644 index 0000000000..a2e2eefbc9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jungbillig-portfolio-gallery-0f097e6e2a639803a729d611f2124080.yaml @@ -0,0 +1,58 @@ +id: jungbillig-portfolio-gallery-0f097e6e2a639803a729d611f2124080 + +info: + name: > + Filterable Portfolio <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2f9eed8-9656-48a2-9414-2cfdd3ebb059?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jungbillig-portfolio-gallery/" + google-query: inurl:"/wp-content/plugins/jungbillig-portfolio-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jungbillig-portfolio-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jungbillig-portfolio-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jungbillig-portfolio-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jupiterx-core-0fb4e97ee7da5e51631d72f53857a9d4.yaml b/nuclei-templates/cve-less/plugins/jupiterx-core-0fb4e97ee7da5e51631d72f53857a9d4.yaml new file mode 100644 index 0000000000..6c64edcf8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jupiterx-core-0fb4e97ee7da5e51631d72f53857a9d4.yaml @@ -0,0 +1,58 @@ +id: jupiterx-core-0fb4e97ee7da5e51631d72f53857a9d4 + +info: + name: > + JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/147b7be2-8bbe-4e95-bfcb-1c4ff8a41a3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jupiterx-core/" + google-query: inurl:"/wp-content/plugins/jupiterx-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jupiterx-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jupiterx-core-6263cc6815827a2dcfc05e4efb3b62b1.yaml b/nuclei-templates/cve-less/plugins/jupiterx-core-6263cc6815827a2dcfc05e4efb3b62b1.yaml new file mode 100644 index 0000000000..d6689b2de3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jupiterx-core-6263cc6815827a2dcfc05e4efb3b62b1.yaml @@ -0,0 +1,58 @@ +id: jupiterx-core-6263cc6815827a2dcfc05e4efb3b62b1 + +info: + name: > + JupiterX Core <= 3.3.8 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b894473b-b2ed-475b-892e-603db609f88a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jupiterx-core/" + google-query: inurl:"/wp-content/plugins/jupiterx-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jupiterx-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jupiterx-core-7a177ce424b4ca9311638c336fb2a0c4.yaml b/nuclei-templates/cve-less/plugins/jupiterx-core-7a177ce424b4ca9311638c336fb2a0c4.yaml new file mode 100644 index 0000000000..47812925a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jupiterx-core-7a177ce424b4ca9311638c336fb2a0c4.yaml @@ -0,0 +1,58 @@ +id: jupiterx-core-7a177ce424b4ca9311638c336fb2a0c4 + +info: + name: > + JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1dccb69e-b3d8-44b5-8f5e-931e5afe2bd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jupiterx-core/" + google-query: inurl:"/wp-content/plugins/jupiterx-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jupiterx-core,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jupiterx-core-8c6a911c1599b488ff2e4c85e8723fde.yaml b/nuclei-templates/cve-less/plugins/jupiterx-core-8c6a911c1599b488ff2e4c85e8723fde.yaml new file mode 100644 index 0000000000..43be4b711b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jupiterx-core-8c6a911c1599b488ff2e4c85e8723fde.yaml @@ -0,0 +1,58 @@ +id: jupiterx-core-8c6a911c1599b488ff2e4c85e8723fde + +info: + name: > + JupiterX Core <= 2.0.6 - Information Disclosure, Modification, and Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e92ce899-556f-4a17-8902-1919d485ee15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jupiterx-core/" + google-query: inurl:"/wp-content/plugins/jupiterx-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jupiterx-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jupiterx-core-b223d684e1bd83784af3dae666ad9edd.yaml b/nuclei-templates/cve-less/plugins/jupiterx-core-b223d684e1bd83784af3dae666ad9edd.yaml new file mode 100644 index 0000000000..0e12602d03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jupiterx-core-b223d684e1bd83784af3dae666ad9edd.yaml @@ -0,0 +1,58 @@ +id: jupiterx-core-b223d684e1bd83784af3dae666ad9edd + +info: + name: > + JupiterX Core <= 3.3.5 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/980a9237-7dea-4058-a850-b849457b4fef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jupiterx-core/" + google-query: inurl:"/wp-content/plugins/jupiterx-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jupiterx-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jupiterx-core-bf3d966b9ad3caa6240cfda0b540df5c.yaml b/nuclei-templates/cve-less/plugins/jupiterx-core-bf3d966b9ad3caa6240cfda0b540df5c.yaml new file mode 100644 index 0000000000..aca3ac9881 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jupiterx-core-bf3d966b9ad3caa6240cfda0b540df5c.yaml @@ -0,0 +1,58 @@ +id: jupiterx-core-bf3d966b9ad3caa6240cfda0b540df5c + +info: + name: > + Jupiter X Core <= 2.5.0 - Unauthenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f767d94b-fe92-4b69-9d81-96de51e12983?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jupiterx-core/" + google-query: inurl:"/wp-content/plugins/jupiterx-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jupiterx-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jupiterx-core-bfeb7be408c868527d6e4e4ae715a094.yaml b/nuclei-templates/cve-less/plugins/jupiterx-core-bfeb7be408c868527d6e4e4ae715a094.yaml new file mode 100644 index 0000000000..f00ece6430 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jupiterx-core-bfeb7be408c868527d6e4e4ae715a094.yaml @@ -0,0 +1,58 @@ +id: jupiterx-core-bfeb7be408c868527d6e4e4ae715a094 + +info: + name: > + JupiterX Core 3.0.0 - 3.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48583297-59db-48ec-8551-d6b37ac02197?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jupiterx-core/" + google-query: inurl:"/wp-content/plugins/jupiterx-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jupiterx-core,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jupiterx-core-f3750481cefda659186282ffd61f21aa.yaml b/nuclei-templates/cve-less/plugins/jupiterx-core-f3750481cefda659186282ffd61f21aa.yaml new file mode 100644 index 0000000000..19e6dc23f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jupiterx-core-f3750481cefda659186282ffd61f21aa.yaml @@ -0,0 +1,58 @@ +id: jupiterx-core-f3750481cefda659186282ffd61f21aa + +info: + name: > + Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b54f38b6-5f98-469c-802a-a4c1e1f2ab0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jupiterx-core/" + google-query: inurl:"/wp-content/plugins/jupiterx-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jupiterx-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jupiterx-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/just-custom-fields-2e06d0c89a5dc3c234768757cec7f855.yaml b/nuclei-templates/cve-less/plugins/just-custom-fields-2e06d0c89a5dc3c234768757cec7f855.yaml new file mode 100644 index 0000000000..346deb5783 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/just-custom-fields-2e06d0c89a5dc3c234768757cec7f855.yaml @@ -0,0 +1,58 @@ +id: just-custom-fields-2e06d0c89a5dc3c234768757cec7f855 + +info: + name: > + Just Custom Fields <= 3.3.2 - Missing Authorization on AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6d44749-8b1a-4d22-9917-fee134737063?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/just-custom-fields/" + google-query: inurl:"/wp-content/plugins/just-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,just-custom-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/just-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "just-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/just-tables-5fd0b28040a0aa5ee65912fc0591e5ff.yaml b/nuclei-templates/cve-less/plugins/just-tables-5fd0b28040a0aa5ee65912fc0591e5ff.yaml new file mode 100644 index 0000000000..2c1e9212a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/just-tables-5fd0b28040a0aa5ee65912fc0591e5ff.yaml @@ -0,0 +1,58 @@ +id: just-tables-5fd0b28040a0aa5ee65912fc0591e5ff + +info: + name: > + JustTables – WooCommerce Product Table <= 1.4.9 - Cross-Site Request Forgery via plugin_activation() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b795d8-3cab-4d81-a016-b4498315ddf4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/just-tables/" + google-query: inurl:"/wp-content/plugins/just-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,just-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/just-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "just-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/justified-gallery-421ff303fd144872eafd938e0ed53208.yaml b/nuclei-templates/cve-less/plugins/justified-gallery-421ff303fd144872eafd938e0ed53208.yaml new file mode 100644 index 0000000000..c7556ef32c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/justified-gallery-421ff303fd144872eafd938e0ed53208.yaml @@ -0,0 +1,58 @@ +id: justified-gallery-421ff303fd144872eafd938e0ed53208 + +info: + name: > + Justified Gallery <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95631d97-14c9-45f2-b709-3eca7c38f09d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/justified-gallery/" + google-query: inurl:"/wp-content/plugins/justified-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,justified-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/justified-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "justified-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/justified-gallery-d3b5c660c8e70bcaeca06e534455619d.yaml b/nuclei-templates/cve-less/plugins/justified-gallery-d3b5c660c8e70bcaeca06e534455619d.yaml new file mode 100644 index 0000000000..bf79474173 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/justified-gallery-d3b5c660c8e70bcaeca06e534455619d.yaml @@ -0,0 +1,58 @@ +id: justified-gallery-d3b5c660c8e70bcaeca06e534455619d + +info: + name: > + Justified Gallery <= 1.7.3 - Missing Authorization via 'dismiss_how_to_use_notice' and 'dismiss_notice' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3978cb6-1739-4671-bb98-17c409c67d1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/justified-gallery/" + google-query: inurl:"/wp-content/plugins/justified-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,justified-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/justified-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "justified-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jvm-rich-text-icons-cbde558e3503539352816240255a9c09.yaml b/nuclei-templates/cve-less/plugins/jvm-rich-text-icons-cbde558e3503539352816240255a9c09.yaml new file mode 100644 index 0000000000..4da7153319 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jvm-rich-text-icons-cbde558e3503539352816240255a9c09.yaml @@ -0,0 +1,58 @@ +id: jvm-rich-text-icons-cbde558e3503539352816240255a9c09 + +info: + name: > + JVM rich text icons <= 1.2.6 - Directory Traversal to Authenticated(Subscriber+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e54f9b-db12-42ef-a0fa-2d40c0f7908c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jvm-rich-text-icons/" + google-query: inurl:"/wp-content/plugins/jvm-rich-text-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jvm-rich-text-icons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jvm-rich-text-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jvm-rich-text-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jvm-rich-text-icons-f64345cda7b5204d1b37828da4e7e5ea.yaml b/nuclei-templates/cve-less/plugins/jvm-rich-text-icons-f64345cda7b5204d1b37828da4e7e5ea.yaml new file mode 100644 index 0000000000..3fb0e4495d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jvm-rich-text-icons-f64345cda7b5204d1b37828da4e7e5ea.yaml @@ -0,0 +1,58 @@ +id: jvm-rich-text-icons-f64345cda7b5204d1b37828da4e7e5ea + +info: + name: > + JVM rich text icons <= 1.2.3 - Authenticated(Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca064db0-2718-4521-9467-335b59208858?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jvm-rich-text-icons/" + google-query: inurl:"/wp-content/plugins/jvm-rich-text-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jvm-rich-text-icons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jvm-rich-text-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jvm-rich-text-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jw-player-7-for-wp-8564c9ce49cff70553493d3be285f932.yaml b/nuclei-templates/cve-less/plugins/jw-player-7-for-wp-8564c9ce49cff70553493d3be285f932.yaml new file mode 100644 index 0000000000..a2035bcece --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jw-player-7-for-wp-8564c9ce49cff70553493d3be285f932.yaml @@ -0,0 +1,58 @@ +id: jw-player-7-for-wp-8564c9ce49cff70553493d3be285f932 + +info: + name: > + JW Player for WordPress <= 2.3.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52bd0d4d-4a08-417c-a426-6bd981f43120?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jw-player-7-for-wp/" + google-query: inurl:"/wp-content/plugins/jw-player-7-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jw-player-7-for-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jw-player-7-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jw-player-7-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jw-player-plugin-for-wordpress-748f56889fa9468d09334c5315ffc76e.yaml b/nuclei-templates/cve-less/plugins/jw-player-plugin-for-wordpress-748f56889fa9468d09334c5315ffc76e.yaml new file mode 100644 index 0000000000..ab2ec736af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jw-player-plugin-for-wordpress-748f56889fa9468d09334c5315ffc76e.yaml @@ -0,0 +1,58 @@ +id: jw-player-plugin-for-wordpress-748f56889fa9468d09334c5315ffc76e + +info: + name: > + JW Player for Flash & HTML5 Video < 2.1.4 - Cross-Site Request Forgery leading to player deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7eb9cb7-ca71-454b-bb4c-da89c8a6e584?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jw-player-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/jw-player-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jw-player-plugin-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jw-player-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jw-player-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/jwt-auth-b4373f75cd045c6c032603b171a73598.yaml b/nuclei-templates/cve-less/plugins/jwt-auth-b4373f75cd045c6c032603b171a73598.yaml new file mode 100644 index 0000000000..4d7e3722dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/jwt-auth-b4373f75cd045c6c032603b171a73598.yaml @@ -0,0 +1,58 @@ +id: jwt-auth-b4373f75cd045c6c032603b171a73598 + +info: + name: > + Firebase PHP-JWT < 6.0.0 - Algorithm Confusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8aa0fffa-475e-4227-9ab1-17ca6fcce529?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/jwt-auth/" + google-query: inurl:"/wp-content/plugins/jwt-auth/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,jwt-auth,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/jwt-auth/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jwt-auth" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-blocks-145ab093189c598c1d7c84674ba9b14b.yaml b/nuclei-templates/cve-less/plugins/kadence-blocks-145ab093189c598c1d7c84674ba9b14b.yaml new file mode 100644 index 0000000000..3f38ea36d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-blocks-145ab093189c598c1d7c84674ba9b14b.yaml @@ -0,0 +1,58 @@ +id: kadence-blocks-145ab093189c598c1d7c84674ba9b14b + +info: + name: > + Gutenberg Blocks with AI by Kadence WP <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad0e4292-d890-499b-b70a-ed638d5b8ee9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-blocks-19fda0443580ba364718d6332aa05bd3.yaml b/nuclei-templates/cve-less/plugins/kadence-blocks-19fda0443580ba364718d6332aa05bd3.yaml new file mode 100644 index 0000000000..3ec7b70e97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-blocks-19fda0443580ba364718d6332aa05bd3.yaml @@ -0,0 +1,58 @@ +id: kadence-blocks-19fda0443580ba364718d6332aa05bd3 + +info: + name: > + Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cff2e5be-0de0-4e62-a881-6156760b7d99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-blocks-1af00ca27a5fbf01cb83385e2b154d55.yaml b/nuclei-templates/cve-less/plugins/kadence-blocks-1af00ca27a5fbf01cb83385e2b154d55.yaml new file mode 100644 index 0000000000..9053095b7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-blocks-1af00ca27a5fbf01cb83385e2b154d55.yaml @@ -0,0 +1,58 @@ +id: kadence-blocks-1af00ca27a5fbf01cb83385e2b154d55 + +info: + name: > + Gutenberg Blocks by Kadence Blocks <= 3.2.17 - Authenticated(Editor+) Stored Cross-Site Scripting via Contact Form Message Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/989bd778-c7b2-41c5-ac4a-2f1a4e594f0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-blocks-1ed8420474aea4653c484035b79e8e05.yaml b/nuclei-templates/cve-less/plugins/kadence-blocks-1ed8420474aea4653c484035b79e8e05.yaml new file mode 100644 index 0000000000..321b30ec62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-blocks-1ed8420474aea4653c484035b79e8e05.yaml @@ -0,0 +1,58 @@ +id: kadence-blocks-1ed8420474aea4653c484035b79e8e05 + +info: + name: > + Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Author+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ce61c74-2754-468b-b40a-5b4446375dfd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-blocks-73e0ed91223d9a0bf611aaf9c6ef87bb.yaml b/nuclei-templates/cve-less/plugins/kadence-blocks-73e0ed91223d9a0bf611aaf9c6ef87bb.yaml new file mode 100644 index 0000000000..b62bf15ca0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-blocks-73e0ed91223d9a0bf611aaf9c6ef87bb.yaml @@ -0,0 +1,58 @@ +id: kadence-blocks-73e0ed91223d9a0bf611aaf9c6ef87bb + +info: + name: > + Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.19 - Authenticated (Contributor+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2d7c5b6-ce4d-4dbe-abec-8c223cb652af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-blocks-7faa2f91e19a5cd476ef97768ff54f4e.yaml b/nuclei-templates/cve-less/plugins/kadence-blocks-7faa2f91e19a5cd476ef97768ff54f4e.yaml new file mode 100644 index 0000000000..8a7d26699b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-blocks-7faa2f91e19a5cd476ef97768ff54f4e.yaml @@ -0,0 +1,58 @@ +id: kadence-blocks-7faa2f91e19a5cd476ef97768ff54f4e + +info: + name: > + Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5fd4dbe-6f44-45ef-9d49-4bc624fdcc57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-blocks-92efa25c2b07bccd1145767fcc736dac.yaml b/nuclei-templates/cve-less/plugins/kadence-blocks-92efa25c2b07bccd1145767fcc736dac.yaml new file mode 100644 index 0000000000..fe0ff16778 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-blocks-92efa25c2b07bccd1145767fcc736dac.yaml @@ -0,0 +1,58 @@ +id: kadence-blocks-92efa25c2b07bccd1145767fcc736dac + +info: + name: > + Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF) + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b01ad77f-2349-48bb-b4e9-f7cbce435de9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-blocks-ae54bb23e01b89e4ec06d2fb932844c4.yaml b/nuclei-templates/cve-less/plugins/kadence-blocks-ae54bb23e01b89e4ec06d2fb932844c4.yaml new file mode 100644 index 0000000000..d0c97ac590 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-blocks-ae54bb23e01b89e4ec06d2fb932844c4.yaml @@ -0,0 +1,58 @@ +id: kadence-blocks-ae54bb23e01b89e4ec06d2fb932844c4 + +info: + name: > + Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via CountUp Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b38a69c7-91d4-43be-8650-eb1f0029bd44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-blocks-b108894447f4647f7c71dc35d7e7ee8f.yaml b/nuclei-templates/cve-less/plugins/kadence-blocks-b108894447f4647f7c71dc35d7e7ee8f.yaml new file mode 100644 index 0000000000..2d22a41f93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-blocks-b108894447f4647f7c71dc35d7e7ee8f.yaml @@ -0,0 +1,58 @@ +id: kadence-blocks-b108894447f4647f7c71dc35d7e7ee8f + +info: + name: > + Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.23 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0913632-85c5-4835-b606-4eca51df2496?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-blocks-e67596c37a8f5cfdbaa53a0b072da6d5.yaml b/nuclei-templates/cve-less/plugins/kadence-blocks-e67596c37a8f5cfdbaa53a0b072da6d5.yaml new file mode 100644 index 0000000000..c2ebc542bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-blocks-e67596c37a8f5cfdbaa53a0b072da6d5.yaml @@ -0,0 +1,58 @@ +id: kadence-blocks-e67596c37a8f5cfdbaa53a0b072da6d5 + +info: + name: > + Gutenberg Blocks by Kadence Blocks <= 3.2.25 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa984d7f-49b9-49c9-9a1c-9e4c8b7f989b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-blocks-f0d72e9f2bbc50f42260a8f158b94cfc.yaml b/nuclei-templates/cve-less/plugins/kadence-blocks-f0d72e9f2bbc50f42260a8f158b94cfc.yaml new file mode 100644 index 0000000000..3973bc5f47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-blocks-f0d72e9f2bbc50f42260a8f158b94cfc.yaml @@ -0,0 +1,58 @@ +id: kadence-blocks-f0d72e9f2bbc50f42260a8f158b94cfc + +info: + name: > + Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.34 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7fe482e-a4e8-411c-97a4-a32ccf5b3682?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-blocks/" + google-query: inurl:"/wp-content/plugins/kadence-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-starter-templates-884840a442619cbc5a7daf95f85cb6cb.yaml b/nuclei-templates/cve-less/plugins/kadence-starter-templates-884840a442619cbc5a7daf95f85cb6cb.yaml new file mode 100644 index 0000000000..e07942f1da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-starter-templates-884840a442619cbc5a7daf95f85cb6cb.yaml @@ -0,0 +1,58 @@ +id: kadence-starter-templates-884840a442619cbc5a7daf95f85cb6cb + +info: + name: > + Starter Templates by Kadence WP <= 1.2.16 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72eda38d-34e9-4a0e-a760-a9b991e590de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-starter-templates/" + google-query: inurl:"/wp-content/plugins/kadence-starter-templates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-starter-templates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-starter-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-starter-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-woocommerce-email-designer-50843d38ad4401e3655e1238a9807eaf.yaml b/nuclei-templates/cve-less/plugins/kadence-woocommerce-email-designer-50843d38ad4401e3655e1238a9807eaf.yaml new file mode 100644 index 0000000000..6645838500 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-woocommerce-email-designer-50843d38ad4401e3655e1238a9807eaf.yaml @@ -0,0 +1,58 @@ +id: kadence-woocommerce-email-designer-50843d38ad4401e3655e1238a9807eaf + +info: + name: > + Kadence WooCommerce Email Designer <= 1.5.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b8483b8-07b4-436f-992f-35e16fef867b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-woocommerce-email-designer/" + google-query: inurl:"/wp-content/plugins/kadence-woocommerce-email-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-woocommerce-email-designer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-woocommerce-email-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-woocommerce-email-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kadence-woocommerce-email-designer-6994b89efe7c786e6720a2413c234aa9.yaml b/nuclei-templates/cve-less/plugins/kadence-woocommerce-email-designer-6994b89efe7c786e6720a2413c234aa9.yaml new file mode 100644 index 0000000000..6d50a66d4e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kadence-woocommerce-email-designer-6994b89efe7c786e6720a2413c234aa9.yaml @@ -0,0 +1,58 @@ +id: kadence-woocommerce-email-designer-6994b89efe7c786e6720a2413c234aa9 + +info: + name: > + Kadence WooCommerce Email Designer <= 1.5.6 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ea42fbc-ec08-4f67-90d0-506fc474a4a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kadence-woocommerce-email-designer/" + google-query: inurl:"/wp-content/plugins/kadence-woocommerce-email-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kadence-woocommerce-email-designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kadence-woocommerce-email-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kadence-woocommerce-email-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kali-forms-171d068f6ec1f7c5f7f36a222d7d8329.yaml b/nuclei-templates/cve-less/plugins/kali-forms-171d068f6ec1f7c5f7f36a222d7d8329.yaml new file mode 100644 index 0000000000..138acc1f81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kali-forms-171d068f6ec1f7c5f7f36a222d7d8329.yaml @@ -0,0 +1,58 @@ +id: kali-forms-171d068f6ec1f7c5f7f36a222d7d8329 + +info: + name: > + Kali Forms <= 2.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5bcf456-f991-4775-8c3e-a3c0212a5765?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kali-forms/" + google-query: inurl:"/wp-content/plugins/kali-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kali-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kali-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kali-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kali-forms-51a3f66be32afef58cba4c10f2a34acc.yaml b/nuclei-templates/cve-less/plugins/kali-forms-51a3f66be32afef58cba4c10f2a34acc.yaml new file mode 100644 index 0000000000..130aa8008e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kali-forms-51a3f66be32afef58cba4c10f2a34acc.yaml @@ -0,0 +1,58 @@ +id: kali-forms-51a3f66be32afef58cba4c10f2a34acc + +info: + name: > + Contact Form builder with drag & drop - Kali Forms <= 2.3.36 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/012a558c-1f80-4f36-85d9-905f4ed0b6cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kali-forms/" + google-query: inurl:"/wp-content/plugins/kali-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kali-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kali-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kali-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kali-forms-5837868c169d6f2b8a500d8da35501e2.yaml b/nuclei-templates/cve-less/plugins/kali-forms-5837868c169d6f2b8a500d8da35501e2.yaml new file mode 100644 index 0000000000..b6a7d87e38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kali-forms-5837868c169d6f2b8a500d8da35501e2.yaml @@ -0,0 +1,58 @@ +id: kali-forms-5837868c169d6f2b8a500d8da35501e2 + +info: + name: > + Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed1aae32-6040-4c42-b8a7-4c3be371a8c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kali-forms/" + google-query: inurl:"/wp-content/plugins/kali-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kali-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kali-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kali-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kali-forms-7de52979e23084c59771c8210cf92e97.yaml b/nuclei-templates/cve-less/plugins/kali-forms-7de52979e23084c59771c8210cf92e97.yaml new file mode 100644 index 0000000000..266c64dd2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kali-forms-7de52979e23084c59771c8210cf92e97.yaml @@ -0,0 +1,58 @@ +id: kali-forms-7de52979e23084c59771c8210cf92e97 + +info: + name: > + Contact Form builder with drag & drop - Kali Forms <= 2.3.27 - Missing Authorization via Contact Form + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb473a6-08ba-4b23-877d-4aa661c0053f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kali-forms/" + google-query: inurl:"/wp-content/plugins/kali-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kali-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kali-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kali-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kali-forms-a8effa5bb19e2446851feb68b5c40364.yaml b/nuclei-templates/cve-less/plugins/kali-forms-a8effa5bb19e2446851feb68b5c40364.yaml new file mode 100644 index 0000000000..0109d1b596 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kali-forms-a8effa5bb19e2446851feb68b5c40364.yaml @@ -0,0 +1,58 @@ +id: kali-forms-a8effa5bb19e2446851feb68b5c40364 + +info: + name: > + Contact Form builder with drag & drop for WordPress – Kali Forms <= 2.3.41 - Missing Authorization to Arbitrary Plugin Deactivation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7be75b0a-737d-4f0d-b024-e207af4573cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kali-forms/" + google-query: inurl:"/wp-content/plugins/kali-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kali-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kali-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kali-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kali-forms-b8ab2dfdf20e4fafe82ff439f5e1b3cf.yaml b/nuclei-templates/cve-less/plugins/kali-forms-b8ab2dfdf20e4fafe82ff439f5e1b3cf.yaml new file mode 100644 index 0000000000..e92cc71504 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kali-forms-b8ab2dfdf20e4fafe82ff439f5e1b3cf.yaml @@ -0,0 +1,58 @@ +id: kali-forms-b8ab2dfdf20e4fafe82ff439f5e1b3cf + +info: + name: > + Contact Form builder with drag & drop - Kali Forms <= 2.3.28 - Missing Authorization via get_log + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aec4d370-58c0-466f-b3bb-9676fc744d96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kali-forms/" + google-query: inurl:"/wp-content/plugins/kali-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kali-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kali-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kali-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kali-forms-bba8cb47607da11df10938d143f38653.yaml b/nuclei-templates/cve-less/plugins/kali-forms-bba8cb47607da11df10938d143f38653.yaml new file mode 100644 index 0000000000..774d782a2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kali-forms-bba8cb47607da11df10938d143f38653.yaml @@ -0,0 +1,58 @@ +id: kali-forms-bba8cb47607da11df10938d143f38653 + +info: + name: > + Kali Forms <= 2.1.1 - Missing Authorization to Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ed8e24d-6bd0-4638-9031-997ce2228fad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kali-forms/" + google-query: inurl:"/wp-content/plugins/kali-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kali-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kali-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kali-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kali-forms-e13af05b11fa3359bbef7b6fbbcbe782.yaml b/nuclei-templates/cve-less/plugins/kali-forms-e13af05b11fa3359bbef7b6fbbcbe782.yaml new file mode 100644 index 0000000000..853bee4725 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kali-forms-e13af05b11fa3359bbef7b6fbbcbe782.yaml @@ -0,0 +1,58 @@ +id: kali-forms-e13af05b11fa3359bbef7b6fbbcbe782 + +info: + name: > + Kali Forms <= 2.1.1 - Unauthenticated Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92644676-add4-415c-9a1a-c6616108688d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kali-forms/" + google-query: inurl:"/wp-content/plugins/kali-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kali-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kali-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kali-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kama-clic-counter-703cbb2bd8ca38850245b92d6dc648dc.yaml b/nuclei-templates/cve-less/plugins/kama-clic-counter-703cbb2bd8ca38850245b92d6dc648dc.yaml new file mode 100644 index 0000000000..0ed4c65842 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kama-clic-counter-703cbb2bd8ca38850245b92d6dc648dc.yaml @@ -0,0 +1,58 @@ +id: kama-clic-counter-703cbb2bd8ca38850245b92d6dc648dc + +info: + name: > + Kama Click Counter <= 3.4.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b6e45ae-650e-45eb-b781-5acec1ba2dde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kama-clic-counter/" + google-query: inurl:"/wp-content/plugins/kama-clic-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kama-clic-counter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kama-clic-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kama-clic-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kama-clic-counter-738043af82effea7b721b2ac598247ee.yaml b/nuclei-templates/cve-less/plugins/kama-clic-counter-738043af82effea7b721b2ac598247ee.yaml new file mode 100644 index 0000000000..6fa7a6cbdf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kama-clic-counter-738043af82effea7b721b2ac598247ee.yaml @@ -0,0 +1,58 @@ +id: kama-clic-counter-738043af82effea7b721b2ac598247ee + +info: + name: > + Kama Click Counter <= 3.4.9 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7837208-97e3-45f9-8f9f-b1906a4fcbcc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kama-clic-counter/" + google-query: inurl:"/wp-content/plugins/kama-clic-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kama-clic-counter,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kama-clic-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kama-clic-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kanban-0ba2d63b51e45936904968ed820d3fb0.yaml b/nuclei-templates/cve-less/plugins/kanban-0ba2d63b51e45936904968ed820d3fb0.yaml new file mode 100644 index 0000000000..2b8968ce0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kanban-0ba2d63b51e45936904968ed820d3fb0.yaml @@ -0,0 +1,58 @@ +id: kanban-0ba2d63b51e45936904968ed820d3fb0 + +info: + name: > + Kanban Boards for WordPress <= 2.5.21 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/071b5c32-b6ac-402a-af74-6ecd05279d93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kanban/" + google-query: inurl:"/wp-content/plugins/kanban/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kanban,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kanban/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kanban" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kanban-437b56ebf4aacc7667a38732c9abf4be.yaml b/nuclei-templates/cve-less/plugins/kanban-437b56ebf4aacc7667a38732c9abf4be.yaml new file mode 100644 index 0000000000..849acd49ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kanban-437b56ebf4aacc7667a38732c9abf4be.yaml @@ -0,0 +1,58 @@ +id: kanban-437b56ebf4aacc7667a38732c9abf4be + +info: + name: > + Kanban Boards for WordPress <= 2.5.20 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16e8e097-a332-4c8e-87fb-aabe5d00ae05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kanban/" + google-query: inurl:"/wp-content/plugins/kanban/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kanban,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kanban/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kanban" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kanban-b7ae92a9935669b4053689b9e0cbb221.yaml b/nuclei-templates/cve-less/plugins/kanban-b7ae92a9935669b4053689b9e0cbb221.yaml new file mode 100644 index 0000000000..ba38eceb39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kanban-b7ae92a9935669b4053689b9e0cbb221.yaml @@ -0,0 +1,58 @@ +id: kanban-b7ae92a9935669b4053689b9e0cbb221 + +info: + name: > + Kanban Boards <= 2.5.21 - Authenticated (Administrator+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3adea276-6b55-422d-adc9-a767f569181c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kanban/" + google-query: inurl:"/wp-content/plugins/kanban/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kanban,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kanban/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kanban" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kanban-c02729e12026bce3dd84d6631a92ade6.yaml b/nuclei-templates/cve-less/plugins/kanban-c02729e12026bce3dd84d6631a92ade6.yaml new file mode 100644 index 0000000000..e17bc50a75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kanban-c02729e12026bce3dd84d6631a92ade6.yaml @@ -0,0 +1,58 @@ +id: kanban-c02729e12026bce3dd84d6631a92ade6 + +info: + name: > + Kanban Boards for WordPress <= 2.5.20 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fe3e55e-7286-4d12-b24f-fce69248a446?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kanban/" + google-query: inurl:"/wp-content/plugins/kanban/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kanban,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kanban/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kanban" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kanban-f1213197a267fd7da7cf35e16e4c4e64.yaml b/nuclei-templates/cve-less/plugins/kanban-f1213197a267fd7da7cf35e16e4c4e64.yaml new file mode 100644 index 0000000000..40f5b6f3a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kanban-f1213197a267fd7da7cf35e16e4c4e64.yaml @@ -0,0 +1,58 @@ +id: kanban-f1213197a267fd7da7cf35e16e4c4e64 + +info: + name: > + Kanban Boards for WordPress <= 2.5.21 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/365808af-5ed1-4265-88bd-ca8a49bdf424?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kanban/" + google-query: inurl:"/wp-content/plugins/kanban/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kanban,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kanban/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kanban" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kangu-44460dbeb7b8e704694c0ff2206a0cbe.yaml b/nuclei-templates/cve-less/plugins/kangu-44460dbeb7b8e704694c0ff2206a0cbe.yaml new file mode 100644 index 0000000000..a520176d8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kangu-44460dbeb7b8e704694c0ff2206a0cbe.yaml @@ -0,0 +1,58 @@ +id: kangu-44460dbeb7b8e704694c0ff2206a0cbe + +info: + name: > + Kangu para WooCommerce <= 2.2.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9de8d95-4e07-4c52-912b-1a4e2d7e5ed0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kangu/" + google-query: inurl:"/wp-content/plugins/kangu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kangu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kangu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kangu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kaswara-40b261f9e620f48d7e973396d17f1ef6.yaml b/nuclei-templates/cve-less/plugins/kaswara-40b261f9e620f48d7e973396d17f1ef6.yaml new file mode 100644 index 0000000000..f089ff0ebe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kaswara-40b261f9e620f48d7e973396d17f1ef6.yaml @@ -0,0 +1,58 @@ +id: kaswara-40b261f9e620f48d7e973396d17f1ef6 + +info: + name: > + Kaswara Modern VC Addons <= 3.0.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e2c6030-d117-4c0b-a97a-d0bb89e948ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kaswara/" + google-query: inurl:"/wp-content/plugins/kaswara/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kaswara,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kaswara/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kaswara" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kattene-668f9a8a460ad561a2838627b58d495b.yaml b/nuclei-templates/cve-less/plugins/kattene-668f9a8a460ad561a2838627b58d495b.yaml new file mode 100644 index 0000000000..85813fd50b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kattene-668f9a8a460ad561a2838627b58d495b.yaml @@ -0,0 +1,58 @@ +id: kattene-668f9a8a460ad561a2838627b58d495b + +info: + name: > + Kattene <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/beb0eade-405b-429b-b7a5-0f9c09f8374e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kattene/" + google-query: inurl:"/wp-content/plugins/kattene/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kattene,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kattene/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kattene" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kau-boys-backend-localization-8b4d0763701a7017afeea137760172c9.yaml b/nuclei-templates/cve-less/plugins/kau-boys-backend-localization-8b4d0763701a7017afeea137760172c9.yaml new file mode 100644 index 0000000000..0d80bf9dda --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kau-boys-backend-localization-8b4d0763701a7017afeea137760172c9.yaml @@ -0,0 +1,58 @@ +id: kau-boys-backend-localization-8b4d0763701a7017afeea137760172c9 + +info: + name: > + Backend Localization <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49c6e8bb-4470-4602-a884-ac61c4e64976?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kau-boys-backend-localization/" + google-query: inurl:"/wp-content/plugins/kau-boys-backend-localization/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kau-boys-backend-localization,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kau-boys-backend-localization/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kau-boys-backend-localization" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kau-boys-backend-localization-9bc7114a41ccdec53120552ca052ffb2.yaml b/nuclei-templates/cve-less/plugins/kau-boys-backend-localization-9bc7114a41ccdec53120552ca052ffb2.yaml new file mode 100644 index 0000000000..dc5ceb18a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kau-boys-backend-localization-9bc7114a41ccdec53120552ca052ffb2.yaml @@ -0,0 +1,58 @@ +id: kau-boys-backend-localization-9bc7114a41ccdec53120552ca052ffb2 + +info: + name: > + Backend Localization <= 2.1.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad0bd82d-db0e-440e-9cea-d3843525b0f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kau-boys-backend-localization/" + google-query: inurl:"/wp-content/plugins/kau-boys-backend-localization/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kau-boys-backend-localization,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kau-boys-backend-localization/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kau-boys-backend-localization" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kau-boys-backend-localization-b58adfbc2afe32d767ef8aee301802e9.yaml b/nuclei-templates/cve-less/plugins/kau-boys-backend-localization-b58adfbc2afe32d767ef8aee301802e9.yaml new file mode 100644 index 0000000000..1b16a075a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kau-boys-backend-localization-b58adfbc2afe32d767ef8aee301802e9.yaml @@ -0,0 +1,58 @@ +id: kau-boys-backend-localization-b58adfbc2afe32d767ef8aee301802e9 + +info: + name: > + Backend Localization <= 1.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80fb6ac9-29af-4a11-ad2f-52cc1bfda6b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kau-boys-backend-localization/" + google-query: inurl:"/wp-content/plugins/kau-boys-backend-localization/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kau-boys-backend-localization,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kau-boys-backend-localization/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kau-boys-backend-localization" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kaya-qr-code-generator-3b8474b2759e8c9d48abfea5292a608c.yaml b/nuclei-templates/cve-less/plugins/kaya-qr-code-generator-3b8474b2759e8c9d48abfea5292a608c.yaml new file mode 100644 index 0000000000..9015e585b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kaya-qr-code-generator-3b8474b2759e8c9d48abfea5292a608c.yaml @@ -0,0 +1,58 @@ +id: kaya-qr-code-generator-3b8474b2759e8c9d48abfea5292a608c + +info: + name: > + Kaya QR Code Generator <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via qrCode attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4f0bb58-d904-4bf4-9e15-4ee6289c2df4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kaya-qr-code-generator/" + google-query: inurl:"/wp-content/plugins/kaya-qr-code-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kaya-qr-code-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kaya-qr-code-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kaya-qr-code-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kb-support-11a5b3d7c20edce1773adda5ec308996.yaml b/nuclei-templates/cve-less/plugins/kb-support-11a5b3d7c20edce1773adda5ec308996.yaml new file mode 100644 index 0000000000..0b00ed9c59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kb-support-11a5b3d7c20edce1773adda5ec308996.yaml @@ -0,0 +1,58 @@ +id: kb-support-11a5b3d7c20edce1773adda5ec308996 + +info: + name: > + KB Support <= 1.5.84 - Authenticated (Subscriber+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7be9241-26b6-4dd0-bd26-fdff59da3b76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kb-support/" + google-query: inurl:"/wp-content/plugins/kb-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kb-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kb-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kb-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.84') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kb-support-7229f0a7ed96aafb75936c9e304ee19f.yaml b/nuclei-templates/cve-less/plugins/kb-support-7229f0a7ed96aafb75936c9e304ee19f.yaml new file mode 100644 index 0000000000..da2e772d6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kb-support-7229f0a7ed96aafb75936c9e304ee19f.yaml @@ -0,0 +1,58 @@ +id: kb-support-7229f0a7ed96aafb75936c9e304ee19f + +info: + name: > + KB Support <= 1.6.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9148268a-1179-4bc5-b388-309cf08510d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kb-support/" + google-query: inurl:"/wp-content/plugins/kb-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kb-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kb-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kb-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kb-support-d5de86927ffadedc80433179f0132f85.yaml b/nuclei-templates/cve-less/plugins/kb-support-d5de86927ffadedc80433179f0132f85.yaml new file mode 100644 index 0000000000..0df10be24d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kb-support-d5de86927ffadedc80433179f0132f85.yaml @@ -0,0 +1,58 @@ +id: kb-support-d5de86927ffadedc80433179f0132f85 + +info: + name: > + KB Support <= 1.5.88 - Missing Authorization to Sensitive Data Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b24fe1d-1b21-4f8f-b66e-6df3bfc0e180?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kb-support/" + google-query: inurl:"/wp-content/plugins/kb-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kb-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kb-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kb-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.88') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kb-support-d8468ce3a3b28bab55fbd9d9d45afc3e.yaml b/nuclei-templates/cve-less/plugins/kb-support-d8468ce3a3b28bab55fbd9d9d45afc3e.yaml new file mode 100644 index 0000000000..f29fbafa67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kb-support-d8468ce3a3b28bab55fbd9d9d45afc3e.yaml @@ -0,0 +1,58 @@ +id: kb-support-d8468ce3a3b28bab55fbd9d9d45afc3e + +info: + name: > + KB Support – WordPress Help Desk <= 1.5.5 - Multiple Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3aeb5e01-0993-4628-8165-b27470332e34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kb-support/" + google-query: inurl:"/wp-content/plugins/kb-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kb-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kb-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kb-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kd-coming-soon-0ab200e48d96a6ca5d84cfe7a3d18007.yaml b/nuclei-templates/cve-less/plugins/kd-coming-soon-0ab200e48d96a6ca5d84cfe7a3d18007.yaml new file mode 100644 index 0000000000..cb7b6d865a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kd-coming-soon-0ab200e48d96a6ca5d84cfe7a3d18007.yaml @@ -0,0 +1,58 @@ +id: kd-coming-soon-0ab200e48d96a6ca5d84cfe7a3d18007 + +info: + name: > + KD Coming Soon <= 1.7 - Unauthenticated PHP Object Injection via cetitle + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f831d48-733a-4e79-8559-92b03b8d0356?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kd-coming-soon/" + google-query: inurl:"/wp-content/plugins/kd-coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kd-coming-soon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kd-coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kd-coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kebo-twitter-feed-71dea3214223a1d20c30d59ccb66600b.yaml b/nuclei-templates/cve-less/plugins/kebo-twitter-feed-71dea3214223a1d20c30d59ccb66600b.yaml new file mode 100644 index 0000000000..596484f90d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kebo-twitter-feed-71dea3214223a1d20c30d59ccb66600b.yaml @@ -0,0 +1,58 @@ +id: kebo-twitter-feed-71dea3214223a1d20c30d59ccb66600b + +info: + name: > + Kebo Twitter Feed <= 1.5.12 - Cross-Site Request Forgery via kebo_twitter_menu_render + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d56aaa20-f40c-4f99-bc38-0b14fa39a175?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kebo-twitter-feed/" + google-query: inurl:"/wp-content/plugins/kebo-twitter-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kebo-twitter-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kebo-twitter-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kebo-twitter-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/keep-backup-daily-dc6a4a649580730eac384e9fcfdcdd18.yaml b/nuclei-templates/cve-less/plugins/keep-backup-daily-dc6a4a649580730eac384e9fcfdcdd18.yaml new file mode 100644 index 0000000000..e3ca34c43e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/keep-backup-daily-dc6a4a649580730eac384e9fcfdcdd18.yaml @@ -0,0 +1,58 @@ +id: keep-backup-daily-dc6a4a649580730eac384e9fcfdcdd18 + +info: + name: > + Keep Backup Daily <= 2.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8693a8b1-15e1-4c9c-90fb-51fcaf5ff451?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/keep-backup-daily/" + google-query: inurl:"/wp-content/plugins/keep-backup-daily/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,keep-backup-daily,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/keep-backup-daily/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "keep-backup-daily" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kento-post-view-counter-4f2a3c77ca82525aff6c0c722c03bbb8.yaml b/nuclei-templates/cve-less/plugins/kento-post-view-counter-4f2a3c77ca82525aff6c0c722c03bbb8.yaml new file mode 100644 index 0000000000..eeb7b53355 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kento-post-view-counter-4f2a3c77ca82525aff6c0c722c03bbb8.yaml @@ -0,0 +1,58 @@ +id: kento-post-view-counter-4f2a3c77ca82525aff6c0c722c03bbb8 + +info: + name: > + Kento Post View Counter <= 2.8 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f340cfe-0829-444a-a67d-867ac8650b21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kento-post-view-counter/" + google-query: inurl:"/wp-content/plugins/kento-post-view-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kento-post-view-counter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kento-post-view-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kento-post-view-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kento-post-view-counter-cd6793bdae8ddbc15fc2277d7e7c8776.yaml b/nuclei-templates/cve-less/plugins/kento-post-view-counter-cd6793bdae8ddbc15fc2277d7e7c8776.yaml new file mode 100644 index 0000000000..b4066bc130 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kento-post-view-counter-cd6793bdae8ddbc15fc2277d7e7c8776.yaml @@ -0,0 +1,58 @@ +id: kento-post-view-counter-cd6793bdae8ddbc15fc2277d7e7c8776 + +info: + name: > + Kento Post View Counter <= 2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8da49fb2-d12a-4d23-9a8a-1b999046573a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kento-post-view-counter/" + google-query: inurl:"/wp-content/plugins/kento-post-view-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kento-post-view-counter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kento-post-view-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kento-post-view-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kento-post-view-counter-e343250b5d78372d282c8933d6d57ce1.yaml b/nuclei-templates/cve-less/plugins/kento-post-view-counter-e343250b5d78372d282c8933d6d57ce1.yaml new file mode 100644 index 0000000000..e80ed31cc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kento-post-view-counter-e343250b5d78372d282c8933d6d57ce1.yaml @@ -0,0 +1,58 @@ +id: kento-post-view-counter-e343250b5d78372d282c8933d6d57ce1 + +info: + name: > + Kento Post View Counter <= 2.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0ce3a76-5e16-4772-a802-9e5ce1345f95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kento-post-view-counter/" + google-query: inurl:"/wp-content/plugins/kento-post-view-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kento-post-view-counter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kento-post-view-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kento-post-view-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ketchup-restaurant-reservations-2edc0eee00be4035effb1c3f6980bcdd.yaml b/nuclei-templates/cve-less/plugins/ketchup-restaurant-reservations-2edc0eee00be4035effb1c3f6980bcdd.yaml new file mode 100644 index 0000000000..c98f4e0e0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ketchup-restaurant-reservations-2edc0eee00be4035effb1c3f6980bcdd.yaml @@ -0,0 +1,58 @@ +id: ketchup-restaurant-reservations-2edc0eee00be4035effb1c3f6980bcdd + +info: + name: > + Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4522102-5997-449e-81fe-446a5dac6e71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ketchup-restaurant-reservations/" + google-query: inurl:"/wp-content/plugins/ketchup-restaurant-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ketchup-restaurant-reservations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ketchup-restaurant-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ketchup-restaurant-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ketchup-restaurant-reservations-6f4e1c7a45d9fd969ed178f73339608a.yaml b/nuclei-templates/cve-less/plugins/ketchup-restaurant-reservations-6f4e1c7a45d9fd969ed178f73339608a.yaml new file mode 100644 index 0000000000..5eed3ff41d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ketchup-restaurant-reservations-6f4e1c7a45d9fd969ed178f73339608a.yaml @@ -0,0 +1,58 @@ +id: ketchup-restaurant-reservations-6f4e1c7a45d9fd969ed178f73339608a + +info: + name: > + Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18e562fb-9035-4f2d-a2d3-9a74ff1e4e32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ketchup-restaurant-reservations/" + google-query: inurl:"/wp-content/plugins/ketchup-restaurant-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ketchup-restaurant-reservations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ketchup-restaurant-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ketchup-restaurant-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/keyword-meta-ff335b153bdda68f2c4ef086e30eeef7.yaml b/nuclei-templates/cve-less/plugins/keyword-meta-ff335b153bdda68f2c4ef086e30eeef7.yaml new file mode 100644 index 0000000000..2d587a5668 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/keyword-meta-ff335b153bdda68f2c4ef086e30eeef7.yaml @@ -0,0 +1,58 @@ +id: keyword-meta-ff335b153bdda68f2c4ef086e30eeef7 + +info: + name: > + Keyword Meta <= 3.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e742b21-1097-459c-8c67-46d105e7b6e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/keyword-meta/" + google-query: inurl:"/wp-content/plugins/keyword-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,keyword-meta,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/keyword-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "keyword-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/keyword-strategy-internal-links-6a71a90d9115277ce9fcc31f3c8625f3.yaml b/nuclei-templates/cve-less/plugins/keyword-strategy-internal-links-6a71a90d9115277ce9fcc31f3c8625f3.yaml new file mode 100644 index 0000000000..a9b0288671 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/keyword-strategy-internal-links-6a71a90d9115277ce9fcc31f3c8625f3.yaml @@ -0,0 +1,58 @@ +id: keyword-strategy-internal-links-6a71a90d9115277ce9fcc31f3c8625f3 + +info: + name: > + Keyword Strategy Internal Links <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d99fe68c-3c0e-4a5a-96c8-de50b7a7e753?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/keyword-strategy-internal-links/" + google-query: inurl:"/wp-content/plugins/keyword-strategy-internal-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,keyword-strategy-internal-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/keyword-strategy-internal-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "keyword-strategy-internal-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kimili-flash-embed-86b662d95dc55b9ca72cce4586bb6bc2.yaml b/nuclei-templates/cve-less/plugins/kimili-flash-embed-86b662d95dc55b9ca72cce4586bb6bc2.yaml new file mode 100644 index 0000000000..a41c125b0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kimili-flash-embed-86b662d95dc55b9ca72cce4586bb6bc2.yaml @@ -0,0 +1,58 @@ +id: kimili-flash-embed-86b662d95dc55b9ca72cce4586bb6bc2 + +info: + name: > + Kimili Flash Embed <= 2.5.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e6f9f8c-a36b-412d-a2ae-cc90e3a840f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kimili-flash-embed/" + google-query: inurl:"/wp-content/plugins/kimili-flash-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kimili-flash-embed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kimili-flash-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kimili-flash-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kingcomposer-126c5ad6c5556b65e18e20f26325544a.yaml b/nuclei-templates/cve-less/plugins/kingcomposer-126c5ad6c5556b65e18e20f26325544a.yaml new file mode 100644 index 0000000000..2f0dcecf42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kingcomposer-126c5ad6c5556b65e18e20f26325544a.yaml @@ -0,0 +1,58 @@ +id: kingcomposer-126c5ad6c5556b65e18e20f26325544a + +info: + name: > + KingComposer <= 2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12e74e1a-71d0-4447-ac77-62073af5de88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kingcomposer/" + google-query: inurl:"/wp-content/plugins/kingcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kingcomposer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kingcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kingcomposer-28f8218d0cd81907d78e413554e9b440.yaml b/nuclei-templates/cve-less/plugins/kingcomposer-28f8218d0cd81907d78e413554e9b440.yaml new file mode 100644 index 0000000000..b0dd749268 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kingcomposer-28f8218d0cd81907d78e413554e9b440.yaml @@ -0,0 +1,58 @@ +id: kingcomposer-28f8218d0cd81907d78e413554e9b440 + +info: + name: > + Page Builder: KingComposer < 2.9.4 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45a62dd0-386c-41b3-b8dd-ced443da9f92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kingcomposer/" + google-query: inurl:"/wp-content/plugins/kingcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kingcomposer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kingcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kingcomposer-48b0aa896289cd47d761dfb701222bb0.yaml b/nuclei-templates/cve-less/plugins/kingcomposer-48b0aa896289cd47d761dfb701222bb0.yaml new file mode 100644 index 0000000000..92225a40cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kingcomposer-48b0aa896289cd47d761dfb701222bb0.yaml @@ -0,0 +1,58 @@ +id: kingcomposer-48b0aa896289cd47d761dfb701222bb0 + +info: + name: > + Page Builder KingComposer <= 2.9.6 - Authenticated Arbitrary Profile Creation and Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f96eb21c-7682-47e3-bd3a-37482d1bd37f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kingcomposer/" + google-query: inurl:"/wp-content/plugins/kingcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kingcomposer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kingcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kingcomposer-4c2f06746a0f92dd0596f11498bf4bdb.yaml b/nuclei-templates/cve-less/plugins/kingcomposer-4c2f06746a0f92dd0596f11498bf4bdb.yaml new file mode 100644 index 0000000000..adcd26db0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kingcomposer-4c2f06746a0f92dd0596f11498bf4bdb.yaml @@ -0,0 +1,58 @@ +id: kingcomposer-4c2f06746a0f92dd0596f11498bf4bdb + +info: + name: > + Page Builder KingComposer <= 2.9.6 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36abba4d-9a73-4ef2-a910-6030acddd182?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kingcomposer/" + google-query: inurl:"/wp-content/plugins/kingcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kingcomposer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kingcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kingcomposer-77b708d65934f257c39cc7cecab95cf9.yaml b/nuclei-templates/cve-less/plugins/kingcomposer-77b708d65934f257c39cc7cecab95cf9.yaml new file mode 100644 index 0000000000..00ca81f479 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kingcomposer-77b708d65934f257c39cc7cecab95cf9.yaml @@ -0,0 +1,58 @@ +id: kingcomposer-77b708d65934f257c39cc7cecab95cf9 + +info: + name: > + Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bdba04e-df4d-4094-877e-611d69e2e25d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kingcomposer/" + google-query: inurl:"/wp-content/plugins/kingcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kingcomposer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kingcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kingcomposer-f10892c912aef9cf076885d5c4fde1a7.yaml b/nuclei-templates/cve-less/plugins/kingcomposer-f10892c912aef9cf076885d5c4fde1a7.yaml new file mode 100644 index 0000000000..beb3a25994 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kingcomposer-f10892c912aef9cf076885d5c4fde1a7.yaml @@ -0,0 +1,58 @@ +id: kingcomposer-f10892c912aef9cf076885d5c4fde1a7 + +info: + name: > + Page Builder: KingComposer < 2.9.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6447de64-b484-4f64-ad78-7df81b5a0ed7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kingcomposer/" + google-query: inurl:"/wp-content/plugins/kingcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kingcomposer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kingcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kingcomposer-fa1461d953e85c77009854b513c7864a.yaml b/nuclei-templates/cve-less/plugins/kingcomposer-fa1461d953e85c77009854b513c7864a.yaml new file mode 100644 index 0000000000..07f9ec9996 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kingcomposer-fa1461d953e85c77009854b513c7864a.yaml @@ -0,0 +1,58 @@ +id: kingcomposer-fa1461d953e85c77009854b513c7864a + +info: + name: > + Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme <= 2.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d52cdc45-efea-46b5-9004-f3169e807747?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kingcomposer/" + google-query: inurl:"/wp-content/plugins/kingcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kingcomposer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kingcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kingkong-board-3b5accdca91dd653d9fdbf15959cc447.yaml b/nuclei-templates/cve-less/plugins/kingkong-board-3b5accdca91dd653d9fdbf15959cc447.yaml new file mode 100644 index 0000000000..77dcae230c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kingkong-board-3b5accdca91dd653d9fdbf15959cc447.yaml @@ -0,0 +1,58 @@ +id: kingkong-board-3b5accdca91dd653d9fdbf15959cc447 + +info: + name: > + Kingkong Board <= 2.1.0.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7b33199-d254-4d0c-88d0-ad2f7515d747?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kingkong-board/" + google-query: inurl:"/wp-content/plugins/kingkong-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kingkong-board,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kingkong-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingkong-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kish-guest-posting-a7228223462154328da551d1f21d3c16.yaml b/nuclei-templates/cve-less/plugins/kish-guest-posting-a7228223462154328da551d1f21d3c16.yaml new file mode 100644 index 0000000000..c0382f5edd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kish-guest-posting-a7228223462154328da551d1f21d3c16.yaml @@ -0,0 +1,58 @@ +id: kish-guest-posting-a7228223462154328da551d1f21d3c16 + +info: + name: > + Kish Guest Posting <= 1.2 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d52983d1-7da4-44e6-bfed-75107b923267?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kish-guest-posting/" + google-query: inurl:"/wp-content/plugins/kish-guest-posting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kish-guest-posting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kish-guest-posting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kish-guest-posting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kish-guest-posting-ddf19add11c9e3078c959a56598f9a91.yaml b/nuclei-templates/cve-less/plugins/kish-guest-posting-ddf19add11c9e3078c959a56598f9a91.yaml new file mode 100644 index 0000000000..e662f338aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kish-guest-posting-ddf19add11c9e3078c959a56598f9a91.yaml @@ -0,0 +1,58 @@ +id: kish-guest-posting-ddf19add11c9e3078c959a56598f9a91 + +info: + name: > + Kish Guest Posting <= 1.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c5092fa-a2ea-4a84-8ebd-273faf6c8707?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kish-guest-posting/" + google-query: inurl:"/wp-content/plugins/kish-guest-posting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kish-guest-posting,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kish-guest-posting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kish-guest-posting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kitestudio-core-41d2d6be7c3a0182cf7393ba0b128c1e.yaml b/nuclei-templates/cve-less/plugins/kitestudio-core-41d2d6be7c3a0182cf7393ba0b128c1e.yaml new file mode 100644 index 0000000000..6895a643e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kitestudio-core-41d2d6be7c3a0182cf7393ba0b128c1e.yaml @@ -0,0 +1,58 @@ +id: kitestudio-core-41d2d6be7c3a0182cf7393ba0b128c1e + +info: + name: > + core plugin for kitestudio themes <= 2.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6003a2a-dda5-4db4-8a0c-0d26d79529f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kitestudio-core/" + google-query: inurl:"/wp-content/plugins/kitestudio-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kitestudio-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kitestudio-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kitestudio-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-3500fb88bb82ba57864ceb27a25df18c.yaml b/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-3500fb88bb82ba57864ceb27a25df18c.yaml new file mode 100644 index 0000000000..533e454e97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-3500fb88bb82ba57864ceb27a25df18c.yaml @@ -0,0 +1,58 @@ +id: kivicare-clinic-management-system-3500fb88bb82ba57864ceb27a25df18c + +info: + name: > + KiviCare – Clinic & Patient Management System (EHR) <= 3.2.0 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39404341-8a27-4770-b6a6-d33e899b6bd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kivicare-clinic-management-system/" + google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kivicare-clinic-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-8784759a4cb7c427ffba0c396b0eda3c.yaml b/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-8784759a4cb7c427ffba0c396b0eda3c.yaml new file mode 100644 index 0000000000..11316c47ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-8784759a4cb7c427ffba0c396b0eda3c.yaml @@ -0,0 +1,58 @@ +id: kivicare-clinic-management-system-8784759a4cb7c427ffba0c396b0eda3c + +info: + name: > + KiviCare – Clinic & Patient Management System (EHR) <= 3.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4101c35e-5af9-4372-9ed1-fb6a15d8500f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kivicare-clinic-management-system/" + google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kivicare-clinic-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-a2fe6757edbb25d46fa159201cfedc69.yaml b/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-a2fe6757edbb25d46fa159201cfedc69.yaml new file mode 100644 index 0000000000..bdcf844608 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-a2fe6757edbb25d46fa159201cfedc69.yaml @@ -0,0 +1,58 @@ +id: kivicare-clinic-management-system-a2fe6757edbb25d46fa159201cfedc69 + +info: + name: > + KiviCare – Clinic & Patient Management System (EHR) <= 2.3.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7a97aeb-f34c-4997-864b-132bb5ed28e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kivicare-clinic-management-system/" + google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kivicare-clinic-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-e448c9e4b5c0c1a44cb7637de9906bfd.yaml b/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-e448c9e4b5c0c1a44cb7637de9906bfd.yaml new file mode 100644 index 0000000000..a141d11a5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-e448c9e4b5c0c1a44cb7637de9906bfd.yaml @@ -0,0 +1,58 @@ +id: kivicare-clinic-management-system-e448c9e4b5c0c1a44cb7637de9906bfd + +info: + name: > + KiviCare – Clinic & Patient Management System (EHR) <= 3.2.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88898997-6199-4b33-bd35-70a1a01812ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kivicare-clinic-management-system/" + google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kivicare-clinic-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-e6681bfff3cc4dc42aaabe81eb223699.yaml b/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-e6681bfff3cc4dc42aaabe81eb223699.yaml new file mode 100644 index 0000000000..b095b00f44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kivicare-clinic-management-system-e6681bfff3cc4dc42aaabe81eb223699.yaml @@ -0,0 +1,58 @@ +id: kivicare-clinic-management-system-e6681bfff3cc4dc42aaabe81eb223699 + +info: + name: > + KiviCare <= 3.2.0 - Reflected Cross-Site Scripting via 'filterType' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0c57743-9fdd-4fc0-9a27-787834b64846?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kivicare-clinic-management-system/" + google-query: inurl:"/wp-content/plugins/kivicare-clinic-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kivicare-clinic-management-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kivicare-clinic-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kivicare-clinic-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kiwi-logo-carousel-10df21fe953fcd7c84f02b55e2e8260b.yaml b/nuclei-templates/cve-less/plugins/kiwi-logo-carousel-10df21fe953fcd7c84f02b55e2e8260b.yaml new file mode 100644 index 0000000000..ca2b234f44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kiwi-logo-carousel-10df21fe953fcd7c84f02b55e2e8260b.yaml @@ -0,0 +1,58 @@ +id: kiwi-logo-carousel-10df21fe953fcd7c84f02b55e2e8260b + +info: + name: > + Logo Carousel < 1.7.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81b49050-84e4-4fb4-b8ed-baf21c8bb5a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kiwi-logo-carousel/" + google-query: inurl:"/wp-content/plugins/kiwi-logo-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kiwi-logo-carousel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kiwi-logo-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kiwi-logo-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kiwi-social-share-cf67d2bf93130a2d772a74f509dde212.yaml b/nuclei-templates/cve-less/plugins/kiwi-social-share-cf67d2bf93130a2d772a74f509dde212.yaml new file mode 100644 index 0000000000..fa9aa5a001 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kiwi-social-share-cf67d2bf93130a2d772a74f509dde212.yaml @@ -0,0 +1,58 @@ +id: kiwi-social-share-cf67d2bf93130a2d772a74f509dde212 + +info: + name: > + Kiwi Social Sharing 2.1.0 - 2.1.2 - Arbitrary Options Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8148b6d0-190a-4b97-8af7-edd6943116d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kiwi-social-share/" + google-query: inurl:"/wp-content/plugins/kiwi-social-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kiwi-social-share,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kiwi-social-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kiwi-social-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.1.0', '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kjm-admin-notices-c6a3bc41ee8a2ee4ea6023cb51c1bb30.yaml b/nuclei-templates/cve-less/plugins/kjm-admin-notices-c6a3bc41ee8a2ee4ea6023cb51c1bb30.yaml new file mode 100644 index 0000000000..d2944f48c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kjm-admin-notices-c6a3bc41ee8a2ee4ea6023cb51c1bb30.yaml @@ -0,0 +1,58 @@ +id: kjm-admin-notices-c6a3bc41ee8a2ee4ea6023cb51c1bb30 + +info: + name: > + KJM Admin Notices <= 2.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd3298dd-af80-481e-8d20-d33e7bb9bb85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kjm-admin-notices/" + google-query: inurl:"/wp-content/plugins/kjm-admin-notices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kjm-admin-notices,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kjm-admin-notices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kjm-admin-notices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kk-star-ratings-31e1dd2369472619e89b67df12c89fa8.yaml b/nuclei-templates/cve-less/plugins/kk-star-ratings-31e1dd2369472619e89b67df12c89fa8.yaml new file mode 100644 index 0000000000..f0cdbe2b87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kk-star-ratings-31e1dd2369472619e89b67df12c89fa8.yaml @@ -0,0 +1,58 @@ +id: kk-star-ratings-31e1dd2369472619e89b67df12c89fa8 + +info: + name: > + kk Star Ratings <= 5.4.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1af442f7-b57c-47bd-9733-5e6bb5c89443?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kk-star-ratings/" + google-query: inurl:"/wp-content/plugins/kk-star-ratings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kk-star-ratings,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kk-star-ratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kk-star-ratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kk-star-ratings-d3315d27c075491e0975254e6c7dfe78.yaml b/nuclei-templates/cve-less/plugins/kk-star-ratings-d3315d27c075491e0975254e6c7dfe78.yaml new file mode 100644 index 0000000000..20b4873114 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kk-star-ratings-d3315d27c075491e0975254e6c7dfe78.yaml @@ -0,0 +1,58 @@ +id: kk-star-ratings-d3315d27c075491e0975254e6c7dfe78 + +info: + name: > + kk Star Ratings <= 5.4.3 - IP Spoofing to Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c4fcaa5-357a-4b70-8653-3874a234f07d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kk-star-ratings/" + google-query: inurl:"/wp-content/plugins/kk-star-ratings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kk-star-ratings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kk-star-ratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kk-star-ratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kk-star-ratings-e20377f8d33eee03a0841308e7bb35f3.yaml b/nuclei-templates/cve-less/plugins/kk-star-ratings-e20377f8d33eee03a0841308e7bb35f3.yaml new file mode 100644 index 0000000000..836c5bdf91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kk-star-ratings-e20377f8d33eee03a0841308e7bb35f3.yaml @@ -0,0 +1,58 @@ +id: kk-star-ratings-e20377f8d33eee03a0841308e7bb35f3 + +info: + name: > + kk Star Ratings <= 5.4.5 - Race Condition to Multiple User Voting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/003694f8-23be-4c94-899d-76b9b8488202?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kk-star-ratings/" + google-query: inurl:"/wp-content/plugins/kk-star-ratings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kk-star-ratings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kk-star-ratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kk-star-ratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/klarna-payments-for-woocommerce-db671eee30eadb2b3e6d738cfc02d4cf.yaml b/nuclei-templates/cve-less/plugins/klarna-payments-for-woocommerce-db671eee30eadb2b3e6d738cfc02d4cf.yaml new file mode 100644 index 0000000000..74b927a2d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/klarna-payments-for-woocommerce-db671eee30eadb2b3e6d738cfc02d4cf.yaml @@ -0,0 +1,58 @@ +id: klarna-payments-for-woocommerce-db671eee30eadb2b3e6d738cfc02d4cf + +info: + name: > + Klarna Payments for WooCommerce <= 3.2.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4677042d-ff0a-4340-ada7-c82d2da0c01c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/klarna-payments-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/klarna-payments-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,klarna-payments-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/klarna-payments-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "klarna-payments-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/klaviyo-e9d4c2285e81f24a0ebb73201d5c6506.yaml b/nuclei-templates/cve-less/plugins/klaviyo-e9d4c2285e81f24a0ebb73201d5c6506.yaml new file mode 100644 index 0000000000..32c7925278 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/klaviyo-e9d4c2285e81f24a0ebb73201d5c6506.yaml @@ -0,0 +1,58 @@ +id: klaviyo-e9d4c2285e81f24a0ebb73201d5c6506 + +info: + name: > + Klaviyo <= 3.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2b66f27-e4d2-4f6e-be96-b7f967a30885?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/klaviyo/" + google-query: inurl:"/wp-content/plugins/klaviyo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,klaviyo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/klaviyo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "klaviyo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/klaviyo-f10af2927781e57c830660efc5735cb4.yaml b/nuclei-templates/cve-less/plugins/klaviyo-f10af2927781e57c830660efc5735cb4.yaml new file mode 100644 index 0000000000..048cb5b875 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/klaviyo-f10af2927781e57c830660efc5735cb4.yaml @@ -0,0 +1,58 @@ +id: klaviyo-f10af2927781e57c830660efc5735cb4 + +info: + name: > + Klaviyo <= 3.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/294de862-716c-4e17-a1cf-cade53207013?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/klaviyo/" + google-query: inurl:"/wp-content/plugins/klaviyo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,klaviyo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/klaviyo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "klaviyo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kn-fix-your-fe19c96913ad86b413d30430f8f6dd54.yaml b/nuclei-templates/cve-less/plugins/kn-fix-your-fe19c96913ad86b413d30430f8f6dd54.yaml new file mode 100644 index 0000000000..5bb91c59fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kn-fix-your-fe19c96913ad86b413d30430f8f6dd54.yaml @@ -0,0 +1,58 @@ +id: kn-fix-your-fe19c96913ad86b413d30430f8f6dd54 + +info: + name: > + KN Fix Your Title <= 1.0.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d9fb74d-58fd-4881-970d-86944c8784c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kn-fix-your/" + google-query: inurl:"/wp-content/plugins/kn-fix-your/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kn-fix-your,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kn-fix-your/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kn-fix-your" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/knight-lab-timelinejs-3c3beb51159fce431f6c1df59690d1f4.yaml b/nuclei-templates/cve-less/plugins/knight-lab-timelinejs-3c3beb51159fce431f6c1df59690d1f4.yaml new file mode 100644 index 0000000000..8aebd1a4df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/knight-lab-timelinejs-3c3beb51159fce431f6c1df59690d1f4.yaml @@ -0,0 +1,58 @@ +id: knight-lab-timelinejs-3c3beb51159fce431f6c1df59690d1f4 + +info: + name: > + TimelineJS3 < 3.7.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf4e3fc3-b9f4-4ae5-ad48-2f764879360a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/knight-lab-timelinejs/" + google-query: inurl:"/wp-content/plugins/knight-lab-timelinejs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,knight-lab-timelinejs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/knight-lab-timelinejs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "knight-lab-timelinejs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/knight-lab-timelinejs-aa7769527923a5d7ef3aff0dbf4c6e9e.yaml b/nuclei-templates/cve-less/plugins/knight-lab-timelinejs-aa7769527923a5d7ef3aff0dbf4c6e9e.yaml new file mode 100644 index 0000000000..5655a2cb71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/knight-lab-timelinejs-aa7769527923a5d7ef3aff0dbf4c6e9e.yaml @@ -0,0 +1,58 @@ +id: knight-lab-timelinejs-aa7769527923a5d7ef3aff0dbf4c6e9e + +info: + name: > + Knight Lab Timeline <= 3.9.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/758beea4-809c-4837-839d-76ee982d0ae5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/knight-lab-timelinejs/" + google-query: inurl:"/wp-content/plugins/knight-lab-timelinejs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,knight-lab-timelinejs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/knight-lab-timelinejs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "knight-lab-timelinejs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/knight-lab-timelinejs-f1c3c3df1834bde215592ceeafa99ec0.yaml b/nuclei-templates/cve-less/plugins/knight-lab-timelinejs-f1c3c3df1834bde215592ceeafa99ec0.yaml new file mode 100644 index 0000000000..86bdef392c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/knight-lab-timelinejs-f1c3c3df1834bde215592ceeafa99ec0.yaml @@ -0,0 +1,58 @@ +id: knight-lab-timelinejs-f1c3c3df1834bde215592ceeafa99ec0 + +info: + name: > + Knight Lab Timeline <= 3.9.3.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/afb3e68e-6f79-4c46-b41e-8fd6eb43c755?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/knight-lab-timelinejs/" + google-query: inurl:"/wp-content/plugins/knight-lab-timelinejs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,knight-lab-timelinejs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/knight-lab-timelinejs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "knight-lab-timelinejs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ko-fi-button-b309eae3300d9042c3f3d6f98d0437a7.yaml b/nuclei-templates/cve-less/plugins/ko-fi-button-b309eae3300d9042c3f3d6f98d0437a7.yaml new file mode 100644 index 0000000000..5922f8d3ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ko-fi-button-b309eae3300d9042c3f3d6f98d0437a7.yaml @@ -0,0 +1,58 @@ +id: ko-fi-button-b309eae3300d9042c3f3d6f98d0437a7 + +info: + name: > + Ko-fi Button <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa13426a-2d4e-4268-bc0d-e496bc9e6f33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ko-fi-button/" + google-query: inurl:"/wp-content/plugins/ko-fi-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ko-fi-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ko-fi-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ko-fi-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kodex-posts-likes-3a81ae3c463ea49e154447e90b9b17fa.yaml b/nuclei-templates/cve-less/plugins/kodex-posts-likes-3a81ae3c463ea49e154447e90b9b17fa.yaml new file mode 100644 index 0000000000..a2fbbbb79e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kodex-posts-likes-3a81ae3c463ea49e154447e90b9b17fa.yaml @@ -0,0 +1,58 @@ +id: kodex-posts-likes-3a81ae3c463ea49e154447e90b9b17fa + +info: + name: > + Kodex Posts likes <= 2.4.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77d56f61-7e45-405e-878d-fa3d53acede0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kodex-posts-likes/" + google-query: inurl:"/wp-content/plugins/kodex-posts-likes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kodex-posts-likes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kodex-posts-likes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kodex-posts-likes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/konnichiwa-5e9157054c225e3f87bee05e68d2bb85.yaml b/nuclei-templates/cve-less/plugins/konnichiwa-5e9157054c225e3f87bee05e68d2bb85.yaml new file mode 100644 index 0000000000..214c5ec9d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/konnichiwa-5e9157054c225e3f87bee05e68d2bb85.yaml @@ -0,0 +1,58 @@ +id: konnichiwa-5e9157054c225e3f87bee05e68d2bb85 + +info: + name: > + Konnichiwa! Membership <= 0.8.3 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4252da8a-26c7-41a4-944b-cb41dafa8884?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/konnichiwa/" + google-query: inurl:"/wp-content/plugins/konnichiwa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,konnichiwa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/konnichiwa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "konnichiwa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kopatheme-219182470bf96c81d2700e98935234cf.yaml b/nuclei-templates/cve-less/plugins/kopatheme-219182470bf96c81d2700e98935234cf.yaml new file mode 100644 index 0000000000..313bda7bf2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kopatheme-219182470bf96c81d2700e98935234cf.yaml @@ -0,0 +1,58 @@ +id: kopatheme-219182470bf96c81d2700e98935234cf + +info: + name: > + Kopa Framework <= 1.3.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa16ab9f-4fb1-43de-bfbb-bd6caf6a68dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kopatheme/" + google-query: inurl:"/wp-content/plugins/kopatheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kopatheme,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kopatheme/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kopatheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/korea-sns-eccc639fdf835f594ca670b3e9f9f323.yaml b/nuclei-templates/cve-less/plugins/korea-sns-eccc639fdf835f594ca670b3e9f9f323.yaml new file mode 100644 index 0000000000..2293342194 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/korea-sns-eccc639fdf835f594ca670b3e9f9f323.yaml @@ -0,0 +1,58 @@ +id: korea-sns-eccc639fdf835f594ca670b3e9f9f323 + +info: + name: > + Korea SNS <= 1.6.4 - Cross-Site Request Forgery via kon_tergos_options + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51d07d2a-74e6-499e-8d66-90893faedeaf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/korea-sns/" + google-query: inurl:"/wp-content/plugins/korea-sns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,korea-sns,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/korea-sns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "korea-sns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kp-fastest-tawk-to-chat-44b3ba415f16865ebb1bd98068348f19.yaml b/nuclei-templates/cve-less/plugins/kp-fastest-tawk-to-chat-44b3ba415f16865ebb1bd98068348f19.yaml new file mode 100644 index 0000000000..51b7486ae7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kp-fastest-tawk-to-chat-44b3ba415f16865ebb1bd98068348f19.yaml @@ -0,0 +1,58 @@ +id: kp-fastest-tawk-to-chat-44b3ba415f16865ebb1bd98068348f19 + +info: + name: > + KP Fastest Tawk.to Chat <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02ddfc75-8a9e-4a8e-8339-52348a963c69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kp-fastest-tawk-to-chat/" + google-query: inurl:"/wp-content/plugins/kp-fastest-tawk-to-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kp-fastest-tawk-to-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kp-fastest-tawk-to-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kp-fastest-tawk-to-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kraken-image-optimizer-a98db6a35902de5cbf34db4eed4ead5f.yaml b/nuclei-templates/cve-less/plugins/kraken-image-optimizer-a98db6a35902de5cbf34db4eed4ead5f.yaml new file mode 100644 index 0000000000..235bf2c1ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kraken-image-optimizer-a98db6a35902de5cbf34db4eed4ead5f.yaml @@ -0,0 +1,58 @@ +id: kraken-image-optimizer-a98db6a35902de5cbf34db4eed4ead5f + +info: + name: > + Kraken.io Image Optimizer <= 2.6.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/320c0c1d-9d1b-43d7-aca5-2104b2a63e8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kraken-image-optimizer/" + google-query: inurl:"/wp-content/plugins/kraken-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kraken-image-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kraken-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kraken-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kraken-image-optimizer-d320263520ce22890af78fdf485478ad.yaml b/nuclei-templates/cve-less/plugins/kraken-image-optimizer-d320263520ce22890af78fdf485478ad.yaml new file mode 100644 index 0000000000..568abd2a7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kraken-image-optimizer-d320263520ce22890af78fdf485478ad.yaml @@ -0,0 +1,58 @@ +id: kraken-image-optimizer-d320263520ce22890af78fdf485478ad + +info: + name: > + Kraken.io Image Optimizer <= 2.6.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f94eabc5-6e3b-46df-9e36-d7d0fad833de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kraken-image-optimizer/" + google-query: inurl:"/wp-content/plugins/kraken-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kraken-image-optimizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kraken-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kraken-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kraken-image-optimizer-e82a5c99393c73fafe048a1ee03cc574.yaml b/nuclei-templates/cve-less/plugins/kraken-image-optimizer-e82a5c99393c73fafe048a1ee03cc574.yaml new file mode 100644 index 0000000000..caf861e51a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kraken-image-optimizer-e82a5c99393c73fafe048a1ee03cc574.yaml @@ -0,0 +1,58 @@ +id: kraken-image-optimizer-e82a5c99393c73fafe048a1ee03cc574 + +info: + name: > + Kraken.io Image Optimizer <= 2.6.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2497837d-dec6-4a1d-be88-5c0e659eeb46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kraken-image-optimizer/" + google-query: inurl:"/wp-content/plugins/kraken-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kraken-image-optimizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kraken-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kraken-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kunze-law-54befb9e4a40b2daeebffb4c52b40b61.yaml b/nuclei-templates/cve-less/plugins/kunze-law-54befb9e4a40b2daeebffb4c52b40b61.yaml new file mode 100644 index 0000000000..d6274d2bde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kunze-law-54befb9e4a40b2daeebffb4c52b40b61.yaml @@ -0,0 +1,58 @@ +id: kunze-law-54befb9e4a40b2daeebffb4c52b40b61 + +info: + name: > + Kunze Law < 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ef70f07-ef60-4842-91a9-879478d3f4d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kunze-law/" + google-query: inurl:"/wp-content/plugins/kunze-law/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kunze-law,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kunze-law/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kunze-law" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kv-tinymce-editor-fonts-f59a000f4db543a9b891f92c5f6872de.yaml b/nuclei-templates/cve-less/plugins/kv-tinymce-editor-fonts-f59a000f4db543a9b891f92c5f6872de.yaml new file mode 100644 index 0000000000..0a8d7d70fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kv-tinymce-editor-fonts-f59a000f4db543a9b891f92c5f6872de.yaml @@ -0,0 +1,58 @@ +id: kv-tinymce-editor-fonts-f59a000f4db543a9b891f92c5f6872de + +info: + name: > + Kv TinyMCE Editor Add Fonts <= 1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cde526f2-7eff-49cf-8a9f-e0c0cdd12522?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kv-tinymce-editor-fonts/" + google-query: inurl:"/wp-content/plugins/kv-tinymce-editor-fonts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kv-tinymce-editor-fonts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kv-tinymce-editor-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kv-tinymce-editor-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/kwayy-html-sitemap-03920cd9ca5ff22b06a994a5f8a5fb1c.yaml b/nuclei-templates/cve-less/plugins/kwayy-html-sitemap-03920cd9ca5ff22b06a994a5f8a5fb1c.yaml new file mode 100644 index 0000000000..3ba4ffeb21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/kwayy-html-sitemap-03920cd9ca5ff22b06a994a5f8a5fb1c.yaml @@ -0,0 +1,58 @@ +id: kwayy-html-sitemap-03920cd9ca5ff22b06a994a5f8a5fb1c + +info: + name: > + Kwayy HTML Sitemap <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scipting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6001516-3d3c-48a9-92ae-a1d249d58cec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/kwayy-html-sitemap/" + google-query: inurl:"/wp-content/plugins/kwayy-html-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,kwayy-html-sitemap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/kwayy-html-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kwayy-html-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/labtools-d4cabd09aa67db7f89a13839c46aab51.yaml b/nuclei-templates/cve-less/plugins/labtools-d4cabd09aa67db7f89a13839c46aab51.yaml new file mode 100644 index 0000000000..cc1e7f6124 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/labtools-d4cabd09aa67db7f89a13839c46aab51.yaml @@ -0,0 +1,58 @@ +id: labtools-d4cabd09aa67db7f89a13839c46aab51 + +info: + name: > + LabTools <= 1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab9d3fa4-f2b1-4f38-b928-a1220cfeca75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/labtools/" + google-query: inurl:"/wp-content/plugins/labtools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,labtools,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/labtools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "labtools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ladipage-1da9a5e486a5bca5eea56b41f291472c.yaml b/nuclei-templates/cve-less/plugins/ladipage-1da9a5e486a5bca5eea56b41f291472c.yaml new file mode 100644 index 0000000000..915ae0b6be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ladipage-1da9a5e486a5bca5eea56b41f291472c.yaml @@ -0,0 +1,58 @@ +id: ladipage-1da9a5e486a5bca5eea56b41f291472c + +info: + name: > + LadiApp <= 4.4 - Cross-Site Request Forgery via save_config() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea595e78-f4fc-491d-8143-c836302618d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ladipage/" + google-query: inurl:"/wp-content/plugins/ladipage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ladipage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ladipage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ladipage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ladipage-60eda95192a20425ef3765da3a807a07.yaml b/nuclei-templates/cve-less/plugins/ladipage-60eda95192a20425ef3765da3a807a07.yaml new file mode 100644 index 0000000000..2ad6e75fac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ladipage-60eda95192a20425ef3765da3a807a07.yaml @@ -0,0 +1,58 @@ +id: ladipage-60eda95192a20425ef3765da3a807a07 + +info: + name: > + LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Missing Authorization on publish_lp() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6dafc81c-f1be-422d-b34f-87f1956e8849?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ladipage/" + google-query: inurl:"/wp-content/plugins/ladipage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ladipage,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ladipage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ladipage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ladipage-75b95cd57aa6f181317402e50b5298ac.yaml b/nuclei-templates/cve-less/plugins/ladipage-75b95cd57aa6f181317402e50b5298ac.yaml new file mode 100644 index 0000000000..1a7a78f9de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ladipage-75b95cd57aa6f181317402e50b5298ac.yaml @@ -0,0 +1,58 @@ +id: ladipage-75b95cd57aa6f181317402e50b5298ac + +info: + name: > + LadiApp <= 4.4 - Missing Authorization via ladiflow_save_hook() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47dccf26-6c8d-4418-a874-c29749bee537?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ladipage/" + google-query: inurl:"/wp-content/plugins/ladipage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ladipage,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ladipage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ladipage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ladipage-7f3124ca75169d1ce32c9846ab853c30.yaml b/nuclei-templates/cve-less/plugins/ladipage-7f3124ca75169d1ce32c9846ab853c30.yaml new file mode 100644 index 0000000000..f4f7b34c06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ladipage-7f3124ca75169d1ce32c9846ab853c30.yaml @@ -0,0 +1,58 @@ +id: ladipage-7f3124ca75169d1ce32c9846ab853c30 + +info: + name: > + LadiApp <= 4.4 - Cross-Site Request Forgery via ladiflow_save_hook() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0be418fa-f1cf-4aaf-bc94-c8e04186a54b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ladipage/" + google-query: inurl:"/wp-content/plugins/ladipage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ladipage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ladipage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ladipage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ladipage-c2e6ea5d855361966f47fc5dcb8b0259.yaml b/nuclei-templates/cve-less/plugins/ladipage-c2e6ea5d855361966f47fc5dcb8b0259.yaml new file mode 100644 index 0000000000..ad94a949f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ladipage-c2e6ea5d855361966f47fc5dcb8b0259.yaml @@ -0,0 +1,58 @@ +id: ladipage-c2e6ea5d855361966f47fc5dcb8b0259 + +info: + name: > + LadiApp <= 4.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f88ff96-5bd7-448d-a030-e75fd268bff6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ladipage/" + google-query: inurl:"/wp-content/plugins/ladipage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ladipage,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ladipage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ladipage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ladipage-cc5f050077abe9bc4430ea7311dee63b.yaml b/nuclei-templates/cve-less/plugins/ladipage-cc5f050077abe9bc4430ea7311dee63b.yaml new file mode 100644 index 0000000000..8acc9f887c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ladipage-cc5f050077abe9bc4430ea7311dee63b.yaml @@ -0,0 +1,58 @@ +id: ladipage-cc5f050077abe9bc4430ea7311dee63b + +info: + name: > + LadiApp <= 4.4 - Missing Authorization via save_config() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8074af6-cb2c-44db-9110-517f33caa96e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ladipage/" + google-query: inurl:"/wp-content/plugins/ladipage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ladipage,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ladipage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ladipage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ladipage-d50f67dc0f0c12eaee9077e2d5da5b59.yaml b/nuclei-templates/cve-less/plugins/ladipage-d50f67dc0f0c12eaee9077e2d5da5b59.yaml new file mode 100644 index 0000000000..618a02d7f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ladipage-d50f67dc0f0c12eaee9077e2d5da5b59.yaml @@ -0,0 +1,58 @@ +id: ladipage-d50f67dc0f0c12eaee9077e2d5da5b59 + +info: + name: > + LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Cross-Site Request Forgery via publish_lp() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db707507-c53f-45b8-a8e1-7fea1c6f8f3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ladipage/" + google-query: inurl:"/wp-content/plugins/ladipage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ladipage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ladipage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ladipage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ladipage-e17132380795ec993497562455cdcf18.yaml b/nuclei-templates/cve-less/plugins/ladipage-e17132380795ec993497562455cdcf18.yaml new file mode 100644 index 0000000000..b9ac9d4037 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ladipage-e17132380795ec993497562455cdcf18.yaml @@ -0,0 +1,58 @@ +id: ladipage-e17132380795ec993497562455cdcf18 + +info: + name: > + LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Cross-Site Request Forgery via init_endpoint + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a46fd57-4cb9-4d98-89b6-926d74b2ab33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ladipage/" + google-query: inurl:"/wp-content/plugins/ladipage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ladipage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ladipage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ladipage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lana-downloads-manager-3e06725c467ed0bbc52c31de7579bce8.yaml b/nuclei-templates/cve-less/plugins/lana-downloads-manager-3e06725c467ed0bbc52c31de7579bce8.yaml new file mode 100644 index 0000000000..05b474ee88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lana-downloads-manager-3e06725c467ed0bbc52c31de7579bce8.yaml @@ -0,0 +1,58 @@ +id: lana-downloads-manager-3e06725c467ed0bbc52c31de7579bce8 + +info: + name: > + Lana Downloads Manager <= 1.7.1 - Authenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9abae49f-b396-4684-8dd5-0b5593069861?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lana-downloads-manager/" + google-query: inurl:"/wp-content/plugins/lana-downloads-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lana-downloads-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lana-downloads-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lana-downloads-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lana-email-logger-0eff9655bfda1837e342ad2c25cf67f3.yaml b/nuclei-templates/cve-less/plugins/lana-email-logger-0eff9655bfda1837e342ad2c25cf67f3.yaml new file mode 100644 index 0000000000..9226e9cb10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lana-email-logger-0eff9655bfda1837e342ad2c25cf67f3.yaml @@ -0,0 +1,58 @@ +id: lana-email-logger-0eff9655bfda1837e342ad2c25cf67f3 + +info: + name: > + Lana Email Logger <= 1.0.2 - Unauthenticated Stored Cross-Site Scripting via Email Subject + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5f372bf-6b13-4ba7-8b8b-9d3b500e4420?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lana-email-logger/" + google-query: inurl:"/wp-content/plugins/lana-email-logger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lana-email-logger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lana-email-logger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lana-email-logger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lana-shortcodes-30c4f098df3ec040d50017f604f86e26.yaml b/nuclei-templates/cve-less/plugins/lana-shortcodes-30c4f098df3ec040d50017f604f86e26.yaml new file mode 100644 index 0000000000..4ed06b3e91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lana-shortcodes-30c4f098df3ec040d50017f604f86e26.yaml @@ -0,0 +1,58 @@ +id: lana-shortcodes-30c4f098df3ec040d50017f604f86e26 + +info: + name: > + Lana Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36806418-ae4e-4981-b9c5-dadb5e92e69a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lana-shortcodes/" + google-query: inurl:"/wp-content/plugins/lana-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lana-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lana-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lana-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lana-text-to-image-01d1d88da52813ba88f89d4ae266435f.yaml b/nuclei-templates/cve-less/plugins/lana-text-to-image-01d1d88da52813ba88f89d4ae266435f.yaml new file mode 100644 index 0000000000..4c24c1dd16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lana-text-to-image-01d1d88da52813ba88f89d4ae266435f.yaml @@ -0,0 +1,58 @@ +id: lana-text-to-image-01d1d88da52813ba88f89d4ae266435f + +info: + name: > + Lana Text to Image <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8acb7893-85b2-404a-b3fe-b4c1a835b3eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lana-text-to-image/" + google-query: inurl:"/wp-content/plugins/lana-text-to-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lana-text-to-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lana-text-to-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lana-text-to-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/landing-page-cat-823af0fa0a5da870a62224c7ff6c3f56.yaml b/nuclei-templates/cve-less/plugins/landing-page-cat-823af0fa0a5da870a62224c7ff6c3f56.yaml new file mode 100644 index 0000000000..ad43aa61ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/landing-page-cat-823af0fa0a5da870a62224c7ff6c3f56.yaml @@ -0,0 +1,58 @@ +id: landing-page-cat-823af0fa0a5da870a62224c7ff6c3f56 + +info: + name: > + Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages <= 1.7.2 - Unauthenticated Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b34f50a-4d2d-49b8-86e4-0416c8be202b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/landing-page-cat/" + google-query: inurl:"/wp-content/plugins/landing-page-cat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,landing-page-cat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/landing-page-cat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "landing-page-cat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/landing-pages-1bd3cf2ded386b4330f990e160e575a1.yaml b/nuclei-templates/cve-less/plugins/landing-pages-1bd3cf2ded386b4330f990e160e575a1.yaml new file mode 100644 index 0000000000..2baa65407d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/landing-pages-1bd3cf2ded386b4330f990e160e575a1.yaml @@ -0,0 +1,58 @@ +id: landing-pages-1bd3cf2ded386b4330f990e160e575a1 + +info: + name: > + WordPress Landing Pages <= 1.8.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0b4a357-fddd-4b42-8834-3a294e0d150c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/landing-pages/" + google-query: inurl:"/wp-content/plugins/landing-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,landing-pages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/landing-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "landing-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/landing-pages-1d38738da5297f92f4a75e3867c8fc2b.yaml b/nuclei-templates/cve-less/plugins/landing-pages-1d38738da5297f92f4a75e3867c8fc2b.yaml new file mode 100644 index 0000000000..3aaf25b828 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/landing-pages-1d38738da5297f92f4a75e3867c8fc2b.yaml @@ -0,0 +1,58 @@ +id: landing-pages-1d38738da5297f92f4a75e3867c8fc2b + +info: + name: > + WordPress Landing Pages <= 1.9.0 - Unauthenticated Remote Command Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f25cabc-8886-4d30-af16-07d344db2fff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/landing-pages/" + google-query: inurl:"/wp-content/plugins/landing-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,landing-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/landing-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "landing-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/landing-pages-32b6d6a7715e88760b71f326a4a0a744.yaml b/nuclei-templates/cve-less/plugins/landing-pages-32b6d6a7715e88760b71f326a4a0a744.yaml new file mode 100644 index 0000000000..4310553d67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/landing-pages-32b6d6a7715e88760b71f326a4a0a744.yaml @@ -0,0 +1,58 @@ +id: landing-pages-32b6d6a7715e88760b71f326a4a0a744 + +info: + name: > + WordPress Landing Pages <= 1.8.4 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68f460dc-bb7f-4477-821b-925c7c2c2de5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/landing-pages/" + google-query: inurl:"/wp-content/plugins/landing-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,landing-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/landing-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "landing-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/landing-pages-6ef6064badb5d7b87c27535925053eda.yaml b/nuclei-templates/cve-less/plugins/landing-pages-6ef6064badb5d7b87c27535925053eda.yaml new file mode 100644 index 0000000000..dc7e60c3a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/landing-pages-6ef6064badb5d7b87c27535925053eda.yaml @@ -0,0 +1,58 @@ +id: landing-pages-6ef6064badb5d7b87c27535925053eda + +info: + name: > + WordPress Landing Pages <= 1.8.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5aa2ff1f-c018-4c35-859e-f7e42134b937?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/landing-pages/" + google-query: inurl:"/wp-content/plugins/landing-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,landing-pages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/landing-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "landing-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/landing-pages-fc1127bab00994e33df3aea4eda89e16.yaml b/nuclei-templates/cve-less/plugins/landing-pages-fc1127bab00994e33df3aea4eda89e16.yaml new file mode 100644 index 0000000000..2505ffe4f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/landing-pages-fc1127bab00994e33df3aea4eda89e16.yaml @@ -0,0 +1,58 @@ +id: landing-pages-fc1127bab00994e33df3aea4eda89e16 + +info: + name: > + WordPress Landing Pages < 1.2.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3f50771-f889-4de9-9d43-a736c4c24efc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/landing-pages/" + google-query: inurl:"/wp-content/plugins/landing-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,landing-pages,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/landing-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "landing-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/landingi-landing-pages-4557d429895965429fa37880092128d8.yaml b/nuclei-templates/cve-less/plugins/landingi-landing-pages-4557d429895965429fa37880092128d8.yaml new file mode 100644 index 0000000000..5b5da279fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/landingi-landing-pages-4557d429895965429fa37880092128d8.yaml @@ -0,0 +1,58 @@ +id: landingi-landing-pages-4557d429895965429fa37880092128d8 + +info: + name: > + Landingi Landing Pages <= 3.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e273662-935f-45ad-b424-612da0799eba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/landingi-landing-pages/" + google-query: inurl:"/wp-content/plugins/landingi-landing-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,landingi-landing-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/landingi-landing-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "landingi-landing-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/language-bar-flags-b653693e247ce65b83ad58a9d1c112a5.yaml b/nuclei-templates/cve-less/plugins/language-bar-flags-b653693e247ce65b83ad58a9d1c112a5.yaml new file mode 100644 index 0000000000..b9d563f112 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/language-bar-flags-b653693e247ce65b83ad58a9d1c112a5.yaml @@ -0,0 +1,58 @@ +id: language-bar-flags-b653693e247ce65b83ad58a9d1c112a5 + +info: + name: > + Language Bar Flags <= 1.0.8 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e26a438d-7e2d-47de-81f2-39731ce51bd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/language-bar-flags/" + google-query: inurl:"/wp-content/plugins/language-bar-flags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,language-bar-flags,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/language-bar-flags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "language-bar-flags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/language-switcher-for-transposh-cad70fb6bdfbb529b2f3fd5fa62ec983.yaml b/nuclei-templates/cve-less/plugins/language-switcher-for-transposh-cad70fb6bdfbb529b2f3fd5fa62ec983.yaml new file mode 100644 index 0000000000..cf4bb7b26d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/language-switcher-for-transposh-cad70fb6bdfbb529b2f3fd5fa62ec983.yaml @@ -0,0 +1,58 @@ +id: language-switcher-for-transposh-cad70fb6bdfbb529b2f3fd5fa62ec983 + +info: + name: > + Language Switcher for Transposh <= 1.5.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94e859ea-3f90-49d1-9e66-fe3ab749c872?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/language-switcher-for-transposh/" + google-query: inurl:"/wp-content/plugins/language-switcher-for-transposh/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,language-switcher-for-transposh,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/language-switcher-for-transposh/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "language-switcher-for-transposh" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/laposta-signup-basic-ba827c0c7827dd14721a734b247e5519.yaml b/nuclei-templates/cve-less/plugins/laposta-signup-basic-ba827c0c7827dd14721a734b247e5519.yaml new file mode 100644 index 0000000000..c1a0f92664 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/laposta-signup-basic-ba827c0c7827dd14721a734b247e5519.yaml @@ -0,0 +1,58 @@ +id: laposta-signup-basic-ba827c0c7827dd14721a734b247e5519 + +info: + name: > + Laposta Signup Basic <= 1.4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1ba4b18-ff46-45ef-b7d4-0a314cf2d74c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/laposta-signup-basic/" + google-query: inurl:"/wp-content/plugins/laposta-signup-basic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,laposta-signup-basic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/laposta-signup-basic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "laposta-signup-basic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lara-google-analytics-fbfa55f46b34cda37b3af16eb142622e.yaml b/nuclei-templates/cve-less/plugins/lara-google-analytics-fbfa55f46b34cda37b3af16eb142622e.yaml new file mode 100644 index 0000000000..0251719076 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lara-google-analytics-fbfa55f46b34cda37b3af16eb142622e.yaml @@ -0,0 +1,58 @@ +id: lara-google-analytics-fbfa55f46b34cda37b3af16eb142622e + +info: + name: > + Lara Google Analytics <= 2.0.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72fa6b56-dfbf-4c27-a6f3-418d1ab5dc0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lara-google-analytics/" + google-query: inurl:"/wp-content/plugins/lara-google-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lara-google-analytics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lara-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lara-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/larsens-calender-c2ba29e0e5ecaebf723467e306a8b7e0.yaml b/nuclei-templates/cve-less/plugins/larsens-calender-c2ba29e0e5ecaebf723467e306a8b7e0.yaml new file mode 100644 index 0000000000..edbc3e6865 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/larsens-calender-c2ba29e0e5ecaebf723467e306a8b7e0.yaml @@ -0,0 +1,58 @@ +id: larsens-calender-c2ba29e0e5ecaebf723467e306a8b7e0 + +info: + name: > + Larsens Calender <= 1.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d5c17cb-98a9-45f0-b94f-02b48193949f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/larsens-calender/" + google-query: inurl:"/wp-content/plugins/larsens-calender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,larsens-calender,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/larsens-calender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "larsens-calender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/last-viewed-posts-3e7a9b56ead5fe8df432df319aeeebae.yaml b/nuclei-templates/cve-less/plugins/last-viewed-posts-3e7a9b56ead5fe8df432df319aeeebae.yaml new file mode 100644 index 0000000000..4ee8f1a5bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/last-viewed-posts-3e7a9b56ead5fe8df432df319aeeebae.yaml @@ -0,0 +1,58 @@ +id: last-viewed-posts-3e7a9b56ead5fe8df432df319aeeebae + +info: + name: > + Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6c5cc05-b147-46f6-aaa9-4c82aae1b544?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/last-viewed-posts/" + google-query: inurl:"/wp-content/plugins/last-viewed-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,last-viewed-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/last-viewed-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "last-viewed-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lastfm-rotation-d4b22919ff8b60c51f7cf57a644618b0.yaml b/nuclei-templates/cve-less/plugins/lastfm-rotation-d4b22919ff8b60c51f7cf57a644618b0.yaml new file mode 100644 index 0000000000..babd05399a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lastfm-rotation-d4b22919ff8b60c51f7cf57a644618b0.yaml @@ -0,0 +1,58 @@ +id: lastfm-rotation-d4b22919ff8b60c51f7cf57a644618b0 + +info: + name: > + Last.fm Rotation <= 1.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bf85146-8d82-4101-a914-b6d632460366?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lastfm-rotation/" + google-query: inurl:"/wp-content/plugins/lastfm-rotation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lastfm-rotation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lastfm-rotation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lastfm-rotation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lastform-59cabb7b5299e919e0e9798126655ebf.yaml b/nuclei-templates/cve-less/plugins/lastform-59cabb7b5299e919e0e9798126655ebf.yaml new file mode 100644 index 0000000000..73bde7a732 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lastform-59cabb7b5299e919e0e9798126655ebf.yaml @@ -0,0 +1,58 @@ +id: lastform-59cabb7b5299e919e0e9798126655ebf + +info: + name: > + Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Authenticated (Admin+) Arbitrary System File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a5a547c-6b24-4cb6-ad0e-b12a8f37472a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lastform/" + google-query: inurl:"/wp-content/plugins/lastform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lastform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lastform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lastform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lastudio-element-kit-393e2e191f65056b760ec314dc828cfa.yaml b/nuclei-templates/cve-less/plugins/lastudio-element-kit-393e2e191f65056b760ec314dc828cfa.yaml new file mode 100644 index 0000000000..13ec4458d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lastudio-element-kit-393e2e191f65056b760ec314dc828cfa.yaml @@ -0,0 +1,58 @@ +id: lastudio-element-kit-393e2e191f65056b760ec314dc828cfa + +info: + name: > + LA-Studio Element Kit for Elementor <= 1.1.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/523f7a8a-d06d-4778-be14-d0b7ca32dab3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lastudio-element-kit/" + google-query: inurl:"/wp-content/plugins/lastudio-element-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lastudio-element-kit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lastudio-element-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lastudio-element-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lastudio-element-kit-c82aa7ec69ca20e438896d99f7ba7b77.yaml b/nuclei-templates/cve-less/plugins/lastudio-element-kit-c82aa7ec69ca20e438896d99f7ba7b77.yaml new file mode 100644 index 0000000000..db335d3749 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lastudio-element-kit-c82aa7ec69ca20e438896d99f7ba7b77.yaml @@ -0,0 +1,58 @@ +id: lastudio-element-kit-c82aa7ec69ca20e438896d99f7ba7b77 + +info: + name: > + LA-Studio Element Kit for Elementor <= 1.3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/544db0d5-1760-4229-8429-d2391e328304?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lastudio-element-kit/" + google-query: inurl:"/wp-content/plugins/lastudio-element-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lastudio-element-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lastudio-element-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lastudio-element-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lastudio-element-kit-dd731c24df053ea79b95f5153fe19979.yaml b/nuclei-templates/cve-less/plugins/lastudio-element-kit-dd731c24df053ea79b95f5153fe19979.yaml new file mode 100644 index 0000000000..0a9cd309ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lastudio-element-kit-dd731c24df053ea79b95f5153fe19979.yaml @@ -0,0 +1,58 @@ +id: lastudio-element-kit-dd731c24df053ea79b95f5153fe19979 + +info: + name: > + LA-Studio Element Kit for Elementor <= 1.3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5113170a-5a53-4e53-84e6-56d9ba0740ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lastudio-element-kit/" + google-query: inurl:"/wp-content/plugins/lastudio-element-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lastudio-element-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lastudio-element-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lastudio-element-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lastunes-ca83dec475d25f0d439ff07447147bbd.yaml b/nuclei-templates/cve-less/plugins/lastunes-ca83dec475d25f0d439ff07447147bbd.yaml new file mode 100644 index 0000000000..421facdb17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lastunes-ca83dec475d25f0d439ff07447147bbd.yaml @@ -0,0 +1,58 @@ +id: lastunes-ca83dec475d25f0d439ff07447147bbd + +info: + name: > + lasTunes <= 3.6.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f1ed4a2-eb0d-42cd-9273-10d7d127cdf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lastunes/" + google-query: inurl:"/wp-content/plugins/lastunes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lastunes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lastunes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lastunes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/latest-tweets-widget-b7b0638727516de291f017e208e485cf.yaml b/nuclei-templates/cve-less/plugins/latest-tweets-widget-b7b0638727516de291f017e208e485cf.yaml new file mode 100644 index 0000000000..ca4f402840 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/latest-tweets-widget-b7b0638727516de291f017e208e485cf.yaml @@ -0,0 +1,58 @@ +id: latest-tweets-widget-b7b0638727516de291f017e208e485cf + +info: + name: > + Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bb13a69-be75-48f0-9bcc-a33c5add7bd3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/latest-tweets-widget/" + google-query: inurl:"/wp-content/plugins/latest-tweets-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,latest-tweets-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/latest-tweets-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "latest-tweets-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/latex-53e03067c5c0bd571562823dadf2dc1b.yaml b/nuclei-templates/cve-less/plugins/latex-53e03067c5c0bd571562823dadf2dc1b.yaml new file mode 100644 index 0000000000..a34b906970 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/latex-53e03067c5c0bd571562823dadf2dc1b.yaml @@ -0,0 +1,58 @@ +id: latex-53e03067c5c0bd571562823dadf2dc1b + +info: + name: > + LaTeX <= 3.4.10 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e23501-9fc4-484b-b308-a9c51494bc9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/latex/" + google-query: inurl:"/wp-content/plugins/latex/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,latex,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/latex/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "latex" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/launcher-992cb2db66581f66b70df8df6297f14c.yaml b/nuclei-templates/cve-less/plugins/launcher-992cb2db66581f66b70df8df6297f14c.yaml new file mode 100644 index 0000000000..f2a556074b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/launcher-992cb2db66581f66b70df8df6297f14c.yaml @@ -0,0 +1,58 @@ +id: launcher-992cb2db66581f66b70df8df6297f14c + +info: + name: > + Launcher: Coming Soon & Maintenance Mode <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2f4efa2-ddf6-46a7-9bde-aa1bcbbd2999?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/launcher/" + google-query: inurl:"/wp-content/plugins/launcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,launcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/launcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "launcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/launcher-fe2d4839032c7d1700f5ad488d4dc88f.yaml b/nuclei-templates/cve-less/plugins/launcher-fe2d4839032c7d1700f5ad488d4dc88f.yaml new file mode 100644 index 0000000000..cb10738cb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/launcher-fe2d4839032c7d1700f5ad488d4dc88f.yaml @@ -0,0 +1,58 @@ +id: launcher-fe2d4839032c7d1700f5ad488d4dc88f + +info: + name: > + Launcher: Coming Soon & Maintenance Mode < 1.0.11 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56c1a28e-c37b-431d-bb0d-7d9cf4f85606?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/launcher/" + google-query: inurl:"/wp-content/plugins/launcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,launcher,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/launcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "launcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/launchpad-by-obox-1d6b909d9b4a86a23d05301fe792416a.yaml b/nuclei-templates/cve-less/plugins/launchpad-by-obox-1d6b909d9b4a86a23d05301fe792416a.yaml new file mode 100644 index 0000000000..bdadae8958 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/launchpad-by-obox-1d6b909d9b4a86a23d05301fe792416a.yaml @@ -0,0 +1,58 @@ +id: launchpad-by-obox-1d6b909d9b4a86a23d05301fe792416a + +info: + name: > + Launchpad – Coming Soon & Maintenance Mode Plugin <= 1.0.13 - Authenticated (Administrator+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8721c4d-d89b-4e97-af01-20327013cfb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/launchpad-by-obox/" + google-query: inurl:"/wp-content/plugins/launchpad-by-obox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,launchpad-by-obox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/launchpad-by-obox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "launchpad-by-obox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/launchpad-by-obox-e9635d2750ec3cdec7963e531110e8e5.yaml b/nuclei-templates/cve-less/plugins/launchpad-by-obox-e9635d2750ec3cdec7963e531110e8e5.yaml new file mode 100644 index 0000000000..d8d13ddc06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/launchpad-by-obox-e9635d2750ec3cdec7963e531110e8e5.yaml @@ -0,0 +1,58 @@ +id: launchpad-by-obox-e9635d2750ec3cdec7963e531110e8e5 + +info: + name: > + Launchpad <= 1.0.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/482bae65-5493-4de5-9d5f-479d0968cd4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/launchpad-by-obox/" + google-query: inurl:"/wp-content/plugins/launchpad-by-obox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,launchpad-by-obox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/launchpad-by-obox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "launchpad-by-obox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lava-directory-manager-6e22ef37bb559e43f9ec487e46497c1a.yaml b/nuclei-templates/cve-less/plugins/lava-directory-manager-6e22ef37bb559e43f9ec487e46497c1a.yaml new file mode 100644 index 0000000000..ab794b19a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lava-directory-manager-6e22ef37bb559e43f9ec487e46497c1a.yaml @@ -0,0 +1,58 @@ +id: lava-directory-manager-6e22ef37bb559e43f9ec487e46497c1a + +info: + name: > + Lava Directory Manager <= 1.1.34 - Unauthenticated Stored Cross-Site Scripting via New Listing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bf669ed-ea31-4144-96b3-b1f29057b86d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lava-directory-manager/" + google-query: inurl:"/wp-content/plugins/lava-directory-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lava-directory-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lava-directory-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lava-directory-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lava-directory-manager-dcfc7774787e2e0bae54fdcbcdce15a5.yaml b/nuclei-templates/cve-less/plugins/lava-directory-manager-dcfc7774787e2e0bae54fdcbcdce15a5.yaml new file mode 100644 index 0000000000..caeab3a2dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lava-directory-manager-dcfc7774787e2e0bae54fdcbcdce15a5.yaml @@ -0,0 +1,58 @@ +id: lava-directory-manager-dcfc7774787e2e0bae54fdcbcdce15a5 + +info: + name: > + Lava Directory Manager <= 1.1.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3d21ebb-52de-4b25-b9e9-5d6f3284cf94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lava-directory-manager/" + google-query: inurl:"/wp-content/plugins/lava-directory-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lava-directory-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lava-directory-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lava-directory-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lawyer-directory-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/cve-less/plugins/lawyer-directory-c1fc6421a52e6ac7d9b0f476667cd29a.yaml new file mode 100644 index 0000000000..487ea25421 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lawyer-directory-c1fc6421a52e6ac7d9b0f476667cd29a.yaml @@ -0,0 +1,58 @@ +id: lawyer-directory-c1fc6421a52e6ac7d9b0f476667cd29a + +info: + name: > + Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lawyer-directory/" + google-query: inurl:"/wp-content/plugins/lawyer-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lawyer-directory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lawyer-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lawyer-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/laybuy-gateway-for-woocommerce-ae9a6b8dc34a1a7bd8079dc738c03df9.yaml b/nuclei-templates/cve-less/plugins/laybuy-gateway-for-woocommerce-ae9a6b8dc34a1a7bd8079dc738c03df9.yaml new file mode 100644 index 0000000000..6fd7c688fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/laybuy-gateway-for-woocommerce-ae9a6b8dc34a1a7bd8079dc738c03df9.yaml @@ -0,0 +1,58 @@ +id: laybuy-gateway-for-woocommerce-ae9a6b8dc34a1a7bd8079dc738c03df9 + +info: + name: > + Laybuy Payment Extension for WooCommerce <= 5.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c91caaa-9bdd-4170-98f1-0d686d3ffcba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/laybuy-gateway-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/laybuy-gateway-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,laybuy-gateway-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/laybuy-gateway-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "laybuy-gateway-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/layerslider-02467e400ca754bab3e037cbbdd78309.yaml b/nuclei-templates/cve-less/plugins/layerslider-02467e400ca754bab3e037cbbdd78309.yaml new file mode 100644 index 0000000000..db14d17190 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/layerslider-02467e400ca754bab3e037cbbdd78309.yaml @@ -0,0 +1,58 @@ +id: layerslider-02467e400ca754bab3e037cbbdd78309 + +info: + name: > + LayerSlider <= 7.7.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9225ebc6-bff9-4176-a86e-022ff8ec3b05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/LayerSlider/" + google-query: inurl:"/wp-content/plugins/LayerSlider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,LayerSlider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/LayerSlider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "LayerSlider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/layerslider-1abc3232bb9762193f328a8624f474b9.yaml b/nuclei-templates/cve-less/plugins/layerslider-1abc3232bb9762193f328a8624f474b9.yaml new file mode 100644 index 0000000000..494f105072 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/layerslider-1abc3232bb9762193f328a8624f474b9.yaml @@ -0,0 +1,58 @@ +id: layerslider-1abc3232bb9762193f328a8624f474b9 + +info: + name: > + LayerSlider 7.9.11 - 7.10.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3fddf96e-029c-4753-ba82-043ca64b78d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/LayerSlider/" + google-query: inurl:"/wp-content/plugins/LayerSlider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,LayerSlider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/LayerSlider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "LayerSlider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 7.9.11', '<= 7.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/layerslider-7b9f5b71ec8719bf9a8cb5694942faa9.yaml b/nuclei-templates/cve-less/plugins/layerslider-7b9f5b71ec8719bf9a8cb5694942faa9.yaml new file mode 100644 index 0000000000..8b1b760bfe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/layerslider-7b9f5b71ec8719bf9a8cb5694942faa9.yaml @@ -0,0 +1,58 @@ +id: layerslider-7b9f5b71ec8719bf9a8cb5694942faa9 + +info: + name: > + LayerSlider <= 7.1.1 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78fce739-5cc7-4a7f-bf3b-665f35ef3579?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/LayerSlider/" + google-query: inurl:"/wp-content/plugins/LayerSlider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,LayerSlider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/LayerSlider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "LayerSlider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/layerslider-9e79ec7559a564921e41d0c7103ccb78.yaml b/nuclei-templates/cve-less/plugins/layerslider-9e79ec7559a564921e41d0c7103ccb78.yaml new file mode 100644 index 0000000000..e9d5da936a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/layerslider-9e79ec7559a564921e41d0c7103ccb78.yaml @@ -0,0 +1,58 @@ +id: layerslider-9e79ec7559a564921e41d0c7103ccb78 + +info: + name: > + LayerSlider <= 7.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/441bc9fe-3dd6-40a6-b7f3-36511115c083?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/LayerSlider/" + google-query: inurl:"/wp-content/plugins/LayerSlider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,LayerSlider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/LayerSlider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "LayerSlider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/layouts-for-elementor-64461a08e8c73126cafa25fcfb24f7b4.yaml b/nuclei-templates/cve-less/plugins/layouts-for-elementor-64461a08e8c73126cafa25fcfb24f7b4.yaml new file mode 100644 index 0000000000..4c5d182e7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/layouts-for-elementor-64461a08e8c73126cafa25fcfb24f7b4.yaml @@ -0,0 +1,58 @@ +id: layouts-for-elementor-64461a08e8c73126cafa25fcfb24f7b4 + +info: + name: > + Layouts for Elementor <= 1.7 - Missing Authorization to Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1feb3fa0-5fd9-443a-830c-cb1700ff30df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/layouts-for-elementor/" + google-query: inurl:"/wp-content/plugins/layouts-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,layouts-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/layouts-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "layouts-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lazy-facebook-comments-277494a31c77da0ae18248d4fccbad90.yaml b/nuclei-templates/cve-less/plugins/lazy-facebook-comments-277494a31c77da0ae18248d4fccbad90.yaml new file mode 100644 index 0000000000..6237276fba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lazy-facebook-comments-277494a31c77da0ae18248d4fccbad90.yaml @@ -0,0 +1,58 @@ +id: lazy-facebook-comments-277494a31c77da0ae18248d4fccbad90 + +info: + name: > + Lazy Social Comments <= 2.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Options + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43f2c020-a531-4e25-948e-372bc7af3bab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lazy-facebook-comments/" + google-query: inurl:"/wp-content/plugins/lazy-facebook-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lazy-facebook-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lazy-facebook-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lazy-facebook-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lazy-load-for-videos-934698dce094abed0913795fed8be1e6.yaml b/nuclei-templates/cve-less/plugins/lazy-load-for-videos-934698dce094abed0913795fed8be1e6.yaml new file mode 100644 index 0000000000..6b355a4dbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lazy-load-for-videos-934698dce094abed0913795fed8be1e6.yaml @@ -0,0 +1,58 @@ +id: lazy-load-for-videos-934698dce094abed0913795fed8be1e6 + +info: + name: > + Lazy Load for Videos <= 2.18.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a467ad30-8271-421c-8af4-8165fd60c03e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lazy-load-for-videos/" + google-query: inurl:"/wp-content/plugins/lazy-load-for-videos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lazy-load-for-videos,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lazy-load-for-videos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lazy-load-for-videos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lazyest-backup-175c8ff94ca9713fddec53a350c86d55.yaml b/nuclei-templates/cve-less/plugins/lazyest-backup-175c8ff94ca9713fddec53a350c86d55.yaml new file mode 100644 index 0000000000..040de5c20a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lazyest-backup-175c8ff94ca9713fddec53a350c86d55.yaml @@ -0,0 +1,58 @@ +id: lazyest-backup-175c8ff94ca9713fddec53a350c86d55 + +info: + name: > + Lazyest Backup < 0.2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f04afca9-a03f-4390-9872-f744d0a86bec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lazyest-backup/" + google-query: inurl:"/wp-content/plugins/lazyest-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lazyest-backup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lazyest-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lazyest-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lazyest-gallery-1d3a5e954dbca93e3fee328975ccc98e.yaml b/nuclei-templates/cve-less/plugins/lazyest-gallery-1d3a5e954dbca93e3fee328975ccc98e.yaml new file mode 100644 index 0000000000..25e50d028e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lazyest-gallery-1d3a5e954dbca93e3fee328975ccc98e.yaml @@ -0,0 +1,58 @@ +id: lazyest-gallery-1d3a5e954dbca93e3fee328975ccc98e + +info: + name: > + Lazyest Gallery < 1.1.21 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7533b65e-3612-4c8e-8b67-3cbcb80b4331?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lazyest-gallery/" + google-query: inurl:"/wp-content/plugins/lazyest-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lazyest-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lazyest-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lazyest-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lb-tube-video-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/lb-tube-video-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..7178bda73e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lb-tube-video-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: lb-tube-video-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lb-tube-video/" + google-query: inurl:"/wp-content/plugins/lb-tube-video/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lb-tube-video,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lb-tube-video/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lb-tube-video" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lbstopattack-fdd4bded1dfa98b42ec68b8794019fbd.yaml b/nuclei-templates/cve-less/plugins/lbstopattack-fdd4bded1dfa98b42ec68b8794019fbd.yaml new file mode 100644 index 0000000000..652f8716d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lbstopattack-fdd4bded1dfa98b42ec68b8794019fbd.yaml @@ -0,0 +1,58 @@ +id: lbstopattack-fdd4bded1dfa98b42ec68b8794019fbd + +info: + name: > + Plugin LBstopattack <= 1.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8da2619f-bc41-4088-9192-902b3c24ec5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lbstopattack/" + google-query: inurl:"/wp-content/plugins/lbstopattack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lbstopattack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lbstopattack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lbstopattack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ldap-ad-staff-employee-directory-search-5fb9868893588947cd0894306db3f85c.yaml b/nuclei-templates/cve-less/plugins/ldap-ad-staff-employee-directory-search-5fb9868893588947cd0894306db3f85c.yaml new file mode 100644 index 0000000000..b76dca39d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ldap-ad-staff-employee-directory-search-5fb9868893588947cd0894306db3f85c.yaml @@ -0,0 +1,58 @@ +id: ldap-ad-staff-employee-directory-search-5fb9868893588947cd0894306db3f85c + +info: + name: > + Staff / Employee Business Directory for Active Directory <= 1.2.1 - Insufficient Escaping of Stored LDAP Values + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1355e9f-fa3a-439a-a13f-49b10dd4473a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ldap-ad-staff-employee-directory-search/" + google-query: inurl:"/wp-content/plugins/ldap-ad-staff-employee-directory-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ldap-ad-staff-employee-directory-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ldap-ad-staff-employee-directory-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ldap-ad-staff-employee-directory-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ldap-ad-staff-employee-directory-search-b2d04a137f03b4bce0a603349a0a67e2.yaml b/nuclei-templates/cve-less/plugins/ldap-ad-staff-employee-directory-search-b2d04a137f03b4bce0a603349a0a67e2.yaml new file mode 100644 index 0000000000..a3d74673c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ldap-ad-staff-employee-directory-search-b2d04a137f03b4bce0a603349a0a67e2.yaml @@ -0,0 +1,58 @@ +id: ldap-ad-staff-employee-directory-search-b2d04a137f03b4bce0a603349a0a67e2 + +info: + name: > + Staff / Employee Business Directory for Active Directory <= 1.2.3 - Authenticated (Admin+) LDAP Passback + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ea40b96-4693-4f98-8e6e-2ed8186cedd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ldap-ad-staff-employee-directory-search/" + google-query: inurl:"/wp-content/plugins/ldap-ad-staff-employee-directory-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ldap-ad-staff-employee-directory-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ldap-ad-staff-employee-directory-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ldap-ad-staff-employee-directory-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-10a0d810b2c87af5b6ac2f20a36975ae.yaml b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-10a0d810b2c87af5b6ac2f20a36975ae.yaml new file mode 100644 index 0000000000..8b33684391 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-10a0d810b2c87af5b6ac2f20a36975ae.yaml @@ -0,0 +1,58 @@ +id: ldap-login-for-intranet-sites-10a0d810b2c87af5b6ac2f20a36975ae + +info: + name: > + Active Directory Integration / LDAP Integration <= 4.1.10 - LDAP Passback + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0585969d-dd08-4058-9d72-138a55a2cdf1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ldap-login-for-intranet-sites/" + google-query: inurl:"/wp-content/plugins/ldap-login-for-intranet-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ldap-login-for-intranet-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ldap-login-for-intranet-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-3662e536f344cad7ead518a87b44f9b9.yaml b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-3662e536f344cad7ead518a87b44f9b9.yaml new file mode 100644 index 0000000000..3ee220d15e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-3662e536f344cad7ead518a87b44f9b9.yaml @@ -0,0 +1,58 @@ +id: ldap-login-for-intranet-sites-3662e536f344cad7ead518a87b44f9b9 + +info: + name: > + Active Directory Integration / LDAP Integration <= 4.1.4 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3eedc57b-79cc-4569-b6d6-676a22aa1e06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ldap-login-for-intranet-sites/" + google-query: inurl:"/wp-content/plugins/ldap-login-for-intranet-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ldap-login-for-intranet-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ldap-login-for-intranet-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-3ac7913de6e3ab3bdc9b5e42fbbe516c.yaml b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-3ac7913de6e3ab3bdc9b5e42fbbe516c.yaml new file mode 100644 index 0000000000..fa88dc1020 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-3ac7913de6e3ab3bdc9b5e42fbbe516c.yaml @@ -0,0 +1,58 @@ +id: ldap-login-for-intranet-sites-3ac7913de6e3ab3bdc9b5e42fbbe516c + +info: + name: > + Active Directory Integration / LDAP Integration <= 4.1.5 - Authenticated (Subscriber+) LDAP Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd7553e8-e43d-4740-b2ee-e3d8dc351e53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ldap-login-for-intranet-sites/" + google-query: inurl:"/wp-content/plugins/ldap-login-for-intranet-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ldap-login-for-intranet-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ldap-login-for-intranet-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-8871ef770441f03d651279dadfcbfd9f.yaml b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-8871ef770441f03d651279dadfcbfd9f.yaml new file mode 100644 index 0000000000..682c311c7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-8871ef770441f03d651279dadfcbfd9f.yaml @@ -0,0 +1,58 @@ +id: ldap-login-for-intranet-sites-8871ef770441f03d651279dadfcbfd9f + +info: + name: > + Active Directory Integration / LDAP Integration <= 4.1.4 - Cross-Site Request Forgery to SQL Injection + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74089b16-76fa-4654-9007-3f0c2e894894?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ldap-login-for-intranet-sites/" + google-query: inurl:"/wp-content/plugins/ldap-login-for-intranet-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ldap-login-for-intranet-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ldap-login-for-intranet-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-984ae033ae8ed023b8d291a56d4420e2.yaml b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-984ae033ae8ed023b8d291a56d4420e2.yaml new file mode 100644 index 0000000000..46a81505b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-984ae033ae8ed023b8d291a56d4420e2.yaml @@ -0,0 +1,58 @@ +id: ldap-login-for-intranet-sites-984ae033ae8ed023b8d291a56d4420e2 + +info: + name: > + Active Directory Integration / LDAP Integration <= 4.1.9 - Unauthenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a15ab92-2142-43cb-9600-f4cfa164de31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ldap-login-for-intranet-sites/" + google-query: inurl:"/wp-content/plugins/ldap-login-for-intranet-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ldap-login-for-intranet-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ldap-login-for-intranet-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-9beaf57f0310a4e1b4eebc1c61cd56e0.yaml b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-9beaf57f0310a4e1b4eebc1c61cd56e0.yaml new file mode 100644 index 0000000000..dcd3217eb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-9beaf57f0310a4e1b4eebc1c61cd56e0.yaml @@ -0,0 +1,58 @@ +id: ldap-login-for-intranet-sites-9beaf57f0310a4e1b4eebc1c61cd56e0 + +info: + name: > + Active Directory Integration / LDAP Integration <= 4.1.9 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c667631-7934-467e-baa2-7c3b0160c3a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ldap-login-for-intranet-sites/" + google-query: inurl:"/wp-content/plugins/ldap-login-for-intranet-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ldap-login-for-intranet-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ldap-login-for-intranet-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-c703e23611edc1b7f4c547a3de6e5a54.yaml b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-c703e23611edc1b7f4c547a3de6e5a54.yaml new file mode 100644 index 0000000000..be6d13f0e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ldap-login-for-intranet-sites-c703e23611edc1b7f4c547a3de6e5a54.yaml @@ -0,0 +1,58 @@ +id: ldap-login-for-intranet-sites-c703e23611edc1b7f4c547a3de6e5a54 + +info: + name: > + Active Directory Integration / LDAP Integration <= 4.1.0 - Unauthenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2568018b-29f3-4261-ae0d-658ca9d96846?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ldap-login-for-intranet-sites/" + google-query: inurl:"/wp-content/plugins/ldap-login-for-intranet-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ldap-login-for-intranet-sites,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ldap-login-for-intranet-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ldap-login-for-intranet-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ldap-wp-login-integration-with-active-directory-f8cd51c51fa81f86666de16c04486eac.yaml b/nuclei-templates/cve-less/plugins/ldap-wp-login-integration-with-active-directory-f8cd51c51fa81f86666de16c04486eac.yaml new file mode 100644 index 0000000000..afbf27ea85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ldap-wp-login-integration-with-active-directory-f8cd51c51fa81f86666de16c04486eac.yaml @@ -0,0 +1,58 @@ +id: ldap-wp-login-integration-with-active-directory-f8cd51c51fa81f86666de16c04486eac + +info: + name: > + Ldap WP Login / Active Directory Integration <= 3.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63412848-6b1f-460a-8776-cd1cc5eb002e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ldap-wp-login-integration-with-active-directory/" + google-query: inurl:"/wp-content/plugins/ldap-wp-login-integration-with-active-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ldap-wp-login-integration-with-active-directory,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ldap-wp-login-integration-with-active-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ldap-wp-login-integration-with-active-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lead-capturing-call-to-actions-by-vcita-730361678b13f8f0736a72594b63e5d4.yaml b/nuclei-templates/cve-less/plugins/lead-capturing-call-to-actions-by-vcita-730361678b13f8f0736a72594b63e5d4.yaml new file mode 100644 index 0000000000..96bcfebd12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lead-capturing-call-to-actions-by-vcita-730361678b13f8f0736a72594b63e5d4.yaml @@ -0,0 +1,58 @@ +id: lead-capturing-call-to-actions-by-vcita-730361678b13f8f0736a72594b63e5d4 + +info: + name: > + Contact Form and Calls To Action by vcita <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dfc237a-9157-4da9-ba8f-9daf2ba4f20b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lead-capturing-call-to-actions-by-vcita/" + google-query: inurl:"/wp-content/plugins/lead-capturing-call-to-actions-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lead-capturing-call-to-actions-by-vcita,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lead-capturing-call-to-actions-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lead-capturing-call-to-actions-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lead-form-builder-052c2263d304ba99984110ed21050e99.yaml b/nuclei-templates/cve-less/plugins/lead-form-builder-052c2263d304ba99984110ed21050e99.yaml new file mode 100644 index 0000000000..f0bf09afd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lead-form-builder-052c2263d304ba99984110ed21050e99.yaml @@ -0,0 +1,58 @@ +id: lead-form-builder-052c2263d304ba99984110ed21050e99 + +info: + name: > + Contact Form & Lead Form Elementor Builder <= 1.6.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63f86449-144c-494f-85d8-ce7c8d7d65d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lead-form-builder/" + google-query: inurl:"/wp-content/plugins/lead-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lead-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lead-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lead-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lead-form-builder-096938bf849592b8e6a6dbaccc2157aa.yaml b/nuclei-templates/cve-less/plugins/lead-form-builder-096938bf849592b8e6a6dbaccc2157aa.yaml new file mode 100644 index 0000000000..46a816075f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lead-form-builder-096938bf849592b8e6a6dbaccc2157aa.yaml @@ -0,0 +1,58 @@ +id: lead-form-builder-096938bf849592b8e6a6dbaccc2157aa + +info: + name: > + Contact Form & Lead Form Elementor Builder < 1.7.4 - Arbitrary Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e999f4c0-03dd-4ea3-9245-b12ffd8da3e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lead-form-builder/" + google-query: inurl:"/wp-content/plugins/lead-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lead-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lead-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lead-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lead-form-builder-9baae5fb51d9dd1141e1931574d9d7be.yaml b/nuclei-templates/cve-less/plugins/lead-form-builder-9baae5fb51d9dd1141e1931574d9d7be.yaml new file mode 100644 index 0000000000..d72466b1be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lead-form-builder-9baae5fb51d9dd1141e1931574d9d7be.yaml @@ -0,0 +1,58 @@ +id: lead-form-builder-9baae5fb51d9dd1141e1931574d9d7be + +info: + name: > + Multiple Plugins By ThemeHunk (Various Versions) - Missing Authorization via settings_init + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/826a3fa2-ee41-4960-becb-0df8813a964a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lead-form-builder/" + google-query: inurl:"/wp-content/plugins/lead-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lead-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lead-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lead-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lead-form-builder-a64ff7d479ea82b36b6d5de70a97fbae.yaml b/nuclei-templates/cve-less/plugins/lead-form-builder-a64ff7d479ea82b36b6d5de70a97fbae.yaml new file mode 100644 index 0000000000..ae6ce6fcf5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lead-form-builder-a64ff7d479ea82b36b6d5de70a97fbae.yaml @@ -0,0 +1,58 @@ +id: lead-form-builder-a64ff7d479ea82b36b6d5de70a97fbae + +info: + name: > + Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d087957c-0dd5-46a9-a6bc-85f2f79f43bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lead-form-builder/" + google-query: inurl:"/wp-content/plugins/lead-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lead-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lead-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lead-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lead-form-builder-ae016ddc716d42a85477445c62a5e437.yaml b/nuclei-templates/cve-less/plugins/lead-form-builder-ae016ddc716d42a85477445c62a5e437.yaml new file mode 100644 index 0000000000..f628682338 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lead-form-builder-ae016ddc716d42a85477445c62a5e437.yaml @@ -0,0 +1,58 @@ +id: lead-form-builder-ae016ddc716d42a85477445c62a5e437 + +info: + name: > + Responsive Contact Form Builder & Lead Generation Plugin < 1.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fbcab49-5765-497b-a98e-d87c5b468b11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lead-form-builder/" + google-query: inurl:"/wp-content/plugins/lead-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lead-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lead-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lead-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lead-form-builder-d46f40f2ab613d8e339074ed1d986191.yaml b/nuclei-templates/cve-less/plugins/lead-form-builder-d46f40f2ab613d8e339074ed1d986191.yaml new file mode 100644 index 0000000000..ba7099dc68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lead-form-builder-d46f40f2ab613d8e339074ed1d986191.yaml @@ -0,0 +1,58 @@ +id: lead-form-builder-d46f40f2ab613d8e339074ed1d986191 + +info: + name: > + Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2f5a49a-117a-473c-8853-ed292eece620?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lead-form-builder/" + google-query: inurl:"/wp-content/plugins/lead-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lead-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lead-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lead-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lead-form-builder-de55ae6e76c91a89ee0e3689f89fe0d9.yaml b/nuclei-templates/cve-less/plugins/lead-form-builder-de55ae6e76c91a89ee0e3689f89fe0d9.yaml new file mode 100644 index 0000000000..509c1c7453 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lead-form-builder-de55ae6e76c91a89ee0e3689f89fe0d9.yaml @@ -0,0 +1,58 @@ +id: lead-form-builder-de55ae6e76c91a89ee0e3689f89fe0d9 + +info: + name: > + Responsive Contact Form Builder & Lead Generation Plugin <= 1.8.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8ce9ab4-d6d6-4e06-a042-145db02cf7ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lead-form-builder/" + google-query: inurl:"/wp-content/plugins/lead-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lead-form-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lead-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lead-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lead-generated-9a53cdf71ae16cc8f18244beb584e5b3.yaml b/nuclei-templates/cve-less/plugins/lead-generated-9a53cdf71ae16cc8f18244beb584e5b3.yaml new file mode 100644 index 0000000000..43fffe7da6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lead-generated-9a53cdf71ae16cc8f18244beb584e5b3.yaml @@ -0,0 +1,58 @@ +id: lead-generated-9a53cdf71ae16cc8f18244beb584e5b3 + +info: + name: > + Lead Generated <= 1.23 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12660851-c899-4ec2-b40e-e62391dafdbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lead-generated/" + google-query: inurl:"/wp-content/plugins/lead-generated/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lead-generated,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lead-generated/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lead-generated" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lead-octopus-power-9b2ea9b4d3e50f4a2171e20728a5e5ce.yaml b/nuclei-templates/cve-less/plugins/lead-octopus-power-9b2ea9b4d3e50f4a2171e20728a5e5ce.yaml new file mode 100644 index 0000000000..125481a948 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lead-octopus-power-9b2ea9b4d3e50f4a2171e20728a5e5ce.yaml @@ -0,0 +1,58 @@ +id: lead-octopus-power-9b2ea9b4d3e50f4a2171e20728a5e5ce + +info: + name: > + Lead Octopus Power < 1.1.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8bbb54d-7607-4d19-bf2d-2d52a6de1287?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/Lead-Octopus-Power/" + google-query: inurl:"/wp-content/plugins/Lead-Octopus-Power/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,Lead-Octopus-Power,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/Lead-Octopus-Power/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Lead-Octopus-Power" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leadconnector-ffa89e4112fdba734a5ff64b0534aeff.yaml b/nuclei-templates/cve-less/plugins/leadconnector-ffa89e4112fdba734a5ff64b0534aeff.yaml new file mode 100644 index 0000000000..77038fbcce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leadconnector-ffa89e4112fdba734a5ff64b0534aeff.yaml @@ -0,0 +1,58 @@ +id: leadconnector-ffa89e4112fdba734a5ff64b0534aeff + +info: + name: > + LeadConnector <= 1.7 - Missing Authorization to Unauthenticated Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79e786ce-a3eb-40df-8dad-4c9c75243bec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leadconnector/" + google-query: inurl:"/wp-content/plugins/leadconnector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leadconnector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leadconnector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leadconnector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leadin-268919440c0c130df155e87fb1063e23.yaml b/nuclei-templates/cve-less/plugins/leadin-268919440c0c130df155e87fb1063e23.yaml new file mode 100644 index 0000000000..223ebb197b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leadin-268919440c0c130df155e87fb1063e23.yaml @@ -0,0 +1,58 @@ +id: leadin-268919440c0c130df155e87fb1063e23 + +info: + name: > + HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics <= 8.8.13 - Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66697f3e-c023-496d-b553-7d20352e33b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leadin/" + google-query: inurl:"/wp-content/plugins/leadin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leadin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leadin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leadin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.8.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leadinfo-657bb32b8f91f0127ec427c69158cd75.yaml b/nuclei-templates/cve-less/plugins/leadinfo-657bb32b8f91f0127ec427c69158cd75.yaml new file mode 100644 index 0000000000..4e78bdd7a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leadinfo-657bb32b8f91f0127ec427c69158cd75.yaml @@ -0,0 +1,58 @@ +id: leadinfo-657bb32b8f91f0127ec427c69158cd75 + +info: + name: > + Leadinfo <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e39d3ec1-b1a5-4176-88ac-432d91dbf621?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leadinfo/" + google-query: inurl:"/wp-content/plugins/leadinfo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leadinfo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leadinfo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leadinfo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leadsquared-suite-8668394708fedca0791c9dce209e6c21.yaml b/nuclei-templates/cve-less/plugins/leadsquared-suite-8668394708fedca0791c9dce209e6c21.yaml new file mode 100644 index 0000000000..f7939413d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leadsquared-suite-8668394708fedca0791c9dce209e6c21.yaml @@ -0,0 +1,58 @@ +id: leadsquared-suite-8668394708fedca0791c9dce209e6c21 + +info: + name: > + LeadSquared Suite <= 0.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef1aafc2-e47b-49da-8a4e-9111209308c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leadsquared-suite/" + google-query: inurl:"/wp-content/plugins/leadsquared-suite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leadsquared-suite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leadsquared-suite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leadsquared-suite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leadsquared-suite-fb9d67ae40f074a3d13bb91e383cd2e6.yaml b/nuclei-templates/cve-less/plugins/leadsquared-suite-fb9d67ae40f074a3d13bb91e383cd2e6.yaml new file mode 100644 index 0000000000..8584622c03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leadsquared-suite-fb9d67ae40f074a3d13bb91e383cd2e6.yaml @@ -0,0 +1,58 @@ +id: leadsquared-suite-fb9d67ae40f074a3d13bb91e383cd2e6 + +info: + name: > + LeadSquared Suite <= 0.7.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8da42003-f2d8-4837-84b2-e0e7171fa3fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leadsquared-suite/" + google-query: inurl:"/wp-content/plugins/leadsquared-suite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leadsquared-suite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leadsquared-suite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leadsquared-suite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leadster-marketing-conversacional-35e6f9b545b9a3d3918e9b2b36941c18.yaml b/nuclei-templates/cve-less/plugins/leadster-marketing-conversacional-35e6f9b545b9a3d3918e9b2b36941c18.yaml new file mode 100644 index 0000000000..a52d37c261 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leadster-marketing-conversacional-35e6f9b545b9a3d3918e9b2b36941c18.yaml @@ -0,0 +1,58 @@ +id: leadster-marketing-conversacional-35e6f9b545b9a3d3918e9b2b36941c18 + +info: + name: > + Leadster <= 1.1.2 - Cross-Site Request Forgery via leadster_script_code_action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86837f87-ea91-404a-92ac-38d1abf14cde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leadster-marketing-conversacional/" + google-query: inurl:"/wp-content/plugins/leadster-marketing-conversacional/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leadster-marketing-conversacional,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leadster-marketing-conversacional/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leadster-marketing-conversacional" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leadster-marketing-conversacional-c7398725776161b539e66b85a7395b11.yaml b/nuclei-templates/cve-less/plugins/leadster-marketing-conversacional-c7398725776161b539e66b85a7395b11.yaml new file mode 100644 index 0000000000..08d64ba0c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leadster-marketing-conversacional-c7398725776161b539e66b85a7395b11.yaml @@ -0,0 +1,58 @@ +id: leadster-marketing-conversacional-c7398725776161b539e66b85a7395b11 + +info: + name: > + Leadster <= 1.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/361216af-b939-4ac1-ae06-97552d283670?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leadster-marketing-conversacional/" + google-query: inurl:"/wp-content/plugins/leadster-marketing-conversacional/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leadster-marketing-conversacional,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leadster-marketing-conversacional/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leadster-marketing-conversacional" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leaflet-map-0bd29affbc67a54bb066a76fed95c3b0.yaml b/nuclei-templates/cve-less/plugins/leaflet-map-0bd29affbc67a54bb066a76fed95c3b0.yaml new file mode 100644 index 0000000000..4a678a0557 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leaflet-map-0bd29affbc67a54bb066a76fed95c3b0.yaml @@ -0,0 +1,58 @@ +id: leaflet-map-0bd29affbc67a54bb066a76fed95c3b0 + +info: + name: > + Leaflet Map < 3.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0d7e56d-453f-4df0-8cf5-32d8bafc60d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leaflet-map/" + google-query: inurl:"/wp-content/plugins/leaflet-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leaflet-map,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leaflet-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leaflet-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.23.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leaflet-map-5c2752426bec20e3d652e4f604fa0685.yaml b/nuclei-templates/cve-less/plugins/leaflet-map-5c2752426bec20e3d652e4f604fa0685.yaml new file mode 100644 index 0000000000..44845670b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leaflet-map-5c2752426bec20e3d652e4f604fa0685.yaml @@ -0,0 +1,58 @@ +id: leaflet-map-5c2752426bec20e3d652e4f604fa0685 + +info: + name: > + Leaflet Map <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3084c9ab-00aa-4b8e-aa46-bd70b335ec77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leaflet-map/" + google-query: inurl:"/wp-content/plugins/leaflet-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leaflet-map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leaflet-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leaflet-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leaflet-map-e97645e174e90e9260a0b981384daa6e.yaml b/nuclei-templates/cve-less/plugins/leaflet-map-e97645e174e90e9260a0b981384daa6e.yaml new file mode 100644 index 0000000000..c9c2c2474c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leaflet-map-e97645e174e90e9260a0b981384daa6e.yaml @@ -0,0 +1,58 @@ +id: leaflet-map-e97645e174e90e9260a0b981384daa6e + +info: + name: > + Leaflet Map <= 2.23.3 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66dc7618-3d84-4a55-9bed-0f41415ed9e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leaflet-map/" + google-query: inurl:"/wp-content/plugins/leaflet-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leaflet-map,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leaflet-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leaflet-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.23.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leaflet-maps-marker-7f6d3b4e502f3e87f036376c050085cb.yaml b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-7f6d3b4e502f3e87f036376c050085cb.yaml new file mode 100644 index 0000000000..68ca61ed27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-7f6d3b4e502f3e87f036376c050085cb.yaml @@ -0,0 +1,58 @@ +id: leaflet-maps-marker-7f6d3b4e502f3e87f036376c050085cb + +info: + name: > + Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) <= 3.12.4 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4414b5d-9ce5-4378-ab41-c82ae3bebd6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leaflet-maps-marker/" + google-query: inurl:"/wp-content/plugins/leaflet-maps-marker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leaflet-maps-marker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leaflet-maps-marker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leaflet-maps-marker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.12.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leaflet-maps-marker-8015d391de62b785680b52c5ead73093.yaml b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-8015d391de62b785680b52c5ead73093.yaml new file mode 100644 index 0000000000..7e62be799d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-8015d391de62b785680b52c5ead73093.yaml @@ -0,0 +1,58 @@ +id: leaflet-maps-marker-8015d391de62b785680b52c5ead73093 + +info: + name: > + Leaflet Maps Marker < 3.12.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a73f3d93-198c-484c-bed5-59e477f3833e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leaflet-maps-marker/" + google-query: inurl:"/wp-content/plugins/leaflet-maps-marker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leaflet-maps-marker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leaflet-maps-marker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leaflet-maps-marker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.12.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leaflet-maps-marker-d4c7d6015d840d0227eb1573d5a3b347.yaml b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-d4c7d6015d840d0227eb1573d5a3b347.yaml new file mode 100644 index 0000000000..ba9e5b9404 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-d4c7d6015d840d0227eb1573d5a3b347.yaml @@ -0,0 +1,58 @@ +id: leaflet-maps-marker-d4c7d6015d840d0227eb1573d5a3b347 + +info: + name: > + Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 2.3.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d0eb69a-3c94-40c2-acdf-6310190197a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leaflet-maps-marker/" + google-query: inurl:"/wp-content/plugins/leaflet-maps-marker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leaflet-maps-marker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leaflet-maps-marker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leaflet-maps-marker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leaflet-maps-marker-fb54b510af0f0d5e8604602a7c9ddbef.yaml b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-fb54b510af0f0d5e8604602a7c9ddbef.yaml new file mode 100644 index 0000000000..b76453d525 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leaflet-maps-marker-fb54b510af0f0d5e8604602a7c9ddbef.yaml @@ -0,0 +1,58 @@ +id: leaflet-maps-marker-fb54b510af0f0d5e8604602a7c9ddbef + +info: + name: > + Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) <= 3.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62ace939-3c14-4e68-897b-ec845182ca50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leaflet-maps-marker/" + google-query: inurl:"/wp-content/plugins/leaflet-maps-marker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leaflet-maps-marker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leaflet-maps-marker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leaflet-maps-marker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.12.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/league-table-lite-a485120e585260a017fc72fe127dae66.yaml b/nuclei-templates/cve-less/plugins/league-table-lite-a485120e585260a017fc72fe127dae66.yaml new file mode 100644 index 0000000000..d4be52adeb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/league-table-lite-a485120e585260a017fc72fe127dae66.yaml @@ -0,0 +1,58 @@ +id: league-table-lite-a485120e585260a017fc72fe127dae66 + +info: + name: > + League Table <= 1.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef7ec175-cee5-4559-909d-ee689158d67c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/league-table-lite/" + google-query: inurl:"/wp-content/plugins/league-table-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,league-table-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/league-table-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "league-table-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leaguemanager-ccd9eb7d8d7c7fdd585ed7aff289426f.yaml b/nuclei-templates/cve-less/plugins/leaguemanager-ccd9eb7d8d7c7fdd585ed7aff289426f.yaml new file mode 100644 index 0000000000..272566a309 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leaguemanager-ccd9eb7d8d7c7fdd585ed7aff289426f.yaml @@ -0,0 +1,58 @@ +id: leaguemanager-ccd9eb7d8d7c7fdd585ed7aff289426f + +info: + name: > + LeagueManager < 3.8.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea0d1acc-d2c9-4851-9753-d87587236d7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leaguemanager/" + google-query: inurl:"/wp-content/plugins/leaguemanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leaguemanager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leaguemanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leaguemanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leaguemanager-d0e94011e5fe6201731b0911afc2291e.yaml b/nuclei-templates/cve-less/plugins/leaguemanager-d0e94011e5fe6201731b0911afc2291e.yaml new file mode 100644 index 0000000000..715f9374f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leaguemanager-d0e94011e5fe6201731b0911afc2291e.yaml @@ -0,0 +1,58 @@ +id: leaguemanager-d0e94011e5fe6201731b0911afc2291e + +info: + name: > + LeagueManager <= 3.7 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/535af5fa-891b-4d21-ab13-c4ef68dd339b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leaguemanager/" + google-query: inurl:"/wp-content/plugins/leaguemanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leaguemanager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leaguemanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leaguemanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leaky-paywall-58a6911fd3193aa0bffa110e873b9369.yaml b/nuclei-templates/cve-less/plugins/leaky-paywall-58a6911fd3193aa0bffa110e873b9369.yaml new file mode 100644 index 0000000000..a5d8a79a20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leaky-paywall-58a6911fd3193aa0bffa110e873b9369.yaml @@ -0,0 +1,58 @@ +id: leaky-paywall-58a6911fd3193aa0bffa110e873b9369 + +info: + name: > + Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ad7fd59-e4a2-46e7-9232-d76255a6b0b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leaky-paywall/" + google-query: inurl:"/wp-content/plugins/leaky-paywall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leaky-paywall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leaky-paywall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leaky-paywall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.16.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leaky-paywall-9dd9621e217d263471711af1462b33c0.yaml b/nuclei-templates/cve-less/plugins/leaky-paywall-9dd9621e217d263471711af1462b33c0.yaml new file mode 100644 index 0000000000..fbd8a57600 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leaky-paywall-9dd9621e217d263471711af1462b33c0.yaml @@ -0,0 +1,58 @@ +id: leaky-paywall-9dd9621e217d263471711af1462b33c0 + +info: + name: > + Leaky Paywall <= 4.20.8 - Missing Authorization to Price Manipulation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9f627f0-779c-4d57-a471-ce742e3a5dd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leaky-paywall/" + google-query: inurl:"/wp-content/plugins/leaky-paywall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leaky-paywall,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leaky-paywall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leaky-paywall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.20.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learn-manager-ad546711ae594c4c52f6942c35b5d00b.yaml b/nuclei-templates/cve-less/plugins/learn-manager-ad546711ae594c4c52f6942c35b5d00b.yaml new file mode 100644 index 0000000000..f4481cc01a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learn-manager-ad546711ae594c4c52f6942c35b5d00b.yaml @@ -0,0 +1,58 @@ +id: learn-manager-ad546711ae594c4c52f6942c35b5d00b + +info: + name: > + WP LMS – Best WordPress LMS Plugin <= 1.1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92cdb716-8e45-41ea-8805-527d20a4bcb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learn-manager/" + google-query: inurl:"/wp-content/plugins/learn-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learn-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learn-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learn-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learning-management-system-8cf11b7a12ed4b53c21429a42b2dad73.yaml b/nuclei-templates/cve-less/plugins/learning-management-system-8cf11b7a12ed4b53c21429a42b2dad73.yaml new file mode 100644 index 0000000000..7341bea6ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learning-management-system-8cf11b7a12ed4b53c21429a42b2dad73.yaml @@ -0,0 +1,58 @@ +id: learning-management-system-8cf11b7a12ed4b53c21429a42b2dad73 + +info: + name: > + Masteriyo - LMS for WordPress <= 1.6.7 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e8933b8-1e09-4cd7-8206-711cc0716dba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learning-management-system/" + google-query: inurl:"/wp-content/plugins/learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learning-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learning-management-system-b7a48cf548d48b851bf88b40be93ae49.yaml b/nuclei-templates/cve-less/plugins/learning-management-system-b7a48cf548d48b851bf88b40be93ae49.yaml new file mode 100644 index 0000000000..cf5f398311 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learning-management-system-b7a48cf548d48b851bf88b40be93ae49.yaml @@ -0,0 +1,58 @@ +id: learning-management-system-b7a48cf548d48b851bf88b40be93ae49 + +info: + name: > + Masteriyo - LMS <= 1.7.2 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cf1276b-401d-4166-940e-e5d60f85e762?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learning-management-system/" + google-query: inurl:"/wp-content/plugins/learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learning-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learning-management-system-f3b11694ac1b5d77b57c36945d67adf9.yaml b/nuclei-templates/cve-less/plugins/learning-management-system-f3b11694ac1b5d77b57c36945d67adf9.yaml new file mode 100644 index 0000000000..a93523790f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learning-management-system-f3b11694ac1b5d77b57c36945d67adf9.yaml @@ -0,0 +1,58 @@ +id: learning-management-system-f3b11694ac1b5d77b57c36945d67adf9 + +info: + name: > + Masteriyo - LMS <= 1.7.3 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0173e2a3-452d-490b-8ed7-a049a476d137?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learning-management-system/" + google-query: inurl:"/wp-content/plugins/learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learning-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-087877bec152b3c6056ae543a1948ff7.yaml b/nuclei-templates/cve-less/plugins/learnpress-087877bec152b3c6056ae543a1948ff7.yaml new file mode 100644 index 0000000000..6716f97439 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-087877bec152b3c6056ae543a1948ff7.yaml @@ -0,0 +1,58 @@ +id: learnpress-087877bec152b3c6056ae543a1948ff7 + +info: + name: > + LearnPress <= 4.1.7.3.2 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3fe07df-3589-4767-a81d-a6b72c5ab1a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.7.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-1090bbe0593e4ecda3fb75c3e6d7bf93.yaml b/nuclei-templates/cve-less/plugins/learnpress-1090bbe0593e4ecda3fb75c3e6d7bf93.yaml new file mode 100644 index 0000000000..bc185dce55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-1090bbe0593e4ecda3fb75c3e6d7bf93.yaml @@ -0,0 +1,58 @@ +id: learnpress-1090bbe0593e4ecda3fb75c3e6d7bf93 + +info: + name: > + LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a639d27-8704-4841-b2b5-6afbf342a0ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-12497cf3a1ab73f82504a379a27c0f10.yaml b/nuclei-templates/cve-less/plugins/learnpress-12497cf3a1ab73f82504a379a27c0f10.yaml new file mode 100644 index 0000000000..93a09556ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-12497cf3a1ab73f82504a379a27c0f10.yaml @@ -0,0 +1,58 @@ +id: learnpress-12497cf3a1ab73f82504a379a27c0f10 + +info: + name: > + LearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_by + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ab578cd-3a0b-43d3-aaa7-0a01f431a4e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-12b3926da3c13269ad9e1faadb8734ac.yaml b/nuclei-templates/cve-less/plugins/learnpress-12b3926da3c13269ad9e1faadb8734ac.yaml new file mode 100644 index 0000000000..2aea5ed666 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-12b3926da3c13269ad9e1faadb8734ac.yaml @@ -0,0 +1,58 @@ +id: learnpress-12b3926da3c13269ad9e1faadb8734ac + +info: + name: > + LearnPress <= 4.1.3 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4122a963-b8e2-448a-b268-3192613fa3df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-1f34156a3d4672d58e020bb5b55f0b64.yaml b/nuclei-templates/cve-less/plugins/learnpress-1f34156a3d4672d58e020bb5b55f0b64.yaml new file mode 100644 index 0000000000..b86362b402 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-1f34156a3d4672d58e020bb5b55f0b64.yaml @@ -0,0 +1,58 @@ +id: learnpress-1f34156a3d4672d58e020bb5b55f0b64 + +info: + name: > + LearnPress <= 4.2.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e91e864a-20f6-48a2-ab9f-d20836207383?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-35cfad6b28404a58bea291114a1dac41.yaml b/nuclei-templates/cve-less/plugins/learnpress-35cfad6b28404a58bea291114a1dac41.yaml new file mode 100644 index 0000000000..cf42c4909a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-35cfad6b28404a58bea291114a1dac41.yaml @@ -0,0 +1,58 @@ +id: learnpress-35cfad6b28404a58bea291114a1dac41 + +info: + name: > + LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46693edf-bcc6-4af8-9f26-5ede865f4694?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-3efe74d4dfd2ffb7e9340cb78fbbba24.yaml b/nuclei-templates/cve-less/plugins/learnpress-3efe74d4dfd2ffb7e9340cb78fbbba24.yaml new file mode 100644 index 0000000000..bf4814c78b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-3efe74d4dfd2ffb7e9340cb78fbbba24.yaml @@ -0,0 +1,58 @@ +id: learnpress-3efe74d4dfd2ffb7e9340cb78fbbba24 + +info: + name: > + LearnPress <= 4.2.6.3 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c410d91-08cc-496d-9c8e-c57f107399da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-4b10ad9364b379816e8420c4f6c13bb4.yaml b/nuclei-templates/cve-less/plugins/learnpress-4b10ad9364b379816e8420c4f6c13bb4.yaml new file mode 100644 index 0000000000..5647d43644 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-4b10ad9364b379816e8420c4f6c13bb4.yaml @@ -0,0 +1,58 @@ +id: learnpress-4b10ad9364b379816e8420c4f6c13bb4 + +info: + name: > + LearnPress <= 4.1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/782e30a7-6813-47b4-b447-d5f03dcb9dc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-52edc6613624a73f45b9edd81d15ffe1.yaml b/nuclei-templates/cve-less/plugins/learnpress-52edc6613624a73f45b9edd81d15ffe1.yaml new file mode 100644 index 0000000000..db8ebfa036 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-52edc6613624a73f45b9edd81d15ffe1.yaml @@ -0,0 +1,58 @@ +id: learnpress-52edc6613624a73f45b9edd81d15ffe1 + +info: + name: > + LearnPress <= 4.2.3 - Missing Authorization to Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea136a60-aa42-4577-88b6-a49c79098954?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-5b6638dc9ccd4becc08f9931fb9023fa.yaml b/nuclei-templates/cve-less/plugins/learnpress-5b6638dc9ccd4becc08f9931fb9023fa.yaml new file mode 100644 index 0000000000..65242d7162 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-5b6638dc9ccd4becc08f9931fb9023fa.yaml @@ -0,0 +1,58 @@ +id: learnpress-5b6638dc9ccd4becc08f9931fb9023fa + +info: + name: > + LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec20d5c4-4c41-4ec9-8d0a-ec8f03634f7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-665258488a89f334d44f72f086862e16.yaml b/nuclei-templates/cve-less/plugins/learnpress-665258488a89f334d44f72f086862e16.yaml new file mode 100644 index 0000000000..69e64668f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-665258488a89f334d44f72f086862e16.yaml @@ -0,0 +1,58 @@ +id: learnpress-665258488a89f334d44f72f086862e16 + +info: + name: > + LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9e1410f-10c9-4654-8b61-cfcdde696da7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-6d3b26eeb9dd4b508b1794df4cfed998.yaml b/nuclei-templates/cve-less/plugins/learnpress-6d3b26eeb9dd4b508b1794df4cfed998.yaml new file mode 100644 index 0000000000..6bbe42363e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-6d3b26eeb9dd4b508b1794df4cfed998.yaml @@ -0,0 +1,58 @@ +id: learnpress-6d3b26eeb9dd4b508b1794df4cfed998 + +info: + name: > + LearnPress <= 3.0.12 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e50a998e-b6f2-443a-83a9-299def2420c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-71196217c30f569c96ec1f5bb53b87d5.yaml b/nuclei-templates/cve-less/plugins/learnpress-71196217c30f569c96ec1f5bb53b87d5.yaml new file mode 100644 index 0000000000..d1c0d5f47c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-71196217c30f569c96ec1f5bb53b87d5.yaml @@ -0,0 +1,58 @@ +id: learnpress-71196217c30f569c96ec1f5bb53b87d5 + +info: + name: > + LearnPress <= 3.2.6.6 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/822b5a6b-0be6-4511-bf5d-c32574f27865?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-7716b5ad1739bacc35b966f53febea57.yaml b/nuclei-templates/cve-less/plugins/learnpress-7716b5ad1739bacc35b966f53febea57.yaml new file mode 100644 index 0000000000..a32ea8f974 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-7716b5ad1739bacc35b966f53febea57.yaml @@ -0,0 +1,58 @@ +id: learnpress-7716b5ad1739bacc35b966f53febea57 + +info: + name: > + LearnPress <= 4.1.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4489d26b-dcdc-475c-b1e1-3626cc75ae75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-79a6d64a3a134f3b86c4ab9063f7bbeb.yaml b/nuclei-templates/cve-less/plugins/learnpress-79a6d64a3a134f3b86c4ab9063f7bbeb.yaml new file mode 100644 index 0000000000..787e1ea8e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-79a6d64a3a134f3b86c4ab9063f7bbeb.yaml @@ -0,0 +1,58 @@ +id: learnpress-79a6d64a3a134f3b86c4ab9063f7bbeb + +info: + name: > + LearnPress <= 3.2.6.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d79432d-7977-4279-ac69-8e9db682800e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-7cd4e467091cf2ef9c11f5015a5e2616.yaml b/nuclei-templates/cve-less/plugins/learnpress-7cd4e467091cf2ef9c11f5015a5e2616.yaml new file mode 100644 index 0000000000..4983629fc7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-7cd4e467091cf2ef9c11f5015a5e2616.yaml @@ -0,0 +1,58 @@ +id: learnpress-7cd4e467091cf2ef9c11f5015a5e2616 + +info: + name: > + LearnPress <= 4.1.4.1 - Arbitrary Image Renaming + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5200ed9c-83dd-4f07-804c-2519932e5546?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-8ac95793b1af58e01fb386297987dde6.yaml b/nuclei-templates/cve-less/plugins/learnpress-8ac95793b1af58e01fb386297987dde6.yaml new file mode 100644 index 0000000000..55fa9c3ddc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-8ac95793b1af58e01fb386297987dde6.yaml @@ -0,0 +1,58 @@ +id: learnpress-8ac95793b1af58e01fb386297987dde6 + +info: + name: > + LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d64e1c6-1e25-4438-974d-b7da0979cc40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-8e805369c6f828c8254ff169ce6c85f4.yaml b/nuclei-templates/cve-less/plugins/learnpress-8e805369c6f828c8254ff169ce6c85f4.yaml new file mode 100644 index 0000000000..bfc4be456c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-8e805369c6f828c8254ff169ce6c85f4.yaml @@ -0,0 +1,58 @@ +id: learnpress-8e805369c6f828c8254ff169ce6c85f4 + +info: + name: > + LearnPress <= 4.1.7.3.2 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34110479-2581-4710-82ff-1d53535d83e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.7.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-9300ac45be528f46650e4e8e9c810c53.yaml b/nuclei-templates/cve-less/plugins/learnpress-9300ac45be528f46650e4e8e9c810c53.yaml new file mode 100644 index 0000000000..f9f90adb28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-9300ac45be528f46650e4e8e9c810c53.yaml @@ -0,0 +1,58 @@ +id: learnpress-9300ac45be528f46650e4e8e9c810c53 + +info: + name: > + LearnPress <= 4.1.7.1 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa7e74ee-fd66-41e2-babd-06bdfb32d013?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-a1074ed3b0484056994227f5bc722d4b.yaml b/nuclei-templates/cve-less/plugins/learnpress-a1074ed3b0484056994227f5bc722d4b.yaml new file mode 100644 index 0000000000..0971ce2274 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-a1074ed3b0484056994227f5bc722d4b.yaml @@ -0,0 +1,58 @@ +id: learnpress-a1074ed3b0484056994227f5bc722d4b + +info: + name: > + LearnPress <= 4.2.5.7 - Command Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21291ed7-cdc0-4698-9ec4-8417160845ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-a6e9d3ad722034f3a564750baa53887c.yaml b/nuclei-templates/cve-less/plugins/learnpress-a6e9d3ad722034f3a564750baa53887c.yaml new file mode 100644 index 0000000000..4e0c4e5924 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-a6e9d3ad722034f3a564750baa53887c.yaml @@ -0,0 +1,58 @@ +id: learnpress-a6e9d3ad722034f3a564750baa53887c + +info: + name: > + LearnPress <= 4.1.3.1 - Stored Cross-Site Scripting via $custom_profile + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d652b50-9c9c-4418-bd6b-ae862a1c8786?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-b383deabc0a5d3fd85420cbb993138a3.yaml b/nuclei-templates/cve-less/plugins/learnpress-b383deabc0a5d3fd85420cbb993138a3.yaml new file mode 100644 index 0000000000..9d22d05e4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-b383deabc0a5d3fd85420cbb993138a3.yaml @@ -0,0 +1,58 @@ +id: learnpress-b383deabc0a5d3fd85420cbb993138a3 + +info: + name: > + LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/342a4482-f5d3-4cc9-a998-e3abac7142cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-c8400b062377f9f8018cda91a345e846.yaml b/nuclei-templates/cve-less/plugins/learnpress-c8400b062377f9f8018cda91a345e846.yaml new file mode 100644 index 0000000000..53fc32a687 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-c8400b062377f9f8018cda91a345e846.yaml @@ -0,0 +1,58 @@ +id: learnpress-c8400b062377f9f8018cda91a345e846 + +info: + name: > + LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/215d5d9e-dabb-462d-8c51-952f8c497b78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-d5338c51a39110eb82434918065d2ccd.yaml b/nuclei-templates/cve-less/plugins/learnpress-d5338c51a39110eb82434918065d2ccd.yaml new file mode 100644 index 0000000000..42b9e261d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-d5338c51a39110eb82434918065d2ccd.yaml @@ -0,0 +1,58 @@ +id: learnpress-d5338c51a39110eb82434918065d2ccd + +info: + name: > + LearnPress <= 3.0.12 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba16b100-6ee7-46ec-8868-4467a29048ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-d8c2f0e374c51f43e12982dec783de7d.yaml b/nuclei-templates/cve-less/plugins/learnpress-d8c2f0e374c51f43e12982dec783de7d.yaml new file mode 100644 index 0000000000..b256e2d919 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-d8c2f0e374c51f43e12982dec783de7d.yaml @@ -0,0 +1,58 @@ +id: learnpress-d8c2f0e374c51f43e12982dec783de7d + +info: + name: > + LearnPress <= 3.2.6.8 - Privilege Escalation via accept-to-be-teacher action parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91f13d74-0ad9-4790-a534-e8ff1655f06f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-e165d1235715cb13a0ff33a2e71acdb3.yaml b/nuclei-templates/cve-less/plugins/learnpress-e165d1235715cb13a0ff33a2e71acdb3.yaml new file mode 100644 index 0000000000..2992c8ab67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-e165d1235715cb13a0ff33a2e71acdb3.yaml @@ -0,0 +1,58 @@ +id: learnpress-e165d1235715cb13a0ff33a2e71acdb3 + +info: + name: > + LearnPress <= 4.1.7.3.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9890c852-a38d-4429-bd75-751bd0f986fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.7.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-ecf4e36c0bf9bffe5d8065599df28f54.yaml b/nuclei-templates/cve-less/plugins/learnpress-ecf4e36c0bf9bffe5d8065599df28f54.yaml new file mode 100644 index 0000000000..ad4c198462 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-ecf4e36c0bf9bffe5d8065599df28f54.yaml @@ -0,0 +1,58 @@ +id: learnpress-ecf4e36c0bf9bffe5d8065599df28f54 + +info: + name: > + LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea002da-bf37-4c6d-a46e-4f0e7f8968ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-eec19c37d540d2e27f564c70a69eb498.yaml b/nuclei-templates/cve-less/plugins/learnpress-eec19c37d540d2e27f564c70a69eb498.yaml new file mode 100644 index 0000000000..3812e635cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-eec19c37d540d2e27f564c70a69eb498.yaml @@ -0,0 +1,58 @@ +id: learnpress-eec19c37d540d2e27f564c70a69eb498 + +info: + name: > + LearnPress <= 4.2.5.3 - Reflected Cross-Site Scripting via add_internal_scripts_to_head + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81fd3ac1-91af-4cfa-ac4e-712beb4236c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-fdbdaaf65435bbd1ff18dc91bfebb894.yaml b/nuclei-templates/cve-less/plugins/learnpress-fdbdaaf65435bbd1ff18dc91bfebb894.yaml new file mode 100644 index 0000000000..8e9cec2d82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-fdbdaaf65435bbd1ff18dc91bfebb894.yaml @@ -0,0 +1,58 @@ +id: learnpress-fdbdaaf65435bbd1ff18dc91bfebb894 + +info: + name: > + LearnPress <= 3.0.12 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cccdc9ea-7511-4588-9459-61c38000724d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-ffbfea6a2970df28e2afd4173682647a.yaml b/nuclei-templates/cve-less/plugins/learnpress-ffbfea6a2970df28e2afd4173682647a.yaml new file mode 100644 index 0000000000..e012457510 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-ffbfea6a2970df28e2afd4173682647a.yaml @@ -0,0 +1,58 @@ +id: learnpress-ffbfea6a2970df28e2afd4173682647a + +info: + name: > + LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abb4b617-884b-4e72-812f-5f23a0976ab6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress/" + google-query: inurl:"/wp-content/plugins/learnpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-import-export-22e409e6170e1adf0b8466f8fe714d12.yaml b/nuclei-templates/cve-less/plugins/learnpress-import-export-22e409e6170e1adf0b8466f8fe714d12.yaml new file mode 100644 index 0000000000..179546dc84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-import-export-22e409e6170e1adf0b8466f8fe714d12.yaml @@ -0,0 +1,58 @@ +id: learnpress-import-export-22e409e6170e1adf0b8466f8fe714d12 + +info: + name: > + LearnPress Export Import <= 4.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/096ea1e3-a6c3-43c7-94f0-6c5617dd3fa9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress-import-export/" + google-query: inurl:"/wp-content/plugins/learnpress-import-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress-import-export,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress-import-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress-import-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-import-export-3bfe2176ab2d6339c4363df34b9c843f.yaml b/nuclei-templates/cve-less/plugins/learnpress-import-export-3bfe2176ab2d6339c4363df34b9c843f.yaml new file mode 100644 index 0000000000..7c3e6f4206 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-import-export-3bfe2176ab2d6339c4363df34b9c843f.yaml @@ -0,0 +1,58 @@ +id: learnpress-import-export-3bfe2176ab2d6339c4363df34b9c843f + +info: + name: > + LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98a274eb-036f-44f1-861d-1cfea0b34d7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress-import-export/" + google-query: inurl:"/wp-content/plugins/learnpress-import-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress-import-export,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress-import-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress-import-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/learnpress-import-export-bcce3c1d97bc388506a917ca0cc1d4ac.yaml b/nuclei-templates/cve-less/plugins/learnpress-import-export-bcce3c1d97bc388506a917ca0cc1d4ac.yaml new file mode 100644 index 0000000000..9941062d72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/learnpress-import-export-bcce3c1d97bc388506a917ca0cc1d4ac.yaml @@ -0,0 +1,58 @@ +id: learnpress-import-export-bcce3c1d97bc388506a917ca0cc1d4ac + +info: + name: > + LearnPress - Export/Import Courses <= 4.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1322e229-5e0b-4c3d-ae96-e211a2831842?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/learnpress-import-export/" + google-query: inurl:"/wp-content/plugins/learnpress-import-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,learnpress-import-export,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/learnpress-import-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "learnpress-import-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leenkme-aa03d96ef5988adea4feb7a4e959e6b8.yaml b/nuclei-templates/cve-less/plugins/leenkme-aa03d96ef5988adea4feb7a4e959e6b8.yaml new file mode 100644 index 0000000000..87f57c2a7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leenkme-aa03d96ef5988adea4feb7a4e959e6b8.yaml @@ -0,0 +1,58 @@ +id: leenkme-aa03d96ef5988adea4feb7a4e959e6b8 + +info: + name: > + leenk.me < 2.6.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5289f7a5-7b7b-4627-a313-b8480f88b158?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leenkme/" + google-query: inurl:"/wp-content/plugins/leenkme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leenkme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leenkme/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leenkme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leenkme-e628e638290643fc84f3ec2a1da56d28.yaml b/nuclei-templates/cve-less/plugins/leenkme-e628e638290643fc84f3ec2a1da56d28.yaml new file mode 100644 index 0000000000..75796276c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leenkme-e628e638290643fc84f3ec2a1da56d28.yaml @@ -0,0 +1,58 @@ +id: leenkme-e628e638290643fc84f3ec2a1da56d28 + +info: + name: > + leenk.me <= 2.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18592ba2-cacb-461d-bacd-bc8f44a6126f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leenkme/" + google-query: inurl:"/wp-content/plugins/leenkme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leenkme,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leenkme/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leenkme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/left-right-image-slideshow-gallery-74c124627aef7bceecd485cb551c158e.yaml b/nuclei-templates/cve-less/plugins/left-right-image-slideshow-gallery-74c124627aef7bceecd485cb551c158e.yaml new file mode 100644 index 0000000000..4eae4966fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/left-right-image-slideshow-gallery-74c124627aef7bceecd485cb551c158e.yaml @@ -0,0 +1,58 @@ +id: left-right-image-slideshow-gallery-74c124627aef7bceecd485cb551c158e + +info: + name: > + Left right image slideshow gallery <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69902627-ce79-4a43-8949-43db6a9cc0dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/left-right-image-slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/left-right-image-slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,left-right-image-slideshow-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/left-right-image-slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "left-right-image-slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/legal-pages-873e76363814bb4471e426a80a606dee.yaml b/nuclei-templates/cve-less/plugins/legal-pages-873e76363814bb4471e426a80a606dee.yaml new file mode 100644 index 0000000000..f50ac9d564 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/legal-pages-873e76363814bb4471e426a80a606dee.yaml @@ -0,0 +1,58 @@ +id: legal-pages-873e76363814bb4471e426a80a606dee + +info: + name: > + Legal Pages <= 1.3.7 - Missing Authorization on 'deleteLegalTemplate' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3f87bd6-b432-4bf8-9046-8d66b45f6a85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/legal-pages/" + google-query: inurl:"/wp-content/plugins/legal-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,legal-pages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/legal-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "legal-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/legal-pages-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/legal-pages-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..ea1643b169 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/legal-pages-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: legal-pages-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/legal-pages/" + google-query: inurl:"/wp-content/plugins/legal-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,legal-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/legal-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "legal-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/legal-pages-bea5c55c5c2c8de715c6ad731a47b480.yaml b/nuclei-templates/cve-less/plugins/legal-pages-bea5c55c5c2c8de715c6ad731a47b480.yaml new file mode 100644 index 0000000000..32c616efcf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/legal-pages-bea5c55c5c2c8de715c6ad731a47b480.yaml @@ -0,0 +1,58 @@ +id: legal-pages-bea5c55c5c2c8de715c6ad731a47b480 + +info: + name: > + Legal Pages <= 1.4.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b8dc6f3-0ffc-4317-a32f-14dd7c301d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/legal-pages/" + google-query: inurl:"/wp-content/plugins/legal-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,legal-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/legal-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "legal-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/legal-pages-c5f8d6adcd0b5a4cfa26527341dbd20e.yaml b/nuclei-templates/cve-less/plugins/legal-pages-c5f8d6adcd0b5a4cfa26527341dbd20e.yaml new file mode 100644 index 0000000000..4339adad58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/legal-pages-c5f8d6adcd0b5a4cfa26527341dbd20e.yaml @@ -0,0 +1,58 @@ +id: legal-pages-c5f8d6adcd0b5a4cfa26527341dbd20e + +info: + name: > + Legal Pages <= 1.3.8 - Cross-Site Request Forgery via moveToTrash and fetch_and_insert_template_data + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fb9c8c3-e491-4bca-adeb-b87d9f8f3b32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/legal-pages/" + google-query: inurl:"/wp-content/plugins/legal-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,legal-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/legal-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "legal-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lets-box-40394fd34f6bdb20b6922c1630b7207e.yaml b/nuclei-templates/cve-less/plugins/lets-box-40394fd34f6bdb20b6922c1630b7207e.yaml new file mode 100644 index 0000000000..f71f6da4c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lets-box-40394fd34f6bdb20b6922c1630b7207e.yaml @@ -0,0 +1,58 @@ +id: lets-box-40394fd34f6bdb20b6922c1630b7207e + +info: + name: > + Lets-Box < 1.15.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59926d18-215e-4de3-acf2-19870026a13f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lets-box/" + google-query: inurl:"/wp-content/plugins/lets-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lets-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lets-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lets-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.15.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/letsrecover-woocommerce-abandoned-cart-1a6e413024d8d1ae95c30f6878f11970.yaml b/nuclei-templates/cve-less/plugins/letsrecover-woocommerce-abandoned-cart-1a6e413024d8d1ae95c30f6878f11970.yaml new file mode 100644 index 0000000000..4d3af689b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/letsrecover-woocommerce-abandoned-cart-1a6e413024d8d1ae95c30f6878f11970.yaml @@ -0,0 +1,58 @@ +id: letsrecover-woocommerce-abandoned-cart-1a6e413024d8d1ae95c30f6878f11970 + +info: + name: > + LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f9615a9-e001-4a1f-a675-21515b4ba97f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/letsrecover-woocommerce-abandoned-cart/" + google-query: inurl:"/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,letsrecover-woocommerce-abandoned-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "letsrecover-woocommerce-abandoned-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/letsrecover-woocommerce-abandoned-cart-381f90bef3e067367c93c00d3b2f3da3.yaml b/nuclei-templates/cve-less/plugins/letsrecover-woocommerce-abandoned-cart-381f90bef3e067367c93c00d3b2f3da3.yaml new file mode 100644 index 0000000000..62d5180ec2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/letsrecover-woocommerce-abandoned-cart-381f90bef3e067367c93c00d3b2f3da3.yaml @@ -0,0 +1,58 @@ +id: letsrecover-woocommerce-abandoned-cart-381f90bef3e067367c93c00d3b2f3da3 + +info: + name: > + LetsRecover <= 1.1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a251bcbf-68ec-4833-b21c-7a823ce65279?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/letsrecover-woocommerce-abandoned-cart/" + google-query: inurl:"/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,letsrecover-woocommerce-abandoned-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "letsrecover-woocommerce-abandoned-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/letsrecover-woocommerce-abandoned-cart-b6431bc8ea172cd6898e2fe9706d240f.yaml b/nuclei-templates/cve-less/plugins/letsrecover-woocommerce-abandoned-cart-b6431bc8ea172cd6898e2fe9706d240f.yaml new file mode 100644 index 0000000000..f71c7d6911 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/letsrecover-woocommerce-abandoned-cart-b6431bc8ea172cd6898e2fe9706d240f.yaml @@ -0,0 +1,58 @@ +id: letsrecover-woocommerce-abandoned-cart-b6431bc8ea172cd6898e2fe9706d240f + +info: + name: > + LetsRecover <= 1.1.0 - Unauthenticated SQL Injection via AJAX action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/916ada05-894e-4e61-ba0a-25b9a48461a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/letsrecover-woocommerce-abandoned-cart/" + google-query: inurl:"/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,letsrecover-woocommerce-abandoned-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/letsrecover-woocommerce-abandoned-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "letsrecover-woocommerce-abandoned-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/letterpress-c8fa2e9308164baca50265fff2c3437b.yaml b/nuclei-templates/cve-less/plugins/letterpress-c8fa2e9308164baca50265fff2c3437b.yaml new file mode 100644 index 0000000000..1fdffda756 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/letterpress-c8fa2e9308164baca50265fff2c3437b.yaml @@ -0,0 +1,58 @@ +id: letterpress-c8fa2e9308164baca50265fff2c3437b + +info: + name: > + LetterPress <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3f9e624-c176-403c-a3c5-7bd11027ebe5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/letterpress/" + google-query: inurl:"/wp-content/plugins/letterpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,letterpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/letterpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "letterpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leyka-3a9635822cb7314607ac71f9acb49b4b.yaml b/nuclei-templates/cve-less/plugins/leyka-3a9635822cb7314607ac71f9acb49b4b.yaml new file mode 100644 index 0000000000..50c8b27ab4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leyka-3a9635822cb7314607ac71f9acb49b4b.yaml @@ -0,0 +1,58 @@ +id: leyka-3a9635822cb7314607ac71f9acb49b4b + +info: + name: > + Leyka <= 3.29.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1ab02c0-e083-4f0e-b6d4-1a10ade2c688?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leyka/" + google-query: inurl:"/wp-content/plugins/leyka/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leyka,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leyka/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leyka" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.29.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leyka-4ad4d0b506ee721748cb73d977e55c9e.yaml b/nuclei-templates/cve-less/plugins/leyka-4ad4d0b506ee721748cb73d977e55c9e.yaml new file mode 100644 index 0000000000..96a46a0df7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leyka-4ad4d0b506ee721748cb73d977e55c9e.yaml @@ -0,0 +1,58 @@ +id: leyka-4ad4d0b506ee721748cb73d977e55c9e + +info: + name: > + Leyka <= 3.30.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95210ed8-4606-44fa-b823-b33e1d4a4ce0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leyka/" + google-query: inurl:"/wp-content/plugins/leyka/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leyka,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leyka/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leyka" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.30.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leyka-5079f0a10d3876d504cfe4b7bc45d5bd.yaml b/nuclei-templates/cve-less/plugins/leyka-5079f0a10d3876d504cfe4b7bc45d5bd.yaml new file mode 100644 index 0000000000..6118dfcab3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leyka-5079f0a10d3876d504cfe4b7bc45d5bd.yaml @@ -0,0 +1,58 @@ +id: leyka-5079f0a10d3876d504cfe4b7bc45d5bd + +info: + name: > + Leyka <= 3.30.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d11c84ea-e52b-4396-a508-9d415040b76e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leyka/" + google-query: inurl:"/wp-content/plugins/leyka/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leyka,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leyka/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leyka" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.30.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leyka-575822ff84218761efa49bb8b62fda8e.yaml b/nuclei-templates/cve-less/plugins/leyka-575822ff84218761efa49bb8b62fda8e.yaml new file mode 100644 index 0000000000..7fca197d65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leyka-575822ff84218761efa49bb8b62fda8e.yaml @@ -0,0 +1,58 @@ +id: leyka-575822ff84218761efa49bb8b62fda8e + +info: + name: > + Leyka <= 3.30.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/baf54eb2-0b29-4718-a994-f722cefd7317?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leyka/" + google-query: inurl:"/wp-content/plugins/leyka/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leyka,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leyka/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leyka" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.30.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leyka-820bf6eebe51459c99397ba007997b65.yaml b/nuclei-templates/cve-less/plugins/leyka-820bf6eebe51459c99397ba007997b65.yaml new file mode 100644 index 0000000000..dfeec42bcc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leyka-820bf6eebe51459c99397ba007997b65.yaml @@ -0,0 +1,58 @@ +id: leyka-820bf6eebe51459c99397ba007997b65 + +info: + name: > + Leyka <= 3.30.2 - Privilege Escalation via Admin Password Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0152bcc9-6d24-4475-848d-71fe88aa7e2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leyka/" + google-query: inurl:"/wp-content/plugins/leyka/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leyka,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leyka/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leyka" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.30.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leyka-adb4907ddb0e6a30a22811f6c9a82a82.yaml b/nuclei-templates/cve-less/plugins/leyka-adb4907ddb0e6a30a22811f6c9a82a82.yaml new file mode 100644 index 0000000000..9c656929bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leyka-adb4907ddb0e6a30a22811f6c9a82a82.yaml @@ -0,0 +1,58 @@ +id: leyka-adb4907ddb0e6a30a22811f6c9a82a82 + +info: + name: > + Leyka <= 3.29.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3afbfa7c-a87f-4810-9356-374923ff2314?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leyka/" + google-query: inurl:"/wp-content/plugins/leyka/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leyka,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leyka/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leyka" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.29.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/leyka-ec4b1b9fc14ecc8856f3a0b0d90e5205.yaml b/nuclei-templates/cve-less/plugins/leyka-ec4b1b9fc14ecc8856f3a0b0d90e5205.yaml new file mode 100644 index 0000000000..fd7cf96992 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/leyka-ec4b1b9fc14ecc8856f3a0b0d90e5205.yaml @@ -0,0 +1,58 @@ +id: leyka-ec4b1b9fc14ecc8856f3a0b0d90e5205 + +info: + name: > + Leyka <= 3.30.7 - Authenticated (Subscriber+) Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcd24b90-94ff-4625-8e3e-9c90e38683f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/leyka/" + google-query: inurl:"/wp-content/plugins/leyka/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,leyka,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/leyka/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "leyka" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.30.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lgx-owl-carousel-881bf0ba98d7fd08888e0831b881248d.yaml b/nuclei-templates/cve-less/plugins/lgx-owl-carousel-881bf0ba98d7fd08888e0831b881248d.yaml new file mode 100644 index 0000000000..c2da254db0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lgx-owl-carousel-881bf0ba98d7fd08888e0831b881248d.yaml @@ -0,0 +1,58 @@ +id: lgx-owl-carousel-881bf0ba98d7fd08888e0831b881248d + +info: + name: > + OWL Carousel <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/511957c0-e4c3-4a50-b604-3b604d52d32f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lgx-owl-carousel/" + google-query: inurl:"/wp-content/plugins/lgx-owl-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lgx-owl-carousel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lgx-owl-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lgx-owl-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lh-add-media-from-url-b2d30fafcd7658ca0faf8113857402a7.yaml b/nuclei-templates/cve-less/plugins/lh-add-media-from-url-b2d30fafcd7658ca0faf8113857402a7.yaml new file mode 100644 index 0000000000..0fa7d0a2e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lh-add-media-from-url-b2d30fafcd7658ca0faf8113857402a7.yaml @@ -0,0 +1,58 @@ +id: lh-add-media-from-url-b2d30fafcd7658ca0faf8113857402a7 + +info: + name: > + LH Add Media From Url <= 1.22 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8bc24df-4d95-44b7-a58c-00a1b24f91e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lh-add-media-from-url/" + google-query: inurl:"/wp-content/plugins/lh-add-media-from-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lh-add-media-from-url,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lh-add-media-from-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lh-add-media-from-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lh-password-changer-5f7cb88319853fb89e824615700911ed.yaml b/nuclei-templates/cve-less/plugins/lh-password-changer-5f7cb88319853fb89e824615700911ed.yaml new file mode 100644 index 0000000000..a6f4ebacb5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lh-password-changer-5f7cb88319853fb89e824615700911ed.yaml @@ -0,0 +1,58 @@ +id: lh-password-changer-5f7cb88319853fb89e824615700911ed + +info: + name: > + LH Password Changer <= 1.55 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19d08a16-51c1-4255-b0e0-01307e1783ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lh-password-changer/" + google-query: inurl:"/wp-content/plugins/lh-password-changer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lh-password-changer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lh-password-changer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lh-password-changer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.55') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/library-viewer-02d031e7b4eb9aeb9adbec2797214be1.yaml b/nuclei-templates/cve-less/plugins/library-viewer-02d031e7b4eb9aeb9adbec2797214be1.yaml new file mode 100644 index 0000000000..69617eca00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/library-viewer-02d031e7b4eb9aeb9adbec2797214be1.yaml @@ -0,0 +1,58 @@ +id: library-viewer-02d031e7b4eb9aeb9adbec2797214be1 + +info: + name: > + Library Viewer <= 2.0.6 - Open Redirect via 'redirect_to' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b12a7e57-a45f-407a-9dd9-843a628d73ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/library-viewer/" + google-query: inurl:"/wp-content/plugins/library-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,library-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/library-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "library-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/library-viewer-d611c750b72176ae3a8cea6f7095bd28.yaml b/nuclei-templates/cve-less/plugins/library-viewer-d611c750b72176ae3a8cea6f7095bd28.yaml new file mode 100644 index 0000000000..007537d0d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/library-viewer-d611c750b72176ae3a8cea6f7095bd28.yaml @@ -0,0 +1,58 @@ +id: library-viewer-d611c750b72176ae3a8cea6f7095bd28 + +info: + name: > + Library Viewer <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82c08769-2bb6-4c87-b198-f18216b3e744?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/library-viewer/" + google-query: inurl:"/wp-content/plugins/library-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,library-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/library-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "library-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/libreform-34d9d11da38306b6b9ca0ad0c24c767a.yaml b/nuclei-templates/cve-less/plugins/libreform-34d9d11da38306b6b9ca0ad0c24c767a.yaml new file mode 100644 index 0000000000..3d570e15f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/libreform-34d9d11da38306b6b9ca0ad0c24c767a.yaml @@ -0,0 +1,58 @@ +id: libreform-34d9d11da38306b6b9ca0ad0c24c767a + +info: + name: > + WP Libre Form 2 <= 2.0.8 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de45dd8c-c734-4b14-89ee-dbc46dcdae6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/libreform/" + google-query: inurl:"/wp-content/plugins/libreform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,libreform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/libreform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "libreform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/libsyn-podcasting-04c216a7711f03f2d76acb6a4f7b0e8c.yaml b/nuclei-templates/cve-less/plugins/libsyn-podcasting-04c216a7711f03f2d76acb6a4f7b0e8c.yaml new file mode 100644 index 0000000000..2771fe2b27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/libsyn-podcasting-04c216a7711f03f2d76acb6a4f7b0e8c.yaml @@ -0,0 +1,58 @@ +id: libsyn-podcasting-04c216a7711f03f2d76acb6a4f7b0e8c + +info: + name: > + Libsyn Publisher Hub <= 1.4.4 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56b3d629-014c-47b3-9726-4086e544011b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/libsyn-podcasting/" + google-query: inurl:"/wp-content/plugins/libsyn-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,libsyn-podcasting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/libsyn-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "libsyn-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/libsyn-podcasting-4614ae1f7c7171ae3257864a2b444504.yaml b/nuclei-templates/cve-less/plugins/libsyn-podcasting-4614ae1f7c7171ae3257864a2b444504.yaml new file mode 100644 index 0000000000..7b36e1337c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/libsyn-podcasting-4614ae1f7c7171ae3257864a2b444504.yaml @@ -0,0 +1,58 @@ +id: libsyn-podcasting-4614ae1f7c7171ae3257864a2b444504 + +info: + name: > + Libsyn Publisher Hub <= 1.4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24be03a7-4632-4bb1-beb9-d83abdd363b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/libsyn-podcasting/" + google-query: inurl:"/wp-content/plugins/libsyn-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,libsyn-podcasting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/libsyn-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "libsyn-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/libsyn-podcasting-5c39e614f4c21b0d8aa062440989ce22.yaml b/nuclei-templates/cve-less/plugins/libsyn-podcasting-5c39e614f4c21b0d8aa062440989ce22.yaml new file mode 100644 index 0000000000..f52210470c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/libsyn-podcasting-5c39e614f4c21b0d8aa062440989ce22.yaml @@ -0,0 +1,58 @@ +id: libsyn-podcasting-5c39e614f4c21b0d8aa062440989ce22 + +info: + name: > + Libsyn Publisher Hub <= 1.4.4 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bccefbe-2d20-40a7-b24f-d867d80250e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/libsyn-podcasting/" + google-query: inurl:"/wp-content/plugins/libsyn-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,libsyn-podcasting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/libsyn-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "libsyn-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/libsyn-podcasting-61f36ff0df93fb03b2b83d8b189aa894.yaml b/nuclei-templates/cve-less/plugins/libsyn-podcasting-61f36ff0df93fb03b2b83d8b189aa894.yaml new file mode 100644 index 0000000000..dc75ecf2a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/libsyn-podcasting-61f36ff0df93fb03b2b83d8b189aa894.yaml @@ -0,0 +1,58 @@ +id: libsyn-podcasting-61f36ff0df93fb03b2b83d8b189aa894 + +info: + name: > + Libsyn Publisher Hub <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b581c4d-a95f-4922-95bb-15f24010ca34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/libsyn-podcasting/" + google-query: inurl:"/wp-content/plugins/libsyn-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,libsyn-podcasting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/libsyn-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "libsyn-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/libsyn-podcasting-6e94c2720ffeb0d7aea3042093ebf4ec.yaml b/nuclei-templates/cve-less/plugins/libsyn-podcasting-6e94c2720ffeb0d7aea3042093ebf4ec.yaml new file mode 100644 index 0000000000..f9f64e2a06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/libsyn-podcasting-6e94c2720ffeb0d7aea3042093ebf4ec.yaml @@ -0,0 +1,58 @@ +id: libsyn-podcasting-6e94c2720ffeb0d7aea3042093ebf4ec + +info: + name: > + Libsyn Publisher Hub <= 1.3.2 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbafdc15-cf42-4a12-bd79-5c602ce10625?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/libsyn-podcasting/" + google-query: inurl:"/wp-content/plugins/libsyn-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,libsyn-podcasting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/libsyn-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "libsyn-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/license-manager-for-woocommerce-c66ec1dc83585f4762c2bc3e6a57c02b.yaml b/nuclei-templates/cve-less/plugins/license-manager-for-woocommerce-c66ec1dc83585f4762c2bc3e6a57c02b.yaml new file mode 100644 index 0000000000..95d886c860 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/license-manager-for-woocommerce-c66ec1dc83585f4762c2bc3e6a57c02b.yaml @@ -0,0 +1,58 @@ +id: license-manager-for-woocommerce-c66ec1dc83585f4762c2bc3e6a57c02b + +info: + name: > + License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09597618-8695-4631-8c3b-4e7580d58c86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/license-manager-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/license-manager-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,license-manager-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/license-manager-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "license-manager-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lifterlms-164e2c0c315709a0cb3bf1d13c08e3b1.yaml b/nuclei-templates/cve-less/plugins/lifterlms-164e2c0c315709a0cb3bf1d13c08e3b1.yaml new file mode 100644 index 0000000000..7c2011531d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lifterlms-164e2c0c315709a0cb3bf1d13c08e3b1.yaml @@ -0,0 +1,58 @@ +id: lifterlms-164e2c0c315709a0cb3bf1d13c08e3b1 + +info: + name: > + LMS by LifterLMS <= 3.35.0 - Stored Cross-Site Scripting via Import + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fa04a97-0be1-4710-ae97-5820ccbddc1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lifterlms/" + google-query: inurl:"/wp-content/plugins/lifterlms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lifterlms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lifterlms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lifterlms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.35.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lifterlms-40270377df18382f5029626c6b47720b.yaml b/nuclei-templates/cve-less/plugins/lifterlms-40270377df18382f5029626c6b47720b.yaml new file mode 100644 index 0000000000..c264099252 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lifterlms-40270377df18382f5029626c6b47720b.yaml @@ -0,0 +1,58 @@ +id: lifterlms-40270377df18382f5029626c6b47720b + +info: + name: > + LifterLMS <= 7.4.2 - Authenticated(Administrator+) Directory Traversal to Arbitrary CSV File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d0fcd82-6d4a-454f-8056-a896e8d41d00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lifterlms/" + google-query: inurl:"/wp-content/plugins/lifterlms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lifterlms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lifterlms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lifterlms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lifterlms-7a853f0d8892e49dad6311d7c02311c7.yaml b/nuclei-templates/cve-less/plugins/lifterlms-7a853f0d8892e49dad6311d7c02311c7.yaml new file mode 100644 index 0000000000..9a3be7dd7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lifterlms-7a853f0d8892e49dad6311d7c02311c7.yaml @@ -0,0 +1,58 @@ +id: lifterlms-7a853f0d8892e49dad6311d7c02311c7 + +info: + name: > + LifterLMS Wordpress Plugin <= 3.37.14 - Arbitrary File Write + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b39f4467-4764-4850-bdcc-b359a6544b42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lifterlms/" + google-query: inurl:"/wp-content/plugins/lifterlms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lifterlms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lifterlms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lifterlms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.37.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lifterlms-93461439abae08e1620c6e9fa8825bb9.yaml b/nuclei-templates/cve-less/plugins/lifterlms-93461439abae08e1620c6e9fa8825bb9.yaml new file mode 100644 index 0000000000..88c7a8d31a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lifterlms-93461439abae08e1620c6e9fa8825bb9.yaml @@ -0,0 +1,58 @@ +id: lifterlms-93461439abae08e1620c6e9fa8825bb9 + +info: + name: > + LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin <= 4.21.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86b54c46-a637-4fc4-8d48-a02383c9814b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lifterlms/" + google-query: inurl:"/wp-content/plugins/lifterlms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lifterlms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lifterlms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lifterlms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.21.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lifterlms-a12053c70cb8a7dc00df12e53f227856.yaml b/nuclei-templates/cve-less/plugins/lifterlms-a12053c70cb8a7dc00df12e53f227856.yaml new file mode 100644 index 0000000000..0fd744f807 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lifterlms-a12053c70cb8a7dc00df12e53f227856.yaml @@ -0,0 +1,58 @@ +id: lifterlms-a12053c70cb8a7dc00df12e53f227856 + +info: + name: > + LifterLMS – WordPress LMS Plugin for eLearning <= 7.5.1 - Missing Authorization via process_review + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1f41400-5c59-444d-9c1e-121e83449521?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lifterlms/" + google-query: inurl:"/wp-content/plugins/lifterlms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lifterlms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lifterlms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lifterlms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lifterlms-bab5c3b1fc1e564a5e35a65a5e2e3c52.yaml b/nuclei-templates/cve-less/plugins/lifterlms-bab5c3b1fc1e564a5e35a65a5e2e3c52.yaml new file mode 100644 index 0000000000..20af807672 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lifterlms-bab5c3b1fc1e564a5e35a65a5e2e3c52.yaml @@ -0,0 +1,58 @@ +id: lifterlms-bab5c3b1fc1e564a5e35a65a5e2e3c52 + +info: + name: > + LifterLMS <= 7.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22842e7a-9cbb-4b29-b4cb-7d9b8d6b7b1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lifterlms/" + google-query: inurl:"/wp-content/plugins/lifterlms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lifterlms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lifterlms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lifterlms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lifterlms-fd8cf6722d31c028cb6e31b0f3dd50d0.yaml b/nuclei-templates/cve-less/plugins/lifterlms-fd8cf6722d31c028cb6e31b0f3dd50d0.yaml new file mode 100644 index 0000000000..7df3a8a741 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lifterlms-fd8cf6722d31c028cb6e31b0f3dd50d0.yaml @@ -0,0 +1,58 @@ +id: lifterlms-fd8cf6722d31c028cb6e31b0f3dd50d0 + +info: + name: > + LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress < 4.21.2 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9057fc2-f346-47e5-964a-f3c5b1653c03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lifterlms/" + google-query: inurl:"/wp-content/plugins/lifterlms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lifterlms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lifterlms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lifterlms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.21.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lifterlms-gateway-paypal-a2c108cd8ca415a76c874f9ce93de755.yaml b/nuclei-templates/cve-less/plugins/lifterlms-gateway-paypal-a2c108cd8ca415a76c874f9ce93de755.yaml new file mode 100644 index 0000000000..be3a6081a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lifterlms-gateway-paypal-a2c108cd8ca415a76c874f9ce93de755.yaml @@ -0,0 +1,58 @@ +id: lifterlms-gateway-paypal-a2c108cd8ca415a76c874f9ce93de755 + +info: + name: > + LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d063374-ecb2-41de-872d-18f94aac7e03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lifterlms-gateway-paypal/" + google-query: inurl:"/wp-content/plugins/lifterlms-gateway-paypal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lifterlms-gateway-paypal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lifterlms-gateway-paypal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lifterlms-gateway-paypal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/light-messages-4241318cd929615a02a622c5e7416212.yaml b/nuclei-templates/cve-less/plugins/light-messages-4241318cd929615a02a622c5e7416212.yaml new file mode 100644 index 0000000000..6ec4d70e77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/light-messages-4241318cd929615a02a622c5e7416212.yaml @@ -0,0 +1,58 @@ +id: light-messages-4241318cd929615a02a622c5e7416212 + +info: + name: > + Light Messages <= 1.0 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f49cafe0-2caf-4148-b7c9-1b78bbfba6e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/light-messages/" + google-query: inurl:"/wp-content/plugins/light-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,light-messages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/light-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "light-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lightbox-gallery-6dc5d6d271c910589d9f7947458f0df6.yaml b/nuclei-templates/cve-less/plugins/lightbox-gallery-6dc5d6d271c910589d9f7947458f0df6.yaml new file mode 100644 index 0000000000..d8e0b1d5db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lightbox-gallery-6dc5d6d271c910589d9f7947458f0df6.yaml @@ -0,0 +1,58 @@ +id: lightbox-gallery-6dc5d6d271c910589d9f7947458f0df6 + +info: + name: > + Lightbox Gallery <= 0.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8781ed1-6609-4965-9ba2-30e70eac1c1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lightbox-gallery/" + google-query: inurl:"/wp-content/plugins/lightbox-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lightbox-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lightbox-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lightbox-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lightbox-photo-gallery-ce24f7f3b0bffd6ade8af3419aeed5c0.yaml b/nuclei-templates/cve-less/plugins/lightbox-photo-gallery-ce24f7f3b0bffd6ade8af3419aeed5c0.yaml new file mode 100644 index 0000000000..494cbee9a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lightbox-photo-gallery-ce24f7f3b0bffd6ade8af3419aeed5c0.yaml @@ -0,0 +1,58 @@ +id: lightbox-photo-gallery-ce24f7f3b0bffd6ade8af3419aeed5c0 + +info: + name: > + Lightbox Photo Gallery <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64fd32a1-da2a-42db-9597-06366a34f543?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lightbox-photo-gallery/" + google-query: inurl:"/wp-content/plugins/lightbox-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lightbox-photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lightbox-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lightbox-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lightbox-plus-eea39cdb903f15de3e0223c1c0ebeecf.yaml b/nuclei-templates/cve-less/plugins/lightbox-plus-eea39cdb903f15de3e0223c1c0ebeecf.yaml new file mode 100644 index 0000000000..ce211c4bae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lightbox-plus-eea39cdb903f15de3e0223c1c0ebeecf.yaml @@ -0,0 +1,58 @@ +id: lightbox-plus-eea39cdb903f15de3e0223c1c0ebeecf + +info: + name: > + Lightbox Plus <= 2.7.2 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dcd0c5a-757d-4256-ac0a-36620914bc45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lightbox-plus/" + google-query: inurl:"/wp-content/plugins/lightbox-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lightbox-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lightbox-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lightbox-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lightbox-popup-e990d85401ec922ea084ebafd475f1d6.yaml b/nuclei-templates/cve-less/plugins/lightbox-popup-e990d85401ec922ea084ebafd475f1d6.yaml new file mode 100644 index 0000000000..dca00ab9fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lightbox-popup-e990d85401ec922ea084ebafd475f1d6.yaml @@ -0,0 +1,58 @@ +id: lightbox-popup-e990d85401ec922ea084ebafd475f1d6 + +info: + name: > + Image and Video Lightbox, Image Popup <= 2.1.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1063ecb4-a0a0-47d9-8629-f4f6a29bf5c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lightbox-popup/" + google-query: inurl:"/wp-content/plugins/lightbox-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lightbox-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lightbox-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lightbox-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lightweight-accordion-85706ca0d20495fdfed005cc638cab53.yaml b/nuclei-templates/cve-less/plugins/lightweight-accordion-85706ca0d20495fdfed005cc638cab53.yaml new file mode 100644 index 0000000000..5c0f301607 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lightweight-accordion-85706ca0d20495fdfed005cc638cab53.yaml @@ -0,0 +1,58 @@ +id: lightweight-accordion-85706ca0d20495fdfed005cc638cab53 + +info: + name: > + Lightweight Accordion <= 1.5.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/545dae6b-7983-4f02-a9a0-0be8cf935a78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lightweight-accordion/" + google-query: inurl:"/wp-content/plugins/lightweight-accordion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lightweight-accordion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lightweight-accordion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lightweight-accordion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lightweight-accordion-e6a664a291db10911439b7200ec5f058.yaml b/nuclei-templates/cve-less/plugins/lightweight-accordion-e6a664a291db10911439b7200ec5f058.yaml new file mode 100644 index 0000000000..1e2a7f0adc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lightweight-accordion-e6a664a291db10911439b7200ec5f058.yaml @@ -0,0 +1,58 @@ +id: lightweight-accordion-e6a664a291db10911439b7200ec5f058 + +info: + name: > + Lightweight Accordion <= 1.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b38e7ec-6663-4253-9c60-61ed34be22c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lightweight-accordion/" + google-query: inurl:"/wp-content/plugins/lightweight-accordion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lightweight-accordion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lightweight-accordion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lightweight-accordion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/like-box-243adc14e5399e777d2255721eb66201.yaml b/nuclei-templates/cve-less/plugins/like-box-243adc14e5399e777d2255721eb66201.yaml new file mode 100644 index 0000000000..1d3679c4bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/like-box-243adc14e5399e777d2255721eb66201.yaml @@ -0,0 +1,58 @@ +id: like-box-243adc14e5399e777d2255721eb66201 + +info: + name: > + Social Like Box and Page by WpDevArt <= 0.8.39 - Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aec57fbd-83c5-4080-9372-66500c299afc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/like-box/" + google-query: inurl:"/wp-content/plugins/like-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,like-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/like-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "like-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/like-box-98df1be3acb90063bf3d77ddbcd92918.yaml b/nuclei-templates/cve-less/plugins/like-box-98df1be3acb90063bf3d77ddbcd92918.yaml new file mode 100644 index 0000000000..779a89da0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/like-box-98df1be3acb90063bf3d77ddbcd92918.yaml @@ -0,0 +1,58 @@ +id: like-box-98df1be3acb90063bf3d77ddbcd92918 + +info: + name: > + Social Like Box and Page by WpDevArt <= 0.8.40 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b084ba1c-0910-44f0-ad77-41552ec25589?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/like-box/" + google-query: inurl:"/wp-content/plugins/like-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,like-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/like-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "like-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/likebtn-like-button-7574ce3ad743a4e2a6c60be8d0253363.yaml b/nuclei-templates/cve-less/plugins/likebtn-like-button-7574ce3ad743a4e2a6c60be8d0253363.yaml new file mode 100644 index 0000000000..514d6450a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/likebtn-like-button-7574ce3ad743a4e2a6c60be8d0253363.yaml @@ -0,0 +1,58 @@ +id: likebtn-like-button-7574ce3ad743a4e2a6c60be8d0253363 + +info: + name: > + Like Button Rating ♥ LikeBtn < 2.6.32 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e22815e-1f06-4a46-90eb-98125ae97ba4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/likebtn-like-button/" + google-query: inurl:"/wp-content/plugins/likebtn-like-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,likebtn-like-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/likebtn-like-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "likebtn-like-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/likebtn-like-button-92e6b40557e12550c3bcd04a5869ae4b.yaml b/nuclei-templates/cve-less/plugins/likebtn-like-button-92e6b40557e12550c3bcd04a5869ae4b.yaml new file mode 100644 index 0000000000..2dedcc27fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/likebtn-like-button-92e6b40557e12550c3bcd04a5869ae4b.yaml @@ -0,0 +1,58 @@ +id: likebtn-like-button-92e6b40557e12550c3bcd04a5869ae4b + +info: + name: > + Like Button Rating ♥ LikeBtn <= 2.6.44 - Arbitrary e-mail Sending + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5b7b20d-d701-4146-b982-23d6be7a7ea0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/likebtn-like-button/" + google-query: inurl:"/wp-content/plugins/likebtn-like-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,likebtn-like-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/likebtn-like-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "likebtn-like-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/likebtn-like-button-cfa91e4d46accd79431b3f983037646f.yaml b/nuclei-templates/cve-less/plugins/likebtn-like-button-cfa91e4d46accd79431b3f983037646f.yaml new file mode 100644 index 0000000000..442ec16938 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/likebtn-like-button-cfa91e4d46accd79431b3f983037646f.yaml @@ -0,0 +1,58 @@ +id: likebtn-like-button-cfa91e4d46accd79431b3f983037646f + +info: + name: > + Like Button Rating <= 2.6.37 - Unauthorised Vote Export to Email & IP Addresses Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a19972e-6ff9-4d18-a327-5cafef96a637?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/likebtn-like-button/" + google-query: inurl:"/wp-content/plugins/likebtn-like-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,likebtn-like-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/likebtn-like-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "likebtn-like-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/limb-gallery-ba4f93258decf77226fa4331245d3364.yaml b/nuclei-templates/cve-less/plugins/limb-gallery-ba4f93258decf77226fa4331245d3364.yaml new file mode 100644 index 0000000000..c42cacce02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/limb-gallery-ba4f93258decf77226fa4331245d3364.yaml @@ -0,0 +1,58 @@ +id: limb-gallery-ba4f93258decf77226fa4331245d3364 + +info: + name: > + Limb Gallery – Create Beautiful Image & Video Galleries <= 1.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d55033fb-17a6-4b8d-87f4-1c102ef7dbcd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/limb-gallery/" + google-query: inurl:"/wp-content/plugins/limb-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,limb-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/limb-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "limb-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/limit-attempts-11bdd1e9de931e8eb6881e563e13ef54.yaml b/nuclei-templates/cve-less/plugins/limit-attempts-11bdd1e9de931e8eb6881e563e13ef54.yaml new file mode 100644 index 0000000000..17e969717c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/limit-attempts-11bdd1e9de931e8eb6881e563e13ef54.yaml @@ -0,0 +1,58 @@ +id: limit-attempts-11bdd1e9de931e8eb6881e563e13ef54 + +info: + name: > + Limit Attempts by BestWebSoft – WordPress Anti-Bot and Security Plugin for Login and Forms < 1.1.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1560b740-4018-4b08-9399-2fc87e16ea7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/limit-attempts/" + google-query: inurl:"/wp-content/plugins/limit-attempts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,limit-attempts,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/limit-attempts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "limit-attempts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/limit-login-attempts-377e66001fb8e84db9266941f39f3e9d.yaml b/nuclei-templates/cve-less/plugins/limit-login-attempts-377e66001fb8e84db9266941f39f3e9d.yaml new file mode 100644 index 0000000000..3e5957e525 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/limit-login-attempts-377e66001fb8e84db9266941f39f3e9d.yaml @@ -0,0 +1,58 @@ +id: limit-login-attempts-377e66001fb8e84db9266941f39f3e9d + +info: + name: > + Limit Login Attempts <= 1.7.1 - Authenticated(Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3334fc78-48c5-4cfa-ac83-5690fdbf590a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/limit-login-attempts/" + google-query: inurl:"/wp-content/plugins/limit-login-attempts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,limit-login-attempts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/limit-login-attempts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "limit-login-attempts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/limit-login-attempts-f0a7cf7b914e091c8c5cd4fb058e543f.yaml b/nuclei-templates/cve-less/plugins/limit-login-attempts-f0a7cf7b914e091c8c5cd4fb058e543f.yaml new file mode 100644 index 0000000000..22e15ba3db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/limit-login-attempts-f0a7cf7b914e091c8c5cd4fb058e543f.yaml @@ -0,0 +1,58 @@ +id: limit-login-attempts-f0a7cf7b914e091c8c5cd4fb058e543f + +info: + name: > + Limit Login Attempts <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb8c80fc-3b51-4003-b221-6f02e74bead0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/limit-login-attempts/" + google-query: inurl:"/wp-content/plugins/limit-login-attempts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,limit-login-attempts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/limit-login-attempts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "limit-login-attempts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/limit-login-attempts-f6d106888724001be47f0a5722bc1e1c.yaml b/nuclei-templates/cve-less/plugins/limit-login-attempts-f6d106888724001be47f0a5722bc1e1c.yaml new file mode 100644 index 0000000000..e0f0f368b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/limit-login-attempts-f6d106888724001be47f0a5722bc1e1c.yaml @@ -0,0 +1,58 @@ +id: limit-login-attempts-f6d106888724001be47f0a5722bc1e1c + +info: + name: > + Limit Login Attempts <= 1.7.0 - Brute Force Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee702ee5-d1de-4b25-8c2d-f47cc4ad076b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/limit-login-attempts/" + google-query: inurl:"/wp-content/plugins/limit-login-attempts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,limit-login-attempts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/limit-login-attempts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "limit-login-attempts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-7a57fe35ffcd96f9b7d9e37175b67bfc.yaml b/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-7a57fe35ffcd96f9b7d9e37175b67bfc.yaml new file mode 100644 index 0000000000..4a1f6f83f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-7a57fe35ffcd96f9b7d9e37175b67bfc.yaml @@ -0,0 +1,58 @@ +id: limit-login-attempts-reloaded-7a57fe35ffcd96f9b7d9e37175b67bfc + +info: + name: > + Limit Login Attempts Reloaded <= 2.17.3 - Login Rate Limiting Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/669c50b8-316c-4f63-8b78-361cfcfd4d5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/limit-login-attempts-reloaded/" + google-query: inurl:"/wp-content/plugins/limit-login-attempts-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,limit-login-attempts-reloaded,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/limit-login-attempts-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "limit-login-attempts-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.17.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-83eca41cb757159390f58937921ee2df.yaml b/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-83eca41cb757159390f58937921ee2df.yaml new file mode 100644 index 0000000000..513b2c2592 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-83eca41cb757159390f58937921ee2df.yaml @@ -0,0 +1,58 @@ +id: limit-login-attempts-reloaded-83eca41cb757159390f58937921ee2df + +info: + name: > + Limit Login Attempts Reloaded <= 2.25.25 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1df31843-0af7-486c-b0aa-4eaf72a7e70f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/limit-login-attempts-reloaded/" + google-query: inurl:"/wp-content/plugins/limit-login-attempts-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,limit-login-attempts-reloaded,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/limit-login-attempts-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "limit-login-attempts-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-b0fbe8ed2bd5ede12fc8dff6720e9fab.yaml b/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-b0fbe8ed2bd5ede12fc8dff6720e9fab.yaml new file mode 100644 index 0000000000..4f07bee968 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-b0fbe8ed2bd5ede12fc8dff6720e9fab.yaml @@ -0,0 +1,58 @@ +id: limit-login-attempts-reloaded-b0fbe8ed2bd5ede12fc8dff6720e9fab + +info: + name: > + Limit Login Attempts Reloaded <= 2.25.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/906049c0-4710-47aa-bf44-cdf29032dc1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/limit-login-attempts-reloaded/" + google-query: inurl:"/wp-content/plugins/limit-login-attempts-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,limit-login-attempts-reloaded,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/limit-login-attempts-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "limit-login-attempts-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-ea959a771940391e9a366a8cf4f552bc.yaml b/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-ea959a771940391e9a366a8cf4f552bc.yaml new file mode 100644 index 0000000000..01a6e52dce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/limit-login-attempts-reloaded-ea959a771940391e9a366a8cf4f552bc.yaml @@ -0,0 +1,58 @@ +id: limit-login-attempts-reloaded-ea959a771940391e9a366a8cf4f552bc + +info: + name: > + Limit Login Attempts Reloaded <= 2.15.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a052ca1-2c2c-4c8a-9213-5f01b0fa70dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/limit-login-attempts-reloaded/" + google-query: inurl:"/wp-content/plugins/limit-login-attempts-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,limit-login-attempts-reloaded,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/limit-login-attempts-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "limit-login-attempts-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-juice-keeper-3ca3d61f633582fe10aacbed8816c6e5.yaml b/nuclei-templates/cve-less/plugins/link-juice-keeper-3ca3d61f633582fe10aacbed8816c6e5.yaml new file mode 100644 index 0000000000..53c1a12451 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-juice-keeper-3ca3d61f633582fe10aacbed8816c6e5.yaml @@ -0,0 +1,58 @@ +id: link-juice-keeper-3ca3d61f633582fe10aacbed8816c6e5 + +info: + name: > + Link Juice Keeper <= 2.0.2 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06511129-fb43-4ac1-9f5d-c637c9577293?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-juice-keeper/" + google-query: inurl:"/wp-content/plugins/link-juice-keeper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-juice-keeper,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-juice-keeper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-juice-keeper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-library-1c985f1116559af8ca42f803d48b129d.yaml b/nuclei-templates/cve-less/plugins/link-library-1c985f1116559af8ca42f803d48b129d.yaml new file mode 100644 index 0000000000..6b6d800dcc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-library-1c985f1116559af8ca42f803d48b129d.yaml @@ -0,0 +1,58 @@ +id: link-library-1c985f1116559af8ca42f803d48b129d + +info: + name: > + Link Library <= 7.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf0bbd5e-0fec-445e-9baa-e383524da648?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-library/" + google-query: inurl:"/wp-content/plugins/link-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-library,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-library-45cc93dab6d9a9c50a4569ff06d10d7a.yaml b/nuclei-templates/cve-less/plugins/link-library-45cc93dab6d9a9c50a4569ff06d10d7a.yaml new file mode 100644 index 0000000000..fa75e8102e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-library-45cc93dab6d9a9c50a4569ff06d10d7a.yaml @@ -0,0 +1,58 @@ +id: link-library-45cc93dab6d9a9c50a4569ff06d10d7a + +info: + name: > + Link Library <= 7.2.7 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27d0f627-aeee-46de-a319-861af00fdbf4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-library/" + google-query: inurl:"/wp-content/plugins/link-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-library,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-library-56c2ef2b70cad0dbe9025809ba135de2.yaml b/nuclei-templates/cve-less/plugins/link-library-56c2ef2b70cad0dbe9025809ba135de2.yaml new file mode 100644 index 0000000000..c570e56a46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-library-56c2ef2b70cad0dbe9025809ba135de2.yaml @@ -0,0 +1,58 @@ +id: link-library-56c2ef2b70cad0dbe9025809ba135de2 + +info: + name: > + Link Library <= 7.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via link-library Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30c9c4b9-6905-4d8a-bc55-5cd6f6201d25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-library/" + google-query: inurl:"/wp-content/plugins/link-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-library,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-library-63da1e8a7d368a237a74bc6e90977e1d.yaml b/nuclei-templates/cve-less/plugins/link-library-63da1e8a7d368a237a74bc6e90977e1d.yaml new file mode 100644 index 0000000000..cf00316e98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-library-63da1e8a7d368a237a74bc6e90977e1d.yaml @@ -0,0 +1,58 @@ +id: link-library-63da1e8a7d368a237a74bc6e90977e1d + +info: + name: > + Link Library <= 7.6.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b93af9cc-cd9a-4bbb-8cb1-bf45c59e469c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-library/" + google-query: inurl:"/wp-content/plugins/link-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-library,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-library-89d3c8a11ff10e6756f75032f0181833.yaml b/nuclei-templates/cve-less/plugins/link-library-89d3c8a11ff10e6756f75032f0181833.yaml new file mode 100644 index 0000000000..627a2a2408 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-library-89d3c8a11ff10e6756f75032f0181833.yaml @@ -0,0 +1,58 @@ +id: link-library-89d3c8a11ff10e6756f75032f0181833 + +info: + name: > + Link Library <= 7.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8e6bfd4-9003-4ac6-96a1-0c7024b2a800?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-library/" + google-query: inurl:"/wp-content/plugins/link-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-library,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-library-8eaf2fbb99993016796df5f74fcedae5.yaml b/nuclei-templates/cve-less/plugins/link-library-8eaf2fbb99993016796df5f74fcedae5.yaml new file mode 100644 index 0000000000..008fd88353 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-library-8eaf2fbb99993016796df5f74fcedae5.yaml @@ -0,0 +1,58 @@ +id: link-library-8eaf2fbb99993016796df5f74fcedae5 + +info: + name: > + Link Library <= 7.6 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/407a5c69-cce0-4868-aef0-ffc88981e256?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-library/" + google-query: inurl:"/wp-content/plugins/link-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-library,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-library-9f1eb3ba72f073c220b0aca4f3eab325.yaml b/nuclei-templates/cve-less/plugins/link-library-9f1eb3ba72f073c220b0aca4f3eab325.yaml new file mode 100644 index 0000000000..bc11132d26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-library-9f1eb3ba72f073c220b0aca4f3eab325.yaml @@ -0,0 +1,58 @@ +id: link-library-9f1eb3ba72f073c220b0aca4f3eab325 + +info: + name: > + Link Library <= 7.5.13 - Cross-Site Request Forgery via action_admin_init + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fefe4499-8b03-4c07-b248-ae0ae5153b4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-library/" + google-query: inurl:"/wp-content/plugins/link-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-library,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-library-bdfe22a56a0cb4f7b1af5e93a2693981.yaml b/nuclei-templates/cve-less/plugins/link-library-bdfe22a56a0cb4f7b1af5e93a2693981.yaml new file mode 100644 index 0000000000..cad07edcc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-library-bdfe22a56a0cb4f7b1af5e93a2693981.yaml @@ -0,0 +1,58 @@ +id: link-library-bdfe22a56a0cb4f7b1af5e93a2693981 + +info: + name: > + Link Library <= 7.5.13 - Reflected Cross-Site Scripting via 'link_price' and 'link_tags' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d5f9d2e-6719-4ce7-bbdd-afaf437bd080?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-library/" + google-query: inurl:"/wp-content/plugins/link-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-library,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-library-dafcf72bc7ea7f4d11e003315c8b31d1.yaml b/nuclei-templates/cve-less/plugins/link-library-dafcf72bc7ea7f4d11e003315c8b31d1.yaml new file mode 100644 index 0000000000..ae9a30b408 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-library-dafcf72bc7ea7f4d11e003315c8b31d1.yaml @@ -0,0 +1,58 @@ +id: link-library-dafcf72bc7ea7f4d11e003315c8b31d1 + +info: + name: > + Link Library <= 7.2.7 - Cross-Site Request Forgery to Library Settings Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd1fc89f-b0f0-43a3-a311-07a79232a3ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-library/" + google-query: inurl:"/wp-content/plugins/link-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-library,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-library-ed114df4f201bdff927450bdcae78049.yaml b/nuclei-templates/cve-less/plugins/link-library-ed114df4f201bdff927450bdcae78049.yaml new file mode 100644 index 0000000000..054a00ddad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-library-ed114df4f201bdff927450bdcae78049.yaml @@ -0,0 +1,58 @@ +id: link-library-ed114df4f201bdff927450bdcae78049 + +info: + name: > + Link Library <= 7.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e43b327-c141-480e-a5b2-bba179b3e0a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-library/" + google-query: inurl:"/wp-content/plugins/link-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-library,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-list-manager-3aa9bc9584cc58690e73b867607b46c9.yaml b/nuclei-templates/cve-less/plugins/link-list-manager-3aa9bc9584cc58690e73b867607b46c9.yaml new file mode 100644 index 0000000000..c056b16344 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-list-manager-3aa9bc9584cc58690e73b867607b46c9.yaml @@ -0,0 +1,58 @@ +id: link-list-manager-3aa9bc9584cc58690e73b867607b46c9 + +info: + name: > + link-list-manager <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd28e5cc-94a2-4a0f-a795-7c2ddb01c35a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-list-manager/" + google-query: inurl:"/wp-content/plugins/link-list-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-list-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-list-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-list-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-log-1ed30559c3d0fe2013efce706a1a0591.yaml b/nuclei-templates/cve-less/plugins/link-log-1ed30559c3d0fe2013efce706a1a0591.yaml new file mode 100644 index 0000000000..c9ca8399a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-log-1ed30559c3d0fe2013efce706a1a0591.yaml @@ -0,0 +1,58 @@ +id: link-log-1ed30559c3d0fe2013efce706a1a0591 + +info: + name: > + Link Log – external link click monitor < 2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8088547-650f-41b1-bb53-18be38f4aeb2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-log/" + google-query: inurl:"/wp-content/plugins/link-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-log,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-log-200b4a20000c02e3ddb71f780d4da533.yaml b/nuclei-templates/cve-less/plugins/link-log-200b4a20000c02e3ddb71f780d4da533.yaml new file mode 100644 index 0000000000..954ad1e5a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-log-200b4a20000c02e3ddb71f780d4da533.yaml @@ -0,0 +1,58 @@ +id: link-log-200b4a20000c02e3ddb71f780d4da533 + +info: + name: > + Link Log – external link click monitor <= 1.4 - HTTP Response Splitting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71371a44-fed4-4aea-9f86-a37ca26a57b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-log/" + google-query: inurl:"/wp-content/plugins/link-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-log-a70d444a7f2c0c5012e01420603941d1.yaml b/nuclei-templates/cve-less/plugins/link-log-a70d444a7f2c0c5012e01420603941d1.yaml new file mode 100644 index 0000000000..cdbc6aad5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-log-a70d444a7f2c0c5012e01420603941d1.yaml @@ -0,0 +1,58 @@ +id: link-log-a70d444a7f2c0c5012e01420603941d1 + +info: + name: > + Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c1811f7-0fb4-4f50-93ac-6abd9e6a1d66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-log/" + google-query: inurl:"/wp-content/plugins/link-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-log-f462ad6f4474c107cb4e1555ab936edc.yaml b/nuclei-templates/cve-less/plugins/link-log-f462ad6f4474c107cb4e1555ab936edc.yaml new file mode 100644 index 0000000000..aae0ebbc94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-log-f462ad6f4474c107cb4e1555ab936edc.yaml @@ -0,0 +1,58 @@ +id: link-log-f462ad6f4474c107cb4e1555ab936edc + +info: + name: > + Smart External Link Click Monitor [Link Log] <= 5.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d062bc7b-0cb0-46bd-b203-90cc9a44a403?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-log/" + google-query: inurl:"/wp-content/plugins/link-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-log,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-optimizer-lite-7c00a992b189dd605d955a517ab5ff4b.yaml b/nuclei-templates/cve-less/plugins/link-optimizer-lite-7c00a992b189dd605d955a517ab5ff4b.yaml new file mode 100644 index 0000000000..d4e9abc0cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-optimizer-lite-7c00a992b189dd605d955a517ab5ff4b.yaml @@ -0,0 +1,58 @@ +id: link-optimizer-lite-7c00a992b189dd605d955a517ab5ff4b + +info: + name: > + Link Optimizer Lite <= 1.4.5 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca64692b-b194-4ceb-975e-72e4041252f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-optimizer-lite/" + google-query: inurl:"/wp-content/plugins/link-optimizer-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-optimizer-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-optimizer-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-optimizer-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-party-422a9545144ac220769577361c25c2cd.yaml b/nuclei-templates/cve-less/plugins/link-party-422a9545144ac220769577361c25c2cd.yaml new file mode 100644 index 0000000000..175277949e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-party-422a9545144ac220769577361c25c2cd.yaml @@ -0,0 +1,58 @@ +id: link-party-422a9545144ac220769577361c25c2cd + +info: + name: > + illi Link Party! <= 1.0 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acd6b604-45dd-4688-a9b9-fabb12c418e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-party/" + google-query: inurl:"/wp-content/plugins/link-party/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-party,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-party/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-party" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-party-4fbe78a27e0a415c3958fe330e75a188.yaml b/nuclei-templates/cve-less/plugins/link-party-4fbe78a27e0a415c3958fe330e75a188.yaml new file mode 100644 index 0000000000..d55df56f78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-party-4fbe78a27e0a415c3958fe330e75a188.yaml @@ -0,0 +1,58 @@ +id: link-party-4fbe78a27e0a415c3958fe330e75a188 + +info: + name: > + illi Link Party! <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbf193ef-e172-4fe3-9bff-b5cbac9adb54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-party/" + google-query: inurl:"/wp-content/plugins/link-party/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-party,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-party/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-party" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-party-a8c0b404c2334a1ce94afe05ce1ef335.yaml b/nuclei-templates/cve-less/plugins/link-party-a8c0b404c2334a1ce94afe05ce1ef335.yaml new file mode 100644 index 0000000000..f81aa89695 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-party-a8c0b404c2334a1ce94afe05ce1ef335.yaml @@ -0,0 +1,58 @@ +id: link-party-a8c0b404c2334a1ce94afe05ce1ef335 + +info: + name: > + illi Link Party! <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Link Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d68293a-b98b-41e0-9f79-ccd2c0108e82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-party/" + google-query: inurl:"/wp-content/plugins/link-party/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-party,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-party/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-party" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-party-b3db63dd3833de216814572046aef4ca.yaml b/nuclei-templates/cve-less/plugins/link-party-b3db63dd3833de216814572046aef4ca.yaml new file mode 100644 index 0000000000..c05bbba0bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-party-b3db63dd3833de216814572046aef4ca.yaml @@ -0,0 +1,58 @@ +id: link-party-b3db63dd3833de216814572046aef4ca + +info: + name: > + illi Link Party! <= 1.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9df6d75b-a141-41a8-b965-6be7acee582d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-party/" + google-query: inurl:"/wp-content/plugins/link-party/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-party,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-party/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-party" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-whisper-c53a6d31c98dcde7fc34b4079f07942b.yaml b/nuclei-templates/cve-less/plugins/link-whisper-c53a6d31c98dcde7fc34b4079f07942b.yaml new file mode 100644 index 0000000000..b53018b859 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-whisper-c53a6d31c98dcde7fc34b4079f07942b.yaml @@ -0,0 +1,58 @@ +id: link-whisper-c53a6d31c98dcde7fc34b4079f07942b + +info: + name: > + Link Whisper Free <= 0.7.1 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d5dd7cd-f96a-48df-a553-be5e59d8290f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-whisper/" + google-query: inurl:"/wp-content/plugins/link-whisper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-whisper,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-whisper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-whisper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-whisper-c7031edc7c8c818eb8b6f1853fee01eb.yaml b/nuclei-templates/cve-less/plugins/link-whisper-c7031edc7c8c818eb8b6f1853fee01eb.yaml new file mode 100644 index 0000000000..9e1c7499ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-whisper-c7031edc7c8c818eb8b6f1853fee01eb.yaml @@ -0,0 +1,58 @@ +id: link-whisper-c7031edc7c8c818eb8b6f1853fee01eb + +info: + name: > + Link Whisper Free <= 0.6.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d567665-543c-4a6b-bb07-9388fea09ee9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-whisper/" + google-query: inurl:"/wp-content/plugins/link-whisper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-whisper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-whisper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-whisper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-whisper-cc953220a3ab9360fc3b920e9df2ed7f.yaml b/nuclei-templates/cve-less/plugins/link-whisper-cc953220a3ab9360fc3b920e9df2ed7f.yaml new file mode 100644 index 0000000000..6854d1a113 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-whisper-cc953220a3ab9360fc3b920e9df2ed7f.yaml @@ -0,0 +1,58 @@ +id: link-whisper-cc953220a3ab9360fc3b920e9df2ed7f + +info: + name: > + Link Whisper Free <= 0.6.9 + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8155585e-c29c-484c-ab2e-371b5723539e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-whisper/" + google-query: inurl:"/wp-content/plugins/link-whisper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-whisper,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-whisper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-whisper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-whisper-da040359bca67615913785734db30059.yaml b/nuclei-templates/cve-less/plugins/link-whisper-da040359bca67615913785734db30059.yaml new file mode 100644 index 0000000000..7c0f3673fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-whisper-da040359bca67615913785734db30059.yaml @@ -0,0 +1,58 @@ +id: link-whisper-da040359bca67615913785734db30059 + +info: + name: > + Link Whisper Free <= 0.6.5 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5e26a56-bba0-4204-bcb7-c5ec123a9b2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-whisper/" + google-query: inurl:"/wp-content/plugins/link-whisper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-whisper,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-whisper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-whisper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/link-whisper-efbea6db4c4deaef4b1a0846e33065cf.yaml b/nuclei-templates/cve-less/plugins/link-whisper-efbea6db4c4deaef4b1a0846e33065cf.yaml new file mode 100644 index 0000000000..c45a38c47d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/link-whisper-efbea6db4c4deaef4b1a0846e33065cf.yaml @@ -0,0 +1,58 @@ +id: link-whisper-efbea6db4c4deaef4b1a0846e33065cf + +info: + name: > + Link Whisper Free <= 0.6.3 - Missing Authorization via init() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29b09367-6a27-4024-a71c-233aaee6c310?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/link-whisper/" + google-query: inurl:"/wp-content/plugins/link-whisper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,link-whisper,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/link-whisper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "link-whisper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/linker-dc961a43bf6645987863e2268d4c98e4.yaml b/nuclei-templates/cve-less/plugins/linker-dc961a43bf6645987863e2268d4c98e4.yaml new file mode 100644 index 0000000000..43f6bbb5f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/linker-dc961a43bf6645987863e2268d4c98e4.yaml @@ -0,0 +1,58 @@ +id: linker-dc961a43bf6645987863e2268d4c98e4 + +info: + name: > + Linker <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3fd620a3-5d9e-4bc3-b026-871610df7c2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/linker/" + google-query: inurl:"/wp-content/plugins/linker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,linker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/linker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "linker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/linkworth-wp-plugin-9ed1e670781ff936317a3cc7c1d9dd47.yaml b/nuclei-templates/cve-less/plugins/linkworth-wp-plugin-9ed1e670781ff936317a3cc7c1d9dd47.yaml new file mode 100644 index 0000000000..469192e4ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/linkworth-wp-plugin-9ed1e670781ff936317a3cc7c1d9dd47.yaml @@ -0,0 +1,58 @@ +id: linkworth-wp-plugin-9ed1e670781ff936317a3cc7c1d9dd47 + +info: + name: > + LinkWorth plugin <= 3.3.3 - Cross-Site Request Forgery to Plugin Setting Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e0fd44d-e152-4883-a734-031f68e3ba97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/linkworth-wp-plugin/" + google-query: inurl:"/wp-content/plugins/linkworth-wp-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,linkworth-wp-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/linkworth-wp-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "linkworth-wp-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/liquid-speech-balloon-2fc40f0eebe24b9548355cb63270c890.yaml b/nuclei-templates/cve-less/plugins/liquid-speech-balloon-2fc40f0eebe24b9548355cb63270c890.yaml new file mode 100644 index 0000000000..30975587df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/liquid-speech-balloon-2fc40f0eebe24b9548355cb63270c890.yaml @@ -0,0 +1,58 @@ +id: liquid-speech-balloon-2fc40f0eebe24b9548355cb63270c890 + +info: + name: > + LIQUID SPEECH BALLOON < 1.0.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51b725e4-b088-4f6b-8810-87a39ca952ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/liquid-speech-balloon/" + google-query: inurl:"/wp-content/plugins/liquid-speech-balloon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,liquid-speech-balloon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/liquid-speech-balloon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "liquid-speech-balloon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/liquid-speech-balloon-5e0407cf5324ea7a57b720b722b3c657.yaml b/nuclei-templates/cve-less/plugins/liquid-speech-balloon-5e0407cf5324ea7a57b720b722b3c657.yaml new file mode 100644 index 0000000000..ea4004a882 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/liquid-speech-balloon-5e0407cf5324ea7a57b720b722b3c657.yaml @@ -0,0 +1,58 @@ +id: liquid-speech-balloon-5e0407cf5324ea7a57b720b722b3c657 + +info: + name: > + LIQUID SPEECH BALLOON <= 1.1.8 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23980e13-b632-43ec-938e-8171884cb87b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/liquid-speech-balloon/" + google-query: inurl:"/wp-content/plugins/liquid-speech-balloon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,liquid-speech-balloon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/liquid-speech-balloon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "liquid-speech-balloon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/list-all-posts-by-authors-nested-categories-and-titles-802be145d30a4aee303b74232b95831e.yaml b/nuclei-templates/cve-less/plugins/list-all-posts-by-authors-nested-categories-and-titles-802be145d30a4aee303b74232b95831e.yaml new file mode 100644 index 0000000000..166c962d7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/list-all-posts-by-authors-nested-categories-and-titles-802be145d30a4aee303b74232b95831e.yaml @@ -0,0 +1,58 @@ +id: list-all-posts-by-authors-nested-categories-and-titles-802be145d30a4aee303b74232b95831e + +info: + name: > + List all posts by Authors, nested Categories and Title <= 2.8.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b84df5b-ff93-43b3-b9e4-cf963cf2af10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/list-all-posts-by-authors-nested-categories-and-titles/" + google-query: inurl:"/wp-content/plugins/list-all-posts-by-authors-nested-categories-and-titles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,list-all-posts-by-authors-nested-categories-and-titles,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/list-all-posts-by-authors-nested-categories-and-titles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "list-all-posts-by-authors-nested-categories-and-titles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/list-category-posts-3b8bb6063c635c2a8333462322de6a1f.yaml b/nuclei-templates/cve-less/plugins/list-category-posts-3b8bb6063c635c2a8333462322de6a1f.yaml new file mode 100644 index 0000000000..dae429295b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/list-category-posts-3b8bb6063c635c2a8333462322de6a1f.yaml @@ -0,0 +1,58 @@ +id: list-category-posts-3b8bb6063c635c2a8333462322de6a1f + +info: + name: > + List category posts <= 0.89.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a58cba26-a57e-4170-95bb-54ea7cfdb10c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/list-category-posts/" + google-query: inurl:"/wp-content/plugins/list-category-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,list-category-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/list-category-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "list-category-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.89.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/list-category-posts-7ec69e14aaa720fc8a2decec00730012.yaml b/nuclei-templates/cve-less/plugins/list-category-posts-7ec69e14aaa720fc8a2decec00730012.yaml new file mode 100644 index 0000000000..c0ad16f1c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/list-category-posts-7ec69e14aaa720fc8a2decec00730012.yaml @@ -0,0 +1,58 @@ +id: list-category-posts-7ec69e14aaa720fc8a2decec00730012 + +info: + name: > + List category posts <= 0.89.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/611871cc-737f-44e3-baf5-dbaa8bd8eb81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/list-category-posts/" + google-query: inurl:"/wp-content/plugins/list-category-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,list-category-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/list-category-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "list-category-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.89.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/list-custom-taxonomy-widget-53b64c2cc89e0070db555cf593bc5061.yaml b/nuclei-templates/cve-less/plugins/list-custom-taxonomy-widget-53b64c2cc89e0070db555cf593bc5061.yaml new file mode 100644 index 0000000000..f72fda90eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/list-custom-taxonomy-widget-53b64c2cc89e0070db555cf593bc5061.yaml @@ -0,0 +1,58 @@ +id: list-custom-taxonomy-widget-53b64c2cc89e0070db555cf593bc5061 + +info: + name: > + List Custom Taxonomy Widget <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35c5b1cd-053c-4e1d-994f-003b89d5ff62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/list-custom-taxonomy-widget/" + google-query: inurl:"/wp-content/plugins/list-custom-taxonomy-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,list-custom-taxonomy-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/list-custom-taxonomy-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "list-custom-taxonomy-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/list-pages-shortcode-b3a8e8167569aa6cba2a5950875c8b0e.yaml b/nuclei-templates/cve-less/plugins/list-pages-shortcode-b3a8e8167569aa6cba2a5950875c8b0e.yaml new file mode 100644 index 0000000000..2d528ddc06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/list-pages-shortcode-b3a8e8167569aa6cba2a5950875c8b0e.yaml @@ -0,0 +1,58 @@ +id: list-pages-shortcode-b3a8e8167569aa6cba2a5950875c8b0e + +info: + name: > + List Pages Shortcode <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac005402-0bac-453e-918d-b8a44abeff06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/list-pages-shortcode/" + google-query: inurl:"/wp-content/plugins/list-pages-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,list-pages-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/list-pages-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "list-pages-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/litespeed-cache-0436bd17a7ce2057f085dec6812cf1d3.yaml b/nuclei-templates/cve-less/plugins/litespeed-cache-0436bd17a7ce2057f085dec6812cf1d3.yaml new file mode 100644 index 0000000000..1934a08c8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/litespeed-cache-0436bd17a7ce2057f085dec6812cf1d3.yaml @@ -0,0 +1,58 @@ +id: litespeed-cache-0436bd17a7ce2057f085dec6812cf1d3 + +info: + name: > + LiteSpeed Cache <= 5.7 - Missing Authorization via update_cdn_status + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56d0658c-b6b5-4e01-9f5b-a53dd4e380d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/litespeed-cache/" + google-query: inurl:"/wp-content/plugins/litespeed-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,litespeed-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/litespeed-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "litespeed-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/litespeed-cache-303b76a4a36e60deb08e9b0d0435d79c.yaml b/nuclei-templates/cve-less/plugins/litespeed-cache-303b76a4a36e60deb08e9b0d0435d79c.yaml new file mode 100644 index 0000000000..83f0373c8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/litespeed-cache-303b76a4a36e60deb08e9b0d0435d79c.yaml @@ -0,0 +1,58 @@ +id: litespeed-cache-303b76a4a36e60deb08e9b0d0435d79c + +info: + name: > + LiteSpeed Cache <= 3.6 - Authenticated Stored Cross-Site Scripting via IP setting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cec5695-1fe5-4349-b78d-2e4f7d3b9908?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/litespeed-cache/" + google-query: inurl:"/wp-content/plugins/litespeed-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,litespeed-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/litespeed-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "litespeed-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/litespeed-cache-5164946a6f7e888f2eb2eb6be3f062ed.yaml b/nuclei-templates/cve-less/plugins/litespeed-cache-5164946a6f7e888f2eb2eb6be3f062ed.yaml new file mode 100644 index 0000000000..22c219f5ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/litespeed-cache-5164946a6f7e888f2eb2eb6be3f062ed.yaml @@ -0,0 +1,58 @@ +id: litespeed-cache-5164946a6f7e888f2eb2eb6be3f062ed + +info: + name: > + LiteSpeed Cache <= 4.4.3 - Reflected Cross-Site Scripting via qc_res + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82b48e39-4f8f-48b8-ba46-49e06bee2cc7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/litespeed-cache/" + google-query: inurl:"/wp-content/plugins/litespeed-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,litespeed-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/litespeed-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "litespeed-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.15', '<= 4.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/litespeed-cache-5a398aae9f8b9b2a378092433e37f0a2.yaml b/nuclei-templates/cve-less/plugins/litespeed-cache-5a398aae9f8b9b2a378092433e37f0a2.yaml new file mode 100644 index 0000000000..047b81c6d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/litespeed-cache-5a398aae9f8b9b2a378092433e37f0a2.yaml @@ -0,0 +1,58 @@ +id: litespeed-cache-5a398aae9f8b9b2a378092433e37f0a2 + +info: + name: > + LiteSpeed Cache <= 5.7 - Unauthenticated Stored Cross-Site Scripting via 'nameservers' and '_msg' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4c27c06-214a-4c20-80d0-b6b4d18737c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/litespeed-cache/" + google-query: inurl:"/wp-content/plugins/litespeed-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,litespeed-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/litespeed-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "litespeed-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/litespeed-cache-5f623b9be5a2d2349866b91146be2f95.yaml b/nuclei-templates/cve-less/plugins/litespeed-cache-5f623b9be5a2d2349866b91146be2f95.yaml new file mode 100644 index 0000000000..cad00d8090 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/litespeed-cache-5f623b9be5a2d2349866b91146be2f95.yaml @@ -0,0 +1,58 @@ +id: litespeed-cache-5f623b9be5a2d2349866b91146be2f95 + +info: + name: > + LiteSpeed Cache <= 4.4.3 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a82bffab-77c3-48e8-af84-39709bf0353b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/litespeed-cache/" + google-query: inurl:"/wp-content/plugins/litespeed-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,litespeed-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/litespeed-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "litespeed-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.15', '<= 4.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/litespeed-cache-e320d6afe142ff2886379823eb8759ba.yaml b/nuclei-templates/cve-less/plugins/litespeed-cache-e320d6afe142ff2886379823eb8759ba.yaml new file mode 100644 index 0000000000..64bc475d6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/litespeed-cache-e320d6afe142ff2886379823eb8759ba.yaml @@ -0,0 +1,58 @@ +id: litespeed-cache-e320d6afe142ff2886379823eb8759ba + +info: + name: > + LiteSpeed Cache <= 5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27026f0f-c85e-4409-9973-4b9cb8a90da5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/litespeed-cache/" + google-query: inurl:"/wp-content/plugins/litespeed-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,litespeed-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/litespeed-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "litespeed-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/litespeed-cache-eaef067d144406da863b2f1698405be1.yaml b/nuclei-templates/cve-less/plugins/litespeed-cache-eaef067d144406da863b2f1698405be1.yaml new file mode 100644 index 0000000000..2265b2e322 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/litespeed-cache-eaef067d144406da863b2f1698405be1.yaml @@ -0,0 +1,58 @@ +id: litespeed-cache-eaef067d144406da863b2f1698405be1 + +info: + name: > + LiteSpeed Cache <= 5.3 - Missing Authorization to Toggle Crawler State + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1900948-8813-4c88-87fe-ddf830c6ae3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/litespeed-cache/" + google-query: inurl:"/wp-content/plugins/litespeed-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,litespeed-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/litespeed-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "litespeed-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/live-chat-facebook-fanpage-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/live-chat-facebook-fanpage-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..39ba86c776 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/live-chat-facebook-fanpage-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: live-chat-facebook-fanpage-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/live-chat-facebook-fanpage/" + google-query: inurl:"/wp-content/plugins/live-chat-facebook-fanpage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,live-chat-facebook-fanpage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-chat-facebook-fanpage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-chat-facebook-fanpage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/live-composer-page-builder-130eab166dc7b7692723d0cf797df7b0.yaml b/nuclei-templates/cve-less/plugins/live-composer-page-builder-130eab166dc7b7692723d0cf797df7b0.yaml new file mode 100644 index 0000000000..c8dac80199 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/live-composer-page-builder-130eab166dc7b7692723d0cf797df7b0.yaml @@ -0,0 +1,58 @@ +id: live-composer-page-builder-130eab166dc7b7692723d0cf797df7b0 + +info: + name: > + Page Builder: Live Composer <= 1.5.25 - Authenticated (Author+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a0f9f80-e338-4afd-9a4b-e421865c8b0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/live-composer-page-builder/" + google-query: inurl:"/wp-content/plugins/live-composer-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,live-composer-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-composer-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-composer-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/live-composer-page-builder-72add1c0a6273b20aaa451b8bcfd56cd.yaml b/nuclei-templates/cve-less/plugins/live-composer-page-builder-72add1c0a6273b20aaa451b8bcfd56cd.yaml new file mode 100644 index 0000000000..7925a79245 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/live-composer-page-builder-72add1c0a6273b20aaa451b8bcfd56cd.yaml @@ -0,0 +1,58 @@ +id: live-composer-page-builder-72add1c0a6273b20aaa451b8bcfd56cd + +info: + name: > + Page Builder: Live Composer <= 1.5.38 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e8b8689-ab6a-426b-9aba-4fa14c455ff1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/live-composer-page-builder/" + google-query: inurl:"/wp-content/plugins/live-composer-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,live-composer-page-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-composer-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-composer-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.38') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/live-composer-page-builder-99586092e2e0a8d37b070fc12b9ea29f.yaml b/nuclei-templates/cve-less/plugins/live-composer-page-builder-99586092e2e0a8d37b070fc12b9ea29f.yaml new file mode 100644 index 0000000000..5a97b286ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/live-composer-page-builder-99586092e2e0a8d37b070fc12b9ea29f.yaml @@ -0,0 +1,58 @@ +id: live-composer-page-builder-99586092e2e0a8d37b070fc12b9ea29f + +info: + name: > + Page Builder: Live Composer <= 1.5.23 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09631637-55e2-4e1e-9dcb-bba205be5f43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/live-composer-page-builder/" + google-query: inurl:"/wp-content/plugins/live-composer-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,live-composer-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-composer-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-composer-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/live-composer-page-builder-add895115f53c9c7df4b8eacc636e203.yaml b/nuclei-templates/cve-less/plugins/live-composer-page-builder-add895115f53c9c7df4b8eacc636e203.yaml new file mode 100644 index 0000000000..ac71a98e56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/live-composer-page-builder-add895115f53c9c7df4b8eacc636e203.yaml @@ -0,0 +1,58 @@ +id: live-composer-page-builder-add895115f53c9c7df4b8eacc636e203 + +info: + name: > + Page Builder: Live Composer <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a99f19a-7874-4f55-bbdd-db23182a0ece?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/live-composer-page-builder/" + google-query: inurl:"/wp-content/plugins/live-composer-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,live-composer-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-composer-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-composer-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/live-composer-page-builder-b15b4d6b18eb8d6e1301c7d5d1d48c76.yaml b/nuclei-templates/cve-less/plugins/live-composer-page-builder-b15b4d6b18eb8d6e1301c7d5d1d48c76.yaml new file mode 100644 index 0000000000..65c3daed9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/live-composer-page-builder-b15b4d6b18eb8d6e1301c7d5d1d48c76.yaml @@ -0,0 +1,58 @@ +id: live-composer-page-builder-b15b4d6b18eb8d6e1301c7d5d1d48c76 + +info: + name: > + Page Builder: Live Composer <= 1.5.35 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5d96be2-b89a-46b0-a4f1-da44f9b54b2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/live-composer-page-builder/" + google-query: inurl:"/wp-content/plugins/live-composer-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,live-composer-page-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-composer-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-composer-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/live-news-lite-884857566c11f05a4de329e58ea89043.yaml b/nuclei-templates/cve-less/plugins/live-news-lite-884857566c11f05a4de329e58ea89043.yaml new file mode 100644 index 0000000000..3f3fa9394f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/live-news-lite-884857566c11f05a4de329e58ea89043.yaml @@ -0,0 +1,58 @@ +id: live-news-lite-884857566c11f05a4de329e58ea89043 + +info: + name: > + Live News <= 1.06 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ee59570-85c3-4394-bebb-c3f49c08be67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/live-news-lite/" + google-query: inurl:"/wp-content/plugins/live-news-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,live-news-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-news-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-news-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.06') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/live-search-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/live-search-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..eb8f4b9fe3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/live-search-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: live-search-xforwc-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/live-search-xforwc/" + google-query: inurl:"/wp-content/plugins/live-search-xforwc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,live-search-xforwc,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-search-xforwc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-search-xforwc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/live-weather-station-6bf013010e508e54af93e6ae6969b8c7.yaml b/nuclei-templates/cve-less/plugins/live-weather-station-6bf013010e508e54af93e6ae6969b8c7.yaml new file mode 100644 index 0000000000..e762342c85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/live-weather-station-6bf013010e508e54af93e6ae6969b8c7.yaml @@ -0,0 +1,58 @@ +id: live-weather-station-6bf013010e508e54af93e6ae6969b8c7 + +info: + name: > + Weather Station <= 3.8.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1e1db3f-1ebc-4f16-b2d8-8bce9c51b3db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/live-weather-station/" + google-query: inurl:"/wp-content/plugins/live-weather-station/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,live-weather-station,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/live-weather-station/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "live-weather-station" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/liveforms-bbcba6e13bde9bf14b1c5b83c187b0ab.yaml b/nuclei-templates/cve-less/plugins/liveforms-bbcba6e13bde9bf14b1c5b83c187b0ab.yaml new file mode 100644 index 0000000000..dbd7826ec7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/liveforms-bbcba6e13bde9bf14b1c5b83c187b0ab.yaml @@ -0,0 +1,58 @@ +id: liveforms-bbcba6e13bde9bf14b1c5b83c187b0ab + +info: + name: > + WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms < 3.2.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13b2fb59-35ef-40de-a48a-2972777d2682?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/liveforms/" + google-query: inurl:"/wp-content/plugins/liveforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,liveforms,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/liveforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "liveforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/liveforms-fbafef1583d66ee6ba3521f29ba434a8.yaml b/nuclei-templates/cve-less/plugins/liveforms-fbafef1583d66ee6ba3521f29ba434a8.yaml new file mode 100644 index 0000000000..e5f0e23cce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/liveforms-fbafef1583d66ee6ba3521f29ba434a8.yaml @@ -0,0 +1,58 @@ +id: liveforms-fbafef1583d66ee6ba3521f29ba434a8 + +info: + name: > + WordPress Contact Form, Drag and Drop Form Builder Plugin – Live Forms <= 3.2.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f36ff03-b599-4f2c-859e-751ac51b652d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/liveforms/" + google-query: inurl:"/wp-content/plugins/liveforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,liveforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/liveforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "liveforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/liveoptim-f364089fe838821aa5875cc23a9bf280.yaml b/nuclei-templates/cve-less/plugins/liveoptim-f364089fe838821aa5875cc23a9bf280.yaml new file mode 100644 index 0000000000..dcc30aaadc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/liveoptim-f364089fe838821aa5875cc23a9bf280.yaml @@ -0,0 +1,58 @@ +id: liveoptim-f364089fe838821aa5875cc23a9bf280 + +info: + name: > + SEO Plugin LiveOptim <= 1.1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23d8c56b-01f1-48b4-a58d-958457be738f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/liveoptim/" + google-query: inurl:"/wp-content/plugins/liveoptim/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,liveoptim,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/liveoptim/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "liveoptim" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/livestream-notice-a521128c60a3e4447b1ae62129a4837e.yaml b/nuclei-templates/cve-less/plugins/livestream-notice-a521128c60a3e4447b1ae62129a4837e.yaml new file mode 100644 index 0000000000..023564490e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/livestream-notice-a521128c60a3e4447b1ae62129a4837e.yaml @@ -0,0 +1,58 @@ +id: livestream-notice-a521128c60a3e4447b1ae62129a4837e + +info: + name: > + Livestream Notice <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69d957d3-a0d5-44ec-a9b0-8c9b41175379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/livestream-notice/" + google-query: inurl:"/wp-content/plugins/livestream-notice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,livestream-notice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/livestream-notice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "livestream-notice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/livesupporti-86ee984a5b2cc7b4ab97dc8a4e8b06c6.yaml b/nuclei-templates/cve-less/plugins/livesupporti-86ee984a5b2cc7b4ab97dc8a4e8b06c6.yaml new file mode 100644 index 0000000000..8cc530f465 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/livesupporti-86ee984a5b2cc7b4ab97dc8a4e8b06c6.yaml @@ -0,0 +1,58 @@ +id: livesupporti-86ee984a5b2cc7b4ab97dc8a4e8b06c6 + +info: + name: > + Free Live Chat Support <= 1.0.11 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfa3efa2-c542-44b9-8039-13e6eac75101?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/livesupporti/" + google-query: inurl:"/wp-content/plugins/livesupporti/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,livesupporti,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/livesupporti/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "livesupporti" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/livesync-38a3278b44badbc6201e3e06953e0d59.yaml b/nuclei-templates/cve-less/plugins/livesync-38a3278b44badbc6201e3e06953e0d59.yaml new file mode 100644 index 0000000000..f156f3229d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/livesync-38a3278b44badbc6201e3e06953e0d59.yaml @@ -0,0 +1,58 @@ +id: livesync-38a3278b44badbc6201e3e06953e0d59 + +info: + name: > + LiveSync for WordPress <= 1.0 - Cross-Site Request Forgery to Arbitrary Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/501fb05a-c8ec-43c6-b462-2a83c4f8b6b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/livesync/" + google-query: inurl:"/wp-content/plugins/livesync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,livesync,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/livesync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "livesync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/load-more-products-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/load-more-products-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..55b6c6d1cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/load-more-products-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: load-more-products-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/load-more-products-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/load-more-products-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,load-more-products-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/load-more-products-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "load-more-products-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loading-page-4168c6f35e53b3bb6cbc2cd944aa14e6.yaml b/nuclei-templates/cve-less/plugins/loading-page-4168c6f35e53b3bb6cbc2cd944aa14e6.yaml new file mode 100644 index 0000000000..259d13ff31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loading-page-4168c6f35e53b3bb6cbc2cd944aa14e6.yaml @@ -0,0 +1,58 @@ +id: loading-page-4168c6f35e53b3bb6cbc2cd944aa14e6 + +info: + name: > + Loading Page with Loading Screen <= 1.0.82 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97b10f88-1911-4416-a5cd-83b4c991e6c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loading-page/" + google-query: inurl:"/wp-content/plugins/loading-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loading-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loading-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loading-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.82') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loan-comparison-17de09501ab7fb8731b631ebf83d7a67.yaml b/nuclei-templates/cve-less/plugins/loan-comparison-17de09501ab7fb8731b631ebf83d7a67.yaml new file mode 100644 index 0000000000..809262264a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loan-comparison-17de09501ab7fb8731b631ebf83d7a67.yaml @@ -0,0 +1,58 @@ +id: loan-comparison-17de09501ab7fb8731b631ebf83d7a67 + +info: + name: > + Loan Comparison <= 1.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25e4ed00-a9f2-402f-8a46-3cb911ab5497?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loan-comparison/" + google-query: inurl:"/wp-content/plugins/loan-comparison/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loan-comparison,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loan-comparison/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loan-comparison" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loan-comparison-58b316530bd9635132dfd03a76f490ff.yaml b/nuclei-templates/cve-less/plugins/loan-comparison-58b316530bd9635132dfd03a76f490ff.yaml new file mode 100644 index 0000000000..4da232bb2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loan-comparison-58b316530bd9635132dfd03a76f490ff.yaml @@ -0,0 +1,58 @@ +id: loan-comparison-58b316530bd9635132dfd03a76f490ff + +info: + name: > + Loan Comparison <= 1.5.2 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3fef9990-023a-4d4b-8c52-3b71aac97e7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loan-comparison/" + google-query: inurl:"/wp-content/plugins/loan-comparison/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loan-comparison,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loan-comparison/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loan-comparison" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/local-delivery-drivers-for-woocommerce-689c16f1a129b0e9c76ffa7cafd20108.yaml b/nuclei-templates/cve-less/plugins/local-delivery-drivers-for-woocommerce-689c16f1a129b0e9c76ffa7cafd20108.yaml new file mode 100644 index 0000000000..94793e881d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/local-delivery-drivers-for-woocommerce-689c16f1a129b0e9c76ffa7cafd20108.yaml @@ -0,0 +1,58 @@ +id: local-delivery-drivers-for-woocommerce-689c16f1a129b0e9c76ffa7cafd20108 + +info: + name: > + Local Delivery Drivers for WooCommerce <= 1.9.0 - Missing Authorization to Driver Account Takeover + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99f4f1dc-13a9-4fa0-bdb1-77a0d416c80f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/local-delivery-drivers-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/local-delivery-drivers-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,local-delivery-drivers-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/local-delivery-drivers-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "local-delivery-drivers-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/localize-my-post-e804c0e7bbe92744b5b1a95863c8b199.yaml b/nuclei-templates/cve-less/plugins/localize-my-post-e804c0e7bbe92744b5b1a95863c8b199.yaml new file mode 100644 index 0000000000..6d32704437 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/localize-my-post-e804c0e7bbe92744b5b1a95863c8b199.yaml @@ -0,0 +1,58 @@ +id: localize-my-post-e804c0e7bbe92744b5b1a95863c8b199 + +info: + name: > + Localize My Post <= 1.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3969e890-76e0-484a-ad16-6e2642e2ae53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/localize-my-post/" + google-query: inurl:"/wp-content/plugins/localize-my-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,localize-my-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/localize-my-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "localize-my-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/localize-remote-images-d92a3b7d2765d4947392cc8fcadba165.yaml b/nuclei-templates/cve-less/plugins/localize-remote-images-d92a3b7d2765d4947392cc8fcadba165.yaml new file mode 100644 index 0000000000..b376ed5cd5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/localize-remote-images-d92a3b7d2765d4947392cc8fcadba165.yaml @@ -0,0 +1,58 @@ +id: localize-remote-images-d92a3b7d2765d4947392cc8fcadba165 + +info: + name: > + Localize Remote Images <= 1.0.9 - Cross-Site Request Forgery via admin menu + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab96123e-17aa-461f-b460-e8eba82c78e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/localize-remote-images/" + google-query: inurl:"/wp-content/plugins/localize-remote-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,localize-remote-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/localize-remote-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "localize-remote-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/location-weather-6c261a297dbcd9991a82748059272596.yaml b/nuclei-templates/cve-less/plugins/location-weather-6c261a297dbcd9991a82748059272596.yaml new file mode 100644 index 0000000000..d221096c72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/location-weather-6c261a297dbcd9991a82748059272596.yaml @@ -0,0 +1,58 @@ +id: location-weather-6c261a297dbcd9991a82748059272596 + +info: + name: > + Location Weather <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c93c412-541a-429f-b18e-7b75c8ebdf67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/location-weather/" + google-query: inurl:"/wp-content/plugins/location-weather/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,location-weather,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/location-weather/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "location-weather" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/locations-68619625dd4330d653c82c2251ebc33a.yaml b/nuclei-templates/cve-less/plugins/locations-68619625dd4330d653c82c2251ebc33a.yaml new file mode 100644 index 0000000000..d2d3937178 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/locations-68619625dd4330d653c82c2251ebc33a.yaml @@ -0,0 +1,58 @@ +id: locations-68619625dd4330d653c82c2251ebc33a + +info: + name: > + Locations <= 3.2.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3df9f237-a861-43fc-8623-d42f84d8d5d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/locations/" + google-query: inurl:"/wp-content/plugins/locations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,locations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/locations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "locations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/locations-9e153a23809280911bab79339940a337.yaml b/nuclei-templates/cve-less/plugins/locations-9e153a23809280911bab79339940a337.yaml new file mode 100644 index 0000000000..d7eb9db796 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/locations-9e153a23809280911bab79339940a337.yaml @@ -0,0 +1,58 @@ +id: locations-9e153a23809280911bab79339940a337 + +info: + name: > + Locations <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe10acf6-2649-4e85-abd1-b6840169eb41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/locations/" + google-query: inurl:"/wp-content/plugins/locations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,locations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/locations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "locations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/locatoraid-95d961d91144502a2fa4a99f5da6e669.yaml b/nuclei-templates/cve-less/plugins/locatoraid-95d961d91144502a2fa4a99f5da6e669.yaml new file mode 100644 index 0000000000..5b58ddb1f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/locatoraid-95d961d91144502a2fa4a99f5da6e669.yaml @@ -0,0 +1,58 @@ +id: locatoraid-95d961d91144502a2fa4a99f5da6e669 + +info: + name: > + Locatoraid Store Locator <= 3.9.30 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f328b938-355d-426f-a9cf-646929a7c155?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/locatoraid/" + google-query: inurl:"/wp-content/plugins/locatoraid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,locatoraid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/locatoraid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "locatoraid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/locatoraid-b2cac182d257fbe66c64e34a40cb5d58.yaml b/nuclei-templates/cve-less/plugins/locatoraid-b2cac182d257fbe66c64e34a40cb5d58.yaml new file mode 100644 index 0000000000..25e4ae9166 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/locatoraid-b2cac182d257fbe66c64e34a40cb5d58.yaml @@ -0,0 +1,58 @@ +id: locatoraid-b2cac182d257fbe66c64e34a40cb5d58 + +info: + name: > + Locatoraid Store Locator <= 3.9.11 - Cross Site Request Forgery in grab + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7feecce5-f2ce-4278-b648-e363b1fa5d7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/locatoraid/" + google-query: inurl:"/wp-content/plugins/locatoraid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,locatoraid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/locatoraid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "locatoraid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/locatoraid-cfb712440be870231ef705d9454b409e.yaml b/nuclei-templates/cve-less/plugins/locatoraid-cfb712440be870231ef705d9454b409e.yaml new file mode 100644 index 0000000000..10046e3a6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/locatoraid-cfb712440be870231ef705d9454b409e.yaml @@ -0,0 +1,58 @@ +id: locatoraid-cfb712440be870231ef705d9454b409e + +info: + name: > + Locatoraid Store Locator <= 3.9.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dba0a90b-f13c-4914-b6b7-278227ffc122?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/locatoraid/" + google-query: inurl:"/wp-content/plugins/locatoraid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,locatoraid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/locatoraid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "locatoraid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/locatoraid-e7e716edf9e9518e46de8baeec91561e.yaml b/nuclei-templates/cve-less/plugins/locatoraid-e7e716edf9e9518e46de8baeec91561e.yaml new file mode 100644 index 0000000000..4e2465b7ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/locatoraid-e7e716edf9e9518e46de8baeec91561e.yaml @@ -0,0 +1,58 @@ +id: locatoraid-e7e716edf9e9518e46de8baeec91561e + +info: + name: > + Locatoraid Store Locator <= 3.9.23 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64d2174e-ee69-4e71-b8cb-ff7a1ba0f52f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/locatoraid/" + google-query: inurl:"/wp-content/plugins/locatoraid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,locatoraid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/locatoraid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "locatoraid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/locatoraid-f129897036a69e5c156d976b88efd3ed.yaml b/nuclei-templates/cve-less/plugins/locatoraid-f129897036a69e5c156d976b88efd3ed.yaml new file mode 100644 index 0000000000..bc19989c78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/locatoraid-f129897036a69e5c156d976b88efd3ed.yaml @@ -0,0 +1,58 @@ +id: locatoraid-f129897036a69e5c156d976b88efd3ed + +info: + name: > + Locatoraid Store Locator <= 3.9.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e40cba5c-455c-44ba-bba2-c825697b837a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/locatoraid/" + google-query: inurl:"/wp-content/plugins/locatoraid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,locatoraid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/locatoraid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "locatoraid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lock-user-account-39749a910e46936207c7b87bdd710b5b.yaml b/nuclei-templates/cve-less/plugins/lock-user-account-39749a910e46936207c7b87bdd710b5b.yaml new file mode 100644 index 0000000000..634d6c5885 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lock-user-account-39749a910e46936207c7b87bdd710b5b.yaml @@ -0,0 +1,58 @@ +id: lock-user-account-39749a910e46936207c7b87bdd710b5b + +info: + name: > + Lock User Account <= 1.0.3 - Cross-Site Request Forgery to Account Lock/Unlock + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d06f265c-c1c1-4316-9526-3392f6ee31da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lock-user-account/" + google-query: inurl:"/wp-content/plugins/lock-user-account/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lock-user-account,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lock-user-account/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lock-user-account" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loco-translate-8187837c8e502d478100e3984ca296fb.yaml b/nuclei-templates/cve-less/plugins/loco-translate-8187837c8e502d478100e3984ca296fb.yaml new file mode 100644 index 0000000000..43d696709c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loco-translate-8187837c8e502d478100e3984ca296fb.yaml @@ -0,0 +1,58 @@ +id: loco-translate-8187837c8e502d478100e3984ca296fb + +info: + name: > + Loco Translate <= 2.5.3 - Authenticated PHP Code Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/457865ca-cbf8-42ee-928d-2c894d9d62de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loco-translate/" + google-query: inurl:"/wp-content/plugins/loco-translate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loco-translate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loco-translate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loco-translate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loco-translate-d8800c16823f2094a6d5c651646d84fa.yaml b/nuclei-templates/cve-less/plugins/loco-translate-d8800c16823f2094a6d5c651646d84fa.yaml new file mode 100644 index 0000000000..fa3d286f75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loco-translate-d8800c16823f2094a6d5c651646d84fa.yaml @@ -0,0 +1,58 @@ +id: loco-translate-d8800c16823f2094a6d5c651646d84fa + +info: + name: > + Loco Translate <= 2.6.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d3b1a76-febc-4037-b31e-5987f8a23e92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loco-translate/" + google-query: inurl:"/wp-content/plugins/loco-translate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loco-translate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loco-translate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loco-translate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/log-http-requests-5a93acfe5c571ac99fbd0be363e6f484.yaml b/nuclei-templates/cve-less/plugins/log-http-requests-5a93acfe5c571ac99fbd0be363e6f484.yaml new file mode 100644 index 0000000000..4e08a47a0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/log-http-requests-5a93acfe5c571ac99fbd0be363e6f484.yaml @@ -0,0 +1,58 @@ +id: log-http-requests-5a93acfe5c571ac99fbd0be363e6f484 + +info: + name: > + Log HTTP Requests <= 1.3.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b12b0a2a-3c3c-4d9c-a404-c8f170638e31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/log-http-requests/" + google-query: inurl:"/wp-content/plugins/log-http-requests/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,log-http-requests,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/log-http-requests/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "log-http-requests" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logaster-logo-generator-76ed6482cec63261d1357200b150b91d.yaml b/nuclei-templates/cve-less/plugins/logaster-logo-generator-76ed6482cec63261d1357200b150b91d.yaml new file mode 100644 index 0000000000..281d074d1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logaster-logo-generator-76ed6482cec63261d1357200b150b91d.yaml @@ -0,0 +1,58 @@ +id: logaster-logo-generator-76ed6482cec63261d1357200b150b91d + +info: + name: > + Logaster Logo Generator <= 1.3 - Cross-Site Request Forgery to Arbitrary Media Deletion and Creation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cde8c669-c9bb-4ecc-b589-3cda8757dfc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logaster-logo-generator/" + google-query: inurl:"/wp-content/plugins/logaster-logo-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logaster-logo-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logaster-logo-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logaster-logo-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logdash-activity-log-bcfe334c42c567e215f8c00ef33611b7.yaml b/nuclei-templates/cve-less/plugins/logdash-activity-log-bcfe334c42c567e215f8c00ef33611b7.yaml new file mode 100644 index 0000000000..6df9bfed8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logdash-activity-log-bcfe334c42c567e215f8c00ef33611b7.yaml @@ -0,0 +1,58 @@ +id: logdash-activity-log-bcfe334c42c567e215f8c00ef33611b7 + +info: + name: > + LogDash Activity Log <= 1.1.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b71348c8-9e86-432e-b05e-96884344cef6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logdash-activity-log/" + google-query: inurl:"/wp-content/plugins/logdash-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logdash-activity-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logdash-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logdash-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-and-logout-redirect-6defdad634c19587e3dd4bf9ad418075.yaml b/nuclei-templates/cve-less/plugins/login-and-logout-redirect-6defdad634c19587e3dd4bf9ad418075.yaml new file mode 100644 index 0000000000..bf7ea6982e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-and-logout-redirect-6defdad634c19587e3dd4bf9ad418075.yaml @@ -0,0 +1,58 @@ +id: login-and-logout-redirect-6defdad634c19587e3dd4bf9ad418075 + +info: + name: > + Login and Logout Redirect <= 2.0.2 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09a0639e-4b14-4dc9-a50c-d18234faa7b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-and-logout-redirect/" + google-query: inurl:"/wp-content/plugins/login-and-logout-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-and-logout-redirect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-and-logout-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-and-logout-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-as-customer-or-user-0fc17742a12c442eca6b1350953762d1.yaml b/nuclei-templates/cve-less/plugins/login-as-customer-or-user-0fc17742a12c442eca6b1350953762d1.yaml new file mode 100644 index 0000000000..c07ae0478e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-as-customer-or-user-0fc17742a12c442eca6b1350953762d1.yaml @@ -0,0 +1,58 @@ +id: login-as-customer-or-user-0fc17742a12c442eca6b1350953762d1 + +info: + name: > + Login as User or Customer <= 3.2 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fca20535-d033-45d5-acc3-72ad53d34b4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-as-customer-or-user/" + google-query: inurl:"/wp-content/plugins/login-as-customer-or-user/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-as-customer-or-user,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-as-customer-or-user/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-as-customer-or-user" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-as-customer-or-user-4c2cc49d3c5ef5aabeaa2eb6035c1bc7.yaml b/nuclei-templates/cve-less/plugins/login-as-customer-or-user-4c2cc49d3c5ef5aabeaa2eb6035c1bc7.yaml new file mode 100644 index 0000000000..a3552b7bd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-as-customer-or-user-4c2cc49d3c5ef5aabeaa2eb6035c1bc7.yaml @@ -0,0 +1,58 @@ +id: login-as-customer-or-user-4c2cc49d3c5ef5aabeaa2eb6035c1bc7 + +info: + name: > + Login as User or Customer <= 3.8 - Unauthenticated Limited Admin Account Compromise + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a97f59d-c4b1-4544-8cef-37a01cc6f7ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-as-customer-or-user/" + google-query: inurl:"/wp-content/plugins/login-as-customer-or-user/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-as-customer-or-user,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-as-customer-or-user/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-as-customer-or-user" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-as-customer-or-user-63d09700de769fbd6e753bbbd4ecabb8.yaml b/nuclei-templates/cve-less/plugins/login-as-customer-or-user-63d09700de769fbd6e753bbbd4ecabb8.yaml new file mode 100644 index 0000000000..023fb65c48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-as-customer-or-user-63d09700de769fbd6e753bbbd4ecabb8.yaml @@ -0,0 +1,58 @@ +id: login-as-customer-or-user-63d09700de769fbd6e753bbbd4ecabb8 + +info: + name: > + Login as User or Customer (User Switching) <= 3.8 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b07ea6a-511d-44ab-b0b7-5124702ad47d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-as-customer-or-user/" + google-query: inurl:"/wp-content/plugins/login-as-customer-or-user/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-as-customer-or-user,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-as-customer-or-user/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-as-customer-or-user" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-as-customer-or-user-ec624f0e0c8a0434187e7e5ecb5e4e8b.yaml b/nuclei-templates/cve-less/plugins/login-as-customer-or-user-ec624f0e0c8a0434187e7e5ecb5e4e8b.yaml new file mode 100644 index 0000000000..57085d64b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-as-customer-or-user-ec624f0e0c8a0434187e7e5ecb5e4e8b.yaml @@ -0,0 +1,58 @@ +id: login-as-customer-or-user-ec624f0e0c8a0434187e7e5ecb5e4e8b + +info: + name: > + Login as User or Customer < 1.8 - Missing Authorization to Arbitrary Plugin Installation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7d7ec5b-0616-4895-b5bf-be25ac37fb17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-as-customer-or-user/" + google-query: inurl:"/wp-content/plugins/login-as-customer-or-user/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-as-customer-or-user,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-as-customer-or-user/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-as-customer-or-user" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-attempts-limit-wp-0eea71d63bea39cf2254e5ce7029cff0.yaml b/nuclei-templates/cve-less/plugins/login-attempts-limit-wp-0eea71d63bea39cf2254e5ce7029cff0.yaml new file mode 100644 index 0000000000..269fe1a5ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-attempts-limit-wp-0eea71d63bea39cf2254e5ce7029cff0.yaml @@ -0,0 +1,58 @@ +id: login-attempts-limit-wp-0eea71d63bea39cf2254e5ce7029cff0 + +info: + name: > + LOGIN AND REGISTRATION ATTEMPTS LIMIT <= 2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/257052f4-2b0a-4604-befd-651dc338b3d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-attempts-limit-wp/" + google-query: inurl:"/wp-content/plugins/login-attempts-limit-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-attempts-limit-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-attempts-limit-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-attempts-limit-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-block-ips-02f07014b96a3edb2c7f1b16bbe0bd90.yaml b/nuclei-templates/cve-less/plugins/login-block-ips-02f07014b96a3edb2c7f1b16bbe0bd90.yaml new file mode 100644 index 0000000000..f95659d825 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-block-ips-02f07014b96a3edb2c7f1b16bbe0bd90.yaml @@ -0,0 +1,58 @@ +id: login-block-ips-02f07014b96a3edb2c7f1b16bbe0bd90 + +info: + name: > + Login Block IPs <= 1.0.0 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3adabcc-3259-4d4d-8359-71af16823d18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-block-ips/" + google-query: inurl:"/wp-content/plugins/login-block-ips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-block-ips,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-block-ips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-block-ips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-block-ips-a8dff80c8e083adc6ae91aa812785cd7.yaml b/nuclei-templates/cve-less/plugins/login-block-ips-a8dff80c8e083adc6ae91aa812785cd7.yaml new file mode 100644 index 0000000000..f87766810e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-block-ips-a8dff80c8e083adc6ae91aa812785cd7.yaml @@ -0,0 +1,58 @@ +id: login-block-ips-a8dff80c8e083adc6ae91aa812785cd7 + +info: + name: > + Login Block IPs <= 1.0.0 - IP Spoofing to Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e772760-f390-417f-82d0-f415a6ef837d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-block-ips/" + google-query: inurl:"/wp-content/plugins/login-block-ips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-block-ips,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-block-ips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-block-ips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-configurator-138f6d0c8e0041a5a9ff7dcdbdf2c1bd.yaml b/nuclei-templates/cve-less/plugins/login-configurator-138f6d0c8e0041a5a9ff7dcdbdf2c1bd.yaml new file mode 100644 index 0000000000..09bba43787 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-configurator-138f6d0c8e0041a5a9ff7dcdbdf2c1bd.yaml @@ -0,0 +1,58 @@ +id: login-configurator-138f6d0c8e0041a5a9ff7dcdbdf2c1bd + +info: + name: > + Login Configurator <= 2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb148264-c75e-4e73-95d7-3a06cdd8990e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-configurator/" + google-query: inurl:"/wp-content/plugins/login-configurator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-configurator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-configurator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-configurator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-configurator-46799564b7a9d79d9f58df7d68a85824.yaml b/nuclei-templates/cve-less/plugins/login-configurator-46799564b7a9d79d9f58df7d68a85824.yaml new file mode 100644 index 0000000000..dbd80cbd2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-configurator-46799564b7a9d79d9f58df7d68a85824.yaml @@ -0,0 +1,58 @@ +id: login-configurator-46799564b7a9d79d9f58df7d68a85824 + +info: + name: > + Login Configurator <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74d3606f-bd62-4844-ac17-8e47feddab92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-configurator/" + google-query: inurl:"/wp-content/plugins/login-configurator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-configurator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-configurator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-configurator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-configurator-beaa951d6e891d70c494baee952c2f4e.yaml b/nuclei-templates/cve-less/plugins/login-configurator-beaa951d6e891d70c494baee952c2f4e.yaml new file mode 100644 index 0000000000..361933c2dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-configurator-beaa951d6e891d70c494baee952c2f4e.yaml @@ -0,0 +1,58 @@ +id: login-configurator-beaa951d6e891d70c494baee952c2f4e + +info: + name: > + Login Configurator <= 2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b89a1265-6e26-498c-a2b4-da12d38463c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-configurator/" + google-query: inurl:"/wp-content/plugins/login-configurator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-configurator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-configurator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-configurator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-form-recaptcha-eab309830ae20eeb18b4936d022eab3a.yaml b/nuclei-templates/cve-less/plugins/login-form-recaptcha-eab309830ae20eeb18b4936d022eab3a.yaml new file mode 100644 index 0000000000..9104a16f23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-form-recaptcha-eab309830ae20eeb18b4936d022eab3a.yaml @@ -0,0 +1,58 @@ +id: login-form-recaptcha-eab309830ae20eeb18b4936d022eab3a + +info: + name: > + reCAPTCHA <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55f7914f-9731-4b43-b2c0-b3474508e40a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-form-recaptcha/" + google-query: inurl:"/wp-content/plugins/login-form-recaptcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-form-recaptcha,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-form-recaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-form-recaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-lockdown-88f9434afbf3660fe0710b500aa999f9.yaml b/nuclei-templates/cve-less/plugins/login-lockdown-88f9434afbf3660fe0710b500aa999f9.yaml new file mode 100644 index 0000000000..6de2aa5908 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-lockdown-88f9434afbf3660fe0710b500aa999f9.yaml @@ -0,0 +1,58 @@ +id: login-lockdown-88f9434afbf3660fe0710b500aa999f9 + +info: + name: > + Login Lockdown – Protect Login Form <= 2.08 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34021007-b5d3-479b-a0d4-50e301f22c9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-lockdown/" + google-query: inurl:"/wp-content/plugins/login-lockdown/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-lockdown,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-lockdown/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-lockdown" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.08') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-lockdown-e2d3306782ffc6dc1c4428ce58ed053c.yaml b/nuclei-templates/cve-less/plugins/login-lockdown-e2d3306782ffc6dc1c4428ce58ed053c.yaml new file mode 100644 index 0000000000..b5ebc8676e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-lockdown-e2d3306782ffc6dc1c4428ce58ed053c.yaml @@ -0,0 +1,58 @@ +id: login-lockdown-e2d3306782ffc6dc1c4428ce58ed053c + +info: + name: > + Login Lockdown – Protect Login Form <= 2.06 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c9d088c-e71a-4e73-a7e3-d99f3511e519?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-lockdown/" + google-query: inurl:"/wp-content/plugins/login-lockdown/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-lockdown,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-lockdown/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-lockdown" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.07') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-logout-menu-de60bb7a2d8edb4c8b70880b7d8f6006.yaml b/nuclei-templates/cve-less/plugins/login-logout-menu-de60bb7a2d8edb4c8b70880b7d8f6006.yaml new file mode 100644 index 0000000000..e922561cb5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-logout-menu-de60bb7a2d8edb4c8b70880b7d8f6006.yaml @@ -0,0 +1,58 @@ +id: login-logout-menu-de60bb7a2d8edb4c8b70880b7d8f6006 + +info: + name: > + Login Logout Menu <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8772a00a-b285-4b1e-a903-6f8404cf21a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-logout-menu/" + google-query: inurl:"/wp-content/plugins/login-logout-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-logout-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-logout-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-logout-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-logout-register-menu-1b2984fc633af00dfb52c6ca6adba0af.yaml b/nuclei-templates/cve-less/plugins/login-logout-register-menu-1b2984fc633af00dfb52c6ca6adba0af.yaml new file mode 100644 index 0000000000..9a6764bb7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-logout-register-menu-1b2984fc633af00dfb52c6ca6adba0af.yaml @@ -0,0 +1,58 @@ +id: login-logout-register-menu-1b2984fc633af00dfb52c6ca6adba0af + +info: + name: > + Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04057d0b-f831-4629-af74-393bb77689e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-logout-register-menu/" + google-query: inurl:"/wp-content/plugins/login-logout-register-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-logout-register-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-logout-register-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-logout-register-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-or-logout-menu-item-ca7d5b5619ab641f67f5cf5a4e55e4af.yaml b/nuclei-templates/cve-less/plugins/login-or-logout-menu-item-ca7d5b5619ab641f67f5cf5a4e55e4af.yaml new file mode 100644 index 0000000000..1b091eb799 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-or-logout-menu-item-ca7d5b5619ab641f67f5cf5a4e55e4af.yaml @@ -0,0 +1,58 @@ +id: login-or-logout-menu-item-ca7d5b5619ab641f67f5cf5a4e55e4af + +info: + name: > + Login or Logout Menu Item <= 1.1.1 - Unauthenticated Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9bfae23-7b5c-46d8-9d7e-cc261280e223?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-or-logout-menu-item/" + google-query: inurl:"/wp-content/plugins/login-or-logout-menu-item/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-or-logout-menu-item,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-or-logout-menu-item/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-or-logout-menu-item" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-page-styler-7d4c259ea0aa11707d8270b3e5db8568.yaml b/nuclei-templates/cve-less/plugins/login-page-styler-7d4c259ea0aa11707d8270b3e5db8568.yaml new file mode 100644 index 0000000000..0d4aa8eb24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-page-styler-7d4c259ea0aa11707d8270b3e5db8568.yaml @@ -0,0 +1,58 @@ +id: login-page-styler-7d4c259ea0aa11707d8270b3e5db8568 + +info: + name: > + Login Page Styler <= 6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d70cd0a-5c30-4a9b-81e8-e465d1e8f2b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-page-styler/" + google-query: inurl:"/wp-content/plugins/login-page-styler/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-page-styler,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-page-styler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-page-styler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-rebuilder-0769a7de02fdecf0755ac761d0a440c1.yaml b/nuclei-templates/cve-less/plugins/login-rebuilder-0769a7de02fdecf0755ac761d0a440c1.yaml new file mode 100644 index 0000000000..c227a70f6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-rebuilder-0769a7de02fdecf0755ac761d0a440c1.yaml @@ -0,0 +1,58 @@ +id: login-rebuilder-0769a7de02fdecf0755ac761d0a440c1 + +info: + name: > + Login rebuilder <= 2.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ae14765-ba85-4aba-83ae-41f7de2f2551?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-rebuilder/" + google-query: inurl:"/wp-content/plugins/login-rebuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-rebuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-rebuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-rebuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-rebuilder-a2f350e1414d89ef0f2cdb91d69b4d0f.yaml b/nuclei-templates/cve-less/plugins/login-rebuilder-a2f350e1414d89ef0f2cdb91d69b4d0f.yaml new file mode 100644 index 0000000000..f9f047a1a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-rebuilder-a2f350e1414d89ef0f2cdb91d69b4d0f.yaml @@ -0,0 +1,58 @@ +id: login-rebuilder-a2f350e1414d89ef0f2cdb91d69b4d0f + +info: + name: > + Login rebuilder < 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f75936d7-12bc-47cc-b901-17fd42c05d66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-rebuilder/" + google-query: inurl:"/wp-content/plugins/login-rebuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-rebuilder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-rebuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-rebuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-recaptcha-b6dd04c8ab5f16c9a1c8ee0a8dbc7845.yaml b/nuclei-templates/cve-less/plugins/login-recaptcha-b6dd04c8ab5f16c9a1c8ee0a8dbc7845.yaml new file mode 100644 index 0000000000..7582e08e77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-recaptcha-b6dd04c8ab5f16c9a1c8ee0a8dbc7845.yaml @@ -0,0 +1,58 @@ +id: login-recaptcha-b6dd04c8ab5f16c9a1c8ee0a8dbc7845 + +info: + name: > + Login No Captcha reCAPTCHA <= 1.6.11 - CAPTCHA Bypass via Whitelisted IP Address Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8c69fc2-e1bf-43e7-a80e-931dbb70d8da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-recaptcha/" + google-query: inurl:"/wp-content/plugins/login-recaptcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-recaptcha,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-recaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-recaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-screen-manager-16cbd69900a20c2a15cc998b66c6e30e.yaml b/nuclei-templates/cve-less/plugins/login-screen-manager-16cbd69900a20c2a15cc998b66c6e30e.yaml new file mode 100644 index 0000000000..73c5ebf7fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-screen-manager-16cbd69900a20c2a15cc998b66c6e30e.yaml @@ -0,0 +1,58 @@ +id: login-screen-manager-16cbd69900a20c2a15cc998b66c6e30e + +info: + name: > + Login Screen Manager <= 3.5.2 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d6c37ec-4a17-41b8-a29e-2a9adb382cea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-screen-manager/" + google-query: inurl:"/wp-content/plugins/login-screen-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-screen-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-screen-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-screen-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-sidebar-widget-fae7d043617694cc89520aef8cdc5ad0.yaml b/nuclei-templates/cve-less/plugins/login-sidebar-widget-fae7d043617694cc89520aef8cdc5ad0.yaml new file mode 100644 index 0000000000..99ce07bef4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-sidebar-widget-fae7d043617694cc89520aef8cdc5ad0.yaml @@ -0,0 +1,58 @@ +id: login-sidebar-widget-fae7d043617694cc89520aef8cdc5ad0 + +info: + name: > + Login Widget With Shortcode < 3.2.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e10db126-a22e-4e15-a868-6fd9172fa805?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-sidebar-widget/" + google-query: inurl:"/wp-content/plugins/login-sidebar-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-sidebar-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-sidebar-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-sidebar-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-ajax-2c0d615cfdc7e7ed23f5751818a97642.yaml b/nuclei-templates/cve-less/plugins/login-with-ajax-2c0d615cfdc7e7ed23f5751818a97642.yaml new file mode 100644 index 0000000000..9066573bcf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-ajax-2c0d615cfdc7e7ed23f5751818a97642.yaml @@ -0,0 +1,58 @@ +id: login-with-ajax-2c0d615cfdc7e7ed23f5751818a97642 + +info: + name: > + Login With Ajax <= 4.1 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec29e5fc-5635-4809-9bb5-cd28f7fac17e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-ajax/" + google-query: inurl:"/wp-content/plugins/login-with-ajax/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-ajax,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-ajax/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-ajax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-ajax-7bcea995c31208e7b3ae2001fc2e0fd5.yaml b/nuclei-templates/cve-less/plugins/login-with-ajax-7bcea995c31208e7b3ae2001fc2e0fd5.yaml new file mode 100644 index 0000000000..10f604e3ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-ajax-7bcea995c31208e7b3ae2001fc2e0fd5.yaml @@ -0,0 +1,58 @@ +id: login-with-ajax-7bcea995c31208e7b3ae2001fc2e0fd5 + +info: + name: > + Login With Ajax <= 3.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/416fc00d-2e72-41aa-9023-0c098ca32192?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-ajax/" + google-query: inurl:"/wp-content/plugins/login-with-ajax/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-ajax,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-ajax/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-ajax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-ajax-d9979e2b554699fb1813833b2efa0480.yaml b/nuclei-templates/cve-less/plugins/login-with-ajax-d9979e2b554699fb1813833b2efa0480.yaml new file mode 100644 index 0000000000..d1f6485fe2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-ajax-d9979e2b554699fb1813833b2efa0480.yaml @@ -0,0 +1,58 @@ +id: login-with-ajax-d9979e2b554699fb1813833b2efa0480 + +info: + name: > + Login With Ajax < 3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dec045a-b87c-4db5-960e-8888e410a950?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-ajax/" + google-query: inurl:"/wp-content/plugins/login-with-ajax/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-ajax,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-ajax/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-ajax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-ajax-ec063e4ec21933641631e905d4f64602.yaml b/nuclei-templates/cve-less/plugins/login-with-ajax-ec063e4ec21933641631e905d4f64602.yaml new file mode 100644 index 0000000000..391802b3bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-ajax-ec063e4ec21933641631e905d4f64602.yaml @@ -0,0 +1,58 @@ +id: login-with-ajax-ec063e4ec21933641631e905d4f64602 + +info: + name: > + Login With Ajax < 3.0.4.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a925c74-9f12-41e1-9443-d533b645c3f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-ajax/" + google-query: inurl:"/wp-content/plugins/login-with-ajax/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-ajax,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-ajax/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-ajax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-ajax-fe796847eb830527572fd03364591cba.yaml b/nuclei-templates/cve-less/plugins/login-with-ajax-fe796847eb830527572fd03364591cba.yaml new file mode 100644 index 0000000000..064f0f9fd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-ajax-fe796847eb830527572fd03364591cba.yaml @@ -0,0 +1,58 @@ +id: login-with-ajax-fe796847eb830527572fd03364591cba + +info: + name: > + Login With Ajax <= 4.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f11926c8-2b31-4ad5-9fd0-225071a91b2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-ajax/" + google-query: inurl:"/wp-content/plugins/login-with-ajax/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-ajax,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-ajax/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-ajax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-cognito-29259c5b25c72133b49fdd41585cc3d7.yaml b/nuclei-templates/cve-less/plugins/login-with-cognito-29259c5b25c72133b49fdd41585cc3d7.yaml new file mode 100644 index 0000000000..3b98ad5262 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-cognito-29259c5b25c72133b49fdd41585cc3d7.yaml @@ -0,0 +1,58 @@ +id: login-with-cognito-29259c5b25c72133b49fdd41585cc3d7 + +info: + name: > + Login with Cognito <= 1.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5e88393-c76b-49b6-a55c-06094e6f82d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-cognito/" + google-query: inurl:"/wp-content/plugins/login-with-cognito/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-cognito,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-cognito/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-cognito" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-phone-number-208e3b31993605c004819fb7fd167d1a.yaml b/nuclei-templates/cve-less/plugins/login-with-phone-number-208e3b31993605c004819fb7fd167d1a.yaml new file mode 100644 index 0000000000..2141ec66c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-phone-number-208e3b31993605c004819fb7fd167d1a.yaml @@ -0,0 +1,58 @@ +id: login-with-phone-number-208e3b31993605c004819fb7fd167d1a + +info: + name: > + Login with phone number <= 1.4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3819ffc4-8889-4199-9dd6-140490a17ed6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-phone-number/" + google-query: inurl:"/wp-content/plugins/login-with-phone-number/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-phone-number,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-phone-number/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-phone-number" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-phone-number-56f2f327244a430ca8fc636a97b2e3cb.yaml b/nuclei-templates/cve-less/plugins/login-with-phone-number-56f2f327244a430ca8fc636a97b2e3cb.yaml new file mode 100644 index 0000000000..44e5645803 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-phone-number-56f2f327244a430ca8fc636a97b2e3cb.yaml @@ -0,0 +1,58 @@ +id: login-with-phone-number-56f2f327244a430ca8fc636a97b2e3cb + +info: + name: > + Login with phone number <= 1.7.16 - Unauthorized Account Password Change to Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95247ff5-0277-4270-a1ea-221ea2ecee0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-phone-number/" + google-query: inurl:"/wp-content/plugins/login-with-phone-number/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-phone-number,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-phone-number/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-phone-number" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-phone-number-64bb9b276a0e4073663c51a2aaebe19f.yaml b/nuclei-templates/cve-less/plugins/login-with-phone-number-64bb9b276a0e4073663c51a2aaebe19f.yaml new file mode 100644 index 0000000000..f9b73f9bb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-phone-number-64bb9b276a0e4073663c51a2aaebe19f.yaml @@ -0,0 +1,58 @@ +id: login-with-phone-number-64bb9b276a0e4073663c51a2aaebe19f + +info: + name: > + Login with phone number <= 1.6.93 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c600e8d0-7fe1-408e-a51d-8519a9acceb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-phone-number/" + google-query: inurl:"/wp-content/plugins/login-with-phone-number/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-phone-number,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-phone-number/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-phone-number" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.93') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-phone-number-6f4c822113b8980ad7d9ecbb478cdfd7.yaml b/nuclei-templates/cve-less/plugins/login-with-phone-number-6f4c822113b8980ad7d9ecbb478cdfd7.yaml new file mode 100644 index 0000000000..bcb28d624d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-phone-number-6f4c822113b8980ad7d9ecbb478cdfd7.yaml @@ -0,0 +1,58 @@ +id: login-with-phone-number-6f4c822113b8980ad7d9ecbb478cdfd7 + +info: + name: > + Login with phone number <= 1.6.93 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2dfe5dd0-0dc9-4c64-8972-045325e5a54f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-phone-number/" + google-query: inurl:"/wp-content/plugins/login-with-phone-number/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-phone-number,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-phone-number/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-phone-number" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.93') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-phone-number-a833ece3f343246705571f6788efd405.yaml b/nuclei-templates/cve-less/plugins/login-with-phone-number-a833ece3f343246705571f6788efd405.yaml new file mode 100644 index 0000000000..cf2d09e28a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-phone-number-a833ece3f343246705571f6788efd405.yaml @@ -0,0 +1,58 @@ +id: login-with-phone-number-a833ece3f343246705571f6788efd405 + +info: + name: > + Login with phone number <= 1.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f76e294-1b17-4125-b85c-af7957de1c13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-phone-number/" + google-query: inurl:"/wp-content/plugins/login-with-phone-number/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-phone-number,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-phone-number/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-phone-number" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-phone-number-ac531ca44d844146efaf8a60c7e71d41.yaml b/nuclei-templates/cve-less/plugins/login-with-phone-number-ac531ca44d844146efaf8a60c7e71d41.yaml new file mode 100644 index 0000000000..77ef6743fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-phone-number-ac531ca44d844146efaf8a60c7e71d41.yaml @@ -0,0 +1,58 @@ +id: login-with-phone-number-ac531ca44d844146efaf8a60c7e71d41 + +info: + name: > + Login with phone number <= 1.7.18 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2756dcf4-715f-4a7b-855c-7347455e0323?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-phone-number/" + google-query: inurl:"/wp-content/plugins/login-with-phone-number/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-phone-number,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-phone-number/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-phone-number" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-phone-number-b9138583e38a18d791c31fb8353403c7.yaml b/nuclei-templates/cve-less/plugins/login-with-phone-number-b9138583e38a18d791c31fb8353403c7.yaml new file mode 100644 index 0000000000..36a40b7809 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-phone-number-b9138583e38a18d791c31fb8353403c7.yaml @@ -0,0 +1,58 @@ +id: login-with-phone-number-b9138583e38a18d791c31fb8353403c7 + +info: + name: > + Login with phone number <= 1.3.6 - Unauthenticated Remote Plugin Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1716ef84-759e-4b40-aaa3-ae6ead41fcb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-phone-number/" + google-query: inurl:"/wp-content/plugins/login-with-phone-number/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-phone-number,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-phone-number/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-phone-number" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-phone-number-ec75720f681f6e8a0dfa73dc2af48726.yaml b/nuclei-templates/cve-less/plugins/login-with-phone-number-ec75720f681f6e8a0dfa73dc2af48726.yaml new file mode 100644 index 0000000000..451796a40e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-phone-number-ec75720f681f6e8a0dfa73dc2af48726.yaml @@ -0,0 +1,58 @@ +id: login-with-phone-number-ec75720f681f6e8a0dfa73dc2af48726 + +info: + name: > + Login with phone number <= 1.5.6 - Cross-Site Request Forgery to User Password Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71083db7-377b-47a1-ac8b-83d8974a2654?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-phone-number/" + google-query: inurl:"/wp-content/plugins/login-with-phone-number/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-phone-number,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-phone-number/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-phone-number" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-yourmembership-5f0a636903de630172f072592f6edff3.yaml b/nuclei-templates/cve-less/plugins/login-with-yourmembership-5f0a636903de630172f072592f6edff3.yaml new file mode 100644 index 0000000000..88197aec40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-yourmembership-5f0a636903de630172f072592f6edff3.yaml @@ -0,0 +1,58 @@ +id: login-with-yourmembership-5f0a636903de630172f072592f6edff3 + +info: + name: > + YourMembership Single Sign On <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4419dc63-24bc-41b1-bea6-6426b6f10577?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-yourmembership/" + google-query: inurl:"/wp-content/plugins/login-with-yourmembership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-yourmembership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-yourmembership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-yourmembership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/login-with-yourmembership-c5fe48358feae544a0b21efff11ac6fd.yaml b/nuclei-templates/cve-less/plugins/login-with-yourmembership-c5fe48358feae544a0b21efff11ac6fd.yaml new file mode 100644 index 0000000000..0d283dc643 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/login-with-yourmembership-c5fe48358feae544a0b21efff11ac6fd.yaml @@ -0,0 +1,58 @@ +id: login-with-yourmembership-c5fe48358feae544a0b21efff11ac6fd + +info: + name: > + YourMembership Single Sign On <= 1.1.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ef64d17-fc52-4d47-aca3-e136245bc114?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/login-with-yourmembership/" + google-query: inurl:"/wp-content/plugins/login-with-yourmembership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,login-with-yourmembership,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/login-with-yourmembership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "login-with-yourmembership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginizer-27753e35f86f0683018abe1867499f91.yaml b/nuclei-templates/cve-less/plugins/loginizer-27753e35f86f0683018abe1867499f91.yaml new file mode 100644 index 0000000000..ad4f047b20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginizer-27753e35f86f0683018abe1867499f91.yaml @@ -0,0 +1,58 @@ +id: loginizer-27753e35f86f0683018abe1867499f91 + +info: + name: > + Loginizer <= 1.3.5 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/595fac73-c583-4712-ad37-fbd0fa3eb147?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginizer/" + google-query: inurl:"/wp-content/plugins/loginizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginizer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginizer-2ab9cce0c78fb172d9887da5c8b47923.yaml b/nuclei-templates/cve-less/plugins/loginizer-2ab9cce0c78fb172d9887da5c8b47923.yaml new file mode 100644 index 0000000000..a73fcbbad7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginizer-2ab9cce0c78fb172d9887da5c8b47923.yaml @@ -0,0 +1,58 @@ +id: loginizer-2ab9cce0c78fb172d9887da5c8b47923 + +info: + name: > + Loginizer <= 1.7.5 - Reflected Cross-Site Scripting via 'name' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/410ae0f1-a4ed-4631-9f80-86b7a403ce0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginizer/" + google-query: inurl:"/wp-content/plugins/loginizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginizer-c17200ba4236119c0958120e5b5ef5cb.yaml b/nuclei-templates/cve-less/plugins/loginizer-c17200ba4236119c0958120e5b5ef5cb.yaml new file mode 100644 index 0000000000..8c1d20b38b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginizer-c17200ba4236119c0958120e5b5ef5cb.yaml @@ -0,0 +1,58 @@ +id: loginizer-c17200ba4236119c0958120e5b5ef5cb + +info: + name: > + Loginizer <= 1.3.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e91c0935-4213-4376-86ec-7ff78808fb9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginizer/" + google-query: inurl:"/wp-content/plugins/loginizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginizer-c30046dfca2652f0c4622a1ba6d544e7.yaml b/nuclei-templates/cve-less/plugins/loginizer-c30046dfca2652f0c4622a1ba6d544e7.yaml new file mode 100644 index 0000000000..306d1f99e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginizer-c30046dfca2652f0c4622a1ba6d544e7.yaml @@ -0,0 +1,58 @@ +id: loginizer-c30046dfca2652f0c4622a1ba6d544e7 + +info: + name: > + Loginizer <= 1.7.8 - Reflected Cross-Site Scripting via 'limit_session[count]' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e6ef932-975c-423b-b780-b38449eec577?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginizer/" + google-query: inurl:"/wp-content/plugins/loginizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginizer-cfd6c4a67043af04f9e4f98a73eab3fa.yaml b/nuclei-templates/cve-less/plugins/loginizer-cfd6c4a67043af04f9e4f98a73eab3fa.yaml new file mode 100644 index 0000000000..264af745eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginizer-cfd6c4a67043af04f9e4f98a73eab3fa.yaml @@ -0,0 +1,58 @@ +id: loginizer-cfd6c4a67043af04f9e4f98a73eab3fa + +info: + name: > + Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a05b1d00-386f-4914-80e6-92d3e9721dc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginizer/" + google-query: inurl:"/wp-content/plugins/loginizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.3.8', '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginizer-dbdf12cf139233f26433b910fe482aa7.yaml b/nuclei-templates/cve-less/plugins/loginizer-dbdf12cf139233f26433b910fe482aa7.yaml new file mode 100644 index 0000000000..a9e4a6c1b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginizer-dbdf12cf139233f26433b910fe482aa7.yaml @@ -0,0 +1,58 @@ +id: loginizer-dbdf12cf139233f26433b910fe482aa7 + +info: + name: > + Loginizer <= 1.7.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11bdcf58-be0c-4fdb-ac15-ee4c3afe7275?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginizer/" + google-query: inurl:"/wp-content/plugins/loginizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginizer-e3a5de57aa22129643a4695275352679.yaml b/nuclei-templates/cve-less/plugins/loginizer-e3a5de57aa22129643a4695275352679.yaml new file mode 100644 index 0000000000..155e66a3bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginizer-e3a5de57aa22129643a4695275352679.yaml @@ -0,0 +1,58 @@ +id: loginizer-e3a5de57aa22129643a4695275352679 + +info: + name: > + Loginizer <= 1.6.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58f8bba4-1be5-4111-aa41-d076a6f06948?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginizer/" + google-query: inurl:"/wp-content/plugins/loginizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginizer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginpress-9e304c0c2d27a9a5e4112a85cbe97828.yaml b/nuclei-templates/cve-less/plugins/loginpress-9e304c0c2d27a9a5e4112a85cbe97828.yaml new file mode 100644 index 0000000000..5da841df76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginpress-9e304c0c2d27a9a5e4112a85cbe97828.yaml @@ -0,0 +1,58 @@ +id: loginpress-9e304c0c2d27a9a5e4112a85cbe97828 + +info: + name: > + LoginPress <= 1.1.15 - Authenticated SQL Injection via Settings Import + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74386b2f-9686-4f55-be30-c02ea8fb12b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginpress/" + google-query: inurl:"/wp-content/plugins/loginpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginpress-bed0cdd535564a50bc24db1db8a6aa5a.yaml b/nuclei-templates/cve-less/plugins/loginpress-bed0cdd535564a50bc24db1db8a6aa5a.yaml new file mode 100644 index 0000000000..7aeb8f2442 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginpress-bed0cdd535564a50bc24db1db8a6aa5a.yaml @@ -0,0 +1,58 @@ +id: loginpress-bed0cdd535564a50bc24db1db8a6aa5a + +info: + name: > + LoginPress <= 1.5.11 - Reflected Cross-Site Scripting via redirect-page Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5df2dfcd-2fda-4f09-bd77-f437422d20bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginpress/" + google-query: inurl:"/wp-content/plugins/loginpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginpress-e364d48aca33a25dca805353038f64e7.yaml b/nuclei-templates/cve-less/plugins/loginpress-e364d48aca33a25dca805353038f64e7.yaml new file mode 100644 index 0000000000..233d4ee72b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginpress-e364d48aca33a25dca805353038f64e7.yaml @@ -0,0 +1,58 @@ +id: loginpress-e364d48aca33a25dca805353038f64e7 + +info: + name: > + LoginPress | Custom Login Page Customizer <= 1.1.13 - Unauthorized Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efbecb4b-fc41-4719-be5e-af11b47ff683?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginpress/" + google-query: inurl:"/wp-content/plugins/loginpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginpress-ff3790cb0753cd7ef435623008e69310.yaml b/nuclei-templates/cve-less/plugins/loginpress-ff3790cb0753cd7ef435623008e69310.yaml new file mode 100644 index 0000000000..c2497dc37d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginpress-ff3790cb0753cd7ef435623008e69310.yaml @@ -0,0 +1,58 @@ +id: loginpress-ff3790cb0753cd7ef435623008e69310 + +info: + name: > + LoginPress | Custom Login Page Customizer <= 1.6.2 - Missing Authorization to Settings Changes + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d212c19d-fca9-4daf-95f4-5b3ac302e817?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginpress/" + google-query: inurl:"/wp-content/plugins/loginpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginpress-pro-2c903b10bdf887533eb269f90c22486a.yaml b/nuclei-templates/cve-less/plugins/loginpress-pro-2c903b10bdf887533eb269f90c22486a.yaml new file mode 100644 index 0000000000..288d6f8b25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginpress-pro-2c903b10bdf887533eb269f90c22486a.yaml @@ -0,0 +1,58 @@ +id: loginpress-pro-2c903b10bdf887533eb269f90c22486a + +info: + name: > + LoginPress Pro < 3.0 - Captcha Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6763d445-0d4f-4ac0-b41a-a30e09fcb21c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginpress-pro/" + google-query: inurl:"/wp-content/plugins/loginpress-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginpress-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginpress-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginpress-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/loginpress-pro-6243447eedf5d12aac34558af1ea267e.yaml b/nuclei-templates/cve-less/plugins/loginpress-pro-6243447eedf5d12aac34558af1ea267e.yaml new file mode 100644 index 0000000000..16f1b594a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/loginpress-pro-6243447eedf5d12aac34558af1ea267e.yaml @@ -0,0 +1,58 @@ +id: loginpress-pro-6243447eedf5d12aac34558af1ea267e + +info: + name: > + LoginPress Pro < 3.0 - Missing Authorization to License Status Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13fb7904-8641-43ae-bcfe-00ca5416e949?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/loginpress-pro/" + google-query: inurl:"/wp-content/plugins/loginpress-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,loginpress-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/loginpress-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "loginpress-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logo-carousel-free-426067a3112463f4371753090e35be9b.yaml b/nuclei-templates/cve-less/plugins/logo-carousel-free-426067a3112463f4371753090e35be9b.yaml new file mode 100644 index 0000000000..9bd559e5c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logo-carousel-free-426067a3112463f4371753090e35be9b.yaml @@ -0,0 +1,58 @@ +id: logo-carousel-free-426067a3112463f4371753090e35be9b + +info: + name: > + Logo Carousel <= 3.4.1 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46828b2a-ed76-4074-9fb4-c36bf0fd012c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logo-carousel-free/" + google-query: inurl:"/wp-content/plugins/logo-carousel-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logo-carousel-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logo-carousel-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logo-carousel-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logo-carousel-free-493a0e85cf8a05291a415d7ac00931ed.yaml b/nuclei-templates/cve-less/plugins/logo-carousel-free-493a0e85cf8a05291a415d7ac00931ed.yaml new file mode 100644 index 0000000000..7383c70f65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logo-carousel-free-493a0e85cf8a05291a415d7ac00931ed.yaml @@ -0,0 +1,58 @@ +id: logo-carousel-free-493a0e85cf8a05291a415d7ac00931ed + +info: + name: > + Logo Carousel <= 3.4.1 - Unauthorised Private Post Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/329a7910-fc9e-4786-9f0e-84eeb6e48bf4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logo-carousel-free/" + google-query: inurl:"/wp-content/plugins/logo-carousel-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logo-carousel-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logo-carousel-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logo-carousel-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logo-scheduler-great-for-holidays-events-and-more-6608e81097680e6fc28899a61a6c4d0d.yaml b/nuclei-templates/cve-less/plugins/logo-scheduler-great-for-holidays-events-and-more-6608e81097680e6fc28899a61a6c4d0d.yaml new file mode 100644 index 0000000000..b768ec477e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logo-scheduler-great-for-holidays-events-and-more-6608e81097680e6fc28899a61a6c4d0d.yaml @@ -0,0 +1,58 @@ +id: logo-scheduler-great-for-holidays-events-and-more-6608e81097680e6fc28899a61a6c4d0d + +info: + name: > + Logo Scheduler <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1647a2c-d21d-4b4b-a22e-32351022404e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logo-scheduler-great-for-holidays-events-and-more/" + google-query: inurl:"/wp-content/plugins/logo-scheduler-great-for-holidays-events-and-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logo-scheduler-great-for-holidays-events-and-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logo-scheduler-great-for-holidays-events-and-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logo-scheduler-great-for-holidays-events-and-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logo-showcase-ultimate-bbfdb718b30267886c66b70ab8a80fee.yaml b/nuclei-templates/cve-less/plugins/logo-showcase-ultimate-bbfdb718b30267886c66b70ab8a80fee.yaml new file mode 100644 index 0000000000..7dd4e1e8f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logo-showcase-ultimate-bbfdb718b30267886c66b70ab8a80fee.yaml @@ -0,0 +1,58 @@ +id: logo-showcase-ultimate-bbfdb718b30267886c66b70ab8a80fee + +info: + name: > + Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.3.8 - Authenticated(Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a63b2091-1502-4d9f-98c4-ce9d2f923dc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logo-showcase-ultimate/" + google-query: inurl:"/wp-content/plugins/logo-showcase-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logo-showcase-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logo-showcase-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logo-showcase-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-3290c8bd01d458a3a1d47adc4e14d07e.yaml b/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-3290c8bd01d458a3a1d47adc4e14d07e.yaml new file mode 100644 index 0000000000..c7c354cb2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-3290c8bd01d458a3a1d47adc4e14d07e.yaml @@ -0,0 +1,58 @@ +id: logo-showcase-with-slick-slider-3290c8bd01d458a3a1d47adc4e14d07e + +info: + name: > + Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86b8844e-5d6f-4bc6-97b2-4ff487bb2188?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logo-showcase-with-slick-slider/" + google-query: inurl:"/wp-content/plugins/logo-showcase-with-slick-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logo-showcase-with-slick-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logo-showcase-with-slick-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logo-showcase-with-slick-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-3a725e62a03f5ade4440af8acdd72f67.yaml b/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-3a725e62a03f5ade4440af8acdd72f67.yaml new file mode 100644 index 0000000000..992788b968 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-3a725e62a03f5ade4440af8acdd72f67.yaml @@ -0,0 +1,58 @@ +id: logo-showcase-with-slick-slider-3a725e62a03f5ade4440af8acdd72f67 + +info: + name: > + Logo Showcase with Slick Slider <= 2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0121ef5-4b0b-47c5-8d3d-7d32c8e67c27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logo-showcase-with-slick-slider/" + google-query: inurl:"/wp-content/plugins/logo-showcase-with-slick-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logo-showcase-with-slick-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logo-showcase-with-slick-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logo-showcase-with-slick-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-5de20b622f7b3426c6426e4d509bd26e.yaml b/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-5de20b622f7b3426c6426e4d509bd26e.yaml new file mode 100644 index 0000000000..a4daf1bc2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logo-showcase-with-slick-slider-5de20b622f7b3426c6426e4d509bd26e.yaml @@ -0,0 +1,58 @@ +id: logo-showcase-with-slick-slider-5de20b622f7b3426c6426e4d509bd26e + +info: + name: > + Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid <= 1.2.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0bfe80d-f9d5-4fc0-a8dd-717c31020b8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logo-showcase-with-slick-slider/" + google-query: inurl:"/wp-content/plugins/logo-showcase-with-slick-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logo-showcase-with-slick-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logo-showcase-with-slick-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logo-showcase-with-slick-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logo-slider-810ed483cc25df9feef2344d7fe0063d.yaml b/nuclei-templates/cve-less/plugins/logo-slider-810ed483cc25df9feef2344d7fe0063d.yaml new file mode 100644 index 0000000000..73256cfd49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logo-slider-810ed483cc25df9feef2344d7fe0063d.yaml @@ -0,0 +1,58 @@ +id: logo-slider-810ed483cc25df9feef2344d7fe0063d + +info: + name: > + Logo Slider <= 1.4.8 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f905c0b-6b70-42bf-bf48-6f4eb785bfb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logo-slider/" + google-query: inurl:"/wp-content/plugins/logo-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logo-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logo-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logo-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logo-slider-wp-c7884dbfd12febc95a975f955686dac3.yaml b/nuclei-templates/cve-less/plugins/logo-slider-wp-c7884dbfd12febc95a975f955686dac3.yaml new file mode 100644 index 0000000000..b7692033ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logo-slider-wp-c7884dbfd12febc95a975f955686dac3.yaml @@ -0,0 +1,58 @@ +id: logo-slider-wp-c7884dbfd12febc95a975f955686dac3 + +info: + name: > + Logo Slider <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/723ed5c7-041f-4e03-83ad-43438e3265a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logo-slider-wp/" + google-query: inurl:"/wp-content/plugins/logo-slider-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logo-slider-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logo-slider-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logo-slider-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/logwpmail-b232a806932eb3a8c3f6cb5279a74846.yaml b/nuclei-templates/cve-less/plugins/logwpmail-b232a806932eb3a8c3f6cb5279a74846.yaml new file mode 100644 index 0000000000..a00ee292fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/logwpmail-b232a806932eb3a8c3f6cb5279a74846.yaml @@ -0,0 +1,58 @@ +id: logwpmail-b232a806932eb3a8c3f6cb5279a74846 + +info: + name: > + Log WP_Mail <= 0.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf11be7a-0b31-46ce-82ce-5a42898a8a10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/logwpmail/" + google-query: inurl:"/wp-content/plugins/logwpmail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,logwpmail,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/logwpmail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "logwpmail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lokalyze-call-now-8dc7d267bfbf58557e7062f8892fe14c.yaml b/nuclei-templates/cve-less/plugins/lokalyze-call-now-8dc7d267bfbf58557e7062f8892fe14c.yaml new file mode 100644 index 0000000000..4e1643afb5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lokalyze-call-now-8dc7d267bfbf58557e7062f8892fe14c.yaml @@ -0,0 +1,58 @@ +id: lokalyze-call-now-8dc7d267bfbf58557e7062f8892fe14c + +info: + name: > + CALL ME NOW <= 3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05828bdc-74aa-4477-9178-f8cc6a34da42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lokalyze-call-now/" + google-query: inurl:"/wp-content/plugins/lokalyze-call-now/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lokalyze-call-now,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lokalyze-call-now/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lokalyze-call-now" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lordicon-interactive-icons-6765d661ee89fff8539766bb02e51a4e.yaml b/nuclei-templates/cve-less/plugins/lordicon-interactive-icons-6765d661ee89fff8539766bb02e51a4e.yaml new file mode 100644 index 0000000000..4cdf7d5ae3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lordicon-interactive-icons-6765d661ee89fff8539766bb02e51a4e.yaml @@ -0,0 +1,58 @@ +id: lordicon-interactive-icons-6765d661ee89fff8539766bb02e51a4e + +info: + name: > + Lordicon Animated Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/485b0f47-fb3c-49f5-8e27-c250879cb75f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lordicon-interactive-icons/" + google-query: inurl:"/wp-content/plugins/lordicon-interactive-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lordicon-interactive-icons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lordicon-interactive-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lordicon-interactive-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/luckywp-scripts-control-4813c58962647ae4a6f05165adf752a7.yaml b/nuclei-templates/cve-less/plugins/luckywp-scripts-control-4813c58962647ae4a6f05165adf752a7.yaml new file mode 100644 index 0000000000..5ed8b17354 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/luckywp-scripts-control-4813c58962647ae4a6f05165adf752a7.yaml @@ -0,0 +1,58 @@ +id: luckywp-scripts-control-4813c58962647ae4a6f05165adf752a7 + +info: + name: > + LuckyWP Scripts Control <= 1.2.1 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ed93c5c-38bb-4e84-8fe8-03dd75b4d9f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/luckywp-scripts-control/" + google-query: inurl:"/wp-content/plugins/luckywp-scripts-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,luckywp-scripts-control,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/luckywp-scripts-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "luckywp-scripts-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/luckywp-scripts-control-def2f7014de695ca135f23616af5b3ad.yaml b/nuclei-templates/cve-less/plugins/luckywp-scripts-control-def2f7014de695ca135f23616af5b3ad.yaml new file mode 100644 index 0000000000..f33dba7051 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/luckywp-scripts-control-def2f7014de695ca135f23616af5b3ad.yaml @@ -0,0 +1,58 @@ +id: luckywp-scripts-control-def2f7014de695ca135f23616af5b3ad + +info: + name: > + LuckyWP Scripts Control <= 1.2.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51c42ca2-cdba-49f5-bea2-83c9b8cf0db7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/luckywp-scripts-control/" + google-query: inurl:"/wp-content/plugins/luckywp-scripts-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,luckywp-scripts-control,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/luckywp-scripts-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "luckywp-scripts-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lws-affiliation-0e3c2a4eb55659f4b696836b1243ae68.yaml b/nuclei-templates/cve-less/plugins/lws-affiliation-0e3c2a4eb55659f4b696836b1243ae68.yaml new file mode 100644 index 0000000000..627c468d24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lws-affiliation-0e3c2a4eb55659f4b696836b1243ae68.yaml @@ -0,0 +1,58 @@ +id: lws-affiliation-0e3c2a4eb55659f4b696836b1243ae68 + +info: + name: > + LWS Affiliation <= 2.2.6 - Unauthenticated Remote/Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7b1871d-9d26-4bdc-bd20-0535143902d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lws-affiliation/" + google-query: inurl:"/wp-content/plugins/lws-affiliation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lws-affiliation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lws-affiliation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lws-affiliation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lws-cleaner-b3b6081b87407dd7552a8c8806c2ebc4.yaml b/nuclei-templates/cve-less/plugins/lws-cleaner-b3b6081b87407dd7552a8c8806c2ebc4.yaml new file mode 100644 index 0000000000..8c0b42dc59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lws-cleaner-b3b6081b87407dd7552a8c8806c2ebc4.yaml @@ -0,0 +1,58 @@ +id: lws-cleaner-b3b6081b87407dd7552a8c8806c2ebc4 + +info: + name: > + LWS Cleaner <= 2.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b89c51fe-c056-4d85-a6e3-6678ed93b9d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lws-cleaner/" + google-query: inurl:"/wp-content/plugins/lws-cleaner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lws-cleaner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lws-cleaner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lws-cleaner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lws-hide-login-7b798e8ca30dadd7d24e9e59ebf40008.yaml b/nuclei-templates/cve-less/plugins/lws-hide-login-7b798e8ca30dadd7d24e9e59ebf40008.yaml new file mode 100644 index 0000000000..fa2f76d86e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lws-hide-login-7b798e8ca30dadd7d24e9e59ebf40008.yaml @@ -0,0 +1,58 @@ +id: lws-hide-login-7b798e8ca30dadd7d24e9e59ebf40008 + +info: + name: > + LWS Hide Login <= 2.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7678b80f-3184-4979-b1f4-25cd75836010?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lws-hide-login/" + google-query: inurl:"/wp-content/plugins/lws-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lws-hide-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lws-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lws-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lws-hide-login-f625397271ed803259763f2838a2e510.yaml b/nuclei-templates/cve-less/plugins/lws-hide-login-f625397271ed803259763f2838a2e510.yaml new file mode 100644 index 0000000000..ced21f46cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lws-hide-login-f625397271ed803259763f2838a2e510.yaml @@ -0,0 +1,58 @@ +id: lws-hide-login-f625397271ed803259763f2838a2e510 + +info: + name: > + LWS Hide Login <= 2.1.8 - Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/532cffdb-16e8-4ced-9477-483c96db343c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lws-hide-login/" + google-query: inurl:"/wp-content/plugins/lws-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lws-hide-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lws-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lws-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lws-optimize-3e81ca2e699abf0578124ace41c312e8.yaml b/nuclei-templates/cve-less/plugins/lws-optimize-3e81ca2e699abf0578124ace41c312e8.yaml new file mode 100644 index 0000000000..88955b174b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lws-optimize-3e81ca2e699abf0578124ace41c312e8.yaml @@ -0,0 +1,58 @@ +id: lws-optimize-3e81ca2e699abf0578124ace41c312e8 + +info: + name: > + LWS Optimize <= 1.9.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c97f7513-188b-434c-8cb1-883bed016848?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lws-optimize/" + google-query: inurl:"/wp-content/plugins/lws-optimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lws-optimize,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lws-optimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lws-optimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lws-tools-057556914142c489ed57ccffe54665f7.yaml b/nuclei-templates/cve-less/plugins/lws-tools-057556914142c489ed57ccffe54665f7.yaml new file mode 100644 index 0000000000..71cb6b7d5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lws-tools-057556914142c489ed57ccffe54665f7.yaml @@ -0,0 +1,58 @@ +id: lws-tools-057556914142c489ed57ccffe54665f7 + +info: + name: > + LWS Tools <= 2.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2dabb790-4f5e-447a-ad65-3f62ac7f6176?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lws-tools/" + google-query: inurl:"/wp-content/plugins/lws-tools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lws-tools,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lws-tools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lws-tools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/lws-tools-595af782abc65d0b72ff181cfebe8b09.yaml b/nuclei-templates/cve-less/plugins/lws-tools-595af782abc65d0b72ff181cfebe8b09.yaml new file mode 100644 index 0000000000..40719c12aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/lws-tools-595af782abc65d0b72ff181cfebe8b09.yaml @@ -0,0 +1,58 @@ +id: lws-tools-595af782abc65d0b72ff181cfebe8b09 + +info: + name: > + LWS Tools <= 2.4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/315dbb77-d872-4cc4-bb4c-9d4763a6ff8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/lws-tools/" + google-query: inurl:"/wp-content/plugins/lws-tools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,lws-tools,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/lws-tools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lws-tools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/m-chart-d65055d7026996d94428cd7d953a60fd.yaml b/nuclei-templates/cve-less/plugins/m-chart-d65055d7026996d94428cd7d953a60fd.yaml new file mode 100644 index 0000000000..cc7172f240 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/m-chart-d65055d7026996d94428cd7d953a60fd.yaml @@ -0,0 +1,58 @@ +id: m-chart-d65055d7026996d94428cd7d953a60fd + +info: + name: > + M Chart <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d2d8ba7-269b-4830-8551-c2291199fb67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/m-chart/" + google-query: inurl:"/wp-content/plugins/m-chart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,m-chart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/m-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "m-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/m-vslider-c02cfcdd0ba606abb55e36d23c78177d.yaml b/nuclei-templates/cve-less/plugins/m-vslider-c02cfcdd0ba606abb55e36d23c78177d.yaml new file mode 100644 index 0000000000..0cee34147a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/m-vslider-c02cfcdd0ba606abb55e36d23c78177d.yaml @@ -0,0 +1,58 @@ +id: m-vslider-c02cfcdd0ba606abb55e36d23c78177d + +info: + name: > + M-vSlider <= 2.1.3 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad6747da-394a-4f63-864d-bd52813fad69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/m-vslider/" + google-query: inurl:"/wp-content/plugins/m-vslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,m-vslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/m-vslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "m-vslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/m-wp-popup-2ef37c350605f8670255f67b27eb34e5.yaml b/nuclei-templates/cve-less/plugins/m-wp-popup-2ef37c350605f8670255f67b27eb34e5.yaml new file mode 100644 index 0000000000..f21d3239fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/m-wp-popup-2ef37c350605f8670255f67b27eb34e5.yaml @@ -0,0 +1,58 @@ +id: m-wp-popup-2ef37c350605f8670255f67b27eb34e5 + +info: + name: > + Popup | Custom Popup Builder <= 1.3.1 - Missing Capabilities Check + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8844c230-162d-46c4-9b34-fc9d18b93f4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/m-wp-popup/" + google-query: inurl:"/wp-content/plugins/m-wp-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,m-wp-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/m-wp-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "m-wp-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/m-wp-popup-86c38c0f05080f78b36fa8b5f954e871.yaml b/nuclei-templates/cve-less/plugins/m-wp-popup-86c38c0f05080f78b36fa8b5f954e871.yaml new file mode 100644 index 0000000000..62c0dc85b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/m-wp-popup-86c38c0f05080f78b36fa8b5f954e871.yaml @@ -0,0 +1,58 @@ +id: m-wp-popup-86c38c0f05080f78b36fa8b5f954e871 + +info: + name: > + Popup | Custom Popup Builder <= 1.3 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f73d5b3-8d7c-43d1-84e4-f8a3976eab8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/m-wp-popup/" + google-query: inurl:"/wp-content/plugins/m-wp-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,m-wp-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/m-wp-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "m-wp-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mabel-shoppable-images-lite-25d30486ae110d12d4fc6bcb4d1b50f5.yaml b/nuclei-templates/cve-less/plugins/mabel-shoppable-images-lite-25d30486ae110d12d4fc6bcb4d1b50f5.yaml new file mode 100644 index 0000000000..ea94c9dd76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mabel-shoppable-images-lite-25d30486ae110d12d4fc6bcb4d1b50f5.yaml @@ -0,0 +1,58 @@ +id: mabel-shoppable-images-lite-25d30486ae110d12d4fc6bcb4d1b50f5 + +info: + name: > + Shoppable Images <= 1.2.3 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e6a78dc-9b67-4ab5-83f9-be82d05d3a13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mabel-shoppable-images-lite/" + google-query: inurl:"/wp-content/plugins/mabel-shoppable-images-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mabel-shoppable-images-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mabel-shoppable-images-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mabel-shoppable-images-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mac-dock-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/mac-dock-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..3f9392634e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mac-dock-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: mac-dock-gallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mac-dock-gallery/" + google-query: inurl:"/wp-content/plugins/mac-dock-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mac-dock-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mac-dock-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mac-dock-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mac-dock-photogallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/mac-dock-photogallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..052cea4e1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mac-dock-photogallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: mac-dock-photogallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mac-dock-photogallery/" + google-query: inurl:"/wp-content/plugins/mac-dock-photogallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mac-dock-photogallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mac-dock-photogallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mac-dock-photogallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mage-eventpress-1e549d9fdcaec4289273d20aedde9604.yaml b/nuclei-templates/cve-less/plugins/mage-eventpress-1e549d9fdcaec4289273d20aedde9604.yaml new file mode 100644 index 0000000000..2c65c9eedd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mage-eventpress-1e549d9fdcaec4289273d20aedde9604.yaml @@ -0,0 +1,58 @@ +id: mage-eventpress-1e549d9fdcaec4289273d20aedde9604 + +info: + name: > + Event Manager for WooCommerce <= 3.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mep_get_option' function + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2f4c1de-7eeb-45c4-bbff-ec85f2cda5aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mage-eventpress/" + google-query: inurl:"/wp-content/plugins/mage-eventpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mage-eventpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mage-eventpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mage-eventpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mage-eventpress-283e8dcbf95766b045e888a0d0963e03.yaml b/nuclei-templates/cve-less/plugins/mage-eventpress-283e8dcbf95766b045e888a0d0963e03.yaml new file mode 100644 index 0000000000..8b4c1415c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mage-eventpress-283e8dcbf95766b045e888a0d0963e03.yaml @@ -0,0 +1,58 @@ +id: mage-eventpress-283e8dcbf95766b045e888a0d0963e03 + +info: + name: > + Event Manager for WooCommerce <= 3.7.7 - Cross-Site Request Forgery leading to Uninstall Form Submission + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af59eb6d-1ffa-4593-9bfc-f910d907f6e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mage-eventpress/" + google-query: inurl:"/wp-content/plugins/mage-eventpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mage-eventpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mage-eventpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mage-eventpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mage-eventpress-2b95a61584d1fb1af349c6d1aaeab17d.yaml b/nuclei-templates/cve-less/plugins/mage-eventpress-2b95a61584d1fb1af349c6d1aaeab17d.yaml new file mode 100644 index 0000000000..9344a59d07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mage-eventpress-2b95a61584d1fb1af349c6d1aaeab17d.yaml @@ -0,0 +1,58 @@ +id: mage-eventpress-2b95a61584d1fb1af349c6d1aaeab17d + +info: + name: > + Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently <= 4.1.1 - Authenticated (Contributor+) PHP Object Injection in mep_event_meta_save + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50812a8b-7d49-41fa-ba50-47d07a4b6caa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mage-eventpress/" + google-query: inurl:"/wp-content/plugins/mage-eventpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mage-eventpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mage-eventpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mage-eventpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mage-eventpress-6a54d7f93d8962555c63afb66d95fb68.yaml b/nuclei-templates/cve-less/plugins/mage-eventpress-6a54d7f93d8962555c63afb66d95fb68.yaml new file mode 100644 index 0000000000..e25d6243fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mage-eventpress-6a54d7f93d8962555c63afb66d95fb68.yaml @@ -0,0 +1,58 @@ +id: mage-eventpress-6a54d7f93d8962555c63afb66d95fb68 + +info: + name: > + Event Manager and Tickets Selling for WooCommerce < 3.5.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e93ccf9d-cd8b-4399-8d2d-c844a23d66c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mage-eventpress/" + google-query: inurl:"/wp-content/plugins/mage-eventpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mage-eventpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mage-eventpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mage-eventpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mage-eventpress-828638ea1963a58b890deaf22836b2cd.yaml b/nuclei-templates/cve-less/plugins/mage-eventpress-828638ea1963a58b890deaf22836b2cd.yaml new file mode 100644 index 0000000000..ef289b4ceb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mage-eventpress-828638ea1963a58b890deaf22836b2cd.yaml @@ -0,0 +1,58 @@ +id: mage-eventpress-828638ea1963a58b890deaf22836b2cd + +info: + name: > + Event Manager and Tickets Selling Plugin for WooCommerce <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9379e1c9-fb83-43e4-af89-898dc0c2216c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mage-eventpress/" + google-query: inurl:"/wp-content/plugins/mage-eventpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mage-eventpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mage-eventpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mage-eventpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mage-eventpress-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/mage-eventpress-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..4f69e0a15f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mage-eventpress-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: mage-eventpress-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mage-eventpress/" + google-query: inurl:"/wp-content/plugins/mage-eventpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mage-eventpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mage-eventpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mage-eventpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/magee-shortcodes-7b378f7b5f801637805b2f7c350d9359.yaml b/nuclei-templates/cve-less/plugins/magee-shortcodes-7b378f7b5f801637805b2f7c350d9359.yaml new file mode 100644 index 0000000000..d8665b94a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/magee-shortcodes-7b378f7b5f801637805b2f7c350d9359.yaml @@ -0,0 +1,58 @@ +id: magee-shortcodes-7b378f7b5f801637805b2f7c350d9359 + +info: + name: > + Magee Shortcodes <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea52bacf-e21d-4ea9-b51b-ee0c37620bf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/magee-shortcodes/" + google-query: inurl:"/wp-content/plugins/magee-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,magee-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magee-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magee-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/magic-action-box-423344ebaf15b72d32ea50cd38a95167.yaml b/nuclei-templates/cve-less/plugins/magic-action-box-423344ebaf15b72d32ea50cd38a95167.yaml new file mode 100644 index 0000000000..b0eb501c29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/magic-action-box-423344ebaf15b72d32ea50cd38a95167.yaml @@ -0,0 +1,58 @@ +id: magic-action-box-423344ebaf15b72d32ea50cd38a95167 + +info: + name: > + Magic Action Box <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce9b908b-1388-41fb-915c-e4e29eaf57ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/magic-action-box/" + google-query: inurl:"/wp-content/plugins/magic-action-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,magic-action-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magic-action-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magic-action-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.17.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/magic-fields-57123cd71067e91d2b8fed604519bb45.yaml b/nuclei-templates/cve-less/plugins/magic-fields-57123cd71067e91d2b8fed604519bb45.yaml new file mode 100644 index 0000000000..99337e2b88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/magic-fields-57123cd71067e91d2b8fed604519bb45.yaml @@ -0,0 +1,58 @@ +id: magic-fields-57123cd71067e91d2b8fed604519bb45 + +info: + name: > + Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via RCCWP_CreateCustomFieldPage.php custom-field-css parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5aa9d6cb-18c8-42e4-a466-cc35c1dc5010?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/magic-fields/" + google-query: inurl:"/wp-content/plugins/magic-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,magic-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magic-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magic-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/magic-fields-83aff6544a7c919044e1d77f749ea1cb.yaml b/nuclei-templates/cve-less/plugins/magic-fields-83aff6544a7c919044e1d77f749ea1cb.yaml new file mode 100644 index 0000000000..52b0713a17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/magic-fields-83aff6544a7c919044e1d77f749ea1cb.yaml @@ -0,0 +1,58 @@ +id: magic-fields-83aff6544a7c919044e1d77f749ea1cb + +info: + name: > + Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via RCCWP_CreateCustomFieldPage.php custom-group-id parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb40f948-1252-4b6d-8c2d-3eb0e1f08987?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/magic-fields/" + google-query: inurl:"/wp-content/plugins/magic-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,magic-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magic-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magic-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/magic-fields-b42951305c8f37d90390c15daed2c5f3.yaml b/nuclei-templates/cve-less/plugins/magic-fields-b42951305c8f37d90390c15daed2c5f3.yaml new file mode 100644 index 0000000000..259ff838a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/magic-fields-b42951305c8f37d90390c15daed2c5f3.yaml @@ -0,0 +1,58 @@ +id: magic-fields-b42951305c8f37d90390c15daed2c5f3 + +info: + name: > + Magic Fields 1 <= 1.7.1 - Cross-Site Scripting via custom-write-panel-id Parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0297b3a-a180-428a-9716-6ecfa5a4de94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/magic-fields/" + google-query: inurl:"/wp-content/plugins/magic-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,magic-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magic-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magic-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/magic-post-thumbnail-f0c24bf90cdba629568a0b0ff9462d8a.yaml b/nuclei-templates/cve-less/plugins/magic-post-thumbnail-f0c24bf90cdba629568a0b0ff9462d8a.yaml new file mode 100644 index 0000000000..b53dbd11b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/magic-post-thumbnail-f0c24bf90cdba629568a0b0ff9462d8a.yaml @@ -0,0 +1,58 @@ +id: magic-post-thumbnail-f0c24bf90cdba629568a0b0ff9462d8a + +info: + name: > + Magic Post Thumbnail <= 4.1.10 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08bbde25-bb9a-469c-83de-b680bb501ad6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/magic-post-thumbnail/" + google-query: inurl:"/wp-content/plugins/magic-post-thumbnail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,magic-post-thumbnail,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magic-post-thumbnail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magic-post-thumbnail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/magic-post-voice-57964eaa7fd52baacb77455232ddda16.yaml b/nuclei-templates/cve-less/plugins/magic-post-voice-57964eaa7fd52baacb77455232ddda16.yaml new file mode 100644 index 0000000000..2b8fe125e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/magic-post-voice-57964eaa7fd52baacb77455232ddda16.yaml @@ -0,0 +1,58 @@ +id: magic-post-voice-57964eaa7fd52baacb77455232ddda16 + +info: + name: > + Magic Post Voice <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46a022ff-7ec8-48bc-b0ae-8e925ea3f361?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/magic-post-voice/" + google-query: inurl:"/wp-content/plugins/magic-post-voice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,magic-post-voice,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magic-post-voice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magic-post-voice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/magical-addons-for-elementor-ff7e8af2c4256f9a091a352140252d3e.yaml b/nuclei-templates/cve-less/plugins/magical-addons-for-elementor-ff7e8af2c4256f9a091a352140252d3e.yaml new file mode 100644 index 0000000000..f87952ff6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/magical-addons-for-elementor-ff7e8af2c4256f9a091a352140252d3e.yaml @@ -0,0 +1,58 @@ +id: magical-addons-for-elementor-ff7e8af2c4256f9a091a352140252d3e + +info: + name: > + Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) <= 1.1.37 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Effect Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/733f5ded-e8cb-4895-b938-889cea32f027?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/magical-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/magical-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,magical-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magical-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magical-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/magical-posts-display-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/magical-posts-display-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..dec71eefa9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/magical-posts-display-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: magical-posts-display-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/magical-posts-display/" + google-query: inurl:"/wp-content/plugins/magical-posts-display/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,magical-posts-display,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magical-posts-display/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magical-posts-display" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/magicform-26a525135ae718590eefdd570c160cb6.yaml b/nuclei-templates/cve-less/plugins/magicform-26a525135ae718590eefdd570c160cb6.yaml new file mode 100644 index 0000000000..aa7791a5ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/magicform-26a525135ae718590eefdd570c160cb6.yaml @@ -0,0 +1,58 @@ +id: magicform-26a525135ae718590eefdd570c160cb6 + +info: + name: > + MagicForm <= 0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21c31df6-7515-48f5-ad74-fe116e836da8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/magicform/" + google-query: inurl:"/wp-content/plugins/magicform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,magicform,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/magicform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magicform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-control-7012db1ab8aed2692530b77526c2d553.yaml b/nuclei-templates/cve-less/plugins/mail-control-7012db1ab8aed2692530b77526c2d553.yaml new file mode 100644 index 0000000000..8552ed6acd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-control-7012db1ab8aed2692530b77526c2d553.yaml @@ -0,0 +1,58 @@ +id: mail-control-7012db1ab8aed2692530b77526c2d553 + +info: + name: > + Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77537eb8-1c84-4702-aba1-727b0de1c3e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-control/" + google-query: inurl:"/wp-content/plugins/mail-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-control,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-integration-365-7fa8eef52402bb269ab6eda7703db35e.yaml b/nuclei-templates/cve-less/plugins/mail-integration-365-7fa8eef52402bb269ab6eda7703db35e.yaml new file mode 100644 index 0000000000..bc5e214548 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-integration-365-7fa8eef52402bb269ab6eda7703db35e.yaml @@ -0,0 +1,58 @@ +id: mail-integration-365-7fa8eef52402bb269ab6eda7703db35e + +info: + name: > + WPO365 | Mail Integration for Office 365 / Outlook <= 1.9.0 - reflected Cross-Site Scripting via error_description + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b3b4b45-5964-490a-991b-c9eb79c670e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-integration-365/" + google-query: inurl:"/wp-content/plugins/mail-integration-365/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-integration-365,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-integration-365/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-integration-365" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-0ae464a32aa65e97054ff65a6cd1aac7.yaml b/nuclei-templates/cve-less/plugins/mail-masta-0ae464a32aa65e97054ff65a6cd1aac7.yaml new file mode 100644 index 0000000000..1ec47a198b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-0ae464a32aa65e97054ff65a6cd1aac7.yaml @@ -0,0 +1,58 @@ +id: mail-masta-0ae464a32aa65e97054ff65a6cd1aac7 + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via list_id parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48075ef0-b3c5-487b-93c2-d3e630742fe4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-2a026b3abf7a570fa9c1168601d16d6c.yaml b/nuclei-templates/cve-less/plugins/mail-masta-2a026b3abf7a570fa9c1168601d16d6c.yaml new file mode 100644 index 0000000000..3026183424 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-2a026b3abf7a570fa9c1168601d16d6c.yaml @@ -0,0 +1,58 @@ +id: mail-masta-2a026b3abf7a570fa9c1168601d16d6c + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via filter_list parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e39810d7-260f-4729-9b11-69dba0e16684?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-346d51a39433f3f2e66028061115352b.yaml b/nuclei-templates/cve-less/plugins/mail-masta-346d51a39433f3f2e66028061115352b.yaml new file mode 100644 index 0000000000..8739052885 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-346d51a39433f3f2e66028061115352b.yaml @@ -0,0 +1,58 @@ +id: mail-masta-346d51a39433f3f2e66028061115352b + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via id parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1653c4e0-c5e5-44c6-a84d-cdd070696ac4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-367d3a73f5196cd91ac495a3ac0b62f5.yaml b/nuclei-templates/cve-less/plugins/mail-masta-367d3a73f5196cd91ac495a3ac0b62f5.yaml new file mode 100644 index 0000000000..6c62ca3404 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-367d3a73f5196cd91ac495a3ac0b62f5.yaml @@ -0,0 +1,58 @@ +id: mail-masta-367d3a73f5196cd91ac495a3ac0b62f5 + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via filter_list parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69ed990e-6c40-49d5-859c-768a5a6a803f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-56b6a95b36a0bf98a099f526d08412cb.yaml b/nuclei-templates/cve-less/plugins/mail-masta-56b6a95b36a0bf98a099f526d08412cb.yaml new file mode 100644 index 0000000000..216894546b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-56b6a95b36a0bf98a099f526d08412cb.yaml @@ -0,0 +1,58 @@ +id: mail-masta-56b6a95b36a0bf98a099f526d08412cb + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via list_id parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f54527ce-8137-4ba9-b4e6-52cea6cfe2da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-61f3e3f11790d6bb7105200ca41924cd.yaml b/nuclei-templates/cve-less/plugins/mail-masta-61f3e3f11790d6bb7105200ca41924cd.yaml new file mode 100644 index 0000000000..16cb725ebc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-61f3e3f11790d6bb7105200ca41924cd.yaml @@ -0,0 +1,58 @@ +id: mail-masta-61f3e3f11790d6bb7105200ca41924cd + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via id parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ba48e88-6e32-428f-9592-bd955e176765?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-71386814122d58a47245526972d56d40.yaml b/nuclei-templates/cve-less/plugins/mail-masta-71386814122d58a47245526972d56d40.yaml new file mode 100644 index 0000000000..925f716dee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-71386814122d58a47245526972d56d40.yaml @@ -0,0 +1,58 @@ +id: mail-masta-71386814122d58a47245526972d56d40 + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via member_id parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d71caa62-6f77-44a6-8645-a27a08a48a78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-882cb2013f62250b85eee3042b3892e0.yaml b/nuclei-templates/cve-less/plugins/mail-masta-882cb2013f62250b85eee3042b3892e0.yaml new file mode 100644 index 0000000000..525e16a519 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-882cb2013f62250b85eee3042b3892e0.yaml @@ -0,0 +1,58 @@ +id: mail-masta-882cb2013f62250b85eee3042b3892e0 + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via subscriber_email parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1eae4fc-85d1-49ff-9f3b-bf0a3f424ee1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-9bb1e384b35298c0d399c7e7719fdf83.yaml b/nuclei-templates/cve-less/plugins/mail-masta-9bb1e384b35298c0d399c7e7719fdf83.yaml new file mode 100644 index 0000000000..13391ccaea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-9bb1e384b35298c0d399c7e7719fdf83.yaml @@ -0,0 +1,58 @@ +id: mail-masta-9bb1e384b35298c0d399c7e7719fdf83 + +info: + name: > + Mail Masta <= 1.0 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d4bbf48-6525-4569-98a6-412f2bfe7628?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-9f041e8fa181897986208bfc1b4d15f9.yaml b/nuclei-templates/cve-less/plugins/mail-masta-9f041e8fa181897986208bfc1b4d15f9.yaml new file mode 100644 index 0000000000..10fc99eca6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-9f041e8fa181897986208bfc1b4d15f9.yaml @@ -0,0 +1,58 @@ +id: mail-masta-9f041e8fa181897986208bfc1b4d15f9 + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via id parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b97c6171-3842-4f2b-adf5-28fc4c0b24bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-a26e581f0f5b31b9784d43dce62a01f2.yaml b/nuclei-templates/cve-less/plugins/mail-masta-a26e581f0f5b31b9784d43dce62a01f2.yaml new file mode 100644 index 0000000000..1113c43fa5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-a26e581f0f5b31b9784d43dce62a01f2.yaml @@ -0,0 +1,58 @@ +id: mail-masta-a26e581f0f5b31b9784d43dce62a01f2 + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via list_id parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d323d28f-280c-49cd-b7f7-3e272ea62549?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-ab348c720a0710e52e24c076c92c0cb1.yaml b/nuclei-templates/cve-less/plugins/mail-masta-ab348c720a0710e52e24c076c92c0cb1.yaml new file mode 100644 index 0000000000..bc1f842ba1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-ab348c720a0710e52e24c076c92c0cb1.yaml @@ -0,0 +1,58 @@ +id: mail-masta-ab348c720a0710e52e24c076c92c0cb1 + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via id parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ade06c00-43b7-48b3-9c9d-4921fb52cc66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-d349201003f1e073b123310455ca065d.yaml b/nuclei-templates/cve-less/plugins/mail-masta-d349201003f1e073b123310455ca065d.yaml new file mode 100644 index 0000000000..1a5300cf67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-d349201003f1e073b123310455ca065d.yaml @@ -0,0 +1,58 @@ +id: mail-masta-d349201003f1e073b123310455ca065d + +info: + name: > + Mail Masta Plugin <= 1.0 - SQL Injection via filter_list + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/977d1ec4-327b-4563-a3b1-ac4fad195eb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-masta-d853b0e423f8ed0a8520b3730f92bb07.yaml b/nuclei-templates/cve-less/plugins/mail-masta-d853b0e423f8ed0a8520b3730f92bb07.yaml new file mode 100644 index 0000000000..67f28ba52d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-masta-d853b0e423f8ed0a8520b3730f92bb07.yaml @@ -0,0 +1,58 @@ +id: mail-masta-d853b0e423f8ed0a8520b3730f92bb07 + +info: + name: > + Mail Masta <= 1.0 - SQL Injection via camp_id parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aade1230-bc25-4391-a85b-7bcf661f8213?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-masta/" + google-query: inurl:"/wp-content/plugins/mail-masta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-masta,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-masta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-masta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-on-update-ff845ece92fe1b8afa1885550aee0170.yaml b/nuclei-templates/cve-less/plugins/mail-on-update-ff845ece92fe1b8afa1885550aee0170.yaml new file mode 100644 index 0000000000..fb3e46f86b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-on-update-ff845ece92fe1b8afa1885550aee0170.yaml @@ -0,0 +1,58 @@ +id: mail-on-update-ff845ece92fe1b8afa1885550aee0170 + +info: + name: > + Mail On Update < 5.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/487d4175-97bf-4c65-9d7d-b83974e9fda9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-on-update/" + google-query: inurl:"/wp-content/plugins/mail-on-update/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-on-update,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-on-update/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-on-update" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-queue-d32496895039dac95c881975dd0681cb.yaml b/nuclei-templates/cve-less/plugins/mail-queue-d32496895039dac95c881975dd0681cb.yaml new file mode 100644 index 0000000000..5480e3024c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-queue-d32496895039dac95c881975dd0681cb.yaml @@ -0,0 +1,58 @@ +id: mail-queue-d32496895039dac95c881975dd0681cb + +info: + name: > + Mail Queue <= 1.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4aaca22-76b9-42ec-a960-65d44d696324?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-queue/" + google-query: inurl:"/wp-content/plugins/mail-queue/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-queue,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-queue/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-queue" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-subscribe-list-04389ec3013ce0dc7cd91731fa525c48.yaml b/nuclei-templates/cve-less/plugins/mail-subscribe-list-04389ec3013ce0dc7cd91731fa525c48.yaml new file mode 100644 index 0000000000..962d303bc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-subscribe-list-04389ec3013ce0dc7cd91731fa525c48.yaml @@ -0,0 +1,58 @@ +id: mail-subscribe-list-04389ec3013ce0dc7cd91731fa525c48 + +info: + name: > + Mail Subscribe List <= 2.1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d10a0372-1ab3-474e-8d5c-33f71fddfe06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-subscribe-list/" + google-query: inurl:"/wp-content/plugins/mail-subscribe-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-subscribe-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-subscribe-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-subscribe-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-subscribe-list-347522eaa82eb43bdeab94627e4d0f98.yaml b/nuclei-templates/cve-less/plugins/mail-subscribe-list-347522eaa82eb43bdeab94627e4d0f98.yaml new file mode 100644 index 0000000000..a27b04df49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-subscribe-list-347522eaa82eb43bdeab94627e4d0f98.yaml @@ -0,0 +1,58 @@ +id: mail-subscribe-list-347522eaa82eb43bdeab94627e4d0f98 + +info: + name: > + Mail Subscribe List <= 2.0.9 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d0782ef-b74e-4540-a11d-280e432fc127?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-subscribe-list/" + google-query: inurl:"/wp-content/plugins/mail-subscribe-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-subscribe-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-subscribe-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-subscribe-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mail-subscribe-list-cabb923e0e757cd8efc2802197c2fa24.yaml b/nuclei-templates/cve-less/plugins/mail-subscribe-list-cabb923e0e757cd8efc2802197c2fa24.yaml new file mode 100644 index 0000000000..c7154e771a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mail-subscribe-list-cabb923e0e757cd8efc2802197c2fa24.yaml @@ -0,0 +1,58 @@ +id: mail-subscribe-list-cabb923e0e757cd8efc2802197c2fa24 + +info: + name: > + Mail Subscribe List <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via smlsubform shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55b39859-b8a0-418b-ae7a-cd42d6e0bf00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mail-subscribe-list/" + google-query: inurl:"/wp-content/plugins/mail-subscribe-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mail-subscribe-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mail-subscribe-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mail-subscribe-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailarchiver-18ddf3d9a880d4adca00df1dc5502132.yaml b/nuclei-templates/cve-less/plugins/mailarchiver-18ddf3d9a880d4adca00df1dc5502132.yaml new file mode 100644 index 0000000000..f895320c8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailarchiver-18ddf3d9a880d4adca00df1dc5502132.yaml @@ -0,0 +1,58 @@ +id: mailarchiver-18ddf3d9a880d4adca00df1dc5502132 + +info: + name: > + MailArchiver <= 2.10.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce330cae-c2f8-42f3-822b-ca24bf46e433?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailarchiver/" + google-query: inurl:"/wp-content/plugins/mailarchiver/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailarchiver,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailarchiver/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailarchiver" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-for-woocommerce-b001a479011d319ceac5f48bfd2e6d39.yaml b/nuclei-templates/cve-less/plugins/mailchimp-for-woocommerce-b001a479011d319ceac5f48bfd2e6d39.yaml new file mode 100644 index 0000000000..c3552bf747 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-for-woocommerce-b001a479011d319ceac5f48bfd2e6d39.yaml @@ -0,0 +1,58 @@ +id: mailchimp-for-woocommerce-b001a479011d319ceac5f48bfd2e6d39 + +info: + name: > + Mailchimp for WooCommerce <= 2.7 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/533bf4ba-5929-475e-ac98-43d97288cdfe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/mailchimp-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-for-woocommerce-f9bc7cdb6ab2ec4c7db8c04c4f500136.yaml b/nuclei-templates/cve-less/plugins/mailchimp-for-woocommerce-f9bc7cdb6ab2ec4c7db8c04c4f500136.yaml new file mode 100644 index 0000000000..86b3edcce4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-for-woocommerce-f9bc7cdb6ab2ec4c7db8c04c4f500136.yaml @@ -0,0 +1,58 @@ +id: mailchimp-for-woocommerce-f9bc7cdb6ab2ec4c7db8c04c4f500136 + +info: + name: > + Mailchimp for WooCommerce <= 2.7.1 - Authenticated (Admin+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/109427de-3b8a-46cc-a888-6fea4f72a31a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/mailchimp-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-for-wp-324bc23c2f374afaaf9c80c2964d5db4.yaml b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-324bc23c2f374afaaf9c80c2964d5db4.yaml new file mode 100644 index 0000000000..99704855a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-324bc23c2f374afaaf9c80c2964d5db4.yaml @@ -0,0 +1,58 @@ +id: mailchimp-for-wp-324bc23c2f374afaaf9c80c2964d5db4 + +info: + name: > + Mailchimp For WP <= 4.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e69254d-d9e4-4b9e-972e-30bb6de86776?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-for-wp/" + google-query: inurl:"/wp-content/plugins/mailchimp-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-for-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-for-wp-b628a5c29017f302cc9e3a317e522425.yaml b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-b628a5c29017f302cc9e3a317e522425.yaml new file mode 100644 index 0000000000..b7cab9e27f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-b628a5c29017f302cc9e3a317e522425.yaml @@ -0,0 +1,58 @@ +id: mailchimp-for-wp-b628a5c29017f302cc9e3a317e522425 + +info: + name: > + MailChimp for WordPress <= 4.0.10 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c074e03-b452-4aea-aa1d-36657ba311e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-for-wp/" + google-query: inurl:"/wp-content/plugins/mailchimp-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-for-wp-be854f0427cbc7550be4b51c5093b09f.yaml b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-be854f0427cbc7550be4b51c5093b09f.yaml new file mode 100644 index 0000000000..646be95006 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-be854f0427cbc7550be4b51c5093b09f.yaml @@ -0,0 +1,58 @@ +id: mailchimp-for-wp-be854f0427cbc7550be4b51c5093b09f + +info: + name: > + MC4WP <= 4.9.9 - Missing Authorization via listen + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f289527-3a89-4db9-887d-fb0980848734?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-for-wp/" + google-query: inurl:"/wp-content/plugins/mailchimp-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-for-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-for-wp-d08e992a9c86b0410a9dd2a576aeae42.yaml b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-d08e992a9c86b0410a9dd2a576aeae42.yaml new file mode 100644 index 0000000000..738899bd98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-for-wp-d08e992a9c86b0410a9dd2a576aeae42.yaml @@ -0,0 +1,58 @@ +id: mailchimp-for-wp-d08e992a9c86b0410a9dd2a576aeae42 + +info: + name: > + MC4WP: Mailchimp for WordPress <= 4.8.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c3dc5fe-b1c8-4581-8100-68d313c3ac20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-for-wp/" + google-query: inurl:"/wp-content/plugins/mailchimp-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-8aaee0ca0357561b8fb5f4652479c99b.yaml b/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-8aaee0ca0357561b8fb5f4652479c99b.yaml new file mode 100644 index 0000000000..c1601367a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-8aaee0ca0357561b8fb5f4652479c99b.yaml @@ -0,0 +1,58 @@ +id: mailchimp-forms-by-mailmunch-8aaee0ca0357561b8fb5f4652479c99b + +info: + name: > + MailChimp Forms by MailMunch <= 3.1.4 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18dd1b86-3206-4cd7-a20b-33240c139aa5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-forms-by-mailmunch/" + google-query: inurl:"/wp-content/plugins/mailchimp-forms-by-mailmunch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-forms-by-mailmunch,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-forms-by-mailmunch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-forms-by-mailmunch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-b6ffb2e5b3bc587f9c59e8240ff1f1b7.yaml b/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-b6ffb2e5b3bc587f9c59e8240ff1f1b7.yaml new file mode 100644 index 0000000000..8722aa7cd0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-b6ffb2e5b3bc587f9c59e8240ff1f1b7.yaml @@ -0,0 +1,58 @@ +id: mailchimp-forms-by-mailmunch-b6ffb2e5b3bc587f9c59e8240ff1f1b7 + +info: + name: > + MailChimp Forms by MailMunch <= 3.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e069678-0c0a-4e4a-b0ee-404f488f9d01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-forms-by-mailmunch/" + google-query: inurl:"/wp-content/plugins/mailchimp-forms-by-mailmunch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-forms-by-mailmunch,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-forms-by-mailmunch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-forms-by-mailmunch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-ee6e6063f9b37d080b9aa6c0cc0d0766.yaml b/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-ee6e6063f9b37d080b9aa6c0cc0d0766.yaml new file mode 100644 index 0000000000..717641365a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-ee6e6063f9b37d080b9aa6c0cc0d0766.yaml @@ -0,0 +1,58 @@ +id: mailchimp-forms-by-mailmunch-ee6e6063f9b37d080b9aa6c0cc0d0766 + +info: + name: > + MailChimp Forms by MailMunch <= 3.1.7 - Cross-Site Request Forgery via Multiple AJAX actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4f96877-406b-4ec0-ac6b-ee1ffdb436e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-forms-by-mailmunch/" + google-query: inurl:"/wp-content/plugins/mailchimp-forms-by-mailmunch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-forms-by-mailmunch,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-forms-by-mailmunch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-forms-by-mailmunch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-ef3aa6c6954785fff0d13c0cd6f5cb85.yaml b/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-ef3aa6c6954785fff0d13c0cd6f5cb85.yaml new file mode 100644 index 0000000000..f729ce5e12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-forms-by-mailmunch-ef3aa6c6954785fff0d13c0cd6f5cb85.yaml @@ -0,0 +1,58 @@ +id: mailchimp-forms-by-mailmunch-ef3aa6c6954785fff0d13c0cd6f5cb85 + +info: + name: > + MailChimp Forms by MailMunch <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac87819d-0ba3-4c30-ae35-e933f7e250a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-forms-by-mailmunch/" + google-query: inurl:"/wp-content/plugins/mailchimp-forms-by-mailmunch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-forms-by-mailmunch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-forms-by-mailmunch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-forms-by-mailmunch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-subscribe-sm-249f3208e9e6f6c1af58b4828d3f6027.yaml b/nuclei-templates/cve-less/plugins/mailchimp-subscribe-sm-249f3208e9e6f6c1af58b4828d3f6027.yaml new file mode 100644 index 0000000000..6f5a1db1fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-subscribe-sm-249f3208e9e6f6c1af58b4828d3f6027.yaml @@ -0,0 +1,58 @@ +id: mailchimp-subscribe-sm-249f3208e9e6f6c1af58b4828d3f6027 + +info: + name: > + MailChimp Subscribe Forms <= 4.0.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86f6e8b8-ebfd-4d9f-a285-9d0aa2e961ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-subscribe-sm/" + google-query: inurl:"/wp-content/plugins/mailchimp-subscribe-sm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-subscribe-sm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-subscribe-sm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-subscribe-sm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-subscribe-sm-cecfff430f19f7261bbe2fd52865b1d7.yaml b/nuclei-templates/cve-less/plugins/mailchimp-subscribe-sm-cecfff430f19f7261bbe2fd52865b1d7.yaml new file mode 100644 index 0000000000..8ee5e00d12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-subscribe-sm-cecfff430f19f7261bbe2fd52865b1d7.yaml @@ -0,0 +1,58 @@ +id: mailchimp-subscribe-sm-cecfff430f19f7261bbe2fd52865b1d7 + +info: + name: > + MailChimp Subscribe Forms <= 4.0.9.3 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aba1ca3a-a937-400b-b175-2ca4e67a107d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-subscribe-sm/" + google-query: inurl:"/wp-content/plugins/mailchimp-subscribe-sm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-subscribe-sm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-subscribe-sm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-subscribe-sm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailchimp-wp-6d25ab79e6e7aca51a4387e7aae24c9c.yaml b/nuclei-templates/cve-less/plugins/mailchimp-wp-6d25ab79e6e7aca51a4387e7aae24c9c.yaml new file mode 100644 index 0000000000..e2603bbc83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailchimp-wp-6d25ab79e6e7aca51a4387e7aae24c9c.yaml @@ -0,0 +1,58 @@ +id: mailchimp-wp-6d25ab79e6e7aca51a4387e7aae24c9c + +info: + name: > + Forms for Mailchimp by Optin Cat <= 2.5.4 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7d5edee-04fb-41e0-be5e-ca3681956d2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailchimp-wp/" + google-query: inurl:"/wp-content/plugins/mailchimp-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailchimp-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailchimp-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailchimp-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailcwp-2e2ba7d6aad1663f173d0b9ff5355c70.yaml b/nuclei-templates/cve-less/plugins/mailcwp-2e2ba7d6aad1663f173d0b9ff5355c70.yaml new file mode 100644 index 0000000000..7c61bec5ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailcwp-2e2ba7d6aad1663f173d0b9ff5355c70.yaml @@ -0,0 +1,58 @@ +id: mailcwp-2e2ba7d6aad1663f173d0b9ff5355c70 + +info: + name: > + MailCWP <= 1.100 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bb430e6-0c30-4c23-874a-f91e25622857?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailcwp/" + google-query: inurl:"/wp-content/plugins/mailcwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailcwp,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailcwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailcwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.100') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailcwp-ed77d9c52a0d8e37bd68e8e975c1dcaf.yaml b/nuclei-templates/cve-less/plugins/mailcwp-ed77d9c52a0d8e37bd68e8e975c1dcaf.yaml new file mode 100644 index 0000000000..d2a210a1be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailcwp-ed77d9c52a0d8e37bd68e8e975c1dcaf.yaml @@ -0,0 +1,58 @@ +id: mailcwp-ed77d9c52a0d8e37bd68e8e975c1dcaf + +info: + name: > + MailCWP <= 1.100 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e32ff58-e205-4c81-82d1-2a1048256747?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailcwp/" + google-query: inurl:"/wp-content/plugins/mailcwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailcwp,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailcwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailcwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.100') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailin-9be87992402232973e6ef9a016dc8c48.yaml b/nuclei-templates/cve-less/plugins/mailin-9be87992402232973e6ef9a016dc8c48.yaml new file mode 100644 index 0000000000..ce8140f8f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailin-9be87992402232973e6ef9a016dc8c48.yaml @@ -0,0 +1,58 @@ +id: mailin-9be87992402232973e6ef9a016dc8c48 + +info: + name: > + Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.60 - Reflected Cross-Site Scripting via 'lang' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6ad08fb-d029-4f84-818c-911ae2d97f33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailin/" + google-query: inurl:"/wp-content/plugins/mailin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.60') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailin-d7263c48cb93df306029f0ae2e2d9062.yaml b/nuclei-templates/cve-less/plugins/mailin-d7263c48cb93df306029f0ae2e2d9062.yaml new file mode 100644 index 0000000000..e6a36b8a52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailin-d7263c48cb93df306029f0ae2e2d9062.yaml @@ -0,0 +1,58 @@ +id: mailin-d7263c48cb93df306029f0ae2e2d9062 + +info: + name: > + Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.30 - Reflected Cross-Site Scripting via lang & pid Parameters + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8173596d-a127-4dc1-a72a-640381536c67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailin/" + google-query: inurl:"/wp-content/plugins/mailin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailin-ebd2e4e996f9584103cdb7fb70162996.yaml b/nuclei-templates/cve-less/plugins/mailin-ebd2e4e996f9584103cdb7fb70162996.yaml new file mode 100644 index 0000000000..0c50647b38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailin-ebd2e4e996f9584103cdb7fb70162996.yaml @@ -0,0 +1,58 @@ +id: mailin-ebd2e4e996f9584103cdb7fb70162996 + +info: + name: > + Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue <= 3.1.24 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31aa4f8b-954c-410e-9f18-c1e62dd9850b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailin/" + google-query: inurl:"/wp-content/plugins/mailin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailmunch-030709cd098214238b78a48c4d533dc2.yaml b/nuclei-templates/cve-less/plugins/mailmunch-030709cd098214238b78a48c4d533dc2.yaml new file mode 100644 index 0000000000..099770fc7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailmunch-030709cd098214238b78a48c4d533dc2.yaml @@ -0,0 +1,58 @@ +id: mailmunch-030709cd098214238b78a48c4d533dc2 + +info: + name: > + MailMunch – Grow your Email List <= 3.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6409626-c8cb-412c-aff3-cbb2da212e5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailmunch/" + google-query: inurl:"/wp-content/plugins/mailmunch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailmunch,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailmunch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailmunch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailmunch-827f2e843a499f08614a8388df30f388.yaml b/nuclei-templates/cve-less/plugins/mailmunch-827f2e843a499f08614a8388df30f388.yaml new file mode 100644 index 0000000000..16281410c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailmunch-827f2e843a499f08614a8388df30f388.yaml @@ -0,0 +1,58 @@ +id: mailmunch-827f2e843a499f08614a8388df30f388 + +info: + name: > + MailMunch – Grow your Email List <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b27201c7-453b-4953-b364-42ca7bf012f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailmunch/" + google-query: inurl:"/wp-content/plugins/mailmunch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailmunch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailmunch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailmunch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailoptin-845e9efdcaa8e86ee95dfb613d1c9636.yaml b/nuclei-templates/cve-less/plugins/mailoptin-845e9efdcaa8e86ee95dfb613d1c9636.yaml new file mode 100644 index 0000000000..3ef3aafa8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailoptin-845e9efdcaa8e86ee95dfb613d1c9636.yaml @@ -0,0 +1,58 @@ +id: mailoptin-845e9efdcaa8e86ee95dfb613d1c9636 + +info: + name: > + MailOptin <= 1.2.49.0 - Missing Authorization to Cache Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/197efd6a-b0f4-459d-b7e5-f8ff5b5e3003?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailoptin/" + google-query: inurl:"/wp-content/plugins/mailoptin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailoptin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailoptin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailoptin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.49.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailoptin-d4435c597b00bf3290ee73c887974569.yaml b/nuclei-templates/cve-less/plugins/mailoptin-d4435c597b00bf3290ee73c887974569.yaml new file mode 100644 index 0000000000..97512aae4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailoptin-d4435c597b00bf3290ee73c887974569.yaml @@ -0,0 +1,58 @@ +id: mailoptin-d4435c597b00bf3290ee73c887974569 + +info: + name: > + MailOptin <= 1.2.54.0 - Authenticated (Admin+) Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e7741d1-8b30-460d-bf1b-edc475841c71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailoptin/" + google-query: inurl:"/wp-content/plugins/mailoptin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailoptin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailoptin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailoptin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.2.54.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailpoet-0fa38d6cfad2289f1e8e6d314fc29ef3.yaml b/nuclei-templates/cve-less/plugins/mailpoet-0fa38d6cfad2289f1e8e6d314fc29ef3.yaml new file mode 100644 index 0000000000..8251ec3b5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailpoet-0fa38d6cfad2289f1e8e6d314fc29ef3.yaml @@ -0,0 +1,58 @@ +id: mailpoet-0fa38d6cfad2289f1e8e6d314fc29ef3 + +info: + name: > + MailPoet – emails and newsletters in WordPress <= 3.23.1 - Reflected Cross-Site Scripting via URL parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/075e64fb-acaf-4f0f-bbc8-db7855184970?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailpoet/" + google-query: inurl:"/wp-content/plugins/mailpoet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailpoet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailpoet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailpoet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.23.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailpress-d27df5a411c6747f235668cfd972f89f.yaml b/nuclei-templates/cve-less/plugins/mailpress-d27df5a411c6747f235668cfd972f89f.yaml new file mode 100644 index 0000000000..61b9bc145c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailpress-d27df5a411c6747f235668cfd972f89f.yaml @@ -0,0 +1,58 @@ +id: mailpress-d27df5a411c6747f235668cfd972f89f + +info: + name: > + MailPress <= 7.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e84e7d6e-9ec9-49f9-90e3-19ac499264ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailpress/" + google-query: inurl:"/wp-content/plugins/mailpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailrelay-7e1bdcdaf0857c4f5a72b941792723cd.yaml b/nuclei-templates/cve-less/plugins/mailrelay-7e1bdcdaf0857c4f5a72b941792723cd.yaml new file mode 100644 index 0000000000..39d2d38fb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailrelay-7e1bdcdaf0857c4f5a72b941792723cd.yaml @@ -0,0 +1,58 @@ +id: mailrelay-7e1bdcdaf0857c4f5a72b941792723cd + +info: + name: > + Mailrelay <= 2.1.1 - Cross-Site Request Forgery via render_admin_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c07a2fe-97b1-45ec-bbd9-9353d679ed49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailrelay/" + google-query: inurl:"/wp-content/plugins/mailrelay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailrelay,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailrelay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailrelay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailster-5f27f34098a0ef0f61990648a8a5b251.yaml b/nuclei-templates/cve-less/plugins/mailster-5f27f34098a0ef0f61990648a8a5b251.yaml new file mode 100644 index 0000000000..4689c9fe2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailster-5f27f34098a0ef0f61990648a8a5b251.yaml @@ -0,0 +1,58 @@ +id: mailster-5f27f34098a0ef0f61990648a8a5b251 + +info: + name: > + Mailster <= 1.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc030c9a-3cda-4eb8-9a7f-94a4b65a4272?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailster/" + google-query: inurl:"/wp-content/plugins/mailster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailster-9b8d56fa1a52c124371a7a0f3bf72770.yaml b/nuclei-templates/cve-less/plugins/mailster-9b8d56fa1a52c124371a7a0f3bf72770.yaml new file mode 100644 index 0000000000..2bcc459ede --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailster-9b8d56fa1a52c124371a7a0f3bf72770.yaml @@ -0,0 +1,58 @@ +id: mailster-9b8d56fa1a52c124371a7a0f3bf72770 + +info: + name: > + Mailster <= 4.0.6 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/121160a3-b090-4a33-9615-fa4626631bec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailster/" + google-query: inurl:"/wp-content/plugins/mailster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mailtree-log-mail-a3abf4c0cdeac928831983eccfebc62a.yaml b/nuclei-templates/cve-less/plugins/mailtree-log-mail-a3abf4c0cdeac928831983eccfebc62a.yaml new file mode 100644 index 0000000000..baa479cf5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mailtree-log-mail-a3abf4c0cdeac928831983eccfebc62a.yaml @@ -0,0 +1,58 @@ +id: mailtree-log-mail-a3abf4c0cdeac928831983eccfebc62a + +info: + name: > + Mailtree Log Mail <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting via Email Subject + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24d0229c-0f1b-42df-b89a-ce0b8a3fda7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mailtree-log-mail/" + google-query: inurl:"/wp-content/plugins/mailtree-log-mail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mailtree-log-mail,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mailtree-log-mail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mailtree-log-mail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maintenance-488c9d125819772b803e742156124a9a.yaml b/nuclei-templates/cve-less/plugins/maintenance-488c9d125819772b803e742156124a9a.yaml new file mode 100644 index 0000000000..3d738a47d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maintenance-488c9d125819772b803e742156124a9a.yaml @@ -0,0 +1,58 @@ +id: maintenance-488c9d125819772b803e742156124a9a + +info: + name: > + Maintenance <= 4.02 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0dfa035-78fe-426f-a018-7bb2f22f0dd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maintenance/" + google-query: inurl:"/wp-content/plugins/maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maintenance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.03') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maintenance-page-12f99afa0343fc6e2ca09d9458b97d59.yaml b/nuclei-templates/cve-less/plugins/maintenance-page-12f99afa0343fc6e2ca09d9458b97d59.yaml new file mode 100644 index 0000000000..cd22a9e940 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maintenance-page-12f99afa0343fc6e2ca09d9458b97d59.yaml @@ -0,0 +1,58 @@ +id: maintenance-page-12f99afa0343fc6e2ca09d9458b97d59 + +info: + name: > + Maintenance Page <= 1.0.8 - Security Mechanism Bypass via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/653bf021-370d-4787-9ded-c5c915aed1d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maintenance-page/" + google-query: inurl:"/wp-content/plugins/maintenance-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maintenance-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maintenance-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maintenance-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maintenance-page-7a445b6bbe1f19472fb82aa1ab2d7a3a.yaml b/nuclei-templates/cve-less/plugins/maintenance-page-7a445b6bbe1f19472fb82aa1ab2d7a3a.yaml new file mode 100644 index 0000000000..2043486cee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maintenance-page-7a445b6bbe1f19472fb82aa1ab2d7a3a.yaml @@ -0,0 +1,58 @@ +id: maintenance-page-7a445b6bbe1f19472fb82aa1ab2d7a3a + +info: + name: > + Maintenance Page <= 1.0.8 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fce54b1-e1e6-4742-9eb3-bbfb613ccd70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maintenance-page/" + google-query: inurl:"/wp-content/plugins/maintenance-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maintenance-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maintenance-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maintenance-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maintenance-switch-3615938f0921b802185b621340537010.yaml b/nuclei-templates/cve-less/plugins/maintenance-switch-3615938f0921b802185b621340537010.yaml new file mode 100644 index 0000000000..a8082ee1b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maintenance-switch-3615938f0921b802185b621340537010.yaml @@ -0,0 +1,58 @@ +id: maintenance-switch-3615938f0921b802185b621340537010 + +info: + name: > + Maintenance Switch <= 1.5.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a81d3b09-b8dd-4697-ab43-c863e8d1e1d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maintenance-switch/" + google-query: inurl:"/wp-content/plugins/maintenance-switch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maintenance-switch,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maintenance-switch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maintenance-switch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maintenance-switch-ebae4a3aba29339c7b56a2e57218464c.yaml b/nuclei-templates/cve-less/plugins/maintenance-switch-ebae4a3aba29339c7b56a2e57218464c.yaml new file mode 100644 index 0000000000..376dcb9603 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maintenance-switch-ebae4a3aba29339c7b56a2e57218464c.yaml @@ -0,0 +1,58 @@ +id: maintenance-switch-ebae4a3aba29339c7b56a2e57218464c + +info: + name: > + Maintenance Switch <= 1.5.2 - Cross-Site Request Forgery via 'admin_action_request' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f14f19d-95b3-474b-a2ea-d846c85644cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maintenance-switch/" + google-query: inurl:"/wp-content/plugins/maintenance-switch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maintenance-switch,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maintenance-switch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maintenance-switch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-373c4ea18f9baeef2872a78ab527c078.yaml b/nuclei-templates/cve-less/plugins/mainwp-373c4ea18f9baeef2872a78ab527c078.yaml new file mode 100644 index 0000000000..f78901420c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-373c4ea18f9baeef2872a78ab527c078.yaml @@ -0,0 +1,58 @@ +id: mainwp-373c4ea18f9baeef2872a78ab527c078 + +info: + name: > + MainWP <= 4.4.3.3 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/791a7063-fb1e-4147-b253-8baf889307c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp/" + google-query: inurl:"/wp-content/plugins/mainwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-519db4fde18bf40cf63b23505a4840eb.yaml b/nuclei-templates/cve-less/plugins/mainwp-519db4fde18bf40cf63b23505a4840eb.yaml new file mode 100644 index 0000000000..cd6c6f71e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-519db4fde18bf40cf63b23505a4840eb.yaml @@ -0,0 +1,58 @@ +id: mainwp-519db4fde18bf40cf63b23505a4840eb + +info: + name: > + MainWP Dashboard <= 4.5.1.2 - Authenticated(Administrator+) CSS Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73980a90-bb17-46e4-a0ea-691f80500fe3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp/" + google-query: inurl:"/wp-content/plugins/mainwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-branding-extension-d432b5b11d667b6f9fe5cd55370cdb88.yaml b/nuclei-templates/cve-less/plugins/mainwp-branding-extension-d432b5b11d667b6f9fe5cd55370cdb88.yaml new file mode 100644 index 0000000000..7b831c8ee5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-branding-extension-d432b5b11d667b6f9fe5cd55370cdb88.yaml @@ -0,0 +1,58 @@ +id: mainwp-branding-extension-d432b5b11d667b6f9fe5cd55370cdb88 + +info: + name: > + MainWP White Label Extension <= 4.1.1 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/416da317-61dc-42b5-9ade-fa41e844263b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-branding-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-branding-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-branding-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-branding-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-branding-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-broken-links-checker-extension-f0fbe6fb8cd2394ff4cf5755f2e3ce65.yaml b/nuclei-templates/cve-less/plugins/mainwp-broken-links-checker-extension-f0fbe6fb8cd2394ff4cf5755f2e3ce65.yaml new file mode 100644 index 0000000000..153d5bd99c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-broken-links-checker-extension-f0fbe6fb8cd2394ff4cf5755f2e3ce65.yaml @@ -0,0 +1,58 @@ +id: mainwp-broken-links-checker-extension-f0fbe6fb8cd2394ff4cf5755f2e3ce65 + +info: + name: > + MainWP Broken Link Checker <= 4.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/073a3b48-7c21-4511-a8e4-3443ef05fd0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-broken-links-checker-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-broken-links-checker-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-broken-links-checker-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-broken-links-checker-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-broken-links-checker-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-buddy-extension-88e0ecb64f4709b7a4173b13eb85c3b6.yaml b/nuclei-templates/cve-less/plugins/mainwp-buddy-extension-88e0ecb64f4709b7a4173b13eb85c3b6.yaml new file mode 100644 index 0000000000..8101edfec6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-buddy-extension-88e0ecb64f4709b7a4173b13eb85c3b6.yaml @@ -0,0 +1,58 @@ +id: mainwp-buddy-extension-88e0ecb64f4709b7a4173b13eb85c3b6 + +info: + name: > + MainWP Buddy Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d017b2c-1e15-401a-ae57-4653ca41b7e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-buddy-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-buddy-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-buddy-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-buddy-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-buddy-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-child-02abc776653c0e9d69b2d7bbbb0997b8.yaml b/nuclei-templates/cve-less/plugins/mainwp-child-02abc776653c0e9d69b2d7bbbb0997b8.yaml new file mode 100644 index 0000000000..eabc470009 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-child-02abc776653c0e9d69b2d7bbbb0997b8.yaml @@ -0,0 +1,58 @@ +id: mainwp-child-02abc776653c0e9d69b2d7bbbb0997b8 + +info: + name: > + MainWP Child <= 4.4.1.1 - Information Disclosure via Back-Up Files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1fadba1-674f-4f3d-997f-d29d3a887414?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-child/" + google-query: inurl:"/wp-content/plugins/mainwp-child/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-child,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-child/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-child" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-child-f00ee035f691e855432693cfeab4496d.yaml b/nuclei-templates/cve-less/plugins/mainwp-child-f00ee035f691e855432693cfeab4496d.yaml new file mode 100644 index 0000000000..f3025a6277 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-child-f00ee035f691e855432693cfeab4496d.yaml @@ -0,0 +1,58 @@ +id: mainwp-child-f00ee035f691e855432693cfeab4496d + +info: + name: > + MainWP Child <= 4.1.7.1 - SQL Injection via orderby, order Parameters + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a303875-ad8c-40ed-a3ab-4a63080c9845?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-child/" + google-query: inurl:"/wp-content/plugins/mainwp-child/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-child,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-child/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-child" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-child-reports-b48bd5a9b387deec2652bf65a2f60d36.yaml b/nuclei-templates/cve-less/plugins/mainwp-child-reports-b48bd5a9b387deec2652bf65a2f60d36.yaml new file mode 100644 index 0000000000..9cf48dcef9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-child-reports-b48bd5a9b387deec2652bf65a2f60d36.yaml @@ -0,0 +1,58 @@ +id: mainwp-child-reports-b48bd5a9b387deec2652bf65a2f60d36 + +info: + name: > + MainWP Child Reports <= 2.0.7 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff3aa112-bee2-485f-b5a1-ad156662ab03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-child-reports/" + google-query: inurl:"/wp-content/plugins/mainwp-child-reports/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-child-reports,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-child-reports/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-child-reports" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-child-reports-ca770a3a0e8cd6c16a964b242179e2c5.yaml b/nuclei-templates/cve-less/plugins/mainwp-child-reports-ca770a3a0e8cd6c16a964b242179e2c5.yaml new file mode 100644 index 0000000000..8be3954721 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-child-reports-ca770a3a0e8cd6c16a964b242179e2c5.yaml @@ -0,0 +1,58 @@ +id: mainwp-child-reports-ca770a3a0e8cd6c16a964b242179e2c5 + +info: + name: > + MainWP Child Reports <= 2.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2edd9774-753b-49a4-9f7b-281829a1030e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-child-reports/" + google-query: inurl:"/wp-content/plugins/mainwp-child-reports/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-child-reports,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-child-reports/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-child-reports" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-clone-extension-cacc6911c40efb999d1fe86f0d0191d6.yaml b/nuclei-templates/cve-less/plugins/mainwp-clone-extension-cacc6911c40efb999d1fe86f0d0191d6.yaml new file mode 100644 index 0000000000..766ed1a987 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-clone-extension-cacc6911c40efb999d1fe86f0d0191d6.yaml @@ -0,0 +1,58 @@ +id: mainwp-clone-extension-cacc6911c40efb999d1fe86f0d0191d6 + +info: + name: > + MainWP Clone Extension <= 4.0.2 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a7345a1-ceb5-4f93-a6ba-13e8b8fb6c7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-clone-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-clone-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-clone-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-clone-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-clone-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-8f1eedab61ce04ff36cedd6b1737dcab.yaml b/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-8f1eedab61ce04ff36cedd6b1737dcab.yaml new file mode 100644 index 0000000000..c7c6a2d647 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-8f1eedab61ce04ff36cedd6b1737dcab.yaml @@ -0,0 +1,58 @@ +id: mainwp-code-snippets-extension-8f1eedab61ce04ff36cedd6b1737dcab + +info: + name: > + MainWP Code Snippets Extension <= 4.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36ca4534-1abe-4f28-8672-f183c7578ab2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-code-snippets-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-code-snippets-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-code-snippets-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-code-snippets-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-code-snippets-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-ebaaeb684636cb787d78e7b3c484407e.yaml b/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-ebaaeb684636cb787d78e7b3c484407e.yaml new file mode 100644 index 0000000000..4d64e0f76a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-ebaaeb684636cb787d78e7b3c484407e.yaml @@ -0,0 +1,58 @@ +id: mainwp-code-snippets-extension-ebaaeb684636cb787d78e7b3c484407e + +info: + name: > + MainWP Code Snippets Extension <= 4.0.2 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f55e0471-664c-4fb4-8776-0c8312d8327b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-code-snippets-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-code-snippets-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-code-snippets-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-code-snippets-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-code-snippets-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-f6463e889774b4038473eb08cfdfa039.yaml b/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-f6463e889774b4038473eb08cfdfa039.yaml new file mode 100644 index 0000000000..9464cf364e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-code-snippets-extension-f6463e889774b4038473eb08cfdfa039.yaml @@ -0,0 +1,58 @@ +id: mainwp-code-snippets-extension-f6463e889774b4038473eb08cfdfa039 + +info: + name: > + MainWP Code Snippets Extension <= 4.0.2 - Authenticated (Subscriber+) PHP Code Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2d87a05-81a7-40d9-a60f-94a4d88bf87a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-code-snippets-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-code-snippets-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-code-snippets-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-code-snippets-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-code-snippets-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-comments-extension-3b5c9ebf6b5cbb215fd772c13336a403.yaml b/nuclei-templates/cve-less/plugins/mainwp-comments-extension-3b5c9ebf6b5cbb215fd772c13336a403.yaml new file mode 100644 index 0000000000..7f376555ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-comments-extension-3b5c9ebf6b5cbb215fd772c13336a403.yaml @@ -0,0 +1,58 @@ +id: mainwp-comments-extension-3b5c9ebf6b5cbb215fd772c13336a403 + +info: + name: > + MainWP Comments Extension <= 4.0.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0979a15-5fa9-4024-81a8-3555d6f73e61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-comments-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-comments-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-comments-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-comments-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-comments-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-db895078637698aba713d17b02ab863a.yaml b/nuclei-templates/cve-less/plugins/mainwp-db895078637698aba713d17b02ab863a.yaml new file mode 100644 index 0000000000..6bd4105c08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-db895078637698aba713d17b02ab863a.yaml @@ -0,0 +1,58 @@ +id: mainwp-db895078637698aba713d17b02ab863a + +info: + name: > + MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c2d9569-a551-46f5-8581-464b9f35b71c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp/" + google-query: inurl:"/wp-content/plugins/mainwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-file-uploader-extension-18f9f53e2e66e0e510b2dccb3d10627d.yaml b/nuclei-templates/cve-less/plugins/mainwp-file-uploader-extension-18f9f53e2e66e0e510b2dccb3d10627d.yaml new file mode 100644 index 0000000000..bb18b32622 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-file-uploader-extension-18f9f53e2e66e0e510b2dccb3d10627d.yaml @@ -0,0 +1,58 @@ +id: mainwp-file-uploader-extension-18f9f53e2e66e0e510b2dccb3d10627d + +info: + name: > + MainWP File Uploader Extension <= 4.1 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ec02202-18e3-4a57-be2c-7dbf50e500dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-file-uploader-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-file-uploader-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-file-uploader-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-file-uploader-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-file-uploader-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-file-uploader-extension-ef3286d81d94e9b713e6b4a272249cba.yaml b/nuclei-templates/cve-less/plugins/mainwp-file-uploader-extension-ef3286d81d94e9b713e6b4a272249cba.yaml new file mode 100644 index 0000000000..63c2c9c27c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-file-uploader-extension-ef3286d81d94e9b713e6b4a272249cba.yaml @@ -0,0 +1,58 @@ +id: mainwp-file-uploader-extension-ef3286d81d94e9b713e6b4a272249cba + +info: + name: > + MainWP File Uploader Extension <= 4.1 - Authenticated (Subscriber+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a0faf14-77bf-4776-8685-12a348a4a6c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-file-uploader-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-file-uploader-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-file-uploader-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-file-uploader-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-file-uploader-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-google-analytics-extension-3959344c0c7e5999442d4341d93fe901.yaml b/nuclei-templates/cve-less/plugins/mainwp-google-analytics-extension-3959344c0c7e5999442d4341d93fe901.yaml new file mode 100644 index 0000000000..8c1febfe8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-google-analytics-extension-3959344c0c7e5999442d4341d93fe901.yaml @@ -0,0 +1,58 @@ +id: mainwp-google-analytics-extension-3959344c0c7e5999442d4341d93fe901 + +info: + name: > + MainWP Google Analytics Extension <= 4.0.4 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a44cde91-2f4d-40f1-98a1-ee6ed94c0155?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-google-analytics-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-google-analytics-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-google-analytics-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-google-analytics-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-google-analytics-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-google-analytics-extension-49a8bd4f442f3ed7ef68fc2e1242b1b6.yaml b/nuclei-templates/cve-less/plugins/mainwp-google-analytics-extension-49a8bd4f442f3ed7ef68fc2e1242b1b6.yaml new file mode 100644 index 0000000000..97a45afb6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-google-analytics-extension-49a8bd4f442f3ed7ef68fc2e1242b1b6.yaml @@ -0,0 +1,58 @@ +id: mainwp-google-analytics-extension-49a8bd4f442f3ed7ef68fc2e1242b1b6 + +info: + name: > + MainWP Google Analytics Extension <= 4.0.4 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11fd8768-0168-4e3b-9c2d-659fc4101a73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-google-analytics-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-google-analytics-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-google-analytics-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-google-analytics-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-google-analytics-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-ithemes-security-extension-aab60d7e635c7cb328946a00c5cb0802.yaml b/nuclei-templates/cve-less/plugins/mainwp-ithemes-security-extension-aab60d7e635c7cb328946a00c5cb0802.yaml new file mode 100644 index 0000000000..5c970a24e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-ithemes-security-extension-aab60d7e635c7cb328946a00c5cb0802.yaml @@ -0,0 +1,58 @@ +id: mainwp-ithemes-security-extension-aab60d7e635c7cb328946a00c5cb0802 + +info: + name: > + MainWP iThemes Security Extension <= 4.1.1 - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa6adda7-5eba-483c-a759-6f8a92da75e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-ithemes-security-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-ithemes-security-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-ithemes-security-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-ithemes-security-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-ithemes-security-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.1.1.') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-links-manager-extension-9731ebff7e31801f5a40ae7c87af6896.yaml b/nuclei-templates/cve-less/plugins/mainwp-links-manager-extension-9731ebff7e31801f5a40ae7c87af6896.yaml new file mode 100644 index 0000000000..2939a8c208 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-links-manager-extension-9731ebff7e31801f5a40ae7c87af6896.yaml @@ -0,0 +1,58 @@ +id: mainwp-links-manager-extension-9731ebff7e31801f5a40ae7c87af6896 + +info: + name: > + MainWP Links Manager Extension <= 2.1 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c269233-f2dc-42ef-98be-78600f90e87d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-links-manager-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-links-manager-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-links-manager-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-links-manager-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-links-manager-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-maintenance-extension-04f298147815233cd89825cce559844d.yaml b/nuclei-templates/cve-less/plugins/mainwp-maintenance-extension-04f298147815233cd89825cce559844d.yaml new file mode 100644 index 0000000000..d319a0d0ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-maintenance-extension-04f298147815233cd89825cce559844d.yaml @@ -0,0 +1,58 @@ +id: mainwp-maintenance-extension-04f298147815233cd89825cce559844d + +info: + name: > + MainWP Maintenance Extension <= 4.1.1 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22755d65-d187-438a-9a3f-e7d38497282b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-maintenance-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-maintenance-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-maintenance-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-maintenance-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-maintenance-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-page-speed-extension-1700178605ea1a028eb5734d4a1eaad7.yaml b/nuclei-templates/cve-less/plugins/mainwp-page-speed-extension-1700178605ea1a028eb5734d4a1eaad7.yaml new file mode 100644 index 0000000000..cd72898a12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-page-speed-extension-1700178605ea1a028eb5734d4a1eaad7.yaml @@ -0,0 +1,58 @@ +id: mainwp-page-speed-extension-1700178605ea1a028eb5734d4a1eaad7 + +info: + name: > + MainWP Page Speed Extension <= 4.0.2 - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fdb93fa-e9b4-4d00-8bb3-ff171a916b65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-page-speed-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-page-speed-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-page-speed-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-page-speed-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-page-speed-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-piwik-extension-c009600ac01b461b216f777bf4f27175.yaml b/nuclei-templates/cve-less/plugins/mainwp-piwik-extension-c009600ac01b461b216f777bf4f27175.yaml new file mode 100644 index 0000000000..dec4588519 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-piwik-extension-c009600ac01b461b216f777bf4f27175.yaml @@ -0,0 +1,58 @@ +id: mainwp-piwik-extension-c009600ac01b461b216f777bf4f27175 + +info: + name: > + MainWP Matomo Extension <= 4.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4648c4f2-47e3-4a95-9e93-fd8246863425?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-piwik-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-piwik-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-piwik-extension,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-piwik-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-piwik-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-post-dripper-extension-8b15dcc48a6f92077370cb4c6934bd38.yaml b/nuclei-templates/cve-less/plugins/mainwp-post-dripper-extension-8b15dcc48a6f92077370cb4c6934bd38.yaml new file mode 100644 index 0000000000..c114616176 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-post-dripper-extension-8b15dcc48a6f92077370cb4c6934bd38.yaml @@ -0,0 +1,58 @@ +id: mainwp-post-dripper-extension-8b15dcc48a6f92077370cb4c6934bd38 + +info: + name: > + MainWP Post Dripper Extension <= 4.0.4 - Missing Authorization to Arbitrary Page/Post Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42a642a8-fee3-497f-9fcf-7e888838af0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-post-dripper-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-post-dripper-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-post-dripper-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-post-dripper-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-post-dripper-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-post-plus-extension-1a7f5e2f6b8dc141b3974d01e70ce6c4.yaml b/nuclei-templates/cve-less/plugins/mainwp-post-plus-extension-1a7f5e2f6b8dc141b3974d01e70ce6c4.yaml new file mode 100644 index 0000000000..19f7037650 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-post-plus-extension-1a7f5e2f6b8dc141b3974d01e70ce6c4.yaml @@ -0,0 +1,58 @@ +id: mainwp-post-plus-extension-1a7f5e2f6b8dc141b3974d01e70ce6c4 + +info: + name: > + MainWP Post Plus Extension <= 4.0.3 - Missing Authorization to Arbitrary Page/Post Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35767133-28d7-47e9-bcda-5d761262cdad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-post-plus-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-post-plus-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-post-plus-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-post-plus-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-post-plus-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-rocket-extension-2aa015126a1a525f86550f7ae828f7a6.yaml b/nuclei-templates/cve-less/plugins/mainwp-rocket-extension-2aa015126a1a525f86550f7ae828f7a6.yaml new file mode 100644 index 0000000000..53622b8396 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-rocket-extension-2aa015126a1a525f86550f7ae828f7a6.yaml @@ -0,0 +1,58 @@ +id: mainwp-rocket-extension-2aa015126a1a525f86550f7ae828f7a6 + +info: + name: > + MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab346cea-2d33-4ec5-b985-86a65fbe12e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-rocket-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-rocket-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-rocket-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-rocket-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-rocket-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-rocket-extension-7bfb92cd98981d6d2231287741115d7d.yaml b/nuclei-templates/cve-less/plugins/mainwp-rocket-extension-7bfb92cd98981d6d2231287741115d7d.yaml new file mode 100644 index 0000000000..ff17196043 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-rocket-extension-7bfb92cd98981d6d2231287741115d7d.yaml @@ -0,0 +1,58 @@ +id: mainwp-rocket-extension-7bfb92cd98981d6d2231287741115d7d + +info: + name: > + MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bc6d354-65f5-4c1e-8a43-a6ddd1280a2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-rocket-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-rocket-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-rocket-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-rocket-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-rocket-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-seo-extension-5bb6026096b7bf370409b664b0a819cb.yaml b/nuclei-templates/cve-less/plugins/mainwp-seo-extension-5bb6026096b7bf370409b664b0a819cb.yaml new file mode 100644 index 0000000000..7895304b3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-seo-extension-5bb6026096b7bf370409b664b0a819cb.yaml @@ -0,0 +1,58 @@ +id: mainwp-seo-extension-5bb6026096b7bf370409b664b0a819cb + +info: + name: > + MainWP WordPress SEO Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9150e6b-2233-4fdb-95b7-1a5a8c083cad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-seo-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-seo-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-seo-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-seo-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-seo-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-staging-extension-b093b4fe361511a13e571267d2dc54e9.yaml b/nuclei-templates/cve-less/plugins/mainwp-staging-extension-b093b4fe361511a13e571267d2dc54e9.yaml new file mode 100644 index 0000000000..1a075e9531 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-staging-extension-b093b4fe361511a13e571267d2dc54e9.yaml @@ -0,0 +1,58 @@ +id: mainwp-staging-extension-b093b4fe361511a13e571267d2dc54e9 + +info: + name: > + MainWP Staging Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f932e3ea-3d82-47af-924a-b2df15641611?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-staging-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-staging-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-staging-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-staging-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-staging-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-updraftplus-extension-aca127a8ed0bd7922687fe103f18d74f.yaml b/nuclei-templates/cve-less/plugins/mainwp-updraftplus-extension-aca127a8ed0bd7922687fe103f18d74f.yaml new file mode 100644 index 0000000000..984da8c7c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-updraftplus-extension-aca127a8ed0bd7922687fe103f18d74f.yaml @@ -0,0 +1,58 @@ +id: mainwp-updraftplus-extension-aca127a8ed0bd7922687fe103f18d74f + +info: + name: > + MainWP UpdraftPlus Extension <= 4.0.6 - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44287d9f-93db-417c-bf88-6785e4ce3a9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-updraftplus-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-updraftplus-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-updraftplus-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-updraftplus-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-updraftplus-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-wordfence-extension-089c7908dc4fffc678d9e3d75fcc62a9.yaml b/nuclei-templates/cve-less/plugins/mainwp-wordfence-extension-089c7908dc4fffc678d9e3d75fcc62a9.yaml new file mode 100644 index 0000000000..ca733be3b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-wordfence-extension-089c7908dc4fffc678d9e3d75fcc62a9.yaml @@ -0,0 +1,58 @@ +id: mainwp-wordfence-extension-089c7908dc4fffc678d9e3d75fcc62a9 + +info: + name: > + MainWP Wordfence Extension <= 4.0.7 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05da4808-385c-4e9f-96f8-5d5c04e7371b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-wordfence-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-wordfence-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-wordfence-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-wordfence-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-wordfence-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mainwp-wordfence-extension-09213ac628577f10fc1f9d7850e68118.yaml b/nuclei-templates/cve-less/plugins/mainwp-wordfence-extension-09213ac628577f10fc1f9d7850e68118.yaml new file mode 100644 index 0000000000..a81096ae98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mainwp-wordfence-extension-09213ac628577f10fc1f9d7850e68118.yaml @@ -0,0 +1,58 @@ +id: mainwp-wordfence-extension-09213ac628577f10fc1f9d7850e68118 + +info: + name: > + MainWP Wordfence Extension <= 4.0.7 - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/401ea644-bab2-4578-ab1a-7851c2e710ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mainwp-wordfence-extension/" + google-query: inurl:"/wp-content/plugins/mainwp-wordfence-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mainwp-wordfence-extension,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mainwp-wordfence-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mainwp-wordfence-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/make-paths-relative-c1cb13846b68b46c9143c497ddfb2bf6.yaml b/nuclei-templates/cve-less/plugins/make-paths-relative-c1cb13846b68b46c9143c497ddfb2bf6.yaml new file mode 100644 index 0000000000..fd12f0b0c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/make-paths-relative-c1cb13846b68b46c9143c497ddfb2bf6.yaml @@ -0,0 +1,58 @@ +id: make-paths-relative-c1cb13846b68b46c9143c497ddfb2bf6 + +info: + name: > + Make Paths Relative <= 1.3.0 - Cross-Site Request Forgery via 'admin/class-make-paths-relative-admin.php' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85317781-7e77-4a78-af67-0a1dce39364c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/make-paths-relative/" + google-query: inurl:"/wp-content/plugins/make-paths-relative/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,make-paths-relative,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/make-paths-relative/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "make-paths-relative" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/makestories-helper-6bd5d755fdb18da0e4495ddee37a2528.yaml b/nuclei-templates/cve-less/plugins/makestories-helper-6bd5d755fdb18da0e4495ddee37a2528.yaml new file mode 100644 index 0000000000..c0cd0f044e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/makestories-helper-6bd5d755fdb18da0e4495ddee37a2528.yaml @@ -0,0 +1,58 @@ +id: makestories-helper-6bd5d755fdb18da0e4495ddee37a2528 + +info: + name: > + MakeStories (for Google Web Stories) <= 3.0.2 - Cross-Site Request Forgery via 'ms_set_options' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9f7130d-883a-4db4-9edf-f5526724de11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/makestories-helper/" + google-query: inurl:"/wp-content/plugins/makestories-helper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,makestories-helper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/makestories-helper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "makestories-helper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/malinky-ajax-pagination-46200eda6d80c305dc0a5fd8d6c3597a.yaml b/nuclei-templates/cve-less/plugins/malinky-ajax-pagination-46200eda6d80c305dc0a5fd8d6c3597a.yaml new file mode 100644 index 0000000000..bfae686b82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/malinky-ajax-pagination-46200eda6d80c305dc0a5fd8d6c3597a.yaml @@ -0,0 +1,58 @@ +id: malinky-ajax-pagination-46200eda6d80c305dc0a5fd8d6c3597a + +info: + name: > + Ajax Pagination and Infinite Scroll <= 2.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bc7f5dd-a1eb-442d-9913-e391208e7f26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/malinky-ajax-pagination/" + google-query: inurl:"/wp-content/plugins/malinky-ajax-pagination/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,malinky-ajax-pagination,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/malinky-ajax-pagination/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "malinky-ajax-pagination" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/malware-finder-54a5c8f84066c82a1f84ab85f1710141.yaml b/nuclei-templates/cve-less/plugins/malware-finder-54a5c8f84066c82a1f84ab85f1710141.yaml new file mode 100644 index 0000000000..26556c4878 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/malware-finder-54a5c8f84066c82a1f84ab85f1710141.yaml @@ -0,0 +1,58 @@ +id: malware-finder-54a5c8f84066c82a1f84ab85f1710141 + +info: + name: > + Malware Finder <= 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b46b5299-2c14-4eb7-872c-f43518e1d31d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/malware-finder/" + google-query: inurl:"/wp-content/plugins/malware-finder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,malware-finder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/malware-finder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "malware-finder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/manage-notification-emails-a2bc40be2dd87e9dcd0977a6fdf140d6.yaml b/nuclei-templates/cve-less/plugins/manage-notification-emails-a2bc40be2dd87e9dcd0977a6fdf140d6.yaml new file mode 100644 index 0000000000..d61287a0fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/manage-notification-emails-a2bc40be2dd87e9dcd0977a6fdf140d6.yaml @@ -0,0 +1,58 @@ +id: manage-notification-emails-a2bc40be2dd87e9dcd0977a6fdf140d6 + +info: + name: > + Manage Notification E-mails <= 1.8.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/048bc117-88df-44b3-a30c-692bad23050f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/manage-notification-emails/" + google-query: inurl:"/wp-content/plugins/manage-notification-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,manage-notification-emails,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/manage-notification-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "manage-notification-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/manage-notification-emails-a5a6d2493729bf3090ce1785835756c3.yaml b/nuclei-templates/cve-less/plugins/manage-notification-emails-a5a6d2493729bf3090ce1785835756c3.yaml new file mode 100644 index 0000000000..067402fac2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/manage-notification-emails-a5a6d2493729bf3090ce1785835756c3.yaml @@ -0,0 +1,58 @@ +id: manage-notification-emails-a5a6d2493729bf3090ce1785835756c3 + +info: + name: > + Manage Notification E-mails <= 1.8.2 - Cross-Site Request Forgery to Plugin Options Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab0d9a2-ca77-439b-bced-8ab5d7b0518a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/manage-notification-emails/" + google-query: inurl:"/wp-content/plugins/manage-notification-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,manage-notification-emails,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/manage-notification-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "manage-notification-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/manage-shipyaari-shipping-644c7cae519f04e689e17393d43159b0.yaml b/nuclei-templates/cve-less/plugins/manage-shipyaari-shipping-644c7cae519f04e689e17393d43159b0.yaml new file mode 100644 index 0000000000..bac8ce3e10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/manage-shipyaari-shipping-644c7cae519f04e689e17393d43159b0.yaml @@ -0,0 +1,58 @@ +id: manage-shipyaari-shipping-644c7cae519f04e689e17393d43159b0 + +info: + name: > + Shipyaari Shipping Management <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9350fba0-2cb3-43dd-9ea5-214dc631267a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/manage-shipyaari-shipping/" + google-query: inurl:"/wp-content/plugins/manage-shipyaari-shipping/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,manage-shipyaari-shipping,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/manage-shipyaari-shipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "manage-shipyaari-shipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/manager-for-icomoon-bf850209f75ffce28cf6dbc62d1d3ffe.yaml b/nuclei-templates/cve-less/plugins/manager-for-icomoon-bf850209f75ffce28cf6dbc62d1d3ffe.yaml new file mode 100644 index 0000000000..7b33f9ba33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/manager-for-icomoon-bf850209f75ffce28cf6dbc62d1d3ffe.yaml @@ -0,0 +1,58 @@ +id: manager-for-icomoon-bf850209f75ffce28cf6dbc62d1d3ffe + +info: + name: > + Manager for Icomoon <= 2.0 - Unauthenticated Arbitrary File Upload via 'upload' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/854ab1f3-5f7c-40a4-85a5-db4e20dc72cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/manager-for-icomoon/" + google-query: inurl:"/wp-content/plugins/manager-for-icomoon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,manager-for-icomoon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/manager-for-icomoon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "manager-for-icomoon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/manager-for-icomoon-fcb2137e4fd0eeb6eaa0769932ceae96.yaml b/nuclei-templates/cve-less/plugins/manager-for-icomoon-fcb2137e4fd0eeb6eaa0769932ceae96.yaml new file mode 100644 index 0000000000..c0a1e07791 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/manager-for-icomoon-fcb2137e4fd0eeb6eaa0769932ceae96.yaml @@ -0,0 +1,58 @@ +id: manager-for-icomoon-fcb2137e4fd0eeb6eaa0769932ceae96 + +info: + name: > + Manager for Icomoon <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ef75bb4-febf-4009-a6b4-f0b40a4fc903?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/manager-for-icomoon/" + google-query: inurl:"/wp-content/plugins/manager-for-icomoon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,manager-for-icomoon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/manager-for-icomoon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "manager-for-icomoon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mangboard-33e169ef58595c551d71b2a0f254c1a0.yaml b/nuclei-templates/cve-less/plugins/mangboard-33e169ef58595c551d71b2a0f254c1a0.yaml new file mode 100644 index 0000000000..693a24bb7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mangboard-33e169ef58595c551d71b2a0f254c1a0.yaml @@ -0,0 +1,58 @@ +id: mangboard-33e169ef58595c551d71b2a0f254c1a0 + +info: + name: > + Mangboard <= 1.9.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0a5771b-0108-4393-a54e-b5e2c35caeb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mangboard/" + google-query: inurl:"/wp-content/plugins/mangboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mangboard,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mangboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mangboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mangboard-4e66527828b974bdf1935dbf3ae98ee7.yaml b/nuclei-templates/cve-less/plugins/mangboard-4e66527828b974bdf1935dbf3ae98ee7.yaml new file mode 100644 index 0000000000..deaf79a84a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mangboard-4e66527828b974bdf1935dbf3ae98ee7.yaml @@ -0,0 +1,58 @@ +id: mangboard-4e66527828b974bdf1935dbf3ae98ee7 + +info: + name: > + Mang Board WP <= 1.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a32fdc-1c72-45fc-bb57-44f6888e0885?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mangboard/" + google-query: inurl:"/wp-content/plugins/mangboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mangboard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mangboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mangboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mangboard-50a5bfd5ef4ea3d67f1cc1653c0ac79b.yaml b/nuclei-templates/cve-less/plugins/mangboard-50a5bfd5ef4ea3d67f1cc1653c0ac79b.yaml new file mode 100644 index 0000000000..0d3fe33012 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mangboard-50a5bfd5ef4ea3d67f1cc1653c0ac79b.yaml @@ -0,0 +1,58 @@ +id: mangboard-50a5bfd5ef4ea3d67f1cc1653c0ac79b + +info: + name: > + Mang Board WP <= 1.8.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a85e1e9-ef40-40f6-a652-17acf0a2d33d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mangboard/" + google-query: inurl:"/wp-content/plugins/mangboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mangboard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mangboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mangboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mangboard-b9040953fd9d7380144b780f2d4080d6.yaml b/nuclei-templates/cve-less/plugins/mangboard-b9040953fd9d7380144b780f2d4080d6.yaml new file mode 100644 index 0000000000..71b66560de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mangboard-b9040953fd9d7380144b780f2d4080d6.yaml @@ -0,0 +1,58 @@ +id: mangboard-b9040953fd9d7380144b780f2d4080d6 + +info: + name: > + Mang Board WP <= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d8cfcdc-6258-4629-a3b4-d65e44ac82f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mangboard/" + google-query: inurl:"/wp-content/plugins/mangboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mangboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mangboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mangboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mantenimiento-web-28c1871bb01e37ab60acecfab790c02b.yaml b/nuclei-templates/cve-less/plugins/mantenimiento-web-28c1871bb01e37ab60acecfab790c02b.yaml new file mode 100644 index 0000000000..5f5a731896 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mantenimiento-web-28c1871bb01e37ab60acecfab790c02b.yaml @@ -0,0 +1,58 @@ +id: mantenimiento-web-28c1871bb01e37ab60acecfab790c02b + +info: + name: > + Mantenimiento web <= 0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c950ac0a-80fb-4f95-ba20-afb8ba6b137f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mantenimiento-web/" + google-query: inurl:"/wp-content/plugins/mantenimiento-web/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mantenimiento-web,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mantenimiento-web/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mantenimiento-web" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mantenimiento-web-a43440257ec4eba085c1ac2ce540e1bf.yaml b/nuclei-templates/cve-less/plugins/mantenimiento-web-a43440257ec4eba085c1ac2ce540e1bf.yaml new file mode 100644 index 0000000000..56b09c5f22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mantenimiento-web-a43440257ec4eba085c1ac2ce540e1bf.yaml @@ -0,0 +1,58 @@ +id: mantenimiento-web-a43440257ec4eba085c1ac2ce540e1bf + +info: + name: > + Mantenimiento web <= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aefb7e34-ec48-4e29-b3aa-85901e12d21c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mantenimiento-web/" + google-query: inurl:"/wp-content/plugins/mantenimiento-web/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mantenimiento-web,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mantenimiento-web/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mantenimiento-web" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/manual-image-crop-e5eb2b15a41ab9ee60dcb2af1f87d2ee.yaml b/nuclei-templates/cve-less/plugins/manual-image-crop-e5eb2b15a41ab9ee60dcb2af1f87d2ee.yaml new file mode 100644 index 0000000000..b3680bf85f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/manual-image-crop-e5eb2b15a41ab9ee60dcb2af1f87d2ee.yaml @@ -0,0 +1,58 @@ +id: manual-image-crop-e5eb2b15a41ab9ee60dcb2af1f87d2ee + +info: + name: > + Manual Image Crop <= 1.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c195d62d-5f2f-4248-9a84-b551f532256b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/manual-image-crop/" + google-query: inurl:"/wp-content/plugins/manual-image-crop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,manual-image-crop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/manual-image-crop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "manual-image-crop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/map-location-picker-at-checkout-for-woocommerce-33149871db85e014a52f28e4a7d38f17.yaml b/nuclei-templates/cve-less/plugins/map-location-picker-at-checkout-for-woocommerce-33149871db85e014a52f28e4a7d38f17.yaml new file mode 100644 index 0000000000..4579cab045 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/map-location-picker-at-checkout-for-woocommerce-33149871db85e014a52f28e4a7d38f17.yaml @@ -0,0 +1,58 @@ +id: map-location-picker-at-checkout-for-woocommerce-33149871db85e014a52f28e4a7d38f17 + +info: + name: > + Location Picker at Checkout for WooCommerce <= 1.8.9 - Missing Authorization via checkout_map_rules_order_ajax_handler + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7394be7e-9a1f-4c85-ac2d-cace39def330?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,map-location-picker-at-checkout-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/map-location-picker-at-checkout-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "map-location-picker-at-checkout-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/map-multi-marker-98cc3184ae2ac53e6ec93de75027842b.yaml b/nuclei-templates/cve-less/plugins/map-multi-marker-98cc3184ae2ac53e6ec93de75027842b.yaml new file mode 100644 index 0000000000..39d02cb585 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/map-multi-marker-98cc3184ae2ac53e6ec93de75027842b.yaml @@ -0,0 +1,58 @@ +id: map-multi-marker-98cc3184ae2ac53e6ec93de75027842b + +info: + name: > + Map Multi Marker <= 3.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/577cf51e-3fcb-456c-9068-17fff4a71e94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/map-multi-marker/" + google-query: inurl:"/wp-content/plugins/map-multi-marker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,map-multi-marker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/map-multi-marker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "map-multi-marker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mapping-multiple-urls-redirect-same-page-13d4f5660b4ca1f115f6a5db8348287c.yaml b/nuclei-templates/cve-less/plugins/mapping-multiple-urls-redirect-same-page-13d4f5660b4ca1f115f6a5db8348287c.yaml new file mode 100644 index 0000000000..50ad6f4eac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mapping-multiple-urls-redirect-same-page-13d4f5660b4ca1f115f6a5db8348287c.yaml @@ -0,0 +1,58 @@ +id: mapping-multiple-urls-redirect-same-page-13d4f5660b4ca1f115f6a5db8348287c + +info: + name: > + Mapping Multiple URLs Redirect Same Page <= 5.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/514184b0-aa54-41d1-9aa0-86d120ae79c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mapping-multiple-urls-redirect-same-page/" + google-query: inurl:"/wp-content/plugins/mapping-multiple-urls-redirect-same-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mapping-multiple-urls-redirect-same-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mapping-multiple-urls-redirect-same-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mapping-multiple-urls-redirect-same-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-001b828c3c08777c5f66954153002511.yaml b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-001b828c3c08777c5f66954153002511.yaml new file mode 100644 index 0000000000..8831d19095 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-001b828c3c08777c5f66954153002511.yaml @@ -0,0 +1,58 @@ +id: mappress-google-maps-for-wordpress-001b828c3c08777c5f66954153002511 + +info: + name: > + MapPress <= 2.88.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fce76126-0cfd-464f-b644-45d4301e958d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.88.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-0db4927fc2e66efc196aae8bda2e501b.yaml b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-0db4927fc2e66efc196aae8bda2e501b.yaml new file mode 100644 index 0000000000..1426a14590 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-0db4927fc2e66efc196aae8bda2e501b.yaml @@ -0,0 +1,58 @@ +id: mappress-google-maps-for-wordpress-0db4927fc2e66efc196aae8bda2e501b + +info: + name: > + MapPress Maps <= 2.73.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96d5bfeb-b082-44cc-8d84-1ef1c3f5b562?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.73.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-14a7ffa14fbeefc172000dc0caefb552.yaml b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-14a7ffa14fbeefc172000dc0caefb552.yaml new file mode 100644 index 0000000000..b706e28b2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-14a7ffa14fbeefc172000dc0caefb552.yaml @@ -0,0 +1,58 @@ +id: mappress-google-maps-for-wordpress-14a7ffa14fbeefc172000dc0caefb552 + +info: + name: > + MapPress Maps for WordPress <= 2.73.12 - Admin+ File Upload to Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62ac66d8-fc10-4ec2-a567-7b95eb6f2c76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.73.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-29adc02045150a72bc0879e8ef2cedbd.yaml b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-29adc02045150a72bc0879e8ef2cedbd.yaml new file mode 100644 index 0000000000..df81f0a38f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-29adc02045150a72bc0879e8ef2cedbd.yaml @@ -0,0 +1,58 @@ +id: mappress-google-maps-for-wordpress-29adc02045150a72bc0879e8ef2cedbd + +info: + name: > + MapPress Maps for WordPress <= 2.88.15 - Insufficient Authorization to Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a7ced3b-4cb5-463a-aa32-3ccdc886e1a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.88.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-6bf1979859a94fbe33542b88abb0e15d.yaml b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-6bf1979859a94fbe33542b88abb0e15d.yaml new file mode 100644 index 0000000000..401d060bbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-6bf1979859a94fbe33542b88abb0e15d.yaml @@ -0,0 +1,58 @@ +id: mappress-google-maps-for-wordpress-6bf1979859a94fbe33542b88abb0e15d + +info: + name: > + MapPress Maps for WordPress <=2.53.8 - Authenticated Map Creation/Deletion to Stored Cross-Site Scripting & Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5e3932-809c-46d7-bb8d-1dffac9877a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.53.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-7b6a78f327e3069338279750b3f26ae1.yaml b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-7b6a78f327e3069338279750b3f26ae1.yaml new file mode 100644 index 0000000000..3f49b71804 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-7b6a78f327e3069338279750b3f26ae1.yaml @@ -0,0 +1,58 @@ +id: mappress-google-maps-for-wordpress-7b6a78f327e3069338279750b3f26ae1 + +info: + name: > + MapPress Maps for WordPress <= 2.88.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3d2c9a4-32f7-484f-86ce-a33ef1174b28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.88.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-a32c5004dd8e3051476b1d2ace4665f9.yaml b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-a32c5004dd8e3051476b1d2ace4665f9.yaml new file mode 100644 index 0000000000..f046d83073 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-a32c5004dd8e3051476b1d2ace4665f9.yaml @@ -0,0 +1,58 @@ +id: mappress-google-maps-for-wordpress-a32c5004dd8e3051476b1d2ace4665f9 + +info: + name: > + MapPress Maps <= 2.54.5 - Remote Code Execution via Improper Capability Checks in AJAX Calls + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8202e9e7-b05b-4603-9ebd-8084bf17a230?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.54.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-bed91f2c82382c1fad6f81b58becdcb8.yaml b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-bed91f2c82382c1fad6f81b58becdcb8.yaml new file mode 100644 index 0000000000..8fc02284fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-bed91f2c82382c1fad6f81b58becdcb8.yaml @@ -0,0 +1,58 @@ +id: mappress-google-maps-for-wordpress-bed91f2c82382c1fad6f81b58becdcb8 + +info: + name: > + MapPress Maps for WordPress <= 2.88.13 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28a8f025-c2ab-4a5f-a99e-a2d19b14a190?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.88.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-f49ac78d75e6d3fb0dc3afda46d041dc.yaml b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-f49ac78d75e6d3fb0dc3afda46d041dc.yaml new file mode 100644 index 0000000000..7705c3dabf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-f49ac78d75e6d3fb0dc3afda46d041dc.yaml @@ -0,0 +1,58 @@ +id: mappress-google-maps-for-wordpress-f49ac78d75e6d3fb0dc3afda46d041dc + +info: + name: > + MapPress Maps for WordPress <= 2.88.14 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41e2c557-e462-4d9e-916c-b8352a6df571?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.88.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-f938f1ab4ea9e7929903077ead3a87cb.yaml b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-f938f1ab4ea9e7929903077ead3a87cb.yaml new file mode 100644 index 0000000000..6f3fb8a4de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mappress-google-maps-for-wordpress-f938f1ab4ea9e7929903077ead3a87cb.yaml @@ -0,0 +1,58 @@ +id: mappress-google-maps-for-wordpress-f938f1ab4ea9e7929903077ead3a87cb + +info: + name: > + MapPress Maps for WordPress <= 2.85.4 - Authenticated (Contributor+) SQL Injection via get_maps + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aab16b6f-4daf-4eb1-9526-dd05b2b41dee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mappress-google-maps-for-wordpress/" + google-query: inurl:"/wp-content/plugins/mappress-google-maps-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mappress-google-maps-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mappress-google-maps-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mappress-google-maps-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.85.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maps-block-apple-34f90d387401d288923a3d216c026fe2.yaml b/nuclei-templates/cve-less/plugins/maps-block-apple-34f90d387401d288923a3d216c026fe2.yaml new file mode 100644 index 0000000000..b8d3fa7bdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maps-block-apple-34f90d387401d288923a3d216c026fe2.yaml @@ -0,0 +1,58 @@ +id: maps-block-apple-34f90d387401d288923a3d216c026fe2 + +info: + name: > + markdown-it < 1.3.2 - Uncontrolled Resource Consumption + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67b468f7-21c7-424a-a65c-172ef47f0465?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maps-block-apple/" + google-query: inurl:"/wp-content/plugins/maps-block-apple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maps-block-apple,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maps-block-apple/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maps-block-apple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maps-block-apple-48cf291038d407d0c14437de80bf836d.yaml b/nuclei-templates/cve-less/plugins/maps-block-apple-48cf291038d407d0c14437de80bf836d.yaml new file mode 100644 index 0000000000..064b14c9bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maps-block-apple-48cf291038d407d0c14437de80bf836d.yaml @@ -0,0 +1,58 @@ +id: maps-block-apple-48cf291038d407d0c14437de80bf836d + +info: + name: > + json5 <= 1.0.1 and 2.0.0-2.2.1 - Prototype Pollution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d5fad17-3b28-4f99-9508-f807cb06cfe5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maps-block-apple/" + google-query: inurl:"/wp-content/plugins/maps-block-apple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maps-block-apple,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maps-block-apple/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maps-block-apple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maps-block-apple-54bc1daf26907dc59a5c7876a142ff1b.yaml b/nuclei-templates/cve-less/plugins/maps-block-apple-54bc1daf26907dc59a5c7876a142ff1b.yaml new file mode 100644 index 0000000000..8695a06010 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maps-block-apple-54bc1daf26907dc59a5c7876a142ff1b.yaml @@ -0,0 +1,58 @@ +id: maps-block-apple-54bc1daf26907dc59a5c7876a142ff1b + +info: + name: > + loader-utils (JS package) < 2.0.3 - Prototype Pollution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45a49dca-2ed2-44cf-a0fe-0f1440a78cc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maps-block-apple/" + google-query: inurl:"/wp-content/plugins/maps-block-apple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maps-block-apple,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maps-block-apple/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maps-block-apple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maps-block-apple-73081b1f6f4e13a9e6e969eba5e746fc.yaml b/nuclei-templates/cve-less/plugins/maps-block-apple-73081b1f6f4e13a9e6e969eba5e746fc.yaml new file mode 100644 index 0000000000..23cf8ddd59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maps-block-apple-73081b1f6f4e13a9e6e969eba5e746fc.yaml @@ -0,0 +1,58 @@ +id: maps-block-apple-73081b1f6f4e13a9e6e969eba5e746fc + +info: + name: > + simple-git < 3.15.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c747e6f-31fc-41b0-ba62-f009b5483696?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maps-block-apple/" + google-query: inurl:"/wp-content/plugins/maps-block-apple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maps-block-apple,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maps-block-apple/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maps-block-apple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maps-block-apple-bc55ea7b509124d1a77831d4400c5030.yaml b/nuclei-templates/cve-less/plugins/maps-block-apple-bc55ea7b509124d1a77831d4400c5030.yaml new file mode 100644 index 0000000000..69f7d8d38d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maps-block-apple-bc55ea7b509124d1a77831d4400c5030.yaml @@ -0,0 +1,58 @@ +id: maps-block-apple-bc55ea7b509124d1a77831d4400c5030 + +info: + name: > + simple-git < 3.16.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46fdd494-8073-4a68-a4ab-1f5767011f67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maps-block-apple/" + google-query: inurl:"/wp-content/plugins/maps-block-apple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maps-block-apple,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maps-block-apple/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maps-block-apple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maps-block-apple-f9078038dec7d199edb0413f76661495.yaml b/nuclei-templates/cve-less/plugins/maps-block-apple-f9078038dec7d199edb0413f76661495.yaml new file mode 100644 index 0000000000..3f148d8a66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maps-block-apple-f9078038dec7d199edb0413f76661495.yaml @@ -0,0 +1,58 @@ +id: maps-block-apple-f9078038dec7d199edb0413f76661495 + +info: + name: > + Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d535c069-cfa3-4c41-9a01-b4c4e7c75764?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maps-block-apple/" + google-query: inurl:"/wp-content/plugins/maps-block-apple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maps-block-apple,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maps-block-apple/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maps-block-apple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mapster-wp-maps-e101fa87e9e9a3f0059378f1f396b6c6.yaml b/nuclei-templates/cve-less/plugins/mapster-wp-maps-e101fa87e9e9a3f0059378f1f396b6c6.yaml new file mode 100644 index 0000000000..9df72f8052 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mapster-wp-maps-e101fa87e9e9a3f0059378f1f396b6c6.yaml @@ -0,0 +1,58 @@ +id: mapster-wp-maps-e101fa87e9e9a3f0059378f1f396b6c6 + +info: + name: > + Mapster WP Maps <= 1.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d38ee896-8cdd-45c5-b393-bdcb7baa7bd3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mapster-wp-maps/" + google-query: inurl:"/wp-content/plugins/mapster-wp-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mapster-wp-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mapster-wp-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mapster-wp-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.38') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mapsvg-e1d4b31d2e512648b34fb410fc6ac542.yaml b/nuclei-templates/cve-less/plugins/mapsvg-e1d4b31d2e512648b34fb410fc6ac542.yaml new file mode 100644 index 0000000000..cf45653915 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mapsvg-e1d4b31d2e512648b34fb410fc6ac542.yaml @@ -0,0 +1,58 @@ +id: mapsvg-e1d4b31d2e512648b34fb410fc6ac542 + +info: + name: > + MapSVG <= 6.2.19 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1816a385-0b50-4f0d-848c-f583c247c8fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mapsvg/" + google-query: inurl:"/wp-content/plugins/mapsvg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mapsvg,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mapsvg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mapsvg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.2.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mapsvg-lite-interactive-vector-maps-303bc652d47c2a787ae26772587ef7fc.yaml b/nuclei-templates/cve-less/plugins/mapsvg-lite-interactive-vector-maps-303bc652d47c2a787ae26772587ef7fc.yaml new file mode 100644 index 0000000000..1a89d4c64b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mapsvg-lite-interactive-vector-maps-303bc652d47c2a787ae26772587ef7fc.yaml @@ -0,0 +1,58 @@ +id: mapsvg-lite-interactive-vector-maps-303bc652d47c2a787ae26772587ef7fc + +info: + name: > + MapSVG Lite < 3.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8073cc59-e5cc-4940-bce0-e501f0d959cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mapsvg-lite-interactive-vector-maps/" + google-query: inurl:"/wp-content/plugins/mapsvg-lite-interactive-vector-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mapsvg-lite-interactive-vector-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mapsvg-lite-interactive-vector-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mapsvg-lite-interactive-vector-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mapwiz-47ec4d19442547ad0d7289d6f4804147.yaml b/nuclei-templates/cve-less/plugins/mapwiz-47ec4d19442547ad0d7289d6f4804147.yaml new file mode 100644 index 0000000000..d4648abc23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mapwiz-47ec4d19442547ad0d7289d6f4804147.yaml @@ -0,0 +1,58 @@ +id: mapwiz-47ec4d19442547ad0d7289d6f4804147 + +info: + name: > + Mapwiz <= 1.0.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66f73c3d-3937-4b9f-a7d6-29c249e46b92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mapwiz/" + google-query: inurl:"/wp-content/plugins/mapwiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mapwiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mapwiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mapwiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/marekkis-watermark-3b4a8aeeafcd7cd5d89d3f79fbd2340b.yaml b/nuclei-templates/cve-less/plugins/marekkis-watermark-3b4a8aeeafcd7cd5d89d3f79fbd2340b.yaml new file mode 100644 index 0000000000..678c55a10e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/marekkis-watermark-3b4a8aeeafcd7cd5d89d3f79fbd2340b.yaml @@ -0,0 +1,58 @@ +id: marekkis-watermark-3b4a8aeeafcd7cd5d89d3f79fbd2340b + +info: + name: > + Marekkis Watermark-Plugin <= 0.9.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e65cf73b-349b-4982-b6ec-a2c94d327d0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/marekkis-watermark/" + google-query: inurl:"/wp-content/plugins/marekkis-watermark/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,marekkis-watermark,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/marekkis-watermark/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "marekkis-watermark" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mark-posts-cf0f772efb4c9beac6971570b02c3073.yaml b/nuclei-templates/cve-less/plugins/mark-posts-cf0f772efb4c9beac6971570b02c3073.yaml new file mode 100644 index 0000000000..b5eb78d493 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mark-posts-cf0f772efb4c9beac6971570b02c3073.yaml @@ -0,0 +1,58 @@ +id: mark-posts-cf0f772efb4c9beac6971570b02c3073 + +info: + name: > + Mark Posts <= 2.0.0 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33df558a-da81-46e0-bef9-ddb2bb90a5c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mark-posts/" + google-query: inurl:"/wp-content/plugins/mark-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mark-posts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mark-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mark-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mark-user-as-spammer-79bf49b5f0577e5e924d09bc9548c465.yaml b/nuclei-templates/cve-less/plugins/mark-user-as-spammer-79bf49b5f0577e5e924d09bc9548c465.yaml new file mode 100644 index 0000000000..8d3ff74155 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mark-user-as-spammer-79bf49b5f0577e5e924d09bc9548c465.yaml @@ -0,0 +1,58 @@ +id: mark-user-as-spammer-79bf49b5f0577e5e924d09bc9548c465 + +info: + name: > + Mark User as Spammer <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5cab96c-f6ab-4ee6-8453-22e8a39cc82f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mark-user-as-spammer/" + google-query: inurl:"/wp-content/plugins/mark-user-as-spammer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mark-user-as-spammer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mark-user-as-spammer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mark-user-as-spammer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/markdown-on-save-improved-050d7cb19f5f214c16e87b6deb3805d1.yaml b/nuclei-templates/cve-less/plugins/markdown-on-save-improved-050d7cb19f5f214c16e87b6deb3805d1.yaml new file mode 100644 index 0000000000..efe95f7bf4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/markdown-on-save-improved-050d7cb19f5f214c16e87b6deb3805d1.yaml @@ -0,0 +1,58 @@ +id: markdown-on-save-improved-050d7cb19f5f214c16e87b6deb3805d1 + +info: + name: > + Markdown on Save Improved <= 2.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9be8c202-56f0-449f-84fa-375d239b5654?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/markdown-on-save-improved/" + google-query: inurl:"/wp-content/plugins/markdown-on-save-improved/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,markdown-on-save-improved,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/markdown-on-save-improved/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "markdown-on-save-improved" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/markdown-on-save-improved-c99fdfdd6f51accf3ed6f44f28e23a84.yaml b/nuclei-templates/cve-less/plugins/markdown-on-save-improved-c99fdfdd6f51accf3ed6f44f28e23a84.yaml new file mode 100644 index 0000000000..d4f584f54b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/markdown-on-save-improved-c99fdfdd6f51accf3ed6f44f28e23a84.yaml @@ -0,0 +1,58 @@ +id: markdown-on-save-improved-c99fdfdd6f51accf3ed6f44f28e23a84 + +info: + name: > + Markdown on Save Improved <= 2.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bda3c8f8-fd0f-432d-a382-e8ac55d34bb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/markdown-on-save-improved/" + google-query: inurl:"/wp-content/plugins/markdown-on-save-improved/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,markdown-on-save-improved,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/markdown-on-save-improved/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "markdown-on-save-improved" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/marker-io-fb2c63718b2382dbcdfb9fbdbea83949.yaml b/nuclei-templates/cve-less/plugins/marker-io-fb2c63718b2382dbcdfb9fbdbea83949.yaml new file mode 100644 index 0000000000..9575db446b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/marker-io-fb2c63718b2382dbcdfb9fbdbea83949.yaml @@ -0,0 +1,58 @@ +id: marker-io-fb2c63718b2382dbcdfb9fbdbea83949 + +info: + name: > + Marker.io <= 1.1.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fa382bf-a501-44eb-8a39-7ceb5829378f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/marker-io/" + google-query: inurl:"/wp-content/plugins/marker-io/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,marker-io,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/marker-io/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "marker-io" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/marketing-optimizer-3f528c05be1996d33dd348d92ec23461.yaml b/nuclei-templates/cve-less/plugins/marketing-optimizer-3f528c05be1996d33dd348d92ec23461.yaml new file mode 100644 index 0000000000..357deab84d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/marketing-optimizer-3f528c05be1996d33dd348d92ec23461.yaml @@ -0,0 +1,58 @@ +id: marketing-optimizer-3f528c05be1996d33dd348d92ec23461 + +info: + name: > + Marketing Optimizer <= 20200925 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b537637b-32c0-405e-94fa-c7c2d0c80658?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/marketing-optimizer/" + google-query: inurl:"/wp-content/plugins/marketing-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,marketing-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/marketing-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "marketing-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20200925') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/marketing-performance-127a32a3d7486f122ba18339dee95397.yaml b/nuclei-templates/cve-less/plugins/marketing-performance-127a32a3d7486f122ba18339dee95397.yaml new file mode 100644 index 0000000000..c991e66592 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/marketing-performance-127a32a3d7486f122ba18339dee95397.yaml @@ -0,0 +1,58 @@ +id: marketing-performance-127a32a3d7486f122ba18339dee95397 + +info: + name: > + Marketing Performance <= 2.0.0 - Unauthenticated Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29b53c80-68d5-4431-a49b-0d139c9403f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/marketing-performance/" + google-query: inurl:"/wp-content/plugins/marketing-performance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,marketing-performance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/marketing-performance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "marketing-performance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/marketo-forms-and-tracking-8d38cd4f2bf680c2b1b244824fc691f8.yaml b/nuclei-templates/cve-less/plugins/marketo-forms-and-tracking-8d38cd4f2bf680c2b1b244824fc691f8.yaml new file mode 100644 index 0000000000..ac21d8f08c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/marketo-forms-and-tracking-8d38cd4f2bf680c2b1b244824fc691f8.yaml @@ -0,0 +1,58 @@ +id: marketo-forms-and-tracking-8d38cd4f2bf680c2b1b244824fc691f8 + +info: + name: > + Marketo Forms and Tracking <= 1.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd0054b5-537b-412f-8b10-8bbc9f2ea256?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/marketo-forms-and-tracking/" + google-query: inurl:"/wp-content/plugins/marketo-forms-and-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,marketo-forms-and-tracking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/marketo-forms-and-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "marketo-forms-and-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/marmoset-viewer-b4b5d874a62067dd72085668d3cf4b24.yaml b/nuclei-templates/cve-less/plugins/marmoset-viewer-b4b5d874a62067dd72085668d3cf4b24.yaml new file mode 100644 index 0000000000..6a258ade8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/marmoset-viewer-b4b5d874a62067dd72085668d3cf4b24.yaml @@ -0,0 +1,58 @@ +id: marmoset-viewer-b4b5d874a62067dd72085668d3cf4b24 + +info: + name: > + Marmoset Viewer < 1.9.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73d3f73f-5407-4acf-ac65-1f7eadbaa58f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/marmoset-viewer/" + google-query: inurl:"/wp-content/plugins/marmoset-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,marmoset-viewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/marmoset-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "marmoset-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/martins-link-network-95b7b2700fb0920c45a7d61cccd555c1.yaml b/nuclei-templates/cve-less/plugins/martins-link-network-95b7b2700fb0920c45a7d61cccd555c1.yaml new file mode 100644 index 0000000000..6ea2381af5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/martins-link-network-95b7b2700fb0920c45a7d61cccd555c1.yaml @@ -0,0 +1,58 @@ +id: martins-link-network-95b7b2700fb0920c45a7d61cccd555c1 + +info: + name: > + Martins Free & Easy SEO BackLink Link Building Network <= 1.2.29 - Reflected Cross-Site Scripting via _wpnonce + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/773b5a79-017a-4e16-b563-3aa2939fa179?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/martins-link-network/" + google-query: inurl:"/wp-content/plugins/martins-link-network/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,martins-link-network,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/martins-link-network/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "martins-link-network" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mashsharer-7512032bfe4cd740c20bf708ea302987.yaml b/nuclei-templates/cve-less/plugins/mashsharer-7512032bfe4cd740c20bf708ea302987.yaml new file mode 100644 index 0000000000..7d7da6e0ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mashsharer-7512032bfe4cd740c20bf708ea302987.yaml @@ -0,0 +1,58 @@ +id: mashsharer-7512032bfe4cd740c20bf708ea302987 + +info: + name: > + Social Media Share Buttons <= 3.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc0e133d-b1c7-42c4-bd1f-7b91f0ec4fb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mashsharer/" + google-query: inurl:"/wp-content/plugins/mashsharer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mashsharer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mashsharer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mashsharer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mashsharer-d7a376bac039b7fcdb01d011343f232a.yaml b/nuclei-templates/cve-less/plugins/mashsharer-d7a376bac039b7fcdb01d011343f232a.yaml new file mode 100644 index 0000000000..d63f45ce12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mashsharer-d7a376bac039b7fcdb01d011343f232a.yaml @@ -0,0 +1,58 @@ +id: mashsharer-d7a376bac039b7fcdb01d011343f232a + +info: + name: > + Social Media Share Buttons <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95ba48b9-4a9c-47df-b05e-e670ae547810?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mashsharer/" + google-query: inurl:"/wp-content/plugins/mashsharer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mashsharer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mashsharer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mashsharer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mass-delete-unused-tags-75516a4a673e70626d0531442a9c901c.yaml b/nuclei-templates/cve-less/plugins/mass-delete-unused-tags-75516a4a673e70626d0531442a9c901c.yaml new file mode 100644 index 0000000000..7fa1a6def8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mass-delete-unused-tags-75516a4a673e70626d0531442a9c901c.yaml @@ -0,0 +1,58 @@ +id: mass-delete-unused-tags-75516a4a673e70626d0531442a9c901c + +info: + name: > + Mass Delete Unused Tags <= 2.0.0 - Cross-Site Request Forgery via plugin_mass_delete_unused_tags_init + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abf4cfb9-745a-4b4f-8862-54ef561904d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mass-delete-unused-tags/" + google-query: inurl:"/wp-content/plugins/mass-delete-unused-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mass-delete-unused-tags,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mass-delete-unused-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mass-delete-unused-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mass-email-to-users-317ac7f940ff6a7252e873e1a08b195c.yaml b/nuclei-templates/cve-less/plugins/mass-email-to-users-317ac7f940ff6a7252e873e1a08b195c.yaml new file mode 100644 index 0000000000..5e08c8a9a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mass-email-to-users-317ac7f940ff6a7252e873e1a08b195c.yaml @@ -0,0 +1,58 @@ +id: mass-email-to-users-317ac7f940ff6a7252e873e1a08b195c + +info: + name: > + Mass Email To users <= 1.1.4 - Unauthenticated Reflected Cross-Site Scripting via 'entrant' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f218010-8429-4a8a-b7f6-e45945a2a1ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mass-email-to-users/" + google-query: inurl:"/wp-content/plugins/mass-email-to-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mass-email-to-users,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mass-email-to-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mass-email-to-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mass-pagesposts-creator-5d3fabeb2abe10bffbf3f69299e86974.yaml b/nuclei-templates/cve-less/plugins/mass-pagesposts-creator-5d3fabeb2abe10bffbf3f69299e86974.yaml new file mode 100644 index 0000000000..aa1b7a26c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mass-pagesposts-creator-5d3fabeb2abe10bffbf3f69299e86974.yaml @@ -0,0 +1,58 @@ +id: mass-pagesposts-creator-5d3fabeb2abe10bffbf3f69299e86974 + +info: + name: > + Mass Pages/Posts Creator <= 1.2.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/966843d1-64c2-4f49-852c-d362714db823?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mass-pagesposts-creator/" + google-query: inurl:"/wp-content/plugins/mass-pagesposts-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mass-pagesposts-creator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mass-pagesposts-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mass-pagesposts-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-addons-5ad76356f82ec882d88e003164818843.yaml b/nuclei-templates/cve-less/plugins/master-addons-5ad76356f82ec882d88e003164818843.yaml new file mode 100644 index 0000000000..16601bfa8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-addons-5ad76356f82ec882d88e003164818843.yaml @@ -0,0 +1,58 @@ +id: master-addons-5ad76356f82ec882d88e003164818843 + +info: + name: > + Master Addons for Elementor <= 2.0.5.4.1 - Missing Authorization on Duplicate Post + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e5c3d74-1240-4501-856f-18a1c6369d1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-addons/" + google-query: inurl:"/wp-content/plugins/master-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-addons-5f2ebf4302880b4451790eb5366fdd55.yaml b/nuclei-templates/cve-less/plugins/master-addons-5f2ebf4302880b4451790eb5366fdd55.yaml new file mode 100644 index 0000000000..e4159f1923 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-addons-5f2ebf4302880b4451790eb5366fdd55.yaml @@ -0,0 +1,58 @@ +id: master-addons-5f2ebf4302880b4451790eb5366fdd55 + +info: + name: > + Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.5.9 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9a48769-94d9-459f-b34b-fdfe4c10b36c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-addons/" + google-query: inurl:"/wp-content/plugins/master-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-addons-8583fcd7447422df9f9725341fb87a81.yaml b/nuclei-templates/cve-less/plugins/master-addons-8583fcd7447422df9f9725341fb87a81.yaml new file mode 100644 index 0000000000..88e59bbb12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-addons-8583fcd7447422df9f9725341fb87a81.yaml @@ -0,0 +1,58 @@ +id: master-addons-8583fcd7447422df9f9725341fb87a81 + +info: + name: > + Master Addons for Elementor <= 2.0.5.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6150c355-1046-483e-aa8b-463c3752021d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-addons/" + google-query: inurl:"/wp-content/plugins/master-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-addons-ab471e8dcd5ca84019365a59d356e23b.yaml b/nuclei-templates/cve-less/plugins/master-addons-ab471e8dcd5ca84019365a59d356e23b.yaml new file mode 100644 index 0000000000..2896341742 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-addons-ab471e8dcd5ca84019365a59d356e23b.yaml @@ -0,0 +1,58 @@ +id: master-addons-ab471e8dcd5ca84019365a59d356e23b + +info: + name: > + Master Addons for Elementor <= 1.8.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/680b2194-0c5e-4d5c-86d8-4c1e8de378d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-addons/" + google-query: inurl:"/wp-content/plugins/master-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-addons-e068f616c0efa424554358743fa4c2b1.yaml b/nuclei-templates/cve-less/plugins/master-addons-e068f616c0efa424554358743fa4c2b1.yaml new file mode 100644 index 0000000000..0056a17b8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-addons-e068f616c0efa424554358743fa4c2b1.yaml @@ -0,0 +1,58 @@ +id: master-addons-e068f616c0efa424554358743fa4c2b1 + +info: + name: > + Master Addons for Elementor <= 2.0.5.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a362e60d-e4ab-4f19-9e18-5473d8e13d80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-addons/" + google-query: inurl:"/wp-content/plugins/master-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-addons-e3418f180f0cc9cfc471a66e2f29ee79.yaml b/nuclei-templates/cve-less/plugins/master-addons-e3418f180f0cc9cfc471a66e2f29ee79.yaml new file mode 100644 index 0000000000..eaabafb92b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-addons-e3418f180f0cc9cfc471a66e2f29ee79.yaml @@ -0,0 +1,58 @@ +id: master-addons-e3418f180f0cc9cfc471a66e2f29ee79 + +info: + name: > + Master Addons for Elementor <= 2.0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8910b6f0-1bf4-4ac0-93b7-54db7c15392c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-addons/" + google-query: inurl:"/wp-content/plugins/master-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-elements-2d24ccd35c9f49dd6df7abc0d20f88ce.yaml b/nuclei-templates/cve-less/plugins/master-elements-2d24ccd35c9f49dd6df7abc0d20f88ce.yaml new file mode 100644 index 0000000000..88c9d80e73 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-elements-2d24ccd35c9f49dd6df7abc0d20f88ce.yaml @@ -0,0 +1,58 @@ +id: master-elements-2d24ccd35c9f49dd6df7abc0d20f88ce + +info: + name: > + Master Elements <= 8.0 - Unauthenticated SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36a7b681-6059-46a4-82a8-addfb8f452cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-elements/" + google-query: inurl:"/wp-content/plugins/master-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-slider-1f1264fb01a80102a1939e77505f347e.yaml b/nuclei-templates/cve-less/plugins/master-slider-1f1264fb01a80102a1939e77505f347e.yaml new file mode 100644 index 0000000000..d5f38a4b15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-slider-1f1264fb01a80102a1939e77505f347e.yaml @@ -0,0 +1,58 @@ +id: master-slider-1f1264fb01a80102a1939e77505f347e + +info: + name: > + Master Slider <= 3.7.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5015cfe7-9e5c-4745-b6c3-60e4aa99672d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-slider/" + google-query: inurl:"/wp-content/plugins/master-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-slider-2278ff8679ddb3e8d29bcac77bb31452.yaml b/nuclei-templates/cve-less/plugins/master-slider-2278ff8679ddb3e8d29bcac77bb31452.yaml new file mode 100644 index 0000000000..81ad63e380 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-slider-2278ff8679ddb3e8d29bcac77bb31452.yaml @@ -0,0 +1,58 @@ +id: master-slider-2278ff8679ddb3e8d29bcac77bb31452 + +info: + name: > + Master Slider – Responsive Touch Slider <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af9adb6b-f726-4b74-be5c-82fdab0ae1f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-slider/" + google-query: inurl:"/wp-content/plugins/master-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-slider-37adca39d8686698946f55ba4e66fb39.yaml b/nuclei-templates/cve-less/plugins/master-slider-37adca39d8686698946f55ba4e66fb39.yaml new file mode 100644 index 0000000000..9cc392231a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-slider-37adca39d8686698946f55ba4e66fb39.yaml @@ -0,0 +1,58 @@ +id: master-slider-37adca39d8686698946f55ba4e66fb39 + +info: + name: > + Master Slider - Responsive Touch Slider <= 3.9.9 - Cross-Site Request Forgery via process_bulk_action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-slider/" + google-query: inurl:"/wp-content/plugins/master-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-slider-7ade56e168a75307ee8a4a01c082f207.yaml b/nuclei-templates/cve-less/plugins/master-slider-7ade56e168a75307ee8a4a01c082f207.yaml new file mode 100644 index 0000000000..e2785973e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-slider-7ade56e168a75307ee8a4a01c082f207.yaml @@ -0,0 +1,58 @@ +id: master-slider-7ade56e168a75307ee8a4a01c082f207 + +info: + name: > + Master Slider <= 3.9.5 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1b93229-55ef-4216-8d48-35e8b6506c19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-slider/" + google-query: inurl:"/wp-content/plugins/master-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-slider-af6803b7659222cbe48ed01e4976d1d1.yaml b/nuclei-templates/cve-less/plugins/master-slider-af6803b7659222cbe48ed01e4976d1d1.yaml new file mode 100644 index 0000000000..e579b4f374 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-slider-af6803b7659222cbe48ed01e4976d1d1.yaml @@ -0,0 +1,58 @@ +id: master-slider-af6803b7659222cbe48ed01e4976d1d1 + +info: + name: > + Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-slider/" + google-query: inurl:"/wp-content/plugins/master-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/master-slider-f99c7ac14f9b6aff3ca4eaa0306e77ee.yaml b/nuclei-templates/cve-less/plugins/master-slider-f99c7ac14f9b6aff3ca4eaa0306e77ee.yaml new file mode 100644 index 0000000000..2dce264f34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/master-slider-f99c7ac14f9b6aff3ca4eaa0306e77ee.yaml @@ -0,0 +1,58 @@ +id: master-slider-f99c7ac14f9b6aff3ca4eaa0306e77ee + +info: + name: > + Master Slider – Responsive Touch Slider <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc4d09e3-487a-4f12-818a-72ae9a6f33c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/master-slider/" + google-query: inurl:"/wp-content/plugins/master-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,master-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/master-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "master-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterslider-0cbc0458d9514fd3618b0ed89f2d3c18.yaml b/nuclei-templates/cve-less/plugins/masterslider-0cbc0458d9514fd3618b0ed89f2d3c18.yaml new file mode 100644 index 0000000000..6f49ba652a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterslider-0cbc0458d9514fd3618b0ed89f2d3c18.yaml @@ -0,0 +1,58 @@ +id: masterslider-0cbc0458d9514fd3618b0ed89f2d3c18 + +info: + name: > + Master Slider Pro <= 3.6.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f77755a-9b28-4e31-8a01-42e96b5698bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterslider/" + google-query: inurl:"/wp-content/plugins/masterslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterslider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterslider-5c92085932752374a04afe791196ed34.yaml b/nuclei-templates/cve-less/plugins/masterslider-5c92085932752374a04afe791196ed34.yaml new file mode 100644 index 0000000000..a15611ce22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterslider-5c92085932752374a04afe791196ed34.yaml @@ -0,0 +1,58 @@ +id: masterslider-5c92085932752374a04afe791196ed34 + +info: + name: > + Master Slider Pro <= 3.6.5 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66749606-e76f-41fb-bcf1-c06681de2ee3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterslider/" + google-query: inurl:"/wp-content/plugins/masterslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterslider-624a2aa57869ce0516a56db0d2b7ba1e.yaml b/nuclei-templates/cve-less/plugins/masterslider-624a2aa57869ce0516a56db0d2b7ba1e.yaml new file mode 100644 index 0000000000..89f3615f05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterslider-624a2aa57869ce0516a56db0d2b7ba1e.yaml @@ -0,0 +1,58 @@ +id: masterslider-624a2aa57869ce0516a56db0d2b7ba1e + +info: + name: > + Master Slider Pro <= 3.6.5 - Authenticated (Editor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a69a5249-f9ab-4489-a032-33dd482fdc96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterslider/" + google-query: inurl:"/wp-content/plugins/masterslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-0f202e755d7e2e49728e189143faa82e.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-0f202e755d7e2e49728e189143faa82e.yaml new file mode 100644 index 0000000000..ad58a01542 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-0f202e755d7e2e49728e189143faa82e.yaml @@ -0,0 +1,58 @@ +id: masterstudy-lms-learning-management-system-0f202e755d7e2e49728e189143faa82e + +info: + name: > + MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/" + google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterstudy-lms-learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-16f3aadbc51503db1bc43aad84f72646.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-16f3aadbc51503db1bc43aad84f72646.yaml new file mode 100644 index 0000000000..ad59e38e7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-16f3aadbc51503db1bc43aad84f72646.yaml @@ -0,0 +1,58 @@ +id: masterstudy-lms-learning-management-system-16f3aadbc51503db1bc43aad84f72646 + +info: + name: > + MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18fd631d-9e9b-46ee-953f-61ad3458e1dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/" + google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterstudy-lms-learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-44e1f2ffb01f5ea3ea36f27a7c236058.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-44e1f2ffb01f5ea3ea36f27a7c236058.yaml new file mode 100644 index 0000000000..d23ff6924c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-44e1f2ffb01f5ea3ea36f27a7c236058.yaml @@ -0,0 +1,58 @@ +id: masterstudy-lms-learning-management-system-44e1f2ffb01f5ea3ea36f27a7c236058 + +info: + name: > + MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb3d67-7056-4a03-ba3b-a04c2e96648d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/" + google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterstudy-lms-learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-4f9f0369d878a015f409ab24ea975cbb.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-4f9f0369d878a015f409ab24ea975cbb.yaml new file mode 100644 index 0000000000..b9ea833765 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-4f9f0369d878a015f409ab24ea975cbb.yaml @@ -0,0 +1,58 @@ +id: masterstudy-lms-learning-management-system-4f9f0369d878a015f409ab24ea975cbb + +info: + name: > + MasterStudy LMS <= 3.3.0 - Unauthenticated Local File Inclusion via modal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d68a2b60-ee89-4231-b256-214eba418244?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/" + google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterstudy-lms-learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-55dfb8067a9d9a28485a43b25b96a7c4.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-55dfb8067a9d9a28485a43b25b96a7c4.yaml new file mode 100644 index 0000000000..26834d7164 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-55dfb8067a9d9a28485a43b25b96a7c4.yaml @@ -0,0 +1,58 @@ +id: masterstudy-lms-learning-management-system-55dfb8067a9d9a28485a43b25b96a7c4 + +info: + name: > + MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1be686d3-16b1-4ec7-b304-848ca4d7162c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/" + google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterstudy-lms-learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-5a1407576dc4eee8a15af816c107132f.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-5a1407576dc4eee8a15af816c107132f.yaml new file mode 100644 index 0000000000..44283b951b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-5a1407576dc4eee8a15af816c107132f.yaml @@ -0,0 +1,58 @@ +id: masterstudy-lms-learning-management-system-5a1407576dc4eee8a15af816c107132f + +info: + name: > + MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/" + google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterstudy-lms-learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-99f4448a717d374af03d744cdc0eb9ad.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-99f4448a717d374af03d744cdc0eb9ad.yaml new file mode 100644 index 0000000000..e42a3beb38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-99f4448a717d374af03d744cdc0eb9ad.yaml @@ -0,0 +1,58 @@ +id: masterstudy-lms-learning-management-system-99f4448a717d374af03d744cdc0eb9ad + +info: + name: > + MasterStudy LMS <= 3.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/174e2bf3-2531-4a53-ade6-3df7e976ed29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/" + google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterstudy-lms-learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-9ab9e985d63e7f8faa4ebcb1df0816d3.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-9ab9e985d63e7f8faa4ebcb1df0816d3.yaml new file mode 100644 index 0000000000..02c73e9182 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-9ab9e985d63e7f8faa4ebcb1df0816d3.yaml @@ -0,0 +1,58 @@ +id: masterstudy-lms-learning-management-system-9ab9e985d63e7f8faa4ebcb1df0816d3 + +info: + name: > + MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6b6d824-51d3-4da9-a39a-b957368df4dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/" + google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterstudy-lms-learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-af86ce237a4bf58d93744674227f4830.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-af86ce237a4bf58d93744674227f4830.yaml new file mode 100644 index 0000000000..5468ad627e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-af86ce237a4bf58d93744674227f4830.yaml @@ -0,0 +1,58 @@ +id: masterstudy-lms-learning-management-system-af86ce237a4bf58d93744674227f4830 + +info: + name: > + MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/" + google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterstudy-lms-learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-bf3837a16a33f16813a6b85f5185aa0d.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-bf3837a16a33f16813a6b85f5185aa0d.yaml new file mode 100644 index 0000000000..157137d5c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-bf3837a16a33f16813a6b85f5185aa0d.yaml @@ -0,0 +1,58 @@ +id: masterstudy-lms-learning-management-system-bf3837a16a33f16813a6b85f5185aa0d + +info: + name: > + MasterStudy LMS <= 3.0.17 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df00c8bc-8acd-4197-86fe-b88cb47d52c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/" + google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterstudy-lms-learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-f9e11f76930ee22e20526313ed9f389b.yaml b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-f9e11f76930ee22e20526313ed9f389b.yaml new file mode 100644 index 0000000000..34ffe9f838 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/masterstudy-lms-learning-management-system-f9e11f76930ee22e20526313ed9f389b.yaml @@ -0,0 +1,58 @@ +id: masterstudy-lms-learning-management-system-f9e11f76930ee22e20526313ed9f389b + +info: + name: > + MasterStudy LMS <= 3.0.8 - Missing Authorization to Course Category Creation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/417ae2f2-e245-49bb-8b77-0eabf6095459?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/masterstudy-lms-learning-management-system/" + google-query: inurl:"/wp-content/plugins/masterstudy-lms-learning-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,masterstudy-lms-learning-management-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/masterstudy-lms-learning-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "masterstudy-lms-learning-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/material-design-for-contact-form-7-2c15d4e93f6f6d616a273e49657a41e3.yaml b/nuclei-templates/cve-less/plugins/material-design-for-contact-form-7-2c15d4e93f6f6d616a273e49657a41e3.yaml new file mode 100644 index 0000000000..590fd292af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/material-design-for-contact-form-7-2c15d4e93f6f6d616a273e49657a41e3.yaml @@ -0,0 +1,58 @@ +id: material-design-for-contact-form-7-2c15d4e93f6f6d616a273e49657a41e3 + +info: + name: > + Material Design for Contact Form 7 <= 2.6.4 - Missing Authorization to Arbitrary Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/962f31e6-7863-45e1-835e-c679046deeea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/material-design-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/material-design-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,material-design-for-contact-form-7,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/material-design-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "material-design-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/material-design-icons-for-elementor-639d631ea2d71e82d52ba35e11baa85c.yaml b/nuclei-templates/cve-less/plugins/material-design-icons-for-elementor-639d631ea2d71e82d52ba35e11baa85c.yaml new file mode 100644 index 0000000000..9d6ebd327a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/material-design-icons-for-elementor-639d631ea2d71e82d52ba35e11baa85c.yaml @@ -0,0 +1,58 @@ +id: material-design-icons-for-elementor-639d631ea2d71e82d52ba35e11baa85c + +info: + name: > + Material Design Icons for Page Builders <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2075960-fde4-4ca9-a000-23fdd6d5de1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/material-design-icons-for-elementor/" + google-query: inurl:"/wp-content/plugins/material-design-icons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,material-design-icons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/material-design-icons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "material-design-icons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/material-design-icons-for-elementor-eab3c1f0807691261d40289ccf106a32.yaml b/nuclei-templates/cve-less/plugins/material-design-icons-for-elementor-eab3c1f0807691261d40289ccf106a32.yaml new file mode 100644 index 0000000000..134ec01f44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/material-design-icons-for-elementor-eab3c1f0807691261d40289ccf106a32.yaml @@ -0,0 +1,58 @@ +id: material-design-icons-for-elementor-eab3c1f0807691261d40289ccf106a32 + +info: + name: > + Material Design Icons for Page Builders <= 1.4.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2482ef4b-697a-45a0-b45e-85b2af5b4735?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/material-design-icons-for-elementor/" + google-query: inurl:"/wp-content/plugins/material-design-icons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,material-design-icons-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/material-design-icons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "material-design-icons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/materialis-companion-41bbba0b761effafe973f064cede1988.yaml b/nuclei-templates/cve-less/plugins/materialis-companion-41bbba0b761effafe973f064cede1988.yaml new file mode 100644 index 0000000000..4c0f34bace --- /dev/null +++ b/nuclei-templates/cve-less/plugins/materialis-companion-41bbba0b761effafe973f064cede1988.yaml @@ -0,0 +1,58 @@ +id: materialis-companion-41bbba0b761effafe973f064cede1988 + +info: + name: > + Materialis Companion <= 1.3.39 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8f94588-635c-44b2-bd7e-af3068734713?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/materialis-companion/" + google-query: inurl:"/wp-content/plugins/materialis-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,materialis-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/materialis-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "materialis-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/math-comment-spam-protection-2c787e56b33949d16c5a8fc8e49284cd.yaml b/nuclei-templates/cve-less/plugins/math-comment-spam-protection-2c787e56b33949d16c5a8fc8e49284cd.yaml new file mode 100644 index 0000000000..51236633ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/math-comment-spam-protection-2c787e56b33949d16c5a8fc8e49284cd.yaml @@ -0,0 +1,58 @@ +id: math-comment-spam-protection-2c787e56b33949d16c5a8fc8e49284cd + +info: + name: > + Math Comment Spam Protection <= 2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00fbbd00-c98e-41b3-9777-3a0d1295c24b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/math-comment-spam-protection/" + google-query: inurl:"/wp-content/plugins/math-comment-spam-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,math-comment-spam-protection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/math-comment-spam-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "math-comment-spam-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/math-comment-spam-protection-3f5c9085cc5ea3fa80320bca3cc4e85b.yaml b/nuclei-templates/cve-less/plugins/math-comment-spam-protection-3f5c9085cc5ea3fa80320bca3cc4e85b.yaml new file mode 100644 index 0000000000..8fd941d7f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/math-comment-spam-protection-3f5c9085cc5ea3fa80320bca3cc4e85b.yaml @@ -0,0 +1,58 @@ +id: math-comment-spam-protection-3f5c9085cc5ea3fa80320bca3cc4e85b + +info: + name: > + Math Comment Spam Protection <= 2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a9e958f-e53b-4aa0-b7d6-7469852f0d97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/math-comment-spam-protection/" + google-query: inurl:"/wp-content/plugins/math-comment-spam-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,math-comment-spam-protection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/math-comment-spam-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "math-comment-spam-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/matomo-3df1b6184a3059e9fa9458d9fe22e2e2.yaml b/nuclei-templates/cve-less/plugins/matomo-3df1b6184a3059e9fa9458d9fe22e2e2.yaml new file mode 100644 index 0000000000..caf347be45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/matomo-3df1b6184a3059e9fa9458d9fe22e2e2.yaml @@ -0,0 +1,58 @@ +id: matomo-3df1b6184a3059e9fa9458d9fe22e2e2 + +info: + name: > + Matomo <= 4.15.3 - Reflected Cross-Site Scripting via idsite + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e2d54eb-c176-49c4-a4fc-833e17189cad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/matomo/" + google-query: inurl:"/wp-content/plugins/matomo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,matomo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/matomo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "matomo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/matrix-image-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/matrix-image-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..3ded6cf6f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/matrix-image-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: matrix-image-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/matrix-image-gallery/" + google-query: inurl:"/wp-content/plugins/matrix-image-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,matrix-image-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/matrix-image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "matrix-image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/matrix-pre-loader-7eefbdb00f6e0dd3aa9ee384b653f5e3.yaml b/nuclei-templates/cve-less/plugins/matrix-pre-loader-7eefbdb00f6e0dd3aa9ee384b653f5e3.yaml new file mode 100644 index 0000000000..99d99b3b79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/matrix-pre-loader-7eefbdb00f6e0dd3aa9ee384b653f5e3.yaml @@ -0,0 +1,58 @@ +id: matrix-pre-loader-7eefbdb00f6e0dd3aa9ee384b653f5e3 + +info: + name: > + Preloader Matrix <= 2.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97548879-f015-4adc-8a84-535d210ae0de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/matrix-pre-loader/" + google-query: inurl:"/wp-content/plugins/matrix-pre-loader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,matrix-pre-loader,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/matrix-pre-loader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "matrix-pre-loader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mautic-integration-for-woocommerce-af46d9a5be7a2ee874bad5ee679a36f8.yaml b/nuclei-templates/cve-less/plugins/mautic-integration-for-woocommerce-af46d9a5be7a2ee874bad5ee679a36f8.yaml new file mode 100644 index 0000000000..a691e75bef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mautic-integration-for-woocommerce-af46d9a5be7a2ee874bad5ee679a36f8.yaml @@ -0,0 +1,58 @@ +id: mautic-integration-for-woocommerce-af46d9a5be7a2ee874bad5ee679a36f8 + +info: + name: > + Mautic Integration for WooCommerce < 1.0.3 - Cross-Site Request Forgery leading to Arbitrary Options Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a922bf72-192e-457f-9c33-59835e9aff2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mautic-integration-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/mautic-integration-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mautic-integration-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mautic-integration-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mautic-integration-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/max-addons-pro-bricks-7793772eece0aff14b3b4690844c3621.yaml b/nuclei-templates/cve-less/plugins/max-addons-pro-bricks-7793772eece0aff14b3b4690844c3621.yaml new file mode 100644 index 0000000000..72378ee259 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/max-addons-pro-bricks-7793772eece0aff14b3b4690844c3621.yaml @@ -0,0 +1,58 @@ +id: max-addons-pro-bricks-7793772eece0aff14b3b4690844c3621 + +info: + name: > + Max Addons Pro for Bricks <= 1.6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01cce0b2-b43c-4b79-89a0-c1842cab1edc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/max-addons-pro-bricks/" + google-query: inurl:"/wp-content/plugins/max-addons-pro-bricks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,max-addons-pro-bricks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/max-addons-pro-bricks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "max-addons-pro-bricks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/max-addons-pro-bricks-cb8a70925c9490ee47d5d493a807b6ac.yaml b/nuclei-templates/cve-less/plugins/max-addons-pro-bricks-cb8a70925c9490ee47d5d493a807b6ac.yaml new file mode 100644 index 0000000000..546ff9f938 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/max-addons-pro-bricks-cb8a70925c9490ee47d5d493a807b6ac.yaml @@ -0,0 +1,58 @@ +id: max-addons-pro-bricks-cb8a70925c9490ee47d5d493a807b6ac + +info: + name: > + Max Addons Pro for Bricks <= 1.6.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ac22e56-5d52-48f0-8bd1-8584c2b40bb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/max-addons-pro-bricks/" + google-query: inurl:"/wp-content/plugins/max-addons-pro-bricks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,max-addons-pro-bricks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/max-addons-pro-bricks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "max-addons-pro-bricks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maxbuttons-1cc06f74e3aed2807f1fd2894b6227eb.yaml b/nuclei-templates/cve-less/plugins/maxbuttons-1cc06f74e3aed2807f1fd2894b6227eb.yaml new file mode 100644 index 0000000000..920cf073ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maxbuttons-1cc06f74e3aed2807f1fd2894b6227eb.yaml @@ -0,0 +1,58 @@ +id: maxbuttons-1cc06f74e3aed2807f1fd2894b6227eb + +info: + name: > + MaxButtons - < 1.26.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25f8b0db-eed2-468a-a6b3-ed93daaddcb2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maxbuttons/" + google-query: inurl:"/wp-content/plugins/maxbuttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maxbuttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maxbuttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maxbuttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.26.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maxbuttons-2cfa41593b5c54dbbe7f94408a704c8b.yaml b/nuclei-templates/cve-less/plugins/maxbuttons-2cfa41593b5c54dbbe7f94408a704c8b.yaml new file mode 100644 index 0000000000..ad065b5fa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maxbuttons-2cfa41593b5c54dbbe7f94408a704c8b.yaml @@ -0,0 +1,58 @@ +id: maxbuttons-2cfa41593b5c54dbbe7f94408a704c8b + +info: + name: > + MaxButtons <= 9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8eaf6dfd-bc66-466f-af80-213213fdb839?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maxbuttons/" + google-query: inurl:"/wp-content/plugins/maxbuttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maxbuttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maxbuttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maxbuttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maxbuttons-3394a8c6bca4050b8fcb857b11ee3b36.yaml b/nuclei-templates/cve-less/plugins/maxbuttons-3394a8c6bca4050b8fcb857b11ee3b36.yaml new file mode 100644 index 0000000000..2092ba8953 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maxbuttons-3394a8c6bca4050b8fcb857b11ee3b36.yaml @@ -0,0 +1,58 @@ +id: maxbuttons-3394a8c6bca4050b8fcb857b11ee3b36 + +info: + name: > + WordPress Button Plugin MaxButtons <= 9.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfe2cabd-98f6-4ebc-8a02-e6951202aa88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maxbuttons/" + google-query: inurl:"/wp-content/plugins/maxbuttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maxbuttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maxbuttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maxbuttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maxbuttons-5e63735b86336209453cce97844f636d.yaml b/nuclei-templates/cve-less/plugins/maxbuttons-5e63735b86336209453cce97844f636d.yaml new file mode 100644 index 0000000000..e74583f602 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maxbuttons-5e63735b86336209453cce97844f636d.yaml @@ -0,0 +1,58 @@ +id: maxbuttons-5e63735b86336209453cce97844f636d + +info: + name: > + MaxButtons <= 9.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af478e73-a2b8-468a-9075-9c1db1a97d7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maxbuttons/" + google-query: inurl:"/wp-content/plugins/maxbuttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maxbuttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maxbuttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maxbuttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maxbuttons-6576cec6cc72bf932987474c7e82dbd1.yaml b/nuclei-templates/cve-less/plugins/maxbuttons-6576cec6cc72bf932987474c7e82dbd1.yaml new file mode 100644 index 0000000000..8b9c3a07fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maxbuttons-6576cec6cc72bf932987474c7e82dbd1.yaml @@ -0,0 +1,58 @@ +id: maxbuttons-6576cec6cc72bf932987474c7e82dbd1 + +info: + name: > + WordPress Button Plugin MaxButtons <= 9.7.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bca0e8a0-d837-42d8-a9d3-35e0c820eb43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maxbuttons/" + google-query: inurl:"/wp-content/plugins/maxbuttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maxbuttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maxbuttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maxbuttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maxbuttons-791eff0c2052bc2e9edb50c4e621f28e.yaml b/nuclei-templates/cve-less/plugins/maxbuttons-791eff0c2052bc2e9edb50c4e621f28e.yaml new file mode 100644 index 0000000000..9be3a12ea2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maxbuttons-791eff0c2052bc2e9edb50c4e621f28e.yaml @@ -0,0 +1,58 @@ +id: maxbuttons-791eff0c2052bc2e9edb50c4e621f28e + +info: + name: > + MaxButtons <= 6.18 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efa01956-7c03-4f0f-9054-6920013a2b32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maxbuttons/" + google-query: inurl:"/wp-content/plugins/maxbuttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maxbuttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maxbuttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maxbuttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maxbuttons-b87b09efd2ae58c86dc8e5fdf3e23221.yaml b/nuclei-templates/cve-less/plugins/maxbuttons-b87b09efd2ae58c86dc8e5fdf3e23221.yaml new file mode 100644 index 0000000000..b03ae01c0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maxbuttons-b87b09efd2ae58c86dc8e5fdf3e23221.yaml @@ -0,0 +1,58 @@ +id: maxbuttons-b87b09efd2ae58c86dc8e5fdf3e23221 + +info: + name: > + WordPress Button Plugin MaxButtons <= 9.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74f4068b-224e-4523-9a8d-8713b779a262?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maxbuttons/" + google-query: inurl:"/wp-content/plugins/maxbuttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maxbuttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maxbuttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maxbuttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maxgalleria-4d573fe9c428ad3a04750d4555eab402.yaml b/nuclei-templates/cve-less/plugins/maxgalleria-4d573fe9c428ad3a04750d4555eab402.yaml new file mode 100644 index 0000000000..af35983c4e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maxgalleria-4d573fe9c428ad3a04750d4555eab402.yaml @@ -0,0 +1,58 @@ +id: maxgalleria-4d573fe9c428ad3a04750d4555eab402 + +info: + name: > + MaxGalleria <= 6.4.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0629798c-ede2-43ac-9ec4-2cd99cd34ae2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maxgalleria/" + google-query: inurl:"/wp-content/plugins/maxgalleria/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maxgalleria,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maxgalleria/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maxgalleria" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maxgalleria-e066c5d256834fe1f65bdb778f74e19e.yaml b/nuclei-templates/cve-less/plugins/maxgalleria-e066c5d256834fe1f65bdb778f74e19e.yaml new file mode 100644 index 0000000000..008a283b1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maxgalleria-e066c5d256834fe1f65bdb778f74e19e.yaml @@ -0,0 +1,58 @@ +id: maxgalleria-e066c5d256834fe1f65bdb778f74e19e + +info: + name: > + MaxGalleria <= 6.2.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e404d689-f0b5-43cc-b366-b7d6a44a9dcc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maxgalleria/" + google-query: inurl:"/wp-content/plugins/maxgalleria/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maxgalleria,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maxgalleria/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maxgalleria" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maz-loader-3e1b73d443d99821d0af1b91c016f547.yaml b/nuclei-templates/cve-less/plugins/maz-loader-3e1b73d443d99821d0af1b91c016f547.yaml new file mode 100644 index 0000000000..fe2dd06801 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maz-loader-3e1b73d443d99821d0af1b91c016f547.yaml @@ -0,0 +1,58 @@ +id: maz-loader-3e1b73d443d99821d0af1b91c016f547 + +info: + name: > + MAZ Loader – Preloader Builder for WordPress <= 1.4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a580a7a-d477-47ba-a7c1-21d7312c53ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maz-loader/" + google-query: inurl:"/wp-content/plugins/maz-loader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maz-loader,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maz-loader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maz-loader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/maz-loader-ccaa11bd28c41ea215a8627a09fdb85f.yaml b/nuclei-templates/cve-less/plugins/maz-loader-ccaa11bd28c41ea215a8627a09fdb85f.yaml new file mode 100644 index 0000000000..8d714a6700 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/maz-loader-ccaa11bd28c41ea215a8627a09fdb85f.yaml @@ -0,0 +1,58 @@ +id: maz-loader-ccaa11bd28c41ea215a8627a09fdb85f + +info: + name: > + MAZ Loader – Preloader Builder for WordPress <= 1.3.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44c5a1cd-aac2-4c44-8aaa-9b5fdafad133?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/maz-loader/" + google-query: inurl:"/wp-content/plugins/maz-loader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,maz-loader,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/maz-loader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "maz-loader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mdc-private-message-6ffded2a3fa64429e9ee95b7a8bf44d5.yaml b/nuclei-templates/cve-less/plugins/mdc-private-message-6ffded2a3fa64429e9ee95b7a8bf44d5.yaml new file mode 100644 index 0000000000..1d9ee162d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mdc-private-message-6ffded2a3fa64429e9ee95b7a8bf44d5.yaml @@ -0,0 +1,58 @@ +id: mdc-private-message-6ffded2a3fa64429e9ee95b7a8bf44d5 + +info: + name: > + MDC Private Message <= 1.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ce635f1-3798-4ca2-b4cf-ea183a1e1d79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mdc-private-message/" + google-query: inurl:"/wp-content/plugins/mdc-private-message/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mdc-private-message,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mdc-private-message/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mdc-private-message" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mdc-youtube-downloader-a6d6119e6304bac68d182070bb782f60.yaml b/nuclei-templates/cve-less/plugins/mdc-youtube-downloader-a6d6119e6304bac68d182070bb782f60.yaml new file mode 100644 index 0000000000..80e7d41688 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mdc-youtube-downloader-a6d6119e6304bac68d182070bb782f60.yaml @@ -0,0 +1,58 @@ +id: mdc-youtube-downloader-a6d6119e6304bac68d182070bb782f60 + +info: + name: > + MDC YouTube Downloader < 2.1.1 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/793e650c-27f7-4eff-9922-8e01ba24e96d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mdc-youtube-downloader/" + google-query: inurl:"/wp-content/plugins/mdc-youtube-downloader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mdc-youtube-downloader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mdc-youtube-downloader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mdc-youtube-downloader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-alt-renamer-7678a4c43bf3743b099ecbdc547aa500.yaml b/nuclei-templates/cve-less/plugins/media-alt-renamer-7678a4c43bf3743b099ecbdc547aa500.yaml new file mode 100644 index 0000000000..8f3c187b49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-alt-renamer-7678a4c43bf3743b099ecbdc547aa500.yaml @@ -0,0 +1,58 @@ +id: media-alt-renamer-7678a4c43bf3743b099ecbdc547aa500 + +info: + name: > + Media Alt Renamer 0.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via _wp_attachment_image_alt postmeta + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7826a6ab-50c4-4fc0-b58d-74084172b4e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-alt-renamer/" + google-query: inurl:"/wp-content/plugins/media-alt-renamer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-alt-renamer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-alt-renamer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-alt-renamer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '0.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-cleaner-f41915eaa49875fc0d02563613a044ce.yaml b/nuclei-templates/cve-less/plugins/media-cleaner-f41915eaa49875fc0d02563613a044ce.yaml new file mode 100644 index 0000000000..a110236e09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-cleaner-f41915eaa49875fc0d02563613a044ce.yaml @@ -0,0 +1,58 @@ +id: media-cleaner-f41915eaa49875fc0d02563613a044ce + +info: + name: > + Media Cleaner: Clean your WordPress! <= 6.7.2 - Unauthenticated Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a8ee823-74f2-4cab-99a1-f2f613929b44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-cleaner/" + google-query: inurl:"/wp-content/plugins/media-cleaner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-cleaner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-cleaner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-cleaner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-downloader-385ab086e084dcab7761c5868fab9464.yaml b/nuclei-templates/cve-less/plugins/media-downloader-385ab086e084dcab7761c5868fab9464.yaml new file mode 100644 index 0000000000..8fc0d22189 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-downloader-385ab086e084dcab7761c5868fab9464.yaml @@ -0,0 +1,58 @@ +id: media-downloader-385ab086e084dcab7761c5868fab9464 + +info: + name: > + Media Downloader <= 0.1.992 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d2dd5e4-558b-44fe-a47c-fb2b5639f39c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-downloader/" + google-query: inurl:"/wp-content/plugins/media-downloader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-downloader,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-downloader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-downloader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.992') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-element-html5-video-and-audio-player-6833c69669f3b6c1ff537772ca9a9c7f.yaml b/nuclei-templates/cve-less/plugins/media-element-html5-video-and-audio-player-6833c69669f3b6c1ff537772ca9a9c7f.yaml new file mode 100644 index 0000000000..2d61645357 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-element-html5-video-and-audio-player-6833c69669f3b6c1ff537772ca9a9c7f.yaml @@ -0,0 +1,58 @@ +id: media-element-html5-video-and-audio-player-6833c69669f3b6c1ff537772ca9a9c7f + +info: + name: > + MediaElement.js – HTML5 Video & Audio Player <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82253cd8-e9ff-4f3d-8844-c270dae445a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-element-html5-video-and-audio-player/" + google-query: inurl:"/wp-content/plugins/media-element-html5-video-and-audio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-element-html5-video-and-audio-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-element-html5-video-and-audio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-element-html5-video-and-audio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-file-manager-0096aa18a8e24a189b34368fe050792b.yaml b/nuclei-templates/cve-less/plugins/media-file-manager-0096aa18a8e24a189b34368fe050792b.yaml new file mode 100644 index 0000000000..f62a4296db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-file-manager-0096aa18a8e24a189b34368fe050792b.yaml @@ -0,0 +1,58 @@ +id: media-file-manager-0096aa18a8e24a189b34368fe050792b + +info: + name: > + Media File Manager <= 1.4.2 - Directory Traversal to Directory Listing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05529ca0-09f5-4047-9972-c0a2872ea857?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-file-manager/" + google-query: inurl:"/wp-content/plugins/media-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-file-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-file-manager-54b9a63aa780af450d6501f70863fee9.yaml b/nuclei-templates/cve-less/plugins/media-file-manager-54b9a63aa780af450d6501f70863fee9.yaml new file mode 100644 index 0000000000..b4e3b40dcc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-file-manager-54b9a63aa780af450d6501f70863fee9.yaml @@ -0,0 +1,58 @@ +id: media-file-manager-54b9a63aa780af450d6501f70863fee9 + +info: + name: > + Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Relocation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c52a8b78-39bd-473b-ad78-377c31453f4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-file-manager/" + google-query: inurl:"/wp-content/plugins/media-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-file-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-file-manager-9116ab86d599e20ae25aa3123513f61a.yaml b/nuclei-templates/cve-less/plugins/media-file-manager-9116ab86d599e20ae25aa3123513f61a.yaml new file mode 100644 index 0000000000..0578c2565d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-file-manager-9116ab86d599e20ae25aa3123513f61a.yaml @@ -0,0 +1,58 @@ +id: media-file-manager-9116ab86d599e20ae25aa3123513f61a + +info: + name: > + Media File Manager <= 1.4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bb2b1f9-fd76-440e-a64c-ff11622efec1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-file-manager/" + google-query: inurl:"/wp-content/plugins/media-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-file-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-file-manager-bf399dd02aeab6e8c35f662b2b5169e5.yaml b/nuclei-templates/cve-less/plugins/media-file-manager-bf399dd02aeab6e8c35f662b2b5169e5.yaml new file mode 100644 index 0000000000..aef03ef0ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-file-manager-bf399dd02aeab6e8c35f662b2b5169e5.yaml @@ -0,0 +1,58 @@ +id: media-file-manager-bf399dd02aeab6e8c35f662b2b5169e5 + +info: + name: > + Media File Manager <= 1.4.2 - Directory Traversal to Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37aedfb3-bc98-4a8f-bc19-af7778ff1a14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-file-manager/" + google-query: inurl:"/wp-content/plugins/media-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-file-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-file-organizer-00bb27b1e1befeeadd2692ce2f1a6969.yaml b/nuclei-templates/cve-less/plugins/media-file-organizer-00bb27b1e1befeeadd2692ce2f1a6969.yaml new file mode 100644 index 0000000000..8009c4a9ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-file-organizer-00bb27b1e1befeeadd2692ce2f1a6969.yaml @@ -0,0 +1,58 @@ +id: media-file-organizer-00bb27b1e1befeeadd2692ce2f1a6969 + +info: + name: > + Media File Organizer <= 1.0.1 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe0def72-affb-4f42-8857-0e2b8b602c7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-file-organizer/" + google-query: inurl:"/wp-content/plugins/media-file-organizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-file-organizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-file-organizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-file-organizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-file-renamer-22a2226407a4248640044dd2df483fba.yaml b/nuclei-templates/cve-less/plugins/media-file-renamer-22a2226407a4248640044dd2df483fba.yaml new file mode 100644 index 0000000000..7c10c6c699 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-file-renamer-22a2226407a4248640044dd2df483fba.yaml @@ -0,0 +1,58 @@ +id: media-file-renamer-22a2226407a4248640044dd2df483fba + +info: + name: > + Media File Renamer <= 5.6.9 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71e55161-f5ad-44e5-8a61-ce48c05e6dba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-file-renamer/" + google-query: inurl:"/wp-content/plugins/media-file-renamer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-file-renamer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-file-renamer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-file-renamer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-file-renamer-6234c54583fe97f4b335659ad6e8c2c3.yaml b/nuclei-templates/cve-less/plugins/media-file-renamer-6234c54583fe97f4b335659ad6e8c2c3.yaml new file mode 100644 index 0000000000..d018dd0f7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-file-renamer-6234c54583fe97f4b335659ad6e8c2c3.yaml @@ -0,0 +1,58 @@ +id: media-file-renamer-6234c54583fe97f4b335659ad6e8c2c3 + +info: + name: > + Media File Renamer < 1.9.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/176798cc-9f5f-4524-9172-8f0497e4fc11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-file-renamer/" + google-query: inurl:"/wp-content/plugins/media-file-renamer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-file-renamer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-file-renamer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-file-renamer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-file-renamer-6e4ac4275a14e860f6690b3cd168f08e.yaml b/nuclei-templates/cve-less/plugins/media-file-renamer-6e4ac4275a14e860f6690b3cd168f08e.yaml new file mode 100644 index 0000000000..edef7d9dcc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-file-renamer-6e4ac4275a14e860f6690b3cd168f08e.yaml @@ -0,0 +1,58 @@ +id: media-file-renamer-6e4ac4275a14e860f6690b3cd168f08e + +info: + name: > + Media File Renamer <= 5.7.7 - Authenticated(Administrator+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32b2b8e9-aa49-4cc3-97b7-249695969461?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-file-renamer/" + google-query: inurl:"/wp-content/plugins/media-file-renamer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-file-renamer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-file-renamer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-file-renamer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-file-renamer-e76a25dd6d02a9976e1a45024d852c58.yaml b/nuclei-templates/cve-less/plugins/media-file-renamer-e76a25dd6d02a9976e1a45024d852c58.yaml new file mode 100644 index 0000000000..63a01bc06c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-file-renamer-e76a25dd6d02a9976e1a45024d852c58.yaml @@ -0,0 +1,58 @@ +id: media-file-renamer-e76a25dd6d02a9976e1a45024d852c58 + +info: + name: > + Media File Renamer – Auto & Manual Rename <= 5.2.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbf32808-b5d7-4f12-ada5-0578e0bef321?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-file-renamer/" + google-query: inurl:"/wp-content/plugins/media-file-renamer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-file-renamer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-file-renamer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-file-renamer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-from-ftp-0efd51ee11e484e5ac059494b28050b4.yaml b/nuclei-templates/cve-less/plugins/media-from-ftp-0efd51ee11e484e5ac059494b28050b4.yaml new file mode 100644 index 0000000000..ec6ad22f6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-from-ftp-0efd51ee11e484e5ac059494b28050b4.yaml @@ -0,0 +1,58 @@ +id: media-from-ftp-0efd51ee11e484e5ac059494b28050b4 + +info: + name: > + Media from FTP Plugin < 9.85 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/561361da-ea4b-44d0-be77-c622af11f5b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-from-ftp/" + google-query: inurl:"/wp-content/plugins/media-from-ftp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-from-ftp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-from-ftp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-from-ftp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 9.85') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-from-ftp-c3c6f65072fe37bbbc2ef7dbe119003d.yaml b/nuclei-templates/cve-less/plugins/media-from-ftp-c3c6f65072fe37bbbc2ef7dbe119003d.yaml new file mode 100644 index 0000000000..ab505a47aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-from-ftp-c3c6f65072fe37bbbc2ef7dbe119003d.yaml @@ -0,0 +1,58 @@ +id: media-from-ftp-c3c6f65072fe37bbbc2ef7dbe119003d + +info: + name: > + Media from FTP <= 11.16 - Authenticated (Author+) Improper Privilege Management + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9764d402-b8a2-43d5-882a-bc3886078b7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-from-ftp/" + google-query: inurl:"/wp-content/plugins/media-from-ftp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-from-ftp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-from-ftp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-from-ftp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-0b903181e53a3afd2853d8a217d8de8d.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-0b903181e53a3afd2853d8a217d8de8d.yaml new file mode 100644 index 0000000000..fc2e72220c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-0b903181e53a3afd2853d8a217d8de8d.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-0b903181e53a3afd2853d8a217d8de8d + +info: + name: > + Media Library Assistant <= 3.11 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1603dc9-7f5e-47e1-8a81-27bb4df1aa4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-1071684e8b4fbe11ac61e0256dfaba92.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-1071684e8b4fbe11ac61e0256dfaba92.yaml new file mode 100644 index 0000000000..f9d6776d32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-1071684e8b4fbe11ac61e0256dfaba92.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-1071684e8b4fbe11ac61e0256dfaba92 + +info: + name: > + Media Library Assistant <= 3.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via mla_gallery Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63ed73c9-2b61-4811-ba7f-1803982f17bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-1749acb4ff55d423ebb0f0a82a7c5808.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-1749acb4ff55d423ebb0f0a82a7c5808.yaml new file mode 100644 index 0000000000..deee41717b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-1749acb4ff55d423ebb0f0a82a7c5808.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-1749acb4ff55d423ebb0f0a82a7c5808 + +info: + name: > + Media Library Assistant <= 3.05 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc59a6f-5e4a-44b4-932d-ed990ebb075a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-1bcb114ae8bffc625089b17287fe97ca.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-1bcb114ae8bffc625089b17287fe97ca.yaml new file mode 100644 index 0000000000..8394619e5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-1bcb114ae8bffc625089b17287fe97ca.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-1bcb114ae8bffc625089b17287fe97ca + +info: + name: > + Media Library Assistant <= 2.81 - Remote Code Execution via tax_query, meta_query, date_query Parameters + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21456889-058c-46a5-80c3-a0c8f90cd3bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.81') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-2e52fc4f7a8504883023eba2284cc957.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-2e52fc4f7a8504883023eba2284cc957.yaml new file mode 100644 index 0000000000..1ef9ba5591 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-2e52fc4f7a8504883023eba2284cc957.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-2e52fc4f7a8504883023eba2284cc957 + +info: + name: > + Media Library Assistant <= 2.81 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb581a8a-8e68-4f5a-8f05-d5b91b0f70d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.82') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-315158d01f8d35cf2208dddc8f7964b3.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-315158d01f8d35cf2208dddc8f7964b3.yaml new file mode 100644 index 0000000000..9082a7bfdc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-315158d01f8d35cf2208dddc8f7964b3.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-315158d01f8d35cf2208dddc8f7964b3 + +info: + name: > + Media Library Assistant <= 2.73 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cfa4cb3-0f16-40be-9e78-ea378c3f535f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-4028fc1d58c158acfb13c46a4db5a2fb.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-4028fc1d58c158acfb13c46a4db5a2fb.yaml new file mode 100644 index 0000000000..809801dbfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-4028fc1d58c158acfb13c46a4db5a2fb.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-4028fc1d58c158acfb13c46a4db5a2fb + +info: + name: > + Media Library Assistant <= 3.00 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b1cf5dc-c823-4603-959a-5dfc21f7d338?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.00') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-5541a58ff6aa2455768527014bebcd1e.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-5541a58ff6aa2455768527014bebcd1e.yaml new file mode 100644 index 0000000000..1b078006dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-5541a58ff6aa2455768527014bebcd1e.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-5541a58ff6aa2455768527014bebcd1e + +info: + name: > + Media Library Assistant <= 3.07 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/639009f6-9877-45a9-b9f3-7256bc6f3360?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-7a4b57c89eea61dbc376b3ebcfe96a70.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-7a4b57c89eea61dbc376b3ebcfe96a70.yaml new file mode 100644 index 0000000000..bd44e62b30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-7a4b57c89eea61dbc376b3ebcfe96a70.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-7a4b57c89eea61dbc376b3ebcfe96a70 + +info: + name: > + Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05c68377-feb6-442d-a3a0-1fbc246c7cbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.09') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-c35f9ed6b93a44d06dd09e34e66b7586.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-c35f9ed6b93a44d06dd09e34e66b7586.yaml new file mode 100644 index 0000000000..5eac0cd1fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-c35f9ed6b93a44d06dd09e34e66b7586.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-c35f9ed6b93a44d06dd09e34e66b7586 + +info: + name: > + Media Library Assistant <= 2.81 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c49811bf-19d5-450f-9f11-a5fc9e8781c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.81') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-cd5bfb58064b9745ccbd3f1f59ac312b.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-cd5bfb58064b9745ccbd3f1f59ac312b.yaml new file mode 100644 index 0000000000..fae1114b77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-cd5bfb58064b9745ccbd3f1f59ac312b.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-cd5bfb58064b9745ccbd3f1f59ac312b + +info: + name: > + Media Library Assistant <= 3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5f6ae5d-7854-44c7-9fb8-efaa6e850d59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-assistant-eb721251db16f750bb7b6d9b4bcc4dbd.yaml b/nuclei-templates/cve-less/plugins/media-library-assistant-eb721251db16f750bb7b6d9b4bcc4dbd.yaml new file mode 100644 index 0000000000..74a63d17b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-assistant-eb721251db16f750bb7b6d9b4bcc4dbd.yaml @@ -0,0 +1,58 @@ +id: media-library-assistant-eb721251db16f750bb7b6d9b4bcc4dbd + +info: + name: > + Media Library Assistant <= 3.13 - Authenticated (Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e63fb84-a16b-447f-be73-e01f30881445?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-assistant/" + google-query: inurl:"/wp-content/plugins/media-library-assistant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-assistant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-assistant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-assistant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-categories-01dd63a5f8faf96a00782f6bc3eb47be.yaml b/nuclei-templates/cve-less/plugins/media-library-categories-01dd63a5f8faf96a00782f6bc3eb47be.yaml new file mode 100644 index 0000000000..1f536ec2af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-categories-01dd63a5f8faf96a00782f6bc3eb47be.yaml @@ -0,0 +1,58 @@ +id: media-library-categories-01dd63a5f8faf96a00782f6bc3eb47be + +info: + name: > + Media Library Categories <= 1.1.1 - Unauthenticated Multiple Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2766e8ee-ce19-40a9-8f53-d50ebe4f0ac9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-categories/" + google-query: inurl:"/wp-content/plugins/media-library-categories/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-categories,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-categories/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-categories" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-helper-2c2851e9d6588865c8c62a92765f5da7.yaml b/nuclei-templates/cve-less/plugins/media-library-helper-2c2851e9d6588865c8c62a92765f5da7.yaml new file mode 100644 index 0000000000..5d76f9c729 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-helper-2c2851e9d6588865c8c62a92765f5da7.yaml @@ -0,0 +1,58 @@ +id: media-library-helper-2c2851e9d6588865c8c62a92765f5da7 + +info: + name: > + Media Library Helper by Codexin <= 1.2.0 - Cross-Site Request Forgery via rate_the_plugin_action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc2356b2-e153-4e80-bfac-c25c15cdc259?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-helper/" + google-query: inurl:"/wp-content/plugins/media-library-helper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-helper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-helper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-helper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-plus-15ea5684525ea85792493d1e42c50ee1.yaml b/nuclei-templates/cve-less/plugins/media-library-plus-15ea5684525ea85792493d1e42c50ee1.yaml new file mode 100644 index 0000000000..101a292806 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-plus-15ea5684525ea85792493d1e42c50ee1.yaml @@ -0,0 +1,58 @@ +id: media-library-plus-15ea5684525ea85792493d1e42c50ee1 + +info: + name: > + Media Library Folders <= 8.1.7 - Authenticated (Author+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/198ad1bf-7ce1-4367-bef7-1f58113c0719?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-plus/" + google-query: inurl:"/wp-content/plugins/media-library-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-plus-2fee4732545e71342d59a2938407fe7a.yaml b/nuclei-templates/cve-less/plugins/media-library-plus-2fee4732545e71342d59a2938407fe7a.yaml new file mode 100644 index 0000000000..13fecf7d99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-plus-2fee4732545e71342d59a2938407fe7a.yaml @@ -0,0 +1,58 @@ +id: media-library-plus-2fee4732545e71342d59a2938407fe7a + +info: + name: > + Media Library Folders <= 8.2.0 - Reflected Cross-Site Scripting via 's' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f550bac-b047-4276-bde5-c15bfd4ceb49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-plus/" + google-query: inurl:"/wp-content/plugins/media-library-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-plus-33bc7d755c896ae147d69853031aefe1.yaml b/nuclei-templates/cve-less/plugins/media-library-plus-33bc7d755c896ae147d69853031aefe1.yaml new file mode 100644 index 0000000000..b281f31022 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-plus-33bc7d755c896ae147d69853031aefe1.yaml @@ -0,0 +1,58 @@ +id: media-library-plus-33bc7d755c896ae147d69853031aefe1 + +info: + name: > + Media Library Folders <= 8.1.8 - Authenticated (Author+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4534efd4-0e6b-4784-8f81-4a643f657c66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-plus/" + google-query: inurl:"/wp-content/plugins/media-library-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-library-plus-7f361b8e267eec159cd338045858bebf.yaml b/nuclei-templates/cve-less/plugins/media-library-plus-7f361b8e267eec159cd338045858bebf.yaml new file mode 100644 index 0000000000..74c643c0a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-library-plus-7f361b8e267eec159cd338045858bebf.yaml @@ -0,0 +1,58 @@ +id: media-library-plus-7f361b8e267eec159cd338045858bebf + +info: + name: > + Media Library Folders <= 7.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e489960e-254a-4b8d-85ab-0f749ff48e8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-library-plus/" + google-query: inurl:"/wp-content/plugins/media-library-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-library-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-library-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-library-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-list-62fa04687cc3a59a6c68564d31d19c75.yaml b/nuclei-templates/cve-less/plugins/media-list-62fa04687cc3a59a6c68564d31d19c75.yaml new file mode 100644 index 0000000000..6681116dd0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-list-62fa04687cc3a59a6c68564d31d19c75.yaml @@ -0,0 +1,58 @@ +id: media-list-62fa04687cc3a59a6c68564d31d19c75 + +info: + name: > + Medialist <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a583966-f58a-41a0-8856-7b7b6a0eb559?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-list/" + google-query: inurl:"/wp-content/plugins/media-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-list-9a2c39e647de10bdf5506fe83c7446b4.yaml b/nuclei-templates/cve-less/plugins/media-list-9a2c39e647de10bdf5506fe83c7446b4.yaml new file mode 100644 index 0000000000..e5493da8e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-list-9a2c39e647de10bdf5506fe83c7446b4.yaml @@ -0,0 +1,58 @@ +id: media-list-9a2c39e647de10bdf5506fe83c7446b4 + +info: + name: > + Medialist <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45c7f8fb-3fd0-425f-89a1-8971f67d5755?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-list/" + google-query: inurl:"/wp-content/plugins/media-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-mirror-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/media-mirror-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..0da9e3e840 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-mirror-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: media-mirror-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-mirror/" + google-query: inurl:"/wp-content/plugins/media-mirror/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-mirror,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-mirror/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-mirror" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-tags-5a607f07c740543865789590cbca6639.yaml b/nuclei-templates/cve-less/plugins/media-tags-5a607f07c740543865789590cbca6639.yaml new file mode 100644 index 0000000000..b1fd2123d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-tags-5a607f07c740543865789590cbca6639.yaml @@ -0,0 +1,58 @@ +id: media-tags-5a607f07c740543865789590cbca6639 + +info: + name: > + Media-Tags <= 3.2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56ce85d3-89f3-461a-8268-7d549e9c2baf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-tags/" + google-query: inurl:"/wp-content/plugins/media-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-tags,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/media-usage-3a2cab0afb3070dc0c2fdad7d3b7f22b.yaml b/nuclei-templates/cve-less/plugins/media-usage-3a2cab0afb3070dc0c2fdad7d3b7f22b.yaml new file mode 100644 index 0000000000..730d1ec20d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/media-usage-3a2cab0afb3070dc0c2fdad7d3b7f22b.yaml @@ -0,0 +1,58 @@ +id: media-usage-3a2cab0afb3070dc0c2fdad7d3b7f22b + +info: + name: > + Media Usage <= 0.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8290783-9eb5-4fae-8b00-e3b5a5a0ed35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/media-usage/" + google-query: inurl:"/wp-content/plugins/media-usage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,media-usage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/media-usage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "media-usage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediabay-lite-b53850514eba837c1bf2ca4cf00a35b7.yaml b/nuclei-templates/cve-less/plugins/mediabay-lite-b53850514eba837c1bf2ca4cf00a35b7.yaml new file mode 100644 index 0000000000..9dfa5d20dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediabay-lite-b53850514eba837c1bf2ca4cf00a35b7.yaml @@ -0,0 +1,58 @@ +id: mediabay-lite-b53850514eba837c1bf2ca4cf00a35b7 + +info: + name: > + Mediabay <= 1.6 - Authenticated (Editor+) Stored Cross-Site Scripting Vulnerability + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1954340-397c-4cc0-ba9d-d698d94ea608?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediabay-lite/" + google-query: inurl:"/wp-content/plugins/mediabay-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediabay-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediabay-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediabay-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediabay-lite-dee11a999eea8acc0c1d0780e652bd48.yaml b/nuclei-templates/cve-less/plugins/mediabay-lite-dee11a999eea8acc0c1d0780e652bd48.yaml new file mode 100644 index 0000000000..06612b8baf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediabay-lite-dee11a999eea8acc0c1d0780e652bd48.yaml @@ -0,0 +1,58 @@ +id: mediabay-lite-dee11a999eea8acc0c1d0780e652bd48 + +info: + name: > + Mediabay <= 1.6 - Missing Authorization via AJAC actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a923f58-f6c7-47ee-87f6-27453b39d1cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediabay-lite/" + google-query: inurl:"/wp-content/plugins/mediabay-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediabay-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediabay-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediabay-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediaburst-ecommerce-sms-notifications-167d9672411be44feb72a5175fd0987c.yaml b/nuclei-templates/cve-less/plugins/mediaburst-ecommerce-sms-notifications-167d9672411be44feb72a5175fd0987c.yaml new file mode 100644 index 0000000000..e6eb2b4a29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediaburst-ecommerce-sms-notifications-167d9672411be44feb72a5175fd0987c.yaml @@ -0,0 +1,58 @@ +id: mediaburst-ecommerce-sms-notifications-167d9672411be44feb72a5175fd0987c + +info: + name: > + Clockwork SMS Plugins - Multiple Versions - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f35a20-ffcf-4413-b1ea-748cd6aa6f20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediaburst-ecommerce-sms-notifications/" + google-query: inurl:"/wp-content/plugins/mediaburst-ecommerce-sms-notifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediaburst-ecommerce-sms-notifications,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediaburst-ecommerce-sms-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediaburst-ecommerce-sms-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediaburst-email-to-sms-030658ba5cc0f002fdffef84e42ae14b.yaml b/nuclei-templates/cve-less/plugins/mediaburst-email-to-sms-030658ba5cc0f002fdffef84e42ae14b.yaml new file mode 100644 index 0000000000..fe96a78260 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediaburst-email-to-sms-030658ba5cc0f002fdffef84e42ae14b.yaml @@ -0,0 +1,58 @@ +id: mediaburst-email-to-sms-030658ba5cc0f002fdffef84e42ae14b + +info: + name: > + Clockwork SMS Notfications <= 3.0.4 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08fb51d6-30c1-4a48-b626-a8c6f203ac83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediaburst-email-to-sms/" + google-query: inurl:"/wp-content/plugins/mediaburst-email-to-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediaburst-email-to-sms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediaburst-email-to-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediaburst-email-to-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediaburst-email-to-sms-167d9672411be44feb72a5175fd0987c.yaml b/nuclei-templates/cve-less/plugins/mediaburst-email-to-sms-167d9672411be44feb72a5175fd0987c.yaml new file mode 100644 index 0000000000..9b131df9e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediaburst-email-to-sms-167d9672411be44feb72a5175fd0987c.yaml @@ -0,0 +1,58 @@ +id: mediaburst-email-to-sms-167d9672411be44feb72a5175fd0987c + +info: + name: > + Clockwork SMS Plugins - Multiple Versions - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0f35a20-ffcf-4413-b1ea-748cd6aa6f20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediaburst-email-to-sms/" + google-query: inurl:"/wp-content/plugins/mediaburst-email-to-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediaburst-email-to-sms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediaburst-email-to-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediaburst-email-to-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediaburst-email-to-sms-8536de3de245d6a4ab6eeac77e95e618.yaml b/nuclei-templates/cve-less/plugins/mediaburst-email-to-sms-8536de3de245d6a4ab6eeac77e95e618.yaml new file mode 100644 index 0000000000..2dd1d3f887 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediaburst-email-to-sms-8536de3de245d6a4ab6eeac77e95e618.yaml @@ -0,0 +1,58 @@ +id: mediaburst-email-to-sms-8536de3de245d6a4ab6eeac77e95e618 + +info: + name: > + Clockwork SMS Notfications < 2.4.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a9a642f-1ca5-4f08-b404-c11deba100e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediaburst-email-to-sms/" + google-query: inurl:"/wp-content/plugins/mediaburst-email-to-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediaburst-email-to-sms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediaburst-email-to-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediaburst-email-to-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediamatic-0b95cfad1999ef6bac1ef79ebeeb624d.yaml b/nuclei-templates/cve-less/plugins/mediamatic-0b95cfad1999ef6bac1ef79ebeeb624d.yaml new file mode 100644 index 0000000000..abd08ccdb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediamatic-0b95cfad1999ef6bac1ef79ebeeb624d.yaml @@ -0,0 +1,58 @@ +id: mediamatic-0b95cfad1999ef6bac1ef79ebeeb624d + +info: + name: > + Mediamatic – Media Library Folders <= 2.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d81ed8d9-4a7a-4b75-aab4-8e4dbd554f32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediamatic/" + google-query: inurl:"/wp-content/plugins/mediamatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediamatic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediamatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediamatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediamatic-66ac5cf55cb601e1e04c93898023eadb.yaml b/nuclei-templates/cve-less/plugins/mediamatic-66ac5cf55cb601e1e04c93898023eadb.yaml new file mode 100644 index 0000000000..809ee991a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediamatic-66ac5cf55cb601e1e04c93898023eadb.yaml @@ -0,0 +1,58 @@ +id: mediamatic-66ac5cf55cb601e1e04c93898023eadb + +info: + name: > + Mediamatic – Media Library Folders <= 2.8.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a11f264a-24fe-44da-b325-3fbdc4cd81d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediamatic/" + google-query: inurl:"/wp-content/plugins/mediamatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediamatic,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediamatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediamatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediamatic-957e023e162fd65b104346c605f19c7a.yaml b/nuclei-templates/cve-less/plugins/mediamatic-957e023e162fd65b104346c605f19c7a.yaml new file mode 100644 index 0000000000..9216c108ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediamatic-957e023e162fd65b104346c605f19c7a.yaml @@ -0,0 +1,58 @@ +id: mediamatic-957e023e162fd65b104346c605f19c7a + +info: + name: > + Mediamatic – Media Library Folders <= 2.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad8dff1e-b9f8-4383-8efb-8bceaa8c86c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediamatic/" + google-query: inurl:"/wp-content/plugins/mediamatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediamatic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediamatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediamatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediamatic-d708fed52a98da33c7b5f777938fb90a.yaml b/nuclei-templates/cve-less/plugins/mediamatic-d708fed52a98da33c7b5f777938fb90a.yaml new file mode 100644 index 0000000000..5480e11da2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediamatic-d708fed52a98da33c7b5f777938fb90a.yaml @@ -0,0 +1,58 @@ +id: mediamatic-d708fed52a98da33c7b5f777938fb90a + +info: + name: > + Mediamatic – Media Library Folders <= 2.8.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5c87ae0-9a53-4292-a4d3-05b3bdb37b71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediamatic/" + google-query: inurl:"/wp-content/plugins/mediamatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediamatic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediamatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediamatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediavine-control-panel-2f4da607198689ec8ae90e2f847fd2a8.yaml b/nuclei-templates/cve-less/plugins/mediavine-control-panel-2f4da607198689ec8ae90e2f847fd2a8.yaml new file mode 100644 index 0000000000..9434cd85fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediavine-control-panel-2f4da607198689ec8ae90e2f847fd2a8.yaml @@ -0,0 +1,58 @@ +id: mediavine-control-panel-2f4da607198689ec8ae90e2f847fd2a8 + +info: + name: > + Mediavine Control Panel <= 2.10.2 - Cross-Site Request Forgery via render_settings_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac20b454-a5e5-4ff6-a5bf-9c3c339321d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediavine-control-panel/" + google-query: inurl:"/wp-content/plugins/mediavine-control-panel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediavine-control-panel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediavine-control-panel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediavine-control-panel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mediavine-create-4db517b5824cdbfb59767dcfce03ed88.yaml b/nuclei-templates/cve-less/plugins/mediavine-create-4db517b5824cdbfb59767dcfce03ed88.yaml new file mode 100644 index 0000000000..c77b893e8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mediavine-create-4db517b5824cdbfb59767dcfce03ed88.yaml @@ -0,0 +1,58 @@ +id: mediavine-create-4db517b5824cdbfb59767dcfce03ed88 + +info: + name: > + Create by Mediavine <= 1.9.4 - Unauthenticated SQL Injection via 'id' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcc78fa6-a5f0-4f29-ae19-8e783698b19e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mediavine-create/" + google-query: inurl:"/wp-content/plugins/mediavine-create/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mediavine-create,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mediavine-create/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediavine-create" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/medibazar-core-0e249eccad21574e2f41d6b727c12756.yaml b/nuclei-templates/cve-less/plugins/medibazar-core-0e249eccad21574e2f41d6b727c12756.yaml new file mode 100644 index 0000000000..7ced2e231e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/medibazar-core-0e249eccad21574e2f41d6b727c12756.yaml @@ -0,0 +1,58 @@ +id: medibazar-core-0e249eccad21574e2f41d6b727c12756 + +info: + name: > + Multiple Plugins by KlbTheme <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fb06315-30ad-4d98-af75-b04933583be7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/medibazar-core/" + google-query: inurl:"/wp-content/plugins/medibazar-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,medibazar-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/medibazar-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "medibazar-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meet-my-team-a2ba0d175d26a5652fc4c3dde4656860.yaml b/nuclei-templates/cve-less/plugins/meet-my-team-a2ba0d175d26a5652fc4c3dde4656860.yaml new file mode 100644 index 0000000000..bd68c66c1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meet-my-team-a2ba0d175d26a5652fc4c3dde4656860.yaml @@ -0,0 +1,58 @@ +id: meet-my-team-a2ba0d175d26a5652fc4c3dde4656860 + +info: + name: > + Meet My Team <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9feb44e1-eb19-40eb-85d6-fae56afe90ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meet-my-team/" + google-query: inurl:"/wp-content/plugins/meet-my-team/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meet-my-team,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meet-my-team/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meet-my-team" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-301e81e7a190a838bf006476907547b4.yaml b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-301e81e7a190a838bf006476907547b4.yaml new file mode 100644 index 0000000000..1cad896168 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-301e81e7a190a838bf006476907547b4.yaml @@ -0,0 +1,58 @@ +id: meeting-scheduler-by-vcita-301e81e7a190a838bf006476907547b4 + +info: + name: > + Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.0 - Missing Authorization on REST-API + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4855627a-de56-49ee-b0b0-01b9735d8557?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/" + google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meeting-scheduler-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meeting-scheduler-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-647a040d673e13659115740c0e6a164f.yaml b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-647a040d673e13659115740c0e6a164f.yaml new file mode 100644 index 0000000000..5c1407c1f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-647a040d673e13659115740c0e6a164f.yaml @@ -0,0 +1,58 @@ +id: meeting-scheduler-by-vcita-647a040d673e13659115740c0e6a164f + +info: + name: > + Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.0 - Cross-Site Request Forgery to Account Logout + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f434585c-8533-4788-b0bc-5650390c29a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/" + google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meeting-scheduler-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meeting-scheduler-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-80701456edd5634e54dde4f94f03d86e.yaml b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-80701456edd5634e54dde4f94f03d86e.yaml new file mode 100644 index 0000000000..5eec743e90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-80701456edd5634e54dde4f94f03d86e.yaml @@ -0,0 +1,58 @@ +id: meeting-scheduler-by-vcita-80701456edd5634e54dde4f94f03d86e + +info: + name: > + Online Booking & Scheduling Calendar for WordPress by vcita <= 4.2.10 - Missing Authorization to Account Logout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/731cbeed-d4aa-448f-878a-8c51a3da4e18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/" + google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meeting-scheduler-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meeting-scheduler-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-85ec9094d25566acdd5938abeeebadbd.yaml b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-85ec9094d25566acdd5938abeeebadbd.yaml new file mode 100644 index 0000000000..79b90215a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-85ec9094d25566acdd5938abeeebadbd.yaml @@ -0,0 +1,58 @@ +id: meeting-scheduler-by-vcita-85ec9094d25566acdd5938abeeebadbd + +info: + name: > + Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e6a0bf9-4767-4d4c-9a1e-adcb3c7719d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/" + google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meeting-scheduler-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meeting-scheduler-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-b65c2cbf689ff5e6c36de8e6ea88fb1d.yaml b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-b65c2cbf689ff5e6c36de8e6ea88fb1d.yaml new file mode 100644 index 0000000000..50004abe35 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-b65c2cbf689ff5e6c36de8e6ea88fb1d.yaml @@ -0,0 +1,58 @@ +id: meeting-scheduler-by-vcita-b65c2cbf689ff5e6c36de8e6ea88fb1d + +info: + name: > + Online Booking & Scheduling Calendar for WordPress by vcita <= 4.4.0 - Missing Authorization to Settings Update and Media Upload + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c99aab5-a995-44ae-bc14-09f73e6b22c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/" + google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meeting-scheduler-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meeting-scheduler-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-c1f8f105aad937fe6b4d3f7e729e9b4d.yaml b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-c1f8f105aad937fe6b4d3f7e729e9b4d.yaml new file mode 100644 index 0000000000..a82ad7dd59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meeting-scheduler-by-vcita-c1f8f105aad937fe6b4d3f7e729e9b4d.yaml @@ -0,0 +1,58 @@ +id: meeting-scheduler-by-vcita-c1f8f105aad937fe6b4d3f7e729e9b4d + +info: + name: > + Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/daeb24e0-7f3f-472f-aee5-be42e374aa52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meeting-scheduler-by-vcita/" + google-query: inurl:"/wp-content/plugins/meeting-scheduler-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meeting-scheduler-by-vcita,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meeting-scheduler-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meeting-scheduler-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mega-addons-for-visual-composer-57d7eb4c0bda23c172922977bec66f98.yaml b/nuclei-templates/cve-less/plugins/mega-addons-for-visual-composer-57d7eb4c0bda23c172922977bec66f98.yaml new file mode 100644 index 0000000000..74269ae1e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mega-addons-for-visual-composer-57d7eb4c0bda23c172922977bec66f98.yaml @@ -0,0 +1,58 @@ +id: mega-addons-for-visual-composer-57d7eb4c0bda23c172922977bec66f98 + +info: + name: > + Mega Addons For WPBakery Page Builder <= 4.2.7 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33aed550-5a2d-4a0a-8199-f2dfd212be92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mega-addons-for-visual-composer/" + google-query: inurl:"/wp-content/plugins/mega-addons-for-visual-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mega-addons-for-visual-composer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mega-addons-for-visual-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mega-addons-for-visual-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mega-addons-for-visual-composer-aef5861873c712667e57c762ed3ff81e.yaml b/nuclei-templates/cve-less/plugins/mega-addons-for-visual-composer-aef5861873c712667e57c762ed3ff81e.yaml new file mode 100644 index 0000000000..572f248e47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mega-addons-for-visual-composer-aef5861873c712667e57c762ed3ff81e.yaml @@ -0,0 +1,58 @@ +id: mega-addons-for-visual-composer-aef5861873c712667e57c762ed3ff81e + +info: + name: > + Mega Addons For WPBakery Page Builder <= 4.2.7 - Authenticated (Subscriber+) Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1eda885-7e10-4294-9748-5359efd51754?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mega-addons-for-visual-composer/" + google-query: inurl:"/wp-content/plugins/mega-addons-for-visual-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mega-addons-for-visual-composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mega-addons-for-visual-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mega-addons-for-visual-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mega-addons-for-visual-composer-e462c11578c3d7efd1d373387e69d961.yaml b/nuclei-templates/cve-less/plugins/mega-addons-for-visual-composer-e462c11578c3d7efd1d373387e69d961.yaml new file mode 100644 index 0000000000..f21463880a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mega-addons-for-visual-composer-e462c11578c3d7efd1d373387e69d961.yaml @@ -0,0 +1,58 @@ +id: mega-addons-for-visual-composer-e462c11578c3d7efd1d373387e69d961 + +info: + name: > + Mega Addons For WPBakery Page Builder <= 4.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a443b20e-1686-4519-890d-e6f1838fb05c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mega-addons-for-visual-composer/" + google-query: inurl:"/wp-content/plugins/mega-addons-for-visual-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mega-addons-for-visual-composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mega-addons-for-visual-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mega-addons-for-visual-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mega-elements-addons-for-elementor-e12b4eb0afaf97081bdd86d34fb980c9.yaml b/nuclei-templates/cve-less/plugins/mega-elements-addons-for-elementor-e12b4eb0afaf97081bdd86d34fb980c9.yaml new file mode 100644 index 0000000000..c1439475fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mega-elements-addons-for-elementor-e12b4eb0afaf97081bdd86d34fb980c9.yaml @@ -0,0 +1,58 @@ +id: mega-elements-addons-for-elementor-e12b4eb0afaf97081bdd86d34fb980c9 + +info: + name: > + Mega Elements <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/461fedd6-8138-46ee-9c76-dc71061242bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mega-elements-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/mega-elements-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mega-elements-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mega-elements-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mega-elements-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mega-forms-ddabc756c7ddb5aa3f2db005373f60ba.yaml b/nuclei-templates/cve-less/plugins/mega-forms-ddabc756c7ddb5aa3f2db005373f60ba.yaml new file mode 100644 index 0000000000..784c97ff55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mega-forms-ddabc756c7ddb5aa3f2db005373f60ba.yaml @@ -0,0 +1,58 @@ +id: mega-forms-ddabc756c7ddb5aa3f2db005373f60ba + +info: + name: > + Contact Form By Mega Forms <= 1.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d034c3cb-8089-47d6-839b-659bedab5ca1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mega-forms/" + google-query: inurl:"/wp-content/plugins/mega-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mega-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mega-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mega-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mega_main_menu-3c9418584b935e41a1f48b31c0a5f181.yaml b/nuclei-templates/cve-less/plugins/mega_main_menu-3c9418584b935e41a1f48b31c0a5f181.yaml new file mode 100644 index 0000000000..51a5777cb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mega_main_menu-3c9418584b935e41a1f48b31c0a5f181.yaml @@ -0,0 +1,58 @@ +id: mega_main_menu-3c9418584b935e41a1f48b31c0a5f181 + +info: + name: > + Mega Main Menu <= 2.2.2 - Authenticated (Administrator+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a44ce6a3-0a9d-4bce-9251-f3a38b000645?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mega_main_menu/" + google-query: inurl:"/wp-content/plugins/mega_main_menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mega_main_menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mega_main_menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mega_main_menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/megamenu-68c192a64ec1c6719c741f7b5a598887.yaml b/nuclei-templates/cve-less/plugins/megamenu-68c192a64ec1c6719c741f7b5a598887.yaml new file mode 100644 index 0000000000..e36d57875e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/megamenu-68c192a64ec1c6719c741f7b5a598887.yaml @@ -0,0 +1,58 @@ +id: megamenu-68c192a64ec1c6719c741f7b5a598887 + +info: + name: > + Max Mega Menu <= 2.3.8 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5646eb5b-caf0-413c-a1a8-f0c6a5fa5114?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/megamenu/" + google-query: inurl:"/wp-content/plugins/megamenu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,megamenu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/megamenu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "megamenu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/megamenu-fc3a86631dfc485c0a87a802663d412e.yaml b/nuclei-templates/cve-less/plugins/megamenu-fc3a86631dfc485c0a87a802663d412e.yaml new file mode 100644 index 0000000000..a774907be2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/megamenu-fc3a86631dfc485c0a87a802663d412e.yaml @@ -0,0 +1,58 @@ +id: megamenu-fc3a86631dfc485c0a87a802663d412e + +info: + name: > + Max Mega Menu <= 3.3. - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35a75451-f0ae-4630-b415-394c76868e93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/megamenu/" + google-query: inurl:"/wp-content/plugins/megamenu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,megamenu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/megamenu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "megamenu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-audio-player-b1fa67bf969fdb68e71efc5cd730124e.yaml b/nuclei-templates/cve-less/plugins/meks-audio-player-b1fa67bf969fdb68e71efc5cd730124e.yaml new file mode 100644 index 0000000000..56c9b713e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-audio-player-b1fa67bf969fdb68e71efc5cd730124e.yaml @@ -0,0 +1,58 @@ +id: meks-audio-player-b1fa67bf969fdb68e71efc5cd730124e + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-audio-player/" + google-query: inurl:"/wp-content/plugins/meks-audio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-audio-player,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-audio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-audio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-easy-ads-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml b/nuclei-templates/cve-less/plugins/meks-easy-ads-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml new file mode 100644 index 0000000000..c363c3687d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-easy-ads-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml @@ -0,0 +1,58 @@ +id: meks-easy-ads-widget-b1fa67bf969fdb68e71efc5cd730124e + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-easy-ads-widget/" + google-query: inurl:"/wp-content/plugins/meks-easy-ads-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-easy-ads-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-easy-ads-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-easy-ads-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-easy-instagram-widget-30f045a25a21ac539fd3f995d744abbd.yaml b/nuclei-templates/cve-less/plugins/meks-easy-instagram-widget-30f045a25a21ac539fd3f995d744abbd.yaml new file mode 100644 index 0000000000..2dfd4cdff0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-easy-instagram-widget-30f045a25a21ac539fd3f995d744abbd.yaml @@ -0,0 +1,58 @@ +id: meks-easy-instagram-widget-30f045a25a21ac539fd3f995d744abbd + +info: + name: > + Meks Easy Photo Feed Widget < 1.2.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23a94578-f395-4ec1-8a08-52ca233cc832?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-easy-instagram-widget/" + google-query: inurl:"/wp-content/plugins/meks-easy-instagram-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-easy-instagram-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-easy-instagram-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-easy-instagram-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-easy-instagram-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml b/nuclei-templates/cve-less/plugins/meks-easy-instagram-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml new file mode 100644 index 0000000000..e30735baf0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-easy-instagram-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml @@ -0,0 +1,58 @@ +id: meks-easy-instagram-widget-b1fa67bf969fdb68e71efc5cd730124e + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-easy-instagram-widget/" + google-query: inurl:"/wp-content/plugins/meks-easy-instagram-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-easy-instagram-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-easy-instagram-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-easy-instagram-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-easy-maps-b1fa67bf969fdb68e71efc5cd730124e.yaml b/nuclei-templates/cve-less/plugins/meks-easy-maps-b1fa67bf969fdb68e71efc5cd730124e.yaml new file mode 100644 index 0000000000..04866e555b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-easy-maps-b1fa67bf969fdb68e71efc5cd730124e.yaml @@ -0,0 +1,58 @@ +id: meks-easy-maps-b1fa67bf969fdb68e71efc5cd730124e + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-easy-maps/" + google-query: inurl:"/wp-content/plugins/meks-easy-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-easy-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-easy-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-easy-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-easy-social-share-7f939cb3e37ce54ad131378445cfa889.yaml b/nuclei-templates/cve-less/plugins/meks-easy-social-share-7f939cb3e37ce54ad131378445cfa889.yaml new file mode 100644 index 0000000000..2aab08a590 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-easy-social-share-7f939cb3e37ce54ad131378445cfa889.yaml @@ -0,0 +1,58 @@ +id: meks-easy-social-share-7f939cb3e37ce54ad131378445cfa889 + +info: + name: > + Meks Easy Social Share <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/990b3318-e3e1-4a19-875c-80d5d639ca4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-easy-social-share/" + google-query: inurl:"/wp-content/plugins/meks-easy-social-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-easy-social-share,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-easy-social-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-easy-social-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-flexible-shortcodes-bee37332f6e8a8436cc61a9d140d558a.yaml b/nuclei-templates/cve-less/plugins/meks-flexible-shortcodes-bee37332f6e8a8436cc61a9d140d558a.yaml new file mode 100644 index 0000000000..23b95f452b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-flexible-shortcodes-bee37332f6e8a8436cc61a9d140d558a.yaml @@ -0,0 +1,58 @@ +id: meks-flexible-shortcodes-bee37332f6e8a8436cc61a9d140d558a + +info: + name: > + Meks Flexible Shortcodes <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7d9200b-af1c-4cd2-9d34-eaff97d56967?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-flexible-shortcodes/" + google-query: inurl:"/wp-content/plugins/meks-flexible-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-flexible-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-flexible-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-flexible-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-simple-flickr-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml b/nuclei-templates/cve-less/plugins/meks-simple-flickr-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml new file mode 100644 index 0000000000..328dc67d59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-simple-flickr-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml @@ -0,0 +1,58 @@ +id: meks-simple-flickr-widget-b1fa67bf969fdb68e71efc5cd730124e + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-simple-flickr-widget/" + google-query: inurl:"/wp-content/plugins/meks-simple-flickr-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-simple-flickr-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-simple-flickr-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-simple-flickr-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-smart-author-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml b/nuclei-templates/cve-less/plugins/meks-smart-author-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml new file mode 100644 index 0000000000..68906e3116 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-smart-author-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml @@ -0,0 +1,58 @@ +id: meks-smart-author-widget-b1fa67bf969fdb68e71efc5cd730124e + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-smart-author-widget/" + google-query: inurl:"/wp-content/plugins/meks-smart-author-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-smart-author-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-smart-author-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-smart-author-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-smart-social-widget-065fb6634c2979f9a8dbb1a289a68a9b.yaml b/nuclei-templates/cve-less/plugins/meks-smart-social-widget-065fb6634c2979f9a8dbb1a289a68a9b.yaml new file mode 100644 index 0000000000..7dddb63485 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-smart-social-widget-065fb6634c2979f9a8dbb1a289a68a9b.yaml @@ -0,0 +1,58 @@ +id: meks-smart-social-widget-065fb6634c2979f9a8dbb1a289a68a9b + +info: + name: > + Meks Smart Social Widget <= 1.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/578ed437-98b7-495b-91fd-45b882f39d95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-smart-social-widget/" + google-query: inurl:"/wp-content/plugins/meks-smart-social-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-smart-social-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-smart-social-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-smart-social-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-smart-social-widget-12cfc5e2c42c1035bf0a62b514ef0564.yaml b/nuclei-templates/cve-less/plugins/meks-smart-social-widget-12cfc5e2c42c1035bf0a62b514ef0564.yaml new file mode 100644 index 0000000000..58191e4f27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-smart-social-widget-12cfc5e2c42c1035bf0a62b514ef0564.yaml @@ -0,0 +1,58 @@ +id: meks-smart-social-widget-12cfc5e2c42c1035bf0a62b514ef0564 + +info: + name: > + Meks Smart Social Widget <= 1.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/722aae99-fcfb-4234-9245-5db57aaa03c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-smart-social-widget/" + google-query: inurl:"/wp-content/plugins/meks-smart-social-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-smart-social-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-smart-social-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-smart-social-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-smart-social-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml b/nuclei-templates/cve-less/plugins/meks-smart-social-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml new file mode 100644 index 0000000000..dccaa79e39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-smart-social-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml @@ -0,0 +1,58 @@ +id: meks-smart-social-widget-b1fa67bf969fdb68e71efc5cd730124e + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-smart-social-widget/" + google-query: inurl:"/wp-content/plugins/meks-smart-social-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-smart-social-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-smart-social-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-smart-social-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-themeforest-smart-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml b/nuclei-templates/cve-less/plugins/meks-themeforest-smart-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml new file mode 100644 index 0000000000..0d4c254e43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-themeforest-smart-widget-b1fa67bf969fdb68e71efc5cd730124e.yaml @@ -0,0 +1,58 @@ +id: meks-themeforest-smart-widget-b1fa67bf969fdb68e71efc5cd730124e + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-themeforest-smart-widget/" + google-query: inurl:"/wp-content/plugins/meks-themeforest-smart-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-themeforest-smart-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-themeforest-smart-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-themeforest-smart-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-themeforest-smart-widget-e224c1cc32d6c05f266106ae47b5db38.yaml b/nuclei-templates/cve-less/plugins/meks-themeforest-smart-widget-e224c1cc32d6c05f266106ae47b5db38.yaml new file mode 100644 index 0000000000..3a71a9f21e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-themeforest-smart-widget-e224c1cc32d6c05f266106ae47b5db38.yaml @@ -0,0 +1,58 @@ +id: meks-themeforest-smart-widget-e224c1cc32d6c05f266106ae47b5db38 + +info: + name: > + Meks ThemeForest Smart Widget <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72eb1cd3-47cb-4d9b-9bfd-87fef7859974?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-themeforest-smart-widget/" + google-query: inurl:"/wp-content/plugins/meks-themeforest-smart-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-themeforest-smart-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-themeforest-smart-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-themeforest-smart-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-time-ago-b1fa67bf969fdb68e71efc5cd730124e.yaml b/nuclei-templates/cve-less/plugins/meks-time-ago-b1fa67bf969fdb68e71efc5cd730124e.yaml new file mode 100644 index 0000000000..4541bde1d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-time-ago-b1fa67bf969fdb68e71efc5cd730124e.yaml @@ -0,0 +1,58 @@ +id: meks-time-ago-b1fa67bf969fdb68e71efc5cd730124e + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-time-ago/" + google-query: inurl:"/wp-content/plugins/meks-time-ago/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-time-ago,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-time-ago/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-time-ago" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meks-video-importer-b1fa67bf969fdb68e71efc5cd730124e.yaml b/nuclei-templates/cve-less/plugins/meks-video-importer-b1fa67bf969fdb68e71efc5cd730124e.yaml new file mode 100644 index 0000000000..6c3e80dabb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meks-video-importer-b1fa67bf969fdb68e71efc5cd730124e.yaml @@ -0,0 +1,58 @@ +id: meks-video-importer-b1fa67bf969fdb68e71efc5cd730124e + +info: + name: > + Meks Smart Social Widget <= 1.6 - Cross-Site Request Forgery via meks_remove_notification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0efe1d-69ad-483c-b200-38873f88433b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meks-video-importer/" + google-query: inurl:"/wp-content/plugins/meks-video-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meks-video-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meks-video-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meks-video-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/member-approval-3a91d6c48afcaf4ec202f8da0ad11a12.yaml b/nuclei-templates/cve-less/plugins/member-approval-3a91d6c48afcaf4ec202f8da0ad11a12.yaml new file mode 100644 index 0000000000..518e4aa4f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/member-approval-3a91d6c48afcaf4ec202f8da0ad11a12.yaml @@ -0,0 +1,58 @@ +id: member-approval-3a91d6c48afcaf4ec202f8da0ad11a12 + +info: + name: > + Member Approval <= 131109 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7a5d60e-5de1-4fc5-b6d1-88700d38e5f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/member-approval/" + google-query: inurl:"/wp-content/plugins/member-approval/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,member-approval,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/member-approval/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "member-approval" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 131109') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/member-database-e4f24d3eaa8049812bc7024a030b7c83.yaml b/nuclei-templates/cve-less/plugins/member-database-e4f24d3eaa8049812bc7024a030b7c83.yaml new file mode 100644 index 0000000000..a4f4ad7c01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/member-database-e4f24d3eaa8049812bc7024a030b7c83.yaml @@ -0,0 +1,58 @@ +id: member-database-e4f24d3eaa8049812bc7024a030b7c83 + +info: + name: > + Membership Database <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07ede585-c0d2-4643-9c36-7b5da5f721bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/member-database/" + google-query: inurl:"/wp-content/plugins/member-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,member-database,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/member-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "member-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/member-hero-59ccb7283840efae740fe390413a3bc9.yaml b/nuclei-templates/cve-less/plugins/member-hero-59ccb7283840efae740fe390413a3bc9.yaml new file mode 100644 index 0000000000..8bf0f31269 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/member-hero-59ccb7283840efae740fe390413a3bc9.yaml @@ -0,0 +1,58 @@ +id: member-hero-59ccb7283840efae740fe390413a3bc9 + +info: + name: > + Member Hero <= 1.0.9 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16c0a3b7-25b0-457e-b883-a780bc6a29a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/member-hero/" + google-query: inurl:"/wp-content/plugins/member-hero/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,member-hero,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/member-hero/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "member-hero" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/memberlite-shortcodes-e0d43cef694a102644215555aaaf71de.yaml b/nuclei-templates/cve-less/plugins/memberlite-shortcodes-e0d43cef694a102644215555aaaf71de.yaml new file mode 100644 index 0000000000..b2f8834c09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/memberlite-shortcodes-e0d43cef694a102644215555aaaf71de.yaml @@ -0,0 +1,58 @@ +id: memberlite-shortcodes-e0d43cef694a102644215555aaaf71de + +info: + name: > + Memberlite Shortcodes <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/935054c3-8541-4ff3-a035-7ee8afe53f72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/memberlite-shortcodes/" + google-query: inurl:"/wp-content/plugins/memberlite-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,memberlite-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/memberlite-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "memberlite-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/membermouse-9e5e9e74e35f7340ef7a86eda535ec55.yaml b/nuclei-templates/cve-less/plugins/membermouse-9e5e9e74e35f7340ef7a86eda535ec55.yaml new file mode 100644 index 0000000000..b70208dddb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/membermouse-9e5e9e74e35f7340ef7a86eda535ec55.yaml @@ -0,0 +1,58 @@ +id: membermouse-9e5e9e74e35f7340ef7a86eda535ec55 + +info: + name: > + Membermouse <= 2.2.8 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df946b56-f3a5-4b0e-b281-1632abf93b34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/membermouse/" + google-query: inurl:"/wp-content/plugins/membermouse/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,membermouse,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/membermouse/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "membermouse" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/memberpress-bc9d740ab02dbe4e65f7bf071f0e62db.yaml b/nuclei-templates/cve-less/plugins/memberpress-bc9d740ab02dbe4e65f7bf071f0e62db.yaml new file mode 100644 index 0000000000..b7634d0700 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/memberpress-bc9d740ab02dbe4e65f7bf071f0e62db.yaml @@ -0,0 +1,58 @@ +id: memberpress-bc9d740ab02dbe4e65f7bf071f0e62db + +info: + name: > + Memberpress <= 1.11.26 - Reflected Cross-Site Scripting via message and error + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/882631ab-ef16-4158-adbc-60ad177ae6b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/memberpress/" + google-query: inurl:"/wp-content/plugins/memberpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,memberpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/memberpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "memberpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/members-import-44b1b2f0eb9245a5807308d2327328e8.yaml b/nuclei-templates/cve-less/plugins/members-import-44b1b2f0eb9245a5807308d2327328e8.yaml new file mode 100644 index 0000000000..96c86d9c5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/members-import-44b1b2f0eb9245a5807308d2327328e8.yaml @@ -0,0 +1,58 @@ +id: members-import-44b1b2f0eb9245a5807308d2327328e8 + +info: + name: > + Members Import <= 1.4.2 - Self Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3abbc407-f660-4b1f-9d48-436320e5fdd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/members-import/" + google-query: inurl:"/wp-content/plugins/members-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,members-import,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/members-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "members-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/membership-for-woocommerce-64b1bd7efe43945fafb1a600e8b59985.yaml b/nuclei-templates/cve-less/plugins/membership-for-woocommerce-64b1bd7efe43945fafb1a600e8b59985.yaml new file mode 100644 index 0000000000..e9e70e9bbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/membership-for-woocommerce-64b1bd7efe43945fafb1a600e8b59985.yaml @@ -0,0 +1,58 @@ +id: membership-for-woocommerce-64b1bd7efe43945fafb1a600e8b59985 + +info: + name: > + Membership For WooCommerce <= 2.1.6 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ad1af69-61e1-4453-866e-1ae71f614f30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/membership-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/membership-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,membership-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/membership-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "membership-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/membership-simplified-for-oap-members-only-2aa29c629074136ede505c61ef73b338.yaml b/nuclei-templates/cve-less/plugins/membership-simplified-for-oap-members-only-2aa29c629074136ede505c61ef73b338.yaml new file mode 100644 index 0000000000..e5d0150b7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/membership-simplified-for-oap-members-only-2aa29c629074136ede505c61ef73b338.yaml @@ -0,0 +1,58 @@ +id: membership-simplified-for-oap-members-only-2aa29c629074136ede505c61ef73b338 + +info: + name: > + Membership Simplified <= 1.58 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e27c1d20-cef7-4801-beb9-adaeb1b95145?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/membership-simplified-for-oap-members-only/" + google-query: inurl:"/wp-content/plugins/membership-simplified-for-oap-members-only/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,membership-simplified-for-oap-members-only,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/membership-simplified-for-oap-members-only/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "membership-simplified-for-oap-members-only" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.58') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/membership-simplified-for-oap-members-only-384486cdf221789bfec827528caf2a6d.yaml b/nuclei-templates/cve-less/plugins/membership-simplified-for-oap-members-only-384486cdf221789bfec827528caf2a6d.yaml new file mode 100644 index 0000000000..f137878880 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/membership-simplified-for-oap-members-only-384486cdf221789bfec827528caf2a6d.yaml @@ -0,0 +1,58 @@ +id: membership-simplified-for-oap-members-only-384486cdf221789bfec827528caf2a6d + +info: + name: > + Membership Simplified <= 1.58 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57704203-ed74-4100-900c-3f35c726e51e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/membership-simplified-for-oap-members-only/" + google-query: inurl:"/wp-content/plugins/membership-simplified-for-oap-members-only/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,membership-simplified-for-oap-members-only,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/membership-simplified-for-oap-members-only/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "membership-simplified-for-oap-members-only" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.58') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/membership-simplified-for-oap-members-only-c2edf18b1dc2c5d697f81727cd0bac3f.yaml b/nuclei-templates/cve-less/plugins/membership-simplified-for-oap-members-only-c2edf18b1dc2c5d697f81727cd0bac3f.yaml new file mode 100644 index 0000000000..959e7ca7ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/membership-simplified-for-oap-members-only-c2edf18b1dc2c5d697f81727cd0bac3f.yaml @@ -0,0 +1,58 @@ +id: membership-simplified-for-oap-members-only-c2edf18b1dc2c5d697f81727cd0bac3f + +info: + name: > + Membership Simplified <= 1.58 Beta - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0764d59b-c9bc-4f3c-98df-69ccb7f4bc2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/membership-simplified-for-oap-members-only/" + google-query: inurl:"/wp-content/plugins/membership-simplified-for-oap-members-only/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,membership-simplified-for-oap-members-only,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/membership-simplified-for-oap-members-only/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "membership-simplified-for-oap-members-only" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.58') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/membership-site-e54255e9a743040c053c6d8e8f67ce92.yaml b/nuclei-templates/cve-less/plugins/membership-site-e54255e9a743040c053c6d8e8f67ce92.yaml new file mode 100644 index 0000000000..db8c832b43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/membership-site-e54255e9a743040c053c6d8e8f67ce92.yaml @@ -0,0 +1,58 @@ +id: membership-site-e54255e9a743040c053c6d8e8f67ce92 + +info: + name: > + MemberSonic Lite Membership Site Plugin <= 1.2 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42378b83-2a39-4e5f-8671-ee4a44ee92a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/membership-site/" + google-query: inurl:"/wp-content/plugins/membership-site/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,membership-site,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/membership-site/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "membership-site" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/memphis-documents-library-59c9b879f516cc2f3ec6fb5323e1397d.yaml b/nuclei-templates/cve-less/plugins/memphis-documents-library-59c9b879f516cc2f3ec6fb5323e1397d.yaml new file mode 100644 index 0000000000..63e5a75788 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/memphis-documents-library-59c9b879f516cc2f3ec6fb5323e1397d.yaml @@ -0,0 +1,58 @@ +id: memphis-documents-library-59c9b879f516cc2f3ec6fb5323e1397d + +info: + name: > + Memphis Documents Library <= 2.6.16 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2eeeb4b5-972b-471b-8f0f-a198640fc894?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/memphis-documents-library/" + google-query: inurl:"/wp-content/plugins/memphis-documents-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,memphis-documents-library,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/memphis-documents-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "memphis-documents-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/memphis-documents-library-6a2ef437dbd84b379d13828c6767a7f7.yaml b/nuclei-templates/cve-less/plugins/memphis-documents-library-6a2ef437dbd84b379d13828c6767a7f7.yaml new file mode 100644 index 0000000000..011c3401e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/memphis-documents-library-6a2ef437dbd84b379d13828c6767a7f7.yaml @@ -0,0 +1,58 @@ +id: memphis-documents-library-6a2ef437dbd84b379d13828c6767a7f7 + +info: + name: > + Memphis Documents Library <= 2.6.16 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8f20aae-37e2-44f6-ac2d-692a87bf5728?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/memphis-documents-library/" + google-query: inurl:"/wp-content/plugins/memphis-documents-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,memphis-documents-library,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/memphis-documents-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "memphis-documents-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/memphis-documents-library-f4052902eccc72acecc4529d7a789e28.yaml b/nuclei-templates/cve-less/plugins/memphis-documents-library-f4052902eccc72acecc4529d7a789e28.yaml new file mode 100644 index 0000000000..744e19d971 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/memphis-documents-library-f4052902eccc72acecc4529d7a789e28.yaml @@ -0,0 +1,58 @@ +id: memphis-documents-library-f4052902eccc72acecc4529d7a789e28 + +info: + name: > + Memphis Documents Library <= 2.6.16 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b3201e0-df2a-471e-875b-4ca2c3a659f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/memphis-documents-library/" + google-query: inurl:"/wp-content/plugins/memphis-documents-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,memphis-documents-library,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/memphis-documents-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "memphis-documents-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mendeleyplugin-9cb69a500db940ecfdbb3ba869c26c38.yaml b/nuclei-templates/cve-less/plugins/mendeleyplugin-9cb69a500db940ecfdbb3ba869c26c38.yaml new file mode 100644 index 0000000000..ebd68b65d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mendeleyplugin-9cb69a500db940ecfdbb3ba869c26c38.yaml @@ -0,0 +1,58 @@ +id: mendeleyplugin-9cb69a500db940ecfdbb3ba869c26c38 + +info: + name: > + Mendeley <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b56c684-90f6-4e8b-86fc-355a13b5368c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mendeleyplugin/" + google-query: inurl:"/wp-content/plugins/mendeleyplugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mendeleyplugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mendeleyplugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mendeleyplugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menu-icons-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/menu-icons-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..c802df225a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menu-icons-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: menu-icons-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menu-icons/" + google-query: inurl:"/wp-content/plugins/menu-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menu-icons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.13.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menu-image-34dac14ec559cdbb5998de7d415317dc.yaml b/nuclei-templates/cve-less/plugins/menu-image-34dac14ec559cdbb5998de7d415317dc.yaml new file mode 100644 index 0000000000..b53ddf5749 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menu-image-34dac14ec559cdbb5998de7d415317dc.yaml @@ -0,0 +1,58 @@ +id: menu-image-34dac14ec559cdbb5998de7d415317dc + +info: + name: > + Menu Image, Icons made easy <= 3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ff001c2-95f9-42a2-b5a3-74937be41756?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menu-image/" + google-query: inurl:"/wp-content/plugins/menu-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menu-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menu-image-800833211422a31fa0bc329389e6ba63.yaml b/nuclei-templates/cve-less/plugins/menu-image-800833211422a31fa0bc329389e6ba63.yaml new file mode 100644 index 0000000000..40bf03292a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menu-image-800833211422a31fa0bc329389e6ba63.yaml @@ -0,0 +1,58 @@ +id: menu-image-800833211422a31fa0bc329389e6ba63 + +info: + name: > + Menu Image, Icons made easy <= 3.0.7 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40873fcd-4161-4862-ac73-8046159f4739?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menu-image/" + google-query: inurl:"/wp-content/plugins/menu-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menu-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menu-items-visibility-control-15bf765de2821299511e8bf3105d6965.yaml b/nuclei-templates/cve-less/plugins/menu-items-visibility-control-15bf765de2821299511e8bf3105d6965.yaml new file mode 100644 index 0000000000..c47e8f5128 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menu-items-visibility-control-15bf765de2821299511e8bf3105d6965.yaml @@ -0,0 +1,58 @@ +id: menu-items-visibility-control-15bf765de2821299511e8bf3105d6965 + +info: + name: > + Menu Item Visibility Control <= 0.5 - Authenticated (Admin+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e15a7b0-2b0e-468d-a245-cec2ed77d73b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menu-items-visibility-control/" + google-query: inurl:"/wp-content/plugins/menu-items-visibility-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menu-items-visibility-control,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-items-visibility-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-items-visibility-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menu-ordering-reservations-211f53d8b1b52b0d7d117c8d6be4a364.yaml b/nuclei-templates/cve-less/plugins/menu-ordering-reservations-211f53d8b1b52b0d7d117c8d6be4a364.yaml new file mode 100644 index 0000000000..faaa1c1674 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menu-ordering-reservations-211f53d8b1b52b0d7d117c8d6be4a364.yaml @@ -0,0 +1,58 @@ +id: menu-ordering-reservations-211f53d8b1b52b0d7d117c8d6be4a364 + +info: + name: > + Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.0 - Missing Authorization on AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01486af8-b378-4663-a9c5-167b8580db94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menu-ordering-reservations/" + google-query: inurl:"/wp-content/plugins/menu-ordering-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menu-ordering-reservations,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-ordering-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-ordering-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menu-ordering-reservations-2624b69820d22e5b5127f2b411babf77.yaml b/nuclei-templates/cve-less/plugins/menu-ordering-reservations-2624b69820d22e5b5127f2b411babf77.yaml new file mode 100644 index 0000000000..a77818c22d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menu-ordering-reservations-2624b69820d22e5b5127f2b411babf77.yaml @@ -0,0 +1,58 @@ +id: menu-ordering-reservations-2624b69820d22e5b5127f2b411babf77 + +info: + name: > + Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67fe46cd-a6c4-4d0a-842a-f61334559731?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menu-ordering-reservations/" + google-query: inurl:"/wp-content/plugins/menu-ordering-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menu-ordering-reservations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-ordering-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-ordering-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menu-ordering-reservations-52f3f56cac58e66f1b3bbe271591fbea.yaml b/nuclei-templates/cve-less/plugins/menu-ordering-reservations-52f3f56cac58e66f1b3bbe271591fbea.yaml new file mode 100644 index 0000000000..e58eb5484b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menu-ordering-reservations-52f3f56cac58e66f1b3bbe271591fbea.yaml @@ -0,0 +1,58 @@ +id: menu-ordering-reservations-52f3f56cac58e66f1b3bbe271591fbea + +info: + name: > + Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.5 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d87fd94-8a64-4b9b-9e51-025a689fa87b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menu-ordering-reservations/" + google-query: inurl:"/wp-content/plugins/menu-ordering-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menu-ordering-reservations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-ordering-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-ordering-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menu-ordering-reservations-8a39f2bd8431601e1f483135ec0a1cca.yaml b/nuclei-templates/cve-less/plugins/menu-ordering-reservations-8a39f2bd8431601e1f483135ec0a1cca.yaml new file mode 100644 index 0000000000..28591df948 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menu-ordering-reservations-8a39f2bd8431601e1f483135ec0a1cca.yaml @@ -0,0 +1,58 @@ +id: menu-ordering-reservations-8a39f2bd8431601e1f483135ec0a1cca + +info: + name: > + Menu - Ordering - Reservations <= 2.3.6 - Reflected Cross-Site Scripting via 'redirect' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/640f0b06-9af2-4b79-8f87-97f93b2c51c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menu-ordering-reservations/" + google-query: inurl:"/wp-content/plugins/menu-ordering-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menu-ordering-reservations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-ordering-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-ordering-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menu-ordering-reservations-901a8544f8fe096e9fdc9630ea2bd15f.yaml b/nuclei-templates/cve-less/plugins/menu-ordering-reservations-901a8544f8fe096e9fdc9630ea2bd15f.yaml new file mode 100644 index 0000000000..5a8fd89a42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menu-ordering-reservations-901a8544f8fe096e9fdc9630ea2bd15f.yaml @@ -0,0 +1,58 @@ +id: menu-ordering-reservations-901a8544f8fe096e9fdc9630ea2bd15f + +info: + name: > + Restaurant Menu – Food Ordering System – Table Reservation <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19202eb5-9a04-4484-8ca2-746610c31fe6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menu-ordering-reservations/" + google-query: inurl:"/wp-content/plugins/menu-ordering-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menu-ordering-reservations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-ordering-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-ordering-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menu-shortcode-9fdc305e956b483dd32edefc410a0147.yaml b/nuclei-templates/cve-less/plugins/menu-shortcode-9fdc305e956b483dd32edefc410a0147.yaml new file mode 100644 index 0000000000..57d4f9bc1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menu-shortcode-9fdc305e956b483dd32edefc410a0147.yaml @@ -0,0 +1,58 @@ +id: menu-shortcode-9fdc305e956b483dd32edefc410a0147 + +info: + name: > + menu shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9150a7d9-d792-4bb6-9d33-5892f9cdfd1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menu-shortcode/" + google-query: inurl:"/wp-content/plugins/menu-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menu-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menu-swapper-d19b62fdb46f9085fa90ed6dd74d5a4a.yaml b/nuclei-templates/cve-less/plugins/menu-swapper-d19b62fdb46f9085fa90ed6dd74d5a4a.yaml new file mode 100644 index 0000000000..4b82714187 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menu-swapper-d19b62fdb46f9085fa90ed6dd74d5a4a.yaml @@ -0,0 +1,58 @@ +id: menu-swapper-d19b62fdb46f9085fa90ed6dd74d5a4a + +info: + name: > + Menu Swapper <= 1.1.0.2 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49a04155-9fa8-45e0-b80b-3836d5271fa7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menu-swapper/" + google-query: inurl:"/wp-content/plugins/menu-swapper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menu-swapper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menu-swapper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menu-swapper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menubar-26d6e68f9f68d57837f1391aa39f629b.yaml b/nuclei-templates/cve-less/plugins/menubar-26d6e68f9f68d57837f1391aa39f629b.yaml new file mode 100644 index 0000000000..fbcedbe3b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menubar-26d6e68f9f68d57837f1391aa39f629b.yaml @@ -0,0 +1,58 @@ +id: menubar-26d6e68f9f68d57837f1391aa39f629b + +info: + name: > + Menubar <= 5.8.2 - Cross-Site Request Forgery in wpm-admin.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be10894d-2a86-4f07-8119-e6eac8c9c950?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menubar/" + google-query: inurl:"/wp-content/plugins/menubar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menubar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menubar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menubar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/menubar-fa79ef441dd7b35cf3488c2a42a0ef43.yaml b/nuclei-templates/cve-less/plugins/menubar-fa79ef441dd7b35cf3488c2a42a0ef43.yaml new file mode 100644 index 0000000000..0591be4a7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/menubar-fa79ef441dd7b35cf3488c2a42a0ef43.yaml @@ -0,0 +1,58 @@ +id: menubar-fa79ef441dd7b35cf3488c2a42a0ef43 + +info: + name: > + Menubar <= 5.7.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/814f46c2-ac89-4743-81da-3b81a7853afc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/menubar/" + google-query: inurl:"/wp-content/plugins/menubar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,menubar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/menubar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "menubar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meow-gallery-c5cb3504c5d5a8aca1e1480362831116.yaml b/nuclei-templates/cve-less/plugins/meow-gallery-c5cb3504c5d5a8aca1e1480362831116.yaml new file mode 100644 index 0000000000..f4a5def6a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meow-gallery-c5cb3504c5d5a8aca1e1480362831116.yaml @@ -0,0 +1,58 @@ +id: meow-gallery-c5cb3504c5d5a8aca1e1480362831116 + +info: + name: > + Gallery Block (Meow Gallery) <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/477b41a5-b2ff-4b94-9622-824146a0e2ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meow-gallery/" + google-query: inurl:"/wp-content/plugins/meow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meow-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meow-gallery-db3802f450d9e0fa899a4b52caf267f5.yaml b/nuclei-templates/cve-less/plugins/meow-gallery-db3802f450d9e0fa899a4b52caf267f5.yaml new file mode 100644 index 0000000000..16de5b0a87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meow-gallery-db3802f450d9e0fa899a4b52caf267f5.yaml @@ -0,0 +1,58 @@ +id: meow-gallery-db3802f450d9e0fa899a4b52caf267f5 + +info: + name: > + Meow Gallery (+ Gallery Block) <= 4.1.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07bb17bd-c534-4b11-a1dd-7d2f2786ffec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meow-gallery/" + google-query: inurl:"/wp-content/plugins/meow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meow-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mesmerize-companion-3816de1a2f06ca9d6d7c8b9dfb0a51bf.yaml b/nuclei-templates/cve-less/plugins/mesmerize-companion-3816de1a2f06ca9d6d7c8b9dfb0a51bf.yaml new file mode 100644 index 0000000000..e00201dea9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mesmerize-companion-3816de1a2f06ca9d6d7c8b9dfb0a51bf.yaml @@ -0,0 +1,58 @@ +id: mesmerize-companion-3816de1a2f06ca9d6d7c8b9dfb0a51bf + +info: + name: > + Mesmerize Companion <= 1.6.133 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3548241e-551e-427a-907c-50b4712b5e5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mesmerize-companion/" + google-query: inurl:"/wp-content/plugins/mesmerize-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mesmerize-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mesmerize-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mesmerize-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.133') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mesmerize-companion-a94f9a8cf90bb953afc0d4af139b3df4.yaml b/nuclei-templates/cve-less/plugins/mesmerize-companion-a94f9a8cf90bb953afc0d4af139b3df4.yaml new file mode 100644 index 0000000000..f92139f645 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mesmerize-companion-a94f9a8cf90bb953afc0d4af139b3df4.yaml @@ -0,0 +1,58 @@ +id: mesmerize-companion-a94f9a8cf90bb953afc0d4af139b3df4 + +info: + name: > + Mesmerize Companion <= 1.6.148 - Authenticated (Contributor+) Stored Cross-Site Scripting via mesmerize_contact_form Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/521bb5a3-0a0c-4693-a87d-fabb64f1ad4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mesmerize-companion/" + google-query: inurl:"/wp-content/plugins/mesmerize-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mesmerize-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mesmerize-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mesmerize-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.148') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/message-ticker-5b0c7f3f3f3d8554824f38539044b215.yaml b/nuclei-templates/cve-less/plugins/message-ticker-5b0c7f3f3f3d8554824f38539044b215.yaml new file mode 100644 index 0000000000..315c0835e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/message-ticker-5b0c7f3f3f3d8554824f38539044b215.yaml @@ -0,0 +1,58 @@ +id: message-ticker-5b0c7f3f3f3d8554824f38539044b215 + +info: + name: > + Message ticker <= 9.2 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0b1fa88-2fc6-41af-bd39-12af92dc6533?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/message-ticker/" + google-query: inurl:"/wp-content/plugins/message-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,message-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/message-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "message-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meta-box-00301543cb972104eceace7da89e80f4.yaml b/nuclei-templates/cve-less/plugins/meta-box-00301543cb972104eceace7da89e80f4.yaml new file mode 100644 index 0000000000..514259d273 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meta-box-00301543cb972104eceace7da89e80f4.yaml @@ -0,0 +1,58 @@ +id: meta-box-00301543cb972104eceace7da89e80f4 + +info: + name: > + Meta Box – WordPress Custom Fields Framework <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a6bfc87-6135-4d49-baa2-e8e6291148dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meta-box/" + google-query: inurl:"/wp-content/plugins/meta-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meta-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meta-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meta-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meta-box-1b89ecf879d1fbee7de1501d6959af35.yaml b/nuclei-templates/cve-less/plugins/meta-box-1b89ecf879d1fbee7de1501d6959af35.yaml new file mode 100644 index 0000000000..2a54d4cde3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meta-box-1b89ecf879d1fbee7de1501d6959af35.yaml @@ -0,0 +1,58 @@ +id: meta-box-1b89ecf879d1fbee7de1501d6959af35 + +info: + name: > + Meta Box <= 4.16.1 - Mishandling of File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b5ef9de-ba5e-463e-a528-098d724b1657?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meta-box/" + google-query: inurl:"/wp-content/plugins/meta-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meta-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meta-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meta-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.16.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meta-box-dc129067ca38c26e19992abcd62ec625.yaml b/nuclei-templates/cve-less/plugins/meta-box-dc129067ca38c26e19992abcd62ec625.yaml new file mode 100644 index 0000000000..1233d8585e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meta-box-dc129067ca38c26e19992abcd62ec625.yaml @@ -0,0 +1,58 @@ +id: meta-box-dc129067ca38c26e19992abcd62ec625 + +info: + name: > + Meta Box – WordPress Custom Fields Framework <= 5.9.3 - Authenticated (Contributor+) Information Exposure via Post Meta + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6276a405-4879-4429-8fc1-2d567ded5112?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meta-box/" + google-query: inurl:"/wp-content/plugins/meta-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meta-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meta-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meta-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meta-box-fcea98b14977cde9054b36a1f61fabb1.yaml b/nuclei-templates/cve-less/plugins/meta-box-fcea98b14977cde9054b36a1f61fabb1.yaml new file mode 100644 index 0000000000..a335476122 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meta-box-fcea98b14977cde9054b36a1f61fabb1.yaml @@ -0,0 +1,58 @@ +id: meta-box-fcea98b14977cde9054b36a1f61fabb1 + +info: + name: > + Meta Box - WordPress Custom Fields Framework <= 4.16.2 - File Deletion via attachment_id Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8341c7fb-6f3f-45ee-86c3-9c9d2617594a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meta-box/" + google-query: inurl:"/wp-content/plugins/meta-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meta-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meta-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meta-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.16.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meta-slider-and-carousel-with-lightbox-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/meta-slider-and-carousel-with-lightbox-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..f84b8b6459 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meta-slider-and-carousel-with-lightbox-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: meta-slider-and-carousel-with-lightbox-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meta-slider-and-carousel-with-lightbox/" + google-query: inurl:"/wp-content/plugins/meta-slider-and-carousel-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meta-slider-and-carousel-with-lightbox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meta-slider-and-carousel-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meta-slider-and-carousel-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meta-slider-and-carousel-with-lightbox-cfbe849419c020c14e6592e12a1dd070.yaml b/nuclei-templates/cve-less/plugins/meta-slider-and-carousel-with-lightbox-cfbe849419c020c14e6592e12a1dd070.yaml new file mode 100644 index 0000000000..93892f22ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meta-slider-and-carousel-with-lightbox-cfbe849419c020c14e6592e12a1dd070.yaml @@ -0,0 +1,58 @@ +id: meta-slider-and-carousel-with-lightbox-cfbe849419c020c14e6592e12a1dd070 + +info: + name: > + Meta Slider and Carousel with Lightbox <= 1.6.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5f59b16-b38a-451b-b220-044598872735?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meta-slider-and-carousel-with-lightbox/" + google-query: inurl:"/wp-content/plugins/meta-slider-and-carousel-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meta-slider-and-carousel-with-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meta-slider-and-carousel-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meta-slider-and-carousel-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meta-tag-manager-85f58ceac5f2aff68a6dbc6ee57ae093.yaml b/nuclei-templates/cve-less/plugins/meta-tag-manager-85f58ceac5f2aff68a6dbc6ee57ae093.yaml new file mode 100644 index 0000000000..43117b3feb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meta-tag-manager-85f58ceac5f2aff68a6dbc6ee57ae093.yaml @@ -0,0 +1,58 @@ +id: meta-tag-manager-85f58ceac5f2aff68a6dbc6ee57ae093 + +info: + name: > + Meta Tag Manager <= 3.0.2 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ec1aed2-d299-4fa9-add6-10b63ed6aa30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meta-tag-manager/" + google-query: inurl:"/wp-content/plugins/meta-tag-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meta-tag-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meta-tag-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meta-tag-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/meteor-slides-d785c662ffdd5bb603cbd342128e597d.yaml b/nuclei-templates/cve-less/plugins/meteor-slides-d785c662ffdd5bb603cbd342128e597d.yaml new file mode 100644 index 0000000000..3cb347bb73 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/meteor-slides-d785c662ffdd5bb603cbd342128e597d.yaml @@ -0,0 +1,58 @@ +id: meteor-slides-d785c662ffdd5bb603cbd342128e597d + +info: + name: > + Meteor Slides <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/108e9578-e586-4ed8-b0b2-dc6c26bf530e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/meteor-slides/" + google-query: inurl:"/wp-content/plugins/meteor-slides/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,meteor-slides,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/meteor-slides/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meteor-slides" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-0a04782a874d0e98b450ea3140cd608d.yaml b/nuclei-templates/cve-less/plugins/metform-0a04782a874d0e98b450ea3140cd608d.yaml new file mode 100644 index 0000000000..dfbaa2f601 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-0a04782a874d0e98b450ea3140cd608d.yaml @@ -0,0 +1,58 @@ +id: metform-0a04782a874d0e98b450ea3140cd608d + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca66afc3-a749-4ddc-8e2f-959f65cebd45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-1cd960c12693f517a3ddc1f2dd996093.yaml b/nuclei-templates/cve-less/plugins/metform-1cd960c12693f517a3ddc1f2dd996093.yaml new file mode 100644 index 0000000000..bcd9f885f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-1cd960c12693f517a3ddc1f2dd996093.yaml @@ -0,0 +1,58 @@ +id: metform-1cd960c12693f517a3ddc1f2dd996093 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_last_name shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25200656-a6a2-42f2-a607-26d4ff502cbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-1e853b05728a99a8747a224a5333ce69.yaml b/nuclei-templates/cve-less/plugins/metform-1e853b05728a99a8747a224a5333ce69.yaml new file mode 100644 index 0000000000..f79c5bfc90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-1e853b05728a99a8747a224a5333ce69.yaml @@ -0,0 +1,58 @@ +id: metform-1e853b05728a99a8747a224a5333ce69 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81fc41a4-9206-404c-bd5b-821c77ff3593?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-1ececa6da15663bf0de4cd1f9cf0b9d9.yaml b/nuclei-templates/cve-less/plugins/metform-1ececa6da15663bf0de4cd1f9cf0b9d9.yaml new file mode 100644 index 0000000000..2537a71afe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-1ececa6da15663bf0de4cd1f9cf0b9d9.yaml @@ -0,0 +1,58 @@ +id: metform-1ececa6da15663bf0de4cd1f9cf0b9d9 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.0 - Unauthenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccd85a72-1872-4c4f-8ba7-7f91b0b37d4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-2f98768ab3ca0c5e24ef32eeb6e8633c.yaml b/nuclei-templates/cve-less/plugins/metform-2f98768ab3ca0c5e24ef32eeb6e8633c.yaml new file mode 100644 index 0000000000..f9f23dbb6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-2f98768ab3ca0c5e24ef32eeb6e8633c.yaml @@ -0,0 +1,58 @@ +id: metform-2f98768ab3ca0c5e24ef32eeb6e8633c + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c866d8d-399c-4bda-a3c9-17c7e5d2ffb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-4069751e80b8d8e6ebfbb3d8b76ab1b9.yaml b/nuclei-templates/cve-less/plugins/metform-4069751e80b8d8e6ebfbb3d8b76ab1b9.yaml new file mode 100644 index 0000000000..fc7ac42451 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-4069751e80b8d8e6ebfbb3d8b76ab1b9.yaml @@ -0,0 +1,58 @@ +id: metform-4069751e80b8d8e6ebfbb3d8b76ab1b9 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widgets + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0dad759d-9b44-47ca-8410-e39f65dc919c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-547f6d438086b7c901daed3b548b280c.yaml b/nuclei-templates/cve-less/plugins/metform-547f6d438086b7c901daed3b548b280c.yaml new file mode 100644 index 0000000000..35d9195709 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-547f6d438086b7c901daed3b548b280c.yaml @@ -0,0 +1,58 @@ +id: metform-547f6d438086b7c901daed3b548b280c + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_thankyou shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89a98053-33c7-4e75-87a1-0f483a990641?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-5821b8bbdf52273dc284ba9fb20cfb12.yaml b/nuclei-templates/cve-less/plugins/metform-5821b8bbdf52273dc284ba9fb20cfb12.yaml new file mode 100644 index 0000000000..f143d06cb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-5821b8bbdf52273dc284ba9fb20cfb12.yaml @@ -0,0 +1,58 @@ +id: metform-5821b8bbdf52273dc284ba9fb20cfb12 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5db00eb6-3e05-42fa-bb84-2df4bcae3955?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-5ca6c532bc755bf0bf6cce4098713b54.yaml b/nuclei-templates/cve-less/plugins/metform-5ca6c532bc755bf0bf6cce4098713b54.yaml new file mode 100644 index 0000000000..876115b0e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-5ca6c532bc755bf0bf6cce4098713b54.yaml @@ -0,0 +1,58 @@ +id: metform-5ca6c532bc755bf0bf6cce4098713b54 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/356cf06e-16e7-438b-83b5-c8a52a21f903?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-654990e546559285765575a21c3a354c.yaml b/nuclei-templates/cve-less/plugins/metform-654990e546559285765575a21c3a354c.yaml new file mode 100644 index 0000000000..5ef26b4a5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-654990e546559285765575a21c3a354c.yaml @@ -0,0 +1,58 @@ +id: metform-654990e546559285765575a21c3a354c + +info: + name: > + Metform Elementor Contact Form Builder <= 3.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30fd2425-ee48-4777-91c1-03906d63793a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-7ec1193c499ff8ca62486bd031ee3b72.yaml b/nuclei-templates/cve-less/plugins/metform-7ec1193c499ff8ca62486bd031ee3b72.yaml new file mode 100644 index 0000000000..855a30de2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-7ec1193c499ff8ca62486bd031ee3b72.yaml @@ -0,0 +1,58 @@ +id: metform-7ec1193c499ff8ca62486bd031ee3b72 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mf_first_name shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae7549db-9a4b-4dee-8023-d7863dc3b4c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-80129a218b0d8978bbb5382fd0cace63.yaml b/nuclei-templates/cve-less/plugins/metform-80129a218b0d8978bbb5382fd0cace63.yaml new file mode 100644 index 0000000000..f51dd75d64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-80129a218b0d8978bbb5382fd0cace63.yaml @@ -0,0 +1,58 @@ +id: metform-80129a218b0d8978bbb5382fd0cace63 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.8.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/342d6941-6987-4756-b554-1699128b9108?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-867cb44fcfb4a79db1df0d5c41aba304.yaml b/nuclei-templates/cve-less/plugins/metform-867cb44fcfb4a79db1df0d5c41aba304.yaml new file mode 100644 index 0000000000..6eb050f86b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-867cb44fcfb4a79db1df0d5c41aba304.yaml @@ -0,0 +1,58 @@ +id: metform-867cb44fcfb4a79db1df0d5c41aba304 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f33a8db-7cd0-4a53-b2c1-cd5b7cd16214?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-9a3f3b16255e398a1ca1a217f9b4775c.yaml b/nuclei-templates/cve-less/plugins/metform-9a3f3b16255e398a1ca1a217f9b4775c.yaml new file mode 100644 index 0000000000..f8bca0eb4e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-9a3f3b16255e398a1ca1a217f9b4775c.yaml @@ -0,0 +1,58 @@ +id: metform-9a3f3b16255e398a1ca1a217f9b4775c + +info: + name: > + Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05f7d9fe-e95f-4ddf-9bce-2aeac3c2e946?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-a94be3f467ceacb837ea20db05393018.yaml b/nuclei-templates/cve-less/plugins/metform-a94be3f467ceacb837ea20db05393018.yaml new file mode 100644 index 0000000000..ca75c8cac3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-a94be3f467ceacb837ea20db05393018.yaml @@ -0,0 +1,58 @@ +id: metform-a94be3f467ceacb837ea20db05393018 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.8.3 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/996d1514-2c1f-4888-ac2f-bc58e926d3ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-b8d7c77a852c836225d21aa48dc5ba53.yaml b/nuclei-templates/cve-less/plugins/metform-b8d7c77a852c836225d21aa48dc5ba53.yaml new file mode 100644 index 0000000000..8668f1616e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-b8d7c77a852c836225d21aa48dc5ba53.yaml @@ -0,0 +1,58 @@ +id: metform-b8d7c77a852c836225d21aa48dc5ba53 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69527d4b-49b6-47cd-93b6-39350f881ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-bd74a2b3418b2ca97de6f6d3609c3ea2.yaml b/nuclei-templates/cve-less/plugins/metform-bd74a2b3418b2ca97de6f6d3609c3ea2.yaml new file mode 100644 index 0000000000..bbe4705409 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-bd74a2b3418b2ca97de6f6d3609c3ea2.yaml @@ -0,0 +1,58 @@ +id: metform-bd74a2b3418b2ca97de6f6d3609c3ea2 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fc4b815-dc05-4270-bf7a-3b01622739d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-cb9d0b1e1071125567f9f9731a764d07.yaml b/nuclei-templates/cve-less/plugins/metform-cb9d0b1e1071125567f9f9731a764d07.yaml new file mode 100644 index 0000000000..d7ddc8c6d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-cb9d0b1e1071125567f9f9731a764d07.yaml @@ -0,0 +1,58 @@ +id: metform-cb9d0b1e1071125567f9f9731a764d07 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a8b194c-371f-4adc-98fa-8f4e47a38ee7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-dc74f0149670643ede0c882a9a3fc584.yaml b/nuclei-templates/cve-less/plugins/metform-dc74f0149670643ede0c882a9a3fc584.yaml new file mode 100644 index 0000000000..5d5286e65a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-dc74f0149670643ede0c882a9a3fc584.yaml @@ -0,0 +1,58 @@ +id: metform-dc74f0149670643ede0c882a9a3fc584 + +info: + name: > + Metform Elementor Contact Form Builder <= 3.4.0 - Missing Authorization via submit + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6425d39-cc8b-4130-8f67-2d6de7954934?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-e1d3d2561a3fd7b42de1d4a0992e9e3d.yaml b/nuclei-templates/cve-less/plugins/metform-e1d3d2561a3fd7b42de1d4a0992e9e3d.yaml new file mode 100644 index 0000000000..e9d7bbe574 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-e1d3d2561a3fd7b42de1d4a0992e9e3d.yaml @@ -0,0 +1,58 @@ +id: metform-e1d3d2561a3fd7b42de1d4a0992e9e3d + +info: + name: > + Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04a46249-b5b2-4082-b520-cdc4a1370bb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metform-f16e74cd433857af6e0b58aa13a15fac.yaml b/nuclei-templates/cve-less/plugins/metform-f16e74cd433857af6e0b58aa13a15fac.yaml new file mode 100644 index 0000000000..03c429c0b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metform-f16e74cd433857af6e0b58aa13a15fac.yaml @@ -0,0 +1,58 @@ +id: metform-f16e74cd433857af6e0b58aa13a15fac + +info: + name: > + Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd85ff2-6607-4ac8-b91c-88f6f2fa6c56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metform/" + google-query: inurl:"/wp-content/plugins/metform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metricool-7746f8e1b3332b64c44418f10c52b872.yaml b/nuclei-templates/cve-less/plugins/metricool-7746f8e1b3332b64c44418f10c52b872.yaml new file mode 100644 index 0000000000..912b45a6c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metricool-7746f8e1b3332b64c44418f10c52b872.yaml @@ -0,0 +1,58 @@ +id: metricool-7746f8e1b3332b64c44418f10c52b872 + +info: + name: > + Metricool <= 1.17 - Authenticated (Administrator+) Stored Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e36e5099-c5ff-4794-b7df-25d8eab27bac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metricool/" + google-query: inurl:"/wp-content/plugins/metricool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metricool,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metricool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metricool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/metronet-tag-manager-3d637613552d802b9173bc064749bb1c.yaml b/nuclei-templates/cve-less/plugins/metronet-tag-manager-3d637613552d802b9173bc064749bb1c.yaml new file mode 100644 index 0000000000..8a34088d01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/metronet-tag-manager-3d637613552d802b9173bc064749bb1c.yaml @@ -0,0 +1,58 @@ +id: metronet-tag-manager-3d637613552d802b9173bc064749bb1c + +info: + name: > + Metronet Tag Manager < 1.2.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9ead8f1-f2d7-4087-bb6c-de15bf8318a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/metronet-tag-manager/" + google-query: inurl:"/wp-content/plugins/metronet-tag-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,metronet-tag-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/metronet-tag-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metronet-tag-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mf-gig-calendar-2569de726bff5107260fe23150979031.yaml b/nuclei-templates/cve-less/plugins/mf-gig-calendar-2569de726bff5107260fe23150979031.yaml new file mode 100644 index 0000000000..58f821a435 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mf-gig-calendar-2569de726bff5107260fe23150979031.yaml @@ -0,0 +1,58 @@ +id: mf-gig-calendar-2569de726bff5107260fe23150979031 + +info: + name: > + MF Gig Calendar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via event_title and event_time + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93029d39-adaa-4cf6-9081-28c9e84ec2e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mf-gig-calendar/" + google-query: inurl:"/wp-content/plugins/mf-gig-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mf-gig-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mf-gig-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mf-gig-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mf-gig-calendar-3b4cfef4125eaa81be8aa8c8ba6a4733.yaml b/nuclei-templates/cve-less/plugins/mf-gig-calendar-3b4cfef4125eaa81be8aa8c8ba6a4733.yaml new file mode 100644 index 0000000000..08e38d52b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mf-gig-calendar-3b4cfef4125eaa81be8aa8c8ba6a4733.yaml @@ -0,0 +1,58 @@ +id: mf-gig-calendar-3b4cfef4125eaa81be8aa8c8ba6a4733 + +info: + name: > + MF Gig Calendar <= 1.2.1 - Cross-Site Request Forgery to Event Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de7b68e2-9cae-4e6f-a625-d8346836da39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mf-gig-calendar/" + google-query: inurl:"/wp-content/plugins/mf-gig-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mf-gig-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mf-gig-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mf-gig-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mf-gig-calendar-4e3d792205a2fddf6adf72e5213cb0d5.yaml b/nuclei-templates/cve-less/plugins/mf-gig-calendar-4e3d792205a2fddf6adf72e5213cb0d5.yaml new file mode 100644 index 0000000000..2c6d6e9f0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mf-gig-calendar-4e3d792205a2fddf6adf72e5213cb0d5.yaml @@ -0,0 +1,58 @@ +id: mf-gig-calendar-4e3d792205a2fddf6adf72e5213cb0d5 + +info: + name: > + MF Gig Calendar <=1.2.1 - Authenticated(Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d977636-a509-4f32-9ad3-762720fdb433?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mf-gig-calendar/" + google-query: inurl:"/wp-content/plugins/mf-gig-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mf-gig-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mf-gig-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mf-gig-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mf-gig-calendar-6597d2336023fb01ba6013c2a92f4f5a.yaml b/nuclei-templates/cve-less/plugins/mf-gig-calendar-6597d2336023fb01ba6013c2a92f4f5a.yaml new file mode 100644 index 0000000000..487f511981 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mf-gig-calendar-6597d2336023fb01ba6013c2a92f4f5a.yaml @@ -0,0 +1,58 @@ +id: mf-gig-calendar-6597d2336023fb01ba6013c2a92f4f5a + +info: + name: > + MF Gig Calendar <= 1.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ae17154-bd68-4260-9b3a-bb73f2a70694?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mf-gig-calendar/" + google-query: inurl:"/wp-content/plugins/mf-gig-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mf-gig-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mf-gig-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mf-gig-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mf-gig-calendar-abea62bbd724165a2322bff6349a74e0.yaml b/nuclei-templates/cve-less/plugins/mf-gig-calendar-abea62bbd724165a2322bff6349a74e0.yaml new file mode 100644 index 0000000000..a863587e31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mf-gig-calendar-abea62bbd724165a2322bff6349a74e0.yaml @@ -0,0 +1,58 @@ +id: mf-gig-calendar-abea62bbd724165a2322bff6349a74e0 + +info: + name: > + MF Gig Calendar <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dba7f15a-29f8-4c7b-b506-7e82c563c6a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mf-gig-calendar/" + google-query: inurl:"/wp-content/plugins/mf-gig-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mf-gig-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mf-gig-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mf-gig-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mf-gig-calendar-bf34e0d076673dbb1080a2742b54fd0c.yaml b/nuclei-templates/cve-less/plugins/mf-gig-calendar-bf34e0d076673dbb1080a2742b54fd0c.yaml new file mode 100644 index 0000000000..f6522e6825 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mf-gig-calendar-bf34e0d076673dbb1080a2742b54fd0c.yaml @@ -0,0 +1,58 @@ +id: mf-gig-calendar-bf34e0d076673dbb1080a2742b54fd0c + +info: + name: > + MF Gig Calendar <= 0.9.4.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4ba2243-8a4f-4ecb-8f77-6f4fd24865e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mf-gig-calendar/" + google-query: inurl:"/wp-content/plugins/mf-gig-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mf-gig-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mf-gig-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mf-gig-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mf-gig-calendar-d0c53aa3e05b1c3e9ba3c621e2806fb1.yaml b/nuclei-templates/cve-less/plugins/mf-gig-calendar-d0c53aa3e05b1c3e9ba3c621e2806fb1.yaml new file mode 100644 index 0000000000..4e8dc3a57b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mf-gig-calendar-d0c53aa3e05b1c3e9ba3c621e2806fb1.yaml @@ -0,0 +1,58 @@ +id: mf-gig-calendar-d0c53aa3e05b1c3e9ba3c621e2806fb1 + +info: + name: > + MF Gig Calendar <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6c1a446-055b-4ac4-bceb-451c0fbe6369?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mf-gig-calendar/" + google-query: inurl:"/wp-content/plugins/mf-gig-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mf-gig-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mf-gig-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mf-gig-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mgl-instagram-gallery-fe1f1b8568ab900402e4ee21af348064.yaml b/nuclei-templates/cve-less/plugins/mgl-instagram-gallery-fe1f1b8568ab900402e4ee21af348064.yaml new file mode 100644 index 0000000000..0077a661da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mgl-instagram-gallery-fe1f1b8568ab900402e4ee21af348064.yaml @@ -0,0 +1,58 @@ +id: mgl-instagram-gallery-fe1f1b8568ab900402e4ee21af348064 + +info: + name: > + mgl-instagram-gallery Plugin (Unknown Versions) - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dad7078d-16bf-4ca9-9a59-7b8374a1b49e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mgl-instagram-gallery/" + google-query: inurl:"/wp-content/plugins/mgl-instagram-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mgl-instagram-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mgl-instagram-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mgl-instagram-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mhr-post-ticker-ff23d770fb11fdc3c77523a1486cf3a6.yaml b/nuclei-templates/cve-less/plugins/mhr-post-ticker-ff23d770fb11fdc3c77523a1486cf3a6.yaml new file mode 100644 index 0000000000..7a7fa9ac15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mhr-post-ticker-ff23d770fb11fdc3c77523a1486cf3a6.yaml @@ -0,0 +1,58 @@ +id: mhr-post-ticker-ff23d770fb11fdc3c77523a1486cf3a6 + +info: + name: > + Mhr Post Ticker <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f89bb45-2872-4081-a3b8-a1f11bbdbc55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mhr-post-ticker/" + google-query: inurl:"/wp-content/plugins/mhr-post-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mhr-post-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mhr-post-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mhr-post-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/microblog-poster-02bdb4a60f8caf982b09839a595e4b9c.yaml b/nuclei-templates/cve-less/plugins/microblog-poster-02bdb4a60f8caf982b09839a595e4b9c.yaml new file mode 100644 index 0000000000..62a7981787 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/microblog-poster-02bdb4a60f8caf982b09839a595e4b9c.yaml @@ -0,0 +1,58 @@ +id: microblog-poster-02bdb4a60f8caf982b09839a595e4b9c + +info: + name: > + Microblog Poster < 1.6.2 - Authenticated Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fbf8a8f-56f7-42ae-bf96-30a2df6da378?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/microblog-poster/" + google-query: inurl:"/wp-content/plugins/microblog-poster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,microblog-poster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/microblog-poster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "microblog-poster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/microcopy-f8764dadc75611aef7a1572c7ab006f8.yaml b/nuclei-templates/cve-less/plugins/microcopy-f8764dadc75611aef7a1572c7ab006f8.yaml new file mode 100644 index 0000000000..77fd8f9706 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/microcopy-f8764dadc75611aef7a1572c7ab006f8.yaml @@ -0,0 +1,58 @@ +id: microcopy-f8764dadc75611aef7a1572c7ab006f8 + +info: + name: > + MicroCopy <= 1.1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/637af5d1-eed3-4216-8d47-e68f83c63f43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/microcopy/" + google-query: inurl:"/wp-content/plugins/microcopy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,microcopy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/microcopy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "microcopy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/microkids-related-posts-356ad590173ed87428302fe3f1cc7ead.yaml b/nuclei-templates/cve-less/plugins/microkids-related-posts-356ad590173ed87428302fe3f1cc7ead.yaml new file mode 100644 index 0000000000..85d96c63ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/microkids-related-posts-356ad590173ed87428302fe3f1cc7ead.yaml @@ -0,0 +1,58 @@ +id: microkids-related-posts-356ad590173ed87428302fe3f1cc7ead + +info: + name: > + Related Posts for WordPress <= 4.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/308c9d72-4739-4fcd-8e04-b24edc19ec06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/microkids-related-posts/" + google-query: inurl:"/wp-content/plugins/microkids-related-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,microkids-related-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/microkids-related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "microkids-related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/microsoft-advertising-universal-event-tracking-uet-4a64b780bf144c05e7e8310b30ac549a.yaml b/nuclei-templates/cve-less/plugins/microsoft-advertising-universal-event-tracking-uet-4a64b780bf144c05e7e8310b30ac549a.yaml new file mode 100644 index 0000000000..86df63fd55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/microsoft-advertising-universal-event-tracking-uet-4a64b780bf144c05e7e8310b30ac549a.yaml @@ -0,0 +1,58 @@ +id: microsoft-advertising-universal-event-tracking-uet-4a64b780bf144c05e7e8310b30ac549a + +info: + name: > + Microsoft Advertising Universal Event Tracking (UET) <= 1.0.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be374684-bb02-4d2c-b8a0-ed435c7c8569?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/microsoft-advertising-universal-event-tracking-uet/" + google-query: inurl:"/wp-content/plugins/microsoft-advertising-universal-event-tracking-uet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,microsoft-advertising-universal-event-tracking-uet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/microsoft-advertising-universal-event-tracking-uet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "microsoft-advertising-universal-event-tracking-uet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/microsoft-clarity-41374c7f8d145b4ed7aa35f41d920496.yaml b/nuclei-templates/cve-less/plugins/microsoft-clarity-41374c7f8d145b4ed7aa35f41d920496.yaml new file mode 100644 index 0000000000..87e506cb38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/microsoft-clarity-41374c7f8d145b4ed7aa35f41d920496.yaml @@ -0,0 +1,58 @@ +id: microsoft-clarity-41374c7f8d145b4ed7aa35f41d920496 + +info: + name: > + Microsoft Clarity <= 0.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da3070aa-fae8-465a-95e5-ae92dcd89f66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/microsoft-clarity/" + google-query: inurl:"/wp-content/plugins/microsoft-clarity/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,microsoft-clarity,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/microsoft-clarity/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "microsoft-clarity" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/microsoft-clarity-e52bfc62f1976371888e01a2d756b470.yaml b/nuclei-templates/cve-less/plugins/microsoft-clarity-e52bfc62f1976371888e01a2d756b470.yaml new file mode 100644 index 0000000000..0583c34088 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/microsoft-clarity-e52bfc62f1976371888e01a2d756b470.yaml @@ -0,0 +1,58 @@ +id: microsoft-clarity-e52bfc62f1976371888e01a2d756b470 + +info: + name: > + Microsoft Clarity <= 0.9.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2f4461b-1373-4d09-8430-14d1961e1644?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/microsoft-clarity/" + google-query: inurl:"/wp-content/plugins/microsoft-clarity/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,microsoft-clarity,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/microsoft-clarity/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "microsoft-clarity" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mighty-addons-57c5519a5f47ee08f543aeb9d674466b.yaml b/nuclei-templates/cve-less/plugins/mighty-addons-57c5519a5f47ee08f543aeb9d674466b.yaml new file mode 100644 index 0000000000..bbc4fef443 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mighty-addons-57c5519a5f47ee08f543aeb9d674466b.yaml @@ -0,0 +1,58 @@ +id: mighty-addons-57c5519a5f47ee08f543aeb9d674466b + +info: + name: > + Mighty Addons for Elementor <= 1.9.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/484d8d14-049d-4fd5-adb8-ad9942bba794?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mighty-addons/" + google-query: inurl:"/wp-content/plugins/mighty-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mighty-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mighty-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mighty-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/migrate-users-2bf14b27cfeeb5a91ab7cdef09310906.yaml b/nuclei-templates/cve-less/plugins/migrate-users-2bf14b27cfeeb5a91ab7cdef09310906.yaml new file mode 100644 index 0000000000..e399651718 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/migrate-users-2bf14b27cfeeb5a91ab7cdef09310906.yaml @@ -0,0 +1,58 @@ +id: migrate-users-2bf14b27cfeeb5a91ab7cdef09310906 + +info: + name: > + Migrate Users <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1925082-eeee-4472-9721-c6205782d567?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/migrate-users/" + google-query: inurl:"/wp-content/plugins/migrate-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,migrate-users,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/migrate-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "migrate-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mihanpanel-lite-fe8e1355a12b62369103d3644c987bb7.yaml b/nuclei-templates/cve-less/plugins/mihanpanel-lite-fe8e1355a12b62369103d3644c987bb7.yaml new file mode 100644 index 0000000000..2dc294f957 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mihanpanel-lite-fe8e1355a12b62369103d3644c987bb7.yaml @@ -0,0 +1,58 @@ +id: mihanpanel-lite-fe8e1355a12b62369103d3644c987bb7 + +info: + name: > + MihanPanel <= 12.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef528553-4037-43e0-af2d-8324412147f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mihanpanel-lite/" + google-query: inurl:"/wp-content/plugins/mihanpanel-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mihanpanel-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mihanpanel-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mihanpanel-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mihdan-index-now-5f88cf9fcaa2bf2f8f88d764e30b12bd.yaml b/nuclei-templates/cve-less/plugins/mihdan-index-now-5f88cf9fcaa2bf2f8f88d764e30b12bd.yaml new file mode 100644 index 0000000000..5ce26d53ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mihdan-index-now-5f88cf9fcaa2bf2f8f88d764e30b12bd.yaml @@ -0,0 +1,58 @@ +id: mihdan-index-now-5f88cf9fcaa2bf2f8f88d764e30b12bd + +info: + name: > + Index Now <= 2.6.3 - Cross-Site Request Forgery via reset_form + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7641d52-e930-4143-9180-2903d018da91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mihdan-index-now/" + google-query: inurl:"/wp-content/plugins/mihdan-index-now/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mihdan-index-now,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mihdan-index-now/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mihdan-index-now" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mihdan-no-external-links-115be693fa2aef7e78774bec69a9ed0c.yaml b/nuclei-templates/cve-less/plugins/mihdan-no-external-links-115be693fa2aef7e78774bec69a9ed0c.yaml new file mode 100644 index 0000000000..1e4f41fa8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mihdan-no-external-links-115be693fa2aef7e78774bec69a9ed0c.yaml @@ -0,0 +1,58 @@ +id: mihdan-no-external-links-115be693fa2aef7e78774bec69a9ed0c + +info: + name: > + Mihdan: No External Links <= 4.7.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7778de0-591e-469a-acb2-5a66490a4690?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mihdan-no-external-links/" + google-query: inurl:"/wp-content/plugins/mihdan-no-external-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mihdan-no-external-links,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mihdan-no-external-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mihdan-no-external-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mihdan-yandex-turbo-feed-3155835b4a53204a1664eff58384d4a4.yaml b/nuclei-templates/cve-less/plugins/mihdan-yandex-turbo-feed-3155835b4a53204a1664eff58384d4a4.yaml new file mode 100644 index 0000000000..298ca986e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mihdan-yandex-turbo-feed-3155835b4a53204a1664eff58384d4a4.yaml @@ -0,0 +1,58 @@ +id: mihdan-yandex-turbo-feed-3155835b4a53204a1664eff58384d4a4 + +info: + name: > + Mihdan: Yandex Turbo Feed <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ecf99ef-f879-426f-8a05-129be77f1157?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mihdan-yandex-turbo-feed/" + google-query: inurl:"/wp-content/plugins/mihdan-yandex-turbo-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mihdan-yandex-turbo-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mihdan-yandex-turbo-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mihdan-yandex-turbo-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mikiurl-wordpress-eklentisi-a8ffd5b000a53e3a5bfd7f4581d6cb26.yaml b/nuclei-templates/cve-less/plugins/mikiurl-wordpress-eklentisi-a8ffd5b000a53e3a5bfd7f4581d6cb26.yaml new file mode 100644 index 0000000000..45e79c8594 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mikiurl-wordpress-eklentisi-a8ffd5b000a53e3a5bfd7f4581d6cb26.yaml @@ -0,0 +1,58 @@ +id: mikiurl-wordpress-eklentisi-a8ffd5b000a53e3a5bfd7f4581d6cb26 + +info: + name: > + Mikiurl Wordpress Eklentisi <= 2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcf4a063-6954-4414-a2ee-d92f4192f4d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mikiurl-wordpress-eklentisi/" + google-query: inurl:"/wp-content/plugins/mikiurl-wordpress-eklentisi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mikiurl-wordpress-eklentisi,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mikiurl-wordpress-eklentisi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mikiurl-wordpress-eklentisi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mimetic-books-a4f62ab934de0d3b7e3d119485cf9183.yaml b/nuclei-templates/cve-less/plugins/mimetic-books-a4f62ab934de0d3b7e3d119485cf9183.yaml new file mode 100644 index 0000000000..2420fc687f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mimetic-books-a4f62ab934de0d3b7e3d119485cf9183.yaml @@ -0,0 +1,58 @@ +id: mimetic-books-a4f62ab934de0d3b7e3d119485cf9183 + +info: + name: > + Mimetic Books <= 0.2.13 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4bca364b-c8dc-4c32-a640-0e9f3155a40f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mimetic-books/" + google-query: inurl:"/wp-content/plugins/mimetic-books/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mimetic-books,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mimetic-books/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mimetic-books" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/min-and-max-purchase-for-woocommerce-e69e5ad6d5e1c350a8e72b9f067b0efd.yaml b/nuclei-templates/cve-less/plugins/min-and-max-purchase-for-woocommerce-e69e5ad6d5e1c350a8e72b9f067b0efd.yaml new file mode 100644 index 0000000000..0b31b78412 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/min-and-max-purchase-for-woocommerce-e69e5ad6d5e1c350a8e72b9f067b0efd.yaml @@ -0,0 +1,58 @@ +id: min-and-max-purchase-for-woocommerce-e69e5ad6d5e1c350a8e72b9f067b0efd + +info: + name: > + Min and Max Purchase for WooCommerce <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b038c9e-9053-43aa-99f2-cba660d2a7ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/min-and-max-purchase-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/min-and-max-purchase-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,min-and-max-purchase-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/min-and-max-purchase-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "min-and-max-purchase-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mingle-forum-4a9495cead71bfc76b3becea53804acd.yaml b/nuclei-templates/cve-less/plugins/mingle-forum-4a9495cead71bfc76b3becea53804acd.yaml new file mode 100644 index 0000000000..5370ed6036 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mingle-forum-4a9495cead71bfc76b3becea53804acd.yaml @@ -0,0 +1,58 @@ +id: mingle-forum-4a9495cead71bfc76b3becea53804acd + +info: + name: > + Mingle Forum <= 1.0.34 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a44d391-63e0-46a5-83fd-5624055705ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mingle-forum/" + google-query: inurl:"/wp-content/plugins/mingle-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mingle-forum,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mingle-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mingle-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mingle-forum-8baae250cdfb2a5ad0824fa7bf9c8a47.yaml b/nuclei-templates/cve-less/plugins/mingle-forum-8baae250cdfb2a5ad0824fa7bf9c8a47.yaml new file mode 100644 index 0000000000..e569d3365b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mingle-forum-8baae250cdfb2a5ad0824fa7bf9c8a47.yaml @@ -0,0 +1,58 @@ +id: mingle-forum-8baae250cdfb2a5ad0824fa7bf9c8a47 + +info: + name: > + Mingle Forum <= 1.0.33.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc8e2042-93aa-454a-97b7-283d8a22bf46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mingle-forum/" + google-query: inurl:"/wp-content/plugins/mingle-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mingle-forum,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mingle-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mingle-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.33.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mingle-forum-ca1107b3905cae6801d38dcd71b363a8.yaml b/nuclei-templates/cve-less/plugins/mingle-forum-ca1107b3905cae6801d38dcd71b363a8.yaml new file mode 100644 index 0000000000..cd9b16fa6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mingle-forum-ca1107b3905cae6801d38dcd71b363a8.yaml @@ -0,0 +1,58 @@ +id: mingle-forum-ca1107b3905cae6801d38dcd71b363a8 + +info: + name: > + Mingle Forum <= 1.0.32.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0644fc5-6b37-4730-a051-f36dec650649?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mingle-forum/" + google-query: inurl:"/wp-content/plugins/mingle-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mingle-forum,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mingle-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mingle-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mingle-forum-f5e683528ca64d9d4bdd8fbc39278345.yaml b/nuclei-templates/cve-less/plugins/mingle-forum-f5e683528ca64d9d4bdd8fbc39278345.yaml new file mode 100644 index 0000000000..6e933c8898 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mingle-forum-f5e683528ca64d9d4bdd8fbc39278345.yaml @@ -0,0 +1,58 @@ +id: mingle-forum-f5e683528ca64d9d4bdd8fbc39278345 + +info: + name: > + Mingle Forum <= 1.0.33.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/282a26e8-4848-4e40-bfe5-fe2ba40f198e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mingle-forum/" + google-query: inurl:"/wp-content/plugins/mingle-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mingle-forum,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mingle-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mingle-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.33.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mingle-forum-fb045d9c371baeb404b4c5f1d77f622c.yaml b/nuclei-templates/cve-less/plugins/mingle-forum-fb045d9c371baeb404b4c5f1d77f622c.yaml new file mode 100644 index 0000000000..76a5e54a88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mingle-forum-fb045d9c371baeb404b4c5f1d77f622c.yaml @@ -0,0 +1,58 @@ +id: mingle-forum-fb045d9c371baeb404b4c5f1d77f622c + +info: + name: > + Mingle Forum <= 1.0.32.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41d772e5-65a8-4cc5-a504-84473b75f19f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mingle-forum/" + google-query: inurl:"/wp-content/plugins/mingle-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mingle-forum,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mingle-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mingle-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.32.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mini-loops-43b8fe08466d27ab3e4146e678872b9a.yaml b/nuclei-templates/cve-less/plugins/mini-loops-43b8fe08466d27ab3e4146e678872b9a.yaml new file mode 100644 index 0000000000..84bb95c854 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mini-loops-43b8fe08466d27ab3e4146e678872b9a.yaml @@ -0,0 +1,58 @@ +id: mini-loops-43b8fe08466d27ab3e4146e678872b9a + +info: + name: > + Mini Loops <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bcb7d69-a444-4f45-a81d-631d95ec2a60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mini-loops/" + google-query: inurl:"/wp-content/plugins/mini-loops/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mini-loops,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mini-loops/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mini-loops" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mini-mail-dashboard-widget-72675dc0f12c8960a29f55b61a35c78f.yaml b/nuclei-templates/cve-less/plugins/mini-mail-dashboard-widget-72675dc0f12c8960a29f55b61a35c78f.yaml new file mode 100644 index 0000000000..a931818b3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mini-mail-dashboard-widget-72675dc0f12c8960a29f55b61a35c78f.yaml @@ -0,0 +1,58 @@ +id: mini-mail-dashboard-widget-72675dc0f12c8960a29f55b61a35c78f + +info: + name: > + Mini Mail Dashboard Widget < 1.43 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5536a6fd-3df0-4595-b71d-b8bcdbb64a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mini-mail-dashboard-widget/" + google-query: inurl:"/wp-content/plugins/mini-mail-dashboard-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mini-mail-dashboard-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mini-mail-dashboard-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mini-mail-dashboard-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.43') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/minify-html-markup-50f1f1c9543c7aff43ee35ce25ee5c01.yaml b/nuclei-templates/cve-less/plugins/minify-html-markup-50f1f1c9543c7aff43ee35ce25ee5c01.yaml new file mode 100644 index 0000000000..0aa53559cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/minify-html-markup-50f1f1c9543c7aff43ee35ce25ee5c01.yaml @@ -0,0 +1,58 @@ +id: minify-html-markup-50f1f1c9543c7aff43ee35ce25ee5c01 + +info: + name: > + Minify HTML <= 2.1.7 - Cross-Site Request Forgery in minify_html_menu_options + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef7cf633-e907-4da1-bd96-0013e88defbb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/minify-html-markup/" + google-query: inurl:"/wp-content/plugins/minify-html-markup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,minify-html-markup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/minify-html-markup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "minify-html-markup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-6ae34c162bf6aa13569eb35a0dbe9a73.yaml b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-6ae34c162bf6aa13569eb35a0dbe9a73.yaml new file mode 100644 index 0000000000..40ea664886 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-6ae34c162bf6aa13569eb35a0dbe9a73.yaml @@ -0,0 +1,58 @@ +id: minimal-coming-soon-maintenance-mode-6ae34c162bf6aa13569eb35a0dbe9a73 + +info: + name: > + Minimal Coming Soon & Maintenance Mode <= 2.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61d3f1f4-4cb9-4dd2-bda7-d08b2ccdbcba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/minimal-coming-soon-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/minimal-coming-soon-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/minimal-coming-soon-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "minimal-coming-soon-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-6ff8db6967b717d0cf958b73dfda5c1c.yaml b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-6ff8db6967b717d0cf958b73dfda5c1c.yaml new file mode 100644 index 0000000000..84295feb61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-6ff8db6967b717d0cf958b73dfda5c1c.yaml @@ -0,0 +1,58 @@ +id: minimal-coming-soon-maintenance-mode-6ff8db6967b717d0cf958b73dfda5c1c + +info: + name: > + Minimal Coming Soon & Maintenance Mode <= 2.16 - Missing Authorization to Export Settings/Theme Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0dc20a45-15b5-42d3-a484-988a394ee658?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/minimal-coming-soon-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/minimal-coming-soon-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/minimal-coming-soon-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "minimal-coming-soon-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-843fe9a3debf8db188ba99413c342e16.yaml b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-843fe9a3debf8db188ba99413c342e16.yaml new file mode 100644 index 0000000000..41e1241e05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-843fe9a3debf8db188ba99413c342e16.yaml @@ -0,0 +1,58 @@ +id: minimal-coming-soon-maintenance-mode-843fe9a3debf8db188ba99413c342e16 + +info: + name: > + Minimal Coming Soon & Maintenance Mode <= 2.10 - Cross-Site Request Forgery to Stored Cross-Site Scripting and Setting Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6320cd5f-c5a9-4731-9374-9b8b0838a1ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/minimal-coming-soon-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/minimal-coming-soon-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/minimal-coming-soon-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "minimal-coming-soon-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-f65f188c6963620914763af01a71f9a3.yaml b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-f65f188c6963620914763af01a71f9a3.yaml new file mode 100644 index 0000000000..b4a8746b2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/minimal-coming-soon-maintenance-mode-f65f188c6963620914763af01a71f9a3.yaml @@ -0,0 +1,58 @@ +id: minimal-coming-soon-maintenance-mode-f65f188c6963620914763af01a71f9a3 + +info: + name: > + Minimal Coming Soon – Coming Soon Page <= 2.37 - Unauthenticated Maintenance Mode Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78203b98-15bc-4d8e-9278-c472b518be07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/minimal-coming-soon-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/minimal-coming-soon-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,minimal-coming-soon-maintenance-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/minimal-coming-soon-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "minimal-coming-soon-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/minimum-purchase-for-woocommerce-ae760478256ed9e96e189f019a687210.yaml b/nuclei-templates/cve-less/plugins/minimum-purchase-for-woocommerce-ae760478256ed9e96e189f019a687210.yaml new file mode 100644 index 0000000000..091baa268b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/minimum-purchase-for-woocommerce-ae760478256ed9e96e189f019a687210.yaml @@ -0,0 +1,58 @@ +id: minimum-purchase-for-woocommerce-ae760478256ed9e96e189f019a687210 + +info: + name: > + Minimum Purchase for WooCommerce <= 2.0.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4633c5b1-a6e3-4ee8-94ca-8afa8ff16a35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/minimum-purchase-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/minimum-purchase-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,minimum-purchase-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/minimum-purchase-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "minimum-purchase-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-171f9c1d23a1dd854f2389f7ab9f2720.yaml b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-171f9c1d23a1dd854f2389f7ab9f2720.yaml new file mode 100644 index 0000000000..d3cb9fd17a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-171f9c1d23a1dd854f2389f7ab9f2720.yaml @@ -0,0 +1,58 @@ +id: miniorange-2-factor-authentication-171f9c1d23a1dd854f2389f7ab9f2720 + +info: + name: > + miniOrange's Google Authenticator <= 5.6.1 - Sensitive Data Exposure of Multifactor Backup Codes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e54185-a917-49cd-b99d-5b773a7ed06a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-2-factor-authentication/" + google-query: inurl:"/wp-content/plugins/miniorange-2-factor-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-2-factor-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-2-factor-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-475af873f1e12ccee816ba0a881cf405.yaml b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-475af873f1e12ccee816ba0a881cf405.yaml new file mode 100644 index 0000000000..b9dd499785 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-475af873f1e12ccee816ba0a881cf405.yaml @@ -0,0 +1,58 @@ +id: miniorange-2-factor-authentication-475af873f1e12ccee816ba0a881cf405 + +info: + name: > + miniOrange's Google Authenticator <= 5.4.52 - Unauthenticated Arbitrary Options Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f53875aa-9347-464c-aaeb-e8248628fca2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-2-factor-authentication/" + google-query: inurl:"/wp-content/plugins/miniorange-2-factor-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-2-factor-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-2-factor-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-4764645e6471ac58214ba2ea5f55bde8.yaml b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-4764645e6471ac58214ba2ea5f55bde8.yaml new file mode 100644 index 0000000000..622c1e6497 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-4764645e6471ac58214ba2ea5f55bde8.yaml @@ -0,0 +1,58 @@ +id: miniorange-2-factor-authentication-4764645e6471ac58214ba2ea5f55bde8 + +info: + name: > + miniOrange's Google Authenticator <= 5.5.5 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90c0eb3e-b3f1-483c-9afd-2bbc4ff0cdf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-2-factor-authentication/" + google-query: inurl:"/wp-content/plugins/miniorange-2-factor-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-2-factor-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-2-factor-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-8c3657d5aee544c7f980b9786567d40a.yaml b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-8c3657d5aee544c7f980b9786567d40a.yaml new file mode 100644 index 0000000000..ed4f435dea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-8c3657d5aee544c7f980b9786567d40a.yaml @@ -0,0 +1,58 @@ +id: miniorange-2-factor-authentication-8c3657d5aee544c7f980b9786567d40a + +info: + name: > + miniOrange's Google Authenticator <= 5.6.1 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9ea24b5-ef7d-4bd5-bddb-46082a4a0763?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-2-factor-authentication/" + google-query: inurl:"/wp-content/plugins/miniorange-2-factor-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-2-factor-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-2-factor-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-e8c972936c2236ad7c5d5d3d5c2525c1.yaml b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-e8c972936c2236ad7c5d5d3d5c2525c1.yaml new file mode 100644 index 0000000000..e9b4ba1b61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-2-factor-authentication-e8c972936c2236ad7c5d5d3d5c2525c1.yaml @@ -0,0 +1,58 @@ +id: miniorange-2-factor-authentication-e8c972936c2236ad7c5d5d3d5c2525c1 + +info: + name: > + miniOrange's Google Authenticator <= 5.6.5 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7267ede1-7745-47cc-ac0d-4362140b4c23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-2-factor-authentication/" + google-query: inurl:"/wp-content/plugins/miniorange-2-factor-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-2-factor-authentication,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-2-factor-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-2-factor-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-discord-integration-14052cb4248c1d727995c47dc9e235be.yaml b/nuclei-templates/cve-less/plugins/miniorange-discord-integration-14052cb4248c1d727995c47dc9e235be.yaml new file mode 100644 index 0000000000..435b123468 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-discord-integration-14052cb4248c1d727995c47dc9e235be.yaml @@ -0,0 +1,58 @@ +id: miniorange-discord-integration-14052cb4248c1d727995c47dc9e235be + +info: + name: > + miniOrange Discord Integration <= 2.1.5 - Missing Authorization to Plugin Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19062e84-7ce5-400e-a404-2bb4286cc09e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-discord-integration/" + google-query: inurl:"/wp-content/plugins/miniorange-discord-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-discord-integration,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-discord-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-discord-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-google-authenticator-056a681add2c2e01374393f870550b92.yaml b/nuclei-templates/cve-less/plugins/miniorange-google-authenticator-056a681add2c2e01374393f870550b92.yaml new file mode 100644 index 0000000000..39ab2eecd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-google-authenticator-056a681add2c2e01374393f870550b92.yaml @@ -0,0 +1,58 @@ +id: miniorange-google-authenticator-056a681add2c2e01374393f870550b92 + +info: + name: > + Login With OTP Over SMS, Email, WhatsApp and Google Authenticator <= 1.0.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bfc0128-a8ef-4bb9-b5c8-7003f270aa36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-google-authenticator/" + google-query: inurl:"/wp-content/plugins/miniorange-google-authenticator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-google-authenticator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-google-authenticator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-google-authenticator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-google-authenticator-0afb6b2d10846bc66cf5079f2d5cff9d.yaml b/nuclei-templates/cve-less/plugins/miniorange-google-authenticator-0afb6b2d10846bc66cf5079f2d5cff9d.yaml new file mode 100644 index 0000000000..c1207ff667 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-google-authenticator-0afb6b2d10846bc66cf5079f2d5cff9d.yaml @@ -0,0 +1,58 @@ +id: miniorange-google-authenticator-0afb6b2d10846bc66cf5079f2d5cff9d + +info: + name: > + Login With OTP Over SMS, Email, WhatsApp and Google Authenticator <= 1.0.4 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22b539c8-a6f1-4543-9e63-08ee4d468ee0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-google-authenticator/" + google-query: inurl:"/wp-content/plugins/miniorange-google-authenticator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-google-authenticator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-google-authenticator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-google-authenticator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-limit-login-attempts-1c092eb4ba33ccf4bb9feb95671821cb.yaml b/nuclei-templates/cve-less/plugins/miniorange-limit-login-attempts-1c092eb4ba33ccf4bb9feb95671821cb.yaml new file mode 100644 index 0000000000..95c5cfaaed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-limit-login-attempts-1c092eb4ba33ccf4bb9feb95671821cb.yaml @@ -0,0 +1,58 @@ +id: miniorange-limit-login-attempts-1c092eb4ba33ccf4bb9feb95671821cb + +info: + name: > + Limit Login Attempts <= 4.0.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3613f95-8338-40b8-8b16-2714fa3474ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-limit-login-attempts/" + google-query: inurl:"/wp-content/plugins/miniorange-limit-login-attempts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-limit-login-attempts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-limit-login-attempts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-limit-login-attempts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-limit-login-attempts-6f5594aa21d74ab20f466ec04157beee.yaml b/nuclei-templates/cve-less/plugins/miniorange-limit-login-attempts-6f5594aa21d74ab20f466ec04157beee.yaml new file mode 100644 index 0000000000..d0c8ade4f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-limit-login-attempts-6f5594aa21d74ab20f466ec04157beee.yaml @@ -0,0 +1,58 @@ +id: miniorange-limit-login-attempts-6f5594aa21d74ab20f466ec04157beee + +info: + name: > + MiniOrange Limit Login Attempts <= 4.0.72 - Administrator+ Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40e61b9f-2350-410e-bb3d-59329ac08658?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-limit-login-attempts/" + google-query: inurl:"/wp-content/plugins/miniorange-limit-login-attempts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-limit-login-attempts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-limit-login-attempts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-limit-login-attempts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.71') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-openid-0881f47c3594ae8da08c18a925e96922.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-openid-0881f47c3594ae8da08c18a925e96922.yaml new file mode 100644 index 0000000000..21a470a4cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-login-openid-0881f47c3594ae8da08c18a925e96922.yaml @@ -0,0 +1,58 @@ +id: miniorange-login-openid-0881f47c3594ae8da08c18a925e96922 + +info: + name: > + WordPress Social Login and Register <=7.5.12 - Missing Authorization to Plugin Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ffb9a8e-b08f-451b-bdb5-268d7b618b66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-login-openid/" + google-query: inurl:"/wp-content/plugins/miniorange-login-openid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-login-openid,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-login-openid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-login-openid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '7.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-openid-5585b9de0a3cacd6beb8b8edc279fcc3.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-openid-5585b9de0a3cacd6beb8b8edc279fcc3.yaml new file mode 100644 index 0000000000..8d1241b61c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-login-openid-5585b9de0a3cacd6beb8b8edc279fcc3.yaml @@ -0,0 +1,58 @@ +id: miniorange-login-openid-5585b9de0a3cacd6beb8b8edc279fcc3 + +info: + name: > + WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faac24e5-94f2-40e5-932e-93ddc2c8af7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-login-openid/" + google-query: inurl:"/wp-content/plugins/miniorange-login-openid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-login-openid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-login-openid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-login-openid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-openid-5e2f11a884ccbe34c9944f9c84b1340e.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-openid-5e2f11a884ccbe34c9944f9c84b1340e.yaml new file mode 100644 index 0000000000..0dcd484ee4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-login-openid-5e2f11a884ccbe34c9944f9c84b1340e.yaml @@ -0,0 +1,58 @@ +id: miniorange-login-openid-5e2f11a884ccbe34c9944f9c84b1340e + +info: + name: > + WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.6 - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45668368-5846-41bb-b862-dfeb283e83cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-login-openid/" + google-query: inurl:"/wp-content/plugins/miniorange-login-openid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-login-openid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-login-openid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-login-openid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-openid-65a50bc077f23975d5d3179b1fb56daa.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-openid-65a50bc077f23975d5d3179b1fb56daa.yaml new file mode 100644 index 0000000000..9ffca3dd62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-login-openid-65a50bc077f23975d5d3179b1fb56daa.yaml @@ -0,0 +1,58 @@ +id: miniorange-login-openid-65a50bc077f23975d5d3179b1fb56daa + +info: + name: > + WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08ca186a-2486-4a58-9c53-03e9eba13e66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-login-openid/" + google-query: inurl:"/wp-content/plugins/miniorange-login-openid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-login-openid,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-login-openid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-login-openid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-openid-7a725b90d4cc282b22e04990737c3b98.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-openid-7a725b90d4cc282b22e04990737c3b98.yaml new file mode 100644 index 0000000000..86a3ca45e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-login-openid-7a725b90d4cc282b22e04990737c3b98.yaml @@ -0,0 +1,58 @@ +id: miniorange-login-openid-7a725b90d4cc282b22e04990737c3b98 + +info: + name: > + WordPress Social Login and Register <= 7.6.0 - Missing Authorization to Unauthenticated Arbitrary Content Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/021a25c9-7fad-425f-8104-bb4852603613?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-login-openid/" + google-query: inurl:"/wp-content/plugins/miniorange-login-openid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-login-openid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-login-openid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-login-openid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-openid-c57529c85cbb2380b599b6f25e5d1cbd.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-openid-c57529c85cbb2380b599b6f25e5d1cbd.yaml new file mode 100644 index 0000000000..347adfdd42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-login-openid-c57529c85cbb2380b599b6f25e5d1cbd.yaml @@ -0,0 +1,58 @@ +id: miniorange-login-openid-c57529c85cbb2380b599b6f25e5d1cbd + +info: + name: > + WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.5.14 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca91046d-61c1-4a65-a078-c7dffb27092c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-login-openid/" + google-query: inurl:"/wp-content/plugins/miniorange-login-openid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-login-openid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-login-openid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-login-openid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-225cea6ba5a10bdee2c9620d04168830.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-225cea6ba5a10bdee2c9620d04168830.yaml new file mode 100644 index 0000000000..9aeb911e42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-225cea6ba5a10bdee2c9620d04168830.yaml @@ -0,0 +1,58 @@ +id: miniorange-login-with-eve-online-google-facebook-225cea6ba5a10bdee2c9620d04168830 + +info: + name: > + OAuth Single Sign On – SSO (OAuth Client) <= 6.23.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d166a77-d57b-4827-96ca-b8eb423861f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-login-with-eve-online-google-facebook/" + google-query: inurl:"/wp-content/plugins/miniorange-login-with-eve-online-google-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-login-with-eve-online-google-facebook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-login-with-eve-online-google-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-login-with-eve-online-google-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.23.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-8d13a40428bf38232a4e5bb1180f642a.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-8d13a40428bf38232a4e5bb1180f642a.yaml new file mode 100644 index 0000000000..5baddeb7b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-8d13a40428bf38232a4e5bb1180f642a.yaml @@ -0,0 +1,58 @@ +id: miniorange-login-with-eve-online-google-facebook-8d13a40428bf38232a4e5bb1180f642a + +info: + name: > + OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1- Cross-Site Request Forgery via 'discard' in mooauth_client_applist_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a250f678-1ec7-48ea-8b81-e5ef89992155?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-login-with-eve-online-google-facebook/" + google-query: inurl:"/wp-content/plugins/miniorange-login-with-eve-online-google-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-login-with-eve-online-google-facebook,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-login-with-eve-online-google-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-login-with-eve-online-google-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.24.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-9d80c6cd84258efd69f77a8f06dc55b8.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-9d80c6cd84258efd69f77a8f06dc55b8.yaml new file mode 100644 index 0000000000..8d109ec54f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-9d80c6cd84258efd69f77a8f06dc55b8.yaml @@ -0,0 +1,58 @@ +id: miniorange-login-with-eve-online-google-facebook-9d80c6cd84258efd69f77a8f06dc55b8 + +info: + name: > + OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fae6e691-0d2a-4784-8ab1-4923d650a703?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-login-with-eve-online-google-facebook/" + google-query: inurl:"/wp-content/plugins/miniorange-login-with-eve-online-google-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-login-with-eve-online-google-facebook,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-login-with-eve-online-google-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-login-with-eve-online-google-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.22.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-fd8ebcf9d5fa5c6862626035f1ed028e.yaml b/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-fd8ebcf9d5fa5c6862626035f1ed028e.yaml new file mode 100644 index 0000000000..1ef3c48018 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-login-with-eve-online-google-facebook-fd8ebcf9d5fa5c6862626035f1ed028e.yaml @@ -0,0 +1,58 @@ +id: miniorange-login-with-eve-online-google-facebook-fd8ebcf9d5fa5c6862626035f1ed028e + +info: + name: > + OAuth Single Sign On – SSO (OAuth Client) <= 6.24.1 - Cross-Site Request Forgery via 'delete' in mooauth_client_applist_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6658edb-11dc-4594-8936-95d60d581f49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-login-with-eve-online-google-facebook/" + google-query: inurl:"/wp-content/plugins/miniorange-login-with-eve-online-google-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-login-with-eve-online-google-facebook,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-login-with-eve-online-google-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-login-with-eve-online-google-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.24.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-malware-protection-504399029097a5e86b5ba9c9da19637b.yaml b/nuclei-templates/cve-less/plugins/miniorange-malware-protection-504399029097a5e86b5ba9c9da19637b.yaml new file mode 100644 index 0000000000..3ee0d0a637 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-malware-protection-504399029097a5e86b5ba9c9da19637b.yaml @@ -0,0 +1,58 @@ +id: miniorange-malware-protection-504399029097a5e86b5ba9c9da19637b + +info: + name: > + Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6347f588-a3fd-4909-ad57-9d78787b5728?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-malware-protection/" + google-query: inurl:"/wp-content/plugins/miniorange-malware-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-malware-protection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-malware-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-malware-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-malware-protection-65d716f9ae4f07532a2c4f0b876ee91a.yaml b/nuclei-templates/cve-less/plugins/miniorange-malware-protection-65d716f9ae4f07532a2c4f0b876ee91a.yaml new file mode 100644 index 0000000000..af79474c7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-malware-protection-65d716f9ae4f07532a2c4f0b876ee91a.yaml @@ -0,0 +1,58 @@ +id: miniorange-malware-protection-65d716f9ae4f07532a2c4f0b876ee91a + +info: + name: > + Malware Scanner <= 4.7.2 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b26996cf-acea-41fb-ad2f-167f41d31cea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-malware-protection/" + google-query: inurl:"/wp-content/plugins/miniorange-malware-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-malware-protection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-malware-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-malware-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-malware-protection-7ed5021e959e36c29209eaf63566fdb5.yaml b/nuclei-templates/cve-less/plugins/miniorange-malware-protection-7ed5021e959e36c29209eaf63566fdb5.yaml new file mode 100644 index 0000000000..9965c77e31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-malware-protection-7ed5021e959e36c29209eaf63566fdb5.yaml @@ -0,0 +1,58 @@ +id: miniorange-malware-protection-7ed5021e959e36c29209eaf63566fdb5 + +info: + name: > + miniOrange’s Malware Scanner <= 4.5.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f01e9908-c4d7-4eaf-8bba-4f5da7fa7703?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-malware-protection/" + google-query: inurl:"/wp-content/plugins/miniorange-malware-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-malware-protection,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-malware-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-malware-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-malware-protection-86d39e17ff25614aec648f264a3fb15c.yaml b/nuclei-templates/cve-less/plugins/miniorange-malware-protection-86d39e17ff25614aec648f264a3fb15c.yaml new file mode 100644 index 0000000000..7ca98911d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-malware-protection-86d39e17ff25614aec648f264a3fb15c.yaml @@ -0,0 +1,58 @@ +id: miniorange-malware-protection-86d39e17ff25614aec648f264a3fb15c + +info: + name: > + Malware Scanner <= 4.7.1 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb19fd06-7b2c-41a1-a470-230da7ce944d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-malware-protection/" + google-query: inurl:"/wp-content/plugins/miniorange-malware-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-malware-protection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-malware-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-malware-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-oauth-20-server-d2f88ba803df2886b1661d9e9022a666.yaml b/nuclei-templates/cve-less/plugins/miniorange-oauth-20-server-d2f88ba803df2886b1661d9e9022a666.yaml new file mode 100644 index 0000000000..755ac2d412 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-oauth-20-server-d2f88ba803df2886b1661d9e9022a666.yaml @@ -0,0 +1,58 @@ +id: miniorange-oauth-20-server-d2f88ba803df2886b1661d9e9022a666 + +info: + name: > + WP OAuth Server <= 3.0.4 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f13b2dd-4832-4646-828c-ba2df1eb7d33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-oauth-20-server/" + google-query: inurl:"/wp-content/plugins/miniorange-oauth-20-server/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-oauth-20-server,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-oauth-20-server/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-oauth-20-server" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-otp-verification-0cc0c3f4bf4487c2d84931d62250a698.yaml b/nuclei-templates/cve-less/plugins/miniorange-otp-verification-0cc0c3f4bf4487c2d84931d62250a698.yaml new file mode 100644 index 0000000000..58f2f6943f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-otp-verification-0cc0c3f4bf4487c2d84931d62250a698.yaml @@ -0,0 +1,58 @@ +id: miniorange-otp-verification-0cc0c3f4bf4487c2d84931d62250a698 + +info: + name: > + miniorange otp verification <= 4.2.1 - Missing Authorization via dismiss_notice + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62ea1427-0990-4645-aa1a-42da6fd3944f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-otp-verification/" + google-query: inurl:"/wp-content/plugins/miniorange-otp-verification/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-otp-verification,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-otp-verification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-otp-verification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-17d0dd4ca47cd3783ad012601e5033f4.yaml b/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-17d0dd4ca47cd3783ad012601e5033f4.yaml new file mode 100644 index 0000000000..297a1a26ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-17d0dd4ca47cd3783ad012601e5033f4.yaml @@ -0,0 +1,58 @@ +id: miniorange-saml-20-single-sign-on-17d0dd4ca47cd3783ad012601e5033f4 + +info: + name: > + SAML Single Sign On – SSO Login Premium Multisite < 20.0.7 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1adcc627-c371-452b-95b7-25c659117116?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-saml-20-single-sign-on/" + google-query: inurl:"/wp-content/plugins/miniorange-saml-20-single-sign-on/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-saml-20-single-sign-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-saml-20-single-sign-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 16', '< 16.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-27f647997621b679fa1b99cbf345bdbe.yaml b/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-27f647997621b679fa1b99cbf345bdbe.yaml new file mode 100644 index 0000000000..a862f20c78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-27f647997621b679fa1b99cbf345bdbe.yaml @@ -0,0 +1,58 @@ +id: miniorange-saml-20-single-sign-on-27f647997621b679fa1b99cbf345bdbe + +info: + name: > + SAML Single Sign On – SAML SSO Login < 4.8.73 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/174c4050-8eed-4641-85d2-4b66702e03a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-saml-20-single-sign-on/" + google-query: inurl:"/wp-content/plugins/miniorange-saml-20-single-sign-on/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-saml-20-single-sign-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-saml-20-single-sign-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.8.73') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-6125bda092f086c6d166ad135d42c4ef.yaml b/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-6125bda092f086c6d166ad135d42c4ef.yaml new file mode 100644 index 0000000000..97be4010e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-6125bda092f086c6d166ad135d42c4ef.yaml @@ -0,0 +1,58 @@ +id: miniorange-saml-20-single-sign-on-6125bda092f086c6d166ad135d42c4ef + +info: + name: > + SAML Single Sign On – SAML SSO Login <= 4.8.83 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1032f7b0-db98-4b25-bdff-dcaf2758f266?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-saml-20-single-sign-on/" + google-query: inurl:"/wp-content/plugins/miniorange-saml-20-single-sign-on/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-saml-20-single-sign-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-saml-20-single-sign-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.83') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-cef3df52a6e193270f584096ae2ab14a.yaml b/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-cef3df52a6e193270f584096ae2ab14a.yaml new file mode 100644 index 0000000000..36ab672c67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-saml-20-single-sign-on-cef3df52a6e193270f584096ae2ab14a.yaml @@ -0,0 +1,58 @@ +id: miniorange-saml-20-single-sign-on-cef3df52a6e193270f584096ae2ab14a + +info: + name: > + SAML SP Single Sign On <= 5.0.4 - Missing Authorization to notice dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3114906-fac1-42b9-9ba1-0a5d44c2fb3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-saml-20-single-sign-on/" + google-query: inurl:"/wp-content/plugins/miniorange-saml-20-single-sign-on/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-saml-20-single-sign-on,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-saml-20-single-sign-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-saml-20-single-sign-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/miniorange-wp-as-saml-idp-73c8c687b5d5c2441c948ce0feefccb9.yaml b/nuclei-templates/cve-less/plugins/miniorange-wp-as-saml-idp-73c8c687b5d5c2441c948ce0feefccb9.yaml new file mode 100644 index 0000000000..e04dd270eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/miniorange-wp-as-saml-idp-73c8c687b5d5c2441c948ce0feefccb9.yaml @@ -0,0 +1,58 @@ +id: miniorange-wp-as-saml-idp-73c8c687b5d5c2441c948ce0feefccb9 + +info: + name: > + Login using WordPress Users (WP as SAML IDP) <= 1.13.2 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4939b053-2d62-428e-84ff-0de3416466ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/miniorange-wp-as-saml-idp/" + google-query: inurl:"/wp-content/plugins/miniorange-wp-as-saml-idp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,miniorange-wp-as-saml-idp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/miniorange-wp-as-saml-idp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "miniorange-wp-as-saml-idp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/minmax-quantity-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/minmax-quantity-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..3da885b877 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/minmax-quantity-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: minmax-quantity-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/minmax-quantity-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/minmax-quantity-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,minmax-quantity-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/minmax-quantity-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "minmax-quantity-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mj-update-history-d6ad3a8698b0ea599d014ed39ac8e503.yaml b/nuclei-templates/cve-less/plugins/mj-update-history-d6ad3a8698b0ea599d014ed39ac8e503.yaml new file mode 100644 index 0000000000..77902b9223 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mj-update-history-d6ad3a8698b0ea599d014ed39ac8e503.yaml @@ -0,0 +1,58 @@ +id: mj-update-history-d6ad3a8698b0ea599d014ed39ac8e503 + +info: + name: > + MJ Update History <= 1.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0976e3c-dcc2-41aa-a734-84afa50310ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mj-update-history/" + google-query: inurl:"/wp-content/plugins/mj-update-history/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mj-update-history,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mj-update-history/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mj-update-history" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mjm-clinic-9d05bf270be054dfc1695e62a3911511.yaml b/nuclei-templates/cve-less/plugins/mjm-clinic-9d05bf270be054dfc1695e62a3911511.yaml new file mode 100644 index 0000000000..5417ee72a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mjm-clinic-9d05bf270be054dfc1695e62a3911511.yaml @@ -0,0 +1,58 @@ +id: mjm-clinic-9d05bf270be054dfc1695e62a3911511 + +info: + name: > + MJM Clinic <= 1.1.22 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b39c360-f267-4f9a-8d9d-fa0d7e300129?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mjm-clinic/" + google-query: inurl:"/wp-content/plugins/mjm-clinic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mjm-clinic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mjm-clinic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mjm-clinic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mjm-clinic-df39b25c059b85a56edd3d99d606296d.yaml b/nuclei-templates/cve-less/plugins/mjm-clinic-df39b25c059b85a56edd3d99d606296d.yaml new file mode 100644 index 0000000000..5a955c1010 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mjm-clinic-df39b25c059b85a56edd3d99d606296d.yaml @@ -0,0 +1,58 @@ +id: mjm-clinic-df39b25c059b85a56edd3d99d606296d + +info: + name: > + MJM Clinic <= 1.1.22 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f6fd068-3f72-4015-b2d8-a47cd86df073?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mjm-clinic/" + google-query: inurl:"/wp-content/plugins/mjm-clinic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mjm-clinic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mjm-clinic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mjm-clinic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mklasens-photobox-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/mklasens-photobox-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..e7a7d5f8d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mklasens-photobox-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: mklasens-photobox-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mklasens-photobox/" + google-query: inurl:"/wp-content/plugins/mklasens-photobox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mklasens-photobox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mklasens-photobox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mklasens-photobox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ml-slider-2c78a721f8f6bce6bce705e149277edc.yaml b/nuclei-templates/cve-less/plugins/ml-slider-2c78a721f8f6bce6bce705e149277edc.yaml new file mode 100644 index 0000000000..51dfd94eb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ml-slider-2c78a721f8f6bce6bce705e149277edc.yaml @@ -0,0 +1,58 @@ +id: ml-slider-2c78a721f8f6bce6bce705e149277edc + +info: + name: > + Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0922d221-70c6-41d3-9da2-aa16d67e7c14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ml-slider/" + google-query: inurl:"/wp-content/plugins/ml-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ml-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ml-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ml-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ml-slider-511ef268c5ca19fe7d62dddd9e13f37e.yaml b/nuclei-templates/cve-less/plugins/ml-slider-511ef268c5ca19fe7d62dddd9e13f37e.yaml new file mode 100644 index 0000000000..74a9e24ed1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ml-slider-511ef268c5ca19fe7d62dddd9e13f37e.yaml @@ -0,0 +1,58 @@ +id: ml-slider-511ef268c5ca19fe7d62dddd9e13f37e + +info: + name: > + Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows <= 3.70.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cbd95bb-6f13-48c9-a51e-5f7bf7a296df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ml-slider/" + google-query: inurl:"/wp-content/plugins/ml-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ml-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ml-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ml-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.70.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ml-slider-8f6a16f6b7fab2bb0e2d710564ba823c.yaml b/nuclei-templates/cve-less/plugins/ml-slider-8f6a16f6b7fab2bb0e2d710564ba823c.yaml new file mode 100644 index 0000000000..864b067090 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ml-slider-8f6a16f6b7fab2bb0e2d710564ba823c.yaml @@ -0,0 +1,58 @@ +id: ml-slider-8f6a16f6b7fab2bb0e2d710564ba823c + +info: + name: > + Slider, Gallery, and Carousel by MetaSlider <= 3.29.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/290233f0-a5dd-4c69-8039-7392268daf40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ml-slider/" + google-query: inurl:"/wp-content/plugins/ml-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ml-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ml-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ml-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.29.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ml-slider-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/ml-slider-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..52b4a3d968 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ml-slider-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: ml-slider-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ml-slider/" + google-query: inurl:"/wp-content/plugins/ml-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ml-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ml-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ml-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.28.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ml-slider-ed137f483ea3e94091bee5b4d772d058.yaml b/nuclei-templates/cve-less/plugins/ml-slider-ed137f483ea3e94091bee5b4d772d058.yaml new file mode 100644 index 0000000000..e127778eb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ml-slider-ed137f483ea3e94091bee5b4d772d058.yaml @@ -0,0 +1,58 @@ +id: ml-slider-ed137f483ea3e94091bee5b4d772d058 + +info: + name: > + Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 3.27.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a7f738e-21f3-42f3-bf33-1d93ff0d1364?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ml-slider/" + google-query: inurl:"/wp-content/plugins/ml-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ml-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ml-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ml-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.27.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mm-email2image-0f3e86b7ffafefc40e02ec0059e76f0a.yaml b/nuclei-templates/cve-less/plugins/mm-email2image-0f3e86b7ffafefc40e02ec0059e76f0a.yaml new file mode 100644 index 0000000000..20454f909c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mm-email2image-0f3e86b7ffafefc40e02ec0059e76f0a.yaml @@ -0,0 +1,58 @@ +id: mm-email2image-0f3e86b7ffafefc40e02ec0059e76f0a + +info: + name: > + MM-email2image <= 0.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f0ee03c-8cf6-4372-b740-722fc1283ee3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mm-email2image/" + google-query: inurl:"/wp-content/plugins/mm-email2image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mm-email2image,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mm-email2image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mm-email2image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mm-email2image-bbfbe8576da0ded63051e9606f0a7198.yaml b/nuclei-templates/cve-less/plugins/mm-email2image-bbfbe8576da0ded63051e9606f0a7198.yaml new file mode 100644 index 0000000000..6dab9ff2c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mm-email2image-bbfbe8576da0ded63051e9606f0a7198.yaml @@ -0,0 +1,58 @@ +id: mm-email2image-bbfbe8576da0ded63051e9606f0a7198 + +info: + name: > + MM-email2image <= 0.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7147cb69-294e-4270-bf8b-3a32a5552d1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mm-email2image/" + google-query: inurl:"/wp-content/plugins/mm-email2image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mm-email2image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mm-email2image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mm-email2image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mm-forms-community-f0d4af3ac8d411e11b76b00eb4b51ce2.yaml b/nuclei-templates/cve-less/plugins/mm-forms-community-f0d4af3ac8d411e11b76b00eb4b51ce2.yaml new file mode 100644 index 0000000000..792ad4b207 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mm-forms-community-f0d4af3ac8d411e11b76b00eb4b51ce2.yaml @@ -0,0 +1,58 @@ +id: mm-forms-community-f0d4af3ac8d411e11b76b00eb4b51ce2 + +info: + name: > + MM Forms Community <= 2.2.6 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70ede219-e59d-40dd-9e5e-4f44089d7524?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mm-forms-community/" + google-query: inurl:"/wp-content/plugins/mm-forms-community/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mm-forms-community,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mm-forms-community/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mm-forms-community" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mmm-file-list-0ce6b6a0e9e78d060d6ca04414281584.yaml b/nuclei-templates/cve-less/plugins/mmm-file-list-0ce6b6a0e9e78d060d6ca04414281584.yaml new file mode 100644 index 0000000000..4b5c235720 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mmm-file-list-0ce6b6a0e9e78d060d6ca04414281584.yaml @@ -0,0 +1,58 @@ +id: mmm-file-list-0ce6b6a0e9e78d060d6ca04414281584 + +info: + name: > + Mmm Simple File List <= 2.3 - Authenticated (Subscriber+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f33a13dc-ebff-4033-9b8d-10076b1c2d0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mmm-file-list/" + google-query: inurl:"/wp-content/plugins/mmm-file-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mmm-file-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mmm-file-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mmm-file-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mmm-file-list-d3e919ff7a9e64072ba58c94844a6e21.yaml b/nuclei-templates/cve-less/plugins/mmm-file-list-d3e919ff7a9e64072ba58c94844a6e21.yaml new file mode 100644 index 0000000000..61f44f5eed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mmm-file-list-d3e919ff7a9e64072ba58c94844a6e21.yaml @@ -0,0 +1,58 @@ +id: mmm-file-list-d3e919ff7a9e64072ba58c94844a6e21 + +info: + name: > + Mmm Simple File List <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c064227f-6332-40c8-9e96-337c608da832?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mmm-file-list/" + google-query: inurl:"/wp-content/plugins/mmm-file-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mmm-file-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mmm-file-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mmm-file-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobile-address-bar-changer-2b956076e06d8a99488143a30a260c6a.yaml b/nuclei-templates/cve-less/plugins/mobile-address-bar-changer-2b956076e06d8a99488143a30a260c6a.yaml new file mode 100644 index 0000000000..e6f3f0146f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobile-address-bar-changer-2b956076e06d8a99488143a30a260c6a.yaml @@ -0,0 +1,58 @@ +id: mobile-address-bar-changer-2b956076e06d8a99488143a30a260c6a + +info: + name: > + Mobile Address Bar Changer <= 3.0 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f1b0b50-663f-40ff-803e-a20d7c7ea980?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobile-address-bar-changer/" + google-query: inurl:"/wp-content/plugins/mobile-address-bar-changer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobile-address-bar-changer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-address-bar-changer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-address-bar-changer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobile-app-builder-by-wappress-15489796bd09e80a5df20c3ad36d5a32.yaml b/nuclei-templates/cve-less/plugins/mobile-app-builder-by-wappress-15489796bd09e80a5df20c3ad36d5a32.yaml new file mode 100644 index 0000000000..9a06f83029 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobile-app-builder-by-wappress-15489796bd09e80a5df20c3ad36d5a32.yaml @@ -0,0 +1,58 @@ +id: mobile-app-builder-by-wappress-15489796bd09e80a5df20c3ad36d5a32 + +info: + name: > + Mobile App Builder by WapPress <= 1.05 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31d7c673-b625-4862-bc03-378ad663467c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobile-app-builder-by-wappress/" + google-query: inurl:"/wp-content/plugins/mobile-app-builder-by-wappress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobile-app-builder-by-wappress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-app-builder-by-wappress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-app-builder-by-wappress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobile-banner-836d373165d51be73f6a63a08a49cd34.yaml b/nuclei-templates/cve-less/plugins/mobile-banner-836d373165d51be73f6a63a08a49cd34.yaml new file mode 100644 index 0000000000..88d735fe9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobile-banner-836d373165d51be73f6a63a08a49cd34.yaml @@ -0,0 +1,58 @@ +id: mobile-banner-836d373165d51be73f6a63a08a49cd34 + +info: + name: > + Mobile Banner <= 1.5 - Cross-Site Request Forgery leading to Plugin Settings Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e98aa389-9113-4997-8b96-1ca03cdfc235?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobile-banner/" + google-query: inurl:"/wp-content/plugins/mobile-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobile-banner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobile-browser-color-select-1fd788f4344858c60db9f8c8da73d2ed.yaml b/nuclei-templates/cve-less/plugins/mobile-browser-color-select-1fd788f4344858c60db9f8c8da73d2ed.yaml new file mode 100644 index 0000000000..768ece65a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobile-browser-color-select-1fd788f4344858c60db9f8c8da73d2ed.yaml @@ -0,0 +1,58 @@ +id: mobile-browser-color-select-1fd788f4344858c60db9f8c8da73d2ed + +info: + name: > + Mobile browser color select <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/687cd0ac-5f78-4429-b6b5-dd1113143a4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobile-browser-color-select/" + google-query: inurl:"/wp-content/plugins/mobile-browser-color-select/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobile-browser-color-select,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-browser-color-select/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-browser-color-select" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobile-call-now-map-buttons-f7f88d86922c2be2737227c4eb89350c.yaml b/nuclei-templates/cve-less/plugins/mobile-call-now-map-buttons-f7f88d86922c2be2737227c4eb89350c.yaml new file mode 100644 index 0000000000..a3fa327d23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobile-call-now-map-buttons-f7f88d86922c2be2737227c4eb89350c.yaml @@ -0,0 +1,58 @@ +id: mobile-call-now-map-buttons-f7f88d86922c2be2737227c4eb89350c + +info: + name: > + Mobile Call Now & Map Buttons <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a10ee756-1b71-4232-817c-1ba6ead7f0f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobile-call-now-map-buttons/" + google-query: inurl:"/wp-content/plugins/mobile-call-now-map-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobile-call-now-map-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-call-now-map-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-call-now-map-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobile-domain-fe35f0738e4eed8ba11e27597e2d27c7.yaml b/nuclei-templates/cve-less/plugins/mobile-domain-fe35f0738e4eed8ba11e27597e2d27c7.yaml new file mode 100644 index 0000000000..c642b40cef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobile-domain-fe35f0738e4eed8ba11e27597e2d27c7.yaml @@ -0,0 +1,58 @@ +id: mobile-domain-fe35f0738e4eed8ba11e27597e2d27c7 + +info: + name: > + Mobile Domain <= 1.5.2 - Cross-Site Request Forgery and Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f97bad7-6044-4727-a229-2890e02e36b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobile-domain/" + google-query: inurl:"/wp-content/plugins/mobile-domain/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobile-domain,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-domain/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-domain" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobile-events-manager-32e884b82485fb448af167a249e58037.yaml b/nuclei-templates/cve-less/plugins/mobile-events-manager-32e884b82485fb448af167a249e58037.yaml new file mode 100644 index 0000000000..471a568642 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobile-events-manager-32e884b82485fb448af167a249e58037.yaml @@ -0,0 +1,58 @@ +id: mobile-events-manager-32e884b82485fb448af167a249e58037 + +info: + name: > + Mobile Events Manager < 1.4.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60ea00e2-e33d-452d-969b-4022d6a00417?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobile-events-manager/" + google-query: inurl:"/wp-content/plugins/mobile-events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobile-events-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobile-events-manager-d85e4c485a8dd6af61949c32b1b03d7f.yaml b/nuclei-templates/cve-less/plugins/mobile-events-manager-d85e4c485a8dd6af61949c32b1b03d7f.yaml new file mode 100644 index 0000000000..9c1d1b7a96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobile-events-manager-d85e4c485a8dd6af61949c32b1b03d7f.yaml @@ -0,0 +1,58 @@ +id: mobile-events-manager-d85e4c485a8dd6af61949c32b1b03d7f + +info: + name: > + Mobile Events Manager <= 1.4.7 - Authenticated (Administrator+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84683caa-8bc7-4adf-ad64-249f988047bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobile-events-manager/" + google-query: inurl:"/wp-content/plugins/mobile-events-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobile-events-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-events-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-events-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobile-friendly-app-builder-by-easytouch-719ff6e603e56a8355496bcf6077970d.yaml b/nuclei-templates/cve-less/plugins/mobile-friendly-app-builder-by-easytouch-719ff6e603e56a8355496bcf6077970d.yaml new file mode 100644 index 0000000000..1fc66bb848 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobile-friendly-app-builder-by-easytouch-719ff6e603e56a8355496bcf6077970d.yaml @@ -0,0 +1,58 @@ +id: mobile-friendly-app-builder-by-easytouch-719ff6e603e56a8355496bcf6077970d + +info: + name: > + How to Create an App for Android iPhone Easytouch <= 3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4e9eabe-21da-4a1a-8896-74020ecb0369?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobile-friendly-app-builder-by-easytouch/" + google-query: inurl:"/wp-content/plugins/mobile-friendly-app-builder-by-easytouch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobile-friendly-app-builder-by-easytouch,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-friendly-app-builder-by-easytouch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-friendly-app-builder-by-easytouch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobile-login-woocommerce-cc96636e9196394b50c931f7bad41740.yaml b/nuclei-templates/cve-less/plugins/mobile-login-woocommerce-cc96636e9196394b50c931f7bad41740.yaml new file mode 100644 index 0000000000..232df5584c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobile-login-woocommerce-cc96636e9196394b50c931f7bad41740.yaml @@ -0,0 +1,58 @@ +id: mobile-login-woocommerce-cc96636e9196394b50c931f7bad41740 + +info: + name: > + OTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege Escalation + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1b7b653-496f-467a-9513-4be1891f38ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobile-login-woocommerce/" + google-query: inurl:"/wp-content/plugins/mobile-login-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobile-login-woocommerce,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-login-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-login-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobile-menu-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/mobile-menu-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..3edb1a9af0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobile-menu-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: mobile-menu-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobile-menu/" + google-query: inurl:"/wp-content/plugins/mobile-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobile-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobile-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobile-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mobiloud-mobile-app-plugin-0c3f9f93e6c155cbea9171c4ea6c8a72.yaml b/nuclei-templates/cve-less/plugins/mobiloud-mobile-app-plugin-0c3f9f93e6c155cbea9171c4ea6c8a72.yaml new file mode 100644 index 0000000000..e45a99d5dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mobiloud-mobile-app-plugin-0c3f9f93e6c155cbea9171c4ea6c8a72.yaml @@ -0,0 +1,58 @@ +id: mobiloud-mobile-app-plugin-0c3f9f93e6c155cbea9171c4ea6c8a72 + +info: + name: > + MobiLoud – WordPress Mobile Apps – Convert your WordPress Website to Native Mobile Apps < 2.3.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a8edf0c-1e40-4aab-b704-b67e41214ce0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mobiloud-mobile-app-plugin/" + google-query: inurl:"/wp-content/plugins/mobiloud-mobile-app-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mobiloud-mobile-app-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mobiloud-mobile-app-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mobiloud-mobile-app-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modal-dialog-1520c53880fff07e37200c6f21a3681b.yaml b/nuclei-templates/cve-less/plugins/modal-dialog-1520c53880fff07e37200c6f21a3681b.yaml new file mode 100644 index 0000000000..f9d3974b62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modal-dialog-1520c53880fff07e37200c6f21a3681b.yaml @@ -0,0 +1,58 @@ +id: modal-dialog-1520c53880fff07e37200c6f21a3681b + +info: + name: > + Modal Dialog <= 3.5.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5f82abe-64bb-4539-8fe7-261fad60cfa9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modal-dialog/" + google-query: inurl:"/wp-content/plugins/modal-dialog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modal-dialog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modal-dialog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modal-dialog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modal-dialog-d9262c55837abd68af90e0f35bcac926.yaml b/nuclei-templates/cve-less/plugins/modal-dialog-d9262c55837abd68af90e0f35bcac926.yaml new file mode 100644 index 0000000000..f5c5d9900b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modal-dialog-d9262c55837abd68af90e0f35bcac926.yaml @@ -0,0 +1,58 @@ +id: modal-dialog-d9262c55837abd68af90e0f35bcac926 + +info: + name: > + Modal Dialog <= 3.5.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99140d47-88bb-48a1-863a-93a558541800?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modal-dialog/" + google-query: inurl:"/wp-content/plugins/modal-dialog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modal-dialog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modal-dialog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modal-dialog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modal-popup-box-033ec25d9b806257f1f1c6f477525749.yaml b/nuclei-templates/cve-less/plugins/modal-popup-box-033ec25d9b806257f1f1c6f477525749.yaml new file mode 100644 index 0000000000..b8990f4072 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modal-popup-box-033ec25d9b806257f1f1c6f477525749.yaml @@ -0,0 +1,58 @@ +id: modal-popup-box-033ec25d9b806257f1f1c6f477525749 + +info: + name: > + Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fca3d106-49df-49fc-a90d-e0cb26bd34b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modal-popup-box/" + google-query: inurl:"/wp-content/plugins/modal-popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modal-popup-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modal-popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modal-popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modal-window-51118229a20281c018b629d79b26bfc7.yaml b/nuclei-templates/cve-less/plugins/modal-window-51118229a20281c018b629d79b26bfc7.yaml new file mode 100644 index 0000000000..9f44499462 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modal-window-51118229a20281c018b629d79b26bfc7.yaml @@ -0,0 +1,58 @@ +id: modal-window-51118229a20281c018b629d79b26bfc7 + +info: + name: > + Modal Window – create popup modal window <= 5.3.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/908ef8e1-d4dc-4348-90b8-d8f38666d9ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modal-window/" + google-query: inurl:"/wp-content/plugins/modal-window/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modal-window,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modal-window/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modal-window" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modal-window-53ff289b27bc5f383393c1a07c0f7797.yaml b/nuclei-templates/cve-less/plugins/modal-window-53ff289b27bc5f383393c1a07c0f7797.yaml new file mode 100644 index 0000000000..cadf5bd9db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modal-window-53ff289b27bc5f383393c1a07c0f7797.yaml @@ -0,0 +1,58 @@ +id: modal-window-53ff289b27bc5f383393c1a07c0f7797 + +info: + name: > + Modal Window – create popup modal window <= 5.2.1 - Cross-Site Request Forgery to Remote Code Execution + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a928247a-3eb5-4889-bd42-b0263f4cd140?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modal-window/" + google-query: inurl:"/wp-content/plugins/modal-window/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modal-window,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modal-window/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modal-window" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modal-window-b0b1da93e1bc1134b2188925015af3dc.yaml b/nuclei-templates/cve-less/plugins/modal-window-b0b1da93e1bc1134b2188925015af3dc.yaml new file mode 100644 index 0000000000..4667f50b43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modal-window-b0b1da93e1bc1134b2188925015af3dc.yaml @@ -0,0 +1,58 @@ +id: modal-window-b0b1da93e1bc1134b2188925015af3dc + +info: + name: > + Modal Window – create popup modal window <= 5.3.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/745709f4-bb9c-41c4-ab60-d9fc18e406a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modal-window/" + google-query: inurl:"/wp-content/plugins/modal-window/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modal-window,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modal-window/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modal-window" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modal-window-cc4b9c34f1deaedc9df4457eb9089929.yaml b/nuclei-templates/cve-less/plugins/modal-window-cc4b9c34f1deaedc9df4457eb9089929.yaml new file mode 100644 index 0000000000..29fd8a6244 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modal-window-cc4b9c34f1deaedc9df4457eb9089929.yaml @@ -0,0 +1,58 @@ +id: modal-window-cc4b9c34f1deaedc9df4457eb9089929 + +info: + name: > + Modal Window <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48e2129f-6a2c-45e4-a0cf-7d8d5f563a7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modal-window/" + google-query: inurl:"/wp-content/plugins/modal-window/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modal-window,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modal-window/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modal-window" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-042678d5382067c26f9d9ead263e484c.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-042678d5382067c26f9d9ead263e484c.yaml new file mode 100644 index 0000000000..a65fb16f8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-042678d5382067c26f9d9ead263e484c.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-042678d5382067c26f9d9ead263e484c + +info: + name: > + Modern Events Calendar lite < 6.10.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7465ca4-21e8-4935-b294-e7378b2b01a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.10.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-075f9c166c068dd8df28c57bf8d8a51a.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-075f9c166c068dd8df28c57bf8d8a51a.yaml new file mode 100644 index 0000000000..e14a2f2976 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-075f9c166c068dd8df28c57bf8d8a51a.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-075f9c166c068dd8df28c57bf8d8a51a + +info: + name: > + Modern Events Calendar Lite < 5.22.1 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9ae88f8-88c1-4bb0-af9f-330f9760de1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.22.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-07fde43240c3cfe047c463512be535e6.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-07fde43240c3cfe047c463512be535e6.yaml new file mode 100644 index 0000000000..8bb0fb537b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-07fde43240c3cfe047c463512be535e6.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-07fde43240c3cfe047c463512be535e6 + +info: + name: > + Modern Events Calendar Lite <= 5.16.4 - Authenticated Arbitrary File Upload leading to Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9e67e3e-188c-4ca9-b846-d318859aeaf8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.16.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-17e0aa925f801ca2b1033cf696b44f43.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-17e0aa925f801ca2b1033cf696b44f43.yaml new file mode 100644 index 0000000000..317effbbe7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-17e0aa925f801ca2b1033cf696b44f43.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-17e0aa925f801ca2b1033cf696b44f43 + +info: + name: > + Modern Events Calendar Lite <= 5.16.4 - Unauthenticated Events Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e361473-8ed6-41d0-b409-2436189c1120?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.16.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-4092810de68e3fe8831c5002fea9ea96.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-4092810de68e3fe8831c5002fea9ea96.yaml new file mode 100644 index 0000000000..75bb65e2ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-4092810de68e3fe8831c5002fea9ea96.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-4092810de68e3fe8831c5002fea9ea96 + +info: + name: > + Modern Events Calendar lite < 7.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f213fb42-5bab-4017-80ea-ce6543031af2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-4bedd1090bb0c6292f056d8449ad5ac2.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-4bedd1090bb0c6292f056d8449ad5ac2.yaml new file mode 100644 index 0000000000..800268dab4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-4bedd1090bb0c6292f056d8449ad5ac2.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-4bedd1090bb0c6292f056d8449ad5ac2 + +info: + name: > + Modern Events Calendar Lite <= 6.1.0 - Reflected Cross-Site Scripting via current_month_divider parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4eab9a5e-ca51-4952-9fd4-3d0046402e29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-4dd145dc4bcaa7b143713cd5ced149a0.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-4dd145dc4bcaa7b143713cd5ced149a0.yaml new file mode 100644 index 0000000000..d314e8bbea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-4dd145dc4bcaa7b143713cd5ced149a0.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-4dd145dc4bcaa7b143713cd5ced149a0 + +info: + name: > + Modern Events Calendar Lite <= 5.16.5 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4ff715e-056e-48d8-bb82-d4f89047384f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.16.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-61e330316e7097e0d9e2b13495d29a1f.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-61e330316e7097e0d9e2b13495d29a1f.yaml new file mode 100644 index 0000000000..8463071516 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-61e330316e7097e0d9e2b13495d29a1f.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-61e330316e7097e0d9e2b13495d29a1f + +info: + name: > + Modern Events Calendar Lite <= 6.1.6 - Subscriber+ Category Add Leading to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32aa1fdc-2fca-4486-b704-eabe4668361e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-6a51878e913acce27812b845eba68b33.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-6a51878e913acce27812b845eba68b33.yaml new file mode 100644 index 0000000000..372ae265ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-6a51878e913acce27812b845eba68b33.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-6a51878e913acce27812b845eba68b33 + +info: + name: > + Modern Events Calendar Lite <= 6.2.9 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4701efb1-4208-4178-90c0-bfc006d1a72a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-7ec9f64a1c57f6403dfdbff51a32f9cb.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-7ec9f64a1c57f6403dfdbff51a32f9cb.yaml new file mode 100644 index 0000000000..5cfe2b3a50 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-7ec9f64a1c57f6403dfdbff51a32f9cb.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-7ec9f64a1c57f6403dfdbff51a32f9cb + +info: + name: > + Modern Events Calendar Lite <= 5.1.6 - Missing Authorization to Stored Cross-Site Scripting and Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86c04e9d-0bcd-4637-bd4a-aeb2e3f373ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-aa263c677cae425acabeef2fb6fe8722.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-aa263c677cae425acabeef2fb6fe8722.yaml new file mode 100644 index 0000000000..3aa7a5cddb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-aa263c677cae425acabeef2fb6fe8722.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-aa263c677cae425acabeef2fb6fe8722 + +info: + name: > + Modern Events Calendar Lite <= 6.1.4 - Unauthenticated Blind SQL Injection via time Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bfc18fa-905c-408f-bbb4-ce207c322298?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-afec02ed4fb861008e492afadabc92bd.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-afec02ed4fb861008e492afadabc92bd.yaml new file mode 100644 index 0000000000..adb3411958 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-afec02ed4fb861008e492afadabc92bd.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-afec02ed4fb861008e492afadabc92bd + +info: + name: > + Modern Events Calendar Lite <= 6.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2329a5d-0649-498e-a18c-a17de7b30df4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-b99ab0aa7e8eaa169d59d870ba15e44f.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-b99ab0aa7e8eaa169d59d870ba15e44f.yaml new file mode 100644 index 0000000000..e6ba667009 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-b99ab0aa7e8eaa169d59d870ba15e44f.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-b99ab0aa7e8eaa169d59d870ba15e44f + +info: + name: > + Modern Events Calendar Lite <= 5.22.2 - Authenticated Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e240f4b-dfdf-4954-af39-34e24a05a2ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.22.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-c1b0a376f2ef6bdd72b49e73751ed117.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-c1b0a376f2ef6bdd72b49e73751ed117.yaml new file mode 100644 index 0000000000..14a6d1450d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-c1b0a376f2ef6bdd72b49e73751ed117.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-c1b0a376f2ef6bdd72b49e73751ed117 + +info: + name: > + Modern Events Calendar Lite <= 5.16.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3aa7b27-a335-4f82-a50a-45becdd5ef4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.16.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-f91654e07624f568e772537007d8ac97.yaml b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-f91654e07624f568e772537007d8ac97.yaml new file mode 100644 index 0000000000..9be1bfd87b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-events-calendar-lite-f91654e07624f568e772537007d8ac97.yaml @@ -0,0 +1,58 @@ +id: modern-events-calendar-lite-f91654e07624f568e772537007d8ac97 + +info: + name: > + Modern Events Calendar Lite <= 6.3.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48bf9bf4-1b8a-41cc-adc9-a618d075c7f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-events-calendar-lite/" + google-query: inurl:"/wp-content/plugins/modern-events-calendar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-events-calendar-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-events-calendar-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-events-calendar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-footnotes-2885ef88741e4fead832f53749584e1b.yaml b/nuclei-templates/cve-less/plugins/modern-footnotes-2885ef88741e4fead832f53749584e1b.yaml new file mode 100644 index 0000000000..512d95f534 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-footnotes-2885ef88741e4fead832f53749584e1b.yaml @@ -0,0 +1,58 @@ +id: modern-footnotes-2885ef88741e4fead832f53749584e1b + +info: + name: > + Modern Footnotes <= 1.4.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c20c674f-54b5-470f-b470-07a63501eb4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-footnotes/" + google-query: inurl:"/wp-content/plugins/modern-footnotes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-footnotes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-footnotes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-footnotes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modern-footnotes-81c4580372e23b6ce41423bd5b13253e.yaml b/nuclei-templates/cve-less/plugins/modern-footnotes-81c4580372e23b6ce41423bd5b13253e.yaml new file mode 100644 index 0000000000..7382728b91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modern-footnotes-81c4580372e23b6ce41423bd5b13253e.yaml @@ -0,0 +1,58 @@ +id: modern-footnotes-81c4580372e23b6ce41423bd5b13253e + +info: + name: > + Modern Footnotes <= 1.4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94b98842-8c75-4623-8cc9-ad3dc0916a18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modern-footnotes/" + google-query: inurl:"/wp-content/plugins/modern-footnotes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modern-footnotes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modern-footnotes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern-footnotes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modula-best-grid-gallery-010a08c8c856a2f4fe4e778e18ce7576.yaml b/nuclei-templates/cve-less/plugins/modula-best-grid-gallery-010a08c8c856a2f4fe4e778e18ce7576.yaml new file mode 100644 index 0000000000..ef9cd1eccc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modula-best-grid-gallery-010a08c8c856a2f4fe4e778e18ce7576.yaml @@ -0,0 +1,58 @@ +id: modula-best-grid-gallery-010a08c8c856a2f4fe4e778e18ce7576 + +info: + name: > + Modula Image Gallery <= 2.2.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/691962c2-e67f-4f6e-9002-6f2a4ccbbdee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modula-best-grid-gallery/" + google-query: inurl:"/wp-content/plugins/modula-best-grid-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modula-best-grid-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modula-best-grid-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modula-best-grid-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/modula-best-grid-gallery-4d03edde0e9ae80bf33d37f9424bb420.yaml b/nuclei-templates/cve-less/plugins/modula-best-grid-gallery-4d03edde0e9ae80bf33d37f9424bb420.yaml new file mode 100644 index 0000000000..fa0aa23cec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/modula-best-grid-gallery-4d03edde0e9ae80bf33d37f9424bb420.yaml @@ -0,0 +1,58 @@ +id: modula-best-grid-gallery-4d03edde0e9ae80bf33d37f9424bb420 + +info: + name: > + Customizable WordPress Gallery Plugin – Modula Image Gallery <= 2.6.9 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/359b596e-1973-4bf6-a012-84b422c0f2c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/modula-best-grid-gallery/" + google-query: inurl:"/wp-content/plugins/modula-best-grid-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,modula-best-grid-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/modula-best-grid-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modula-best-grid-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mojoplug-slide-panel-2c9039886374ff786c4c2e679732fd8d.yaml b/nuclei-templates/cve-less/plugins/mojoplug-slide-panel-2c9039886374ff786c4c2e679732fd8d.yaml new file mode 100644 index 0000000000..0881212aa8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mojoplug-slide-panel-2c9039886374ff786c4c2e679732fd8d.yaml @@ -0,0 +1,58 @@ +id: mojoplug-slide-panel-2c9039886374ff786c4c2e679732fd8d + +info: + name: > + MojoPlug Slide Panel <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/639a46b3-d19f-4ab4-995e-fd3de556b76e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mojoplug-slide-panel/" + google-query: inurl:"/wp-content/plugins/mojoplug-slide-panel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mojoplug-slide-panel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mojoplug-slide-panel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mojoplug-slide-panel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/molie-instructure-canvas-linking-tool-5efd9ccd23023c6687750d4699e0bae0.yaml b/nuclei-templates/cve-less/plugins/molie-instructure-canvas-linking-tool-5efd9ccd23023c6687750d4699e0bae0.yaml new file mode 100644 index 0000000000..6a308905b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/molie-instructure-canvas-linking-tool-5efd9ccd23023c6687750d4699e0bae0.yaml @@ -0,0 +1,58 @@ +id: molie-instructure-canvas-linking-tool-5efd9ccd23023c6687750d4699e0bae0 + +info: + name: > + MOLIE <= 0.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00086b84-c1ec-447a-a536-1c73eac1cc85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/molie-instructure-canvas-linking-tool/" + google-query: inurl:"/wp-content/plugins/molie-instructure-canvas-linking-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,molie-instructure-canvas-linking-tool,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/molie-instructure-canvas-linking-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "molie-instructure-canvas-linking-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/molie-instructure-canvas-linking-tool-d9dca1ca98884ba1a76cc0dbb34099eb.yaml b/nuclei-templates/cve-less/plugins/molie-instructure-canvas-linking-tool-d9dca1ca98884ba1a76cc0dbb34099eb.yaml new file mode 100644 index 0000000000..99377edccc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/molie-instructure-canvas-linking-tool-d9dca1ca98884ba1a76cc0dbb34099eb.yaml @@ -0,0 +1,58 @@ +id: molie-instructure-canvas-linking-tool-d9dca1ca98884ba1a76cc0dbb34099eb + +info: + name: > + MOLIE – Instructure Canvas Linking tool <= 0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef14c7b4-8cad-4139-a170-42470202ec24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/molie-instructure-canvas-linking-tool/" + google-query: inurl:"/wp-content/plugins/molie-instructure-canvas-linking-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,molie-instructure-canvas-linking-tool,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/molie-instructure-canvas-linking-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "molie-instructure-canvas-linking-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mollie-forms-50358f3970bdc1205a29969915a6519c.yaml b/nuclei-templates/cve-less/plugins/mollie-forms-50358f3970bdc1205a29969915a6519c.yaml new file mode 100644 index 0000000000..e88a907d55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mollie-forms-50358f3970bdc1205a29969915a6519c.yaml @@ -0,0 +1,58 @@ +id: mollie-forms-50358f3970bdc1205a29969915a6519c + +info: + name: > + Mollie Forms <= 2.6.3 - Missing Authorization to Arbitrary Post Duplication + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43c4ca71-0bf0-4529-97d9-2349f96bbb9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mollie-forms/" + google-query: inurl:"/wp-content/plugins/mollie-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mollie-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mollie-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mollie-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mollie-forms-8b372eebc313c06900867e460f19a6e4.yaml b/nuclei-templates/cve-less/plugins/mollie-forms-8b372eebc313c06900867e460f19a6e4.yaml new file mode 100644 index 0000000000..a761b954f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mollie-forms-8b372eebc313c06900867e460f19a6e4.yaml @@ -0,0 +1,58 @@ +id: mollie-forms-8b372eebc313c06900867e460f19a6e4 + +info: + name: > + Mollie Forms <= 2.6.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/353c244f-6d5d-47d6-988e-33da722a02f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mollie-forms/" + google-query: inurl:"/wp-content/plugins/mollie-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mollie-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mollie-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mollie-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mollie-payments-for-woocommerce-27287fd1e5df71f58411b21feefa43bc.yaml b/nuclei-templates/cve-less/plugins/mollie-payments-for-woocommerce-27287fd1e5df71f58411b21feefa43bc.yaml new file mode 100644 index 0000000000..d2968faa7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mollie-payments-for-woocommerce-27287fd1e5df71f58411b21feefa43bc.yaml @@ -0,0 +1,58 @@ +id: mollie-payments-for-woocommerce-27287fd1e5df71f58411b21feefa43bc + +info: + name: > + Mollie Payments for WooCommerce <= 7.3.11 - Authenticated (Shop Manager+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d350095-125a-4445-89c1-bce437e4098c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mollie-payments-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/mollie-payments-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mollie-payments-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mollie-payments-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mollie-payments-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/molongui-authorship-10a5adb358d22a46b8999d9c2d8dbd41.yaml b/nuclei-templates/cve-less/plugins/molongui-authorship-10a5adb358d22a46b8999d9c2d8dbd41.yaml new file mode 100644 index 0000000000..93eb484e3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/molongui-authorship-10a5adb358d22a46b8999d9c2d8dbd41.yaml @@ -0,0 +1,58 @@ +id: molongui-authorship-10a5adb358d22a46b8999d9c2d8dbd41 + +info: + name: > + Author Box, Guest Author and Co-Authors for Your Posts – Molongui <= 4.7.4 - Information Exposure via ma_debug + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/538e9ce3-2d48-44ad-bd08-8eead3ef15c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/molongui-authorship/" + google-query: inurl:"/wp-content/plugins/molongui-authorship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,molongui-authorship,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/molongui-authorship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "molongui-authorship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/molongui-authorship-1a6bdad9f927d9cadf5b74b8297f6ad5.yaml b/nuclei-templates/cve-less/plugins/molongui-authorship-1a6bdad9f927d9cadf5b74b8297f6ad5.yaml new file mode 100644 index 0000000000..f23d7d534c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/molongui-authorship-1a6bdad9f927d9cadf5b74b8297f6ad5.yaml @@ -0,0 +1,58 @@ +id: molongui-authorship-1a6bdad9f927d9cadf5b74b8297f6ad5 + +info: + name: > + Molongui <= 4.6.19 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16130c5d-9865-4953-b078-0b448722e36d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/molongui-authorship/" + google-query: inurl:"/wp-content/plugins/molongui-authorship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,molongui-authorship,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/molongui-authorship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "molongui-authorship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/molongui-authorship-49b132283a9d5d5c8363ef530fb522a7.yaml b/nuclei-templates/cve-less/plugins/molongui-authorship-49b132283a9d5d5c8363ef530fb522a7.yaml new file mode 100644 index 0000000000..badb505340 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/molongui-authorship-49b132283a9d5d5c8363ef530fb522a7.yaml @@ -0,0 +1,58 @@ +id: molongui-authorship-49b132283a9d5d5c8363ef530fb522a7 + +info: + name: > + Molongui <= 4.7.7 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13f33422-13ba-4696-a473-cf8ca00d4b0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/molongui-authorship/" + google-query: inurl:"/wp-content/plugins/molongui-authorship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,molongui-authorship,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/molongui-authorship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "molongui-authorship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/molongui-authorship-8085a553b4ae6877292f03c349db3efa.yaml b/nuclei-templates/cve-less/plugins/molongui-authorship-8085a553b4ae6877292f03c349db3efa.yaml new file mode 100644 index 0000000000..9bf02d4b8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/molongui-authorship-8085a553b4ae6877292f03c349db3efa.yaml @@ -0,0 +1,58 @@ +id: molongui-authorship-8085a553b4ae6877292f03c349db3efa + +info: + name: > + Molongui <= 4.7.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f01ecab-2dfe-45d2-9d9a-ba1e30c7d75f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/molongui-authorship/" + google-query: inurl:"/wp-content/plugins/molongui-authorship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,molongui-authorship,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/molongui-authorship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "molongui-authorship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/molongui-authorship-bc5e92508a73c7bd5e881af5254740d1.yaml b/nuclei-templates/cve-less/plugins/molongui-authorship-bc5e92508a73c7bd5e881af5254740d1.yaml new file mode 100644 index 0000000000..b33ac68027 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/molongui-authorship-bc5e92508a73c7bd5e881af5254740d1.yaml @@ -0,0 +1,58 @@ +id: molongui-authorship-bc5e92508a73c7bd5e881af5254740d1 + +info: + name: > + Molongui <= 4.7.7 - Authenticated (Author+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62aa0cc4-ef8e-4727-ac07-3481c0464b05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/molongui-authorship/" + google-query: inurl:"/wp-content/plugins/molongui-authorship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,molongui-authorship,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/molongui-authorship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "molongui-authorship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/molongui-authorship-d652edcb171ca597cc73fc3fc8e858f4.yaml b/nuclei-templates/cve-less/plugins/molongui-authorship-d652edcb171ca597cc73fc3fc8e858f4.yaml new file mode 100644 index 0000000000..5f6e36ea0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/molongui-authorship-d652edcb171ca597cc73fc3fc8e858f4.yaml @@ -0,0 +1,58 @@ +id: molongui-authorship-d652edcb171ca597cc73fc3fc8e858f4 + +info: + name: > + Molongui <= 4.6.19 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cff04656-5930-4324-9ddf-43a2166cdf04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/molongui-authorship/" + google-query: inurl:"/wp-content/plugins/molongui-authorship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,molongui-authorship,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/molongui-authorship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "molongui-authorship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/momoyoga-integration-179886cc2bdc18bcdb57983a57be1a6f.yaml b/nuclei-templates/cve-less/plugins/momoyoga-integration-179886cc2bdc18bcdb57983a57be1a6f.yaml new file mode 100644 index 0000000000..686015ead9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/momoyoga-integration-179886cc2bdc18bcdb57983a57be1a6f.yaml @@ -0,0 +1,58 @@ +id: momoyoga-integration-179886cc2bdc18bcdb57983a57be1a6f + +info: + name: > + Yoga Schedule Momoyoga <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d0f1227-cb60-4973-95a6-6272f5173bf4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/momoyoga-integration/" + google-query: inurl:"/wp-content/plugins/momoyoga-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,momoyoga-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/momoyoga-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "momoyoga-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/monarch-a2b478ab05dc0dd0616e45e762ef893a.yaml b/nuclei-templates/cve-less/plugins/monarch-a2b478ab05dc0dd0616e45e762ef893a.yaml new file mode 100644 index 0000000000..443d8191e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/monarch-a2b478ab05dc0dd0616e45e762ef893a.yaml @@ -0,0 +1,58 @@ +id: monarch-a2b478ab05dc0dd0616e45e762ef893a + +info: + name: > + Elegant Themes Monarch < 1.2.7 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0195bddf-eafe-45f2-9424-ffa235d9b4dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/monarch/" + google-query: inurl:"/wp-content/plugins/monarch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,monarch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/monarch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "monarch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/monetize-4faeaa036aeca6705f522edda2ba7bc8.yaml b/nuclei-templates/cve-less/plugins/monetize-4faeaa036aeca6705f522edda2ba7bc8.yaml new file mode 100644 index 0000000000..28e6c88803 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/monetize-4faeaa036aeca6705f522edda2ba7bc8.yaml @@ -0,0 +1,58 @@ +id: monetize-4faeaa036aeca6705f522edda2ba7bc8 + +info: + name: > + Monetize <= 1.03 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f59d905-0b43-4a63-b5da-273b051f201b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/monetize/" + google-query: inurl:"/wp-content/plugins/monetize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,monetize,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/monetize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "monetize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.03') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mooberry-book-manager-142c8db8e90cbfc032437c60b440a7f4.yaml b/nuclei-templates/cve-less/plugins/mooberry-book-manager-142c8db8e90cbfc032437c60b440a7f4.yaml new file mode 100644 index 0000000000..965aba451d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mooberry-book-manager-142c8db8e90cbfc032437c60b440a7f4.yaml @@ -0,0 +1,58 @@ +id: mooberry-book-manager-142c8db8e90cbfc032437c60b440a7f4 + +info: + name: > + Mooberry Book Manager <= 4.15.12 - Unauthenticated Information Exposure via Export Files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c284ed3e-7f8e-4841-88f3-33e99f98aa83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mooberry-book-manager/" + google-query: inurl:"/wp-content/plugins/mooberry-book-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mooberry-book-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mooberry-book-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mooberry-book-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/moolamojo-0c582e7ad3f8369ffdb5a262e96fd69b.yaml b/nuclei-templates/cve-less/plugins/moolamojo-0c582e7ad3f8369ffdb5a262e96fd69b.yaml new file mode 100644 index 0000000000..38434e0b0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/moolamojo-0c582e7ad3f8369ffdb5a262e96fd69b.yaml @@ -0,0 +1,58 @@ +id: moolamojo-0c582e7ad3f8369ffdb5a262e96fd69b + +info: + name: > + MoolaMojo <= 0.7.4.1 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4b69cff-31ac-4abe-8f03-07ee3fb4c285?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/moolamojo/" + google-query: inurl:"/wp-content/plugins/moolamojo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,moolamojo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/moolamojo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "moolamojo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/moova-for-woocommerce-1e2c9d24715886d9ba11e810be7c57d2.yaml b/nuclei-templates/cve-less/plugins/moova-for-woocommerce-1e2c9d24715886d9ba11e810be7c57d2.yaml new file mode 100644 index 0000000000..bed2d5a06e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/moova-for-woocommerce-1e2c9d24715886d9ba11e810be7c57d2.yaml @@ -0,0 +1,58 @@ +id: moova-for-woocommerce-1e2c9d24715886d9ba11e810be7c57d2 + +info: + name: > + Moova for WooCommerce <= 3.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b0f85d5-6ef7-4e6d-a03b-75672fca654c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/moova-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/moova-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,moova-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/moova-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "moova-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/more-from-google-86350814cdd1486c9f09dfd7f4c47b39.yaml b/nuclei-templates/cve-less/plugins/more-from-google-86350814cdd1486c9f09dfd7f4c47b39.yaml new file mode 100644 index 0000000000..b12484789a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/more-from-google-86350814cdd1486c9f09dfd7f4c47b39.yaml @@ -0,0 +1,58 @@ +id: more-from-google-86350814cdd1486c9f09dfd7f4c47b39 + +info: + name: > + More From Google <= 0.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db2915ca-610a-42a9-a4f8-d15729091cd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/more-from-google/" + google-query: inurl:"/wp-content/plugins/more-from-google/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,more-from-google,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/more-from-google/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "more-from-google" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/moreads-se-61f56b8a3def3b7154a28f2e5a9ff0a6.yaml b/nuclei-templates/cve-less/plugins/moreads-se-61f56b8a3def3b7154a28f2e5a9ff0a6.yaml new file mode 100644 index 0000000000..e1541233b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/moreads-se-61f56b8a3def3b7154a28f2e5a9ff0a6.yaml @@ -0,0 +1,58 @@ +id: moreads-se-61f56b8a3def3b7154a28f2e5a9ff0a6 + +info: + name: > + moreAds SE <= 1.4.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc72e388-9ffc-4b99-8835-4b4b6ef46f95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/moreads-se/" + google-query: inurl:"/wp-content/plugins/moreads-se/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,moreads-se,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/moreads-se/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "moreads-se" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/morpheus-slider-6368f485fdfbfa4bcc6e9fc96c77a440.yaml b/nuclei-templates/cve-less/plugins/morpheus-slider-6368f485fdfbfa4bcc6e9fc96c77a440.yaml new file mode 100644 index 0000000000..8aa70779ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/morpheus-slider-6368f485fdfbfa4bcc6e9fc96c77a440.yaml @@ -0,0 +1,58 @@ +id: morpheus-slider-6368f485fdfbfa4bcc6e9fc96c77a440 + +info: + name: > + Responsive 3D Slider <= 1.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29fee127-73f5-4cd5-9bfb-799f1c0a9f83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/morpheus-slider/" + google-query: inurl:"/wp-content/plugins/morpheus-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,morpheus-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/morpheus-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "morpheus-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mortgage-calculators-wp-51d2a215a7382b06f6f66c19158d7560.yaml b/nuclei-templates/cve-less/plugins/mortgage-calculators-wp-51d2a215a7382b06f6f66c19158d7560.yaml new file mode 100644 index 0000000000..9e38615bba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mortgage-calculators-wp-51d2a215a7382b06f6f66c19158d7560.yaml @@ -0,0 +1,58 @@ +id: mortgage-calculators-wp-51d2a215a7382b06f6f66c19158d7560 + +info: + name: > + Mortgage Calculators WP < 1.53 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92c16bb5-b52c-4453-9121-0c9d056a0cdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mortgage-calculators-wp/" + google-query: inurl:"/wp-content/plugins/mortgage-calculators-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mortgage-calculators-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mortgage-calculators-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mortgage-calculators-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.53') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mortgage-calculators-wp-fa0a09e9f8b4c6d9a874ba45527ab6cd.yaml b/nuclei-templates/cve-less/plugins/mortgage-calculators-wp-fa0a09e9f8b4c6d9a874ba45527ab6cd.yaml new file mode 100644 index 0000000000..d5ee52554e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mortgage-calculators-wp-fa0a09e9f8b4c6d9a874ba45527ab6cd.yaml @@ -0,0 +1,58 @@ +id: mortgage-calculators-wp-fa0a09e9f8b4c6d9a874ba45527ab6cd + +info: + name: > + Mortgage Calculators WP <= 1.56 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5a37df3-001b-4acd-91b1-7961896fb71f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mortgage-calculators-wp/" + google-query: inurl:"/wp-content/plugins/mortgage-calculators-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mortgage-calculators-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mortgage-calculators-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mortgage-calculators-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.56') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mortgage-loan-calculator-f33817d1f67c73c0784fb9213086394b.yaml b/nuclei-templates/cve-less/plugins/mortgage-loan-calculator-f33817d1f67c73c0784fb9213086394b.yaml new file mode 100644 index 0000000000..e305be8a24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mortgage-loan-calculator-f33817d1f67c73c0784fb9213086394b.yaml @@ -0,0 +1,58 @@ +id: mortgage-loan-calculator-f33817d1f67c73c0784fb9213086394b + +info: + name: > + Mortgage Calculator / Loan Calculator < 1.5.17 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c115da4f-02f1-40b6-ba47-337b279de3e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mortgage-loan-calculator/" + google-query: inurl:"/wp-content/plugins/mortgage-loan-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mortgage-loan-calculator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mortgage-loan-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mortgage-loan-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/most-and-least-read-posts-widget-9cd32e924e90d865dad41a30260e1347.yaml b/nuclei-templates/cve-less/plugins/most-and-least-read-posts-widget-9cd32e924e90d865dad41a30260e1347.yaml new file mode 100644 index 0000000000..b76e0642bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/most-and-least-read-posts-widget-9cd32e924e90d865dad41a30260e1347.yaml @@ -0,0 +1,58 @@ +id: most-and-least-read-posts-widget-9cd32e924e90d865dad41a30260e1347 + +info: + name: > + Most And Least Read Posts Widget <=2.5.16 - Authenticated(Contributor+) SQL Injection via Widget settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9fa55cc-c686-43e4-a028-dd2721d2db85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/most-and-least-read-posts-widget/" + google-query: inurl:"/wp-content/plugins/most-and-least-read-posts-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,most-and-least-read-posts-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/most-and-least-read-posts-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "most-and-least-read-posts-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/most-popular-posts-widget-lite-53a42a688a74a64b49721153f05dafd3.yaml b/nuclei-templates/cve-less/plugins/most-popular-posts-widget-lite-53a42a688a74a64b49721153f05dafd3.yaml new file mode 100644 index 0000000000..cfc77763b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/most-popular-posts-widget-lite-53a42a688a74a64b49721153f05dafd3.yaml @@ -0,0 +1,58 @@ +id: most-popular-posts-widget-lite-53a42a688a74a64b49721153f05dafd3 + +info: + name: > + Most Popular Posts Widget <= 0.8 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/788bf199-bf09-4076-b5f1-129b6287096a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/most-popular-posts-widget-lite/" + google-query: inurl:"/wp-content/plugins/most-popular-posts-widget-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,most-popular-posts-widget-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/most-popular-posts-widget-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "most-popular-posts-widget-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/motopress-hotel-booking-lite-0c539e112e844dc3d098253d72219bba.yaml b/nuclei-templates/cve-less/plugins/motopress-hotel-booking-lite-0c539e112e844dc3d098253d72219bba.yaml new file mode 100644 index 0000000000..8fb5ef2fea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/motopress-hotel-booking-lite-0c539e112e844dc3d098253d72219bba.yaml @@ -0,0 +1,58 @@ +id: motopress-hotel-booking-lite-0c539e112e844dc3d098253d72219bba + +info: + name: > + Hotel Booking Lite <= 4.8.4 - Insufficient Path Validation to Unauthenticated Arbitrary File Deletion and Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8de25651-4119-4806-91e4-4ea213086bfb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/motopress-hotel-booking-lite/" + google-query: inurl:"/wp-content/plugins/motopress-hotel-booking-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,motopress-hotel-booking-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/motopress-hotel-booking-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motopress-hotel-booking-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/motopress-hotel-booking-lite-6df10c7399c7708f8d890fc41acb909e.yaml b/nuclei-templates/cve-less/plugins/motopress-hotel-booking-lite-6df10c7399c7708f8d890fc41acb909e.yaml new file mode 100644 index 0000000000..c03910bc6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/motopress-hotel-booking-lite-6df10c7399c7708f8d890fc41acb909e.yaml @@ -0,0 +1,58 @@ +id: motopress-hotel-booking-lite-6df10c7399c7708f8d890fc41acb909e + +info: + name: > + Hotel Booking Lite <= 4.11.1 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d7f1283-a274-49a2-8bec-da178771b13a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/motopress-hotel-booking-lite/" + google-query: inurl:"/wp-content/plugins/motopress-hotel-booking-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,motopress-hotel-booking-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/motopress-hotel-booking-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motopress-hotel-booking-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/motopress-hotel-booking-lite-a7db1d4f6120721a3e8e59e280eb640d.yaml b/nuclei-templates/cve-less/plugins/motopress-hotel-booking-lite-a7db1d4f6120721a3e8e59e280eb640d.yaml new file mode 100644 index 0000000000..261698d555 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/motopress-hotel-booking-lite-a7db1d4f6120721a3e8e59e280eb640d.yaml @@ -0,0 +1,58 @@ +id: motopress-hotel-booking-lite-a7db1d4f6120721a3e8e59e280eb640d + +info: + name: > + Hotel Booking Lite <= 4.6.0 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a874287-c648-4807-8387-b0b47187651e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/motopress-hotel-booking-lite/" + google-query: inurl:"/wp-content/plugins/motopress-hotel-booking-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,motopress-hotel-booking-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/motopress-hotel-booking-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motopress-hotel-booking-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/motopress-slider-lite-c70486d9239c270e7b09b18c9bd29bfc.yaml b/nuclei-templates/cve-less/plugins/motopress-slider-lite-c70486d9239c270e7b09b18c9bd29bfc.yaml new file mode 100644 index 0000000000..bdeb3ce3c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/motopress-slider-lite-c70486d9239c270e7b09b18c9bd29bfc.yaml @@ -0,0 +1,58 @@ +id: motopress-slider-lite-c70486d9239c270e7b09b18c9bd29bfc + +info: + name: > + Responsive WordPress Slider <= 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f314340c-23aa-479f-9a19-f21a14d6da49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/motopress-slider-lite/" + google-query: inurl:"/wp-content/plugins/motopress-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,motopress-slider-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/motopress-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motopress-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/motor-racing-league-20fefc27d9160f7f5b2c386f22a44380.yaml b/nuclei-templates/cve-less/plugins/motor-racing-league-20fefc27d9160f7f5b2c386f22a44380.yaml new file mode 100644 index 0000000000..1d7e001095 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/motor-racing-league-20fefc27d9160f7f5b2c386f22a44380.yaml @@ -0,0 +1,58 @@ +id: motor-racing-league-20fefc27d9160f7f5b2c386f22a44380 + +info: + name: > + Motor Racing League <= 1.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8876ecc4-1a50-43ac-9c8d-354f6de4abdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/motor-racing-league/" + google-query: inurl:"/wp-content/plugins/motor-racing-league/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,motor-racing-league,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/motor-racing-league/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motor-racing-league" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-2384bd3b0863727d54b70a40269280b6.yaml b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-2384bd3b0863727d54b70a40269280b6.yaml new file mode 100644 index 0000000000..6233062d59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-2384bd3b0863727d54b70a40269280b6.yaml @@ -0,0 +1,58 @@ +id: motors-car-dealership-classified-listings-2384bd3b0863727d54b70a40269280b6 + +info: + name: > + Motors – Car Dealer & Classified Ads <= 1.4.6 - Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/437423f0-978f-4c7c-9ec3-40668c630c93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/motors-car-dealership-classified-listings/" + google-query: inurl:"/wp-content/plugins/motors-car-dealership-classified-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,motors-car-dealership-classified-listings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/motors-car-dealership-classified-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motors-car-dealership-classified-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-5f4c06c81ffca615e40ab92efa300ef7.yaml b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-5f4c06c81ffca615e40ab92efa300ef7.yaml new file mode 100644 index 0000000000..87c850c791 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-5f4c06c81ffca615e40ab92efa300ef7.yaml @@ -0,0 +1,58 @@ +id: motors-car-dealership-classified-listings-5f4c06c81ffca615e40ab92efa300ef7 + +info: + name: > + Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated Settings Import/Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/570bca1e-78d0-49e8-8919-eba19f9457b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/motors-car-dealership-classified-listings/" + google-query: inurl:"/wp-content/plugins/motors-car-dealership-classified-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,motors-car-dealership-classified-listings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/motors-car-dealership-classified-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motors-car-dealership-classified-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-7af7bb77429bff8431b75ff2256568d2.yaml b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-7af7bb77429bff8431b75ff2256568d2.yaml new file mode 100644 index 0000000000..2133de4c83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-7af7bb77429bff8431b75ff2256568d2.yaml @@ -0,0 +1,58 @@ +id: motors-car-dealership-classified-listings-7af7bb77429bff8431b75ff2256568d2 + +info: + name: > + Motors – Car Dealer, Classifieds & Listing <= 1.4.3 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb334b74-5561-4ac7-b321-397600e26d06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/motors-car-dealership-classified-listings/" + google-query: inurl:"/wp-content/plugins/motors-car-dealership-classified-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,motors-car-dealership-classified-listings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/motors-car-dealership-classified-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motors-car-dealership-classified-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-7f71b4b272aa7eae4323778da0a9d0b5.yaml b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-7f71b4b272aa7eae4323778da0a9d0b5.yaml new file mode 100644 index 0000000000..d6f9be4b3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-7f71b4b272aa7eae4323778da0a9d0b5.yaml @@ -0,0 +1,58 @@ +id: motors-car-dealership-classified-listings-7f71b4b272aa7eae4323778da0a9d0b5 + +info: + name: > + Motors – Car Dealer & Classified Ads <= 1.4.5 - Cross-Site Request Forgery via Multiple Functions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ca9e920-3c7a-4991-8c24-2e55c4f4767c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/motors-car-dealership-classified-listings/" + google-query: inurl:"/wp-content/plugins/motors-car-dealership-classified-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,motors-car-dealership-classified-listings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/motors-car-dealership-classified-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motors-car-dealership-classified-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-8395989e9f463aede02be6293faac97f.yaml b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-8395989e9f463aede02be6293faac97f.yaml new file mode 100644 index 0000000000..fa53542f7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-8395989e9f463aede02be6293faac97f.yaml @@ -0,0 +1,58 @@ +id: motors-car-dealership-classified-listings-8395989e9f463aede02be6293faac97f + +info: + name: > + Motors – Car Dealer, Classifieds & Listing <= 1.4.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1638145c-2bc8-45d4-904e-b1aba124a0e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/motors-car-dealership-classified-listings/" + google-query: inurl:"/wp-content/plugins/motors-car-dealership-classified-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,motors-car-dealership-classified-listings,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/motors-car-dealership-classified-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motors-car-dealership-classified-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-8fa1d4a13962968fa7c19c372fdbe540.yaml b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-8fa1d4a13962968fa7c19c372fdbe540.yaml new file mode 100644 index 0000000000..6070823919 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/motors-car-dealership-classified-listings-8fa1d4a13962968fa7c19c372fdbe540.yaml @@ -0,0 +1,58 @@ +id: motors-car-dealership-classified-listings-8fa1d4a13962968fa7c19c372fdbe540 + +info: + name: > + Motors – Car Dealer & Classified Ads <= 1.4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f06b855-c1e1-4378-a340-9dda2919fb83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/motors-car-dealership-classified-listings/" + google-query: inurl:"/wp-content/plugins/motors-car-dealership-classified-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,motors-car-dealership-classified-listings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/motors-car-dealership-classified-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motors-car-dealership-classified-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mousewheel-smooth-scroll-8cdddca0d188c62cd387707bc2f1bf90.yaml b/nuclei-templates/cve-less/plugins/mousewheel-smooth-scroll-8cdddca0d188c62cd387707bc2f1bf90.yaml new file mode 100644 index 0000000000..243c2ff831 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mousewheel-smooth-scroll-8cdddca0d188c62cd387707bc2f1bf90.yaml @@ -0,0 +1,58 @@ +id: mousewheel-smooth-scroll-8cdddca0d188c62cd387707bc2f1bf90 + +info: + name: > + MouseWheel Smooth Scroll <= 5.6 - Plugin's Setting Update via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/487d94e8-e4f1-4da8-914c-96157f8ae14d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mousewheel-smooth-scroll/" + google-query: inurl:"/wp-content/plugins/mousewheel-smooth-scroll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mousewheel-smooth-scroll,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mousewheel-smooth-scroll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mousewheel-smooth-scroll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/move-addons-b4011099159d4b47f74f5b5034151fc1.yaml b/nuclei-templates/cve-less/plugins/move-addons-b4011099159d4b47f74f5b5034151fc1.yaml new file mode 100644 index 0000000000..7285212659 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/move-addons-b4011099159d4b47f74f5b5034151fc1.yaml @@ -0,0 +1,58 @@ +id: move-addons-b4011099159d4b47f74f5b5034151fc1 + +info: + name: > + Move Addons for Elementor <= 1.2.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14fede14-bdf1-41e1-8ea9-188acbb41aa1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/move-addons/" + google-query: inurl:"/wp-content/plugins/move-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,move-addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/move-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "move-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/move-addons-ca90bdb25f0c955406427bf755373f05.yaml b/nuclei-templates/cve-less/plugins/move-addons-ca90bdb25f0c955406427bf755373f05.yaml new file mode 100644 index 0000000000..ac6a393135 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/move-addons-ca90bdb25f0c955406427bf755373f05.yaml @@ -0,0 +1,58 @@ +id: move-addons-ca90bdb25f0c955406427bf755373f05 + +info: + name: > + Move Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b6af5a-ad44-4dd6-9ce1-6fcbd28f8ebe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/move-addons/" + google-query: inurl:"/wp-content/plugins/move-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,move-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/move-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "move-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/moveto-0dd7f3bef33b38dffd2e7e5e50a01f63.yaml b/nuclei-templates/cve-less/plugins/moveto-0dd7f3bef33b38dffd2e7e5e50a01f63.yaml new file mode 100644 index 0000000000..571a218292 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/moveto-0dd7f3bef33b38dffd2e7e5e50a01f63.yaml @@ -0,0 +1,58 @@ +id: moveto-0dd7f3bef33b38dffd2e7e5e50a01f63 + +info: + name: > + MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/541551d8-5510-43ff-b685-783d0d94c4bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/moveto/" + google-query: inurl:"/wp-content/plugins/moveto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,moveto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/moveto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "moveto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/moveto-6b0918bd33802de1773e3becb0772e50.yaml b/nuclei-templates/cve-less/plugins/moveto-6b0918bd33802de1773e3becb0772e50.yaml new file mode 100644 index 0000000000..034de0af33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/moveto-6b0918bd33802de1773e3becb0772e50.yaml @@ -0,0 +1,58 @@ +id: moveto-6b0918bd33802de1773e3becb0772e50 + +info: + name: > + MoveTo <= 6.2 - Unauthenticated Directory Traversal to Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec4c14ec-d085-42c8-9e98-4155f7fa8c10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/moveto/" + google-query: inurl:"/wp-content/plugins/moveto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,moveto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/moveto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "moveto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/moveto-aa8a8d1534c979b4a72d9c8bec09fbff.yaml b/nuclei-templates/cve-less/plugins/moveto-aa8a8d1534c979b4a72d9c8bec09fbff.yaml new file mode 100644 index 0000000000..9416f6884a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/moveto-aa8a8d1534c979b4a72d9c8bec09fbff.yaml @@ -0,0 +1,58 @@ +id: moveto-aa8a8d1534c979b4a72d9c8bec09fbff + +info: + name: > + MoveTo <= 6.2 - Missing Authorization to Unauthenticated Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/733ddf62-278b-4a2d-9dc5-28db3491cb29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/moveto/" + google-query: inurl:"/wp-content/plugins/moveto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,moveto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/moveto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "moveto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/moveto-f63e9747e46d5f44e7922b736df250ec.yaml b/nuclei-templates/cve-less/plugins/moveto-f63e9747e46d5f44e7922b736df250ec.yaml new file mode 100644 index 0000000000..6a1fd7834a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/moveto-f63e9747e46d5f44e7922b736df250ec.yaml @@ -0,0 +1,58 @@ +id: moveto-f63e9747e46d5f44e7922b736df250ec + +info: + name: > + MoveTo <= 6.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfe5d24a-a2ed-46c1-8d9b-9bd2c63cb8b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/moveto/" + google-query: inurl:"/wp-content/plugins/moveto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,moveto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/moveto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "moveto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/movies-ef405b3cbb9ac83187d4757d187f0977.yaml b/nuclei-templates/cve-less/plugins/movies-ef405b3cbb9ac83187d4757d187f0977.yaml new file mode 100644 index 0000000000..55818bbf9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/movies-ef405b3cbb9ac83187d4757d187f0977.yaml @@ -0,0 +1,58 @@ +id: movies-ef405b3cbb9ac83187d4757d187f0977 + +info: + name: > + Movies <= 0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/430c6f4b-277e-41bf-a638-fd3fea495a31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/movies/" + google-query: inurl:"/wp-content/plugins/movies/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,movies,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/movies/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "movies" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp-restaurant-menu-d9125d7ee55fa656fa01e772da7b6ddc.yaml b/nuclei-templates/cve-less/plugins/mp-restaurant-menu-d9125d7ee55fa656fa01e772da7b6ddc.yaml new file mode 100644 index 0000000000..bb3a6a7647 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp-restaurant-menu-d9125d7ee55fa656fa01e772da7b6ddc.yaml @@ -0,0 +1,58 @@ +id: mp-restaurant-menu-d9125d7ee55fa656fa01e772da7b6ddc + +info: + name: > + Restaurant Menu by MotoPress <= 2.4.1 - Admin+ Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cac4bde-8518-48ec-8cbd-4cdf6094b831?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp-restaurant-menu/" + google-query: inurl:"/wp-content/plugins/mp-restaurant-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp-restaurant-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp-restaurant-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp-restaurant-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp-timetable-416df9dc9f4f5af0da5661ba17f7f5c9.yaml b/nuclei-templates/cve-less/plugins/mp-timetable-416df9dc9f4f5af0da5661ba17f7f5c9.yaml new file mode 100644 index 0000000000..25585c63ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp-timetable-416df9dc9f4f5af0da5661ba17f7f5c9.yaml @@ -0,0 +1,58 @@ +id: mp-timetable-416df9dc9f4f5af0da5661ba17f7f5c9 + +info: + name: > + Timetable and Event Schedule by MotoPress <= 2.3.19 - Arbitrary User's Hashed Password/Email/Username Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b14af68e-960f-4817-bab4-881f2720cb82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp-timetable/" + google-query: inurl:"/wp-content/plugins/mp-timetable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp-timetable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp-timetable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp-timetable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp-timetable-953e4421c93547e97fe8ff565f4ade18.yaml b/nuclei-templates/cve-less/plugins/mp-timetable-953e4421c93547e97fe8ff565f4ade18.yaml new file mode 100644 index 0000000000..15792d06ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp-timetable-953e4421c93547e97fe8ff565f4ade18.yaml @@ -0,0 +1,58 @@ +id: mp-timetable-953e4421c93547e97fe8ff565f4ade18 + +info: + name: > + Timetable and Event Schedule by MotoPress <= 2.3.18 - Author+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad359327-9d53-4c8e-bd09-7a337711cfbd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp-timetable/" + google-query: inurl:"/wp-content/plugins/mp-timetable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp-timetable,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp-timetable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp-timetable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp-timetable-b16f008700574256ab90c1f92968c3fa.yaml b/nuclei-templates/cve-less/plugins/mp-timetable-b16f008700574256ab90c1f92968c3fa.yaml new file mode 100644 index 0000000000..885be89705 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp-timetable-b16f008700574256ab90c1f92968c3fa.yaml @@ -0,0 +1,58 @@ +id: mp-timetable-b16f008700574256ab90c1f92968c3fa + +info: + name: > + Timetable and Event Schedule by MotoPress <= 2.4.11 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9670bd32-34ce-48b1-82d9-62ab8869a89b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp-timetable/" + google-query: inurl:"/wp-content/plugins/mp-timetable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp-timetable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp-timetable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp-timetable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp-timetable-b786e0fb120de39094300b65ca31a23d.yaml b/nuclei-templates/cve-less/plugins/mp-timetable-b786e0fb120de39094300b65ca31a23d.yaml new file mode 100644 index 0000000000..fb9dc30cd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp-timetable-b786e0fb120de39094300b65ca31a23d.yaml @@ -0,0 +1,58 @@ +id: mp-timetable-b786e0fb120de39094300b65ca31a23d + +info: + name: > + Timetable and Event Schedule by MotoPress <= 2.4.1 - Unauthorised Event TimeSlot Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/744354bc-3663-40bd-b799-589cb0978b40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp-timetable/" + google-query: inurl:"/wp-content/plugins/mp-timetable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp-timetable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp-timetable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp-timetable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp-timetable-e1f321924caa4de1b547928bc7e2455b.yaml b/nuclei-templates/cve-less/plugins/mp-timetable-e1f321924caa4de1b547928bc7e2455b.yaml new file mode 100644 index 0000000000..e0aba3b796 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp-timetable-e1f321924caa4de1b547928bc7e2455b.yaml @@ -0,0 +1,58 @@ +id: mp-timetable-e1f321924caa4de1b547928bc7e2455b + +info: + name: > + Timetable and Event Schedule by MotoPress <= 2.4.1 - Unauthorised Event TimeSlot Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab8ce4cf-9085-49d2-a889-9d53272032c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp-timetable/" + google-query: inurl:"/wp-content/plugins/mp-timetable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp-timetable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp-timetable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp-timetable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp3-jplayer-498c92520d857cb30ad7df8aa299fc2f.yaml b/nuclei-templates/cve-less/plugins/mp3-jplayer-498c92520d857cb30ad7df8aa299fc2f.yaml new file mode 100644 index 0000000000..1dfe1f0ebe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp3-jplayer-498c92520d857cb30ad7df8aa299fc2f.yaml @@ -0,0 +1,58 @@ +id: mp3-jplayer-498c92520d857cb30ad7df8aa299fc2f + +info: + name: > + MP3 jPlayer <= 2.7.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/180711f3-1a3b-4b10-9046-e63c0e1b9ab5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp3-jplayer/" + google-query: inurl:"/wp-content/plugins/mp3-jplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp3-jplayer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp3-jplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp3-jplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp3-jplayer-69793a32c02cbaffdd1e5a5f626bea60.yaml b/nuclei-templates/cve-less/plugins/mp3-jplayer-69793a32c02cbaffdd1e5a5f626bea60.yaml new file mode 100644 index 0000000000..b4082c5edf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp3-jplayer-69793a32c02cbaffdd1e5a5f626bea60.yaml @@ -0,0 +1,58 @@ +id: mp3-jplayer-69793a32c02cbaffdd1e5a5f626bea60 + +info: + name: > + MP3-jPlayer <= 2.4.2 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20d5848e-7772-45dc-ad6f-edb9164c8d44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp3-jplayer/" + google-query: inurl:"/wp-content/plugins/mp3-jplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp3-jplayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp3-jplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp3-jplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-060bed5b5c04d1a43c1e948b34028358.yaml b/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-060bed5b5c04d1a43c1e948b34028358.yaml new file mode 100644 index 0000000000..17c667d454 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-060bed5b5c04d1a43c1e948b34028358.yaml @@ -0,0 +1,58 @@ +id: mp3-music-player-by-sonaar-060bed5b5c04d1a43c1e948b34028358 + +info: + name: > + MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 4.10.1 - Unauthenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9576408b-d048-4e36-bc1a-c01c9f586365?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp3-music-player-by-sonaar/" + google-query: inurl:"/wp-content/plugins/mp3-music-player-by-sonaar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp3-music-player-by-sonaar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp3-music-player-by-sonaar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp3-music-player-by-sonaar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-48b15a3295f54b70d085f78d5d278b00.yaml b/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-48b15a3295f54b70d085f78d5d278b00.yaml new file mode 100644 index 0000000000..776a23a4cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-48b15a3295f54b70d085f78d5d278b00.yaml @@ -0,0 +1,58 @@ +id: mp3-music-player-by-sonaar-48b15a3295f54b70d085f78d5d278b00 + +info: + name: > + MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e722b30-f136-4f57-a248-cf9cdd499552?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp3-music-player-by-sonaar/" + google-query: inurl:"/wp-content/plugins/mp3-music-player-by-sonaar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp3-music-player-by-sonaar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp3-music-player-by-sonaar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp3-music-player-by-sonaar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-50550f19ed80806cbfb18739f79665ee.yaml b/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-50550f19ed80806cbfb18739f79665ee.yaml new file mode 100644 index 0000000000..53899b2aa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-50550f19ed80806cbfb18739f79665ee.yaml @@ -0,0 +1,58 @@ +id: mp3-music-player-by-sonaar-50550f19ed80806cbfb18739f79665ee + +info: + name: > + MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 4.10 - Missing Authorization to Template Import + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bcb9d95-acb4-4405-b785-1e5eace10dc9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp3-music-player-by-sonaar/" + google-query: inurl:"/wp-content/plugins/mp3-music-player-by-sonaar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp3-music-player-by-sonaar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp3-music-player-by-sonaar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp3-music-player-by-sonaar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-8661844c33fd37e07467aee782d9dedc.yaml b/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-8661844c33fd37e07467aee782d9dedc.yaml new file mode 100644 index 0000000000..a25ccb3a38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-8661844c33fd37e07467aee782d9dedc.yaml @@ -0,0 +1,58 @@ +id: mp3-music-player-by-sonaar-8661844c33fd37e07467aee782d9dedc + +info: + name: > + MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcdbd108-5e17-4e67-a2a2-0f1464c1ba6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp3-music-player-by-sonaar/" + google-query: inurl:"/wp-content/plugins/mp3-music-player-by-sonaar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp3-music-player-by-sonaar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp3-music-player-by-sonaar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp3-music-player-by-sonaar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-d0ed004aea7762f7063b9f573c38b581.yaml b/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-d0ed004aea7762f7063b9f573c38b581.yaml new file mode 100644 index 0000000000..c1c48955b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mp3-music-player-by-sonaar-d0ed004aea7762f7063b9f573c38b581.yaml @@ -0,0 +1,58 @@ +id: mp3-music-player-by-sonaar-d0ed004aea7762f7063b9f573c38b581 + +info: + name: > + MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 2.4.1 - Multiple Admin+ Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e42841dc-157f-45eb-8959-249326d50650?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mp3-music-player-by-sonaar/" + google-query: inurl:"/wp-content/plugins/mp3-music-player-by-sonaar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mp3-music-player-by-sonaar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mp3-music-player-by-sonaar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mp3-music-player-by-sonaar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mpl-publisher-c8b3ba4607788e0f441ac762600baab2.yaml b/nuclei-templates/cve-less/plugins/mpl-publisher-c8b3ba4607788e0f441ac762600baab2.yaml new file mode 100644 index 0000000000..4cda510399 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mpl-publisher-c8b3ba4607788e0f441ac762600baab2.yaml @@ -0,0 +1,58 @@ +id: mpl-publisher-c8b3ba4607788e0f441ac762600baab2 + +info: + name: > + MPL-Publisher <= 1.30.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8d093ae-e0b1-49c2-a492-e01f2e954ddb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mpl-publisher/" + google-query: inurl:"/wp-content/plugins/mpl-publisher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mpl-publisher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mpl-publisher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mpl-publisher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.30.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mpoperationlogs-2c4dadbb79348c7faca155e820c1a261.yaml b/nuclei-templates/cve-less/plugins/mpoperationlogs-2c4dadbb79348c7faca155e820c1a261.yaml new file mode 100644 index 0000000000..280299f611 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mpoperationlogs-2c4dadbb79348c7faca155e820c1a261.yaml @@ -0,0 +1,58 @@ +id: mpoperationlogs-2c4dadbb79348c7faca155e820c1a261 + +info: + name: > + MpOperationLogs <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc5f1b00-acee-4dc8-acd7-2d3f3493f253?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mpoperationlogs/" + google-query: inurl:"/wp-content/plugins/mpoperationlogs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mpoperationlogs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mpoperationlogs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mpoperationlogs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mq-woocommerce-products-price-bulk-edit-f255a0d01d888b1ab68c9fee4e439ae8.yaml b/nuclei-templates/cve-less/plugins/mq-woocommerce-products-price-bulk-edit-f255a0d01d888b1ab68c9fee4e439ae8.yaml new file mode 100644 index 0000000000..48c9f8ed6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mq-woocommerce-products-price-bulk-edit-f255a0d01d888b1ab68c9fee4e439ae8.yaml @@ -0,0 +1,58 @@ +id: mq-woocommerce-products-price-bulk-edit-f255a0d01d888b1ab68c9fee4e439ae8 + +info: + name: > + Woocommerce Products Price Bulk Edit <= 2.0 - Cross-Site Scripting via show_products_page_limit parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da8af540-1623-42f2-a8af-4d3cadf1f5d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mq-woocommerce-products-price-bulk-edit/" + google-query: inurl:"/wp-content/plugins/mq-woocommerce-products-price-bulk-edit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mq-woocommerce-products-price-bulk-edit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mq-woocommerce-products-price-bulk-edit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mq-woocommerce-products-price-bulk-edit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ms-reviews-3b3f96c33b07ec89b36c294dbf4ced51.yaml b/nuclei-templates/cve-less/plugins/ms-reviews-3b3f96c33b07ec89b36c294dbf4ced51.yaml new file mode 100644 index 0000000000..18c1953353 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ms-reviews-3b3f96c33b07ec89b36c294dbf4ced51.yaml @@ -0,0 +1,58 @@ +id: ms-reviews-3b3f96c33b07ec89b36c294dbf4ced51 + +info: + name: > + MS-Reviews <= 1.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68fd5e6f-9883-4e8f-9c4f-5905b487629a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ms-reviews/" + google-query: inurl:"/wp-content/plugins/ms-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ms-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ms-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ms-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mshop-mysite-13034f6a839e821ee8d8b6496142d778.yaml b/nuclei-templates/cve-less/plugins/mshop-mysite-13034f6a839e821ee8d8b6496142d778.yaml new file mode 100644 index 0000000000..f1384f4870 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mshop-mysite-13034f6a839e821ee8d8b6496142d778.yaml @@ -0,0 +1,58 @@ +id: mshop-mysite-13034f6a839e821ee8d8b6496142d778 + +info: + name: > + MSHOP MY SITE <= 1.1.7 - Missing Authorization via update_settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2cbf43-3e8a-4364-9355-6d6587204c1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mshop-mysite/" + google-query: inurl:"/wp-content/plugins/mshop-mysite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mshop-mysite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mshop-mysite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mshop-mysite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-11537cde4e91f43e48d58ef19250e138.yaml b/nuclei-templates/cve-less/plugins/mstore-api-11537cde4e91f43e48d58ef19250e138.yaml new file mode 100644 index 0000000000..45df742e25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-11537cde4e91f43e48d58ef19250e138.yaml @@ -0,0 +1,58 @@ +id: mstore-api-11537cde4e91f43e48d58ef19250e138 + +info: + name: > + MStore API <= 3.9.6 - Cross-Site Request Forgery to Firebase Server Key Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2b3612e-3c91-469b-98ef-fdb03b0ee9d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-11bfec28fd7489d580b927090a0bc03d.yaml b/nuclei-templates/cve-less/plugins/mstore-api-11bfec28fd7489d580b927090a0bc03d.yaml new file mode 100644 index 0000000000..c49cdba06a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-11bfec28fd7489d580b927090a0bc03d.yaml @@ -0,0 +1,58 @@ +id: mstore-api-11bfec28fd7489d580b927090a0bc03d + +info: + name: > + MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a604df5d-92b3-4df8-a7ef-00f0ee95cf0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-1f2fdbe5d410730df888dae6fceb7e5a.yaml b/nuclei-templates/cve-less/plugins/mstore-api-1f2fdbe5d410730df888dae6fceb7e5a.yaml new file mode 100644 index 0000000000..d06393ff34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-1f2fdbe5d410730df888dae6fceb7e5a.yaml @@ -0,0 +1,58 @@ +id: mstore-api-1f2fdbe5d410730df888dae6fceb7e5a + +info: + name: > + MStore API <= 3.9.8 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d1cc8c4-6c14-4d0c-9420-02d709f88b2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-218590420fdaae12f7b13eebfab8b845.yaml b/nuclei-templates/cve-less/plugins/mstore-api-218590420fdaae12f7b13eebfab8b845.yaml new file mode 100644 index 0000000000..062374b824 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-218590420fdaae12f7b13eebfab8b845.yaml @@ -0,0 +1,58 @@ +id: mstore-api-218590420fdaae12f7b13eebfab8b845 + +info: + name: > + MStore API <= 3.9.2 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f00761a7-fe24-49a3-b3e3-a471e05815c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-2a9ab106af487c2aecdafee383fcc254.yaml b/nuclei-templates/cve-less/plugins/mstore-api-2a9ab106af487c2aecdafee383fcc254.yaml new file mode 100644 index 0000000000..884c9d41a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-2a9ab106af487c2aecdafee383fcc254.yaml @@ -0,0 +1,58 @@ +id: mstore-api-2a9ab106af487c2aecdafee383fcc254 + +info: + name: > + MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Status Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5f30190-4576-4c2b-b069-72501538733b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-46d4ebf7038a0e8c484c9aea0e512d27.yaml b/nuclei-templates/cve-less/plugins/mstore-api-46d4ebf7038a0e8c484c9aea0e512d27.yaml new file mode 100644 index 0000000000..a8afcbde57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-46d4ebf7038a0e8c484c9aea0e512d27.yaml @@ -0,0 +1,58 @@ +id: mstore-api-46d4ebf7038a0e8c484c9aea0e512d27 + +info: + name: > + MStore API <= 3.9.1 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5881d16c-84e8-4610-8233-cfa5a94fe3f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-4acb0dd741daeb068a56799abff8a41c.yaml b/nuclei-templates/cve-less/plugins/mstore-api-4acb0dd741daeb068a56799abff8a41c.yaml new file mode 100644 index 0000000000..5faa53dcf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-4acb0dd741daeb068a56799abff8a41c.yaml @@ -0,0 +1,58 @@ +id: mstore-api-4acb0dd741daeb068a56799abff8a41c + +info: + name: > + MStore API <= 3.9.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a747542-0601-4fa5-a97c-c72d1347013b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-4f7baf83e51eb30ac1967902ba81559d.yaml b/nuclei-templates/cve-less/plugins/mstore-api-4f7baf83e51eb30ac1967902ba81559d.yaml new file mode 100644 index 0000000000..1a0af01fd7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-4f7baf83e51eb30ac1967902ba81559d.yaml @@ -0,0 +1,58 @@ +id: mstore-api-4f7baf83e51eb30ac1967902ba81559d + +info: + name: > + MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c0c35-5f44-488f-9fe1-269ea4a73854?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-5c09d79123e7df0cc552b5e3e1fb85e4.yaml b/nuclei-templates/cve-less/plugins/mstore-api-5c09d79123e7df0cc552b5e3e1fb85e4.yaml new file mode 100644 index 0000000000..5924247583 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-5c09d79123e7df0cc552b5e3e1fb85e4.yaml @@ -0,0 +1,58 @@ +id: mstore-api-5c09d79123e7df0cc552b5e3e1fb85e4 + +info: + name: > + MStore API <= 3.9.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c726d8f0-7f2a-414b-9d73-a053921074d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-5d1b1d2d30b64ee220b927e779fd3a7a.yaml b/nuclei-templates/cve-less/plugins/mstore-api-5d1b1d2d30b64ee220b927e779fd3a7a.yaml new file mode 100644 index 0000000000..8d599ade81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-5d1b1d2d30b64ee220b927e779fd3a7a.yaml @@ -0,0 +1,58 @@ +id: mstore-api-5d1b1d2d30b64ee220b927e779fd3a7a + +info: + name: > + MStore API <= 3.9.7 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da36ba83-490e-4c9d-8a34-c5c79392a09a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-62a933125d13190434146b926be57bbb.yaml b/nuclei-templates/cve-less/plugins/mstore-api-62a933125d13190434146b926be57bbb.yaml new file mode 100644 index 0000000000..df6604645a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-62a933125d13190434146b926be57bbb.yaml @@ -0,0 +1,58 @@ +id: mstore-api-62a933125d13190434146b926be57bbb + +info: + name: > + MStore API <= 4.10.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d32bda7-2d2d-4364-8ac9-e32950f889ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-63f43a6e88da428774e18ac7305171ad.yaml b/nuclei-templates/cve-less/plugins/mstore-api-63f43a6e88da428774e18ac7305171ad.yaml new file mode 100644 index 0000000000..0e479a579a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-63f43a6e88da428774e18ac7305171ad.yaml @@ -0,0 +1,58 @@ +id: mstore-api-63f43a6e88da428774e18ac7305171ad + +info: + name: > + MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Title Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb5cb1a5-30d2-434f-90f9-d37aecfbe158?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-6f2e39604a581bcc0a7b4f915eff3dd9.yaml b/nuclei-templates/cve-less/plugins/mstore-api-6f2e39604a581bcc0a7b4f915eff3dd9.yaml new file mode 100644 index 0000000000..508a9555c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-6f2e39604a581bcc0a7b4f915eff3dd9.yaml @@ -0,0 +1,58 @@ +id: mstore-api-6f2e39604a581bcc0a7b4f915eff3dd9 + +info: + name: > + MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Message Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78f3c503-e255-44d2-8432-48dc2c5f553d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-7dbb92a1633f5650078c7c51173954c5.yaml b/nuclei-templates/cve-less/plugins/mstore-api-7dbb92a1633f5650078c7c51173954c5.yaml new file mode 100644 index 0000000000..6130fa4fb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-7dbb92a1633f5650078c7c51173954c5.yaml @@ -0,0 +1,58 @@ +id: mstore-api-7dbb92a1633f5650078c7c51173954c5 + +info: + name: > + MStore API <= 2.1.5 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/934c3ce9-cf2d-4bf6-9a34-f448cb2e5a1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-8b6490d616c3b0afd9a25ca2623da6a2.yaml b/nuclei-templates/cve-less/plugins/mstore-api-8b6490d616c3b0afd9a25ca2623da6a2.yaml new file mode 100644 index 0000000000..c5baaf8f8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-8b6490d616c3b0afd9a25ca2623da6a2.yaml @@ -0,0 +1,58 @@ +id: mstore-api-8b6490d616c3b0afd9a25ca2623da6a2 + +info: + name: > + MStore API <= 4.0.6 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8b10d0c-e2fc-47a3-9df9-8df58eee964c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-8be08765ef433238fcdb1a43ba0779f5.yaml b/nuclei-templates/cve-less/plugins/mstore-api-8be08765ef433238fcdb1a43ba0779f5.yaml new file mode 100644 index 0000000000..1f6fdfabb5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-8be08765ef433238fcdb1a43ba0779f5.yaml @@ -0,0 +1,58 @@ +id: mstore-api-8be08765ef433238fcdb1a43ba0779f5 + +info: + name: > + MStore API <= 3.9.7 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/494c780d-5441-407d-8947-e56d7cac32d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-9a8385daee7a51370fe7b2ccb01dc7d0.yaml b/nuclei-templates/cve-less/plugins/mstore-api-9a8385daee7a51370fe7b2ccb01dc7d0.yaml new file mode 100644 index 0000000000..94dbf9191a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-9a8385daee7a51370fe7b2ccb01dc7d0.yaml @@ -0,0 +1,58 @@ +id: mstore-api-9a8385daee7a51370fe7b2ccb01dc7d0 + +info: + name: > + MStore API <= 4.0.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30aab1af-a78f-4bac-b3c5-30ea854ccef7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-ce3e51128d47fab10d04046c408cb2e6.yaml b/nuclei-templates/cve-less/plugins/mstore-api-ce3e51128d47fab10d04046c408cb2e6.yaml new file mode 100644 index 0000000000..07c2113652 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-ce3e51128d47fab10d04046c408cb2e6.yaml @@ -0,0 +1,58 @@ +id: mstore-api-ce3e51128d47fab10d04046c408cb2e6 + +info: + name: > + MStore API <= 3.9.6 - Cross-Site Request Forgery to Product Limit Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1aed51a2-9fd4-43bb-b72d-ae8e51ee6e87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mstore-api-ffa610d468201a00e5838193890dc873.yaml b/nuclei-templates/cve-less/plugins/mstore-api-ffa610d468201a00e5838193890dc873.yaml new file mode 100644 index 0000000000..67a6f189b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mstore-api-ffa610d468201a00e5838193890dc873.yaml @@ -0,0 +1,58 @@ +id: mstore-api-ffa610d468201a00e5838193890dc873 + +info: + name: > + MStore API <= 3.1.9 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16e3ca1b-817d-4f03-92ae-346a56271c47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mstore-api/" + google-query: inurl:"/wp-content/plugins/mstore-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mstore-api,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mstore-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/msync-a37d3498c6bbcc050576781692b33c90.yaml b/nuclei-templates/cve-less/plugins/msync-a37d3498c6bbcc050576781692b33c90.yaml new file mode 100644 index 0000000000..4043329932 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/msync-a37d3498c6bbcc050576781692b33c90.yaml @@ -0,0 +1,58 @@ +id: msync-a37d3498c6bbcc050576781692b33c90 + +info: + name: > + MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f37ed0e-3e03-4f00-9967-16047beab1cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/msync/" + google-query: inurl:"/wp-content/plugins/msync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,msync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/msync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "msync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mtouch-quiz-2f5135a2953d35c3e23bf8648ed00b7e.yaml b/nuclei-templates/cve-less/plugins/mtouch-quiz-2f5135a2953d35c3e23bf8648ed00b7e.yaml new file mode 100644 index 0000000000..222a1e99ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mtouch-quiz-2f5135a2953d35c3e23bf8648ed00b7e.yaml @@ -0,0 +1,58 @@ +id: mtouch-quiz-2f5135a2953d35c3e23bf8648ed00b7e + +info: + name: > + mTouch Quiz <= 3.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c131c746-3029-4791-b564-f6e530e63ea9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mtouch-quiz/" + google-query: inurl:"/wp-content/plugins/mtouch-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mtouch-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mtouch-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mtouch-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mtouch-quiz-5973e024827e1b713c70489b0018d6d3.yaml b/nuclei-templates/cve-less/plugins/mtouch-quiz-5973e024827e1b713c70489b0018d6d3.yaml new file mode 100644 index 0000000000..1f50dae317 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mtouch-quiz-5973e024827e1b713c70489b0018d6d3.yaml @@ -0,0 +1,58 @@ +id: mtouch-quiz-5973e024827e1b713c70489b0018d6d3 + +info: + name: > + mTouch Quiz <= 3.1.2 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbc91abd-d865-45a2-bc37-f34cb10f1863?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mtouch-quiz/" + google-query: inurl:"/wp-content/plugins/mtouch-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mtouch-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mtouch-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mtouch-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mtouch-quiz-5ec6acde81c3a11c030c7e48fb82e3a0.yaml b/nuclei-templates/cve-less/plugins/mtouch-quiz-5ec6acde81c3a11c030c7e48fb82e3a0.yaml new file mode 100644 index 0000000000..883f52ed7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mtouch-quiz-5ec6acde81c3a11c030c7e48fb82e3a0.yaml @@ -0,0 +1,58 @@ +id: mtouch-quiz-5ec6acde81c3a11c030c7e48fb82e3a0 + +info: + name: > + mTouch Quiz <= 3.1.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bce7b25-fb64-44ac-b48f-00ef871610c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mtouch-quiz/" + google-query: inurl:"/wp-content/plugins/mtouch-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mtouch-quiz,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mtouch-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mtouch-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mtouch-quiz-802392d669a0739410b0400626ccc124.yaml b/nuclei-templates/cve-less/plugins/mtouch-quiz-802392d669a0739410b0400626ccc124.yaml new file mode 100644 index 0000000000..2ef7934d26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mtouch-quiz-802392d669a0739410b0400626ccc124.yaml @@ -0,0 +1,58 @@ +id: mtouch-quiz-802392d669a0739410b0400626ccc124 + +info: + name: > + mTouch Quiz < 3.0.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abe2de9c-4044-4b52-9ec8-c66691313cf0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mtouch-quiz/" + google-query: inurl:"/wp-content/plugins/mtouch-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mtouch-quiz,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mtouch-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mtouch-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mtouch-quiz-bb563e95b48b650f94219f11430dd39c.yaml b/nuclei-templates/cve-less/plugins/mtouch-quiz-bb563e95b48b650f94219f11430dd39c.yaml new file mode 100644 index 0000000000..87dd477d17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mtouch-quiz-bb563e95b48b650f94219f11430dd39c.yaml @@ -0,0 +1,58 @@ +id: mtouch-quiz-bb563e95b48b650f94219f11430dd39c + +info: + name: > + mTouch Quiz <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/748e2f67-cd28-4d02-9460-ef88a609d811?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mtouch-quiz/" + google-query: inurl:"/wp-content/plugins/mtouch-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mtouch-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mtouch-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mtouch-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mtouch-quiz-eb50713c1c0af0073e35c8d86469e373.yaml b/nuclei-templates/cve-less/plugins/mtouch-quiz-eb50713c1c0af0073e35c8d86469e373.yaml new file mode 100644 index 0000000000..87c3080205 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mtouch-quiz-eb50713c1c0af0073e35c8d86469e373.yaml @@ -0,0 +1,58 @@ +id: mtouch-quiz-eb50713c1c0af0073e35c8d86469e373 + +info: + name: > + mTouch Quiz < 3.0.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df086b87-b025-417f-adc0-5f2829024a0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mtouch-quiz/" + google-query: inurl:"/wp-content/plugins/mtouch-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mtouch-quiz,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mtouch-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mtouch-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mtouch-quiz-ee5dd1bd7e8e451209210bdf95385813.yaml b/nuclei-templates/cve-less/plugins/mtouch-quiz-ee5dd1bd7e8e451209210bdf95385813.yaml new file mode 100644 index 0000000000..4885439c86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mtouch-quiz-ee5dd1bd7e8e451209210bdf95385813.yaml @@ -0,0 +1,58 @@ +id: mtouch-quiz-ee5dd1bd7e8e451209210bdf95385813 + +info: + name: > + mTouch Quiz <= 3.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9fcd12b-bcc8-48cb-a077-ccf1bc4ff276?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mtouch-quiz/" + google-query: inurl:"/wp-content/plugins/mtouch-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mtouch-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mtouch-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mtouch-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mts-url-shortener-5fa6ee2c71bfa785ae78ca09e3e47838.yaml b/nuclei-templates/cve-less/plugins/mts-url-shortener-5fa6ee2c71bfa785ae78ca09e3e47838.yaml new file mode 100644 index 0000000000..f0d4c370c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mts-url-shortener-5fa6ee2c71bfa785ae78ca09e3e47838.yaml @@ -0,0 +1,58 @@ +id: mts-url-shortener-5fa6ee2c71bfa785ae78ca09e3e47838 + +info: + name: > + URL Shortener by MyThemeShop <= 1.0.17 - Reflected Cross-Site Scripting via 'page' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52c2837e-8947-4ce9-bda5-e0c2f831fb36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mts-url-shortener/" + google-query: inurl:"/wp-content/plugins/mts-url-shortener/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mts-url-shortener,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mts-url-shortener/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mts-url-shortener" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mts-url-shortener-e9eaa7084ed183eefbf2977e6f156e8c.yaml b/nuclei-templates/cve-less/plugins/mts-url-shortener-e9eaa7084ed183eefbf2977e6f156e8c.yaml new file mode 100644 index 0000000000..dd5b31bfd7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mts-url-shortener-e9eaa7084ed183eefbf2977e6f156e8c.yaml @@ -0,0 +1,58 @@ +id: mts-url-shortener-e9eaa7084ed183eefbf2977e6f156e8c + +info: + name: > + URL Shortener by MyThemeShop <= 1.0.16 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34d396b2-f19f-47b3-bf9e-f2f14dd0b9be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mts-url-shortener/" + google-query: inurl:"/wp-content/plugins/mts-url-shortener/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mts-url-shortener,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mts-url-shortener/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mts-url-shortener" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-column-tag-map-1179313cfd258782fb4aa71495304bc0.yaml b/nuclei-templates/cve-less/plugins/multi-column-tag-map-1179313cfd258782fb4aa71495304bc0.yaml new file mode 100644 index 0000000000..8fba56c232 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-column-tag-map-1179313cfd258782fb4aa71495304bc0.yaml @@ -0,0 +1,58 @@ +id: multi-column-tag-map-1179313cfd258782fb4aa71495304bc0 + +info: + name: > + Multi-column Tag Map <= 17.0.24 - Authenticated (Contributor+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32652a9a-00ba-4e86-9947-c7c7ebd21494?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-column-tag-map/" + google-query: inurl:"/wp-content/plugins/multi-column-tag-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-column-tag-map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-column-tag-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-column-tag-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 17.0.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-column-tag-map-637e4daf2caafdb5d476cac6dee7f199.yaml b/nuclei-templates/cve-less/plugins/multi-column-tag-map-637e4daf2caafdb5d476cac6dee7f199.yaml new file mode 100644 index 0000000000..22feab5594 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-column-tag-map-637e4daf2caafdb5d476cac6dee7f199.yaml @@ -0,0 +1,58 @@ +id: multi-column-tag-map-637e4daf2caafdb5d476cac6dee7f199 + +info: + name: > + Multi-column Tag Map <= 17.0.26 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2a60cb2-fe7d-4c51-9995-5cb4682d9d26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-column-tag-map/" + google-query: inurl:"/wp-content/plugins/multi-column-tag-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-column-tag-map,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-column-tag-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-column-tag-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 17.0.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-feed-reader-ae474b19622d960a9a30327a508a7a8c.yaml b/nuclei-templates/cve-less/plugins/multi-feed-reader-ae474b19622d960a9a30327a508a7a8c.yaml new file mode 100644 index 0000000000..42770d3404 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-feed-reader-ae474b19622d960a9a30327a508a7a8c.yaml @@ -0,0 +1,58 @@ +id: multi-feed-reader-ae474b19622d960a9a30327a508a7a8c + +info: + name: > + Multi Feed Reader <= 2.2.3 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56f59303-cf82-4239-9e04-80a32f20d87c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-feed-reader/" + google-query: inurl:"/wp-content/plugins/multi-feed-reader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-feed-reader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-feed-reader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-feed-reader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-page-toolkit-d6476ba9d1f9af74d842dc5c3e1d7008.yaml b/nuclei-templates/cve-less/plugins/multi-page-toolkit-d6476ba9d1f9af74d842dc5c3e1d7008.yaml new file mode 100644 index 0000000000..2bc735829e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-page-toolkit-d6476ba9d1f9af74d842dc5c3e1d7008.yaml @@ -0,0 +1,58 @@ +id: multi-page-toolkit-d6476ba9d1f9af74d842dc5c3e1d7008 + +info: + name: > + Multi-page Toolkit <= 2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ba5ddf2-8ae2-4bfa-9f15-16425baea6e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-page-toolkit/" + google-query: inurl:"/wp-content/plugins/multi-page-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-page-toolkit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-page-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-page-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-rating-125f6e76ab3144c958a71a6f072d17aa.yaml b/nuclei-templates/cve-less/plugins/multi-rating-125f6e76ab3144c958a71a6f072d17aa.yaml new file mode 100644 index 0000000000..f71315f7a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-rating-125f6e76ab3144c958a71a6f072d17aa.yaml @@ -0,0 +1,58 @@ +id: multi-rating-125f6e76ab3144c958a71a6f072d17aa + +info: + name: > + Multi Rating <= 5.0.6 - Cross-Site Request Forgery to Arbitrary Ratings Value Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80ad0b55-bd85-4240-ae54-f72d6b81ea7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-rating/" + google-query: inurl:"/wp-content/plugins/multi-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-rating,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-rating-63aab415fe29b03c8068882fbb1507f4.yaml b/nuclei-templates/cve-less/plugins/multi-rating-63aab415fe29b03c8068882fbb1507f4.yaml new file mode 100644 index 0000000000..548d945c05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-rating-63aab415fe29b03c8068882fbb1507f4.yaml @@ -0,0 +1,58 @@ +id: multi-rating-63aab415fe29b03c8068882fbb1507f4 + +info: + name: > + Multi Rating <= 5.0.6 - Missing Authorization to Arbitrary Ratings Value Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3d00464-557f-4177-87aa-f5340b796dbb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-rating/" + google-query: inurl:"/wp-content/plugins/multi-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-rating,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-rating-7116e76b9d33cbc2c26869f8330931eb.yaml b/nuclei-templates/cve-less/plugins/multi-rating-7116e76b9d33cbc2c26869f8330931eb.yaml new file mode 100644 index 0000000000..f84cf5a1c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-rating-7116e76b9d33cbc2c26869f8330931eb.yaml @@ -0,0 +1,58 @@ +id: multi-rating-7116e76b9d33cbc2c26869f8330931eb + +info: + name: > + Multi Rating <= 5.0.5 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/979699fd-ff31-4cba-bbf2-03fa51554031?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-rating/" + google-query: inurl:"/wp-content/plugins/multi-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-rating,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-rating-d5187e60da4aa17f7ec3f00e2f717a1c.yaml b/nuclei-templates/cve-less/plugins/multi-rating-d5187e60da4aa17f7ec3f00e2f717a1c.yaml new file mode 100644 index 0000000000..c5335d2b9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-rating-d5187e60da4aa17f7ec3f00e2f717a1c.yaml @@ -0,0 +1,58 @@ +id: multi-rating-d5187e60da4aa17f7ec3f00e2f717a1c + +info: + name: > + Multi Rating <= 5.0.5 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0dcf95e-1540-48ed-a4a2-f803d67ea141?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-rating/" + google-query: inurl:"/wp-content/plugins/multi-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-rating,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-rating-e487dc2fff22059c80c2edae74cd9a80.yaml b/nuclei-templates/cve-less/plugins/multi-rating-e487dc2fff22059c80c2edae74cd9a80.yaml new file mode 100644 index 0000000000..24a979cbdf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-rating-e487dc2fff22059c80c2edae74cd9a80.yaml @@ -0,0 +1,58 @@ +id: multi-rating-e487dc2fff22059c80c2edae74cd9a80 + +info: + name: > + Multi Rating <= 5.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca2311c-7b44-4dad-bea0-131776205319?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-rating/" + google-query: inurl:"/wp-content/plugins/multi-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-rating,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-scheduler-841c70d8af33e4bb86e8b280b12a2f3b.yaml b/nuclei-templates/cve-less/plugins/multi-scheduler-841c70d8af33e4bb86e8b280b12a2f3b.yaml new file mode 100644 index 0000000000..6b93bff7fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-scheduler-841c70d8af33e4bb86e8b280b12a2f3b.yaml @@ -0,0 +1,58 @@ +id: multi-scheduler-841c70d8af33e4bb86e8b280b12a2f3b + +info: + name: > + multi Scheduler <= 1.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/921c2486-42cb-42f2-a326-e951c20bd7ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-scheduler/" + google-query: inurl:"/wp-content/plugins/multi-scheduler/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-scheduler,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-scheduler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-scheduler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-step-form-262d571e1dff2c8fb3abba675c28c4e5.yaml b/nuclei-templates/cve-less/plugins/multi-step-form-262d571e1dff2c8fb3abba675c28c4e5.yaml new file mode 100644 index 0000000000..5c00f580b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-step-form-262d571e1dff2c8fb3abba675c28c4e5.yaml @@ -0,0 +1,58 @@ +id: multi-step-form-262d571e1dff2c8fb3abba675c28c4e5 + +info: + name: > + Multi Step Form <= 1.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38de34cd-b985-4552-a260-53da2106a4af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-step-form/" + google-query: inurl:"/wp-content/plugins/multi-step-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-step-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-step-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-step-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-step-form-26e086c596fe6398b20ed3be8129cc9d.yaml b/nuclei-templates/cve-less/plugins/multi-step-form-26e086c596fe6398b20ed3be8129cc9d.yaml new file mode 100644 index 0000000000..3fdc5a53b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-step-form-26e086c596fe6398b20ed3be8129cc9d.yaml @@ -0,0 +1,58 @@ +id: multi-step-form-26e086c596fe6398b20ed3be8129cc9d + +info: + name: > + Multi Step Form <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5e6b508-35ef-45da-bf17-c038d3b7ce52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-step-form/" + google-query: inurl:"/wp-content/plugins/multi-step-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-step-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-step-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-step-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-step-form-2822e321e1d70cd0fc641dbfe5a0bd37.yaml b/nuclei-templates/cve-less/plugins/multi-step-form-2822e321e1d70cd0fc641dbfe5a0bd37.yaml new file mode 100644 index 0000000000..e1e4785d8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-step-form-2822e321e1d70cd0fc641dbfe5a0bd37.yaml @@ -0,0 +1,58 @@ +id: multi-step-form-2822e321e1d70cd0fc641dbfe5a0bd37 + +info: + name: > + Multi Step Form <= 1.7.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/192335c4-b244-4308-bd3a-cf96c1461309?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-step-form/" + google-query: inurl:"/wp-content/plugins/multi-step-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-step-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-step-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-step-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-step-form-447bef3440e263d45c541524d37bf6b4.yaml b/nuclei-templates/cve-less/plugins/multi-step-form-447bef3440e263d45c541524d37bf6b4.yaml new file mode 100644 index 0000000000..297f6bc856 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-step-form-447bef3440e263d45c541524d37bf6b4.yaml @@ -0,0 +1,58 @@ +id: multi-step-form-447bef3440e263d45c541524d37bf6b4 + +info: + name: > + Multi Step Form <= 1.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d45d870-dd00-40aa-9e98-4be4d06b3a0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-step-form/" + google-query: inurl:"/wp-content/plugins/multi-step-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-step-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-step-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-step-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-step-form-463f67413eb1dfd1e1c7f65db3ca7607.yaml b/nuclei-templates/cve-less/plugins/multi-step-form-463f67413eb1dfd1e1c7f65db3ca7607.yaml new file mode 100644 index 0000000000..59bf0ea215 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-step-form-463f67413eb1dfd1e1c7f65db3ca7607.yaml @@ -0,0 +1,58 @@ +id: multi-step-form-463f67413eb1dfd1e1c7f65db3ca7607 + +info: + name: > + Multi Step Form <= 1.7.18 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f904fd6-c937-4676-8e6e-6e94d3c42b0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-step-form/" + google-query: inurl:"/wp-content/plugins/multi-step-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-step-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-step-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-step-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multi-step-form-962810e9bfe68aabdf565feb933a98a3.yaml b/nuclei-templates/cve-less/plugins/multi-step-form-962810e9bfe68aabdf565feb933a98a3.yaml new file mode 100644 index 0000000000..b9870e95a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multi-step-form-962810e9bfe68aabdf565feb933a98a3.yaml @@ -0,0 +1,58 @@ +id: multi-step-form-962810e9bfe68aabdf565feb933a98a3 + +info: + name: > + Multi Step Form <= 1.2.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe668f93-f6b7-4824-ad17-024291d8f535?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multi-step-form/" + google-query: inurl:"/wp-content/plugins/multi-step-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multi-step-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multi-step-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multi-step-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multicons-704fb8f9c5192e5c8b8563d28e2e91a8.yaml b/nuclei-templates/cve-less/plugins/multicons-704fb8f9c5192e5c8b8563d28e2e91a8.yaml new file mode 100644 index 0000000000..7041a6abb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multicons-704fb8f9c5192e5c8b8563d28e2e91a8.yaml @@ -0,0 +1,58 @@ +id: multicons-704fb8f9c5192e5c8b8563d28e2e91a8 + +info: + name: > + Multicons [ Multiple Favicons ] <= 2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a1f3fdb-a786-4159-9020-648bc0658268?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multicons/" + google-query: inurl:"/wp-content/plugins/multicons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multicons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multicons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multicons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multimedial-images-bc5e61b065b355ecda981dfb9a91839d.yaml b/nuclei-templates/cve-less/plugins/multimedial-images-bc5e61b065b355ecda981dfb9a91839d.yaml new file mode 100644 index 0000000000..b2b847d13a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multimedial-images-bc5e61b065b355ecda981dfb9a91839d.yaml @@ -0,0 +1,58 @@ +id: multimedial-images-bc5e61b065b355ecda981dfb9a91839d + +info: + name: > + multimedial images <= 1.0b - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/539cd606-1884-48df-beae-f5686a4e2400?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multimedial-images/" + google-query: inurl:"/wp-content/plugins/multimedial-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multimedial-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multimedial-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multimedial-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0b') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-194154b98ea167d5243ca3bc6185dc5f.yaml b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-194154b98ea167d5243ca3bc6185dc5f.yaml new file mode 100644 index 0000000000..1cb52e24aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-194154b98ea167d5243ca3bc6185dc5f.yaml @@ -0,0 +1,58 @@ +id: multiparcels-shipping-for-woocommerce-194154b98ea167d5243ca3bc6185dc5f + +info: + name: > + MultiParcels Shipping For WooCommerce <= 1.14.12 - Authenticated(Subscriber+) SQL Injection via id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b888f0c-5547-4ff7-9721-50166e3f0117?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiparcels-shipping-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/multiparcels-shipping-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiparcels-shipping-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiparcels-shipping-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiparcels-shipping-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-4e39f41aeadd0e0dd90d8ba63c20d6b4.yaml b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-4e39f41aeadd0e0dd90d8ba63c20d6b4.yaml new file mode 100644 index 0000000000..7552dad649 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-4e39f41aeadd0e0dd90d8ba63c20d6b4.yaml @@ -0,0 +1,58 @@ +id: multiparcels-shipping-for-woocommerce-4e39f41aeadd0e0dd90d8ba63c20d6b4 + +info: + name: > + MultiParcels Shipping For WooCommerce <= 1.15.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/279a5460-25d1-4f80-8141-4d3af536258e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiparcels-shipping-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/multiparcels-shipping-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiparcels-shipping-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiparcels-shipping-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiparcels-shipping-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-890063830c1c25aee11e9fe1e8798a54.yaml b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-890063830c1c25aee11e9fe1e8798a54.yaml new file mode 100644 index 0000000000..87378a0491 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-890063830c1c25aee11e9fe1e8798a54.yaml @@ -0,0 +1,58 @@ +id: multiparcels-shipping-for-woocommerce-890063830c1c25aee11e9fe1e8798a54 + +info: + name: > + MultiParcels Shipping For WooCommerce < 1.16.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c676a46-3e3f-4dc0-ba7f-acf1f100fb4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiparcels-shipping-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/multiparcels-shipping-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiparcels-shipping-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiparcels-shipping-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiparcels-shipping-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.16.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-e463bbf0a92d1f70c76687905b887fc6.yaml b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-e463bbf0a92d1f70c76687905b887fc6.yaml new file mode 100644 index 0000000000..117449d85c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-e463bbf0a92d1f70c76687905b887fc6.yaml @@ -0,0 +1,58 @@ +id: multiparcels-shipping-for-woocommerce-e463bbf0a92d1f70c76687905b887fc6 + +info: + name: > + MultiParcels Shipping For WooCommerce <= 1.15.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83a3f61c-2385-456f-bca3-6d3f3ffd9694?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiparcels-shipping-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/multiparcels-shipping-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiparcels-shipping-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiparcels-shipping-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiparcels-shipping-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-e6a704ce234334d9f31ac517092f1bb0.yaml b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-e6a704ce234334d9f31ac517092f1bb0.yaml new file mode 100644 index 0000000000..1e431738b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-e6a704ce234334d9f31ac517092f1bb0.yaml @@ -0,0 +1,58 @@ +id: multiparcels-shipping-for-woocommerce-e6a704ce234334d9f31ac517092f1bb0 + +info: + name: > + MultiParcels Shipping For WooCommerce <= 1.14.13 - Missing Authorization via get_history + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5502ebc-0b35-4966-bff6-90efdcb0db58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiparcels-shipping-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/multiparcels-shipping-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiparcels-shipping-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiparcels-shipping-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiparcels-shipping-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-f76e1c53234e1a9b18e0328f53d84dde.yaml b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-f76e1c53234e1a9b18e0328f53d84dde.yaml new file mode 100644 index 0000000000..25dedde68b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiparcels-shipping-for-woocommerce-f76e1c53234e1a9b18e0328f53d84dde.yaml @@ -0,0 +1,58 @@ +id: multiparcels-shipping-for-woocommerce-f76e1c53234e1a9b18e0328f53d84dde + +info: + name: > + MultiParcels Shipping For WooCommerce <= 1.15.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e860293-0dfb-444f-a103-33942d9ff75c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiparcels-shipping-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/multiparcels-shipping-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiparcels-shipping-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiparcels-shipping-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiparcels-shipping-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.15.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiplayer-plugin-3216cccc2ccf209ed6afbf1298c4c973.yaml b/nuclei-templates/cve-less/plugins/multiplayer-plugin-3216cccc2ccf209ed6afbf1298c4c973.yaml new file mode 100644 index 0000000000..f0753deeca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiplayer-plugin-3216cccc2ccf209ed6afbf1298c4c973.yaml @@ -0,0 +1,58 @@ +id: multiplayer-plugin-3216cccc2ccf209ed6afbf1298c4c973 + +info: + name: > + Multiplayer Games <= 3.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b876ed30-66f5-4cad-a60c-104a0a793033?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiplayer-plugin/" + google-query: inurl:"/wp-content/plugins/multiplayer-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiplayer-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiplayer-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiplayer-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-03e8fea4abe393774ca83cec29070e62.yaml b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-03e8fea4abe393774ca83cec29070e62.yaml new file mode 100644 index 0000000000..0729abc69a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-03e8fea4abe393774ca83cec29070e62.yaml @@ -0,0 +1,58 @@ +id: multiple-pages-generator-by-porthas-03e8fea4abe393774ca83cec29070e62 + +info: + name: > + Multiple Page Generator Plugin <= 3.3.17 - Cross-Site Request Forgery to SQL Injection + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d900584c-0f58-4abc-92ff-841f898d02fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/" + google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiple-pages-generator-by-porthas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiple-pages-generator-by-porthas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-1f2e03d503f5681dd8b4d168bb6a5e29.yaml b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-1f2e03d503f5681dd8b4d168bb6a5e29.yaml new file mode 100644 index 0000000000..f7bbc0b353 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-1f2e03d503f5681dd8b4d168bb6a5e29.yaml @@ -0,0 +1,58 @@ +id: multiple-pages-generator-by-porthas-1f2e03d503f5681dd8b4d168bb6a5e29 + +info: + name: > + Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1575f0ad-0a77-4047-844c-48db4c8b4e91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/" + google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiple-pages-generator-by-porthas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiple-pages-generator-by-porthas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-2428c4eb87b4651b0b610c5b37e29f17.yaml b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-2428c4eb87b4651b0b610c5b37e29f17.yaml new file mode 100644 index 0000000000..a0286a7f46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-2428c4eb87b4651b0b610c5b37e29f17.yaml @@ -0,0 +1,58 @@ +id: multiple-pages-generator-by-porthas-2428c4eb87b4651b0b610c5b37e29f17 + +info: + name: > + Multiple Page Generator Plugin – MPG <= 3.4.0 - Missing Authorization via mpg_get_log_by_project_id + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa1d2fac-6e66-46b8-aa0a-1f6b5746b18b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/" + google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiple-pages-generator-by-porthas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiple-pages-generator-by-porthas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-410043251186f9da5efcd4c944487f1e.yaml b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-410043251186f9da5efcd4c944487f1e.yaml new file mode 100644 index 0000000000..91817c9310 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-410043251186f9da5efcd4c944487f1e.yaml @@ -0,0 +1,58 @@ +id: multiple-pages-generator-by-porthas-410043251186f9da5efcd4c944487f1e + +info: + name: > + Multiple Page Generator Plugin – MPG <= 3.4.0 - Authenticated (Editor+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/155f765c-65ab-443a-a4b7-50d916e2903c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/" + google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiple-pages-generator-by-porthas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiple-pages-generator-by-porthas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-7573fa793301510c262a9093c76e28a4.yaml b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-7573fa793301510c262a9093c76e28a4.yaml new file mode 100644 index 0000000000..57765e00e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-7573fa793301510c262a9093c76e28a4.yaml @@ -0,0 +1,58 @@ +id: multiple-pages-generator-by-porthas-7573fa793301510c262a9093c76e28a4 + +info: + name: > + Multiple Page Generator Plugin – MPG <= 3.4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa15df6a-3411-4d69-8337-a3944ceae9ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/" + google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiple-pages-generator-by-porthas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiple-pages-generator-by-porthas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-867692d864273a70bf9ff47c77dd8e22.yaml b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-867692d864273a70bf9ff47c77dd8e22.yaml new file mode 100644 index 0000000000..a1a722aa8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-867692d864273a70bf9ff47c77dd8e22.yaml @@ -0,0 +1,58 @@ +id: multiple-pages-generator-by-porthas-867692d864273a70bf9ff47c77dd8e22 + +info: + name: > + Multiple Page Generator Plugin <= 3.3.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6aa2d172-73b6-487d-ae65-0920f915e750?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/" + google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiple-pages-generator-by-porthas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiple-pages-generator-by-porthas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..1314bfb82b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: multiple-pages-generator-by-porthas-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/" + google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiple-pages-generator-by-porthas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiple-pages-generator-by-porthas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-bce926ab22529c16e0539f0acc228409.yaml b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-bce926ab22529c16e0539f0acc228409.yaml new file mode 100644 index 0000000000..76cc4c9d1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiple-pages-generator-by-porthas-bce926ab22529c16e0539f0acc228409.yaml @@ -0,0 +1,58 @@ +id: multiple-pages-generator-by-porthas-bce926ab22529c16e0539f0acc228409 + +info: + name: > + Multiple Page Generator Plugin – MPG <= 3.3.19 - Authenticated (Administrator+) SQL Injection in projects_list and total_projects + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d18d800b-647f-4706-9ec1-a8ea4e643965?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiple-pages-generator-by-porthas/" + google-query: inurl:"/wp-content/plugins/multiple-pages-generator-by-porthas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiple-pages-generator-by-porthas,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiple-pages-generator-by-porthas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiple-pages-generator-by-porthas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiple-post-passwords-308319ee878eb47d99190ad100843184.yaml b/nuclei-templates/cve-less/plugins/multiple-post-passwords-308319ee878eb47d99190ad100843184.yaml new file mode 100644 index 0000000000..9a2376a64a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiple-post-passwords-308319ee878eb47d99190ad100843184.yaml @@ -0,0 +1,58 @@ +id: multiple-post-passwords-308319ee878eb47d99190ad100843184 + +info: + name: > + Multiple Post Passwords <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f220293-9789-4824-b736-ead014c45366?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiple-post-passwords/" + google-query: inurl:"/wp-content/plugins/multiple-post-passwords/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiple-post-passwords,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiple-post-passwords/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiple-post-passwords" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiple-roles-15583129ef6cea1a9a42a4bb010eaa6b.yaml b/nuclei-templates/cve-less/plugins/multiple-roles-15583129ef6cea1a9a42a4bb010eaa6b.yaml new file mode 100644 index 0000000000..09d98d71e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiple-roles-15583129ef6cea1a9a42a4bb010eaa6b.yaml @@ -0,0 +1,58 @@ +id: multiple-roles-15583129ef6cea1a9a42a4bb010eaa6b + +info: + name: > + Multiple Roles <= 1.3.1- Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/862fa0c3-c16f-493e-9bf6-92debc0e30f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiple-roles/" + google-query: inurl:"/wp-content/plugins/multiple-roles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiple-roles,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiple-roles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiple-roles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multiple-shipping-address-woocommerce-72a5beaa06012eefbccaf7bb2be8aca6.yaml b/nuclei-templates/cve-less/plugins/multiple-shipping-address-woocommerce-72a5beaa06012eefbccaf7bb2be8aca6.yaml new file mode 100644 index 0000000000..18699f711d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multiple-shipping-address-woocommerce-72a5beaa06012eefbccaf7bb2be8aca6.yaml @@ -0,0 +1,58 @@ +id: multiple-shipping-address-woocommerce-72a5beaa06012eefbccaf7bb2be8aca6 + +info: + name: > + Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9502669-ddbb-40c3-9d98-95c862f47a9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multiple-shipping-address-woocommerce/" + google-query: inurl:"/wp-content/plugins/multiple-shipping-address-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multiple-shipping-address-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multiple-shipping-address-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multiple-shipping-address-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multisafepay-9ee1fb20140e6d73472d36e51f5b0eef.yaml b/nuclei-templates/cve-less/plugins/multisafepay-9ee1fb20140e6d73472d36e51f5b0eef.yaml new file mode 100644 index 0000000000..38704c01ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multisafepay-9ee1fb20140e6d73472d36e51f5b0eef.yaml @@ -0,0 +1,58 @@ +id: multisafepay-9ee1fb20140e6d73472d36e51f5b0eef + +info: + name: > + MultiSafepay plugin for WooCommerce <= 4.15.0 - Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b5a2a2a-a204-4265-b81e-4b785a407871?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multisafepay/" + google-query: inurl:"/wp-content/plugins/multisafepay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multisafepay,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multisafepay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multisafepay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/multisite-post-duplicator-6df6e844abfccff24d48183d808487ab.yaml b/nuclei-templates/cve-less/plugins/multisite-post-duplicator-6df6e844abfccff24d48183d808487ab.yaml new file mode 100644 index 0000000000..e23b6a17c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/multisite-post-duplicator-6df6e844abfccff24d48183d808487ab.yaml @@ -0,0 +1,58 @@ +id: multisite-post-duplicator-6df6e844abfccff24d48183d808487ab + +info: + name: > + Multisite Post Duplicator <= 1.7.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9aeeb92f-26f8-44b5-a523-abc33043efff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/multisite-post-duplicator/" + google-query: inurl:"/wp-content/plugins/multisite-post-duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,multisite-post-duplicator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/multisite-post-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "multisite-post-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/music-store-f2983beb380d477fba46a5c5deed43dd.yaml b/nuclei-templates/cve-less/plugins/music-store-f2983beb380d477fba46a5c5deed43dd.yaml new file mode 100644 index 0000000000..420ff4c3b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/music-store-f2983beb380d477fba46a5c5deed43dd.yaml @@ -0,0 +1,58 @@ +id: music-store-f2983beb380d477fba46a5c5deed43dd + +info: + name: > + Music Store <= 1.0.41 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3d356d1-2f6d-42e0-b774-6384872c0a90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/music-store/" + google-query: inurl:"/wp-content/plugins/music-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,music-store,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/music-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "music-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mw-wp-form-7c87e8f104753303f633f63d1aeebd8d.yaml b/nuclei-templates/cve-less/plugins/mw-wp-form-7c87e8f104753303f633f63d1aeebd8d.yaml new file mode 100644 index 0000000000..dcab4617d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mw-wp-form-7c87e8f104753303f633f63d1aeebd8d.yaml @@ -0,0 +1,58 @@ +id: mw-wp-form-7c87e8f104753303f633f63d1aeebd8d + +info: + name: > + MW WP Form <= 4.4.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/616de170-6645-4a06-a393-51bec1d8bd8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mw-wp-form/" + google-query: inurl:"/wp-content/plugins/mw-wp-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mw-wp-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mw-wp-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mw-wp-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mw-wp-form-911484e3365757053bdfa0e54f447b4f.yaml b/nuclei-templates/cve-less/plugins/mw-wp-form-911484e3365757053bdfa0e54f447b4f.yaml new file mode 100644 index 0000000000..bd8a619083 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mw-wp-form-911484e3365757053bdfa0e54f447b4f.yaml @@ -0,0 +1,58 @@ +id: mw-wp-form-911484e3365757053bdfa0e54f447b4f + +info: + name: > + MW WP Form <= 5.0.1 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2c03142-be30-4173-a140-14d73a16dd2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mw-wp-form/" + google-query: inurl:"/wp-content/plugins/mw-wp-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mw-wp-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mw-wp-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mw-wp-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mw-wp-form-c9a6c3093cb802c72eb217b944b386a2.yaml b/nuclei-templates/cve-less/plugins/mw-wp-form-c9a6c3093cb802c72eb217b944b386a2.yaml new file mode 100644 index 0000000000..098a91e922 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mw-wp-form-c9a6c3093cb802c72eb217b944b386a2.yaml @@ -0,0 +1,58 @@ +id: mw-wp-form-c9a6c3093cb802c72eb217b944b386a2 + +info: + name: > + MW WP Form <= 4.4.2 - Directory Traversal via _file_upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7adeee0-30ff-4759-b42e-1ac2dea5a8a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mw-wp-form/" + google-query: inurl:"/wp-content/plugins/mw-wp-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mw-wp-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mw-wp-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mw-wp-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mw-wp-form-d1c63a8bf0beafb1c82149091059ec86.yaml b/nuclei-templates/cve-less/plugins/mw-wp-form-d1c63a8bf0beafb1c82149091059ec86.yaml new file mode 100644 index 0000000000..909b7eca32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mw-wp-form-d1c63a8bf0beafb1c82149091059ec86.yaml @@ -0,0 +1,58 @@ +id: mw-wp-form-d1c63a8bf0beafb1c82149091059ec86 + +info: + name: > + MW WP Form <= 5.0.6 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2126761-cbff-4d46-a6df-4566d15216d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mw-wp-form/" + google-query: inurl:"/wp-content/plugins/mw-wp-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mw-wp-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mw-wp-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mw-wp-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mw-wp-form-fb14b5eeb363b3c1bc8612df7d95fc5e.yaml b/nuclei-templates/cve-less/plugins/mw-wp-form-fb14b5eeb363b3c1bc8612df7d95fc5e.yaml new file mode 100644 index 0000000000..d1fc326dbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mw-wp-form-fb14b5eeb363b3c1bc8612df7d95fc5e.yaml @@ -0,0 +1,58 @@ +id: mw-wp-form-fb14b5eeb363b3c1bc8612df7d95fc5e + +info: + name: > + MW WP Form <= 5.0.3 - Improper Limitation of File Name to Unauthenticated Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/412d555c-9bbd-42f5-8020-ccfc18755a79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mw-wp-form/" + google-query: inurl:"/wp-content/plugins/mw-wp-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mw-wp-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mw-wp-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mw-wp-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mwp-countdown-d561f3d81e84a307c0bd1e31854171e0.yaml b/nuclei-templates/cve-less/plugins/mwp-countdown-d561f3d81e84a307c0bd1e31854171e0.yaml new file mode 100644 index 0000000000..d56af079f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mwp-countdown-d561f3d81e84a307c0bd1e31854171e0.yaml @@ -0,0 +1,58 @@ +id: mwp-countdown-d561f3d81e84a307c0bd1e31854171e0 + +info: + name: > + Wow Countdowns <= 3.1.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd20e40c-cfec-4de6-a8a6-02850185003b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mwp-countdown/" + google-query: inurl:"/wp-content/plugins/mwp-countdown/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mwp-countdown,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mwp-countdown/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mwp-countdown" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mwp-forms-14d5ec39f3f717cd0febca936a2aa6ce.yaml b/nuclei-templates/cve-less/plugins/mwp-forms-14d5ec39f3f717cd0febca936a2aa6ce.yaml new file mode 100644 index 0000000000..df07aab08c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mwp-forms-14d5ec39f3f717cd0febca936a2aa6ce.yaml @@ -0,0 +1,58 @@ +id: mwp-forms-14d5ec39f3f717cd0febca936a2aa6ce + +info: + name: > + Wow Forms – create any form with custom style <= 3.1.3 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8848a247-52a6-48de-9ad5-deef89c2c599?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mwp-forms/" + google-query: inurl:"/wp-content/plugins/mwp-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mwp-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mwp-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mwp-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mwp-herd-effect-013a3c9fa700970f10b7bbed788f507b.yaml b/nuclei-templates/cve-less/plugins/mwp-herd-effect-013a3c9fa700970f10b7bbed788f507b.yaml new file mode 100644 index 0000000000..1535503fe2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mwp-herd-effect-013a3c9fa700970f10b7bbed788f507b.yaml @@ -0,0 +1,58 @@ +id: mwp-herd-effect-013a3c9fa700970f10b7bbed788f507b + +info: + name: > + Herd Effects <= 5.2 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8acb86fa-50b4-45b3-9bf8-ef65679b85ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mwp-herd-effect/" + google-query: inurl:"/wp-content/plugins/mwp-herd-effect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mwp-herd-effect,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mwp-herd-effect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mwp-herd-effect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mwp-herd-effect-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/mwp-herd-effect-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..524f5800dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mwp-herd-effect-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: mwp-herd-effect-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mwp-herd-effect/" + google-query: inurl:"/wp-content/plugins/mwp-herd-effect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mwp-herd-effect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mwp-herd-effect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mwp-herd-effect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mwp-herd-effect-64c02d39235cbe33840c45ab521604aa.yaml b/nuclei-templates/cve-less/plugins/mwp-herd-effect-64c02d39235cbe33840c45ab521604aa.yaml new file mode 100644 index 0000000000..8e0805ed2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mwp-herd-effect-64c02d39235cbe33840c45ab521604aa.yaml @@ -0,0 +1,58 @@ +id: mwp-herd-effect-64c02d39235cbe33840c45ab521604aa + +info: + name: > + Herd Effects <= 5.2.3 - Cross-Site Request Forgery to Effect Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fd15c0b-cd3b-45e7-8379-b0e64e64d6b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mwp-herd-effect/" + google-query: inurl:"/wp-content/plugins/mwp-herd-effect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mwp-herd-effect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mwp-herd-effect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mwp-herd-effect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mwp-herd-effect-ab1eb5a48a622a49086f766ee1ce86ba.yaml b/nuclei-templates/cve-less/plugins/mwp-herd-effect-ab1eb5a48a622a49086f766ee1ce86ba.yaml new file mode 100644 index 0000000000..d7afde9211 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mwp-herd-effect-ab1eb5a48a622a49086f766ee1ce86ba.yaml @@ -0,0 +1,58 @@ +id: mwp-herd-effect-ab1eb5a48a622a49086f766ee1ce86ba + +info: + name: > + Herd Effects <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e79b62b-1d60-4c4c-bd0b-4207b20fa3cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mwp-herd-effect/" + google-query: inurl:"/wp-content/plugins/mwp-herd-effect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mwp-herd-effect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mwp-herd-effect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mwp-herd-effect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mwp-herd-effect-ce8ee7b9600d875960db0922db40d4c2.yaml b/nuclei-templates/cve-less/plugins/mwp-herd-effect-ce8ee7b9600d875960db0922db40d4c2.yaml new file mode 100644 index 0000000000..3cd850003a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mwp-herd-effect-ce8ee7b9600d875960db0922db40d4c2.yaml @@ -0,0 +1,58 @@ +id: mwp-herd-effect-ce8ee7b9600d875960db0922db40d4c2 + +info: + name: > + Herd Effects – fake notifications and social proof plugin <= 5.2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/526dcd62-5e40-4870-b6cf-4f3d8bf9f8d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mwp-herd-effect/" + google-query: inurl:"/wp-content/plugins/mwp-herd-effect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mwp-herd-effect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mwp-herd-effect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mwp-herd-effect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mwp-skype-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/mwp-skype-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..ec01aebeed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mwp-skype-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: mwp-skype-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mwp-skype/" + google-query: inurl:"/wp-content/plugins/mwp-skype/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mwp-skype,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mwp-skype/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mwp-skype" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mwp-skype-73a5ef3fe7ff6ce104975ee9342f5c66.yaml b/nuclei-templates/cve-less/plugins/mwp-skype-73a5ef3fe7ff6ce104975ee9342f5c66.yaml new file mode 100644 index 0000000000..c6206c6450 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mwp-skype-73a5ef3fe7ff6ce104975ee9342f5c66.yaml @@ -0,0 +1,58 @@ +id: mwp-skype-73a5ef3fe7ff6ce104975ee9342f5c66 + +info: + name: > + Wow Skype Buttons <= 4.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abee822e-b929-435a-86c2-57901424f1a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mwp-skype/" + google-query: inurl:"/wp-content/plugins/mwp-skype/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mwp-skype,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mwp-skype/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mwp-skype" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mww-disclaimer-buttons-164235cec7e149cb5686d35550cc5b45.yaml b/nuclei-templates/cve-less/plugins/mww-disclaimer-buttons-164235cec7e149cb5686d35550cc5b45.yaml new file mode 100644 index 0000000000..c163b82975 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mww-disclaimer-buttons-164235cec7e149cb5686d35550cc5b45.yaml @@ -0,0 +1,58 @@ +id: mww-disclaimer-buttons-164235cec7e149cb5686d35550cc5b45 + +info: + name: > + MWW Disclaimer Buttons <= 3.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/280871a2-f09f-4cd1-93f1-c804cda6b4e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mww-disclaimer-buttons/" + google-query: inurl:"/wp-content/plugins/mww-disclaimer-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mww-disclaimer-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mww-disclaimer-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mww-disclaimer-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mx-time-zone-clocks-efba52660b6ae40494c76473deb3b9d9.yaml b/nuclei-templates/cve-less/plugins/mx-time-zone-clocks-efba52660b6ae40494c76473deb3b9d9.yaml new file mode 100644 index 0000000000..f64db9b56b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mx-time-zone-clocks-efba52660b6ae40494c76473deb3b9d9.yaml @@ -0,0 +1,58 @@ +id: mx-time-zone-clocks-efba52660b6ae40494c76473deb3b9d9 + +info: + name: > + MX Time Zone Clocks <= 3.4 - Contributor+ Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11542fc6-33e2-40b9-be74-9fbb788f6915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mx-time-zone-clocks/" + google-query: inurl:"/wp-content/plugins/mx-time-zone-clocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mx-time-zone-clocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mx-time-zone-clocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mx-time-zone-clocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-account-page-editor-decd0181d7e39da44fe0e5d9af5455c7.yaml b/nuclei-templates/cve-less/plugins/my-account-page-editor-decd0181d7e39da44fe0e5d9af5455c7.yaml new file mode 100644 index 0000000000..9d06c749ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-account-page-editor-decd0181d7e39da44fe0e5d9af5455c7.yaml @@ -0,0 +1,58 @@ +id: my-account-page-editor-decd0181d7e39da44fe0e5d9af5455c7 + +info: + name: > + My Account Page Editor <= 1.3.1 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f87b6987-8896-4edf-9b14-8582426adeb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-account-page-editor/" + google-query: inurl:"/wp-content/plugins/my-account-page-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-account-page-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-account-page-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-account-page-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-calendar-0fa49314c689285a17b374209d3a5887.yaml b/nuclei-templates/cve-less/plugins/my-calendar-0fa49314c689285a17b374209d3a5887.yaml new file mode 100644 index 0000000000..771e727361 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-calendar-0fa49314c689285a17b374209d3a5887.yaml @@ -0,0 +1,58 @@ +id: my-calendar-0fa49314c689285a17b374209d3a5887 + +info: + name: > + My Calendar <= 3.4.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d039ba8f-0452-4c14-a655-7f6880c1f1b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-calendar/" + google-query: inurl:"/wp-content/plugins/my-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-calendar-1e21b5582d8630d6c174336fda22cd0b.yaml b/nuclei-templates/cve-less/plugins/my-calendar-1e21b5582d8630d6c174336fda22cd0b.yaml new file mode 100644 index 0000000000..aaf460714f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-calendar-1e21b5582d8630d6c174336fda22cd0b.yaml @@ -0,0 +1,58 @@ +id: my-calendar-1e21b5582d8630d6c174336fda22cd0b + +info: + name: > + My Calendar <= 3.3.16 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e77d240-475d-41a2-9b88-1332fc60b72d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-calendar/" + google-query: inurl:"/wp-content/plugins/my-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-calendar-505ed98ce47f4d2bcda888e7e457703c.yaml b/nuclei-templates/cve-less/plugins/my-calendar-505ed98ce47f4d2bcda888e7e457703c.yaml new file mode 100644 index 0000000000..e01951e743 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-calendar-505ed98ce47f4d2bcda888e7e457703c.yaml @@ -0,0 +1,58 @@ +id: my-calendar-505ed98ce47f4d2bcda888e7e457703c + +info: + name: > + My Calendar <= 3.2.17 - Subscriber+ Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cac9614d-3fe5-4657-af6b-81acb71f51f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-calendar/" + google-query: inurl:"/wp-content/plugins/my-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-calendar-5f2c8752d84edabaa8bbd1589413f608.yaml b/nuclei-templates/cve-less/plugins/my-calendar-5f2c8752d84edabaa8bbd1589413f608.yaml new file mode 100644 index 0000000000..1bc0d7de5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-calendar-5f2c8752d84edabaa8bbd1589413f608.yaml @@ -0,0 +1,58 @@ +id: my-calendar-5f2c8752d84edabaa8bbd1589413f608 + +info: + name: > + My Calendar < 1.10.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97ad1b6e-2f2b-49f6-9970-fd413bfc544a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-calendar/" + google-query: inurl:"/wp-content/plugins/my-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.10.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-calendar-65b1205e2a37abbb65be358b000a3445.yaml b/nuclei-templates/cve-less/plugins/my-calendar-65b1205e2a37abbb65be358b000a3445.yaml new file mode 100644 index 0000000000..e1115f2ad1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-calendar-65b1205e2a37abbb65be358b000a3445.yaml @@ -0,0 +1,58 @@ +id: my-calendar-65b1205e2a37abbb65be358b000a3445 + +info: + name: > + My Calendar <= 3.4.21 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/496b1c3a-7fbb-4088-9936-6b023718946d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-calendar/" + google-query: inurl:"/wp-content/plugins/my-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-calendar-7598877f4e713405d9e74bfad63425fb.yaml b/nuclei-templates/cve-less/plugins/my-calendar-7598877f4e713405d9e74bfad63425fb.yaml new file mode 100644 index 0000000000..08555412c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-calendar-7598877f4e713405d9e74bfad63425fb.yaml @@ -0,0 +1,58 @@ +id: my-calendar-7598877f4e713405d9e74bfad63425fb + +info: + name: > + My Calendar <= 3.4.23 - Authenticated (Admin+) Stored Cross-Site Scripting via Events + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad98db62-4253-4fd5-90b3-c28a563c7697?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-calendar/" + google-query: inurl:"/wp-content/plugins/my-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-calendar-aa680f4ce8dad5699d078d5a407ddd10.yaml b/nuclei-templates/cve-less/plugins/my-calendar-aa680f4ce8dad5699d078d5a407ddd10.yaml new file mode 100644 index 0000000000..25ae096f95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-calendar-aa680f4ce8dad5699d078d5a407ddd10.yaml @@ -0,0 +1,58 @@ +id: my-calendar-aa680f4ce8dad5699d078d5a407ddd10 + +info: + name: > + My Calendar <= 3.3.24.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/334570f7-967b-4792-934c-ebe4c4f18490?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-calendar/" + google-query: inurl:"/wp-content/plugins/my-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.24.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-calendar-b87197a613662b55350c2f2781a87102.yaml b/nuclei-templates/cve-less/plugins/my-calendar-b87197a613662b55350c2f2781a87102.yaml new file mode 100644 index 0000000000..18efd4314b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-calendar-b87197a613662b55350c2f2781a87102.yaml @@ -0,0 +1,58 @@ +id: my-calendar-b87197a613662b55350c2f2781a87102 + +info: + name: > + My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0d9362f-3f34-4602-b19f-2d283e4fe22d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-calendar/" + google-query: inurl:"/wp-content/plugins/my-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-calendar-dd53e1988ec5b5d25424d4247fd55d9d.yaml b/nuclei-templates/cve-less/plugins/my-calendar-dd53e1988ec5b5d25424d4247fd55d9d.yaml new file mode 100644 index 0000000000..e7730676cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-calendar-dd53e1988ec5b5d25424d4247fd55d9d.yaml @@ -0,0 +1,58 @@ +id: my-calendar-dd53e1988ec5b5d25424d4247fd55d9d + +info: + name: > + My Calendar <= 3.4.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74f1966c-f465-4c8f-b7ae-131974961d72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-calendar/" + google-query: inurl:"/wp-content/plugins/my-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-category-order-64ec2a96ce824196b74660ea295fa52d.yaml b/nuclei-templates/cve-less/plugins/my-category-order-64ec2a96ce824196b74660ea295fa52d.yaml new file mode 100644 index 0000000000..3f02acd7c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-category-order-64ec2a96ce824196b74660ea295fa52d.yaml @@ -0,0 +1,58 @@ +id: my-category-order-64ec2a96ce824196b74660ea295fa52d + +info: + name: > + my-category-order <= 2.8.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d97eb079-5b19-461c-8a80-d00ab45e2bff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-category-order/" + google-query: inurl:"/wp-content/plugins/my-category-order/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-category-order,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-category-order/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-category-order" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-content-management-2e12d42eb302e6a61f201e211fa0da28.yaml b/nuclei-templates/cve-less/plugins/my-content-management-2e12d42eb302e6a61f201e211fa0da28.yaml new file mode 100644 index 0000000000..e49bfa028b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-content-management-2e12d42eb302e6a61f201e211fa0da28.yaml @@ -0,0 +1,58 @@ +id: my-content-management-2e12d42eb302e6a61f201e211fa0da28 + +info: + name: > + My Content Management <= 1.7.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fc18fee-5813-4134-8c4d-44710665857a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-content-management/" + google-query: inurl:"/wp-content/plugins/my-content-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-content-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-content-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-content-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-shortcodes-de64d2f517270fa27d42f881da4c6d98.yaml b/nuclei-templates/cve-less/plugins/my-shortcodes-de64d2f517270fa27d42f881da4c6d98.yaml new file mode 100644 index 0000000000..196f031de7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-shortcodes-de64d2f517270fa27d42f881da4c6d98.yaml @@ -0,0 +1,58 @@ +id: my-shortcodes-de64d2f517270fa27d42f881da4c6d98 + +info: + name: > + My Shortcodes <= 2.3 - Missing Authorization via Multiple AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a931496-f130-4910-9116-6c2c4df760f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-shortcodes/" + google-query: inurl:"/wp-content/plugins/my-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-shortcodes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-tickets-3b65f76db2b87c51279c14c330d16347.yaml b/nuclei-templates/cve-less/plugins/my-tickets-3b65f76db2b87c51279c14c330d16347.yaml new file mode 100644 index 0000000000..afc6a3a1f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-tickets-3b65f76db2b87c51279c14c330d16347.yaml @@ -0,0 +1,58 @@ +id: my-tickets-3b65f76db2b87c51279c14c330d16347 + +info: + name: > + My Tickets <= 1.9.11 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33a8173e-cb1a-4396-a05b-7404bf899ad9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-tickets/" + google-query: inurl:"/wp-content/plugins/my-tickets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-tickets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-tickets-77e642ff24948f5be818c3b7338e42ce.yaml b/nuclei-templates/cve-less/plugins/my-tickets-77e642ff24948f5be818c3b7338e42ce.yaml new file mode 100644 index 0000000000..b7089ce3f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-tickets-77e642ff24948f5be818c3b7338e42ce.yaml @@ -0,0 +1,58 @@ +id: my-tickets-77e642ff24948f5be818c3b7338e42ce + +info: + name: > + My Tickets <= 1.8.30 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ff5a900-9e4d-4bd0-bd19-cad96e62f973?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-tickets/" + google-query: inurl:"/wp-content/plugins/my-tickets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-tickets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-tickets-d8fe1550ef4435dde41b495aa629c7d1.yaml b/nuclei-templates/cve-less/plugins/my-tickets-d8fe1550ef4435dde41b495aa629c7d1.yaml new file mode 100644 index 0000000000..166224f5a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-tickets-d8fe1550ef4435dde41b495aa629c7d1.yaml @@ -0,0 +1,58 @@ +id: my-tickets-d8fe1550ef4435dde41b495aa629c7d1 + +info: + name: > + My Tickets <= 1.9.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c107916-1de8-46e3-80bf-3e1529533907?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-tickets/" + google-query: inurl:"/wp-content/plugins/my-tickets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-tickets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-waze-94a42c523ccdb6324d7b897f6e9c739d.yaml b/nuclei-templates/cve-less/plugins/my-waze-94a42c523ccdb6324d7b897f6e9c739d.yaml new file mode 100644 index 0000000000..f810b61185 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-waze-94a42c523ccdb6324d7b897f6e9c739d.yaml @@ -0,0 +1,58 @@ +id: my-waze-94a42c523ccdb6324d7b897f6e9c739d + +info: + name: > + MyWaze <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f516d1d-530b-4902-82c5-916478669232?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-waze/" + google-query: inurl:"/wp-content/plugins/my-waze/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-waze,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-waze/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-waze" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-wish-list-de81b18a854ce81734a5dca6853e283e.yaml b/nuclei-templates/cve-less/plugins/my-wish-list-de81b18a854ce81734a5dca6853e283e.yaml new file mode 100644 index 0000000000..a76375ab7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-wish-list-de81b18a854ce81734a5dca6853e283e.yaml @@ -0,0 +1,58 @@ +id: my-wish-list-de81b18a854ce81734a5dca6853e283e + +info: + name: > + My Wish List < 1.4.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4bf80cd-8956-4143-afcb-995013554d56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-wish-list/" + google-query: inurl:"/wp-content/plugins/my-wish-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-wish-list,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-wish-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-wish-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-wp-health-check-e849386b94578b26b80f8f92e65a3f8b.yaml b/nuclei-templates/cve-less/plugins/my-wp-health-check-e849386b94578b26b80f8f92e65a3f8b.yaml new file mode 100644 index 0000000000..827a93a218 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-wp-health-check-e849386b94578b26b80f8f92e65a3f8b.yaml @@ -0,0 +1,58 @@ +id: my-wp-health-check-e849386b94578b26b80f8f92e65a3f8b + +info: + name: > + SiteAlert (Formerly WP Health) <= 1.9.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1870c6e-23b6-4f3b-adba-72633d62dfd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-wp-health-check/" + google-query: inurl:"/wp-content/plugins/my-wp-health-check/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-wp-health-check,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-wp-health-check/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-wp-health-check" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-wp-translate-d3e6d2f3e4924a9f9f37a01c1a206e29.yaml b/nuclei-templates/cve-less/plugins/my-wp-translate-d3e6d2f3e4924a9f9f37a01c1a206e29.yaml new file mode 100644 index 0000000000..700e64e39f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-wp-translate-d3e6d2f3e4924a9f9f37a01c1a206e29.yaml @@ -0,0 +1,58 @@ +id: my-wp-translate-d3e6d2f3e4924a9f9f37a01c1a206e29 + +info: + name: > + My WP Translate <= 1.0.3 - Unprotected AJAX Actions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56b16f10-2f48-49db-85f6-f934bc267110?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-wp-translate/" + google-query: inurl:"/wp-content/plugins/my-wp-translate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-wp-translate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-wp-translate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-wp-translate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-wp-translate-da4809632dd888beae369fbce2888e9e.yaml b/nuclei-templates/cve-less/plugins/my-wp-translate-da4809632dd888beae369fbce2888e9e.yaml new file mode 100644 index 0000000000..16015598a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-wp-translate-da4809632dd888beae369fbce2888e9e.yaml @@ -0,0 +1,58 @@ +id: my-wp-translate-da4809632dd888beae369fbce2888e9e + +info: + name: > + My WP Translate <= 1.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b1261d9-ab21-4ec2-84d7-f12a2013607a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-wp-translate/" + google-query: inurl:"/wp-content/plugins/my-wp-translate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-wp-translate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-wp-translate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-wp-translate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/my-wpdb-ca85fcbf44c8f529ecdfa95b175d7b9b.yaml b/nuclei-templates/cve-less/plugins/my-wpdb-ca85fcbf44c8f529ecdfa95b175d7b9b.yaml new file mode 100644 index 0000000000..18e20267d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/my-wpdb-ca85fcbf44c8f529ecdfa95b175d7b9b.yaml @@ -0,0 +1,58 @@ +id: my-wpdb-ca85fcbf44c8f529ecdfa95b175d7b9b + +info: + name: > + My wpdb <= 1.1.12 - Cross-Site Request Forgery to Arbitrary SQL Query Execution + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e437ef90-5321-4543-a4ef-716b898315eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/my-wpdb/" + google-query: inurl:"/wp-content/plugins/my-wpdb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,my-wpdb,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/my-wpdb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "my-wpdb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/myagileprivacy-b91180f6c8ba3f8d6ff100d044a9837c.yaml b/nuclei-templates/cve-less/plugins/myagileprivacy-b91180f6c8ba3f8d6ff100d044a9837c.yaml new file mode 100644 index 0000000000..3082e8b039 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/myagileprivacy-b91180f6c8ba3f8d6ff100d044a9837c.yaml @@ -0,0 +1,58 @@ +id: myagileprivacy-b91180f6c8ba3f8d6ff100d044a9837c + +info: + name: > + My Agile Privacy <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting vis Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35c40c81-c7b4-4453-bd2f-7910fcb7f13e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/myagileprivacy/" + google-query: inurl:"/wp-content/plugins/myagileprivacy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,myagileprivacy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/myagileprivacy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "myagileprivacy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mybb-cross-poster-7b501f3b3223dc999faba6ed8169a765.yaml b/nuclei-templates/cve-less/plugins/mybb-cross-poster-7b501f3b3223dc999faba6ed8169a765.yaml new file mode 100644 index 0000000000..0b5c83b93e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mybb-cross-poster-7b501f3b3223dc999faba6ed8169a765.yaml @@ -0,0 +1,58 @@ +id: mybb-cross-poster-7b501f3b3223dc999faba6ed8169a765 + +info: + name: > + MyBB Cross-Poster <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6b079f5-715d-4fb3-bcaf-539412d5e956?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mybb-cross-poster/" + google-query: inurl:"/wp-content/plugins/mybb-cross-poster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mybb-cross-poster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mybb-cross-poster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mybb-cross-poster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/myblogu-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/myblogu-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..3f46c09cff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/myblogu-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: myblogu-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/myblogu/" + google-query: inurl:"/wp-content/plugins/myblogu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,myblogu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/myblogu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "myblogu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mybooktable-7da47fa66cee45b26565c0fef152490a.yaml b/nuclei-templates/cve-less/plugins/mybooktable-7da47fa66cee45b26565c0fef152490a.yaml new file mode 100644 index 0000000000..ad3774c9fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mybooktable-7da47fa66cee45b26565c0fef152490a.yaml @@ -0,0 +1,58 @@ +id: mybooktable-7da47fa66cee45b26565c0fef152490a + +info: + name: > + MyBookTable Bookstore <= 3.3.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02b336ce-be41-4343-9817-0437bd2685c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mybooktable/" + google-query: inurl:"/wp-content/plugins/mybooktable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mybooktable,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mybooktable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mybooktable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mybooktable-c4c3dacc97e2d49842f4e491e4abe511.yaml b/nuclei-templates/cve-less/plugins/mybooktable-c4c3dacc97e2d49842f4e491e4abe511.yaml new file mode 100644 index 0000000000..c2dd476845 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mybooktable-c4c3dacc97e2d49842f4e491e4abe511.yaml @@ -0,0 +1,58 @@ +id: mybooktable-c4c3dacc97e2d49842f4e491e4abe511 + +info: + name: > + MyBookTable Bookstore <= 3.3.7 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a15f8a5a-dccf-476e-9a40-e9ea11dc46f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mybooktable/" + google-query: inurl:"/wp-content/plugins/mybooktable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mybooktable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mybooktable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mybooktable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycred-4696541fdc76b8ee098f38a67fea2a75.yaml b/nuclei-templates/cve-less/plugins/mycred-4696541fdc76b8ee098f38a67fea2a75.yaml new file mode 100644 index 0000000000..f31ab14077 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycred-4696541fdc76b8ee098f38a67fea2a75.yaml @@ -0,0 +1,58 @@ +id: mycred-4696541fdc76b8ee098f38a67fea2a75 + +info: + name: > + myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.6.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3d4283e-ea57-41e1-baeb-f8f70cad3020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycred/" + google-query: inurl:"/wp-content/plugins/mycred/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycred,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycred" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycred-5950b0d42aaf04d555a067d560ed1764.yaml b/nuclei-templates/cve-less/plugins/mycred-5950b0d42aaf04d555a067d560ed1764.yaml new file mode 100644 index 0000000000..3e667c52aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycred-5950b0d42aaf04d555a067d560ed1764.yaml @@ -0,0 +1,58 @@ +id: mycred-5950b0d42aaf04d555a067d560ed1764 + +info: + name: > + myCred <= 2.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3936c4b-2326-41dc-b7d6-a8cf43752ddb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycred/" + google-query: inurl:"/wp-content/plugins/mycred/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycred,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycred" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycred-6420c7d64b9445ffc9ff5c8ed72e1368.yaml b/nuclei-templates/cve-less/plugins/mycred-6420c7d64b9445ffc9ff5c8ed72e1368.yaml new file mode 100644 index 0000000000..4cfa84570d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycred-6420c7d64b9445ffc9ff5c8ed72e1368.yaml @@ -0,0 +1,58 @@ +id: mycred-6420c7d64b9445ffc9ff5c8ed72e1368 + +info: + name: > + myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8464cd2-eef0-419b-b368-6f86af4e8dd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycred/" + google-query: inurl:"/wp-content/plugins/mycred/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycred,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycred" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycred-6ae7e30bc28b46b135c2064dc2c025e6.yaml b/nuclei-templates/cve-less/plugins/mycred-6ae7e30bc28b46b135c2064dc2c025e6.yaml new file mode 100644 index 0000000000..79717a9d04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycred-6ae7e30bc28b46b135c2064dc2c025e6.yaml @@ -0,0 +1,58 @@ +id: mycred-6ae7e30bc28b46b135c2064dc2c025e6 + +info: + name: > + myCred <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4067e03-427c-4b03-a250-0354572ae361?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycred/" + google-query: inurl:"/wp-content/plugins/mycred/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycred,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycred" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycred-6d3bd66271ddc3e51b161d4fb84cf2f5.yaml b/nuclei-templates/cve-less/plugins/mycred-6d3bd66271ddc3e51b161d4fb84cf2f5.yaml new file mode 100644 index 0000000000..35368b7c5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycred-6d3bd66271ddc3e51b161d4fb84cf2f5.yaml @@ -0,0 +1,58 @@ +id: mycred-6d3bd66271ddc3e51b161d4fb84cf2f5 + +info: + name: > + myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.3.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6753a37b-7242-4895-a439-f726ad835f61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycred/" + google-query: inurl:"/wp-content/plugins/mycred/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycred,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycred" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycred-7b33af13dcbb1f6cea4e6cd4849f85c9.yaml b/nuclei-templates/cve-less/plugins/mycred-7b33af13dcbb1f6cea4e6cd4849f85c9.yaml new file mode 100644 index 0000000000..ce49086379 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycred-7b33af13dcbb1f6cea4e6cd4849f85c9.yaml @@ -0,0 +1,58 @@ +id: mycred-7b33af13dcbb1f6cea4e6cd4849f85c9 + +info: + name: > + myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e5800fa-e0d7-435f-98c2-6d91df26d657?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycred/" + google-query: inurl:"/wp-content/plugins/mycred/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycred,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycred" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycred-9d5e6984e47653aa7bf2ef78de6fcae3.yaml b/nuclei-templates/cve-less/plugins/mycred-9d5e6984e47653aa7bf2ef78de6fcae3.yaml new file mode 100644 index 0000000000..ddd70d5b0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycred-9d5e6984e47653aa7bf2ef78de6fcae3.yaml @@ -0,0 +1,58 @@ +id: mycred-9d5e6984e47653aa7bf2ef78de6fcae3 + +info: + name: > + myCred Plugin <= 1.7.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74db4d3a-ee3f-460a-b880-f61a8e33ea57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycred/" + google-query: inurl:"/wp-content/plugins/mycred/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycred,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycred" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycred-a4073afeed9945d540c4483af566c48e.yaml b/nuclei-templates/cve-less/plugins/mycred-a4073afeed9945d540c4483af566c48e.yaml new file mode 100644 index 0000000000..762f8fea14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycred-a4073afeed9945d540c4483af566c48e.yaml @@ -0,0 +1,58 @@ +id: mycred-a4073afeed9945d540c4483af566c48e + +info: + name: > + myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.2 - Subscriber+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c994021-d429-4652-ada5-34ec0517cb19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycred/" + google-query: inurl:"/wp-content/plugins/mycred/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycred,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycred" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycred-dab92fc7cb3e34a6cce738aec497ec2e.yaml b/nuclei-templates/cve-less/plugins/mycred-dab92fc7cb3e34a6cce738aec497ec2e.yaml new file mode 100644 index 0000000000..8a36bea0d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycred-dab92fc7cb3e34a6cce738aec497ec2e.yaml @@ -0,0 +1,58 @@ +id: mycred-dab92fc7cb3e34a6cce738aec497ec2e + +info: + name: > + myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin <= 2.4.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80b15512-210c-4c6b-a3ad-f5d6042091a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycred/" + google-query: inurl:"/wp-content/plugins/mycred/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycred,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycred/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycred" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycryptocheckout-7e48a0f635133ab535de9155dd7df3ac.yaml b/nuclei-templates/cve-less/plugins/mycryptocheckout-7e48a0f635133ab535de9155dd7df3ac.yaml new file mode 100644 index 0000000000..d0361d3da8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycryptocheckout-7e48a0f635133ab535de9155dd7df3ac.yaml @@ -0,0 +1,58 @@ +id: mycryptocheckout-7e48a0f635133ab535de9155dd7df3ac + +info: + name: > + MyCryptoCheckout <= 2.125 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5575725-99ba-4499-93e5-f7648c82ac52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycryptocheckout/" + google-query: inurl:"/wp-content/plugins/mycryptocheckout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycryptocheckout,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycryptocheckout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycryptocheckout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.125') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycryptocheckout-f806fd57534e9e84564f98154ed849f3.yaml b/nuclei-templates/cve-less/plugins/mycryptocheckout-f806fd57534e9e84564f98154ed849f3.yaml new file mode 100644 index 0000000000..0555645b32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycryptocheckout-f806fd57534e9e84564f98154ed849f3.yaml @@ -0,0 +1,58 @@ +id: mycryptocheckout-f806fd57534e9e84564f98154ed849f3 + +info: + name: > + MyCryptoCheckout <= 2.123 - Reflected Cross-Site Scripting via url + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7633b5cd-0e8f-4744-bfee-d6d54a44c143?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycryptocheckout/" + google-query: inurl:"/wp-content/plugins/mycryptocheckout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycryptocheckout,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycryptocheckout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycryptocheckout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.123') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycss-51cc7451392ec09a8c7688f9ed5f409c.yaml b/nuclei-templates/cve-less/plugins/mycss-51cc7451392ec09a8c7688f9ed5f409c.yaml new file mode 100644 index 0000000000..1da1189a0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycss-51cc7451392ec09a8c7688f9ed5f409c.yaml @@ -0,0 +1,58 @@ +id: mycss-51cc7451392ec09a8c7688f9ed5f409c + +info: + name: > + MyCSS <= 1.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecdfb19e-ef3a-4c5a-96a5-4c9ce3dca3a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycss/" + google-query: inurl:"/wp-content/plugins/mycss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycurator-243dea5b11f06ba3f210fa9f99b93530.yaml b/nuclei-templates/cve-less/plugins/mycurator-243dea5b11f06ba3f210fa9f99b93530.yaml new file mode 100644 index 0000000000..fca33ea343 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycurator-243dea5b11f06ba3f210fa9f99b93530.yaml @@ -0,0 +1,58 @@ +id: mycurator-243dea5b11f06ba3f210fa9f99b93530 + +info: + name: > + MyCurator Content Curation <= 3.74 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3301899e-5c38-4ecd-b095-6e00b0f7582e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycurator/" + google-query: inurl:"/wp-content/plugins/mycurator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycurator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycurator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycurator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.74') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mycurator-972385a1b4b6972691f113fb45ea0adc.yaml b/nuclei-templates/cve-less/plugins/mycurator-972385a1b4b6972691f113fb45ea0adc.yaml new file mode 100644 index 0000000000..2673a806c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mycurator-972385a1b4b6972691f113fb45ea0adc.yaml @@ -0,0 +1,58 @@ +id: mycurator-972385a1b4b6972691f113fb45ea0adc + +info: + name: > + MyCurator Content Curation <= 3.76 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6dbc64eb-1da6-4086-9fe1-3d9080bef12e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mycurator/" + google-query: inurl:"/wp-content/plugins/mycurator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mycurator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mycurator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mycurator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.76') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/myeasybackup-d663aae86bf8b83f4649ce306c1e5aed.yaml b/nuclei-templates/cve-less/plugins/myeasybackup-d663aae86bf8b83f4649ce306c1e5aed.yaml new file mode 100644 index 0000000000..fc813b35ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/myeasybackup-d663aae86bf8b83f4649ce306c1e5aed.yaml @@ -0,0 +1,58 @@ +id: myeasybackup-d663aae86bf8b83f4649ce306c1e5aed + +info: + name: > + myEASYbackup < 1.0.9 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55a103a7-c5d8-4b52-8291-e4ae4f848cbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/myeasybackup/" + google-query: inurl:"/wp-content/plugins/myeasybackup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,myeasybackup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/myeasybackup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "myeasybackup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/myflash-0de546d8ff8a440613f030661df64835.yaml b/nuclei-templates/cve-less/plugins/myflash-0de546d8ff8a440613f030661df64835.yaml new file mode 100644 index 0000000000..31a32a1df0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/myflash-0de546d8ff8a440613f030661df64835.yaml @@ -0,0 +1,58 @@ +id: myflash-0de546d8ff8a440613f030661df64835 + +info: + name: > + Myflash < 1.11 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c648de5-14b3-4c7f-a1c2-46d91b56b0ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/myflash/" + google-query: inurl:"/wp-content/plugins/myflash/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,myflash,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/myflash/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "myflash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.00') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mygallery-0f137418131077a44fc4f4b8e86a7c26.yaml b/nuclei-templates/cve-less/plugins/mygallery-0f137418131077a44fc4f4b8e86a7c26.yaml new file mode 100644 index 0000000000..0e94468437 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mygallery-0f137418131077a44fc4f4b8e86a7c26.yaml @@ -0,0 +1,58 @@ +id: mygallery-0f137418131077a44fc4f4b8e86a7c26 + +info: + name: > + MySliderGallery <= 1.2.1 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d996df9-3d61-4b2b-8d74-4faa7c5a151a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mygallery/" + google-query: inurl:"/wp-content/plugins/mygallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mygallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mygallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mygallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mylinksdump-b448ff8f0ebed30bebafe7474f10c89b.yaml b/nuclei-templates/cve-less/plugins/mylinksdump-b448ff8f0ebed30bebafe7474f10c89b.yaml new file mode 100644 index 0000000000..c3a8377d98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mylinksdump-b448ff8f0ebed30bebafe7474f10c89b.yaml @@ -0,0 +1,58 @@ +id: mylinksdump-b448ff8f0ebed30bebafe7474f10c89b + +info: + name: > + myLinksDump <= 1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1cdd6c6-f354-48d6-9493-08c67aaef9bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mylinksdump/" + google-query: inurl:"/wp-content/plugins/mylinksdump/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mylinksdump,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mylinksdump/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mylinksdump" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mypixs-c9480dcffb0b0878eee13c8e8528a0b7.yaml b/nuclei-templates/cve-less/plugins/mypixs-c9480dcffb0b0878eee13c8e8528a0b7.yaml new file mode 100644 index 0000000000..4cd0995b80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mypixs-c9480dcffb0b0878eee13c8e8528a0b7.yaml @@ -0,0 +1,58 @@ +id: mypixs-c9480dcffb0b0878eee13c8e8528a0b7 + +info: + name: > + MyPixs <= 0.3 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5413ae2a-9afa-4ff6-b241-73b446881185?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mypixs/" + google-query: inurl:"/wp-content/plugins/mypixs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mypixs,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mypixs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mypixs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/myshopkit-popup-smartbar-slidein-f56eab4e1dba033d85ad3e26044b8e2f.yaml b/nuclei-templates/cve-less/plugins/myshopkit-popup-smartbar-slidein-f56eab4e1dba033d85ad3e26044b8e2f.yaml new file mode 100644 index 0000000000..abe51543df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/myshopkit-popup-smartbar-slidein-f56eab4e1dba033d85ad3e26044b8e2f.yaml @@ -0,0 +1,58 @@ +id: myshopkit-popup-smartbar-slidein-f56eab4e1dba033d85ad3e26044b8e2f + +info: + name: > + WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit <= 1.0.9 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bd3e797-5e31-4f54-a28f-2525fb5e367e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/myshopkit-popup-smartbar-slidein/" + google-query: inurl:"/wp-content/plugins/myshopkit-popup-smartbar-slidein/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,myshopkit-popup-smartbar-slidein,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/myshopkit-popup-smartbar-slidein/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "myshopkit-popup-smartbar-slidein" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mystickyelements-3f6feeb32fb2210c6becc1260135473a.yaml b/nuclei-templates/cve-less/plugins/mystickyelements-3f6feeb32fb2210c6becc1260135473a.yaml new file mode 100644 index 0000000000..c152128b19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mystickyelements-3f6feeb32fb2210c6becc1260135473a.yaml @@ -0,0 +1,58 @@ +id: mystickyelements-3f6feeb32fb2210c6becc1260135473a + +info: + name: > + All-in-one Floating Contact Form <= 2.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f4d57e4-1b82-45bb-9824-b7b2eaa73b6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mystickyelements/" + google-query: inurl:"/wp-content/plugins/mystickyelements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mystickyelements,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mystickyelements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mystickyelements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mystickyelements-54afcc25e30c13f6fd81531108a460de.yaml b/nuclei-templates/cve-less/plugins/mystickyelements-54afcc25e30c13f6fd81531108a460de.yaml new file mode 100644 index 0000000000..2e7cad1078 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mystickyelements-54afcc25e30c13f6fd81531108a460de.yaml @@ -0,0 +1,58 @@ +id: mystickyelements-54afcc25e30c13f6fd81531108a460de + +info: + name: > + All-in-one Floating Contact Form <= 2.1.1 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52538617-a1d1-40ed-8321-e39d06869398?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mystickyelements/" + google-query: inurl:"/wp-content/plugins/mystickyelements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mystickyelements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mystickyelements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mystickyelements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mystickyelements-b8cf7f35198731bb7bfb27771c37478a.yaml b/nuclei-templates/cve-less/plugins/mystickyelements-b8cf7f35198731bb7bfb27771c37478a.yaml new file mode 100644 index 0000000000..a07ae3a0e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mystickyelements-b8cf7f35198731bb7bfb27771c37478a.yaml @@ -0,0 +1,58 @@ +id: mystickyelements-b8cf7f35198731bb7bfb27771c37478a + +info: + name: > + All-in-one Floating Contact Form – My Sticky Elements <= 2.1.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4098a47-986c-4b2c-b27a-18ff81da0f58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mystickyelements/" + google-query: inurl:"/wp-content/plugins/mystickyelements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mystickyelements,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mystickyelements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mystickyelements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mystickyelements-fd075b6c9853246b5cc33cafcab17a0c.yaml b/nuclei-templates/cve-less/plugins/mystickyelements-fd075b6c9853246b5cc33cafcab17a0c.yaml new file mode 100644 index 0000000000..b47d2b0982 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mystickyelements-fd075b6c9853246b5cc33cafcab17a0c.yaml @@ -0,0 +1,58 @@ +id: mystickyelements-fd075b6c9853246b5cc33cafcab17a0c + +info: + name: > + My Sticky Elements <= 2.0.8 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b1933a5-48f3-4707-8e3d-824b60ce2635?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mystickyelements/" + google-query: inurl:"/wp-content/plugins/mystickyelements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mystickyelements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mystickyelements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mystickyelements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mystickymenu-06b7c4127350d50d75ab6e5a40c02f95.yaml b/nuclei-templates/cve-less/plugins/mystickymenu-06b7c4127350d50d75ab6e5a40c02f95.yaml new file mode 100644 index 0000000000..3a774b6c73 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mystickymenu-06b7c4127350d50d75ab6e5a40c02f95.yaml @@ -0,0 +1,58 @@ +id: mystickymenu-06b7c4127350d50d75ab6e5a40c02f95 + +info: + name: > + My Sticky Bar <= 2.6.6 - Cross-Site Request Forgery to Sensitive Information Exposure + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be0ab40f-cff7-48bd-8dae-cc50af047151?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mystickymenu/" + google-query: inurl:"/wp-content/plugins/mystickymenu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mystickymenu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mystickymenu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mystickymenu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mystickymenu-49cfc8c3d99725c4ecb38a0e0b05420f.yaml b/nuclei-templates/cve-less/plugins/mystickymenu-49cfc8c3d99725c4ecb38a0e0b05420f.yaml new file mode 100644 index 0000000000..bc3f9ed601 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mystickymenu-49cfc8c3d99725c4ecb38a0e0b05420f.yaml @@ -0,0 +1,58 @@ +id: mystickymenu-49cfc8c3d99725c4ecb38a0e0b05420f + +info: + name: > + myStickymenu <= 2.5.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d432ea5-9ffd-43da-8988-6dd77b907655?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mystickymenu/" + google-query: inurl:"/wp-content/plugins/mystickymenu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mystickymenu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mystickymenu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mystickymenu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mystickymenu-b9ee2994c48a1ce98dffc9faf5d855b8.yaml b/nuclei-templates/cve-less/plugins/mystickymenu-b9ee2994c48a1ce98dffc9faf5d855b8.yaml new file mode 100644 index 0000000000..c09419cc8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mystickymenu-b9ee2994c48a1ce98dffc9faf5d855b8.yaml @@ -0,0 +1,58 @@ +id: mystickymenu-b9ee2994c48a1ce98dffc9faf5d855b8 + +info: + name: > + myStickymenu <= 2.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Lead Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/102bab51-2dc7-4013-8273-21e2ff6cdf79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mystickymenu/" + google-query: inurl:"/wp-content/plugins/mystickymenu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mystickymenu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mystickymenu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mystickymenu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mytreasures-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/mytreasures-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..3df54882f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mytreasures-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: mytreasures-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mytreasures/" + google-query: inurl:"/wp-content/plugins/mytreasures/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mytreasures,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mytreasures/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mytreasures" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/mytube-8753e5a555a2f3121491c204c567f453.yaml b/nuclei-templates/cve-less/plugins/mytube-8753e5a555a2f3121491c204c567f453.yaml new file mode 100644 index 0000000000..b9b130ddbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/mytube-8753e5a555a2f3121491c204c567f453.yaml @@ -0,0 +1,58 @@ +id: mytube-8753e5a555a2f3121491c204c567f453 + +info: + name: > + MyTube PlayList <= 2.0.3 - Reflected Cross-Site Scripting via addplaylistid + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/523cfed4-0422-40f3-8d81-d7862bcb1792?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/mytube/" + google-query: inurl:"/wp-content/plugins/mytube/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,mytube,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/mytube/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mytube" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/n-media-woocommerce-checkout-fields-164dd8ebbb83252d5e62c236087e083c.yaml b/nuclei-templates/cve-less/plugins/n-media-woocommerce-checkout-fields-164dd8ebbb83252d5e62c236087e083c.yaml new file mode 100644 index 0000000000..d5b9bd8826 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/n-media-woocommerce-checkout-fields-164dd8ebbb83252d5e62c236087e083c.yaml @@ -0,0 +1,58 @@ +id: n-media-woocommerce-checkout-fields-164dd8ebbb83252d5e62c236087e083c + +info: + name: > + WooCommerce Checkout Field Manager <= 17.3 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9be94d63-f027-4988-ab41-673658c1fa5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/n-media-woocommerce-checkout-fields/" + google-query: inurl:"/wp-content/plugins/n-media-woocommerce-checkout-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,n-media-woocommerce-checkout-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/n-media-woocommerce-checkout-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "n-media-woocommerce-checkout-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 17.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/n5-uploadform-b56cc1f81e44553ad5837ff3f3a482ce.yaml b/nuclei-templates/cve-less/plugins/n5-uploadform-b56cc1f81e44553ad5837ff3f3a482ce.yaml new file mode 100644 index 0000000000..7600f5eb66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/n5-uploadform-b56cc1f81e44553ad5837ff3f3a482ce.yaml @@ -0,0 +1,58 @@ +id: n5-uploadform-b56cc1f81e44553ad5837ff3f3a482ce + +info: + name: > + N5 Upload Form <= 1.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/121afcc4-754c-4f4b-8b02-9b5a4a248041?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/n5-uploadform/" + google-query: inurl:"/wp-content/plugins/n5-uploadform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,n5-uploadform,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/n5-uploadform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "n5-uploadform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/namaste-lms-03657cd383df53489c98f2c2003d74b0.yaml b/nuclei-templates/cve-less/plugins/namaste-lms-03657cd383df53489c98f2c2003d74b0.yaml new file mode 100644 index 0000000000..84fbe5baee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/namaste-lms-03657cd383df53489c98f2c2003d74b0.yaml @@ -0,0 +1,58 @@ +id: namaste-lms-03657cd383df53489c98f2c2003d74b0 + +info: + name: > + Namaste! LMS <= 2.5.9.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90c1fd9c-eb5c-45fb-b641-75cb3fdad87a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/namaste-lms/" + google-query: inurl:"/wp-content/plugins/namaste-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,namaste-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/namaste-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "namaste-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/namaste-lms-04f146ec33992e5efff05a0bd40f659f.yaml b/nuclei-templates/cve-less/plugins/namaste-lms-04f146ec33992e5efff05a0bd40f659f.yaml new file mode 100644 index 0000000000..e65345c577 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/namaste-lms-04f146ec33992e5efff05a0bd40f659f.yaml @@ -0,0 +1,58 @@ +id: namaste-lms-04f146ec33992e5efff05a0bd40f659f + +info: + name: > + Namaste! LMS <= 2.5.9.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'accept_other_payment_methods', 'other_payment_methods' Parameters + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ef23b03-8452-4730-860c-2c2ef1686202?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/namaste-lms/" + google-query: inurl:"/wp-content/plugins/namaste-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,namaste-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/namaste-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "namaste-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/namaste-lms-243f75a6da65f6edc93ed6a1b9eaec80.yaml b/nuclei-templates/cve-less/plugins/namaste-lms-243f75a6da65f6edc93ed6a1b9eaec80.yaml new file mode 100644 index 0000000000..6799f8a92a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/namaste-lms-243f75a6da65f6edc93ed6a1b9eaec80.yaml @@ -0,0 +1,58 @@ +id: namaste-lms-243f75a6da65f6edc93ed6a1b9eaec80 + +info: + name: > + Namaste! LMS <= 2.5.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5256a249-b355-480d-a532-5931e4dea481?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/namaste-lms/" + google-query: inurl:"/wp-content/plugins/namaste-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,namaste-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/namaste-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "namaste-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/namaste-lms-396a46e2d061c4863ac25c94e4ca15f5.yaml b/nuclei-templates/cve-less/plugins/namaste-lms-396a46e2d061c4863ac25c94e4ca15f5.yaml new file mode 100644 index 0000000000..9f4a1bbc65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/namaste-lms-396a46e2d061c4863ac25c94e4ca15f5.yaml @@ -0,0 +1,58 @@ +id: namaste-lms-396a46e2d061c4863ac25c94e4ca15f5 + +info: + name: > + Namaste! LMS <= 2.6.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d014f512-9030-49ce-945d-4900594fb373?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/namaste-lms/" + google-query: inurl:"/wp-content/plugins/namaste-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,namaste-lms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/namaste-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "namaste-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/name-directory-27463f760012793e1526cf6e69e5e624.yaml b/nuclei-templates/cve-less/plugins/name-directory-27463f760012793e1526cf6e69e5e624.yaml new file mode 100644 index 0000000000..a23d5a4ece --- /dev/null +++ b/nuclei-templates/cve-less/plugins/name-directory-27463f760012793e1526cf6e69e5e624.yaml @@ -0,0 +1,58 @@ +id: name-directory-27463f760012793e1526cf6e69e5e624 + +info: + name: > + Name Directory <= 1.25.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d9077cf-10cc-47cd-aca8-8f2110ccc407?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/name-directory/" + google-query: inurl:"/wp-content/plugins/name-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,name-directory,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/name-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "name-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.25.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/name-directory-6c06bc58e8c431cd39158598c7d3df3c.yaml b/nuclei-templates/cve-less/plugins/name-directory-6c06bc58e8c431cd39158598c7d3df3c.yaml new file mode 100644 index 0000000000..48a91577bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/name-directory-6c06bc58e8c431cd39158598c7d3df3c.yaml @@ -0,0 +1,58 @@ +id: name-directory-6c06bc58e8c431cd39158598c7d3df3c + +info: + name: > + Name Directory <= 1.25.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53ab1f5f-7331-4587-8c37-e9bd86a83ae6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/name-directory/" + google-query: inurl:"/wp-content/plugins/name-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,name-directory,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/name-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "name-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.25.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/name-directory-e5ace19f8910dfb41dd382bdef641807.yaml b/nuclei-templates/cve-less/plugins/name-directory-e5ace19f8910dfb41dd382bdef641807.yaml new file mode 100644 index 0000000000..807697656a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/name-directory-e5ace19f8910dfb41dd382bdef641807.yaml @@ -0,0 +1,58 @@ +id: name-directory-e5ace19f8910dfb41dd382bdef641807 + +info: + name: > + Name Directory <= 1.17.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e18aba51-46a8-4670-8e15-85b12f5d06e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/name-directory/" + google-query: inurl:"/wp-content/plugins/name-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,name-directory,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/name-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "name-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.17.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/name-directory-ecb3bc304462f6f56763ded084ead34f.yaml b/nuclei-templates/cve-less/plugins/name-directory-ecb3bc304462f6f56763ded084ead34f.yaml new file mode 100644 index 0000000000..35e5c70695 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/name-directory-ecb3bc304462f6f56763ded084ead34f.yaml @@ -0,0 +1,58 @@ +id: name-directory-ecb3bc304462f6f56763ded084ead34f + +info: + name: > + Name Directory <= 1.27.1 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9481bd2-a8fa-43b3-bfd2-a9a51f528ebf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/name-directory/" + google-query: inurl:"/wp-content/plugins/name-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,name-directory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/name-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "name-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.27.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/narnoo-distributor-19e99a4dcb048b9a78de389a4596a1c2.yaml b/nuclei-templates/cve-less/plugins/narnoo-distributor-19e99a4dcb048b9a78de389a4596a1c2.yaml new file mode 100644 index 0000000000..fbde8b5039 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/narnoo-distributor-19e99a4dcb048b9a78de389a4596a1c2.yaml @@ -0,0 +1,58 @@ +id: narnoo-distributor-19e99a4dcb048b9a78de389a4596a1c2 + +info: + name: > + Narnoo Distributor <= 2.5.1 - Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc860f44-c8ee-4b32-9702-7214e213790b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/narnoo-distributor/" + google-query: inurl:"/wp-content/plugins/narnoo-distributor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,narnoo-distributor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/narnoo-distributor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "narnoo-distributor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/naver-map-f4ee020375ee3d79fbe799a7df61d461.yaml b/nuclei-templates/cve-less/plugins/naver-map-f4ee020375ee3d79fbe799a7df61d461.yaml new file mode 100644 index 0000000000..42a5d61472 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/naver-map-f4ee020375ee3d79fbe799a7df61d461.yaml @@ -0,0 +1,58 @@ +id: naver-map-f4ee020375ee3d79fbe799a7df61d461 + +info: + name: > + Naver Map <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f05b58a-3cab-4069-ae9e-fec82bb5cd47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/naver-map/" + google-query: inurl:"/wp-content/plugins/naver-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,naver-map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/naver-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "naver-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/navigation-menu-as-dropdown-widget-25e251a3406c9b35d33175212bd58aef.yaml b/nuclei-templates/cve-less/plugins/navigation-menu-as-dropdown-widget-25e251a3406c9b35d33175212bd58aef.yaml new file mode 100644 index 0000000000..35f17b921a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/navigation-menu-as-dropdown-widget-25e251a3406c9b35d33175212bd58aef.yaml @@ -0,0 +1,58 @@ +id: navigation-menu-as-dropdown-widget-25e251a3406c9b35d33175212bd58aef + +info: + name: > + Navigation menu as Dropdown Widget <= 1.3.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36123fad-448e-4fdb-a076-5280b53d9671?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/navigation-menu-as-dropdown-widget/" + google-query: inurl:"/wp-content/plugins/navigation-menu-as-dropdown-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,navigation-menu-as-dropdown-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/navigation-menu-as-dropdown-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "navigation-menu-as-dropdown-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/navis-documentcloud-501b82dc590b97d863184cfb9756e9ee.yaml b/nuclei-templates/cve-less/plugins/navis-documentcloud-501b82dc590b97d863184cfb9756e9ee.yaml new file mode 100644 index 0000000000..0785c45c63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/navis-documentcloud-501b82dc590b97d863184cfb9756e9ee.yaml @@ -0,0 +1,58 @@ +id: navis-documentcloud-501b82dc590b97d863184cfb9756e9ee + +info: + name: > + Navis DocumentCloud < 0.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d6affb6-bbc1-40aa-8633-ba0f06c10fe1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/navis-documentcloud/" + google-query: inurl:"/wp-content/plugins/navis-documentcloud/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,navis-documentcloud,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/navis-documentcloud/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "navis-documentcloud" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/navz-photo-gallery-0668c2487ce2c4fa1850c723426ba86a.yaml b/nuclei-templates/cve-less/plugins/navz-photo-gallery-0668c2487ce2c4fa1850c723426ba86a.yaml new file mode 100644 index 0000000000..ce96486fb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/navz-photo-gallery-0668c2487ce2c4fa1850c723426ba86a.yaml @@ -0,0 +1,58 @@ +id: navz-photo-gallery-0668c2487ce2c4fa1850c723426ba86a + +info: + name: > + ACF Photo Gallery Field <= 1.7.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6c4e102-7a09-4a01-8fa2-40f5f41d45ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/navz-photo-gallery/" + google-query: inurl:"/wp-content/plugins/navz-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,navz-photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/navz-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "navz-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/navz-photo-gallery-54c49ed92754fe9b72ea28cef486ac0b.yaml b/nuclei-templates/cve-less/plugins/navz-photo-gallery-54c49ed92754fe9b72ea28cef486ac0b.yaml new file mode 100644 index 0000000000..0828057d82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/navz-photo-gallery-54c49ed92754fe9b72ea28cef486ac0b.yaml @@ -0,0 +1,58 @@ +id: navz-photo-gallery-54c49ed92754fe9b72ea28cef486ac0b + +info: + name: > + ACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/689511e0-1355-4fcb-8a72-d819abc8e9a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/navz-photo-gallery/" + google-query: inurl:"/wp-content/plugins/navz-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,navz-photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/navz-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "navz-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/navz-photo-gallery-ac40665ad4ef3b69656a095a1b2358ab.yaml b/nuclei-templates/cve-less/plugins/navz-photo-gallery-ac40665ad4ef3b69656a095a1b2358ab.yaml new file mode 100644 index 0000000000..039bd48909 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/navz-photo-gallery-ac40665ad4ef3b69656a095a1b2358ab.yaml @@ -0,0 +1,58 @@ +id: navz-photo-gallery-ac40665ad4ef3b69656a095a1b2358ab + +info: + name: > + ACF Photo Gallery Field <= 2.6 - Missing Authorization in apgf_update_donation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f557ddf1-cee3-498c-87bc-fa81bf574591?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/navz-photo-gallery/" + google-query: inurl:"/wp-content/plugins/navz-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,navz-photo-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/navz-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "navz-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-booking-164126146e9a645f77469a8e4602aa76.yaml b/nuclei-templates/cve-less/plugins/nd-booking-164126146e9a645f77469a8e4602aa76.yaml new file mode 100644 index 0000000000..7745faea30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-booking-164126146e9a645f77469a8e4602aa76.yaml @@ -0,0 +1,58 @@ +id: nd-booking-164126146e9a645f77469a8e4602aa76 + +info: + name: > + Hotel Booking < 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eebc0318-8db3-44b4-ac04-d246db3a10ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-booking/" + google-query: inurl:"/wp-content/plugins/nd-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-booking-f38cba339dfbcce8dc24128ae403c983.yaml b/nuclei-templates/cve-less/plugins/nd-booking-f38cba339dfbcce8dc24128ae403c983.yaml new file mode 100644 index 0000000000..cb0f559b5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-booking-f38cba339dfbcce8dc24128ae403c983.yaml @@ -0,0 +1,58 @@ +id: nd-booking-f38cba339dfbcce8dc24128ae403c983 + +info: + name: > + ND Booking <= 2.4 - Unauthenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b776a8a-b071-4caf-9e67-6f08ace4da2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-booking/" + google-query: inurl:"/wp-content/plugins/nd-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-donations-49fd6b403c3ae46f361045d570a15196.yaml b/nuclei-templates/cve-less/plugins/nd-donations-49fd6b403c3ae46f361045d570a15196.yaml new file mode 100644 index 0000000000..f2af7b5892 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-donations-49fd6b403c3ae46f361045d570a15196.yaml @@ -0,0 +1,58 @@ +id: nd-donations-49fd6b403c3ae46f361045d570a15196 + +info: + name: > + Donations < 1.4 - Unauthenticated Arbitrary Options Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b7ca272-88ac-4002-b4ce-73ad5d0510ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-donations/" + google-query: inurl:"/wp-content/plugins/nd-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-donations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-donations-7af5a8d75570b9733bf6f036d3311f98.yaml b/nuclei-templates/cve-less/plugins/nd-donations-7af5a8d75570b9733bf6f036d3311f98.yaml new file mode 100644 index 0000000000..ba9df5c139 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-donations-7af5a8d75570b9733bf6f036d3311f98.yaml @@ -0,0 +1,58 @@ +id: nd-donations-7af5a8d75570b9733bf6f036d3311f98 + +info: + name: > + Donations <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71df1c9a-b4fa-47c7-93c7-f2cb09fad3ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-donations/" + google-query: inurl:"/wp-content/plugins/nd-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-donations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-donations-a1415a905803c20c67ca5fc03367ae55.yaml b/nuclei-templates/cve-less/plugins/nd-donations-a1415a905803c20c67ca5fc03367ae55.yaml new file mode 100644 index 0000000000..92a37222cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-donations-a1415a905803c20c67ca5fc03367ae55.yaml @@ -0,0 +1,58 @@ +id: nd-donations-a1415a905803c20c67ca5fc03367ae55 + +info: + name: > + Donations <= 1.8 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/601e52b6-36eb-4739-9b04-db779befa899?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-donations/" + google-query: inurl:"/wp-content/plugins/nd-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-donations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-learning-a63938534e67d796e6484c84d1211d1e.yaml b/nuclei-templates/cve-less/plugins/nd-learning-a63938534e67d796e6484c84d1211d1e.yaml new file mode 100644 index 0000000000..49232026c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-learning-a63938534e67d796e6484c84d1211d1e.yaml @@ -0,0 +1,58 @@ +id: nd-learning-a63938534e67d796e6484c84d1211d1e + +info: + name: > + Learning Courses < 5.0 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc9f86f-fd60-48bc-8df0-3b122facb0a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-learning/" + google-query: inurl:"/wp-content/plugins/nd-learning/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-learning,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-learning/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-learning" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-learning-f7e07f423bc8c5880015a851a060fbc6.yaml b/nuclei-templates/cve-less/plugins/nd-learning-f7e07f423bc8c5880015a851a060fbc6.yaml new file mode 100644 index 0000000000..ec0374453d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-learning-f7e07f423bc8c5880015a851a060fbc6.yaml @@ -0,0 +1,58 @@ +id: nd-learning-f7e07f423bc8c5880015a851a060fbc6 + +info: + name: > + ND Learning <= 4.7 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d68841f1-f3f2-45e7-8a4f-d2d65624b617?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-learning/" + google-query: inurl:"/wp-content/plugins/nd-learning/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-learning,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-learning/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-learning" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-projects-2f7ae6b5d7fdabeafa201dc90bcb50c1.yaml b/nuclei-templates/cve-less/plugins/nd-projects-2f7ae6b5d7fdabeafa201dc90bcb50c1.yaml new file mode 100644 index 0000000000..a0f48d696f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-projects-2f7ae6b5d7fdabeafa201dc90bcb50c1.yaml @@ -0,0 +1,58 @@ +id: nd-projects-2f7ae6b5d7fdabeafa201dc90bcb50c1 + +info: + name: > + Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/750be90d-dc12-4974-8921-75259d56c7b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-projects/" + google-query: inurl:"/wp-content/plugins/nd-projects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-projects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-projects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-projects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-projects-a663013695ba225f715bd4ecd0b647ba.yaml b/nuclei-templates/cve-less/plugins/nd-projects-a663013695ba225f715bd4ecd0b647ba.yaml new file mode 100644 index 0000000000..bc1570f179 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-projects-a663013695ba225f715bd4ecd0b647ba.yaml @@ -0,0 +1,58 @@ +id: nd-projects-a663013695ba225f715bd4ecd0b647ba + +info: + name: > + Cost Calculator <= 1.5 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7759d119-503f-4097-83ba-6c469276450d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-projects/" + google-query: inurl:"/wp-content/plugins/nd-projects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-projects,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-projects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-projects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-projects-e82bd49c08eee13d3a8a750e759d2e98.yaml b/nuclei-templates/cve-less/plugins/nd-projects-e82bd49c08eee13d3a8a750e759d2e98.yaml new file mode 100644 index 0000000000..56a035011b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-projects-e82bd49c08eee13d3a8a750e759d2e98.yaml @@ -0,0 +1,58 @@ +id: nd-projects-e82bd49c08eee13d3a8a750e759d2e98 + +info: + name: > + Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5277e25-d923-4553-9371-192d4cf4389a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-projects/" + google-query: inurl:"/wp-content/plugins/nd-projects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-projects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-projects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-projects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-projects-f3802a1bd27cc43cf9c93101d4cbaed4.yaml b/nuclei-templates/cve-less/plugins/nd-projects-f3802a1bd27cc43cf9c93101d4cbaed4.yaml new file mode 100644 index 0000000000..2c950e20f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-projects-f3802a1bd27cc43cf9c93101d4cbaed4.yaml @@ -0,0 +1,58 @@ +id: nd-projects-f3802a1bd27cc43cf9c93101d4cbaed4 + +info: + name: > + Cost Calculator <= 1.8 - Authenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f21139b-75ef-4631-b88d-23eebbdefee0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-projects/" + google-query: inurl:"/wp-content/plugins/nd-projects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-projects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-projects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-projects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-05197d15c6555c370c0aabb516e1a176.yaml b/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-05197d15c6555c370c0aabb516e1a176.yaml new file mode 100644 index 0000000000..cc1e78dd7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-05197d15c6555c370c0aabb516e1a176.yaml @@ -0,0 +1,58 @@ +id: nd-restaurant-reservations-05197d15c6555c370c0aabb516e1a176 + +info: + name: > + ND Restaurant Reservations <= 1.3 - Options Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1aac7677-53f4-4944-9bdc-7e07b09c6c13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-restaurant-reservations/" + google-query: inurl:"/wp-content/plugins/nd-restaurant-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-restaurant-reservations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-restaurant-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-restaurant-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-8665b291868b7068ace3fa9c23d3b9d6.yaml b/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-8665b291868b7068ace3fa9c23d3b9d6.yaml new file mode 100644 index 0000000000..557838b0e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-8665b291868b7068ace3fa9c23d3b9d6.yaml @@ -0,0 +1,58 @@ +id: nd-restaurant-reservations-8665b291868b7068ace3fa9c23d3b9d6 + +info: + name: > + Restaurant Reservations <= 1.9 - Directory Traversal to Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d51db160-c701-426d-890f-73cc4785cad8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-restaurant-reservations/" + google-query: inurl:"/wp-content/plugins/nd-restaurant-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-restaurant-reservations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-restaurant-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-restaurant-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-bb149be73e11ebe0c3b568543b54c91e.yaml b/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-bb149be73e11ebe0c3b568543b54c91e.yaml new file mode 100644 index 0000000000..ddc06339b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-restaurant-reservations-bb149be73e11ebe0c3b568543b54c91e.yaml @@ -0,0 +1,58 @@ +id: nd-restaurant-reservations-bb149be73e11ebe0c3b568543b54c91e + +info: + name: > + Restaurant Reservations <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4fa8aa9-0af8-4202-b219-863bbef8d02c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-restaurant-reservations/" + google-query: inurl:"/wp-content/plugins/nd-restaurant-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-restaurant-reservations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-restaurant-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-restaurant-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-shortcodes-2430a9c1ac485d43602ad90dc9748594.yaml b/nuclei-templates/cve-less/plugins/nd-shortcodes-2430a9c1ac485d43602ad90dc9748594.yaml new file mode 100644 index 0000000000..65a0e1a0d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-shortcodes-2430a9c1ac485d43602ad90dc9748594.yaml @@ -0,0 +1,58 @@ +id: nd-shortcodes-2430a9c1ac485d43602ad90dc9748594 + +info: + name: > + ND Shortcodes <= 5.9.1 - Unauthenticated WordPress Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/657226b4-db55-4859-8f38-65b4ace11f4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-shortcodes/" + google-query: inurl:"/wp-content/plugins/nd-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-shortcodes-bce590a02f073327d2ec7a566a982db1.yaml b/nuclei-templates/cve-less/plugins/nd-shortcodes-bce590a02f073327d2ec7a566a982db1.yaml new file mode 100644 index 0000000000..ddb84d89fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-shortcodes-bce590a02f073327d2ec7a566a982db1.yaml @@ -0,0 +1,58 @@ +id: nd-shortcodes-bce590a02f073327d2ec7a566a982db1 + +info: + name: > + ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b9bd42f-cb24-483a-ae91-add4378067d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-shortcodes/" + google-query: inurl:"/wp-content/plugins/nd-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-shortcodes-fada6798d03eaae704cdbb04f45c1dff.yaml b/nuclei-templates/cve-less/plugins/nd-shortcodes-fada6798d03eaae704cdbb04f45c1dff.yaml new file mode 100644 index 0000000000..9c4bb10b52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-shortcodes-fada6798d03eaae704cdbb04f45c1dff.yaml @@ -0,0 +1,58 @@ +id: nd-shortcodes-fada6798d03eaae704cdbb04f45c1dff + +info: + name: > + ND Shortcodes <= 6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d92687e-cdf2-4dd2-b984-eaf9f0a56625?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-shortcodes/" + google-query: inurl:"/wp-content/plugins/nd-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-travel-c5fdeee544445401f76739cfd131940a.yaml b/nuclei-templates/cve-less/plugins/nd-travel-c5fdeee544445401f76739cfd131940a.yaml new file mode 100644 index 0000000000..6e2b18a33f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-travel-c5fdeee544445401f76739cfd131940a.yaml @@ -0,0 +1,58 @@ +id: nd-travel-c5fdeee544445401f76739cfd131940a + +info: + name: > + Travel Management <= 1.6.1 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af0eae51-fb94-4e2e-a9a6-8ba323bb3314?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-travel/" + google-query: inurl:"/wp-content/plugins/nd-travel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-travel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-travel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-travel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nd-travel-c95f7d5b525da0435460cefad8d11b57.yaml b/nuclei-templates/cve-less/plugins/nd-travel-c95f7d5b525da0435460cefad8d11b57.yaml new file mode 100644 index 0000000000..d346b530a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nd-travel-c95f7d5b525da0435460cefad8d11b57.yaml @@ -0,0 +1,58 @@ +id: nd-travel-c95f7d5b525da0435460cefad8d11b57 + +info: + name: > + Travel Management <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4b89902-5616-443f-b67d-bf3330308ef9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nd-travel/" + google-query: inurl:"/wp-content/plugins/nd-travel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nd-travel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nd-travel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nd-travel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nelio-ab-testing-8f146e0beab27034b7dee531d37f0fa1.yaml b/nuclei-templates/cve-less/plugins/nelio-ab-testing-8f146e0beab27034b7dee531d37f0fa1.yaml new file mode 100644 index 0000000000..37d6389570 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nelio-ab-testing-8f146e0beab27034b7dee531d37f0fa1.yaml @@ -0,0 +1,58 @@ +id: nelio-ab-testing-8f146e0beab27034b7dee531d37f0fa1 + +info: + name: > + Nelio AB Testing < 4.5.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a65e820d-afb7-4e1c-b690-5948447af59a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nelio-ab-testing/" + google-query: inurl:"/wp-content/plugins/nelio-ab-testing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nelio-ab-testing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nelio-ab-testing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nelio-ab-testing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nelio-ab-testing-95c205c5aad798b5c2c90ddd330acabe.yaml b/nuclei-templates/cve-less/plugins/nelio-ab-testing-95c205c5aad798b5c2c90ddd330acabe.yaml new file mode 100644 index 0000000000..8c0aa924cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nelio-ab-testing-95c205c5aad798b5c2c90ddd330acabe.yaml @@ -0,0 +1,58 @@ +id: nelio-ab-testing-95c205c5aad798b5c2c90ddd330acabe + +info: + name: > + Nelio AB Testing < 4.5.9 - Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b806e11-57ad-4976-9ece-419ad6581cc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nelio-ab-testing/" + google-query: inurl:"/wp-content/plugins/nelio-ab-testing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nelio-ab-testing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nelio-ab-testing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nelio-ab-testing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nelio-ab-testing-a591950f40f9d0373366c6581aa5c23f.yaml b/nuclei-templates/cve-less/plugins/nelio-ab-testing-a591950f40f9d0373366c6581aa5c23f.yaml new file mode 100644 index 0000000000..ccf1ca54ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nelio-ab-testing-a591950f40f9d0373366c6581aa5c23f.yaml @@ -0,0 +1,58 @@ +id: nelio-ab-testing-a591950f40f9d0373366c6581aa5c23f + +info: + name: > + Nelio AB Testing < 4.6.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28333161-9c76-4108-9256-9ffa91eaf818?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nelio-ab-testing/" + google-query: inurl:"/wp-content/plugins/nelio-ab-testing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nelio-ab-testing,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nelio-ab-testing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nelio-ab-testing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nelio-ab-testing-aa0f13dbdb6bd3444462a2203b7bb2ad.yaml b/nuclei-templates/cve-less/plugins/nelio-ab-testing-aa0f13dbdb6bd3444462a2203b7bb2ad.yaml new file mode 100644 index 0000000000..3cc969333e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nelio-ab-testing-aa0f13dbdb6bd3444462a2203b7bb2ad.yaml @@ -0,0 +1,58 @@ +id: nelio-ab-testing-aa0f13dbdb6bd3444462a2203b7bb2ad + +info: + name: > + Nelio AB Testing < 4.5.11 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6077a093-b2ec-4491-a4a7-d70b2858d772?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nelio-ab-testing/" + google-query: inurl:"/wp-content/plugins/nelio-ab-testing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nelio-ab-testing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nelio-ab-testing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nelio-ab-testing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nelio-content-ca8f431f36e53f60c13e3a9b6d7eff7f.yaml b/nuclei-templates/cve-less/plugins/nelio-content-ca8f431f36e53f60c13e3a9b6d7eff7f.yaml new file mode 100644 index 0000000000..20f645b1fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nelio-content-ca8f431f36e53f60c13e3a9b6d7eff7f.yaml @@ -0,0 +1,58 @@ +id: nelio-content-ca8f431f36e53f60c13e3a9b6d7eff7f + +info: + name: > + Nelio Content <= 3.2.0 - Authenticated (Contributor+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/150d9d64-6f7f-4646-b03f-dbc63fd0e791?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nelio-content/" + google-query: inurl:"/wp-content/plugins/nelio-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nelio-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nelio-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nelio-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/neon-text-f3d8bdcc3c7e14d05b34d12f8fc7e52b.yaml b/nuclei-templates/cve-less/plugins/neon-text-f3d8bdcc3c7e14d05b34d12f8fc7e52b.yaml new file mode 100644 index 0000000000..c76d4eda25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/neon-text-f3d8bdcc3c7e14d05b34d12f8fc7e52b.yaml @@ -0,0 +1,58 @@ +id: neon-text-f3d8bdcc3c7e14d05b34d12f8fc7e52b + +info: + name: > + Neon text <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9998485-e272-48fc-b2f1-9e30158d0d16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/neon-text/" + google-query: inurl:"/wp-content/plugins/neon-text/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,neon-text,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/neon-text/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "neon-text" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/neshan-maps-17731af892dc35dbe7d98abcc5958a1a.yaml b/nuclei-templates/cve-less/plugins/neshan-maps-17731af892dc35dbe7d98abcc5958a1a.yaml new file mode 100644 index 0000000000..7df893e965 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/neshan-maps-17731af892dc35dbe7d98abcc5958a1a.yaml @@ -0,0 +1,58 @@ +id: neshan-maps-17731af892dc35dbe7d98abcc5958a1a + +info: + name: > + Neshan Maps <= 1.1.4 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee7eb754-27f0-47b0-a82f-4781cfbb0fa6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/neshan-maps/" + google-query: inurl:"/wp-content/plugins/neshan-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,neshan-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/neshan-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "neshan-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/netgsm-7d6fe2c9df245e2b7ef32caaf5683478.yaml b/nuclei-templates/cve-less/plugins/netgsm-7d6fe2c9df245e2b7ef32caaf5683478.yaml new file mode 100644 index 0000000000..7fe52d8513 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/netgsm-7d6fe2c9df245e2b7ef32caaf5683478.yaml @@ -0,0 +1,58 @@ +id: netgsm-7d6fe2c9df245e2b7ef32caaf5683478 + +info: + name: > + Netgsm <= 2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3b07f91-c96a-49a5-8ffc-90f34d93aa91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/netgsm/" + google-query: inurl:"/wp-content/plugins/netgsm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,netgsm,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/netgsm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "netgsm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/netreviews-569c4e32e955a5a711d57f73a7ff1bf2.yaml b/nuclei-templates/cve-less/plugins/netreviews-569c4e32e955a5a711d57f73a7ff1bf2.yaml new file mode 100644 index 0000000000..8ac1ee4507 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/netreviews-569c4e32e955a5a711d57f73a7ff1bf2.yaml @@ -0,0 +1,58 @@ +id: netreviews-569c4e32e955a5a711d57f73a7ff1bf2 + +info: + name: > + Verified Reviews (Avis Vérifiés) <= 2.3.14 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3044dbfc-e12d-47e0-a297-67ff0510eded?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/netreviews/" + google-query: inurl:"/wp-content/plugins/netreviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,netreviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/netreviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "netreviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/network-summary-2122a84f28fdfefbdc58444f837b4996.yaml b/nuclei-templates/cve-less/plugins/network-summary-2122a84f28fdfefbdc58444f837b4996.yaml new file mode 100644 index 0000000000..97ed3d3ac9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/network-summary-2122a84f28fdfefbdc58444f837b4996.yaml @@ -0,0 +1,58 @@ +id: network-summary-2122a84f28fdfefbdc58444f837b4996 + +info: + name: > + Network Summary <= 2.0.11 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3320c182-b1f9-4e06-92ea-0fa670557dd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/network-summary/" + google-query: inurl:"/wp-content/plugins/network-summary/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,network-summary,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/network-summary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "network-summary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/neuvoo-jobroll-1188e531905e3639c772d49bab35e621.yaml b/nuclei-templates/cve-less/plugins/neuvoo-jobroll-1188e531905e3639c772d49bab35e621.yaml new file mode 100644 index 0000000000..81f0b12d00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/neuvoo-jobroll-1188e531905e3639c772d49bab35e621.yaml @@ -0,0 +1,58 @@ +id: neuvoo-jobroll-1188e531905e3639c772d49bab35e621 + +info: + name: > + Neuvoo Jobroll <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b8a0cf1-2be7-4d57-8ef6-137035ceb422?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/neuvoo-jobroll/" + google-query: inurl:"/wp-content/plugins/neuvoo-jobroll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,neuvoo-jobroll,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/neuvoo-jobroll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "neuvoo-jobroll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/neuvoo-jobroll-75a76987b60af6fa885fc4c0dfc6ee8a.yaml b/nuclei-templates/cve-less/plugins/neuvoo-jobroll-75a76987b60af6fa885fc4c0dfc6ee8a.yaml new file mode 100644 index 0000000000..21b31e5314 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/neuvoo-jobroll-75a76987b60af6fa885fc4c0dfc6ee8a.yaml @@ -0,0 +1,58 @@ +id: neuvoo-jobroll-75a76987b60af6fa885fc4c0dfc6ee8a + +info: + name: > + Neuvoo Jobroll <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9412cb1-54b5-4544-8571-0a1185e7f456?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/neuvoo-jobroll/" + google-query: inurl:"/wp-content/plugins/neuvoo-jobroll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,neuvoo-jobroll,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/neuvoo-jobroll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "neuvoo-jobroll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-adman-b19e098eab2b720f4c9c456bb0f876fa.yaml b/nuclei-templates/cve-less/plugins/new-adman-b19e098eab2b720f4c9c456bb0f876fa.yaml new file mode 100644 index 0000000000..dd33c8de74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-adman-b19e098eab2b720f4c9c456bb0f876fa.yaml @@ -0,0 +1,58 @@ +id: new-adman-b19e098eab2b720f4c9c456bb0f876fa + +info: + name: > + New Adman <= 1.6.8 - Cross-Site Request Forgery via plugin_menu + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b140d228-cd74-4d78-8b9d-9a69e5a89bfb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-adman/" + google-query: inurl:"/wp-content/plugins/new-adman/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-adman,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-adman/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-adman" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-adman-bf579b9a08de0f44c24def81bc3a2891.yaml b/nuclei-templates/cve-less/plugins/new-adman-bf579b9a08de0f44c24def81bc3a2891.yaml new file mode 100644 index 0000000000..be1516748f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-adman-bf579b9a08de0f44c24def81bc3a2891.yaml @@ -0,0 +1,58 @@ +id: new-adman-bf579b9a08de0f44c24def81bc3a2891 + +info: + name: > + New Adman <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d862e8e6-ecf6-41f5-8f40-1225ecec7e1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-adman/" + google-query: inurl:"/wp-content/plugins/new-adman/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-adman,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-adman/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-adman" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-album-gallery-bccc52eaf67f0c2e9578dcf9fea0c991.yaml b/nuclei-templates/cve-less/plugins/new-album-gallery-bccc52eaf67f0c2e9578dcf9fea0c991.yaml new file mode 100644 index 0000000000..fa5853cf31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-album-gallery-bccc52eaf67f0c2e9578dcf9fea0c991.yaml @@ -0,0 +1,58 @@ +id: new-album-gallery-bccc52eaf67f0c2e9578dcf9fea0c991 + +info: + name: > + Album Gallery – WordPress Gallery <= 1.4.9 - Cross-Site Request Forgery via album-gallery-column-settings.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f3df75e-cf2f-4076-b5ff-b8540408044a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-album-gallery/" + google-query: inurl:"/wp-content/plugins/new-album-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-album-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-album-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-album-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-grid-gallery-b56d867b606b433de9a6f7e49a5d4259.yaml b/nuclei-templates/cve-less/plugins/new-grid-gallery-b56d867b606b433de9a6f7e49a5d4259.yaml new file mode 100644 index 0000000000..e497329c67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-grid-gallery-b56d867b606b433de9a6f7e49a5d4259.yaml @@ -0,0 +1,58 @@ +id: new-grid-gallery-b56d867b606b433de9a6f7e49a5d4259 + +info: + name: > + Grid Gallery – Photo Image Grid Gallery <= 1.4.3 - Authenticated(Contributor+) PHP Object Injection via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39f5777b-38b0-4fc6-909d-61eaa1de6173?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-grid-gallery/" + google-query: inurl:"/wp-content/plugins/new-grid-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-grid-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-grid-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-grid-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-grid-gallery-be71c57d44785349cf4b236716cff6b0.yaml b/nuclei-templates/cve-less/plugins/new-grid-gallery-be71c57d44785349cf4b236716cff6b0.yaml new file mode 100644 index 0000000000..aeddbb8958 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-grid-gallery-be71c57d44785349cf4b236716cff6b0.yaml @@ -0,0 +1,58 @@ +id: new-grid-gallery-be71c57d44785349cf4b236716cff6b0 + +info: + name: > + Grid Gallery – Photo Image Grid Gallery <= 1.2.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db7903ef-f4e5-452b-b88a-a3933ced833f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-grid-gallery/" + google-query: inurl:"/wp-content/plugins/new-grid-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-grid-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-grid-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-grid-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-order-notification-for-woocommerce-0732f852b649541967c753671f29b37b.yaml b/nuclei-templates/cve-less/plugins/new-order-notification-for-woocommerce-0732f852b649541967c753671f29b37b.yaml new file mode 100644 index 0000000000..6678d50c75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-order-notification-for-woocommerce-0732f852b649541967c753671f29b37b.yaml @@ -0,0 +1,58 @@ +id: new-order-notification-for-woocommerce-0732f852b649541967c753671f29b37b + +info: + name: > + New Order Notification for Woocommerce <= 2.0.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88c85270-d464-4f20-84e5-80f63e7c73e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-order-notification-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/new-order-notification-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-order-notification-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-order-notification-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-order-notification-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-photo-gallery-1064e143eb72cf1f7f6e0379aeb06d2d.yaml b/nuclei-templates/cve-less/plugins/new-photo-gallery-1064e143eb72cf1f7f6e0379aeb06d2d.yaml new file mode 100644 index 0000000000..fed1a1d112 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-photo-gallery-1064e143eb72cf1f7f6e0379aeb06d2d.yaml @@ -0,0 +1,58 @@ +id: new-photo-gallery-1064e143eb72cf1f7f6e0379aeb06d2d + +info: + name: > + Photo Gallery <= 1.4.1 - Authenticated(Contributor+) PHP Object Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14894c36-f657-4368-bc7f-60121ec08c13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-photo-gallery/" + google-query: inurl:"/wp-content/plugins/new-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-royalslider-0111982febae7056a14e209747a4d7f0.yaml b/nuclei-templates/cve-less/plugins/new-royalslider-0111982febae7056a14e209747a4d7f0.yaml new file mode 100644 index 0000000000..8b0b549764 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-royalslider-0111982febae7056a14e209747a4d7f0.yaml @@ -0,0 +1,58 @@ +id: new-royalslider-0111982febae7056a14e209747a4d7f0 + +info: + name: > + RoyalSlider <= 3.4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60116e60-ebf3-4f32-b536-52ce2a9672df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-royalslider/" + google-query: inurl:"/wp-content/plugins/new-royalslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-royalslider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-royalslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-royalslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-user-approve-0e6d3f2d08066d7cff85e87321056d7c.yaml b/nuclei-templates/cve-less/plugins/new-user-approve-0e6d3f2d08066d7cff85e87321056d7c.yaml new file mode 100644 index 0000000000..fe07e26afe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-user-approve-0e6d3f2d08066d7cff85e87321056d7c.yaml @@ -0,0 +1,58 @@ +id: new-user-approve-0e6d3f2d08066d7cff85e87321056d7c + +info: + name: > + New User Approve <= 2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e6365ab-30c5-4bec-a5f3-b0812ae8a609?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-user-approve/" + google-query: inurl:"/wp-content/plugins/new-user-approve/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-user-approve,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-user-approve/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-user-approve" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-user-approve-26505cfee39309a781056291e8398c4a.yaml b/nuclei-templates/cve-less/plugins/new-user-approve-26505cfee39309a781056291e8398c4a.yaml new file mode 100644 index 0000000000..51d12922f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-user-approve-26505cfee39309a781056291e8398c4a.yaml @@ -0,0 +1,58 @@ +id: new-user-approve-26505cfee39309a781056291e8398c4a + +info: + name: > + New User Approve <= 2.5.1 - Cross-Site Request Forgery via admin_notices + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3abde27c-8234-4146-9e55-ea20b275ca48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-user-approve/" + google-query: inurl:"/wp-content/plugins/new-user-approve/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-user-approve,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-user-approve/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-user-approve" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-user-email-set-up-2d0401b900eef6498675d312d5732e7a.yaml b/nuclei-templates/cve-less/plugins/new-user-email-set-up-2d0401b900eef6498675d312d5732e7a.yaml new file mode 100644 index 0000000000..9e0abe3da8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-user-email-set-up-2d0401b900eef6498675d312d5732e7a.yaml @@ -0,0 +1,58 @@ +id: new-user-email-set-up-2d0401b900eef6498675d312d5732e7a + +info: + name: > + New User Email Set Up <= 0.5.2 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c50568c-c0ec-43f9-bf06-7347f9cfc662?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-user-email-set-up/" + google-query: inurl:"/wp-content/plugins/new-user-email-set-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-user-email-set-up,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-user-email-set-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-user-email-set-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-video-gallery-278430bfff21cdcd8521969c19275f0f.yaml b/nuclei-templates/cve-less/plugins/new-video-gallery-278430bfff21cdcd8521969c19275f0f.yaml new file mode 100644 index 0000000000..1e16a3fce1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-video-gallery-278430bfff21cdcd8521969c19275f0f.yaml @@ -0,0 +1,58 @@ +id: new-video-gallery-278430bfff21cdcd8521969c19275f0f + +info: + name: > + Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery <= 1.5.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8b8391-8d18-49ad-a5ee-2ba7a9090e6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-video-gallery/" + google-query: inurl:"/wp-content/plugins/new-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-video-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/new-year-firework-691d3fdf23c3a77219e053d123bb9c11.yaml b/nuclei-templates/cve-less/plugins/new-year-firework-691d3fdf23c3a77219e053d123bb9c11.yaml new file mode 100644 index 0000000000..4cd1ae7e36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/new-year-firework-691d3fdf23c3a77219e053d123bb9c11.yaml @@ -0,0 +1,58 @@ +id: new-year-firework-691d3fdf23c3a77219e053d123bb9c11 + +info: + name: > + New Year Firework <= 1.1.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22b33944-443e-48fe-9fd0-4d48fe03072b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/new-year-firework/" + google-query: inurl:"/wp-content/plugins/new-year-firework/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,new-year-firework,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/new-year-firework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "new-year-firework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/news-announcement-scroll-433814dea51a33a792f1c14558ec0d69.yaml b/nuclei-templates/cve-less/plugins/news-announcement-scroll-433814dea51a33a792f1c14558ec0d69.yaml new file mode 100644 index 0000000000..a5dd475bec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/news-announcement-scroll-433814dea51a33a792f1c14558ec0d69.yaml @@ -0,0 +1,58 @@ +id: news-announcement-scroll-433814dea51a33a792f1c14558ec0d69 + +info: + name: > + News Announcement Scroll <= 9.0.0 - Authenticated (Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b29113d6-7a9a-4e10-a446-147ec146ac93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/news-announcement-scroll/" + google-query: inurl:"/wp-content/plugins/news-announcement-scroll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,news-announcement-scroll,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/news-announcement-scroll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "news-announcement-scroll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/news-announcement-scroll-6c5199d39eb82de60e28b6acd63ef12d.yaml b/nuclei-templates/cve-less/plugins/news-announcement-scroll-6c5199d39eb82de60e28b6acd63ef12d.yaml new file mode 100644 index 0000000000..e1eeacbc5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/news-announcement-scroll-6c5199d39eb82de60e28b6acd63ef12d.yaml @@ -0,0 +1,58 @@ +id: news-announcement-scroll-6c5199d39eb82de60e28b6acd63ef12d + +info: + name: > + News Announcement Scroll <= 8.8.8 - Authenticated (Admininstrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b192d5d5-3bb9-4600-849e-2bb3c06009af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/news-announcement-scroll/" + google-query: inurl:"/wp-content/plugins/news-announcement-scroll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,news-announcement-scroll,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/news-announcement-scroll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "news-announcement-scroll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/news-wall-1a779beb118a344123814c7da3a92427.yaml b/nuclei-templates/cve-less/plugins/news-wall-1a779beb118a344123814c7da3a92427.yaml new file mode 100644 index 0000000000..48539d2e4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/news-wall-1a779beb118a344123814c7da3a92427.yaml @@ -0,0 +1,58 @@ +id: news-wall-1a779beb118a344123814c7da3a92427 + +info: + name: > + News Wall <= 1.1.0 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37331460-4585-4946-9256-64fdb8f02a6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/news-wall/" + google-query: inurl:"/wp-content/plugins/news-wall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,news-wall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/news-wall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "news-wall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-36e06ea858a68708b1aaf6b3c07ed8c6.yaml b/nuclei-templates/cve-less/plugins/newsletter-36e06ea858a68708b1aaf6b3c07ed8c6.yaml new file mode 100644 index 0000000000..92892f293c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-36e06ea858a68708b1aaf6b3c07ed8c6.yaml @@ -0,0 +1,58 @@ +id: newsletter-36e06ea858a68708b1aaf6b3c07ed8c6 + +info: + name: > + Newsletter <= 8.0.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54bdcae1-28af-4d30-9204-e67b27271042?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter/" + google-query: inurl:"/wp-content/plugins/newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-89837280a63d6f202a5c4d44cb2bc250.yaml b/nuclei-templates/cve-less/plugins/newsletter-89837280a63d6f202a5c4d44cb2bc250.yaml new file mode 100644 index 0000000000..17f00f3981 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-89837280a63d6f202a5c4d44cb2bc250.yaml @@ -0,0 +1,58 @@ +id: newsletter-89837280a63d6f202a5c4d44cb2bc250 + +info: + name: > + Newsletter – Send awesome emails from WordPress <= 7.4.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e136ab52-a193-430b-b2b2-d7640d009c99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter/" + google-query: inurl:"/wp-content/plugins/newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-8fcdb0b13a5576b5ff2b34a21c31cbb9.yaml b/nuclei-templates/cve-less/plugins/newsletter-8fcdb0b13a5576b5ff2b34a21c31cbb9.yaml new file mode 100644 index 0000000000..ddeaeb797f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-8fcdb0b13a5576b5ff2b34a21c31cbb9.yaml @@ -0,0 +1,58 @@ +id: newsletter-8fcdb0b13a5576b5ff2b34a21c31cbb9 + +info: + name: > + Newsletter <= 7.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87da5300-1add-44fc-a3e0-e8912f946c84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter/" + google-query: inurl:"/wp-content/plugins/newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-981beced4302bc1ed44f59f5bbd895e2.yaml b/nuclei-templates/cve-less/plugins/newsletter-981beced4302bc1ed44f59f5bbd895e2.yaml new file mode 100644 index 0000000000..5c3724aa05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-981beced4302bc1ed44f59f5bbd895e2.yaml @@ -0,0 +1,58 @@ +id: newsletter-981beced4302bc1ed44f59f5bbd895e2 + +info: + name: > + Newsletter <= 7.4.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a27cfa5a-e02a-4c92-8503-2c7cd32fb1f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter/" + google-query: inurl:"/wp-content/plugins/newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-a0918f22ac918ae4fe62db47bcca205c.yaml b/nuclei-templates/cve-less/plugins/newsletter-a0918f22ac918ae4fe62db47bcca205c.yaml new file mode 100644 index 0000000000..fa3096120b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-a0918f22ac918ae4fe62db47bcca205c.yaml @@ -0,0 +1,58 @@ +id: newsletter-a0918f22ac918ae4fe62db47bcca205c + +info: + name: > + Newsletter <= 6.8.1 - Authenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d684efcd-74fa-4b0c-b8dd-9674a2748fc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter/" + google-query: inurl:"/wp-content/plugins/newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-bulk-email-72d17698c8eeb0073ce356c8f5c5e968.yaml b/nuclei-templates/cve-less/plugins/newsletter-bulk-email-72d17698c8eeb0073ce356c8f5c5e968.yaml new file mode 100644 index 0000000000..0dec3a5e6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-bulk-email-72d17698c8eeb0073ce356c8f5c5e968.yaml @@ -0,0 +1,58 @@ +id: newsletter-bulk-email-72d17698c8eeb0073ce356c8f5c5e968 + +info: + name: > + Newsletter & Bulk Email Sender <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7c19095-3c21-440f-aa28-0117aea29d97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter-bulk-email/" + google-query: inurl:"/wp-content/plugins/newsletter-bulk-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter-bulk-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter-bulk-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter-bulk-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-by-supsystic-62fd42906a2acfa6303c130d21470bd3.yaml b/nuclei-templates/cve-less/plugins/newsletter-by-supsystic-62fd42906a2acfa6303c130d21470bd3.yaml new file mode 100644 index 0000000000..aa6037335e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-by-supsystic-62fd42906a2acfa6303c130d21470bd3.yaml @@ -0,0 +1,58 @@ +id: newsletter-by-supsystic-62fd42906a2acfa6303c130d21470bd3 + +info: + name: > + Newsletter by Supsystic < 1.1.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc9dcd42-bec1-4323-b5bf-6c0518ae546d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter-by-supsystic/" + google-query: inurl:"/wp-content/plugins/newsletter-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-c834c5e1d5d5c36b9532f258717d77bb.yaml b/nuclei-templates/cve-less/plugins/newsletter-c834c5e1d5d5c36b9532f258717d77bb.yaml new file mode 100644 index 0000000000..dea3d21fe0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-c834c5e1d5d5c36b9532f258717d77bb.yaml @@ -0,0 +1,58 @@ +id: newsletter-c834c5e1d5d5c36b9532f258717d77bb + +info: + name: > + Newsletter <= 6.8.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95dc0d79-b65a-4bfb-89c0-569bf26232df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter/" + google-query: inurl:"/wp-content/plugins/newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-e5ab2a90d77e5b6e1a1c85bcd4411c15.yaml b/nuclei-templates/cve-less/plugins/newsletter-e5ab2a90d77e5b6e1a1c85bcd4411c15.yaml new file mode 100644 index 0000000000..2ce9033728 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-e5ab2a90d77e5b6e1a1c85bcd4411c15.yaml @@ -0,0 +1,58 @@ +id: newsletter-e5ab2a90d77e5b6e1a1c85bcd4411c15 + +info: + name: > + Newsletter <= 7.6.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa49346c-726e-41f9-8a74-adaa4a8fa5d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter/" + google-query: inurl:"/wp-content/plugins/newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-f4e01d148cb4faf1d4deb03b8e76c31d.yaml b/nuclei-templates/cve-less/plugins/newsletter-f4e01d148cb4faf1d4deb03b8e76c31d.yaml new file mode 100644 index 0000000000..61a6d73749 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-f4e01d148cb4faf1d4deb03b8e76c31d.yaml @@ -0,0 +1,58 @@ +id: newsletter-f4e01d148cb4faf1d4deb03b8e76c31d + +info: + name: > + Newsletter <= 8.2.0 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/165a3c28-ea89-44bd-9de0-38d931f98de2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter/" + google-query: inurl:"/wp-content/plugins/newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-manager-1047bbd2b8a122544a7afe7bee9dd9ef.yaml b/nuclei-templates/cve-less/plugins/newsletter-manager-1047bbd2b8a122544a7afe7bee9dd9ef.yaml new file mode 100644 index 0000000000..4928551ae3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-manager-1047bbd2b8a122544a7afe7bee9dd9ef.yaml @@ -0,0 +1,58 @@ +id: newsletter-manager-1047bbd2b8a122544a7afe7bee9dd9ef + +info: + name: > + Newsletter Manager <= 1.5.1 - Insecure Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfd8c4d-d48b-468d-a7d5-1ec05b068f79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter-manager/" + google-query: inurl:"/wp-content/plugins/newsletter-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-manager-437f867caa3099fbc234387a5d6249e0.yaml b/nuclei-templates/cve-less/plugins/newsletter-manager-437f867caa3099fbc234387a5d6249e0.yaml new file mode 100644 index 0000000000..5a21036202 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-manager-437f867caa3099fbc234387a5d6249e0.yaml @@ -0,0 +1,58 @@ +id: newsletter-manager-437f867caa3099fbc234387a5d6249e0 + +info: + name: > + Newsletter Manager < 1.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e1833e-31de-418b-bbd3-d41daa3ac9d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter-manager/" + google-query: inurl:"/wp-content/plugins/newsletter-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-manager-4fecc14512bd412ef7b458d7c2feb79a.yaml b/nuclei-templates/cve-less/plugins/newsletter-manager-4fecc14512bd412ef7b458d7c2feb79a.yaml new file mode 100644 index 0000000000..df107fcbe7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-manager-4fecc14512bd412ef7b458d7c2feb79a.yaml @@ -0,0 +1,58 @@ +id: newsletter-manager-4fecc14512bd412ef7b458d7c2feb79a + +info: + name: > + Newsletter Manager < 1.0.2 - Cross-Site Scripting via test_mail.php + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/919a2a4a-061e-4206-84b2-7b43b1276fa0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter-manager/" + google-query: inurl:"/wp-content/plugins/newsletter-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-manager-ce05b3ae1fa8a55fc1f1267b8e05c4cc.yaml b/nuclei-templates/cve-less/plugins/newsletter-manager-ce05b3ae1fa8a55fc1f1267b8e05c4cc.yaml new file mode 100644 index 0000000000..6acad7ca04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-manager-ce05b3ae1fa8a55fc1f1267b8e05c4cc.yaml @@ -0,0 +1,58 @@ +id: newsletter-manager-ce05b3ae1fa8a55fc1f1267b8e05c4cc + +info: + name: > + Newsletter Manager < 1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d39a73dd-5d62-43cc-af36-6bdf85dec3f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter-manager/" + google-query: inurl:"/wp-content/plugins/newsletter-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-optin-box-4e7b5734b71634dd9bb48b370cdad8aa.yaml b/nuclei-templates/cve-less/plugins/newsletter-optin-box-4e7b5734b71634dd9bb48b370cdad8aa.yaml new file mode 100644 index 0000000000..df2a73c4e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-optin-box-4e7b5734b71634dd9bb48b370cdad8aa.yaml @@ -0,0 +1,58 @@ +id: newsletter-optin-box-4e7b5734b71634dd9bb48b370cdad8aa + +info: + name: > + WordPress Newsletter Plugin – Noptin < 1.6.5 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5372890-72d4-482d-a7f2-04a50520c4dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter-optin-box/" + google-query: inurl:"/wp-content/plugins/newsletter-optin-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter-optin-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter-optin-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter-optin-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-optin-box-51e92ff25e71a7c2e17f5c127452f585.yaml b/nuclei-templates/cve-less/plugins/newsletter-optin-box-51e92ff25e71a7c2e17f5c127452f585.yaml new file mode 100644 index 0000000000..2f12c73baf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-optin-box-51e92ff25e71a7c2e17f5c127452f585.yaml @@ -0,0 +1,58 @@ +id: newsletter-optin-box-51e92ff25e71a7c2e17f5c127452f585 + +info: + name: > + Simple Newsletter Plugin – Noptin <= 1.10.3 - Unauthenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a1de2d6-d4a0-4770-be38-9bd09b2243b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter-optin-box/" + google-query: inurl:"/wp-content/plugins/newsletter-optin-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter-optin-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter-optin-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter-optin-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-popup-0fb02df24aa43363dc0b388137db084d.yaml b/nuclei-templates/cve-less/plugins/newsletter-popup-0fb02df24aa43363dc0b388137db084d.yaml new file mode 100644 index 0000000000..011ea80eb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-popup-0fb02df24aa43363dc0b388137db084d.yaml @@ -0,0 +1,58 @@ +id: newsletter-popup-0fb02df24aa43363dc0b388137db084d + +info: + name: > + Newsletter Popup <= 1.2 - Unauthenticted Stored Cross-Site Scripting via 'nl_data' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b5d64b8-c339-4bbc-b91e-4805428f7296?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter-popup/" + google-query: inurl:"/wp-content/plugins/newsletter-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter-popup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter-popup-c0ffd5d28b53a7790d15e70d69428d0e.yaml b/nuclei-templates/cve-less/plugins/newsletter-popup-c0ffd5d28b53a7790d15e70d69428d0e.yaml new file mode 100644 index 0000000000..cc3561b225 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter-popup-c0ffd5d28b53a7790d15e70d69428d0e.yaml @@ -0,0 +1,58 @@ +id: newsletter-popup-c0ffd5d28b53a7790d15e70d69428d0e + +info: + name: > + Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Record Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/274429f7-1cd1-49e4-a145-dce36bebb9c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter-popup/" + google-query: inurl:"/wp-content/plugins/newsletter-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter-popup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletter2go-d7690abd96f47b63d2e6b2b27468ddeb.yaml b/nuclei-templates/cve-less/plugins/newsletter2go-d7690abd96f47b63d2e6b2b27468ddeb.yaml new file mode 100644 index 0000000000..3e2cf68225 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletter2go-d7690abd96f47b63d2e6b2b27468ddeb.yaml @@ -0,0 +1,58 @@ +id: newsletter2go-d7690abd96f47b63d2e6b2b27468ddeb + +info: + name: > + Newsletter2Go <= 4.0.13 - Authenticated(Subscriber+) Stored Cross-Site Scripting via style + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/766ac399-7280-4186-8972-94da813da85e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletter2go/" + google-query: inurl:"/wp-content/plugins/newsletter2go/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletter2go,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletter2go/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletter2go" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletters-lite-05fc8635fe3b2da7f76501f71f380eaa.yaml b/nuclei-templates/cve-less/plugins/newsletters-lite-05fc8635fe3b2da7f76501f71f380eaa.yaml new file mode 100644 index 0000000000..e12f4e34fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletters-lite-05fc8635fe3b2da7f76501f71f380eaa.yaml @@ -0,0 +1,58 @@ +id: newsletters-lite-05fc8635fe3b2da7f76501f71f380eaa + +info: + name: > + Newsletters <= 4.6.18 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1aa7a7f9-f331-4d06-94ea-182535080a90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletters-lite/" + google-query: inurl:"/wp-content/plugins/newsletters-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletters-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletters-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletters-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletters-lite-115f884d0c6c27b8ac283bf2fad6f3ed.yaml b/nuclei-templates/cve-less/plugins/newsletters-lite-115f884d0c6c27b8ac283bf2fad6f3ed.yaml new file mode 100644 index 0000000000..f6fb57b196 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletters-lite-115f884d0c6c27b8ac283bf2fad6f3ed.yaml @@ -0,0 +1,58 @@ +id: newsletters-lite-115f884d0c6c27b8ac283bf2fad6f3ed + +info: + name: > + Newsletters <= 4.8.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd6474f-72e1-4ec2-a056-3c05a0dfa173?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletters-lite/" + google-query: inurl:"/wp-content/plugins/newsletters-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletters-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletters-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletters-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletters-lite-6341ec05f42eea92884ac2a29b84c8c0.yaml b/nuclei-templates/cve-less/plugins/newsletters-lite-6341ec05f42eea92884ac2a29b84c8c0.yaml new file mode 100644 index 0000000000..b4cfa4fbe1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletters-lite-6341ec05f42eea92884ac2a29b84c8c0.yaml @@ -0,0 +1,58 @@ +id: newsletters-lite-6341ec05f42eea92884ac2a29b84c8c0 + +info: + name: > + Newsletter Lite <= 4.9.2 - Authenticated (Admin+) Command Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b409d2a5-3c4c-4a1e-b222-e2df7257b81f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletters-lite/" + google-query: inurl:"/wp-content/plugins/newsletters-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletters-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletters-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletters-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletters-lite-63a6ae12fc77467bfccad91ea4a943d2.yaml b/nuclei-templates/cve-less/plugins/newsletters-lite-63a6ae12fc77467bfccad91ea4a943d2.yaml new file mode 100644 index 0000000000..33b21701ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletters-lite-63a6ae12fc77467bfccad91ea4a943d2.yaml @@ -0,0 +1,58 @@ +id: newsletters-lite-63a6ae12fc77467bfccad91ea4a943d2 + +info: + name: > + Newsletters <= 4.6.18 - Cross-Site Scripting via contentarea Parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb4abe41-fb18-46f4-9fd8-90bb1996b241?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletters-lite/" + google-query: inurl:"/wp-content/plugins/newsletters-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletters-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletters-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletters-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletters-lite-ade39cd867e3448bad9cda88f9ec4ce9.yaml b/nuclei-templates/cve-less/plugins/newsletters-lite-ade39cd867e3448bad9cda88f9ec4ce9.yaml new file mode 100644 index 0000000000..110bba6095 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletters-lite-ade39cd867e3448bad9cda88f9ec4ce9.yaml @@ -0,0 +1,58 @@ +id: newsletters-lite-ade39cd867e3448bad9cda88f9ec4ce9 + +info: + name: > + Newsletters <= 4.9.5 - Information Exposure via Log files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/867f374c-633f-4384-aa2b-5bb8daa5b7a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletters-lite/" + google-query: inurl:"/wp-content/plugins/newsletters-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletters-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletters-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletters-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletters-lite-f3852e2e998f0a9723c8ace5e7ebc48d.yaml b/nuclei-templates/cve-less/plugins/newsletters-lite-f3852e2e998f0a9723c8ace5e7ebc48d.yaml new file mode 100644 index 0000000000..af688418b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletters-lite-f3852e2e998f0a9723c8ace5e7ebc48d.yaml @@ -0,0 +1,58 @@ +id: newsletters-lite-f3852e2e998f0a9723c8ace5e7ebc48d + +info: + name: > + Newsletters <= 4.9.5 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ead5b943-731d-484a-a6b0-ca4f27eccff0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletters-lite/" + google-query: inurl:"/wp-content/plugins/newsletters-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletters-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletters-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletters-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsletters-lite-fb658166b72b071de6ed9c2034675764.yaml b/nuclei-templates/cve-less/plugins/newsletters-lite-fb658166b72b071de6ed9c2034675764.yaml new file mode 100644 index 0000000000..730a911849 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsletters-lite-fb658166b72b071de6ed9c2034675764.yaml @@ -0,0 +1,58 @@ +id: newsletters-lite-fb658166b72b071de6ed9c2034675764 + +info: + name: > + Newsletters <= 4.6.8.5 - Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c3ef1bf-ef81-4e24-9813-de1a25b0e8ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsletters-lite/" + google-query: inurl:"/wp-content/plugins/newsletters-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsletters-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsletters-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsletters-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newsplugin-90997fecd42d62efb670daec1cf651f8.yaml b/nuclei-templates/cve-less/plugins/newsplugin-90997fecd42d62efb670daec1cf651f8.yaml new file mode 100644 index 0000000000..0834ff8efb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newsplugin-90997fecd42d62efb670daec1cf651f8.yaml @@ -0,0 +1,58 @@ +id: newsplugin-90997fecd42d62efb670daec1cf651f8 + +info: + name: > + NewsPlugin <= 1.0.18 – Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f208ca5a-a404-4664-80f5-643e713f600a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newsplugin/" + google-query: inurl:"/wp-content/plugins/newsplugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newsplugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newsplugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsplugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newstatpress-53b1198e7ee8eee5292e3abdba3cbbf7.yaml b/nuclei-templates/cve-less/plugins/newstatpress-53b1198e7ee8eee5292e3abdba3cbbf7.yaml new file mode 100644 index 0000000000..a1286684bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newstatpress-53b1198e7ee8eee5292e3abdba3cbbf7.yaml @@ -0,0 +1,58 @@ +id: newstatpress-53b1198e7ee8eee5292e3abdba3cbbf7 + +info: + name: > + NewStatPress < 1.2.5 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a353364-73a9-428c-b702-0183b29c7e3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newstatpress/" + google-query: inurl:"/wp-content/plugins/newstatpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newstatpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newstatpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newstatpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newstatpress-5661d46a0d0f62ecdca1f908938fc469.yaml b/nuclei-templates/cve-less/plugins/newstatpress-5661d46a0d0f62ecdca1f908938fc469.yaml new file mode 100644 index 0000000000..9dfbef1522 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newstatpress-5661d46a0d0f62ecdca1f908938fc469.yaml @@ -0,0 +1,58 @@ +id: newstatpress-5661d46a0d0f62ecdca1f908938fc469 + +info: + name: > + NewStatPress <= 0.9.8 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8292a1f-1d26-4efa-9ead-5309965bdb8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newstatpress/" + google-query: inurl:"/wp-content/plugins/newstatpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newstatpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newstatpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newstatpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newstatpress-5a76fde7fb0009ab04ff52f07a51dd98.yaml b/nuclei-templates/cve-less/plugins/newstatpress-5a76fde7fb0009ab04ff52f07a51dd98.yaml new file mode 100644 index 0000000000..b3ce177ba9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newstatpress-5a76fde7fb0009ab04ff52f07a51dd98.yaml @@ -0,0 +1,58 @@ +id: newstatpress-5a76fde7fb0009ab04ff52f07a51dd98 + +info: + name: > + NewStatPress <= 1.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fe983d6-ad48-460f-ba5d-f6de19f06be4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newstatpress/" + google-query: inurl:"/wp-content/plugins/newstatpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newstatpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newstatpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newstatpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newstatpress-8412ac7e626ed43c4ce45430524bd3c5.yaml b/nuclei-templates/cve-less/plugins/newstatpress-8412ac7e626ed43c4ce45430524bd3c5.yaml new file mode 100644 index 0000000000..bb2cebf77b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newstatpress-8412ac7e626ed43c4ce45430524bd3c5.yaml @@ -0,0 +1,58 @@ +id: newstatpress-8412ac7e626ed43c4ce45430524bd3c5 + +info: + name: > + NewStatPress < 1.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ce60724-3ef8-4222-9034-88edb8a4ce0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newstatpress/" + google-query: inurl:"/wp-content/plugins/newstatpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newstatpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newstatpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newstatpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newstatpress-85b9bc25cc8d9d1685d816dce491f099.yaml b/nuclei-templates/cve-less/plugins/newstatpress-85b9bc25cc8d9d1685d816dce491f099.yaml new file mode 100644 index 0000000000..d5eb26b975 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newstatpress-85b9bc25cc8d9d1685d816dce491f099.yaml @@ -0,0 +1,58 @@ +id: newstatpress-85b9bc25cc8d9d1685d816dce491f099 + +info: + name: > + NewStatPress <= 1.0.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d8eae69-722a-45ea-a3ca-d4a39a63c4b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newstatpress/" + google-query: inurl:"/wp-content/plugins/newstatpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newstatpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newstatpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newstatpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newstatpress-9429ed7d3468d9b070c3aef1b1b73950.yaml b/nuclei-templates/cve-less/plugins/newstatpress-9429ed7d3468d9b070c3aef1b1b73950.yaml new file mode 100644 index 0000000000..3ec4f55637 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newstatpress-9429ed7d3468d9b070c3aef1b1b73950.yaml @@ -0,0 +1,58 @@ +id: newstatpress-9429ed7d3468d9b070c3aef1b1b73950 + +info: + name: > + NewStatPress < 1.0.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0502c622-975f-4218-8b53-efd776fe9d99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newstatpress/" + google-query: inurl:"/wp-content/plugins/newstatpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newstatpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newstatpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newstatpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newstatpress-c5e29f3bae507d53468f7991a1fb1a3e.yaml b/nuclei-templates/cve-less/plugins/newstatpress-c5e29f3bae507d53468f7991a1fb1a3e.yaml new file mode 100644 index 0000000000..68668cc506 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newstatpress-c5e29f3bae507d53468f7991a1fb1a3e.yaml @@ -0,0 +1,58 @@ +id: newstatpress-c5e29f3bae507d53468f7991a1fb1a3e + +info: + name: > + NewStatPress <= 0.9.8 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95269053-59fa-4396-bd2b-c8c4f9c05595?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newstatpress/" + google-query: inurl:"/wp-content/plugins/newstatpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newstatpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newstatpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newstatpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newstatpress-e2fceb8fb39f58204ff5726ab0b6f62e.yaml b/nuclei-templates/cve-less/plugins/newstatpress-e2fceb8fb39f58204ff5726ab0b6f62e.yaml new file mode 100644 index 0000000000..72b3e7e875 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newstatpress-e2fceb8fb39f58204ff5726ab0b6f62e.yaml @@ -0,0 +1,58 @@ +id: newstatpress-e2fceb8fb39f58204ff5726ab0b6f62e + +info: + name: > + NewStatPress <= 1.3.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04a99e67-6af2-43c5-a21b-052eb683945c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newstatpress/" + google-query: inurl:"/wp-content/plugins/newstatpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newstatpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newstatpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newstatpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/newstatpress-ee6e70e7388e058992448bed848ba9e2.yaml b/nuclei-templates/cve-less/plugins/newstatpress-ee6e70e7388e058992448bed848ba9e2.yaml new file mode 100644 index 0000000000..f128b43e7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/newstatpress-ee6e70e7388e058992448bed848ba9e2.yaml @@ -0,0 +1,58 @@ +id: newstatpress-ee6e70e7388e058992448bed848ba9e2 + +info: + name: > + NewStatPress <= 1.0.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b738676-250d-4af4-81ff-cee9efcf996e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/newstatpress/" + google-query: inurl:"/wp-content/plugins/newstatpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,newstatpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/newstatpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newstatpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-8b8a23561a8628021b8646bf3571f1c0.yaml b/nuclei-templates/cve-less/plugins/nex-forms-8b8a23561a8628021b8646bf3571f1c0.yaml new file mode 100644 index 0000000000..aa73008dae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-8b8a23561a8628021b8646bf3571f1c0.yaml @@ -0,0 +1,58 @@ +id: nex-forms-8b8a23561a8628021b8646bf3571f1c0 + +info: + name: > + NEX Forms <= 7.8.7 - Authentication Bypass for PDF Reports + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5c1f0f4-4557-4ae9-bf0d-14c61721a2c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms/" + google-query: inurl:"/wp-content/plugins/nex-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-1873bca252baceb5719ad4cfda8c952f.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-1873bca252baceb5719ad4cfda8c952f.yaml new file mode 100644 index 0000000000..08bcc9faa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-1873bca252baceb5719ad4cfda8c952f.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-1873bca252baceb5719ad4cfda8c952f + +info: + name: > + NEX-Forms - Ultimate Form Builder <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd817fe9-b7be-4252-877a-e9843d62a0a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-2d87227c0a1b8cce209867e1a3357d5b.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-2d87227c0a1b8cce209867e1a3357d5b.yaml new file mode 100644 index 0000000000..d8d2f59333 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-2d87227c0a1b8cce209867e1a3357d5b.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-2d87227c0a1b8cce209867e1a3357d5b + +info: + name: > + NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_read() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2c3b646-d865-4425-bc8f-00b3555a3d74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-2d88339f87e8f539294930b47234f049.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-2d88339f87e8f539294930b47234f049.yaml new file mode 100644 index 0000000000..99fc971e2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-2d88339f87e8f539294930b47234f049.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-2d88339f87e8f539294930b47234f049 + +info: + name: > + NEX-Forms - Ultimate Form Builder <= 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0485eed3-4ee9-4b22-99d6-67e6eec1c0ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-320cc739be80667a41b7c33bc9c3ac5f.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-320cc739be80667a41b7c33bc9c3ac5f.yaml new file mode 100644 index 0000000000..8d502ed4dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-320cc739be80667a41b7c33bc9c3ac5f.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-320cc739be80667a41b7c33bc9c3ac5f + +info: + name: > + NEX-Forms – Ultimate Form Builder <= 8.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6934c0e-7526-4de7-9478-3c953b3dc64f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-3484031578b48515a252a1136c0592de.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-3484031578b48515a252a1136c0592de.yaml new file mode 100644 index 0000000000..abe7b55c3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-3484031578b48515a252a1136c0592de.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-3484031578b48515a252a1136c0592de + +info: + name: > + NEX-Forms – Ultimate Form Builder <= 8.4.2 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a7b4d0b-9845-4d0b-b255-a311076f5ca7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-3c32e113f430e95dd1bba8970b964bc4.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-3c32e113f430e95dd1bba8970b964bc4.yaml new file mode 100644 index 0000000000..76584dd944 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-3c32e113f430e95dd1bba8970b964bc4.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-3c32e113f430e95dd1bba8970b964bc4 + +info: + name: > + NEX-Forms <= 8.3.3 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d19be8b-3e0b-4d74-97e0-f17132d2d34c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-52a6b0aceece7742858232c190951358.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-52a6b0aceece7742858232c190951358.yaml new file mode 100644 index 0000000000..bcb719fa9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-52a6b0aceece7742858232c190951358.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-52a6b0aceece7742858232c190951358 + +info: + name: > + NEX-Forms – Ultimate Form Builder < 4.6.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6989e54b-ce5e-4c79-bd0d-0f7978a4bd44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-65a7e9e5db9a5af53a8c05db52ac919a.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-65a7e9e5db9a5af53a8c05db52ac919a.yaml new file mode 100644 index 0000000000..91d162b297 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-65a7e9e5db9a5af53a8c05db52ac919a.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-65a7e9e5db9a5af53a8c05db52ac919a + +info: + name: > + NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.5 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b5964a7-410b-4fea-9de2-22ffda80c8e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-69c9678050af93b08d000bd2cd1bbedb.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-69c9678050af93b08d000bd2cd1bbedb.yaml new file mode 100644 index 0000000000..e9bfbbff48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-69c9678050af93b08d000bd2cd1bbedb.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-69c9678050af93b08d000bd2cd1bbedb + +info: + name: > + NEX-Forms - Ultimate Form Builder <= 8.4.3 - Authenticated Stored Cross-Site Scripting via Form Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a333d5b4-cedf-40ac-8da9-f4965d2a397a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-6e45966d9ef8042467981ba9a26f57f6.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-6e45966d9ef8042467981ba9a26f57f6.yaml new file mode 100644 index 0000000000..cfcc36adbc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-6e45966d9ef8042467981ba9a26f57f6.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-6e45966d9ef8042467981ba9a26f57f6 + +info: + name: > + NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via restore_records() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-9eff154e275679aff481294211504cad.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-9eff154e275679aff481294211504cad.yaml new file mode 100644 index 0000000000..50cb09ce9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-9eff154e275679aff481294211504cad.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-9eff154e275679aff481294211504cad + +info: + name: > + NEX-Forms <= 7.9.6 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89655e84-acb5-40f2-a22f-a483a1bb29df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-bb95d05f96d844686568bca3576c4dd9.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-bb95d05f96d844686568bca3576c4dd9.yaml new file mode 100644 index 0000000000..3de7e777d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-bb95d05f96d844686568bca3576c4dd9.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-bb95d05f96d844686568bca3576c4dd9 + +info: + name: > + NEX-Forms <= 7.8.7 Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70587bb9-6f76-4073-b5db-06ffda0194e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-c98999074aee70a52ec6540d435f9e75.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-c98999074aee70a52ec6540d435f9e75.yaml new file mode 100644 index 0000000000..5a6e52f055 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-c98999074aee70a52ec6540d435f9e75.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-c98999074aee70a52ec6540d435f9e75 + +info: + name: > + NEX-Forms – Ultimate Form Builder <= 8.5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9b45e9b-57a6-4bfd-b9e4-d07780370f02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-f0ac080b3744a919181119313b1bddf9.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-f0ac080b3744a919181119313b1bddf9.yaml new file mode 100644 index 0000000000..9f1e096839 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-f0ac080b3744a919181119313b1bddf9.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-f0ac080b3744a919181119313b1bddf9 + +info: + name: > + NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.5.6 - Missing Authorization via set_starred() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53db0f72-3353-42bb-ad75-4c5aa32d7939?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-ff2527cc6b81652aecd5a77ac2a8b673.yaml b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-ff2527cc6b81652aecd5a77ac2a8b673.yaml new file mode 100644 index 0000000000..77fb58a85c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nex-forms-express-wp-form-builder-ff2527cc6b81652aecd5a77ac2a8b673.yaml @@ -0,0 +1,58 @@ +id: nex-forms-express-wp-form-builder-ff2527cc6b81652aecd5a77ac2a8b673 + +info: + name: > + NEX-Forms <= 7.7.1 - Missing Authorization on Various AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01940eeb-b4a6-450d-b646-84f415ca92c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nex-forms-express-wp-form-builder/" + google-query: inurl:"/wp-content/plugins/nex-forms-express-wp-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nex-forms-express-wp-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nex-forms-express-wp-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nex-forms-express-wp-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/next-page-cd42ea5f361eb592a86690da9944867b.yaml b/nuclei-templates/cve-less/plugins/next-page-cd42ea5f361eb592a86690da9944867b.yaml new file mode 100644 index 0000000000..91d5e8606e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/next-page-cd42ea5f361eb592a86690da9944867b.yaml @@ -0,0 +1,58 @@ +id: next-page-cd42ea5f361eb592a86690da9944867b + +info: + name: > + Next Page <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c592887c-718c-46d7-8dc3-d337711471ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/next-page/" + google-query: inurl:"/wp-content/plugins/next-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,next-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/next-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "next-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextcellent-gallery-nextgen-legacy-5b2ed76d9224d230598bdf2cc0cffcbc.yaml b/nuclei-templates/cve-less/plugins/nextcellent-gallery-nextgen-legacy-5b2ed76d9224d230598bdf2cc0cffcbc.yaml new file mode 100644 index 0000000000..cf35e4145a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextcellent-gallery-nextgen-legacy-5b2ed76d9224d230598bdf2cc0cffcbc.yaml @@ -0,0 +1,58 @@ +id: nextcellent-gallery-nextgen-legacy-5b2ed76d9224d230598bdf2cc0cffcbc + +info: + name: > + NextCellent Gallery <= 1.9.35 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6286cda-c5b1-4923-bbf3-9f5b56973d23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextcellent-gallery-nextgen-legacy/" + google-query: inurl:"/wp-content/plugins/nextcellent-gallery-nextgen-legacy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextcellent-gallery-nextgen-legacy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextcellent-gallery-nextgen-legacy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextcellent-gallery-nextgen-legacy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextcellent-gallery-nextgen-legacy-9324556ad1df2ab2ecb9b1f7e086b9b6.yaml b/nuclei-templates/cve-less/plugins/nextcellent-gallery-nextgen-legacy-9324556ad1df2ab2ecb9b1f7e086b9b6.yaml new file mode 100644 index 0000000000..b9375f94ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextcellent-gallery-nextgen-legacy-9324556ad1df2ab2ecb9b1f7e086b9b6.yaml @@ -0,0 +1,58 @@ +id: nextcellent-gallery-nextgen-legacy-9324556ad1df2ab2ecb9b1f7e086b9b6 + +info: + name: > + NextCellent Gallery < 1.9.18 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/472a98fe-9cce-4e9f-b353-ccc1389506fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextcellent-gallery-nextgen-legacy/" + google-query: inurl:"/wp-content/plugins/nextcellent-gallery-nextgen-legacy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextcellent-gallery-nextgen-legacy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextcellent-gallery-nextgen-legacy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextcellent-gallery-nextgen-legacy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextend-facebook-connect-00ecb873d9d341992e1bd58f78a3eb00.yaml b/nuclei-templates/cve-less/plugins/nextend-facebook-connect-00ecb873d9d341992e1bd58f78a3eb00.yaml new file mode 100644 index 0000000000..833603da4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextend-facebook-connect-00ecb873d9d341992e1bd58f78a3eb00.yaml @@ -0,0 +1,58 @@ +id: nextend-facebook-connect-00ecb873d9d341992e1bd58f78a3eb00 + +info: + name: > + Nextend Social Login and Register <= 1.5.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fe97e7a-5a4e-43e7-b4f3-81786e9ee3dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextend-facebook-connect/" + google-query: inurl:"/wp-content/plugins/nextend-facebook-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextend-facebook-connect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextend-facebook-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextend-facebook-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextend-facebook-connect-affff16d41b08985367338035f67daba.yaml b/nuclei-templates/cve-less/plugins/nextend-facebook-connect-affff16d41b08985367338035f67daba.yaml new file mode 100644 index 0000000000..30a26fe0d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextend-facebook-connect-affff16d41b08985367338035f67daba.yaml @@ -0,0 +1,58 @@ +id: nextend-facebook-connect-affff16d41b08985367338035f67daba + +info: + name: > + Nextend Social Login and Register <= 1.5.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2111df14-63a3-4e3c-87b8-d0e71812d32c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextend-facebook-connect/" + google-query: inurl:"/wp-content/plugins/nextend-facebook-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextend-facebook-connect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextend-facebook-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextend-facebook-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextend-facebook-connect-b5ffaf80d661d564c9b660398c6daa12.yaml b/nuclei-templates/cve-less/plugins/nextend-facebook-connect-b5ffaf80d661d564c9b660398c6daa12.yaml new file mode 100644 index 0000000000..3182fa4d20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextend-facebook-connect-b5ffaf80d661d564c9b660398c6daa12.yaml @@ -0,0 +1,58 @@ +id: nextend-facebook-connect-b5ffaf80d661d564c9b660398c6daa12 + +info: + name: > + Nextend Social Login and Register <= 3.1.12 - Reflected Self-Based Cross-Site Scripting via error_description + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bad1d0d-3817-4c7f-a012-5a85b577781e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextend-facebook-connect/" + google-query: inurl:"/wp-content/plugins/nextend-facebook-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextend-facebook-connect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextend-facebook-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextend-facebook-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextend-twitter-connect-9813a1d6a9d1cff77f894bb801d07459.yaml b/nuclei-templates/cve-less/plugins/nextend-twitter-connect-9813a1d6a9d1cff77f894bb801d07459.yaml new file mode 100644 index 0000000000..80ee33a18e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextend-twitter-connect-9813a1d6a9d1cff77f894bb801d07459.yaml @@ -0,0 +1,58 @@ +id: nextend-twitter-connect-9813a1d6a9d1cff77f894bb801d07459 + +info: + name: > + Nextend Twitter Connect <= 1.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b0336d7-1c85-4379-80db-19b478ba5471?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextend-twitter-connect/" + google-query: inurl:"/wp-content/plugins/nextend-twitter-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextend-twitter-connect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextend-twitter-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextend-twitter-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nexter-extension-289b4ce42c5317d66bb530e021b79a80.yaml b/nuclei-templates/cve-less/plugins/nexter-extension-289b4ce42c5317d66bb530e021b79a80.yaml new file mode 100644 index 0000000000..6132a2d885 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nexter-extension-289b4ce42c5317d66bb530e021b79a80.yaml @@ -0,0 +1,58 @@ +id: nexter-extension-289b4ce42c5317d66bb530e021b79a80 + +info: + name: > + Nexter Extension <= 2.0.3 - Reflected Cross-Site Scripting via post and post_id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f4dc917-028c-451a-9b32-26ef2c488850?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nexter-extension/" + google-query: inurl:"/wp-content/plugins/nexter-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nexter-extension,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nexter-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nexter-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nexter-extension-45f2df14510cef20714306c6b2b6f810.yaml b/nuclei-templates/cve-less/plugins/nexter-extension-45f2df14510cef20714306c6b2b6f810.yaml new file mode 100644 index 0000000000..abf99c3b20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nexter-extension-45f2df14510cef20714306c6b2b6f810.yaml @@ -0,0 +1,58 @@ +id: nexter-extension-45f2df14510cef20714306c6b2b6f810 + +info: + name: > + Nexter Extension <= 2.0.3 - Authenticated(Editor+) Remote Code Execution via metabox + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/188c4417-962a-4b28-b215-1c567b39ba7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nexter-extension/" + google-query: inurl:"/wp-content/plugins/nexter-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nexter-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nexter-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nexter-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-0852d9b8897d185217e138aaac4e2439.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-0852d9b8897d185217e138aaac4e2439.yaml new file mode 100644 index 0000000000..f7d735a48a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-0852d9b8897d185217e138aaac4e2439.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-0852d9b8897d185217e138aaac4e2439 + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery <= 1.5.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22bf5b65-8ec4-477c-a6bd-c90b99f560a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-13599838064c197e9952281d09390ec7.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-13599838064c197e9952281d09390ec7.yaml new file mode 100644 index 0000000000..8201423c2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-13599838064c197e9952281d09390ec7.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-13599838064c197e9952281d09390ec7 + +info: + name: > + Nextgen Gallery <= 3.59 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6c01d91-a912-4826-97eb-fd77368ae117?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-1c54e12a9145a5f1f1d234c85ecbc8fc.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-1c54e12a9145a5f1f1d234c85ecbc8fc.yaml new file mode 100644 index 0000000000..74034366a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-1c54e12a9145a5f1f1d234c85ecbc8fc.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-1c54e12a9145a5f1f1d234c85ecbc8fc + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d7feea5-965f-4a07-90f8-39ccdba7b50f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-2964883e1950fef80d801f06f14eb92b.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-2964883e1950fef80d801f06f14eb92b.yaml new file mode 100644 index 0000000000..5052f04c73 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-2964883e1950fef80d801f06f14eb92b.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-2964883e1950fef80d801f06f14eb92b + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75f87f99-9f0d-46c2-a6f1-3c1ea0176303?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-322df2ac71ce300f084e0fab2894de3c.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-322df2ac71ce300f084e0fab2894de3c.yaml new file mode 100644 index 0000000000..f24847511f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-322df2ac71ce300f084e0fab2894de3c.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-322df2ac71ce300f084e0fab2894de3c + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery 1.9.10 - 1.9.11 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21cf5a39-831b-4423-b901-98bf15416fc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.9.10', '<= 1.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-41d56c1ae043586e69a9cbdf8e53ac0a.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-41d56c1ae043586e69a9cbdf8e53ac0a.yaml new file mode 100644 index 0000000000..bc0ea883a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-41d56c1ae043586e69a9cbdf8e53ac0a.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-41d56c1ae043586e69a9cbdf8e53ac0a + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery <= 2.1.15 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10d861c2-8ebf-4ba8-a493-0ab3aa43aa76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-4a8d217f64c4cdfb18ee166f8cd3bec7.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-4a8d217f64c4cdfb18ee166f8cd3bec7.yaml new file mode 100644 index 0000000000..581b0fdb18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-4a8d217f64c4cdfb18ee166f8cd3bec7.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-4a8d217f64c4cdfb18ee166f8cd3bec7 + +info: + name: > + NextGen Gallery <= 2.1.56 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0de8ff3-ac03-4640-829d-66a8496aa8aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.56') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-519e702e57b853557437ca261b9c8d23.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-519e702e57b853557437ca261b9c8d23.yaml new file mode 100644 index 0000000000..b3d79e70b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-519e702e57b853557437ca261b9c8d23.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-519e702e57b853557437ca261b9c8d23 + +info: + name: > + NextGen Gallery <= 2.1.10 - Unrestricted File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9622c839-a1dd-4633-8a9c-cec41d1041ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..40c584ae7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-5eb51111eaa90d94b47d1fce5457ff77.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-5eb51111eaa90d94b47d1fce5457ff77.yaml new file mode 100644 index 0000000000..aed382ec3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-5eb51111eaa90d94b47d1fce5457ff77.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-5eb51111eaa90d94b47d1fce5457ff77 + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41d9de3f-5f49-413d-bee6-a4f9ebcf2799?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.77.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-75f34276d9b10d0195d546eabefff833.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-75f34276d9b10d0195d546eabefff833.yaml new file mode 100644 index 0000000000..104da9e4be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-75f34276d9b10d0195d546eabefff833.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-75f34276d9b10d0195d546eabefff833 + +info: + name: > + NextGEN Gallery <= 3.37 - Authenticated (Admininistrator+) Arbitrary File Read and Deletion in gallery_edit + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a15e917f-f46a-4006-a4cb-3d55331ccb5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-7e41774188b9f915d9ca937dad9a03c5.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-7e41774188b9f915d9ca937dad9a03c5.yaml new file mode 100644 index 0000000000..a3b548ef89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-7e41774188b9f915d9ca937dad9a03c5.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-7e41774188b9f915d9ca937dad9a03c5 + +info: + name: > + NextGEN Gallery <= 3.37 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3354b925-2e4a-4ee5-b436-2c1a502b1725?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-7f9e6cd367e17f5d58e3f74e4dd23702.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-7f9e6cd367e17f5d58e3f74e4dd23702.yaml new file mode 100644 index 0000000000..d336f67edf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-7f9e6cd367e17f5d58e3f74e4dd23702.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-7f9e6cd367e17f5d58e3f74e4dd23702 + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery <= 3.38 - Authenticated (Admin+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77db423c-af60-4539-8e3d-fde997741617?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.38') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-862a8430206366dd5f1306f54a1da83a.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-862a8430206366dd5f1306f54a1da83a.yaml new file mode 100644 index 0000000000..372f5cc11d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-862a8430206366dd5f1306f54a1da83a.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-862a8430206366dd5f1306f54a1da83a + +info: + name: > + NextGen Gallery <= 2.1.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7447fc39-a517-4ba0-93d6-381a6eeb5b7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-8aa932823fef6a8561cb1cce32b099e9.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-8aa932823fef6a8561cb1cce32b099e9.yaml new file mode 100644 index 0000000000..84f84d62f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-8aa932823fef6a8561cb1cce32b099e9.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-8aa932823fef6a8561cb1cce32b099e9 + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery <= 2.2.46 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b09bf42-a85d-4a5b-9acc-609e0a5d7748?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-8f740f4461f86da187ea01d0cc38bbab.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-8f740f4461f86da187ea01d0cc38bbab.yaml new file mode 100644 index 0000000000..37084d9d66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-8f740f4461f86da187ea01d0cc38bbab.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-8f740f4461f86da187ea01d0cc38bbab + +info: + name: > + NextGEN Gallery <= 3.28 - Cross-Site Request Forgery leading to Post Thumbnail Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a841456c-2a01-4caf-bebe-e018b92697d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-91308ce2ef066c70ca278e2e191864f4.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-91308ce2ef066c70ca278e2e191864f4.yaml new file mode 100644 index 0000000000..59e18e4494 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-91308ce2ef066c70ca278e2e191864f4.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-91308ce2ef066c70ca278e2e191864f4 + +info: + name: > + NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion & SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3b6c3ab-529d-44f2-b901-ea720cbc3fbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.56') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-ac32959f74b06f08f41c35d9de9637f2.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-ac32959f74b06f08f41c35d9de9637f2.yaml new file mode 100644 index 0000000000..d35918f442 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-ac32959f74b06f08f41c35d9de9637f2.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-ac32959f74b06f08f41c35d9de9637f2 + +info: + name: > + NextGEN Gallery <= 2.2.44 - Cross-Site Scripting via image alt and title text + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/674f75d7-83de-4d0b-80f2-ee83dd474728?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-b4ed5bad800bb63784fe65e3822d9b92.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-b4ed5bad800bb63784fe65e3822d9b92.yaml new file mode 100644 index 0000000000..bbacf3313d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-b4ed5bad800bb63784fe65e3822d9b92.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-b4ed5bad800bb63784fe65e3822d9b92 + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery < 2.0.77.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15c11a0e-6185-4072-88c6-303090adf898?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.77.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-b6ee1e856ee11834d66789e451bea084.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-b6ee1e856ee11834d66789e451bea084.yaml new file mode 100644 index 0000000000..d5815cee57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-b6ee1e856ee11834d66789e451bea084.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-b6ee1e856ee11834d66789e451bea084 + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery <= 1.9.12 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41af6441-bc1d-4210-92f3-4c765fda6df9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-b7c464860f475ded8d2ed3cd59a1ad52.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-b7c464860f475ded8d2ed3cd59a1ad52.yaml new file mode 100644 index 0000000000..3d65fed7e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-b7c464860f475ded8d2ed3cd59a1ad52.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-b7c464860f475ded8d2ed3cd59a1ad52 + +info: + name: > + NextGen Gallery <= 1.9.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ecf04a7-1f3c-41d6-a86b-282f020de088?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-c2a9c94ee32f4cfd4a8e1474373c16d3.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-c2a9c94ee32f4cfd4a8e1474373c16d3.yaml new file mode 100644 index 0000000000..ad89323239 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-c2a9c94ee32f4cfd4a8e1474373c16d3.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-c2a9c94ee32f4cfd4a8e1474373c16d3 + +info: + name: > + NextGen Gallery <= 2.1.10 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/255cdf64-93cd-434c-9a3c-3b8e49593ffe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-c41810e93c0c7c558cec6a9a4900b3a7.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-c41810e93c0c7c558cec6a9a4900b3a7.yaml new file mode 100644 index 0000000000..2ffc45572b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-c41810e93c0c7c558cec6a9a4900b3a7.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-c41810e93c0c7c558cec6a9a4900b3a7 + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery <= 3.4.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fa45912-3d26-4284-8957-5977aaf36a03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-ca565e6cb88aa754dd01e131a2eefadc.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-ca565e6cb88aa754dd01e131a2eefadc.yaml new file mode 100644 index 0000000000..5a1e84262b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-ca565e6cb88aa754dd01e131a2eefadc.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-ca565e6cb88aa754dd01e131a2eefadc + +info: + name: > + WordPress Gallery Plugin – NextGEN Gallery <= 3.38 - Authenticated (Admin+) PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edaec73f-25b5-4ace-afef-844eb4143bf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.38') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-d6113147a445ba7f16a522f439b96bee.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-d6113147a445ba7f16a522f439b96bee.yaml new file mode 100644 index 0000000000..5d3b530ea4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-d6113147a445ba7f16a522f439b96bee.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-d6113147a445ba7f16a522f439b96bee + +info: + name: > + NextGEN Gallery <= 3.2.10 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c58d5a57-6b87-4a39-b995-c86fbc779565?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nextgen-gallery-pro-f8b3e9ff45c2c72c8ffae6c7215d920c.yaml b/nuclei-templates/cve-less/plugins/nextgen-gallery-pro-f8b3e9ff45c2c72c8ffae6c7215d920c.yaml new file mode 100644 index 0000000000..2c7385573f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nextgen-gallery-pro-f8b3e9ff45c2c72c8ffae6c7215d920c.yaml @@ -0,0 +1,58 @@ +id: nextgen-gallery-pro-f8b3e9ff45c2c72c8ffae6c7215d920c + +info: + name: > + NextGen Gallery Pro <= 3.1.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d599ed8-ba30-4f12-83f5-be452bc1ae35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nextgen-gallery-pro/" + google-query: inurl:"/wp-content/plugins/nextgen-gallery-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nextgen-gallery-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nextgen-gallery-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nextgen-gallery-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ni-purchase-orderpo-for-woocommerce-ec4aba644c290d0da3b6df79cb8b20be.yaml b/nuclei-templates/cve-less/plugins/ni-purchase-orderpo-for-woocommerce-ec4aba644c290d0da3b6df79cb8b20be.yaml new file mode 100644 index 0000000000..f63b64d602 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ni-purchase-orderpo-for-woocommerce-ec4aba644c290d0da3b6df79cb8b20be.yaml @@ -0,0 +1,58 @@ +id: ni-purchase-orderpo-for-woocommerce-ec4aba644c290d0da3b6df79cb8b20be + +info: + name: > + Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67817d5a-2d7a-4b96-9c04-cd1ad9c90b29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ni-purchase-orderpo-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/ni-purchase-orderpo-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ni-purchase-orderpo-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ni-purchase-orderpo-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ni-purchase-orderpo-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ni-woocommerce-custom-order-status-7561b8c1f99227b7381d59264fa6815d.yaml b/nuclei-templates/cve-less/plugins/ni-woocommerce-custom-order-status-7561b8c1f99227b7381d59264fa6815d.yaml new file mode 100644 index 0000000000..391ea77735 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ni-woocommerce-custom-order-status-7561b8c1f99227b7381d59264fa6815d.yaml @@ -0,0 +1,58 @@ +id: ni-woocommerce-custom-order-status-7561b8c1f99227b7381d59264fa6815d + +info: + name: > + Ni WooCommerce Custom Order Status <= 1.9.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f28826e7-913e-4a88-a48a-3b8dd5623d39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ni-woocommerce-custom-order-status/" + google-query: inurl:"/wp-content/plugins/ni-woocommerce-custom-order-status/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ni-woocommerce-custom-order-status,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ni-woocommerce-custom-order-status/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ni-woocommerce-custom-order-status" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ni-woocommerce-sales-report-82dd4087673f4e5c2cbc42c8ad11ddcf.yaml b/nuclei-templates/cve-less/plugins/ni-woocommerce-sales-report-82dd4087673f4e5c2cbc42c8ad11ddcf.yaml new file mode 100644 index 0000000000..8f491feaa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ni-woocommerce-sales-report-82dd4087673f4e5c2cbc42c8ad11ddcf.yaml @@ -0,0 +1,58 @@ +id: ni-woocommerce-sales-report-82dd4087673f4e5c2cbc42c8ad11ddcf + +info: + name: > + Ni WooCommerce Sales Report <= 3.7.3 - Missing Authorization via ajax_sales_order + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b509887-6d32-4e7f-bdff-fd4f6c76f6f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ni-woocommerce-sales-report/" + google-query: inurl:"/wp-content/plugins/ni-woocommerce-sales-report/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ni-woocommerce-sales-report,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ni-woocommerce-sales-report/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ni-woocommerce-sales-report" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nice-paypal-button-lite-0471fd3ab900bd53f968b61b8e07cd67.yaml b/nuclei-templates/cve-less/plugins/nice-paypal-button-lite-0471fd3ab900bd53f968b61b8e07cd67.yaml new file mode 100644 index 0000000000..e9be4cd739 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nice-paypal-button-lite-0471fd3ab900bd53f968b61b8e07cd67.yaml @@ -0,0 +1,58 @@ +id: nice-paypal-button-lite-0471fd3ab900bd53f968b61b8e07cd67 + +info: + name: > + Nice PayPal Button Lite <= 1.3.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0ca76a3-143c-4e86-a6d7-e1d3b3d7b378?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nice-paypal-button-lite/" + google-query: inurl:"/wp-content/plugins/nice-paypal-button-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nice-paypal-button-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nice-paypal-button-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nice-paypal-button-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nifty-coming-soon-and-under-construction-page-0606b1934fa15f28fbfa63443f860808.yaml b/nuclei-templates/cve-less/plugins/nifty-coming-soon-and-under-construction-page-0606b1934fa15f28fbfa63443f860808.yaml new file mode 100644 index 0000000000..4d03511dd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nifty-coming-soon-and-under-construction-page-0606b1934fa15f28fbfa63443f860808.yaml @@ -0,0 +1,58 @@ +id: nifty-coming-soon-and-under-construction-page-0606b1934fa15f28fbfa63443f860808 + +info: + name: > + Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d283527a-a955-4f82-9827-81a71158d8e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nifty-coming-soon-and-under-construction-page/" + google-query: inurl:"/wp-content/plugins/nifty-coming-soon-and-under-construction-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nifty-coming-soon-and-under-construction-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nifty-coming-soon-and-under-construction-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nifty-coming-soon-and-under-construction-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.57') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nifty-coming-soon-and-under-construction-page-473adc971897213907d43bcafc37522c.yaml b/nuclei-templates/cve-less/plugins/nifty-coming-soon-and-under-construction-page-473adc971897213907d43bcafc37522c.yaml new file mode 100644 index 0000000000..13c387fb58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nifty-coming-soon-and-under-construction-page-473adc971897213907d43bcafc37522c.yaml @@ -0,0 +1,58 @@ +id: nifty-coming-soon-and-under-construction-page-473adc971897213907d43bcafc37522c + +info: + name: > + Coming Soon & Maintenance Mode Page <= 1.57 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59278214-b0ce-44bf-8d8f-265c5c50006a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nifty-coming-soon-and-under-construction-page/" + google-query: inurl:"/wp-content/plugins/nifty-coming-soon-and-under-construction-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nifty-coming-soon-and-under-construction-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nifty-coming-soon-and-under-construction-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nifty-coming-soon-and-under-construction-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.57') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/night-mode-d2a99368cddd63664c69600c9b7c92a3.yaml b/nuclei-templates/cve-less/plugins/night-mode-d2a99368cddd63664c69600c9b7c92a3.yaml new file mode 100644 index 0000000000..0913d4de3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/night-mode-d2a99368cddd63664c69600c9b7c92a3.yaml @@ -0,0 +1,58 @@ +id: night-mode-d2a99368cddd63664c69600c9b7c92a3 + +info: + name: > + Night Mode <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1666371-9401-4b62-b44e-abc7fb4c6138?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/night-mode/" + google-query: inurl:"/wp-content/plugins/night-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,night-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/night-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "night-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nimble-builder-89f45b00f9f74bc6d93e777cef76ce78.yaml b/nuclei-templates/cve-less/plugins/nimble-builder-89f45b00f9f74bc6d93e777cef76ce78.yaml new file mode 100644 index 0000000000..406e1c9d28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nimble-builder-89f45b00f9f74bc6d93e777cef76ce78.yaml @@ -0,0 +1,58 @@ +id: nimble-builder-89f45b00f9f74bc6d93e777cef76ce78 + +info: + name: > + Nimble Page Builder <= 3.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/255a50f0-0213-4de5-92f1-d71dbb5caeff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nimble-builder/" + google-query: inurl:"/wp-content/plugins/nimble-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nimble-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nimble-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nimble-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-07e79cfbaad5cc6feea3f9163412cb03.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-07e79cfbaad5cc6feea3f9163412cb03.yaml new file mode 100644 index 0000000000..487772878d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-07e79cfbaad5cc6feea3f9163412cb03.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-07e79cfbaad5cc6feea3f9163412cb03 + +info: + name: > + Ninja Forms Contact Form <= 3.2.14 - Parameter Tampering + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/042f7090-2eab-44d2-82b2-ecabdb1d3f99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-0b4ef9eb693a7e87ce6cfca4623c180a.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-0b4ef9eb693a7e87ce6cfca4623c180a.yaml new file mode 100644 index 0000000000..90007b80e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-0b4ef9eb693a7e87ce6cfca4623c180a.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-0b4ef9eb693a7e87ce6cfca4623c180a + +info: + name: > + Ninja Forms Contact Form <= 3.4.22 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d292c4ff-123e-4aa0-8ce8-d2bb2f3c6e02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-23c6df4af51eff238970a0c85f41de19.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-23c6df4af51eff238970a0c85f41de19.yaml new file mode 100644 index 0000000000..b27071b24c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-23c6df4af51eff238970a0c85f41de19.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-23c6df4af51eff238970a0c85f41de19 + +info: + name: > + Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Cross-Site Request Forgery to Publicly Accessible Form Submission Export + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ebfc9f5-abb7-47bc-bd38-f60df1cccb5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-2955aefdf1cefad709d8b720d6db9ca9.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-2955aefdf1cefad709d8b720d6db9ca9.yaml new file mode 100644 index 0000000000..469ec8dc17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-2955aefdf1cefad709d8b720d6db9ca9.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-2955aefdf1cefad709d8b720d6db9ca9 + +info: + name: > + Ninja Forms Contact Form <= 3.6.9 - Cross-Site Scripting via field label + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eaf0d324-bf2c-4da7-b2ab-f53f7b7881f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-2cbe4a3f03e2199a537c6f7a9b091533.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-2cbe4a3f03e2199a537c6f7a9b091533.yaml new file mode 100644 index 0000000000..9d733e67f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-2cbe4a3f03e2199a537c6f7a9b091533.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-2cbe4a3f03e2199a537c6f7a9b091533 + +info: + name: > + Ninja Forms <= 3.6.25 - Reflected Cross-Site Scripting via 'data' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1460dc44-dd64-4fd6-952b-1f5d4285bfa4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-3c9dac2ddd3bec2b9b5eb5b21c8ec91e.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-3c9dac2ddd3bec2b9b5eb5b21c8ec91e.yaml new file mode 100644 index 0000000000..96a333ac50 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-3c9dac2ddd3bec2b9b5eb5b21c8ec91e.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-3c9dac2ddd3bec2b9b5eb5b21c8ec91e + +info: + name: > + Ninja Forms <= 3.6.25 - Authenticated (Administrator+) Stored HTML Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3d795f5-c79a-4615-be1f-120a6ffd663d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-4bf361aef2d1a7792461202b02e3df2e.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-4bf361aef2d1a7792461202b02e3df2e.yaml new file mode 100644 index 0000000000..b7582a19e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-4bf361aef2d1a7792461202b02e3df2e.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-4bf361aef2d1a7792461202b02e3df2e + +info: + name: > + Ninja Forms <= 3.6.25 - Denial of Service via Large Form Submissions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/952a3e52-4e23-4bc4-92d3-e15ae2f3d28b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-55f90d534a47161e6795864c30da55c2.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-55f90d534a47161e6795864c30da55c2.yaml new file mode 100644 index 0000000000..acfb1e5a01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-55f90d534a47161e6795864c30da55c2.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-55f90d534a47161e6795864c30da55c2 + +info: + name: > + Ninja Forms Contact Form 2.9.36 - 2.9.42 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f36a924-6a68-40ff-bf1a-9ebcad1c2fc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.9.36', '<= 2.9.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-561eff22a0971cf174004fe156be75cb.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-561eff22a0971cf174004fe156be75cb.yaml new file mode 100644 index 0000000000..81a4ce1bfe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-561eff22a0971cf174004fe156be75cb.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-561eff22a0971cf174004fe156be75cb + +info: + name: > + Ninja Forms Contact Form <= 3.3.19 - Authenticated Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/221f9cbb-7988-4671-8f14-da3e63c280e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-57cd30237a115f155e6a16a851952284.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-57cd30237a115f155e6a16a851952284.yaml new file mode 100644 index 0000000000..0462c9a9d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-57cd30237a115f155e6a16a851952284.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-57cd30237a115f155e6a16a851952284 + +info: + name: > + Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a714b35e-776d-42f4-bb7c-7865bf2b7637?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-5f51f32d184bdb8a5475d2d0cf4a68e5.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-5f51f32d184bdb8a5475d2d0cf4a68e5.yaml new file mode 100644 index 0000000000..cd3e6071cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-5f51f32d184bdb8a5475d2d0cf4a68e5.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-5f51f32d184bdb8a5475d2d0cf4a68e5 + +info: + name: > + Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Cross-Site Request Forgery to Plugin Installation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdba439d-90ee-413c-842d-19704b08c33e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-6eed35694a75496bc23819374091960c.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-6eed35694a75496bc23819374091960c.yaml new file mode 100644 index 0000000000..ff1f409486 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-6eed35694a75496bc23819374091960c.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-6eed35694a75496bc23819374091960c + +info: + name: > + Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-706995907d69bd14e09ce77802032800.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-706995907d69bd14e09ce77802032800.yaml new file mode 100644 index 0000000000..08b127a9a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-706995907d69bd14e09ce77802032800.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-706995907d69bd14e09ce77802032800 + +info: + name: > + Ninja Forms <= 3.6.25 - Missing Authorization to Form Submission Export + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7befdf6-07d7-42c9-876a-abb8f8f9c3df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-707e5bb3cb201f78de35f00133c00922.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-707e5bb3cb201f78de35f00133c00922.yaml new file mode 100644 index 0000000000..b237a848f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-707e5bb3cb201f78de35f00133c00922.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-707e5bb3cb201f78de35f00133c00922 + +info: + name: > + Ninja Forms Contact Form <= 3.6.9 - Authenticated (Admin+) Cross-Site Scripting via label + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38d7c79f-a4a2-447d-88a2-ad75b53ac8bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-71b7f03c0d03bb060a04690fb6bef364.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-71b7f03c0d03bb060a04690fb6bef364.yaml new file mode 100644 index 0000000000..f8296e70bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-71b7f03c0d03bb060a04690fb6bef364.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-71b7f03c0d03bb060a04690fb6bef364 + +info: + name: > + Ninja Forms Contact Form <= 3.6.21 - Reflected Cross-Site Scripting via 'title' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf4e9b41-20e8-4dba-a51c-6e8f09232ffb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-740df732c021f2878fae481d2ff89873.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-740df732c021f2878fae481d2ff89873.yaml new file mode 100644 index 0000000000..3ac7ef5920 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-740df732c021f2878fae481d2ff89873.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-740df732c021f2878fae481d2ff89873 + +info: + name: > + Ninja Forms <= 3.6.25 - Missing Authorization to Contributor+ Form Submission Export + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6551eea6-1059-4caa-876c-3d08083130f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-74be7f504d2131ca6cf13b47a8275858.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-74be7f504d2131ca6cf13b47a8275858.yaml new file mode 100644 index 0000000000..3ea7fe5aa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-74be7f504d2131ca6cf13b47a8275858.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-74be7f504d2131ca6cf13b47a8275858 + +info: + name: > + Ninja Forms Contact Form <= 3.4.24.1 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d97df193-28ed-4961-9d71-00098c0bec45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.24.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-7a3eb0e4a2da32f4626463054bad7fe1.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-7a3eb0e4a2da32f4626463054bad7fe1.yaml new file mode 100644 index 0000000000..0f6c45824f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-7a3eb0e4a2da32f4626463054bad7fe1.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-7a3eb0e4a2da32f4626463054bad7fe1 + +info: + name: > + Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c35efa26-9400-47f1-80c3-e86ca29c6b47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.27.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-844eb2f2a31165d103093ea081bdb4c7.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-844eb2f2a31165d103093ea081bdb4c7.yaml new file mode 100644 index 0000000000..acd0ccb056 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-844eb2f2a31165d103093ea081bdb4c7.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-844eb2f2a31165d103093ea081bdb4c7 + +info: + name: > + Ninja Forms Contact Form 2.9.36 - 2.9.42 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9f73654-2e5a-4762-8cac-613e24d3216a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.9.36', '<= 2.9.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-88ca4a7bd7c66c74cd477716cd98c157.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-88ca4a7bd7c66c74cd477716cd98c157.yaml new file mode 100644 index 0000000000..c3f09a441d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-88ca4a7bd7c66c74cd477716cd98c157.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-88ca4a7bd7c66c74cd477716cd98c157 + +info: + name: > + Ninja Ninja Forms Contact Form <= 3.6.10 - Authenticated (Admin+) Stored Cross-Site Scripting via import + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/222678d0-cb1f-43c6-a6f0-37ea0be8cd3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-8af21f8f0c6e953daf8df61c5c7a078e.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-8af21f8f0c6e953daf8df61c5c7a078e.yaml new file mode 100644 index 0000000000..67149694b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-8af21f8f0c6e953daf8df61c5c7a078e.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-8af21f8f0c6e953daf8df61c5c7a078e + +info: + name: > + Ninja Forms Contact Form <= 3.6.3 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5340204a-8a4f-4e23-82a1-c228b884c34a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-9158a4f23cb6df7f396a1ff79ad04a19.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-9158a4f23cb6df7f396a1ff79ad04a19.yaml new file mode 100644 index 0000000000..ab625d6f5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-9158a4f23cb6df7f396a1ff79ad04a19.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-9158a4f23cb6df7f396a1ff79ad04a19 + +info: + name: > + Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.8.0 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a6eb430-cf86-4e13-a4f7-173fada9fddf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-987fd1a6de7b9a768ddbb56335fccbb6.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-987fd1a6de7b9a768ddbb56335fccbb6.yaml new file mode 100644 index 0000000000..82c5c31130 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-987fd1a6de7b9a768ddbb56335fccbb6.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-987fd1a6de7b9a768ddbb56335fccbb6 + +info: + name: > + Ninja Forms Contact Form <= 3.4.33 - Cross-Site Request Forgery to OAuth Service Disconnection + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1faf343-1859-4bee-a2d5-f494f44c70ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-9b10289c81ee712ffc41aaeeec7d52b6.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-9b10289c81ee712ffc41aaeeec7d52b6.yaml new file mode 100644 index 0000000000..bcf23db3be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-9b10289c81ee712ffc41aaeeec7d52b6.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-9b10289c81ee712ffc41aaeeec7d52b6 + +info: + name: > + Ninja Forms <= 3.6.24 - Authenticated (Admin+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97479b1-06a0-4e24-9d2b-005bdfec9eaf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-a2ca90e41d2e5160436c08c965469eba.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-a2ca90e41d2e5160436c08c965469eba.yaml new file mode 100644 index 0000000000..2b4d6ba31b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-a2ca90e41d2e5160436c08c965469eba.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-a2ca90e41d2e5160436c08c965469eba + +info: + name: > + Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.6.12 - Authenticated (Administrator+) PHP Objection Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dececd27-d311-41c0-a10c-3b9cc8b8f128?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-a784d42cac6270b3d15c7ded3f777f0b.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-a784d42cac6270b3d15c7ded3f777f0b.yaml new file mode 100644 index 0000000000..21568f6a77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-a784d42cac6270b3d15c7ded3f777f0b.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-a784d42cac6270b3d15c7ded3f777f0b + +info: + name: > + Ninja Forms Contact Form <= 2.8.8 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be31866c-7490-4be2-9a4d-2a3771c6fea1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-b156b450e510844126aa5b98c430cad1.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-b156b450e510844126aa5b98c430cad1.yaml new file mode 100644 index 0000000000..30b401b213 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-b156b450e510844126aa5b98c430cad1.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-b156b450e510844126aa5b98c430cad1 + +info: + name: > + Ninja Forms <= 3.5.8.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8703c76b-89c6-438a-b953-03847d965096?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-ba28eba12a04215286d701e542084879.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-ba28eba12a04215286d701e542084879.yaml new file mode 100644 index 0000000000..8e9c67601f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-ba28eba12a04215286d701e542084879.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-ba28eba12a04215286d701e542084879 + +info: + name: > + Ninja Forms – The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cae15a1c-63bc-4349-aba3-7f34737d6045?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-c1844c535b6764f33ccae986eaa4a431.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-c1844c535b6764f33ccae986eaa4a431.yaml new file mode 100644 index 0000000000..98adfe087c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-c1844c535b6764f33ccae986eaa4a431.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-c1844c535b6764f33ccae986eaa4a431 + +info: + name: > + Ninja Forms <= 3.4.34 - Authenticated OAuth Connection Key Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b7ad031-e15b-4315-9905-9f258f7c4ade?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.34.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-c4d0cc55798aa0e869ce6641ec043946.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-c4d0cc55798aa0e869ce6641ec043946.yaml new file mode 100644 index 0000000000..92b7e252a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-c4d0cc55798aa0e869ce6641ec043946.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-c4d0cc55798aa0e869ce6641ec043946 + +info: + name: > + Ninja Forms Contact Form <= 3.3.13 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44158748-798e-4b17-9deb-f54520779c62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-c696f7538d036d4b686b31bca8e05d88.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-c696f7538d036d4b686b31bca8e05d88.yaml new file mode 100644 index 0000000000..84dfe3f8b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-c696f7538d036d4b686b31bca8e05d88.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-c696f7538d036d4b686b31bca8e05d88 + +info: + name: > + Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.0.30 - HTML Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4ffc179-f3ab-4ae1-b7e9-13535d104593?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-c6b42e72ee53deb1fea76d399e341eb4.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-c6b42e72ee53deb1fea76d399e341eb4.yaml new file mode 100644 index 0000000000..8a275535eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-c6b42e72ee53deb1fea76d399e341eb4.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-c6b42e72ee53deb1fea76d399e341eb4 + +info: + name: > + Ninja Forms <= 3.5.7 - Unprotected REST-API to Email Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5bdf526-8378-413f-b51e-24351dd0774b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-c8ac9a46bde9d08b3cb4f64cfc42f9d1.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-c8ac9a46bde9d08b3cb4f64cfc42f9d1.yaml new file mode 100644 index 0000000000..29926f3ef2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-c8ac9a46bde9d08b3cb4f64cfc42f9d1.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-c8ac9a46bde9d08b3cb4f64cfc42f9d1 + +info: + name: > + Ninja Forms <= 3.3.8 - Insufficient Restrictions during Export Personal Data requests + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acb239c2-a105-4430-8451-a6ae852a690f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-cefd5e99fb5e46fe5dc72467ce88dd69.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-cefd5e99fb5e46fe5dc72467ce88dd69.yaml new file mode 100644 index 0000000000..185bf12498 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-cefd5e99fb5e46fe5dc72467ce88dd69.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-cefd5e99fb5e46fe5dc72467ce88dd69 + +info: + name: > + Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 3.4.27 - Validation Bypass via Email Field + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d7d83f6-92d1-43a8-821c-7b9470ead493?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-d52a1b2d96a87813163020667b1d0ea9.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-d52a1b2d96a87813163020667b1d0ea9.yaml new file mode 100644 index 0000000000..a85c988275 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-d52a1b2d96a87813163020667b1d0ea9.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-d52a1b2d96a87813163020667b1d0ea9 + +info: + name: > + Ninja Forms Contact Form <= 3.4.33 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25b94c05-87c5-44fb-90d5-6c65d035dba6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-d58c1c7e73217599c748d955d8555b74.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-d58c1c7e73217599c748d955d8555b74.yaml new file mode 100644 index 0000000000..2e2d129236 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-d58c1c7e73217599c748d955d8555b74.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-d58c1c7e73217599c748d955d8555b74 + +info: + name: > + Ninja Forms <= 3.5.7 - Unprotected REST-API to Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/549cd23f-3b3a-41b7-baa2-cc5c6b826a2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-d842d5a8fa51f3d63cc0b912fb91180a.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-d842d5a8fa51f3d63cc0b912fb91180a.yaml new file mode 100644 index 0000000000..ebc78076cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-d842d5a8fa51f3d63cc0b912fb91180a.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-d842d5a8fa51f3d63cc0b912fb91180a + +info: + name: > + Ninja Forms Contact Form <= 3.4.33 - Administrator Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13ba9152-b9a0-4201-ba91-c41686b4d953?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-dc4ac81f8a955635294d773c7dd984b2.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-dc4ac81f8a955635294d773c7dd984b2.yaml new file mode 100644 index 0000000000..a3d51fa993 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-dc4ac81f8a955635294d773c7dd984b2.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-dc4ac81f8a955635294d773c7dd984b2 + +info: + name: > + Ninja Forms Contact Form <= 3.3.21.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5023e07-9976-44f3-81de-2eb4ba86b0ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.21.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-e6738d3799e5a12b0457c2f4dc805c15.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-e6738d3799e5a12b0457c2f4dc805c15.yaml new file mode 100644 index 0000000000..cb6be27d06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-e6738d3799e5a12b0457c2f4dc805c15.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-e6738d3799e5a12b0457c2f4dc805c15 + +info: + name: > + Ninja Forms Contact Form <= 3.3.17 - Cross-Site Scripting via begin_date, end_date, or form_id Parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5adc88e9-3fcd-4ad6-8eb9-1a111bf9cdc7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-ea56b6fc3599b19cc9355c178eadf7c8.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-ea56b6fc3599b19cc9355c178eadf7c8.yaml new file mode 100644 index 0000000000..0a37e1dc54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-ea56b6fc3599b19cc9355c178eadf7c8.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-ea56b6fc3599b19cc9355c178eadf7c8 + +info: + name: > + Ninja Forms Contact Form <= 3.2.13 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3dad7ba6-bac4-4f1a-83f5-fd5769cd4a45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-eb2e2d24b00f12552ab6c531c273fecb.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-eb2e2d24b00f12552ab6c531c273fecb.yaml new file mode 100644 index 0000000000..0b5b83ead9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-eb2e2d24b00f12552ab6c531c273fecb.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-eb2e2d24b00f12552ab6c531c273fecb + +info: + name: > + Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09ee0155-7424-42ff-bfd6-244912857009?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-f907d4a58e9ce997eff45b8f7487d4d2.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-f907d4a58e9ce997eff45b8f7487d4d2.yaml new file mode 100644 index 0000000000..29307fd762 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-f907d4a58e9ce997eff45b8f7487d4d2.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-f907d4a58e9ce997eff45b8f7487d4d2 + +info: + name: > + Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress <= 2.8.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5a45b0d-aa47-45ac-80a9-0a30af3f91ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms/" + google-query: inurl:"/wp-content/plugins/ninja-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-uploads-4bc78371b9a6176130f5ed1b3336f728.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-uploads-4bc78371b9a6176130f5ed1b3336f728.yaml new file mode 100644 index 0000000000..401c7e6581 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-uploads-4bc78371b9a6176130f5ed1b3336f728.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-uploads-4bc78371b9a6176130f5ed1b3336f728 + +info: + name: > + Ninja Forms - File Uploads <= 3.0.22 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08d4bf7e-fae9-4be6-9e97-e8b6532523ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms-uploads/" + google-query: inurl:"/wp-content/plugins/ninja-forms-uploads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms-uploads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms-uploads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms-uploads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-uploads-b97c4bb0c30e63e1bfc74807877230de.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-uploads-b97c4bb0c30e63e1bfc74807877230de.yaml new file mode 100644 index 0000000000..f57c73d39b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-uploads-b97c4bb0c30e63e1bfc74807877230de.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-uploads-b97c4bb0c30e63e1bfc74807877230de + +info: + name: > + Ninja Forms - File Uploads Extension <= 3.3.12 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c5642fa-d001-47c4-8acd-94ae944e5129?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms-uploads/" + google-query: inurl:"/wp-content/plugins/ninja-forms-uploads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms-uploads,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms-uploads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms-uploads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-forms-uploads-cfede18703e7f00a56bec51b65b32812.yaml b/nuclei-templates/cve-less/plugins/ninja-forms-uploads-cfede18703e7f00a56bec51b65b32812.yaml new file mode 100644 index 0000000000..364b00db5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-forms-uploads-cfede18703e7f00a56bec51b65b32812.yaml @@ -0,0 +1,58 @@ +id: ninja-forms-uploads-cfede18703e7f00a56bec51b65b32812 + +info: + name: > + Ninja Forms - File Uploads Extension <= 3.3.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f00eeaef-f277-481f-9e18-bf1ced0015a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-forms-uploads/" + google-query: inurl:"/wp-content/plugins/ninja-forms-uploads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-forms-uploads,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-forms-uploads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-forms-uploads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-gdpr-compliance-974c074b19789002549ca2e695247e1e.yaml b/nuclei-templates/cve-less/plugins/ninja-gdpr-compliance-974c074b19789002549ca2e695247e1e.yaml new file mode 100644 index 0000000000..3b1fcafb01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-gdpr-compliance-974c074b19789002549ca2e695247e1e.yaml @@ -0,0 +1,58 @@ +id: ninja-gdpr-compliance-974c074b19789002549ca2e695247e1e + +info: + name: > + GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-gdpr-compliance/" + google-query: inurl:"/wp-content/plugins/ninja-gdpr-compliance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-gdpr-compliance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-gdpr-compliance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-gdpr-compliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-job-board-42cd9ebeecaa0d8da2012c8fd7d95b4c.yaml b/nuclei-templates/cve-less/plugins/ninja-job-board-42cd9ebeecaa0d8da2012c8fd7d95b4c.yaml new file mode 100644 index 0000000000..70c9d8798e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-job-board-42cd9ebeecaa0d8da2012c8fd7d95b4c.yaml @@ -0,0 +1,58 @@ +id: ninja-job-board-42cd9ebeecaa0d8da2012c8fd7d95b4c + +info: + name: > + Ninja Job Board <= 1.3.2 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67ddca02-2e92-4aea-ada9-ace0df29c775?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-job-board/" + google-query: inurl:"/wp-content/plugins/ninja-job-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-job-board,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-job-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-job-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-tables-208c19b89658d8f67c58a70365a86a8d.yaml b/nuclei-templates/cve-less/plugins/ninja-tables-208c19b89658d8f67c58a70365a86a8d.yaml new file mode 100644 index 0000000000..67da16bac1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-tables-208c19b89658d8f67c58a70365a86a8d.yaml @@ -0,0 +1,58 @@ +id: ninja-tables-208c19b89658d8f67c58a70365a86a8d + +info: + name: > + Ninja Tables <= 5.0.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c86e5cfd-f450-48d6-819e-5345fc0fdfc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-tables/" + google-query: inurl:"/wp-content/plugins/ninja-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-tables,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-tables-406776aa8100e59355ccb6cf6b38aab0.yaml b/nuclei-templates/cve-less/plugins/ninja-tables-406776aa8100e59355ccb6cf6b38aab0.yaml new file mode 100644 index 0000000000..86f7edfc94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-tables-406776aa8100e59355ccb6cf6b38aab0.yaml @@ -0,0 +1,58 @@ +id: ninja-tables-406776aa8100e59355ccb6cf6b38aab0 + +info: + name: > + Ninja Tables <= 4.1.7 - Admin+ Stored Cross-Site Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64338fc4-e8c9-4fa5-bb77-861fb5142286?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-tables/" + google-query: inurl:"/wp-content/plugins/ninja-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-tables,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-tables-87a2603e70828cd5276b845c0ebcc6ab.yaml b/nuclei-templates/cve-less/plugins/ninja-tables-87a2603e70828cd5276b845c0ebcc6ab.yaml new file mode 100644 index 0000000000..88c6db1d29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-tables-87a2603e70828cd5276b845c0ebcc6ab.yaml @@ -0,0 +1,58 @@ +id: ninja-tables-87a2603e70828cd5276b845c0ebcc6ab + +info: + name: > + Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc296c70-358e-4908-be49-5ffae83aca9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-tables/" + google-query: inurl:"/wp-content/plugins/ninja-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-tables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ninja-tables-b925b2b6daf2d6ebba61a79be7a0f3f1.yaml b/nuclei-templates/cve-less/plugins/ninja-tables-b925b2b6daf2d6ebba61a79be7a0f3f1.yaml new file mode 100644 index 0000000000..a12474e5e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ninja-tables-b925b2b6daf2d6ebba61a79be7a0f3f1.yaml @@ -0,0 +1,58 @@ +id: ninja-tables-b925b2b6daf2d6ebba61a79be7a0f3f1 + +info: + name: > + Ninja Tables <= 4.3.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/338158b5-bbda-4cd8-b4ea-97a3926a0989?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ninja-tables/" + google-query: inurl:"/wp-content/plugins/ninja-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ninja-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ninja-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ninja-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nirweb-support-a6bdfa613b7b681292bdcc51a2102fdd.yaml b/nuclei-templates/cve-less/plugins/nirweb-support-a6bdfa613b7b681292bdcc51a2102fdd.yaml new file mode 100644 index 0000000000..481609fc57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nirweb-support-a6bdfa613b7b681292bdcc51a2102fdd.yaml @@ -0,0 +1,58 @@ +id: nirweb-support-a6bdfa613b7b681292bdcc51a2102fdd + +info: + name: > + Nirweb support <= 2.7.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0ec70a0-d1be-4652-b029-d8268c2667ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nirweb-support/" + google-query: inurl:"/wp-content/plugins/nirweb-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nirweb-support,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nirweb-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nirweb-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nitropack-e25f78b15c303433589429f0f1d159bb.yaml b/nuclei-templates/cve-less/plugins/nitropack-e25f78b15c303433589429f0f1d159bb.yaml new file mode 100644 index 0000000000..535828cef3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nitropack-e25f78b15c303433589429f0f1d159bb.yaml @@ -0,0 +1,58 @@ +id: nitropack-e25f78b15c303433589429f0f1d159bb + +info: + name: > + NitroPack <= 1.10.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/daa30370-0d11-45b7-8ca3-b2a3b9046127?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nitropack/" + google-query: inurl:"/wp-content/plugins/nitropack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nitropack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nitropack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nitropack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nktagcloud-94bc27f855a1b3e71ba6782c8361e04d.yaml b/nuclei-templates/cve-less/plugins/nktagcloud-94bc27f855a1b3e71ba6782c8361e04d.yaml new file mode 100644 index 0000000000..14ff79ab5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nktagcloud-94bc27f855a1b3e71ba6782c8361e04d.yaml @@ -0,0 +1,58 @@ +id: nktagcloud-94bc27f855a1b3e71ba6782c8361e04d + +info: + name: > + Better Tag Cloud <= 0.99.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0e2ae5c-685d-4cf0-91e2-2f8620b2eb6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nktagcloud/" + google-query: inurl:"/wp-content/plugins/nktagcloud/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nktagcloud,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nktagcloud/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nktagcloud" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.99.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-297873237de6b81c34c6241d19a94b3b.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-297873237de6b81c34c6241d19a94b3b.yaml new file mode 100644 index 0000000000..665acb73aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-297873237de6b81c34c6241d19a94b3b.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-297873237de6b81c34c6241d19a94b3b + +info: + name: > + Frontend File Manager <= 18.2 - Unauthenticated Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c434e6b8-0dd5-4ffe-93b1-1af614c08f85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-345c91064d515186e70e2a5884cb7eb7.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-345c91064d515186e70e2a5884cb7eb7.yaml new file mode 100644 index 0000000000..82fd6b0664 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-345c91064d515186e70e2a5884cb7eb7.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-345c91064d515186e70e2a5884cb7eb7 + +info: + name: > + Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5539aa79-66ad-43fa-967c-2bec877061e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-591a1da3346f8d80da2af4a888473bd6.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-591a1da3346f8d80da2af4a888473bd6.yaml new file mode 100644 index 0000000000..9da9f47bca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-591a1da3346f8d80da2af4a888473bd6.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-591a1da3346f8d80da2af4a888473bd6 + +info: + name: > + Frontend File Manager <= 22.7 - Sensitive Information Exposure via user uploads + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbade634-cd81-41c0-8976-f5cb251da3f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 22.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-6555d944c0da7a05c7a9f7417ba389b0.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-6555d944c0da7a05c7a9f7417ba389b0.yaml new file mode 100644 index 0000000000..9ddc589f63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-6555d944c0da7a05c7a9f7417ba389b0.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-6555d944c0da7a05c7a9f7417ba389b0 + +info: + name: > + Frontend File Manager <= 18.2 - Authenticated Settings Change leading to Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adb1d8b0-b1d6-40df-b591-f1062ee744fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-6eae0900047437ffd3af67b0a999c0ce.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-6eae0900047437ffd3af67b0a999c0ce.yaml new file mode 100644 index 0000000000..0c95d83dec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-6eae0900047437ffd3af67b0a999c0ce.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-6eae0900047437ffd3af67b0a999c0ce + +info: + name: > + Frontend File Manager Plugin < 3.6 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a11c169-a232-49a9-80be-40d45d0c6dc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-7ab127dd070b1ecb99f880fa6c24c6c9.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-7ab127dd070b1ecb99f880fa6c24c6c9.yaml new file mode 100644 index 0000000000..d4c1a6dec8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-7ab127dd070b1ecb99f880fa6c24c6c9.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-7ab127dd070b1ecb99f880fa6c24c6c9 + +info: + name: > + Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84c61d00-20c1-4176-a74d-ea6ff6220f26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-7e92e5675339b75e77ca040e1f512f1b.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-7e92e5675339b75e77ca040e1f512f1b.yaml new file mode 100644 index 0000000000..649bf05bcb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-7e92e5675339b75e77ca040e1f512f1b.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-7e92e5675339b75e77ca040e1f512f1b + +info: + name: > + Frontend File Manager <= 18.2 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28a7b2c9-5d8d-4b49-a47c-473e3288b563?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-907b43a94b9878024b4d583046e9b3a5.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-907b43a94b9878024b4d583046e9b3a5.yaml new file mode 100644 index 0000000000..d65cbd77ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-907b43a94b9878024b4d583046e9b3a5.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-907b43a94b9878024b4d583046e9b3a5 + +info: + name: > + Frontend File Manager <= 18.2 - Unauthenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79e2011c-5e4d-4d02-831f-6b4dcfcaa51e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-912300bb987f9b62927bac6bd20872ca.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-912300bb987f9b62927bac6bd20872ca.yaml new file mode 100644 index 0000000000..c57222d577 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-912300bb987f9b62927bac6bd20872ca.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-912300bb987f9b62927bac6bd20872ca + +info: + name: > + Frontend File Manager Plugin <= 21.2 - Cross-Site Request Forgery to File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/361e2d5c-4355-4e71-91aa-2c1bc6b6fb78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-9d01a3c1450589963802e2c82f79a1da.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-9d01a3c1450589963802e2c82f79a1da.yaml new file mode 100644 index 0000000000..2cbd157b1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-9d01a3c1450589963802e2c82f79a1da.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-9d01a3c1450589963802e2c82f79a1da + +info: + name: > + Frontend File Manager <= 21.2 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/628eef73-1725-4290-bb30-07792d1d5b6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-a0c32d3142a601a64a1bd122ecb7baaa.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-a0c32d3142a601a64a1bd122ecb7baaa.yaml new file mode 100644 index 0000000000..f16ad77979 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-a0c32d3142a601a64a1bd122ecb7baaa.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-a0c32d3142a601a64a1bd122ecb7baaa + +info: + name: > + Frontend File Manager <= 18.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c82154-d390-44ba-a54a-89f4bb69cdce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-cf17a017c60d948b78f758c0612d102b.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-cf17a017c60d948b78f758c0612d102b.yaml new file mode 100644 index 0000000000..b549e87bff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-cf17a017c60d948b78f758c0612d102b.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-cf17a017c60d948b78f758c0612d102b + +info: + name: > + Frontend File Manager <= 21.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c56e5250-7cbd-41f4-9b8c-79a644830708?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-f3328c896ffc09c53e1ecdfa60c1e5c5.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-f3328c896ffc09c53e1ecdfa60c1e5c5.yaml new file mode 100644 index 0000000000..4de13cad96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-f3328c896ffc09c53e1ecdfa60c1e5c5.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-f3328c896ffc09c53e1ecdfa60c1e5c5 + +info: + name: > + Frontend File Manager <= 18.2 - Unauthenticated HTML Injection leading to Spam Emails + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49150180-9de0-4318-b21b-779daaeb7a52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-f4c2701ff75483ce690141623ec5eff4.yaml b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-f4c2701ff75483ce690141623ec5eff4.yaml new file mode 100644 index 0000000000..af84a98f50 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nmedia-user-file-uploader-f4c2701ff75483ce690141623ec5eff4.yaml @@ -0,0 +1,58 @@ +id: nmedia-user-file-uploader-f4c2701ff75483ce690141623ec5eff4 + +info: + name: > + Frontend File Manager Plugin <= 22.5 - Authenticated (Editor+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b59b5c41-6173-485e-869d-4165dc18e2bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nmedia-user-file-uploader/" + google-query: inurl:"/wp-content/plugins/nmedia-user-file-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nmedia-user-file-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nmedia-user-file-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nmedia-user-file-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 22.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/no-api-amazon-affiliate-43886ab11181377f0791e69c2c423b63.yaml b/nuclei-templates/cve-less/plugins/no-api-amazon-affiliate-43886ab11181377f0791e69c2c423b63.yaml new file mode 100644 index 0000000000..09d635da4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/no-api-amazon-affiliate-43886ab11181377f0791e69c2c423b63.yaml @@ -0,0 +1,58 @@ +id: no-api-amazon-affiliate-43886ab11181377f0791e69c2c423b63 + +info: + name: > + No API Amazon Affiliate <= 4.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b10941c7-40f1-4157-a9d9-40844d25b22b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/no-api-amazon-affiliate/" + google-query: inurl:"/wp-content/plugins/no-api-amazon-affiliate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,no-api-amazon-affiliate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/no-api-amazon-affiliate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "no-api-amazon-affiliate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/no-bot-registration-ecb41dd5dc38a4c73cfc3b8c255506fd.yaml b/nuclei-templates/cve-less/plugins/no-bot-registration-ecb41dd5dc38a4c73cfc3b8c255506fd.yaml new file mode 100644 index 0000000000..54a5628d12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/no-bot-registration-ecb41dd5dc38a4c73cfc3b8c255506fd.yaml @@ -0,0 +1,58 @@ +id: no-bot-registration-ecb41dd5dc38a4c73cfc3b8c255506fd + +info: + name: > + No-Bot Registration <= 1.9.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf2e8b6f-2bdb-46c4-84a0-9e196355dda9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/no-bot-registration/" + google-query: inurl:"/wp-content/plugins/no-bot-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,no-bot-registration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/no-bot-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "no-bot-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/no-external-links-7a7c093f97491b5547b10f0abf94cd54.yaml b/nuclei-templates/cve-less/plugins/no-external-links-7a7c093f97491b5547b10f0abf94cd54.yaml new file mode 100644 index 0000000000..e0e704192b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/no-external-links-7a7c093f97491b5547b10f0abf94cd54.yaml @@ -0,0 +1,58 @@ +id: no-external-links-7a7c093f97491b5547b10f0abf94cd54 + +info: + name: > + WP No External Links <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scritping + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8e3a111-6327-47a0-becd-d7e2d9166118?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/no-external-links/" + google-query: inurl:"/wp-content/plugins/no-external-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,no-external-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/no-external-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "no-external-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/no-future-posts-42ee0da57f529d4a1f0ef2f4cdec544f.yaml b/nuclei-templates/cve-less/plugins/no-future-posts-42ee0da57f529d4a1f0ef2f4cdec544f.yaml new file mode 100644 index 0000000000..33f1e3e284 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/no-future-posts-42ee0da57f529d4a1f0ef2f4cdec544f.yaml @@ -0,0 +1,58 @@ +id: no-future-posts-42ee0da57f529d4a1f0ef2f4cdec544f + +info: + name: > + No Future Posts <= 1.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94bd2229-0dfa-4f8b-9aa8-e2ee1bb7bc27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/no-future-posts/" + google-query: inurl:"/wp-content/plugins/no-future-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,no-future-posts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/no-future-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "no-future-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nofollow-a8cfb826ae3cd1e60648ab483d0a35aa.yaml b/nuclei-templates/cve-less/plugins/nofollow-a8cfb826ae3cd1e60648ab483d0a35aa.yaml new file mode 100644 index 0000000000..1963e73818 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nofollow-a8cfb826ae3cd1e60648ab483d0a35aa.yaml @@ -0,0 +1,58 @@ +id: nofollow-a8cfb826ae3cd1e60648ab483d0a35aa + +info: + name: > + Ultimate NoFollow <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d57b8c89-109c-4b3b-bea4-adfe7dbfb26d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nofollow/" + google-query: inurl:"/wp-content/plugins/nofollow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nofollow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nofollow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nofollow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nofollow-links-acc6eb8dd4e1bc540251436012892eb1.yaml b/nuclei-templates/cve-less/plugins/nofollow-links-acc6eb8dd4e1bc540251436012892eb1.yaml new file mode 100644 index 0000000000..a65370a6eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nofollow-links-acc6eb8dd4e1bc540251436012892eb1.yaml @@ -0,0 +1,58 @@ +id: nofollow-links-acc6eb8dd4e1bc540251436012892eb1 + +info: + name: > + Nofollow Links <= 1.0.10 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5b7e1f-7479-47bd-99ed-3d57eb209464?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nofollow-links/" + google-query: inurl:"/wp-content/plugins/nofollow-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nofollow-links,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nofollow-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nofollow-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nokia-mapsplaces-83baefa8fe364357f6ef3e61c50fe83c.yaml b/nuclei-templates/cve-less/plugins/nokia-mapsplaces-83baefa8fe364357f6ef3e61c50fe83c.yaml new file mode 100644 index 0000000000..e689694073 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nokia-mapsplaces-83baefa8fe364357f6ef3e61c50fe83c.yaml @@ -0,0 +1,58 @@ +id: nokia-mapsplaces-83baefa8fe364357f6ef3e61c50fe83c + +info: + name: > + Nokia Maps & Places < 1.6.7 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94337b59-6a88-467e-b487-b7b7e4f6f7a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nokia-mapsplaces/" + google-query: inurl:"/wp-content/plugins/nokia-mapsplaces/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nokia-mapsplaces,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nokia-mapsplaces/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nokia-mapsplaces" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/noo-timetable-3c7165ed170542d9a48b7ebd75bdcfa2.yaml b/nuclei-templates/cve-less/plugins/noo-timetable-3c7165ed170542d9a48b7ebd75bdcfa2.yaml new file mode 100644 index 0000000000..6e395f5301 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/noo-timetable-3c7165ed170542d9a48b7ebd75bdcfa2.yaml @@ -0,0 +1,58 @@ +id: noo-timetable-3c7165ed170542d9a48b7ebd75bdcfa2 + +info: + name: > + NOO Timetable <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fab1ae8-2aa4-452a-a594-64088c92b5c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/noo-timetable/" + google-query: inurl:"/wp-content/plugins/noo-timetable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,noo-timetable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/noo-timetable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "noo-timetable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/noo-timetable-8fd07febda83bd8c742a5f51259e2434.yaml b/nuclei-templates/cve-less/plugins/noo-timetable-8fd07febda83bd8c742a5f51259e2434.yaml new file mode 100644 index 0000000000..d18e64fef9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/noo-timetable-8fd07febda83bd8c742a5f51259e2434.yaml @@ -0,0 +1,58 @@ +id: noo-timetable-8fd07febda83bd8c742a5f51259e2434 + +info: + name: > + NOO Timetable <= 2.1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13046019-f390-48ae-bf08-53293c41f178?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/noo-timetable/" + google-query: inurl:"/wp-content/plugins/noo-timetable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,noo-timetable,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/noo-timetable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "noo-timetable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nooz-2b837a9bfbedcec8d35d48ea5080f6cf.yaml b/nuclei-templates/cve-less/plugins/nooz-2b837a9bfbedcec8d35d48ea5080f6cf.yaml new file mode 100644 index 0000000000..3042e2672e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nooz-2b837a9bfbedcec8d35d48ea5080f6cf.yaml @@ -0,0 +1,58 @@ +id: nooz-2b837a9bfbedcec8d35d48ea5080f6cf + +info: + name: > + Nooz <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8b5bc1b-c9dc-4ce5-86db-2802f5b49d0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nooz/" + google-query: inurl:"/wp-content/plugins/nooz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nooz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nooz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nooz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nospampti-bedbd591f6ca39f0af80a1081665a67e.yaml b/nuclei-templates/cve-less/plugins/nospampti-bedbd591f6ca39f0af80a1081665a67e.yaml new file mode 100644 index 0000000000..800de62e4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nospampti-bedbd591f6ca39f0af80a1081665a67e.yaml @@ -0,0 +1,58 @@ +id: nospampti-bedbd591f6ca39f0af80a1081665a67e + +info: + name: > + NOSpamPTI <= 2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/529c5785-214e-41e7-8cf3-4ff3d256e27c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nospampti/" + google-query: inurl:"/wp-content/plugins/nospampti/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nospampti,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nospampti/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nospampti" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/note-press-8247dd9e5bbd39d391956bd6159727f9.yaml b/nuclei-templates/cve-less/plugins/note-press-8247dd9e5bbd39d391956bd6159727f9.yaml new file mode 100644 index 0000000000..dbb81fb43c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/note-press-8247dd9e5bbd39d391956bd6159727f9.yaml @@ -0,0 +1,58 @@ +id: note-press-8247dd9e5bbd39d391956bd6159727f9 + +info: + name: > + Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd2b816a-fbb1-4c6f-8f0a-4ef2e77f845e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/note-press/" + google-query: inurl:"/wp-content/plugins/note-press/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,note-press,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/note-press/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "note-press" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/note-press-8825e85de759f44127189c61a2caf509.yaml b/nuclei-templates/cve-less/plugins/note-press-8825e85de759f44127189c61a2caf509.yaml new file mode 100644 index 0000000000..529d7052f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/note-press-8825e85de759f44127189c61a2caf509.yaml @@ -0,0 +1,58 @@ +id: note-press-8825e85de759f44127189c61a2caf509 + +info: + name: > + Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via id Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c7c2b11-750a-48de-b48b-dcc6fbb8e917?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/note-press/" + google-query: inurl:"/wp-content/plugins/note-press/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,note-press,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/note-press/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "note-press" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/note-press-c6243b9dee6460614115df8351692603.yaml b/nuclei-templates/cve-less/plugins/note-press-c6243b9dee6460614115df8351692603.yaml new file mode 100644 index 0000000000..5b29a80434 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/note-press-c6243b9dee6460614115df8351692603.yaml @@ -0,0 +1,58 @@ +id: note-press-c6243b9dee6460614115df8351692603 + +info: + name: > + Note Press <= 0.1.10 - Authenticated (Admin+) SQL Injection via ids Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/521bcfd5-7bb2-4748-8440-9902181cbf7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/note-press/" + google-query: inurl:"/wp-content/plugins/note-press/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,note-press,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/note-press/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "note-press" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/note-press-fc9778d621394c461290861e9ffed74c.yaml b/nuclei-templates/cve-less/plugins/note-press-fc9778d621394c461290861e9ffed74c.yaml new file mode 100644 index 0000000000..77b6666216 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/note-press-fc9778d621394c461290861e9ffed74c.yaml @@ -0,0 +1,58 @@ +id: note-press-fc9778d621394c461290861e9ffed74c + +info: + name: > + Note Press < 0.1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07ac1921-6d3b-44b3-ad8d-66e18698c025?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/note-press/" + google-query: inurl:"/wp-content/plugins/note-press/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,note-press,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/note-press/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "note-press" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/notice-bar-18ae8fd1e9cb93487e81ac53ef4e167a.yaml b/nuclei-templates/cve-less/plugins/notice-bar-18ae8fd1e9cb93487e81ac53ef4e167a.yaml new file mode 100644 index 0000000000..0e823e7ac9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/notice-bar-18ae8fd1e9cb93487e81ac53ef4e167a.yaml @@ -0,0 +1,58 @@ +id: notice-bar-18ae8fd1e9cb93487e81ac53ef4e167a + +info: + name: > + Notice Bar <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/defc5b5a-243d-4564-a9f8-3ecf3538129b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/notice-bar/" + google-query: inurl:"/wp-content/plugins/notice-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,notice-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/notice-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "notice-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/notice-board-b3b2af8cc00699a0018afcc81e707f41.yaml b/nuclei-templates/cve-less/plugins/notice-board-b3b2af8cc00699a0018afcc81e707f41.yaml new file mode 100644 index 0000000000..b047ef78b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/notice-board-b3b2af8cc00699a0018afcc81e707f41.yaml @@ -0,0 +1,58 @@ +id: notice-board-b3b2af8cc00699a0018afcc81e707f41 + +info: + name: > + NOTICE BOARD <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a804605-c079-4310-a57f-81c3eb216dee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/notice-board/" + google-query: inurl:"/wp-content/plugins/notice-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,notice-board,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/notice-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "notice-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/notices-84d0d45fa88276425857758501e9c199.yaml b/nuclei-templates/cve-less/plugins/notices-84d0d45fa88276425857758501e9c199.yaml new file mode 100644 index 0000000000..07953b3b8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/notices-84d0d45fa88276425857758501e9c199.yaml @@ -0,0 +1,58 @@ +id: notices-84d0d45fa88276425857758501e9c199 + +info: + name: > + Notices <= 6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ccd7144-fde1-4ade-ac66-5ea14cdbc616?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/notices/" + google-query: inurl:"/wp-content/plugins/notices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,notices,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/notices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "notices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/notification-eae4213a5c0782ae01f44dd9c21edcbb.yaml b/nuclei-templates/cve-less/plugins/notification-eae4213a5c0782ae01f44dd9c21edcbb.yaml new file mode 100644 index 0000000000..cae77fcbe7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/notification-eae4213a5c0782ae01f44dd9c21edcbb.yaml @@ -0,0 +1,58 @@ +id: notification-eae4213a5c0782ae01f44dd9c21edcbb + +info: + name: > + Notification – Custom Notifications and Alerts for WordPress <= 7.2.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e08cd1b6-3faf-4650-9606-3724b6a52df5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/notification/" + google-query: inurl:"/wp-content/plugins/notification/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,notification,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/notification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "notification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/notificationx-735661dd4e86df9c4dde01f9f3e84d09.yaml b/nuclei-templates/cve-less/plugins/notificationx-735661dd4e86df9c4dde01f9f3e84d09.yaml new file mode 100644 index 0000000000..1fbcf148f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/notificationx-735661dd4e86df9c4dde01f9f3e84d09.yaml @@ -0,0 +1,58 @@ +id: notificationx-735661dd4e86df9c4dde01f9f3e84d09 + +info: + name: > + NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e110ea99-e2fa-4558-bcf3-942a35af0b91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/notificationx/" + google-query: inurl:"/wp-content/plugins/notificationx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,notificationx,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/notificationx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "notificationx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/notificationx-a270bbda89fbbfcb6121d07d9ec5b627.yaml b/nuclei-templates/cve-less/plugins/notificationx-a270bbda89fbbfcb6121d07d9ec5b627.yaml new file mode 100644 index 0000000000..6faf706931 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/notificationx-a270bbda89fbbfcb6121d07d9ec5b627.yaml @@ -0,0 +1,58 @@ +id: notificationx-a270bbda89fbbfcb6121d07d9ec5b627 + +info: + name: > + NotificationX <= 1.8.2 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ebe7680-a76d-4178-a729-f0d79d861912?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/notificationx/" + google-query: inurl:"/wp-content/plugins/notificationx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,notificationx,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/notificationx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "notificationx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/notificationx-bcbaad1a845c82aad1bef42558b56fdd.yaml b/nuclei-templates/cve-less/plugins/notificationx-bcbaad1a845c82aad1bef42558b56fdd.yaml new file mode 100644 index 0000000000..d0c325bfa4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/notificationx-bcbaad1a845c82aad1bef42558b56fdd.yaml @@ -0,0 +1,58 @@ +id: notificationx-bcbaad1a845c82aad1bef42558b56fdd + +info: + name: > + NotificationX <= 2.3.8 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec2eec5a-7767-4215-b77d-5cfd2d148f73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/notificationx/" + google-query: inurl:"/wp-content/plugins/notificationx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,notificationx,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/notificationx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "notificationx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/notifyvisitors-lead-form-9efb6c4b18285974b32863549d5c9405.yaml b/nuclei-templates/cve-less/plugins/notifyvisitors-lead-form-9efb6c4b18285974b32863549d5c9405.yaml new file mode 100644 index 0000000000..949341da9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/notifyvisitors-lead-form-9efb6c4b18285974b32863549d5c9405.yaml @@ -0,0 +1,58 @@ +id: notifyvisitors-lead-form-9efb6c4b18285974b32863549d5c9405 + +info: + name: > + NotifyVisitors <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dad9b612-5575-4e64-a1b3-52a2cf3f05a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/notifyvisitors-lead-form/" + google-query: inurl:"/wp-content/plugins/notifyvisitors-lead-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,notifyvisitors-lead-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/notifyvisitors-lead-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "notifyvisitors-lead-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/novelist-6151f342a42025e02d427b32216a8adf.yaml b/nuclei-templates/cve-less/plugins/novelist-6151f342a42025e02d427b32216a8adf.yaml new file mode 100644 index 0000000000..ef592108ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/novelist-6151f342a42025e02d427b32216a8adf.yaml @@ -0,0 +1,58 @@ +id: novelist-6151f342a42025e02d427b32216a8adf + +info: + name: > + Novelist <= 1.2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00f33681-7edb-40a8-a1b4-433765ef7585?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/novelist/" + google-query: inurl:"/wp-content/plugins/novelist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,novelist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/novelist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "novelist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/novelist-f083409bbde8131959cd560116eb8b78.yaml b/nuclei-templates/cve-less/plugins/novelist-f083409bbde8131959cd560116eb8b78.yaml new file mode 100644 index 0000000000..33653eabc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/novelist-f083409bbde8131959cd560116eb8b78.yaml @@ -0,0 +1,58 @@ +id: novelist-f083409bbde8131959cd560116eb8b78 + +info: + name: > + Novelist <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Book Information Fields + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b8f64ed-abf8-4a8b-b32f-75afeaccea5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/novelist/" + google-query: inurl:"/wp-content/plugins/novelist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,novelist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/novelist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "novelist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/novo-map-fd902d7294b8be7fc6c94e658239c2f8.yaml b/nuclei-templates/cve-less/plugins/novo-map-fd902d7294b8be7fc6c94e658239c2f8.yaml new file mode 100644 index 0000000000..bf4924d239 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/novo-map-fd902d7294b8be7fc6c94e658239c2f8.yaml @@ -0,0 +1,58 @@ +id: novo-map-fd902d7294b8be7fc6c94e658239c2f8 + +info: + name: > + Novo-Map : your WP posts on custom google maps <= 1.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f91816-a263-4938-bac1-eeb3bb2fc120?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/novo-map/" + google-query: inurl:"/wp-content/plugins/novo-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,novo-map,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/novo-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "novo-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nps-computy-822c780c5b9c36a2c5c6155802580253.yaml b/nuclei-templates/cve-less/plugins/nps-computy-822c780c5b9c36a2c5c6155802580253.yaml new file mode 100644 index 0000000000..eac54c258b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nps-computy-822c780c5b9c36a2c5c6155802580253.yaml @@ -0,0 +1,58 @@ +id: nps-computy-822c780c5b9c36a2c5c6155802580253 + +info: + name: > + NPS computy <= 2.7.5 - Cross-Site Request Forgery to Results Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/490b4ee5-dd99-42af-94af-b45cea27b287?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nps-computy/" + google-query: inurl:"/wp-content/plugins/nps-computy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nps-computy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nps-computy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nps-computy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nps-computy-9980c05da6f848a401a8e11f20123173.yaml b/nuclei-templates/cve-less/plugins/nps-computy-9980c05da6f848a401a8e11f20123173.yaml new file mode 100644 index 0000000000..043bcf2d0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nps-computy-9980c05da6f848a401a8e11f20123173.yaml @@ -0,0 +1,58 @@ +id: nps-computy-9980c05da6f848a401a8e11f20123173 + +info: + name: > + NPS computy <= 2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1ac9f77-eea7-4726-b2ba-019c26aec242?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nps-computy/" + google-query: inurl:"/wp-content/plugins/nps-computy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nps-computy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nps-computy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nps-computy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ns-coupon-to-become-customer-b9cea09f7ed512cb1aad12f24e857815.yaml b/nuclei-templates/cve-less/plugins/ns-coupon-to-become-customer-b9cea09f7ed512cb1aad12f24e857815.yaml new file mode 100644 index 0000000000..f6d0b61d76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ns-coupon-to-become-customer-b9cea09f7ed512cb1aad12f24e857815.yaml @@ -0,0 +1,58 @@ +id: ns-coupon-to-become-customer-b9cea09f7ed512cb1aad12f24e857815 + +info: + name: > + NS Coupon to Become Customer <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70e227a5-fc33-4ff2-a843-ef9484707ae7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ns-coupon-to-become-customer/" + google-query: inurl:"/wp-content/plugins/ns-coupon-to-become-customer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ns-coupon-to-become-customer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ns-coupon-to-become-customer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ns-coupon-to-become-customer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ns-facebook-pixel-for-wp-b2640c0e1d9759721b91219a63bf25ee.yaml b/nuclei-templates/cve-less/plugins/ns-facebook-pixel-for-wp-b2640c0e1d9759721b91219a63bf25ee.yaml new file mode 100644 index 0000000000..efb7b29c02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ns-facebook-pixel-for-wp-b2640c0e1d9759721b91219a63bf25ee.yaml @@ -0,0 +1,58 @@ +id: ns-facebook-pixel-for-wp-b2640c0e1d9759721b91219a63bf25ee + +info: + name: > + Advanced Social Pixel <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/771da808-8962-46a3-8519-85d9422583f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ns-facebook-pixel-for-wp/" + google-query: inurl:"/wp-content/plugins/ns-facebook-pixel-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ns-facebook-pixel-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ns-facebook-pixel-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ns-facebook-pixel-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ns-woocommerce-watermark-0c0dde4c7a1e8ecba300d4f3a84714f5.yaml b/nuclei-templates/cve-less/plugins/ns-woocommerce-watermark-0c0dde4c7a1e8ecba300d4f3a84714f5.yaml new file mode 100644 index 0000000000..3b594bedae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ns-woocommerce-watermark-0c0dde4c7a1e8ecba300d4f3a84714f5.yaml @@ -0,0 +1,58 @@ +id: ns-woocommerce-watermark-0c0dde4c7a1e8ecba300d4f3a84714f5 + +info: + name: > + NS WooCommerce Watermark <= 2.11.3 - Abuse of Functionality + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d17f26b-e8b7-480d-bf03-2cfdb261fa28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ns-woocommerce-watermark/" + google-query: inurl:"/wp-content/plugins/ns-woocommerce-watermark/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ns-woocommerce-watermark,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ns-woocommerce-watermark/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ns-woocommerce-watermark" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nuajik-cdn-f0470adcfca34e53051811d10184b858.yaml b/nuclei-templates/cve-less/plugins/nuajik-cdn-f0470adcfca34e53051811d10184b858.yaml new file mode 100644 index 0000000000..656028ce12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nuajik-cdn-f0470adcfca34e53051811d10184b858.yaml @@ -0,0 +1,58 @@ +id: nuajik-cdn-f0470adcfca34e53051811d10184b858 + +info: + name: > + nuajik CDN <= 0.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcf09793-1277-41a0-9ce4-b85b13721729?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nuajik-cdn/" + google-query: inurl:"/wp-content/plugins/nuajik-cdn/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nuajik-cdn,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nuajik-cdn/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nuajik-cdn" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/nudgify-a865b1f08fb1dfda225878dc830c893d.yaml b/nuclei-templates/cve-less/plugins/nudgify-a865b1f08fb1dfda225878dc830c893d.yaml new file mode 100644 index 0000000000..a5b51bffc3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/nudgify-a865b1f08fb1dfda225878dc830c893d.yaml @@ -0,0 +1,58 @@ +id: nudgify-a865b1f08fb1dfda225878dc830c893d + +info: + name: > + Nudgify Social Proof, Sales Popup & FOMO <= 1.3.3 - Cross-Site Request Forgery via sync_orders_manually() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c67ee9bc-3626-4323-8b16-0fcae0db1991?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/nudgify/" + google-query: inurl:"/wp-content/plugins/nudgify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,nudgify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/nudgify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nudgify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/o2tweet-8b7ce3f62fb6e151f58953706865b9ed.yaml b/nuclei-templates/cve-less/plugins/o2tweet-8b7ce3f62fb6e151f58953706865b9ed.yaml new file mode 100644 index 0000000000..14e0a7ca43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/o2tweet-8b7ce3f62fb6e151f58953706865b9ed.yaml @@ -0,0 +1,58 @@ +id: o2tweet-8b7ce3f62fb6e151f58953706865b9ed + +info: + name: > + O2tweet <= 0.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4921c8-8e53-4f9d-be21-cf365869a435?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/o2tweet/" + google-query: inurl:"/wp-content/plugins/o2tweet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,o2tweet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/o2tweet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "o2tweet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oauth-client-ed96d7b172dbc6676f3aac8fd6c4f947.yaml b/nuclei-templates/cve-less/plugins/oauth-client-ed96d7b172dbc6676f3aac8fd6c4f947.yaml new file mode 100644 index 0000000000..ad8ce9c92d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oauth-client-ed96d7b172dbc6676f3aac8fd6c4f947.yaml @@ -0,0 +1,58 @@ +id: oauth-client-ed96d7b172dbc6676f3aac8fd6c4f947 + +info: + name: > + OAuth 2.0 client for SSO <= 1.11.3 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f33e8906-c607-40de-8c2a-93ca12519da5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oauth-client/" + google-query: inurl:"/wp-content/plugins/oauth-client/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oauth-client,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oauth-client/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oauth-client" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oauth-client-for-user-authentication-c53104da05cdac90a010088ce54093bb.yaml b/nuclei-templates/cve-less/plugins/oauth-client-for-user-authentication-c53104da05cdac90a010088ce54093bb.yaml new file mode 100644 index 0000000000..e622674968 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oauth-client-for-user-authentication-c53104da05cdac90a010088ce54093bb.yaml @@ -0,0 +1,58 @@ +id: oauth-client-for-user-authentication-c53104da05cdac90a010088ce54093bb + +info: + name: > + OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) <= 3.0.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b028a70d-f103-4232-b854-17b88d4dc7d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oauth-client-for-user-authentication/" + google-query: inurl:"/wp-content/plugins/oauth-client-for-user-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oauth-client-for-user-authentication,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oauth-client-for-user-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oauth-client-for-user-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oauth-twitter-feed-for-developers-bca2d75657a1c7a6e99c08d66b7b4e2e.yaml b/nuclei-templates/cve-less/plugins/oauth-twitter-feed-for-developers-bca2d75657a1c7a6e99c08d66b7b4e2e.yaml new file mode 100644 index 0000000000..b1589224c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oauth-twitter-feed-for-developers-bca2d75657a1c7a6e99c08d66b7b4e2e.yaml @@ -0,0 +1,58 @@ +id: oauth-twitter-feed-for-developers-bca2d75657a1c7a6e99c08d66b7b4e2e + +info: + name: > + oAuth Twitter Feed for Developers <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa3819b1-8e7c-4e97-bac5-96d73d935845?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oauth-twitter-feed-for-developers/" + google-query: inurl:"/wp-content/plugins/oauth-twitter-feed-for-developers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oauth-twitter-feed-for-developers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oauth-twitter-feed-for-developers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oauth-twitter-feed-for-developers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oauth2-provider-2b20f536c5a1e1ecc9328244cf31fc2a.yaml b/nuclei-templates/cve-less/plugins/oauth2-provider-2b20f536c5a1e1ecc9328244cf31fc2a.yaml new file mode 100644 index 0000000000..c06dfe6a45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oauth2-provider-2b20f536c5a1e1ecc9328244cf31fc2a.yaml @@ -0,0 +1,58 @@ +id: oauth2-provider-2b20f536c5a1e1ecc9328244cf31fc2a + +info: + name: > + OAuth Server <= 4.3.3 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d425843-a68e-40fd-93de-04c1c46af88f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oauth2-provider/" + google-query: inurl:"/wp-content/plugins/oauth2-provider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oauth2-provider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oauth2-provider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oauth2-provider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oauth2-provider-41a31043d8f2b87b33721864ecd51995.yaml b/nuclei-templates/cve-less/plugins/oauth2-provider-41a31043d8f2b87b33721864ecd51995.yaml new file mode 100644 index 0000000000..be73a7b3ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oauth2-provider-41a31043d8f2b87b33721864ecd51995.yaml @@ -0,0 +1,58 @@ +id: oauth2-provider-41a31043d8f2b87b33721864ecd51995 + +info: + name: > + WP OAuth Server <= 4.2.5 - Authenticated (Subscriber+) Arbitrary Client Deletion (wo_ajax_remove_client) + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27da9458-ac19-4b4e-a14b-d1ba62e9e9ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oauth2-provider/" + google-query: inurl:"/wp-content/plugins/oauth2-provider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oauth2-provider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oauth2-provider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oauth2-provider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oauth2-provider-4b9f20c2f55cb0278e501a36498340f1.yaml b/nuclei-templates/cve-less/plugins/oauth2-provider-4b9f20c2f55cb0278e501a36498340f1.yaml new file mode 100644 index 0000000000..d6d0efdd1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oauth2-provider-4b9f20c2f55cb0278e501a36498340f1.yaml @@ -0,0 +1,58 @@ +id: oauth2-provider-4b9f20c2f55cb0278e501a36498340f1 + +info: + name: > + WP OAuth Server (OAuth Authentication) < 3.1.5 - Pseudorandom Number Generation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/598fffcd-0318-4e41-8837-f65761390c19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oauth2-provider/" + google-query: inurl:"/wp-content/plugins/oauth2-provider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oauth2-provider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oauth2-provider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oauth2-provider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oauth2-provider-b493d32c53c148490b49a06f9023d87a.yaml b/nuclei-templates/cve-less/plugins/oauth2-provider-b493d32c53c148490b49a06f9023d87a.yaml new file mode 100644 index 0000000000..06a716e397 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oauth2-provider-b493d32c53c148490b49a06f9023d87a.yaml @@ -0,0 +1,58 @@ +id: oauth2-provider-b493d32c53c148490b49a06f9023d87a + +info: + name: > + WP OAuth Server <= 4.2.3 - Cross-Site Request Forgery to Arbitrary Post Deletion (wo_ajax_remove_client) + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bf68449-487d-4ef1-86be-c51dc7d79054?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oauth2-provider/" + google-query: inurl:"/wp-content/plugins/oauth2-provider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oauth2-provider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oauth2-provider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oauth2-provider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oauth2-provider-cbceddd57d7051d45761e4fa44eca556.yaml b/nuclei-templates/cve-less/plugins/oauth2-provider-cbceddd57d7051d45761e4fa44eca556.yaml new file mode 100644 index 0000000000..e43d43bdab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oauth2-provider-cbceddd57d7051d45761e4fa44eca556.yaml @@ -0,0 +1,58 @@ +id: oauth2-provider-cbceddd57d7051d45761e4fa44eca556 + +info: + name: > + WP OAuth Server (OAuth Authentication) <= 4.2.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77de0955-d6e4-4da0-8a71-772c404e5dc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oauth2-provider/" + google-query: inurl:"/wp-content/plugins/oauth2-provider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oauth2-provider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oauth2-provider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oauth2-provider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oauth2-provider-ef86ab7f523579cf61ae7ca65b0017ce.yaml b/nuclei-templates/cve-less/plugins/oauth2-provider-ef86ab7f523579cf61ae7ca65b0017ce.yaml new file mode 100644 index 0000000000..06e70821ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oauth2-provider-ef86ab7f523579cf61ae7ca65b0017ce.yaml @@ -0,0 +1,58 @@ +id: oauth2-provider-ef86ab7f523579cf61ae7ca65b0017ce + +info: + name: > + WP OAuth Server (OAuth Authentication) <= 4.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a07bd233-902c-402c-9055-f3085246da78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oauth2-provider/" + google-query: inurl:"/wp-content/plugins/oauth2-provider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oauth2-provider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oauth2-provider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oauth2-provider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oauth2-server-11efe70fd2ae23707bfcf341a18862cb.yaml b/nuclei-templates/cve-less/plugins/oauth2-server-11efe70fd2ae23707bfcf341a18862cb.yaml new file mode 100644 index 0000000000..f1fac58961 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oauth2-server-11efe70fd2ae23707bfcf341a18862cb.yaml @@ -0,0 +1,58 @@ +id: oauth2-server-11efe70fd2ae23707bfcf341a18862cb + +info: + name: > + WP OAuth2 Server <= 1.0.1 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bd74c3f-3caf-4238-9478-81a4cfa50410?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oauth2-server/" + google-query: inurl:"/wp-content/plugins/oauth2-server/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oauth2-server,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oauth2-server/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oauth2-server" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ocean-extra-09c7e3b2a6a061e164af74ab6001f045.yaml b/nuclei-templates/cve-less/plugins/ocean-extra-09c7e3b2a6a061e164af74ab6001f045.yaml new file mode 100644 index 0000000000..7e747ea72b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ocean-extra-09c7e3b2a6a061e164af74ab6001f045.yaml @@ -0,0 +1,58 @@ +id: ocean-extra-09c7e3b2a6a061e164af74ab6001f045 + +info: + name: > + Ocean Extra <= 1.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4891055a-04b2-453d-a2ea-2fb793705ff8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ocean-extra,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ocean-extra-15e84b289a1503987417bb5a8a9db81a.yaml b/nuclei-templates/cve-less/plugins/ocean-extra-15e84b289a1503987417bb5a8a9db81a.yaml new file mode 100644 index 0000000000..141331e131 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ocean-extra-15e84b289a1503987417bb5a8a9db81a.yaml @@ -0,0 +1,58 @@ +id: ocean-extra-15e84b289a1503987417bb5a8a9db81a + +info: + name: > + Ocean Extra <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/596e970b-5a40-46cd-aa32-ac6ace39c21b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ocean-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ocean-extra-1fa0a5990488e25fdbc5ceea9aa094d8.yaml b/nuclei-templates/cve-less/plugins/ocean-extra-1fa0a5990488e25fdbc5ceea9aa094d8.yaml new file mode 100644 index 0000000000..22e4e09e90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ocean-extra-1fa0a5990488e25fdbc5ceea9aa094d8.yaml @@ -0,0 +1,58 @@ +id: ocean-extra-1fa0a5990488e25fdbc5ceea9aa094d8 + +info: + name: > + Ocean Extra <= 2.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5458e3bf-fd91-4201-8157-572eb1126aaf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ocean-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ocean-extra-219e356df9406ff61a0cdb8030ff8ed2.yaml b/nuclei-templates/cve-less/plugins/ocean-extra-219e356df9406ff61a0cdb8030ff8ed2.yaml new file mode 100644 index 0000000000..b9fc4efa77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ocean-extra-219e356df9406ff61a0cdb8030ff8ed2.yaml @@ -0,0 +1,58 @@ +id: ocean-extra-219e356df9406ff61a0cdb8030ff8ed2 + +info: + name: > + Ocean Extra <= 2.0.4 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb19d3a-b180-4141-8c9b-bec436eeea6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ocean-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ocean-extra-4ea74f3f54b0253dbabe0bce4a43a6d7.yaml b/nuclei-templates/cve-less/plugins/ocean-extra-4ea74f3f54b0253dbabe0bce4a43a6d7.yaml new file mode 100644 index 0000000000..c0623de480 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ocean-extra-4ea74f3f54b0253dbabe0bce4a43a6d7.yaml @@ -0,0 +1,58 @@ +id: ocean-extra-4ea74f3f54b0253dbabe0bce4a43a6d7 + +info: + name: > + Ocean Extra <=1.6.5 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb3ef121-13ea-4e42-90c1-1f4bd31ebbcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ocean-extra,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ocean-extra-59a12b62de2e9aeb74cd74615dde1cd6.yaml b/nuclei-templates/cve-less/plugins/ocean-extra-59a12b62de2e9aeb74cd74615dde1cd6.yaml new file mode 100644 index 0000000000..4997b679f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ocean-extra-59a12b62de2e9aeb74cd74615dde1cd6.yaml @@ -0,0 +1,58 @@ +id: ocean-extra-59a12b62de2e9aeb74cd74615dde1cd6 + +info: + name: > + Ocean Extra <= 2.1.2 - Authenticated (Subscriber+) Arbitrary Post Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32192878-930a-4947-a38f-ec395c17e515?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ocean-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ocean-extra-675e6b4bb186a17f8fbe362e07f780dc.yaml b/nuclei-templates/cve-less/plugins/ocean-extra-675e6b4bb186a17f8fbe362e07f780dc.yaml new file mode 100644 index 0000000000..fb73c2ddf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ocean-extra-675e6b4bb186a17f8fbe362e07f780dc.yaml @@ -0,0 +1,58 @@ +id: ocean-extra-675e6b4bb186a17f8fbe362e07f780dc + +info: + name: > + Ocean Extra <= 2.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a292579c-9755-4bd4-996c-23d19ca1c197?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ocean-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ocean-extra-6f81fcdf0f0749244884a26bed49387a.yaml b/nuclei-templates/cve-less/plugins/ocean-extra-6f81fcdf0f0749244884a26bed49387a.yaml new file mode 100644 index 0000000000..b1fd699fa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ocean-extra-6f81fcdf0f0749244884a26bed49387a.yaml @@ -0,0 +1,58 @@ +id: ocean-extra-6f81fcdf0f0749244884a26bed49387a + +info: + name: > + Ocean Extra <= 2.2.2 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac111175-2059-41dc-afa2-a659da3adaca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ocean-extra,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ocean-extra-d17f4b50b1d89180cdbd40b462cf4e20.yaml b/nuclei-templates/cve-less/plugins/ocean-extra-d17f4b50b1d89180cdbd40b462cf4e20.yaml new file mode 100644 index 0000000000..12fa2b0503 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ocean-extra-d17f4b50b1d89180cdbd40b462cf4e20.yaml @@ -0,0 +1,58 @@ +id: ocean-extra-d17f4b50b1d89180cdbd40b462cf4e20 + +info: + name: > + Ocean Extra <= 1.5.7 - Unauthenticated Options update and CSS injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a7677a4-0cd5-496e-82cb-f6582e63475d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ocean-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ocean-extra-dd78e64b2b479493968a1e6217c98447.yaml b/nuclei-templates/cve-less/plugins/ocean-extra-dd78e64b2b479493968a1e6217c98447.yaml new file mode 100644 index 0000000000..dba72d0b1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ocean-extra-dd78e64b2b479493968a1e6217c98447.yaml @@ -0,0 +1,58 @@ +id: ocean-extra-dd78e64b2b479493968a1e6217c98447 + +info: + name: > + Ocean Extra <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/617b2ef0-dc7b-4032-a145-5eaffb8194c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ocean-extra/" + google-query: inurl:"/wp-content/plugins/ocean-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ocean-extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocean-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocean-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ocim-mp3-427c0efd9f4fe0120009a410add6694b.yaml b/nuclei-templates/cve-less/plugins/ocim-mp3-427c0efd9f4fe0120009a410add6694b.yaml new file mode 100644 index 0000000000..592a643cf7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ocim-mp3-427c0efd9f4fe0120009a410add6694b.yaml @@ -0,0 +1,58 @@ +id: ocim-mp3-427c0efd9f4fe0120009a410add6694b + +info: + name: > + Ocim MP3 (All Versions) - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96a9f567-6cf8-4988-bf8e-77eade71c5f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ocim-mp3/" + google-query: inurl:"/wp-content/plugins/ocim-mp3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ocim-mp3,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ocim-mp3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ocim-mp3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oembed-gist-d5fb85be1bce7f68e1b15520cd177f7a.yaml b/nuclei-templates/cve-less/plugins/oembed-gist-d5fb85be1bce7f68e1b15520cd177f7a.yaml new file mode 100644 index 0000000000..3f2619ce94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oembed-gist-d5fb85be1bce7f68e1b15520cd177f7a.yaml @@ -0,0 +1,58 @@ +id: oembed-gist-d5fb85be1bce7f68e1b15520cd177f7a + +info: + name: > + oEmbed Gist <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fed0e3bc-1401-410a-805d-1ea3e423024b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oembed-gist/" + google-query: inurl:"/wp-content/plugins/oembed-gist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oembed-gist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oembed-gist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oembed-gist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/off-canvas-sidebars-aedb89e2581210acfc64d10b1fcd7670.yaml b/nuclei-templates/cve-less/plugins/off-canvas-sidebars-aedb89e2581210acfc64d10b1fcd7670.yaml new file mode 100644 index 0000000000..8e7875a974 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/off-canvas-sidebars-aedb89e2581210acfc64d10b1fcd7670.yaml @@ -0,0 +1,58 @@ +id: off-canvas-sidebars-aedb89e2581210acfc64d10b1fcd7670 + +info: + name: > + Off-Canvas Sidebars & Menus (Slidebars) <= 0.5.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a92916c-42d4-44a6-a9b7-ff0338042b2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/off-canvas-sidebars/" + google-query: inurl:"/wp-content/plugins/off-canvas-sidebars/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,off-canvas-sidebars,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/off-canvas-sidebars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "off-canvas-sidebars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/official-facebook-pixel-f71c21bb0ac8ac3a83c45ec9ea5fb6b4.yaml b/nuclei-templates/cve-less/plugins/official-facebook-pixel-f71c21bb0ac8ac3a83c45ec9ea5fb6b4.yaml new file mode 100644 index 0000000000..d8cf704e33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/official-facebook-pixel-f71c21bb0ac8ac3a83c45ec9ea5fb6b4.yaml @@ -0,0 +1,58 @@ +id: official-facebook-pixel-f71c21bb0ac8ac3a83c45ec9ea5fb6b4 + +info: + name: > + Facebook for WordPress <= 3.0.3 - Cross-site Request Forgery to Stored Cross-site Scripting and Settings Deletion via wp_ajax_(save|delete)_fbe_settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bc3039c-8e96-42e9-a28d-d3204f3e84f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/official-facebook-pixel/" + google-query: inurl:"/wp-content/plugins/official-facebook-pixel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,official-facebook-pixel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/official-facebook-pixel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "official-facebook-pixel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '< 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/official-facebook-pixel-fc2e2c986080502cae4c6d1516b6383d.yaml b/nuclei-templates/cve-less/plugins/official-facebook-pixel-fc2e2c986080502cae4c6d1516b6383d.yaml new file mode 100644 index 0000000000..4b10d922f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/official-facebook-pixel-fc2e2c986080502cae4c6d1516b6383d.yaml @@ -0,0 +1,58 @@ +id: official-facebook-pixel-fc2e2c986080502cae4c6d1516b6383d + +info: + name: > + Meta pixel for WordPress <= 2.2.2 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17d4002d-3e87-46a7-9be6-c36e40c31c4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/official-facebook-pixel/" + google-query: inurl:"/wp-content/plugins/official-facebook-pixel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,official-facebook-pixel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/official-facebook-pixel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "official-facebook-pixel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-26c3585e6e7fad9c8d3a82c1982ff984.yaml b/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-26c3585e6e7fad9c8d3a82c1982ff984.yaml new file mode 100644 index 0000000000..737ceb7cc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-26c3585e6e7fad9c8d3a82c1982ff984.yaml @@ -0,0 +1,58 @@ +id: official-mailerlite-sign-up-forms-26c3585e6e7fad9c8d3a82c1982ff984 + +info: + name: > + MailerLite – Signup forms (official) 1.5.0 - 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f34f4a6-9092-4e67-8a1e-7c60edde0b2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/official-mailerlite-sign-up-forms/" + google-query: inurl:"/wp-content/plugins/official-mailerlite-sign-up-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,official-mailerlite-sign-up-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/official-mailerlite-sign-up-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "official-mailerlite-sign-up-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.5.0', '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-72b3ee0aa0ee9a6370b95e5e332c6b93.yaml b/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-72b3ee0aa0ee9a6370b95e5e332c6b93.yaml new file mode 100644 index 0000000000..e970c771f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-72b3ee0aa0ee9a6370b95e5e332c6b93.yaml @@ -0,0 +1,58 @@ +id: official-mailerlite-sign-up-forms-72b3ee0aa0ee9a6370b95e5e332c6b93 + +info: + name: > + MailerLite – Signup forms (official) <= 1.7.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a03b4c19-85fa-47ad-b9ae-b466f8e5ca96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/official-mailerlite-sign-up-forms/" + google-query: inurl:"/wp-content/plugins/official-mailerlite-sign-up-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,official-mailerlite-sign-up-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/official-mailerlite-sign-up-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "official-mailerlite-sign-up-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-83cdeca9a177bee255e863b7e36aae57.yaml b/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-83cdeca9a177bee255e863b7e36aae57.yaml new file mode 100644 index 0000000000..602a62062c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-83cdeca9a177bee255e863b7e36aae57.yaml @@ -0,0 +1,58 @@ +id: official-mailerlite-sign-up-forms-83cdeca9a177bee255e863b7e36aae57 + +info: + name: > + MailerLite – Signup forms (official) <= 1.5.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/156b955d-e978-4ff5-ab56-35af257b3199?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/official-mailerlite-sign-up-forms/" + google-query: inurl:"/wp-content/plugins/official-mailerlite-sign-up-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,official-mailerlite-sign-up-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/official-mailerlite-sign-up-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "official-mailerlite-sign-up-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-e5931a630006ade9f39755f24e1f8775.yaml b/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-e5931a630006ade9f39755f24e1f8775.yaml new file mode 100644 index 0000000000..12286b8dac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/official-mailerlite-sign-up-forms-e5931a630006ade9f39755f24e1f8775.yaml @@ -0,0 +1,58 @@ +id: official-mailerlite-sign-up-forms-e5931a630006ade9f39755f24e1f8775 + +info: + name: > + MailerLite - Signup forms <= 1.5.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e383235-8f61-46f2-bd54-cc41e3ec189e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/official-mailerlite-sign-up-forms/" + google-query: inurl:"/wp-content/plugins/official-mailerlite-sign-up-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,official-mailerlite-sign-up-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/official-mailerlite-sign-up-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "official-mailerlite-sign-up-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/official-sendle-shipping-method-74909c964d07fc09665c9e492aec8fb5.yaml b/nuclei-templates/cve-less/plugins/official-sendle-shipping-method-74909c964d07fc09665c9e492aec8fb5.yaml new file mode 100644 index 0000000000..a46fde917f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/official-sendle-shipping-method-74909c964d07fc09665c9e492aec8fb5.yaml @@ -0,0 +1,58 @@ +id: official-sendle-shipping-method-74909c964d07fc09665c9e492aec8fb5 + +info: + name: > + Sendle Shipping <= 5.17 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e227e25-3dd9-47fd-bba8-e076f7f92d56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/official-sendle-shipping-method/" + google-query: inurl:"/wp-content/plugins/official-sendle-shipping-method/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,official-sendle-shipping-method,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/official-sendle-shipping-method/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "official-sendle-shipping-method" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/official-statcounter-plugin-for-wordpress-d0adb6ab141d87bc7e2689c3386228f9.yaml b/nuclei-templates/cve-less/plugins/official-statcounter-plugin-for-wordpress-d0adb6ab141d87bc7e2689c3386228f9.yaml new file mode 100644 index 0000000000..2321a5a69d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/official-statcounter-plugin-for-wordpress-d0adb6ab141d87bc7e2689c3386228f9.yaml @@ -0,0 +1,58 @@ +id: official-statcounter-plugin-for-wordpress-d0adb6ab141d87bc7e2689c3386228f9 + +info: + name: > + StatCounter <= 2.0.6 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edcc51f8-bf79-453a-aa4d-5d1d491316eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/official-statcounter-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/official-statcounter-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,official-statcounter-plugin-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/official-statcounter-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "official-statcounter-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/og-tags-d6eff878d5e751e7448431e370bd1e18.yaml b/nuclei-templates/cve-less/plugins/og-tags-d6eff878d5e751e7448431e370bd1e18.yaml new file mode 100644 index 0000000000..9a23c2e042 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/og-tags-d6eff878d5e751e7448431e370bd1e18.yaml @@ -0,0 +1,58 @@ +id: og-tags-d6eff878d5e751e7448431e370bd1e18 + +info: + name: > + OG Tags <= 2.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cfe9ab3-45b8-4ee5-9de1-45182a4fc46f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/og-tags/" + google-query: inurl:"/wp-content/plugins/og-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,og-tags,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/og-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "og-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oi-yamaps-edd20f1acfb98b2d0a1653edfc88a6dc.yaml b/nuclei-templates/cve-less/plugins/oi-yamaps-edd20f1acfb98b2d0a1653edfc88a6dc.yaml new file mode 100644 index 0000000000..d42b13ac3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oi-yamaps-edd20f1acfb98b2d0a1653edfc88a6dc.yaml @@ -0,0 +1,58 @@ +id: oi-yamaps-edd20f1acfb98b2d0a1653edfc88a6dc + +info: + name: > + Oi Yandex.Maps for WordPress <= 3.2.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28ca388f-0505-47ae-9408-e3d101101fae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oi-yamaps/" + google-query: inurl:"/wp-content/plugins/oi-yamaps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oi-yamaps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oi-yamaps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oi-yamaps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oik-31709e141c457255c2ab0ae7529088be.yaml b/nuclei-templates/cve-less/plugins/oik-31709e141c457255c2ab0ae7529088be.yaml new file mode 100644 index 0000000000..53faf2b094 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oik-31709e141c457255c2ab0ae7529088be.yaml @@ -0,0 +1,58 @@ +id: oik-31709e141c457255c2ab0ae7529088be + +info: + name: > + oik <= 4.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1266c6df-214b-4b6b-8f1d-a67385469bf5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oik/" + google-query: inurl:"/wp-content/plugins/oik/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oik,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oik/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oik" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oleggo-livestream-a72c869069d2e541af149f51ffaa7390.yaml b/nuclei-templates/cve-less/plugins/oleggo-livestream-a72c869069d2e541af149f51ffaa7390.yaml new file mode 100644 index 0000000000..44cb8646fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oleggo-livestream-a72c869069d2e541af149f51ffaa7390.yaml @@ -0,0 +1,58 @@ +id: oleggo-livestream-a72c869069d2e541af149f51ffaa7390 + +info: + name: > + Oleggo LiveStream <= 0.2.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af1796b7-64b4-4198-9ba4-8a77a0f1cf02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oleggo-livestream/" + google-query: inurl:"/wp-content/plugins/oleggo-livestream/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oleggo-livestream,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oleggo-livestream/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oleggo-livestream" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/olevmedia-shortcodes-76ca7c77b83fa68f077aef4f9085d916.yaml b/nuclei-templates/cve-less/plugins/olevmedia-shortcodes-76ca7c77b83fa68f077aef4f9085d916.yaml new file mode 100644 index 0000000000..b4cf6af5fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/olevmedia-shortcodes-76ca7c77b83fa68f077aef4f9085d916.yaml @@ -0,0 +1,58 @@ +id: olevmedia-shortcodes-76ca7c77b83fa68f077aef4f9085d916 + +info: + name: > + Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66607be6-cca1-4cbb-b1c0-708d640b1151?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/olevmedia-shortcodes/" + google-query: inurl:"/wp-content/plugins/olevmedia-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,olevmedia-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/olevmedia-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "olevmedia-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/olevmedia-shortcodes-d25bac07f3777da904ec9b43911bfe31.yaml b/nuclei-templates/cve-less/plugins/olevmedia-shortcodes-d25bac07f3777da904ec9b43911bfe31.yaml new file mode 100644 index 0000000000..c5c65a0ac5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/olevmedia-shortcodes-d25bac07f3777da904ec9b43911bfe31.yaml @@ -0,0 +1,58 @@ +id: olevmedia-shortcodes-d25bac07f3777da904ec9b43911bfe31 + +info: + name: > + Olevmedia Shortcodes <= 1.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c995da3-83c4-4734-8d4f-24c34f12919c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/olevmedia-shortcodes/" + google-query: inurl:"/wp-content/plugins/olevmedia-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,olevmedia-shortcodes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/olevmedia-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "olevmedia-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/olevmedia-shortcodes-d767c0b5d303daf65b04ebec294c7e3f.yaml b/nuclei-templates/cve-less/plugins/olevmedia-shortcodes-d767c0b5d303daf65b04ebec294c7e3f.yaml new file mode 100644 index 0000000000..c02aafd99b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/olevmedia-shortcodes-d767c0b5d303daf65b04ebec294c7e3f.yaml @@ -0,0 +1,58 @@ +id: olevmedia-shortcodes-d767c0b5d303daf65b04ebec294c7e3f + +info: + name: > + Olevmedia Shortcodes <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ce22e5b-7f5c-41be-a50e-dc8100348122?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/olevmedia-shortcodes/" + google-query: inurl:"/wp-content/plugins/olevmedia-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,olevmedia-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/olevmedia-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "olevmedia-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/olimometer-c521258f5992e6f5c61e1567e72a1351.yaml b/nuclei-templates/cve-less/plugins/olimometer-c521258f5992e6f5c61e1567e72a1351.yaml new file mode 100644 index 0000000000..28d5c2be8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/olimometer-c521258f5992e6f5c61e1567e72a1351.yaml @@ -0,0 +1,58 @@ +id: olimometer-c521258f5992e6f5c61e1567e72a1351 + +info: + name: > + Olimometer < 2.57 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c148372b-e0d2-4164-b7e7-91921720adcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/olimometer/" + google-query: inurl:"/wp-content/plugins/olimometer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,olimometer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/olimometer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "olimometer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.57') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/olive-one-click-demo-import-440a978024c68b2f27be0eeba3cb55c2.yaml b/nuclei-templates/cve-less/plugins/olive-one-click-demo-import-440a978024c68b2f27be0eeba3cb55c2.yaml new file mode 100644 index 0000000000..960eea6b53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/olive-one-click-demo-import-440a978024c68b2f27be0eeba3cb55c2.yaml @@ -0,0 +1,58 @@ +id: olive-one-click-demo-import-440a978024c68b2f27be0eeba3cb55c2 + +info: + name: > + Olive One Click Demo Import <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload in olive_one_click_demo_import_save_file + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f3e3311-11d8-4e4f-9d99-36533fe44d56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/olive-one-click-demo-import/" + google-query: inurl:"/wp-content/plugins/olive-one-click-demo-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,olive-one-click-demo-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/olive-one-click-demo-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "olive-one-click-demo-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/olive-one-click-demo-import-5d017f957b0d5736d3f04d80942cf97a.yaml b/nuclei-templates/cve-less/plugins/olive-one-click-demo-import-5d017f957b0d5736d3f04d80942cf97a.yaml new file mode 100644 index 0000000000..552c394186 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/olive-one-click-demo-import-5d017f957b0d5736d3f04d80942cf97a.yaml @@ -0,0 +1,58 @@ +id: olive-one-click-demo-import-5d017f957b0d5736d3f04d80942cf97a + +info: + name: > + Olive One Click Demo Import <= 1.1.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11b8c13b-2167-4fca-a981-a331fadc0439?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/olive-one-click-demo-import/" + google-query: inurl:"/wp-content/plugins/olive-one-click-demo-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,olive-one-click-demo-import,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/olive-one-click-demo-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "olive-one-click-demo-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oliver-pos-245aba3aeb74b218457ab6f11f877ea6.yaml b/nuclei-templates/cve-less/plugins/oliver-pos-245aba3aeb74b218457ab6f11f877ea6.yaml new file mode 100644 index 0000000000..20c73df2ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oliver-pos-245aba3aeb74b218457ab6f11f877ea6.yaml @@ -0,0 +1,58 @@ +id: oliver-pos-245aba3aeb74b218457ab6f11f877ea6 + +info: + name: > + Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.1.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88d16ce2-a1cf-4402-b140-3cab17f8c638?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oliver-pos/" + google-query: inurl:"/wp-content/plugins/oliver-pos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oliver-pos,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oliver-pos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oliver-pos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oliver-pos-258778bddb1333c1704be45e0fa7b778.yaml b/nuclei-templates/cve-less/plugins/oliver-pos-258778bddb1333c1704be45e0fa7b778.yaml new file mode 100644 index 0000000000..467a332f38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oliver-pos-258778bddb1333c1704be45e0fa7b778.yaml @@ -0,0 +1,58 @@ +id: oliver-pos-258778bddb1333c1704be45e0fa7b778 + +info: + name: > + Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oliver-pos/" + google-query: inurl:"/wp-content/plugins/oliver-pos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oliver-pos,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oliver-pos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oliver-pos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/olympus-google-fonts-97a8bbca52a057b5fde67edd446b89ce.yaml b/nuclei-templates/cve-less/plugins/olympus-google-fonts-97a8bbca52a057b5fde67edd446b89ce.yaml new file mode 100644 index 0000000000..2e6abbdc91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/olympus-google-fonts-97a8bbca52a057b5fde67edd446b89ce.yaml @@ -0,0 +1,58 @@ +id: olympus-google-fonts-97a8bbca52a057b5fde67edd446b89ce + +info: + name: > + Google Fonts Typography <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via blockType arguments + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d3b4315-05cd-4349-8dd9-ea6792048a9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/olympus-google-fonts/" + google-query: inurl:"/wp-content/plugins/olympus-google-fonts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,olympus-google-fonts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/olympus-google-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "olympus-google-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/omfg-mobile-719947b7a1ac06fd82b24dd2b2c29f27.yaml b/nuclei-templates/cve-less/plugins/omfg-mobile-719947b7a1ac06fd82b24dd2b2c29f27.yaml new file mode 100644 index 0000000000..73fa93d3d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/omfg-mobile-719947b7a1ac06fd82b24dd2b2c29f27.yaml @@ -0,0 +1,58 @@ +id: omfg-mobile-719947b7a1ac06fd82b24dd2b2c29f27 + +info: + name: > + OMFG Mobile Pro <= 1.1.26 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf458f57-2c8b-44d1-8e36-bbfc1a66c2e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/omfg-mobile/" + google-query: inurl:"/wp-content/plugins/omfg-mobile/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,omfg-mobile,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/omfg-mobile/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "omfg-mobile" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/omnisend-connect-8c66e65fe1fbe52e6fc55791d539f808.yaml b/nuclei-templates/cve-less/plugins/omnisend-connect-8c66e65fe1fbe52e6fc55791d539f808.yaml new file mode 100644 index 0000000000..b63cb9e25f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/omnisend-connect-8c66e65fe1fbe52e6fc55791d539f808.yaml @@ -0,0 +1,58 @@ +id: omnisend-connect-8c66e65fe1fbe52e6fc55791d539f808 + +info: + name: > + Email Marketing for WooCommerce by Omnisend <= 1.13.8 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc2cd74d-b828-4524-b33d-c806bfd970b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/omnisend-connect/" + google-query: inurl:"/wp-content/plugins/omnisend-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,omnisend-connect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/omnisend-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "omnisend-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/omnisend-connect-fed4c752f6b00fd9dda419d58b575ffe.yaml b/nuclei-templates/cve-less/plugins/omnisend-connect-fed4c752f6b00fd9dda419d58b575ffe.yaml new file mode 100644 index 0000000000..c300f223a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/omnisend-connect-fed4c752f6b00fd9dda419d58b575ffe.yaml @@ -0,0 +1,58 @@ +id: omnisend-connect-fed4c752f6b00fd9dda419d58b575ffe + +info: + name: > + Email Marketing for WooCommerce by Omnisend <= 1.14.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f54f1e41-788b-45e5-b84f-06e664f5c597?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/omnisend-connect/" + google-query: inurl:"/wp-content/plugins/omnisend-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,omnisend-connect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/omnisend-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "omnisend-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/onclick-show-popup-a274b1ec9586c121ed58c6cb9eda6a2b.yaml b/nuclei-templates/cve-less/plugins/onclick-show-popup-a274b1ec9586c121ed58c6cb9eda6a2b.yaml new file mode 100644 index 0000000000..3da6b7bf82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/onclick-show-popup-a274b1ec9586c121ed58c6cb9eda6a2b.yaml @@ -0,0 +1,58 @@ +id: onclick-show-popup-a274b1ec9586c121ed58c6cb9eda6a2b + +info: + name: > + Onclick Show Popup <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee013d3f-18bc-418e-ab5b-87724710f340?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/onclick-show-popup/" + google-query: inurl:"/wp-content/plugins/onclick-show-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,onclick-show-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/onclick-show-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onclick-show-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/onclick-show-popup-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/onclick-show-popup-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..889108f956 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/onclick-show-popup-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: onclick-show-popup-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/onclick-show-popup/" + google-query: inurl:"/wp-content/plugins/onclick-show-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,onclick-show-popup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/onclick-show-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onclick-show-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/one-click-demo-import-a9a32f74174df8c480433ef7ce05b39d.yaml b/nuclei-templates/cve-less/plugins/one-click-demo-import-a9a32f74174df8c480433ef7ce05b39d.yaml new file mode 100644 index 0000000000..3c5172e0b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/one-click-demo-import-a9a32f74174df8c480433ef7ce05b39d.yaml @@ -0,0 +1,58 @@ +id: one-click-demo-import-a9a32f74174df8c480433ef7ce05b39d + +info: + name: > + Catch Themes Demo Import <= 3.0.2 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe98bd8c-6db3-4094-8ff2-ab21c8778698?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/one-click-demo-import/" + google-query: inurl:"/wp-content/plugins/one-click-demo-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,one-click-demo-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/one-click-demo-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "one-click-demo-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/one-click-plugin-updater-a27299fafee4147eee6143e446c0d4ac.yaml b/nuclei-templates/cve-less/plugins/one-click-plugin-updater-a27299fafee4147eee6143e446c0d4ac.yaml new file mode 100644 index 0000000000..15d0203d4e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/one-click-plugin-updater-a27299fafee4147eee6143e446c0d4ac.yaml @@ -0,0 +1,58 @@ +id: one-click-plugin-updater-a27299fafee4147eee6143e446c0d4ac + +info: + name: > + One Click Plugin Updater <= 2.4.14 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65b2b72a-5c76-463e-9513-26b400b40a65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/one-click-plugin-updater/" + google-query: inurl:"/wp-content/plugins/one-click-plugin-updater/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,one-click-plugin-updater,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/one-click-plugin-updater/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "one-click-plugin-updater" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/one-click-ssl-a5333a81df962bfc4dc1ef98d3ece12b.yaml b/nuclei-templates/cve-less/plugins/one-click-ssl-a5333a81df962bfc4dc1ef98d3ece12b.yaml new file mode 100644 index 0000000000..c716dcffd4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/one-click-ssl-a5333a81df962bfc4dc1ef98d3ece12b.yaml @@ -0,0 +1,58 @@ +id: one-click-ssl-a5333a81df962bfc4dc1ef98d3ece12b + +info: + name: > + One Click SSL <= 1.4.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a296dd3-fbcb-4443-a905-9cbaa87faf7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/one-click-ssl/" + google-query: inurl:"/wp-content/plugins/one-click-ssl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,one-click-ssl,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/one-click-ssl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "one-click-ssl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/one-user-avatar-2eb3196d201c69c1b619f7192e23dfa3.yaml b/nuclei-templates/cve-less/plugins/one-user-avatar-2eb3196d201c69c1b619f7192e23dfa3.yaml new file mode 100644 index 0000000000..c591033af7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/one-user-avatar-2eb3196d201c69c1b619f7192e23dfa3.yaml @@ -0,0 +1,58 @@ +id: one-user-avatar-2eb3196d201c69c1b619f7192e23dfa3 + +info: + name: > + One User Avatar <= 2.3.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e17dd3e7-9bd9-4852-9512-72fe1e40f86a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/one-user-avatar/" + google-query: inurl:"/wp-content/plugins/one-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,one-user-avatar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/one-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "one-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/one-user-avatar-7a9355f03955196b49afdc0799980494.yaml b/nuclei-templates/cve-less/plugins/one-user-avatar-7a9355f03955196b49afdc0799980494.yaml new file mode 100644 index 0000000000..d1c5fd07f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/one-user-avatar-7a9355f03955196b49afdc0799980494.yaml @@ -0,0 +1,58 @@ +id: one-user-avatar-7a9355f03955196b49afdc0799980494 + +info: + name: > + One User Avatar <= 2.3.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c35ed3ef-49bd-4f64-bb0f-2abedb7b978e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/one-user-avatar/" + google-query: inurl:"/wp-content/plugins/one-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,one-user-avatar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/one-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "one-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-5e1a23f981a78be569054daae1a85203.yaml b/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-5e1a23f981a78be569054daae1a85203.yaml new file mode 100644 index 0000000000..053ebbff92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-5e1a23f981a78be569054daae1a85203.yaml @@ -0,0 +1,58 @@ +id: oneclick-whatsapp-order-5e1a23f981a78be569054daae1a85203 + +info: + name: > + OneClick Chat to Order <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/172d8ffc-7ed3-43a6-942c-93b476a4fb50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oneclick-whatsapp-order/" + google-query: inurl:"/wp-content/plugins/oneclick-whatsapp-order/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oneclick-whatsapp-order,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oneclick-whatsapp-order/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oneclick-whatsapp-order" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-5fad00879c22741100673bb27b7a3e06.yaml b/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-5fad00879c22741100673bb27b7a3e06.yaml new file mode 100644 index 0000000000..42ffc47036 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-5fad00879c22741100673bb27b7a3e06.yaml @@ -0,0 +1,58 @@ +id: oneclick-whatsapp-order-5fad00879c22741100673bb27b7a3e06 + +info: + name: > + OneClick Chat to Order <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbc3fa27-630d-4048-b727-903da09ad644?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oneclick-whatsapp-order/" + google-query: inurl:"/wp-content/plugins/oneclick-whatsapp-order/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oneclick-whatsapp-order,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oneclick-whatsapp-order/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oneclick-whatsapp-order" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-78ddb3e5efc137c9989117bb477a197f.yaml b/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-78ddb3e5efc137c9989117bb477a197f.yaml new file mode 100644 index 0000000000..9f5606ae57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oneclick-whatsapp-order-78ddb3e5efc137c9989117bb477a197f.yaml @@ -0,0 +1,58 @@ +id: oneclick-whatsapp-order-78ddb3e5efc137c9989117bb477a197f + +info: + name: > + OneClick Chat to Order <= 1.0.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94f338c2-95c9-4ce8-8579-0b2b66547aa0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oneclick-whatsapp-order/" + google-query: inurl:"/wp-content/plugins/oneclick-whatsapp-order/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oneclick-whatsapp-order,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oneclick-whatsapp-order/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oneclick-whatsapp-order" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/onelogin-saml-sso-1108320cabd88205cc0f43eb95edee22.yaml b/nuclei-templates/cve-less/plugins/onelogin-saml-sso-1108320cabd88205cc0f43eb95edee22.yaml new file mode 100644 index 0000000000..37d064a53b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/onelogin-saml-sso-1108320cabd88205cc0f43eb95edee22.yaml @@ -0,0 +1,58 @@ +id: onelogin-saml-sso-1108320cabd88205cc0f43eb95edee22 + +info: + name: > + OneLogin SAML SSO < 2.2.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10ee015a-c60b-4236-bb7a-9d3ffd944bf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/onelogin-saml-sso/" + google-query: inurl:"/wp-content/plugins/onelogin-saml-sso/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,onelogin-saml-sso,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/onelogin-saml-sso/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onelogin-saml-sso" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/onesignal-free-web-push-notifications-697b3f7f41c78660c9aef82a5b73a231.yaml b/nuclei-templates/cve-less/plugins/onesignal-free-web-push-notifications-697b3f7f41c78660c9aef82a5b73a231.yaml new file mode 100644 index 0000000000..cdba935d69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/onesignal-free-web-push-notifications-697b3f7f41c78660c9aef82a5b73a231.yaml @@ -0,0 +1,58 @@ +id: onesignal-free-web-push-notifications-697b3f7f41c78660c9aef82a5b73a231 + +info: + name: > + OneSignal Web Push Notifications <=1.17.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a913ca7e-8f61-4615-b7fb-863b111fe22e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/onesignal-free-web-push-notifications/" + google-query: inurl:"/wp-content/plugins/onesignal-free-web-push-notifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,onesignal-free-web-push-notifications,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/onesignal-free-web-push-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onesignal-free-web-push-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.17.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/onetone-companion-161c93480bad1a6fddf7935d08286cca.yaml b/nuclei-templates/cve-less/plugins/onetone-companion-161c93480bad1a6fddf7935d08286cca.yaml new file mode 100644 index 0000000000..6e3ca3e8a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/onetone-companion-161c93480bad1a6fddf7935d08286cca.yaml @@ -0,0 +1,58 @@ +id: onetone-companion-161c93480bad1a6fddf7935d08286cca + +info: + name: > + OneTone <= 3.0.6 & OneTone Companion <= 1.1.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2777158-baa4-4209-ae15-03da5adafc75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/onetone-companion/" + google-query: inurl:"/wp-content/plugins/onetone-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,onetone-companion,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/onetone-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onetone-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/onetone-companion-95f9bc03677a083bf89832ea0c794033.yaml b/nuclei-templates/cve-less/plugins/onetone-companion-95f9bc03677a083bf89832ea0c794033.yaml new file mode 100644 index 0000000000..35727fd1f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/onetone-companion-95f9bc03677a083bf89832ea0c794033.yaml @@ -0,0 +1,58 @@ +id: onetone-companion-95f9bc03677a083bf89832ea0c794033 + +info: + name: > + OneTone <= 3.0.6 & OneTone Companion <= 1.1.1 - Unauthenticated Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8082c60-436d-42e3-8aa5-cd2cb8ce6355?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/onetone-companion/" + google-query: inurl:"/wp-content/plugins/onetone-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,onetone-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/onetone-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onetone-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/onionbuzz-viral-quiz-8c9605e19ac036b6c4395d0ff8d48030.yaml b/nuclei-templates/cve-less/plugins/onionbuzz-viral-quiz-8c9605e19ac036b6c4395d0ff8d48030.yaml new file mode 100644 index 0000000000..50b1a03fcb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/onionbuzz-viral-quiz-8c9605e19ac036b6c4395d0ff8d48030.yaml @@ -0,0 +1,58 @@ +id: onionbuzz-viral-quiz-8c9605e19ac036b6c4395d0ff8d48030 + +info: + name: > + OnionBuzz Plugin < 1.2.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/979c1107-788a-4130-b1d1-5cad3717962b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/onionbuzz-viral-quiz/" + google-query: inurl:"/wp-content/plugins/onionbuzz-viral-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,onionbuzz-viral-quiz,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/onionbuzz-viral-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onionbuzz-viral-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/onionbuzz-viral-quiz-b0e06633c5fe43db8e7a0339b16c2f91.yaml b/nuclei-templates/cve-less/plugins/onionbuzz-viral-quiz-b0e06633c5fe43db8e7a0339b16c2f91.yaml new file mode 100644 index 0000000000..8d10d8ea86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/onionbuzz-viral-quiz-b0e06633c5fe43db8e7a0339b16c2f91.yaml @@ -0,0 +1,58 @@ +id: onionbuzz-viral-quiz-b0e06633c5fe43db8e7a0339b16c2f91 + +info: + name: > + Viral Quiz Maker - OnionBuzz < 1.2.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a562a213-9c63-4236-8c2c-c7fadffb5ac4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/onionbuzz-viral-quiz/" + google-query: inurl:"/wp-content/plugins/onionbuzz-viral-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,onionbuzz-viral-quiz,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/onionbuzz-viral-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onionbuzz-viral-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/online-accessibility-2cc161db9aab9dca8c45963425559bbc.yaml b/nuclei-templates/cve-less/plugins/online-accessibility-2cc161db9aab9dca8c45963425559bbc.yaml new file mode 100644 index 0000000000..91ab430830 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/online-accessibility-2cc161db9aab9dca8c45963425559bbc.yaml @@ -0,0 +1,58 @@ +id: online-accessibility-2cc161db9aab9dca8c45963425559bbc + +info: + name: > + Accessibility Suite by Online ADA <= 4.11 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10590944-e08e-4980-846d-7a88880b2dcd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/online-accessibility/" + google-query: inurl:"/wp-content/plugins/online-accessibility/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,online-accessibility,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/online-accessibility/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "online-accessibility" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/online-accessibility-32de7cdd0bd82a27d1f9a9185ff54e70.yaml b/nuclei-templates/cve-less/plugins/online-accessibility-32de7cdd0bd82a27d1f9a9185ff54e70.yaml new file mode 100644 index 0000000000..137637d76b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/online-accessibility-32de7cdd0bd82a27d1f9a9185ff54e70.yaml @@ -0,0 +1,58 @@ +id: online-accessibility-32de7cdd0bd82a27d1f9a9185ff54e70 + +info: + name: > + Accessibility Suite by Online ADA <= 4.12 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71c21af1-a007-4535-98ea-a6f25142bcf6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/online-accessibility/" + google-query: inurl:"/wp-content/plugins/online-accessibility/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,online-accessibility,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/online-accessibility/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "online-accessibility" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/online-lesson-booking-system-236e1bbcc1e74385f1fd59662dd67917.yaml b/nuclei-templates/cve-less/plugins/online-lesson-booking-system-236e1bbcc1e74385f1fd59662dd67917.yaml new file mode 100644 index 0000000000..e79f4dde6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/online-lesson-booking-system-236e1bbcc1e74385f1fd59662dd67917.yaml @@ -0,0 +1,58 @@ +id: online-lesson-booking-system-236e1bbcc1e74385f1fd59662dd67917 + +info: + name: > + Online Lesson Booking <= 0.8.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/391ed7a2-64db-4a79-a697-86c70c60d02e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/online-lesson-booking-system/" + google-query: inurl:"/wp-content/plugins/online-lesson-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,online-lesson-booking-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/online-lesson-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "online-lesson-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/online-lesson-booking-system-c1ecb14191a04d9e43d6e6f80f13e749.yaml b/nuclei-templates/cve-less/plugins/online-lesson-booking-system-c1ecb14191a04d9e43d6e6f80f13e749.yaml new file mode 100644 index 0000000000..4f2728b62e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/online-lesson-booking-system-c1ecb14191a04d9e43d6e6f80f13e749.yaml @@ -0,0 +1,58 @@ +id: online-lesson-booking-system-c1ecb14191a04d9e43d6e6f80f13e749 + +info: + name: > + Online Lesson Booking <= 0.8.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d2309cd-625e-4508-8d60-25817023aa15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/online-lesson-booking-system/" + google-query: inurl:"/wp-content/plugins/online-lesson-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,online-lesson-booking-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/online-lesson-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "online-lesson-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/only-tweet-like-share-and-google-1-6da6015396d12ad265b2f5a24810c5e3.yaml b/nuclei-templates/cve-less/plugins/only-tweet-like-share-and-google-1-6da6015396d12ad265b2f5a24810c5e3.yaml new file mode 100644 index 0000000000..97a8509b43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/only-tweet-like-share-and-google-1-6da6015396d12ad265b2f5a24810c5e3.yaml @@ -0,0 +1,58 @@ +id: only-tweet-like-share-and-google-1-6da6015396d12ad265b2f5a24810c5e3 + +info: + name: > + Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98780ecc-fb45-4392-955d-ddecf9f7fca1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/only-tweet-like-share-and-google-1/" + google-query: inurl:"/wp-content/plugins/only-tweet-like-share-and-google-1/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,only-tweet-like-share-and-google-1,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/only-tweet-like-share-and-google-1/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "only-tweet-like-share-and-google-1" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/onwebchat-802c4864b87b89e6df06fc16568188de.yaml b/nuclei-templates/cve-less/plugins/onwebchat-802c4864b87b89e6df06fc16568188de.yaml new file mode 100644 index 0000000000..dd6281cef2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/onwebchat-802c4864b87b89e6df06fc16568188de.yaml @@ -0,0 +1,58 @@ +id: onwebchat-802c4864b87b89e6df06fc16568188de + +info: + name: > + Live Chat – Live support <= 3.1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b17d1280-2bae-4c45-b2e1-fbfcb2c7c15b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/onwebchat/" + google-query: inurl:"/wp-content/plugins/onwebchat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,onwebchat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/onwebchat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onwebchat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ooohboi-steroids-for-elementor-1ec906f849b052ad86a65e59b4ad588d.yaml b/nuclei-templates/cve-less/plugins/ooohboi-steroids-for-elementor-1ec906f849b052ad86a65e59b4ad588d.yaml new file mode 100644 index 0000000000..f29be30662 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ooohboi-steroids-for-elementor-1ec906f849b052ad86a65e59b4ad588d.yaml @@ -0,0 +1,58 @@ +id: ooohboi-steroids-for-elementor-1ec906f849b052ad86a65e59b4ad588d + +info: + name: > + OoohBoi Steroids for Elementor <= 2.1.4 - Missing Authorization leading to Authenticated (Subscriber+) Image Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c56ed896-9267-49e6-a207-fe5362fe18cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ooohboi-steroids-for-elementor/" + google-query: inurl:"/wp-content/plugins/ooohboi-steroids-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ooohboi-steroids-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ooohboi-steroids-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ooohboi-steroids-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ooohboi-steroids-for-elementor-aef6ec9f420d3aef577ad115ead987ef.yaml b/nuclei-templates/cve-less/plugins/ooohboi-steroids-for-elementor-aef6ec9f420d3aef577ad115ead987ef.yaml new file mode 100644 index 0000000000..5e469995d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ooohboi-steroids-for-elementor-aef6ec9f420d3aef577ad115ead987ef.yaml @@ -0,0 +1,58 @@ +id: ooohboi-steroids-for-elementor-aef6ec9f420d3aef577ad115ead987ef + +info: + name: > + OoohBoi Steroids for Elementor <= 2.1.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c24c57e5-2b42-40db-816a-f1327d1ac09b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ooohboi-steroids-for-elementor/" + google-query: inurl:"/wp-content/plugins/ooohboi-steroids-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ooohboi-steroids-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ooohboi-steroids-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ooohboi-steroids-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ooorl-e0cc1eea89ba954f43096969782e9ac2.yaml b/nuclei-templates/cve-less/plugins/ooorl-e0cc1eea89ba954f43096969782e9ac2.yaml new file mode 100644 index 0000000000..b899c836f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ooorl-e0cc1eea89ba954f43096969782e9ac2.yaml @@ -0,0 +1,58 @@ +id: ooorl-e0cc1eea89ba954f43096969782e9ac2 + +info: + name: > + Ooorl <= 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08916934-c9b8-4bc0-8b8c-991ed0b78be2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ooorl/" + google-query: inurl:"/wp-content/plugins/ooorl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ooorl,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ooorl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ooorl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oopspam-anti-spam-1fe914fcf9950622b9e1e73ce1a20a73.yaml b/nuclei-templates/cve-less/plugins/oopspam-anti-spam-1fe914fcf9950622b9e1e73ce1a20a73.yaml new file mode 100644 index 0000000000..5b1b9d594d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oopspam-anti-spam-1fe914fcf9950622b9e1e73ce1a20a73.yaml @@ -0,0 +1,58 @@ +id: oopspam-anti-spam-1fe914fcf9950622b9e1e73ce1a20a73 + +info: + name: > + OOPSpam Anti-Spam <= 1.1.44 - Cross-Site Request Forgery via empty_ham_entries and empty_spam_entries + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/479f7e9c-8918-4b87-b33d-a396276fb637?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oopspam-anti-spam/" + google-query: inurl:"/wp-content/plugins/oopspam-anti-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oopspam-anti-spam,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oopspam-anti-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oopspam-anti-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.45') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oopspam-anti-spam-6bf95a000c0173a075e212bc6eeb873d.yaml b/nuclei-templates/cve-less/plugins/oopspam-anti-spam-6bf95a000c0173a075e212bc6eeb873d.yaml new file mode 100644 index 0000000000..2cd72445ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oopspam-anti-spam-6bf95a000c0173a075e212bc6eeb873d.yaml @@ -0,0 +1,58 @@ +id: oopspam-anti-spam-6bf95a000c0173a075e212bc6eeb873d + +info: + name: > + OOPSpam Anti-Spam <= 1.1.35 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fbd5ac8-11c0-4628-9a7b-620b17cc8ba6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oopspam-anti-spam/" + google-query: inurl:"/wp-content/plugins/oopspam-anti-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oopspam-anti-spam,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oopspam-anti-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oopspam-anti-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/opal-estate-2a75025d80c85273c30a2737105c9f4c.yaml b/nuclei-templates/cve-less/plugins/opal-estate-2a75025d80c85273c30a2737105c9f4c.yaml new file mode 100644 index 0000000000..ecd13c424a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/opal-estate-2a75025d80c85273c30a2737105c9f4c.yaml @@ -0,0 +1,58 @@ +id: opal-estate-2a75025d80c85273c30a2737105c9f4c + +info: + name: > + Opal Estate <= 1.6.11 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2645899c-2b6b-48bd-8f33-2a837a951c5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/opal-estate/" + google-query: inurl:"/wp-content/plugins/opal-estate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,opal-estate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/opal-estate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opal-estate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/opal-estate-92760ee1af263e3e31758b506a58ef85.yaml b/nuclei-templates/cve-less/plugins/opal-estate-92760ee1af263e3e31758b506a58ef85.yaml new file mode 100644 index 0000000000..72667fd35d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/opal-estate-92760ee1af263e3e31758b506a58ef85.yaml @@ -0,0 +1,58 @@ +id: opal-estate-92760ee1af263e3e31758b506a58ef85 + +info: + name: > + Opal Estate <= 1.6.11 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ce729a2-a106-45ab-b96c-cfe75246def7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/opal-estate/" + google-query: inurl:"/wp-content/plugins/opal-estate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,opal-estate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/opal-estate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opal-estate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/opal-hotel-room-booking-6dff8ad57b57f849baa2c45d3ecc2834.yaml b/nuclei-templates/cve-less/plugins/opal-hotel-room-booking-6dff8ad57b57f849baa2c45d3ecc2834.yaml new file mode 100644 index 0000000000..953f32047f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/opal-hotel-room-booking-6dff8ad57b57f849baa2c45d3ecc2834.yaml @@ -0,0 +1,58 @@ +id: opal-hotel-room-booking-6dff8ad57b57f849baa2c45d3ecc2834 + +info: + name: > + Opal Hotel Room Booking plugin <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66bd5065-aa4c-4b5b-a312-2f7bd1643d35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/opal-hotel-room-booking/" + google-query: inurl:"/wp-content/plugins/opal-hotel-room-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,opal-hotel-room-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/opal-hotel-room-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opal-hotel-room-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/opal-widgets-for-elementor-75f9430e21b1ffadf43723a73937595b.yaml b/nuclei-templates/cve-less/plugins/opal-widgets-for-elementor-75f9430e21b1ffadf43723a73937595b.yaml new file mode 100644 index 0000000000..d770654b5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/opal-widgets-for-elementor-75f9430e21b1ffadf43723a73937595b.yaml @@ -0,0 +1,58 @@ +id: opal-widgets-for-elementor-75f9430e21b1ffadf43723a73937595b + +info: + name: > + Opal Widgets For Elementor <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce27f598-b64a-45da-b61a-190570220ec2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/opal-widgets-for-elementor/" + google-query: inurl:"/wp-content/plugins/opal-widgets-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,opal-widgets-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/opal-widgets-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opal-widgets-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/opcache-57773fba6f4ab595b91e9cf1bf98318c.yaml b/nuclei-templates/cve-less/plugins/opcache-57773fba6f4ab595b91e9cf1bf98318c.yaml new file mode 100644 index 0000000000..d6bdef3471 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/opcache-57773fba6f4ab595b91e9cf1bf98318c.yaml @@ -0,0 +1,58 @@ +id: opcache-57773fba6f4ab595b91e9cf1bf98318c + +info: + name: > + OPcache Dashboard <= 0.3.1 - Reflected Cross-Site Scripting via 'page' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3d6104b-eb2d-4e7e-98bd-6a46bd69ef5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/opcache/" + google-query: inurl:"/wp-content/plugins/opcache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,opcache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/opcache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opcache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/open-external-links-in-a-new-window-00198a18211aefc70b8ce0f7e41cdd92.yaml b/nuclei-templates/cve-less/plugins/open-external-links-in-a-new-window-00198a18211aefc70b8ce0f7e41cdd92.yaml new file mode 100644 index 0000000000..6548e5fa63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/open-external-links-in-a-new-window-00198a18211aefc70b8ce0f7e41cdd92.yaml @@ -0,0 +1,58 @@ +id: open-external-links-in-a-new-window-00198a18211aefc70b8ce0f7e41cdd92 + +info: + name: > + External Links in New Window / New Tab <= 1.42 - Tabnabbing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/951b8cbd-0509-4548-ae69-6cfd67e83b1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/open-external-links-in-a-new-window/" + google-query: inurl:"/wp-content/plugins/open-external-links-in-a-new-window/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,open-external-links-in-a-new-window,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/open-external-links-in-a-new-window/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "open-external-links-in-a-new-window" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/open-external-links-in-a-new-window-39407bfbd26cec40aa785db15ec93f9b.yaml b/nuclei-templates/cve-less/plugins/open-external-links-in-a-new-window-39407bfbd26cec40aa785db15ec93f9b.yaml new file mode 100644 index 0000000000..c062e321ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/open-external-links-in-a-new-window-39407bfbd26cec40aa785db15ec93f9b.yaml @@ -0,0 +1,58 @@ +id: open-external-links-in-a-new-window-39407bfbd26cec40aa785db15ec93f9b + +info: + name: > + External Links in New Window / New Tab <= 1.42 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2490a51c-718f-463b-ab80-82d48deb2f1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/open-external-links-in-a-new-window/" + google-query: inurl:"/wp-content/plugins/open-external-links-in-a-new-window/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,open-external-links-in-a-new-window,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/open-external-links-in-a-new-window/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "open-external-links-in-a-new-window" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/open-graph-metabox-74b8f8fd0be969b30108aa2c0d40f175.yaml b/nuclei-templates/cve-less/plugins/open-graph-metabox-74b8f8fd0be969b30108aa2c0d40f175.yaml new file mode 100644 index 0000000000..81d7aa868e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/open-graph-metabox-74b8f8fd0be969b30108aa2c0d40f175.yaml @@ -0,0 +1,58 @@ +id: open-graph-metabox-74b8f8fd0be969b30108aa2c0d40f175 + +info: + name: > + Open Graph Metabox <= 1.4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a2b7aac-b11d-4c52-b3d8-7b3f4b3eecd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/open-graph-metabox/" + google-query: inurl:"/wp-content/plugins/open-graph-metabox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,open-graph-metabox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/open-graph-metabox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "open-graph-metabox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/open-graphite-ee6e51fb33ca759d2625bd1f3a131728.yaml b/nuclei-templates/cve-less/plugins/open-graphite-ee6e51fb33ca759d2625bd1f3a131728.yaml new file mode 100644 index 0000000000..34f76a8c09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/open-graphite-ee6e51fb33ca759d2625bd1f3a131728.yaml @@ -0,0 +1,58 @@ +id: open-graphite-ee6e51fb33ca759d2625bd1f3a131728 + +info: + name: > + Open Graphite <= 1.6.0 - Reflected Cross-Site Scripting via topic parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd368b2c-ef40-453b-aeef-ad88d847c29b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/open-graphite/" + google-query: inurl:"/wp-content/plugins/open-graphite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,open-graphite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/open-graphite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "open-graphite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/open-rdw-kenteken-voertuiginformatie-96ad90fd0ad467a1d69bc6e1840d3891.yaml b/nuclei-templates/cve-less/plugins/open-rdw-kenteken-voertuiginformatie-96ad90fd0ad467a1d69bc6e1840d3891.yaml new file mode 100644 index 0000000000..ba4d89f38d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/open-rdw-kenteken-voertuiginformatie-96ad90fd0ad467a1d69bc6e1840d3891.yaml @@ -0,0 +1,58 @@ +id: open-rdw-kenteken-voertuiginformatie-96ad90fd0ad467a1d69bc6e1840d3891 + +info: + name: > + Open RDW kenteken voertuiginformatie <= 2.0.14 - Reflected Cross-Site Scripting via open_data_rdw_kenteken + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fa87357-09c0-4e99-8ceb-41a7987c4a57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/open-rdw-kenteken-voertuiginformatie/" + google-query: inurl:"/wp-content/plugins/open-rdw-kenteken-voertuiginformatie/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,open-rdw-kenteken-voertuiginformatie,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/open-rdw-kenteken-voertuiginformatie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "open-rdw-kenteken-voertuiginformatie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/open-social-55fba5060ceecf0350eb52f214341712.yaml b/nuclei-templates/cve-less/plugins/open-social-55fba5060ceecf0350eb52f214341712.yaml new file mode 100644 index 0000000000..5cf94176ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/open-social-55fba5060ceecf0350eb52f214341712.yaml @@ -0,0 +1,58 @@ +id: open-social-55fba5060ceecf0350eb52f214341712 + +info: + name: > + WP Open Social <= 5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be0dc9be-f597-46d8-badd-452e442a6d1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/open-social/" + google-query: inurl:"/wp-content/plugins/open-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,open-social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/open-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "open-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/open-user-map-d517a1f1b39fbb25ce31405c236e39dc.yaml b/nuclei-templates/cve-less/plugins/open-user-map-d517a1f1b39fbb25ce31405c236e39dc.yaml new file mode 100644 index 0000000000..147a7badb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/open-user-map-d517a1f1b39fbb25ce31405c236e39dc.yaml @@ -0,0 +1,58 @@ +id: open-user-map-d517a1f1b39fbb25ce31405c236e39dc + +info: + name: > + Open User Map | Everybody can add locations <= 1.3.26 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08593415-bbc9-4159-b5d5-84e4dde6c2c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/open-user-map/" + google-query: inurl:"/wp-content/plugins/open-user-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,open-user-map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/open-user-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "open-user-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/openbook-book-data-fc3bbad32864e7b45f7b03bfa40e7ab6.yaml b/nuclei-templates/cve-less/plugins/openbook-book-data-fc3bbad32864e7b45f7b03bfa40e7ab6.yaml new file mode 100644 index 0000000000..f9beaa0706 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/openbook-book-data-fc3bbad32864e7b45f7b03bfa40e7ab6.yaml @@ -0,0 +1,58 @@ +id: openbook-book-data-fc3bbad32864e7b45f7b03bfa40e7ab6 + +info: + name: > + OpenBook Book Data <= 3.5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c79a173d-b9c3-4554-95e7-2a4b87382079?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/openbook-book-data/" + google-query: inurl:"/wp-content/plugins/openbook-book-data/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,openbook-book-data,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/openbook-book-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "openbook-book-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/openid-849d5a0a490a95eaf95ef135844c0ef2.yaml b/nuclei-templates/cve-less/plugins/openid-849d5a0a490a95eaf95ef135844c0ef2.yaml new file mode 100644 index 0000000000..26b313abb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/openid-849d5a0a490a95eaf95ef135844c0ef2.yaml @@ -0,0 +1,58 @@ +id: openid-849d5a0a490a95eaf95ef135844c0ef2 + +info: + name: > + OpenID <= 3.6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6aa2be6c-299e-4769-9070-a3c337bce990?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/openid/" + google-query: inurl:"/wp-content/plugins/openid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,openid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/openid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "openid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/opening-hours-8a9da35b1949b285490ef29120cda9a5.yaml b/nuclei-templates/cve-less/plugins/opening-hours-8a9da35b1949b285490ef29120cda9a5.yaml new file mode 100644 index 0000000000..bd5c4e7c74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/opening-hours-8a9da35b1949b285490ef29120cda9a5.yaml @@ -0,0 +1,58 @@ +id: opening-hours-8a9da35b1949b285490ef29120cda9a5 + +info: + name: > + We’re Open! <= 1.46 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a5c6b05-6e28-40be-80cb-9f95241a4fc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/opening-hours/" + google-query: inurl:"/wp-content/plugins/opening-hours/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,opening-hours,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/opening-hours/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opening-hours" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/opening-hours-8ef1ea8d8498496f3516b88ed77244c0.yaml b/nuclei-templates/cve-less/plugins/opening-hours-8ef1ea8d8498496f3516b88ed77244c0.yaml new file mode 100644 index 0000000000..5677785c35 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/opening-hours-8ef1ea8d8498496f3516b88ed77244c0.yaml @@ -0,0 +1,58 @@ +id: opening-hours-8ef1ea8d8498496f3516b88ed77244c0 + +info: + name: > + We’re Open! <= 1.45 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2e0a227-670d-40d8-ba82-6602ab57bc4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/opening-hours/" + google-query: inurl:"/wp-content/plugins/opening-hours/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,opening-hours,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/opening-hours/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opening-hours" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.45') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/opening-hours-c0079d75a97eeffbdeb6d0d0f4759f91.yaml b/nuclei-templates/cve-less/plugins/opening-hours-c0079d75a97eeffbdeb6d0d0f4759f91.yaml new file mode 100644 index 0000000000..35f8f9b7cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/opening-hours-c0079d75a97eeffbdeb6d0d0f4759f91.yaml @@ -0,0 +1,58 @@ +id: opening-hours-c0079d75a97eeffbdeb6d0d0f4759f91 + +info: + name: > + We’re Open! <= 1.41 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3fad525f-8dcb-453c-9e53-2335c6d1c46d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/opening-hours/" + google-query: inurl:"/wp-content/plugins/opening-hours/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,opening-hours,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/opening-hours/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opening-hours" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/opensea-3e83969edc359576afe93a3a140053fe.yaml b/nuclei-templates/cve-less/plugins/opensea-3e83969edc359576afe93a3a140053fe.yaml new file mode 100644 index 0000000000..2e05c164bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/opensea-3e83969edc359576afe93a3a140053fe.yaml @@ -0,0 +1,58 @@ +id: opensea-3e83969edc359576afe93a3a140053fe + +info: + name: > + Opensea <= 1.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/082efb3c-dbe4-49b5-abec-da91f2d463eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/opensea/" + google-query: inurl:"/wp-content/plugins/opensea/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,opensea,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/opensea/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opensea" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ops-robots-txt-bd57476daf1ac0de7401eb5bfcebce92.yaml b/nuclei-templates/cve-less/plugins/ops-robots-txt-bd57476daf1ac0de7401eb5bfcebce92.yaml new file mode 100644 index 0000000000..595de04dd1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ops-robots-txt-bd57476daf1ac0de7401eb5bfcebce92.yaml @@ -0,0 +1,58 @@ +id: ops-robots-txt-bd57476daf1ac0de7401eb5bfcebce92 + +info: + name: > + On Page SEO + Whatsapp Chat Button <= 1.0.1 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44f64753-920f-4099-9cb1-018b24f972eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ops-robots-txt/" + google-query: inurl:"/wp-content/plugins/ops-robots-txt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ops-robots-txt,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ops-robots-txt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ops-robots-txt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optima-express-a4c0765b0c52463caf31b82bc7711eb8.yaml b/nuclei-templates/cve-less/plugins/optima-express-a4c0765b0c52463caf31b82bc7711eb8.yaml new file mode 100644 index 0000000000..ff09aea8a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optima-express-a4c0765b0c52463caf31b82bc7711eb8.yaml @@ -0,0 +1,58 @@ +id: optima-express-a4c0765b0c52463caf31b82bc7711eb8 + +info: + name: > + Optima Express + MarketBoost IDX Plugin <= 7.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/059e262b-ee63-4f8b-82ab-c12bcf70f879?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optima-express/" + google-query: inurl:"/wp-content/plugins/optima-express/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optima-express,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optima-express/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optima-express" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optimole-wp-7ae1e981db663479bebe95d4fc6e1fb9.yaml b/nuclei-templates/cve-less/plugins/optimole-wp-7ae1e981db663479bebe95d4fc6e1fb9.yaml new file mode 100644 index 0000000000..68f17dfaa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optimole-wp-7ae1e981db663479bebe95d4fc6e1fb9.yaml @@ -0,0 +1,58 @@ +id: optimole-wp-7ae1e981db663479bebe95d4fc6e1fb9 + +info: + name: > + Image optimization & Lazy Load <= 3.3.1 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e2af005-0bc2-445c-956a-ef6139abfee4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optimole-wp/" + google-query: inurl:"/wp-content/plugins/optimole-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optimole-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optimole-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optimole-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optimole-wp-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/optimole-wp-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..81515e7455 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optimole-wp-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: optimole-wp-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optimole-wp/" + google-query: inurl:"/wp-content/plugins/optimole-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optimole-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optimole-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optimole-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.12.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optin-forms-b4a1c53e99884a28029186adce52a970.yaml b/nuclei-templates/cve-less/plugins/optin-forms-b4a1c53e99884a28029186adce52a970.yaml new file mode 100644 index 0000000000..04220022a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optin-forms-b4a1c53e99884a28029186adce52a970.yaml @@ -0,0 +1,58 @@ +id: optin-forms-b4a1c53e99884a28029186adce52a970 + +info: + name: > + Optin Forms <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3971c145-6dca-49af-bbb3-7ef4ce51507f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optin-forms/" + google-query: inurl:"/wp-content/plugins/optin-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optin-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optin-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optin-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optin-forms-d9b7d332948d93ec19ade23944fe8ee3.yaml b/nuclei-templates/cve-less/plugins/optin-forms-d9b7d332948d93ec19ade23944fe8ee3.yaml new file mode 100644 index 0000000000..0936103c4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optin-forms-d9b7d332948d93ec19ade23944fe8ee3.yaml @@ -0,0 +1,58 @@ +id: optin-forms-d9b7d332948d93ec19ade23944fe8ee3 + +info: + name: > + Optin Forms <= 1.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35e0a997-190e-457a-b80c-7b4ecec97095?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optin-forms/" + google-query: inurl:"/wp-content/plugins/optin-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optin-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optin-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optin-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optinly-65a9527890576df98e6c12dd65024410.yaml b/nuclei-templates/cve-less/plugins/optinly-65a9527890576df98e6c12dd65024410.yaml new file mode 100644 index 0000000000..b71a7ddf48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optinly-65a9527890576df98e6c12dd65024410.yaml @@ -0,0 +1,58 @@ +id: optinly-65a9527890576df98e6c12dd65024410 + +info: + name: > + Optinly <= 1.0.15 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2b66eca-67cf-404e-9c4b-6add0ee79141?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optinly/" + google-query: inurl:"/wp-content/plugins/optinly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optinly,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optinly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optinly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optinly-8c1dce2381adf553748abcaef006cd86.yaml b/nuclei-templates/cve-less/plugins/optinly-8c1dce2381adf553748abcaef006cd86.yaml new file mode 100644 index 0000000000..62783e1158 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optinly-8c1dce2381adf553748abcaef006cd86.yaml @@ -0,0 +1,58 @@ +id: optinly-8c1dce2381adf553748abcaef006cd86 + +info: + name: > + Optinly <= 1.0.18 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13b0f306-cfd1-4c36-b694-de7968f0ae1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optinly/" + google-query: inurl:"/wp-content/plugins/optinly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optinly,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optinly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optinly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optinmonster-2e5b9dabe10dfc18a46871d43fa96491.yaml b/nuclei-templates/cve-less/plugins/optinmonster-2e5b9dabe10dfc18a46871d43fa96491.yaml new file mode 100644 index 0000000000..b7b5830e0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optinmonster-2e5b9dabe10dfc18a46871d43fa96491.yaml @@ -0,0 +1,58 @@ +id: optinmonster-2e5b9dabe10dfc18a46871d43fa96491 + +info: + name: > + OptinMonster <= 2.12.1 - Authenticated (Subscriber+) Sensitive Information Disclosure via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfbdb5a7-e949-4d3a-8c8d-5dc6702f4675?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optinmonster/" + google-query: inurl:"/wp-content/plugins/optinmonster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optinmonster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optinmonster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optinmonster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optinmonster-7ec39aae63fcb435502dc6ef345e3943.yaml b/nuclei-templates/cve-less/plugins/optinmonster-7ec39aae63fcb435502dc6ef345e3943.yaml new file mode 100644 index 0000000000..2c8776750e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optinmonster-7ec39aae63fcb435502dc6ef345e3943.yaml @@ -0,0 +1,58 @@ +id: optinmonster-7ec39aae63fcb435502dc6ef345e3943 + +info: + name: > + OptinMonster <= 2.6.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f39c478-7b64-4afc-8c3f-9409e105954a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optinmonster/" + google-query: inurl:"/wp-content/plugins/optinmonster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optinmonster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optinmonster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optinmonster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optinmonster-8105121190d01c38a4c87c0ee0fe8654.yaml b/nuclei-templates/cve-less/plugins/optinmonster-8105121190d01c38a4c87c0ee0fe8654.yaml new file mode 100644 index 0000000000..c0fae05715 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optinmonster-8105121190d01c38a4c87c0ee0fe8654.yaml @@ -0,0 +1,58 @@ +id: optinmonster-8105121190d01c38a4c87c0ee0fe8654 + +info: + name: > + Popup Builder by OptinMonster <= 1.1.4.5 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d396e47a-cabe-4498-9269-d67bdeb0c570?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optinmonster/" + google-query: inurl:"/wp-content/plugins/optinmonster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optinmonster,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optinmonster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optinmonster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optinmonster-83bf7d35b08455904e5385f6657b0ce1.yaml b/nuclei-templates/cve-less/plugins/optinmonster-83bf7d35b08455904e5385f6657b0ce1.yaml new file mode 100644 index 0000000000..1ef0cee387 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optinmonster-83bf7d35b08455904e5385f6657b0ce1.yaml @@ -0,0 +1,58 @@ +id: optinmonster-83bf7d35b08455904e5385f6657b0ce1 + +info: + name: > + OptinMonster <= 2.6.4 - Unprotected REST-API Endpoints + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77eb40c2-735a-49f2-9d07-5cf7535bd722?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optinmonster/" + google-query: inurl:"/wp-content/plugins/optinmonster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optinmonster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optinmonster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optinmonster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/optinmonster-fe779104db6239df2fe810ed3afc3c87.yaml b/nuclei-templates/cve-less/plugins/optinmonster-fe779104db6239df2fe810ed3afc3c87.yaml new file mode 100644 index 0000000000..053a53f6d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/optinmonster-fe779104db6239df2fe810ed3afc3c87.yaml @@ -0,0 +1,58 @@ +id: optinmonster-fe779104db6239df2fe810ed3afc3c87 + +info: + name: > + Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.15.3 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7ed53bd-08de-4ec9-a8dd-eef72b788359?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/optinmonster/" + google-query: inurl:"/wp-content/plugins/optinmonster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,optinmonster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/optinmonster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optinmonster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/option-tree-3026c779c348f01329035d4d36b36cef.yaml b/nuclei-templates/cve-less/plugins/option-tree-3026c779c348f01329035d4d36b36cef.yaml new file mode 100644 index 0000000000..a2cd0bc794 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/option-tree-3026c779c348f01329035d4d36b36cef.yaml @@ -0,0 +1,58 @@ +id: option-tree-3026c779c348f01329035d4d36b36cef + +info: + name: > + Option Tree <= 2.6.0 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec29bc37-db27-4bf3-b55f-15c4a7274acd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/option-tree/" + google-query: inurl:"/wp-content/plugins/option-tree/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,option-tree,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/option-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "option-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/option-tree-5b29964f9492d211e56c39574405e47e.yaml b/nuclei-templates/cve-less/plugins/option-tree-5b29964f9492d211e56c39574405e47e.yaml new file mode 100644 index 0000000000..72e85f7862 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/option-tree-5b29964f9492d211e56c39574405e47e.yaml @@ -0,0 +1,58 @@ +id: option-tree-5b29964f9492d211e56c39574405e47e + +info: + name: > + Option Tree <= 2.7.2 - Object Injection Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b50bdf83-d6e1-46bd-be6c-4fcb77ef94db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/option-tree/" + google-query: inurl:"/wp-content/plugins/option-tree/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,option-tree,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/option-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "option-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/option-tree-6e42e23486d09ec34675722772aa1b90.yaml b/nuclei-templates/cve-less/plugins/option-tree-6e42e23486d09ec34675722772aa1b90.yaml new file mode 100644 index 0000000000..e2837fc671 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/option-tree-6e42e23486d09ec34675722772aa1b90.yaml @@ -0,0 +1,58 @@ +id: option-tree-6e42e23486d09ec34675722772aa1b90 + +info: + name: > + Option Tree <= 2.5.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9717e4aa-4294-4194-b2ab-3b0ec845a1ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/option-tree/" + google-query: inurl:"/wp-content/plugins/option-tree/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,option-tree,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/option-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "option-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/option-tree-75c93ad74d45c10e07e436b9060dff63.yaml b/nuclei-templates/cve-less/plugins/option-tree-75c93ad74d45c10e07e436b9060dff63.yaml new file mode 100644 index 0000000000..b60f6db181 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/option-tree-75c93ad74d45c10e07e436b9060dff63.yaml @@ -0,0 +1,58 @@ +id: option-tree-75c93ad74d45c10e07e436b9060dff63 + +info: + name: > + Option Tree <= 2.5.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d02fc744-35e5-44eb-8790-66997e95d017?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/option-tree/" + google-query: inurl:"/wp-content/plugins/option-tree/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,option-tree,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/option-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "option-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/option-tree-aa5a6552b97b2c6070e07b71a44f6dad.yaml b/nuclei-templates/cve-less/plugins/option-tree-aa5a6552b97b2c6070e07b71a44f6dad.yaml new file mode 100644 index 0000000000..2f73cfba93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/option-tree-aa5a6552b97b2c6070e07b71a44f6dad.yaml @@ -0,0 +1,58 @@ +id: option-tree-aa5a6552b97b2c6070e07b71a44f6dad + +info: + name: > + Option Tree <= 2.7.2 - Object Injection Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8381b6c-46f4-4b9d-9975-c90310d066d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/option-tree/" + google-query: inurl:"/wp-content/plugins/option-tree/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,option-tree,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/option-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "option-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/options-for-twenty-seventeen-0aceb58e1789a00f8987ade1ad5f4576.yaml b/nuclei-templates/cve-less/plugins/options-for-twenty-seventeen-0aceb58e1789a00f8987ade1ad5f4576.yaml new file mode 100644 index 0000000000..0a4284c7e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/options-for-twenty-seventeen-0aceb58e1789a00f8987ade1ad5f4576.yaml @@ -0,0 +1,58 @@ +id: options-for-twenty-seventeen-0aceb58e1789a00f8987ade1ad5f4576 + +info: + name: > + Options for Twenty Seventeen <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df35d8c6-55ec-4cf5-8055-93ec5193c0a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/options-for-twenty-seventeen/" + google-query: inurl:"/wp-content/plugins/options-for-twenty-seventeen/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,options-for-twenty-seventeen,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/options-for-twenty-seventeen/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "options-for-twenty-seventeen" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/orange-form-cb748c9c9efa655b709ed263bb18ce58.yaml b/nuclei-templates/cve-less/plugins/orange-form-cb748c9c9efa655b709ed263bb18ce58.yaml new file mode 100644 index 0000000000..6846c66834 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/orange-form-cb748c9c9efa655b709ed263bb18ce58.yaml @@ -0,0 +1,58 @@ +id: orange-form-cb748c9c9efa655b709ed263bb18ce58 + +info: + name: > + Orange Form <= 1.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b4df2b3-8d85-4e5c-8ead-92ed2259c84a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/orange-form/" + google-query: inurl:"/wp-content/plugins/orange-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,orange-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/orange-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "orange-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/orange-form-dc42737b07ffe9283fc25fc1965481dd.yaml b/nuclei-templates/cve-less/plugins/orange-form-dc42737b07ffe9283fc25fc1965481dd.yaml new file mode 100644 index 0000000000..6916e724e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/orange-form-dc42737b07ffe9283fc25fc1965481dd.yaml @@ -0,0 +1,58 @@ +id: orange-form-dc42737b07ffe9283fc25fc1965481dd + +info: + name: > + Orange Form <= 1.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab248283-e331-4159-9fe4-249243772c9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/orange-form/" + google-query: inurl:"/wp-content/plugins/orange-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,orange-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/orange-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "orange-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/orbisius-child-theme-creator-083f45dd5cb197f01c97e7659014e0d8.yaml b/nuclei-templates/cve-less/plugins/orbisius-child-theme-creator-083f45dd5cb197f01c97e7659014e0d8.yaml new file mode 100644 index 0000000000..6e759e1761 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/orbisius-child-theme-creator-083f45dd5cb197f01c97e7659014e0d8.yaml @@ -0,0 +1,58 @@ +id: orbisius-child-theme-creator-083f45dd5cb197f01c97e7659014e0d8 + +info: + name: > + Child Theme Creator by Orbisius <= 1.2.7 - Arbitrary File Write + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70ce4450-e38b-422e-a171-09f428dfe0d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/orbisius-child-theme-creator/" + google-query: inurl:"/wp-content/plugins/orbisius-child-theme-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,orbisius-child-theme-creator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/orbisius-child-theme-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "orbisius-child-theme-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/orbisius-child-theme-creator-a2161b786ba8d84bdb2a3d032cd3b972.yaml b/nuclei-templates/cve-less/plugins/orbisius-child-theme-creator-a2161b786ba8d84bdb2a3d032cd3b972.yaml new file mode 100644 index 0000000000..3321ea07f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/orbisius-child-theme-creator-a2161b786ba8d84bdb2a3d032cd3b972.yaml @@ -0,0 +1,58 @@ +id: orbisius-child-theme-creator-a2161b786ba8d84bdb2a3d032cd3b972 + +info: + name: > + Child Theme Creator by Orbisius <= 1.5.1 - Cross-Site Request Forgery to Arbitrary File Modification and Creation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/782d0920-08dd-4df7-958c-3ed7128f3d55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/orbisius-child-theme-creator/" + google-query: inurl:"/wp-content/plugins/orbisius-child-theme-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,orbisius-child-theme-creator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/orbisius-child-theme-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "orbisius-child-theme-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-auto-complete-for-woocommerce-feb8c11c4ef0641488804a4e83e4b8c9.yaml b/nuclei-templates/cve-less/plugins/order-auto-complete-for-woocommerce-feb8c11c4ef0641488804a4e83e4b8c9.yaml new file mode 100644 index 0000000000..921a9772f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-auto-complete-for-woocommerce-feb8c11c4ef0641488804a4e83e4b8c9.yaml @@ -0,0 +1,58 @@ +id: order-auto-complete-for-woocommerce-feb8c11c4ef0641488804a4e83e4b8c9 + +info: + name: > + Order auto complete for WooCommerce <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9521ad5b-83c3-487e-a69e-ca057777bc9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-auto-complete-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/order-auto-complete-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-auto-complete-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-auto-complete-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-auto-complete-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-delivery-date-2d0aa79c36a81084122d47bccf285480.yaml b/nuclei-templates/cve-less/plugins/order-delivery-date-2d0aa79c36a81084122d47bccf285480.yaml new file mode 100644 index 0000000000..2aa652aff9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-delivery-date-2d0aa79c36a81084122d47bccf285480.yaml @@ -0,0 +1,58 @@ +id: order-delivery-date-2d0aa79c36a81084122d47bccf285480 + +info: + name: > + Order Delivery Date for WP e-Commerce <= 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74a74817-30ff-42ec-9bd4-7d0638d6643c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-delivery-date/" + google-query: inurl:"/wp-content/plugins/order-delivery-date/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-delivery-date,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-delivery-date/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-delivery-date" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-delivery-date-b3374ece5f330b0776522f2f5130afbd.yaml b/nuclei-templates/cve-less/plugins/order-delivery-date-b3374ece5f330b0776522f2f5130afbd.yaml new file mode 100644 index 0000000000..2bad95e158 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-delivery-date-b3374ece5f330b0776522f2f5130afbd.yaml @@ -0,0 +1,58 @@ +id: order-delivery-date-b3374ece5f330b0776522f2f5130afbd + +info: + name: > + Order Delivery Date for WP e-Commerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d74f5813-cf7a-4ffb-9306-56f29b3a7d04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-delivery-date/" + google-query: inurl:"/wp-content/plugins/order-delivery-date/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-delivery-date,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-delivery-date/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-delivery-date" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-delivery-date-eee696eab23205a2046e2b67a8b48808.yaml b/nuclei-templates/cve-less/plugins/order-delivery-date-eee696eab23205a2046e2b67a8b48808.yaml new file mode 100644 index 0000000000..136c86f717 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-delivery-date-eee696eab23205a2046e2b67a8b48808.yaml @@ -0,0 +1,58 @@ +id: order-delivery-date-eee696eab23205a2046e2b67a8b48808 + +info: + name: > + Order Delivery Date for WP e-Commerce <= 1.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-delivery-date/" + google-query: inurl:"/wp-content/plugins/order-delivery-date/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-delivery-date,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-delivery-date/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-delivery-date" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-delivery-date-for-woocommerce-71393429192117f00dfd4a162cb8bf61.yaml b/nuclei-templates/cve-less/plugins/order-delivery-date-for-woocommerce-71393429192117f00dfd4a162cb8bf61.yaml new file mode 100644 index 0000000000..2e5ed34782 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-delivery-date-for-woocommerce-71393429192117f00dfd4a162cb8bf61.yaml @@ -0,0 +1,58 @@ +id: order-delivery-date-for-woocommerce-71393429192117f00dfd4a162cb8bf61 + +info: + name: > + Order Delivery Date for WooCommerce <= 3.20.0 - Reflected Cross-Site Scripting via 'orddd_lite_custom_startdate' and 'orddd_lite_custom_enddate' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9719d083-cc7c-4655-a4c4-f5370cfe76e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-delivery-date-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/order-delivery-date-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-delivery-date-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-delivery-date-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-delivery-date-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.20.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-delivery-date-for-woocommerce-fbf291b4c987a79d80bf5dc32be200a9.yaml b/nuclei-templates/cve-less/plugins/order-delivery-date-for-woocommerce-fbf291b4c987a79d80bf5dc32be200a9.yaml new file mode 100644 index 0000000000..746163bb00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-delivery-date-for-woocommerce-fbf291b4c987a79d80bf5dc32be200a9.yaml @@ -0,0 +1,58 @@ +id: order-delivery-date-for-woocommerce-fbf291b4c987a79d80bf5dc32be200a9 + +info: + name: > + Order Delivery Date for WooCommerce <= 3.21.0 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff77ffea-6b43-4875-965a-a72d761e93f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-delivery-date-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/order-delivery-date-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-delivery-date-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-delivery-date-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-delivery-date-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.21.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-import-export-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml b/nuclei-templates/cve-less/plugins/order-import-export-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml new file mode 100644 index 0000000000..eba95adc9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-import-export-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml @@ -0,0 +1,58 @@ +id: order-import-export-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2 + +info: + name: > + WebToffee Plugins <= (Various Versions) - Arbitrary User Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27ac48a7-52ee-46cb-a6d0-efbd2b516445?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-import-export-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/order-import-export-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-import-export-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-import-export-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-import-export-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-import-export-for-woocommerce-bb5370676c8e655ad72a3791cdb04f1e.yaml b/nuclei-templates/cve-less/plugins/order-import-export-for-woocommerce-bb5370676c8e655ad72a3791cdb04f1e.yaml new file mode 100644 index 0000000000..bac552ded6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-import-export-for-woocommerce-bb5370676c8e655ad72a3791cdb04f1e.yaml @@ -0,0 +1,58 @@ +id: order-import-export-for-woocommerce-bb5370676c8e655ad72a3791cdb04f1e + +info: + name: > + Order Export & Order Import for WooCommerce <= 2.4.3 - Authenticated (Shop Manager+) Arbitrary File Upload via upload_import_file + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15ce2e54-ca5a-4dbc-9795-6e989e85b330?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-import-export-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/order-import-export-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-import-export-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-import-export-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-import-export-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-tip-woo-788617c7c507dc55ce43d126204f73e2.yaml b/nuclei-templates/cve-less/plugins/order-tip-woo-788617c7c507dc55ce43d126204f73e2.yaml new file mode 100644 index 0000000000..261fa1eb6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-tip-woo-788617c7c507dc55ce43d126204f73e2.yaml @@ -0,0 +1,58 @@ +id: order-tip-woo-788617c7c507dc55ce43d126204f73e2 + +info: + name: > + Order Tip for WooCommerce <= 1.3.1 - Missing Authorization to Unauthenticated Data Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f837d6b-d1fa-4019-892a-dca3c0f29ca7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-tip-woo/" + google-query: inurl:"/wp-content/plugins/order-tip-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-tip-woo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-tip-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-tip-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-tracking-32b3fdbe7b7f22c46479a3e9393eb06a.yaml b/nuclei-templates/cve-less/plugins/order-tracking-32b3fdbe7b7f22c46479a3e9393eb06a.yaml new file mode 100644 index 0000000000..280e447469 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-tracking-32b3fdbe7b7f22c46479a3e9393eb06a.yaml @@ -0,0 +1,58 @@ +id: order-tracking-32b3fdbe7b7f22c46479a3e9393eb06a + +info: + name: > + Order Tracking Pro <= 3.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81f9a4c6-971f-4f6d-8bb1-e97bf75cf8d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-tracking/" + google-query: inurl:"/wp-content/plugins/order-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-tracking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-tracking-61c433e3c6260b98301128a0db50f713.yaml b/nuclei-templates/cve-less/plugins/order-tracking-61c433e3c6260b98301128a0db50f713.yaml new file mode 100644 index 0000000000..aa0a9895eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-tracking-61c433e3c6260b98301128a0db50f713.yaml @@ -0,0 +1,58 @@ +id: order-tracking-61c433e3c6260b98301128a0db50f713 + +info: + name: > + Order Tracking Pro <= 3.3.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed64d0ff-4f49-4c18-86ec-2c6fbd559d2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-tracking/" + google-query: inurl:"/wp-content/plugins/order-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-tracking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-xml-file-export-import-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml b/nuclei-templates/cve-less/plugins/order-xml-file-export-import-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml new file mode 100644 index 0000000000..35de045789 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-xml-file-export-import-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml @@ -0,0 +1,58 @@ +id: order-xml-file-export-import-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2 + +info: + name: > + WebToffee Plugins <= (Various Versions) - Arbitrary User Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27ac48a7-52ee-46cb-a6d0-efbd2b516445?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-xml-file-export-import-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/order-xml-file-export-import-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-xml-file-export-import-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-xml-file-export-import-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-xml-file-export-import-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-your-posts-manually-0a78b90f665dee3807012f6bf66ac8e7.yaml b/nuclei-templates/cve-less/plugins/order-your-posts-manually-0a78b90f665dee3807012f6bf66ac8e7.yaml new file mode 100644 index 0000000000..589edf6635 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-your-posts-manually-0a78b90f665dee3807012f6bf66ac8e7.yaml @@ -0,0 +1,58 @@ +id: order-your-posts-manually-0a78b90f665dee3807012f6bf66ac8e7 + +info: + name: > + Order Your Posts Manually <= 2.2.5 - Reflected Cross-Site Scripting via 'cat_id' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5688bb7-cd2d-42c6-b8cf-d908448ccfc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-your-posts-manually/" + google-query: inurl:"/wp-content/plugins/order-your-posts-manually/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-your-posts-manually,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-your-posts-manually/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-your-posts-manually" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-your-posts-manually-53cad8b598a3c7e05217d7a8485ccce4.yaml b/nuclei-templates/cve-less/plugins/order-your-posts-manually-53cad8b598a3c7e05217d7a8485ccce4.yaml new file mode 100644 index 0000000000..4d323bd6d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-your-posts-manually-53cad8b598a3c7e05217d7a8485ccce4.yaml @@ -0,0 +1,58 @@ +id: order-your-posts-manually-53cad8b598a3c7e05217d7a8485ccce4 + +info: + name: > + Order Your Posts Manually <= 2.2.5 - Reflected Cross-Site Scripting via '_user_request' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d98a961-bef3-4bce-b493-410eee688bc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-your-posts-manually/" + google-query: inurl:"/wp-content/plugins/order-your-posts-manually/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-your-posts-manually,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-your-posts-manually/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-your-posts-manually" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/order-your-posts-manually-6221ac90696b9d40486e73f6a756b92e.yaml b/nuclei-templates/cve-less/plugins/order-your-posts-manually-6221ac90696b9d40486e73f6a756b92e.yaml new file mode 100644 index 0000000000..8e5e540d81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/order-your-posts-manually-6221ac90696b9d40486e73f6a756b92e.yaml @@ -0,0 +1,58 @@ +id: order-your-posts-manually-6221ac90696b9d40486e73f6a756b92e + +info: + name: > + Order Your Posts Manually <= 2.2.5 - Authenticated (Administrator+) SQL Injection via 'sortdata' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66da0ad7-18a3-42b9-b59a-5927c6bc836b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/order-your-posts-manually/" + google-query: inurl:"/wp-content/plugins/order-your-posts-manually/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,order-your-posts-manually,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/order-your-posts-manually/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "order-your-posts-manually" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/organization-chart-7a149af217c0a6dffb13397d014d6e33.yaml b/nuclei-templates/cve-less/plugins/organization-chart-7a149af217c0a6dffb13397d014d6e33.yaml new file mode 100644 index 0000000000..c1fae6c817 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/organization-chart-7a149af217c0a6dffb13397d014d6e33.yaml @@ -0,0 +1,58 @@ +id: organization-chart-7a149af217c0a6dffb13397d014d6e33 + +info: + name: > + Organization chart <= 1.4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2bd8eec-5984-42f8-ba9a-ce61bf7cd440?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/organization-chart/" + google-query: inurl:"/wp-content/plugins/organization-chart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,organization-chart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/organization-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "organization-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/organization-chart-a4e88b3da711b27ab40f6efd4bb4e5fa.yaml b/nuclei-templates/cve-less/plugins/organization-chart-a4e88b3da711b27ab40f6efd4bb4e5fa.yaml new file mode 100644 index 0000000000..befe6b332e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/organization-chart-a4e88b3da711b27ab40f6efd4bb4e5fa.yaml @@ -0,0 +1,58 @@ +id: organization-chart-a4e88b3da711b27ab40f6efd4bb4e5fa + +info: + name: > + Organization chart <= 1.4.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d19df1f1-df64-4b4a-8dcb-8c76566fc2ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/organization-chart/" + google-query: inurl:"/wp-content/plugins/organization-chart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,organization-chart,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/organization-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "organization-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/organization-chart-fbacd93e40e029ab5294ff6e4faadc80.yaml b/nuclei-templates/cve-less/plugins/organization-chart-fbacd93e40e029ab5294ff6e4faadc80.yaml new file mode 100644 index 0000000000..7973c4669e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/organization-chart-fbacd93e40e029ab5294ff6e4faadc80.yaml @@ -0,0 +1,58 @@ +id: organization-chart-fbacd93e40e029ab5294ff6e4faadc80 + +info: + name: > + Organization chart <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cb8bd81-72a4-4b53-850b-78cc5e05043f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/organization-chart/" + google-query: inurl:"/wp-content/plugins/organization-chart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,organization-chart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/organization-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "organization-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/organizer-1b5adfb99c271100e33918010bf13877.yaml b/nuclei-templates/cve-less/plugins/organizer-1b5adfb99c271100e33918010bf13877.yaml new file mode 100644 index 0000000000..7d57c3427f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/organizer-1b5adfb99c271100e33918010bf13877.yaml @@ -0,0 +1,58 @@ +id: organizer-1b5adfb99c271100e33918010bf13877 + +info: + name: > + Organizer <= 1.2.1 - Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/718615b1-9c25-4119-bc30-683ef51e5861?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/organizer/" + google-query: inurl:"/wp-content/plugins/organizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,organizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/organizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "organizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/organizer-a88755371a7efc7dfaacf49c4e565b46.yaml b/nuclei-templates/cve-less/plugins/organizer-a88755371a7efc7dfaacf49c4e565b46.yaml new file mode 100644 index 0000000000..36468c7f6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/organizer-a88755371a7efc7dfaacf49c4e565b46.yaml @@ -0,0 +1,58 @@ +id: organizer-a88755371a7efc7dfaacf49c4e565b46 + +info: + name: > + Organizer <= 1.2.1 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/805a7bef-d56b-4678-8db9-798ad401352f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/organizer/" + google-query: inurl:"/wp-content/plugins/organizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,organizer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/organizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "organizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/original-texts-yandex-webmaster-ee1e925bdddc6bf24a1981ba88df97ca.yaml b/nuclei-templates/cve-less/plugins/original-texts-yandex-webmaster-ee1e925bdddc6bf24a1981ba88df97ca.yaml new file mode 100644 index 0000000000..a0b79ca116 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/original-texts-yandex-webmaster-ee1e925bdddc6bf24a1981ba88df97ca.yaml @@ -0,0 +1,58 @@ +id: original-texts-yandex-webmaster-ee1e925bdddc6bf24a1981ba88df97ca + +info: + name: > + Original texts Yandex WebMaster <= 1.18 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c500fc-0d85-41b1-a2b8-9c8ba372a6e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/original-texts-yandex-webmaster/" + google-query: inurl:"/wp-content/plugins/original-texts-yandex-webmaster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,original-texts-yandex-webmaster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/original-texts-yandex-webmaster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "original-texts-yandex-webmaster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/osd-subscribe-a1996943f46f7e75b7c830d7d4d93d4d.yaml b/nuclei-templates/cve-less/plugins/osd-subscribe-a1996943f46f7e75b7c830d7d4d93d4d.yaml new file mode 100644 index 0000000000..58ce359441 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/osd-subscribe-a1996943f46f7e75b7c830d7d4d93d4d.yaml @@ -0,0 +1,58 @@ +id: osd-subscribe-a1996943f46f7e75b7c830d7d4d93d4d + +info: + name: > + OSD Subscribe <= 1.2.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45f581dc-d424-4cda-aa03-016e9b5ee1e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/osd-subscribe/" + google-query: inurl:"/wp-content/plugins/osd-subscribe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,osd-subscribe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/osd-subscribe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "osd-subscribe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/osm-8b5e55916d6d52550d91a97ed666547f.yaml b/nuclei-templates/cve-less/plugins/osm-8b5e55916d6d52550d91a97ed666547f.yaml new file mode 100644 index 0000000000..dc21b7aee5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/osm-8b5e55916d6d52550d91a97ed666547f.yaml @@ -0,0 +1,58 @@ +id: osm-8b5e55916d6d52550d91a97ed666547f + +info: + name: > + OSM - OpenStreetMap <= 6.0.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6dac6353-9e70-482d-b54b-ffde661b212c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/osm/" + google-query: inurl:"/wp-content/plugins/osm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,osm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/osm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "osm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/osm-b58caf3062d49a3b707b9a414cc1dfaa.yaml b/nuclei-templates/cve-less/plugins/osm-b58caf3062d49a3b707b9a414cc1dfaa.yaml new file mode 100644 index 0000000000..7abc944f60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/osm-b58caf3062d49a3b707b9a414cc1dfaa.yaml @@ -0,0 +1,58 @@ +id: osm-b58caf3062d49a3b707b9a414cc1dfaa + +info: + name: > + OSM - OpenStreetMap <= 6.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/123c2958-3335-4212-8ed0-b2a56a5272f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/osm/" + google-query: inurl:"/wp-content/plugins/osm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,osm,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/osm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "osm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/osmapper-2113dc45f9cb386268821363e5c4256a.yaml b/nuclei-templates/cve-less/plugins/osmapper-2113dc45f9cb386268821363e5c4256a.yaml new file mode 100644 index 0000000000..61a89f3f64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/osmapper-2113dc45f9cb386268821363e5c4256a.yaml @@ -0,0 +1,58 @@ +id: osmapper-2113dc45f9cb386268821363e5c4256a + +info: + name: > + OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba027271-b7f9-4bdb-a62b-801fd07f28fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/osmapper/" + google-query: inurl:"/wp-content/plugins/osmapper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,osmapper,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/osmapper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "osmapper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oss-aliyun-60929a68cddca1a94650b63066730255.yaml b/nuclei-templates/cve-less/plugins/oss-aliyun-60929a68cddca1a94650b63066730255.yaml new file mode 100644 index 0000000000..8a0ecf7326 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oss-aliyun-60929a68cddca1a94650b63066730255.yaml @@ -0,0 +1,58 @@ +id: oss-aliyun-60929a68cddca1a94650b63066730255 + +info: + name: > + OSS Aliyun <= 1.4.10 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/738eb021-1166-4fbe-a502-2db12c6533c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oss-aliyun/" + google-query: inurl:"/wp-content/plugins/oss-aliyun/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oss-aliyun,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oss-aliyun/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oss-aliyun" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/otter-blocks-08e36a5e429e15172c47a461c7457404.yaml b/nuclei-templates/cve-less/plugins/otter-blocks-08e36a5e429e15172c47a461c7457404.yaml new file mode 100644 index 0000000000..2cc74d018e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/otter-blocks-08e36a5e429e15172c47a461c7457404.yaml @@ -0,0 +1,58 @@ +id: otter-blocks-08e36a5e429e15172c47a461c7457404 + +info: + name: > + Otter - Gutenberg Blocks <= 2.2.5 - Authenticated (Author+) PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f18be13a-1b16-40f8-85a7-bd77b49e243c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/otter-blocks/" + google-query: inurl:"/wp-content/plugins/otter-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,otter-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/otter-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "otter-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/otter-blocks-46f9477f32da89d305905e8493b5f75e.yaml b/nuclei-templates/cve-less/plugins/otter-blocks-46f9477f32da89d305905e8493b5f75e.yaml new file mode 100644 index 0000000000..dc51b3d634 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/otter-blocks-46f9477f32da89d305905e8493b5f75e.yaml @@ -0,0 +1,58 @@ +id: otter-blocks-46f9477f32da89d305905e8493b5f75e + +info: + name: > + Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99e24496-0e3b-4bff-ba14-dc535be10633?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/otter-blocks/" + google-query: inurl:"/wp-content/plugins/otter-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,otter-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/otter-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "otter-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/otter-blocks-74e59a3e9ea29768b5d0afa832d7eb55.yaml b/nuclei-templates/cve-less/plugins/otter-blocks-74e59a3e9ea29768b5d0afa832d7eb55.yaml new file mode 100644 index 0000000000..dbf7729311 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/otter-blocks-74e59a3e9ea29768b5d0afa832d7eb55.yaml @@ -0,0 +1,58 @@ +id: otter-blocks-74e59a3e9ea29768b5d0afa832d7eb55 + +info: + name: > + Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67981160-6c91-48a4-ba1c-68204d538ed6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/otter-blocks/" + google-query: inurl:"/wp-content/plugins/otter-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,otter-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/otter-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "otter-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/otter-blocks-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/otter-blocks-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..0869df62e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/otter-blocks-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: otter-blocks-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/otter-blocks/" + google-query: inurl:"/wp-content/plugins/otter-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,otter-blocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/otter-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "otter-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/otter-blocks-c6ebd7f92a6a9f141b0c9e1fd40276a5.yaml b/nuclei-templates/cve-less/plugins/otter-blocks-c6ebd7f92a6a9f141b0c9e1fd40276a5.yaml new file mode 100644 index 0000000000..a19120a41e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/otter-blocks-c6ebd7f92a6a9f141b0c9e1fd40276a5.yaml @@ -0,0 +1,58 @@ +id: otter-blocks-c6ebd7f92a6a9f141b0c9e1fd40276a5 + +info: + name: > + Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ceb041f6-b88a-495a-8f5f-7f39f640748d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/otter-blocks/" + google-query: inurl:"/wp-content/plugins/otter-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,otter-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/otter-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "otter-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/otter-blocks-d1fde79ddb6f5cce29eedf02f3d4b354.yaml b/nuclei-templates/cve-less/plugins/otter-blocks-d1fde79ddb6f5cce29eedf02f3d4b354.yaml new file mode 100644 index 0000000000..5ebafce796 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/otter-blocks-d1fde79ddb6f5cce29eedf02f3d4b354.yaml @@ -0,0 +1,58 @@ +id: otter-blocks-d1fde79ddb6f5cce29eedf02f3d4b354 + +info: + name: > + Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.8 - Authenticated (Author+) Limited File Upload to Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db836f4b-d31f-4442-89a5-1a400525c598?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/otter-blocks/" + google-query: inurl:"/wp-content/plugins/otter-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,otter-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/otter-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "otter-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/otter-blocks-e70c973ee52c3a8cad3d00694281c5e4.yaml b/nuclei-templates/cve-less/plugins/otter-blocks-e70c973ee52c3a8cad3d00694281c5e4.yaml new file mode 100644 index 0000000000..d49ffa3132 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/otter-blocks-e70c973ee52c3a8cad3d00694281c5e4.yaml @@ -0,0 +1,58 @@ +id: otter-blocks-e70c973ee52c3a8cad3d00694281c5e4 + +info: + name: > + Otter Blocks <= 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f838dbc9-b31e-46c6-b615-4e8ece9a9cfc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/otter-blocks/" + google-query: inurl:"/wp-content/plugins/otter-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,otter-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/otter-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "otter-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/otter-blocks-eb48e0d7cc280c7a495d24563f61a7d5.yaml b/nuclei-templates/cve-less/plugins/otter-blocks-eb48e0d7cc280c7a495d24563f61a7d5.yaml new file mode 100644 index 0000000000..08aa9b5c58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/otter-blocks-eb48e0d7cc280c7a495d24563f61a7d5.yaml @@ -0,0 +1,58 @@ +id: otter-blocks-eb48e0d7cc280c7a495d24563f61a7d5 + +info: + name: > + Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/217d3148-d411-4fff-a4f6-d5d02ef207af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/otter-blocks/" + google-query: inurl:"/wp-content/plugins/otter-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,otter-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/otter-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "otter-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/otter-pro-89238e69360283d59cda9a307dc44ad9.yaml b/nuclei-templates/cve-less/plugins/otter-pro-89238e69360283d59cda9a307dc44ad9.yaml new file mode 100644 index 0000000000..e4e5127916 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/otter-pro-89238e69360283d59cda9a307dc44ad9.yaml @@ -0,0 +1,58 @@ +id: otter-pro-89238e69360283d59cda9a307dc44ad9 + +info: + name: > + Otter Blocks PRO <= 2.6.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via File Field CSS + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/934bf839-152d-4d10-9ac8-c64cf042dc18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/otter-pro/" + google-query: inurl:"/wp-content/plugins/otter-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,otter-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/otter-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "otter-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/otter-pro-9f787a2ef36698ab9d958e79e9a7609e.yaml b/nuclei-templates/cve-less/plugins/otter-pro-9f787a2ef36698ab9d958e79e9a7609e.yaml new file mode 100644 index 0000000000..9e677da977 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/otter-pro-9f787a2ef36698ab9d958e79e9a7609e.yaml @@ -0,0 +1,58 @@ +id: otter-pro-9f787a2ef36698ab9d958e79e9a7609e + +info: + name: > + Otter Blocks PRO <= 2.6.3 - Unauthenticated Stored Cross-Site Scripting via SVG Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77838bf8-7809-4dd6-87f1-a9bda40275a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/otter-pro/" + google-query: inurl:"/wp-content/plugins/otter-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,otter-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/otter-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "otter-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/our-team-enhanced-15ed4766d27c484c5517c27d81b8d51f.yaml b/nuclei-templates/cve-less/plugins/our-team-enhanced-15ed4766d27c484c5517c27d81b8d51f.yaml new file mode 100644 index 0000000000..1aab04f547 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/our-team-enhanced-15ed4766d27c484c5517c27d81b8d51f.yaml @@ -0,0 +1,58 @@ +id: our-team-enhanced-15ed4766d27c484c5517c27d81b8d51f + +info: + name: > + Our Team Showcase < 1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7ea99e7-2502-42a2-b037-2040114a8055?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/our-team-enhanced/" + google-query: inurl:"/wp-content/plugins/our-team-enhanced/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,our-team-enhanced,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/our-team-enhanced/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "our-team-enhanced" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/out-of-the-box-746c295d8ae3e879964a1880bd187ba1.yaml b/nuclei-templates/cve-less/plugins/out-of-the-box-746c295d8ae3e879964a1880bd187ba1.yaml new file mode 100644 index 0000000000..1c86fff9f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/out-of-the-box-746c295d8ae3e879964a1880bd187ba1.yaml @@ -0,0 +1,58 @@ +id: out-of-the-box-746c295d8ae3e879964a1880bd187ba1 + +info: + name: > + Out-of-the-Box <= 1.20.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbd641a4-a8cf-4e51-8675-53d867740ded?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/out-of-the-box/" + google-query: inurl:"/wp-content/plugins/out-of-the-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,out-of-the-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/out-of-the-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "out-of-the-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.20.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/outbound-link-manager-c4f801789643f99238516422e3dea2a6.yaml b/nuclei-templates/cve-less/plugins/outbound-link-manager-c4f801789643f99238516422e3dea2a6.yaml new file mode 100644 index 0000000000..e962e273f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/outbound-link-manager-c4f801789643f99238516422e3dea2a6.yaml @@ -0,0 +1,58 @@ +id: outbound-link-manager-c4f801789643f99238516422e3dea2a6 + +info: + name: > + Outbound Link Manager <= 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8dfc0d5e-bdc4-4f71-8aa3-0a4fbd7ef37d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/outbound-link-manager/" + google-query: inurl:"/wp-content/plugins/outbound-link-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,outbound-link-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/outbound-link-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "outbound-link-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ovic-addon-toolkit-01230d7023712cf52d185f89bc18a400.yaml b/nuclei-templates/cve-less/plugins/ovic-addon-toolkit-01230d7023712cf52d185f89bc18a400.yaml new file mode 100644 index 0000000000..0f1f8fc457 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ovic-addon-toolkit-01230d7023712cf52d185f89bc18a400.yaml @@ -0,0 +1,58 @@ +id: ovic-addon-toolkit-01230d7023712cf52d185f89bc18a400 + +info: + name: > + Ovic Addon Toolkit <= 2.6.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96deac16-cb64-4246-b8d0-05a020142f1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ovic-addon-toolkit/" + google-query: inurl:"/wp-content/plugins/ovic-addon-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ovic-addon-toolkit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ovic-addon-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ovic-addon-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ovic-product-bundle-c5037c5f6ce141975f7a422878dcc1cf.yaml b/nuclei-templates/cve-less/plugins/ovic-product-bundle-c5037c5f6ce141975f7a422878dcc1cf.yaml new file mode 100644 index 0000000000..796de3d0b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ovic-product-bundle-c5037c5f6ce141975f7a422878dcc1cf.yaml @@ -0,0 +1,58 @@ +id: ovic-product-bundle-c5037c5f6ce141975f7a422878dcc1cf + +info: + name: > + Ovic Product Bundle <= 1.1.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5657ffe2-7d04-4834-bcec-ab6afaeda7df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ovic-product-bundle/" + google-query: inurl:"/wp-content/plugins/ovic-product-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ovic-product-bundle,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ovic-product-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ovic-product-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ovic-vc-addon-7f87928645d2c31cf00fa75d4b3905c3.yaml b/nuclei-templates/cve-less/plugins/ovic-vc-addon-7f87928645d2c31cf00fa75d4b3905c3.yaml new file mode 100644 index 0000000000..2e9759865d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ovic-vc-addon-7f87928645d2c31cf00fa75d4b3905c3.yaml @@ -0,0 +1,58 @@ +id: ovic-vc-addon-7f87928645d2c31cf00fa75d4b3905c3 + +info: + name: > + Ovic Responsive WPBakery <= 1.2.8 - Authenticated (Subscriber+) Arbitrary Option Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cbbedcb-52dd-44b9-a629-1da0a2552f13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ovic-vc-addon/" + google-query: inurl:"/wp-content/plugins/ovic-vc-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ovic-vc-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ovic-vc-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ovic-vc-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ovic-vc-addon-965d06634426ae72a55053fa07ab23f9.yaml b/nuclei-templates/cve-less/plugins/ovic-vc-addon-965d06634426ae72a55053fa07ab23f9.yaml new file mode 100644 index 0000000000..6b9496d513 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ovic-vc-addon-965d06634426ae72a55053fa07ab23f9.yaml @@ -0,0 +1,58 @@ +id: ovic-vc-addon-965d06634426ae72a55053fa07ab23f9 + +info: + name: > + Ovic Responsive WPBakery <= 1.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a06147c7-a96e-4f12-9a67-23ca82b09942?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ovic-vc-addon/" + google-query: inurl:"/wp-content/plugins/ovic-vc-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ovic-vc-addon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ovic-vc-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ovic-vc-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/owl-carousel-4dd1db9fbfcd7d8c0bd7134fb7dd4c2e.yaml b/nuclei-templates/cve-less/plugins/owl-carousel-4dd1db9fbfcd7d8c0bd7134fb7dd4c2e.yaml new file mode 100644 index 0000000000..b71cd6b0a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/owl-carousel-4dd1db9fbfcd7d8c0bd7134fb7dd4c2e.yaml @@ -0,0 +1,58 @@ +id: owl-carousel-4dd1db9fbfcd7d8c0bd7134fb7dd4c2e + +info: + name: > + Owl Carousel <= 0.5.3 - Missing Authorization via save_paramter.php + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37aaf109-e04f-40d7-8303-a581b0b09d24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/owl-carousel/" + google-query: inurl:"/wp-content/plugins/owl-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,owl-carousel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/owl-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "owl-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/owl-carousel-9a422d0a1f5b287c75a0c4e8af0a5fc9.yaml b/nuclei-templates/cve-less/plugins/owl-carousel-9a422d0a1f5b287c75a0c4e8af0a5fc9.yaml new file mode 100644 index 0000000000..4885419ed0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/owl-carousel-9a422d0a1f5b287c75a0c4e8af0a5fc9.yaml @@ -0,0 +1,58 @@ +id: owl-carousel-9a422d0a1f5b287c75a0c4e8af0a5fc9 + +info: + name: > + Owl Carousel <= 0.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92bcdbd9-1f41-4990-9bea-587fb0e7355a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/owl-carousel/" + google-query: inurl:"/wp-content/plugins/owl-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,owl-carousel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/owl-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "owl-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/owm-weather-8e5a5c6c98d5ff17214ae536b2646317.yaml b/nuclei-templates/cve-less/plugins/owm-weather-8e5a5c6c98d5ff17214ae536b2646317.yaml new file mode 100644 index 0000000000..d793faa343 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/owm-weather-8e5a5c6c98d5ff17214ae536b2646317.yaml @@ -0,0 +1,58 @@ +id: owm-weather-8e5a5c6c98d5ff17214ae536b2646317 + +info: + name: > + OWM Weather <= 5.6.8 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1549ae5-267d-4fbb-be07-5b3842efd4f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/owm-weather/" + google-query: inurl:"/wp-content/plugins/owm-weather/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,owm-weather,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/owm-weather/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "owm-weather" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/owm-weather-d0ac90c02958fd486fae19ccf9cfd8db.yaml b/nuclei-templates/cve-less/plugins/owm-weather-d0ac90c02958fd486fae19ccf9cfd8db.yaml new file mode 100644 index 0000000000..7239d94df0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/owm-weather-d0ac90c02958fd486fae19ccf9cfd8db.yaml @@ -0,0 +1,58 @@ +id: owm-weather-d0ac90c02958fd486fae19ccf9cfd8db + +info: + name: > + OWM Weather <= 5.6.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d56fdde-ab7a-4e7c-9f48-48e71e09a681?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/owm-weather/" + google-query: inurl:"/wp-content/plugins/owm-weather/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,owm-weather,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/owm-weather/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "owm-weather" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oxyextras-453edd08020fcb6cf7997bc23916e6f1.yaml b/nuclei-templates/cve-less/plugins/oxyextras-453edd08020fcb6cf7997bc23916e6f1.yaml new file mode 100644 index 0000000000..1494d3483c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oxyextras-453edd08020fcb6cf7997bc23916e6f1.yaml @@ -0,0 +1,58 @@ +id: oxyextras-453edd08020fcb6cf7997bc23916e6f1 + +info: + name: > + OxyExtras <= 1.4.4 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fcfd8c1-89b3-49f1-90dc-5eac1f9dbae5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oxyextras/" + google-query: inurl:"/wp-content/plugins/oxyextras/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oxyextras,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oxyextras/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oxyextras" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oxygen-c334c90cee1067800314e97523ff3712.yaml b/nuclei-templates/cve-less/plugins/oxygen-c334c90cee1067800314e97523ff3712.yaml new file mode 100644 index 0000000000..52d82f70e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oxygen-c334c90cee1067800314e97523ff3712.yaml @@ -0,0 +1,58 @@ +id: oxygen-c334c90cee1067800314e97523ff3712 + +info: + name: > + Oxygen < 4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34fb7647-76e2-4985-816e-c6420c01a048?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oxygen/" + google-query: inurl:"/wp-content/plugins/oxygen/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oxygen,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oxygen/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oxygen" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/oxygenbuilder-c7a8bc13237071ee5b2f66d58803bacf.yaml b/nuclei-templates/cve-less/plugins/oxygenbuilder-c7a8bc13237071ee5b2f66d58803bacf.yaml new file mode 100644 index 0000000000..32a60d426e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/oxygenbuilder-c7a8bc13237071ee5b2f66d58803bacf.yaml @@ -0,0 +1,58 @@ +id: oxygenbuilder-c7a8bc13237071ee5b2f66d58803bacf + +info: + name: > + Oxygen Builder <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee069cb3-370e-48ea-aa35-c30fe83c2498?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/oxygenbuilder/" + google-query: inurl:"/wp-content/plugins/oxygenbuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,oxygenbuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/oxygenbuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oxygenbuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/package-quantity-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/package-quantity-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..2ab9985443 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/package-quantity-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: package-quantity-xforwc-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/package-quantity-xforwc/" + google-query: inurl:"/wp-content/plugins/package-quantity-xforwc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,package-quantity-xforwc,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/package-quantity-xforwc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "package-quantity-xforwc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-and-post-restriction-2afaa956cded901d5ea2b4034f565538.yaml b/nuclei-templates/cve-less/plugins/page-and-post-restriction-2afaa956cded901d5ea2b4034f565538.yaml new file mode 100644 index 0000000000..97a5b0c6dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-and-post-restriction-2afaa956cded901d5ea2b4034f565538.yaml @@ -0,0 +1,58 @@ +id: page-and-post-restriction-2afaa956cded901d5ea2b4034f565538 + +info: + name: > + Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.4 - Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-and-post-restriction/" + google-query: inurl:"/wp-content/plugins/page-and-post-restriction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-and-post-restriction,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-and-post-restriction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-and-post-restriction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-and-post-restriction-7e7d3fe35e3640caa3a72acaf61512d5.yaml b/nuclei-templates/cve-less/plugins/page-and-post-restriction-7e7d3fe35e3640caa3a72acaf61512d5.yaml new file mode 100644 index 0000000000..ae63fbb759 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-and-post-restriction-7e7d3fe35e3640caa3a72acaf61512d5.yaml @@ -0,0 +1,58 @@ +id: page-and-post-restriction-7e7d3fe35e3640caa3a72acaf61512d5 + +info: + name: > + Page Restriction WordPress <= 1.2.6 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd8c07cc-7fdd-4474-8be1-b08d857ae109?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-and-post-restriction/" + google-query: inurl:"/wp-content/plugins/page-and-post-restriction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-and-post-restriction,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-and-post-restriction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-and-post-restriction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-builder-add-1320225def4406c9e713cc329abaeb70.yaml b/nuclei-templates/cve-less/plugins/page-builder-add-1320225def4406c9e713cc329abaeb70.yaml new file mode 100644 index 0000000000..8e37d8d641 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-builder-add-1320225def4406c9e713cc329abaeb70.yaml @@ -0,0 +1,58 @@ +id: page-builder-add-1320225def4406c9e713cc329abaeb70 + +info: + name: > + Landing Page Builder <= 1.5.1.7 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b409e3f-51e0-4d66-a04c-a0d54259bd2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-builder-add/" + google-query: inurl:"/wp-content/plugins/page-builder-add/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-builder-add,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-add/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-add" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-builder-add-65def4250a9c953c2f2257736ac45133.yaml b/nuclei-templates/cve-less/plugins/page-builder-add-65def4250a9c953c2f2257736ac45133.yaml new file mode 100644 index 0000000000..861ca48f0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-builder-add-65def4250a9c953c2f2257736ac45133.yaml @@ -0,0 +1,58 @@ +id: page-builder-add-65def4250a9c953c2f2257736ac45133 + +info: + name: > + Landing Page Builder <= 1.4.9.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a7cbd2e-79c9-4be7-b458-e4e5f0376a22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-builder-add/" + google-query: inurl:"/wp-content/plugins/page-builder-add/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-builder-add,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-add/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-add" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-builder-add-76176e7d0b3c59c6f85d0f00865be579.yaml b/nuclei-templates/cve-less/plugins/page-builder-add-76176e7d0b3c59c6f85d0f00865be579.yaml new file mode 100644 index 0000000000..1c46fdee15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-builder-add-76176e7d0b3c59c6f85d0f00865be579.yaml @@ -0,0 +1,58 @@ +id: page-builder-add-76176e7d0b3c59c6f85d0f00865be579 + +info: + name: > + Landing Page Builder <= 1.4.9.8.9 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cb3f111-4ac3-4c57-aa62-569b71143fec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-builder-add/" + google-query: inurl:"/wp-content/plugins/page-builder-add/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-builder-add,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-add/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-add" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-builder-add-8417ca6ea2b385ef6685bba03ed8d8b5.yaml b/nuclei-templates/cve-less/plugins/page-builder-add-8417ca6ea2b385ef6685bba03ed8d8b5.yaml new file mode 100644 index 0000000000..2be7f1a350 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-builder-add-8417ca6ea2b385ef6685bba03ed8d8b5.yaml @@ -0,0 +1,58 @@ +id: page-builder-add-8417ca6ea2b385ef6685bba03ed8d8b5 + +info: + name: > + Landing Page Builder <= 1.5.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2e83cb5-3c10-45dc-b37e-4d47ebc6853d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-builder-add/" + google-query: inurl:"/wp-content/plugins/page-builder-add/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-builder-add,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-add/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-add" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-builder-add-edfb37ba6e16342d02314bfa81ec308b.yaml b/nuclei-templates/cve-less/plugins/page-builder-add-edfb37ba6e16342d02314bfa81ec308b.yaml new file mode 100644 index 0000000000..31d254e660 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-builder-add-edfb37ba6e16342d02314bfa81ec308b.yaml @@ -0,0 +1,58 @@ +id: page-builder-add-edfb37ba6e16342d02314bfa81ec308b + +info: + name: > + Landing Page Builder <= 1.5.1.5 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1a4d8a3-5553-4b1c-b0f8-d6a372de3692?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-builder-add/" + google-query: inurl:"/wp-content/plugins/page-builder-add/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-builder-add,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-add/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-add" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-builder-by-azexo-2ef42991bf5a3f6fe661eaa83837878d.yaml b/nuclei-templates/cve-less/plugins/page-builder-by-azexo-2ef42991bf5a3f6fe661eaa83837878d.yaml new file mode 100644 index 0000000000..a68cc129cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-builder-by-azexo-2ef42991bf5a3f6fe661eaa83837878d.yaml @@ -0,0 +1,58 @@ +id: page-builder-by-azexo-2ef42991bf5a3f6fe661eaa83837878d + +info: + name: > + Page Builder by AZEXO <= 1.27.133 - Missing Authorization to Post Creation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd56cb73-1c40-44b1-b713-c0291832d988?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-builder-by-azexo/" + google-query: inurl:"/wp-content/plugins/page-builder-by-azexo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-builder-by-azexo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-by-azexo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-by-azexo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.27.133') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-builder-by-azexo-903fd5007a29b9028410d0ffded470cf.yaml b/nuclei-templates/cve-less/plugins/page-builder-by-azexo-903fd5007a29b9028410d0ffded470cf.yaml new file mode 100644 index 0000000000..ccd91c5bfa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-builder-by-azexo-903fd5007a29b9028410d0ffded470cf.yaml @@ -0,0 +1,58 @@ +id: page-builder-by-azexo-903fd5007a29b9028410d0ffded470cf + +info: + name: > + Page Builder by AZEXO <= 1.27.133 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24486605-9324-4f19-9ca3-340d006432db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-builder-by-azexo/" + google-query: inurl:"/wp-content/plugins/page-builder-by-azexo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-builder-by-azexo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-by-azexo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-by-azexo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.27.133') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-builder-by-azexo-f6a42cf9626a59a17d2bd6cce7c38364.yaml b/nuclei-templates/cve-less/plugins/page-builder-by-azexo-f6a42cf9626a59a17d2bd6cce7c38364.yaml new file mode 100644 index 0000000000..78985c400c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-builder-by-azexo-f6a42cf9626a59a17d2bd6cce7c38364.yaml @@ -0,0 +1,58 @@ +id: page-builder-by-azexo-f6a42cf9626a59a17d2bd6cce7c38364 + +info: + name: > + Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery to Stored Cross-Site Scripting via azh_save + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2efeffa2-b21a-4aa1-93b0-51c775758ab1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-builder-by-azexo/" + google-query: inurl:"/wp-content/plugins/page-builder-by-azexo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-builder-by-azexo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-by-azexo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-by-azexo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.27.133') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-builder-by-azexo-ff89b70bfc48d132d2c1ae5c1ed04b8e.yaml b/nuclei-templates/cve-less/plugins/page-builder-by-azexo-ff89b70bfc48d132d2c1ae5c1ed04b8e.yaml new file mode 100644 index 0000000000..99fb383495 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-builder-by-azexo-ff89b70bfc48d132d2c1ae5c1ed04b8e.yaml @@ -0,0 +1,58 @@ +id: page-builder-by-azexo-ff89b70bfc48d132d2c1ae5c1ed04b8e + +info: + name: > + Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery to Post Creation/Modification/Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4e26035-ce4e-4b4b-aa3c-cd86b29b199a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-builder-by-azexo/" + google-query: inurl:"/wp-content/plugins/page-builder-by-azexo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-builder-by-azexo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-by-azexo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-by-azexo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.27.133') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-builder-sandwich-dba2df430cd702194cd11fb9213b265a.yaml b/nuclei-templates/cve-less/plugins/page-builder-sandwich-dba2df430cd702194cd11fb9213b265a.yaml new file mode 100644 index 0000000000..4ac85d4a44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-builder-sandwich-dba2df430cd702194cd11fb9213b265a.yaml @@ -0,0 +1,58 @@ +id: page-builder-sandwich-dba2df430cd702194cd11fb9213b265a + +info: + name: > + Page Builder Sandwich – Front End WordPress Page Builder Plugin <= 5.1.0 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e98d92a-fe64-4591-972b-ed11542506b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-builder-sandwich/" + google-query: inurl:"/wp-content/plugins/page-builder-sandwich/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-builder-sandwich,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-sandwich/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-sandwich" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-builder-sandwich-f83002599a8aabe9f476ac830785a4d7.yaml b/nuclei-templates/cve-less/plugins/page-builder-sandwich-f83002599a8aabe9f476ac830785a4d7.yaml new file mode 100644 index 0000000000..464ee4e28e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-builder-sandwich-f83002599a8aabe9f476ac830785a4d7.yaml @@ -0,0 +1,58 @@ +id: page-builder-sandwich-f83002599a8aabe9f476ac830785a4d7 + +info: + name: > + Page Builder Sandwich <= 5.1.0 - Missing Authorization to Authenticated(Subscriber+) Arbitrary Post Editing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-builder-sandwich/" + google-query: inurl:"/wp-content/plugins/page-builder-sandwich/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-builder-sandwich,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-builder-sandwich/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-builder-sandwich" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-flip-image-gallery-bcdafb8d52b9b91e60896c4aab2b09a5.yaml b/nuclei-templates/cve-less/plugins/page-flip-image-gallery-bcdafb8d52b9b91e60896c4aab2b09a5.yaml new file mode 100644 index 0000000000..a135a1fcf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-flip-image-gallery-bcdafb8d52b9b91e60896c4aab2b09a5.yaml @@ -0,0 +1,58 @@ +id: page-flip-image-gallery-bcdafb8d52b9b91e60896c4aab2b09a5 + +info: + name: > + Page Flip Image Gallery <= 0.2.2 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44e3158c-6163-4780-a1d5-ca101ba92074?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-flip-image-gallery/" + google-query: inurl:"/wp-content/plugins/page-flip-image-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-flip-image-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-flip-image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-flip-image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-generator-02e1028b272d28de63335e7341b29e10.yaml b/nuclei-templates/cve-less/plugins/page-generator-02e1028b272d28de63335e7341b29e10.yaml new file mode 100644 index 0000000000..b22e0e2982 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-generator-02e1028b272d28de63335e7341b29e10.yaml @@ -0,0 +1,58 @@ +id: page-generator-02e1028b272d28de63335e7341b29e10 + +info: + name: > + Page Generator <= 1.7.1 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73ea7672-4e3f-4a26-a59e-043c2cd10a7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-generator/" + google-query: inurl:"/wp-content/plugins/page-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-generator-328db48b412bf150c51734d4e256b1dc.yaml b/nuclei-templates/cve-less/plugins/page-generator-328db48b412bf150c51734d4e256b1dc.yaml new file mode 100644 index 0000000000..a0a858e365 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-generator-328db48b412bf150c51734d4e256b1dc.yaml @@ -0,0 +1,58 @@ +id: page-generator-328db48b412bf150c51734d4e256b1dc + +info: + name: > + Page Generator <= 1.6.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4baf9b27-a06e-412f-8227-6b418e709ff1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-generator/" + google-query: inurl:"/wp-content/plugins/page-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-generator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-layout-builder-3b2a7a5fae5eb0af3506d02977a7f182.yaml b/nuclei-templates/cve-less/plugins/page-layout-builder-3b2a7a5fae5eb0af3506d02977a7f182.yaml new file mode 100644 index 0000000000..50c69d1415 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-layout-builder-3b2a7a5fae5eb0af3506d02977a7f182.yaml @@ -0,0 +1,58 @@ +id: page-layout-builder-3b2a7a5fae5eb0af3506d02977a7f182 + +info: + name: > + Page Layout Builder <= 1.9.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f10a95c-59ff-49a2-8bbf-1b0a802b62c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-layout-builder/" + google-query: inurl:"/wp-content/plugins/page-layout-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-layout-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-layout-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-layout-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-list-c7b94497207a62b415298f2f46cd674e.yaml b/nuclei-templates/cve-less/plugins/page-list-c7b94497207a62b415298f2f46cd674e.yaml new file mode 100644 index 0000000000..9322abf248 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-list-c7b94497207a62b415298f2f46cd674e.yaml @@ -0,0 +1,58 @@ +id: page-list-c7b94497207a62b415298f2f46cd674e + +info: + name: > + Page-list <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/983a5b15-adf7-4f34-bf2a-30857ada2753?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-list/" + google-query: inurl:"/wp-content/plugins/page-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-loading-effects-06f0f6d997d3961c4576d91935933f05.yaml b/nuclei-templates/cve-less/plugins/page-loading-effects-06f0f6d997d3961c4576d91935933f05.yaml new file mode 100644 index 0000000000..318caf5b9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-loading-effects-06f0f6d997d3961c4576d91935933f05.yaml @@ -0,0 +1,58 @@ +id: page-loading-effects-06f0f6d997d3961c4576d91935933f05 + +info: + name: > + Page Loading Effects <= 2.0.0 - Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9642be85-2817-4a3b-831b-0f1535106897?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-loading-effects/" + google-query: inurl:"/wp-content/plugins/page-loading-effects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-loading-effects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-loading-effects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-loading-effects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-scroll-to-id-6d5213a5628e216eb9e2a763fb4762ea.yaml b/nuclei-templates/cve-less/plugins/page-scroll-to-id-6d5213a5628e216eb9e2a763fb4762ea.yaml new file mode 100644 index 0000000000..ac06b704ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-scroll-to-id-6d5213a5628e216eb9e2a763fb4762ea.yaml @@ -0,0 +1,58 @@ +id: page-scroll-to-id-6d5213a5628e216eb9e2a763fb4762ea + +info: + name: > + Page scroll to id <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b487949-c52d-43ec-b660-2d4057bf3c08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-scroll-to-id/" + google-query: inurl:"/wp-content/plugins/page-scroll-to-id/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-scroll-to-id,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-scroll-to-id/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-scroll-to-id" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-scroll-to-id-ffddbf496e7aaec02b6e7ddf918beed0.yaml b/nuclei-templates/cve-less/plugins/page-scroll-to-id-ffddbf496e7aaec02b6e7ddf918beed0.yaml new file mode 100644 index 0000000000..e1ccc0e9f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-scroll-to-id-ffddbf496e7aaec02b6e7ddf918beed0.yaml @@ -0,0 +1,58 @@ +id: page-scroll-to-id-ffddbf496e7aaec02b6e7ddf918beed0 + +info: + name: > + Page scroll to id <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0d5f034-fd8b-456a-b44a-7d82db3a16a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-scroll-to-id/" + google-query: inurl:"/wp-content/plugins/page-scroll-to-id/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-scroll-to-id,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-scroll-to-id/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-scroll-to-id" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-views-count-13ec2bdc85df7c3571b35167e7c009d7.yaml b/nuclei-templates/cve-less/plugins/page-views-count-13ec2bdc85df7c3571b35167e7c009d7.yaml new file mode 100644 index 0000000000..2ad6269fda --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-views-count-13ec2bdc85df7c3571b35167e7c009d7.yaml @@ -0,0 +1,58 @@ +id: page-views-count-13ec2bdc85df7c3571b35167e7c009d7 + +info: + name: > + Page View Count <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/895d882b-f4ca-4837-9d8e-aca04c3fb9e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-views-count/" + google-query: inurl:"/wp-content/plugins/page-views-count/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-views-count,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-views-count/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-views-count" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-views-count-67889b4ef1ae0d338be85daad64d3e7e.yaml b/nuclei-templates/cve-less/plugins/page-views-count-67889b4ef1ae0d338be85daad64d3e7e.yaml new file mode 100644 index 0000000000..2c11f51e3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-views-count-67889b4ef1ae0d338be85daad64d3e7e.yaml @@ -0,0 +1,58 @@ +id: page-views-count-67889b4ef1ae0d338be85daad64d3e7e + +info: + name: > + Page View Count <= 2.5.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b881c73-2dfc-4b73-99f3-33432b750efd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-views-count/" + google-query: inurl:"/wp-content/plugins/page-views-count/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-views-count,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-views-count/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-views-count" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-views-count-b957833416680c3ce9532cace332c8be.yaml b/nuclei-templates/cve-less/plugins/page-views-count-b957833416680c3ce9532cace332c8be.yaml new file mode 100644 index 0000000000..cae9139e33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-views-count-b957833416680c3ce9532cace332c8be.yaml @@ -0,0 +1,58 @@ +id: page-views-count-b957833416680c3ce9532cace332c8be + +info: + name: > + Page Views Count Plugin <= 2.4.14 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4941cce-c6c0-4e8a-859e-cf0f50f92ce6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-views-count/" + google-query: inurl:"/wp-content/plugins/page-views-count/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-views-count,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-views-count/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-views-count" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/page-views-count-d058005189aafe6324b373d8ff03e3df.yaml b/nuclei-templates/cve-less/plugins/page-views-count-d058005189aafe6324b373d8ff03e3df.yaml new file mode 100644 index 0000000000..79411ab8bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/page-views-count-d058005189aafe6324b373d8ff03e3df.yaml @@ -0,0 +1,58 @@ +id: page-views-count-d058005189aafe6324b373d8ff03e3df + +info: + name: > + Page View Counts <= 2.4.8 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f882da12-2db7-481f-9a16-a54e1ab24af5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/page-views-count/" + google-query: inurl:"/wp-content/plugins/page-views-count/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,page-views-count,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/page-views-count/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "page-views-count" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagebar-4b545f99e277a5b533a4828fddfdf3e6.yaml b/nuclei-templates/cve-less/plugins/pagebar-4b545f99e277a5b533a4828fddfdf3e6.yaml new file mode 100644 index 0000000000..e5c992f5fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagebar-4b545f99e277a5b533a4828fddfdf3e6.yaml @@ -0,0 +1,58 @@ +id: pagebar-4b545f99e277a5b533a4828fddfdf3e6 + +info: + name: > + pagebar <= 2.65 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06e408f3-3d10-4454-ab71-64f7acd4c850?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagebar/" + google-query: inurl:"/wp-content/plugins/pagebar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagebar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.65') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-03e434d9ea9a280060b3548276610903.yaml b/nuclei-templates/cve-less/plugins/pagelayer-03e434d9ea9a280060b3548276610903.yaml new file mode 100644 index 0000000000..a7bec9544c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-03e434d9ea9a280060b3548276610903.yaml @@ -0,0 +1,58 @@ +id: pagelayer-03e434d9ea9a280060b3548276610903 + +info: + name: > + Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/666c02bd-d3e2-4e40-b189-b73e1136610b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-05c61ba0f98849485be0002b6c76289c.yaml b/nuclei-templates/cve-less/plugins/pagelayer-05c61ba0f98849485be0002b6c76289c.yaml new file mode 100644 index 0000000000..413c609d93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-05c61ba0f98849485be0002b6c76289c.yaml @@ -0,0 +1,58 @@ +id: pagelayer-05c61ba0f98849485be0002b6c76289c + +info: + name: > + Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e635dfb3-002d-4197-b14a-0136a1990a75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-2c10300e2e1d17099380134c8c4a5148.yaml b/nuclei-templates/cve-less/plugins/pagelayer-2c10300e2e1d17099380134c8c4a5148.yaml new file mode 100644 index 0000000000..3e884541d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-2c10300e2e1d17099380134c8c4a5148.yaml @@ -0,0 +1,58 @@ +id: pagelayer-2c10300e2e1d17099380134c8c4a5148 + +info: + name: > + Page Builder: Pagelayer – Drag and Drop website builder <= 1.1.1 - Missing Authorization to Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d33a77c6-9977-4d92-92c4-4273ee73452e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-37e749759243317adc52896293ee760e.yaml b/nuclei-templates/cve-less/plugins/pagelayer-37e749759243317adc52896293ee760e.yaml new file mode 100644 index 0000000000..a5a5fe5417 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-37e749759243317adc52896293ee760e.yaml @@ -0,0 +1,58 @@ +id: pagelayer-37e749759243317adc52896293ee760e + +info: + name: > + Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98bff131-dee2-4549-9167-69dc3f8d6b9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-53b0e5659c4aa4d52f12594842768c39.yaml b/nuclei-templates/cve-less/plugins/pagelayer-53b0e5659c4aa4d52f12594842768c39.yaml new file mode 100644 index 0000000000..6aafde2740 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-53b0e5659c4aa4d52f12594842768c39.yaml @@ -0,0 +1,58 @@ +id: pagelayer-53b0e5659c4aa4d52f12594842768c39 + +info: + name: > + Page Builder: Pagelayer – Drag and Drop website builder <= 1.7.6 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d8d581c-8198-4431-a534-aac8f05750cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-6c1bbce4c7a429a52d508c4dfbc689a9.yaml b/nuclei-templates/cve-less/plugins/pagelayer-6c1bbce4c7a429a52d508c4dfbc689a9.yaml new file mode 100644 index 0000000000..ae485426df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-6c1bbce4c7a429a52d508c4dfbc689a9.yaml @@ -0,0 +1,58 @@ +id: pagelayer-6c1bbce4c7a429a52d508c4dfbc689a9 + +info: + name: > + Pagelayer <= 1.7.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via Header/Footer code + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8bd08d0-5c78-40a8-abc1-de387908df9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-822954310f58c5920d9c99a5b8f20e8a.yaml b/nuclei-templates/cve-less/plugins/pagelayer-822954310f58c5920d9c99a5b8f20e8a.yaml new file mode 100644 index 0000000000..86d2790af4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-822954310f58c5920d9c99a5b8f20e8a.yaml @@ -0,0 +1,58 @@ +id: pagelayer-822954310f58c5920d9c99a5b8f20e8a + +info: + name: > + PageLayer <= 1.8.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ade80e4-a05a-4418-9c01-67c0366213b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-891807496f9388f784feeff012bb9ac8.yaml b/nuclei-templates/cve-less/plugins/pagelayer-891807496f9388f784feeff012bb9ac8.yaml new file mode 100644 index 0000000000..b8954bb95f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-891807496f9388f784feeff012bb9ac8.yaml @@ -0,0 +1,58 @@ +id: pagelayer-891807496f9388f784feeff012bb9ac8 + +info: + name: > + Page Builder: Pagelayer <= 1.7.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca7f1b56-a732-40c1-a05e-4ab3e6b05037?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-98aaf1a94b96eeb1d120f5b84c22c6ea.yaml b/nuclei-templates/cve-less/plugins/pagelayer-98aaf1a94b96eeb1d120f5b84c22c6ea.yaml new file mode 100644 index 0000000000..da0db409d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-98aaf1a94b96eeb1d120f5b84c22c6ea.yaml @@ -0,0 +1,58 @@ +id: pagelayer-98aaf1a94b96eeb1d120f5b84c22c6ea + +info: + name: > + PageLayer <= 1.7.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via meta fields + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d14c8890-482c-4d43-a68f-0d04c4feca8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-a19b0ea5f3c4659620b13f7e795adf29.yaml b/nuclei-templates/cve-less/plugins/pagelayer-a19b0ea5f3c4659620b13f7e795adf29.yaml new file mode 100644 index 0000000000..cd0b56fe2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-a19b0ea5f3c4659620b13f7e795adf29.yaml @@ -0,0 +1,58 @@ +id: pagelayer-a19b0ea5f3c4659620b13f7e795adf29 + +info: + name: > + Page Builder: Pagelayer – Drag and Drop website builder <= 1.8.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4884ba9-4448-43b0-93d3-110b719845ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-c9ad2218a91633282ea6a559fd4a007d.yaml b/nuclei-templates/cve-less/plugins/pagelayer-c9ad2218a91633282ea6a559fd4a007d.yaml new file mode 100644 index 0000000000..2f0fa282b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-c9ad2218a91633282ea6a559fd4a007d.yaml @@ -0,0 +1,58 @@ +id: pagelayer-c9ad2218a91633282ea6a559fd4a007d + +info: + name: > + Page Builder: Pagelayer – Drag and Drop website builder < 1.3.5 - Reflected Cross-Site Scripting via font-size + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/467e0946-cfbb-4ea3-b2d9-db21d0f182cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-e0bc64c58043fcf22274a1d73a269f55.yaml b/nuclei-templates/cve-less/plugins/pagelayer-e0bc64c58043fcf22274a1d73a269f55.yaml new file mode 100644 index 0000000000..89beeff1bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-e0bc64c58043fcf22274a1d73a269f55.yaml @@ -0,0 +1,58 @@ +id: pagelayer-e0bc64c58043fcf22274a1d73a269f55 + +info: + name: > + Page Builder: Pagelayer – Drag and Drop website builder < 1.3.5 - Reflected Cross-Site Scripting via Color Settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99c13de3-e040-4c11-b9c0-bd6a337c4769?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagelayer-f28d0839e906933601f8e3530cfcec02.yaml b/nuclei-templates/cve-less/plugins/pagelayer-f28d0839e906933601f8e3530cfcec02.yaml new file mode 100644 index 0000000000..888f47af6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagelayer-f28d0839e906933601f8e3530cfcec02.yaml @@ -0,0 +1,58 @@ +id: pagelayer-f28d0839e906933601f8e3530cfcec02 + +info: + name: > + Page Builder: Pagelayer <= 1.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via Header/Footer + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9bd3620-60a2-4741-b623-5147b6997575?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagelayer/" + google-query: inurl:"/wp-content/plugins/pagelayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagelayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagelayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagelayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagemash-d079a0462c534cbc9ce3a05b45c6a4d6.yaml b/nuclei-templates/cve-less/plugins/pagemash-d079a0462c534cbc9ce3a05b45c6a4d6.yaml new file mode 100644 index 0000000000..de2ea0ecfe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagemash-d079a0462c534cbc9ce3a05b45c6a4d6.yaml @@ -0,0 +1,58 @@ +id: pagemash-d079a0462c534cbc9ce3a05b45c6a4d6 + +info: + name: > + pageMash > Page Management <= 1.3.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22a9c0f6-7a20-4ed1-9afa-887adc790c80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagemash/" + google-query: inurl:"/wp-content/plugins/pagemash/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagemash,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagemash/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagemash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagepost-content-shortcode-4f011bf5e0985256ce0dc243eb8712f9.yaml b/nuclei-templates/cve-less/plugins/pagepost-content-shortcode-4f011bf5e0985256ce0dc243eb8712f9.yaml new file mode 100644 index 0000000000..9731ae0475 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagepost-content-shortcode-4f011bf5e0985256ce0dc243eb8712f9.yaml @@ -0,0 +1,58 @@ +id: pagepost-content-shortcode-4f011bf5e0985256ce0dc243eb8712f9 + +info: + name: > + Page/Post Content Shortcode <= 1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c619cb36-7216-4a23-96d2-57d8142be4af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagepost-content-shortcode/" + google-query: inurl:"/wp-content/plugins/pagepost-content-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagepost-content-shortcode,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagepost-content-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagepost-content-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagerestrict-383952897352436c7747104565840796.yaml b/nuclei-templates/cve-less/plugins/pagerestrict-383952897352436c7747104565840796.yaml new file mode 100644 index 0000000000..a61ffdbae3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagerestrict-383952897352436c7747104565840796.yaml @@ -0,0 +1,58 @@ +id: pagerestrict-383952897352436c7747104565840796 + +info: + name: > + Page Restrict <= 2.5.5 - Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63f98fd6-eee8-4281-98ea-a267d0442c85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagerestrict/" + google-query: inurl:"/wp-content/plugins/pagerestrict/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagerestrict,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagerestrict/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagerestrict" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagerestrict-449418fde0e77076010b8e37969e0e31.yaml b/nuclei-templates/cve-less/plugins/pagerestrict-449418fde0e77076010b8e37969e0e31.yaml new file mode 100644 index 0000000000..cc91aaf04e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagerestrict-449418fde0e77076010b8e37969e0e31.yaml @@ -0,0 +1,58 @@ +id: pagerestrict-449418fde0e77076010b8e37969e0e31 + +info: + name: > + Page Restrict <= 2.5.5 - Cross-Site Request Forgery via pr_admin_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/956984d4-4f8b-4e20-8002-4e9809b3872c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagerestrict/" + google-query: inurl:"/wp-content/plugins/pagerestrict/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagerestrict,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagerestrict/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagerestrict" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagination-b86bab5c8fb0747eadd8257097e9b226.yaml b/nuclei-templates/cve-less/plugins/pagination-b86bab5c8fb0747eadd8257097e9b226.yaml new file mode 100644 index 0000000000..ccd4ad52f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagination-b86bab5c8fb0747eadd8257097e9b226.yaml @@ -0,0 +1,58 @@ +id: pagination-b86bab5c8fb0747eadd8257097e9b226 + +info: + name: > + Pagination by BestWebSoft <= 1.0.6 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2012090d-fd96-4609-aef1-0e3ec5dd2e38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagination/" + google-query: inurl:"/wp-content/plugins/pagination/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagination,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagination/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagination" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagination-fd43c9edc7bf436e03f5d59fcc9642f0.yaml b/nuclei-templates/cve-less/plugins/pagination-fd43c9edc7bf436e03f5d59fcc9642f0.yaml new file mode 100644 index 0000000000..586748b79e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagination-fd43c9edc7bf436e03f5d59fcc9642f0.yaml @@ -0,0 +1,58 @@ +id: pagination-fd43c9edc7bf436e03f5d59fcc9642f0 + +info: + name: > + Pagination by BestWebSoft <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffbb85c5-e949-4c0f-8c02-2c022b802e05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagination/" + google-query: inurl:"/wp-content/plugins/pagination/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagination,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagination/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagination" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pagination-styler-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/pagination-styler-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..c13a08ecee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pagination-styler-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: pagination-styler-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pagination-styler-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/pagination-styler-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pagination-styler-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pagination-styler-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pagination-styler-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-member-subscriptions-134f2819e254034a77fb510bfe9b93c9.yaml b/nuclei-templates/cve-less/plugins/paid-member-subscriptions-134f2819e254034a77fb510bfe9b93c9.yaml new file mode 100644 index 0000000000..c43e367f3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-member-subscriptions-134f2819e254034a77fb510bfe9b93c9.yaml @@ -0,0 +1,58 @@ +id: paid-member-subscriptions-134f2819e254034a77fb510bfe9b93c9 + +info: + name: > + Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via creating_pricing_table_page + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10f00859-3adf-40ff-8f33-827bbb1f62df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-member-subscriptions/" + google-query: inurl:"/wp-content/plugins/paid-member-subscriptions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-member-subscriptions,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-member-subscriptions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-member-subscriptions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-member-subscriptions-3ac481618eb4347f5fc9d0f89470f6b5.yaml b/nuclei-templates/cve-less/plugins/paid-member-subscriptions-3ac481618eb4347f5fc9d0f89470f6b5.yaml new file mode 100644 index 0000000000..fc7391b4b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-member-subscriptions-3ac481618eb4347f5fc9d0f89470f6b5.yaml @@ -0,0 +1,58 @@ +id: paid-member-subscriptions-3ac481618eb4347f5fc9d0f89470f6b5 + +info: + name: > + Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.0 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4ac97d-7eb3-4005-b75a-0fe32e31fa92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-member-subscriptions/" + google-query: inurl:"/wp-content/plugins/paid-member-subscriptions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-member-subscriptions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-member-subscriptions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-member-subscriptions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-member-subscriptions-646e25531b1fa1af8fcb5aec525b7439.yaml b/nuclei-templates/cve-less/plugins/paid-member-subscriptions-646e25531b1fa1af8fcb5aec525b7439.yaml new file mode 100644 index 0000000000..116dbfece2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-member-subscriptions-646e25531b1fa1af8fcb5aec525b7439.yaml @@ -0,0 +1,58 @@ +id: paid-member-subscriptions-646e25531b1fa1af8fcb5aec525b7439 + +info: + name: > + Paid Member Subscriptions <= 2.10.4 - Cross-Site Request Forgery via ajax_add_log_entry + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69ab17fc-8290-4230-8c44-25d12009c08a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-member-subscriptions/" + google-query: inurl:"/wp-content/plugins/paid-member-subscriptions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-member-subscriptions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-member-subscriptions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-member-subscriptions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-member-subscriptions-ca8deb8cc99a7e80212ae873b89f0b6b.yaml b/nuclei-templates/cve-less/plugins/paid-member-subscriptions-ca8deb8cc99a7e80212ae873b89f0b6b.yaml new file mode 100644 index 0000000000..dc3ed53750 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-member-subscriptions-ca8deb8cc99a7e80212ae873b89f0b6b.yaml @@ -0,0 +1,58 @@ +id: paid-member-subscriptions-ca8deb8cc99a7e80212ae873b89f0b6b + +info: + name: > + Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd5f5861-5be4-456d-915d-bafb7bff2110?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-member-subscriptions/" + google-query: inurl:"/wp-content/plugins/paid-member-subscriptions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-member-subscriptions,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-member-subscriptions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-member-subscriptions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-member-subscriptions-cce20befda4e7caf1b066f754d7a6624.yaml b/nuclei-templates/cve-less/plugins/paid-member-subscriptions-cce20befda4e7caf1b066f754d7a6624.yaml new file mode 100644 index 0000000000..cc5f4f4256 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-member-subscriptions-cce20befda4e7caf1b066f754d7a6624.yaml @@ -0,0 +1,58 @@ +id: paid-member-subscriptions-cce20befda4e7caf1b066f754d7a6624 + +info: + name: > + Membership & Content Restriction – Paid Member Subscriptions <= 2.4.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52203b9c-7629-4969-8d2d-eb1ef33d160c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-member-subscriptions/" + google-query: inurl:"/wp-content/plugins/paid-member-subscriptions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-member-subscriptions,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-member-subscriptions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-member-subscriptions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-membership-1e4c87f532b07cfd840241f44de6c8f0.yaml b/nuclei-templates/cve-less/plugins/paid-membership-1e4c87f532b07cfd840241f44de6c8f0.yaml new file mode 100644 index 0000000000..4c065372eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-membership-1e4c87f532b07cfd840241f44de6c8f0.yaml @@ -0,0 +1,58 @@ +id: paid-membership-1e4c87f532b07cfd840241f44de6c8f0 + +info: + name: > + MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership <= 1.9.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/230b6a10-1505-4f66-ba98-df6257a80668?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-membership/" + google-query: inurl:"/wp-content/plugins/paid-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-286f920ff3d0f48835cc5b28e8181446.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-286f920ff3d0f48835cc5b28e8181446.yaml new file mode 100644 index 0000000000..6856075993 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-286f920ff3d0f48835cc5b28e8181446.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-286f920ff3d0f48835cc5b28e8181446 + +info: + name: > + Paid Memberships Pro <= 2.9.11 - Authenticated (Subscriber+) SQL Injection via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/103a7e7b-74bb-4691-8670-c66ed2144596?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-2f5b75adc13263d5beea70db43442acd.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-2f5b75adc13263d5beea70db43442acd.yaml new file mode 100644 index 0000000000..0cf76e8097 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-2f5b75adc13263d5beea70db43442acd.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-2f5b75adc13263d5beea70db43442acd + +info: + name: > + Paid Memberships Pro <= 3.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9ef7742-e6f8-4350-90e9-242d9d1b12a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-41611316d1ac99758a92032134152355.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-41611316d1ac99758a92032134152355.yaml new file mode 100644 index 0000000000..d804861f8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-41611316d1ac99758a92032134152355.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-41611316d1ac99758a92032134152355 + +info: + name: > + Paid Memberships Pro <= 2.6.6 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09679bd2-c416-4037-bfa4-d56ba862113c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-434f404b68ce3bb5e0a4d67432fad4b5.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-434f404b68ce3bb5e0a4d67432fad4b5.yaml new file mode 100644 index 0000000000..46b132854d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-434f404b68ce3bb5e0a4d67432fad4b5.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-434f404b68ce3bb5e0a4d67432fad4b5 + +info: + name: > + Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd87d34-2e7f-4c75-8816-b39820309077?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-63f8abf1368e7fe90270064d672ae623.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-63f8abf1368e7fe90270064d672ae623.yaml new file mode 100644 index 0000000000..feb9780e5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-63f8abf1368e7fe90270064d672ae623.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-63f8abf1368e7fe90270064d672ae623 + +info: + name: > + Paid Memberships Pro < 1.8.4.3 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09467946-0ee7-45e7-969e-ec30863bfa3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-67f30623d09c4d720e6c11ecbff476fb.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-67f30623d09c4d720e6c11ecbff476fb.yaml new file mode 100644 index 0000000000..c4b23edf29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-67f30623d09c4d720e6c11ecbff476fb.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-67f30623d09c4d720e6c11ecbff476fb + +info: + name: > + Paid Memberships Pro < 1.7.15 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a7e2ad0-8427-450d-aa7e-abdbbc668247?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-68293564bc63bf678c3143661b510396.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-68293564bc63bf678c3143661b510396.yaml new file mode 100644 index 0000000000..1678f424f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-68293564bc63bf678c3143661b510396.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-68293564bc63bf678c3143661b510396 + +info: + name: > + Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5979f2eb-2ca8-4b06-814c-c4236bb81af0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-83f1dd0f93cf1e789d768340fd3bb4e6.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-83f1dd0f93cf1e789d768340fd3bb4e6.yaml new file mode 100644 index 0000000000..fb79615bf7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-83f1dd0f93cf1e789d768340fd3bb4e6.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-83f1dd0f93cf1e789d768340fd3bb4e6 + +info: + name: > + Paid Memberships Pro <= 2.6.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7848e904-b521-479b-bf7e-d695ad0163b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-840229894b2c6a1be64b8d70b53d76ea.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-840229894b2c6a1be64b8d70b53d76ea.yaml new file mode 100644 index 0000000000..31475db7e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-840229894b2c6a1be64b8d70b53d76ea.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-840229894b2c6a1be64b8d70b53d76ea + +info: + name: > + Paid Memberships Pro <= 2.12.7 - Cross-Site Request Forgery to Level Orders Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-9d10b05b216e9b3725f77f2e756c3bb4.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-9d10b05b216e9b3725f77f2e756c3bb4.yaml new file mode 100644 index 0000000000..b079e7f3a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-9d10b05b216e9b3725f77f2e756c3bb4.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-9d10b05b216e9b3725f77f2e756c3bb4 + +info: + name: > + Paid Memberships Pro <= 2.5.5 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13d31af8-c606-4c83-be15-4446c4f330aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-bef07a85e28e83767b9819859bd47740.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-bef07a85e28e83767b9819859bd47740.yaml new file mode 100644 index 0000000000..4efa2d2187 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-bef07a85e28e83767b9819859bd47740.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-bef07a85e28e83767b9819859bd47740 + +info: + name: > + Paid Memberships Pro <= 2.4.2 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d74553a4-0ef7-4908-a2e8-5e0216f7b256?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-cc7679b7eedbbcc9700c025bd91811bc.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-cc7679b7eedbbcc9700c025bd91811bc.yaml new file mode 100644 index 0000000000..7b2d8c8ffd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-cc7679b7eedbbcc9700c025bd91811bc.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-cc7679b7eedbbcc9700c025bd91811bc + +info: + name: > + Paid Memberships Pro <= 2.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1b3edcf-c089-4bb8-b1e8-05e00abca1a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-d6f22dc7688630789d302268152d865d.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-d6f22dc7688630789d302268152d865d.yaml new file mode 100644 index 0000000000..6f4fcce147 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-d6f22dc7688630789d302268152d865d.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-d6f22dc7688630789d302268152d865d + +info: + name: > + Paid Memberships Pro < 2.3.3 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1791d41-cdfe-4918-8351-2108302241c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-e07fd23d17f8dd83e161e7e2c0ee4d29.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-e07fd23d17f8dd83e161e7e2c0ee4d29.yaml new file mode 100644 index 0000000000..5d7dbd13a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-e07fd23d17f8dd83e161e7e2c0ee4d29.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-e07fd23d17f8dd83e161e7e2c0ee4d29 + +info: + name: > + Paid Memberships Pro < 2.9.8 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c7d2321-735a-4b5f-a36d-16375c994d2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-e8a21df86ab8f777d41e6648745d6563.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-e8a21df86ab8f777d41e6648745d6563.yaml new file mode 100644 index 0000000000..6e8a06eebe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-e8a21df86ab8f777d41e6648745d6563.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-e8a21df86ab8f777d41e6648745d6563 + +info: + name: > + Paid Memberships Pro <= 2.12.5 - Missing Authorization via API + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/383c7837-e7b7-4608-9cdc-91b7dbc7f4e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paid-memberships-pro-fce0c7de1ac72dbab0de3f1d5f219540.yaml b/nuclei-templates/cve-less/plugins/paid-memberships-pro-fce0c7de1ac72dbab0de3f1d5f219540.yaml new file mode 100644 index 0000000000..e89cc10ace --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paid-memberships-pro-fce0c7de1ac72dbab0de3f1d5f219540.yaml @@ -0,0 +1,58 @@ +id: paid-memberships-pro-fce0c7de1ac72dbab0de3f1d5f219540 + +info: + name: > + Paid Memberships Pro <= 2.12.8 - Authenticated (Contributor+) Information Disclosure via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd5d212e-c672-4fa8-afe7-baeac06e2e7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paid-memberships-pro/" + google-query: inurl:"/wp-content/plugins/paid-memberships-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paid-memberships-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paid-memberships-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paid-memberships-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/panda-pods-repeater-field-828e69c4d1ded9a5f7606667cb83c187.yaml b/nuclei-templates/cve-less/plugins/panda-pods-repeater-field-828e69c4d1ded9a5f7606667cb83c187.yaml new file mode 100644 index 0000000000..0780aacd06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/panda-pods-repeater-field-828e69c4d1ded9a5f7606667cb83c187.yaml @@ -0,0 +1,58 @@ +id: panda-pods-repeater-field-828e69c4d1ded9a5f7606667cb83c187 + +info: + name: > + Panda Pods Repeater Field <= 1.5.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06b6c668-5f5d-4cf6-a3c6-4af755c72bca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/panda-pods-repeater-field/" + google-query: inurl:"/wp-content/plugins/panda-pods-repeater-field/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,panda-pods-repeater-field,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/panda-pods-repeater-field/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "panda-pods-repeater-field" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/parallax-image-b5b52d178ac9e73e1f7151b15d18b267.yaml b/nuclei-templates/cve-less/plugins/parallax-image-b5b52d178ac9e73e1f7151b15d18b267.yaml new file mode 100644 index 0000000000..faaafb4695 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/parallax-image-b5b52d178ac9e73e1f7151b15d18b267.yaml @@ -0,0 +1,58 @@ +id: parallax-image-b5b52d178ac9e73e1f7151b15d18b267 + +info: + name: > + Parallax Image <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55cd02d1-7b06-427b-840b-3ced73ad4a74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/parallax-image/" + google-query: inurl:"/wp-content/plugins/parallax-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,parallax-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/parallax-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "parallax-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/parallax-slider-block-39f54e5675da547fbcee34c5030b35da.yaml b/nuclei-templates/cve-less/plugins/parallax-slider-block-39f54e5675da547fbcee34c5030b35da.yaml new file mode 100644 index 0000000000..f10293e122 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/parallax-slider-block-39f54e5675da547fbcee34c5030b35da.yaml @@ -0,0 +1,58 @@ +id: parallax-slider-block-39f54e5675da547fbcee34c5030b35da + +info: + name: > + Parallax Slider Block <= 1.2.5 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae3974e6-cba1-4976-a6af-9e60557cfde8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/parallax-slider-block/" + google-query: inurl:"/wp-content/plugins/parallax-slider-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,parallax-slider-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/parallax-slider-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "parallax-slider-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/parcelpanel-00bc7306212a1f1532879484863c8f21.yaml b/nuclei-templates/cve-less/plugins/parcelpanel-00bc7306212a1f1532879484863c8f21.yaml new file mode 100644 index 0000000000..65922efa24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/parcelpanel-00bc7306212a1f1532879484863c8f21.yaml @@ -0,0 +1,58 @@ +id: parcelpanel-00bc7306212a1f1532879484863c8f21 + +info: + name: > + Shipment Tracking, Tracking, and Order Tracking for WooCommerce – ParcelPanel (Free to install) <= 3.8.2 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/964d6dd2-0e93-4fc2-87ca-0257186d1b37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/parcelpanel/" + google-query: inurl:"/wp-content/plugins/parcelpanel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,parcelpanel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/parcelpanel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "parcelpanel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pardakht-delkhah-ad560a2e6c4b99cf57f1cbf4f8e13e03.yaml b/nuclei-templates/cve-less/plugins/pardakht-delkhah-ad560a2e6c4b99cf57f1cbf4f8e13e03.yaml new file mode 100644 index 0000000000..41b254f41e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pardakht-delkhah-ad560a2e6c4b99cf57f1cbf4f8e13e03.yaml @@ -0,0 +1,58 @@ +id: pardakht-delkhah-ad560a2e6c4b99cf57f1cbf4f8e13e03 + +info: + name: > + Pardakht Delkhah <= 2.9.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73a1174d-fb5a-4cc0-ada0-dbf1e011619a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pardakht-delkhah/" + google-query: inurl:"/wp-content/plugins/pardakht-delkhah/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pardakht-delkhah,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pardakht-delkhah/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pardakht-delkhah" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pardot-700d1cfad4bd0fa3b320c8b805e07813.yaml b/nuclei-templates/cve-less/plugins/pardot-700d1cfad4bd0fa3b320c8b805e07813.yaml new file mode 100644 index 0000000000..fdf6feca0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pardot-700d1cfad4bd0fa3b320c8b805e07813.yaml @@ -0,0 +1,58 @@ +id: pardot-700d1cfad4bd0fa3b320c8b805e07813 + +info: + name: > + Pardot <= 2.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e989dbb9-41eb-4c56-8d6b-7c0518500f2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pardot/" + google-query: inurl:"/wp-content/plugins/pardot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pardot,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pardot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pardot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/parsi-font-254f28aa80fff0eb08d98b4ce3b3dff8.yaml b/nuclei-templates/cve-less/plugins/parsi-font-254f28aa80fff0eb08d98b4ce3b3dff8.yaml new file mode 100644 index 0000000000..a70aefa76b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/parsi-font-254f28aa80fff0eb08d98b4ce3b3dff8.yaml @@ -0,0 +1,58 @@ +id: parsi-font-254f28aa80fff0eb08d98b4ce3b3dff8 + +info: + name: > + MW Font Changer <= 4.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc09dee-9af6-49ff-bfe2-abcc616940d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/parsi-font/" + google-query: inurl:"/wp-content/plugins/parsi-font/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,parsi-font,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/parsi-font/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "parsi-font" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/parsian-bank-gateway-for-woocommerce-27a74900b090130d2ab9c1d98745b64a.yaml b/nuclei-templates/cve-less/plugins/parsian-bank-gateway-for-woocommerce-27a74900b090130d2ab9c1d98745b64a.yaml new file mode 100644 index 0000000000..eb2be5562d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/parsian-bank-gateway-for-woocommerce-27a74900b090130d2ab9c1d98745b64a.yaml @@ -0,0 +1,58 @@ +id: parsian-bank-gateway-for-woocommerce-27a74900b090130d2ab9c1d98745b64a + +info: + name: > + Parsian Bank Gateway for Woocommerce <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26624f19-c943-417a-abb2-c05646b192cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/parsian-bank-gateway-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/parsian-bank-gateway-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,parsian-bank-gateway-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/parsian-bank-gateway-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "parsian-bank-gateway-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/partdo-core-0e249eccad21574e2f41d6b727c12756.yaml b/nuclei-templates/cve-less/plugins/partdo-core-0e249eccad21574e2f41d6b727c12756.yaml new file mode 100644 index 0000000000..f26a8da22a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/partdo-core-0e249eccad21574e2f41d6b727c12756.yaml @@ -0,0 +1,58 @@ +id: partdo-core-0e249eccad21574e2f41d6b727c12756 + +info: + name: > + Multiple Plugins by KlbTheme <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fb06315-30ad-4d98-af75-b04933583be7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/partdo-core/" + google-query: inurl:"/wp-content/plugins/partdo-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,partdo-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/partdo-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "partdo-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/participants-database-07270c625770ea55406700bd4faf8963.yaml b/nuclei-templates/cve-less/plugins/participants-database-07270c625770ea55406700bd4faf8963.yaml new file mode 100644 index 0000000000..69619fcee2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/participants-database-07270c625770ea55406700bd4faf8963.yaml @@ -0,0 +1,58 @@ +id: participants-database-07270c625770ea55406700bd4faf8963 + +info: + name: > + Participants Database <= 1.9.5.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ede9023-732d-43e4-9c19-7cf704c95c29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/participants-database/" + google-query: inurl:"/wp-content/plugins/participants-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,participants-database,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/participants-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "participants-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/participants-database-11fe5ff4939095c8eaedbac059700247.yaml b/nuclei-templates/cve-less/plugins/participants-database-11fe5ff4939095c8eaedbac059700247.yaml new file mode 100644 index 0000000000..099a590f67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/participants-database-11fe5ff4939095c8eaedbac059700247.yaml @@ -0,0 +1,58 @@ +id: participants-database-11fe5ff4939095c8eaedbac059700247 + +info: + name: > + Participants Database <= 2.4.9 - Cross-Site Request Forgery via _process_general + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7ce9573-eda5-45c0-8775-966f2fbe9496?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/participants-database/" + google-query: inurl:"/wp-content/plugins/participants-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,participants-database,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/participants-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "participants-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/participants-database-bdf9e125f5be6c62d1e6ea586186b7ea.yaml b/nuclei-templates/cve-less/plugins/participants-database-bdf9e125f5be6c62d1e6ea586186b7ea.yaml new file mode 100644 index 0000000000..774a5a5d9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/participants-database-bdf9e125f5be6c62d1e6ea586186b7ea.yaml @@ -0,0 +1,58 @@ +id: participants-database-bdf9e125f5be6c62d1e6ea586186b7ea + +info: + name: > + Participants Database < 1.5.4.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/144df910-67d2-4e3b-9ccf-04ebd5d1bf8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/participants-database/" + google-query: inurl:"/wp-content/plugins/participants-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,participants-database,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/participants-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "participants-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/participants-database-c5af09461da9c502c3934cc475901e6e.yaml b/nuclei-templates/cve-less/plugins/participants-database-c5af09461da9c502c3934cc475901e6e.yaml new file mode 100644 index 0000000000..caec50f674 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/participants-database-c5af09461da9c502c3934cc475901e6e.yaml @@ -0,0 +1,58 @@ +id: participants-database-c5af09461da9c502c3934cc475901e6e + +info: + name: > + Participants Database <= 2.5.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cd2b2ba-c4ec-4799-91b4-b38c462baee4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/participants-database/" + google-query: inurl:"/wp-content/plugins/participants-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,participants-database,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/participants-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "participants-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/participants-database-d7f00e0abe15580f7ace910ffb1d1a20.yaml b/nuclei-templates/cve-less/plugins/participants-database-d7f00e0abe15580f7ace910ffb1d1a20.yaml new file mode 100644 index 0000000000..c8c2b7e349 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/participants-database-d7f00e0abe15580f7ace910ffb1d1a20.yaml @@ -0,0 +1,58 @@ +id: participants-database-d7f00e0abe15580f7ace910ffb1d1a20 + +info: + name: > + Participants Database <= 2.4.5 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44d61e62-436f-4731-b447-a2adbbb96e55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/participants-database/" + google-query: inurl:"/wp-content/plugins/participants-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,participants-database,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/participants-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "participants-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/participants-database-e0584db35cbb9869be95ba6010b7c0f4.yaml b/nuclei-templates/cve-less/plugins/participants-database-e0584db35cbb9869be95ba6010b7c0f4.yaml new file mode 100644 index 0000000000..237f4f39d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/participants-database-e0584db35cbb9869be95ba6010b7c0f4.yaml @@ -0,0 +1,58 @@ +id: participants-database-e0584db35cbb9869be95ba6010b7c0f4 + +info: + name: > + Participants Database <= 1.7.5.9 - Unauthorized Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66717800-31ab-4e68-979a-4967dd2caeb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/participants-database/" + google-query: inurl:"/wp-content/plugins/participants-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,participants-database,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/participants-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "participants-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/participants-database-e3cd907e6807fcf00ac40f54ec586f57.yaml b/nuclei-templates/cve-less/plugins/participants-database-e3cd907e6807fcf00ac40f54ec586f57.yaml new file mode 100644 index 0000000000..ab1c2c1f3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/participants-database-e3cd907e6807fcf00ac40f54ec586f57.yaml @@ -0,0 +1,58 @@ +id: participants-database-e3cd907e6807fcf00ac40f54ec586f57 + +info: + name: > + Participants Database <= 2.4.5 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e764e567-524e-40b9-aa9f-653a5553375d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/participants-database/" + google-query: inurl:"/wp-content/plugins/participants-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,participants-database,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/participants-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "participants-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/password-protect-page-729488a672d6efd868aa434c8487ecdf.yaml b/nuclei-templates/cve-less/plugins/password-protect-page-729488a672d6efd868aa434c8487ecdf.yaml new file mode 100644 index 0000000000..475a4573c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/password-protect-page-729488a672d6efd868aa434c8487ecdf.yaml @@ -0,0 +1,58 @@ +id: password-protect-page-729488a672d6efd868aa434c8487ecdf + +info: + name: > + PPWP – Password Protect Pages <= 1.8.9 - Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/password-protect-page/" + google-query: inurl:"/wp-content/plugins/password-protect-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,password-protect-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/password-protect-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "password-protect-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/password-protect-page-d66ad8d87de6007b46efcadeba262d7e.yaml b/nuclei-templates/cve-less/plugins/password-protect-page-d66ad8d87de6007b46efcadeba262d7e.yaml new file mode 100644 index 0000000000..e7a39badbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/password-protect-page-d66ad8d87de6007b46efcadeba262d7e.yaml @@ -0,0 +1,58 @@ +id: password-protect-page-d66ad8d87de6007b46efcadeba262d7e + +info: + name: > + PPWP – WordPress Password Protect Page <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0f899c6-cce2-4534-9b97-3783648cba09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/password-protect-page/" + google-query: inurl:"/wp-content/plugins/password-protect-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,password-protect-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/password-protect-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "password-protect-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/password-protected-f70dd0265071b25825ed4ac0daac6966.yaml b/nuclei-templates/cve-less/plugins/password-protected-f70dd0265071b25825ed4ac0daac6966.yaml new file mode 100644 index 0000000000..cb258970be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/password-protected-f70dd0265071b25825ed4ac0daac6966.yaml @@ -0,0 +1,58 @@ +id: password-protected-f70dd0265071b25825ed4ac0daac6966 + +info: + name: > + Password Protected <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79c296b1-e385-404d-96c0-a98f10b89f08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/password-protected/" + google-query: inurl:"/wp-content/plugins/password-protected/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,password-protected,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/password-protected/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "password-protected" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/password-protected-fb622d8a3e8e58dd4ad557e902dc2f9e.yaml b/nuclei-templates/cve-less/plugins/password-protected-fb622d8a3e8e58dd4ad557e902dc2f9e.yaml new file mode 100644 index 0000000000..e1cd0cb077 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/password-protected-fb622d8a3e8e58dd4ad557e902dc2f9e.yaml @@ -0,0 +1,58 @@ +id: password-protected-fb622d8a3e8e58dd4ad557e902dc2f9e + +info: + name: > + Password Protected <= 2.6.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aba36c3b-beae-4c47-8aa8-5012a7a838ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/password-protected/" + google-query: inurl:"/wp-content/plugins/password-protected/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,password-protected,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/password-protected/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "password-protected" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/password-protected-woo-store-050f0116b8ceb2b0a56ee85d7392fdbc.yaml b/nuclei-templates/cve-less/plugins/password-protected-woo-store-050f0116b8ceb2b0a56ee85d7392fdbc.yaml new file mode 100644 index 0000000000..d011098736 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/password-protected-woo-store-050f0116b8ceb2b0a56ee85d7392fdbc.yaml @@ -0,0 +1,58 @@ +id: password-protected-woo-store-050f0116b8ceb2b0a56ee85d7392fdbc + +info: + name: > + Password Protected Store for WooCommerce <= 2.2 - Information Exposure via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ae1e8fd-4d1b-4590-a141-f93d6347c0f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/password-protected-woo-store/" + google-query: inurl:"/wp-content/plugins/password-protected-woo-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,password-protected-woo-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/password-protected-woo-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "password-protected-woo-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/passwordless-login-8f38e1cb39832821632517021044a8d0.yaml b/nuclei-templates/cve-less/plugins/passwordless-login-8f38e1cb39832821632517021044a8d0.yaml new file mode 100644 index 0000000000..141c55e1c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/passwordless-login-8f38e1cb39832821632517021044a8d0.yaml @@ -0,0 +1,58 @@ +id: passwordless-login-8f38e1cb39832821632517021044a8d0 + +info: + name: > + Passwordless Login <= 1.1.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aab54795-31e7-4ef4-8a80-7443abaa3f21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/passwordless-login/" + google-query: inurl:"/wp-content/plugins/passwordless-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,passwordless-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/passwordless-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "passwordless-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patreon-connect-1d56115c5756336039596f3db2afcf11.yaml b/nuclei-templates/cve-less/plugins/patreon-connect-1d56115c5756336039596f3db2afcf11.yaml new file mode 100644 index 0000000000..3829190e86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patreon-connect-1d56115c5756336039596f3db2afcf11.yaml @@ -0,0 +1,58 @@ +id: patreon-connect-1d56115c5756336039596f3db2afcf11 + +info: + name: > + Patreon WordPress <= 1.6.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbcd569d-f524-4012-add0-ba0afc19e47e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patreon-connect/" + google-query: inurl:"/wp-content/plugins/patreon-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patreon-connect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patreon-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patreon-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patreon-connect-1e16eec4b6ae009a904a8e7f17b7b28d.yaml b/nuclei-templates/cve-less/plugins/patreon-connect-1e16eec4b6ae009a904a8e7f17b7b28d.yaml new file mode 100644 index 0000000000..73e5988285 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patreon-connect-1e16eec4b6ae009a904a8e7f17b7b28d.yaml @@ -0,0 +1,58 @@ +id: patreon-connect-1e16eec4b6ae009a904a8e7f17b7b28d + +info: + name: > + Patreon WordPress <= 1.7.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc9dfe96-2d43-4b7b-a91a-87cdaaab8e49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patreon-connect/" + google-query: inurl:"/wp-content/plugins/patreon-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patreon-connect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patreon-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patreon-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patreon-connect-3ea0fac767d2ae2ce8f2f4784f535988.yaml b/nuclei-templates/cve-less/plugins/patreon-connect-3ea0fac767d2ae2ce8f2f4784f535988.yaml new file mode 100644 index 0000000000..c1172a62fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patreon-connect-3ea0fac767d2ae2ce8f2f4784f535988.yaml @@ -0,0 +1,58 @@ +id: patreon-connect-3ea0fac767d2ae2ce8f2f4784f535988 + +info: + name: > + Patreon WordPress <= 1.6.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a7de576-5809-432f-a6fd-364a3a49967f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patreon-connect/" + google-query: inurl:"/wp-content/plugins/patreon-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patreon-connect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patreon-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patreon-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patreon-connect-60d5b771eb752135710361fe9f24a381.yaml b/nuclei-templates/cve-less/plugins/patreon-connect-60d5b771eb752135710361fe9f24a381.yaml new file mode 100644 index 0000000000..422e383c58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patreon-connect-60d5b771eb752135710361fe9f24a381.yaml @@ -0,0 +1,58 @@ +id: patreon-connect-60d5b771eb752135710361fe9f24a381 + +info: + name: > + Patreon WordPress < 1.7.0 - Local File Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/081bd3a9-2139-416f-bb36-b86aef6fa6db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patreon-connect/" + google-query: inurl:"/wp-content/plugins/patreon-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patreon-connect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patreon-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patreon-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patreon-connect-82c6c9cf005abdc27838609e8ad9cf02.yaml b/nuclei-templates/cve-less/plugins/patreon-connect-82c6c9cf005abdc27838609e8ad9cf02.yaml new file mode 100644 index 0000000000..a9a1dec735 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patreon-connect-82c6c9cf005abdc27838609e8ad9cf02.yaml @@ -0,0 +1,58 @@ +id: patreon-connect-82c6c9cf005abdc27838609e8ad9cf02 + +info: + name: > + Patreon WordPress <= 1.8.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/481121b2-4ea9-489e-b582-ec8bbf87c902?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patreon-connect/" + google-query: inurl:"/wp-content/plugins/patreon-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patreon-connect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patreon-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patreon-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patreon-connect-a8cb964066fe8aea6342dd9fef9872c0.yaml b/nuclei-templates/cve-less/plugins/patreon-connect-a8cb964066fe8aea6342dd9fef9872c0.yaml new file mode 100644 index 0000000000..a54d6d7860 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patreon-connect-a8cb964066fe8aea6342dd9fef9872c0.yaml @@ -0,0 +1,58 @@ +id: patreon-connect-a8cb964066fe8aea6342dd9fef9872c0 + +info: + name: > + Patreon WordPress < 1.2.2 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebb80964-761b-410c-998f-4408439e0d48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patreon-connect/" + google-query: inurl:"/wp-content/plugins/patreon-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patreon-connect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patreon-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patreon-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patreon-connect-c914118ffbfe0c8c975fe93b917507cf.yaml b/nuclei-templates/cve-less/plugins/patreon-connect-c914118ffbfe0c8c975fe93b917507cf.yaml new file mode 100644 index 0000000000..2d8fa8ae21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patreon-connect-c914118ffbfe0c8c975fe93b917507cf.yaml @@ -0,0 +1,58 @@ +id: patreon-connect-c914118ffbfe0c8c975fe93b917507cf + +info: + name: > + Patreon WordPress <= 1.8.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eff9fcce-01b2-4698-a2c2-ee5991bfd963?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patreon-connect/" + google-query: inurl:"/wp-content/plugins/patreon-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patreon-connect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patreon-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patreon-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patreon-connect-d2e2b4003ef24e75b8d453ad2f0582ba.yaml b/nuclei-templates/cve-less/plugins/patreon-connect-d2e2b4003ef24e75b8d453ad2f0582ba.yaml new file mode 100644 index 0000000000..4b1589acae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patreon-connect-d2e2b4003ef24e75b8d453ad2f0582ba.yaml @@ -0,0 +1,58 @@ +id: patreon-connect-d2e2b4003ef24e75b8d453ad2f0582ba + +info: + name: > + Patreon WordPress <= 1.7.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63b67652-d10e-4a5a-97d5-04e6c848b752?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patreon-connect/" + google-query: inurl:"/wp-content/plugins/patreon-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patreon-connect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patreon-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patreon-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-089c469cd7ce66b1a9f5809db855888a.yaml b/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-089c469cd7ce66b1a9f5809db855888a.yaml new file mode 100644 index 0000000000..a328b18a20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-089c469cd7ce66b1a9f5809db855888a.yaml @@ -0,0 +1,58 @@ +id: patron-button-and-widgets-by-codebard-089c469cd7ce66b1a9f5809db855888a + +info: + name: > + CodeBard's Patron Button and Widgets for Patreon <= 2.1.8 - Reflected Cross-Site Scripting via 'site_account' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46f5d1fa-dba7-4882-be29-39dc281d7278?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patron-button-and-widgets-by-codebard/" + google-query: inurl:"/wp-content/plugins/patron-button-and-widgets-by-codebard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patron-button-and-widgets-by-codebard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patron-button-and-widgets-by-codebard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patron-button-and-widgets-by-codebard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-5085814d704ddfd403da1227f11c5263.yaml b/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-5085814d704ddfd403da1227f11c5263.yaml new file mode 100644 index 0000000000..db27dfed08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-5085814d704ddfd403da1227f11c5263.yaml @@ -0,0 +1,58 @@ +id: patron-button-and-widgets-by-codebard-5085814d704ddfd403da1227f11c5263 + +info: + name: > + CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4ea53bd-2ce7-4dce-8c57-51ba81838f1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patron-button-and-widgets-by-codebard/" + google-query: inurl:"/wp-content/plugins/patron-button-and-widgets-by-codebard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patron-button-and-widgets-by-codebard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patron-button-and-widgets-by-codebard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patron-button-and-widgets-by-codebard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-5b594cb927f46fa8416160fd694e56a3.yaml b/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-5b594cb927f46fa8416160fd694e56a3.yaml new file mode 100644 index 0000000000..ca28e31b6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-5b594cb927f46fa8416160fd694e56a3.yaml @@ -0,0 +1,58 @@ +id: patron-button-and-widgets-by-codebard-5b594cb927f46fa8416160fd694e56a3 + +info: + name: > + CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Reflected Cross-Site Scripting via cb_p6_tab + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96649aa6-f3ba-4e9e-9fa5-a5fbd52c3836?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patron-button-and-widgets-by-codebard/" + google-query: inurl:"/wp-content/plugins/patron-button-and-widgets-by-codebard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patron-button-and-widgets-by-codebard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patron-button-and-widgets-by-codebard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patron-button-and-widgets-by-codebard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-bed2af87ac90c87dc04c6b517c073d4d.yaml b/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-bed2af87ac90c87dc04c6b517c073d4d.yaml new file mode 100644 index 0000000000..929ca121dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/patron-button-and-widgets-by-codebard-bed2af87ac90c87dc04c6b517c073d4d.yaml @@ -0,0 +1,58 @@ +id: patron-button-and-widgets-by-codebard-bed2af87ac90c87dc04c6b517c073d4d + +info: + name: > + CodeBard's Patron Button and Widgets for Patreon <= 2.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/afff886c-92e6-41fc-9a88-befc158ad403?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/patron-button-and-widgets-by-codebard/" + google-query: inurl:"/wp-content/plugins/patron-button-and-widgets-by-codebard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,patron-button-and-widgets-by-codebard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/patron-button-and-widgets-by-codebard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "patron-button-and-widgets-by-codebard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pay-per-media-player-d6f933dccde3d9cca555af3f7b970f39.yaml b/nuclei-templates/cve-less/plugins/pay-per-media-player-d6f933dccde3d9cca555af3f7b970f39.yaml new file mode 100644 index 0000000000..a4767eff61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pay-per-media-player-d6f933dccde3d9cca555af3f7b970f39.yaml @@ -0,0 +1,58 @@ +id: pay-per-media-player-d6f933dccde3d9cca555af3f7b970f39 + +info: + name: > + Pay Per Media Player <= 1.24 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adee74ec-7a3c-4519-bea8-23c92e89d484?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pay-per-media-player/" + google-query: inurl:"/wp-content/plugins/pay-per-media-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pay-per-media-player,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pay-per-media-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pay-per-media-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pay-with-tweet-46bf8ffa7005c6ec6cf07777085484d4.yaml b/nuclei-templates/cve-less/plugins/pay-with-tweet-46bf8ffa7005c6ec6cf07777085484d4.yaml new file mode 100644 index 0000000000..bc7447027e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pay-with-tweet-46bf8ffa7005c6ec6cf07777085484d4.yaml @@ -0,0 +1,58 @@ +id: pay-with-tweet-46bf8ffa7005c6ec6cf07777085484d4 + +info: + name: > + Pay With Tweet <= 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f80238dc-3caa-420b-92ee-27e690e9ead0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pay-with-tweet/" + google-query: inurl:"/wp-content/plugins/pay-with-tweet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pay-with-tweet,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pay-with-tweet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pay-with-tweet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pay-with-tweet-5b86c54747aa1057e36177e85fea660b.yaml b/nuclei-templates/cve-less/plugins/pay-with-tweet-5b86c54747aa1057e36177e85fea660b.yaml new file mode 100644 index 0000000000..8c8402e1bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pay-with-tweet-5b86c54747aa1057e36177e85fea660b.yaml @@ -0,0 +1,58 @@ +id: pay-with-tweet-5b86c54747aa1057e36177e85fea660b + +info: + name: > + Pay With Tweet <= 1.1 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a64e3b3-338d-4cf8-91f3-0ff4732549b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pay-with-tweet/" + google-query: inurl:"/wp-content/plugins/pay-with-tweet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pay-with-tweet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pay-with-tweet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pay-with-tweet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paygreen-woocommerce-96955fd433f50860fcfbf43e30334f40.yaml b/nuclei-templates/cve-less/plugins/paygreen-woocommerce-96955fd433f50860fcfbf43e30334f40.yaml new file mode 100644 index 0000000000..6b5e340d66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paygreen-woocommerce-96955fd433f50860fcfbf43e30334f40.yaml @@ -0,0 +1,58 @@ +id: paygreen-woocommerce-96955fd433f50860fcfbf43e30334f40 + +info: + name: > + PayGreen – Ancienne version <= 4.10.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a8b22b4-151c-4f42-a0a0-966dc5eb7a9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paygreen-woocommerce/" + google-query: inurl:"/wp-content/plugins/paygreen-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paygreen-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paygreen-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paygreen-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/payhere-payment-gateway-ef84d19c40335efcda975110283f73b1.yaml b/nuclei-templates/cve-less/plugins/payhere-payment-gateway-ef84d19c40335efcda975110283f73b1.yaml new file mode 100644 index 0000000000..b48a2f942f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/payhere-payment-gateway-ef84d19c40335efcda975110283f73b1.yaml @@ -0,0 +1,58 @@ +id: payhere-payment-gateway-ef84d19c40335efcda975110283f73b1 + +info: + name: > + PayHere Payment Gateway <= 2.2.11 - Information Disclosure via Log Files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/089ffe9a-e222-4630-b889-2b1e527dac6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/payhere-payment-gateway/" + google-query: inurl:"/wp-content/plugins/payhere-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,payhere-payment-gateway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/payhere-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "payhere-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/payment-form-for-paypal-pro-54a171a233ab972e99a42d6b3c349ad4.yaml b/nuclei-templates/cve-less/plugins/payment-form-for-paypal-pro-54a171a233ab972e99a42d6b3c349ad4.yaml new file mode 100644 index 0000000000..fe32206350 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/payment-form-for-paypal-pro-54a171a233ab972e99a42d6b3c349ad4.yaml @@ -0,0 +1,58 @@ +id: payment-form-for-paypal-pro-54a171a233ab972e99a42d6b3c349ad4 + +info: + name: > + Payment Form for PayPal Pro < 1.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d3668b3-2bf9-48fa-af14-d0917c8b99f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/payment-form-for-paypal-pro/" + google-query: inurl:"/wp-content/plugins/payment-form-for-paypal-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,payment-form-for-paypal-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/payment-form-for-paypal-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "payment-form-for-paypal-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/payment-form-for-paypal-pro-8f6f989dd4d5721becc523b6ef4c4688.yaml b/nuclei-templates/cve-less/plugins/payment-form-for-paypal-pro-8f6f989dd4d5721becc523b6ef4c4688.yaml new file mode 100644 index 0000000000..3aff8c7e8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/payment-form-for-paypal-pro-8f6f989dd4d5721becc523b6ef4c4688.yaml @@ -0,0 +1,58 @@ +id: payment-form-for-paypal-pro-8f6f989dd4d5721becc523b6ef4c4688 + +info: + name: > + Payment Form for PayPal Pro < 1.1.65 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/701d99b7-759f-4543-824d-dad84c35f5f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/payment-form-for-paypal-pro/" + google-query: inurl:"/wp-content/plugins/payment-form-for-paypal-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,payment-form-for-paypal-pro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/payment-form-for-paypal-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "payment-form-for-paypal-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.65') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/payment-forms-for-paystack-b7d244a1858960d6b7b8f5a6b3a02579.yaml b/nuclei-templates/cve-less/plugins/payment-forms-for-paystack-b7d244a1858960d6b7b8f5a6b3a02579.yaml new file mode 100644 index 0000000000..9913def735 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/payment-forms-for-paystack-b7d244a1858960d6b7b8f5a6b3a02579.yaml @@ -0,0 +1,58 @@ +id: payment-forms-for-paystack-b7d244a1858960d6b7b8f5a6b3a02579 + +info: + name: > + Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98f80608-f24f-4019-a757-de71cba9902f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/payment-forms-for-paystack/" + google-query: inurl:"/wp-content/plugins/payment-forms-for-paystack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,payment-forms-for-paystack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/payment-forms-for-paystack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "payment-forms-for-paystack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/payment-gateway-stripe-and-woocommerce-integration-1c5c778d8970e8a4e068e0dd69740d62.yaml b/nuclei-templates/cve-less/plugins/payment-gateway-stripe-and-woocommerce-integration-1c5c778d8970e8a4e068e0dd69740d62.yaml new file mode 100644 index 0000000000..456e3ab80f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/payment-gateway-stripe-and-woocommerce-integration-1c5c778d8970e8a4e068e0dd69740d62.yaml @@ -0,0 +1,58 @@ +id: payment-gateway-stripe-and-woocommerce-integration-1c5c778d8970e8a4e068e0dd69740d62 + +info: + name: > + Stripe Payment Plugin for WooCommerce <= 3.7.9 - Missing Authorization to Arbitrary Order Status Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef543c61-2acc-4b72-81ff-883960d4c7c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/" + google-query: inurl:"/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,payment-gateway-stripe-and-woocommerce-integration,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "payment-gateway-stripe-and-woocommerce-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/payment-gateway-stripe-and-woocommerce-integration-4f4afbbe05a47feb7aa9e67c94aa395d.yaml b/nuclei-templates/cve-less/plugins/payment-gateway-stripe-and-woocommerce-integration-4f4afbbe05a47feb7aa9e67c94aa395d.yaml new file mode 100644 index 0000000000..017102bb8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/payment-gateway-stripe-and-woocommerce-integration-4f4afbbe05a47feb7aa9e67c94aa395d.yaml @@ -0,0 +1,58 @@ +id: payment-gateway-stripe-and-woocommerce-integration-4f4afbbe05a47feb7aa9e67c94aa395d + +info: + name: > + Stripe Payment Plugin for WooCommerce <= 3.7.7 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d052f3e-8554-43f0-a5ae-1de09c198d7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/" + google-query: inurl:"/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,payment-gateway-stripe-and-woocommerce-integration,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "payment-gateway-stripe-and-woocommerce-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/payment-gateway-stripe-and-woocommerce-integration-c992a7bd3a36bbd140f48c6c88718954.yaml b/nuclei-templates/cve-less/plugins/payment-gateway-stripe-and-woocommerce-integration-c992a7bd3a36bbd140f48c6c88718954.yaml new file mode 100644 index 0000000000..954f707310 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/payment-gateway-stripe-and-woocommerce-integration-c992a7bd3a36bbd140f48c6c88718954.yaml @@ -0,0 +1,58 @@ +id: payment-gateway-stripe-and-woocommerce-integration-c992a7bd3a36bbd140f48c6c88718954 + +info: + name: > + Stripe Payment Plugin for WooCommerce <= 3.7.9 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/" + google-query: inurl:"/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,payment-gateway-stripe-and-woocommerce-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/payment-gateway-stripe-and-woocommerce-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "payment-gateway-stripe-and-woocommerce-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paypal-brasil-para-woocommerce-ce702b3c11cc0fd58f850b3795d41794.yaml b/nuclei-templates/cve-less/plugins/paypal-brasil-para-woocommerce-ce702b3c11cc0fd58f850b3795d41794.yaml new file mode 100644 index 0000000000..7ba57b3e77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paypal-brasil-para-woocommerce-ce702b3c11cc0fd58f850b3795d41794.yaml @@ -0,0 +1,58 @@ +id: paypal-brasil-para-woocommerce-ce702b3c11cc0fd58f850b3795d41794 + +info: + name: > + PayPal Brasil para WooCommerce <= 1.4.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4a44a8a-740b-45dd-962c-945238f6ddee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paypal-brasil-para-woocommerce/" + google-query: inurl:"/wp-content/plugins/paypal-brasil-para-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paypal-brasil-para-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paypal-brasil-para-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paypal-brasil-para-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paypal-currency-converter-basic-for-woocommerce-1deeac15598443407c5819458cb87e41.yaml b/nuclei-templates/cve-less/plugins/paypal-currency-converter-basic-for-woocommerce-1deeac15598443407c5819458cb87e41.yaml new file mode 100644 index 0000000000..01b38016f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paypal-currency-converter-basic-for-woocommerce-1deeac15598443407c5819458cb87e41.yaml @@ -0,0 +1,58 @@ +id: paypal-currency-converter-basic-for-woocommerce-1deeac15598443407c5819458cb87e41 + +info: + name: > + PayPal Currency Converter BASIC for WooCommerce <= 1.3 - Path Traversal to Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf6563a4-56ca-46b1-a854-aad7cc550f73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paypal-currency-converter-basic-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paypal-currency-converter-basic-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paypal-currency-converter-basic-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paypal-donations-6fc6438dcbfd4ff68526e6d482fa74a2.yaml b/nuclei-templates/cve-less/plugins/paypal-donations-6fc6438dcbfd4ff68526e6d482fa74a2.yaml new file mode 100644 index 0000000000..7a907ddbaf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paypal-donations-6fc6438dcbfd4ff68526e6d482fa74a2.yaml @@ -0,0 +1,58 @@ +id: paypal-donations-6fc6438dcbfd4ff68526e6d482fa74a2 + +info: + name: > + Donations via PayPal <= 1.9.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ec90144-bfd8-4840-8b0f-73340386b7d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paypal-donations/" + google-query: inurl:"/wp-content/plugins/paypal-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paypal-donations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paypal-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paypal-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paypal-payment-button-by-vcita-75fa36bac06fa043ebc71b72e7bf53b3.yaml b/nuclei-templates/cve-less/plugins/paypal-payment-button-by-vcita-75fa36bac06fa043ebc71b72e7bf53b3.yaml new file mode 100644 index 0000000000..3cb98eb477 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paypal-payment-button-by-vcita-75fa36bac06fa043ebc71b72e7bf53b3.yaml @@ -0,0 +1,58 @@ +id: paypal-payment-button-by-vcita-75fa36bac06fa043ebc71b72e7bf53b3 + +info: + name: > + Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ab05954-9999-43ff-8e3c-a987e2da1956?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paypal-payment-button-by-vcita/" + google-query: inurl:"/wp-content/plugins/paypal-payment-button-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paypal-payment-button-by-vcita,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paypal-payment-button-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paypal-payment-button-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paypal-payment-button-by-vcita-90aaaaca062b8a7ccd7c1e4f2b79b8c4.yaml b/nuclei-templates/cve-less/plugins/paypal-payment-button-by-vcita-90aaaaca062b8a7ccd7c1e4f2b79b8c4.yaml new file mode 100644 index 0000000000..62c6da24d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paypal-payment-button-by-vcita-90aaaaca062b8a7ccd7c1e4f2b79b8c4.yaml @@ -0,0 +1,58 @@ +id: paypal-payment-button-by-vcita-90aaaaca062b8a7ccd7c1e4f2b79b8c4 + +info: + name: > + Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.9.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/207b40fa-2062-48d6-990b-f05cbbf8fb8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paypal-payment-button-by-vcita/" + google-query: inurl:"/wp-content/plugins/paypal-payment-button-by-vcita/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paypal-payment-button-by-vcita,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paypal-payment-button-by-vcita/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paypal-payment-button-by-vcita" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paytium-9b90abd6d830325819c48ecc09f52c5d.yaml b/nuclei-templates/cve-less/plugins/paytium-9b90abd6d830325819c48ecc09f52c5d.yaml new file mode 100644 index 0000000000..e33f09b23c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paytium-9b90abd6d830325819c48ecc09f52c5d.yaml @@ -0,0 +1,58 @@ +id: paytium-9b90abd6d830325819c48ecc09f52c5d + +info: + name: > + Paytium: Mollie payment forms & donations <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e49406-a007-4c38-8e69-bf4b5438260e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paytium/" + google-query: inurl:"/wp-content/plugins/paytium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paytium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paytium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paytium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paytium-b4cb9ba45757222ec6c9dc1b2fa44488.yaml b/nuclei-templates/cve-less/plugins/paytium-b4cb9ba45757222ec6c9dc1b2fa44488.yaml new file mode 100644 index 0000000000..10e8677e67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paytium-b4cb9ba45757222ec6c9dc1b2fa44488.yaml @@ -0,0 +1,58 @@ +id: paytium-b4cb9ba45757222ec6c9dc1b2fa44488 + +info: + name: > + Paytium <= 4.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d389098-d428-48f2-b012-207b55497b0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paytium/" + google-query: inurl:"/wp-content/plugins/paytium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paytium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paytium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paytium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paytm-donation-7e792191472cdad1fee49805adc5397c.yaml b/nuclei-templates/cve-less/plugins/paytm-donation-7e792191472cdad1fee49805adc5397c.yaml new file mode 100644 index 0000000000..dfaf6dae10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paytm-donation-7e792191472cdad1fee49805adc5397c.yaml @@ -0,0 +1,58 @@ +id: paytm-donation-7e792191472cdad1fee49805adc5397c + +info: + name: > + Paytm Payment Donation <= 2.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/534e6f80-b162-4a4b-a979-72ed63a8b0dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paytm-donation/" + google-query: inurl:"/wp-content/plugins/paytm-donation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paytm-donation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paytm-donation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paytm-donation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paytm-payments-319371b7283fd7e2cb3c7db7ca64946f.yaml b/nuclei-templates/cve-less/plugins/paytm-payments-319371b7283fd7e2cb3c7db7ca64946f.yaml new file mode 100644 index 0000000000..cb3ac8d3a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paytm-payments-319371b7283fd7e2cb3c7db7ca64946f.yaml @@ -0,0 +1,58 @@ +id: paytm-payments-319371b7283fd7e2cb3c7db7ca64946f + +info: + name: > + Paytm Payment Gateway <= 2.7.3 - Authenticated (Editor+) SQL Injection via 'post' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa560b2-6283-42ab-a482-1e02d08181f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paytm-payments/" + google-query: inurl:"/wp-content/plugins/paytm-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paytm-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paytm-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paytm-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paytm-payments-96f4752ff872cb8e19e30c74804a9934.yaml b/nuclei-templates/cve-less/plugins/paytm-payments-96f4752ff872cb8e19e30c74804a9934.yaml new file mode 100644 index 0000000000..970bafb56b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paytm-payments-96f4752ff872cb8e19e30c74804a9934.yaml @@ -0,0 +1,58 @@ +id: paytm-payments-96f4752ff872cb8e19e30c74804a9934 + +info: + name: > + Paytm Payment Gateway <= 2.7.0 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/352cd9e6-ef1e-4a6b-bedb-6cf8ce9d4270?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paytm-payments/" + google-query: inurl:"/wp-content/plugins/paytm-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paytm-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paytm-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paytm-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paytr-taksit-tablosu-woocommerce-de1e70d7cd8b8051bc4083872be41746.yaml b/nuclei-templates/cve-less/plugins/paytr-taksit-tablosu-woocommerce-de1e70d7cd8b8051bc4083872be41746.yaml new file mode 100644 index 0000000000..08275c2346 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paytr-taksit-tablosu-woocommerce-de1e70d7cd8b8051bc4083872be41746.yaml @@ -0,0 +1,58 @@ +id: paytr-taksit-tablosu-woocommerce-de1e70d7cd8b8051bc4083872be41746 + +info: + name: > + PayTR Taksit Tablosu <= 1.3.1 - Improper Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5898944f-565c-4950-83e8-ad0de0f948d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paytr-taksit-tablosu-woocommerce/" + google-query: inurl:"/wp-content/plugins/paytr-taksit-tablosu-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paytr-taksit-tablosu-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paytr-taksit-tablosu-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paytr-taksit-tablosu-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/paytr-taksit-tablosu-woocommerce-fd0b6587604276cef3b941ba57f9f4bd.yaml b/nuclei-templates/cve-less/plugins/paytr-taksit-tablosu-woocommerce-fd0b6587604276cef3b941ba57f9f4bd.yaml new file mode 100644 index 0000000000..529f1eae33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/paytr-taksit-tablosu-woocommerce-fd0b6587604276cef3b941ba57f9f4bd.yaml @@ -0,0 +1,58 @@ +id: paytr-taksit-tablosu-woocommerce-fd0b6587604276cef3b941ba57f9f4bd + +info: + name: > + PayTR Taksit Tablosu <= 1.3.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bfefe86-b25e-4ffe-9beb-28dc22a99d62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/paytr-taksit-tablosu-woocommerce/" + google-query: inurl:"/wp-content/plugins/paytr-taksit-tablosu-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,paytr-taksit-tablosu-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/paytr-taksit-tablosu-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "paytr-taksit-tablosu-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/payu-india-796f8cb61c89c1bb396cd35b29d7d180.yaml b/nuclei-templates/cve-less/plugins/payu-india-796f8cb61c89c1bb396cd35b29d7d180.yaml new file mode 100644 index 0000000000..9053d17daa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/payu-india-796f8cb61c89c1bb396cd35b29d7d180.yaml @@ -0,0 +1,58 @@ +id: payu-india-796f8cb61c89c1bb396cd35b29d7d180 + +info: + name: > + PayU India <= 3.8.2 - Reflected Cross-Site Scripting via type + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a5dc4f-3eb6-410e-af3d-e3b0639319f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/payu-india/" + google-query: inurl:"/wp-content/plugins/payu-india/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,payu-india,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/payu-india/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "payu-india" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pb-mailcrypt-antispam-email-encryption-063d32b817099e0883314c45f9a14882.yaml b/nuclei-templates/cve-less/plugins/pb-mailcrypt-antispam-email-encryption-063d32b817099e0883314c45f9a14882.yaml new file mode 100644 index 0000000000..992d6385c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pb-mailcrypt-antispam-email-encryption-063d32b817099e0883314c45f9a14882.yaml @@ -0,0 +1,58 @@ +id: pb-mailcrypt-antispam-email-encryption-063d32b817099e0883314c45f9a14882 + +info: + name: > + PB MailCrypt <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54b662a9-8003-48f6-ace9-fb0d74a05b3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pb-mailcrypt-antispam-email-encryption/" + google-query: inurl:"/wp-content/plugins/pb-mailcrypt-antispam-email-encryption/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pb-mailcrypt-antispam-email-encryption,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pb-mailcrypt-antispam-email-encryption/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pb-mailcrypt-antispam-email-encryption" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pb-oembed-html5-audio-with-cache-support-d431a2f9901a2f7f0f42332dd7577612.yaml b/nuclei-templates/cve-less/plugins/pb-oembed-html5-audio-with-cache-support-d431a2f9901a2f7f0f42332dd7577612.yaml new file mode 100644 index 0000000000..3c79752fee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pb-oembed-html5-audio-with-cache-support-d431a2f9901a2f7f0f42332dd7577612.yaml @@ -0,0 +1,58 @@ +id: pb-oembed-html5-audio-with-cache-support-d431a2f9901a2f7f0f42332dd7577612 + +info: + name: > + PB oEmbed HTML5 Audio <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/067bfeaf-f3dd-4188-b53a-72b2d81a87eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pb-oembed-html5-audio-with-cache-support/" + google-query: inurl:"/wp-content/plugins/pb-oembed-html5-audio-with-cache-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pb-oembed-html5-audio-with-cache-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pb-oembed-html5-audio-with-cache-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pb-oembed-html5-audio-with-cache-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pb-seo-friendly-images-9d9c7f9cf0e3be8bd05b705703e8905b.yaml b/nuclei-templates/cve-less/plugins/pb-seo-friendly-images-9d9c7f9cf0e3be8bd05b705703e8905b.yaml new file mode 100644 index 0000000000..a807d3b9a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pb-seo-friendly-images-9d9c7f9cf0e3be8bd05b705703e8905b.yaml @@ -0,0 +1,58 @@ +id: pb-seo-friendly-images-9d9c7f9cf0e3be8bd05b705703e8905b + +info: + name: > + PB SEO Friendly Images <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89fc8407-3d1f-4b1b-9b4c-13c0da928231?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pb-seo-friendly-images/" + google-query: inurl:"/wp-content/plugins/pb-seo-friendly-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pb-seo-friendly-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pb-seo-friendly-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pb-seo-friendly-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-block-d7c844e32ca0ede6715df38694de53b3.yaml b/nuclei-templates/cve-less/plugins/pdf-block-d7c844e32ca0ede6715df38694de53b3.yaml new file mode 100644 index 0000000000..1077e870bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-block-d7c844e32ca0ede6715df38694de53b3.yaml @@ -0,0 +1,58 @@ +id: pdf-block-d7c844e32ca0ede6715df38694de53b3 + +info: + name: > + PDF Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a1d8adf-c49c-4d88-83c7-4515b0ab1f35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-block/" + google-query: inurl:"/wp-content/plugins/pdf-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-builder-for-wpforms-439e5eee55387eb3328692c215048cd9.yaml b/nuclei-templates/cve-less/plugins/pdf-builder-for-wpforms-439e5eee55387eb3328692c215048cd9.yaml new file mode 100644 index 0000000000..6ad6720a78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-builder-for-wpforms-439e5eee55387eb3328692c215048cd9.yaml @@ -0,0 +1,58 @@ +id: pdf-builder-for-wpforms-439e5eee55387eb3328692c215048cd9 + +info: + name: > + PDF Builder for WPForms <= 1.2.88 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d9bba8c-0e75-4170-a006-16fa4bd0d0ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-builder-for-wpforms/" + google-query: inurl:"/wp-content/plugins/pdf-builder-for-wpforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-builder-for-wpforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-builder-for-wpforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-builder-for-wpforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.88') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-embedder-6736ec787d23e7bd8e0a13fc8e0e88d8.yaml b/nuclei-templates/cve-less/plugins/pdf-embedder-6736ec787d23e7bd8e0a13fc8e0e88d8.yaml new file mode 100644 index 0000000000..ad27605f1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-embedder-6736ec787d23e7bd8e0a13fc8e0e88d8.yaml @@ -0,0 +1,58 @@ +id: pdf-embedder-6736ec787d23e7bd8e0a13fc8e0e88d8 + +info: + name: > + PDF Embedder <= 4.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b63f0862-d817-49c6-8ac2-6143d21abc32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-embedder/" + google-query: inurl:"/wp-content/plugins/pdf-embedder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-embedder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-embedder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-embedder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-generator-for-wp-ea6c92890a8ecc3f7389055b8a095cd6.yaml b/nuclei-templates/cve-less/plugins/pdf-generator-for-wp-ea6c92890a8ecc3f7389055b8a095cd6.yaml new file mode 100644 index 0000000000..2e129c6f03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-generator-for-wp-ea6c92890a8ecc3f7389055b8a095cd6.yaml @@ -0,0 +1,58 @@ +id: pdf-generator-for-wp-ea6c92890a8ecc3f7389055b8a095cd6 + +info: + name: > + PDF Generator for Wordpress <= 1.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b41a91fc-86ee-4795-acb6-2ffd22c4f7af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-generator-for-wp/" + google-query: inurl:"/wp-content/plugins/pdf-generator-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-generator-for-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-generator-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-generator-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-invoices-and-packing-slips-for-woocommerce-3f477473c5a3237b1cf487ce20b4000a.yaml b/nuclei-templates/cve-less/plugins/pdf-invoices-and-packing-slips-for-woocommerce-3f477473c5a3237b1cf487ce20b4000a.yaml new file mode 100644 index 0000000000..631e64cc2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-invoices-and-packing-slips-for-woocommerce-3f477473c5a3237b1cf487ce20b4000a.yaml @@ -0,0 +1,58 @@ +id: pdf-invoices-and-packing-slips-for-woocommerce-3f477473c5a3237b1cf487ce20b4000a + +info: + name: > + PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc6e879-4ccf-485e-b02d-2b291e67df40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-invoices-and-packing-slips-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-invoices-and-packing-slips-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-invoices-and-packing-slips-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-light-viewer-b4f2d824d6b4e83932e04d871f8fc11c.yaml b/nuclei-templates/cve-less/plugins/pdf-light-viewer-b4f2d824d6b4e83932e04d871f8fc11c.yaml new file mode 100644 index 0000000000..fa66336283 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-light-viewer-b4f2d824d6b4e83932e04d871f8fc11c.yaml @@ -0,0 +1,58 @@ +id: pdf-light-viewer-b4f2d824d6b4e83932e04d871f8fc11c + +info: + name: > + PDF Light Viewer <= 1.4.11 - Authenticated Command Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/491240c5-2045-4e0b-9916-4337946d2653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-light-viewer/" + google-query: inurl:"/wp-content/plugins/pdf-light-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-light-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-light-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-light-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-poster-d3e4552875a1e4c6d1824946dc7d9f5b.yaml b/nuclei-templates/cve-less/plugins/pdf-poster-d3e4552875a1e4c6d1824946dc7d9f5b.yaml new file mode 100644 index 0000000000..f1f49ecd71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-poster-d3e4552875a1e4c6d1824946dc7d9f5b.yaml @@ -0,0 +1,58 @@ +id: pdf-poster-d3e4552875a1e4c6d1824946dc7d9f5b + +info: + name: > + PDF Poster - PDF Embedder Plugin for WordPress <= 2.1.17 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/341516d3-b785-4daf-98de-76f4f94b8c96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-poster/" + google-query: inurl:"/wp-content/plugins/pdf-poster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-poster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-poster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-poster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-print-3c928fa432700e9d8d2c446de566746a.yaml b/nuclei-templates/cve-less/plugins/pdf-print-3c928fa432700e9d8d2c446de566746a.yaml new file mode 100644 index 0000000000..1f7ec47e31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-print-3c928fa432700e9d8d2c446de566746a.yaml @@ -0,0 +1,58 @@ +id: pdf-print-3c928fa432700e9d8d2c446de566746a + +info: + name: > + Download PDF & Print by BestWebSoft – WordPress Posts and Pages PDF Generator Plugin <= 1.9.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d272148-0c05-49c7-ab86-22a3bc622bcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-print/" + google-query: inurl:"/wp-content/plugins/pdf-print/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-print,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-print/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-print" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-print-a599db0a567c14bb9ad602094c3db3bd.yaml b/nuclei-templates/cve-less/plugins/pdf-print-a599db0a567c14bb9ad602094c3db3bd.yaml new file mode 100644 index 0000000000..58b63bb8ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-print-a599db0a567c14bb9ad602094c3db3bd.yaml @@ -0,0 +1,58 @@ +id: pdf-print-a599db0a567c14bb9ad602094c3db3bd + +info: + name: > + PDF & Print by BestWebSoft < 2.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e06032d-2e03-448b-9fe0-282d7723a605?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-print/" + google-query: inurl:"/wp-content/plugins/pdf-print/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-print,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-print/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-print" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-viewer-block-a843323be037daf5f3b8528ace16935d.yaml b/nuclei-templates/cve-less/plugins/pdf-viewer-block-a843323be037daf5f3b8528ace16935d.yaml new file mode 100644 index 0000000000..f8e24918c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-viewer-block-a843323be037daf5f3b8528ace16935d.yaml @@ -0,0 +1,58 @@ +id: pdf-viewer-block-a843323be037daf5f3b8528ace16935d + +info: + name: > + Gutenberg PDF Viewer Block <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d888cd53-415c-4667-b35a-5b3bd2226eeb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-viewer-block/" + google-query: inurl:"/wp-content/plugins/pdf-viewer-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-viewer-block,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-viewer-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-viewer-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-viewer-by-themencode-a904a832d065a78b4632aa6c156ad613.yaml b/nuclei-templates/cve-less/plugins/pdf-viewer-by-themencode-a904a832d065a78b4632aa6c156ad613.yaml new file mode 100644 index 0000000000..9fadb8ca0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-viewer-by-themencode-a904a832d065a78b4632aa6c156ad613.yaml @@ -0,0 +1,58 @@ +id: pdf-viewer-by-themencode-a904a832d065a78b4632aa6c156ad613 + +info: + name: > + TNC PDF viewer <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bcae8d6-6dbd-4174-85ff-0b52d8e45c84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-viewer-by-themencode/" + google-query: inurl:"/wp-content/plugins/pdf-viewer-by-themencode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-viewer-by-themencode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-viewer-by-themencode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-viewer-by-themencode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-viewer-c8829397a00680f2b905cec73a59a77f.yaml b/nuclei-templates/cve-less/plugins/pdf-viewer-c8829397a00680f2b905cec73a59a77f.yaml new file mode 100644 index 0000000000..0ed409fe25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-viewer-c8829397a00680f2b905cec73a59a77f.yaml @@ -0,0 +1,58 @@ +id: pdf-viewer-c8829397a00680f2b905cec73a59a77f + +info: + name: > + PDF Viewer <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6439ea1f-78de-432f-bb1a-9ffc731a4ff4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-viewer/" + google-query: inurl:"/wp-content/plugins/pdf-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf-viewer-for-elementor-8b4bc04c0594b1b6d09d20b68880906b.yaml b/nuclei-templates/cve-less/plugins/pdf-viewer-for-elementor-8b4bc04c0594b1b6d09d20b68880906b.yaml new file mode 100644 index 0000000000..67ee764d6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf-viewer-for-elementor-8b4bc04c0594b1b6d09d20b68880906b.yaml @@ -0,0 +1,58 @@ +id: pdf-viewer-for-elementor-8b4bc04c0594b1b6d09d20b68880906b + +info: + name: > + PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21340ccf-eae5-4089-876f-60c3d6510d4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf-viewer-for-elementor/" + google-query: inurl:"/wp-content/plugins/pdf-viewer-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf-viewer-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf-viewer-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf-viewer-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf24-post-to-pdf-1f8d84e6699c9f64cbbc8919147cefef.yaml b/nuclei-templates/cve-less/plugins/pdf24-post-to-pdf-1f8d84e6699c9f64cbbc8919147cefef.yaml new file mode 100644 index 0000000000..d86bacbed3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf24-post-to-pdf-1f8d84e6699c9f64cbbc8919147cefef.yaml @@ -0,0 +1,58 @@ +id: pdf24-post-to-pdf-1f8d84e6699c9f64cbbc8919147cefef + +info: + name: > + PDF24 Article To PDF <= 4.2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32419c04-bd10-431a-b87c-1975dacc2e01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf24-post-to-pdf/" + google-query: inurl:"/wp-content/plugins/pdf24-post-to-pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf24-post-to-pdf,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf24-post-to-pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf24-post-to-pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdf24-posts-to-pdf-4eea95bcbc22121deeeb133b73467001.yaml b/nuclei-templates/cve-less/plugins/pdf24-posts-to-pdf-4eea95bcbc22121deeeb133b73467001.yaml new file mode 100644 index 0000000000..0b39538a39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdf24-posts-to-pdf-4eea95bcbc22121deeeb133b73467001.yaml @@ -0,0 +1,58 @@ +id: pdf24-posts-to-pdf-4eea95bcbc22121deeeb133b73467001 + +info: + name: > + PDF24 Articles To PDF <= 4.2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70eea51c-d4dd-4b9b-a1ad-6077370dec1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdf24-posts-to-pdf/" + google-query: inurl:"/wp-content/plugins/pdf24-posts-to-pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdf24-posts-to-pdf,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdf24-posts-to-pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdf24-posts-to-pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdfjs-viewer-shortcode-732f3abc36bb4bb116e7c8687f86e2aa.yaml b/nuclei-templates/cve-less/plugins/pdfjs-viewer-shortcode-732f3abc36bb4bb116e7c8687f86e2aa.yaml new file mode 100644 index 0000000000..71cf734699 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdfjs-viewer-shortcode-732f3abc36bb4bb116e7c8687f86e2aa.yaml @@ -0,0 +1,58 @@ +id: pdfjs-viewer-shortcode-732f3abc36bb4bb116e7c8687f86e2aa + +info: + name: > + PDF.js Viewer <= 2.0.1 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d608a4c0-14ba-4801-aa5a-0b4dab0acd65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdfjs-viewer-shortcode/" + google-query: inurl:"/wp-content/plugins/pdfjs-viewer-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdfjs-viewer-shortcode,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdfjs-viewer-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdfjs-viewer-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdfjs-viewer-shortcode-ca93f191e3639f84afcc1a9b1fea599a.yaml b/nuclei-templates/cve-less/plugins/pdfjs-viewer-shortcode-ca93f191e3639f84afcc1a9b1fea599a.yaml new file mode 100644 index 0000000000..bb4e41d1c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdfjs-viewer-shortcode-ca93f191e3639f84afcc1a9b1fea599a.yaml @@ -0,0 +1,58 @@ +id: pdfjs-viewer-shortcode-ca93f191e3639f84afcc1a9b1fea599a + +info: + name: > + PDF.js Viewer <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cf68644-d144-462f-adc7-687fac3ec412?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdfjs-viewer-shortcode/" + google-query: inurl:"/wp-content/plugins/pdfjs-viewer-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdfjs-viewer-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdfjs-viewer-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdfjs-viewer-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdq-csv-2f2309313c5bda581e3b02314b8c850b.yaml b/nuclei-templates/cve-less/plugins/pdq-csv-2f2309313c5bda581e3b02314b8c850b.yaml new file mode 100644 index 0000000000..0b626352c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdq-csv-2f2309313c5bda581e3b02314b8c850b.yaml @@ -0,0 +1,58 @@ +id: pdq-csv-2f2309313c5bda581e3b02314b8c850b + +info: + name: > + PDQ CSV <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/014ccad9-a836-4a40-92d3-8c3320fbead8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdq-csv/" + google-query: inurl:"/wp-content/plugins/pdq-csv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdq-csv,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdq-csv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdq-csv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pdw-file-browser-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/pdw-file-browser-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..3c617a9093 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pdw-file-browser-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: pdw-file-browser-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pdw-file-browser/" + google-query: inurl:"/wp-content/plugins/pdw-file-browser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pdw-file-browser,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pdw-file-browser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pdw-file-browser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pearl-header-builder-820928972f49f35fc134f49ec2dd204c.yaml b/nuclei-templates/cve-less/plugins/pearl-header-builder-820928972f49f35fc134f49ec2dd204c.yaml new file mode 100644 index 0000000000..5eebaddc37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pearl-header-builder-820928972f49f35fc134f49ec2dd204c.yaml @@ -0,0 +1,58 @@ +id: pearl-header-builder-820928972f49f35fc134f49ec2dd204c + +info: + name: > + WordPress Header Builder Plugin – Pearl <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c23bba83-35d2-4098-8104-8389bb2ff880?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pearl-header-builder/" + google-query: inurl:"/wp-content/plugins/pearl-header-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pearl-header-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pearl-header-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pearl-header-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pearl-header-builder-90317dde5460b2bcb67123acb90cdb53.yaml b/nuclei-templates/cve-less/plugins/pearl-header-builder-90317dde5460b2bcb67123acb90cdb53.yaml new file mode 100644 index 0000000000..57e8883e63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pearl-header-builder-90317dde5460b2bcb67123acb90cdb53.yaml @@ -0,0 +1,58 @@ +id: pearl-header-builder-90317dde5460b2bcb67123acb90cdb53 + +info: + name: > + Pearl <= 1.3.4 - Cross-Site Request Forgery via stm_save_hb_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6058da9e-8ca3-4966-bb10-e5da526e8c7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pearl-header-builder/" + google-query: inurl:"/wp-content/plugins/pearl-header-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pearl-header-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pearl-header-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pearl-header-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-core-05f8485e11de79d6aa39de126de0f4e7.yaml b/nuclei-templates/cve-less/plugins/peepso-core-05f8485e11de79d6aa39de126de0f4e7.yaml new file mode 100644 index 0000000000..48ebfe3933 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-core-05f8485e11de79d6aa39de126de0f4e7.yaml @@ -0,0 +1,58 @@ +id: peepso-core-05f8485e11de79d6aa39de126de0f4e7 + +info: + name: > + Community by PeepSo <= 6.0.2.0 - Cross-Site Request Forgery leading to Plugin/Subscription Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcf59d89-43e9-4bb2-be4f-9308698d1bb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-core/" + google-query: inurl:"/wp-content/plugins/peepso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-core-15be0a70b6c61a646e8df6a2ecfc155f.yaml b/nuclei-templates/cve-less/plugins/peepso-core-15be0a70b6c61a646e8df6a2ecfc155f.yaml new file mode 100644 index 0000000000..cfc5916bda --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-core-15be0a70b6c61a646e8df6a2ecfc155f.yaml @@ -0,0 +1,58 @@ +id: peepso-core-15be0a70b6c61a646e8df6a2ecfc155f + +info: + name: > + Community by PeepSo <= 6.2.6.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fda1be79-ba45-4e8f-bfc3-355f9cdbad82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-core/" + google-query: inurl:"/wp-content/plugins/peepso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-core-2d63f6e8d357472c9ca1e82cb0bc121b.yaml b/nuclei-templates/cve-less/plugins/peepso-core-2d63f6e8d357472c9ca1e82cb0bc121b.yaml new file mode 100644 index 0000000000..641311d2d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-core-2d63f6e8d357472c9ca1e82cb0bc121b.yaml @@ -0,0 +1,58 @@ +id: peepso-core-2d63f6e8d357472c9ca1e82cb0bc121b + +info: + name: > + Community by PeepSo <= 6.0.9.0 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3479e7a4-7719-4438-8bf5-bf9b9990f3f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-core/" + google-query: inurl:"/wp-content/plugins/peepso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-core,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-core-8ca99b4af6db318cbc7873fe643413aa.yaml b/nuclei-templates/cve-less/plugins/peepso-core-8ca99b4af6db318cbc7873fe643413aa.yaml new file mode 100644 index 0000000000..c074ba28ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-core-8ca99b4af6db318cbc7873fe643413aa.yaml @@ -0,0 +1,58 @@ +id: peepso-core-8ca99b4af6db318cbc7873fe643413aa + +info: + name: > + Community by PeepSo – Social Network, Membership, Registration, User Profiles < 1.6.1 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01f038d7-2efd-41b2-8f4c-77bab80d8e91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-core/" + google-query: inurl:"/wp-content/plugins/peepso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-core-aca658478fc845070c3b917d5842d5d8.yaml b/nuclei-templates/cve-less/plugins/peepso-core-aca658478fc845070c3b917d5842d5d8.yaml new file mode 100644 index 0000000000..b85fd4bc23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-core-aca658478fc845070c3b917d5842d5d8.yaml @@ -0,0 +1,58 @@ +id: peepso-core-aca658478fc845070c3b917d5842d5d8 + +info: + name: > + Community by PeepSo <= 6.3.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7a67693-d6e6-4492-ad26-28530e7c4a67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-core/" + google-query: inurl:"/wp-content/plugins/peepso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-core-c8c569d2140668ddb48a8d5bad1f7b26.yaml b/nuclei-templates/cve-less/plugins/peepso-core-c8c569d2140668ddb48a8d5bad1f7b26.yaml new file mode 100644 index 0000000000..00bfa908ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-core-c8c569d2140668ddb48a8d5bad1f7b26.yaml @@ -0,0 +1,58 @@ +id: peepso-core-c8c569d2140668ddb48a8d5bad1f7b26 + +info: + name: > + Community by PeepSo <= 6.0.2.0 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7346f1e-a101-4131-8950-dbb0af4505f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-core/" + google-query: inurl:"/wp-content/plugins/peepso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-core-e0b883e3e5e2840b97f5723817b58a50.yaml b/nuclei-templates/cve-less/plugins/peepso-core-e0b883e3e5e2840b97f5723817b58a50.yaml new file mode 100644 index 0000000000..a74ad4280e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-core-e0b883e3e5e2840b97f5723817b58a50.yaml @@ -0,0 +1,58 @@ +id: peepso-core-e0b883e3e5e2840b97f5723817b58a50 + +info: + name: > + Community by PeepSo <= 6.3.1.1 - Cross-Site Request Forgery to User Post Creation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7386bf-3968-46b8-9c47-5fbc41801e04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-core/" + google-query: inurl:"/wp-content/plugins/peepso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-core-e75947da405d6f6d94e7f97545536f9b.yaml b/nuclei-templates/cve-less/plugins/peepso-core-e75947da405d6f6d94e7f97545536f9b.yaml new file mode 100644 index 0000000000..349447ed74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-core-e75947da405d6f6d94e7f97545536f9b.yaml @@ -0,0 +1,58 @@ +id: peepso-core-e75947da405d6f6d94e7f97545536f9b + +info: + name: > + Community by PeepSo <= 6.1.6.0 - Cross-Site Request Forgery via delete + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0aea5564-b1b9-4d57-9f7e-81dd791c8d48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-core/" + google-query: inurl:"/wp-content/plugins/peepso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-core-efd8e3487b0ad4544e466658a022b655.yaml b/nuclei-templates/cve-less/plugins/peepso-core-efd8e3487b0ad4544e466658a022b655.yaml new file mode 100644 index 0000000000..e01cfd4784 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-core-efd8e3487b0ad4544e466658a022b655.yaml @@ -0,0 +1,58 @@ +id: peepso-core-efd8e3487b0ad4544e466658a022b655 + +info: + name: > + Community by PeepSo <= 6.2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/826e7e0a-79b1-4828-8eeb-159ef3cc2c65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-core/" + google-query: inurl:"/wp-content/plugins/peepso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-core-f9fe4feda10b297d0acce20daa42a9f6.yaml b/nuclei-templates/cve-less/plugins/peepso-core-f9fe4feda10b297d0acce20daa42a9f6.yaml new file mode 100644 index 0000000000..b221e8319b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-core-f9fe4feda10b297d0acce20daa42a9f6.yaml @@ -0,0 +1,58 @@ +id: peepso-core-f9fe4feda10b297d0acce20daa42a9f6 + +info: + name: > + Community by PeepSo <= 6.2.7.0 - Unauthenticated Sensitive Information Disclosure via Log file + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af3c8ea5-0af8-492b-920d-858bf23ca6f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-core/" + google-query: inurl:"/wp-content/plugins/peepso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-core-fb4fb2e9f3d0effd54f1a6d138f00892.yaml b/nuclei-templates/cve-less/plugins/peepso-core-fb4fb2e9f3d0effd54f1a6d138f00892.yaml new file mode 100644 index 0000000000..3e267a9c08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-core-fb4fb2e9f3d0effd54f1a6d138f00892.yaml @@ -0,0 +1,58 @@ +id: peepso-core-fb4fb2e9f3d0effd54f1a6d138f00892 + +info: + name: > + Community by PeepSo <= 6.0.9.0 - Cross-Site Request Forgery to Field Duplication + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a8ac15a-9f9b-4bb8-81a4-1fdd11670a07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-core/" + google-query: inurl:"/wp-content/plugins/peepso-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peepso-photos-635219c62d7cd225129022aedb4232a9.yaml b/nuclei-templates/cve-less/plugins/peepso-photos-635219c62d7cd225129022aedb4232a9.yaml new file mode 100644 index 0000000000..b234e11745 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peepso-photos-635219c62d7cd225129022aedb4232a9.yaml @@ -0,0 +1,58 @@ +id: peepso-photos-635219c62d7cd225129022aedb4232a9 + +info: + name: > + PeepSo Core: Photos < 6.3.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fad492f4-7112-4f4f-8825-c42aab552c9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peepso-photos/" + google-query: inurl:"/wp-content/plugins/peepso-photos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peepso-photos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peepso-photos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peepso-photos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pepro-cf7-database-1d4546a4614d787d7f8089a5da6d5fc4.yaml b/nuclei-templates/cve-less/plugins/pepro-cf7-database-1d4546a4614d787d7f8089a5da6d5fc4.yaml new file mode 100644 index 0000000000..be5a98d96d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pepro-cf7-database-1d4546a4614d787d7f8089a5da6d5fc4.yaml @@ -0,0 +1,58 @@ +id: pepro-cf7-database-1d4546a4614d787d7f8089a5da6d5fc4 + +info: + name: > + PeproDev CF7 Database <= 1.7.0 - Unauthenticated Stored Cross-Site Scripting via form submission + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7a7df90-a542-48cf-a58e-bcbddc978df2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pepro-cf7-database/" + google-query: inurl:"/wp-content/plugins/pepro-cf7-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pepro-cf7-database,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pepro-cf7-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pepro-cf7-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pepro-cf7-database-995fd031fdd18a2d68fcabed6b6a8e84.yaml b/nuclei-templates/cve-less/plugins/pepro-cf7-database-995fd031fdd18a2d68fcabed6b6a8e84.yaml new file mode 100644 index 0000000000..74999e42af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pepro-cf7-database-995fd031fdd18a2d68fcabed6b6a8e84.yaml @@ -0,0 +1,58 @@ +id: pepro-cf7-database-995fd031fdd18a2d68fcabed6b6a8e84 + +info: + name: > + PeproDev CF7 Database <= 1.8.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e757ca2f-c4d9-4747-9f84-75ef8a54d485?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pepro-cf7-database/" + google-query: inurl:"/wp-content/plugins/pepro-cf7-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pepro-cf7-database,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pepro-cf7-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pepro-cf7-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pepro-ultimate-invoice-9ae16e48f44198f8088e9f21632ed314.yaml b/nuclei-templates/cve-less/plugins/pepro-ultimate-invoice-9ae16e48f44198f8088e9f21632ed314.yaml new file mode 100644 index 0000000000..0c0fe43492 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pepro-ultimate-invoice-9ae16e48f44198f8088e9f21632ed314.yaml @@ -0,0 +1,58 @@ +id: pepro-ultimate-invoice-9ae16e48f44198f8088e9f21632ed314 + +info: + name: > + PeproDev Ultimate Invoice <= 1.9.7 - Unauthenticated Sensitive Information Exposure via init_plugin + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5be9d0ff-5d9c-4e80-a4d7-66ef4859a959?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pepro-ultimate-invoice/" + google-query: inurl:"/wp-content/plugins/pepro-ultimate-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pepro-ultimate-invoice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pepro-ultimate-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pepro-ultimate-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pepro-ultimate-invoice-fe3ee4088bc486320d241799be9d47af.yaml b/nuclei-templates/cve-less/plugins/pepro-ultimate-invoice-fe3ee4088bc486320d241799be9d47af.yaml new file mode 100644 index 0000000000..28a55648dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pepro-ultimate-invoice-fe3ee4088bc486320d241799be9d47af.yaml @@ -0,0 +1,58 @@ +id: pepro-ultimate-invoice-fe3ee4088bc486320d241799be9d47af + +info: + name: > + PeproDev Ultimate Invoice <= 2.0.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/715e3947-922e-4549-b601-6a2ae441ddf6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pepro-ultimate-invoice/" + google-query: inurl:"/wp-content/plugins/pepro-ultimate-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pepro-ultimate-invoice,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pepro-ultimate-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pepro-ultimate-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/per-page-add-to-178341479b86e6771bea046e08788d1c.yaml b/nuclei-templates/cve-less/plugins/per-page-add-to-178341479b86e6771bea046e08788d1c.yaml new file mode 100644 index 0000000000..2648ff30bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/per-page-add-to-178341479b86e6771bea046e08788d1c.yaml @@ -0,0 +1,58 @@ +id: per-page-add-to-178341479b86e6771bea046e08788d1c + +info: + name: > + Per Page Add To Head <= 1.4.3 Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c000a424-4060-4dcc-bae3-fa8cfc00ddda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/per-page-add-to/" + google-query: inurl:"/wp-content/plugins/per-page-add-to/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,per-page-add-to,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/per-page-add-to/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "per-page-add-to" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/per-page-add-to-186c3d28d4f62e262c488a190cb41115.yaml b/nuclei-templates/cve-less/plugins/per-page-add-to-186c3d28d4f62e262c488a190cb41115.yaml new file mode 100644 index 0000000000..3824fb69ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/per-page-add-to-186c3d28d4f62e262c488a190cb41115.yaml @@ -0,0 +1,58 @@ +id: per-page-add-to-186c3d28d4f62e262c488a190cb41115 + +info: + name: > + Per Page Add to Head <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6e7ada1-c5ff-4a05-92e1-d681fc659956?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/per-page-add-to/" + google-query: inurl:"/wp-content/plugins/per-page-add-to/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,per-page-add-to,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/per-page-add-to/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "per-page-add-to" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perelink-9181aa3538843516f1558187b7acffea.yaml b/nuclei-templates/cve-less/plugins/perelink-9181aa3538843516f1558187b7acffea.yaml new file mode 100644 index 0000000000..ce79858f4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perelink-9181aa3538843516f1558187b7acffea.yaml @@ -0,0 +1,58 @@ +id: perelink-9181aa3538843516f1558187b7acffea + +info: + name: > + Perelink Pro <= 2.1.4 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65b9fea3-323a-4123-ad83-3d713eb5552f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perelink/" + google-query: inurl:"/wp-content/plugins/perelink/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perelink,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perelink/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perelink" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perfect-pullquotes-8d6f7061c576076509b8f92171f21824.yaml b/nuclei-templates/cve-less/plugins/perfect-pullquotes-8d6f7061c576076509b8f92171f21824.yaml new file mode 100644 index 0000000000..9705527a32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perfect-pullquotes-8d6f7061c576076509b8f92171f21824.yaml @@ -0,0 +1,58 @@ +id: perfect-pullquotes-8d6f7061c576076509b8f92171f21824 + +info: + name: > + Perfect Pullquotes <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e16da850-6429-4402-ab09-6d2d145bcfd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perfect-pullquotes/" + google-query: inurl:"/wp-content/plugins/perfect-pullquotes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perfect-pullquotes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perfect-pullquotes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perfect-pullquotes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perfect-survey-6fe6a0f37349207e6c41e72076713696.yaml b/nuclei-templates/cve-less/plugins/perfect-survey-6fe6a0f37349207e6c41e72076713696.yaml new file mode 100644 index 0000000000..5e7a254b46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perfect-survey-6fe6a0f37349207e6c41e72076713696.yaml @@ -0,0 +1,58 @@ +id: perfect-survey-6fe6a0f37349207e6c41e72076713696 + +info: + name: > + Perfect Survey <= 1.5.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfd1e244-27c2-4c3e-9d82-a7ffefd4eab6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perfect-survey/" + google-query: inurl:"/wp-content/plugins/perfect-survey/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perfect-survey,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perfect-survey/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perfect-survey" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perfect-survey-a8d322ee7f2a3aae906b690c8d232e76.yaml b/nuclei-templates/cve-less/plugins/perfect-survey-a8d322ee7f2a3aae906b690c8d232e76.yaml new file mode 100644 index 0000000000..05eff3954b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perfect-survey-a8d322ee7f2a3aae906b690c8d232e76.yaml @@ -0,0 +1,58 @@ +id: perfect-survey-a8d322ee7f2a3aae906b690c8d232e76 + +info: + name: > + Perfect Survey <= 1.5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2636efe7-20c4-4d12-ab2f-45035e8a1ca0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perfect-survey/" + google-query: inurl:"/wp-content/plugins/perfect-survey/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perfect-survey,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perfect-survey/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perfect-survey" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perfect-survey-b9d0d288675f55bb8b0e4c8b1cc48daa.yaml b/nuclei-templates/cve-less/plugins/perfect-survey-b9d0d288675f55bb8b0e4c8b1cc48daa.yaml new file mode 100644 index 0000000000..ca3a9f1f6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perfect-survey-b9d0d288675f55bb8b0e4c8b1cc48daa.yaml @@ -0,0 +1,58 @@ +id: perfect-survey-b9d0d288675f55bb8b0e4c8b1cc48daa + +info: + name: > + Perfect Survey <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting via IP + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9388404-40b9-4d2c-b009-0417ff48e74c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perfect-survey/" + google-query: inurl:"/wp-content/plugins/perfect-survey/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perfect-survey,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perfect-survey/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perfect-survey" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perfect-survey-bfb3f454ae9448850fc297b53b5e2f82.yaml b/nuclei-templates/cve-less/plugins/perfect-survey-bfb3f454ae9448850fc297b53b5e2f82.yaml new file mode 100644 index 0000000000..ee05a0cd0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perfect-survey-bfb3f454ae9448850fc297b53b5e2f82.yaml @@ -0,0 +1,58 @@ +id: perfect-survey-bfb3f454ae9448850fc297b53b5e2f82 + +info: + name: > + Perfect Survey <= 1.5.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e00ba29c-acdc-42ba-a6f7-cd064aec662d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perfect-survey/" + google-query: inurl:"/wp-content/plugins/perfect-survey/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perfect-survey,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perfect-survey/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perfect-survey" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perfect-woocommerce-brands-a5b9786b6284df449ea800f32dd8d580.yaml b/nuclei-templates/cve-less/plugins/perfect-woocommerce-brands-a5b9786b6284df449ea800f32dd8d580.yaml new file mode 100644 index 0000000000..59c1d2eb36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perfect-woocommerce-brands-a5b9786b6284df449ea800f32dd8d580.yaml @@ -0,0 +1,58 @@ +id: perfect-woocommerce-brands-a5b9786b6284df449ea800f32dd8d580 + +info: + name: > + Perfect Brands for WooCommerce <= 2.0.4 - Server Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a016b6b3-3a3f-4f25-9207-2460798044f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perfect-woocommerce-brands/" + google-query: inurl:"/wp-content/plugins/perfect-woocommerce-brands/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perfect-woocommerce-brands,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perfect-woocommerce-brands/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perfect-woocommerce-brands" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perfect-woocommerce-brands-efce5df3c4d25a3fc56c583b2e3ca93e.yaml b/nuclei-templates/cve-less/plugins/perfect-woocommerce-brands-efce5df3c4d25a3fc56c583b2e3ca93e.yaml new file mode 100644 index 0000000000..ad75edd85e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perfect-woocommerce-brands-efce5df3c4d25a3fc56c583b2e3ca93e.yaml @@ -0,0 +1,58 @@ +id: perfect-woocommerce-brands-efce5df3c4d25a3fc56c583b2e3ca93e + +info: + name: > + Perfect Brands for WooCommerce <= 2.0.4 - Unauthorized Brand Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c478a421-8dc1-46cb-ada8-ceb107f22a53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perfect-woocommerce-brands/" + google-query: inurl:"/wp-content/plugins/perfect-woocommerce-brands/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perfect-woocommerce-brands,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perfect-woocommerce-brands/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perfect-woocommerce-brands" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perfmatters-14db06c015099db1b01fba0887a78991.yaml b/nuclei-templates/cve-less/plugins/perfmatters-14db06c015099db1b01fba0887a78991.yaml new file mode 100644 index 0000000000..bfa194711e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perfmatters-14db06c015099db1b01fba0887a78991.yaml @@ -0,0 +1,58 @@ +id: perfmatters-14db06c015099db1b01fba0887a78991 + +info: + name: > + Perfmatters < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc4a7efd-f4f4-44a7-bd55-a6ae3a1d3521?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perfmatters/" + google-query: inurl:"/wp-content/plugins/perfmatters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perfmatters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perfmatters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perfmatters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perfmatters-706c2acdbff0e92fe0b4d13990d0fc81.yaml b/nuclei-templates/cve-less/plugins/perfmatters-706c2acdbff0e92fe0b4d13990d0fc81.yaml new file mode 100644 index 0000000000..7250de2f20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perfmatters-706c2acdbff0e92fe0b4d13990d0fc81.yaml @@ -0,0 +1,58 @@ +id: perfmatters-706c2acdbff0e92fe0b4d13990d0fc81 + +info: + name: > + Perfmatters <= 2.1.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/612fb73f-e488-453f-a2a4-32969f91122b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perfmatters/" + google-query: inurl:"/wp-content/plugins/perfmatters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perfmatters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perfmatters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perfmatters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perfmatters-7bfb8a8c7905e357c4c4b5df9d93b6e7.yaml b/nuclei-templates/cve-less/plugins/perfmatters-7bfb8a8c7905e357c4c4b5df9d93b6e7.yaml new file mode 100644 index 0000000000..5e28f33f77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perfmatters-7bfb8a8c7905e357c4c4b5df9d93b6e7.yaml @@ -0,0 +1,58 @@ +id: perfmatters-7bfb8a8c7905e357c4c4b5df9d93b6e7 + +info: + name: > + Perfmatters <= 2.1.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b078e446-61e7-4ce1-b9a9-480ccc388c72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perfmatters/" + google-query: inurl:"/wp-content/plugins/perfmatters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perfmatters,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perfmatters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perfmatters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/perfmatters-e0c010ddbd19926f406c155b62241279.yaml b/nuclei-templates/cve-less/plugins/perfmatters-e0c010ddbd19926f406c155b62241279.yaml new file mode 100644 index 0000000000..4ba0050b58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/perfmatters-e0c010ddbd19926f406c155b62241279.yaml @@ -0,0 +1,58 @@ +id: perfmatters-e0c010ddbd19926f406c155b62241279 + +info: + name: > + Perfmatters <= 2.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95f5b4df-5214-4f36-8dd5-a1a816fbc3db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/perfmatters/" + google-query: inurl:"/wp-content/plugins/perfmatters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,perfmatters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/perfmatters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "perfmatters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/performance-lab-ea8f062f0b56f024cc7cd24de72627d2.yaml b/nuclei-templates/cve-less/plugins/performance-lab-ea8f062f0b56f024cc7cd24de72627d2.yaml new file mode 100644 index 0000000000..549dc75452 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/performance-lab-ea8f062f0b56f024cc7cd24de72627d2.yaml @@ -0,0 +1,58 @@ +id: performance-lab-ea8f062f0b56f024cc7cd24de72627d2 + +info: + name: > + Performance Lab <= 2.2.0 - Cross-Site Request Forgery via dismiss-wp-pointer + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f1e3586-99f7-4cac-bbb2-1a6406c4f8a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/performance-lab/" + google-query: inurl:"/wp-content/plugins/performance-lab/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,performance-lab,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/performance-lab/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "performance-lab" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalink-manager-10b89b9db07084a443cbeed71b129af6.yaml b/nuclei-templates/cve-less/plugins/permalink-manager-10b89b9db07084a443cbeed71b129af6.yaml new file mode 100644 index 0000000000..ce98e29dfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalink-manager-10b89b9db07084a443cbeed71b129af6.yaml @@ -0,0 +1,58 @@ +id: permalink-manager-10b89b9db07084a443cbeed71b129af6 + +info: + name: > + Permalink Manager Lite <= 2.2.20 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8451f0f-0dfd-4926-aa35-75edf70ed6f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalink-manager/" + google-query: inurl:"/wp-content/plugins/permalink-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalink-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalink-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalink-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalink-manager-35e5b1d4ade66da7f51f342394148582.yaml b/nuclei-templates/cve-less/plugins/permalink-manager-35e5b1d4ade66da7f51f342394148582.yaml new file mode 100644 index 0000000000..be77e722e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalink-manager-35e5b1d4ade66da7f51f342394148582.yaml @@ -0,0 +1,58 @@ +id: permalink-manager-35e5b1d4ade66da7f51f342394148582 + +info: + name: > + Permalink Manager Lite <= 2.2.14 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48ee0d97-40c1-451f-8a5f-b32ff032e8b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalink-manager/" + google-query: inurl:"/wp-content/plugins/permalink-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalink-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalink-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalink-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalink-manager-48da01905911b9839c3e0f5a4a5539b0.yaml b/nuclei-templates/cve-less/plugins/permalink-manager-48da01905911b9839c3e0f5a4a5539b0.yaml new file mode 100644 index 0000000000..2ab5b1d185 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalink-manager-48da01905911b9839c3e0f5a4a5539b0.yaml @@ -0,0 +1,58 @@ +id: permalink-manager-48da01905911b9839c3e0f5a4a5539b0 + +info: + name: > + Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70cd028d-122d-4e3c-ac09-150dec07a2cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalink-manager/" + google-query: inurl:"/wp-content/plugins/permalink-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalink-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalink-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalink-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalink-manager-4e977ded44741d82f1c08a16943badd0.yaml b/nuclei-templates/cve-less/plugins/permalink-manager-4e977ded44741d82f1c08a16943badd0.yaml new file mode 100644 index 0000000000..f897c7d9f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalink-manager-4e977ded44741d82f1c08a16943badd0.yaml @@ -0,0 +1,58 @@ +id: permalink-manager-4e977ded44741d82f1c08a16943badd0 + +info: + name: > + Permalink Manager Lite <= 2.2.20.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cbf9636-9d9d-44d4-b873-8920f2dbb846?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalink-manager/" + google-query: inurl:"/wp-content/plugins/permalink-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalink-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalink-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalink-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.20.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalink-manager-8536531e312b5b608fd436fcd26ad3ab.yaml b/nuclei-templates/cve-less/plugins/permalink-manager-8536531e312b5b608fd436fcd26ad3ab.yaml new file mode 100644 index 0000000000..533ba8454b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalink-manager-8536531e312b5b608fd436fcd26ad3ab.yaml @@ -0,0 +1,58 @@ +id: permalink-manager-8536531e312b5b608fd436fcd26ad3ab + +info: + name: > + Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7020d5a1-a4a6-489c-8615-bc7898553bcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalink-manager/" + google-query: inurl:"/wp-content/plugins/permalink-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalink-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalink-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalink-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalink-manager-884aebd15e5eb05f43f6f8a3d490accf.yaml b/nuclei-templates/cve-less/plugins/permalink-manager-884aebd15e5eb05f43f6f8a3d490accf.yaml new file mode 100644 index 0000000000..64cf540e8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalink-manager-884aebd15e5eb05f43f6f8a3d490accf.yaml @@ -0,0 +1,58 @@ +id: permalink-manager-884aebd15e5eb05f43f6f8a3d490accf + +info: + name: > + Permalink Manager Lite <= 2.4.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fefda27-aa3c-4fdf-beea-aaf0cdaaeb77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalink-manager/" + google-query: inurl:"/wp-content/plugins/permalink-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalink-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalink-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalink-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalink-manager-954c99838450703e2f9d2a807b32e669.yaml b/nuclei-templates/cve-less/plugins/permalink-manager-954c99838450703e2f9d2a807b32e669.yaml new file mode 100644 index 0000000000..232f77b4b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalink-manager-954c99838450703e2f9d2a807b32e669.yaml @@ -0,0 +1,58 @@ +id: permalink-manager-954c99838450703e2f9d2a807b32e669 + +info: + name: > + Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74f6bf42-3406-47c5-b255-6cc1e8084fb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalink-manager/" + google-query: inurl:"/wp-content/plugins/permalink-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalink-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalink-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalink-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalink-manager-ca60ddb788ce2ba7421ade305d793252.yaml b/nuclei-templates/cve-less/plugins/permalink-manager-ca60ddb788ce2ba7421ade305d793252.yaml new file mode 100644 index 0000000000..94bdb62a4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalink-manager-ca60ddb788ce2ba7421ade305d793252.yaml @@ -0,0 +1,58 @@ +id: permalink-manager-ca60ddb788ce2ba7421ade305d793252 + +info: + name: > + Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1718f2eb-6235-498f-8c1e-402c1caf7d02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalink-manager/" + google-query: inurl:"/wp-content/plugins/permalink-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalink-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalink-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalink-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.20.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalink-manager-e32cc6e85c9fbac88c9c7b48d1277259.yaml b/nuclei-templates/cve-less/plugins/permalink-manager-e32cc6e85c9fbac88c9c7b48d1277259.yaml new file mode 100644 index 0000000000..8dce86a456 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalink-manager-e32cc6e85c9fbac88c9c7b48d1277259.yaml @@ -0,0 +1,58 @@ +id: permalink-manager-e32cc6e85c9fbac88c9c7b48d1277259 + +info: + name: > + Permalink Manager Lite <= 2.2.12 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1de41980-93bb-4831-bb31-50675499f648?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalink-manager/" + google-query: inurl:"/wp-content/plugins/permalink-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalink-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalink-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalink-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalink-manager-pro-8536531e312b5b608fd436fcd26ad3ab.yaml b/nuclei-templates/cve-less/plugins/permalink-manager-pro-8536531e312b5b608fd436fcd26ad3ab.yaml new file mode 100644 index 0000000000..a353b8e3a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalink-manager-pro-8536531e312b5b608fd436fcd26ad3ab.yaml @@ -0,0 +1,58 @@ +id: permalink-manager-pro-8536531e312b5b608fd436fcd26ad3ab + +info: + name: > + Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7020d5a1-a4a6-489c-8615-bc7898553bcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalink-manager-pro/" + google-query: inurl:"/wp-content/plugins/permalink-manager-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalink-manager-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalink-manager-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalink-manager-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalinks-customizer-eac9d9da89c904ba41a5397452bfcf9e.yaml b/nuclei-templates/cve-less/plugins/permalinks-customizer-eac9d9da89c904ba41a5397452bfcf9e.yaml new file mode 100644 index 0000000000..a1caa78b7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalinks-customizer-eac9d9da89c904ba41a5397452bfcf9e.yaml @@ -0,0 +1,58 @@ +id: permalinks-customizer-eac9d9da89c904ba41a5397452bfcf9e + +info: + name: > + Permalinks Customizer <= 2.8.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/702dca65-fa8c-48c7-89e4-cba4b151e2c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalinks-customizer/" + google-query: inurl:"/wp-content/plugins/permalinks-customizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalinks-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalinks-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalinks-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalinks-customizer-f6a3298dd9a8254fb5d73c683663318f.yaml b/nuclei-templates/cve-less/plugins/permalinks-customizer-f6a3298dd9a8254fb5d73c683663318f.yaml new file mode 100644 index 0000000000..2d51189ea0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalinks-customizer-f6a3298dd9a8254fb5d73c683663318f.yaml @@ -0,0 +1,58 @@ +id: permalinks-customizer-f6a3298dd9a8254fb5d73c683663318f + +info: + name: > + Permalinks Customizer <= 2.8.2 - Cross-Site Request Forgery via post_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf1f402d-98d7-42d7-8d8d-ff74a65e5293?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalinks-customizer/" + google-query: inurl:"/wp-content/plugins/permalinks-customizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalinks-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalinks-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalinks-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/permalinks-migration-plugin-for-wordpress-474a3f34ad481b0e51cd0ce4304a20fe.yaml b/nuclei-templates/cve-less/plugins/permalinks-migration-plugin-for-wordpress-474a3f34ad481b0e51cd0ce4304a20fe.yaml new file mode 100644 index 0000000000..cd639c76c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/permalinks-migration-plugin-for-wordpress-474a3f34ad481b0e51cd0ce4304a20fe.yaml @@ -0,0 +1,58 @@ +id: permalinks-migration-plugin-for-wordpress-474a3f34ad481b0e51cd0ce4304a20fe + +info: + name: > + Dean's Permalinks Migration <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab0cc008-be18-4703-8156-acb00c1ac9a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/permalinks-migration-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/permalinks-migration-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,permalinks-migration-plugin-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/permalinks-migration-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "permalinks-migration-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/persian-fonts-8ee86188c71251e99a8f09d6e9fff31b.yaml b/nuclei-templates/cve-less/plugins/persian-fonts-8ee86188c71251e99a8f09d6e9fff31b.yaml new file mode 100644 index 0000000000..c833c399d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/persian-fonts-8ee86188c71251e99a8f09d6e9fff31b.yaml @@ -0,0 +1,58 @@ +id: persian-fonts-8ee86188c71251e99a8f09d6e9fff31b + +info: + name: > + Persian Fonts <= 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a427b26-4a0d-4351-8a8b-ec5da1345ebd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/persian-fonts/" + google-query: inurl:"/wp-content/plugins/persian-fonts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,persian-fonts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/persian-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "persian-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/persian-woocommerce-b7124c79e7a307b3a04609b03d624131.yaml b/nuclei-templates/cve-less/plugins/persian-woocommerce-b7124c79e7a307b3a04609b03d624131.yaml new file mode 100644 index 0000000000..b633b10efd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/persian-woocommerce-b7124c79e7a307b3a04609b03d624131.yaml @@ -0,0 +1,58 @@ +id: persian-woocommerce-b7124c79e7a307b3a04609b03d624131 + +info: + name: > + Persian WooCommerce <= 5.8.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e662761d-1dc8-4998-83b5-316ce683b5b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/persian-woocommerce/" + google-query: inurl:"/wp-content/plugins/persian-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,persian-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/persian-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "persian-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/persian-woocommerce-sms-99d48d97197070fa6f8afc1ea6ec2bed.yaml b/nuclei-templates/cve-less/plugins/persian-woocommerce-sms-99d48d97197070fa6f8afc1ea6ec2bed.yaml new file mode 100644 index 0000000000..46e5924fa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/persian-woocommerce-sms-99d48d97197070fa6f8afc1ea6ec2bed.yaml @@ -0,0 +1,58 @@ +id: persian-woocommerce-sms-99d48d97197070fa6f8afc1ea6ec2bed + +info: + name: > + افزونه پیامک ووکامرس Persian WooCommerce SMS < 3.3.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76e185c3-d62b-42f7-a943-0498da2d76ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/persian-woocommerce-sms/" + google-query: inurl:"/wp-content/plugins/persian-woocommerce-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,persian-woocommerce-sms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/persian-woocommerce-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "persian-woocommerce-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/personal-dictionary-b7a954abdc80748332e27cd05868a534.yaml b/nuclei-templates/cve-less/plugins/personal-dictionary-b7a954abdc80748332e27cd05868a534.yaml new file mode 100644 index 0000000000..68420e2d1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/personal-dictionary-b7a954abdc80748332e27cd05868a534.yaml @@ -0,0 +1,58 @@ +id: personal-dictionary-b7a954abdc80748332e27cd05868a534 + +info: + name: > + Personal Dictionary <= 1.3.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31bcc1e1-08b6-4bbc-a28c-9c2d8feea819?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/personal-dictionary/" + google-query: inurl:"/wp-content/plugins/personal-dictionary/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,personal-dictionary,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/personal-dictionary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "personal-dictionary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/personalize-woocommerce-cart-page-7e5b3599be6904a958ea6b2b094ad05a.yaml b/nuclei-templates/cve-less/plugins/personalize-woocommerce-cart-page-7e5b3599be6904a958ea6b2b094ad05a.yaml new file mode 100644 index 0000000000..ce909cbe98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/personalize-woocommerce-cart-page-7e5b3599be6904a958ea6b2b094ad05a.yaml @@ -0,0 +1,58 @@ +id: personalize-woocommerce-cart-page-7e5b3599be6904a958ea6b2b094ad05a + +info: + name: > + Personalized WooCommerce Cart Page <= 2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/245e43e0-3391-486d-9ecf-3e745bceaa1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/personalize-woocommerce-cart-page/" + google-query: inurl:"/wp-content/plugins/personalize-woocommerce-cart-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,personalize-woocommerce-cart-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/personalize-woocommerce-cart-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "personalize-woocommerce-cart-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pet-manager-13b68629426cfdd6f904bb91efc08ae5.yaml b/nuclei-templates/cve-less/plugins/pet-manager-13b68629426cfdd6f904bb91efc08ae5.yaml new file mode 100644 index 0000000000..ce360da087 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pet-manager-13b68629426cfdd6f904bb91efc08ae5.yaml @@ -0,0 +1,58 @@ +id: pet-manager-13b68629426cfdd6f904bb91efc08ae5 + +info: + name: > + Pet Manager <= 1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f397671-0b59-4049-95af-3087e07685f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pet-manager/" + google-query: inurl:"/wp-content/plugins/pet-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pet-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pet-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pet-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pet-manager-1e104d6bab1fb28ec84c0ed01b4f6113.yaml b/nuclei-templates/cve-less/plugins/pet-manager-1e104d6bab1fb28ec84c0ed01b4f6113.yaml new file mode 100644 index 0000000000..9ff63e508b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pet-manager-1e104d6bab1fb28ec84c0ed01b4f6113.yaml @@ -0,0 +1,58 @@ +id: pet-manager-1e104d6bab1fb28ec84c0ed01b4f6113 + +info: + name: > + Pet Manager <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0c724a4-7783-4d2a-938e-800960c2be64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pet-manager/" + google-query: inurl:"/wp-content/plugins/pet-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pet-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pet-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pet-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peters-collaboration-e-mails-cf9cb4b184f662090fa6c012e4b5ad99.yaml b/nuclei-templates/cve-less/plugins/peters-collaboration-e-mails-cf9cb4b184f662090fa6c012e4b5ad99.yaml new file mode 100644 index 0000000000..8da668a621 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peters-collaboration-e-mails-cf9cb4b184f662090fa6c012e4b5ad99.yaml @@ -0,0 +1,58 @@ +id: peters-collaboration-e-mails-cf9cb4b184f662090fa6c012e4b5ad99 + +info: + name: > + Peter’s Collaboration E-mails <= 2.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae4a8e70-6b94-428f-8672-407dc4cd2f3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peters-collaboration-e-mails/" + google-query: inurl:"/wp-content/plugins/peters-collaboration-e-mails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peters-collaboration-e-mails,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peters-collaboration-e-mails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peters-collaboration-e-mails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peters-custom-anti-spam-image-a7e70ba8dbeab9ae2adc8e43fd59af93.yaml b/nuclei-templates/cve-less/plugins/peters-custom-anti-spam-image-a7e70ba8dbeab9ae2adc8e43fd59af93.yaml new file mode 100644 index 0000000000..d22405715c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peters-custom-anti-spam-image-a7e70ba8dbeab9ae2adc8e43fd59af93.yaml @@ -0,0 +1,58 @@ +id: peters-custom-anti-spam-image-a7e70ba8dbeab9ae2adc8e43fd59af93 + +info: + name: > + Peter’s Custom Anti-Spam <= 3.2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cea7f17-743a-4dce-bd86-5713ff6d8520?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peters-custom-anti-spam-image/" + google-query: inurl:"/wp-content/plugins/peters-custom-anti-spam-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peters-custom-anti-spam-image,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peters-custom-anti-spam-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peters-custom-anti-spam-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peters-login-redirect-12236d5bb8f3c06e72ec152e136c1986.yaml b/nuclei-templates/cve-less/plugins/peters-login-redirect-12236d5bb8f3c06e72ec152e136c1986.yaml new file mode 100644 index 0000000000..d24012ebdc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peters-login-redirect-12236d5bb8f3c06e72ec152e136c1986.yaml @@ -0,0 +1,58 @@ +id: peters-login-redirect-12236d5bb8f3c06e72ec152e136c1986 + +info: + name: > + LoginWP < 2.9.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b1f0741-1ccc-497a-b239-3cefb1204f04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peters-login-redirect/" + google-query: inurl:"/wp-content/plugins/peters-login-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peters-login-redirect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peters-login-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peters-login-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peters-login-redirect-55f3de8c0899443e80983275ca038b9f.yaml b/nuclei-templates/cve-less/plugins/peters-login-redirect-55f3de8c0899443e80983275ca038b9f.yaml new file mode 100644 index 0000000000..671a691753 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peters-login-redirect-55f3de8c0899443e80983275ca038b9f.yaml @@ -0,0 +1,58 @@ +id: peters-login-redirect-55f3de8c0899443e80983275ca038b9f + +info: + name: > + LoginWP <= 2.9.1 - Multiple Cross-Site Request Forgery vulnerabilities + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/879c0a85-ed94-430c-8e8e-6389294b432b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peters-login-redirect/" + google-query: inurl:"/wp-content/plugins/peters-login-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peters-login-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peters-login-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peters-login-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peters-login-redirect-dcc1962541555ae792e76de2b7edad31.yaml b/nuclei-templates/cve-less/plugins/peters-login-redirect-dcc1962541555ae792e76de2b7edad31.yaml new file mode 100644 index 0000000000..55f2663fc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peters-login-redirect-dcc1962541555ae792e76de2b7edad31.yaml @@ -0,0 +1,58 @@ +id: peters-login-redirect-dcc1962541555ae792e76de2b7edad31 + +info: + name: > + LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting via rul_login_url, rul_logout_url Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64827b61-42ea-454a-b41d-85ce8d6ad866?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peters-login-redirect/" + google-query: inurl:"/wp-content/plugins/peters-login-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peters-login-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peters-login-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peters-login-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peters-math-anti-spam-d6df1bce344df99ce5b68d40f423014e.yaml b/nuclei-templates/cve-less/plugins/peters-math-anti-spam-d6df1bce344df99ce5b68d40f423014e.yaml new file mode 100644 index 0000000000..58c5127477 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peters-math-anti-spam-d6df1bce344df99ce5b68d40f423014e.yaml @@ -0,0 +1,58 @@ +id: peters-math-anti-spam-d6df1bce344df99ce5b68d40f423014e + +info: + name: > + Peter's Math Anti-Spam Spinoff < 1.0.0 - CAPTCHA Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc0a1bfe-0ead-4333-bb77-0f2f4356626d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peters-math-anti-spam/" + google-query: inurl:"/wp-content/plugins/peters-math-anti-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peters-math-anti-spam,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peters-math-anti-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peters-math-anti-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/peters-random-anti-spam-image-a3e785056d2140e268a5211287db4a52.yaml b/nuclei-templates/cve-less/plugins/peters-random-anti-spam-image-a3e785056d2140e268a5211287db4a52.yaml new file mode 100644 index 0000000000..304050d91c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/peters-random-anti-spam-image-a3e785056d2140e268a5211287db4a52.yaml @@ -0,0 +1,58 @@ +id: peters-random-anti-spam-image-a3e785056d2140e268a5211287db4a52 + +info: + name: > + Peter’s Random Anti-Spam Image <= 1.0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f257c92-1529-49c8-a140-567ba5c36d04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/peters-random-anti-spam-image/" + google-query: inurl:"/wp-content/plugins/peters-random-anti-spam-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,peters-random-anti-spam-image,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/peters-random-anti-spam-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "peters-random-anti-spam-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/petfinder-listings-4aabb12734f76649f5626710ac0ad1d9.yaml b/nuclei-templates/cve-less/plugins/petfinder-listings-4aabb12734f76649f5626710ac0ad1d9.yaml new file mode 100644 index 0000000000..00cee7cc9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/petfinder-listings-4aabb12734f76649f5626710ac0ad1d9.yaml @@ -0,0 +1,58 @@ +id: petfinder-listings-4aabb12734f76649f5626710ac0ad1d9 + +info: + name: > + Petfinder Listings <= 1.0.19 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc59270-d08c-4b78-9863-4bb88120b878?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/petfinder-listings/" + google-query: inurl:"/wp-content/plugins/petfinder-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,petfinder-listings,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/petfinder-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "petfinder-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/phastpress-6080809f6efdafef4c14410a7cb137c8.yaml b/nuclei-templates/cve-less/plugins/phastpress-6080809f6efdafef4c14410a7cb137c8.yaml new file mode 100644 index 0000000000..8421168ba4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/phastpress-6080809f6efdafef4c14410a7cb137c8.yaml @@ -0,0 +1,58 @@ +id: phastpress-6080809f6efdafef4c14410a7cb137c8 + +info: + name: > + PhastPress <= 1.110 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8027fa07-6bc2-4e63-89d0-98079729921d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/phastpress/" + google-query: inurl:"/wp-content/plugins/phastpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,phastpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/phastpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "phastpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.110') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/phoenix-media-rename-82eeedcf78f4352cc7bcae0bfb774fa5.yaml b/nuclei-templates/cve-less/plugins/phoenix-media-rename-82eeedcf78f4352cc7bcae0bfb774fa5.yaml new file mode 100644 index 0000000000..bcf78a1e57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/phoenix-media-rename-82eeedcf78f4352cc7bcae0bfb774fa5.yaml @@ -0,0 +1,58 @@ +id: phoenix-media-rename-82eeedcf78f4352cc7bcae0bfb774fa5 + +info: + name: > + Phoenix Media Rename <= 3.4.2 - Author Arbitrary Media File Renaming + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d75d0f16-015b-49cd-a0d1-41e007fc7398?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/phoenix-media-rename/" + google-query: inurl:"/wp-content/plugins/phoenix-media-rename/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,phoenix-media-rename,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/phoenix-media-rename/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "phoenix-media-rename" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/phone-orders-for-woocommerce-6736c43448ceec0a8c35031a10886cda.yaml b/nuclei-templates/cve-less/plugins/phone-orders-for-woocommerce-6736c43448ceec0a8c35031a10886cda.yaml new file mode 100644 index 0000000000..3735e1f915 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/phone-orders-for-woocommerce-6736c43448ceec0a8c35031a10886cda.yaml @@ -0,0 +1,58 @@ +id: phone-orders-for-woocommerce-6736c43448ceec0a8c35031a10886cda + +info: + name: > + Phone Orders for WooCommerce <= 3.7.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5c9d5de-f0d0-4469-97cc-8a25740c8fde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/phone-orders-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/phone-orders-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,phone-orders-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/phone-orders-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "phone-orders-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/phonepe-payment-solutions-da56011233283b841dd7c13f7f29d7e9.yaml b/nuclei-templates/cve-less/plugins/phonepe-payment-solutions-da56011233283b841dd7c13f7f29d7e9.yaml new file mode 100644 index 0000000000..c9db269e2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/phonepe-payment-solutions-da56011233283b841dd7c13f7f29d7e9.yaml @@ -0,0 +1,58 @@ +id: phonepe-payment-solutions-da56011233283b841dd7c13f7f29d7e9 + +info: + name: > + PhonePe Payment Solutions <= 1.0.15 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f24f7e2-2516-4f4d-955f-f3f6001cbce7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/phonepe-payment-solutions/" + google-query: inurl:"/wp-content/plugins/phonepe-payment-solutions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,phonepe-payment-solutions,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/phonepe-payment-solutions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "phonepe-payment-solutions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/phonetrack-meu-site-manager-86d1730d65ed535523c7e0c21cf9f29e.yaml b/nuclei-templates/cve-less/plugins/phonetrack-meu-site-manager-86d1730d65ed535523c7e0c21cf9f29e.yaml new file mode 100644 index 0000000000..36ccbd9dc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/phonetrack-meu-site-manager-86d1730d65ed535523c7e0c21cf9f29e.yaml @@ -0,0 +1,58 @@ +id: phonetrack-meu-site-manager-86d1730d65ed535523c7e0c21cf9f29e + +info: + name: > + PhoneTrack Meu Site Manager <= 0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5d7e59e-962c-45d9-b3be-033bccf4c6b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/phonetrack-meu-site-manager/" + google-query: inurl:"/wp-content/plugins/phonetrack-meu-site-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,phonetrack-meu-site-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/phonetrack-meu-site-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "phonetrack-meu-site-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-contest-81dceae2605fe02ec91915c9cd7ee232.yaml b/nuclei-templates/cve-less/plugins/photo-contest-81dceae2605fe02ec91915c9cd7ee232.yaml new file mode 100644 index 0000000000..4b0409d9a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-contest-81dceae2605fe02ec91915c9cd7ee232.yaml @@ -0,0 +1,58 @@ +id: photo-contest-81dceae2605fe02ec91915c9cd7ee232 + +info: + name: > + WordPress Photo Gallery – Image Gallery <= 1.0.6 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1355bc94-7110-4d61-855e-78889e58dcad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-contest/" + google-query: inurl:"/wp-content/plugins/photo-contest/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-contest,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-contest/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-contest" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-feed-e1280c44c0ffb9515ed7d76fdbc69b53.yaml b/nuclei-templates/cve-less/plugins/photo-feed-e1280c44c0ffb9515ed7d76fdbc69b53.yaml new file mode 100644 index 0000000000..17c90d14de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-feed-e1280c44c0ffb9515ed7d76fdbc69b53.yaml @@ -0,0 +1,58 @@ +id: photo-feed-e1280c44c0ffb9515ed7d76fdbc69b53 + +info: + name: > + Photo Feed <= 2.2.1 - Reflected Cross-Site Scripting via pf-gid + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a36b98b-7197-434e-88ac-6fcfa34d6abb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-feed/" + google-query: inurl:"/wp-content/plugins/photo-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-1cfd262b55edc365cf2f57c5e6d1da2e.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-1cfd262b55edc365cf2f57c5e6d1da2e.yaml new file mode 100644 index 0000000000..553863e299 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-1cfd262b55edc365cf2f57c5e6d1da2e.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-1cfd262b55edc365cf2f57c5e6d1da2e + +info: + name: > + Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b004955a-7580-4dc8-beee-e55785026fed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-1defc4b79b3e0026fa5b8dc78f8c4d1d.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-1defc4b79b3e0026fa5b8dc78f8c4d1d.yaml new file mode 100644 index 0000000000..bce05a9731 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-1defc4b79b3e0026fa5b8dc78f8c4d1d.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-1defc4b79b3e0026fa5b8dc78f8c4d1d + +info: + name: > + Photo Gallery by 10Web <= 1.6.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4093f00-838b-49d1-930c-c7ee2238046f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-1e81e15f7eef3b25cd39002edd8c241e.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-1e81e15f7eef3b25cd39002edd8c241e.yaml new file mode 100644 index 0000000000..39f470ce2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-1e81e15f7eef3b25cd39002edd8c241e.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-1e81e15f7eef3b25cd39002edd8c241e + +info: + name: > + Photo Gallery by 10Web <= 1.2.10 - Authenticated SQL Injection via asc_or_desc Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bfd4e4c-63c2-4442-b91a-ca940a31c3be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-309d3be2a8406e388de1750ae092da31.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-309d3be2a8406e388de1750ae092da31.yaml new file mode 100644 index 0000000000..44b43f2c99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-309d3be2a8406e388de1750ae092da31.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-309d3be2a8406e388de1750ae092da31 + +info: + name: > + Photo Gallery by 10Web <= 1.2.7 - Unauthenticated Blind SQL Injection via order_by Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55a0b4ad-de5e-4203-a702-d498bf566165?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-398552849d43600c1c4eab92f19672ff.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-398552849d43600c1c4eab92f19672ff.yaml new file mode 100644 index 0000000000..3243ae8905 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-398552849d43600c1c4eab92f19672ff.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-398552849d43600c1c4eab92f19672ff + +info: + name: > + Photo Gallery by 10Web <= 1.5.54 - SQL Injection via bwg_search_x Parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/695819e6-2574-4047-a55d-a78289c29ba0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.55') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-4ee123ab64de9526a768d6e54f2c4b2d.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-4ee123ab64de9526a768d6e54f2c4b2d.yaml new file mode 100644 index 0000000000..f0c0305c63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-4ee123ab64de9526a768d6e54f2c4b2d.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-4ee123ab64de9526a768d6e54f2c4b2d + +info: + name: > + Photo Gallery by 10Web <= 1.5.34 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e08e1b5-d388-46cf-a9e7-4bab2a09667f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-581d9bde9452d0889b5682513ff8db3d.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-581d9bde9452d0889b5682513ff8db3d.yaml new file mode 100644 index 0000000000..840111d4e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-581d9bde9452d0889b5682513ff8db3d.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-581d9bde9452d0889b5682513ff8db3d + +info: + name: > + Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'image_id' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15253d0c-3425-4065-94d2-969939e858ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-620bdfabfd18b0eeb8341540ce2009f5.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-620bdfabfd18b0eeb8341540ce2009f5.yaml new file mode 100644 index 0000000000..f50df6a942 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-620bdfabfd18b0eeb8341540ce2009f5.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-620bdfabfd18b0eeb8341540ce2009f5 + +info: + name: > + Photo Gallery <= 1.8.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/806bbfb8-ebf3-4823-a241-91e01dc95228?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-6c9c7c812a4ff55c5f56daa5be2fd373.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-6c9c7c812a4ff55c5f56daa5be2fd373.yaml new file mode 100644 index 0000000000..63534d9514 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-6c9c7c812a4ff55c5f56daa5be2fd373.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-6c9c7c812a4ff55c5f56daa5be2fd373 + +info: + name: > + Photo Gallery by 10Web <= 1.2.41 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e78ec78-61e0-4c99-9e73-89fc6606fb97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-730408927df5a002660d3bc7f56fa1f5.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-730408927df5a002660d3bc7f56fa1f5.yaml new file mode 100644 index 0000000000..8576023375 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-730408927df5a002660d3bc7f56fa1f5.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-730408927df5a002660d3bc7f56fa1f5 + +info: + name: > + Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Authenticated (Admin+) Stored Cross-Site Scripting via SVG + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/994a044d-db69-4f2d-9027-cf3665446ed3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-7aac6c0223fd33522df44de52ce8d8aa.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-7aac6c0223fd33522df44de52ce8d8aa.yaml new file mode 100644 index 0000000000..ba6cb6423e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-7aac6c0223fd33522df44de52ce8d8aa.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-7aac6c0223fd33522df44de52ce8d8aa + +info: + name: > + Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'image_url' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11938a57-3eb7-4e7d-99ae-c6cf508cb4c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-7d9c26b229d5c8003d8d09b623e0e129.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-7d9c26b229d5c8003d8d09b623e0e129.yaml new file mode 100644 index 0000000000..1c0150f2d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-7d9c26b229d5c8003d8d09b623e0e129.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-7d9c26b229d5c8003d8d09b623e0e129 + +info: + name: > + Photo Gallery by 10Web <= 1.3.50 - Authenticated SQL Injection via tag_id Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adab6dd8-3054-42ca-99ae-1fc65108f823?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-8058e0bec878d58968e8631efe964917.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-8058e0bec878d58968e8631efe964917.yaml new file mode 100644 index 0000000000..9f2684b230 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-8058e0bec878d58968e8631efe964917.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-8058e0bec878d58968e8631efe964917 + +info: + name: > + Photo Gallery <= 1.5.68 - Multiple Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd25daac-23a2-4375-9dc2-8e9f20a564c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.69') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-813522545f1eb15165129d8785a8fe18.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-813522545f1eb15165129d8785a8fe18.yaml new file mode 100644 index 0000000000..e296388d10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-813522545f1eb15165129d8785a8fe18.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-813522545f1eb15165129d8785a8fe18 + +info: + name: > + Photo Gallery by 10Web - Mobile-Friendly Image Gallery <= 1.8.19 - Directory Traversal to Arbitrary File Rename + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-8372eec64ff21987a44ee27a8993e766.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-8372eec64ff21987a44ee27a8993e766.yaml new file mode 100644 index 0000000000..0577b906f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-8372eec64ff21987a44ee27a8993e766.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-8372eec64ff21987a44ee27a8993e766 + +info: + name: > + Photo Gallery by 10Web <= 1.8.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21b4d1a1-55fe-4241-820c-203991d724c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-8449cdb7230a3e1bb12d25a2395ff5c1.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-8449cdb7230a3e1bb12d25a2395ff5c1.yaml new file mode 100644 index 0000000000..538b69ffc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-8449cdb7230a3e1bb12d25a2395ff5c1.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-8449cdb7230a3e1bb12d25a2395ff5c1 + +info: + name: > + Photo Gallery by 10Web <= 1.2.12 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce8e5635-a343-40b4-838c-21b942af5242?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-85912756aaaf6a5c4da322cb7b750dd5.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-85912756aaaf6a5c4da322cb7b750dd5.yaml new file mode 100644 index 0000000000..c93491bbf5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-85912756aaaf6a5c4da322cb7b750dd5.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-85912756aaaf6a5c4da322cb7b750dd5 + +info: + name: > + Photo Gallery by 10Web <= 1.1.30 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ac6603f-7eed-424e-a56b-f45d4a7f7b2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-93b42b89f073fbc75b7062f5d47b5b66.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-93b42b89f073fbc75b7062f5d47b5b66.yaml new file mode 100644 index 0000000000..a5bc3521a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-93b42b89f073fbc75b7062f5d47b5b66.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-93b42b89f073fbc75b7062f5d47b5b66 + +info: + name: > + Photo Gallery by 10Web <= 1.5.22 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b1a2126-978c-48fa-b260-abfd26d0ec97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-9464a11b450ab411a742c340fdefaa58.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-9464a11b450ab411a742c340fdefaa58.yaml new file mode 100644 index 0000000000..fb549be88d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-9464a11b450ab411a742c340fdefaa58.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-9464a11b450ab411a742c340fdefaa58 + +info: + name: > + Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.5.68 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c1d8c1a-3adb-4b0b-8e2a-96ee2ff94218?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-9568a93cf21f83223317ab5745dc29b8.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-9568a93cf21f83223317ab5745dc29b8.yaml new file mode 100644 index 0000000000..f5e0d506fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-9568a93cf21f83223317ab5745dc29b8.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-9568a93cf21f83223317ab5745dc29b8 + +info: + name: > + Photo Gallery by 10Web <= 1.5.24 - Authenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba60fb73-9056-4163-9874-f0f4af35f5b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-9f00578ac1259c4fd1c8b9de9165324f.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-9f00578ac1259c4fd1c8b9de9165324f.yaml new file mode 100644 index 0000000000..88baac0d21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-9f00578ac1259c4fd1c8b9de9165324f.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-9f00578ac1259c4fd1c8b9de9165324f + +info: + name: > + Photo Gallery by 10Web <= 1.5.45 - Multiple Cross-Site Scripting Issues + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31579f6d-9a89-45e3-adfb-d59823a83c07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.45') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-b3f949bc68c2f0c560af03cf782c4a27.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-b3f949bc68c2f0c560af03cf782c4a27.yaml new file mode 100644 index 0000000000..b4149b44bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-b3f949bc68c2f0c560af03cf782c4a27.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-b3f949bc68c2f0c560af03cf782c4a27 + +info: + name: > + Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'current_url' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13cfcc7a-8529-4bd5-9842-b9ad8eb5f4b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-b9e46f23f1c3c438cdb8dc39395715de.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-b9e46f23f1c3c438cdb8dc39395715de.yaml new file mode 100644 index 0000000000..ff8e98bb34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-b9e46f23f1c3c438cdb8dc39395715de.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-b9e46f23f1c3c438cdb8dc39395715de + +info: + name: > + Photo Gallery by 10Web <= 1.6.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d22435f-f0e3-42c3-935b-d26bb1ea846a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-be54fbb88b07e1793c0aea3459743537.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-be54fbb88b07e1793c0aea3459743537.yaml new file mode 100644 index 0000000000..3042c73473 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-be54fbb88b07e1793c0aea3459743537.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-be54fbb88b07e1793c0aea3459743537 + +info: + name: > + Photo Gallery by 10Web <= 1.8.14 - Authenticated (Administrator+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0f55f3e-9a9a-42a7-91b5-0d515519d545?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-beed03e57da7da89d62ad65025967548.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-beed03e57da7da89d62ad65025967548.yaml new file mode 100644 index 0000000000..370cc55a55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-beed03e57da7da89d62ad65025967548.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-beed03e57da7da89d62ad65025967548 + +info: + name: > + Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.8.21 - Reflected Cross-Site Scripting via 'thumb_url' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d254e43f-8a8b-4309-91f3-c60710c13647?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-bf638326d3a61d38ab0c3d9a56b1c934.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-bf638326d3a61d38ab0c3d9a56b1c934.yaml new file mode 100644 index 0000000000..a4503c70ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-bf638326d3a61d38ab0c3d9a56b1c934.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-bf638326d3a61d38ab0c3d9a56b1c934 + +info: + name: > + Photo Gallery by 10Web – Mobile-Friendly Image Gallery <= 1.5.68 - Reflected Cross-Site Scripting <= 1.5.68 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0033a19-47ac-4ffc-93a4-2ea693e93397?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-c4eb24a39e4ca07448358eb29c4b844d.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-c4eb24a39e4ca07448358eb29c4b844d.yaml new file mode 100644 index 0000000000..a7399b92fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-c4eb24a39e4ca07448358eb29c4b844d.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-c4eb24a39e4ca07448358eb29c4b844d + +info: + name: > + Photo Gallery <= 1.5.66 - Authenticated Stored Cross-Site Scripting via Gallery Title + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d564606-695e-4e8c-90de-1d55afc06103?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-cab41f4f844db778ab337835cad811f5.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-cab41f4f844db778ab337835cad811f5.yaml new file mode 100644 index 0000000000..5aa7a2bbaf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-cab41f4f844db778ab337835cad811f5.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-cab41f4f844db778ab337835cad811f5 + +info: + name: > + Photo Gallery by 10Web <= 1.5.87 - Unauthenticated SQL Injection via bwg_tag_id_bwg_thumbnails_0 Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4ae4e05-cdbf-481f-abcc-9704e75ec8ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-cb06e44c5bf518af775ac99ec0dc273a.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-cb06e44c5bf518af775ac99ec0dc273a.yaml new file mode 100644 index 0000000000..097915d6cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-cb06e44c5bf518af775ac99ec0dc273a.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-cb06e44c5bf518af775ac99ec0dc273a + +info: + name: > + Photo Gallery by 10Web <= 1.5.30 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/708c2c69-aa1b-4bfb-bef5-f2faa1e49a10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-cc028d4daad55d43a1db8ea8a8a61c72.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-cc028d4daad55d43a1db8ea8a8a61c72.yaml new file mode 100644 index 0000000000..980ab525c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-cc028d4daad55d43a1db8ea8a8a61c72.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-cc028d4daad55d43a1db8ea8a8a61c72 + +info: + name: > + Photo Gallery <= 1.5.74 - File Upload Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23e0f61b-f122-46f7-83c8-7fcb022c45e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.75') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-cde70bc716e26c33fb792a26b5c7f5b0.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-cde70bc716e26c33fb792a26b5c7f5b0.yaml new file mode 100644 index 0000000000..3a3907b568 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-cde70bc716e26c33fb792a26b5c7f5b0.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-cde70bc716e26c33fb792a26b5c7f5b0 + +info: + name: > + Photo Gallery by 10Web <= 1.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8aac2717-0d1c-4c77-9dd2-b659fa2863a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-d029a01fd5b93450433108c7576996d9.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-d029a01fd5b93450433108c7576996d9.yaml new file mode 100644 index 0000000000..46263cc79c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-d029a01fd5b93450433108c7576996d9.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-d029a01fd5b93450433108c7576996d9 + +info: + name: > + Photo Gallery <= 1.5.74 - Stored Cross-Site Scripting via Uploaded SVG + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/835f553b-9c43-47f2-aecf-61c9397e6b5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.75') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-e07e7d71dc600bc27e4f1c11c365c393.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-e07e7d71dc600bc27e4f1c11c365c393.yaml new file mode 100644 index 0000000000..1359b472e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-e07e7d71dc600bc27e4f1c11c365c393.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-e07e7d71dc600bc27e4f1c11c365c393 + +info: + name: > + Photo Gallery <= 1.8.15 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1534f67d-cf3f-4185-9aa6-01ae5dee4f26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-e1df20c1816f9cf921b493870b0123b0.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-e1df20c1816f9cf921b493870b0123b0.yaml new file mode 100644 index 0000000000..f33fef8cce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-e1df20c1816f9cf921b493870b0123b0.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-e1df20c1816f9cf921b493870b0123b0 + +info: + name: > + Photo Gallery by 10Web <= 1.2.10 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b49f379-7ae1-4da9-8e1b-cbe5a561b803?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-e8b3c520b2be53d9460363b1d88ad98e.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-e8b3c520b2be53d9460363b1d88ad98e.yaml new file mode 100644 index 0000000000..01215190b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-e8b3c520b2be53d9460363b1d88ad98e.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-e8b3c520b2be53d9460363b1d88ad98e + +info: + name: > + Photo Gallery by 10Web <= 1.2.5 - Unrestricted File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd1248b2-21ae-449e-acf8-3e5d6353f593?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-eaaac08a563441ff9dd67597a6450fdd.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-eaaac08a563441ff9dd67597a6450fdd.yaml new file mode 100644 index 0000000000..715290b8c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-eaaac08a563441ff9dd67597a6450fdd.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-eaaac08a563441ff9dd67597a6450fdd + +info: + name: > + Photo Gallery <= 1.5.67 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65402225-99ba-49ff-807b-b8e4cf474ffb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-ec16eda1a0270dfc503649db472e9967.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-ec16eda1a0270dfc503649db472e9967.yaml new file mode 100644 index 0000000000..4c31eeb0ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-ec16eda1a0270dfc503649db472e9967.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-ec16eda1a0270dfc503649db472e9967 + +info: + name: > + Photo Gallery by 10Web <= 1.5.34 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b7c9d89-c6bf-4973-87c8-0511758519f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photo-gallery-f6467ad8511f5004bea6f7b6c2cbc45b.yaml b/nuclei-templates/cve-less/plugins/photo-gallery-f6467ad8511f5004bea6f7b6c2cbc45b.yaml new file mode 100644 index 0000000000..ac3a705916 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photo-gallery-f6467ad8511f5004bea6f7b6c2cbc45b.yaml @@ -0,0 +1,58 @@ +id: photo-gallery-f6467ad8511f5004bea6f7b6c2cbc45b + +info: + name: > + Photo Gallery by 10Web <= 1.8.20 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7897ebc7-3ede-465e-b037-86096eb4435a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photo-gallery/" + google-query: inurl:"/wp-content/plugins/photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photo-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-0310acae90d1336d07b5ec2866c09354.yaml b/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-0310acae90d1336d07b5ec2866c09354.yaml new file mode 100644 index 0000000000..e7e14a1d34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-0310acae90d1336d07b5ec2866c09354.yaml @@ -0,0 +1,58 @@ +id: photoblocks-grid-gallery-0310acae90d1336d07b5ec2866c09354 + +info: + name: > + Gallery PhotoBlocks <= 1.1.42 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a759f4f4-6e0b-4754-b5b5-d110a050d0ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photoblocks-grid-gallery/" + google-query: inurl:"/wp-content/plugins/photoblocks-grid-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photoblocks-grid-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photoblocks-grid-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.43') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-acd433b1de86848d8124ba9bb8ed6ee0.yaml b/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-acd433b1de86848d8124ba9bb8ed6ee0.yaml new file mode 100644 index 0000000000..c1d5bbe53d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-acd433b1de86848d8124ba9bb8ed6ee0.yaml @@ -0,0 +1,58 @@ +id: photoblocks-grid-gallery-acd433b1de86848d8124ba9bb8ed6ee0 + +info: + name: > + Gallery PhotoBlocks <= 1.2.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/540d1c86-c648-42e1-a360-cc188d1a5635?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photoblocks-grid-gallery/" + google-query: inurl:"/wp-content/plugins/photoblocks-grid-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photoblocks-grid-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photoblocks-grid-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-e067b113a87087f2914c0d765908e157.yaml b/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-e067b113a87087f2914c0d765908e157.yaml new file mode 100644 index 0000000000..57c7ef4e36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photoblocks-grid-gallery-e067b113a87087f2914c0d765908e157.yaml @@ -0,0 +1,58 @@ +id: photoblocks-grid-gallery-e067b113a87087f2914c0d765908e157 + +info: + name: > + Gallery PhotoBlocks <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/929085b2-3038-41d1-bd61-ce9e7dc79f78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photoblocks-grid-gallery/" + google-query: inurl:"/wp-content/plugins/photoblocks-grid-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photoblocks-grid-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photoblocks-grid-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photoblocks-grid-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photographer-directory-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/cve-less/plugins/photographer-directory-c1fc6421a52e6ac7d9b0f476667cd29a.yaml new file mode 100644 index 0000000000..e15f371490 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photographer-directory-c1fc6421a52e6ac7d9b0f476667cd29a.yaml @@ -0,0 +1,58 @@ +id: photographer-directory-c1fc6421a52e6ac7d9b0f476667cd29a + +info: + name: > + Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photographer-directory/" + google-query: inurl:"/wp-content/plugins/photographer-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photographer-directory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photographer-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photographer-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photoracer-ee5b679f01639572a698b05d286d526c.yaml b/nuclei-templates/cve-less/plugins/photoracer-ee5b679f01639572a698b05d286d526c.yaml new file mode 100644 index 0000000000..fdde154ac8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photoracer-ee5b679f01639572a698b05d286d526c.yaml @@ -0,0 +1,58 @@ +id: photoracer-ee5b679f01639572a698b05d286d526c + +info: + name: > + Photoracer Plugin <= 1.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e920caeb-5ee6-4428-9b53-edee316ee39f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photoracer/" + google-query: inurl:"/wp-content/plugins/photoracer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photoracer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photoracer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photoracer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photosmash-galleries-33a2e7fa2283855eea0bc65fb87d66e5.yaml b/nuclei-templates/cve-less/plugins/photosmash-galleries-33a2e7fa2283855eea0bc65fb87d66e5.yaml new file mode 100644 index 0000000000..27ccfcc424 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photosmash-galleries-33a2e7fa2283855eea0bc65fb87d66e5.yaml @@ -0,0 +1,58 @@ +id: photosmash-galleries-33a2e7fa2283855eea0bc65fb87d66e5 + +info: + name: > + Photosmash Plugin < 1.0.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c42b646f-7a41-416b-8632-d088b8d0cb7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photosmash-galleries/" + google-query: inurl:"/wp-content/plugins/photosmash-galleries/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photosmash-galleries,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photosmash-galleries/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photosmash-galleries" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photospace-7457dd966d0c4c8ae20cdc84ea24da94.yaml b/nuclei-templates/cve-less/plugins/photospace-7457dd966d0c4c8ae20cdc84ea24da94.yaml new file mode 100644 index 0000000000..56e3c9c999 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photospace-7457dd966d0c4c8ae20cdc84ea24da94.yaml @@ -0,0 +1,58 @@ +id: photospace-7457dd966d0c4c8ae20cdc84ea24da94 + +info: + name: > + Photospace Gallery <= 2.3.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51212d87-8723-4ba7-8fa4-78912a56385f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photospace/" + google-query: inurl:"/wp-content/plugins/photospace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photospace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photospace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photospace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photospace-b019cad8ad64e7103a4ef60d49f6dea3.yaml b/nuclei-templates/cve-less/plugins/photospace-b019cad8ad64e7103a4ef60d49f6dea3.yaml new file mode 100644 index 0000000000..83f42c6a56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photospace-b019cad8ad64e7103a4ef60d49f6dea3.yaml @@ -0,0 +1,58 @@ +id: photospace-b019cad8ad64e7103a4ef60d49f6dea3 + +info: + name: > + Photospace Gallery <= 2.3.5 - Missing Authorization to Plugin Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32db57ec-47f8-4b33-b22c-6d8c079412a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photospace/" + google-query: inurl:"/wp-content/plugins/photospace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photospace,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photospace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photospace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photospace-responsive-27268d0b59c1274c726da2859a7e1b6d.yaml b/nuclei-templates/cve-less/plugins/photospace-responsive-27268d0b59c1274c726da2859a7e1b6d.yaml new file mode 100644 index 0000000000..6cb81c75da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photospace-responsive-27268d0b59c1274c726da2859a7e1b6d.yaml @@ -0,0 +1,58 @@ +id: photospace-responsive-27268d0b59c1274c726da2859a7e1b6d + +info: + name: > + Photospace Responsive <= 2.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bc98896-6ff9-40de-ace2-2ca331c2a44a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photospace-responsive/" + google-query: inurl:"/wp-content/plugins/photospace-responsive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photospace-responsive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photospace-responsive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photospace-responsive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photoswipe-masonry-4086b1cacdc76d37665a053863a25b12.yaml b/nuclei-templates/cve-less/plugins/photoswipe-masonry-4086b1cacdc76d37665a053863a25b12.yaml new file mode 100644 index 0000000000..e609e50be0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photoswipe-masonry-4086b1cacdc76d37665a053863a25b12.yaml @@ -0,0 +1,58 @@ +id: photoswipe-masonry-4086b1cacdc76d37665a053863a25b12 + +info: + name: > + Photoswipe Masonry Gallery <= 1.2.14 Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64624d4c-3ffb-4516-a938-0accde24c79f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photoswipe-masonry/" + google-query: inurl:"/wp-content/plugins/photoswipe-masonry/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photoswipe-masonry,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photoswipe-masonry/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photoswipe-masonry" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photoxhibit-c1c78bdc1547ba62275f78af4206540e.yaml b/nuclei-templates/cve-less/plugins/photoxhibit-c1c78bdc1547ba62275f78af4206540e.yaml new file mode 100644 index 0000000000..6b1f89e773 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photoxhibit-c1c78bdc1547ba62275f78af4206540e.yaml @@ -0,0 +1,58 @@ +id: photoxhibit-c1c78bdc1547ba62275f78af4206540e + +info: + name: > + Photoxhibit <= 2.1.8 - Reflected Cross-Site Scripting via gid + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7d667af-d15f-4fe0-91af-36a3ed314760?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photoxhibit/" + google-query: inurl:"/wp-content/plugins/photoxhibit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photoxhibit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photoxhibit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photoxhibit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/photoxhibit-d80b7a12cea76f24d05fbaefc82e821f.yaml b/nuclei-templates/cve-less/plugins/photoxhibit-d80b7a12cea76f24d05fbaefc82e821f.yaml new file mode 100644 index 0000000000..a5f77e1057 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/photoxhibit-d80b7a12cea76f24d05fbaefc82e821f.yaml @@ -0,0 +1,58 @@ +id: photoxhibit-d80b7a12cea76f24d05fbaefc82e821f + +info: + name: > + Photoxhibit <= 2.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02ecd818-4c96-463e-b9ab-5900c1d01a39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/photoxhibit/" + google-query: inurl:"/wp-content/plugins/photoxhibit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,photoxhibit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/photoxhibit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photoxhibit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/php-compatibility-checker-22cbdfe6497edcc66032227e018ed1b2.yaml b/nuclei-templates/cve-less/plugins/php-compatibility-checker-22cbdfe6497edcc66032227e018ed1b2.yaml new file mode 100644 index 0000000000..76fe513971 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/php-compatibility-checker-22cbdfe6497edcc66032227e018ed1b2.yaml @@ -0,0 +1,58 @@ +id: php-compatibility-checker-22cbdfe6497edcc66032227e018ed1b2 + +info: + name: > + PHP Compatibility Checker <= 1.5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41fada19-c697-4078-825b-0bdf6a827b02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/php-compatibility-checker/" + google-query: inurl:"/wp-content/plugins/php-compatibility-checker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,php-compatibility-checker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/php-compatibility-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "php-compatibility-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/php-everywhere-80daa229706432d7991ba35deb710b25.yaml b/nuclei-templates/cve-less/plugins/php-everywhere-80daa229706432d7991ba35deb710b25.yaml new file mode 100644 index 0000000000..85b0d0797a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/php-everywhere-80daa229706432d7991ba35deb710b25.yaml @@ -0,0 +1,58 @@ +id: php-everywhere-80daa229706432d7991ba35deb710b25 + +info: + name: > + PHP Everywhere <= 2.0.3 - Remote Code Execution by Contributor+ users via gutenberg block + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7aa62be9-93b9-423f-89f8-809ca0035547?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/php-everywhere/" + google-query: inurl:"/wp-content/plugins/php-everywhere/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,php-everywhere,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/php-everywhere/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "php-everywhere" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/php-everywhere-83059d16d11e2fca8e78916d3d8e8973.yaml b/nuclei-templates/cve-less/plugins/php-everywhere-83059d16d11e2fca8e78916d3d8e8973.yaml new file mode 100644 index 0000000000..369ad357f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/php-everywhere-83059d16d11e2fca8e78916d3d8e8973.yaml @@ -0,0 +1,58 @@ +id: php-everywhere-83059d16d11e2fca8e78916d3d8e8973 + +info: + name: > + PHP Everywhere <= 2.0.3 - Authenticated (Contributor+) Remote Code Execution via Metabox + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e52882e-d86f-4863-bdb6-e33c0449d14c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/php-everywhere/" + google-query: inurl:"/wp-content/plugins/php-everywhere/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,php-everywhere,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/php-everywhere/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "php-everywhere" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/php-everywhere-a30d359b699628ff181230d080160c5b.yaml b/nuclei-templates/cve-less/plugins/php-everywhere-a30d359b699628ff181230d080160c5b.yaml new file mode 100644 index 0000000000..729a0ec5d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/php-everywhere-a30d359b699628ff181230d080160c5b.yaml @@ -0,0 +1,58 @@ +id: php-everywhere-a30d359b699628ff181230d080160c5b + +info: + name: > + PHP Everywhere <= 2.0.3 - Remote Code Execution by Subscriber+ users via shortcode + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d33467d4-aabd-4030-ba10-68e2460b2ed2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/php-everywhere/" + google-query: inurl:"/wp-content/plugins/php-everywhere/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,php-everywhere,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/php-everywhere/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "php-everywhere" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/php-everywhere-f8e9e8a25542e313c19a4d2c9a30bf10.yaml b/nuclei-templates/cve-less/plugins/php-everywhere-f8e9e8a25542e313c19a4d2c9a30bf10.yaml new file mode 100644 index 0000000000..4d68d4ee16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/php-everywhere-f8e9e8a25542e313c19a4d2c9a30bf10.yaml @@ -0,0 +1,58 @@ +id: php-everywhere-f8e9e8a25542e313c19a4d2c9a30bf10 + +info: + name: > + PHP Everywhere <= 2.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2cd027b-fbaa-41ce-8822-2fa16aa93eb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/php-everywhere/" + google-query: inurl:"/wp-content/plugins/php-everywhere/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,php-everywhere,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/php-everywhere/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "php-everywhere" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/php-execution-plugin-83ff6d6d9bc5d168afdb537857550fe7.yaml b/nuclei-templates/cve-less/plugins/php-execution-plugin-83ff6d6d9bc5d168afdb537857550fe7.yaml new file mode 100644 index 0000000000..053568b682 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/php-execution-plugin-83ff6d6d9bc5d168afdb537857550fe7.yaml @@ -0,0 +1,58 @@ +id: php-execution-plugin-83ff6d6d9bc5d168afdb537857550fe7 + +info: + name: > + PHP Execution <= 1.0.0 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4f2112f-d5dc-4045-ac58-3895d6ac7179?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/php-execution-plugin/" + google-query: inurl:"/wp-content/plugins/php-execution-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,php-execution-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/php-execution-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "php-execution-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/php-to-page-ae8fa6f84b5149157cb1430a27dde4d8.yaml b/nuclei-templates/cve-less/plugins/php-to-page-ae8fa6f84b5149157cb1430a27dde4d8.yaml new file mode 100644 index 0000000000..da1d553d69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/php-to-page-ae8fa6f84b5149157cb1430a27dde4d8.yaml @@ -0,0 +1,58 @@ +id: php-to-page-ae8fa6f84b5149157cb1430a27dde4d8 + +info: + name: > + PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83e5a0dc-fc51-4565-945f-190cf9175874?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/php-to-page/" + google-query: inurl:"/wp-content/plugins/php-to-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,php-to-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/php-to-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "php-to-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/phpfreechat-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/phpfreechat-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..e0723bd351 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/phpfreechat-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: phpfreechat-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/phpfreechat/" + google-query: inurl:"/wp-content/plugins/phpfreechat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,phpfreechat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/phpfreechat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "phpfreechat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/phpinfo-wp-68aed4fb719e93aff911b8c6723e373b.yaml b/nuclei-templates/cve-less/plugins/phpinfo-wp-68aed4fb719e93aff911b8c6723e373b.yaml new file mode 100644 index 0000000000..5ee561713a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/phpinfo-wp-68aed4fb719e93aff911b8c6723e373b.yaml @@ -0,0 +1,58 @@ +id: phpinfo-wp-68aed4fb719e93aff911b8c6723e373b + +info: + name: > + phpinfo() WP <= 4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e944a08-b6c1-456f-921a-501ab4b59f31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/phpinfo-wp/" + google-query: inurl:"/wp-content/plugins/phpinfo-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,phpinfo-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/phpinfo-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "phpinfo-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/phppoet-checkout-fields-95830f5764b8d010ddba582e5df78be8.yaml b/nuclei-templates/cve-less/plugins/phppoet-checkout-fields-95830f5764b8d010ddba582e5df78be8.yaml new file mode 100644 index 0000000000..b492b99b0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/phppoet-checkout-fields-95830f5764b8d010ddba582e5df78be8.yaml @@ -0,0 +1,58 @@ +id: phppoet-checkout-fields-95830f5764b8d010ddba582e5df78be8 + +info: + name: > + WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fb0195a-077e-4f43-9294-1e5ecad7eb82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/phppoet-checkout-fields/" + google-query: inurl:"/wp-content/plugins/phppoet-checkout-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,phppoet-checkout-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/phppoet-checkout-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "phppoet-checkout-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pi-woocommerce-order-date-time-and-type-79edec65d658aad88495c54f54d3669a.yaml b/nuclei-templates/cve-less/plugins/pi-woocommerce-order-date-time-and-type-79edec65d658aad88495c54f54d3669a.yaml new file mode 100644 index 0000000000..b2ef2ff685 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pi-woocommerce-order-date-time-and-type-79edec65d658aad88495c54f54d3669a.yaml @@ -0,0 +1,58 @@ +id: pi-woocommerce-order-date-time-and-type-79edec65d658aad88495c54f54d3669a + +info: + name: > + Order date time for WooCommerce <= 3.0.19 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f19006a0-6848-467b-90ed-33b3ebd2c7ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pi-woocommerce-order-date-time-and-type/" + google-query: inurl:"/wp-content/plugins/pi-woocommerce-order-date-time-and-type/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pi-woocommerce-order-date-time-and-type,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pi-woocommerce-order-date-time-and-type/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pi-woocommerce-order-date-time-and-type" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pica-photo-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/pica-photo-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..d42623cd08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pica-photo-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: pica-photo-gallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pica-photo-gallery/" + google-query: inurl:"/wp-content/plugins/pica-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pica-photo-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pica-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pica-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pictobrowser-gallery-0f95bb65415e0d0bde6379a1fe073b9f.yaml b/nuclei-templates/cve-less/plugins/pictobrowser-gallery-0f95bb65415e0d0bde6379a1fe073b9f.yaml new file mode 100644 index 0000000000..c045bd8540 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pictobrowser-gallery-0f95bb65415e0d0bde6379a1fe073b9f.yaml @@ -0,0 +1,58 @@ +id: pictobrowser-gallery-0f95bb65415e0d0bde6379a1fe073b9f + +info: + name: > + PictoBrowser Gallery <= 0.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08396330-4fb8-4df0-b7eb-3d3b847cb9b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pictobrowser-gallery/" + google-query: inurl:"/wp-content/plugins/pictobrowser-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pictobrowser-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pictobrowser-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pictobrowser-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pictpress-307c3c6d6bec988e070cfcb7b09e6f6d.yaml b/nuclei-templates/cve-less/plugins/pictpress-307c3c6d6bec988e070cfcb7b09e6f6d.yaml new file mode 100644 index 0000000000..4cee70cbae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pictpress-307c3c6d6bec988e070cfcb7b09e6f6d.yaml @@ -0,0 +1,58 @@ +id: pictpress-307c3c6d6bec988e070cfcb7b09e6f6d + +info: + name: > + PictPress <= 0.91 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c22b9505-6341-4db8-9d21-23796caf63d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pictpress/" + google-query: inurl:"/wp-content/plugins/pictpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pictpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pictpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pictpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.91') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-forms-for-wp-fad10c5df0d12e13e57389567502ed4b.yaml b/nuclei-templates/cve-less/plugins/pie-forms-for-wp-fad10c5df0d12e13e57389567502ed4b.yaml new file mode 100644 index 0000000000..d7d41e2517 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-forms-for-wp-fad10c5df0d12e13e57389567502ed4b.yaml @@ -0,0 +1,58 @@ +id: pie-forms-for-wp-fad10c5df0d12e13e57389567502ed4b + +info: + name: > + WordPress Forms by Pie Forms <= 1.4.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a75ff86-dc4d-4519-8cc5-183afc00cb65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-forms-for-wp/" + google-query: inurl:"/wp-content/plugins/pie-forms-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-forms-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-forms-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-forms-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-085dcf91f1430534b15ba25ebc810709.yaml b/nuclei-templates/cve-less/plugins/pie-register-085dcf91f1430534b15ba25ebc810709.yaml new file mode 100644 index 0000000000..19747be82f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-085dcf91f1430534b15ba25ebc810709.yaml @@ -0,0 +1,58 @@ +id: pie-register-085dcf91f1430534b15ba25ebc810709 + +info: + name: > + Pie Register <= 1.30 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b68e26d-1680-42ed-9b8e-23c80c19b1be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-44a36b31780ae752545fe7f279378677.yaml b/nuclei-templates/cve-less/plugins/pie-register-44a36b31780ae752545fe7f279378677.yaml new file mode 100644 index 0000000000..f39d18fb00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-44a36b31780ae752545fe7f279378677.yaml @@ -0,0 +1,58 @@ +id: pie-register-44a36b31780ae752545fe7f279378677 + +info: + name: > + Pie Register <= 3.8.1.2 - Missing Authorization to Arbitrary User Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22b18a9c-89e5-43e1-9553-5862df25bf47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-490ba182a143f8f2d65ee92cff342981.yaml b/nuclei-templates/cve-less/plugins/pie-register-490ba182a143f8f2d65ee92cff342981.yaml new file mode 100644 index 0000000000..e7f4614b41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-490ba182a143f8f2d65ee92cff342981.yaml @@ -0,0 +1,58 @@ +id: pie-register-490ba182a143f8f2d65ee92cff342981 + +info: + name: > + Pie Register <= 3.8.3.1 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89586fcc-f0f6-4f44-841b-04eee64c0ab3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-5471d89b27018d77efeb5931175f6c33.yaml b/nuclei-templates/cve-less/plugins/pie-register-5471d89b27018d77efeb5931175f6c33.yaml new file mode 100644 index 0000000000..4233cfbcb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-5471d89b27018d77efeb5931175f6c33.yaml @@ -0,0 +1,58 @@ +id: pie-register-5471d89b27018d77efeb5931175f6c33 + +info: + name: > + Pie Register <= 3.8.2.2 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bbcbefa-f38d-4752-acca-3545976cc59f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-555fd231d361b91b6b7b333e844c48cf.yaml b/nuclei-templates/cve-less/plugins/pie-register-555fd231d361b91b6b7b333e844c48cf.yaml new file mode 100644 index 0000000000..28e4874da5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-555fd231d361b91b6b7b333e844c48cf.yaml @@ -0,0 +1,58 @@ +id: pie-register-555fd231d361b91b6b7b333e844c48cf + +info: + name: > + Pie Register <= 3.7.1.5 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03926855-d2cc-4105-9927-5871002cb7a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-a5906711fb55acacbd35705f2d98b335.yaml b/nuclei-templates/cve-less/plugins/pie-register-a5906711fb55acacbd35705f2d98b335.yaml new file mode 100644 index 0000000000..ce22249bae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-a5906711fb55acacbd35705f2d98b335.yaml @@ -0,0 +1,58 @@ +id: pie-register-a5906711fb55acacbd35705f2d98b335 + +info: + name: > + Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments < 3.1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce544dd0-6e4a-4a73-bba0-db2d667e378e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-b2f2a2293859699f71056b726eb185bf.yaml b/nuclei-templates/cve-less/plugins/pie-register-b2f2a2293859699f71056b726eb185bf.yaml new file mode 100644 index 0000000000..d9414bbb57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-b2f2a2293859699f71056b726eb185bf.yaml @@ -0,0 +1,58 @@ +id: pie-register-b2f2a2293859699f71056b726eb185bf + +info: + name: > + Pie Register <= 2.0.13 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b2769bc-523b-4a8f-9042-1e879db3f8ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-c271e79e457792d8093dce56ebc058d7.yaml b/nuclei-templates/cve-less/plugins/pie-register-c271e79e457792d8093dce56ebc058d7.yaml new file mode 100644 index 0000000000..ed4ad27231 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-c271e79e457792d8093dce56ebc058d7.yaml @@ -0,0 +1,58 @@ +id: pie-register-c271e79e457792d8093dce56ebc058d7 + +info: + name: > + Pie Register – User Registration Forms < 2.0.19 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8f27037-5dd6-467e-b633-494f30ec8b7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-d17a26eab5a1167d47a2ffdfdfa715f1.yaml b/nuclei-templates/cve-less/plugins/pie-register-d17a26eab5a1167d47a2ffdfdfa715f1.yaml new file mode 100644 index 0000000000..969bc52070 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-d17a26eab5a1167d47a2ffdfdfa715f1.yaml @@ -0,0 +1,58 @@ +id: pie-register-d17a26eab5a1167d47a2ffdfdfa715f1 + +info: + name: > + Pie Register <= 3.7.1.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec547a1f-d57b-4792-b9d0-38e9a9c4d0a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-e4630937cb3252f53c729f27f9bae6ad.yaml b/nuclei-templates/cve-less/plugins/pie-register-e4630937cb3252f53c729f27f9bae6ad.yaml new file mode 100644 index 0000000000..11ebef719e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-e4630937cb3252f53c729f27f9bae6ad.yaml @@ -0,0 +1,58 @@ +id: pie-register-e4630937cb3252f53c729f27f9bae6ad + +info: + name: > + Pie Register – User Registration Forms <= 3.7.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b14dec28-41f9-460f-aa6c-3e6baf2498d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-f10e961623521100a85e5972e8959ae4.yaml b/nuclei-templates/cve-less/plugins/pie-register-f10e961623521100a85e5972e8959ae4.yaml new file mode 100644 index 0000000000..294ebcd34f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-f10e961623521100a85e5972e8959ae4.yaml @@ -0,0 +1,58 @@ +id: pie-register-f10e961623521100a85e5972e8959ae4 + +info: + name: > + Pie Register <= 3.0.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f918c749-8c3d-4436-9a84-b040e4a2f8ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pie-register-f2952d2417af91e1e214114658f123b5.yaml b/nuclei-templates/cve-less/plugins/pie-register-f2952d2417af91e1e214114658f123b5.yaml new file mode 100644 index 0000000000..12a596ccde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pie-register-f2952d2417af91e1e214114658f123b5.yaml @@ -0,0 +1,58 @@ +id: pie-register-f2952d2417af91e1e214114658f123b5 + +info: + name: > + Pie Register – User Registration Forms < 2.0.19 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42402a14-b192-4ed0-84bf-f0327e48f32b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pie-register/" + google-query: inurl:"/wp-content/plugins/pie-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pie-register,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pie-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pie-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pilotpress-2498bc224a94ac1ba539a681f69b7ef6.yaml b/nuclei-templates/cve-less/plugins/pilotpress-2498bc224a94ac1ba539a681f69b7ef6.yaml new file mode 100644 index 0000000000..1d03e3edeb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pilotpress-2498bc224a94ac1ba539a681f69b7ef6.yaml @@ -0,0 +1,58 @@ +id: pilotpress-2498bc224a94ac1ba539a681f69b7ef6 + +info: + name: > + PilotPress <= 2.0.30 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX functions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a8d121d-434d-4445-874f-d3cf6b6e7233?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pilotpress/" + google-query: inurl:"/wp-content/plugins/pilotpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pilotpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pilotpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pilotpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pinterest-rss-widget-62705338d1951d661bb8e5bc23d5b61e.yaml b/nuclei-templates/cve-less/plugins/pinterest-rss-widget-62705338d1951d661bb8e5bc23d5b61e.yaml new file mode 100644 index 0000000000..a3a342b5f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pinterest-rss-widget-62705338d1951d661bb8e5bc23d5b61e.yaml @@ -0,0 +1,58 @@ +id: pinterest-rss-widget-62705338d1951d661bb8e5bc23d5b61e + +info: + name: > + Pinterest RSS Widget <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec186b0-72f0-4017-ad24-1c82247a23ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pinterest-rss-widget/" + google-query: inurl:"/wp-content/plugins/pinterest-rss-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pinterest-rss-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pinterest-rss-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pinterest-rss-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-b5ac41047b1437d9d41eb11c7b522d30.yaml b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-b5ac41047b1437d9d41eb11c7b522d30.yaml new file mode 100644 index 0000000000..efc4dda33e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-b5ac41047b1437d9d41eb11c7b522d30.yaml @@ -0,0 +1,58 @@ +id: piotnet-addons-for-elementor-b5ac41047b1437d9d41eb11c7b522d30 + +info: + name: > + Piotnet Addons For Elementor <= 2.4.25 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2b9d080-489d-40e4-bb6f-c4209e5f4fad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/piotnet-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piotnet-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piotnet-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-e66a7b75dd0639134f09eee91026a929.yaml b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-e66a7b75dd0639134f09eee91026a929.yaml new file mode 100644 index 0000000000..4529f73098 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-e66a7b75dd0639134f09eee91026a929.yaml @@ -0,0 +1,58 @@ +id: piotnet-addons-for-elementor-e66a7b75dd0639134f09eee91026a929 + +info: + name: > + Piotnet Addons For Elementor <= 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e1885be-dc9f-4858-a155-ad6fcc117d0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/piotnet-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piotnet-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piotnet-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-156652aa50db0572929dd8be39230242.yaml b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-156652aa50db0572929dd8be39230242.yaml new file mode 100644 index 0000000000..50733eeb53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-156652aa50db0572929dd8be39230242.yaml @@ -0,0 +1,58 @@ +id: piotnet-addons-for-elementor-pro-156652aa50db0572929dd8be39230242 + +info: + name: > + Piotnet Addons For Elementor Pro <= 7.1.17 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b4a2291-cf86-4d3f-8d6e-670b1b6ab124?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/piotnet-addons-for-elementor-pro/" + google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piotnet-addons-for-elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piotnet-addons-for-elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-20464abfb5a20fb1d96af1ded31e80d6.yaml b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-20464abfb5a20fb1d96af1ded31e80d6.yaml new file mode 100644 index 0000000000..aa9ceef224 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-20464abfb5a20fb1d96af1ded31e80d6.yaml @@ -0,0 +1,58 @@ +id: piotnet-addons-for-elementor-pro-20464abfb5a20fb1d96af1ded31e80d6 + +info: + name: > + Piotnet Addons For Elementor Pro <= 7.1.17 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2b31db1-c4f7-47c6-ad83-7ecd375e5f65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/piotnet-addons-for-elementor-pro/" + google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piotnet-addons-for-elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piotnet-addons-for-elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-7170a15e98802cc9df1f92d68c501b1c.yaml b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-7170a15e98802cc9df1f92d68c501b1c.yaml new file mode 100644 index 0000000000..7f7e41838b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-7170a15e98802cc9df1f92d68c501b1c.yaml @@ -0,0 +1,58 @@ +id: piotnet-addons-for-elementor-pro-7170a15e98802cc9df1f92d68c501b1c + +info: + name: > + Piotnet Addons For Elementor Pro <= 7.1.17 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32ccbde2-b6a9-4748-907d-b948937dad09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/piotnet-addons-for-elementor-pro/" + google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piotnet-addons-for-elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piotnet-addons-for-elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-7188ef26349164dd23042500cdbf31b3.yaml b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-7188ef26349164dd23042500cdbf31b3.yaml new file mode 100644 index 0000000000..d759de6a60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-7188ef26349164dd23042500cdbf31b3.yaml @@ -0,0 +1,58 @@ +id: piotnet-addons-for-elementor-pro-7188ef26349164dd23042500cdbf31b3 + +info: + name: > + Piotnet Addons For Elementor Pro <= 7.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67856d6b-9be9-494a-b713-f36d5e29e7f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/piotnet-addons-for-elementor-pro/" + google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piotnet-addons-for-elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piotnet-addons-for-elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-a073e10124aebcae7675d30da8592a4c.yaml b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-a073e10124aebcae7675d30da8592a4c.yaml new file mode 100644 index 0000000000..699eac9898 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/piotnet-addons-for-elementor-pro-a073e10124aebcae7675d30da8592a4c.yaml @@ -0,0 +1,58 @@ +id: piotnet-addons-for-elementor-pro-a073e10124aebcae7675d30da8592a4c + +info: + name: > + Piotnet Addons For Elementor Pro <= 7.1.17 - Missing Authorization to Arbitrary Post/Page Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23e04283-5644-4e23-bc42-0a0963a38b71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/piotnet-addons-for-elementor-pro/" + google-query: inurl:"/wp-content/plugins/piotnet-addons-for-elementor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,piotnet-addons-for-elementor-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piotnet-addons-for-elementor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piotnet-addons-for-elementor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/piotnetforms-3e3dbd541f7f8bdbabf98ab3f7d5763f.yaml b/nuclei-templates/cve-less/plugins/piotnetforms-3e3dbd541f7f8bdbabf98ab3f7d5763f.yaml new file mode 100644 index 0000000000..6134b79f28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/piotnetforms-3e3dbd541f7f8bdbabf98ab3f7d5763f.yaml @@ -0,0 +1,58 @@ +id: piotnetforms-3e3dbd541f7f8bdbabf98ab3f7d5763f + +info: + name: > + Piotnet Forms <= 1.0.28 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af2b7eac-a3f5-408f-b139-643e70b3f27a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/piotnetforms/" + google-query: inurl:"/wp-content/plugins/piotnetforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,piotnetforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piotnetforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piotnetforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/piotnetforms-4e38c1777edea860289ac75c8e42f2e1.yaml b/nuclei-templates/cve-less/plugins/piotnetforms-4e38c1777edea860289ac75c8e42f2e1.yaml new file mode 100644 index 0000000000..762853d592 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/piotnetforms-4e38c1777edea860289ac75c8e42f2e1.yaml @@ -0,0 +1,58 @@ +id: piotnetforms-4e38c1777edea860289ac75c8e42f2e1 + +info: + name: > + Piotnet Forms Plugin <= 1.0.28 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f52298b-344b-4561-b1bf-93bea95a3e53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/piotnetforms/" + google-query: inurl:"/wp-content/plugins/piotnetforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,piotnetforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piotnetforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piotnetforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/piotnetforms-7ac0863d03c3cdd406341dca9d25711a.yaml b/nuclei-templates/cve-less/plugins/piotnetforms-7ac0863d03c3cdd406341dca9d25711a.yaml new file mode 100644 index 0000000000..c2e32ce972 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/piotnetforms-7ac0863d03c3cdd406341dca9d25711a.yaml @@ -0,0 +1,58 @@ +id: piotnetforms-7ac0863d03c3cdd406341dca9d25711a + +info: + name: > + Piotnet Forms <= 1.0.25 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f119c6c2-cd4e-415a-b717-2bfc90ed729e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/piotnetforms/" + google-query: inurl:"/wp-content/plugins/piotnetforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,piotnetforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piotnetforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piotnetforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pirate-forms-7694e4b82dce0dfb26c86a146e774669.yaml b/nuclei-templates/cve-less/plugins/pirate-forms-7694e4b82dce0dfb26c86a146e774669.yaml new file mode 100644 index 0000000000..b983484a45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pirate-forms-7694e4b82dce0dfb26c86a146e774669.yaml @@ -0,0 +1,58 @@ +id: pirate-forms-7694e4b82dce0dfb26c86a146e774669 + +info: + name: > + Contact Form & SMTP Plugin by PirateForms <= 2.5.1 - Unauthenticated HTML injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e34c3f6-cc84-4e45-9948-6f7fd5cba8cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pirate-forms/" + google-query: inurl:"/wp-content/plugins/pirate-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pirate-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pirate-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pirate-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/piwik-pro-4e90b64e5c0880980f44418deca3c91b.yaml b/nuclei-templates/cve-less/plugins/piwik-pro-4e90b64e5c0880980f44418deca3c91b.yaml new file mode 100644 index 0000000000..08fcddea3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/piwik-pro-4e90b64e5c0880980f44418deca3c91b.yaml @@ -0,0 +1,58 @@ +id: piwik-pro-4e90b64e5c0880980f44418deca3c91b + +info: + name: > + Various Affected Software (Various Versions) - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d5d9ef7-3832-495c-b61b-7e24c2e60893?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/piwik-pro/" + google-query: inurl:"/wp-content/plugins/piwik-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,piwik-pro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/piwik-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "piwik-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.2.35', '<= 0.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixabay-images-12ee5879dbc7fdb46e24ef76cc9a2d61.yaml b/nuclei-templates/cve-less/plugins/pixabay-images-12ee5879dbc7fdb46e24ef76cc9a2d61.yaml new file mode 100644 index 0000000000..605f3e8d46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixabay-images-12ee5879dbc7fdb46e24ef76cc9a2d61.yaml @@ -0,0 +1,58 @@ +id: pixabay-images-12ee5879dbc7fdb46e24ef76cc9a2d61 + +info: + name: > + Pixabay Images <= 2.0 - Authentication Bypass to Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40a6a810-1151-49e6-bed4-2b7a572ac015?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixabay-images/" + google-query: inurl:"/wp-content/plugins/pixabay-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixabay-images,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixabay-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixabay-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixabay-images-5b2fbefb63fd7f965b09642c4ccecf5d.yaml b/nuclei-templates/cve-less/plugins/pixabay-images-5b2fbefb63fd7f965b09642c4ccecf5d.yaml new file mode 100644 index 0000000000..506bc3639d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixabay-images-5b2fbefb63fd7f965b09642c4ccecf5d.yaml @@ -0,0 +1,58 @@ +id: pixabay-images-5b2fbefb63fd7f965b09642c4ccecf5d + +info: + name: > + Pixabay Images <= 2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eee91d95-afdb-45e3-b639-50eb3c46115d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixabay-images/" + google-query: inurl:"/wp-content/plugins/pixabay-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixabay-images,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixabay-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixabay-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixabay-images-5de755d9bd8418fefc2676ce9864e6b9.yaml b/nuclei-templates/cve-less/plugins/pixabay-images-5de755d9bd8418fefc2676ce9864e6b9.yaml new file mode 100644 index 0000000000..a7d67f1696 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixabay-images-5de755d9bd8418fefc2676ce9864e6b9.yaml @@ -0,0 +1,58 @@ +id: pixabay-images-5de755d9bd8418fefc2676ce9864e6b9 + +info: + name: > + Pixabay Images <= 2.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35c12f80-d069-44ed-b6a5-caa060fbd281?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixabay-images/" + google-query: inurl:"/wp-content/plugins/pixabay-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixabay-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixabay-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixabay-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixabay-images-99e3e9aef74467dcee4f17ac700177de.yaml b/nuclei-templates/cve-less/plugins/pixabay-images-99e3e9aef74467dcee4f17ac700177de.yaml new file mode 100644 index 0000000000..3fda92ee16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixabay-images-99e3e9aef74467dcee4f17ac700177de.yaml @@ -0,0 +1,58 @@ +id: pixabay-images-99e3e9aef74467dcee4f17ac700177de + +info: + name: > + Pixabay Images <= 2.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91998552-bf97-40e0-b5b2-be35a8d58b54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixabay-images/" + google-query: inurl:"/wp-content/plugins/pixabay-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixabay-images,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixabay-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixabay-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixcodes-4706d1b1438785969ae30d4549fd166c.yaml b/nuclei-templates/cve-less/plugins/pixcodes-4706d1b1438785969ae30d4549fd166c.yaml new file mode 100644 index 0000000000..92af2dff04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixcodes-4706d1b1438785969ae30d4549fd166c.yaml @@ -0,0 +1,58 @@ +id: pixcodes-4706d1b1438785969ae30d4549fd166c + +info: + name: > + PixCodes <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb6f38ce-2378-480f-8f43-140ed7be5cc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixcodes/" + google-query: inurl:"/wp-content/plugins/pixcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixelyoursite-46fd3a8d2dbfa8e63d62d0d4687e4eb8.yaml b/nuclei-templates/cve-less/plugins/pixelyoursite-46fd3a8d2dbfa8e63d62d0d4687e4eb8.yaml new file mode 100644 index 0000000000..3380fc3327 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixelyoursite-46fd3a8d2dbfa8e63d62d0d4687e4eb8.yaml @@ -0,0 +1,58 @@ +id: pixelyoursite-46fd3a8d2dbfa8e63d62d0d4687e4eb8 + +info: + name: > + PixelYourSite <= 9.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9c6eccc-3f91-4923-b3d3-46070bb3662d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixelyoursite/" + google-query: inurl:"/wp-content/plugins/pixelyoursite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixelyoursite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixelyoursite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixelyoursite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixelyoursite-5498e556e2216200fd56232f5d1a8034.yaml b/nuclei-templates/cve-less/plugins/pixelyoursite-5498e556e2216200fd56232f5d1a8034.yaml new file mode 100644 index 0000000000..1e11ec4055 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixelyoursite-5498e556e2216200fd56232f5d1a8034.yaml @@ -0,0 +1,58 @@ +id: pixelyoursite-5498e556e2216200fd56232f5d1a8034 + +info: + name: > + PixelYourSite <= 9.3.6 and PixelYourSite Pro <= 9.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ebf1e83-50b8-4f56-ba76-10100375edda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixelyoursite/" + google-query: inurl:"/wp-content/plugins/pixelyoursite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixelyoursite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixelyoursite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixelyoursite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixelyoursite-7c22e43cb21e5962b21022636d9c698c.yaml b/nuclei-templates/cve-less/plugins/pixelyoursite-7c22e43cb21e5962b21022636d9c698c.yaml new file mode 100644 index 0000000000..ae6e09712a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixelyoursite-7c22e43cb21e5962b21022636d9c698c.yaml @@ -0,0 +1,58 @@ +id: pixelyoursite-7c22e43cb21e5962b21022636d9c698c + +info: + name: > + PixelYourSite <= 5.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78ca8110-fd39-4fcb-bac7-94732c14aee2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixelyoursite/" + google-query: inurl:"/wp-content/plugins/pixelyoursite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixelyoursite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixelyoursite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixelyoursite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixelyoursite-pro-5498e556e2216200fd56232f5d1a8034.yaml b/nuclei-templates/cve-less/plugins/pixelyoursite-pro-5498e556e2216200fd56232f5d1a8034.yaml new file mode 100644 index 0000000000..8b439567f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixelyoursite-pro-5498e556e2216200fd56232f5d1a8034.yaml @@ -0,0 +1,58 @@ +id: pixelyoursite-pro-5498e556e2216200fd56232f5d1a8034 + +info: + name: > + PixelYourSite <= 9.3.6 and PixelYourSite Pro <= 9.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ebf1e83-50b8-4f56-ba76-10100375edda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixelyoursite-pro/" + google-query: inurl:"/wp-content/plugins/pixelyoursite-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixelyoursite-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixelyoursite-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixelyoursite-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixfields-32884b4069e08a6e3a456b6d9b5e62d6.yaml b/nuclei-templates/cve-less/plugins/pixfields-32884b4069e08a6e3a456b6d9b5e62d6.yaml new file mode 100644 index 0000000000..3212f44a07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixfields-32884b4069e08a6e3a456b6d9b5e62d6.yaml @@ -0,0 +1,58 @@ +id: pixfields-32884b4069e08a6e3a456b6d9b5e62d6 + +info: + name: > + PixFields <= 0.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7f86396-2f3f-4cd6-b3d4-e518b074a579?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixfields/" + google-query: inurl:"/wp-content/plugins/pixfields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixfields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixfields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixfields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixfields-c610b8a5231d91145ad3b18f9f470868.yaml b/nuclei-templates/cve-less/plugins/pixfields-c610b8a5231d91145ad3b18f9f470868.yaml new file mode 100644 index 0000000000..d39e123b4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixfields-c610b8a5231d91145ad3b18f9f470868.yaml @@ -0,0 +1,58 @@ +id: pixfields-c610b8a5231d91145ad3b18f9f470868 + +info: + name: > + PixFields <= 0.7.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3c6fb8b-9df8-4cf5-b9e6-702852bb1977?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixfields/" + google-query: inurl:"/wp-content/plugins/pixfields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixfields,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixfields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixfields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixtypes-5afe134af3509b1b84204a9f85b1cefe.yaml b/nuclei-templates/cve-less/plugins/pixtypes-5afe134af3509b1b84204a9f85b1cefe.yaml new file mode 100644 index 0000000000..20e92f0774 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixtypes-5afe134af3509b1b84204a9f85b1cefe.yaml @@ -0,0 +1,58 @@ +id: pixtypes-5afe134af3509b1b84204a9f85b1cefe + +info: + name: > + PixTypes <= 1.4.15 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca05783d-7516-469e-b8a0-c23035db43b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixtypes/" + google-query: inurl:"/wp-content/plugins/pixtypes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixtypes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixtypes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixtypes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pixtypes-f26696ee1719902df9af4673f5c5c04a.yaml b/nuclei-templates/cve-less/plugins/pixtypes-f26696ee1719902df9af4673f5c5c04a.yaml new file mode 100644 index 0000000000..11ad62b4d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pixtypes-f26696ee1719902df9af4673f5c5c04a.yaml @@ -0,0 +1,58 @@ +id: pixtypes-f26696ee1719902df9af4673f5c5c04a + +info: + name: > + PixTypes <= 1.4.14 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ac7414c-8035-406a-ab1e-94d9f64e52fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pixtypes/" + google-query: inurl:"/wp-content/plugins/pixtypes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pixtypes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pixtypes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixtypes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pj-news-ticker-14d59d1dd0d6c11dea03161b864cfb49.yaml b/nuclei-templates/cve-less/plugins/pj-news-ticker-14d59d1dd0d6c11dea03161b864cfb49.yaml new file mode 100644 index 0000000000..1463bb9d68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pj-news-ticker-14d59d1dd0d6c11dea03161b864cfb49.yaml @@ -0,0 +1,58 @@ +id: pj-news-ticker-14d59d1dd0d6c11dea03161b864cfb49 + +info: + name: > + PJ News Ticker <= 6.8.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78b60dca-0225-43c8-b6cf-0213b1619b65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pj-news-ticker/" + google-query: inurl:"/wp-content/plugins/pj-news-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pj-news-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pj-news-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pj-news-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plainview-activity-monitor-97006d9ae784a094161529df95603173.yaml b/nuclei-templates/cve-less/plugins/plainview-activity-monitor-97006d9ae784a094161529df95603173.yaml new file mode 100644 index 0000000000..cac48f744e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plainview-activity-monitor-97006d9ae784a094161529df95603173.yaml @@ -0,0 +1,58 @@ +id: plainview-activity-monitor-97006d9ae784a094161529df95603173 + +info: + name: > + Plainview Activity Monitor < 20180826 - Remote Command Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/669df758-0c7d-41c9-a9bd-9b3697898c77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plainview-activity-monitor/" + google-query: inurl:"/wp-content/plugins/plainview-activity-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plainview-activity-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plainview-activity-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plainview-activity-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 20180826') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plainview-protect-passwords-7ffe069edd0a90f30c2910fd73b2059b.yaml b/nuclei-templates/cve-less/plugins/plainview-protect-passwords-7ffe069edd0a90f30c2910fd73b2059b.yaml new file mode 100644 index 0000000000..210ded002c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plainview-protect-passwords-7ffe069edd0a90f30c2910fd73b2059b.yaml @@ -0,0 +1,58 @@ +id: plainview-protect-passwords-7ffe069edd0a90f30c2910fd73b2059b + +info: + name: > + Plainview Protect Passwords <= 1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b63d8238-267f-4a40-9af0-37ae8b9ba26b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plainview-protect-passwords/" + google-query: inurl:"/wp-content/plugins/plainview-protect-passwords/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plainview-protect-passwords,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plainview-protect-passwords/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plainview-protect-passwords" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plainview-protect-passwords-f0297e0c6535810defa6f3589f3d99ca.yaml b/nuclei-templates/cve-less/plugins/plainview-protect-passwords-f0297e0c6535810defa6f3589f3d99ca.yaml new file mode 100644 index 0000000000..e64c58ee7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plainview-protect-passwords-f0297e0c6535810defa6f3589f3d99ca.yaml @@ -0,0 +1,58 @@ +id: plainview-protect-passwords-f0297e0c6535810defa6f3589f3d99ca + +info: + name: > + Plainview Protect Passwords <= 1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc59b997-a8e2-4c75-aa5f-36cc5a66326e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plainview-protect-passwords/" + google-query: inurl:"/wp-content/plugins/plainview-protect-passwords/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plainview-protect-passwords,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plainview-protect-passwords/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plainview-protect-passwords" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/planso-forms-b3f5b694f8149f7215285f5a07a42c03.yaml b/nuclei-templates/cve-less/plugins/planso-forms-b3f5b694f8149f7215285f5a07a42c03.yaml new file mode 100644 index 0000000000..45638dfbd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/planso-forms-b3f5b694f8149f7215285f5a07a42c03.yaml @@ -0,0 +1,58 @@ +id: planso-forms-b3f5b694f8149f7215285f5a07a42c03 + +info: + name: > + PlanSo Forms <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51e4f7ac-efc5-492c-b7a4-eea6d5f69e0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/planso-forms/" + google-query: inurl:"/wp-content/plugins/planso-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,planso-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/planso-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "planso-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/platinum-seo-pack-0fc1f5cd03c6bddb3df8077c66fc0927.yaml b/nuclei-templates/cve-less/plugins/platinum-seo-pack-0fc1f5cd03c6bddb3df8077c66fc0927.yaml new file mode 100644 index 0000000000..a2c83c8fe3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/platinum-seo-pack-0fc1f5cd03c6bddb3df8077c66fc0927.yaml @@ -0,0 +1,58 @@ +id: platinum-seo-pack-0fc1f5cd03c6bddb3df8077c66fc0927 + +info: + name: > + Platinum SEO <= 1.3.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ed45d70-a528-47ee-84c9-26948dfe91f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/platinum-seo-pack/" + google-query: inurl:"/wp-content/plugins/platinum-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,platinum-seo-pack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/platinum-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "platinum-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/platinum-seo-pack-74239a2c7d59745dfff630629648ba8b.yaml b/nuclei-templates/cve-less/plugins/platinum-seo-pack-74239a2c7d59745dfff630629648ba8b.yaml new file mode 100644 index 0000000000..ac270466bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/platinum-seo-pack-74239a2c7d59745dfff630629648ba8b.yaml @@ -0,0 +1,58 @@ +id: platinum-seo-pack-74239a2c7d59745dfff630629648ba8b + +info: + name: > + Platinum SEO <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76b25ae3-b813-4e79-a5e3-0af5e6eb8a06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/platinum-seo-pack/" + google-query: inurl:"/wp-content/plugins/platinum-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,platinum-seo-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/platinum-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "platinum-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plausible-analytics-3b9fd84836c7bf88f01e3e36ab24d168.yaml b/nuclei-templates/cve-less/plugins/plausible-analytics-3b9fd84836c7bf88f01e3e36ab24d168.yaml new file mode 100644 index 0000000000..e3ec8081f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plausible-analytics-3b9fd84836c7bf88f01e3e36ab24d168.yaml @@ -0,0 +1,58 @@ +id: plausible-analytics-3b9fd84836c7bf88f01e3e36ab24d168 + +info: + name: > + Plausible Analytics <= 1.3.3 - Reflected Cross-Site Scripting via page-url + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ed6d5e6-1094-46ec-afb9-43c142f334ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plausible-analytics/" + google-query: inurl:"/wp-content/plugins/plausible-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plausible-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plausible-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plausible-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plausible-analytics-c591f3e0b0e6607bb02f8ca1122eb1cd.yaml b/nuclei-templates/cve-less/plugins/plausible-analytics-c591f3e0b0e6607bb02f8ca1122eb1cd.yaml new file mode 100644 index 0000000000..0c881670de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plausible-analytics-c591f3e0b0e6607bb02f8ca1122eb1cd.yaml @@ -0,0 +1,58 @@ +id: plausible-analytics-c591f3e0b0e6607bb02f8ca1122eb1cd + +info: + name: > + Plausible Analytics <= 1.2.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c84b432-4d33-47ad-8057-0bc831929879?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plausible-analytics/" + google-query: inurl:"/wp-content/plugins/plausible-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plausible-analytics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plausible-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plausible-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/play-ht-4eaf37cfdef1b74dc7b626ac3436d2c6.yaml b/nuclei-templates/cve-less/plugins/play-ht-4eaf37cfdef1b74dc7b626ac3436d2c6.yaml new file mode 100644 index 0000000000..e96fb73dd1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/play-ht-4eaf37cfdef1b74dc7b626ac3436d2c6.yaml @@ -0,0 +1,58 @@ +id: play-ht-4eaf37cfdef1b74dc7b626ac3436d2c6 + +info: + name: > + Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/play-ht/" + google-query: inurl:"/wp-content/plugins/play-ht/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,play-ht,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/play-ht/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "play-ht" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/play-ht-6182145f7b993029088ccd0a82af0476.yaml b/nuclei-templates/cve-less/plugins/play-ht-6182145f7b993029088ccd0a82af0476.yaml new file mode 100644 index 0000000000..a6c13eb05b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/play-ht-6182145f7b993029088ccd0a82af0476.yaml @@ -0,0 +1,58 @@ +id: play-ht-6182145f7b993029088ccd0a82af0476 + +info: + name: > + Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83a595b7-379c-4202-abdd-d8ba4a30c6a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/play-ht/" + google-query: inurl:"/wp-content/plugins/play-ht/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,play-ht,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/play-ht/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "play-ht" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/play-ht-e04d152bd4d70be12ad11762391a5d6a.yaml b/nuclei-templates/cve-less/plugins/play-ht-e04d152bd4d70be12ad11762391a5d6a.yaml new file mode 100644 index 0000000000..2ed9a63792 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/play-ht-e04d152bd4d70be12ad11762391a5d6a.yaml @@ -0,0 +1,58 @@ +id: play-ht-e04d152bd4d70be12ad11762391a5d6a + +info: + name: > + Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/play-ht/" + google-query: inurl:"/wp-content/plugins/play-ht/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,play-ht,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/play-ht/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "play-ht" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/player-3c0e50875a3bbfb2004a47e262647c92.yaml b/nuclei-templates/cve-less/plugins/player-3c0e50875a3bbfb2004a47e262647c92.yaml new file mode 100644 index 0000000000..20f28a4e48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/player-3c0e50875a3bbfb2004a47e262647c92.yaml @@ -0,0 +1,58 @@ +id: player-3c0e50875a3bbfb2004a47e262647c92 + +info: + name: > + SpiderVPlayer <= 2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bc8c04f-3764-473e-a216-7c5dc49abfa8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/player/" + google-query: inurl:"/wp-content/plugins/player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,player,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/player-a132c10bef68833cf859b4bbead4a383.yaml b/nuclei-templates/cve-less/plugins/player-a132c10bef68833cf859b4bbead4a383.yaml new file mode 100644 index 0000000000..dfc31a5024 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/player-a132c10bef68833cf859b4bbead4a383.yaml @@ -0,0 +1,58 @@ +id: player-a132c10bef68833cf859b4bbead4a383 + +info: + name: > + Video Player <= 1.5.22 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93d78063-238d-40c0-92c9-6870d85d29f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/player/" + google-query: inurl:"/wp-content/plugins/player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,player,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/player-ece1da78596879174efa10393f34846c.yaml b/nuclei-templates/cve-less/plugins/player-ece1da78596879174efa10393f34846c.yaml new file mode 100644 index 0000000000..d2085ba0db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/player-ece1da78596879174efa10393f34846c.yaml @@ -0,0 +1,58 @@ +id: player-ece1da78596879174efa10393f34846c + +info: + name: > + SpiderVPlayer <= 1.5.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4070a24-04fa-44e8-8ec2-bc84ba53b90d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/player/" + google-query: inurl:"/wp-content/plugins/player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,player,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/player-f4526bcdafc950c9e06f1e8880692066.yaml b/nuclei-templates/cve-less/plugins/player-f4526bcdafc950c9e06f1e8880692066.yaml new file mode 100644 index 0000000000..b0accf7224 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/player-f4526bcdafc950c9e06f1e8880692066.yaml @@ -0,0 +1,58 @@ +id: player-f4526bcdafc950c9e06f1e8880692066 + +info: + name: > + Video Player <= 1.5.22 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1627ec2a-f91d-4ed7-acb8-a3fb63b45731?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/player/" + google-query: inurl:"/wp-content/plugins/player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plerdy-heatmap-2c3170861d7bd02e32a5482d1f26ddd0.yaml b/nuclei-templates/cve-less/plugins/plerdy-heatmap-2c3170861d7bd02e32a5482d1f26ddd0.yaml new file mode 100644 index 0000000000..9c5080dd3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plerdy-heatmap-2c3170861d7bd02e32a5482d1f26ddd0.yaml @@ -0,0 +1,58 @@ +id: plerdy-heatmap-2c3170861d7bd02e32a5482d1f26ddd0 + +info: + name: > + Website Optimization – Plerdy <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db18ac07-2e7a-466d-b00c-a598401f8633?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plerdy-heatmap/" + google-query: inurl:"/wp-content/plugins/plerdy-heatmap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plerdy-heatmap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plerdy-heatmap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plerdy-heatmap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plezi-c8ca58879ec3a0e2ce408bc544c89b18.yaml b/nuclei-templates/cve-less/plugins/plezi-c8ca58879ec3a0e2ce408bc544c89b18.yaml new file mode 100644 index 0000000000..2f6bc6708b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plezi-c8ca58879ec3a0e2ce408bc544c89b18.yaml @@ -0,0 +1,58 @@ +id: plezi-c8ca58879ec3a0e2ce408bc544c89b18 + +info: + name: > + Plezi < 1.0.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7c0efd8-08c0-4283-a0bf-2f6ca3998668?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plezi/" + google-query: inurl:"/wp-content/plugins/plezi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plezi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plezi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plezi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plugin-groups-f9def0ceb1a6b24330f85d2a5c68b378.yaml b/nuclei-templates/cve-less/plugins/plugin-groups-f9def0ceb1a6b24330f85d2a5c68b378.yaml new file mode 100644 index 0000000000..d26018efc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plugin-groups-f9def0ceb1a6b24330f85d2a5c68b378.yaml @@ -0,0 +1,58 @@ +id: plugin-groups-f9def0ceb1a6b24330f85d2a5c68b378 + +info: + name: > + Plugin Groups <= 2.0.6 - Missing Authorization to Unauthenticated Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8298f1fb-3165-40e3-9192-805a07c14cae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plugin-groups/" + google-query: inurl:"/wp-content/plugins/plugin-groups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plugin-groups,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plugin-groups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plugin-groups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plugin-logic-c9f14b3efd68aaad972afe4c5e7676c3.yaml b/nuclei-templates/cve-less/plugins/plugin-logic-c9f14b3efd68aaad972afe4c5e7676c3.yaml new file mode 100644 index 0000000000..f2b64fa48e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plugin-logic-c9f14b3efd68aaad972afe4c5e7676c3.yaml @@ -0,0 +1,58 @@ +id: plugin-logic-c9f14b3efd68aaad972afe4c5e7676c3 + +info: + name: > + Plugin Logic <= 1.0.7 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e75a96ab-499b-4f1d-a60b-a5aa9d804363?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plugin-logic/" + google-query: inurl:"/wp-content/plugins/plugin-logic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plugin-logic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plugin-logic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plugin-logic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plugin-newsletter-4b8d96697b92d4da201ab4792cfe050a.yaml b/nuclei-templates/cve-less/plugins/plugin-newsletter-4b8d96697b92d4da201ab4792cfe050a.yaml new file mode 100644 index 0000000000..40e811344d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plugin-newsletter-4b8d96697b92d4da201ab4792cfe050a.yaml @@ -0,0 +1,58 @@ +id: plugin-newsletter-4b8d96697b92d4da201ab4792cfe050a + +info: + name: > + Plugin: Newsletter <= 1.5 - Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7370e3c3-90e6-4698-88e7-baf56832528d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plugin-newsletter/" + google-query: inurl:"/wp-content/plugins/plugin-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plugin-newsletter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plugin-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plugin-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plugins-list-d8a9eea8aa488b4edc83d1161c57f57d.yaml b/nuclei-templates/cve-less/plugins/plugins-list-d8a9eea8aa488b4edc83d1161c57f57d.yaml new file mode 100644 index 0000000000..8273b00145 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plugins-list-d8a9eea8aa488b4edc83d1161c57f57d.yaml @@ -0,0 +1,58 @@ +id: plugins-list-d8a9eea8aa488b4edc83d1161c57f57d + +info: + name: > + Plugins List <= 2.5 - Authenticated (Author+) Stored Cross-Site Scripting via replace_plugin_list_tags + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9d42cc5-c213-454b-b05a-a57705e5c7e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plugins-list/" + google-query: inurl:"/wp-content/plugins/plugins-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plugins-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plugins-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plugins-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plugins-on-steroids-f1ab4812b24f2e95426a9a9673c2032b.yaml b/nuclei-templates/cve-less/plugins/plugins-on-steroids-f1ab4812b24f2e95426a9a9673c2032b.yaml new file mode 100644 index 0000000000..d01d6d2ea5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plugins-on-steroids-f1ab4812b24f2e95426a9a9673c2032b.yaml @@ -0,0 +1,58 @@ +id: plugins-on-steroids-f1ab4812b24f2e95426a9a9673c2032b + +info: + name: > + Eazy Plugin Manager <= 4.1.2 - Missing Authorization via update_options + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e214fadf-73fd-430f-8608-6630ce82b78c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plugins-on-steroids/" + google-query: inurl:"/wp-content/plugins/plugins-on-steroids/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plugins-on-steroids,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plugins-on-steroids/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plugins-on-steroids" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plugmatter-optin-feature-box-lite-5a8e72249d01f06327896fcc8bd59c29.yaml b/nuclei-templates/cve-less/plugins/plugmatter-optin-feature-box-lite-5a8e72249d01f06327896fcc8bd59c29.yaml new file mode 100644 index 0000000000..270bcea1d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plugmatter-optin-feature-box-lite-5a8e72249d01f06327896fcc8bd59c29.yaml @@ -0,0 +1,58 @@ +id: plugmatter-optin-feature-box-lite-5a8e72249d01f06327896fcc8bd59c29 + +info: + name: > + Plugmatter Optin Feature Box < 2.0.14 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30d592d0-323b-40d8-9f13-22041dbded31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plugmatter-optin-feature-box-lite/" + google-query: inurl:"/wp-content/plugins/plugmatter-optin-feature-box-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plugmatter-optin-feature-box-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plugmatter-optin-feature-box-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plugmatter-optin-feature-box-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plugmatter-optin-feature-box-lite-f9f9a85d9bfed3059a0bb1fb2526ff0c.yaml b/nuclei-templates/cve-less/plugins/plugmatter-optin-feature-box-lite-f9f9a85d9bfed3059a0bb1fb2526ff0c.yaml new file mode 100644 index 0000000000..36d3f831f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plugmatter-optin-feature-box-lite-f9f9a85d9bfed3059a0bb1fb2526ff0c.yaml @@ -0,0 +1,58 @@ +id: plugmatter-optin-feature-box-lite-f9f9a85d9bfed3059a0bb1fb2526ff0c + +info: + name: > + Plugmatter Optin Feature Box < 2.0.14 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da1d37f5-45d5-4775-a217-24fdb3b53da7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plugmatter-optin-feature-box-lite/" + google-query: inurl:"/wp-content/plugins/plugmatter-optin-feature-box-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plugmatter-optin-feature-box-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plugmatter-optin-feature-box-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plugmatter-optin-feature-box-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plugmatter-pricing-table-5af8a6245b1d97ecb98489a4ed722ce3.yaml b/nuclei-templates/cve-less/plugins/plugmatter-pricing-table-5af8a6245b1d97ecb98489a4ed722ce3.yaml new file mode 100644 index 0000000000..4a63b053c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plugmatter-pricing-table-5af8a6245b1d97ecb98489a4ed722ce3.yaml @@ -0,0 +1,58 @@ +id: plugmatter-pricing-table-5af8a6245b1d97ecb98489a4ed722ce3 + +info: + name: > + Plugmatter Pricing Table Lite <= 1.0.32 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68fe0f74-96d7-4d5b-99a2-dff4f1c9d30b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plugmatter-pricing-table/" + google-query: inurl:"/wp-content/plugins/plugmatter-pricing-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plugmatter-pricing-table,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plugmatter-pricing-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plugmatter-pricing-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plugnedit-20fb78c96d003cc1a6ca252c0fdacd2e.yaml b/nuclei-templates/cve-less/plugins/plugnedit-20fb78c96d003cc1a6ca252c0fdacd2e.yaml new file mode 100644 index 0000000000..c3637e51d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plugnedit-20fb78c96d003cc1a6ca252c0fdacd2e.yaml @@ -0,0 +1,58 @@ +id: plugnedit-20fb78c96d003cc1a6ca252c0fdacd2e + +info: + name: > + PlugNedit Adaptive Editor < 6.2.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3ce0eca-5ec3-4af9-bc83-2f973b18e7f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plugnedit/" + google-query: inurl:"/wp-content/plugins/plugnedit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plugnedit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plugnedit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plugnedit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/plugnedit-a9d432e9161b4b6c46b6a95df71ed4b7.yaml b/nuclei-templates/cve-less/plugins/plugnedit-a9d432e9161b4b6c46b6a95df71ed4b7.yaml new file mode 100644 index 0000000000..7cc3221109 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/plugnedit-a9d432e9161b4b6c46b6a95df71ed4b7.yaml @@ -0,0 +1,58 @@ +id: plugnedit-a9d432e9161b4b6c46b6a95df71ed4b7 + +info: + name: > + PlugNedit Adaptive Editor < 6.2.0 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9160c10-8e10-44b2-b08a-612856869689?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/plugnedit/" + google-query: inurl:"/wp-content/plugins/plugnedit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,plugnedit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/plugnedit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "plugnedit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pluscaptcha-1a537a66e5a0122e9300b301ca51e7e6.yaml b/nuclei-templates/cve-less/plugins/pluscaptcha-1a537a66e5a0122e9300b301ca51e7e6.yaml new file mode 100644 index 0000000000..fb69f22c92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pluscaptcha-1a537a66e5a0122e9300b301ca51e7e6.yaml @@ -0,0 +1,58 @@ +id: pluscaptcha-1a537a66e5a0122e9300b301ca51e7e6 + +info: + name: > + PlusCaptcha <= 2.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff18222-5796-432e-a810-d01fd5fbec4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pluscaptcha/" + google-query: inurl:"/wp-content/plugins/pluscaptcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pluscaptcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pluscaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pluscaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pmpro-ccbill-1758abc4263fca3455f9d9502f847bae.yaml b/nuclei-templates/cve-less/plugins/pmpro-ccbill-1758abc4263fca3455f9d9502f847bae.yaml new file mode 100644 index 0000000000..31a9aa7c30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pmpro-ccbill-1758abc4263fca3455f9d9502f847bae.yaml @@ -0,0 +1,58 @@ +id: pmpro-ccbill-1758abc4263fca3455f9d9502f847bae + +info: + name: > + Paid Memberships Pro CCBill Gateway <= 0.3 - Insufficient Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47bb46df-3ed6-4331-8c05-c76331aa6995?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pmpro-ccbill/" + google-query: inurl:"/wp-content/plugins/pmpro-ccbill/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pmpro-ccbill,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pmpro-ccbill/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pmpro-ccbill" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pmpro-courses-001a8dbb2842e703a09732c4c42c632c.yaml b/nuclei-templates/cve-less/plugins/pmpro-courses-001a8dbb2842e703a09732c4c42c632c.yaml new file mode 100644 index 0000000000..1476d0cb1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pmpro-courses-001a8dbb2842e703a09732c4c42c632c.yaml @@ -0,0 +1,58 @@ +id: pmpro-courses-001a8dbb2842e703a09732c4c42c632c + +info: + name: > + Paid Memberships Pro - Courses for Membership Add On <= 1.2.3 - Missing Authorization to Authenticated (Subscriber+) Course Modifications + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2dee8d2-e1ab-455c-b922-92881f62fc5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pmpro-courses/" + google-query: inurl:"/wp-content/plugins/pmpro-courses/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pmpro-courses,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pmpro-courses/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pmpro-courses" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pmpro-mailchimp-b69217b2f780a8df207734ae1925c5b4.yaml b/nuclei-templates/cve-less/plugins/pmpro-mailchimp-b69217b2f780a8df207734ae1925c5b4.yaml new file mode 100644 index 0000000000..69aba7929e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pmpro-mailchimp-b69217b2f780a8df207734ae1925c5b4.yaml @@ -0,0 +1,58 @@ +id: pmpro-mailchimp-b69217b2f780a8df207734ae1925c5b4 + +info: + name: > + Paid Memberships Pro – Mailchimp Add On <= 2.3.4 - Unauthenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/415c2648-4fcb-4226-baac-9e75db79bfdf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pmpro-mailchimp/" + google-query: inurl:"/wp-content/plugins/pmpro-mailchimp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pmpro-mailchimp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pmpro-mailchimp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pmpro-mailchimp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pmpro-payfast-160c7d8906d4726b6004392f05625a85.yaml b/nuclei-templates/cve-less/plugins/pmpro-payfast-160c7d8906d4726b6004392f05625a85.yaml new file mode 100644 index 0000000000..7d9007ff62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pmpro-payfast-160c7d8906d4726b6004392f05625a85.yaml @@ -0,0 +1,58 @@ +id: pmpro-payfast-160c7d8906d4726b6004392f05625a85 + +info: + name: > + Paid Memberships Pro – Payfast Gateway Add On <= 1.4.1 - Unauthenticated Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3e194c0-b35a-496b-b31a-666334312f20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pmpro-payfast/" + google-query: inurl:"/wp-content/plugins/pmpro-payfast/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pmpro-payfast,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pmpro-payfast/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pmpro-payfast" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pmpro-register-helper-f1d7c5edd451960671d8bd82cadc646e.yaml b/nuclei-templates/cve-less/plugins/pmpro-register-helper-f1d7c5edd451960671d8bd82cadc646e.yaml new file mode 100644 index 0000000000..3a16948f5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pmpro-register-helper-f1d7c5edd451960671d8bd82cadc646e.yaml @@ -0,0 +1,58 @@ +id: pmpro-register-helper-f1d7c5edd451960671d8bd82cadc646e + +info: + name: > + Custom User Profile Fields <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb117172-c853-4448-9648-367bb9a0d2c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pmpro-register-helper/" + google-query: inurl:"/wp-content/plugins/pmpro-register-helper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pmpro-register-helper,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pmpro-register-helper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pmpro-register-helper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/png-to-jpg-63d2a51e3e8824195c3d41033688aedc.yaml b/nuclei-templates/cve-less/plugins/png-to-jpg-63d2a51e3e8824195c3d41033688aedc.yaml new file mode 100644 index 0000000000..1dc09d8f84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/png-to-jpg-63d2a51e3e8824195c3d41033688aedc.yaml @@ -0,0 +1,58 @@ +id: png-to-jpg-63d2a51e3e8824195c3d41033688aedc + +info: + name: > + PNG to JPG <= 5.8 - Cross-Site Request Forgery leading to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4fd340-6e94-4032-9202-8ccfa7481223?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/png-to-jpg/" + google-query: inurl:"/wp-content/plugins/png-to-jpg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,png-to-jpg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/png-to-jpg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "png-to-jpg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pocket-news-generator-a0985a296fca110ec993acbc89421094.yaml b/nuclei-templates/cve-less/plugins/pocket-news-generator-a0985a296fca110ec993acbc89421094.yaml new file mode 100644 index 0000000000..825ad4a767 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pocket-news-generator-a0985a296fca110ec993acbc89421094.yaml @@ -0,0 +1,58 @@ +id: pocket-news-generator-a0985a296fca110ec993acbc89421094 + +info: + name: > + Pocket News Generator <= 0.2.0 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fe7f4e4-3774-408b-8a2a-0db67bc34fcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pocket-news-generator/" + google-query: inurl:"/wp-content/plugins/pocket-news-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pocket-news-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pocket-news-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pocket-news-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pocket-news-generator-e23aa6f9657419fe19f8c4bed7c9e59d.yaml b/nuclei-templates/cve-less/plugins/pocket-news-generator-e23aa6f9657419fe19f8c4bed7c9e59d.yaml new file mode 100644 index 0000000000..019fc02572 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pocket-news-generator-e23aa6f9657419fe19f8c4bed7c9e59d.yaml @@ -0,0 +1,58 @@ +id: pocket-news-generator-e23aa6f9657419fe19f8c4bed7c9e59d + +info: + name: > + Pocket News Generator <= 0.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c8a487c-6bd5-480a-9945-ba465b38243f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pocket-news-generator/" + google-query: inurl:"/wp-content/plugins/pocket-news-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pocket-news-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pocket-news-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pocket-news-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podcast-channels-c4998932aa42fcf89b684f69330f53ac.yaml b/nuclei-templates/cve-less/plugins/podcast-channels-c4998932aa42fcf89b684f69330f53ac.yaml new file mode 100644 index 0000000000..e78fd3ec6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podcast-channels-c4998932aa42fcf89b684f69330f53ac.yaml @@ -0,0 +1,58 @@ +id: podcast-channels-c4998932aa42fcf89b684f69330f53ac + +info: + name: > + Podcast Channels <= 0.20 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb2cda13-4fc8-4158-9462-db20fb0965bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podcast-channels/" + google-query: inurl:"/wp-content/plugins/podcast-channels/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podcast-channels,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podcast-channels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podcast-channels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podcast-importer-secondline-39c09063986ff422c9e20ab8b773f550.yaml b/nuclei-templates/cve-less/plugins/podcast-importer-secondline-39c09063986ff422c9e20ab8b773f550.yaml new file mode 100644 index 0000000000..0f1129af46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podcast-importer-secondline-39c09063986ff422c9e20ab8b773f550.yaml @@ -0,0 +1,58 @@ +id: podcast-importer-secondline-39c09063986ff422c9e20ab8b773f550 + +info: + name: > + Podcast Importer SecondLine < 1.3.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0f887c-b9e5-4d3c-b354-ebf5741dc3ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podcast-importer-secondline/" + google-query: inurl:"/wp-content/plugins/podcast-importer-secondline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podcast-importer-secondline,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podcast-importer-secondline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podcast-importer-secondline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podcast-importer-secondline-de4fed651acf6eb0a9891cf52fedb252.yaml b/nuclei-templates/cve-less/plugins/podcast-importer-secondline-de4fed651acf6eb0a9891cf52fedb252.yaml new file mode 100644 index 0000000000..36df2ea35d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podcast-importer-secondline-de4fed651acf6eb0a9891cf52fedb252.yaml @@ -0,0 +1,58 @@ +id: podcast-importer-secondline-de4fed651acf6eb0a9891cf52fedb252 + +info: + name: > + Podcast Importer SecondLine <= 1.1.4 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ee7f904-d150-4da1-a79c-502fe2ca3b37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podcast-importer-secondline/" + google-query: inurl:"/wp-content/plugins/podcast-importer-secondline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podcast-importer-secondline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podcast-importer-secondline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podcast-importer-secondline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podcast-subscribe-buttons-a5c381dc4cbdb7060fc30ca87a13ef99.yaml b/nuclei-templates/cve-less/plugins/podcast-subscribe-buttons-a5c381dc4cbdb7060fc30ca87a13ef99.yaml new file mode 100644 index 0000000000..d5cb09e8a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podcast-subscribe-buttons-a5c381dc4cbdb7060fc30ca87a13ef99.yaml @@ -0,0 +1,58 @@ +id: podcast-subscribe-buttons-a5c381dc4cbdb7060fc30ca87a13ef99 + +info: + name: > + Podcast Subscribe Buttons <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17dbfb82-e380-464a-bfaf-2d0f6bf07f25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podcast-subscribe-buttons/" + google-query: inurl:"/wp-content/plugins/podcast-subscribe-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podcast-subscribe-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podcast-subscribe-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podcast-subscribe-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podcast-subscribe-buttons-e54fc04abf0b5b0662339153e1522a1e.yaml b/nuclei-templates/cve-less/plugins/podcast-subscribe-buttons-e54fc04abf0b5b0662339153e1522a1e.yaml new file mode 100644 index 0000000000..55b63ef9b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podcast-subscribe-buttons-e54fc04abf0b5b0662339153e1522a1e.yaml @@ -0,0 +1,58 @@ +id: podcast-subscribe-buttons-e54fc04abf0b5b0662339153e1522a1e + +info: + name: > + Podcast Subscribe Buttons < 1.4.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b66540ec-7a01-431c-a8bf-dbced505bf1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podcast-subscribe-buttons/" + google-query: inurl:"/wp-content/plugins/podcast-subscribe-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podcast-subscribe-buttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podcast-subscribe-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podcast-subscribe-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-110726f45fe770f212d1aee89f3bb57f.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-110726f45fe770f212d1aee89f3bb57f.yaml new file mode 100644 index 0000000000..dd73c88fcd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-110726f45fe770f212d1aee89f3bb57f.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-110726f45fe770f212d1aee89f3bb57f + +info: + name: > + Podlove Podcast Publisher <= 3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d353d8b7-76a5-45ce-aa7c-d571dedcbfd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-2e10545dd7017e6f584fc20c4f8e8985.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-2e10545dd7017e6f584fc20c4f8e8985.yaml new file mode 100644 index 0000000000..3b3c3bbe46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-2e10545dd7017e6f584fc20c4f8e8985.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-2e10545dd7017e6f584fc20c4f8e8985 + +info: + name: > + Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c9cf461-572c-4be8-96e6-659acf3208f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-3472d41d965a1eba1565dbf3f6f91c0c.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-3472d41d965a1eba1565dbf3f6f91c0c.yaml new file mode 100644 index 0000000000..f8959a1619 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-3472d41d965a1eba1565dbf3f6f91c0c.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-3472d41d965a1eba1565dbf3f6f91c0c + +info: + name: > + Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7b25b66-e9d1-448d-8367-cce4c0dec635?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-4a1b15e037b0e674a6b8abd0386af8e9.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-4a1b15e037b0e674a6b8abd0386af8e9.yaml new file mode 100644 index 0000000000..65c281ce85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-4a1b15e037b0e674a6b8abd0386af8e9.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-4a1b15e037b0e674a6b8abd0386af8e9 + +info: + name: > + Podlove Podcast Publisher <= 4.0.11 - Authenticated (Contributor+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35f82406-f75d-4510-81c0-14af3d944bf0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-5bb8fe4f6089667dd51c2e2e1a9444ca.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-5bb8fe4f6089667dd51c2e2e1a9444ca.yaml new file mode 100644 index 0000000000..4d4766766d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-5bb8fe4f6089667dd51c2e2e1a9444ca.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-5bb8fe4f6089667dd51c2e2e1a9444ca + +info: + name: > + Podlove Podcast Publisher <= 4.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddfc0150-d05c-4027-80d2-64c565fdd56d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-6143c745f174c1205927522fed8aa49e.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-6143c745f174c1205927522fed8aa49e.yaml new file mode 100644 index 0000000000..28be29406f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-6143c745f174c1205927522fed8aa49e.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-6143c745f174c1205927522fed8aa49e + +info: + name: > + Podlove Podcast Publisher <= 4.0.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b19af06d-7262-4d21-ac39-7d4ce8e75d71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-c5c5fe7ae04b300c4245ab22359369aa.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-c5c5fe7ae04b300c4245ab22359369aa.yaml new file mode 100644 index 0000000000..0035041786 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-c5c5fe7ae04b300c4245ab22359369aa.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-c5c5fe7ae04b300c4245ab22359369aa + +info: + name: > + Podlove Podcast Publisher <= 2.5.3 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da082107-1c71-4d18-a864-986807568de9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-d871e2a497ccda6c7cc830c72c3348e0.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-d871e2a497ccda6c7cc830c72c3348e0.yaml new file mode 100644 index 0000000000..9fd93faab4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-d871e2a497ccda6c7cc830c72c3348e0.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-d871e2a497ccda6c7cc830c72c3348e0 + +info: + name: > + Podlove Podcast Publisher <= 4.0.14 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b40e70ed-cdcb-4999-92a9-45bbd2515a3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-e253bc9eb60b3ba0170a2740ba27c2f4.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-e253bc9eb60b3ba0170a2740ba27c2f4.yaml new file mode 100644 index 0000000000..2a50b0ff01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-e253bc9eb60b3ba0170a2740ba27c2f4.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-e253bc9eb60b3ba0170a2740ba27c2f4 + +info: + name: > + Podlove Podcast Publisher < 2.3.16 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13968257-593d-433e-9583-5bb5d6c6b2d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-f7d71098b8867ed535059e5ab72f5309.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-f7d71098b8867ed535059e5ab72f5309.yaml new file mode 100644 index 0000000000..07173523f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-f7d71098b8867ed535059e5ab72f5309.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-f7d71098b8867ed535059e5ab72f5309 + +info: + name: > + Podlove Podcast Publisher <= 4.0.12 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6f4ee5d-819d-4125-8cff-acf9811e2919?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-f9001c4d0d146f20e371013d48c397ad.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-f9001c4d0d146f20e371013d48c397ad.yaml new file mode 100644 index 0000000000..27743688e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-f9001c4d0d146f20e371013d48c397ad.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-f9001c4d0d146f20e371013d48c397ad + +info: + name: > + Podlove Podcast Publisher <= 3.5.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8c01984-e8ba-4671-b63c-46ea245e7efa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-f9c4a4753797c567682067fdd891aa71.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-f9c4a4753797c567682067fdd891aa71.yaml new file mode 100644 index 0000000000..2d76386064 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-f9c4a4753797c567682067fdd891aa71.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-f9c4a4753797c567682067fdd891aa71 + +info: + name: > + Podlove Podcast Publisher < 2.3.16 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f526959-be34-48d1-8aa1-e36f7708bd20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-feda90e2637dc66a787016724474b475.yaml b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-feda90e2637dc66a787016724474b475.yaml new file mode 100644 index 0000000000..13f7c9fb5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-podcasting-plugin-for-wordpress-feda90e2637dc66a787016724474b475.yaml @@ -0,0 +1,58 @@ +id: podlove-podcasting-plugin-for-wordpress-feda90e2637dc66a787016724474b475 + +info: + name: > + Podlove Podcast Publisher <= 3.8.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17f2b07d-82de-4e25-9b17-ef4a1132e6c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + google-query: inurl:"/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-podcasting-plugin-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-podcasting-plugin-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-podcasting-plugin-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-subscribe-button-2f90b927ae201cfb6bea80146d60cefb.yaml b/nuclei-templates/cve-less/plugins/podlove-subscribe-button-2f90b927ae201cfb6bea80146d60cefb.yaml new file mode 100644 index 0000000000..9cf4aafc65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-subscribe-button-2f90b927ae201cfb6bea80146d60cefb.yaml @@ -0,0 +1,58 @@ +id: podlove-subscribe-button-2f90b927ae201cfb6bea80146d60cefb + +info: + name: > + Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via save function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb9a6c9b-24fb-436f-b583-55adeedb726e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-subscribe-button/" + google-query: inurl:"/wp-content/plugins/podlove-subscribe-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-subscribe-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-subscribe-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-subscribe-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-subscribe-button-4f7a95f2553b4e4ec80b6d04a6fbc8bb.yaml b/nuclei-templates/cve-less/plugins/podlove-subscribe-button-4f7a95f2553b4e4ec80b6d04a6fbc8bb.yaml new file mode 100644 index 0000000000..65dbb7ddb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-subscribe-button-4f7a95f2553b4e4ec80b6d04a6fbc8bb.yaml @@ -0,0 +1,58 @@ +id: podlove-subscribe-button-4f7a95f2553b4e4ec80b6d04a6fbc8bb + +info: + name: > + Podlove Subscribe button <= 1.3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89058e5a-0f67-4162-ba3b-0a4353d1e0a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-subscribe-button/" + google-query: inurl:"/wp-content/plugins/podlove-subscribe-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-subscribe-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-subscribe-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-subscribe-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-subscribe-button-858f2f8353e461ae105f6c048cf36fc0.yaml b/nuclei-templates/cve-less/plugins/podlove-subscribe-button-858f2f8353e461ae105f6c048cf36fc0.yaml new file mode 100644 index 0000000000..13f77bb42d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-subscribe-button-858f2f8353e461ae105f6c048cf36fc0.yaml @@ -0,0 +1,58 @@ +id: podlove-subscribe-button-858f2f8353e461ae105f6c048cf36fc0 + +info: + name: > + Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via process_form function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af695224-24e7-4d5b-b472-dee53eb6073f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-subscribe-button/" + google-query: inurl:"/wp-content/plugins/podlove-subscribe-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-subscribe-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-subscribe-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-subscribe-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-subscribe-button-f884e1e5931aac898c331db3ff9b0a47.yaml b/nuclei-templates/cve-less/plugins/podlove-subscribe-button-f884e1e5931aac898c331db3ff9b0a47.yaml new file mode 100644 index 0000000000..bf256608d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-subscribe-button-f884e1e5931aac898c331db3ff9b0a47.yaml @@ -0,0 +1,58 @@ +id: podlove-subscribe-button-f884e1e5931aac898c331db3ff9b0a47 + +info: + name: > + Podlove Subscribe button <= 1.3.10 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f234f05f-e377-4e89-81e1-f47ff44eebc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-subscribe-button/" + google-query: inurl:"/wp-content/plugins/podlove-subscribe-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-subscribe-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-subscribe-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-subscribe-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-web-player-5b013c9961d2008bd8c1b51839f147f0.yaml b/nuclei-templates/cve-less/plugins/podlove-web-player-5b013c9961d2008bd8c1b51839f147f0.yaml new file mode 100644 index 0000000000..7bdc05ca04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-web-player-5b013c9961d2008bd8c1b51839f147f0.yaml @@ -0,0 +1,58 @@ +id: podlove-web-player-5b013c9961d2008bd8c1b51839f147f0 + +info: + name: > + Podlove Web Player <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/141e5e08-efc3-4da7-ada3-4774dac88884?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-web-player/" + google-query: inurl:"/wp-content/plugins/podlove-web-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-web-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-web-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-web-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podlove-web-player-e884ca510b37335b1134220e4cc6625b.yaml b/nuclei-templates/cve-less/plugins/podlove-web-player-e884ca510b37335b1134220e4cc6625b.yaml new file mode 100644 index 0000000000..0a849b2369 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podlove-web-player-e884ca510b37335b1134220e4cc6625b.yaml @@ -0,0 +1,58 @@ +id: podlove-web-player-e884ca510b37335b1134220e4cc6625b + +info: + name: > + Podlove Web Player <= 5.7.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fd8a952-d723-45a2-9027-12e3d99f715b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podlove-web-player/" + google-query: inurl:"/wp-content/plugins/podlove-web-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podlove-web-player,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podlove-web-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podlove-web-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/podpress-396371aecede5680b30f6adf18b9bebd.yaml b/nuclei-templates/cve-less/plugins/podpress-396371aecede5680b30f6adf18b9bebd.yaml new file mode 100644 index 0000000000..eec926487c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/podpress-396371aecede5680b30f6adf18b9bebd.yaml @@ -0,0 +1,58 @@ +id: podpress-396371aecede5680b30f6adf18b9bebd + +info: + name: > + podPress <= 8.8.10.17 - Cross-Site Scripting via playerID + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e56ebe2a-8a7e-454b-a1cd-7103112087e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/podpress/" + google-query: inurl:"/wp-content/plugins/podpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,podpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/podpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "podpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.8.10.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pods-33493821da381511f179da2cf195b351.yaml b/nuclei-templates/cve-less/plugins/pods-33493821da381511f179da2cf195b351.yaml new file mode 100644 index 0000000000..f75da47880 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pods-33493821da381511f179da2cf195b351.yaml @@ -0,0 +1,58 @@ +id: pods-33493821da381511f179da2cf195b351 + +info: + name: > + Pods - Custom Content Types and Fields - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5d330cd-ad1f-451e-bf41-39cfeb296cf0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pods/" + google-query: inurl:"/wp-content/plugins/pods/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pods,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3', '< 3.0.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pods-79c1e1544a74f2c87544fd2e816d236c.yaml b/nuclei-templates/cve-less/plugins/pods-79c1e1544a74f2c87544fd2e816d236c.yaml new file mode 100644 index 0000000000..7d7e9626dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pods-79c1e1544a74f2c87544fd2e816d236c.yaml @@ -0,0 +1,58 @@ +id: pods-79c1e1544a74f2c87544fd2e816d236c + +info: + name: > + Pods <= 2.9.10.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d874f9d7-c532-467d-9e3d-9529dd5bdc47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pods/" + google-query: inurl:"/wp-content/plugins/pods/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pods,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pods-7a55c80cef31b1897125e271418538f4.yaml b/nuclei-templates/cve-less/plugins/pods-7a55c80cef31b1897125e271418538f4.yaml new file mode 100644 index 0000000000..62f3393cd1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pods-7a55c80cef31b1897125e271418538f4.yaml @@ -0,0 +1,58 @@ +id: pods-7a55c80cef31b1897125e271418538f4 + +info: + name: > + Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9108d5f-7b8b-478d-ba9d-f895bdb7dbf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pods/" + google-query: inurl:"/wp-content/plugins/pods/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pods,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3', '< 3.0.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pods-85f6ac4895a90413fa74a9e82058c7a0.yaml b/nuclei-templates/cve-less/plugins/pods-85f6ac4895a90413fa74a9e82058c7a0.yaml new file mode 100644 index 0000000000..5a99310987 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pods-85f6ac4895a90413fa74a9e82058c7a0.yaml @@ -0,0 +1,58 @@ +id: pods-85f6ac4895a90413fa74a9e82058c7a0 + +info: + name: > + Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1aa7d0c2-27ec-47ad-8baa-c281c273078e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pods/" + google-query: inurl:"/wp-content/plugins/pods/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pods,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3', '< 3.0.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pods-a7d43e65e4e3ff48ff1d77822c4c9c14.yaml b/nuclei-templates/cve-less/plugins/pods-a7d43e65e4e3ff48ff1d77822c4c9c14.yaml new file mode 100644 index 0000000000..b801063177 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pods-a7d43e65e4e3ff48ff1d77822c4c9c14.yaml @@ -0,0 +1,58 @@ +id: pods-a7d43e65e4e3ff48ff1d77822c4c9c14 + +info: + name: > + Pods <= 2.4.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b8a9c85-a7cd-469c-834b-d1d89387cf63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pods/" + google-query: inurl:"/wp-content/plugins/pods/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pods,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pods-ba3ebdc8660c704b12fdc576b67a35b8.yaml b/nuclei-templates/cve-less/plugins/pods-ba3ebdc8660c704b12fdc576b67a35b8.yaml new file mode 100644 index 0000000000..e319f8a50b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pods-ba3ebdc8660c704b12fdc576b67a35b8.yaml @@ -0,0 +1,58 @@ +id: pods-ba3ebdc8660c704b12fdc576b67a35b8 + +info: + name: > + Pods <= 2.7.26 - Authenticated Stored Cross-Site Scripting via Menu Label field + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac8214af-00d0-4dde-a3e7-f657decc4b93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pods/" + google-query: inurl:"/wp-content/plugins/pods/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pods,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.4.4.2', '<= 2.7.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pods-d5266edec4a9e9c793fa60a9c89f4ac5.yaml b/nuclei-templates/cve-less/plugins/pods-d5266edec4a9e9c793fa60a9c89f4ac5.yaml new file mode 100644 index 0000000000..e2c77fd5a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pods-d5266edec4a9e9c793fa60a9c89f4ac5.yaml @@ -0,0 +1,58 @@ +id: pods-d5266edec4a9e9c793fa60a9c89f4ac5 + +info: + name: > + Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0707c92-96e9-444a-8a13-52d49c9e3f5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pods/" + google-query: inurl:"/wp-content/plugins/pods/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pods,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pods-fc1ea9d8e61023700e49f1688ac8b5c8.yaml b/nuclei-templates/cve-less/plugins/pods-fc1ea9d8e61023700e49f1688ac8b5c8.yaml new file mode 100644 index 0000000000..c67dac9c36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pods-fc1ea9d8e61023700e49f1688ac8b5c8.yaml @@ -0,0 +1,58 @@ +id: pods-fc1ea9d8e61023700e49f1688ac8b5c8 + +info: + name: > + Pods <= 2.4.3 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19b4a27d-d9de-4567-86cd-8ec821ee299a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pods/" + google-query: inurl:"/wp-content/plugins/pods/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pods,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pods-ff2c0144dd3f14c012ac895bb24d6c4c.yaml b/nuclei-templates/cve-less/plugins/pods-ff2c0144dd3f14c012ac895bb24d6c4c.yaml new file mode 100644 index 0000000000..96aa6d9804 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pods-ff2c0144dd3f14c012ac895bb24d6c4c.yaml @@ -0,0 +1,58 @@ +id: pods-ff2c0144dd3f14c012ac895bb24d6c4c + +info: + name: > + Pods 2.4.4.1 - 2.7.26 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aba54af1-732a-49e6-a8c4-76f276a5581a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pods/" + google-query: inurl:"/wp-content/plugins/pods/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pods,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.4.4.1', '< 2.7.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poeditor-724f781d1b8ccbd2ec3504075cc6a13c.yaml b/nuclei-templates/cve-less/plugins/poeditor-724f781d1b8ccbd2ec3504075cc6a13c.yaml new file mode 100644 index 0000000000..c514598b40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poeditor-724f781d1b8ccbd2ec3504075cc6a13c.yaml @@ -0,0 +1,58 @@ +id: poeditor-724f781d1b8ccbd2ec3504075cc6a13c + +info: + name: > + POEditor <= 0.9.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e81e947-4892-4028-8a09-6a048bf6a572?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poeditor/" + google-query: inurl:"/wp-content/plugins/poeditor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poeditor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poeditor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poeditor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poeditor-d3df4f8a3c09c9129b3791672c61fc3a.yaml b/nuclei-templates/cve-less/plugins/poeditor-d3df4f8a3c09c9129b3791672c61fc3a.yaml new file mode 100644 index 0000000000..edf4b036ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poeditor-d3df4f8a3c09c9129b3791672c61fc3a.yaml @@ -0,0 +1,58 @@ +id: poeditor-d3df4f8a3c09c9129b3791672c61fc3a + +info: + name: > + POEditor <= 0.9.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8671bf69-640d-4656-ae22-a46daadf58a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poeditor/" + google-query: inurl:"/wp-content/plugins/poeditor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poeditor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poeditor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poeditor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/points-and-rewards-for-woocommerce-215be45a340fc01142771f1f9ff27095.yaml b/nuclei-templates/cve-less/plugins/points-and-rewards-for-woocommerce-215be45a340fc01142771f1f9ff27095.yaml new file mode 100644 index 0000000000..0659bed274 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/points-and-rewards-for-woocommerce-215be45a340fc01142771f1f9ff27095.yaml @@ -0,0 +1,58 @@ +id: points-and-rewards-for-woocommerce-215be45a340fc01142771f1f9ff27095 + +info: + name: > + Points and Rewards for WooCommerce <= 1.5.0 - Cross-Site Request Forgery to Settings Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36a43b08-872e-4760-a319-67e30fd004a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/points-and-rewards-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/points-and-rewards-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,points-and-rewards-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/points-and-rewards-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "points-and-rewards-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/points-and-rewards-for-woocommerce-f595c203a77330422dba7245cce84dcd.yaml b/nuclei-templates/cve-less/plugins/points-and-rewards-for-woocommerce-f595c203a77330422dba7245cce84dcd.yaml new file mode 100644 index 0000000000..45f90b4a1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/points-and-rewards-for-woocommerce-f595c203a77330422dba7245cce84dcd.yaml @@ -0,0 +1,58 @@ +id: points-and-rewards-for-woocommerce-f595c203a77330422dba7245cce84dcd + +info: + name: > + Points and Rewards for WooCommerce <= 1.5.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e7ac22f-cb50-46b6-b244-22b5e8dc8142?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/points-and-rewards-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/points-and-rewards-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,points-and-rewards-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/points-and-rewards-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "points-and-rewards-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poll-maker-18f92d3237c36d8e0be4fe5c61fd453f.yaml b/nuclei-templates/cve-less/plugins/poll-maker-18f92d3237c36d8e0be4fe5c61fd453f.yaml new file mode 100644 index 0000000000..3fa28db967 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poll-maker-18f92d3237c36d8e0be4fe5c61fd453f.yaml @@ -0,0 +1,58 @@ +id: poll-maker-18f92d3237c36d8e0be4fe5c61fd453f + +info: + name: > + Poll Maker <= 3.2.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/022dcd52-0e6f-4979-9088-d257b6a5fc11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poll-maker,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poll-maker-29bc9c14cc220941303188c45b9daf29.yaml b/nuclei-templates/cve-less/plugins/poll-maker-29bc9c14cc220941303188c45b9daf29.yaml new file mode 100644 index 0000000000..2e64905764 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poll-maker-29bc9c14cc220941303188c45b9daf29.yaml @@ -0,0 +1,58 @@ +id: poll-maker-29bc9c14cc220941303188c45b9daf29 + +info: + name: > + Poll Maker <= 4.6.2 - Authenticated (Admin+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e55ba61d-6fd0-4269-8ee9-3b8645d52e1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poll-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poll-maker-2db56d3c99ea70472b056252e5e2e9e6.yaml b/nuclei-templates/cve-less/plugins/poll-maker-2db56d3c99ea70472b056252e5e2e9e6.yaml new file mode 100644 index 0000000000..664d67d323 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poll-maker-2db56d3c99ea70472b056252e5e2e9e6.yaml @@ -0,0 +1,58 @@ +id: poll-maker-2db56d3c99ea70472b056252e5e2e9e6 + +info: + name: > + Poll Maker <= 3.2.8 – Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2523f85d-be90-4334-b8d5-8021ec05283d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poll-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poll-maker-3172cfdf5fc8b7e358c053d42d06583b.yaml b/nuclei-templates/cve-less/plugins/poll-maker-3172cfdf5fc8b7e358c053d42d06583b.yaml new file mode 100644 index 0000000000..ba99a34bd4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poll-maker-3172cfdf5fc8b7e358c053d42d06583b.yaml @@ -0,0 +1,58 @@ +id: poll-maker-3172cfdf5fc8b7e358c053d42d06583b + +info: + name: > + Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Email Enumeration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc0505a1-c7c4-4cf1-97cd-123a4dddcea3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poll-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poll-maker-79decf1a0edb8491c84a287af6c9aee1.yaml b/nuclei-templates/cve-less/plugins/poll-maker-79decf1a0edb8491c84a287af6c9aee1.yaml new file mode 100644 index 0000000000..4b1094e4b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poll-maker-79decf1a0edb8491c84a287af6c9aee1.yaml @@ -0,0 +1,58 @@ +id: poll-maker-79decf1a0edb8491c84a287af6c9aee1 + +info: + name: > + Poll Maker <= 4.8.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/345097c7-8f0e-46ed-9a1d-7c8a4a589e3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poll-maker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poll-maker-7a1aa0c88530968ed1b5b646f3180462.yaml b/nuclei-templates/cve-less/plugins/poll-maker-7a1aa0c88530968ed1b5b646f3180462.yaml new file mode 100644 index 0000000000..aaa496aa35 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poll-maker-7a1aa0c88530968ed1b5b646f3180462.yaml @@ -0,0 +1,58 @@ +id: poll-maker-7a1aa0c88530968ed1b5b646f3180462 + +info: + name: > + Poll Maker <= 4.0.1 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16e63535-28bc-4a3d-a201-4216dc786d98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poll-maker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poll-maker-b01ef863c43e07a65402f06b0d7b0757.yaml b/nuclei-templates/cve-less/plugins/poll-maker-b01ef863c43e07a65402f06b0d7b0757.yaml new file mode 100644 index 0000000000..e55dc2846d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poll-maker-b01ef863c43e07a65402f06b0d7b0757.yaml @@ -0,0 +1,58 @@ +id: poll-maker-b01ef863c43e07a65402f06b0d7b0757 + +info: + name: > + Poll Maker <= 4.7.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a27fcc6-b1ac-4649-892b-7e0dee3f0d08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poll-maker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poll-maker-c07bb721e301a0dbb891c103a2081934.yaml b/nuclei-templates/cve-less/plugins/poll-maker-c07bb721e301a0dbb891c103a2081934.yaml new file mode 100644 index 0000000000..e62fca4fb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poll-maker-c07bb721e301a0dbb891c103a2081934.yaml @@ -0,0 +1,58 @@ +id: poll-maker-c07bb721e301a0dbb891c103a2081934 + +info: + name: > + Poll Maker < 3.4.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e271effa-2c40-4635-ad6b-ca82b4742567?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poll-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poll-maker-e9a2fbdd50662e029e4a5c38ab41c5ff.yaml b/nuclei-templates/cve-less/plugins/poll-maker-e9a2fbdd50662e029e4a5c38ab41c5ff.yaml new file mode 100644 index 0000000000..526d103958 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poll-maker-e9a2fbdd50662e029e4a5c38ab41c5ff.yaml @@ -0,0 +1,58 @@ +id: poll-maker-e9a2fbdd50662e029e4a5c38ab41c5ff + +info: + name: > + Poll Maker <= 4.7.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faad9cf7-5d83-4ade-b121-c38fb0de78a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poll-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poll-maker-fd99760a8adb4d7f1b1ef68935056870.yaml b/nuclei-templates/cve-less/plugins/poll-maker-fd99760a8adb4d7f1b1ef68935056870.yaml new file mode 100644 index 0000000000..99ffa41bfe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poll-maker-fd99760a8adb4d7f1b1ef68935056870.yaml @@ -0,0 +1,58 @@ +id: poll-maker-fd99760a8adb4d7f1b1ef68935056870 + +info: + name: > + Poll Maker – Best WordPress Poll Plugin <= 5.1.8 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fec015e1-7f64-4917-a242-90bd1135f680?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poll-maker/" + google-query: inurl:"/wp-content/plugins/poll-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poll-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poll-wp-a7b9bf475d14b8ef039f5657643818f1.yaml b/nuclei-templates/cve-less/plugins/poll-wp-a7b9bf475d14b8ef039f5657643818f1.yaml new file mode 100644 index 0000000000..e9c320edf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poll-wp-a7b9bf475d14b8ef039f5657643818f1.yaml @@ -0,0 +1,58 @@ +id: poll-wp-a7b9bf475d14b8ef039f5657643818f1 + +info: + name: > + TS Poll – Best Poll Plugin for WordPress <1.3.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b78eb275-bede-44f0-bf72-6931c37d78bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poll-wp/" + google-query: inurl:"/wp-content/plugins/poll-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poll-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poll-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poll-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/polldaddy-24fe066591faebd7c14b911941c41812.yaml b/nuclei-templates/cve-less/plugins/polldaddy-24fe066591faebd7c14b911941c41812.yaml new file mode 100644 index 0000000000..b2bbdda653 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/polldaddy-24fe066591faebd7c14b911941c41812.yaml @@ -0,0 +1,58 @@ +id: polldaddy-24fe066591faebd7c14b911941c41812 + +info: + name: > + Crowdsignal Dashboard <= 3.0.9 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54f6a790-7cff-4910-a481-48ae13ba57c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/polldaddy/" + google-query: inurl:"/wp-content/plugins/polldaddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,polldaddy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/polldaddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "polldaddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/polldaddy-3ba84c6caf17726274b8e8f2682a9b39.yaml b/nuclei-templates/cve-less/plugins/polldaddy-3ba84c6caf17726274b8e8f2682a9b39.yaml new file mode 100644 index 0000000000..d3231c099c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/polldaddy-3ba84c6caf17726274b8e8f2682a9b39.yaml @@ -0,0 +1,58 @@ +id: polldaddy-3ba84c6caf17726274b8e8f2682a9b39 + +info: + name: > + Crowdsignal Dashboard – Polls, Surveys & more <= 3.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17fa37ae-5683-4b5f-995f-934f469141a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/polldaddy/" + google-query: inurl:"/wp-content/plugins/polldaddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,polldaddy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/polldaddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "polldaddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/polldaddy-8295098ceddb00b6deaf6e823158a962.yaml b/nuclei-templates/cve-less/plugins/polldaddy-8295098ceddb00b6deaf6e823158a962.yaml new file mode 100644 index 0000000000..65ffa454d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/polldaddy-8295098ceddb00b6deaf6e823158a962.yaml @@ -0,0 +1,58 @@ +id: polldaddy-8295098ceddb00b6deaf6e823158a962 + +info: + name: > + Crowdsignal Dashboard – Polls, Surveys & more <= 3.0.11 - Cross-Site Request Forgery via update_rating + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e03390e5-5604-4b9d-ab1b-dac2b19270cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/polldaddy/" + google-query: inurl:"/wp-content/plugins/polldaddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,polldaddy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/polldaddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "polldaddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/polldaddy-ab195980f5561581f232d594039c4477.yaml b/nuclei-templates/cve-less/plugins/polldaddy-ab195980f5561581f232d594039c4477.yaml new file mode 100644 index 0000000000..36080bea4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/polldaddy-ab195980f5561581f232d594039c4477.yaml @@ -0,0 +1,58 @@ +id: polldaddy-ab195980f5561581f232d594039c4477 + +info: + name: > + Crowdsignal Dashboard – Polls, Surveys & more <= 3.0.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a78da5c5-fb12-4fc9-8c51-6d9f6f7a4043?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/polldaddy/" + google-query: inurl:"/wp-content/plugins/polldaddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,polldaddy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/polldaddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "polldaddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/polldaddy-bc16d03e307b2f3d476c4281bda98567.yaml b/nuclei-templates/cve-less/plugins/polldaddy-bc16d03e307b2f3d476c4281bda98567.yaml new file mode 100644 index 0000000000..d1331ba887 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/polldaddy-bc16d03e307b2f3d476c4281bda98567.yaml @@ -0,0 +1,58 @@ +id: polldaddy-bc16d03e307b2f3d476c4281bda98567 + +info: + name: > + Crowdsignal Dashboard <= 2.0.24 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b0d5d92-1aba-4a0a-a989-a2d797112ade?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/polldaddy/" + google-query: inurl:"/wp-content/plugins/polldaddy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,polldaddy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/polldaddy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "polldaddy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/polls-widget-ab0d8c25a4b5735f6b566693ae1e6b91.yaml b/nuclei-templates/cve-less/plugins/polls-widget-ab0d8c25a4b5735f6b566693ae1e6b91.yaml new file mode 100644 index 0000000000..b86511c672 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/polls-widget-ab0d8c25a4b5735f6b566693ae1e6b91.yaml @@ -0,0 +1,58 @@ +id: polls-widget-ab0d8c25a4b5735f6b566693ae1e6b91 + +info: + name: > + Poll, Survey, Questionnaire and Voting system <= 1.7.4 - Authenticated (Administrator+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81ed1733-0073-464c-8ef7-28db228618e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/polls-widget/" + google-query: inurl:"/wp-content/plugins/polls-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,polls-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/polls-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "polls-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/polls-widget-cf547403a9a90330b0a13308e60c389b.yaml b/nuclei-templates/cve-less/plugins/polls-widget-cf547403a9a90330b0a13308e60c389b.yaml new file mode 100644 index 0000000000..7c4a9043d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/polls-widget-cf547403a9a90330b0a13308e60c389b.yaml @@ -0,0 +1,58 @@ +id: polls-widget-cf547403a9a90330b0a13308e60c389b + +info: + name: > + Poll, Survey, Questionnaire and Voting system <= 1.5.2 - Unauthenticated Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/162a9203-d169-4d96-9839-110f6a9e4ad3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/polls-widget/" + google-query: inurl:"/wp-content/plugins/polls-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,polls-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/polls-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "polls-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/polo-video-gallery-62d375a0ef3c9366ba6ad68911a5c603.yaml b/nuclei-templates/cve-less/plugins/polo-video-gallery-62d375a0ef3c9366ba6ad68911a5c603.yaml new file mode 100644 index 0000000000..db9a7eab17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/polo-video-gallery-62d375a0ef3c9366ba6ad68911a5c603.yaml @@ -0,0 +1,58 @@ +id: polo-video-gallery-62d375a0ef3c9366ba6ad68911a5c603 + +info: + name: > + Polo Video Gallery – Best wordpress video gallery plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/524452b9-e617-4434-a23f-6026b6f55eeb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/polo-video-gallery/" + google-query: inurl:"/wp-content/plugins/polo-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,polo-video-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/polo-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "polo-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/polylang-734bcf2e1364f37386af10d34a5f3d15.yaml b/nuclei-templates/cve-less/plugins/polylang-734bcf2e1364f37386af10d34a5f3d15.yaml new file mode 100644 index 0000000000..777cc56183 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/polylang-734bcf2e1364f37386af10d34a5f3d15.yaml @@ -0,0 +1,58 @@ +id: polylang-734bcf2e1364f37386af10d34a5f3d15 + +info: + name: > + Polylang <= 1.5.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c38b6cce-ea8b-48f3-a995-173047d1caf8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/polylang/" + google-query: inurl:"/wp-content/plugins/polylang/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,polylang,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/polylang/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "polylang" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pondol-carousel-c2306772abb4405001a28e4fae27ec0e.yaml b/nuclei-templates/cve-less/plugins/pondol-carousel-c2306772abb4405001a28e4fae27ec0e.yaml new file mode 100644 index 0000000000..13ea26c42e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pondol-carousel-c2306772abb4405001a28e4fae27ec0e.yaml @@ -0,0 +1,58 @@ +id: pondol-carousel-c2306772abb4405001a28e4fae27ec0e + +info: + name: > + Pondol Carousel <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e59e02f-d701-476a-9fd8-2098004089ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pondol-carousel/" + google-query: inurl:"/wp-content/plugins/pondol-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pondol-carousel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pondol-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pondol-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pondol-formmail-28928ab1eb71053bca13e7444bdf6fe5.yaml b/nuclei-templates/cve-less/plugins/pondol-formmail-28928ab1eb71053bca13e7444bdf6fe5.yaml new file mode 100644 index 0000000000..cb51038cfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pondol-formmail-28928ab1eb71053bca13e7444bdf6fe5.yaml @@ -0,0 +1,58 @@ +id: pondol-formmail-28928ab1eb71053bca13e7444bdf6fe5 + +info: + name: > + Pondol Form to Mail <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72c5fd31-f457-494a-a160-1f64366e3e63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pondol-formmail/" + google-query: inurl:"/wp-content/plugins/pondol-formmail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pondol-formmail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pondol-formmail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pondol-formmail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pootle-button-650e24c15aeace1d45fa4cd46dde8eb3.yaml b/nuclei-templates/cve-less/plugins/pootle-button-650e24c15aeace1d45fa4cd46dde8eb3.yaml new file mode 100644 index 0000000000..38ff4aff22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pootle-button-650e24c15aeace1d45fa4cd46dde8eb3.yaml @@ -0,0 +1,58 @@ +id: pootle-button-650e24c15aeace1d45fa4cd46dde8eb3 + +info: + name: > + pootle button <= 1.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/498f539a-f824-42fb-9df8-c1f82c4b3947?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pootle-button/" + google-query: inurl:"/wp-content/plugins/pootle-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pootle-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pootle-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pootle-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pop-up-4332f8cf6f6916ee73d377911664daa1.yaml b/nuclei-templates/cve-less/plugins/pop-up-4332f8cf6f6916ee73d377911664daa1.yaml new file mode 100644 index 0000000000..2f4ed76093 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pop-up-4332f8cf6f6916ee73d377911664daa1.yaml @@ -0,0 +1,58 @@ +id: pop-up-4332f8cf6f6916ee73d377911664daa1 + +info: + name: > + Pop-Up Chop Chop <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50b080aa-b9fe-48ac-922c-3f702fed1066?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pop-up/" + google-query: inurl:"/wp-content/plugins/pop-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pop-up,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pop-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pop-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pop-up-pop-up-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/cve-less/plugins/pop-up-pop-up-25a10466c42d47292b8a71c862e9a26a.yaml new file mode 100644 index 0000000000..8f1c41f2dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pop-up-pop-up-25a10466c42d47292b8a71c862e9a26a.yaml @@ -0,0 +1,58 @@ +id: pop-up-pop-up-25a10466c42d47292b8a71c862e9a26a + +info: + name: > + Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pop-up-pop-up/" + google-query: inurl:"/wp-content/plugins/pop-up-pop-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pop-up-pop-up,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pop-up-pop-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pop-up-pop-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pop-up-pop-up-2ad443c3fcd60f912c758a2ef81745f4.yaml b/nuclei-templates/cve-less/plugins/pop-up-pop-up-2ad443c3fcd60f912c758a2ef81745f4.yaml new file mode 100644 index 0000000000..aa0fa680ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pop-up-pop-up-2ad443c3fcd60f912c758a2ef81745f4.yaml @@ -0,0 +1,58 @@ +id: pop-up-pop-up-2ad443c3fcd60f912c758a2ef81745f4 + +info: + name: > + Pop-up <= 1.1.5 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88068243-9e2a-4893-a432-fd1973db7ca8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pop-up-pop-up/" + google-query: inurl:"/wp-content/plugins/pop-up-pop-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pop-up-pop-up,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pop-up-pop-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pop-up-pop-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pop-up-pop-up-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/cve-less/plugins/pop-up-pop-up-6ac56b73dfbde68009426ab1366ff6c2.yaml new file mode 100644 index 0000000000..53aff115e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pop-up-pop-up-6ac56b73dfbde68009426ab1366ff6c2.yaml @@ -0,0 +1,58 @@ +id: pop-up-pop-up-6ac56b73dfbde68009426ab1366ff6c2 + +info: + name: > + Inisev Analyst Module <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pop-up-pop-up/" + google-query: inurl:"/wp-content/plugins/pop-up-pop-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pop-up-pop-up,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pop-up-pop-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pop-up-pop-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pop-up-pop-up-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/cve-less/plugins/pop-up-pop-up-c451f687ef3559dbeeebe92c1e87ed44.yaml new file mode 100644 index 0000000000..72682fd5d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pop-up-pop-up-c451f687ef3559dbeeebe92c1e87ed44.yaml @@ -0,0 +1,58 @@ +id: pop-up-pop-up-c451f687ef3559dbeeebe92c1e87ed44 + +info: + name: > + Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pop-up-pop-up/" + google-query: inurl:"/wp-content/plugins/pop-up-pop-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pop-up-pop-up,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pop-up-pop-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pop-up-pop-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popcashnet-code-integration-tool-59d582cc0d2221cf47e1a851d96daa5e.yaml b/nuclei-templates/cve-less/plugins/popcashnet-code-integration-tool-59d582cc0d2221cf47e1a851d96daa5e.yaml new file mode 100644 index 0000000000..b3a69739b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popcashnet-code-integration-tool-59d582cc0d2221cf47e1a851d96daa5e.yaml @@ -0,0 +1,58 @@ +id: popcashnet-code-integration-tool-59d582cc0d2221cf47e1a851d96daa5e + +info: + name: > + PopCash Code Integration Tool < 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c511a5-3c2b-40c0-b3d1-bb7c83c67513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popcashnet-code-integration-tool/" + google-query: inurl:"/wp-content/plugins/popcashnet-code-integration-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popcashnet-code-integration-tool,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popcashnet-code-integration-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popcashnet-code-integration-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/poptin-fa365da8fb7be5a7c14e80d68226de79.yaml b/nuclei-templates/cve-less/plugins/poptin-fa365da8fb7be5a7c14e80d68226de79.yaml new file mode 100644 index 0000000000..5503472100 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/poptin-fa365da8fb7be5a7c14e80d68226de79.yaml @@ -0,0 +1,58 @@ +id: poptin-fa365da8fb7be5a7c14e80d68226de79 + +info: + name: > + Poptin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/778af777-4c98-45cd-9704-1bdc96054aa7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/poptin/" + google-query: inurl:"/wp-content/plugins/poptin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,poptin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/poptin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "poptin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-anything-on-click-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/popup-anything-on-click-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..fe40dad402 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-anything-on-click-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: popup-anything-on-click-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-anything-on-click/" + google-query: inurl:"/wp-content/plugins/popup-anything-on-click/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-anything-on-click,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-anything-on-click/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-anything-on-click" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-anything-on-click-a738a6df1d7af94fbdfc3f2ebe12ab82.yaml b/nuclei-templates/cve-less/plugins/popup-anything-on-click-a738a6df1d7af94fbdfc3f2ebe12ab82.yaml new file mode 100644 index 0000000000..4e8ff640a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-anything-on-click-a738a6df1d7af94fbdfc3f2ebe12ab82.yaml @@ -0,0 +1,58 @@ +id: popup-anything-on-click-a738a6df1d7af94fbdfc3f2ebe12ab82 + +info: + name: > + Popup Anything <= 2.8.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/012b5334-afdc-47bd-8eaf-967b40fef59b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-anything-on-click/" + google-query: inurl:"/wp-content/plugins/popup-anything-on-click/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-anything-on-click,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-anything-on-click/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-anything-on-click" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-anything-on-click-bd548451a3b6e5a6853676277735dfef.yaml b/nuclei-templates/cve-less/plugins/popup-anything-on-click-bd548451a3b6e5a6853676277735dfef.yaml new file mode 100644 index 0000000000..158fac8930 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-anything-on-click-bd548451a3b6e5a6853676277735dfef.yaml @@ -0,0 +1,58 @@ +id: popup-anything-on-click-bd548451a3b6e5a6853676277735dfef + +info: + name: > + WP OnlineSupport, Essential Plugin Popup Anything <= 2.2.1 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11ea3e40-8802-43ea-9816-973a15d7904d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-anything-on-click/" + google-query: inurl:"/wp-content/plugins/popup-anything-on-click/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-anything-on-click,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-anything-on-click/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-anything-on-click" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-anything-on-click-d4b97461c23d3e553d4dc5a4ed959427.yaml b/nuclei-templates/cve-less/plugins/popup-anything-on-click-d4b97461c23d3e553d4dc5a4ed959427.yaml new file mode 100644 index 0000000000..f9fe447f28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-anything-on-click-d4b97461c23d3e553d4dc5a4ed959427.yaml @@ -0,0 +1,58 @@ +id: popup-anything-on-click-d4b97461c23d3e553d4dc5a4ed959427 + +info: + name: > + Popup Anything <= 2.0.3 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bad7e5c9-f413-43ce-9ab8-e700002f2f3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-anything-on-click/" + google-query: inurl:"/wp-content/plugins/popup-anything-on-click/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-anything-on-click,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-anything-on-click/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-anything-on-click" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-anything-on-click-dfa9091cff2e49dc88dc81c6af99c1f8.yaml b/nuclei-templates/cve-less/plugins/popup-anything-on-click-dfa9091cff2e49dc88dc81c6af99c1f8.yaml new file mode 100644 index 0000000000..187f170e89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-anything-on-click-dfa9091cff2e49dc88dc81c6af99c1f8.yaml @@ -0,0 +1,58 @@ +id: popup-anything-on-click-dfa9091cff2e49dc88dc81c6af99c1f8 + +info: + name: > + Popup Anything – A Marketing Popup and Lead Generation Conversions <= 2.1.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bc1ebf6-2797-43cc-8c7a-930da29d6c78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-anything-on-click/" + google-query: inurl:"/wp-content/plugins/popup-anything-on-click/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-anything-on-click,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-anything-on-click/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-anything-on-click" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-box-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/popup-box-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..9855bbf6e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-box-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: popup-box-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-box/" + google-query: inurl:"/wp-content/plugins/popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-box-66e44ffd73c4157b210becf5e5234e8e.yaml b/nuclei-templates/cve-less/plugins/popup-box-66e44ffd73c4157b210becf5e5234e8e.yaml new file mode 100644 index 0000000000..b9c196db71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-box-66e44ffd73c4157b210becf5e5234e8e.yaml @@ -0,0 +1,58 @@ +id: popup-box-66e44ffd73c4157b210becf5e5234e8e + +info: + name: > + Popup Box <= 2.1.2 - Authenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0e53aa4-9acf-4501-9b5e-b7694851fc63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-box/" + google-query: inurl:"/wp-content/plugins/popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-box-cf6d429dc4a254aa005603854a5d8f0f.yaml b/nuclei-templates/cve-less/plugins/popup-box-cf6d429dc4a254aa005603854a5d8f0f.yaml new file mode 100644 index 0000000000..053c4115ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-box-cf6d429dc4a254aa005603854a5d8f0f.yaml @@ -0,0 +1,58 @@ +id: popup-box-cf6d429dc4a254aa005603854a5d8f0f + +info: + name: > + Popup Box – new WordPress popup plugin <= 2.2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef480fce-d0e3-47af-92ea-2c84c3f8e2f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-box/" + google-query: inurl:"/wp-content/plugins/popup-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-box,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-0c50700eaffcf8d6b08d04f7dda8abac.yaml b/nuclei-templates/cve-less/plugins/popup-builder-0c50700eaffcf8d6b08d04f7dda8abac.yaml new file mode 100644 index 0000000000..3d9d05e19d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-0c50700eaffcf8d6b08d04f7dda8abac.yaml @@ -0,0 +1,58 @@ +id: popup-builder-0c50700eaffcf8d6b08d04f7dda8abac + +info: + name: > + Popup Builder <= 3.63 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8a8aa7-8344-4ca7-8194-9bc679d18661?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.63') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-1558ae525a455945fc67fef6a1dd1612.yaml b/nuclei-templates/cve-less/plugins/popup-builder-1558ae525a455945fc67fef6a1dd1612.yaml new file mode 100644 index 0000000000..fb7a4d84c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-1558ae525a455945fc67fef6a1dd1612.yaml @@ -0,0 +1,58 @@ +id: popup-builder-1558ae525a455945fc67fef6a1dd1612 + +info: + name: > + Popup Builder <= 3.73 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17dcb057-6fa6-488c-9d59-22dcdba3fd2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.73') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-192f45705f7777bf22c82d567e0c737d.yaml b/nuclei-templates/cve-less/plugins/popup-builder-192f45705f7777bf22c82d567e0c737d.yaml new file mode 100644 index 0000000000..74d2db21e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-192f45705f7777bf22c82d567e0c737d.yaml @@ -0,0 +1,58 @@ +id: popup-builder-192f45705f7777bf22c82d567e0c737d + +info: + name: > + Popup Builder 2.2.8 - 2.6.7.6 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/470fbac6-45bf-400e-b415-32e7989abbad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.2.8', '<= 2.6.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-1f9ac7c68fe8ba8939533494bdaf6f2c.yaml b/nuclei-templates/cve-less/plugins/popup-builder-1f9ac7c68fe8ba8939533494bdaf6f2c.yaml new file mode 100644 index 0000000000..ce53da71e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-1f9ac7c68fe8ba8939533494bdaf6f2c.yaml @@ -0,0 +1,58 @@ +id: popup-builder-1f9ac7c68fe8ba8939533494bdaf6f2c + +info: + name: > + Popup Builder <= 4.0.6 - Local File Inclusion and PHAR Deserialization + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d096d29-6fdb-4f89-91d3-9ebfc1169f0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-2b836e0762bdbf59a8ee2eb5384418f5.yaml b/nuclei-templates/cve-less/plugins/popup-builder-2b836e0762bdbf59a8ee2eb5384418f5.yaml new file mode 100644 index 0000000000..12adbfa9fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-2b836e0762bdbf59a8ee2eb5384418f5.yaml @@ -0,0 +1,58 @@ +id: popup-builder-2b836e0762bdbf59a8ee2eb5384418f5 + +info: + name: > + Popup Builder <= 4.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f97af51-1532-4034-8b2a-8356b65cb617?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-65e82d728797876c4549a975b4ad5c9f.yaml b/nuclei-templates/cve-less/plugins/popup-builder-65e82d728797876c4549a975b4ad5c9f.yaml new file mode 100644 index 0000000000..8f902a9460 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-65e82d728797876c4549a975b4ad5c9f.yaml @@ -0,0 +1,58 @@ +id: popup-builder-65e82d728797876c4549a975b4ad5c9f + +info: + name: > + Popup Builder <= 4.1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f9853a2-c378-42bf-a12b-392823750942?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-9df0586fa1f03eb4aff1b246f09e907b.yaml b/nuclei-templates/cve-less/plugins/popup-builder-9df0586fa1f03eb4aff1b246f09e907b.yaml new file mode 100644 index 0000000000..94b114a69b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-9df0586fa1f03eb4aff1b246f09e907b.yaml @@ -0,0 +1,58 @@ +id: popup-builder-9df0586fa1f03eb4aff1b246f09e907b + +info: + name: > + Popup Builder <= 4.2.5 - Authenticated (Admin+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8e40f0a-9296-4113-8fff-0aea3c365c1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-a665c3284fcafde64dfe52ce15a964ef.yaml b/nuclei-templates/cve-less/plugins/popup-builder-a665c3284fcafde64dfe52ce15a964ef.yaml new file mode 100644 index 0000000000..68de80e634 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-a665c3284fcafde64dfe52ce15a964ef.yaml @@ -0,0 +1,58 @@ +id: popup-builder-a665c3284fcafde64dfe52ce15a964ef + +info: + name: > + Popup Builder <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0d61395-3434-460f-8821-79e7676eff17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-ac28c6a1f49fbad1719d7e09c0190565.yaml b/nuclei-templates/cve-less/plugins/popup-builder-ac28c6a1f49fbad1719d7e09c0190565.yaml new file mode 100644 index 0000000000..83b01dfa57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-ac28c6a1f49fbad1719d7e09c0190565.yaml @@ -0,0 +1,58 @@ +id: popup-builder-ac28c6a1f49fbad1719d7e09c0190565 + +info: + name: > + Popup Builder <= 3.63 - Authenticated Settings Modification, Configuration Disclosure, and User Data Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3a715b9-85df-46dd-9207-2066b6da9c43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.63') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-acfb5b2881f82d1968fd7915b9afb6ad.yaml b/nuclei-templates/cve-less/plugins/popup-builder-acfb5b2881f82d1968fd7915b9afb6ad.yaml new file mode 100644 index 0000000000..cc33c27e4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-acfb5b2881f82d1968fd7915b9afb6ad.yaml @@ -0,0 +1,58 @@ +id: popup-builder-acfb5b2881f82d1968fd7915b9afb6ad + +info: + name: > + Popup Builder <= 3.44 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cecffd72-4597-4308-9f21-4731269e8cf1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-aeb6fb0231c672e40781598de70439c1.yaml b/nuclei-templates/cve-less/plugins/popup-builder-aeb6fb0231c672e40781598de70439c1.yaml new file mode 100644 index 0000000000..590b42b256 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-aeb6fb0231c672e40781598de70439c1.yaml @@ -0,0 +1,58 @@ +id: popup-builder-aeb6fb0231c672e40781598de70439c1 + +info: + name: > + Popup Builder <= 4.1.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9b7a73c-6fba-4b5d-9f82-c3710cc8555d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-b04ad422f3446dde9c13618b34ff98a5.yaml b/nuclei-templates/cve-less/plugins/popup-builder-b04ad422f3446dde9c13618b34ff98a5.yaml new file mode 100644 index 0000000000..dda81fde5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-b04ad422f3446dde9c13618b34ff98a5.yaml @@ -0,0 +1,58 @@ +id: popup-builder-b04ad422f3446dde9c13618b34ff98a5 + +info: + name: > + Popup Builder <= 4.0.6 - Authenticated SQL Injection via order & orderby Parameters + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1714c26f-775a-4ccc-8b55-e85ca1fb3a84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-b5996763218808f5db38a6126c890df9.yaml b/nuclei-templates/cve-less/plugins/popup-builder-b5996763218808f5db38a6126c890df9.yaml new file mode 100644 index 0000000000..88b61b5838 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-b5996763218808f5db38a6126c890df9.yaml @@ -0,0 +1,58 @@ +id: popup-builder-b5996763218808f5db38a6126c890df9 + +info: + name: > + Popup Builder <= 4.1.10 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c34b21da-6c35-4eec-826b-47dc46575971?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-e90caa361b62564e08e191aa073473cd.yaml b/nuclei-templates/cve-less/plugins/popup-builder-e90caa361b62564e08e191aa073473cd.yaml new file mode 100644 index 0000000000..950e4a261d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-e90caa361b62564e08e191aa073473cd.yaml @@ -0,0 +1,58 @@ +id: popup-builder-e90caa361b62564e08e191aa073473cd + +info: + name: > + Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.1.11 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fda10117-b562-496e-8a17-88ee350ce8f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-builder-f3aaaced779e642f2bb1c29db02ea02e.yaml b/nuclei-templates/cve-less/plugins/popup-builder-f3aaaced779e642f2bb1c29db02ea02e.yaml new file mode 100644 index 0000000000..586f655973 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-builder-f3aaaced779e642f2bb1c29db02ea02e.yaml @@ -0,0 +1,58 @@ +id: popup-builder-f3aaaced779e642f2bb1c29db02ea02e + +info: + name: > + Popup Builder <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a853e0-0ebc-4ed5-b6ff-ce3973fb3ee1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-builder/" + google-query: inurl:"/wp-content/plugins/popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-by-supsystic-08f985452f29d16902708fda34a54b58.yaml b/nuclei-templates/cve-less/plugins/popup-by-supsystic-08f985452f29d16902708fda34a54b58.yaml new file mode 100644 index 0000000000..48388d17ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-by-supsystic-08f985452f29d16902708fda34a54b58.yaml @@ -0,0 +1,58 @@ +id: popup-by-supsystic-08f985452f29d16902708fda34a54b58 + +info: + name: > + Popup by Supsystic <= 1.10.19 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10021498-73c8-4767-b059-f282ddc35963?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-by-supsystic/" + google-query: inurl:"/wp-content/plugins/popup-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-by-supsystic-0ff521bb2f967b893b649e52f933e62e.yaml b/nuclei-templates/cve-less/plugins/popup-by-supsystic-0ff521bb2f967b893b649e52f933e62e.yaml new file mode 100644 index 0000000000..6eb5f90095 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-by-supsystic-0ff521bb2f967b893b649e52f933e62e.yaml @@ -0,0 +1,58 @@ +id: popup-by-supsystic-0ff521bb2f967b893b649e52f933e62e + +info: + name: > + Popup by Supsystic < 1.7.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5db5ea76-f0b6-4e30-aebf-c3769d0b3480?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-by-supsystic/" + google-query: inurl:"/wp-content/plugins/popup-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-by-supsystic-4a55514451127aed8c9fafcd15f7c892.yaml b/nuclei-templates/cve-less/plugins/popup-by-supsystic-4a55514451127aed8c9fafcd15f7c892.yaml new file mode 100644 index 0000000000..aa18f528e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-by-supsystic-4a55514451127aed8c9fafcd15f7c892.yaml @@ -0,0 +1,58 @@ +id: popup-by-supsystic-4a55514451127aed8c9fafcd15f7c892 + +info: + name: > + Popup by Supsystic <= 1.10.27 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73b99342-65ca-4f63-b1ea-638255821265?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-by-supsystic/" + google-query: inurl:"/wp-content/plugins/popup-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-by-supsystic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-by-supsystic-7181f5f3bd0820834a4f3207e9060f79.yaml b/nuclei-templates/cve-less/plugins/popup-by-supsystic-7181f5f3bd0820834a4f3207e9060f79.yaml new file mode 100644 index 0000000000..73ec586060 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-by-supsystic-7181f5f3bd0820834a4f3207e9060f79.yaml @@ -0,0 +1,58 @@ +id: popup-by-supsystic-7181f5f3bd0820834a4f3207e9060f79 + +info: + name: > + Popup by Supsystic <= 1.10.8 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2b3279b-fd39-4c34-92e8-57d309f37a93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-by-supsystic/" + google-query: inurl:"/wp-content/plugins/popup-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.10.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-by-supsystic-7d533a3d146be46c1ec4aa8c4e983051.yaml b/nuclei-templates/cve-less/plugins/popup-by-supsystic-7d533a3d146be46c1ec4aa8c4e983051.yaml new file mode 100644 index 0000000000..468c45c076 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-by-supsystic-7d533a3d146be46c1ec4aa8c4e983051.yaml @@ -0,0 +1,58 @@ +id: popup-by-supsystic-7d533a3d146be46c1ec4aa8c4e983051 + +info: + name: > + Popup by Supsystic <= 1.10.18 - Prototype Pollution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12acf651-6476-491b-84b3-afbc6c655b17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-by-supsystic/" + google-query: inurl:"/wp-content/plugins/popup-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.10.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-by-supsystic-7fd4b87b9f62e3f833903e1a4cb60554.yaml b/nuclei-templates/cve-less/plugins/popup-by-supsystic-7fd4b87b9f62e3f833903e1a4cb60554.yaml new file mode 100644 index 0000000000..e44ef19b94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-by-supsystic-7fd4b87b9f62e3f833903e1a4cb60554.yaml @@ -0,0 +1,58 @@ +id: popup-by-supsystic-7fd4b87b9f62e3f833903e1a4cb60554 + +info: + name: > + Popup by Supsystic <= 1.10.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c1ebc88-0987-46d6-9e80-6f3aa50d10af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-by-supsystic/" + google-query: inurl:"/wp-content/plugins/popup-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-by-supsystic-aaf49aa53f803817d024c6faf4d05d87.yaml b/nuclei-templates/cve-less/plugins/popup-by-supsystic-aaf49aa53f803817d024c6faf4d05d87.yaml new file mode 100644 index 0000000000..ecfc9c5c9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-by-supsystic-aaf49aa53f803817d024c6faf4d05d87.yaml @@ -0,0 +1,58 @@ +id: popup-by-supsystic-aaf49aa53f803817d024c6faf4d05d87 + +info: + name: > + Popup by Supsystic <= 1.10.19 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f458663f-6b1a-4acd-b2db-c66d7a915ab7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-by-supsystic/" + google-query: inurl:"/wp-content/plugins/popup-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-by-supsystic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-contact-form-3c0e91d24d36a9cd6d874ce52fecf15c.yaml b/nuclei-templates/cve-less/plugins/popup-contact-form-3c0e91d24d36a9cd6d874ce52fecf15c.yaml new file mode 100644 index 0000000000..6e7fc5df54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-contact-form-3c0e91d24d36a9cd6d874ce52fecf15c.yaml @@ -0,0 +1,58 @@ +id: popup-contact-form-3c0e91d24d36a9cd6d874ce52fecf15c + +info: + name: > + Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47eb6ca7-049c-41b8-9210-391d4d1b8b2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-contact-form/" + google-query: inurl:"/wp-content/plugins/popup-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-contact-form-584864f4cdfe17f88fd042ba6424f8ca.yaml b/nuclei-templates/cve-less/plugins/popup-contact-form-584864f4cdfe17f88fd042ba6424f8ca.yaml new file mode 100644 index 0000000000..1bed3741cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-contact-form-584864f4cdfe17f88fd042ba6424f8ca.yaml @@ -0,0 +1,58 @@ +id: popup-contact-form-584864f4cdfe17f88fd042ba6424f8ca + +info: + name: > + Popup contact form <= 7.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad896d7d-2c75-466c-9a79-b6a9cfb0bc15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-contact-form/" + google-query: inurl:"/wp-content/plugins/popup-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-maker-189f237bf9c2686338f976edbe64b7e4.yaml b/nuclei-templates/cve-less/plugins/popup-maker-189f237bf9c2686338f976edbe64b7e4.yaml new file mode 100644 index 0000000000..7983a1d3e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-maker-189f237bf9c2686338f976edbe64b7e4.yaml @@ -0,0 +1,58 @@ +id: popup-maker-189f237bf9c2686338f976edbe64b7e4 + +info: + name: > + Popup-Maker <= 1.8.12 - Unauthenticated information disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b9a0751-934f-4830-80c9-39260ec1cb4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-maker/" + google-query: inurl:"/wp-content/plugins/popup-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-maker-3a1e41088675792a5f4e28fc34263cd0.yaml b/nuclei-templates/cve-less/plugins/popup-maker-3a1e41088675792a5f4e28fc34263cd0.yaml new file mode 100644 index 0000000000..541a47b9f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-maker-3a1e41088675792a5f4e28fc34263cd0.yaml @@ -0,0 +1,58 @@ +id: popup-maker-3a1e41088675792a5f4e28fc34263cd0 + +info: + name: > + Popup Maker <= 1.17.1 - Missing Authorization via save_popup_enabled_state + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb649fb2-2d0e-4fe3-89d5-90bcbc0bcfcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-maker/" + google-query: inurl:"/wp-content/plugins/popup-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-maker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.17.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-maker-535ebdfe2ca4cb1641e4a25814726229.yaml b/nuclei-templates/cve-less/plugins/popup-maker-535ebdfe2ca4cb1641e4a25814726229.yaml new file mode 100644 index 0000000000..2149264e1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-maker-535ebdfe2ca4cb1641e4a25814726229.yaml @@ -0,0 +1,58 @@ +id: popup-maker-535ebdfe2ca4cb1641e4a25814726229 + +info: + name: > + Popup Maker <= 1.16.10 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e94683d-2cf3-4e43-8ab0-f797bfaaeee4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-maker/" + google-query: inurl:"/wp-content/plugins/popup-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-maker-a3b6f79669d9dc684f2a89cb966b83d1.yaml b/nuclei-templates/cve-less/plugins/popup-maker-a3b6f79669d9dc684f2a89cb966b83d1.yaml new file mode 100644 index 0000000000..bb05b06bc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-maker-a3b6f79669d9dc684f2a89cb966b83d1.yaml @@ -0,0 +1,58 @@ +id: popup-maker-a3b6f79669d9dc684f2a89cb966b83d1 + +info: + name: > + Popup Maker <= 1.17.1 - Sensitive Data Exposure via debug log file + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0240b35-72d0-4943-84cd-5d1574609b36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-maker/" + google-query: inurl:"/wp-content/plugins/popup-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.17.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-maker-b57f56b1347aa5d19dac687fe592133a.yaml b/nuclei-templates/cve-less/plugins/popup-maker-b57f56b1347aa5d19dac687fe592133a.yaml new file mode 100644 index 0000000000..f187573317 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-maker-b57f56b1347aa5d19dac687fe592133a.yaml @@ -0,0 +1,58 @@ +id: popup-maker-b57f56b1347aa5d19dac687fe592133a + +info: + name: > + Popup Maker < 1.6.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbaae72c-b5a6-4fa3-9268-94c0e6a59d1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-maker/" + google-query: inurl:"/wp-content/plugins/popup-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-maker-babd847e079fcdd7a546f8f906593529.yaml b/nuclei-templates/cve-less/plugins/popup-maker-babd847e079fcdd7a546f8f906593529.yaml new file mode 100644 index 0000000000..611b718e17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-maker-babd847e079fcdd7a546f8f906593529.yaml @@ -0,0 +1,58 @@ +id: popup-maker-babd847e079fcdd7a546f8f906593529 + +info: + name: > + Popup Maker <= 1.16.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/697e8954-5adb-472a-a961-4e14f22d3b66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-maker/" + google-query: inurl:"/wp-content/plugins/popup-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-maker-c446e0b00a3a4561bee5779481d638d6.yaml b/nuclei-templates/cve-less/plugins/popup-maker-c446e0b00a3a4561bee5779481d638d6.yaml new file mode 100644 index 0000000000..cab39fef5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-maker-c446e0b00a3a4561bee5779481d638d6.yaml @@ -0,0 +1,58 @@ +id: popup-maker-c446e0b00a3a4561bee5779481d638d6 + +info: + name: > + Popup Maker – Popup for opt-ins, lead gen, & more <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40e1215c-ac00-4fd6-b428-a57cef95aed1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-maker/" + google-query: inurl:"/wp-content/plugins/popup-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-maker-de64ee696bec8d009d778000d64252b8.yaml b/nuclei-templates/cve-less/plugins/popup-maker-de64ee696bec8d009d778000d64252b8.yaml new file mode 100644 index 0000000000..85b86f60ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-maker-de64ee696bec8d009d778000d64252b8.yaml @@ -0,0 +1,58 @@ +id: popup-maker-de64ee696bec8d009d778000d64252b8 + +info: + name: > + Popup Maker <= 1.16.4 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f95c786-900b-4069-8509-fab623f5f988?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-maker/" + google-query: inurl:"/wp-content/plugins/popup-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-maker-ff57e42e57104b9d5c57fd329587cf27.yaml b/nuclei-templates/cve-less/plugins/popup-maker-ff57e42e57104b9d5c57fd329587cf27.yaml new file mode 100644 index 0000000000..021bc5a513 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-maker-ff57e42e57104b9d5c57fd329587cf27.yaml @@ -0,0 +1,58 @@ +id: popup-maker-ff57e42e57104b9d5c57fd329587cf27 + +info: + name: > + Popup Maker <= 1.16.8 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc5c10ad-c5e7-4b94-8d5d-112703ad05ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-maker/" + google-query: inurl:"/wp-content/plugins/popup-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-manager-76f3b72582acb97747f26a7d73d169e0.yaml b/nuclei-templates/cve-less/plugins/popup-manager-76f3b72582acb97747f26a7d73d169e0.yaml new file mode 100644 index 0000000000..61ec7693fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-manager-76f3b72582acb97747f26a7d73d169e0.yaml @@ -0,0 +1,58 @@ +id: popup-manager-76f3b72582acb97747f26a7d73d169e0 + +info: + name: > + Popup Manager <= 1.6.6 - Missing Authorization to Arbitrary Popup Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2180dc08-25a8-474b-b382-5ce359de04b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-manager/" + google-query: inurl:"/wp-content/plugins/popup-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-manager-da1a3662428b7d8e0a5c05c7f2cee12d.yaml b/nuclei-templates/cve-less/plugins/popup-manager-da1a3662428b7d8e0a5c05c7f2cee12d.yaml new file mode 100644 index 0000000000..bbcbcc9846 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-manager-da1a3662428b7d8e0a5c05c7f2cee12d.yaml @@ -0,0 +1,58 @@ +id: popup-manager-da1a3662428b7d8e0a5c05c7f2cee12d + +info: + name: > + Popup Manager <= 1.6.6 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6e587fb-118b-44b6-a2bb-1d621f02845c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-manager/" + google-query: inurl:"/wp-content/plugins/popup-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-modal-for-youtube-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/popup-modal-for-youtube-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..b2df8a5b38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-modal-for-youtube-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: popup-modal-for-youtube-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-modal-for-youtube/" + google-query: inurl:"/wp-content/plugins/popup-modal-for-youtube/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-modal-for-youtube,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-modal-for-youtube/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-modal-for-youtube" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-more-7d2e01fb5142e419d7f12bc8417804ab.yaml b/nuclei-templates/cve-less/plugins/popup-more-7d2e01fb5142e419d7f12bc8417804ab.yaml new file mode 100644 index 0000000000..4149bb5161 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-more-7d2e01fb5142e419d7f12bc8417804ab.yaml @@ -0,0 +1,58 @@ +id: popup-more-7d2e01fb5142e419d7f12bc8417804ab + +info: + name: > + Popup More <= 2.2.4 - Authenticated (Admin+) Directory Traversal to Limited Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-more/" + google-query: inurl:"/wp-content/plugins/popup-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-more,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-with-fancybox-bee21ffa7faff706d4db361bca23b6c3.yaml b/nuclei-templates/cve-less/plugins/popup-with-fancybox-bee21ffa7faff706d4db361bca23b6c3.yaml new file mode 100644 index 0000000000..0972a45651 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-with-fancybox-bee21ffa7faff706d4db361bca23b6c3.yaml @@ -0,0 +1,58 @@ +id: popup-with-fancybox-bee21ffa7faff706d4db361bca23b6c3 + +info: + name: > + Popup with fancybox <= 3.5 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c943cf0b-0e99-4d47-808d-2b803369d53a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-with-fancybox/" + google-query: inurl:"/wp-content/plugins/popup-with-fancybox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-with-fancybox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-with-fancybox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-with-fancybox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popup-zyrex-d9e5ab172446fd3be8d4dddf9dcfa63e.yaml b/nuclei-templates/cve-less/plugins/popup-zyrex-d9e5ab172446fd3be8d4dddf9dcfa63e.yaml new file mode 100644 index 0000000000..c0d85d386d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popup-zyrex-d9e5ab172446fd3be8d4dddf9dcfa63e.yaml @@ -0,0 +1,58 @@ +id: popup-zyrex-d9e5ab172446fd3be8d4dddf9dcfa63e + +info: + name: > + Zyrex Popup <= 1.0 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf992c75-a1ae-49c3-8110-2f3b31b23f6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popup-zyrex/" + google-query: inurl:"/wp-content/plugins/popup-zyrex/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popup-zyrex,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popup-zyrex/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popup-zyrex" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popupally-104344c0b7a013be4ee55f379fbf7b52.yaml b/nuclei-templates/cve-less/plugins/popupally-104344c0b7a013be4ee55f379fbf7b52.yaml new file mode 100644 index 0000000000..a748a47f0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popupally-104344c0b7a013be4ee55f379fbf7b52.yaml @@ -0,0 +1,58 @@ +id: popupally-104344c0b7a013be4ee55f379fbf7b52 + +info: + name: > + PopupAlly <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfd158b2-c6a4-441a-b611-bf06e197d13d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popupally/" + google-query: inurl:"/wp-content/plugins/popupally/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popupally,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popupally/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popupally" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popupally-3e074f8fe92c7cadd8316ec7dd448917.yaml b/nuclei-templates/cve-less/plugins/popupally-3e074f8fe92c7cadd8316ec7dd448917.yaml new file mode 100644 index 0000000000..f17c77a85a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popupally-3e074f8fe92c7cadd8316ec7dd448917.yaml @@ -0,0 +1,58 @@ +id: popupally-3e074f8fe92c7cadd8316ec7dd448917 + +info: + name: > + PopupAlly <= 2.1.0 - Cross-Site Request Forgery via optin_submit_callback + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6bef410-8706-4440-b50f-08824ef754f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popupally/" + google-query: inurl:"/wp-content/plugins/popupally/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popupally,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popupally/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popupally" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/popups-356d13b6974d8f1c305ed39531dbff42.yaml b/nuclei-templates/cve-less/plugins/popups-356d13b6974d8f1c305ed39531dbff42.yaml new file mode 100644 index 0000000000..74c19f6534 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/popups-356d13b6974d8f1c305ed39531dbff42.yaml @@ -0,0 +1,58 @@ +id: popups-356d13b6974d8f1c305ed39531dbff42 + +info: + name: > + Popups <= 1.9.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47baeaee-de6b-4459-a211-177859427e70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/popups/" + google-query: inurl:"/wp-content/plugins/popups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,popups,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/popups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portable-phpmyadmin-cd131fb7dbc732763aa435e3a74746ae.yaml b/nuclei-templates/cve-less/plugins/portable-phpmyadmin-cd131fb7dbc732763aa435e3a74746ae.yaml new file mode 100644 index 0000000000..99da65d913 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portable-phpmyadmin-cd131fb7dbc732763aa435e3a74746ae.yaml @@ -0,0 +1,58 @@ +id: portable-phpmyadmin-cd131fb7dbc732763aa435e3a74746ae + +info: + name: > + Portable phpMyAdmin <= 1.5.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04bfad0d-9c6d-41b6-8c59-516eceef9a36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portable-phpmyadmin/" + google-query: inurl:"/wp-content/plugins/portable-phpmyadmin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portable-phpmyadmin,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portable-phpmyadmin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portable-phpmyadmin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portable-phpmyadmin-d09c471b1ad5ad87d4f4afddc3658574.yaml b/nuclei-templates/cve-less/plugins/portable-phpmyadmin-d09c471b1ad5ad87d4f4afddc3658574.yaml new file mode 100644 index 0000000000..2ca8986289 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portable-phpmyadmin-d09c471b1ad5ad87d4f4afddc3658574.yaml @@ -0,0 +1,58 @@ +id: portable-phpmyadmin-d09c471b1ad5ad87d4f4afddc3658574 + +info: + name: > + Portable phpMyAdmin <= 1.4.1 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9e844c1-38c1-4b3c-98a4-71d87ca6293b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portable-phpmyadmin/" + google-query: inurl:"/wp-content/plugins/portable-phpmyadmin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portable-phpmyadmin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portable-phpmyadmin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portable-phpmyadmin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portable-phpmyadmin-f5f19df0291f0636aeea89c408a38887.yaml b/nuclei-templates/cve-less/plugins/portable-phpmyadmin-f5f19df0291f0636aeea89c408a38887.yaml new file mode 100644 index 0000000000..035a566b9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portable-phpmyadmin-f5f19df0291f0636aeea89c408a38887.yaml @@ -0,0 +1,58 @@ +id: portable-phpmyadmin-f5f19df0291f0636aeea89c408a38887 + +info: + name: > + Portable phpMyAdmin <= 1.3.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e796b203-31b4-47c6-9018-190389ce4df7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portable-phpmyadmin/" + google-query: inurl:"/wp-content/plugins/portable-phpmyadmin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portable-phpmyadmin,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portable-phpmyadmin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portable-phpmyadmin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portfolio-and-projects-454dc41941365b15ee244d48d13a5ca3.yaml b/nuclei-templates/cve-less/plugins/portfolio-and-projects-454dc41941365b15ee244d48d13a5ca3.yaml new file mode 100644 index 0000000000..7df0204553 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portfolio-and-projects-454dc41941365b15ee244d48d13a5ca3.yaml @@ -0,0 +1,58 @@ +id: portfolio-and-projects-454dc41941365b15ee244d48d13a5ca3 + +info: + name: > + Portfolio and Projects <= 1.3.7 - Cross-Site Request Forgery via 'wpos_anylc_admin_init_process' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9567f199-7c31-4df3-aa2c-911780b2497a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portfolio-and-projects/" + google-query: inurl:"/wp-content/plugins/portfolio-and-projects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portfolio-and-projects,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portfolio-and-projects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portfolio-and-projects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portfolio-and-projects-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/portfolio-and-projects-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..6d173971bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portfolio-and-projects-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: portfolio-and-projects-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portfolio-and-projects/" + google-query: inurl:"/wp-content/plugins/portfolio-and-projects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portfolio-and-projects,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portfolio-and-projects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portfolio-and-projects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portfolio-by-lisa-westlund-6fc195976bc811efd5c4bd31a1b9fd8a.yaml b/nuclei-templates/cve-less/plugins/portfolio-by-lisa-westlund-6fc195976bc811efd5c4bd31a1b9fd8a.yaml new file mode 100644 index 0000000000..3ae0fc4570 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portfolio-by-lisa-westlund-6fc195976bc811efd5c4bd31a1b9fd8a.yaml @@ -0,0 +1,58 @@ +id: portfolio-by-lisa-westlund-6fc195976bc811efd5c4bd31a1b9fd8a + +info: + name: > + Portfolio Plugin <= 2.04 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/198a24e6-af98-42ed-bf58-73b7ec99838b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portfolio-by-lisa-westlund/" + google-query: inurl:"/wp-content/plugins/portfolio-by-lisa-westlund/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portfolio-by-lisa-westlund,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portfolio-by-lisa-westlund/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portfolio-by-lisa-westlund" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.04') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portfolio-by-lisa-westlund-83ec865d5c8f3847f1734b9b89afe851.yaml b/nuclei-templates/cve-less/plugins/portfolio-by-lisa-westlund-83ec865d5c8f3847f1734b9b89afe851.yaml new file mode 100644 index 0000000000..9f135ee8ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portfolio-by-lisa-westlund-83ec865d5c8f3847f1734b9b89afe851.yaml @@ -0,0 +1,58 @@ +id: portfolio-by-lisa-westlund-83ec865d5c8f3847f1734b9b89afe851 + +info: + name: > + Portfolio Plugin < 1.05 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fb0c069-ea6d-4eff-851e-b41c34b41152?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portfolio-by-lisa-westlund/" + google-query: inurl:"/wp-content/plugins/portfolio-by-lisa-westlund/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portfolio-by-lisa-westlund,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portfolio-by-lisa-westlund/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portfolio-by-lisa-westlund" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portfolio-elementor-20c420e00e7776a25487d5218d4e77bb.yaml b/nuclei-templates/cve-less/plugins/portfolio-elementor-20c420e00e7776a25487d5218d4e77bb.yaml new file mode 100644 index 0000000000..c176f01473 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portfolio-elementor-20c420e00e7776a25487d5218d4e77bb.yaml @@ -0,0 +1,58 @@ +id: portfolio-elementor-20c420e00e7776a25487d5218d4e77bb + +info: + name: > + Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b639c5c-e4ff-4e43-9088-249c75046d39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portfolio-elementor/" + google-query: inurl:"/wp-content/plugins/portfolio-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portfolio-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portfolio-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portfolio-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portfolio-elementor-4d83bba8058d5550f9120708c18d4b23.yaml b/nuclei-templates/cve-less/plugins/portfolio-elementor-4d83bba8058d5550f9120708c18d4b23.yaml new file mode 100644 index 0000000000..007f7f5ad1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portfolio-elementor-4d83bba8058d5550f9120708c18d4b23.yaml @@ -0,0 +1,58 @@ +id: portfolio-elementor-4d83bba8058d5550f9120708c18d4b23 + +info: + name: > + Portfolio for Elementor <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d21febd-e206-4f7c-a6a2-0fa65150ed29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portfolio-elementor/" + google-query: inurl:"/wp-content/plugins/portfolio-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portfolio-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portfolio-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portfolio-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portfolio-filter-gallery-6a48e7c9d0ebe158b3f7430c9e7962df.yaml b/nuclei-templates/cve-less/plugins/portfolio-filter-gallery-6a48e7c9d0ebe158b3f7430c9e7962df.yaml new file mode 100644 index 0000000000..990019dcea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portfolio-filter-gallery-6a48e7c9d0ebe158b3f7430c9e7962df.yaml @@ -0,0 +1,58 @@ +id: portfolio-filter-gallery-6a48e7c9d0ebe158b3f7430c9e7962df + +info: + name: > + Portfolio Gallery – Image Gallery Plugin <= 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97759a47-c52a-4113-86c0-453a53fb44a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portfolio-filter-gallery/" + google-query: inurl:"/wp-content/plugins/portfolio-filter-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portfolio-filter-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portfolio-filter-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portfolio-filter-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portfolio-gallery-8195d0fd4f0b5ac7235f16224b2dcb18.yaml b/nuclei-templates/cve-less/plugins/portfolio-gallery-8195d0fd4f0b5ac7235f16224b2dcb18.yaml new file mode 100644 index 0000000000..b6b442c20a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portfolio-gallery-8195d0fd4f0b5ac7235f16224b2dcb18.yaml @@ -0,0 +1,58 @@ +id: portfolio-gallery-8195d0fd4f0b5ac7235f16224b2dcb18 + +info: + name: > + Portfolio Gallery – Photo Gallery <= 1.1.8 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f367a3d2-8ee6-4897-b7bf-a44f57142347?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portfolio-gallery/" + google-query: inurl:"/wp-content/plugins/portfolio-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portfolio-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portfolio-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portfolio-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portfolio-responsive-gallery-d3ba4c3e62ed9f2cd7ab1df9d9c7321d.yaml b/nuclei-templates/cve-less/plugins/portfolio-responsive-gallery-d3ba4c3e62ed9f2cd7ab1df9d9c7321d.yaml new file mode 100644 index 0000000000..e5dd25aa68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portfolio-responsive-gallery-d3ba4c3e62ed9f2cd7ab1df9d9c7321d.yaml @@ -0,0 +1,58 @@ +id: portfolio-responsive-gallery-d3ba4c3e62ed9f2cd7ab1df9d9c7321d + +info: + name: > + Portfolio Responsive Gallery <= 1.1.7 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24123a4f-da33-4d50-9e82-18f910de6619?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portfolio-responsive-gallery/" + google-query: inurl:"/wp-content/plugins/portfolio-responsive-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portfolio-responsive-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portfolio-responsive-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portfolio-responsive-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portfolio-slideshow-cb4e42488e82603fdda3ed8a6057c4fa.yaml b/nuclei-templates/cve-less/plugins/portfolio-slideshow-cb4e42488e82603fdda3ed8a6057c4fa.yaml new file mode 100644 index 0000000000..58eb3862bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portfolio-slideshow-cb4e42488e82603fdda3ed8a6057c4fa.yaml @@ -0,0 +1,58 @@ +id: portfolio-slideshow-cb4e42488e82603fdda3ed8a6057c4fa + +info: + name: > + Portfolio Slideshow <= 1.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26b5c665-b7f6-4481-b9e9-010f9e451d9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portfolio-slideshow/" + google-query: inurl:"/wp-content/plugins/portfolio-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portfolio-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portfolio-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portfolio-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portfolio-wp-422a760ab8a04278c237785bf5be638b.yaml b/nuclei-templates/cve-less/plugins/portfolio-wp-422a760ab8a04278c237785bf5be638b.yaml new file mode 100644 index 0000000000..e299aa9cca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portfolio-wp-422a760ab8a04278c237785bf5be638b.yaml @@ -0,0 +1,58 @@ +id: portfolio-wp-422a760ab8a04278c237785bf5be638b + +info: + name: > + GridKit Portfolio <= 2.0.0 - Subscriber+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ebb6ebe-3a66-4ad8-9bba-c09354810159?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portfolio-wp/" + google-query: inurl:"/wp-content/plugins/portfolio-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portfolio-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portfolio-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portfolio-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/porto-functionality-10147d7844868b2801a0e636a99a05eb.yaml b/nuclei-templates/cve-less/plugins/porto-functionality-10147d7844868b2801a0e636a99a05eb.yaml new file mode 100644 index 0000000000..681771fa5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/porto-functionality-10147d7844868b2801a0e636a99a05eb.yaml @@ -0,0 +1,58 @@ +id: porto-functionality-10147d7844868b2801a0e636a99a05eb + +info: + name: > + Porto Theme - Functionality <= 3.0.9 - Authenticated (Contributor+) Local File Inclusion via Post Meta + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5cdd3c1-6353-4bee-a4f9-5b7972f0970c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/porto-functionality/" + google-query: inurl:"/wp-content/plugins/porto-functionality/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,porto-functionality,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/porto-functionality/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "porto-functionality" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/porto-functionality-23f358a9d40cae78b36e38b231af07ae.yaml b/nuclei-templates/cve-less/plugins/porto-functionality-23f358a9d40cae78b36e38b231af07ae.yaml new file mode 100644 index 0000000000..b3f1f99204 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/porto-functionality-23f358a9d40cae78b36e38b231af07ae.yaml @@ -0,0 +1,58 @@ +id: porto-functionality-23f358a9d40cae78b36e38b231af07ae + +info: + name: > + Porto Theme - Functionality <= 2.11.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e1300be-07e3-44b6-9ced-a16825274d22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/porto-functionality/" + google-query: inurl:"/wp-content/plugins/porto-functionality/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,porto-functionality,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/porto-functionality/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "porto-functionality" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/porto-functionality-57ac81934caebdaedb69c79f34942250.yaml b/nuclei-templates/cve-less/plugins/porto-functionality-57ac81934caebdaedb69c79f34942250.yaml new file mode 100644 index 0000000000..76d2f713dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/porto-functionality-57ac81934caebdaedb69c79f34942250.yaml @@ -0,0 +1,58 @@ +id: porto-functionality-57ac81934caebdaedb69c79f34942250 + +info: + name: > + Porto Theme - Functionality <= 2.11.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fabc7ad3-1d20-493f-aacb-1832d33d8e14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/porto-functionality/" + google-query: inurl:"/wp-content/plugins/porto-functionality/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,porto-functionality,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/porto-functionality/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "porto-functionality" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/porto-functionality-98b3c6ab8f905b035d160d1673b90dca.yaml b/nuclei-templates/cve-less/plugins/porto-functionality-98b3c6ab8f905b035d160d1673b90dca.yaml new file mode 100644 index 0000000000..cdc57d39a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/porto-functionality-98b3c6ab8f905b035d160d1673b90dca.yaml @@ -0,0 +1,58 @@ +id: porto-functionality-98b3c6ab8f905b035d160d1673b90dca + +info: + name: > + Porto Theme - Functionality <= 3.1.0 - Authenticated (Contributor+) Local File Inclusion via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fea96f84-f75b-4f02-9ca8-f8fda439d565?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/porto-functionality/" + google-query: inurl:"/wp-content/plugins/porto-functionality/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,porto-functionality,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/porto-functionality/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "porto-functionality" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/portugal-ctt-tracking-woocommerce-96ae79181b6ec77bcc77d5a1f71b9993.yaml b/nuclei-templates/cve-less/plugins/portugal-ctt-tracking-woocommerce-96ae79181b6ec77bcc77d5a1f71b9993.yaml new file mode 100644 index 0000000000..80e6eed688 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/portugal-ctt-tracking-woocommerce-96ae79181b6ec77bcc77d5a1f71b9993.yaml @@ -0,0 +1,58 @@ +id: portugal-ctt-tracking-woocommerce-96ae79181b6ec77bcc77d5a1f71b9993 + +info: + name: > + Portugal CTT Tracking for WooCommerce <= 2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a69e6ca8-efd6-4b89-ae63-b320f9936842?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/portugal-ctt-tracking-woocommerce/" + google-query: inurl:"/wp-content/plugins/portugal-ctt-tracking-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,portugal-ctt-tracking-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/portugal-ctt-tracking-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "portugal-ctt-tracking-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-and-page-builder-55e2a4b9a97cda212301452238552f00.yaml b/nuclei-templates/cve-less/plugins/post-and-page-builder-55e2a4b9a97cda212301452238552f00.yaml new file mode 100644 index 0000000000..f97ae34e90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-and-page-builder-55e2a4b9a97cda212301452238552f00.yaml @@ -0,0 +1,58 @@ +id: post-and-page-builder-55e2a4b9a97cda212301452238552f00 + +info: + name: > + Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.26.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dbb0ca4-169a-4f51-a196-5f138744c54d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-and-page-builder/" + google-query: inurl:"/wp-content/plugins/post-and-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-and-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-and-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-and-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.26.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-and-page-builder-cfbde5318ddfc1f99a56f4cb27a830a5.yaml b/nuclei-templates/cve-less/plugins/post-and-page-builder-cfbde5318ddfc1f99a56f4cb27a830a5.yaml new file mode 100644 index 0000000000..72d87d95fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-and-page-builder-cfbde5318ddfc1f99a56f4cb27a830a5.yaml @@ -0,0 +1,58 @@ +id: post-and-page-builder-cfbde5318ddfc1f99a56f4cb27a830a5 + +info: + name: > + Post and Page Builder by BoldGrid – Visual Drag and Drop Editor <= 1.24.1 - Cross-Site Request Forgery via submitDefaultEditor + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf801042-5cd5-424f-a25a-858302285170?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-and-page-builder/" + google-query: inurl:"/wp-content/plugins/post-and-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-and-page-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-and-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-and-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-carousel-b852d5115d07ebbb3d6948d1d5619495.yaml b/nuclei-templates/cve-less/plugins/post-carousel-b852d5115d07ebbb3d6948d1d5619495.yaml new file mode 100644 index 0000000000..94275468a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-carousel-b852d5115d07ebbb3d6948d1d5619495.yaml @@ -0,0 +1,58 @@ +id: post-carousel-b852d5115d07ebbb3d6948d1d5619495 + +info: + name: > + Post Grid, Post Carousel, & List Category Posts <= 2.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1df1e56e-7a1f-4e89-8df2-bda9dc1ec1dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-carousel/" + google-query: inurl:"/wp-content/plugins/post-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-carousel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-category-image-with-grid-and-slider-048a39e7d237e8f103e054f25cf72eb4.yaml b/nuclei-templates/cve-less/plugins/post-category-image-with-grid-and-slider-048a39e7d237e8f103e054f25cf72eb4.yaml new file mode 100644 index 0000000000..761fe7d800 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-category-image-with-grid-and-slider-048a39e7d237e8f103e054f25cf72eb4.yaml @@ -0,0 +1,58 @@ +id: post-category-image-with-grid-and-slider-048a39e7d237e8f103e054f25cf72eb4 + +info: + name: > + Post Category Image With Grid and Slider <= 1.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ce9854-06df-44a8-b998-de21bf52a5d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-category-image-with-grid-and-slider/" + google-query: inurl:"/wp-content/plugins/post-category-image-with-grid-and-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-category-image-with-grid-and-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-category-image-with-grid-and-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-category-image-with-grid-and-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-connector-21e149e548734ec4b958e79da23daedf.yaml b/nuclei-templates/cve-less/plugins/post-connector-21e149e548734ec4b958e79da23daedf.yaml new file mode 100644 index 0000000000..c3c4cba502 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-connector-21e149e548734ec4b958e79da23daedf.yaml @@ -0,0 +1,58 @@ +id: post-connector-21e149e548734ec4b958e79da23daedf + +info: + name: > + Post Connector < 1.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c48819a-5ca1-4262-b995-1c4621fcfadc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-connector/" + google-query: inurl:"/wp-content/plugins/post-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-connector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-connector-77f1b741caca90f6e233d10f62410685.yaml b/nuclei-templates/cve-less/plugins/post-connector-77f1b741caca90f6e233d10f62410685.yaml new file mode 100644 index 0000000000..027f27105c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-connector-77f1b741caca90f6e233d10f62410685.yaml @@ -0,0 +1,58 @@ +id: post-connector-77f1b741caca90f6e233d10f62410685 + +info: + name: > + Post Connector <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2efbb0af-fda5-4c1b-a495-24fa7efc689e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-connector/" + google-query: inurl:"/wp-content/plugins/post-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-connector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-content-xmlrpc-c5997f1fef9873598e392fd29a23db70.yaml b/nuclei-templates/cve-less/plugins/post-content-xmlrpc-c5997f1fef9873598e392fd29a23db70.yaml new file mode 100644 index 0000000000..3347bf3f19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-content-xmlrpc-c5997f1fef9873598e392fd29a23db70.yaml @@ -0,0 +1,58 @@ +id: post-content-xmlrpc-c5997f1fef9873598e392fd29a23db70 + +info: + name: > + Post Content XMLRPC <= 1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfe07cd7-e448-4468-8280-3514690d8648?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-content-xmlrpc/" + google-query: inurl:"/wp-content/plugins/post-content-xmlrpc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-content-xmlrpc,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-content-xmlrpc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-content-xmlrpc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-duplicator-4411dec3eca9ec1ccdcf332ed790a4a3.yaml b/nuclei-templates/cve-less/plugins/post-duplicator-4411dec3eca9ec1ccdcf332ed790a4a3.yaml new file mode 100644 index 0000000000..aa35abd10b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-duplicator-4411dec3eca9ec1ccdcf332ed790a4a3.yaml @@ -0,0 +1,58 @@ +id: post-duplicator-4411dec3eca9ec1ccdcf332ed790a4a3 + +info: + name: > + Post Duplicator <= 2.23 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c763a8d8-c31a-4c9f-8f0e-814cda91b860?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-duplicator/" + google-query: inurl:"/wp-content/plugins/post-duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-duplicator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-duplicator-757377e3d1b7b4a16326ff93c76bfa77.yaml b/nuclei-templates/cve-less/plugins/post-duplicator-757377e3d1b7b4a16326ff93c76bfa77.yaml new file mode 100644 index 0000000000..5f6c530701 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-duplicator-757377e3d1b7b4a16326ff93c76bfa77.yaml @@ -0,0 +1,58 @@ +id: post-duplicator-757377e3d1b7b4a16326ff93c76bfa77 + +info: + name: > + Post Duplicator <= 2.31 - Missing Authorization via mtphr_duplicate_post + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5665931-8da9-44db-a5b1-46acebf14f3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-duplicator/" + google-query: inurl:"/wp-content/plugins/post-duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-duplicator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-expirator-94847c0850f7aba0194b3e646162912e.yaml b/nuclei-templates/cve-less/plugins/post-expirator-94847c0850f7aba0194b3e646162912e.yaml new file mode 100644 index 0000000000..9e617c2529 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-expirator-94847c0850f7aba0194b3e646162912e.yaml @@ -0,0 +1,58 @@ +id: post-expirator-94847c0850f7aba0194b3e646162912e + +info: + name: > + Post Expirator <= 2.5.1 - Contributor+ Arbitrary Post Schedule Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0576cde-8d32-4f06-899a-a9ebff99d8ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-expirator/" + google-query: inurl:"/wp-content/plugins/post-expirator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-expirator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-expirator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-expirator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-035b152afda993b6317a93d2886e872e.yaml b/nuclei-templates/cve-less/plugins/post-grid-035b152afda993b6317a93d2886e872e.yaml new file mode 100644 index 0000000000..8da799d6b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-035b152afda993b6317a93d2886e872e.yaml @@ -0,0 +1,58 @@ +id: post-grid-035b152afda993b6317a93d2886e872e + +info: + name: > + Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.64 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab777672-6eef-4078-932d-24bb784107fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid/" + google-query: inurl:"/wp-content/plugins/post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.64') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-27ea99e0a4c0fec30a4e9e397cbf9e1f.yaml b/nuclei-templates/cve-less/plugins/post-grid-27ea99e0a4c0fec30a4e9e397cbf9e1f.yaml new file mode 100644 index 0000000000..cf11b7d001 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-27ea99e0a4c0fec30a4e9e397cbf9e1f.yaml @@ -0,0 +1,58 @@ +id: post-grid-27ea99e0a4c0fec30a4e9e397cbf9e1f + +info: + name: > + Post Grid < 2.1.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/668afa62-1326-4067-8d0a-f16788e85ae5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid/" + google-query: inurl:"/wp-content/plugins/post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-62d64311944bfd1e5f948984fb1aa5c3.yaml b/nuclei-templates/cve-less/plugins/post-grid-62d64311944bfd1e5f948984fb1aa5c3.yaml new file mode 100644 index 0000000000..ecade98194 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-62d64311944bfd1e5f948984fb1aa5c3.yaml @@ -0,0 +1,58 @@ +id: post-grid-62d64311944bfd1e5f948984fb1aa5c3 + +info: + name: > + Post Grid <= 2.1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25838724-42b6-41e1-9546-78e6da2e95e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid/" + google-query: inurl:"/wp-content/plugins/post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-95cbf2d4161dbe2a06b19107725df07f.yaml b/nuclei-templates/cve-less/plugins/post-grid-95cbf2d4161dbe2a06b19107725df07f.yaml new file mode 100644 index 0000000000..bad8ef6e93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-95cbf2d4161dbe2a06b19107725df07f.yaml @@ -0,0 +1,58 @@ +id: post-grid-95cbf2d4161dbe2a06b19107725df07f + +info: + name: > + Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel <= 2.2.74 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e23dcadf-5858-4b8e-8b48-d3133c40cd89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid/" + google-query: inurl:"/wp-content/plugins/post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.74') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-966d3900b7e6f22f0e9de38c28765bd0.yaml b/nuclei-templates/cve-less/plugins/post-grid-966d3900b7e6f22f0e9de38c28765bd0.yaml new file mode 100644 index 0000000000..0e123c837e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-966d3900b7e6f22f0e9de38c28765bd0.yaml @@ -0,0 +1,58 @@ +id: post-grid-966d3900b7e6f22f0e9de38c28765bd0 + +info: + name: > + Post Grid <= 2.2.50 - Missing Authorization to Sensitive Information Exposure via REST API + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a52fb5f4-60ba-4077-95cd-e160a6d9a419?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid/" + google-query: inurl:"/wp-content/plugins/post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-af61f5bee07d29ca204b7dc88cfe0b56.yaml b/nuclei-templates/cve-less/plugins/post-grid-af61f5bee07d29ca204b7dc88cfe0b56.yaml new file mode 100644 index 0000000000..071c4b3584 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-af61f5bee07d29ca204b7dc88cfe0b56.yaml @@ -0,0 +1,58 @@ +id: post-grid-af61f5bee07d29ca204b7dc88cfe0b56 + +info: + name: > + Post Grid <= 2.2.74 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19d394d8-bdc5-4cb5-b210-269197294020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid/" + google-query: inurl:"/wp-content/plugins/post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.74') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-and-filter-ultimate-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/post-grid-and-filter-ultimate-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..fa11b8319c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-and-filter-ultimate-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: post-grid-and-filter-ultimate-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid-and-filter-ultimate/" + google-query: inurl:"/wp-content/plugins/post-grid-and-filter-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid-and-filter-ultimate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid-and-filter-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid-and-filter-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-c45a88374cf340205cd7587349c11c58.yaml b/nuclei-templates/cve-less/plugins/post-grid-c45a88374cf340205cd7587349c11c58.yaml new file mode 100644 index 0000000000..47d93c9c18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-c45a88374cf340205cd7587349c11c58.yaml @@ -0,0 +1,58 @@ +id: post-grid-c45a88374cf340205cd7587349c11c58 + +info: + name: > + Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/feee3268-b384-400c-a76d-e5d7972c05b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid/" + google-query: inurl:"/wp-content/plugins/post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-1ddfe592d879bc70e98e16d6c917ddd6.yaml b/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-1ddfe592d879bc70e98e16d6c917ddd6.yaml new file mode 100644 index 0000000000..c9a27ad2a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-1ddfe592d879bc70e98e16d6c917ddd6.yaml @@ -0,0 +1,58 @@ +id: post-grid-carousel-ultimate-1ddfe592d879bc70e98e16d6c917ddd6 + +info: + name: > + Post Grid, Slider & Carousel Ultimate <= 1.4.3 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4b1e7da-dbcd-4206-b908-4c814cde39d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid-carousel-ultimate/" + google-query: inurl:"/wp-content/plugins/post-grid-carousel-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid-carousel-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid-carousel-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-2f1e25e867c081cf048f4dbc7240dbff.yaml b/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-2f1e25e867c081cf048f4dbc7240dbff.yaml new file mode 100644 index 0000000000..6e55ce0ab9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-2f1e25e867c081cf048f4dbc7240dbff.yaml @@ -0,0 +1,58 @@ +id: post-grid-carousel-ultimate-2f1e25e867c081cf048f4dbc7240dbff + +info: + name: > + Post Grid, Slider & Carousel Ultimate <= 1.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/063224fe-3cf8-40b6-8645-86c8e8dc876e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid-carousel-ultimate/" + google-query: inurl:"/wp-content/plugins/post-grid-carousel-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid-carousel-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid-carousel-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..549152fe87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: post-grid-carousel-ultimate-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid-carousel-ultimate/" + google-query: inurl:"/wp-content/plugins/post-grid-carousel-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid-carousel-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid-carousel-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-c9946499e4c79e58a3887d0481784464.yaml b/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-c9946499e4c79e58a3887d0481784464.yaml new file mode 100644 index 0000000000..84a02e6525 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-carousel-ultimate-c9946499e4c79e58a3887d0481784464.yaml @@ -0,0 +1,58 @@ +id: post-grid-carousel-ultimate-c9946499e4c79e58a3887d0481784464 + +info: + name: > + Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cf1b234-862b-41a0-ab63-a986f8023613?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid-carousel-ultimate/" + google-query: inurl:"/wp-content/plugins/post-grid-carousel-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid-carousel-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid-carousel-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid-carousel-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-cf1bd6ff01752966d1624646c80166a0.yaml b/nuclei-templates/cve-less/plugins/post-grid-cf1bd6ff01752966d1624646c80166a0.yaml new file mode 100644 index 0000000000..b6a8d8a60a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-cf1bd6ff01752966d1624646c80166a0.yaml @@ -0,0 +1,58 @@ +id: post-grid-cf1bd6ff01752966d1624646c80166a0 + +info: + name: > + Post Grid <= 2.1.15 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/653fbe5d-3388-4227-8a0a-46764b6be4d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid/" + google-query: inurl:"/wp-content/plugins/post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-grid-f73e002833ea0b53546c13f99fdb350d.yaml b/nuclei-templates/cve-less/plugins/post-grid-f73e002833ea0b53546c13f99fdb350d.yaml new file mode 100644 index 0000000000..39306292fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-grid-f73e002833ea0b53546c13f99fdb350d.yaml @@ -0,0 +1,58 @@ +id: post-grid-f73e002833ea0b53546c13f99fdb350d + +info: + name: > + Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.78 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb057a32-0027-4ca6-b65e-8634509c9a81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-grid/" + google-query: inurl:"/wp-content/plugins/post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-grid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.78') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-highlights-a2564828601d8890d4d70eda1fefb7d7.yaml b/nuclei-templates/cve-less/plugins/post-highlights-a2564828601d8890d4d70eda1fefb7d7.yaml new file mode 100644 index 0000000000..12debbe2d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-highlights-a2564828601d8890d4d70eda1fefb7d7.yaml @@ -0,0 +1,58 @@ +id: post-highlights-a2564828601d8890d4d70eda1fefb7d7 + +info: + name: > + post highlights 2.0 - 2.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d586f258-ddd4-48a1-9c7a-2d1b343b0d23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-highlights/" + google-query: inurl:"/wp-content/plugins/post-highlights/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-highlights,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-highlights/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-highlights" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0', '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-hit-counter-f768e79079373c221f74efaccdcb8674.yaml b/nuclei-templates/cve-less/plugins/post-hit-counter-f768e79079373c221f74efaccdcb8674.yaml new file mode 100644 index 0000000000..e0ebbb8496 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-hit-counter-f768e79079373c221f74efaccdcb8674.yaml @@ -0,0 +1,58 @@ +id: post-hit-counter-f768e79079373c221f74efaccdcb8674 + +info: + name: > + Post Hit Counter <= 1.3.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4049f8fb-ad81-4f09-97b3-39ac6a9275d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-hit-counter/" + google-query: inurl:"/wp-content/plugins/post-hit-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-hit-counter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-hit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-hit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-index-a197637cb7c671923c50bb35a3955a77.yaml b/nuclei-templates/cve-less/plugins/post-index-a197637cb7c671923c50bb35a3955a77.yaml new file mode 100644 index 0000000000..023a700046 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-index-a197637cb7c671923c50bb35a3955a77.yaml @@ -0,0 +1,58 @@ +id: post-index-a197637cb7c671923c50bb35a3955a77 + +info: + name: > + Post Index <= 0.7.5 Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/507d308e-7df7-4bcb-b63c-f438b482c36b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-index/" + google-query: inurl:"/wp-content/plugins/post-index/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-index,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-index/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-index" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-indexer-b17a43827beee501340aedb4ac43d4f4.yaml b/nuclei-templates/cve-less/plugins/post-indexer-b17a43827beee501340aedb4ac43d4f4.yaml new file mode 100644 index 0000000000..86ed2e4aad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-indexer-b17a43827beee501340aedb4ac43d4f4.yaml @@ -0,0 +1,58 @@ +id: post-indexer-b17a43827beee501340aedb4ac43d4f4 + +info: + name: > + Post Indexer <= 3.0.6.1 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e43cf06-8356-40cd-a0d8-b9f7ab95d793?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-indexer/" + google-query: inurl:"/wp-content/plugins/post-indexer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-indexer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-indexer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-indexer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-indexer-e8e5df43b04b7f37f9a558b78548b1cb.yaml b/nuclei-templates/cve-less/plugins/post-indexer-e8e5df43b04b7f37f9a558b78548b1cb.yaml new file mode 100644 index 0000000000..f11f331fd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-indexer-e8e5df43b04b7f37f9a558b78548b1cb.yaml @@ -0,0 +1,58 @@ +id: post-indexer-e8e5df43b04b7f37f9a558b78548b1cb + +info: + name: > + Post Indexer <= 3.0.6.1 - Authenticated (Super Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ecc0811-916d-4c60-9047-a09242de36bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-indexer/" + google-query: inurl:"/wp-content/plugins/post-indexer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-indexer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-indexer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-indexer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-list-designer-bb6c1374b9c3f1f7e4fbd5d4ecd1156f.yaml b/nuclei-templates/cve-less/plugins/post-list-designer-bb6c1374b9c3f1f7e4fbd5d4ecd1156f.yaml new file mode 100644 index 0000000000..ab2fdc7dc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-list-designer-bb6c1374b9c3f1f7e4fbd5d4ecd1156f.yaml @@ -0,0 +1,58 @@ +id: post-list-designer-bb6c1374b9c3f1f7e4fbd5d4ecd1156f + +info: + name: > + Posts List Designer by Category <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scriptiong via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b81941-ae2b-451a-ae72-07fd72f70a95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-list-designer/" + google-query: inurl:"/wp-content/plugins/post-list-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-list-designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-list-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-list-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-list-designer-dd54abc9fa7f2f5d5c6010fa1c8c3d7f.yaml b/nuclei-templates/cve-less/plugins/post-list-designer-dd54abc9fa7f2f5d5c6010fa1c8c3d7f.yaml new file mode 100644 index 0000000000..58093638e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-list-designer-dd54abc9fa7f2f5d5c6010fa1c8c3d7f.yaml @@ -0,0 +1,58 @@ +id: post-list-designer-dd54abc9fa7f2f5d5c6010fa1c8c3d7f + +info: + name: > + Posts List Designer by Category – List Category Posts Or Recent Posts <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b5decc1-cc81-4a5e-b6d8-5120cb37c93b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-list-designer/" + google-query: inurl:"/wp-content/plugins/post-list-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-list-designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-list-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-list-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-list-with-featured-image-5d918b6eb4d2d11658c1c45d7b9c4c43.yaml b/nuclei-templates/cve-less/plugins/post-list-with-featured-image-5d918b6eb4d2d11658c1c45d7b9c4c43.yaml new file mode 100644 index 0000000000..d43c242b14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-list-with-featured-image-5d918b6eb4d2d11658c1c45d7b9c4c43.yaml @@ -0,0 +1,58 @@ +id: post-list-with-featured-image-5d918b6eb4d2d11658c1c45d7b9c4c43 + +info: + name: > + Post List With Featured Image <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b720612-f3ec-4cc0-9cc8-b9e01421ca87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-list-with-featured-image/" + google-query: inurl:"/wp-content/plugins/post-list-with-featured-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-list-with-featured-image,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-list-with-featured-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-list-with-featured-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-meta-data-manager-1261a6042800202478889a8b09341ae9.yaml b/nuclei-templates/cve-less/plugins/post-meta-data-manager-1261a6042800202478889a8b09341ae9.yaml new file mode 100644 index 0000000000..9ba2b261d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-meta-data-manager-1261a6042800202478889a8b09341ae9.yaml @@ -0,0 +1,58 @@ +id: post-meta-data-manager-1261a6042800202478889a8b09341ae9 + +info: + name: > + Post Meta Data Manager <= 1.2.1 - Cross-Site Request Forgery to Post, Term, and User Meta Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d49b8c44-4dad-4990-a8a8-116b424a7dfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-meta-data-manager/" + google-query: inurl:"/wp-content/plugins/post-meta-data-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-meta-data-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-meta-data-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-meta-data-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-meta-data-manager-91dbc533a6be524b4d3d9619ad71cbbc.yaml b/nuclei-templates/cve-less/plugins/post-meta-data-manager-91dbc533a6be524b4d3d9619ad71cbbc.yaml new file mode 100644 index 0000000000..9b9231eacc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-meta-data-manager-91dbc533a6be524b4d3d9619ad71cbbc.yaml @@ -0,0 +1,58 @@ +id: post-meta-data-manager-91dbc533a6be524b4d3d9619ad71cbbc + +info: + name: > + Post Meta Data Manager <=1.2.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7f4e710-99a2-49df-a513-725e1daaa18a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-meta-data-manager/" + google-query: inurl:"/wp-content/plugins/post-meta-data-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-meta-data-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-meta-data-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-meta-data-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-meta-data-manager-f2302a385e4bf0d806c1625e66741b99.yaml b/nuclei-templates/cve-less/plugins/post-meta-data-manager-f2302a385e4bf0d806c1625e66741b99.yaml new file mode 100644 index 0000000000..28ccc344e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-meta-data-manager-f2302a385e4bf0d806c1625e66741b99.yaml @@ -0,0 +1,58 @@ +id: post-meta-data-manager-f2302a385e4bf0d806c1625e66741b99 + +info: + name: > + Post Meta Data Manager <=1.2.0 - Missing Authorization to User, Term, and Post Meta Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6a7f882-4582-4b08-9597-329d140ad782?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-meta-data-manager/" + google-query: inurl:"/wp-content/plugins/post-meta-data-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-meta-data-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-meta-data-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-meta-data-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-new-6b050fdad6f07dfeb11a710487994604.yaml b/nuclei-templates/cve-less/plugins/post-new-6b050fdad6f07dfeb11a710487994604.yaml new file mode 100644 index 0000000000..c2c244e42b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-new-6b050fdad6f07dfeb11a710487994604.yaml @@ -0,0 +1,58 @@ +id: post-new-6b050fdad6f07dfeb11a710487994604 + +info: + name: > + WooCommerce <= 8.5.2 - Missing Authorization to Private/Draft Product Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68eec693-bffe-4f3a-8e76-edf9f13093d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-new/" + google-query: inurl:"/wp-content/plugins/post-new/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-new,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-new/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-new" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-pay-counter-c7ba3a45fd00d12be9d06e7d73d86881.yaml b/nuclei-templates/cve-less/plugins/post-pay-counter-c7ba3a45fd00d12be9d06e7d73d86881.yaml new file mode 100644 index 0000000000..43925105b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-pay-counter-c7ba3a45fd00d12be9d06e7d73d86881.yaml @@ -0,0 +1,58 @@ +id: post-pay-counter-c7ba3a45fd00d12be9d06e7d73d86881 + +info: + name: > + Post Pay Counter <= 2.789 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a9fce6d-d5c2-4ab7-87ea-8dd6e4d92e07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-pay-counter/" + google-query: inurl:"/wp-content/plugins/post-pay-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-pay-counter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-pay-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-pay-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.789') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-pay-counter-d8208f20ecd1e01dd3173f786b1bf7c7.yaml b/nuclei-templates/cve-less/plugins/post-pay-counter-d8208f20ecd1e01dd3173f786b1bf7c7.yaml new file mode 100644 index 0000000000..8d4dc9bd9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-pay-counter-d8208f20ecd1e01dd3173f786b1bf7c7.yaml @@ -0,0 +1,58 @@ +id: post-pay-counter-d8208f20ecd1e01dd3173f786b1bf7c7 + +info: + name: > + Post Pay Counter < 2.731 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c814924a-bdcd-4b73-905b-a469f4d37ddf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-pay-counter/" + google-query: inurl:"/wp-content/plugins/post-pay-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-pay-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-pay-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-pay-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.731') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-pay-counter-f9e928230a2004071cf8b8a565c1c9d8.yaml b/nuclei-templates/cve-less/plugins/post-pay-counter-f9e928230a2004071cf8b8a565c1c9d8.yaml new file mode 100644 index 0000000000..f7e3af525b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-pay-counter-f9e928230a2004071cf8b8a565c1c9d8.yaml @@ -0,0 +1,58 @@ +id: post-pay-counter-f9e928230a2004071cf8b8a565c1c9d8 + +info: + name: > + Post Pay Counter < 2.731 - Arbitrary Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/951b2a15-04c1-4c5b-9cef-146628079c36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-pay-counter/" + google-query: inurl:"/wp-content/plugins/post-pay-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-pay-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-pay-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-pay-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.731') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-plugin-library-58af12d3803de6577a6e6446cfb68db8.yaml b/nuclei-templates/cve-less/plugins/post-plugin-library-58af12d3803de6577a6e6446cfb68db8.yaml new file mode 100644 index 0000000000..bdb2f1a9a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-plugin-library-58af12d3803de6577a6e6446cfb68db8.yaml @@ -0,0 +1,58 @@ +id: post-plugin-library-58af12d3803de6577a6e6446cfb68db8 + +info: + name: > + Post-Plugin Library <= 2.6.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6397f917-7d74-43f6-96b0-4aca6447eb86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-plugin-library/" + google-query: inurl:"/wp-content/plugins/post-plugin-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-plugin-library,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-plugin-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-plugin-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-shortcode-b16694416bb8375e384e3d9eb2224580.yaml b/nuclei-templates/cve-less/plugins/post-shortcode-b16694416bb8375e384e3d9eb2224580.yaml new file mode 100644 index 0000000000..f23b9b4c0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-shortcode-b16694416bb8375e384e3d9eb2224580.yaml @@ -0,0 +1,58 @@ +id: post-shortcode-b16694416bb8375e384e3d9eb2224580 + +info: + name: > + Post Shortcode <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3e1d66d-34cf-491c-8a07-0f9efd3c9669?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-shortcode/" + google-query: inurl:"/wp-content/plugins/post-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-slider-carousel-43333653570b3a1b8a29a02f94914583.yaml b/nuclei-templates/cve-less/plugins/post-slider-carousel-43333653570b3a1b8a29a02f94914583.yaml new file mode 100644 index 0000000000..693086304d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-slider-carousel-43333653570b3a1b8a29a02f94914583.yaml @@ -0,0 +1,58 @@ +id: post-slider-carousel-43333653570b3a1b8a29a02f94914583 + +info: + name: > + Post Sliders & Post Grids <= 1.0.20 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ddc39a8-57b7-46be-878a-2e1cf3271bd2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-slider-carousel/" + google-query: inurl:"/wp-content/plugins/post-slider-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-slider-carousel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-slider-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-slider-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-smtp-0b71d9ca16ea40ec86cc7a6c955b072f.yaml b/nuclei-templates/cve-less/plugins/post-smtp-0b71d9ca16ea40ec86cc7a6c955b072f.yaml new file mode 100644 index 0000000000..6446bf109b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-smtp-0b71d9ca16ea40ec86cc7a6c955b072f.yaml @@ -0,0 +1,58 @@ +id: post-smtp-0b71d9ca16ea40ec86cc7a6c955b072f + +info: + name: > + POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Arbitrary Log Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1af4be1-a9d6-4f44-91b3-22cf3130cc34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-smtp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-smtp-0b997461262414a5dc7659a0045e7c29.yaml b/nuclei-templates/cve-less/plugins/post-smtp-0b997461262414a5dc7659a0045e7c29.yaml new file mode 100644 index 0000000000..5b0ea4362f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-smtp-0b997461262414a5dc7659a0045e7c29.yaml @@ -0,0 +1,58 @@ +id: post-smtp-0b997461262414a5dc7659a0045e7c29 + +info: + name: > + POST SMTP Mailer <= 2.8.6 - Reflected Cross-Site Scripting via msg + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7681f984-d488-4da7-afe1-988e5ad012f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-smtp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-smtp-378b490d457309885c7c94c6e12193bf.yaml b/nuclei-templates/cve-less/plugins/post-smtp-378b490d457309885c7c94c6e12193bf.yaml new file mode 100644 index 0000000000..2b7166e3d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-smtp-378b490d457309885c7c94c6e12193bf.yaml @@ -0,0 +1,58 @@ +id: post-smtp-378b490d457309885c7c94c6e12193bf + +info: + name: > + Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ecd0fa6-4fdb-4780-9560-0bb126800685?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-smtp-53d4be9be43b09403fe429bdcc5fb51e.yaml b/nuclei-templates/cve-less/plugins/post-smtp-53d4be9be43b09403fe429bdcc5fb51e.yaml new file mode 100644 index 0000000000..1fe9357bc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-smtp-53d4be9be43b09403fe429bdcc5fb51e.yaml @@ -0,0 +1,58 @@ +id: post-smtp-53d4be9be43b09403fe429bdcc5fb51e + +info: + name: > + POST SMTP Mailer <= 2.7.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f25cd403-77a4-437b-b9ba-93137bf9c936?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-smtp-5dcfc5ea6f05d00ca9432dc6e06a959a.yaml b/nuclei-templates/cve-less/plugins/post-smtp-5dcfc5ea6f05d00ca9432dc6e06a959a.yaml new file mode 100644 index 0000000000..2c705ef38d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-smtp-5dcfc5ea6f05d00ca9432dc6e06a959a.yaml @@ -0,0 +1,58 @@ +id: post-smtp-5dcfc5ea6f05d00ca9432dc6e06a959a + +info: + name: > + Post SMTP Mailer/Email Log <= 2.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5531449-c70f-488f-95ee-5208138968d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-smtp-67e90d47ddcdc0a14625badc3df84c45.yaml b/nuclei-templates/cve-less/plugins/post-smtp-67e90d47ddcdc0a14625badc3df84c45.yaml new file mode 100644 index 0000000000..6e58aba082 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-smtp-67e90d47ddcdc0a14625badc3df84c45.yaml @@ -0,0 +1,58 @@ +id: post-smtp-67e90d47ddcdc0a14625badc3df84c45 + +info: + name: > + POST SMTP Mailer <= 2.0.20 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e018ca7c-06dd-4d40-91d4-4ed188b8aaf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-smtp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-smtp-95f3dcaa4b86abab69cc1c0fd09f80aa.yaml b/nuclei-templates/cve-less/plugins/post-smtp-95f3dcaa4b86abab69cc1c0fd09f80aa.yaml new file mode 100644 index 0000000000..afcc57d594 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-smtp-95f3dcaa4b86abab69cc1c0fd09f80aa.yaml @@ -0,0 +1,58 @@ +id: post-smtp-95f3dcaa4b86abab69cc1c0fd09f80aa + +info: + name: > + POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app API + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e675d64c-cbb8-4f24-9b6f-2597a97b49af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-smtp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-smtp-9886017b189939b50d12738a1b1a19c5.yaml b/nuclei-templates/cve-less/plugins/post-smtp-9886017b189939b50d12738a1b1a19c5.yaml new file mode 100644 index 0000000000..c4516640ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-smtp-9886017b189939b50d12738a1b1a19c5.yaml @@ -0,0 +1,58 @@ +id: post-smtp-9886017b189939b50d12738a1b1a19c5 + +info: + name: > + POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.6 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a317395b-32ab-4a00-9568-b87d7c4f69a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-smtp-afbbe261546ed611413e53ceb7e989bf.yaml b/nuclei-templates/cve-less/plugins/post-smtp-afbbe261546ed611413e53ceb7e989bf.yaml new file mode 100644 index 0000000000..4d2f493e28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-smtp-afbbe261546ed611413e53ceb7e989bf.yaml @@ -0,0 +1,58 @@ +id: post-smtp-afbbe261546ed611413e53ceb7e989bf + +info: + name: > + Post SMTP <= 2.1.6 - Authenticated (Administrator+) Blind Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cfcdc33-f5aa-4ca9-a2b6-30fcba174c85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-smtp-d84a106e9bb81d7dc52eebf9c446c56a.yaml b/nuclei-templates/cve-less/plugins/post-smtp-d84a106e9bb81d7dc52eebf9c446c56a.yaml new file mode 100644 index 0000000000..6db497f869 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-smtp-d84a106e9bb81d7dc52eebf9c446c56a.yaml @@ -0,0 +1,58 @@ +id: post-smtp-d84a106e9bb81d7dc52eebf9c446c56a + +info: + name: > + POST SMTP Mailer <= 2.5.6 - Cross-Site Request Forgery to Account Compromise + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca16602-52e6-4d14-99a5-ca4e26b9f377?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-smtp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-smtp-ff6aea4a9e4f72f85f246b4af5287259.yaml b/nuclei-templates/cve-less/plugins/post-smtp-ff6aea4a9e4f72f85f246b4af5287259.yaml new file mode 100644 index 0000000000..6947daf7a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-smtp-ff6aea4a9e4f72f85f246b4af5287259.yaml @@ -0,0 +1,58 @@ +id: post-smtp-ff6aea4a9e4f72f85f246b4af5287259 + +info: + name: > + POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Unauthenticated Stored Cross-Site Scripting via device + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e8911a3-ce0f-420c-bf2a-1c2929d01cef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-smtp/" + google-query: inurl:"/wp-content/plugins/post-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-snippets-67558508f8127f6d47b6b0749495c9d6.yaml b/nuclei-templates/cve-less/plugins/post-snippets-67558508f8127f6d47b6b0749495c9d6.yaml new file mode 100644 index 0000000000..a7a5267b74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-snippets-67558508f8127f6d47b6b0749495c9d6.yaml @@ -0,0 +1,58 @@ +id: post-snippets-67558508f8127f6d47b6b0749495c9d6 + +info: + name: > + Post Snippets <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'snippet_content' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d10f5cd-d449-46f1-a347-f45a1db65999?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-snippets/" + google-query: inurl:"/wp-content/plugins/post-snippets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-snippets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-snippets-6dabd7288f9bf1aa4314c1230eb61170.yaml b/nuclei-templates/cve-less/plugins/post-snippets-6dabd7288f9bf1aa4314c1230eb61170.yaml new file mode 100644 index 0000000000..d840bae4ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-snippets-6dabd7288f9bf1aa4314c1230eb61170.yaml @@ -0,0 +1,58 @@ +id: post-snippets-6dabd7288f9bf1aa4314c1230eb61170 + +info: + name: > + Post Snippets <= 3.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82acefe0-a839-4721-858d-120326e45664?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-snippets/" + google-query: inurl:"/wp-content/plugins/post-snippets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-snippets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-snippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-snippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-state-tags-615b1160bdc5d2675b75757e17bb7e35.yaml b/nuclei-templates/cve-less/plugins/post-state-tags-615b1160bdc5d2675b75757e17bb7e35.yaml new file mode 100644 index 0000000000..d979332081 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-state-tags-615b1160bdc5d2675b75757e17bb7e35.yaml @@ -0,0 +1,58 @@ +id: post-state-tags-615b1160bdc5d2675b75757e17bb7e35 + +info: + name: > + Post State Tags <= 2.0.6 - Cross-Site Request Forgery to Settings Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a938325-45f5-455b-b2b7-e19e6e22cd0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-state-tags/" + google-query: inurl:"/wp-content/plugins/post-state-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-state-tags,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-state-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-state-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-status-notifier-lite-536f99b9c8b9515938d0ac526d370775.yaml b/nuclei-templates/cve-less/plugins/post-status-notifier-lite-536f99b9c8b9515938d0ac526d370775.yaml new file mode 100644 index 0000000000..93f9dc1a67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-status-notifier-lite-536f99b9c8b9515938d0ac526d370775.yaml @@ -0,0 +1,58 @@ +id: post-status-notifier-lite-536f99b9c8b9515938d0ac526d370775 + +info: + name: > + Post Status Notifier Lite <= 1.10.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bef9fbc-ada5-475d-b630-923483b8fb7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-status-notifier-lite/" + google-query: inurl:"/wp-content/plugins/post-status-notifier-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-status-notifier-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-status-notifier-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-status-notifier-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-status-notifier-lite-fa9b6dc41b62f37cfba851a3e4e1b251.yaml b/nuclei-templates/cve-less/plugins/post-status-notifier-lite-fa9b6dc41b62f37cfba851a3e4e1b251.yaml new file mode 100644 index 0000000000..e70729e6f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-status-notifier-lite-fa9b6dc41b62f37cfba851a3e4e1b251.yaml @@ -0,0 +1,58 @@ +id: post-status-notifier-lite-fa9b6dc41b62f37cfba851a3e4e1b251 + +info: + name: > + Post Status Notifier Lite <= 1.11.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6af1224e-0ed3-4770-96c0-c15cc895d36d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-status-notifier-lite/" + google-query: inurl:"/wp-content/plugins/post-status-notifier-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-status-notifier-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-status-notifier-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-status-notifier-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-teaser-767aeb59e47dca848d0413b31cb3f81a.yaml b/nuclei-templates/cve-less/plugins/post-teaser-767aeb59e47dca848d0413b31cb3f81a.yaml new file mode 100644 index 0000000000..26c3826d46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-teaser-767aeb59e47dca848d0413b31cb3f81a.yaml @@ -0,0 +1,58 @@ +id: post-teaser-767aeb59e47dca848d0413b31cb3f81a + +info: + name: > + Post Teaser <= 4.1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5988fb74-01d1-426f-9a38-62336a59211b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-teaser/" + google-query: inurl:"/wp-content/plugins/post-teaser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-teaser,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-teaser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-teaser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-teaser-db46aef04d74b6695e5a22627a3163f0.yaml b/nuclei-templates/cve-less/plugins/post-teaser-db46aef04d74b6695e5a22627a3163f0.yaml new file mode 100644 index 0000000000..4674e35c1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-teaser-db46aef04d74b6695e5a22627a3163f0.yaml @@ -0,0 +1,58 @@ +id: post-teaser-db46aef04d74b6695e5a22627a3163f0 + +info: + name: > + Post Teaser <= 4.1.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6767cc8e-f327-4891-8d3c-555ba7f5062c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-teaser/" + google-query: inurl:"/wp-content/plugins/post-teaser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-teaser,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-teaser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-teaser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-thumbnail-editor-c06a16f33dee682ac5351a8f0d142a5f.yaml b/nuclei-templates/cve-less/plugins/post-thumbnail-editor-c06a16f33dee682ac5351a8f0d142a5f.yaml new file mode 100644 index 0000000000..202cee248e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-thumbnail-editor-c06a16f33dee682ac5351a8f0d142a5f.yaml @@ -0,0 +1,58 @@ +id: post-thumbnail-editor-c06a16f33dee682ac5351a8f0d142a5f + +info: + name: > + Post Thumbnail Editor <= 2.4.8 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b102af8f-2bc3-4548-9a90-d1280b058173?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-thumbnail-editor/" + google-query: inurl:"/wp-content/plugins/post-thumbnail-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-thumbnail-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-thumbnail-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-thumbnail-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-timeline-d1c35f1b92d2cf694e8384e45db5ef1c.yaml b/nuclei-templates/cve-less/plugins/post-timeline-d1c35f1b92d2cf694e8384e45db5ef1c.yaml new file mode 100644 index 0000000000..e100a23e59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-timeline-d1c35f1b92d2cf694e8384e45db5ef1c.yaml @@ -0,0 +1,58 @@ +id: post-timeline-d1c35f1b92d2cf694e8384e45db5ef1c + +info: + name: > + Post Timeline <= 2.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f75966a5-e593-4c86-842d-c136ae847eb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-timeline/" + google-query: inurl:"/wp-content/plugins/post-timeline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-timeline,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-timeline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-timeline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-title-counter-ae3d9dc541dfd812b33967f0f1087c0a.yaml b/nuclei-templates/cve-less/plugins/post-title-counter-ae3d9dc541dfd812b33967f0f1087c0a.yaml new file mode 100644 index 0000000000..7796d87769 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-title-counter-ae3d9dc541dfd812b33967f0f1087c0a.yaml @@ -0,0 +1,58 @@ +id: post-title-counter-ae3d9dc541dfd812b33967f0f1087c0a + +info: + name: > + Post Title Counter <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5715f3d3-8b88-45bc-a858-3911eeaaf045?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-title-counter/" + google-query: inurl:"/wp-content/plugins/post-title-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-title-counter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-title-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-title-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-to-csv-7b65c39ddbda37096522c90c94a9d953.yaml b/nuclei-templates/cve-less/plugins/post-to-csv-7b65c39ddbda37096522c90c94a9d953.yaml new file mode 100644 index 0000000000..a73d77f2c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-to-csv-7b65c39ddbda37096522c90c94a9d953.yaml @@ -0,0 +1,58 @@ +id: post-to-csv-7b65c39ddbda37096522c90c94a9d953 + +info: + name: > + Post to CSV by BestWebSoft <= 1.3.8 - Authenticated (Author+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3be1a1af-baab-4e57-a2c7-5e6963f986cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-to-csv/" + google-query: inurl:"/wp-content/plugins/post-to-csv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-to-csv,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-to-csv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-to-csv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-to-csv-ebe4222fc5927e1301c1b27600c1ee1b.yaml b/nuclei-templates/cve-less/plugins/post-to-csv-ebe4222fc5927e1301c1b27600c1ee1b.yaml new file mode 100644 index 0000000000..8479aa3704 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-to-csv-ebe4222fc5927e1301c1b27600c1ee1b.yaml @@ -0,0 +1,58 @@ +id: post-to-csv-ebe4222fc5927e1301c1b27600c1ee1b + +info: + name: > + Post to CSV by BestWebSoft <= 1.4.0 - Authenticated (Author+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74f0af24-e4d9-4b89-b91e-c6ec3e3918e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-to-csv/" + google-query: inurl:"/wp-content/plugins/post-to-csv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-to-csv,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-to-csv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-to-csv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-to-google-my-business-b63b7b7e3d30454ea5fbfd364258f1a1.yaml b/nuclei-templates/cve-less/plugins/post-to-google-my-business-b63b7b7e3d30454ea5fbfd364258f1a1.yaml new file mode 100644 index 0000000000..e04a731703 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-to-google-my-business-b63b7b7e3d30454ea5fbfd364258f1a1.yaml @@ -0,0 +1,58 @@ +id: post-to-google-my-business-b63b7b7e3d30454ea5fbfd364258f1a1 + +info: + name: > + Post to Google My Business <= 3.1.14 - Cross-Site Request Forgery to Dismiss Notification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/baa8e48f-769a-4f48-bc47-d55c179d1ca1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-to-google-my-business/" + google-query: inurl:"/wp-content/plugins/post-to-google-my-business/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-to-google-my-business,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-to-google-my-business/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-to-google-my-business" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-to-twitter-b53860895277e266b1fcb14159c31da6.yaml b/nuclei-templates/cve-less/plugins/post-to-twitter-b53860895277e266b1fcb14159c31da6.yaml new file mode 100644 index 0000000000..575c514efd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-to-twitter-b53860895277e266b1fcb14159c31da6.yaml @@ -0,0 +1,58 @@ +id: post-to-twitter-b53860895277e266b1fcb14159c31da6 + +info: + name: > + Post to Twitter <= 0.7 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0d8d660-4f8f-4fd5-b001-b182219cf327?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-to-twitter/" + google-query: inurl:"/wp-content/plugins/post-to-twitter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-to-twitter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-to-twitter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-to-twitter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-type-x-1d0458d81b174356717b00e4b0b273b5.yaml b/nuclei-templates/cve-less/plugins/post-type-x-1d0458d81b174356717b00e4b0b273b5.yaml new file mode 100644 index 0000000000..f0f137b158 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-type-x-1d0458d81b174356717b00e4b0b273b5.yaml @@ -0,0 +1,58 @@ +id: post-type-x-1d0458d81b174356717b00e4b0b273b5 + +info: + name: > + Product Catalog Simple <= 1.5.13 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36e098fe-d1f9-4c8f-ae6b-222cbd5976b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-type-x/" + google-query: inurl:"/wp-content/plugins/post-type-x/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-type-x,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-type-x/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-type-x" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-type-x-965fb6d33351fd23a3e7b31a7c69feff.yaml b/nuclei-templates/cve-less/plugins/post-type-x-965fb6d33351fd23a3e7b31a7c69feff.yaml new file mode 100644 index 0000000000..73ba782561 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-type-x-965fb6d33351fd23a3e7b31a7c69feff.yaml @@ -0,0 +1,58 @@ +id: post-type-x-965fb6d33351fd23a3e7b31a7c69feff + +info: + name: > + Product Catalog Simple <= 1.6.17 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd58adb-31cd-49e2-9c9d-e248b4b0a778?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-type-x/" + google-query: inurl:"/wp-content/plugins/post-type-x/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-type-x,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-type-x/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-type-x" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-type-x-c1d2bd9a1bb88b5b9cb365bbd2698cbe.yaml b/nuclei-templates/cve-less/plugins/post-type-x-c1d2bd9a1bb88b5b9cb365bbd2698cbe.yaml new file mode 100644 index 0000000000..33c707fc44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-type-x-c1d2bd9a1bb88b5b9cb365bbd2698cbe.yaml @@ -0,0 +1,58 @@ +id: post-type-x-c1d2bd9a1bb88b5b9cb365bbd2698cbe + +info: + name: > + Product Catalog Simple <= 1.7.6 - Sensitive Information Exposure via Product CSV + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f4099b3-6c79-42c2-be41-4ad8d73cc2b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-type-x/" + google-query: inurl:"/wp-content/plugins/post-type-x/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-type-x,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-type-x/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-type-x" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-views-counter-71955a966b82cf2219c81131b80c408e.yaml b/nuclei-templates/cve-less/plugins/post-views-counter-71955a966b82cf2219c81131b80c408e.yaml new file mode 100644 index 0000000000..8638076d2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-views-counter-71955a966b82cf2219c81131b80c408e.yaml @@ -0,0 +1,58 @@ +id: post-views-counter-71955a966b82cf2219c81131b80c408e + +info: + name: > + Post Views Counter <= 1.3.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e76c4b3-af77-4c02-a923-f04a360fa6e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-views-counter/" + google-query: inurl:"/wp-content/plugins/post-views-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-views-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-views-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-views-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-views-counter-f4088a6dda890a2dfcb23a5a06369d61.yaml b/nuclei-templates/cve-less/plugins/post-views-counter-f4088a6dda890a2dfcb23a5a06369d61.yaml new file mode 100644 index 0000000000..64b90e67d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-views-counter-f4088a6dda890a2dfcb23a5a06369d61.yaml @@ -0,0 +1,58 @@ +id: post-views-counter-f4088a6dda890a2dfcb23a5a06369d61 + +info: + name: > + Post Views Counter <= 1.4.4 - Cross-Site Request Forgery via save_bulk_post_views() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cee1253-52e5-4676-8a7a-ac71df0786ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-views-counter/" + google-query: inurl:"/wp-content/plugins/post-views-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-views-counter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-views-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-views-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/post-views-stats-1e717f9147d850249e106a439e5cf9f6.yaml b/nuclei-templates/cve-less/plugins/post-views-stats-1e717f9147d850249e106a439e5cf9f6.yaml new file mode 100644 index 0000000000..42c2c0be9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/post-views-stats-1e717f9147d850249e106a439e5cf9f6.yaml @@ -0,0 +1,58 @@ +id: post-views-stats-1e717f9147d850249e106a439e5cf9f6 + +info: + name: > + Post views Stats <= 1.3 - Reflected Cross-Site Scripting via from and to + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31eb7dd4-3bd1-41e8-875a-e40a7f16296d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/post-views-stats/" + google-query: inurl:"/wp-content/plugins/post-views-stats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,post-views-stats,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/post-views-stats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "post-views-stats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/postaffiliatepro-107104bc14e921090e757f0c5c64d34d.yaml b/nuclei-templates/cve-less/plugins/postaffiliatepro-107104bc14e921090e757f0c5c64d34d.yaml new file mode 100644 index 0000000000..e3b7849b49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/postaffiliatepro-107104bc14e921090e757f0c5c64d34d.yaml @@ -0,0 +1,58 @@ +id: postaffiliatepro-107104bc14e921090e757f0c5c64d34d + +info: + name: > + Post Affiliate Pro <= 1.24.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8db8adba-347f-4bdc-8215-23b6f8eb0327?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/postaffiliatepro/" + google-query: inurl:"/wp-content/plugins/postaffiliatepro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,postaffiliatepro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postaffiliatepro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postaffiliatepro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/postie-2555356e703532b9bbe5578b47fffbdf.yaml b/nuclei-templates/cve-less/plugins/postie-2555356e703532b9bbe5578b47fffbdf.yaml new file mode 100644 index 0000000000..5030eae6e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/postie-2555356e703532b9bbe5578b47fffbdf.yaml @@ -0,0 +1,58 @@ +id: postie-2555356e703532b9bbe5578b47fffbdf + +info: + name: > + Postie < 1.4.10 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67176209-443c-4f66-b5a8-1dde2f7f0837?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/postie/" + google-query: inurl:"/wp-content/plugins/postie/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,postie,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/postie-6f78bc0495c69824a3ef08a95ff8b518.yaml b/nuclei-templates/cve-less/plugins/postie-6f78bc0495c69824a3ef08a95ff8b518.yaml new file mode 100644 index 0000000000..4fbcd0ac1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/postie-6f78bc0495c69824a3ef08a95ff8b518.yaml @@ -0,0 +1,58 @@ +id: postie-6f78bc0495c69824a3ef08a95ff8b518 + +info: + name: > + Postie <= 1.9.40 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9545264-0434-4976-b94e-4e520e5ae9c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/postie/" + google-query: inurl:"/wp-content/plugins/postie/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,postie,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/postie-727d4fbf362548e62940ac117a3d3c3a.yaml b/nuclei-templates/cve-less/plugins/postie-727d4fbf362548e62940ac117a3d3c3a.yaml new file mode 100644 index 0000000000..e2e5dac33d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/postie-727d4fbf362548e62940ac117a3d3c3a.yaml @@ -0,0 +1,58 @@ +id: postie-727d4fbf362548e62940ac117a3d3c3a + +info: + name: > + Postie <= 1.9.40 - Post Submission Spoofing & Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57a5b6d9-92dc-488a-a3f2-b3c09361aefe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/postie/" + google-query: inurl:"/wp-content/plugins/postie/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,postie,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/postmagthemes-demo-import-4f73853f1fed7601f5de786bcd020099.yaml b/nuclei-templates/cve-less/plugins/postmagthemes-demo-import-4f73853f1fed7601f5de786bcd020099.yaml new file mode 100644 index 0000000000..3e73f87df9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/postmagthemes-demo-import-4f73853f1fed7601f5de786bcd020099.yaml @@ -0,0 +1,58 @@ +id: postmagthemes-demo-import-4f73853f1fed7601f5de786bcd020099 + +info: + name: > + PostmagThemes Demo Import <= 1.0.9 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1fd2f3-7f3a-4227-b013-95e4ec59fce4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/postmagthemes-demo-import/" + google-query: inurl:"/wp-content/plugins/postmagthemes-demo-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,postmagthemes-demo-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postmagthemes-demo-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postmagthemes-demo-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/postman-smtp-afe901ac8a088fbc034c09cb75a2f817.yaml b/nuclei-templates/cve-less/plugins/postman-smtp-afe901ac8a088fbc034c09cb75a2f817.yaml new file mode 100644 index 0000000000..bb22e25e09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/postman-smtp-afe901ac8a088fbc034c09cb75a2f817.yaml @@ -0,0 +1,58 @@ +id: postman-smtp-afe901ac8a088fbc034c09cb75a2f817 + +info: + name: > + Postman SMTP <= 1.7.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0df7f4-d916-414a-8d03-941aab06a001?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/postman-smtp/" + google-query: inurl:"/wp-content/plugins/postman-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,postman-smtp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postman-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postman-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/postmash-4be4ac2753725fa5dd456a071085e7cc.yaml b/nuclei-templates/cve-less/plugins/postmash-4be4ac2753725fa5dd456a071085e7cc.yaml new file mode 100644 index 0000000000..4b4803f8da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/postmash-4be4ac2753725fa5dd456a071085e7cc.yaml @@ -0,0 +1,58 @@ +id: postmash-4be4ac2753725fa5dd456a071085e7cc + +info: + name: > + postMash – custom post order <= 1.2.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cab1bef-c8c5-45ee-921e-0d01736e74c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/postmash/" + google-query: inurl:"/wp-content/plugins/postmash/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,postmash,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postmash/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postmash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/postmash-858a26ea9a23abdcedc5d015a7d5aad8.yaml b/nuclei-templates/cve-less/plugins/postmash-858a26ea9a23abdcedc5d015a7d5aad8.yaml new file mode 100644 index 0000000000..9f840bef21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/postmash-858a26ea9a23abdcedc5d015a7d5aad8.yaml @@ -0,0 +1,58 @@ +id: postmash-858a26ea9a23abdcedc5d015a7d5aad8 + +info: + name: > + postMash – custom post order <= 1.2.0 - Reflected Cross-Site Scripting via m + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f219b6ea-58b9-455e-a99d-8412661c8e39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/postmash/" + google-query: inurl:"/wp-content/plugins/postmash/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,postmash,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postmash/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postmash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/postmatic-364140ec5050587d4743f8ad888c8004.yaml b/nuclei-templates/cve-less/plugins/postmatic-364140ec5050587d4743f8ad888c8004.yaml new file mode 100644 index 0000000000..fc88b0897e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/postmatic-364140ec5050587d4743f8ad888c8004.yaml @@ -0,0 +1,58 @@ +id: postmatic-364140ec5050587d4743f8ad888c8004 + +info: + name: > + Replyable – Subscribe to Comments and Reply by Email < 1.4.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9a3d3c3-278b-46c7-87d0-53528d616951?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/postmatic/" + google-query: inurl:"/wp-content/plugins/postmatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,postmatic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postmatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postmatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/postmatic-77c6557ed6d5a269f424f3a44bdb8307.yaml b/nuclei-templates/cve-less/plugins/postmatic-77c6557ed6d5a269f424f3a44bdb8307.yaml new file mode 100644 index 0000000000..1dfee41662 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/postmatic-77c6557ed6d5a269f424f3a44bdb8307.yaml @@ -0,0 +1,58 @@ +id: postmatic-77c6557ed6d5a269f424f3a44bdb8307 + +info: + name: > + Replyable – Subscribe to Comments and Reply by Email <= 2.2.9 - Authenticated (Subscriber+) PHP Object Injection via prompt_dismiss_notice + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1105dc3-222f-46a5-a9b1-74c11923f886?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/postmatic/" + google-query: inurl:"/wp-content/plugins/postmatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,postmatic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/postmatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "postmatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/posts-and-users-stats-d94e06192974b1fb1b08b2e10b17630f.yaml b/nuclei-templates/cve-less/plugins/posts-and-users-stats-d94e06192974b1fb1b08b2e10b17630f.yaml new file mode 100644 index 0000000000..de0d32ace0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/posts-and-users-stats-d94e06192974b1fb1b08b2e10b17630f.yaml @@ -0,0 +1,58 @@ +id: posts-and-users-stats-d94e06192974b1fb1b08b2e10b17630f + +info: + name: > + Posts and Users Stats <= 1.1.3 - Authenticated (Subscriber+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/766c2aa5-e829-45b9-b6e3-0a522a0977d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/posts-and-users-stats/" + google-query: inurl:"/wp-content/plugins/posts-and-users-stats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,posts-and-users-stats,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/posts-and-users-stats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "posts-and-users-stats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/posts-in-page-4146040381375fe3470534dfb0d8c368.yaml b/nuclei-templates/cve-less/plugins/posts-in-page-4146040381375fe3470534dfb0d8c368.yaml new file mode 100644 index 0000000000..6681ab755b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/posts-in-page-4146040381375fe3470534dfb0d8c368.yaml @@ -0,0 +1,58 @@ +id: posts-in-page-4146040381375fe3470534dfb0d8c368 + +info: + name: > + Posts in Page <= 1.2.4 - Authenticated Directory Traversal leading to Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a806bc8-cff4-47ff-a295-82520c9079e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/posts-in-page/" + google-query: inurl:"/wp-content/plugins/posts-in-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,posts-in-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/posts-in-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "posts-in-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/posts-like-dislike-a6ade812b7794f2ce71092e01b3f3441.yaml b/nuclei-templates/cve-less/plugins/posts-like-dislike-a6ade812b7794f2ce71092e01b3f3441.yaml new file mode 100644 index 0000000000..540c20fd84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/posts-like-dislike-a6ade812b7794f2ce71092e01b3f3441.yaml @@ -0,0 +1,58 @@ +id: posts-like-dislike-a6ade812b7794f2ce71092e01b3f3441 + +info: + name: > + Posts Like Dislike <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Setting Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8babc42a-c45c-423f-bd09-da7afb947691?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/posts-like-dislike/" + google-query: inurl:"/wp-content/plugins/posts-like-dislike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,posts-like-dislike,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/posts-like-dislike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "posts-like-dislike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/posts-to-page-f4bf91007a25d09c25ce2d7dd70ab2fa.yaml b/nuclei-templates/cve-less/plugins/posts-to-page-f4bf91007a25d09c25ce2d7dd70ab2fa.yaml new file mode 100644 index 0000000000..ae6dc34c68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/posts-to-page-f4bf91007a25d09c25ce2d7dd70ab2fa.yaml @@ -0,0 +1,58 @@ +id: posts-to-page-f4bf91007a25d09c25ce2d7dd70ab2fa + +info: + name: > + Posts to Page <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e5fdaae-3ef2-477e-b79b-0b6e415edb40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/posts-to-page/" + google-query: inurl:"/wp-content/plugins/posts-to-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,posts-to-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/posts-to-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "posts-to-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/posttabs-03debccd2847f0f3861af391ac774ecf.yaml b/nuclei-templates/cve-less/plugins/posttabs-03debccd2847f0f3861af391ac774ecf.yaml new file mode 100644 index 0000000000..8473a04294 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/posttabs-03debccd2847f0f3861af391ac774ecf.yaml @@ -0,0 +1,58 @@ +id: posttabs-03debccd2847f0f3861af391ac774ecf + +info: + name: > + postTabs <= 2.10.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f908837d-2bba-45db-b005-f685a33cd71e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/posttabs/" + google-query: inurl:"/wp-content/plugins/posttabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,posttabs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/posttabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "posttabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/power-zoomer-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/power-zoomer-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..4b574d5a4e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/power-zoomer-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: power-zoomer-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/power-zoomer/" + google-query: inurl:"/wp-content/plugins/power-zoomer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,power-zoomer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/power-zoomer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "power-zoomer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerkit-54dc33c4a20161d9ec4e865b2de44997.yaml b/nuclei-templates/cve-less/plugins/powerkit-54dc33c4a20161d9ec4e865b2de44997.yaml new file mode 100644 index 0000000000..49984ba00d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerkit-54dc33c4a20161d9ec4e865b2de44997.yaml @@ -0,0 +1,58 @@ +id: powerkit-54dc33c4a20161d9ec4e865b2de44997 + +info: + name: > + Powerkit – Supercharge your WordPress Site <= 2.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efb816e4-c07f-4e72-bfd3-06d83ed4d642?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerkit/" + google-query: inurl:"/wp-content/plugins/powerkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-addon-for-beaver-builder-97dd2eef8600f91fddf3cdf090566811.yaml b/nuclei-templates/cve-less/plugins/powerpack-addon-for-beaver-builder-97dd2eef8600f91fddf3cdf090566811.yaml new file mode 100644 index 0000000000..13855cbcb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-addon-for-beaver-builder-97dd2eef8600f91fddf3cdf090566811.yaml @@ -0,0 +1,58 @@ +id: powerpack-addon-for-beaver-builder-97dd2eef8600f91fddf3cdf090566811 + +info: + name: > + PowerPack Lite for Beaver Builder <= 1.3.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via element link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a22c7b45-752c-482d-8812-888d5bc3d630?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-addon-for-beaver-builder/" + google-query: inurl:"/wp-content/plugins/powerpack-addon-for-beaver-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-addon-for-beaver-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-addon-for-beaver-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-addon-for-beaver-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-addon-for-beaver-builder-e22d00de70da89c7d78c2d123c0c7293.yaml b/nuclei-templates/cve-less/plugins/powerpack-addon-for-beaver-builder-e22d00de70da89c7d78c2d123c0c7293.yaml new file mode 100644 index 0000000000..629ee38f6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-addon-for-beaver-builder-e22d00de70da89c7d78c2d123c0c7293.yaml @@ -0,0 +1,58 @@ +id: powerpack-addon-for-beaver-builder-e22d00de70da89c7d78c2d123c0c7293 + +info: + name: > + PowerPack Lite for Beaver Builder <= 1.2.9.2 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d992a9cf-f24c-4c82-a56b-22394524ba3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-addon-for-beaver-builder/" + google-query: inurl:"/wp-content/plugins/powerpack-addon-for-beaver-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-addon-for-beaver-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-addon-for-beaver-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-addon-for-beaver-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-elements-32838841eaf8293770fe8af6d9dab7cc.yaml b/nuclei-templates/cve-less/plugins/powerpack-elements-32838841eaf8293770fe8af6d9dab7cc.yaml new file mode 100644 index 0000000000..731b866dd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-elements-32838841eaf8293770fe8af6d9dab7cc.yaml @@ -0,0 +1,58 @@ +id: powerpack-elements-32838841eaf8293770fe8af6d9dab7cc + +info: + name: > + PowerPack Pro for Elementor <= 2.10.6 - Missing Authorization to Settings Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/883e1f3c-7e47-4522-ae8c-a9a6b4160be2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-elements/" + google-query: inurl:"/wp-content/plugins/powerpack-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-elements,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-elements-89d7a5b57e6d3259874bdbb477d35f08.yaml b/nuclei-templates/cve-less/plugins/powerpack-elements-89d7a5b57e6d3259874bdbb477d35f08.yaml new file mode 100644 index 0000000000..f6a19e7a34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-elements-89d7a5b57e6d3259874bdbb477d35f08.yaml @@ -0,0 +1,58 @@ +id: powerpack-elements-89d7a5b57e6d3259874bdbb477d35f08 + +info: + name: > + PowerPack Pro for Elementor <= 2.9.23 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2feabc97-0463-4e50-91a8-234445ca2504?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-elements/" + google-query: inurl:"/wp-content/plugins/powerpack-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-elements,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-elements-910629dfad061ef1cd89c571481e8f0a.yaml b/nuclei-templates/cve-less/plugins/powerpack-elements-910629dfad061ef1cd89c571481e8f0a.yaml new file mode 100644 index 0000000000..6a5a275614 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-elements-910629dfad061ef1cd89c571481e8f0a.yaml @@ -0,0 +1,58 @@ +id: powerpack-elements-910629dfad061ef1cd89c571481e8f0a + +info: + name: > + PowerPack Pro for Elementor < 2.10.8 - Cross-Site Request Forgery to Plugin Settings Modification and Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e68bbee2-1c1a-4751-988e-dde423f8aab3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-elements/" + google-query: inurl:"/wp-content/plugins/powerpack-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-elements,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.10.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-1e3008e9a413fca6d1323b62a2743a7d.yaml b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-1e3008e9a413fca6d1323b62a2743a7d.yaml new file mode 100644 index 0000000000..ec8a62a9fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-1e3008e9a413fca6d1323b62a2743a7d.yaml @@ -0,0 +1,58 @@ +id: powerpack-lite-for-elementor-1e3008e9a413fca6d1323b62a2743a7d + +info: + name: > + PowerPack Addons for Elementor <= 2.7.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Tweet Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11386b6a-632c-451a-b726-846f74b6f42d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/" + google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-lite-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-lite-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-328a1085ce78b77ac077833dbb3621ab.yaml b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-328a1085ce78b77ac077833dbb3621ab.yaml new file mode 100644 index 0000000000..2df0622487 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-328a1085ce78b77ac077833dbb3621ab.yaml @@ -0,0 +1,58 @@ +id: powerpack-lite-for-elementor-328a1085ce78b77ac077833dbb3621ab + +info: + name: > + PowerPack Addons for Elementor <= 2.7.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Buttons Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64480862-c076-4ea9-a03b-9aed81f876d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/" + google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-lite-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-lite-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-6a1e6967396b1126582c6ee0a5fede17.yaml b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-6a1e6967396b1126582c6ee0a5fede17.yaml new file mode 100644 index 0000000000..a6be2b6e57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-6a1e6967396b1126582c6ee0a5fede17.yaml @@ -0,0 +1,58 @@ +id: powerpack-lite-for-elementor-6a1e6967396b1126582c6ee0a5fede17 + +info: + name: > + PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/036cf299-80c2-48a8-befc-02899ab96e3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/" + google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-lite-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-lite-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-7cdc1189a823c084ca0c2c88ab1e4c6a.yaml b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-7cdc1189a823c084ca0c2c88ab1e4c6a.yaml new file mode 100644 index 0000000000..8928d01e29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-7cdc1189a823c084ca0c2c88ab1e4c6a.yaml @@ -0,0 +1,58 @@ +id: powerpack-lite-for-elementor-7cdc1189a823c084ca0c2c88ab1e4c6a + +info: + name: > + PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe2cfc96-63f4-4e4b-bf49-6031594a4805?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/" + google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-lite-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-lite-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-b041552e80a8d76e86ae11341bcea94f.yaml b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-b041552e80a8d76e86ae11341bcea94f.yaml new file mode 100644 index 0000000000..d11f4ec92c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-b041552e80a8d76e86ae11341bcea94f.yaml @@ -0,0 +1,58 @@ +id: powerpack-lite-for-elementor-b041552e80a8d76e86ae11341bcea94f + +info: + name: > + PowerPack Addons for Elementor <= 2.7.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via *_html_tag* + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22c4b981-6135-4c44-aa68-f0d51704a68c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/" + google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-lite-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-lite-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-bc9d2ff303507ede4dc68917dcd5ae6c.yaml b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-bc9d2ff303507ede4dc68917dcd5ae6c.yaml new file mode 100644 index 0000000000..5bf3171808 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-bc9d2ff303507ede4dc68917dcd5ae6c.yaml @@ -0,0 +1,58 @@ +id: powerpack-lite-for-elementor-bc9d2ff303507ede4dc68917dcd5ae6c + +info: + name: > + PowerPack Addons for Elementor <= 2.6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22fd58a6-2bcb-4190-8440-a7df7848ad9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/" + google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-lite-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-lite-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-e94aceaf63920aa3eb4b9932eb00b35a.yaml b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-e94aceaf63920aa3eb4b9932eb00b35a.yaml new file mode 100644 index 0000000000..95c410c613 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpack-lite-for-elementor-e94aceaf63920aa3eb4b9932eb00b35a.yaml @@ -0,0 +1,58 @@ +id: powerpack-lite-for-elementor-e94aceaf63920aa3eb4b9932eb00b35a + +info: + name: > + PowerPack Addons for Elementor <= 2.3.1 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/609d9ecf-4f91-4a78-ad8c-22e436c000ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpack-lite-for-elementor/" + google-query: inurl:"/wp-content/plugins/powerpack-lite-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpack-lite-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpack-lite-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpack-lite-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpress-09573bbd55ffbde9d233ad38438e8f66.yaml b/nuclei-templates/cve-less/plugins/powerpress-09573bbd55ffbde9d233ad38438e8f66.yaml new file mode 100644 index 0000000000..feb06465f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpress-09573bbd55ffbde9d233ad38438e8f66.yaml @@ -0,0 +1,58 @@ +id: powerpress-09573bbd55ffbde9d233ad38438e8f66 + +info: + name: > + PowerPress <= 11.0.6 - Authenticated (Contributor+) Server-Side Request Forgery via wp_ajax_powerpress_media_info + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/031c31b2-6e27-47bb-9f63-2bbaa1edbbb2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpress/" + google-query: inurl:"/wp-content/plugins/powerpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpress-2a2fe738939a9e67d5cb46ca54ca2af9.yaml b/nuclei-templates/cve-less/plugins/powerpress-2a2fe738939a9e67d5cb46ca54ca2af9.yaml new file mode 100644 index 0000000000..9cf2ae7b45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpress-2a2fe738939a9e67d5cb46ca54ca2af9.yaml @@ -0,0 +1,58 @@ +id: powerpress-2a2fe738939a9e67d5cb46ca54ca2af9 + +info: + name: > + PowerPress <= 8.3.7 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc987edf-5a68-4baf-947c-e623c85ec659?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpress/" + google-query: inurl:"/wp-content/plugins/powerpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpress-86221a41117bb12070fda480ca17a28c.yaml b/nuclei-templates/cve-less/plugins/powerpress-86221a41117bb12070fda480ca17a28c.yaml new file mode 100644 index 0000000000..c2209ff534 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpress-86221a41117bb12070fda480ca17a28c.yaml @@ -0,0 +1,58 @@ +id: powerpress-86221a41117bb12070fda480ca17a28c + +info: + name: > + PowerPress <= 6.0.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5820352-a271-43c6-950d-815402241362?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpress/" + google-query: inurl:"/wp-content/plugins/powerpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpress-bb853e4203fd77e0eccd7981cc19970b.yaml b/nuclei-templates/cve-less/plugins/powerpress-bb853e4203fd77e0eccd7981cc19970b.yaml new file mode 100644 index 0000000000..c6d121cd0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpress-bb853e4203fd77e0eccd7981cc19970b.yaml @@ -0,0 +1,58 @@ +id: powerpress-bb853e4203fd77e0eccd7981cc19970b + +info: + name: > + PowerPress <= 10.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c40c28f-554f-42d0-9f6d-a899d8f61519?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpress/" + google-query: inurl:"/wp-content/plugins/powerpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpress-d2b59825f91765366d354ae0bca502ca.yaml b/nuclei-templates/cve-less/plugins/powerpress-d2b59825f91765366d354ae0bca502ca.yaml new file mode 100644 index 0000000000..ec1782d071 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpress-d2b59825f91765366d354ae0bca502ca.yaml @@ -0,0 +1,58 @@ +id: powerpress-d2b59825f91765366d354ae0bca502ca + +info: + name: > + PowerPress <= 10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44583cb7-bc32-4e62-8431-f5f1f6baeff2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpress/" + google-query: inurl:"/wp-content/plugins/powerpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpress-d401832f82eae4d4b25c6742ae7df7ee.yaml b/nuclei-templates/cve-less/plugins/powerpress-d401832f82eae4d4b25c6742ae7df7ee.yaml new file mode 100644 index 0000000000..f10c2cce87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpress-d401832f82eae4d4b25c6742ae7df7ee.yaml @@ -0,0 +1,58 @@ +id: powerpress-d401832f82eae4d4b25c6742ae7df7ee + +info: + name: > + PowerPress <= 6.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00c022a9-2062-4e99-8911-8cfad929a783?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpress/" + google-query: inurl:"/wp-content/plugins/powerpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powerpress-e8a960f3022a61734bef50d7f60e4d17.yaml b/nuclei-templates/cve-less/plugins/powerpress-e8a960f3022a61734bef50d7f60e4d17.yaml new file mode 100644 index 0000000000..7fc366398b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powerpress-e8a960f3022a61734bef50d7f60e4d17.yaml @@ -0,0 +1,58 @@ +id: powerpress-e8a960f3022a61734bef50d7f60e4d17 + +info: + name: > + PowerPress <= 11.0.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Media URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae8c888e-46ed-468f-a5d5-74a7f9d01a36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powerpress/" + google-query: inurl:"/wp-content/plugins/powerpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powerpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powerpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powerpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 11.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powr-pack-788f2a7e634374198c6c99e174e2830a.yaml b/nuclei-templates/cve-less/plugins/powr-pack-788f2a7e634374198c6c99e174e2830a.yaml new file mode 100644 index 0000000000..202dc902d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powr-pack-788f2a7e634374198c6c99e174e2830a.yaml @@ -0,0 +1,58 @@ +id: powr-pack-788f2a7e634374198c6c99e174e2830a + +info: + name: > + Powr Pack <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e67ce3b-144f-4ce1-b658-47d865312c6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powr-pack/" + google-query: inurl:"/wp-content/plugins/powr-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powr-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powr-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powr-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/powr-pack-eda45ed9fd55d54d8bc8631b38650581.yaml b/nuclei-templates/cve-less/plugins/powr-pack-eda45ed9fd55d54d8bc8631b38650581.yaml new file mode 100644 index 0000000000..4face8696f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/powr-pack-eda45ed9fd55d54d8bc8631b38650581.yaml @@ -0,0 +1,58 @@ +id: powr-pack-eda45ed9fd55d54d8bc8631b38650581 + +info: + name: > + POWR <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2967eae-82bb-4556-a21a-c5bb6b905c62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/powr-pack/" + google-query: inurl:"/wp-content/plugins/powr-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,powr-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/powr-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "powr-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/prdctfltr-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/prdctfltr-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..61b4c12abe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/prdctfltr-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: prdctfltr-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/prdctfltr/" + google-query: inurl:"/wp-content/plugins/prdctfltr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,prdctfltr,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/prdctfltr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "prdctfltr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pre-orders-for-woocommerce-f8654e70b61d2e52e5f038a5f0414371.yaml b/nuclei-templates/cve-less/plugins/pre-orders-for-woocommerce-f8654e70b61d2e52e5f038a5f0414371.yaml new file mode 100644 index 0000000000..9e9522e4ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pre-orders-for-woocommerce-f8654e70b61d2e52e5f038a5f0414371.yaml @@ -0,0 +1,58 @@ +id: pre-orders-for-woocommerce-f8654e70b61d2e52e5f038a5f0414371 + +info: + name: > + Pre-Orders for WooCommerce <= 1.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb2776d8-1e2f-46fb-9d3b-693c8fa115b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pre-orders-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/pre-orders-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pre-orders-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pre-orders-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pre-orders-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pre-party-browser-hints-c47827133b1c48070f46a59d37c27728.yaml b/nuclei-templates/cve-less/plugins/pre-party-browser-hints-c47827133b1c48070f46a59d37c27728.yaml new file mode 100644 index 0000000000..2eaaae465d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pre-party-browser-hints-c47827133b1c48070f46a59d37c27728.yaml @@ -0,0 +1,58 @@ +id: pre-party-browser-hints-c47827133b1c48070f46a59d37c27728 + +info: + name: > + Pre* Party Resource Hints < 1.8.19 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c043945-d327-4f26-98b4-99ac5b4761f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pre-party-browser-hints/" + google-query: inurl:"/wp-content/plugins/pre-party-browser-hints/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pre-party-browser-hints,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pre-party-browser-hints/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pre-party-browser-hints" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pre-publish-checklist-d84e75d6c9c8d0a3d0da84beaba7027f.yaml b/nuclei-templates/cve-less/plugins/pre-publish-checklist-d84e75d6c9c8d0a3d0da84beaba7027f.yaml new file mode 100644 index 0000000000..e74a91236c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pre-publish-checklist-d84e75d6c9c8d0a3d0da84beaba7027f.yaml @@ -0,0 +1,58 @@ +id: pre-publish-checklist-d84e75d6c9c8d0a3d0da84beaba7027f + +info: + name: > + Pre-Publish Checklist <= 1.1.1 - Insecure Direct Object Reference to Arbitrary Post '_ppc_meta_key' Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e00a06c-9623-48e0-b212-20a2f1e7e640?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pre-publish-checklist/" + google-query: inurl:"/wp-content/plugins/pre-publish-checklist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pre-publish-checklist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pre-publish-checklist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pre-publish-checklist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/preloader-for-website-2c9e7a14e26b36ebcb4ba9bbe208df94.yaml b/nuclei-templates/cve-less/plugins/preloader-for-website-2c9e7a14e26b36ebcb4ba9bbe208df94.yaml new file mode 100644 index 0000000000..5ecb95f15c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/preloader-for-website-2c9e7a14e26b36ebcb4ba9bbe208df94.yaml @@ -0,0 +1,58 @@ +id: preloader-for-website-2c9e7a14e26b36ebcb4ba9bbe208df94 + +info: + name: > + Preloader for Website <= 1.2.2 - Missing Authorization via plwao_register_settings() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cfc38c0-f940-4c4d-ba7b-0d772146ea2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/preloader-for-website/" + google-query: inurl:"/wp-content/plugins/preloader-for-website/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,preloader-for-website,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/preloader-for-website/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "preloader-for-website" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-07fd6d4168c19a2706208ce105fc7279.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-07fd6d4168c19a2706208ce105fc7279.yaml new file mode 100644 index 0000000000..8b939adce5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-07fd6d4168c19a2706208ce105fc7279.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-07fd6d4168c19a2706208ce105fc7279 + +info: + name: > + Premium Addons for Elementor <= 4.10.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cab56873-f79c-4fd2-8d40-ee4a338cbe8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-17011bf78eb7cb3c3509ef0727f15b97.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-17011bf78eb7cb3c3509ef0727f15b97.yaml new file mode 100644 index 0000000000..76910582c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-17011bf78eb7cb3c3509ef0727f15b97.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-17011bf78eb7cb3c3509ef0727f15b97 + +info: + name: > + Premium Addons for Elementor <= 4.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51fab95e-336d-4544-8b8e-c4e9002321ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-285480d3186a91d1e0ed6c347ab46652.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-285480d3186a91d1e0ed6c347ab46652.yaml new file mode 100644 index 0000000000..13be5341b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-285480d3186a91d1e0ed6c347ab46652.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-285480d3186a91d1e0ed6c347ab46652 + +info: + name: > + Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'arrow_style' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48fdece5-2996-426f-b77c-ae0b35bcd0ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-5332275b2ed1bab71594c8fbd6d44f11.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-5332275b2ed1bab71594c8fbd6d44f11.yaml new file mode 100644 index 0000000000..a38f1ecf4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-5332275b2ed1bab71594c8fbd6d44f11.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-5332275b2ed1bab71594c8fbd6d44f11 + +info: + name: > + Premium Addons for Elementor <= 4.10.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Banner, Team Members, and Image Scroll Widgets + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e2d0b38-8241-456f-a79b-5d31132b3233?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-53bbdc5768caf77b3864368c8b4ad9d8.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-53bbdc5768caf77b3864368c8b4ad9d8.yaml new file mode 100644 index 0000000000..c3eb0522be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-53bbdc5768caf77b3864368c8b4ad9d8.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-53bbdc5768caf77b3864368c8b4ad9d8 + +info: + name: > + Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1026b753-e82b-4fa3-9023-c36ab9863b29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-5830898462cdce464207b0d4b8cd2848.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-5830898462cdce464207b0d4b8cd2848.yaml new file mode 100644 index 0000000000..220d265766 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-5830898462cdce464207b0d4b8cd2848.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-5830898462cdce464207b0d4b8cd2848 + +info: + name: > + Premium Addons for Elementor <= 4.10.22 - Authenticated (Contributor+) Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a78fced7-8c8c-4e98-8f06-2eea845cfb26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-5f4d629f81f40ae82d44c4c8c94e12ba.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-5f4d629f81f40ae82d44c4c8c94e12ba.yaml new file mode 100644 index 0000000000..3bfc937adc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-5f4d629f81f40ae82d44c4c8c94e12ba.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-5f4d629f81f40ae82d44c4c8c94e12ba + +info: + name: > + Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccb7e94c-385e-4ce9-acfa-978403047159?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-63b73f38de8e42ff42c365ddf35b05de.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-63b73f38de8e42ff42c365ddf35b05de.yaml new file mode 100644 index 0000000000..2b7c247f34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-63b73f38de8e42ff42c365ddf35b05de.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-63b73f38de8e42ff42c365ddf35b05de + +info: + name: > + Premium Addons for Elementor <= 4.10.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via onClick Events + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61bac919-90be-4fb5-859a-d135e87fe0bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-7346b5c5cde69749b42ec0dfced7a750.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-7346b5c5cde69749b42ec0dfced7a750.yaml new file mode 100644 index 0000000000..5b0b6c8d87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-7346b5c5cde69749b42ec0dfced7a750.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-7346b5c5cde69749b42ec0dfced7a750 + +info: + name: > + Premium Addons for Elementor <= 4.10.16 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7222c7e-939a-4666-9d01-f715d2827954?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-9196735e9e9fe6dd44235b7e0a53bb60.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-9196735e9e9fe6dd44235b7e0a53bb60.yaml new file mode 100644 index 0000000000..0f3393355e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-9196735e9e9fe6dd44235b7e0a53bb60.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-9196735e9e9fe6dd44235b7e0a53bb60 + +info: + name: > + Premium Addons for Elementor <= 4.10.24 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18b2d99a-f55c-4a05-8442-e1fddd59181f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-a48eaf0c735b82aaff5677d4812dc0a7.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-a48eaf0c735b82aaff5677d4812dc0a7.yaml new file mode 100644 index 0000000000..f4da1d4636 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-a48eaf0c735b82aaff5677d4812dc0a7.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-a48eaf0c735b82aaff5677d4812dc0a7 + +info: + name: > + Premium Addons for Elementor <= 4.10.28 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4111ba11-ad79-466a-9669-3c35730a331a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-b940c9ab9a01a68eea4a5776ab2199d7.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-b940c9ab9a01a68eea4a5776ab2199d7.yaml new file mode 100644 index 0000000000..a168589b58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-b940c9ab9a01a68eea4a5776ab2199d7.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-b940c9ab9a01a68eea4a5776ab2199d7 + +info: + name: > + Premium Addons for Elementor <= 4.10.25 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ce0e587-0312-4484-8f03-c82db67aba44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-c1aa3c18402d6565768dc2655ac439f3.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-c1aa3c18402d6565768dc2655ac439f3.yaml new file mode 100644 index 0000000000..fb989ac257 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-c1aa3c18402d6565768dc2655ac439f3.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-c1aa3c18402d6565768dc2655ac439f3 + +info: + name: > + Premium Addons for Elementor <= 4.10.16 - Authenticated(Contributor+) Stored Cross-Site Scripting via Wrapper Link Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f9eb9cb-ead9-4ddf-b40b-a0ce2f4910f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-ca0593eecf48a43d195a057ed533a1b4.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-ca0593eecf48a43d195a057ed533a1b4.yaml new file mode 100644 index 0000000000..8d894edb05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-ca0593eecf48a43d195a057ed533a1b4.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-ca0593eecf48a43d195a057ed533a1b4 + +info: + name: > + Premium Addons for Elementor <=4.2.7 Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e45ac7f-faab-4004-8c1b-b9b68f9dfe4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-d5a4a92d920eb71aaeb7667326f31fb1.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-d5a4a92d920eb71aaeb7667326f31fb1.yaml new file mode 100644 index 0000000000..ae90489f2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-d5a4a92d920eb71aaeb7667326f31fb1.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-d5a4a92d920eb71aaeb7667326f31fb1 + +info: + name: > + Premium Addons for Elementor <= 4.10.17 - Authenticated(Contributor+) Stored Cross-Site Scripting via Link Wrapper + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-ee8591e5f3f55c96d9835c88a6740c39.yaml b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-ee8591e5f3f55c96d9835c88a6740c39.yaml new file mode 100644 index 0000000000..2b6d72d317 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-for-elementor-ee8591e5f3f55c96d9835c88a6740c39.yaml @@ -0,0 +1,58 @@ +id: premium-addons-for-elementor-ee8591e5f3f55c96d9835c88a6740c39 + +info: + name: > + Premium Addons for Elementor <= 4.10.23 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc057069-15cd-477f-9106-e616e919c62f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/premium-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-pro-24ae12d6b29ac4b2b659477fd814db52.yaml b/nuclei-templates/cve-less/plugins/premium-addons-pro-24ae12d6b29ac4b2b659477fd814db52.yaml new file mode 100644 index 0000000000..a661af3e2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-pro-24ae12d6b29ac4b2b659477fd814db52.yaml @@ -0,0 +1,58 @@ +id: premium-addons-pro-24ae12d6b29ac4b2b659477fd814db52 + +info: + name: > + Premium Addons for Elementor PRO <= 2.9.12 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48fa5f3b-000b-406e-b7ee-51af5720cf72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-pro/" + google-query: inurl:"/wp-content/plugins/premium-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-pro-3bfe779738faac39c2783a057e7fba45.yaml b/nuclei-templates/cve-less/plugins/premium-addons-pro-3bfe779738faac39c2783a057e7fba45.yaml new file mode 100644 index 0000000000..7c5cfae488 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-pro-3bfe779738faac39c2783a057e7fba45.yaml @@ -0,0 +1,58 @@ +id: premium-addons-pro-3bfe779738faac39c2783a057e7fba45 + +info: + name: > + Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Mouse Cursor Module + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82e5fd9f-9a1f-4a4c-ac06-61bf65e3c8ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-pro/" + google-query: inurl:"/wp-content/plugins/premium-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-pro-3da39631322ead94331d2d8a800a3d3d.yaml b/nuclei-templates/cve-less/plugins/premium-addons-pro-3da39631322ead94331d2d8a800a3d3d.yaml new file mode 100644 index 0000000000..d70e792aab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-pro-3da39631322ead94331d2d8a800a3d3d.yaml @@ -0,0 +1,58 @@ +id: premium-addons-pro-3da39631322ead94331d2d8a800a3d3d + +info: + name: > + Premium Addons PRO <= 2.8.24 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9445a54c-06b9-400a-a8ae-a58f1b968196?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-pro/" + google-query: inurl:"/wp-content/plugins/premium-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-pro-476134bec82a295d4478418acb3a1fc0.yaml b/nuclei-templates/cve-less/plugins/premium-addons-pro-476134bec82a295d4478418acb3a1fc0.yaml new file mode 100644 index 0000000000..feaca5cedd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-pro-476134bec82a295d4478418acb3a1fc0.yaml @@ -0,0 +1,58 @@ +id: premium-addons-pro-476134bec82a295d4478418acb3a1fc0 + +info: + name: > + Premium Addons PRO <= 2.9.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df6e5aee-e79d-4c3f-a0c4-47436ae7c1da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-pro/" + google-query: inurl:"/wp-content/plugins/premium-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-pro-7dae15c1486a66b7dbaca3afb1f366c1.yaml b/nuclei-templates/cve-less/plugins/premium-addons-pro-7dae15c1486a66b7dbaca3afb1f366c1.yaml new file mode 100644 index 0000000000..a689880d42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-pro-7dae15c1486a66b7dbaca3afb1f366c1.yaml @@ -0,0 +1,58 @@ +id: premium-addons-pro-7dae15c1486a66b7dbaca3afb1f366c1 + +info: + name: > + Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multi Scroll Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eee517de-a47e-47c9-8322-92ce772191b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-pro/" + google-query: inurl:"/wp-content/plugins/premium-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-pro-8ea80e6fdb96812cc7fb786f57b22769.yaml b/nuclei-templates/cve-less/plugins/premium-addons-pro-8ea80e6fdb96812cc7fb786f57b22769.yaml new file mode 100644 index 0000000000..e1de28425b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-pro-8ea80e6fdb96812cc7fb786f57b22769.yaml @@ -0,0 +1,58 @@ +id: premium-addons-pro-8ea80e6fdb96812cc7fb786f57b22769 + +info: + name: > + Premium Addons PRO <= 2.9.0 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1fa1999-685c-4b68-927d-617abf9143d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-pro/" + google-query: inurl:"/wp-content/plugins/premium-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-pro-a6cbba6a06f8c16a716b48b44610ad62.yaml b/nuclei-templates/cve-less/plugins/premium-addons-pro-a6cbba6a06f8c16a716b48b44610ad62.yaml new file mode 100644 index 0000000000..65ad362300 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-pro-a6cbba6a06f8c16a716b48b44610ad62.yaml @@ -0,0 +1,58 @@ +id: premium-addons-pro-a6cbba6a06f8c16a716b48b44610ad62 + +info: + name: > + Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Messenger Chat Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ffa6a6b-bbb4-4361-8585-ce2cdb7d1d7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-pro/" + google-query: inurl:"/wp-content/plugins/premium-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-pro-b898553c18a3c26f0a1b011522df0006.yaml b/nuclei-templates/cve-less/plugins/premium-addons-pro-b898553c18a3c26f0a1b011522df0006.yaml new file mode 100644 index 0000000000..b30b6916ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-pro-b898553c18a3c26f0a1b011522df0006.yaml @@ -0,0 +1,58 @@ +id: premium-addons-pro-b898553c18a3c26f0a1b011522df0006 + +info: + name: > + Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/254f3a1c-0d5d-499b-9da7-129f21ba70af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-pro/" + google-query: inurl:"/wp-content/plugins/premium-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premium-addons-pro-fe65855ff8de2259da21136e19e15ee9.yaml b/nuclei-templates/cve-less/plugins/premium-addons-pro-fe65855ff8de2259da21136e19e15ee9.yaml new file mode 100644 index 0000000000..9d3fe3d673 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premium-addons-pro-fe65855ff8de2259da21136e19e15ee9.yaml @@ -0,0 +1,58 @@ +id: premium-addons-pro-fe65855ff8de2259da21136e19e15ee9 + +info: + name: > + Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Global Badge Module + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35151561-6a80-4c2c-b87a-2dfe02aa6158?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premium-addons-pro/" + google-query: inurl:"/wp-content/plugins/premium-addons-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premium-addons-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premium-addons-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premium-addons-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premmerce-8029afdc04745424b05ede0e496f1c03.yaml b/nuclei-templates/cve-less/plugins/premmerce-8029afdc04745424b05ede0e496f1c03.yaml new file mode 100644 index 0000000000..cc68996815 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premmerce-8029afdc04745424b05ede0e496f1c03.yaml @@ -0,0 +1,58 @@ +id: premmerce-8029afdc04745424b05ede0e496f1c03 + +info: + name: > + Premmerce <= 1.3.18 - Cross-Site Request Forgery via runAction + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54154f34-96be-4b67-bca8-8efc4ab8543e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premmerce/" + google-query: inurl:"/wp-content/plugins/premmerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premmerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-2caec5a3e7a9b163d5d5f19244c4d557.yaml b/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-2caec5a3e7a9b163d5d5f19244c4d557.yaml new file mode 100644 index 0000000000..cf5646c4f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-2caec5a3e7a9b163d5d5f19244c4d557.yaml @@ -0,0 +1,58 @@ +id: premmerce-redirect-manager-2caec5a3e7a9b163d5d5f19244c4d557 + +info: + name: > + Premmerce Redirect Manager <= 1.0.10 - Cross-Site Request Forgery via deleteRedirect() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d84fa60-f780-41e2-96dc-57057c646e01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premmerce-redirect-manager/" + google-query: inurl:"/wp-content/plugins/premmerce-redirect-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premmerce-redirect-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-redirect-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-redirect-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-d025df7fa9c98e92f3b558a7323cb34f.yaml b/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-d025df7fa9c98e92f3b558a7323cb34f.yaml new file mode 100644 index 0000000000..75019f00d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premmerce-redirect-manager-d025df7fa9c98e92f3b558a7323cb34f.yaml @@ -0,0 +1,58 @@ +id: premmerce-redirect-manager-d025df7fa9c98e92f3b558a7323cb34f + +info: + name: > + Premmerce Redirect Manager <= 1.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2e8f9b7-1fce-46be-8198-eeff58a563c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premmerce-redirect-manager/" + google-query: inurl:"/wp-content/plugins/premmerce-redirect-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premmerce-redirect-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-redirect-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-redirect-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premmerce-user-roles-3d4210819f9a01bf5f52c577615b1ddd.yaml b/nuclei-templates/cve-less/plugins/premmerce-user-roles-3d4210819f9a01bf5f52c577615b1ddd.yaml new file mode 100644 index 0000000000..171b318897 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premmerce-user-roles-3d4210819f9a01bf5f52c577615b1ddd.yaml @@ -0,0 +1,58 @@ +id: premmerce-user-roles-3d4210819f9a01bf5f52c577615b1ddd + +info: + name: > + Premmerce User Roles <= 1.0.12 - Missing Authorization via role management functions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f53cd4a3-a6db-42c2-b4d8-218071c4bcd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premmerce-user-roles/" + google-query: inurl:"/wp-content/plugins/premmerce-user-roles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premmerce-user-roles,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-user-roles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-user-roles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/premmerce-woocommerce-product-filter-9460e33e1600fa49d2559c8b2959f093.yaml b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-product-filter-9460e33e1600fa49d2559c8b2959f093.yaml new file mode 100644 index 0000000000..9e15625033 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/premmerce-woocommerce-product-filter-9460e33e1600fa49d2559c8b2959f093.yaml @@ -0,0 +1,58 @@ +id: premmerce-woocommerce-product-filter-9460e33e1600fa49d2559c8b2959f093 + +info: + name: > + Premmerce Product Filter for WooCommerce <= 3.7.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9be7798-31ac-4692-a6ac-ae7f129bcd6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/premmerce-woocommerce-product-filter/" + google-query: inurl:"/wp-content/plugins/premmerce-woocommerce-product-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,premmerce-woocommerce-product-filter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/premmerce-woocommerce-product-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "premmerce-woocommerce-product-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/prenotazioni-0b0d398d1a79ae77845de8705631a4db.yaml b/nuclei-templates/cve-less/plugins/prenotazioni-0b0d398d1a79ae77845de8705631a4db.yaml new file mode 100644 index 0000000000..2d68d76a4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/prenotazioni-0b0d398d1a79ae77845de8705631a4db.yaml @@ -0,0 +1,58 @@ +id: prenotazioni-0b0d398d1a79ae77845de8705631a4db + +info: + name: > + Prenotazioni <= 1.7.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e576c6e-6a9b-439d-bde3-8657435596f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/prenotazioni/" + google-query: inurl:"/wp-content/plugins/prenotazioni/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,prenotazioni,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/prenotazioni/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "prenotazioni" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/prepost-seo-a5227115c16c80c1d90e0210cfd39bd1.yaml b/nuclei-templates/cve-less/plugins/prepost-seo-a5227115c16c80c1d90e0210cfd39bd1.yaml new file mode 100644 index 0000000000..07b5d82014 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/prepost-seo-a5227115c16c80c1d90e0210cfd39bd1.yaml @@ -0,0 +1,58 @@ +id: prepost-seo-a5227115c16c80c1d90e0210cfd39bd1 + +info: + name: > + PrePost SEO <= 3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93385acc-aede-4948-b64e-d1ab23167d17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/prepost-seo/" + google-query: inurl:"/wp-content/plugins/prepost-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,prepost-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/prepost-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "prepost-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pressference-exporter-86e875acdb3922f4740414dff44b0215.yaml b/nuclei-templates/cve-less/plugins/pressference-exporter-86e875acdb3922f4740414dff44b0215.yaml new file mode 100644 index 0000000000..db5705be8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pressference-exporter-86e875acdb3922f4740414dff44b0215.yaml @@ -0,0 +1,58 @@ +id: pressference-exporter-86e875acdb3922f4740414dff44b0215 + +info: + name: > + Pressference Exporter <= 1.0.3 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c12ba39f-03bc-4a45-b2f4-368f48c0a57b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pressference-exporter/" + google-query: inurl:"/wp-content/plugins/pressference-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pressference-exporter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pressference-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pressference-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pressforward-618eabaed47a418425ba258f61366c0d.yaml b/nuclei-templates/cve-less/plugins/pressforward-618eabaed47a418425ba258f61366c0d.yaml new file mode 100644 index 0000000000..0776e186a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pressforward-618eabaed47a418425ba258f61366c0d.yaml @@ -0,0 +1,58 @@ +id: pressforward-618eabaed47a418425ba258f61366c0d + +info: + name: > + PressForward <= 5.2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/afff64c5-ed38-4aef-9ed6-4a44589b025c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pressforward/" + google-query: inurl:"/wp-content/plugins/pressforward/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pressforward,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pressforward/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pressforward" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/presto-player-ffd9211fd118d563cf07134a00f95502.yaml b/nuclei-templates/cve-less/plugins/presto-player-ffd9211fd118d563cf07134a00f95502.yaml new file mode 100644 index 0000000000..00231264ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/presto-player-ffd9211fd118d563cf07134a00f95502.yaml @@ -0,0 +1,58 @@ +id: presto-player-ffd9211fd118d563cf07134a00f95502 + +info: + name: > + The Ultimate Video Player For WordPress <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4250395-3709-47cd-86d4-e6a1fec10298?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/presto-player/" + google-query: inurl:"/wp-content/plugins/presto-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,presto-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/presto-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "presto-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pretty-google-calendar-f9b0e5543d8b6fde32af392e9a980e57.yaml b/nuclei-templates/cve-less/plugins/pretty-google-calendar-f9b0e5543d8b6fde32af392e9a980e57.yaml new file mode 100644 index 0000000000..1f6daa24a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pretty-google-calendar-f9b0e5543d8b6fde32af392e9a980e57.yaml @@ -0,0 +1,58 @@ +id: pretty-google-calendar-f9b0e5543d8b6fde32af392e9a980e57 + +info: + name: > + Pretty Google Calendar <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a47c5496-2647-47f0-a772-b4e406a51c09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretty-google-calendar/" + google-query: inurl:"/wp-content/plugins/pretty-google-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretty-google-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-google-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-google-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pretty-link-2b34a16f481c76cd3b855292edd0837c.yaml b/nuclei-templates/cve-less/plugins/pretty-link-2b34a16f481c76cd3b855292edd0837c.yaml new file mode 100644 index 0000000000..152090c0ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pretty-link-2b34a16f481c76cd3b855292edd0837c.yaml @@ -0,0 +1,58 @@ +id: pretty-link-2b34a16f481c76cd3b855292edd0837c + +info: + name: > + Pretty Links Lite < 1.6.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0d6ef49-288b-47d9-bbf2-dc31a6e3621e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretty-link/" + google-query: inurl:"/wp-content/plugins/pretty-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretty-link,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pretty-link-3e48b050eb99b97d596e581160f8b0fb.yaml b/nuclei-templates/cve-less/plugins/pretty-link-3e48b050eb99b97d596e581160f8b0fb.yaml new file mode 100644 index 0000000000..a5f1df1c3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pretty-link-3e48b050eb99b97d596e581160f8b0fb.yaml @@ -0,0 +1,58 @@ +id: pretty-link-3e48b050eb99b97d596e581160f8b0fb + +info: + name: > + Pretty Links – Link Management, Branding, Tracking & Sharing Plugin < 1.5.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae67f620-81d8-4f5f-93cb-153cd5c2bd90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretty-link/" + google-query: inurl:"/wp-content/plugins/pretty-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretty-link,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pretty-link-41859e395573554f98122582c8a8f0c6.yaml b/nuclei-templates/cve-less/plugins/pretty-link-41859e395573554f98122582c8a8f0c6.yaml new file mode 100644 index 0000000000..8e115acb3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pretty-link-41859e395573554f98122582c8a8f0c6.yaml @@ -0,0 +1,58 @@ +id: pretty-link-41859e395573554f98122582c8a8f0c6 + +info: + name: > + Pretty Links – Link Management, Branding, Tracking & Sharing Plugin <= 1.6.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d906992f-8675-4170-8643-48799ae7ac7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretty-link/" + google-query: inurl:"/wp-content/plugins/pretty-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretty-link,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pretty-link-64447b975f887c7d7c5f32cb22cf8b08.yaml b/nuclei-templates/cve-less/plugins/pretty-link-64447b975f887c7d7c5f32cb22cf8b08.yaml new file mode 100644 index 0000000000..b1babbc0b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pretty-link-64447b975f887c7d7c5f32cb22cf8b08.yaml @@ -0,0 +1,58 @@ +id: pretty-link-64447b975f887c7d7c5f32cb22cf8b08 + +info: + name: > + Pretty Links <= 2.1.9 - Unauthenticated Stored Cross-Site Scripting via track_link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae058c5b-b90b-4a1e-9f56-d56dbd2d3607?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretty-link/" + google-query: inurl:"/wp-content/plugins/pretty-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretty-link,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pretty-link-788a92d89f29c9708029570d31435edd.yaml b/nuclei-templates/cve-less/plugins/pretty-link-788a92d89f29c9708029570d31435edd.yaml new file mode 100644 index 0000000000..d3262f5303 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pretty-link-788a92d89f29c9708029570d31435edd.yaml @@ -0,0 +1,58 @@ +id: pretty-link-788a92d89f29c9708029570d31435edd + +info: + name: > + Shortlinks by Pretty Links <= 3.4.0 - Cross-Site Request Forgery via route + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5304da48-5d42-47ce-b1b1-dc04b8fa9dff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretty-link/" + google-query: inurl:"/wp-content/plugins/pretty-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretty-link,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pretty-link-937a958745ed3ab696229e1956002aef.yaml b/nuclei-templates/cve-less/plugins/pretty-link-937a958745ed3ab696229e1956002aef.yaml new file mode 100644 index 0000000000..e97177f3a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pretty-link-937a958745ed3ab696229e1956002aef.yaml @@ -0,0 +1,58 @@ +id: pretty-link-937a958745ed3ab696229e1956002aef + +info: + name: > + Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin <= 3.6.3 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretty-link/" + google-query: inurl:"/wp-content/plugins/pretty-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretty-link,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pretty-link-b59b53ef6e4ef1805fb78be7f13120cc.yaml b/nuclei-templates/cve-less/plugins/pretty-link-b59b53ef6e4ef1805fb78be7f13120cc.yaml new file mode 100644 index 0000000000..5ca0a36dfe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pretty-link-b59b53ef6e4ef1805fb78be7f13120cc.yaml @@ -0,0 +1,58 @@ +id: pretty-link-b59b53ef6e4ef1805fb78be7f13120cc + +info: + name: > + Shortlinks by Pretty Links <= 3.6.2 - Reflected Cross-Site Scripting via post_status + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a53291f9-632c-4b0b-b5f9-d247134f2a5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretty-link/" + google-query: inurl:"/wp-content/plugins/pretty-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretty-link,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pretty-link-lite-052601a64f3c278014382ca43022a402.yaml b/nuclei-templates/cve-less/plugins/pretty-link-lite-052601a64f3c278014382ca43022a402.yaml new file mode 100644 index 0000000000..e6ebe28c64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pretty-link-lite-052601a64f3c278014382ca43022a402.yaml @@ -0,0 +1,58 @@ +id: pretty-link-lite-052601a64f3c278014382ca43022a402 + +info: + name: > + Pretty Link Lite < 1.5.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30edc2a1-f3fe-488d-a525-f0ae3482d8a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretty-link-lite/" + google-query: inurl:"/wp-content/plugins/pretty-link-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretty-link-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-link-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-link-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pretty-link-lite-a5b27966569a74533de04e9d976c99c9.yaml b/nuclei-templates/cve-less/plugins/pretty-link-lite-a5b27966569a74533de04e9d976c99c9.yaml new file mode 100644 index 0000000000..c34138bbf5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pretty-link-lite-a5b27966569a74533de04e9d976c99c9.yaml @@ -0,0 +1,58 @@ +id: pretty-link-lite-a5b27966569a74533de04e9d976c99c9 + +info: + name: > + Pretty Link Lite < 1.5.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed766000-557b-483b-9b86-c1cc6898abb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretty-link-lite/" + google-query: inurl:"/wp-content/plugins/pretty-link-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretty-link-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-link-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-link-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pretty-url-977a0355e694b9d265545981130653f2.yaml b/nuclei-templates/cve-less/plugins/pretty-url-977a0355e694b9d265545981130653f2.yaml new file mode 100644 index 0000000000..5e000fe983 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pretty-url-977a0355e694b9d265545981130653f2.yaml @@ -0,0 +1,58 @@ +id: pretty-url-977a0355e694b9d265545981130653f2 + +info: + name: > + Pretty Url <= 1.5.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f54fb59-03c1-45e9-a498-1fa1409c4466?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pretty-url/" + google-query: inurl:"/wp-content/plugins/pretty-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pretty-url,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pretty-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pretty-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/prevent-content-copy-image-save-9375f4344479a96cb2fe5deb81f3c215.yaml b/nuclei-templates/cve-less/plugins/prevent-content-copy-image-save-9375f4344479a96cb2fe5deb81f3c215.yaml new file mode 100644 index 0000000000..4d275e9bba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/prevent-content-copy-image-save-9375f4344479a96cb2fe5deb81f3c215.yaml @@ -0,0 +1,58 @@ +id: prevent-content-copy-image-save-9375f4344479a96cb2fe5deb81f3c215 + +info: + name: > + Content Copy Protection & Prevent Image Save <= 1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/115d549c-2dea-4d94-9c50-75b8149be1e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/prevent-content-copy-image-save/" + google-query: inurl:"/wp-content/plugins/prevent-content-copy-image-save/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,prevent-content-copy-image-save,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/prevent-content-copy-image-save/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "prevent-content-copy-image-save" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/prevent-file-access-0dc878d77e3a3194c72fdd6ba3814c5b.yaml b/nuclei-templates/cve-less/plugins/prevent-file-access-0dc878d77e3a3194c72fdd6ba3814c5b.yaml new file mode 100644 index 0000000000..3663577462 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/prevent-file-access-0dc878d77e3a3194c72fdd6ba3814c5b.yaml @@ -0,0 +1,58 @@ +id: prevent-file-access-0dc878d77e3a3194c72fdd6ba3814c5b + +info: + name: > + Prevent files / folders access <= 2.5.1 - Authenticated (Administrator+) Arbitrary File Upload in mo_media_restrict_page + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b266bd10-dbc6-4058-a5b2-1578c0814cb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/prevent-file-access/" + google-query: inurl:"/wp-content/plugins/prevent-file-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,prevent-file-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/prevent-file-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "prevent-file-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/prevent-landscape-rotation-b8f19e13b8f78474f2f4efef8d80ad2c.yaml b/nuclei-templates/cve-less/plugins/prevent-landscape-rotation-b8f19e13b8f78474f2f4efef8d80ad2c.yaml new file mode 100644 index 0000000000..80ea2ab8f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/prevent-landscape-rotation-b8f19e13b8f78474f2f4efef8d80ad2c.yaml @@ -0,0 +1,58 @@ +id: prevent-landscape-rotation-b8f19e13b8f78474f2f4efef8d80ad2c + +info: + name: > + Prevent Landscape Rotation <= 2.0 - Cross-Site Request Forgery via adminpage.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4235f279-0975-4814-b156-b45b011e3ce6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/prevent-landscape-rotation/" + google-query: inurl:"/wp-content/plugins/prevent-landscape-rotation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,prevent-landscape-rotation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/prevent-landscape-rotation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "prevent-landscape-rotation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/preview-link-generator-1c4812a533fa1689fc1c4f74901b1fce.yaml b/nuclei-templates/cve-less/plugins/preview-link-generator-1c4812a533fa1689fc1c4f74901b1fce.yaml new file mode 100644 index 0000000000..76c598d264 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/preview-link-generator-1c4812a533fa1689fc1c4f74901b1fce.yaml @@ -0,0 +1,58 @@ +id: preview-link-generator-1c4812a533fa1689fc1c4f74901b1fce + +info: + name: > + Preview Link Generator <= 1.0.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b6b4953-a264-4668-9cc3-1578109f6592?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/preview-link-generator/" + google-query: inurl:"/wp-content/plugins/preview-link-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,preview-link-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/preview-link-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "preview-link-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/price-commander-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/price-commander-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..afe9719e90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/price-commander-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: price-commander-xforwc-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/price-commander-xforwc/" + google-query: inurl:"/wp-content/plugins/price-commander-xforwc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,price-commander-xforwc,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/price-commander-xforwc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "price-commander-xforwc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pricetable-c09dba9091d0ee592d0a0d23f17cab8b.yaml b/nuclei-templates/cve-less/plugins/pricetable-c09dba9091d0ee592d0a0d23f17cab8b.yaml new file mode 100644 index 0000000000..c65e0d8b60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pricetable-c09dba9091d0ee592d0a0d23f17cab8b.yaml @@ -0,0 +1,58 @@ +id: pricetable-c09dba9091d0ee592d0a0d23f17cab8b + +info: + name: > + Price Table <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23f58949-6cc7-45a3-a6a0-58213bb03679?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pricetable/" + google-query: inurl:"/wp-content/plugins/pricetable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pricetable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pricetable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pricetable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pricing-deals-for-woocommerce-791f562db0a1b9f0bcd5351dce6eacc4.yaml b/nuclei-templates/cve-less/plugins/pricing-deals-for-woocommerce-791f562db0a1b9f0bcd5351dce6eacc4.yaml new file mode 100644 index 0000000000..4713bc6d04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pricing-deals-for-woocommerce-791f562db0a1b9f0bcd5351dce6eacc4.yaml @@ -0,0 +1,58 @@ +id: pricing-deals-for-woocommerce-791f562db0a1b9f0bcd5351dce6eacc4 + +info: + name: > + Pricing Deals for WooCommerce <= 2.0.2.02 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cb77a63-360b-4917-8a3c-263f5282742c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pricing-deals-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/pricing-deals-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pricing-deals-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pricing-deals-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pricing-deals-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2.02') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pricing-deals-for-woocommerce-8930cf2379d26f27d4dfc818449f89c9.yaml b/nuclei-templates/cve-less/plugins/pricing-deals-for-woocommerce-8930cf2379d26f27d4dfc818449f89c9.yaml new file mode 100644 index 0000000000..09e9e0dc9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pricing-deals-for-woocommerce-8930cf2379d26f27d4dfc818449f89c9.yaml @@ -0,0 +1,58 @@ +id: pricing-deals-for-woocommerce-8930cf2379d26f27d4dfc818449f89c9 + +info: + name: > + Pricing Deals for WooCommerce <= 2.0.3.2 - Missing Authorization via vtprd_ajax_clone_rule + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1101bfe6-2075-4f44-933b-6d9f372100a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pricing-deals-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/pricing-deals-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pricing-deals-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pricing-deals-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pricing-deals-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pricing-table-a5038f440967c1bd1e883ce46373e9e5.yaml b/nuclei-templates/cve-less/plugins/pricing-table-a5038f440967c1bd1e883ce46373e9e5.yaml new file mode 100644 index 0000000000..8c4771cbbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pricing-table-a5038f440967c1bd1e883ce46373e9e5.yaml @@ -0,0 +1,58 @@ +id: pricing-table-a5038f440967c1bd1e883ce46373e9e5 + +info: + name: > + Pricing Table <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe708e03-334f-4c72-ace9-b5d065ee8c9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pricing-table/" + google-query: inurl:"/wp-content/plugins/pricing-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pricing-table,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pricing-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pricing-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-07351eac4ac9135631e6b13a4dbb9f2b.yaml b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-07351eac4ac9135631e6b13a4dbb9f2b.yaml new file mode 100644 index 0000000000..8133d639d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-07351eac4ac9135631e6b13a4dbb9f2b.yaml @@ -0,0 +1,58 @@ +id: pricing-table-by-supsystic-07351eac4ac9135631e6b13a4dbb9f2b + +info: + name: > + Pricing Table by Supsystic <= 1.8.1 - Missing Authorization on AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bdebd9c-f6fb-4de7-bd6b-5f52ef34ffb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pricing-table-by-supsystic/" + google-query: inurl:"/wp-content/plugins/pricing-table-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pricing-table-by-supsystic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pricing-table-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pricing-table-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-5cd979c2d1bc0f7645ea6d8b845b95d5.yaml b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-5cd979c2d1bc0f7645ea6d8b845b95d5.yaml new file mode 100644 index 0000000000..74249bf35a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-5cd979c2d1bc0f7645ea6d8b845b95d5.yaml @@ -0,0 +1,58 @@ +id: pricing-table-by-supsystic-5cd979c2d1bc0f7645ea6d8b845b95d5 + +info: + name: > + Pricing Table by Supsystic <= 1.8.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b89b6ac-aa00-4ba6-a1e3-382e7b630fc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pricing-table-by-supsystic/" + google-query: inurl:"/wp-content/plugins/pricing-table-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pricing-table-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pricing-table-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pricing-table-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-796cd5b627356be27433f08472302dc1.yaml b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-796cd5b627356be27433f08472302dc1.yaml new file mode 100644 index 0000000000..f8d0af9aed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-796cd5b627356be27433f08472302dc1.yaml @@ -0,0 +1,58 @@ +id: pricing-table-by-supsystic-796cd5b627356be27433f08472302dc1 + +info: + name: > + Pricing Table by Supsystic <= 1.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d390a7e-f790-4953-b3cb-be31cfec6fb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pricing-table-by-supsystic/" + google-query: inurl:"/wp-content/plugins/pricing-table-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pricing-table-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pricing-table-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pricing-table-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-a0cf0c70320b9077a478823de4b5e05c.yaml b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-a0cf0c70320b9077a478823de4b5e05c.yaml new file mode 100644 index 0000000000..4fef295364 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-a0cf0c70320b9077a478823de4b5e05c.yaml @@ -0,0 +1,58 @@ +id: pricing-table-by-supsystic-a0cf0c70320b9077a478823de4b5e05c + +info: + name: > + Pricing Table by Supsystic <= 1.8.1 - Cross-Site Request Forgery to Cross-Site Scripting and Setting Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16e6dc49-5edf-4ce4-95c9-19ef04a77379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pricing-table-by-supsystic/" + google-query: inurl:"/wp-content/plugins/pricing-table-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pricing-table-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pricing-table-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pricing-table-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-fef3c5d045b635ac89f7d5a505428c20.yaml b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-fef3c5d045b635ac89f7d5a505428c20.yaml new file mode 100644 index 0000000000..29c1d15d09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pricing-table-by-supsystic-fef3c5d045b635ac89f7d5a505428c20.yaml @@ -0,0 +1,58 @@ +id: pricing-table-by-supsystic-fef3c5d045b635ac89f7d5a505428c20 + +info: + name: > + Pricing Table by Supsystic <= 1.9.12 - Authenticated (Admin+) Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33356b50-9c9c-4719-8321-b391fda69867?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pricing-table-by-supsystic/" + google-query: inurl:"/wp-content/plugins/pricing-table-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pricing-table-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pricing-table-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pricing-table-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pricing-tables-for-wpbakery-page-builder-ea2779881d033f74603b414138c61a0a.yaml b/nuclei-templates/cve-less/plugins/pricing-tables-for-wpbakery-page-builder-ea2779881d033f74603b414138c61a0a.yaml new file mode 100644 index 0000000000..d0b9314b24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pricing-tables-for-wpbakery-page-builder-ea2779881d033f74603b414138c61a0a.yaml @@ -0,0 +1,58 @@ +id: pricing-tables-for-wpbakery-page-builder-ea2779881d033f74603b414138c61a0a + +info: + name: > + Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 2.0 - Authenticated (Subscriber+) Local File Inclusion via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3475c8fe-17fa-4d8e-bffd-a33e59f6e03b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pricing-tables-for-wpbakery-page-builder/" + google-query: inurl:"/wp-content/plugins/pricing-tables-for-wpbakery-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pricing-tables-for-wpbakery-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pricing-tables-for-wpbakery-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pricing-tables-for-wpbakery-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pricing-tables-for-wpbakery-page-builder-fa96acbf0fe29f0b0c48fe458fac9bfe.yaml b/nuclei-templates/cve-less/plugins/pricing-tables-for-wpbakery-page-builder-fa96acbf0fe29f0b0c48fe458fac9bfe.yaml new file mode 100644 index 0000000000..59dc69dc3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pricing-tables-for-wpbakery-page-builder-fa96acbf0fe29f0b0c48fe458fac9bfe.yaml @@ -0,0 +1,58 @@ +id: pricing-tables-for-wpbakery-page-builder-fa96acbf0fe29f0b0c48fe458fac9bfe + +info: + name: > + Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c04a0f82-97f6-44ff-999d-08a8c106f889?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pricing-tables-for-wpbakery-page-builder/" + google-query: inurl:"/wp-content/plugins/pricing-tables-for-wpbakery-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pricing-tables-for-wpbakery-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pricing-tables-for-wpbakery-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pricing-tables-for-wpbakery-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/prime-mover-ec0983e54c9058b456b78ea30580b6c5.yaml b/nuclei-templates/cve-less/plugins/prime-mover-ec0983e54c9058b456b78ea30580b6c5.yaml new file mode 100644 index 0000000000..314aad2ad3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/prime-mover-ec0983e54c9058b456b78ea30580b6c5.yaml @@ -0,0 +1,58 @@ +id: prime-mover-ec0983e54c9058b456b78ea30580b6c5 + +info: + name: > + Prime Mover <= 1.9.2 - Sensitive Information Exposure via Directory Listing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/806d3919-7a10-43f3-9c68-ce38ba359a35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/prime-mover/" + google-query: inurl:"/wp-content/plugins/prime-mover/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,prime-mover,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/prime-mover/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "prime-mover" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-google-cloud-print-gcp-woocommerce-7ec3d0366936e6cdb87debac06f05872.yaml b/nuclei-templates/cve-less/plugins/print-google-cloud-print-gcp-woocommerce-7ec3d0366936e6cdb87debac06f05872.yaml new file mode 100644 index 0000000000..ccdd3870d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-google-cloud-print-gcp-woocommerce-7ec3d0366936e6cdb87debac06f05872.yaml @@ -0,0 +1,58 @@ +id: print-google-cloud-print-gcp-woocommerce-7ec3d0366936e6cdb87debac06f05872 + +info: + name: > + BizPrint <= 4.5.4 - Cross-Site Request Forgery to Cross-Site Scripting via process.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7e599b1-20fb-4260-bdc3-ef0653719b26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-google-cloud-print-gcp-woocommerce/" + google-query: inurl:"/wp-content/plugins/print-google-cloud-print-gcp-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-google-cloud-print-gcp-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-google-cloud-print-gcp-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-google-cloud-print-gcp-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-google-cloud-print-gcp-woocommerce-ef0878d0c845446e359ff8868f1f69d3.yaml b/nuclei-templates/cve-less/plugins/print-google-cloud-print-gcp-woocommerce-ef0878d0c845446e359ff8868f1f69d3.yaml new file mode 100644 index 0000000000..20f9e3df92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-google-cloud-print-gcp-woocommerce-ef0878d0c845446e359ff8868f1f69d3.yaml @@ -0,0 +1,58 @@ +id: print-google-cloud-print-gcp-woocommerce-ef0878d0c845446e359ff8868f1f69d3 + +info: + name: > + BizPrint <= 4.3.39 - Missing Authorization via showTemplatePreview() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b2132db-761f-48ff-a737-115e07c77425?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-google-cloud-print-gcp-woocommerce/" + google-query: inurl:"/wp-content/plugins/print-google-cloud-print-gcp-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-google-cloud-print-gcp-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-google-cloud-print-gcp-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-google-cloud-print-gcp-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-4e625904aaffe65e8919040e5c5d03d6.yaml b/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-4e625904aaffe65e8919040e5c5d03d6.yaml new file mode 100644 index 0000000000..b3d1923dfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-4e625904aaffe65e8919040e5c5d03d6.yaml @@ -0,0 +1,58 @@ +id: print-invoices-packing-slip-labels-for-woocommerce-4e625904aaffe65e8919040e5c5d03d6 + +info: + name: > + WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.3.0 - Missing Authorization to Order Export + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5abc282d-68c9-423c-a15c-d4d3f7035661?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-invoices-packing-slip-labels-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-b658c34d6189136c251e0b8d8e225774.yaml b/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-b658c34d6189136c251e0b8d8e225774.yaml new file mode 100644 index 0000000000..cbc318bd17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-b658c34d6189136c251e0b8d8e225774.yaml @@ -0,0 +1,58 @@ +id: print-invoices-packing-slip-labels-for-woocommerce-b658c34d6189136c251e0b8d8e225774 + +info: + name: > + WooCommerce PDF Invoices <= 4.2.1 - Authenticated(Shop Manager+) Arbitrary Options Update via JSON Import + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7927edf2-b092-4b56-83aa-038f99ea658e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-invoices-packing-slip-labels-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-b989c8fa7ed8639e2ece01754bff0c0b.yaml b/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-b989c8fa7ed8639e2ece01754bff0c0b.yaml new file mode 100644 index 0000000000..3cb0558377 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-b989c8fa7ed8639e2ece01754bff0c0b.yaml @@ -0,0 +1,58 @@ +id: print-invoices-packing-slip-labels-for-woocommerce-b989c8fa7ed8639e2ece01754bff0c0b + +info: + name: > + WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aeac9c4a-0754-4fb1-bf11-0cd8483451b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-invoices-packing-slip-labels-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-c1749d6ed9c579e061b6c82357a7d855.yaml b/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-c1749d6ed9c579e061b6c82357a7d855.yaml new file mode 100644 index 0000000000..4059f14730 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-c1749d6ed9c579e061b6c82357a7d855.yaml @@ -0,0 +1,58 @@ +id: print-invoices-packing-slip-labels-for-woocommerce-c1749d6ed9c579e061b6c82357a7d855 + +info: + name: > + WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7ba4218-5b60-4e72-b98d-7c95c9fc3d59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-invoices-packing-slip-labels-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-e0a80937c004063afd9f6bac15ab1a10.yaml b/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-e0a80937c004063afd9f6bac15ab1a10.yaml new file mode 100644 index 0000000000..51d8dd69f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-invoices-packing-slip-labels-for-woocommerce-e0a80937c004063afd9f6bac15ab1a10.yaml @@ -0,0 +1,58 @@ +id: print-invoices-packing-slip-labels-for-woocommerce-e0a80937c004063afd9f6bac15ab1a10 + +info: + name: > + WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdb8e77-1323-43a0-a012-04d983390de1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-invoices-packing-slip-labels-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-invoices-packing-slip-labels-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-invoices-packing-slip-labels-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-my-blog-15e90fc31ab3dfba5bcef7edbbc05f6d.yaml b/nuclei-templates/cve-less/plugins/print-my-blog-15e90fc31ab3dfba5bcef7edbbc05f6d.yaml new file mode 100644 index 0000000000..4588563b42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-my-blog-15e90fc31ab3dfba5bcef7edbbc05f6d.yaml @@ -0,0 +1,58 @@ +id: print-my-blog-15e90fc31ab3dfba5bcef7edbbc05f6d + +info: + name: > + Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.26.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b6e1c70-a112-4564-9e18-bdc2a8028482?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-my-blog/" + google-query: inurl:"/wp-content/plugins/print-my-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-my-blog,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-my-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-my-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.26.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-my-blog-26c14cb6ca4960fb59e24c4b3a62abf9.yaml b/nuclei-templates/cve-less/plugins/print-my-blog-26c14cb6ca4960fb59e24c4b3a62abf9.yaml new file mode 100644 index 0000000000..e9bee20281 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-my-blog-26c14cb6ca4960fb59e24c4b3a62abf9.yaml @@ -0,0 +1,58 @@ +id: print-my-blog-26c14cb6ca4960fb59e24c4b3a62abf9 + +info: + name: > + Print My Blog <= 1.6.6 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23fbb011-cf60-4c75-ac68-b5d0dfa3c356?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-my-blog/" + google-query: inurl:"/wp-content/plugins/print-my-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-my-blog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-my-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-my-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-my-blog-6bab7e18a95398e2980bac2c1ae0a9ae.yaml b/nuclei-templates/cve-less/plugins/print-my-blog-6bab7e18a95398e2980bac2c1ae0a9ae.yaml new file mode 100644 index 0000000000..48b2f04b66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-my-blog-6bab7e18a95398e2980bac2c1ae0a9ae.yaml @@ -0,0 +1,58 @@ +id: print-my-blog-6bab7e18a95398e2980bac2c1ae0a9ae + +info: + name: > + Print My Blog – Print, PDF, & eBook Converter WordPress Plugin <= 3.4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f44d7a90-330f-42fb-a4f3-427e60ed7af8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-my-blog/" + google-query: inurl:"/wp-content/plugins/print-my-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-my-blog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-my-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-my-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-o-matic-2a1202a3beb6f69088b7b47e3927398f.yaml b/nuclei-templates/cve-less/plugins/print-o-matic-2a1202a3beb6f69088b7b47e3927398f.yaml new file mode 100644 index 0000000000..474a7e0b1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-o-matic-2a1202a3beb6f69088b7b47e3927398f.yaml @@ -0,0 +1,58 @@ +id: print-o-matic-2a1202a3beb6f69088b7b47e3927398f + +info: + name: > + Print-O-Matic <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/706549d9-aa2f-4b1e-83b8-0eea38654565?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-o-matic/" + google-query: inurl:"/wp-content/plugins/print-o-matic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-o-matic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-o-matic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-o-matic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-o-matic-6cf87515d30763cb39f9dddd78a854d6.yaml b/nuclei-templates/cve-less/plugins/print-o-matic-6cf87515d30763cb39f9dddd78a854d6.yaml new file mode 100644 index 0000000000..70f9bdebe6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-o-matic-6cf87515d30763cb39f9dddd78a854d6.yaml @@ -0,0 +1,58 @@ +id: print-o-matic-6cf87515d30763cb39f9dddd78a854d6 + +info: + name: > + Print-O-Matic <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dedb1a15-933b-4e8a-b82d-a154414c61ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-o-matic/" + google-query: inurl:"/wp-content/plugins/print-o-matic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-o-matic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-o-matic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-o-matic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-o-matic-92919ce0eb17b0cea216462cfde732e2.yaml b/nuclei-templates/cve-less/plugins/print-o-matic-92919ce0eb17b0cea216462cfde732e2.yaml new file mode 100644 index 0000000000..33ac05b038 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-o-matic-92919ce0eb17b0cea216462cfde732e2.yaml @@ -0,0 +1,58 @@ +id: print-o-matic-92919ce0eb17b0cea216462cfde732e2 + +info: + name: > + Print-O-Matic <= 2.0.2 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/816ec7bd-dd0f-4c52-b73f-72cd25c410b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-o-matic/" + google-query: inurl:"/wp-content/plugins/print-o-matic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-o-matic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-o-matic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-o-matic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/print-page-2ff60d0958c013f69d2bb2b8a6cd708d.yaml b/nuclei-templates/cve-less/plugins/print-page-2ff60d0958c013f69d2bb2b8a6cd708d.yaml new file mode 100644 index 0000000000..5c7c784a90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/print-page-2ff60d0958c013f69d2bb2b8a6cd708d.yaml @@ -0,0 +1,58 @@ +id: print-page-2ff60d0958c013f69d2bb2b8a6cd708d + +info: + name: > + Print Page block <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/123d6216-3174-40c9-bdb9-405e5a5ca129?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/print-page/" + google-query: inurl:"/wp-content/plugins/print-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,print-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/print-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "print-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/printfriendly-1d90f05eb3de7b1b2997cada03edccfe.yaml b/nuclei-templates/cve-less/plugins/printfriendly-1d90f05eb3de7b1b2997cada03edccfe.yaml new file mode 100644 index 0000000000..1d59a71f98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/printfriendly-1d90f05eb3de7b1b2997cada03edccfe.yaml @@ -0,0 +1,58 @@ +id: printfriendly-1d90f05eb3de7b1b2997cada03edccfe + +info: + name: > + Print, PDF, Email by PrintFriendly <= 5.2.2 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81bcbf7d-d33f-4cf2-8411-613cf54095b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/printfriendly/" + google-query: inurl:"/wp-content/plugins/printfriendly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,printfriendly,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/printfriendly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "printfriendly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/printfriendly-8d6a1c8b6a0bd1e0976b28104afac768.yaml b/nuclei-templates/cve-less/plugins/printfriendly-8d6a1c8b6a0bd1e0976b28104afac768.yaml new file mode 100644 index 0000000000..e4d7c74752 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/printfriendly-8d6a1c8b6a0bd1e0976b28104afac768.yaml @@ -0,0 +1,58 @@ +id: printfriendly-8d6a1c8b6a0bd1e0976b28104afac768 + +info: + name: > + Print, PDF, Email by PrintFriendly <= 5.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0403a76-86ce-4772-bc0b-22b183f0f684?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/printfriendly/" + google-query: inurl:"/wp-content/plugins/printfriendly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,printfriendly,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/printfriendly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "printfriendly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/printful-shipping-for-woocommerce-85ac97fd4125d5816ad5ef5d1d8e7011.yaml b/nuclei-templates/cve-less/plugins/printful-shipping-for-woocommerce-85ac97fd4125d5816ad5ef5d1d8e7011.yaml new file mode 100644 index 0000000000..8ce1540e3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/printful-shipping-for-woocommerce-85ac97fd4125d5816ad5ef5d1d8e7011.yaml @@ -0,0 +1,58 @@ +id: printful-shipping-for-woocommerce-85ac97fd4125d5816ad5ef5d1d8e7011 + +info: + name: > + Printful Integration for WooCommerce <= 2.2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c96b3d65-431b-447a-8dc5-8865d83a92b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/printful-shipping-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/printful-shipping-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,printful-shipping-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/printful-shipping-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "printful-shipping-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/prismatic-8edd86c32f445ba8a5cfcf66f80c6f54.yaml b/nuclei-templates/cve-less/plugins/prismatic-8edd86c32f445ba8a5cfcf66f80c6f54.yaml new file mode 100644 index 0000000000..13779c080b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/prismatic-8edd86c32f445ba8a5cfcf66f80c6f54.yaml @@ -0,0 +1,58 @@ +id: prismatic-8edd86c32f445ba8a5cfcf66f80c6f54 + +info: + name: > + Prismatic <= 2.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d93c70d6-c439-4bcd-a855-b71896bf9d22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/prismatic/" + google-query: inurl:"/wp-content/plugins/prismatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,prismatic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/prismatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "prismatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/prismatic-b1ef7da73b0bc448b39a7087f236d203.yaml b/nuclei-templates/cve-less/plugins/prismatic-b1ef7da73b0bc448b39a7087f236d203.yaml new file mode 100644 index 0000000000..f971061698 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/prismatic-b1ef7da73b0bc448b39a7087f236d203.yaml @@ -0,0 +1,58 @@ +id: prismatic-b1ef7da73b0bc448b39a7087f236d203 + +info: + name: > + Prismatic <= 2.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42e74152-b79d-42f5-87a2-6e9545699483?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/prismatic/" + google-query: inurl:"/wp-content/plugins/prismatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,prismatic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/prismatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "prismatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/private-content-c6757c3a086fd1dc631d770c06dfa500.yaml b/nuclei-templates/cve-less/plugins/private-content-c6757c3a086fd1dc631d770c06dfa500.yaml new file mode 100644 index 0000000000..40d4393003 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/private-content-c6757c3a086fd1dc631d770c06dfa500.yaml @@ -0,0 +1,58 @@ +id: private-content-c6757c3a086fd1dc631d770c06dfa500 + +info: + name: > + PrivateContent <= 8.4.3 - Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de73304e-7a28-4304-b1ed-2f6dd7738236?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/private-content/" + google-query: inurl:"/wp-content/plugins/private-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,private-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/private-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "private-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/private-files-dfb92d2f2c245aee84f9cb4e282df3aa.yaml b/nuclei-templates/cve-less/plugins/private-files-dfb92d2f2c245aee84f9cb4e282df3aa.yaml new file mode 100644 index 0000000000..82ac3e339d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/private-files-dfb92d2f2c245aee84f9cb4e282df3aa.yaml @@ -0,0 +1,58 @@ +id: private-files-dfb92d2f2c245aee84f9cb4e282df3aa + +info: + name: > + Private Files <= 0.40 - Cross-Site Request Forgery to Disable Protection + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d764b1be-b4ae-4845-b506-846f782cf21e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/private-files/" + google-query: inurl:"/wp-content/plugins/private-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,private-files,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/private-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "private-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/private-google-calendars-9e0ed51792e9270a576ac0d1dc550b71.yaml b/nuclei-templates/cve-less/plugins/private-google-calendars-9e0ed51792e9270a576ac0d1dc550b71.yaml new file mode 100644 index 0000000000..080519571e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/private-google-calendars-9e0ed51792e9270a576ac0d1dc550b71.yaml @@ -0,0 +1,58 @@ +id: private-google-calendars-9e0ed51792e9270a576ac0d1dc550b71 + +info: + name: > + Private Google Calendars <= 20231125 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e276cc49-2da1-4e2f-bb64-28ffe6ec9acf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/private-google-calendars/" + google-query: inurl:"/wp-content/plugins/private-google-calendars/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,private-google-calendars,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/private-google-calendars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "private-google-calendars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20231125') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/private-messages-for-wordpress-28a0fb0e5795f11d3d7f2a955c95e65c.yaml b/nuclei-templates/cve-less/plugins/private-messages-for-wordpress-28a0fb0e5795f11d3d7f2a955c95e65c.yaml new file mode 100644 index 0000000000..e2fbbd6771 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/private-messages-for-wordpress-28a0fb0e5795f11d3d7f2a955c95e65c.yaml @@ -0,0 +1,58 @@ +id: private-messages-for-wordpress-28a0fb0e5795f11d3d7f2a955c95e65c + +info: + name: > + Private Messages For WordPress <= 2.1.10 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a75020c0-8286-449a-9c51-0b1488350f09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/private-messages-for-wordpress/" + google-query: inurl:"/wp-content/plugins/private-messages-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,private-messages-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/private-messages-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "private-messages-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/private-messages-for-wordpress-9a33307ee1f701bb2a441949f0f7229e.yaml b/nuclei-templates/cve-less/plugins/private-messages-for-wordpress-9a33307ee1f701bb2a441949f0f7229e.yaml new file mode 100644 index 0000000000..2c8035d815 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/private-messages-for-wordpress-9a33307ee1f701bb2a441949f0f7229e.yaml @@ -0,0 +1,58 @@ +id: private-messages-for-wordpress-9a33307ee1f701bb2a441949f0f7229e + +info: + name: > + Private Messages For WordPress <= 2.1.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cd7dfb3-bc73-4f6a-9827-0003452ebf59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/private-messages-for-wordpress/" + google-query: inurl:"/wp-content/plugins/private-messages-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,private-messages-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/private-messages-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "private-messages-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/private-only-ec43ca1bf1629851ca9458501102a544.yaml b/nuclei-templates/cve-less/plugins/private-only-ec43ca1bf1629851ca9458501102a544.yaml new file mode 100644 index 0000000000..45fcdaea5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/private-only-ec43ca1bf1629851ca9458501102a544.yaml @@ -0,0 +1,58 @@ +id: private-only-ec43ca1bf1629851ca9458501102a544 + +info: + name: > + Private Only <= 3.5.1 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85790564-811c-4087-ad36-345e443ae9f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/private-only/" + google-query: inurl:"/wp-content/plugins/private-only/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,private-only,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/private-only/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "private-only" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pro-mime-types-2434cb0fd5a6747f4ecee8f99db9624f.yaml b/nuclei-templates/cve-less/plugins/pro-mime-types-2434cb0fd5a6747f4ecee8f99db9624f.yaml new file mode 100644 index 0000000000..83b6c2cb14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pro-mime-types-2434cb0fd5a6747f4ecee8f99db9624f.yaml @@ -0,0 +1,58 @@ +id: pro-mime-types-2434cb0fd5a6747f4ecee8f99db9624f + +info: + name: > + Pro Mime Types <= 1.0.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7db3d45-2b96-4ba4-b258-08ee5e0b947b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pro-mime-types/" + google-query: inurl:"/wp-content/plugins/pro-mime-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pro-mime-types,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pro-mime-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pro-mime-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/process-steps-template-designer-305166b60791f108d5e7fe6f43ded2e7.yaml b/nuclei-templates/cve-less/plugins/process-steps-template-designer-305166b60791f108d5e7fe6f43ded2e7.yaml new file mode 100644 index 0000000000..e99f011f57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/process-steps-template-designer-305166b60791f108d5e7fe6f43ded2e7.yaml @@ -0,0 +1,58 @@ +id: process-steps-template-designer-305166b60791f108d5e7fe6f43ded2e7 + +info: + name: > + Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a98f6a68-5863-4147-86c4-8c19af469be3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/process-steps-template-designer/" + google-query: inurl:"/wp-content/plugins/process-steps-template-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,process-steps-template-designer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/process-steps-template-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "process-steps-template-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/process-steps-template-designer-dc3e0c6c532d55735bad2ab0a9b29d39.yaml b/nuclei-templates/cve-less/plugins/process-steps-template-designer-dc3e0c6c532d55735bad2ab0a9b29d39.yaml new file mode 100644 index 0000000000..97e5109922 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/process-steps-template-designer-dc3e0c6c532d55735bad2ab0a9b29d39.yaml @@ -0,0 +1,58 @@ +id: process-steps-template-designer-dc3e0c6c532d55735bad2ab0a9b29d39 + +info: + name: > + Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2acd40d5-8a9c-4ca8-9c89-5bf639b1c66c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/process-steps-template-designer/" + google-query: inurl:"/wp-content/plugins/process-steps-template-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,process-steps-template-designer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/process-steps-template-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "process-steps-template-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/producer-retailer-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/cve-less/plugins/producer-retailer-c1fc6421a52e6ac7d9b0f476667cd29a.yaml new file mode 100644 index 0000000000..0b359164ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/producer-retailer-c1fc6421a52e6ac7d9b0f476667cd29a.yaml @@ -0,0 +1,58 @@ +id: producer-retailer-c1fc6421a52e6ac7d9b0f476667cd29a + +info: + name: > + Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/producer-retailer/" + google-query: inurl:"/wp-content/plugins/producer-retailer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,producer-retailer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/producer-retailer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "producer-retailer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-blocks-0fda2513a52a35861fc96a4bfe4d416a.yaml b/nuclei-templates/cve-less/plugins/product-blocks-0fda2513a52a35861fc96a4bfe4d416a.yaml new file mode 100644 index 0000000000..f06645e7f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-blocks-0fda2513a52a35861fc96a4bfe4d416a.yaml @@ -0,0 +1,58 @@ +id: product-blocks-0fda2513a52a35861fc96a4bfe4d416a + +info: + name: > + ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks <= 3.1.4 - PHP Object Injection via wopb_wishlist and wopb_compare + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/470285d6-b309-409c-b2c3-8766a0cf9e98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-blocks/" + google-query: inurl:"/wp-content/plugins/product-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-blocks-1a920eb903d024c035ef8c5bd825169f.yaml b/nuclei-templates/cve-less/plugins/product-blocks-1a920eb903d024c035ef8c5bd825169f.yaml new file mode 100644 index 0000000000..98dabdc220 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-blocks-1a920eb903d024c035ef8c5bd825169f.yaml @@ -0,0 +1,58 @@ +id: product-blocks-1a920eb903d024c035ef8c5bd825169f + +info: + name: > + ProductX – Gutenberg WooCommerce Blocks <= 2.7.8 - Missing Authorization via option_data_save + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1aa6c8b-8231-49f1-a30a-fc1a03813221?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-blocks/" + google-query: inurl:"/wp-content/plugins/product-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-blocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-carousel-slider-for-woocommerce-c121370e7ba5758271f409501c03a844.yaml b/nuclei-templates/cve-less/plugins/product-carousel-slider-for-woocommerce-c121370e7ba5758271f409501c03a844.yaml new file mode 100644 index 0000000000..645e8d0338 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-carousel-slider-for-woocommerce-c121370e7ba5758271f409501c03a844.yaml @@ -0,0 +1,58 @@ +id: product-carousel-slider-for-woocommerce-c121370e7ba5758271f409501c03a844 + +info: + name: > + WooCommerce Product Carousel Slider <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6f6dab2-da03-43b6-b9c1-ebc6a7e1d1c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-carousel-slider-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-carousel-slider-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-carousel-slider-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-carousel-slider-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-carousel-slider-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-catalog-feed-0c4b1084930aeba75c764a4b807cb55a.yaml b/nuclei-templates/cve-less/plugins/product-catalog-feed-0c4b1084930aeba75c764a4b807cb55a.yaml new file mode 100644 index 0000000000..dac915bd91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-catalog-feed-0c4b1084930aeba75c764a4b807cb55a.yaml @@ -0,0 +1,58 @@ +id: product-catalog-feed-0c4b1084930aeba75c764a4b807cb55a + +info: + name: > + Product Catalog Feed by PixelYourSite <= 2.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09547dae-85dc-481d-9eb1-423d8faadc80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-catalog-feed/" + google-query: inurl:"/wp-content/plugins/product-catalog-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-catalog-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-catalog-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-catalog-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-catalog-feed-14b3d9da0216be6cd75720390cc32eeb.yaml b/nuclei-templates/cve-less/plugins/product-catalog-feed-14b3d9da0216be6cd75720390cc32eeb.yaml new file mode 100644 index 0000000000..3c63f7083d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-catalog-feed-14b3d9da0216be6cd75720390cc32eeb.yaml @@ -0,0 +1,58 @@ +id: product-catalog-feed-14b3d9da0216be6cd75720390cc32eeb + +info: + name: > + Product Catalog Feed by PixelYourSite <= 2.1.0 - Reflected Cross-Site Scripting via 'page' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18d33d68-9719-4e74-a594-bc4add38ceee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-catalog-feed/" + google-query: inurl:"/wp-content/plugins/product-catalog-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-catalog-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-catalog-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-catalog-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-catalog-feed-de6904b30338b532fe232a4eed04dacc.yaml b/nuclei-templates/cve-less/plugins/product-catalog-feed-de6904b30338b532fe232a4eed04dacc.yaml new file mode 100644 index 0000000000..eb97f99549 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-catalog-feed-de6904b30338b532fe232a4eed04dacc.yaml @@ -0,0 +1,58 @@ +id: product-catalog-feed-de6904b30338b532fe232a4eed04dacc + +info: + name: > + Product Catalog Feed by PixelYourSite <= 2.1.0 - Reflected Cross-Site Scripting via 'edit' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d82d1dd2-b5b5-490a-92e5-1a4d4ab0085d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-catalog-feed/" + google-query: inurl:"/wp-content/plugins/product-catalog-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-catalog-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-catalog-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-catalog-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-category-tree-15b4a0b7ca6834b3f08ed0acfa9781a1.yaml b/nuclei-templates/cve-less/plugins/product-category-tree-15b4a0b7ca6834b3f08ed0acfa9781a1.yaml new file mode 100644 index 0000000000..ec53bf6211 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-category-tree-15b4a0b7ca6834b3f08ed0acfa9781a1.yaml @@ -0,0 +1,58 @@ +id: product-category-tree-15b4a0b7ca6834b3f08ed0acfa9781a1 + +info: + name: > + Product Category Tree <= 2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e03ecc0-5ca1-4d64-a6d7-257325bcc5cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-category-tree/" + google-query: inurl:"/wp-content/plugins/product-category-tree/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-category-tree,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-category-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-category-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-category-tree-7e41870e8c673b23f19244598ea8ebcd.yaml b/nuclei-templates/cve-less/plugins/product-category-tree-7e41870e8c673b23f19244598ea8ebcd.yaml new file mode 100644 index 0000000000..5a24c976a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-category-tree-7e41870e8c673b23f19244598ea8ebcd.yaml @@ -0,0 +1,58 @@ +id: product-category-tree-7e41870e8c673b23f19244598ea8ebcd + +info: + name: > + Product Category Tree <= 2.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88840d66-1644-4af0-b811-41f0e9fe2c0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-category-tree/" + google-query: inurl:"/wp-content/plugins/product-category-tree/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-category-tree,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-category-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-category-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-category-tree-93d68a604c1f31fabc010b04974afd20.yaml b/nuclei-templates/cve-less/plugins/product-category-tree-93d68a604c1f31fabc010b04974afd20.yaml new file mode 100644 index 0000000000..a4581da9bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-category-tree-93d68a604c1f31fabc010b04974afd20.yaml @@ -0,0 +1,58 @@ +id: product-category-tree-93d68a604c1f31fabc010b04974afd20 + +info: + name: > + Product Category Tree <= 2.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/147e47f8-c40b-4ae7-8627-b32b36e4d14f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-category-tree/" + google-query: inurl:"/wp-content/plugins/product-category-tree/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-category-tree,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-category-tree/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-category-tree" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-code-for-woocommerce-e4183cf6c320dd4a4188939a38d36eca.yaml b/nuclei-templates/cve-less/plugins/product-code-for-woocommerce-e4183cf6c320dd4a4188939a38d36eca.yaml new file mode 100644 index 0000000000..62072720bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-code-for-woocommerce-e4183cf6c320dd4a4188939a38d36eca.yaml @@ -0,0 +1,58 @@ +id: product-code-for-woocommerce-e4183cf6c320dd4a4188939a38d36eca + +info: + name: > + Product Code for WooCommerce <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0be84866-2a49-42da-b498-962fc1bcb811?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-code-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-code-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-code-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-code-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-code-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-delivery-date-for-woocommerce-lite-84ccfe3dbfa257fc01b0e4c65174ef35.yaml b/nuclei-templates/cve-less/plugins/product-delivery-date-for-woocommerce-lite-84ccfe3dbfa257fc01b0e4c65174ef35.yaml new file mode 100644 index 0000000000..5cd03714ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-delivery-date-for-woocommerce-lite-84ccfe3dbfa257fc01b0e4c65174ef35.yaml @@ -0,0 +1,58 @@ +id: product-delivery-date-for-woocommerce-lite-84ccfe3dbfa257fc01b0e4c65174ef35 + +info: + name: > + Product Delivery Date for WooCommerce – Lite <= 2.7.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a32ae77-3d4e-4fd4-a43a-7d1a52dcfa77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-delivery-date-for-woocommerce-lite/" + google-query: inurl:"/wp-content/plugins/product-delivery-date-for-woocommerce-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-delivery-date-for-woocommerce-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-delivery-date-for-woocommerce-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-delivery-date-for-woocommerce-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-designer-929aa721697458bc99a1b54c167ebc87.yaml b/nuclei-templates/cve-less/plugins/product-designer-929aa721697458bc99a1b54c167ebc87.yaml new file mode 100644 index 0000000000..3b5b569a5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-designer-929aa721697458bc99a1b54c167ebc87.yaml @@ -0,0 +1,58 @@ +id: product-designer-929aa721697458bc99a1b54c167ebc87 + +info: + name: > + Product Designer <= 1.0.32 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c28e2aba-73eb-43f9-bae9-a78a67e6207c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-designer/" + google-query: inurl:"/wp-content/plugins/product-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-designer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-expiry-for-woocommerce-c7b36bc8204aa5070cf82a1f950c7e42.yaml b/nuclei-templates/cve-less/plugins/product-expiry-for-woocommerce-c7b36bc8204aa5070cf82a1f950c7e42.yaml new file mode 100644 index 0000000000..0358f226ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-expiry-for-woocommerce-c7b36bc8204aa5070cf82a1f950c7e42.yaml @@ -0,0 +1,58 @@ +id: product-expiry-for-woocommerce-c7b36bc8204aa5070cf82a1f950c7e42 + +info: + name: > + Product Expiry for WooCommerce <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4006612-770a-482f-a8c2-e62f607914a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-expiry-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-expiry-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-expiry-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-expiry-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-expiry-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-gtin-ean-upc-isbn-for-woocommerce-bfa3bdf21b692d54c0876a9ef34f70f6.yaml b/nuclei-templates/cve-less/plugins/product-gtin-ean-upc-isbn-for-woocommerce-bfa3bdf21b692d54c0876a9ef34f70f6.yaml new file mode 100644 index 0000000000..6f861681df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-gtin-ean-upc-isbn-for-woocommerce-bfa3bdf21b692d54c0876a9ef34f70f6.yaml @@ -0,0 +1,58 @@ +id: product-gtin-ean-upc-isbn-for-woocommerce-bfa3bdf21b692d54c0876a9ef34f70f6 + +info: + name: > + Product GTIN (EAN, UPC, ISBN) for WooCommerce <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba4ab6fc-340c-442b-9b8e-b5534fd9c3be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-gtin-ean-upc-isbn-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-gtin-ean-upc-isbn-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-gtin-ean-upc-isbn-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-gtin-ean-upc-isbn-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-gtin-ean-upc-isbn-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-import-export-for-woo-1ebbd9b3a9a4deb3ba553d086f3295e1.yaml b/nuclei-templates/cve-less/plugins/product-import-export-for-woo-1ebbd9b3a9a4deb3ba553d086f3295e1.yaml new file mode 100644 index 0000000000..a02393fdb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-import-export-for-woo-1ebbd9b3a9a4deb3ba553d086f3295e1.yaml @@ -0,0 +1,58 @@ +id: product-import-export-for-woo-1ebbd9b3a9a4deb3ba553d086f3295e1 + +info: + name: > + Product Import Export for WooCommerce <= 1.7.4 - Missing Authorization to CSV Import + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cab1d5a0-66e0-4017-8563-f8e582a6f964?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-import-export-for-woo/" + google-query: inurl:"/wp-content/plugins/product-import-export-for-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-import-export-for-woo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-import-export-for-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-import-export-for-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-import-export-for-woo-ab754796885789e2785d22756395f374.yaml b/nuclei-templates/cve-less/plugins/product-import-export-for-woo-ab754796885789e2785d22756395f374.yaml new file mode 100644 index 0000000000..6e4bcbcaab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-import-export-for-woo-ab754796885789e2785d22756395f374.yaml @@ -0,0 +1,58 @@ +id: product-import-export-for-woo-ab754796885789e2785d22756395f374 + +info: + name: > + Product Import Export for WooCommerce <= 2.4.1 - Authenticated(Shop Manager+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c495ac39-c99b-423d-a601-d0bfcc514ebe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-import-export-for-woo/" + google-query: inurl:"/wp-content/plugins/product-import-export-for-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-import-export-for-woo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-import-export-for-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-import-export-for-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-import-export-for-woo-d62fba94114c42d1399d83bf9ba0a989.yaml b/nuclei-templates/cve-less/plugins/product-import-export-for-woo-d62fba94114c42d1399d83bf9ba0a989.yaml new file mode 100644 index 0000000000..402eb4ec96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-import-export-for-woo-d62fba94114c42d1399d83bf9ba0a989.yaml @@ -0,0 +1,58 @@ +id: product-import-export-for-woo-d62fba94114c42d1399d83bf9ba0a989 + +info: + name: > + Product Import Export for WooCommerce <= 2.3.7 - Authenticated(Shop Manager+) Arbitrary File Upload via upload_import_file + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cee6a100-cda5-48a6-9f9c-ea17f80c4165?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-import-export-for-woo/" + google-query: inurl:"/wp-content/plugins/product-import-export-for-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-import-export-for-woo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-import-export-for-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-import-export-for-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-input-fields-for-woocommerce-2ce3f934989f3f09920f8b67a7a75fec.yaml b/nuclei-templates/cve-less/plugins/product-input-fields-for-woocommerce-2ce3f934989f3f09920f8b67a7a75fec.yaml new file mode 100644 index 0000000000..6b89ed3653 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-input-fields-for-woocommerce-2ce3f934989f3f09920f8b67a7a75fec.yaml @@ -0,0 +1,58 @@ +id: product-input-fields-for-woocommerce-2ce3f934989f3f09920f8b67a7a75fec + +info: + name: > + Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01e41573-9329-48e1-9191-e8e1532f7afc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-input-fields-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-input-fields-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-input-fields-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-input-fields-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-input-fields-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-input-fields-for-woocommerce-95b404a39a8029acce6d04daae5f2eac.yaml b/nuclei-templates/cve-less/plugins/product-input-fields-for-woocommerce-95b404a39a8029acce6d04daae5f2eac.yaml new file mode 100644 index 0000000000..8f19fab884 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-input-fields-for-woocommerce-95b404a39a8029acce6d04daae5f2eac.yaml @@ -0,0 +1,58 @@ +id: product-input-fields-for-woocommerce-95b404a39a8029acce6d04daae5f2eac + +info: + name: > + Product Input Fields for WooCommerce <= 1.7.0 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2123a3cc-08f1-4e30-ac61-275d45cd1227?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-input-fields-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-input-fields-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-input-fields-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-input-fields-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-input-fields-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-loops-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/product-loops-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..eae5aabf3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-loops-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: product-loops-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-loops/" + google-query: inurl:"/wp-content/plugins/product-loops/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-loops,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-loops/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-loops" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-of-the-day-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/product-of-the-day-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..f25d88c369 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-of-the-day-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: product-of-the-day-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-of-the-day-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-of-the-day-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-of-the-day-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-of-the-day-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-of-the-day-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-page-shipping-calculator-for-woocommerce-16f12614c7a820b2ff0d5295346d446f.yaml b/nuclei-templates/cve-less/plugins/product-page-shipping-calculator-for-woocommerce-16f12614c7a820b2ff0d5295346d446f.yaml new file mode 100644 index 0000000000..89bc62f481 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-page-shipping-calculator-for-woocommerce-16f12614c7a820b2ff0d5295346d446f.yaml @@ -0,0 +1,58 @@ +id: product-page-shipping-calculator-for-woocommerce-16f12614c7a820b2ff0d5295346d446f + +info: + name: > + Product page shipping calculator for WooCommerce <= 1.3.20 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed0a37cc-49db-4919-8d0d-cb7739332229?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-page-shipping-calculator-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-page-shipping-calculator-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-page-shipping-calculator-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-page-shipping-calculator-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-page-shipping-calculator-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-page-shipping-calculator-for-woocommerce-eb2fd42fe2d2e213e39c0b11404601e5.yaml b/nuclei-templates/cve-less/plugins/product-page-shipping-calculator-for-woocommerce-eb2fd42fe2d2e213e39c0b11404601e5.yaml new file mode 100644 index 0000000000..d27eefb134 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-page-shipping-calculator-for-woocommerce-eb2fd42fe2d2e213e39c0b11404601e5.yaml @@ -0,0 +1,58 @@ +id: product-page-shipping-calculator-for-woocommerce-eb2fd42fe2d2e213e39c0b11404601e5 + +info: + name: > + Product page shipping calculator for WooCommerce <= 1.3.25 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3663b35d-13ac-4d65-80bd-5800ed74f759?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-page-shipping-calculator-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-page-shipping-calculator-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-page-shipping-calculator-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-page-shipping-calculator-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-page-shipping-calculator-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-preview-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/product-preview-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..4edef82c32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-preview-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: product-preview-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-preview-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-preview-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-preview-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-preview-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-preview-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-recommendation-quiz-for-ecommerce-bc983a8f571310dd96f9e038e97c3ba7.yaml b/nuclei-templates/cve-less/plugins/product-recommendation-quiz-for-ecommerce-bc983a8f571310dd96f9e038e97c3ba7.yaml new file mode 100644 index 0000000000..9f1b953db5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-recommendation-quiz-for-ecommerce-bc983a8f571310dd96f9e038e97c3ba7.yaml @@ -0,0 +1,58 @@ +id: product-recommendation-quiz-for-ecommerce-bc983a8f571310dd96f9e038e97c3ba7 + +info: + name: > + Product Recommendation Quiz for eCommerce <= 2.1.0 - Missing Authorization in prq_set_token + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f10ae2b6-1580-418c-9cf7-e75ed71bb309?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-recommendation-quiz-for-ecommerce/" + google-query: inurl:"/wp-content/plugins/product-recommendation-quiz-for-ecommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-recommendation-quiz-for-ecommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-recommendation-quiz-for-ecommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-recommendation-quiz-for-ecommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-reviews-import-export-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml b/nuclei-templates/cve-less/plugins/product-reviews-import-export-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml new file mode 100644 index 0000000000..d67b46c9ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-reviews-import-export-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml @@ -0,0 +1,58 @@ +id: product-reviews-import-export-for-woocommerce-0088814ed74fd156e9ee132de51ef1d2 + +info: + name: > + WebToffee Plugins <= (Various Versions) - Arbitrary User Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27ac48a7-52ee-46cb-a6d0-efbd2b516445?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-reviews-import-export-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-reviews-import-export-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-reviews-import-export-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-reviews-import-export-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-reviews-import-export-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-reviews-import-export-for-woocommerce-2fb579c97de9a06544ccd98cdd1f1a82.yaml b/nuclei-templates/cve-less/plugins/product-reviews-import-export-for-woocommerce-2fb579c97de9a06544ccd98cdd1f1a82.yaml new file mode 100644 index 0000000000..9ca43d5fe6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-reviews-import-export-for-woocommerce-2fb579c97de9a06544ccd98cdd1f1a82.yaml @@ -0,0 +1,58 @@ +id: product-reviews-import-export-for-woocommerce-2fb579c97de9a06544ccd98cdd1f1a82 + +info: + name: > + Product Reviews Import Export for WooCommerce <= 1.4.8 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6650eb7-143f-4c8f-b18f-056fc82972fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-reviews-import-export-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-reviews-import-export-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-reviews-import-export-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-reviews-import-export-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-reviews-import-export-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-size-chart-for-woo-f18aed8f26180438e01da09d99987534.yaml b/nuclei-templates/cve-less/plugins/product-size-chart-for-woo-f18aed8f26180438e01da09d99987534.yaml new file mode 100644 index 0000000000..80a79474c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-size-chart-for-woo-f18aed8f26180438e01da09d99987534.yaml @@ -0,0 +1,58 @@ +id: product-size-chart-for-woo-f18aed8f26180438e01da09d99987534 + +info: + name: > + Product Size Chart For WooCommerce <= 1.1.5 - Cross-Site Request Forgery via get_save_option + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e15f804-f5a9-4e29-8aeb-4ba2b116dc46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-size-chart-for-woo/" + google-query: inurl:"/wp-content/plugins/product-size-chart-for-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-size-chart-for-woo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-size-chart-for-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-size-chart-for-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-slider-for-woocommerce-lite-95618d186dc4c7ea88896374745039e9.yaml b/nuclei-templates/cve-less/plugins/product-slider-for-woocommerce-lite-95618d186dc4c7ea88896374745039e9.yaml new file mode 100644 index 0000000000..d25b974c23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-slider-for-woocommerce-lite-95618d186dc4c7ea88896374745039e9.yaml @@ -0,0 +1,58 @@ +id: product-slider-for-woocommerce-lite-95618d186dc4c7ea88896374745039e9 + +info: + name: > + Product Slider For WooCommerce Lite <= 1.1.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Meta Keys + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8159ee7c-69ac-4422-ba8b-664f1fee8e07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-slider-for-woocommerce-lite/" + google-query: inurl:"/wp-content/plugins/product-slider-for-woocommerce-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-slider-for-woocommerce-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-slider-for-woocommerce-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-slider-for-woocommerce-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-specifications-5e59a8e30610325be11fabed812368f9.yaml b/nuclei-templates/cve-less/plugins/product-specifications-5e59a8e30610325be11fabed812368f9.yaml new file mode 100644 index 0000000000..c5e8f77eb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-specifications-5e59a8e30610325be11fabed812368f9.yaml @@ -0,0 +1,58 @@ +id: product-specifications-5e59a8e30610325be11fabed812368f9 + +info: + name: > + Product Specifications for Woocommerce <= 0.6.0 - Reflected Cross-Site Scripting via Arbitrary Query String Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/916d4f2f-769b-4902-9464-f55d8f64c9d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-specifications/" + google-query: inurl:"/wp-content/plugins/product-specifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-specifications,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-specifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-specifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-tabs-manager-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/product-tabs-manager-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..45acd82f39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-tabs-manager-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: product-tabs-manager-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-tabs-manager-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-tabs-manager-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-tabs-manager-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-tabs-manager-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-tabs-manager-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-variation-swatches-for-woocommerce-51f425b2b47157be5d941492e7da4019.yaml b/nuclei-templates/cve-less/plugins/product-variation-swatches-for-woocommerce-51f425b2b47157be5d941492e7da4019.yaml new file mode 100644 index 0000000000..ee9fe013d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-variation-swatches-for-woocommerce-51f425b2b47157be5d941492e7da4019.yaml @@ -0,0 +1,58 @@ +id: product-variation-swatches-for-woocommerce-51f425b2b47157be5d941492e7da4019 + +info: + name: > + Variation Swatches for WooCommerce <= 2.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9a77b4f-46a3-45d3-bf2b-448584125874?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-variation-swatches-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-variation-swatches-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-variation-swatches-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-variation-swatches-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-variation-swatches-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-visibility-by-country-for-woocommerce-aa1854785cf9c11ed11fbc4dacf9e3b9.yaml b/nuclei-templates/cve-less/plugins/product-visibility-by-country-for-woocommerce-aa1854785cf9c11ed11fbc4dacf9e3b9.yaml new file mode 100644 index 0000000000..c07de51bbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-visibility-by-country-for-woocommerce-aa1854785cf9c11ed11fbc4dacf9e3b9.yaml @@ -0,0 +1,58 @@ +id: product-visibility-by-country-for-woocommerce-aa1854785cf9c11ed11fbc4dacf9e3b9 + +info: + name: > + Product Visibility by Country for WooCommerce <= 1.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e56b11a1-dd40-461b-9624-b60367c0c727?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-visibility-by-country-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-visibility-by-country-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-visibility-by-country-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-visibility-by-country-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-visibility-by-country-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/product-watermark-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/product-watermark-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..6e10f15c63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/product-watermark-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: product-watermark-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/product-watermark-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/product-watermark-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,product-watermark-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/product-watermark-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "product-watermark-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/products-compare-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/products-compare-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..b4d72ad582 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/products-compare-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: products-compare-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/products-compare-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/products-compare-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,products-compare-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/products-compare-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "products-compare-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-00e848a455a7983930f44875cace1026.yaml b/nuclei-templates/cve-less/plugins/profile-builder-00e848a455a7983930f44875cace1026.yaml new file mode 100644 index 0000000000..3fa58e4ede --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-00e848a455a7983930f44875cace1026.yaml @@ -0,0 +1,58 @@ +id: profile-builder-00e848a455a7983930f44875cace1026 + +info: + name: > + Profile Builder <= 3.9.7 - Missing Authorization to Initial Page Creation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d25cca1-eb57-4ba2-8923-a3c56f41ce22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-251b86614cf3be75bb7b89fbf426f8a3.yaml b/nuclei-templates/cve-less/plugins/profile-builder-251b86614cf3be75bb7b89fbf426f8a3.yaml new file mode 100644 index 0000000000..28f9166317 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-251b86614cf3be75bb7b89fbf426f8a3.yaml @@ -0,0 +1,58 @@ +id: profile-builder-251b86614cf3be75bb7b89fbf426f8a3 + +info: + name: > + Profile Builder – User Profile & User Registration Forms < 1.1.66 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab513d4-4cb9-4761-92af-a2224cb6a306?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.66') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-3457b59f61c052b7277e18f32edfae6a.yaml b/nuclei-templates/cve-less/plugins/profile-builder-3457b59f61c052b7277e18f32edfae6a.yaml new file mode 100644 index 0000000000..722e2cf4ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-3457b59f61c052b7277e18f32edfae6a.yaml @@ -0,0 +1,58 @@ +id: profile-builder-3457b59f61c052b7277e18f32edfae6a + +info: + name: > + Profile Builder – User Profile & User Registration Forms <= 2.2.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e35679-278e-4e7d-b366-fe7d8cba7930?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-5015ecbd471db4975c3b73948587d93d.yaml b/nuclei-templates/cve-less/plugins/profile-builder-5015ecbd471db4975c3b73948587d93d.yaml new file mode 100644 index 0000000000..ecd8085f3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-5015ecbd471db4975c3b73948587d93d.yaml @@ -0,0 +1,58 @@ +id: profile-builder-5015ecbd471db4975c3b73948587d93d + +info: + name: > + Profile Builder <= 3.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35697cf5-4494-40f6-8772-dfa417ae6bcb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-69b4ec76e7e9ef35af4eba10c77eda3e.yaml b/nuclei-templates/cve-less/plugins/profile-builder-69b4ec76e7e9ef35af4eba10c77eda3e.yaml new file mode 100644 index 0000000000..34c877d45b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-69b4ec76e7e9ef35af4eba10c77eda3e.yaml @@ -0,0 +1,58 @@ +id: profile-builder-69b4ec76e7e9ef35af4eba10c77eda3e + +info: + name: > + User Profile Builder <= 3.10.8 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23caef95-36b6-40aa-8dd7-51a376790a40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-70888d956fd216305358993b9594be41.yaml b/nuclei-templates/cve-less/plugins/profile-builder-70888d956fd216305358993b9594be41.yaml new file mode 100644 index 0000000000..aff61c65bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-70888d956fd216305358993b9594be41.yaml @@ -0,0 +1,58 @@ +id: profile-builder-70888d956fd216305358993b9594be41 + +info: + name: > + Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Sensitive Information Disclosure via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbedad66-a5a6-4fb5-b03e-0ecf9fbef19a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-70dc7e4179ee1658845e3eaa45bb0f0f.yaml b/nuclei-templates/cve-less/plugins/profile-builder-70dc7e4179ee1658845e3eaa45bb0f0f.yaml new file mode 100644 index 0000000000..c1662b1fcc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-70dc7e4179ee1658845e3eaa45bb0f0f.yaml @@ -0,0 +1,58 @@ +id: profile-builder-70dc7e4179ee1658845e3eaa45bb0f0f + +info: + name: > + Profile Builder <= 2.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc358df9-7930-44da-8b33-d39db8a87b20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-8f79685201a214e5aabf85b86caf9624.yaml b/nuclei-templates/cve-less/plugins/profile-builder-8f79685201a214e5aabf85b86caf9624.yaml new file mode 100644 index 0000000000..75ff82e80c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-8f79685201a214e5aabf85b86caf9624.yaml @@ -0,0 +1,58 @@ +id: profile-builder-8f79685201a214e5aabf85b86caf9624 + +info: + name: > + Profile Builder <= 3.4.8 - Admin Access via Password Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63c74d96-84da-408f-ba2c-cde0ff108bf1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-a0c7f584a89a83d8f5abdb6a2467eb51.yaml b/nuclei-templates/cve-less/plugins/profile-builder-a0c7f584a89a83d8f5abdb6a2467eb51.yaml new file mode 100644 index 0000000000..c351f1cdb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-a0c7f584a89a83d8f5abdb6a2467eb51.yaml @@ -0,0 +1,58 @@ +id: profile-builder-a0c7f584a89a83d8f5abdb6a2467eb51 + +info: + name: > + Profile Builder <= 2.1.3 - Missing Access Controls + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bd80ab9-260a-46c5-949e-c1d5dcb32523?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-adf6fac31c64a896c3bd8abd21897c4e.yaml b/nuclei-templates/cve-less/plugins/profile-builder-adf6fac31c64a896c3bd8abd21897c4e.yaml new file mode 100644 index 0000000000..59581ce788 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-adf6fac31c64a896c3bd8abd21897c4e.yaml @@ -0,0 +1,58 @@ +id: profile-builder-adf6fac31c64a896c3bd8abd21897c4e + +info: + name: > + Profile Builder – User Profile & User Registration Forms <= 3.9.0 - Insecure Password Reset Mechanism + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e731292a-4f95-46eb-889e-b00d58f3444e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-c416c9eed88376e68372de18ba7ac866.yaml b/nuclei-templates/cve-less/plugins/profile-builder-c416c9eed88376e68372de18ba7ac866.yaml new file mode 100644 index 0000000000..db511630a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-c416c9eed88376e68372de18ba7ac866.yaml @@ -0,0 +1,58 @@ +id: profile-builder-c416c9eed88376e68372de18ba7ac866 + +info: + name: > + Profile Builder <= 3.11.2 - Restricted Email Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21618fba-3f57-43b2-b9ea-13484301755d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-cdefed7ec787c02fefebf6f17656a114.yaml b/nuclei-templates/cve-less/plugins/profile-builder-cdefed7ec787c02fefebf6f17656a114.yaml new file mode 100644 index 0000000000..7a7322fd20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-cdefed7ec787c02fefebf6f17656a114.yaml @@ -0,0 +1,58 @@ +id: profile-builder-cdefed7ec787c02fefebf6f17656a114 + +info: + name: > + Profile Builder <= 3.10.3 - Cross-Site Request Forgery via pms-cross-promotion.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0b2bdb3-713c-47c6-8907-ac0f86038dc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-d50bca474bfff7b87f9bd013b925f56e.yaml b/nuclei-templates/cve-less/plugins/profile-builder-d50bca474bfff7b87f9bd013b925f56e.yaml new file mode 100644 index 0000000000..455820348c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-d50bca474bfff7b87f9bd013b925f56e.yaml @@ -0,0 +1,58 @@ +id: profile-builder-d50bca474bfff7b87f9bd013b925f56e + +info: + name: > + Profile Builder <= 3.6.7 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15b9d69c-012d-4a28-b8b1-15e6dd22979e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-d9e9e029782a4a4e5f78971a37604066.yaml b/nuclei-templates/cve-less/plugins/profile-builder-d9e9e029782a4a4e5f78971a37604066.yaml new file mode 100644 index 0000000000..87c5cdaedb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-d9e9e029782a4a4e5f78971a37604066.yaml @@ -0,0 +1,58 @@ +id: profile-builder-d9e9e029782a4a4e5f78971a37604066 + +info: + name: > + Profile Builder <= 3.10.7 - Insecure Direct Object Reference to Sensitive Information Exposure via user_meta Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f515ccf8-7231-4728-b155-c47049087d42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-da13e940921b9b4b286d3e79be1e9d85.yaml b/nuclei-templates/cve-less/plugins/profile-builder-da13e940921b9b4b286d3e79be1e9d85.yaml new file mode 100644 index 0000000000..21e5d68790 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-da13e940921b9b4b286d3e79be1e9d85.yaml @@ -0,0 +1,58 @@ +id: profile-builder-da13e940921b9b4b286d3e79be1e9d85 + +info: + name: > + Profile Builder – User Profile & User Registration Forms <= 3.6.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b44130c-b526-4670-bde2-e47fe823ac62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-da987af29928bc75b0d20d1e2162e5dd.yaml b/nuclei-templates/cve-less/plugins/profile-builder-da987af29928bc75b0d20d1e2162e5dd.yaml new file mode 100644 index 0000000000..fd7ec515e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-da987af29928bc75b0d20d1e2162e5dd.yaml @@ -0,0 +1,58 @@ +id: profile-builder-da987af29928bc75b0d20d1e2162e5dd + +info: + name: > + Profile Builder – User Profile & User Registration Forms < 2.4.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0b71f57-a641-4320-bec1-670bbbfbc708?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-f044be0e1e4c22699ad8261226bc2dd0.yaml b/nuclei-templates/cve-less/plugins/profile-builder-f044be0e1e4c22699ad8261226bc2dd0.yaml new file mode 100644 index 0000000000..f225ba1e97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-f044be0e1e4c22699ad8261226bc2dd0.yaml @@ -0,0 +1,58 @@ +id: profile-builder-f044be0e1e4c22699ad8261226bc2dd0 + +info: + name: > + Profile Builder - User Profile & User Registration Forms <= 3.6.1 - Cross-Site Scripting via site_url Parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8661bd7-65b7-4277-81a0-fd410ae0ee1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder/" + google-query: inurl:"/wp-content/plugins/profile-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-pro-47d88a978c6902943e13680f899b8407.yaml b/nuclei-templates/cve-less/plugins/profile-builder-pro-47d88a978c6902943e13680f899b8407.yaml new file mode 100644 index 0000000000..1d69f955db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-pro-47d88a978c6902943e13680f899b8407.yaml @@ -0,0 +1,58 @@ +id: profile-builder-pro-47d88a978c6902943e13680f899b8407 + +info: + name: > + Profile Builder Pro <= 3.10.0 - Authenticated (Subscriber+) Time-Based One-Time Password Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a388b406-1640-443d-9656-6a87588ce201?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder-pro/" + google-query: inurl:"/wp-content/plugins/profile-builder-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-pro-a686ec08a13b7563defc9b5263758c7f.yaml b/nuclei-templates/cve-less/plugins/profile-builder-pro-a686ec08a13b7563defc9b5263758c7f.yaml new file mode 100644 index 0000000000..0f496cd727 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-pro-a686ec08a13b7563defc9b5263758c7f.yaml @@ -0,0 +1,58 @@ +id: profile-builder-pro-a686ec08a13b7563defc9b5263758c7f + +info: + name: > + Profile Builder Pro <= 3.10.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/578d8ca7-7042-493d-92b4-63241b4bdfca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder-pro/" + google-query: inurl:"/wp-content/plugins/profile-builder-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-builder-pro-b32ca2d76fc3293d68526cfa723e6bfe.yaml b/nuclei-templates/cve-less/plugins/profile-builder-pro-b32ca2d76fc3293d68526cfa723e6bfe.yaml new file mode 100644 index 0000000000..3e5cb0d5da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-builder-pro-b32ca2d76fc3293d68526cfa723e6bfe.yaml @@ -0,0 +1,58 @@ +id: profile-builder-pro-b32ca2d76fc3293d68526cfa723e6bfe + +info: + name: > + Profile Builder Pro <= 3.10.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4c8932b-ede8-4f17-9612-5493c1130170?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-builder-pro/" + google-query: inurl:"/wp-content/plugins/profile-builder-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-builder-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-builder-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-builder-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profile-extra-fields-be030cdf4529b191ea63fd886a20439f.yaml b/nuclei-templates/cve-less/plugins/profile-extra-fields-be030cdf4529b191ea63fd886a20439f.yaml new file mode 100644 index 0000000000..b8c3168baa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profile-extra-fields-be030cdf4529b191ea63fd886a20439f.yaml @@ -0,0 +1,58 @@ +id: profile-extra-fields-be030cdf4529b191ea63fd886a20439f + +info: + name: > + Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/916c73e8-a150-4b35-8773-ea0ec29f7fd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profile-extra-fields/" + google-query: inurl:"/wp-content/plugins/profile-extra-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profile-extra-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profile-extra-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profile-extra-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-294749cd5a2ad1c57b32f41564fa1af1.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-294749cd5a2ad1c57b32f41564fa1af1.yaml new file mode 100644 index 0000000000..efe1c7ad46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-294749cd5a2ad1c57b32f41564fa1af1.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-294749cd5a2ad1c57b32f41564fa1af1 + +info: + name: > + ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5be103f-e174-47f9-8a1b-bb0d073c54e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-2f992f86ff54d554aa2e677bbff33be5.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-2f992f86ff54d554aa2e677bbff33be5.yaml new file mode 100644 index 0000000000..6401165715 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-2f992f86ff54d554aa2e677bbff33be5.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-2f992f86ff54d554aa2e677bbff33be5 + +info: + name: > + ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.0.3 - Missing Authorization to Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01cfd7db-f62d-4110-b9a4-49ff1e4e5e68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-44a5cf3e0ce958c3682da008c171fd01.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-44a5cf3e0ce958c3682da008c171fd01.yaml new file mode 100644 index 0000000000..ceec1858cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-44a5cf3e0ce958c3682da008c171fd01.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-44a5cf3e0ce958c3682da008c171fd01 + +info: + name: > + ProfileGrid <= 5.5.0 - Hardcoded Encryption Key + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d490bfb-6560-428e-ad91-0f8d8bc9b1f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-4a6b08579b21c259b0bca4ce2e0b2904.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-4a6b08579b21c259b0bca4ce2e0b2904.yaml new file mode 100644 index 0000000000..5046eec2ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-4a6b08579b21c259b0bca4ce2e0b2904.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-4a6b08579b21c259b0bca4ce2e0b2904 + +info: + name: > + ProfileGrid <= 5.7.6 - Authenticated (Subscriber+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de495201-669c-4483-b30d-bb2abf6fe6c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-4ca548e170bb0185c3dab51f55775413.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-4ca548e170bb0185c3dab51f55775413.yaml new file mode 100644 index 0000000000..76dcd69e9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-4ca548e170bb0185c3dab51f55775413.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-4ca548e170bb0185c3dab51f55775413 + +info: + name: > + ProfileGrid <= 5.7.1 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6eea2cb-a2a9-4f65-9aea-b88565e47503?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-59843f563a6293fb05b21fc44ccb51b3.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-59843f563a6293fb05b21fc44ccb51b3.yaml new file mode 100644 index 0000000000..958ba80d88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-59843f563a6293fb05b21fc44ccb51b3.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-59843f563a6293fb05b21fc44ccb51b3 + +info: + name: > + ProfileGrid <= 5.5.2 - Missing Authorization to Arbitrary Group Option Modification and Privilege Escalation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4766651-92a6-42c9-81bc-7ea25350f561?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-5fabed76f8f56020c1155c8f97c6681c.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-5fabed76f8f56020c1155c8f97c6681c.yaml new file mode 100644 index 0000000000..4b9c9c780a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-5fabed76f8f56020c1155c8f97c6681c.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-5fabed76f8f56020c1155c8f97c6681c + +info: + name: > + ProfileGrid <= 5.7.8 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c4c13c9-6f43-4a4d-b825-e246bf9a1e9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-602df06e81e9929680d21f57b3d3e3d7.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-602df06e81e9929680d21f57b3d3e3d7.yaml new file mode 100644 index 0000000000..f4a52ec6ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-602df06e81e9929680d21f57b3d3e3d7.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-602df06e81e9929680d21f57b3d3e3d7 + +info: + name: > + ProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/473ba791-af99-4aae-99cb-ccf220e443e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-614a90a330e23b7940675663ee8789c8.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-614a90a330e23b7940675663ee8789c8.yaml new file mode 100644 index 0000000000..b8a4a070da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-614a90a330e23b7940675663ee8789c8.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-614a90a330e23b7940675663ee8789c8 + +info: + name: > + ProfileGrid <= 5.8.2 - Bypass Group Members Limit + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e1fce43-03c0-4863-bf0c-60a3c510a01d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-639feb49244de37ebd2501828b79541b.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-639feb49244de37ebd2501828b79541b.yaml new file mode 100644 index 0000000000..8190387695 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-639feb49244de37ebd2501828b79541b.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-639feb49244de37ebd2501828b79541b + +info: + name: > + ProfileGrid <= 5.6.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb1cef-6e01-4bd7-b0bc-5d21295f119a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-749e9c4c45c9dfe7d4370d9e1054a6bf.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-749e9c4c45c9dfe7d4370d9e1054a6bf.yaml new file mode 100644 index 0000000000..da69537042 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-749e9c4c45c9dfe7d4370d9e1054a6bf.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-749e9c4c45c9dfe7d4370d9e1054a6bf + +info: + name: > + ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.7.9 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09b26b78-b587-42f6-a9e3-c2945e91d29e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-76473b3f668ab27ce2fcb0878efe87b4.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-76473b3f668ab27ce2fcb0878efe87b4.yaml new file mode 100644 index 0000000000..1ee6f6daf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-76473b3f668ab27ce2fcb0878efe87b4.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-76473b3f668ab27ce2fcb0878efe87b4 + +info: + name: > + ProfileGrid <= 5.6.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f58efd6c-58f2-464b-8aaf-f4f5c4c52f09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-7bf1226ebc8c449ae85cc65e327ee63d.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-7bf1226ebc8c449ae85cc65e327ee63d.yaml new file mode 100644 index 0000000000..1c001e3aee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-7bf1226ebc8c449ae85cc65e327ee63d.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-7bf1226ebc8c449ae85cc65e327ee63d + +info: + name: > + ProfileGrid – User Profiles, Memberships, Groups and Communities < 2.8.6 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f745652d-12d6-46cd-8599-0a42696cb45a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-865589c83192a271d43a839d1c2dd482.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-865589c83192a271d43a839d1c2dd482.yaml new file mode 100644 index 0000000000..a34c4ec694 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-865589c83192a271d43a839d1c2dd482.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-865589c83192a271d43a839d1c2dd482 + +info: + name: > + ProfileGrid <= 5.7.8 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9476b41d-a9a2-46a7-8cf1-62de5d1703b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-8781e1672be1a467451ab0b40e4c7713.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-8781e1672be1a467451ab0b40e4c7713.yaml new file mode 100644 index 0000000000..556989314f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-8781e1672be1a467451ab0b40e4c7713.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-8781e1672be1a467451ab0b40e4c7713 + +info: + name: > + ProfileGrid <= 5.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2436028-9ac2-4232-bccf-26019a26e186?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-87d13bf13b6be6962a557c3627b3cfe7.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-87d13bf13b6be6962a557c3627b3cfe7.yaml new file mode 100644 index 0000000000..e5f71d84be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-87d13bf13b6be6962a557c3627b3cfe7.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-87d13bf13b6be6962a557c3627b3cfe7 + +info: + name: > + ProfileGrid <= 5.1.7 - Authenticated (Subscriber+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9337519-0b33-43fa-9be4-2390b8b3afb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-913748097cb69a1df6b424d4a05f37a3.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-913748097cb69a1df6b424d4a05f37a3.yaml new file mode 100644 index 0000000000..6a15d6b511 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-913748097cb69a1df6b424d4a05f37a3.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-913748097cb69a1df6b424d4a05f37a3 + +info: + name: > + ProfileGrid <= 5.3.0 - Missing Authorization to Arbitrary Password Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58cf6e80-63dd-42dc-9c4a-7b5c092bc4cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-923942b507c5bb53ae8216a8af30479c.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-923942b507c5bb53ae8216a8af30479c.yaml new file mode 100644 index 0000000000..ed82e58832 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-923942b507c5bb53ae8216a8af30479c.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-923942b507c5bb53ae8216a8af30479c + +info: + name: > + ProfileGrid <= 5.7.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/134a3615-a9fa-48b5-8cd1-4c3fb24a777a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-a0b780503648451776551c0d1ff9b442.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-a0b780503648451776551c0d1ff9b442.yaml new file mode 100644 index 0000000000..e6fc1d7096 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-a0b780503648451776551c0d1ff9b442.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-a0b780503648451776551c0d1ff9b442 + +info: + name: > + ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c039d2fe-7518-4724-a025-6380a53fb58c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-b38eda58adcd55c816f6214da161bc56.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-b38eda58adcd55c816f6214da161bc56.yaml new file mode 100644 index 0000000000..fd5c2d54c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-b38eda58adcd55c816f6214da161bc56.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-b38eda58adcd55c816f6214da161bc56 + +info: + name: > + ProfileGrid – User Profiles, Memberships, Groups and Communities <= 4.7.4 - Stored Cross-Site Scripting via Profile + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03e6fa1d-0d6a-43e9-97ff-da874a51474a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-bfc26d10316dbb147d906861f757195d.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-bfc26d10316dbb147d906861f757195d.yaml new file mode 100644 index 0000000000..c003c35384 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-bfc26d10316dbb147d906861f757195d.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-bfc26d10316dbb147d906861f757195d + +info: + name: > + ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9489254-dbdc-4754-86d0-d28756b269a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-d335e6c8c52890984157995f488f49da.yaml b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-d335e6c8c52890984157995f488f49da.yaml new file mode 100644 index 0000000000..aef19a6572 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profilegrid-user-profiles-groups-and-communities-d335e6c8c52890984157995f488f49da.yaml @@ -0,0 +1,58 @@ +id: profilegrid-user-profiles-groups-and-communities-d335e6c8c52890984157995f488f49da + +info: + name: > + ProfileGrid <= 5.5.1 - Missing Authorization to User Import + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b335fc19-2998-4711-8813-6cb68d7447bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + google-query: inurl:"/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profilegrid-user-profiles-groups-and-communities,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profilegrid-user-profiles-groups-and-communities/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profilegrid-user-profiles-groups-and-communities" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profit-button-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/profit-button-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..b62aec3a87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profit-button-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: profit-button-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profit-button/" + google-query: inurl:"/wp-content/plugins/profit-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profit-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profit-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profit-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-1fba8e9934d599624fea9971897c6598.yaml b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-1fba8e9934d599624fea9971897c6598.yaml new file mode 100644 index 0000000000..2bd1fc0876 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-1fba8e9934d599624fea9971897c6598.yaml @@ -0,0 +1,58 @@ +id: profit-products-tables-for-woocommerce-1fba8e9934d599624fea9971897c6598 + +info: + name: > + Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profit-products-tables-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profit-products-tables-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-6a4904a703851349707d8d3d078c2123.yaml b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-6a4904a703851349707d8d3d078c2123.yaml new file mode 100644 index 0000000000..0a21d0ebd7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-6a4904a703851349707d8d3d078c2123.yaml @@ -0,0 +1,58 @@ +id: profit-products-tables-for-woocommerce-6a4904a703851349707d8d3d078c2123 + +info: + name: > + Active Products Tables for WooCommerce <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f18147d-60e6-447d-a6f5-6ad7b633e62c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profit-products-tables-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profit-products-tables-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-7734e62aac4f36040cb75f80a344eeea.yaml b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-7734e62aac4f36040cb75f80a344eeea.yaml new file mode 100644 index 0000000000..0756a9bf02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-7734e62aac4f36040cb75f80a344eeea.yaml @@ -0,0 +1,58 @@ +id: profit-products-tables-for-woocommerce-7734e62aac4f36040cb75f80a344eeea + +info: + name: > + Active Products Tables for WooCommerce <= 1.0.6.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1813aaca-3d5a-4650-8a8d-6b54311670f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profit-products-tables-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profit-products-tables-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-7a9d640d2710a17dd51cbd839f471ded.yaml b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-7a9d640d2710a17dd51cbd839f471ded.yaml new file mode 100644 index 0000000000..bf02df588a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-7a9d640d2710a17dd51cbd839f471ded.yaml @@ -0,0 +1,58 @@ +id: profit-products-tables-for-woocommerce-7a9d640d2710a17dd51cbd839f471ded + +info: + name: > + Active Products Tables for WooCommerce <= 1.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73a83f2b-835b-44cd-9d09-1b4fba3e9c8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profit-products-tables-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profit-products-tables-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-c3011a2eec39e2ae9754cf338940cb61.yaml b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-c3011a2eec39e2ae9754cf338940cb61.yaml new file mode 100644 index 0000000000..5877cd2103 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-c3011a2eec39e2ae9754cf338940cb61.yaml @@ -0,0 +1,58 @@ +id: profit-products-tables-for-woocommerce-c3011a2eec39e2ae9754cf338940cb61 + +info: + name: > + Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profit-products-tables-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profit-products-tables-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-ef26b2db7d3ee3da13d6289352e36f3b.yaml b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-ef26b2db7d3ee3da13d6289352e36f3b.yaml new file mode 100644 index 0000000000..5ad43208b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/profit-products-tables-for-woocommerce-ef26b2db7d3ee3da13d6289352e36f3b.yaml @@ -0,0 +1,58 @@ +id: profit-products-tables-for-woocommerce-ef26b2db7d3ee3da13d6289352e36f3b + +info: + name: > + Active Products Tables for WooCommerce <= 1.0.6 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5519d4e-84b5-4901-b55c-a0a919f4b6c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/profit-products-tables-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/profit-products-tables-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,profit-products-tables-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/profit-products-tables-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "profit-products-tables-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/progress-bar-941ae6e3f270ab1852f33bed4b21e75f.yaml b/nuclei-templates/cve-less/plugins/progress-bar-941ae6e3f270ab1852f33bed4b21e75f.yaml new file mode 100644 index 0000000000..efa7b983eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/progress-bar-941ae6e3f270ab1852f33bed4b21e75f.yaml @@ -0,0 +1,58 @@ +id: progress-bar-941ae6e3f270ab1852f33bed4b21e75f + +info: + name: > + Progress Bar <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppb shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/790bd89d-3913-4b43-9b00-7d4de5c4227d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/progress-bar/" + google-query: inurl:"/wp-content/plugins/progress-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,progress-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/progress-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "progress-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/progressive-license-5901a98b1164ea8a4d049ee273115818.yaml b/nuclei-templates/cve-less/plugins/progressive-license-5901a98b1164ea8a4d049ee273115818.yaml new file mode 100644 index 0000000000..557c9d012a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/progressive-license-5901a98b1164ea8a4d049ee273115818.yaml @@ -0,0 +1,58 @@ +id: progressive-license-5901a98b1164ea8a4d049ee273115818 + +info: + name: > + Progressive License <= 1.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef8a592a-8100-4347-8407-189ca2867c3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/progressive-license/" + google-query: inurl:"/wp-content/plugins/progressive-license/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,progressive-license,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/progressive-license/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "progressive-license" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/progressive-wp-87e99280c7fbf3c8ad55c6ac46aa584a.yaml b/nuclei-templates/cve-less/plugins/progressive-wp-87e99280c7fbf3c8ad55c6ac46aa584a.yaml new file mode 100644 index 0000000000..453fa13755 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/progressive-wp-87e99280c7fbf3c8ad55c6ac46aa584a.yaml @@ -0,0 +1,58 @@ +id: progressive-wp-87e99280c7fbf3c8ad55c6ac46aa584a + +info: + name: > + Progressive WordPress (PWA) <= 2.1.13 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ad0acd5-b5d8-481d-954e-a629bb0e11a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/progressive-wp/" + google-query: inurl:"/wp-content/plugins/progressive-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,progressive-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/progressive-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "progressive-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/project-app-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/project-app-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..0fdd04bede --- /dev/null +++ b/nuclei-templates/cve-less/plugins/project-app-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: project-app-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/project-app/" + google-query: inurl:"/wp-content/plugins/project-app/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,project-app,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/project-app/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "project-app" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/project-panorama-lite-f526a0fb0a181d070234f458832b61bd.yaml b/nuclei-templates/cve-less/plugins/project-panorama-lite-f526a0fb0a181d070234f458832b61bd.yaml new file mode 100644 index 0000000000..9633b4a8cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/project-panorama-lite-f526a0fb0a181d070234f458832b61bd.yaml @@ -0,0 +1,58 @@ +id: project-panorama-lite-f526a0fb0a181d070234f458832b61bd + +info: + name: > + Panorama – WordPress Project Management Plugin <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d131115b-e2c9-42c6-9262-a19272944652?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/project-panorama-lite/" + google-query: inurl:"/wp-content/plugins/project-panorama-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,project-panorama-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/project-panorama-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "project-panorama-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/project-source-code-download-55ee60e67d9e233077a29ca0b025c99e.yaml b/nuclei-templates/cve-less/plugins/project-source-code-download-55ee60e67d9e233077a29ca0b025c99e.yaml new file mode 100644 index 0000000000..94a44bd333 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/project-source-code-download-55ee60e67d9e233077a29ca0b025c99e.yaml @@ -0,0 +1,58 @@ +id: project-source-code-download-55ee60e67d9e233077a29ca0b025c99e + +info: + name: > + Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a042b1be-d39f-4d28-8566-d9974becdd40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/project-source-code-download/" + google-query: inurl:"/wp-content/plugins/project-source-code-download/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,project-source-code-download,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/project-source-code-download/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "project-source-code-download" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/project-status-e22d4b224819c0d0a8a173a4476a0e71.yaml b/nuclei-templates/cve-less/plugins/project-status-e22d4b224819c0d0a8a173a4476a0e71.yaml new file mode 100644 index 0000000000..19671b950b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/project-status-e22d4b224819c0d0a8a173a4476a0e71.yaml @@ -0,0 +1,58 @@ +id: project-status-e22d4b224819c0d0a8a173a4476a0e71 + +info: + name: > + Project Status <= 1.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aac9e0cb-cc1e-4041-bb92-21f94c8d35fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/project-status/" + google-query: inurl:"/wp-content/plugins/project-status/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,project-status,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/project-status/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "project-status" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/projecthuddle-child-site-c6a13766dfee309169a154d6bf63adc3.yaml b/nuclei-templates/cve-less/plugins/projecthuddle-child-site-c6a13766dfee309169a154d6bf63adc3.yaml new file mode 100644 index 0000000000..17a5933f7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/projecthuddle-child-site-c6a13766dfee309169a154d6bf63adc3.yaml @@ -0,0 +1,58 @@ +id: projecthuddle-child-site-c6a13766dfee309169a154d6bf63adc3 + +info: + name: > + ProjectHuddle Client Site <= 1.0.34 - Missing Authorization via ph_child_ajax_notice_handler + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d484500f-c8c1-4278-8a38-82a7fd5674f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/projecthuddle-child-site/" + google-query: inurl:"/wp-content/plugins/projecthuddle-child-site/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,projecthuddle-child-site,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/projecthuddle-child-site/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "projecthuddle-child-site" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/promobar-25d8c7ed5a7b1effbc548f589cbe27a9.yaml b/nuclei-templates/cve-less/plugins/promobar-25d8c7ed5a7b1effbc548f589cbe27a9.yaml new file mode 100644 index 0000000000..2d592c5055 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/promobar-25d8c7ed5a7b1effbc548f589cbe27a9.yaml @@ -0,0 +1,58 @@ +id: promobar-25d8c7ed5a7b1effbc548f589cbe27a9 + +info: + name: > + PromoBar by BestWebSoft – Customizable Advertisement Banner for WordPress Website <= 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3ea9e96-9958-4a4f-b988-6f024b113fc9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/promobar/" + google-query: inurl:"/wp-content/plugins/promobar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,promobar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/promobar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "promobar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/promotion-slider-bffa3ebfd0f8f4eee0788789721093cc.yaml b/nuclei-templates/cve-less/plugins/promotion-slider-bffa3ebfd0f8f4eee0788789721093cc.yaml new file mode 100644 index 0000000000..5f208b924e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/promotion-slider-bffa3ebfd0f8f4eee0788789721093cc.yaml @@ -0,0 +1,58 @@ +id: promotion-slider-bffa3ebfd0f8f4eee0788789721093cc + +info: + name: > + Promotion Slider <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd6350c-6da8-4d5a-8ceb-d587ddf40d1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/promotion-slider/" + google-query: inurl:"/wp-content/plugins/promotion-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,promotion-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/promotion-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "promotion-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/proofreading-716d3ddce65959ddfb011b7ca5f75416.yaml b/nuclei-templates/cve-less/plugins/proofreading-716d3ddce65959ddfb011b7ca5f75416.yaml new file mode 100644 index 0000000000..c61cbd55cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/proofreading-716d3ddce65959ddfb011b7ca5f75416.yaml @@ -0,0 +1,58 @@ +id: proofreading-716d3ddce65959ddfb011b7ca5f75416 + +info: + name: > + Proofreading <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e76e4c4c-3f84-46b0-b305-2513714a8525?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/proofreading/" + google-query: inurl:"/wp-content/plugins/proofreading/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,proofreading,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/proofreading/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "proofreading" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/propertyhive-0e504336a10f995a3d5ffd0688becb4a.yaml b/nuclei-templates/cve-less/plugins/propertyhive-0e504336a10f995a3d5ffd0688becb4a.yaml new file mode 100644 index 0000000000..2a82d97041 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/propertyhive-0e504336a10f995a3d5ffd0688becb4a.yaml @@ -0,0 +1,58 @@ +id: propertyhive-0e504336a10f995a3d5ffd0688becb4a + +info: + name: > + PropertyHive <= 2.0.9 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7b24b7c-1a15-4b38-b59e-bcad39cc4340?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/propertyhive/" + google-query: inurl:"/wp-content/plugins/propertyhive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,propertyhive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/propertyhive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "propertyhive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/propertyhive-269c54556a1ca81f568118ffc940071f.yaml b/nuclei-templates/cve-less/plugins/propertyhive-269c54556a1ca81f568118ffc940071f.yaml new file mode 100644 index 0000000000..8749915188 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/propertyhive-269c54556a1ca81f568118ffc940071f.yaml @@ -0,0 +1,58 @@ +id: propertyhive-269c54556a1ca81f568118ffc940071f + +info: + name: > + PropertyHive <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9a0ca58-ddc1-43ec-bb08-7fd31f92e275?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/propertyhive/" + google-query: inurl:"/wp-content/plugins/propertyhive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,propertyhive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/propertyhive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "propertyhive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/propertyhive-38f9b434ada5260ea345f99b88aaaba2.yaml b/nuclei-templates/cve-less/plugins/propertyhive-38f9b434ada5260ea345f99b88aaaba2.yaml new file mode 100644 index 0000000000..4d99f80974 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/propertyhive-38f9b434ada5260ea345f99b88aaaba2.yaml @@ -0,0 +1,58 @@ +id: propertyhive-38f9b434ada5260ea345f99b88aaaba2 + +info: + name: > + PropertyHive <= 1.5.48 - Reflected Cross-Site Scripting via date_post_id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea82e978-a653-4ae3-94aa-bc77b94a176c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/propertyhive/" + google-query: inurl:"/wp-content/plugins/propertyhive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,propertyhive,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/propertyhive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "propertyhive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.48') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/propertyhive-453cdccb9ec27998718a08f552017bc2.yaml b/nuclei-templates/cve-less/plugins/propertyhive-453cdccb9ec27998718a08f552017bc2.yaml new file mode 100644 index 0000000000..b538d68b90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/propertyhive-453cdccb9ec27998718a08f552017bc2.yaml @@ -0,0 +1,58 @@ +id: propertyhive-453cdccb9ec27998718a08f552017bc2 + +info: + name: > + PropertyHive <= 2.0.6 - Missing Authorization via activate_pro_feature + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84d55f24-c4de-4574-b0cc-cc1b4935d281?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/propertyhive/" + google-query: inurl:"/wp-content/plugins/propertyhive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,propertyhive,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/propertyhive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "propertyhive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/propertyhive-4ba37fc25b6b62478d53951a81386aeb.yaml b/nuclei-templates/cve-less/plugins/propertyhive-4ba37fc25b6b62478d53951a81386aeb.yaml new file mode 100644 index 0000000000..fef0125b24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/propertyhive-4ba37fc25b6b62478d53951a81386aeb.yaml @@ -0,0 +1,58 @@ +id: propertyhive-4ba37fc25b6b62478d53951a81386aeb + +info: + name: > + PropertyHive < 1.4.15 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e364f0c-17ea-4962-92d3-35bf5eb666ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/propertyhive/" + google-query: inurl:"/wp-content/plugins/propertyhive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,propertyhive,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/propertyhive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "propertyhive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/propertyhive-53a71e50160d96221b329d00809ca7b7.yaml b/nuclei-templates/cve-less/plugins/propertyhive-53a71e50160d96221b329d00809ca7b7.yaml new file mode 100644 index 0000000000..1bcb21bd41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/propertyhive-53a71e50160d96221b329d00809ca7b7.yaml @@ -0,0 +1,58 @@ +id: propertyhive-53a71e50160d96221b329d00809ca7b7 + +info: + name: > + PropertyHive <= 1.5.46 - Reflected Cross-Site Scripting via 'merge_ids' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f395100-cf1f-4a3e-a353-1aec6b4e7448?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/propertyhive/" + google-query: inurl:"/wp-content/plugins/propertyhive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,propertyhive,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/propertyhive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "propertyhive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/propertyhive-5e68a3cd88ecb3d8410d3d1d23bfef75.yaml b/nuclei-templates/cve-less/plugins/propertyhive-5e68a3cd88ecb3d8410d3d1d23bfef75.yaml new file mode 100644 index 0000000000..b5d0658bc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/propertyhive-5e68a3cd88ecb3d8410d3d1d23bfef75.yaml @@ -0,0 +1,58 @@ +id: propertyhive-5e68a3cd88ecb3d8410d3d1d23bfef75 + +info: + name: > + PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8d52ced-807b-48c0-bb7a-e40d143ae5d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/propertyhive/" + google-query: inurl:"/wp-content/plugins/propertyhive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,propertyhive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/propertyhive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "propertyhive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/propertyhive-deea856103e67ca13471337c06b08b93.yaml b/nuclei-templates/cve-less/plugins/propertyhive-deea856103e67ca13471337c06b08b93.yaml new file mode 100644 index 0000000000..5cc9d41962 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/propertyhive-deea856103e67ca13471337c06b08b93.yaml @@ -0,0 +1,58 @@ +id: propertyhive-deea856103e67ca13471337c06b08b93 + +info: + name: > + PropertyHive <= 2.0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e10fc7e4-11ec-409b-9f16-b38adceaf622?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/propertyhive/" + google-query: inurl:"/wp-content/plugins/propertyhive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,propertyhive,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/propertyhive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "propertyhive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/propertyhive-f53efc19e67fc15708f7aff7dc031f4c.yaml b/nuclei-templates/cve-less/plugins/propertyhive-f53efc19e67fc15708f7aff7dc031f4c.yaml new file mode 100644 index 0000000000..0c56d898c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/propertyhive-f53efc19e67fc15708f7aff7dc031f4c.yaml @@ -0,0 +1,58 @@ +id: propertyhive-f53efc19e67fc15708f7aff7dc031f4c + +info: + name: > + PropertyHive <= 2.0.5 - Unauthenticated PHP Object Injection via propertyhive_currency + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8ee82cf-916c-41e9-82d2-f25cc7a632ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/propertyhive/" + google-query: inurl:"/wp-content/plugins/propertyhive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,propertyhive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/propertyhive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "propertyhive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/proquoter-7ddce7ee421f18bacb72f14e66ea1bcb.yaml b/nuclei-templates/cve-less/plugins/proquoter-7ddce7ee421f18bacb72f14e66ea1bcb.yaml new file mode 100644 index 0000000000..af92e72999 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/proquoter-7ddce7ee421f18bacb72f14e66ea1bcb.yaml @@ -0,0 +1,58 @@ +id: proquoter-7ddce7ee421f18bacb72f14e66ea1bcb + +info: + name: > + Pro Quoter Plugin <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1903354e-f53a-4005-b93b-c91d268f7a5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/proquoter/" + google-query: inurl:"/wp-content/plugins/proquoter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,proquoter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/proquoter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "proquoter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/protect-wp-admin-0e3824b9f05a1d4071b5fbf703950004.yaml b/nuclei-templates/cve-less/plugins/protect-wp-admin-0e3824b9f05a1d4071b5fbf703950004.yaml new file mode 100644 index 0000000000..c564e481ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/protect-wp-admin-0e3824b9f05a1d4071b5fbf703950004.yaml @@ -0,0 +1,58 @@ +id: protect-wp-admin-0e3824b9f05a1d4071b5fbf703950004 + +info: + name: > + Protect WP Admin <= 3.6 - Unauthenticated Plugin Deactivation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2295b532-7833-4f5d-9778-de26390b04bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/protect-wp-admin/" + google-query: inurl:"/wp-content/plugins/protect-wp-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,protect-wp-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/protect-wp-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "protect-wp-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/protect-wp-admin-ec9f7eccec9ca008528410c831cadf91.yaml b/nuclei-templates/cve-less/plugins/protect-wp-admin-ec9f7eccec9ca008528410c831cadf91.yaml new file mode 100644 index 0000000000..9c56e18295 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/protect-wp-admin-ec9f7eccec9ca008528410c831cadf91.yaml @@ -0,0 +1,58 @@ +id: protect-wp-admin-ec9f7eccec9ca008528410c831cadf91 + +info: + name: > + Protect WP Admin <= 3.8 - Unauthenticated Information Disclosure to Protection Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7012b34d-8d65-4575-9965-417739206b5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/protect-wp-admin/" + google-query: inurl:"/wp-content/plugins/protect-wp-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,protect-wp-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/protect-wp-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "protect-wp-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/protected-posts-logout-button-5d1bfbb84afa64ba47c235dccca370e2.yaml b/nuclei-templates/cve-less/plugins/protected-posts-logout-button-5d1bfbb84afa64ba47c235dccca370e2.yaml new file mode 100644 index 0000000000..395bd65805 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/protected-posts-logout-button-5d1bfbb84afa64ba47c235dccca370e2.yaml @@ -0,0 +1,58 @@ +id: protected-posts-logout-button-5d1bfbb84afa64ba47c235dccca370e2 + +info: + name: > + Protected Posts Logout Button <= 1.4.5 - Missing Authorization on pplb_options_save + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b87f8bd6-d00d-4062-bf27-b698a1d7e757?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/protected-posts-logout-button/" + google-query: inurl:"/wp-content/plugins/protected-posts-logout-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,protected-posts-logout-button,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/protected-posts-logout-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "protected-posts-logout-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/protected-posts-logout-button-c17395d57aa530c1ca072f07b2b709c1.yaml b/nuclei-templates/cve-less/plugins/protected-posts-logout-button-c17395d57aa530c1ca072f07b2b709c1.yaml new file mode 100644 index 0000000000..a99e539a94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/protected-posts-logout-button-c17395d57aa530c1ca072f07b2b709c1.yaml @@ -0,0 +1,58 @@ +id: protected-posts-logout-button-c17395d57aa530c1ca072f07b2b709c1 + +info: + name: > + Protected Posts Logout Button <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6be26c07-cac4-42d8-becb-03045a54cd6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/protected-posts-logout-button/" + google-query: inurl:"/wp-content/plugins/protected-posts-logout-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,protected-posts-logout-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/protected-posts-logout-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "protected-posts-logout-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ps-phpcaptcha-e1c57fbc348dfda4a7e2fa9073819ee6.yaml b/nuclei-templates/cve-less/plugins/ps-phpcaptcha-e1c57fbc348dfda4a7e2fa9073819ee6.yaml new file mode 100644 index 0000000000..8d2327c6a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ps-phpcaptcha-e1c57fbc348dfda4a7e2fa9073819ee6.yaml @@ -0,0 +1,58 @@ +id: ps-phpcaptcha-e1c57fbc348dfda4a7e2fa9073819ee6 + +info: + name: > + PS PHPCaptcha <= 1.1.0 - Authenticated Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9ed7e26-34f0-4e5d-b560-03b1de9c5c95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ps-phpcaptcha/" + google-query: inurl:"/wp-content/plugins/ps-phpcaptcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ps-phpcaptcha,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ps-phpcaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ps-phpcaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pt-elementor-addons-lite-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/pt-elementor-addons-lite-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..75e77314f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pt-elementor-addons-lite-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: pt-elementor-addons-lite-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pt-elementor-addons-lite/" + google-query: inurl:"/wp-content/plugins/pt-elementor-addons-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pt-elementor-addons-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pt-elementor-addons-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pt-elementor-addons-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ptoffice-sign-ups-061a0160582ddd92c54f532180e67c97.yaml b/nuclei-templates/cve-less/plugins/ptoffice-sign-ups-061a0160582ddd92c54f532180e67c97.yaml new file mode 100644 index 0000000000..98cd20820c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ptoffice-sign-ups-061a0160582ddd92c54f532180e67c97.yaml @@ -0,0 +1,58 @@ +id: ptoffice-sign-ups-061a0160582ddd92c54f532180e67c97 + +info: + name: > + PT Sign Ups <= 1.0.4 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b751191b-35a8-4331-ac3f-f6090221c65f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ptoffice-sign-ups/" + google-query: inurl:"/wp-content/plugins/ptoffice-sign-ups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ptoffice-sign-ups,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ptoffice-sign-ups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ptoffice-sign-ups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ptypeconverter-bc684639838d61cf579a672d96063b79.yaml b/nuclei-templates/cve-less/plugins/ptypeconverter-bc684639838d61cf579a672d96063b79.yaml new file mode 100644 index 0000000000..2b2dc78890 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ptypeconverter-bc684639838d61cf579a672d96063b79.yaml @@ -0,0 +1,58 @@ +id: ptypeconverter-bc684639838d61cf579a672d96063b79 + +info: + name: > + pTypeConverter <= 0.2.8.1 - Authenticated (Editor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3c26454-a91d-4141-9b31-5c902c5e8eec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ptypeconverter/" + google-query: inurl:"/wp-content/plugins/ptypeconverter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ptypeconverter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ptypeconverter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ptypeconverter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/publish-confirm-message-6c62a897542f5fcbb95887f636c680c5.yaml b/nuclei-templates/cve-less/plugins/publish-confirm-message-6c62a897542f5fcbb95887f636c680c5.yaml new file mode 100644 index 0000000000..2179e080fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/publish-confirm-message-6c62a897542f5fcbb95887f636c680c5.yaml @@ -0,0 +1,58 @@ +id: publish-confirm-message-6c62a897542f5fcbb95887f636c680c5 + +info: + name: > + Publish Confirm Message <= 1.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05c2707c-c737-4f95-83e0-b0a4e0883d4b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/publish-confirm-message/" + google-query: inurl:"/wp-content/plugins/publish-confirm-message/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,publish-confirm-message,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/publish-confirm-message/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "publish-confirm-message" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/publish-post-email-notification-a18a9d03d5ff2c74e7d4dd874ea75ae5.yaml b/nuclei-templates/cve-less/plugins/publish-post-email-notification-a18a9d03d5ff2c74e7d4dd874ea75ae5.yaml new file mode 100644 index 0000000000..a0340838d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/publish-post-email-notification-a18a9d03d5ff2c74e7d4dd874ea75ae5.yaml @@ -0,0 +1,58 @@ +id: publish-post-email-notification-a18a9d03d5ff2c74e7d4dd874ea75ae5 + +info: + name: > + wordpress publish post email notification <= 1.0.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/705d11b1-0924-46ae-a6e6-8fab16a4df00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/publish-post-email-notification/" + google-query: inurl:"/wp-content/plugins/publish-post-email-notification/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,publish-post-email-notification,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/publish-post-email-notification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "publish-post-email-notification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/publish-to-schedule-577c8d638d67108f4b264900ccfdf446.yaml b/nuclei-templates/cve-less/plugins/publish-to-schedule-577c8d638d67108f4b264900ccfdf446.yaml new file mode 100644 index 0000000000..8cecdafe80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/publish-to-schedule-577c8d638d67108f4b264900ccfdf446.yaml @@ -0,0 +1,58 @@ +id: publish-to-schedule-577c8d638d67108f4b264900ccfdf446 + +info: + name: > + Publish to Schedule <= 4.4.2 - Cross-Site Request Forgery leading to Plugin Option Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a438ec56-8ddc-4cea-8d93-c8f79b46f47e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/publish-to-schedule/" + google-query: inurl:"/wp-content/plugins/publish-to-schedule/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,publish-to-schedule,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/publish-to-schedule/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "publish-to-schedule" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/publish-to-schedule-fed0833f3ebebd240e7a0f4e9421be22.yaml b/nuclei-templates/cve-less/plugins/publish-to-schedule-fed0833f3ebebd240e7a0f4e9421be22.yaml new file mode 100644 index 0000000000..a1f300faa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/publish-to-schedule-fed0833f3ebebd240e7a0f4e9421be22.yaml @@ -0,0 +1,58 @@ +id: publish-to-schedule-fed0833f3ebebd240e7a0f4e9421be22 + +info: + name: > + Publish to Schedule <= 4.5.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e2014bd-2809-4f79-913d-d7a35eda63ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/publish-to-schedule/" + google-query: inurl:"/wp-content/plugins/publish-to-schedule/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,publish-to-schedule,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/publish-to-schedule/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "publish-to-schedule" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/publisher-media-kit-f9078038dec7d199edb0413f76661495.yaml b/nuclei-templates/cve-less/plugins/publisher-media-kit-f9078038dec7d199edb0413f76661495.yaml new file mode 100644 index 0000000000..a96f939a08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/publisher-media-kit-f9078038dec7d199edb0413f76661495.yaml @@ -0,0 +1,58 @@ +id: publisher-media-kit-f9078038dec7d199edb0413f76661495 + +info: + name: > + Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d535c069-cfa3-4c41-9a01-b4c4e7c75764?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/publisher-media-kit/" + google-query: inurl:"/wp-content/plugins/publisher-media-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,publisher-media-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/publisher-media-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "publisher-media-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pubsubhubbub-380fec032d7d63f91e53bba15b6960ee.yaml b/nuclei-templates/cve-less/plugins/pubsubhubbub-380fec032d7d63f91e53bba15b6960ee.yaml new file mode 100644 index 0000000000..6e3440aeae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pubsubhubbub-380fec032d7d63f91e53bba15b6960ee.yaml @@ -0,0 +1,58 @@ +id: pubsubhubbub-380fec032d7d63f91e53bba15b6960ee + +info: + name: > + WebSub (FKA. PubSubHubbub) <= 3.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f07b166b-3436-4797-a2df-096ff7c27a09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pubsubhubbub/" + google-query: inurl:"/wp-content/plugins/pubsubhubbub/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pubsubhubbub,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pubsubhubbub/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pubsubhubbub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pubydoc-data-tables-and-charts-04f39942fc16c2a7c2f6145e385c8d07.yaml b/nuclei-templates/cve-less/plugins/pubydoc-data-tables-and-charts-04f39942fc16c2a7c2f6145e385c8d07.yaml new file mode 100644 index 0000000000..f95badf900 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pubydoc-data-tables-and-charts-04f39942fc16c2a7c2f6145e385c8d07.yaml @@ -0,0 +1,58 @@ +id: pubydoc-data-tables-and-charts-04f39942fc16c2a7c2f6145e385c8d07 + +info: + name: > + PubyDoc <= 2.0.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3badf9b8-7558-4a46-9eb2-cd119a77c903?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pubydoc-data-tables-and-charts/" + google-query: inurl:"/wp-content/plugins/pubydoc-data-tables-and-charts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pubydoc-data-tables-and-charts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pubydoc-data-tables-and-charts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pubydoc-data-tables-and-charts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pure-chat-388546e2e07357a0226d8ddb30b48362.yaml b/nuclei-templates/cve-less/plugins/pure-chat-388546e2e07357a0226d8ddb30b48362.yaml new file mode 100644 index 0000000000..259631caea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pure-chat-388546e2e07357a0226d8ddb30b48362.yaml @@ -0,0 +1,58 @@ +id: pure-chat-388546e2e07357a0226d8ddb30b48362 + +info: + name: > + Pure Chat – Live Chat Plugin & More! <= 2.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d03c798-dc77-407c-8674-d0bd2f1ada8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pure-chat/" + google-query: inurl:"/wp-content/plugins/pure-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pure-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pure-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pure-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/purple-xmls-google-product-feed-for-woocommerce-0c6025826e5726423a84ca94ebcaa441.yaml b/nuclei-templates/cve-less/plugins/purple-xmls-google-product-feed-for-woocommerce-0c6025826e5726423a84ca94ebcaa441.yaml new file mode 100644 index 0000000000..4506b0b530 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/purple-xmls-google-product-feed-for-woocommerce-0c6025826e5726423a84ca94ebcaa441.yaml @@ -0,0 +1,58 @@ +id: purple-xmls-google-product-feed-for-woocommerce-0c6025826e5726423a84ca94ebcaa441 + +info: + name: > + Product Feed on WooCommerce for Google <= 3.5.7 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46ab2615-a1eb-4740-836c-781e961252e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,purple-xmls-google-product-feed-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "purple-xmls-google-product-feed-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/purple-xmls-google-product-feed-for-woocommerce-4e655e8637363048266492f0b32a6610.yaml b/nuclei-templates/cve-less/plugins/purple-xmls-google-product-feed-for-woocommerce-4e655e8637363048266492f0b32a6610.yaml new file mode 100644 index 0000000000..08350e901e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/purple-xmls-google-product-feed-for-woocommerce-4e655e8637363048266492f0b32a6610.yaml @@ -0,0 +1,58 @@ +id: purple-xmls-google-product-feed-for-woocommerce-4e655e8637363048266492f0b32a6610 + +info: + name: > + Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More < 3.3.1.0 - Authenticated SQL Injection via product_id Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cc83edb-44ce-4dc9-8cba-734775a94779?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,purple-xmls-google-product-feed-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/purple-xmls-google-product-feed-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "purple-xmls-google-product-feed-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/push-notification-by-feedify-851c9539a872462d0d73ba1acd344a0c.yaml b/nuclei-templates/cve-less/plugins/push-notification-by-feedify-851c9539a872462d0d73ba1acd344a0c.yaml new file mode 100644 index 0000000000..583b300fed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/push-notification-by-feedify-851c9539a872462d0d73ba1acd344a0c.yaml @@ -0,0 +1,58 @@ +id: push-notification-by-feedify-851c9539a872462d0d73ba1acd344a0c + +info: + name: > + Feedify – Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7d74fa8-43ba-41ac-82ec-94addc88fc52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/push-notification-by-feedify/" + google-query: inurl:"/wp-content/plugins/push-notification-by-feedify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,push-notification-by-feedify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/push-notification-by-feedify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "push-notification-by-feedify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/push-notification-for-wp-by-pushassist-0be29b33ea0746b92d956c4f705ae369.yaml b/nuclei-templates/cve-less/plugins/push-notification-for-wp-by-pushassist-0be29b33ea0746b92d956c4f705ae369.yaml new file mode 100644 index 0000000000..5618e5b951 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/push-notification-for-wp-by-pushassist-0be29b33ea0746b92d956c4f705ae369.yaml @@ -0,0 +1,58 @@ +id: push-notification-for-wp-by-pushassist-0be29b33ea0746b92d956c4f705ae369 + +info: + name: > + Push Notifications for WordPress by PushAssist <= 3.0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4454376-7c18-4f0e-a192-80212a59d94b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/push-notification-for-wp-by-pushassist/" + google-query: inurl:"/wp-content/plugins/push-notification-for-wp-by-pushassist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,push-notification-for-wp-by-pushassist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/push-notification-for-wp-by-pushassist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "push-notification-for-wp-by-pushassist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/push-notifications-for-wp-1aa0482b62398dab21c7b36e9908a28d.yaml b/nuclei-templates/cve-less/plugins/push-notifications-for-wp-1aa0482b62398dab21c7b36e9908a28d.yaml new file mode 100644 index 0000000000..b7b12cf6cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/push-notifications-for-wp-1aa0482b62398dab21c7b36e9908a28d.yaml @@ -0,0 +1,58 @@ +id: push-notifications-for-wp-1aa0482b62398dab21c7b36e9908a28d + +info: + name: > + Push Notifications for WordPress (Lite) < 6.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5d6e18b-00d0-4f02-b56b-692170c08d99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/push-notifications-for-wp/" + google-query: inurl:"/wp-content/plugins/push-notifications-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,push-notifications-for-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/push-notifications-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "push-notifications-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pwa-for-wp-a3f1f9f4718f614e268d95c106a320c2.yaml b/nuclei-templates/cve-less/plugins/pwa-for-wp-a3f1f9f4718f614e268d95c106a320c2.yaml new file mode 100644 index 0000000000..2ccfe99371 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pwa-for-wp-a3f1f9f4718f614e268d95c106a320c2.yaml @@ -0,0 +1,58 @@ +id: pwa-for-wp-a3f1f9f4718f614e268d95c106a320c2 + +info: + name: > + PWA for WP & AMP < = 1.7.32 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9892dd1-3939-41a9-a828-fa1bf7d96eb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pwa-for-wp/" + google-query: inurl:"/wp-content/plugins/pwa-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pwa-for-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pwa-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pwa-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pwa-for-wp-fe4487fc151c051d39c023720ae70292.yaml b/nuclei-templates/cve-less/plugins/pwa-for-wp-fe4487fc151c051d39c023720ae70292.yaml new file mode 100644 index 0000000000..edf1862f55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pwa-for-wp-fe4487fc151c051d39c023720ae70292.yaml @@ -0,0 +1,58 @@ +id: pwa-for-wp-fe4487fc151c051d39c023720ae70292 + +info: + name: > + PWA for WP & AMP <= 1.7.32 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6082791e-feac-41f7-b565-9d98624ddf50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pwa-for-wp/" + google-query: inurl:"/wp-content/plugins/pwa-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pwa-for-wp,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pwa-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pwa-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pwgrandom-fab925188af5751f6804af30f809b504.yaml b/nuclei-templates/cve-less/plugins/pwgrandom-fab925188af5751f6804af30f809b504.yaml new file mode 100644 index 0000000000..1f7b2b53a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pwgrandom-fab925188af5751f6804af30f809b504.yaml @@ -0,0 +1,58 @@ +id: pwgrandom-fab925188af5751f6804af30f809b504 + +info: + name: > + PWGRandom <= 1.11 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e47528d-993c-434c-a077-9c614e56f39f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pwgrandom/" + google-query: inurl:"/wp-content/plugins/pwgrandom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pwgrandom,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pwgrandom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pwgrandom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pz-linkcard-5e2dbe8495edd1ca09ac4612c6d74e51.yaml b/nuclei-templates/cve-less/plugins/pz-linkcard-5e2dbe8495edd1ca09ac4612c6d74e51.yaml new file mode 100644 index 0000000000..d92303eb9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pz-linkcard-5e2dbe8495edd1ca09ac4612c6d74e51.yaml @@ -0,0 +1,58 @@ +id: pz-linkcard-5e2dbe8495edd1ca09ac4612c6d74e51 + +info: + name: > + Pz-LinkCard <= 2.5.2 - Cross-Site Request Forgery via page_cacheman + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6de97ac-127d-47ec-8b74-03e7fa4932f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pz-linkcard/" + google-query: inurl:"/wp-content/plugins/pz-linkcard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pz-linkcard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pz-linkcard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pz-linkcard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pz-linkcard-94984c10367f1fcd785a8a0e382575e0.yaml b/nuclei-templates/cve-less/plugins/pz-linkcard-94984c10367f1fcd785a8a0e382575e0.yaml new file mode 100644 index 0000000000..7cd9259a3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pz-linkcard-94984c10367f1fcd785a8a0e382575e0.yaml @@ -0,0 +1,58 @@ +id: pz-linkcard-94984c10367f1fcd785a8a0e382575e0 + +info: + name: > + Pz-LinkCard <= 2.5.2 - Sever-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1173e2ad-c53d-4d37-9c77-4b63f04ff335?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pz-linkcard/" + google-query: inurl:"/wp-content/plugins/pz-linkcard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pz-linkcard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pz-linkcard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pz-linkcard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pz-linkcard-a7098d4414a3fb82cc8c3dc220f2fa3d.yaml b/nuclei-templates/cve-less/plugins/pz-linkcard-a7098d4414a3fb82cc8c3dc220f2fa3d.yaml new file mode 100644 index 0000000000..4725342e59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pz-linkcard-a7098d4414a3fb82cc8c3dc220f2fa3d.yaml @@ -0,0 +1,58 @@ +id: pz-linkcard-a7098d4414a3fb82cc8c3dc220f2fa3d + +info: + name: > + Pz-LinkCard <= 2.5.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a222c714-7c54-4c86-b6af-abdfeb966250?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pz-linkcard/" + google-query: inurl:"/wp-content/plugins/pz-linkcard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pz-linkcard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pz-linkcard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pz-linkcard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pz-linkcard-c229c4974b89d25a5147c1603f3793b5.yaml b/nuclei-templates/cve-less/plugins/pz-linkcard-c229c4974b89d25a5147c1603f3793b5.yaml new file mode 100644 index 0000000000..90e9922e3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pz-linkcard-c229c4974b89d25a5147c1603f3793b5.yaml @@ -0,0 +1,58 @@ +id: pz-linkcard-c229c4974b89d25a5147c1603f3793b5 + +info: + name: > + Pz-LinkCard <= 2.4.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b41a6bd-8b0c-4d00-8cc3-9589fca5e406?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pz-linkcard/" + google-query: inurl:"/wp-content/plugins/pz-linkcard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pz-linkcard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pz-linkcard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pz-linkcard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/pz-linkcard-d7741f047915382e7e65e25c2ecaf00c.yaml b/nuclei-templates/cve-less/plugins/pz-linkcard-d7741f047915382e7e65e25c2ecaf00c.yaml new file mode 100644 index 0000000000..24d7ed3795 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/pz-linkcard-d7741f047915382e7e65e25c2ecaf00c.yaml @@ -0,0 +1,58 @@ +id: pz-linkcard-d7741f047915382e7e65e25c2ecaf00c + +info: + name: > + Pz-LinkCard <= 2.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0a0303a-2c8e-4ac5-ad89-df3774db9679?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/pz-linkcard/" + google-query: inurl:"/wp-content/plugins/pz-linkcard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,pz-linkcard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/pz-linkcard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pz-linkcard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/q2w3-inc-manager-f5f5e3a5ee363b242df2c9cf1503d06e.yaml b/nuclei-templates/cve-less/plugins/q2w3-inc-manager-f5f5e3a5ee363b242df2c9cf1503d06e.yaml new file mode 100644 index 0000000000..3fdb4e72ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/q2w3-inc-manager-f5f5e3a5ee363b242df2c9cf1503d06e.yaml @@ -0,0 +1,58 @@ +id: q2w3-inc-manager-f5f5e3a5ee363b242df2c9cf1503d06e + +info: + name: > + Code Insert Manager (Q2W3 Inc Manager) <= 2.5.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6662c336-c8b6-4017-835f-a91f1abda400?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/q2w3-inc-manager/" + google-query: inurl:"/wp-content/plugins/q2w3-inc-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,q2w3-inc-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/q2w3-inc-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "q2w3-inc-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/q2w3-post-order-fbe56fde0056bf97342eed3fc2b3be5e.yaml b/nuclei-templates/cve-less/plugins/q2w3-post-order-fbe56fde0056bf97342eed3fc2b3be5e.yaml new file mode 100644 index 0000000000..7e4c83e970 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/q2w3-post-order-fbe56fde0056bf97342eed3fc2b3be5e.yaml @@ -0,0 +1,58 @@ +id: q2w3-post-order-fbe56fde0056bf97342eed3fc2b3be5e + +info: + name: > + Q2W3 Post Order <= 1.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/affc9dff-75a1-4cb3-8465-55254db6441b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/q2w3-post-order/" + google-query: inurl:"/wp-content/plugins/q2w3-post-order/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,q2w3-post-order,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/q2w3-post-order/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "q2w3-post-order" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qards-70d2ed5770a2a31bdff6c60df8512383.yaml b/nuclei-templates/cve-less/plugins/qards-70d2ed5770a2a31bdff6c60df8512383.yaml new file mode 100644 index 0000000000..bdb9ca03d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qards-70d2ed5770a2a31bdff6c60df8512383.yaml @@ -0,0 +1,58 @@ +id: qards-70d2ed5770a2a31bdff6c60df8512383 + +info: + name: > + Qards (All Versions) - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/645ad965-4da3-45e4-aa9e-d5f5f8c9f087?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qards/" + google-query: inurl:"/wp-content/plugins/qards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qards,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qards-e6cabe992a07b751187d2c7299c53fb6.yaml b/nuclei-templates/cve-less/plugins/qards-e6cabe992a07b751187d2c7299c53fb6.yaml new file mode 100644 index 0000000000..0b1d610bf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qards-e6cabe992a07b751187d2c7299c53fb6.yaml @@ -0,0 +1,58 @@ +id: qards-e6cabe992a07b751187d2c7299c53fb6 + +info: + name: > + Qards (Unspecified Version) - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e95ded5-ebf7-4ed3-a194-7e7e494d0c40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qards/" + google-query: inurl:"/wp-content/plugins/qards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qards,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qards-free-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/qards-free-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..95c4f475c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qards-free-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: qards-free-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qards-free/" + google-query: inurl:"/wp-content/plugins/qards-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qards-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qards-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qards-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qe-seo-handyman-72e98d054dd35c38c2ccedc1b3e556e3.yaml b/nuclei-templates/cve-less/plugins/qe-seo-handyman-72e98d054dd35c38c2ccedc1b3e556e3.yaml new file mode 100644 index 0000000000..ee64c0cf90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qe-seo-handyman-72e98d054dd35c38c2ccedc1b3e556e3.yaml @@ -0,0 +1,58 @@ +id: qe-seo-handyman-72e98d054dd35c38c2ccedc1b3e556e3 + +info: + name: > + Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa05ad02-8625-4bf9-983e-548fbb7634f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qe-seo-handyman/" + google-query: inurl:"/wp-content/plugins/qe-seo-handyman/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qe-seo-handyman,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qe-seo-handyman/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qe-seo-handyman" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qe-seo-handyman-9b3e1e16f60897007a08c1914eadf98c.yaml b/nuclei-templates/cve-less/plugins/qe-seo-handyman-9b3e1e16f60897007a08c1914eadf98c.yaml new file mode 100644 index 0000000000..3a71ef4f6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qe-seo-handyman-9b3e1e16f60897007a08c1914eadf98c.yaml @@ -0,0 +1,58 @@ +id: qe-seo-handyman-9b3e1e16f60897007a08c1914eadf98c + +info: + name: > + Qe SEO Handyman <= 1.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e659cc27-ae01-4d7b-a6f4-9fcb2aeb1b57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qe-seo-handyman/" + google-query: inurl:"/wp-content/plugins/qe-seo-handyman/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qe-seo-handyman,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qe-seo-handyman/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qe-seo-handyman" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-236ec29d3a581237ffdca9038176da82.yaml b/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-236ec29d3a581237ffdca9038176da82.yaml new file mode 100644 index 0000000000..70a0e28e16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-236ec29d3a581237ffdca9038176da82.yaml @@ -0,0 +1,58 @@ +id: qi-addons-for-elementor-236ec29d3a581237ffdca9038176da82 + +info: + name: > + Qi Addons For Elementor <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e154a12d-8ade-456e-ad64-e1cd419e2b2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qi-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/qi-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qi-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qi-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-5f28fbeb41c87c1968016458f52b73af.yaml b/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-5f28fbeb41c87c1968016458f52b73af.yaml new file mode 100644 index 0000000000..8fd10c6432 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-5f28fbeb41c87c1968016458f52b73af.yaml @@ -0,0 +1,58 @@ +id: qi-addons-for-elementor-5f28fbeb41c87c1968016458f52b73af + +info: + name: > + Qi Addons For Elementor <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40a883e8-7ce0-4fca-a585-428b67144694?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qi-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/qi-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qi-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qi-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-d88df7a254a138ad74fa62f540e9ec2c.yaml b/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-d88df7a254a138ad74fa62f540e9ec2c.yaml new file mode 100644 index 0000000000..dc67d3de4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-d88df7a254a138ad74fa62f540e9ec2c.yaml @@ -0,0 +1,58 @@ +id: qi-addons-for-elementor-d88df7a254a138ad74fa62f540e9ec2c + +info: + name: > + Qi Addons For Elementor <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb228bda-5094-4e54-a197-3b66376e2216?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qi-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/qi-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qi-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qi-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-fc19ca606bef9f853ea0565c4043c5ce.yaml b/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-fc19ca606bef9f853ea0565c4043c5ce.yaml new file mode 100644 index 0000000000..4230b893c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qi-addons-for-elementor-fc19ca606bef9f853ea0565c4043c5ce.yaml @@ -0,0 +1,58 @@ +id: qi-addons-for-elementor-fc19ca606bef9f853ea0565c4043c5ce + +info: + name: > + Qi Addons For Elementor <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d979950-d365-4750-a4f1-df9335d3452d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qi-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/qi-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qi-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qi-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qi-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qode-essential-addons-204d25ca766e5be5a84be69d8f92acaa.yaml b/nuclei-templates/cve-less/plugins/qode-essential-addons-204d25ca766e5be5a84be69d8f92acaa.yaml new file mode 100644 index 0000000000..125d288d08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qode-essential-addons-204d25ca766e5be5a84be69d8f92acaa.yaml @@ -0,0 +1,58 @@ +id: qode-essential-addons-204d25ca766e5be5a84be69d8f92acaa + +info: + name: > + Qode Essential Addons <= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/443c59b9-275d-4d17-a870-9ae013c1a5c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qode-essential-addons/" + google-query: inurl:"/wp-content/plugins/qode-essential-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qode-essential-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qode-essential-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qode-essential-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qr-code-composer-d93a6b7f14b256d2a3a93d0625fdf894.yaml b/nuclei-templates/cve-less/plugins/qr-code-composer-d93a6b7f14b256d2a3a93d0625fdf894.yaml new file mode 100644 index 0000000000..1e10186c85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qr-code-composer-d93a6b7f14b256d2a3a93d0625fdf894.yaml @@ -0,0 +1,58 @@ +id: qr-code-composer-d93a6b7f14b256d2a3a93d0625fdf894 + +info: + name: > + QR Code Composer – Automatic QR code Generator <= 2.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8adfd055-833c-41f8-99b7-ebc4c2231973?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qr-code-composer/" + google-query: inurl:"/wp-content/plugins/qr-code-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qr-code-composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qr-code-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qr-code-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qr-code-tag-01bea8ce6854ad71bd30075dcae56490.yaml b/nuclei-templates/cve-less/plugins/qr-code-tag-01bea8ce6854ad71bd30075dcae56490.yaml new file mode 100644 index 0000000000..ad889f7fc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qr-code-tag-01bea8ce6854ad71bd30075dcae56490.yaml @@ -0,0 +1,58 @@ +id: qr-code-tag-01bea8ce6854ad71bd30075dcae56490 + +info: + name: > + QR Code Tag <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be004002-a3ac-46e9-b0c1-258f05f97b2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qr-code-tag/" + google-query: inurl:"/wp-content/plugins/qr-code-tag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qr-code-tag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qr-code-tag/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qr-code-tag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qr-redirector-c050d4c8a8366a715e53188fca3792c1.yaml b/nuclei-templates/cve-less/plugins/qr-redirector-c050d4c8a8366a715e53188fca3792c1.yaml new file mode 100644 index 0000000000..7033680699 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qr-redirector-c050d4c8a8366a715e53188fca3792c1.yaml @@ -0,0 +1,58 @@ +id: qr-redirector-c050d4c8a8366a715e53188fca3792c1 + +info: + name: > + QR Redirector < 1.6.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2ee795-39e5-48c2-ac2a-cfc520bdd857?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qr-redirector/" + google-query: inurl:"/wp-content/plugins/qr-redirector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qr-redirector,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qr-redirector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qr-redirector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qr-redirector-c4d987240409a1f0d12971f957b18465.yaml b/nuclei-templates/cve-less/plugins/qr-redirector-c4d987240409a1f0d12971f957b18465.yaml new file mode 100644 index 0000000000..a236ed79d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qr-redirector-c4d987240409a1f0d12971f957b18465.yaml @@ -0,0 +1,58 @@ +id: qr-redirector-c4d987240409a1f0d12971f957b18465 + +info: + name: > + QR Redirector <= 1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82f311a5-6ef3-4052-ab9d-fdb23f7b7406?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qr-redirector/" + google-query: inurl:"/wp-content/plugins/qr-redirector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qr-redirector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qr-redirector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qr-redirector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qt-kentharadio-3a52346bbe93c0a607f0387208360f6f.yaml b/nuclei-templates/cve-less/plugins/qt-kentharadio-3a52346bbe93c0a607f0387208360f6f.yaml new file mode 100644 index 0000000000..c34a87082b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qt-kentharadio-3a52346bbe93c0a607f0387208360f6f.yaml @@ -0,0 +1,58 @@ +id: qt-kentharadio-3a52346bbe93c0a607f0387208360f6f + +info: + name: > + QT KenthaRadio < 2.0.2 & OnAir2 < 3.9.9.2 - Server-Side Request Forgery & Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93b5552e-bb24-4dfb-a779-8451f619ff50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qt-kentharadio/" + google-query: inurl:"/wp-content/plugins/qt-kentharadio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qt-kentharadio,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qt-kentharadio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qt-kentharadio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qtranslate-1a21904a7af165ae2d206e73642b0122.yaml b/nuclei-templates/cve-less/plugins/qtranslate-1a21904a7af165ae2d206e73642b0122.yaml new file mode 100644 index 0000000000..dfc45254c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qtranslate-1a21904a7af165ae2d206e73642b0122.yaml @@ -0,0 +1,58 @@ +id: qtranslate-1a21904a7af165ae2d206e73642b0122 + +info: + name: > + qTranslate <= 2.5.39 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec2da093-9f36-44c5-948b-590fd99734e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qtranslate/" + google-query: inurl:"/wp-content/plugins/qtranslate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qtranslate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qtranslate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qtranslate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qtranslate-bc3ead94b2639f49d2a3b634baef9593.yaml b/nuclei-templates/cve-less/plugins/qtranslate-bc3ead94b2639f49d2a3b634baef9593.yaml new file mode 100644 index 0000000000..c1f4f2f4c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qtranslate-bc3ead94b2639f49d2a3b634baef9593.yaml @@ -0,0 +1,58 @@ +id: qtranslate-bc3ead94b2639f49d2a3b634baef9593 + +info: + name: > + qTranslate <= 2.5.39 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fd1de2b-bb88-4f7c-b9eb-784eb7af17a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qtranslate/" + google-query: inurl:"/wp-content/plugins/qtranslate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qtranslate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qtranslate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qtranslate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qtranslate-slug-06390fac0ced660df846425f4aecaf69.yaml b/nuclei-templates/cve-less/plugins/qtranslate-slug-06390fac0ced660df846425f4aecaf69.yaml new file mode 100644 index 0000000000..2f564c7f9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qtranslate-slug-06390fac0ced660df846425f4aecaf69.yaml @@ -0,0 +1,58 @@ +id: qtranslate-slug-06390fac0ced660df846425f4aecaf69 + +info: + name: > + Qtranslate Slug <= 1.1.18 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d682596-c32d-4abd-ba39-b57fc45c9ce0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qtranslate-slug/" + google-query: inurl:"/wp-content/plugins/qtranslate-slug/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qtranslate-slug,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qtranslate-slug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qtranslate-slug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qtranslate-slug-d48b1b8c0f8a5de4fba0c27ae075681f.yaml b/nuclei-templates/cve-less/plugins/qtranslate-slug-d48b1b8c0f8a5de4fba0c27ae075681f.yaml new file mode 100644 index 0000000000..c4ce7b3c3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qtranslate-slug-d48b1b8c0f8a5de4fba0c27ae075681f.yaml @@ -0,0 +1,58 @@ +id: qtranslate-slug-d48b1b8c0f8a5de4fba0c27ae075681f + +info: + name: > + Qtranslate Slug <= 1.1.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a506ad5b-e88d-4264-84d7-fa6c41026c36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qtranslate-slug/" + google-query: inurl:"/wp-content/plugins/qtranslate-slug/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qtranslate-slug,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qtranslate-slug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qtranslate-slug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qtranslate-to-wpml-export-9583c7a118279761c36edb998dbf641d.yaml b/nuclei-templates/cve-less/plugins/qtranslate-to-wpml-export-9583c7a118279761c36edb998dbf641d.yaml new file mode 100644 index 0000000000..a2f0fb54c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qtranslate-to-wpml-export-9583c7a118279761c36edb998dbf641d.yaml @@ -0,0 +1,58 @@ +id: qtranslate-to-wpml-export-9583c7a118279761c36edb998dbf641d + +info: + name: > + qTranslate X Cleanup and WPML Import <= 3.0.1 - Missing Authorization via clean_ajx + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbe973a3-a8bf-4037-9067-7cc0987291fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qtranslate-to-wpml-export/" + google-query: inurl:"/wp-content/plugins/qtranslate-to-wpml-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qtranslate-to-wpml-export,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qtranslate-to-wpml-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qtranslate-to-wpml-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qtranslate-x-73d067013f68a47f6173cf4bf4742fbc.yaml b/nuclei-templates/cve-less/plugins/qtranslate-x-73d067013f68a47f6173cf4bf4742fbc.yaml new file mode 100644 index 0000000000..3deee7b251 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qtranslate-x-73d067013f68a47f6173cf4bf4742fbc.yaml @@ -0,0 +1,58 @@ +id: qtranslate-x-73d067013f68a47f6173cf4bf4742fbc + +info: + name: > + qTranslate X < 3.4.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1775a56e-3590-499e-89b6-79d69d80fa0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qtranslate-x/" + google-query: inurl:"/wp-content/plugins/qtranslate-x/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qtranslate-x,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qtranslate-x/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qtranslate-x" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quartz-1f86e582a713c3bd4333747ed30a9d68.yaml b/nuclei-templates/cve-less/plugins/quartz-1f86e582a713c3bd4333747ed30a9d68.yaml new file mode 100644 index 0000000000..79b99eb4ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quartz-1f86e582a713c3bd4333747ed30a9d68.yaml @@ -0,0 +1,58 @@ +id: quartz-1f86e582a713c3bd4333747ed30a9d68 + +info: + name: > + Quartz <= 1.01.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82246b72-3c29-4574-af86-d0435eecce5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quartz/" + google-query: inurl:"/wp-content/plugins/quartz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quartz,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quartz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quartz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.01.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quasar-form-88a3fac791c3551827ed85f785e74c8c.yaml b/nuclei-templates/cve-less/plugins/quasar-form-88a3fac791c3551827ed85f785e74c8c.yaml new file mode 100644 index 0000000000..574ea17d5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quasar-form-88a3fac791c3551827ed85f785e74c8c.yaml @@ -0,0 +1,58 @@ +id: quasar-form-88a3fac791c3551827ed85f785e74c8c + +info: + name: > + Quasar form <= 6.1 - Authenticated (Subscriber+) SQL Injection via 'id' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/150021d3-71bb-41c0-bb1c-5843e94ec0b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quasar-form/" + google-query: inurl:"/wp-content/plugins/quasar-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quasar-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quasar-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quasar-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qubely-6f075010900e43673686fc0d208260ff.yaml b/nuclei-templates/cve-less/plugins/qubely-6f075010900e43673686fc0d208260ff.yaml new file mode 100644 index 0000000000..677c3497fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qubely-6f075010900e43673686fc0d208260ff.yaml @@ -0,0 +1,58 @@ +id: qubely-6f075010900e43673686fc0d208260ff + +info: + name: > + Quebely <= 1.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'className' Block Option + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/991aefb4-2e6b-48e6-bd19-98b21a57f6db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qubely/" + google-query: inurl:"/wp-content/plugins/qubely/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qubely,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qubely/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qubely" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qubely-ac09455e90923727a5127092ab5cf052.yaml b/nuclei-templates/cve-less/plugins/qubely-ac09455e90923727a5127092ab5cf052.yaml new file mode 100644 index 0000000000..3e2546d343 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qubely-ac09455e90923727a5127092ab5cf052.yaml @@ -0,0 +1,58 @@ +id: qubely-ac09455e90923727a5127092ab5cf052 + +info: + name: > + Qubely <= 1.7.7 - Missing Authorization to Arbitrary Post Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b660260-e335-4be0-a266-0cdc9a4d7504?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qubely/" + google-query: inurl:"/wp-content/plugins/qubely/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qubely,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qubely/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qubely" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qubotchat-1b8adc4375e4968834c6e9a5908156bc.yaml b/nuclei-templates/cve-less/plugins/qubotchat-1b8adc4375e4968834c6e9a5908156bc.yaml new file mode 100644 index 0000000000..f215bf76e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qubotchat-1b8adc4375e4968834c6e9a5908156bc.yaml @@ -0,0 +1,58 @@ +id: qubotchat-1b8adc4375e4968834c6e9a5908156bc + +info: + name: > + QuBotChat <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45f98c00-0bfd-405e-a6b3-581841d803de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qubotchat/" + google-query: inurl:"/wp-content/plugins/qubotchat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qubotchat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qubotchat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qubotchat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qubotchat-f3d365dcf43ab1e2b6ca241869ef39d2.yaml b/nuclei-templates/cve-less/plugins/qubotchat-f3d365dcf43ab1e2b6ca241869ef39d2.yaml new file mode 100644 index 0000000000..5f706f1ba8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qubotchat-f3d365dcf43ab1e2b6ca241869ef39d2.yaml @@ -0,0 +1,58 @@ +id: qubotchat-f3d365dcf43ab1e2b6ca241869ef39d2 + +info: + name: > + QuBotChat <= 1.1.5 - Unauthenticated Self-Based Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd27aeb9-4257-4b15-8f14-8a8c89522c32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qubotchat/" + google-query: inurl:"/wp-content/plugins/qubotchat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qubotchat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qubotchat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qubotchat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/query-wrangler-67a6c3615087f3f1fcb723b7f2d140b4.yaml b/nuclei-templates/cve-less/plugins/query-wrangler-67a6c3615087f3f1fcb723b7f2d140b4.yaml new file mode 100644 index 0000000000..4839903b8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/query-wrangler-67a6c3615087f3f1fcb723b7f2d140b4.yaml @@ -0,0 +1,58 @@ +id: query-wrangler-67a6c3615087f3f1fcb723b7f2d140b4 + +info: + name: > + Query Wrangler <= 1.5.51 - Reflected Cross-Site Scripting via page parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c79d781e-4c11-43e9-8c5f-aa89e8fbf635?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/query-wrangler/" + google-query: inurl:"/wp-content/plugins/query-wrangler/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,query-wrangler,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/query-wrangler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "query-wrangler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/querywall-9ee0bf881f08cd3cb60239af7879852d.yaml b/nuclei-templates/cve-less/plugins/querywall-9ee0bf881f08cd3cb60239af7879852d.yaml new file mode 100644 index 0000000000..db33cd65f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/querywall-9ee0bf881f08cd3cb60239af7879852d.yaml @@ -0,0 +1,58 @@ +id: querywall-9ee0bf881f08cd3cb60239af7879852d + +info: + name: > + QueryWall <= 1.1.1 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/306c98ad-0d42-4ad5-b82a-bf4579865aa9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/querywall/" + google-query: inurl:"/wp-content/plugins/querywall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,querywall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/querywall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "querywall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-call-button-5e36e98c6255c04628e65e3d6f66d61f.yaml b/nuclei-templates/cve-less/plugins/quick-call-button-5e36e98c6255c04628e65e3d6f66d61f.yaml new file mode 100644 index 0000000000..42a4ec5433 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-call-button-5e36e98c6255c04628e65e3d6f66d61f.yaml @@ -0,0 +1,58 @@ +id: quick-call-button-5e36e98c6255c04628e65e3d6f66d61f + +info: + name: > + Quick Call Button <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b5e9c7f-e0c9-4c27-8b39-87e15fd29604?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-call-button/" + google-query: inurl:"/wp-content/plugins/quick-call-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-call-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-call-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-call-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-chat-0dc6cfa3fba0c385fc2da9ea78090e2f.yaml b/nuclei-templates/cve-less/plugins/quick-chat-0dc6cfa3fba0c385fc2da9ea78090e2f.yaml new file mode 100644 index 0000000000..5cbe404b8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-chat-0dc6cfa3fba0c385fc2da9ea78090e2f.yaml @@ -0,0 +1,58 @@ +id: quick-chat-0dc6cfa3fba0c385fc2da9ea78090e2f + +info: + name: > + Quick Chat <= 4.14 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac4de440-a446-4b96-ba9b-115e3186ce1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-chat/" + google-query: inurl:"/wp-content/plugins/quick-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-chat,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-chat-8cc73df94f56aa782250ddecf7e67823.yaml b/nuclei-templates/cve-less/plugins/quick-chat-8cc73df94f56aa782250ddecf7e67823.yaml new file mode 100644 index 0000000000..d9ea022ee5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-chat-8cc73df94f56aa782250ddecf7e67823.yaml @@ -0,0 +1,58 @@ +id: quick-chat-8cc73df94f56aa782250ddecf7e67823 + +info: + name: > + Quick Chat < 4.00 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4095518-0daf-4cfe-a521-86fb1c927f51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-chat/" + google-query: inurl:"/wp-content/plugins/quick-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-chat,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.00') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-chat-abc60569ec003973ef7bd7139d6a27ba.yaml b/nuclei-templates/cve-less/plugins/quick-chat-abc60569ec003973ef7bd7139d6a27ba.yaml new file mode 100644 index 0000000000..5a439868f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-chat-abc60569ec003973ef7bd7139d6a27ba.yaml @@ -0,0 +1,58 @@ +id: quick-chat-abc60569ec003973ef7bd7139d6a27ba + +info: + name: > + Quick Chat < 4.00 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8effa36-de47-4a24-af76-fb10e9f6da0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-chat/" + google-query: inurl:"/wp-content/plugins/quick-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-chat,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.00') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-contact-form-62b74eeb9a66bc4a3cf51fa299ef8a9e.yaml b/nuclei-templates/cve-less/plugins/quick-contact-form-62b74eeb9a66bc4a3cf51fa299ef8a9e.yaml new file mode 100644 index 0000000000..c008483cac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-contact-form-62b74eeb9a66bc4a3cf51fa299ef8a9e.yaml @@ -0,0 +1,58 @@ +id: quick-contact-form-62b74eeb9a66bc4a3cf51fa299ef8a9e + +info: + name: > + Quick Contact Form <= 8.0.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90654fac-b9c7-422f-8472-2a7c7fd0de0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-contact-form/" + google-query: inurl:"/wp-content/plugins/quick-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-contact-form-ce6b524d26d0001f570c1800dff1d295.yaml b/nuclei-templates/cve-less/plugins/quick-contact-form-ce6b524d26d0001f570c1800dff1d295.yaml new file mode 100644 index 0000000000..f821426596 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-contact-form-ce6b524d26d0001f570c1800dff1d295.yaml @@ -0,0 +1,58 @@ +id: quick-contact-form-ce6b524d26d0001f570c1800dff1d295 + +info: + name: > + Quick Contact Form <= 8.0.3.1 - Cross-Site Request Forgery to Sensitive Information Disclosure + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b930ddd7-a2a3-4b83-a1a6-ea08bbcb07a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-contact-form/" + google-query: inurl:"/wp-content/plugins/quick-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-contact-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-contact-form-f442fd7af4f1450884ccd37204471581.yaml b/nuclei-templates/cve-less/plugins/quick-contact-form-f442fd7af4f1450884ccd37204471581.yaml new file mode 100644 index 0000000000..75600cdfc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-contact-form-f442fd7af4f1450884ccd37204471581.yaml @@ -0,0 +1,58 @@ +id: quick-contact-form-f442fd7af4f1450884ccd37204471581 + +info: + name: > + Quick Contact Form <= 8.0.3.1 - Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b5e86be-8a35-48d8-a676-9f7074b81cb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-contact-form/" + google-query: inurl:"/wp-content/plugins/quick-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-edit-template-link-4d297c80a42418395b04392e5878bdbd.yaml b/nuclei-templates/cve-less/plugins/quick-edit-template-link-4d297c80a42418395b04392e5878bdbd.yaml new file mode 100644 index 0000000000..45ec6412f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-edit-template-link-4d297c80a42418395b04392e5878bdbd.yaml @@ -0,0 +1,58 @@ +id: quick-edit-template-link-4d297c80a42418395b04392e5878bdbd + +info: + name: > + Template Debugger <= 3.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8da0fed9-4b88-4b68-b317-124fe678cfa4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-edit-template-link/" + google-query: inurl:"/wp-content/plugins/quick-edit-template-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-edit-template-link,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-edit-template-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-edit-template-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-event-manager-54c83422727dbe8ec911e59f2a60998f.yaml b/nuclei-templates/cve-less/plugins/quick-event-manager-54c83422727dbe8ec911e59f2a60998f.yaml new file mode 100644 index 0000000000..1c8139e17a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-event-manager-54c83422727dbe8ec911e59f2a60998f.yaml @@ -0,0 +1,58 @@ +id: quick-event-manager-54c83422727dbe8ec911e59f2a60998f + +info: + name: > + Quick Event Manager <= 9.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8962c601-2c2c-4b96-b8a4-fdc2ad8a2c08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-event-manager/" + google-query: inurl:"/wp-content/plugins/quick-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-event-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-event-manager-62435dbb476a65fcd06c2741817e8fae.yaml b/nuclei-templates/cve-less/plugins/quick-event-manager-62435dbb476a65fcd06c2741817e8fae.yaml new file mode 100644 index 0000000000..bb5530bb3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-event-manager-62435dbb476a65fcd06c2741817e8fae.yaml @@ -0,0 +1,58 @@ +id: quick-event-manager-62435dbb476a65fcd06c2741817e8fae + +info: + name: > + Quick Event Manager <= 9.7.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8f008c6-42c6-40c3-9058-d8812ec40bef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-event-manager/" + google-query: inurl:"/wp-content/plugins/quick-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-event-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 9.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-event-manager-8d27ee0724391ce9a1b74bd9a604ecbc.yaml b/nuclei-templates/cve-less/plugins/quick-event-manager-8d27ee0724391ce9a1b74bd9a604ecbc.yaml new file mode 100644 index 0000000000..82101961ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-event-manager-8d27ee0724391ce9a1b74bd9a604ecbc.yaml @@ -0,0 +1,58 @@ +id: quick-event-manager-8d27ee0724391ce9a1b74bd9a604ecbc + +info: + name: > + Quick Event Manager <= 9.7.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d26e8b21-fa9e-4dfe-a095-5c9f74d968f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-event-manager/" + google-query: inurl:"/wp-content/plugins/quick-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-event-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-event-manager-cb184c0a5bf632bde9de97505ce638ee.yaml b/nuclei-templates/cve-less/plugins/quick-event-manager-cb184c0a5bf632bde9de97505ce638ee.yaml new file mode 100644 index 0000000000..4779682c98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-event-manager-cb184c0a5bf632bde9de97505ce638ee.yaml @@ -0,0 +1,58 @@ +id: quick-event-manager-cb184c0a5bf632bde9de97505ce638ee + +info: + name: > + Quick Event Manager <= 9.7.4 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53199f3c-80d1-4c4e-93ef-8a234ba8ba85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-event-manager/" + google-query: inurl:"/wp-content/plugins/quick-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-event-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-event-manager-d0fba4b305c548a881378b07e2028d26.yaml b/nuclei-templates/cve-less/plugins/quick-event-manager-d0fba4b305c548a881378b07e2028d26.yaml new file mode 100644 index 0000000000..e97b8953fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-event-manager-d0fba4b305c548a881378b07e2028d26.yaml @@ -0,0 +1,58 @@ +id: quick-event-manager-d0fba4b305c548a881378b07e2028d26 + +info: + name: > + Quick Event Manager <= 9.7.4 - Unauthenticated Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/835f6efd-636e-411f-97a1-fa14b9a629b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-event-manager/" + google-query: inurl:"/wp-content/plugins/quick-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-event-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-featured-images-5decd5b15e9e99b50c1cb7b49d2f0314.yaml b/nuclei-templates/cve-less/plugins/quick-featured-images-5decd5b15e9e99b50c1cb7b49d2f0314.yaml new file mode 100644 index 0000000000..7304568546 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-featured-images-5decd5b15e9e99b50c1cb7b49d2f0314.yaml @@ -0,0 +1,58 @@ +id: quick-featured-images-5decd5b15e9e99b50c1cb7b49d2f0314 + +info: + name: > + Quick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dbbd1a0-de05-4510-b06b-8bc396b65a97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-featured-images/" + google-query: inurl:"/wp-content/plugins/quick-featured-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-featured-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-featured-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-featured-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-interest-slider-38cb5c8ab728ac8718e42eee958aba2f.yaml b/nuclei-templates/cve-less/plugins/quick-interest-slider-38cb5c8ab728ac8718e42eee958aba2f.yaml new file mode 100644 index 0000000000..2ad2797a62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-interest-slider-38cb5c8ab728ac8718e42eee958aba2f.yaml @@ -0,0 +1,58 @@ +id: quick-interest-slider-38cb5c8ab728ac8718e42eee958aba2f + +info: + name: > + Loan Repayment Calculator and Application Form <= 2.9.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08b8f1ad-f616-4ceb-9c53-9d53aac370c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-interest-slider/" + google-query: inurl:"/wp-content/plugins/quick-interest-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-interest-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-interest-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-interest-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-interest-slider-c0866523c68fe7ee32f439546ea1ce87.yaml b/nuclei-templates/cve-less/plugins/quick-interest-slider-c0866523c68fe7ee32f439546ea1ce87.yaml new file mode 100644 index 0000000000..62ca9a2018 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-interest-slider-c0866523c68fe7ee32f439546ea1ce87.yaml @@ -0,0 +1,58 @@ +id: quick-interest-slider-c0866523c68fe7ee32f439546ea1ce87 + +info: + name: > + Loan Repayment Calculator and Application Form <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8756fb7-ee15-4fc7-b5bd-b4f2e64f8e6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-interest-slider/" + google-query: inurl:"/wp-content/plugins/quick-interest-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-interest-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-interest-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-interest-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-pagepost-redirect-plugin-2b5c6ad57482cc18f3496406a2a98d3b.yaml b/nuclei-templates/cve-less/plugins/quick-pagepost-redirect-plugin-2b5c6ad57482cc18f3496406a2a98d3b.yaml new file mode 100644 index 0000000000..20c5e0e01d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-pagepost-redirect-plugin-2b5c6ad57482cc18f3496406a2a98d3b.yaml @@ -0,0 +1,58 @@ +id: quick-pagepost-redirect-plugin-2b5c6ad57482cc18f3496406a2a98d3b + +info: + name: > + Quick Page/Post Redirect Plugin < 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b6e9430-bb78-47c3-9958-4f40028c3d93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-pagepost-redirect-plugin/" + google-query: inurl:"/wp-content/plugins/quick-pagepost-redirect-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-pagepost-redirect-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-pagepost-redirect-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-pagepost-redirect-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-pagepost-redirect-plugin-5475b95f6d45498a4d0880aced5c1162.yaml b/nuclei-templates/cve-less/plugins/quick-pagepost-redirect-plugin-5475b95f6d45498a4d0880aced5c1162.yaml new file mode 100644 index 0000000000..06fc24474e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-pagepost-redirect-plugin-5475b95f6d45498a4d0880aced5c1162.yaml @@ -0,0 +1,58 @@ +id: quick-pagepost-redirect-plugin-5475b95f6d45498a4d0880aced5c1162 + +info: + name: > + Quick Page/Post Redirect Plugin <= 5.1.9 - Redirect Security Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11c4b855-8589-4ad2-b414-566ac8eb4632?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-pagepost-redirect-plugin/" + google-query: inurl:"/wp-content/plugins/quick-pagepost-redirect-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-pagepost-redirect-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-pagepost-redirect-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-pagepost-redirect-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-pagepost-redirect-plugin-9f2f326dd2b99a9ab7152b99b148e34c.yaml b/nuclei-templates/cve-less/plugins/quick-pagepost-redirect-plugin-9f2f326dd2b99a9ab7152b99b148e34c.yaml new file mode 100644 index 0000000000..789a4e1b19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-pagepost-redirect-plugin-9f2f326dd2b99a9ab7152b99b148e34c.yaml @@ -0,0 +1,58 @@ +id: quick-pagepost-redirect-plugin-9f2f326dd2b99a9ab7152b99b148e34c + +info: + name: > + Quick Page/Post Redirect <= 5.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be841d6b-e3b6-46d2-aba8-fee20c21e933?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-pagepost-redirect-plugin/" + google-query: inurl:"/wp-content/plugins/quick-pagepost-redirect-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-pagepost-redirect-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-pagepost-redirect-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-pagepost-redirect-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-paypal-payments-ac00155c6073a79243073e436990a17b.yaml b/nuclei-templates/cve-less/plugins/quick-paypal-payments-ac00155c6073a79243073e436990a17b.yaml new file mode 100644 index 0000000000..295cf2e938 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-paypal-payments-ac00155c6073a79243073e436990a17b.yaml @@ -0,0 +1,58 @@ +id: quick-paypal-payments-ac00155c6073a79243073e436990a17b + +info: + name: > + Quick Paypal Payments <= 5.7.25 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99e61ed1-df56-4e95-b4f9-3027ee7b7793?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-paypal-payments/" + google-query: inurl:"/wp-content/plugins/quick-paypal-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-paypal-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-paypal-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-paypal-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-paypal-payments-ae8fa78ab666a9d6da1d3e3cf8461322.yaml b/nuclei-templates/cve-less/plugins/quick-paypal-payments-ae8fa78ab666a9d6da1d3e3cf8461322.yaml new file mode 100644 index 0000000000..e5c3a4c777 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-paypal-payments-ae8fa78ab666a9d6da1d3e3cf8461322.yaml @@ -0,0 +1,58 @@ +id: quick-paypal-payments-ae8fa78ab666a9d6da1d3e3cf8461322 + +info: + name: > + Quick Paypal Payments <= 5.7.25 - Unauthenticated Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3a670f7-7eca-4e66-9bc9-3c1e92b0c8d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-paypal-payments/" + google-query: inurl:"/wp-content/plugins/quick-paypal-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-paypal-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-paypal-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-paypal-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.7.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-paypal-payments-be3c32e9604f247b7cd8b895cd2961c3.yaml b/nuclei-templates/cve-less/plugins/quick-paypal-payments-be3c32e9604f247b7cd8b895cd2961c3.yaml new file mode 100644 index 0000000000..92de679c5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-paypal-payments-be3c32e9604f247b7cd8b895cd2961c3.yaml @@ -0,0 +1,58 @@ +id: quick-paypal-payments-be3c32e9604f247b7cd8b895cd2961c3 + +info: + name: > + Quick Paypal Payments <= 5.7.25 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8133d84-e28c-4132-9eb5-941800320f84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-paypal-payments/" + google-query: inurl:"/wp-content/plugins/quick-paypal-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-paypal-payments,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-paypal-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-paypal-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-paypal-payments-c39c9d651b411fa109fee2b8c3a1d9b8.yaml b/nuclei-templates/cve-less/plugins/quick-paypal-payments-c39c9d651b411fa109fee2b8c3a1d9b8.yaml new file mode 100644 index 0000000000..73dcdfda7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-paypal-payments-c39c9d651b411fa109fee2b8c3a1d9b8.yaml @@ -0,0 +1,58 @@ +id: quick-paypal-payments-c39c9d651b411fa109fee2b8c3a1d9b8 + +info: + name: > + Quick Paypal Payments <= 5.7.25 - Authenticated (Contributor+) Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b36303d6-ad28-4354-9f60-acc7df15f468?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-paypal-payments/" + google-query: inurl:"/wp-content/plugins/quick-paypal-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-paypal-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-paypal-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-paypal-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-paypal-payments-e5b4920cbbb8f5f8f7e1a259b30101c9.yaml b/nuclei-templates/cve-less/plugins/quick-paypal-payments-e5b4920cbbb8f5f8f7e1a259b30101c9.yaml new file mode 100644 index 0000000000..67b7365967 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-paypal-payments-e5b4920cbbb8f5f8f7e1a259b30101c9.yaml @@ -0,0 +1,58 @@ +id: quick-paypal-payments-e5b4920cbbb8f5f8f7e1a259b30101c9 + +info: + name: > + Quick Paypal Payments <= 5.7.26.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a507489-f337-4b47-9506-daea1b426798?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-paypal-payments/" + google-query: inurl:"/wp-content/plugins/quick-paypal-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-paypal-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-paypal-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-paypal-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.26.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-post-widget-ab4d33853504febd7c01f9cee8c9c3d2.yaml b/nuclei-templates/cve-less/plugins/quick-post-widget-ab4d33853504febd7c01f9cee8c9c3d2.yaml new file mode 100644 index 0000000000..243a85f6e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-post-widget-ab4d33853504febd7c01f9cee8c9c3d2.yaml @@ -0,0 +1,58 @@ +id: quick-post-widget-ab4d33853504febd7c01f9cee8c9c3d2 + +info: + name: > + Quick Post Widget <= 1.9.1 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cf10ed7-7248-4dfd-b7ee-13cea3ee2154?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-post-widget/" + google-query: inurl:"/wp-content/plugins/quick-post-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-post-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-post-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-post-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-restaurant-menu-380da9e03ed91b4a26ee23da1fdb68e1.yaml b/nuclei-templates/cve-less/plugins/quick-restaurant-menu-380da9e03ed91b4a26ee23da1fdb68e1.yaml new file mode 100644 index 0000000000..1d0e799eac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-restaurant-menu-380da9e03ed91b4a26ee23da1fdb68e1.yaml @@ -0,0 +1,58 @@ +id: quick-restaurant-menu-380da9e03ed91b4a26ee23da1fdb68e1 + +info: + name: > + Quick Restaurant Menu <= 2.0.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97984c7d-d6ff-480c-acfe-20ab0eb04141?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-restaurant-menu/" + google-query: inurl:"/wp-content/plugins/quick-restaurant-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-restaurant-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-restaurant-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-restaurant-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-restaurant-menu-608358cb0a02728075caac1560a96687.yaml b/nuclei-templates/cve-less/plugins/quick-restaurant-menu-608358cb0a02728075caac1560a96687.yaml new file mode 100644 index 0000000000..7c31a40b85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-restaurant-menu-608358cb0a02728075caac1560a96687.yaml @@ -0,0 +1,58 @@ +id: quick-restaurant-menu-608358cb0a02728075caac1560a96687 + +info: + name: > + Quick Restaurant Menu <= 2.0.2 - Authenticated (Administrator+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfd8a6a4-9159-480f-abe2-71972585217b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-restaurant-menu/" + google-query: inurl:"/wp-content/plugins/quick-restaurant-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-restaurant-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-restaurant-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-restaurant-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-restaurant-menu-afdcbe4c6f5ebc0939cff7424649942e.yaml b/nuclei-templates/cve-less/plugins/quick-restaurant-menu-afdcbe4c6f5ebc0939cff7424649942e.yaml new file mode 100644 index 0000000000..9588aec24c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-restaurant-menu-afdcbe4c6f5ebc0939cff7424649942e.yaml @@ -0,0 +1,58 @@ +id: quick-restaurant-menu-afdcbe4c6f5ebc0939cff7424649942e + +info: + name: > + Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faa4fba5-cd19-4b96-aa09-07ed6d52a107?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-restaurant-menu/" + google-query: inurl:"/wp-content/plugins/quick-restaurant-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-restaurant-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-restaurant-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-restaurant-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-restaurant-menu-f4c35f9c74d06655cf517936ec3bc387.yaml b/nuclei-templates/cve-less/plugins/quick-restaurant-menu-f4c35f9c74d06655cf517936ec3bc387.yaml new file mode 100644 index 0000000000..684c95e850 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-restaurant-menu-f4c35f9c74d06655cf517936ec3bc387.yaml @@ -0,0 +1,58 @@ +id: quick-restaurant-menu-f4c35f9c74d06655cf517936ec3bc387 + +info: + name: > + Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfc7c214-8d76-453c-a05d-682aa425b06e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-restaurant-menu/" + google-query: inurl:"/wp-content/plugins/quick-restaurant-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-restaurant-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-restaurant-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-restaurant-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-restaurant-reservations-471137e11c9f1e10b7cb270b58e41353.yaml b/nuclei-templates/cve-less/plugins/quick-restaurant-reservations-471137e11c9f1e10b7cb270b58e41353.yaml new file mode 100644 index 0000000000..3bf1a55aeb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-restaurant-reservations-471137e11c9f1e10b7cb270b58e41353.yaml @@ -0,0 +1,58 @@ +id: quick-restaurant-reservations-471137e11c9f1e10b7cb270b58e41353 + +info: + name: > + Quick Restaurant Reservations <= 1.4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7da2b5d-8e0c-492a-a6a6-7302cd277d0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-restaurant-reservations/" + google-query: inurl:"/wp-content/plugins/quick-restaurant-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-restaurant-reservations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-restaurant-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-restaurant-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-restaurant-reservations-bcb8383c6f8589761d6cb6fb2a6e00e4.yaml b/nuclei-templates/cve-less/plugins/quick-restaurant-reservations-bcb8383c6f8589761d6cb6fb2a6e00e4.yaml new file mode 100644 index 0000000000..e061289978 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-restaurant-reservations-bcb8383c6f8589761d6cb6fb2a6e00e4.yaml @@ -0,0 +1,58 @@ +id: quick-restaurant-reservations-bcb8383c6f8589761d6cb6fb2a6e00e4 + +info: + name: > + Quick Restaurant Reservations <= 1.5.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/801b593c-2822-4ac4-8411-29ef1e1484b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-restaurant-reservations/" + google-query: inurl:"/wp-content/plugins/quick-restaurant-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-restaurant-reservations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-restaurant-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-restaurant-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-subscribe-acd84f5e4cde82a402d1c05f1e4adf06.yaml b/nuclei-templates/cve-less/plugins/quick-subscribe-acd84f5e4cde82a402d1c05f1e4adf06.yaml new file mode 100644 index 0000000000..d2c3b3b951 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-subscribe-acd84f5e4cde82a402d1c05f1e4adf06.yaml @@ -0,0 +1,58 @@ +id: quick-subscribe-acd84f5e4cde82a402d1c05f1e4adf06 + +info: + name: > + Quick Subscribe <= 1.7.1 - Cross-Site Request Forgery to Arbitrary Settings Update and Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa916029-b526-4ff3-ba70-2875b62d33a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-subscribe/" + google-query: inurl:"/wp-content/plugins/quick-subscribe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-subscribe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-subscribe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-subscribe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quick-view-and-buy-now-for-woocommerce-66d0aaa8dc75cc7c0b323f4705b3d63d.yaml b/nuclei-templates/cve-less/plugins/quick-view-and-buy-now-for-woocommerce-66d0aaa8dc75cc7c0b323f4705b3d63d.yaml new file mode 100644 index 0000000000..39f84d8ca2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quick-view-and-buy-now-for-woocommerce-66d0aaa8dc75cc7c0b323f4705b3d63d.yaml @@ -0,0 +1,58 @@ +id: quick-view-and-buy-now-for-woocommerce-66d0aaa8dc75cc7c0b323f4705b3d63d + +info: + name: > + Direct Checkout – Quick View – Buy Now For WooCommerce <= 1.5.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Custom CSS Code + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/514aa001-24c8-4624-8e25-f17b8454354c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quick-view-and-buy-now-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/quick-view-and-buy-now-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quick-view-and-buy-now-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quick-view-and-buy-now-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quick-view-and-buy-now-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quicksand-jquery-post-filter-2088a48130abc94abb1d3c3504ebe491.yaml b/nuclei-templates/cve-less/plugins/quicksand-jquery-post-filter-2088a48130abc94abb1d3c3504ebe491.yaml new file mode 100644 index 0000000000..7a58db56fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quicksand-jquery-post-filter-2088a48130abc94abb1d3c3504ebe491.yaml @@ -0,0 +1,58 @@ +id: quicksand-jquery-post-filter-2088a48130abc94abb1d3c3504ebe491 + +info: + name: > + Quicksand Post Filter jQuery Plugin <= 3.1.1 - Cross-Site Request Forgery via renderAdmin + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dd63ea6-7821-42b8-9b52-e721a8b2382d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quicksand-jquery-post-filter/" + google-query: inurl:"/wp-content/plugins/quicksand-jquery-post-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quicksand-jquery-post-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quicksand-jquery-post-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quicksand-jquery-post-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quicksand-jquery-post-filter-bf3863997447d609f7f8dc8d30e7d4d2.yaml b/nuclei-templates/cve-less/plugins/quicksand-jquery-post-filter-bf3863997447d609f7f8dc8d30e7d4d2.yaml new file mode 100644 index 0000000000..29aa66b649 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quicksand-jquery-post-filter-bf3863997447d609f7f8dc8d30e7d4d2.yaml @@ -0,0 +1,58 @@ +id: quicksand-jquery-post-filter-bf3863997447d609f7f8dc8d30e7d4d2 + +info: + name: > + Quicksand Post Filter jQuery Plugin <= 3.1.1 - Missing Authorization via quicksand_admin_ajax + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6f3b765-396f-422f-864d-a48bee8c69cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quicksand-jquery-post-filter/" + google-query: inurl:"/wp-content/plugins/quicksand-jquery-post-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quicksand-jquery-post-filter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quicksand-jquery-post-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quicksand-jquery-post-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quickswish-16e0560ff9c94eb90a6a00b414476508.yaml b/nuclei-templates/cve-less/plugins/quickswish-16e0560ff9c94eb90a6a00b414476508.yaml new file mode 100644 index 0000000000..32f9a3ad20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quickswish-16e0560ff9c94eb90a6a00b414476508.yaml @@ -0,0 +1,58 @@ +id: quickswish-16e0560ff9c94eb90a6a00b414476508 + +info: + name: > + QuickSwish <= 1.0.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b594b771-4d0b-46e1-b4c6-751c994992af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quickswish/" + google-query: inurl:"/wp-content/plugins/quickswish/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quickswish,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quickswish/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quickswish" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quillforms-b2aa6adf9a3ecfeb3a1e73b7feaface1.yaml b/nuclei-templates/cve-less/plugins/quillforms-b2aa6adf9a3ecfeb3a1e73b7feaface1.yaml new file mode 100644 index 0000000000..e09ee7a0d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quillforms-b2aa6adf9a3ecfeb3a1e73b7feaface1.yaml @@ -0,0 +1,58 @@ +id: quillforms-b2aa6adf9a3ecfeb3a1e73b7feaface1 + +info: + name: > + Quill Forms <= 3.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6846688-5716-4b22-8a1d-b96b230b0742?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quillforms/" + google-query: inurl:"/wp-content/plugins/quillforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quillforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quillforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quillforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quillforms-e52f401dadeba42db0e156f089227a37.yaml b/nuclei-templates/cve-less/plugins/quillforms-e52f401dadeba42db0e156f089227a37.yaml new file mode 100644 index 0000000000..fc6d721471 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quillforms-e52f401dadeba42db0e156f089227a37.yaml @@ -0,0 +1,58 @@ +id: quillforms-e52f401dadeba42db0e156f089227a37 + +info: + name: > + Quill Forms <= 3.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea4617a-6211-4f8d-ab51-10ca509aaacf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quillforms/" + google-query: inurl:"/wp-content/plugins/quillforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quillforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quillforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quillforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-expert-389af6c33829297aca423fb16f20d755.yaml b/nuclei-templates/cve-less/plugins/quiz-expert-389af6c33829297aca423fb16f20d755.yaml new file mode 100644 index 0000000000..c8b4356e9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-expert-389af6c33829297aca423fb16f20d755.yaml @@ -0,0 +1,58 @@ +id: quiz-expert-389af6c33829297aca423fb16f20d755 + +info: + name: > + Quiz Expert – Easy Quiz Maker, Exam and Test Manager <= 1.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32ee3eb8-18b7-47da-b4f9-cb252ffabc71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-expert/" + google-query: inurl:"/wp-content/plugins/quiz-expert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-expert,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-expert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-expert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-maker-35ccb571fab7efd2bc565db8cbe0afc7.yaml b/nuclei-templates/cve-less/plugins/quiz-maker-35ccb571fab7efd2bc565db8cbe0afc7.yaml new file mode 100644 index 0000000000..cc1c27da2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-maker-35ccb571fab7efd2bc565db8cbe0afc7.yaml @@ -0,0 +1,58 @@ +id: quiz-maker-35ccb571fab7efd2bc565db8cbe0afc7 + +info: + name: > + Quiz Maker <= 6.5.0.5 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e177e54-1a17-49d3-85b5-e4c6bf154320?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-maker/" + google-query: inurl:"/wp-content/plugins/quiz-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-maker-64b00495d7288bbf7260545472f9a87a.yaml b/nuclei-templates/cve-less/plugins/quiz-maker-64b00495d7288bbf7260545472f9a87a.yaml new file mode 100644 index 0000000000..57523f68e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-maker-64b00495d7288bbf7260545472f9a87a.yaml @@ -0,0 +1,58 @@ +id: quiz-maker-64b00495d7288bbf7260545472f9a87a + +info: + name: > + Quiz Maker <= 6.5.2.4 - Missing Authorization to Unauthenticated Quiz Data Retrieval + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/602df370-cd5b-46dc-a653-6522aef0c62f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-maker/" + google-query: inurl:"/wp-content/plugins/quiz-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-maker-8a965e61f7a81d40e758e9b24cfff6a0.yaml b/nuclei-templates/cve-less/plugins/quiz-maker-8a965e61f7a81d40e758e9b24cfff6a0.yaml new file mode 100644 index 0000000000..32c6e35d32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-maker-8a965e61f7a81d40e758e9b24cfff6a0.yaml @@ -0,0 +1,58 @@ +id: quiz-maker-8a965e61f7a81d40e758e9b24cfff6a0 + +info: + name: > + Quiz Maker <= 6.4.2.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f70d0bea-3ac2-4235-92a2-09458b85bddd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-maker/" + google-query: inurl:"/wp-content/plugins/quiz-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-maker-933559cdad5a8cb46fa09f456890e810.yaml b/nuclei-templates/cve-less/plugins/quiz-maker-933559cdad5a8cb46fa09f456890e810.yaml new file mode 100644 index 0000000000..ebb2b3c996 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-maker-933559cdad5a8cb46fa09f456890e810.yaml @@ -0,0 +1,58 @@ +id: quiz-maker-933559cdad5a8cb46fa09f456890e810 + +info: + name: > + Quiz Maker <= 6.4.9.4 - Missing Authorization to Email Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96bc27f3-6aa4-4119-9978-5e9dee5f1796?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-maker/" + google-query: inurl:"/wp-content/plugins/quiz-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-maker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-maker-a72cf1044ce793e721c265e19c02178a.yaml b/nuclei-templates/cve-less/plugins/quiz-maker-a72cf1044ce793e721c265e19c02178a.yaml new file mode 100644 index 0000000000..06facf6287 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-maker-a72cf1044ce793e721c265e19c02178a.yaml @@ -0,0 +1,58 @@ +id: quiz-maker-a72cf1044ce793e721c265e19c02178a + +info: + name: > + Quiz Maker <= 6.2.0.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b3acc5f-b2a5-4e7b-a596-9a934fe6ff87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-maker/" + google-query: inurl:"/wp-content/plugins/quiz-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-maker,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-maker-bd82d97465f017d9a9f8d8b408f50f76.yaml b/nuclei-templates/cve-less/plugins/quiz-maker-bd82d97465f017d9a9f8d8b408f50f76.yaml new file mode 100644 index 0000000000..9f2440ae6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-maker-bd82d97465f017d9a9f8d8b408f50f76.yaml @@ -0,0 +1,58 @@ +id: quiz-maker-bd82d97465f017d9a9f8d8b408f50f76 + +info: + name: > + Quiz Maker <= 6.4.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67678796-61d4-423f-b8f4-3f5667184d06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-maker/" + google-query: inurl:"/wp-content/plugins/quiz-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-maker-dd16f95f6d8f39d62500d48f9193456c.yaml b/nuclei-templates/cve-less/plugins/quiz-maker-dd16f95f6d8f39d62500d48f9193456c.yaml new file mode 100644 index 0000000000..8f41fadabc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-maker-dd16f95f6d8f39d62500d48f9193456c.yaml @@ -0,0 +1,58 @@ +id: quiz-maker-dd16f95f6d8f39d62500d48f9193456c + +info: + name: > + Quiz Maker <= 6.5.1.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e62f27b-c6b0-48ed-bfd7-a1893552eb3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-maker/" + google-query: inurl:"/wp-content/plugins/quiz-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-maker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-maker-ddce93e1ec5dbf71b7783f859c8be22b.yaml b/nuclei-templates/cve-less/plugins/quiz-maker-ddce93e1ec5dbf71b7783f859c8be22b.yaml new file mode 100644 index 0000000000..95eb438608 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-maker-ddce93e1ec5dbf71b7783f859c8be22b.yaml @@ -0,0 +1,58 @@ +id: quiz-maker-ddce93e1ec5dbf71b7783f859c8be22b + +info: + name: > + Quiz Maker <= 6.3.9.4 - Content Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e285ce1-0896-4eef-aa83-59fb6641960b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-maker/" + google-query: inurl:"/wp-content/plugins/quiz-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-maker-e8c4ecddb52fde1de74da4b2c7a57560.yaml b/nuclei-templates/cve-less/plugins/quiz-maker-e8c4ecddb52fde1de74da4b2c7a57560.yaml new file mode 100644 index 0000000000..0077898ea7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-maker-e8c4ecddb52fde1de74da4b2c7a57560.yaml @@ -0,0 +1,58 @@ +id: quiz-maker-e8c4ecddb52fde1de74da4b2c7a57560 + +info: + name: > + Quiz Maker <= 6.5.2.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Creation & Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ba2b270-5f02-4cd8-8a22-1723c3873d67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-maker/" + google-query: inurl:"/wp-content/plugins/quiz-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-070ef3fbf8c5c19235dc610987639500.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-070ef3fbf8c5c19235dc610987639500.yaml new file mode 100644 index 0000000000..21146afdf5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-070ef3fbf8c5c19235dc610987639500.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-070ef3fbf8c5c19235dc610987639500 + +info: + name: > + Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c75e6d27-7f6b-4bec-b653-c2024504f427?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-1bd2c64c3515a166f1356799c13010c5.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-1bd2c64c3515a166f1356799c13010c5.yaml new file mode 100644 index 0000000000..89178f6592 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-1bd2c64c3515a166f1356799c13010c5.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-1bd2c64c3515a166f1356799c13010c5 + +info: + name: > + Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b901b3f8-8bbd-42ef-8e0c-de6d09c4950f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-1cb4591e0480a2550d32c48672d101ca.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-1cb4591e0480a2550d32c48672d101ca.yaml new file mode 100644 index 0000000000..6f7ebdc37f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-1cb4591e0480a2550d32c48672d101ca.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-1cb4591e0480a2550d32c48672d101ca + +info: + name: > + Quiz And Survey Master <= 7.3.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2c88c5a-ea87-4aab-a0ce-8246e5cb540a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-20fec9c706022c27227f812437225b4b.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-20fec9c706022c27227f812437225b4b.yaml new file mode 100644 index 0000000000..e81e857ee8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-20fec9c706022c27227f812437225b4b.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-20fec9c706022c27227f812437225b4b + +info: + name: > + Quiz and Survey Master <= 7.1.13 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fca4040d-3c6c-4e31-9bed-d1b6bf5b2bed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-4023135654a032018b1b7ca568ed38d7.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-4023135654a032018b1b7ca568ed38d7.yaml new file mode 100644 index 0000000000..f4e7ad5a2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-4023135654a032018b1b7ca568ed38d7.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-4023135654a032018b1b7ca568ed38d7 + +info: + name: > + Quiz And Survey Master <= 7.3.4 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2085c9a3-1cc7-4750-875e-d20c7f94bb78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-4221c767cd86a7aece637717d70dec97.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-4221c767cd86a7aece637717d70dec97.yaml new file mode 100644 index 0000000000..1bc7dd0f87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-4221c767cd86a7aece637717d70dec97.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-4221c767cd86a7aece637717d70dec97 + +info: + name: > + Quiz And Survey Master <= 8.1.10 - Excessive Quiz Attempts + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80399759-88dd-478d-a20e-04e8750e12c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-5c16a4a40c0341b380c1079e60c3c420.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-5c16a4a40c0341b380c1079e60c3c420.yaml new file mode 100644 index 0000000000..c91cbd69c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-5c16a4a40c0341b380c1079e60c3c420.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-5c16a4a40c0341b380c1079e60c3c420 + +info: + name: > + Quiz And Survey Master <= 8.0.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88dc4a77-0d81-4d90-9a43-cc4d3055e39c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-63d1e14f304a4cf01bbcbf655abc19a8.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-63d1e14f304a4cf01bbcbf655abc19a8.yaml new file mode 100644 index 0000000000..389a92f078 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-63d1e14f304a4cf01bbcbf655abc19a8.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-63d1e14f304a4cf01bbcbf655abc19a8 + +info: + name: > + Quiz And Survey Master <= 8.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e31d8218-5e04-44a1-89aa-f93e9677680b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-658febabd8f8ee9b00c71e69efcbac2c.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-658febabd8f8ee9b00c71e69efcbac2c.yaml new file mode 100644 index 0000000000..1eabb92a09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-658febabd8f8ee9b00c71e69efcbac2c.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-658febabd8f8ee9b00c71e69efcbac2c + +info: + name: > + Quiz And Survey Master <= 4.7.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ececa0ea-3d44-4b1b-b962-809a8b24c890?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-6943a5c5894e8c0c6d2e210f5f6691a1.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-6943a5c5894e8c0c6d2e210f5f6691a1.yaml new file mode 100644 index 0000000000..bcd4b56907 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-6943a5c5894e8c0c6d2e210f5f6691a1.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-6943a5c5894e8c0c6d2e210f5f6691a1 + +info: + name: > + Quiz And Survey Master <= 7.3.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5113b58b-7d2e-40cd-8669-a5597321106f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-6a6885b887da3fa682a8e96453ce2b11.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-6a6885b887da3fa682a8e96453ce2b11.yaml new file mode 100644 index 0000000000..064e8a24ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-6a6885b887da3fa682a8e96453ce2b11.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-6a6885b887da3fa682a8e96453ce2b11 + +info: + name: > + Quiz And Survey Master <= 8.0.8 - Unauthenticated Arbitrary Media Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68110321-db1a-4634-98cd-0afd3ec933b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-75f2f8257d6545a80c97f57f791fb7a9.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-75f2f8257d6545a80c97f57f791fb7a9.yaml new file mode 100644 index 0000000000..3a26e7c3a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-75f2f8257d6545a80c97f57f791fb7a9.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-75f2f8257d6545a80c97f57f791fb7a9 + +info: + name: > + Quiz And Survey Master <= 8.1.18 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cfdbf80-3733-4d5c-9bc6-01e543ee08b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-899f848126483b240dc44a4870e7bfef.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-899f848126483b240dc44a4870e7bfef.yaml new file mode 100644 index 0000000000..56eac12083 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-899f848126483b240dc44a4870e7bfef.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-899f848126483b240dc44a4870e7bfef + +info: + name: > + Quiz And Survey Master <= 6.2.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d94bcbf7-c20e-4b04-b4de-f68f9a793b73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-91489b941b180b4987354a4aee0df6e3.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-91489b941b180b4987354a4aee0df6e3.yaml new file mode 100644 index 0000000000..9a20482090 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-91489b941b180b4987354a4aee0df6e3.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-91489b941b180b4987354a4aee0df6e3 + +info: + name: > + Quiz And Survey Master <= 7.3.1 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b8ed659-0590-411f-9017-f695c9c2f322?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-92d3a763fd6bf9ed5605e7e613d361f0.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-92d3a763fd6bf9ed5605e7e613d361f0.yaml new file mode 100644 index 0000000000..4385694678 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-92d3a763fd6bf9ed5605e7e613d361f0.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-92d3a763fd6bf9ed5605e7e613d361f0 + +info: + name: > + Quiz And Survey Master <= 7.3.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f55a9d35-596c-4207-be11-ade1127df369?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-9fbb2aba0f1c281c62bcad50b683f582.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-9fbb2aba0f1c281c62bcad50b683f582.yaml new file mode 100644 index 0000000000..c562ff07ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-9fbb2aba0f1c281c62bcad50b683f582.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-9fbb2aba0f1c281c62bcad50b683f582 + +info: + name: > + Quiz And Survey Master <= 7.1.11 - Authenticated SQL injection via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bd58f59-09c2-417c-89ea-5906d413288c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-a50b1df259c1e694ecfebb517ea01b13.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-a50b1df259c1e694ecfebb517ea01b13.yaml new file mode 100644 index 0000000000..1150cc8ef4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-a50b1df259c1e694ecfebb517ea01b13.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-a50b1df259c1e694ecfebb517ea01b13 + +info: + name: > + Quiz And Survey Master <= 6.3.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f0025dc-a072-4e01-bea8-6e93948f00d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-acd3eef162930a0876122d4b56734acd.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-acd3eef162930a0876122d4b56734acd.yaml new file mode 100644 index 0000000000..6dd42cd2ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-acd3eef162930a0876122d4b56734acd.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-acd3eef162930a0876122d4b56734acd + +info: + name: > + Quiz And Survey Master <= 8.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Question Title + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19cb39d4-f2b4-4f94-8896-ba714567e1ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-b13bd75954a4a1908d54b2904726ac6a.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-b13bd75954a4a1908d54b2904726ac6a.yaml new file mode 100644 index 0000000000..539b2c7c6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-b13bd75954a4a1908d54b2904726ac6a.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-b13bd75954a4a1908d54b2904726ac6a + +info: + name: > + Quiz And Survey Master <= 7.3.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c1203ce-7582-447f-b011-905b274e1e20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-be8ed34a1e61e6308ab867606f425e64.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-be8ed34a1e61e6308ab867606f425e64.yaml new file mode 100644 index 0000000000..5386b3db37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-be8ed34a1e61e6308ab867606f425e64.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-be8ed34a1e61e6308ab867606f425e64 + +info: + name: > + Quiz And Survey Master <= 8.1.16 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89ee5d27-9123-4fd2-94f8-4395db5663ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-bf605754a0547b06a6170015aaa9595a.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-bf605754a0547b06a6170015aaa9595a.yaml new file mode 100644 index 0000000000..8a6ad973e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-bf605754a0547b06a6170015aaa9595a.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-bf605754a0547b06a6170015aaa9595a + +info: + name: > + Quiz and Survey Master <= 8.0.4 - Improper Input Validation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f5cc779-c7de-42e6-a812-5c0539067b8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-cbf15a410baf5df5c6e73ec81eccde3a.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-cbf15a410baf5df5c6e73ec81eccde3a.yaml new file mode 100644 index 0000000000..36c349622e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-cbf15a410baf5df5c6e73ec81eccde3a.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-cbf15a410baf5df5c6e73ec81eccde3a + +info: + name: > + Quiz And Survey Master <= 7.3.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64584fcd-be84-4d40-bfa8-e6131d0afd58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-ce3f05ae5116fef07efba37ae58297b9.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-ce3f05ae5116fef07efba37ae58297b9.yaml new file mode 100644 index 0000000000..d73f59b610 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-ce3f05ae5116fef07efba37ae58297b9.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-ce3f05ae5116fef07efba37ae58297b9 + +info: + name: > + Quiz And Survey Master <= 7.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6e3fb4d-985f-4fb7-bcf1-523792d8dac6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-ce53aada13325acb27d477b230e028dd.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-ce53aada13325acb27d477b230e028dd.yaml new file mode 100644 index 0000000000..965900aa21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-ce53aada13325acb27d477b230e028dd.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-ce53aada13325acb27d477b230e028dd + +info: + name: > + Quiz And Survey Master <= 7.3.10 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eaa4b7b9-ea5b-46a1-847e-027bcb1fa5a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-d01c7b873aec80a58b54be7a8d535664.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-d01c7b873aec80a58b54be7a8d535664.yaml new file mode 100644 index 0000000000..eacafd6698 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-d01c7b873aec80a58b54be7a8d535664.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-d01c7b873aec80a58b54be7a8d535664 + +info: + name: > + Quiz And Survey Master <= 7.1.17 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5ef3350-3eec-48b7-9241-5d2ce25555f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-d44f53d903df9cab8928396a4ae4768d.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-d44f53d903df9cab8928396a4ae4768d.yaml new file mode 100644 index 0000000000..ae33d2dcc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-d44f53d903df9cab8928396a4ae4768d.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-d44f53d903df9cab8928396a4ae4768d + +info: + name: > + Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress <= 7.3.4 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6975e84e-06ab-41b1-ae39-64685a878d15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-d813a33aa115d1d1e87017777577752a.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-d813a33aa115d1d1e87017777577752a.yaml new file mode 100644 index 0000000000..3cb1feb255 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-d813a33aa115d1d1e87017777577752a.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-d813a33aa115d1d1e87017777577752a + +info: + name: > + Quiz And Survey Master <= 8.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c482b6e-ce1e-46e2-8847-10c485594448?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-eacb603a076c52a6fb91269497cf41a5.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-eacb603a076c52a6fb91269497cf41a5.yaml new file mode 100644 index 0000000000..c865c2054e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-eacb603a076c52a6fb91269497cf41a5.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-eacb603a076c52a6fb91269497cf41a5 + +info: + name: > + Quiz And Survey Master <= 7.3.10 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d76a21c-bb79-4183-99ea-a07c18dfa180?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-ecadda5bda84d8a0b69e1131abec5fcf.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-ecadda5bda84d8a0b69e1131abec5fcf.yaml new file mode 100644 index 0000000000..0cbc9eef40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-ecadda5bda84d8a0b69e1131abec5fcf.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-ecadda5bda84d8a0b69e1131abec5fcf + +info: + name: > + Quiz And Survey Master <= 7.3.4 - Multiple Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d849eda-4c61-47e2-af7c-59a57fffab65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-f2fa5aa94720ea308820bf6a59c12304.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-f2fa5aa94720ea308820bf6a59c12304.yaml new file mode 100644 index 0000000000..0373bca934 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-f2fa5aa94720ea308820bf6a59c12304.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-f2fa5aa94720ea308820bf6a59c12304 + +info: + name: > + Quiz And Survey Master <= 7.3.6 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/332c0829-316d-4037-8c50-02d6c92cdb10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-f7f576e6c366fb73cfae249a8888bb15.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-f7f576e6c366fb73cfae249a8888bb15.yaml new file mode 100644 index 0000000000..799bc6b620 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-f7f576e6c366fb73cfae249a8888bb15.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-f7f576e6c366fb73cfae249a8888bb15 + +info: + name: > + Quiz and Survey Master <= 7.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfd93c33-4672-4914-b052-7bea283ef60c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-fa56dcf05a0758bb5d6c8d1d87961bf1.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-fa56dcf05a0758bb5d6c8d1d87961bf1.yaml new file mode 100644 index 0000000000..38387bb35a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-fa56dcf05a0758bb5d6c8d1d87961bf1.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-fa56dcf05a0758bb5d6c8d1d87961bf1 + +info: + name: > + Quiz and Survey Master <= 8.1.4 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b29dcd7a-a0bc-4983-85ba-6ebf2c405ceb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-fc2afeaf55a2da67ef007ba91890a8f5.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-fc2afeaf55a2da67ef007ba91890a8f5.yaml new file mode 100644 index 0000000000..0b8d0a5c5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-fc2afeaf55a2da67ef007ba91890a8f5.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-fc2afeaf55a2da67ef007ba91890a8f5 + +info: + name: > + Quiz And Survey Master <= 8.0.10 - Cross-Site Request Forgery to Quiz Restoration + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9af36edd-4520-4afc-8d3a-c9a96659ddf8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-master-next-fddce4b8eb2e7caabf78ce5b75bb4ed4.yaml b/nuclei-templates/cve-less/plugins/quiz-master-next-fddce4b8eb2e7caabf78ce5b75bb4ed4.yaml new file mode 100644 index 0000000000..80d1b46e68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-master-next-fddce4b8eb2e7caabf78ce5b75bb4ed4.yaml @@ -0,0 +1,58 @@ +id: quiz-master-next-fddce4b8eb2e7caabf78ce5b75bb4ed4 + +info: + name: > + Quiz and Survey Master <= 7.0.0 - Unauthenticated Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18458883-6cca-46d1-8437-4e646f4eafda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-master-next/" + google-query: inurl:"/wp-content/plugins/quiz-master-next/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-master-next,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-master-next/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-master-next" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quiz-tool-lite-8979f6505c90c68150042fb786bf639e.yaml b/nuclei-templates/cve-less/plugins/quiz-tool-lite-8979f6505c90c68150042fb786bf639e.yaml new file mode 100644 index 0000000000..85061615bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quiz-tool-lite-8979f6505c90c68150042fb786bf639e.yaml @@ -0,0 +1,58 @@ +id: quiz-tool-lite-8979f6505c90c68150042fb786bf639e + +info: + name: > + Quiz Tool Lite <= 2.3.15 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a515dc9-e6d6-4083-a3e8-c22307b120a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quiz-tool-lite/" + google-query: inurl:"/wp-content/plugins/quiz-tool-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quiz-tool-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quiz-tool-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quiz-tool-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quizlord-05b1f0bb86ade4c6c32252e799c74986.yaml b/nuclei-templates/cve-less/plugins/quizlord-05b1f0bb86ade4c6c32252e799c74986.yaml new file mode 100644 index 0000000000..a72e5e1c54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quizlord-05b1f0bb86ade4c6c32252e799c74986.yaml @@ -0,0 +1,58 @@ +id: quizlord-05b1f0bb86ade4c6c32252e799c74986 + +info: + name: > + Quizlord <= 2.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e54f2e28-7320-4d2d-a416-e46202c08375?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quizlord/" + google-query: inurl:"/wp-content/plugins/quizlord/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quizlord,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quizlord/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quizlord" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quizlord-aa821804338bfa52c597bf95613d3cbf.yaml b/nuclei-templates/cve-less/plugins/quizlord-aa821804338bfa52c597bf95613d3cbf.yaml new file mode 100644 index 0000000000..7ce8ce8da1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quizlord-aa821804338bfa52c597bf95613d3cbf.yaml @@ -0,0 +1,58 @@ +id: quizlord-aa821804338bfa52c597bf95613d3cbf + +info: + name: > + Quizlord <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c85f6c1b-673d-4fe9-acef-a15d90fcf414?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quizlord/" + google-query: inurl:"/wp-content/plugins/quizlord/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quizlord,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quizlord/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quizlord" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quote-o-matic-6435ac4f9788a7cece5b6014e8487e16.yaml b/nuclei-templates/cve-less/plugins/quote-o-matic-6435ac4f9788a7cece5b6014e8487e16.yaml new file mode 100644 index 0000000000..b9131c7bcd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quote-o-matic-6435ac4f9788a7cece5b6014e8487e16.yaml @@ -0,0 +1,58 @@ +id: quote-o-matic-6435ac4f9788a7cece5b6014e8487e16 + +info: + name: > + Quote-O-Matic <= 1.0.5 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a425bf5-de09-4f8c-8766-c9912d337512?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quote-o-matic/" + google-query: inurl:"/wp-content/plugins/quote-o-matic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quote-o-matic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quote-o-matic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quote-o-matic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quotes-and-tips-105cf32b00a014867c600a479b6d44a5.yaml b/nuclei-templates/cve-less/plugins/quotes-and-tips-105cf32b00a014867c600a479b6d44a5.yaml new file mode 100644 index 0000000000..e5cde0f28e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quotes-and-tips-105cf32b00a014867c600a479b6d44a5.yaml @@ -0,0 +1,58 @@ +id: quotes-and-tips-105cf32b00a014867c600a479b6d44a5 + +info: + name: > + Quotes and Tips by BestWebSoft < 1.20 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c942fd74-7a2d-43ec-9806-cdfe21a83149?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quotes-and-tips/" + google-query: inurl:"/wp-content/plugins/quotes-and-tips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quotes-and-tips,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quotes-and-tips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quotes-and-tips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quotes-collection-498d9280bb627df5ee0fc3435bab6bb8.yaml b/nuclei-templates/cve-less/plugins/quotes-collection-498d9280bb627df5ee0fc3435bab6bb8.yaml new file mode 100644 index 0000000000..9083fca6f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quotes-collection-498d9280bb627df5ee0fc3435bab6bb8.yaml @@ -0,0 +1,58 @@ +id: quotes-collection-498d9280bb627df5ee0fc3435bab6bb8 + +info: + name: > + Quotes Collection <= 2.5.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b988f424-f649-4bf0-9f7f-88faa41c0029?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quotes-collection/" + google-query: inurl:"/wp-content/plugins/quotes-collection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quotes-collection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quotes-collection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quotes-collection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quotes-collection-62f03cd88708d633c3bea1020189b887.yaml b/nuclei-templates/cve-less/plugins/quotes-collection-62f03cd88708d633c3bea1020189b887.yaml new file mode 100644 index 0000000000..c87dce98cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quotes-collection-62f03cd88708d633c3bea1020189b887.yaml @@ -0,0 +1,58 @@ +id: quotes-collection-62f03cd88708d633c3bea1020189b887 + +info: + name: > + Quotes Collection < 2.0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c839d07-c496-46cc-8024-742f44cd3638?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quotes-collection/" + google-query: inurl:"/wp-content/plugins/quotes-collection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quotes-collection,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quotes-collection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quotes-collection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quotes-for-woocommerce-24df3873e0b9065e19944f2b69074a09.yaml b/nuclei-templates/cve-less/plugins/quotes-for-woocommerce-24df3873e0b9065e19944f2b69074a09.yaml new file mode 100644 index 0000000000..1a50d02250 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quotes-for-woocommerce-24df3873e0b9065e19944f2b69074a09.yaml @@ -0,0 +1,58 @@ +id: quotes-for-woocommerce-24df3873e0b9065e19944f2b69074a09 + +info: + name: > + Quotes for WooCommerce <= 2.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f7a5d4b-8ba2-45d8-92d4-3c66a81fb4f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quotes-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/quotes-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quotes-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quotes-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quotes-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quotes-llama-88df46a6830158391aaf7619c151706b.yaml b/nuclei-templates/cve-less/plugins/quotes-llama-88df46a6830158391aaf7619c151706b.yaml new file mode 100644 index 0000000000..16320c81cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quotes-llama-88df46a6830158391aaf7619c151706b.yaml @@ -0,0 +1,58 @@ +id: quotes-llama-88df46a6830158391aaf7619c151706b + +info: + name: > + Quotes llama <= 0.7 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e07562d-ab3a-47bc-9bb1-b952f769f5e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quotes-llama/" + google-query: inurl:"/wp-content/plugins/quotes-llama/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quotes-llama,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quotes-llama/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quotes-llama" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quttera-web-malware-scanner-63e5f2960a8b5c3108f981b93e6323c6.yaml b/nuclei-templates/cve-less/plugins/quttera-web-malware-scanner-63e5f2960a8b5c3108f981b93e6323c6.yaml new file mode 100644 index 0000000000..dd4bef530c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quttera-web-malware-scanner-63e5f2960a8b5c3108f981b93e6323c6.yaml @@ -0,0 +1,58 @@ +id: quttera-web-malware-scanner-63e5f2960a8b5c3108f981b93e6323c6 + +info: + name: > + Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2163af55-1ea4-4c60-b9f0-baf99297c6bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quttera-web-malware-scanner/" + google-query: inurl:"/wp-content/plugins/quttera-web-malware-scanner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quttera-web-malware-scanner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quttera-web-malware-scanner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quttera-web-malware-scanner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1.48') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/quttera-web-malware-scanner-f4e8b028120d672af95b84876878fcae.yaml b/nuclei-templates/cve-less/plugins/quttera-web-malware-scanner-f4e8b028120d672af95b84876878fcae.yaml new file mode 100644 index 0000000000..3ea8dbf77a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/quttera-web-malware-scanner-f4e8b028120d672af95b84876878fcae.yaml @@ -0,0 +1,58 @@ +id: quttera-web-malware-scanner-f4e8b028120d672af95b84876878fcae + +info: + name: > + Quttera Web Malware Scanner <= 3.4.1.48 - Authenticated (Administrator+) Directory Traversal via ShowFile + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9992d0d-7c6e-4184-8f48-1515d50cc028?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/quttera-web-malware-scanner/" + google-query: inurl:"/wp-content/plugins/quttera-web-malware-scanner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,quttera-web-malware-scanner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/quttera-web-malware-scanner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quttera-web-malware-scanner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1.48') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qwiz-online-quizzes-and-flashcards-28d16d6b1cef547447e4d705dcc2a1cb.yaml b/nuclei-templates/cve-less/plugins/qwiz-online-quizzes-and-flashcards-28d16d6b1cef547447e4d705dcc2a1cb.yaml new file mode 100644 index 0000000000..b674c7fd3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qwiz-online-quizzes-and-flashcards-28d16d6b1cef547447e4d705dcc2a1cb.yaml @@ -0,0 +1,58 @@ +id: qwiz-online-quizzes-and-flashcards-28d16d6b1cef547447e4d705dcc2a1cb + +info: + name: > + Qwizcards <= 3.61 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95f1e3eb-da87-417e-8e8c-e5035e072950?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qwiz-online-quizzes-and-flashcards/" + google-query: inurl:"/wp-content/plugins/qwiz-online-quizzes-and-flashcards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qwiz-online-quizzes-and-flashcards,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qwiz-online-quizzes-and-flashcards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qwiz-online-quizzes-and-flashcards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.61') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/qyrr-code-1954398156051d3ad0f2e33b45b08e3a.yaml b/nuclei-templates/cve-less/plugins/qyrr-code-1954398156051d3ad0f2e33b45b08e3a.yaml new file mode 100644 index 0000000000..573f0253b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/qyrr-code-1954398156051d3ad0f2e33b45b08e3a.yaml @@ -0,0 +1,58 @@ +id: qyrr-code-1954398156051d3ad0f2e33b45b08e3a + +info: + name: > + Qyrr – simply and modern QR-Code creation <= 0.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4a82562-1368-4071-bedf-8a84d82e88ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/qyrr-code/" + google-query: inurl:"/wp-content/plugins/qyrr-code/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,qyrr-code,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/qyrr-code/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "qyrr-code" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rabbit-loader-9593057fd73362b3675fc833e6f4bac6.yaml b/nuclei-templates/cve-less/plugins/rabbit-loader-9593057fd73362b3675fc833e6f4bac6.yaml new file mode 100644 index 0000000000..7547d0c022 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rabbit-loader-9593057fd73362b3675fc833e6f4bac6.yaml @@ -0,0 +1,58 @@ +id: rabbit-loader-9593057fd73362b3675fc833e6f4bac6 + +info: + name: > + RabbitLoader <= 2.19.13 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/958118ec-437e-45c8-a0f0-6aaf54e60d04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rabbit-loader/" + google-query: inurl:"/wp-content/plugins/rabbit-loader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rabbit-loader,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rabbit-loader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rabbit-loader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.19.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/radio-buttons-for-taxonomies-5f709cb3f787aa3d6fe0c1b9fbcebecf.yaml b/nuclei-templates/cve-less/plugins/radio-buttons-for-taxonomies-5f709cb3f787aa3d6fe0c1b9fbcebecf.yaml new file mode 100644 index 0000000000..6d324e18fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/radio-buttons-for-taxonomies-5f709cb3f787aa3d6fe0c1b9fbcebecf.yaml @@ -0,0 +1,58 @@ +id: radio-buttons-for-taxonomies-5f709cb3f787aa3d6fe0c1b9fbcebecf + +info: + name: > + Radio Buttons for Taxonomies <= 2.0.5 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26a246c3-cf67-4566-b1e8-dc14c3c5c827?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/radio-buttons-for-taxonomies/" + google-query: inurl:"/wp-content/plugins/radio-buttons-for-taxonomies/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,radio-buttons-for-taxonomies,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radio-buttons-for-taxonomies/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radio-buttons-for-taxonomies" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/radio-forge-5344d2a9421d4134e013b9ef9543b210.yaml b/nuclei-templates/cve-less/plugins/radio-forge-5344d2a9421d4134e013b9ef9543b210.yaml new file mode 100644 index 0000000000..251dcf52d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/radio-forge-5344d2a9421d4134e013b9ef9543b210.yaml @@ -0,0 +1,58 @@ +id: radio-forge-5344d2a9421d4134e013b9ef9543b210 + +info: + name: > + Radio Forge Muses Player with Skins <= 2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad20ddd2-33d0-4d49-bca0-ea2a829da6c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/radio-forge/" + google-query: inurl:"/wp-content/plugins/radio-forge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,radio-forge,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radio-forge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radio-forge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/radio-player-0f0d0d2c6b89a442a33118c19c04ca9f.yaml b/nuclei-templates/cve-less/plugins/radio-player-0f0d0d2c6b89a442a33118c19c04ca9f.yaml new file mode 100644 index 0000000000..4307de8e09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/radio-player-0f0d0d2c6b89a442a33118c19c04ca9f.yaml @@ -0,0 +1,58 @@ +id: radio-player-0f0d0d2c6b89a442a33118c19c04ca9f + +info: + name: > + Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress <= 2.0.73 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fe0cb36-7b61-412f-ad2a-d31b18417ce8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/radio-player/" + google-query: inurl:"/wp-content/plugins/radio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,radio-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.73') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/radio-player-74ed56a742e6bfe4ae7f688057f0e58c.yaml b/nuclei-templates/cve-less/plugins/radio-player-74ed56a742e6bfe4ae7f688057f0e58c.yaml new file mode 100644 index 0000000000..d91a72410b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/radio-player-74ed56a742e6bfe4ae7f688057f0e58c.yaml @@ -0,0 +1,58 @@ +id: radio-player-74ed56a742e6bfe4ae7f688057f0e58c + +info: + name: > + Radio Player <= 2.0.73 - Missing Authorization via get_players + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/081e76e4-60ec-496d-979b-d128771af475?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/radio-player/" + google-query: inurl:"/wp-content/plugins/radio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,radio-player,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.73') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/radio-player-ced2048e66568ff23a7c9306db5ed20b.yaml b/nuclei-templates/cve-less/plugins/radio-player-ced2048e66568ff23a7c9306db5ed20b.yaml new file mode 100644 index 0000000000..251765dd8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/radio-player-ced2048e66568ff23a7c9306db5ed20b.yaml @@ -0,0 +1,58 @@ +id: radio-player-ced2048e66568ff23a7c9306db5ed20b + +info: + name: > + Radio Player <= 2.0.73 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/704a26f1-36d9-4503-b200-5a6b604ceddc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/radio-player/" + google-query: inurl:"/wp-content/plugins/radio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,radio-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.73') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/radio-player-fa19810ebcf6bda0fe16609b0188a9da.yaml b/nuclei-templates/cve-less/plugins/radio-player-fa19810ebcf6bda0fe16609b0188a9da.yaml new file mode 100644 index 0000000000..c43c302442 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/radio-player-fa19810ebcf6bda0fe16609b0188a9da.yaml @@ -0,0 +1,58 @@ +id: radio-player-fa19810ebcf6bda0fe16609b0188a9da + +info: + name: > + Radio Player <= 2.0.73 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/416ecce7-e2ca-4b73-90ff-85c6fdd94251?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/radio-player/" + google-query: inurl:"/wp-content/plugins/radio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,radio-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.73') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/radio-station-7d1f832265699144424e86f453859317.yaml b/nuclei-templates/cve-less/plugins/radio-station-7d1f832265699144424e86f453859317.yaml new file mode 100644 index 0000000000..8d9cc0bd70 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/radio-station-7d1f832265699144424e86f453859317.yaml @@ -0,0 +1,58 @@ +id: radio-station-7d1f832265699144424e86f453859317 + +info: + name: > + Radio Station by netmix® – Manage and play your Show Schedule in WordPress! <= 2.5.7 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8464a63f-db39-4a2c-b408-d7fd7539d6dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/radio-station/" + google-query: inurl:"/wp-content/plugins/radio-station/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,radio-station,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radio-station/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radio-station" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/radio-station-f928630a44e376a8556ef8a85dd515fa.yaml b/nuclei-templates/cve-less/plugins/radio-station-f928630a44e376a8556ef8a85dd515fa.yaml new file mode 100644 index 0000000000..68ac12744c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/radio-station-f928630a44e376a8556ef8a85dd515fa.yaml @@ -0,0 +1,58 @@ +id: radio-station-f928630a44e376a8556ef8a85dd515fa + +info: + name: > + Radio Station <= 2.4.0.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36b2992d-4d1b-456d-94a0-54794ba59435?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/radio-station/" + google-query: inurl:"/wp-content/plugins/radio-station/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,radio-station,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/radio-station/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "radio-station" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rafflepress-0d992e0c4b2262e08e00bc7728421227.yaml b/nuclei-templates/cve-less/plugins/rafflepress-0d992e0c4b2262e08e00bc7728421227.yaml new file mode 100644 index 0000000000..0d35c405f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rafflepress-0d992e0c4b2262e08e00bc7728421227.yaml @@ -0,0 +1,58 @@ +id: rafflepress-0d992e0c4b2262e08e00bc7728421227 + +info: + name: > + Giveaways and Contests by RafflePress <= 1.12.7 - Unauthenticated IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/595d6cdb-8a42-480e-8b04-52998156488c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rafflepress/" + google-query: inurl:"/wp-content/plugins/rafflepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rafflepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rafflepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rafflepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rafflepress-0df72c1ea599347d49ac94e58a15317d.yaml b/nuclei-templates/cve-less/plugins/rafflepress-0df72c1ea599347d49ac94e58a15317d.yaml new file mode 100644 index 0000000000..0d88a9ddf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rafflepress-0df72c1ea599347d49ac94e58a15317d.yaml @@ -0,0 +1,58 @@ +id: rafflepress-0df72c1ea599347d49ac94e58a15317d + +info: + name: > + Giveaways and Contests by RafflePress <= 1.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e7460b-1ed4-4ff7-89c7-0bd2658a800d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rafflepress/" + google-query: inurl:"/wp-content/plugins/rafflepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rafflepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rafflepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rafflepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rafflepress-1a4de07092fc301c92fce8ed74ad446d.yaml b/nuclei-templates/cve-less/plugins/rafflepress-1a4de07092fc301c92fce8ed74ad446d.yaml new file mode 100644 index 0000000000..b2817a600f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rafflepress-1a4de07092fc301c92fce8ed74ad446d.yaml @@ -0,0 +1,58 @@ +id: rafflepress-1a4de07092fc301c92fce8ed74ad446d + +info: + name: > + Giveaways and Contests by RafflePress <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6d663a9-3185-4c36-b9d1-878297965379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rafflepress/" + google-query: inurl:"/wp-content/plugins/rafflepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rafflepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rafflepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rafflepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rafflepress-f756689d49883a94fc2d2b5fe92fc364.yaml b/nuclei-templates/cve-less/plugins/rafflepress-f756689d49883a94fc2d2b5fe92fc364.yaml new file mode 100644 index 0000000000..f12cd7a60a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rafflepress-f756689d49883a94fc2d2b5fe92fc364.yaml @@ -0,0 +1,58 @@ +id: rafflepress-f756689d49883a94fc2d2b5fe92fc364 + +info: + name: > + Giveaways and Contests by RafflePress <= 1.12.5 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29b471ac-3a08-42da-9907-670c3b3bae92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rafflepress/" + google-query: inurl:"/wp-content/plugins/rafflepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rafflepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rafflepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rafflepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/random-banner-6cbcd9de8a0bffdfb0e1ab93c491bf62.yaml b/nuclei-templates/cve-less/plugins/random-banner-6cbcd9de8a0bffdfb0e1ab93c491bf62.yaml new file mode 100644 index 0000000000..7d4aa2dc25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/random-banner-6cbcd9de8a0bffdfb0e1ab93c491bf62.yaml @@ -0,0 +1,58 @@ +id: random-banner-6cbcd9de8a0bffdfb0e1ab93c491bf62 + +info: + name: > + Random Banner <= 4.1.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/afb53b31-c179-4d11-845f-8acd18638038?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/random-banner/" + google-query: inurl:"/wp-content/plugins/random-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,random-banner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/random-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "random-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/random-banner-c1af03a9bc6d8f06f284071a1218ac5b.yaml b/nuclei-templates/cve-less/plugins/random-banner-c1af03a9bc6d8f06f284071a1218ac5b.yaml new file mode 100644 index 0000000000..73e46d5d96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/random-banner-c1af03a9bc6d8f06f284071a1218ac5b.yaml @@ -0,0 +1,58 @@ +id: random-banner-c1af03a9bc6d8f06f284071a1218ac5b + +info: + name: > + Random Banner < 2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/416803bc-7851-4489-85f9-dbff0838d35b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/random-banner/" + google-query: inurl:"/wp-content/plugins/random-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,random-banner,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/random-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "random-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/random-image-gallery-with-pretty-photo-zoom-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/random-image-gallery-with-pretty-photo-zoom-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..17f1115c1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/random-image-gallery-with-pretty-photo-zoom-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: random-image-gallery-with-pretty-photo-zoom-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/random-image-gallery-with-pretty-photo-zoom/" + google-query: inurl:"/wp-content/plugins/random-image-gallery-with-pretty-photo-zoom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,random-image-gallery-with-pretty-photo-zoom,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/random-image-gallery-with-pretty-photo-zoom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "random-image-gallery-with-pretty-photo-zoom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/randomize-2c6114a75a15d3b058a7dc1004291c25.yaml b/nuclei-templates/cve-less/plugins/randomize-2c6114a75a15d3b058a7dc1004291c25.yaml new file mode 100644 index 0000000000..58b7a3c580 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/randomize-2c6114a75a15d3b058a7dc1004291c25.yaml @@ -0,0 +1,58 @@ +id: randomize-2c6114a75a15d3b058a7dc1004291c25 + +info: + name: > + Randomize <= 1.4.3 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b971ae0-624d-416e-b2f2-92ce44e96418?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/randomize/" + google-query: inurl:"/wp-content/plugins/randomize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,randomize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/randomize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "randomize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/randomtext-1fdf26dc57df471e3029b947067853d6.yaml b/nuclei-templates/cve-less/plugins/randomtext-1fdf26dc57df471e3029b947067853d6.yaml new file mode 100644 index 0000000000..befc71f16e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/randomtext-1fdf26dc57df471e3029b947067853d6.yaml @@ -0,0 +1,58 @@ +id: randomtext-1fdf26dc57df471e3029b947067853d6 + +info: + name: > + Random Text <= 0.3.0 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6badba6d-1ff1-4d6f-bccf-1f0278edb17d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/randomtext/" + google-query: inurl:"/wp-content/plugins/randomtext/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,randomtext,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/randomtext/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "randomtext" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rapidexpcart-8ca33f13028f0931d0d1467c7211048d.yaml b/nuclei-templates/cve-less/plugins/rapidexpcart-8ca33f13028f0931d0d1467c7211048d.yaml new file mode 100644 index 0000000000..13d0d334de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rapidexpcart-8ca33f13028f0931d0d1467c7211048d.yaml @@ -0,0 +1,58 @@ +id: rapidexpcart-8ca33f13028f0931d0d1467c7211048d + +info: + name: > + RapidExpCart <= 1.0 - Authenticated (Level 8/Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc1e480c-577a-467a-8297-747512286a39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rapidexpcart/" + google-query: inurl:"/wp-content/plugins/rapidexpcart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rapidexpcart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rapidexpcart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rapidexpcart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rapidexpcart-956705464f8d3e3f33f8d0fbd34de8bb.yaml b/nuclei-templates/cve-less/plugins/rapidexpcart-956705464f8d3e3f33f8d0fbd34de8bb.yaml new file mode 100644 index 0000000000..8f19d48256 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rapidexpcart-956705464f8d3e3f33f8d0fbd34de8bb.yaml @@ -0,0 +1,58 @@ +id: rapidexpcart-956705464f8d3e3f33f8d0fbd34de8bb + +info: + name: > + RapidExpCart <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52fde632-f3a4-48d5-8c2c-c42b9d20dcb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rapidexpcart/" + google-query: inurl:"/wp-content/plugins/rapidexpcart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rapidexpcart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rapidexpcart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rapidexpcart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rara-one-click-demo-import-7625842be5b20a912d85c30fab35389d.yaml b/nuclei-templates/cve-less/plugins/rara-one-click-demo-import-7625842be5b20a912d85c30fab35389d.yaml new file mode 100644 index 0000000000..5857b1f017 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rara-one-click-demo-import-7625842be5b20a912d85c30fab35389d.yaml @@ -0,0 +1,58 @@ +id: rara-one-click-demo-import-7625842be5b20a912d85c30fab35389d + +info: + name: > + Rara One Click Demo Import <= 1.2.9 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be4061ef-849a-4797-aeee-07da2afc1a40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rara-one-click-demo-import/" + google-query: inurl:"/wp-content/plugins/rara-one-click-demo-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rara-one-click-demo-import,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rara-one-click-demo-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rara-one-click-demo-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rate-my-post-0a011d3a5ee0fe8850f5ad8de7716ef3.yaml b/nuclei-templates/cve-less/plugins/rate-my-post-0a011d3a5ee0fe8850f5ad8de7716ef3.yaml new file mode 100644 index 0000000000..43c1db2622 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rate-my-post-0a011d3a5ee0fe8850f5ad8de7716ef3.yaml @@ -0,0 +1,58 @@ +id: rate-my-post-0a011d3a5ee0fe8850f5ad8de7716ef3 + +info: + name: > + Rate my Post – WP Rating System <= 3.3.4 - Race Condition + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376b46c9-f6bb-4f4e-8e53-62ca68d0003a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rate-my-post/" + google-query: inurl:"/wp-content/plugins/rate-my-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rate-my-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rate-my-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rate-my-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rate-my-post-785e036f5ce45cab570c638ad313ef67.yaml b/nuclei-templates/cve-less/plugins/rate-my-post-785e036f5ce45cab570c638ad313ef67.yaml new file mode 100644 index 0000000000..a36fa8ac71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rate-my-post-785e036f5ce45cab570c638ad313ef67.yaml @@ -0,0 +1,58 @@ +id: rate-my-post-785e036f5ce45cab570c638ad313ef67 + +info: + name: > + Rate my Post – WP Rating System <= 3.4.2 - IP Address Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d24aa7e-bbf1-4a54-b53b-7a37e613e0e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rate-my-post/" + google-query: inurl:"/wp-content/plugins/rate-my-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rate-my-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rate-my-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rate-my-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rate-my-post-980522b8038ad0463392a24edde56a31.yaml b/nuclei-templates/cve-less/plugins/rate-my-post-980522b8038ad0463392a24edde56a31.yaml new file mode 100644 index 0000000000..82ce1497f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rate-my-post-980522b8038ad0463392a24edde56a31.yaml @@ -0,0 +1,58 @@ +id: rate-my-post-980522b8038ad0463392a24edde56a31 + +info: + name: > + Rate My Post – Star Rating Plugin by FeedbackWP <= 3.4.4 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e679b853-3207-47c9-9cbe-d3ce3826cd00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rate-my-post/" + google-query: inurl:"/wp-content/plugins/rate-my-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rate-my-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rate-my-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rate-my-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rate-my-post-bc63c69c92e0f2828459114bbefab4b4.yaml b/nuclei-templates/cve-less/plugins/rate-my-post-bc63c69c92e0f2828459114bbefab4b4.yaml new file mode 100644 index 0000000000..52a16006b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rate-my-post-bc63c69c92e0f2828459114bbefab4b4.yaml @@ -0,0 +1,58 @@ +id: rate-my-post-bc63c69c92e0f2828459114bbefab4b4 + +info: + name: > + Rate my Post – WP Rating System <= 3.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60c96210-d6ed-4838-b2fc-419e6a68f689?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rate-my-post/" + google-query: inurl:"/wp-content/plugins/rate-my-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rate-my-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rate-my-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rate-my-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rate-my-post-c9a71c8c5b02e60eb52f4d4cd3d0c571.yaml b/nuclei-templates/cve-less/plugins/rate-my-post-c9a71c8c5b02e60eb52f4d4cd3d0c571.yaml new file mode 100644 index 0000000000..b074943485 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rate-my-post-c9a71c8c5b02e60eb52f4d4cd3d0c571.yaml @@ -0,0 +1,58 @@ +id: rate-my-post-c9a71c8c5b02e60eb52f4d4cd3d0c571 + +info: + name: > + Rate my Post - WP Rating System <= 3.4.1 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6669d04c-9f97-43a5-a312-1cb3d67d21fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rate-my-post/" + google-query: inurl:"/wp-content/plugins/rate-my-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rate-my-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rate-my-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rate-my-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rate-my-post-cd934d4abb39f62a28c7ae7b5501f68f.yaml b/nuclei-templates/cve-less/plugins/rate-my-post-cd934d4abb39f62a28c7ae7b5501f68f.yaml new file mode 100644 index 0000000000..35813aea87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rate-my-post-cd934d4abb39f62a28c7ae7b5501f68f.yaml @@ -0,0 +1,58 @@ +id: rate-my-post-cd934d4abb39f62a28c7ae7b5501f68f + +info: + name: > + Rate my Post – WP Rating System <= 3.3.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4e0ee4f-fc45-4682-9ed4-aa1301205bb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rate-my-post/" + google-query: inurl:"/wp-content/plugins/rate-my-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rate-my-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rate-my-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rate-my-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rate-star-review-b6d9dd2af7efaf91b36ca5f14358b6f3.yaml b/nuclei-templates/cve-less/plugins/rate-star-review-b6d9dd2af7efaf91b36ca5f14358b6f3.yaml new file mode 100644 index 0000000000..fdb88c2d26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rate-star-review-b6d9dd2af7efaf91b36ca5f14358b6f3.yaml @@ -0,0 +1,58 @@ +id: rate-star-review-b6d9dd2af7efaf91b36ca5f14358b6f3 + +info: + name: > + Rate Star Review <= 1.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/025a13e6-5f0a-49ca-bd63-44e4095072bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rate-star-review/" + google-query: inurl:"/wp-content/plugins/rate-star-review/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rate-star-review,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rate-star-review/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rate-star-review" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rating-bws-64aea5cedd920a29c29c6656f64c0089.yaml b/nuclei-templates/cve-less/plugins/rating-bws-64aea5cedd920a29c29c6656f64c0089.yaml new file mode 100644 index 0000000000..4a9f139e00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rating-bws-64aea5cedd920a29c29c6656f64c0089.yaml @@ -0,0 +1,58 @@ +id: rating-bws-64aea5cedd920a29c29c6656f64c0089 + +info: + name: > + Rating by BestWebSoft < 0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5c23952-3732-4316-aa43-ddab88a6ba79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rating-bws/" + google-query: inurl:"/wp-content/plugins/rating-bws/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rating-bws,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rating-bws/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rating-bws" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rating-bws-ac572eddea26c37b87d8b8b50f635cf6.yaml b/nuclei-templates/cve-less/plugins/rating-bws-ac572eddea26c37b87d8b8b50f635cf6.yaml new file mode 100644 index 0000000000..d199384ed2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rating-bws-ac572eddea26c37b87d8b8b50f635cf6.yaml @@ -0,0 +1,58 @@ +id: rating-bws-ac572eddea26c37b87d8b8b50f635cf6 + +info: + name: > + Rating by BestWebSoft <= 1.5 - Rating Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3511a3d3-1e6e-41ba-a8b9-67f8f7eef157?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rating-bws/" + google-query: inurl:"/wp-content/plugins/rating-bws/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rating-bws,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rating-bws/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rating-bws" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rating-widget-37317046e94cf4102e2b78af213fc732.yaml b/nuclei-templates/cve-less/plugins/rating-widget-37317046e94cf4102e2b78af213fc732.yaml new file mode 100644 index 0000000000..1be908b68f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rating-widget-37317046e94cf4102e2b78af213fc732.yaml @@ -0,0 +1,58 @@ +id: rating-widget-37317046e94cf4102e2b78af213fc732 + +info: + name: > + Rating Widget <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53577cf4-af87-41a2-9424-56a584b78cf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rating-widget/" + google-query: inurl:"/wp-content/plugins/rating-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rating-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rating-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rating-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ravpage-fbf39c35d747104c4d4297ab90803845.yaml b/nuclei-templates/cve-less/plugins/ravpage-fbf39c35d747104c4d4297ab90803845.yaml new file mode 100644 index 0000000000..7d53c5e4a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ravpage-fbf39c35d747104c4d4297ab90803845.yaml @@ -0,0 +1,58 @@ +id: ravpage-fbf39c35d747104c4d4297ab90803845 + +info: + name: > + Ravpage <= 2.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2fe6b69-7a89-4cd4-8a8c-f7e1e587fbbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ravpage/" + google-query: inurl:"/wp-content/plugins/ravpage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ravpage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ravpage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ravpage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/raygun4wp-36b86201be553488a21224994bdfe4a7.yaml b/nuclei-templates/cve-less/plugins/raygun4wp-36b86201be553488a21224994bdfe4a7.yaml new file mode 100644 index 0000000000..ffb77554d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/raygun4wp-36b86201be553488a21224994bdfe4a7.yaml @@ -0,0 +1,58 @@ +id: raygun4wp-36b86201be553488a21224994bdfe4a7 + +info: + name: > + Raygun4WP <= 1.8.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1de69b7e-944a-4d89-a7de-2fae5ab83171?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/raygun4wp/" + google-query: inurl:"/wp-content/plugins/raygun4wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,raygun4wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/raygun4wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "raygun4wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/raygun4wp-942951937c68cc5db7a5bc776617ab05.yaml b/nuclei-templates/cve-less/plugins/raygun4wp-942951937c68cc5db7a5bc776617ab05.yaml new file mode 100644 index 0000000000..e8ddc885ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/raygun4wp-942951937c68cc5db7a5bc776617ab05.yaml @@ -0,0 +1,58 @@ +id: raygun4wp-942951937c68cc5db7a5bc776617ab05 + +info: + name: > + Raygun4WP <= 1.8.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b51ea91f-247c-4ea6-b60c-7ad49b676cb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/raygun4wp/" + google-query: inurl:"/wp-content/plugins/raygun4wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,raygun4wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/raygun4wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "raygun4wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rays-grid-5c28550696f855f4c3c836e5bcf2c491.yaml b/nuclei-templates/cve-less/plugins/rays-grid-5c28550696f855f4c3c836e5bcf2c491.yaml new file mode 100644 index 0000000000..51e83cdbe1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rays-grid-5c28550696f855f4c3c836e5bcf2c491.yaml @@ -0,0 +1,58 @@ +id: rays-grid-5c28550696f855f4c3c836e5bcf2c491 + +info: + name: > + RAYS Grid <= 1.2.2 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5911815-db53-46f2-a16d-ed21be20bbfb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rays-grid/" + google-query: inurl:"/wp-content/plugins/rays-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rays-grid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rays-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rays-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rb-internal-links-1b62450f818e2ba095ee733915545ce8.yaml b/nuclei-templates/cve-less/plugins/rb-internal-links-1b62450f818e2ba095ee733915545ce8.yaml new file mode 100644 index 0000000000..87185eb8c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rb-internal-links-1b62450f818e2ba095ee733915545ce8.yaml @@ -0,0 +1,58 @@ +id: rb-internal-links-1b62450f818e2ba095ee733915545ce8 + +info: + name: > + RB Internal Links <= 2.0.16 - Cross-Site Request Forgery to Settings update and Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2be6c7d8-6dd4-4701-9baa-694496e7388a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rb-internal-links/" + google-query: inurl:"/wp-content/plugins/rb-internal-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rb-internal-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rb-internal-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rb-internal-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rbxgallery-404f62898fe72968016d5c9a6f1d92d8.yaml b/nuclei-templates/cve-less/plugins/rbxgallery-404f62898fe72968016d5c9a6f1d92d8.yaml new file mode 100644 index 0000000000..41d24ddb9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rbxgallery-404f62898fe72968016d5c9a6f1d92d8.yaml @@ -0,0 +1,58 @@ +id: rbxgallery-404f62898fe72968016d5c9a6f1d92d8 + +info: + name: > + RBX Gallery < 3.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1804afe-55a1-428f-ae5d-99d68f61d33b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rbxgallery/" + google-query: inurl:"/wp-content/plugins/rbxgallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rbxgallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rbxgallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rbxgallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rduplicator-bd5ef70cad456cfb810c3a196f6a2a81.yaml b/nuclei-templates/cve-less/plugins/rduplicator-bd5ef70cad456cfb810c3a196f6a2a81.yaml new file mode 100644 index 0000000000..d8808c6409 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rduplicator-bd5ef70cad456cfb810c3a196f6a2a81.yaml @@ -0,0 +1,58 @@ +id: rduplicator-bd5ef70cad456cfb810c3a196f6a2a81 + +info: + name: > + Quick Post Duplicator <= 2.0 - Authenticated (Contributor+) SQL Injection via post_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34e31a0f-27de-4536-9a7e-b8f68e557b3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rduplicator/" + google-query: inurl:"/wp-content/plugins/rduplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rduplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rduplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rduplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/react-webcam-ecc9ca2eedeba9a7eb9cef5703953450.yaml b/nuclei-templates/cve-less/plugins/react-webcam-ecc9ca2eedeba9a7eb9cef5703953450.yaml new file mode 100644 index 0000000000..9c9d713d33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/react-webcam-ecc9ca2eedeba9a7eb9cef5703953450.yaml @@ -0,0 +1,58 @@ +id: react-webcam-ecc9ca2eedeba9a7eb9cef5703953450 + +info: + name: > + React Webcam <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56ec086e-01a7-42f8-be17-b2bdf59cdfb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/react-webcam/" + google-query: inurl:"/wp-content/plugins/react-webcam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,react-webcam,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/react-webcam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "react-webcam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/read-and-understood-913904da9b37e5de5dab8db2c48cdd1a.yaml b/nuclei-templates/cve-less/plugins/read-and-understood-913904da9b37e5de5dab8db2c48cdd1a.yaml new file mode 100644 index 0000000000..8dd2a454e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/read-and-understood-913904da9b37e5de5dab8db2c48cdd1a.yaml @@ -0,0 +1,58 @@ +id: read-and-understood-913904da9b37e5de5dab8db2c48cdd1a + +info: + name: > + Read and Understood <= 2.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3c961eb-0174-4aa3-a117-7f72998eefbb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/read-and-understood/" + google-query: inurl:"/wp-content/plugins/read-and-understood/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,read-and-understood,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/read-and-understood/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "read-and-understood" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/read-and-understood-9859097987f0e7ca79e11ace81cfa3fa.yaml b/nuclei-templates/cve-less/plugins/read-and-understood-9859097987f0e7ca79e11ace81cfa3fa.yaml new file mode 100644 index 0000000000..f7b988f4cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/read-and-understood-9859097987f0e7ca79e11ace81cfa3fa.yaml @@ -0,0 +1,58 @@ +id: read-and-understood-9859097987f0e7ca79e11ace81cfa3fa + +info: + name: > + Read and Understood < 2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e61942e-15ea-468c-b71a-50396d5b2730?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/read-and-understood/" + google-query: inurl:"/wp-content/plugins/read-and-understood/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,read-and-understood,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/read-and-understood/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "read-and-understood" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/read-and-understood-b32bcea1f07567d61bc53250e86795f7.yaml b/nuclei-templates/cve-less/plugins/read-and-understood-b32bcea1f07567d61bc53250e86795f7.yaml new file mode 100644 index 0000000000..5c4e3b460a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/read-and-understood-b32bcea1f07567d61bc53250e86795f7.yaml @@ -0,0 +1,58 @@ +id: read-and-understood-b32bcea1f07567d61bc53250e86795f7 + +info: + name: > + Read and Understood < 2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/999cf54e-2ea8-474d-984c-1c4f729198aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/read-and-understood/" + google-query: inurl:"/wp-content/plugins/read-and-understood/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,read-and-understood,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/read-and-understood/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "read-and-understood" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/read-more-353927ae64af5c6eafc196b5f94afe9a.yaml b/nuclei-templates/cve-less/plugins/read-more-353927ae64af5c6eafc196b5f94afe9a.yaml new file mode 100644 index 0000000000..5d11601e27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/read-more-353927ae64af5c6eafc196b5f94afe9a.yaml @@ -0,0 +1,58 @@ +id: read-more-353927ae64af5c6eafc196b5f94afe9a + +info: + name: > + Read more By Adam <= 1.1.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a6316d8-1d64-4d28-b28a-00ca0b5facee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/read-more/" + google-query: inurl:"/wp-content/plugins/read-more/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,read-more,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/read-more/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "read-more" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/read-more-excerpt-link-8911ed0627c35d1ed98759cc71c063ca.yaml b/nuclei-templates/cve-less/plugins/read-more-excerpt-link-8911ed0627c35d1ed98759cc71c063ca.yaml new file mode 100644 index 0000000000..03e8f6bc42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/read-more-excerpt-link-8911ed0627c35d1ed98759cc71c063ca.yaml @@ -0,0 +1,58 @@ +id: read-more-excerpt-link-8911ed0627c35d1ed98759cc71c063ca + +info: + name: > + Read More Excerpt Link <= 1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27c3d563-4ed5-47a1-ae2c-ff765fb56cb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/read-more-excerpt-link/" + google-query: inurl:"/wp-content/plugins/read-more-excerpt-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,read-more-excerpt-link,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/read-more-excerpt-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "read-more-excerpt-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/read-more-excerpt-link-fb56c017c2ceb4ddc8f04cf045c71346.yaml b/nuclei-templates/cve-less/plugins/read-more-excerpt-link-fb56c017c2ceb4ddc8f04cf045c71346.yaml new file mode 100644 index 0000000000..6fff89976b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/read-more-excerpt-link-fb56c017c2ceb4ddc8f04cf045c71346.yaml @@ -0,0 +1,58 @@ +id: read-more-excerpt-link-fb56c017c2ceb4ddc8f04cf045c71346 + +info: + name: > + Download Read More Excerpt Link <= 1.6.0 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0359434b-9d88-4a40-8e9f-ec354c8de816?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/read-more-excerpt-link/" + google-query: inurl:"/wp-content/plugins/read-more-excerpt-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,read-more-excerpt-link,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/read-more-excerpt-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "read-more-excerpt-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/read-more-without-refresh-66aaa6f41f27e2a7e948bc3c3424d334.yaml b/nuclei-templates/cve-less/plugins/read-more-without-refresh-66aaa6f41f27e2a7e948bc3c3424d334.yaml new file mode 100644 index 0000000000..509c10d075 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/read-more-without-refresh-66aaa6f41f27e2a7e948bc3c3424d334.yaml @@ -0,0 +1,58 @@ +id: read-more-without-refresh-66aaa6f41f27e2a7e948bc3c3424d334 + +info: + name: > + Read More Without Refresh <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2bdb698-3a07-4e8b-a498-b156accadc0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/read-more-without-refresh/" + google-query: inurl:"/wp-content/plugins/read-more-without-refresh/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,read-more-without-refresh,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/read-more-without-refresh/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "read-more-without-refresh" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/read-offline-49f7af60a7d6ca8e6785ad7873768f2a.yaml b/nuclei-templates/cve-less/plugins/read-offline-49f7af60a7d6ca8e6785ad7873768f2a.yaml new file mode 100644 index 0000000000..67fefdbef2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/read-offline-49f7af60a7d6ca8e6785ad7873768f2a.yaml @@ -0,0 +1,58 @@ +id: read-offline-49f7af60a7d6ca8e6785ad7873768f2a + +info: + name: > + JQueryFileTree <= 2.1.5 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f20352f-386f-45ab-b719-8a70f5c11b02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/read-offline/" + google-query: inurl:"/wp-content/plugins/read-offline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,read-offline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/read-offline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "read-offline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-cookie-banner-c03c24ae2b0b619cef671f24ff29a655.yaml b/nuclei-templates/cve-less/plugins/real-cookie-banner-c03c24ae2b0b619cef671f24ff29a655.yaml new file mode 100644 index 0000000000..c6f7941012 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-cookie-banner-c03c24ae2b0b619cef671f24ff29a655.yaml @@ -0,0 +1,58 @@ +id: real-cookie-banner-c03c24ae2b0b619cef671f24ff29a655 + +info: + name: > + WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent < 2.14.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18e51b35-90fa-4ea0-95f9-644ab864b406?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-cookie-banner/" + google-query: inurl:"/wp-content/plugins/real-cookie-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-cookie-banner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-cookie-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-cookie-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.14.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-cookie-banner-cb472ca260be89964a7f7e562d3b7648.yaml b/nuclei-templates/cve-less/plugins/real-cookie-banner-cb472ca260be89964a7f7e562d3b7648.yaml new file mode 100644 index 0000000000..e332c3eec4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-cookie-banner-cb472ca260be89964a7f7e562d3b7648.yaml @@ -0,0 +1,58 @@ +id: real-cookie-banner-cb472ca260be89964a7f7e562d3b7648 + +info: + name: > + Real Cookie Banner <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a78f06-1af2-462e-b328-0e9e603ad904?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-cookie-banner/" + google-query: inurl:"/wp-content/plugins/real-cookie-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-cookie-banner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-cookie-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-cookie-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-estate-listing-realtyna-wpl-df196e267631abea140e582e96b3b0e3.yaml b/nuclei-templates/cve-less/plugins/real-estate-listing-realtyna-wpl-df196e267631abea140e582e96b3b0e3.yaml new file mode 100644 index 0000000000..bfc7c3bdf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-estate-listing-realtyna-wpl-df196e267631abea140e582e96b3b0e3.yaml @@ -0,0 +1,58 @@ +id: real-estate-listing-realtyna-wpl-df196e267631abea140e582e96b3b0e3 + +info: + name: > + Realtyna Organic IDX plugin <= 4.14.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb2897fc-c38b-419f-8651-0620a31b50ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-estate-listing-realtyna-wpl/" + google-query: inurl:"/wp-content/plugins/real-estate-listing-realtyna-wpl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-estate-listing-realtyna-wpl,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-estate-listing-realtyna-wpl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-estate-listing-realtyna-wpl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.14.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-estate-listing-realtyna-wpl-edeebbc602448470d251a6422f124213.yaml b/nuclei-templates/cve-less/plugins/real-estate-listing-realtyna-wpl-edeebbc602448470d251a6422f124213.yaml new file mode 100644 index 0000000000..689163edcc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-estate-listing-realtyna-wpl-edeebbc602448470d251a6422f124213.yaml @@ -0,0 +1,58 @@ +id: real-estate-listing-realtyna-wpl-edeebbc602448470d251a6422f124213 + +info: + name: > + Realtyna Organic IDX plugin <= 4.14.4 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f800156-1ccc-431f-9b2b-3b2ba3428bbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-estate-listing-realtyna-wpl/" + google-query: inurl:"/wp-content/plugins/real-estate-listing-realtyna-wpl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-estate-listing-realtyna-wpl,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-estate-listing-realtyna-wpl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-estate-listing-realtyna-wpl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.14.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-estate-manager-ce5b36195b53746aaff59fc078e530e9.yaml b/nuclei-templates/cve-less/plugins/real-estate-manager-ce5b36195b53746aaff59fc078e530e9.yaml new file mode 100644 index 0000000000..ae30cc723d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-estate-manager-ce5b36195b53746aaff59fc078e530e9.yaml @@ -0,0 +1,58 @@ +id: real-estate-manager-ce5b36195b53746aaff59fc078e530e9 + +info: + name: > + Real Estate Manager <= 7.2 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-estate-manager/" + google-query: inurl:"/wp-content/plugins/real-estate-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-estate-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-estate-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-estate-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-estate-pro-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/cve-less/plugins/real-estate-pro-c1fc6421a52e6ac7d9b0f476667cd29a.yaml new file mode 100644 index 0000000000..387649fefe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-estate-pro-c1fc6421a52e6ac7d9b0f476667cd29a.yaml @@ -0,0 +1,58 @@ +id: real-estate-pro-c1fc6421a52e6ac7d9b0f476667cd29a + +info: + name: > + Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-estate-pro/" + google-query: inurl:"/wp-content/plugins/real-estate-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-estate-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-estate-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-estate-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-kit-ba00ab2a2755c54cd7d0683aa28f5913.yaml b/nuclei-templates/cve-less/plugins/real-kit-ba00ab2a2755c54cd7d0683aa28f5913.yaml new file mode 100644 index 0000000000..5b6a0fc63d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-kit-ba00ab2a2755c54cd7d0683aa28f5913.yaml @@ -0,0 +1,58 @@ +id: real-kit-ba00ab2a2755c54cd7d0683aa28f5913 + +info: + name: > + real.Kit <= 5.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97c1aeee-a82e-4d09-bffb-a91a89d0ea1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-kit/" + google-query: inurl:"/wp-content/plugins/real-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-media-library-lite-2a7a5a205e77ded07268b829f167efa8.yaml b/nuclei-templates/cve-less/plugins/real-media-library-lite-2a7a5a205e77ded07268b829f167efa8.yaml new file mode 100644 index 0000000000..03cebe8510 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-media-library-lite-2a7a5a205e77ded07268b829f167efa8.yaml @@ -0,0 +1,58 @@ +id: real-media-library-lite-2a7a5a205e77ded07268b829f167efa8 + +info: + name: > + Real Media Library: Media Library Folder & File Manager <= 4.18.28 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/950d71ae-29a1-4b71-b74a-b1a5c9f3326e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-media-library-lite/" + google-query: inurl:"/wp-content/plugins/real-media-library-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-media-library-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-media-library-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-media-library-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.18.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-media-library-lite-426ec193e6b1f2e068f34932123c6dcd.yaml b/nuclei-templates/cve-less/plugins/real-media-library-lite-426ec193e6b1f2e068f34932123c6dcd.yaml new file mode 100644 index 0000000000..b8b20cb38f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-media-library-lite-426ec193e6b1f2e068f34932123c6dcd.yaml @@ -0,0 +1,58 @@ +id: real-media-library-lite-426ec193e6b1f2e068f34932123c6dcd + +info: + name: > + Real Media Library: Media Library Folder & File Manager <= 4.22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67a44d4c-da3f-4c3d-997b-1417c6906a9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-media-library-lite/" + google-query: inurl:"/wp-content/plugins/real-media-library-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-media-library-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-media-library-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-media-library-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.22.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-media-library-lite-458c0d6ab63df27e3e21cbe7fc77cfd2.yaml b/nuclei-templates/cve-less/plugins/real-media-library-lite-458c0d6ab63df27e3e21cbe7fc77cfd2.yaml new file mode 100644 index 0000000000..e942a8efea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-media-library-lite-458c0d6ab63df27e3e21cbe7fc77cfd2.yaml @@ -0,0 +1,58 @@ +id: real-media-library-lite-458c0d6ab63df27e3e21cbe7fc77cfd2 + +info: + name: > + Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d359dc78-fc90-4570-a768-5f1a05f865e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-media-library-lite/" + google-query: inurl:"/wp-content/plugins/real-media-library-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-media-library-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-media-library-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-media-library-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.22.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-media-library-lite-d45b3048f23bdc5676881ea128b4fe4b.yaml b/nuclei-templates/cve-less/plugins/real-media-library-lite-d45b3048f23bdc5676881ea128b4fe4b.yaml new file mode 100644 index 0000000000..6c852e5e18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-media-library-lite-d45b3048f23bdc5676881ea128b4fe4b.yaml @@ -0,0 +1,58 @@ +id: real-media-library-lite-d45b3048f23bdc5676881ea128b4fe4b + +info: + name: > + WordPress Real Media Library <= 4.14.1 - Authenticated (Author) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cebd40c2-42df-4792-81dc-2b1082f1712b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-media-library-lite/" + google-query: inurl:"/wp-content/plugins/real-media-library-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-media-library-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-media-library-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-media-library-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.14.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-time-auto-find-and-replace-6a587e71ee083048d4679f04ad4755b0.yaml b/nuclei-templates/cve-less/plugins/real-time-auto-find-and-replace-6a587e71ee083048d4679f04ad4755b0.yaml new file mode 100644 index 0000000000..9351ae2a9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-time-auto-find-and-replace-6a587e71ee083048d4679f04ad4755b0.yaml @@ -0,0 +1,58 @@ +id: real-time-auto-find-and-replace-6a587e71ee083048d4679f04ad4755b0 + +info: + name: > + Better Find and Replace <= 1.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/879bd819-5513-4253-b6e0-a34dbebae287?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-time-auto-find-and-replace/" + google-query: inurl:"/wp-content/plugins/real-time-auto-find-and-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-time-auto-find-and-replace,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-time-auto-find-and-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-time-auto-find-and-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-time-auto-find-and-replace-eab47af35bd14f792c9512e4731e4999.yaml b/nuclei-templates/cve-less/plugins/real-time-auto-find-and-replace-eab47af35bd14f792c9512e4731e4999.yaml new file mode 100644 index 0000000000..d9de27f431 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-time-auto-find-and-replace-eab47af35bd14f792c9512e4731e4999.yaml @@ -0,0 +1,58 @@ +id: real-time-auto-find-and-replace-eab47af35bd14f792c9512e4731e4999 + +info: + name: > + Better Find and Replace <= 1.3.5 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e26b7e73-2d04-493a-a7d9-2276bc0e1ba8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-time-auto-find-and-replace/" + google-query: inurl:"/wp-content/plugins/real-time-auto-find-and-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-time-auto-find-and-replace,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-time-auto-find-and-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-time-auto-find-and-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-time-find-and-replace-8de354ee8a09f1e40abb305d774cf1ed.yaml b/nuclei-templates/cve-less/plugins/real-time-find-and-replace-8de354ee8a09f1e40abb305d774cf1ed.yaml new file mode 100644 index 0000000000..05937b3dac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-time-find-and-replace-8de354ee8a09f1e40abb305d774cf1ed.yaml @@ -0,0 +1,58 @@ +id: real-time-find-and-replace-8de354ee8a09f1e40abb305d774cf1ed + +info: + name: > + Real-Time Find and Replace <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2e62675-e3d5-4545-bb80-0330da966368?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-time-find-and-replace/" + google-query: inurl:"/wp-content/plugins/real-time-find-and-replace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-time-find-and-replace,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-time-find-and-replace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-time-find-and-replace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real-wysiwyg-1b2227bfbc114c60a1d636953ef21b96.yaml b/nuclei-templates/cve-less/plugins/real-wysiwyg-1b2227bfbc114c60a1d636953ef21b96.yaml new file mode 100644 index 0000000000..1b48de4d48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real-wysiwyg-1b2227bfbc114c60a1d636953ef21b96.yaml @@ -0,0 +1,58 @@ +id: real-wysiwyg-1b2227bfbc114c60a1d636953ef21b96 + +info: + name: > + Real WYSIWYG <= 0.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3b39055-aa2a-4db8-838b-e4baaea105b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real-wysiwyg/" + google-query: inurl:"/wp-content/plugins/real-wysiwyg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real-wysiwyg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real-wysiwyg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-wysiwyg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real3d-flipbook-2c4b560690d4d3a59e350708726945d0.yaml b/nuclei-templates/cve-less/plugins/real3d-flipbook-2c4b560690d4d3a59e350708726945d0.yaml new file mode 100644 index 0000000000..acd8451810 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real3d-flipbook-2c4b560690d4d3a59e350708726945d0.yaml @@ -0,0 +1,58 @@ +id: real3d-flipbook-2c4b560690d4d3a59e350708726945d0 + +info: + name: > + Real3D Flipbook <= 1.0.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12e2645c-7df1-4fbe-baa1-6b932062682b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real3d-flipbook/" + google-query: inurl:"/wp-content/plugins/real3d-flipbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real3d-flipbook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real3d-flipbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real3d-flipbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real3d-flipbook-a9204f8c11120cb2c33b3f2dfe972d8b.yaml b/nuclei-templates/cve-less/plugins/real3d-flipbook-a9204f8c11120cb2c33b3f2dfe972d8b.yaml new file mode 100644 index 0000000000..314d7b3eae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real3d-flipbook-a9204f8c11120cb2c33b3f2dfe972d8b.yaml @@ -0,0 +1,58 @@ +id: real3d-flipbook-a9204f8c11120cb2c33b3f2dfe972d8b + +info: + name: > + Real3D Flipbook <= 1.0.0 - File Upload to User Controlled Location + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dab03b8-6ed9-4f08-bd52-0f507de882de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real3d-flipbook/" + google-query: inurl:"/wp-content/plugins/real3d-flipbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real3d-flipbook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real3d-flipbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real3d-flipbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real3d-flipbook-ec9bb451b23b2be1cff3727d057731cd.yaml b/nuclei-templates/cve-less/plugins/real3d-flipbook-ec9bb451b23b2be1cff3727d057731cd.yaml new file mode 100644 index 0000000000..6f540df616 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real3d-flipbook-ec9bb451b23b2be1cff3727d057731cd.yaml @@ -0,0 +1,58 @@ +id: real3d-flipbook-ec9bb451b23b2be1cff3727d057731cd + +info: + name: > + Real3D Flipbook <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c232344c-5070-4461-b143-0f53d61d6eac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real3d-flipbook/" + google-query: inurl:"/wp-content/plugins/real3d-flipbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real3d-flipbook,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real3d-flipbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real3d-flipbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/real3d-flipbook-lite-8ed0dc233dd88ec7cbdf934305689592.yaml b/nuclei-templates/cve-less/plugins/real3d-flipbook-lite-8ed0dc233dd88ec7cbdf934305689592.yaml new file mode 100644 index 0000000000..8b7889ae74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/real3d-flipbook-lite-8ed0dc233dd88ec7cbdf934305689592.yaml @@ -0,0 +1,58 @@ +id: real3d-flipbook-lite-8ed0dc233dd88ec7cbdf934305689592 + +info: + name: > + 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin <= 3.62 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c496a5f8-9cfc-49b3-b360-d942d554b860?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/real3d-flipbook-lite/" + google-query: inurl:"/wp-content/plugins/real3d-flipbook-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,real3d-flipbook-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/real3d-flipbook-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real3d-flipbook-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.62') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/realbig-media-d27f815adbf875ce27b19fc701a2c8d1.yaml b/nuclei-templates/cve-less/plugins/realbig-media-d27f815adbf875ce27b19fc701a2c8d1.yaml new file mode 100644 index 0000000000..d9264ef028 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/realbig-media-d27f815adbf875ce27b19fc701a2c8d1.yaml @@ -0,0 +1,58 @@ +id: realbig-media-d27f815adbf875ce27b19fc701a2c8d1 + +info: + name: > + Realbig <= 1.0.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70ae0f3e-75a8-41c7-91c0-52d672809835?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/realbig-media/" + google-query: inurl:"/wp-content/plugins/realbig-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,realbig-media,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/realbig-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "realbig-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/realestate-7-f30e0a2c040dabe8e3f5e523525b42cc.yaml b/nuclei-templates/cve-less/plugins/realestate-7-f30e0a2c040dabe8e3f5e523525b42cc.yaml new file mode 100644 index 0000000000..0079066229 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/realestate-7-f30e0a2c040dabe8e3f5e523525b42cc.yaml @@ -0,0 +1,58 @@ +id: realestate-7-f30e0a2c040dabe8e3f5e523525b42cc + +info: + name: > + WP Pro Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97c24208-46b2-48a0-a87b-78e642c044cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/realestate-7/" + google-query: inurl:"/wp-content/plugins/realestate-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,realestate-7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/realestate-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "realestate-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/realia-be08bf68983d62c13cc53ac7ac785641.yaml b/nuclei-templates/cve-less/plugins/realia-be08bf68983d62c13cc53ac7ac785641.yaml new file mode 100644 index 0000000000..c32b571571 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/realia-be08bf68983d62c13cc53ac7ac785641.yaml @@ -0,0 +1,58 @@ +id: realia-be08bf68983d62c13cc53ac7ac785641 + +info: + name: > + Realia <= 1.4.0 - Cross-Site Request Forgery to User Email Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06f33e18-0bdd-4c56-a8df-fc1969b9ecf8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/realia/" + google-query: inurl:"/wp-content/plugins/realia/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,realia,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/realia/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "realia" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/really-simple-google-tag-manager-814d6c2e2d8cde0de9aa6bd07e3615ce.yaml b/nuclei-templates/cve-less/plugins/really-simple-google-tag-manager-814d6c2e2d8cde0de9aa6bd07e3615ce.yaml new file mode 100644 index 0000000000..4fd8f541f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/really-simple-google-tag-manager-814d6c2e2d8cde0de9aa6bd07e3615ce.yaml @@ -0,0 +1,58 @@ +id: really-simple-google-tag-manager-814d6c2e2d8cde0de9aa6bd07e3615ce + +info: + name: > + Really Simple Google Tag Manager <= 1.0.6 - Cross-Site Request Forgery via plugin_activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c579825b-e92e-48d2-925e-d1fc81374c4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/really-simple-google-tag-manager/" + google-query: inurl:"/wp-content/plugins/really-simple-google-tag-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,really-simple-google-tag-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/really-simple-google-tag-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "really-simple-google-tag-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/really-simple-ssl-a2af19cf083e10d02f6ef64bbfb896ec.yaml b/nuclei-templates/cve-less/plugins/really-simple-ssl-a2af19cf083e10d02f6ef64bbfb896ec.yaml new file mode 100644 index 0000000000..77dd34213b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/really-simple-ssl-a2af19cf083e10d02f6ef64bbfb896ec.yaml @@ -0,0 +1,58 @@ +id: really-simple-ssl-a2af19cf083e10d02f6ef64bbfb896ec + +info: + name: > + Really Simple SSL <= 7.2.3 - Authenticated (Admin+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39722a07-abfe-4956-b5d0-8ece06913a85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/really-simple-ssl/" + google-query: inurl:"/wp-content/plugins/really-simple-ssl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,really-simple-ssl,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/really-simple-ssl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "really-simple-ssl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/realty-59680ca703e54b65bb1444ccb4c65653.yaml b/nuclei-templates/cve-less/plugins/realty-59680ca703e54b65bb1444ccb4c65653.yaml new file mode 100644 index 0000000000..1671665169 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/realty-59680ca703e54b65bb1444ccb4c65653.yaml @@ -0,0 +1,58 @@ +id: realty-59680ca703e54b65bb1444ccb4c65653 + +info: + name: > + Realty by BestWebSoft < 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9ab89a5-bc01-446e-8cea-40544ddec4d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/realty/" + google-query: inurl:"/wp-content/plugins/realty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,realty,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/realty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "realty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/realty-workstation-3eb72b31a7a3f042d44188428aa0f9df.yaml b/nuclei-templates/cve-less/plugins/realty-workstation-3eb72b31a7a3f042d44188428aa0f9df.yaml new file mode 100644 index 0000000000..5d5144812d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/realty-workstation-3eb72b31a7a3f042d44188428aa0f9df.yaml @@ -0,0 +1,58 @@ +id: realty-workstation-3eb72b31a7a3f042d44188428aa0f9df + +info: + name: > + Realty Workstation <= 1.0.9 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b2e22c-3811-4bf8-a8da-2ca9c38333dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/realty-workstation/" + google-query: inurl:"/wp-content/plugins/realty-workstation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,realty-workstation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/realty-workstation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "realty-workstation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rearrange-woocommerce-products-b1810213664dbc480df9bda4d5950322.yaml b/nuclei-templates/cve-less/plugins/rearrange-woocommerce-products-b1810213664dbc480df9bda4d5950322.yaml new file mode 100644 index 0000000000..aa9c7fb177 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rearrange-woocommerce-products-b1810213664dbc480df9bda4d5950322.yaml @@ -0,0 +1,58 @@ +id: rearrange-woocommerce-products-b1810213664dbc480df9bda4d5950322 + +info: + name: > + Rearrange Woocommerce Products <= 3.0.7 - Subscriber+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/379aa658-ebc4-4000-913e-5f95a4783233?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rearrange-woocommerce-products/" + google-query: inurl:"/wp-content/plugins/rearrange-woocommerce-products/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rearrange-woocommerce-products,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rearrange-woocommerce-products/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rearrange-woocommerce-products" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recall-products-75c0e8fcf83cb7fcc7b1f70f65a50a8b.yaml b/nuclei-templates/cve-less/plugins/recall-products-75c0e8fcf83cb7fcc7b1f70f65a50a8b.yaml new file mode 100644 index 0000000000..596a8c93e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recall-products-75c0e8fcf83cb7fcc7b1f70f65a50a8b.yaml @@ -0,0 +1,58 @@ +id: recall-products-75c0e8fcf83cb7fcc7b1f70f65a50a8b + +info: + name: > + Recall Products <= 0.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e0231cf-7de7-4fe7-a0fe-20657f727fef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recall-products/" + google-query: inurl:"/wp-content/plugins/recall-products/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recall-products,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recall-products/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recall-products" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recall-products-f904152cc56225725583f8016fc8d925.yaml b/nuclei-templates/cve-less/plugins/recall-products-f904152cc56225725583f8016fc8d925.yaml new file mode 100644 index 0000000000..6af820172e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recall-products-f904152cc56225725583f8016fc8d925.yaml @@ -0,0 +1,58 @@ +id: recall-products-f904152cc56225725583f8016fc8d925 + +info: + name: > + Recall Products <= 0.8 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/878f27d3-bb57-46b4-aee4-03720d695504?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recall-products/" + google-query: inurl:"/wp-content/plugins/recall-products/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recall-products,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recall-products/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recall-products" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recaptcha-for-all-13830cbd72a32fb533758edb07ec60b9.yaml b/nuclei-templates/cve-less/plugins/recaptcha-for-all-13830cbd72a32fb533758edb07ec60b9.yaml new file mode 100644 index 0000000000..76554d8556 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recaptcha-for-all-13830cbd72a32fb533758edb07ec60b9.yaml @@ -0,0 +1,58 @@ +id: recaptcha-for-all-13830cbd72a32fb533758edb07ec60b9 + +info: + name: > + reCAPTCHA for all <= 1.22 - Missing Authorization via recaptcha_for_all_image_select + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66585943-cb70-4296-af66-5b786d1bafb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recaptcha-for-all/" + google-query: inurl:"/wp-content/plugins/recaptcha-for-all/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recaptcha-for-all,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recaptcha-for-all/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recaptcha-for-all" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recencio-book-reviews-7675af1bd6eb113efdfef786b75aea68.yaml b/nuclei-templates/cve-less/plugins/recencio-book-reviews-7675af1bd6eb113efdfef786b75aea68.yaml new file mode 100644 index 0000000000..ba9d3c1105 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recencio-book-reviews-7675af1bd6eb113efdfef786b75aea68.yaml @@ -0,0 +1,58 @@ +id: recencio-book-reviews-7675af1bd6eb113efdfef786b75aea68 + +info: + name: > + Recencio Book Reviews <= 1.66.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23ee5d94-5a51-4ee3-945c-422f3f07634e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recencio-book-reviews/" + google-query: inurl:"/wp-content/plugins/recencio-book-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recencio-book-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recencio-book-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recencio-book-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.66.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recent-backups-99c982940e78c45e6e770604c5c36b5e.yaml b/nuclei-templates/cve-less/plugins/recent-backups-99c982940e78c45e6e770604c5c36b5e.yaml new file mode 100644 index 0000000000..3954cb49df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recent-backups-99c982940e78c45e6e770604c5c36b5e.yaml @@ -0,0 +1,58 @@ +id: recent-backups-99c982940e78c45e6e770604c5c36b5e + +info: + name: > + Recent Backups <= 0.7 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a9cfd7a-7e6a-4a1f-86bc-b53ef461dde2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recent-backups/" + google-query: inurl:"/wp-content/plugins/recent-backups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recent-backups,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recent-backups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recent-backups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recent-posts-slider-4cc443b42c40fb382275f264fe03f5d8.yaml b/nuclei-templates/cve-less/plugins/recent-posts-slider-4cc443b42c40fb382275f264fe03f5d8.yaml new file mode 100644 index 0000000000..50c6cdaa58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recent-posts-slider-4cc443b42c40fb382275f264fe03f5d8.yaml @@ -0,0 +1,58 @@ +id: recent-posts-slider-4cc443b42c40fb382275f264fe03f5d8 + +info: + name: > + Recent Posts Slider <= 1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cf9c390-81d7-45d4-a6df-22b16235d11b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recent-posts-slider/" + google-query: inurl:"/wp-content/plugins/recent-posts-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recent-posts-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recent-posts-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recent-posts-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recent-posts-slider-e355011ae0213a93a83d03d9e7e91d4c.yaml b/nuclei-templates/cve-less/plugins/recent-posts-slider-e355011ae0213a93a83d03d9e7e91d4c.yaml new file mode 100644 index 0000000000..37c48ca32a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recent-posts-slider-e355011ae0213a93a83d03d9e7e91d4c.yaml @@ -0,0 +1,58 @@ +id: recent-posts-slider-e355011ae0213a93a83d03d9e7e91d4c + +info: + name: > + Recent Posts Slider <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bbc6aa7-0625-4689-8afe-d7399009ee53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recent-posts-slider/" + google-query: inurl:"/wp-content/plugins/recent-posts-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recent-posts-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recent-posts-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recent-posts-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recently-623ee8a736cc9ca7598f1fcb6de572f9.yaml b/nuclei-templates/cve-less/plugins/recently-623ee8a736cc9ca7598f1fcb6de572f9.yaml new file mode 100644 index 0000000000..848fa79eaa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recently-623ee8a736cc9ca7598f1fcb6de572f9.yaml @@ -0,0 +1,58 @@ +id: recently-623ee8a736cc9ca7598f1fcb6de572f9 + +info: + name: > + Recently <= 3.0.4 - Arbitrary File Upload to Remote Code Exectution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8297149-2de3-4e49-80f9-6ea59dea6bce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recently/" + google-query: inurl:"/wp-content/plugins/recently/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recently,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recently/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recently" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recently-viewed-and-most-viewed-products-3efeefb310fc267db6d3c82c2278b44a.yaml b/nuclei-templates/cve-less/plugins/recently-viewed-and-most-viewed-products-3efeefb310fc267db6d3c82c2278b44a.yaml new file mode 100644 index 0000000000..4870cd9b44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recently-viewed-and-most-viewed-products-3efeefb310fc267db6d3c82c2278b44a.yaml @@ -0,0 +1,58 @@ +id: recently-viewed-and-most-viewed-products-3efeefb310fc267db6d3c82c2278b44a + +info: + name: > + Recently viewed and most viewed products <= 1.1.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61ec0e78-b367-438f-929d-94e055c83477?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recently-viewed-and-most-viewed-products/" + google-query: inurl:"/wp-content/plugins/recently-viewed-and-most-viewed-products/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recently-viewed-and-most-viewed-products,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recently-viewed-and-most-viewed-products/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recently-viewed-and-most-viewed-products" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recently-viewed-products-270d399794c014b613fbaaf0f85e4480.yaml b/nuclei-templates/cve-less/plugins/recently-viewed-products-270d399794c014b613fbaaf0f85e4480.yaml new file mode 100644 index 0000000000..461786731c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recently-viewed-products-270d399794c014b613fbaaf0f85e4480.yaml @@ -0,0 +1,58 @@ +id: recently-viewed-products-270d399794c014b613fbaaf0f85e4480 + +info: + name: > + Recently Viewed Products <= 1.0.0 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46f31a60-0a0e-449d-a10a-3cafd0492a9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recently-viewed-products/" + google-query: inurl:"/wp-content/plugins/recently-viewed-products/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recently-viewed-products,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recently-viewed-products/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recently-viewed-products" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recipe-card-blocks-by-wpzoom-6fb42790ec406c67546f572fbaa70d56.yaml b/nuclei-templates/cve-less/plugins/recipe-card-blocks-by-wpzoom-6fb42790ec406c67546f572fbaa70d56.yaml new file mode 100644 index 0000000000..b378d848e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recipe-card-blocks-by-wpzoom-6fb42790ec406c67546f572fbaa70d56.yaml @@ -0,0 +1,58 @@ +id: recipe-card-blocks-by-wpzoom-6fb42790ec406c67546f572fbaa70d56 + +info: + name: > + Recipe Card Blocks by WPZOOM <= 2.8.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f6ece0e-7c7c-4c9b-b860-3b279e98c087?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recipe-card-blocks-by-wpzoom/" + google-query: inurl:"/wp-content/plugins/recipe-card-blocks-by-wpzoom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recipe-card-blocks-by-wpzoom,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recipe-card-blocks-by-wpzoom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recipe-card-blocks-by-wpzoom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recipe-card-blocks-by-wpzoom-9e09c516a2b7ded06b65b8f77bf8db84.yaml b/nuclei-templates/cve-less/plugins/recipe-card-blocks-by-wpzoom-9e09c516a2b7ded06b65b8f77bf8db84.yaml new file mode 100644 index 0000000000..81c97ee436 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recipe-card-blocks-by-wpzoom-9e09c516a2b7ded06b65b8f77bf8db84.yaml @@ -0,0 +1,58 @@ +id: recipe-card-blocks-by-wpzoom-9e09c516a2b7ded06b65b8f77bf8db84 + +info: + name: > + Recipe Card Blocks by WPZOOM <= 2.8.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff9c424c-f37f-4c30-aa95-da597008cbb2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recipe-card-blocks-by-wpzoom/" + google-query: inurl:"/wp-content/plugins/recipe-card-blocks-by-wpzoom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recipe-card-blocks-by-wpzoom,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recipe-card-blocks-by-wpzoom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recipe-card-blocks-by-wpzoom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recipes-writer-f1d9f474bbf4576d12894725bd74f389.yaml b/nuclei-templates/cve-less/plugins/recipes-writer-f1d9f474bbf4576d12894725bd74f389.yaml new file mode 100644 index 0000000000..2e7d14aa0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recipes-writer-f1d9f474bbf4576d12894725bd74f389.yaml @@ -0,0 +1,58 @@ +id: recipes-writer-f1d9f474bbf4576d12894725bd74f389 + +info: + name: > + Recipes Writer <= 1.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5fa2f02-4a81-4d49-b473-7447cd371244?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recipes-writer/" + google-query: inurl:"/wp-content/plugins/recipes-writer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recipes-writer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recipes-writer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recipes-writer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reciply-2c837883e1f56cbaae8104fe350db484.yaml b/nuclei-templates/cve-less/plugins/reciply-2c837883e1f56cbaae8104fe350db484.yaml new file mode 100644 index 0000000000..ae3b00c86b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reciply-2c837883e1f56cbaae8104fe350db484.yaml @@ -0,0 +1,58 @@ +id: reciply-2c837883e1f56cbaae8104fe350db484 + +info: + name: > + Recip.ly <= 1.1.7 - Unauthenticated Arbitrary File Upload in uploadImage.php + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/068da172-629d-422a-bcd5-1b73af2a5933?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reciply/" + google-query: inurl:"/wp-content/plugins/reciply/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reciply,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reciply/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reciply" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recommend-a-friend-acf04354988365754f4760bff4f381fb.yaml b/nuclei-templates/cve-less/plugins/recommend-a-friend-acf04354988365754f4760bff4f381fb.yaml new file mode 100644 index 0000000000..0839662441 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recommend-a-friend-acf04354988365754f4760bff4f381fb.yaml @@ -0,0 +1,58 @@ +id: recommend-a-friend-acf04354988365754f4760bff4f381fb + +info: + name: > + Recommend to a friend <= 2.2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8c66ddd-8a01-40e0-8893-668551b527d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recommend-a-friend/" + google-query: inurl:"/wp-content/plugins/recommend-a-friend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recommend-a-friend,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recommend-a-friend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recommend-a-friend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/recommended-products-edd-2d450de1fce5683a098921397bf9fd03.yaml b/nuclei-templates/cve-less/plugins/recommended-products-edd-2d450de1fce5683a098921397bf9fd03.yaml new file mode 100644 index 0000000000..d5e9c5023d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/recommended-products-edd-2d450de1fce5683a098921397bf9fd03.yaml @@ -0,0 +1,58 @@ +id: recommended-products-edd-2d450de1fce5683a098921397bf9fd03 + +info: + name: > + Easy Digital Downloads – Recommended Products <= 1.2.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05131b5d-3837-4679-920b-8fadf74a69c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/recommended-products-edd/" + google-query: inurl:"/wp-content/plugins/recommended-products-edd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,recommended-products-edd,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/recommended-products-edd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "recommended-products-edd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-0efa8cbd8c22916066d2b5e7e99436b6.yaml b/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-0efa8cbd8c22916066d2b5e7e99436b6.yaml new file mode 100644 index 0000000000..7ee778a455 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-0efa8cbd8c22916066d2b5e7e99436b6.yaml @@ -0,0 +1,58 @@ +id: redi-restaurant-reservation-0efa8cbd8c22916066d2b5e7e99436b6 + +info: + name: > + ReDi Restaurant Reservation <= 24.0128 - Cross-Site Request Forgery via redi_restaurant_admin_options_page() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4945931f-764d-45cf-9157-5dddfb264086?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redi-restaurant-reservation/" + google-query: inurl:"/wp-content/plugins/redi-restaurant-reservation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redi-restaurant-reservation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redi-restaurant-reservation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redi-restaurant-reservation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 24.0128') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-1c7545a8e1d8674632497b398a1210a7.yaml b/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-1c7545a8e1d8674632497b398a1210a7.yaml new file mode 100644 index 0000000000..4132969608 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-1c7545a8e1d8674632497b398a1210a7.yaml @@ -0,0 +1,58 @@ +id: redi-restaurant-reservation-1c7545a8e1d8674632497b398a1210a7 + +info: + name: > + ReDi Restaurant Reservation <= 24.0128 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5811e36d-9457-4460-af92-046ddef41114?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redi-restaurant-reservation/" + google-query: inurl:"/wp-content/plugins/redi-restaurant-reservation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redi-restaurant-reservation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redi-restaurant-reservation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redi-restaurant-reservation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 24.0128') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-1c7d356f69acd16bb266c8cb14441fbb.yaml b/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-1c7d356f69acd16bb266c8cb14441fbb.yaml new file mode 100644 index 0000000000..24a2121a77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-1c7d356f69acd16bb266c8cb14441fbb.yaml @@ -0,0 +1,58 @@ +id: redi-restaurant-reservation-1c7d356f69acd16bb266c8cb14441fbb + +info: + name: > + ReDi Restaurant Reservation <= 21.0307 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e0384c0-9b34-4af8-af86-75ef1e8d933b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redi-restaurant-reservation/" + google-query: inurl:"/wp-content/plugins/redi-restaurant-reservation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redi-restaurant-reservation,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redi-restaurant-reservation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redi-restaurant-reservation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.0307') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-3b4de27e05fc461ccdbc713207442ee6.yaml b/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-3b4de27e05fc461ccdbc713207442ee6.yaml new file mode 100644 index 0000000000..69dbfc80b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-3b4de27e05fc461ccdbc713207442ee6.yaml @@ -0,0 +1,58 @@ +id: redi-restaurant-reservation-3b4de27e05fc461ccdbc713207442ee6 + +info: + name: > + ReDi Restaurant Reservation <= 24.0128 - Cross-Site Request Forgery via redi_restaurant_admin_options_page() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f2c3819-2247-4ef7-b177-cc98cbf5eae3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redi-restaurant-reservation/" + google-query: inurl:"/wp-content/plugins/redi-restaurant-reservation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redi-restaurant-reservation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redi-restaurant-reservation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redi-restaurant-reservation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 24.0128') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-804968d490234b5a152e19bbec2ea599.yaml b/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-804968d490234b5a152e19bbec2ea599.yaml new file mode 100644 index 0000000000..8a704fc0e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redi-restaurant-reservation-804968d490234b5a152e19bbec2ea599.yaml @@ -0,0 +1,58 @@ +id: redi-restaurant-reservation-804968d490234b5a152e19bbec2ea599 + +info: + name: > + ReDi Restaurant Reservation <= 23.0211 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7ebf975-0fa7-43cd-a4fe-99284ad3aaf6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redi-restaurant-reservation/" + google-query: inurl:"/wp-content/plugins/redi-restaurant-reservation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redi-restaurant-reservation,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redi-restaurant-reservation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redi-restaurant-reservation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 23.0211') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirect-404-error-page-to-homepage-or-custom-page-20764e34dd96746ac27cacdf816c512f.yaml b/nuclei-templates/cve-less/plugins/redirect-404-error-page-to-homepage-or-custom-page-20764e34dd96746ac27cacdf816c512f.yaml new file mode 100644 index 0000000000..a6b68ba064 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirect-404-error-page-to-homepage-or-custom-page-20764e34dd96746ac27cacdf816c512f.yaml @@ -0,0 +1,58 @@ +id: redirect-404-error-page-to-homepage-or-custom-page-20764e34dd96746ac27cacdf816c512f + +info: + name: > + Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.8.7 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59ec4bbd-5192-45f8-8cfc-d43858b46901?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirect-404-error-page-to-homepage-or-custom-page/" + google-query: inurl:"/wp-content/plugins/redirect-404-error-page-to-homepage-or-custom-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirect-404-error-page-to-homepage-or-custom-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirect-404-error-page-to-homepage-or-custom-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirect-404-error-page-to-homepage-or-custom-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirect-404-error-page-to-homepage-or-custom-page-9e45d93bc20aa1ba4a07ca72cfe37e3f.yaml b/nuclei-templates/cve-less/plugins/redirect-404-error-page-to-homepage-or-custom-page-9e45d93bc20aa1ba4a07ca72cfe37e3f.yaml new file mode 100644 index 0000000000..b80d05dfcb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirect-404-error-page-to-homepage-or-custom-page-9e45d93bc20aa1ba4a07ca72cfe37e3f.yaml @@ -0,0 +1,58 @@ +id: redirect-404-error-page-to-homepage-or-custom-page-9e45d93bc20aa1ba4a07ca72cfe37e3f + +info: + name: > + Redirect 404 Error Page to Homepage or Custom Page with Logs <= 1.7.8 - Log Deletion via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4ac5738-0ebe-480a-b2b7-f0568d668fa6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirect-404-error-page-to-homepage-or-custom-page/" + google-query: inurl:"/wp-content/plugins/redirect-404-error-page-to-homepage-or-custom-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirect-404-error-page-to-homepage-or-custom-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirect-404-error-page-to-homepage-or-custom-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirect-404-error-page-to-homepage-or-custom-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirect-404-to-parent-bc6654f724ab34dab168398ec4971081.yaml b/nuclei-templates/cve-less/plugins/redirect-404-to-parent-bc6654f724ab34dab168398ec4971081.yaml new file mode 100644 index 0000000000..824e10bc84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirect-404-to-parent-bc6654f724ab34dab168398ec4971081.yaml @@ -0,0 +1,58 @@ +id: redirect-404-to-parent-bc6654f724ab34dab168398ec4971081 + +info: + name: > + Redirect 404 to parent < 1.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5a6724-e860-410e-8a3d-c26d9bc7e842?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirect-404-to-parent/" + google-query: inurl:"/wp-content/plugins/redirect-404-to-parent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirect-404-to-parent,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirect-404-to-parent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirect-404-to-parent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirect-after-login-47522a4a3dc3a65ace6791fdc8ad2676.yaml b/nuclei-templates/cve-less/plugins/redirect-after-login-47522a4a3dc3a65ace6791fdc8ad2676.yaml new file mode 100644 index 0000000000..e67f76ad46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirect-after-login-47522a4a3dc3a65ace6791fdc8ad2676.yaml @@ -0,0 +1,58 @@ +id: redirect-after-login-47522a4a3dc3a65ace6791fdc8ad2676 + +info: + name: > + Redirect After Login <= 0.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad1a79f3-274f-4a33-a752-669c09c2d47d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirect-after-login/" + google-query: inurl:"/wp-content/plugins/redirect-after-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirect-after-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirect-after-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirect-after-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-25a10466c42d47292b8a71c862e9a26a.yaml new file mode 100644 index 0000000000..0383640ee0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirect-redirection-25a10466c42d47292b8a71c862e9a26a.yaml @@ -0,0 +1,58 @@ +id: redirect-redirection-25a10466c42d47292b8a71c862e9a26a + +info: + name: > + Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirect-redirection/" + google-query: inurl:"/wp-content/plugins/redirect-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirect-redirection,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirect-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirect-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-6ac56b73dfbde68009426ab1366ff6c2.yaml new file mode 100644 index 0000000000..8ef6ed1527 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirect-redirection-6ac56b73dfbde68009426ab1366ff6c2.yaml @@ -0,0 +1,58 @@ +id: redirect-redirection-6ac56b73dfbde68009426ab1366ff6c2 + +info: + name: > + Inisev Analyst Module <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirect-redirection/" + google-query: inurl:"/wp-content/plugins/redirect-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirect-redirection,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirect-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirect-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-b61ef24ab5fc8a9d1e6c1708a630e28a.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-b61ef24ab5fc8a9d1e6c1708a630e28a.yaml new file mode 100644 index 0000000000..c15a222a83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirect-redirection-b61ef24ab5fc8a9d1e6c1708a630e28a.yaml @@ -0,0 +1,58 @@ +id: redirect-redirection-b61ef24ab5fc8a9d1e6c1708a630e28a + +info: + name: > + Redirection <= 1.1.4 - Cross-Site Request Forgery to Plugin Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18a41bef-feed-4096-a1f4-9c99caac6ce9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirect-redirection/" + google-query: inurl:"/wp-content/plugins/redirect-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirect-redirection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirect-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirect-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-c451f687ef3559dbeeebe92c1e87ed44.yaml new file mode 100644 index 0000000000..d3918f4d28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirect-redirection-c451f687ef3559dbeeebe92c1e87ed44.yaml @@ -0,0 +1,58 @@ +id: redirect-redirection-c451f687ef3559dbeeebe92c1e87ed44 + +info: + name: > + Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirect-redirection/" + google-query: inurl:"/wp-content/plugins/redirect-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirect-redirection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirect-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirect-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirect-redirection-cd01191c441182857b674a67ee885426.yaml b/nuclei-templates/cve-less/plugins/redirect-redirection-cd01191c441182857b674a67ee885426.yaml new file mode 100644 index 0000000000..ba669e5d05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirect-redirection-cd01191c441182857b674a67ee885426.yaml @@ -0,0 +1,58 @@ +id: redirect-redirection-cd01191c441182857b674a67ee885426 + +info: + name: > + Redirect Redirection <= 1.1.3 - Cross-Site Request Forgery via 'addRedirect' function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a70e291-1bc9-44ad-91a2-cf0624bb8d88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirect-redirection/" + google-query: inurl:"/wp-content/plugins/redirect-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirect-redirection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirect-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirect-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirection-660c79b80e87c9453730e77d4013c8f0.yaml b/nuclei-templates/cve-less/plugins/redirection-660c79b80e87c9453730e77d4013c8f0.yaml new file mode 100644 index 0000000000..df9cd623a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirection-660c79b80e87c9453730e77d4013c8f0.yaml @@ -0,0 +1,58 @@ +id: redirection-660c79b80e87c9453730e77d4013c8f0 + +info: + name: > + Redirection <= 2.7.3 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e81cbe3-1310-4f6f-ae42-8d09b321657a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirection/" + google-query: inurl:"/wp-content/plugins/redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirection,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirection-85fb58f3784e72234e673d2c8f294c3c.yaml b/nuclei-templates/cve-less/plugins/redirection-85fb58f3784e72234e673d2c8f294c3c.yaml new file mode 100644 index 0000000000..f5b9834449 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirection-85fb58f3784e72234e673d2c8f294c3c.yaml @@ -0,0 +1,58 @@ +id: redirection-85fb58f3784e72234e673d2c8f294c3c + +info: + name: > + Redirection <= 2.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5e6d73c-0fa7-4ae2-be3b-5ab8f1721aa6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirection/" + google-query: inurl:"/wp-content/plugins/redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirection-a476ca04014656ec0e898375af56f461.yaml b/nuclei-templates/cve-less/plugins/redirection-a476ca04014656ec0e898375af56f461.yaml new file mode 100644 index 0000000000..d396831ecc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirection-a476ca04014656ec0e898375af56f461.yaml @@ -0,0 +1,58 @@ +id: redirection-a476ca04014656ec0e898375af56f461 + +info: + name: > + Redirection < 2.2.12 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fd13b18-63e6-4af2-a224-d87ad3a70dba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirection/" + google-query: inurl:"/wp-content/plugins/redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirection-c050cce5edc786cc76c2f3dcee80f148.yaml b/nuclei-templates/cve-less/plugins/redirection-c050cce5edc786cc76c2f3dcee80f148.yaml new file mode 100644 index 0000000000..581521a286 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirection-c050cce5edc786cc76c2f3dcee80f148.yaml @@ -0,0 +1,58 @@ +id: redirection-c050cce5edc786cc76c2f3dcee80f148 + +info: + name: > + Redirection <= 2.2.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5d39e9b-9753-4c87-8576-982f6744912f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirection/" + google-query: inurl:"/wp-content/plugins/redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirection,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirection-page-8319ea5020d449067d1800ef0c846413.yaml b/nuclei-templates/cve-less/plugins/redirection-page-8319ea5020d449067d1800ef0c846413.yaml new file mode 100644 index 0000000000..bf6d91c75f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirection-page-8319ea5020d449067d1800ef0c846413.yaml @@ -0,0 +1,58 @@ +id: redirection-page-8319ea5020d449067d1800ef0c846413 + +info: + name: > + Redirection Page <= 1.2 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65869722-1147-4fdd-a844-944c51a07f2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirection-page/" + google-query: inurl:"/wp-content/plugins/redirection-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirection-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirection-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirection-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirects-05abcb4b1243c795ddc0ecd996fc16e3.yaml b/nuclei-templates/cve-less/plugins/redirects-05abcb4b1243c795ddc0ecd996fc16e3.yaml new file mode 100644 index 0000000000..b4efbf907b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirects-05abcb4b1243c795ddc0ecd996fc16e3.yaml @@ -0,0 +1,58 @@ +id: redirects-05abcb4b1243c795ddc0ecd996fc16e3 + +info: + name: > + Redirects <= 1.2.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/903161b0-b64c-4986-8c94-b90221bc911b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirects/" + google-query: inurl:"/wp-content/plugins/redirects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirects,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redirects-b6235d62fa0b8b99245758e77840a37a.yaml b/nuclei-templates/cve-less/plugins/redirects-b6235d62fa0b8b99245758e77840a37a.yaml new file mode 100644 index 0000000000..1bffcec672 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redirects-b6235d62fa0b8b99245758e77840a37a.yaml @@ -0,0 +1,58 @@ +id: redirects-b6235d62fa0b8b99245758e77840a37a + +info: + name: > + Redirects <= 1.2.1 - Missing Authorization via save + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c6be7f2-5526-4fba-9fe0-003b8460c926?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redirects/" + google-query: inurl:"/wp-content/plugins/redirects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redirects,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redirects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redirects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redux-framework-97e559b0ee0d8f7ed9a23afb1d3a5dfd.yaml b/nuclei-templates/cve-less/plugins/redux-framework-97e559b0ee0d8f7ed9a23afb1d3a5dfd.yaml new file mode 100644 index 0000000000..49cce676b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redux-framework-97e559b0ee0d8f7ed9a23afb1d3a5dfd.yaml @@ -0,0 +1,58 @@ +id: redux-framework-97e559b0ee0d8f7ed9a23afb1d3a5dfd + +info: + name: > + Gutenberg Template Library & Redux Framework <= 4.2.11 - Missing Authorization to Sensitive Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5c2a74-c1e8-4381-8d0d-66a2ed3b937e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redux-framework/" + google-query: inurl:"/wp-content/plugins/redux-framework/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redux-framework,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redux-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redux-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/redux-framework-d3c0e78a7ab3eab8df864917b272700d.yaml b/nuclei-templates/cve-less/plugins/redux-framework-d3c0e78a7ab3eab8df864917b272700d.yaml new file mode 100644 index 0000000000..13dcf042bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/redux-framework-d3c0e78a7ab3eab8df864917b272700d.yaml @@ -0,0 +1,58 @@ +id: redux-framework-d3c0e78a7ab3eab8df864917b272700d + +info: + name: > + Gutenberg Template Library & Redux Framework <= 4.2.1 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ba556d0-48f9-4953-a5aa-876284e56360?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/redux-framework/" + google-query: inurl:"/wp-content/plugins/redux-framework/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,redux-framework,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/redux-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redux-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/refer-a-friend-widget-for-wp-80e870552d1f61c00ccba36553924e99.yaml b/nuclei-templates/cve-less/plugins/refer-a-friend-widget-for-wp-80e870552d1f61c00ccba36553924e99.yaml new file mode 100644 index 0000000000..cd8e9c58b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/refer-a-friend-widget-for-wp-80e870552d1f61c00ccba36553924e99.yaml @@ -0,0 +1,58 @@ +id: refer-a-friend-widget-for-wp-80e870552d1f61c00ccba36553924e99 + +info: + name: > + WordPress InviteBox Plugin <= 1.4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e88afde4-6920-4086-940e-34b4a4ee30c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/refer-a-friend-widget-for-wp/" + google-query: inurl:"/wp-content/plugins/refer-a-friend-widget-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,refer-a-friend-widget-for-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/refer-a-friend-widget-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "refer-a-friend-widget-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reflex-gallery-2a835a9354c731a6c02faf265cb4e924.yaml b/nuclei-templates/cve-less/plugins/reflex-gallery-2a835a9354c731a6c02faf265cb4e924.yaml new file mode 100644 index 0000000000..953025642b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reflex-gallery-2a835a9354c731a6c02faf265cb4e924.yaml @@ -0,0 +1,58 @@ +id: reflex-gallery-2a835a9354c731a6c02faf265cb4e924 + +info: + name: > + ReFlex Gallery » WordPress Photo Gallery < 3.1.4 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44e54ac5-8091-4154-a14c-5cd67647f722?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reflex-gallery/" + google-query: inurl:"/wp-content/plugins/reflex-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reflex-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reflex-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reflex-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reflex-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/reflex-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..1b3b4ef61d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reflex-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: reflex-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reflex-gallery/" + google-query: inurl:"/wp-content/plugins/reflex-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reflex-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reflex-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reflex-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reflex-gallery-e4da0c9bf6d9952b4ed3e7efbc293bab.yaml b/nuclei-templates/cve-less/plugins/reflex-gallery-e4da0c9bf6d9952b4ed3e7efbc293bab.yaml new file mode 100644 index 0000000000..23d59f8b2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reflex-gallery-e4da0c9bf6d9952b4ed3e7efbc293bab.yaml @@ -0,0 +1,58 @@ +id: reflex-gallery-e4da0c9bf6d9952b4ed3e7efbc293bab + +info: + name: > + ReFlex Gallery < 1.4.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa3e27ca-8837-4cd8-a233-ad1eed365f7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reflex-gallery/" + google-query: inurl:"/wp-content/plugins/reflex-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reflex-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reflex-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reflex-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/regenerate-post-permalinks-41b1f3d72a4299f7246fbd213ebf002e.yaml b/nuclei-templates/cve-less/plugins/regenerate-post-permalinks-41b1f3d72a4299f7246fbd213ebf002e.yaml new file mode 100644 index 0000000000..1ae9141d45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/regenerate-post-permalinks-41b1f3d72a4299f7246fbd213ebf002e.yaml @@ -0,0 +1,58 @@ +id: regenerate-post-permalinks-41b1f3d72a4299f7246fbd213ebf002e + +info: + name: > + Regenerate post permalink <= 1.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63fb6727-8225-481c-8252-0224577a9560?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/regenerate-post-permalinks/" + google-query: inurl:"/wp-content/plugins/regenerate-post-permalinks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,regenerate-post-permalinks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/regenerate-post-permalinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "regenerate-post-permalinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/register-plus-b96c1d6a7bd0352b636fe37d13da471d.yaml b/nuclei-templates/cve-less/plugins/register-plus-b96c1d6a7bd0352b636fe37d13da471d.yaml new file mode 100644 index 0000000000..4280e8ebd1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/register-plus-b96c1d6a7bd0352b636fe37d13da471d.yaml @@ -0,0 +1,58 @@ +id: register-plus-b96c1d6a7bd0352b636fe37d13da471d + +info: + name: > + Register Plus <= 3.5.11 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22f58318-90ce-4f98-991c-1270d6768f5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/register-plus/" + google-query: inurl:"/wp-content/plugins/register-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,register-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/register-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "register-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/register-plus-d04743501a9b489b050663d074da392e.yaml b/nuclei-templates/cve-less/plugins/register-plus-d04743501a9b489b050663d074da392e.yaml new file mode 100644 index 0000000000..75ef0cf9a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/register-plus-d04743501a9b489b050663d074da392e.yaml @@ -0,0 +1,58 @@ +id: register-plus-d04743501a9b489b050663d074da392e + +info: + name: > + Register Plus <= 3.5.11 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11043029-1b77-4e18-bdd8-fca2eadc6901?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/register-plus/" + google-query: inurl:"/wp-content/plugins/register-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,register-plus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/register-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "register-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/registrations-for-the-events-calendar-6258eabd3d155e4cfa6307428f5a26a2.yaml b/nuclei-templates/cve-less/plugins/registrations-for-the-events-calendar-6258eabd3d155e4cfa6307428f5a26a2.yaml new file mode 100644 index 0000000000..8929b14f61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/registrations-for-the-events-calendar-6258eabd3d155e4cfa6307428f5a26a2.yaml @@ -0,0 +1,58 @@ +id: registrations-for-the-events-calendar-6258eabd3d155e4cfa6307428f5a26a2 + +info: + name: > + Registrations for The Events Calendar <= 2.7.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a515d9-dc4c-4755-b602-a9eb22f8e814?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/registrations-for-the-events-calendar/" + google-query: inurl:"/wp-content/plugins/registrations-for-the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,registrations-for-the-events-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/registrations-for-the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "registrations-for-the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/registrations-for-the-events-calendar-ea140c5960098a8a84aefd6da22f5e70.yaml b/nuclei-templates/cve-less/plugins/registrations-for-the-events-calendar-ea140c5960098a8a84aefd6da22f5e70.yaml new file mode 100644 index 0000000000..157b42f868 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/registrations-for-the-events-calendar-ea140c5960098a8a84aefd6da22f5e70.yaml @@ -0,0 +1,58 @@ +id: registrations-for-the-events-calendar-ea140c5960098a8a84aefd6da22f5e70 + +info: + name: > + Registrations for the Events Calendar <= 2.7.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8c18081-1ee3-4072-89f1-b6eb1518916e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/registrations-for-the-events-calendar/" + google-query: inurl:"/wp-content/plugins/registrations-for-the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,registrations-for-the-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/registrations-for-the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "registrations-for-the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/registrations-for-the-events-calendar-f0fbd94801917d7779c8532e6d8fde24.yaml b/nuclei-templates/cve-less/plugins/registrations-for-the-events-calendar-f0fbd94801917d7779c8532e6d8fde24.yaml new file mode 100644 index 0000000000..a629e498d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/registrations-for-the-events-calendar-f0fbd94801917d7779c8532e6d8fde24.yaml @@ -0,0 +1,58 @@ +id: registrations-for-the-events-calendar-f0fbd94801917d7779c8532e6d8fde24 + +info: + name: > + Registrations for the Events Calendar <= 2.7.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c455509-9cbb-4a77-b28f-921beeeede0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/registrations-for-the-events-calendar/" + google-query: inurl:"/wp-content/plugins/registrations-for-the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,registrations-for-the-events-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/registrations-for-the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "registrations-for-the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/regpack-6c7076324759f17d9672657f46020f5a.yaml b/nuclei-templates/cve-less/plugins/regpack-6c7076324759f17d9672657f46020f5a.yaml new file mode 100644 index 0000000000..57f5729017 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/regpack-6c7076324759f17d9672657f46020f5a.yaml @@ -0,0 +1,58 @@ +id: regpack-6c7076324759f17d9672657f46020f5a + +info: + name: > + Regpack <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3cdc0ba-d28f-488c-a703-f9d880f0582e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/regpack/" + google-query: inurl:"/wp-content/plugins/regpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,regpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/regpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "regpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rehub-framework-5f2b7d6e36647de882c9475f5d8d8b2a.yaml b/nuclei-templates/cve-less/plugins/rehub-framework-5f2b7d6e36647de882c9475f5d8d8b2a.yaml new file mode 100644 index 0000000000..08c9e3bc03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rehub-framework-5f2b7d6e36647de882c9475f5d8d8b2a.yaml @@ -0,0 +1,58 @@ +id: rehub-framework-5f2b7d6e36647de882c9475f5d8d8b2a + +info: + name: > + REHub Framework < 19.6.2 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/947626b4-c640-4b45-8186-2ed4ff7c2c18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rehub-framework/" + google-query: inurl:"/wp-content/plugins/rehub-framework/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rehub-framework,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rehub-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rehub-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 19.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/related-post-a1b975d388fb5bea73a488037353b7d6.yaml b/nuclei-templates/cve-less/plugins/related-post-a1b975d388fb5bea73a488037353b7d6.yaml new file mode 100644 index 0000000000..cdfced2c2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/related-post-a1b975d388fb5bea73a488037353b7d6.yaml @@ -0,0 +1,58 @@ +id: related-post-a1b975d388fb5bea73a488037353b7d6 + +info: + name: > + Related Post <= 2.0.53 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f08ca5e3-8b48-4333-9c42-cc103d40394c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/related-post/" + google-query: inurl:"/wp-content/plugins/related-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,related-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/related-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "related-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.53') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/related-posts-04095bed8429464e27d2a70bb8ef316a.yaml b/nuclei-templates/cve-less/plugins/related-posts-04095bed8429464e27d2a70bb8ef316a.yaml new file mode 100644 index 0000000000..a18cb9e789 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/related-posts-04095bed8429464e27d2a70bb8ef316a.yaml @@ -0,0 +1,58 @@ +id: related-posts-04095bed8429464e27d2a70bb8ef316a + +info: + name: > + Related Posts <= 1.8.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa34fdd1-5a04-43c6-a005-17be1256b09e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/related-posts/" + google-query: inurl:"/wp-content/plugins/related-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,related-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/related-posts-8bd8a9f5ca37f9921800c559c58dbf6b.yaml b/nuclei-templates/cve-less/plugins/related-posts-8bd8a9f5ca37f9921800c559c58dbf6b.yaml new file mode 100644 index 0000000000..def08f5af6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/related-posts-8bd8a9f5ca37f9921800c559c58dbf6b.yaml @@ -0,0 +1,58 @@ +id: related-posts-8bd8a9f5ca37f9921800c559c58dbf6b + +info: + name: > + Related Posts < 2.7.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71463210-d65f-4a6c-ab5f-ebaafebb83e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/related-posts/" + google-query: inurl:"/wp-content/plugins/related-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,related-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/related-posts-by-zemanta-58ad613c40728469546ff0c459432f85.yaml b/nuclei-templates/cve-less/plugins/related-posts-by-zemanta-58ad613c40728469546ff0c459432f85.yaml new file mode 100644 index 0000000000..6492458543 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/related-posts-by-zemanta-58ad613c40728469546ff0c459432f85.yaml @@ -0,0 +1,58 @@ +id: related-posts-by-zemanta-58ad613c40728469546ff0c459432f85 + +info: + name: > + Related Posts by Zemanta <= 1.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73878d57-dd94-41d7-a26a-47c8e6eac0fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/related-posts-by-zemanta/" + google-query: inurl:"/wp-content/plugins/related-posts-by-zemanta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,related-posts-by-zemanta,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/related-posts-by-zemanta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "related-posts-by-zemanta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/related-posts-for-wp-34814d2dfa1715ce58f0048a1692ce5e.yaml b/nuclei-templates/cve-less/plugins/related-posts-for-wp-34814d2dfa1715ce58f0048a1692ce5e.yaml new file mode 100644 index 0000000000..88ce669d64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/related-posts-for-wp-34814d2dfa1715ce58f0048a1692ce5e.yaml @@ -0,0 +1,58 @@ +id: related-posts-for-wp-34814d2dfa1715ce58f0048a1692ce5e + +info: + name: > + Related Posts for WordPress <= 2.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a5d9290-b480-45f7-9ac7-a20475b805e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/related-posts-for-wp/" + google-query: inurl:"/wp-content/plugins/related-posts-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,related-posts-for-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/related-posts-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "related-posts-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/related-posts-for-wp-38bcc8fc23f5e64dd2298c12f27f47b2.yaml b/nuclei-templates/cve-less/plugins/related-posts-for-wp-38bcc8fc23f5e64dd2298c12f27f47b2.yaml new file mode 100644 index 0000000000..51ff6e956a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/related-posts-for-wp-38bcc8fc23f5e64dd2298c12f27f47b2.yaml @@ -0,0 +1,58 @@ +id: related-posts-for-wp-38bcc8fc23f5e64dd2298c12f27f47b2 + +info: + name: > + Related Posts for WordPress <= 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/797c2c60-51bd-4992-86fc-23fda363ad76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/related-posts-for-wp/" + google-query: inurl:"/wp-content/plugins/related-posts-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,related-posts-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/related-posts-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "related-posts-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/related-posts-for-wp-3d9e0203f0bc8c54067f868dba02e8ff.yaml b/nuclei-templates/cve-less/plugins/related-posts-for-wp-3d9e0203f0bc8c54067f868dba02e8ff.yaml new file mode 100644 index 0000000000..4a2c754b95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/related-posts-for-wp-3d9e0203f0bc8c54067f868dba02e8ff.yaml @@ -0,0 +1,58 @@ +id: related-posts-for-wp-3d9e0203f0bc8c54067f868dba02e8ff + +info: + name: > + Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/related-posts-for-wp/" + google-query: inurl:"/wp-content/plugins/related-posts-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,related-posts-for-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/related-posts-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "related-posts-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/related-posts-for-wp-83b73a058cb79d602447680b268132d1.yaml b/nuclei-templates/cve-less/plugins/related-posts-for-wp-83b73a058cb79d602447680b268132d1.yaml new file mode 100644 index 0000000000..40cf5203ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/related-posts-for-wp-83b73a058cb79d602447680b268132d1.yaml @@ -0,0 +1,58 @@ +id: related-posts-for-wp-83b73a058cb79d602447680b268132d1 + +info: + name: > + Related Posts for WordPress <= 2.0.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f63bf296-b34c-4f89-90eb-bba2a0461d57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/related-posts-for-wp/" + google-query: inurl:"/wp-content/plugins/related-posts-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,related-posts-for-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/related-posts-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "related-posts-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/related-sites-089422f3c866882a628baf83e48ef51c.yaml b/nuclei-templates/cve-less/plugins/related-sites-089422f3c866882a628baf83e48ef51c.yaml new file mode 100644 index 0000000000..6573f17f93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/related-sites-089422f3c866882a628baf83e48ef51c.yaml @@ -0,0 +1,58 @@ +id: related-sites-089422f3c866882a628baf83e48ef51c + +info: + name: > + Related Sites <= 2.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9970f9e5-ca20-4424-a501-9c8186ede497?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/related-sites/" + google-query: inurl:"/wp-content/plugins/related-sites/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,related-sites,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/related-sites/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "related-sites" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/related-youtube-videos-d32864ffc345a5bdea6ab7e2b3b9981b.yaml b/nuclei-templates/cve-less/plugins/related-youtube-videos-d32864ffc345a5bdea6ab7e2b3b9981b.yaml new file mode 100644 index 0000000000..5b559c8dea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/related-youtube-videos-d32864ffc345a5bdea6ab7e2b3b9981b.yaml @@ -0,0 +1,58 @@ +id: related-youtube-videos-d32864ffc345a5bdea6ab7e2b3b9981b + +info: + name: > + Related YouTube Videos <= 1.9.8 - Cross-site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1375ac68-31e4-4473-9757-bd86411c716f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/related-youtube-videos/" + google-query: inurl:"/wp-content/plugins/related-youtube-videos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,related-youtube-videos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/related-youtube-videos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "related-youtube-videos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevanssi-13c50b13a503600e0189283b0a2ceddd.yaml b/nuclei-templates/cve-less/plugins/relevanssi-13c50b13a503600e0189283b0a2ceddd.yaml new file mode 100644 index 0000000000..f5ce5c1231 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevanssi-13c50b13a503600e0189283b0a2ceddd.yaml @@ -0,0 +1,58 @@ +id: relevanssi-13c50b13a503600e0189283b0a2ceddd + +info: + name: > + Relevanssi – A Better Search <= 3.5.7.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/624a87c7-d43e-48d5-8489-d4f7b3ea10da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevanssi/" + google-query: inurl:"/wp-content/plugins/relevanssi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevanssi,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevanssi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevanssi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevanssi-459e9e8ff0ce6dbbd756036aacf40336.yaml b/nuclei-templates/cve-less/plugins/relevanssi-459e9e8ff0ce6dbbd756036aacf40336.yaml new file mode 100644 index 0000000000..104d5a4480 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevanssi-459e9e8ff0ce6dbbd756036aacf40336.yaml @@ -0,0 +1,58 @@ +id: relevanssi-459e9e8ff0ce6dbbd756036aacf40336 + +info: + name: > + Relevanssi – A Better Search <= 4.22.0 - Missing Authorization to Unauthenticated Query Log Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevanssi/" + google-query: inurl:"/wp-content/plugins/relevanssi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevanssi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevanssi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevanssi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.22.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevanssi-54a6c2fc6f1decd20e0ec9cd229454ec.yaml b/nuclei-templates/cve-less/plugins/relevanssi-54a6c2fc6f1decd20e0ec9cd229454ec.yaml new file mode 100644 index 0000000000..defac8bb60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevanssi-54a6c2fc6f1decd20e0ec9cd229454ec.yaml @@ -0,0 +1,58 @@ +id: relevanssi-54a6c2fc6f1decd20e0ec9cd229454ec + +info: + name: > + Relevanssi <= 4.21.2 (Free) and < 2.25.0 (Premium) - Missing Authorization to Unauthorized Post Access + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f6df8cf-6f64-46b9-ab83-3898484c2679?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevanssi/" + google-query: inurl:"/wp-content/plugins/relevanssi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevanssi,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevanssi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevanssi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.21.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevanssi-88fcfbe0235fbfcf5894d075044bc4db.yaml b/nuclei-templates/cve-less/plugins/relevanssi-88fcfbe0235fbfcf5894d075044bc4db.yaml new file mode 100644 index 0000000000..f70055156c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevanssi-88fcfbe0235fbfcf5894d075044bc4db.yaml @@ -0,0 +1,58 @@ +id: relevanssi-88fcfbe0235fbfcf5894d075044bc4db + +info: + name: > + Relevanssi <= 4.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/592867de-17b5-4461-a479-ecfbbef55a0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevanssi/" + google-query: inurl:"/wp-content/plugins/relevanssi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevanssi,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevanssi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevanssi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevanssi-9456cea40ce6ea28f05bb2ff20b05594.yaml b/nuclei-templates/cve-less/plugins/relevanssi-9456cea40ce6ea28f05bb2ff20b05594.yaml new file mode 100644 index 0000000000..108f1d8b78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevanssi-9456cea40ce6ea28f05bb2ff20b05594.yaml @@ -0,0 +1,58 @@ +id: relevanssi-9456cea40ce6ea28f05bb2ff20b05594 + +info: + name: > + Relevanssi – A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9960bae9-6f19-49eb-8f24-fdde4933671e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevanssi/" + google-query: inurl:"/wp-content/plugins/relevanssi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevanssi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevanssi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevanssi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.22.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevanssi-984a23521e50b74e0baafc6841353e19.yaml b/nuclei-templates/cve-less/plugins/relevanssi-984a23521e50b74e0baafc6841353e19.yaml new file mode 100644 index 0000000000..d81d8bf3de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevanssi-984a23521e50b74e0baafc6841353e19.yaml @@ -0,0 +1,58 @@ +id: relevanssi-984a23521e50b74e0baafc6841353e19 + +info: + name: > + Relevanssi – A Better Search < 3.3.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a864ff-2c0e-40c3-8c4e-dc034d8838b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevanssi/" + google-query: inurl:"/wp-content/plugins/relevanssi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevanssi,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevanssi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevanssi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevanssi-b595d6fc7446c3f09ff44c55f79ffecc.yaml b/nuclei-templates/cve-less/plugins/relevanssi-b595d6fc7446c3f09ff44c55f79ffecc.yaml new file mode 100644 index 0000000000..cbbc961953 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevanssi-b595d6fc7446c3f09ff44c55f79ffecc.yaml @@ -0,0 +1,58 @@ +id: relevanssi-b595d6fc7446c3f09ff44c55f79ffecc + +info: + name: > + Relevanssi – A Better Search <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e625130f-8e21-4baf-9d3c-4cbb806b9e52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevanssi/" + google-query: inurl:"/wp-content/plugins/relevanssi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevanssi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevanssi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevanssi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.22.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevanssi-premium-3770a5a68072ae899f0f18af895e3c7e.yaml b/nuclei-templates/cve-less/plugins/relevanssi-premium-3770a5a68072ae899f0f18af895e3c7e.yaml new file mode 100644 index 0000000000..7af2e60dfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevanssi-premium-3770a5a68072ae899f0f18af895e3c7e.yaml @@ -0,0 +1,58 @@ +id: relevanssi-premium-3770a5a68072ae899f0f18af895e3c7e + +info: + name: > + Relevanssi Premium < 1.14.6.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/342b2e81-fb26-416a-8f3d-4bc221260228?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevanssi-premium/" + google-query: inurl:"/wp-content/plugins/relevanssi-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevanssi-premium,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevanssi-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevanssi-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.14.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevanssi-premium-54a6c2fc6f1decd20e0ec9cd229454ec.yaml b/nuclei-templates/cve-less/plugins/relevanssi-premium-54a6c2fc6f1decd20e0ec9cd229454ec.yaml new file mode 100644 index 0000000000..b3895213fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevanssi-premium-54a6c2fc6f1decd20e0ec9cd229454ec.yaml @@ -0,0 +1,58 @@ +id: relevanssi-premium-54a6c2fc6f1decd20e0ec9cd229454ec + +info: + name: > + Relevanssi <= 4.21.2 (Free) and < 2.25.0 (Premium) - Missing Authorization to Unauthorized Post Access + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f6df8cf-6f64-46b9-ab83-3898484c2679?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevanssi-premium/" + google-query: inurl:"/wp-content/plugins/relevanssi-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevanssi-premium,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevanssi-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevanssi-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.25.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevanssi-premium-9456cea40ce6ea28f05bb2ff20b05594.yaml b/nuclei-templates/cve-less/plugins/relevanssi-premium-9456cea40ce6ea28f05bb2ff20b05594.yaml new file mode 100644 index 0000000000..273618bf70 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevanssi-premium-9456cea40ce6ea28f05bb2ff20b05594.yaml @@ -0,0 +1,58 @@ +id: relevanssi-premium-9456cea40ce6ea28f05bb2ff20b05594 + +info: + name: > + Relevanssi – A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9960bae9-6f19-49eb-8f24-fdde4933671e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevanssi-premium/" + google-query: inurl:"/wp-content/plugins/relevanssi-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevanssi-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevanssi-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevanssi-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevanssi-premium-b595d6fc7446c3f09ff44c55f79ffecc.yaml b/nuclei-templates/cve-less/plugins/relevanssi-premium-b595d6fc7446c3f09ff44c55f79ffecc.yaml new file mode 100644 index 0000000000..5693a1e860 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevanssi-premium-b595d6fc7446c3f09ff44c55f79ffecc.yaml @@ -0,0 +1,58 @@ +id: relevanssi-premium-b595d6fc7446c3f09ff44c55f79ffecc + +info: + name: > + Relevanssi – A Better Search <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e625130f-8e21-4baf-9d3c-4cbb806b9e52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevanssi-premium/" + google-query: inurl:"/wp-content/plugins/relevanssi-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevanssi-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevanssi-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevanssi-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relevant-c81d2be092773595df7e11c3e43455e6.yaml b/nuclei-templates/cve-less/plugins/relevant-c81d2be092773595df7e11c3e43455e6.yaml new file mode 100644 index 0000000000..12b0ee57c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relevant-c81d2be092773595df7e11c3e43455e6.yaml @@ -0,0 +1,58 @@ +id: relevant-c81d2be092773595df7e11c3e43455e6 + +info: + name: > + Relevant – Related, Featured, Latest, and Popular Posts by BestWebSoft <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09ee6179-8071-4628-9d2b-dfbb32ef1804?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relevant/" + google-query: inurl:"/wp-content/plugins/relevant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relevant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relevant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relevant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/relocate-upload-f2e5b32595ebb4e1010770520fb235a0.yaml b/nuclei-templates/cve-less/plugins/relocate-upload-f2e5b32595ebb4e1010770520fb235a0.yaml new file mode 100644 index 0000000000..6395b97ad2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/relocate-upload-f2e5b32595ebb4e1010770520fb235a0.yaml @@ -0,0 +1,58 @@ +id: relocate-upload-f2e5b32595ebb4e1010770520fb235a0 + +info: + name: > + Relocate Upload < 0.20 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb629dfc-1be2-4a56-907f-0b5c64cc066e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/relocate-upload/" + google-query: inurl:"/wp-content/plugins/relocate-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,relocate-upload,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/relocate-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "relocate-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/remote-content-shortcode-894688b32a41816c9ef521e84f097274.yaml b/nuclei-templates/cve-less/plugins/remote-content-shortcode-894688b32a41816c9ef521e84f097274.yaml new file mode 100644 index 0000000000..b9a06b568f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/remote-content-shortcode-894688b32a41816c9ef521e84f097274.yaml @@ -0,0 +1,58 @@ +id: remote-content-shortcode-894688b32a41816c9ef521e84f097274 + +info: + name: > + Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1568e8d-9ea5-4673-a657-03e89cfb6000?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/remote-content-shortcode/" + google-query: inurl:"/wp-content/plugins/remote-content-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,remote-content-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/remote-content-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "remote-content-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/remove-add-to-cart-woocommerce-7470db0dc31ae4a970e3b604671601cb.yaml b/nuclei-templates/cve-less/plugins/remove-add-to-cart-woocommerce-7470db0dc31ae4a970e3b604671601cb.yaml new file mode 100644 index 0000000000..105992ef71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/remove-add-to-cart-woocommerce-7470db0dc31ae4a970e3b604671601cb.yaml @@ -0,0 +1,58 @@ +id: remove-add-to-cart-woocommerce-7470db0dc31ae4a970e3b604671601cb + +info: + name: > + Remove Add to Cart WooCommerce <= 1.4.4 - Cross-Site Request Forgery to Settings Modification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4938c1be-2356-4a9c-9795-108a2d5a6cc7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/remove-add-to-cart-woocommerce/" + google-query: inurl:"/wp-content/plugins/remove-add-to-cart-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,remove-add-to-cart-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/remove-add-to-cart-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "remove-add-to-cart-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/remove-cpt-base-47c8baaa723b461feba125f5d75cdf5b.yaml b/nuclei-templates/cve-less/plugins/remove-cpt-base-47c8baaa723b461feba125f5d75cdf5b.yaml new file mode 100644 index 0000000000..b06662dc26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/remove-cpt-base-47c8baaa723b461feba125f5d75cdf5b.yaml @@ -0,0 +1,58 @@ +id: remove-cpt-base-47c8baaa723b461feba125f5d75cdf5b + +info: + name: > + Remove CPT base <= 5.8 - Cross-Site Request Forgery to CPT base deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a4e8dbe-9889-43b1-8e15-e96791b13093?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/remove-cpt-base/" + google-query: inurl:"/wp-content/plugins/remove-cpt-base/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,remove-cpt-base,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/remove-cpt-base/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "remove-cpt-base" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/remove-duplicate-posts-f208b8c044d71b8d44e9868aaf03997a.yaml b/nuclei-templates/cve-less/plugins/remove-duplicate-posts-f208b8c044d71b8d44e9868aaf03997a.yaml new file mode 100644 index 0000000000..f195da1420 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/remove-duplicate-posts-f208b8c044d71b8d44e9868aaf03997a.yaml @@ -0,0 +1,58 @@ +id: remove-duplicate-posts-f208b8c044d71b8d44e9868aaf03997a + +info: + name: > + Remove Duplicate Posts <= 1.3.5 - Missing Authorization to Post Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02dcf609-e8ef-4ff5-a61e-6c513af04ca2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/remove-duplicate-posts/" + google-query: inurl:"/wp-content/plugins/remove-duplicate-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,remove-duplicate-posts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/remove-duplicate-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "remove-duplicate-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/remove-footer-credit-012dc707b39ddca593987305dcc50476.yaml b/nuclei-templates/cve-less/plugins/remove-footer-credit-012dc707b39ddca593987305dcc50476.yaml new file mode 100644 index 0000000000..8769a69d8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/remove-footer-credit-012dc707b39ddca593987305dcc50476.yaml @@ -0,0 +1,58 @@ +id: remove-footer-credit-012dc707b39ddca593987305dcc50476 + +info: + name: > + Remove Footer Credit <= 1.0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d97ba75a-278d-4239-bfcf-53b5396fe321?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/remove-footer-credit/" + google-query: inurl:"/wp-content/plugins/remove-footer-credit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,remove-footer-credit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/remove-footer-credit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "remove-footer-credit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/remove-footer-credit-028fc092b08e0b0008553cd7b4eaeaf7.yaml b/nuclei-templates/cve-less/plugins/remove-footer-credit-028fc092b08e0b0008553cd7b4eaeaf7.yaml new file mode 100644 index 0000000000..1b3ca7966f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/remove-footer-credit-028fc092b08e0b0008553cd7b4eaeaf7.yaml @@ -0,0 +1,58 @@ +id: remove-footer-credit-028fc092b08e0b0008553cd7b4eaeaf7 + +info: + name: > + Remove Footer Credit <= 1.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/526a1b9c-953b-4ad7-91e1-d2e480b967ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/remove-footer-credit/" + google-query: inurl:"/wp-content/plugins/remove-footer-credit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,remove-footer-credit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/remove-footer-credit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "remove-footer-credit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/remove-footer-credit-3996e754fae7512574e32b3cc63b1ef7.yaml b/nuclei-templates/cve-less/plugins/remove-footer-credit-3996e754fae7512574e32b3cc63b1ef7.yaml new file mode 100644 index 0000000000..6befa0a2fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/remove-footer-credit-3996e754fae7512574e32b3cc63b1ef7.yaml @@ -0,0 +1,58 @@ +id: remove-footer-credit-3996e754fae7512574e32b3cc63b1ef7 + +info: + name: > + Remove Footer Credit <= 1.0.10 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cde35356-daba-47ff-9278-21447337f0c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/remove-footer-credit/" + google-query: inurl:"/wp-content/plugins/remove-footer-credit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,remove-footer-credit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/remove-footer-credit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "remove-footer-credit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/remove-old-slugspermalinks-ad02b35bda70a416277656d231f43211.yaml b/nuclei-templates/cve-less/plugins/remove-old-slugspermalinks-ad02b35bda70a416277656d231f43211.yaml new file mode 100644 index 0000000000..ad8fce4c12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/remove-old-slugspermalinks-ad02b35bda70a416277656d231f43211.yaml @@ -0,0 +1,58 @@ +id: remove-old-slugspermalinks-ad02b35bda70a416277656d231f43211 + +info: + name: > + Slugs Manager <= 2.6.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1237f0b3-540a-4734-8966-4798799fef65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/remove-old-slugspermalinks/" + google-query: inurl:"/wp-content/plugins/remove-old-slugspermalinks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,remove-old-slugspermalinks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/remove-old-slugspermalinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "remove-old-slugspermalinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/remove-schema-d7e271a4d692214ae3d3d23271160c51.yaml b/nuclei-templates/cve-less/plugins/remove-schema-d7e271a4d692214ae3d3d23271160c51.yaml new file mode 100644 index 0000000000..656d62215c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/remove-schema-d7e271a4d692214ae3d3d23271160c51.yaml @@ -0,0 +1,58 @@ +id: remove-schema-d7e271a4d692214ae3d3d23271160c51 + +info: + name: > + Remove Schema <= 1.5 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89635463-966d-4f7d-995d-ad83a502d95b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/remove-schema/" + google-query: inurl:"/wp-content/plugins/remove-schema/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,remove-schema,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/remove-schema/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "remove-schema" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/remove-slug-from-custom-post-type-a6300420b047adf0811f5afe66cadf12.yaml b/nuclei-templates/cve-less/plugins/remove-slug-from-custom-post-type-a6300420b047adf0811f5afe66cadf12.yaml new file mode 100644 index 0000000000..a39cdd1e08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/remove-slug-from-custom-post-type-a6300420b047adf0811f5afe66cadf12.yaml @@ -0,0 +1,58 @@ +id: remove-slug-from-custom-post-type-a6300420b047adf0811f5afe66cadf12 + +info: + name: > + Remove slug from custom post type <= 1.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77cb14b1-d9e5-4296-ad8c-6642327ef310?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/remove-slug-from-custom-post-type/" + google-query: inurl:"/wp-content/plugins/remove-slug-from-custom-post-type/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,remove-slug-from-custom-post-type,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/remove-slug-from-custom-post-type/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "remove-slug-from-custom-post-type" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/removehide-author-date-category-like-entry-meta-3511a1c14fe55ddf7548121635409a76.yaml b/nuclei-templates/cve-less/plugins/removehide-author-date-category-like-entry-meta-3511a1c14fe55ddf7548121635409a76.yaml new file mode 100644 index 0000000000..ec2835758d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/removehide-author-date-category-like-entry-meta-3511a1c14fe55ddf7548121635409a76.yaml @@ -0,0 +1,58 @@ +id: removehide-author-date-category-like-entry-meta-3511a1c14fe55ddf7548121635409a76 + +info: + name: > + Remove/hide Author, Date, Category Like Entry-Meta <= 2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd0abdf2-24da-4e87-825b-0796af6c3ccd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/removehide-author-date-category-like-entry-meta/" + google-query: inurl:"/wp-content/plugins/removehide-author-date-category-like-entry-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,removehide-author-date-category-like-entry-meta,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/removehide-author-date-category-like-entry-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "removehide-author-date-category-like-entry-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rename-media-files-024b2767e265d1c0c5a095406c0967d5.yaml b/nuclei-templates/cve-less/plugins/rename-media-files-024b2767e265d1c0c5a095406c0967d5.yaml new file mode 100644 index 0000000000..46347d65d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rename-media-files-024b2767e265d1c0c5a095406c0967d5.yaml @@ -0,0 +1,58 @@ +id: rename-media-files-024b2767e265d1c0c5a095406c0967d5 + +info: + name: > + Rename Media Files <= 1.0.1 - Authenticated (Contributor+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c22c2c17-c9c5-46eb-877a-a49ccf1a74ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rename-media-files/" + google-query: inurl:"/wp-content/plugins/rename-media-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rename-media-files,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rename-media-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rename-media-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rename-wp-login-0c74520a6b922c051dd2e71bd71dde2f.yaml b/nuclei-templates/cve-less/plugins/rename-wp-login-0c74520a6b922c051dd2e71bd71dde2f.yaml new file mode 100644 index 0000000000..b4fe82afb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rename-wp-login-0c74520a6b922c051dd2e71bd71dde2f.yaml @@ -0,0 +1,58 @@ +id: rename-wp-login-0c74520a6b922c051dd2e71bd71dde2f + +info: + name: > + Rename wp-login.php <= 2.6.0 - Cross-Site Request Forgery & Unauthenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35be104a-15bc-489b-9806-9abe4ea2388a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rename-wp-login/" + google-query: inurl:"/wp-content/plugins/rename-wp-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rename-wp-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rename-wp-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rename-wp-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rencontre-112337a2e4900da8476bf23196ef2b93.yaml b/nuclei-templates/cve-less/plugins/rencontre-112337a2e4900da8476bf23196ef2b93.yaml new file mode 100644 index 0000000000..e6d3e8b357 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rencontre-112337a2e4900da8476bf23196ef2b93.yaml @@ -0,0 +1,58 @@ +id: rencontre-112337a2e4900da8476bf23196ef2b93 + +info: + name: > + Rencontre – Dating Site <= 3.10.1 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59be1fc7-2854-404d-8e9d-dd9bd26e6a2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rencontre/" + google-query: inurl:"/wp-content/plugins/rencontre/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rencontre,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rencontre/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rencontre" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rencontre-219b72efe5cc6f0e217f743d6fbc88d5.yaml b/nuclei-templates/cve-less/plugins/rencontre-219b72efe5cc6f0e217f743d6fbc88d5.yaml new file mode 100644 index 0000000000..f592b76c6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rencontre-219b72efe5cc6f0e217f743d6fbc88d5.yaml @@ -0,0 +1,58 @@ +id: rencontre-219b72efe5cc6f0e217f743d6fbc88d5 + +info: + name: > + Rencontre – Dating Site <= 3.11.1 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/722c35e5-4084-46a4-a3d4-c73f8e7a1882?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rencontre/" + google-query: inurl:"/wp-content/plugins/rencontre/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rencontre,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rencontre/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rencontre" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rencontre-5164636d32af20648741053f5b9caab7.yaml b/nuclei-templates/cve-less/plugins/rencontre-5164636d32af20648741053f5b9caab7.yaml new file mode 100644 index 0000000000..4011a1e44c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rencontre-5164636d32af20648741053f5b9caab7.yaml @@ -0,0 +1,58 @@ +id: rencontre-5164636d32af20648741053f5b9caab7 + +info: + name: > + Rencontre – Dating Site <= 3.1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebdac9a2-2114-4b3c-ab2f-bd461f2c648c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rencontre/" + google-query: inurl:"/wp-content/plugins/rencontre/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rencontre,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rencontre/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rencontre" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rencontre-71100afca944fcdf5852ccd8d5a09657.yaml b/nuclei-templates/cve-less/plugins/rencontre-71100afca944fcdf5852ccd8d5a09657.yaml new file mode 100644 index 0000000000..1531fce1b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rencontre-71100afca944fcdf5852ccd8d5a09657.yaml @@ -0,0 +1,58 @@ +id: rencontre-71100afca944fcdf5852ccd8d5a09657 + +info: + name: > + Rencontre – Dating Site <= 3.10.1 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1278291-9fef-40f5-a432-d96f4bed31fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rencontre/" + google-query: inurl:"/wp-content/plugins/rencontre/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rencontre,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rencontre/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rencontre" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rencontre-7116f21024cd4d3ec70934c93595bec9.yaml b/nuclei-templates/cve-less/plugins/rencontre-7116f21024cd4d3ec70934c93595bec9.yaml new file mode 100644 index 0000000000..e09f525608 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rencontre-7116f21024cd4d3ec70934c93595bec9.yaml @@ -0,0 +1,58 @@ +id: rencontre-7116f21024cd4d3ec70934c93595bec9 + +info: + name: > + Rencontre – Dating Site <= 3.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b8aef59-8d7a-4ffd-9619-9684a6e51e5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rencontre/" + google-query: inurl:"/wp-content/plugins/rencontre/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rencontre,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rencontre/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rencontre" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rentpress-4981ace1c6912438e6aebe6db5797df1.yaml b/nuclei-templates/cve-less/plugins/rentpress-4981ace1c6912438e6aebe6db5797df1.yaml new file mode 100644 index 0000000000..f458a63933 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rentpress-4981ace1c6912438e6aebe6db5797df1.yaml @@ -0,0 +1,58 @@ +id: rentpress-4981ace1c6912438e6aebe6db5797df1 + +info: + name: > + RentPress <= 6.6.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97e97825-8144-423c-ac4c-3c5ae0dbbb10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rentpress/" + google-query: inurl:"/wp-content/plugins/rentpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rentpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rentpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rentpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/replace-word-3a5045c6057ba75552aa877da967cc1d.yaml b/nuclei-templates/cve-less/plugins/replace-word-3a5045c6057ba75552aa877da967cc1d.yaml new file mode 100644 index 0000000000..1d891b1c73 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/replace-word-3a5045c6057ba75552aa877da967cc1d.yaml @@ -0,0 +1,58 @@ +id: replace-word-3a5045c6057ba75552aa877da967cc1d + +info: + name: > + Replace Word <= 2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75ddf732-ddb2-47ba-884a-477fcc6595b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/replace-word/" + google-query: inurl:"/wp-content/plugins/replace-word/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,replace-word,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/replace-word/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "replace-word" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/republish-old-posts-d08d72d9d704360392caeeb3caa1999d.yaml b/nuclei-templates/cve-less/plugins/republish-old-posts-d08d72d9d704360392caeeb3caa1999d.yaml new file mode 100644 index 0000000000..194b6e93cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/republish-old-posts-d08d72d9d704360392caeeb3caa1999d.yaml @@ -0,0 +1,58 @@ +id: republish-old-posts-d08d72d9d704360392caeeb3caa1999d + +info: + name: > + Republish Old Posts <= 1.21 - Cross-Site Request Forgery via rop_options_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e1db52a-3966-4e04-b0ed-08bda9ba1ff6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/republish-old-posts/" + google-query: inurl:"/wp-content/plugins/republish-old-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,republish-old-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/republish-old-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "republish-old-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/request-a-quote-9285c0881d2d0d11de4e3b3a24768c84.yaml b/nuclei-templates/cve-less/plugins/request-a-quote-9285c0881d2d0d11de4e3b3a24768c84.yaml new file mode 100644 index 0000000000..9561b6fedc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/request-a-quote-9285c0881d2d0d11de4e3b3a24768c84.yaml @@ -0,0 +1,58 @@ +id: request-a-quote-9285c0881d2d0d11de4e3b3a24768c84 + +info: + name: > + Request a Quote <= 2.3.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0482d9c6-aa74-4d47-885c-17f14b38be6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/request-a-quote/" + google-query: inurl:"/wp-content/plugins/request-a-quote/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,request-a-quote,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/request-a-quote/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "request-a-quote" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/request-a-quote-bd1e1a72d84e778ed0728f8ce93d9820.yaml b/nuclei-templates/cve-less/plugins/request-a-quote-bd1e1a72d84e778ed0728f8ce93d9820.yaml new file mode 100644 index 0000000000..fe13d3b343 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/request-a-quote-bd1e1a72d84e778ed0728f8ce93d9820.yaml @@ -0,0 +1,58 @@ +id: request-a-quote-bd1e1a72d84e778ed0728f8ce93d9820 + +info: + name: > + Request a Quote <= 2.3.8 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2a99b86-5eb8-438d-a040-68aba2ffa183?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/request-a-quote/" + google-query: inurl:"/wp-content/plugins/request-a-quote/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,request-a-quote,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/request-a-quote/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "request-a-quote" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/request-a-quote-d660fb4211ca4d5aa389748791b62abb.yaml b/nuclei-templates/cve-less/plugins/request-a-quote-d660fb4211ca4d5aa389748791b62abb.yaml new file mode 100644 index 0000000000..2a4ecf7cc7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/request-a-quote-d660fb4211ca4d5aa389748791b62abb.yaml @@ -0,0 +1,58 @@ +id: request-a-quote-d660fb4211ca4d5aa389748791b62abb + +info: + name: > + Request a Quote <= 2.3.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bf29d3d-98eb-40a7-88af-32b48e437572?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/request-a-quote/" + google-query: inurl:"/wp-content/plugins/request-a-quote/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,request-a-quote,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/request-a-quote/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "request-a-quote" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/request-a-quote-e78bafbef882a9c48928d514c06bbb3b.yaml b/nuclei-templates/cve-less/plugins/request-a-quote-e78bafbef882a9c48928d514c06bbb3b.yaml new file mode 100644 index 0000000000..a138943a69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/request-a-quote-e78bafbef882a9c48928d514c06bbb3b.yaml @@ -0,0 +1,58 @@ +id: request-a-quote-e78bafbef882a9c48928d514c06bbb3b + +info: + name: > + Request a Quote <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3504b703-b95b-4d22-8883-a575b398c9ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/request-a-quote/" + google-query: inurl:"/wp-content/plugins/request-a-quote/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,request-a-quote,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/request-a-quote/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "request-a-quote" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/resads-33b6f66391ce62eb7e838b36fc2b4558.yaml b/nuclei-templates/cve-less/plugins/resads-33b6f66391ce62eb7e838b36fc2b4558.yaml new file mode 100644 index 0000000000..1344bc7fb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/resads-33b6f66391ce62eb7e838b36fc2b4558.yaml @@ -0,0 +1,58 @@ +id: resads-33b6f66391ce62eb7e838b36fc2b4558 + +info: + name: > + ResAds < 1.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d634ba5c-842c-44d0-b919-01c297a779f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/resads/" + google-query: inurl:"/wp-content/plugins/resads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,resads,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/resads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "resads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rescue-shortcodes-dd783793d1579786f0da18d50db26b6a.yaml b/nuclei-templates/cve-less/plugins/rescue-shortcodes-dd783793d1579786f0da18d50db26b6a.yaml new file mode 100644 index 0000000000..e24e8c3492 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rescue-shortcodes-dd783793d1579786f0da18d50db26b6a.yaml @@ -0,0 +1,58 @@ +id: rescue-shortcodes-dd783793d1579786f0da18d50db26b6a + +info: + name: > + Rescue Shortcodes <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a11e7c9-f565-4a8c-895f-425c6654b5a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rescue-shortcodes/" + google-query: inurl:"/wp-content/plugins/rescue-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rescue-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rescue-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rescue-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/resend-welcome-email-9ad1bb5942489f3a5ae6b0ae145bf51a.yaml b/nuclei-templates/cve-less/plugins/resend-welcome-email-9ad1bb5942489f3a5ae6b0ae145bf51a.yaml new file mode 100644 index 0000000000..8b236fb8e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/resend-welcome-email-9ad1bb5942489f3a5ae6b0ae145bf51a.yaml @@ -0,0 +1,58 @@ +id: resend-welcome-email-9ad1bb5942489f3a5ae6b0ae145bf51a + +info: + name: > + Resend Welcome Email <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04567872-d4e3-43e9-88ca-6f60d135bb9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/resend-welcome-email/" + google-query: inurl:"/wp-content/plugins/resend-welcome-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,resend-welcome-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/resend-welcome-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "resend-welcome-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reservation-studio-widget-33be367e25256f8164e300b3a7daf9ad.yaml b/nuclei-templates/cve-less/plugins/reservation-studio-widget-33be367e25256f8164e300b3a7daf9ad.yaml new file mode 100644 index 0000000000..7e338c07ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reservation-studio-widget-33be367e25256f8164e300b3a7daf9ad.yaml @@ -0,0 +1,58 @@ +id: reservation-studio-widget-33be367e25256f8164e300b3a7daf9ad + +info: + name: > + Reservation.Studio widget <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7caa4c73-cf57-4f99-8bc6-6fd02308a58f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reservation-studio-widget/" + google-query: inurl:"/wp-content/plugins/reservation-studio-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reservation-studio-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reservation-studio-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reservation-studio-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reservation-studio-widget-f157822d9e859b87e8f345e48a1d0719.yaml b/nuclei-templates/cve-less/plugins/reservation-studio-widget-f157822d9e859b87e8f345e48a1d0719.yaml new file mode 100644 index 0000000000..af8f8eaa90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reservation-studio-widget-f157822d9e859b87e8f345e48a1d0719.yaml @@ -0,0 +1,58 @@ +id: reservation-studio-widget-f157822d9e859b87e8f345e48a1d0719 + +info: + name: > + Reservation.Studio widget <= 1.0.11 - Cross-Site Request Forgery via plugin settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/783e5794-0d74-4b7a-a1cd-2b834a50c50c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reservation-studio-widget/" + google-query: inurl:"/wp-content/plugins/reservation-studio-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reservation-studio-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reservation-studio-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reservation-studio-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/resize-at-upload-plus-a6af184da39fc0e8d8ed033eba477325.yaml b/nuclei-templates/cve-less/plugins/resize-at-upload-plus-a6af184da39fc0e8d8ed033eba477325.yaml new file mode 100644 index 0000000000..78eab28a12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/resize-at-upload-plus-a6af184da39fc0e8d8ed033eba477325.yaml @@ -0,0 +1,58 @@ +id: resize-at-upload-plus-a6af184da39fc0e8d8ed033eba477325 + +info: + name: > + Resize at Upload Plus <= 1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76af3f0a-2e35-4059-960c-09769459bc01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/resize-at-upload-plus/" + google-query: inurl:"/wp-content/plugins/resize-at-upload-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,resize-at-upload-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/resize-at-upload-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "resize-at-upload-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/resmushit-image-optimizer-0292116775ef708600542a7e8f86fd65.yaml b/nuclei-templates/cve-less/plugins/resmushit-image-optimizer-0292116775ef708600542a7e8f86fd65.yaml new file mode 100644 index 0000000000..a105bed927 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/resmushit-image-optimizer-0292116775ef708600542a7e8f86fd65.yaml @@ -0,0 +1,58 @@ +id: resmushit-image-optimizer-0292116775ef708600542a7e8f86fd65 + +info: + name: > + reSmush.it Image Optimizer <= 0.4.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8187c6eb-d962-48a7-bbe8-5949cfdefbce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/resmushit-image-optimizer/" + google-query: inurl:"/wp-content/plugins/resmushit-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,resmushit-image-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/resmushit-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "resmushit-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/resmushit-image-optimizer-69e740cf6c8c1abbdc55bae92d3a061a.yaml b/nuclei-templates/cve-less/plugins/resmushit-image-optimizer-69e740cf6c8c1abbdc55bae92d3a061a.yaml new file mode 100644 index 0000000000..90ae45ed3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/resmushit-image-optimizer-69e740cf6c8c1abbdc55bae92d3a061a.yaml @@ -0,0 +1,58 @@ +id: resmushit-image-optimizer-69e740cf6c8c1abbdc55bae92d3a061a + +info: + name: > + reSmush.it Image Optimizer <= 0.4.5 - Authenticated (Administrator+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b8042b0-83d3-417f-a5e0-43ff4f7648fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/resmushit-image-optimizer/" + google-query: inurl:"/wp-content/plugins/resmushit-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,resmushit-image-optimizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/resmushit-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "resmushit-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/resmushit-image-optimizer-e43bc5511341599f04f729dc760bab86.yaml b/nuclei-templates/cve-less/plugins/resmushit-image-optimizer-e43bc5511341599f04f729dc760bab86.yaml new file mode 100644 index 0000000000..9924437945 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/resmushit-image-optimizer-e43bc5511341599f04f729dc760bab86.yaml @@ -0,0 +1,58 @@ +id: resmushit-image-optimizer-e43bc5511341599f04f729dc760bab86 + +info: + name: > + reSmush.it <= 0.4.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c4e5c12-6f12-40cb-ac0a-389ad3715503?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/resmushit-image-optimizer/" + google-query: inurl:"/wp-content/plugins/resmushit-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,resmushit-image-optimizer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/resmushit-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "resmushit-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-add-ons-324f681dcc32f9cad80599a822ed178a.yaml b/nuclei-templates/cve-less/plugins/responsive-add-ons-324f681dcc32f9cad80599a822ed178a.yaml new file mode 100644 index 0000000000..722050e49d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-add-ons-324f681dcc32f9cad80599a822ed178a.yaml @@ -0,0 +1,58 @@ +id: responsive-add-ons-324f681dcc32f9cad80599a822ed178a + +info: + name: > + Responsive Ready Sites Importer <= 2.2.6 - Unprotected AJAX Actions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef0ab24-ec21-4d23-980d-71a23bf20f9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-add-ons/" + google-query: inurl:"/wp-content/plugins/responsive-add-ons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-add-ons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-add-ons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-add-ons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-category-slider-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/responsive-category-slider-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..01749cc0e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-category-slider-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: responsive-category-slider-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-category-slider/" + google-query: inurl:"/wp-content/plugins/responsive-category-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-category-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-category-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-category-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-column-widgets-21056c551dd1aeb9a76645f88361467f.yaml b/nuclei-templates/cve-less/plugins/responsive-column-widgets-21056c551dd1aeb9a76645f88361467f.yaml new file mode 100644 index 0000000000..bdb6381bc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-column-widgets-21056c551dd1aeb9a76645f88361467f.yaml @@ -0,0 +1,58 @@ +id: responsive-column-widgets-21056c551dd1aeb9a76645f88361467f + +info: + name: > + Responsive Column Widgets <= 1.2.7 - Reflected Cross-Site Scripting via tab + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d749c24c-0ed9-423b-872a-4771e9d8a2eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-column-widgets/" + google-query: inurl:"/wp-content/plugins/responsive-column-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-column-widgets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-column-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-column-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-column-widgets-28559d7c492fb8129804be5b16de6e2e.yaml b/nuclei-templates/cve-less/plugins/responsive-column-widgets-28559d7c492fb8129804be5b16de6e2e.yaml new file mode 100644 index 0000000000..4dfa0931d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-column-widgets-28559d7c492fb8129804be5b16de6e2e.yaml @@ -0,0 +1,58 @@ +id: responsive-column-widgets-28559d7c492fb8129804be5b16de6e2e + +info: + name: > + Responsive Column Widgets <= 1.2.7 - Open Redirect via responsive_column_widgets_link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a092266b-bd7f-424d-b8c4-d79e4811e6c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-column-widgets/" + google-query: inurl:"/wp-content/plugins/responsive-column-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-column-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-column-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-column-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-0362bdcef3a6a0f78140270dfd8f3247.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-0362bdcef3a6a0f78140270dfd8f3247.yaml new file mode 100644 index 0000000000..faa712dd9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-0362bdcef3a6a0f78140270dfd8f3247.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-0362bdcef3a6a0f78140270dfd8f3247 + +info: + name: > + Coming Soon Page & Maintenance Mode <= 2.2.1 - Maintenance Mode Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-5f71a5cbd6bba8194eb0fd13e3daceef.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-5f71a5cbd6bba8194eb0fd13e3daceef.yaml new file mode 100644 index 0000000000..5a9ceab979 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-5f71a5cbd6bba8194eb0fd13e3daceef.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-5f71a5cbd6bba8194eb0fd13e3daceef + +info: + name: > + Coming Soon Page & Maintenance Mode <= 1.8.1 - Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/738c6c77-97ef-4e47-9f14-9b73ea425bc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-d0a9eb1395b2d7adc32f3db9fd1a5b08.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-d0a9eb1395b2d7adc32f3db9fd1a5b08.yaml new file mode 100644 index 0000000000..b1ec6bb524 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-d0a9eb1395b2d7adc32f3db9fd1a5b08.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-d0a9eb1395b2d7adc32f3db9fd1a5b08 + +info: + name: > + Coming Soon Page & Maintenance Mode <= 1.8.1 - Unauthenticated Settings Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61fdc6e9-75ea-4226-9527-a5fd02efde70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-2fca652bdc1152658ff99e932f826e15.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-2fca652bdc1152658ff99e932f826e15.yaml new file mode 100644 index 0000000000..7dfe7e81e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-2fca652bdc1152658ff99e932f826e15.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-page-2fca652bdc1152658ff99e932f826e15 + +info: + name: > + Coming Soon < 1.1.19 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f947843-7a6f-48b0-b3cd-2f3dd1708898?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon-page/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-3e7642452405a4b08d52483d238d4dd9.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-3e7642452405a4b08d52483d238d4dd9.yaml new file mode 100644 index 0000000000..ccea158df1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-3e7642452405a4b08d52483d238d4dd9.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-page-3e7642452405a4b08d52483d238d4dd9 + +info: + name: > + Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via bg_color parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3891928-3780-426b-ae9c-e57b05ab3718?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon-page/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-3f9a61f980dbe211de3420fd4e108af4.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-3f9a61f980dbe211de3420fd4e108af4.yaml new file mode 100644 index 0000000000..675b7976dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-3f9a61f980dbe211de3420fd4e108af4.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-page-3f9a61f980dbe211de3420fd4e108af4 + +info: + name: > + Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via social_icon_1 parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb6e8f8-690a-49cb-ac00-f572bef8b8f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon-page/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-40faedf6e59dffdfc7f0e36dcf3aadb5.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-40faedf6e59dffdfc7f0e36dcf3aadb5.yaml new file mode 100644 index 0000000000..5fde5d4380 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-40faedf6e59dffdfc7f0e36dcf3aadb5.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-page-40faedf6e59dffdfc7f0e36dcf3aadb5 + +info: + name: > + Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via counter_title parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9eb829f2-c05f-4f81-85d0-2429fb515d33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon-page/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-6e94975f5a72379b4c113015c234f26e.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-6e94975f5a72379b4c113015c234f26e.yaml new file mode 100644 index 0000000000..6ccf8529a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-6e94975f5a72379b4c113015c234f26e.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-page-6e94975f5a72379b4c113015c234f26e + +info: + name: > + Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via button_text_link parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d7d8e85-c9cb-4fa5-9632-61f33048838d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon-page/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-90c5798f111069225c0a9b9bba314556.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-90c5798f111069225c0a9b9bba314556.yaml new file mode 100644 index 0000000000..1e402045f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-90c5798f111069225c0a9b9bba314556.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-page-90c5798f111069225c0a9b9bba314556 + +info: + name: > + Coming Soon Page <= 1.5.9 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a371489-031e-483e-9fde-3901b55710c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon-page/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-9a185bb7031cc9ee6aedfd50f633a1fb.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-9a185bb7031cc9ee6aedfd50f633a1fb.yaml new file mode 100644 index 0000000000..30dc976270 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-9a185bb7031cc9ee6aedfd50f633a1fb.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-page-9a185bb7031cc9ee6aedfd50f633a1fb + +info: + name: > + Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via logo_width parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae88e065-4601-4f0e-80a4-0f011bb0d347?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon-page/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-aeeb6c4c51959fc6de4f70bfbf031f53.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-aeeb6c4c51959fc6de4f70bfbf031f53.yaml new file mode 100644 index 0000000000..3c1a41c8c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-aeeb6c4c51959fc6de4f70bfbf031f53.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-page-aeeb6c4c51959fc6de4f70bfbf031f53 + +info: + name: > + Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via coming-soon_sub_title parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e57631c2-ad6c-4c8c-985e-948285058567?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon-page/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-c26b1839d934a6c01fe10cd6a0d67c39.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-c26b1839d934a6c01fe10cd6a0d67c39.yaml new file mode 100644 index 0000000000..5a4660b358 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-c26b1839d934a6c01fe10cd6a0d67c39.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-page-c26b1839d934a6c01fe10cd6a0d67c39 + +info: + name: > + Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Scripting via logo_height parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b8947a-6c87-4430-b62d-494863e18fdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon-page/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-c4c0b94844e7f594c58f973ae84c6505.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-c4c0b94844e7f594c58f973ae84c6505.yaml new file mode 100644 index 0000000000..88f83d490e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-c4c0b94844e7f594c58f973ae84c6505.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-page-c4c0b94844e7f594c58f973ae84c6505 + +info: + name: > + Coming Soon Page – Responsive Coming Soon & Maintenance Mode <= 1.1.18 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/910c3d74-63ed-476d-b014-659d7780260f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon-page/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-ff98de6f26943739c7dc560ade3e2c7d.yaml b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-ff98de6f26943739c7dc560ade3e2c7d.yaml new file mode 100644 index 0000000000..6d27b5b84e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-coming-soon-page-ff98de6f26943739c7dc560ade3e2c7d.yaml @@ -0,0 +1,58 @@ +id: responsive-coming-soon-page-ff98de6f26943739c7dc560ade3e2c7d + +info: + name: > + Coming Soon <= 1.1.18 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c24a03a-95d8-4354-bb26-8575d70f2253?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-coming-soon-page/" + google-query: inurl:"/wp-content/plugins/responsive-coming-soon-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-coming-soon-page,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-coming-soon-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-coming-soon-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-cookie-consent-d2ced4606aa87805c35fba9cf8d5be3f.yaml b/nuclei-templates/cve-less/plugins/responsive-cookie-consent-d2ced4606aa87805c35fba9cf8d5be3f.yaml new file mode 100644 index 0000000000..144f7ef53c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-cookie-consent-d2ced4606aa87805c35fba9cf8d5be3f.yaml @@ -0,0 +1,58 @@ +id: responsive-cookie-consent-d2ced4606aa87805c35fba9cf8d5be3f + +info: + name: > + Responsive Cookie Consent < 1.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66d70cf6-494f-4221-af3b-ee76cf22a305?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-cookie-consent/" + google-query: inurl:"/wp-content/plugins/responsive-cookie-consent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-cookie-consent,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-cookie-consent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-cookie-consent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-css-editor-f2d03c372af597128c556a16b6de11cf.yaml b/nuclei-templates/cve-less/plugins/responsive-css-editor-f2d03c372af597128c556a16b6de11cf.yaml new file mode 100644 index 0000000000..fdb4aa6789 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-css-editor-f2d03c372af597128c556a16b6de11cf.yaml @@ -0,0 +1,58 @@ +id: responsive-css-editor-f2d03c372af597128c556a16b6de11cf + +info: + name: > + Responsive CSS EDITOR <= 1.0 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60ffe162-5bcd-4ffc-af45-81240751bc62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-css-editor/" + google-query: inurl:"/wp-content/plugins/responsive-css-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-css-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-css-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-css-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-filterable-portfolio-0f725a315fbc29f28fcbc561372c708a.yaml b/nuclei-templates/cve-less/plugins/responsive-filterable-portfolio-0f725a315fbc29f28fcbc561372c708a.yaml new file mode 100644 index 0000000000..0c4d392d65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-filterable-portfolio-0f725a315fbc29f28fcbc561372c708a.yaml @@ -0,0 +1,58 @@ +id: responsive-filterable-portfolio-0f725a315fbc29f28fcbc561372c708a + +info: + name: > + Responsive Filterable Portfolio <= 1.0.19 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e67dfe0f-ac1c-4a78-bfc9-0cfd6c3040d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-filterable-portfolio/" + google-query: inurl:"/wp-content/plugins/responsive-filterable-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-filterable-portfolio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-filterable-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-filterable-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-gallery-grid-41e0b9bc5daa86f41c29f0c4deb81563.yaml b/nuclei-templates/cve-less/plugins/responsive-gallery-grid-41e0b9bc5daa86f41c29f0c4deb81563.yaml new file mode 100644 index 0000000000..58d2f0423c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-gallery-grid-41e0b9bc5daa86f41c29f0c4deb81563.yaml @@ -0,0 +1,58 @@ +id: responsive-gallery-grid-41e0b9bc5daa86f41c29f0c4deb81563 + +info: + name: > + Responsive Gallery Grid <= 2.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18455e08-6593-4835-bd72-beb04bda2930?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-gallery-grid/" + google-query: inurl:"/wp-content/plugins/responsive-gallery-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-gallery-grid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-gallery-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-gallery-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-gallery-grid-460458a06d8d211770e9a31930d7029e.yaml b/nuclei-templates/cve-less/plugins/responsive-gallery-grid-460458a06d8d211770e9a31930d7029e.yaml new file mode 100644 index 0000000000..4451b30e70 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-gallery-grid-460458a06d8d211770e9a31930d7029e.yaml @@ -0,0 +1,58 @@ +id: responsive-gallery-grid-460458a06d8d211770e9a31930d7029e + +info: + name: > + Responsive Gallery Grid <= 2.3.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3abe2de8-9127-4ef0-9194-cf331b20868a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-gallery-grid/" + google-query: inurl:"/wp-content/plugins/responsive-gallery-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-gallery-grid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-gallery-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-gallery-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-gallery-grid-a609881cbf31d06f5f3320cc98e71e76.yaml b/nuclei-templates/cve-less/plugins/responsive-gallery-grid-a609881cbf31d06f5f3320cc98e71e76.yaml new file mode 100644 index 0000000000..deafc348a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-gallery-grid-a609881cbf31d06f5f3320cc98e71e76.yaml @@ -0,0 +1,58 @@ +id: responsive-gallery-grid-a609881cbf31d06f5f3320cc98e71e76 + +info: + name: > + Responsive Gallery Grid <= 2.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5cc30d9-c73c-440d-a592-08e85270efdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-gallery-grid/" + google-query: inurl:"/wp-content/plugins/responsive-gallery-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-gallery-grid,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-gallery-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-gallery-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-header-image-slider-2196f2a72b0d78d150ae68d55da0fd92.yaml b/nuclei-templates/cve-less/plugins/responsive-header-image-slider-2196f2a72b0d78d150ae68d55da0fd92.yaml new file mode 100644 index 0000000000..41a368f5d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-header-image-slider-2196f2a72b0d78d150ae68d55da0fd92.yaml @@ -0,0 +1,58 @@ +id: responsive-header-image-slider-2196f2a72b0d78d150ae68d55da0fd92 + +info: + name: > + WP Responsive header image slider <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6953dea2-ca2d-4283-97c2-45c3420d9390?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-header-image-slider/" + google-query: inurl:"/wp-content/plugins/responsive-header-image-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-header-image-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-header-image-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-header-image-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-00eeb6c21c5d722501b60770e277f490.yaml b/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-00eeb6c21c5d722501b60770e277f490.yaml new file mode 100644 index 0000000000..5dde9501bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-00eeb6c21c5d722501b60770e277f490.yaml @@ -0,0 +1,58 @@ +id: responsive-horizontal-vertical-and-accordion-tabs-00eeb6c21c5d722501b60770e277f490 + +info: + name: > + WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8647005a-23ce-417f-9bdb-c54ac506942b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/" + google-query: inurl:"/wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-horizontal-vertical-and-accordion-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-horizontal-vertical-and-accordion-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-850e736734b165b9f53f31b41b925633.yaml b/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-850e736734b165b9f53f31b41b925633.yaml new file mode 100644 index 0000000000..b77bae5147 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-850e736734b165b9f53f31b41b925633.yaml @@ -0,0 +1,58 @@ +id: responsive-horizontal-vertical-and-accordion-tabs-850e736734b165b9f53f31b41b925633 + +info: + name: > + WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.15 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe54c37f-1421-48aa-b502-045847d13ae3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/" + google-query: inurl:"/wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-horizontal-vertical-and-accordion-tabs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-horizontal-vertical-and-accordion-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-950a4b8c92825a575ac3cedca47edcba.yaml b/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-950a4b8c92825a575ac3cedca47edcba.yaml new file mode 100644 index 0000000000..0470c21110 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-950a4b8c92825a575ac3cedca47edcba.yaml @@ -0,0 +1,58 @@ +id: responsive-horizontal-vertical-and-accordion-tabs-950a4b8c92825a575ac3cedca47edcba + +info: + name: > + WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96a7ebcb-3420-497c-80e6-54e42afe41a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/" + google-query: inurl:"/wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-horizontal-vertical-and-accordion-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-horizontal-vertical-and-accordion-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-beb8d0299f9b57d02b746cf7959b845d.yaml b/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-beb8d0299f9b57d02b746cf7959b845d.yaml new file mode 100644 index 0000000000..69d16c700e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-horizontal-vertical-and-accordion-tabs-beb8d0299f9b57d02b746cf7959b845d.yaml @@ -0,0 +1,58 @@ +id: responsive-horizontal-vertical-and-accordion-tabs-beb8d0299f9b57d02b746cf7959b845d + +info: + name: > + WP Responsive Tabs horizontal vertical and accordion Tabs <= 1.1.15 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de331d1d-b2f8-4cc6-a998-779595eca70c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/" + google-query: inurl:"/wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-horizontal-vertical-and-accordion-tabs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-horizontal-vertical-and-accordion-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-horizontal-vertical-and-accordion-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-lightbox-12fb9fdf8190804b70dbaba2fb2c9085.yaml b/nuclei-templates/cve-less/plugins/responsive-lightbox-12fb9fdf8190804b70dbaba2fb2c9085.yaml new file mode 100644 index 0000000000..ee681b6b90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-lightbox-12fb9fdf8190804b70dbaba2fb2c9085.yaml @@ -0,0 +1,58 @@ +id: responsive-lightbox-12fb9fdf8190804b70dbaba2fb2c9085 + +info: + name: > + Responsive Lightbox <= 2.4.5 - Authenticated (Author+) Stored Cross-Site Scripting via name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b60c1e2-5a4b-4a7a-8224-f1afd3888e08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-lightbox/" + google-query: inurl:"/wp-content/plugins/responsive-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-lightbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-lightbox-a59e139d7834d1f343a41f6f77f479a9.yaml b/nuclei-templates/cve-less/plugins/responsive-lightbox-a59e139d7834d1f343a41f6f77f479a9.yaml new file mode 100644 index 0000000000..e4b468821a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-lightbox-a59e139d7834d1f343a41f6f77f479a9.yaml @@ -0,0 +1,58 @@ +id: responsive-lightbox-a59e139d7834d1f343a41f6f77f479a9 + +info: + name: > + Responsive Lightbox <= 2.4.6 - Missing Authorization via Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ade377c4-c7aa-428d-b763-6e6fb6caee0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-lightbox/" + google-query: inurl:"/wp-content/plugins/responsive-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-lightbox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-lightbox-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/responsive-lightbox-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..06e86c4253 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-lightbox-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: responsive-lightbox-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-lightbox/" + google-query: inurl:"/wp-content/plugins/responsive-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-lightbox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-lightbox-d3aee972ef803bd73b594546fe5f08d6.yaml b/nuclei-templates/cve-less/plugins/responsive-lightbox-d3aee972ef803bd73b594546fe5f08d6.yaml new file mode 100644 index 0000000000..c74d1c964c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-lightbox-d3aee972ef803bd73b594546fe5f08d6.yaml @@ -0,0 +1,58 @@ +id: responsive-lightbox-d3aee972ef803bd73b594546fe5f08d6 + +info: + name: > + Responsive Lightbox & Gallery <= 1.7.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcce2857-5bc8-4bee-b218-45f56cb0184b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-lightbox/" + google-query: inurl:"/wp-content/plugins/responsive-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-lightbox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-lightbox2-85a882f3a47555e7fcebe3d512a6eae9.yaml b/nuclei-templates/cve-less/plugins/responsive-lightbox2-85a882f3a47555e7fcebe3d512a6eae9.yaml new file mode 100644 index 0000000000..f43f8b4c42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-lightbox2-85a882f3a47555e7fcebe3d512a6eae9.yaml @@ -0,0 +1,58 @@ +id: responsive-lightbox2-85a882f3a47555e7fcebe3d512a6eae9 + +info: + name: > + Responsive Lightbox2 <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a6debe9-e0bb-4ea7-be91-757a250515ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-lightbox2/" + google-query: inurl:"/wp-content/plugins/responsive-lightbox2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-lightbox2,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-lightbox2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-lightbox2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-logo-slideshow-8d120ab408475ea52678a65c5972ac37.yaml b/nuclei-templates/cve-less/plugins/responsive-logo-slideshow-8d120ab408475ea52678a65c5972ac37.yaml new file mode 100644 index 0000000000..3b5c18311a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-logo-slideshow-8d120ab408475ea52678a65c5972ac37.yaml @@ -0,0 +1,58 @@ +id: responsive-logo-slideshow-8d120ab408475ea52678a65c5972ac37 + +info: + name: > + Responsive Logo Slideshow < 1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db2d5cc4-70e9-4512-8004-b6735c2c3ee1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-logo-slideshow/" + google-query: inurl:"/wp-content/plugins/responsive-logo-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-logo-slideshow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-logo-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-logo-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-menu-05079d9697e3f59f6cb3b3fffd76d6cd.yaml b/nuclei-templates/cve-less/plugins/responsive-menu-05079d9697e3f59f6cb3b3fffd76d6cd.yaml new file mode 100644 index 0000000000..93275d9689 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-menu-05079d9697e3f59f6cb3b3fffd76d6cd.yaml @@ -0,0 +1,58 @@ +id: responsive-menu-05079d9697e3f59f6cb3b3fffd76d6cd + +info: + name: > + Responsive Menu <= 3.1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bcf22c7-bea5-4108-8fb4-ff9ff566c618?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-menu/" + google-query: inurl:"/wp-content/plugins/responsive-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-menu-35d0076e41c66587aa55b1dff00355a9.yaml b/nuclei-templates/cve-less/plugins/responsive-menu-35d0076e41c66587aa55b1dff00355a9.yaml new file mode 100644 index 0000000000..100470db2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-menu-35d0076e41c66587aa55b1dff00355a9.yaml @@ -0,0 +1,58 @@ +id: responsive-menu-35d0076e41c66587aa55b1dff00355a9 + +info: + name: > + Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Setting Modification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08ba0f2a-f3eb-4d79-abba-99e64df0fe4b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-menu/" + google-query: inurl:"/wp-content/plugins/responsive-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-menu-6e39ce305d8fc46246730df95c49bc5a.yaml b/nuclei-templates/cve-less/plugins/responsive-menu-6e39ce305d8fc46246730df95c49bc5a.yaml new file mode 100644 index 0000000000..de9b8bdadc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-menu-6e39ce305d8fc46246730df95c49bc5a.yaml @@ -0,0 +1,58 @@ +id: responsive-menu-6e39ce305d8fc46246730df95c49bc5a + +info: + name: > + Responsive Menu <= 4.1.7 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a56df440-a1ed-4c5a-ac9c-5ddeffb28e60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-menu/" + google-query: inurl:"/wp-content/plugins/responsive-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-menu-7361a0798b6e7d91e3483a810ae46200.yaml b/nuclei-templates/cve-less/plugins/responsive-menu-7361a0798b6e7d91e3483a810ae46200.yaml new file mode 100644 index 0000000000..f64b569d43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-menu-7361a0798b6e7d91e3483a810ae46200.yaml @@ -0,0 +1,58 @@ +id: responsive-menu-7361a0798b6e7d91e3483a810ae46200 + +info: + name: > + Responsive Menu <= 4.0.3 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ac47137-eecf-4f85-a29d-88a86b2a9c48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-menu/" + google-query: inurl:"/wp-content/plugins/responsive-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-menu-dfaadc66129d4ea285875cfb5037ccde.yaml b/nuclei-templates/cve-less/plugins/responsive-menu-dfaadc66129d4ea285875cfb5037ccde.yaml new file mode 100644 index 0000000000..4286e46f8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-menu-dfaadc66129d4ea285875cfb5037ccde.yaml @@ -0,0 +1,58 @@ +id: responsive-menu-dfaadc66129d4ea285875cfb5037ccde + +info: + name: > + Responsive Menu 4.0 - 4.0.3 - Authenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70d4041e-4b38-4be0-8e51-5a9db4d6c697?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-menu/" + google-query: inurl:"/wp-content/plugins/responsive-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.0', '< 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-slick-slider-62cee29d32c85b3a5dc1219c65c05aa1.yaml b/nuclei-templates/cve-less/plugins/responsive-slick-slider-62cee29d32c85b3a5dc1219c65c05aa1.yaml new file mode 100644 index 0000000000..880b5837a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-slick-slider-62cee29d32c85b3a5dc1219c65c05aa1.yaml @@ -0,0 +1,58 @@ +id: responsive-slick-slider-62cee29d32c85b3a5dc1219c65c05aa1 + +info: + name: > + Responsive Slick Slider WordPress <= 1.4 - Authenticated (Contributor+) Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c59f1784-da65-4e6d-b284-d65ee2196be9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-slick-slider/" + google-query: inurl:"/wp-content/plugins/responsive-slick-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-slick-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-slick-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-slick-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-tabs-1ad6aee2c1707dc46ec5695ab78feced.yaml b/nuclei-templates/cve-less/plugins/responsive-tabs-1ad6aee2c1707dc46ec5695ab78feced.yaml new file mode 100644 index 0000000000..88425743bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-tabs-1ad6aee2c1707dc46ec5695ab78feced.yaml @@ -0,0 +1,58 @@ +id: responsive-tabs-1ad6aee2c1707dc46ec5695ab78feced + +info: + name: > + Carousel Slider <= 2.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44a8b7fb-7c91-4a85-bf16-4371fde6945f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-tabs/" + google-query: inurl:"/wp-content/plugins/responsive-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-tabs-36493737cc718a786fc3dabd10944cc2.yaml b/nuclei-templates/cve-less/plugins/responsive-tabs-36493737cc718a786fc3dabd10944cc2.yaml new file mode 100644 index 0000000000..8bf6e7627c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-tabs-36493737cc718a786fc3dabd10944cc2.yaml @@ -0,0 +1,58 @@ +id: responsive-tabs-36493737cc718a786fc3dabd10944cc2 + +info: + name: > + Responsive Tabs <= 4.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b34a4aa-bcaa-4be5-a059-6f2efa3a8198?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-tabs/" + google-query: inurl:"/wp-content/plugins/responsive-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-tabs-7cfb9c8a38b02b5d1f8df2ea212c2f3b.yaml b/nuclei-templates/cve-less/plugins/responsive-tabs-7cfb9c8a38b02b5d1f8df2ea212c2f3b.yaml new file mode 100644 index 0000000000..4f4d67700b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-tabs-7cfb9c8a38b02b5d1f8df2ea212c2f3b.yaml @@ -0,0 +1,58 @@ +id: responsive-tabs-7cfb9c8a38b02b5d1f8df2ea212c2f3b + +info: + name: > + Responsive Tabs <= 4.0.5 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14b334ee-ab3b-4b18-a776-c0831c4ff855?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-tabs/" + google-query: inurl:"/wp-content/plugins/responsive-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-tabs-dd8a374519ab8fd8464df00ba9945d8b.yaml b/nuclei-templates/cve-less/plugins/responsive-tabs-dd8a374519ab8fd8464df00ba9945d8b.yaml new file mode 100644 index 0000000000..2b82c51502 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-tabs-dd8a374519ab8fd8464df00ba9945d8b.yaml @@ -0,0 +1,58 @@ +id: responsive-tabs-dd8a374519ab8fd8464df00ba9945d8b + +info: + name: > + Responsive Tabs < 4.0.6 - Authenticated (Contributor+) Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9af12ac-68ef-4c65-aecb-82ce7b927340?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-tabs/" + google-query: inurl:"/wp-content/plugins/responsive-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-tabs-for-wpbakery-daa26206b4813de7be1eac00b5b9eaa0.yaml b/nuclei-templates/cve-less/plugins/responsive-tabs-for-wpbakery-daa26206b4813de7be1eac00b5b9eaa0.yaml new file mode 100644 index 0000000000..875b77b3c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-tabs-for-wpbakery-daa26206b4813de7be1eac00b5b9eaa0.yaml @@ -0,0 +1,58 @@ +id: responsive-tabs-for-wpbakery-daa26206b4813de7be1eac00b5b9eaa0 + +info: + name: > + Responsive Tabs For WPBakery Page Builder <= 1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c3ddae-046a-4080-ac2b-90fb89fbff7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-tabs-for-wpbakery/" + google-query: inurl:"/wp-content/plugins/responsive-tabs-for-wpbakery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-tabs-for-wpbakery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-tabs-for-wpbakery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-tabs-for-wpbakery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsive-vector-maps-5fdd374f315987970f85f0248f2dd57a.yaml b/nuclei-templates/cve-less/plugins/responsive-vector-maps-5fdd374f315987970f85f0248f2dd57a.yaml new file mode 100644 index 0000000000..71dc9ec2b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsive-vector-maps-5fdd374f315987970f85f0248f2dd57a.yaml @@ -0,0 +1,58 @@ +id: responsive-vector-maps-5fdd374f315987970f85f0248f2dd57a + +info: + name: > + RVM - Responsive Vector Maps <= 6.4.1 - Subscriber+ Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e414a36f-7212-47b9-8e7f-6bf0ae6518af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsive-vector-maps/" + google-query: inurl:"/wp-content/plugins/responsive-vector-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsive-vector-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsive-vector-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive-vector-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/responsivevoice-text-to-speech-7dc366f5379f56890e8af348e04eb10f.yaml b/nuclei-templates/cve-less/plugins/responsivevoice-text-to-speech-7dc366f5379f56890e8af348e04eb10f.yaml new file mode 100644 index 0000000000..3d1492fede --- /dev/null +++ b/nuclei-templates/cve-less/plugins/responsivevoice-text-to-speech-7dc366f5379f56890e8af348e04eb10f.yaml @@ -0,0 +1,58 @@ +id: responsivevoice-text-to-speech-7dc366f5379f56890e8af348e04eb10f + +info: + name: > + ResponsiveVoice Text To Speech <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fc806fe-bf12-4e70-84a2-2027102e5b9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/responsivevoice-text-to-speech/" + google-query: inurl:"/wp-content/plugins/responsivevoice-text-to-speech/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,responsivevoice-text-to-speech,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/responsivevoice-text-to-speech/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsivevoice-text-to-speech" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rest-api-to-miniprogram-f45bff66b36c1cb9f233929a488ca421.yaml b/nuclei-templates/cve-less/plugins/rest-api-to-miniprogram-f45bff66b36c1cb9f233929a488ca421.yaml new file mode 100644 index 0000000000..77525487cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rest-api-to-miniprogram-f45bff66b36c1cb9f233929a488ca421.yaml @@ -0,0 +1,58 @@ +id: rest-api-to-miniprogram-f45bff66b36c1cb9f233929a488ca421 + +info: + name: > + REST API TO MiniProgram <= 4.6.8 - Authenticated (Subscriber+) Media Attachment Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/941cf3f8-20a0-4d41-8fce-1554653d98da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rest-api-to-miniprogram/" + google-query: inurl:"/wp-content/plugins/rest-api-to-miniprogram/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rest-api-to-miniprogram,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rest-api-to-miniprogram/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rest-api-to-miniprogram" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restaurant-cafe-addon-for-elementor-a27c4dd18076acddac4a93fd8d6716aa.yaml b/nuclei-templates/cve-less/plugins/restaurant-cafe-addon-for-elementor-a27c4dd18076acddac4a93fd8d6716aa.yaml new file mode 100644 index 0000000000..c20e4b1fa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restaurant-cafe-addon-for-elementor-a27c4dd18076acddac4a93fd8d6716aa.yaml @@ -0,0 +1,58 @@ +id: restaurant-cafe-addon-for-elementor-a27c4dd18076acddac4a93fd8d6716aa + +info: + name: > + Restaurant & Cafe Addon for Elementor <= 1.5.3 - Missing Authorization via multiple AJAX functions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad003d57-a573-473e-80a9-5bf60d42a707?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restaurant-cafe-addon-for-elementor/" + google-query: inurl:"/wp-content/plugins/restaurant-cafe-addon-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restaurant-cafe-addon-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restaurant-cafe-addon-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restaurant-cafe-addon-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restaurant-pickup-delivery-dine-in-fe4c4bb2122cdad1871934e83ec97820.yaml b/nuclei-templates/cve-less/plugins/restaurant-pickup-delivery-dine-in-fe4c4bb2122cdad1871934e83ec97820.yaml new file mode 100644 index 0000000000..84c711a2cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restaurant-pickup-delivery-dine-in-fe4c4bb2122cdad1871934e83ec97820.yaml @@ -0,0 +1,58 @@ +id: restaurant-pickup-delivery-dine-in-fe4c4bb2122cdad1871934e83ec97820 + +info: + name: > + Pickup | Delivery | Dine-in date time <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/936803ab-93d5-4808-8758-6b8f7c01b3c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restaurant-pickup-delivery-dine-in/" + google-query: inurl:"/wp-content/plugins/restaurant-pickup-delivery-dine-in/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restaurant-pickup-delivery-dine-in,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restaurant-pickup-delivery-dine-in/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restaurant-pickup-delivery-dine-in" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restaurant-reservations-2357694d03c405e4b8e1df1be34f5e9f.yaml b/nuclei-templates/cve-less/plugins/restaurant-reservations-2357694d03c405e4b8e1df1be34f5e9f.yaml new file mode 100644 index 0000000000..dea641af2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restaurant-reservations-2357694d03c405e4b8e1df1be34f5e9f.yaml @@ -0,0 +1,58 @@ +id: restaurant-reservations-2357694d03c405e4b8e1df1be34f5e9f + +info: + name: > + Five Star Restaurant Reservations <= 2.4.7 - Subscriber+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e61538-0bd9-4319-ba71-a72c9039f4d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restaurant-reservations/" + google-query: inurl:"/wp-content/plugins/restaurant-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restaurant-reservations,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restaurant-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restaurant-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restaurant-reservations-2e12923b4994409fb95da9b1bf700385.yaml b/nuclei-templates/cve-less/plugins/restaurant-reservations-2e12923b4994409fb95da9b1bf700385.yaml new file mode 100644 index 0000000000..bb675a5bc7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restaurant-reservations-2e12923b4994409fb95da9b1bf700385.yaml @@ -0,0 +1,58 @@ +id: restaurant-reservations-2e12923b4994409fb95da9b1bf700385 + +info: + name: > + Five Star Restaurant Reservations <= 2.6.16 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62a79a8e-905c-4bed-b24d-84e56d7bb850?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restaurant-reservations/" + google-query: inurl:"/wp-content/plugins/restaurant-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restaurant-reservations,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restaurant-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restaurant-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restaurant-reservations-381a1cb122afb3c93e4a0ba82f88d009.yaml b/nuclei-templates/cve-less/plugins/restaurant-reservations-381a1cb122afb3c93e4a0ba82f88d009.yaml new file mode 100644 index 0000000000..e8c8328136 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restaurant-reservations-381a1cb122afb3c93e4a0ba82f88d009.yaml @@ -0,0 +1,58 @@ +id: restaurant-reservations-381a1cb122afb3c93e4a0ba82f88d009 + +info: + name: > + Five Star Restaurant Reservations <= 2.6.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d420e73-24d5-4da8-8257-e0c7f0273031?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restaurant-reservations/" + google-query: inurl:"/wp-content/plugins/restaurant-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restaurant-reservations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restaurant-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restaurant-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restaurant-reservations-cb138827efa994e4ab1f824349c2d29b.yaml b/nuclei-templates/cve-less/plugins/restaurant-reservations-cb138827efa994e4ab1f824349c2d29b.yaml new file mode 100644 index 0000000000..e320e2b563 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restaurant-reservations-cb138827efa994e4ab1f824349c2d29b.yaml @@ -0,0 +1,58 @@ +id: restaurant-reservations-cb138827efa994e4ab1f824349c2d29b + +info: + name: > + Five Star Restaurant Reservations <= 2.4.11 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fe257e6-4bdf-49ef-adbb-f82ce378e3e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restaurant-reservations/" + google-query: inurl:"/wp-content/plugins/restaurant-reservations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restaurant-reservations,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restaurant-reservations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restaurant-reservations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restaurant-solutions-checklist-49049729ee40c19e1754ddd17e7749a5.yaml b/nuclei-templates/cve-less/plugins/restaurant-solutions-checklist-49049729ee40c19e1754ddd17e7749a5.yaml new file mode 100644 index 0000000000..164b064a4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restaurant-solutions-checklist-49049729ee40c19e1754ddd17e7749a5.yaml @@ -0,0 +1,58 @@ +id: restaurant-solutions-checklist-49049729ee40c19e1754ddd17e7749a5 + +info: + name: > + Restaurant Solutions – Checklist 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8dca7f2e-f572-468a-8342-a6e096441561?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restaurant-solutions-checklist/" + google-query: inurl:"/wp-content/plugins/restaurant-solutions-checklist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restaurant-solutions-checklist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restaurant-solutions-checklist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restaurant-solutions-checklist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restrict-categories-29ad4ef137c9211b84960b488500f18e.yaml b/nuclei-templates/cve-less/plugins/restrict-categories-29ad4ef137c9211b84960b488500f18e.yaml new file mode 100644 index 0000000000..e677dde147 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restrict-categories-29ad4ef137c9211b84960b488500f18e.yaml @@ -0,0 +1,58 @@ +id: restrict-categories-29ad4ef137c9211b84960b488500f18e + +info: + name: > + Restrict Categories <= 2.6.4 - Reflected Cross-Site Scripting via rc-search + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45671cab-f719-4ee6-af81-7c19b37b8d91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restrict-categories/" + google-query: inurl:"/wp-content/plugins/restrict-categories/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restrict-categories,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restrict-categories/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restrict-categories" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restrict-content-b9186cec24d42bc1865829817db744a2.yaml b/nuclei-templates/cve-less/plugins/restrict-content-b9186cec24d42bc1865829817db744a2.yaml new file mode 100644 index 0000000000..7346280d1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restrict-content-b9186cec24d42bc1865829817db744a2.yaml @@ -0,0 +1,58 @@ +id: restrict-content-b9186cec24d42bc1865829817db744a2 + +info: + name: > + Restrict Content <= 3.2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfbd41fa-15f0-473a-be5a-862e8a14b287?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restrict-content/" + google-query: inurl:"/wp-content/plugins/restrict-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restrict-content,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restrict-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restrict-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restrict-content-bf0fefcefc90da6dc2662202215f7095.yaml b/nuclei-templates/cve-less/plugins/restrict-content-bf0fefcefc90da6dc2662202215f7095.yaml new file mode 100644 index 0000000000..33164c1a2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restrict-content-bf0fefcefc90da6dc2662202215f7095.yaml @@ -0,0 +1,58 @@ +id: restrict-content-bf0fefcefc90da6dc2662202215f7095 + +info: + name: > + Restrict Content <= 3.2.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e5f3eac-d2da-43ea-9303-731d78102372?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restrict-content/" + google-query: inurl:"/wp-content/plugins/restrict-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restrict-content,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restrict-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restrict-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restrict-content-c6aeb8f23d8123cc999647a0e011d5c1.yaml b/nuclei-templates/cve-less/plugins/restrict-content-c6aeb8f23d8123cc999647a0e011d5c1.yaml new file mode 100644 index 0000000000..8de1cab35f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restrict-content-c6aeb8f23d8123cc999647a0e011d5c1.yaml @@ -0,0 +1,58 @@ +id: restrict-content-c6aeb8f23d8123cc999647a0e011d5c1 + +info: + name: > + Restrict Content <= 3.2.7 - Information Exposure via legacy log file + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad2d5070-ddc6-4478-abe5-776e197a4507?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restrict-content/" + google-query: inurl:"/wp-content/plugins/restrict-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restrict-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restrict-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restrict-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restrict-user-access-1003a4422a3ca5fc014222d5d79884b1.yaml b/nuclei-templates/cve-less/plugins/restrict-user-access-1003a4422a3ca5fc014222d5d79884b1.yaml new file mode 100644 index 0000000000..9059aed154 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restrict-user-access-1003a4422a3ca5fc014222d5d79884b1.yaml @@ -0,0 +1,58 @@ +id: restrict-user-access-1003a4422a3ca5fc014222d5d79884b1 + +info: + name: > + Restrict User Access – Ultimate Membership & Content Protection <= 2.5 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f67684cd-3e0f-48bb-967a-16ea2b027843?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restrict-user-access/" + google-query: inurl:"/wp-content/plugins/restrict-user-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restrict-user-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restrict-user-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restrict-user-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restrict-user-access-c66270d1aaf4c8bec88be3444d5d8440.yaml b/nuclei-templates/cve-less/plugins/restrict-user-access-c66270d1aaf4c8bec88be3444d5d8440.yaml new file mode 100644 index 0000000000..c7971ead59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restrict-user-access-c66270d1aaf4c8bec88be3444d5d8440.yaml @@ -0,0 +1,58 @@ +id: restrict-user-access-c66270d1aaf4c8bec88be3444d5d8440 + +info: + name: > + Restrict User Access – Membership Plugin with Force <= 2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17ffdd6d-3c6c-4f47-9f1c-a0f4c0f5fcdf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restrict-user-access/" + google-query: inurl:"/wp-content/plugins/restrict-user-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restrict-user-access,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restrict-user-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restrict-user-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restrict-usernames-emails-characters-00fcc0e6d0a51f0c0f6ca9266dccfbaf.yaml b/nuclei-templates/cve-less/plugins/restrict-usernames-emails-characters-00fcc0e6d0a51f0c0f6ca9266dccfbaf.yaml new file mode 100644 index 0000000000..26d0b62b3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restrict-usernames-emails-characters-00fcc0e6d0a51f0c0f6ca9266dccfbaf.yaml @@ -0,0 +1,58 @@ +id: restrict-usernames-emails-characters-00fcc0e6d0a51f0c0f6ca9266dccfbaf + +info: + name: > + Restrict Usernames Emails Characters <= 3.1.3 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12532f84-bc76-4968-a01f-f879ab41b901?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restrict-usernames-emails-characters/" + google-query: inurl:"/wp-content/plugins/restrict-usernames-emails-characters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restrict-usernames-emails-characters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restrict-usernames-emails-characters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restrict-usernames-emails-characters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restricted-content-277d2735251bde1d7660b619defc33af.yaml b/nuclei-templates/cve-less/plugins/restricted-content-277d2735251bde1d7660b619defc33af.yaml new file mode 100644 index 0000000000..a7b0701937 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restricted-content-277d2735251bde1d7660b619defc33af.yaml @@ -0,0 +1,58 @@ +id: restricted-content-277d2735251bde1d7660b619defc33af + +info: + name: > + Restrict <= 2.2.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62029ce5-ab97-4594-93e6-469ef5692320?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restricted-content/" + google-query: inurl:"/wp-content/plugins/restricted-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restricted-content,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restricted-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restricted-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restricted-site-access-0046efcaf372ceea3cbda093fc9866d7.yaml b/nuclei-templates/cve-less/plugins/restricted-site-access-0046efcaf372ceea3cbda093fc9866d7.yaml new file mode 100644 index 0000000000..cc0d58bde1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restricted-site-access-0046efcaf372ceea3cbda093fc9866d7.yaml @@ -0,0 +1,58 @@ +id: restricted-site-access-0046efcaf372ceea3cbda093fc9866d7 + +info: + name: > + webpack JS package <= 5.75.0 - Sandbox Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cda31a4-4c79-4567-a527-6510c31d2843?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restricted-site-access/" + google-query: inurl:"/wp-content/plugins/restricted-site-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restricted-site-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restricted-site-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restricted-site-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restricted-site-access-1951707b594e6f4a4e8e4243b43c9841.yaml b/nuclei-templates/cve-less/plugins/restricted-site-access-1951707b594e6f4a4e8e4243b43c9841.yaml new file mode 100644 index 0000000000..e1b5416064 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restricted-site-access-1951707b594e6f4a4e8e4243b43c9841.yaml @@ -0,0 +1,58 @@ +id: restricted-site-access-1951707b594e6f4a4e8e4243b43c9841 + +info: + name: > + loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb93138-f2f9-4a3f-a0a2-d79a315c44f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restricted-site-access/" + google-query: inurl:"/wp-content/plugins/restricted-site-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restricted-site-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restricted-site-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restricted-site-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restricted-site-access-bd26ccd939104e13f73f569b312459d6.yaml b/nuclei-templates/cve-less/plugins/restricted-site-access-bd26ccd939104e13f73f569b312459d6.yaml new file mode 100644 index 0000000000..9bbed932cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restricted-site-access-bd26ccd939104e13f73f569b312459d6.yaml @@ -0,0 +1,58 @@ +id: restricted-site-access-bd26ccd939104e13f73f569b312459d6 + +info: + name: > + loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2954a007-37ac-4811-a258-b3fdd738043f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restricted-site-access/" + google-query: inurl:"/wp-content/plugins/restricted-site-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restricted-site-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restricted-site-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restricted-site-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restricted-site-access-efb14ebe0992b6c3f6efdf7585df67a0.yaml b/nuclei-templates/cve-less/plugins/restricted-site-access-efb14ebe0992b6c3f6efdf7585df67a0.yaml new file mode 100644 index 0000000000..fc1ca55c32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restricted-site-access-efb14ebe0992b6c3f6efdf7585df67a0.yaml @@ -0,0 +1,58 @@ +id: restricted-site-access-efb14ebe0992b6c3f6efdf7585df67a0 + +info: + name: > + Restricted Site Access <= 7.3.1 - Access Bypass via IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd9e0044-263e-453a-b9e5-b3c6b98e90be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restricted-site-access/" + google-query: inurl:"/wp-content/plugins/restricted-site-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restricted-site-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restricted-site-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restricted-site-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/restropress-915182a6d2a256cbd187d2f4b8b4f74c.yaml b/nuclei-templates/cve-less/plugins/restropress-915182a6d2a256cbd187d2f4b8b4f74c.yaml new file mode 100644 index 0000000000..fc29be9106 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/restropress-915182a6d2a256cbd187d2f4b8b4f74c.yaml @@ -0,0 +1,58 @@ +id: restropress-915182a6d2a256cbd187d2f4b8b4f74c + +info: + name: > + RestroPress <= 3.1.2 - Cross-Site Request Forgery via rpress_orders_list_table_process_bulk_actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2e92646-bb71-4cf1-b826-e749693b0c0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/restropress/" + google-query: inurl:"/wp-content/plugins/restropress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,restropress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/restropress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restropress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/resume-builder-3cd33ca20c9c9eda3e3eb14910cde0f4.yaml b/nuclei-templates/cve-less/plugins/resume-builder-3cd33ca20c9c9eda3e3eb14910cde0f4.yaml new file mode 100644 index 0000000000..fc496ebaa2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/resume-builder-3cd33ca20c9c9eda3e3eb14910cde0f4.yaml @@ -0,0 +1,58 @@ +id: resume-builder-3cd33ca20c9c9eda3e3eb14910cde0f4 + +info: + name: > + Resume Builder <= 3.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3005c53e-eb09-479f-a4e4-b8d40583d80d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/resume-builder/" + google-query: inurl:"/wp-content/plugins/resume-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,resume-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/resume-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "resume-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/resume-upload-form-a0e2c0524dc803cf1690a2292b288992.yaml b/nuclei-templates/cve-less/plugins/resume-upload-form-a0e2c0524dc803cf1690a2292b288992.yaml new file mode 100644 index 0000000000..657de320aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/resume-upload-form-a0e2c0524dc803cf1690a2292b288992.yaml @@ -0,0 +1,58 @@ +id: resume-upload-form-a0e2c0524dc803cf1690a2292b288992 + +info: + name: > + Upload Resume <= 1.2.0 - Captcha Bypass via resume_upload_form + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc0acff9-6852-4ecb-84f9-98a15dd30fc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/resume-upload-form/" + google-query: inurl:"/wp-content/plugins/resume-upload-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,resume-upload-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/resume-upload-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "resume-upload-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/resume-upload-form-accdbc7387e8cd352346b508525444ba.yaml b/nuclei-templates/cve-less/plugins/resume-upload-form-accdbc7387e8cd352346b508525444ba.yaml new file mode 100644 index 0000000000..518cca1cca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/resume-upload-form-accdbc7387e8cd352346b508525444ba.yaml @@ -0,0 +1,58 @@ +id: resume-upload-form-accdbc7387e8cd352346b508525444ba + +info: + name: > + Upload Resume <= 1.2.0 - Authenticated Sensitive Information Disclosure via resume_upload_form_list shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8246ea9f-3ccb-4448-bf32-135c8140b09b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/resume-upload-form/" + google-query: inurl:"/wp-content/plugins/resume-upload-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,resume-upload-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/resume-upload-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "resume-upload-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/retain-3c6cc9490d009d5c5e5a38130b58bb8c.yaml b/nuclei-templates/cve-less/plugins/retain-3c6cc9490d009d5c5e5a38130b58bb8c.yaml new file mode 100644 index 0000000000..62f7e20cfa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/retain-3c6cc9490d009d5c5e5a38130b58bb8c.yaml @@ -0,0 +1,58 @@ +id: retain-3c6cc9490d009d5c5e5a38130b58bb8c + +info: + name: > + Retain Live Chat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d276502-6154-468e-b028-eadf29debe56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/retain/" + google-query: inurl:"/wp-content/plugins/retain/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,retain,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/retain/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "retain" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/retro-winamp-block-bc55ea7b509124d1a77831d4400c5030.yaml b/nuclei-templates/cve-less/plugins/retro-winamp-block-bc55ea7b509124d1a77831d4400c5030.yaml new file mode 100644 index 0000000000..ad11524726 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/retro-winamp-block-bc55ea7b509124d1a77831d4400c5030.yaml @@ -0,0 +1,58 @@ +id: retro-winamp-block-bc55ea7b509124d1a77831d4400c5030 + +info: + name: > + simple-git < 3.16.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46fdd494-8073-4a68-a4ab-1f5767011f67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/retro-winamp-block/" + google-query: inurl:"/wp-content/plugins/retro-winamp-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,retro-winamp-block,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/retro-winamp-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "retro-winamp-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/retro-winamp-block-c3dca1d1ef3a946c9ddf3e33caa00021.yaml b/nuclei-templates/cve-less/plugins/retro-winamp-block-c3dca1d1ef3a946c9ddf3e33caa00021.yaml new file mode 100644 index 0000000000..40916fedf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/retro-winamp-block-c3dca1d1ef3a946c9ddf3e33caa00021.yaml @@ -0,0 +1,58 @@ +id: retro-winamp-block-c3dca1d1ef3a946c9ddf3e33caa00021 + +info: + name: > + terser (JS Package) < 5.14.2 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1c08c10-7358-4618-b892-7d222ba460de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/retro-winamp-block/" + google-query: inurl:"/wp-content/plugins/retro-winamp-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,retro-winamp-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/retro-winamp-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "retro-winamp-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/retro-winamp-block-f9078038dec7d199edb0413f76661495.yaml b/nuclei-templates/cve-less/plugins/retro-winamp-block-f9078038dec7d199edb0413f76661495.yaml new file mode 100644 index 0000000000..167d22bf1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/retro-winamp-block-f9078038dec7d199edb0413f76661495.yaml @@ -0,0 +1,58 @@ +id: retro-winamp-block-f9078038dec7d199edb0413f76661495 + +info: + name: > + Terser < 4.8.1 and 5.0.0-5.14.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d535c069-cfa3-4c41-9a01-b4c4e7c75764?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/retro-winamp-block/" + google-query: inurl:"/wp-content/plugins/retro-winamp-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,retro-winamp-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/retro-winamp-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "retro-winamp-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reusable-blocks-extended-ebc582d4f12fc14b9a1428f77cdbf053.yaml b/nuclei-templates/cve-less/plugins/reusable-blocks-extended-ebc582d4f12fc14b9a1428f77cdbf053.yaml new file mode 100644 index 0000000000..6e58a78d01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reusable-blocks-extended-ebc582d4f12fc14b9a1428f77cdbf053.yaml @@ -0,0 +1,58 @@ +id: reusable-blocks-extended-ebc582d4f12fc14b9a1428f77cdbf053 + +info: + name: > + Reusable Blocks Extended <= 0.9 - Cross-Site Request Forgery via reblex_reusable_screen_block_pattern_registration + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67c2cac8-c3cf-46d1-a592-229081bc31e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reusable-blocks-extended/" + google-query: inurl:"/wp-content/plugins/reusable-blocks-extended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reusable-blocks-extended,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reusable-blocks-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reusable-blocks-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reusable-text-blocks-ccb9140dfd14809f1b9eb83224f5c145.yaml b/nuclei-templates/cve-less/plugins/reusable-text-blocks-ccb9140dfd14809f1b9eb83224f5c145.yaml new file mode 100644 index 0000000000..c8368917ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reusable-text-blocks-ccb9140dfd14809f1b9eb83224f5c145.yaml @@ -0,0 +1,58 @@ +id: reusable-text-blocks-ccb9140dfd14809f1b9eb83224f5c145 + +info: + name: > + Reusable Text Blocks <= 1.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d627ee7-1175-4621-a477-1e9ec2d05eee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reusable-text-blocks/" + google-query: inurl:"/wp-content/plugins/reusable-text-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reusable-text-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reusable-text-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reusable-text-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-buddypress-groups-b51b043ae0bd51e5c02a86aef7693c29.yaml b/nuclei-templates/cve-less/plugins/review-buddypress-groups-b51b043ae0bd51e5c02a86aef7693c29.yaml new file mode 100644 index 0000000000..83c416c889 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-buddypress-groups-b51b043ae0bd51e5c02a86aef7693c29.yaml @@ -0,0 +1,58 @@ +id: review-buddypress-groups-b51b043ae0bd51e5c02a86aef7693c29 + +info: + name: > + Wbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/397dabc3-5dcf-4d1f-9e24-28af889cb76f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-buddypress-groups/" + google-query: inurl:"/wp-content/plugins/review-buddypress-groups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-buddypress-groups,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-buddypress-groups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-buddypress-groups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-schema-6a28dfe4469613c00410a3afcd856457.yaml b/nuclei-templates/cve-less/plugins/review-schema-6a28dfe4469613c00410a3afcd856457.yaml new file mode 100644 index 0000000000..dca358ea97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-schema-6a28dfe4469613c00410a3afcd856457.yaml @@ -0,0 +1,58 @@ +id: review-schema-6a28dfe4469613c00410a3afcd856457 + +info: + name: > + WordPress Review & Structure Data Schema Plugin – Review Schema <= 2.1.14 - Missing Authorization to Arbitrary Review Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7039206-a25a-4aa0-87e2-be11dd1f12eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-schema/" + google-query: inurl:"/wp-content/plugins/review-schema/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-schema,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-schema/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-schema" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-stream-f9cb3c789647691d2de33bca14ad9edd.yaml b/nuclei-templates/cve-less/plugins/review-stream-f9cb3c789647691d2de33bca14ad9edd.yaml new file mode 100644 index 0000000000..2d04971142 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-stream-f9cb3c789647691d2de33bca14ad9edd.yaml @@ -0,0 +1,58 @@ +id: review-stream-f9cb3c789647691d2de33bca14ad9edd + +info: + name: > + Review Stream <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b645d0e-daee-4926-af47-05cacf811fbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-stream/" + google-query: inurl:"/wp-content/plugins/review-stream/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-stream,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-stream/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-stream" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-widgets-for-airbnb-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/review-widgets-for-airbnb-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..0b52ba2ea7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-widgets-for-airbnb-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: review-widgets-for-airbnb-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-widgets-for-airbnb/" + google-query: inurl:"/wp-content/plugins/review-widgets-for-airbnb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-widgets-for-airbnb,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-widgets-for-airbnb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-widgets-for-airbnb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-widgets-for-amazon-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/review-widgets-for-amazon-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..10e7be43a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-widgets-for-amazon-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: review-widgets-for-amazon-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-widgets-for-amazon/" + google-query: inurl:"/wp-content/plugins/review-widgets-for-amazon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-widgets-for-amazon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-widgets-for-amazon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-widgets-for-amazon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-widgets-for-arukereso-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/review-widgets-for-arukereso-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..12acb35b95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-widgets-for-arukereso-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: review-widgets-for-arukereso-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-widgets-for-arukereso/" + google-query: inurl:"/wp-content/plugins/review-widgets-for-arukereso/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-widgets-for-arukereso,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-widgets-for-arukereso/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-widgets-for-arukereso" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-widgets-for-booking-com-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/review-widgets-for-booking-com-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..c2f746b485 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-widgets-for-booking-com-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: review-widgets-for-booking-com-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-widgets-for-booking-com/" + google-query: inurl:"/wp-content/plugins/review-widgets-for-booking-com/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-widgets-for-booking-com,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-widgets-for-booking-com/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-widgets-for-booking-com" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-widgets-for-capterra-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/review-widgets-for-capterra-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..12abe157f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-widgets-for-capterra-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: review-widgets-for-capterra-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-widgets-for-capterra/" + google-query: inurl:"/wp-content/plugins/review-widgets-for-capterra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-widgets-for-capterra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-widgets-for-capterra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-widgets-for-capterra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-widgets-for-foursquare-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/review-widgets-for-foursquare-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..d8cfcf7576 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-widgets-for-foursquare-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: review-widgets-for-foursquare-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-widgets-for-foursquare/" + google-query: inurl:"/wp-content/plugins/review-widgets-for-foursquare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-widgets-for-foursquare,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-widgets-for-foursquare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-widgets-for-foursquare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-widgets-for-hotels-com-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/review-widgets-for-hotels-com-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..ac0941109a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-widgets-for-hotels-com-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: review-widgets-for-hotels-com-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-widgets-for-hotels-com/" + google-query: inurl:"/wp-content/plugins/review-widgets-for-hotels-com/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-widgets-for-hotels-com,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-widgets-for-hotels-com/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-widgets-for-hotels-com" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-widgets-for-opentable-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/review-widgets-for-opentable-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..4469ec22b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-widgets-for-opentable-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: review-widgets-for-opentable-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-widgets-for-opentable/" + google-query: inurl:"/wp-content/plugins/review-widgets-for-opentable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-widgets-for-opentable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-widgets-for-opentable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-widgets-for-opentable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-widgets-for-szallas-hu-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/review-widgets-for-szallas-hu-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..97fcfc2d36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-widgets-for-szallas-hu-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: review-widgets-for-szallas-hu-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-widgets-for-szallas-hu/" + google-query: inurl:"/wp-content/plugins/review-widgets-for-szallas-hu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-widgets-for-szallas-hu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-widgets-for-szallas-hu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-widgets-for-szallas-hu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/review-widgets-for-tripadvisor-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/review-widgets-for-tripadvisor-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..ea5c8f0435 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/review-widgets-for-tripadvisor-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: review-widgets-for-tripadvisor-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/review-widgets-for-tripadvisor/" + google-query: inurl:"/wp-content/plugins/review-widgets-for-tripadvisor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,review-widgets-for-tripadvisor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/review-widgets-for-tripadvisor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "review-widgets-for-tripadvisor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reviews-plus-153f878c481a2d3c062b001804128554.yaml b/nuclei-templates/cve-less/plugins/reviews-plus-153f878c481a2d3c062b001804128554.yaml new file mode 100644 index 0000000000..70c0644bde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reviews-plus-153f878c481a2d3c062b001804128554.yaml @@ -0,0 +1,58 @@ +id: reviews-plus-153f878c481a2d3c062b001804128554 + +info: + name: > + Reviews Plus <= 1.3.4 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c3fe739-eed0-432c-8608-50dc08ef1456?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reviews-plus/" + google-query: inurl:"/wp-content/plugins/reviews-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reviews-plus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reviews-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reviews-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reviews-plus-b033ee29eabf26b20084a86d35b9d877.yaml b/nuclei-templates/cve-less/plugins/reviews-plus-b033ee29eabf26b20084a86d35b9d877.yaml new file mode 100644 index 0000000000..fd0fbf11eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reviews-plus-b033ee29eabf26b20084a86d35b9d877.yaml @@ -0,0 +1,58 @@ +id: reviews-plus-b033ee29eabf26b20084a86d35b9d877 + +info: + name: > + Reviews Plus < 1.2.14 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52fb128f-d846-478e-bf9a-cbc3fe8ce89d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reviews-plus/" + google-query: inurl:"/wp-content/plugins/reviews-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reviews-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reviews-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reviews-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reviews-widgets-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/reviews-widgets-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..5a8de8df40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reviews-widgets-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: reviews-widgets-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reviews-widgets/" + google-query: inurl:"/wp-content/plugins/reviews-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reviews-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reviews-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reviews-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reviews-widgets-for-yelp-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/reviews-widgets-for-yelp-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..96ff1cf840 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reviews-widgets-for-yelp-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: reviews-widgets-for-yelp-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reviews-widgets-for-yelp/" + google-query: inurl:"/wp-content/plugins/reviews-widgets-for-yelp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reviews-widgets-for-yelp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reviews-widgets-for-yelp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reviews-widgets-for-yelp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reviewx-119c0f69d5b8485973b55dbcfc907989.yaml b/nuclei-templates/cve-less/plugins/reviewx-119c0f69d5b8485973b55dbcfc907989.yaml new file mode 100644 index 0000000000..14c79b1717 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reviewx-119c0f69d5b8485973b55dbcfc907989.yaml @@ -0,0 +1,58 @@ +id: reviewx-119c0f69d5b8485973b55dbcfc907989 + +info: + name: > + ReviewX <= 1.6.7 - Unauthenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc465757-4295-4a75-90f6-92c4be4e8944?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reviewx/" + google-query: inurl:"/wp-content/plugins/reviewx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reviewx,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reviewx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reviewx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reviewx-1589d579faac8c7d72195578a8342786.yaml b/nuclei-templates/cve-less/plugins/reviewx-1589d579faac8c7d72195578a8342786.yaml new file mode 100644 index 0000000000..fe3d9fc7b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reviewx-1589d579faac8c7d72195578a8342786.yaml @@ -0,0 +1,58 @@ +id: reviewx-1589d579faac8c7d72195578a8342786 + +info: + name: > + ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70e1d701-2cff-4793-9e4c-5b16a4038e8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reviewx/" + google-query: inurl:"/wp-content/plugins/reviewx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reviewx,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reviewx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reviewx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reviewx-1f09731ddd1d1af88db90bbc4fec3ba8.yaml b/nuclei-templates/cve-less/plugins/reviewx-1f09731ddd1d1af88db90bbc4fec3ba8.yaml new file mode 100644 index 0000000000..183ed74b26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reviewx-1f09731ddd1d1af88db90bbc4fec3ba8.yaml @@ -0,0 +1,58 @@ +id: reviewx-1f09731ddd1d1af88db90bbc4fec3ba8 + +info: + name: > + ReviewX <= 1.6.21 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08f4445b-9c79-42e3-be45-d07f72c00a01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reviewx/" + google-query: inurl:"/wp-content/plugins/reviewx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reviewx,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reviewx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reviewx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reviewx-6663c4e8258a97ca80d8e61f0b37ac68.yaml b/nuclei-templates/cve-less/plugins/reviewx-6663c4e8258a97ca80d8e61f0b37ac68.yaml new file mode 100644 index 0000000000..23936525f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reviewx-6663c4e8258a97ca80d8e61f0b37ac68.yaml @@ -0,0 +1,58 @@ +id: reviewx-6663c4e8258a97ca80d8e61f0b37ac68 + +info: + name: > + ReviewX <= 1.6.17 - Missing Authorization in rx_coupon_from_submit + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a9f4fb7-92f5-4136-9ca3-cf7bf5c0b717?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reviewx/" + google-query: inurl:"/wp-content/plugins/reviewx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reviewx,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reviewx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reviewx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reviewx-6a99396550744ae560a5320a1b153079.yaml b/nuclei-templates/cve-less/plugins/reviewx-6a99396550744ae560a5320a1b153079.yaml new file mode 100644 index 0000000000..f3d8d48908 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reviewx-6a99396550744ae560a5320a1b153079.yaml @@ -0,0 +1,58 @@ +id: reviewx-6a99396550744ae560a5320a1b153079 + +info: + name: > + ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.8 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/072092ef-17bc-4b8b-bf8b-bd69a761c56a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reviewx/" + google-query: inurl:"/wp-content/plugins/reviewx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reviewx,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reviewx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reviewx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/reviewx-ada9bfaee2bdcdae8c612fda04e8585f.yaml b/nuclei-templates/cve-less/plugins/reviewx-ada9bfaee2bdcdae8c612fda04e8585f.yaml new file mode 100644 index 0000000000..61256bb190 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/reviewx-ada9bfaee2bdcdae8c612fda04e8585f.yaml @@ -0,0 +1,58 @@ +id: reviewx-ada9bfaee2bdcdae8c612fda04e8585f + +info: + name: > + ReviewX <= 1.6.22 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15c1d7e1-e510-4cba-8da1-79e18b2eed22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/reviewx/" + google-query: inurl:"/wp-content/plugins/reviewx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,reviewx,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/reviewx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "reviewx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/revision-manager-tmc-49f7af60a7d6ca8e6785ad7873768f2a.yaml b/nuclei-templates/cve-less/plugins/revision-manager-tmc-49f7af60a7d6ca8e6785ad7873768f2a.yaml new file mode 100644 index 0000000000..cba576d5ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/revision-manager-tmc-49f7af60a7d6ca8e6785ad7873768f2a.yaml @@ -0,0 +1,58 @@ +id: revision-manager-tmc-49f7af60a7d6ca8e6785ad7873768f2a + +info: + name: > + JQueryFileTree <= 2.1.5 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f20352f-386f-45ab-b719-8a70f5c11b02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revision-manager-tmc/" + google-query: inurl:"/wp-content/plugins/revision-manager-tmc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revision-manager-tmc,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revision-manager-tmc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revision-manager-tmc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.91') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/revolut-gateway-for-woocommerce-b6ad60014841f75188893319dd4470b9.yaml b/nuclei-templates/cve-less/plugins/revolut-gateway-for-woocommerce-b6ad60014841f75188893319dd4470b9.yaml new file mode 100644 index 0000000000..c56f32ad1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/revolut-gateway-for-woocommerce-b6ad60014841f75188893319dd4470b9.yaml @@ -0,0 +1,58 @@ +id: revolut-gateway-for-woocommerce-b6ad60014841f75188893319dd4470b9 + +info: + name: > + Revolut Gateway for WooCommerce <= 4.9.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55827029-479e-4c4c-ba33-203075e1bbbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revolut-gateway-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/revolut-gateway-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revolut-gateway-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revolut-gateway-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revolut-gateway-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/revslider-21b56747ef932af6a293d705a4f1c993.yaml b/nuclei-templates/cve-less/plugins/revslider-21b56747ef932af6a293d705a4f1c993.yaml new file mode 100644 index 0000000000..c0ff06f155 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/revslider-21b56747ef932af6a293d705a4f1c993.yaml @@ -0,0 +1,58 @@ +id: revslider-21b56747ef932af6a293d705a4f1c993 + +info: + name: > + Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28cb96a9-12bd-4d9c-ac53-72e81d11b0b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revslider/" + google-query: inurl:"/wp-content/plugins/revslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revslider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/revslider-27d3cbadcfb0487ad424f81cd866c990.yaml b/nuclei-templates/cve-less/plugins/revslider-27d3cbadcfb0487ad424f81cd866c990.yaml new file mode 100644 index 0000000000..c9600edece --- /dev/null +++ b/nuclei-templates/cve-less/plugins/revslider-27d3cbadcfb0487ad424f81cd866c990.yaml @@ -0,0 +1,58 @@ +id: revslider-27d3cbadcfb0487ad424f81cd866c990 + +info: + name: > + Slider Revolution <= 6.7.7 - Authenticated (Author+) Stored Cross-Site Scripting via htmltag Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8437abcc-3e34-4a8a-bfe2-2ff7c9f41164?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revslider/" + google-query: inurl:"/wp-content/plugins/revslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/revslider-2e2946ff7ceba7ce385ae21a430029fb.yaml b/nuclei-templates/cve-less/plugins/revslider-2e2946ff7ceba7ce385ae21a430029fb.yaml new file mode 100644 index 0000000000..abae3381ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/revslider-2e2946ff7ceba7ce385ae21a430029fb.yaml @@ -0,0 +1,58 @@ +id: revslider-2e2946ff7ceba7ce385ae21a430029fb + +info: + name: > + Slider Revolution <= 6.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/772e843b-00ea-45f5-b730-c9a793d4c2db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revslider/" + google-query: inurl:"/wp-content/plugins/revslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/revslider-37ebb1547ffcf7ee914afd4ab2a7338e.yaml b/nuclei-templates/cve-less/plugins/revslider-37ebb1547ffcf7ee914afd4ab2a7338e.yaml new file mode 100644 index 0000000000..7e8b58902b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/revslider-37ebb1547ffcf7ee914afd4ab2a7338e.yaml @@ -0,0 +1,58 @@ +id: revslider-37ebb1547ffcf7ee914afd4ab2a7338e + +info: + name: > + Slider Revolution < 6.6.19 - Authenticated (Author+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/951e3497-8fbc-4cc9-a784-edf7bb679175?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revslider/" + google-query: inurl:"/wp-content/plugins/revslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.6.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/revslider-648072cf9e5d6b428e895ff9cc55e265.yaml b/nuclei-templates/cve-less/plugins/revslider-648072cf9e5d6b428e895ff9cc55e265.yaml new file mode 100644 index 0000000000..8035f55be7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/revslider-648072cf9e5d6b428e895ff9cc55e265.yaml @@ -0,0 +1,58 @@ +id: revslider-648072cf9e5d6b428e895ff9cc55e265 + +info: + name: > + Slider Revolution <= 6.6.12 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fa00dae-c51d-4586-81da-b568cd6d8124?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revslider/" + google-query: inurl:"/wp-content/plugins/revslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/revslider-685b01b9c20a58ab8625d54ca9e5774b.yaml b/nuclei-templates/cve-less/plugins/revslider-685b01b9c20a58ab8625d54ca9e5774b.yaml new file mode 100644 index 0000000000..ca7800ae74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/revslider-685b01b9c20a58ab8625d54ca9e5774b.yaml @@ -0,0 +1,58 @@ +id: revslider-685b01b9c20a58ab8625d54ca9e5774b + +info: + name: > + Slider Revolution <= 4.2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b162ef2-7428-47cc-91c6-c8f66512c5dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revslider/" + google-query: inurl:"/wp-content/plugins/revslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revslider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/revslider-77cb7270adb1ee8f80145931d246bc67.yaml b/nuclei-templates/cve-less/plugins/revslider-77cb7270adb1ee8f80145931d246bc67.yaml new file mode 100644 index 0000000000..27dcf69ef4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/revslider-77cb7270adb1ee8f80145931d246bc67.yaml @@ -0,0 +1,58 @@ +id: revslider-77cb7270adb1ee8f80145931d246bc67 + +info: + name: > + Slider Revolution <= 4.1.4 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb8eea53-64d1-4375-9364-292b96080f68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revslider/" + google-query: inurl:"/wp-content/plugins/revslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/revslider-be4d0822a09dabbfb60c56eb78326475.yaml b/nuclei-templates/cve-less/plugins/revslider-be4d0822a09dabbfb60c56eb78326475.yaml new file mode 100644 index 0000000000..b6d0ae2eaa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/revslider-be4d0822a09dabbfb60c56eb78326475.yaml @@ -0,0 +1,58 @@ +id: revslider-be4d0822a09dabbfb60c56eb78326475 + +info: + name: > + Slider Revolution <= 6.6.15 - Authenticated (Author+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2d29afd-06e8-461a-918f-38228441a51a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revslider/" + google-query: inurl:"/wp-content/plugins/revslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/revslider-ea2d65615410e5461dba977dc309841e.yaml b/nuclei-templates/cve-less/plugins/revslider-ea2d65615410e5461dba977dc309841e.yaml new file mode 100644 index 0000000000..91d762a5bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/revslider-ea2d65615410e5461dba977dc309841e.yaml @@ -0,0 +1,58 @@ +id: revslider-ea2d65615410e5461dba977dc309841e + +info: + name: > + Revslider <= 6.6.20 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6af1e90-9bad-470b-9e00-137000c0450c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/revslider/" + google-query: inurl:"/wp-content/plugins/revslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,revslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/revslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rezgo-1bdd11fadd06cfdab7d4d06e095a85bd.yaml b/nuclei-templates/cve-less/plugins/rezgo-1bdd11fadd06cfdab7d4d06e095a85bd.yaml new file mode 100644 index 0000000000..4289409993 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rezgo-1bdd11fadd06cfdab7d4d06e095a85bd.yaml @@ -0,0 +1,58 @@ +id: rezgo-1bdd11fadd06cfdab7d4d06e095a85bd + +info: + name: > + Rezgo Online Booking < 1.4.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc590a99-0c9d-4c38-b7ec-b8a0dc7f6f0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rezgo/" + google-query: inurl:"/wp-content/plugins/rezgo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rezgo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rezgo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rezgo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rezgo-d8487b4cdf30d9f95919fc0d077ba4cd.yaml b/nuclei-templates/cve-less/plugins/rezgo-d8487b4cdf30d9f95919fc0d077ba4cd.yaml new file mode 100644 index 0000000000..074ca137ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rezgo-d8487b4cdf30d9f95919fc0d077ba4cd.yaml @@ -0,0 +1,58 @@ +id: rezgo-d8487b4cdf30d9f95919fc0d077ba4cd + +info: + name: > + Rezgo Online Booking <= 4.1.7 - Reflected Cross-Site-Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8ba1a2f-d4f9-4cfe-9a42-ec2e116aed1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rezgo/" + google-query: inurl:"/wp-content/plugins/rezgo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rezgo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rezgo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rezgo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rezgo-fe69a0c777f01161eb85876f2a58c68c.yaml b/nuclei-templates/cve-less/plugins/rezgo-fe69a0c777f01161eb85876f2a58c68c.yaml new file mode 100644 index 0000000000..cdc596b979 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rezgo-fe69a0c777f01161eb85876f2a58c68c.yaml @@ -0,0 +1,58 @@ +id: rezgo-fe69a0c777f01161eb85876f2a58c68c + +info: + name: > + Rezgo Online Booking < 1.8.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06334fad-eb1d-4abe-b183-a9e11eedd3d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rezgo/" + google-query: inurl:"/wp-content/plugins/rezgo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rezgo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rezgo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rezgo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rich-counter-77a02e9a59afcc2450797fc7712b5da9.yaml b/nuclei-templates/cve-less/plugins/rich-counter-77a02e9a59afcc2450797fc7712b5da9.yaml new file mode 100644 index 0000000000..ac3d92c8ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rich-counter-77a02e9a59afcc2450797fc7712b5da9.yaml @@ -0,0 +1,58 @@ +id: rich-counter-77a02e9a59afcc2450797fc7712b5da9 + +info: + name: > + Rich Counter < 1.2.0 - JavaScript Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/070a5d26-9126-4d0e-9421-739090bea421?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rich-counter/" + google-query: inurl:"/wp-content/plugins/rich-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rich-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rich-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rich-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rich-event-timeline-bb6d2bf0f5a8a794df5c5f921c8ed2d6.yaml b/nuclei-templates/cve-less/plugins/rich-event-timeline-bb6d2bf0f5a8a794df5c5f921c8ed2d6.yaml new file mode 100644 index 0000000000..f21de21f06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rich-event-timeline-bb6d2bf0f5a8a794df5c5f921c8ed2d6.yaml @@ -0,0 +1,58 @@ +id: rich-event-timeline-bb6d2bf0f5a8a794df5c5f921c8ed2d6 + +info: + name: > + Event Timeline <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c157d70-1d4d-482e-8996-bc047a801681?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rich-event-timeline/" + google-query: inurl:"/wp-content/plugins/rich-event-timeline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rich-event-timeline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rich-event-timeline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rich-event-timeline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rich-reviews-b5ff51b3c591b9026f1ed0c5c634aabc.yaml b/nuclei-templates/cve-less/plugins/rich-reviews-b5ff51b3c591b9026f1ed0c5c634aabc.yaml new file mode 100644 index 0000000000..1bbdf01a7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rich-reviews-b5ff51b3c591b9026f1ed0c5c634aabc.yaml @@ -0,0 +1,58 @@ +id: rich-reviews-b5ff51b3c591b9026f1ed0c5c634aabc + +info: + name: > + Rich Reviews by Starfish <= 1.9.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1625a77d-bbca-4d18-ae6f-03030ac51d5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rich-reviews/" + google-query: inurl:"/wp-content/plugins/rich-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rich-reviews,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rich-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rich-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rich-reviews-d096551cc11e027298b83171a2a3683a.yaml b/nuclei-templates/cve-less/plugins/rich-reviews-d096551cc11e027298b83171a2a3683a.yaml new file mode 100644 index 0000000000..9e2909c6b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rich-reviews-d096551cc11e027298b83171a2a3683a.yaml @@ -0,0 +1,58 @@ +id: rich-reviews-d096551cc11e027298b83171a2a3683a + +info: + name: > + Rich Reviews by Starfish <= 1.9.14 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cd5e6f3-b791-48a8-b7eb-42cdd8975530?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rich-reviews/" + google-query: inurl:"/wp-content/plugins/rich-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rich-reviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rich-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rich-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rich-snippets-vevents-0a2ecbcc02c5fdd93dc20fd7c66c9f62.yaml b/nuclei-templates/cve-less/plugins/rich-snippets-vevents-0a2ecbcc02c5fdd93dc20fd7c66c9f62.yaml new file mode 100644 index 0000000000..5dd32f3c21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rich-snippets-vevents-0a2ecbcc02c5fdd93dc20fd7c66c9f62.yaml @@ -0,0 +1,58 @@ +id: rich-snippets-vevents-0a2ecbcc02c5fdd93dc20fd7c66c9f62 + +info: + name: > + Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5beb0f93-baa7-4400-ab40-d63f3430169e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rich-snippets-vevents/" + google-query: inurl:"/wp-content/plugins/rich-snippets-vevents/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rich-snippets-vevents,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rich-snippets-vevents/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rich-snippets-vevents" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rich-table-of-content-0a49b86c658b566e0874b7c8c6fd8f9c.yaml b/nuclei-templates/cve-less/plugins/rich-table-of-content-0a49b86c658b566e0874b7c8c6fd8f9c.yaml new file mode 100644 index 0000000000..0d18bb0e0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rich-table-of-content-0a49b86c658b566e0874b7c8c6fd8f9c.yaml @@ -0,0 +1,58 @@ +id: rich-table-of-content-0a49b86c658b566e0874b7c8c6fd8f9c + +info: + name: > + Rich Table of Contents <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21a31d61-84eb-47bf-a4d3-e14089127e6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rich-table-of-content/" + google-query: inurl:"/wp-content/plugins/rich-table-of-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rich-table-of-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rich-table-of-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rich-table-of-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rife-elementor-extensions-9454be14498ff26da96354e9b5fc82b2.yaml b/nuclei-templates/cve-less/plugins/rife-elementor-extensions-9454be14498ff26da96354e9b5fc82b2.yaml new file mode 100644 index 0000000000..a5f064ac8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rife-elementor-extensions-9454be14498ff26da96354e9b5fc82b2.yaml @@ -0,0 +1,58 @@ +id: rife-elementor-extensions-9454be14498ff26da96354e9b5fc82b2 + +info: + name: > + Rife Elementor Extensions & Templates <= 1.1.10 - Missing Authorization via import_templates + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee520664-0c1f-4af0-8cdf-a33c1dfaaca7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rife-elementor-extensions/" + google-query: inurl:"/wp-content/plugins/rife-elementor-extensions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rife-elementor-extensions,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rife-elementor-extensions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rife-elementor-extensions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rife-elementor-extensions-b6405ae9eaca03d55059021293cdb417.yaml b/nuclei-templates/cve-less/plugins/rife-elementor-extensions-b6405ae9eaca03d55059021293cdb417.yaml new file mode 100644 index 0000000000..ae97948702 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rife-elementor-extensions-b6405ae9eaca03d55059021293cdb417.yaml @@ -0,0 +1,58 @@ +id: rife-elementor-extensions-b6405ae9eaca03d55059021293cdb417 + +info: + name: > + Rife Elementor Extensions & Templates <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f4bba27-efdc-4b2d-80be-4a5c17ef5e7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rife-elementor-extensions/" + google-query: inurl:"/wp-content/plugins/rife-elementor-extensions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rife-elementor-extensions,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rife-elementor-extensions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rife-elementor-extensions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rimons-twitter-widget-94ba05091d5c1c002f96ded27dad7e5c.yaml b/nuclei-templates/cve-less/plugins/rimons-twitter-widget-94ba05091d5c1c002f96ded27dad7e5c.yaml new file mode 100644 index 0000000000..a8ce614a10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rimons-twitter-widget-94ba05091d5c1c002f96ded27dad7e5c.yaml @@ -0,0 +1,58 @@ +id: rimons-twitter-widget-94ba05091d5c1c002f96ded27dad7e5c + +info: + name: > + Rimons Twitter Widget <= 1.2.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/afd58164-8d33-4f93-a904-443b1df8b66b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rimons-twitter-widget/" + google-query: inurl:"/wp-content/plugins/rimons-twitter-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rimons-twitter-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rimons-twitter-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rimons-twitter-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rise-blocks-300e5e2ebc65101a8ebb5e6f23b6747a.yaml b/nuclei-templates/cve-less/plugins/rise-blocks-300e5e2ebc65101a8ebb5e6f23b6747a.yaml new file mode 100644 index 0000000000..83b90ecff2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rise-blocks-300e5e2ebc65101a8ebb5e6f23b6747a.yaml @@ -0,0 +1,58 @@ +id: rise-blocks-300e5e2ebc65101a8ebb5e6f23b6747a + +info: + name: > + Rise Blocks – A Complete Gutenberg Page Builder <= 3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b249842-c480-495a-8eec-6c7d0893ef1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rise-blocks/" + google-query: inurl:"/wp-content/plugins/rise-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rise-blocks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rise-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rise-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rk-responsive-contact-form-9a2bf7d17126275dce9aeca280888e4f.yaml b/nuclei-templates/cve-less/plugins/rk-responsive-contact-form-9a2bf7d17126275dce9aeca280888e4f.yaml new file mode 100644 index 0000000000..aa394450fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rk-responsive-contact-form-9a2bf7d17126275dce9aeca280888e4f.yaml @@ -0,0 +1,58 @@ +id: rk-responsive-contact-form-9a2bf7d17126275dce9aeca280888e4f + +info: + name: > + RK Responsive Contact Form <= 1.0.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58fa1235-846f-4bd4-ba0d-be6b039f411e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rk-responsive-contact-form/" + google-query: inurl:"/wp-content/plugins/rk-responsive-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rk-responsive-contact-form,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rk-responsive-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rk-responsive-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/robo-gallery-11a45c98dd2f844970dab94e4b84b3d9.yaml b/nuclei-templates/cve-less/plugins/robo-gallery-11a45c98dd2f844970dab94e4b84b3d9.yaml new file mode 100644 index 0000000000..d295d41960 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/robo-gallery-11a45c98dd2f844970dab94e4b84b3d9.yaml @@ -0,0 +1,58 @@ +id: robo-gallery-11a45c98dd2f844970dab94e4b84b3d9 + +info: + name: > + Robo Gallery <= 3.2.15 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/983a9501-cb09-436a-8b0d-392cfef8643b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/robo-gallery/" + google-query: inurl:"/wp-content/plugins/robo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,robo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/robo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "robo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/robo-gallery-21d5c5e61124efe0fdb8d063c0f79f9f.yaml b/nuclei-templates/cve-less/plugins/robo-gallery-21d5c5e61124efe0fdb8d063c0f79f9f.yaml new file mode 100644 index 0000000000..c606cf8fc3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/robo-gallery-21d5c5e61124efe0fdb8d063c0f79f9f.yaml @@ -0,0 +1,58 @@ +id: robo-gallery-21d5c5e61124efe0fdb8d063c0f79f9f + +info: + name: > + Robo Gallery <= 3.2.17 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02073716-4f6a-4a51-933f-c5ab8dfbc08c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/robo-gallery/" + google-query: inurl:"/wp-content/plugins/robo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,robo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/robo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "robo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/robo-gallery-5fb58f1bd63b817d6a622885ff3cda93.yaml b/nuclei-templates/cve-less/plugins/robo-gallery-5fb58f1bd63b817d6a622885ff3cda93.yaml new file mode 100644 index 0000000000..7ff6f2ce33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/robo-gallery-5fb58f1bd63b817d6a622885ff3cda93.yaml @@ -0,0 +1,58 @@ +id: robo-gallery-5fb58f1bd63b817d6a622885ff3cda93 + +info: + name: > + Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9393e103-7009-457b-ba14-fa5ef45b97df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/robo-gallery/" + google-query: inurl:"/wp-content/plugins/robo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,robo-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/robo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "robo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/robo-gallery-6cee4524dc586561620cd18145330773.yaml b/nuclei-templates/cve-less/plugins/robo-gallery-6cee4524dc586561620cd18145330773.yaml new file mode 100644 index 0000000000..278a0deab1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/robo-gallery-6cee4524dc586561620cd18145330773.yaml @@ -0,0 +1,58 @@ +id: robo-gallery-6cee4524dc586561620cd18145330773 + +info: + name: > + Robo Gallery Plugin <= 3.2.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5cca24-514b-4f8b-911f-8d138287fce2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/robo-gallery/" + google-query: inurl:"/wp-content/plugins/robo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,robo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/robo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "robo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/robo-gallery-9376ca64ef0c10c441ff62358957edd7.yaml b/nuclei-templates/cve-less/plugins/robo-gallery-9376ca64ef0c10c441ff62358957edd7.yaml new file mode 100644 index 0000000000..8aaa2a0030 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/robo-gallery-9376ca64ef0c10c441ff62358957edd7.yaml @@ -0,0 +1,58 @@ +id: robo-gallery-9376ca64ef0c10c441ff62358957edd7 + +info: + name: > + Robo Gallery <= 3.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e0424f8-f60f-49c3-9969-a88c830dc0e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/robo-gallery/" + google-query: inurl:"/wp-content/plugins/robo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,robo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/robo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "robo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/robo-gallery-9f2f2dde98598fd295064b72e326d9fc.yaml b/nuclei-templates/cve-less/plugins/robo-gallery-9f2f2dde98598fd295064b72e326d9fc.yaml new file mode 100644 index 0000000000..8fa2c2f25a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/robo-gallery-9f2f2dde98598fd295064b72e326d9fc.yaml @@ -0,0 +1,58 @@ +id: robo-gallery-9f2f2dde98598fd295064b72e326d9fc + +info: + name: > + Robo Gallery <= 3.2.18 - Unauthenticated Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae5779cc-b55b-4b8f-ae66-8607a689ef72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/robo-gallery/" + google-query: inurl:"/wp-content/plugins/robo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,robo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/robo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "robo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/robo-gallery-ca5f7b99213750bdb7e09f3fde148865.yaml b/nuclei-templates/cve-less/plugins/robo-gallery-ca5f7b99213750bdb7e09f3fde148865.yaml new file mode 100644 index 0000000000..60a6d3ea0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/robo-gallery-ca5f7b99213750bdb7e09f3fde148865.yaml @@ -0,0 +1,58 @@ +id: robo-gallery-ca5f7b99213750bdb7e09f3fde148865 + +info: + name: > + Robo Gallery <= 3.2.9 - Cross-Site Request Forgery via getPluginStatus + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44f1342a-11b3-4c3f-837f-f68176ded4a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/robo-gallery/" + google-query: inurl:"/wp-content/plugins/robo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,robo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/robo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "robo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rock-convert-a6ad4e1a267f3d946e1e2e12d5bebc25.yaml b/nuclei-templates/cve-less/plugins/rock-convert-a6ad4e1a267f3d946e1e2e12d5bebc25.yaml new file mode 100644 index 0000000000..37a469c242 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rock-convert-a6ad4e1a267f3d946e1e2e12d5bebc25.yaml @@ -0,0 +1,58 @@ +id: rock-convert-a6ad4e1a267f3d946e1e2e12d5bebc25 + +info: + name: > + Rock Convert <= 2.10.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8dbaed2a-cc35-455c-ad7e-c7826d5b3e7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rock-convert/" + google-query: inurl:"/wp-content/plugins/rock-convert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rock-convert,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rock-convert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rock-convert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rock-convert-c9b759e004eccd5b21e624aa9b7c9cb8.yaml b/nuclei-templates/cve-less/plugins/rock-convert-c9b759e004eccd5b21e624aa9b7c9cb8.yaml new file mode 100644 index 0000000000..3983edcd9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rock-convert-c9b759e004eccd5b21e624aa9b7c9cb8.yaml @@ -0,0 +1,58 @@ +id: rock-convert-c9b759e004eccd5b21e624aa9b7c9cb8 + +info: + name: > + Rock Convert <= 2.10.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bfb8874-a2e2-474f-9f91-fefb980e2a93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rock-convert/" + google-query: inurl:"/wp-content/plugins/rock-convert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rock-convert,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rock-convert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rock-convert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rock-convert-f5bd530013958004252bd14d740d1932.yaml b/nuclei-templates/cve-less/plugins/rock-convert-f5bd530013958004252bd14d740d1932.yaml new file mode 100644 index 0000000000..588626247d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rock-convert-f5bd530013958004252bd14d740d1932.yaml @@ -0,0 +1,58 @@ +id: rock-convert-f5bd530013958004252bd14d740d1932 + +info: + name: > + Rock Convert <= 2.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c29cb99f-72e9-4178-b961-7ab50a5b6c7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rock-convert/" + google-query: inurl:"/wp-content/plugins/rock-convert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rock-convert,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rock-convert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rock-convert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rocket-font-056b7aae26aa632814d20eff8a2aaeb8.yaml b/nuclei-templates/cve-less/plugins/rocket-font-056b7aae26aa632814d20eff8a2aaeb8.yaml new file mode 100644 index 0000000000..ae8b935a47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rocket-font-056b7aae26aa632814d20eff8a2aaeb8.yaml @@ -0,0 +1,58 @@ +id: rocket-font-056b7aae26aa632814d20eff8a2aaeb8 + +info: + name: > + Rocket Font <= 1.2.3 - Cross-Site Request Forgery via update_option_check_match_default + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/635f448b-5c51-4152-b6f5-076a686709bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rocket-font/" + google-query: inurl:"/wp-content/plugins/rocket-font/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rocket-font,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rocket-font/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rocket-font" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rocket-maintenance-mode-28d27bb70102b6a3ff9c97ba43afec20.yaml b/nuclei-templates/cve-less/plugins/rocket-maintenance-mode-28d27bb70102b6a3ff9c97ba43afec20.yaml new file mode 100644 index 0000000000..c0aaf76be0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rocket-maintenance-mode-28d27bb70102b6a3ff9c97ba43afec20.yaml @@ -0,0 +1,58 @@ +id: rocket-maintenance-mode-28d27bb70102b6a3ff9c97ba43afec20 + +info: + name: > + Rocket Maintenance Mode & Coming Soon Page <= 4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/055cc26b-1e24-4e39-89c8-bdc4a69ce938?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rocket-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/rocket-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rocket-maintenance-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rocket-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rocket-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rockhoist-badges-b501e58c10633b07f2bbf5ed16ac706e.yaml b/nuclei-templates/cve-less/plugins/rockhoist-badges-b501e58c10633b07f2bbf5ed16ac706e.yaml new file mode 100644 index 0000000000..513f434ec0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rockhoist-badges-b501e58c10633b07f2bbf5ed16ac706e.yaml @@ -0,0 +1,58 @@ +id: rockhoist-badges-b501e58c10633b07f2bbf5ed16ac706e + +info: + name: > + Rockhoist Badges <= 1.2.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a46420e-8ca5-43ac-8475-786e24185f55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rockhoist-badges/" + google-query: inurl:"/wp-content/plugins/rockhoist-badges/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rockhoist-badges,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rockhoist-badges/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rockhoist-badges" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/role-based-pricing-for-woocommerce-226373864d57cc20f7f59dea62a55c3b.yaml b/nuclei-templates/cve-less/plugins/role-based-pricing-for-woocommerce-226373864d57cc20f7f59dea62a55c3b.yaml new file mode 100644 index 0000000000..0acf189776 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/role-based-pricing-for-woocommerce-226373864d57cc20f7f59dea62a55c3b.yaml @@ -0,0 +1,58 @@ +id: role-based-pricing-for-woocommerce-226373864d57cc20f7f59dea62a55c3b + +info: + name: > + Role Based Pricing for WooCommerce <= 1.6.1 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62402e53-ff46-410e-9cc1-a87b677e6526?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/role-based-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/role-based-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,role-based-pricing-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/role-based-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "role-based-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/role-based-pricing-for-woocommerce-9572375f1a63fe71cfefeb901690b502.yaml b/nuclei-templates/cve-less/plugins/role-based-pricing-for-woocommerce-9572375f1a63fe71cfefeb901690b502.yaml new file mode 100644 index 0000000000..b1f7b8cf7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/role-based-pricing-for-woocommerce-9572375f1a63fe71cfefeb901690b502.yaml @@ -0,0 +1,58 @@ +id: role-based-pricing-for-woocommerce-9572375f1a63fe71cfefeb901690b502 + +info: + name: > + Role Based Pricing for WooCommerce <= 1.6.2 - Missing Authorization to PHAR Deserialization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75fc21c8-352c-48dc-9d3f-53a738306f97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/role-based-pricing-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/role-based-pricing-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,role-based-pricing-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/role-based-pricing-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "role-based-pricing-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/role-scoper-787af0ce94bcdf676a12979b911ee5bb.yaml b/nuclei-templates/cve-less/plugins/role-scoper-787af0ce94bcdf676a12979b911ee5bb.yaml new file mode 100644 index 0000000000..f50c580f16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/role-scoper-787af0ce94bcdf676a12979b911ee5bb.yaml @@ -0,0 +1,58 @@ +id: role-scoper-787af0ce94bcdf676a12979b911ee5bb + +info: + name: > + Role Scoper (Obsolete – Please install PublishPress Permissions) < 1.3.67 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb30d2b-84f2-433e-bb9e-713486b759ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/role-scoper/" + google-query: inurl:"/wp-content/plugins/role-scoper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,role-scoper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/role-scoper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "role-scoper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rolo-slider-47760446230886f970132bba81795035.yaml b/nuclei-templates/cve-less/plugins/rolo-slider-47760446230886f970132bba81795035.yaml new file mode 100644 index 0000000000..6a3b69780d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rolo-slider-47760446230886f970132bba81795035.yaml @@ -0,0 +1,58 @@ +id: rolo-slider-47760446230886f970132bba81795035 + +info: + name: > + Rolo Slider <= 1.0.9 - Missing Authorization to Authenticated(Subscriber+) Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fdf6c97-6fc4-4840-b96d-e194149861e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rolo-slider/" + google-query: inurl:"/wp-content/plugins/rolo-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rolo-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rolo-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rolo-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rometheme-for-elementor-3b2e242a0e8c63c5936cb035e1688322.yaml b/nuclei-templates/cve-less/plugins/rometheme-for-elementor-3b2e242a0e8c63c5936cb035e1688322.yaml new file mode 100644 index 0000000000..1b18ad21ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rometheme-for-elementor-3b2e242a0e8c63c5936cb035e1688322.yaml @@ -0,0 +1,58 @@ +id: rometheme-for-elementor-3b2e242a0e8c63c5936cb035e1688322 + +info: + name: > + RomethemeKit For Elementor <= 1.4.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2da883bf-5741-4eda-8a93-3b7feb90f4c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rometheme-for-elementor/" + google-query: inurl:"/wp-content/plugins/rometheme-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rometheme-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rometheme-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rometheme-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rometheme-for-elementor-8e63763711ef860c6f3f1ec391c10df2.yaml b/nuclei-templates/cve-less/plugins/rometheme-for-elementor-8e63763711ef860c6f3f1ec391c10df2.yaml new file mode 100644 index 0000000000..5caa8b0922 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rometheme-for-elementor-8e63763711ef860c6f3f1ec391c10df2.yaml @@ -0,0 +1,58 @@ +id: rometheme-for-elementor-8e63763711ef860c6f3f1ec391c10df2 + +info: + name: > + RomethemeKit For Elementor <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73ca6a08-b01f-4df6-89ab-32b917c92236?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rometheme-for-elementor/" + google-query: inurl:"/wp-content/plugins/rometheme-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rometheme-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rometheme-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rometheme-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/romethemeform-9fc19dd6fd6294d34dede89f8670266f.yaml b/nuclei-templates/cve-less/plugins/romethemeform-9fc19dd6fd6294d34dede89f8670266f.yaml new file mode 100644 index 0000000000..568fa4bd51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/romethemeform-9fc19dd6fd6294d34dede89f8670266f.yaml @@ -0,0 +1,58 @@ +id: romethemeform-9fc19dd6fd6294d34dede89f8670266f + +info: + name: > + RomethemeForm For Elementor <= 1.1.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d6adf41-6cb1-4c11-940d-fabc9298f3af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/romethemeform/" + google-query: inurl:"/wp-content/plugins/romethemeform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,romethemeform,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/romethemeform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "romethemeform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/roomcloud-702f612dcb7a10b7280f1dc0d80858a2.yaml b/nuclei-templates/cve-less/plugins/roomcloud-702f612dcb7a10b7280f1dc0d80858a2.yaml new file mode 100644 index 0000000000..b11bdd9f63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/roomcloud-702f612dcb7a10b7280f1dc0d80858a2.yaml @@ -0,0 +1,58 @@ +id: roomcloud-702f612dcb7a10b7280f1dc0d80858a2 + +info: + name: > + Roomcloud < 1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfb2dda8-1389-4b19-a5cd-d6b3436ab3b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/roomcloud/" + google-query: inurl:"/wp-content/plugins/roomcloud/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,roomcloud,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/roomcloud/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "roomcloud" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rotating-posts-f7a5929579e2eeff4b02eaa7e1b6a770.yaml b/nuclei-templates/cve-less/plugins/rotating-posts-f7a5929579e2eeff4b02eaa7e1b6a770.yaml new file mode 100644 index 0000000000..76907d0b59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rotating-posts-f7a5929579e2eeff4b02eaa7e1b6a770.yaml @@ -0,0 +1,58 @@ +id: rotating-posts-f7a5929579e2eeff4b02eaa7e1b6a770 + +info: + name: > + Rotating Posts <= 1.11 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66b7d455-0959-4a7a-b37c-02d1ecac666b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rotating-posts/" + google-query: inurl:"/wp-content/plugins/rotating-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rotating-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rotating-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rotating-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rough-chart-0c31a10cc87b13f4ea6563dcb29fd71f.yaml b/nuclei-templates/cve-less/plugins/rough-chart-0c31a10cc87b13f4ea6563dcb29fd71f.yaml new file mode 100644 index 0000000000..e1c3da7e77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rough-chart-0c31a10cc87b13f4ea6563dcb29fd71f.yaml @@ -0,0 +1,58 @@ +id: rough-chart-0c31a10cc87b13f4ea6563dcb29fd71f + +info: + name: > + Rough Chart <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7c0b933-469e-4f8b-94b2-8823568c5d45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rough-chart/" + google-query: inurl:"/wp-content/plugins/rough-chart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rough-chart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rough-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rough-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-0041eed105fca66b7639ed88612e2a80.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-0041eed105fca66b7639ed88612e2a80.yaml new file mode 100644 index 0000000000..e69206d906 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-0041eed105fca66b7639ed88612e2a80.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-0041eed105fca66b7639ed88612e2a80 + +info: + name: > + Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Kit Import + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa530112-a7cd-4c54-aa87-9e7337d01557?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-0085871a665961c1d3ef1282f6a6ad11.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-0085871a665961c1d3ef1282f6a6ad11.yaml new file mode 100644 index 0000000000..c5d5444fbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-0085871a665961c1d3ef1282f6a6ad11.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-0085871a665961c1d3ef1282f6a6ad11 + +info: + name: > + Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55f7e39b-e7a5-462b-b1e4-c3d92038f17e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-0149f7dc82642e7c9e2df42d374cf976.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-0149f7dc82642e7c9e2df42d374cf976.yaml new file mode 100644 index 0000000000..e76aaec459 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-0149f7dc82642e7c9e2df42d374cf976.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-0149f7dc82642e7c9e2df42d374cf976 + +info: + name: > + Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Menu Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c23e9810-40ea-43e2-9292-f05f300a7ddf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-14fedf42454dd570b7c4db0f006340a9.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-14fedf42454dd570b7c4db0f006340a9.yaml new file mode 100644 index 0000000000..dac9eabc63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-14fedf42454dd570b7c4db0f006340a9.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-14fedf42454dd570b7c4db0f006340a9 + +info: + name: > + Royal Elementor Addons <= 1.3.55 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3dc3b715-23eb-4cb9-8f44-1d3134c560ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.55') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-1e54d333594befa754c49d164d26005e.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-1e54d333594befa754c49d164d26005e.yaml new file mode 100644 index 0000000000..203950357e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-1e54d333594befa754c49d164d26005e.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-1e54d333594befa754c49d164d26005e + +info: + name: > + Royal Elementor Addons <= 1.3.93 - Authenticated (Contributor+) Stored Cross-Site Scriting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3e47d14-4c00-4b10-9e4d-7f1d7946a2b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.93') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-1e5ce0b67a0027e4214650c86e79dae3.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-1e5ce0b67a0027e4214650c86e79dae3.yaml new file mode 100644 index 0000000000..7a326d5080 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-1e5ce0b67a0027e4214650c86e79dae3.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-1e5ce0b67a0027e4214650c86e79dae3 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via remove_from_compare + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4178271-c09e-4094-a616-5a00d28f39a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.87') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-234019268f52489cd57bd03c8706abb6.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-234019268f52489cd57bd03c8706abb6.yaml new file mode 100644 index 0000000000..b021e6150e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-234019268f52489cd57bd03c8706abb6.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-234019268f52489cd57bd03c8706abb6 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via HTML Tags + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40ca3778-95ff-4b2c-ac47-4ae8c86e245a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.971') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-2b7446b2ef604595e4c14f2ae5295842.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-2b7446b2ef604595e4c14f2ae5295842.yaml new file mode 100644 index 0000000000..ef8630ac07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-2b7446b2ef604595e4c14f2ae5295842.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-2b7446b2ef604595e4c14f2ae5295842 + +info: + name: > + Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Theme Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdd464ad-24bc-4922-8bfa-ac42fbe60b52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-30adae9325a039e658c3c87f75010bc4.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-30adae9325a039e658c3c87f75010bc4.yaml new file mode 100644 index 0000000000..01ad72b743 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-30adae9325a039e658c3c87f75010bc4.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-30adae9325a039e658c3c87f75010bc4 + +info: + name: > + Royal Elementor Addons <=1.3.70 - Unauthenticated MailChimp API Key Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86c9bcf1-c69e-47ca-b74b-8ce6157f520b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.70') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-34cb9813e7e0af12dde3e7fb63dcabc4.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-34cb9813e7e0af12dde3e7fb63dcabc4.yaml new file mode 100644 index 0000000000..4d4d9764de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-34cb9813e7e0af12dde3e7fb63dcabc4.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-34cb9813e7e0af12dde3e7fb63dcabc4 + +info: + name: > + Royal Elementor Addons <=1.3.55 - Authenticated (Subscriber+) Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6aa3d312-485a-4a93-a075-fa7152395f11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.55') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-3a171cbd9ee1ba65bf8842bbdf9667ce.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-3a171cbd9ee1ba65bf8842bbdf9667ce.yaml new file mode 100644 index 0000000000..c5f0599ce0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-3a171cbd9ee1ba65bf8842bbdf9667ce.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-3a171cbd9ee1ba65bf8842bbdf9667ce + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via remove_from_wishlist + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3516e7-cce4-4def-be38-d16be3110d59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.87') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-427e946f25b6c94eeb7fca443cbb0fb9.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-427e946f25b6c94eeb7fca443cbb0fb9.yaml new file mode 100644 index 0000000000..2464174efa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-427e946f25b6c94eeb7fca443cbb0fb9.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-427e946f25b6c94eeb7fca443cbb0fb9 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.80 - Missing Authorization to Private/Password Protected Post Read + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ba3cf12-facb-479b-8077-fd279c40607e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.80') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-42b03ce9c451ca4b2e6d55fc7e3bcc5f.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-42b03ce9c451ca4b2e6d55fc7e3bcc5f.yaml new file mode 100644 index 0000000000..801101a5c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-42b03ce9c451ca4b2e6d55fc7e3bcc5f.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-42b03ce9c451ca4b2e6d55fc7e3bcc5f + +info: + name: > + Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Conditions Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e12653-ddfe-4e02-9d9e-0263b9f71def?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-42efdeb2109159b8e16a9767609f5a82.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-42efdeb2109159b8e16a9767609f5a82.yaml new file mode 100644 index 0000000000..5a246eb3f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-42efdeb2109159b8e16a9767609f5a82.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-42efdeb2109159b8e16a9767609f5a82 + +info: + name: > + Royal Elementor Addons <= 1.3.93 - Unauthenticated IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2626db42-0047-4801-bbcb-e236440c1677?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.93') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-67ad0ff7411e0b10941fca10e62b3adc.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-67ad0ff7411e0b10941fca10e62b3adc.yaml new file mode 100644 index 0000000000..1dff65f2b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-67ad0ff7411e0b10941fca10e62b3adc.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-67ad0ff7411e0b10941fca10e62b3adc + +info: + name: > + Royal Elementor Addons <=1.3.55 - Missing Authorization to Subscriber+ Arbitrary Post Creation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2e883b-fb91-425c-a779-89a34eed2ba8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.55') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-7df172b3edf3e84909e57255e5af7560.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-7df172b3edf3e84909e57255e5af7560.yaml new file mode 100644 index 0000000000..d3dafde25e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-7df172b3edf3e84909e57255e5af7560.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-7df172b3edf3e84909e57255e5af7560 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Logo Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8619c999-5cf7-4888-bdb2-815238411303?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.91') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-7f3e0aa2645efef948b43657b5c03dab.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-7f3e0aa2645efef948b43657b5c03dab.yaml new file mode 100644 index 0000000000..9314677bfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-7f3e0aa2645efef948b43657b5c03dab.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-7f3e0aa2645efef948b43657b5c03dab + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via add_to_compare + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0955689-43a0-442c-974b-5db5e4171f6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.87') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-85f4d977a933b76ef44dca3b5cf211a8.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-85f4d977a933b76ef44dca3b5cf211a8.yaml new file mode 100644 index 0000000000..5eb1b2d9f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-85f4d977a933b76ef44dca3b5cf211a8.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-85f4d977a933b76ef44dca3b5cf211a8 + +info: + name: > + Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Import + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64cce528-0ad0-45ec-a8f6-e8791b0bece0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-971ac066c8b1c8e7c33176652acbee75.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-971ac066c8b1c8e7c33176652acbee75.yaml new file mode 100644 index 0000000000..559425bdb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-971ac066c8b1c8e7c33176652acbee75.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-971ac066c8b1c8e7c33176652acbee75 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.78 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9d95af5-96da-4259-98c6-e2c4c574a896?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.78') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-a1c5cf13e8000c5432d1ca3433582d6a.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-a1c5cf13e8000c5432d1ca3433582d6a.yaml new file mode 100644 index 0000000000..566acc2cc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-a1c5cf13e8000c5432d1ca3433582d6a.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-a1c5cf13e8000c5432d1ca3433582d6a + +info: + name: > + Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Template Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a941aef-85f6-4719-b6ab-ace77a03e93e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-a51510a3a53aad35586cd77db87e9061.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-a51510a3a53aad35586cd77db87e9061.yaml new file mode 100644 index 0000000000..434fa6bba4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-a51510a3a53aad35586cd77db87e9061.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-a51510a3a53aad35586cd77db87e9061 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via add_to_wishlist + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ff2954-f494-4cd7-9f29-ee0e8551e339?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.87') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-a8dfb144a96e09ab6fe557b583b0e2e1.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-a8dfb144a96e09ab6fe557b583b0e2e1.yaml new file mode 100644 index 0000000000..725db97098 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-a8dfb144a96e09ab6fe557b583b0e2e1.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-a8dfb144a96e09ab6fe557b583b0e2e1 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.87 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/256b4818-290b-4660-8e83-c18b068a8959?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.87') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-aba156d650d00c8cf56ce115df0a8a51.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-aba156d650d00c8cf56ce115df0a8a51.yaml new file mode 100644 index 0000000000..04c42bbb82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-aba156d650d00c8cf56ce115df0a8a51.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-aba156d650d00c8cf56ce115df0a8a51 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.87 - Missing Authorization via wpr_update_form_action_meta + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3457b87-c860-4cf2-ac3d-2c6521b629ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.87') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-af78f3c1214fac33b65ff5feb5cc1cdc.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-af78f3c1214fac33b65ff5feb5cc1cdc.yaml new file mode 100644 index 0000000000..287df9fb4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-af78f3c1214fac33b65ff5feb5cc1cdc.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-af78f3c1214fac33b65ff5feb5cc1cdc + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70582781-9de5-4124-bde4-d3d26724e9b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.971') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-bf5db01ece74e4b17297bc41008d1094.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-bf5db01ece74e4b17297bc41008d1094.yaml new file mode 100644 index 0000000000..c037f1f9a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-bf5db01ece74e4b17297bc41008d1094.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-bf5db01ece74e4b17297bc41008d1094 + +info: + name: > + Royal Elementor Addons <= 1.3.59 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6c6ce4-9944-4c8e-89aa-6a2e870ef205?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-d8b16bccaae81ea809d42b4a13235086.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-d8b16bccaae81ea809d42b4a13235086.yaml new file mode 100644 index 0000000000..c4bdb7e3ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-d8b16bccaae81ea809d42b4a13235086.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-d8b16bccaae81ea809d42b4a13235086 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.87 - Cross-Site Request Forgery via wpr_update_form_action_meta + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8bef03-51e0-4448-bddd-85300104e875?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.87') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-e9fbd2b032cc27ad5763353222798302.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-e9fbd2b032cc27ad5763353222798302.yaml new file mode 100644 index 0000000000..c80b0a1abe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-e9fbd2b032cc27ad5763353222798302.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-e9fbd2b032cc27ad5763353222798302 + +info: + name: > + Royal Elementor Addons <= 1.3.75 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4809d513-69e8-4572-9549-9dba9f40cb80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.75') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-f23a396c773e57d57939f05c9afe1afd.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-f23a396c773e57d57939f05c9afe1afd.yaml new file mode 100644 index 0000000000..f0b1bc3163 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-f23a396c773e57d57939f05c9afe1afd.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-f23a396c773e57d57939f05c9afe1afd + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.94 - Unauthenticated Limited File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a04705d-cd17-4b4b-b04d-de55d6479dab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.94') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-f2cad193bfdf87038af8a439971f7167.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-f2cad193bfdf87038af8a439971f7167.yaml new file mode 100644 index 0000000000..ce873d1c14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-f2cad193bfdf87038af8a439971f7167.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-f2cad193bfdf87038af8a439971f7167 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flip Carousel, Flip Box, Post Grid, and Taxonomy List Widget Attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/337cbec1-c8a8-41b5-8c32-779be671120f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.971') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-f99e6ab2e39506303838ab9dbdf68d36.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-f99e6ab2e39506303838ab9dbdf68d36.yaml new file mode 100644 index 0000000000..f329ffee05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-f99e6ab2e39506303838ab9dbdf68d36.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-f99e6ab2e39506303838ab9dbdf68d36 + +info: + name: > + Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Import Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62a5c796-1c14-4cb1-9f21-340b40e418df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-fbf2bd6ee999c2641f3988cb02ef8d65.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-fbf2bd6ee999c2641f3988cb02ef8d65.yaml new file mode 100644 index 0000000000..e3bf3eae81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-fbf2bd6ee999c2641f3988cb02ef8d65.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-fbf2bd6ee999c2641f3988cb02ef8d65 + +info: + name: > + Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Deactivation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb47b6cc-87e4-4d29-bbc7-6d7552bc3943?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-ffeb5e23a26d75b1d475c25e6d94fa7a.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-ffeb5e23a26d75b1d475c25e6d94fa7a.yaml new file mode 100644 index 0000000000..90a7c4f492 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-ffeb5e23a26d75b1d475c25e6d94fa7a.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-ffeb5e23a26d75b1d475c25e6d94fa7a + +info: + name: > + Royal Elementor Addons <= 1.3.59 - Cross-Site Request Forgery to Menu Template creation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55db7d81-7ffb-49da-b64e-23e892bddc57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-elementor-addons-fffeaa1f78027e80b8c9ac73b2739073.yaml b/nuclei-templates/cve-less/plugins/royal-elementor-addons-fffeaa1f78027e80b8c9ac73b2739073.yaml new file mode 100644 index 0000000000..735fe9d970 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-elementor-addons-fffeaa1f78027e80b8c9ac73b2739073.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-addons-fffeaa1f78027e80b8c9ac73b2739073 + +info: + name: > + Royal Elementor Addons and Templates <= 1.3.971 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Accordion Title Tags + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83ea2ec3-5d5b-44ea-83e6-41c4fa6e2e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-elementor-addons/" + google-query: inurl:"/wp-content/plugins/royal-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.971') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/royal-slider-b8b913c56ed39f29c61eb2552bb40930.yaml b/nuclei-templates/cve-less/plugins/royal-slider-b8b913c56ed39f29c61eb2552bb40930.yaml new file mode 100644 index 0000000000..e9c93a1512 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/royal-slider-b8b913c56ed39f29c61eb2552bb40930.yaml @@ -0,0 +1,58 @@ +id: royal-slider-b8b913c56ed39f29c61eb2552bb40930 + +info: + name: > + Royal Slider Plugin < 3.2.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66a65270-182b-44b1-968b-4fc2d8de1ea6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/royal-slider/" + google-query: inurl:"/wp-content/plugins/royal-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,royal-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/royal-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsfirewall-4c932f620189df7cfc310b8ab7529a19.yaml b/nuclei-templates/cve-less/plugins/rsfirewall-4c932f620189df7cfc310b8ab7529a19.yaml new file mode 100644 index 0000000000..e5e457cf3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsfirewall-4c932f620189df7cfc310b8ab7529a19.yaml @@ -0,0 +1,58 @@ +id: rsfirewall-4c932f620189df7cfc310b8ab7529a19 + +info: + name: > + RSFirewall! <= 1.1.24 - IP Address Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64f43aee-01ee-4fbb-a174-966ed3c06b21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsfirewall/" + google-query: inurl:"/wp-content/plugins/rsfirewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsfirewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsfirewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsfirewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rss-feed-reader-0bfa9343d868449c3d973f2c81052fe9.yaml b/nuclei-templates/cve-less/plugins/rss-feed-reader-0bfa9343d868449c3d973f2c81052fe9.yaml new file mode 100644 index 0000000000..aa6d22654f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rss-feed-reader-0bfa9343d868449c3d973f2c81052fe9.yaml @@ -0,0 +1,58 @@ +id: rss-feed-reader-0bfa9343d868449c3d973f2c81052fe9 + +info: + name: > + RSS Feed Reader <= 0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c49c7db-50de-4f1d-acfa-d12a84a42d94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rss-feed-reader/" + google-query: inurl:"/wp-content/plugins/rss-feed-reader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rss-feed-reader,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rss-feed-reader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rss-feed-reader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rss-feed-widget-20537453f991f8c89e48950bab56c824.yaml b/nuclei-templates/cve-less/plugins/rss-feed-widget-20537453f991f8c89e48950bab56c824.yaml new file mode 100644 index 0000000000..d73f10dfc3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rss-feed-widget-20537453f991f8c89e48950bab56c824.yaml @@ -0,0 +1,58 @@ +id: rss-feed-widget-20537453f991f8c89e48950bab56c824 + +info: + name: > + RSS Feed Widget <= 2.8.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91abd172-e024-4272-96ee-1725af4d5488?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rss-feed-widget/" + google-query: inurl:"/wp-content/plugins/rss-feed-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rss-feed-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rss-feed-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rss-feed-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rss-feed-widget-cad14760637700672da85dda380a58c3.yaml b/nuclei-templates/cve-less/plugins/rss-feed-widget-cad14760637700672da85dda380a58c3.yaml new file mode 100644 index 0000000000..8214bf383c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rss-feed-widget-cad14760637700672da85dda380a58c3.yaml @@ -0,0 +1,58 @@ +id: rss-feed-widget-cad14760637700672da85dda380a58c3 + +info: + name: > + RSS Feed Widget <= 2.9.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c468a56c-4411-49fc-8014-fc9b71a645c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rss-feed-widget/" + google-query: inurl:"/wp-content/plugins/rss-feed-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rss-feed-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rss-feed-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rss-feed-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rss-for-yandex-turbo-509b534cfaeb00eddb901be35d0a9812.yaml b/nuclei-templates/cve-less/plugins/rss-for-yandex-turbo-509b534cfaeb00eddb901be35d0a9812.yaml new file mode 100644 index 0000000000..0eb0ee943e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rss-for-yandex-turbo-509b534cfaeb00eddb901be35d0a9812.yaml @@ -0,0 +1,58 @@ +id: rss-for-yandex-turbo-509b534cfaeb00eddb901be35d0a9812 + +info: + name: > + RSS for Yandex Turbo <= 1.29 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5269ea0a-b0e9-433a-a166-28d23bfb6b4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rss-for-yandex-turbo/" + google-query: inurl:"/wp-content/plugins/rss-for-yandex-turbo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rss-for-yandex-turbo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rss-for-yandex-turbo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rss-for-yandex-turbo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rss-for-yandex-turbo-6c5c77255a84fb41b6fdd26d0fd10783.yaml b/nuclei-templates/cve-less/plugins/rss-for-yandex-turbo-6c5c77255a84fb41b6fdd26d0fd10783.yaml new file mode 100644 index 0000000000..0e85a1852b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rss-for-yandex-turbo-6c5c77255a84fb41b6fdd26d0fd10783.yaml @@ -0,0 +1,58 @@ +id: rss-for-yandex-turbo-6c5c77255a84fb41b6fdd26d0fd10783 + +info: + name: > + Rss for Yandex Turbo <= 1.30 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a246227c-89c1-46c3-a74c-b5de260d8a19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rss-for-yandex-turbo/" + google-query: inurl:"/wp-content/plugins/rss-for-yandex-turbo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rss-for-yandex-turbo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rss-for-yandex-turbo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rss-for-yandex-turbo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rss-import-cd17a32212236705de6be45ec4d31053.yaml b/nuclei-templates/cve-less/plugins/rss-import-cd17a32212236705de6be45ec4d31053.yaml new file mode 100644 index 0000000000..cb7e5c7856 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rss-import-cd17a32212236705de6be45ec4d31053.yaml @@ -0,0 +1,58 @@ +id: rss-import-cd17a32212236705de6be45ec4d31053 + +info: + name: > + RSSImport <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09a052a1-6e69-4972-9dab-802754cfb93a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rss-import/" + google-query: inurl:"/wp-content/plugins/rss-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rss-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rss-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rss-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvp-38dc5d2aec94b7c14ed0604e5b57a847.yaml b/nuclei-templates/cve-less/plugins/rsvp-38dc5d2aec94b7c14ed0604e5b57a847.yaml new file mode 100644 index 0000000000..f8767ec914 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvp-38dc5d2aec94b7c14ed0604e5b57a847.yaml @@ -0,0 +1,58 @@ +id: rsvp-38dc5d2aec94b7c14ed0604e5b57a847 + +info: + name: > + RSVP and Event Management <= 2.7.7 - Unauthenticated Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ac44e4f-7052-465c-82ab-c3f23a62c898?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvp/" + google-query: inurl:"/wp-content/plugins/rsvp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvp-9a3fa62818d09a4c2a4693cadbb72035.yaml b/nuclei-templates/cve-less/plugins/rsvp-9a3fa62818d09a4c2a4693cadbb72035.yaml new file mode 100644 index 0000000000..bee2b6cddb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvp-9a3fa62818d09a4c2a4693cadbb72035.yaml @@ -0,0 +1,58 @@ +id: rsvp-9a3fa62818d09a4c2a4693cadbb72035 + +info: + name: > + RSVP and Event Management Plugin <= 2.3.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/792d6c70-4c17-493a-bb4a-08a55e8240d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvp/" + google-query: inurl:"/wp-content/plugins/rsvp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-11d11665e7b84e94329e03dc64274c9e.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-11d11665e7b84e94329e03dc64274c9e.yaml new file mode 100644 index 0000000000..f14bdc226f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-11d11665e7b84e94329e03dc64274c9e.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-11d11665e7b84e94329e03dc64274c9e + +info: + name: > + RSVPMaker <= 8.7.2 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/027fa70f-8777-4a0b-b2aa-18bcdcd99cbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-202c703bcd7494b0db3a9f2aa3a2b6de.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-202c703bcd7494b0db3a9f2aa3a2b6de.yaml new file mode 100644 index 0000000000..6e2beee3ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-202c703bcd7494b0db3a9f2aa3a2b6de.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-202c703bcd7494b0db3a9f2aa3a2b6de + +info: + name: > + RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via $email value + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44373541-adc5-4aa0-abde-0693f2760afb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-54909ff694f2550a529ed9dc33c2ddad.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-54909ff694f2550a529ed9dc33c2ddad.yaml new file mode 100644 index 0000000000..6a50ceada9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-54909ff694f2550a529ed9dc33c2ddad.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-54909ff694f2550a529ed9dc33c2ddad + +info: + name: > + RSVPMaker <= 9.2.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6031edec-4274-4e42-9e3a-ce0c94958b17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-73c59415c469f5d4853f326fdd664c56.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-73c59415c469f5d4853f326fdd664c56.yaml new file mode 100644 index 0000000000..906e79d943 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-73c59415c469f5d4853f326fdd664c56.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-73c59415c469f5d4853f326fdd664c56 + +info: + name: > + RSVPMaker <= 10.5.4 - Authenticated (Administrator+) SQL Injection via 'resend' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6709f9b0-0915-4361-9fb0-1f2696e26c2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 10.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-84319e4342ea4c4283c523e681307b09.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-84319e4342ea4c4283c523e681307b09.yaml new file mode 100644 index 0000000000..66944f7456 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-84319e4342ea4c4283c523e681307b09.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-84319e4342ea4c4283c523e681307b09 + +info: + name: > + RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f655704d-70a1-40d8-ae36-39029185d262?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-871693a9ac7cbae97114e3dda03c407f.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-871693a9ac7cbae97114e3dda03c407f.yaml new file mode 100644 index 0000000000..932e08a609 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-871693a9ac7cbae97114e3dda03c407f.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-871693a9ac7cbae97114e3dda03c407f + +info: + name: > + RSVPMaker <= 9.3.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1d02646-271a-4079-8a47-00b4029e9c1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-b5eb1eaeff0523cd8fae2efd6f6ac02e.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-b5eb1eaeff0523cd8fae2efd6f6ac02e.yaml new file mode 100644 index 0000000000..d83e72cfff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-b5eb1eaeff0523cd8fae2efd6f6ac02e.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-b5eb1eaeff0523cd8fae2efd6f6ac02e + +info: + name: > + RSVPMaker <= 6.1.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f89c43c-6729-40c5-bd32-3c328f83e366?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-d81020aeab63f5a6071cc384e45c425d.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-d81020aeab63f5a6071cc384e45c425d.yaml new file mode 100644 index 0000000000..0a06c48fb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-d81020aeab63f5a6071cc384e45c425d.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-d81020aeab63f5a6071cc384e45c425d + +info: + name: > + RSVPMaker <= 9.2.6 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6837b91d-b3ba-435a-965b-fa18d9b9b9c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-e4702a04134b47b76d799a6fc7f1263b.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-e4702a04134b47b76d799a6fc7f1263b.yaml new file mode 100644 index 0000000000..b32f01e6ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-e4702a04134b47b76d799a6fc7f1263b.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-e4702a04134b47b76d799a6fc7f1263b + +info: + name: > + RSVPMaker < 5.6.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc2a31f-19c2-4474-a3b0-16ded1912ddd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-excel-a2edcd49a7e89b5985d5c1db4e3e3fcb.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-excel-a2edcd49a7e89b5985d5c1db4e3e3fcb.yaml new file mode 100644 index 0000000000..bf953c0ab2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-excel-a2edcd49a7e89b5985d5c1db4e3e3fcb.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-excel-a2edcd49a7e89b5985d5c1db4e3e3fcb + +info: + name: > + RSVPmaker Excel <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec084ade-d2e7-4484-8381-a83b04c41059?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker-excel/" + google-query: inurl:"/wp-content/plugins/rsvpmaker-excel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker-excel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker-excel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker-excel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-fa61f96851f0d9df6ac08db9cd077c0f.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-fa61f96851f0d9df6ac08db9cd077c0f.yaml new file mode 100644 index 0000000000..1810b6fda7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-fa61f96851f0d9df6ac08db9cd077c0f.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-fa61f96851f0d9df6ac08db9cd077c0f + +info: + name: > + RSVPMaker <= 10.6.6 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/647cc71d-4d3a-4722-b498-baaee2450809?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-fb36faa4bab8a0d1c4868c63043ddd1b.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-fb36faa4bab8a0d1c4868c63043ddd1b.yaml new file mode 100644 index 0000000000..0b6beedbee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-fb36faa4bab8a0d1c4868c63043ddd1b.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-fb36faa4bab8a0d1c4868c63043ddd1b + +info: + name: > + RSVPMaker <= 9.9.3 - Authenticated (Admin+) SQL Injection via 'delete' parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13101551-d62e-4b27-9156-5b3d022f0e55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-fe52f515eb00fff50a18a2e75044bc1d.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-fe52f515eb00fff50a18a2e75044bc1d.yaml new file mode 100644 index 0000000000..d32043432f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-fe52f515eb00fff50a18a2e75044bc1d.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-fe52f515eb00fff50a18a2e75044bc1d + +info: + name: > + RSVPMaker <= 10.6.5 - Unauthenticated Stored Cross-Site Scripting via 'email' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aaf0e58c-0430-44fe-980f-8ea469802c86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rsvpmaker-ff8293f84b21b2955bef22aebfa62b32.yaml b/nuclei-templates/cve-less/plugins/rsvpmaker-ff8293f84b21b2955bef22aebfa62b32.yaml new file mode 100644 index 0000000000..3e203037a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rsvpmaker-ff8293f84b21b2955bef22aebfa62b32.yaml @@ -0,0 +1,58 @@ +id: rsvpmaker-ff8293f84b21b2955bef22aebfa62b32 + +info: + name: > + RSVPMarker <= 10.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfb27513-61ad-4cf0-a471-0ab7aeb0801b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rsvpmaker/" + google-query: inurl:"/wp-content/plugins/rsvpmaker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rsvpmaker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rsvpmaker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rsvpmaker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rt-easy-builder-advanced-addons-for-elementor-f0986ec848116bdaf85ff2fe79a684cc.yaml b/nuclei-templates/cve-less/plugins/rt-easy-builder-advanced-addons-for-elementor-f0986ec848116bdaf85ff2fe79a684cc.yaml new file mode 100644 index 0000000000..5c9172f552 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rt-easy-builder-advanced-addons-for-elementor-f0986ec848116bdaf85ff2fe79a684cc.yaml @@ -0,0 +1,58 @@ +id: rt-easy-builder-advanced-addons-for-elementor-f0986ec848116bdaf85ff2fe79a684cc + +info: + name: > + RT Easy Builder – Advanced addons for Elementor <= 2.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6defd072-0203-471a-96cf-579a9eebcd9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rt-easy-builder-advanced-addons-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rt-easy-builder-advanced-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rt-easy-builder-advanced-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rt-prettyphoto-94b0b54aeb124f4c7a107e54a5615849.yaml b/nuclei-templates/cve-less/plugins/rt-prettyphoto-94b0b54aeb124f4c7a107e54a5615849.yaml new file mode 100644 index 0000000000..7a705e20d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rt-prettyphoto-94b0b54aeb124f4c7a107e54a5615849.yaml @@ -0,0 +1,58 @@ +id: rt-prettyphoto-94b0b54aeb124f4c7a107e54a5615849 + +info: + name: > + Royal PrettyPhoto <= 1.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62de6922-f3f2-4996-a749-2d6d3a8be042?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rt-prettyphoto/" + google-query: inurl:"/wp-content/plugins/rt-prettyphoto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rt-prettyphoto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rt-prettyphoto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rt-prettyphoto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ruby-help-desk-9346f7a9d2f3883e949e211cd3195670.yaml b/nuclei-templates/cve-less/plugins/ruby-help-desk-9346f7a9d2f3883e949e211cd3195670.yaml new file mode 100644 index 0000000000..4ff881c1f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ruby-help-desk-9346f7a9d2f3883e949e211cd3195670.yaml @@ -0,0 +1,58 @@ +id: ruby-help-desk-9346f7a9d2f3883e949e211cd3195670 + +info: + name: > + Ruby Help Desk <= 1.3.3 - Missing Authorization to Arbitrary Ticket Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd741e2d-5478-4b9a-83ab-7ccafdc5d12f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ruby-help-desk/" + google-query: inurl:"/wp-content/plugins/ruby-help-desk/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ruby-help-desk,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ruby-help-desk/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ruby-help-desk" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rucy-83e12e5ef7835e334ea713df657c881c.yaml b/nuclei-templates/cve-less/plugins/rucy-83e12e5ef7835e334ea713df657c881c.yaml new file mode 100644 index 0000000000..fc11e2620d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rucy-83e12e5ef7835e334ea713df657c881c.yaml @@ -0,0 +1,58 @@ +id: rucy-83e12e5ef7835e334ea713df657c881c + +info: + name: > + Rucy <= 0.4.4 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/595d0401-55b9-418e-8b99-48b23e9a2662?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rucy/" + google-query: inurl:"/wp-content/plugins/rucy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rucy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rucy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rucy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rumbletalk-chat-a-chat-with-themes-4505fe3a4261c48a734f7d8e99d7b55b.yaml b/nuclei-templates/cve-less/plugins/rumbletalk-chat-a-chat-with-themes-4505fe3a4261c48a734f7d8e99d7b55b.yaml new file mode 100644 index 0000000000..2b45a88bb5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rumbletalk-chat-a-chat-with-themes-4505fe3a4261c48a734f7d8e99d7b55b.yaml @@ -0,0 +1,58 @@ +id: rumbletalk-chat-a-chat-with-themes-4505fe3a4261c48a734f7d8e99d7b55b + +info: + name: > + RumbleTalk Live Group Chat <= 6.1.9 - Missing Authorization via handleRequest + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9d6e168-a768-4062-9ef1-0be9d6c65c51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rumbletalk-chat-a-chat-with-themes/" + google-query: inurl:"/wp-content/plugins/rumbletalk-chat-a-chat-with-themes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rumbletalk-chat-a-chat-with-themes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rumbletalk-chat-a-chat-with-themes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rumbletalk-chat-a-chat-with-themes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rustolat-39be907595b014d4e7a7c4f54bad9f2a.yaml b/nuclei-templates/cve-less/plugins/rustolat-39be907595b014d4e7a7c4f54bad9f2a.yaml new file mode 100644 index 0000000000..1a201a85a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rustolat-39be907595b014d4e7a7c4f54bad9f2a.yaml @@ -0,0 +1,58 @@ +id: rustolat-39be907595b014d4e7a7c4f54bad9f2a + +info: + name: > + Rus-To-Lat <= 0.3 - Cross-Site Request Forgery to Plugins Options Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d07d8c3a-5e97-422a-ba20-e0bc206dda59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rustolat/" + google-query: inurl:"/wp-content/plugins/rustolat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rustolat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rustolat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rustolat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ruven-toolkit-81219af6a17b244e1843ac9c7762f11a.yaml b/nuclei-templates/cve-less/plugins/ruven-toolkit-81219af6a17b244e1843ac9c7762f11a.yaml new file mode 100644 index 0000000000..439b4ecaeb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ruven-toolkit-81219af6a17b244e1843ac9c7762f11a.yaml @@ -0,0 +1,58 @@ +id: ruven-toolkit-81219af6a17b244e1843ac9c7762f11a + +info: + name: > + Ruven Toolkit <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01b9f536-cdab-4e38-b935-008cbd899a98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ruven-toolkit/" + google-query: inurl:"/wp-content/plugins/ruven-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ruven-toolkit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ruven-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ruven-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/rvg-optimize-database-75da5a5df58032a31ea21868586e0a7e.yaml b/nuclei-templates/cve-less/plugins/rvg-optimize-database-75da5a5df58032a31ea21868586e0a7e.yaml new file mode 100644 index 0000000000..fa33094242 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/rvg-optimize-database-75da5a5df58032a31ea21868586e0a7e.yaml @@ -0,0 +1,58 @@ +id: rvg-optimize-database-75da5a5df58032a31ea21868586e0a7e + +info: + name: > + Optimize Database after Deleting Revisions <= 5.1.1 - Cross-Site Request Forgery via 'odb_start_manually' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d7e4d9c-d088-48db-88b7-09205115636f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/rvg-optimize-database/" + google-query: inurl:"/wp-content/plugins/rvg-optimize-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,rvg-optimize-database,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/rvg-optimize-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rvg-optimize-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/s2member-0e1b741ad7286ca5428685bd7aed1755.yaml b/nuclei-templates/cve-less/plugins/s2member-0e1b741ad7286ca5428685bd7aed1755.yaml new file mode 100644 index 0000000000..0c5ea9053c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/s2member-0e1b741ad7286ca5428685bd7aed1755.yaml @@ -0,0 +1,58 @@ +id: s2member-0e1b741ad7286ca5428685bd7aed1755 + +info: + name: > + s2Member – Best Membership Plugin for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 230815 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80bfb470-a3df-497f-940d-051ccaa6215b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/s2member/" + google-query: inurl:"/wp-content/plugins/s2member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,s2member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/s2member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "s2member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 230815') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/s2member-5573468f295cf6226ec0e468f3d5d806.yaml b/nuclei-templates/cve-less/plugins/s2member-5573468f295cf6226ec0e468f3d5d806.yaml new file mode 100644 index 0000000000..2b8d0fb4b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/s2member-5573468f295cf6226ec0e468f3d5d806.yaml @@ -0,0 +1,58 @@ +id: s2member-5573468f295cf6226ec0e468f3d5d806 + +info: + name: > + s2Member <= 240315 - Limited Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26e7dd3f-5bdd-47d2-a013-82db72b4eae6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/s2member/" + google-query: inurl:"/wp-content/plugins/s2member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,s2member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/s2member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "s2member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 240315') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/s2member-e07374f70a1aa87298a8b60340913353.yaml b/nuclei-templates/cve-less/plugins/s2member-e07374f70a1aa87298a8b60340913353.yaml new file mode 100644 index 0000000000..65df173c5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/s2member-e07374f70a1aa87298a8b60340913353.yaml @@ -0,0 +1,58 @@ +id: s2member-e07374f70a1aa87298a8b60340913353 + +info: + name: > + s2Member® Framework (Membership, Member Level Roles, Access Capabilities, PayPal Members) < 111220 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ed25de7-f002-4108-b2c6-f790acbbe27b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/s2member/" + google-query: inurl:"/wp-content/plugins/s2member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,s2member,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/s2member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "s2member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 111220') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/s2member-secure-file-browser-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/s2member-secure-file-browser-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..525fa6bb3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/s2member-secure-file-browser-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: s2member-secure-file-browser-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/s2member-secure-file-browser/" + google-query: inurl:"/wp-content/plugins/s2member-secure-file-browser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,s2member-secure-file-browser,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/s2member-secure-file-browser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "s2member-secure-file-browser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.4.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/s3-video-2f8d0ca1e6e86f93253415194d417267.yaml b/nuclei-templates/cve-less/plugins/s3-video-2f8d0ca1e6e86f93253415194d417267.yaml new file mode 100644 index 0000000000..0dda88cdf2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/s3-video-2f8d0ca1e6e86f93253415194d417267.yaml @@ -0,0 +1,58 @@ +id: s3-video-2f8d0ca1e6e86f93253415194d417267 + +info: + name: > + S3 Video <= 0.983 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58410382-8820-49e2-8dfd-87937287b8d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/s3-video/" + google-query: inurl:"/wp-content/plugins/s3-video/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,s3-video,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/s3-video/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "s3-video" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.983') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/s3-video-b308d8dd463cbe3361a5a4c348d193ac.yaml b/nuclei-templates/cve-less/plugins/s3-video-b308d8dd463cbe3361a5a4c348d193ac.yaml new file mode 100644 index 0000000000..1162290d9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/s3-video-b308d8dd463cbe3361a5a4c348d193ac.yaml @@ -0,0 +1,58 @@ +id: s3-video-b308d8dd463cbe3361a5a4c348d193ac + +info: + name: > + S3 Video <= 0.982 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad254899-983b-42bc-a248-7dbf9003d06c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/s3-video/" + google-query: inurl:"/wp-content/plugins/s3-video/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,s3-video,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/s3-video/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "s3-video" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.982') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/s3bubble-amazon-s3-audio-streaming-727a6d10eed1dfebfba432e96cc38739.yaml b/nuclei-templates/cve-less/plugins/s3bubble-amazon-s3-audio-streaming-727a6d10eed1dfebfba432e96cc38739.yaml new file mode 100644 index 0000000000..cdd636269a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/s3bubble-amazon-s3-audio-streaming-727a6d10eed1dfebfba432e96cc38739.yaml @@ -0,0 +1,58 @@ +id: s3bubble-amazon-s3-audio-streaming-727a6d10eed1dfebfba432e96cc38739 + +info: + name: > + S3Bubble Cloud Video with Adverts and Analytics < 4.8 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b76b3dd2-bf6b-4b18-9666-2ecbf628437c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/s3bubble-amazon-s3-audio-streaming/" + google-query: inurl:"/wp-content/plugins/s3bubble-amazon-s3-audio-streaming/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,s3bubble-amazon-s3-audio-streaming,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/s3bubble-amazon-s3-audio-streaming/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "s3bubble-amazon-s3-audio-streaming" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/s3bubble-amazon-s3-html-5-video-with-adverts-94a35e06d280c2901bcd1f032d9e8a1d.yaml b/nuclei-templates/cve-less/plugins/s3bubble-amazon-s3-html-5-video-with-adverts-94a35e06d280c2901bcd1f032d9e8a1d.yaml new file mode 100644 index 0000000000..c6aedca6d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/s3bubble-amazon-s3-html-5-video-with-adverts-94a35e06d280c2901bcd1f032d9e8a1d.yaml @@ -0,0 +1,58 @@ +id: s3bubble-amazon-s3-html-5-video-with-adverts-94a35e06d280c2901bcd1f032d9e8a1d + +info: + name: > + S3 Bubble Amazon S3 HTML5 Video with Adverts <= 0.7 - Directory Traversal to Arbitrary File Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a102478c-c704-47d4-8b2b-492f75ec38b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/" + google-query: inurl:"/wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,s3bubble-amazon-s3-html-5-video-with-adverts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "s3bubble-amazon-s3-html-5-video-with-adverts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/saan-world-clock-dbff9a993e10a4f80cd4718f67303541.yaml b/nuclei-templates/cve-less/plugins/saan-world-clock-dbff9a993e10a4f80cd4718f67303541.yaml new file mode 100644 index 0000000000..d70ad4d4a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/saan-world-clock-dbff9a993e10a4f80cd4718f67303541.yaml @@ -0,0 +1,58 @@ +id: saan-world-clock-dbff9a993e10a4f80cd4718f67303541 + +info: + name: > + Saan World Clock <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f673be3-04fe-4a42-ae50-9cf4fd5e63d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/saan-world-clock/" + google-query: inurl:"/wp-content/plugins/saan-world-clock/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,saan-world-clock,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/saan-world-clock/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "saan-world-clock" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sabre-8a88cbe198527237519cb3478f4555ce.yaml b/nuclei-templates/cve-less/plugins/sabre-8a88cbe198527237519cb3478f4555ce.yaml new file mode 100644 index 0000000000..fc1705ff15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sabre-8a88cbe198527237519cb3478f4555ce.yaml @@ -0,0 +1,58 @@ +id: sabre-8a88cbe198527237519cb3478f4555ce + +info: + name: > + Sabre < 1.2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b7802a-3cbe-4488-93d2-5f8a34faf8ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sabre/" + google-query: inurl:"/wp-content/plugins/sabre/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sabre,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sabre/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sabre" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/safe-editor-e01a95cfae1821b6d1bcf2a917c4f01c.yaml b/nuclei-templates/cve-less/plugins/safe-editor-e01a95cfae1821b6d1bcf2a917c4f01c.yaml new file mode 100644 index 0000000000..82311555a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/safe-editor-e01a95cfae1821b6d1bcf2a917c4f01c.yaml @@ -0,0 +1,58 @@ +id: safe-editor-e01a95cfae1821b6d1bcf2a917c4f01c + +info: + name: > + Safe Editor < 1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0cf5711-a02b-4db7-9bf7-47d512680428?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/safe-editor/" + google-query: inurl:"/wp-content/plugins/safe-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,safe-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/safe-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "safe-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/safe-redirect-manager-05c2167f7f1f78fa58c980d418931b2c.yaml b/nuclei-templates/cve-less/plugins/safe-redirect-manager-05c2167f7f1f78fa58c980d418931b2c.yaml new file mode 100644 index 0000000000..e0ad8e8e82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/safe-redirect-manager-05c2167f7f1f78fa58c980d418931b2c.yaml @@ -0,0 +1,58 @@ +id: safe-redirect-manager-05c2167f7f1f78fa58c980d418931b2c + +info: + name: > + got (JS Package) <= 11.8.4 and 12.0-<12.1.0 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47681954-37ed-493b-b4da-9e9032e561b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/safe-redirect-manager/" + google-query: inurl:"/wp-content/plugins/safe-redirect-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,safe-redirect-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/safe-redirect-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "safe-redirect-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/safe-svg-1cccf375a4463c9d416a20eff76583ef.yaml b/nuclei-templates/cve-less/plugins/safe-svg-1cccf375a4463c9d416a20eff76583ef.yaml new file mode 100644 index 0000000000..de29162c0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/safe-svg-1cccf375a4463c9d416a20eff76583ef.yaml @@ -0,0 +1,58 @@ +id: safe-svg-1cccf375a4463c9d416a20eff76583ef + +info: + name: > + Safe SVG <= 1.9.4 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4f4fcaa-4c66-49f6-b13f-da112ae26e21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/safe-svg/" + google-query: inurl:"/wp-content/plugins/safe-svg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,safe-svg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/safe-svg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "safe-svg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/safe-svg-8b2ac3daa03fbba70cf83c4563849d67.yaml b/nuclei-templates/cve-less/plugins/safe-svg-8b2ac3daa03fbba70cf83c4563849d67.yaml new file mode 100644 index 0000000000..f5b9ba6e36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/safe-svg-8b2ac3daa03fbba70cf83c4563849d67.yaml @@ -0,0 +1,58 @@ +id: safe-svg-8b2ac3daa03fbba70cf83c4563849d67 + +info: + name: > + Safe SVG <= 1.9.9 - Content-Type Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbf25275-eb33-4581-8602-e8a64ba78692?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/safe-svg/" + google-query: inurl:"/wp-content/plugins/safe-svg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,safe-svg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/safe-svg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "safe-svg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/safe-svg-b58eeb8e60d6f7c5cf602173c2c00549.yaml b/nuclei-templates/cve-less/plugins/safe-svg-b58eeb8e60d6f7c5cf602173c2c00549.yaml new file mode 100644 index 0000000000..4579601e00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/safe-svg-b58eeb8e60d6f7c5cf602173c2c00549.yaml @@ -0,0 +1,58 @@ +id: safe-svg-b58eeb8e60d6f7c5cf602173c2c00549 + +info: + name: > + SVG Sanitizer library <= 0.15.4 - Cross-Site Scripting Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca73de6d-2d47-4d7c-a917-0f99fed8c27d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/safe-svg/" + google-query: inurl:"/wp-content/plugins/safe-svg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,safe-svg,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/safe-svg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "safe-svg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/safe-svg-d8ec46ad4534895bbeab1b52d6693d3b.yaml b/nuclei-templates/cve-less/plugins/safe-svg-d8ec46ad4534895bbeab1b52d6693d3b.yaml new file mode 100644 index 0000000000..708b49923b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/safe-svg-d8ec46ad4534895bbeab1b52d6693d3b.yaml @@ -0,0 +1,58 @@ +id: safe-svg-d8ec46ad4534895bbeab1b52d6693d3b + +info: + name: > + Safe SVG <= 1.9.4 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01eef49c-79c1-40a0-9b4b-05a699d47a41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/safe-svg/" + google-query: inurl:"/wp-content/plugins/safe-svg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,safe-svg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/safe-svg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "safe-svg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sagepay-direct-for-woocommerce-payment-gateway-9e6de6f10cec1c471c1242da8d788708.yaml b/nuclei-templates/cve-less/plugins/sagepay-direct-for-woocommerce-payment-gateway-9e6de6f10cec1c471c1242da8d788708.yaml new file mode 100644 index 0000000000..95f68bd0e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sagepay-direct-for-woocommerce-payment-gateway-9e6de6f10cec1c471c1242da8d788708.yaml @@ -0,0 +1,58 @@ +id: sagepay-direct-for-woocommerce-payment-gateway-9e6de6f10cec1c471c1242da8d788708 + +info: + name: > + WooCommerce SagePay Direct Payment Gateway < 0.1.6.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a72e60d7-6019-4d88-88f4-22ec4dedbdd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sagepay-direct-for-woocommerce-payment-gateway/" + google-query: inurl:"/wp-content/plugins/sagepay-direct-for-woocommerce-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sagepay-direct-for-woocommerce-payment-gateway,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sagepay-direct-for-woocommerce-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sagepay-direct-for-woocommerce-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.1.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sagepay-server-gateway-for-woocommerce-436125bac0484b579189e9f21786e904.yaml b/nuclei-templates/cve-less/plugins/sagepay-server-gateway-for-woocommerce-436125bac0484b579189e9f21786e904.yaml new file mode 100644 index 0000000000..13479e10cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sagepay-server-gateway-for-woocommerce-436125bac0484b579189e9f21786e904.yaml @@ -0,0 +1,58 @@ +id: sagepay-server-gateway-for-woocommerce-436125bac0484b579189e9f21786e904 + +info: + name: > + SagePay Server Gateway for WooCommerce < 1.0.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efb37c6a-e1a0-4960-b53a-858b22b6e706?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sagepay-server-gateway-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/sagepay-server-gateway-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sagepay-server-gateway-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sagepay-server-gateway-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sagepay-server-gateway-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sahu-tiktok-pixel-c3f117930fe59986e129269f444e98be.yaml b/nuclei-templates/cve-less/plugins/sahu-tiktok-pixel-c3f117930fe59986e129269f444e98be.yaml new file mode 100644 index 0000000000..a20400f013 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sahu-tiktok-pixel-c3f117930fe59986e129269f444e98be.yaml @@ -0,0 +1,58 @@ +id: sahu-tiktok-pixel-c3f117930fe59986e129269f444e98be + +info: + name: > + SAHU TikTok Pixel for E-Commerce <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28cddb4c-32a1-4ea9-936d-5ec7ffd84753?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sahu-tiktok-pixel/" + google-query: inurl:"/wp-content/plugins/sahu-tiktok-pixel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sahu-tiktok-pixel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sahu-tiktok-pixel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sahu-tiktok-pixel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sailthru-triggermail-579cd3fc5c2399656d85cbe343c14eef.yaml b/nuclei-templates/cve-less/plugins/sailthru-triggermail-579cd3fc5c2399656d85cbe343c14eef.yaml new file mode 100644 index 0000000000..8f03653a65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sailthru-triggermail-579cd3fc5c2399656d85cbe343c14eef.yaml @@ -0,0 +1,58 @@ +id: sailthru-triggermail-579cd3fc5c2399656d85cbe343c14eef + +info: + name: > + Sailthru Triggermail <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c657ea2-ff7b-4ef2-a7dd-a330484dd821?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sailthru-triggermail/" + google-query: inurl:"/wp-content/plugins/sailthru-triggermail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sailthru-triggermail,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sailthru-triggermail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sailthru-triggermail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sailthru-triggermail-a4f4eba72296421005733a610933f605.yaml b/nuclei-templates/cve-less/plugins/sailthru-triggermail-a4f4eba72296421005733a610933f605.yaml new file mode 100644 index 0000000000..e8e66b870b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sailthru-triggermail-a4f4eba72296421005733a610933f605.yaml @@ -0,0 +1,58 @@ +id: sailthru-triggermail-a4f4eba72296421005733a610933f605 + +info: + name: > + Sailthru Triggermail <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b6be9c5-0142-458e-bf7e-2d4ae169e555?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sailthru-triggermail/" + google-query: inurl:"/wp-content/plugins/sailthru-triggermail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sailthru-triggermail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sailthru-triggermail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sailthru-triggermail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salat-times-dff51ecf68a2a27471cd48bde63ce4a2.yaml b/nuclei-templates/cve-less/plugins/salat-times-dff51ecf68a2a27471cd48bde63ce4a2.yaml new file mode 100644 index 0000000000..acb5d98902 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salat-times-dff51ecf68a2a27471cd48bde63ce4a2.yaml @@ -0,0 +1,58 @@ +id: salat-times-dff51ecf68a2a27471cd48bde63ce4a2 + +info: + name: > + Salat Times < = 3.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f5eef96-b9db-444b-82b8-86132376e29c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salat-times/" + google-query: inurl:"/wp-content/plugins/salat-times/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salat-times,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salat-times/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salat-times" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salert-5727788917ca5dc70c5a2a8fc41d6ea0.yaml b/nuclei-templates/cve-less/plugins/salert-5727788917ca5dc70c5a2a8fc41d6ea0.yaml new file mode 100644 index 0000000000..48054029e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salert-5727788917ca5dc70c5a2a8fc41d6ea0.yaml @@ -0,0 +1,58 @@ +id: salert-5727788917ca5dc70c5a2a8fc41d6ea0 + +info: + name: > + SALERT <= 1.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6748841a-0984-4840-90ba-0eeff8564198?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salert/" + google-query: inurl:"/wp-content/plugins/salert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salert,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salert-f2eb2411647af07955e8ded396c4583e.yaml b/nuclei-templates/cve-less/plugins/salert-f2eb2411647af07955e8ded396c4583e.yaml new file mode 100644 index 0000000000..3633fbacc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salert-f2eb2411647af07955e8ded396c4583e.yaml @@ -0,0 +1,58 @@ +id: salert-f2eb2411647af07955e8ded396c4583e + +info: + name: > + SALERT <= 1.2.1 - Missing Authorization via salert_save_settings_with_ajax() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9e45ae8-e5b5-460b-80f8-de562ae7c56a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salert/" + google-query: inurl:"/wp-content/plugins/salert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salert,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sales-report-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/sales-report-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..d560f6cac1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sales-report-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: sales-report-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sales-report-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/sales-report-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sales-report-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sales-report-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sales-report-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salesking-4ad4863544909ca65fb59059a85b6ca2.yaml b/nuclei-templates/cve-less/plugins/salesking-4ad4863544909ca65fb59059a85b6ca2.yaml new file mode 100644 index 0000000000..023cc92d75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salesking-4ad4863544909ca65fb59059a85b6ca2.yaml @@ -0,0 +1,58 @@ +id: salesking-4ad4863544909ca65fb59059a85b6ca2 + +info: + name: > + SalesKing <= 1.6.15 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70b00cfc-4a9b-442a-9c80-fd080924ca34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salesking/" + google-query: inurl:"/wp-content/plugins/salesking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salesking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salesking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salesking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salesking-c34456b0a354174a8b99c79db450a526.yaml b/nuclei-templates/cve-less/plugins/salesking-c34456b0a354174a8b99c79db450a526.yaml new file mode 100644 index 0000000000..14c926ec76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salesking-c34456b0a354174a8b99c79db450a526.yaml @@ -0,0 +1,58 @@ +id: salesking-c34456b0a354174a8b99c79db450a526 + +info: + name: > + SalesKing <= 1.6.15 - Missing Authorization to Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c86f157e-e7f2-4b00-977c-c4cc7c2b3b0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salesking/" + google-query: inurl:"/wp-content/plugins/salesking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salesking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salesking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salesking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salesking-d2407407e16d8affae24d481d0b34cb9.yaml b/nuclei-templates/cve-less/plugins/salesking-d2407407e16d8affae24d481d0b34cb9.yaml new file mode 100644 index 0000000000..ff1a1fb21c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salesking-d2407407e16d8affae24d481d0b34cb9.yaml @@ -0,0 +1,58 @@ +id: salesking-d2407407e16d8affae24d481d0b34cb9 + +info: + name: > + SalesKing <= 1.6.15 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52198053-206c-4002-8e26-dd5b4850e151?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salesking/" + google-query: inurl:"/wp-content/plugins/salesking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salesking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salesking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salesking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salesmanago-eaa83ff52990564332c5852f905f9fb7.yaml b/nuclei-templates/cve-less/plugins/salesmanago-eaa83ff52990564332c5852f905f9fb7.yaml new file mode 100644 index 0000000000..61fccc3f7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salesmanago-eaa83ff52990564332c5852f905f9fb7.yaml @@ -0,0 +1,58 @@ +id: salesmanago-eaa83ff52990564332c5852f905f9fb7 + +info: + name: > + SALESmanago <= 3.2.4 - Log Injection via Weak Authentication Token + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de7db1d6-b352-44c7-a6cc-b21cb65a0482?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salesmanago/" + google-query: inurl:"/wp-content/plugins/salesmanago/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salesmanago,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salesmanago/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salesmanago" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salient-core-6883c989062268d5da80d537f9e1e493.yaml b/nuclei-templates/cve-less/plugins/salient-core-6883c989062268d5da80d537f9e1e493.yaml new file mode 100644 index 0000000000..4aedcb0b8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salient-core-6883c989062268d5da80d537f9e1e493.yaml @@ -0,0 +1,58 @@ +id: salient-core-6883c989062268d5da80d537f9e1e493 + +info: + name: > + Salient Core <= 2.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1ae1b28-ea9e-4446-8b03-b5a8eaac1042?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salient-core/" + google-query: inurl:"/wp-content/plugins/salient-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salient-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salient-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salient-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salient-core-80c6230c139aaee435c35c9df894dae1.yaml b/nuclei-templates/cve-less/plugins/salient-core-80c6230c139aaee435c35c9df894dae1.yaml new file mode 100644 index 0000000000..70d1e26889 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salient-core-80c6230c139aaee435c35c9df894dae1.yaml @@ -0,0 +1,58 @@ +id: salient-core-80c6230c139aaee435c35c9df894dae1 + +info: + name: > + Salient Core <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/316ffb37-47fe-47c4-8a81-5794fa12ce33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salient-core/" + google-query: inurl:"/wp-content/plugins/salient-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salient-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salient-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salient-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-00157407495e1ef41be2fc477a456a7d.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-00157407495e1ef41be2fc477a456a7d.yaml new file mode 100644 index 0000000000..4d3b21aa80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-00157407495e1ef41be2fc477a456a7d.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-00157407495e1ef41be2fc477a456a7d + +info: + name: > + Salon booking system <= 9.6.5 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abf1ace3-e066-4f28-9f37-3e9fa79aef7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-0bea880f7043c5054d61f7e9d6ba4d2f.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-0bea880f7043c5054d61f7e9d6ba4d2f.yaml new file mode 100644 index 0000000000..1803a65db5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-0bea880f7043c5054d61f7e9d6ba4d2f.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-0bea880f7043c5054d61f7e9d6ba4d2f + +info: + name: > + Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting via Email Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45ddf224-b359-45ec-97a0-5a3257f56420?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-12219750d7664db4408ea75c73fa706d.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-12219750d7664db4408ea75c73fa706d.yaml new file mode 100644 index 0000000000..bd066ae10b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-12219750d7664db4408ea75c73fa706d.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-12219750d7664db4408ea75c73fa706d + +info: + name: > + Salon booking system < 8.7 - Authenticated (Editor+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cac7f96-eb64-427d-9a95-b8bf1c675af0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-17739eab6c3078839f62948bae53f8f7.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-17739eab6c3078839f62948bae53f8f7.yaml new file mode 100644 index 0000000000..f5b978b675 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-17739eab6c3078839f62948bae53f8f7.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-17739eab6c3078839f62948bae53f8f7 + +info: + name: > + Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Data Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a82ac1c9-e037-4afa-b433-2efef2e61403?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-1874294040d198d9f843d58bbcc1548b.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-1874294040d198d9f843d58bbcc1548b.yaml new file mode 100644 index 0000000000..f9452f563f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-1874294040d198d9f843d58bbcc1548b.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-1874294040d198d9f843d58bbcc1548b + +info: + name: > + Salon booking system <= 7.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8eb778d0-2aa4-4d0a-9ac1-42af51c335bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-3a9e5880883b3238662167448ae8e190.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-3a9e5880883b3238662167448ae8e190.yaml new file mode 100644 index 0000000000..63c5078c9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-3a9e5880883b3238662167448ae8e190.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-3a9e5880883b3238662167448ae8e190 + +info: + name: > + Salon Booking System <= 8.4.6 - Cross-Site Request Forgery to Admin Role Change to Customer, User Meta Update via save_customer + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93875f19-d9b9-4e33-bba9-afc75cf26bf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-473ae39f2c9b117fd21ddfea3f742daa.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-473ae39f2c9b117fd21ddfea3f742daa.yaml new file mode 100644 index 0000000000..75b53336e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-473ae39f2c9b117fd21ddfea3f742daa.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-473ae39f2c9b117fd21ddfea3f742daa + +info: + name: > + Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting via 'sms_prefix' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32c4cb55-855c-42ed-a9ac-90f92e8583e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-80865fbe8c06ec562ac960b28b962ecd.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-80865fbe8c06ec562ac960b28b962ecd.yaml new file mode 100644 index 0000000000..ee3c95d878 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-80865fbe8c06ec562ac960b28b962ecd.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-80865fbe8c06ec562ac960b28b962ecd + +info: + name: > + Salon Booking System and Salon Booking System Pro <= 7.6.2 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d830b73c-0666-4632-8001-fe2c467a37a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-826b0e6fc8bdc77439da0a867a102476.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-826b0e6fc8bdc77439da0a867a102476.yaml new file mode 100644 index 0000000000..8fad9cef7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-826b0e6fc8bdc77439da0a867a102476.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-826b0e6fc8bdc77439da0a867a102476 + +info: + name: > + Salon booking system < 6.3.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13657ad7-7185-4be2-98e2-aeaf8514ad4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-9935fc74a7e8d09ff1c372489adcc9dd.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-9935fc74a7e8d09ff1c372489adcc9dd.yaml new file mode 100644 index 0000000000..100da3c29e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-9935fc74a7e8d09ff1c372489adcc9dd.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-9935fc74a7e8d09ff1c372489adcc9dd + +info: + name: > + Salon booking system <= 9.5 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/929fd4e6-9040-41cb-98f0-0cfdd80caf42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-c957720e1b76962412e197bc09cb35e8.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-c957720e1b76962412e197bc09cb35e8.yaml new file mode 100644 index 0000000000..857fb3c038 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-c957720e1b76962412e197bc09cb35e8.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-c957720e1b76962412e197bc09cb35e8 + +info: + name: > + Salon booking system <= 9.6.5 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2c837b9-c205-4fdc-8305-b9387dedd581?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/salon-booking-system-f991f9853892bf031ebb72c811af6b0f.yaml b/nuclei-templates/cve-less/plugins/salon-booking-system-f991f9853892bf031ebb72c811af6b0f.yaml new file mode 100644 index 0000000000..4e512b1cad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/salon-booking-system-f991f9853892bf031ebb72c811af6b0f.yaml @@ -0,0 +1,58 @@ +id: salon-booking-system-f991f9853892bf031ebb72c811af6b0f + +info: + name: > + Salon booking system <= 9.6.2 - Authenticated (Customer+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bd6c6f7-a535-4e3a-8d72-01007d00d6be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/salon-booking-system/" + google-query: inurl:"/wp-content/plugins/salon-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,salon-booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/salon-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salon-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sangar-slider-lite-3b9bd1e4f5897df85a36d204f832a5eb.yaml b/nuclei-templates/cve-less/plugins/sangar-slider-lite-3b9bd1e4f5897df85a36d204f832a5eb.yaml new file mode 100644 index 0000000000..ef94794a86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sangar-slider-lite-3b9bd1e4f5897df85a36d204f832a5eb.yaml @@ -0,0 +1,58 @@ +id: sangar-slider-lite-3b9bd1e4f5897df85a36d204f832a5eb + +info: + name: > + Sangar Slider <= 1.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2d20052-184e-473d-8e5b-46b7dd270c52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sangar-slider-lite/" + google-query: inurl:"/wp-content/plugins/sangar-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sangar-slider-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sangar-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sangar-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/saphali-woocommerce-lite-56ba6deff570cd4e7d1696cb032991b3.yaml b/nuclei-templates/cve-less/plugins/saphali-woocommerce-lite-56ba6deff570cd4e7d1696cb032991b3.yaml new file mode 100644 index 0000000000..06385893f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/saphali-woocommerce-lite-56ba6deff570cd4e7d1696cb032991b3.yaml @@ -0,0 +1,58 @@ +id: saphali-woocommerce-lite-56ba6deff570cd4e7d1696cb032991b3 + +info: + name: > + Saphali Woocommerce Lite <= 1.8.13 - Cross-Site Request Forgery via 'woocommerce_saphali_page_s_l' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c58d9011-a082-48ca-b702-ef5563af2c66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/saphali-woocommerce-lite/" + google-query: inurl:"/wp-content/plugins/saphali-woocommerce-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,saphali-woocommerce-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/saphali-woocommerce-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "saphali-woocommerce-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sassy-social-share-40aacb4df39566c6bb333af52f28e227.yaml b/nuclei-templates/cve-less/plugins/sassy-social-share-40aacb4df39566c6bb333af52f28e227.yaml new file mode 100644 index 0000000000..2c965f8e6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sassy-social-share-40aacb4df39566c6bb333af52f28e227.yaml @@ -0,0 +1,58 @@ +id: sassy-social-share-40aacb4df39566c6bb333af52f28e227 + +info: + name: > + Sassy Social Share 3.3.23 - Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddb7b668-f023-427e-9ab5-90dc6d481028?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sassy-social-share/" + google-query: inurl:"/wp-content/plugins/sassy-social-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sassy-social-share,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sassy-social-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sassy-social-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.3.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sassy-social-share-4d80f38d93d7f5f929f7caeb5348b571.yaml b/nuclei-templates/cve-less/plugins/sassy-social-share-4d80f38d93d7f5f929f7caeb5348b571.yaml new file mode 100644 index 0000000000..a487003eab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sassy-social-share-4d80f38d93d7f5f929f7caeb5348b571.yaml @@ -0,0 +1,58 @@ +id: sassy-social-share-4d80f38d93d7f5f929f7caeb5348b571 + +info: + name: > + Sassy Social Share <= 3.3.60 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c745b86b-8ab7-4e04-8888-65e43d568410?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sassy-social-share/" + google-query: inurl:"/wp-content/plugins/sassy-social-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sassy-social-share,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sassy-social-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sassy-social-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.60') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sassy-social-share-6150ea7134cb72d73e6e7ce3f51ab46c.yaml b/nuclei-templates/cve-less/plugins/sassy-social-share-6150ea7134cb72d73e6e7ce3f51ab46c.yaml new file mode 100644 index 0000000000..551441dfb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sassy-social-share-6150ea7134cb72d73e6e7ce3f51ab46c.yaml @@ -0,0 +1,58 @@ +id: sassy-social-share-6150ea7134cb72d73e6e7ce3f51ab46c + +info: + name: > + Sassy Social Share <= 3.3.56 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c2f4b74-2568-4e5a-b55f-0130096bc19f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sassy-social-share/" + google-query: inurl:"/wp-content/plugins/sassy-social-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sassy-social-share,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sassy-social-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sassy-social-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.56') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sassy-social-share-754268962b0bd973cebfd375c7df9425.yaml b/nuclei-templates/cve-less/plugins/sassy-social-share-754268962b0bd973cebfd375c7df9425.yaml new file mode 100644 index 0000000000..bdf8d9205f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sassy-social-share-754268962b0bd973cebfd375c7df9425.yaml @@ -0,0 +1,58 @@ +id: sassy-social-share-754268962b0bd973cebfd375c7df9425 + +info: + name: > + Sassy Social Share <= 3.3.39 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/650dbbaa-4348-42a6-973c-487f53430955?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sassy-social-share/" + google-query: inurl:"/wp-content/plugins/sassy-social-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sassy-social-share,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sassy-social-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sassy-social-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sassy-social-share-c564c36d083131df8b70721d4380612a.yaml b/nuclei-templates/cve-less/plugins/sassy-social-share-c564c36d083131df8b70721d4380612a.yaml new file mode 100644 index 0000000000..7051d571b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sassy-social-share-c564c36d083131df8b70721d4380612a.yaml @@ -0,0 +1,58 @@ +id: sassy-social-share-c564c36d083131df8b70721d4380612a + +info: + name: > + Social Sharing Plugin – Sassy Social Share <= 3.3.58 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bdceb07a-87d2-4708-b76b-5a8fcfff0818?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sassy-social-share/" + google-query: inurl:"/wp-content/plugins/sassy-social-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sassy-social-share,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sassy-social-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sassy-social-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.58') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sassy-social-share-f793e64947f92282a534916c8b501137.yaml b/nuclei-templates/cve-less/plugins/sassy-social-share-f793e64947f92282a534916c8b501137.yaml new file mode 100644 index 0000000000..0965370d2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sassy-social-share-f793e64947f92282a534916c8b501137.yaml @@ -0,0 +1,58 @@ +id: sassy-social-share-f793e64947f92282a534916c8b501137 + +info: + name: > + Sassy Social Share <= 3.3.44 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23a003aa-d929-4ec3-9d6f-da97222342dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sassy-social-share/" + google-query: inurl:"/wp-content/plugins/sassy-social-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sassy-social-share,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sassy-social-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sassy-social-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/save-as-image-by-pdfcrowd-67ad930884b5b87d29530a8be64ff268.yaml b/nuclei-templates/cve-less/plugins/save-as-image-by-pdfcrowd-67ad930884b5b87d29530a8be64ff268.yaml new file mode 100644 index 0000000000..8d625f3bb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/save-as-image-by-pdfcrowd-67ad930884b5b87d29530a8be64ff268.yaml @@ -0,0 +1,58 @@ +id: save-as-image-by-pdfcrowd-67ad930884b5b87d29530a8be64ff268 + +info: + name: > + Save as Image plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74b284b7-ec0a-42c1-82e5-0c8cb422c0c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/save-as-image-by-pdfcrowd/" + google-query: inurl:"/wp-content/plugins/save-as-image-by-pdfcrowd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,save-as-image-by-pdfcrowd,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/save-as-image-by-pdfcrowd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "save-as-image-by-pdfcrowd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/save-as-image-by-pdfcrowd-e66b394b6ca847ce34ca3e1d63c12c27.yaml b/nuclei-templates/cve-less/plugins/save-as-image-by-pdfcrowd-e66b394b6ca847ce34ca3e1d63c12c27.yaml new file mode 100644 index 0000000000..0833c6645c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/save-as-image-by-pdfcrowd-e66b394b6ca847ce34ca3e1d63c12c27.yaml @@ -0,0 +1,58 @@ +id: save-as-image-by-pdfcrowd-e66b394b6ca847ce34ca3e1d63c12c27 + +info: + name: > + Save as Image <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb1693c7-4c38-4723-868a-9f105dac1561?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/save-as-image-by-pdfcrowd/" + google-query: inurl:"/wp-content/plugins/save-as-image-by-pdfcrowd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,save-as-image-by-pdfcrowd,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/save-as-image-by-pdfcrowd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "save-as-image-by-pdfcrowd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/save-as-pdf-by-pdfcrowd-1cdee5629acdb013a2031fc71ce18e3f.yaml b/nuclei-templates/cve-less/plugins/save-as-pdf-by-pdfcrowd-1cdee5629acdb013a2031fc71ce18e3f.yaml new file mode 100644 index 0000000000..9e5ff05c86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/save-as-pdf-by-pdfcrowd-1cdee5629acdb013a2031fc71ce18e3f.yaml @@ -0,0 +1,58 @@ +id: save-as-pdf-by-pdfcrowd-1cdee5629acdb013a2031fc71ce18e3f + +info: + name: > + Save as PDF <= 3.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92484681-e677-4a7b-b2df-40aad49baf44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/save-as-pdf-by-pdfcrowd/" + google-query: inurl:"/wp-content/plugins/save-as-pdf-by-pdfcrowd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,save-as-pdf-by-pdfcrowd,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/save-as-pdf-by-pdfcrowd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "save-as-pdf-by-pdfcrowd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/save-as-pdf-by-pdfcrowd-2aaf513c887290d1b06e4a97482b6da3.yaml b/nuclei-templates/cve-less/plugins/save-as-pdf-by-pdfcrowd-2aaf513c887290d1b06e4a97482b6da3.yaml new file mode 100644 index 0000000000..c728cae9b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/save-as-pdf-by-pdfcrowd-2aaf513c887290d1b06e4a97482b6da3.yaml @@ -0,0 +1,58 @@ +id: save-as-pdf-by-pdfcrowd-2aaf513c887290d1b06e4a97482b6da3 + +info: + name: > + Save as PDF plugin by Pdfcrowd <= 3.2.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7e18997-90be-4fa4-aa4f-3b79544e00f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/save-as-pdf-by-pdfcrowd/" + google-query: inurl:"/wp-content/plugins/save-as-pdf-by-pdfcrowd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,save-as-pdf-by-pdfcrowd,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/save-as-pdf-by-pdfcrowd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "save-as-pdf-by-pdfcrowd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/save-as-pdf-by-pdfcrowd-b2cea8a198e9a575447977f949754486.yaml b/nuclei-templates/cve-less/plugins/save-as-pdf-by-pdfcrowd-b2cea8a198e9a575447977f949754486.yaml new file mode 100644 index 0000000000..b8f18e298b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/save-as-pdf-by-pdfcrowd-b2cea8a198e9a575447977f949754486.yaml @@ -0,0 +1,58 @@ +id: save-as-pdf-by-pdfcrowd-b2cea8a198e9a575447977f949754486 + +info: + name: > + Save as PDF plugin by Pdfcrowd <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52056177-8604-48b9-ab50-d0dc1e13a3d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/save-as-pdf-by-pdfcrowd/" + google-query: inurl:"/wp-content/plugins/save-as-pdf-by-pdfcrowd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,save-as-pdf-by-pdfcrowd,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/save-as-pdf-by-pdfcrowd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "save-as-pdf-by-pdfcrowd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/save-grab-abad4bfa80c4735594596dcf267be185.yaml b/nuclei-templates/cve-less/plugins/save-grab-abad4bfa80c4735594596dcf267be185.yaml new file mode 100644 index 0000000000..660839187c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/save-grab-abad4bfa80c4735594596dcf267be185.yaml @@ -0,0 +1,58 @@ +id: save-grab-abad4bfa80c4735594596dcf267be185 + +info: + name: > + Grab & Save <= 1.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cd4b1da-faee-4c4e-b323-e77c4c033149?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/save-grab/" + google-query: inurl:"/wp-content/plugins/save-grab/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,save-grab,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/save-grab/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "save-grab" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sayfa-sayac-22e02ff5de893b13264dcb770563429d.yaml b/nuclei-templates/cve-less/plugins/sayfa-sayac-22e02ff5de893b13264dcb770563429d.yaml new file mode 100644 index 0000000000..32cf2972ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sayfa-sayac-22e02ff5de893b13264dcb770563429d.yaml @@ -0,0 +1,58 @@ +id: sayfa-sayac-22e02ff5de893b13264dcb770563429d + +info: + name: > + Sayfa Sayaç <= 2.6 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1a29180-901d-447e-8f82-63161b9e11e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sayfa-sayac/" + google-query: inurl:"/wp-content/plugins/sayfa-sayac/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sayfa-sayac,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sayfa-sayac/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sayfa-sayac" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sayfa-sayac-d88d0c224f666498b5887acc3c70b802.yaml b/nuclei-templates/cve-less/plugins/sayfa-sayac-d88d0c224f666498b5887acc3c70b802.yaml new file mode 100644 index 0000000000..e281fcc502 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sayfa-sayac-d88d0c224f666498b5887acc3c70b802.yaml @@ -0,0 +1,58 @@ +id: sayfa-sayac-d88d0c224f666498b5887acc3c70b802 + +info: + name: > + Sayfa Sayaç <= 2.6 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e24c9e9a-4f18-41b6-a0b7-700fecb5d3e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sayfa-sayac/" + google-query: inurl:"/wp-content/plugins/sayfa-sayac/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sayfa-sayac,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sayfa-sayac/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sayfa-sayac" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sb-child-list-321ea6ffd1b44901180d2be13bcb0547.yaml b/nuclei-templates/cve-less/plugins/sb-child-list-321ea6ffd1b44901180d2be13bcb0547.yaml new file mode 100644 index 0000000000..a3ab4c256e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sb-child-list-321ea6ffd1b44901180d2be13bcb0547.yaml @@ -0,0 +1,58 @@ +id: sb-child-list-321ea6ffd1b44901180d2be13bcb0547 + +info: + name: > + SB Child List <= 4.5 - Cross-Site Request Forgery via 'sb_cl_update_settings' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f83be46f-3b51-4a30-88a4-388bcbfd0d2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sb-child-list/" + google-query: inurl:"/wp-content/plugins/sb-child-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sb-child-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sb-child-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sb-child-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sb-elementor-contact-form-db-43e92e48fce7405625b7afca66933559.yaml b/nuclei-templates/cve-less/plugins/sb-elementor-contact-form-db-43e92e48fce7405625b7afca66933559.yaml new file mode 100644 index 0000000000..cea4f4379d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sb-elementor-contact-form-db-43e92e48fce7405625b7afca66933559.yaml @@ -0,0 +1,58 @@ +id: sb-elementor-contact-form-db-43e92e48fce7405625b7afca66933559 + +info: + name: > + Contact Form DB - Elementor <= 1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43a1e5b7-9361-406e-97b7-776b831acc33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sb-elementor-contact-form-db/" + google-query: inurl:"/wp-content/plugins/sb-elementor-contact-form-db/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sb-elementor-contact-form-db,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sb-elementor-contact-form-db/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sb-elementor-contact-form-db" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sb-elementor-contact-form-db-66e7875aa9a79f68060a917eb8074082.yaml b/nuclei-templates/cve-less/plugins/sb-elementor-contact-form-db-66e7875aa9a79f68060a917eb8074082.yaml new file mode 100644 index 0000000000..36e3264d5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sb-elementor-contact-form-db-66e7875aa9a79f68060a917eb8074082.yaml @@ -0,0 +1,58 @@ +id: sb-elementor-contact-form-db-66e7875aa9a79f68060a917eb8074082 + +info: + name: > + Elementor Contact Form DB <= 1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e287e85d-8687-4079-99ea-92718031f343?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sb-elementor-contact-form-db/" + google-query: inurl:"/wp-content/plugins/sb-elementor-contact-form-db/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sb-elementor-contact-form-db,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sb-elementor-contact-form-db/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sb-elementor-contact-form-db" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scalable-vector-graphics-svg-9a645fa828e0b867db978ce345a20000.yaml b/nuclei-templates/cve-less/plugins/scalable-vector-graphics-svg-9a645fa828e0b867db978ce345a20000.yaml new file mode 100644 index 0000000000..c23cfce85f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scalable-vector-graphics-svg-9a645fa828e0b867db978ce345a20000.yaml @@ -0,0 +1,58 @@ +id: scalable-vector-graphics-svg-9a645fa828e0b867db978ce345a20000 + +info: + name: > + Scalable Vector Graphics (SVG) <= 3.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce8028a3-6fca-448f-b9a0-444db651148c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scalable-vector-graphics-svg/" + google-query: inurl:"/wp-content/plugins/scalable-vector-graphics-svg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scalable-vector-graphics-svg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scalable-vector-graphics-svg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scalable-vector-graphics-svg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/schedule-posts-calendar-53afece9446695901fc03dfbb692e04f.yaml b/nuclei-templates/cve-less/plugins/schedule-posts-calendar-53afece9446695901fc03dfbb692e04f.yaml new file mode 100644 index 0000000000..8d4e3ac44d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/schedule-posts-calendar-53afece9446695901fc03dfbb692e04f.yaml @@ -0,0 +1,58 @@ +id: schedule-posts-calendar-53afece9446695901fc03dfbb692e04f + +info: + name: > + Schedule Posts Calendar <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61c815c2-a5ea-431c-bfde-c08a4eb5fda6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/schedule-posts-calendar/" + google-query: inurl:"/wp-content/plugins/schedule-posts-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,schedule-posts-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/schedule-posts-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "schedule-posts-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/schedule-posts-calendar-a076b8ca38d0ad2532c4b659c3b54901.yaml b/nuclei-templates/cve-less/plugins/schedule-posts-calendar-a076b8ca38d0ad2532c4b659c3b54901.yaml new file mode 100644 index 0000000000..20c2930f0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/schedule-posts-calendar-a076b8ca38d0ad2532c4b659c3b54901.yaml @@ -0,0 +1,58 @@ +id: schedule-posts-calendar-a076b8ca38d0ad2532c4b659c3b54901 + +info: + name: > + Schedule Posts Calendar <= 5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d4f490e-c86e-490e-8041-36c154b890aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/schedule-posts-calendar/" + google-query: inurl:"/wp-content/plugins/schedule-posts-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,schedule-posts-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/schedule-posts-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "schedule-posts-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scheduled-announcements-widget-29145e5db5dd5627b3607ea1e36f49b2.yaml b/nuclei-templates/cve-less/plugins/scheduled-announcements-widget-29145e5db5dd5627b3607ea1e36f49b2.yaml new file mode 100644 index 0000000000..517164cbe0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scheduled-announcements-widget-29145e5db5dd5627b3607ea1e36f49b2.yaml @@ -0,0 +1,58 @@ +id: scheduled-announcements-widget-29145e5db5dd5627b3607ea1e36f49b2 + +info: + name: > + Scheduled Announcements Widget <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/755ae574-9df3-44d1-a14b-16887f234510?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scheduled-announcements-widget/" + google-query: inurl:"/wp-content/plugins/scheduled-announcements-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scheduled-announcements-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scheduled-announcements-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scheduled-announcements-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/schedulicity-online-appointment-booking-1a925f12b1905f4ad4c8d17bba7bb15a.yaml b/nuclei-templates/cve-less/plugins/schedulicity-online-appointment-booking-1a925f12b1905f4ad4c8d17bba7bb15a.yaml new file mode 100644 index 0000000000..cc8251c95c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/schedulicity-online-appointment-booking-1a925f12b1905f4ad4c8d17bba7bb15a.yaml @@ -0,0 +1,58 @@ +id: schedulicity-online-appointment-booking-1a925f12b1905f4ad4c8d17bba7bb15a + +info: + name: > + Schedulicity - Easy Online Scheduling <= 2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24b26f17-f973-4a0e-85e2-a70a394246e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/schedulicity-online-appointment-booking/" + google-query: inurl:"/wp-content/plugins/schedulicity-online-appointment-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,schedulicity-online-appointment-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/schedulicity-online-appointment-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "schedulicity-online-appointment-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-157cdd8bc992e58c6e6f6337bc97b4c2.yaml b/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-157cdd8bc992e58c6e6f6337bc97b4c2.yaml new file mode 100644 index 0000000000..3ef613d81e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-157cdd8bc992e58c6e6f6337bc97b4c2.yaml @@ -0,0 +1,58 @@ +id: schema-and-structured-data-for-wp-157cdd8bc992e58c6e6f6337bc97b4c2 + +info: + name: > + Schema & Structured Data for WP & AMP <= 1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0752b4f3-b9f0-4c39-8e4c-2db188600087?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/schema-and-structured-data-for-wp/" + google-query: inurl:"/wp-content/plugins/schema-and-structured-data-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/schema-and-structured-data-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "schema-and-structured-data-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-1fa869ed52b230924c8c94b2bfb591af.yaml b/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-1fa869ed52b230924c8c94b2bfb591af.yaml new file mode 100644 index 0000000000..bfd4cc36b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-1fa869ed52b230924c8c94b2bfb591af.yaml @@ -0,0 +1,58 @@ +id: schema-and-structured-data-for-wp-1fa869ed52b230924c8c94b2bfb591af + +info: + name: > + Schema & Structured Data for WP & AMP <= 1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via How To and FAQ Blocks + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e004bba3-d281-4f84-a941-a6c5b64b9dcd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/schema-and-structured-data-for-wp/" + google-query: inurl:"/wp-content/plugins/schema-and-structured-data-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/schema-and-structured-data-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "schema-and-structured-data-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-24a60434e502bd4fe3a3e9f654b441e8.yaml b/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-24a60434e502bd4fe3a3e9f654b441e8.yaml new file mode 100644 index 0000000000..419e97ada7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-24a60434e502bd4fe3a3e9f654b441e8.yaml @@ -0,0 +1,58 @@ +id: schema-and-structured-data-for-wp-24a60434e502bd4fe3a3e9f654b441e8 + +info: + name: > + Schema & Structured Data for WP & AMP <= 1.26 - Authenticated (Custom) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e7e6ea7-4e0b-4d8a-9306-45b55d41fbb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/schema-and-structured-data-for-wp/" + google-query: inurl:"/wp-content/plugins/schema-and-structured-data-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/schema-and-structured-data-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "schema-and-structured-data-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-62957aaeb6104548f77744232edc7490.yaml b/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-62957aaeb6104548f77744232edc7490.yaml new file mode 100644 index 0000000000..6184714bea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-62957aaeb6104548f77744232edc7490.yaml @@ -0,0 +1,58 @@ +id: schema-and-structured-data-for-wp-62957aaeb6104548f77744232edc7490 + +info: + name: > + Schema & Structured Data for WP & AMP <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ca21247-c443-4808-8397-790669453bfc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/schema-and-structured-data-for-wp/" + google-query: inurl:"/wp-content/plugins/schema-and-structured-data-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/schema-and-structured-data-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "schema-and-structured-data-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-84ecfe35530dba1d6d850c87907091be.yaml b/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-84ecfe35530dba1d6d850c87907091be.yaml new file mode 100644 index 0000000000..7046e96760 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/schema-and-structured-data-for-wp-84ecfe35530dba1d6d850c87907091be.yaml @@ -0,0 +1,58 @@ +id: schema-and-structured-data-for-wp-84ecfe35530dba1d6d850c87907091be + +info: + name: > + Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac13f402-8a36-448f-87d4-48179a9699c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/schema-and-structured-data-for-wp/" + google-query: inurl:"/wp-content/plugins/schema-and-structured-data-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,schema-and-structured-data-for-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/schema-and-structured-data-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "schema-and-structured-data-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/schema-app-structured-data-for-schemaorg-d4b2be233d46cfcba65da98993b34434.yaml b/nuclei-templates/cve-less/plugins/schema-app-structured-data-for-schemaorg-d4b2be233d46cfcba65da98993b34434.yaml new file mode 100644 index 0000000000..340315c5b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/schema-app-structured-data-for-schemaorg-d4b2be233d46cfcba65da98993b34434.yaml @@ -0,0 +1,58 @@ +id: schema-app-structured-data-for-schemaorg-d4b2be233d46cfcba65da98993b34434 + +info: + name: > + Schema App Structured Data <= 1.22.3 - Missing Authorization via page_init + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3de82328-e44f-4488-a2ae-1dd2c3b8a502?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/schema-app-structured-data-for-schemaorg/" + google-query: inurl:"/wp-content/plugins/schema-app-structured-data-for-schemaorg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,schema-app-structured-data-for-schemaorg,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/schema-app-structured-data-for-schemaorg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "schema-app-structured-data-for-schemaorg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.22.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/school-management-b8bed2657e8d7d4ab8d4bb6fbdc93698.yaml b/nuclei-templates/cve-less/plugins/school-management-b8bed2657e8d7d4ab8d4bb6fbdc93698.yaml new file mode 100644 index 0000000000..d62d44954c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/school-management-b8bed2657e8d7d4ab8d4bb6fbdc93698.yaml @@ -0,0 +1,58 @@ +id: school-management-b8bed2657e8d7d4ab8d4bb6fbdc93698 + +info: + name: > + Mojoomla School Management System (Unspecified Version) - Authenticated (Student+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d933256-765b-4e1b-b5a1-39bf767bf860?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/school-management/" + google-query: inurl:"/wp-content/plugins/school-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,school-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/school-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "school-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/school-management-pro-2646a8b516c31d3d675ed11114c6f9aa.yaml b/nuclei-templates/cve-less/plugins/school-management-pro-2646a8b516c31d3d675ed11114c6f9aa.yaml new file mode 100644 index 0000000000..c3269d2034 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/school-management-pro-2646a8b516c31d3d675ed11114c6f9aa.yaml @@ -0,0 +1,58 @@ +id: school-management-pro-2646a8b516c31d3d675ed11114c6f9aa + +info: + name: > + The School Management Pro <= 9.9.6 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bb0462a-e801-4aa7-a98a-c5032cb8304c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/school-management-pro/" + google-query: inurl:"/wp-content/plugins/school-management-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,school-management-pro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/school-management-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "school-management-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/school-management-pro-c85a39b22a9266777e8fa557a3826f56.yaml b/nuclei-templates/cve-less/plugins/school-management-pro-c85a39b22a9266777e8fa557a3826f56.yaml new file mode 100644 index 0000000000..451e3c0161 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/school-management-pro-c85a39b22a9266777e8fa557a3826f56.yaml @@ -0,0 +1,58 @@ +id: school-management-pro-c85a39b22a9266777e8fa557a3826f56 + +info: + name: > + School Management Pro <= 10.3.4 - Authenticated (School Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/446522ea-7cf1-449b-b05c-58eb815142a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/school-management-pro/" + google-query: inurl:"/wp-content/plugins/school-management-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,school-management-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/school-management-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "school-management-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/school-management-system-be2315835d7b2267c9fa00b942855a61.yaml b/nuclei-templates/cve-less/plugins/school-management-system-be2315835d7b2267c9fa00b942855a61.yaml new file mode 100644 index 0000000000..18cfc7be00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/school-management-system-be2315835d7b2267c9fa00b942855a61.yaml @@ -0,0 +1,58 @@ +id: school-management-system-be2315835d7b2267c9fa00b942855a61 + +info: + name: > + The School Management – Education & Learning Management <= 4.1 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1268bdb9-7f80-4fdc-a95a-d51b0ab83e17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/school-management-system/" + google-query: inurl:"/wp-content/plugins/school-management-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,school-management-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/school-management-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "school-management-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/schreikasten-13e0cdd00039aa83908edb26fc9e840c.yaml b/nuclei-templates/cve-less/plugins/schreikasten-13e0cdd00039aa83908edb26fc9e840c.yaml new file mode 100644 index 0000000000..ad688d3e8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/schreikasten-13e0cdd00039aa83908edb26fc9e840c.yaml @@ -0,0 +1,58 @@ +id: schreikasten-13e0cdd00039aa83908edb26fc9e840c + +info: + name: > + Schreikasten <= 0.14.18 - Authenticated (Author+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62fd2c51-eac1-47c0-adbc-90bdd8dbbc8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/schreikasten/" + google-query: inurl:"/wp-content/plugins/schreikasten/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,schreikasten,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/schreikasten/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "schreikasten" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.14.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scormcloud-cef5983d30ffaada806aedbacf5b6bc6.yaml b/nuclei-templates/cve-less/plugins/scormcloud-cef5983d30ffaada806aedbacf5b6bc6.yaml new file mode 100644 index 0000000000..7cb8e5d94c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scormcloud-cef5983d30ffaada806aedbacf5b6bc6.yaml @@ -0,0 +1,58 @@ +id: scormcloud-cef5983d30ffaada806aedbacf5b6bc6 + +info: + name: > + SCORM Cloud For WordPress < 1.0.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fc02501-2bb6-4817-8e01-273d3d91ac57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scormcloud/" + google-query: inurl:"/wp-content/plugins/scormcloud/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scormcloud,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scormcloud/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scormcloud" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scoutnet-kalender-1e95de3e52134f8f88956ec119bc2d88.yaml b/nuclei-templates/cve-less/plugins/scoutnet-kalender-1e95de3e52134f8f88956ec119bc2d88.yaml new file mode 100644 index 0000000000..061f121878 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scoutnet-kalender-1e95de3e52134f8f88956ec119bc2d88.yaml @@ -0,0 +1,58 @@ +id: scoutnet-kalender-1e95de3e52134f8f88956ec119bc2d88 + +info: + name: > + Scoutnet Kalender <= 1.1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/068cb545-8ced-45a1-a50a-1b6a38e99741?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scoutnet-kalender/" + google-query: inurl:"/wp-content/plugins/scoutnet-kalender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scoutnet-kalender,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scoutnet-kalender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scoutnet-kalender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scribble-maps-1a6adfb616ef7e8670ebde6e3c2f0918.yaml b/nuclei-templates/cve-less/plugins/scribble-maps-1a6adfb616ef7e8670ebde6e3c2f0918.yaml new file mode 100644 index 0000000000..7a0cd67ed5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scribble-maps-1a6adfb616ef7e8670ebde6e3c2f0918.yaml @@ -0,0 +1,58 @@ +id: scribble-maps-1a6adfb616ef7e8670ebde6e3c2f0918 + +info: + name: > + Scribble Maps <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4541a7e1-4e46-4681-83e3-1c2e38396204?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scribble-maps/" + google-query: inurl:"/wp-content/plugins/scribble-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scribble-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scribble-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scribble-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scriptless-social-sharing-53a6ab0ca5df0931f86a3cb0e36625b5.yaml b/nuclei-templates/cve-less/plugins/scriptless-social-sharing-53a6ab0ca5df0931f86a3cb0e36625b5.yaml new file mode 100644 index 0000000000..ddbdaffe00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scriptless-social-sharing-53a6ab0ca5df0931f86a3cb0e36625b5.yaml @@ -0,0 +1,58 @@ +id: scriptless-social-sharing-53a6ab0ca5df0931f86a3cb0e36625b5 + +info: + name: > + Scriptless Social Sharing <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84c79b0e-01d2-4710-9a02-edceab8db22d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scriptless-social-sharing/" + google-query: inurl:"/wp-content/plugins/scriptless-social-sharing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scriptless-social-sharing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scriptless-social-sharing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scriptless-social-sharing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scripts-n-styles-dd27ae18a86029fffd366285509782e0.yaml b/nuclei-templates/cve-less/plugins/scripts-n-styles-dd27ae18a86029fffd366285509782e0.yaml new file mode 100644 index 0000000000..3772e7fcd4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scripts-n-styles-dd27ae18a86029fffd366285509782e0.yaml @@ -0,0 +1,58 @@ +id: scripts-n-styles-dd27ae18a86029fffd366285509782e0 + +info: + name: > + Scripts n Styles <= 3.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a86d8f97-54dc-4c6b-92c0-05a8625cc073?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scripts-n-styles/" + google-query: inurl:"/wp-content/plugins/scripts-n-styles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scripts-n-styles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scripts-n-styles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scripts-n-styles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scripts-organizer-c348ce6c7574b8ff9d61db7b1c6faf04.yaml b/nuclei-templates/cve-less/plugins/scripts-organizer-c348ce6c7574b8ff9d61db7b1c6faf04.yaml new file mode 100644 index 0000000000..30ca176a5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scripts-organizer-c348ce6c7574b8ff9d61db7b1c6faf04.yaml @@ -0,0 +1,58 @@ +id: scripts-organizer-c348ce6c7574b8ff9d61db7b1c6faf04 + +info: + name: > + Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ed8866c-d8f1-4c5e-aba0-b3a0677c8efc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scripts-organizer/" + google-query: inurl:"/wp-content/plugins/scripts-organizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scripts-organizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scripts-organizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scripts-organizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scroll-baner-62e4e20027880ffdd76d60900f6cc1c9.yaml b/nuclei-templates/cve-less/plugins/scroll-baner-62e4e20027880ffdd76d60900f6cc1c9.yaml new file mode 100644 index 0000000000..acc98012c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scroll-baner-62e4e20027880ffdd76d60900f6cc1c9.yaml @@ -0,0 +1,58 @@ +id: scroll-baner-62e4e20027880ffdd76d60900f6cc1c9 + +info: + name: > + Scroll Baner <= 1.0 - Cross-Site Request Forgery to Remote Code Execution and/or Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a86d196f-9613-4352-8a96-87ea147eb1c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scroll-baner/" + google-query: inurl:"/wp-content/plugins/scroll-baner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scroll-baner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scroll-baner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scroll-baner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scroll-post-excerpt-4634b65a3b88602069115a32b9310bb1.yaml b/nuclei-templates/cve-less/plugins/scroll-post-excerpt-4634b65a3b88602069115a32b9310bb1.yaml new file mode 100644 index 0000000000..efc3fafdd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scroll-post-excerpt-4634b65a3b88602069115a32b9310bb1.yaml @@ -0,0 +1,58 @@ +id: scroll-post-excerpt-4634b65a3b88602069115a32b9310bb1 + +info: + name: > + Scroll post excerpt <= 8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6da00adc-8fc0-4d8f-9ff3-8c21223199f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scroll-post-excerpt/" + google-query: inurl:"/wp-content/plugins/scroll-post-excerpt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scroll-post-excerpt,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scroll-post-excerpt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scroll-post-excerpt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scroll-top-b5b3c8eb6791ecd6029bb9d46ed89ac0.yaml b/nuclei-templates/cve-less/plugins/scroll-top-b5b3c8eb6791ecd6029bb9d46ed89ac0.yaml new file mode 100644 index 0000000000..0e9e507d51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scroll-top-b5b3c8eb6791ecd6029bb9d46ed89ac0.yaml @@ -0,0 +1,58 @@ +id: scroll-top-b5b3c8eb6791ecd6029bb9d46ed89ac0 + +info: + name: > + Scroll To Top <= 1.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70d046c9-a0c2-4059-aa1d-47caa1ffe76c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scroll-top/" + google-query: inurl:"/wp-content/plugins/scroll-top/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scroll-top,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scroll-top/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scroll-top" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scroll-triggered-animations-a2f2e6465cf5db9cbb966e235c714c1c.yaml b/nuclei-templates/cve-less/plugins/scroll-triggered-animations-a2f2e6465cf5db9cbb966e235c714c1c.yaml new file mode 100644 index 0000000000..de259252fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scroll-triggered-animations-a2f2e6465cf5db9cbb966e235c714c1c.yaml @@ -0,0 +1,58 @@ +id: scroll-triggered-animations-a2f2e6465cf5db9cbb966e235c714c1c + +info: + name: > + Animator <= 3.0.10 - Missing Authorization to Plugin Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8457aeb-867b-4185-8271-a5452b7c5365?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scroll-triggered-animations/" + google-query: inurl:"/wp-content/plugins/scroll-triggered-animations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scroll-triggered-animations,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scroll-triggered-animations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scroll-triggered-animations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scrolling-anchors-823ea976111689a9bb4045475cc60c43.yaml b/nuclei-templates/cve-less/plugins/scrolling-anchors-823ea976111689a9bb4045475cc60c43.yaml new file mode 100644 index 0000000000..ca390968df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scrolling-anchors-823ea976111689a9bb4045475cc60c43.yaml @@ -0,0 +1,58 @@ +id: scrolling-anchors-823ea976111689a9bb4045475cc60c43 + +info: + name: > + Easy Smooth Scroll Links <= 2.23.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd248252-4329-4b3c-acf1-3b3d8cc9887c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scrolling-anchors/" + google-query: inurl:"/wp-content/plugins/scrolling-anchors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scrolling-anchors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scrolling-anchors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scrolling-anchors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.23.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scrollrevealjs-effects-92ee91cf72a43dfa2c90a26dd4e9aac0.yaml b/nuclei-templates/cve-less/plugins/scrollrevealjs-effects-92ee91cf72a43dfa2c90a26dd4e9aac0.yaml new file mode 100644 index 0000000000..5241efe5c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scrollrevealjs-effects-92ee91cf72a43dfa2c90a26dd4e9aac0.yaml @@ -0,0 +1,58 @@ +id: scrollrevealjs-effects-92ee91cf72a43dfa2c90a26dd4e9aac0 + +info: + name: > + ScrollReveal.js Effects <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68d44dd9-cfe4-4bc0-aa2e-9b7fb766870a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scrollrevealjs-effects/" + google-query: inurl:"/wp-content/plugins/scrollrevealjs-effects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scrollrevealjs-effects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scrollrevealjs-effects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scrollrevealjs-effects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/scrollsequence-d8b5bd57572fb9305d66b7bd52b02101.yaml b/nuclei-templates/cve-less/plugins/scrollsequence-d8b5bd57572fb9305d66b7bd52b02101.yaml new file mode 100644 index 0000000000..718f6d45ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/scrollsequence-d8b5bd57572fb9305d66b7bd52b02101.yaml @@ -0,0 +1,58 @@ +id: scrollsequence-d8b5bd57572fb9305d66b7bd52b02101 + +info: + name: > + Scrollsequence <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10d926d7-bcc9-4424-8422-90edc36f0ad4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/scrollsequence/" + google-query: inurl:"/wp-content/plugins/scrollsequence/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,scrollsequence,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/scrollsequence/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scrollsequence" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/se-html5-album-audio-player-85cd297e94e13a79acaf0e0195efaaf9.yaml b/nuclei-templates/cve-less/plugins/se-html5-album-audio-player-85cd297e94e13a79acaf0e0195efaaf9.yaml new file mode 100644 index 0000000000..2d0b7ea411 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/se-html5-album-audio-player-85cd297e94e13a79acaf0e0195efaaf9.yaml @@ -0,0 +1,58 @@ +id: se-html5-album-audio-player-85cd297e94e13a79acaf0e0195efaaf9 + +info: + name: > + SE HTML5 Album Audio Player <= 1.1.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbdd01b3-153b-4783-b686-558874d2856e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/se-html5-album-audio-player/" + google-query: inurl:"/wp-content/plugins/se-html5-album-audio-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,se-html5-album-audio-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/se-html5-album-audio-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "se-html5-album-audio-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seamless-donations-0f1cce8b3f6cc44f06846edd384bb3d3.yaml b/nuclei-templates/cve-less/plugins/seamless-donations-0f1cce8b3f6cc44f06846edd384bb3d3.yaml new file mode 100644 index 0000000000..31b7f9bb03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seamless-donations-0f1cce8b3f6cc44f06846edd384bb3d3.yaml @@ -0,0 +1,58 @@ +id: seamless-donations-0f1cce8b3f6cc44f06846edd384bb3d3 + +info: + name: > + Seamless Donations: A Platform for Global Fundraising and Rebuilding using Stripe and PayPal <= 5.1.7 - Cross-Site Request Forgery to Settings Chage + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed4e1a56-708d-4a12-8153-9568d11fe4d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seamless-donations/" + google-query: inurl:"/wp-content/plugins/seamless-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seamless-donations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seamless-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seamless-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-analytics-48d179450e001d6e5bb006bf4ba5d2a6.yaml b/nuclei-templates/cve-less/plugins/search-analytics-48d179450e001d6e5bb006bf4ba5d2a6.yaml new file mode 100644 index 0000000000..beddec2737 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-analytics-48d179450e001d6e5bb006bf4ba5d2a6.yaml @@ -0,0 +1,58 @@ +id: search-analytics-48d179450e001d6e5bb006bf4ba5d2a6 + +info: + name: > + WP Search Analytics <= 1.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/914d6f7a-053a-4555-9cbc-98bd0789bcd9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-analytics/" + google-query: inurl:"/wp-content/plugins/search-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-analytics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-analytics-6b13e1ddb211e52169360fc54388c951.yaml b/nuclei-templates/cve-less/plugins/search-analytics-6b13e1ddb211e52169360fc54388c951.yaml new file mode 100644 index 0000000000..d3f9f79c79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-analytics-6b13e1ddb211e52169360fc54388c951.yaml @@ -0,0 +1,58 @@ +id: search-analytics-6b13e1ddb211e52169360fc54388c951 + +info: + name: > + WP Search Analytics <= 1.4.7 - Reflected Cross-Site Scripting via 'render_stats_page' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6433a17-0017-46a9-a8e6-4d4a4a55f2db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-analytics/" + google-query: inurl:"/wp-content/plugins/search-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-everything-117a868c3ea3bb712e5a1d73897e37a5.yaml b/nuclei-templates/cve-less/plugins/search-everything-117a868c3ea3bb712e5a1d73897e37a5.yaml new file mode 100644 index 0000000000..d359a6b850 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-everything-117a868c3ea3bb712e5a1d73897e37a5.yaml @@ -0,0 +1,58 @@ +id: search-everything-117a868c3ea3bb712e5a1d73897e37a5 + +info: + name: > + Search Everything <= 8.1.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/623acb6d-9cab-483c-ad51-88adff8847a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-everything/" + google-query: inurl:"/wp-content/plugins/search-everything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-everything,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-everything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-everything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-everything-3aae779483ac61fd460b1860a2ef2f7d.yaml b/nuclei-templates/cve-less/plugins/search-everything-3aae779483ac61fd460b1860a2ef2f7d.yaml new file mode 100644 index 0000000000..c923c07c5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-everything-3aae779483ac61fd460b1860a2ef2f7d.yaml @@ -0,0 +1,58 @@ +id: search-everything-3aae779483ac61fd460b1860a2ef2f7d + +info: + name: > + Search Everything <= 8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acd1d5c9-70fb-43e8-94de-6ddcf4612cea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-everything/" + google-query: inurl:"/wp-content/plugins/search-everything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-everything,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-everything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-everything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-everything-db06882af76c86da8baedbdae183f52e.yaml b/nuclei-templates/cve-less/plugins/search-everything-db06882af76c86da8baedbdae183f52e.yaml new file mode 100644 index 0000000000..e8649db9cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-everything-db06882af76c86da8baedbdae183f52e.yaml @@ -0,0 +1,58 @@ +id: search-everything-db06882af76c86da8baedbdae183f52e + +info: + name: > + Search Everything <= 7.0.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1dd3e203-dcc4-47b5-ab65-324bcff5b91b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-everything/" + google-query: inurl:"/wp-content/plugins/search-everything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-everything,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-everything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-everything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-everything-f5c19231c40427d40fe57581f10b7d84.yaml b/nuclei-templates/cve-less/plugins/search-everything-f5c19231c40427d40fe57581f10b7d84.yaml new file mode 100644 index 0000000000..3e17294780 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-everything-f5c19231c40427d40fe57581f10b7d84.yaml @@ -0,0 +1,58 @@ +id: search-everything-f5c19231c40427d40fe57581f10b7d84 + +info: + name: > + Search Everything <= 8.1.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db9819c4-e000-4113-a613-7510fce923c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-everything/" + google-query: inurl:"/wp-content/plugins/search-everything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-everything,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-everything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-everything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-exclude-3a32aa7a18d47ef0f7438986ced63310.yaml b/nuclei-templates/cve-less/plugins/search-exclude-3a32aa7a18d47ef0f7438986ced63310.yaml new file mode 100644 index 0000000000..6c82aea398 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-exclude-3a32aa7a18d47ef0f7438986ced63310.yaml @@ -0,0 +1,58 @@ +id: search-exclude-3a32aa7a18d47ef0f7438986ced63310 + +info: + name: > + Search Exclude <= 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/211aa83e-e97b-4fd7-8cfe-308ac698c17e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-exclude/" + google-query: inurl:"/wp-content/plugins/search-exclude/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-exclude,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-exclude/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-exclude" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-exclude-e9fa8cb8021c5fce11cdeba05ed162ba.yaml b/nuclei-templates/cve-less/plugins/search-exclude-e9fa8cb8021c5fce11cdeba05ed162ba.yaml new file mode 100644 index 0000000000..6254a53019 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-exclude-e9fa8cb8021c5fce11cdeba05ed162ba.yaml @@ -0,0 +1,58 @@ +id: search-exclude-e9fa8cb8021c5fce11cdeba05ed162ba + +info: + name: > + Search Exclude <= 1.2.3 - Arbitrary Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bba4286b-acce-4dff-b809-dbd04d59702b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-exclude/" + google-query: inurl:"/wp-content/plugins/search-exclude/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-exclude,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-exclude/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-exclude" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-filter-7932b82c356f203f76bc21fa22bfac04.yaml b/nuclei-templates/cve-less/plugins/search-filter-7932b82c356f203f76bc21fa22bfac04.yaml new file mode 100644 index 0000000000..46cca967ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-filter-7932b82c356f203f76bc21fa22bfac04.yaml @@ -0,0 +1,58 @@ +id: search-filter-7932b82c356f203f76bc21fa22bfac04 + +info: + name: > + Search & Filter <= 1.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9d50155-73a5-4489-88c5-c7c2a4e30fef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-filter/" + google-query: inurl:"/wp-content/plugins/search-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-in-place-67ada1785c1a67660530280a293c0d89.yaml b/nuclei-templates/cve-less/plugins/search-in-place-67ada1785c1a67660530280a293c0d89.yaml new file mode 100644 index 0000000000..a27aa4c221 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-in-place-67ada1785c1a67660530280a293c0d89.yaml @@ -0,0 +1,58 @@ +id: search-in-place-67ada1785c1a67660530280a293c0d89 + +info: + name: > + Search in Place <= 1.0.104 - Missing Authorization to Feedback Submission + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28ca150a-443f-4b99-8c15-491bd9f1cee3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-in-place/" + google-query: inurl:"/wp-content/plugins/search-in-place/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-in-place,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-in-place/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-in-place" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.104') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-in-place-90aecfac8b56c743716b7354156b72b0.yaml b/nuclei-templates/cve-less/plugins/search-in-place-90aecfac8b56c743716b7354156b72b0.yaml new file mode 100644 index 0000000000..eb70f9bc3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-in-place-90aecfac8b56c743716b7354156b72b0.yaml @@ -0,0 +1,58 @@ +id: search-in-place-90aecfac8b56c743716b7354156b72b0 + +info: + name: > + Search in Place <= 1.0.104 - Cross-Site Request Forgery to Feedback Submission + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f079037c-cea6-4ba6-843f-99c5e5fe59a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-in-place/" + google-query: inurl:"/wp-content/plugins/search-in-place/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-in-place,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-in-place/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-in-place" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.104') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-logger-967dff727dbc42b5a7eb2d15c9e083d4.yaml b/nuclei-templates/cve-less/plugins/search-logger-967dff727dbc42b5a7eb2d15c9e083d4.yaml new file mode 100644 index 0000000000..0c6086746f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-logger-967dff727dbc42b5a7eb2d15c9e083d4.yaml @@ -0,0 +1,58 @@ +id: search-logger-967dff727dbc42b5a7eb2d15c9e083d4 + +info: + name: > + Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b23e36f7-ee44-42c6-94b7-e943c6c4a3ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-logger/" + google-query: inurl:"/wp-content/plugins/search-logger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-logger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-logger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-logger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-meter-f23eeb8c9b5eae93abecc2b7d750a8f6.yaml b/nuclei-templates/cve-less/plugins/search-meter-f23eeb8c9b5eae93abecc2b7d750a8f6.yaml new file mode 100644 index 0000000000..4cf5d486f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-meter-f23eeb8c9b5eae93abecc2b7d750a8f6.yaml @@ -0,0 +1,58 @@ +id: search-meter-f23eeb8c9b5eae93abecc2b7d750a8f6 + +info: + name: > + Search Meter <= 2.13.2 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a1d90f6-40fc-40b5-a46c-9ba9ac2fc1b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-meter/" + google-query: inurl:"/wp-content/plugins/search-meter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-meter,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-meter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-meter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.13.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/search-unleashed-6786949bf947df30c87362646165e5b3.yaml b/nuclei-templates/cve-less/plugins/search-unleashed-6786949bf947df30c87362646165e5b3.yaml new file mode 100644 index 0000000000..841511d4b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/search-unleashed-6786949bf947df30c87362646165e5b3.yaml @@ -0,0 +1,58 @@ +id: search-unleashed-6786949bf947df30c87362646165e5b3 + +info: + name: > + Search Unleashed <= 0.2.10 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83b1740c-6392-4b52-82e0-377201aa61ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/search-unleashed/" + google-query: inurl:"/wp-content/plugins/search-unleashed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,search-unleashed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/search-unleashed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "search-unleashed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/searchiq-0d7f8442f33ed7fc7eccab9aaa8ce0e0.yaml b/nuclei-templates/cve-less/plugins/searchiq-0d7f8442f33ed7fc7eccab9aaa8ce0e0.yaml new file mode 100644 index 0000000000..f20906316c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/searchiq-0d7f8442f33ed7fc7eccab9aaa8ce0e0.yaml @@ -0,0 +1,58 @@ +id: searchiq-0d7f8442f33ed7fc7eccab9aaa8ce0e0 + +info: + name: > + SearchIQ – The Search Solution <= 3.8 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67b0ddc6-9381-4b18-b623-372a149ffa49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/searchiq/" + google-query: inurl:"/wp-content/plugins/searchiq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,searchiq,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/searchiq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "searchiq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/searchiq-84940a417e2023353b70ebc282a092a0.yaml b/nuclei-templates/cve-less/plugins/searchiq-84940a417e2023353b70ebc282a092a0.yaml new file mode 100644 index 0000000000..5a22d09ad1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/searchiq-84940a417e2023353b70ebc282a092a0.yaml @@ -0,0 +1,58 @@ +id: searchiq-84940a417e2023353b70ebc282a092a0 + +info: + name: > + SearchIQ <= 4.5 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c728fa3-e917-40ca-84ca-e907c22b0a3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/searchiq/" + google-query: inurl:"/wp-content/plugins/searchiq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,searchiq,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/searchiq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "searchiq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/searchiq-aa754ad2c8b3fd090579a6c1c7b9d91c.yaml b/nuclei-templates/cve-less/plugins/searchiq-aa754ad2c8b3fd090579a6c1c7b9d91c.yaml new file mode 100644 index 0000000000..72359f8af4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/searchiq-aa754ad2c8b3fd090579a6c1c7b9d91c.yaml @@ -0,0 +1,58 @@ +id: searchiq-aa754ad2c8b3fd090579a6c1c7b9d91c + +info: + name: > + SearchIQ <= 4.4 - Missing Authorization via getSIQPluginSettings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3001829b-f63b-4b99-91a0-53d615ac96c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/searchiq/" + google-query: inurl:"/wp-content/plugins/searchiq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,searchiq,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/searchiq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "searchiq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/searchterms-tagging-2-3c345f487511e8bb822be122aa461bdf.yaml b/nuclei-templates/cve-less/plugins/searchterms-tagging-2-3c345f487511e8bb822be122aa461bdf.yaml new file mode 100644 index 0000000000..d51eaee45c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/searchterms-tagging-2-3c345f487511e8bb822be122aa461bdf.yaml @@ -0,0 +1,58 @@ +id: searchterms-tagging-2-3c345f487511e8bb822be122aa461bdf + +info: + name: > + searchterms-tagging-2 <= 1.535 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb2df482-30bf-49e5-b1e2-06e102d2dd1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/searchterms-tagging-2/" + google-query: inurl:"/wp-content/plugins/searchterms-tagging-2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,searchterms-tagging-2,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/searchterms-tagging-2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "searchterms-tagging-2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.535') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/searchterms-tagging-2-4fdb668b4072805be7b723dcf1d44abb.yaml b/nuclei-templates/cve-less/plugins/searchterms-tagging-2-4fdb668b4072805be7b723dcf1d44abb.yaml new file mode 100644 index 0000000000..7d07922ca0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/searchterms-tagging-2-4fdb668b4072805be7b723dcf1d44abb.yaml @@ -0,0 +1,58 @@ +id: searchterms-tagging-2-4fdb668b4072805be7b723dcf1d44abb + +info: + name: > + SEO SearchTerms Tagging 2 <=1.535 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e18b3a85-9d4a-4af8-9a73-1f8794ad467b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/searchterms-tagging-2/" + google-query: inurl:"/wp-content/plugins/searchterms-tagging-2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,searchterms-tagging-2,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/searchterms-tagging-2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "searchterms-tagging-2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.535') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/searchwp-347f040de616333a1a9814dd7bc708c0.yaml b/nuclei-templates/cve-less/plugins/searchwp-347f040de616333a1a9814dd7bc708c0.yaml new file mode 100644 index 0000000000..b4a30590a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/searchwp-347f040de616333a1a9814dd7bc708c0.yaml @@ -0,0 +1,58 @@ +id: searchwp-347f040de616333a1a9814dd7bc708c0 + +info: + name: > + SearchWP Premium <= 4.2.5 - Authenticated (Subscriber+) Nonce Leakage and Authorization Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00a1b66d-d81c-4539-846b-ff66301a94ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/searchwp/" + google-query: inurl:"/wp-content/plugins/searchwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,searchwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/searchwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "searchwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/searchwp-live-ajax-search-3ff9ea32aaa393cc30b39527dd3a58c2.yaml b/nuclei-templates/cve-less/plugins/searchwp-live-ajax-search-3ff9ea32aaa393cc30b39527dd3a58c2.yaml new file mode 100644 index 0000000000..a1a992da74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/searchwp-live-ajax-search-3ff9ea32aaa393cc30b39527dd3a58c2.yaml @@ -0,0 +1,58 @@ +id: searchwp-live-ajax-search-3ff9ea32aaa393cc30b39527dd3a58c2 + +info: + name: > + SearchWP Live Ajax Search <= 1.6.2 - Directory Traversal and Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e0ca51c-0536-45ff-a5af-41ef4977179d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/searchwp-live-ajax-search/" + google-query: inurl:"/wp-content/plugins/searchwp-live-ajax-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,searchwp-live-ajax-search,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/searchwp-live-ajax-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "searchwp-live-ajax-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0', '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/searchwp-live-ajax-search-f7cf83a853e0c8a85044ac66f5cc847b.yaml b/nuclei-templates/cve-less/plugins/searchwp-live-ajax-search-f7cf83a853e0c8a85044ac66f5cc847b.yaml new file mode 100644 index 0000000000..eb80e8ccde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/searchwp-live-ajax-search-f7cf83a853e0c8a85044ac66f5cc847b.yaml @@ -0,0 +1,58 @@ +id: searchwp-live-ajax-search-f7cf83a853e0c8a85044ac66f5cc847b + +info: + name: > + SearchWP Live Ajax Search <= 1.6.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8ddb7df-7f74-486d-a55f-9e2d1e91f112?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/searchwp-live-ajax-search/" + google-query: inurl:"/wp-content/plugins/searchwp-live-ajax-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,searchwp-live-ajax-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/searchwp-live-ajax-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "searchwp-live-ajax-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seatgeek-affiliate-tickets-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/seatgeek-affiliate-tickets-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..4c37702f25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seatgeek-affiliate-tickets-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: seatgeek-affiliate-tickets-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seatgeek-affiliate-tickets/" + google-query: inurl:"/wp-content/plugins/seatgeek-affiliate-tickets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seatgeek-affiliate-tickets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seatgeek-affiliate-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seatgeek-affiliate-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/secondary-title-bf1fcb74e30994cb355bab78b549e730.yaml b/nuclei-templates/cve-less/plugins/secondary-title-bf1fcb74e30994cb355bab78b549e730.yaml new file mode 100644 index 0000000000..3a772f2aed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/secondary-title-bf1fcb74e30994cb355bab78b549e730.yaml @@ -0,0 +1,58 @@ +id: secondary-title-bf1fcb74e30994cb355bab78b549e730 + +info: + name: > + Secondary Title <= 2.0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5ab7d3e-b0c8-4e30-942b-23d91daff2ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/secondary-title/" + google-query: inurl:"/wp-content/plugins/secondary-title/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,secondary-title,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/secondary-title/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "secondary-title" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/secupress-2b0a7466b22e63c34f32b08697f5cfdf.yaml b/nuclei-templates/cve-less/plugins/secupress-2b0a7466b22e63c34f32b08697f5cfdf.yaml new file mode 100644 index 0000000000..a8ca8cc983 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/secupress-2b0a7466b22e63c34f32b08697f5cfdf.yaml @@ -0,0 +1,58 @@ +id: secupress-2b0a7466b22e63c34f32b08697f5cfdf + +info: + name: > + SecuPress Free — WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4243bd6d-34f6-4d29-a333-4499a2e2d2e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/secupress/" + google-query: inurl:"/wp-content/plugins/secupress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,secupress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/secupress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "secupress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/secure-admin-ip-eed5959a62db993b12da83da9d803446.yaml b/nuclei-templates/cve-less/plugins/secure-admin-ip-eed5959a62db993b12da83da9d803446.yaml new file mode 100644 index 0000000000..e4badba72a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/secure-admin-ip-eed5959a62db993b12da83da9d803446.yaml @@ -0,0 +1,58 @@ +id: secure-admin-ip-eed5959a62db993b12da83da9d803446 + +info: + name: > + Secure Admin IP <= 2.0 - Missing Authorization via 'saveSettings' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0f38af7-7753-4dbe-a4fd-e9a01785dd13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/secure-admin-ip/" + google-query: inurl:"/wp-content/plugins/secure-admin-ip/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,secure-admin-ip,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/secure-admin-ip/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "secure-admin-ip" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/secure-copy-content-protection-40c9df59c7e3df119c2dd5f1035b5b7e.yaml b/nuclei-templates/cve-less/plugins/secure-copy-content-protection-40c9df59c7e3df119c2dd5f1035b5b7e.yaml new file mode 100644 index 0000000000..daf9dce5ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/secure-copy-content-protection-40c9df59c7e3df119c2dd5f1035b5b7e.yaml @@ -0,0 +1,58 @@ +id: secure-copy-content-protection-40c9df59c7e3df119c2dd5f1035b5b7e + +info: + name: > + Secure Copy Content Protection and Content Locking <= 2.6.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbc1b46e-139a-4e1a-a0c7-e45e10adada5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/secure-copy-content-protection/" + google-query: inurl:"/wp-content/plugins/secure-copy-content-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,secure-copy-content-protection,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/secure-copy-content-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "secure-copy-content-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/secure-copy-content-protection-80ad6ff6a41f2684b99adffd0cc6275a.yaml b/nuclei-templates/cve-less/plugins/secure-copy-content-protection-80ad6ff6a41f2684b99adffd0cc6275a.yaml new file mode 100644 index 0000000000..2f04bc7a59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/secure-copy-content-protection-80ad6ff6a41f2684b99adffd0cc6275a.yaml @@ -0,0 +1,58 @@ +id: secure-copy-content-protection-80ad6ff6a41f2684b99adffd0cc6275a + +info: + name: > + Secure Copy Content Protection and Content Locking <= 3.9.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0afc98b1-e1ee-4c77-89fc-9ccb045c6733?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/secure-copy-content-protection/" + google-query: inurl:"/wp-content/plugins/secure-copy-content-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,secure-copy-content-protection,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/secure-copy-content-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "secure-copy-content-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/secure-copy-content-protection-a8ed8c08b34ae95a0c525696512c70ee.yaml b/nuclei-templates/cve-less/plugins/secure-copy-content-protection-a8ed8c08b34ae95a0c525696512c70ee.yaml new file mode 100644 index 0000000000..a8af6ef3ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/secure-copy-content-protection-a8ed8c08b34ae95a0c525696512c70ee.yaml @@ -0,0 +1,58 @@ +id: secure-copy-content-protection-a8ed8c08b34ae95a0c525696512c70ee + +info: + name: > + Secure Copy Content Protection and Content Locking <= 3.7.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd95489-c1d5-45cc-8ac4-400a39391aa2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/secure-copy-content-protection/" + google-query: inurl:"/wp-content/plugins/secure-copy-content-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,secure-copy-content-protection,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/secure-copy-content-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "secure-copy-content-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/secure-copy-content-protection-b20594c424375d9856782a72ff8e9db1.yaml b/nuclei-templates/cve-less/plugins/secure-copy-content-protection-b20594c424375d9856782a72ff8e9db1.yaml new file mode 100644 index 0000000000..2d7fc72cd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/secure-copy-content-protection-b20594c424375d9856782a72ff8e9db1.yaml @@ -0,0 +1,58 @@ +id: secure-copy-content-protection-b20594c424375d9856782a72ff8e9db1 + +info: + name: > + Secure Copy Content Protection and Content Locking <= 2.8.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b52cc2a-c511-4801-8a95-f90d8d980c85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/secure-copy-content-protection/" + google-query: inurl:"/wp-content/plugins/secure-copy-content-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,secure-copy-content-protection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/secure-copy-content-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "secure-copy-content-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/secure-file-manager-d557c696333289ec8d8f662866e89376.yaml b/nuclei-templates/cve-less/plugins/secure-file-manager-d557c696333289ec8d8f662866e89376.yaml new file mode 100644 index 0000000000..2da5277df5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/secure-file-manager-d557c696333289ec8d8f662866e89376.yaml @@ -0,0 +1,58 @@ +id: secure-file-manager-d557c696333289ec8d8f662866e89376 + +info: + name: > + Secure File Manager < 2.8.2 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a955d4f-6609-4aa8-806c-48af0c6dbac1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/secure-file-manager/" + google-query: inurl:"/wp-content/plugins/secure-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,secure-file-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/secure-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "secure-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/secure-files-ce5ed87dfc2376443fc12498fa99a891.yaml b/nuclei-templates/cve-less/plugins/secure-files-ce5ed87dfc2376443fc12498fa99a891.yaml new file mode 100644 index 0000000000..d357054013 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/secure-files-ce5ed87dfc2376443fc12498fa99a891.yaml @@ -0,0 +1,58 @@ +id: secure-files-ce5ed87dfc2376443fc12498fa99a891 + +info: + name: > + secure-files <= 1.1 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fd7d6af-a938-4106-aed2-12b9a5454da9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/secure-files/" + google-query: inurl:"/wp-content/plugins/secure-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,secure-files,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/secure-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "secure-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/securemoz-security-audit-a2f819fdd51f14b2b69a4d02f7d84f43.yaml b/nuclei-templates/cve-less/plugins/securemoz-security-audit-a2f819fdd51f14b2b69a4d02f7d84f43.yaml new file mode 100644 index 0000000000..3c7ae9c9ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/securemoz-security-audit-a2f819fdd51f14b2b69a4d02f7d84f43.yaml @@ -0,0 +1,58 @@ +id: securemoz-security-audit-a2f819fdd51f14b2b69a4d02f7d84f43 + +info: + name: > + SecureMoz Security Audit <= 1.0.5 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0a294c5-dc2f-4739-9519-ae2a1268ff55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/securemoz-security-audit/" + google-query: inurl:"/wp-content/plugins/securemoz-security-audit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,securemoz-security-audit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/securemoz-security-audit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "securemoz-security-audit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/securimage-wp-3eab710837b3e13c81a4f7d732c43657.yaml b/nuclei-templates/cve-less/plugins/securimage-wp-3eab710837b3e13c81a4f7d732c43657.yaml new file mode 100644 index 0000000000..1a8905ad24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/securimage-wp-3eab710837b3e13c81a4f7d732c43657.yaml @@ -0,0 +1,58 @@ +id: securimage-wp-3eab710837b3e13c81a4f7d732c43657 + +info: + name: > + Securimage-WP <= 3.6.16 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36f41de5-50d5-47ca-bbd0-eca3b756a0cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/securimage-wp/" + google-query: inurl:"/wp-content/plugins/securimage-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,securimage-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/securimage-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "securimage-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/securimage-wp-fixed-e76639e268e0d7879dd985548e2b0ee7.yaml b/nuclei-templates/cve-less/plugins/securimage-wp-fixed-e76639e268e0d7879dd985548e2b0ee7.yaml new file mode 100644 index 0000000000..a58fc94151 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/securimage-wp-fixed-e76639e268e0d7879dd985548e2b0ee7.yaml @@ -0,0 +1,58 @@ +id: securimage-wp-fixed-e76639e268e0d7879dd985548e2b0ee7 + +info: + name: > + Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b274af9b-071c-4f8d-a2e0-7f02b631c19a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/securimage-wp-fixed/" + google-query: inurl:"/wp-content/plugins/securimage-wp-fixed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,securimage-wp-fixed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/securimage-wp-fixed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "securimage-wp-fixed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/security-malware-firewall-2bc21dde1345455ea9561d5fe5ed0e15.yaml b/nuclei-templates/cve-less/plugins/security-malware-firewall-2bc21dde1345455ea9561d5fe5ed0e15.yaml new file mode 100644 index 0000000000..62a0948fdb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/security-malware-firewall-2bc21dde1345455ea9561d5fe5ed0e15.yaml @@ -0,0 +1,58 @@ +id: security-malware-firewall-2bc21dde1345455ea9561d5fe5ed0e15 + +info: + name: > + Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fb9b039-eb04-4c27-89eb-1932c9c31962?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/security-malware-firewall/" + google-query: inurl:"/wp-content/plugins/security-malware-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,security-malware-firewall,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/security-malware-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "security-malware-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/security-malware-firewall-4d1eef19885c78121ffb497c3fe4a3bd.yaml b/nuclei-templates/cve-less/plugins/security-malware-firewall-4d1eef19885c78121ffb497c3fe4a3bd.yaml new file mode 100644 index 0000000000..e3cec4d363 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/security-malware-firewall-4d1eef19885c78121ffb497c3fe4a3bd.yaml @@ -0,0 +1,58 @@ +id: security-malware-firewall-4d1eef19885c78121ffb497c3fe4a3bd + +info: + name: > + Security & Malware scan by CleanTalk <= 2.120 - IP Spoofing to Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/525626be-fe1d-4543-91a1-ae5ea3658862?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/security-malware-firewall/" + google-query: inurl:"/wp-content/plugins/security-malware-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,security-malware-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/security-malware-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "security-malware-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.120') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seed-fonts-05c88cf821e14c133b503ea979e12c4d.yaml b/nuclei-templates/cve-less/plugins/seed-fonts-05c88cf821e14c133b503ea979e12c4d.yaml new file mode 100644 index 0000000000..5931be616a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seed-fonts-05c88cf821e14c133b503ea979e12c4d.yaml @@ -0,0 +1,58 @@ +id: seed-fonts-05c88cf821e14c133b503ea979e12c4d + +info: + name: > + Seed Fonts 2.3.1 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57953bab-7430-4841-b073-7db7964e6a65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seed-fonts/" + google-query: inurl:"/wp-content/plugins/seed-fonts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seed-fonts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seed-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seed-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seed-social-714e1a158166a33a7b439bd28dcdaa32.yaml b/nuclei-templates/cve-less/plugins/seed-social-714e1a158166a33a7b439bd28dcdaa32.yaml new file mode 100644 index 0000000000..b3aa7b1c53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seed-social-714e1a158166a33a7b439bd28dcdaa32.yaml @@ -0,0 +1,58 @@ +id: seed-social-714e1a158166a33a7b439bd28dcdaa32 + +info: + name: > + Seed Social <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47a99115-3e7b-4666-a00e-2b94d7d62e1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seed-social/" + google-query: inurl:"/wp-content/plugins/seed-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seed-social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seed-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seed-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seed-social-c4ddc0489c7fc6327da43ce100fae835.yaml b/nuclei-templates/cve-less/plugins/seed-social-c4ddc0489c7fc6327da43ce100fae835.yaml new file mode 100644 index 0000000000..75af6646dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seed-social-c4ddc0489c7fc6327da43ce100fae835.yaml @@ -0,0 +1,58 @@ +id: seed-social-c4ddc0489c7fc6327da43ce100fae835 + +info: + name: > + Seed Social <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93a07f4e-8359-4ca2-a1cc-ca0ba2b7c0de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seed-social/" + google-query: inurl:"/wp-content/plugins/seed-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seed-social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seed-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seed-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seers-cookie-consent-banner-privacy-policy-99cc5f18cba37431e326c7c04591a219.yaml b/nuclei-templates/cve-less/plugins/seers-cookie-consent-banner-privacy-policy-99cc5f18cba37431e326c7c04591a219.yaml new file mode 100644 index 0000000000..d303e0bdb5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seers-cookie-consent-banner-privacy-policy-99cc5f18cba37431e326c7c04591a219.yaml @@ -0,0 +1,58 @@ +id: seers-cookie-consent-banner-privacy-policy-99cc5f18cba37431e326c7c04591a219 + +info: + name: > + Seers <= 8.1.1 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d300288e-f100-4c02-ba65-d728e3b1522e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seers-cookie-consent-banner-privacy-policy/" + google-query: inurl:"/wp-content/plugins/seers-cookie-consent-banner-privacy-policy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seers-cookie-consent-banner-privacy-policy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seers-cookie-consent-banner-privacy-policy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seers-cookie-consent-banner-privacy-policy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seers-cookie-consent-banner-privacy-policy-ba1c662a4a4fab81f4b84d2ac53ce3a1.yaml b/nuclei-templates/cve-less/plugins/seers-cookie-consent-banner-privacy-policy-ba1c662a4a4fab81f4b84d2ac53ce3a1.yaml new file mode 100644 index 0000000000..84167cdce2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seers-cookie-consent-banner-privacy-policy-ba1c662a4a4fab81f4b84d2ac53ce3a1.yaml @@ -0,0 +1,58 @@ +id: seers-cookie-consent-banner-privacy-policy-ba1c662a4a4fab81f4b84d2ac53ce3a1 + +info: + name: > + Seers | GDPR & CCPA Cookie Consent & Compliance <= 8.1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8049bff1-3262-464b-a9fa-d216eb3ab299?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seers-cookie-consent-banner-privacy-policy/" + google-query: inurl:"/wp-content/plugins/seers-cookie-consent-banner-privacy-policy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seers-cookie-consent-banner-privacy-policy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seers-cookie-consent-banner-privacy-policy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seers-cookie-consent-banner-privacy-policy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons-f73941d406d9c3fcf56582655794e007.yaml b/nuclei-templates/cve-less/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons-f73941d406d9c3fcf56582655794e007.yaml new file mode 100644 index 0000000000..c1c9bf3d85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons-f73941d406d9c3fcf56582655794e007.yaml @@ -0,0 +1,58 @@ +id: select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons-f73941d406d9c3fcf56582655794e007 + +info: + name: > + Select All Categories and Taxonomies, Change Checkbox to Radio Buttons < 1.3.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bacc29c3-a1fc-4e75-a3e2-cd3d6aac9554?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons/" + google-query: inurl:"/wp-content/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sell-downloads-1db698397280ce7aca6c9daca8c7b7c7.yaml b/nuclei-templates/cve-less/plugins/sell-downloads-1db698397280ce7aca6c9daca8c7b7c7.yaml new file mode 100644 index 0000000000..4d4fcf78c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sell-downloads-1db698397280ce7aca6c9daca8c7b7c7.yaml @@ -0,0 +1,58 @@ +id: sell-downloads-1db698397280ce7aca6c9daca8c7b7c7 + +info: + name: > + Sell Downloads <= 1.0.7 - Improper Input Validation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f24e753e-2eb0-49a2-9fb1-68daaca12816?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sell-downloads/" + google-query: inurl:"/wp-content/plugins/sell-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sell-downloads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sell-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sell-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sell-downloads-95e1f751d91cfff872210a09f6fcaf59.yaml b/nuclei-templates/cve-less/plugins/sell-downloads-95e1f751d91cfff872210a09f6fcaf59.yaml new file mode 100644 index 0000000000..0c24bc741e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sell-downloads-95e1f751d91cfff872210a09f6fcaf59.yaml @@ -0,0 +1,58 @@ +id: sell-downloads-95e1f751d91cfff872210a09f6fcaf59 + +info: + name: > + Sell Downloads <= 1.0.1 - Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72d9efad-9afd-4d7a-a1dd-7623a9e5a7db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sell-downloads/" + google-query: inurl:"/wp-content/plugins/sell-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sell-downloads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sell-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sell-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sell-media-c56e654821bb31914422facf9fd1d9d9.yaml b/nuclei-templates/cve-less/plugins/sell-media-c56e654821bb31914422facf9fd1d9d9.yaml new file mode 100644 index 0000000000..728ee01996 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sell-media-c56e654821bb31914422facf9fd1d9d9.yaml @@ -0,0 +1,58 @@ +id: sell-media-c56e654821bb31914422facf9fd1d9d9 + +info: + name: > + Sell Media <= 2.5.5 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da4592b6-5e84-4a89-9ade-6cc227740d32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sell-media/" + google-query: inurl:"/wp-content/plugins/sell-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sell-media,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sell-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sell-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sell-media-d6132019cfaa7b420b3260f07bd086fb.yaml b/nuclei-templates/cve-less/plugins/sell-media-d6132019cfaa7b420b3260f07bd086fb.yaml new file mode 100644 index 0000000000..93ea1a8f9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sell-media-d6132019cfaa7b420b3260f07bd086fb.yaml @@ -0,0 +1,58 @@ +id: sell-media-d6132019cfaa7b420b3260f07bd086fb + +info: + name: > + Sell Media <= 2.4.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41307a48-d49d-402f-bd3f-96b99afe6a42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sell-media/" + google-query: inurl:"/wp-content/plugins/sell-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sell-media,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sell-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sell-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sellkit-eb3ea92b0c5a4b0e8e1f707fd264374b.yaml b/nuclei-templates/cve-less/plugins/sellkit-eb3ea92b0c5a4b0e8e1f707fd264374b.yaml new file mode 100644 index 0000000000..680022776a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sellkit-eb3ea92b0c5a4b0e8e1f707fd264374b.yaml @@ -0,0 +1,58 @@ +id: sellkit-eb3ea92b0c5a4b0e8e1f707fd264374b + +info: + name: > + SellKit <= 1.8.1 - Authenticated (Subscriber+) Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21bc2595-0760-42a6-b11b-3f7609223d8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sellkit/" + google-query: inurl:"/wp-content/plugins/sellkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sellkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sellkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sellkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sema-api-3fb8bbd93e29c77c2c10fff01c5754a2.yaml b/nuclei-templates/cve-less/plugins/sema-api-3fb8bbd93e29c77c2c10fff01c5754a2.yaml new file mode 100644 index 0000000000..5518c0d59b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sema-api-3fb8bbd93e29c77c2c10fff01c5754a2.yaml @@ -0,0 +1,58 @@ +id: sema-api-3fb8bbd93e29c77c2c10fff01c5754a2 + +info: + name: > + SEMA API <= 3.64 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5183d676-eb91-4c03-8d12-c15c68839f02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sema-api/" + google-query: inurl:"/wp-content/plugins/sema-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sema-api,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sema-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sema-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.64') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/semalt-42f2aed82645b4c22a964230d4cf5c0e.yaml b/nuclei-templates/cve-less/plugins/semalt-42f2aed82645b4c22a964230d4cf5c0e.yaml new file mode 100644 index 0000000000..0ccde6569c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/semalt-42f2aed82645b4c22a964230d4cf5c0e.yaml @@ -0,0 +1,58 @@ +id: semalt-42f2aed82645b4c22a964230d4cf5c0e + +info: + name: > + Semalt Blocker <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a658d150-bcd5-4334-b07a-e09b3995169d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/semalt/" + google-query: inurl:"/wp-content/plugins/semalt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,semalt,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/semalt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "semalt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/send-pdf-for-contact-form-7-5c801a046ddb1fac8004d7794f007242.yaml b/nuclei-templates/cve-less/plugins/send-pdf-for-contact-form-7-5c801a046ddb1fac8004d7794f007242.yaml new file mode 100644 index 0000000000..6d4f8fc26e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/send-pdf-for-contact-form-7-5c801a046ddb1fac8004d7794f007242.yaml @@ -0,0 +1,58 @@ +id: send-pdf-for-contact-form-7-5c801a046ddb1fac8004d7794f007242 + +info: + name: > + Send PDF for Contact Form 7 <= 1.0.2.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0646fcba-afe5-49a2-acd5-e15d009926c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/send-pdf-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/send-pdf-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,send-pdf-for-contact-form-7,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/send-pdf-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "send-pdf-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/send-pdf-for-contact-form-7-fbdeefe8fdc61a2e9093fee1505ec5f9.yaml b/nuclei-templates/cve-less/plugins/send-pdf-for-contact-form-7-fbdeefe8fdc61a2e9093fee1505ec5f9.yaml new file mode 100644 index 0000000000..6b8f192543 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/send-pdf-for-contact-form-7-fbdeefe8fdc61a2e9093fee1505ec5f9.yaml @@ -0,0 +1,58 @@ +id: send-pdf-for-contact-form-7-fbdeefe8fdc61a2e9093fee1505ec5f9 + +info: + name: > + Send PDF for Contact Form 7 <= 0.9.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f4a939c-ba6c-4401-8139-a57e727ceb0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/send-pdf-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/send-pdf-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,send-pdf-for-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/send-pdf-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "send-pdf-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/send-users-email-0f1df16e8eed1b185bf479b1f2bd0199.yaml b/nuclei-templates/cve-less/plugins/send-users-email-0f1df16e8eed1b185bf479b1f2bd0199.yaml new file mode 100644 index 0000000000..75e069f6d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/send-users-email-0f1df16e8eed1b185bf479b1f2bd0199.yaml @@ -0,0 +1,58 @@ +id: send-users-email-0f1df16e8eed1b185bf479b1f2bd0199 + +info: + name: > + Send Users Email <= 1.4.3 - Sensitive Information Exposure via Error Logs + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d50e9bb-e357-42d3-b131-468511b8e98a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/send-users-email/" + google-query: inurl:"/wp-content/plugins/send-users-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,send-users-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/send-users-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "send-users-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sender-5aca3acdcafb2379cade4b6c2df42ece.yaml b/nuclei-templates/cve-less/plugins/sender-5aca3acdcafb2379cade4b6c2df42ece.yaml new file mode 100644 index 0000000000..f582249f3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sender-5aca3acdcafb2379cade4b6c2df42ece.yaml @@ -0,0 +1,58 @@ +id: sender-5aca3acdcafb2379cade4b6c2df42ece + +info: + name: > + Sender by BestWebSoft <= 1.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de957e90-5758-46f3-90f8-521b47d247ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sender/" + google-query: inurl:"/wp-content/plugins/sender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sender,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sendgrid-email-delivery-simplified-526f9a50eb94365c6edf2a44fc6ceed7.yaml b/nuclei-templates/cve-less/plugins/sendgrid-email-delivery-simplified-526f9a50eb94365c6edf2a44fc6ceed7.yaml new file mode 100644 index 0000000000..ad22f86ccd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sendgrid-email-delivery-simplified-526f9a50eb94365c6edf2a44fc6ceed7.yaml @@ -0,0 +1,58 @@ +id: sendgrid-email-delivery-simplified-526f9a50eb94365c6edf2a44fc6ceed7 + +info: + name: > + SendGrid <= 1.11.8 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cc416cc-49a4-4752-86e7-acc52ba4f92d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sendgrid-email-delivery-simplified/" + google-query: inurl:"/wp-content/plugins/sendgrid-email-delivery-simplified/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sendgrid-email-delivery-simplified,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sendgrid-email-delivery-simplified/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sendgrid-email-delivery-simplified" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sendit-85ac26fe1ed37dc881dfc2a5252c3fa6.yaml b/nuclei-templates/cve-less/plugins/sendit-85ac26fe1ed37dc881dfc2a5252c3fa6.yaml new file mode 100644 index 0000000000..63f5c04069 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sendit-85ac26fe1ed37dc881dfc2a5252c3fa6.yaml @@ -0,0 +1,58 @@ +id: sendit-85ac26fe1ed37dc881dfc2a5252c3fa6 + +info: + name: > + Sendit WP Newsletter <= 2.5.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f922ea86-5876-40ce-82ee-fb2b6dbddf17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sendit/" + google-query: inurl:"/wp-content/plugins/sendit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sendit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sendit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sendit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sendpress-349038bfb8ad974ae4bba5615712f5b9.yaml b/nuclei-templates/cve-less/plugins/sendpress-349038bfb8ad974ae4bba5615712f5b9.yaml new file mode 100644 index 0000000000..936f19a316 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sendpress-349038bfb8ad974ae4bba5615712f5b9.yaml @@ -0,0 +1,58 @@ +id: sendpress-349038bfb8ad974ae4bba5615712f5b9 + +info: + name: > + SendPress Newsletters <= 1.23.11.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f03dfbd4-b34a-46ab-b8aa-e37fb0321e8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sendpress/" + google-query: inurl:"/wp-content/plugins/sendpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sendpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sendpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sendpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sendpress-359a63479caac5270f841c962366bff8.yaml b/nuclei-templates/cve-less/plugins/sendpress-359a63479caac5270f841c962366bff8.yaml new file mode 100644 index 0000000000..f01dc11197 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sendpress-359a63479caac5270f841c962366bff8.yaml @@ -0,0 +1,58 @@ +id: sendpress-359a63479caac5270f841c962366bff8 + +info: + name: > + SendPress Newsletters <= 1.22.3.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbce42a0-29a7-40df-973c-1fe7338f6c94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sendpress/" + google-query: inurl:"/wp-content/plugins/sendpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sendpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sendpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sendpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.22.3.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sendpress-572ada3e2b5cfd266bbe4d55b671ea76.yaml b/nuclei-templates/cve-less/plugins/sendpress-572ada3e2b5cfd266bbe4d55b671ea76.yaml new file mode 100644 index 0000000000..3a9c7c36f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sendpress-572ada3e2b5cfd266bbe4d55b671ea76.yaml @@ -0,0 +1,58 @@ +id: sendpress-572ada3e2b5cfd266bbe4d55b671ea76 + +info: + name: > + SendPress Newsletters <= 1.23.11.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d173077-06c4-4a23-a664-0be8516053ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sendpress/" + google-query: inurl:"/wp-content/plugins/sendpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sendpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sendpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sendpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sendpress-81e845426b35bbadfec4fa7948427e09.yaml b/nuclei-templates/cve-less/plugins/sendpress-81e845426b35bbadfec4fa7948427e09.yaml new file mode 100644 index 0000000000..b2b495f812 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sendpress-81e845426b35bbadfec4fa7948427e09.yaml @@ -0,0 +1,58 @@ +id: sendpress-81e845426b35bbadfec4fa7948427e09 + +info: + name: > + SendPress Newsletters <= 1.23.11.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cd6e69b-f927-4cea-a838-5c73f52233a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sendpress/" + google-query: inurl:"/wp-content/plugins/sendpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sendpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sendpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sendpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sendpress-9ba240bc312b43fe5719cb9b5a56a769.yaml b/nuclei-templates/cve-less/plugins/sendpress-9ba240bc312b43fe5719cb9b5a56a769.yaml new file mode 100644 index 0000000000..f5035926f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sendpress-9ba240bc312b43fe5719cb9b5a56a769.yaml @@ -0,0 +1,58 @@ +id: sendpress-9ba240bc312b43fe5719cb9b5a56a769 + +info: + name: > + SendPress Newsletters <= 1.23.11.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb70339c-0f1a-4acc-af7a-8a0320fdfe71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sendpress/" + google-query: inurl:"/wp-content/plugins/sendpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sendpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sendpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sendpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sendpress-f386ff3f48b7d778335b6a97f6c41a43.yaml b/nuclei-templates/cve-less/plugins/sendpress-f386ff3f48b7d778335b6a97f6c41a43.yaml new file mode 100644 index 0000000000..ebb99c9dbc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sendpress-f386ff3f48b7d778335b6a97f6c41a43.yaml @@ -0,0 +1,58 @@ +id: sendpress-f386ff3f48b7d778335b6a97f6c41a43 + +info: + name: > + SendPress Newsletters < 1.2 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a758fcbe-1be0-4845-9ce9-795f3e5c4bd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sendpress/" + google-query: inurl:"/wp-content/plugins/sendpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sendpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sendpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sendpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sendpulse-web-push-30e35a536fd4afd5cb956f988fb6ecbc.yaml b/nuclei-templates/cve-less/plugins/sendpulse-web-push-30e35a536fd4afd5cb956f988fb6ecbc.yaml new file mode 100644 index 0000000000..15a7c334d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sendpulse-web-push-30e35a536fd4afd5cb956f988fb6ecbc.yaml @@ -0,0 +1,58 @@ +id: sendpulse-web-push-30e35a536fd4afd5cb956f988fb6ecbc + +info: + name: > + SendPulse Free Web Push <= 1.3.1 - Cross-Site Request Forgery via sendpulse_config + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/654727e0-6129-47c7-94f3-10567b1a42d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sendpulse-web-push/" + google-query: inurl:"/wp-content/plugins/sendpulse-web-push/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sendpulse-web-push,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sendpulse-web-push/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sendpulse-web-push" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sensei-lms-6892cd1d0b697581c7511a564b22d2f3.yaml b/nuclei-templates/cve-less/plugins/sensei-lms-6892cd1d0b697581c7511a564b22d2f3.yaml new file mode 100644 index 0000000000..a3df4e784f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sensei-lms-6892cd1d0b697581c7511a564b22d2f3.yaml @@ -0,0 +1,58 @@ +id: sensei-lms-6892cd1d0b697581c7511a564b22d2f3 + +info: + name: > + Sensei LMS <= 4.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/031995fb-48c4-4f56-8b64-d66a47b2fbe9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sensei-lms/" + google-query: inurl:"/wp-content/plugins/sensei-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sensei-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sensei-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sensei-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sensei-lms-a7ff75affe3888f63fffbde3a81a35a3.yaml b/nuclei-templates/cve-less/plugins/sensei-lms-a7ff75affe3888f63fffbde3a81a35a3.yaml new file mode 100644 index 0000000000..9c0a8f4d24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sensei-lms-a7ff75affe3888f63fffbde3a81a35a3.yaml @@ -0,0 +1,58 @@ +id: sensei-lms-a7ff75affe3888f63fffbde3a81a35a3 + +info: + name: > + Sensei LMS <= 4.5.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1520cce-4ed7-4815-9023-4a994200601a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sensei-lms/" + google-query: inurl:"/wp-content/plugins/sensei-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sensei-lms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sensei-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sensei-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sensei-lms-c6ad96281ff7d4df0c44c10217f4d0ea.yaml b/nuclei-templates/cve-less/plugins/sensei-lms-c6ad96281ff7d4df0c44c10217f4d0ea.yaml new file mode 100644 index 0000000000..d02fa29e7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sensei-lms-c6ad96281ff7d4df0c44c10217f4d0ea.yaml @@ -0,0 +1,58 @@ +id: sensei-lms-c6ad96281ff7d4df0c44c10217f4d0ea + +info: + name: > + Sensei LMS <= 4.4.3 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/989f4c4b-e0d6-4755-89ef-6cf4624f5473?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sensei-lms/" + google-query: inurl:"/wp-content/plugins/sensei-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sensei-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sensei-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sensei-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-301-meta-1d87fdeb396f4600b280560afe2112ee.yaml b/nuclei-templates/cve-less/plugins/seo-301-meta-1d87fdeb396f4600b280560afe2112ee.yaml new file mode 100644 index 0000000000..115447a5be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-301-meta-1d87fdeb396f4600b280560afe2112ee.yaml @@ -0,0 +1,58 @@ +id: seo-301-meta-1d87fdeb396f4600b280560afe2112ee + +info: + name: > + Seo 301 Meta <= 1.9.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a9a836-34c1-4ef3-9cde-c7ccb3163165?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-301-meta/" + google-query: inurl:"/wp-content/plugins/seo-301-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-301-meta,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-301-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-301-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-alert-437f4f4319341eb71e66802d9a46e647.yaml b/nuclei-templates/cve-less/plugins/seo-alert-437f4f4319341eb71e66802d9a46e647.yaml new file mode 100644 index 0000000000..2e69cb0c8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-alert-437f4f4319341eb71e66802d9a46e647.yaml @@ -0,0 +1,58 @@ +id: seo-alert-437f4f4319341eb71e66802d9a46e647 + +info: + name: > + SEO ALert <= 1.5.9 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a19b102-e097-46b3-9804-71edb91b3daa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-alert/" + google-query: inurl:"/wp-content/plugins/seo-alert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-alert,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-alert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-alert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-automatic-links-40b96ba14c189bc5294c696f541a5a2a.yaml b/nuclei-templates/cve-less/plugins/seo-automatic-links-40b96ba14c189bc5294c696f541a5a2a.yaml new file mode 100644 index 0000000000..34bdec3871 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-automatic-links-40b96ba14c189bc5294c696f541a5a2a.yaml @@ -0,0 +1,58 @@ +id: seo-automatic-links-40b96ba14c189bc5294c696f541a5a2a + +info: + name: > + SEO Smart Links <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a677eed-0344-457e-aa5f-3b94a624462c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-automatic-links/" + google-query: inurl:"/wp-content/plugins/seo-automatic-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-automatic-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-automatic-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-automatic-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-automatic-wp-core-tweaks-ed27c4cd836ec804d97b971161525852.yaml b/nuclei-templates/cve-less/plugins/seo-automatic-wp-core-tweaks-ed27c4cd836ec804d97b971161525852.yaml new file mode 100644 index 0000000000..c3121a6625 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-automatic-wp-core-tweaks-ed27c4cd836ec804d97b971161525852.yaml @@ -0,0 +1,58 @@ +id: seo-automatic-wp-core-tweaks-ed27c4cd836ec804d97b971161525852 + +info: + name: > + Core Tweaks WP Setup <= 4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15681d8b-df7b-48c5-bba8-658baf9b9bf1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-automatic-wp-core-tweaks/" + google-query: inurl:"/wp-content/plugins/seo-automatic-wp-core-tweaks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-automatic-wp-core-tweaks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-automatic-wp-core-tweaks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-automatic-wp-core-tweaks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-backlink-monitor-a957dbe1122815a4d921b97d5fcd30d4.yaml b/nuclei-templates/cve-less/plugins/seo-backlink-monitor-a957dbe1122815a4d921b97d5fcd30d4.yaml new file mode 100644 index 0000000000..63cc7acaa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-backlink-monitor-a957dbe1122815a4d921b97d5fcd30d4.yaml @@ -0,0 +1,58 @@ +id: seo-backlink-monitor-a957dbe1122815a4d921b97d5fcd30d4 + +info: + name: > + SEO Backlink Monitor <= 1.5.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97f16bad-f0ad-44cc-bb07-04ce33d0cdf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-backlink-monitor/" + google-query: inurl:"/wp-content/plugins/seo-backlink-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-backlink-monitor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-backlink-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-backlink-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-backlinks-896998a582295bc584998dec0e35768b.yaml b/nuclei-templates/cve-less/plugins/seo-backlinks-896998a582295bc584998dec0e35768b.yaml new file mode 100644 index 0000000000..c1556b53b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-backlinks-896998a582295bc584998dec0e35768b.yaml @@ -0,0 +1,58 @@ +id: seo-backlinks-896998a582295bc584998dec0e35768b + +info: + name: > + SEO Backlinks <= 4.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69ffb5fb-16f5-4ef8-81c5-b119da859488?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-backlinks/" + google-query: inurl:"/wp-content/plugins/seo-backlinks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-backlinks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-backlinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-backlinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-booster-9732cad9519d7ec0a87d22f95e1da009.yaml b/nuclei-templates/cve-less/plugins/seo-booster-9732cad9519d7ec0a87d22f95e1da009.yaml new file mode 100644 index 0000000000..a689eaf4a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-booster-9732cad9519d7ec0a87d22f95e1da009.yaml @@ -0,0 +1,58 @@ +id: seo-booster-9732cad9519d7ec0a87d22f95e1da009 + +info: + name: > + SEO Booster <= 3.8.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a87c261-5452-48c9-ab4a-2cf6af0fef56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-booster/" + google-query: inurl:"/wp-content/plugins/seo-booster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-booster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-booster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-booster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-booster-cc60724a02e2069155463638fe585163.yaml b/nuclei-templates/cve-less/plugins/seo-booster-cc60724a02e2069155463638fe585163.yaml new file mode 100644 index 0000000000..735d4aad0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-booster-cc60724a02e2069155463638fe585163.yaml @@ -0,0 +1,58 @@ +id: seo-booster-cc60724a02e2069155463638fe585163 + +info: + name: > + SEO Booster <= 3.7 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7adba0a-2f3b-43d8-b00a-8521dd0c6a2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-booster/" + google-query: inurl:"/wp-content/plugins/seo-booster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-booster,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-booster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-booster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-10web-70a47ff6f5488e7468e76cf5273bfb81.yaml b/nuclei-templates/cve-less/plugins/seo-by-10web-70a47ff6f5488e7468e76cf5273bfb81.yaml new file mode 100644 index 0000000000..2efb0055f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-10web-70a47ff6f5488e7468e76cf5273bfb81.yaml @@ -0,0 +1,58 @@ +id: seo-by-10web-70a47ff6f5488e7468e76cf5273bfb81 + +info: + name: > + SEO By 10Web <= 1.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a850176-973c-49aa-a420-e379223b6dc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-10web/" + google-query: inurl:"/wp-content/plugins/seo-by-10web/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-10web,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-10web/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-10web" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-10web-fcebd70d7bd0fae30a9aee2fa4de1dca.yaml b/nuclei-templates/cve-less/plugins/seo-by-10web-fcebd70d7bd0fae30a9aee2fa4de1dca.yaml new file mode 100644 index 0000000000..f79f104ac2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-10web-fcebd70d7bd0fae30a9aee2fa4de1dca.yaml @@ -0,0 +1,58 @@ +id: seo-by-10web-fcebd70d7bd0fae30a9aee2fa4de1dca + +info: + name: > + Seo By 10Web <= 1.2.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4533554-52e4-44b4-9230-b6e3feb2e4a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-10web/" + google-query: inurl:"/wp-content/plugins/seo-by-10web/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-10web,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-10web/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-10web" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-rank-math-0412effdb25dc1c079b5ac901ba8eb41.yaml b/nuclei-templates/cve-less/plugins/seo-by-rank-math-0412effdb25dc1c079b5ac901ba8eb41.yaml new file mode 100644 index 0000000000..2d8ed5203e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-rank-math-0412effdb25dc1c079b5ac901ba8eb41.yaml @@ -0,0 +1,58 @@ +id: seo-by-rank-math-0412effdb25dc1c079b5ac901ba8eb41 + +info: + name: > + Rank Math SEO with AI SEO Tools <= 1.0.214 - Authenticated(Contributor+) Stored Cross-Site Scripting via HowTo block attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81a82caf-4013-42c4-ad63-4e13bfa4322f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-rank-math/" + google-query: inurl:"/wp-content/plugins/seo-by-rank-math/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-rank-math,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-rank-math/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-rank-math" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.214') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-rank-math-149aa3cdb8f6dba02a1015d8c51445b9.yaml b/nuclei-templates/cve-less/plugins/seo-by-rank-math-149aa3cdb8f6dba02a1015d8c51445b9.yaml new file mode 100644 index 0000000000..b44797ffd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-rank-math-149aa3cdb8f6dba02a1015d8c51445b9.yaml @@ -0,0 +1,58 @@ +id: seo-by-rank-math-149aa3cdb8f6dba02a1015d8c51445b9 + +info: + name: > + Rank Math SEO with AI SEO Tools <= 1.0.216 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleWrapper' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21341d9c-9f04-4bc6-b9fc-6fa8afd3cf5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-rank-math/" + google-query: inurl:"/wp-content/plugins/seo-by-rank-math/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-rank-math,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-rank-math/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-rank-math" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.216') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-rank-math-29a6c7e2607d1c0248462dad6e8d2dae.yaml b/nuclei-templates/cve-less/plugins/seo-by-rank-math-29a6c7e2607d1c0248462dad6e8d2dae.yaml new file mode 100644 index 0000000000..fad4e4524e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-rank-math-29a6c7e2607d1c0248462dad6e8d2dae.yaml @@ -0,0 +1,58 @@ +id: seo-by-rank-math-29a6c7e2607d1c0248462dad6e8d2dae + +info: + name: > + Rank Math SEO <= 1.0.40.2 - Redirect Creation via Unprotected REST API Endpoint + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80dfc293-a182-4ed5-9127-6ec788312416?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-rank-math/" + google-query: inurl:"/wp-content/plugins/seo-by-rank-math/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-rank-math,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-rank-math/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-rank-math" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-rank-math-3cd75b090f3018ee840ae18474ab15b1.yaml b/nuclei-templates/cve-less/plugins/seo-by-rank-math-3cd75b090f3018ee840ae18474ab15b1.yaml new file mode 100644 index 0000000000..7f5c9ab208 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-rank-math-3cd75b090f3018ee840ae18474ab15b1.yaml @@ -0,0 +1,58 @@ +id: seo-by-rank-math-3cd75b090f3018ee840ae18474ab15b1 + +info: + name: > + Rank Math SEO with AI Best SEO Tools <= 1.0.217 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96eba67c-58e7-4eea-84d4-9b3bb275b42d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-rank-math/" + google-query: inurl:"/wp-content/plugins/seo-by-rank-math/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-rank-math,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-rank-math/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-rank-math" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.217') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-rank-math-424aba97fb32ef1aa4a45220d2d79ae0.yaml b/nuclei-templates/cve-less/plugins/seo-by-rank-math-424aba97fb32ef1aa4a45220d2d79ae0.yaml new file mode 100644 index 0000000000..6856bbbeb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-rank-math-424aba97fb32ef1aa4a45220d2d79ae0.yaml @@ -0,0 +1,58 @@ +id: seo-by-rank-math-424aba97fb32ef1aa4a45220d2d79ae0 + +info: + name: > + Rank Math SEO <= 1.0.27 - Authenticated Settings Reset via reset-cmb Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1be68c82-c22c-4d45-8c7f-a7aa21fe3ddf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-rank-math/" + google-query: inurl:"/wp-content/plugins/seo-by-rank-math/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-rank-math,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-rank-math/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-rank-math" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.27.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-rank-math-4309b7c0188a30115c93b002a27055be.yaml b/nuclei-templates/cve-less/plugins/seo-by-rank-math-4309b7c0188a30115c93b002a27055be.yaml new file mode 100644 index 0000000000..af57dca55b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-rank-math-4309b7c0188a30115c93b002a27055be.yaml @@ -0,0 +1,58 @@ +id: seo-by-rank-math-4309b7c0188a30115c93b002a27055be + +info: + name: > + Rank Math SEO <= 1.0.95 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17f8e2a0-b23f-4706-8438-7a6573a29933?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-rank-math/" + google-query: inurl:"/wp-content/plugins/seo-by-rank-math/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-rank-math,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-rank-math/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-rank-math" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.95') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-rank-math-4aca4e8ed2773f54fe21e7e09f146650.yaml b/nuclei-templates/cve-less/plugins/seo-by-rank-math-4aca4e8ed2773f54fe21e7e09f146650.yaml new file mode 100644 index 0000000000..708d25d190 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-rank-math-4aca4e8ed2773f54fe21e7e09f146650.yaml @@ -0,0 +1,58 @@ +id: seo-by-rank-math-4aca4e8ed2773f54fe21e7e09f146650 + +info: + name: > + Rank Math SEO <= 1.0.40.2 - Privilege Escalation via Unprotected REST API Endpoint + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba1a25e9-bac3-4f76-8324-3035be94da4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-rank-math/" + google-query: inurl:"/wp-content/plugins/seo-by-rank-math/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-rank-math,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-rank-math/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-rank-math" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-rank-math-50ad7e6a87a7ec0f76525597202c2f2f.yaml b/nuclei-templates/cve-less/plugins/seo-by-rank-math-50ad7e6a87a7ec0f76525597202c2f2f.yaml new file mode 100644 index 0000000000..b73ddb4eff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-rank-math-50ad7e6a87a7ec0f76525597202c2f2f.yaml @@ -0,0 +1,58 @@ +id: seo-by-rank-math-50ad7e6a87a7ec0f76525597202c2f2f + +info: + name: > + Rank Math SEO <= 1.0.119 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9117c46b-33cc-41f5-98e9-4dac8d6352d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-rank-math/" + google-query: inurl:"/wp-content/plugins/seo-by-rank-math/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-rank-math,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-rank-math/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-rank-math" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.119.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-rank-math-f745637cf5ff648ecffd79a7f071d200.yaml b/nuclei-templates/cve-less/plugins/seo-by-rank-math-f745637cf5ff648ecffd79a7f071d200.yaml new file mode 100644 index 0000000000..6b307b50b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-rank-math-f745637cf5ff648ecffd79a7f071d200.yaml @@ -0,0 +1,58 @@ +id: seo-by-rank-math-f745637cf5ff648ecffd79a7f071d200 + +info: + name: > + RankMath SEO <= 1.0.107.2 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f8634d1-9201-4af5-9e06-c28ffcb51046?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-rank-math/" + google-query: inurl:"/wp-content/plugins/seo-by-rank-math/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-rank-math,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-rank-math/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-rank-math" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.107.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-by-rank-math-pro-8be746d8d4f7199896166d7de62beb9e.yaml b/nuclei-templates/cve-less/plugins/seo-by-rank-math-pro-8be746d8d4f7199896166d7de62beb9e.yaml new file mode 100644 index 0000000000..d3a1b4fb3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-by-rank-math-pro-8be746d8d4f7199896166d7de62beb9e.yaml @@ -0,0 +1,58 @@ +id: seo-by-rank-math-pro-8be746d8d4f7199896166d7de62beb9e + +info: + name: > + Rank Math SEO PRO <= 3.0.35 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4ec9001-c4aa-4db3-b7d7-29afa243f78a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-by-rank-math-pro/" + google-query: inurl:"/wp-content/plugins/seo-by-rank-math-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-by-rank-math-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-by-rank-math-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-by-rank-math-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-change-monitor-b91a2480651782f3bb16ba3659354dba.yaml b/nuclei-templates/cve-less/plugins/seo-change-monitor-b91a2480651782f3bb16ba3659354dba.yaml new file mode 100644 index 0000000000..f0ba0ca3ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-change-monitor-b91a2480651782f3bb16ba3659354dba.yaml @@ -0,0 +1,58 @@ +id: seo-change-monitor-b91a2480651782f3bb16ba3659354dba + +info: + name: > + SEO Change Monitor <= 1.2 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4f19302-70a5-4132-b841-fba1dd86a0d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-change-monitor/" + google-query: inurl:"/wp-content/plugins/seo-change-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-change-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-change-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-change-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-dashboard-by-gutewebsites-de-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/seo-dashboard-by-gutewebsites-de-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..f821b734a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-dashboard-by-gutewebsites-de-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: seo-dashboard-by-gutewebsites-de-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-dashboard-by-gutewebsites-de/" + google-query: inurl:"/wp-content/plugins/seo-dashboard-by-gutewebsites-de/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-dashboard-by-gutewebsites-de,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-dashboard-by-gutewebsites-de/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-dashboard-by-gutewebsites-de" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-for-woocommerce-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/seo-for-woocommerce-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..40a215984a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-for-woocommerce-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: seo-for-woocommerce-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/seo-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-local-rank-2ef18c0d57d1cdd92f75ace88711d88f.yaml b/nuclei-templates/cve-less/plugins/seo-local-rank-2ef18c0d57d1cdd92f75ace88711d88f.yaml new file mode 100644 index 0000000000..a09f25eeed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-local-rank-2ef18c0d57d1cdd92f75ace88711d88f.yaml @@ -0,0 +1,58 @@ +id: seo-local-rank-2ef18c0d57d1cdd92f75ace88711d88f + +info: + name: > + True Ranker <= 2.2.2 - Directory Traversal/Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ce8ed18-2164-4b5a-b1d3-fda8d348ebf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-local-rank/" + google-query: inurl:"/wp-content/plugins/seo-local-rank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-local-rank,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-local-rank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-local-rank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-redirection-1f2d414ddc2a277c0bf1caa864fd45b1.yaml b/nuclei-templates/cve-less/plugins/seo-redirection-1f2d414ddc2a277c0bf1caa864fd45b1.yaml new file mode 100644 index 0000000000..1270f17849 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-redirection-1f2d414ddc2a277c0bf1caa864fd45b1.yaml @@ -0,0 +1,58 @@ +id: seo-redirection-1f2d414ddc2a277c0bf1caa864fd45b1 + +info: + name: > + SEO Redirection Plugin - 301 Redirect Manager <= 6.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d88433a-dff4-4524-9b1a-1ef929568a52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-redirection/" + google-query: inurl:"/wp-content/plugins/seo-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-redirection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-redirection-73f794bdb6d5d5ebc6d4220191ef5dda.yaml b/nuclei-templates/cve-less/plugins/seo-redirection-73f794bdb6d5d5ebc6d4220191ef5dda.yaml new file mode 100644 index 0000000000..a5d881000b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-redirection-73f794bdb6d5d5ebc6d4220191ef5dda.yaml @@ -0,0 +1,58 @@ +id: seo-redirection-73f794bdb6d5d5ebc6d4220191ef5dda + +info: + name: > + SEO Redirection Plugin – 301 Redirect Manager <= 8.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6985e92d-0e7c-409c-a4ab-1edbadad3715?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-redirection/" + google-query: inurl:"/wp-content/plugins/seo-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-redirection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-redirection-81580e623be1bd11eb139b9bedb99985.yaml b/nuclei-templates/cve-less/plugins/seo-redirection-81580e623be1bd11eb139b9bedb99985.yaml new file mode 100644 index 0000000000..d0614ba757 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-redirection-81580e623be1bd11eb139b9bedb99985.yaml @@ -0,0 +1,58 @@ +id: seo-redirection-81580e623be1bd11eb139b9bedb99985 + +info: + name: > + SEO Redirection <= 8.1 - Subscriber+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20033eb0-512f-48ea-8ef7-e22701a2c5d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-redirection/" + google-query: inurl:"/wp-content/plugins/seo-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-redirection,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-redirection-82c66bd49c9670a47844ee08f2e1dfec.yaml b/nuclei-templates/cve-less/plugins/seo-redirection-82c66bd49c9670a47844ee08f2e1dfec.yaml new file mode 100644 index 0000000000..6ccfa43c4e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-redirection-82c66bd49c9670a47844ee08f2e1dfec.yaml @@ -0,0 +1,58 @@ +id: seo-redirection-82c66bd49c9670a47844ee08f2e1dfec + +info: + name: > + SEO Redirection <= 6.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29d962c0-31dc-4320-a9ce-3ed71d4f9943?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-redirection/" + google-query: inurl:"/wp-content/plugins/seo-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-redirection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-redirection-da0195abc3fd621c83febd2fb7f0bcc9.yaml b/nuclei-templates/cve-less/plugins/seo-redirection-da0195abc3fd621c83febd2fb7f0bcc9.yaml new file mode 100644 index 0000000000..b0803ffab1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-redirection-da0195abc3fd621c83febd2fb7f0bcc9.yaml @@ -0,0 +1,58 @@ +id: seo-redirection-da0195abc3fd621c83febd2fb7f0bcc9 + +info: + name: > + SEO Redirection <= 4.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11ad65cd-941f-4605-8b69-59146b2d59db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-redirection/" + google-query: inurl:"/wp-content/plugins/seo-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-redirection,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-redirection-ea58f8019f8858d1a6e5612496c6cdb0.yaml b/nuclei-templates/cve-less/plugins/seo-redirection-ea58f8019f8858d1a6e5612496c6cdb0.yaml new file mode 100644 index 0000000000..fced2afb76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-redirection-ea58f8019f8858d1a6e5612496c6cdb0.yaml @@ -0,0 +1,58 @@ +id: seo-redirection-ea58f8019f8858d1a6e5612496c6cdb0 + +info: + name: > + SEO Redirection Plugin <= 8.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48069ad5-0779-444b-8215-d1f08b493108?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-redirection/" + google-query: inurl:"/wp-content/plugins/seo-redirection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-redirection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-redirection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-redirection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-slider-afa388cb5079dcd3f29d050e7cf600e7.yaml b/nuclei-templates/cve-less/plugins/seo-slider-afa388cb5079dcd3f29d050e7cf600e7.yaml new file mode 100644 index 0000000000..988b524299 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-slider-afa388cb5079dcd3f29d050e7cf600e7.yaml @@ -0,0 +1,58 @@ +id: seo-slider-afa388cb5079dcd3f29d050e7cf600e7 + +info: + name: > + SEO Slider <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32bc88a7-93ed-4d67-9383-b6d935a0df4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-slider/" + google-query: inurl:"/wp-content/plugins/seo-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seo-title-tag-f5e5ea8fe0a79e328718fc83043de80f.yaml b/nuclei-templates/cve-less/plugins/seo-title-tag-f5e5ea8fe0a79e328718fc83043de80f.yaml new file mode 100644 index 0000000000..b0e0782473 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seo-title-tag-f5e5ea8fe0a79e328718fc83043de80f.yaml @@ -0,0 +1,58 @@ +id: seo-title-tag-f5e5ea8fe0a79e328718fc83043de80f + +info: + name: > + SEO Title Tag <= 3.5.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9c9f8db-26e4-4f79-88a3-9be1f5772ebe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seo-title-tag/" + google-query: inurl:"/wp-content/plugins/seo-title-tag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seo-title-tag,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seo-title-tag/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seo-title-tag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seos-contact-form-54eacca3ec158df026692c600567e01e.yaml b/nuclei-templates/cve-less/plugins/seos-contact-form-54eacca3ec158df026692c600567e01e.yaml new file mode 100644 index 0000000000..5b1279e11f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seos-contact-form-54eacca3ec158df026692c600567e01e.yaml @@ -0,0 +1,58 @@ +id: seos-contact-form-54eacca3ec158df026692c600567e01e + +info: + name: > + Seos Contact Form <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62b2113a-70a2-4223-8c6c-6cd15057d72d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seos-contact-form/" + google-query: inurl:"/wp-content/plugins/seos-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seos-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seos-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seos-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seosamba-webmasters-2163947a7faebedb99b02ea382f621f0.yaml b/nuclei-templates/cve-less/plugins/seosamba-webmasters-2163947a7faebedb99b02ea382f621f0.yaml new file mode 100644 index 0000000000..34c469d413 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seosamba-webmasters-2163947a7faebedb99b02ea382f621f0.yaml @@ -0,0 +1,58 @@ +id: seosamba-webmasters-2163947a7faebedb99b02ea382f621f0 + +info: + name: > + SeoSamba for WordPress Webmasters <= 1.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0140f2-ceaa-4589-b1ad-1daa244aa3cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seosamba-webmasters/" + google-query: inurl:"/wp-content/plugins/seosamba-webmasters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seosamba-webmasters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seosamba-webmasters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seosamba-webmasters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sequential-order-numbers-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/sequential-order-numbers-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..b8c007802e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sequential-order-numbers-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: sequential-order-numbers-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sequential-order-numbers-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/sequential-order-numbers-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sequential-order-numbers-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sequential-order-numbers-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sequential-order-numbers-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seraphinite-accelerator-2677f82c6e08d61546678037c73f3707.yaml b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-2677f82c6e08d61546678037c73f3707.yaml new file mode 100644 index 0000000000..015d38126a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-2677f82c6e08d61546678037c73f3707.yaml @@ -0,0 +1,58 @@ +id: seraphinite-accelerator-2677f82c6e08d61546678037c73f3707 + +info: + name: > + Seraphinite Accelerator <= 2.20.47 - Unauthenticated Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5991df2-1aab-4d07-9e30-1257aa9ec884?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seraphinite-accelerator/" + google-query: inurl:"/wp-content/plugins/seraphinite-accelerator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seraphinite-accelerator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seraphinite-accelerator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seraphinite-accelerator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.47') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seraphinite-accelerator-4bb5304c273d308af87d9ef184195800.yaml b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-4bb5304c273d308af87d9ef184195800.yaml new file mode 100644 index 0000000000..4b8cc51491 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-4bb5304c273d308af87d9ef184195800.yaml @@ -0,0 +1,58 @@ +id: seraphinite-accelerator-4bb5304c273d308af87d9ef184195800 + +info: + name: > + Seraphinite Accelerator (Base, cache only) <= 2.20.31 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2b32fdc-b73f-48e5-88bf-e836ec2f791f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seraphinite-accelerator/" + google-query: inurl:"/wp-content/plugins/seraphinite-accelerator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seraphinite-accelerator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seraphinite-accelerator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seraphinite-accelerator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seraphinite-accelerator-68b6ddf8373e9922e3759838ef90fc9f.yaml b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-68b6ddf8373e9922e3759838ef90fc9f.yaml new file mode 100644 index 0000000000..dbd45544bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-68b6ddf8373e9922e3759838ef90fc9f.yaml @@ -0,0 +1,58 @@ +id: seraphinite-accelerator-68b6ddf8373e9922e3759838ef90fc9f + +info: + name: > + Seraphinite Accelerator <= 2.20.28 - Reflected Cross-Site Scripting via 'rt' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9dc90b13-2f36-45bc-991c-f1927ae9253d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seraphinite-accelerator/" + google-query: inurl:"/wp-content/plugins/seraphinite-accelerator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seraphinite-accelerator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seraphinite-accelerator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seraphinite-accelerator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seraphinite-accelerator-c1c389ad46f0bb17d071702dede0897b.yaml b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-c1c389ad46f0bb17d071702dede0897b.yaml new file mode 100644 index 0000000000..1e227fd3f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-c1c389ad46f0bb17d071702dede0897b.yaml @@ -0,0 +1,58 @@ +id: seraphinite-accelerator-c1c389ad46f0bb17d071702dede0897b + +info: + name: > + Seraphinite Accelerator <= 2.20.28 - Arbitrary Redirect via 'redir' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d6dd532-008b-4ce9-beca-baf5b3678a0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seraphinite-accelerator/" + google-query: inurl:"/wp-content/plugins/seraphinite-accelerator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seraphinite-accelerator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seraphinite-accelerator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seraphinite-accelerator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seraphinite-accelerator-d2de41ee5b97d7c9433fd01d3f1c9751.yaml b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-d2de41ee5b97d7c9433fd01d3f1c9751.yaml new file mode 100644 index 0000000000..f2fcc6c003 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-d2de41ee5b97d7c9433fd01d3f1c9751.yaml @@ -0,0 +1,58 @@ +id: seraphinite-accelerator-d2de41ee5b97d7c9433fd01d3f1c9751 + +info: + name: > + Seraphinite Accelerator <= 2.20.52 - Authenticated (Subscriber+) Server-Side Request Forgery in OnAdminApi_HtmlCheck + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07287a85-df00-408a-8b02-978fd3116155?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seraphinite-accelerator/" + google-query: inurl:"/wp-content/plugins/seraphinite-accelerator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seraphinite-accelerator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seraphinite-accelerator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seraphinite-accelerator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seraphinite-accelerator-dab17f74e7c510ebeda6e16b5ea6519f.yaml b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-dab17f74e7c510ebeda6e16b5ea6519f.yaml new file mode 100644 index 0000000000..2d0eda9297 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seraphinite-accelerator-dab17f74e7c510ebeda6e16b5ea6519f.yaml @@ -0,0 +1,58 @@ +id: seraphinite-accelerator-dab17f74e7c510ebeda6e16b5ea6519f + +info: + name: > + Seraphinite Accelerator <= 2.20.28 - Reflected Cross-Site Scripting via rt + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53356d15-8db0-4015-addf-9bf66446e81f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seraphinite-accelerator/" + google-query: inurl:"/wp-content/plugins/seraphinite-accelerator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seraphinite-accelerator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seraphinite-accelerator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seraphinite-accelerator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seraphinite-post-docx-source-ca69de4894a78d151874e42160f8d4e3.yaml b/nuclei-templates/cve-less/plugins/seraphinite-post-docx-source-ca69de4894a78d151874e42160f8d4e3.yaml new file mode 100644 index 0000000000..c6b50661cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seraphinite-post-docx-source-ca69de4894a78d151874e42160f8d4e3.yaml @@ -0,0 +1,58 @@ +id: seraphinite-post-docx-source-ca69de4894a78d151874e42160f8d4e3 + +info: + name: > + Seraphinite Post .DOCX Source <= 2.16.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfcc2ab2-504d-4151-9435-618e317ce95c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seraphinite-post-docx-source/" + google-query: inurl:"/wp-content/plugins/seraphinite-post-docx-source/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seraphinite-post-docx-source,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seraphinite-post-docx-source/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seraphinite-post-docx-source" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/serial-codes-generator-and-validator-0bd471365f33bde2fc9b3cf18367b907.yaml b/nuclei-templates/cve-less/plugins/serial-codes-generator-and-validator-0bd471365f33bde2fc9b3cf18367b907.yaml new file mode 100644 index 0000000000..d1e8f8918e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/serial-codes-generator-and-validator-0bd471365f33bde2fc9b3cf18367b907.yaml @@ -0,0 +1,58 @@ +id: serial-codes-generator-and-validator-0bd471365f33bde2fc9b3cf18367b907 + +info: + name: > + Serial Codes Generator and Validator with WooCommerce Support <= 2.4.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4886822-3a05-45b3-ad1d-4d4a4f921817?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/serial-codes-generator-and-validator/" + google-query: inurl:"/wp-content/plugins/serial-codes-generator-and-validator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,serial-codes-generator-and-validator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/serial-codes-generator-and-validator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "serial-codes-generator-and-validator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-483e7e9040acb4dde997f1c7e60efa41.yaml b/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-483e7e9040acb4dde997f1c7e60efa41.yaml new file mode 100644 index 0000000000..e8242d273f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-483e7e9040acb4dde997f1c7e60efa41.yaml @@ -0,0 +1,58 @@ +id: seriously-simple-podcasting-483e7e9040acb4dde997f1c7e60efa41 + +info: + name: > + Seriously Simple Podcasting <= 3.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eba81d49-7af5-4031-aa0e-43c2fa61cd38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seriously-simple-podcasting/" + google-query: inurl:"/wp-content/plugins/seriously-simple-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seriously-simple-podcasting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seriously-simple-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seriously-simple-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-7d9695bdca873940197ea6a55e88c78a.yaml b/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-7d9695bdca873940197ea6a55e88c78a.yaml new file mode 100644 index 0000000000..92ee175826 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-7d9695bdca873940197ea6a55e88c78a.yaml @@ -0,0 +1,58 @@ +id: seriously-simple-podcasting-7d9695bdca873940197ea6a55e88c78a + +info: + name: > + Seriously Simple Podcasting <= 2.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b40a40d1-d12f-4fe6-b155-83a1f1a5a494?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seriously-simple-podcasting/" + google-query: inurl:"/wp-content/plugins/seriously-simple-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seriously-simple-podcasting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seriously-simple-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seriously-simple-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.19.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-bd3f97a6db76b6dcae059be482b558f5.yaml b/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-bd3f97a6db76b6dcae059be482b558f5.yaml new file mode 100644 index 0000000000..e9203655c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-bd3f97a6db76b6dcae059be482b558f5.yaml @@ -0,0 +1,58 @@ +id: seriously-simple-podcasting-bd3f97a6db76b6dcae059be482b558f5 + +info: + name: > + Seriously Simple Podcasting <= 2.16.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f02945e0-6214-46c4-ada8-49e8161d2ce4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seriously-simple-podcasting/" + google-query: inurl:"/wp-content/plugins/seriously-simple-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seriously-simple-podcasting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seriously-simple-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seriously-simple-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-d610c8cf7006865b0eb76d0efb43ad21.yaml b/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-d610c8cf7006865b0eb76d0efb43ad21.yaml new file mode 100644 index 0000000000..a97b5899f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seriously-simple-podcasting-d610c8cf7006865b0eb76d0efb43ad21.yaml @@ -0,0 +1,58 @@ +id: seriously-simple-podcasting-d610c8cf7006865b0eb76d0efb43ad21 + +info: + name: > + Seriously Simple Podcasting <= 2.25.3 - Unauthenticated Email Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5268485f-d912-4c2d-a0ad-aabb69f9c98c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seriously-simple-podcasting/" + google-query: inurl:"/wp-content/plugins/seriously-simple-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seriously-simple-podcasting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seriously-simple-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seriously-simple-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.25.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seriously-simple-stats-80f967b027a6da96dccfd0c385ae1ac0.yaml b/nuclei-templates/cve-less/plugins/seriously-simple-stats-80f967b027a6da96dccfd0c385ae1ac0.yaml new file mode 100644 index 0000000000..c5a705b5a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seriously-simple-stats-80f967b027a6da96dccfd0c385ae1ac0.yaml @@ -0,0 +1,58 @@ +id: seriously-simple-stats-80f967b027a6da96dccfd0c385ae1ac0 + +info: + name: > + Seriously Simple Stats <= 1.5.0 - Authenticated (Podcast manager+) SQL Injection via order_by + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46150f65-e662-4539-ae99-eaee297a2608?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seriously-simple-stats/" + google-query: inurl:"/wp-content/plugins/seriously-simple-stats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seriously-simple-stats,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seriously-simple-stats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seriously-simple-stats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seriously-simple-stats-c2e5ca7c3943870cf107630ce8a7ec83.yaml b/nuclei-templates/cve-less/plugins/seriously-simple-stats-c2e5ca7c3943870cf107630ce8a7ec83.yaml new file mode 100644 index 0000000000..7ee8c5caed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seriously-simple-stats-c2e5ca7c3943870cf107630ce8a7ec83.yaml @@ -0,0 +1,58 @@ +id: seriously-simple-stats-c2e5ca7c3943870cf107630ce8a7ec83 + +info: + name: > + Seriously Simple Stats <= 1.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92734acf-2021-4217-8cdd-a9d269198db3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seriously-simple-stats/" + google-query: inurl:"/wp-content/plugins/seriously-simple-stats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seriously-simple-stats,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seriously-simple-stats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seriously-simple-stats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sermon-browser-63d4ee9917fcafc47225c3c77377bf2f.yaml b/nuclei-templates/cve-less/plugins/sermon-browser-63d4ee9917fcafc47225c3c77377bf2f.yaml new file mode 100644 index 0000000000..e5f82505a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sermon-browser-63d4ee9917fcafc47225c3c77377bf2f.yaml @@ -0,0 +1,58 @@ +id: sermon-browser-63d4ee9917fcafc47225c3c77377bf2f + +info: + name: > + Sermon Browser <= 0.45.22 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e1a68fb-51c6-4567-9a50-78ed44ccac21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sermon-browser/" + google-query: inurl:"/wp-content/plugins/sermon-browser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sermon-browser,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sermon-browser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sermon-browser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.45.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sermon-browser-9660e0224b9760d1af88fd4611d7d759.yaml b/nuclei-templates/cve-less/plugins/sermon-browser-9660e0224b9760d1af88fd4611d7d759.yaml new file mode 100644 index 0000000000..fcc35f96b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sermon-browser-9660e0224b9760d1af88fd4611d7d759.yaml @@ -0,0 +1,58 @@ +id: sermon-browser-9660e0224b9760d1af88fd4611d7d759 + +info: + name: > + Sermon Browser <= 0.45.15 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4671556c-d902-4294-9e25-47e3d0e2ca98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sermon-browser/" + google-query: inurl:"/wp-content/plugins/sermon-browser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sermon-browser,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sermon-browser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sermon-browser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.45.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sermone-online-sermons-management-71b25caf3907e04060e0d61d5bb4a2e5.yaml b/nuclei-templates/cve-less/plugins/sermone-online-sermons-management-71b25caf3907e04060e0d61d5bb4a2e5.yaml new file mode 100644 index 0000000000..347cc78b78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sermone-online-sermons-management-71b25caf3907e04060e0d61d5bb4a2e5.yaml @@ -0,0 +1,58 @@ +id: sermone-online-sermons-management-71b25caf3907e04060e0d61d5bb4a2e5 + +info: + name: > + Sermon'e <= 1.0.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e1bfb29-80e7-4122-ab61-ef7c1dd8ebaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sermone-online-sermons-management/" + google-query: inurl:"/wp-content/plugins/sermone-online-sermons-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sermone-online-sermons-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sermone-online-sermons-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sermone-online-sermons-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sermone-online-sermons-management-bcc8790a8d36a1db91c142f8ad59d902.yaml b/nuclei-templates/cve-less/plugins/sermone-online-sermons-management-bcc8790a8d36a1db91c142f8ad59d902.yaml new file mode 100644 index 0000000000..bfe0e2c5b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sermone-online-sermons-management-bcc8790a8d36a1db91c142f8ad59d902.yaml @@ -0,0 +1,58 @@ +id: sermone-online-sermons-management-bcc8790a8d36a1db91c142f8ad59d902 + +info: + name: > + Sermon'e – Sermons Online <= 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c17678e-6598-4e80-b121-beae822b9f81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sermone-online-sermons-management/" + google-query: inurl:"/wp-content/plugins/sermone-online-sermons-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sermone-online-sermons-management,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sermone-online-sermons-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sermone-online-sermons-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/server-status-by-hostnameip-70cdf6a74f267301ff9a7a0c0a03da5b.yaml b/nuclei-templates/cve-less/plugins/server-status-by-hostnameip-70cdf6a74f267301ff9a7a0c0a03da5b.yaml new file mode 100644 index 0000000000..a831275b41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/server-status-by-hostnameip-70cdf6a74f267301ff9a7a0c0a03da5b.yaml @@ -0,0 +1,58 @@ +id: server-status-by-hostnameip-70cdf6a74f267301ff9a7a0c0a03da5b + +info: + name: > + Server Status by Hostname/IP <= 4.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6e114a3-8a17-4c79-9829-374646b53ed4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/server-status-by-hostnameip/" + google-query: inurl:"/wp-content/plugins/server-status-by-hostnameip/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,server-status-by-hostnameip,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/server-status-by-hostnameip/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "server-status-by-hostnameip" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/service-area-postcode-checker-bb6a55b0c6e726b2a2ecec4b50c8f7ea.yaml b/nuclei-templates/cve-less/plugins/service-area-postcode-checker-bb6a55b0c6e726b2a2ecec4b50c8f7ea.yaml new file mode 100644 index 0000000000..d8ad946a01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/service-area-postcode-checker-bb6a55b0c6e726b2a2ecec4b50c8f7ea.yaml @@ -0,0 +1,58 @@ +id: service-area-postcode-checker-bb6a55b0c6e726b2a2ecec4b50c8f7ea + +info: + name: > + Service Area Postcode Checker <= 2.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da8dd02f-0d9f-44a2-bcad-1e392668dd67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/service-area-postcode-checker/" + google-query: inurl:"/wp-content/plugins/service-area-postcode-checker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,service-area-postcode-checker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/service-area-postcode-checker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "service-area-postcode-checker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/setka-editor-8a1f943914f4672fa3bb0af353ac1cbd.yaml b/nuclei-templates/cve-less/plugins/setka-editor-8a1f943914f4672fa3bb0af353ac1cbd.yaml new file mode 100644 index 0000000000..aeee0547e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/setka-editor-8a1f943914f4672fa3bb0af353ac1cbd.yaml @@ -0,0 +1,58 @@ +id: setka-editor-8a1f943914f4672fa3bb0af353ac1cbd + +info: + name: > + Setka Editor <= 2.1.20 - Cross-Site Request Forgery via handleRequest + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7058306f-ec20-4722-aaa1-552a75945a1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/setka-editor/" + google-query: inurl:"/wp-content/plugins/setka-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,setka-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/setka-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "setka-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seur-01f666d1348f15c58dad4eff11007661.yaml b/nuclei-templates/cve-less/plugins/seur-01f666d1348f15c58dad4eff11007661.yaml new file mode 100644 index 0000000000..7db83946e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seur-01f666d1348f15c58dad4eff11007661.yaml @@ -0,0 +1,58 @@ +id: seur-01f666d1348f15c58dad4eff11007661 + +info: + name: > + SEUR Oficial <= 1.6.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3543ce7-328e-4db8-8993-8cd78af997de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seur/" + google-query: inurl:"/wp-content/plugins/seur/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seur,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seur/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seur" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/seur-0ca7c41649d0f082ad6681a5a0217ff7.yaml b/nuclei-templates/cve-less/plugins/seur-0ca7c41649d0f082ad6681a5a0217ff7.yaml new file mode 100644 index 0000000000..cf3d2c6326 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/seur-0ca7c41649d0f082ad6681a5a0217ff7.yaml @@ -0,0 +1,58 @@ +id: seur-0ca7c41649d0f082ad6681a5a0217ff7 + +info: + name: > + SEUR Oficial < 1.7.2 - Authenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58e1a5a1-800f-45e8-a356-759ba568d7c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/seur/" + google-query: inurl:"/wp-content/plugins/seur/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,seur,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/seur/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "seur" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sexy-contact-form-df188a4635663bfa5512f1ac98e2f946.yaml b/nuclei-templates/cve-less/plugins/sexy-contact-form-df188a4635663bfa5512f1ac98e2f946.yaml new file mode 100644 index 0000000000..1ff3d2be24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sexy-contact-form-df188a4635663bfa5512f1ac98e2f946.yaml @@ -0,0 +1,58 @@ +id: sexy-contact-form-df188a4635663bfa5512f1ac98e2f946 + +info: + name: > + Creative Contact Form < 1.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39ced195-63a7-4f50-a4eb-b43d6069f7e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sexy-contact-form/" + google-query: inurl:"/wp-content/plugins/sexy-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sexy-contact-form,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sexy-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sexy-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sexybookmarks-5031bc59caa3037821df61e5a345c90f.yaml b/nuclei-templates/cve-less/plugins/sexybookmarks-5031bc59caa3037821df61e5a345c90f.yaml new file mode 100644 index 0000000000..05ac131e6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sexybookmarks-5031bc59caa3037821df61e5a345c90f.yaml @@ -0,0 +1,58 @@ +id: sexybookmarks-5031bc59caa3037821df61e5a345c90f + +info: + name: > + SexyBookmarks <= 6.1.4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1ae2060-5eca-47c9-a196-0ff75c3f523e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sexybookmarks/" + google-query: inurl:"/wp-content/plugins/sexybookmarks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sexybookmarks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sexybookmarks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sexybookmarks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sfwd-lms-02626784075443390163f8db5670c28a.yaml b/nuclei-templates/cve-less/plugins/sfwd-lms-02626784075443390163f8db5670c28a.yaml new file mode 100644 index 0000000000..aa62670dac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sfwd-lms-02626784075443390163f8db5670c28a.yaml @@ -0,0 +1,58 @@ +id: sfwd-lms-02626784075443390163f8db5670c28a + +info: + name: > + LearnDash LMS <= 4.10.2 - Sensitive Information Exposure via API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae735117-e68b-448e-ad41-258d1be3aebc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sfwd-lms/" + google-query: inurl:"/wp-content/plugins/sfwd-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sfwd-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sfwd-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sfwd-lms-10a89ae66beb80eb5f5ead8cc5089e02.yaml b/nuclei-templates/cve-less/plugins/sfwd-lms-10a89ae66beb80eb5f5ead8cc5089e02.yaml new file mode 100644 index 0000000000..d13d086267 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sfwd-lms-10a89ae66beb80eb5f5ead8cc5089e02.yaml @@ -0,0 +1,58 @@ +id: sfwd-lms-10a89ae66beb80eb5f5ead8cc5089e02 + +info: + name: > + LearnDash LMS <= 2.5.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d4f47af-294a-4c3a-accd-9ae674916a38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sfwd-lms/" + google-query: inurl:"/wp-content/plugins/sfwd-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sfwd-lms,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sfwd-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sfwd-lms-13a97dd87cd8da4d2ca9cc4586e65cfe.yaml b/nuclei-templates/cve-less/plugins/sfwd-lms-13a97dd87cd8da4d2ca9cc4586e65cfe.yaml new file mode 100644 index 0000000000..3a5e33922f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sfwd-lms-13a97dd87cd8da4d2ca9cc4586e65cfe.yaml @@ -0,0 +1,58 @@ +id: sfwd-lms-13a97dd87cd8da4d2ca9cc4586e65cfe + +info: + name: > + LearnDash LMS <= 4.5.3 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40a57493-b99b-4e71-8603-e668c6283a5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sfwd-lms/" + google-query: inurl:"/wp-content/plugins/sfwd-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sfwd-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sfwd-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sfwd-lms-2a5ae121ac45c4db9286f6262f63f6e5.yaml b/nuclei-templates/cve-less/plugins/sfwd-lms-2a5ae121ac45c4db9286f6262f63f6e5.yaml new file mode 100644 index 0000000000..9b2bdce8be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sfwd-lms-2a5ae121ac45c4db9286f6262f63f6e5.yaml @@ -0,0 +1,58 @@ +id: sfwd-lms-2a5ae121ac45c4db9286f6262f63f6e5 + +info: + name: > + LearnDash <= 3.1.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e29b10e-81d5-4247-bfe8-2400bcd9aef9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sfwd-lms/" + google-query: inurl:"/wp-content/plugins/sfwd-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sfwd-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sfwd-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sfwd-lms-417dd4625c1b025667086ec6772974db.yaml b/nuclei-templates/cve-less/plugins/sfwd-lms-417dd4625c1b025667086ec6772974db.yaml new file mode 100644 index 0000000000..74b3bf84b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sfwd-lms-417dd4625c1b025667086ec6772974db.yaml @@ -0,0 +1,58 @@ +id: sfwd-lms-417dd4625c1b025667086ec6772974db + +info: + name: > + LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61ca5ab6-5fe9-4313-9b0d-8736663d0e89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sfwd-lms/" + google-query: inurl:"/wp-content/plugins/sfwd-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sfwd-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sfwd-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sfwd-lms-838c5377a3ecbc7084b894cb32f7b8cc.yaml b/nuclei-templates/cve-less/plugins/sfwd-lms-838c5377a3ecbc7084b894cb32f7b8cc.yaml new file mode 100644 index 0000000000..2350cc3b72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sfwd-lms-838c5377a3ecbc7084b894cb32f7b8cc.yaml @@ -0,0 +1,58 @@ +id: sfwd-lms-838c5377a3ecbc7084b894cb32f7b8cc + +info: + name: > + LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2318b3e1-268d-45fa-83bf-c6e88f1b9013?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sfwd-lms/" + google-query: inurl:"/wp-content/plugins/sfwd-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sfwd-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sfwd-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sfwd-lms-953891b7b02246cb4b83db8ae0e364f6.yaml b/nuclei-templates/cve-less/plugins/sfwd-lms-953891b7b02246cb4b83db8ae0e364f6.yaml new file mode 100644 index 0000000000..d30a35113f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sfwd-lms-953891b7b02246cb4b83db8ae0e364f6.yaml @@ -0,0 +1,58 @@ +id: sfwd-lms-953891b7b02246cb4b83db8ae0e364f6 + +info: + name: > + LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via assignments + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7191955e-0db1-4ad1-878b-74f90ca59c91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sfwd-lms/" + google-query: inurl:"/wp-content/plugins/sfwd-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sfwd-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sfwd-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sfwd-lms-d6e8b2f76cbc2ec5ae7e7af3679d4ed8.yaml b/nuclei-templates/cve-less/plugins/sfwd-lms-d6e8b2f76cbc2ec5ae7e7af3679d4ed8.yaml new file mode 100644 index 0000000000..9b4be7ec07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sfwd-lms-d6e8b2f76cbc2ec5ae7e7af3679d4ed8.yaml @@ -0,0 +1,58 @@ +id: sfwd-lms-d6e8b2f76cbc2ec5ae7e7af3679d4ed8 + +info: + name: > + LearnDash 3.0.0-3.1.1 - Reflected Cross Site Scripting issue on the [ld_profile] search field + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07b1efbd-0caf-412d-ac1b-ab1b27c32b8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sfwd-lms/" + google-query: inurl:"/wp-content/plugins/sfwd-lms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sfwd-lms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sfwd-lms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sfwd-lms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sg-cachepress-43f4c20972d989cec8564607e81e3507.yaml b/nuclei-templates/cve-less/plugins/sg-cachepress-43f4c20972d989cec8564607e81e3507.yaml new file mode 100644 index 0000000000..a6e5838da2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sg-cachepress-43f4c20972d989cec8564607e81e3507.yaml @@ -0,0 +1,58 @@ +id: sg-cachepress-43f4c20972d989cec8564607e81e3507 + +info: + name: > + Speed Optimizer <= 7.4.6 - Missing Authorization via purge_on_other_events() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/811253a4-6dc9-45a2-b08f-74069fdcc9ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sg-cachepress/" + google-query: inurl:"/wp-content/plugins/sg-cachepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sg-cachepress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sg-cachepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sg-cachepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sg-security-158366fe9b5b0baf92dc531e125fc491.yaml b/nuclei-templates/cve-less/plugins/sg-security-158366fe9b5b0baf92dc531e125fc491.yaml new file mode 100644 index 0000000000..5b432d1fb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sg-security-158366fe9b5b0baf92dc531e125fc491.yaml @@ -0,0 +1,58 @@ +id: sg-security-158366fe9b5b0baf92dc531e125fc491 + +info: + name: > + SiteGround Security <= 1.2.5 - Authorization Weakness to Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3a5566-eee5-4f71-9c93-e59abf913d04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sg-security/" + google-query: inurl:"/wp-content/plugins/sg-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sg-security,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sg-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sg-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sg-security-29fc5077ea2edf3a78db8c636c61b5fc.yaml b/nuclei-templates/cve-less/plugins/sg-security-29fc5077ea2edf3a78db8c636c61b5fc.yaml new file mode 100644 index 0000000000..20246cfa66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sg-security-29fc5077ea2edf3a78db8c636c61b5fc.yaml @@ -0,0 +1,58 @@ +id: sg-security-29fc5077ea2edf3a78db8c636c61b5fc + +info: + name: > + SiteGround Security <= 1.2.5 - Authentication Bypass via 2FA Setup + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5c6bf7-a653-4571-9566-574d2bb35c4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sg-security/" + google-query: inurl:"/wp-content/plugins/sg-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sg-security,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sg-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sg-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sg-security-97e524444c79464d138f78b1bdccb0af.yaml b/nuclei-templates/cve-less/plugins/sg-security-97e524444c79464d138f78b1bdccb0af.yaml new file mode 100644 index 0000000000..87334782db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sg-security-97e524444c79464d138f78b1bdccb0af.yaml @@ -0,0 +1,58 @@ +id: sg-security-97e524444c79464d138f78b1bdccb0af + +info: + name: > + SiteGround Security <= 1.3.0 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2af996d2-7430-4367-8fd9-212df6106fb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sg-security/" + google-query: inurl:"/wp-content/plugins/sg-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sg-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sg-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sg-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shantz-wordpress-qotd-b07db4dfebcda2750bc8765b2f84f5e0.yaml b/nuclei-templates/cve-less/plugins/shantz-wordpress-qotd-b07db4dfebcda2750bc8765b2f84f5e0.yaml new file mode 100644 index 0000000000..091fc0e1b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shantz-wordpress-qotd-b07db4dfebcda2750bc8765b2f84f5e0.yaml @@ -0,0 +1,58 @@ +id: shantz-wordpress-qotd-b07db4dfebcda2750bc8765b2f84f5e0 + +info: + name: > + Shantz WordPress QOTD <= 1.2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e31bf122-e3b0-43d4-afff-f3baf3aa53e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shantz-wordpress-qotd/" + google-query: inurl:"/wp-content/plugins/shantz-wordpress-qotd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shantz-wordpress-qotd,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shantz-wordpress-qotd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shantz-wordpress-qotd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shapepress-dsgvo-65fb11931177bab0fee70a7467cb7286.yaml b/nuclei-templates/cve-less/plugins/shapepress-dsgvo-65fb11931177bab0fee70a7467cb7286.yaml new file mode 100644 index 0000000000..9ad4680d3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shapepress-dsgvo-65fb11931177bab0fee70a7467cb7286.yaml @@ -0,0 +1,58 @@ +id: shapepress-dsgvo-65fb11931177bab0fee70a7467cb7286 + +info: + name: > + WP DSGVO Tools (GDPR) <= 2.2.18 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/615d35dd-a92e-4910-b0fc-ac0a7d03741a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shapepress-dsgvo/" + google-query: inurl:"/wp-content/plugins/shapepress-dsgvo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shapepress-dsgvo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shapepress-dsgvo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shapepress-dsgvo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shapepress-dsgvo-b1b317cf528065a9659ae132db582cd7.yaml b/nuclei-templates/cve-less/plugins/shapepress-dsgvo-b1b317cf528065a9659ae132db582cd7.yaml new file mode 100644 index 0000000000..91155d5143 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shapepress-dsgvo-b1b317cf528065a9659ae132db582cd7.yaml @@ -0,0 +1,58 @@ +id: shapepress-dsgvo-b1b317cf528065a9659ae132db582cd7 + +info: + name: > + WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c18ab1b-02f1-4679-8cff-679d98dc9f4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shapepress-dsgvo/" + google-query: inurl:"/wp-content/plugins/shapepress-dsgvo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shapepress-dsgvo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shapepress-dsgvo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shapepress-dsgvo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shapepress-dsgvo-c87c5ce6e1dba004330c2ec9d5dc6740.yaml b/nuclei-templates/cve-less/plugins/shapepress-dsgvo-c87c5ce6e1dba004330c2ec9d5dc6740.yaml new file mode 100644 index 0000000000..afd3399439 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shapepress-dsgvo-c87c5ce6e1dba004330c2ec9d5dc6740.yaml @@ -0,0 +1,58 @@ +id: shapepress-dsgvo-c87c5ce6e1dba004330c2ec9d5dc6740 + +info: + name: > + WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32346090-ef3e-4a42-b7e2-7f3b7a9221e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shapepress-dsgvo/" + google-query: inurl:"/wp-content/plugins/shapepress-dsgvo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shapepress-dsgvo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shapepress-dsgvo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shapepress-dsgvo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/share-and-follow-d6e1f3b40bc3ef2b92a5e3cad8048813.yaml b/nuclei-templates/cve-less/plugins/share-and-follow-d6e1f3b40bc3ef2b92a5e3cad8048813.yaml new file mode 100644 index 0000000000..3dc74ff092 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/share-and-follow-d6e1f3b40bc3ef2b92a5e3cad8048813.yaml @@ -0,0 +1,58 @@ +id: share-and-follow-d6e1f3b40bc3ef2b92a5e3cad8048813 + +info: + name: > + Share and Follow <= 1.80.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b864ff8-83fb-40e2-9264-7c57115d50f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/share-and-follow/" + google-query: inurl:"/wp-content/plugins/share-and-follow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,share-and-follow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-and-follow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-and-follow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.80.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/share-on-diaspora-94e88d16398a1d45a3247b177897a58b.yaml b/nuclei-templates/cve-less/plugins/share-on-diaspora-94e88d16398a1d45a3247b177897a58b.yaml new file mode 100644 index 0000000000..07e89b878e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/share-on-diaspora-94e88d16398a1d45a3247b177897a58b.yaml @@ -0,0 +1,58 @@ +id: share-on-diaspora-94e88d16398a1d45a3247b177897a58b + +info: + name: > + Share on Diaspora < 0.7.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01b55b59-3107-4711-8be2-8b0803c0fa69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/share-on-diaspora/" + google-query: inurl:"/wp-content/plugins/share-on-diaspora/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,share-on-diaspora,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-on-diaspora/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-on-diaspora" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/share-one-drive-bc20fc7e32cb3fbec9137570aec723f7.yaml b/nuclei-templates/cve-less/plugins/share-one-drive-bc20fc7e32cb3fbec9137570aec723f7.yaml new file mode 100644 index 0000000000..61a0ecc045 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/share-one-drive-bc20fc7e32cb3fbec9137570aec723f7.yaml @@ -0,0 +1,58 @@ +id: share-one-drive-bc20fc7e32cb3fbec9137570aec723f7 + +info: + name: > + Share-one-Drive <= 1.15.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/125e11a3-c497-484e-940b-2bcdf7f2c1ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/share-one-drive/" + google-query: inurl:"/wp-content/plugins/share-one-drive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,share-one-drive,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-one-drive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-one-drive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.15.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/share-print-pdf-woocommerce-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/share-print-pdf-woocommerce-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..dd6586f881 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/share-print-pdf-woocommerce-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: share-print-pdf-woocommerce-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/share-print-pdf-woocommerce/" + google-query: inurl:"/wp-content/plugins/share-print-pdf-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,share-print-pdf-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-print-pdf-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-print-pdf-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/share-this-32ca157e45a11cba9d0a4e52d697d9d8.yaml b/nuclei-templates/cve-less/plugins/share-this-32ca157e45a11cba9d0a4e52d697d9d8.yaml new file mode 100644 index 0000000000..32f47a7209 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/share-this-32ca157e45a11cba9d0a4e52d697d9d8.yaml @@ -0,0 +1,58 @@ +id: share-this-32ca157e45a11cba9d0a4e52d697d9d8 + +info: + name: > + ShareThis <= 7.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70d5fccb-a5df-4ffc-a716-f00e6b968b40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/share-this/" + google-query: inurl:"/wp-content/plugins/share-this/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,share-this,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-this/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-this" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/share-this-image-7bc3b9cd6e8ea033c22ca8523f43d4e5.yaml b/nuclei-templates/cve-less/plugins/share-this-image-7bc3b9cd6e8ea033c22ca8523f43d4e5.yaml new file mode 100644 index 0000000000..934ed52187 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/share-this-image-7bc3b9cd6e8ea033c22ca8523f43d4e5.yaml @@ -0,0 +1,58 @@ +id: share-this-image-7bc3b9cd6e8ea033c22ca8523f43d4e5 + +info: + name: > + Share This Image < 1.04 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5a739d5-648f-4d79-ac37-335e89127d90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/share-this-image/" + google-query: inurl:"/wp-content/plugins/share-this-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,share-this-image,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-this-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-this-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.04') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/share-this-image-a8305ef02686935203a872eb58a73ff6.yaml b/nuclei-templates/cve-less/plugins/share-this-image-a8305ef02686935203a872eb58a73ff6.yaml new file mode 100644 index 0000000000..8301833f9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/share-this-image-a8305ef02686935203a872eb58a73ff6.yaml @@ -0,0 +1,58 @@ +id: share-this-image-a8305ef02686935203a872eb58a73ff6 + +info: + name: > + Share This Image <= 1.98 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/774776dc-3780-496c-907a-0d1f86a5d0ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/share-this-image/" + google-query: inurl:"/wp-content/plugins/share-this-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,share-this-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-this-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-this-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.97') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/share-woocommerce-email-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/share-woocommerce-email-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..130898fe67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/share-woocommerce-email-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: share-woocommerce-email-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/share-woocommerce-email/" + google-query: inurl:"/wp-content/plugins/share-woocommerce-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,share-woocommerce-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/share-woocommerce-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "share-woocommerce-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shareaholic-71a9b86af5e18a20f6a7538c29ad1df9.yaml b/nuclei-templates/cve-less/plugins/shareaholic-71a9b86af5e18a20f6a7538c29ad1df9.yaml new file mode 100644 index 0000000000..93fdf0cfdc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shareaholic-71a9b86af5e18a20f6a7538c29ad1df9.yaml @@ -0,0 +1,58 @@ +id: shareaholic-71a9b86af5e18a20f6a7538c29ad1df9 + +info: + name: > + Shareaholic <= 9.7.11 - Missing Authorization via accept_terms_of_service + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cde239c-20bf-41fa-b7d6-e21b14dcbc22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shareaholic/" + google-query: inurl:"/wp-content/plugins/shareaholic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shareaholic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shareaholic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shareaholic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shareaholic-822679f46a678c28d53cacb1c12444b4.yaml b/nuclei-templates/cve-less/plugins/shareaholic-822679f46a678c28d53cacb1c12444b4.yaml new file mode 100644 index 0000000000..8de58d085a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shareaholic-822679f46a678c28d53cacb1c12444b4.yaml @@ -0,0 +1,58 @@ +id: shareaholic-822679f46a678c28d53cacb1c12444b4 + +info: + name: > + Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic <= 9.7.5 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d05f7b77-382b-422a-8096-f47291f4dc45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shareaholic/" + google-query: inurl:"/wp-content/plugins/shareaholic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shareaholic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shareaholic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shareaholic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shareaholic-d30830ee183428306dfe29b862928edf.yaml b/nuclei-templates/cve-less/plugins/shareaholic-d30830ee183428306dfe29b862928edf.yaml new file mode 100644 index 0000000000..95b35c6393 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shareaholic-d30830ee183428306dfe29b862928edf.yaml @@ -0,0 +1,58 @@ +id: shareaholic-d30830ee183428306dfe29b862928edf + +info: + name: > + WordPress Social Sharing, Related Posts & Analytics – Shareaholic < 7.6.1.0 - Authenticated (Subscriber+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0ea0d46-a6aa-4704-8e4e-051bedd4994e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shareaholic/" + google-query: inurl:"/wp-content/plugins/shareaholic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shareaholic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shareaholic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shareaholic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.6.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shareaholic-f19f31f075dbc06538f36ae8e36c55d3.yaml b/nuclei-templates/cve-less/plugins/shareaholic-f19f31f075dbc06538f36ae8e36c55d3.yaml new file mode 100644 index 0000000000..bb97375e0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shareaholic-f19f31f075dbc06538f36ae8e36c55d3.yaml @@ -0,0 +1,58 @@ +id: shareaholic-f19f31f075dbc06538f36ae8e36c55d3 + +info: + name: > + Shareaholic <= 9.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6932c6-f3ec-46a8-a03b-95512eee5bf1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shareaholic/" + google-query: inurl:"/wp-content/plugins/shareaholic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shareaholic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shareaholic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shareaholic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sharebar-2f64e4cf69164182b2f4695a0a03f04b.yaml b/nuclei-templates/cve-less/plugins/sharebar-2f64e4cf69164182b2f4695a0a03f04b.yaml new file mode 100644 index 0000000000..a3fd6b5e2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sharebar-2f64e4cf69164182b2f4695a0a03f04b.yaml @@ -0,0 +1,58 @@ +id: sharebar-2f64e4cf69164182b2f4695a0a03f04b + +info: + name: > + Sharebar <= 1.2.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f49eaf0-1273-41e8-9087-4d4ed978fce4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sharebar/" + google-query: inurl:"/wp-content/plugins/sharebar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sharebar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sharebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sharebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sharebar-61fcaed16881b56993f1d78f9758c2b3.yaml b/nuclei-templates/cve-less/plugins/sharebar-61fcaed16881b56993f1d78f9758c2b3.yaml new file mode 100644 index 0000000000..56e019e3ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sharebar-61fcaed16881b56993f1d78f9758c2b3.yaml @@ -0,0 +1,58 @@ +id: sharebar-61fcaed16881b56993f1d78f9758c2b3 + +info: + name: > + Sharebar <= 1.4.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a32267-6d99-4882-8601-8c4d36575e0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sharebar/" + google-query: inurl:"/wp-content/plugins/sharebar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sharebar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sharebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sharebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sharebar-c69d9d03bd69d8ab6bf679257ba19be1.yaml b/nuclei-templates/cve-less/plugins/sharebar-c69d9d03bd69d8ab6bf679257ba19be1.yaml new file mode 100644 index 0000000000..633152919d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sharebar-c69d9d03bd69d8ab6bf679257ba19be1.yaml @@ -0,0 +1,58 @@ +id: sharebar-c69d9d03bd69d8ab6bf679257ba19be1 + +info: + name: > + Sharebar <= 1.2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04d8b1bf-d514-4908-a30e-6ff7b8e03f82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sharebar/" + google-query: inurl:"/wp-content/plugins/sharebar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sharebar,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sharebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sharebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sharebar-c6abae1f3b36418b8b7ce31e542cc230.yaml b/nuclei-templates/cve-less/plugins/sharebar-c6abae1f3b36418b8b7ce31e542cc230.yaml new file mode 100644 index 0000000000..ffbefbea4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sharebar-c6abae1f3b36418b8b7ce31e542cc230.yaml @@ -0,0 +1,58 @@ +id: sharebar-c6abae1f3b36418b8b7ce31e542cc230 + +info: + name: > + Sharebar <= 1.4.1 - Cross-Site Request Forgery to Settings Update & Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b08fe5c-dbf4-4c22-a403-f5a6495de2f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sharebar/" + google-query: inurl:"/wp-content/plugins/sharebar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sharebar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sharebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sharebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shared-files-13647ac0f5697b4e3d7374c8bbd8f571.yaml b/nuclei-templates/cve-less/plugins/shared-files-13647ac0f5697b4e3d7374c8bbd8f571.yaml new file mode 100644 index 0000000000..6adcdaba24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shared-files-13647ac0f5697b4e3d7374c8bbd8f571.yaml @@ -0,0 +1,58 @@ +id: shared-files-13647ac0f5697b4e3d7374c8bbd8f571 + +info: + name: > + Shared Files – Easy Download Manager and File Sharing Plugin with Frontend File Upload <= 1.6.60 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97e9037e-7d7a-4dad-bce1-0211822c04c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shared-files/" + google-query: inurl:"/wp-content/plugins/shared-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shared-files,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shared-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shared-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.61') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shared-files-31aeecdc666490a1580c3359e75e5fff.yaml b/nuclei-templates/cve-less/plugins/shared-files-31aeecdc666490a1580c3359e75e5fff.yaml new file mode 100644 index 0000000000..c615b3c9a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shared-files-31aeecdc666490a1580c3359e75e5fff.yaml @@ -0,0 +1,58 @@ +id: shared-files-31aeecdc666490a1580c3359e75e5fff + +info: + name: > + Shared Files <= 1.7.16 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/560cd314-e442-4284-948f-e654445e0765?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shared-files/" + google-query: inurl:"/wp-content/plugins/shared-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shared-files,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shared-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shared-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shared-files-b62cd969ddcf5b8e9b0c69558a4a4184.yaml b/nuclei-templates/cve-less/plugins/shared-files-b62cd969ddcf5b8e9b0c69558a4a4184.yaml new file mode 100644 index 0000000000..2642a5e787 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shared-files-b62cd969ddcf5b8e9b0c69558a4a4184.yaml @@ -0,0 +1,58 @@ +id: shared-files-b62cd969ddcf5b8e9b0c69558a4a4184 + +info: + name: > + Shared Files – Easy Download Manager and File Sharing Plugin with Frontend File Upload <= 1.6.56 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e10e550-735f-4bef-8e58-bcb79c51a5a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shared-files/" + google-query: inurl:"/wp-content/plugins/shared-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shared-files,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shared-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shared-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.57') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shared-files-b6bd7791f200f7232382796f865d36f1.yaml b/nuclei-templates/cve-less/plugins/shared-files-b6bd7791f200f7232382796f865d36f1.yaml new file mode 100644 index 0000000000..50007c5625 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shared-files-b6bd7791f200f7232382796f865d36f1.yaml @@ -0,0 +1,58 @@ +id: shared-files-b6bd7791f200f7232382796f865d36f1 + +info: + name: > + Shared Files <= 1.7.5 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c4fc322-1f62-48e3-8177-4894c947624b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shared-files/" + google-query: inurl:"/wp-content/plugins/shared-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shared-files,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shared-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shared-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shareyourcart-59dd009cc3bbb81f3cf9451ec529dc99.yaml b/nuclei-templates/cve-less/plugins/shareyourcart-59dd009cc3bbb81f3cf9451ec529dc99.yaml new file mode 100644 index 0000000000..be2a38bd22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shareyourcart-59dd009cc3bbb81f3cf9451ec529dc99.yaml @@ -0,0 +1,58 @@ +id: shareyourcart-59dd009cc3bbb81f3cf9451ec529dc99 + +info: + name: > + ShareYourCart < 1.7.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c034d2a2-20c4-4c32-8cfe-b80a62bdfdeb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shareyourcart/" + google-query: inurl:"/wp-content/plugins/shareyourcart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shareyourcart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shareyourcart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shareyourcart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shariff-373cd634451823c6ebf5fcda405d8cd5.yaml b/nuclei-templates/cve-less/plugins/shariff-373cd634451823c6ebf5fcda405d8cd5.yaml new file mode 100644 index 0000000000..4e8f1a37c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shariff-373cd634451823c6ebf5fcda405d8cd5.yaml @@ -0,0 +1,58 @@ +id: shariff-373cd634451823c6ebf5fcda405d8cd5 + +info: + name: > + Shariff Wrapper <= 4.6.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00a3d8e3-17b1-488b-9c42-2479932c9bf7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shariff/" + google-query: inurl:"/wp-content/plugins/shariff/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shariff,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shariff/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shariff" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shariff-76ebe4a4bfefd9bdb89c2aafde46a61c.yaml b/nuclei-templates/cve-less/plugins/shariff-76ebe4a4bfefd9bdb89c2aafde46a61c.yaml new file mode 100644 index 0000000000..2a8b861fe3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shariff-76ebe4a4bfefd9bdb89c2aafde46a61c.yaml @@ -0,0 +1,58 @@ +id: shariff-76ebe4a4bfefd9bdb89c2aafde46a61c + +info: + name: > + Shariff Wrapper <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8588f9e8-441c-4b9e-bd78-8526d8c28fa3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shariff/" + google-query: inurl:"/wp-content/plugins/shariff/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shariff,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shariff/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shariff" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shariff-91995026ff620283dce0ded1573ce367.yaml b/nuclei-templates/cve-less/plugins/shariff-91995026ff620283dce0ded1573ce367.yaml new file mode 100644 index 0000000000..443381eea8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shariff-91995026ff620283dce0ded1573ce367.yaml @@ -0,0 +1,58 @@ +id: shariff-91995026ff620283dce0ded1573ce367 + +info: + name: > + Shariff Wrapper <= 4.6.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab9c383-14da-479d-9709-1ae154dae398?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shariff/" + google-query: inurl:"/wp-content/plugins/shariff/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shariff,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shariff/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shariff" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shariff-9868f32ae613992060ba083e76a3d3bf.yaml b/nuclei-templates/cve-less/plugins/shariff-9868f32ae613992060ba083e76a3d3bf.yaml new file mode 100644 index 0000000000..96515abee8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shariff-9868f32ae613992060ba083e76a3d3bf.yaml @@ -0,0 +1,58 @@ +id: shariff-9868f32ae613992060ba083e76a3d3bf + +info: + name: > + Shariff Wrapper <= 4.6.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cac2a45e-f09e-4639-9a45-68d528a5094e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shariff/" + google-query: inurl:"/wp-content/plugins/shariff/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shariff,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shariff/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shariff" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-2681315eb5322b6e8d1489c4efcc7445.yaml b/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-2681315eb5322b6e8d1489c4efcc7445.yaml new file mode 100644 index 0000000000..ab92f09973 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-2681315eb5322b6e8d1489c4efcc7445.yaml @@ -0,0 +1,58 @@ +id: sheets-to-wp-table-live-sync-2681315eb5322b6e8d1489c4efcc7445 + +info: + name: > + Sheets To WP Table Live Sync <= 3.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45112069-9831-41d5-b868-8007ccfe9839?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sheets-to-wp-table-live-sync/" + google-query: inurl:"/wp-content/plugins/sheets-to-wp-table-live-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sheets-to-wp-table-live-sync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sheets-to-wp-table-live-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sheets-to-wp-table-live-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-5eb00ad2756b2388ac92152e000bcf7c.yaml b/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-5eb00ad2756b2388ac92152e000bcf7c.yaml new file mode 100644 index 0000000000..3e826a5f49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-5eb00ad2756b2388ac92152e000bcf7c.yaml @@ -0,0 +1,58 @@ +id: sheets-to-wp-table-live-sync-5eb00ad2756b2388ac92152e000bcf7c + +info: + name: > + Sheets To WP Table Live Sync <= 2.12.15 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f70221e6-59a4-4151-9688-f06e194f51ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sheets-to-wp-table-live-sync/" + google-query: inurl:"/wp-content/plugins/sheets-to-wp-table-live-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sheets-to-wp-table-live-sync,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sheets-to-wp-table-live-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sheets-to-wp-table-live-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..497df1a1d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: sheets-to-wp-table-live-sync-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sheets-to-wp-table-live-sync/" + google-query: inurl:"/wp-content/plugins/sheets-to-wp-table-live-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sheets-to-wp-table-live-sync,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sheets-to-wp-table-live-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sheets-to-wp-table-live-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..00c505ed54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sheets-to-wp-table-live-sync-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: sheets-to-wp-table-live-sync-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sheets-to-wp-table-live-sync/" + google-query: inurl:"/wp-content/plugins/sheets-to-wp-table-live-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sheets-to-wp-table-live-sync,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sheets-to-wp-table-live-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sheets-to-wp-table-live-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shibboleth-6be8e2d8421b17caa2e2804c1c44200c.yaml b/nuclei-templates/cve-less/plugins/shibboleth-6be8e2d8421b17caa2e2804c1c44200c.yaml new file mode 100644 index 0000000000..6b58eda37a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shibboleth-6be8e2d8421b17caa2e2804c1c44200c.yaml @@ -0,0 +1,58 @@ +id: shibboleth-6be8e2d8421b17caa2e2804c1c44200c + +info: + name: > + Shibboleth <= 1.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cd8ea73-81f3-41fe-bb1e-403d2645ff39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shibboleth/" + google-query: inurl:"/wp-content/plugins/shibboleth/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shibboleth,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shibboleth/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shibboleth" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shiftcontroller-6d8b84eb17134784244ee11191ce581e.yaml b/nuclei-templates/cve-less/plugins/shiftcontroller-6d8b84eb17134784244ee11191ce581e.yaml new file mode 100644 index 0000000000..7c5ed81d17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shiftcontroller-6d8b84eb17134784244ee11191ce581e.yaml @@ -0,0 +1,58 @@ +id: shiftcontroller-6d8b84eb17134784244ee11191ce581e + +info: + name: > + ShiftController Employee Shift Scheduling <= 4.9.25 - Reflected Cross-Site Scripting via Query String + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c61212-e68e-4198-b078-18121576b767?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shiftcontroller/" + google-query: inurl:"/wp-content/plugins/shiftcontroller/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shiftcontroller,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shiftcontroller/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shiftcontroller" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shiftcontroller-8d232cf88104a0bce1dc247150d7aae4.yaml b/nuclei-templates/cve-less/plugins/shiftcontroller-8d232cf88104a0bce1dc247150d7aae4.yaml new file mode 100644 index 0000000000..f911b6838f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shiftcontroller-8d232cf88104a0bce1dc247150d7aae4.yaml @@ -0,0 +1,58 @@ +id: shiftcontroller-8d232cf88104a0bce1dc247150d7aae4 + +info: + name: > + ShiftController Employee Shift Scheduling <= 4.9.23 - Unauthenticated Stored Cross-Site Scripting via 'hc-title' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc38990f-0079-46de-8197-0187189d90d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shiftcontroller/" + google-query: inurl:"/wp-content/plugins/shiftcontroller/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shiftcontroller,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shiftcontroller/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shiftcontroller" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shiftcontroller-d67e7665ddd98551189d5ed08461e85a.yaml b/nuclei-templates/cve-less/plugins/shiftcontroller-d67e7665ddd98551189d5ed08461e85a.yaml new file mode 100644 index 0000000000..77ae38f047 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shiftcontroller-d67e7665ddd98551189d5ed08461e85a.yaml @@ -0,0 +1,58 @@ +id: shiftcontroller-d67e7665ddd98551189d5ed08461e85a + +info: + name: > + ShiftController Employee Shift Scheduling <= 4.9.23 - Cross-Site Request Forgery via get + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca058dde-48fd-46f4-b16c-97cdf79578ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shiftcontroller/" + google-query: inurl:"/wp-content/plugins/shiftcontroller/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shiftcontroller,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shiftcontroller/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shiftcontroller" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shiftnav-responsive-mobile-menu-178a0b2872232b9ff07f79c6391e0625.yaml b/nuclei-templates/cve-less/plugins/shiftnav-responsive-mobile-menu-178a0b2872232b9ff07f79c6391e0625.yaml new file mode 100644 index 0000000000..e4148ede6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shiftnav-responsive-mobile-menu-178a0b2872232b9ff07f79c6391e0625.yaml @@ -0,0 +1,58 @@ +id: shiftnav-responsive-mobile-menu-178a0b2872232b9ff07f79c6391e0625 + +info: + name: > + ShiftNav – Responsive Mobile Menu <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36b71a50-270a-4960-bf31-e888df84e619?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shiftnav-responsive-mobile-menu/" + google-query: inurl:"/wp-content/plugins/shiftnav-responsive-mobile-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shiftnav-responsive-mobile-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shiftnav-responsive-mobile-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shiftnav-responsive-mobile-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shiny-buttons-2cc10dd6846c3b5a424c2d4d83378809.yaml b/nuclei-templates/cve-less/plugins/shiny-buttons-2cc10dd6846c3b5a424c2d4d83378809.yaml new file mode 100644 index 0000000000..a7afd3d28f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shiny-buttons-2cc10dd6846c3b5a424c2d4d83378809.yaml @@ -0,0 +1,58 @@ +id: shiny-buttons-2cc10dd6846c3b5a424c2d4d83378809 + +info: + name: > + Shiny Buttons – CSS3 Button Generator for WordPress <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d57e4c3b-6e0d-40d5-bcf3-10af797d2f1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shiny-buttons/" + google-query: inurl:"/wp-content/plugins/shiny-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shiny-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shiny-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shiny-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shipping-labels-for-woo-7232fed6406ae4ba37d22f0a1efb507e.yaml b/nuclei-templates/cve-less/plugins/shipping-labels-for-woo-7232fed6406ae4ba37d22f0a1efb507e.yaml new file mode 100644 index 0000000000..f07e91ff84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shipping-labels-for-woo-7232fed6406ae4ba37d22f0a1efb507e.yaml @@ -0,0 +1,58 @@ +id: shipping-labels-for-woo-7232fed6406ae4ba37d22f0a1efb507e + +info: + name: > + WooCommerce Shipping Label <= 2.3.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f770bc3-8ccc-4160-9e79-e1c0dee42b73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shipping-labels-for-woo/" + google-query: inurl:"/wp-content/plugins/shipping-labels-for-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shipping-labels-for-woo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shipping-labels-for-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shipping-labels-for-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shockingly-simple-favicon-7f858d0082d9f9b3baf67bc48e2d6a9b.yaml b/nuclei-templates/cve-less/plugins/shockingly-simple-favicon-7f858d0082d9f9b3baf67bc48e2d6a9b.yaml new file mode 100644 index 0000000000..a18caa4db9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shockingly-simple-favicon-7f858d0082d9f9b3baf67bc48e2d6a9b.yaml @@ -0,0 +1,58 @@ +id: shockingly-simple-favicon-7f858d0082d9f9b3baf67bc48e2d6a9b + +info: + name: > + Shockingly Simple Favicon <= 1.8.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd7a1440-18f5-4bcb-a4cf-c4713375d0a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shockingly-simple-favicon/" + google-query: inurl:"/wp-content/plugins/shockingly-simple-favicon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shockingly-simple-favicon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shockingly-simple-favicon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shockingly-simple-favicon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shop-page-wp-2bd96fa6fc397c3dffcc3e90ed6550f2.yaml b/nuclei-templates/cve-less/plugins/shop-page-wp-2bd96fa6fc397c3dffcc3e90ed6550f2.yaml new file mode 100644 index 0000000000..099bfe0aee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shop-page-wp-2bd96fa6fc397c3dffcc3e90ed6550f2.yaml @@ -0,0 +1,58 @@ +id: shop-page-wp-2bd96fa6fc397c3dffcc3e90ed6550f2 + +info: + name: > + Shop Page WP <= 1.2.7 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9ed9a77-5a51-4664-a8a5-579824f8eae7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shop-page-wp/" + google-query: inurl:"/wp-content/plugins/shop-page-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shop-page-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shop-page-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shop-page-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shopconstruct-f40061e389876ea9a0c58de3f34fe3a0.yaml b/nuclei-templates/cve-less/plugins/shopconstruct-f40061e389876ea9a0c58de3f34fe3a0.yaml new file mode 100644 index 0000000000..b6d8d1da32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shopconstruct-f40061e389876ea9a0c58de3f34fe3a0.yaml @@ -0,0 +1,58 @@ +id: shopconstruct-f40061e389876ea9a0c58de3f34fe3a0 + +info: + name: > + ShopConstruct – Product Catalog, Shopping Cart and eCommerce solution for Store <= 1.1.2 - Reflected Cross-Site Scripting via multiple parameters + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e74ee0d-f03d-4139-a192-2a45d5f619dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shopconstruct/" + google-query: inurl:"/wp-content/plugins/shopconstruct/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shopconstruct,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shopconstruct/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shopconstruct" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shopengine-129b979d8e67fbc88666813fc32a0c22.yaml b/nuclei-templates/cve-less/plugins/shopengine-129b979d8e67fbc88666813fc32a0c22.yaml new file mode 100644 index 0000000000..2be93cc84f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shopengine-129b979d8e67fbc88666813fc32a0c22.yaml @@ -0,0 +1,58 @@ +id: shopengine-129b979d8e67fbc88666813fc32a0c22 + +info: + name: > + ShopEngine <= 4.1.1 - Cross-Site Request Forgery via get_product + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94abb34a-4451-4f41-ba23-d2a723e5a2e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shopengine/" + google-query: inurl:"/wp-content/plugins/shopengine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shopengine,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shopengine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shopengine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shopkeeper-extender-248ab13a1cecf5e500d9ad5e3403c1b5.yaml b/nuclei-templates/cve-less/plugins/shopkeeper-extender-248ab13a1cecf5e500d9ad5e3403c1b5.yaml new file mode 100644 index 0000000000..b129c06d87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shopkeeper-extender-248ab13a1cecf5e500d9ad5e3403c1b5.yaml @@ -0,0 +1,58 @@ +id: shopkeeper-extender-248ab13a1cecf5e500d9ad5e3403c1b5 + +info: + name: > + Shopkeeper Extender <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9f34195-fc03-4c3d-b25e-c9b9cf8ded3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shopkeeper-extender/" + google-query: inurl:"/wp-content/plugins/shopkeeper-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shopkeeper-extender,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shopkeeper-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shopkeeper-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shopp-aefb5230fce9985b540fe0a540e3c3be.yaml b/nuclei-templates/cve-less/plugins/shopp-aefb5230fce9985b540fe0a540e3c3be.yaml new file mode 100644 index 0000000000..67a1090da4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shopp-aefb5230fce9985b540fe0a540e3c3be.yaml @@ -0,0 +1,58 @@ +id: shopp-aefb5230fce9985b540fe0a540e3c3be + +info: + name: > + Shopp <= 1.4 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e83ad1b7-e7d6-41cd-87de-c98362e31879?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shopp/" + google-query: inurl:"/wp-content/plugins/shopp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shopp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shopp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shopp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shopping-pages-2cc21eace9abb2004f2ff03d1c79dbc9.yaml b/nuclei-templates/cve-less/plugins/shopping-pages-2cc21eace9abb2004f2ff03d1c79dbc9.yaml new file mode 100644 index 0000000000..4e15b9c30f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shopping-pages-2cc21eace9abb2004f2ff03d1c79dbc9.yaml @@ -0,0 +1,58 @@ +id: shopping-pages-2cc21eace9abb2004f2ff03d1c79dbc9 + +info: + name: > + WP Shopping Pages <= 1.14 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f20c7d3-8987-4dc0-9d97-98a29adbab85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shopping-pages/" + google-query: inurl:"/wp-content/plugins/shopping-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shopping-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shopping-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shopping-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-addons-51577bdf9a059e7edb1dda702623d2b6.yaml b/nuclei-templates/cve-less/plugins/shortcode-addons-51577bdf9a059e7edb1dda702623d2b6.yaml new file mode 100644 index 0000000000..7c70432a1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-addons-51577bdf9a059e7edb1dda702623d2b6.yaml @@ -0,0 +1,58 @@ +id: shortcode-addons-51577bdf9a059e7edb1dda702623d2b6 + +info: + name: > + Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.1.2 - Authenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56439ae3-bdbc-4c57-abf4-8c94dea8c6f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-addons/" + google-query: inurl:"/wp-content/plugins/shortcode-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-addons-a26b1ca65400b2d024a19fa1088625ac.yaml b/nuclei-templates/cve-less/plugins/shortcode-addons-a26b1ca65400b2d024a19fa1088625ac.yaml new file mode 100644 index 0000000000..8ad2f48a9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-addons-a26b1ca65400b2d024a19fa1088625ac.yaml @@ -0,0 +1,58 @@ +id: shortcode-addons-a26b1ca65400b2d024a19fa1088625ac + +info: + name: > + Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension <= 3.0.2 - Unauthenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fa5ba38-0b6f-4eec-aac1-1c3806f0d040?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-addons/" + google-query: inurl:"/wp-content/plugins/shortcode-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-addons-e51458c52ee75e442332748b235c894d.yaml b/nuclei-templates/cve-less/plugins/shortcode-addons-e51458c52ee75e442332748b235c894d.yaml new file mode 100644 index 0000000000..429fbb9619 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-addons-e51458c52ee75e442332748b235c894d.yaml @@ -0,0 +1,58 @@ +id: shortcode-addons-e51458c52ee75e442332748b235c894d + +info: + name: > + Shortcode Addons <= 3.2.5 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9addaa26-46b3-4fbf-8986-0b8c8f2dd286?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-addons/" + google-query: inurl:"/wp-content/plugins/shortcode-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-factory-0b1685f3bb7d2556abd3f8a3adda5904.yaml b/nuclei-templates/cve-less/plugins/shortcode-factory-0b1685f3bb7d2556abd3f8a3adda5904.yaml new file mode 100644 index 0000000000..4d5ace7b74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-factory-0b1685f3bb7d2556abd3f8a3adda5904.yaml @@ -0,0 +1,58 @@ +id: shortcode-factory-0b1685f3bb7d2556abd3f8a3adda5904 + +info: + name: > + Shortcode Factory <= 2.7 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b829b7a1-2891-402b-a48f-a7fb1202448e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-factory/" + google-query: inurl:"/wp-content/plugins/shortcode-factory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-factory,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-factory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-factory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-factory-d0a3ff8d18b2421520c07ab45424de7d.yaml b/nuclei-templates/cve-less/plugins/shortcode-factory-d0a3ff8d18b2421520c07ab45424de7d.yaml new file mode 100644 index 0000000000..44a136344d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-factory-d0a3ff8d18b2421520c07ab45424de7d.yaml @@ -0,0 +1,58 @@ +id: shortcode-factory-d0a3ff8d18b2421520c07ab45424de7d + +info: + name: > + Shortcode Factory <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a90e1628-3490-4aac-9e82-b3b9692813f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-factory/" + google-query: inurl:"/wp-content/plugins/shortcode-factory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-factory,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-factory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-factory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-for-font-awesome-a7ddbb09fcd7198bac10f4c61d87a90f.yaml b/nuclei-templates/cve-less/plugins/shortcode-for-font-awesome-a7ddbb09fcd7198bac10f4c61d87a90f.yaml new file mode 100644 index 0000000000..679d05a884 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-for-font-awesome-a7ddbb09fcd7198bac10f4c61d87a90f.yaml @@ -0,0 +1,58 @@ +id: shortcode-for-font-awesome-a7ddbb09fcd7198bac10f4c61d87a90f + +info: + name: > + Shortcode for Font Awesome <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8d06b5d-43b8-4dae-abe9-abe07a63528e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-for-font-awesome/" + google-query: inurl:"/wp-content/plugins/shortcode-for-font-awesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-for-font-awesome,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-for-font-awesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-for-font-awesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-1c68ed9adb5cb9e4bd046ceebf588774.yaml b/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-1c68ed9adb5cb9e4bd046ceebf588774.yaml new file mode 100644 index 0000000000..54b8971a44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-1c68ed9adb5cb9e4bd046ceebf588774.yaml @@ -0,0 +1,58 @@ +id: shortcode-gallery-for-matterport-showcase-1c68ed9adb5cb9e4bd046ceebf588774 + +info: + name: > + WP Matterport Shortcode <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b76ce38-d9ee-4998-ba3b-9f21158ce18a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-gallery-for-matterport-showcase/" + google-query: inurl:"/wp-content/plugins/shortcode-gallery-for-matterport-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-gallery-for-matterport-showcase,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-gallery-for-matterport-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-gallery-for-matterport-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-3e2e342247ff105c5df7ef4d8c77821d.yaml b/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-3e2e342247ff105c5df7ef4d8c77821d.yaml new file mode 100644 index 0000000000..d4d7588b0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-3e2e342247ff105c5df7ef4d8c77821d.yaml @@ -0,0 +1,58 @@ +id: shortcode-gallery-for-matterport-showcase-3e2e342247ff105c5df7ef4d8c77821d + +info: + name: > + WP Matterport Shortcode <= 2.1.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e03aeed-abb3-4ac8-8ff5-72ddc2430b94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-gallery-for-matterport-showcase/" + google-query: inurl:"/wp-content/plugins/shortcode-gallery-for-matterport-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-gallery-for-matterport-showcase,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-gallery-for-matterport-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-gallery-for-matterport-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-619a199c4aef0c8ec4b0e45c8c920810.yaml b/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-619a199c4aef0c8ec4b0e45c8c920810.yaml new file mode 100644 index 0000000000..00fe31ad3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-619a199c4aef0c8ec4b0e45c8c920810.yaml @@ -0,0 +1,58 @@ +id: shortcode-gallery-for-matterport-showcase-619a199c4aef0c8ec4b0e45c8c920810 + +info: + name: > + WP Matterport Shortcode <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/744310b2-ebe9-4dd5-8f18-6ba72c52dd61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-gallery-for-matterport-showcase/" + google-query: inurl:"/wp-content/plugins/shortcode-gallery-for-matterport-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-gallery-for-matterport-showcase,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-gallery-for-matterport-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-gallery-for-matterport-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-9ba37298cb6084c9a432846276355e13.yaml b/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-9ba37298cb6084c9a432846276355e13.yaml new file mode 100644 index 0000000000..2f5de1c794 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-gallery-for-matterport-showcase-9ba37298cb6084c9a432846276355e13.yaml @@ -0,0 +1,58 @@ +id: shortcode-gallery-for-matterport-showcase-9ba37298cb6084c9a432846276355e13 + +info: + name: > + WP Matterport Shortcode <= 2.1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af48906b-f7b2-45ec-b0c1-1ac521106759?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-gallery-for-matterport-showcase/" + google-query: inurl:"/wp-content/plugins/shortcode-gallery-for-matterport-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-gallery-for-matterport-showcase,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-gallery-for-matterport-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-gallery-for-matterport-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-imdb-05c667ea35f9abbc77504891932e218e.yaml b/nuclei-templates/cve-less/plugins/shortcode-imdb-05c667ea35f9abbc77504891932e218e.yaml new file mode 100644 index 0000000000..2684f3432c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-imdb-05c667ea35f9abbc77504891932e218e.yaml @@ -0,0 +1,58 @@ +id: shortcode-imdb-05c667ea35f9abbc77504891932e218e + +info: + name: > + Shortcode IMDB <= 6.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/088e0d77-06bf-4420-88fb-2c6f8051ece5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-imdb/" + google-query: inurl:"/wp-content/plugins/shortcode-imdb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-imdb,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-imdb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-imdb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-imdb-568ee8060d1c0b8a7ff761ffdaf606b0.yaml b/nuclei-templates/cve-less/plugins/shortcode-imdb-568ee8060d1c0b8a7ff761ffdaf606b0.yaml new file mode 100644 index 0000000000..c352b0c782 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-imdb-568ee8060d1c0b8a7ff761ffdaf606b0.yaml @@ -0,0 +1,58 @@ +id: shortcode-imdb-568ee8060d1c0b8a7ff761ffdaf606b0 + +info: + name: > + Shortcode IMDB <= 6.0.8 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ae6bf2e-b39a-4bb3-9203-22ff4c23ddf4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-imdb/" + google-query: inurl:"/wp-content/plugins/shortcode-imdb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-imdb,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-imdb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-imdb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-menu-0d3480d611d68322f3807ad912f13fa3.yaml b/nuclei-templates/cve-less/plugins/shortcode-menu-0d3480d611d68322f3807ad912f13fa3.yaml new file mode 100644 index 0000000000..39dbc6d0a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-menu-0d3480d611d68322f3807ad912f13fa3.yaml @@ -0,0 +1,58 @@ +id: shortcode-menu-0d3480d611d68322f3807ad912f13fa3 + +info: + name: > + Shortcode Menu <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/438b9c13-4059-4671-ab4a-07a8cf6f6122?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-menu/" + google-query: inurl:"/wp-content/plugins/shortcode-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-ninja-382f2dc0e3689fe8f1bed64d23fca41f.yaml b/nuclei-templates/cve-less/plugins/shortcode-ninja-382f2dc0e3689fe8f1bed64d23fca41f.yaml new file mode 100644 index 0000000000..2a687c5569 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-ninja-382f2dc0e3689fe8f1bed64d23fca41f.yaml @@ -0,0 +1,58 @@ +id: shortcode-ninja-382f2dc0e3689fe8f1bed64d23fca41f + +info: + name: > + Shortcode Ninja <= 1.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b51ebf-4ae6-45b6-9eb3-dcfaeb8a06bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-ninja/" + google-query: inurl:"/wp-content/plugins/shortcode-ninja/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-ninja,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-ninja/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-ninja" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-redirect-552fdceb70e178ef12665118f36af7cf.yaml b/nuclei-templates/cve-less/plugins/shortcode-redirect-552fdceb70e178ef12665118f36af7cf.yaml new file mode 100644 index 0000000000..0453ef2bfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-redirect-552fdceb70e178ef12665118f36af7cf.yaml @@ -0,0 +1,58 @@ +id: shortcode-redirect-552fdceb70e178ef12665118f36af7cf + +info: + name: > + Shortcode Redirect <= 1.0.01 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2821d32e-386b-4d6a-8079-b6b184d1d266?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-redirect/" + google-query: inurl:"/wp-content/plugins/shortcode-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-redirect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-3558264fbd3bd3c84b28ca0ff40cd986.yaml b/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-3558264fbd3bd3c84b28ca0ff40cd986.yaml new file mode 100644 index 0000000000..42fc75cf91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-3558264fbd3bd3c84b28ca0ff40cd986.yaml @@ -0,0 +1,58 @@ +id: shortcode-to-display-post-and-user-data-3558264fbd3bd3c84b28ca0ff40cd986 + +info: + name: > + Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Code Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0662c3a-5b82-4b9a-aa69-147094930d1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-to-display-post-and-user-data/" + google-query: inurl:"/wp-content/plugins/shortcode-to-display-post-and-user-data/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-to-display-post-and-user-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-to-display-post-and-user-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-6d61e0b46b881d3a5609918a45b30992.yaml b/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-6d61e0b46b881d3a5609918a45b30992.yaml new file mode 100644 index 0000000000..8abc6decd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-6d61e0b46b881d3a5609918a45b30992.yaml @@ -0,0 +1,58 @@ +id: shortcode-to-display-post-and-user-data-6d61e0b46b881d3a5609918a45b30992 + +info: + name: > + Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via vg_display_data + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3077b84e-87af-4307-83c5-0e4b15d07ff1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-to-display-post-and-user-data/" + google-query: inurl:"/wp-content/plugins/shortcode-to-display-post-and-user-data/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-to-display-post-and-user-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-to-display-post-and-user-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-a2374460bb7e70d55eb2c8c43ce8140b.yaml b/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-a2374460bb7e70d55eb2c8c43ce8140b.yaml new file mode 100644 index 0000000000..31688d90f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-a2374460bb7e70d55eb2c8c43ce8140b.yaml @@ -0,0 +1,58 @@ +id: shortcode-to-display-post-and-user-data-a2374460bb7e70d55eb2c8c43ce8140b + +info: + name: > + Display custom fields in the frontend – Post and User Profile Fields <= 1.2.0 - Missing Authorization via vg_display_data shortcode + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdf3b629-c1a2-4fdd-b7fc-d3550bd30857?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-to-display-post-and-user-data/" + google-query: inurl:"/wp-content/plugins/shortcode-to-display-post-and-user-data/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-to-display-post-and-user-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-to-display-post-and-user-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-a8aacb001d1b5ea46e16ff44cb2daa72.yaml b/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-a8aacb001d1b5ea46e16ff44cb2daa72.yaml new file mode 100644 index 0000000000..0b3690d7b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcode-to-display-post-and-user-data-a8aacb001d1b5ea46e16ff44cb2daa72.yaml @@ -0,0 +1,58 @@ +id: shortcode-to-display-post-and-user-data-a8aacb001d1b5ea46e16ff44cb2daa72 + +info: + name: > + Display custom fields in the frontend – Post and User Profile Fields <= 1.2.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Post Meta Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08d43c67-df40-4f1a-a351-803e59edee13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcode-to-display-post-and-user-data/" + google-query: inurl:"/wp-content/plugins/shortcode-to-display-post-and-user-data/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcode-to-display-post-and-user-data,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcode-to-display-post-and-user-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcode-to-display-post-and-user-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcoder-30441a12301c990d7aaae2342a03a490.yaml b/nuclei-templates/cve-less/plugins/shortcoder-30441a12301c990d7aaae2342a03a490.yaml new file mode 100644 index 0000000000..bb5eec836c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcoder-30441a12301c990d7aaae2342a03a490.yaml @@ -0,0 +1,58 @@ +id: shortcoder-30441a12301c990d7aaae2342a03a490 + +info: + name: > + Shortcoder <= 6.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a54ad0b4-b6e7-4eac-843e-261ec6c83d84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcoder/" + google-query: inurl:"/wp-content/plugins/shortcoder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcoder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcoder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcoder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-finder-0a2d3f8adac7ce1d181ce17764b6e0b6.yaml b/nuclei-templates/cve-less/plugins/shortcodes-finder-0a2d3f8adac7ce1d181ce17764b6e0b6.yaml new file mode 100644 index 0000000000..9883a6cd10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-finder-0a2d3f8adac7ce1d181ce17764b6e0b6.yaml @@ -0,0 +1,58 @@ +id: shortcodes-finder-0a2d3f8adac7ce1d181ce17764b6e0b6 + +info: + name: > + Shortcodes Finder <= 1.5.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/299c4290-dc7e-44fb-887e-e3e53d3c070b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-finder/" + google-query: inurl:"/wp-content/plugins/shortcodes-finder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-finder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-finder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-finder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-finder-f57a6c83ef919f8797158e43c847775c.yaml b/nuclei-templates/cve-less/plugins/shortcodes-finder-f57a6c83ef919f8797158e43c847775c.yaml new file mode 100644 index 0000000000..3e6bb65e14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-finder-f57a6c83ef919f8797158e43c847775c.yaml @@ -0,0 +1,58 @@ +id: shortcodes-finder-f57a6c83ef919f8797158e43c847775c + +info: + name: > + Shortcodes Finder <= 1.5.4 - Reflected Cross-Site Scripting via nonce + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8eb77a53-4aea-46c3-8eea-a16f728dfa23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-finder/" + google-query: inurl:"/wp-content/plugins/shortcodes-finder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-finder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-finder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-finder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ui-2dbf94e1363346187fd0d9415f21a87d.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ui-2dbf94e1363346187fd0d9415f21a87d.yaml new file mode 100644 index 0000000000..734ac8cb32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ui-2dbf94e1363346187fd0d9415f21a87d.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ui-2dbf94e1363346187fd0d9415f21a87d + +info: + name: > + ShortCodes UI <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6c14c65-a47c-4dc1-9d5a-f804061152e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ui/" + google-query: inurl:"/wp-content/plugins/shortcodes-ui/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ui,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ui/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ui" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ui-464b854a586427e5e143e4896c8caafc.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ui-464b854a586427e5e143e4896c8caafc.yaml new file mode 100644 index 0000000000..8f4315aa6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ui-464b854a586427e5e143e4896c8caafc.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ui-464b854a586427e5e143e4896c8caafc + +info: + name: > + ShortCodes UI <= 1.9.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90e69e43-597c-4c18-b581-d99dacefb9b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ui/" + google-query: inurl:"/wp-content/plugins/shortcodes-ui/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ui,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ui/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ui" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-0445de609fc885d2b170effe241e7510.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-0445de609fc885d2b170effe241e7510.yaml new file mode 100644 index 0000000000..8886a670dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-0445de609fc885d2b170effe241e7510.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-0445de609fc885d2b170effe241e7510 + +info: + name: > + Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bb6caf6-5676-49cd-8577-5a41b44b00c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.12.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-051c86487ea054ab8374342c3d7fd783.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-051c86487ea054ab8374342c3d7fd783.yaml new file mode 100644 index 0000000000..12993ccce2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-051c86487ea054ab8374342c3d7fd783.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-051c86487ea054ab8374342c3d7fd783 + +info: + name: > + Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Arbitrary Post Access via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2eddfe94-7232-4d3d-9f3a-f53fc476a012?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-235127c1445e6eee4f6de6fb13cf776e.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-235127c1445e6eee4f6de6fb13cf776e.yaml new file mode 100644 index 0000000000..e5378d5b65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-235127c1445e6eee4f6de6fb13cf776e.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-235127c1445e6eee4f6de6fb13cf776e + +info: + name: > + WordPress Shortcodes Plugin — Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e703d411-d608-43cc-8806-1d1e837cf797?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-2b8f19b8c01bfb1b9a5352e232b91e8f.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-2b8f19b8c01bfb1b9a5352e232b91e8f.yaml new file mode 100644 index 0000000000..592bb06165 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-2b8f19b8c01bfb1b9a5352e232b91e8f.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-2b8f19b8c01bfb1b9a5352e232b91e8f + +info: + name: > + Shortcodes Ultimate <= 5.12.6 - Authenticated (Subscriber+) Arbitrary File Read via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dad7348-39ba-4163-a5eb-939601645edb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.12.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-40c38cbf6914f34e30e735daee9d90f9.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-40c38cbf6914f34e30e735daee9d90f9.yaml new file mode 100644 index 0000000000..8a811d38ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-40c38cbf6914f34e30e735daee9d90f9.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-40c38cbf6914f34e30e735daee9d90f9 + +info: + name: > + Shortcodes Ultimate <= 7.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'note_color' Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bae6d3a-40eb-4af6-be4e-9bc6be1a4b07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-49026b84d0c7a958dfce935cb3d41d0b.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-49026b84d0c7a958dfce935cb3d41d0b.yaml new file mode 100644 index 0000000000..ccf4d56f15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-49026b84d0c7a958dfce935cb3d41d0b.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-49026b84d0c7a958dfce935cb3d41d0b + +info: + name: > + WordPress Shortcodes Plugin — Shortcodes Ultimate <= 5.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98f87769-d4e4-4e27-9acf-a4e52bdbf734?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-5f9c4587b984a64216df76781ce699a0.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-5f9c4587b984a64216df76781ce699a0.yaml new file mode 100644 index 0000000000..466865fb52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-5f9c4587b984a64216df76781ce699a0.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-5f9c4587b984a64216df76781ce699a0 + +info: + name: > + WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_qrcode Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96769a0e-d4a9-4196-8ded-b600046c0943?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-61bcaa4eb5a8e67da44b4e8cf864a6f5.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-61bcaa4eb5a8e67da44b4e8cf864a6f5.yaml new file mode 100644 index 0000000000..e346b5eaf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-61bcaa4eb5a8e67da44b4e8cf864a6f5.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-61bcaa4eb5a8e67da44b4e8cf864a6f5 + +info: + name: > + WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf7b0f1b-a6d3-4a96-adaa-0adeb6ea2efd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-6211c1f22472d646cc232f92f882834f.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-6211c1f22472d646cc232f92f882834f.yaml new file mode 100644 index 0000000000..d93c5037d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-6211c1f22472d646cc232f92f882834f.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-6211c1f22472d646cc232f92f882834f + +info: + name: > + Shortcodes Ultimate <= 5.12.6 - Authenticated (Contributor+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d449466d-e78a-48a3-8eff-90b56646dd6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.12.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-63222bd033aa9c6bf238fe6f7d23725d.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-63222bd033aa9c6bf238fe6f7d23725d.yaml new file mode 100644 index 0000000000..3861dfefa2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-63222bd033aa9c6bf238fe6f7d23725d.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-63222bd033aa9c6bf238fe6f7d23725d + +info: + name: > + WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/558e36f6-4678-46a2-8154-42770fbb5574?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.13.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-7485c7376b8dcdbe05490b2d21b9e0de.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-7485c7376b8dcdbe05490b2d21b9e0de.yaml new file mode 100644 index 0000000000..2e04586b5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-7485c7376b8dcdbe05490b2d21b9e0de.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-7485c7376b8dcdbe05490b2d21b9e0de + +info: + name: > + WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_lightbox + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71564eec-426a-46fa-b614-388bebae6ebd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-88b0cb27fd508341f3181a16f7fa23a3.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-88b0cb27fd508341f3181a16f7fa23a3.yaml new file mode 100644 index 0000000000..b5a20db4fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-88b0cb27fd508341f3181a16f7fa23a3.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-88b0cb27fd508341f3181a16f7fa23a3 + +info: + name: > + Shortcodes Ultimate <= 5.12.7 - Authenticated (Subscriber+) Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/144895c9-5800-435e-9f75-a8de17ca2d93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-9485da9dcc7a2c1f998297394d9f2737.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-9485da9dcc7a2c1f998297394d9f2737.yaml new file mode 100644 index 0000000000..51ace31758 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-9485da9dcc7a2c1f998297394d9f2737.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-9485da9dcc7a2c1f998297394d9f2737 + +info: + name: > + Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02540fe4-b690-46ab-b79b-a90c8d796ec4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-b0748dc23e38f40e5e4a1c508a030889.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-b0748dc23e38f40e5e4a1c508a030889.yaml new file mode 100644 index 0000000000..560ededba4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-b0748dc23e38f40e5e4a1c508a030889.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-b0748dc23e38f40e5e4a1c508a030889 + +info: + name: > + WordPress Shortcodes Plugin — Shortcodes Ultimate < 4.10.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58a4cb88-033e-48f4-b6fa-2a9754ab6a7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-b5878d0522eaa3cc7d6330e71db266d0.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-b5878d0522eaa3cc7d6330e71db266d0.yaml new file mode 100644 index 0000000000..9f8315b09c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-b5878d0522eaa3cc7d6330e71db266d0.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-b5878d0522eaa3cc7d6330e71db266d0 + +info: + name: > + WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d936a48-b300-4a41-8d28-ba34cb3c5cb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.13.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-cdab814f5acb52d3219d4930f7ee1f81.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-cdab814f5acb52d3219d4930f7ee1f81.yaml new file mode 100644 index 0000000000..7007a2dd40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-cdab814f5acb52d3219d4930f7ee1f81.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-cdab814f5acb52d3219d4930f7ee1f81 + +info: + name: > + WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8c043c-e347-4dc8-8a72-943a7e6c4394?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-dbe0cc2eb5dbae77d4244d0de7839b9b.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-dbe0cc2eb5dbae77d4244d0de7839b9b.yaml new file mode 100644 index 0000000000..b47f861598 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-dbe0cc2eb5dbae77d4244d0de7839b9b.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-dbe0cc2eb5dbae77d4244d0de7839b9b + +info: + name: > + Shortcodes Ultimate <= 5.12.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/431331aa-4d9f-41f2-a522-567bbd9b8831?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-dca1a97a6a5540d73d22b80fbffbb729.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-dca1a97a6a5540d73d22b80fbffbb729.yaml new file mode 100644 index 0000000000..3a2ceb0fd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-dca1a97a6a5540d73d22b80fbffbb729.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-dca1a97a6a5540d73d22b80fbffbb729 + +info: + name: > + WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50a89ad1-a3d0-49e3-8d2e-4cb81ac115ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-edf5537839b9111e9296303d5a76a556.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-edf5537839b9111e9296303d5a76a556.yaml new file mode 100644 index 0000000000..76c7e663e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-edf5537839b9111e9296303d5a76a556.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-edf5537839b9111e9296303d5a76a556 + +info: + name: > + WP Shortcodes Plugin — Shortcodes Ultimate <= 7.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_tooltip Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee03d780-076b-4501-a353-376198a4bd7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcodes-ultimate-f46955793d003bf5208172175382fed1.yaml b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-f46955793d003bf5208172175382fed1.yaml new file mode 100644 index 0000000000..fda960c010 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcodes-ultimate-f46955793d003bf5208172175382fed1.yaml @@ -0,0 +1,58 @@ +id: shortcodes-ultimate-f46955793d003bf5208172175382fed1 + +info: + name: > + Shortcodes Ultimate <= 7.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b6f6f93-4c24-4b81-bd5d-470f6dccab92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcodes-ultimate/" + google-query: inurl:"/wp-content/plugins/shortcodes-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcodes-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcodes-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcodes-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortcut-macros-7c4f098f276bb438e8b06c67cf08748e.yaml b/nuclei-templates/cve-less/plugins/shortcut-macros-7c4f098f276bb438e8b06c67cf08748e.yaml new file mode 100644 index 0000000000..0998c11fb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortcut-macros-7c4f098f276bb438e8b06c67cf08748e.yaml @@ -0,0 +1,58 @@ +id: shortcut-macros-7c4f098f276bb438e8b06c67cf08748e + +info: + name: > + Shortcut Macros <= 1.3 - Missing Authorization to Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/954ef157-ecd1-42bd-b288-d5866b9c11f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortcut-macros/" + google-query: inurl:"/wp-content/plugins/shortcut-macros/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortcut-macros,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortcut-macros/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortcut-macros" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shorten-url-1b17b31db5584b79d66232be582b7de6.yaml b/nuclei-templates/cve-less/plugins/shorten-url-1b17b31db5584b79d66232be582b7de6.yaml new file mode 100644 index 0000000000..2945edeef2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shorten-url-1b17b31db5584b79d66232be582b7de6.yaml @@ -0,0 +1,58 @@ +id: shorten-url-1b17b31db5584b79d66232be582b7de6 + +info: + name: > + Short URL <= 1.6.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95c5a219-0b04-424c-a3dd-d705b1b41ddc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shorten-url/" + google-query: inurl:"/wp-content/plugins/shorten-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shorten-url,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shorten-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shorten-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shorten-url-258545baa917b7571f477b428889162e.yaml b/nuclei-templates/cve-less/plugins/shorten-url-258545baa917b7571f477b428889162e.yaml new file mode 100644 index 0000000000..97ce385166 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shorten-url-258545baa917b7571f477b428889162e.yaml @@ -0,0 +1,58 @@ +id: shorten-url-258545baa917b7571f477b428889162e + +info: + name: > + Short URL <= 1.6.8 - Missing Authorization via multiple AJAX functions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a83061c0-d8d3-4dbe-bf2a-65350d17094b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shorten-url/" + google-query: inurl:"/wp-content/plugins/shorten-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shorten-url,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shorten-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shorten-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shorten-url-6098ffaf0f2018e72b2fddb1b0994b64.yaml b/nuclei-templates/cve-less/plugins/shorten-url-6098ffaf0f2018e72b2fddb1b0994b64.yaml new file mode 100644 index 0000000000..0ec78877c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shorten-url-6098ffaf0f2018e72b2fddb1b0994b64.yaml @@ -0,0 +1,58 @@ +id: shorten-url-6098ffaf0f2018e72b2fddb1b0994b64 + +info: + name: > + Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5f29f35-da79-4389-a0a5-a1be0b0b8996?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shorten-url/" + google-query: inurl:"/wp-content/plugins/shorten-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shorten-url,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shorten-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shorten-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shorten-url-b16f37785fe5e86af56a0da58078826e.yaml b/nuclei-templates/cve-less/plugins/shorten-url-b16f37785fe5e86af56a0da58078826e.yaml new file mode 100644 index 0000000000..e9c034e869 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shorten-url-b16f37785fe5e86af56a0da58078826e.yaml @@ -0,0 +1,58 @@ +id: shorten-url-b16f37785fe5e86af56a0da58078826e + +info: + name: > + Short URL <= 1.6.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e6d4ad1-0fcc-43d9-b997-126782718c28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shorten-url/" + google-query: inurl:"/wp-content/plugins/shorten-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shorten-url,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shorten-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shorten-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shorten-url-cd46d97404c66642d7eaa5afb0766ece.yaml b/nuclei-templates/cve-less/plugins/shorten-url-cd46d97404c66642d7eaa5afb0766ece.yaml new file mode 100644 index 0000000000..133f1e9a8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shorten-url-cd46d97404c66642d7eaa5afb0766ece.yaml @@ -0,0 +1,58 @@ +id: shorten-url-cd46d97404c66642d7eaa5afb0766ece + +info: + name: > + Short URL <= 1.6.4 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/814fcd67-9788-4392-8910-7a2bc8782fd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shorten-url/" + google-query: inurl:"/wp-content/plugins/shorten-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shorten-url,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shorten-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shorten-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shorten-url-ed44a5e289d05299409a4dd60c060b57.yaml b/nuclei-templates/cve-less/plugins/shorten-url-ed44a5e289d05299409a4dd60c060b57.yaml new file mode 100644 index 0000000000..b375d7ad43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shorten-url-ed44a5e289d05299409a4dd60c060b57.yaml @@ -0,0 +1,58 @@ +id: shorten-url-ed44a5e289d05299409a4dd60c060b57 + +info: + name: > + Short URL <= 1.6.4 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86908097-a5b2-427a-85c9-fbe29b519883?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shorten-url/" + google-query: inurl:"/wp-content/plugins/shorten-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shorten-url,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shorten-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shorten-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-0cf023eb74228b9523fd8b71152bf7de.yaml b/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-0cf023eb74228b9523fd8b71152bf7de.yaml new file mode 100644 index 0000000000..b27cdd5019 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-0cf023eb74228b9523fd8b71152bf7de.yaml @@ -0,0 +1,58 @@ +id: shortpixel-adaptive-images-0cf023eb74228b9523fd8b71152bf7de + +info: + name: > + ShortPixel Adaptive Images <= 3.8.2 - Missing Authorization in activate_ai_handler and deactivate_ai_handler + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e3110ae-5e82-4176-bf9d-6c56b13f9c27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortpixel-adaptive-images/" + google-query: inurl:"/wp-content/plugins/shortpixel-adaptive-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortpixel-adaptive-images,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortpixel-adaptive-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortpixel-adaptive-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-40682ba05fa0921516b4be5a1906460e.yaml b/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-40682ba05fa0921516b4be5a1906460e.yaml new file mode 100644 index 0000000000..882a7bf04e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-40682ba05fa0921516b4be5a1906460e.yaml @@ -0,0 +1,58 @@ +id: shortpixel-adaptive-images-40682ba05fa0921516b4be5a1906460e + +info: + name: > + ShortPixel Adaptive Images <= 3.6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acb8c11f-e175-4361-b016-e1ebc1713be0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortpixel-adaptive-images/" + google-query: inurl:"/wp-content/plugins/shortpixel-adaptive-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortpixel-adaptive-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortpixel-adaptive-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortpixel-adaptive-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-53f8d45b4de3c175288d6c924b71f816.yaml b/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-53f8d45b4de3c175288d6c924b71f816.yaml new file mode 100644 index 0000000000..4510895b9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-53f8d45b4de3c175288d6c924b71f816.yaml @@ -0,0 +1,58 @@ +id: shortpixel-adaptive-images-53f8d45b4de3c175288d6c924b71f816 + +info: + name: > + ShortPixel Adaptive Images <= 3.7.1 - Cross-Site Request Forgery via shortpixel_ai_handle_page_action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94ed918c-8f6f-4e1f-ab1d-e16632831951?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortpixel-adaptive-images/" + google-query: inurl:"/wp-content/plugins/shortpixel-adaptive-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortpixel-adaptive-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortpixel-adaptive-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortpixel-adaptive-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-a49400e133fec50151a4f33acb299a5e.yaml b/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-a49400e133fec50151a4f33acb299a5e.yaml new file mode 100644 index 0000000000..3873243000 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortpixel-adaptive-images-a49400e133fec50151a4f33acb299a5e.yaml @@ -0,0 +1,58 @@ +id: shortpixel-adaptive-images-a49400e133fec50151a4f33acb299a5e + +info: + name: > + ShortPixel Adaptive Images <= 3.3.1 - Subscriber+ Arbitrary Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/179751c8-a634-4a2e-be29-46be0aad79c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortpixel-adaptive-images/" + google-query: inurl:"/wp-content/plugins/shortpixel-adaptive-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortpixel-adaptive-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortpixel-adaptive-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortpixel-adaptive-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/shortpixel-critical-css-d937680a60653a1af5b2a6c9c069ec41.yaml b/nuclei-templates/cve-less/plugins/shortpixel-critical-css-d937680a60653a1af5b2a6c9c069ec41.yaml new file mode 100644 index 0000000000..17013ec665 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/shortpixel-critical-css-d937680a60653a1af5b2a6c9c069ec41.yaml @@ -0,0 +1,58 @@ +id: shortpixel-critical-css-d937680a60653a1af5b2a6c9c069ec41 + +info: + name: > + ShortPixel Critical CSS <= 1.0.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d4f0513-ac9c-4eaf-b3ce-3a7c47908ef7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/shortpixel-critical-css/" + google-query: inurl:"/wp-content/plugins/shortpixel-critical-css/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,shortpixel-critical-css,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/shortpixel-critical-css/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shortpixel-critical-css" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/show-all-comments-in-one-page-48a0237cfe1dbdec835c8ee992606292.yaml b/nuclei-templates/cve-less/plugins/show-all-comments-in-one-page-48a0237cfe1dbdec835c8ee992606292.yaml new file mode 100644 index 0000000000..c96d64b9d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/show-all-comments-in-one-page-48a0237cfe1dbdec835c8ee992606292.yaml @@ -0,0 +1,58 @@ +id: show-all-comments-in-one-page-48a0237cfe1dbdec835c8ee992606292 + +info: + name: > + Show All Comments <= 7.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba385261-bee2-491d-9b31-a1624d740dff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/show-all-comments-in-one-page/" + google-query: inurl:"/wp-content/plugins/show-all-comments-in-one-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,show-all-comments-in-one-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/show-all-comments-in-one-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "show-all-comments-in-one-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/show-hidecollapse-expand-de70b1243fed8f47eec92e24941c2439.yaml b/nuclei-templates/cve-less/plugins/show-hidecollapse-expand-de70b1243fed8f47eec92e24941c2439.yaml new file mode 100644 index 0000000000..f66e83a914 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/show-hidecollapse-expand-de70b1243fed8f47eec92e24941c2439.yaml @@ -0,0 +1,58 @@ +id: show-hidecollapse-expand-de70b1243fed8f47eec92e24941c2439 + +info: + name: > + Show-Hide / Collapse-Expand <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/192b5920-5405-49b8-8224-3afb36f3f816?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/show-hidecollapse-expand/" + google-query: inurl:"/wp-content/plugins/show-hidecollapse-expand/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,show-hidecollapse-expand,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/show-hidecollapse-expand/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "show-hidecollapse-expand" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/show-posts-0e821b289513241b63396beff87653b4.yaml b/nuclei-templates/cve-less/plugins/show-posts-0e821b289513241b63396beff87653b4.yaml new file mode 100644 index 0000000000..416de4263b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/show-posts-0e821b289513241b63396beff87653b4.yaml @@ -0,0 +1,58 @@ +id: show-posts-0e821b289513241b63396beff87653b4 + +info: + name: > + Weaver Show Posts <= 1.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8647c44-4879-4895-bd07-19f7d62a7326?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/show-posts/" + google-query: inurl:"/wp-content/plugins/show-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,show-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/show-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "show-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/showbizpro-1cb173d5c34f023836f0c32128d87847.yaml b/nuclei-templates/cve-less/plugins/showbizpro-1cb173d5c34f023836f0c32128d87847.yaml new file mode 100644 index 0000000000..8c18052093 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/showbizpro-1cb173d5c34f023836f0c32128d87847.yaml @@ -0,0 +1,58 @@ +id: showbizpro-1cb173d5c34f023836f0c32128d87847 + +info: + name: > + Showbiz Pro Responsive Teaser WordPress Plugin <= 1.7.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05431aaa-5d8f-422c-b7ce-955a778f7f55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/showbizpro/" + google-query: inurl:"/wp-content/plugins/showbizpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,showbizpro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/showbizpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "showbizpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/showbizpro-21b56747ef932af6a293d705a4f1c993.yaml b/nuclei-templates/cve-less/plugins/showbizpro-21b56747ef932af6a293d705a4f1c993.yaml new file mode 100644 index 0000000000..2d545c85ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/showbizpro-21b56747ef932af6a293d705a4f1c993.yaml @@ -0,0 +1,58 @@ +id: showbizpro-21b56747ef932af6a293d705a4f1c993 + +info: + name: > + Slider Revolution < 3.0.96 & Showbiz Pro < 1.7.1 - Missing Authorization to Arbitrary File Upload + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28cb96a9-12bd-4d9c-ac53-72e81d11b0b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/showbizpro/" + google-query: inurl:"/wp-content/plugins/showbizpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,showbizpro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/showbizpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "showbizpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/si-captcha-for-wordpress-f1dda6bcbed7eecbc2cee8a7403b412e.yaml b/nuclei-templates/cve-less/plugins/si-captcha-for-wordpress-f1dda6bcbed7eecbc2cee8a7403b412e.yaml new file mode 100644 index 0000000000..452fa14cec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/si-captcha-for-wordpress-f1dda6bcbed7eecbc2cee8a7403b412e.yaml @@ -0,0 +1,58 @@ +id: si-captcha-for-wordpress-f1dda6bcbed7eecbc2cee8a7403b412e + +info: + name: > + SI CAPTCHA Anti-Spam < 2.7.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7d80a23-f55d-4ab8-b139-daf5bc436d4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/si-captcha-for-wordpress/" + google-query: inurl:"/wp-content/plugins/si-captcha-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,si-captcha-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/si-captcha-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "si-captcha-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/si-contact-form-503833e43a0634ab7984563e9c441bb9.yaml b/nuclei-templates/cve-less/plugins/si-contact-form-503833e43a0634ab7984563e9c441bb9.yaml new file mode 100644 index 0000000000..75d0b9d976 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/si-contact-form-503833e43a0634ab7984563e9c441bb9.yaml @@ -0,0 +1,58 @@ +id: si-contact-form-503833e43a0634ab7984563e9c441bb9 + +info: + name: > + Fast Secure Contact Form <= 4.0.37 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e21524e-2470-49e1-983a-a62a0ae478f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/si-contact-form/" + google-query: inurl:"/wp-content/plugins/si-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,si-contact-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/si-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "si-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/side-cart-woocommerce-5dc88e8bebac4fb35e29ff329ac029fd.yaml b/nuclei-templates/cve-less/plugins/side-cart-woocommerce-5dc88e8bebac4fb35e29ff329ac029fd.yaml new file mode 100644 index 0000000000..8d8d5708b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/side-cart-woocommerce-5dc88e8bebac4fb35e29ff329ac029fd.yaml @@ -0,0 +1,58 @@ +id: side-cart-woocommerce-5dc88e8bebac4fb35e29ff329ac029fd + +info: + name: > + Side Cart Woocommerce (Ajax) <= 2.0 - Cross-Site Request Forgery to Arbitrary Options Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec281e0d-0217-4cdd-af31-71158bb3a25d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/side-cart-woocommerce/" + google-query: inurl:"/wp-content/plugins/side-cart-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,side-cart-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/side-cart-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "side-cart-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/side-cart-woocommerce-d432100581e1c6943b259719e2daead5.yaml b/nuclei-templates/cve-less/plugins/side-cart-woocommerce-d432100581e1c6943b259719e2daead5.yaml new file mode 100644 index 0000000000..8c6f715a54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/side-cart-woocommerce-d432100581e1c6943b259719e2daead5.yaml @@ -0,0 +1,58 @@ +id: side-cart-woocommerce-d432100581e1c6943b259719e2daead5 + +info: + name: > + Side Cart Woocommerce (Ajax) <= 2.2 Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca08679-6aed-46c5-823c-6144112eed02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/side-cart-woocommerce/" + google-query: inurl:"/wp-content/plugins/side-cart-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,side-cart-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/side-cart-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "side-cart-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/side-cart-woocommerce-ef1305fc1419b96443cd5e83467ca803.yaml b/nuclei-templates/cve-less/plugins/side-cart-woocommerce-ef1305fc1419b96443cd5e83467ca803.yaml new file mode 100644 index 0000000000..1222502e91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/side-cart-woocommerce-ef1305fc1419b96443cd5e83467ca803.yaml @@ -0,0 +1,58 @@ +id: side-cart-woocommerce-ef1305fc1419b96443cd5e83467ca803 + +info: + name: > + Side Cart Woocommerce (Ajax) < 2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67d2364c-6c8b-4b30-8a0e-2f9ee94a3c26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/side-cart-woocommerce/" + google-query: inurl:"/wp-content/plugins/side-cart-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,side-cart-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/side-cart-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "side-cart-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/side-menu-5f3c1d80f50fc6780cc9be3d160231a8.yaml b/nuclei-templates/cve-less/plugins/side-menu-5f3c1d80f50fc6780cc9be3d160231a8.yaml new file mode 100644 index 0000000000..4df34eeed8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/side-menu-5f3c1d80f50fc6780cc9be3d160231a8.yaml @@ -0,0 +1,58 @@ +id: side-menu-5f3c1d80f50fc6780cc9be3d160231a8 + +info: + name: > + Side Menu – add fixed side buttons <= 3.1.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b821fb6-abc5-411f-ad6b-00b20954142c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/side-menu/" + google-query: inurl:"/wp-content/plugins/side-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,side-menu,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/side-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "side-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/side-menu-lite-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/side-menu-lite-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..13be74acea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/side-menu-lite-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: side-menu-lite-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/side-menu-lite/" + google-query: inurl:"/wp-content/plugins/side-menu-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,side-menu-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/side-menu-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "side-menu-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/side-menu-lite-081b5b67d5d1d150a8961aa511991ad2.yaml b/nuclei-templates/cve-less/plugins/side-menu-lite-081b5b67d5d1d150a8961aa511991ad2.yaml new file mode 100644 index 0000000000..4669b73707 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/side-menu-lite-081b5b67d5d1d150a8961aa511991ad2.yaml @@ -0,0 +1,58 @@ +id: side-menu-lite-081b5b67d5d1d150a8961aa511991ad2 + +info: + name: > + Side Menu Lite – add sticky fixed buttons <= 4.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46aa3df1-d6ef-4614-b1cc-a4c9baa8d1c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/side-menu-lite/" + google-query: inurl:"/wp-content/plugins/side-menu-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,side-menu-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/side-menu-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "side-menu-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/side-menu-lite-58b47ebea36b65f50bab513dec8fd081.yaml b/nuclei-templates/cve-less/plugins/side-menu-lite-58b47ebea36b65f50bab513dec8fd081.yaml new file mode 100644 index 0000000000..96ce1394c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/side-menu-lite-58b47ebea36b65f50bab513dec8fd081.yaml @@ -0,0 +1,58 @@ +id: side-menu-lite-58b47ebea36b65f50bab513dec8fd081 + +info: + name: > + Side Menu Lite - add sticky fixed buttons < 2.2.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93ef0a2c-2197-4c23-b5c4-5a94bd44130d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/side-menu-lite/" + google-query: inurl:"/wp-content/plugins/side-menu-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,side-menu-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/side-menu-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "side-menu-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/side-menu-lite-fdccd6b56f7fe69b11c256c29780a2ae.yaml b/nuclei-templates/cve-less/plugins/side-menu-lite-fdccd6b56f7fe69b11c256c29780a2ae.yaml new file mode 100644 index 0000000000..9e29a9b50a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/side-menu-lite-fdccd6b56f7fe69b11c256c29780a2ae.yaml @@ -0,0 +1,58 @@ +id: side-menu-lite-fdccd6b56f7fe69b11c256c29780a2ae + +info: + name: > + Side Menu Lite <= 4.0 - Cross-Site Request Forgery to Item Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/799b1f12-05f3-4b8b-9e1f-45c676e4f2a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/side-menu-lite/" + google-query: inurl:"/wp-content/plugins/side-menu-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,side-menu-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/side-menu-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "side-menu-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/side-menu-lite-fe8e75c60168f65685f1418c9d95c3e6.yaml b/nuclei-templates/cve-less/plugins/side-menu-lite-fe8e75c60168f65685f1418c9d95c3e6.yaml new file mode 100644 index 0000000000..8c3c222d5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/side-menu-lite-fe8e75c60168f65685f1418c9d95c3e6.yaml @@ -0,0 +1,58 @@ +id: side-menu-lite-fe8e75c60168f65685f1418c9d95c3e6 + +info: + name: > + Side Menu Lite <= 2.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ba22ed2-4cc2-4e1e-a475-a697a8bb697d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/side-menu-lite/" + google-query: inurl:"/wp-content/plugins/side-menu-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,side-menu-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/side-menu-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "side-menu-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sidebar-adder-eefcf68c0de93fc8b650bb6a4fb470d9.yaml b/nuclei-templates/cve-less/plugins/sidebar-adder-eefcf68c0de93fc8b650bb6a4fb470d9.yaml new file mode 100644 index 0000000000..0ab51ed5a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sidebar-adder-eefcf68c0de93fc8b650bb6a4fb470d9.yaml @@ -0,0 +1,58 @@ +id: sidebar-adder-eefcf68c0de93fc8b650bb6a4fb470d9 + +info: + name: > + Sidebar Adder 2 <= 2.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88622945-9a55-4e44-86e3-f111b9490aa8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sidebar-adder/" + google-query: inurl:"/wp-content/plugins/sidebar-adder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sidebar-adder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sidebar-adder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sidebar-adder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sidebar-manager-8fe609dfcf914f85364a28e0762bd9d8.yaml b/nuclei-templates/cve-less/plugins/sidebar-manager-8fe609dfcf914f85364a28e0762bd9d8.yaml new file mode 100644 index 0000000000..e3474b47fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sidebar-manager-8fe609dfcf914f85364a28e0762bd9d8.yaml @@ -0,0 +1,58 @@ +id: sidebar-manager-8fe609dfcf914f85364a28e0762bd9d8 + +info: + name: > + Lightweight Sidebar Manager <= 1.1.4 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/844c5012-f823-46ae-8de2-e2803b7cd063?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sidebar-manager/" + google-query: inurl:"/wp-content/plugins/sidebar-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sidebar-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sidebar-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sidebar-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sideblog-85bcd61b96548b75a4bebce0af8ade18.yaml b/nuclei-templates/cve-less/plugins/sideblog-85bcd61b96548b75a4bebce0af8ade18.yaml new file mode 100644 index 0000000000..8b1fe1fdd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sideblog-85bcd61b96548b75a4bebce0af8ade18.yaml @@ -0,0 +1,58 @@ +id: sideblog-85bcd61b96548b75a4bebce0af8ade18 + +info: + name: > + Sideblog WordPress Plugin <= 6.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8df77bb7-4453-403d-8d35-66251f6d399c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sideblog/" + google-query: inurl:"/wp-content/plugins/sideblog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sideblog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sideblog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sideblog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sign-up-sheets-20e759b7f6b75ab3b1e69a94701cd5a5.yaml b/nuclei-templates/cve-less/plugins/sign-up-sheets-20e759b7f6b75ab3b1e69a94701cd5a5.yaml new file mode 100644 index 0000000000..1cd88bc456 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sign-up-sheets-20e759b7f6b75ab3b1e69a94701cd5a5.yaml @@ -0,0 +1,58 @@ +id: sign-up-sheets-20e759b7f6b75ab3b1e69a94701cd5a5 + +info: + name: > + Sign-up Sheets <= 2.2.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9999301a-002d-441b-bd66-6b7f4c46a8bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sign-up-sheets/" + google-query: inurl:"/wp-content/plugins/sign-up-sheets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sign-up-sheets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sign-up-sheets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sign-up-sheets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sign-up-sheets-56fc7e10ac8b22881c3f0ca008407e33.yaml b/nuclei-templates/cve-less/plugins/sign-up-sheets-56fc7e10ac8b22881c3f0ca008407e33.yaml new file mode 100644 index 0000000000..91e7a89465 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sign-up-sheets-56fc7e10ac8b22881c3f0ca008407e33.yaml @@ -0,0 +1,58 @@ +id: sign-up-sheets-56fc7e10ac8b22881c3f0ca008407e33 + +info: + name: > + Sign-up Sheets <= 1.0.13 - Authenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f0e19bc-cc1f-4804-ae81-8aa7905ce037?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sign-up-sheets/" + google-query: inurl:"/wp-content/plugins/sign-up-sheets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sign-up-sheets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sign-up-sheets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sign-up-sheets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sign-up-sheets-c68fc62b3d163e900a125613050369e5.yaml b/nuclei-templates/cve-less/plugins/sign-up-sheets-c68fc62b3d163e900a125613050369e5.yaml new file mode 100644 index 0000000000..61f4fa82d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sign-up-sheets-c68fc62b3d163e900a125613050369e5.yaml @@ -0,0 +1,58 @@ +id: sign-up-sheets-c68fc62b3d163e900a125613050369e5 + +info: + name: > + Sign-up Sheets <= 2.2.11.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a38e649d-00ad-4198-a96a-e280bc810cff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sign-up-sheets/" + google-query: inurl:"/wp-content/plugins/sign-up-sheets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sign-up-sheets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sign-up-sheets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sign-up-sheets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sign-up-sheets-df5624fcfc60e06a94f15a6af052be53.yaml b/nuclei-templates/cve-less/plugins/sign-up-sheets-df5624fcfc60e06a94f15a6af052be53.yaml new file mode 100644 index 0000000000..04b05e3034 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sign-up-sheets-df5624fcfc60e06a94f15a6af052be53.yaml @@ -0,0 +1,58 @@ +id: sign-up-sheets-df5624fcfc60e06a94f15a6af052be53 + +info: + name: > + Sign-up Sheets <= 1.0.13 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f371feb6-93ae-4759-ab44-d58106093290?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sign-up-sheets/" + google-query: inurl:"/wp-content/plugins/sign-up-sheets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sign-up-sheets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sign-up-sheets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sign-up-sheets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/similar-posts-004512741c42cbbce92c569c825c6150.yaml b/nuclei-templates/cve-less/plugins/similar-posts-004512741c42cbbce92c569c825c6150.yaml new file mode 100644 index 0000000000..7b59577a2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/similar-posts-004512741c42cbbce92c569c825c6150.yaml @@ -0,0 +1,58 @@ +id: similar-posts-004512741c42cbbce92c569c825c6150 + +info: + name: > + Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e08c3db4-6353-4bca-ab89-af46e5a0a128?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/similar-posts/" + google-query: inurl:"/wp-content/plugins/similar-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,similar-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/similar-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "similar-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/similar-posts-2474a94365b10412bcdef71534b7cdd2.yaml b/nuclei-templates/cve-less/plugins/similar-posts-2474a94365b10412bcdef71534b7cdd2.yaml new file mode 100644 index 0000000000..e69123e792 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/similar-posts-2474a94365b10412bcdef71534b7cdd2.yaml @@ -0,0 +1,58 @@ +id: similar-posts-2474a94365b10412bcdef71534b7cdd2 + +info: + name: > + Similar Posts – Best Related Posts Plugin for WordPress <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb1cf9f1-7b87-4690-80db-0d4b3ccd98f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/similar-posts/" + google-query: inurl:"/wp-content/plugins/similar-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,similar-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/similar-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "similar-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simpel-reserveren-ff7129c5c489e7620ff9948f47fc6a7b.yaml b/nuclei-templates/cve-less/plugins/simpel-reserveren-ff7129c5c489e7620ff9948f47fc6a7b.yaml new file mode 100644 index 0000000000..00443fb53d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simpel-reserveren-ff7129c5c489e7620ff9948f47fc6a7b.yaml @@ -0,0 +1,58 @@ +id: simpel-reserveren-ff7129c5c489e7620ff9948f47fc6a7b + +info: + name: > + Simpel Reserveren 3 <= 3.5.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d443d5f-ccf7-4eed-a5cb-ead0466a9d42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simpel-reserveren/" + google-query: inurl:"/wp-content/plugins/simpel-reserveren/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simpel-reserveren,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simpel-reserveren/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simpel-reserveren" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-301-redirects-0a3a5e7befa978af91189dd0693b7678.yaml b/nuclei-templates/cve-less/plugins/simple-301-redirects-0a3a5e7befa978af91189dd0693b7678.yaml new file mode 100644 index 0000000000..3e429f100a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-301-redirects-0a3a5e7befa978af91189dd0693b7678.yaml @@ -0,0 +1,58 @@ +id: simple-301-redirects-0a3a5e7befa978af91189dd0693b7678 + +info: + name: > + Simple 301 Redirects by BetterLinks <= 2.0.7 - Missing Authorization via clicked + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddacd612-0cd5-4b07-9184-bec6f1adbb4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-301-redirects/" + google-query: inurl:"/wp-content/plugins/simple-301-redirects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-301-redirects,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-301-redirects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-301-redirects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-301-redirects-129397ab97060ab9e51308f171e27b82.yaml b/nuclei-templates/cve-less/plugins/simple-301-redirects-129397ab97060ab9e51308f171e27b82.yaml new file mode 100644 index 0000000000..dbd2edb3d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-301-redirects-129397ab97060ab9e51308f171e27b82.yaml @@ -0,0 +1,58 @@ +id: simple-301-redirects-129397ab97060ab9e51308f171e27b82 + +info: + name: > + Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/931e83b6-b05a-4f48-a159-e15cc99e0fe4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-301-redirects/" + google-query: inurl:"/wp-content/plugins/simple-301-redirects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-301-redirects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-301-redirects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-301-redirects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-301-redirects-92f8dddef0caee0f45322f38c33da40e.yaml b/nuclei-templates/cve-less/plugins/simple-301-redirects-92f8dddef0caee0f45322f38c33da40e.yaml new file mode 100644 index 0000000000..3a747a798d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-301-redirects-92f8dddef0caee0f45322f38c33da40e.yaml @@ -0,0 +1,58 @@ +id: simple-301-redirects-92f8dddef0caee0f45322f38c33da40e + +info: + name: > + Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b02ca3a1-4e85-4bc3-a5f6-a02bec6bddef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-301-redirects/" + google-query: inurl:"/wp-content/plugins/simple-301-redirects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-301-redirects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-301-redirects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-301-redirects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-301-redirects-addon-bulk-uploader-3c9cb9c40163b96bf6d0686c6178a29c.yaml b/nuclei-templates/cve-less/plugins/simple-301-redirects-addon-bulk-uploader-3c9cb9c40163b96bf6d0686c6178a29c.yaml new file mode 100644 index 0000000000..37b1e2f2ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-301-redirects-addon-bulk-uploader-3c9cb9c40163b96bf6d0686c6178a29c.yaml @@ -0,0 +1,58 @@ +id: simple-301-redirects-addon-bulk-uploader-3c9cb9c40163b96bf6d0686c6178a29c + +info: + name: > + Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c94f47a-4a1b-434c-b446-0ff1a7290e16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-301-redirects-addon-bulk-uploader/" + google-query: inurl:"/wp-content/plugins/simple-301-redirects-addon-bulk-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-301-redirects-addon-bulk-uploader,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-301-redirects-addon-bulk-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-301-redirects-addon-bulk-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-301-redirects-addon-bulk-uploader-561657a1d8eb71d24910435f19187999.yaml b/nuclei-templates/cve-less/plugins/simple-301-redirects-addon-bulk-uploader-561657a1d8eb71d24910435f19187999.yaml new file mode 100644 index 0000000000..ff65f73dcd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-301-redirects-addon-bulk-uploader-561657a1d8eb71d24910435f19187999.yaml @@ -0,0 +1,58 @@ +id: simple-301-redirects-addon-bulk-uploader-561657a1d8eb71d24910435f19187999 + +info: + name: > + Simple 301 Redirects Addon Bulk Uploader <= 1.2.4 - Missing Authentication on Option Changes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcabc099-ef35-4dcd-ba53-ef20a0ad1abc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-301-redirects-addon-bulk-uploader/" + google-query: inurl:"/wp-content/plugins/simple-301-redirects-addon-bulk-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-301-redirects-addon-bulk-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-301-redirects-addon-bulk-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-301-redirects-addon-bulk-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-301-redirects-da9748807dbda454b45fa581681ad9a2.yaml b/nuclei-templates/cve-less/plugins/simple-301-redirects-da9748807dbda454b45fa581681ad9a2.yaml new file mode 100644 index 0000000000..46ebceaf71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-301-redirects-da9748807dbda454b45fa581681ad9a2.yaml @@ -0,0 +1,58 @@ +id: simple-301-redirects-da9748807dbda454b45fa581681ad9a2 + +info: + name: > + Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Arbitrary Plugin Installation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a971c80b-c71a-4c58-8291-c8918af034d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-301-redirects/" + google-query: inurl:"/wp-content/plugins/simple-301-redirects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-301-redirects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-301-redirects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-301-redirects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-301-redirects-dfc0dcf8b3d813272459721cf312f589.yaml b/nuclei-templates/cve-less/plugins/simple-301-redirects-dfc0dcf8b3d813272459721cf312f589.yaml new file mode 100644 index 0000000000..e9fdfb5f4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-301-redirects-dfc0dcf8b3d813272459721cf312f589.yaml @@ -0,0 +1,58 @@ +id: simple-301-redirects-dfc0dcf8b3d813272459721cf312f589 + +info: + name: > + Simple 301 Redirects 2.0.0 - 2.0.3 - Unauthenticated Redirect Import + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5f19184-60ff-4cf9-85c3-86a6c84a2a63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-301-redirects/" + google-query: inurl:"/wp-content/plugins/simple-301-redirects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-301-redirects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-301-redirects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-301-redirects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-301-redirects-f2f204b71c27258d8bc3636a9cf0d080.yaml b/nuclei-templates/cve-less/plugins/simple-301-redirects-f2f204b71c27258d8bc3636a9cf0d080.yaml new file mode 100644 index 0000000000..dfac10e3e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-301-redirects-f2f204b71c27258d8bc3636a9cf0d080.yaml @@ -0,0 +1,58 @@ +id: simple-301-redirects-f2f204b71c27258d8bc3636a9cf0d080 + +info: + name: > + Simple 301 Redirects 2.0.0 - 2.0.3 - Authenticated Wildcard Activation and Retrieval + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a2124be-358c-47af-97c2-02afbed91a3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-301-redirects/" + google-query: inurl:"/wp-content/plugins/simple-301-redirects/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-301-redirects,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-301-redirects/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-301-redirects" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-add-pages-or-posts-268fe7ccb3ae756c66592ca513b99e93.yaml b/nuclei-templates/cve-less/plugins/simple-add-pages-or-posts-268fe7ccb3ae756c66592ca513b99e93.yaml new file mode 100644 index 0000000000..f5ceaeae86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-add-pages-or-posts-268fe7ccb3ae756c66592ca513b99e93.yaml @@ -0,0 +1,58 @@ +id: simple-add-pages-or-posts-268fe7ccb3ae756c66592ca513b99e93 + +info: + name: > + Simple add pages or posts < 1.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3e340b8-4eed-4622-b7c4-73d5bafb7e8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-add-pages-or-posts/" + google-query: inurl:"/wp-content/plugins/simple-add-pages-or-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-add-pages-or-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-add-pages-or-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-add-pages-or-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-ads-manager-09660999cf2e1317d729c3b722d62caa.yaml b/nuclei-templates/cve-less/plugins/simple-ads-manager-09660999cf2e1317d729c3b722d62caa.yaml new file mode 100644 index 0000000000..cbc1f474e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-ads-manager-09660999cf2e1317d729c3b722d62caa.yaml @@ -0,0 +1,58 @@ +id: simple-ads-manager-09660999cf2e1317d729c3b722d62caa + +info: + name: > + Simple Ads Manager <= 2.5.94 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8621bc52-3a71-4e01-9823-129ce0831ec4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-ads-manager/" + google-query: inurl:"/wp-content/plugins/simple-ads-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-ads-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-ads-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-ads-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.94') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-ads-manager-c16d7e5e9f240793779b7bb14373632e.yaml b/nuclei-templates/cve-less/plugins/simple-ads-manager-c16d7e5e9f240793779b7bb14373632e.yaml new file mode 100644 index 0000000000..c4116310cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-ads-manager-c16d7e5e9f240793779b7bb14373632e.yaml @@ -0,0 +1,58 @@ +id: simple-ads-manager-c16d7e5e9f240793779b7bb14373632e + +info: + name: > + Simple Ads Manager 2.5.94 & 2.5.96 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd2dcc09-7de5-489a-95a5-e82cb88d8cbb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-ads-manager/" + google-query: inurl:"/wp-content/plugins/simple-ads-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-ads-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-ads-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-ads-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.5.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-ads-manager-eea091db60550f784f9a2d189bb3b4f1.yaml b/nuclei-templates/cve-less/plugins/simple-ads-manager-eea091db60550f784f9a2d189bb3b4f1.yaml new file mode 100644 index 0000000000..0946475ab7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-ads-manager-eea091db60550f784f9a2d189bb3b4f1.yaml @@ -0,0 +1,58 @@ +id: simple-ads-manager-eea091db60550f784f9a2d189bb3b4f1 + +info: + name: > + Simple Ads Manager < 2.7.97 - Multiple SQL Injections + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1829b4b7-5042-4972-ad05-e9a7adbf3026?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-ads-manager/" + google-query: inurl:"/wp-content/plugins/simple-ads-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-ads-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-ads-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-ads-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.97') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-ajax-chat-1bbd8f2ed08db0b77690cb0df76fdffe.yaml b/nuclei-templates/cve-less/plugins/simple-ajax-chat-1bbd8f2ed08db0b77690cb0df76fdffe.yaml new file mode 100644 index 0000000000..bb8696515f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-ajax-chat-1bbd8f2ed08db0b77690cb0df76fdffe.yaml @@ -0,0 +1,58 @@ +id: simple-ajax-chat-1bbd8f2ed08db0b77690cb0df76fdffe + +info: + name: > + Simple Ajax Chat <= 20220115 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6e2ab69-2714-4bf9-a9ad-035fc15450f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-ajax-chat/" + google-query: inurl:"/wp-content/plugins/simple-ajax-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-ajax-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-ajax-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-ajax-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20220115') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-ajax-chat-2181575a0cd142c1833c1ffdc36fbeb4.yaml b/nuclei-templates/cve-less/plugins/simple-ajax-chat-2181575a0cd142c1833c1ffdc36fbeb4.yaml new file mode 100644 index 0000000000..fb373ef5a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-ajax-chat-2181575a0cd142c1833c1ffdc36fbeb4.yaml @@ -0,0 +1,58 @@ +id: simple-ajax-chat-2181575a0cd142c1833c1ffdc36fbeb4 + +info: + name: > + Simple Ajax Chat <= 20220115 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06a7e784-49c3-44fd-882b-c76ab8d871e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-ajax-chat/" + google-query: inurl:"/wp-content/plugins/simple-ajax-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-ajax-chat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-ajax-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-ajax-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20220115') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-ajax-chat-6d7a079131a28ced1afc399eed5de96c.yaml b/nuclei-templates/cve-less/plugins/simple-ajax-chat-6d7a079131a28ced1afc399eed5de96c.yaml new file mode 100644 index 0000000000..8f68729381 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-ajax-chat-6d7a079131a28ced1afc399eed5de96c.yaml @@ -0,0 +1,58 @@ +id: simple-ajax-chat-6d7a079131a28ced1afc399eed5de96c + +info: + name: > + Simple Ajax Chat <= 20231101 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e9e0214-b88e-4125-8c10-850ca736e920?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-ajax-chat/" + google-query: inurl:"/wp-content/plugins/simple-ajax-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-ajax-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-ajax-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-ajax-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20231101') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-ajax-chat-8097ab26da9158c6ac8991a667833327.yaml b/nuclei-templates/cve-less/plugins/simple-ajax-chat-8097ab26da9158c6ac8991a667833327.yaml new file mode 100644 index 0000000000..27471c8a0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-ajax-chat-8097ab26da9158c6ac8991a667833327.yaml @@ -0,0 +1,58 @@ +id: simple-ajax-chat-8097ab26da9158c6ac8991a667833327 + +info: + name: > + Simple Ajax Chat <= 20240216 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f67b5cd8-bae8-48ca-87d5-7445724791f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-ajax-chat/" + google-query: inurl:"/wp-content/plugins/simple-ajax-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-ajax-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-ajax-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-ajax-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20240216') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-ajax-chat-c6329477c32be141bd1ef013c37024ea.yaml b/nuclei-templates/cve-less/plugins/simple-ajax-chat-c6329477c32be141bd1ef013c37024ea.yaml new file mode 100644 index 0000000000..8fd502fb48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-ajax-chat-c6329477c32be141bd1ef013c37024ea.yaml @@ -0,0 +1,58 @@ +id: simple-ajax-chat-c6329477c32be141bd1ef013c37024ea + +info: + name: > + Simple Ajax Chat Plugin <= 20220115 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14b6f5b6-66ab-4c47-853e-7551fad39478?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-ajax-chat/" + google-query: inurl:"/wp-content/plugins/simple-ajax-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-ajax-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-ajax-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-ajax-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20220115') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-author-box-4c2b5bad649e24fd03a9941d8a2a227e.yaml b/nuclei-templates/cve-less/plugins/simple-author-box-4c2b5bad649e24fd03a9941d8a2a227e.yaml new file mode 100644 index 0000000000..43663544c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-author-box-4c2b5bad649e24fd03a9941d8a2a227e.yaml @@ -0,0 +1,58 @@ +id: simple-author-box-4c2b5bad649e24fd03a9941d8a2a227e + +info: + name: > + Simple Author Box <= 2.51 - Authenticated (Contributor+) Insecure Direct Object Reference to Arbitrary User Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a1b7e37-1e30-473c-aadc-176de729e619?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-author-box/" + google-query: inurl:"/wp-content/plugins/simple-author-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-author-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-author-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-author-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-banner-292e0cc17029954da0392c71fc757409.yaml b/nuclei-templates/cve-less/plugins/simple-banner-292e0cc17029954da0392c71fc757409.yaml new file mode 100644 index 0000000000..98fa5cce54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-banner-292e0cc17029954da0392c71fc757409.yaml @@ -0,0 +1,58 @@ +id: simple-banner-292e0cc17029954da0392c71fc757409 + +info: + name: > + Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb9520d-e679-4e8a-ae3c-8207f17d45a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-banner/" + google-query: inurl:"/wp-content/plugins/simple-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-banner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-banner-cc890ca86d59bec43888764af28bac9a.yaml b/nuclei-templates/cve-less/plugins/simple-banner-cc890ca86d59bec43888764af28bac9a.yaml new file mode 100644 index 0000000000..76e05f5fd7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-banner-cc890ca86d59bec43888764af28bac9a.yaml @@ -0,0 +1,58 @@ +id: simple-banner-cc890ca86d59bec43888764af28bac9a + +info: + name: > + Simple Banner <= 2.10.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b890d168-9ea7-49c0-b628-71c76c0c2c9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-banner/" + google-query: inurl:"/wp-content/plugins/simple-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-banner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-banner-decbeaef5c23a80c05557edd9e92444e.yaml b/nuclei-templates/cve-less/plugins/simple-banner-decbeaef5c23a80c05557edd9e92444e.yaml new file mode 100644 index 0000000000..dc708bbb6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-banner-decbeaef5c23a80c05557edd9e92444e.yaml @@ -0,0 +1,58 @@ +id: simple-banner-decbeaef5c23a80c05557edd9e92444e + +info: + name: > + Simple Banner <= 2.11.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67953bf3-5465-4f25-874c-46dff59b2199?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-banner/" + google-query: inurl:"/wp-content/plugins/simple-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-banner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-basic-contact-form-24b6c342cef1d8274544190481da6dc0.yaml b/nuclei-templates/cve-less/plugins/simple-basic-contact-form-24b6c342cef1d8274544190481da6dc0.yaml new file mode 100644 index 0000000000..e38b8f40f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-basic-contact-form-24b6c342cef1d8274544190481da6dc0.yaml @@ -0,0 +1,58 @@ +id: simple-basic-contact-form-24b6c342cef1d8274544190481da6dc0 + +info: + name: > + Simple Basic Contact Form <= 20220207 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38e831b4-8284-4fad-ac24-a2f08053c53e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-basic-contact-form/" + google-query: inurl:"/wp-content/plugins/simple-basic-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-basic-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-basic-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-basic-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20220207') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-basic-contact-form-8b606c34ee5d9927b9ffc892e04d01c1.yaml b/nuclei-templates/cve-less/plugins/simple-basic-contact-form-8b606c34ee5d9927b9ffc892e04d01c1.yaml new file mode 100644 index 0000000000..14f535a3ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-basic-contact-form-8b606c34ee5d9927b9ffc892e04d01c1.yaml @@ -0,0 +1,58 @@ +id: simple-basic-contact-form-8b606c34ee5d9927b9ffc892e04d01c1 + +info: + name: > + Simple Basic Contact Form <= 20221201 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22074d7a-5dbd-4a0c-bc5d-e4c983e5edb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-basic-contact-form/" + google-query: inurl:"/wp-content/plugins/simple-basic-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-basic-contact-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-basic-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-basic-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20221201') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-behace-portfolio-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/simple-behace-portfolio-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..d41117fbac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-behace-portfolio-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: simple-behace-portfolio-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-behace-portfolio/" + google-query: inurl:"/wp-content/plugins/simple-behace-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-behace-portfolio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-behace-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-behace-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-behace-portfolio-542985c679cbc99f40cd1241c2489438.yaml b/nuclei-templates/cve-less/plugins/simple-behace-portfolio-542985c679cbc99f40cd1241c2489438.yaml new file mode 100644 index 0000000000..e0e61d9b17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-behace-portfolio-542985c679cbc99f40cd1241c2489438.yaml @@ -0,0 +1,58 @@ +id: simple-behace-portfolio-542985c679cbc99f40cd1241c2489438 + +info: + name: > + Simple Behance Portfolio <= 0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85581a5d-a898-4dac-af48-139b36728760?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-behace-portfolio/" + google-query: inurl:"/wp-content/plugins/simple-behace-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-behace-portfolio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-behace-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-behace-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-bitcoin-faucets-600b942b044271afb765e6ae63286c52.yaml b/nuclei-templates/cve-less/plugins/simple-bitcoin-faucets-600b942b044271afb765e6ae63286c52.yaml new file mode 100644 index 0000000000..e5e42a8c62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-bitcoin-faucets-600b942b044271afb765e6ae63286c52.yaml @@ -0,0 +1,58 @@ +id: simple-bitcoin-faucets-600b942b044271afb765e6ae63286c52 + +info: + name: > + Bitcoin Satoshi Tools <= 1.7.0 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec5fc038-b855-4744-8797-ce2cedd88f6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-bitcoin-faucets/" + google-query: inurl:"/wp-content/plugins/simple-bitcoin-faucets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-bitcoin-faucets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-bitcoin-faucets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-bitcoin-faucets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-blog-card-38f522639c782f75ecbda00625777030.yaml b/nuclei-templates/cve-less/plugins/simple-blog-card-38f522639c782f75ecbda00625777030.yaml new file mode 100644 index 0000000000..acfe3db54a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-blog-card-38f522639c782f75ecbda00625777030.yaml @@ -0,0 +1,58 @@ +id: simple-blog-card-38f522639c782f75ecbda00625777030 + +info: + name: > + Simple Blog Card <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78f6d878-6ba8-4d80-9c9b-1a363d6aaed5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-blog-card/" + google-query: inurl:"/wp-content/plugins/simple-blog-card/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-blog-card,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-blog-card/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-blog-card" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-blog-card-c207cf3269409384bfc7adaacb440036.yaml b/nuclei-templates/cve-less/plugins/simple-blog-card-c207cf3269409384bfc7adaacb440036.yaml new file mode 100644 index 0000000000..b9749d14e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-blog-card-c207cf3269409384bfc7adaacb440036.yaml @@ -0,0 +1,58 @@ +id: simple-blog-card-c207cf3269409384bfc7adaacb440036 + +info: + name: > + Simple Blog Card <= 1.31 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36cec19a-4631-4ada-b37a-f4b2dc264096?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-blog-card/" + google-query: inurl:"/wp-content/plugins/simple-blog-card/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-blog-card,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-blog-card/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-blog-card" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-buttons-creator-440da6ea620b4f0e53a03bec13770ad3.yaml b/nuclei-templates/cve-less/plugins/simple-buttons-creator-440da6ea620b4f0e53a03bec13770ad3.yaml new file mode 100644 index 0000000000..d9fd291dbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-buttons-creator-440da6ea620b4f0e53a03bec13770ad3.yaml @@ -0,0 +1,58 @@ +id: simple-buttons-creator-440da6ea620b4f0e53a03bec13770ad3 + +info: + name: > + Simple Buttons Creator <=1.04 - Unauthenticated Stored Cross-Site Scripting via Add Button + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffbf5930-50f3-44ca-8333-7b934dcd5ef7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-buttons-creator/" + google-query: inurl:"/wp-content/plugins/simple-buttons-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-buttons-creator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-buttons-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-buttons-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.04') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-buttons-creator-aaaedc139789465865fcfb0738c02925.yaml b/nuclei-templates/cve-less/plugins/simple-buttons-creator-aaaedc139789465865fcfb0738c02925.yaml new file mode 100644 index 0000000000..8d73059fc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-buttons-creator-aaaedc139789465865fcfb0738c02925.yaml @@ -0,0 +1,58 @@ +id: simple-buttons-creator-aaaedc139789465865fcfb0738c02925 + +info: + name: > + Simple Buttons Creator <=1.04 - Cross-Site Request Forgery to Arbitrary Button Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/448ec796-e92f-410e-aa40-aaf296c1afeb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-buttons-creator/" + google-query: inurl:"/wp-content/plugins/simple-buttons-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-buttons-creator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-buttons-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-buttons-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.04') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-cloudflare-turnstile-0591772600d7345412c5914adc415e3f.yaml b/nuclei-templates/cve-less/plugins/simple-cloudflare-turnstile-0591772600d7345412c5914adc415e3f.yaml new file mode 100644 index 0000000000..b2af4689b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-cloudflare-turnstile-0591772600d7345412c5914adc415e3f.yaml @@ -0,0 +1,58 @@ +id: simple-cloudflare-turnstile-0591772600d7345412c5914adc415e3f + +info: + name: > + Simple Cloudflare Turnstile <= 1.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91f6c9d3-641d-42f7-bf11-e3c3a44eeb76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-cloudflare-turnstile/" + google-query: inurl:"/wp-content/plugins/simple-cloudflare-turnstile/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-cloudflare-turnstile,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-cloudflare-turnstile/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-cloudflare-turnstile" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-csv-xls-exporter-797076b6d5e9db4c8f8d40e3e026648b.yaml b/nuclei-templates/cve-less/plugins/simple-csv-xls-exporter-797076b6d5e9db4c8f8d40e3e026648b.yaml new file mode 100644 index 0000000000..c02614fda9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-csv-xls-exporter-797076b6d5e9db4c8f8d40e3e026648b.yaml @@ -0,0 +1,58 @@ +id: simple-csv-xls-exporter-797076b6d5e9db4c8f8d40e3e026648b + +info: + name: > + Simple CSV/XLS Exporter <= 1.5.8 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/219614b7-2394-490c-baf4-14a12249c4b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-csv-xls-exporter/" + google-query: inurl:"/wp-content/plugins/simple-csv-xls-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-csv-xls-exporter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-csv-xls-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-csv-xls-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-custom-author-profiles-a772a1bfbb77e4750a15c026120428cc.yaml b/nuclei-templates/cve-less/plugins/simple-custom-author-profiles-a772a1bfbb77e4750a15c026120428cc.yaml new file mode 100644 index 0000000000..af8192592d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-custom-author-profiles-a772a1bfbb77e4750a15c026120428cc.yaml @@ -0,0 +1,58 @@ +id: simple-custom-author-profiles-a772a1bfbb77e4750a15c026120428cc + +info: + name: > + Simple Custom Author Profiles <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/986d16d5-f1f4-4ed9-9978-0f12ee22a543?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-custom-author-profiles/" + google-query: inurl:"/wp-content/plugins/simple-custom-author-profiles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-custom-author-profiles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-custom-author-profiles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-custom-author-profiles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-custom-website-data-fe349fb095cfb7a6ef8e1ff393fda6e6.yaml b/nuclei-templates/cve-less/plugins/simple-custom-website-data-fe349fb095cfb7a6ef8e1ff393fda6e6.yaml new file mode 100644 index 0000000000..034514ae61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-custom-website-data-fe349fb095cfb7a6ef8e1ff393fda6e6.yaml @@ -0,0 +1,58 @@ +id: simple-custom-website-data-fe349fb095cfb7a6ef8e1ff393fda6e6 + +info: + name: > + Custom Website Data <= 2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/550a8107-f639-4edc-9aad-1943d032cc26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-custom-website-data/" + google-query: inurl:"/wp-content/plugins/simple-custom-website-data/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-custom-website-data,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-custom-website-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-custom-website-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-button-shortcode-1d37800259dd9a7caaaf8879496d00f2.yaml b/nuclei-templates/cve-less/plugins/simple-download-button-shortcode-1d37800259dd9a7caaaf8879496d00f2.yaml new file mode 100644 index 0000000000..cbffee1e17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-button-shortcode-1d37800259dd9a7caaaf8879496d00f2.yaml @@ -0,0 +1,58 @@ +id: simple-download-button-shortcode-1d37800259dd9a7caaaf8879496d00f2 + +info: + name: > + Simple Download Button Shortcode <= 1.0 - Information Disclosure via Arbitrary File Downloads + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0fdeb83-78c3-4b29-809c-662bd2a2bb51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-button-shortcode/" + google-query: inurl:"/wp-content/plugins/simple-download-button-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-button-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-button-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-button-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-counter-a54fbae2de8a8e13d0527ba702d34945.yaml b/nuclei-templates/cve-less/plugins/simple-download-counter-a54fbae2de8a8e13d0527ba702d34945.yaml new file mode 100644 index 0000000000..43936aa9d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-counter-a54fbae2de8a8e13d0527ba702d34945.yaml @@ -0,0 +1,58 @@ +id: simple-download-counter-a54fbae2de8a8e13d0527ba702d34945 + +info: + name: > + Simple Download Counter <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa5f7f2a-c7b7-4339-a608-51fd684c18bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-counter/" + google-query: inurl:"/wp-content/plugins/simple-download-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-19ad328fea959219a0ccf5d117ad75c7.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-19ad328fea959219a0ccf5d117ad75c7.yaml new file mode 100644 index 0000000000..b4f22c26aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-19ad328fea959219a0ccf5d117ad75c7.yaml @@ -0,0 +1,58 @@ +id: simple-download-monitor-19ad328fea959219a0ccf5d117ad75c7 + +info: + name: > + Simple Download Monitor <= 3.9.5 - Contributor+ Arbitrary Thumbnail Removal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/184885b0-66cd-433d-bfea-d7e8bbb02731?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-49034c31f1dba0715c18246f4dd38cde.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-49034c31f1dba0715c18246f4dd38cde.yaml new file mode 100644 index 0000000000..b9cdcc7ee0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-49034c31f1dba0715c18246f4dd38cde.yaml @@ -0,0 +1,58 @@ +id: simple-download-monitor-49034c31f1dba0715c18246f4dd38cde + +info: + name: > + Simple Download Monitor < 3.5.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d0bf4d1-ba07-4204-bb2b-cdee10e6a275?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-5017a561b2bec42e777a79d3e7f73798.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-5017a561b2bec42e777a79d3e7f73798.yaml new file mode 100644 index 0000000000..ea69d27726 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-5017a561b2bec42e777a79d3e7f73798.yaml @@ -0,0 +1,58 @@ +id: simple-download-monitor-5017a561b2bec42e777a79d3e7f73798 + +info: + name: > + Simple Download Monitor <= 3.9.4 - Contributor+ Stored Cross-Site Scripting via File Thumbnail + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12ea26be-93e4-43de-bb32-21cdc2f80569?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-monitor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-59401ea9ce38d0433cad6f039547d860.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-59401ea9ce38d0433cad6f039547d860.yaml new file mode 100644 index 0000000000..c2e4322309 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-59401ea9ce38d0433cad6f039547d860.yaml @@ -0,0 +1,58 @@ +id: simple-download-monitor-59401ea9ce38d0433cad6f039547d860 + +info: + name: > + Simple Download Monitor <= 3.9.10 - Contributor+ Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cf2739f-9001-409a-9b7f-024931729da3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-monitor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-5d5eee8781ce2674b2c2c40cb2fcc273.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-5d5eee8781ce2674b2c2c40cb2fcc273.yaml new file mode 100644 index 0000000000..cd9ab7b646 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-5d5eee8781ce2674b2c2c40cb2fcc273.yaml @@ -0,0 +1,58 @@ +id: simple-download-monitor-5d5eee8781ce2674b2c2c40cb2fcc273 + +info: + name: > + Simple Download Monitor <= 3.8.8 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32f03892-500f-4925-9b3d-3160243de8a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-94d6413af5bdd7c5410cee1dbb9ba3ce.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-94d6413af5bdd7c5410cee1dbb9ba3ce.yaml new file mode 100644 index 0000000000..ec498b07e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-94d6413af5bdd7c5410cee1dbb9ba3ce.yaml @@ -0,0 +1,58 @@ +id: simple-download-monitor-94d6413af5bdd7c5410cee1dbb9ba3ce + +info: + name: > + Simple Download Monitor <= 3.8.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2670e15-a71a-4800-882d-5d04faeaeee1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-monitor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-9b6bff957c02c5adaec64684fd5bd810.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-9b6bff957c02c5adaec64684fd5bd810.yaml new file mode 100644 index 0000000000..980f3b3146 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-9b6bff957c02c5adaec64684fd5bd810.yaml @@ -0,0 +1,58 @@ +id: simple-download-monitor-9b6bff957c02c5adaec64684fd5bd810 + +info: + name: > + Simple Download Monitor <= 3.9.8 - Multiple Cross-Site Request Forgery vulnerabilities + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b8dcab4-dd13-4c08-8623-37a50dcbda1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-monitor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-b170f8ef7c7061e6ad33e8f3d3426766.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-b170f8ef7c7061e6ad33e8f3d3426766.yaml new file mode 100644 index 0000000000..3ef70a26c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-b170f8ef7c7061e6ad33e8f3d3426766.yaml @@ -0,0 +1,58 @@ +id: simple-download-monitor-b170f8ef7c7061e6ad33e8f3d3426766 + +info: + name: > + Simple Download Monitor <= 3.9.5 - Sensitive Data Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43f38a87-ac2c-4b5a-9559-d529c4b2799c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-bbc8a2a1421137b76670971e66f228ca.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-bbc8a2a1421137b76670971e66f228ca.yaml new file mode 100644 index 0000000000..6409c8b8fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-bbc8a2a1421137b76670971e66f228ca.yaml @@ -0,0 +1,58 @@ +id: simple-download-monitor-bbc8a2a1421137b76670971e66f228ca + +info: + name: > + Simple Download Monitor <= 3.9.4 - Contributor+ Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79545b24-b325-486b-b34f-87bba14b8cd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-d77dd6f710585ae9ffaedbfddc152d76.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-d77dd6f710585ae9ffaedbfddc152d76.yaml new file mode 100644 index 0000000000..aa99f2ed98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-d77dd6f710585ae9ffaedbfddc152d76.yaml @@ -0,0 +1,58 @@ +id: simple-download-monitor-d77dd6f710585ae9ffaedbfddc152d76 + +info: + name: > + Simple Download Monitor < 3.5.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/410ae439-dcee-4050-81a9-110a337016e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-download-monitor-f2c626818640778246ca3c4d6d3ce648.yaml b/nuclei-templates/cve-less/plugins/simple-download-monitor-f2c626818640778246ca3c4d6d3ce648.yaml new file mode 100644 index 0000000000..a4b37f3c34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-download-monitor-f2c626818640778246ca3c4d6d3ce648.yaml @@ -0,0 +1,58 @@ +id: simple-download-monitor-f2c626818640778246ca3c4d6d3ce648 + +info: + name: > + Simple Download Monitor <= 3.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d91a2713-238b-4c56-bff8-9129d77f4d77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-download-monitor/" + google-query: inurl:"/wp-content/plugins/simple-download-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-download-monitor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-download-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-download-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-dropbox-upload-form-8f5233bb2f72d4a8a72b4725ffa80041.yaml b/nuclei-templates/cve-less/plugins/simple-dropbox-upload-form-8f5233bb2f72d4a8a72b4725ffa80041.yaml new file mode 100644 index 0000000000..1e3aa92d1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-dropbox-upload-form-8f5233bb2f72d4a8a72b4725ffa80041.yaml @@ -0,0 +1,58 @@ +id: simple-dropbox-upload-form-8f5233bb2f72d4a8a72b4725ffa80041 + +info: + name: > + Simple Dropbox Upload < 1.8.8.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89904362-4ac2-450a-89ac-8935fdb4976d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-dropbox-upload-form/" + google-query: inurl:"/wp-content/plugins/simple-dropbox-upload-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-dropbox-upload-form,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-dropbox-upload-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-dropbox-upload-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-e-commerce-shopping-cart-b9227c21bfafb1eba2c9f59a2176e5a7.yaml b/nuclei-templates/cve-less/plugins/simple-e-commerce-shopping-cart-b9227c21bfafb1eba2c9f59a2176e5a7.yaml new file mode 100644 index 0000000000..9828ab9a51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-e-commerce-shopping-cart-b9227c21bfafb1eba2c9f59a2176e5a7.yaml @@ -0,0 +1,58 @@ +id: simple-e-commerce-shopping-cart-b9227c21bfafb1eba2c9f59a2176e5a7 + +info: + name: > + Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bdc946ed-8891-4f97-af7e-2034760eef5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-e-commerce-shopping-cart/" + google-query: inurl:"/wp-content/plugins/simple-e-commerce-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-e-commerce-shopping-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-e-commerce-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-e-commerce-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-embed-code-b2367564b8e810af49ec2f68b7f40f1d.yaml b/nuclei-templates/cve-less/plugins/simple-embed-code-b2367564b8e810af49ec2f68b7f40f1d.yaml new file mode 100644 index 0000000000..05d57222f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-embed-code-b2367564b8e810af49ec2f68b7f40f1d.yaml @@ -0,0 +1,58 @@ +id: simple-embed-code-b2367564b8e810af49ec2f68b7f40f1d + +info: + name: > + Code Embed <= 2.3.6 - Authenticated(Contributor+) Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef2ded1-dd56-4c33-98dc-d4c69e66568f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-embed-code/" + google-query: inurl:"/wp-content/plugins/simple-embed-code/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-embed-code,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-embed-code/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-embed-code" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-event-planner-0c7da527d5c5020bdc519d1c19025768.yaml b/nuclei-templates/cve-less/plugins/simple-event-planner-0c7da527d5c5020bdc519d1c19025768.yaml new file mode 100644 index 0000000000..6565648974 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-event-planner-0c7da527d5c5020bdc519d1c19025768.yaml @@ -0,0 +1,58 @@ +id: simple-event-planner-0c7da527d5c5020bdc519d1c19025768 + +info: + name: > + Simple Event Planner plugin <= 1.5.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bda0d24c-b1c9-4ae4-93b3-46568982d718?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-event-planner/" + google-query: inurl:"/wp-content/plugins/simple-event-planner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-event-planner,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-event-planner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-event-planner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-event-planner-0e3b2109a8f3c98e6d7b288936c49e4a.yaml b/nuclei-templates/cve-less/plugins/simple-event-planner-0e3b2109a8f3c98e6d7b288936c49e4a.yaml new file mode 100644 index 0000000000..1abc41f4ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-event-planner-0e3b2109a8f3c98e6d7b288936c49e4a.yaml @@ -0,0 +1,58 @@ +id: simple-event-planner-0e3b2109a8f3c98e6d7b288936c49e4a + +info: + name: > + Simple Event Planner <= 1.5.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43c9b6f2-2b72-4326-8080-f41606c0880c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-event-planner/" + google-query: inurl:"/wp-content/plugins/simple-event-planner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-event-planner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-event-planner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-event-planner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-events-calendar-d3d0ad8926aafa9beab7b5840f982076.yaml b/nuclei-templates/cve-less/plugins/simple-events-calendar-d3d0ad8926aafa9beab7b5840f982076.yaml new file mode 100644 index 0000000000..51981b1f23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-events-calendar-d3d0ad8926aafa9beab7b5840f982076.yaml @@ -0,0 +1,58 @@ +id: simple-events-calendar-d3d0ad8926aafa9beab7b5840f982076 + +info: + name: > + Simple Events Calendar <= 1.4.0 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa5c97bc-b06f-4ee8-bbc5-72c348d2c92a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-events-calendar/" + google-query: inurl:"/wp-content/plugins/simple-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-facebook-plugin-0fc896a4acc44efa8900b336ff580b9b.yaml b/nuclei-templates/cve-less/plugins/simple-facebook-plugin-0fc896a4acc44efa8900b336ff580b9b.yaml new file mode 100644 index 0000000000..617e87e9ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-facebook-plugin-0fc896a4acc44efa8900b336ff580b9b.yaml @@ -0,0 +1,58 @@ +id: simple-facebook-plugin-0fc896a4acc44efa8900b336ff580b9b + +info: + name: > + Simple Like Page Plugin <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f81df26f-4390-4626-8539-367a52f8a027?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-facebook-plugin/" + google-query: inurl:"/wp-content/plugins/simple-facebook-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-facebook-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-facebook-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-facebook-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-fields-272ee2a329a8d2a28bce41429783dc10.yaml b/nuclei-templates/cve-less/plugins/simple-fields-272ee2a329a8d2a28bce41429783dc10.yaml new file mode 100644 index 0000000000..1169160324 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-fields-272ee2a329a8d2a28bce41429783dc10.yaml @@ -0,0 +1,58 @@ +id: simple-fields-272ee2a329a8d2a28bce41429783dc10 + +info: + name: > + Simple Fields < 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6206d7e-90b9-43fd-a6cd-90e98162cd09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-fields/" + google-query: inurl:"/wp-content/plugins/simple-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-fields,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-fields-8ee30668d728aabff36c7b1c3fc51930.yaml b/nuclei-templates/cve-less/plugins/simple-fields-8ee30668d728aabff36c7b1c3fc51930.yaml new file mode 100644 index 0000000000..2f8d65c0c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-fields-8ee30668d728aabff36c7b1c3fc51930.yaml @@ -0,0 +1,58 @@ +id: simple-fields-8ee30668d728aabff36c7b1c3fc51930 + +info: + name: > + Simple Fields <= 1.4.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89c32230-99e4-4d08-8afb-8f6f8bf94eab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-fields/" + google-query: inurl:"/wp-content/plugins/simple-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-fields,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-file-downloader-f7783b1b95259bfc99e8cabc59fcdb30.yaml b/nuclei-templates/cve-less/plugins/simple-file-downloader-f7783b1b95259bfc99e8cabc59fcdb30.yaml new file mode 100644 index 0000000000..e7ddf22679 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-file-downloader-f7783b1b95259bfc99e8cabc59fcdb30.yaml @@ -0,0 +1,58 @@ +id: simple-file-downloader-f7783b1b95259bfc99e8cabc59fcdb30 + +info: + name: > + Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c29c110-87ed-47e3-919f-f6e98f703805?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-file-downloader/" + google-query: inurl:"/wp-content/plugins/simple-file-downloader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-file-downloader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-file-downloader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-file-downloader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-file-list-0bf86b2d6edcb55bd09f7e32e0eeb2ec.yaml b/nuclei-templates/cve-less/plugins/simple-file-list-0bf86b2d6edcb55bd09f7e32e0eeb2ec.yaml new file mode 100644 index 0000000000..e5792f62f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-file-list-0bf86b2d6edcb55bd09f7e32e0eeb2ec.yaml @@ -0,0 +1,58 @@ +id: simple-file-list-0bf86b2d6edcb55bd09f7e32e0eeb2ec + +info: + name: > + Simple File List <= 4.4.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da9e3db0-9cbf-4b1a-bdaa-d5d86be744af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-file-list/" + google-query: inurl:"/wp-content/plugins/simple-file-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-file-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-file-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-file-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-file-list-1035cac119c2deeb77e8b4fd1a309012.yaml b/nuclei-templates/cve-less/plugins/simple-file-list-1035cac119c2deeb77e8b4fd1a309012.yaml new file mode 100644 index 0000000000..7522607f7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-file-list-1035cac119c2deeb77e8b4fd1a309012.yaml @@ -0,0 +1,58 @@ +id: simple-file-list-1035cac119c2deeb77e8b4fd1a309012 + +info: + name: > + Simple File List <= 4.4.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6c370f5-087b-4e75-a726-b79bf792441b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-file-list/" + google-query: inurl:"/wp-content/plugins/simple-file-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-file-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-file-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-file-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-file-list-1057cae23f85520832f9b7c2f9fe55c7.yaml b/nuclei-templates/cve-less/plugins/simple-file-list-1057cae23f85520832f9b7c2f9fe55c7.yaml new file mode 100644 index 0000000000..67b2549c2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-file-list-1057cae23f85520832f9b7c2f9fe55c7.yaml @@ -0,0 +1,58 @@ +id: simple-file-list-1057cae23f85520832f9b7c2f9fe55c7 + +info: + name: > + Simple File List <= 6.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3f0032e-a6f4-47f5-b3eb-6f1c9bf9670c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-file-list/" + google-query: inurl:"/wp-content/plugins/simple-file-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-file-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-file-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-file-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-file-list-12458527208bedb32b3812054b29eb28.yaml b/nuclei-templates/cve-less/plugins/simple-file-list-12458527208bedb32b3812054b29eb28.yaml new file mode 100644 index 0000000000..88fb93e47c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-file-list-12458527208bedb32b3812054b29eb28.yaml @@ -0,0 +1,58 @@ +id: simple-file-list-12458527208bedb32b3812054b29eb28 + +info: + name: > + Simple File List <= 3.2.7 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff21241d-e488-4460-b8c2-d5a070c8c107?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-file-list/" + google-query: inurl:"/wp-content/plugins/simple-file-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-file-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-file-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-file-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-file-list-5be7a97c9b94c45be28a2be5c28c5d40.yaml b/nuclei-templates/cve-less/plugins/simple-file-list-5be7a97c9b94c45be28a2be5c28c5d40.yaml new file mode 100644 index 0000000000..e1e357a82e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-file-list-5be7a97c9b94c45be28a2be5c28c5d40.yaml @@ -0,0 +1,58 @@ +id: simple-file-list-5be7a97c9b94c45be28a2be5c28c5d40 + +info: + name: > + Simple File List <= 4.2.7 - Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2d26156-b88c-4cae-a830-be765e1f1473?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-file-list/" + google-query: inurl:"/wp-content/plugins/simple-file-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-file-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-file-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-file-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-file-list-99f94d5f6f5961794646e333f2e12898.yaml b/nuclei-templates/cve-less/plugins/simple-file-list-99f94d5f6f5961794646e333f2e12898.yaml new file mode 100644 index 0000000000..5836380cfd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-file-list-99f94d5f6f5961794646e333f2e12898.yaml @@ -0,0 +1,58 @@ +id: simple-file-list-99f94d5f6f5961794646e333f2e12898 + +info: + name: > + Simple File List <= 6.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e61b6e54-b330-41a5-b13f-ba11c10d8bfe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-file-list/" + google-query: inurl:"/wp-content/plugins/simple-file-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-file-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-file-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-file-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-file-list-d2fe1c961f4314cb633d294e6983652b.yaml b/nuclei-templates/cve-less/plugins/simple-file-list-d2fe1c961f4314cb633d294e6983652b.yaml new file mode 100644 index 0000000000..445e7f1c53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-file-list-d2fe1c961f4314cb633d294e6983652b.yaml @@ -0,0 +1,58 @@ +id: simple-file-list-d2fe1c961f4314cb633d294e6983652b + +info: + name: > + Simple File List <= 6.1.9 - Unauthenticated Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7eada9b7-8d53-4e95-858e-aa706f74b2a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-file-list/" + google-query: inurl:"/wp-content/plugins/simple-file-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-file-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-file-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-file-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-file-list-f1ab2ba9aab33ab61ed9ab0dbb6a8c74.yaml b/nuclei-templates/cve-less/plugins/simple-file-list-f1ab2ba9aab33ab61ed9ab0dbb6a8c74.yaml new file mode 100644 index 0000000000..3e1ae4cd5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-file-list-f1ab2ba9aab33ab61ed9ab0dbb6a8c74.yaml @@ -0,0 +1,58 @@ +id: simple-file-list-f1ab2ba9aab33ab61ed9ab0dbb6a8c74 + +info: + name: > + Simple File List <= 4.4.12 - Cross-Site Request Forgery to Page Creation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9a94b81-6430-4f04-ac16-4bf79318b5de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-file-list/" + google-query: inurl:"/wp-content/plugins/simple-file-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-file-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-file-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-file-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-forum-cb19aa38112af2f12cff55ba678ad12d.yaml b/nuclei-templates/cve-less/plugins/simple-forum-cb19aa38112af2f12cff55ba678ad12d.yaml new file mode 100644 index 0000000000..35d55e55a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-forum-cb19aa38112af2f12cff55ba678ad12d.yaml @@ -0,0 +1,58 @@ +id: simple-forum-cb19aa38112af2f12cff55ba678ad12d + +info: + name: > + Yellow Swordfish Simple Forum <= 1.11 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2be3638e-3a0d-40e5-914e-9f20971abf9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-forum/" + google-query: inurl:"/wp-content/plugins/simple-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-forum,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-gmail-login-6882049d71ccbb0177ed642930a8f0f7.yaml b/nuclei-templates/cve-less/plugins/simple-gmail-login-6882049d71ccbb0177ed642930a8f0f7.yaml new file mode 100644 index 0000000000..b42e8c4a88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-gmail-login-6882049d71ccbb0177ed642930a8f0f7.yaml @@ -0,0 +1,58 @@ +id: simple-gmail-login-6882049d71ccbb0177ed642930a8f0f7 + +info: + name: > + Simple Gmail Login < 1.1.4 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe685a64-a84c-4d29-b002-05d40f540391?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-gmail-login/" + google-query: inurl:"/wp-content/plugins/simple-gmail-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-gmail-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-gmail-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-gmail-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-googlebot-visit-5d0daee3984605beba0293322e7ea274.yaml b/nuclei-templates/cve-less/plugins/simple-googlebot-visit-5d0daee3984605beba0293322e7ea274.yaml new file mode 100644 index 0000000000..be92475f9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-googlebot-visit-5d0daee3984605beba0293322e7ea274.yaml @@ -0,0 +1,58 @@ +id: simple-googlebot-visit-5d0daee3984605beba0293322e7ea274 + +info: + name: > + Simple Googlebot Visit <= 1.2.4 - Missing Authorization to Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1e7bb04-28b4-407c-910b-e37a7e26682e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-googlebot-visit/" + google-query: inurl:"/wp-content/plugins/simple-googlebot-visit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-googlebot-visit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-googlebot-visit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-googlebot-visit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-history-4a300ce6f6f831fce9cb1c19680cdfa4.yaml b/nuclei-templates/cve-less/plugins/simple-history-4a300ce6f6f831fce9cb1c19680cdfa4.yaml new file mode 100644 index 0000000000..f953888002 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-history-4a300ce6f6f831fce9cb1c19680cdfa4.yaml @@ -0,0 +1,58 @@ +id: simple-history-4a300ce6f6f831fce9cb1c19680cdfa4 + +info: + name: > + Simple History <= 3.3.1 - Authenticated (Subscriber+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f1e6f04-04d4-4484-86bd-28df6388a953?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-history/" + google-query: inurl:"/wp-content/plugins/simple-history/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-history,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-history/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-history" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-icons-77fadf9a7971f3244b33864c9a81256e.yaml b/nuclei-templates/cve-less/plugins/simple-icons-77fadf9a7971f3244b33864c9a81256e.yaml new file mode 100644 index 0000000000..6798da86dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-icons-77fadf9a7971f3244b33864c9a81256e.yaml @@ -0,0 +1,58 @@ +id: simple-icons-77fadf9a7971f3244b33864c9a81256e + +info: + name: > + Popular Brand Icons - Simple Icons <= 2.7.7 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9b074ed-2edd-4774-b0b2-dc08c9647094?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-icons/" + google-query: inurl:"/wp-content/plugins/simple-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-icons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-iframe-b7ed33471f1469ef97fb3b870c3b3d8e.yaml b/nuclei-templates/cve-less/plugins/simple-iframe-b7ed33471f1469ef97fb3b870c3b3d8e.yaml new file mode 100644 index 0000000000..c884272a98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-iframe-b7ed33471f1469ef97fb3b870c3b3d8e.yaml @@ -0,0 +1,58 @@ +id: simple-iframe-b7ed33471f1469ef97fb3b870c3b3d8e + +info: + name: > + Simple Iframe <= 1.1.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via block attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/810faad2-b63d-497c-af00-b57a07705608?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-iframe/" + google-query: inurl:"/wp-content/plugins/simple-iframe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-iframe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-iframe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-iframe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-image-manipulator-ea364a8fa3fc256e34217f6289a9b8fd.yaml b/nuclei-templates/cve-less/plugins/simple-image-manipulator-ea364a8fa3fc256e34217f6289a9b8fd.yaml new file mode 100644 index 0000000000..5f71fe5fe0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-image-manipulator-ea364a8fa3fc256e34217f6289a9b8fd.yaml @@ -0,0 +1,58 @@ +id: simple-image-manipulator-ea364a8fa3fc256e34217f6289a9b8fd + +info: + name: > + Simple Image Manipulator <= 1.0 - Remote File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b53bccdd-ed92-4831-bc63-3b96c9aee6e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-image-manipulator/" + google-query: inurl:"/wp-content/plugins/simple-image-manipulator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-image-manipulator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-image-manipulator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-image-manipulator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-image-popup-5bcd1f7720b268a32568c458d817b9bf.yaml b/nuclei-templates/cve-less/plugins/simple-image-popup-5bcd1f7720b268a32568c458d817b9bf.yaml new file mode 100644 index 0000000000..4a8fe3927c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-image-popup-5bcd1f7720b268a32568c458d817b9bf.yaml @@ -0,0 +1,58 @@ +id: simple-image-popup-5bcd1f7720b268a32568c458d817b9bf + +info: + name: > + Simple Image Popup <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75e89574-a0d4-4383-a6f8-bf977e2ffe4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-image-popup/" + google-query: inurl:"/wp-content/plugins/simple-image-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-image-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-image-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-image-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-image-popup-8279425e8ad5b9257ee709bdcae15c73.yaml b/nuclei-templates/cve-less/plugins/simple-image-popup-8279425e8ad5b9257ee709bdcae15c73.yaml new file mode 100644 index 0000000000..07509832b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-image-popup-8279425e8ad5b9257ee709bdcae15c73.yaml @@ -0,0 +1,58 @@ +id: simple-image-popup-8279425e8ad5b9257ee709bdcae15c73 + +info: + name: > + Simple Image Popup <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13389191-cbda-4c39-8598-7c2b41f31da7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-image-popup/" + google-query: inurl:"/wp-content/plugins/simple-image-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-image-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-image-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-image-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-ip-ban-288abda2cfd9da64eaad068ba5d6f96e.yaml b/nuclei-templates/cve-less/plugins/simple-ip-ban-288abda2cfd9da64eaad068ba5d6f96e.yaml new file mode 100644 index 0000000000..debffc37f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-ip-ban-288abda2cfd9da64eaad068ba5d6f96e.yaml @@ -0,0 +1,58 @@ +id: simple-ip-ban-288abda2cfd9da64eaad068ba5d6f96e + +info: + name: > + IP Ban <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fac308c6-780d-44ea-ba78-d15e1ee260e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-ip-ban/" + google-query: inurl:"/wp-content/plugins/simple-ip-ban/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-ip-ban,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-ip-ban/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-ip-ban" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-job-board-020ad3f8f39e050397b159e81ed4f1b3.yaml b/nuclei-templates/cve-less/plugins/simple-job-board-020ad3f8f39e050397b159e81ed4f1b3.yaml new file mode 100644 index 0000000000..79853d8327 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-job-board-020ad3f8f39e050397b159e81ed4f1b3.yaml @@ -0,0 +1,58 @@ +id: simple-job-board-020ad3f8f39e050397b159e81ed4f1b3 + +info: + name: > + Simple Job Board <= 2.10.8 - Missing Authorization to Unauthenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-job-board/" + google-query: inurl:"/wp-content/plugins/simple-job-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-job-board,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-job-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-job-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-job-board-0fc41c225cd6f2ddbf5e247314d75c25.yaml b/nuclei-templates/cve-less/plugins/simple-job-board-0fc41c225cd6f2ddbf5e247314d75c25.yaml new file mode 100644 index 0000000000..fdbdfef226 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-job-board-0fc41c225cd6f2ddbf5e247314d75c25.yaml @@ -0,0 +1,58 @@ +id: simple-job-board-0fc41c225cd6f2ddbf5e247314d75c25 + +info: + name: > + Simple Job Board <= 2.9.3 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31f6032a-19f8-463b-9642-cba205069a22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-job-board/" + google-query: inurl:"/wp-content/plugins/simple-job-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-job-board,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-job-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-job-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-job-board-290105b1777b3869c2f6dcc0140c3419.yaml b/nuclei-templates/cve-less/plugins/simple-job-board-290105b1777b3869c2f6dcc0140c3419.yaml new file mode 100644 index 0000000000..a8c1b7f753 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-job-board-290105b1777b3869c2f6dcc0140c3419.yaml @@ -0,0 +1,58 @@ +id: simple-job-board-290105b1777b3869c2f6dcc0140c3419 + +info: + name: > + Simple Job Board <= 2.10.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2214264d-0f3e-455b-9420-c6a1e0d7562c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-job-board/" + google-query: inurl:"/wp-content/plugins/simple-job-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-job-board,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-job-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-job-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-job-board-38572faa042f019158c1451d2a7c5d7f.yaml b/nuclei-templates/cve-less/plugins/simple-job-board-38572faa042f019158c1451d2a7c5d7f.yaml new file mode 100644 index 0000000000..70af96acc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-job-board-38572faa042f019158c1451d2a7c5d7f.yaml @@ -0,0 +1,58 @@ +id: simple-job-board-38572faa042f019158c1451d2a7c5d7f + +info: + name: > + Simple Job Board <= 2.10.3 - Cross-Site Request Forgery via sjb_save_settings_section + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bbd528a-94fe-4979-b30f-02c6872db086?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-job-board/" + google-query: inurl:"/wp-content/plugins/simple-job-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-job-board,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-job-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-job-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-job-board-59d448dc5105924595fdd539b0bfe7c6.yaml b/nuclei-templates/cve-less/plugins/simple-job-board-59d448dc5105924595fdd539b0bfe7c6.yaml new file mode 100644 index 0000000000..810a59bc13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-job-board-59d448dc5105924595fdd539b0bfe7c6.yaml @@ -0,0 +1,58 @@ +id: simple-job-board-59d448dc5105924595fdd539b0bfe7c6 + +info: + name: > + Simple Job Board <= 2.11.0 - Unauthenticated PHP Object Injection via Job Application Fields + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89584034-4a93-42a6-8fef-55dc3895c45c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-job-board/" + google-query: inurl:"/wp-content/plugins/simple-job-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-job-board,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-job-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-job-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-job-board-661f3aae79018666cdd8577c9c2b3176.yaml b/nuclei-templates/cve-less/plugins/simple-job-board-661f3aae79018666cdd8577c9c2b3176.yaml new file mode 100644 index 0000000000..43fbf488be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-job-board-661f3aae79018666cdd8577c9c2b3176.yaml @@ -0,0 +1,58 @@ +id: simple-job-board-661f3aae79018666cdd8577c9c2b3176 + +info: + name: > + Simple Job Board <= 2.4.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/564a1631-fe33-40f6-a0eb-37868be07171?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-job-board/" + google-query: inurl:"/wp-content/plugins/simple-job-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-job-board,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-job-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-job-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-job-board-77686428a77d266ce22bfe59b8ab3fea.yaml b/nuclei-templates/cve-less/plugins/simple-job-board-77686428a77d266ce22bfe59b8ab3fea.yaml new file mode 100644 index 0000000000..fbcb541a3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-job-board-77686428a77d266ce22bfe59b8ab3fea.yaml @@ -0,0 +1,58 @@ +id: simple-job-board-77686428a77d266ce22bfe59b8ab3fea + +info: + name: > + Simple Job Board <= 2.9.4 Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37f3aca7-b728-4a27-9e08-bdc9ca2f8f0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-job-board/" + google-query: inurl:"/wp-content/plugins/simple-job-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-job-board,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-job-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-job-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-job-board-c2ff28d160f20eabee177d8a2b7b09d9.yaml b/nuclei-templates/cve-less/plugins/simple-job-board-c2ff28d160f20eabee177d8a2b7b09d9.yaml new file mode 100644 index 0000000000..4b2cd4eb78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-job-board-c2ff28d160f20eabee177d8a2b7b09d9.yaml @@ -0,0 +1,58 @@ +id: simple-job-board-c2ff28d160f20eabee177d8a2b7b09d9 + +info: + name: > + Simple Job Board <= 2.10.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/100b6786-7cad-4d65-b457-9beb179e293a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-job-board/" + google-query: inurl:"/wp-content/plugins/simple-job-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-job-board,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-job-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-job-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-job-board-d3e97b172914a58ea06088d46e467be0.yaml b/nuclei-templates/cve-less/plugins/simple-job-board-d3e97b172914a58ea06088d46e467be0.yaml new file mode 100644 index 0000000000..239cb537f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-job-board-d3e97b172914a58ea06088d46e467be0.yaml @@ -0,0 +1,58 @@ +id: simple-job-board-d3e97b172914a58ea06088d46e467be0 + +info: + name: > + Simple Job Board <= 2.9.6 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/838ccf02-2b01-42f8-b5bf-6fafbb2db673?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-job-board/" + google-query: inurl:"/wp-content/plugins/simple-job-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-job-board,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-job-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-job-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-jwt-login-3ada0767be249ce4ccbdfd9339b2ad7e.yaml b/nuclei-templates/cve-less/plugins/simple-jwt-login-3ada0767be249ce4ccbdfd9339b2ad7e.yaml new file mode 100644 index 0000000000..689598b4b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-jwt-login-3ada0767be249ce4ccbdfd9339b2ad7e.yaml @@ -0,0 +1,58 @@ +id: simple-jwt-login-3ada0767be249ce4ccbdfd9339b2ad7e + +info: + name: > + Simple JWT Login <= 3.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f89ba641-6c78-48d3-8826-96576198274f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-jwt-login/" + google-query: inurl:"/wp-content/plugins/simple-jwt-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-jwt-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-jwt-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-jwt-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-jwt-login-8fbdf0ef245a8769540801975b5c209f.yaml b/nuclei-templates/cve-less/plugins/simple-jwt-login-8fbdf0ef245a8769540801975b5c209f.yaml new file mode 100644 index 0000000000..0e927e18b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-jwt-login-8fbdf0ef245a8769540801975b5c209f.yaml @@ -0,0 +1,58 @@ +id: simple-jwt-login-8fbdf0ef245a8769540801975b5c209f + +info: + name: > + Simple JWT Login <= 3.2.1 - Insecure Password Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/defd82dd-bda0-4f0c-88cb-4db983953097?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-jwt-login/" + google-query: inurl:"/wp-content/plugins/simple-jwt-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-jwt-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-jwt-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-jwt-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-lightbox-gallery-e6650062a97ccf46abe2dbd6696321ce.yaml b/nuclei-templates/cve-less/plugins/simple-lightbox-gallery-e6650062a97ccf46abe2dbd6696321ce.yaml new file mode 100644 index 0000000000..4912dafea9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-lightbox-gallery-e6650062a97ccf46abe2dbd6696321ce.yaml @@ -0,0 +1,58 @@ +id: simple-lightbox-gallery-e6650062a97ccf46abe2dbd6696321ce + +info: + name: > + Lightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/540b2888-16fe-4791-8d08-f7772f71d511?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-lightbox-gallery/" + google-query: inurl:"/wp-content/plugins/simple-lightbox-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-lightbox-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-lightbox-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-lightbox-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-link-directory-79157f424e30fa185835500ed275b892.yaml b/nuclei-templates/cve-less/plugins/simple-link-directory-79157f424e30fa185835500ed275b892.yaml new file mode 100644 index 0000000000..a78745859f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-link-directory-79157f424e30fa185835500ed275b892.yaml @@ -0,0 +1,58 @@ +id: simple-link-directory-79157f424e30fa185835500ed275b892 + +info: + name: > + Simple Link Directory <= 7.7.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16bce38a-07fa-43b7-aacb-6c932c3d0987?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-link-directory/" + google-query: inurl:"/wp-content/plugins/simple-link-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-link-directory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-link-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-link-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-link-directory-7c915245e6d34ca005ac6f0296c41e2a.yaml b/nuclei-templates/cve-less/plugins/simple-link-directory-7c915245e6d34ca005ac6f0296c41e2a.yaml new file mode 100644 index 0000000000..713517005f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-link-directory-7c915245e6d34ca005ac6f0296c41e2a.yaml @@ -0,0 +1,58 @@ +id: simple-link-directory-7c915245e6d34ca005ac6f0296c41e2a + +info: + name: > + Simple Link Directory < 7.3.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7eda36e-7cdf-444f-82ce-561ba96cd0f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-link-directory/" + google-query: inurl:"/wp-content/plugins/simple-link-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-link-directory,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-link-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-link-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-local-avatars-39a5dd9e98d6f265b6feec05166e7c4e.yaml b/nuclei-templates/cve-less/plugins/simple-local-avatars-39a5dd9e98d6f265b6feec05166e7c4e.yaml new file mode 100644 index 0000000000..3f8a8fcf06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-local-avatars-39a5dd9e98d6f265b6feec05166e7c4e.yaml @@ -0,0 +1,58 @@ +id: simple-local-avatars-39a5dd9e98d6f265b6feec05166e7c4e + +info: + name: > + http-cache-semantics < 4.1.1 - Regular Expression Denial of Service (ReDoS) + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6092987-5f60-42ac-9636-e1e0a2c85147?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-local-avatars/" + google-query: inurl:"/wp-content/plugins/simple-local-avatars/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-local-avatars,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-local-avatars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-local-avatars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-local-avatars-bc55ea7b509124d1a77831d4400c5030.yaml b/nuclei-templates/cve-less/plugins/simple-local-avatars-bc55ea7b509124d1a77831d4400c5030.yaml new file mode 100644 index 0000000000..538063605c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-local-avatars-bc55ea7b509124d1a77831d4400c5030.yaml @@ -0,0 +1,58 @@ +id: simple-local-avatars-bc55ea7b509124d1a77831d4400c5030 + +info: + name: > + simple-git < 3.16.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46fdd494-8073-4a68-a4ab-1f5767011f67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-local-avatars/" + google-query: inurl:"/wp-content/plugins/simple-local-avatars/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-local-avatars,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-local-avatars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-local-avatars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-local-avatars-c3dca1d1ef3a946c9ddf3e33caa00021.yaml b/nuclei-templates/cve-less/plugins/simple-local-avatars-c3dca1d1ef3a946c9ddf3e33caa00021.yaml new file mode 100644 index 0000000000..5413a63569 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-local-avatars-c3dca1d1ef3a946c9ddf3e33caa00021.yaml @@ -0,0 +1,58 @@ +id: simple-local-avatars-c3dca1d1ef3a946c9ddf3e33caa00021 + +info: + name: > + terser (JS Package) < 5.14.2 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1c08c10-7358-4618-b892-7d222ba460de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-local-avatars/" + google-query: inurl:"/wp-content/plugins/simple-local-avatars/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-local-avatars,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-local-avatars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-local-avatars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-login-log-12a03041cb4314274c121ed3640d2d05.yaml b/nuclei-templates/cve-less/plugins/simple-login-log-12a03041cb4314274c121ed3640d2d05.yaml new file mode 100644 index 0000000000..8afd772eb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-login-log-12a03041cb4314274c121ed3640d2d05.yaml @@ -0,0 +1,58 @@ +id: simple-login-log-12a03041cb4314274c121ed3640d2d05 + +info: + name: > + Simple Login Log < 1.1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c741350a-e083-499c-992d-727f46ca57f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-login-log/" + google-query: inurl:"/wp-content/plugins/simple-login-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-login-log,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-login-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-login-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-login-log-dccb2fad351753e7b3f64d92b4c6eda7.yaml b/nuclei-templates/cve-less/plugins/simple-login-log-dccb2fad351753e7b3f64d92b4c6eda7.yaml new file mode 100644 index 0000000000..4bdabc47f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-login-log-dccb2fad351753e7b3f64d92b4c6eda7.yaml @@ -0,0 +1,58 @@ +id: simple-login-log-dccb2fad351753e7b3f64d92b4c6eda7 + +info: + name: > + Simple Login Log < 1.1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33680429-8a52-412b-ab61-d261801319a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-login-log/" + google-query: inurl:"/wp-content/plugins/simple-login-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-login-log,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-login-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-login-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-long-form-5a0364c13a90f16b0ef1e911c302d0f2.yaml b/nuclei-templates/cve-less/plugins/simple-long-form-5a0364c13a90f16b0ef1e911c302d0f2.yaml new file mode 100644 index 0000000000..6320ea4cad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-long-form-5a0364c13a90f16b0ef1e911c302d0f2.yaml @@ -0,0 +1,58 @@ +id: simple-long-form-5a0364c13a90f16b0ef1e911c302d0f2 + +info: + name: > + Simple Long Form <= 2.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68c22e71-c704-44c1-86e6-856f6244393d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-long-form/" + google-query: inurl:"/wp-content/plugins/simple-long-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-long-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-long-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-long-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-mail-address-encoder-af3f71c6cb2b4348d03bef1b2409408c.yaml b/nuclei-templates/cve-less/plugins/simple-mail-address-encoder-af3f71c6cb2b4348d03bef1b2409408c.yaml new file mode 100644 index 0000000000..d6dfa7bac9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-mail-address-encoder-af3f71c6cb2b4348d03bef1b2409408c.yaml @@ -0,0 +1,58 @@ +id: simple-mail-address-encoder-af3f71c6cb2b4348d03bef1b2409408c + +info: + name: > + Simple Mail Address Encoder < 1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ac68b80-31ce-4e61-b3ab-0f43cda64125?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-mail-address-encoder/" + google-query: inurl:"/wp-content/plugins/simple-mail-address-encoder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-mail-address-encoder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-mail-address-encoder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-mail-address-encoder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-matted-thumbnails-6c5121c72e7c9f744eb347ac328d000e.yaml b/nuclei-templates/cve-less/plugins/simple-matted-thumbnails-6c5121c72e7c9f744eb347ac328d000e.yaml new file mode 100644 index 0000000000..4805e0f622 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-matted-thumbnails-6c5121c72e7c9f744eb347ac328d000e.yaml @@ -0,0 +1,58 @@ +id: simple-matted-thumbnails-6c5121c72e7c9f744eb347ac328d000e + +info: + name: > + Simple Matted Thumbnails <= 1.01 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80098d80-79f5-4016-860a-15f7f608da29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-matted-thumbnails/" + google-query: inurl:"/wp-content/plugins/simple-matted-thumbnails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-matted-thumbnails,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-matted-thumbnails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-matted-thumbnails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-0e0241755c24b40325ed6519b8127a2f.yaml b/nuclei-templates/cve-less/plugins/simple-membership-0e0241755c24b40325ed6519b8127a2f.yaml new file mode 100644 index 0000000000..fb417f15a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-0e0241755c24b40325ed6519b8127a2f.yaml @@ -0,0 +1,58 @@ +id: simple-membership-0e0241755c24b40325ed6519b8127a2f + +info: + name: > + Simple Membership <= 4.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc322548-ffc9-4246-9835-fcc5705cef3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-127d546d7f94ec42c9601b4f8349bbdc.yaml b/nuclei-templates/cve-less/plugins/simple-membership-127d546d7f94ec42c9601b4f8349bbdc.yaml new file mode 100644 index 0000000000..68cd40e702 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-127d546d7f94ec42c9601b4f8349bbdc.yaml @@ -0,0 +1,58 @@ +id: simple-membership-127d546d7f94ec42c9601b4f8349bbdc + +info: + name: > + Simple Membership <= 4.0.8 - Cross-Site Request Forgery to Arbitrary Member Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70fa060f-11eb-4b51-b985-59421f44414e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-2f13e3a17e9723ee8fd643dcd4f4cb9b.yaml b/nuclei-templates/cve-less/plugins/simple-membership-2f13e3a17e9723ee8fd643dcd4f4cb9b.yaml new file mode 100644 index 0000000000..993fc14139 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-2f13e3a17e9723ee8fd643dcd4f4cb9b.yaml @@ -0,0 +1,58 @@ +id: simple-membership-2f13e3a17e9723ee8fd643dcd4f4cb9b + +info: + name: > + Simple Membership <= 4.3.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18fe9769-3681-4a5e-866a-640b4cc76199?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-3097ab413126701a31b2c663342da851.yaml b/nuclei-templates/cve-less/plugins/simple-membership-3097ab413126701a31b2c663342da851.yaml new file mode 100644 index 0000000000..9dc6d5ff40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-3097ab413126701a31b2c663342da851.yaml @@ -0,0 +1,58 @@ +id: simple-membership-3097ab413126701a31b2c663342da851 + +info: + name: > + Simple Membership <= 4.4.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63779ab7-ba8b-459d-beb3-a32faf8f4394?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-3586a3c704c10a9bba7bafa073bac863.yaml b/nuclei-templates/cve-less/plugins/simple-membership-3586a3c704c10a9bba7bafa073bac863.yaml new file mode 100644 index 0000000000..b4467928a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-3586a3c704c10a9bba7bafa073bac863.yaml @@ -0,0 +1,58 @@ +id: simple-membership-3586a3c704c10a9bba7bafa073bac863 + +info: + name: > + Simple Membership <= 4.1.2 - Membership Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/792282d1-5f43-4511-becc-9c5bb5ae513a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-3af100998fbed69cbdecde044b4ff026.yaml b/nuclei-templates/cve-less/plugins/simple-membership-3af100998fbed69cbdecde044b4ff026.yaml new file mode 100644 index 0000000000..504a5a1cad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-3af100998fbed69cbdecde044b4ff026.yaml @@ -0,0 +1,58 @@ +id: simple-membership-3af100998fbed69cbdecde044b4ff026 + +info: + name: > + Simple Membership <= 4.3.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b10172-7e54-4ff8-9fbb-41d160ce49e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-492d26185e3f340adae3b16a9841dc89.yaml b/nuclei-templates/cve-less/plugins/simple-membership-492d26185e3f340adae3b16a9841dc89.yaml new file mode 100644 index 0000000000..57a475b8dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-492d26185e3f340adae3b16a9841dc89.yaml @@ -0,0 +1,58 @@ +id: simple-membership-492d26185e3f340adae3b16a9841dc89 + +info: + name: > + Simple Membership <= 3.3.2 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f721aa1-d12f-4829-8e82-61f9af6a3519?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-4ad519606c4e4a0ac9ad3558c99fc1da.yaml b/nuclei-templates/cve-less/plugins/simple-membership-4ad519606c4e4a0ac9ad3558c99fc1da.yaml new file mode 100644 index 0000000000..0bfb2dc872 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-4ad519606c4e4a0ac9ad3558c99fc1da.yaml @@ -0,0 +1,58 @@ +id: simple-membership-4ad519606c4e4a0ac9ad3558c99fc1da + +info: + name: > + Simple Membership <= 3.8.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/839957ea-5186-4cce-971d-57eed84639d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-4ae0743589a43c31ae78715c1bb792c2.yaml b/nuclei-templates/cve-less/plugins/simple-membership-4ae0743589a43c31ae78715c1bb792c2.yaml new file mode 100644 index 0000000000..fbd6c957fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-4ae0743589a43c31ae78715c1bb792c2.yaml @@ -0,0 +1,58 @@ +id: simple-membership-4ae0743589a43c31ae78715c1bb792c2 + +info: + name: > + Simple Membership <= 4.2.1 - Authenticated (Contributor+) Cross Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7772c78e-3134-4855-ac4e-3520c584c2e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-59892014ec81eb27e2ab381aff54e186.yaml b/nuclei-templates/cve-less/plugins/simple-membership-59892014ec81eb27e2ab381aff54e186.yaml new file mode 100644 index 0000000000..2b9501172f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-59892014ec81eb27e2ab381aff54e186.yaml @@ -0,0 +1,58 @@ +id: simple-membership-59892014ec81eb27e2ab381aff54e186 + +info: + name: > + Simple Membership <= 4.4.2 - Unauthenticated Stored Self-Based Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a6ca886-de4c-4d45-a934-3e90378e7eb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-74e01ccc109391de849c5a0cd8cc8167.yaml b/nuclei-templates/cve-less/plugins/simple-membership-74e01ccc109391de849c5a0cd8cc8167.yaml new file mode 100644 index 0000000000..21c2a97531 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-74e01ccc109391de849c5a0cd8cc8167.yaml @@ -0,0 +1,58 @@ +id: simple-membership-74e01ccc109391de849c5a0cd8cc8167 + +info: + name: > + Simple Membership <= 4.3.8 - Reflected Cross-Site Scripting Vulnerability via environment_mode + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/366165fe-93e5-49ab-b2e5-1de624f22286?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-85baf9c84f251fb6b49e11a866b547fb.yaml b/nuclei-templates/cve-less/plugins/simple-membership-85baf9c84f251fb6b49e11a866b547fb.yaml new file mode 100644 index 0000000000..c84e64862a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-85baf9c84f251fb6b49e11a866b547fb.yaml @@ -0,0 +1,58 @@ +id: simple-membership-85baf9c84f251fb6b49e11a866b547fb + +info: + name: > + Simple Membership <= 4.3.4 - Privilege escalation via Registration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cff7dc5-23e1-424c-923b-68eef49dec6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-a905027b9d2ec38752ee2efe0b3dd4df.yaml b/nuclei-templates/cve-less/plugins/simple-membership-a905027b9d2ec38752ee2efe0b3dd4df.yaml new file mode 100644 index 0000000000..27cff24519 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-a905027b9d2ec38752ee2efe0b3dd4df.yaml @@ -0,0 +1,58 @@ +id: simple-membership-a905027b9d2ec38752ee2efe0b3dd4df + +info: + name: > + Simple Membership <= 4.0.9 - Cross-Site Request Forgery to Arbitrary Transaction Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7aa6da4d-7221-4878-8532-5372227f906a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-c287a1ab95bf7ac0c8652093f1dad2f5.yaml b/nuclei-templates/cve-less/plugins/simple-membership-c287a1ab95bf7ac0c8652093f1dad2f5.yaml new file mode 100644 index 0000000000..565a439f6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-c287a1ab95bf7ac0c8652093f1dad2f5.yaml @@ -0,0 +1,58 @@ +id: simple-membership-c287a1ab95bf7ac0c8652093f1dad2f5 + +info: + name: > + Simple Membership <= 4.4.1 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0086de8-448f-452f-89d1-84b77b2e25a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-d6d556bb2d97483e57922ab9c509f981.yaml b/nuclei-templates/cve-less/plugins/simple-membership-d6d556bb2d97483e57922ab9c509f981.yaml new file mode 100644 index 0000000000..5b9bcf8e56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-d6d556bb2d97483e57922ab9c509f981.yaml @@ -0,0 +1,58 @@ +id: simple-membership-d6d556bb2d97483e57922ab9c509f981 + +info: + name: > + Simple Membership <= 4.1.2 - Membership Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/284eafb9-94bc-4478-abff-f7dafd510a1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-d87695af989823f3f60bb3499466b104.yaml b/nuclei-templates/cve-less/plugins/simple-membership-d87695af989823f3f60bb3499466b104.yaml new file mode 100644 index 0000000000..1dc97f16c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-d87695af989823f3f60bb3499466b104.yaml @@ -0,0 +1,58 @@ +id: simple-membership-d87695af989823f3f60bb3499466b104 + +info: + name: > + Simple Membership <= 3.5.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfd3f0e3-e73e-4ec2-ac67-da1cc15aa217?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-e1512d94164bf44f71f33d2c22c01840.yaml b/nuclei-templates/cve-less/plugins/simple-membership-e1512d94164bf44f71f33d2c22c01840.yaml new file mode 100644 index 0000000000..e39a14cb80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-e1512d94164bf44f71f33d2c22c01840.yaml @@ -0,0 +1,58 @@ +id: simple-membership-e1512d94164bf44f71f33d2c22c01840 + +info: + name: > + Simple Membership <= 4.4.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56fdbf80-8ea2-412a-b166-b7c27de88e70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-ee68d2b7440e6b2e6fe5023cb49039df.yaml b/nuclei-templates/cve-less/plugins/simple-membership-ee68d2b7440e6b2e6fe5023cb49039df.yaml new file mode 100644 index 0000000000..4517b13d51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-ee68d2b7440e6b2e6fe5023cb49039df.yaml @@ -0,0 +1,58 @@ +id: simple-membership-ee68d2b7440e6b2e6fe5023cb49039df + +info: + name: > + Simple Membership <= 4.3.4 - Account Takeover via Password Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e53bb240-8784-4d34-8d3f-4a7af917f3f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership/" + google-query: inurl:"/wp-content/plugins/simple-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-membership-wp-user-import-c2be66a7e8a99421d368476b2dea75ed.yaml b/nuclei-templates/cve-less/plugins/simple-membership-wp-user-import-c2be66a7e8a99421d368476b2dea75ed.yaml new file mode 100644 index 0000000000..971fccf3a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-membership-wp-user-import-c2be66a7e8a99421d368476b2dea75ed.yaml @@ -0,0 +1,58 @@ +id: simple-membership-wp-user-import-c2be66a7e8a99421d368476b2dea75ed + +info: + name: > + Simple Membership WP user Import <= 1.7 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f781533-b633-4452-95bd-c32ed0de2ea9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-membership-wp-user-import/" + google-query: inurl:"/wp-content/plugins/simple-membership-wp-user-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-membership-wp-user-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-membership-wp-user-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-membership-wp-user-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-mobile-url-redirect-8476462746ebfeabed27484bda97b80c.yaml b/nuclei-templates/cve-less/plugins/simple-mobile-url-redirect-8476462746ebfeabed27484bda97b80c.yaml new file mode 100644 index 0000000000..42b553fdcd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-mobile-url-redirect-8476462746ebfeabed27484bda97b80c.yaml @@ -0,0 +1,58 @@ +id: simple-mobile-url-redirect-8476462746ebfeabed27484bda97b80c + +info: + name: > + Simple Mobile URL Redirect <= 1.7.2 - Cross-Site Request Forgery leading to Mobile Redirect Updates + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be8dcff9-1626-4919-b297-c423891f3d02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-mobile-url-redirect/" + google-query: inurl:"/wp-content/plugins/simple-mobile-url-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-mobile-url-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-mobile-url-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-mobile-url-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-org-chart-5ed062a5fc9035bd7e1a852f98a93b1f.yaml b/nuclei-templates/cve-less/plugins/simple-org-chart-5ed062a5fc9035bd7e1a852f98a93b1f.yaml new file mode 100644 index 0000000000..a4c1091be3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-org-chart-5ed062a5fc9035bd7e1a852f98a93b1f.yaml @@ -0,0 +1,58 @@ +id: simple-org-chart-5ed062a5fc9035bd7e1a852f98a93b1f + +info: + name: > + Simple Org Chart <= 2.3.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d413350-f520-4dd9-af7d-e776628aef1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-org-chart/" + google-query: inurl:"/wp-content/plugins/simple-org-chart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-org-chart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-org-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-org-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-org-chart-7a420ee74601bcf08094df0c89e9ad5e.yaml b/nuclei-templates/cve-less/plugins/simple-org-chart-7a420ee74601bcf08094df0c89e9ad5e.yaml new file mode 100644 index 0000000000..47549a25d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-org-chart-7a420ee74601bcf08094df0c89e9ad5e.yaml @@ -0,0 +1,58 @@ +id: simple-org-chart-7a420ee74601bcf08094df0c89e9ad5e + +info: + name: > + Simple Org Chart <= 2.3.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c674ec32-7959-414a-8c31-3455bebb47bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-org-chart/" + google-query: inurl:"/wp-content/plugins/simple-org-chart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-org-chart,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-org-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-org-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-page-access-restriction-f4f0364b52b62c50c67321424bfe5d46.yaml b/nuclei-templates/cve-less/plugins/simple-page-access-restriction-f4f0364b52b62c50c67321424bfe5d46.yaml new file mode 100644 index 0000000000..b9a1ce82a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-page-access-restriction-f4f0364b52b62c50c67321424bfe5d46.yaml @@ -0,0 +1,58 @@ +id: simple-page-access-restriction-f4f0364b52b62c50c67321424bfe5d46 + +info: + name: > + Simple Page Access Restriction <= 1.0.21 - Improper Access Control to Sensitive Information Exposure via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-page-access-restriction/" + google-query: inurl:"/wp-content/plugins/simple-page-access-restriction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-page-access-restriction,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-page-access-restriction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-page-access-restriction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-page-ordering-05c2167f7f1f78fa58c980d418931b2c.yaml b/nuclei-templates/cve-less/plugins/simple-page-ordering-05c2167f7f1f78fa58c980d418931b2c.yaml new file mode 100644 index 0000000000..2d6c6a58fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-page-ordering-05c2167f7f1f78fa58c980d418931b2c.yaml @@ -0,0 +1,58 @@ +id: simple-page-ordering-05c2167f7f1f78fa58c980d418931b2c + +info: + name: > + got (JS Package) <= 11.8.4 and 12.0-<12.1.0 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47681954-37ed-493b-b4da-9e9032e561b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-page-ordering/" + google-query: inurl:"/wp-content/plugins/simple-page-ordering/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-page-ordering,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-page-ordering/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-page-ordering" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-page-ordering-1951707b594e6f4a4e8e4243b43c9841.yaml b/nuclei-templates/cve-less/plugins/simple-page-ordering-1951707b594e6f4a4e8e4243b43c9841.yaml new file mode 100644 index 0000000000..932a8965b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-page-ordering-1951707b594e6f4a4e8e4243b43c9841.yaml @@ -0,0 +1,58 @@ +id: simple-page-ordering-1951707b594e6f4a4e8e4243b43c9841 + +info: + name: > + loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb93138-f2f9-4a3f-a0a2-d79a315c44f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-page-ordering/" + google-query: inurl:"/wp-content/plugins/simple-page-ordering/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-page-ordering,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-page-ordering/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-page-ordering" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-page-ordering-4ae509b53172b618cff3a0afd6c091e5.yaml b/nuclei-templates/cve-less/plugins/simple-page-ordering-4ae509b53172b618cff3a0afd6c091e5.yaml new file mode 100644 index 0000000000..7eefc1d961 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-page-ordering-4ae509b53172b618cff3a0afd6c091e5.yaml @@ -0,0 +1,58 @@ +id: simple-page-ordering-4ae509b53172b618cff3a0afd6c091e5 + +info: + name: > + Simple Page Ordering <= 2.5.0 - Missing Authorization to Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77d8d29b-b730-46be-a354-7abfa83ac664?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-page-ordering/" + google-query: inurl:"/wp-content/plugins/simple-page-ordering/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-page-ordering,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-page-ordering/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-page-ordering" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-page-ordering-bd26ccd939104e13f73f569b312459d6.yaml b/nuclei-templates/cve-less/plugins/simple-page-ordering-bd26ccd939104e13f73f569b312459d6.yaml new file mode 100644 index 0000000000..37e4fe82e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-page-ordering-bd26ccd939104e13f73f569b312459d6.yaml @@ -0,0 +1,58 @@ +id: simple-page-ordering-bd26ccd939104e13f73f569b312459d6 + +info: + name: > + loader-utils (JS package) < 3.2.1 - Regular Expression Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2954a007-37ac-4811-a258-b3fdd738043f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-page-ordering/" + google-query: inurl:"/wp-content/plugins/simple-page-ordering/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-page-ordering,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-page-ordering/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-page-ordering" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-page-transition-e261c5a60aee7d653735874a5f24eea5.yaml b/nuclei-templates/cve-less/plugins/simple-page-transition-e261c5a60aee7d653735874a5f24eea5.yaml new file mode 100644 index 0000000000..c79e9bec40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-page-transition-e261c5a60aee7d653735874a5f24eea5.yaml @@ -0,0 +1,58 @@ +id: simple-page-transition-e261c5a60aee7d653735874a5f24eea5 + +info: + name: > + Simple Page Transition <= 1.4.1 - Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3931b201-037d-4c4f-8e40-098c6c1251b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-page-transition/" + google-query: inurl:"/wp-content/plugins/simple-page-transition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-page-transition,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-page-transition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-page-transition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-pdf-viewer-03f092a688a4fa72580d80fe6ada5bb3.yaml b/nuclei-templates/cve-less/plugins/simple-pdf-viewer-03f092a688a4fa72580d80fe6ada5bb3.yaml new file mode 100644 index 0000000000..74b587cfb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-pdf-viewer-03f092a688a4fa72580d80fe6ada5bb3.yaml @@ -0,0 +1,58 @@ +id: simple-pdf-viewer-03f092a688a4fa72580d80fe6ada5bb3 + +info: + name: > + Simple PDF Viewer <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via googlepdf Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89bc17fd-14e8-4210-8cf7-a043d1ea9c22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-pdf-viewer/" + google-query: inurl:"/wp-content/plugins/simple-pdf-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-pdf-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-pdf-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-pdf-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-photo-gallery-8c2e6071ee4d4b147b6cf4ef074e12d8.yaml b/nuclei-templates/cve-less/plugins/simple-photo-gallery-8c2e6071ee4d4b147b6cf4ef074e12d8.yaml new file mode 100644 index 0000000000..2fc85f4ac3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-photo-gallery-8c2e6071ee4d4b147b6cf4ef074e12d8.yaml @@ -0,0 +1,58 @@ +id: simple-photo-gallery-8c2e6071ee4d4b147b6cf4ef074e12d8 + +info: + name: > + Simple Photo Gallery <= 1.8.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13c03af2-0bd8-4e81-8ae9-2d702da71fc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-photo-gallery/" + google-query: inurl:"/wp-content/plugins/simple-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-photo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-podcasting-05c2167f7f1f78fa58c980d418931b2c.yaml b/nuclei-templates/cve-less/plugins/simple-podcasting-05c2167f7f1f78fa58c980d418931b2c.yaml new file mode 100644 index 0000000000..f105e4a8bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-podcasting-05c2167f7f1f78fa58c980d418931b2c.yaml @@ -0,0 +1,58 @@ +id: simple-podcasting-05c2167f7f1f78fa58c980d418931b2c + +info: + name: > + got (JS Package) <= 11.8.4 and 12.0-<12.1.0 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47681954-37ed-493b-b4da-9e9032e561b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-podcasting/" + google-query: inurl:"/wp-content/plugins/simple-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-podcasting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-podcasting-48cf291038d407d0c14437de80bf836d.yaml b/nuclei-templates/cve-less/plugins/simple-podcasting-48cf291038d407d0c14437de80bf836d.yaml new file mode 100644 index 0000000000..de7df06873 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-podcasting-48cf291038d407d0c14437de80bf836d.yaml @@ -0,0 +1,58 @@ +id: simple-podcasting-48cf291038d407d0c14437de80bf836d + +info: + name: > + json5 <= 1.0.1 and 2.0.0-2.2.1 - Prototype Pollution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d5fad17-3b28-4f99-9508-f807cb06cfe5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-podcasting/" + google-query: inurl:"/wp-content/plugins/simple-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-podcasting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-podcasting-73081b1f6f4e13a9e6e969eba5e746fc.yaml b/nuclei-templates/cve-less/plugins/simple-podcasting-73081b1f6f4e13a9e6e969eba5e746fc.yaml new file mode 100644 index 0000000000..d6979be4e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-podcasting-73081b1f6f4e13a9e6e969eba5e746fc.yaml @@ -0,0 +1,58 @@ +id: simple-podcasting-73081b1f6f4e13a9e6e969eba5e746fc + +info: + name: > + simple-git < 3.15.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c747e6f-31fc-41b0-ba62-f009b5483696?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-podcasting/" + google-query: inurl:"/wp-content/plugins/simple-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-podcasting,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-podcasting-bc55ea7b509124d1a77831d4400c5030.yaml b/nuclei-templates/cve-less/plugins/simple-podcasting-bc55ea7b509124d1a77831d4400c5030.yaml new file mode 100644 index 0000000000..8375ad3ee2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-podcasting-bc55ea7b509124d1a77831d4400c5030.yaml @@ -0,0 +1,58 @@ +id: simple-podcasting-bc55ea7b509124d1a77831d4400c5030 + +info: + name: > + simple-git < 3.16.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46fdd494-8073-4a68-a4ab-1f5767011f67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-podcasting/" + google-query: inurl:"/wp-content/plugins/simple-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-podcasting,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-podcasting-c3dca1d1ef3a946c9ddf3e33caa00021.yaml b/nuclei-templates/cve-less/plugins/simple-podcasting-c3dca1d1ef3a946c9ddf3e33caa00021.yaml new file mode 100644 index 0000000000..dfec196571 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-podcasting-c3dca1d1ef3a946c9ddf3e33caa00021.yaml @@ -0,0 +1,58 @@ +id: simple-podcasting-c3dca1d1ef3a946c9ddf3e33caa00021 + +info: + name: > + terser (JS Package) < 5.14.2 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1c08c10-7358-4618-b892-7d222ba460de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-podcasting/" + google-query: inurl:"/wp-content/plugins/simple-podcasting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-podcasting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-podcasting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-podcasting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-popup-8a828053bf646bd38f0facf7c997017f.yaml b/nuclei-templates/cve-less/plugins/simple-popup-8a828053bf646bd38f0facf7c997017f.yaml new file mode 100644 index 0000000000..dff3f30b74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-popup-8a828053bf646bd38f0facf7c997017f.yaml @@ -0,0 +1,58 @@ +id: simple-popup-8a828053bf646bd38f0facf7c997017f + +info: + name: > + Simple Popup Images <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18c0ecc5-b3e2-4ac0-b901-dae397e2d57c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-popup/" + google-query: inurl:"/wp-content/plugins/simple-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-popup-images-37440742787d9f260ab4813dfe2d7c5e.yaml b/nuclei-templates/cve-less/plugins/simple-popup-images-37440742787d9f260ab4813dfe2d7c5e.yaml new file mode 100644 index 0000000000..52abb6d9e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-popup-images-37440742787d9f260ab4813dfe2d7c5e.yaml @@ -0,0 +1,58 @@ +id: simple-popup-images-37440742787d9f260ab4813dfe2d7c5e + +info: + name: > + Simple Popup Images <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15c35ed2-a614-4cac-8a2e-b1a2417919d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-popup-images/" + google-query: inurl:"/wp-content/plugins/simple-popup-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-popup-images,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-popup-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-popup-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-popup-newsletter-eb9f0a8e4e92fb7cae75094dbbc288ce.yaml b/nuclei-templates/cve-less/plugins/simple-popup-newsletter-eb9f0a8e4e92fb7cae75094dbbc288ce.yaml new file mode 100644 index 0000000000..4c68c89eca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-popup-newsletter-eb9f0a8e4e92fb7cae75094dbbc288ce.yaml @@ -0,0 +1,58 @@ +id: simple-popup-newsletter-eb9f0a8e4e92fb7cae75094dbbc288ce + +info: + name: > + Simple Popup Newsletter <= 1.4.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15655362-b77f-4ba4-a823-17085de55f85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-popup-newsletter/" + google-query: inurl:"/wp-content/plugins/simple-popup-newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-popup-newsletter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-popup-newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-popup-newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-portfolio-gallery-ace70e46c2c11dce25895020e8f9ce37.yaml b/nuclei-templates/cve-less/plugins/simple-portfolio-gallery-ace70e46c2c11dce25895020e8f9ce37.yaml new file mode 100644 index 0000000000..6264aead4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-portfolio-gallery-ace70e46c2c11dce25895020e8f9ce37.yaml @@ -0,0 +1,58 @@ +id: simple-portfolio-gallery-ace70e46c2c11dce25895020e8f9ce37 + +info: + name: > + Simple Portfolio Gallery <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46d65fed-cb21-46e1-bafe-eda11c25a467?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-portfolio-gallery/" + google-query: inurl:"/wp-content/plugins/simple-portfolio-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-portfolio-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-portfolio-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-portfolio-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-post-79a115d0225d5e6109d2bfb5d804fc26.yaml b/nuclei-templates/cve-less/plugins/simple-post-79a115d0225d5e6109d2bfb5d804fc26.yaml new file mode 100644 index 0000000000..ba5c16a6e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-post-79a115d0225d5e6109d2bfb5d804fc26.yaml @@ -0,0 +1,58 @@ +id: simple-post-79a115d0225d5e6109d2bfb5d804fc26 + +info: + name: > + Simple Post <= 1.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/334ecb1e-027c-4a0f-88cb-34b02482f097?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-post/" + google-query: inurl:"/wp-content/plugins/simple-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-post,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-post-gallery-dd18adf97d60be295e46212698edf568.yaml b/nuclei-templates/cve-less/plugins/simple-post-gallery-dd18adf97d60be295e46212698edf568.yaml new file mode 100644 index 0000000000..bcfd6728b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-post-gallery-dd18adf97d60be295e46212698edf568.yaml @@ -0,0 +1,58 @@ +id: simple-post-gallery-dd18adf97d60be295e46212698edf568 + +info: + name: > + Post Gallery <= 2.3.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ac31c39-abbc-427f-aba3-d9ec3b51c4d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-post-gallery/" + google-query: inurl:"/wp-content/plugins/simple-post-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-post-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-post-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-post-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-post-notes-ae1d09ace0c5a27260a5b15fa0f15e71.yaml b/nuclei-templates/cve-less/plugins/simple-post-notes-ae1d09ace0c5a27260a5b15fa0f15e71.yaml new file mode 100644 index 0000000000..6be8539649 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-post-notes-ae1d09ace0c5a27260a5b15fa0f15e71.yaml @@ -0,0 +1,58 @@ +id: simple-post-notes-ae1d09ace0c5a27260a5b15fa0f15e71 + +info: + name: > + Simple Post Notes <= 1.7.5 - Subscriber+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8260a74a-e338-42f6-ad9d-cb30f1a9bc86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-post-notes/" + google-query: inurl:"/wp-content/plugins/simple-post-notes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-post-notes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-post-notes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-post-notes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-post-notes-fe9aa9fc4f7853d3cc97f567a43935dd.yaml b/nuclei-templates/cve-less/plugins/simple-post-notes-fe9aa9fc4f7853d3cc97f567a43935dd.yaml new file mode 100644 index 0000000000..22c18e0a77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-post-notes-fe9aa9fc4f7853d3cc97f567a43935dd.yaml @@ -0,0 +1,58 @@ +id: simple-post-notes-fe9aa9fc4f7853d3cc97f567a43935dd + +info: + name: > + Simple Post Notes <= 1.7.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a7bb428-dd65-47f7-aaf6-ecdad4ae3049?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-post-notes/" + google-query: inurl:"/wp-content/plugins/simple-post-notes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-post-notes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-post-notes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-post-notes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-post-thumbnails-a4aa366f217005e74322ff2bf7a0e182.yaml b/nuclei-templates/cve-less/plugins/simple-post-thumbnails-a4aa366f217005e74322ff2bf7a0e182.yaml new file mode 100644 index 0000000000..3b0db8293d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-post-thumbnails-a4aa366f217005e74322ff2bf7a0e182.yaml @@ -0,0 +1,58 @@ +id: simple-post-thumbnails-a4aa366f217005e74322ff2bf7a0e182 + +info: + name: > + TimThumb <= 1.33 - Remote File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e062c794-1ab7-4d44-95da-40cd401f3a37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-post-thumbnails/" + google-query: inurl:"/wp-content/plugins/simple-post-thumbnails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-post-thumbnails,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-post-thumbnails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-post-thumbnails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-posts-ticker-9431aa52549a30a720033bb06c5049ca.yaml b/nuclei-templates/cve-less/plugins/simple-posts-ticker-9431aa52549a30a720033bb06c5049ca.yaml new file mode 100644 index 0000000000..82dd9b5fe8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-posts-ticker-9431aa52549a30a720033bb06c5049ca.yaml @@ -0,0 +1,58 @@ +id: simple-posts-ticker-9431aa52549a30a720033bb06c5049ca + +info: + name: > + Simple Posts Ticker <= 1.1.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec1ffc70-fc0c-4c25-926c-e78e0f206d2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-posts-ticker/" + google-query: inurl:"/wp-content/plugins/simple-posts-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-posts-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-posts-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-posts-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-posts-ticker-f09df8170b914522627f58aeacdfb8a8.yaml b/nuclei-templates/cve-less/plugins/simple-posts-ticker-f09df8170b914522627f58aeacdfb8a8.yaml new file mode 100644 index 0000000000..c3d0b9077e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-posts-ticker-f09df8170b914522627f58aeacdfb8a8.yaml @@ -0,0 +1,58 @@ +id: simple-posts-ticker-f09df8170b914522627f58aeacdfb8a8 + +info: + name: > + Simple Posts Ticker <= 1.1.5 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ac2c929-2188-4818-880d-8793984e8df1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-posts-ticker/" + google-query: inurl:"/wp-content/plugins/simple-posts-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-posts-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-posts-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-posts-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-quotation-2ccafd0bfa63eb3f14f0d41c56ae0ce0.yaml b/nuclei-templates/cve-less/plugins/simple-quotation-2ccafd0bfa63eb3f14f0d41c56ae0ce0.yaml new file mode 100644 index 0000000000..fb5eed50c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-quotation-2ccafd0bfa63eb3f14f0d41c56ae0ce0.yaml @@ -0,0 +1,58 @@ +id: simple-quotation-2ccafd0bfa63eb3f14f0d41c56ae0ce0 + +info: + name: > + Simple Quotation <= 1.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c621e57e-8483-4dde-9c83-cc4522f92c1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-quotation/" + google-query: inurl:"/wp-content/plugins/simple-quotation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-quotation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-quotation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-quotation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-quotation-64c2c780c319f550380bf0e9ebd98976.yaml b/nuclei-templates/cve-less/plugins/simple-quotation-64c2c780c319f550380bf0e9ebd98976.yaml new file mode 100644 index 0000000000..4276ef0cfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-quotation-64c2c780c319f550380bf0e9ebd98976.yaml @@ -0,0 +1,58 @@ +id: simple-quotation-64c2c780c319f550380bf0e9ebd98976 + +info: + name: > + Simple Quotation <= 1.3.2 - SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/225123aa-1ef9-4431-b4b1-b5ac5e034ef4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-quotation/" + google-query: inurl:"/wp-content/plugins/simple-quotation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-quotation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-quotation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-quotation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-real-estate-pack-4-b3837018bee9dc0f25b1197bd329be87.yaml b/nuclei-templates/cve-less/plugins/simple-real-estate-pack-4-b3837018bee9dc0f25b1197bd329be87.yaml new file mode 100644 index 0000000000..01e044399a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-real-estate-pack-4-b3837018bee9dc0f25b1197bd329be87.yaml @@ -0,0 +1,58 @@ +id: simple-real-estate-pack-4-b3837018bee9dc0f25b1197bd329be87 + +info: + name: > + Simple Real Estate Pack <= 1.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee95976d-6454-466b-96b3-7c33ccc03d41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-real-estate-pack-4/" + google-query: inurl:"/wp-content/plugins/simple-real-estate-pack-4/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-real-estate-pack-4,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-real-estate-pack-4/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-real-estate-pack-4" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-responsive-image-gallery-0be4bbe081fe5b1039259f84286874e7.yaml b/nuclei-templates/cve-less/plugins/simple-responsive-image-gallery-0be4bbe081fe5b1039259f84286874e7.yaml new file mode 100644 index 0000000000..a0636ff98a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-responsive-image-gallery-0be4bbe081fe5b1039259f84286874e7.yaml @@ -0,0 +1,58 @@ +id: simple-responsive-image-gallery-0be4bbe081fe5b1039259f84286874e7 + +info: + name: > + Simple Image Gallery <= 1.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2805267e-fd07-4bb2-b2e5-7c90c667097e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-responsive-image-gallery/" + google-query: inurl:"/wp-content/plugins/simple-responsive-image-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-responsive-image-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-responsive-image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-responsive-image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-restrict-aa5a6a671fb5da473aaf8781afbfa3bd.yaml b/nuclei-templates/cve-less/plugins/simple-restrict-aa5a6a671fb5da473aaf8781afbfa3bd.yaml new file mode 100644 index 0000000000..3340788688 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-restrict-aa5a6a671fb5da473aaf8781afbfa3bd.yaml @@ -0,0 +1,58 @@ +id: simple-restrict-aa5a6a671fb5da473aaf8781afbfa3bd + +info: + name: > + Simple Restrict <= 1.2.6 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65963ce0-6589-4753-837c-14ef37a1a9e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-restrict/" + google-query: inurl:"/wp-content/plugins/simple-restrict/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-restrict,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-restrict/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-restrict" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-retail-menus-ff68da2306359b7fb7d2ec7bcba42c9a.yaml b/nuclei-templates/cve-less/plugins/simple-retail-menus-ff68da2306359b7fb7d2ec7bcba42c9a.yaml new file mode 100644 index 0000000000..9be9e26a27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-retail-menus-ff68da2306359b7fb7d2ec7bcba42c9a.yaml @@ -0,0 +1,58 @@ +id: simple-retail-menus-ff68da2306359b7fb7d2ec7bcba42c9a + +info: + name: > + Simple Retail Menus <= 4.0.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11c369eb-7e5b-4fcf-a526-23466ebad420?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-retail-menus/" + google-query: inurl:"/wp-content/plugins/simple-retail-menus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-retail-menus,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-retail-menus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-retail-menus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-revisions-delete-e8203a29d9dd8569fe66a5c0b614fae4.yaml b/nuclei-templates/cve-less/plugins/simple-revisions-delete-e8203a29d9dd8569fe66a5c0b614fae4.yaml new file mode 100644 index 0000000000..77495e9296 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-revisions-delete-e8203a29d9dd8569fe66a5c0b614fae4.yaml @@ -0,0 +1,58 @@ +id: simple-revisions-delete-e8203a29d9dd8569fe66a5c0b614fae4 + +info: + name: > + Simple Revisions Delete <= 1.5.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50212e01-4055-4e63-8cf2-6ee434f46604?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-revisions-delete/" + google-query: inurl:"/wp-content/plugins/simple-revisions-delete/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-revisions-delete,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-revisions-delete/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-revisions-delete" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-schools-staff-directory-9d4cfba6200e394cef32d487f65ab9e2.yaml b/nuclei-templates/cve-less/plugins/simple-schools-staff-directory-9d4cfba6200e394cef32d487f65ab9e2.yaml new file mode 100644 index 0000000000..812fc47186 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-schools-staff-directory-9d4cfba6200e394cef32d487f65ab9e2.yaml @@ -0,0 +1,58 @@ +id: simple-schools-staff-directory-9d4cfba6200e394cef32d487f65ab9e2 + +info: + name: > + Simple Schools Staff Directory <= 1.1 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7adebd83-8186-402a-8327-c7f9c009ed62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-schools-staff-directory/" + google-query: inurl:"/wp-content/plugins/simple-schools-staff-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-schools-staff-directory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-schools-staff-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-schools-staff-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-security-2c08e7ca2855464050481f48ae1d114f.yaml b/nuclei-templates/cve-less/plugins/simple-security-2c08e7ca2855464050481f48ae1d114f.yaml new file mode 100644 index 0000000000..31301c41da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-security-2c08e7ca2855464050481f48ae1d114f.yaml @@ -0,0 +1,58 @@ +id: simple-security-2c08e7ca2855464050481f48ae1d114f + +info: + name: > + Simple Security <= 1.1.5 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b346ae7-e3aa-4728-8dd9-e77fc388576e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-security/" + google-query: inurl:"/wp-content/plugins/simple-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-0e06afa272317d9b882c9a62ae6109b4.yaml b/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-0e06afa272317d9b882c9a62ae6109b4.yaml new file mode 100644 index 0000000000..e7bd5aee74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-0e06afa272317d9b882c9a62ae6109b4.yaml @@ -0,0 +1,58 @@ +id: simple-share-buttons-adder-0e06afa272317d9b882c9a62ae6109b4 + +info: + name: > + Simple Share Buttons Adder <= 8.4.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e57bfae5-4cc0-4d97-9431-4c8ebb2f0882?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-share-buttons-adder/" + google-query: inurl:"/wp-content/plugins/simple-share-buttons-adder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-share-buttons-adder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-share-buttons-adder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-share-buttons-adder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-6b9a4af9881f034177e75898019a5215.yaml b/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-6b9a4af9881f034177e75898019a5215.yaml new file mode 100644 index 0000000000..229167b025 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-6b9a4af9881f034177e75898019a5215.yaml @@ -0,0 +1,58 @@ +id: simple-share-buttons-adder-6b9a4af9881f034177e75898019a5215 + +info: + name: > + Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/099b2244-1371-4418-b5ef-b28ac030dedd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-share-buttons-adder/" + google-query: inurl:"/wp-content/plugins/simple-share-buttons-adder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-share-buttons-adder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-share-buttons-adder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-share-buttons-adder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-934f2b643137558d27d763ac97da6357.yaml b/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-934f2b643137558d27d763ac97da6357.yaml new file mode 100644 index 0000000000..0bebf6a9a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-934f2b643137558d27d763ac97da6357.yaml @@ -0,0 +1,58 @@ +id: simple-share-buttons-adder-934f2b643137558d27d763ac97da6357 + +info: + name: > + Simple Share Buttons Adder <= 4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b37e6b44-810a-49c8-8903-30a9e228027d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-share-buttons-adder/" + google-query: inurl:"/wp-content/plugins/simple-share-buttons-adder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-share-buttons-adder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-share-buttons-adder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-share-buttons-adder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-ce6741d54beed2d67ba4497c046c28fc.yaml b/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-ce6741d54beed2d67ba4497c046c28fc.yaml new file mode 100644 index 0000000000..4e263bc7ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-share-buttons-adder-ce6741d54beed2d67ba4497c046c28fc.yaml @@ -0,0 +1,58 @@ +id: simple-share-buttons-adder-ce6741d54beed2d67ba4497c046c28fc + +info: + name: > + Simple Share Buttons Adder <= 8.4.11 - Authenticated(Administrator+) Stored Cross-Site Scripting via CSS Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93ab9f1a-26ce-466a-a5d3-d2046ec8f94d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-share-buttons-adder/" + google-query: inurl:"/wp-content/plugins/simple-share-buttons-adder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-share-buttons-adder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-share-buttons-adder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-share-buttons-adder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-shipping-edd-c110f3311248c25cc2e6e53a20d9f8d7.yaml b/nuclei-templates/cve-less/plugins/simple-shipping-edd-c110f3311248c25cc2e6e53a20d9f8d7.yaml new file mode 100644 index 0000000000..260c795d3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-shipping-edd-c110f3311248c25cc2e6e53a20d9f8d7.yaml @@ -0,0 +1,58 @@ +id: simple-shipping-edd-c110f3311248c25cc2e6e53a20d9f8d7 + +info: + name: > + Easy Digital Downloads – Simple Shipping <= 2.1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01179ac2-ad68-4a5d-af67-70d57ed611d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-shipping-edd/" + google-query: inurl:"/wp-content/plugins/simple-shipping-edd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-shipping-edd,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-shipping-edd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-shipping-edd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-site-verify-401f06c28c1cd430ed4024172948f5b4.yaml b/nuclei-templates/cve-less/plugins/simple-site-verify-401f06c28c1cd430ed4024172948f5b4.yaml new file mode 100644 index 0000000000..66278565b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-site-verify-401f06c28c1cd430ed4024172948f5b4.yaml @@ -0,0 +1,58 @@ +id: simple-site-verify-401f06c28c1cd430ed4024172948f5b4 + +info: + name: > + Simple Site Verify <= 1.0.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1ea7e04-d3b3-43fa-be9a-a2d5ac3e34c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-site-verify/" + google-query: inurl:"/wp-content/plugins/simple-site-verify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-site-verify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-site-verify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-site-verify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-sitemap-1523648bd0f24adc2a26d45bbae47ace.yaml b/nuclei-templates/cve-less/plugins/simple-sitemap-1523648bd0f24adc2a26d45bbae47ace.yaml new file mode 100644 index 0000000000..fdacb7ab69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-sitemap-1523648bd0f24adc2a26d45bbae47ace.yaml @@ -0,0 +1,58 @@ +id: simple-sitemap-1523648bd0f24adc2a26d45bbae47ace + +info: + name: > + Simple Sitemap <= 3.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f47a2ff1-627f-4d1c-b0b6-684be51526f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-sitemap/" + google-query: inurl:"/wp-content/plugins/simple-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-sitemap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-slider-ssp-596c1534922e10c637aff8c9e7564a21.yaml b/nuclei-templates/cve-less/plugins/simple-slider-ssp-596c1534922e10c637aff8c9e7564a21.yaml new file mode 100644 index 0000000000..3e7d5d24f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-slider-ssp-596c1534922e10c637aff8c9e7564a21.yaml @@ -0,0 +1,58 @@ +id: simple-slider-ssp-596c1534922e10c637aff8c9e7564a21 + +info: + name: > + WP Slider Plugin <= 1.4.5 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7bf5f3c-9577-4824-a8ae-e13827fa5166?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-slider-ssp/" + google-query: inurl:"/wp-content/plugins/simple-slider-ssp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-slider-ssp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-slider-ssp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-slider-ssp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-slug-translate-59c7d1a679853ce7b01d642a9cdae84d.yaml b/nuclei-templates/cve-less/plugins/simple-slug-translate-59c7d1a679853ce7b01d642a9cdae84d.yaml new file mode 100644 index 0000000000..1951f960b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-slug-translate-59c7d1a679853ce7b01d642a9cdae84d.yaml @@ -0,0 +1,58 @@ +id: simple-slug-translate-59c7d1a679853ce7b01d642a9cdae84d + +info: + name: > + Simple Slug Translate <= 2.7.2 - Authenticated (Administrator+) Stored Cross-Site Scritping + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc19313b-f9d0-4a92-8e33-d632d8a478df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-slug-translate/" + google-query: inurl:"/wp-content/plugins/simple-slug-translate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-slug-translate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-slug-translate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-slug-translate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-social-buttons-12ff7814319c3fed879573cad73d612b.yaml b/nuclei-templates/cve-less/plugins/simple-social-buttons-12ff7814319c3fed879573cad73d612b.yaml new file mode 100644 index 0000000000..04a5a0643a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-social-buttons-12ff7814319c3fed879573cad73d612b.yaml @@ -0,0 +1,58 @@ +id: simple-social-buttons-12ff7814319c3fed879573cad73d612b + +info: + name: > + Simple Social Media Share Buttons <= 3.2.3 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2f4313a-568e-4ee2-b283-cd7bb62b75fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-social-buttons/" + google-query: inurl:"/wp-content/plugins/simple-social-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-social-buttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-social-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-social-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-social-buttons-7f383db1332d5a58a59f192dff645bd4.yaml b/nuclei-templates/cve-less/plugins/simple-social-buttons-7f383db1332d5a58a59f192dff645bd4.yaml new file mode 100644 index 0000000000..875a106ef0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-social-buttons-7f383db1332d5a58a59f192dff645bd4.yaml @@ -0,0 +1,58 @@ +id: simple-social-buttons-7f383db1332d5a58a59f192dff645bd4 + +info: + name: > + Simple Social Media Share Buttons <= 5.1.0 - Unauthenticated Password Protected Post Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab87210f-1f21-4208-ab50-4f62ec8e02fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-social-buttons/" + google-query: inurl:"/wp-content/plugins/simple-social-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-social-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-social-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-social-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-social-buttons-84af63ce54f1aff066c5cbc0224ece1e.yaml b/nuclei-templates/cve-less/plugins/simple-social-buttons-84af63ce54f1aff066c5cbc0224ece1e.yaml new file mode 100644 index 0000000000..af8a249a4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-social-buttons-84af63ce54f1aff066c5cbc0224ece1e.yaml @@ -0,0 +1,58 @@ +id: simple-social-buttons-84af63ce54f1aff066c5cbc0224ece1e + +info: + name: > + Simple Social Media Share Buttons <= 3.2.2 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73b93a44-1d91-4755-ae48-73f74a6fe415?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-social-buttons/" + google-query: inurl:"/wp-content/plugins/simple-social-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-social-buttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-social-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-social-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-sortsearch-dad17a0f7cc6bf4dce65968822857b48.yaml b/nuclei-templates/cve-less/plugins/simple-sortsearch-dad17a0f7cc6bf4dce65968822857b48.yaml new file mode 100644 index 0000000000..3d078a2dc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-sortsearch-dad17a0f7cc6bf4dce65968822857b48.yaml @@ -0,0 +1,58 @@ +id: simple-sortsearch-dad17a0f7cc6bf4dce65968822857b48 + +info: + name: > + Simple Sort&Search <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e47a2d3-ab79-417d-b36b-2f8a8c515bc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-sortsearch/" + google-query: inurl:"/wp-content/plugins/simple-sortsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-sortsearch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-sortsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-sortsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-staff-list-065f57f30aadd88480dc295cfdb7429a.yaml b/nuclei-templates/cve-less/plugins/simple-staff-list-065f57f30aadd88480dc295cfdb7429a.yaml new file mode 100644 index 0000000000..927a6d553e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-staff-list-065f57f30aadd88480dc295cfdb7429a.yaml @@ -0,0 +1,58 @@ +id: simple-staff-list-065f57f30aadd88480dc295cfdb7429a + +info: + name: > + Simple Staff List <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c275b40-1155-4a86-8854-b0660e117fcb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-staff-list/" + google-query: inurl:"/wp-content/plugins/simple-staff-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-staff-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-staff-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-staff-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-staff-list-7d02fb68117844792850ad968e93d6a6.yaml b/nuclei-templates/cve-less/plugins/simple-staff-list-7d02fb68117844792850ad968e93d6a6.yaml new file mode 100644 index 0000000000..96906682ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-staff-list-7d02fb68117844792850ad968e93d6a6.yaml @@ -0,0 +1,58 @@ +id: simple-staff-list-7d02fb68117844792850ad968e93d6a6 + +info: + name: > + Simple Staff List <= 2.2.4 - Missing Authorization via ajax_flush_rewrite_rules and staff_member_export + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ef8bf84-768f-4ef1-8037-4e51ccc20c83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-staff-list/" + google-query: inurl:"/wp-content/plugins/simple-staff-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-staff-list,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-staff-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-staff-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-staff-list-f7b0dea7fdc53cc395c11a147701c107.yaml b/nuclei-templates/cve-less/plugins/simple-staff-list-f7b0dea7fdc53cc395c11a147701c107.yaml new file mode 100644 index 0000000000..13ba166b08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-staff-list-f7b0dea7fdc53cc395c11a147701c107.yaml @@ -0,0 +1,58 @@ +id: simple-staff-list-f7b0dea7fdc53cc395c11a147701c107 + +info: + name: > + Simple Staff List <= 2.2.3 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5880581-3505-4851-b32f-cd2873072f73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-staff-list/" + google-query: inurl:"/wp-content/plugins/simple-staff-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-staff-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-staff-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-staff-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-sticky-footer-e689aa17f6bf2fdc2c6603a9014c4c60.yaml b/nuclei-templates/cve-less/plugins/simple-sticky-footer-e689aa17f6bf2fdc2c6603a9014c4c60.yaml new file mode 100644 index 0000000000..440a238678 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-sticky-footer-e689aa17f6bf2fdc2c6603a9014c4c60.yaml @@ -0,0 +1,58 @@ +id: simple-sticky-footer-e689aa17f6bf2fdc2c6603a9014c4c60 + +info: + name: > + Simple Sticky Footer <= 1.3.2 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/329f6e9b-f2f4-4c4e-9512-fcf504c2c0ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-sticky-footer/" + google-query: inurl:"/wp-content/plugins/simple-sticky-footer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-sticky-footer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-sticky-footer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-sticky-footer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-student-result-02a688a26a04ec997a303637d53b9750.yaml b/nuclei-templates/cve-less/plugins/simple-student-result-02a688a26a04ec997a303637d53b9750.yaml new file mode 100644 index 0000000000..bda9f5045b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-student-result-02a688a26a04ec997a303637d53b9750.yaml @@ -0,0 +1,58 @@ +id: simple-student-result-02a688a26a04ec997a303637d53b9750 + +info: + name: > + Student Result or Employee Database <= 1.7.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/834e86c6-f516-4991-a693-d23db2bf14ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-student-result/" + google-query: inurl:"/wp-content/plugins/simple-student-result/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-student-result,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-student-result/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-student-result" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-student-result-1e87bae656b2627d83b3d372f1614a11.yaml b/nuclei-templates/cve-less/plugins/simple-student-result-1e87bae656b2627d83b3d372f1614a11.yaml new file mode 100644 index 0000000000..fac6066a6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-student-result-1e87bae656b2627d83b3d372f1614a11.yaml @@ -0,0 +1,58 @@ +id: simple-student-result-1e87bae656b2627d83b3d372f1614a11 + +info: + name: > + Student Result or Employee Database <= 1.6.3 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba8d377f-d216-40e4-97f2-ed3eac0ec33e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-student-result/" + google-query: inurl:"/wp-content/plugins/simple-student-result/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-student-result,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-student-result/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-student-result" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-support-ticket-system-cf523f7ef0e6572480c576e8223b6d77.yaml b/nuclei-templates/cve-less/plugins/simple-support-ticket-system-cf523f7ef0e6572480c576e8223b6d77.yaml new file mode 100644 index 0000000000..79786e494f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-support-ticket-system-cf523f7ef0e6572480c576e8223b6d77.yaml @@ -0,0 +1,58 @@ +id: simple-support-ticket-system-cf523f7ef0e6572480c576e8223b6d77 + +info: + name: > + Support Ticket System < 1.2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8c08878-0f9f-4203-8110-a3772eb8de63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-support-ticket-system/" + google-query: inurl:"/wp-content/plugins/simple-support-ticket-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-support-ticket-system,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-support-ticket-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-support-ticket-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-table-manager-51cc1e2fa9b76200d8c0e1cffbbd6dc5.yaml b/nuclei-templates/cve-less/plugins/simple-table-manager-51cc1e2fa9b76200d8c0e1cffbbd6dc5.yaml new file mode 100644 index 0000000000..a95334a864 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-table-manager-51cc1e2fa9b76200d8c0e1cffbbd6dc5.yaml @@ -0,0 +1,58 @@ +id: simple-table-manager-51cc1e2fa9b76200d8c0e1cffbbd6dc5 + +info: + name: > + Simple Table Manager <= 1.5.6 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53760acf-e8b2-4e35-8c01-768472fc0996?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-table-manager/" + google-query: inurl:"/wp-content/plugins/simple-table-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-table-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-table-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-table-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-tags-1b628b6e919f163c78dec1ae22685875.yaml b/nuclei-templates/cve-less/plugins/simple-tags-1b628b6e919f163c78dec1ae22685875.yaml new file mode 100644 index 0000000000..d9c8143568 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-tags-1b628b6e919f163c78dec1ae22685875.yaml @@ -0,0 +1,58 @@ +id: simple-tags-1b628b6e919f163c78dec1ae22685875 + +info: + name: > + TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52574d99-1ffe-4152-bf13-9cdd11d7300a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-tags/" + google-query: inurl:"/wp-content/plugins/simple-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-tags,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-tags-4c56b6bb234842fef87202ea54089581.yaml b/nuclei-templates/cve-less/plugins/simple-tags-4c56b6bb234842fef87202ea54089581.yaml new file mode 100644 index 0000000000..8447370767 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-tags-4c56b6bb234842fef87202ea54089581.yaml @@ -0,0 +1,58 @@ +id: simple-tags-4c56b6bb234842fef87202ea54089581 + +info: + name: > + TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c051bfd-2754-4faf-8062-91752555166c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-tags/" + google-query: inurl:"/wp-content/plugins/simple-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-tags,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-tags-9af4513a0f46be16e18750162e487d0e.yaml b/nuclei-templates/cve-less/plugins/simple-tags-9af4513a0f46be16e18750162e487d0e.yaml new file mode 100644 index 0000000000..a74c153ccd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-tags-9af4513a0f46be16e18750162e487d0e.yaml @@ -0,0 +1,58 @@ +id: simple-tags-9af4513a0f46be16e18750162e487d0e + +info: + name: > + TaxoPress <= 3.0.7.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/282fabde-c3a5-49d0-987a-39f106f766cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-tags/" + google-query: inurl:"/wp-content/plugins/simple-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-tags,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-tags-dbd78c6bc37635ee7558d00a91a8165a.yaml b/nuclei-templates/cve-less/plugins/simple-tags-dbd78c6bc37635ee7558d00a91a8165a.yaml new file mode 100644 index 0000000000..210c82ab3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-tags-dbd78c6bc37635ee7558d00a91a8165a.yaml @@ -0,0 +1,58 @@ +id: simple-tags-dbd78c6bc37635ee7558d00a91a8165a + +info: + name: > + TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e98ed932-4e4c-4127-ae72-500e2a34f371?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-tags/" + google-query: inurl:"/wp-content/plugins/simple-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-tags,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-tags-f897c75665f54f7b712469c3a1014b0b.yaml b/nuclei-templates/cve-less/plugins/simple-tags-f897c75665f54f7b712469c3a1014b0b.yaml new file mode 100644 index 0000000000..93f00ee442 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-tags-f897c75665f54f7b712469c3a1014b0b.yaml @@ -0,0 +1,58 @@ +id: simple-tags-f897c75665f54f7b712469c3a1014b0b + +info: + name: > + WordPress Tag and Category Manager – AI Autotagger <= 3.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f537479-d5ec-46bb-a04e-2c33a2abc759?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-tags/" + google-query: inurl:"/wp-content/plugins/simple-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-tags,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-testimonials-showcase-af9704a1a0aaec6b76168fbe08955226.yaml b/nuclei-templates/cve-less/plugins/simple-testimonials-showcase-af9704a1a0aaec6b76168fbe08955226.yaml new file mode 100644 index 0000000000..1c9a15d4f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-testimonials-showcase-af9704a1a0aaec6b76168fbe08955226.yaml @@ -0,0 +1,58 @@ +id: simple-testimonials-showcase-af9704a1a0aaec6b76168fbe08955226 + +info: + name: > + Simple Testimonials Showcase <= 1.1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6008237-e4a8-4757-ae14-ac20c6f1b0af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-testimonials-showcase/" + google-query: inurl:"/wp-content/plugins/simple-testimonials-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-testimonials-showcase,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-testimonials-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-testimonials-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-testimonials-showcase-f4692d4ecdfbe84f92ac77014c0e0a83.yaml b/nuclei-templates/cve-less/plugins/simple-testimonials-showcase-f4692d4ecdfbe84f92ac77014c0e0a83.yaml new file mode 100644 index 0000000000..a72d62dae2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-testimonials-showcase-f4692d4ecdfbe84f92ac77014c0e0a83.yaml @@ -0,0 +1,58 @@ +id: simple-testimonials-showcase-f4692d4ecdfbe84f92ac77014c0e0a83 + +info: + name: > + Simple Testimonials Showcase <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/717dfceb-dc0b-45ef-bc06-72658486d1f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-testimonials-showcase/" + google-query: inurl:"/wp-content/plugins/simple-testimonials-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-testimonials-showcase,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-testimonials-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-testimonials-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-theme-options-d24630671f65fdbbb367bb893bfade3c.yaml b/nuclei-templates/cve-less/plugins/simple-theme-options-d24630671f65fdbbb367bb893bfade3c.yaml new file mode 100644 index 0000000000..7614d8cdc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-theme-options-d24630671f65fdbbb367bb893bfade3c.yaml @@ -0,0 +1,58 @@ +id: simple-theme-options-d24630671f65fdbbb367bb893bfade3c + +info: + name: > + Simple Tracking <= 1.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50b0eb50-fe25-487f-b5bc-13659be58ae4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-theme-options/" + google-query: inurl:"/wp-content/plugins/simple-theme-options/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-theme-options,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-theme-options/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-theme-options" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-tooltips-0a74f9768178c52be7335a4414a065a0.yaml b/nuclei-templates/cve-less/plugins/simple-tooltips-0a74f9768178c52be7335a4414a065a0.yaml new file mode 100644 index 0000000000..9db169348b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-tooltips-0a74f9768178c52be7335a4414a065a0.yaml @@ -0,0 +1,58 @@ +id: simple-tooltips-0a74f9768178c52be7335a4414a065a0 + +info: + name: > + Simple Tooltips <= 2.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc7e4235-5f40-48c2-8474-cf57af5e35bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-tooltips/" + google-query: inurl:"/wp-content/plugins/simple-tooltips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-tooltips,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-tooltips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-tooltips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-tooltips-6284e6441b25b9ea2f8b947793590242.yaml b/nuclei-templates/cve-less/plugins/simple-tooltips-6284e6441b25b9ea2f8b947793590242.yaml new file mode 100644 index 0000000000..07b6336e8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-tooltips-6284e6441b25b9ea2f8b947793590242.yaml @@ -0,0 +1,58 @@ +id: simple-tooltips-6284e6441b25b9ea2f8b947793590242 + +info: + name: > + Simple Tooltips <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ead3aee-3d72-4fc0-a613-700ec75fb0bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-tooltips/" + google-query: inurl:"/wp-content/plugins/simple-tooltips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-tooltips,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-tooltips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-tooltips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-tweet-0cd1e08a1b0cf9639f9192490f465d8f.yaml b/nuclei-templates/cve-less/plugins/simple-tweet-0cd1e08a1b0cf9639f9192490f465d8f.yaml new file mode 100644 index 0000000000..1f11b321c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-tweet-0cd1e08a1b0cf9639f9192490f465d8f.yaml @@ -0,0 +1,58 @@ +id: simple-tweet-0cd1e08a1b0cf9639f9192490f465d8f + +info: + name: > + Simple Tweet <= 1.4.0.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-tweet/" + google-query: inurl:"/wp-content/plugins/simple-tweet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-tweet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-tweet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-tweet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-tweet-27310a1dc2397e2cac54db00506a62d4.yaml b/nuclei-templates/cve-less/plugins/simple-tweet-27310a1dc2397e2cac54db00506a62d4.yaml new file mode 100644 index 0000000000..1f384abc3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-tweet-27310a1dc2397e2cac54db00506a62d4.yaml @@ -0,0 +1,58 @@ +id: simple-tweet-27310a1dc2397e2cac54db00506a62d4 + +info: + name: > + Simple Tweet <= 1.4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de568a71-f51d-4948-839c-48e51d165a64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-tweet/" + google-query: inurl:"/wp-content/plugins/simple-tweet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-tweet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-tweet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-tweet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-urls-15bda1e21fcfc4331fee33475b186388.yaml b/nuclei-templates/cve-less/plugins/simple-urls-15bda1e21fcfc4331fee33475b186388.yaml new file mode 100644 index 0000000000..cca50b72b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-urls-15bda1e21fcfc4331fee33475b186388.yaml @@ -0,0 +1,58 @@ +id: simple-urls-15bda1e21fcfc4331fee33475b186388 + +info: + name: > + Simple URLs <= 120 - Cross-Site Request Forgery via Multiple AJAX Actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41d03524-7a53-40cd-a3d5-dafea4fc9a33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-urls/" + google-query: inurl:"/wp-content/plugins/simple-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-urls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 120') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-urls-2b45864828a1aff6937ee7dc2951db60.yaml b/nuclei-templates/cve-less/plugins/simple-urls-2b45864828a1aff6937ee7dc2951db60.yaml new file mode 100644 index 0000000000..16a3a81949 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-urls-2b45864828a1aff6937ee7dc2951db60.yaml @@ -0,0 +1,58 @@ +id: simple-urls-2b45864828a1aff6937ee7dc2951db60 + +info: + name: > + Simple URLs <= 118 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8147f63-91a5-457c-8259-8e4ddf5c67e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-urls/" + google-query: inurl:"/wp-content/plugins/simple-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-urls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 118') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-urls-5110a92cba7ac370f8a4c5806d1c585c.yaml b/nuclei-templates/cve-less/plugins/simple-urls-5110a92cba7ac370f8a4c5806d1c585c.yaml new file mode 100644 index 0000000000..76ae0d6f9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-urls-5110a92cba7ac370f8a4c5806d1c585c.yaml @@ -0,0 +1,58 @@ +id: simple-urls-5110a92cba7ac370f8a4c5806d1c585c + +info: + name: > + Simple URLs <= 114 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/905ced90-3a24-4dd6-b415-890804bb6f5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-urls/" + google-query: inurl:"/wp-content/plugins/simple-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-urls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 114') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-urls-675d927de3b1b53ecaa9209929290da6.yaml b/nuclei-templates/cve-less/plugins/simple-urls-675d927de3b1b53ecaa9209929290da6.yaml new file mode 100644 index 0000000000..ed41c7e913 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-urls-675d927de3b1b53ecaa9209929290da6.yaml @@ -0,0 +1,58 @@ +id: simple-urls-675d927de3b1b53ecaa9209929290da6 + +info: + name: > + Simple URLs <= 117 - Missing Authorization via AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/118e1a8c-a638-4571-9ce9-cf2cba4b9b06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-urls/" + google-query: inurl:"/wp-content/plugins/simple-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-urls,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 117') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-urls-ada2b4fe98d8efc08dd626edec328d75.yaml b/nuclei-templates/cve-less/plugins/simple-urls-ada2b4fe98d8efc08dd626edec328d75.yaml new file mode 100644 index 0000000000..c6abcf3f9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-urls-ada2b4fe98d8efc08dd626edec328d75.yaml @@ -0,0 +1,58 @@ +id: simple-urls-ada2b4fe98d8efc08dd626edec328d75 + +info: + name: > + Simple URLs <= 117 - Reflected Cross-Site Scripting via 'post_id' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54c38be0-ffe7-4fa4-b5c9-cb717c11aed5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-urls/" + google-query: inurl:"/wp-content/plugins/simple-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-urls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 117') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-urls-f2a5202240be9077b802b53424bd6267.yaml b/nuclei-templates/cve-less/plugins/simple-urls-f2a5202240be9077b802b53424bd6267.yaml new file mode 100644 index 0000000000..f917d4f76c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-urls-f2a5202240be9077b802b53424bd6267.yaml @@ -0,0 +1,58 @@ +id: simple-urls-f2a5202240be9077b802b53424bd6267 + +info: + name: > + Simple URLs <= 114 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1644c2c3-11fa-48d6-ad99-416f27df4483?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-urls/" + google-query: inurl:"/wp-content/plugins/simple-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-urls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 114') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-user-listing-8fb6f9883fb5a7c53db96c756412e908.yaml b/nuclei-templates/cve-less/plugins/simple-user-listing-8fb6f9883fb5a7c53db96c756412e908.yaml new file mode 100644 index 0000000000..71a8559193 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-user-listing-8fb6f9883fb5a7c53db96c756412e908.yaml @@ -0,0 +1,58 @@ +id: simple-user-listing-8fb6f9883fb5a7c53db96c756412e908 + +info: + name: > + Simple User Listing <= 1.9.2 - Reflected Cross-Site Scripting via as + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7035903-d598-4db3-ba77-6e836229c5de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-user-listing/" + google-query: inurl:"/wp-content/plugins/simple-user-listing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-user-listing,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-user-listing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-user-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-video-embedder-f34299764af595ef815c30af6bd496f7.yaml b/nuclei-templates/cve-less/plugins/simple-video-embedder-f34299764af595ef815c30af6bd496f7.yaml new file mode 100644 index 0000000000..5bc08d0913 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-video-embedder-f34299764af595ef815c30af6bd496f7.yaml @@ -0,0 +1,58 @@ +id: simple-video-embedder-f34299764af595ef815c30af6bd496f7 + +info: + name: > + Simple Video Embedder <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55fd13aa-aa30-4d5b-b344-6b5d065b64ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-video-embedder/" + google-query: inurl:"/wp-content/plugins/simple-video-embedder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-video-embedder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-video-embedder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-video-embedder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-visitor-stat-c6a09e1ae4216b85c7cb7a2c1a13117a.yaml b/nuclei-templates/cve-less/plugins/simple-visitor-stat-c6a09e1ae4216b85c7cb7a2c1a13117a.yaml new file mode 100644 index 0000000000..d4c80288a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-visitor-stat-c6a09e1ae4216b85c7cb7a2c1a13117a.yaml @@ -0,0 +1,58 @@ +id: simple-visitor-stat-c6a09e1ae4216b85c7cb7a2c1a13117a + +info: + name: > + Simple visitor stat <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/508225ab-beb7-40eb-a80b-de123650fcff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-visitor-stat/" + google-query: inurl:"/wp-content/plugins/simple-visitor-stat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-visitor-stat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-visitor-stat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-visitor-stat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-woocommerce-csv-loader-ebfae304236d531958d5ca860f60e6f8.yaml b/nuclei-templates/cve-less/plugins/simple-woocommerce-csv-loader-ebfae304236d531958d5ca860f60e6f8.yaml new file mode 100644 index 0000000000..f2a1f3af1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-woocommerce-csv-loader-ebfae304236d531958d5ca860f60e6f8.yaml @@ -0,0 +1,58 @@ +id: simple-woocommerce-csv-loader-ebfae304236d531958d5ca860f60e6f8 + +info: + name: > + Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b42882f6-ccea-4d8f-940b-1ad95b1ab760?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-woocommerce-csv-loader/" + google-query: inurl:"/wp-content/plugins/simple-woocommerce-csv-loader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-woocommerce-csv-loader,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-woocommerce-csv-loader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-woocommerce-csv-loader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-wp-sitemap-59259dfce205e3430d84312173c09724.yaml b/nuclei-templates/cve-less/plugins/simple-wp-sitemap-59259dfce205e3430d84312173c09724.yaml new file mode 100644 index 0000000000..13c0ae68c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-wp-sitemap-59259dfce205e3430d84312173c09724.yaml @@ -0,0 +1,58 @@ +id: simple-wp-sitemap-59259dfce205e3430d84312173c09724 + +info: + name: > + Simple Wp Sitemap <= 1.2.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e3dc509-73c3-4869-b520-6f5c1d691184?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-wp-sitemap/" + google-query: inurl:"/wp-content/plugins/simple-wp-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-wp-sitemap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-wp-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-wp-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-yearly-archive-d3f480cf02dc331ee92b8ba5f6c29338.yaml b/nuclei-templates/cve-less/plugins/simple-yearly-archive-d3f480cf02dc331ee92b8ba5f6c29338.yaml new file mode 100644 index 0000000000..a59c668532 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-yearly-archive-d3f480cf02dc331ee92b8ba5f6c29338.yaml @@ -0,0 +1,58 @@ +id: simple-yearly-archive-d3f480cf02dc331ee92b8ba5f6c29338 + +info: + name: > + Simple Yearly Archive <= 2.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8d41006-ab36-4eed-8c17-2937ca7aff1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-yearly-archive/" + google-query: inurl:"/wp-content/plugins/simple-yearly-archive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-yearly-archive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-yearly-archive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-yearly-archive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simple-youtube-responsive-a8a2129053b6265336aaeb65bc0c164a.yaml b/nuclei-templates/cve-less/plugins/simple-youtube-responsive-a8a2129053b6265336aaeb65bc0c164a.yaml new file mode 100644 index 0000000000..17c2ebe1af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simple-youtube-responsive-a8a2129053b6265336aaeb65bc0c164a.yaml @@ -0,0 +1,58 @@ +id: simple-youtube-responsive-a8a2129053b6265336aaeb65bc0c164a + +info: + name: > + Simple YouTube Responsive <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e4a605e-542b-4001-84d8-0a0aad044798?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simple-youtube-responsive/" + google-query: inurl:"/wp-content/plugins/simple-youtube-responsive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simple-youtube-responsive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simple-youtube-responsive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simple-youtube-responsive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simpleflickr-cf071fc2ff7ad6812b023519dad9013e.yaml b/nuclei-templates/cve-less/plugins/simpleflickr-cf071fc2ff7ad6812b023519dad9013e.yaml new file mode 100644 index 0000000000..fcd2d2549d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simpleflickr-cf071fc2ff7ad6812b023519dad9013e.yaml @@ -0,0 +1,58 @@ +id: simpleflickr-cf071fc2ff7ad6812b023519dad9013e + +info: + name: > + SimpleFlickr <= 3.0.3 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/223ace0a-5a98-4714-90d5-06fe96bc9a2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simpleflickr/" + google-query: inurl:"/wp-content/plugins/simpleflickr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simpleflickr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simpleflickr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simpleflickr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplelife-9f4b30648930a231b8f2e1e9c1a6b6c8.yaml b/nuclei-templates/cve-less/plugins/simplelife-9f4b30648930a231b8f2e1e9c1a6b6c8.yaml new file mode 100644 index 0000000000..18a71d2c4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplelife-9f4b30648930a231b8f2e1e9c1a6b6c8.yaml @@ -0,0 +1,58 @@ +id: simplelife-9f4b30648930a231b8f2e1e9c1a6b6c8 + +info: + name: > + Simplelife Plugin <= 1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac63e451-2ab3-4ca9-bb69-a0ef04fef3a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplelife/" + google-query: inurl:"/wp-content/plugins/simplelife/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplelife,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplelife/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplelife" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplemap-50af53f1d764e968928a866f51c31158.yaml b/nuclei-templates/cve-less/plugins/simplemap-50af53f1d764e968928a866f51c31158.yaml new file mode 100644 index 0000000000..4a4a1b6474 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplemap-50af53f1d764e968928a866f51c31158.yaml @@ -0,0 +1,58 @@ +id: simplemap-50af53f1d764e968928a866f51c31158 + +info: + name: > + SimpleMap Store Locator <= 2.6.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a600f11-03c3-4777-b1fe-212b085bacba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplemap/" + google-query: inurl:"/wp-content/plugins/simplemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplemap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplemodal-contact-form-smcf-96b2063a0950eb9d73bc44532d96a2af.yaml b/nuclei-templates/cve-less/plugins/simplemodal-contact-form-smcf-96b2063a0950eb9d73bc44532d96a2af.yaml new file mode 100644 index 0000000000..98153f26f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplemodal-contact-form-smcf-96b2063a0950eb9d73bc44532d96a2af.yaml @@ -0,0 +1,58 @@ +id: simplemodal-contact-form-smcf-96b2063a0950eb9d73bc44532d96a2af + +info: + name: > + SimpleModal Contact Form (SMCF) <= 1.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8c19868-49c2-4ee2-883a-93549e65d41a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplemodal-contact-form-smcf/" + google-query: inurl:"/wp-content/plugins/simplemodal-contact-form-smcf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplemodal-contact-form-smcf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplemodal-contact-form-smcf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplemodal-contact-form-smcf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplepress-1385e98bb73a78a4b3298f9d107fe144.yaml b/nuclei-templates/cve-less/plugins/simplepress-1385e98bb73a78a4b3298f9d107fe144.yaml new file mode 100644 index 0000000000..b8396e7547 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplepress-1385e98bb73a78a4b3298f9d107fe144.yaml @@ -0,0 +1,58 @@ +id: simplepress-1385e98bb73a78a4b3298f9d107fe144 + +info: + name: > + Simple:Press <= 6.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Signatures + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e77082a7-dd65-40e9-a1be-0144afa869ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplepress/" + google-query: inurl:"/wp-content/plugins/simplepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplepress-31ce7b8320b2e27875e4234cacbc73eb.yaml b/nuclei-templates/cve-less/plugins/simplepress-31ce7b8320b2e27875e4234cacbc73eb.yaml new file mode 100644 index 0000000000..b346d134e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplepress-31ce7b8320b2e27875e4234cacbc73eb.yaml @@ -0,0 +1,58 @@ +id: simplepress-31ce7b8320b2e27875e4234cacbc73eb + +info: + name: > + Simple:Press – WordPress Forum Plugin <= 6.6.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplepress/" + google-query: inurl:"/wp-content/plugins/simplepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplepress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplepress-3f6009b49c4de5d656c7bafec85eed5e.yaml b/nuclei-templates/cve-less/plugins/simplepress-3f6009b49c4de5d656c7bafec85eed5e.yaml new file mode 100644 index 0000000000..cdaeb74a88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplepress-3f6009b49c4de5d656c7bafec85eed5e.yaml @@ -0,0 +1,58 @@ +id: simplepress-3f6009b49c4de5d656c7bafec85eed5e + +info: + name: > + Simple:Press <= 6.8 - Reflected Cross-Site Scripting via Cookie Value + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55a57b5f-2f87-4060-b1c2-77086f695dda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplepress/" + google-query: inurl:"/wp-content/plugins/simplepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplepress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplepress-41182a8a3c15b1cd38397763553e436b.yaml b/nuclei-templates/cve-less/plugins/simplepress-41182a8a3c15b1cd38397763553e436b.yaml new file mode 100644 index 0000000000..311524b0c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplepress-41182a8a3c15b1cd38397763553e436b.yaml @@ -0,0 +1,58 @@ +id: simplepress-41182a8a3c15b1cd38397763553e436b + +info: + name: > + Simple:Press <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Forum Replies + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4707fcf6-ad11-4ffc-ba56-30f6571e3d9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplepress/" + google-query: inurl:"/wp-content/plugins/simplepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplepress-64b8d0d829a31289bbb915ba2b2eb077.yaml b/nuclei-templates/cve-less/plugins/simplepress-64b8d0d829a31289bbb915ba2b2eb077.yaml new file mode 100644 index 0000000000..44f80fba23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplepress-64b8d0d829a31289bbb915ba2b2eb077.yaml @@ -0,0 +1,58 @@ +id: simplepress-64b8d0d829a31289bbb915ba2b2eb077 + +info: + name: > + Simple:Press <= 6.8 - Authenticated (Subscriber+) Path Traversal to Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43bcf3ab-4201-4a61-82c5-2dc60b684989?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplepress/" + google-query: inurl:"/wp-content/plugins/simplepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplepress-6673123aea5f3dacd5949ff035699808.yaml b/nuclei-templates/cve-less/plugins/simplepress-6673123aea5f3dacd5949ff035699808.yaml new file mode 100644 index 0000000000..775cb1e643 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplepress-6673123aea5f3dacd5949ff035699808.yaml @@ -0,0 +1,58 @@ +id: simplepress-6673123aea5f3dacd5949ff035699808 + +info: + name: > + Simple:Press <= 6.8 - Authenticated (Admin+) Path Traversal to Arbitrary File Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead1a18-9429-472e-9e88-e792eaa23ae9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplepress/" + google-query: inurl:"/wp-content/plugins/simplepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplesamlphp-authentication-66b6ce3815a5720d174a72208f049b60.yaml b/nuclei-templates/cve-less/plugins/simplesamlphp-authentication-66b6ce3815a5720d174a72208f049b60.yaml new file mode 100644 index 0000000000..23b40144b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplesamlphp-authentication-66b6ce3815a5720d174a72208f049b60.yaml @@ -0,0 +1,58 @@ +id: simplesamlphp-authentication-66b6ce3815a5720d174a72208f049b60 + +info: + name: > + simpleSAMLphp Authentication <= 0.7.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6f1907e-9584-4ff7-8cf5-b285b7df9ec4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplesamlphp-authentication/" + google-query: inurl:"/wp-content/plugins/simplesamlphp-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplesamlphp-authentication,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplesamlphp-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplesamlphp-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simpleshop-cz-b6921c4c41be466e80b527433949b2cd.yaml b/nuclei-templates/cve-less/plugins/simpleshop-cz-b6921c4c41be466e80b527433949b2cd.yaml new file mode 100644 index 0000000000..f614475198 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simpleshop-cz-b6921c4c41be466e80b527433949b2cd.yaml @@ -0,0 +1,58 @@ +id: simpleshop-cz-b6921c4c41be466e80b527433949b2cd + +info: + name: > + SimpleShop <= 2.10.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9870db7f-0c8e-44a4-aa0f-13709d773756?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simpleshop-cz/" + google-query: inurl:"/wp-content/plugins/simpleshop-cz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simpleshop-cz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simpleshop-cz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simpleshop-cz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simpleshop-cz-ebdc4e179afbae0e73d5291d7befe15e.yaml b/nuclei-templates/cve-less/plugins/simpleshop-cz-ebdc4e179afbae0e73d5291d7befe15e.yaml new file mode 100644 index 0000000000..43da602940 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simpleshop-cz-ebdc4e179afbae0e73d5291d7befe15e.yaml @@ -0,0 +1,58 @@ +id: simpleshop-cz-ebdc4e179afbae0e73d5291d7befe15e + +info: + name: > + SimpleShop <= 2.10.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc39c47-3b99-4e43-b25d-a025f3d228b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simpleshop-cz/" + google-query: inurl:"/wp-content/plugins/simpleshop-cz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simpleshop-cz,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simpleshop-cz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simpleshop-cz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplified-content-f60018e6fdebf8ed4334a970a3e624c1.yaml b/nuclei-templates/cve-less/plugins/simplified-content-f60018e6fdebf8ed4334a970a3e624c1.yaml new file mode 100644 index 0000000000..33202d9f34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplified-content-f60018e6fdebf8ed4334a970a3e624c1.yaml @@ -0,0 +1,58 @@ +id: simplified-content-f60018e6fdebf8ed4334a970a3e624c1 + +info: + name: > + Simplified Content < 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbacdde1-87e0-4b3a-8580-f1d37c130a1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplified-content/" + google-query: inurl:"/wp-content/plugins/simplified-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplified-content,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplified-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplified-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplr-registration-form-144725995c15dd892b47406937b4c8c9.yaml b/nuclei-templates/cve-less/plugins/simplr-registration-form-144725995c15dd892b47406937b4c8c9.yaml new file mode 100644 index 0000000000..fad5fa1582 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplr-registration-form-144725995c15dd892b47406937b4c8c9.yaml @@ -0,0 +1,58 @@ +id: simplr-registration-form-144725995c15dd892b47406937b4c8c9 + +info: + name: > + Simplr Registration Form Plus+ <= 2.3.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/810c641b-e9e0-462c-96ef-008c083208a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplr-registration-form/" + google-query: inurl:"/wp-content/plugins/simplr-registration-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplr-registration-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplr-registration-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplr-registration-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simplr-registration-form-669be7a13bf58d1940739fe39615ab4b.yaml b/nuclei-templates/cve-less/plugins/simplr-registration-form-669be7a13bf58d1940739fe39615ab4b.yaml new file mode 100644 index 0000000000..f65ec62179 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simplr-registration-form-669be7a13bf58d1940739fe39615ab4b.yaml @@ -0,0 +1,58 @@ +id: simplr-registration-form-669be7a13bf58d1940739fe39615ab4b + +info: + name: > + Simplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ddf0452-3afe-4ada-bccc-30c818968a81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simplr-registration-form/" + google-query: inurl:"/wp-content/plugins/simplr-registration-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simplr-registration-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simplr-registration-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simplr-registration-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-excerpts-01f45554766c9d4c4656369fac530065.yaml b/nuclei-templates/cve-less/plugins/simply-excerpts-01f45554766c9d4c4656369fac530065.yaml new file mode 100644 index 0000000000..c76717dc45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-excerpts-01f45554766c9d4c4656369fac530065.yaml @@ -0,0 +1,58 @@ +id: simply-excerpts-01f45554766c9d4c4656369fac530065 + +info: + name: > + Simply Excerpts <= 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e6a7f09-2166-426e-a548-daafb23363a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-excerpts/" + google-query: inurl:"/wp-content/plugins/simply-excerpts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-excerpts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-excerpts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-excerpts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-exclude-9035cd59a4944d047d13b61802d65e13.yaml b/nuclei-templates/cve-less/plugins/simply-exclude-9035cd59a4944d047d13b61802d65e13.yaml new file mode 100644 index 0000000000..a3254c212f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-exclude-9035cd59a4944d047d13b61802d65e13.yaml @@ -0,0 +1,58 @@ +id: simply-exclude-9035cd59a4944d047d13b61802d65e13 + +info: + name: > + Simply Exclude <= 2.0.6.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f9a3883-9755-4de8-9d60-113238b3c0ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-exclude/" + google-query: inurl:"/wp-content/plugins/simply-exclude/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-exclude,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-exclude/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-exclude" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-gallery-block-11813679c9659f7e86b27269316b1760.yaml b/nuclei-templates/cve-less/plugins/simply-gallery-block-11813679c9659f7e86b27269316b1760.yaml new file mode 100644 index 0000000000..0fbb7aba57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-gallery-block-11813679c9659f7e86b27269316b1760.yaml @@ -0,0 +1,58 @@ +id: simply-gallery-block-11813679c9659f7e86b27269316b1760 + +info: + name: > + Gallery Blocks with Lightbox <= 2.2.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5de488a2-72d6-4eeb-9b92-7f5bea1ee4ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-gallery-block/" + google-query: inurl:"/wp-content/plugins/simply-gallery-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-gallery-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-gallery-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-gallery-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-gallery-block-e8011af8e84e91734034cab87d49e815.yaml b/nuclei-templates/cve-less/plugins/simply-gallery-block-e8011af8e84e91734034cab87d49e815.yaml new file mode 100644 index 0000000000..433882594d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-gallery-block-e8011af8e84e91734034cab87d49e815.yaml @@ -0,0 +1,58 @@ +id: simply-gallery-block-e8011af8e84e91734034cab87d49e815 + +info: + name: > + Gallery Blocks with Lightbox <= 3.0.7 - Missing Authorization in pgc_sgb_action_wizard + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7561bce2-bd70-4da3-bbf0-318e59cd1852?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-gallery-block/" + google-query: inurl:"/wp-content/plugins/simply-gallery-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-gallery-block,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-gallery-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-gallery-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-schedule-appointments-2a22d89645a206ec3980a097270f17eb.yaml b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-2a22d89645a206ec3980a097270f17eb.yaml new file mode 100644 index 0000000000..067c9cb2e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-2a22d89645a206ec3980a097270f17eb.yaml @@ -0,0 +1,58 @@ +id: simply-schedule-appointments-2a22d89645a206ec3980a097270f17eb + +info: + name: > + Simply Schedule Appointments <= 1.5.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71f059ba-1874-4e8a-80e9-3f7826f9341d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-schedule-appointments/" + google-query: inurl:"/wp-content/plugins/simply-schedule-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-schedule-appointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-schedule-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-schedule-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-schedule-appointments-4875a2fe8d20d1fa49a472eba79255a0.yaml b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-4875a2fe8d20d1fa49a472eba79255a0.yaml new file mode 100644 index 0000000000..9856045565 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-4875a2fe8d20d1fa49a472eba79255a0.yaml @@ -0,0 +1,58 @@ +id: simply-schedule-appointments-4875a2fe8d20d1fa49a472eba79255a0 + +info: + name: > + Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c0dd466-a78a-4b79-b9bd-5363f69d9a4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-schedule-appointments/" + google-query: inurl:"/wp-content/plugins/simply-schedule-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-schedule-appointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-schedule-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-schedule-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-schedule-appointments-8913b61e532a835b143f97f633aefd8d.yaml b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-8913b61e532a835b143f97f633aefd8d.yaml new file mode 100644 index 0000000000..f077316daa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-8913b61e532a835b143f97f633aefd8d.yaml @@ -0,0 +1,58 @@ +id: simply-schedule-appointments-8913b61e532a835b143f97f633aefd8d + +info: + name: > + Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.7.7 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4930b03-9142-464e-98ae-a910dfa46f2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-schedule-appointments/" + google-query: inurl:"/wp-content/plugins/simply-schedule-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-schedule-appointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-schedule-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-schedule-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-schedule-appointments-97337e0bb5451938a58c2c753a687598.yaml b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-97337e0bb5451938a58c2c753a687598.yaml new file mode 100644 index 0000000000..15595402aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-97337e0bb5451938a58c2c753a687598.yaml @@ -0,0 +1,58 @@ +id: simply-schedule-appointments-97337e0bb5451938a58c2c753a687598 + +info: + name: > + Simply Schedule Appointments <= 1.6.6.20 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4291b5c8-cce3-46ae-b9ff-a34a0f5bcdce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-schedule-appointments/" + google-query: inurl:"/wp-content/plugins/simply-schedule-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-schedule-appointments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-schedule-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-schedule-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-schedule-appointments-c38981be41bbef7485b5eec0cd09e15d.yaml b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-c38981be41bbef7485b5eec0cd09e15d.yaml new file mode 100644 index 0000000000..64da8686b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-c38981be41bbef7485b5eec0cd09e15d.yaml @@ -0,0 +1,58 @@ +id: simply-schedule-appointments-c38981be41bbef7485b5eec0cd09e15d + +info: + name: > + Simply Schedule Appointments <= 1.5.7.5 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9614aaa9-d343-4fd4-8a40-7366cd961bd3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-schedule-appointments/" + google-query: inurl:"/wp-content/plugins/simply-schedule-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-schedule-appointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-schedule-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-schedule-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-schedule-appointments-f9c99e185c0c70242a4641a50c06e0c6.yaml b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-f9c99e185c0c70242a4641a50c06e0c6.yaml new file mode 100644 index 0000000000..cadad4a99e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-f9c99e185c0c70242a4641a50c06e0c6.yaml @@ -0,0 +1,58 @@ +id: simply-schedule-appointments-f9c99e185c0c70242a4641a50c06e0c6 + +info: + name: > + Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.6.20 - Cross-Site Request Forgery to Plugin Data Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0eec9744-6dbd-42bd-b9c5-c9d792cecf4b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-schedule-appointments/" + google-query: inurl:"/wp-content/plugins/simply-schedule-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-schedule-appointments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-schedule-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-schedule-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-schedule-appointments-fb1f94792250765f89467bf81e536614.yaml b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-fb1f94792250765f89467bf81e536614.yaml new file mode 100644 index 0000000000..5aa304f6f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-schedule-appointments-fb1f94792250765f89467bf81e536614.yaml @@ -0,0 +1,58 @@ +id: simply-schedule-appointments-fb1f94792250765f89467bf81e536614 + +info: + name: > + Simply Schedule Appointments <= 1.6.5.27 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/775d4ba7-7198-493c-bae0-7f3f78741b90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-schedule-appointments/" + google-query: inurl:"/wp-content/plugins/simply-schedule-appointments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-schedule-appointments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-schedule-appointments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-schedule-appointments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-static-7a5d96cd355dcc2c5701c024f2ba7043.yaml b/nuclei-templates/cve-less/plugins/simply-static-7a5d96cd355dcc2c5701c024f2ba7043.yaml new file mode 100644 index 0000000000..c2abb0170b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-static-7a5d96cd355dcc2c5701c024f2ba7043.yaml @@ -0,0 +1,58 @@ +id: simply-static-7a5d96cd355dcc2c5701c024f2ba7043 + +info: + name: > + Simply Static <= 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/222aa8cb-95f4-4fe1-82c8-3acf82960cc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-static/" + google-query: inurl:"/wp-content/plugins/simply-static/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-static,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-static/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-static" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/simply-static-ee067e98831efc015954686b9f2f926b.yaml b/nuclei-templates/cve-less/plugins/simply-static-ee067e98831efc015954686b9f2f926b.yaml new file mode 100644 index 0000000000..f20f7c4a57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/simply-static-ee067e98831efc015954686b9f2f926b.yaml @@ -0,0 +1,58 @@ +id: simply-static-ee067e98831efc015954686b9f2f926b + +info: + name: > + Simply Static <= 3.1.3 - Unauthenticated Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a669f6ef-0cf1-4fdb-855a-1d6aaa7d8f6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/simply-static/" + google-query: inurl:"/wp-content/plugins/simply-static/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,simply-static,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/simply-static/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simply-static" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-4db0da089db1959632856d530ba9ce1d.yaml b/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-4db0da089db1959632856d530ba9ce1d.yaml new file mode 100644 index 0000000000..4d4ae2b385 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-4db0da089db1959632856d530ba9ce1d.yaml @@ -0,0 +1,58 @@ +id: sina-extension-for-elementor-4db0da089db1959632856d530ba9ce1d + +info: + name: > + Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78b24567-c185-4bef-b025-016b091be2e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sina-extension-for-elementor/" + google-query: inurl:"/wp-content/plugins/sina-extension-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sina-extension-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sina-extension-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-5549387f2d45c534d6b21b6c2a38d654.yaml b/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-5549387f2d45c534d6b21b6c2a38d654.yaml new file mode 100644 index 0000000000..13c32cf383 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-5549387f2d45c534d6b21b6c2a38d654.yaml @@ -0,0 +1,58 @@ +id: sina-extension-for-elementor-5549387f2d45c534d6b21b6c2a38d654 + +info: + name: > + Sina Extension for Elementor < 2.2.1 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a876469-72b1-478f-926b-57da237e3a95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sina-extension-for-elementor/" + google-query: inurl:"/wp-content/plugins/sina-extension-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sina-extension-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sina-extension-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-85fafc88eba7f097874b28a387304352.yaml b/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-85fafc88eba7f097874b28a387304352.yaml new file mode 100644 index 0000000000..3fdbef1cb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-85fafc88eba7f097874b28a387304352.yaml @@ -0,0 +1,58 @@ +id: sina-extension-for-elementor-85fafc88eba7f097874b28a387304352 + +info: + name: > + Sina Extension for Elementor <= 3.3.11 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce5f4960-e47c-4926-97f2-8c94c438a4e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sina-extension-for-elementor/" + google-query: inurl:"/wp-content/plugins/sina-extension-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sina-extension-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sina-extension-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-9a44744af3993590fe3bf014b0ad32e9.yaml b/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-9a44744af3993590fe3bf014b0ad32e9.yaml new file mode 100644 index 0000000000..6ed2d030d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-9a44744af3993590fe3bf014b0ad32e9.yaml @@ -0,0 +1,58 @@ +id: sina-extension-for-elementor-9a44744af3993590fe3bf014b0ad32e9 + +info: + name: > + Sina Extension for Elementor <= 3.5.1 - Authenticated (Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db4616f7-e685-4dc7-947c-23c378a9bdd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sina-extension-for-elementor/" + google-query: inurl:"/wp-content/plugins/sina-extension-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sina-extension-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sina-extension-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-e224a4cb8b7e311ea14d699136e59c51.yaml b/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-e224a4cb8b7e311ea14d699136e59c51.yaml new file mode 100644 index 0000000000..3f9d6ed072 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sina-extension-for-elementor-e224a4cb8b7e311ea14d699136e59c51.yaml @@ -0,0 +1,58 @@ +id: sina-extension-for-elementor-e224a4cb8b7e311ea14d699136e59c51 + +info: + name: > + Sina Extension for Elementor <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3905ebe-334c-4c6f-a430-4c25cd15c61f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sina-extension-for-elementor/" + google-query: inurl:"/wp-content/plugins/sina-extension-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sina-extension-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sina-extension-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sina-extension-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/single-post-exporter-e9772ee13db7edf1a8985c488222cdb7.yaml b/nuclei-templates/cve-less/plugins/single-post-exporter-e9772ee13db7edf1a8985c488222cdb7.yaml new file mode 100644 index 0000000000..9b22d2726c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/single-post-exporter-e9772ee13db7edf1a8985c488222cdb7.yaml @@ -0,0 +1,58 @@ +id: single-post-exporter-e9772ee13db7edf1a8985c488222cdb7 + +info: + name: > + Single Post Exporter <= 1.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f6693fd-2ffc-4281-9da3-bdbf70e20cfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/single-post-exporter/" + google-query: inurl:"/wp-content/plugins/single-post-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,single-post-exporter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/single-post-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "single-post-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/single-sign-on-client-d5d7eb75824b8adafca40c78e85d9d96.yaml b/nuclei-templates/cve-less/plugins/single-sign-on-client-d5d7eb75824b8adafca40c78e85d9d96.yaml new file mode 100644 index 0000000000..b26cfc012e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/single-sign-on-client-d5d7eb75824b8adafca40c78e85d9d96.yaml @@ -0,0 +1,58 @@ +id: single-sign-on-client-d5d7eb75824b8adafca40c78e85d9d96 + +info: + name: > + Simple Single Sign On <= 4.1.1 - Insecure OAuth Implementation to Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb762cd0-1925-4161-bd12-9e781de60c9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/single-sign-on-client/" + google-query: inurl:"/wp-content/plugins/single-sign-on-client/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,single-sign-on-client,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/single-sign-on-client/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "single-sign-on-client" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sirv-0e449c9a497e53b142f5674fb22e2a1f.yaml b/nuclei-templates/cve-less/plugins/sirv-0e449c9a497e53b142f5674fb22e2a1f.yaml new file mode 100644 index 0000000000..625c9f5625 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sirv-0e449c9a497e53b142f5674fb22e2a1f.yaml @@ -0,0 +1,58 @@ +id: sirv-0e449c9a497e53b142f5674fb22e2a1f + +info: + name: > + Sirv <= 7.2.2 - Missing Authorization to Arbitrary Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b94583f-405e-4fd3-849e-33563b72f698?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sirv/" + google-query: inurl:"/wp-content/plugins/sirv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sirv,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sirv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sirv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sirv-20f2364245cca99badf62beb26ca57f1.yaml b/nuclei-templates/cve-less/plugins/sirv-20f2364245cca99badf62beb26ca57f1.yaml new file mode 100644 index 0000000000..0918ddd300 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sirv-20f2364245cca99badf62beb26ca57f1.yaml @@ -0,0 +1,58 @@ +id: sirv-20f2364245cca99badf62beb26ca57f1 + +info: + name: > + Image Optimizer, Resizer and CDN – Sirv <= 7.2.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46030da6-6d9f-4934-a93c-4cd564510f36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sirv/" + google-query: inurl:"/wp-content/plugins/sirv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sirv,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sirv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sirv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sirv-28a2dfdb4b89718535fa7dedda6260e9.yaml b/nuclei-templates/cve-less/plugins/sirv-28a2dfdb4b89718535fa7dedda6260e9.yaml new file mode 100644 index 0000000000..b46bb4b5ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sirv-28a2dfdb4b89718535fa7dedda6260e9.yaml @@ -0,0 +1,58 @@ +id: sirv-28a2dfdb4b89718535fa7dedda6260e9 + +info: + name: > + Image Optimizer, Resizer and CDN – Sirv < 1.3.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98df8fbb-51c3-4b6c-8f99-56abfe11447e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sirv/" + google-query: inurl:"/wp-content/plugins/sirv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sirv,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sirv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sirv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sirv-56de812058629ef41442e0db5d74e172.yaml b/nuclei-templates/cve-less/plugins/sirv-56de812058629ef41442e0db5d74e172.yaml new file mode 100644 index 0000000000..d88abb895b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sirv-56de812058629ef41442e0db5d74e172.yaml @@ -0,0 +1,58 @@ +id: sirv-56de812058629ef41442e0db5d74e172 + +info: + name: > + Image Optimizer, Resizer and CDN – Sirv <= 7.2.0 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d30cc136-ebde-4c76-9831-ffde79bf3c4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sirv/" + google-query: inurl:"/wp-content/plugins/sirv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sirv,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sirv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sirv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sirv-6ccadf7e1366ca3249cc5950850c4bdc.yaml b/nuclei-templates/cve-less/plugins/sirv-6ccadf7e1366ca3249cc5950850c4bdc.yaml new file mode 100644 index 0000000000..b5f28ad1b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sirv-6ccadf7e1366ca3249cc5950850c4bdc.yaml @@ -0,0 +1,58 @@ +id: sirv-6ccadf7e1366ca3249cc5950850c4bdc + +info: + name: > + Image Optimizer, Resizer and CDN – Sirv <= 6.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d44f8891-cc24-4f6f-9032-3a4c632c6fb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sirv/" + google-query: inurl:"/wp-content/plugins/sirv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sirv,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sirv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sirv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sirv-da89f8a86000f654eccfee96ffe3f6a3.yaml b/nuclei-templates/cve-less/plugins/sirv-da89f8a86000f654eccfee96ffe3f6a3.yaml new file mode 100644 index 0000000000..813873bd7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sirv-da89f8a86000f654eccfee96ffe3f6a3.yaml @@ -0,0 +1,58 @@ +id: sirv-da89f8a86000f654eccfee96ffe3f6a3 + +info: + name: > + Sirv <= 7.1.2 - Missing Authorization via sirv_disconnect + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4a67ec6-ee13-4532-8213-d17dbf5f2c55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sirv/" + google-query: inurl:"/wp-content/plugins/sirv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sirv,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sirv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sirv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sis-handball-1d1308e4009a475d471dafd71ee14d32.yaml b/nuclei-templates/cve-less/plugins/sis-handball-1d1308e4009a475d471dafd71ee14d32.yaml new file mode 100644 index 0000000000..1b102c1fbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sis-handball-1d1308e4009a475d471dafd71ee14d32.yaml @@ -0,0 +1,58 @@ +id: sis-handball-1d1308e4009a475d471dafd71ee14d32 + +info: + name: > + SIS Handball <= 1.0.45 - Authenticated (Administrator+) SQL Injection via 'orderby' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cabdc9db-2d1c-4390-a4b7-65648ef9f16a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sis-handball/" + google-query: inurl:"/wp-content/plugins/sis-handball/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sis-handball,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sis-handball/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sis-handball" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.45') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sis-handball-3230f7ba42466d011feb76d708212b0d.yaml b/nuclei-templates/cve-less/plugins/sis-handball-3230f7ba42466d011feb76d708212b0d.yaml new file mode 100644 index 0000000000..85f6ef2998 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sis-handball-3230f7ba42466d011feb76d708212b0d.yaml @@ -0,0 +1,58 @@ +id: sis-handball-3230f7ba42466d011feb76d708212b0d + +info: + name: > + SIS Handball <= 1.0.45 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5973afaa-5a64-4db1-8e32-3b39d1367eb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sis-handball/" + google-query: inurl:"/wp-content/plugins/sis-handball/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sis-handball,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sis-handball/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sis-handball" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.45') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-audit-e422a5cf5dae135dafe01672b0f3ffbc.yaml b/nuclei-templates/cve-less/plugins/site-audit-e422a5cf5dae135dafe01672b0f3ffbc.yaml new file mode 100644 index 0000000000..f0c276dcb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-audit-e422a5cf5dae135dafe01672b0f3ffbc.yaml @@ -0,0 +1,58 @@ +id: site-audit-e422a5cf5dae135dafe01672b0f3ffbc + +info: + name: > + My Site Audit <= 1.2.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13c607d9-a8fe-4a03-972c-d0c1b752c7d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-audit/" + google-query: inurl:"/wp-content/plugins/site-audit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-audit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-audit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-audit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-editor-d269819cdfc64e9b2366e7d4a6d8de82.yaml b/nuclei-templates/cve-less/plugins/site-editor-d269819cdfc64e9b2366e7d4a6d8de82.yaml new file mode 100644 index 0000000000..868918aedf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-editor-d269819cdfc64e9b2366e7d4a6d8de82.yaml @@ -0,0 +1,58 @@ +id: site-editor-d269819cdfc64e9b2366e7d4a6d8de82 + +info: + name: > + Site Editor <= 1.1.1 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99d90610-490f-44a5-8e87-63927410c804?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-editor/" + google-query: inurl:"/wp-content/plugins/site-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-editor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-is-offline-plugin-fcfe12c9ab0b540a8002a6b623d72f95.yaml b/nuclei-templates/cve-less/plugins/site-is-offline-plugin-fcfe12c9ab0b540a8002a6b623d72f95.yaml new file mode 100644 index 0000000000..1f6e98190b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-is-offline-plugin-fcfe12c9ab0b540a8002a6b623d72f95.yaml @@ -0,0 +1,58 @@ +id: site-is-offline-plugin-fcfe12c9ab0b540a8002a6b623d72f95 + +info: + name: > + Site Offline or Coming Soon <= 1.6.6 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffaf7a75-de27-4361-ba04-ff17151b7eb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-is-offline-plugin/" + google-query: inurl:"/wp-content/plugins/site-is-offline-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-is-offline-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-is-offline-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-is-offline-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-notes-a184b0331f3ba7e840ac7ff2eaf4f219.yaml b/nuclei-templates/cve-less/plugins/site-notes-a184b0331f3ba7e840ac7ff2eaf4f219.yaml new file mode 100644 index 0000000000..a29725eaef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-notes-a184b0331f3ba7e840ac7ff2eaf4f219.yaml @@ -0,0 +1,58 @@ +id: site-notes-a184b0331f3ba7e840ac7ff2eaf4f219 + +info: + name: > + Site Notes <= 2.0.0 - Cross-Site Request Forgery to Admin Note Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89cbe41d-3765-4061-8ef6-b63556a5677c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-notes/" + google-query: inurl:"/wp-content/plugins/site-notes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-notes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-notes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-notes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-offline-27d8a1199f49c828fd2eeb0b1780c2d6.yaml b/nuclei-templates/cve-less/plugins/site-offline-27d8a1199f49c828fd2eeb0b1780c2d6.yaml new file mode 100644 index 0000000000..17dd40c515 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-offline-27d8a1199f49c828fd2eeb0b1780c2d6.yaml @@ -0,0 +1,58 @@ +id: site-offline-27d8a1199f49c828fd2eeb0b1780c2d6 + +info: + name: > + Site Offline <= 1.4.9 - Maintenance Mode Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac06b9d9-51de-4f7a-87b8-c7b46a8475ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-offline/" + google-query: inurl:"/wp-content/plugins/site-offline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-offline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-offline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-offline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-offline-4160c9c4da480f4b3c030b1d1b582ea6.yaml b/nuclei-templates/cve-less/plugins/site-offline-4160c9c4da480f4b3c030b1d1b582ea6.yaml new file mode 100644 index 0000000000..b550181dd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-offline-4160c9c4da480f4b3c030b1d1b582ea6.yaml @@ -0,0 +1,58 @@ +id: site-offline-4160c9c4da480f4b3c030b1d1b582ea6 + +info: + name: > + Site Offline Or Coming Soon Or Maintenance Mode <= 1.4.2 - Cross-Site Request Forgery and Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b105fe2a-b1fd-42d4-ab16-b80115e22531?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-offline/" + google-query: inurl:"/wp-content/plugins/site-offline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-offline,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-offline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-offline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-offline-f94ad2e40424de33128764065d19c984.yaml b/nuclei-templates/cve-less/plugins/site-offline-f94ad2e40424de33128764065d19c984.yaml new file mode 100644 index 0000000000..d75e2a15eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-offline-f94ad2e40424de33128764065d19c984.yaml @@ -0,0 +1,58 @@ +id: site-offline-f94ad2e40424de33128764065d19c984 + +info: + name: > + Site Offline <= 1.5.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96f30a22-f218-48e7-9796-b9f1d5becc2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-offline/" + google-query: inurl:"/wp-content/plugins/site-offline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-offline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-offline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-offline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-reviews-1d382a2cbfe1692803bdc9f5974b02e1.yaml b/nuclei-templates/cve-less/plugins/site-reviews-1d382a2cbfe1692803bdc9f5974b02e1.yaml new file mode 100644 index 0000000000..3a578ad708 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-reviews-1d382a2cbfe1692803bdc9f5974b02e1.yaml @@ -0,0 +1,58 @@ +id: site-reviews-1d382a2cbfe1692803bdc9f5974b02e1 + +info: + name: > + Site Reviews <= 5.13.0 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a84a021-5014-4848-a77f-d3f4802c9395?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-reviews/" + google-query: inurl:"/wp-content/plugins/site-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-reviews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-reviews-27b5597908113501f4beb8489633cce4.yaml b/nuclei-templates/cve-less/plugins/site-reviews-27b5597908113501f4beb8489633cce4.yaml new file mode 100644 index 0000000000..3b0b9b0f88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-reviews-27b5597908113501f4beb8489633cce4.yaml @@ -0,0 +1,58 @@ +id: site-reviews-27b5597908113501f4beb8489633cce4 + +info: + name: > + Site Reviews <= 6.10.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1accc41e-41d2-49e3-a80a-6b95b02cb42e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-reviews/" + google-query: inurl:"/wp-content/plugins/site-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-reviews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-reviews-363cf849a90f39fbc05b59e8ab91a270.yaml b/nuclei-templates/cve-less/plugins/site-reviews-363cf849a90f39fbc05b59e8ab91a270.yaml new file mode 100644 index 0000000000..d8928d42ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-reviews-363cf849a90f39fbc05b59e8ab91a270.yaml @@ -0,0 +1,58 @@ +id: site-reviews-363cf849a90f39fbc05b59e8ab91a270 + +info: + name: > + Site Reviews <= 2.15.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/825d9154-7385-4652-b258-cf813be9bcdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-reviews/" + google-query: inurl:"/wp-content/plugins/site-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-reviews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.15.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-reviews-5d6957b18909422bd5f841b070340ee6.yaml b/nuclei-templates/cve-less/plugins/site-reviews-5d6957b18909422bd5f841b070340ee6.yaml new file mode 100644 index 0000000000..3dd5ea15aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-reviews-5d6957b18909422bd5f841b070340ee6.yaml @@ -0,0 +1,58 @@ +id: site-reviews-5d6957b18909422bd5f841b070340ee6 + +info: + name: > + Site Reviews <= 6.11.4 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/823418d9-a231-4306-8575-2937a491509f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-reviews/" + google-query: inurl:"/wp-content/plugins/site-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.11.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-reviews-68354cec14dcc6c8c5561bd362f6a851.yaml b/nuclei-templates/cve-less/plugins/site-reviews-68354cec14dcc6c8c5561bd362f6a851.yaml new file mode 100644 index 0000000000..88f6b3a0d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-reviews-68354cec14dcc6c8c5561bd362f6a851.yaml @@ -0,0 +1,58 @@ +id: site-reviews-68354cec14dcc6c8c5561bd362f6a851 + +info: + name: > + Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de63f5bf-9cf5-428d-80da-c0030988b4a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-reviews/" + google-query: inurl:"/wp-content/plugins/site-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-reviews-a344469158b924b0533b76919c9daf70.yaml b/nuclei-templates/cve-less/plugins/site-reviews-a344469158b924b0533b76919c9daf70.yaml new file mode 100644 index 0000000000..4165467737 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-reviews-a344469158b924b0533b76919c9daf70.yaml @@ -0,0 +1,58 @@ +id: site-reviews-a344469158b924b0533b76919c9daf70 + +info: + name: > + Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03c9e4c4-c680-474e-b172-d34d3eba2183?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-reviews/" + google-query: inurl:"/wp-content/plugins/site-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-reviews-c2ad47353175f44f004de63cfd387b37.yaml b/nuclei-templates/cve-less/plugins/site-reviews-c2ad47353175f44f004de63cfd387b37.yaml new file mode 100644 index 0000000000..1a577f7191 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-reviews-c2ad47353175f44f004de63cfd387b37.yaml @@ -0,0 +1,58 @@ +id: site-reviews-c2ad47353175f44f004de63cfd387b37 + +info: + name: > + Site Reviews <= 6.11.6 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2003cef3-06b0-4012-9629-19c0765553dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-reviews/" + google-query: inurl:"/wp-content/plugins/site-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-reviews-db3e14a64935e9816ff1fc8cb2d49569.yaml b/nuclei-templates/cve-less/plugins/site-reviews-db3e14a64935e9816ff1fc8cb2d49569.yaml new file mode 100644 index 0000000000..67c811989e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-reviews-db3e14a64935e9816ff1fc8cb2d49569.yaml @@ -0,0 +1,58 @@ +id: site-reviews-db3e14a64935e9816ff1fc8cb2d49569 + +info: + name: > + Site Reviews <= 6.5.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d94f6cdd-8232-4e0c-b510-0e755c280b58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-reviews/" + google-query: inurl:"/wp-content/plugins/site-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-reviews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-reviews-dc0678502bda1f209b1b74a11263e93c.yaml b/nuclei-templates/cve-less/plugins/site-reviews-dc0678502bda1f209b1b74a11263e93c.yaml new file mode 100644 index 0000000000..ae0cbb2f93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-reviews-dc0678502bda1f209b1b74a11263e93c.yaml @@ -0,0 +1,58 @@ +id: site-reviews-dc0678502bda1f209b1b74a11263e93c + +info: + name: > + Site Reviews <= 6.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c31072d-9921-4bef-809c-b97a1020a2cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-reviews/" + google-query: inurl:"/wp-content/plugins/site-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-reviews-f51b1e88d3f4e8a3ab51d6b13ceec3ec.yaml b/nuclei-templates/cve-less/plugins/site-reviews-f51b1e88d3f4e8a3ab51d6b13ceec3ec.yaml new file mode 100644 index 0000000000..2612763ca9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-reviews-f51b1e88d3f4e8a3ab51d6b13ceec3ec.yaml @@ -0,0 +1,58 @@ +id: site-reviews-f51b1e88d3f4e8a3ab51d6b13ceec3ec + +info: + name: > + Site Reviews <= 6.2.0 - Unauthenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ead76977-d0dc-4385-8666-c8a4694c3bbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-reviews/" + google-query: inurl:"/wp-content/plugins/site-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/site-reviews-f8a3890c58a293ea8072e2174a632bd1.yaml b/nuclei-templates/cve-less/plugins/site-reviews-f8a3890c58a293ea8072e2174a632bd1.yaml new file mode 100644 index 0000000000..698ebdb5b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/site-reviews-f8a3890c58a293ea8072e2174a632bd1.yaml @@ -0,0 +1,58 @@ +id: site-reviews-f8a3890c58a293ea8072e2174a632bd1 + +info: + name: > + Site Reviews <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/618854b9-fa85-4302-9a38-ae5cbd7c7b9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/site-reviews/" + google-query: inurl:"/wp-content/plugins/site-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,site-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/site-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "site-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.17.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitebuilder-dynamic-components-a6ba1a0da5df7762bd146ece37b9f32b.yaml b/nuclei-templates/cve-less/plugins/sitebuilder-dynamic-components-a6ba1a0da5df7762bd146ece37b9f32b.yaml new file mode 100644 index 0000000000..d8fab89471 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitebuilder-dynamic-components-a6ba1a0da5df7762bd146ece37b9f32b.yaml @@ -0,0 +1,58 @@ +id: sitebuilder-dynamic-components-a6ba1a0da5df7762bd146ece37b9f32b + +info: + name: > + SiteBuilder Dynamic Components <= 1.0 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32d81267-f17c-4d53-bbc9-7b52683351e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitebuilder-dynamic-components/" + google-query: inurl:"/wp-content/plugins/sitebuilder-dynamic-components/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitebuilder-dynamic-components,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitebuilder-dynamic-components/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitebuilder-dynamic-components" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitekit-1db1c2d5f1fad40eb6b6cd9715e502a3.yaml b/nuclei-templates/cve-less/plugins/sitekit-1db1c2d5f1fad40eb6b6cd9715e502a3.yaml new file mode 100644 index 0000000000..12b3362735 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitekit-1db1c2d5f1fad40eb6b6cd9715e502a3.yaml @@ -0,0 +1,58 @@ +id: sitekit-1db1c2d5f1fad40eb6b6cd9715e502a3 + +info: + name: > + Sitekit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe' shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/011c8a06-298e-4a53-9ef8-552585426d79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitekit/" + google-query: inurl:"/wp-content/plugins/sitekit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitekit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitekit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitekit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitekit-50ade2845c53f4bbe684ddfabd1bfd64.yaml b/nuclei-templates/cve-less/plugins/sitekit-50ade2845c53f4bbe684ddfabd1bfd64.yaml new file mode 100644 index 0000000000..0b4fc30dba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitekit-50ade2845c53f4bbe684ddfabd1bfd64.yaml @@ -0,0 +1,58 @@ +id: sitekit-50ade2845c53f4bbe684ddfabd1bfd64 + +info: + name: > + Sitekit <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sitekit_iframe ' shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f0be29a-7896-4166-a2a6-64f99d845236?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitekit/" + google-query: inurl:"/wp-content/plugins/sitekit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitekit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitekit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitekit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitekit-d10ca8810c9a238a95e8c428f2cea03d.yaml b/nuclei-templates/cve-less/plugins/sitekit-d10ca8810c9a238a95e8c428f2cea03d.yaml new file mode 100644 index 0000000000..e3097cb57e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitekit-d10ca8810c9a238a95e8c428f2cea03d.yaml @@ -0,0 +1,58 @@ +id: sitekit-d10ca8810c9a238a95e8c428f2cea03d + +info: + name: > + Sitekit <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55797931-e2eb-4cd7-8de6-ded7e1a382a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitekit/" + google-query: inurl:"/wp-content/plugins/sitekit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitekit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitekit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitekit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitemap-by-click5-61a8c97249e7ba41d1f71a1052bb0639.yaml b/nuclei-templates/cve-less/plugins/sitemap-by-click5-61a8c97249e7ba41d1f71a1052bb0639.yaml new file mode 100644 index 0000000000..4d09257c7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitemap-by-click5-61a8c97249e7ba41d1f71a1052bb0639.yaml @@ -0,0 +1,58 @@ +id: sitemap-by-click5-61a8c97249e7ba41d1f71a1052bb0639 + +info: + name: > + Sitemap by click5 <= 1.0.35 - Unauthenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f07c1aac-28c1-47fc-a2e5-fbe48a90f051?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitemap-by-click5/" + google-query: inurl:"/wp-content/plugins/sitemap-by-click5/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitemap-by-click5,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitemap-by-click5/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitemap-by-click5" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitemap-efa61bc9a560990c025c5047443643f6.yaml b/nuclei-templates/cve-less/plugins/sitemap-efa61bc9a560990c025c5047443643f6.yaml new file mode 100644 index 0000000000..ec68a0edbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitemap-efa61bc9a560990c025c5047443643f6.yaml @@ -0,0 +1,58 @@ +id: sitemap-efa61bc9a560990c025c5047443643f6 + +info: + name: > + Sitemap <= 4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffce535f-620d-40f8-a944-11ea87a67380?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitemap/" + google-query: inurl:"/wp-content/plugins/sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitemap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitemap-index-e71a52c7f200dba2edfeb838eff9f8f3.yaml b/nuclei-templates/cve-less/plugins/sitemap-index-e71a52c7f200dba2edfeb838eff9f8f3.yaml new file mode 100644 index 0000000000..dcab5d7fbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitemap-index-e71a52c7f200dba2edfeb838eff9f8f3.yaml @@ -0,0 +1,58 @@ +id: sitemap-index-e71a52c7f200dba2edfeb838eff9f8f3 + +info: + name: > + Sitemap Index <= 1.2.3 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40005aed-07aa-44da-a06e-0187931105ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitemap-index/" + google-query: inurl:"/wp-content/plugins/sitemap-index/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitemap-index,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitemap-index/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitemap-index" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/siteorigin-panels-7b1460489673c879f7bd7cd256d22891.yaml b/nuclei-templates/cve-less/plugins/siteorigin-panels-7b1460489673c879f7bd7cd256d22891.yaml new file mode 100644 index 0000000000..200de11112 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/siteorigin-panels-7b1460489673c879f7bd7cd256d22891.yaml @@ -0,0 +1,58 @@ +id: siteorigin-panels-7b1460489673c879f7bd7cd256d22891 + +info: + name: > + Page Builder by SiteOrigin <= 2.29.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Legacy Image Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52116a6f-506f-4eeb-9bcc-19900ef38101?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/siteorigin-panels/" + google-query: inurl:"/wp-content/plugins/siteorigin-panels/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,siteorigin-panels,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/siteorigin-panels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "siteorigin-panels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.29.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/siteorigin-panels-7df5e5754fb5a3c3ef39f58481635571.yaml b/nuclei-templates/cve-less/plugins/siteorigin-panels-7df5e5754fb5a3c3ef39f58481635571.yaml new file mode 100644 index 0000000000..eaa3d9230c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/siteorigin-panels-7df5e5754fb5a3c3ef39f58481635571.yaml @@ -0,0 +1,58 @@ +id: siteorigin-panels-7df5e5754fb5a3c3ef39f58481635571 + +info: + name: > + Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/704eed2c-5ea8-4c31-99c5-8c1b0572997c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/siteorigin-panels/" + google-query: inurl:"/wp-content/plugins/siteorigin-panels/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,siteorigin-panels,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/siteorigin-panels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "siteorigin-panels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/siteorigin-panels-86d73827337d8244a557bb98a9e7b2f5.yaml b/nuclei-templates/cve-less/plugins/siteorigin-panels-86d73827337d8244a557bb98a9e7b2f5.yaml new file mode 100644 index 0000000000..940ddf1ee3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/siteorigin-panels-86d73827337d8244a557bb98a9e7b2f5.yaml @@ -0,0 +1,58 @@ +id: siteorigin-panels-86d73827337d8244a557bb98a9e7b2f5 + +info: + name: > + Page Builder by SiteOrigin <= 2.10.15 - Cross-Site Request Forgery to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28e1a11b-5320-41be-bc78-580322e5f407?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/siteorigin-panels/" + google-query: inurl:"/wp-content/plugins/siteorigin-panels/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,siteorigin-panels,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/siteorigin-panels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "siteorigin-panels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.10.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitepact-klaviyo-contact-form-7-2583927ebea3f6f03dee7ed526491728.yaml b/nuclei-templates/cve-less/plugins/sitepact-klaviyo-contact-form-7-2583927ebea3f6f03dee7ed526491728.yaml new file mode 100644 index 0000000000..4cd3c27cbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitepact-klaviyo-contact-form-7-2583927ebea3f6f03dee7ed526491728.yaml @@ -0,0 +1,58 @@ +id: sitepact-klaviyo-contact-form-7-2583927ebea3f6f03dee7ed526491728 + +info: + name: > + Sitepact's Contact Form 7 Extension For Klaviyo <= 1.0.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2565852f-43df-41b1-949e-6c02a8946407?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitepact-klaviyo-contact-form-7/" + google-query: inurl:"/wp-content/plugins/sitepact-klaviyo-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitepact-klaviyo-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitepact-klaviyo-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitepact-klaviyo-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-15159729e5663620758ffbfa0eee6068.yaml b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-15159729e5663620758ffbfa0eee6068.yaml new file mode 100644 index 0000000000..835d37a206 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-15159729e5663620758ffbfa0eee6068.yaml @@ -0,0 +1,58 @@ +id: sitepress-multilingual-cms-15159729e5663620758ffbfa0eee6068 + +info: + name: > + WPML < 4.3.7 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0db3f234-111f-4c79-bb54-1a21e4fedb8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitepress-multilingual-cms/" + google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitepress-multilingual-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitepress-multilingual-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-1695c167f694fa63c272f7b2c5254e2e.yaml b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-1695c167f694fa63c272f7b2c5254e2e.yaml new file mode 100644 index 0000000000..1a1021603d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-1695c167f694fa63c272f7b2c5254e2e.yaml @@ -0,0 +1,58 @@ +id: sitepress-multilingual-cms-1695c167f694fa63c272f7b2c5254e2e + +info: + name: > + WPML <= 4.5.10 - Missing Authorization to Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de62020b-5803-4ea7-89a1-24e5a512f2f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitepress-multilingual-cms/" + google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitepress-multilingual-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitepress-multilingual-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-46fa110da1e59fdc31ecff31d6e6ec62.yaml b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-46fa110da1e59fdc31ecff31d6e6ec62.yaml new file mode 100644 index 0000000000..44dd871531 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-46fa110da1e59fdc31ecff31d6e6ec62.yaml @@ -0,0 +1,58 @@ +id: sitepress-multilingual-cms-46fa110da1e59fdc31ecff31d6e6ec62 + +info: + name: > + WPML <= 4.5.10 - Missing Authorization to Translation Job Status Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef3d4d1-95ce-4180-bb83-afd402094f04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitepress-multilingual-cms/" + google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitepress-multilingual-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitepress-multilingual-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-491308ff9993e601a9660084e0636c41.yaml b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-491308ff9993e601a9660084e0636c41.yaml new file mode 100644 index 0000000000..95199f5133 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-491308ff9993e601a9660084e0636c41.yaml @@ -0,0 +1,58 @@ +id: sitepress-multilingual-cms-491308ff9993e601a9660084e0636c41 + +info: + name: > + WPML <= 3.6.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbdca292-89b6-4e62-bc68-4fdcd57fd504?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitepress-multilingual-cms/" + google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitepress-multilingual-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitepress-multilingual-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-70ddb8ac3ce5b7c3fc2fb83f47b8e6a3.yaml b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-70ddb8ac3ce5b7c3fc2fb83f47b8e6a3.yaml new file mode 100644 index 0000000000..09711f5be3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-70ddb8ac3ce5b7c3fc2fb83f47b8e6a3.yaml @@ -0,0 +1,58 @@ +id: sitepress-multilingual-cms-70ddb8ac3ce5b7c3fc2fb83f47b8e6a3 + +info: + name: > + WPML <= 3.1.9 - SQL Injection via lang Parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/086b51b5-c9f6-4b30-8fa1-4bcc005c66ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitepress-multilingual-cms/" + google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitepress-multilingual-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitepress-multilingual-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-9389937eda8b2fc2252c70c4bad38de9.yaml b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-9389937eda8b2fc2252c70c4bad38de9.yaml new file mode 100644 index 0000000000..7b9e022f21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-9389937eda8b2fc2252c70c4bad38de9.yaml @@ -0,0 +1,58 @@ +id: sitepress-multilingual-cms-9389937eda8b2fc2252c70c4bad38de9 + +info: + name: > + WPML <= 4.5.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69bd850d-79bf-429e-b133-6caefeba7377?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitepress-multilingual-cms/" + google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitepress-multilingual-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitepress-multilingual-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-a1547a2e9b2e7ebf2c891fd062c403d1.yaml b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-a1547a2e9b2e7ebf2c891fd062c403d1.yaml new file mode 100644 index 0000000000..6ba67bb49d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-a1547a2e9b2e7ebf2c891fd062c403d1.yaml @@ -0,0 +1,58 @@ +id: sitepress-multilingual-cms-a1547a2e9b2e7ebf2c891fd062c403d1 + +info: + name: > + WPML <= 3.1.9 - Arbitrary Deletion of Content + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da0c91e5-d9dc-413a-95f6-9e2fc6746ec0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitepress-multilingual-cms/" + google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitepress-multilingual-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitepress-multilingual-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-a91445aaf81e735f1118d6cfce37548b.yaml b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-a91445aaf81e735f1118d6cfce37548b.yaml new file mode 100644 index 0000000000..7b18000dde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-a91445aaf81e735f1118d6cfce37548b.yaml @@ -0,0 +1,58 @@ +id: sitepress-multilingual-cms-a91445aaf81e735f1118d6cfce37548b + +info: + name: > + WPML <= 4.5.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acc0cb26-1199-4e71-91a5-340d80fafc24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitepress-multilingual-cms/" + google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitepress-multilingual-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitepress-multilingual-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-bf27f6ce9ebbfb831479a794b9f49858.yaml b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-bf27f6ce9ebbfb831479a794b9f49858.yaml new file mode 100644 index 0000000000..93dc00e6f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-bf27f6ce9ebbfb831479a794b9f49858.yaml @@ -0,0 +1,58 @@ +id: sitepress-multilingual-cms-bf27f6ce9ebbfb831479a794b9f49858 + +info: + name: > + WPML < 3.1.8 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/490f5939-a990-4fb7-9515-f8dcee53d75a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitepress-multilingual-cms/" + google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitepress-multilingual-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitepress-multilingual-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-fc97a63071c0bdeea490fe1b61f06d10.yaml b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-fc97a63071c0bdeea490fe1b61f06d10.yaml new file mode 100644 index 0000000000..9ae336ebc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitepress-multilingual-cms-fc97a63071c0bdeea490fe1b61f06d10.yaml @@ -0,0 +1,58 @@ +id: sitepress-multilingual-cms-fc97a63071c0bdeea490fe1b61f06d10 + +info: + name: > + WPML 2.9.3-3.2.6 - Cross-Site Scripting in Accept-Language Header + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/066b3b77-7888-4037-b443-a3c6fb540cf7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitepress-multilingual-cms/" + google-query: inurl:"/wp-content/plugins/sitepress-multilingual-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitepress-multilingual-cms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitepress-multilingual-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitepress-multilingual-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.9.3', '<= 3.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitesupercharger-4151801d30351f47d79a16fa8ebbfc4c.yaml b/nuclei-templates/cve-less/plugins/sitesupercharger-4151801d30351f47d79a16fa8ebbfc4c.yaml new file mode 100644 index 0000000000..4bc5024ee4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitesupercharger-4151801d30351f47d79a16fa8ebbfc4c.yaml @@ -0,0 +1,58 @@ +id: sitesupercharger-4151801d30351f47d79a16fa8ebbfc4c + +info: + name: > + SiteSuperCharger <= 5.1.10 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddc91762-b1b0-4d88-bf2d-04a35aab62b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitesupercharger/" + google-query: inurl:"/wp-content/plugins/sitesupercharger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitesupercharger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitesupercharger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitesupercharger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sitewide-notice-wp-9903b310d82da078ab37bcb7e6aa7858.yaml b/nuclei-templates/cve-less/plugins/sitewide-notice-wp-9903b310d82da078ab37bcb7e6aa7858.yaml new file mode 100644 index 0000000000..0c4d58062d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sitewide-notice-wp-9903b310d82da078ab37bcb7e6aa7858.yaml @@ -0,0 +1,58 @@ +id: sitewide-notice-wp-9903b310d82da078ab37bcb7e6aa7858 + +info: + name: > + Sitewide Notice WP <= 2.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66082207-33b6-45e4-ae93-24c9a9611300?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sitewide-notice-wp/" + google-query: inurl:"/wp-content/plugins/sitewide-notice-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sitewide-notice-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sitewide-notice-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sitewide-notice-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/skaut-bazar-9c08f0f48da441b0237405decb3b5169.yaml b/nuclei-templates/cve-less/plugins/skaut-bazar-9c08f0f48da441b0237405decb3b5169.yaml new file mode 100644 index 0000000000..2b7161e12b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/skaut-bazar-9c08f0f48da441b0237405decb3b5169.yaml @@ -0,0 +1,58 @@ +id: skaut-bazar-9c08f0f48da441b0237405decb3b5169 + +info: + name: > + Skaut bazar <= 1.3.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcf005ba-2753-43f5-9f2b-24a8c59505c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/skaut-bazar/" + google-query: inurl:"/wp-content/plugins/skaut-bazar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,skaut-bazar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/skaut-bazar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "skaut-bazar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/skt-builder-b8c540477ad8f7b59e43be9ed6a57e18.yaml b/nuclei-templates/cve-less/plugins/skt-builder-b8c540477ad8f7b59e43be9ed6a57e18.yaml new file mode 100644 index 0000000000..d051645598 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/skt-builder-b8c540477ad8f7b59e43be9ed6a57e18.yaml @@ -0,0 +1,58 @@ +id: skt-builder-b8c540477ad8f7b59e43be9ed6a57e18 + +info: + name: > + SKT Page Builder <= 4.1 - Missing Authorization to Authenticated(Subscriber+) Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3164b96f-d876-4cbc-bddf-51e9d9becee6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/skt-builder/" + google-query: inurl:"/wp-content/plugins/skt-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,skt-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/skt-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "skt-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sky-elementor-addons-f0d3919ed390e73df44ed1542e1a826f.yaml b/nuclei-templates/cve-less/plugins/sky-elementor-addons-f0d3919ed390e73df44ed1542e1a826f.yaml new file mode 100644 index 0000000000..3504b86541 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sky-elementor-addons-f0d3919ed390e73df44ed1542e1a826f.yaml @@ -0,0 +1,58 @@ +id: sky-elementor-addons-f0d3919ed390e73df44ed1542e1a826f + +info: + name: > + Sky Addons for Elementor <= 2.4.0 - Authenticated(Contributor+) Stored Cross-site scripting via Wrapper Link URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5d0ccbd-a091-4897-a100-eac75ffa0e3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sky-elementor-addons/" + google-query: inurl:"/wp-content/plugins/sky-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sky-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sky-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sky-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/skype-online-status-05ead7ef23623d246fc2b9a535b5761b.yaml b/nuclei-templates/cve-less/plugins/skype-online-status-05ead7ef23623d246fc2b9a535b5761b.yaml new file mode 100644 index 0000000000..83c306b78f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/skype-online-status-05ead7ef23623d246fc2b9a535b5761b.yaml @@ -0,0 +1,58 @@ +id: skype-online-status-05ead7ef23623d246fc2b9a535b5761b + +info: + name: > + Skype Legacy Buttons <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/914bcc8f-fecd-450e-b2a7-0989b7a0dd4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/skype-online-status/" + google-query: inurl:"/wp-content/plugins/skype-online-status/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,skype-online-status,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/skype-online-status/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "skype-online-status" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/skysa-official-8b895d6fff8c69659029604aec394ccf.yaml b/nuclei-templates/cve-less/plugins/skysa-official-8b895d6fff8c69659029604aec394ccf.yaml new file mode 100644 index 0000000000..cd9a668281 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/skysa-official-8b895d6fff8c69659029604aec394ccf.yaml @@ -0,0 +1,58 @@ +id: skysa-official-8b895d6fff8c69659029604aec394ccf + +info: + name: > + Skysa App Bar Integration < 1.04 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/596d1083-2030-41f0-92d4-82e98bf07331?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/skysa-official/" + google-query: inurl:"/wp-content/plugins/skysa-official/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,skysa-official,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/skysa-official/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "skysa-official" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.03') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slash-admin-04cfad21aa5454a8d771191b1d8fe82b.yaml b/nuclei-templates/cve-less/plugins/slash-admin-04cfad21aa5454a8d771191b1d8fe82b.yaml new file mode 100644 index 0000000000..5b410645a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slash-admin-04cfad21aa5454a8d771191b1d8fe82b.yaml @@ -0,0 +1,58 @@ +id: slash-admin-04cfad21aa5454a8d771191b1d8fe82b + +info: + name: > + Slash Admin <= 3.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b0ff45d-0514-4090-bfa3-c3b75766ac61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slash-admin/" + google-query: inurl:"/wp-content/plugins/slash-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slash-admin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slash-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slash-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sliced-invoices-3f2e88483cb032a762f3e5f925264d0f.yaml b/nuclei-templates/cve-less/plugins/sliced-invoices-3f2e88483cb032a762f3e5f925264d0f.yaml new file mode 100644 index 0000000000..0a57eba152 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sliced-invoices-3f2e88483cb032a762f3e5f925264d0f.yaml @@ -0,0 +1,58 @@ +id: sliced-invoices-3f2e88483cb032a762f3e5f925264d0f + +info: + name: > + Sliced Invoices < 3.8.4 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ff96c12-1388-48a9-adf4-feca77a37ba7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sliced-invoices/" + google-query: inurl:"/wp-content/plugins/sliced-invoices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sliced-invoices,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sliced-invoices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sliced-invoices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sliced-invoices-3f5afe1c06de95e459f12d16b7792b0b.yaml b/nuclei-templates/cve-less/plugins/sliced-invoices-3f5afe1c06de95e459f12d16b7792b0b.yaml new file mode 100644 index 0000000000..0d6d920876 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sliced-invoices-3f5afe1c06de95e459f12d16b7792b0b.yaml @@ -0,0 +1,58 @@ +id: sliced-invoices-3f5afe1c06de95e459f12d16b7792b0b + +info: + name: > + Sliced Invoices <= 3.9.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c17d7fba-7b98-4a7a-a35e-78f16be81aca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sliced-invoices/" + google-query: inurl:"/wp-content/plugins/sliced-invoices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sliced-invoices,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sliced-invoices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sliced-invoices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slicewp-1e57a0095a9d05c5ba61b4bee5ed304a.yaml b/nuclei-templates/cve-less/plugins/slicewp-1e57a0095a9d05c5ba61b4bee5ed304a.yaml new file mode 100644 index 0000000000..3f85087b3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slicewp-1e57a0095a9d05c5ba61b4bee5ed304a.yaml @@ -0,0 +1,58 @@ +id: slicewp-1e57a0095a9d05c5ba61b4bee5ed304a + +info: + name: > + WordPress Affiliates Plugin — SliceWP Affiliates <= 1.1.10 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f79fe15-65a1-44ab-a43e-1410ce1f1d77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slicewp/" + google-query: inurl:"/wp-content/plugins/slicewp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slicewp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slicewp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slicewp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slick-contact-forms-5e71c24603564ca342c0b82fb64d9b20.yaml b/nuclei-templates/cve-less/plugins/slick-contact-forms-5e71c24603564ca342c0b82fb64d9b20.yaml new file mode 100644 index 0000000000..9d7691ccc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slick-contact-forms-5e71c24603564ca342c0b82fb64d9b20.yaml @@ -0,0 +1,58 @@ +id: slick-contact-forms-5e71c24603564ca342c0b82fb64d9b20 + +info: + name: > + Slick Contact Forms <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22c63226-2bc6-40be-a5d1-1bd169fc78b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slick-contact-forms/" + google-query: inurl:"/wp-content/plugins/slick-contact-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slick-contact-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slick-contact-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slick-contact-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slick-popup-f2cee4c0f9afdf3e98814a937701d9b0.yaml b/nuclei-templates/cve-less/plugins/slick-popup-f2cee4c0f9afdf3e98814a937701d9b0.yaml new file mode 100644 index 0000000000..8b8fcac69a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slick-popup-f2cee4c0f9afdf3e98814a937701d9b0.yaml @@ -0,0 +1,58 @@ +id: slick-popup-f2cee4c0f9afdf3e98814a937701d9b0 + +info: + name: > + Slick Popup <= 1.7.1 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b16cf2-7e29-47c5-921e-188e2db33084?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slick-popup/" + google-query: inurl:"/wp-content/plugins/slick-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slick-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slick-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slick-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slick-popup-fe295018c777f28527f026c1db66229d.yaml b/nuclei-templates/cve-less/plugins/slick-popup-fe295018c777f28527f026c1db66229d.yaml new file mode 100644 index 0000000000..3ba21cb8e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slick-popup-fe295018c777f28527f026c1db66229d.yaml @@ -0,0 +1,58 @@ +id: slick-popup-fe295018c777f28527f026c1db66229d + +info: + name: > + Slick Popup: Contact Form 7 Popup Plugin <= 1.7.14 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54019f42-488d-484f-b34e-2b5bd5b0a1dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slick-popup/" + google-query: inurl:"/wp-content/plugins/slick-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slick-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slick-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slick-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slick-social-share-buttons-40d20dcfc0a9c20d06ce00b51231e085.yaml b/nuclei-templates/cve-less/plugins/slick-social-share-buttons-40d20dcfc0a9c20d06ce00b51231e085.yaml new file mode 100644 index 0000000000..0c084f1844 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slick-social-share-buttons-40d20dcfc0a9c20d06ce00b51231e085.yaml @@ -0,0 +1,58 @@ +id: slick-social-share-buttons-40d20dcfc0a9c20d06ce00b51231e085 + +info: + name: > + Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79a5c01d-3867-4b1e-b0ba-9a802f0bed92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slick-social-share-buttons/" + google-query: inurl:"/wp-content/plugins/slick-social-share-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slick-social-share-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slick-social-share-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slick-social-share-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slicknav-mobile-menu-5644317bfa18cf11b8235cb40790b4ed.yaml b/nuclei-templates/cve-less/plugins/slicknav-mobile-menu-5644317bfa18cf11b8235cb40790b4ed.yaml new file mode 100644 index 0000000000..8f7aa3a6a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slicknav-mobile-menu-5644317bfa18cf11b8235cb40790b4ed.yaml @@ -0,0 +1,58 @@ +id: slicknav-mobile-menu-5644317bfa18cf11b8235cb40790b4ed + +info: + name: > + SlickNav Mobile Menu <= 1.9.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce9aa906-72be-4551-9850-76f0adb6da97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slicknav-mobile-menu/" + google-query: inurl:"/wp-content/plugins/slicknav-mobile-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slicknav-mobile-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slicknav-mobile-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slicknav-mobile-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slickquiz-3395165ceb6b70322e35bead04697388.yaml b/nuclei-templates/cve-less/plugins/slickquiz-3395165ceb6b70322e35bead04697388.yaml new file mode 100644 index 0000000000..fc8e41f39b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slickquiz-3395165ceb6b70322e35bead04697388.yaml @@ -0,0 +1,58 @@ +id: slickquiz-3395165ceb6b70322e35bead04697388 + +info: + name: > + SlickQuiz <= 1.3.7.1 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd6df4fa-01b8-460f-b414-bb07fbc0436a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slickquiz/" + google-query: inurl:"/wp-content/plugins/slickquiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slickquiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slickquiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slickquiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slickquiz-53a30d941da402857e0ee8cdb2011b69.yaml b/nuclei-templates/cve-less/plugins/slickquiz-53a30d941da402857e0ee8cdb2011b69.yaml new file mode 100644 index 0000000000..716987cbd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slickquiz-53a30d941da402857e0ee8cdb2011b69.yaml @@ -0,0 +1,58 @@ +id: slickquiz-53a30d941da402857e0ee8cdb2011b69 + +info: + name: > + SlickQuiz <= 1.3.7.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57e724ac-8e7d-45ec-9f41-4303ea6c5d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slickquiz/" + google-query: inurl:"/wp-content/plugins/slickquiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slickquiz,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slickquiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slickquiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slickr-flickr-46b167768e3cac0676fa19e5201075cc.yaml b/nuclei-templates/cve-less/plugins/slickr-flickr-46b167768e3cac0676fa19e5201075cc.yaml new file mode 100644 index 0000000000..0903233ba9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slickr-flickr-46b167768e3cac0676fa19e5201075cc.yaml @@ -0,0 +1,58 @@ +id: slickr-flickr-46b167768e3cac0676fa19e5201075cc + +info: + name: > + Slickr Flickr <= 2.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86d3ff76-49be-4517-a62e-7522e26479b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slickr-flickr/" + google-query: inurl:"/wp-content/plugins/slickr-flickr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slickr-flickr,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slickr-flickr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slickr-flickr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slide-anything-125fc22aa1fac173aaf79b805fc0dafc.yaml b/nuclei-templates/cve-less/plugins/slide-anything-125fc22aa1fac173aaf79b805fc0dafc.yaml new file mode 100644 index 0000000000..698bcaf220 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slide-anything-125fc22aa1fac173aaf79b805fc0dafc.yaml @@ -0,0 +1,58 @@ +id: slide-anything-125fc22aa1fac173aaf79b805fc0dafc + +info: + name: > + Slide Anything – Responsive Content / HTML Slider and Carousel <= 2.3.46 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b31a54f1-de87-49ac-bce1-e0ea295af325?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slide-anything/" + google-query: inurl:"/wp-content/plugins/slide-anything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slide-anything,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slide-anything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slide-anything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slide-anything-96440e1a43df69d4a2a108bd78a1d55e.yaml b/nuclei-templates/cve-less/plugins/slide-anything-96440e1a43df69d4a2a108bd78a1d55e.yaml new file mode 100644 index 0000000000..b3bfd15683 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slide-anything-96440e1a43df69d4a2a108bd78a1d55e.yaml @@ -0,0 +1,58 @@ +id: slide-anything-96440e1a43df69d4a2a108bd78a1d55e + +info: + name: > + Slide Anything <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/130b069d-d224-44af-b2b4-26be7e081f6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slide-anything/" + google-query: inurl:"/wp-content/plugins/slide-anything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slide-anything,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slide-anything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slide-anything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slide-anything-dba115ec2b96e48bab904dedd2103380.yaml b/nuclei-templates/cve-less/plugins/slide-anything-dba115ec2b96e48bab904dedd2103380.yaml new file mode 100644 index 0000000000..5e3cbb5bbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slide-anything-dba115ec2b96e48bab904dedd2103380.yaml @@ -0,0 +1,58 @@ +id: slide-anything-dba115ec2b96e48bab904dedd2103380 + +info: + name: > + Slide Anything – Responsive Content / HTML Slider and Carousel <= 2.3.43 - Editor+ Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a6e9b7-5e74-4a45-9e6e-5781bf2a4a07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slide-anything/" + google-query: inurl:"/wp-content/plugins/slide-anything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slide-anything,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slide-anything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slide-anything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slide-show-pro-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/slide-show-pro-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..14f532e98d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slide-show-pro-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: slide-show-pro-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slide-show-pro/" + google-query: inurl:"/wp-content/plugins/slide-show-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slide-show-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slide-show-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slide-show-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slidedeck2-5efee1538ea17e01965c435ea80717db.yaml b/nuclei-templates/cve-less/plugins/slidedeck2-5efee1538ea17e01965c435ea80717db.yaml new file mode 100644 index 0000000000..77fc443bb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slidedeck2-5efee1538ea17e01965c435ea80717db.yaml @@ -0,0 +1,58 @@ +id: slidedeck2-5efee1538ea17e01965c435ea80717db + +info: + name: > + SlideDeck 2 <= 2.3.3 - Local/Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f3ed0f0-897d-47f4-acdc-b483838af4bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slidedeck2/" + google-query: inurl:"/wp-content/plugins/slidedeck2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slidedeck2,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slidedeck2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slidedeck2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideonline-09f92d564944a33a7811dc40429fdb32.yaml b/nuclei-templates/cve-less/plugins/slideonline-09f92d564944a33a7811dc40429fdb32.yaml new file mode 100644 index 0000000000..1101d967de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideonline-09f92d564944a33a7811dc40429fdb32.yaml @@ -0,0 +1,58 @@ +id: slideonline-09f92d564944a33a7811dc40429fdb32 + +info: + name: > + SlideOnline <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/778e2191-d764-44a1-9f52-9698e9183fd2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideonline/" + google-query: inurl:"/wp-content/plugins/slideonline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideonline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideonline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideonline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-by-supsystic-5a964b37d1f769e559a3b5969ea09bec.yaml b/nuclei-templates/cve-less/plugins/slider-by-supsystic-5a964b37d1f769e559a3b5969ea09bec.yaml new file mode 100644 index 0000000000..5fd0428bd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-by-supsystic-5a964b37d1f769e559a3b5969ea09bec.yaml @@ -0,0 +1,58 @@ +id: slider-by-supsystic-5a964b37d1f769e559a3b5969ea09bec + +info: + name: > + Slider by Supsystic <= 1.8.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eccf601-ad95-4fb5-a3a6-e916df6a6b56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-by-supsystic/" + google-query: inurl:"/wp-content/plugins/slider-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-by-supsystic-63a1aadd7fd62f660af4d37169d1f541.yaml b/nuclei-templates/cve-less/plugins/slider-by-supsystic-63a1aadd7fd62f660af4d37169d1f541.yaml new file mode 100644 index 0000000000..58bb7260c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-by-supsystic-63a1aadd7fd62f660af4d37169d1f541.yaml @@ -0,0 +1,58 @@ +id: slider-by-supsystic-63a1aadd7fd62f660af4d37169d1f541 + +info: + name: > + Slider by Supsystic <= 1.8.10 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14ff5609-2345-4073-8239-0ce27fa0957c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-by-supsystic/" + google-query: inurl:"/wp-content/plugins/slider-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-by-supsystic-8e2647d10010d639fca262268ba703d9.yaml b/nuclei-templates/cve-less/plugins/slider-by-supsystic-8e2647d10010d639fca262268ba703d9.yaml new file mode 100644 index 0000000000..bcf587d9a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-by-supsystic-8e2647d10010d639fca262268ba703d9.yaml @@ -0,0 +1,58 @@ +id: slider-by-supsystic-8e2647d10010d639fca262268ba703d9 + +info: + name: > + Slider by Supsystic <= 1.8.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/548731d5-078b-45a5-bcc5-9789b41ead44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-by-supsystic/" + google-query: inurl:"/wp-content/plugins/slider-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-by-supsystic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-by-supsystic-d94ab49d4d8adfed309a34be052981f9.yaml b/nuclei-templates/cve-less/plugins/slider-by-supsystic-d94ab49d4d8adfed309a34be052981f9.yaml new file mode 100644 index 0000000000..11ab6adea7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-by-supsystic-d94ab49d4d8adfed309a34be052981f9.yaml @@ -0,0 +1,58 @@ +id: slider-by-supsystic-d94ab49d4d8adfed309a34be052981f9 + +info: + name: > + Slider by Supsystic <= 1.8.10 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/717e77b7-8b42-4fca-b288-2415db2d68e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-by-supsystic/" + google-query: inurl:"/wp-content/plugins/slider-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-hero-3adbda03e672466ae4cf2477d48f1715.yaml b/nuclei-templates/cve-less/plugins/slider-hero-3adbda03e672466ae4cf2477d48f1715.yaml new file mode 100644 index 0000000000..63243aa8e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-hero-3adbda03e672466ae4cf2477d48f1715.yaml @@ -0,0 +1,58 @@ +id: slider-hero-3adbda03e672466ae4cf2477d48f1715 + +info: + name: > + Slider Hero <= 8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41428fa7-455b-44be-8ec1-977e8cf8a303?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-hero/" + google-query: inurl:"/wp-content/plugins/slider-hero/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-hero,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-hero/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-hero" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-hero-4fef6f3c1b2c07adc38d4a7abbb8304a.yaml b/nuclei-templates/cve-less/plugins/slider-hero-4fef6f3c1b2c07adc38d4a7abbb8304a.yaml new file mode 100644 index 0000000000..dc4660110b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-hero-4fef6f3c1b2c07adc38d4a7abbb8304a.yaml @@ -0,0 +1,58 @@ +id: slider-hero-4fef6f3c1b2c07adc38d4a7abbb8304a + +info: + name: > + Slider Hero with Animation, Video Background & Intro Maker <= 8.2.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5118ed50-d7be-4606-af9d-18b63359956c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-hero/" + google-query: inurl:"/wp-content/plugins/slider-hero/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-hero,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-hero/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-hero" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-hero-53fef4883b3ae390bd3ce74f9e9ddf6a.yaml b/nuclei-templates/cve-less/plugins/slider-hero-53fef4883b3ae390bd3ce74f9e9ddf6a.yaml new file mode 100644 index 0000000000..f00a490121 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-hero-53fef4883b3ae390bd3ce74f9e9ddf6a.yaml @@ -0,0 +1,58 @@ +id: slider-hero-53fef4883b3ae390bd3ce74f9e9ddf6a + +info: + name: > + Slider Hero <= 8.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2df8ba02-30b0-49af-82cf-a0d2fd994ea2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-hero/" + google-query: inurl:"/wp-content/plugins/slider-hero/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-hero,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-hero/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-hero" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-hero-f2a7736ebfea66ac36ad813725de381e.yaml b/nuclei-templates/cve-less/plugins/slider-hero-f2a7736ebfea66ac36ad813725de381e.yaml new file mode 100644 index 0000000000..c89c9c0618 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-hero-f2a7736ebfea66ac36ad813725de381e.yaml @@ -0,0 +1,58 @@ +id: slider-hero-f2a7736ebfea66ac36ad813725de381e + +info: + name: > + Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d195cd-4df8-4926-b834-d695fc05f81d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-hero/" + google-query: inurl:"/wp-content/plugins/slider-hero/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-hero,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-hero/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-hero" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-image-f1a34dd1cf3f3d82d7aaeb96b1997e29.yaml b/nuclei-templates/cve-less/plugins/slider-image-f1a34dd1cf3f3d82d7aaeb96b1997e29.yaml new file mode 100644 index 0000000000..89677615fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-image-f1a34dd1cf3f3d82d7aaeb96b1997e29.yaml @@ -0,0 +1,58 @@ +id: slider-image-f1a34dd1cf3f3d82d7aaeb96b1997e29 + +info: + name: > + Responsive Slider – Image Slider – Slideshow for WordPress < 2.7.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6f7b03-6527-4d10-9320-4f94ed386f54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-image/" + google-query: inurl:"/wp-content/plugins/slider-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-images-ed271342f2446f50a4b4b39df1d986d6.yaml b/nuclei-templates/cve-less/plugins/slider-images-ed271342f2446f50a4b4b39df1d986d6.yaml new file mode 100644 index 0000000000..4ff02fb974 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-images-ed271342f2446f50a4b4b39df1d986d6.yaml @@ -0,0 +1,58 @@ +id: slider-images-ed271342f2446f50a4b4b39df1d986d6 + +info: + name: > + Slider Carousel – Responsive Image Slider <= 1.5.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c32f1c6a-cf65-419e-bfcd-48ac8e3735bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-images/" + google-query: inurl:"/wp-content/plugins/slider-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-images,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-responsive-slideshow-091efbe9d1188b98a534caa4402e018b.yaml b/nuclei-templates/cve-less/plugins/slider-responsive-slideshow-091efbe9d1188b98a534caa4402e018b.yaml new file mode 100644 index 0000000000..833a4d771c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-responsive-slideshow-091efbe9d1188b98a534caa4402e018b.yaml @@ -0,0 +1,58 @@ +id: slider-responsive-slideshow-091efbe9d1188b98a534caa4402e018b + +info: + name: > + Slider Responsive Slideshow – Image slider, Gallery slideshow <= 1.3.8 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d35266cd-41e6-4358-afaa-bc008962f2e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-responsive-slideshow/" + google-query: inurl:"/wp-content/plugins/slider-responsive-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-responsive-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-responsive-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-responsive-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-slideshow-4b10785e370a78ae1450447cedf61d9b.yaml b/nuclei-templates/cve-less/plugins/slider-slideshow-4b10785e370a78ae1450447cedf61d9b.yaml new file mode 100644 index 0000000000..3f4842eaf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-slideshow-4b10785e370a78ae1450447cedf61d9b.yaml @@ -0,0 +1,58 @@ +id: slider-slideshow-4b10785e370a78ae1450447cedf61d9b + +info: + name: > + Layer Slider <= 1.1.9.7 - Cross-Site Request Forgery via save_slide_ajax + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ad366f1-2369-4fb2-aeda-301c85cf6801?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-slideshow/" + google-query: inurl:"/wp-content/plugins/slider-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-slideshow,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-slideshow-9cf47a9aaadc1341f9d7d43e1e7e02f2.yaml b/nuclei-templates/cve-less/plugins/slider-slideshow-9cf47a9aaadc1341f9d7d43e1e7e02f2.yaml new file mode 100644 index 0000000000..4fcf6e6f2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-slideshow-9cf47a9aaadc1341f9d7d43e1e7e02f2.yaml @@ -0,0 +1,58 @@ +id: slider-slideshow-9cf47a9aaadc1341f9d7d43e1e7e02f2 + +info: + name: > + Layer Slider <= 1.1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5ac3714-27f1-4258-a1ab-12b969b31793?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-slideshow/" + google-query: inurl:"/wp-content/plugins/slider-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-slideshow-ba96af4ca3ffeaa3bcc3879d978146cb.yaml b/nuclei-templates/cve-less/plugins/slider-slideshow-ba96af4ca3ffeaa3bcc3879d978146cb.yaml new file mode 100644 index 0000000000..8e648f32d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-slideshow-ba96af4ca3ffeaa3bcc3879d978146cb.yaml @@ -0,0 +1,58 @@ +id: slider-slideshow-ba96af4ca3ffeaa3bcc3879d978146cb + +info: + name: > + Layer Slider <= 1.1.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6df68d66-7294-4dff-8ba8-394932a64281?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-slideshow/" + google-query: inurl:"/wp-content/plugins/slider-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-video-93c0b4806bb82af1f99b4d0c878535e6.yaml b/nuclei-templates/cve-less/plugins/slider-video-93c0b4806bb82af1f99b4d0c878535e6.yaml new file mode 100644 index 0000000000..e66834450d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-video-93c0b4806bb82af1f99b4d0c878535e6.yaml @@ -0,0 +1,58 @@ +id: slider-video-93c0b4806bb82af1f99b4d0c878535e6 + +info: + name: > + Video Slider WordPress <= 1.4.6 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8be16fec-8961-49ad-ba2f-8bec70c33ec0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-video/" + google-query: inurl:"/wp-content/plugins/slider-video/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-video,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-video/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-video" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-wd-0f314421e3eb6001edc6ef983cf272a2.yaml b/nuclei-templates/cve-less/plugins/slider-wd-0f314421e3eb6001edc6ef983cf272a2.yaml new file mode 100644 index 0000000000..2fcabdd634 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-wd-0f314421e3eb6001edc6ef983cf272a2.yaml @@ -0,0 +1,58 @@ +id: slider-wd-0f314421e3eb6001edc6ef983cf272a2 + +info: + name: > + Slider by 10Web <= 1.2.35 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f90b6cdb-d929-493e-b078-4762b7e2f76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-wd/" + google-query: inurl:"/wp-content/plugins/slider-wd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-wd,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-wd-330b086d5a163173ce80e7bcf35592b2.yaml b/nuclei-templates/cve-less/plugins/slider-wd-330b086d5a163173ce80e7bcf35592b2.yaml new file mode 100644 index 0000000000..fa13a4c53c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-wd-330b086d5a163173ce80e7bcf35592b2.yaml @@ -0,0 +1,58 @@ +id: slider-wd-330b086d5a163173ce80e7bcf35592b2 + +info: + name: > + Slider by 10Web <= 1.2.51 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a741446e-8600-4e02-af76-0d34a491bcfd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-wd/" + google-query: inurl:"/wp-content/plugins/slider-wd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-wd,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-wd-3ca395cf4457963d99cc7df0953a3124.yaml b/nuclei-templates/cve-less/plugins/slider-wd-3ca395cf4457963d99cc7df0953a3124.yaml new file mode 100644 index 0000000000..52e9196a8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-wd-3ca395cf4457963d99cc7df0953a3124.yaml @@ -0,0 +1,58 @@ +id: slider-wd-3ca395cf4457963d99cc7df0953a3124 + +info: + name: > + Sliderby10Web <= 1.2.52 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f3aec3a-c1d3-4f7f-9f45-7a3ec42ce260?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-wd/" + google-query: inurl:"/wp-content/plugins/slider-wd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-wd,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slider-wd-f2f66b2c0dd30886e21fe41a945038db.yaml b/nuclei-templates/cve-less/plugins/slider-wd-f2f66b2c0dd30886e21fe41a945038db.yaml new file mode 100644 index 0000000000..fdfbb09944 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slider-wd-f2f66b2c0dd30886e21fe41a945038db.yaml @@ -0,0 +1,58 @@ +id: slider-wd-f2f66b2c0dd30886e21fe41a945038db + +info: + name: > + Slider by 10Web – Responsive Image Slider <= 1.2.54 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d24c65b6-20da-4f17-be9f-b8fbf5e721e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slider-wd/" + google-query: inurl:"/wp-content/plugins/slider-wd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slider-wd,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slider-wd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slider-wd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.54') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sliderpro-55b1133e21935d007c80035f80fa6446.yaml b/nuclei-templates/cve-less/plugins/sliderpro-55b1133e21935d007c80035f80fa6446.yaml new file mode 100644 index 0000000000..a4ba39f21e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sliderpro-55b1133e21935d007c80035f80fa6446.yaml @@ -0,0 +1,58 @@ +id: sliderpro-55b1133e21935d007c80035f80fa6446 + +info: + name: > + Slider Pro <= 4.8.6 - Missing Authorization via AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f813cb1a-5922-48a5-a026-66ec9aaac294?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sliderpro/" + google-query: inurl:"/wp-content/plugins/sliderpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sliderpro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sliderpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sliderpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sliderspack-all-in-one-image-sliders-cabe168b618270b5c6e54c5ab98ed27e.yaml b/nuclei-templates/cve-less/plugins/sliderspack-all-in-one-image-sliders-cabe168b618270b5c6e54c5ab98ed27e.yaml new file mode 100644 index 0000000000..8950f0bff5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sliderspack-all-in-one-image-sliders-cabe168b618270b5c6e54c5ab98ed27e.yaml @@ -0,0 +1,58 @@ +id: sliderspack-all-in-one-image-sliders-cabe168b618270b5c6e54c5ab98ed27e + +info: + name: > + Slider a SlidersPack <= 2.0.2 - Missing Authorization via wp_spaios_save_attachment_data + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb5cb7ce-127a-4f9a-b52e-1e957560ca55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sliderspack-all-in-one-image-sliders/" + google-query: inurl:"/wp-content/plugins/sliderspack-all-in-one-image-sliders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sliderspack-all-in-one-image-sliders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sliderspack-all-in-one-image-sliders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sliderspack-all-in-one-image-sliders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-ck-315a1c5d119a58cae4d57802c27a1504.yaml b/nuclei-templates/cve-less/plugins/slideshow-ck-315a1c5d119a58cae4d57802c27a1504.yaml new file mode 100644 index 0000000000..7a940930e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-ck-315a1c5d119a58cae4d57802c27a1504.yaml @@ -0,0 +1,58 @@ +id: slideshow-ck-315a1c5d119a58cae4d57802c27a1504 + +info: + name: > + Slideshow CK <= 1.4.9 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b0cc3a0-5a80-4a56-abeb-13046d9eaf3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-ck/" + google-query: inurl:"/wp-content/plugins/slideshow-ck/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-ck,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-ck/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-ck" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-073c0ab3bbb78673d0076b71747b0b85.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-073c0ab3bbb78673d0076b71747b0b85.yaml new file mode 100644 index 0000000000..32896fe24c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-073c0ab3bbb78673d0076b71747b0b85.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-073c0ab3bbb78673d0076b71747b0b85 + +info: + name: > + Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_galleries + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a598274-3c67-4751-94d6-49abed38422c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-173ff175ba6504a9e007b9120074cdb1.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-173ff175ba6504a9e007b9120074cdb1.yaml new file mode 100644 index 0000000000..f1e943bf2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-173ff175ba6504a9e007b9120074cdb1.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-173ff175ba6504a9e007b9120074cdb1 + +info: + name: > + Slideshow Gallery < 1.7.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1eec01c-7f54-4e90-a943-c50b8ab79b22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-2-000c49df1eb1fffb19ba2879f7922470.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-2-000c49df1eb1fffb19ba2879f7922470.yaml new file mode 100644 index 0000000000..0d07165087 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-2-000c49df1eb1fffb19ba2879f7922470.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-2-000c49df1eb1fffb19ba2879f7922470 + +info: + name: > + Slideshow Gallery <= 1.1.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/396a7101-e6da-49c1-87a3-25792f3a7b76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery-2/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery-2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery-2,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery-2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery-2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-3f761f29ded0c3fd592cbc7b4d2d4ba7.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-3f761f29ded0c3fd592cbc7b4d2d4ba7.yaml new file mode 100644 index 0000000000..f655d51de0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-3f761f29ded0c3fd592cbc7b4d2d4ba7.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-3f761f29ded0c3fd592cbc7b4d2d4ba7 + +info: + name: > + Slideshow Gallery <= 1.7.8 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23d5e2ba-3a8a-4ded-aba9-fa0a7228a398?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-5e35179f25bd306b0effea20785c4fdf.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-5e35179f25bd306b0effea20785c4fdf.yaml new file mode 100644 index 0000000000..f1d60304bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-5e35179f25bd306b0effea20785c4fdf.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-5e35179f25bd306b0effea20785c4fdf + +info: + name: > + Slideshow Gallery < 1.4.7 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/068cb509-7451-4f2f-a65c-ed7686c6f6d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-710832b220893c2e7b26cd41c7676342.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-710832b220893c2e7b26cd41c7676342.yaml new file mode 100644 index 0000000000..4bc710550b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-710832b220893c2e7b26cd41c7676342.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-710832b220893c2e7b26cd41c7676342 + +info: + name: > + Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_slides + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/164ec659-e1a6-4267-b6e9-4e37a402e503?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-9ed3ad19217255e206c74e32650683d5.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-9ed3ad19217255e206c74e32650683d5.yaml new file mode 100644 index 0000000000..97ed1b9885 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-9ed3ad19217255e206c74e32650683d5.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-9ed3ad19217255e206c74e32650683d5 + +info: + name: > + Slideshow Gallery <= 1.7.8 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6ebb590-1291-45dc-818a-258143a2d9a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-a6e5defdd0b61862c997e167d9ee2576.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-a6e5defdd0b61862c997e167d9ee2576.yaml new file mode 100644 index 0000000000..23a1004b42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-a6e5defdd0b61862c997e167d9ee2576.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-a6e5defdd0b61862c997e167d9ee2576 + +info: + name: > + Slideshow Gallery LITE <= 1.7.6 - Authenticated(Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61b07604-b206-4f13-b25f-7a6d54236eb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-c799988a889ed03a659b8598e8dac08b.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-c799988a889ed03a659b8598e8dac08b.yaml new file mode 100644 index 0000000000..8846c4303b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-c799988a889ed03a659b8598e8dac08b.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-c799988a889ed03a659b8598e8dac08b + +info: + name: > + Slideshow Gallery <= 1.6.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50c33c8d-4488-4f9e-bc58-21cb8cd679e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-ea214ec811be5112708a570a75f3ddc5.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-ea214ec811be5112708a570a75f3ddc5.yaml new file mode 100644 index 0000000000..21ac6c7174 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-ea214ec811be5112708a570a75f3ddc5.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-ea214ec811be5112708a570a75f3ddc5 + +info: + name: > + Slideshow Gallery <= 1.6.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ffb31a5-a692-4817-ad46-cf804b97d480?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-f4f28ce30d47491a4cae733a861ef690.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-f4f28ce30d47491a4cae733a861ef690.yaml new file mode 100644 index 0000000000..6e0b535cae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-f4f28ce30d47491a4cae733a861ef690.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-f4f28ce30d47491a4cae733a861ef690 + +info: + name: > + Slideshow Gallery <= 1.7.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4aec0bf3-82d7-4479-8bd6-941404b6bd03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-f81d8e9ecaded3d70e2eeaa0f98dacf3.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-f81d8e9ecaded3d70e2eeaa0f98dacf3.yaml new file mode 100644 index 0000000000..6c55fa3ea2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-f81d8e9ecaded3d70e2eeaa0f98dacf3.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-f81d8e9ecaded3d70e2eeaa0f98dacf3 + +info: + name: > + Slideshow Gallery <= 1.6.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15517a81-0913-4922-be2b-aaf9abc52a84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-gallery-ffb6abfc1462cb6dac9fb7d1f9f94e2a.yaml b/nuclei-templates/cve-less/plugins/slideshow-gallery-ffb6abfc1462cb6dac9fb7d1f9f94e2a.yaml new file mode 100644 index 0000000000..97a5d803ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-gallery-ffb6abfc1462cb6dac9fb7d1f9f94e2a.yaml @@ -0,0 +1,58 @@ +id: slideshow-gallery-ffb6abfc1462cb6dac9fb7d1f9f94e2a + +info: + name: > + Slideshow Gallery <= 1.6.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e8a881d-d6d0-4bcc-9894-286ce0468393?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-jquery-image-gallery-631caed2c41cece190cfd835b6648401.yaml b/nuclei-templates/cve-less/plugins/slideshow-jquery-image-gallery-631caed2c41cece190cfd835b6648401.yaml new file mode 100644 index 0000000000..49063d8f49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-jquery-image-gallery-631caed2c41cece190cfd835b6648401.yaml @@ -0,0 +1,58 @@ +id: slideshow-jquery-image-gallery-631caed2c41cece190cfd835b6648401 + +info: + name: > + Slideshow 2.2.8 - 2.2.21 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfa22747-b9f5-403e-81bb-87a593e603a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-jquery-image-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-jquery-image-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-jquery-image-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-jquery-image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.2.8', '<= 2.2.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-jquery-image-gallery-74a8ac0075a235e0a0c14b0719aab19b.yaml b/nuclei-templates/cve-less/plugins/slideshow-jquery-image-gallery-74a8ac0075a235e0a0c14b0719aab19b.yaml new file mode 100644 index 0000000000..d14752c4c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-jquery-image-gallery-74a8ac0075a235e0a0c14b0719aab19b.yaml @@ -0,0 +1,58 @@ +id: slideshow-jquery-image-gallery-74a8ac0075a235e0a0c14b0719aab19b + +info: + name: > + Slideshow <= 2.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f7d7ceb-b6f0-4b63-93f7-632c13a6b496?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-jquery-image-gallery/" + google-query: inurl:"/wp-content/plugins/slideshow-jquery-image-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-jquery-image-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-jquery-image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-jquery-image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-se-0d198fa5a9097295a41f947e62ed164f.yaml b/nuclei-templates/cve-less/plugins/slideshow-se-0d198fa5a9097295a41f947e62ed164f.yaml new file mode 100644 index 0000000000..8295e4ea3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-se-0d198fa5a9097295a41f947e62ed164f.yaml @@ -0,0 +1,58 @@ +id: slideshow-se-0d198fa5a9097295a41f947e62ed164f + +info: + name: > + Slideshow SE <= 2.5.5 - Authenticated (Subscriber+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b5e37b4-4a7e-41a1-b1ef-0c69c8658c58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-se/" + google-query: inurl:"/wp-content/plugins/slideshow-se/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-se,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-se/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-se" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slideshow-se-4c2a731e32a3d9201839b73fb37eef51.yaml b/nuclei-templates/cve-less/plugins/slideshow-se-4c2a731e32a3d9201839b73fb37eef51.yaml new file mode 100644 index 0000000000..ac82552994 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slideshow-se-4c2a731e32a3d9201839b73fb37eef51.yaml @@ -0,0 +1,58 @@ +id: slideshow-se-4c2a731e32a3d9201839b73fb37eef51 + +info: + name: > + Slideshow SE <= 2.5.5 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/047aa84b-6e6a-4975-8a3f-3f8b4518704e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slideshow-se/" + google-query: inurl:"/wp-content/plugins/slideshow-se/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slideshow-se,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slideshow-se/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slideshow-se" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sliding-social-icons-40737c0a7a095d43140be7cd03a62330.yaml b/nuclei-templates/cve-less/plugins/sliding-social-icons-40737c0a7a095d43140be7cd03a62330.yaml new file mode 100644 index 0000000000..4a44d09181 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sliding-social-icons-40737c0a7a095d43140be7cd03a62330.yaml @@ -0,0 +1,58 @@ +id: sliding-social-icons-40737c0a7a095d43140be7cd03a62330 + +info: + name: > + Sliding Social Icons <= 1.61 - Cross-Site Request Forgery and Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46039930-377e-4adb-8d96-09ebf220b4a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sliding-social-icons/" + google-query: inurl:"/wp-content/plugins/sliding-social-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sliding-social-icons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sliding-social-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sliding-social-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.61') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/slivery-extender-5621a7def81227d66a22e352451dbd2f.yaml b/nuclei-templates/cve-less/plugins/slivery-extender-5621a7def81227d66a22e352451dbd2f.yaml new file mode 100644 index 0000000000..e811d30bc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/slivery-extender-5621a7def81227d66a22e352451dbd2f.yaml @@ -0,0 +1,58 @@ +id: slivery-extender-5621a7def81227d66a22e352451dbd2f + +info: + name: > + Slivery Extender <= 1.0.2 - Authenticated(Contributor+) Remote Code Execution via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ceb25a7b-da93-41eb-bae7-8bffa96f7a1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/slivery-extender/" + google-query: inurl:"/wp-content/plugins/slivery-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,slivery-extender,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/slivery-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "slivery-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sloth-logo-customizer-cd301beffca3145a1148fa46876e8ecb.yaml b/nuclei-templates/cve-less/plugins/sloth-logo-customizer-cd301beffca3145a1148fa46876e8ecb.yaml new file mode 100644 index 0000000000..ebfba45271 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sloth-logo-customizer-cd301beffca3145a1148fa46876e8ecb.yaml @@ -0,0 +1,58 @@ +id: sloth-logo-customizer-cd301beffca3145a1148fa46876e8ecb + +info: + name: > + Sloth Logo Customizer <= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/974f14e8-1a59-4ba5-8806-b4d8b135315e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sloth-logo-customizer/" + google-query: inurl:"/wp-content/plugins/sloth-logo-customizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sloth-logo-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sloth-logo-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sloth-logo-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-app-banner-4d6efde8bb592c906d33a37bc632b9bf.yaml b/nuclei-templates/cve-less/plugins/smart-app-banner-4d6efde8bb592c906d33a37bc632b9bf.yaml new file mode 100644 index 0000000000..a530237754 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-app-banner-4d6efde8bb592c906d33a37bc632b9bf.yaml @@ -0,0 +1,58 @@ +id: smart-app-banner-4d6efde8bb592c906d33a37bc632b9bf + +info: + name: > + Smart App Banner <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c7497fc-e42c-49a6-99ee-6ec774cc4617?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-app-banner/" + google-query: inurl:"/wp-content/plugins/smart-app-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-app-banner,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-app-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-app-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-app-banner-bc7de60f28ed50bda8c32e87282861c6.yaml b/nuclei-templates/cve-less/plugins/smart-app-banner-bc7de60f28ed50bda8c32e87282861c6.yaml new file mode 100644 index 0000000000..5fd0df0794 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-app-banner-bc7de60f28ed50bda8c32e87282861c6.yaml @@ -0,0 +1,58 @@ +id: smart-app-banner-bc7de60f28ed50bda8c32e87282861c6 + +info: + name: > + Smart App Banner <= 1.1.2 - Cross-Site Request Forgery via wsl_smart_app_banner_options + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f71453d9-8bbf-4546-b69f-e86cc41da9bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-app-banner/" + google-query: inurl:"/wp-content/plugins/smart-app-banner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-app-banner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-app-banner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-app-banner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-cookie-kit-66eed7c58e1298fa04981c6c1b2ea3cc.yaml b/nuclei-templates/cve-less/plugins/smart-cookie-kit-66eed7c58e1298fa04981c6c1b2ea3cc.yaml new file mode 100644 index 0000000000..dfe7495bca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-cookie-kit-66eed7c58e1298fa04981c6c1b2ea3cc.yaml @@ -0,0 +1,58 @@ +id: smart-cookie-kit-66eed7c58e1298fa04981c6c1b2ea3cc + +info: + name: > + Smart Cookie Kit <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b726e21-ff76-43ea-beb1-f68e94d3b7a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-cookie-kit/" + google-query: inurl:"/wp-content/plugins/smart-cookie-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-cookie-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-cookie-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-cookie-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-custom-fields-0d0a2f550b1652e990ebb3d0da6393ae.yaml b/nuclei-templates/cve-less/plugins/smart-custom-fields-0d0a2f550b1652e990ebb3d0da6393ae.yaml new file mode 100644 index 0000000000..b41cdd0078 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-custom-fields-0d0a2f550b1652e990ebb3d0da6393ae.yaml @@ -0,0 +1,58 @@ +id: smart-custom-fields-0d0a2f550b1652e990ebb3d0da6393ae + +info: + name: > + Smart Custom Fields <= 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e966a266-4265-4a72-8a50-e872805219a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-custom-fields/" + google-query: inurl:"/wp-content/plugins/smart-custom-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-custom-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-custom-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-custom-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-donations-183ebb9bdb87985c4ca10ea8af8836ec.yaml b/nuclei-templates/cve-less/plugins/smart-donations-183ebb9bdb87985c4ca10ea8af8836ec.yaml new file mode 100644 index 0000000000..b666c06356 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-donations-183ebb9bdb87985c4ca10ea8af8836ec.yaml @@ -0,0 +1,58 @@ +id: smart-donations-183ebb9bdb87985c4ca10ea8af8836ec + +info: + name: > + Donations Made Easy – Smart Donations <= 4.0.12 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/799975aa-44fe-48dc-8ac9-469c89a03c67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-donations/" + google-query: inurl:"/wp-content/plugins/smart-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-donations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-donations-37dbc4d1c954090682035935efde0d58.yaml b/nuclei-templates/cve-less/plugins/smart-donations-37dbc4d1c954090682035935efde0d58.yaml new file mode 100644 index 0000000000..00452a1bbc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-donations-37dbc4d1c954090682035935efde0d58.yaml @@ -0,0 +1,58 @@ +id: smart-donations-37dbc4d1c954090682035935efde0d58 + +info: + name: > + Donations Made Easy – Smart Donations <= 4.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92aae1f6-e624-4619-8195-ee3c443a31fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-donations/" + google-query: inurl:"/wp-content/plugins/smart-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-donations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-donations-575d541f48b602d18582347a4f3b977f.yaml b/nuclei-templates/cve-less/plugins/smart-donations-575d541f48b602d18582347a4f3b977f.yaml new file mode 100644 index 0000000000..b511b15bb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-donations-575d541f48b602d18582347a4f3b977f.yaml @@ -0,0 +1,58 @@ +id: smart-donations-575d541f48b602d18582347a4f3b977f + +info: + name: > + Donations Made Easy – Smart Donations <= 4.0.12 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cce2f9f-5f47-4e10-a846-0aab4bcad616?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-donations/" + google-query: inurl:"/wp-content/plugins/smart-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-donations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-donations-6f7b5cdd2c06fd389f02600d38bca12e.yaml b/nuclei-templates/cve-less/plugins/smart-donations-6f7b5cdd2c06fd389f02600d38bca12e.yaml new file mode 100644 index 0000000000..63011c75c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-donations-6f7b5cdd2c06fd389f02600d38bca12e.yaml @@ -0,0 +1,58 @@ +id: smart-donations-6f7b5cdd2c06fd389f02600d38bca12e + +info: + name: > + Donations Made Easy – Smart Donations <= 4.0.12 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c4e296-f98a-4018-980d-173d5e7ade7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-donations/" + google-query: inurl:"/wp-content/plugins/smart-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-donations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-donations-974f0ab4bb265d59dbd405aba4fe0b7a.yaml b/nuclei-templates/cve-less/plugins/smart-donations-974f0ab4bb265d59dbd405aba4fe0b7a.yaml new file mode 100644 index 0000000000..1b8246e85c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-donations-974f0ab4bb265d59dbd405aba4fe0b7a.yaml @@ -0,0 +1,58 @@ +id: smart-donations-974f0ab4bb265d59dbd405aba4fe0b7a + +info: + name: > + Donations Made Easy – Smart Donations <= 4.0.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f5d3973-5bbb-4c85-9790-e12f3fc14f30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-donations/" + google-query: inurl:"/wp-content/plugins/smart-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-donations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-donations-a9d63cf96793705be5a47f94a1b589be.yaml b/nuclei-templates/cve-less/plugins/smart-donations-a9d63cf96793705be5a47f94a1b589be.yaml new file mode 100644 index 0000000000..acd4d514a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-donations-a9d63cf96793705be5a47f94a1b589be.yaml @@ -0,0 +1,58 @@ +id: smart-donations-a9d63cf96793705be5a47f94a1b589be + +info: + name: > + Donations Made Easy – Smart Donations <= 4.0.12 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0efebdcb-c3fb-435a-8687-6abdd5f9334b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-donations/" + google-query: inurl:"/wp-content/plugins/smart-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-donations,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-email-alerts-ceb6447b3a16776fe0078a55abeaee38.yaml b/nuclei-templates/cve-less/plugins/smart-email-alerts-ceb6447b3a16776fe0078a55abeaee38.yaml new file mode 100644 index 0000000000..5c57459533 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-email-alerts-ceb6447b3a16776fe0078a55abeaee38.yaml @@ -0,0 +1,58 @@ +id: smart-email-alerts-ceb6447b3a16776fe0078a55abeaee38 + +info: + name: > + Smart Email Alerts <= 1.0.10 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b930316-7a2f-4539-8599-360751d49cde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-email-alerts/" + google-query: inurl:"/wp-content/plugins/smart-email-alerts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-email-alerts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-email-alerts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-email-alerts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-flv-f4124706d0e19c3b0ecdc824e2dde79c.yaml b/nuclei-templates/cve-less/plugins/smart-flv-f4124706d0e19c3b0ecdc824e2dde79c.yaml new file mode 100644 index 0000000000..a9b811a6a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-flv-f4124706d0e19c3b0ecdc824e2dde79c.yaml @@ -0,0 +1,58 @@ +id: smart-flv-f4124706d0e19c3b0ecdc824e2dde79c + +info: + name: > + Smart Flv <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d25f23cc-6012-4607-a643-5350175a439b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-flv/" + google-query: inurl:"/wp-content/plugins/smart-flv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-flv,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-flv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-flv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-forms-280e3b3d0994374de6814f38b2990648.yaml b/nuclei-templates/cve-less/plugins/smart-forms-280e3b3d0994374de6814f38b2990648.yaml new file mode 100644 index 0000000000..ed87a26606 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-forms-280e3b3d0994374de6814f38b2990648.yaml @@ -0,0 +1,58 @@ +id: smart-forms-280e3b3d0994374de6814f38b2990648 + +info: + name: > + Smart Forms <= 2.6.86 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29c762c7-7bb9-42bc-9e22-0f4da2a5c59b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-forms/" + google-query: inurl:"/wp-content/plugins/smart-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.86') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-forms-305aa37d733d46f38e2d556cd38a63ea.yaml b/nuclei-templates/cve-less/plugins/smart-forms-305aa37d733d46f38e2d556cd38a63ea.yaml new file mode 100644 index 0000000000..79a9b232f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-forms-305aa37d733d46f38e2d556cd38a63ea.yaml @@ -0,0 +1,58 @@ +id: smart-forms-305aa37d733d46f38e2d556cd38a63ea + +info: + name: > + Smart Forms <= 2.6.93 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e6a896c-9cca-4e4d-b26d-0103a8b39bf7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-forms/" + google-query: inurl:"/wp-content/plugins/smart-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.93') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-forms-3928f6f30c541722320412a9e71021b8.yaml b/nuclei-templates/cve-less/plugins/smart-forms-3928f6f30c541722320412a9e71021b8.yaml new file mode 100644 index 0000000000..af76bb1c45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-forms-3928f6f30c541722320412a9e71021b8.yaml @@ -0,0 +1,58 @@ +id: smart-forms-3928f6f30c541722320412a9e71021b8 + +info: + name: > + Smart Forms < 2.6.71 - Missing Authorization to Sensitive Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34a6d349-dfdc-4301-9380-7fc64c25f043?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-forms/" + google-query: inurl:"/wp-content/plugins/smart-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.71') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-forms-96ab3b40e77e6543e8b3a6fdd1944579.yaml b/nuclei-templates/cve-less/plugins/smart-forms-96ab3b40e77e6543e8b3a6fdd1944579.yaml new file mode 100644 index 0000000000..fa69884c3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-forms-96ab3b40e77e6543e8b3a6fdd1944579.yaml @@ -0,0 +1,58 @@ +id: smart-forms-96ab3b40e77e6543e8b3a6fdd1944579 + +info: + name: > + Smart Forms – when you need more than just a contact form <= 2.9.95 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/372149c4-b6b4-43c8-896f-af69712f3a82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-forms/" + google-query: inurl:"/wp-content/plugins/smart-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.95') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-forms-9c331f426cf6396a6a2c802b7f7eeb8d.yaml b/nuclei-templates/cve-less/plugins/smart-forms-9c331f426cf6396a6a2c802b7f7eeb8d.yaml new file mode 100644 index 0000000000..0a9b90c1d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-forms-9c331f426cf6396a6a2c802b7f7eeb8d.yaml @@ -0,0 +1,58 @@ +id: smart-forms-9c331f426cf6396a6a2c802b7f7eeb8d + +info: + name: > + Smart Forms <= 2.6.84 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ac48cd9-1de5-4840-b3f3-dc24ca52442e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-forms/" + google-query: inurl:"/wp-content/plugins/smart-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.84') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-forms-a4a6f5b9e735cb14d76827d4a578ff1c.yaml b/nuclei-templates/cve-less/plugins/smart-forms-a4a6f5b9e735cb14d76827d4a578ff1c.yaml new file mode 100644 index 0000000000..7dcf987fd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-forms-a4a6f5b9e735cb14d76827d4a578ff1c.yaml @@ -0,0 +1,58 @@ +id: smart-forms-a4a6f5b9e735cb14d76827d4a578ff1c + +info: + name: > + Smart Forms <= 2.6.91 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a643fa1-afdb-4710-ba1c-3b226b4098bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-forms/" + google-query: inurl:"/wp-content/plugins/smart-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.91') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-forms-a78ee203ec03252165376f049d05071b.yaml b/nuclei-templates/cve-less/plugins/smart-forms-a78ee203ec03252165376f049d05071b.yaml new file mode 100644 index 0000000000..013df494a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-forms-a78ee203ec03252165376f049d05071b.yaml @@ -0,0 +1,58 @@ +id: smart-forms-a78ee203ec03252165376f049d05071b + +info: + name: > + Smart Forms < 2.6.26 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81939cc9-b8f7-4c40-b963-4f6f8c7043e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-forms/" + google-query: inurl:"/wp-content/plugins/smart-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-forms-c396dcb95eb5f0d3adb51913e8a502fc.yaml b/nuclei-templates/cve-less/plugins/smart-forms-c396dcb95eb5f0d3adb51913e8a502fc.yaml new file mode 100644 index 0000000000..88dc14ca95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-forms-c396dcb95eb5f0d3adb51913e8a502fc.yaml @@ -0,0 +1,58 @@ +id: smart-forms-c396dcb95eb5f0d3adb51913e8a502fc + +info: + name: > + Smart Forms – when you need more than just a contact form <= 2.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5331c7cc-3854-4975-9f28-e9b0d6407227?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-forms/" + google-query: inurl:"/wp-content/plugins/smart-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-forms-e55616747ddb7edf848ca48c3c65a365.yaml b/nuclei-templates/cve-less/plugins/smart-forms-e55616747ddb7edf848ca48c3c65a365.yaml new file mode 100644 index 0000000000..5e4d06a8e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-forms-e55616747ddb7edf848ca48c3c65a365.yaml @@ -0,0 +1,58 @@ +id: smart-forms-e55616747ddb7edf848ca48c3c65a365 + +info: + name: > + Smart Forms <= 2.6.93 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ed9c59c-191f-4219-8701-ce2f088b3b6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-forms/" + google-query: inurl:"/wp-content/plugins/smart-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.943') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-google-code-inserter-61d92e4ca30273cfa735fd279e1d5fd6.yaml b/nuclei-templates/cve-less/plugins/smart-google-code-inserter-61d92e4ca30273cfa735fd279e1d5fd6.yaml new file mode 100644 index 0000000000..4646b90c4e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-google-code-inserter-61d92e4ca30273cfa735fd279e1d5fd6.yaml @@ -0,0 +1,58 @@ +id: smart-google-code-inserter-61d92e4ca30273cfa735fd279e1d5fd6 + +info: + name: > + Smart Google Code Inserter < 3.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3bddb69-9c63-49e8-9c04-08361423b1c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-google-code-inserter/" + google-query: inurl:"/wp-content/plugins/smart-google-code-inserter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-google-code-inserter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-google-code-inserter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-google-code-inserter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-google-code-inserter-8f4c726ec3ff968264c33031aafd5dd4.yaml b/nuclei-templates/cve-less/plugins/smart-google-code-inserter-8f4c726ec3ff968264c33031aafd5dd4.yaml new file mode 100644 index 0000000000..ed62dd59ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-google-code-inserter-8f4c726ec3ff968264c33031aafd5dd4.yaml @@ -0,0 +1,58 @@ +id: smart-google-code-inserter-8f4c726ec3ff968264c33031aafd5dd4 + +info: + name: > + Smart Google Code Inserter < 3.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3f3e56e-bbb6-4ceb-811d-447ed837d176?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-google-code-inserter/" + google-query: inurl:"/wp-content/plugins/smart-google-code-inserter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-google-code-inserter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-google-code-inserter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-google-code-inserter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-grid-gallery-9226076d86703169a8ae6d270bd5adc3.yaml b/nuclei-templates/cve-less/plugins/smart-grid-gallery-9226076d86703169a8ae6d270bd5adc3.yaml new file mode 100644 index 0000000000..b49cb77604 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-grid-gallery-9226076d86703169a8ae6d270bd5adc3.yaml @@ -0,0 +1,58 @@ +id: smart-grid-gallery-9226076d86703169a8ae6d270bd5adc3 + +info: + name: > + Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae3d33dd-2591-4c4e-9769-77575e57ac49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-grid-gallery/" + google-query: inurl:"/wp-content/plugins/smart-grid-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-grid-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-grid-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-grid-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-id-96cba560d28a367fadd5acf394466224.yaml b/nuclei-templates/cve-less/plugins/smart-id-96cba560d28a367fadd5acf394466224.yaml new file mode 100644 index 0000000000..102e92a47e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-id-96cba560d28a367fadd5acf394466224.yaml @@ -0,0 +1,58 @@ +id: smart-id-96cba560d28a367fadd5acf394466224 + +info: + name: > + eID Easy <= 4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/121022ad-a569-4a80-96ee-c7911db81a30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-id/" + google-query: inurl:"/wp-content/plugins/smart-id/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-id,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-id/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-id" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-logo-showcase-lite-32a522f1c04399b883d41fab9d9aff30.yaml b/nuclei-templates/cve-less/plugins/smart-logo-showcase-lite-32a522f1c04399b883d41fab9d9aff30.yaml new file mode 100644 index 0000000000..8ca61409fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-logo-showcase-lite-32a522f1c04399b883d41fab9d9aff30.yaml @@ -0,0 +1,58 @@ +id: smart-logo-showcase-lite-32a522f1c04399b883d41fab9d9aff30 + +info: + name: > + Smart Logo Showcase Lite <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4664b8d-4f8f-4be3-90e9-2dba4e737b2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-logo-showcase-lite/" + google-query: inurl:"/wp-content/plugins/smart-logo-showcase-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-logo-showcase-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-logo-showcase-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-logo-showcase-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-maintenance-mode-9f6fe676338d7fcfeadb295b51a36459.yaml b/nuclei-templates/cve-less/plugins/smart-maintenance-mode-9f6fe676338d7fcfeadb295b51a36459.yaml new file mode 100644 index 0000000000..8b06ba0c2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-maintenance-mode-9f6fe676338d7fcfeadb295b51a36459.yaml @@ -0,0 +1,58 @@ +id: smart-maintenance-mode-9f6fe676338d7fcfeadb295b51a36459 + +info: + name: > + Smart Maintenance Mode <= 1.4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/138c636b-27fb-4d76-b01c-60a10749913d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/smart-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-maintenance-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-manager-for-wp-e-commerce-0489a9c545313d7845eb08297287eaa5.yaml b/nuclei-templates/cve-less/plugins/smart-manager-for-wp-e-commerce-0489a9c545313d7845eb08297287eaa5.yaml new file mode 100644 index 0000000000..554941a78c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-manager-for-wp-e-commerce-0489a9c545313d7845eb08297287eaa5.yaml @@ -0,0 +1,58 @@ +id: smart-manager-for-wp-e-commerce-0489a9c545313d7845eb08297287eaa5 + +info: + name: > + Smart Manager - WooCommerce Advanced Bulk Edit, Inventory Management & more... <= 8.27.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bc531a3-e246-4f2e-8657-bbdfb91dbf39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-manager-for-wp-e-commerce/" + google-query: inurl:"/wp-content/plugins/smart-manager-for-wp-e-commerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-manager-for-wp-e-commerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-manager-for-wp-e-commerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-manager-for-wp-e-commerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.27.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-marketing-for-wp-5d316e62377c24672c816fca478bdf84.yaml b/nuclei-templates/cve-less/plugins/smart-marketing-for-wp-5d316e62377c24672c816fca478bdf84.yaml new file mode 100644 index 0000000000..dab9766ade --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-marketing-for-wp-5d316e62377c24672c816fca478bdf84.yaml @@ -0,0 +1,58 @@ +id: smart-marketing-for-wp-5d316e62377c24672c816fca478bdf84 + +info: + name: > + Smart Marketing SMS and Newsletters Forms < 2.0.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/351c7d18-6c1b-4a52-98ae-478dee5aaff2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-marketing-for-wp/" + google-query: inurl:"/wp-content/plugins/smart-marketing-for-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-marketing-for-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-marketing-for-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-marketing-for-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-recent-posts-widget-0b26b05fd72223ab78d0eb64dadbd40a.yaml b/nuclei-templates/cve-less/plugins/smart-recent-posts-widget-0b26b05fd72223ab78d0eb64dadbd40a.yaml new file mode 100644 index 0000000000..5d3eb3188f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-recent-posts-widget-0b26b05fd72223ab78d0eb64dadbd40a.yaml @@ -0,0 +1,58 @@ +id: smart-recent-posts-widget-0b26b05fd72223ab78d0eb64dadbd40a + +info: + name: > + Smart Recent Posts Widget <= 1.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f40e7f8a-8bca-4a87-887c-8e11b1da46a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-recent-posts-widget/" + google-query: inurl:"/wp-content/plugins/smart-recent-posts-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-recent-posts-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-recent-posts-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-recent-posts-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-seo-tool-b76eb61ef2aa1f7567f1609609758512.yaml b/nuclei-templates/cve-less/plugins/smart-seo-tool-b76eb61ef2aa1f7567f1609609758512.yaml new file mode 100644 index 0000000000..93819e7587 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-seo-tool-b76eb61ef2aa1f7567f1609609758512.yaml @@ -0,0 +1,58 @@ +id: smart-seo-tool-b76eb61ef2aa1f7567f1609609758512 + +info: + name: > + Smart SEO Tool <= 3.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32237c21-2fec-4228-8264-e9f3f1a70060?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-seo-tool/" + google-query: inurl:"/wp-content/plugins/smart-seo-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-seo-tool,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-seo-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-seo-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-slide-show-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/smart-slide-show-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..0723fef34a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-slide-show-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: smart-slide-show-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-slide-show/" + google-query: inurl:"/wp-content/plugins/smart-slide-show/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-slide-show,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-slide-show/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-slide-show" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-slider-3-01aa5492a4b5bc7532a3a46a182927f8.yaml b/nuclei-templates/cve-less/plugins/smart-slider-3-01aa5492a4b5bc7532a3a46a182927f8.yaml new file mode 100644 index 0000000000..91896a84ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-slider-3-01aa5492a4b5bc7532a3a46a182927f8.yaml @@ -0,0 +1,58 @@ +id: smart-slider-3-01aa5492a4b5bc7532a3a46a182927f8 + +info: + name: > + Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae81917e-0367-4c64-9254-fd74751ada48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-slider-3/" + google-query: inurl:"/wp-content/plugins/smart-slider-3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-slider-3,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-slider-3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-slider-3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-slider-3-39ab4c2294aa56f29beb5a701f23e19b.yaml b/nuclei-templates/cve-less/plugins/smart-slider-3-39ab4c2294aa56f29beb5a701f23e19b.yaml new file mode 100644 index 0000000000..a7a22a37aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-slider-3-39ab4c2294aa56f29beb5a701f23e19b.yaml @@ -0,0 +1,58 @@ +id: smart-slider-3-39ab4c2294aa56f29beb5a701f23e19b + +info: + name: > + Smart Slider 3 <= 3.5.0.8 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c57f27b-2441-4f16-ab4b-bfb68b7b793f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-slider-3/" + google-query: inurl:"/wp-content/plugins/smart-slider-3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-slider-3,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-slider-3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-slider-3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-slider-3-7fcf2911100968a88895e890aa0259dd.yaml b/nuclei-templates/cve-less/plugins/smart-slider-3-7fcf2911100968a88895e890aa0259dd.yaml new file mode 100644 index 0000000000..38ee7e944a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-slider-3-7fcf2911100968a88895e890aa0259dd.yaml @@ -0,0 +1,58 @@ +id: smart-slider-3-7fcf2911100968a88895e890aa0259dd + +info: + name: > + Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/915f464f-449d-4ad2-9f43-6ce5d93ccb05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-slider-3/" + google-query: inurl:"/wp-content/plugins/smart-slider-3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-slider-3,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-slider-3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-slider-3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-slider-3-b789e3115d873b4f1d599f40302f434c.yaml b/nuclei-templates/cve-less/plugins/smart-slider-3-b789e3115d873b4f1d599f40302f434c.yaml new file mode 100644 index 0000000000..d1e6ae1c26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-slider-3-b789e3115d873b4f1d599f40302f434c.yaml @@ -0,0 +1,58 @@ +id: smart-slider-3-b789e3115d873b4f1d599f40302f434c + +info: + name: > + Smart Slider 3 <= 3.5.1.9 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/565b4026-0807-449d-a78e-798da53c3f52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-slider-3/" + google-query: inurl:"/wp-content/plugins/smart-slider-3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-slider-3,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-slider-3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-slider-3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-slider-3-c9194ffc50bb3f8abe6f00ef14c4cdc5.yaml b/nuclei-templates/cve-less/plugins/smart-slider-3-c9194ffc50bb3f8abe6f00ef14c4cdc5.yaml new file mode 100644 index 0000000000..8b77642df4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-slider-3-c9194ffc50bb3f8abe6f00ef14c4cdc5.yaml @@ -0,0 +1,58 @@ +id: smart-slider-3-c9194ffc50bb3f8abe6f00ef14c4cdc5 + +info: + name: > + Smart Slider 3 <= 3.5.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0191e5b0-b669-439b-8ad4-9f860e6ee637?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-slider-3/" + google-query: inurl:"/wp-content/plugins/smart-slider-3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-slider-3,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-slider-3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-slider-3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-slider-3-f451ba2e71b9d178f196c4bee4c708ef.yaml b/nuclei-templates/cve-less/plugins/smart-slider-3-f451ba2e71b9d178f196c4bee4c708ef.yaml new file mode 100644 index 0000000000..16db5fc3ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-slider-3-f451ba2e71b9d178f196c4bee4c708ef.yaml @@ -0,0 +1,58 @@ +id: smart-slider-3-f451ba2e71b9d178f196c4bee4c708ef + +info: + name: > + Smart Slider 3 <= 3.5.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c192425a-1e2d-4f7d-bd88-3a594d70a461?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-slider-3/" + google-query: inurl:"/wp-content/plugins/smart-slider-3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-slider-3,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-slider-3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-slider-3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-woocommerce-search-517aef4b1533709bdbf95e8d657f10e6.yaml b/nuclei-templates/cve-less/plugins/smart-woocommerce-search-517aef4b1533709bdbf95e8d657f10e6.yaml new file mode 100644 index 0000000000..80f1fd5ac9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-woocommerce-search-517aef4b1533709bdbf95e8d657f10e6.yaml @@ -0,0 +1,58 @@ +id: smart-woocommerce-search-517aef4b1533709bdbf95e8d657f10e6 + +info: + name: > + Smart WooCommerce Search <= 2.5.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59931266-766f-42d2-bcde-04d694a444b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-woocommerce-search/" + google-query: inurl:"/wp-content/plugins/smart-woocommerce-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-woocommerce-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-woocommerce-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-woocommerce-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smart-youtube-94622a9541e2d7c1e56d077f426d64ea.yaml b/nuclei-templates/cve-less/plugins/smart-youtube-94622a9541e2d7c1e56d077f426d64ea.yaml new file mode 100644 index 0000000000..80d29e56dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smart-youtube-94622a9541e2d7c1e56d077f426d64ea.yaml @@ -0,0 +1,58 @@ +id: smart-youtube-94622a9541e2d7c1e56d077f426d64ea + +info: + name: > + Smart YouTube PRO <= 4.3 - Cross-Site Request Forgery via handle_colorbox_options + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a184090c-0281-4d8d-bd4d-256b4ed826dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smart-youtube/" + google-query: inurl:"/wp-content/plugins/smart-youtube/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smart-youtube,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smart-youtube/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smart-youtube" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smartcrawl-seo-0f5c5f0145a23c33dd91c0c052718e6c.yaml b/nuclei-templates/cve-less/plugins/smartcrawl-seo-0f5c5f0145a23c33dd91c0c052718e6c.yaml new file mode 100644 index 0000000000..ff97915745 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smartcrawl-seo-0f5c5f0145a23c33dd91c0c052718e6c.yaml @@ -0,0 +1,58 @@ +id: smartcrawl-seo-0f5c5f0145a23c33dd91c0c052718e6c + +info: + name: > + SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a77672b-340e-4f10-abe7-461c2db537b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smartcrawl-seo/" + google-query: inurl:"/wp-content/plugins/smartcrawl-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smartcrawl-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smartcrawl-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smartcrawl-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smartcrawl-seo-b9c11b54952021362ff03d2b884e46b9.yaml b/nuclei-templates/cve-less/plugins/smartcrawl-seo-b9c11b54952021362ff03d2b884e46b9.yaml new file mode 100644 index 0000000000..7525b8af29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smartcrawl-seo-b9c11b54952021362ff03d2b884e46b9.yaml @@ -0,0 +1,58 @@ +id: smartcrawl-seo-b9c11b54952021362ff03d2b884e46b9 + +info: + name: > + Simple Social Media Share Buttons <= 3.8.2 - Unauthenticated Password Protected Post Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba88964e-7487-4cd5-ab3e-bd33d14a61df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smartcrawl-seo/" + google-query: inurl:"/wp-content/plugins/smartcrawl-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smartcrawl-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smartcrawl-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smartcrawl-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smartsoftbutton-widget-de-botones-de-chat-681d5f2f15a561b04bf2e029cc02c5b4.yaml b/nuclei-templates/cve-less/plugins/smartsoftbutton-widget-de-botones-de-chat-681d5f2f15a561b04bf2e029cc02c5b4.yaml new file mode 100644 index 0000000000..c4c50d348c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smartsoftbutton-widget-de-botones-de-chat-681d5f2f15a561b04bf2e029cc02c5b4.yaml @@ -0,0 +1,58 @@ +id: smartsoftbutton-widget-de-botones-de-chat-681d5f2f15a561b04bf2e029cc02c5b4 + +info: + name: > + Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53757567-5024-46cc-b2ae-04b5fc55a35c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smartsoftbutton-widget-de-botones-de-chat/" + google-query: inurl:"/wp-content/plugins/smartsoftbutton-widget-de-botones-de-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smartsoftbutton-widget-de-botones-de-chat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smartsoftbutton-widget-de-botones-de-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smartsoftbutton-widget-de-botones-de-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smarty-for-wordpress-67cf82bcdd960b08b194bbfec613a24f.yaml b/nuclei-templates/cve-less/plugins/smarty-for-wordpress-67cf82bcdd960b08b194bbfec613a24f.yaml new file mode 100644 index 0000000000..e42e5e4438 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smarty-for-wordpress-67cf82bcdd960b08b194bbfec613a24f.yaml @@ -0,0 +1,58 @@ +id: smarty-for-wordpress-67cf82bcdd960b08b194bbfec613a24f + +info: + name: > + Smarty for WordPress <= 3.1.35 - Cross-Site Request Forgery via displaySmartyManagementPage + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca6756d0-d1d2-41b3-ad62-fc665a281e6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smarty-for-wordpress/" + google-query: inurl:"/wp-content/plugins/smarty-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smarty-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smarty-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smarty-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smarty-for-wordpress-714adebc0f79250fa11c7babb8af735a.yaml b/nuclei-templates/cve-less/plugins/smarty-for-wordpress-714adebc0f79250fa11c7babb8af735a.yaml new file mode 100644 index 0000000000..b799d07efe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smarty-for-wordpress-714adebc0f79250fa11c7babb8af735a.yaml @@ -0,0 +1,58 @@ +id: smarty-for-wordpress-714adebc0f79250fa11c7babb8af735a + +info: + name: > + Smarty for WordPress <= 3.1.35 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/498a10a1-8da6-4309-833f-950f6442d5ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smarty-for-wordpress/" + google-query: inurl:"/wp-content/plugins/smarty-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smarty-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smarty-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smarty-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smokesignal-43890f1f23768c00ae2a757d58110ef2.yaml b/nuclei-templates/cve-less/plugins/smokesignal-43890f1f23768c00ae2a757d58110ef2.yaml new file mode 100644 index 0000000000..c69e3a4779 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smokesignal-43890f1f23768c00ae2a757d58110ef2.yaml @@ -0,0 +1,58 @@ +id: smokesignal-43890f1f23768c00ae2a757d58110ef2 + +info: + name: > + SmokeSignal <= 1.2.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb892e06-b32c-4cea-92e5-e214acb91a2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smokesignal/" + google-query: inurl:"/wp-content/plugins/smokesignal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smokesignal,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smokesignal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smokesignal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smooth-page-scroll-updown-buttons-c1380d1b7ef910c0603f14abaf611a7b.yaml b/nuclei-templates/cve-less/plugins/smooth-page-scroll-updown-buttons-c1380d1b7ef910c0603f14abaf611a7b.yaml new file mode 100644 index 0000000000..a34b25b6fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smooth-page-scroll-updown-buttons-c1380d1b7ef910c0603f14abaf611a7b.yaml @@ -0,0 +1,58 @@ +id: smooth-page-scroll-updown-buttons-c1380d1b7ef910c0603f14abaf611a7b + +info: + name: > + Smooth Scroll Page Up/Down Buttons <= 1.3 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a563439-c1c2-4a19-b5f7-22ed7be87ad7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smooth-page-scroll-updown-buttons/" + google-query: inurl:"/wp-content/plugins/smooth-page-scroll-updown-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smooth-page-scroll-updown-buttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smooth-page-scroll-updown-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smooth-page-scroll-updown-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smooth-page-scroll-updown-buttons-ed5e303cb61bf4126d5ebc5c9cfb7c58.yaml b/nuclei-templates/cve-less/plugins/smooth-page-scroll-updown-buttons-ed5e303cb61bf4126d5ebc5c9cfb7c58.yaml new file mode 100644 index 0000000000..aec6da9678 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smooth-page-scroll-updown-buttons-ed5e303cb61bf4126d5ebc5c9cfb7c58.yaml @@ -0,0 +1,58 @@ +id: smooth-page-scroll-updown-buttons-ed5e303cb61bf4126d5ebc5c9cfb7c58 + +info: + name: > + Smooth Scroll Page Up/Down Buttons <= 1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28cb1a04-5129-430a-850e-c410e95d7b87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smooth-page-scroll-updown-buttons/" + google-query: inurl:"/wp-content/plugins/smooth-page-scroll-updown-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smooth-page-scroll-updown-buttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smooth-page-scroll-updown-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smooth-page-scroll-updown-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smooth-scrolling-links-ssl-3ea22c02a19639aa3b53bac3d8c83192.yaml b/nuclei-templates/cve-less/plugins/smooth-scrolling-links-ssl-3ea22c02a19639aa3b53bac3d8c83192.yaml new file mode 100644 index 0000000000..99b9a11cee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smooth-scrolling-links-ssl-3ea22c02a19639aa3b53bac3d8c83192.yaml @@ -0,0 +1,58 @@ +id: smooth-scrolling-links-ssl-3ea22c02a19639aa3b53bac3d8c83192 + +info: + name: > + Smooth Scroll Links <= 1.1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49018b4b-2833-4ced-b36a-ebe69c5cb096?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smooth-scrolling-links-ssl/" + google-query: inurl:"/wp-content/plugins/smooth-scrolling-links-ssl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smooth-scrolling-links-ssl,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smooth-scrolling-links-ssl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smooth-scrolling-links-ssl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smooth-slider-5e7c4bc77fb9b2b637c41f55c55733f0.yaml b/nuclei-templates/cve-less/plugins/smooth-slider-5e7c4bc77fb9b2b637c41f55c55733f0.yaml new file mode 100644 index 0000000000..9b53accc97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smooth-slider-5e7c4bc77fb9b2b637c41f55c55733f0.yaml @@ -0,0 +1,58 @@ +id: smooth-slider-5e7c4bc77fb9b2b637c41f55c55733f0 + +info: + name: > + Smooth Slider < 2.8.7 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/357257df-123d-4885-ad48-ff38ce29eeb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smooth-slider/" + google-query: inurl:"/wp-content/plugins/smooth-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smooth-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smooth-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smooth-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smooth-slider-60f28a7307d8376de999213f19e8d5bb.yaml b/nuclei-templates/cve-less/plugins/smooth-slider-60f28a7307d8376de999213f19e8d5bb.yaml new file mode 100644 index 0000000000..8c7c13a2b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smooth-slider-60f28a7307d8376de999213f19e8d5bb.yaml @@ -0,0 +1,58 @@ +id: smooth-slider-60f28a7307d8376de999213f19e8d5bb + +info: + name: > + Smooth Slider < 2.7 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3566d9fa-faeb-4302-96e2-464a68eff66d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smooth-slider/" + google-query: inurl:"/wp-content/plugins/smooth-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smooth-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smooth-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smooth-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smoothscroller-2cf2ecadfdb85fc26b2f2d1670a74a60.yaml b/nuclei-templates/cve-less/plugins/smoothscroller-2cf2ecadfdb85fc26b2f2d1670a74a60.yaml new file mode 100644 index 0000000000..7d207cdc30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smoothscroller-2cf2ecadfdb85fc26b2f2d1670a74a60.yaml @@ -0,0 +1,58 @@ +id: smoothscroller-2cf2ecadfdb85fc26b2f2d1670a74a60 + +info: + name: > + Smoothscroller <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3aca1995-2408-423d-afb6-6cf452fbee37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smoothscroller/" + google-query: inurl:"/wp-content/plugins/smoothscroller/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smoothscroller,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smoothscroller/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smoothscroller" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smpl-shortcodes-c3292186ff6270827e326f6eecd76002.yaml b/nuclei-templates/cve-less/plugins/smpl-shortcodes-c3292186ff6270827e326f6eecd76002.yaml new file mode 100644 index 0000000000..eb7635e34c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smpl-shortcodes-c3292186ff6270827e326f6eecd76002.yaml @@ -0,0 +1,58 @@ +id: smpl-shortcodes-c3292186ff6270827e326f6eecd76002 + +info: + name: > + Simple Shortcodes <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a153d6b2-e3fd-42db-90ba-d899a07d60c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smpl-shortcodes/" + google-query: inurl:"/wp-content/plugins/smpl-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smpl-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smpl-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smpl-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sms-alert-7c8a4badc44767125cd457fdcb3a6ffa.yaml b/nuclei-templates/cve-less/plugins/sms-alert-7c8a4badc44767125cd457fdcb3a6ffa.yaml new file mode 100644 index 0000000000..48d051e1cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sms-alert-7c8a4badc44767125cd457fdcb3a6ffa.yaml @@ -0,0 +1,58 @@ +id: sms-alert-7c8a4badc44767125cd457fdcb3a6ffa + +info: + name: > + SMS Alert Order Notifications – WooCommerce <= 3.6.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7a28382-facb-43a7-892a-8ca9e7f0f62b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sms-alert/" + google-query: inurl:"/wp-content/plugins/sms-alert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sms-alert,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sms-alert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sms-alert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sms-alert-d6a49c02628ddcb69bd8644362723660.yaml b/nuclei-templates/cve-less/plugins/sms-alert-d6a49c02628ddcb69bd8644362723660.yaml new file mode 100644 index 0000000000..425a3c9322 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sms-alert-d6a49c02628ddcb69bd8644362723660.yaml @@ -0,0 +1,58 @@ +id: sms-alert-d6a49c02628ddcb69bd8644362723660 + +info: + name: > + SMS Alert Order Notifications – WooCommerce <= 3.4.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/215ea2de-538b-4f24-98f8-67b8314453cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sms-alert/" + google-query: inurl:"/wp-content/plugins/sms-alert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sms-alert,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sms-alert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sms-alert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sms-ovh-71d3c20a220713a113b92e288fcb3219.yaml b/nuclei-templates/cve-less/plugins/sms-ovh-71d3c20a220713a113b92e288fcb3219.yaml new file mode 100644 index 0000000000..6488392fcb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sms-ovh-71d3c20a220713a113b92e288fcb3219.yaml @@ -0,0 +1,58 @@ +id: sms-ovh-71d3c20a220713a113b92e288fcb3219 + +info: + name: > + SMS OVH <= 0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8febf4ba-ad0f-4f93-8c13-f976d583e689?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sms-ovh/" + google-query: inurl:"/wp-content/plugins/sms-ovh/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sms-ovh,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sms-ovh/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sms-ovh" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smsa-shipping-for-woocommerce-a6b4638155101fd9dca73e44a2714579.yaml b/nuclei-templates/cve-less/plugins/smsa-shipping-for-woocommerce-a6b4638155101fd9dca73e44a2714579.yaml new file mode 100644 index 0000000000..807cebe36a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smsa-shipping-for-woocommerce-a6b4638155101fd9dca73e44a2714579.yaml @@ -0,0 +1,58 @@ +id: smsa-shipping-for-woocommerce-a6b4638155101fd9dca73e44a2714579 + +info: + name: > + SMSA Shipping for WooCommerce <= 1.0.4 - Authenticated (Subscriber+) Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e855031-eddd-45bc-9ed2-80cae03a45df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smsa-shipping-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/smsa-shipping-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smsa-shipping-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smsa-shipping-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smsa-shipping-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smsmaster-43a98edb387e539611a5da070feef314.yaml b/nuclei-templates/cve-less/plugins/smsmaster-43a98edb387e539611a5da070feef314.yaml new file mode 100644 index 0000000000..bc2f5b9d84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smsmaster-43a98edb387e539611a5da070feef314.yaml @@ -0,0 +1,58 @@ +id: smsmaster-43a98edb387e539611a5da070feef314 + +info: + name: > + SMSmaster – Multipurpose SMS Gateway for Wordpress (All Versions) - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c2153f5-1c8b-4095-a0a8-849a7ee967c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smsmaster/" + google-query: inurl:"/wp-content/plugins/smsmaster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smsmaster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smsmaster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smsmaster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smtp-mail-504075ccb58d6f87a992a01e113a99a6.yaml b/nuclei-templates/cve-less/plugins/smtp-mail-504075ccb58d6f87a992a01e113a99a6.yaml new file mode 100644 index 0000000000..923f5e7623 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smtp-mail-504075ccb58d6f87a992a01e113a99a6.yaml @@ -0,0 +1,58 @@ +id: smtp-mail-504075ccb58d6f87a992a01e113a99a6 + +info: + name: > + SMTP Mail <= 1.3.21 - Unauthenticated Stored Cross-Site Scripting via Email Subject + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ae734d1-0cd4-4ff5-8448-828b0fb64f70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smtp-mail/" + google-query: inurl:"/wp-content/plugins/smtp-mail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smtp-mail,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smtp-mail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smtp-mail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smtp-mail-8790e1fe54b5de31a7c208c20bbec007.yaml b/nuclei-templates/cve-less/plugins/smtp-mail-8790e1fe54b5de31a7c208c20bbec007.yaml new file mode 100644 index 0000000000..955951a3fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smtp-mail-8790e1fe54b5de31a7c208c20bbec007.yaml @@ -0,0 +1,58 @@ +id: smtp-mail-8790e1fe54b5de31a7c208c20bbec007 + +info: + name: > + SMTP Mail Plugin <= 1.3.20 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60379757-fe43-4a76-a65a-ee09163dab0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smtp-mail/" + google-query: inurl:"/wp-content/plugins/smtp-mail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smtp-mail,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smtp-mail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smtp-mail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smtp-mailing-queue-4f005a53f32a91b958c425e9676f1ab9.yaml b/nuclei-templates/cve-less/plugins/smtp-mailing-queue-4f005a53f32a91b958c425e9676f1ab9.yaml new file mode 100644 index 0000000000..d9ebef33be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smtp-mailing-queue-4f005a53f32a91b958c425e9676f1ab9.yaml @@ -0,0 +1,58 @@ +id: smtp-mailing-queue-4f005a53f32a91b958c425e9676f1ab9 + +info: + name: > + SMTP Mailing Queue <= 1.4.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a0ba31d-d2d8-4614-8f77-a041c25c0519?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smtp-mailing-queue/" + google-query: inurl:"/wp-content/plugins/smtp-mailing-queue/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smtp-mailing-queue,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smtp-mailing-queue/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smtp-mailing-queue" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/smtp2go-702ceb7e56323b84fbe97e278b8eb74c.yaml b/nuclei-templates/cve-less/plugins/smtp2go-702ceb7e56323b84fbe97e278b8eb74c.yaml new file mode 100644 index 0000000000..005379a607 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/smtp2go-702ceb7e56323b84fbe97e278b8eb74c.yaml @@ -0,0 +1,58 @@ +id: smtp2go-702ceb7e56323b84fbe97e278b8eb74c + +info: + name: > + SMTP2GO <= 1.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via admin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cc618c8-63a9-4321-ad18-ee5277a5f5e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/smtp2go/" + google-query: inurl:"/wp-content/plugins/smtp2go/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,smtp2go,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/smtp2go/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smtp2go" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/snap-pixel-778723489fb152c7cb9e920525174271.yaml b/nuclei-templates/cve-less/plugins/snap-pixel-778723489fb152c7cb9e920525174271.yaml new file mode 100644 index 0000000000..577d6af425 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/snap-pixel-778723489fb152c7cb9e920525174271.yaml @@ -0,0 +1,58 @@ +id: snap-pixel-778723489fb152c7cb9e920525174271 + +info: + name: > + Snap Pixel <= 1.5.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6150fd60-069f-4ba6-8f0c-773039eaaec6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/snap-pixel/" + google-query: inurl:"/wp-content/plugins/snap-pixel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,snap-pixel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/snap-pixel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "snap-pixel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/snap-pixel-ed4eb2c4883d6e7594e77a8d9e41fb0a.yaml b/nuclei-templates/cve-less/plugins/snap-pixel-ed4eb2c4883d6e7594e77a8d9e41fb0a.yaml new file mode 100644 index 0000000000..9c58a4e685 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/snap-pixel-ed4eb2c4883d6e7594e77a8d9e41fb0a.yaml @@ -0,0 +1,58 @@ +id: snap-pixel-ed4eb2c4883d6e7594e77a8d9e41fb0a + +info: + name: > + Snap Pixel <= 1.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37686f8-6bd7-4c06-b80a-7d6849bbc7b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/snap-pixel/" + google-query: inurl:"/wp-content/plugins/snap-pixel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,snap-pixel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/snap-pixel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "snap-pixel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/snazzy-maps-2c0772cee08d9dbe384d352f3239ef5e.yaml b/nuclei-templates/cve-less/plugins/snazzy-maps-2c0772cee08d9dbe384d352f3239ef5e.yaml new file mode 100644 index 0000000000..ac99cd2221 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/snazzy-maps-2c0772cee08d9dbe384d352f3239ef5e.yaml @@ -0,0 +1,58 @@ +id: snazzy-maps-2c0772cee08d9dbe384d352f3239ef5e + +info: + name: > + Snazzy Maps <= 1.1.4 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa355718-c08f-4a22-bf6e-697af267ad12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/snazzy-maps/" + google-query: inurl:"/wp-content/plugins/snazzy-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,snazzy-maps,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/snazzy-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "snazzy-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sniplets-4361e4878576bdb762f0e4fba9f0435f.yaml b/nuclei-templates/cve-less/plugins/sniplets-4361e4878576bdb762f0e4fba9f0435f.yaml new file mode 100644 index 0000000000..a5baca3e9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sniplets-4361e4878576bdb762f0e4fba9f0435f.yaml @@ -0,0 +1,58 @@ +id: sniplets-4361e4878576bdb762f0e4fba9f0435f + +info: + name: > + Sniplets < 1.2.3 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfe41d6f-5026-4fcb-9ba0-a5180a03222c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sniplets/" + google-query: inurl:"/wp-content/plugins/sniplets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sniplets,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sniplets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sniplets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sniplets-4db82812dea0cad0cb375ee4495ca7c3.yaml b/nuclei-templates/cve-less/plugins/sniplets-4db82812dea0cad0cb375ee4495ca7c3.yaml new file mode 100644 index 0000000000..13453abfa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sniplets-4db82812dea0cad0cb375ee4495ca7c3.yaml @@ -0,0 +1,58 @@ +id: sniplets-4db82812dea0cad0cb375ee4495ca7c3 + +info: + name: > + Sniplets < 1.2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf4d42a2-746b-4c23-b0fe-b66eafb76303?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sniplets/" + google-query: inurl:"/wp-content/plugins/sniplets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sniplets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sniplets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sniplets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sniplets-5f1f84d548433ea33fa547d3daa5b883.yaml b/nuclei-templates/cve-less/plugins/sniplets-5f1f84d548433ea33fa547d3daa5b883.yaml new file mode 100644 index 0000000000..6f0dda218c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sniplets-5f1f84d548433ea33fa547d3daa5b883.yaml @@ -0,0 +1,58 @@ +id: sniplets-5f1f84d548433ea33fa547d3daa5b883 + +info: + name: > + Sniplets < 1.2.3 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e90704e-1a0c-448c-9139-542927cfa4f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sniplets/" + google-query: inurl:"/wp-content/plugins/sniplets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sniplets,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sniplets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sniplets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/snow-monkey-forms-4c37447306ccd460df466d06d390970b.yaml b/nuclei-templates/cve-less/plugins/snow-monkey-forms-4c37447306ccd460df466d06d390970b.yaml new file mode 100644 index 0000000000..20b06fff21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/snow-monkey-forms-4c37447306ccd460df466d06d390970b.yaml @@ -0,0 +1,58 @@ +id: snow-monkey-forms-4c37447306ccd460df466d06d390970b + +info: + name: > + Snow Monkey Forms <= 5.1.1 - Directory Traversal via 'view' REST endpiont + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83d935fc-7d7b-4c25-97f8-d3fe35307c7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/snow-monkey-forms/" + google-query: inurl:"/wp-content/plugins/snow-monkey-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,snow-monkey-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/snow-monkey-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "snow-monkey-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/so-pinyin-slugs-8f29322bf5d9ac8d382567725e776aae.yaml b/nuclei-templates/cve-less/plugins/so-pinyin-slugs-8f29322bf5d9ac8d382567725e776aae.yaml new file mode 100644 index 0000000000..6fbec61230 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/so-pinyin-slugs-8f29322bf5d9ac8d382567725e776aae.yaml @@ -0,0 +1,58 @@ +id: so-pinyin-slugs-8f29322bf5d9ac8d382567725e776aae + +info: + name: > + Pinyin Slugs <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65e76681-80e0-40aa-a68b-87cb0c42b4f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/so-pinyin-slugs/" + google-query: inurl:"/wp-content/plugins/so-pinyin-slugs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,so-pinyin-slugs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/so-pinyin-slugs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "so-pinyin-slugs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/so-widgets-bundle-81727806f0ca35ac1a1911812f8bc5ed.yaml b/nuclei-templates/cve-less/plugins/so-widgets-bundle-81727806f0ca35ac1a1911812f8bc5ed.yaml new file mode 100644 index 0000000000..815a7ea6b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/so-widgets-bundle-81727806f0ca35ac1a1911812f8bc5ed.yaml @@ -0,0 +1,58 @@ +id: so-widgets-bundle-81727806f0ca35ac1a1911812f8bc5ed + +info: + name: > + SiteOrigin Widgets Bundle < 1.51.0 - Authenticated (Admin+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1dbdc673-b0ee-4d1d-8cd9-603056f41cda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/so-widgets-bundle/" + google-query: inurl:"/wp-content/plugins/so-widgets-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,so-widgets-bundle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/so-widgets-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "so-widgets-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.50.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/so-widgets-bundle-9b450d4afbc0c12b819c42370b2e9a09.yaml b/nuclei-templates/cve-less/plugins/so-widgets-bundle-9b450d4afbc0c12b819c42370b2e9a09.yaml new file mode 100644 index 0000000000..6d727efd13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/so-widgets-bundle-9b450d4afbc0c12b819c42370b2e9a09.yaml @@ -0,0 +1,58 @@ +id: so-widgets-bundle-9b450d4afbc0c12b819c42370b2e9a09 + +info: + name: > + SiteOrigin Widgets Bundle <= 1.58.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7c164f-2f78-4857-94b9-077c2dea13df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/so-widgets-bundle/" + google-query: inurl:"/wp-content/plugins/so-widgets-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,so-widgets-bundle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/so-widgets-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "so-widgets-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.58.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/so-widgets-bundle-c33a17581ea3c88326cc98d137f0e313.yaml b/nuclei-templates/cve-less/plugins/so-widgets-bundle-c33a17581ea3c88326cc98d137f0e313.yaml new file mode 100644 index 0000000000..43b23ecedb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/so-widgets-bundle-c33a17581ea3c88326cc98d137f0e313.yaml @@ -0,0 +1,58 @@ +id: so-widgets-bundle-c33a17581ea3c88326cc98d137f0e313 + +info: + name: > + SiteOrigin Widgets Bundle <= 1.58.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8b6dafb-7b2f-4459-95bd-eb7e147a4466?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/so-widgets-bundle/" + google-query: inurl:"/wp-content/plugins/so-widgets-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,so-widgets-bundle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/so-widgets-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "so-widgets-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.58.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/so-widgets-bundle-dee8b4970935a0806a128f5493b5e0f3.yaml b/nuclei-templates/cve-less/plugins/so-widgets-bundle-dee8b4970935a0806a128f5493b5e0f3.yaml new file mode 100644 index 0000000000..ec943ad71a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/so-widgets-bundle-dee8b4970935a0806a128f5493b5e0f3.yaml @@ -0,0 +1,58 @@ +id: so-widgets-bundle-dee8b4970935a0806a128f5493b5e0f3 + +info: + name: > + SiteOrigin Widgets Bundle <= 1.58.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e63c566d-744b-42f5-9ba6-9007cc60313a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/so-widgets-bundle/" + google-query: inurl:"/wp-content/plugins/so-widgets-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,so-widgets-bundle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/so-widgets-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "so-widgets-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.58.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/so-widgets-bundle-e42a9ef463fb91cd20488d17488f8aed.yaml b/nuclei-templates/cve-less/plugins/so-widgets-bundle-e42a9ef463fb91cd20488d17488f8aed.yaml new file mode 100644 index 0000000000..083b1a11fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/so-widgets-bundle-e42a9ef463fb91cd20488d17488f8aed.yaml @@ -0,0 +1,58 @@ +id: so-widgets-bundle-e42a9ef463fb91cd20488d17488f8aed + +info: + name: > + SiteOrigin Widgets Bundle <= 1.58.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffeb766f-3684-4eec-bacb-bbf0d434aba0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/so-widgets-bundle/" + google-query: inurl:"/wp-content/plugins/so-widgets-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,so-widgets-bundle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/so-widgets-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "so-widgets-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.58.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/soccer-engine-lite-b9c46b0a4fb09a909818464ef220a0fe.yaml b/nuclei-templates/cve-less/plugins/soccer-engine-lite-b9c46b0a4fb09a909818464ef220a0fe.yaml new file mode 100644 index 0000000000..c5931304b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/soccer-engine-lite-b9c46b0a4fb09a909818464ef220a0fe.yaml @@ -0,0 +1,58 @@ +id: soccer-engine-lite-b9c46b0a4fb09a909818464ef220a0fe + +info: + name: > + Soccer Engine – Soccer Plugin for WordPress <= 1.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57e84624-98ab-495b-b985-908302527b3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/soccer-engine-lite/" + google-query: inurl:"/wp-content/plugins/soccer-engine-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,soccer-engine-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/soccer-engine-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soccer-engine-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sociable-4c5051d5f52547e43ba1e2683a220c8c.yaml b/nuclei-templates/cve-less/plugins/sociable-4c5051d5f52547e43ba1e2683a220c8c.yaml new file mode 100644 index 0000000000..813cc9a39c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sociable-4c5051d5f52547e43ba1e2683a220c8c.yaml @@ -0,0 +1,58 @@ +id: sociable-4c5051d5f52547e43ba1e2683a220c8c + +info: + name: > + Sociable <= 4.3.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43f6a5c2-3de0-4990-89ad-64e5d866345a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sociable/" + google-query: inurl:"/wp-content/plugins/sociable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sociable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sociable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sociable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-autho-bio-0d0deecac2c086210a1797922eb618d1.yaml b/nuclei-templates/cve-less/plugins/social-autho-bio-0d0deecac2c086210a1797922eb618d1.yaml new file mode 100644 index 0000000000..b455e73a18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-autho-bio-0d0deecac2c086210a1797922eb618d1.yaml @@ -0,0 +1,58 @@ +id: social-autho-bio-0d0deecac2c086210a1797922eb618d1 + +info: + name: > + Social Author Bio <= 2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/603087d1-49cb-4080-b0ef-14f04dce3fed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-autho-bio/" + google-query: inurl:"/wp-content/plugins/social-autho-bio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-autho-bio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-autho-bio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-autho-bio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-buttons-pack-aa3e1a0b3ade1f54e4f5b1a7d2b7227c.yaml b/nuclei-templates/cve-less/plugins/social-buttons-pack-aa3e1a0b3ade1f54e4f5b1a7d2b7227c.yaml new file mode 100644 index 0000000000..83241b23e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-buttons-pack-aa3e1a0b3ade1f54e4f5b1a7d2b7227c.yaml @@ -0,0 +1,58 @@ +id: social-buttons-pack-aa3e1a0b3ade1f54e4f5b1a7d2b7227c + +info: + name: > + Social Buttons Pack by BestWebSoft < 1.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/085b39e4-2e38-4e9d-af1a-f8981d5c6ed5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-buttons-pack/" + google-query: inurl:"/wp-content/plugins/social-buttons-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-buttons-pack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-buttons-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-buttons-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-connect-4382e753da7c1d916f58a427140d32b1.yaml b/nuclei-templates/cve-less/plugins/social-connect-4382e753da7c1d916f58a427140d32b1.yaml new file mode 100644 index 0000000000..e7f2c37cd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-connect-4382e753da7c1d916f58a427140d32b1.yaml @@ -0,0 +1,58 @@ +id: social-connect-4382e753da7c1d916f58a427140d32b1 + +info: + name: > + Social Connect <= 0.10.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8a356db-02a2-4392-baca-46ef1bbfc801?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-connect/" + google-query: inurl:"/wp-content/plugins/social-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-connect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-connect-c1236c0c6ab8ee5053b35b87bf461df3.yaml b/nuclei-templates/cve-less/plugins/social-connect-c1236c0c6ab8ee5053b35b87bf461df3.yaml new file mode 100644 index 0000000000..1773b4616f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-connect-c1236c0c6ab8ee5053b35b87bf461df3.yaml @@ -0,0 +1,58 @@ +id: social-connect-c1236c0c6ab8ee5053b35b87bf461df3 + +info: + name: > + Social Connect <= 1.2 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2882d9dd-0c73-4c9a-99cb-d10900503103?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-connect/" + google-query: inurl:"/wp-content/plugins/social-connect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-connect,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-connect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-connect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-icons-widget-by-wpzoom-88c1256a33fa14ef83ca4797e8fc907d.yaml b/nuclei-templates/cve-less/plugins/social-icons-widget-by-wpzoom-88c1256a33fa14ef83ca4797e8fc907d.yaml new file mode 100644 index 0000000000..4b069650a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-icons-widget-by-wpzoom-88c1256a33fa14ef83ca4797e8fc907d.yaml @@ -0,0 +1,58 @@ +id: social-icons-widget-by-wpzoom-88c1256a33fa14ef83ca4797e8fc907d + +info: + name: > + Social Icons Widget & Block <= 4.2.17 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2567ecc4-1346-4092-8c99-ffa5064e6a3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-icons-widget-by-wpzoom/" + google-query: inurl:"/wp-content/plugins/social-icons-widget-by-wpzoom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-icons-widget-by-wpzoom,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-icons-widget-by-wpzoom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-icons-widget-by-wpzoom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-icons-widget-by-wpzoom-9590c9a713d41dcccd250e79c2d68a75.yaml b/nuclei-templates/cve-less/plugins/social-icons-widget-by-wpzoom-9590c9a713d41dcccd250e79c2d68a75.yaml new file mode 100644 index 0000000000..365dfd50de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-icons-widget-by-wpzoom-9590c9a713d41dcccd250e79c2d68a75.yaml @@ -0,0 +1,58 @@ +id: social-icons-widget-by-wpzoom-9590c9a713d41dcccd250e79c2d68a75 + +info: + name: > + Social Icons Widget & Block by WPZOOM <= 4.2.15 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d27f-b943-4cb3-b38a-01192844e9ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-icons-widget-by-wpzoom/" + google-query: inurl:"/wp-content/plugins/social-icons-widget-by-wpzoom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-icons-widget-by-wpzoom,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-icons-widget-by-wpzoom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-icons-widget-by-wpzoom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-locker-6b8f7b7b7105323e383724ec1fbf543e.yaml b/nuclei-templates/cve-less/plugins/social-locker-6b8f7b7b7105323e383724ec1fbf543e.yaml new file mode 100644 index 0000000000..ebd55b92be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-locker-6b8f7b7b7105323e383724ec1fbf543e.yaml @@ -0,0 +1,58 @@ +id: social-locker-6b8f7b7b7105323e383724ec1fbf543e + +info: + name: > + OnePress Social Locker <= 5.6.2 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/189430b2-cf7f-46e3-b5b0-c9515b64e731?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-locker/" + google-query: inurl:"/wp-content/plugins/social-locker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-locker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-locker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-locker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-locker-a5378db9ff5e403b6611ab949a2e8073.yaml b/nuclei-templates/cve-less/plugins/social-locker-a5378db9ff5e403b6611ab949a2e8073.yaml new file mode 100644 index 0000000000..47e178f271 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-locker-a5378db9ff5e403b6611ab949a2e8073.yaml @@ -0,0 +1,58 @@ +id: social-locker-a5378db9ff5e403b6611ab949a2e8073 + +info: + name: > + OnePress Social Locker < 4.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e04e2f24-ca52-4f7c-961b-f35b9ff90536?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-locker/" + google-query: inurl:"/wp-content/plugins/social-locker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-locker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-locker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-locker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-login-bws-70c3e0a35f7627ffa035ef5b1d41e423.yaml b/nuclei-templates/cve-less/plugins/social-login-bws-70c3e0a35f7627ffa035ef5b1d41e423.yaml new file mode 100644 index 0000000000..d2cccfca17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-login-bws-70c3e0a35f7627ffa035ef5b1d41e423.yaml @@ -0,0 +1,58 @@ +id: social-login-bws-70c3e0a35f7627ffa035ef5b1d41e423 + +info: + name: > + Social Login by BestWebSoft <= 0.1 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14ee389b-8f98-4991-9a61-9da596013fea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-login-bws/" + google-query: inurl:"/wp-content/plugins/social-login-bws/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-login-bws,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-login-bws/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-login-bws" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-login-wp-338164cecd8fcca43099976a3c20b294.yaml b/nuclei-templates/cve-less/plugins/social-login-wp-338164cecd8fcca43099976a3c20b294.yaml new file mode 100644 index 0000000000..dcecadcccf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-login-wp-338164cecd8fcca43099976a3c20b294.yaml @@ -0,0 +1,58 @@ +id: social-login-wp-338164cecd8fcca43099976a3c20b294 + +info: + name: > + Social Login WP <= 5.0.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1518653c-e64d-4aba-b7f8-a928b8f2cbe3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-login-wp/" + google-query: inurl:"/wp-content/plugins/social-login-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-login-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-login-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-login-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-media-builder-d57b4e44c91b72a924430dae58b27aa4.yaml b/nuclei-templates/cve-less/plugins/social-media-builder-d57b4e44c91b72a924430dae58b27aa4.yaml new file mode 100644 index 0000000000..2d0c9f7b1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-media-builder-d57b4e44c91b72a924430dae58b27aa4.yaml @@ -0,0 +1,58 @@ +id: social-media-builder-d57b4e44c91b72a924430dae58b27aa4 + +info: + name: > + Social Media Share Buttons <= 2.1.0 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c17d18a-090f-4b35-a257-cfc0a16d5459?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-media-builder/" + google-query: inurl:"/wp-content/plugins/social-media-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-media-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-media-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-media-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-media-buttons-toolbar-99651f4102212266ab89ea9f71ca952d.yaml b/nuclei-templates/cve-less/plugins/social-media-buttons-toolbar-99651f4102212266ab89ea9f71ca952d.yaml new file mode 100644 index 0000000000..75a52c583d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-media-buttons-toolbar-99651f4102212266ab89ea9f71ca952d.yaml @@ -0,0 +1,58 @@ +id: social-media-buttons-toolbar-99651f4102212266ab89ea9f71ca952d + +info: + name: > + Social Media Follow Buttons Bar <= 4.73 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e49d389-0ae8-48e1-8ff7-67ddaa5b2867?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-media-buttons-toolbar/" + google-query: inurl:"/wp-content/plugins/social-media-buttons-toolbar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-media-buttons-toolbar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-media-buttons-toolbar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-media-buttons-toolbar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.73') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-media-feather-1588d8e6d7413910cf24de603f48ae6c.yaml b/nuclei-templates/cve-less/plugins/social-media-feather-1588d8e6d7413910cf24de603f48ae6c.yaml new file mode 100644 index 0000000000..ace4e29ae1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-media-feather-1588d8e6d7413910cf24de603f48ae6c.yaml @@ -0,0 +1,58 @@ +id: social-media-feather-1588d8e6d7413910cf24de603f48ae6c + +info: + name: > + Social Media Feather <= 2.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6972f776-993c-4e5f-b347-5c784c42601c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-media-feather/" + google-query: inurl:"/wp-content/plugins/social-media-feather/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-media-feather,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-media-feather/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-media-feather" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-media-feather-fb9c081792eb804457cb99e8fe8f106d.yaml b/nuclei-templates/cve-less/plugins/social-media-feather-fb9c081792eb804457cb99e8fe8f106d.yaml new file mode 100644 index 0000000000..d35528f383 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-media-feather-fb9c081792eb804457cb99e8fe8f106d.yaml @@ -0,0 +1,58 @@ +id: social-media-feather-fb9c081792eb804457cb99e8fe8f106d + +info: + name: > + Social Media Feather <= 2.1.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4154aa02-7fa1-4858-bea7-092ec4a508ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-media-feather/" + google-query: inurl:"/wp-content/plugins/social-media-feather/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-media-feather,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-media-feather/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-media-feather" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-media-widget-2a26b1ebd615a5a8ab227978499778fd.yaml b/nuclei-templates/cve-less/plugins/social-media-widget-2a26b1ebd615a5a8ab227978499778fd.yaml new file mode 100644 index 0000000000..11b5636d60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-media-widget-2a26b1ebd615a5a8ab227978499778fd.yaml @@ -0,0 +1,58 @@ +id: social-media-widget-2a26b1ebd615a5a8ab227978499778fd + +info: + name: > + Social Media Widget <= 4.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0accbee-8ab3-4e6a-b7c8-a204d681d8cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-media-widget/" + google-query: inurl:"/wp-content/plugins/social-media-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-media-widget,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-media-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-media-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-metrics-6685df96c78b040fc19a70ee58d84842.yaml b/nuclei-templates/cve-less/plugins/social-metrics-6685df96c78b040fc19a70ee58d84842.yaml new file mode 100644 index 0000000000..e2284bbe2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-metrics-6685df96c78b040fc19a70ee58d84842.yaml @@ -0,0 +1,58 @@ +id: social-metrics-6685df96c78b040fc19a70ee58d84842 + +info: + name: > + Social Metrics <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3267339-2f28-40b9-b6ff-fdfe0d67bdc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-metrics/" + google-query: inurl:"/wp-content/plugins/social-metrics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-metrics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-metrics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-metrics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-network-tabs-b4a4ad1fab127bb574b5a124686073ff.yaml b/nuclei-templates/cve-less/plugins/social-network-tabs-b4a4ad1fab127bb574b5a124686073ff.yaml new file mode 100644 index 0000000000..ac10469ed0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-network-tabs-b4a4ad1fab127bb574b5a124686073ff.yaml @@ -0,0 +1,58 @@ +id: social-network-tabs-b4a4ad1fab127bb574b5a124686073ff + +info: + name: > + Social Network Tabs - Social Media API Key Leakage <= 1.7.1 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd58a528-4c01-407d-b3f9-99c0817e9820?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-network-tabs/" + google-query: inurl:"/wp-content/plugins/social-network-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-network-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-network-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-network-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-00a3fc8db4a9ccf9c23a6b373ee7039a.yaml b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-00a3fc8db4a9ccf9c23a6b373ee7039a.yaml new file mode 100644 index 0000000000..0c01499ec8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-00a3fc8db4a9ccf9c23a6b373ee7039a.yaml @@ -0,0 +1,58 @@ +id: social-networks-auto-poster-facebook-twitter-g-00a3fc8db4a9ccf9c23a6b373ee7039a + +info: + name: > + NextScripts: Social Networks Auto-Poster <= 4.3.24 - Arbitrary Post Deletion via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/418e1f3b-ca99-4576-add9-d6134ba3869d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/" + google-query: inurl:"/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-networks-auto-poster-facebook-twitter-g,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-networks-auto-poster-facebook-twitter-g" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-0a3b3d0ea7c2929f39d0e12eda2eee2b.yaml b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-0a3b3d0ea7c2929f39d0e12eda2eee2b.yaml new file mode 100644 index 0000000000..03db71c9b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-0a3b3d0ea7c2929f39d0e12eda2eee2b.yaml @@ -0,0 +1,58 @@ +id: social-networks-auto-poster-facebook-twitter-g-0a3b3d0ea7c2929f39d0e12eda2eee2b + +info: + name: > + NextScripts: Social Networks Auto-Poster <= 4.3.23 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c0c1e62-1a1c-4a76-bd99-7ede232dc965?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/" + google-query: inurl:"/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-networks-auto-poster-facebook-twitter-g,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-networks-auto-poster-facebook-twitter-g" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-26e31433d5fce5f379c3acf232bae66e.yaml b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-26e31433d5fce5f379c3acf232bae66e.yaml new file mode 100644 index 0000000000..3bb6e45572 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-26e31433d5fce5f379c3acf232bae66e.yaml @@ -0,0 +1,58 @@ +id: social-networks-auto-poster-facebook-twitter-g-26e31433d5fce5f379c3acf232bae66e + +info: + name: > + NextScripts: Social Networks Auto-Poster <= 4.2.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3781245-14b1-4b1c-a471-a5a413cdb2ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/" + google-query: inurl:"/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-networks-auto-poster-facebook-twitter-g,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-networks-auto-poster-facebook-twitter-g" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-51832005d17a1bf5560310c763dc4026.yaml b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-51832005d17a1bf5560310c763dc4026.yaml new file mode 100644 index 0000000000..23ce909a92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-51832005d17a1bf5560310c763dc4026.yaml @@ -0,0 +1,58 @@ +id: social-networks-auto-poster-facebook-twitter-g-51832005d17a1bf5560310c763dc4026 + +info: + name: > + NextScripts: Social Networks Auto-Poster <= 4.3.20 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f715a80-ec70-4f1e-8ec9-c6f70173e5d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/" + google-query: inurl:"/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-networks-auto-poster-facebook-twitter-g,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-networks-auto-poster-facebook-twitter-g" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-eb56bf16494883e891ab8b3be05b8bf5.yaml b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-eb56bf16494883e891ab8b3be05b8bf5.yaml new file mode 100644 index 0000000000..f08aa267ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-networks-auto-poster-facebook-twitter-g-eb56bf16494883e891ab8b3be05b8bf5.yaml @@ -0,0 +1,58 @@ +id: social-networks-auto-poster-facebook-twitter-g-eb56bf16494883e891ab8b3be05b8bf5 + +info: + name: > + NextScripts <= 4.4.2 - Reflected Cross-Site Scripting via code + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15f00b65-8304-4132-a2cf-8145444ecfb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/" + google-query: inurl:"/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-networks-auto-poster-facebook-twitter-g,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-networks-auto-poster-facebook-twitter-g/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-networks-auto-poster-facebook-twitter-g" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-photo-gallery-d26dfd7d1dd47d6fd5993a9ac9d20c15.yaml b/nuclei-templates/cve-less/plugins/social-photo-gallery-d26dfd7d1dd47d6fd5993a9ac9d20c15.yaml new file mode 100644 index 0000000000..bb1d374a28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-photo-gallery-d26dfd7d1dd47d6fd5993a9ac9d20c15.yaml @@ -0,0 +1,58 @@ +id: social-photo-gallery-d26dfd7d1dd47d6fd5993a9ac9d20c15 + +info: + name: > + Social Photo Gallery <= 1.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/546976ff-eabe-4d24-b106-b8e66b7c2c5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-photo-gallery/" + google-query: inurl:"/wp-content/plugins/social-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-photo-gallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-proof-testimonials-slider-f60d70179169d7470d698c285c73d2aa.yaml b/nuclei-templates/cve-less/plugins/social-proof-testimonials-slider-f60d70179169d7470d698c285c73d2aa.yaml new file mode 100644 index 0000000000..19dbd701ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-proof-testimonials-slider-f60d70179169d7470d698c285c73d2aa.yaml @@ -0,0 +1,58 @@ +id: social-proof-testimonials-slider-f60d70179169d7470d698c285c73d2aa + +info: + name: > + Social Proof (Testimonial) Slider <= 2.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e324cd49-beaf-44bf-8890-5377731f0cc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-proof-testimonials-slider/" + google-query: inurl:"/wp-content/plugins/social-proof-testimonials-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-proof-testimonials-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-proof-testimonials-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-proof-testimonials-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-pug-1553916233de2092a6a61d801beae073.yaml b/nuclei-templates/cve-less/plugins/social-pug-1553916233de2092a6a61d801beae073.yaml new file mode 100644 index 0000000000..ac46143d7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-pug-1553916233de2092a6a61d801beae073.yaml @@ -0,0 +1,58 @@ +id: social-pug-1553916233de2092a6a61d801beae073 + +info: + name: > + Hubbub Lite – Fast, Reliable Social Network Sharing Buttons <= 1.33.1 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3999c59-57a9-410c-a550-7d198bdb25ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-pug/" + google-query: inurl:"/wp-content/plugins/social-pug/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-pug,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-pug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-pug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.33.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-pug-614c612f12b893f0f92f502ce23d7035.yaml b/nuclei-templates/cve-less/plugins/social-pug-614c612f12b893f0f92f502ce23d7035.yaml new file mode 100644 index 0000000000..9092fee5d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-pug-614c612f12b893f0f92f502ce23d7035.yaml @@ -0,0 +1,58 @@ +id: social-pug-614c612f12b893f0f92f502ce23d7035 + +info: + name: > + Social Pug <= 1.30.0 - Missing Authorization via multiple admin_init actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22b17fcb-0c97-462d-b67c-6da2919478d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-pug/" + google-query: inurl:"/wp-content/plugins/social-pug/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-pug,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-pug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-pug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.30.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-pug-870c7bd1810589217dfd341e2045182a.yaml b/nuclei-templates/cve-less/plugins/social-pug-870c7bd1810589217dfd341e2045182a.yaml new file mode 100644 index 0000000000..fa53d8b437 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-pug-870c7bd1810589217dfd341e2045182a.yaml @@ -0,0 +1,58 @@ +id: social-pug-870c7bd1810589217dfd341e2045182a + +info: + name: > + Hubbub Lite <= 1.31.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2290b13e-a5c6-4ec7-86c0-f2cd2a880e8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-pug/" + google-query: inurl:"/wp-content/plugins/social-pug/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-pug,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-pug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-pug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.31.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-pug-b2adf01153d5956e8d9a8d75b32e133c.yaml b/nuclei-templates/cve-less/plugins/social-pug-b2adf01153d5956e8d9a8d75b32e133c.yaml new file mode 100644 index 0000000000..2b7858dbbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-pug-b2adf01153d5956e8d9a8d75b32e133c.yaml @@ -0,0 +1,58 @@ +id: social-pug-b2adf01153d5956e8d9a8d75b32e133c + +info: + name: > + Hubbub Lite <= 1.31.0 - Unauthenticated Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab8bb8b3-59a6-424a-bc7b-b8740c936637?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-pug/" + google-query: inurl:"/wp-content/plugins/social-pug/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-pug,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-pug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-pug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.33.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-pug-f0354930e8182da4de2a1a00399f0307.yaml b/nuclei-templates/cve-less/plugins/social-pug-f0354930e8182da4de2a1a00399f0307.yaml new file mode 100644 index 0000000000..7deaf3b89a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-pug-f0354930e8182da4de2a1a00399f0307.yaml @@ -0,0 +1,58 @@ +id: social-pug-f0354930e8182da4de2a1a00399f0307 + +info: + name: > + Grow Social <= 1.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c402fcf-0c02-4a5e-89a9-8a1ddaa630d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-pug/" + google-query: inurl:"/wp-content/plugins/social-pug/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-pug,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-pug/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-pug" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-rocket-d503115e692639756bb3a2ffdde34c03.yaml b/nuclei-templates/cve-less/plugins/social-rocket-d503115e692639756bb3a2ffdde34c03.yaml new file mode 100644 index 0000000000..c773319410 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-rocket-d503115e692639756bb3a2ffdde34c03.yaml @@ -0,0 +1,58 @@ +id: social-rocket-d503115e692639756bb3a2ffdde34c03 + +info: + name: > + Social Rocket <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e4f2725-6c93-40df-93ee-51997a4ad189?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-rocket/" + google-query: inurl:"/wp-content/plugins/social-rocket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-rocket,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-rocket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-rocket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-share-boost-362e89b41145042eb5431e45e53b6db2.yaml b/nuclei-templates/cve-less/plugins/social-share-boost-362e89b41145042eb5431e45e53b6db2.yaml new file mode 100644 index 0000000000..8d5e6e876d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-share-boost-362e89b41145042eb5431e45e53b6db2.yaml @@ -0,0 +1,58 @@ +id: social-share-boost-362e89b41145042eb5431e45e53b6db2 + +info: + name: > + Social Share Boost <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via ssboost shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9290532f-58d7-4e7d-9fa0-89c7f82b0466?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-share-boost/" + google-query: inurl:"/wp-content/plugins/social-share-boost/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-share-boost,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-share-boost/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-share-boost" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-share-boost-68edca1ac76c8646936a8dc6a3f4659d.yaml b/nuclei-templates/cve-less/plugins/social-share-boost-68edca1ac76c8646936a8dc6a3f4659d.yaml new file mode 100644 index 0000000000..9a4604d914 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-share-boost-68edca1ac76c8646936a8dc6a3f4659d.yaml @@ -0,0 +1,58 @@ +id: social-share-boost-68edca1ac76c8646936a8dc6a3f4659d + +info: + name: > + Social Share Boost <= 4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41d09e93-8503-41e8-85d3-8550dc8f85bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-share-boost/" + google-query: inurl:"/wp-content/plugins/social-share-boost/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-share-boost,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-share-boost/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-share-boost" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-share-boost-bcdb06e3079fdbbb06462441ceb79bc4.yaml b/nuclei-templates/cve-less/plugins/social-share-boost-bcdb06e3079fdbbb06462441ceb79bc4.yaml new file mode 100644 index 0000000000..f938c63848 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-share-boost-bcdb06e3079fdbbb06462441ceb79bc4.yaml @@ -0,0 +1,58 @@ +id: social-share-boost-bcdb06e3079fdbbb06462441ceb79bc4 + +info: + name: > + Social Share Boost <= 4.5 - Cross-Site Request Forgery via 'syntatical_settings_content' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53a265b8-e34c-4683-a653-4b4b2410e9de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-share-boost/" + google-query: inurl:"/wp-content/plugins/social-share-boost/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-share-boost,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-share-boost/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-share-boost" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-50f3815a7306e514f6cb6f2669b958ed.yaml b/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-50f3815a7306e514f6cb6f2669b958ed.yaml new file mode 100644 index 0000000000..867f7631f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-50f3815a7306e514f6cb6f2669b958ed.yaml @@ -0,0 +1,58 @@ +id: social-share-buttons-by-supsystic-50f3815a7306e514f6cb6f2669b958ed + +info: + name: > + Social Share Buttons by Supsystic <= 2.2.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab693b1f-2842-4101-99f3-eaf5b7bf5d83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-share-buttons-by-supsystic/" + google-query: inurl:"/wp-content/plugins/social-share-buttons-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-share-buttons-by-supsystic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-share-buttons-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-share-buttons-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-aa18dc73a5ad2f3458b2829a667a4dbe.yaml b/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-aa18dc73a5ad2f3458b2829a667a4dbe.yaml new file mode 100644 index 0000000000..07b521fc32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-aa18dc73a5ad2f3458b2829a667a4dbe.yaml @@ -0,0 +1,58 @@ +id: social-share-buttons-by-supsystic-aa18dc73a5ad2f3458b2829a667a4dbe + +info: + name: > + Social Share Buttons by Supsystic <= 2.2.3 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3702218f-a5ad-4244-874f-53b49cc9491c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-share-buttons-by-supsystic/" + google-query: inurl:"/wp-content/plugins/social-share-buttons-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-share-buttons-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-share-buttons-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-share-buttons-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-cda45d54f4a107e20020517047ad5ad6.yaml b/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-cda45d54f4a107e20020517047ad5ad6.yaml new file mode 100644 index 0000000000..0db689698d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-cda45d54f4a107e20020517047ad5ad6.yaml @@ -0,0 +1,58 @@ +id: social-share-buttons-by-supsystic-cda45d54f4a107e20020517047ad5ad6 + +info: + name: > + Social Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c43c8c01-3f8a-4ae4-8113-d410850e721d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-share-buttons-by-supsystic/" + google-query: inurl:"/wp-content/plugins/social-share-buttons-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-share-buttons-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-share-buttons-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-share-buttons-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-db671b595a6de4259366a24bfd717a43.yaml b/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-db671b595a6de4259366a24bfd717a43.yaml new file mode 100644 index 0000000000..e6341c8f08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-share-buttons-by-supsystic-db671b595a6de4259366a24bfd717a43.yaml @@ -0,0 +1,58 @@ +id: social-share-buttons-by-supsystic-db671b595a6de4259366a24bfd717a43 + +info: + name: > + Social Share Buttons by Supsystic <= 2.2.3 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac1c4818-6384-48cf-a1e3-a8ced6884749?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-share-buttons-by-supsystic/" + google-query: inurl:"/wp-content/plugins/social-share-buttons-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-share-buttons-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-share-buttons-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-share-buttons-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-sharing-toolkit-b594ed2c30b3954ae4ee7c97ed6645b0.yaml b/nuclei-templates/cve-less/plugins/social-sharing-toolkit-b594ed2c30b3954ae4ee7c97ed6645b0.yaml new file mode 100644 index 0000000000..0a2ea87c71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-sharing-toolkit-b594ed2c30b3954ae4ee7c97ed6645b0.yaml @@ -0,0 +1,58 @@ +id: social-sharing-toolkit-b594ed2c30b3954ae4ee7c97ed6645b0 + +info: + name: > + Social Sharing Toolkit <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6594b5ba-57e4-4ef1-93b9-ac1e90ed13be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-sharing-toolkit/" + google-query: inurl:"/wp-content/plugins/social-sharing-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-sharing-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-sharing-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-sharing-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-sharing-toolkit-dcf043d6af78599175beab95bc8309bb.yaml b/nuclei-templates/cve-less/plugins/social-sharing-toolkit-dcf043d6af78599175beab95bc8309bb.yaml new file mode 100644 index 0000000000..aea93f41d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-sharing-toolkit-dcf043d6af78599175beab95bc8309bb.yaml @@ -0,0 +1,58 @@ +id: social-sharing-toolkit-dcf043d6af78599175beab95bc8309bb + +info: + name: > + Social Sharing Toolkit < 2.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14fb6cde-3ab5-4360-add2-c0b0fa4ca114?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-sharing-toolkit/" + google-query: inurl:"/wp-content/plugins/social-sharing-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-sharing-toolkit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-sharing-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-sharing-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-sharing-toolkit-fab081bdfce9f805f8a61feef8468916.yaml b/nuclei-templates/cve-less/plugins/social-sharing-toolkit-fab081bdfce9f805f8a61feef8468916.yaml new file mode 100644 index 0000000000..c4b299aed2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-sharing-toolkit-fab081bdfce9f805f8a61feef8468916.yaml @@ -0,0 +1,58 @@ +id: social-sharing-toolkit-fab081bdfce9f805f8a61feef8468916 + +info: + name: > + Social Sharing Toolkit <= 2.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/319e9662-e010-469d-bf04-ee5895077db6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-sharing-toolkit/" + google-query: inurl:"/wp-content/plugins/social-sharing-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-sharing-toolkit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-sharing-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-sharing-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-slider-fb94da76ff281a4e13dbc1c86ed0929d.yaml b/nuclei-templates/cve-less/plugins/social-slider-fb94da76ff281a4e13dbc1c86ed0929d.yaml new file mode 100644 index 0000000000..c94de9fc01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-slider-fb94da76ff281a4e13dbc1c86ed0929d.yaml @@ -0,0 +1,58 @@ +id: social-slider-fb94da76ff281a4e13dbc1c86ed0929d + +info: + name: > + Social Slider < 7.4.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dce15ea-70cf-4b4c-959a-8adf2cdcdca4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-slider/" + google-query: inurl:"/wp-content/plugins/social-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-slider,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-stickers-54c5f87c18eece344632707c2a248764.yaml b/nuclei-templates/cve-less/plugins/social-stickers-54c5f87c18eece344632707c2a248764.yaml new file mode 100644 index 0000000000..01af8178a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-stickers-54c5f87c18eece344632707c2a248764.yaml @@ -0,0 +1,58 @@ +id: social-stickers-54c5f87c18eece344632707c2a248764 + +info: + name: > + Social Stickers <= 2.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad5ca2a1-06ac-4f26-9ecb-bb861c035f57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-stickers/" + google-query: inurl:"/wp-content/plugins/social-stickers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-stickers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-stickers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-stickers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-tape-f65f1ef88d2d62f17ad5f25db5f837fc.yaml b/nuclei-templates/cve-less/plugins/social-tape-f65f1ef88d2d62f17ad5f25db5f837fc.yaml new file mode 100644 index 0000000000..8cf3ddf8a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-tape-f65f1ef88d2d62f17ad5f25db5f837fc.yaml @@ -0,0 +1,58 @@ +id: social-tape-f65f1ef88d2d62f17ad5f25db5f837fc + +info: + name: > + Social Tape <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a5ac584-61e4-4318-9e8d-9b5a7f1daf3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-tape/" + google-query: inurl:"/wp-content/plugins/social-tape/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-tape,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-tape/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-tape" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-testimonials-and-reviews-widget-109bcc0df2db9108727b125f1715f024.yaml b/nuclei-templates/cve-less/plugins/social-testimonials-and-reviews-widget-109bcc0df2db9108727b125f1715f024.yaml new file mode 100644 index 0000000000..a9269cdc53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-testimonials-and-reviews-widget-109bcc0df2db9108727b125f1715f024.yaml @@ -0,0 +1,58 @@ +id: social-testimonials-and-reviews-widget-109bcc0df2db9108727b125f1715f024 + +info: + name: > + Social proof testimonials and reviews by Repuso <= 4.97 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec311df2-33af-4b91-80a1-252d934c7f61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-testimonials-and-reviews-widget/" + google-query: inurl:"/wp-content/plugins/social-testimonials-and-reviews-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-testimonials-and-reviews-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-testimonials-and-reviews-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-testimonials-and-reviews-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.97') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-testimonials-and-reviews-widget-cfc720059dcf0db5379f24aec3318afb.yaml b/nuclei-templates/cve-less/plugins/social-testimonials-and-reviews-widget-cfc720059dcf0db5379f24aec3318afb.yaml new file mode 100644 index 0000000000..2740d8e969 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-testimonials-and-reviews-widget-cfc720059dcf0db5379f24aec3318afb.yaml @@ -0,0 +1,58 @@ +id: social-testimonials-and-reviews-widget-cfc720059dcf0db5379f24aec3318afb + +info: + name: > + Social proof testimonials and reviews by Repuso <= 5.01 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/526aa2e5-06bd-4b4c-a331-315f8ab37858?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-testimonials-and-reviews-widget/" + google-query: inurl:"/wp-content/plugins/social-testimonials-and-reviews-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-testimonials-and-reviews-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-testimonials-and-reviews-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-testimonials-and-reviews-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-warfare-18ca8dc6d6eaaf78aee24ea0452c8428.yaml b/nuclei-templates/cve-less/plugins/social-warfare-18ca8dc6d6eaaf78aee24ea0452c8428.yaml new file mode 100644 index 0000000000..5ea256de9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-warfare-18ca8dc6d6eaaf78aee24ea0452c8428.yaml @@ -0,0 +1,58 @@ +id: social-warfare-18ca8dc6d6eaaf78aee24ea0452c8428 + +info: + name: > + Social Warfare <= 3.5.2 - Unauthenticated Arbitrary Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fca8dba-9fe7-4ce1-8903-589e42e5604d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-warfare/" + google-query: inurl:"/wp-content/plugins/social-warfare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-warfare,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-warfare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-warfare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-warfare-357fbb3649272b57b08a032d33621319.yaml b/nuclei-templates/cve-less/plugins/social-warfare-357fbb3649272b57b08a032d33621319.yaml new file mode 100644 index 0000000000..81a97a3687 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-warfare-357fbb3649272b57b08a032d33621319.yaml @@ -0,0 +1,58 @@ +id: social-warfare-357fbb3649272b57b08a032d33621319 + +info: + name: > + Social Warfare <= 4.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4bc4ba2c-32eb-46c5-bb40-7c0150fc1ca4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-warfare/" + google-query: inurl:"/wp-content/plugins/social-warfare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-warfare,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-warfare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-warfare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-warfare-aa4bf5d698c5cb8e5401cc2cfa4e07c6.yaml b/nuclei-templates/cve-less/plugins/social-warfare-aa4bf5d698c5cb8e5401cc2cfa4e07c6.yaml new file mode 100644 index 0000000000..a84051fb4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-warfare-aa4bf5d698c5cb8e5401cc2cfa4e07c6.yaml @@ -0,0 +1,58 @@ +id: social-warfare-aa4bf5d698c5cb8e5401cc2cfa4e07c6 + +info: + name: > + Social Sharing Plugin - Social Warfare <= 4.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f5b9aff-0833-4887-ae59-df5bc88c7f91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-warfare/" + google-query: inurl:"/wp-content/plugins/social-warfare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-warfare,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-warfare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-warfare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-warfare-cf2b6bb9f998ed8bc8db5b63bcf57bd0.yaml b/nuclei-templates/cve-less/plugins/social-warfare-cf2b6bb9f998ed8bc8db5b63bcf57bd0.yaml new file mode 100644 index 0000000000..382072e83b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-warfare-cf2b6bb9f998ed8bc8db5b63bcf57bd0.yaml @@ -0,0 +1,58 @@ +id: social-warfare-cf2b6bb9f998ed8bc8db5b63bcf57bd0 + +info: + name: > + Social Sharing Plugin – Social Warfare <= 4.4.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1016f16c-0ab2-4cac-a7a5-8d93a37e7894?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-warfare/" + google-query: inurl:"/wp-content/plugins/social-warfare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-warfare,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-warfare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-warfare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-warfare-cf38fe10bb49e0d1d6d84b988c9ef72b.yaml b/nuclei-templates/cve-less/plugins/social-warfare-cf38fe10bb49e0d1d6d84b988c9ef72b.yaml new file mode 100644 index 0000000000..ebbb1e8ab9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-warfare-cf38fe10bb49e0d1d6d84b988c9ef72b.yaml @@ -0,0 +1,58 @@ +id: social-warfare-cf38fe10bb49e0d1d6d84b988c9ef72b + +info: + name: > + Social Warfare <= 3.5.2 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98cf2a10-cc53-4479-87d1-71489f6a8c51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-warfare/" + google-query: inurl:"/wp-content/plugins/social-warfare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-warfare,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-warfare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-warfare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/social-warfare-f488a9133074cf6ace7e478b0a192bb6.yaml b/nuclei-templates/cve-less/plugins/social-warfare-f488a9133074cf6ace7e478b0a192bb6.yaml new file mode 100644 index 0000000000..a006e42690 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/social-warfare-f488a9133074cf6ace7e478b0a192bb6.yaml @@ -0,0 +1,58 @@ +id: social-warfare-f488a9133074cf6ace7e478b0a192bb6 + +info: + name: > + Social Warfare <= 4.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a36d1bb1-9446-4042-a1ec-08a3ffdcb744?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/social-warfare/" + google-query: inurl:"/wp-content/plugins/social-warfare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,social-warfare,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/social-warfare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "social-warfare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/socialdriver-7c3165415d7bf963906af20d2c357430.yaml b/nuclei-templates/cve-less/plugins/socialdriver-7c3165415d7bf963906af20d2c357430.yaml new file mode 100644 index 0000000000..b2599d6e8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/socialdriver-7c3165415d7bf963906af20d2c357430.yaml @@ -0,0 +1,58 @@ +id: socialdriver-7c3165415d7bf963906af20d2c357430 + +info: + name: > + SocialDriver < 2024 - Prototype Pollution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24ac60fe-d751-43c7-89c1-5c0c9651e8f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/socialdriver/" + google-query: inurl:"/wp-content/plugins/socialdriver/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,socialdriver,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/socialdriver/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "socialdriver" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2024') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/socialsnap-7cc4115eca0cf9c161547f1b88d6e0eb.yaml b/nuclei-templates/cve-less/plugins/socialsnap-7cc4115eca0cf9c161547f1b88d6e0eb.yaml new file mode 100644 index 0000000000..3253e2ce53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/socialsnap-7cc4115eca0cf9c161547f1b88d6e0eb.yaml @@ -0,0 +1,58 @@ +id: socialsnap-7cc4115eca0cf9c161547f1b88d6e0eb + +info: + name: > + Social Snap <= 1.3.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b69122e2-1af6-4425-9c25-48d7682417f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/socialsnap/" + google-query: inurl:"/wp-content/plugins/socialsnap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,socialsnap,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/socialsnap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "socialsnap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sodahead-polls-18fe02250ff137adf75ad3081c09ea5f.yaml b/nuclei-templates/cve-less/plugins/sodahead-polls-18fe02250ff137adf75ad3081c09ea5f.yaml new file mode 100644 index 0000000000..332b3af501 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sodahead-polls-18fe02250ff137adf75ad3081c09ea5f.yaml @@ -0,0 +1,58 @@ +id: sodahead-polls-18fe02250ff137adf75ad3081c09ea5f + +info: + name: > + SodaHead Polls < 2.0.4 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75a5853a-7497-4312-b7e1-e21b1425dc05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sodahead-polls/" + google-query: inurl:"/wp-content/plugins/sodahead-polls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sodahead-polls,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sodahead-polls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sodahead-polls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/software-license-manager-664ca2d87dcbd63deac8c49c5554db17.yaml b/nuclei-templates/cve-less/plugins/software-license-manager-664ca2d87dcbd63deac8c49c5554db17.yaml new file mode 100644 index 0000000000..6ff8f0943c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/software-license-manager-664ca2d87dcbd63deac8c49c5554db17.yaml @@ -0,0 +1,58 @@ +id: software-license-manager-664ca2d87dcbd63deac8c49c5554db17 + +info: + name: > + Software License Manager <= 4.5.0 - Cross-Site Request Forgery leading to Arbitrary Domain Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/484ad4ef-9d0d-4dc5-8bb4-d81d0311ebf8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/software-license-manager/" + google-query: inurl:"/wp-content/plugins/software-license-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,software-license-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/software-license-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "software-license-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/software-license-manager-b0e0ed74ea2c963635231dd123335584.yaml b/nuclei-templates/cve-less/plugins/software-license-manager-b0e0ed74ea2c963635231dd123335584.yaml new file mode 100644 index 0000000000..35ef891130 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/software-license-manager-b0e0ed74ea2c963635231dd123335584.yaml @@ -0,0 +1,58 @@ +id: software-license-manager-b0e0ed74ea2c963635231dd123335584 + +info: + name: > + Software License Manager < 4.4.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54852b3d-9830-491d-aa41-bc2bf763a55d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/software-license-manager/" + google-query: inurl:"/wp-content/plugins/software-license-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,software-license-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/software-license-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "software-license-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/software-license-manager-c4fee1f627e8de419abb2cb77fa742f7.yaml b/nuclei-templates/cve-less/plugins/software-license-manager-c4fee1f627e8de419abb2cb77fa742f7.yaml new file mode 100644 index 0000000000..080e9010bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/software-license-manager-c4fee1f627e8de419abb2cb77fa742f7.yaml @@ -0,0 +1,58 @@ +id: software-license-manager-c4fee1f627e8de419abb2cb77fa742f7 + +info: + name: > + Software License Manager <= 4.4.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89209bcb-c74d-4bf9-b1a8-5b529f4d73be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/software-license-manager/" + google-query: inurl:"/wp-content/plugins/software-license-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,software-license-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/software-license-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "software-license-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/soisy-pagamento-rateale-b75ef217a6365bc215b41cd9f7c0293c.yaml b/nuclei-templates/cve-less/plugins/soisy-pagamento-rateale-b75ef217a6365bc215b41cd9f7c0293c.yaml new file mode 100644 index 0000000000..f9d77bd7b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/soisy-pagamento-rateale-b75ef217a6365bc215b41cd9f7c0293c.yaml @@ -0,0 +1,58 @@ +id: soisy-pagamento-rateale-b75ef217a6365bc215b41cd9f7c0293c + +info: + name: > + Soisy Pagamento Rateale <= 6.0.1 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3c997cd-37b4-4b9c-b99e-397be484aa36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/soisy-pagamento-rateale/" + google-query: inurl:"/wp-content/plugins/soisy-pagamento-rateale/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,soisy-pagamento-rateale,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/soisy-pagamento-rateale/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soisy-pagamento-rateale" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sola-newsletters-6e0c27e6aa8bbd23ae1645c9db38ce34.yaml b/nuclei-templates/cve-less/plugins/sola-newsletters-6e0c27e6aa8bbd23ae1645c9db38ce34.yaml new file mode 100644 index 0000000000..8e1a1e2396 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sola-newsletters-6e0c27e6aa8bbd23ae1645c9db38ce34.yaml @@ -0,0 +1,58 @@ +id: sola-newsletters-6e0c27e6aa8bbd23ae1645c9db38ce34 + +info: + name: > + Nifty Newsletters <= 4.0.23 – Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffcc85a1-fc79-4bc6-b50e-c87988d4cad3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sola-newsletters/" + google-query: inurl:"/wp-content/plugins/sola-newsletters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sola-newsletters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sola-newsletters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sola-newsletters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sola-support-tickets-753b1cfc0cff5215c4137639d86b10b2.yaml b/nuclei-templates/cve-less/plugins/sola-support-tickets-753b1cfc0cff5215c4137639d86b10b2.yaml new file mode 100644 index 0000000000..7827c05323 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sola-support-tickets-753b1cfc0cff5215c4137639d86b10b2.yaml @@ -0,0 +1,58 @@ +id: sola-support-tickets-753b1cfc0cff5215c4137639d86b10b2 + +info: + name: > + Sola Support Tickets < 3.13 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c78acf9d-89bf-4c8f-b333-31a330701614?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sola-support-tickets/" + google-query: inurl:"/wp-content/plugins/sola-support-tickets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sola-support-tickets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sola-support-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sola-support-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/solid-affiliate-390f815591982373c000eae4c03f7206.yaml b/nuclei-templates/cve-less/plugins/solid-affiliate-390f815591982373c000eae4c03f7206.yaml new file mode 100644 index 0000000000..3e9a83e763 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/solid-affiliate-390f815591982373c000eae4c03f7206.yaml @@ -0,0 +1,58 @@ +id: solid-affiliate-390f815591982373c000eae4c03f7206 + +info: + name: > + Solid Affiliate <= 1.9.1 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d5f9fc7-fc85-4326-9295-470e8208c35a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/solid-affiliate/" + google-query: inurl:"/wp-content/plugins/solid-affiliate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,solid-affiliate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/solid-affiliate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "solid-affiliate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/solidres-22545828b4d21f4c13980a9fc5313fe5.yaml b/nuclei-templates/cve-less/plugins/solidres-22545828b4d21f4c13980a9fc5313fe5.yaml new file mode 100644 index 0000000000..fe01555e6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/solidres-22545828b4d21f4c13980a9fc5313fe5.yaml @@ -0,0 +1,58 @@ +id: solidres-22545828b4d21f4c13980a9fc5313fe5 + +info: + name: > + Solidres <= 0.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36d9e9cd-7885-4127-b62c-ee0b3aad8846?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/solidres/" + google-query: inurl:"/wp-content/plugins/solidres/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,solidres,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/solidres/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "solidres" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/solidres-a159294bbf51e0b7e5b555bc0921d9bf.yaml b/nuclei-templates/cve-less/plugins/solidres-a159294bbf51e0b7e5b555bc0921d9bf.yaml new file mode 100644 index 0000000000..263cb90365 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/solidres-a159294bbf51e0b7e5b555bc0921d9bf.yaml @@ -0,0 +1,58 @@ +id: solidres-a159294bbf51e0b7e5b555bc0921d9bf + +info: + name: > + Solidres <= 0.9.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b13ee51b-9f23-428f-9cef-4a9b9b06b0c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/solidres/" + google-query: inurl:"/wp-content/plugins/solidres/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,solidres,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/solidres/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "solidres" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/soliloquy-lite-6360ed6ca296565a491121426d09e439.yaml b/nuclei-templates/cve-less/plugins/soliloquy-lite-6360ed6ca296565a491121426d09e439.yaml new file mode 100644 index 0000000000..3a1bd9a8bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/soliloquy-lite-6360ed6ca296565a491121426d09e439.yaml @@ -0,0 +1,58 @@ +id: soliloquy-lite-6360ed6ca296565a491121426d09e439 + +info: + name: > + Slider by Soliloquy <= 2.7.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6331b42-f15b-46c6-b8bd-7f65c28c4a12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/soliloquy-lite/" + google-query: inurl:"/wp-content/plugins/soliloquy-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,soliloquy-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/soliloquy-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soliloquy-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sophi-c3dca1d1ef3a946c9ddf3e33caa00021.yaml b/nuclei-templates/cve-less/plugins/sophi-c3dca1d1ef3a946c9ddf3e33caa00021.yaml new file mode 100644 index 0000000000..c15e03f819 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sophi-c3dca1d1ef3a946c9ddf3e33caa00021.yaml @@ -0,0 +1,58 @@ +id: sophi-c3dca1d1ef3a946c9ddf3e33caa00021 + +info: + name: > + terser (JS Package) < 5.14.2 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1c08c10-7358-4618-b892-7d222ba460de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sophi/" + google-query: inurl:"/wp-content/plugins/sophi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sophi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sophi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sophi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sort-searchresult-by-title-973fd490fc9004516881a731f3c2d83a.yaml b/nuclei-templates/cve-less/plugins/sort-searchresult-by-title-973fd490fc9004516881a731f3c2d83a.yaml new file mode 100644 index 0000000000..16ffe96d8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sort-searchresult-by-title-973fd490fc9004516881a731f3c2d83a.yaml @@ -0,0 +1,58 @@ +id: sort-searchresult-by-title-973fd490fc9004516881a731f3c2d83a + +info: + name: > + Sort SearchResult By Title <= 10.0 - Cross-Site Request Forgery via settings_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4147e973-5a17-41d8-b8d9-5e43a23c9bc9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sort-searchresult-by-title/" + google-query: inurl:"/wp-content/plugins/sort-searchresult-by-title/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sort-searchresult-by-title,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sort-searchresult-by-title/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sort-searchresult-by-title" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/soundcloud-is-gold-4ff0e478fdb270b77d40058c8e73075a.yaml b/nuclei-templates/cve-less/plugins/soundcloud-is-gold-4ff0e478fdb270b77d40058c8e73075a.yaml new file mode 100644 index 0000000000..cd16491c25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/soundcloud-is-gold-4ff0e478fdb270b77d40058c8e73075a.yaml @@ -0,0 +1,58 @@ +id: soundcloud-is-gold-4ff0e478fdb270b77d40058c8e73075a + +info: + name: > + SoundCloud Is Gold <= 2.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f294175e-dfcd-4d8d-84ee-a945ec7ac7e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/soundcloud-is-gold/" + google-query: inurl:"/wp-content/plugins/soundcloud-is-gold/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,soundcloud-is-gold,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/soundcloud-is-gold/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soundcloud-is-gold" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/soundcloud-is-gold-97e81ce09ae72195c5b04d7f6a992589.yaml b/nuclei-templates/cve-less/plugins/soundcloud-is-gold-97e81ce09ae72195c5b04d7f6a992589.yaml new file mode 100644 index 0000000000..0601012f3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/soundcloud-is-gold-97e81ce09ae72195c5b04d7f6a992589.yaml @@ -0,0 +1,58 @@ +id: soundcloud-is-gold-97e81ce09ae72195c5b04d7f6a992589 + +info: + name: > + Soundcloud Is Gold <= 2.5.1 - Missing Authorization to Soundcloud User Add + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14b2fa77-dc51-47b4-913a-9129f95ba766?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/soundcloud-is-gold/" + google-query: inurl:"/wp-content/plugins/soundcloud-is-gold/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,soundcloud-is-gold,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/soundcloud-is-gold/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soundcloud-is-gold" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/soundcloud-is-gold-a72a870d8ea76185ed68595992193f58.yaml b/nuclei-templates/cve-less/plugins/soundcloud-is-gold-a72a870d8ea76185ed68595992193f58.yaml new file mode 100644 index 0000000000..61ed1f4cfa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/soundcloud-is-gold-a72a870d8ea76185ed68595992193f58.yaml @@ -0,0 +1,58 @@ +id: soundcloud-is-gold-a72a870d8ea76185ed68595992193f58 + +info: + name: > + Soundcloud Is Gold <= 2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81bedea8-fbf7-411b-a31b-51af23522498?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/soundcloud-is-gold/" + google-query: inurl:"/wp-content/plugins/soundcloud-is-gold/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,soundcloud-is-gold,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/soundcloud-is-gold/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soundcloud-is-gold" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/soundcloud-shortcode-69235207b58aed8fe2c8ecd662e7a82c.yaml b/nuclei-templates/cve-less/plugins/soundcloud-shortcode-69235207b58aed8fe2c8ecd662e7a82c.yaml new file mode 100644 index 0000000000..98f1aa1eee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/soundcloud-shortcode-69235207b58aed8fe2c8ecd662e7a82c.yaml @@ -0,0 +1,58 @@ +id: soundcloud-shortcode-69235207b58aed8fe2c8ecd662e7a82c + +info: + name: > + SoundCloud Shortcode <= 3.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5084afcc-b6fc-4d89-9ad7-c4ea3e4dae82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/soundcloud-shortcode/" + google-query: inurl:"/wp-content/plugins/soundcloud-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,soundcloud-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/soundcloud-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soundcloud-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/soundcloud-shortcode-dc226a4fd8674625d0b38158fd388bcd.yaml b/nuclei-templates/cve-less/plugins/soundcloud-shortcode-dc226a4fd8674625d0b38158fd388bcd.yaml new file mode 100644 index 0000000000..acb11a864d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/soundcloud-shortcode-dc226a4fd8674625d0b38158fd388bcd.yaml @@ -0,0 +1,58 @@ +id: soundcloud-shortcode-dc226a4fd8674625d0b38158fd388bcd + +info: + name: > + SoundCloud Shortcode <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f2ae1ff-c76e-4997-b860-f1e0b94a437d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/soundcloud-shortcode/" + google-query: inurl:"/wp-content/plugins/soundcloud-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,soundcloud-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/soundcloud-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soundcloud-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/soundy-audio-playlist-4c3c497ff4bf73b3f95e774197f4a725.yaml b/nuclei-templates/cve-less/plugins/soundy-audio-playlist-4c3c497ff4bf73b3f95e774197f4a725.yaml new file mode 100644 index 0000000000..ffe183f9a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/soundy-audio-playlist-4c3c497ff4bf73b3f95e774197f4a725.yaml @@ -0,0 +1,58 @@ +id: soundy-audio-playlist-4c3c497ff4bf73b3f95e774197f4a725 + +info: + name: > + Soundy Audio Playlist <= 4.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb8640f2-d3cc-4a4a-8dfb-adaa8b77264c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/soundy-audio-playlist/" + google-query: inurl:"/wp-content/plugins/soundy-audio-playlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,soundy-audio-playlist,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/soundy-audio-playlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soundy-audio-playlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/soundy-background-music-aae33717a53aff7e44346754fe498f79.yaml b/nuclei-templates/cve-less/plugins/soundy-background-music-aae33717a53aff7e44346754fe498f79.yaml new file mode 100644 index 0000000000..b76b442683 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/soundy-background-music-aae33717a53aff7e44346754fe498f79.yaml @@ -0,0 +1,58 @@ +id: soundy-background-music-aae33717a53aff7e44346754fe498f79 + +info: + name: > + Soundy Background Music <= 3.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7102fb7f-eb69-4c2f-956b-61ceace968e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/soundy-background-music/" + google-query: inurl:"/wp-content/plugins/soundy-background-music/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,soundy-background-music,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/soundy-background-music/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soundy-background-music" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sourceafrica-1a4e07a5bd173dbacaf88e7f59c17b91.yaml b/nuclei-templates/cve-less/plugins/sourceafrica-1a4e07a5bd173dbacaf88e7f59c17b91.yaml new file mode 100644 index 0000000000..073b9d538f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sourceafrica-1a4e07a5bd173dbacaf88e7f59c17b91.yaml @@ -0,0 +1,58 @@ +id: sourceafrica-1a4e07a5bd173dbacaf88e7f59c17b91 + +info: + name: > + sourceAFRICA <= 0.1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c0e9a09-0362-4046-a409-41a88154c7ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sourceafrica/" + google-query: inurl:"/wp-content/plugins/sourceafrica/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sourceafrica,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sourceafrica/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sourceafrica" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-04a07a765c467ba9a937f6672ca388bf.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-04a07a765c467ba9a937f6672ca388bf.yaml new file mode 100644 index 0000000000..1ef82cdbdf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-04a07a765c467ba9a937f6672ca388bf.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-04a07a765c467ba9a937f6672ca388bf + +info: + name: > + SP Project & Document Manager <= 4.57 - Sensitive File Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8254f4ab-b7a4-4823-8bf9-0673cea1248e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.57') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-06564215bf3fbac51cfe3cf6be605864.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-06564215bf3fbac51cfe3cf6be605864.yaml new file mode 100644 index 0000000000..5c4356e0ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-06564215bf3fbac51cfe3cf6be605864.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-06564215bf3fbac51cfe3cf6be605864 + +info: + name: > + SP Project & Document Manager <= 4.70 - Missing Authorization Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31cb7a9d-8965-49cd-b1fb-0d141038a0e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.70') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-2850eb23becb886717557cbcc134de27.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-2850eb23becb886717557cbcc134de27.yaml new file mode 100644 index 0000000000..cceff75a92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-2850eb23becb886717557cbcc134de27.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-2850eb23becb886717557cbcc134de27 + +info: + name: > + SP Project & Document Manager <= 4.69 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c6d5a66-0eec-4a73-ad78-2b66a688c67a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.69') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-2d5254568244460078b2f5ebf11d2614.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-2d5254568244460078b2f5ebf11d2614.yaml new file mode 100644 index 0000000000..74d8a2c638 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-2d5254568244460078b2f5ebf11d2614.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-2d5254568244460078b2f5ebf11d2614 + +info: + name: > + SP Project & Document Manager <= 4.69 - Authenticated (Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcdeba37-ba65-400d-9c07-36503a03e857?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.69') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-3992d1400a14226b637a309e355d88df.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-3992d1400a14226b637a309e355d88df.yaml new file mode 100644 index 0000000000..5414375eff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-3992d1400a14226b637a309e355d88df.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-3992d1400a14226b637a309e355d88df + +info: + name: > + SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1951ad6c-17b5-44ae-85e2-376b99df742e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.70') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-401b607f5d2e6f27bfcb5e6df2983f64.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-401b607f5d2e6f27bfcb5e6df2983f64.yaml new file mode 100644 index 0000000000..4761e694d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-401b607f5d2e6f27bfcb5e6df2983f64.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-401b607f5d2e6f27bfcb5e6df2983f64 + +info: + name: > + SP Project & Document Manager <= 4.67 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37eb77ed-0b2e-46ea-806d-8041742eab5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-5c5bdc3c3fb1d75ed0dae2921575f884.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-5c5bdc3c3fb1d75ed0dae2921575f884.yaml new file mode 100644 index 0000000000..3f57c73c8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-5c5bdc3c3fb1d75ed0dae2921575f884.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-5c5bdc3c3fb1d75ed0dae2921575f884 + +info: + name: > + SP Project & Document Manager <= 4.59 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0564a9a1-a767-4192-8cb0-65c6fc4d064d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-6fe68888cdbcff1f92e26aa3597b8cee.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-6fe68888cdbcff1f92e26aa3597b8cee.yaml new file mode 100644 index 0000000000..5727ecbac0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-6fe68888cdbcff1f92e26aa3597b8cee.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-6fe68888cdbcff1f92e26aa3597b8cee + +info: + name: > + SP Project & Document Manager <= 4.25 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bed6b603-c811-4624-9053-1e12029ba73b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-a887472c18a8df1556ea7f4984db4ec4.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-a887472c18a8df1556ea7f4984db4ec4.yaml new file mode 100644 index 0000000000..d0d4353dfa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-a887472c18a8df1556ea7f4984db4ec4.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-a887472c18a8df1556ea7f4984db4ec4 + +info: + name: > + SP Project & Document Manager < 2.4.4 - Multiple SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f95f73c-2377-46b7-a96f-6014a5b012c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-ac1431b1561b6c549c99a1b7125f3596.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-ac1431b1561b6c549c99a1b7125f3596.yaml new file mode 100644 index 0000000000..ce9baa3332 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-ac1431b1561b6c549c99a1b7125f3596.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-ac1431b1561b6c549c99a1b7125f3596 + +info: + name: > + SP Project & Document Manager <= 4.71 - Authenticated (Author+) SQL Injeciton + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d8e3832-b3ed-4687-94d8-8ba2c832584c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.71') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-cb1e1ee6d4a86d7ed0a6cb77ed172c33.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-cb1e1ee6d4a86d7ed0a6cb77ed172c33.yaml new file mode 100644 index 0000000000..972fc07d41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-cb1e1ee6d4a86d7ed0a6cb77ed172c33.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-cb1e1ee6d4a86d7ed0a6cb77ed172c33 + +info: + name: > + SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc2e720-85d9-42d9-94ef-eb172425993d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-f2cabdaf778fd02d270ecff63ff16022.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-f2cabdaf778fd02d270ecff63ff16022.yaml new file mode 100644 index 0000000000..e7466a53ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-f2cabdaf778fd02d270ecff63ff16022.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-f2cabdaf778fd02d270ecff63ff16022 + +info: + name: > + SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e489a90e-f226-4900-938c-b5a7550d199c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-f424267505cbcf902cf4e60fa01acaf4.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-f424267505cbcf902cf4e60fa01acaf4.yaml new file mode 100644 index 0000000000..55eeb6e826 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-f424267505cbcf902cf4e60fa01acaf4.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-f424267505cbcf902cf4e60fa01acaf4 + +info: + name: > + SP Project & Document Manager <= 4.21 - Authenticated Shell Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f81d9f2-f7a1-4085-aa20-d991cecacd23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-client-document-manager-f55d9ddf38ced2af39de4e46518b9654.yaml b/nuclei-templates/cve-less/plugins/sp-client-document-manager-f55d9ddf38ced2af39de4e46518b9654.yaml new file mode 100644 index 0000000000..5bb3cd5735 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-client-document-manager-f55d9ddf38ced2af39de4e46518b9654.yaml @@ -0,0 +1,58 @@ +id: sp-client-document-manager-f55d9ddf38ced2af39de4e46518b9654 + +info: + name: > + SP Project & Document Manager <= 4.23 - Subscriber+ Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b1b60f4-39f7-4981-bd8d-b1c6e63cf082?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-client-document-manager/" + google-query: inurl:"/wp-content/plugins/sp-client-document-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-client-document-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-client-document-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-client-document-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-faq-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/sp-faq-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..57ab67efe8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-faq-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: sp-faq-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-faq/" + google-query: inurl:"/wp-content/plugins/sp-faq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-faq,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-faq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-faq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-news-and-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/sp-news-and-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..bd02146e39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-news-and-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: sp-news-and-widget-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-news-and-widget/" + google-query: inurl:"/wp-content/plugins/sp-news-and-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-news-and-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-news-and-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-news-and-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sp-rental-manager-41e16d89dcc64533542d0355200f7979.yaml b/nuclei-templates/cve-less/plugins/sp-rental-manager-41e16d89dcc64533542d0355200f7979.yaml new file mode 100644 index 0000000000..70b61ddb2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sp-rental-manager-41e16d89dcc64533542d0355200f7979.yaml @@ -0,0 +1,58 @@ +id: sp-rental-manager-41e16d89dcc64533542d0355200f7979 + +info: + name: > + SP Rental Manager <= 1.5.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2876c97-a612-4c0f-b094-3233768703b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sp-rental-manager/" + google-query: inurl:"/wp-content/plugins/sp-rental-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sp-rental-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sp-rental-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sp-rental-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spacer-d06ebbe7f6b16be606d476a52581f74c.yaml b/nuclei-templates/cve-less/plugins/spacer-d06ebbe7f6b16be606d476a52581f74c.yaml new file mode 100644 index 0000000000..cb1191fc4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spacer-d06ebbe7f6b16be606d476a52581f74c.yaml @@ -0,0 +1,58 @@ +id: spacer-d06ebbe7f6b16be606d476a52581f74c + +info: + name: > + Spacer <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/553255fb-2bec-48e8-bb16-1e7f66674282?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spacer/" + google-query: inurl:"/wp-content/plugins/spacer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spacer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spacer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spacer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spam-byebye-e9caa2ebc5663770aed9ca1501187910.yaml b/nuclei-templates/cve-less/plugins/spam-byebye-e9caa2ebc5663770aed9ca1501187910.yaml new file mode 100644 index 0000000000..c17c8a09d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spam-byebye-e9caa2ebc5663770aed9ca1501187910.yaml @@ -0,0 +1,58 @@ +id: spam-byebye-e9caa2ebc5663770aed9ca1501187910 + +info: + name: > + spam-byebye <= 2.2.1 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f8e0021-f305-45c1-b658-405ad22334ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spam-byebye/" + google-query: inurl:"/wp-content/plugins/spam-byebye/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spam-byebye,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spam-byebye/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spam-byebye" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spam-control-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/spam-control-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..cec97d937d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spam-control-xforwc-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: spam-control-xforwc-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spam-control-xforwc/" + google-query: inurl:"/wp-content/plugins/spam-control-xforwc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spam-control-xforwc,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spam-control-xforwc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spam-control-xforwc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spambam-ba683037cf589f0cf1f070f5a09f7594.yaml b/nuclei-templates/cve-less/plugins/spambam-ba683037cf589f0cf1f070f5a09f7594.yaml new file mode 100644 index 0000000000..6a94534dae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spambam-ba683037cf589f0cf1f070f5a09f7594.yaml @@ -0,0 +1,58 @@ +id: spambam-ba683037cf589f0cf1f070f5a09f7594 + +info: + name: > + Spambam <= 2.1 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/835b254a-9135-4b9d-8607-7122304601bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spambam/" + google-query: inurl:"/wp-content/plugins/spambam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spambam,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spambam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spambam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spamreferrerblock-376bf43456853b74eb2f520d8ce53233.yaml b/nuclei-templates/cve-less/plugins/spamreferrerblock-376bf43456853b74eb2f520d8ce53233.yaml new file mode 100644 index 0000000000..43b45d5e52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spamreferrerblock-376bf43456853b74eb2f520d8ce53233.yaml @@ -0,0 +1,58 @@ +id: spamreferrerblock-376bf43456853b74eb2f520d8ce53233 + +info: + name: > + Download SpamReferrerBlock <= 2.22 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/692e995d-cdfc-4ab8-8a8a-5423eb7f8d15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spamreferrerblock/" + google-query: inurl:"/wp-content/plugins/spamreferrerblock/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spamreferrerblock,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spamreferrerblock/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spamreferrerblock" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spamreferrerblock-8abe61b53911c7ef41a9f9b79b5a7a76.yaml b/nuclei-templates/cve-less/plugins/spamreferrerblock-8abe61b53911c7ef41a9f9b79b5a7a76.yaml new file mode 100644 index 0000000000..a8cf17caa9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spamreferrerblock-8abe61b53911c7ef41a9f9b79b5a7a76.yaml @@ -0,0 +1,58 @@ +id: spamreferrerblock-8abe61b53911c7ef41a9f9b79b5a7a76 + +info: + name: > + SpamReferrerBlock <= 2.22 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d70e9d4e-2137-411b-bc01-28388a7b2519?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spamreferrerblock/" + google-query: inurl:"/wp-content/plugins/spamreferrerblock/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spamreferrerblock,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spamreferrerblock/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spamreferrerblock" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sparkpost-74a58305bbc22438aab63e645d576e4d.yaml b/nuclei-templates/cve-less/plugins/sparkpost-74a58305bbc22438aab63e645d576e4d.yaml new file mode 100644 index 0000000000..53c042f1c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sparkpost-74a58305bbc22438aab63e645d576e4d.yaml @@ -0,0 +1,58 @@ +id: sparkpost-74a58305bbc22438aab63e645d576e4d + +info: + name: > + SparkPost <= 3.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab86ddc9-9b43-4949-b150-7b944bc40558?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sparkpost/" + google-query: inurl:"/wp-content/plugins/sparkpost/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sparkpost,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sparkpost/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sparkpost" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/speakout-c91bb87bc2ac78b385f1ba0404999869.yaml b/nuclei-templates/cve-less/plugins/speakout-c91bb87bc2ac78b385f1ba0404999869.yaml new file mode 100644 index 0000000000..22d8ec023d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/speakout-c91bb87bc2ac78b385f1ba0404999869.yaml @@ -0,0 +1,58 @@ +id: speakout-c91bb87bc2ac78b385f1ba0404999869 + +info: + name: > + SpeakOut! Email Petitions < 2.14.15.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab9a5d89-16be-4dc7-9361-2b1be2324239?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/speakout/" + google-query: inurl:"/wp-content/plugins/speakout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,speakout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/speakout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "speakout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.14.15.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/special-box-for-content-abc7b516295a7f19088f575460d378b0.yaml b/nuclei-templates/cve-less/plugins/special-box-for-content-abc7b516295a7f19088f575460d378b0.yaml new file mode 100644 index 0000000000..da3b7fe12f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/special-box-for-content-abc7b516295a7f19088f575460d378b0.yaml @@ -0,0 +1,58 @@ +id: special-box-for-content-abc7b516295a7f19088f575460d378b0 + +info: + name: > + Special Box for Content <= 1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4baa79da-ae4d-4e45-855f-8c7d713fb2f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/special-box-for-content/" + google-query: inurl:"/wp-content/plugins/special-box-for-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,special-box-for-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/special-box-for-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "special-box-for-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/specific-content-for-mobile-3ebf96dd87dccb36e3b3f1a2a1f3837f.yaml b/nuclei-templates/cve-less/plugins/specific-content-for-mobile-3ebf96dd87dccb36e3b3f1a2a1f3837f.yaml new file mode 100644 index 0000000000..02df6068df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/specific-content-for-mobile-3ebf96dd87dccb36e3b3f1a2a1f3837f.yaml @@ -0,0 +1,58 @@ +id: specific-content-for-mobile-3ebf96dd87dccb36e3b3f1a2a1f3837f + +info: + name: > + Specific Content For Mobile – Customize the mobile version without redirections <= 0.1.9.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51ac25ef-e5b9-4f5c-a792-fff4ceba96e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/specific-content-for-mobile/" + google-query: inurl:"/wp-content/plugins/specific-content-for-mobile/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,specific-content-for-mobile,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/specific-content-for-mobile/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "specific-content-for-mobile" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spectra-pro-995df7f208463f40decef18bc20c7cae.yaml b/nuclei-templates/cve-less/plugins/spectra-pro-995df7f208463f40decef18bc20c7cae.yaml new file mode 100644 index 0000000000..f59c9dbbd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spectra-pro-995df7f208463f40decef18bc20c7cae.yaml @@ -0,0 +1,58 @@ +id: spectra-pro-995df7f208463f40decef18bc20c7cae + +info: + name: > + Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e23e7d66-4b57-4feb-bf77-46238bc6ce7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spectra-pro/" + google-query: inurl:"/wp-content/plugins/spectra-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spectra-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spectra-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spectra-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/speed-booster-pack-076ba2e4af7ca8a46ce67983592fc4f6.yaml b/nuclei-templates/cve-less/plugins/speed-booster-pack-076ba2e4af7ca8a46ce67983592fc4f6.yaml new file mode 100644 index 0000000000..38ce739a67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/speed-booster-pack-076ba2e4af7ca8a46ce67983592fc4f6.yaml @@ -0,0 +1,58 @@ +id: speed-booster-pack-076ba2e4af7ca8a46ce67983592fc4f6 + +info: + name: > + Speed Booster Pack PageSpeed Optimization Suite <= 4.1.9. - Authenticated (Admin+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8641dec6-a754-446a-a011-9b4b0fc252c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/speed-booster-pack/" + google-query: inurl:"/wp-content/plugins/speed-booster-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,speed-booster-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/speed-booster-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "speed-booster-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/speed-booster-pack-221fa8b539336ea57a6760f06055d98c.yaml b/nuclei-templates/cve-less/plugins/speed-booster-pack-221fa8b539336ea57a6760f06055d98c.yaml new file mode 100644 index 0000000000..f841fbd023 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/speed-booster-pack-221fa8b539336ea57a6760f06055d98c.yaml @@ -0,0 +1,58 @@ +id: speed-booster-pack-221fa8b539336ea57a6760f06055d98c + +info: + name: > + Speed Booster Pack <= 4.3.3 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b56a793-2a20-4bd7-aefb-a8d012c56527?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/speed-booster-pack/" + google-query: inurl:"/wp-content/plugins/speed-booster-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,speed-booster-pack,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/speed-booster-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "speed-booster-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/speedycache-54778688cb39f84f341e249c6ffef279.yaml b/nuclei-templates/cve-less/plugins/speedycache-54778688cb39f84f341e249c6ffef279.yaml new file mode 100644 index 0000000000..880d0c9c36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/speedycache-54778688cb39f84f341e249c6ffef279.yaml @@ -0,0 +1,58 @@ +id: speedycache-54778688cb39f84f341e249c6ffef279 + +info: + name: > + SpeedyCache <= 1.1.3 - Missing Authorization to Plugin Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db8cfdba-f3b2-45dc-9be7-6f6374fd5f39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/speedycache/" + google-query: inurl:"/wp-content/plugins/speedycache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,speedycache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/speedycache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "speedycache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/speedycache-e22a3c007f773a45322f383ac43c3a2c.yaml b/nuclei-templates/cve-less/plugins/speedycache-e22a3c007f773a45322f383ac43c3a2c.yaml new file mode 100644 index 0000000000..c4fb00ddb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/speedycache-e22a3c007f773a45322f383ac43c3a2c.yaml @@ -0,0 +1,58 @@ +id: speedycache-e22a3c007f773a45322f383ac43c3a2c + +info: + name: > + SpeedyCache <= 1.1.2 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab922406-4af8-4ef2-bcc8-c326212546b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/speedycache/" + google-query: inurl:"/wp-content/plugins/speedycache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,speedycache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/speedycache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "speedycache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spice-post-slider-65a9626411491f24b8c3f89e82e2b81b.yaml b/nuclei-templates/cve-less/plugins/spice-post-slider-65a9626411491f24b8c3f89e82e2b81b.yaml new file mode 100644 index 0000000000..e11b991b94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spice-post-slider-65a9626411491f24b8c3f89e82e2b81b.yaml @@ -0,0 +1,58 @@ +id: spice-post-slider-65a9626411491f24b8c3f89e82e2b81b + +info: + name: > + Carousel, Recent Post Slider and Banner Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0dd70b9-6f8a-41fc-ab4f-f6cdfee8dfb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spice-post-slider/" + google-query: inurl:"/wp-content/plugins/spice-post-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spice-post-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spice-post-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spice-post-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spider-event-calendar-2ed7504786f2c69f8fb1940cf29e910f.yaml b/nuclei-templates/cve-less/plugins/spider-event-calendar-2ed7504786f2c69f8fb1940cf29e910f.yaml new file mode 100644 index 0000000000..4b804a0d56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spider-event-calendar-2ed7504786f2c69f8fb1940cf29e910f.yaml @@ -0,0 +1,58 @@ +id: spider-event-calendar-2ed7504786f2c69f8fb1940cf29e910f + +info: + name: > + SpiderCalendar <= 1.6.64 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2da965b1-1f8d-4905-9711-bb9ad30f444a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spider-event-calendar/" + google-query: inurl:"/wp-content/plugins/spider-event-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spider-event-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spider-event-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spider-event-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.65') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spider-event-calendar-8e5f1d8103bbbd8289c9adf60d58fadc.yaml b/nuclei-templates/cve-less/plugins/spider-event-calendar-8e5f1d8103bbbd8289c9adf60d58fadc.yaml new file mode 100644 index 0000000000..a8efb08b3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spider-event-calendar-8e5f1d8103bbbd8289c9adf60d58fadc.yaml @@ -0,0 +1,58 @@ +id: spider-event-calendar-8e5f1d8103bbbd8289c9adf60d58fadc + +info: + name: > + SpiderCalendar <= 1.5.51 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4299e97c-3b91-4870-bafd-557b72b93b44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spider-event-calendar/" + google-query: inurl:"/wp-content/plugins/spider-event-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spider-event-calendar,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spider-event-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spider-event-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spider-event-calendar-f7cf93aa76a02f42c50608fccf671ed3.yaml b/nuclei-templates/cve-less/plugins/spider-event-calendar-f7cf93aa76a02f42c50608fccf671ed3.yaml new file mode 100644 index 0000000000..857c050a11 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spider-event-calendar-f7cf93aa76a02f42c50608fccf671ed3.yaml @@ -0,0 +1,58 @@ +id: spider-event-calendar-f7cf93aa76a02f42c50608fccf671ed3 + +info: + name: > + SpiderCalendar <= 1.4.9 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f00b2602-b9ab-4f4a-a19e-5c2a98c232e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spider-event-calendar/" + google-query: inurl:"/wp-content/plugins/spider-event-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spider-event-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spider-event-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spider-event-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spider-facebook-3419ce492dfca943f0e1d53900563907.yaml b/nuclei-templates/cve-less/plugins/spider-facebook-3419ce492dfca943f0e1d53900563907.yaml new file mode 100644 index 0000000000..5bd2f23323 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spider-facebook-3419ce492dfca943f0e1d53900563907.yaml @@ -0,0 +1,58 @@ +id: spider-facebook-3419ce492dfca943f0e1d53900563907 + +info: + name: > + Spider Facebook <= 1.0.15 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a74d6b36-e0f1-4cfb-b1e9-0573081ed975?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spider-facebook/" + google-query: inurl:"/wp-content/plugins/spider-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spider-facebook,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spider-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spider-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spider-facebook-913a3de69251f92dd6bb96cf67b3c77f.yaml b/nuclei-templates/cve-less/plugins/spider-facebook-913a3de69251f92dd6bb96cf67b3c77f.yaml new file mode 100644 index 0000000000..d00a915ed5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spider-facebook-913a3de69251f92dd6bb96cf67b3c77f.yaml @@ -0,0 +1,58 @@ +id: spider-facebook-913a3de69251f92dd6bb96cf67b3c77f + +info: + name: > + Spider Facebook <= 1.0.15 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a94accad-27c7-462b-b26f-0dde2036a7ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spider-facebook/" + google-query: inurl:"/wp-content/plugins/spider-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spider-facebook,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spider-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spider-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spider-facebook-e8946bc978834049177d3e02187e8035.yaml b/nuclei-templates/cve-less/plugins/spider-facebook-e8946bc978834049177d3e02187e8035.yaml new file mode 100644 index 0000000000..de94ec44bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spider-facebook-e8946bc978834049177d3e02187e8035.yaml @@ -0,0 +1,58 @@ +id: spider-facebook-e8946bc978834049177d3e02187e8035 + +info: + name: > + WDSocialWidgets < 1.0.11 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7926afb-b441-49bf-9af2-5bfc434319e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spider-facebook/" + google-query: inurl:"/wp-content/plugins/spider-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spider-facebook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spider-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spider-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spider-faq-b0259ad6d689e8e7c0c44fb374384bbb.yaml b/nuclei-templates/cve-less/plugins/spider-faq-b0259ad6d689e8e7c0c44fb374384bbb.yaml new file mode 100644 index 0000000000..98722f421c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spider-faq-b0259ad6d689e8e7c0c44fb374384bbb.yaml @@ -0,0 +1,58 @@ +id: spider-faq-b0259ad6d689e8e7c0c44fb374384bbb + +info: + name: > + SpiderFAQ <= 1.3.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/688d30ac-9b30-4298-a935-316e5503a31b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spider-faq/" + google-query: inurl:"/wp-content/plugins/spider-faq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spider-faq,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spider-faq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spider-faq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spideranalyse-0c25180cc619839b0311e294d1b3cbd8.yaml b/nuclei-templates/cve-less/plugins/spideranalyse-0c25180cc619839b0311e294d1b3cbd8.yaml new file mode 100644 index 0000000000..05fb9dedad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spideranalyse-0c25180cc619839b0311e294d1b3cbd8.yaml @@ -0,0 +1,58 @@ +id: spideranalyse-0c25180cc619839b0311e294d1b3cbd8 + +info: + name: > + spideranalyse <= 0.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3563f70d-ab0a-48ec-9bb9-294b49026c1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spideranalyse/" + google-query: inurl:"/wp-content/plugins/spideranalyse/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spideranalyse,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spideranalyse/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spideranalyse" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spiffy-6758599a3791f7538bc2d472bcdf24af.yaml b/nuclei-templates/cve-less/plugins/spiffy-6758599a3791f7538bc2d472bcdf24af.yaml new file mode 100644 index 0000000000..361674ace7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spiffy-6758599a3791f7538bc2d472bcdf24af.yaml @@ -0,0 +1,58 @@ +id: spiffy-6758599a3791f7538bc2d472bcdf24af + +info: + name: > + Spiffy XSPF Player <= 0.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b7f700f-e40c-4b45-b651-ab1752255083?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spiffy/" + google-query: inurl:"/wp-content/plugins/spiffy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spiffy,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spiffy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spiffy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spiffy-calendar-08f37baf7169a857040ffc59c0868398.yaml b/nuclei-templates/cve-less/plugins/spiffy-calendar-08f37baf7169a857040ffc59c0868398.yaml new file mode 100644 index 0000000000..b246882f59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spiffy-calendar-08f37baf7169a857040ffc59c0868398.yaml @@ -0,0 +1,58 @@ +id: spiffy-calendar-08f37baf7169a857040ffc59c0868398 + +info: + name: > + Spiffy Calendar <= 4.9.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/114e8ba9-b6b0-4b54-982c-8e9efaa616c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spiffy-calendar/" + google-query: inurl:"/wp-content/plugins/spiffy-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spiffy-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spiffy-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spiffy-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spiffy-calendar-154bfb5b4169e90929a178c26caff90a.yaml b/nuclei-templates/cve-less/plugins/spiffy-calendar-154bfb5b4169e90929a178c26caff90a.yaml new file mode 100644 index 0000000000..18d4da63d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spiffy-calendar-154bfb5b4169e90929a178c26caff90a.yaml @@ -0,0 +1,58 @@ +id: spiffy-calendar-154bfb5b4169e90929a178c26caff90a + +info: + name: > + Spiffy Calendar <= 4.9.3 - Reflected Cross-Site Scripting via page parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5adf03ff-5b87-4ed3-b7ec-b89bc814aba6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spiffy-calendar/" + google-query: inurl:"/wp-content/plugins/spiffy-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spiffy-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spiffy-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spiffy-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spiffy-calendar-1777236d571c6ec2a8def6ba8c1b858a.yaml b/nuclei-templates/cve-less/plugins/spiffy-calendar-1777236d571c6ec2a8def6ba8c1b858a.yaml new file mode 100644 index 0000000000..0f883f39e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spiffy-calendar-1777236d571c6ec2a8def6ba8c1b858a.yaml @@ -0,0 +1,58 @@ +id: spiffy-calendar-1777236d571c6ec2a8def6ba8c1b858a + +info: + name: > + Spiffy Calendar <= 4.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f433edb4-a8df-4548-a401-0089b605bbe5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spiffy-calendar/" + google-query: inurl:"/wp-content/plugins/spiffy-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spiffy-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spiffy-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spiffy-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spiffy-calendar-3e09107013e755aea584073e7dd4de99.yaml b/nuclei-templates/cve-less/plugins/spiffy-calendar-3e09107013e755aea584073e7dd4de99.yaml new file mode 100644 index 0000000000..9a94038f02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spiffy-calendar-3e09107013e755aea584073e7dd4de99.yaml @@ -0,0 +1,58 @@ +id: spiffy-calendar-3e09107013e755aea584073e7dd4de99 + +info: + name: > + Spiffy Calendar <= 4.9.0 - Event deletion via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ada3a69c-d113-4f92-b716-641bd5d20940?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spiffy-calendar/" + google-query: inurl:"/wp-content/plugins/spiffy-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spiffy-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spiffy-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spiffy-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spiffy-calendar-75045db4676725000c0fe50648ef7533.yaml b/nuclei-templates/cve-less/plugins/spiffy-calendar-75045db4676725000c0fe50648ef7533.yaml new file mode 100644 index 0000000000..189d06683e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spiffy-calendar-75045db4676725000c0fe50648ef7533.yaml @@ -0,0 +1,58 @@ +id: spiffy-calendar-75045db4676725000c0fe50648ef7533 + +info: + name: > + Spiffy Calendar < 3.3.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f78e6faf-ff1d-4944-aa54-7843cc8614f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spiffy-calendar/" + google-query: inurl:"/wp-content/plugins/spiffy-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spiffy-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spiffy-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spiffy-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spiffy-calendar-96ead8130baf6f3e4de85814e7242d2f.yaml b/nuclei-templates/cve-less/plugins/spiffy-calendar-96ead8130baf6f3e4de85814e7242d2f.yaml new file mode 100644 index 0000000000..2566728aa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spiffy-calendar-96ead8130baf6f3e4de85814e7242d2f.yaml @@ -0,0 +1,58 @@ +id: spiffy-calendar-96ead8130baf6f3e4de85814e7242d2f + +info: + name: > + Spiffy Calendar <= 4.9.0 - Edit/Delete event via IDOR + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85af2186-0807-4926-9285-f8ac93f76b93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spiffy-calendar/" + google-query: inurl:"/wp-content/plugins/spiffy-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spiffy-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spiffy-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spiffy-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spiffy-calendar-9cd804229a710db23428eb806db45e23.yaml b/nuclei-templates/cve-less/plugins/spiffy-calendar-9cd804229a710db23428eb806db45e23.yaml new file mode 100644 index 0000000000..90a487c53b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spiffy-calendar-9cd804229a710db23428eb806db45e23.yaml @@ -0,0 +1,58 @@ +id: spiffy-calendar-9cd804229a710db23428eb806db45e23 + +info: + name: > + Spiffy Calendar <= 4.9.1 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/005b56c7-55ae-4db0-9ab2-3e22bd8a08ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spiffy-calendar/" + google-query: inurl:"/wp-content/plugins/spiffy-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spiffy-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spiffy-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spiffy-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spiffy-calendar-e0473e70c98ee61e4fe5a38893d2153e.yaml b/nuclei-templates/cve-less/plugins/spiffy-calendar-e0473e70c98ee61e4fe5a38893d2153e.yaml new file mode 100644 index 0000000000..209ee444f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spiffy-calendar-e0473e70c98ee61e4fe5a38893d2153e.yaml @@ -0,0 +1,58 @@ +id: spiffy-calendar-e0473e70c98ee61e4fe5a38893d2153e + +info: + name: > + Spiffy Calendar <= 4.9.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b4369f8-d3d2-4018-a262-3294b5865086?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spiffy-calendar/" + google-query: inurl:"/wp-content/plugins/spiffy-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spiffy-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spiffy-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spiffy-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spiffy-calendar-ec679d8af6cf4a084b96b00c5d5a19da.yaml b/nuclei-templates/cve-less/plugins/spiffy-calendar-ec679d8af6cf4a084b96b00c5d5a19da.yaml new file mode 100644 index 0000000000..f2db506d6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spiffy-calendar-ec679d8af6cf4a084b96b00c5d5a19da.yaml @@ -0,0 +1,58 @@ +id: spiffy-calendar-ec679d8af6cf4a084b96b00c5d5a19da + +info: + name: > + Spiffy Calendar <= 4.9.8 - Insufficient Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4afea729-a7d9-4b38-a0f5-5af2c31bfbb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spiffy-calendar/" + google-query: inurl:"/wp-content/plugins/spiffy-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spiffy-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spiffy-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spiffy-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spin360-8be8bdb7ee929f691ca61327631de08d.yaml b/nuclei-templates/cve-less/plugins/spin360-8be8bdb7ee929f691ca61327631de08d.yaml new file mode 100644 index 0000000000..3a8ac4d784 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spin360-8be8bdb7ee929f691ca61327631de08d.yaml @@ -0,0 +1,58 @@ +id: spin360-8be8bdb7ee929f691ca61327631de08d + +info: + name: > + Spin 360 deg and 3D Model Viewer <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab63f507-6288-48e2-81c8-52b8a8c0c28c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spin360/" + google-query: inurl:"/wp-content/plugins/spin360/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spin360,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spin360/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spin360" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/splash-header-ab94523f6e880edfade4cc9deca8c597.yaml b/nuclei-templates/cve-less/plugins/splash-header-ab94523f6e880edfade4cc9deca8c597.yaml new file mode 100644 index 0000000000..81cd3f4ed1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/splash-header-ab94523f6e880edfade4cc9deca8c597.yaml @@ -0,0 +1,58 @@ +id: splash-header-ab94523f6e880edfade4cc9deca8c597 + +info: + name: > + Splash Header < 1.20.8 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6c9814e-e854-4420-9ec1-d843187bd9e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/splash-header/" + google-query: inurl:"/wp-content/plugins/splash-header/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,splash-header,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/splash-header/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "splash-header" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.20.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/splash-popup-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/splash-popup-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..1098eda28c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/splash-popup-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: splash-popup-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/splash-popup-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/splash-popup-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,splash-popup-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/splash-popup-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "splash-popup-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/splashscreen-2fce51431212ec05fbe8e4b6de6695f9.yaml b/nuclei-templates/cve-less/plugins/splashscreen-2fce51431212ec05fbe8e4b6de6695f9.yaml new file mode 100644 index 0000000000..82d5513c21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/splashscreen-2fce51431212ec05fbe8e4b6de6695f9.yaml @@ -0,0 +1,58 @@ +id: splashscreen-2fce51431212ec05fbe8e4b6de6695f9 + +info: + name: > + Splashscreen <= 0.20 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1088f498-e718-41bc-866e-7027352a2a5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/splashscreen/" + google-query: inurl:"/wp-content/plugins/splashscreen/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,splashscreen,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/splashscreen/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "splashscreen" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/split-test-for-elementor-b7e73505abb95891d8cab73e20eb43fb.yaml b/nuclei-templates/cve-less/plugins/split-test-for-elementor-b7e73505abb95891d8cab73e20eb43fb.yaml new file mode 100644 index 0000000000..ded525f346 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/split-test-for-elementor-b7e73505abb95891d8cab73e20eb43fb.yaml @@ -0,0 +1,58 @@ +id: split-test-for-elementor-b7e73505abb95891d8cab73e20eb43fb + +info: + name: > + Split Test For Elementor <= 1.6.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be23388e-9371-4ea0-974b-80f76de90012?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/split-test-for-elementor/" + google-query: inurl:"/wp-content/plugins/split-test-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,split-test-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/split-test-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "split-test-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spnbabble-124b0c02e423c613251c0019e72c2c54.yaml b/nuclei-templates/cve-less/plugins/spnbabble-124b0c02e423c613251c0019e72c2c54.yaml new file mode 100644 index 0000000000..8d3cac609b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spnbabble-124b0c02e423c613251c0019e72c2c54.yaml @@ -0,0 +1,58 @@ +id: spnbabble-124b0c02e423c613251c0019e72c2c54 + +info: + name: > + Spnbabble <= 1.4.1 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b12efe6c-63e9-4d5c-9437-7c0b6abe2ee5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spnbabble/" + google-query: inurl:"/wp-content/plugins/spnbabble/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spnbabble,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spnbabble/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spnbabble" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sponsors-carousel-eca4f2076644e75e750957ea6e558bad.yaml b/nuclei-templates/cve-less/plugins/sponsors-carousel-eca4f2076644e75e750957ea6e558bad.yaml new file mode 100644 index 0000000000..cbce314db0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sponsors-carousel-eca4f2076644e75e750957ea6e558bad.yaml @@ -0,0 +1,58 @@ +id: sponsors-carousel-eca4f2076644e75e750957ea6e558bad + +info: + name: > + Sponsors Carousel <= 4.02 - Authenticated (Admin+) Stored Cross-Site Scripting in show + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d61ed3e3-5102-4293-a999-e324e721ab89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sponsors-carousel/" + google-query: inurl:"/wp-content/plugins/sponsors-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sponsors-carousel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sponsors-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sponsors-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spoontalk-social-media-icons-widget-9197b8a3552582e2b7bb578d10695dcb.yaml b/nuclei-templates/cve-less/plugins/spoontalk-social-media-icons-widget-9197b8a3552582e2b7bb578d10695dcb.yaml new file mode 100644 index 0000000000..0265d3c684 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spoontalk-social-media-icons-widget-9197b8a3552582e2b7bb578d10695dcb.yaml @@ -0,0 +1,58 @@ +id: spoontalk-social-media-icons-widget-9197b8a3552582e2b7bb578d10695dcb + +info: + name: > + Social Media Icons Widget <= 1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bb5abff-d762-459a-b96c-5cbbb9f5a22e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spoontalk-social-media-icons-widget/" + google-query: inurl:"/wp-content/plugins/spoontalk-social-media-icons-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spoontalk-social-media-icons-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spoontalk-social-media-icons-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spoontalk-social-media-icons-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sportspress-12303619a441af1cb4218513536dee14.yaml b/nuclei-templates/cve-less/plugins/sportspress-12303619a441af1cb4218513536dee14.yaml new file mode 100644 index 0000000000..4b007a7aae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sportspress-12303619a441af1cb4218513536dee14.yaml @@ -0,0 +1,58 @@ +id: sportspress-12303619a441af1cb4218513536dee14 + +info: + name: > + SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/098dfee2-ba0b-420f-89ed-8ad1e41faec4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sportspress/" + google-query: inurl:"/wp-content/plugins/sportspress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sportspress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sportspress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sportspress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sportspress-6844db7940c370d06922bd9c5958a18b.yaml b/nuclei-templates/cve-less/plugins/sportspress-6844db7940c370d06922bd9c5958a18b.yaml new file mode 100644 index 0000000000..d9786f1f39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sportspress-6844db7940c370d06922bd9c5958a18b.yaml @@ -0,0 +1,58 @@ +id: sportspress-6844db7940c370d06922bd9c5958a18b + +info: + name: > + SportsPress <= 2.7.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14c9dc08-6965-4a22-a97a-5afc8152887d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sportspress/" + google-query: inurl:"/wp-content/plugins/sportspress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sportspress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sportspress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sportspress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sportspress-e4e04326ab22918580d15e25fd27ca8d.yaml b/nuclei-templates/cve-less/plugins/sportspress-e4e04326ab22918580d15e25fd27ca8d.yaml new file mode 100644 index 0000000000..82149a33d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sportspress-e4e04326ab22918580d15e25fd27ca8d.yaml @@ -0,0 +1,58 @@ +id: sportspress-e4e04326ab22918580d15e25fd27ca8d + +info: + name: > + SportsPress <= 2.7.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/324a51af-587e-4831-a48e-13bbd5038fc7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sportspress/" + google-query: inurl:"/wp-content/plugins/sportspress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sportspress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sportspress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sportspress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spotify-play-button-for-wordpress-298d6bd79a1c9c5409fd8603fff56484.yaml b/nuclei-templates/cve-less/plugins/spotify-play-button-for-wordpress-298d6bd79a1c9c5409fd8603fff56484.yaml new file mode 100644 index 0000000000..39858cab14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spotify-play-button-for-wordpress-298d6bd79a1c9c5409fd8603fff56484.yaml @@ -0,0 +1,58 @@ +id: spotify-play-button-for-wordpress-298d6bd79a1c9c5409fd8603fff56484 + +info: + name: > + Sp*tify Play Button for WordPress <= 2.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b82fae0-4eec-41ea-90e2-9d08258805b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spotify-play-button-for-wordpress/" + google-query: inurl:"/wp-content/plugins/spotify-play-button-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spotify-play-button-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spotify-play-button-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spotify-play-button-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spotify-play-button-for-wordpress-31672843b36374c6d9bc9abf980ac503.yaml b/nuclei-templates/cve-less/plugins/spotify-play-button-for-wordpress-31672843b36374c6d9bc9abf980ac503.yaml new file mode 100644 index 0000000000..03d08a7cf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spotify-play-button-for-wordpress-31672843b36374c6d9bc9abf980ac503.yaml @@ -0,0 +1,58 @@ +id: spotify-play-button-for-wordpress-31672843b36374c6d9bc9abf980ac503 + +info: + name: > + Sp*tify Play Button for WordPress <= 2.07 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/308f6887-7c1c-4efd-85e2-b71bb6d26dab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spotify-play-button-for-wordpress/" + google-query: inurl:"/wp-content/plugins/spotify-play-button-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spotify-play-button-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spotify-play-button-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spotify-play-button-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.07') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spotify-play-button-for-wordpress-a7c9f85c93718ea45a6837bae9a163d3.yaml b/nuclei-templates/cve-less/plugins/spotify-play-button-for-wordpress-a7c9f85c93718ea45a6837bae9a163d3.yaml new file mode 100644 index 0000000000..680f9acc58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spotify-play-button-for-wordpress-a7c9f85c93718ea45a6837bae9a163d3.yaml @@ -0,0 +1,58 @@ +id: spotify-play-button-for-wordpress-a7c9f85c93718ea45a6837bae9a163d3 + +info: + name: > + Sp*tify Play Button for WordPress <= 2.05 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28941027-a812-4d53-b3da-4e715202f88d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spotify-play-button-for-wordpress/" + google-query: inurl:"/wp-content/plugins/spotify-play-button-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spotify-play-button-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spotify-play-button-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spotify-play-button-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spotim-comments-ad069f3a56279cbff65458936b83abde.yaml b/nuclei-templates/cve-less/plugins/spotim-comments-ad069f3a56279cbff65458936b83abde.yaml new file mode 100644 index 0000000000..ac19a234de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spotim-comments-ad069f3a56279cbff65458936b83abde.yaml @@ -0,0 +1,58 @@ +id: spotim-comments-ad069f3a56279cbff65458936b83abde + +info: + name: > + Spot.IM Comments < 4.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0aa3bee5-a194-4618-8f32-a0a781fe8dc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spotim-comments/" + google-query: inurl:"/wp-content/plugins/spotim-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spotim-comments,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spotim-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spotim-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spotlight-social-photo-feeds-2d33cf6aadd9c85f7e657c07e30320a8.yaml b/nuclei-templates/cve-less/plugins/spotlight-social-photo-feeds-2d33cf6aadd9c85f7e657c07e30320a8.yaml new file mode 100644 index 0000000000..baf64eb7ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spotlight-social-photo-feeds-2d33cf6aadd9c85f7e657c07e30320a8.yaml @@ -0,0 +1,58 @@ +id: spotlight-social-photo-feeds-2d33cf6aadd9c85f7e657c07e30320a8 + +info: + name: > + Spotlight Social Feeds <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7aa700ac-32de-4cd4-9d56-eea8ec0ba61b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spotlight-social-photo-feeds/" + google-query: inurl:"/wp-content/plugins/spotlight-social-photo-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spotlight-social-photo-feeds,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spotlight-social-photo-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spotlight-social-photo-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spotlight-social-photo-feeds-383f0a78726324384b13637bfb824e6d.yaml b/nuclei-templates/cve-less/plugins/spotlight-social-photo-feeds-383f0a78726324384b13637bfb824e6d.yaml new file mode 100644 index 0000000000..f097e1f9fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spotlight-social-photo-feeds-383f0a78726324384b13637bfb824e6d.yaml @@ -0,0 +1,58 @@ +id: spotlight-social-photo-feeds-383f0a78726324384b13637bfb824e6d + +info: + name: > + Spotlight Social Media Feeds <= 1.6.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21e49adb-01a7-41d9-bb51-bac60d49e293?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spotlight-social-photo-feeds/" + google-query: inurl:"/wp-content/plugins/spotlight-social-photo-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spotlight-social-photo-feeds,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spotlight-social-photo-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spotlight-social-photo-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spotlightyour-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/spotlightyour-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..946a035db5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spotlightyour-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: spotlightyour-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spotlightyour/" + google-query: inurl:"/wp-content/plugins/spotlightyour/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spotlightyour,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spotlightyour/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spotlightyour" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spotlightyour-a5f4f463543df4d2c732d202ef98faae.yaml b/nuclei-templates/cve-less/plugins/spotlightyour-a5f4f463543df4d2c732d202ef98faae.yaml new file mode 100644 index 0000000000..4b3ff0f8f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spotlightyour-a5f4f463543df4d2c732d202ef98faae.yaml @@ -0,0 +1,58 @@ +id: spotlightyour-a5f4f463543df4d2c732d202ef98faae + +info: + name: > + Spotlight <= 4.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97f2b71f-ef3e-4826-8e78-62820672ec0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spotlightyour/" + google-query: inurl:"/wp-content/plugins/spotlightyour/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spotlightyour,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spotlightyour/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spotlightyour" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sprapid-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/sprapid-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..93589c04dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sprapid-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: sprapid-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sprapid/" + google-query: inurl:"/wp-content/plugins/sprapid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sprapid,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sprapid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sprapid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spreadshirt-rss-3d-cube-flash-gallery-a406e3b1989f167ebfda1e3281f7073d.yaml b/nuclei-templates/cve-less/plugins/spreadshirt-rss-3d-cube-flash-gallery-a406e3b1989f167ebfda1e3281f7073d.yaml new file mode 100644 index 0000000000..7f180ab8fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spreadshirt-rss-3d-cube-flash-gallery-a406e3b1989f167ebfda1e3281f7073d.yaml @@ -0,0 +1,58 @@ +id: spreadshirt-rss-3d-cube-flash-gallery-a406e3b1989f167ebfda1e3281f7073d + +info: + name: > + WP-RSS-Spreadshirt-3DCube-Gallery <= 1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4eaefe2d-b7f8-49ed-8ba1-833e888857b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spreadshirt-rss-3d-cube-flash-gallery/" + google-query: inurl:"/wp-content/plugins/spreadshirt-rss-3d-cube-flash-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spreadshirt-rss-3d-cube-flash-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spreadshirt-rss-3d-cube-flash-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spreadshirt-rss-3d-cube-flash-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/spreadshop-1fd62c5f484f1392e0781314c57798c9.yaml b/nuclei-templates/cve-less/plugins/spreadshop-1fd62c5f484f1392e0781314c57798c9.yaml new file mode 100644 index 0000000000..29826ab9ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/spreadshop-1fd62c5f484f1392e0781314c57798c9.yaml @@ -0,0 +1,58 @@ +id: spreadshop-1fd62c5f484f1392e0781314c57798c9 + +info: + name: > + Spreadshop Plugin <= 1.6.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f15ac06-b5d3-4265-b69b-1d46b12a0522?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/spreadshop/" + google-query: inurl:"/wp-content/plugins/spreadshop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,spreadshop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/spreadshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spreadshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sprout-invoices-f12b94e3ed29f6a01de55ac0eaeeefde.yaml b/nuclei-templates/cve-less/plugins/sprout-invoices-f12b94e3ed29f6a01de55ac0eaeeefde.yaml new file mode 100644 index 0000000000..3a0df94cbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sprout-invoices-f12b94e3ed29f6a01de55ac0eaeeefde.yaml @@ -0,0 +1,58 @@ +id: sprout-invoices-f12b94e3ed29f6a01de55ac0eaeeefde + +info: + name: > + Client Invoicing by Sprout Invoices <= 19.9.6 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59cdb3e3-06ca-4325-9dae-73ad3cdfd910?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sprout-invoices/" + google-query: inurl:"/wp-content/plugins/sprout-invoices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sprout-invoices,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sprout-invoices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sprout-invoices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 19.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/square-thumbnails-e4179682cad3bde3b1674a51f6f83b60.yaml b/nuclei-templates/cve-less/plugins/square-thumbnails-e4179682cad3bde3b1674a51f6f83b60.yaml new file mode 100644 index 0000000000..2d5ec06c5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/square-thumbnails-e4179682cad3bde3b1674a51f6f83b60.yaml @@ -0,0 +1,58 @@ +id: square-thumbnails-e4179682cad3bde3b1674a51f6f83b60 + +info: + name: > + Square Thumbnails <= 1.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31cc30c7-262d-4582-8976-fc8095bdca5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/square-thumbnails/" + google-query: inurl:"/wp-content/plugins/square-thumbnails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,square-thumbnails,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/square-thumbnails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "square-thumbnails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/squelch-tabs-and-accordions-shortcodes-5bf6caeb14a9d5459f5e8842d7b83fd0.yaml b/nuclei-templates/cve-less/plugins/squelch-tabs-and-accordions-shortcodes-5bf6caeb14a9d5459f5e8842d7b83fd0.yaml new file mode 100644 index 0000000000..376e6b78f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/squelch-tabs-and-accordions-shortcodes-5bf6caeb14a9d5459f5e8842d7b83fd0.yaml @@ -0,0 +1,58 @@ +id: squelch-tabs-and-accordions-shortcodes-5bf6caeb14a9d5459f5e8842d7b83fd0 + +info: + name: > + Squelch Tabs and Accordions Shortcodes <= 0.4.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd9490f2-ad52-477e-ae3b-be49984e8189?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/squelch-tabs-and-accordions-shortcodes/" + google-query: inurl:"/wp-content/plugins/squelch-tabs-and-accordions-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,squelch-tabs-and-accordions-shortcodes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/squelch-tabs-and-accordions-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squelch-tabs-and-accordions-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/squelch-tabs-and-accordions-shortcodes-a40320a58f3885e7d8eeeafc625b97f0.yaml b/nuclei-templates/cve-less/plugins/squelch-tabs-and-accordions-shortcodes-a40320a58f3885e7d8eeeafc625b97f0.yaml new file mode 100644 index 0000000000..4352828a8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/squelch-tabs-and-accordions-shortcodes-a40320a58f3885e7d8eeeafc625b97f0.yaml @@ -0,0 +1,58 @@ +id: squelch-tabs-and-accordions-shortcodes-a40320a58f3885e7d8eeeafc625b97f0 + +info: + name: > + Squelch Tabs and Accordions Shortcodes <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adf10ad4-38b2-44be-bdc6-ba6b62e9fbe6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/squelch-tabs-and-accordions-shortcodes/" + google-query: inurl:"/wp-content/plugins/squelch-tabs-and-accordions-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,squelch-tabs-and-accordions-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/squelch-tabs-and-accordions-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squelch-tabs-and-accordions-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/squirrly-seo-6e0a660167cf480a4e16e426dedc8853.yaml b/nuclei-templates/cve-less/plugins/squirrly-seo-6e0a660167cf480a4e16e426dedc8853.yaml new file mode 100644 index 0000000000..abdbece432 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/squirrly-seo-6e0a660167cf480a4e16e426dedc8853.yaml @@ -0,0 +1,58 @@ +id: squirrly-seo-6e0a660167cf480a4e16e426dedc8853 + +info: + name: > + SEO Plugin by Squirrly SEO <= 11.1.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a2d6ee-ee1b-44a1-ad74-61837d9ef4b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/squirrly-seo/" + google-query: inurl:"/wp-content/plugins/squirrly-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,squirrly-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/squirrly-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squirrly-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 11.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/squirrly-seo-83717a76e7400e087835909cd79a400f.yaml b/nuclei-templates/cve-less/plugins/squirrly-seo-83717a76e7400e087835909cd79a400f.yaml new file mode 100644 index 0000000000..52a36d0633 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/squirrly-seo-83717a76e7400e087835909cd79a400f.yaml @@ -0,0 +1,58 @@ +id: squirrly-seo-83717a76e7400e087835909cd79a400f + +info: + name: > + SEO Plugin by Squirrly SEO <= 12.1.10 - Authenticated (Contributor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4e7f51c-5f44-4d01-8865-9d86067374ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/squirrly-seo/" + google-query: inurl:"/wp-content/plugins/squirrly-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,squirrly-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/squirrly-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squirrly-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/squirrly-seo-83878a85b5ef451846cd41cd6a228f4f.yaml b/nuclei-templates/cve-less/plugins/squirrly-seo-83878a85b5ef451846cd41cd6a228f4f.yaml new file mode 100644 index 0000000000..2916841b31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/squirrly-seo-83878a85b5ef451846cd41cd6a228f4f.yaml @@ -0,0 +1,58 @@ +id: squirrly-seo-83878a85b5ef451846cd41cd6a228f4f + +info: + name: > + SEO Plugin by Squirrly SEO <= 12.1.20 - Reflected Cross-Site Scripting via 'page' and 'tab' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3edce64d-13c2-454a-b5da-0454453f69cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/squirrly-seo/" + google-query: inurl:"/wp-content/plugins/squirrly-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,squirrly-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/squirrly-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squirrly-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/squirrly-seo-97aa7aa2977bb6f3604b4b418beecdeb.yaml b/nuclei-templates/cve-less/plugins/squirrly-seo-97aa7aa2977bb6f3604b4b418beecdeb.yaml new file mode 100644 index 0000000000..1f9be4b9cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/squirrly-seo-97aa7aa2977bb6f3604b4b418beecdeb.yaml @@ -0,0 +1,58 @@ +id: squirrly-seo-97aa7aa2977bb6f3604b4b418beecdeb + +info: + name: > + SEO Plugin by Squirrly SEO <= 12.1.20 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9251afbb-1a6d-40c6-b62e-a8866742f669?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/squirrly-seo/" + google-query: inurl:"/wp-content/plugins/squirrly-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,squirrly-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/squirrly-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squirrly-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/squirrly-seo-f98418e2a88f3c300252df6d0a548031.yaml b/nuclei-templates/cve-less/plugins/squirrly-seo-f98418e2a88f3c300252df6d0a548031.yaml new file mode 100644 index 0000000000..50c353e628 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/squirrly-seo-f98418e2a88f3c300252df6d0a548031.yaml @@ -0,0 +1,58 @@ +id: squirrly-seo-f98418e2a88f3c300252df6d0a548031 + +info: + name: > + SEO Plugin by Squirrly SEO <= 12.3.15 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/squirrly-seo/" + google-query: inurl:"/wp-content/plugins/squirrly-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,squirrly-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/squirrly-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squirrly-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.3.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/squirrly-seo-ffbd02fc4497b01dad7c0fa802b669cd.yaml b/nuclei-templates/cve-less/plugins/squirrly-seo-ffbd02fc4497b01dad7c0fa802b669cd.yaml new file mode 100644 index 0000000000..efe2b90fef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/squirrly-seo-ffbd02fc4497b01dad7c0fa802b669cd.yaml @@ -0,0 +1,58 @@ +id: squirrly-seo-ffbd02fc4497b01dad7c0fa802b669cd + +info: + name: > + SEO Plugin by Squirrly SEO <= 12.3.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c874c643-ceb6-4646-adfa-6cd7393bb4f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/squirrly-seo/" + google-query: inurl:"/wp-content/plugins/squirrly-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,squirrly-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/squirrly-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squirrly-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.3.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/squirrly-seo-pack-24ebe2280a642d19c25498acc13aa5f7.yaml b/nuclei-templates/cve-less/plugins/squirrly-seo-pack-24ebe2280a642d19c25498acc13aa5f7.yaml new file mode 100644 index 0000000000..7c63a1a621 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/squirrly-seo-pack-24ebe2280a642d19c25498acc13aa5f7.yaml @@ -0,0 +1,58 @@ +id: squirrly-seo-pack-24ebe2280a642d19c25498acc13aa5f7 + +info: + name: > + Squirrly SEO - Advanced Pack <= 2.3.8 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ce4204f-3ee3-4877-8e9d-123d01ae80f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/squirrly-seo-pack/" + google-query: inurl:"/wp-content/plugins/squirrly-seo-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,squirrly-seo-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/squirrly-seo-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squirrly-seo-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/srbtranslatin-4393e503b4c5e360e86d4cf75de99b91.yaml b/nuclei-templates/cve-less/plugins/srbtranslatin-4393e503b4c5e360e86d4cf75de99b91.yaml new file mode 100644 index 0000000000..1e335c9abc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/srbtranslatin-4393e503b4c5e360e86d4cf75de99b91.yaml @@ -0,0 +1,58 @@ +id: srbtranslatin-4393e503b4c5e360e86d4cf75de99b91 + +info: + name: > + WP-Optimize <= 3.2.12 & SrbTransLatin <= 2.4 - Stored/Reflected Cross-Site Scripting via Third Party Library + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdb822e8-583e-4437-a735-b116aa8886e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/srbtranslatin/" + google-query: inurl:"/wp-content/plugins/srbtranslatin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,srbtranslatin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/srbtranslatin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "srbtranslatin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/srbtranslatin-acbdf42f0c9734064513cf6368d19553.yaml b/nuclei-templates/cve-less/plugins/srbtranslatin-acbdf42f0c9734064513cf6368d19553.yaml new file mode 100644 index 0000000000..3074b65905 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/srbtranslatin-acbdf42f0c9734064513cf6368d19553.yaml @@ -0,0 +1,58 @@ +id: srbtranslatin-acbdf42f0c9734064513cf6368d19553 + +info: + name: > + SrbTransLatin – SrbTransLatin <= 1.46 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf8485b-a363-44a3-93c7-a6fba034b48f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/srbtranslatin/" + google-query: inurl:"/wp-content/plugins/srbtranslatin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,srbtranslatin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/srbtranslatin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "srbtranslatin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/srbtranslatin-e8f7e29f1dbade4dd38e32bd0037d5fe.yaml b/nuclei-templates/cve-less/plugins/srbtranslatin-e8f7e29f1dbade4dd38e32bd0037d5fe.yaml new file mode 100644 index 0000000000..ed7ab2f19d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/srbtranslatin-e8f7e29f1dbade4dd38e32bd0037d5fe.yaml @@ -0,0 +1,58 @@ +id: srbtranslatin-e8f7e29f1dbade4dd38e32bd0037d5fe + +info: + name: > + SrbTransLatin <= 1.46 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/340d6e92-81a0-4659-b60b-922f63476a33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/srbtranslatin/" + google-query: inurl:"/wp-content/plugins/srbtranslatin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,srbtranslatin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/srbtranslatin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "srbtranslatin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/srs-simple-hits-counter-30c7579fa3259d02083eb82bd53cf64e.yaml b/nuclei-templates/cve-less/plugins/srs-simple-hits-counter-30c7579fa3259d02083eb82bd53cf64e.yaml new file mode 100644 index 0000000000..e9d0987769 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/srs-simple-hits-counter-30c7579fa3259d02083eb82bd53cf64e.yaml @@ -0,0 +1,58 @@ +id: srs-simple-hits-counter-30c7579fa3259d02083eb82bd53cf64e + +info: + name: > + SRS Simple Hits Counter <= 1.1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f76411f1-98ea-4d75-9ddd-e41a5d08c698?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/srs-simple-hits-counter/" + google-query: inurl:"/wp-content/plugins/srs-simple-hits-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,srs-simple-hits-counter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/srs-simple-hits-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "srs-simple-hits-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/srs-simple-hits-counter-44e9876427663f96d92e4c3c678955d5.yaml b/nuclei-templates/cve-less/plugins/srs-simple-hits-counter-44e9876427663f96d92e4c3c678955d5.yaml new file mode 100644 index 0000000000..7f74c71931 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/srs-simple-hits-counter-44e9876427663f96d92e4c3c678955d5.yaml @@ -0,0 +1,58 @@ +id: srs-simple-hits-counter-44e9876427663f96d92e4c3c678955d5 + +info: + name: > + SRS Simple Hits Counter Plugin for WordPress 1.03 - 1.04 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b157356c-a4be-48d6-8c58-ad1a9c96cda3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/srs-simple-hits-counter/" + google-query: inurl:"/wp-content/plugins/srs-simple-hits-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,srs-simple-hits-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/srs-simple-hits-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "srs-simple-hits-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0.3', '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ss-downloads-a491a4eb2f6511d2fd18eb2730601144.yaml b/nuclei-templates/cve-less/plugins/ss-downloads-a491a4eb2f6511d2fd18eb2730601144.yaml new file mode 100644 index 0000000000..d4564ad9c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ss-downloads-a491a4eb2f6511d2fd18eb2730601144.yaml @@ -0,0 +1,58 @@ +id: ss-downloads-a491a4eb2f6511d2fd18eb2730601144 + +info: + name: > + SS Downloads <= 1.4.4.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3871b908-a9a1-4c35-8a8d-d1a609db475a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ss-downloads/" + google-query: inurl:"/wp-content/plugins/ss-downloads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ss-downloads,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ss-downloads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ss-downloads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/st-daily-tip-2145217038a04527e759e3c42206ab95.yaml b/nuclei-templates/cve-less/plugins/st-daily-tip-2145217038a04527e759e3c42206ab95.yaml new file mode 100644 index 0000000000..8728cab53e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/st-daily-tip-2145217038a04527e759e3c42206ab95.yaml @@ -0,0 +1,58 @@ +id: st-daily-tip-2145217038a04527e759e3c42206ab95 + +info: + name: > + St Daily Tip <= 4.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/432b71ea-dd81-4536-abda-33da8185abb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/st-daily-tip/" + google-query: inurl:"/wp-content/plugins/st-daily-tip/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,st-daily-tip,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/st-daily-tip/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "st-daily-tip" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/st_newsletter-3701fafb074b402084511d8e3b04bc0d.yaml b/nuclei-templates/cve-less/plugins/st_newsletter-3701fafb074b402084511d8e3b04bc0d.yaml new file mode 100644 index 0000000000..e656c9be44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/st_newsletter-3701fafb074b402084511d8e3b04bc0d.yaml @@ -0,0 +1,58 @@ +id: st_newsletter-3701fafb074b402084511d8e3b04bc0d + +info: + name: > + ShiftThis (Unspecified Version) - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9f6ef14-dc04-46da-b2fc-e84b91153bfe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/st_newsletter/" + google-query: inurl:"/wp-content/plugins/st_newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,st_newsletter,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/st_newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "st_newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/st_newsletter-84952e15b91150d8294a112b87e25b78.yaml b/nuclei-templates/cve-less/plugins/st_newsletter-84952e15b91150d8294a112b87e25b78.yaml new file mode 100644 index 0000000000..fa18f3c90c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/st_newsletter-84952e15b91150d8294a112b87e25b78.yaml @@ -0,0 +1,58 @@ +id: st_newsletter-84952e15b91150d8294a112b87e25b78 + +info: + name: > + ShiftThis Newsletter <= 2.3.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60242725-200e-4794-acdc-2ab4a1e8e4fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/st_newsletter/" + google-query: inurl:"/wp-content/plugins/st_newsletter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,st_newsletter,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/st_newsletter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "st_newsletter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stackable-ultimate-gutenberg-blocks-36fca09be33f968137213dd9d8d406cb.yaml b/nuclei-templates/cve-less/plugins/stackable-ultimate-gutenberg-blocks-36fca09be33f968137213dd9d8d406cb.yaml new file mode 100644 index 0000000000..5cf507a8bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stackable-ultimate-gutenberg-blocks-36fca09be33f968137213dd9d8d406cb.yaml @@ -0,0 +1,58 @@ +id: stackable-ultimate-gutenberg-blocks-36fca09be33f968137213dd9d8d406cb + +info: + name: > + Stackable – Page Builder Gutenberg Blocks <= 3.12.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Posts Block + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/daa30b1b-cb8f-43fd-8329-c64b4024408f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stackable-ultimate-gutenberg-blocks/" + google-query: inurl:"/wp-content/plugins/stackable-ultimate-gutenberg-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stackable-ultimate-gutenberg-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stackable-ultimate-gutenberg-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stackable-ultimate-gutenberg-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.12.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/staff-directory-pro-ac98669a164eec200e7d954863b49097.yaml b/nuclei-templates/cve-less/plugins/staff-directory-pro-ac98669a164eec200e7d954863b49097.yaml new file mode 100644 index 0000000000..d42d7b4352 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/staff-directory-pro-ac98669a164eec200e7d954863b49097.yaml @@ -0,0 +1,58 @@ +id: staff-directory-pro-ac98669a164eec200e7d954863b49097 + +info: + name: > + Staff Directory Plugin <= 3.6 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5971447d-0634-49a5-91d0-c4f0c0825a86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/staff-directory-pro/" + google-query: inurl:"/wp-content/plugins/staff-directory-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,staff-directory-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/staff-directory-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "staff-directory-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stafflist-f5c3047a64378a59b5a46efb892afcac.yaml b/nuclei-templates/cve-less/plugins/stafflist-f5c3047a64378a59b5a46efb892afcac.yaml new file mode 100644 index 0000000000..afdfe73e34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stafflist-f5c3047a64378a59b5a46efb892afcac.yaml @@ -0,0 +1,58 @@ +id: stafflist-f5c3047a64378a59b5a46efb892afcac + +info: + name: > + StaffList <= 3.1.2 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cde57dc8-9bfe-482c-8f04-654f4386e484?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stafflist/" + google-query: inurl:"/wp-content/plugins/stafflist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stafflist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stafflist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stafflist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stageshow-63519f47d94f5357008fbc9245726b8e.yaml b/nuclei-templates/cve-less/plugins/stageshow-63519f47d94f5357008fbc9245726b8e.yaml new file mode 100644 index 0000000000..978fe3c52d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stageshow-63519f47d94f5357008fbc9245726b8e.yaml @@ -0,0 +1,58 @@ +id: stageshow-63519f47d94f5357008fbc9245726b8e + +info: + name: > + StageShow < 5.0.9 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbc8ccc1-7b72-44fb-8bf5-e7cb46081ed5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stageshow/" + google-query: inurl:"/wp-content/plugins/stageshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stageshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stageshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stageshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stagtools-295c71d391fe6f97f05c0f5bc739be92.yaml b/nuclei-templates/cve-less/plugins/stagtools-295c71d391fe6f97f05c0f5bc739be92.yaml new file mode 100644 index 0000000000..ff62ec2a48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stagtools-295c71d391fe6f97f05c0f5bc739be92.yaml @@ -0,0 +1,58 @@ +id: stagtools-295c71d391fe6f97f05c0f5bc739be92 + +info: + name: > + Stagtools <= 2.3.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45754b5b-8f94-4806-a931-bb423450682c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stagtools/" + google-query: inurl:"/wp-content/plugins/stagtools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stagtools,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stagtools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stagtools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stagtools-5f2953556f6ef8b300e083b724959d0b.yaml b/nuclei-templates/cve-less/plugins/stagtools-5f2953556f6ef8b300e083b724959d0b.yaml new file mode 100644 index 0000000000..b556506e2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stagtools-5f2953556f6ef8b300e083b724959d0b.yaml @@ -0,0 +1,58 @@ +id: stagtools-5f2953556f6ef8b300e083b724959d0b + +info: + name: > + Stagtools <= 2.3.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca09ce0d-3989-420d-9457-f0acd709cc6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stagtools/" + google-query: inurl:"/wp-content/plugins/stagtools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stagtools,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stagtools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stagtools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stampedio-product-reviews-f7de3a4183d7c85f1508bd7bcbb56139.yaml b/nuclei-templates/cve-less/plugins/stampedio-product-reviews-f7de3a4183d7c85f1508bd7bcbb56139.yaml new file mode 100644 index 0000000000..9ad169fcc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stampedio-product-reviews-f7de3a4183d7c85f1508bd7bcbb56139.yaml @@ -0,0 +1,58 @@ +id: stampedio-product-reviews-f7de3a4183d7c85f1508bd7bcbb56139 + +info: + name: > + Stamped.io Product Reviews & UGC for WooCommerce <= 2.3.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/490061dc-11f7-48f2-bc9a-974bedf16621?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stampedio-product-reviews/" + google-query: inurl:"/wp-content/plugins/stampedio-product-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stampedio-product-reviews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stampedio-product-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stampedio-product-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/standout-color-boxes-and-buttons-b00282494ef0f9932dc7277c14e145b9.yaml b/nuclei-templates/cve-less/plugins/standout-color-boxes-and-buttons-b00282494ef0f9932dc7277c14e145b9.yaml new file mode 100644 index 0000000000..f9db4d4408 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/standout-color-boxes-and-buttons-b00282494ef0f9932dc7277c14e145b9.yaml @@ -0,0 +1,58 @@ +id: standout-color-boxes-and-buttons-b00282494ef0f9932dc7277c14e145b9 + +info: + name: > + Standout Color Boxes and Buttons <= 0.7.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a826dff8-60ae-4e25-9d3e-be93f192aaca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/standout-color-boxes-and-buttons/" + google-query: inurl:"/wp-content/plugins/standout-color-boxes-and-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,standout-color-boxes-and-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/standout-color-boxes-and-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "standout-color-boxes-and-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/star-cloudprnt-for-woocommerce-346e0f78c8914c5524619c3f260ec3fe.yaml b/nuclei-templates/cve-less/plugins/star-cloudprnt-for-woocommerce-346e0f78c8914c5524619c3f260ec3fe.yaml new file mode 100644 index 0000000000..7a0de303cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/star-cloudprnt-for-woocommerce-346e0f78c8914c5524619c3f260ec3fe.yaml @@ -0,0 +1,58 @@ +id: star-cloudprnt-for-woocommerce-346e0f78c8914c5524619c3f260ec3fe + +info: + name: > + Star CloudPRNT for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/110c6d41-e814-41c9-a3e7-d94ec3d953e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/star-cloudprnt-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/star-cloudprnt-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,star-cloudprnt-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/star-cloudprnt-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "star-cloudprnt-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/star-cloudprnt-for-woocommerce-68ab25be74477c215ab2a821dbee384e.yaml b/nuclei-templates/cve-less/plugins/star-cloudprnt-for-woocommerce-68ab25be74477c215ab2a821dbee384e.yaml new file mode 100644 index 0000000000..5cdc54d842 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/star-cloudprnt-for-woocommerce-68ab25be74477c215ab2a821dbee384e.yaml @@ -0,0 +1,58 @@ +id: star-cloudprnt-for-woocommerce-68ab25be74477c215ab2a821dbee384e + +info: + name: > + Star CloudPRNT for WooCommerce <= 2.0.3 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f850644-4923-46c1-90f6-d29088c9cb1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/star-cloudprnt-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/star-cloudprnt-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,star-cloudprnt-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/star-cloudprnt-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "star-cloudprnt-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/starbox-55749978c55c3ff34eeaa5813711f342.yaml b/nuclei-templates/cve-less/plugins/starbox-55749978c55c3ff34eeaa5813711f342.yaml new file mode 100644 index 0000000000..273657e401 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/starbox-55749978c55c3ff34eeaa5813711f342.yaml @@ -0,0 +1,58 @@ +id: starbox-55749978c55c3ff34eeaa5813711f342 + +info: + name: > + Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f413fc2-8543-4478-987d-d983581027bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/starbox/" + google-query: inurl:"/wp-content/plugins/starbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,starbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/starbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "starbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/starbox-750a764136a41cb3d1ef7fa35a4e6897.yaml b/nuclei-templates/cve-less/plugins/starbox-750a764136a41cb3d1ef7fa35a4e6897.yaml new file mode 100644 index 0000000000..4e4f16359b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/starbox-750a764136a41cb3d1ef7fa35a4e6897.yaml @@ -0,0 +1,58 @@ +id: starbox-750a764136a41cb3d1ef7fa35a4e6897 + +info: + name: > + Starbox <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9694fae8-dfe9-4e19-bebc-2f2a607cff82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/starbox/" + google-query: inurl:"/wp-content/plugins/starbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,starbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/starbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "starbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/starbox-97fda38a75735b5bdc9de194b151a883.yaml b/nuclei-templates/cve-less/plugins/starbox-97fda38a75735b5bdc9de194b151a883.yaml new file mode 100644 index 0000000000..c8284d0665 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/starbox-97fda38a75735b5bdc9de194b151a883.yaml @@ -0,0 +1,58 @@ +id: starbox-97fda38a75735b5bdc9de194b151a883 + +info: + name: > + Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Display Name and Social Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0eafe473-9177-47c4-aa1e-2350cb827447?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/starbox/" + google-query: inurl:"/wp-content/plugins/starbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,starbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/starbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "starbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/starbox-e415a95e174fb12ae126d3d07ffd90b5.yaml b/nuclei-templates/cve-less/plugins/starbox-e415a95e174fb12ae126d3d07ffd90b5.yaml new file mode 100644 index 0000000000..b9acbf8172 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/starbox-e415a95e174fb12ae126d3d07ffd90b5.yaml @@ -0,0 +1,58 @@ +id: starbox-e415a95e174fb12ae126d3d07ffd90b5 + +info: + name: > + Starbox – the Author Box for Humans <= 3.4.7 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/starbox/" + google-query: inurl:"/wp-content/plugins/starbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,starbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/starbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "starbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stars-menu-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/stars-menu-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..42d134bf0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stars-menu-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: stars-menu-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stars-menu/" + google-query: inurl:"/wp-content/plugins/stars-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stars-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stars-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stars-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stars-rating-877b177b6c582a19ddf3d94a1f834d93.yaml b/nuclei-templates/cve-less/plugins/stars-rating-877b177b6c582a19ddf3d94a1f834d93.yaml new file mode 100644 index 0000000000..e0cbd6c11b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stars-rating-877b177b6c582a19ddf3d94a1f834d93.yaml @@ -0,0 +1,58 @@ +id: stars-rating-877b177b6c582a19ddf3d94a1f834d93 + +info: + name: > + Stars Rating <= 3.5.0 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47a00c6f-958f-41c7-a213-c858d8fac2ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stars-rating/" + google-query: inurl:"/wp-content/plugins/stars-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stars-rating,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stars-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stars-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/startklar-elmentor-forms-extwidgets-97fdac4e69d052b8d3b0b9d3bb3a6f6c.yaml b/nuclei-templates/cve-less/plugins/startklar-elmentor-forms-extwidgets-97fdac4e69d052b8d3b0b9d3bb3a6f6c.yaml new file mode 100644 index 0000000000..2a73b1b257 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/startklar-elmentor-forms-extwidgets-97fdac4e69d052b8d3b0b9d3bb3a6f6c.yaml @@ -0,0 +1,58 @@ +id: startklar-elmentor-forms-extwidgets-97fdac4e69d052b8d3b0b9d3bb3a6f6c + +info: + name: > + Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a125bbf1-8ff6-4f3d-a4fb-caaaefe1df2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/startklar-elmentor-forms-extwidgets/" + google-query: inurl:"/wp-content/plugins/startklar-elmentor-forms-extwidgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,startklar-elmentor-forms-extwidgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/startklar-elmentor-forms-extwidgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "startklar-elmentor-forms-extwidgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/startklar-elmentor-forms-extwidgets-d60b1c02d17322f76c1b2881d2462ff2.yaml b/nuclei-templates/cve-less/plugins/startklar-elmentor-forms-extwidgets-d60b1c02d17322f76c1b2881d2462ff2.yaml new file mode 100644 index 0000000000..1e71d0edab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/startklar-elmentor-forms-extwidgets-d60b1c02d17322f76c1b2881d2462ff2.yaml @@ -0,0 +1,58 @@ +id: startklar-elmentor-forms-extwidgets-d60b1c02d17322f76c1b2881d2462ff2 + +info: + name: > + Startklar Elementor Addons <= 1.7.13 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4221b33c-5cfa-48db-92bf-bf25ff3c5a5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/startklar-elmentor-forms-extwidgets/" + google-query: inurl:"/wp-content/plugins/startklar-elmentor-forms-extwidgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,startklar-elmentor-forms-extwidgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/startklar-elmentor-forms-extwidgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "startklar-elmentor-forms-extwidgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/station-pro-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/station-pro-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..33d669776b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/station-pro-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: station-pro-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/station-pro/" + google-query: inurl:"/wp-content/plugins/station-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,station-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/station-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "station-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/statpresscn-5ea2cc8533d8fd4f1c4801b0b4960d9d.yaml b/nuclei-templates/cve-less/plugins/statpresscn-5ea2cc8533d8fd4f1c4801b0b4960d9d.yaml new file mode 100644 index 0000000000..33f0d668c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/statpresscn-5ea2cc8533d8fd4f1c4801b0b4960d9d.yaml @@ -0,0 +1,58 @@ +id: statpresscn-5ea2cc8533d8fd4f1c4801b0b4960d9d + +info: + name: > + StatPressCN <= 1.9.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b85e583-7028-4de4-8634-a331ef38a22e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/statpresscn/" + google-query: inurl:"/wp-content/plugins/statpresscn/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,statpresscn,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/statpresscn/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "statpresscn" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stats-6928e4dd3f8a754ad4543c4aa86a65d0.yaml b/nuclei-templates/cve-less/plugins/stats-6928e4dd3f8a754ad4543c4aa86a65d0.yaml new file mode 100644 index 0000000000..9df10b2b48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stats-6928e4dd3f8a754ad4543c4aa86a65d0.yaml @@ -0,0 +1,58 @@ +id: stats-6928e4dd3f8a754ad4543c4aa86a65d0 + +info: + name: > + stats <= 1.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3eec5823-f1ee-464c-8344-eed3ee991602?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stats/" + google-query: inurl:"/wp-content/plugins/stats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stats,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-b3370369626f0cd7746a33baa8f9c6f9.yaml b/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-b3370369626f0cd7746a33baa8f9c6f9.yaml new file mode 100644 index 0000000000..58943fe7a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-b3370369626f0cd7746a33baa8f9c6f9.yaml @@ -0,0 +1,58 @@ +id: stax-addons-for-elementor-b3370369626f0cd7746a33baa8f9c6f9 + +info: + name: > + Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Missing Authorization in toggle_widget + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/926550bb-265d-4811-a375-10c47e9fb4d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stax-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/stax-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stax-addons-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stax-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stax-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..29c24238d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: stax-addons-for-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stax-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/stax-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stax-addons-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stax-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stax-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-cebe60a1cf2dde46346583e6502d2df4.yaml b/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-cebe60a1cf2dde46346583e6502d2df4.yaml new file mode 100644 index 0000000000..54231edca9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-cebe60a1cf2dde46346583e6502d2df4.yaml @@ -0,0 +1,58 @@ +id: stax-addons-for-elementor-cebe60a1cf2dde46346583e6502d2df4 + +info: + name: > + Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16320b5e-1cb5-4e6d-ad2e-8ccd9cfa45ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stax-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/stax-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stax-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stax-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stax-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-e4c7791fde3e7334165d62fc0d2ccc21.yaml b/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-e4c7791fde3e7334165d62fc0d2ccc21.yaml new file mode 100644 index 0000000000..49b8dc8275 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stax-addons-for-elementor-e4c7791fde3e7334165d62fc0d2ccc21.yaml @@ -0,0 +1,58 @@ +id: stax-addons-for-elementor-e4c7791fde3e7334165d62fc0d2ccc21 + +info: + name: > + Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c12094bd-aa23-4f9b-92e1-d1d4284fb2a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stax-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/stax-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stax-addons-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stax-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stax-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stax-buddy-builder-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/stax-buddy-builder-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..6e2d7b8a00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stax-buddy-builder-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: stax-buddy-builder-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stax-buddy-builder/" + google-query: inurl:"/wp-content/plugins/stax-buddy-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stax-buddy-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stax-buddy-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stax-buddy-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/steam-group-viewer-ba89c7968306258a1d45a93c7b938ec5.yaml b/nuclei-templates/cve-less/plugins/steam-group-viewer-ba89c7968306258a1d45a93c7b938ec5.yaml new file mode 100644 index 0000000000..cb63574898 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/steam-group-viewer-ba89c7968306258a1d45a93c7b938ec5.yaml @@ -0,0 +1,58 @@ +id: steam-group-viewer-ba89c7968306258a1d45a93c7b938ec5 + +info: + name: > + Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4e982d1-7ad9-490e-b606-695cafbc7f0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/steam-group-viewer/" + google-query: inurl:"/wp-content/plugins/steam-group-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,steam-group-viewer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/steam-group-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "steam-group-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stepbyteservice-openstreetmap-e82baab8930846897895cd56a53f4176.yaml b/nuclei-templates/cve-less/plugins/stepbyteservice-openstreetmap-e82baab8930846897895cd56a53f4176.yaml new file mode 100644 index 0000000000..a3bac83197 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stepbyteservice-openstreetmap-e82baab8930846897895cd56a53f4176.yaml @@ -0,0 +1,58 @@ +id: stepbyteservice-openstreetmap-e82baab8930846897895cd56a53f4176 + +info: + name: > + OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13d2a333-1f45-457e-a48b-38c1e0793eeb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stepbyteservice-openstreetmap/" + google-query: inurl:"/wp-content/plugins/stepbyteservice-openstreetmap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stepbyteservice-openstreetmap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stepbyteservice-openstreetmap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stepbyteservice-openstreetmap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stetic-6c87924dbb6c43a2f1ddf339475f1f21.yaml b/nuclei-templates/cve-less/plugins/stetic-6c87924dbb6c43a2f1ddf339475f1f21.yaml new file mode 100644 index 0000000000..2932c854a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stetic-6c87924dbb6c43a2f1ddf339475f1f21.yaml @@ -0,0 +1,58 @@ +id: stetic-6c87924dbb6c43a2f1ddf339475f1f21 + +info: + name: > + Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3469ba0d-8ef3-41d0-becb-cf2eb43758f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stetic/" + google-query: inurl:"/wp-content/plugins/stetic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stetic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stetic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stetic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sticky-ad-bar-e6b604fdb9cd729f08feb0319847d447.yaml b/nuclei-templates/cve-less/plugins/sticky-ad-bar-e6b604fdb9cd729f08feb0319847d447.yaml new file mode 100644 index 0000000000..5189ec9e3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sticky-ad-bar-e6b604fdb9cd729f08feb0319847d447.yaml @@ -0,0 +1,58 @@ +id: sticky-ad-bar-e6b604fdb9cd729f08feb0319847d447 + +info: + name: > + Sticky Ad Bar <= 1.3.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/750a4a94-458c-4944-a99b-a1c8e23e57d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sticky-ad-bar/" + google-query: inurl:"/wp-content/plugins/sticky-ad-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sticky-ad-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sticky-ad-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sticky-ad-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sticky-buttons-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/sticky-buttons-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..8992510e98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sticky-buttons-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: sticky-buttons-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sticky-buttons/" + google-query: inurl:"/wp-content/plugins/sticky-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sticky-buttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sticky-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sticky-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sticky-buttons-7e2dc330bdadb62eadfb9a21217d5798.yaml b/nuclei-templates/cve-less/plugins/sticky-buttons-7e2dc330bdadb62eadfb9a21217d5798.yaml new file mode 100644 index 0000000000..1fca37731c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sticky-buttons-7e2dc330bdadb62eadfb9a21217d5798.yaml @@ -0,0 +1,58 @@ +id: sticky-buttons-7e2dc330bdadb62eadfb9a21217d5798 + +info: + name: > + Sticky Buttons <= 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c070be-e955-4076-9878-0b1044766397?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sticky-buttons/" + google-query: inurl:"/wp-content/plugins/sticky-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sticky-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sticky-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sticky-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sticky-buttons-859f059a5b5e1e007a3660b6b0f57e21.yaml b/nuclei-templates/cve-less/plugins/sticky-buttons-859f059a5b5e1e007a3660b6b0f57e21.yaml new file mode 100644 index 0000000000..268cecfdfe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sticky-buttons-859f059a5b5e1e007a3660b6b0f57e21.yaml @@ -0,0 +1,58 @@ +id: sticky-buttons-859f059a5b5e1e007a3660b6b0f57e21 + +info: + name: > + Sticky Buttons – floating buttons builder <= 3.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74ac2b14-aea1-4366-acf4-d2d86cdec4c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sticky-buttons/" + google-query: inurl:"/wp-content/plugins/sticky-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sticky-buttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sticky-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sticky-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sticky-chat-widget-081b4b5984322d0654bd5e7e3e37d073.yaml b/nuclei-templates/cve-less/plugins/sticky-chat-widget-081b4b5984322d0654bd5e7e3e37d073.yaml new file mode 100644 index 0000000000..35295ac403 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sticky-chat-widget-081b4b5984322d0654bd5e7e3e37d073.yaml @@ -0,0 +1,58 @@ +id: sticky-chat-widget-081b4b5984322d0654bd5e7e3e37d073 + +info: + name: > + Sticky Chat Widget <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/892fe839-57ca-45bc-aa9b-f1bf87994a77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sticky-chat-widget/" + google-query: inurl:"/wp-content/plugins/sticky-chat-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sticky-chat-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sticky-chat-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sticky-chat-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sticky-header-oceanwp-40341532c7f84f3b54f6d735c45b3460.yaml b/nuclei-templates/cve-less/plugins/sticky-header-oceanwp-40341532c7f84f3b54f6d735c45b3460.yaml new file mode 100644 index 0000000000..793b037b21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sticky-header-oceanwp-40341532c7f84f3b54f6d735c45b3460.yaml @@ -0,0 +1,58 @@ +id: sticky-header-oceanwp-40341532c7f84f3b54f6d735c45b3460 + +info: + name: > + Oceanwp sticky header <= 1.0.8 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e0d21e6-d8a2-44ab-87f3-9e5a16562020?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sticky-header-oceanwp/" + google-query: inurl:"/wp-content/plugins/sticky-header-oceanwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sticky-header-oceanwp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sticky-header-oceanwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sticky-header-oceanwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sticky-popup-309733b2329b1a831e5f4ba1b62b19a8.yaml b/nuclei-templates/cve-less/plugins/sticky-popup-309733b2329b1a831e5f4ba1b62b19a8.yaml new file mode 100644 index 0000000000..f478a96559 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sticky-popup-309733b2329b1a831e5f4ba1b62b19a8.yaml @@ -0,0 +1,58 @@ +id: sticky-popup-309733b2329b1a831e5f4ba1b62b19a8 + +info: + name: > + Sticky Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a5262d8-d9cd-4bd9-a95e-f60782095173?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sticky-popup/" + google-query: inurl:"/wp-content/plugins/sticky-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sticky-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sticky-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sticky-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sticky-related-posts-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/sticky-related-posts-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..b8574f1ff4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sticky-related-posts-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: sticky-related-posts-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sticky-related-posts/" + google-query: inurl:"/wp-content/plugins/sticky-related-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sticky-related-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sticky-related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sticky-related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sticky-social-media-icons-c9799f12c2184eb30d64cc5143268b5b.yaml b/nuclei-templates/cve-less/plugins/sticky-social-media-icons-c9799f12c2184eb30d64cc5143268b5b.yaml new file mode 100644 index 0000000000..23f318d16d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sticky-social-media-icons-c9799f12c2184eb30d64cc5143268b5b.yaml @@ -0,0 +1,58 @@ +id: sticky-social-media-icons-c9799f12c2184eb30d64cc5143268b5b + +info: + name: > + Sticky Social Media Icons <= 2.0 - Missing Authorization via ajax_request_handle + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58cfb328-40d0-4bea-a707-d5d6c1ce364a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sticky-social-media-icons/" + google-query: inurl:"/wp-content/plugins/sticky-social-media-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sticky-social-media-icons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sticky-social-media-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sticky-social-media-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-exporter-for-woocommerce-52fb89fd718db76422fb10fc104a8d62.yaml b/nuclei-templates/cve-less/plugins/stock-exporter-for-woocommerce-52fb89fd718db76422fb10fc104a8d62.yaml new file mode 100644 index 0000000000..f0756086be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-exporter-for-woocommerce-52fb89fd718db76422fb10fc104a8d62.yaml @@ -0,0 +1,58 @@ +id: stock-exporter-for-woocommerce-52fb89fd718db76422fb10fc104a8d62 + +info: + name: > + Stock Exporter for WooCommerce <= 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b65184e6-8072-4dd7-8291-c92817e55beb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-exporter-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/stock-exporter-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-exporter-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-exporter-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-exporter-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-in-3f8c7e452acf0c92c2be04758743dd87.yaml b/nuclei-templates/cve-less/plugins/stock-in-3f8c7e452acf0c92c2be04758743dd87.yaml new file mode 100644 index 0000000000..d32d2c884c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-in-3f8c7e452acf0c92c2be04758743dd87.yaml @@ -0,0 +1,58 @@ +id: stock-in-3f8c7e452acf0c92c2be04758743dd87 + +info: + name: > + Stock in & out <= 1.0.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f938a446-ae0b-4e06-9d55-26e2fea4d1e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-in/" + google-query: inurl:"/wp-content/plugins/stock-in/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-in,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-in/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-in" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-in-b71491b8bf7c07dcdab705de72ac74a3.yaml b/nuclei-templates/cve-less/plugins/stock-in-b71491b8bf7c07dcdab705de72ac74a3.yaml new file mode 100644 index 0000000000..be2dbc0401 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-in-b71491b8bf7c07dcdab705de72ac74a3.yaml @@ -0,0 +1,58 @@ +id: stock-in-b71491b8bf7c07dcdab705de72ac74a3 + +info: + name: > + Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c6bbdcd-9b08-4c17-9a87-e06baa4cca1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-in/" + google-query: inurl:"/wp-content/plugins/stock-in/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-in,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-in/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-in" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-locations-for-woocommerce-56e0af85bfab5155d836999c55aea415.yaml b/nuclei-templates/cve-less/plugins/stock-locations-for-woocommerce-56e0af85bfab5155d836999c55aea415.yaml new file mode 100644 index 0000000000..4b76c4432e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-locations-for-woocommerce-56e0af85bfab5155d836999c55aea415.yaml @@ -0,0 +1,58 @@ +id: stock-locations-for-woocommerce-56e0af85bfab5155d836999c55aea415 + +info: + name: > + Stock Locations for WooCommerce <= 2.5.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6090a49-f3dc-4b7b-bc86-eb7ec57b7ba4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-locations-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/stock-locations-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-locations-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-locations-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-locations-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-market-charts-from-finviz-4d66daf76c1a504d8951d5442d44e0d6.yaml b/nuclei-templates/cve-less/plugins/stock-market-charts-from-finviz-4d66daf76c1a504d8951d5442d44e0d6.yaml new file mode 100644 index 0000000000..aae09fa8c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-market-charts-from-finviz-4d66daf76c1a504d8951d5442d44e0d6.yaml @@ -0,0 +1,58 @@ +id: stock-market-charts-from-finviz-4d66daf76c1a504d8951d5442d44e0d6 + +info: + name: > + Stock market charts from finviz <= 1.0.1 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d6b5a4c-1dc9-4d86-ac41-61880637fcbb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-market-charts-from-finviz/" + google-query: inurl:"/wp-content/plugins/stock-market-charts-from-finviz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-market-charts-from-finviz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-market-charts-from-finviz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-market-charts-from-finviz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-quotes-list-9bd703646402672c6e3df139cb8847d8.yaml b/nuclei-templates/cve-less/plugins/stock-quotes-list-9bd703646402672c6e3df139cb8847d8.yaml new file mode 100644 index 0000000000..b503c5300d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-quotes-list-9bd703646402672c6e3df139cb8847d8.yaml @@ -0,0 +1,58 @@ +id: stock-quotes-list-9bd703646402672c6e3df139cb8847d8 + +info: + name: > + Stock Quotes List <= 2.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1dffbb2d-69d1-495c-8c96-64c5fd878fcd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-quotes-list/" + google-query: inurl:"/wp-content/plugins/stock-quotes-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-quotes-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-quotes-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-quotes-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-sync-for-woocommerce-9c2789fd4f31da6a3e682d3cde6291b3.yaml b/nuclei-templates/cve-less/plugins/stock-sync-for-woocommerce-9c2789fd4f31da6a3e682d3cde6291b3.yaml new file mode 100644 index 0000000000..f5efe68c52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-sync-for-woocommerce-9c2789fd4f31da6a3e682d3cde6291b3.yaml @@ -0,0 +1,58 @@ +id: stock-sync-for-woocommerce-9c2789fd4f31da6a3e682d3cde6291b3 + +info: + name: > + Stock Sync for WooCommerce <= 2.3.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8faa34a-17fd-4a2e-b8bf-ed40fc7a88d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-sync-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/stock-sync-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-sync-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-sync-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-sync-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-sync-for-woocommerce-c9110bf3cc68474c30b266d852672473.yaml b/nuclei-templates/cve-less/plugins/stock-sync-for-woocommerce-c9110bf3cc68474c30b266d852672473.yaml new file mode 100644 index 0000000000..952e857c99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-sync-for-woocommerce-c9110bf3cc68474c30b266d852672473.yaml @@ -0,0 +1,58 @@ +id: stock-sync-for-woocommerce-c9110bf3cc68474c30b266d852672473 + +info: + name: > + Stock Sync for WooCommerce <= 2.4.0 - Reflected Cross-Site Scripting via page parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adcaf2db-2026-46bb-8fbc-0400d7c1e296?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-sync-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/stock-sync-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-sync-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-sync-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-sync-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-ticker-2ea3be25438d9c3b8022fc0114332035.yaml b/nuclei-templates/cve-less/plugins/stock-ticker-2ea3be25438d9c3b8022fc0114332035.yaml new file mode 100644 index 0000000000..154669ad95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-ticker-2ea3be25438d9c3b8022fc0114332035.yaml @@ -0,0 +1,58 @@ +id: stock-ticker-2ea3be25438d9c3b8022fc0114332035 + +info: + name: > + Stock Ticker <= 3.23.2 - Reflected Cross-Site Scripting in ajax_stockticker_symbol_search_test + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f8321a7-863c-43ab-a42a-e01d60101c3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-ticker/" + google-query: inurl:"/wp-content/plugins/stock-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-ticker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.23.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-ticker-389e4423679f1c467a852761b85f3cfd.yaml b/nuclei-templates/cve-less/plugins/stock-ticker-389e4423679f1c467a852761b85f3cfd.yaml new file mode 100644 index 0000000000..50eb12fb69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-ticker-389e4423679f1c467a852761b85f3cfd.yaml @@ -0,0 +1,58 @@ +id: stock-ticker-389e4423679f1c467a852761b85f3cfd + +info: + name: > + Stock Ticker <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scritping + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8e921f4-d889-490f-a817-53d132a56f83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-ticker/" + google-query: inurl:"/wp-content/plugins/stock-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-ticker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.23.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-ticker-5d5ae51f589bad252b3ae3b1c695b8aa.yaml b/nuclei-templates/cve-less/plugins/stock-ticker-5d5ae51f589bad252b3ae3b1c695b8aa.yaml new file mode 100644 index 0000000000..82c3bda43c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-ticker-5d5ae51f589bad252b3ae3b1c695b8aa.yaml @@ -0,0 +1,58 @@ +id: stock-ticker-5d5ae51f589bad252b3ae3b1c695b8aa + +info: + name: > + Stock Ticker <= 3.23.3 - Reflected Cross-Site Scripting in ajax_stockticker_load + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06eaf73f-273c-4733-9ff9-2d8034221814?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-ticker/" + google-query: inurl:"/wp-content/plugins/stock-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-ticker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.23.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stock-ticker-a63f1210dd076ac1af75bbdfb4936df5.yaml b/nuclei-templates/cve-less/plugins/stock-ticker-a63f1210dd076ac1af75bbdfb4936df5.yaml new file mode 100644 index 0000000000..2865b11455 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stock-ticker-a63f1210dd076ac1af75bbdfb4936df5.yaml @@ -0,0 +1,58 @@ +id: stock-ticker-a63f1210dd076ac1af75bbdfb4936df5 + +info: + name: > + Stock Ticker <= 3.23.0 - Missing Authorization via AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e81c4d77-5459-4f56-b339-8da0877a6663?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stock-ticker/" + google-query: inurl:"/wp-content/plugins/stock-ticker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stock-ticker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stock-ticker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stock-ticker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.23.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stockdio-historical-chart-77325720e82684664a6b23fccd8e86e5.yaml b/nuclei-templates/cve-less/plugins/stockdio-historical-chart-77325720e82684664a6b23fccd8e86e5.yaml new file mode 100644 index 0000000000..54d429cc1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stockdio-historical-chart-77325720e82684664a6b23fccd8e86e5.yaml @@ -0,0 +1,58 @@ +id: stockdio-historical-chart-77325720e82684664a6b23fccd8e86e5 + +info: + name: > + Stockdio Historical Chart < 2.8.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57162a5e-5f5d-4b22-bb7f-0ff65332910b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stockdio-historical-chart/" + google-query: inurl:"/wp-content/plugins/stockdio-historical-chart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stockdio-historical-chart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stockdio-historical-chart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stockdio-historical-chart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stockists-manager-93d3f42fb72b82260168d21150301cb3.yaml b/nuclei-templates/cve-less/plugins/stockists-manager-93d3f42fb72b82260168d21150301cb3.yaml new file mode 100644 index 0000000000..8911f05156 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stockists-manager-93d3f42fb72b82260168d21150301cb3.yaml @@ -0,0 +1,58 @@ +id: stockists-manager-93d3f42fb72b82260168d21150301cb3 + +info: + name: > + Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5e0204-4a05-45c1-833a-c2e4016d9830?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stockists-manager/" + google-query: inurl:"/wp-content/plugins/stockists-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stockists-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stockists-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stockists-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stop-referrer-spam-e98b32d10be48dc189fcfc8cfe33a3ba.yaml b/nuclei-templates/cve-less/plugins/stop-referrer-spam-e98b32d10be48dc189fcfc8cfe33a3ba.yaml new file mode 100644 index 0000000000..02ddd971c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stop-referrer-spam-e98b32d10be48dc189fcfc8cfe33a3ba.yaml @@ -0,0 +1,58 @@ +id: stop-referrer-spam-e98b32d10be48dc189fcfc8cfe33a3ba + +info: + name: > + Stop Referrer Spam <= 1.3.0 - Cross-Site Request Forgery via processParameters + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5deac61-031f-452a-a478-d5d0c7953817?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stop-referrer-spam/" + google-query: inurl:"/wp-content/plugins/stop-referrer-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stop-referrer-spam,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-referrer-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-referrer-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stop-spam-comments-33e0e465970f1e21e7fead2332f406d1.yaml b/nuclei-templates/cve-less/plugins/stop-spam-comments-33e0e465970f1e21e7fead2332f406d1.yaml new file mode 100644 index 0000000000..7ffc61becb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stop-spam-comments-33e0e465970f1e21e7fead2332f406d1.yaml @@ -0,0 +1,58 @@ +id: stop-spam-comments-33e0e465970f1e21e7fead2332f406d1 + +info: + name: > + Stop Spam Comments <= 0.2.1.2 - Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62061cf9-cdbf-4cb2-9890-36bdcbc65c21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stop-spam-comments/" + google-query: inurl:"/wp-content/plugins/stop-spam-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stop-spam-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-spam-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-spam-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-38876a8a5fbfd61cde5369e484f937f2.yaml b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-38876a8a5fbfd61cde5369e484f937f2.yaml new file mode 100644 index 0000000000..96f8de30b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-38876a8a5fbfd61cde5369e484f937f2.yaml @@ -0,0 +1,58 @@ +id: stop-spammer-registrations-plugin-38876a8a5fbfd61cde5369e484f937f2 + +info: + name: > + Stop Spammers Security <= 2022.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c83df43e-286d-4695-9c37-bee2870fd3b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stop-spammer-registrations-plugin/" + google-query: inurl:"/wp-content/plugins/stop-spammer-registrations-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stop-spammer-registrations-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-spammer-registrations-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-spammer-registrations-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2022.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-a2fadf4a6acf31a1331e23447ba2981f.yaml b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-a2fadf4a6acf31a1331e23447ba2981f.yaml new file mode 100644 index 0000000000..31e0aa6ae5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-a2fadf4a6acf31a1331e23447ba2981f.yaml @@ -0,0 +1,58 @@ +id: stop-spammer-registrations-plugin-a2fadf4a6acf31a1331e23447ba2981f + +info: + name: > + Stop Spammers Security <= 2022.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/889cb1d5-7f5c-4904-9b5f-cc8a505eb65c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stop-spammer-registrations-plugin/" + google-query: inurl:"/wp-content/plugins/stop-spammer-registrations-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stop-spammer-registrations-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-spammer-registrations-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-spammer-registrations-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2022.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-aaa45d66679ac35ae0d003ff8a8e5f48.yaml b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-aaa45d66679ac35ae0d003ff8a8e5f48.yaml new file mode 100644 index 0000000000..4b4034f29d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-aaa45d66679ac35ae0d003ff8a8e5f48.yaml @@ -0,0 +1,58 @@ +id: stop-spammer-registrations-plugin-aaa45d66679ac35ae0d003ff8a8e5f48 + +info: + name: > + Stop Spammers Security <= 2021.17 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bf805fc-4b27-47c4-b24e-79158cffaac4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stop-spammer-registrations-plugin/" + google-query: inurl:"/wp-content/plugins/stop-spammer-registrations-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stop-spammer-registrations-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-spammer-registrations-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-spammer-registrations-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2021.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-b2a65b01b1c6a6a8966ce47037369844.yaml b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-b2a65b01b1c6a6a8966ce47037369844.yaml new file mode 100644 index 0000000000..2d2cb58ec3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-b2a65b01b1c6a6a8966ce47037369844.yaml @@ -0,0 +1,58 @@ +id: stop-spammer-registrations-plugin-b2a65b01b1c6a6a8966ce47037369844 + +info: + name: > + Stop Spammers <= 2021.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2598ae85-5e91-47e6-b3f5-0d977fe80dd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stop-spammer-registrations-plugin/" + google-query: inurl:"/wp-content/plugins/stop-spammer-registrations-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stop-spammer-registrations-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-spammer-registrations-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-spammer-registrations-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2021.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-cb772dd359af032492bf762585f62bb0.yaml b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-cb772dd359af032492bf762585f62bb0.yaml new file mode 100644 index 0000000000..fd84bf6709 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-cb772dd359af032492bf762585f62bb0.yaml @@ -0,0 +1,58 @@ +id: stop-spammer-registrations-plugin-cb772dd359af032492bf762585f62bb0 + +info: + name: > + Stop Spammers Security <= 2022.5 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6065ad75-1685-4f1d-9ba9-d4c8ec840521?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stop-spammer-registrations-plugin/" + google-query: inurl:"/wp-content/plugins/stop-spammer-registrations-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stop-spammer-registrations-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-spammer-registrations-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-spammer-registrations-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2022.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-d2259aaa4d4ae5c5473c4b6238d48632.yaml b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-d2259aaa4d4ae5c5473c4b6238d48632.yaml new file mode 100644 index 0000000000..04e9f921f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stop-spammer-registrations-plugin-d2259aaa4d4ae5c5473c4b6238d48632.yaml @@ -0,0 +1,58 @@ +id: stop-spammer-registrations-plugin-d2259aaa4d4ae5c5473c4b6238d48632 + +info: + name: > + Stop Spammers Security | Block Spam Users, Comments, Forms <= 2024.4 - Cross-Site Request Forgery (CSRF) via sfs_process + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1998cadb-2eb3-4819-aa7c-59e4f777c7f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stop-spammer-registrations-plugin/" + google-query: inurl:"/wp-content/plugins/stop-spammer-registrations-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stop-spammer-registrations-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-spammer-registrations-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-spammer-registrations-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2024.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stop-user-enumeration-6c5cd06dc489c66e7f89a876c4054223.yaml b/nuclei-templates/cve-less/plugins/stop-user-enumeration-6c5cd06dc489c66e7f89a876c4054223.yaml new file mode 100644 index 0000000000..c123e35eed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stop-user-enumeration-6c5cd06dc489c66e7f89a876c4054223.yaml @@ -0,0 +1,58 @@ +id: stop-user-enumeration-6c5cd06dc489c66e7f89a876c4054223 + +info: + name: > + Stop User Enumeration <= 1.3.8 - Unauthenticated Username Enumeration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd6cb72-c508-46b1-99fb-cbd6b12b45de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stop-user-enumeration/" + google-query: inurl:"/wp-content/plugins/stop-user-enumeration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stop-user-enumeration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-user-enumeration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-user-enumeration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stop-user-enumeration-6cfb42fd9a90247cd4a309cf7c3fa9cd.yaml b/nuclei-templates/cve-less/plugins/stop-user-enumeration-6cfb42fd9a90247cd4a309cf7c3fa9cd.yaml new file mode 100644 index 0000000000..31d46db3c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stop-user-enumeration-6cfb42fd9a90247cd4a309cf7c3fa9cd.yaml @@ -0,0 +1,58 @@ +id: stop-user-enumeration-6cfb42fd9a90247cd4a309cf7c3fa9cd + +info: + name: > + Stop User Enumeration plugin <1.3.9 - User Enumeration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52da7-ddfb-4c47-b8d2-2e1db6ec3946?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stop-user-enumeration/" + google-query: inurl:"/wp-content/plugins/stop-user-enumeration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stop-user-enumeration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-user-enumeration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-user-enumeration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stop-user-enumeration-bdfa460006d70b85bf4366e301016193.yaml b/nuclei-templates/cve-less/plugins/stop-user-enumeration-bdfa460006d70b85bf4366e301016193.yaml new file mode 100644 index 0000000000..f7243fca1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stop-user-enumeration-bdfa460006d70b85bf4366e301016193.yaml @@ -0,0 +1,58 @@ +id: stop-user-enumeration-bdfa460006d70b85bf4366e301016193 + +info: + name: > + Stop User Enumeration <= 1.3.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6db5e9f-9b3b-44c9-a6d9-78df3ed3b1fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stop-user-enumeration/" + google-query: inurl:"/wp-content/plugins/stop-user-enumeration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stop-user-enumeration,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stop-user-enumeration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stop-user-enumeration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stopbadbots-24b1f52e6cf57fe2a2edbecda487edee.yaml b/nuclei-templates/cve-less/plugins/stopbadbots-24b1f52e6cf57fe2a2edbecda487edee.yaml new file mode 100644 index 0000000000..1e1eb8ba03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stopbadbots-24b1f52e6cf57fe2a2edbecda487edee.yaml @@ -0,0 +1,58 @@ +id: stopbadbots-24b1f52e6cf57fe2a2edbecda487edee + +info: + name: > + StopBadBots <= 7.23 - Missing Authorization to Arbitrary Plugin Installation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/759f5687-4ff1-4b8d-a5e7-3fb409fc2ba0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stopbadbots/" + google-query: inurl:"/wp-content/plugins/stopbadbots/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stopbadbots,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stopbadbots/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stopbadbots" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stopbadbots-2f682fb3b99f66abb1a193957df1d1e6.yaml b/nuclei-templates/cve-less/plugins/stopbadbots-2f682fb3b99f66abb1a193957df1d1e6.yaml new file mode 100644 index 0000000000..6693d4e8bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stopbadbots-2f682fb3b99f66abb1a193957df1d1e6.yaml @@ -0,0 +1,58 @@ +id: stopbadbots-2f682fb3b99f66abb1a193957df1d1e6 + +info: + name: > + WP Block and Stop Bad Bots <= 6.88 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64eb4bfe-09b4-43c7-9d7e-f14fc5edf3c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stopbadbots/" + google-query: inurl:"/wp-content/plugins/stopbadbots/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stopbadbots,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stopbadbots/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stopbadbots" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.88') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stopbadbots-3415fa1c70f4a284c1c590e2a6e45217.yaml b/nuclei-templates/cve-less/plugins/stopbadbots-3415fa1c70f4a284c1c590e2a6e45217.yaml new file mode 100644 index 0000000000..ec34f0b9d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stopbadbots-3415fa1c70f4a284c1c590e2a6e45217.yaml @@ -0,0 +1,58 @@ +id: stopbadbots-3415fa1c70f4a284c1c590e2a6e45217 + +info: + name: > + WP Block and Stop Bad Bots <= 6.92 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b27995b1-3321-4997-8a25-80c9488b8405?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stopbadbots/" + google-query: inurl:"/wp-content/plugins/stopbadbots/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stopbadbots,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stopbadbots/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stopbadbots" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.930') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stopbadbots-a56a10763fef9c6c1ee5edbd42a68314.yaml b/nuclei-templates/cve-less/plugins/stopbadbots-a56a10763fef9c6c1ee5edbd42a68314.yaml new file mode 100644 index 0000000000..26d3713366 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stopbadbots-a56a10763fef9c6c1ee5edbd42a68314.yaml @@ -0,0 +1,58 @@ +id: stopbadbots-a56a10763fef9c6c1ee5edbd42a68314 + +info: + name: > + WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.60 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3758f06-2b69-458f-a7c8-f604f0fbda31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stopbadbots/" + google-query: inurl:"/wp-content/plugins/stopbadbots/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stopbadbots,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stopbadbots/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stopbadbots" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.60') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stopbadbots-c37f8531d687078be9fa5b927c4c16c4.yaml b/nuclei-templates/cve-less/plugins/stopbadbots-c37f8531d687078be9fa5b927c4c16c4.yaml new file mode 100644 index 0000000000..cf526aeefa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stopbadbots-c37f8531d687078be9fa5b927c4c16c4.yaml @@ -0,0 +1,58 @@ +id: stopbadbots-c37f8531d687078be9fa5b927c4c16c4 + +info: + name: > + WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots < 6.67 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1634f86-21c0-4b9a-b521-c6b9986f91fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stopbadbots/" + google-query: inurl:"/wp-content/plugins/stopbadbots/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stopbadbots,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stopbadbots/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stopbadbots" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stopbadbots-cfab52d3443d4e82a03b0d2f0889ab4f.yaml b/nuclei-templates/cve-less/plugins/stopbadbots-cfab52d3443d4e82a03b0d2f0889ab4f.yaml new file mode 100644 index 0000000000..381db3e440 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stopbadbots-cfab52d3443d4e82a03b0d2f0889ab4f.yaml @@ -0,0 +1,58 @@ +id: stopbadbots-cfab52d3443d4e82a03b0d2f0889ab4f + +info: + name: > + StopBadBots <= 7.31 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38e536a5-b538-498c-b19d-adda36f76164?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stopbadbots/" + google-query: inurl:"/wp-content/plugins/stopbadbots/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stopbadbots,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stopbadbots/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stopbadbots" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stops-core-theme-and-plugin-updates-aa4cd28c9af95c0e13ddc060c836b2b0.yaml b/nuclei-templates/cve-less/plugins/stops-core-theme-and-plugin-updates-aa4cd28c9af95c0e13ddc060c836b2b0.yaml new file mode 100644 index 0000000000..b3db42040d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stops-core-theme-and-plugin-updates-aa4cd28c9af95c0e13ddc060c836b2b0.yaml @@ -0,0 +1,58 @@ +id: stops-core-theme-and-plugin-updates-aa4cd28c9af95c0e13ddc060c836b2b0 + +info: + name: > + Stops Core Theme And Plugin Updates <= 8.0.4 - Insufficient Restrictions on Option Changes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a9feacb-ef9c-40d4-abdb-a3fcfd529901?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stops-core-theme-and-plugin-updates/" + google-query: inurl:"/wp-content/plugins/stops-core-theme-and-plugin-updates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stops-core-theme-and-plugin-updates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stops-core-theme-and-plugin-updates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stops-core-theme-and-plugin-updates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/store-locator-118f160a8ab578043e1b061d32f15698.yaml b/nuclei-templates/cve-less/plugins/store-locator-118f160a8ab578043e1b061d32f15698.yaml new file mode 100644 index 0000000000..eacdc71733 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/store-locator-118f160a8ab578043e1b061d32f15698.yaml @@ -0,0 +1,58 @@ +id: store-locator-118f160a8ab578043e1b061d32f15698 + +info: + name: > + Store Locator <= 3.98.7 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98ae3315-8361-43bb-be2c-1564f4df8d5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/store-locator/" + google-query: inurl:"/wp-content/plugins/store-locator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,store-locator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/store-locator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "store-locator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.98.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/store-locator-ff474dfbe600046b3769ad9ddb54c011.yaml b/nuclei-templates/cve-less/plugins/store-locator-ff474dfbe600046b3769ad9ddb54c011.yaml new file mode 100644 index 0000000000..74e4f5a028 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/store-locator-ff474dfbe600046b3769ad9ddb54c011.yaml @@ -0,0 +1,58 @@ +id: store-locator-ff474dfbe600046b3769ad9ddb54c011 + +info: + name: > + Store Locator 2.3 - 3.11 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51424768-27c7-40b2-8d1c-838c419add8a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/store-locator/" + google-query: inurl:"/wp-content/plugins/store-locator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,store-locator,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/store-locator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "store-locator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/store-locator-le-41bea91ce3336d6adb86e1ea410b9aef.yaml b/nuclei-templates/cve-less/plugins/store-locator-le-41bea91ce3336d6adb86e1ea410b9aef.yaml new file mode 100644 index 0000000000..3d83cbc9f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/store-locator-le-41bea91ce3336d6adb86e1ea410b9aef.yaml @@ -0,0 +1,58 @@ +id: store-locator-le-41bea91ce3336d6adb86e1ea410b9aef + +info: + name: > + Store Locator Plus <= 5.12.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc7b19c7-a850-4783-9f8b-e338e03998eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/store-locator-le/" + google-query: inurl:"/wp-content/plugins/store-locator-le/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,store-locator-le,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/store-locator-le/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "store-locator-le" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.12.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/store-locator-le-e2053d18b4d79ba0e416f265a7be2f35.yaml b/nuclei-templates/cve-less/plugins/store-locator-le-e2053d18b4d79ba0e416f265a7be2f35.yaml new file mode 100644 index 0000000000..928816c186 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/store-locator-le-e2053d18b4d79ba0e416f265a7be2f35.yaml @@ -0,0 +1,58 @@ +id: store-locator-le-e2053d18b4d79ba0e416f265a7be2f35 + +info: + name: > + Store Locator Plus <= 5.5.15 - Authenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68c1776e-8e29-4eea-87d0-cf7318a64f7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/store-locator-le/" + google-query: inurl:"/wp-content/plugins/store-locator-le/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,store-locator-le,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/store-locator-le/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "store-locator-le" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/storefront-footer-text-dcf3d519c235997890c41f1336f203e6.yaml b/nuclei-templates/cve-less/plugins/storefront-footer-text-dcf3d519c235997890c41f1336f203e6.yaml new file mode 100644 index 0000000000..296ee93569 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/storefront-footer-text-dcf3d519c235997890c41f1336f203e6.yaml @@ -0,0 +1,58 @@ +id: storefront-footer-text-dcf3d519c235997890c41f1336f203e6 + +info: + name: > + Storefront Footer Text <= 1.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a66c2e1e-fd59-424b-bd11-0991a5c32dce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/storefront-footer-text/" + google-query: inurl:"/wp-content/plugins/storefront-footer-text/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,storefront-footer-text,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/storefront-footer-text/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "storefront-footer-text" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stout-google-calendar-f561113c4b166210ffa84b58619b347d.yaml b/nuclei-templates/cve-less/plugins/stout-google-calendar-f561113c4b166210ffa84b58619b347d.yaml new file mode 100644 index 0000000000..e1727fa1b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stout-google-calendar-f561113c4b166210ffa84b58619b347d.yaml @@ -0,0 +1,58 @@ +id: stout-google-calendar-f561113c4b166210ffa84b58619b347d + +info: + name: > + Stout Google Calendar <= 1.2.3 - Cross-Site Request Forgery via sgc_plugin_options + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33efcbb4-2bb9-4414-bc95-55bedb92c551?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stout-google-calendar/" + google-query: inurl:"/wp-content/plugins/stout-google-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stout-google-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stout-google-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stout-google-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stratum-b90da7474429ff0560b494c992f7386d.yaml b/nuclei-templates/cve-less/plugins/stratum-b90da7474429ff0560b494c992f7386d.yaml new file mode 100644 index 0000000000..33d525ea9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stratum-b90da7474429ff0560b494c992f7386d.yaml @@ -0,0 +1,58 @@ +id: stratum-b90da7474429ff0560b494c992f7386d + +info: + name: > + Stratum <= 1.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9dbc1f95-0f21-4a37-b1f7-eba03f29f021?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stratum/" + google-query: inurl:"/wp-content/plugins/stratum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stratum,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stratum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stratum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stream-04699771b766f0fc714834ca199fc5ab.yaml b/nuclei-templates/cve-less/plugins/stream-04699771b766f0fc714834ca199fc5ab.yaml new file mode 100644 index 0000000000..a8b94ad690 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stream-04699771b766f0fc714834ca199fc5ab.yaml @@ -0,0 +1,58 @@ +id: stream-04699771b766f0fc714834ca199fc5ab + +info: + name: > + Stream <= 3.9.2 - Missing Authorization via load_alerts_settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d58e4317-8ad5-40d5-98b8-f8f07ab37e1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stream/" + google-query: inurl:"/wp-content/plugins/stream/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stream,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stream/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stream" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stream-4203dc94ef5199d201031e3f384724b9.yaml b/nuclei-templates/cve-less/plugins/stream-4203dc94ef5199d201031e3f384724b9.yaml new file mode 100644 index 0000000000..d5aaec511d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stream-4203dc94ef5199d201031e3f384724b9.yaml @@ -0,0 +1,58 @@ +id: stream-4203dc94ef5199d201031e3f384724b9 + +info: + name: > + Stream <= 3.9.1 - Missing Authorization to Sensitive Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67f81b8a-ef0a-4b6d-a1ee-3e19bda6fd96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stream/" + google-query: inurl:"/wp-content/plugins/stream/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stream,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stream/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stream" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stream-439ba91c06350a9c8bb984e5dff1a4a4.yaml b/nuclei-templates/cve-less/plugins/stream-439ba91c06350a9c8bb984e5dff1a4a4.yaml new file mode 100644 index 0000000000..68be61108a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stream-439ba91c06350a9c8bb984e5dff1a4a4.yaml @@ -0,0 +1,58 @@ +id: stream-439ba91c06350a9c8bb984e5dff1a4a4 + +info: + name: > + Stream <= 3.8.1 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26926973-36b7-4ad2-8267-2de4749159ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stream/" + google-query: inurl:"/wp-content/plugins/stream/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stream,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stream/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stream" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stream-e2fa9b7a2ac83dce50f44abd024d6931.yaml b/nuclei-templates/cve-less/plugins/stream-e2fa9b7a2ac83dce50f44abd024d6931.yaml new file mode 100644 index 0000000000..295039bf1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stream-e2fa9b7a2ac83dce50f44abd024d6931.yaml @@ -0,0 +1,58 @@ +id: stream-e2fa9b7a2ac83dce50f44abd024d6931 + +info: + name: > + Stream <= 3.9.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7203b5c-5753-453c-8fc2-26fcebdeea5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stream/" + google-query: inurl:"/wp-content/plugins/stream/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stream,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stream/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stream" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stream-video-player-a61b4c2ab615ad0f80b5138981abe8ce.yaml b/nuclei-templates/cve-less/plugins/stream-video-player-a61b4c2ab615ad0f80b5138981abe8ce.yaml new file mode 100644 index 0000000000..d42ff46fa2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stream-video-player-a61b4c2ab615ad0f80b5138981abe8ce.yaml @@ -0,0 +1,58 @@ +id: stream-video-player-a61b4c2ab615ad0f80b5138981abe8ce + +info: + name: > + Stream Video Player <= 1.4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bae06fa8-546c-4daf-8335-a5e24f6704d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stream-video-player/" + google-query: inurl:"/wp-content/plugins/stream-video-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stream-video-player,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stream-video-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stream-video-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/streamcast-fe66522b1a62142749b36d39c6b2760b.yaml b/nuclei-templates/cve-less/plugins/streamcast-fe66522b1a62142749b36d39c6b2760b.yaml new file mode 100644 index 0000000000..56361cb725 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/streamcast-fe66522b1a62142749b36d39c6b2760b.yaml @@ -0,0 +1,58 @@ +id: streamcast-fe66522b1a62142749b36d39c6b2760b + +info: + name: > + StreamCast – Radio Player for WordPress <= 2.1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e7b29aa-9dff-420b-8f3e-2beca0b19593?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/streamcast/" + google-query: inurl:"/wp-content/plugins/streamcast/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,streamcast,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/streamcast/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "streamcast" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/streamweasels-twitch-integration-0fc7500c1842d66d6981f5c71273cba4.yaml b/nuclei-templates/cve-less/plugins/streamweasels-twitch-integration-0fc7500c1842d66d6981f5c71273cba4.yaml new file mode 100644 index 0000000000..0d98a81635 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/streamweasels-twitch-integration-0fc7500c1842d66d6981f5c71273cba4.yaml @@ -0,0 +1,58 @@ +id: streamweasels-twitch-integration-0fc7500c1842d66d6981f5c71273cba4 + +info: + name: > + StreamWeasels Twitch Integration <= 1.7.8 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d7b3f2a-0a82-4cd4-96a9-2b1257d7b13c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/streamweasels-twitch-integration/" + google-query: inurl:"/wp-content/plugins/streamweasels-twitch-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,streamweasels-twitch-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/streamweasels-twitch-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "streamweasels-twitch-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/streamweasels-twitch-integration-2d2a726dfea1c83cf2d93df104a8c8d5.yaml b/nuclei-templates/cve-less/plugins/streamweasels-twitch-integration-2d2a726dfea1c83cf2d93df104a8c8d5.yaml new file mode 100644 index 0000000000..f8845fa679 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/streamweasels-twitch-integration-2d2a726dfea1c83cf2d93df104a8c8d5.yaml @@ -0,0 +1,58 @@ +id: streamweasels-twitch-integration-2d2a726dfea1c83cf2d93df104a8c8d5 + +info: + name: > + StreamWeasels Twitch Integration <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3dd66c4f-46f8-46d2-b424-beb6ecc69675?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/streamweasels-twitch-integration/" + google-query: inurl:"/wp-content/plugins/streamweasels-twitch-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,streamweasels-twitch-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/streamweasels-twitch-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "streamweasels-twitch-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/string-locator-2d86b7b96a584b0abcc7bac3e11b4cae.yaml b/nuclei-templates/cve-less/plugins/string-locator-2d86b7b96a584b0abcc7bac3e11b4cae.yaml new file mode 100644 index 0000000000..5698c4106b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/string-locator-2d86b7b96a584b0abcc7bac3e11b4cae.yaml @@ -0,0 +1,58 @@ +id: string-locator-2d86b7b96a584b0abcc7bac3e11b4cae + +info: + name: > + String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10a36e37-4188-403f-9b17-d7e79b8b8a6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/string-locator/" + google-query: inurl:"/wp-content/plugins/string-locator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,string-locator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/string-locator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "string-locator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/string-locator-54ef8279e490c1378421576f13667db9.yaml b/nuclei-templates/cve-less/plugins/string-locator-54ef8279e490c1378421576f13667db9.yaml new file mode 100644 index 0000000000..6e2dcf7745 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/string-locator-54ef8279e490c1378421576f13667db9.yaml @@ -0,0 +1,58 @@ +id: string-locator-54ef8279e490c1378421576f13667db9 + +info: + name: > + String Locator <= 2.4.2 - Authenticated Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb3859eb-5a1f-408c-84aa-acfc68bd0bb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/string-locator/" + google-query: inurl:"/wp-content/plugins/string-locator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,string-locator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/string-locator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "string-locator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stripe-for-woocommerce-47381a600b8cc2173f5be6a0287dc5d1.yaml b/nuclei-templates/cve-less/plugins/stripe-for-woocommerce-47381a600b8cc2173f5be6a0287dc5d1.yaml new file mode 100644 index 0000000000..78ac3d16cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stripe-for-woocommerce-47381a600b8cc2173f5be6a0287dc5d1.yaml @@ -0,0 +1,58 @@ +id: stripe-for-woocommerce-47381a600b8cc2173f5be6a0287dc5d1 + +info: + name: > + Stripe for WooCommerce 3.0.0 - 3.3.9 - Missing Authorization Controls to Financial Account Hijacking + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f706c15-56c8-4eb4-9790-b394d37b0e33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stripe-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/stripe-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stripe-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stripe-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stripe-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stripe-gateway-d9184aea5b0340682c329de3d4d22fd3.yaml b/nuclei-templates/cve-less/plugins/stripe-gateway-d9184aea5b0340682c329de3d4d22fd3.yaml new file mode 100644 index 0000000000..9eea2db94d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stripe-gateway-d9184aea5b0340682c329de3d4d22fd3.yaml @@ -0,0 +1,58 @@ +id: stripe-gateway-d9184aea5b0340682c329de3d4d22fd3 + +info: + name: > + Easy Digital Downloads Stripe Extension <= 2.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4007814b-7e01-4188-8a42-9564444af95f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stripe-gateway/" + google-query: inurl:"/wp-content/plugins/stripe-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stripe-gateway,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stripe-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stripe-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stripe-payments-560fba5c90dc74d38384277269b51dae.yaml b/nuclei-templates/cve-less/plugins/stripe-payments-560fba5c90dc74d38384277269b51dae.yaml new file mode 100644 index 0000000000..58491f07e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stripe-payments-560fba5c90dc74d38384277269b51dae.yaml @@ -0,0 +1,58 @@ +id: stripe-payments-560fba5c90dc74d38384277269b51dae + +info: + name: > + Accept Stripe Payments <= 2.0.63 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82fb1ea4-12cc-4c8c-b51e-cf878a791d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stripe-payments/" + google-query: inurl:"/wp-content/plugins/stripe-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stripe-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stripe-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stripe-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.63') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stripe-payments-5bf985e952afe6aa546a83aa3289787b.yaml b/nuclei-templates/cve-less/plugins/stripe-payments-5bf985e952afe6aa546a83aa3289787b.yaml new file mode 100644 index 0000000000..04763b7fd5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stripe-payments-5bf985e952afe6aa546a83aa3289787b.yaml @@ -0,0 +1,58 @@ +id: stripe-payments-5bf985e952afe6aa546a83aa3289787b + +info: + name: > + Accept Stripe Payments <= 2.0.79 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44d14692-d90a-45f9-afb4-0666ce4b3397?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stripe-payments/" + google-query: inurl:"/wp-content/plugins/stripe-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stripe-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stripe-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stripe-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.79') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stripe-payments-d255a7962cab4ed87609083cbd5373c3.yaml b/nuclei-templates/cve-less/plugins/stripe-payments-d255a7962cab4ed87609083cbd5373c3.yaml new file mode 100644 index 0000000000..fec0a80274 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stripe-payments-d255a7962cab4ed87609083cbd5373c3.yaml @@ -0,0 +1,58 @@ +id: stripe-payments-d255a7962cab4ed87609083cbd5373c3 + +info: + name: > + Accept Stripe Payments <= 2.0.79 - Unauthenticated Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f499d5e-eb27-4611-af27-ac9fd6a9f044?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stripe-payments/" + google-query: inurl:"/wp-content/plugins/stripe-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stripe-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stripe-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stripe-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.79') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stripshow-c6f782f9040ea9a039305ec1ed2ddafa.yaml b/nuclei-templates/cve-less/plugins/stripshow-c6f782f9040ea9a039305ec1ed2ddafa.yaml new file mode 100644 index 0000000000..07f8d34073 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stripshow-c6f782f9040ea9a039305ec1ed2ddafa.yaml @@ -0,0 +1,58 @@ +id: stripshow-c6f782f9040ea9a039305ec1ed2ddafa + +info: + name: > + stripShow Plugin <= 2.5.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4624c43b-6c5f-48c5-bfe4-26ec6d7de418?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stripshow/" + google-query: inurl:"/wp-content/plugins/stripshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stripshow,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stripshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stripshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/strong-testimonials-30299c84e4a810a5d91c885ccad19e9f.yaml b/nuclei-templates/cve-less/plugins/strong-testimonials-30299c84e4a810a5d91c885ccad19e9f.yaml new file mode 100644 index 0000000000..7343d512ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/strong-testimonials-30299c84e4a810a5d91c885ccad19e9f.yaml @@ -0,0 +1,58 @@ +id: strong-testimonials-30299c84e4a810a5d91c885ccad19e9f + +info: + name: > + Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1c97b99-ca39-45de-8df9-312ba1573e8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/strong-testimonials/" + google-query: inurl:"/wp-content/plugins/strong-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,strong-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/strong-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "strong-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/strong-testimonials-4c7136348e958aecb57a2e8c3842e1af.yaml b/nuclei-templates/cve-less/plugins/strong-testimonials-4c7136348e958aecb57a2e8c3842e1af.yaml new file mode 100644 index 0000000000..d42acc2a29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/strong-testimonials-4c7136348e958aecb57a2e8c3842e1af.yaml @@ -0,0 +1,58 @@ +id: strong-testimonials-4c7136348e958aecb57a2e8c3842e1af + +info: + name: > + Strong Testimonials <= 3.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd38d97d-db93-42ed-9d52-f70641fba442?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/strong-testimonials/" + google-query: inurl:"/wp-content/plugins/strong-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,strong-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/strong-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "strong-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/strong-testimonials-4e10d6d81d87afd9b8cf214ddcd496ad.yaml b/nuclei-templates/cve-less/plugins/strong-testimonials-4e10d6d81d87afd9b8cf214ddcd496ad.yaml new file mode 100644 index 0000000000..d9fcd9ad7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/strong-testimonials-4e10d6d81d87afd9b8cf214ddcd496ad.yaml @@ -0,0 +1,58 @@ +id: strong-testimonials-4e10d6d81d87afd9b8cf214ddcd496ad + +info: + name: > + Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/454091ac-8765-4bda-ac6e-69537b43f9a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/strong-testimonials/" + google-query: inurl:"/wp-content/plugins/strong-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,strong-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/strong-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "strong-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/strong-testimonials-75b8a5222fb6f26aa91b12f6a779084a.yaml b/nuclei-templates/cve-less/plugins/strong-testimonials-75b8a5222fb6f26aa91b12f6a779084a.yaml new file mode 100644 index 0000000000..a8d5f6bdba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/strong-testimonials-75b8a5222fb6f26aa91b12f6a779084a.yaml @@ -0,0 +1,58 @@ +id: strong-testimonials-75b8a5222fb6f26aa91b12f6a779084a + +info: + name: > + Strong Testimonials <= 2.40.0 - Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9832c598-aa12-4a98-8e0f-643ecbe75839?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/strong-testimonials/" + google-query: inurl:"/wp-content/plugins/strong-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,strong-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/strong-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "strong-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.40.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/strong-testimonials-9789112c0d34ac6cf02fb911bdea5e63.yaml b/nuclei-templates/cve-less/plugins/strong-testimonials-9789112c0d34ac6cf02fb911bdea5e63.yaml new file mode 100644 index 0000000000..bdef6fbd2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/strong-testimonials-9789112c0d34ac6cf02fb911bdea5e63.yaml @@ -0,0 +1,58 @@ +id: strong-testimonials-9789112c0d34ac6cf02fb911bdea5e63 + +info: + name: > + Strong Testimonials <= 3.1.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0ccdc0d-7c38-4dd3-be39-2359d63b2b6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/strong-testimonials/" + google-query: inurl:"/wp-content/plugins/strong-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,strong-testimonials,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/strong-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "strong-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/structured-content-8afca71d6fa766e9a24060d9214388e1.yaml b/nuclei-templates/cve-less/plugins/structured-content-8afca71d6fa766e9a24060d9214388e1.yaml new file mode 100644 index 0000000000..e2437fa1a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/structured-content-8afca71d6fa766e9a24060d9214388e1.yaml @@ -0,0 +1,58 @@ +id: structured-content-8afca71d6fa766e9a24060d9214388e1 + +info: + name: > + Structured Content <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7943c21b-dfc3-4f31-a636-0a1a745628bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/structured-content/" + google-query: inurl:"/wp-content/plugins/structured-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,structured-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/structured-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "structured-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/structured-content-b00e5b46c74081e9862bff90f3aaef92.yaml b/nuclei-templates/cve-less/plugins/structured-content-b00e5b46c74081e9862bff90f3aaef92.yaml new file mode 100644 index 0000000000..5ca0daa8c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/structured-content-b00e5b46c74081e9862bff90f3aaef92.yaml @@ -0,0 +1,58 @@ +id: structured-content-b00e5b46c74081e9862bff90f3aaef92 + +info: + name: > + Structured Content <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Classic Editor Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a013106b-4e2a-4dd9-a0ab-7e6c91e715dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/structured-content/" + google-query: inurl:"/wp-content/plugins/structured-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,structured-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/structured-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "structured-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/structured-content-b240c0fd3b8e35e0e7b7374ee39360eb.yaml b/nuclei-templates/cve-less/plugins/structured-content-b240c0fd3b8e35e0e7b7374ee39360eb.yaml new file mode 100644 index 0000000000..4a6e195501 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/structured-content-b240c0fd3b8e35e0e7b7374ee39360eb.yaml @@ -0,0 +1,58 @@ +id: structured-content-b240c0fd3b8e35e0e7b7374ee39360eb + +info: + name: > + Structured Content <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e44ad307-2663-4613-ae53-9ef6208f08f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/structured-content/" + google-query: inurl:"/wp-content/plugins/structured-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,structured-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/structured-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "structured-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/structured-content-bb8100b665f7be766e2f2566af0a9770.yaml b/nuclei-templates/cve-less/plugins/structured-content-bb8100b665f7be766e2f2566af0a9770.yaml new file mode 100644 index 0000000000..3e8105ffd0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/structured-content-bb8100b665f7be766e2f2566af0a9770.yaml @@ -0,0 +1,58 @@ +id: structured-content-bb8100b665f7be766e2f2566af0a9770 + +info: + name: > + Structured Content <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b25252b-fad3-4212-be72-94e94779ef67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/structured-content/" + google-query: inurl:"/wp-content/plugins/structured-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,structured-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/structured-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "structured-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/style-it-d99f0f471a2dd63c73902853b59daf4d.yaml b/nuclei-templates/cve-less/plugins/style-it-d99f0f471a2dd63c73902853b59daf4d.yaml new file mode 100644 index 0000000000..394b72e1f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/style-it-d99f0f471a2dd63c73902853b59daf4d.yaml @@ -0,0 +1,58 @@ +id: style-it-d99f0f471a2dd63c73902853b59daf4d + +info: + name: > + Style It <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcecd7bb-85cc-406e-9fd8-e671b327dc13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/style-it/" + google-query: inurl:"/wp-content/plugins/style-it/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,style-it,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/style-it/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "style-it" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/styles-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/styles-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..d3aafcd4b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/styles-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: styles-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/styles/" + google-query: inurl:"/wp-content/plugins/styles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,styles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/styles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "styles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stylish-cost-calculator-17f69747f5418f0c498184d7a40cd5d8.yaml b/nuclei-templates/cve-less/plugins/stylish-cost-calculator-17f69747f5418f0c498184d7a40cd5d8.yaml new file mode 100644 index 0000000000..c870ca45ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stylish-cost-calculator-17f69747f5418f0c498184d7a40cd5d8.yaml @@ -0,0 +1,58 @@ +id: stylish-cost-calculator-17f69747f5418f0c498184d7a40cd5d8 + +info: + name: > + Stylish Cost Calculator <= 7.0.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30e89955-9f2b-42e4-a7cf-558edd2e736c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stylish-cost-calculator/" + google-query: inurl:"/wp-content/plugins/stylish-cost-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stylish-cost-calculator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stylish-cost-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stylish-cost-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stylish-cost-calculator-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/stylish-cost-calculator-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..4d6afa0843 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stylish-cost-calculator-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: stylish-cost-calculator-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stylish-cost-calculator/" + google-query: inurl:"/wp-content/plugins/stylish-cost-calculator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stylish-cost-calculator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stylish-cost-calculator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stylish-cost-calculator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stylish-cost-calculator-premium-7a44d61ebaa3b700401c1ffe420cd8f6.yaml b/nuclei-templates/cve-less/plugins/stylish-cost-calculator-premium-7a44d61ebaa3b700401c1ffe420cd8f6.yaml new file mode 100644 index 0000000000..eefc7a100c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stylish-cost-calculator-premium-7a44d61ebaa3b700401c1ffe420cd8f6.yaml @@ -0,0 +1,58 @@ +id: stylish-cost-calculator-premium-7a44d61ebaa3b700401c1ffe420cd8f6 + +info: + name: > + Stylish Cost Calculator < 7.9.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b7cc660-b430-4b0f-b2d1-68ba458de8a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stylish-cost-calculator-premium/" + google-query: inurl:"/wp-content/plugins/stylish-cost-calculator-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stylish-cost-calculator-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stylish-cost-calculator-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stylish-cost-calculator-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stylish-price-list-1162e5c3375a29dda16c38290874b6a7.yaml b/nuclei-templates/cve-less/plugins/stylish-price-list-1162e5c3375a29dda16c38290874b6a7.yaml new file mode 100644 index 0000000000..ca334b0f78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stylish-price-list-1162e5c3375a29dda16c38290874b6a7.yaml @@ -0,0 +1,58 @@ +id: stylish-price-list-1162e5c3375a29dda16c38290874b6a7 + +info: + name: > + Stylish Price List <= 7.0.17 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d9cea4e-b619-4935-bb7c-a64ddf52d480?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stylish-price-list/" + google-query: inurl:"/wp-content/plugins/stylish-price-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stylish-price-list,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stylish-price-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stylish-price-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stylish-price-list-bcf6a8a116341bcac1e69fe2f154a5e2.yaml b/nuclei-templates/cve-less/plugins/stylish-price-list-bcf6a8a116341bcac1e69fe2f154a5e2.yaml new file mode 100644 index 0000000000..bde022a12a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stylish-price-list-bcf6a8a116341bcac1e69fe2f154a5e2.yaml @@ -0,0 +1,58 @@ +id: stylish-price-list-bcf6a8a116341bcac1e69fe2f154a5e2 + +info: + name: > + Stylish Price List <= 6.9.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37a9b2d0-e27d-4a2c-945a-a06a9b9bd2ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stylish-price-list/" + google-query: inurl:"/wp-content/plugins/stylish-price-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stylish-price-list,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stylish-price-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stylish-price-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stylish-price-list-f10183ed44d63adcd1747764a96c820f.yaml b/nuclei-templates/cve-less/plugins/stylish-price-list-f10183ed44d63adcd1747764a96c820f.yaml new file mode 100644 index 0000000000..57b500ddf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stylish-price-list-f10183ed44d63adcd1747764a96c820f.yaml @@ -0,0 +1,58 @@ +id: stylish-price-list-f10183ed44d63adcd1747764a96c820f + +info: + name: > + Stylish Price List < 6.9.0 - Arbitrary Image Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc1cf03f-265c-4cb5-b32b-8039b9e5da2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stylish-price-list/" + google-query: inurl:"/wp-content/plugins/stylish-price-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stylish-price-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stylish-price-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stylish-price-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/stylist-b62755f81eca9dc431fe91f1c1c5e844.yaml b/nuclei-templates/cve-less/plugins/stylist-b62755f81eca9dc431fe91f1c1c5e844.yaml new file mode 100644 index 0000000000..8272b268b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/stylist-b62755f81eca9dc431fe91f1c1c5e844.yaml @@ -0,0 +1,58 @@ +id: stylist-b62755f81eca9dc431fe91f1c1c5e844 + +info: + name: > + Extra Block Design, Style, CSS for ANY Gutenberg Blocks <= 0.2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2659d22f-3b54-4268-8618-b0c685278f6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/stylist/" + google-query: inurl:"/wp-content/plugins/stylist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,stylist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/stylist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "stylist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sublanguage-80e328ca936017b96ab31fe4d42f9f3e.yaml b/nuclei-templates/cve-less/plugins/sublanguage-80e328ca936017b96ab31fe4d42f9f3e.yaml new file mode 100644 index 0000000000..3e4afbd0be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sublanguage-80e328ca936017b96ab31fe4d42f9f3e.yaml @@ -0,0 +1,58 @@ +id: sublanguage-80e328ca936017b96ab31fe4d42f9f3e + +info: + name: > + Sublanguage <= 2.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50726c57-8d42-4143-9e75-d30513d8d0e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sublanguage/" + google-query: inurl:"/wp-content/plugins/sublanguage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sublanguage,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sublanguage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sublanguage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe-sidebar-783f6ed85330c62d6c5fe672e0ec559c.yaml b/nuclei-templates/cve-less/plugins/subscribe-sidebar-783f6ed85330c62d6c5fe672e0ec559c.yaml new file mode 100644 index 0000000000..7c455e2009 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe-sidebar-783f6ed85330c62d6c5fe672e0ec559c.yaml @@ -0,0 +1,58 @@ +id: subscribe-sidebar-783f6ed85330c62d6c5fe672e0ec559c + +info: + name: > + Subscribe Sidebar plugin by Blubrry <= 1.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b403b1f3-cc04-48fb-b2ae-c6c234fad29f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe-sidebar/" + google-query: inurl:"/wp-content/plugins/subscribe-sidebar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe-sidebar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe-sidebar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe-sidebar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe-to-category-75e4710b6f6d108c91a0d10797676b5b.yaml b/nuclei-templates/cve-less/plugins/subscribe-to-category-75e4710b6f6d108c91a0d10797676b5b.yaml new file mode 100644 index 0000000000..0e15248bbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe-to-category-75e4710b6f6d108c91a0d10797676b5b.yaml @@ -0,0 +1,58 @@ +id: subscribe-to-category-75e4710b6f6d108c91a0d10797676b5b + +info: + name: > + Subscribe to Category <= 2.7.4 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fae8440-ce36-45ba-bed2-af30162e4c1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe-to-category/" + google-query: inurl:"/wp-content/plugins/subscribe-to-category/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe-to-category,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe-to-category/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe-to-category" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe-to-category-f8057967039523304998e4a1e27c496f.yaml b/nuclei-templates/cve-less/plugins/subscribe-to-category-f8057967039523304998e4a1e27c496f.yaml new file mode 100644 index 0000000000..22261a455a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe-to-category-f8057967039523304998e4a1e27c496f.yaml @@ -0,0 +1,58 @@ +id: subscribe-to-category-f8057967039523304998e4a1e27c496f + +info: + name: > + Subscribe to Category <= 2.7.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f040d5b9-0db2-467b-91fa-98aede9f7280?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe-to-category/" + google-query: inurl:"/wp-content/plugins/subscribe-to-category/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe-to-category,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe-to-category/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe-to-category" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe-to-comments-f75bd794bdf0bce00fb43494bf16c7f1.yaml b/nuclei-templates/cve-less/plugins/subscribe-to-comments-f75bd794bdf0bce00fb43494bf16c7f1.yaml new file mode 100644 index 0000000000..5440af9737 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe-to-comments-f75bd794bdf0bce00fb43494bf16c7f1.yaml @@ -0,0 +1,58 @@ +id: subscribe-to-comments-f75bd794bdf0bce00fb43494bf16c7f1 + +info: + name: > + Subscribe to Comments <= 2.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81b76824-8099-433d-88e3-c05df9434fd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe-to-comments/" + google-query: inurl:"/wp-content/plugins/subscribe-to-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe-to-comments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe-to-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe-to-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe-to-comments-reloaded-15bbee0302a2c0acdbacef494a071dae.yaml b/nuclei-templates/cve-less/plugins/subscribe-to-comments-reloaded-15bbee0302a2c0acdbacef494a071dae.yaml new file mode 100644 index 0000000000..ad727decf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe-to-comments-reloaded-15bbee0302a2c0acdbacef494a071dae.yaml @@ -0,0 +1,58 @@ +id: subscribe-to-comments-reloaded-15bbee0302a2c0acdbacef494a071dae + +info: + name: > + Subscribe To Comments Reloaded <= 140129 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/014dcf08-1968-4a3f-a772-2248e65dfb07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe-to-comments-reloaded/" + google-query: inurl:"/wp-content/plugins/subscribe-to-comments-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe-to-comments-reloaded,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe-to-comments-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe-to-comments-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 140129') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe-to-comments-reloaded-218762f76a47ddcb2051ebcd055069c7.yaml b/nuclei-templates/cve-less/plugins/subscribe-to-comments-reloaded-218762f76a47ddcb2051ebcd055069c7.yaml new file mode 100644 index 0000000000..2b1ebc86a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe-to-comments-reloaded-218762f76a47ddcb2051ebcd055069c7.yaml @@ -0,0 +1,58 @@ +id: subscribe-to-comments-reloaded-218762f76a47ddcb2051ebcd055069c7 + +info: + name: > + Subscribe To Comments Reloaded <= 211130 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5be2c2e7-f982-410d-a5dc-f3ef976dff02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe-to-comments-reloaded/" + google-query: inurl:"/wp-content/plugins/subscribe-to-comments-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe-to-comments-reloaded,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe-to-comments-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe-to-comments-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 211130') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe-to-comments-reloaded-efa006e93668f7aca40417ac3bc81a16.yaml b/nuclei-templates/cve-less/plugins/subscribe-to-comments-reloaded-efa006e93668f7aca40417ac3bc81a16.yaml new file mode 100644 index 0000000000..94bd8444df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe-to-comments-reloaded-efa006e93668f7aca40417ac3bc81a16.yaml @@ -0,0 +1,58 @@ +id: subscribe-to-comments-reloaded-efa006e93668f7aca40417ac3bc81a16 + +info: + name: > + Subscribe To Comments Reloaded <= 220725 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c64956c3-b6f5-419e-82f3-3c9e90e1d677?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe-to-comments-reloaded/" + google-query: inurl:"/wp-content/plugins/subscribe-to-comments-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe-to-comments-reloaded,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe-to-comments-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe-to-comments-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 220725') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe2-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/subscribe2-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..71b7837544 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe2-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: subscribe2-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe2/" + google-query: inurl:"/wp-content/plugins/subscribe2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe2,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe2-8402c61711992f819817934b35ca7a98.yaml b/nuclei-templates/cve-less/plugins/subscribe2-8402c61711992f819817934b35ca7a98.yaml new file mode 100644 index 0000000000..9456707b83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe2-8402c61711992f819817934b35ca7a98.yaml @@ -0,0 +1,58 @@ +id: subscribe2-8402c61711992f819817934b35ca7a98 + +info: + name: > + Subscribe2 – Form, Email Subscribers & Newsletters <= 10.15 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7202c0f7-cde7-4588-95f4-367d91f2eb67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe2/" + google-query: inurl:"/wp-content/plugins/subscribe2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe2,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 10.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe2-914f38027718514db2df33bcbfa5d9b6.yaml b/nuclei-templates/cve-less/plugins/subscribe2-914f38027718514db2df33bcbfa5d9b6.yaml new file mode 100644 index 0000000000..e28ccb7311 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe2-914f38027718514db2df33bcbfa5d9b6.yaml @@ -0,0 +1,58 @@ +id: subscribe2-914f38027718514db2df33bcbfa5d9b6 + +info: + name: > + Subscribe2 <= 10.37 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e43d6fc-28f1-4208-a529-f264304fe8aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe2/" + google-query: inurl:"/wp-content/plugins/subscribe2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe2,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe2-ac88ac9a4126934ac4e490020952d981.yaml b/nuclei-templates/cve-less/plugins/subscribe2-ac88ac9a4126934ac4e490020952d981.yaml new file mode 100644 index 0000000000..9772d82fc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe2-ac88ac9a4126934ac4e490020952d981.yaml @@ -0,0 +1,58 @@ +id: subscribe2-ac88ac9a4126934ac4e490020952d981 + +info: + name: > + Subscribe2 <= 10.40 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92b4d800-2895-4f7b-8b3b-ee6df75a7908?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe2/" + google-query: inurl:"/wp-content/plugins/subscribe2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe2,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe2-b1c3c2103a95130385060251902a6b08.yaml b/nuclei-templates/cve-less/plugins/subscribe2-b1c3c2103a95130385060251902a6b08.yaml new file mode 100644 index 0000000000..62954e74d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe2-b1c3c2103a95130385060251902a6b08.yaml @@ -0,0 +1,58 @@ +id: subscribe2-b1c3c2103a95130385060251902a6b08 + +info: + name: > + Subscribe2 <= 10.40 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c34ce601-5cf9-433f-bc9d-5c705eba6b08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe2/" + google-query: inurl:"/wp-content/plugins/subscribe2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe2,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribe2-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/subscribe2-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..c0799c81f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribe2-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: subscribe2-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribe2/" + google-query: inurl:"/wp-content/plugins/subscribe2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribe2,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribe2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribe2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscriber-6e4e8347273d5c0e2b6b13d913498882.yaml b/nuclei-templates/cve-less/plugins/subscriber-6e4e8347273d5c0e2b6b13d913498882.yaml new file mode 100644 index 0000000000..e3522ca82d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscriber-6e4e8347273d5c0e2b6b13d913498882.yaml @@ -0,0 +1,58 @@ +id: subscriber-6e4e8347273d5c0e2b6b13d913498882 + +info: + name: > + Subscriber by BestWebSoft <= 1.3.4 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77440d6e-b660-433b-9953-c1f92644302e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscriber/" + google-query: inurl:"/wp-content/plugins/subscriber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscriber,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscriber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscriber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribers-com-a6ba6de400353cbaf7c7146b43b770d6.yaml b/nuclei-templates/cve-less/plugins/subscribers-com-a6ba6de400353cbaf7c7146b43b770d6.yaml new file mode 100644 index 0000000000..31afcf9f02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribers-com-a6ba6de400353cbaf7c7146b43b770d6.yaml @@ -0,0 +1,58 @@ +id: subscribers-com-a6ba6de400353cbaf7c7146b43b770d6 + +info: + name: > + Subscribers – Free Web Push Notifications <= 1.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66e78219-b3fd-40e9-a58c-8e27ef3c5e4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribers-com/" + google-query: inurl:"/wp-content/plugins/subscribers-com/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribers-com,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribers-com/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribers-com" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subscribers-text-counter-912f96d113a5aa3c6fbc130ea2c63f30.yaml b/nuclei-templates/cve-less/plugins/subscribers-text-counter-912f96d113a5aa3c6fbc130ea2c63f30.yaml new file mode 100644 index 0000000000..6e29dc18b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subscribers-text-counter-912f96d113a5aa3c6fbc130ea2c63f30.yaml @@ -0,0 +1,58 @@ +id: subscribers-text-counter-912f96d113a5aa3c6fbc130ea2c63f30 + +info: + name: > + Subscribers Text Counter <= 1.7 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a548e71f-4f36-4a29-8293-474e119f09cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subscribers-text-counter/" + google-query: inurl:"/wp-content/plugins/subscribers-text-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subscribers-text-counter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subscribers-text-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subscribers-text-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/subway-dd1fa2d046eacdab57006cff4cc678d1.yaml b/nuclei-templates/cve-less/plugins/subway-dd1fa2d046eacdab57006cff4cc678d1.yaml new file mode 100644 index 0000000000..fc6b4c29df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/subway-dd1fa2d046eacdab57006cff4cc678d1.yaml @@ -0,0 +1,58 @@ +id: subway-dd1fa2d046eacdab57006cff4cc678d1 + +info: + name: > + Subway – Private Site Option <= 2.1.4 - Improper Access Control to Sensitive Information Exposure via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b80638b-4dd1-47f5-9a70-6bd626ac6986?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/subway/" + google-query: inurl:"/wp-content/plugins/subway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,subway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/subway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "subway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sucuri-scanner-783f372f4644686742e160ed2c3ab92d.yaml b/nuclei-templates/cve-less/plugins/sucuri-scanner-783f372f4644686742e160ed2c3ab92d.yaml new file mode 100644 index 0000000000..81f235e657 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sucuri-scanner-783f372f4644686742e160ed2c3ab92d.yaml @@ -0,0 +1,58 @@ +id: sucuri-scanner-783f372f4644686742e160ed2c3ab92d + +info: + name: > + Sucuri Security <= 1.8.33 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6298192-2afa-4468-86d5-8487321a0ff6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sucuri-scanner/" + google-query: inurl:"/wp-content/plugins/sucuri-scanner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sucuri-scanner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sucuri-scanner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sucuri-scanner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sumome-67ae2a415472885fa884ebc17419d3bf.yaml b/nuclei-templates/cve-less/plugins/sumome-67ae2a415472885fa884ebc17419d3bf.yaml new file mode 100644 index 0000000000..5e05249ed9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sumome-67ae2a415472885fa884ebc17419d3bf.yaml @@ -0,0 +1,58 @@ +id: sumome-67ae2a415472885fa884ebc17419d3bf + +info: + name: > + Sumo <= 1.34 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5f4e9bf-b452-4425-8bf2-73be7857b3ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sumome/" + google-query: inurl:"/wp-content/plugins/sumome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sumome,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sumome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sumome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sunshine-photo-cart-04bb16712ffe510bd42325a97d792814.yaml b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-04bb16712ffe510bd42325a97d792814.yaml new file mode 100644 index 0000000000..eebf9660a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-04bb16712ffe510bd42325a97d792814.yaml @@ -0,0 +1,58 @@ +id: sunshine-photo-cart-04bb16712ffe510bd42325a97d792814 + +info: + name: > + Sunshine Photo Cart <= 2.9.13 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fd38e86-6448-47fd-a8a7-f571158e3599?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sunshine-photo-cart/" + google-query: inurl:"/wp-content/plugins/sunshine-photo-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sunshine-photo-cart,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sunshine-photo-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sunshine-photo-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sunshine-photo-cart-15830d6b8ea556fb257579ec9221b580.yaml b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-15830d6b8ea556fb257579ec9221b580.yaml new file mode 100644 index 0000000000..198b65cff2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-15830d6b8ea556fb257579ec9221b580.yaml @@ -0,0 +1,58 @@ +id: sunshine-photo-cart-15830d6b8ea556fb257579ec9221b580 + +info: + name: > + Sunshine Photo Cart <= 2.9.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/107918e4-fb21-40df-818d-a71b78b26928?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sunshine-photo-cart/" + google-query: inurl:"/wp-content/plugins/sunshine-photo-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sunshine-photo-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sunshine-photo-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sunshine-photo-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sunshine-photo-cart-46f4f6351643b92d6e721f9df0cbb87d.yaml b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-46f4f6351643b92d6e721f9df0cbb87d.yaml new file mode 100644 index 0000000000..7142ddad83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-46f4f6351643b92d6e721f9df0cbb87d.yaml @@ -0,0 +1,58 @@ +id: sunshine-photo-cart-46f4f6351643b92d6e721f9df0cbb87d + +info: + name: > + Sunshine Photo Cart <= 2.8.28 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c043510b-6aeb-4e91-80f0-a62970c01b1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sunshine-photo-cart/" + google-query: inurl:"/wp-content/plugins/sunshine-photo-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sunshine-photo-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sunshine-photo-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sunshine-photo-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sunshine-photo-cart-6fb4ed5587f0486cce5c1d786ad4230e.yaml b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-6fb4ed5587f0486cce5c1d786ad4230e.yaml new file mode 100644 index 0000000000..95662ecc7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-6fb4ed5587f0486cce5c1d786ad4230e.yaml @@ -0,0 +1,58 @@ +id: sunshine-photo-cart-6fb4ed5587f0486cce5c1d786ad4230e + +info: + name: > + Sunshine Photo Cart <= 2.9.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b941db0-9d6d-4b89-8e04-8770499b6a9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sunshine-photo-cart/" + google-query: inurl:"/wp-content/plugins/sunshine-photo-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sunshine-photo-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sunshine-photo-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sunshine-photo-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sunshine-photo-cart-a734bff91fde948cd641fb4f506275db.yaml b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-a734bff91fde948cd641fb4f506275db.yaml new file mode 100644 index 0000000000..e752d79110 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-a734bff91fde948cd641fb4f506275db.yaml @@ -0,0 +1,58 @@ +id: sunshine-photo-cart-a734bff91fde948cd641fb4f506275db + +info: + name: > + Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27e0b9e8-b6b7-45fe-8c9e-5e49c4feccac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sunshine-photo-cart/" + google-query: inurl:"/wp-content/plugins/sunshine-photo-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sunshine-photo-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sunshine-photo-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sunshine-photo-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sunshine-photo-cart-d0182d6b5ad1d47371d3d46c5ca25851.yaml b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-d0182d6b5ad1d47371d3d46c5ca25851.yaml new file mode 100644 index 0000000000..78a881939b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-d0182d6b5ad1d47371d3d46c5ca25851.yaml @@ -0,0 +1,58 @@ +id: sunshine-photo-cart-d0182d6b5ad1d47371d3d46c5ca25851 + +info: + name: > + Sunshine Photo Cart <= 2.9.25 - Insecure Direct Object Reference to Order Manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2eae7c33-2347-4b34-8b5f-7f4a6ee3e9c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sunshine-photo-cart/" + google-query: inurl:"/wp-content/plugins/sunshine-photo-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sunshine-photo-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sunshine-photo-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sunshine-photo-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sunshine-photo-cart-d096370d5e8a77a5a56a117293d4ce98.yaml b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-d096370d5e8a77a5a56a117293d4ce98.yaml new file mode 100644 index 0000000000..e245a7756e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-d096370d5e8a77a5a56a117293d4ce98.yaml @@ -0,0 +1,58 @@ +id: sunshine-photo-cart-d096370d5e8a77a5a56a117293d4ce98 + +info: + name: > + Sunshine Photo Cart: Free Client Galleries for Photographers <= 3.0.24 - Unauthenticated Sensitive Information Exposure via Invoice + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da76d034-3e9a-4f3f-a314-48e776028369?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sunshine-photo-cart/" + google-query: inurl:"/wp-content/plugins/sunshine-photo-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sunshine-photo-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sunshine-photo-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sunshine-photo-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sunshine-photo-cart-f3dea6737790d88bd69a099bbefbf2b4.yaml b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-f3dea6737790d88bd69a099bbefbf2b4.yaml new file mode 100644 index 0000000000..72cb8b9565 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sunshine-photo-cart-f3dea6737790d88bd69a099bbefbf2b4.yaml @@ -0,0 +1,58 @@ +id: sunshine-photo-cart-f3dea6737790d88bd69a099bbefbf2b4 + +info: + name: > + Sunshine Photo Cart: Free Client Photo Galleries for Photographers <= 3.1.1 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca0ce12-4759-4182-b69e-665e189b92f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sunshine-photo-cart/" + google-query: inurl:"/wp-content/plugins/sunshine-photo-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sunshine-photo-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sunshine-photo-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sunshine-photo-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-forms-245a41771beb2dc7d12a123756efaedb.yaml b/nuclei-templates/cve-less/plugins/super-forms-245a41771beb2dc7d12a123756efaedb.yaml new file mode 100644 index 0000000000..571b8662e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-forms-245a41771beb2dc7d12a123756efaedb.yaml @@ -0,0 +1,58 @@ +id: super-forms-245a41771beb2dc7d12a123756efaedb + +info: + name: > + Super Forms - Drag & Drop Form Builder WordPress <= 6.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8e6beeb-5af9-4713-bf7f-2edc1ddaa12f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-forms/" + google-query: inurl:"/wp-content/plugins/super-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-progressive-web-apps-86c50499cb2301a82786d4f168d5a72c.yaml b/nuclei-templates/cve-less/plugins/super-progressive-web-apps-86c50499cb2301a82786d4f168d5a72c.yaml new file mode 100644 index 0000000000..af811169d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-progressive-web-apps-86c50499cb2301a82786d4f168d5a72c.yaml @@ -0,0 +1,58 @@ +id: super-progressive-web-apps-86c50499cb2301a82786d4f168d5a72c + +info: + name: > + Super Progressive Web Apps <= 2.2.21 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d36e869a-5bd4-4f59-8e28-01fa586024c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-progressive-web-apps/" + google-query: inurl:"/wp-content/plugins/super-progressive-web-apps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-progressive-web-apps,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-progressive-web-apps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-progressive-web-apps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-socializer-164f540fc7a38170dc136b3ff3864ea3.yaml b/nuclei-templates/cve-less/plugins/super-socializer-164f540fc7a38170dc136b3ff3864ea3.yaml new file mode 100644 index 0000000000..cdf8d3619f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-socializer-164f540fc7a38170dc136b3ff3864ea3.yaml @@ -0,0 +1,58 @@ +id: super-socializer-164f540fc7a38170dc136b3ff3864ea3 + +info: + name: > + Super Socializer <= 7.13.44 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09cff621-3cf3-496e-ab91-66d088fe79dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-socializer/" + google-query: inurl:"/wp-content/plugins/super-socializer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-socializer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-socializer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-socializer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.13.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-socializer-1d7bb8633b523735c234101babaefc6e.yaml b/nuclei-templates/cve-less/plugins/super-socializer-1d7bb8633b523735c234101babaefc6e.yaml new file mode 100644 index 0000000000..7e68dd23f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-socializer-1d7bb8633b523735c234101babaefc6e.yaml @@ -0,0 +1,58 @@ +id: super-socializer-1d7bb8633b523735c234101babaefc6e + +info: + name: > + Super Socializer <= 7.13.54 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc6cfad1-d23a-4a96-9d6c-841b6d795a01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-socializer/" + google-query: inurl:"/wp-content/plugins/super-socializer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-socializer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-socializer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-socializer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.13.54') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-socializer-2c66024442466abc661bfb4f6aa99c2f.yaml b/nuclei-templates/cve-less/plugins/super-socializer-2c66024442466abc661bfb4f6aa99c2f.yaml new file mode 100644 index 0000000000..e762b22ab9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-socializer-2c66024442466abc661bfb4f6aa99c2f.yaml @@ -0,0 +1,58 @@ +id: super-socializer-2c66024442466abc661bfb4f6aa99c2f + +info: + name: > + Social Share, Social Login and Social Comments < 7.13.30 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fd4d30b-f37f-4083-acfe-8e85c075da10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-socializer/" + google-query: inurl:"/wp-content/plugins/super-socializer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-socializer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-socializer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-socializer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.13.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-socializer-46d7cdc90f6e4788d19f634ed2b57174.yaml b/nuclei-templates/cve-less/plugins/super-socializer-46d7cdc90f6e4788d19f634ed2b57174.yaml new file mode 100644 index 0000000000..efab8a02d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-socializer-46d7cdc90f6e4788d19f634ed2b57174.yaml @@ -0,0 +1,58 @@ +id: super-socializer-46d7cdc90f6e4788d19f634ed2b57174 + +info: + name: > + Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.63 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47e6840e-9f6c-44eb-a6bd-e25e4c5c0bf7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-socializer/" + google-query: inurl:"/wp-content/plugins/super-socializer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-socializer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-socializer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-socializer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.13.63') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-socializer-55664802ca8a80e3857f1283c80160e1.yaml b/nuclei-templates/cve-less/plugins/super-socializer-55664802ca8a80e3857f1283c80160e1.yaml new file mode 100644 index 0000000000..7aaf3b1e3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-socializer-55664802ca8a80e3857f1283c80160e1.yaml @@ -0,0 +1,58 @@ +id: super-socializer-55664802ca8a80e3857f1283c80160e1 + +info: + name: > + Super Socializer <= 7.13.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/558679ea-a8ee-4329-8ad7-34b708476b53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-socializer/" + google-query: inurl:"/wp-content/plugins/super-socializer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-socializer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-socializer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-socializer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.13.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-socializer-9a23102fb64a765611d796440b87f458.yaml b/nuclei-templates/cve-less/plugins/super-socializer-9a23102fb64a765611d796440b87f458.yaml new file mode 100644 index 0000000000..d27f81245e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-socializer-9a23102fb64a765611d796440b87f458.yaml @@ -0,0 +1,58 @@ +id: super-socializer-9a23102fb64a765611d796440b87f458 + +info: + name: > + Super Socializer <= 7.13.54 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/101dd211-c3eb-4d27-9194-841bc2a968e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-socializer/" + google-query: inurl:"/wp-content/plugins/super-socializer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-socializer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-socializer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-socializer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.13.54') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-socializer-f857ae19dab84e492640b0478274e45c.yaml b/nuclei-templates/cve-less/plugins/super-socializer-f857ae19dab84e492640b0478274e45c.yaml new file mode 100644 index 0000000000..b1c9843c17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-socializer-f857ae19dab84e492640b0478274e45c.yaml @@ -0,0 +1,58 @@ +id: super-socializer-f857ae19dab84e492640b0478274e45c + +info: + name: > + Social Share, Social Login and Social Comments <= 7.13.51 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6257739a-cd7c-4797-882a-016a01fe84b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-socializer/" + google-query: inurl:"/wp-content/plugins/super-socializer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-socializer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-socializer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-socializer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.13.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-testimonial-16fe73a759651a7d3bcefdb3b3d57eae.yaml b/nuclei-templates/cve-less/plugins/super-testimonial-16fe73a759651a7d3bcefdb3b3d57eae.yaml new file mode 100644 index 0000000000..ca56e4422a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-testimonial-16fe73a759651a7d3bcefdb3b3d57eae.yaml @@ -0,0 +1,58 @@ +id: super-testimonial-16fe73a759651a7d3bcefdb3b3d57eae + +info: + name: > + Testimonials (Free <= 2.6, Pro < 1.0.7) - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9bd9617-254a-40b3-a1ec-00d30b75e1b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-testimonial/" + google-query: inurl:"/wp-content/plugins/super-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-testimonial,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-testimonial-a39aab4c2ab62bbbd835d18cf4082e05.yaml b/nuclei-templates/cve-less/plugins/super-testimonial-a39aab4c2ab62bbbd835d18cf4082e05.yaml new file mode 100644 index 0000000000..4dd06327ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-testimonial-a39aab4c2ab62bbbd835d18cf4082e05.yaml @@ -0,0 +1,58 @@ +id: super-testimonial-a39aab4c2ab62bbbd835d18cf4082e05 + +info: + name: > + Super Testimonials <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52659f1c-642e-4c88-b3d0-d5c5a206b11c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-testimonial/" + google-query: inurl:"/wp-content/plugins/super-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-testimonial,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-testimonial-f27a4c95db01a4a56d77711f77220046.yaml b/nuclei-templates/cve-less/plugins/super-testimonial-f27a4c95db01a4a56d77711f77220046.yaml new file mode 100644 index 0000000000..3023c3a3d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-testimonial-f27a4c95db01a4a56d77711f77220046.yaml @@ -0,0 +1,58 @@ +id: super-testimonial-f27a4c95db01a4a56d77711f77220046 + +info: + name: > + Testimonials <= 2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d63bc735-b2ba-4be6-bd1c-f904ef860f5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-testimonial/" + google-query: inurl:"/wp-content/plugins/super-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-testimonial,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-testimonial-f50a0c6a3334b6a9833d56ea2fa95097.yaml b/nuclei-templates/cve-less/plugins/super-testimonial-f50a0c6a3334b6a9833d56ea2fa95097.yaml new file mode 100644 index 0000000000..5ba3301034 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-testimonial-f50a0c6a3334b6a9833d56ea2fa95097.yaml @@ -0,0 +1,58 @@ +id: super-testimonial-f50a0c6a3334b6a9833d56ea2fa95097 + +info: + name: > + Testimonials <= 3.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/066dfb01-4f3c-4d5a-8fbf-7e58dfc7ac91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-testimonial/" + google-query: inurl:"/wp-content/plugins/super-testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-testimonial,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/super-testimonial-pro-16fe73a759651a7d3bcefdb3b3d57eae.yaml b/nuclei-templates/cve-less/plugins/super-testimonial-pro-16fe73a759651a7d3bcefdb3b3d57eae.yaml new file mode 100644 index 0000000000..68e7c912db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/super-testimonial-pro-16fe73a759651a7d3bcefdb3b3d57eae.yaml @@ -0,0 +1,58 @@ +id: super-testimonial-pro-16fe73a759651a7d3bcefdb3b3d57eae + +info: + name: > + Testimonials (Free <= 2.6, Pro < 1.0.7) - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9bd9617-254a-40b3-a1ec-00d30b75e1b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/super-testimonial-pro/" + google-query: inurl:"/wp-content/plugins/super-testimonial-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,super-testimonial-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/super-testimonial-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "super-testimonial-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/superb-slideshow-gallery-d47a1b6b1cff7517a2e9c1cfb877c153.yaml b/nuclei-templates/cve-less/plugins/superb-slideshow-gallery-d47a1b6b1cff7517a2e9c1cfb877c153.yaml new file mode 100644 index 0000000000..147877027b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/superb-slideshow-gallery-d47a1b6b1cff7517a2e9c1cfb877c153.yaml @@ -0,0 +1,58 @@ +id: superb-slideshow-gallery-d47a1b6b1cff7517a2e9c1cfb877c153 + +info: + name: > + Superb slideshow gallery <= 13.1 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a12945d-a67c-4a19-a4e7-f65f5f2a21bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/superb-slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/superb-slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,superb-slideshow-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/superb-slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "superb-slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/superb-social-share-and-follow-buttons-bfcc2c70b2c01ba809a238ca61e5f88c.yaml b/nuclei-templates/cve-less/plugins/superb-social-share-and-follow-buttons-bfcc2c70b2c01ba809a238ca61e5f88c.yaml new file mode 100644 index 0000000000..1fc327286f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/superb-social-share-and-follow-buttons-bfcc2c70b2c01ba809a238ca61e5f88c.yaml @@ -0,0 +1,58 @@ +id: superb-social-share-and-follow-buttons-bfcc2c70b2c01ba809a238ca61e5f88c + +info: + name: > + Superb Social Media Share Buttons and Follow Buttons <= 1.1.3 - Missing Authorization via spbsmAjax + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca4dead2-c6da-4613-8ce6-13699a7495a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/superb-social-share-and-follow-buttons/" + google-query: inurl:"/wp-content/plugins/superb-social-share-and-follow-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,superb-social-share-and-follow-buttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/superb-social-share-and-follow-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "superb-social-share-and-follow-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/superfly-menu-683819db80183ccca71d3fa32fe3879a.yaml b/nuclei-templates/cve-less/plugins/superfly-menu-683819db80183ccca71d3fa32fe3879a.yaml new file mode 100644 index 0000000000..94d693c397 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/superfly-menu-683819db80183ccca71d3fa32fe3879a.yaml @@ -0,0 +1,58 @@ +id: superfly-menu-683819db80183ccca71d3fa32fe3879a + +info: + name: > + WordPress Menu Plugin — Superfly Responsive Menu <= 5.0.25 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/701bcf98-fcb4-4722-9bf1-b94efe3bb1fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/superfly-menu/" + google-query: inurl:"/wp-content/plugins/superfly-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,superfly-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/superfly-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "superfly-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/superior-faq-043f908fb4f9351f4c0f0add9321f548.yaml b/nuclei-templates/cve-less/plugins/superior-faq-043f908fb4f9351f4c0f0add9321f548.yaml new file mode 100644 index 0000000000..8a8b0a0057 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/superior-faq-043f908fb4f9351f4c0f0add9321f548.yaml @@ -0,0 +1,58 @@ +id: superior-faq-043f908fb4f9351f4c0f0add9321f548 + +info: + name: > + Superior FAQ <= 1.0.2 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f98bb2a2-6525-4e0b-8bbd-968cf5b122dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/superior-faq/" + google-query: inurl:"/wp-content/plugins/superior-faq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,superior-faq,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/superior-faq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "superior-faq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/superstorefinder-wp-4f8bb1cd134e141985840e55e7337ff2.yaml b/nuclei-templates/cve-less/plugins/superstorefinder-wp-4f8bb1cd134e141985840e55e7337ff2.yaml new file mode 100644 index 0000000000..df185c21f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/superstorefinder-wp-4f8bb1cd134e141985840e55e7337ff2.yaml @@ -0,0 +1,58 @@ +id: superstorefinder-wp-4f8bb1cd134e141985840e55e7337ff2 + +info: + name: > + Super Store Finder <= 6.9.3 - Unauthenticated Email Creation/Sending + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d31d0553-9378-4c7e-a258-12562aa6b388?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/superstorefinder-wp/" + google-query: inurl:"/wp-content/plugins/superstorefinder-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,superstorefinder-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/superstorefinder-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "superstorefinder-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/support-genix-lite-d0405f3a6546530ea0089cf284177266.yaml b/nuclei-templates/cve-less/plugins/support-genix-lite-d0405f3a6546530ea0089cf284177266.yaml new file mode 100644 index 0000000000..418472f775 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/support-genix-lite-d0405f3a6546530ea0089cf284177266.yaml @@ -0,0 +1,58 @@ +id: support-genix-lite-d0405f3a6546530ea0089cf284177266 + +info: + name: > + Support Genix <= 1.2.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40ade684-57a2-43be-9d4a-1c0a653807eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/support-genix-lite/" + google-query: inurl:"/wp-content/plugins/support-genix-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,support-genix-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/support-genix-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "support-genix-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportboard-2a20c012892057123c0688f9b3a4ff38.yaml b/nuclei-templates/cve-less/plugins/supportboard-2a20c012892057123c0688f9b3a4ff38.yaml new file mode 100644 index 0000000000..48aa7068a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportboard-2a20c012892057123c0688f9b3a4ff38.yaml @@ -0,0 +1,58 @@ +id: supportboard-2a20c012892057123c0688f9b3a4ff38 + +info: + name: > + Support Board < 3.3.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb3c0108-dfb6-4786-af04-9d54cb22c74c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportboard/" + google-query: inurl:"/wp-content/plugins/supportboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportboard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportboard-79a87cfdb010addc7119ceae498cd6d2.yaml b/nuclei-templates/cve-less/plugins/supportboard-79a87cfdb010addc7119ceae498cd6d2.yaml new file mode 100644 index 0000000000..e50c34fef5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportboard-79a87cfdb010addc7119ceae498cd6d2.yaml @@ -0,0 +1,58 @@ +id: supportboard-79a87cfdb010addc7119ceae498cd6d2 + +info: + name: > + Support Board <= 3.3.3 - Multiple Unauthenticated SQL Injections + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3eb1cb5-71ca-44c5-9434-e86301543357?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportboard/" + google-query: inurl:"/wp-content/plugins/supportboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportboard-c1a62af10487c310f7866304f28fe56c.yaml b/nuclei-templates/cve-less/plugins/supportboard-c1a62af10487c310f7866304f28fe56c.yaml new file mode 100644 index 0000000000..8cacb8d0db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportboard-c1a62af10487c310f7866304f28fe56c.yaml @@ -0,0 +1,58 @@ +id: supportboard-c1a62af10487c310f7866304f28fe56c + +info: + name: > + Support Board <= 3.3.4 - Agent+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a43adbf2-0e85-4e70-a18f-8001a86b224e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportboard/" + google-query: inurl:"/wp-content/plugins/supportboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportboard-df4750e020fd99b1db3b233a3a40020d.yaml b/nuclei-templates/cve-less/plugins/supportboard-df4750e020fd99b1db3b233a3a40020d.yaml new file mode 100644 index 0000000000..20e0cbdc15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportboard-df4750e020fd99b1db3b233a3a40020d.yaml @@ -0,0 +1,58 @@ +id: supportboard-df4750e020fd99b1db3b233a3a40020d + +info: + name: > + Support Board for WordPress <= 1.2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46f144c9-2cd3-4320-b987-119b672e7e30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportboard/" + google-query: inurl:"/wp-content/plugins/supportboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportcandy-1e4fd26a738e660824e15332d3d7697a.yaml b/nuclei-templates/cve-less/plugins/supportcandy-1e4fd26a738e660824e15332d3d7697a.yaml new file mode 100644 index 0000000000..1ce5b4e097 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportcandy-1e4fd26a738e660824e15332d3d7697a.yaml @@ -0,0 +1,58 @@ +id: supportcandy-1e4fd26a738e660824e15332d3d7697a + +info: + name: > + SupportCandy <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/663c54f4-4ca5-4916-b2a5-de3cabe77f38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportcandy/" + google-query: inurl:"/wp-content/plugins/supportcandy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportcandy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportcandy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportcandy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportcandy-32dcf173d1237771b363c0c2887254dc.yaml b/nuclei-templates/cve-less/plugins/supportcandy-32dcf173d1237771b363c0c2887254dc.yaml new file mode 100644 index 0000000000..f76af616e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportcandy-32dcf173d1237771b363c0c2887254dc.yaml @@ -0,0 +1,58 @@ +id: supportcandy-32dcf173d1237771b363c0c2887254dc + +info: + name: > + SupportCandy <= 2.2.6 - Cross-Site Request Forgery to Arbitrary Ticket Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e1fa691-3934-4e15-b339-e679976d6d5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportcandy/" + google-query: inurl:"/wp-content/plugins/supportcandy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportcandy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportcandy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportcandy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportcandy-3dc309d6eba7a3765b70c365b5153ae1.yaml b/nuclei-templates/cve-less/plugins/supportcandy-3dc309d6eba7a3765b70c365b5153ae1.yaml new file mode 100644 index 0000000000..28cb38b8f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportcandy-3dc309d6eba7a3765b70c365b5153ae1.yaml @@ -0,0 +1,58 @@ +id: supportcandy-3dc309d6eba7a3765b70c365b5153ae1 + +info: + name: > + SupportCandy <= 3.1.6 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1d2b6bd-a75a-4a07-b2f0-8ec206d41211?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportcandy/" + google-query: inurl:"/wp-content/plugins/supportcandy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportcandy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportcandy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportcandy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportcandy-48b2566d4213ee09dc933aa00171e18b.yaml b/nuclei-templates/cve-less/plugins/supportcandy-48b2566d4213ee09dc933aa00171e18b.yaml new file mode 100644 index 0000000000..c97928b26a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportcandy-48b2566d4213ee09dc933aa00171e18b.yaml @@ -0,0 +1,58 @@ +id: supportcandy-48b2566d4213ee09dc933aa00171e18b + +info: + name: > + SupportCandy – Helpdesk & Support Ticket System <= 2.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcea4ecf-e690-4d1f-beab-fbb30c5bb52e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportcandy/" + google-query: inurl:"/wp-content/plugins/supportcandy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportcandy,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportcandy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportcandy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportcandy-4b6c9f5939660218c2639c17b2048a97.yaml b/nuclei-templates/cve-less/plugins/supportcandy-4b6c9f5939660218c2639c17b2048a97.yaml new file mode 100644 index 0000000000..1d3799a542 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportcandy-4b6c9f5939660218c2639c17b2048a97.yaml @@ -0,0 +1,58 @@ +id: supportcandy-4b6c9f5939660218c2639c17b2048a97 + +info: + name: > + SupportCandy <= 3.1.6 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75f01eb4-5d53-441d-9bee-e97857dadaf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportcandy/" + google-query: inurl:"/wp-content/plugins/supportcandy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportcandy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportcandy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportcandy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportcandy-6e5471e206d56f7ca756740955d7ef85.yaml b/nuclei-templates/cve-less/plugins/supportcandy-6e5471e206d56f7ca756740955d7ef85.yaml new file mode 100644 index 0000000000..f4091b680b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportcandy-6e5471e206d56f7ca756740955d7ef85.yaml @@ -0,0 +1,58 @@ +id: supportcandy-6e5471e206d56f7ca756740955d7ef85 + +info: + name: > + SupportCandy <= 3.1.4 - Unauthenticated SQL Injection via parse_user_filters + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ca1c55a-cd4e-429a-ab74-dd1bad1a65f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportcandy/" + google-query: inurl:"/wp-content/plugins/supportcandy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportcandy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportcandy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportcandy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportcandy-907062f692752ce26e64e57b3c581650.yaml b/nuclei-templates/cve-less/plugins/supportcandy-907062f692752ce26e64e57b3c581650.yaml new file mode 100644 index 0000000000..0abef98aa6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportcandy-907062f692752ce26e64e57b3c581650.yaml @@ -0,0 +1,58 @@ +id: supportcandy-907062f692752ce26e64e57b3c581650 + +info: + name: > + SupportCandy <= 2.2.4 - Unauthenticated Arbitrary Ticket Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/653ab9cb-7084-47e4-b5e3-6788fa5d7496?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportcandy/" + google-query: inurl:"/wp-content/plugins/supportcandy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportcandy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportcandy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportcandy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportcandy-a66f1036a5faeca38f844c5e78d8a411.yaml b/nuclei-templates/cve-less/plugins/supportcandy-a66f1036a5faeca38f844c5e78d8a411.yaml new file mode 100644 index 0000000000..453f05968e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportcandy-a66f1036a5faeca38f844c5e78d8a411.yaml @@ -0,0 +1,58 @@ +id: supportcandy-a66f1036a5faeca38f844c5e78d8a411 + +info: + name: > + SupportCandy <= 2.2.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35fb04aa-5899-4797-9ea1-24e7a98ad8d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportcandy/" + google-query: inurl:"/wp-content/plugins/supportcandy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportcandy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportcandy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportcandy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportcandy-b305b8b934fd913e3c8bf40e033b8b8e.yaml b/nuclei-templates/cve-less/plugins/supportcandy-b305b8b934fd913e3c8bf40e033b8b8e.yaml new file mode 100644 index 0000000000..1692a2ddff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportcandy-b305b8b934fd913e3c8bf40e033b8b8e.yaml @@ -0,0 +1,58 @@ +id: supportcandy-b305b8b934fd913e3c8bf40e033b8b8e + +info: + name: > + SupportCandy <= 2.2.6 - Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fc6d947-4b6e-4dcb-9f20-02e39b4e730e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportcandy/" + google-query: inurl:"/wp-content/plugins/supportcandy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportcandy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportcandy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportcandy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportcandy-d675073a50b5ae439cde851f96a93469.yaml b/nuclei-templates/cve-less/plugins/supportcandy-d675073a50b5ae439cde851f96a93469.yaml new file mode 100644 index 0000000000..91f0ae545a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportcandy-d675073a50b5ae439cde851f96a93469.yaml @@ -0,0 +1,58 @@ +id: supportcandy-d675073a50b5ae439cde851f96a93469 + +info: + name: > + SupportCandy – Helpdesk & Support Ticket System <= 2.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a10af61-6451-4dda-aeda-ba8fa44bee35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportcandy/" + google-query: inurl:"/wp-content/plugins/supportcandy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportcandy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportcandy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportcandy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportezzy-2008dfadd96c77e37701fc89701d0b2f.yaml b/nuclei-templates/cve-less/plugins/supportezzy-2008dfadd96c77e37701fc89701d0b2f.yaml new file mode 100644 index 0000000000..a66b46c79b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportezzy-2008dfadd96c77e37701fc89701d0b2f.yaml @@ -0,0 +1,58 @@ +id: supportezzy-2008dfadd96c77e37701fc89701d0b2f + +info: + name: > + SupportEzzy Ticket System Plugin <= 1.2.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3a37e6a-659b-4a40-9051-9e8b3ca1ad42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportezzy/" + google-query: inurl:"/wp-content/plugins/supportezzy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportezzy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportezzy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportezzy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportflow-ce31848b731129452978ca83014199c1.yaml b/nuclei-templates/cve-less/plugins/supportflow-ce31848b731129452978ca83014199c1.yaml new file mode 100644 index 0000000000..3b11a47c62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportflow-ce31848b731129452978ca83014199c1.yaml @@ -0,0 +1,58 @@ +id: supportflow-ce31848b731129452978ca83014199c1 + +info: + name: > + SupportFlow <= 0.6 - Cross-Site Scripting via a ticket excerpt. + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f98d50a-51cb-479b-be4c-566a72f0f221?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportflow/" + google-query: inurl:"/wp-content/plugins/supportflow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportflow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportflow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportflow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supportflow-ed6a08d26be37dfa8ba1985aca8693da.yaml b/nuclei-templates/cve-less/plugins/supportflow-ed6a08d26be37dfa8ba1985aca8693da.yaml new file mode 100644 index 0000000000..180db48465 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supportflow-ed6a08d26be37dfa8ba1985aca8693da.yaml @@ -0,0 +1,58 @@ +id: supportflow-ed6a08d26be37dfa8ba1985aca8693da + +info: + name: > + SupportFlow <= 0.6 - Stored Cross-Site Scripting via discussion ticket title + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e63a70c-924b-4736-a712-80538bfd7ca7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supportflow/" + google-query: inurl:"/wp-content/plugins/supportflow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supportflow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supportflow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supportflow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supra-csv-parser-0f94c84212785d00cc5084f78797c691.yaml b/nuclei-templates/cve-less/plugins/supra-csv-parser-0f94c84212785d00cc5084f78797c691.yaml new file mode 100644 index 0000000000..9feee9e06d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supra-csv-parser-0f94c84212785d00cc5084f78797c691.yaml @@ -0,0 +1,58 @@ +id: supra-csv-parser-0f94c84212785d00cc5084f78797c691 + +info: + name: > + Supra CSV <= 4.0.3 - Stored Cross-Site Scripting via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a46c09a5-5127-4970-a009-b5fdc9414e81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supra-csv-parser/" + google-query: inurl:"/wp-content/plugins/supra-csv-parser/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supra-csv-parser,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supra-csv-parser/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supra-csv-parser" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/supreme-modules-for-divi-21942b6e9d955d0155ca56bc416fed6c.yaml b/nuclei-templates/cve-less/plugins/supreme-modules-for-divi-21942b6e9d955d0155ca56bc416fed6c.yaml new file mode 100644 index 0000000000..b9396237b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/supreme-modules-for-divi-21942b6e9d955d0155ca56bc416fed6c.yaml @@ -0,0 +1,58 @@ +id: supreme-modules-for-divi-21942b6e9d955d0155ca56bc416fed6c + +info: + name: > + Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder <= 2.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17508063-3cd7-4b61-b7be-23a71b75f6a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/supreme-modules-for-divi/" + google-query: inurl:"/wp-content/plugins/supreme-modules-for-divi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,supreme-modules-for-divi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/supreme-modules-for-divi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "supreme-modules-for-divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/surbma-gdpr-proof-google-analytics-65bd3240ae8121decf63d5f24c3d008f.yaml b/nuclei-templates/cve-less/plugins/surbma-gdpr-proof-google-analytics-65bd3240ae8121decf63d5f24c3d008f.yaml new file mode 100644 index 0000000000..e4f296fad0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/surbma-gdpr-proof-google-analytics-65bd3240ae8121decf63d5f24c3d008f.yaml @@ -0,0 +1,58 @@ +id: surbma-gdpr-proof-google-analytics-65bd3240ae8121decf63d5f24c3d008f + +info: + name: > + Surbma | GDPR Proof Cookie Consent & Notice Bar <= 17.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48b9f3e3-b7fd-4d7c-8f8b-b11ed977aa92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/surbma-gdpr-proof-google-analytics/" + google-query: inurl:"/wp-content/plugins/surbma-gdpr-proof-google-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,surbma-gdpr-proof-google-analytics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surbma-gdpr-proof-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surbma-gdpr-proof-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 17.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/surecart-3d8dd9beb9e2d1b17d8d01ef045ea5d3.yaml b/nuclei-templates/cve-less/plugins/surecart-3d8dd9beb9e2d1b17d8d01ef045ea5d3.yaml new file mode 100644 index 0000000000..442970ed66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/surecart-3d8dd9beb9e2d1b17d8d01ef045ea5d3.yaml @@ -0,0 +1,58 @@ +id: surecart-3d8dd9beb9e2d1b17d8d01ef045ea5d3 + +info: + name: > + SureCart <= 2.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/416c13ff-15ae-4ba4-8a95-7c07bec75c22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/surecart/" + google-query: inurl:"/wp-content/plugins/surecart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,surecart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surecart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surecart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/suretriggers-f1d679f5d2a45e6f2ff41ed909dc0711.yaml b/nuclei-templates/cve-less/plugins/suretriggers-f1d679f5d2a45e6f2ff41ed909dc0711.yaml new file mode 100644 index 0000000000..0fa29de02b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/suretriggers-f1d679f5d2a45e6f2ff41ed909dc0711.yaml @@ -0,0 +1,58 @@ +id: suretriggers-f1d679f5d2a45e6f2ff41ed909dc0711 + +info: + name: > + SureTriggers <= 1.0.23 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/461211c9-951e-4ccd-abf5-84941290a6a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/suretriggers/" + google-query: inurl:"/wp-content/plugins/suretriggers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,suretriggers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/suretriggers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "suretriggers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/surferseo-c3e49cc5a301ec2fc03ff611d9afd783.yaml b/nuclei-templates/cve-less/plugins/surferseo-c3e49cc5a301ec2fc03ff611d9afd783.yaml new file mode 100644 index 0000000000..d5d9c35b9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/surferseo-c3e49cc5a301ec2fc03ff611d9afd783.yaml @@ -0,0 +1,58 @@ +id: surferseo-c3e49cc5a301ec2fc03ff611d9afd783 + +info: + name: > + Surfer <= 1.3.2.357 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c06f9f6d-3cd0-4700-834b-435a99983453?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/surferseo/" + google-query: inurl:"/wp-content/plugins/surferseo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,surferseo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surferseo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surferseo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2.357') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/survey-maker-10c918e1f30e41c6abab8f1a64304178.yaml b/nuclei-templates/cve-less/plugins/survey-maker-10c918e1f30e41c6abab8f1a64304178.yaml new file mode 100644 index 0000000000..0a5998dbef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/survey-maker-10c918e1f30e41c6abab8f1a64304178.yaml @@ -0,0 +1,58 @@ +id: survey-maker-10c918e1f30e41c6abab8f1a64304178 + +info: + name: > + Survey Maker <= 3.4.6 - Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15b57809-6062-48ca-8572-26032928cd16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/survey-maker/" + google-query: inurl:"/wp-content/plugins/survey-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,survey-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/survey-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "survey-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/survey-maker-1918195d7c2ab5867189768d59900f1c.yaml b/nuclei-templates/cve-less/plugins/survey-maker-1918195d7c2ab5867189768d59900f1c.yaml new file mode 100644 index 0000000000..2df7815b1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/survey-maker-1918195d7c2ab5867189768d59900f1c.yaml @@ -0,0 +1,58 @@ +id: survey-maker-1918195d7c2ab5867189768d59900f1c + +info: + name: > + Survey Maker – Best WordPress Survey Plugin <= 3.6.6 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f105f6bf-3224-4f5c-8334-1a53ff9af9c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/survey-maker/" + google-query: inurl:"/wp-content/plugins/survey-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,survey-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/survey-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "survey-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/survey-maker-261de0ba624118de4ab57965a4edcc34.yaml b/nuclei-templates/cve-less/plugins/survey-maker-261de0ba624118de4ab57965a4edcc34.yaml new file mode 100644 index 0000000000..48968c6bd4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/survey-maker-261de0ba624118de4ab57965a4edcc34.yaml @@ -0,0 +1,58 @@ +id: survey-maker-261de0ba624118de4ab57965a4edcc34 + +info: + name: > + Survey Maker – Best WordPress Survey Plugin <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2a58fab-d4a3-4333-8495-e094ed85bb61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/survey-maker/" + google-query: inurl:"/wp-content/plugins/survey-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,survey-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/survey-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "survey-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/survey-maker-2bb4b724bd1a7da8929a5d331260d484.yaml b/nuclei-templates/cve-less/plugins/survey-maker-2bb4b724bd1a7da8929a5d331260d484.yaml new file mode 100644 index 0000000000..b640662499 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/survey-maker-2bb4b724bd1a7da8929a5d331260d484.yaml @@ -0,0 +1,58 @@ +id: survey-maker-2bb4b724bd1a7da8929a5d331260d484 + +info: + name: > + Survey Maker < 3.1.2 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d72a965-5d81-4619-ad8b-46960a89bf1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/survey-maker/" + google-query: inurl:"/wp-content/plugins/survey-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,survey-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/survey-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "survey-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/survey-maker-643403eb7ff5706c9caf1f0a5a756401.yaml b/nuclei-templates/cve-less/plugins/survey-maker-643403eb7ff5706c9caf1f0a5a756401.yaml new file mode 100644 index 0000000000..fd5477cbe9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/survey-maker-643403eb7ff5706c9caf1f0a5a756401.yaml @@ -0,0 +1,58 @@ +id: survey-maker-643403eb7ff5706c9caf1f0a5a756401 + +info: + name: > + Survey Maker <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcf6a12e-969b-4627-80c8-b51bb9b710cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/survey-maker/" + google-query: inurl:"/wp-content/plugins/survey-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,survey-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/survey-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "survey-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/survey-maker-72fdd3a89359bcd594b4d65638469ed8.yaml b/nuclei-templates/cve-less/plugins/survey-maker-72fdd3a89359bcd594b4d65638469ed8.yaml new file mode 100644 index 0000000000..a6e147779a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/survey-maker-72fdd3a89359bcd594b4d65638469ed8.yaml @@ -0,0 +1,58 @@ +id: survey-maker-72fdd3a89359bcd594b4d65638469ed8 + +info: + name: > + Survey Maker < 1.5.6 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee20726a-b5a8-4778-b5b4-5ea232ca4fc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/survey-maker/" + google-query: inurl:"/wp-content/plugins/survey-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,survey-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/survey-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "survey-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/survey-maker-82219905fba0330c7a27bd3f2e291fd5.yaml b/nuclei-templates/cve-less/plugins/survey-maker-82219905fba0330c7a27bd3f2e291fd5.yaml new file mode 100644 index 0000000000..8a5abafdfd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/survey-maker-82219905fba0330c7a27bd3f2e291fd5.yaml @@ -0,0 +1,58 @@ +id: survey-maker-82219905fba0330c7a27bd3f2e291fd5 + +info: + name: > + Survey Maker <= 4.0.9 - IP Address Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce297421-506c-4230-837e-96200677e1e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/survey-maker/" + google-query: inurl:"/wp-content/plugins/survey-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,survey-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/survey-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "survey-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/survey-maker-8acec0a5c8b59824f7149c3540944dde.yaml b/nuclei-templates/cve-less/plugins/survey-maker-8acec0a5c8b59824f7149c3540944dde.yaml new file mode 100644 index 0000000000..0f8fa22c2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/survey-maker-8acec0a5c8b59824f7149c3540944dde.yaml @@ -0,0 +1,58 @@ +id: survey-maker-8acec0a5c8b59824f7149c3540944dde + +info: + name: > + Survey Maker <= 4.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75aadbf5-763b-48cb-9d9e-fb8edb894d08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/survey-maker/" + google-query: inurl:"/wp-content/plugins/survey-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,survey-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/survey-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "survey-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/survey-maker-8eb8c6930c0431ff7195d8b5e7d4d215.yaml b/nuclei-templates/cve-less/plugins/survey-maker-8eb8c6930c0431ff7195d8b5e7d4d215.yaml new file mode 100644 index 0000000000..8f18e471c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/survey-maker-8eb8c6930c0431ff7195d8b5e7d4d215.yaml @@ -0,0 +1,58 @@ +id: survey-maker-8eb8c6930c0431ff7195d8b5e7d4d215 + +info: + name: > + Survey Maker <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a817c960-37e9-4f72-a2ef-845d9b898d48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/survey-maker/" + google-query: inurl:"/wp-content/plugins/survey-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,survey-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/survey-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "survey-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/surveys-73f9709e24c19194b73986ad030e8015.yaml b/nuclei-templates/cve-less/plugins/surveys-73f9709e24c19194b73986ad030e8015.yaml new file mode 100644 index 0000000000..fc78d07f89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/surveys-73f9709e24c19194b73986ad030e8015.yaml @@ -0,0 +1,58 @@ +id: surveys-73f9709e24c19194b73986ad030e8015 + +info: + name: > + Surveys <= 1.01.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/385c01fc-bed8-4c12-b420-9aecf4857434?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/surveys/" + google-query: inurl:"/wp-content/plugins/surveys/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,surveys,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surveys/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surveys" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.01.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/surveys-ddf10b902ecdb6f3ecf20febec84cbe8.yaml b/nuclei-templates/cve-less/plugins/surveys-ddf10b902ecdb6f3ecf20febec84cbe8.yaml new file mode 100644 index 0000000000..df8a69d7a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/surveys-ddf10b902ecdb6f3ecf20febec84cbe8.yaml @@ -0,0 +1,58 @@ +id: surveys-ddf10b902ecdb6f3ecf20febec84cbe8 + +info: + name: > + surveys <= 1.01.8 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4488d982-4e57-4614-b336-f1bba8dfa91d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/surveys/" + google-query: inurl:"/wp-content/plugins/surveys/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,surveys,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surveys/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surveys" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.01.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/surveys-ed4e4356cd22d0451cce02bf7c3fe0f8.yaml b/nuclei-templates/cve-less/plugins/surveys-ed4e4356cd22d0451cce02bf7c3fe0f8.yaml new file mode 100644 index 0000000000..ea263b230f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/surveys-ed4e4356cd22d0451cce02bf7c3fe0f8.yaml @@ -0,0 +1,58 @@ +id: surveys-ed4e4356cd22d0451cce02bf7c3fe0f8 + +info: + name: > + Surveys 1.01.8 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1c5ce2b-9ac4-4fd2-9e49-ccb8538ba100?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/surveys/" + google-query: inurl:"/wp-content/plugins/surveys/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,surveys,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/surveys/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "surveys" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.01.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/svg-support-4cdd67f3f418a30581118cbbb5c2e501.yaml b/nuclei-templates/cve-less/plugins/svg-support-4cdd67f3f418a30581118cbbb5c2e501.yaml new file mode 100644 index 0000000000..4aafba7f28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/svg-support-4cdd67f3f418a30581118cbbb5c2e501.yaml @@ -0,0 +1,58 @@ +id: svg-support-4cdd67f3f418a30581118cbbb5c2e501 + +info: + name: > + SVG Support <= 2.3.19 Admin+ Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e9fcaf5-d531-4b14-b8b1-d8090243cf0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/svg-support/" + google-query: inurl:"/wp-content/plugins/svg-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,svg-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/svg-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "svg-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/svg-support-5b6d277a829fbd531e952b54c0a495ad.yaml b/nuclei-templates/cve-less/plugins/svg-support-5b6d277a829fbd531e952b54c0a495ad.yaml new file mode 100644 index 0000000000..b2598d885a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/svg-support-5b6d277a829fbd531e952b54c0a495ad.yaml @@ -0,0 +1,58 @@ +id: svg-support-5b6d277a829fbd531e952b54c0a495ad + +info: + name: > + SVG Support <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/250edcf8-b56e-4714-9207-25bab2adaf9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/svg-support/" + google-query: inurl:"/wp-content/plugins/svg-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,svg-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/svg-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "svg-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/svg-support-ffa9b508bdc94d69f110d4734885da09.yaml b/nuclei-templates/cve-less/plugins/svg-support-ffa9b508bdc94d69f110d4734885da09.yaml new file mode 100644 index 0000000000..3d545da071 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/svg-support-ffa9b508bdc94d69f110d4734885da09.yaml @@ -0,0 +1,58 @@ +id: svg-support-ffa9b508bdc94d69f110d4734885da09 + +info: + name: > + SVG Support 2.5 - 2.5.1 - Insecure Plugin Defaults to Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddcf7901-e9cf-4ca0-87ae-70ecac09d102?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/svg-support/" + google-query: inurl:"/wp-content/plugins/svg-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,svg-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/svg-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "svg-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.5', '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/svg-uploads-support-4d2ea21aa8044b97f6f856b2ca032bba.yaml b/nuclei-templates/cve-less/plugins/svg-uploads-support-4d2ea21aa8044b97f6f856b2ca032bba.yaml new file mode 100644 index 0000000000..136b4d245b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/svg-uploads-support-4d2ea21aa8044b97f6f856b2ca032bba.yaml @@ -0,0 +1,58 @@ +id: svg-uploads-support-4d2ea21aa8044b97f6f856b2ca032bba + +info: + name: > + SVG Uploads Support <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad95f0b2-4d96-4f62-b495-050a89539177?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/svg-uploads-support/" + google-query: inurl:"/wp-content/plugins/svg-uploads-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,svg-uploads-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/svg-uploads-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "svg-uploads-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/svg-vector-icon-plugin-03cfd10aef3dc88159ec608d4ac8800f.yaml b/nuclei-templates/cve-less/plugins/svg-vector-icon-plugin-03cfd10aef3dc88159ec608d4ac8800f.yaml new file mode 100644 index 0000000000..a7f7c67cb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/svg-vector-icon-plugin-03cfd10aef3dc88159ec608d4ac8800f.yaml @@ -0,0 +1,58 @@ +id: svg-vector-icon-plugin-03cfd10aef3dc88159ec608d4ac8800f + +info: + name: > + WP SVG Icons <= 3.2.2 - Cross-Site Request Forgery to Remote Code Execution + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8c16dd9-0c04-42b9-a2d3-28b442cecdb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/svg-vector-icon-plugin/" + google-query: inurl:"/wp-content/plugins/svg-vector-icon-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,svg-vector-icon-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/svg-vector-icon-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "svg-vector-icon-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/svg-vector-icon-plugin-b7954fa43e16eb8eb1a34f4e676a00e3.yaml b/nuclei-templates/cve-less/plugins/svg-vector-icon-plugin-b7954fa43e16eb8eb1a34f4e676a00e3.yaml new file mode 100644 index 0000000000..6f3ef78ffb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/svg-vector-icon-plugin-b7954fa43e16eb8eb1a34f4e676a00e3.yaml @@ -0,0 +1,58 @@ +id: svg-vector-icon-plugin-b7954fa43e16eb8eb1a34f4e676a00e3 + +info: + name: > + WP SVG Icons <= 3.2.3 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e78d678-1560-401d-a409-21207332e062?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/svg-vector-icon-plugin/" + google-query: inurl:"/wp-content/plugins/svg-vector-icon-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,svg-vector-icon-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/svg-vector-icon-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "svg-vector-icon-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/svgator-20391a519d77c31bd1c976dfdc89ed20.yaml b/nuclei-templates/cve-less/plugins/svgator-20391a519d77c31bd1c976dfdc89ed20.yaml new file mode 100644 index 0000000000..51ccd5f036 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/svgator-20391a519d77c31bd1c976dfdc89ed20.yaml @@ -0,0 +1,58 @@ +id: svgator-20391a519d77c31bd1c976dfdc89ed20 + +info: + name: > + SVGator – Add Animated SVG Easily <= 1.2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db4b92ba-b98f-4e9d-bd1e-75bf89d83977?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/svgator/" + google-query: inurl:"/wp-content/plugins/svgator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,svgator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/svgator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "svgator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/svs-pricing-tables-3f854df7bfd619307ed654215e939951.yaml b/nuclei-templates/cve-less/plugins/svs-pricing-tables-3f854df7bfd619307ed654215e939951.yaml new file mode 100644 index 0000000000..dff4a27124 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/svs-pricing-tables-3f854df7bfd619307ed654215e939951.yaml @@ -0,0 +1,58 @@ +id: svs-pricing-tables-3f854df7bfd619307ed654215e939951 + +info: + name: > + SVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Edit/Creation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78af081a-807b-48c8-82cd-f87fbef0fbe6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/svs-pricing-tables/" + google-query: inurl:"/wp-content/plugins/svs-pricing-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,svs-pricing-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/svs-pricing-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "svs-pricing-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/svs-pricing-tables-59d35e08e05da774933855f91366b645.yaml b/nuclei-templates/cve-less/plugins/svs-pricing-tables-59d35e08e05da774933855f91366b645.yaml new file mode 100644 index 0000000000..a0fea8a0c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/svs-pricing-tables-59d35e08e05da774933855f91366b645.yaml @@ -0,0 +1,58 @@ +id: svs-pricing-tables-59d35e08e05da774933855f91366b645 + +info: + name: > + SVS Pricing Tables <= 1.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/655b35a7-a532-4ceb-aa02-4a8192e6449d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/svs-pricing-tables/" + google-query: inurl:"/wp-content/plugins/svs-pricing-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,svs-pricing-tables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/svs-pricing-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "svs-pricing-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/svs-pricing-tables-a665f3ee73307241410449c4f67e450a.yaml b/nuclei-templates/cve-less/plugins/svs-pricing-tables-a665f3ee73307241410449c4f67e450a.yaml new file mode 100644 index 0000000000..16d4f69a29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/svs-pricing-tables-a665f3ee73307241410449c4f67e450a.yaml @@ -0,0 +1,58 @@ +id: svs-pricing-tables-a665f3ee73307241410449c4f67e450a + +info: + name: > + SVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7a24213-5191-4b6d-a2d1-7b79729e6517?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/svs-pricing-tables/" + google-query: inurl:"/wp-content/plugins/svs-pricing-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,svs-pricing-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/svs-pricing-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "svs-pricing-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sw-product-bundles-325c2ee814ddc7331db5383ec03956d1.yaml b/nuclei-templates/cve-less/plugins/sw-product-bundles-325c2ee814ddc7331db5383ec03956d1.yaml new file mode 100644 index 0000000000..5644804aec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sw-product-bundles-325c2ee814ddc7331db5383ec03956d1.yaml @@ -0,0 +1,58 @@ +id: sw-product-bundles-325c2ee814ddc7331db5383ec03956d1 + +info: + name: > + SW Product Bundles <= 2.0.15 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ceff94-e312-41da-acec-15d550aba792?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sw-product-bundles/" + google-query: inurl:"/wp-content/plugins/sw-product-bundles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sw-product-bundles,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sw-product-bundles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sw-product-bundles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swatchly-dac1076894ee7430c4ad6bf91ae05401.yaml b/nuclei-templates/cve-less/plugins/swatchly-dac1076894ee7430c4ad6bf91ae05401.yaml new file mode 100644 index 0000000000..7dfb8addfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swatchly-dac1076894ee7430c4ad6bf91ae05401.yaml @@ -0,0 +1,58 @@ +id: swatchly-dac1076894ee7430c4ad6bf91ae05401 + +info: + name: > + Swatchly – WooCommerce Variation Swatches for Products <= 1.2.0 - Cross-Site Request Forgery via plugin_activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa73c2a0-a692-47db-99ca-7e7159fc96aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swatchly/" + google-query: inurl:"/wp-content/plugins/swatchly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swatchly,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swatchly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swatchly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swift-framework-0b02214c516fa5bc85822569a5b642f2.yaml b/nuclei-templates/cve-less/plugins/swift-framework-0b02214c516fa5bc85822569a5b642f2.yaml new file mode 100644 index 0000000000..c60b19b041 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swift-framework-0b02214c516fa5bc85822569a5b642f2.yaml @@ -0,0 +1,58 @@ +id: swift-framework-0b02214c516fa5bc85822569a5b642f2 + +info: + name: > + Swift Framework <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/855055d5-362e-4a92-9e9d-97eab328dcc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swift-framework/" + google-query: inurl:"/wp-content/plugins/swift-framework/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swift-framework,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swift-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swift-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swift-framework-f58e0fb779a935f032e6158130723d4e.yaml b/nuclei-templates/cve-less/plugins/swift-framework-f58e0fb779a935f032e6158130723d4e.yaml new file mode 100644 index 0000000000..9e131a6697 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swift-framework-f58e0fb779a935f032e6158130723d4e.yaml @@ -0,0 +1,58 @@ +id: swift-framework-f58e0fb779a935f032e6158130723d4e + +info: + name: > + Swift Framework <= 2.7.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57103f8e-0874-4e56-8571-254607ada21c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swift-framework/" + google-query: inurl:"/wp-content/plugins/swift-framework/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swift-framework,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swift-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swift-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swift-performance-lite-174bf1d87b8761ea6f77723705dffc85.yaml b/nuclei-templates/cve-less/plugins/swift-performance-lite-174bf1d87b8761ea6f77723705dffc85.yaml new file mode 100644 index 0000000000..a7c962d8f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swift-performance-lite-174bf1d87b8761ea6f77723705dffc85.yaml @@ -0,0 +1,58 @@ +id: swift-performance-lite-174bf1d87b8761ea6f77723705dffc85 + +info: + name: > + Swift Performance Lite <= 2.3.6.18 - Incorrect Authorization to Authenticated (Subscriber+) Settings Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58b7736a-e3e0-4ecd-9adf-284568b02ef7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swift-performance-lite/" + google-query: inurl:"/wp-content/plugins/swift-performance-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swift-performance-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swift-performance-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swift-performance-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.6.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swift-performance-lite-7dfff8c4900f7bbdbc49f6aa2df77488.yaml b/nuclei-templates/cve-less/plugins/swift-performance-lite-7dfff8c4900f7bbdbc49f6aa2df77488.yaml new file mode 100644 index 0000000000..4d9691f4d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swift-performance-lite-7dfff8c4900f7bbdbc49f6aa2df77488.yaml @@ -0,0 +1,58 @@ +id: swift-performance-lite-7dfff8c4900f7bbdbc49f6aa2df77488 + +info: + name: > + Swift Performance Lite <= 2.3.6.14 - Missing Authorization to Unauthenticated Settings Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8321f68f-da2d-4382-979d-54008de2cae7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swift-performance-lite/" + google-query: inurl:"/wp-content/plugins/swift-performance-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swift-performance-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swift-performance-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swift-performance-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.6.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swifty-bar-861a2a6e66a953eb50c087718b438c88.yaml b/nuclei-templates/cve-less/plugins/swifty-bar-861a2a6e66a953eb50c087718b438c88.yaml new file mode 100644 index 0000000000..c6dd44df6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swifty-bar-861a2a6e66a953eb50c087718b438c88.yaml @@ -0,0 +1,58 @@ +id: swifty-bar-861a2a6e66a953eb50c087718b438c88 + +info: + name: > + Swifty Bar, sticky bar by WPGens <= 1.2.10 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66c90387-af23-48fc-94da-708b9c223fe3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swifty-bar/" + google-query: inurl:"/wp-content/plugins/swifty-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swifty-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swifty-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swifty-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swifty-page-manager-94a65bcd2f84366f6216e3f9b19f7582.yaml b/nuclei-templates/cve-less/plugins/swifty-page-manager-94a65bcd2f84366f6216e3f9b19f7582.yaml new file mode 100644 index 0000000000..4695cbdf9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swifty-page-manager-94a65bcd2f84366f6216e3f9b19f7582.yaml @@ -0,0 +1,58 @@ +id: swifty-page-manager-94a65bcd2f84366f6216e3f9b19f7582 + +info: + name: > + Swifty Page Manager <= 3.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75b8f71d-9f75-4b42-ac5f-c6ffb476aae4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swifty-page-manager/" + google-query: inurl:"/wp-content/plugins/swifty-page-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swifty-page-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swifty-page-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swifty-page-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swifty-page-manager-ee107d9cd894fe54bb677ea3e5052c7f.yaml b/nuclei-templates/cve-less/plugins/swifty-page-manager-ee107d9cd894fe54bb677ea3e5052c7f.yaml new file mode 100644 index 0000000000..6d515b16b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swifty-page-manager-ee107d9cd894fe54bb677ea3e5052c7f.yaml @@ -0,0 +1,58 @@ +id: swifty-page-manager-ee107d9cd894fe54bb677ea3e5052c7f + +info: + name: > + Swifty Page Manager <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8550a405-9fa2-41a3-b556-05ff9f577ce4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swifty-page-manager/" + google-query: inurl:"/wp-content/plugins/swifty-page-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swifty-page-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swifty-page-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swifty-page-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swipe-hq-checkout-for-eshop-6d412503c15b02be74462a4b525012a6.yaml b/nuclei-templates/cve-less/plugins/swipe-hq-checkout-for-eshop-6d412503c15b02be74462a4b525012a6.yaml new file mode 100644 index 0000000000..ba0190a1ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swipe-hq-checkout-for-eshop-6d412503c15b02be74462a4b525012a6.yaml @@ -0,0 +1,58 @@ +id: swipe-hq-checkout-for-eshop-6d412503c15b02be74462a4b525012a6 + +info: + name: > + eShop Swipe plugin <= 3.7.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9a603ee-183d-4130-8e03-12deb86466ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swipe-hq-checkout-for-eshop/" + google-query: inurl:"/wp-content/plugins/swipe-hq-checkout-for-eshop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swipe-hq-checkout-for-eshop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swipe-hq-checkout-for-eshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swipe-hq-checkout-for-eshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swipe-hq-checkout-for-jigoshop-9dadadc2ea66cec373bf71c20060be7b.yaml b/nuclei-templates/cve-less/plugins/swipe-hq-checkout-for-jigoshop-9dadadc2ea66cec373bf71c20060be7b.yaml new file mode 100644 index 0000000000..1d15c2a3c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swipe-hq-checkout-for-jigoshop-9dadadc2ea66cec373bf71c20060be7b.yaml @@ -0,0 +1,58 @@ +id: swipe-hq-checkout-for-jigoshop-9dadadc2ea66cec373bf71c20060be7b + +info: + name: > + Jigoshop Swipe plugin <= 3.1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5fe6884-4a31-4341-b30f-354b447f5313?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swipe-hq-checkout-for-jigoshop/" + google-query: inurl:"/wp-content/plugins/swipe-hq-checkout-for-jigoshop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swipe-hq-checkout-for-jigoshop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swipe-hq-checkout-for-jigoshop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swipe-hq-checkout-for-jigoshop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swipehq-payment-gateway-woocommerce-04275b24c87ac6163ea35464c25c26e3.yaml b/nuclei-templates/cve-less/plugins/swipehq-payment-gateway-woocommerce-04275b24c87ac6163ea35464c25c26e3.yaml new file mode 100644 index 0000000000..f67b87abc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swipehq-payment-gateway-woocommerce-04275b24c87ac6163ea35464c25c26e3.yaml @@ -0,0 +1,58 @@ +id: swipehq-payment-gateway-woocommerce-04275b24c87ac6163ea35464c25c26e3 + +info: + name: > + SwipeHQ Payment Gateway WooCommerce <= 2.7.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ea32791-edd3-4495-893e-668f42dcf5e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swipehq-payment-gateway-woocommerce/" + google-query: inurl:"/wp-content/plugins/swipehq-payment-gateway-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swipehq-payment-gateway-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swipehq-payment-gateway-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swipehq-payment-gateway-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/swipehq-payment-gateway-wp-e-commerce-fab645de2f6e6231ff6074be3c265848.yaml b/nuclei-templates/cve-less/plugins/swipehq-payment-gateway-wp-e-commerce-fab645de2f6e6231ff6074be3c265848.yaml new file mode 100644 index 0000000000..9b80f175bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/swipehq-payment-gateway-wp-e-commerce-fab645de2f6e6231ff6074be3c265848.yaml @@ -0,0 +1,58 @@ +id: swipehq-payment-gateway-wp-e-commerce-fab645de2f6e6231ff6074be3c265848 + +info: + name: > + WP e-Commerce Swipe plugin <= 3.1.0 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/691b080c-052a-4967-a251-98a17038448d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/swipehq-payment-gateway-wp-e-commerce/" + google-query: inurl:"/wp-content/plugins/swipehq-payment-gateway-wp-e-commerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,swipehq-payment-gateway-wp-e-commerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/swipehq-payment-gateway-wp-e-commerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swipehq-payment-gateway-wp-e-commerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sydney-toolbox-49b75b404a9ba001add19a1df795abd7.yaml b/nuclei-templates/cve-less/plugins/sydney-toolbox-49b75b404a9ba001add19a1df795abd7.yaml new file mode 100644 index 0000000000..d9edafe477 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sydney-toolbox-49b75b404a9ba001add19a1df795abd7.yaml @@ -0,0 +1,58 @@ +id: sydney-toolbox-49b75b404a9ba001add19a1df795abd7 + +info: + name: > + Sydney Toolbox <= 1.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b20d638-82cb-48ce-96fa-fd42d06f649f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sydney-toolbox/" + google-query: inurl:"/wp-content/plugins/sydney-toolbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sydney-toolbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sydney-toolbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sydney-toolbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sydney-toolbox-5adaf21161b5d5d8e7d95c715efbd0e3.yaml b/nuclei-templates/cve-less/plugins/sydney-toolbox-5adaf21161b5d5d8e7d95c715efbd0e3.yaml new file mode 100644 index 0000000000..759c1678c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sydney-toolbox-5adaf21161b5d5d8e7d95c715efbd0e3.yaml @@ -0,0 +1,58 @@ +id: sydney-toolbox-5adaf21161b5d5d8e7d95c715efbd0e3 + +info: + name: > + Sydney Toolbox <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1227f3bc-0bb3-4b80-ad69-2d4314fafbe4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sydney-toolbox/" + google-query: inurl:"/wp-content/plugins/sydney-toolbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sydney-toolbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sydney-toolbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sydney-toolbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sydney-toolbox-c87a07214ae94f7db769181aa46e6e3e.yaml b/nuclei-templates/cve-less/plugins/sydney-toolbox-c87a07214ae94f7db769181aa46e6e3e.yaml new file mode 100644 index 0000000000..63fb9fa6e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sydney-toolbox-c87a07214ae94f7db769181aa46e6e3e.yaml @@ -0,0 +1,58 @@ +id: sydney-toolbox-c87a07214ae94f7db769181aa46e6e3e + +info: + name: > + Sydney Toolbox <= 1.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccf4554e-4b34-46b0-b423-5cee7150e6c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sydney-toolbox/" + google-query: inurl:"/wp-content/plugins/sydney-toolbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sydney-toolbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sydney-toolbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sydney-toolbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sydney-toolbox-f499e4efa4d99d7d76254d2c3b103977.yaml b/nuclei-templates/cve-less/plugins/sydney-toolbox-f499e4efa4d99d7d76254d2c3b103977.yaml new file mode 100644 index 0000000000..f46144450f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sydney-toolbox-f499e4efa4d99d7d76254d2c3b103977.yaml @@ -0,0 +1,58 @@ +id: sydney-toolbox-f499e4efa4d99d7d76254d2c3b103977 + +info: + name: > + Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6d5275d-43d0-41f6-96c7-e7646eac4534?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sydney-toolbox/" + google-query: inurl:"/wp-content/plugins/sydney-toolbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sydney-toolbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sydney-toolbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sydney-toolbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/symbiostock-5e582ef605e9fe0c0d1cac86ea21ae85.yaml b/nuclei-templates/cve-less/plugins/symbiostock-5e582ef605e9fe0c0d1cac86ea21ae85.yaml new file mode 100644 index 0000000000..0c8097f247 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/symbiostock-5e582ef605e9fe0c0d1cac86ea21ae85.yaml @@ -0,0 +1,58 @@ +id: symbiostock-5e582ef605e9fe0c0d1cac86ea21ae85 + +info: + name: > + Symbiostock Lite <= 6.0.0 - Authenticated (Shop Manager+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/666b8b39-fab0-4e99-b365-a4ac9f964494?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/symbiostock/" + google-query: inurl:"/wp-content/plugins/symbiostock/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,symbiostock,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/symbiostock/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "symbiostock" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sync-post-with-other-site-886a02653a1926dd36921eb04bdcde64.yaml b/nuclei-templates/cve-less/plugins/sync-post-with-other-site-886a02653a1926dd36921eb04bdcde64.yaml new file mode 100644 index 0000000000..f156f4d0e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sync-post-with-other-site-886a02653a1926dd36921eb04bdcde64.yaml @@ -0,0 +1,58 @@ +id: sync-post-with-other-site-886a02653a1926dd36921eb04bdcde64 + +info: + name: > + Sync Post With Other Site <= 1.5.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c189bdcb-3b72-4e25-8444-6852444b89f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sync-post-with-other-site/" + google-query: inurl:"/wp-content/plugins/sync-post-with-other-site/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sync-post-with-other-site,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sync-post-with-other-site/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sync-post-with-other-site" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/sync-qcloud-cos-52c19ba3b4c4a4e86f87839bb901d71b.yaml b/nuclei-templates/cve-less/plugins/sync-qcloud-cos-52c19ba3b4c4a4e86f87839bb901d71b.yaml new file mode 100644 index 0000000000..1a9256ff72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/sync-qcloud-cos-52c19ba3b4c4a4e86f87839bb901d71b.yaml @@ -0,0 +1,58 @@ +id: sync-qcloud-cos-52c19ba3b4c4a4e86f87839bb901d71b + +info: + name: > + Sync QCloud COS Plugin < 2.0.1 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5db41cdb-0795-43e7-bd36-9a85a882a760?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/sync-qcloud-cos/" + google-query: inurl:"/wp-content/plugins/sync-qcloud-cos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,sync-qcloud-cos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/sync-qcloud-cos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sync-qcloud-cos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/syncee-global-dropshipping-d016ddea2985e3c1ec3f3ed31d67329b.yaml b/nuclei-templates/cve-less/plugins/syncee-global-dropshipping-d016ddea2985e3c1ec3f3ed31d67329b.yaml new file mode 100644 index 0000000000..072167abb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/syncee-global-dropshipping-d016ddea2985e3c1ec3f3ed31d67329b.yaml @@ -0,0 +1,58 @@ +id: syncee-global-dropshipping-d016ddea2985e3c1ec3f3ed31d67329b + +info: + name: > + Syncee – Global Dropshipping <= 1.0.9 - Missing Authorization. + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08511020-6129-4f55-a25e-7ed86efa721d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/syncee-global-dropshipping/" + google-query: inurl:"/wp-content/plugins/syncee-global-dropshipping/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,syncee-global-dropshipping,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/syncee-global-dropshipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "syncee-global-dropshipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/syndication-links-85ef6da03e1e6bb00fd985498d35a632.yaml b/nuclei-templates/cve-less/plugins/syndication-links-85ef6da03e1e6bb00fd985498d35a632.yaml new file mode 100644 index 0000000000..24379ecf65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/syndication-links-85ef6da03e1e6bb00fd985498d35a632.yaml @@ -0,0 +1,58 @@ +id: syndication-links-85ef6da03e1e6bb00fd985498d35a632 + +info: + name: > + Syndication Links < 1.0.3 - DOM-based Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5986c72-ae6d-4cd2-929d-fe2ff6462b4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/syndication-links/" + google-query: inurl:"/wp-content/plugins/syndication-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,syndication-links,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/syndication-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "syndication-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/synved-shortcodes-6c1c86676b3f6a00f366fd4021465d09.yaml b/nuclei-templates/cve-less/plugins/synved-shortcodes-6c1c86676b3f6a00f366fd4021465d09.yaml new file mode 100644 index 0000000000..dc6f21282c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/synved-shortcodes-6c1c86676b3f6a00f366fd4021465d09.yaml @@ -0,0 +1,58 @@ +id: synved-shortcodes-6c1c86676b3f6a00f366fd4021465d09 + +info: + name: > + WordPress Shortcodes <= 1.6.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff2a14b1-8752-4edf-a807-88aab453451d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/synved-shortcodes/" + google-query: inurl:"/wp-content/plugins/synved-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,synved-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/synved-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "synved-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/system-dashboard-00f8b2060d8c742440ee6fd7c2090104.yaml b/nuclei-templates/cve-less/plugins/system-dashboard-00f8b2060d8c742440ee6fd7c2090104.yaml new file mode 100644 index 0000000000..3f97d146d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/system-dashboard-00f8b2060d8c742440ee6fd7c2090104.yaml @@ -0,0 +1,58 @@ +id: system-dashboard-00f8b2060d8c742440ee6fd7c2090104 + +info: + name: > + System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value) + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9d1a33b-2518-48f7-90b6-a94a34473d1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/system-dashboard/" + google-query: inurl:"/wp-content/plugins/system-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,system-dashboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/system-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "system-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/system-dashboard-50be407197651ee72b3d338a1eac693d.yaml b/nuclei-templates/cve-less/plugins/system-dashboard-50be407197651ee72b3d338a1eac693d.yaml new file mode 100644 index 0000000000..c4361bcb4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/system-dashboard-50be407197651ee72b3d338a1eac693d.yaml @@ -0,0 +1,58 @@ +id: system-dashboard-50be407197651ee72b3d338a1eac693d + +info: + name: > + System Dashboard <= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info) + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17bc3a9f-2bf9-44e3-81ef-bfa932085da9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/system-dashboard/" + google-query: inurl:"/wp-content/plugins/system-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,system-dashboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/system-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "system-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/system-dashboard-6bb233f728b21686bbc5b5d256c952f1.yaml b/nuclei-templates/cve-less/plugins/system-dashboard-6bb233f728b21686bbc5b5d256c952f1.yaml new file mode 100644 index 0000000000..a61b6b3240 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/system-dashboard-6bb233f728b21686bbc5b5d256c952f1.yaml @@ -0,0 +1,58 @@ +id: system-dashboard-6bb233f728b21686bbc5b5d256c952f1 + +info: + name: > + System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_db_specs) + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53b3ac83-847d-4bd0-a79b-531af266e1b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/system-dashboard/" + google-query: inurl:"/wp-content/plugins/system-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,system-dashboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/system-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "system-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/system-dashboard-6d13564fb4f4f025b03f3bb2e7eff230.yaml b/nuclei-templates/cve-less/plugins/system-dashboard-6d13564fb4f4f025b03f3bb2e7eff230.yaml new file mode 100644 index 0000000000..089e4758de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/system-dashboard-6d13564fb4f4f025b03f3bb2e7eff230.yaml @@ -0,0 +1,58 @@ +id: system-dashboard-6d13564fb4f4f025b03f3bb2e7eff230 + +info: + name: > + System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_constants) + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f170379e-e833-42e0-96fd-1e1722a8331c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/system-dashboard/" + google-query: inurl:"/wp-content/plugins/system-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,system-dashboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/system-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "system-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/system-dashboard-b60f7befa67eb443974e00d882b10881.yaml b/nuclei-templates/cve-less/plugins/system-dashboard-b60f7befa67eb443974e00d882b10881.yaml new file mode 100644 index 0000000000..958fabba82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/system-dashboard-b60f7befa67eb443974e00d882b10881.yaml @@ -0,0 +1,58 @@ +id: system-dashboard-b60f7befa67eb443974e00d882b10881 + +info: + name: > + System Dashboard <= 2.8.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b9e53e-d2d3-40a0-adba-f489343c6ee6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/system-dashboard/" + google-query: inurl:"/wp-content/plugins/system-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,system-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/system-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "system-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/system-dashboard-d08dba75a00314181a7ea312016fdabc.yaml b/nuclei-templates/cve-less/plugins/system-dashboard-d08dba75a00314181a7ea312016fdabc.yaml new file mode 100644 index 0000000000..bc9527e4ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/system-dashboard-d08dba75a00314181a7ea312016fdabc.yaml @@ -0,0 +1,58 @@ +id: system-dashboard-d08dba75a00314181a7ea312016fdabc + +info: + name: > + System Dashboard <= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value) + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70f14d9d-6ed6-4bcb-944d-f9c5aa6a17a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/system-dashboard/" + google-query: inurl:"/wp-content/plugins/system-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,system-dashboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/system-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "system-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tabbed-e8c1d3f10e1f58956d4fcfa9c811fff0.yaml b/nuclei-templates/cve-less/plugins/tabbed-e8c1d3f10e1f58956d4fcfa9c811fff0.yaml new file mode 100644 index 0000000000..d1013cfbe3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tabbed-e8c1d3f10e1f58956d4fcfa9c811fff0.yaml @@ -0,0 +1,58 @@ +id: tabbed-e8c1d3f10e1f58956d4fcfa9c811fff0 + +info: + name: > + Tab – Accordion, FAQ < 1.3.2 - Unauthenticated Arbitrary Tab Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec002a5a-1965-4828-8a0a-19941af98e2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tabbed/" + google-query: inurl:"/wp-content/plugins/tabbed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tabbed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tabbed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tabbed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/table-of-contents-plus-88443ca5df44ae2bdc297b09180bef0c.yaml b/nuclei-templates/cve-less/plugins/table-of-contents-plus-88443ca5df44ae2bdc297b09180bef0c.yaml new file mode 100644 index 0000000000..abda86d0cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/table-of-contents-plus-88443ca5df44ae2bdc297b09180bef0c.yaml @@ -0,0 +1,58 @@ +id: table-of-contents-plus-88443ca5df44ae2bdc297b09180bef0c + +info: + name: > + Table of Contents Plus <= 2106 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e4c655c-9cdf-4106-9cf5-fc153de12d14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/table-of-contents-plus/" + google-query: inurl:"/wp-content/plugins/table-of-contents-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,table-of-contents-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/table-of-contents-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "table-of-contents-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2106') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/table-of-contents-plus-d17932e78accf27930222cbdfc82272b.yaml b/nuclei-templates/cve-less/plugins/table-of-contents-plus-d17932e78accf27930222cbdfc82272b.yaml new file mode 100644 index 0000000000..a7086c7d0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/table-of-contents-plus-d17932e78accf27930222cbdfc82272b.yaml @@ -0,0 +1,58 @@ +id: table-of-contents-plus-d17932e78accf27930222cbdfc82272b + +info: + name: > + Table of Contents Plus <= 2302 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/624a3174-03fa-4a8e-9c02-5e24add92392?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/table-of-contents-plus/" + google-query: inurl:"/wp-content/plugins/table-of-contents-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,table-of-contents-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/table-of-contents-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "table-of-contents-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2302') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tablepress-289da9c0d14eee035f8071c1e92f71c3.yaml b/nuclei-templates/cve-less/plugins/tablepress-289da9c0d14eee035f8071c1e92f71c3.yaml new file mode 100644 index 0000000000..1ead2089ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tablepress-289da9c0d14eee035f8071c1e92f71c3.yaml @@ -0,0 +1,58 @@ +id: tablepress-289da9c0d14eee035f8071c1e92f71c3 + +info: + name: > + TablePress <= 1.8 - XML External Entity Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5fcbb61-5f22-4333-bdd9-7d843dd7e45a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tablepress/" + google-query: inurl:"/wp-content/plugins/tablepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tablepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tablepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tablepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tablepress-3fb1358d568dc8245a52a721b92fb318.yaml b/nuclei-templates/cve-less/plugins/tablepress-3fb1358d568dc8245a52a721b92fb318.yaml new file mode 100644 index 0000000000..aa5c4fff83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tablepress-3fb1358d568dc8245a52a721b92fb318.yaml @@ -0,0 +1,58 @@ +id: tablepress-3fb1358d568dc8245a52a721b92fb318 + +info: + name: > + TablePress <= 1.14 - Authenticated (Author+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24d14261-e295-4397-bad0-7a4b69b06908?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tablepress/" + google-query: inurl:"/wp-content/plugins/tablepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tablepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tablepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tablepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tablepress-5d739fff0b557fdd4318a7044651d1e4.yaml b/nuclei-templates/cve-less/plugins/tablepress-5d739fff0b557fdd4318a7044651d1e4.yaml new file mode 100644 index 0000000000..c206c91b91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tablepress-5d739fff0b557fdd4318a7044651d1e4.yaml @@ -0,0 +1,58 @@ +id: tablepress-5d739fff0b557fdd4318a7044651d1e4 + +info: + name: > + TablePress <= 2.2.4 - Authenticated(Author+) Server Side Request Forgery(SSRF) via _get_import_files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8de52b68-c273-4561-98b0-e51afd6cd47b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tablepress/" + google-query: inurl:"/wp-content/plugins/tablepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tablepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tablepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tablepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tablesome-41bad327accd676bdd6230643f7e28a5.yaml b/nuclei-templates/cve-less/plugins/tablesome-41bad327accd676bdd6230643f7e28a5.yaml new file mode 100644 index 0000000000..19996c6cd0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tablesome-41bad327accd676bdd6230643f7e28a5.yaml @@ -0,0 +1,58 @@ +id: tablesome-41bad327accd676bdd6230643f7e28a5 + +info: + name: > + Tablesome <= 1.0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d769308-6273-4ed2-b64a-d9f065de4cce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tablesome/" + google-query: inurl:"/wp-content/plugins/tablesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tablesome,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tablesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tablesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tablesome-6d5a094525084991d10cf28cec2fcdc6.yaml b/nuclei-templates/cve-less/plugins/tablesome-6d5a094525084991d10cf28cec2fcdc6.yaml new file mode 100644 index 0000000000..825ef660b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tablesome-6d5a094525084991d10cf28cec2fcdc6.yaml @@ -0,0 +1,58 @@ +id: tablesome-6d5a094525084991d10cf28cec2fcdc6 + +info: + name: > + Table & Contact Form 7 Database – Tablesome <= 1.0.27 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49cba28f-43dc-4947-b4bb-8556cc0409ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tablesome/" + google-query: inurl:"/wp-content/plugins/tablesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tablesome,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tablesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tablesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tablesome-918ad86e1bedc485af1c75c927ff2b30.yaml b/nuclei-templates/cve-less/plugins/tablesome-918ad86e1bedc485af1c75c927ff2b30.yaml new file mode 100644 index 0000000000..acc0e4ca54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tablesome-918ad86e1bedc485af1c75c927ff2b30.yaml @@ -0,0 +1,58 @@ +id: tablesome-918ad86e1bedc485af1c75c927ff2b30 + +info: + name: > + Table & Contact Form 7 Database – Tablesome <= 1.0.25 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9efb88e2-381f-4e26-80bb-1b034ffc1c91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tablesome/" + google-query: inurl:"/wp-content/plugins/tablesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tablesome,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tablesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tablesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/taboola-7ecf6794fd0be35e81a6be54c3e6a722.yaml b/nuclei-templates/cve-less/plugins/taboola-7ecf6794fd0be35e81a6be54c3e6a722.yaml new file mode 100644 index 0000000000..babaa16c4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/taboola-7ecf6794fd0be35e81a6be54c3e6a722.yaml @@ -0,0 +1,58 @@ +id: taboola-7ecf6794fd0be35e81a6be54c3e6a722 + +info: + name: > + Taboola <= 2.0.1 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab015cb4-0b1e-40ff-ab9b-6c03eed3142f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/taboola/" + google-query: inurl:"/wp-content/plugins/taboola/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,taboola,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/taboola/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "taboola" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tabs-1aa0e79be369c61efc2c0807922659cb.yaml b/nuclei-templates/cve-less/plugins/tabs-1aa0e79be369c61efc2c0807922659cb.yaml new file mode 100644 index 0000000000..c24cc6d798 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tabs-1aa0e79be369c61efc2c0807922659cb.yaml @@ -0,0 +1,58 @@ +id: tabs-1aa0e79be369c61efc2c0807922659cb + +info: + name: > + Tabs & Accordion <= 1.3.10 - Authenticated (Contributor+) Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eaead805-b122-4418-a4a0-cf1b0925f3c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tabs/" + google-query: inurl:"/wp-content/plugins/tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tabs-pro-20d48d249a9d91a3d81b3c5c649e28eb.yaml b/nuclei-templates/cve-less/plugins/tabs-pro-20d48d249a9d91a3d81b3c5c649e28eb.yaml new file mode 100644 index 0000000000..2e00868dcc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tabs-pro-20d48d249a9d91a3d81b3c5c649e28eb.yaml @@ -0,0 +1,58 @@ +id: tabs-pro-20d48d249a9d91a3d81b3c5c649e28eb + +info: + name: > + Tab Ultimate <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08220b23-d6fa-4005-bbbb-019412d328a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tabs-pro/" + google-query: inurl:"/wp-content/plugins/tabs-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tabs-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tabs-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tabs-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tabs-responsive-f48a8e9c9fcbd8cc7a0d7249289e3206.yaml b/nuclei-templates/cve-less/plugins/tabs-responsive-f48a8e9c9fcbd8cc7a0d7249289e3206.yaml new file mode 100644 index 0000000000..18213f92e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tabs-responsive-f48a8e9c9fcbd8cc7a0d7249289e3206.yaml @@ -0,0 +1,58 @@ +id: tabs-responsive-f48a8e9c9fcbd8cc7a0d7249289e3206 + +info: + name: > + Tabs Responsive <= 2.2.7 - Editor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d95d8ca6-a36e-4d95-bce3-ead237dac938?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tabs-responsive/" + google-query: inurl:"/wp-content/plugins/tabs-responsive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tabs-responsive,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tabs-responsive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tabs-responsive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tabs-shortcode-and-widget-713789bc3ffbd71b9430af55e34d0b0b.yaml b/nuclei-templates/cve-less/plugins/tabs-shortcode-and-widget-713789bc3ffbd71b9430af55e34d0b0b.yaml new file mode 100644 index 0000000000..bd1d8cd6b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tabs-shortcode-and-widget-713789bc3ffbd71b9430af55e34d0b0b.yaml @@ -0,0 +1,58 @@ +id: tabs-shortcode-and-widget-713789bc3ffbd71b9430af55e34d0b0b + +info: + name: > + Tabs Shortcode and Widget <= 1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/459f6d68-ce52-4e63-8fd9-071ef517a3ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tabs-shortcode-and-widget/" + google-query: inurl:"/wp-content/plugins/tabs-shortcode-and-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tabs-shortcode-and-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tabs-shortcode-and-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tabs-shortcode-and-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tagembed-widget-9ebf12f531ac825152bdbeecae0483e1.yaml b/nuclei-templates/cve-less/plugins/tagembed-widget-9ebf12f531ac825152bdbeecae0483e1.yaml new file mode 100644 index 0000000000..253331f1ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tagembed-widget-9ebf12f531ac825152bdbeecae0483e1.yaml @@ -0,0 +1,58 @@ +id: tagembed-widget-9ebf12f531ac825152bdbeecae0483e1 + +info: + name: > + Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc6ed7d3-7a57-4146-997b-96d4a9063214?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tagembed-widget/" + google-query: inurl:"/wp-content/plugins/tagembed-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tagembed-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tagembed-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tagembed-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/taggbox-widget-3d53b8857bb0bf4f709b612366ce52ba.yaml b/nuclei-templates/cve-less/plugins/taggbox-widget-3d53b8857bb0bf4f709b612366ce52ba.yaml new file mode 100644 index 0000000000..691efbbb9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/taggbox-widget-3d53b8857bb0bf4f709b612366ce52ba.yaml @@ -0,0 +1,58 @@ +id: taggbox-widget-3d53b8857bb0bf4f709b612366ce52ba + +info: + name: > + Taggbox <= 3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a27253d-bfc1-40b5-9da4-d16cc403ad41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/taggbox-widget/" + google-query: inurl:"/wp-content/plugins/taggbox-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,taggbox-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/taggbox-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "taggbox-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/taggbox-widget-460e4d77e94c99909f00493d8717ec60.yaml b/nuclei-templates/cve-less/plugins/taggbox-widget-460e4d77e94c99909f00493d8717ec60.yaml new file mode 100644 index 0000000000..fa4df58357 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/taggbox-widget-460e4d77e94c99909f00493d8717ec60.yaml @@ -0,0 +1,58 @@ +id: taggbox-widget-460e4d77e94c99909f00493d8717ec60 + +info: + name: > + Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/237fcdb7-aef9-4d35-baf4-7d382e8b7f3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/taggbox-widget/" + google-query: inurl:"/wp-content/plugins/taggbox-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,taggbox-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/taggbox-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "taggbox-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/taggbox-widget-8984d8e2e14f0b49968f909a1d35ae5c.yaml b/nuclei-templates/cve-less/plugins/taggbox-widget-8984d8e2e14f0b49968f909a1d35ae5c.yaml new file mode 100644 index 0000000000..cf54db4a5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/taggbox-widget-8984d8e2e14f0b49968f909a1d35ae5c.yaml @@ -0,0 +1,58 @@ +id: taggbox-widget-8984d8e2e14f0b49968f909a1d35ae5c + +info: + name: > + Taggbox <= 3.1 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cae6e8b9-a8a9-41d3-83e8-d833515a0244?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/taggbox-widget/" + google-query: inurl:"/wp-content/plugins/taggbox-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,taggbox-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/taggbox-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "taggbox-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/taggbox-widget-8d570fcab536c9b0d9a14e0fe3f1fda7.yaml b/nuclei-templates/cve-less/plugins/taggbox-widget-8d570fcab536c9b0d9a14e0fe3f1fda7.yaml new file mode 100644 index 0000000000..70e3439f31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/taggbox-widget-8d570fcab536c9b0d9a14e0fe3f1fda7.yaml @@ -0,0 +1,58 @@ +id: taggbox-widget-8d570fcab536c9b0d9a14e0fe3f1fda7 + +info: + name: > + Taggbox <= 3.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d970a9f6-69f6-42d2-b863-82b8110e52c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/taggbox-widget/" + google-query: inurl:"/wp-content/plugins/taggbox-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,taggbox-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/taggbox-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "taggbox-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tagregator-42f689e89098e402a672dac5ec8f6c89.yaml b/nuclei-templates/cve-less/plugins/tagregator-42f689e89098e402a672dac5ec8f6c89.yaml new file mode 100644 index 0000000000..b1538b3207 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tagregator-42f689e89098e402a672dac5ec8f6c89.yaml @@ -0,0 +1,58 @@ +id: tagregator-42f689e89098e402a672dac5ec8f6c89 + +info: + name: > + Tagregator <= 0.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84366708-9dcc-4f34-b1b5-7d956e3801af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tagregator/" + google-query: inurl:"/wp-content/plugins/tagregator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tagregator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tagregator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tagregator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tags-cloud-manager-582f95ad25f63ca7cc5ef7bcd4bbcf92.yaml b/nuclei-templates/cve-less/plugins/tags-cloud-manager-582f95ad25f63ca7cc5ef7bcd4bbcf92.yaml new file mode 100644 index 0000000000..d50192b481 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tags-cloud-manager-582f95ad25f63ca7cc5ef7bcd4bbcf92.yaml @@ -0,0 +1,58 @@ +id: tags-cloud-manager-582f95ad25f63ca7cc5ef7bcd4bbcf92 + +info: + name: > + Tags Cloud Manager <= 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ad70391-7ea0-49c0-ac5c-ecf7ddb3c948?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tags-cloud-manager/" + google-query: inurl:"/wp-content/plugins/tags-cloud-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tags-cloud-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tags-cloud-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tags-cloud-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tainacan-8e6b1c0313de5c2d10a529693b2cd5e4.yaml b/nuclei-templates/cve-less/plugins/tainacan-8e6b1c0313de5c2d10a529693b2cd5e4.yaml new file mode 100644 index 0000000000..849fd29f30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tainacan-8e6b1c0313de5c2d10a529693b2cd5e4.yaml @@ -0,0 +1,58 @@ +id: tainacan-8e6b1c0313de5c2d10a529693b2cd5e4 + +info: + name: > + Tainacan <= 0.20.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70da8039-6526-47fa-934d-53fa29ca1bf0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tainacan/" + google-query: inurl:"/wp-content/plugins/tainacan/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tainacan,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tainacan/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tainacan" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.20.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tainacan-9361c5082e0aaebe13dacdb499fc4e4b.yaml b/nuclei-templates/cve-less/plugins/tainacan-9361c5082e0aaebe13dacdb499fc4e4b.yaml new file mode 100644 index 0000000000..df3a88ba85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tainacan-9361c5082e0aaebe13dacdb499fc4e4b.yaml @@ -0,0 +1,58 @@ +id: tainacan-9361c5082e0aaebe13dacdb499fc4e4b + +info: + name: > + Tainacan <= 0.20.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f192811-378b-422d-8086-9a957b464bb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tainacan/" + google-query: inurl:"/wp-content/plugins/tainacan/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tainacan,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tainacan/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tainacan" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.20.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tainacan-bec9a874ffcaa5ff9d2f46a18b295cfb.yaml b/nuclei-templates/cve-less/plugins/tainacan-bec9a874ffcaa5ff9d2f46a18b295cfb.yaml new file mode 100644 index 0000000000..44fd62fb53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tainacan-bec9a874ffcaa5ff9d2f46a18b295cfb.yaml @@ -0,0 +1,58 @@ +id: tainacan-bec9a874ffcaa5ff9d2f46a18b295cfb + +info: + name: > + Tainacan <= 0.20.6 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db4b6c65-f6e2-46de-81d7-a31541d0a67a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tainacan/" + google-query: inurl:"/wp-content/plugins/tainacan/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tainacan,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tainacan/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tainacan" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.20.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tajer-30f1777054f2ffb243b10c5c1e00bdab.yaml b/nuclei-templates/cve-less/plugins/tajer-30f1777054f2ffb243b10c5c1e00bdab.yaml new file mode 100644 index 0000000000..d3ace0aa19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tajer-30f1777054f2ffb243b10c5c1e00bdab.yaml @@ -0,0 +1,58 @@ +id: tajer-30f1777054f2ffb243b10c5c1e00bdab + +info: + name: > + Tajer <= 1.0.5 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e9c5e89-9ead-477b-980b-9e48969ad0cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tajer/" + google-query: inurl:"/wp-content/plugins/tajer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tajer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tajer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tajer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tallykit-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/tallykit-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..c19e878f05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tallykit-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: tallykit-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tallykit/" + google-query: inurl:"/wp-content/plugins/tallykit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tallykit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tallykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tallykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tapfiliate-0bb4c4e55d3bd7066abf4b3e5c409eb3.yaml b/nuclei-templates/cve-less/plugins/tapfiliate-0bb4c4e55d3bd7066abf4b3e5c409eb3.yaml new file mode 100644 index 0000000000..fcb5c5fb54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tapfiliate-0bb4c4e55d3bd7066abf4b3e5c409eb3.yaml @@ -0,0 +1,58 @@ +id: tapfiliate-0bb4c4e55d3bd7066abf4b3e5c409eb3 + +info: + name: > + Tapfiliate <= 3.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a472e78c-ebd7-4ab8-9b47-96c526754387?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tapfiliate/" + google-query: inurl:"/wp-content/plugins/tapfiliate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tapfiliate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tapfiliate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tapfiliate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tarteaucitronjs-7493b4e361e65fc33d302e9a8676eef5.yaml b/nuclei-templates/cve-less/plugins/tarteaucitronjs-7493b4e361e65fc33d302e9a8676eef5.yaml new file mode 100644 index 0000000000..d8a313d09f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tarteaucitronjs-7493b4e361e65fc33d302e9a8676eef5.yaml @@ -0,0 +1,58 @@ +id: tarteaucitronjs-7493b4e361e65fc33d302e9a8676eef5 + +info: + name: > + tarteaucitron.js – Cookies legislation & GDPR <= 1.5.4 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e28f0ff6-eee3-45bb-be7e-91e2349a91d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tarteaucitronjs/" + google-query: inurl:"/wp-content/plugins/tarteaucitronjs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tarteaucitronjs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tarteaucitronjs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tarteaucitronjs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tarteaucitronjs-cdde9db33caece636f624a4e888cbf55.yaml b/nuclei-templates/cve-less/plugins/tarteaucitronjs-cdde9db33caece636f624a4e888cbf55.yaml new file mode 100644 index 0000000000..790a857ddc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tarteaucitronjs-cdde9db33caece636f624a4e888cbf55.yaml @@ -0,0 +1,58 @@ +id: tarteaucitronjs-cdde9db33caece636f624a4e888cbf55 + +info: + name: > + tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin) <= 1.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a832cd41-c7be-43b5-bee3-4489170cad79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tarteaucitronjs/" + google-query: inurl:"/wp-content/plugins/tarteaucitronjs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tarteaucitronjs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tarteaucitronjs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tarteaucitronjs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/task-scheduler-49f7af60a7d6ca8e6785ad7873768f2a.yaml b/nuclei-templates/cve-less/plugins/task-scheduler-49f7af60a7d6ca8e6785ad7873768f2a.yaml new file mode 100644 index 0000000000..04dfb5e2ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/task-scheduler-49f7af60a7d6ca8e6785ad7873768f2a.yaml @@ -0,0 +1,58 @@ +id: task-scheduler-49f7af60a7d6ca8e6785ad7873768f2a + +info: + name: > + JQueryFileTree <= 2.1.5 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f20352f-386f-45ab-b719-8a70f5c11b02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/task-scheduler/" + google-query: inurl:"/wp-content/plugins/task-scheduler/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,task-scheduler,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/task-scheduler/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "task-scheduler" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/taskbuilder-aa1aed011557ee5dc2bfa06501123a9e.yaml b/nuclei-templates/cve-less/plugins/taskbuilder-aa1aed011557ee5dc2bfa06501123a9e.yaml new file mode 100644 index 0000000000..bf5b0b26d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/taskbuilder-aa1aed011557ee5dc2bfa06501123a9e.yaml @@ -0,0 +1,58 @@ +id: taskbuilder-aa1aed011557ee5dc2bfa06501123a9e + +info: + name: > + Taskbuilder <= 1.0.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0eb875d6-03ff-441e-9a4e-69aa577c8587?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/taskbuilder/" + google-query: inurl:"/wp-content/plugins/taskbuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,taskbuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/taskbuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "taskbuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tatsu-fbd8ecc6dba160d0b0ce8ccb8069b0ff.yaml b/nuclei-templates/cve-less/plugins/tatsu-fbd8ecc6dba160d0b0ce8ccb8069b0ff.yaml new file mode 100644 index 0000000000..3824b8308c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tatsu-fbd8ecc6dba160d0b0ce8ccb8069b0ff.yaml @@ -0,0 +1,58 @@ +id: tatsu-fbd8ecc6dba160d0b0ce8ccb8069b0ff + +info: + name: > + Tatsu <= 3.3.12 - Unauthenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77ebd648-3851-47ea-a5eb-86af4899727c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tatsu/" + google-query: inurl:"/wp-content/plugins/tatsu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tatsu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tatsu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tatsu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tawkto-live-chat-21ae3b1c550108707903a2e1d2b50e39.yaml b/nuclei-templates/cve-less/plugins/tawkto-live-chat-21ae3b1c550108707903a2e1d2b50e39.yaml new file mode 100644 index 0000000000..d2003d28b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tawkto-live-chat-21ae3b1c550108707903a2e1d2b50e39.yaml @@ -0,0 +1,58 @@ +id: tawkto-live-chat-21ae3b1c550108707903a2e1d2b50e39 + +info: + name: > + Tawk.To Live Chat <= 0.5.4 - Missing Authorization to Visitor Monitoring & Chat Removal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c3ee9fa-5d66-4f84-818f-ceec2f0c0b96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tawkto-live-chat/" + google-query: inurl:"/wp-content/plugins/tawkto-live-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tawkto-live-chat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tawkto-live-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tawkto-live-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tax-rate-upload-65ee5bf735571153b550ec180d2f83b7.yaml b/nuclei-templates/cve-less/plugins/tax-rate-upload-65ee5bf735571153b550ec180d2f83b7.yaml new file mode 100644 index 0000000000..2159840a9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tax-rate-upload-65ee5bf735571153b550ec180d2f83b7.yaml @@ -0,0 +1,58 @@ +id: tax-rate-upload-65ee5bf735571153b550ec180d2f83b7 + +info: + name: > + Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bddbbcdf-dfcb-47dd-97e7-8563eaf70cbd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tax-rate-upload/" + google-query: inurl:"/wp-content/plugins/tax-rate-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tax-rate-upload,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tax-rate-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tax-rate-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tax-rate-upload-9b43aaab2dbac6c310bbe5db0693f0ed.yaml b/nuclei-templates/cve-less/plugins/tax-rate-upload-9b43aaab2dbac6c310bbe5db0693f0ed.yaml new file mode 100644 index 0000000000..1d5588ae35 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tax-rate-upload-9b43aaab2dbac6c310bbe5db0693f0ed.yaml @@ -0,0 +1,58 @@ +id: tax-rate-upload-9b43aaab2dbac6c310bbe5db0693f0ed + +info: + name: > + Tax Rate Upload <= 2.4.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e54b0294-6829-493f-b7d3-6349000c249c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tax-rate-upload/" + google-query: inurl:"/wp-content/plugins/tax-rate-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tax-rate-upload,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tax-rate-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tax-rate-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/taxonomy-filter-f3d2115fb9f146bc796a9f84dc975747.yaml b/nuclei-templates/cve-less/plugins/taxonomy-filter-f3d2115fb9f146bc796a9f84dc975747.yaml new file mode 100644 index 0000000000..5047ecec3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/taxonomy-filter-f3d2115fb9f146bc796a9f84dc975747.yaml @@ -0,0 +1,58 @@ +id: taxonomy-filter-f3d2115fb9f146bc796a9f84dc975747 + +info: + name: > + Taxonomy filter <= 2.2.9 - Cross-Site Request Forgery via taxonomy_filter_save_main_settings() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e74ff260-48af-4fc2-80d8-1ff2403f8f33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/taxonomy-filter/" + google-query: inurl:"/wp-content/plugins/taxonomy-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,taxonomy-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/taxonomy-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "taxonomy-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/taxonomy-switcher-6295a7a546ef764d879b794c2aebb334.yaml b/nuclei-templates/cve-less/plugins/taxonomy-switcher-6295a7a546ef764d879b794c2aebb334.yaml new file mode 100644 index 0000000000..99eac93c66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/taxonomy-switcher-6295a7a546ef764d879b794c2aebb334.yaml @@ -0,0 +1,58 @@ +id: taxonomy-switcher-6295a7a546ef764d879b794c2aebb334 + +info: + name: > + Taxonomy Switcher <= 1.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f7edb22-1441-4cac-9899-cd27dc313870?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/taxonomy-switcher/" + google-query: inurl:"/wp-content/plugins/taxonomy-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,taxonomy-switcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/taxonomy-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "taxonomy-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tc-custom-javascript-03ddcc1c34e43981b71842dcf356a652.yaml b/nuclei-templates/cve-less/plugins/tc-custom-javascript-03ddcc1c34e43981b71842dcf356a652.yaml new file mode 100644 index 0000000000..ab26e29e74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tc-custom-javascript-03ddcc1c34e43981b71842dcf356a652.yaml @@ -0,0 +1,58 @@ +id: tc-custom-javascript-03ddcc1c34e43981b71842dcf356a652 + +info: + name: > + TC Custom JavaScript <= 1.2.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5574f8ab-74b7-4f6c-b8db-901cb6e45cfb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tc-custom-javascript/" + google-query: inurl:"/wp-content/plugins/tc-custom-javascript/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tc-custom-javascript,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tc-custom-javascript/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tc-custom-javascript" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tc-team-members-7cd66621baa98ee6c1094c3629ee5b9c.yaml b/nuclei-templates/cve-less/plugins/tc-team-members-7cd66621baa98ee6c1094c3629ee5b9c.yaml new file mode 100644 index 0000000000..79297b0bb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tc-team-members-7cd66621baa98ee6c1094c3629ee5b9c.yaml @@ -0,0 +1,58 @@ +id: tc-team-members-7cd66621baa98ee6c1094c3629ee5b9c + +info: + name: > + Team Members <= 5.0.3 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e5143f2-6641-4ae3-baa1-e5b83d784799?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tc-team-members/" + google-query: inurl:"/wp-content/plugins/tc-team-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tc-team-members,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tc-team-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tc-team-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tcd-google-maps-91e768f9e801d14e24ca5019cd490f0a.yaml b/nuclei-templates/cve-less/plugins/tcd-google-maps-91e768f9e801d14e24ca5019cd490f0a.yaml new file mode 100644 index 0000000000..52e874e82e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tcd-google-maps-91e768f9e801d14e24ca5019cd490f0a.yaml @@ -0,0 +1,58 @@ +id: tcd-google-maps-91e768f9e801d14e24ca5019cd490f0a + +info: + name: > + TCD Google Maps <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50f6d0aa-059d-48d9-873b-6404f288f002?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tcd-google-maps/" + google-query: inurl:"/wp-content/plugins/tcd-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tcd-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tcd-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tcd-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tcs3-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/tcs3-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..81e2ac6b6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tcs3-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: tcs3-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tcs3/" + google-query: inurl:"/wp-content/plugins/tcs3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tcs3,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tcs3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tcs3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/td-cloud-library-e9eec5a929c2311a5540a7010e91443f.yaml b/nuclei-templates/cve-less/plugins/td-cloud-library-e9eec5a929c2311a5540a7010e91443f.yaml new file mode 100644 index 0000000000..ae9de1ef5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/td-cloud-library-e9eec5a929c2311a5540a7010e91443f.yaml @@ -0,0 +1,58 @@ +id: td-cloud-library-e9eec5a929c2311a5540a7010e91443f + +info: + name: > + tagDiv Cloud Library < 2.7 - Missing Authorization to Arbitrary User Metadata Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24e8d1a4-9853-4f60-a371-7fdbe86d554b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/td-cloud-library/" + google-query: inurl:"/wp-content/plugins/td-cloud-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,td-cloud-library,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/td-cloud-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "td-cloud-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/td-composer-01793590016afb66f5a418a945e41a09.yaml b/nuclei-templates/cve-less/plugins/td-composer-01793590016afb66f5a418a945e41a09.yaml new file mode 100644 index 0000000000..65c2177541 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/td-composer-01793590016afb66f5a418a945e41a09.yaml @@ -0,0 +1,58 @@ +id: td-composer-01793590016afb66f5a418a945e41a09 + +info: + name: > + tagDiv Composer <= 4.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3861f675-1a26-4947-91ef-8ab04646704f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/td-composer/" + google-query: inurl:"/wp-content/plugins/td-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,td-composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/td-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "td-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/td-composer-0a8a5d2ceeee68cf5d8ceb172875b32d.yaml b/nuclei-templates/cve-less/plugins/td-composer-0a8a5d2ceeee68cf5d8ceb172875b32d.yaml new file mode 100644 index 0000000000..e19cdd34a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/td-composer-0a8a5d2ceeee68cf5d8ceb172875b32d.yaml @@ -0,0 +1,58 @@ +id: td-composer-0a8a5d2ceeee68cf5d8ceb172875b32d + +info: + name: > + tagDiv Composer < 4.4 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/199d3a1f-bfde-4081-bb68-ebb6f9d360b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/td-composer/" + google-query: inurl:"/wp-content/plugins/td-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,td-composer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/td-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "td-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/td-composer-5795df5f8da9d7d45bd34eff74cbbef7.yaml b/nuclei-templates/cve-less/plugins/td-composer-5795df5f8da9d7d45bd34eff74cbbef7.yaml new file mode 100644 index 0000000000..910ff43915 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/td-composer-5795df5f8da9d7d45bd34eff74cbbef7.yaml @@ -0,0 +1,58 @@ +id: td-composer-5795df5f8da9d7d45bd34eff74cbbef7 + +info: + name: > + tagDiv Composer <= 4.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6998cf4c-6086-402b-a95f-ee6a4980dffb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/td-composer/" + google-query: inurl:"/wp-content/plugins/td-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,td-composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/td-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "td-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/td-composer-b10d497d51d23e43935beff2259b9524.yaml b/nuclei-templates/cve-less/plugins/td-composer-b10d497d51d23e43935beff2259b9524.yaml new file mode 100644 index 0000000000..72bc279ab2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/td-composer-b10d497d51d23e43935beff2259b9524.yaml @@ -0,0 +1,58 @@ +id: td-composer-b10d497d51d23e43935beff2259b9524 + +info: + name: > + tagDiv Composer < 4.0 - Reflected Cross-Site Scripting via ‘td_video_url’ + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/372f4908-8796-4a52-8346-bd0eb1e41adc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/td-composer/" + google-query: inurl:"/wp-content/plugins/td-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,td-composer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/td-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "td-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/td-composer-bff7cd3ae66179edd6f79145d30bd8a6.yaml b/nuclei-templates/cve-less/plugins/td-composer-bff7cd3ae66179edd6f79145d30bd8a6.yaml new file mode 100644 index 0000000000..9817b4d885 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/td-composer-bff7cd3ae66179edd6f79145d30bd8a6.yaml @@ -0,0 +1,58 @@ +id: td-composer-bff7cd3ae66179edd6f79145d30bd8a6 + +info: + name: > + tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8347b4e-a5ba-49c5-9ae6-690a1a5c9aac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/td-composer/" + google-query: inurl:"/wp-content/plugins/td-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,td-composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/td-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "td-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/teachpress-0e20035daf500b66ef66815e5fae94f5.yaml b/nuclei-templates/cve-less/plugins/teachpress-0e20035daf500b66ef66815e5fae94f5.yaml new file mode 100644 index 0000000000..83f22ceb1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/teachpress-0e20035daf500b66ef66815e5fae94f5.yaml @@ -0,0 +1,58 @@ +id: teachpress-0e20035daf500b66ef66815e5fae94f5 + +info: + name: > + teachPress <= 9.0.5 - Cross-Site Request Forgery via delete_database() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3544357f-97c9-49cb-a48d-74b60480111d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/teachpress/" + google-query: inurl:"/wp-content/plugins/teachpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,teachpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/teachpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "teachpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/teachpress-2eaa08a72f8ffd2eb931a796cf5157f4.yaml b/nuclei-templates/cve-less/plugins/teachpress-2eaa08a72f8ffd2eb931a796cf5157f4.yaml new file mode 100644 index 0000000000..54ef4957bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/teachpress-2eaa08a72f8ffd2eb931a796cf5157f4.yaml @@ -0,0 +1,58 @@ +id: teachpress-2eaa08a72f8ffd2eb931a796cf5157f4 + +info: + name: > + teachPress <= 9.0.2 - Reflected Cross-Site Scripting via meta_field_id and cite_id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a33cc275-aa0d-4b8b-863a-6a32fac37512?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/teachpress/" + google-query: inurl:"/wp-content/plugins/teachpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,teachpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/teachpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "teachpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 9.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/teachpress-3b16719dacbde5289812e70a9eb8dc52.yaml b/nuclei-templates/cve-less/plugins/teachpress-3b16719dacbde5289812e70a9eb8dc52.yaml new file mode 100644 index 0000000000..2ec26e6797 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/teachpress-3b16719dacbde5289812e70a9eb8dc52.yaml @@ -0,0 +1,58 @@ +id: teachpress-3b16719dacbde5289812e70a9eb8dc52 + +info: + name: > + teachPress <= 8.1.8 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68774d9c-7abc-416d-8ab9-2713a1bad377?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/teachpress/" + google-query: inurl:"/wp-content/plugins/teachpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,teachpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/teachpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "teachpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/teachpress-9c5b70c021deba50a223641e7218d917.yaml b/nuclei-templates/cve-less/plugins/teachpress-9c5b70c021deba50a223641e7218d917.yaml new file mode 100644 index 0000000000..ecec8069cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/teachpress-9c5b70c021deba50a223641e7218d917.yaml @@ -0,0 +1,58 @@ +id: teachpress-9c5b70c021deba50a223641e7218d917 + +info: + name: > + teachPress <= 9.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9956e04c-ff59-40c0-a8ab-3e2ed2c52d7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/teachpress/" + google-query: inurl:"/wp-content/plugins/teachpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,teachpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/teachpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "teachpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/team-005741c51584101e42f20f4a09530ec1.yaml b/nuclei-templates/cve-less/plugins/team-005741c51584101e42f20f4a09530ec1.yaml new file mode 100644 index 0000000000..77a0135cb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/team-005741c51584101e42f20f4a09530ec1.yaml @@ -0,0 +1,58 @@ +id: team-005741c51584101e42f20f4a09530ec1 + +info: + name: > + Team Showcase <= 1.22.15 - Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1da8894c-fd19-4ea1-9c05-e519c0131061?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/team/" + google-query: inurl:"/wp-content/plugins/team/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,team,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/team/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "team" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.22.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/team-1d181af5ec91b0160f1b6df2779bb251.yaml b/nuclei-templates/cve-less/plugins/team-1d181af5ec91b0160f1b6df2779bb251.yaml new file mode 100644 index 0000000000..3dcc562632 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/team-1d181af5ec91b0160f1b6df2779bb251.yaml @@ -0,0 +1,58 @@ +id: team-1d181af5ec91b0160f1b6df2779bb251 + +info: + name: > + Team Showcase <= 1.22.15 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9013e816-1f5c-48cc-b79b-37cd9a75c2f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/team/" + google-query: inurl:"/wp-content/plugins/team/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,team,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/team/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "team" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.22.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/team-b569d36710f81ad9bca4fdee9649f13c.yaml b/nuclei-templates/cve-less/plugins/team-b569d36710f81ad9bca4fdee9649f13c.yaml new file mode 100644 index 0000000000..b132e00164 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/team-b569d36710f81ad9bca4fdee9649f13c.yaml @@ -0,0 +1,58 @@ +id: team-b569d36710f81ad9bca4fdee9649f13c + +info: + name: > + Team Showcase <= 1.22.15 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52bb3328-956c-4379-879a-d321d68c39ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/team/" + google-query: inurl:"/wp-content/plugins/team/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,team,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/team/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "team" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.22.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/team-d26cb33300448e8878b411d58432ae7f.yaml b/nuclei-templates/cve-less/plugins/team-d26cb33300448e8878b411d58432ae7f.yaml new file mode 100644 index 0000000000..988f81a6e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/team-d26cb33300448e8878b411d58432ae7f.yaml @@ -0,0 +1,58 @@ +id: team-d26cb33300448e8878b411d58432ae7f + +info: + name: > + Team Showcase <= 1.22.15 - Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2a9a2fd-5667-4033-a273-f4f5660cb27e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/team/" + google-query: inurl:"/wp-content/plugins/team/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,team,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/team/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "team" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.22.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/team-members-3251ec6afe785e3bef31ff4841e744c5.yaml b/nuclei-templates/cve-less/plugins/team-members-3251ec6afe785e3bef31ff4841e744c5.yaml new file mode 100644 index 0000000000..1d7efa90f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/team-members-3251ec6afe785e3bef31ff4841e744c5.yaml @@ -0,0 +1,58 @@ +id: team-members-3251ec6afe785e3bef31ff4841e744c5 + +info: + name: > + Team Members <= 5.2.0 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c68a9b05-5e60-4d5f-9d00-a9a5b85271f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/team-members/" + google-query: inurl:"/wp-content/plugins/team-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,team-members,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/team-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "team-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/team-members-68a19dcbafa893fee0f134b5b9682816.yaml b/nuclei-templates/cve-less/plugins/team-members-68a19dcbafa893fee0f134b5b9682816.yaml new file mode 100644 index 0000000000..3b11532961 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/team-members-68a19dcbafa893fee0f134b5b9682816.yaml @@ -0,0 +1,58 @@ +id: team-members-68a19dcbafa893fee0f134b5b9682816 + +info: + name: > + Team Members <= 5.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09277f30-9b6a-4cc9-bc8c-09c360da917a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/team-members/" + google-query: inurl:"/wp-content/plugins/team-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,team-members,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/team-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "team-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/team-members-97f6d832d77568cb83cbfd8ed5696c11.yaml b/nuclei-templates/cve-less/plugins/team-members-97f6d832d77568cb83cbfd8ed5696c11.yaml new file mode 100644 index 0000000000..8f122c2b1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/team-members-97f6d832d77568cb83cbfd8ed5696c11.yaml @@ -0,0 +1,58 @@ +id: team-members-97f6d832d77568cb83cbfd8ed5696c11 + +info: + name: > + Team Members <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b14bdec-9737-4b03-8cc0-e4018494d162?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/team-members/" + google-query: inurl:"/wp-content/plugins/team-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,team-members,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/team-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "team-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/team-showcase-50a35a271362419338fef58cbfdfbd44.yaml b/nuclei-templates/cve-less/plugins/team-showcase-50a35a271362419338fef58cbfdfbd44.yaml new file mode 100644 index 0000000000..1647a84c69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/team-showcase-50a35a271362419338fef58cbfdfbd44.yaml @@ -0,0 +1,58 @@ +id: team-showcase-50a35a271362419338fef58cbfdfbd44 + +info: + name: > + Team Showcase <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3b26060-294e-4d4c-9295-0b08f533d5c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/team-showcase/" + google-query: inurl:"/wp-content/plugins/team-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,team-showcase,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/team-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "team-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/team-showcase-supreme-f7d812f744f4c9ca71f204033cc41839.yaml b/nuclei-templates/cve-less/plugins/team-showcase-supreme-f7d812f744f4c9ca71f204033cc41839.yaml new file mode 100644 index 0000000000..f29bd37e79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/team-showcase-supreme-f7d812f744f4c9ca71f204033cc41839.yaml @@ -0,0 +1,58 @@ +id: team-showcase-supreme-f7d812f744f4c9ca71f204033cc41839 + +info: + name: > + Team Member <= 4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via new_style_name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/353d22c5-dee1-485f-ae66-e9c7afe3ad8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/team-showcase-supreme/" + google-query: inurl:"/wp-content/plugins/team-showcase-supreme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,team-showcase-supreme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/team-showcase-supreme/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "team-showcase-supreme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/telefication-32f527b1fe26d5c077366894530c8689.yaml b/nuclei-templates/cve-less/plugins/telefication-32f527b1fe26d5c077366894530c8689.yaml new file mode 100644 index 0000000000..0592f279bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/telefication-32f527b1fe26d5c077366894530c8689.yaml @@ -0,0 +1,58 @@ +id: telefication-32f527b1fe26d5c077366894530c8689 + +info: + name: > + Telefication <= 1.8.0 - Open Relay and Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9f1719c-ef66-4c68-b25c-175c99938e7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/telefication/" + google-query: inurl:"/wp-content/plugins/telefication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,telefication,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/telefication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "telefication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/telegram-bot-0caf4f2b6437a679adbb5b527c6703b2.yaml b/nuclei-templates/cve-less/plugins/telegram-bot-0caf4f2b6437a679adbb5b527c6703b2.yaml new file mode 100644 index 0000000000..3e9c0e0455 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/telegram-bot-0caf4f2b6437a679adbb5b527c6703b2.yaml @@ -0,0 +1,58 @@ +id: telegram-bot-0caf4f2b6437a679adbb5b527c6703b2 + +info: + name: > + Telegram Bot & Channel <= 3.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb099c3-f6f6-4d9c-a9c7-fa1b81ce082e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/telegram-bot/" + google-query: inurl:"/wp-content/plugins/telegram-bot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,telegram-bot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/telegram-bot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "telegram-bot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/telephone-number-linker-a6d339b3bc08ee880c9c68cfd52a0937.yaml b/nuclei-templates/cve-less/plugins/telephone-number-linker-a6d339b3bc08ee880c9c68cfd52a0937.yaml new file mode 100644 index 0000000000..70bb3b8ccf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/telephone-number-linker-a6d339b3bc08ee880c9c68cfd52a0937.yaml @@ -0,0 +1,58 @@ +id: telephone-number-linker-a6d339b3bc08ee880c9c68cfd52a0937 + +info: + name: > + Telephone Number Linker <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06424d9f-0064-4101-b819-688489a18eee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/telephone-number-linker/" + google-query: inurl:"/wp-content/plugins/telephone-number-linker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,telephone-number-linker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/telephone-number-linker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "telephone-number-linker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/telsender-4150b6c5ffc14f9f916be876839f27fe.yaml b/nuclei-templates/cve-less/plugins/telsender-4150b6c5ffc14f9f916be876839f27fe.yaml new file mode 100644 index 0000000000..616ec0656b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/telsender-4150b6c5ffc14f9f916be876839f27fe.yaml @@ -0,0 +1,58 @@ +id: telsender-4150b6c5ffc14f9f916be876839f27fe + +info: + name: > + TelSender <= 1.14.11 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39193ebd-005a-4497-9939-99947323a1a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/telsender/" + google-query: inurl:"/wp-content/plugins/telsender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,telsender,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/telsender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "telsender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/telugu-bible-verse-daily-10fa074ce14cd8aff4840b1abbaf6c83.yaml b/nuclei-templates/cve-less/plugins/telugu-bible-verse-daily-10fa074ce14cd8aff4840b1abbaf6c83.yaml new file mode 100644 index 0000000000..cd4683ad7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/telugu-bible-verse-daily-10fa074ce14cd8aff4840b1abbaf6c83.yaml @@ -0,0 +1,58 @@ +id: telugu-bible-verse-daily-10fa074ce14cd8aff4840b1abbaf6c83 + +info: + name: > + తెలుగు బైబిల్ వచనములు <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6881b0ad-7f11-4709-8c17-37aa505bad4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/telugu-bible-verse-daily/" + google-query: inurl:"/wp-content/plugins/telugu-bible-verse-daily/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,telugu-bible-verse-daily,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/telugu-bible-verse-daily/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "telugu-bible-verse-daily" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/template-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml b/nuclei-templates/cve-less/plugins/template-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml new file mode 100644 index 0000000000..da2e01417f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/template-events-calendar-218c9a934953359a2e2d8f63be0a287c.yaml @@ -0,0 +1,58 @@ +id: template-events-calendar-218c9a934953359a2e2d8f63be0a287c + +info: + name: > + Cool Plugins (Various Versions) - Arbitrary Plugin Installation and Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f0fb78-ad6b-4a9e-ae1a-5793f3426379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/template-events-calendar/" + google-query: inurl:"/wp-content/plugins/template-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,template-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/template-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "template-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/template-events-calendar-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/template-events-calendar-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..d0329e7830 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/template-events-calendar-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: template-events-calendar-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/template-events-calendar/" + google-query: inurl:"/wp-content/plugins/template-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,template-events-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/template-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "template-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/template-events-calendar-803648dc94dbeaf482d25b8433d5ee7f.yaml b/nuclei-templates/cve-less/plugins/template-events-calendar-803648dc94dbeaf482d25b8433d5ee7f.yaml new file mode 100644 index 0000000000..0510956a91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/template-events-calendar-803648dc94dbeaf482d25b8433d5ee7f.yaml @@ -0,0 +1,58 @@ +id: template-events-calendar-803648dc94dbeaf482d25b8433d5ee7f + +info: + name: > + Events Shortcodes & Templates For The Events Calendar <= 2.3.1 - Authenticated (Contributor+) SQL Injection via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1d9ee9f-d8d0-4a9d-b414-bc79c4255b4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/template-events-calendar/" + google-query: inurl:"/wp-content/plugins/template-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,template-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/template-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "template-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/template-kit-import-1024fb2bb768926b2f10b7f06d6c4de1.yaml b/nuclei-templates/cve-less/plugins/template-kit-import-1024fb2bb768926b2f10b7f06d6c4de1.yaml new file mode 100644 index 0000000000..57a168b9f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/template-kit-import-1024fb2bb768926b2f10b7f06d6c4de1.yaml @@ -0,0 +1,58 @@ +id: template-kit-import-1024fb2bb768926b2f10b7f06d6c4de1 + +info: + name: > + Template Kit – Import <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6203a15d-f90f-4147-8e43-afc424bbb750?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/template-kit-import/" + google-query: inurl:"/wp-content/plugins/template-kit-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,template-kit-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/template-kit-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "template-kit-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/template-kit-import-e259392e4e0f5c005c71447bf33a289e.yaml b/nuclei-templates/cve-less/plugins/template-kit-import-e259392e4e0f5c005c71447bf33a289e.yaml new file mode 100644 index 0000000000..42ae7cbb8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/template-kit-import-e259392e4e0f5c005c71447bf33a289e.yaml @@ -0,0 +1,58 @@ +id: template-kit-import-e259392e4e0f5c005c71447bf33a289e + +info: + name: > + Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68fe17e2-d5ab-4ebd-a5c6-d65cea327abd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/template-kit-import/" + google-query: inurl:"/wp-content/plugins/template-kit-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,template-kit-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/template-kit-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "template-kit-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/templately-6db2725ca256b74963101e9d1eafe501.yaml b/nuclei-templates/cve-less/plugins/templately-6db2725ca256b74963101e9d1eafe501.yaml new file mode 100644 index 0000000000..a2b9b33f40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/templately-6db2725ca256b74963101e9d1eafe501.yaml @@ -0,0 +1,58 @@ +id: templately-6db2725ca256b74963101e9d1eafe501 + +info: + name: > + Templately <= 2.2.5 - Improper Authorization to Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c74553c0-366e-44d7-8c4a-161a05ef02b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/templately/" + google-query: inurl:"/wp-content/plugins/templately/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,templately,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/templately/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "templately" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/templates-patterns-collection-0f7e356340d28416c48865e039d750ac.yaml b/nuclei-templates/cve-less/plugins/templates-patterns-collection-0f7e356340d28416c48865e039d750ac.yaml new file mode 100644 index 0000000000..ca4893467e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/templates-patterns-collection-0f7e356340d28416c48865e039d750ac.yaml @@ -0,0 +1,58 @@ +id: templates-patterns-collection-0f7e356340d28416c48865e039d750ac + +info: + name: > + Cloud Templates & Patterns collection <= 1.2.2 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c59baad8-b888-4475-8371-645811a6b569?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/templates-patterns-collection/" + google-query: inurl:"/wp-content/plugins/templates-patterns-collection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,templates-patterns-collection,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/templates-patterns-collection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "templates-patterns-collection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/templates-patterns-collection-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/templates-patterns-collection-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..fb2b25882f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/templates-patterns-collection-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: templates-patterns-collection-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/templates-patterns-collection/" + google-query: inurl:"/wp-content/plugins/templates-patterns-collection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,templates-patterns-collection,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/templates-patterns-collection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "templates-patterns-collection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/templatesnext-toolkit-6880997a756b467547a9370c60ac6681.yaml b/nuclei-templates/cve-less/plugins/templatesnext-toolkit-6880997a756b467547a9370c60ac6681.yaml new file mode 100644 index 0000000000..68c8d6935a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/templatesnext-toolkit-6880997a756b467547a9370c60ac6681.yaml @@ -0,0 +1,58 @@ +id: templatesnext-toolkit-6880997a756b467547a9370c60ac6681 + +info: + name: > + TemplatesNext ToolKit <= 3.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38ebe1d4-4ac0-4d03-8945-451902263442?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/templatesnext-toolkit/" + google-query: inurl:"/wp-content/plugins/templatesnext-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,templatesnext-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/templatesnext-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "templatesnext-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/templatesnext-toolkit-71cf8d6f1781f11cff9af8b811c7f0b2.yaml b/nuclei-templates/cve-less/plugins/templatesnext-toolkit-71cf8d6f1781f11cff9af8b811c7f0b2.yaml new file mode 100644 index 0000000000..f228abb4ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/templatesnext-toolkit-71cf8d6f1781f11cff9af8b811c7f0b2.yaml @@ -0,0 +1,58 @@ +id: templatesnext-toolkit-71cf8d6f1781f11cff9af8b811c7f0b2 + +info: + name: > + TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7f90a88-6c19-4adf-8282-2d77234fcc11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/templatesnext-toolkit/" + google-query: inurl:"/wp-content/plugins/templatesnext-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,templatesnext-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/templatesnext-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "templatesnext-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/templatesnext-toolkit-d10130ec70ac5e95df8a68d13ca495cb.yaml b/nuclei-templates/cve-less/plugins/templatesnext-toolkit-d10130ec70ac5e95df8a68d13ca495cb.yaml new file mode 100644 index 0000000000..8491d780ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/templatesnext-toolkit-d10130ec70ac5e95df8a68d13ca495cb.yaml @@ -0,0 +1,58 @@ +id: templatesnext-toolkit-d10130ec70ac5e95df8a68d13ca495cb + +info: + name: > + TemplatesNext ToolKit <= 3.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7de5cb89-240a-4ba3-a82c-261629620948?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/templatesnext-toolkit/" + google-query: inurl:"/wp-content/plugins/templatesnext-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,templatesnext-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/templatesnext-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "templatesnext-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/temporary-login-without-password-e518402d2982dad7f3cfd89eedd61449.yaml b/nuclei-templates/cve-less/plugins/temporary-login-without-password-e518402d2982dad7f3cfd89eedd61449.yaml new file mode 100644 index 0000000000..130d5931cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/temporary-login-without-password-e518402d2982dad7f3cfd89eedd61449.yaml @@ -0,0 +1,58 @@ +id: temporary-login-without-password-e518402d2982dad7f3cfd89eedd61449 + +info: + name: > + Temporary Login Without Password <= 1.7.0 - Subscriber+ Plugin Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5eb85bc1-cffd-4363-ba53-30e3f6f6fc56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/temporary-login-without-password/" + google-query: inurl:"/wp-content/plugins/temporary-login-without-password/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,temporary-login-without-password,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/temporary-login-without-password/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "temporary-login-without-password" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tencentcloud-cos-b1770f9eb849f830c90d98a4a92d2baf.yaml b/nuclei-templates/cve-less/plugins/tencentcloud-cos-b1770f9eb849f830c90d98a4a92d2baf.yaml new file mode 100644 index 0000000000..a5f7ae133a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tencentcloud-cos-b1770f9eb849f830c90d98a4a92d2baf.yaml @@ -0,0 +1,58 @@ +id: tencentcloud-cos-b1770f9eb849f830c90d98a4a92d2baf + +info: + name: > + tencentcloud-cos <= 1.0.7 - Missing Authorization via AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91ea157f-7a74-427f-b1eb-a9187f2d9096?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tencentcloud-cos/" + google-query: inurl:"/wp-content/plugins/tencentcloud-cos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tencentcloud-cos,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tencentcloud-cos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tencentcloud-cos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tenweb-speed-optimizer-20a9d8955f3c9e8e519f715c32a5f589.yaml b/nuclei-templates/cve-less/plugins/tenweb-speed-optimizer-20a9d8955f3c9e8e519f715c32a5f589.yaml new file mode 100644 index 0000000000..4be8716d54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tenweb-speed-optimizer-20a9d8955f3c9e8e519f715c32a5f589.yaml @@ -0,0 +1,58 @@ +id: tenweb-speed-optimizer-20a9d8955f3c9e8e519f715c32a5f589 + +info: + name: > + 10Web Booster <= 2.24.14 - Unauthenticated Arbitrary Option Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4d9c659-ec6a-43ca-b484-02afd06f3c13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tenweb-speed-optimizer/" + google-query: inurl:"/wp-content/plugins/tenweb-speed-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tenweb-speed-optimizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tenweb-speed-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tenweb-speed-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.24.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tera-charts-18c4c68c7c881f2ea27926221e43a5a9.yaml b/nuclei-templates/cve-less/plugins/tera-charts-18c4c68c7c881f2ea27926221e43a5a9.yaml new file mode 100644 index 0000000000..0b23aedee2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tera-charts-18c4c68c7c881f2ea27926221e43a5a9.yaml @@ -0,0 +1,58 @@ +id: tera-charts-18c4c68c7c881f2ea27926221e43a5a9 + +info: + name: > + Tera Charts < 1.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bcc353f-cdf2-4e28-a0e0-ad149ecb1c3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tera-charts/" + google-query: inurl:"/wp-content/plugins/tera-charts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tera-charts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tera-charts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tera-charts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tera-charts-c18aab0e3a8fe7ad353658faf1fddbbe.yaml b/nuclei-templates/cve-less/plugins/tera-charts-c18aab0e3a8fe7ad353658faf1fddbbe.yaml new file mode 100644 index 0000000000..7d7b47d171 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tera-charts-c18aab0e3a8fe7ad353658faf1fddbbe.yaml @@ -0,0 +1,58 @@ +id: tera-charts-c18aab0e3a8fe7ad353658faf1fddbbe + +info: + name: > + Tera Charts <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bbf5adc-df9c-4629-909c-932998c50508?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tera-charts/" + google-query: inurl:"/wp-content/plugins/tera-charts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tera-charts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tera-charts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tera-charts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/terillion-reviews-47c8ae751ee325a323299c1e28df1079.yaml b/nuclei-templates/cve-less/plugins/terillion-reviews-47c8ae751ee325a323299c1e28df1079.yaml new file mode 100644 index 0000000000..3f56fa70a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/terillion-reviews-47c8ae751ee325a323299c1e28df1079.yaml @@ -0,0 +1,58 @@ +id: terillion-reviews-47c8ae751ee325a323299c1e28df1079 + +info: + name: > + Terillion Reviews < 1.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be70f816-14b1-4c7b-8529-146bcd5d4cf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/terillion-reviews/" + google-query: inurl:"/wp-content/plugins/terillion-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,terillion-reviews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/terillion-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "terillion-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/terms-and-conditions-popup-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/terms-and-conditions-popup-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..20b7d536ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/terms-and-conditions-popup-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: terms-and-conditions-popup-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/terms-and-conditions-popup-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/terms-and-conditions-popup-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,terms-and-conditions-popup-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/terms-and-conditions-popup-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "terms-and-conditions-popup-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/terms-descriptions-4ca0cd7e003f070985982d00b73cdc44.yaml b/nuclei-templates/cve-less/plugins/terms-descriptions-4ca0cd7e003f070985982d00b73cdc44.yaml new file mode 100644 index 0000000000..d53dc9a92c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/terms-descriptions-4ca0cd7e003f070985982d00b73cdc44.yaml @@ -0,0 +1,58 @@ +id: terms-descriptions-4ca0cd7e003f070985982d00b73cdc44 + +info: + name: > + Terms Descriptions <= 3.4.4 - Reflected Cross-Site Scripting via term_search + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6a44d36-43e6-4785-b2bc-0b4b98d847e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/terms-descriptions/" + google-query: inurl:"/wp-content/plugins/terms-descriptions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,terms-descriptions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/terms-descriptions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "terms-descriptions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/terraclassifieds-4be3fece7979d31adacbce90e5c628f3.yaml b/nuclei-templates/cve-less/plugins/terraclassifieds-4be3fece7979d31adacbce90e5c628f3.yaml new file mode 100644 index 0000000000..547ac474af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/terraclassifieds-4be3fece7979d31adacbce90e5c628f3.yaml @@ -0,0 +1,58 @@ +id: terraclassifieds-4be3fece7979d31adacbce90e5c628f3 + +info: + name: > + TerraClassifieds <= 2.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a6e5f89-ebc0-413a-a76e-3cf4339430ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/terraclassifieds/" + google-query: inurl:"/wp-content/plugins/terraclassifieds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,terraclassifieds,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/terraclassifieds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "terraclassifieds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/terraclassifieds-8f126edef9e9df4d2ad158f1a5a43c5d.yaml b/nuclei-templates/cve-less/plugins/terraclassifieds-8f126edef9e9df4d2ad158f1a5a43c5d.yaml new file mode 100644 index 0000000000..0ca9da2740 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/terraclassifieds-8f126edef9e9df4d2ad158f1a5a43c5d.yaml @@ -0,0 +1,58 @@ +id: terraclassifieds-8f126edef9e9df4d2ad158f1a5a43c5d + +info: + name: > + TerraClassifieds <= 2.0.3 Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0399b60-6e40-4f35-985f-845a32f69d64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/terraclassifieds/" + google-query: inurl:"/wp-content/plugins/terraclassifieds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,terraclassifieds,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/terraclassifieds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "terraclassifieds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-9fed5404f994e2e62aad7f01b29dde3c.yaml b/nuclei-templates/cve-less/plugins/testimonial-9fed5404f994e2e62aad7f01b29dde3c.yaml new file mode 100644 index 0000000000..4b001b0a79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-9fed5404f994e2e62aad7f01b29dde3c.yaml @@ -0,0 +1,58 @@ +id: testimonial-9fed5404f994e2e62aad7f01b29dde3c + +info: + name: > + Testimonial Slider <= 2.3.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9be5e54c-286a-4fec-95fb-27e3517f3eb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial/" + google-query: inurl:"/wp-content/plugins/testimonial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-add-098a7c1e7e4a3294c0b3e783c9234d81.yaml b/nuclei-templates/cve-less/plugins/testimonial-add-098a7c1e7e4a3294c0b3e783c9234d81.yaml new file mode 100644 index 0000000000..eb0b2b930c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-add-098a7c1e7e4a3294c0b3e783c9234d81.yaml @@ -0,0 +1,58 @@ +id: testimonial-add-098a7c1e7e4a3294c0b3e783c9234d81 + +info: + name: > + Testimonials Slider <= 3.5.8.3 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b1bfe88-2513-4acc-91e2-50a3bc9d7183?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-add/" + google-query: inurl:"/wp-content/plugins/testimonial-add/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-add,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-add/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-add" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-builder-cc8d3237ec9d31d7a17e75a3773f4b59.yaml b/nuclei-templates/cve-less/plugins/testimonial-builder-cc8d3237ec9d31d7a17e75a3773f4b59.yaml new file mode 100644 index 0000000000..33c1d8b8b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-builder-cc8d3237ec9d31d7a17e75a3773f4b59.yaml @@ -0,0 +1,58 @@ +id: testimonial-builder-cc8d3237ec9d31d7a17e75a3773f4b59 + +info: + name: > + Testimonial < 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae9b5c7-0d76-4772-973b-be48e520c837?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-builder/" + google-query: inurl:"/wp-content/plugins/testimonial-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-builder-ebb1ebcf4f2c8c10213c00b9f2126830.yaml b/nuclei-templates/cve-less/plugins/testimonial-builder-ebb1ebcf4f2c8c10213c00b9f2126830.yaml new file mode 100644 index 0000000000..6c48e0b440 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-builder-ebb1ebcf4f2c8c10213c00b9f2126830.yaml @@ -0,0 +1,58 @@ +id: testimonial-builder-ebb1ebcf4f2c8c10213c00b9f2126830 + +info: + name: > + Testimonial Builder <= 1.6.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bf511b6-1b62-43e0-9df5-674a423f6ae2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-builder/" + google-query: inurl:"/wp-content/plugins/testimonial-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-free-68309fb63b5db886058ca866de7b117b.yaml b/nuclei-templates/cve-less/plugins/testimonial-free-68309fb63b5db886058ca866de7b117b.yaml new file mode 100644 index 0000000000..b3d87e16c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-free-68309fb63b5db886058ca866de7b117b.yaml @@ -0,0 +1,58 @@ +id: testimonial-free-68309fb63b5db886058ca866de7b117b + +info: + name: > + Real Testimonials <= 2.5.11 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64d2d161-678a-4c0a-b0c5-c28a29a66a5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-free/" + google-query: inurl:"/wp-content/plugins/testimonial-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-rotator-a98e82a7c384a33ad5d0d42365168f67.yaml b/nuclei-templates/cve-less/plugins/testimonial-rotator-a98e82a7c384a33ad5d0d42365168f67.yaml new file mode 100644 index 0000000000..8425edcc1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-rotator-a98e82a7c384a33ad5d0d42365168f67.yaml @@ -0,0 +1,58 @@ +id: testimonial-rotator-a98e82a7c384a33ad5d0d42365168f67 + +info: + name: > + Testimonial Rotator <= 3.0.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/963db13e-14aa-4fc0-8d28-3f8a22361361?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-rotator/" + google-query: inurl:"/wp-content/plugins/testimonial-rotator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-rotator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-rotator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-rotator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-rotator-ef09ee87048a20a553f4804a48eb6952.yaml b/nuclei-templates/cve-less/plugins/testimonial-rotator-ef09ee87048a20a553f4804a48eb6952.yaml new file mode 100644 index 0000000000..428a055373 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-rotator-ef09ee87048a20a553f4804a48eb6952.yaml @@ -0,0 +1,58 @@ +id: testimonial-rotator-ef09ee87048a20a553f4804a48eb6952 + +info: + name: > + Testimonial Rotator <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ea0f826-5ae9-4dad-89d0-9fc9f10f526b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-rotator/" + google-query: inurl:"/wp-content/plugins/testimonial-rotator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-rotator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-rotator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-rotator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-slider-0cd68afb7b6d648c1cc92eb32c923eff.yaml b/nuclei-templates/cve-less/plugins/testimonial-slider-0cd68afb7b6d648c1cc92eb32c923eff.yaml new file mode 100644 index 0000000000..b37816ef67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-slider-0cd68afb7b6d648c1cc92eb32c923eff.yaml @@ -0,0 +1,58 @@ +id: testimonial-slider-0cd68afb7b6d648c1cc92eb32c923eff + +info: + name: > + Testimonial Slider < 1.2.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5240171-6051-455c-b6df-630e2cd8308d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-slider/" + google-query: inurl:"/wp-content/plugins/testimonial-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-slider,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-slider-6d9a6d99fa80beb8d831bc3a1d45ac3c.yaml b/nuclei-templates/cve-less/plugins/testimonial-slider-6d9a6d99fa80beb8d831bc3a1d45ac3c.yaml new file mode 100644 index 0000000000..bd43d882b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-slider-6d9a6d99fa80beb8d831bc3a1d45ac3c.yaml @@ -0,0 +1,58 @@ +id: testimonial-slider-6d9a6d99fa80beb8d831bc3a1d45ac3c + +info: + name: > + Testimonial Slider <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d9e0147-74ae-481a-bdc2-16bb3cdc10d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-slider/" + google-query: inurl:"/wp-content/plugins/testimonial-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-slider-and-showcase-3fcde9cc662e3ad45e20c993057641fd.yaml b/nuclei-templates/cve-less/plugins/testimonial-slider-and-showcase-3fcde9cc662e3ad45e20c993057641fd.yaml new file mode 100644 index 0000000000..e84341e152 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-slider-and-showcase-3fcde9cc662e3ad45e20c993057641fd.yaml @@ -0,0 +1,58 @@ +id: testimonial-slider-and-showcase-3fcde9cc662e3ad45e20c993057641fd + +info: + name: > + Testimonial Slider <= 2.3.6 - Missing Authorization to Authenticated (Author+) Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bff5508-7483-4c0e-8146-a157244d6ad2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-slider-and-showcase/" + google-query: inurl:"/wp-content/plugins/testimonial-slider-and-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-slider-and-showcase,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-slider-and-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-slider-and-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-slider-c2d76074465a6dcb60332d83861a2a8f.yaml b/nuclei-templates/cve-less/plugins/testimonial-slider-c2d76074465a6dcb60332d83861a2a8f.yaml new file mode 100644 index 0000000000..2c7eabdf2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-slider-c2d76074465a6dcb60332d83861a2a8f.yaml @@ -0,0 +1,58 @@ +id: testimonial-slider-c2d76074465a6dcb60332d83861a2a8f + +info: + name: > + Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd7ed687-4049-4957-86e9-b2f59621c747?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-slider/" + google-query: inurl:"/wp-content/plugins/testimonial-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-slider-c6bb0e4c31a358c9eb072ecaccea302f.yaml b/nuclei-templates/cve-less/plugins/testimonial-slider-c6bb0e4c31a358c9eb072ecaccea302f.yaml new file mode 100644 index 0000000000..f62ba99ca4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-slider-c6bb0e4c31a358c9eb072ecaccea302f.yaml @@ -0,0 +1,58 @@ +id: testimonial-slider-c6bb0e4c31a358c9eb072ecaccea302f + +info: + name: > + Testimonial Slider <= 1.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d557db81-9689-4fc1-b749-3595859048de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-slider/" + google-query: inurl:"/wp-content/plugins/testimonial-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-slider-shortcode-43c13d89c14426ecb661544b7d24f058.yaml b/nuclei-templates/cve-less/plugins/testimonial-slider-shortcode-43c13d89c14426ecb661544b7d24f058.yaml new file mode 100644 index 0000000000..0b0bca3b0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-slider-shortcode-43c13d89c14426ecb661544b7d24f058.yaml @@ -0,0 +1,58 @@ +id: testimonial-slider-shortcode-43c13d89c14426ecb661544b7d24f058 + +info: + name: > + Testimonial Slider Shortcode <= 1.1.8 - Authenticated (Contributor+) Cross-Site Scripting Vulnerability via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30cb1b8c-84ce-4401-9c30-775efb257fe6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-slider-shortcode/" + google-query: inurl:"/wp-content/plugins/testimonial-slider-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-slider-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-slider-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-slider-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-widgets-064923882cd32ff7964d2ef158cf8d5f.yaml b/nuclei-templates/cve-less/plugins/testimonial-widgets-064923882cd32ff7964d2ef158cf8d5f.yaml new file mode 100644 index 0000000000..980000246f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-widgets-064923882cd32ff7964d2ef158cf8d5f.yaml @@ -0,0 +1,58 @@ +id: testimonial-widgets-064923882cd32ff7964d2ef158cf8d5f + +info: + name: > + WP Testimonials <= 1.4.2 - Cross-Site Request Forgery to Widget Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ff59aa5-a2f2-4fe1-a0b6-d9b07b0fdb1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-widgets/" + google-query: inurl:"/wp-content/plugins/testimonial-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-widgets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonial-widgets-0a08727c9a8cc242989bfe2a49030a2a.yaml b/nuclei-templates/cve-less/plugins/testimonial-widgets-0a08727c9a8cc242989bfe2a49030a2a.yaml new file mode 100644 index 0000000000..d37106811a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonial-widgets-0a08727c9a8cc242989bfe2a49030a2a.yaml @@ -0,0 +1,58 @@ +id: testimonial-widgets-0a08727c9a8cc242989bfe2a49030a2a + +info: + name: > + WP Testimonials <= 1.4.3 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4da18aad-3c82-4bc6-8dad-523643c12d5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonial-widgets/" + google-query: inurl:"/wp-content/plugins/testimonial-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonial-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonial-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonial-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonials-2ee541e9c869c15a8b871966c41047ce.yaml b/nuclei-templates/cve-less/plugins/testimonials-2ee541e9c869c15a8b871966c41047ce.yaml new file mode 100644 index 0000000000..5d76947248 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonials-2ee541e9c869c15a8b871966c41047ce.yaml @@ -0,0 +1,58 @@ +id: testimonials-2ee541e9c869c15a8b871966c41047ce + +info: + name: > + Testimonials <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d9689ed-2be0-4573-a794-2c5bfadafdf5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonials/" + google-query: inurl:"/wp-content/plugins/testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/testimonials-widget-f08697abe75fa6ac28d5ec1f1d0bb149.yaml b/nuclei-templates/cve-less/plugins/testimonials-widget-f08697abe75fa6ac28d5ec1f1d0bb149.yaml new file mode 100644 index 0000000000..e5d6f233ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/testimonials-widget-f08697abe75fa6ac28d5ec1f1d0bb149.yaml @@ -0,0 +1,58 @@ +id: testimonials-widget-f08697abe75fa6ac28d5ec1f1d0bb149 + +info: + name: > + Testimonials Widget <= 3.5.1 - Multiple Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae46eea5-4b7a-4cf5-97ff-c65b7e8e3261?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/testimonials-widget/" + google-query: inurl:"/wp-content/plugins/testimonials-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,testimonials-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/testimonials-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "testimonials-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tevolution-2d693d589095b4560f08a66dde7ee787.yaml b/nuclei-templates/cve-less/plugins/tevolution-2d693d589095b4560f08a66dde7ee787.yaml new file mode 100644 index 0000000000..3437913c72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tevolution-2d693d589095b4560f08a66dde7ee787.yaml @@ -0,0 +1,58 @@ +id: tevolution-2d693d589095b4560f08a66dde7ee787 + +info: + name: > + Tevolution < 2.3.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e26a1c7c-8c4d-450d-bbfa-6ab1af4bceba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/Tevolution/" + google-query: inurl:"/wp-content/plugins/Tevolution/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,Tevolution,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/Tevolution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Tevolution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/text-hover-c38399df1330c2dfd449ee16ef7996a9.yaml b/nuclei-templates/cve-less/plugins/text-hover-c38399df1330c2dfd449ee16ef7996a9.yaml new file mode 100644 index 0000000000..7bb491fa69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/text-hover-c38399df1330c2dfd449ee16ef7996a9.yaml @@ -0,0 +1,58 @@ +id: text-hover-c38399df1330c2dfd449ee16ef7996a9 + +info: + name: > + Text Hover <= 4.1 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d8b8f54-b2af-42dd-af82-c1e8726c87e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/text-hover/" + google-query: inurl:"/wp-content/plugins/text-hover/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,text-hover,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/text-hover/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "text-hover" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/textme-sms-integration-3832b3b7c5502757f733258a03de8f45.yaml b/nuclei-templates/cve-less/plugins/textme-sms-integration-3832b3b7c5502757f733258a03de8f45.yaml new file mode 100644 index 0000000000..f1a3dbd031 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/textme-sms-integration-3832b3b7c5502757f733258a03de8f45.yaml @@ -0,0 +1,58 @@ +id: textme-sms-integration-3832b3b7c5502757f733258a03de8f45 + +info: + name: > + TextMe SMS <= 1.9.0 - Missing Authorization via tetxme_update_option_page() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fb4ad52-a0b2-4645-bf0d-132b4ce8a0a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/textme-sms-integration/" + google-query: inurl:"/wp-content/plugins/textme-sms-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,textme-sms-integration,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/textme-sms-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "textme-sms-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/texty-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/texty-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..a7eae9d275 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/texty-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: texty-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/texty/" + google-query: inurl:"/wp-content/plugins/texty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,texty,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/texty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "texty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tf-numbers-number-counter-animaton-0ca0bd9c39bf258c51c77483b135b8f5.yaml b/nuclei-templates/cve-less/plugins/tf-numbers-number-counter-animaton-0ca0bd9c39bf258c51c77483b135b8f5.yaml new file mode 100644 index 0000000000..d163b8cf04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tf-numbers-number-counter-animaton-0ca0bd9c39bf258c51c77483b135b8f5.yaml @@ -0,0 +1,58 @@ +id: tf-numbers-number-counter-animaton-0ca0bd9c39bf258c51c77483b135b8f5 + +info: + name: > + Themeflection Numbers <= 1.8.1 - Authenticated(Subscriber+) Privilege Escalation via tf_numb_save_licenses + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db6616b5-4c4e-4cc7-83eb-22fac94f47f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tf-numbers-number-counter-animaton/" + google-query: inurl:"/wp-content/plugins/tf-numbers-number-counter-animaton/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tf-numbers-number-counter-animaton,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tf-numbers-number-counter-animaton/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tf-numbers-number-counter-animaton" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tfo-graphviz-04e03efeaf45c2f9ebc60f262f17a9a4.yaml b/nuclei-templates/cve-less/plugins/tfo-graphviz-04e03efeaf45c2f9ebc60f262f17a9a4.yaml new file mode 100644 index 0000000000..6eb2cd1701 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tfo-graphviz-04e03efeaf45c2f9ebc60f262f17a9a4.yaml @@ -0,0 +1,58 @@ +id: tfo-graphviz-04e03efeaf45c2f9ebc60f262f17a9a4 + +info: + name: > + TFO Graphviz <= 1.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ed5a9c4-5148-4c3f-81fd-78bdde31f258?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tfo-graphviz/" + google-query: inurl:"/wp-content/plugins/tfo-graphviz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tfo-graphviz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tfo-graphviz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tfo-graphviz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/th-advance-product-search-299542a4c8b3958179820e8901ce5f1d.yaml b/nuclei-templates/cve-less/plugins/th-advance-product-search-299542a4c8b3958179820e8901ce5f1d.yaml new file mode 100644 index 0000000000..38f1595964 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/th-advance-product-search-299542a4c8b3958179820e8901ce5f1d.yaml @@ -0,0 +1,58 @@ +id: th-advance-product-search-299542a4c8b3958179820e8901ce5f1d + +info: + name: > + TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9989f22-d5a0-453a-86e8-dc45c7cdd5dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/th-advance-product-search/" + google-query: inurl:"/wp-content/plugins/th-advance-product-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,th-advance-product-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/th-advance-product-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "th-advance-product-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/th-advance-product-search-9baae5fb51d9dd1141e1931574d9d7be.yaml b/nuclei-templates/cve-less/plugins/th-advance-product-search-9baae5fb51d9dd1141e1931574d9d7be.yaml new file mode 100644 index 0000000000..9d6dbfaff2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/th-advance-product-search-9baae5fb51d9dd1141e1931574d9d7be.yaml @@ -0,0 +1,58 @@ +id: th-advance-product-search-9baae5fb51d9dd1141e1931574d9d7be + +info: + name: > + Multiple Plugins By ThemeHunk (Various Versions) - Missing Authorization via settings_init + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/826a3fa2-ee41-4960-becb-0df8813a964a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/th-advance-product-search/" + google-query: inurl:"/wp-content/plugins/th-advance-product-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,th-advance-product-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/th-advance-product-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "th-advance-product-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/th-advance-product-search-9e3753c62120a17f21550a2c92d7d0fe.yaml b/nuclei-templates/cve-less/plugins/th-advance-product-search-9e3753c62120a17f21550a2c92d7d0fe.yaml new file mode 100644 index 0000000000..6e2570825d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/th-advance-product-search-9e3753c62120a17f21550a2c92d7d0fe.yaml @@ -0,0 +1,58 @@ +id: th-advance-product-search-9e3753c62120a17f21550a2c92d7d0fe + +info: + name: > + TH Advance Product Search <= 1.1.4 - Missing Authorization to Plugin Settings Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ceb7d0a7-ea34-4c6f-a144-660debc74a9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/th-advance-product-search/" + google-query: inurl:"/wp-content/plugins/th-advance-product-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,th-advance-product-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/th-advance-product-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "th-advance-product-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/th-all-in-one-woo-cart-41d911400ca8ace536dfd110ed4dbc79.yaml b/nuclei-templates/cve-less/plugins/th-all-in-one-woo-cart-41d911400ca8ace536dfd110ed4dbc79.yaml new file mode 100644 index 0000000000..d3bba6863f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/th-all-in-one-woo-cart-41d911400ca8ace536dfd110ed4dbc79.yaml @@ -0,0 +1,58 @@ +id: th-all-in-one-woo-cart-41d911400ca8ace536dfd110ed4dbc79 + +info: + name: > + TH Side Cart and Menu Cart for Woocommerce <= 1.1.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c0d18d3-8758-41ae-b104-dac69eee4ac9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/th-all-in-one-woo-cart/" + google-query: inurl:"/wp-content/plugins/th-all-in-one-woo-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,th-all-in-one-woo-cart,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/th-all-in-one-woo-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "th-all-in-one-woo-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/th-product-compare-9baae5fb51d9dd1141e1931574d9d7be.yaml b/nuclei-templates/cve-less/plugins/th-product-compare-9baae5fb51d9dd1141e1931574d9d7be.yaml new file mode 100644 index 0000000000..44378281a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/th-product-compare-9baae5fb51d9dd1141e1931574d9d7be.yaml @@ -0,0 +1,58 @@ +id: th-product-compare-9baae5fb51d9dd1141e1931574d9d7be + +info: + name: > + Multiple Plugins By ThemeHunk (Various Versions) - Missing Authorization via settings_init + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/826a3fa2-ee41-4960-becb-0df8813a964a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/th-product-compare/" + google-query: inurl:"/wp-content/plugins/th-product-compare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,th-product-compare,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/th-product-compare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "th-product-compare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/th-variation-swatches-a125844e860a48204534272bc2a11b7b.yaml b/nuclei-templates/cve-less/plugins/th-variation-swatches-a125844e860a48204534272bc2a11b7b.yaml new file mode 100644 index 0000000000..1c0befde75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/th-variation-swatches-a125844e860a48204534272bc2a11b7b.yaml @@ -0,0 +1,58 @@ +id: th-variation-swatches-a125844e860a48204534272bc2a11b7b + +info: + name: > + TH Variation Swatches <= 1.2.7 - Cross-Site Request Forgery via delete_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e98fb74-46f2-4a6a-8012-e2824bd77070?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/th-variation-swatches/" + google-query: inurl:"/wp-content/plugins/th-variation-swatches/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,th-variation-swatches,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/th-variation-swatches/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "th-variation-swatches" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/th23-social-f1d890dd18142758b1c8cdecbd50795b.yaml b/nuclei-templates/cve-less/plugins/th23-social-f1d890dd18142758b1c8cdecbd50795b.yaml new file mode 100644 index 0000000000..cea9a5ac77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/th23-social-f1d890dd18142758b1c8cdecbd50795b.yaml @@ -0,0 +1,58 @@ +id: th23-social-f1d890dd18142758b1c8cdecbd50795b + +info: + name: > + th23 Social <= 1.2.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6867d573-4ba1-4b82-b285-0696134d42fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/th23-social/" + google-query: inurl:"/wp-content/plugins/th23-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,th23-social,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/th23-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "th23-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thank-me-later-5e0fa9fcba55bce0a7d159ec1d8e3486.yaml b/nuclei-templates/cve-less/plugins/thank-me-later-5e0fa9fcba55bce0a7d159ec1d8e3486.yaml new file mode 100644 index 0000000000..58791081fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thank-me-later-5e0fa9fcba55bce0a7d159ec1d8e3486.yaml @@ -0,0 +1,58 @@ +id: thank-me-later-5e0fa9fcba55bce0a7d159ec1d8e3486 + +info: + name: > + Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d73fd485-cb59-42eb-9426-9b89299bb6bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thank-me-later/" + google-query: inurl:"/wp-content/plugins/thank-me-later/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thank-me-later,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thank-me-later/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thank-me-later" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thanks-you-counter-button-60056c59f58d08c739eaa4877baa7622.yaml b/nuclei-templates/cve-less/plugins/thanks-you-counter-button-60056c59f58d08c739eaa4877baa7622.yaml new file mode 100644 index 0000000000..554d6719a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thanks-you-counter-button-60056c59f58d08c739eaa4877baa7622.yaml @@ -0,0 +1,58 @@ +id: thanks-you-counter-button-60056c59f58d08c739eaa4877baa7622 + +info: + name: > + Thank You Counter Button <= 1.9.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a984bd8-ca43-4676-9985-b111111c17ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thanks-you-counter-button/" + google-query: inurl:"/wp-content/plugins/thanks-you-counter-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thanks-you-counter-button,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thanks-you-counter-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thanks-you-counter-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-buffer-button-073c84bcdcba646c59175dbb887b7a95.yaml b/nuclei-templates/cve-less/plugins/the-buffer-button-073c84bcdcba646c59175dbb887b7a95.yaml new file mode 100644 index 0000000000..ce2adee27a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-buffer-button-073c84bcdcba646c59175dbb887b7a95.yaml @@ -0,0 +1,58 @@ +id: the-buffer-button-073c84bcdcba646c59175dbb887b7a95 + +info: + name: > + The Buffer Button <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d5a9a2d-63d3-411c-af22-2829fd79c72b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-buffer-button/" + google-query: inurl:"/wp-content/plugins/the-buffer-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-buffer-button,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-buffer-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-buffer-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-events-calendar-15adc07dcc170bd663dc3c1e94fa94e1.yaml b/nuclei-templates/cve-less/plugins/the-events-calendar-15adc07dcc170bd663dc3c1e94fa94e1.yaml new file mode 100644 index 0000000000..d1fec87f21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-events-calendar-15adc07dcc170bd663dc3c1e94fa94e1.yaml @@ -0,0 +1,58 @@ +id: the-events-calendar-15adc07dcc170bd663dc3c1e94fa94e1 + +info: + name: > + The Events Calendar <= 4.8.1 - Cross-Site Scripting via tribe_paged Parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2314cfeb-52e4-40c5-91e9-ebd7d7eab809?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-events-calendar/" + google-query: inurl:"/wp-content/plugins/the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-events-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-events-calendar-362ad579ac93dd9d0975339b992aaf7d.yaml b/nuclei-templates/cve-less/plugins/the-events-calendar-362ad579ac93dd9d0975339b992aaf7d.yaml new file mode 100644 index 0000000000..c57d2ade15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-events-calendar-362ad579ac93dd9d0975339b992aaf7d.yaml @@ -0,0 +1,58 @@ +id: the-events-calendar-362ad579ac93dd9d0975339b992aaf7d + +info: + name: > + The Events Calendar <= 6.1.2.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c513e674-c027-4335-8ba3-b19696a1ce9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-events-calendar/" + google-query: inurl:"/wp-content/plugins/the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-events-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-events-calendar-55a397e3ac510c4f6b8de73dafe73c50.yaml b/nuclei-templates/cve-less/plugins/the-events-calendar-55a397e3ac510c4f6b8de73dafe73c50.yaml new file mode 100644 index 0000000000..13091b9bb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-events-calendar-55a397e3ac510c4f6b8de73dafe73c50.yaml @@ -0,0 +1,58 @@ +id: the-events-calendar-55a397e3ac510c4f6b8de73dafe73c50 + +info: + name: > + The Events Calendar <= 6.3.0 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30e0289c-b893-41bd-aad9-d7ec62bf2b23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-events-calendar/" + google-query: inurl:"/wp-content/plugins/the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-events-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-events-calendar-dce291168af66dac21606f747d77714a.yaml b/nuclei-templates/cve-less/plugins/the-events-calendar-dce291168af66dac21606f747d77714a.yaml new file mode 100644 index 0000000000..ab83deea00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-events-calendar-dce291168af66dac21606f747d77714a.yaml @@ -0,0 +1,58 @@ +id: the-events-calendar-dce291168af66dac21606f747d77714a + +info: + name: > + The Events Calendar <= 6.2.8 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8291fd89-aea1-4f7b-abd8-dee8438c3ed5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-events-calendar/" + google-query: inurl:"/wp-content/plugins/the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-events-calendar-eventbrite-tickets-86cd270f4cc1442525b2973b263a3c27.yaml b/nuclei-templates/cve-less/plugins/the-events-calendar-eventbrite-tickets-86cd270f4cc1442525b2973b263a3c27.yaml new file mode 100644 index 0000000000..d2ecb1dadd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-events-calendar-eventbrite-tickets-86cd270f4cc1442525b2973b263a3c27.yaml @@ -0,0 +1,58 @@ +id: the-events-calendar-eventbrite-tickets-86cd270f4cc1442525b2973b263a3c27 + +info: + name: > + The Events Calendar: Eventbrite Tickets < 3.10.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7346eeba-904b-4cf9-9d10-33a33120aea4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-events-calendar-eventbrite-tickets/" + google-query: inurl:"/wp-content/plugins/the-events-calendar-eventbrite-tickets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-events-calendar-eventbrite-tickets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-events-calendar-eventbrite-tickets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-events-calendar-eventbrite-tickets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-events-calendar-f52eb0f0fb1dc47ee06378a3c186f4e1.yaml b/nuclei-templates/cve-less/plugins/the-events-calendar-f52eb0f0fb1dc47ee06378a3c186f4e1.yaml new file mode 100644 index 0000000000..2c8183b25e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-events-calendar-f52eb0f0fb1dc47ee06378a3c186f4e1.yaml @@ -0,0 +1,58 @@ +id: the-events-calendar-f52eb0f0fb1dc47ee06378a3c186f4e1 + +info: + name: > + The Events Calendar <= 6.2.8.2 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc40196e-c0f3-4bc6-ac4b-b866902def61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-events-calendar/" + google-query: inurl:"/wp-content/plugins/the-events-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-events-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-events-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-events-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-hackers-diet-e7aa2e734d6d80e9f42443bea3734579.yaml b/nuclei-templates/cve-less/plugins/the-hackers-diet-e7aa2e734d6d80e9f42443bea3734579.yaml new file mode 100644 index 0000000000..9370fce66c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-hackers-diet-e7aa2e734d6d80e9f42443bea3734579.yaml @@ -0,0 +1,58 @@ +id: the-hackers-diet-e7aa2e734d6d80e9f42443bea3734579 + +info: + name: > + The Hacker's Diet <= 0.9.6b - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cbd298c-cba3-4986-b44c-a75b005b4340?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-hackers-diet/" + google-query: inurl:"/wp-content/plugins/the-hackers-diet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-hackers-diet,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-hackers-diet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-hackers-diet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.6b') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-holiday-calendar-a669ab86f241324d8d2f2b22eaec997d.yaml b/nuclei-templates/cve-less/plugins/the-holiday-calendar-a669ab86f241324d8d2f2b22eaec997d.yaml new file mode 100644 index 0000000000..09c6472431 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-holiday-calendar-a669ab86f241324d8d2f2b22eaec997d.yaml @@ -0,0 +1,58 @@ +id: the-holiday-calendar-a669ab86f241324d8d2f2b22eaec997d + +info: + name: > + The Holiday Calendar < 1.11.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4211712-26b2-4f59-82b8-928e405cd08d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-holiday-calendar/" + google-query: inurl:"/wp-content/plugins/the-holiday-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-holiday-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-holiday-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-holiday-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.11.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-moneytizer-fb202acb909978e8641eabe44749f8ea.yaml b/nuclei-templates/cve-less/plugins/the-moneytizer-fb202acb909978e8641eabe44749f8ea.yaml new file mode 100644 index 0000000000..59a8747673 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-moneytizer-fb202acb909978e8641eabe44749f8ea.yaml @@ -0,0 +1,58 @@ +id: the-moneytizer-fb202acb909978e8641eabe44749f8ea + +info: + name: > + The Moneytizer <= 9.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4d9e8fa-abc5-477a-bf99-dc910f0aabda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-moneytizer/" + google-query: inurl:"/wp-content/plugins/the-moneytizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-moneytizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-moneytizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-moneytizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.5.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-pack-addon-d8bfc01f0d93fad4fb2e1a339254a3ed.yaml b/nuclei-templates/cve-less/plugins/the-pack-addon-d8bfc01f0d93fad4fb2e1a339254a3ed.yaml new file mode 100644 index 0000000000..bc5938361e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-pack-addon-d8bfc01f0d93fad4fb2e1a339254a3ed.yaml @@ -0,0 +1,58 @@ +id: the-pack-addon-d8bfc01f0d93fad4fb2e1a339254a3ed + +info: + name: > + The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.2 - Authenticated (Subscriber+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42de41f1-cfb2-4413-8841-c63d0e764be3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-pack-addon/" + google-query: inurl:"/wp-content/plugins/the-pack-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-pack-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-pack-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-pack-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-pack-addon-e89c86876a9fa2c6c7251b6a1cdc42b1.yaml b/nuclei-templates/cve-less/plugins/the-pack-addon-e89c86876a9fa2c6c7251b6a1cdc42b1.yaml new file mode 100644 index 0000000000..508a8bd959 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-pack-addon-e89c86876a9fa2c6c7251b6a1cdc42b1.yaml @@ -0,0 +1,58 @@ +id: the-pack-addon-e89c86876a9fa2c6c7251b6a1cdc42b1 + +info: + name: > + The Pack Elementor addons (Header Footer & WooCommerce Builder, Template Library) <= 2.0.8.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8232ff9e-e8de-4bd1-9a73-2383a4a25b80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-pack-addon/" + google-query: inurl:"/wp-content/plugins/the-pack-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-pack-addon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-pack-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-pack-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-block-editor-64920ba860c3e3d6855bec6b3359aa95.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-block-editor-64920ba860c3e3d6855bec6b3359aa95.yaml new file mode 100644 index 0000000000..c72b65bb14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-block-editor-64920ba860c3e3d6855bec6b3359aa95.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-block-editor-64920ba860c3e3d6855bec6b3359aa95 + +info: + name: > + The Plus Blocks for Block Editor | Gutenberg <= 3.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c3f1202-886a-471c-9b93-0efbf4282618?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-block-editor/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-block-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-block-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-block-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-block-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-block-editor-fdbe6ed30963d2d89b9e4d6d9ea6d03d.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-block-editor-fdbe6ed30963d2d89b9e4d6d9ea6d03d.yaml new file mode 100644 index 0000000000..a279ae1425 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-block-editor-fdbe6ed30963d2d89b9e4d6d9ea6d03d.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-block-editor-fdbe6ed30963d2d89b9e4d6d9ea6d03d + +info: + name: > + The Plus Blocks for Block Editor | Gutenberg <= 3.2.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d6c19e2-b280-4937-8f66-eac1da3cd365?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-block-editor/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-block-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-block-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-block-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-block-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-20984fc62bd28bb51dbd02e6ae5eacfc.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-20984fc62bd28bb51dbd02e6ae5eacfc.yaml new file mode 100644 index 0000000000..0e3b67e9f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-20984fc62bd28bb51dbd02e6ae5eacfc.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-elementor-page-builder-20984fc62bd28bb51dbd02e6ae5eacfc + +info: + name: > + The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af650c7a-c413-4f4a-9e4b-8ddcd8da5397?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-28b13ccb507cfeb174aa819fc3235b5f.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-28b13ccb507cfeb174aa819fc3235b5f.yaml new file mode 100644 index 0000000000..9560895ccf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-28b13ccb507cfeb174aa819fc3235b5f.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-elementor-page-builder-28b13ccb507cfeb174aa819fc3235b5f + +info: + name: > + The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa698e7e-b1c7-4ead-aa2e-7fbfc9dfac80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.0', '<= 4.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-3835c81a3b054f8f577b5a29958ca111.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-3835c81a3b054f8f577b5a29958ca111.yaml new file mode 100644 index 0000000000..62dd61bbe7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-3835c81a3b054f8f577b5a29958ca111.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-elementor-page-builder-3835c81a3b054f8f577b5a29958ca111 + +info: + name: > + The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7707ca04-e136-4d4b-869b-cd270359991e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-3d06eee6979cba3a65776c3770040194.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-3d06eee6979cba3a65776c3770040194.yaml new file mode 100644 index 0000000000..35a5246cde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-3d06eee6979cba3a65776c3770040194.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-elementor-page-builder-3d06eee6979cba3a65776c3770040194 + +info: + name: > + The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab15fe2b-974c-41b0-ab6b-68322d2d3396?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-421c48e1cd35997d3959562c69cf5279.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-421c48e1cd35997d3959562c69cf5279.yaml new file mode 100644 index 0000000000..faeeef77ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-421c48e1cd35997d3959562c69cf5279.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-elementor-page-builder-421c48e1cd35997d3959562c69cf5279 + +info: + name: > + The Plus Addons for Elementor <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting Header Meta Content Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0b3d83b-9695-40c5-b6ee-2a76c940de6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-53696e5218de6a7c32a3a9109583afd7.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-53696e5218de6a7c32a3a9109583afd7.yaml new file mode 100644 index 0000000000..9a045529fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-53696e5218de6a7c32a3a9109583afd7.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-elementor-page-builder-53696e5218de6a7c32a3a9109583afd7 + +info: + name: > + The Plus Addons for Elementor <= 5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e66b5c12-3acb-41f7-ae5f-8a9130053e45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-6b109b8afc142f70c57afa63265ae2e5.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-6b109b8afc142f70c57afa63265ae2e5.yaml new file mode 100644 index 0000000000..b61b383d9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-6b109b8afc142f70c57afa63265ae2e5.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-elementor-page-builder-6b109b8afc142f70c57afa63265ae2e5 + +info: + name: > + The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Clients Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc7ff863-3a8e-41cd-ae20-78bb4577c16a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-712959520f4dede71b7a2d9e44002c33.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-712959520f4dede71b7a2d9e44002c33.yaml new file mode 100644 index 0000000000..8c65c03ebf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-712959520f4dede71b7a2d9e44002c33.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-elementor-page-builder-712959520f4dede71b7a2d9e44002c33 + +info: + name: > + The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30579058-54f4-4496-9275-078faf99823f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-ad74c1853755393f0d665754f820d681.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-ad74c1853755393f0d665754f820d681.yaml new file mode 100644 index 0000000000..862e89129e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-ad74c1853755393f0d665754f820d681.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-elementor-page-builder-ad74c1853755393f0d665754f820d681 + +info: + name: > + The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96388c82-2392-42b3-b0a0-c3d92910fb5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-c3136cf32a8ee994d42daa37c82bd5e1.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-c3136cf32a8ee994d42daa37c82bd5e1.yaml new file mode 100644 index 0000000000..0834ea3491 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-c3136cf32a8ee994d42daa37c82bd5e1.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-elementor-page-builder-c3136cf32a8ee994d42daa37c82bd5e1 + +info: + name: > + The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a412e682-869a-46ba-a2d0-d84ed542adc9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-cd4c918fd5ff72f1664fbf0ef99c4299.yaml b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-cd4c918fd5ff72f1664fbf0ef99c4299.yaml new file mode 100644 index 0000000000..7d8e265055 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-plus-addons-for-elementor-page-builder-cd4c918fd5ff72f1664fbf0ef99c4299.yaml @@ -0,0 +1,58 @@ +id: the-plus-addons-for-elementor-page-builder-cd4c918fd5ff72f1664fbf0ef99c4299 + +info: + name: > + The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0117436-7a2a-42f3-8c05-75dfddfb9d09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/the-plus-addons-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-plus-addons-for-elementor-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-plus-addons-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-plus-addons-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-post-grid-6d37d0911eec8eaf770eb1eec58145bc.yaml b/nuclei-templates/cve-less/plugins/the-post-grid-6d37d0911eec8eaf770eb1eec58145bc.yaml new file mode 100644 index 0000000000..276a351ded --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-post-grid-6d37d0911eec8eaf770eb1eec58145bc.yaml @@ -0,0 +1,58 @@ +id: the-post-grid-6d37d0911eec8eaf770eb1eec58145bc + +info: + name: > + The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 5.0.4 - Cross-Site Request Forgery in rttpg_spare_me + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b352be87-ea61-4666-a4d0-cf93fef40e33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-post-grid/" + google-query: inurl:"/wp-content/plugins/the-post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-post-grid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-post-grid-aa24420637d5fac56ca63b2271fa8b9f.yaml b/nuclei-templates/cve-less/plugins/the-post-grid-aa24420637d5fac56ca63b2271fa8b9f.yaml new file mode 100644 index 0000000000..af7b22438a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-post-grid-aa24420637d5fac56ca63b2271fa8b9f.yaml @@ -0,0 +1,58 @@ +id: the-post-grid-aa24420637d5fac56ca63b2271fa8b9f + +info: + name: > + The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid <= 7.6.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ef2ced-3c82-4379-8b14-1cf11482fd35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-post-grid/" + google-query: inurl:"/wp-content/plugins/the-post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-post-grid,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-post-grid-dc7632e71a497cfee47279611e30245e.yaml b/nuclei-templates/cve-less/plugins/the-post-grid-dc7632e71a497cfee47279611e30245e.yaml new file mode 100644 index 0000000000..7ac0b6074a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-post-grid-dc7632e71a497cfee47279611e30245e.yaml @@ -0,0 +1,58 @@ +id: the-post-grid-dc7632e71a497cfee47279611e30245e + +info: + name: > + The Post Grid <= 7.2.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7de4282f-157b-4ba0-b400-e4e9982beb31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-post-grid/" + google-query: inurl:"/wp-content/plugins/the-post-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-post-grid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-post-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-post-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-sorter-ca1b64ffb0ccae02fca2d23bb2d6ec12.yaml b/nuclei-templates/cve-less/plugins/the-sorter-ca1b64ffb0ccae02fca2d23bb2d6ec12.yaml new file mode 100644 index 0000000000..b4779d60a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-sorter-ca1b64ffb0ccae02fca2d23bb2d6ec12.yaml @@ -0,0 +1,58 @@ +id: the-sorter-ca1b64ffb0ccae02fca2d23bb2d6ec12 + +info: + name: > + The Sorter <= 1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64b10a7d-ca11-47ec-ba8a-e2b838fd8a2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-sorter/" + google-query: inurl:"/wp-content/plugins/the-sorter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-sorter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-sorter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-sorter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/the-very-simple-vimeo-shortcode-be0ba3aacccf6ba5116887341d902b74.yaml b/nuclei-templates/cve-less/plugins/the-very-simple-vimeo-shortcode-be0ba3aacccf6ba5116887341d902b74.yaml new file mode 100644 index 0000000000..cc1a7f9205 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/the-very-simple-vimeo-shortcode-be0ba3aacccf6ba5116887341d902b74.yaml @@ -0,0 +1,58 @@ +id: the-very-simple-vimeo-shortcode-be0ba3aacccf6ba5116887341d902b74 + +info: + name: > + Simple Vimeo Shortcode <= 2.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66edd8e5-1d5e-425d-a4f4-5359683c1e36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/the-very-simple-vimeo-shortcode/" + google-query: inurl:"/wp-content/plugins/the-very-simple-vimeo-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,the-very-simple-vimeo-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/the-very-simple-vimeo-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-very-simple-vimeo-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theatre-69bd71812f8b19e052624d1ea9f84cfd.yaml b/nuclei-templates/cve-less/plugins/theatre-69bd71812f8b19e052624d1ea9f84cfd.yaml new file mode 100644 index 0000000000..702b2804c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theatre-69bd71812f8b19e052624d1ea9f84cfd.yaml @@ -0,0 +1,58 @@ +id: theatre-69bd71812f8b19e052624d1ea9f84cfd + +info: + name: > + Theater for WordPress <= 0.18.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0fdad22-5aee-468f-885c-f65c068cf413?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theatre/" + google-query: inurl:"/wp-content/plugins/theatre/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theatre,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theatre/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theatre" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thecartpress-0918a1cd67495fb4f2501b4a07ebe974.yaml b/nuclei-templates/cve-less/plugins/thecartpress-0918a1cd67495fb4f2501b4a07ebe974.yaml new file mode 100644 index 0000000000..501075cff3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thecartpress-0918a1cd67495fb4f2501b4a07ebe974.yaml @@ -0,0 +1,58 @@ +id: thecartpress-0918a1cd67495fb4f2501b4a07ebe974 + +info: + name: > + TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8150619-9710-4dc0-ab62-ffd3e9fa8cd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thecartpress/" + google-query: inurl:"/wp-content/plugins/thecartpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thecartpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thecartpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thecartpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thecartpress-380b3f09b95ab564acee2d8952a33e71.yaml b/nuclei-templates/cve-less/plugins/thecartpress-380b3f09b95ab564acee2d8952a33e71.yaml new file mode 100644 index 0000000000..625fd69f9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thecartpress-380b3f09b95ab564acee2d8952a33e71.yaml @@ -0,0 +1,58 @@ +id: thecartpress-380b3f09b95ab564acee2d8952a33e71 + +info: + name: > + TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b26dd2e-3d0b-4c6b-8819-6d1e437207fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thecartpress/" + google-query: inurl:"/wp-content/plugins/thecartpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thecartpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thecartpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thecartpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thecartpress-566549d4981430f7717caf8e709d7d50.yaml b/nuclei-templates/cve-less/plugins/thecartpress-566549d4981430f7717caf8e709d7d50.yaml new file mode 100644 index 0000000000..5c1d1643c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thecartpress-566549d4981430f7717caf8e709d7d50.yaml @@ -0,0 +1,58 @@ +id: thecartpress-566549d4981430f7717caf8e709d7d50 + +info: + name: > + TheCartPress eCommerce Shopping Cart <= 1.5.3.6 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73a049de-f4b2-4b87-a78b-62cd333853b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thecartpress/" + google-query: inurl:"/wp-content/plugins/thecartpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thecartpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thecartpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thecartpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thecartpress-c4a1c6ea67bd01790c36ea2fb1f58bd3.yaml b/nuclei-templates/cve-less/plugins/thecartpress-c4a1c6ea67bd01790c36ea2fb1f58bd3.yaml new file mode 100644 index 0000000000..fe5b186cfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thecartpress-c4a1c6ea67bd01790c36ea2fb1f58bd3.yaml @@ -0,0 +1,58 @@ +id: thecartpress-c4a1c6ea67bd01790c36ea2fb1f58bd3 + +info: + name: > + TheCartPress eCommerce Shopping Cart <= 1.1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/caae093e-58e8-48b1-8665-2a5f49e98c58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thecartpress/" + google-query: inurl:"/wp-content/plugins/thecartpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thecartpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thecartpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thecartpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thecartpress-e7c178a2471ea08f4ec99b9eb663cf05.yaml b/nuclei-templates/cve-less/plugins/thecartpress-e7c178a2471ea08f4ec99b9eb663cf05.yaml new file mode 100644 index 0000000000..08a79c1e7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thecartpress-e7c178a2471ea08f4ec99b9eb663cf05.yaml @@ -0,0 +1,58 @@ +id: thecartpress-e7c178a2471ea08f4ec99b9eb663cf05 + +info: + name: > + TheCartPress eCommerce Shopping Cart <= 1.5.3.6 Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8593b14e-672d-43b8-b516-d068cbd735b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thecartpress/" + google-query: inurl:"/wp-content/plugins/thecartpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thecartpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thecartpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thecartpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-blvd-responsive-google-maps-9be84376d34a812060ad8aba2e71f1f0.yaml b/nuclei-templates/cve-less/plugins/theme-blvd-responsive-google-maps-9be84376d34a812060ad8aba2e71f1f0.yaml new file mode 100644 index 0000000000..a5b75f680b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-blvd-responsive-google-maps-9be84376d34a812060ad8aba2e71f1f0.yaml @@ -0,0 +1,58 @@ +id: theme-blvd-responsive-google-maps-9be84376d34a812060ad8aba2e71f1f0 + +info: + name: > + Theme Blvd Responsive Google Maps <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d97761cb-8645-474d-9f9a-15ecdd426db4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-blvd-responsive-google-maps/" + google-query: inurl:"/wp-content/plugins/theme-blvd-responsive-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-blvd-responsive-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-blvd-responsive-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-blvd-responsive-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-blvd-shortcodes-7ba8529af3436a78498f1c21893b7e85.yaml b/nuclei-templates/cve-less/plugins/theme-blvd-shortcodes-7ba8529af3436a78498f1c21893b7e85.yaml new file mode 100644 index 0000000000..63e01340f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-blvd-shortcodes-7ba8529af3436a78498f1c21893b7e85.yaml @@ -0,0 +1,58 @@ +id: theme-blvd-shortcodes-7ba8529af3436a78498f1c21893b7e85 + +info: + name: > + Theme Blvd Shortcodes <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88809668-ea6b-41df-b2a7-ffe03a931c86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-blvd-shortcodes/" + google-query: inurl:"/wp-content/plugins/theme-blvd-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-blvd-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-blvd-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-blvd-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-demo-import-42bbb29a21ceaaa3011864640412a5ea.yaml b/nuclei-templates/cve-less/plugins/theme-demo-import-42bbb29a21ceaaa3011864640412a5ea.yaml new file mode 100644 index 0000000000..09e02ccda6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-demo-import-42bbb29a21ceaaa3011864640412a5ea.yaml @@ -0,0 +1,58 @@ +id: theme-demo-import-42bbb29a21ceaaa3011864640412a5ea + +info: + name: > + Theme Demo Import <= 1.1.1 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/186180ed-321f-4618-8828-65b93fa054a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-demo-import/" + google-query: inurl:"/wp-content/plugins/theme-demo-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-demo-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-demo-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-demo-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-demo-import-acd2f33fed5535f04cc63cbd673f8668.yaml b/nuclei-templates/cve-less/plugins/theme-demo-import-acd2f33fed5535f04cc63cbd673f8668.yaml new file mode 100644 index 0000000000..416e2498cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-demo-import-acd2f33fed5535f04cc63cbd673f8668.yaml @@ -0,0 +1,58 @@ +id: theme-demo-import-acd2f33fed5535f04cc63cbd673f8668 + +info: + name: > + Theme Demo Import <= 1.1.1 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9636b15-1259-4c6e-8691-b1d573ef0417?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-demo-import/" + google-query: inurl:"/wp-content/plugins/theme-demo-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-demo-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-demo-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-demo-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-editor-2dfa0b8f134cf415442ecf4c309e85d2.yaml b/nuclei-templates/cve-less/plugins/theme-editor-2dfa0b8f134cf415442ecf4c309e85d2.yaml new file mode 100644 index 0000000000..ccd1f85b4e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-editor-2dfa0b8f134cf415442ecf4c309e85d2.yaml @@ -0,0 +1,58 @@ +id: theme-editor-2dfa0b8f134cf415442ecf4c309e85d2 + +info: + name: > + Theme Editor <= 2.5 - Authenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d81b2927-f855-48f2-b7ae-f1411bee0040?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-editor/" + google-query: inurl:"/wp-content/plugins/theme-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-editor-fd1e677494c37ae823f0277f9b7da0c4.yaml b/nuclei-templates/cve-less/plugins/theme-editor-fd1e677494c37ae823f0277f9b7da0c4.yaml new file mode 100644 index 0000000000..52451aee32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-editor-fd1e677494c37ae823f0277f9b7da0c4.yaml @@ -0,0 +1,58 @@ +id: theme-editor-fd1e677494c37ae823f0277f9b7da0c4 + +info: + name: > + Theme Editor <= 2.7.1 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6ede290-a6c4-4c13-872b-60c9601d39db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-editor/" + google-query: inurl:"/wp-content/plugins/theme-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-junkie-shortcodes-4f1dddafa18fba59ec7aef53cc2b0d3d.yaml b/nuclei-templates/cve-less/plugins/theme-junkie-shortcodes-4f1dddafa18fba59ec7aef53cc2b0d3d.yaml new file mode 100644 index 0000000000..8c70506f66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-junkie-shortcodes-4f1dddafa18fba59ec7aef53cc2b0d3d.yaml @@ -0,0 +1,58 @@ +id: theme-junkie-shortcodes-4f1dddafa18fba59ec7aef53cc2b0d3d + +info: + name: > + TJ Shortcodes 0.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f88ef4cf-3f22-40e0-b651-59cb40f148fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-junkie-shortcodes/" + google-query: inurl:"/wp-content/plugins/theme-junkie-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-junkie-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-junkie-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-junkie-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-minifier-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/theme-minifier-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..81bb2625bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-minifier-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: theme-minifier-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-minifier/" + google-query: inurl:"/wp-content/plugins/theme-minifier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-minifier,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-minifier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-minifier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-my-login-755306c8577963b7e9a15f996cc38136.yaml b/nuclei-templates/cve-less/plugins/theme-my-login-755306c8577963b7e9a15f996cc38136.yaml new file mode 100644 index 0000000000..737780aaff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-my-login-755306c8577963b7e9a15f996cc38136.yaml @@ -0,0 +1,58 @@ +id: theme-my-login-755306c8577963b7e9a15f996cc38136 + +info: + name: > + Theme My Login <= 7.1.6 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e56d98b5-ae38-4059-bc32-d0fffd326740?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-my-login/" + google-query: inurl:"/wp-content/plugins/theme-my-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-my-login,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-my-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-my-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-my-login-ef20cf055251e93d9b846f8776b699ac.yaml b/nuclei-templates/cve-less/plugins/theme-my-login-ef20cf055251e93d9b846f8776b699ac.yaml new file mode 100644 index 0000000000..bcea51b0df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-my-login-ef20cf055251e93d9b846f8776b699ac.yaml @@ -0,0 +1,58 @@ +id: theme-my-login-ef20cf055251e93d9b846f8776b699ac + +info: + name: > + Theme My Login <= 6.3.9 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fee990a-8ac0-40a2-9f25-96defd62263d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-my-login/" + google-query: inurl:"/wp-content/plugins/theme-my-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-my-login,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-my-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-my-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-per-user-220d44d27b32ec5f1770ce6de644f463.yaml b/nuclei-templates/cve-less/plugins/theme-per-user-220d44d27b32ec5f1770ce6de644f463.yaml new file mode 100644 index 0000000000..4d70a1c92d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-per-user-220d44d27b32ec5f1770ce6de644f463.yaml @@ -0,0 +1,58 @@ +id: theme-per-user-220d44d27b32ec5f1770ce6de644f463 + +info: + name: > + Theme per user <= 1.0.1 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc7e6844-23e2-4523-8261-21d4cba87db3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-per-user/" + google-query: inurl:"/wp-content/plugins/theme-per-user/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-per-user,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-per-user/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-per-user" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-switcha-b4a41681eefe755efd70571167096dd9.yaml b/nuclei-templates/cve-less/plugins/theme-switcha-b4a41681eefe755efd70571167096dd9.yaml new file mode 100644 index 0000000000..c3c24185b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-switcha-b4a41681eefe755efd70571167096dd9.yaml @@ -0,0 +1,58 @@ +id: theme-switcha-b4a41681eefe755efd70571167096dd9 + +info: + name: > + Theme Switcha <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0937fe-3ea6-427a-aef7-539c08687abb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-switcha/" + google-query: inurl:"/wp-content/plugins/theme-switcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-switcha,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-switcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-switcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-translation-for-polylang-f5d278de8a6f52f6b1d00da3aecdfc57.yaml b/nuclei-templates/cve-less/plugins/theme-translation-for-polylang-f5d278de8a6f52f6b1d00da3aecdfc57.yaml new file mode 100644 index 0000000000..b656a345d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-translation-for-polylang-f5d278de8a6f52f6b1d00da3aecdfc57.yaml @@ -0,0 +1,58 @@ +id: theme-translation-for-polylang-f5d278de8a6f52f6b1d00da3aecdfc57 + +info: + name: > + Theme and plugin translation for Polylang <= 3.2.16 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f6a358a-333c-4eb7-9149-348bf3713943?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-translation-for-polylang/" + google-query: inurl:"/wp-content/plugins/theme-translation-for-polylang/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-translation-for-polylang,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-translation-for-polylang/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-translation-for-polylang" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-tuner-66f3161d1022633589022b156d74abba.yaml b/nuclei-templates/cve-less/plugins/theme-tuner-66f3161d1022633589022b156d74abba.yaml new file mode 100644 index 0000000000..a65774e2c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-tuner-66f3161d1022633589022b156d74abba.yaml @@ -0,0 +1,58 @@ +id: theme-tuner-66f3161d1022633589022b156d74abba + +info: + name: > + Theme Tuner < 0.8 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3b9ccb1-3854-4aa6-9f03-ff7f861ecc14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-tuner/" + google-query: inurl:"/wp-content/plugins/theme-tuner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-tuner,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-tuner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-tuner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theme-tweaker-lite-f61528b18c019a7fd52fbe924751e5b4.yaml b/nuclei-templates/cve-less/plugins/theme-tweaker-lite-f61528b18c019a7fd52fbe924751e5b4.yaml new file mode 100644 index 0000000000..07531b0c45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theme-tweaker-lite-f61528b18c019a7fd52fbe924751e5b4.yaml @@ -0,0 +1,58 @@ +id: theme-tweaker-lite-f61528b18c019a7fd52fbe924751e5b4 + +info: + name: > + Theme Tweaker <= 5.20 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dd67111-514f-4f7d-8cdd-7b10ea718530?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theme-tweaker-lite/" + google-query: inurl:"/wp-content/plugins/theme-tweaker-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theme-tweaker-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theme-tweaker-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theme-tweaker-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themeisle-companion-058a642e0573877c079f2c954605d344.yaml b/nuclei-templates/cve-less/plugins/themeisle-companion-058a642e0573877c079f2c954605d344.yaml new file mode 100644 index 0000000000..7dd87165d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themeisle-companion-058a642e0573877c079f2c954605d344.yaml @@ -0,0 +1,58 @@ +id: themeisle-companion-058a642e0573877c079f2c954605d344 + +info: + name: > + Orbit Fox Companion <= 2.10.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via custom fields + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23e39019-c322-4027-84f2-faabd9ca4983?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themeisle-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themeisle-companion-0b0a53122105422e3ec1a7c6051d3302.yaml b/nuclei-templates/cve-less/plugins/themeisle-companion-0b0a53122105422e3ec1a7c6051d3302.yaml new file mode 100644 index 0000000000..2279a0d41a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themeisle-companion-0b0a53122105422e3ec1a7c6051d3302.yaml @@ -0,0 +1,58 @@ +id: themeisle-companion-0b0a53122105422e3ec1a7c6051d3302 + +info: + name: > + Orbit Fox by ThemeIsle <= 2.10.29 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themeisle-companion,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themeisle-companion-175f5f197d39e1751001f35acbaf01df.yaml b/nuclei-templates/cve-less/plugins/themeisle-companion-175f5f197d39e1751001f35acbaf01df.yaml new file mode 100644 index 0000000000..7b3e92aa21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themeisle-companion-175f5f197d39e1751001f35acbaf01df.yaml @@ -0,0 +1,58 @@ +id: themeisle-companion-175f5f197d39e1751001f35acbaf01df + +info: + name: > + Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53c9d3d0-5fea-4e36-b356-8d3c0e672cac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themeisle-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themeisle-companion-46672cc6093b70f0f99b8c9c1af2d835.yaml b/nuclei-templates/cve-less/plugins/themeisle-companion-46672cc6093b70f0f99b8c9c1af2d835.yaml new file mode 100644 index 0000000000..0fd7c11bdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themeisle-companion-46672cc6093b70f0f99b8c9c1af2d835.yaml @@ -0,0 +1,58 @@ +id: themeisle-companion-46672cc6093b70f0f99b8c9c1af2d835 + +info: + name: > + Orbit Fox by ThemeIsle <= 2.10.32 - Authenticated (Contributor+) Stored Cross-Site Scripiting via Registration Form Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/020052ba-dece-4e70-88e7-8bd8918b8376?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themeisle-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themeisle-companion-6440d16b09a3de3d5784ee99cd71888c.yaml b/nuclei-templates/cve-less/plugins/themeisle-companion-6440d16b09a3de3d5784ee99cd71888c.yaml new file mode 100644 index 0000000000..b05bb1901b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themeisle-companion-6440d16b09a3de3d5784ee99cd71888c.yaml @@ -0,0 +1,58 @@ +id: themeisle-companion-6440d16b09a3de3d5784ee99cd71888c + +info: + name: > + Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0241a9fc-ce42-4a97-9f33-f07cf53c0f52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themeisle-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themeisle-companion-6738f168d7a8aa50cafb43b72d6946b9.yaml b/nuclei-templates/cve-less/plugins/themeisle-companion-6738f168d7a8aa50cafb43b72d6946b9.yaml new file mode 100644 index 0000000000..2743a5f7b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themeisle-companion-6738f168d7a8aa50cafb43b72d6946b9.yaml @@ -0,0 +1,58 @@ +id: themeisle-companion-6738f168d7a8aa50cafb43b72d6946b9 + +info: + name: > + Orbit Fox by ThemeIsle <= 2.10.27 - Authenticated(Contributor+) Stored Cross-site Scripting via Pricing Table Elementor Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themeisle-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themeisle-companion-6f08ab84e1cb8caf7e2c6c058fbbbb3c.yaml b/nuclei-templates/cve-less/plugins/themeisle-companion-6f08ab84e1cb8caf7e2c6c058fbbbb3c.yaml new file mode 100644 index 0000000000..c280b0423c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themeisle-companion-6f08ab84e1cb8caf7e2c6c058fbbbb3c.yaml @@ -0,0 +1,58 @@ +id: themeisle-companion-6f08ab84e1cb8caf7e2c6c058fbbbb3c + +info: + name: > + Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4603b58-0972-4e04-91ac-ffc846964722?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themeisle-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themeisle-companion-79fb0bcc374a70f9a1181c9553d664f5.yaml b/nuclei-templates/cve-less/plugins/themeisle-companion-79fb0bcc374a70f9a1181c9553d664f5.yaml new file mode 100644 index 0000000000..991de5ead7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themeisle-companion-79fb0bcc374a70f9a1181c9553d664f5.yaml @@ -0,0 +1,58 @@ +id: themeisle-companion-79fb0bcc374a70f9a1181c9553d664f5 + +info: + name: > + Orbit Fox by ThemeIsle <= 2.10.2 - Authenticated (Contributor+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b964df21-5648-4fe1-b2a7-99f8a0f02026?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themeisle-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themeisle-companion-911f38a48744ee0cba908ae42a0febe1.yaml b/nuclei-templates/cve-less/plugins/themeisle-companion-911f38a48744ee0cba908ae42a0febe1.yaml new file mode 100644 index 0000000000..782b617751 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themeisle-companion-911f38a48744ee0cba908ae42a0febe1.yaml @@ -0,0 +1,58 @@ +id: themeisle-companion-911f38a48744ee0cba908ae42a0febe1 + +info: + name: > + Orbit Fox by ThemeIsle <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df40eb21-2080-4de5-9055-09246a8a275e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themeisle-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themeisle-companion-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/themeisle-companion-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..d94d158236 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themeisle-companion-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: themeisle-companion-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themeisle-companion,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themeisle-companion-f0869bd6c833a2dcca8d781669a8f39f.yaml b/nuclei-templates/cve-less/plugins/themeisle-companion-f0869bd6c833a2dcca8d781669a8f39f.yaml new file mode 100644 index 0000000000..c193eda480 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themeisle-companion-f0869bd6c833a2dcca8d781669a8f39f.yaml @@ -0,0 +1,58 @@ +id: themeisle-companion-f0869bd6c833a2dcca8d781669a8f39f + +info: + name: > + Orbit Fox by ThemeIsle <= 2.10.23 - Authenticated (Author+) Server-Side Request Forgery via URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c30b925-47ca-4e14-a418-d9524648db2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themeisle-companion/" + google-query: inurl:"/wp-content/plugins/themeisle-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themeisle-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themeisle-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themeisle-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.10.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themesflat-addons-for-elementor-6e2990d184d8844f6771deadef053685.yaml b/nuclei-templates/cve-less/plugins/themesflat-addons-for-elementor-6e2990d184d8844f6771deadef053685.yaml new file mode 100644 index 0000000000..687e5ca441 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themesflat-addons-for-elementor-6e2990d184d8844f6771deadef053685.yaml @@ -0,0 +1,58 @@ +id: themesflat-addons-for-elementor-6e2990d184d8844f6771deadef053685 + +info: + name: > + Themesflat Addons For Elementor <= 2.0.0 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f33d080c-6d64-46d1-b01c-ef859106159f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themesflat-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/themesflat-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themesflat-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themesflat-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themesflat-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-builder-a4983d33df5e385e92545ad0082911fc.yaml b/nuclei-templates/cve-less/plugins/themify-builder-a4983d33df5e385e92545ad0082911fc.yaml new file mode 100644 index 0000000000..874ae0cd8c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-builder-a4983d33df5e385e92545ad0082911fc.yaml @@ -0,0 +1,58 @@ +id: themify-builder-a4983d33df5e385e92545ad0082911fc + +info: + name: > + Themify Builder <= 7.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6840c91f-a5d9-4940-8a08-d62acc5d43eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-builder/" + google-query: inurl:"/wp-content/plugins/themify-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-event-post-9036b0b68d189e2a08606b1361a322c6.yaml b/nuclei-templates/cve-less/plugins/themify-event-post-9036b0b68d189e2a08606b1361a322c6.yaml new file mode 100644 index 0000000000..3727029e5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-event-post-9036b0b68d189e2a08606b1361a322c6.yaml @@ -0,0 +1,58 @@ +id: themify-event-post-9036b0b68d189e2a08606b1361a322c6 + +info: + name: > + Themify Event Post <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9aa5247a-b85b-4a0d-ac3e-4b4ef8ccd8ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-event-post/" + google-query: inurl:"/wp-content/plugins/themify-event-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-event-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-event-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-event-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-icons-2317e44c2f1aa246df478fdf378e128f.yaml b/nuclei-templates/cve-less/plugins/themify-icons-2317e44c2f1aa246df478fdf378e128f.yaml new file mode 100644 index 0000000000..5b6e4f2892 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-icons-2317e44c2f1aa246df478fdf378e128f.yaml @@ -0,0 +1,58 @@ +id: themify-icons-2317e44c2f1aa246df478fdf378e128f + +info: + name: > + Themify Icons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efa156b7-ab18-414d-80a5-3a1c2a977b3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-icons/" + google-query: inurl:"/wp-content/plugins/themify-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-icons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-portfolio-post-293ee203790c9494dd9271c2d0887ade.yaml b/nuclei-templates/cve-less/plugins/themify-portfolio-post-293ee203790c9494dd9271c2d0887ade.yaml new file mode 100644 index 0000000000..70e900b3ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-portfolio-post-293ee203790c9494dd9271c2d0887ade.yaml @@ -0,0 +1,58 @@ +id: themify-portfolio-post-293ee203790c9494dd9271c2d0887ade + +info: + name: > + Themify Portfolio Post <= 1.1.5 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71d916aa-5382-495b-8142-80de0a0912e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-portfolio-post/" + google-query: inurl:"/wp-content/plugins/themify-portfolio-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-portfolio-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-portfolio-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-portfolio-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-portfolio-post-4ad06cea9bbed1fbf99a4d128c33e936.yaml b/nuclei-templates/cve-less/plugins/themify-portfolio-post-4ad06cea9bbed1fbf99a4d128c33e936.yaml new file mode 100644 index 0000000000..d2d9fd0b87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-portfolio-post-4ad06cea9bbed1fbf99a4d128c33e936.yaml @@ -0,0 +1,58 @@ +id: themify-portfolio-post-4ad06cea9bbed1fbf99a4d128c33e936 + +info: + name: > + Themify Portfolio Post <= 1.1.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df9b0578-d5fb-459b-b857-d907e4ca22b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-portfolio-post/" + google-query: inurl:"/wp-content/plugins/themify-portfolio-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-portfolio-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-portfolio-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-portfolio-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-portfolio-post-be668a1f67bf2032bc65bfbd87433e2e.yaml b/nuclei-templates/cve-less/plugins/themify-portfolio-post-be668a1f67bf2032bc65bfbd87433e2e.yaml new file mode 100644 index 0000000000..ad46177930 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-portfolio-post-be668a1f67bf2032bc65bfbd87433e2e.yaml @@ -0,0 +1,58 @@ +id: themify-portfolio-post-be668a1f67bf2032bc65bfbd87433e2e + +info: + name: > + Themify Portfolio Post <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bb5bb0-2c70-4416-8ee1-97aba100cc1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-portfolio-post/" + google-query: inurl:"/wp-content/plugins/themify-portfolio-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-portfolio-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-portfolio-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-portfolio-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-portfolio-post-eeb643b56c37992255be8d889b1e9ae2.yaml b/nuclei-templates/cve-less/plugins/themify-portfolio-post-eeb643b56c37992255be8d889b1e9ae2.yaml new file mode 100644 index 0000000000..582eaf92b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-portfolio-post-eeb643b56c37992255be8d889b1e9ae2.yaml @@ -0,0 +1,58 @@ +id: themify-portfolio-post-eeb643b56c37992255be8d889b1e9ae2 + +info: + name: > + Themify Portfolio Post <= 1.2.4 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f3c3629-b7a9-4f83-a821-64119ed662ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-portfolio-post/" + google-query: inurl:"/wp-content/plugins/themify-portfolio-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-portfolio-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-portfolio-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-portfolio-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-portfolio-post-ef2ccc3b2c02ce044d17cf1db08c67d1.yaml b/nuclei-templates/cve-less/plugins/themify-portfolio-post-ef2ccc3b2c02ce044d17cf1db08c67d1.yaml new file mode 100644 index 0000000000..867573cc69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-portfolio-post-ef2ccc3b2c02ce044d17cf1db08c67d1.yaml @@ -0,0 +1,58 @@ +id: themify-portfolio-post-ef2ccc3b2c02ce044d17cf1db08c67d1 + +info: + name: > + Themify Portfolio Post <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a67df40b-7179-47a7-9cde-1c512ecc2253?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-portfolio-post/" + google-query: inurl:"/wp-content/plugins/themify-portfolio-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-portfolio-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-portfolio-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-portfolio-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-ptb-1cf2042a7f76cab8ad8de631e6023745.yaml b/nuclei-templates/cve-less/plugins/themify-ptb-1cf2042a7f76cab8ad8de631e6023745.yaml new file mode 100644 index 0000000000..2cdd39b809 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-ptb-1cf2042a7f76cab8ad8de631e6023745.yaml @@ -0,0 +1,58 @@ +id: themify-ptb-1cf2042a7f76cab8ad8de631e6023745 + +info: + name: > + Post Type Builder <= 2.0.8 - Missing Authorization to Arbitrary Post/Page Creation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cccfdcc-643c-4330-b345-aca4025e3327?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-ptb/" + google-query: inurl:"/wp-content/plugins/themify-ptb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-ptb,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-ptb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-ptb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-ptb-30618ae67f4be74afbd8c2992d6203d9.yaml b/nuclei-templates/cve-less/plugins/themify-ptb-30618ae67f4be74afbd8c2992d6203d9.yaml new file mode 100644 index 0000000000..d9f4ca8df3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-ptb-30618ae67f4be74afbd8c2992d6203d9.yaml @@ -0,0 +1,58 @@ +id: themify-ptb-30618ae67f4be74afbd8c2992d6203d9 + +info: + name: > + Post Type Builder <= 2.0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e75cc91a-9117-4d18-ba70-d8cbae42cd08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-ptb/" + google-query: inurl:"/wp-content/plugins/themify-ptb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-ptb,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-ptb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-ptb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-ptb-search-76258f27176a5343dd9686e2b8dcac25.yaml b/nuclei-templates/cve-less/plugins/themify-ptb-search-76258f27176a5343dd9686e2b8dcac25.yaml new file mode 100644 index 0000000000..4b48942917 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-ptb-search-76258f27176a5343dd9686e2b8dcac25.yaml @@ -0,0 +1,58 @@ +id: themify-ptb-search-76258f27176a5343dd9686e2b8dcac25 + +info: + name: > + Themify PTB Search Addon <= 1.3.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c81b2dca-d830-4901-8b16-5feb7cd1a4d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-ptb-search/" + google-query: inurl:"/wp-content/plugins/themify-ptb-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-ptb-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-ptb-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-ptb-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-shortcodes-52e89cc1870832c0bf35fd7b63eefddc.yaml b/nuclei-templates/cve-less/plugins/themify-shortcodes-52e89cc1870832c0bf35fd7b63eefddc.yaml new file mode 100644 index 0000000000..eaef7fa6fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-shortcodes-52e89cc1870832c0bf35fd7b63eefddc.yaml @@ -0,0 +1,58 @@ +id: themify-shortcodes-52e89cc1870832c0bf35fd7b63eefddc + +info: + name: > + Themify Shortcodes <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via themify_button Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c63ff9d7-6a14-4186-8550-4e5c50855e7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-shortcodes/" + google-query: inurl:"/wp-content/plugins/themify-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-shortcodes-6d39c5dd9e079ccbe9ac0c1a99d74a94.yaml b/nuclei-templates/cve-less/plugins/themify-shortcodes-6d39c5dd9e079ccbe9ac0c1a99d74a94.yaml new file mode 100644 index 0000000000..15b3f541c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-shortcodes-6d39c5dd9e079ccbe9ac0c1a99d74a94.yaml @@ -0,0 +1,58 @@ +id: themify-shortcodes-6d39c5dd9e079ccbe9ac0c1a99d74a94 + +info: + name: > + Themify Shortcodes <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0aeb63e7-a24d-4d76-a8c7-f082dad87a55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-shortcodes/" + google-query: inurl:"/wp-content/plugins/themify-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-shortcodes-7fb1bb76537e399dfae9ca2dc54c6a8c.yaml b/nuclei-templates/cve-less/plugins/themify-shortcodes-7fb1bb76537e399dfae9ca2dc54c6a8c.yaml new file mode 100644 index 0000000000..6a3ae6740e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-shortcodes-7fb1bb76537e399dfae9ca2dc54c6a8c.yaml @@ -0,0 +1,58 @@ +id: themify-shortcodes-7fb1bb76537e399dfae9ca2dc54c6a8c + +info: + name: > + Themify Shortcodes <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d8fb548-0737-4b69-bf64-838bfc6d409a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-shortcodes/" + google-query: inurl:"/wp-content/plugins/themify-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-wc-product-filter-50b5d414fd08ab5c52f1201434d28062.yaml b/nuclei-templates/cve-less/plugins/themify-wc-product-filter-50b5d414fd08ab5c52f1201434d28062.yaml new file mode 100644 index 0000000000..05f9ff2551 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-wc-product-filter-50b5d414fd08ab5c52f1201434d28062.yaml @@ -0,0 +1,58 @@ +id: themify-wc-product-filter-50b5d414fd08ab5c52f1201434d28062 + +info: + name: > + Themify – WooCommerce Product Filter <= 1.4.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f621cfa-d02e-4414-bb1d-6e23da3c92b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-wc-product-filter/" + google-query: inurl:"/wp-content/plugins/themify-wc-product-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-wc-product-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-wc-product-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-wc-product-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-wc-product-filter-cac21e55f896febf57888b4da2df94b8.yaml b/nuclei-templates/cve-less/plugins/themify-wc-product-filter-cac21e55f896febf57888b4da2df94b8.yaml new file mode 100644 index 0000000000..2c2c61ba5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-wc-product-filter-cac21e55f896febf57888b4da2df94b8.yaml @@ -0,0 +1,58 @@ +id: themify-wc-product-filter-cac21e55f896febf57888b4da2df94b8 + +info: + name: > + Themify – WooCommerce Product Filter <= 1.4.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a753823a-1f95-430b-8b74-cc33f2ab018e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-wc-product-filter/" + google-query: inurl:"/wp-content/plugins/themify-wc-product-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-wc-product-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-wc-product-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-wc-product-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-wc-product-filter-cf981f122fbf50e8a58080fdccd2e915.yaml b/nuclei-templates/cve-less/plugins/themify-wc-product-filter-cf981f122fbf50e8a58080fdccd2e915.yaml new file mode 100644 index 0000000000..b8e70fe321 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-wc-product-filter-cf981f122fbf50e8a58080fdccd2e915.yaml @@ -0,0 +1,58 @@ +id: themify-wc-product-filter-cf981f122fbf50e8a58080fdccd2e915 + +info: + name: > + Themify - WooCommerce Product Filter <= 1.3.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28928a78-24c2-44d2-a9e4-33c2f352d089?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-wc-product-filter/" + google-query: inurl:"/wp-content/plugins/themify-wc-product-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-wc-product-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-wc-product-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-wc-product-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/themify-wc-product-filter-d0c7733d559f41b4b35373b971b25453.yaml b/nuclei-templates/cve-less/plugins/themify-wc-product-filter-d0c7733d559f41b4b35373b971b25453.yaml new file mode 100644 index 0000000000..87acddb6c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/themify-wc-product-filter-d0c7733d559f41b4b35373b971b25453.yaml @@ -0,0 +1,58 @@ +id: themify-wc-product-filter-d0c7733d559f41b4b35373b971b25453 + +info: + name: > + Themify – WooCommerce Product Filter <= 1.4.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0992ac60-14c6-4432-bd6e-c11c6a7bf603?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/themify-wc-product-filter/" + google-query: inurl:"/wp-content/plugins/themify-wc-product-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,themify-wc-product-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/themify-wc-product-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-wc-product-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theplus_elementor_addon-42da06bbd85810d2b121cf524da3d863.yaml b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-42da06bbd85810d2b121cf524da3d863.yaml new file mode 100644 index 0000000000..3c084bdafb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-42da06bbd85810d2b121cf524da3d863.yaml @@ -0,0 +1,58 @@ +id: theplus_elementor_addon-42da06bbd85810d2b121cf524da3d863 + +info: + name: > + Plus Addons for Elementor Page Builder <= 4.1.6 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd3a7af1-0cae-4872-9e61-58e9a9e3eda5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theplus_elementor_addon/" + google-query: inurl:"/wp-content/plugins/theplus_elementor_addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theplus_elementor_addon,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theplus_elementor_addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theplus_elementor_addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theplus_elementor_addon-5a73608ad73ff1099a14f74919aa1eff.yaml b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-5a73608ad73ff1099a14f74919aa1eff.yaml new file mode 100644 index 0000000000..dc62df63d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-5a73608ad73ff1099a14f74919aa1eff.yaml @@ -0,0 +1,58 @@ +id: theplus_elementor_addon-5a73608ad73ff1099a14f74919aa1eff + +info: + name: > + The Plus Addons for Elementor Page Builder <= 4.1.10 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c959d881-b00d-465c-bafa-988ffcf86995?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theplus_elementor_addon/" + google-query: inurl:"/wp-content/plugins/theplus_elementor_addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theplus_elementor_addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theplus_elementor_addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theplus_elementor_addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theplus_elementor_addon-82599fc80ce8e9167026a24befbd5025.yaml b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-82599fc80ce8e9167026a24befbd5025.yaml new file mode 100644 index 0000000000..95c7079dd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-82599fc80ce8e9167026a24befbd5025.yaml @@ -0,0 +1,58 @@ +id: theplus_elementor_addon-82599fc80ce8e9167026a24befbd5025 + +info: + name: > + The Plus Addons for Elementor Pro <= 5.0.6 - Sensitive Data Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cb96b56-82cb-4429-b645-dfe8a14931e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theplus_elementor_addon/" + google-query: inurl:"/wp-content/plugins/theplus_elementor_addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theplus_elementor_addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theplus_elementor_addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theplus_elementor_addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theplus_elementor_addon-a014fe0d588971955e094229935a8c6e.yaml b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-a014fe0d588971955e094229935a8c6e.yaml new file mode 100644 index 0000000000..aacc69a9cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-a014fe0d588971955e094229935a8c6e.yaml @@ -0,0 +1,58 @@ +id: theplus_elementor_addon-a014fe0d588971955e094229935a8c6e + +info: + name: > + The Plus Addons for Elementor - Pro <= 5.0.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edd1b549-0975-446d-8ff8-770dbc957f92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theplus_elementor_addon/" + google-query: inurl:"/wp-content/plugins/theplus_elementor_addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theplus_elementor_addon,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theplus_elementor_addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theplus_elementor_addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theplus_elementor_addon-ad74c1853755393f0d665754f820d681.yaml b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-ad74c1853755393f0d665754f820d681.yaml new file mode 100644 index 0000000000..05d6b9e6dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-ad74c1853755393f0d665754f820d681.yaml @@ -0,0 +1,58 @@ +id: theplus_elementor_addon-ad74c1853755393f0d665754f820d681 + +info: + name: > + The Plus Addons for Elementor PRO <= 4.1.9 & The Plus Addons for Elementor <= 2.0.6 - Authenticated (Contributor+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96388c82-2392-42b3-b0a0-c3d92910fb5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theplus_elementor_addon/" + google-query: inurl:"/wp-content/plugins/theplus_elementor_addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theplus_elementor_addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theplus_elementor_addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theplus_elementor_addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theplus_elementor_addon-b93cfae43335af57ef88a10fac024249.yaml b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-b93cfae43335af57ef88a10fac024249.yaml new file mode 100644 index 0000000000..82b1788eb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-b93cfae43335af57ef88a10fac024249.yaml @@ -0,0 +1,58 @@ +id: theplus_elementor_addon-b93cfae43335af57ef88a10fac024249 + +info: + name: > + The Plus Addons for Elementor Page Builder < 4.1.10 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97c921e4-a05d-43db-9fe7-3dac8ea4d249?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theplus_elementor_addon/" + google-query: inurl:"/wp-content/plugins/theplus_elementor_addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theplus_elementor_addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theplus_elementor_addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theplus_elementor_addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theplus_elementor_addon-ecbb50223a0cdb771fc6a4f617780de7.yaml b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-ecbb50223a0cdb771fc6a4f617780de7.yaml new file mode 100644 index 0000000000..bcf7a51949 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-ecbb50223a0cdb771fc6a4f617780de7.yaml @@ -0,0 +1,58 @@ +id: theplus_elementor_addon-ecbb50223a0cdb771fc6a4f617780de7 + +info: + name: > + The Plus Addons for Elementor Page Builder <= 4.1.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/caa09e12-60f9-4ef4-85f7-dadb6833e077?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theplus_elementor_addon/" + google-query: inurl:"/wp-content/plugins/theplus_elementor_addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theplus_elementor_addon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theplus_elementor_addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theplus_elementor_addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/theplus_elementor_addon-ee363fd534d1a755fb5facda5882c857.yaml b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-ee363fd534d1a755fb5facda5882c857.yaml new file mode 100644 index 0000000000..f9d0dc6539 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/theplus_elementor_addon-ee363fd534d1a755fb5facda5882c857.yaml @@ -0,0 +1,58 @@ +id: theplus_elementor_addon-ee363fd534d1a755fb5facda5882c857 + +info: + name: > + The Plus Addons for Elementor Pro <= 5.2.8 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d739821-569d-42d7-a4c5-70e32d5d41a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/theplus_elementor_addon/" + google-query: inurl:"/wp-content/plugins/theplus_elementor_addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,theplus_elementor_addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/theplus_elementor_addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theplus_elementor_addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thesis-openhook-a514048fb251bf33fbe7f38a2147dc40.yaml b/nuclei-templates/cve-less/plugins/thesis-openhook-a514048fb251bf33fbe7f38a2147dc40.yaml new file mode 100644 index 0000000000..e88d89e750 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thesis-openhook-a514048fb251bf33fbe7f38a2147dc40.yaml @@ -0,0 +1,58 @@ +id: thesis-openhook-a514048fb251bf33fbe7f38a2147dc40 + +info: + name: > + OpenHook <= 4.3.0 - Authenticated (Subscriber+) Remote Code Execution via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37b9ed0e-5af2-47c1-b2da-8d103e4c31bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thesis-openhook/" + google-query: inurl:"/wp-content/plugins/thesis-openhook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thesis-openhook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thesis-openhook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thesis-openhook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thesography-4f6c9e5f134bc3a7357c0b3f26384141.yaml b/nuclei-templates/cve-less/plugins/thesography-4f6c9e5f134bc3a7357c0b3f26384141.yaml new file mode 100644 index 0000000000..5af8ed69d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thesography-4f6c9e5f134bc3a7357c0b3f26384141.yaml @@ -0,0 +1,58 @@ +id: thesography-4f6c9e5f134bc3a7357c0b3f26384141 + +info: + name: > + Exifography <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ef9b22f-a0dc-43e5-9597-5dcc6ca3fc23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thesography/" + google-query: inurl:"/wp-content/plugins/thesography/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thesography,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thesography/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thesography" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thim-elementor-kit-1eee2854f94957b31e7d0d2d3c4c5271.yaml b/nuclei-templates/cve-less/plugins/thim-elementor-kit-1eee2854f94957b31e7d0d2d3c4c5271.yaml new file mode 100644 index 0000000000..3a415308f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thim-elementor-kit-1eee2854f94957b31e7d0d2d3c4c5271.yaml @@ -0,0 +1,58 @@ +id: thim-elementor-kit-1eee2854f94957b31e7d0d2d3c4c5271 + +info: + name: > + Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3275c47d-caf5-49e6-8aa2-20a6d8106f26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thim-elementor-kit/" + google-query: inurl:"/wp-content/plugins/thim-elementor-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thim-elementor-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thim-elementor-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thim-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thinkific-uploader-d35fe59b43f4760392f4ec7a5eaa4ede.yaml b/nuclei-templates/cve-less/plugins/thinkific-uploader-d35fe59b43f4760392f4ec7a5eaa4ede.yaml new file mode 100644 index 0000000000..dbacfb1cd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thinkific-uploader-d35fe59b43f4760392f4ec7a5eaa4ede.yaml @@ -0,0 +1,58 @@ +id: thinkific-uploader-d35fe59b43f4760392f4ec7a5eaa4ede + +info: + name: > + Thinkific Uploader <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/826f75dd-ff37-459a-8a28-c70e403b720a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thinkific-uploader/" + google-query: inurl:"/wp-content/plugins/thinkific-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thinkific-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thinkific-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thinkific-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thinktwit-eae5f7c2210c1cdf959e29a045115865.yaml b/nuclei-templates/cve-less/plugins/thinktwit-eae5f7c2210c1cdf959e29a045115865.yaml new file mode 100644 index 0000000000..3d2f830216 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thinktwit-eae5f7c2210c1cdf959e29a045115865.yaml @@ -0,0 +1,58 @@ +id: thinktwit-eae5f7c2210c1cdf959e29a045115865 + +info: + name: > + ThinkTwit < 1.7.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4e3e818-8d47-467a-b5cf-7eebd6a624a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thinktwit/" + google-query: inurl:"/wp-content/plugins/thinktwit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thinktwit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thinktwit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thinktwit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thirstyaffiliates-7f32d3ac2f0177d9329a7490c025ed06.yaml b/nuclei-templates/cve-less/plugins/thirstyaffiliates-7f32d3ac2f0177d9329a7490c025ed06.yaml new file mode 100644 index 0000000000..a44849b5ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thirstyaffiliates-7f32d3ac2f0177d9329a7490c025ed06.yaml @@ -0,0 +1,58 @@ +id: thirstyaffiliates-7f32d3ac2f0177d9329a7490c025ed06 + +info: + name: > + ThirstyAffiliates Affiliate Link Manager <= 3.9.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/114ea55e-a3a4-420e-9202-73ebbd95d7b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thirstyaffiliates/" + google-query: inurl:"/wp-content/plugins/thirstyaffiliates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thirstyaffiliates,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thirstyaffiliates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thirstyaffiliates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thirstyaffiliates-8982f505d6a79ae940fb4ce5e211ca2b.yaml b/nuclei-templates/cve-less/plugins/thirstyaffiliates-8982f505d6a79ae940fb4ce5e211ca2b.yaml new file mode 100644 index 0000000000..aedced43a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thirstyaffiliates-8982f505d6a79ae940fb4ce5e211ca2b.yaml @@ -0,0 +1,58 @@ +id: thirstyaffiliates-8982f505d6a79ae940fb4ce5e211ca2b + +info: + name: > + ThirstyAffiliates Affiliate Link Manager <= 3.10.4 - Subscriber+ Arbitrary Affiliate Links Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7661d648-543e-46c8-a859-fb722a0c3fc2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thirstyaffiliates/" + google-query: inurl:"/wp-content/plugins/thirstyaffiliates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thirstyaffiliates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thirstyaffiliates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thirstyaffiliates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thirstyaffiliates-edc3a8280c90c700d2ea22dbd7cd3a1b.yaml b/nuclei-templates/cve-less/plugins/thirstyaffiliates-edc3a8280c90c700d2ea22dbd7cd3a1b.yaml new file mode 100644 index 0000000000..f408980727 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thirstyaffiliates-edc3a8280c90c700d2ea22dbd7cd3a1b.yaml @@ -0,0 +1,58 @@ +id: thirstyaffiliates-edc3a8280c90c700d2ea22dbd7cd3a1b + +info: + name: > + ThirstyAffiliates Affiliate Link Manager <= 3.10.4 - Authorization Bypass and Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e361a98-94c5-4775-a306-b343997e1cde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thirstyaffiliates/" + google-query: inurl:"/wp-content/plugins/thirstyaffiliates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thirstyaffiliates,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thirstyaffiliates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thirstyaffiliates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/this-day-in-history-6254bdc184e74d40b3b0be9a1c286f34.yaml b/nuclei-templates/cve-less/plugins/this-day-in-history-6254bdc184e74d40b3b0be9a1c286f34.yaml new file mode 100644 index 0000000000..11eb6cf6f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/this-day-in-history-6254bdc184e74d40b3b0be9a1c286f34.yaml @@ -0,0 +1,58 @@ +id: this-day-in-history-6254bdc184e74d40b3b0be9a1c286f34 + +info: + name: > + This Day In History <= 3.10.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b88a8a9-d3e1-4c21-a4e8-d9afa34d7a2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/this-day-in-history/" + google-query: inurl:"/wp-content/plugins/this-day-in-history/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,this-day-in-history,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/this-day-in-history/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "this-day-in-history" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/threewp-email-reflector-260d59850520222ae9e82cf8d0c5f77a.yaml b/nuclei-templates/cve-less/plugins/threewp-email-reflector-260d59850520222ae9e82cf8d0c5f77a.yaml new file mode 100644 index 0000000000..971a5fc1bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/threewp-email-reflector-260d59850520222ae9e82cf8d0c5f77a.yaml @@ -0,0 +1,58 @@ +id: threewp-email-reflector-260d59850520222ae9e82cf8d0c5f77a + +info: + name: > + ThreeWP Email Reflector < 1.16 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89c588e4-2f42-4ec5-8d05-3b45b23066c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/threewp-email-reflector/" + google-query: inurl:"/wp-content/plugins/threewp-email-reflector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,threewp-email-reflector,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/threewp-email-reflector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "threewp-email-reflector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-ab-page-testing-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/plugins/thrive-ab-page-testing-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..a4bc7edd50 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-ab-page-testing-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-ab-page-testing-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-ab-page-testing/" + google-query: inurl:"/wp-content/plugins/thrive-ab-page-testing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-ab-page-testing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-ab-page-testing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-ab-page-testing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.13.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-apprentice-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/plugins/thrive-apprentice-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..3865920bec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-apprentice-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-apprentice-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-apprentice/" + google-query: inurl:"/wp-content/plugins/thrive-apprentice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-apprentice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-apprentice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-apprentice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-automator-954cc7b2d6b89c7d92594b8f26d6124a.yaml b/nuclei-templates/cve-less/plugins/thrive-automator-954cc7b2d6b89c7d92594b8f26d6124a.yaml new file mode 100644 index 0000000000..f43c6be729 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-automator-954cc7b2d6b89c7d92594b8f26d6124a.yaml @@ -0,0 +1,58 @@ +id: thrive-automator-954cc7b2d6b89c7d92594b8f26d6124a + +info: + name: > + Thrive Automator <= 1.17 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d5b1a3d-ce7f-4d5d-b72b-61024d5c5378?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-automator/" + google-query: inurl:"/wp-content/plugins/thrive-automator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-automator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-automator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-automator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-clever-widgets-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/plugins/thrive-clever-widgets-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..db77dabbc7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-clever-widgets-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-clever-widgets-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-clever-widgets/" + google-query: inurl:"/wp-content/plugins/thrive-clever-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-clever-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-clever-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-clever-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.57.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-comments-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/plugins/thrive-comments-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..cd3850fb23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-comments-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-comments-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-comments/" + google-query: inurl:"/wp-content/plugins/thrive-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.15.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-dashboard-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/plugins/thrive-dashboard-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..27f7a3dcd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-dashboard-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-dashboard-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-dashboard/" + google-query: inurl:"/wp-content/plugins/thrive-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-headline-optimizer-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/plugins/thrive-headline-optimizer-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..e7960d967c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-headline-optimizer-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-headline-optimizer-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-headline-optimizer/" + google-query: inurl:"/wp-content/plugins/thrive-headline-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-headline-optimizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-headline-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-headline-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-leads-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/plugins/thrive-leads-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..70e9f54ab6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-leads-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-leads-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-leads/" + google-query: inurl:"/wp-content/plugins/thrive-leads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-leads,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-leads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-leads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-ovation-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/plugins/thrive-ovation-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..09173962bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-ovation-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-ovation-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-ovation/" + google-query: inurl:"/wp-content/plugins/thrive-ovation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-ovation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-ovation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-ovation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-quiz-builder-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/plugins/thrive-quiz-builder-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..f46718ef61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-quiz-builder-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-quiz-builder-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-quiz-builder/" + google-query: inurl:"/wp-content/plugins/thrive-quiz-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-quiz-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-quiz-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-quiz-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-ultimatum-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/plugins/thrive-ultimatum-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..9d35b48783 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-ultimatum-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-ultimatum-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-ultimatum/" + google-query: inurl:"/wp-content/plugins/thrive-ultimatum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-ultimatum,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-ultimatum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-ultimatum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thrive-visual-editor-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/plugins/thrive-visual-editor-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..1b4db6daad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thrive-visual-editor-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-visual-editor-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thrive-visual-editor/" + google-query: inurl:"/wp-content/plugins/thrive-visual-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thrive-visual-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thrive-visual-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-visual-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/throws-spam-away-36c982ede7470d2e3e88a740557c4530.yaml b/nuclei-templates/cve-less/plugins/throws-spam-away-36c982ede7470d2e3e88a740557c4530.yaml new file mode 100644 index 0000000000..166818431a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/throws-spam-away-36c982ede7470d2e3e88a740557c4530.yaml @@ -0,0 +1,58 @@ +id: throws-spam-away-36c982ede7470d2e3e88a740557c4530 + +info: + name: > + Throws SPAM Away <= 3.3 - Cross-Site Request Forgery to Comment Modification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ce0fece-a7e5-4d27-a70a-37ab0973c15f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/throws-spam-away/" + google-query: inurl:"/wp-content/plugins/throws-spam-away/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,throws-spam-away,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/throws-spam-away/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "throws-spam-away" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thumbs-rating-28083443631175bd4dcd05294b64aae6.yaml b/nuclei-templates/cve-less/plugins/thumbs-rating-28083443631175bd4dcd05294b64aae6.yaml new file mode 100644 index 0000000000..a91f863f92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thumbs-rating-28083443631175bd4dcd05294b64aae6.yaml @@ -0,0 +1,58 @@ +id: thumbs-rating-28083443631175bd4dcd05294b64aae6 + +info: + name: > + Thumbs Rating <= 5.1.0 - Unauthenticated Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e98b0a3a-6c14-45f1-a6b2-9911ba34ce0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thumbs-rating/" + google-query: inurl:"/wp-content/plugins/thumbs-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thumbs-rating,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thumbs-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thumbs-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/thumbs-rating-f00e3cac8717028c6c69750368de6108.yaml b/nuclei-templates/cve-less/plugins/thumbs-rating-f00e3cac8717028c6c69750368de6108.yaml new file mode 100644 index 0000000000..c4ca898289 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/thumbs-rating-f00e3cac8717028c6c69750368de6108.yaml @@ -0,0 +1,58 @@ +id: thumbs-rating-f00e3cac8717028c6c69750368de6108 + +info: + name: > + Thumbs Rating <= 5.0.0 - Race Condition + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb1105fc-ed12-4a82-9cc4-4b45aa34cdc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/thumbs-rating/" + google-query: inurl:"/wp-content/plugins/thumbs-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,thumbs-rating,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/thumbs-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thumbs-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-728e240a198c7c451039858fc71e171c.yaml b/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-728e240a198c7c451039858fc71e171c.yaml new file mode 100644 index 0000000000..17c690494e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-728e240a198c7c451039858fc71e171c.yaml @@ -0,0 +1,58 @@ +id: ti-woocommerce-wishlist-728e240a198c7c451039858fc71e171c + +info: + name: > + TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d60b5741-5496-4e87-bcb0-adaa0db07d90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ti-woocommerce-wishlist/" + google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ti-woocommerce-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.21.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-c1e85ed5dbff1aadf024b8bce56884f9.yaml b/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-c1e85ed5dbff1aadf024b8bce56884f9.yaml new file mode 100644 index 0000000000..88c8dc8920 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-c1e85ed5dbff1aadf024b8bce56884f9.yaml @@ -0,0 +1,58 @@ +id: ti-woocommerce-wishlist-c1e85ed5dbff1aadf024b8bce56884f9 + +info: + name: > + TI WooCommerce Wishlist / TI WooCommerce Wishlist Pro < 1.40.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc3457a5-3d5b-40dc-b9b1-e819187c4d99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ti-woocommerce-wishlist/" + google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ti-woocommerce-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.40.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-premium-728e240a198c7c451039858fc71e171c.yaml b/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-premium-728e240a198c7c451039858fc71e171c.yaml new file mode 100644 index 0000000000..9e7b656c12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-premium-728e240a198c7c451039858fc71e171c.yaml @@ -0,0 +1,58 @@ +id: ti-woocommerce-wishlist-premium-728e240a198c7c451039858fc71e171c + +info: + name: > + TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d60b5741-5496-4e87-bcb0-adaa0db07d90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ti-woocommerce-wishlist-premium/" + google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ti-woocommerce-wishlist-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.21.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-premium-c1e85ed5dbff1aadf024b8bce56884f9.yaml b/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-premium-c1e85ed5dbff1aadf024b8bce56884f9.yaml new file mode 100644 index 0000000000..ecd0bc6b58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ti-woocommerce-wishlist-premium-c1e85ed5dbff1aadf024b8bce56884f9.yaml @@ -0,0 +1,58 @@ +id: ti-woocommerce-wishlist-premium-c1e85ed5dbff1aadf024b8bce56884f9 + +info: + name: > + TI WooCommerce Wishlist / TI WooCommerce Wishlist Pro < 1.40.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc3457a5-3d5b-40dc-b9b1-e819187c4d99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ti-woocommerce-wishlist-premium/" + google-query: inurl:"/wp-content/plugins/ti-woocommerce-wishlist-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ti-woocommerce-wishlist-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ti-woocommerce-wishlist-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ti-woocommerce-wishlist-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.40.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ticker-ultimate-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/ticker-ultimate-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..abee696ccb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ticker-ultimate-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: ticker-ultimate-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ticker-ultimate/" + google-query: inurl:"/wp-content/plugins/ticker-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ticker-ultimate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ticker-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ticker-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-207f27a384ef3a3941e38d3aa57e12b4.yaml b/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-207f27a384ef3a3941e38d3aa57e12b4.yaml new file mode 100644 index 0000000000..4b21a879ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-207f27a384ef3a3941e38d3aa57e12b4.yaml @@ -0,0 +1,58 @@ +id: tickera-event-ticketing-system-207f27a384ef3a3941e38d3aa57e12b4 + +info: + name: > + Tickera <= 3.5.1.0 - Cross-Site Request Forgery to Ticket Post Status Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0f8a0c-d02f-46e2-8808-3ffada105d13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tickera-event-ticketing-system/" + google-query: inurl:"/wp-content/plugins/tickera-event-ticketing-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tickera-event-ticketing-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tickera-event-ticketing-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tickera-event-ticketing-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-2d0717f7b86d7fd0bf523aa76bbbaeb6.yaml b/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-2d0717f7b86d7fd0bf523aa76bbbaeb6.yaml new file mode 100644 index 0000000000..edbf67f45f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-2d0717f7b86d7fd0bf523aa76bbbaeb6.yaml @@ -0,0 +1,58 @@ +id: tickera-event-ticketing-system-2d0717f7b86d7fd0bf523aa76bbbaeb6 + +info: + name: > + Tickera – WordPress Event Ticketing <= 3.5.2.4 - Insecure Direct Object Reference to Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08ab3d7d-b58a-4dec-a085-84a9938be328?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tickera-event-ticketing-system/" + google-query: inurl:"/wp-content/plugins/tickera-event-ticketing-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tickera-event-ticketing-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tickera-event-ticketing-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tickera-event-ticketing-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-c24d0aa2f1031533f0515499592257fe.yaml b/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-c24d0aa2f1031533f0515499592257fe.yaml new file mode 100644 index 0000000000..b33f8f2fd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-c24d0aa2f1031533f0515499592257fe.yaml @@ -0,0 +1,58 @@ +id: tickera-event-ticketing-system-c24d0aa2f1031533f0515499592257fe + +info: + name: > + Tickera <= 3.4.9.9 - Cross-Site Request Forgery to Plugin Data Deletion & Settings Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fba419b8-bab0-4918-8d68-1e5bf75186c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tickera-event-ticketing-system/" + google-query: inurl:"/wp-content/plugins/tickera-event-ticketing-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tickera-event-ticketing-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tickera-event-ticketing-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tickera-event-ticketing-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-e6aee90d79a8ce1370df8b0531e47510.yaml b/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-e6aee90d79a8ce1370df8b0531e47510.yaml new file mode 100644 index 0000000000..c4e04fd920 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tickera-event-ticketing-system-e6aee90d79a8ce1370df8b0531e47510.yaml @@ -0,0 +1,58 @@ +id: tickera-event-ticketing-system-e6aee90d79a8ce1370df8b0531e47510 + +info: + name: > + Tickera <= 3.4.8.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06c63f82-fe0f-435c-9cf8-5db6a7ce0677?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tickera-event-ticketing-system/" + google-query: inurl:"/wp-content/plugins/tickera-event-ticketing-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tickera-event-ticketing-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tickera-event-ticketing-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tickera-event-ticketing-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ticket-manager-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/ticket-manager-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..bdccb08ae5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ticket-manager-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: ticket-manager-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ticket-manager/" + google-query: inurl:"/wp-content/plugins/ticket-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ticket-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ticket-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ticket-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ticket-tailor-64923c9a5ffa9c7e5e2ff84955e346c3.yaml b/nuclei-templates/cve-less/plugins/ticket-tailor-64923c9a5ffa9c7e5e2ff84955e346c3.yaml new file mode 100644 index 0000000000..3e68f982ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ticket-tailor-64923c9a5ffa9c7e5e2ff84955e346c3.yaml @@ -0,0 +1,58 @@ +id: ticket-tailor-64923c9a5ffa9c7e5e2ff84955e346c3 + +info: + name: > + Ticket Tailor <= 1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88d19782-492f-4306-a8c0-5eaa470e457d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ticket-tailor/" + google-query: inurl:"/wp-content/plugins/ticket-tailor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ticket-tailor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ticket-tailor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ticket-tailor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tidio-form-885c0e7d869967a6d9428aa8fe4ebe55.yaml b/nuclei-templates/cve-less/plugins/tidio-form-885c0e7d869967a6d9428aa8fe4ebe55.yaml new file mode 100644 index 0000000000..ec3aa3e23f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tidio-form-885c0e7d869967a6d9428aa8fe4ebe55.yaml @@ -0,0 +1,58 @@ +id: tidio-form-885c0e7d869967a6d9428aa8fe4ebe55 + +info: + name: > + Easy Contact Form Builder < 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e249e50b-44fb-4e68-9efa-701f4ecdcdcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tidio-form/" + google-query: inurl:"/wp-content/plugins/tidio-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tidio-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tidio-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tidio-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tidio-gallery-051fe49289887077b7bf7774208d8ef1.yaml b/nuclei-templates/cve-less/plugins/tidio-gallery-051fe49289887077b7bf7774208d8ef1.yaml new file mode 100644 index 0000000000..bf36941889 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tidio-gallery-051fe49289887077b7bf7774208d8ef1.yaml @@ -0,0 +1,58 @@ +id: tidio-gallery-051fe49289887077b7bf7774208d8ef1 + +info: + name: > + Tidio Gallery <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36f4e51d-d613-4db6-8d79-d26398c3e5df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tidio-gallery/" + google-query: inurl:"/wp-content/plugins/tidio-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tidio-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tidio-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tidio-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tiempocom-1e76bb40e4de81280c04372b8a422f59.yaml b/nuclei-templates/cve-less/plugins/tiempocom-1e76bb40e4de81280c04372b8a422f59.yaml new file mode 100644 index 0000000000..c080e4ef71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tiempocom-1e76bb40e4de81280c04372b8a422f59.yaml @@ -0,0 +1,58 @@ +id: tiempocom-1e76bb40e4de81280c04372b8a422f59 + +info: + name: > + Tiempo.com <= 0.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a5e3d82-4722-47ff-b66f-448cb2851c1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tiempocom/" + google-query: inurl:"/wp-content/plugins/tiempocom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tiempocom,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tiempocom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tiempocom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tiempocom-3cda5f6cbc287806403c6627673d9151.yaml b/nuclei-templates/cve-less/plugins/tiempocom-3cda5f6cbc287806403c6627673d9151.yaml new file mode 100644 index 0000000000..180e499640 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tiempocom-3cda5f6cbc287806403c6627673d9151.yaml @@ -0,0 +1,58 @@ +id: tiempocom-3cda5f6cbc287806403c6627673d9151 + +info: + name: > + Tiempo.com <= 0.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62ac2725-0071-4a7d-8561-256e6a232de3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tiempocom/" + google-query: inurl:"/wp-content/plugins/tiempocom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tiempocom,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tiempocom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tiempocom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tiempocom-f4fc2d0ee12c0981504dfb21225895dd.yaml b/nuclei-templates/cve-less/plugins/tiempocom-f4fc2d0ee12c0981504dfb21225895dd.yaml new file mode 100644 index 0000000000..c3a2972cb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tiempocom-f4fc2d0ee12c0981504dfb21225895dd.yaml @@ -0,0 +1,58 @@ +id: tiempocom-f4fc2d0ee12c0981504dfb21225895dd + +info: + name: > + Tiempo.com <= 0.1.2 - Cross-Site Request Forgery to Shortcode Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3dacef70-a881-400e-b9f7-c0a815cf624a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tiempocom/" + google-query: inurl:"/wp-content/plugins/tiempocom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tiempocom,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tiempocom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tiempocom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tiger-form-e900f7eced6fb67094982ccf0f2ecdaa.yaml b/nuclei-templates/cve-less/plugins/tiger-form-e900f7eced6fb67094982ccf0f2ecdaa.yaml new file mode 100644 index 0000000000..d9b3e032bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tiger-form-e900f7eced6fb67094982ccf0f2ecdaa.yaml @@ -0,0 +1,58 @@ +id: tiger-form-e900f7eced6fb67094982ccf0f2ecdaa + +info: + name: > + Tiger Forms <= 2.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/286e52b4-2694-4f3b-9d1d-fd1ebf1d1e50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tiger-form/" + google-query: inurl:"/wp-content/plugins/tiger-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tiger-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tiger-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tiger-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tilda-publishing-2da3bb827430b38a292fe600fab2f658.yaml b/nuclei-templates/cve-less/plugins/tilda-publishing-2da3bb827430b38a292fe600fab2f658.yaml new file mode 100644 index 0000000000..f467562a2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tilda-publishing-2da3bb827430b38a292fe600fab2f658.yaml @@ -0,0 +1,58 @@ +id: tilda-publishing-2da3bb827430b38a292fe600fab2f658 + +info: + name: > + Tilda Publishing <= 0.3.23 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a992bb2-67b9-48db-a536-c3af79e93af4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tilda-publishing/" + google-query: inurl:"/wp-content/plugins/tilda-publishing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tilda-publishing,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tilda-publishing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tilda-publishing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/time-sheets-1e381af0c631b13f86322331880f1612.yaml b/nuclei-templates/cve-less/plugins/time-sheets-1e381af0c631b13f86322331880f1612.yaml new file mode 100644 index 0000000000..a29818321a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/time-sheets-1e381af0c631b13f86322331880f1612.yaml @@ -0,0 +1,58 @@ +id: time-sheets-1e381af0c631b13f86322331880f1612 + +info: + name: > + Time Sheets < 1.5.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47906575-b88a-4e12-b134-accf47a264a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/time-sheets/" + google-query: inurl:"/wp-content/plugins/time-sheets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,time-sheets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/time-sheets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "time-sheets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/time-sheets-49fe99f51fd3a93a572d1c7ee54d4741.yaml b/nuclei-templates/cve-less/plugins/time-sheets-49fe99f51fd3a93a572d1c7ee54d4741.yaml new file mode 100644 index 0000000000..703c35c845 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/time-sheets-49fe99f51fd3a93a572d1c7ee54d4741.yaml @@ -0,0 +1,58 @@ +id: time-sheets-49fe99f51fd3a93a572d1c7ee54d4741 + +info: + name: > + Time Sheets <= 1.29.2 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7e25e64-4504-4aad-aeb6-d58b5c36a4bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/time-sheets/" + google-query: inurl:"/wp-content/plugins/time-sheets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,time-sheets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/time-sheets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "time-sheets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.29.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/time-sheets-f2aba70ce8a44005876e1620c7a6d111.yaml b/nuclei-templates/cve-less/plugins/time-sheets-f2aba70ce8a44005876e1620c7a6d111.yaml new file mode 100644 index 0000000000..25d8c29b6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/time-sheets-f2aba70ce8a44005876e1620c7a6d111.yaml @@ -0,0 +1,58 @@ +id: time-sheets-f2aba70ce8a44005876e1620c7a6d111 + +info: + name: > + Time Sheets < 1.5.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/984bfc69-e203-4a06-9d4b-2185ecf771bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/time-sheets/" + google-query: inurl:"/wp-content/plugins/time-sheets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,time-sheets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/time-sheets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "time-sheets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/timed-content-2049615ded6008298be273ad480dccbb.yaml b/nuclei-templates/cve-less/plugins/timed-content-2049615ded6008298be273ad480dccbb.yaml new file mode 100644 index 0000000000..d36b440203 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/timed-content-2049615ded6008298be273ad480dccbb.yaml @@ -0,0 +1,58 @@ +id: timed-content-2049615ded6008298be273ad480dccbb + +info: + name: > + Timed Content <= 2.72 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/443a4afc-5dfc-499c-8701-249c71215b5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/timed-content/" + google-query: inurl:"/wp-content/plugins/timed-content/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,timed-content,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timed-content/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timed-content" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.72') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/timeline-and-history-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/timeline-and-history-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..694c4e95b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/timeline-and-history-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: timeline-and-history-slider-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/timeline-and-history-slider/" + google-query: inurl:"/wp-content/plugins/timeline-and-history-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,timeline-and-history-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timeline-and-history-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timeline-and-history-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/timeline-awesome-4dec1d95d84aa9956ba49479ab4962de.yaml b/nuclei-templates/cve-less/plugins/timeline-awesome-4dec1d95d84aa9956ba49479ab4962de.yaml new file mode 100644 index 0000000000..9e06835ae7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/timeline-awesome-4dec1d95d84aa9956ba49479ab4962de.yaml @@ -0,0 +1,58 @@ +id: timeline-awesome-4dec1d95d84aa9956ba49479ab4962de + +info: + name: > + History Timeline <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/446fadbc-b927-4245-9095-fd545a906b9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/timeline-awesome/" + google-query: inurl:"/wp-content/plugins/timeline-awesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,timeline-awesome,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timeline-awesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timeline-awesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/timeline-calendar-85e4c9b56c88bebde438fcf37c31b92a.yaml b/nuclei-templates/cve-less/plugins/timeline-calendar-85e4c9b56c88bebde438fcf37c31b92a.yaml new file mode 100644 index 0000000000..30ba5c1f59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/timeline-calendar-85e4c9b56c88bebde438fcf37c31b92a.yaml @@ -0,0 +1,58 @@ +id: timeline-calendar-85e4c9b56c88bebde438fcf37c31b92a + +info: + name: > + Timeline Calendar <= 1.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c2f0e74-cdc0-4da9-bd79-8d09f5459be7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/timeline-calendar/" + google-query: inurl:"/wp-content/plugins/timeline-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,timeline-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timeline-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timeline-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/timeline-widget-addon-for-elementor-e56f591ae1b5802507934b44dcafdc98.yaml b/nuclei-templates/cve-less/plugins/timeline-widget-addon-for-elementor-e56f591ae1b5802507934b44dcafdc98.yaml new file mode 100644 index 0000000000..196b1d7e1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/timeline-widget-addon-for-elementor-e56f591ae1b5802507934b44dcafdc98.yaml @@ -0,0 +1,58 @@ +id: timeline-widget-addon-for-elementor-e56f591ae1b5802507934b44dcafdc98 + +info: + name: > + Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03073726-58d0-45b3-b7a6-7d12dbede919?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/timeline-widget-addon-for-elementor/" + google-query: inurl:"/wp-content/plugins/timeline-widget-addon-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,timeline-widget-addon-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timeline-widget-addon-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timeline-widget-addon-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/timely-booking-button-a2f77566f40955cc7451f648aaec112c.yaml b/nuclei-templates/cve-less/plugins/timely-booking-button-a2f77566f40955cc7451f648aaec112c.yaml new file mode 100644 index 0000000000..6f27eca97b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/timely-booking-button-a2f77566f40955cc7451f648aaec112c.yaml @@ -0,0 +1,58 @@ +id: timely-booking-button-a2f77566f40955cc7451f648aaec112c + +info: + name: > + Timely Booking Button <= 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2eb3b568-8689-4184-8091-0b84aa6b472d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/timely-booking-button/" + google-query: inurl:"/wp-content/plugins/timely-booking-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,timely-booking-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timely-booking-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timely-booking-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/timesheet-22a755155bed2f04b1157ca6e2e3c976.yaml b/nuclei-templates/cve-less/plugins/timesheet-22a755155bed2f04b1157ca6e2e3c976.yaml new file mode 100644 index 0000000000..f3972ed54e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/timesheet-22a755155bed2f04b1157ca6e2e3c976.yaml @@ -0,0 +1,58 @@ +id: timesheet-22a755155bed2f04b1157ca6e2e3c976 + +info: + name: > + Help Center by BestWebSoft < 0.1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e0f903a-e882-4de9-953a-c377b591004e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/timesheet/" + google-query: inurl:"/wp-content/plugins/timesheet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,timesheet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timesheet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timesheet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/timthumb-a4aa366f217005e74322ff2bf7a0e182.yaml b/nuclei-templates/cve-less/plugins/timthumb-a4aa366f217005e74322ff2bf7a0e182.yaml new file mode 100644 index 0000000000..c99d84e2db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/timthumb-a4aa366f217005e74322ff2bf7a0e182.yaml @@ -0,0 +1,58 @@ +id: timthumb-a4aa366f217005e74322ff2bf7a0e182 + +info: + name: > + TimThumb <= 1.33 - Remote File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e062c794-1ab7-4d44-95da-40cd401f3a37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/timthumb/" + google-query: inurl:"/wp-content/plugins/timthumb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,timthumb,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timthumb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timthumb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/timthumb-b970262dad30a7d484efebc698a4fbb7.yaml b/nuclei-templates/cve-less/plugins/timthumb-b970262dad30a7d484efebc698a4fbb7.yaml new file mode 100644 index 0000000000..8a49a424fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/timthumb-b970262dad30a7d484efebc698a4fbb7.yaml @@ -0,0 +1,58 @@ +id: timthumb-b970262dad30a7d484efebc698a4fbb7 + +info: + name: > + TimThumb <= 2.8.13 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73776e0a-4d2a-44f9-97a2-f06055ce2c63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/timthumb/" + google-query: inurl:"/wp-content/plugins/timthumb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,timthumb,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timthumb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timthumb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/timthumb-vulnerability-scanner-5eff25f23e727e07861c6b9793205529.yaml b/nuclei-templates/cve-less/plugins/timthumb-vulnerability-scanner-5eff25f23e727e07861c6b9793205529.yaml new file mode 100644 index 0000000000..78ddc64f16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/timthumb-vulnerability-scanner-5eff25f23e727e07861c6b9793205529.yaml @@ -0,0 +1,58 @@ +id: timthumb-vulnerability-scanner-5eff25f23e727e07861c6b9793205529 + +info: + name: > + Timthumb Vulnerability Scanner <= 1.54 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0e8d029-af6b-43cb-aa90-f92777c5ac99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/timthumb-vulnerability-scanner/" + google-query: inurl:"/wp-content/plugins/timthumb-vulnerability-scanner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,timthumb-vulnerability-scanner,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/timthumb-vulnerability-scanner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "timthumb-vulnerability-scanner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.54') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tiny-carousel-horizontal-slider-54520ac61a70e176cb0b123fca675fcd.yaml b/nuclei-templates/cve-less/plugins/tiny-carousel-horizontal-slider-54520ac61a70e176cb0b123fca675fcd.yaml new file mode 100644 index 0000000000..0c8e843297 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tiny-carousel-horizontal-slider-54520ac61a70e176cb0b123fca675fcd.yaml @@ -0,0 +1,58 @@ +id: tiny-carousel-horizontal-slider-54520ac61a70e176cb0b123fca675fcd + +info: + name: > + Tiny Carousel Horizontal Slider <= 8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2a3ad97-b4ea-4ad9-ac83-071e56cb8df7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tiny-carousel-horizontal-slider/" + google-query: inurl:"/wp-content/plugins/tiny-carousel-horizontal-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tiny-carousel-horizontal-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tiny-carousel-horizontal-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tiny-carousel-horizontal-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tiny-carousel-horizontal-slider-plus-e0a3631cbe633a42d5989c02ecf7206b.yaml b/nuclei-templates/cve-less/plugins/tiny-carousel-horizontal-slider-plus-e0a3631cbe633a42d5989c02ecf7206b.yaml new file mode 100644 index 0000000000..4b04162065 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tiny-carousel-horizontal-slider-plus-e0a3631cbe633a42d5989c02ecf7206b.yaml @@ -0,0 +1,58 @@ +id: tiny-carousel-horizontal-slider-plus-e0a3631cbe633a42d5989c02ecf7206b + +info: + name: > + Tiny carousel horizontal slider plus <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/167ae586-1f18-43ac-a7c1-e67a00ce8787?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tiny-carousel-horizontal-slider-plus/" + google-query: inurl:"/wp-content/plugins/tiny-carousel-horizontal-slider-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tiny-carousel-horizontal-slider-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tiny-carousel-horizontal-slider-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tiny-carousel-horizontal-slider-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tiny-contact-form-daddd512be0305b66a7c59d444cececf.yaml b/nuclei-templates/cve-less/plugins/tiny-contact-form-daddd512be0305b66a7c59d444cececf.yaml new file mode 100644 index 0000000000..89f6e8fcd0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tiny-contact-form-daddd512be0305b66a7c59d444cececf.yaml @@ -0,0 +1,58 @@ +id: tiny-contact-form-daddd512be0305b66a7c59d444cececf + +info: + name: > + Tiny Contact Form <= 0.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a71d13b2-5c0b-4e19-b1b3-b97a996d4019?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tiny-contact-form/" + google-query: inurl:"/wp-content/plugins/tiny-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tiny-contact-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tiny-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tiny-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tinychat-roomspy-9f9e4858911ea4301e5e57019a58fb6b.yaml b/nuclei-templates/cve-less/plugins/tinychat-roomspy-9f9e4858911ea4301e5e57019a58fb6b.yaml new file mode 100644 index 0000000000..beff5b1909 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tinychat-roomspy-9f9e4858911ea4301e5e57019a58fb6b.yaml @@ -0,0 +1,58 @@ +id: tinychat-roomspy-9f9e4858911ea4301e5e57019a58fb6b + +info: + name: > + TinyChat Room Spy <= 1.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64cf73fa-cdb9-4703-869e-343ee6f8178e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tinychat-roomspy/" + google-query: inurl:"/wp-content/plugins/tinychat-roomspy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tinychat-roomspy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tinychat-roomspy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tinychat-roomspy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tinymce-and-tinymce-advanced-professsional-formats-and-styles-a238023f989616cc05c2de1d1e0516a1.yaml b/nuclei-templates/cve-less/plugins/tinymce-and-tinymce-advanced-professsional-formats-and-styles-a238023f989616cc05c2de1d1e0516a1.yaml new file mode 100644 index 0000000000..676c5a7e7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tinymce-and-tinymce-advanced-professsional-formats-and-styles-a238023f989616cc05c2de1d1e0516a1.yaml @@ -0,0 +1,58 @@ +id: tinymce-and-tinymce-advanced-professsional-formats-and-styles-a238023f989616cc05c2de1d1e0516a1 + +info: + name: > + TinyMCE Professional Formats and Styles <= 1.1.2 - Cross-Site Request Forgery via bb_taps_backend_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63370972-a6cb-40ed-91f2-4f469dc5335b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tinymce-and-tinymce-advanced-professsional-formats-and-styles/" + google-query: inurl:"/wp-content/plugins/tinymce-and-tinymce-advanced-professsional-formats-and-styles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tinymce-and-tinymce-advanced-professsional-formats-and-styles,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tinymce-and-tinymce-advanced-professsional-formats-and-styles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tinymce-and-tinymce-advanced-professsional-formats-and-styles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tinymce-colorpicker-63703d9ee4495028e03f0458c1905965.yaml b/nuclei-templates/cve-less/plugins/tinymce-colorpicker-63703d9ee4495028e03f0458c1905965.yaml new file mode 100644 index 0000000000..e3b5ec295c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tinymce-colorpicker-63703d9ee4495028e03f0458c1905965.yaml @@ -0,0 +1,58 @@ +id: tinymce-colorpicker-63703d9ee4495028e03f0458c1905965 + +info: + name: > + TinyMCE Color Picker < 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f9cd0f2-1ca6-47cb-94bd-5c286cf9c67f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tinymce-colorpicker/" + google-query: inurl:"/wp-content/plugins/tinymce-colorpicker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tinymce-colorpicker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tinymce-colorpicker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tinymce-colorpicker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tinymce-colorpicker-ffaf15e9710e51e22815d7c14866275b.yaml b/nuclei-templates/cve-less/plugins/tinymce-colorpicker-ffaf15e9710e51e22815d7c14866275b.yaml new file mode 100644 index 0000000000..83a1bf685c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tinymce-colorpicker-ffaf15e9710e51e22815d7c14866275b.yaml @@ -0,0 +1,58 @@ +id: tinymce-colorpicker-ffaf15e9710e51e22815d7c14866275b + +info: + name: > + TinyMCE Color Picker <= 1.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9cefc8e-9c1c-4b5e-adf8-665b8d4dc774?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tinymce-colorpicker/" + google-query: inurl:"/wp-content/plugins/tinymce-colorpicker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tinymce-colorpicker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tinymce-colorpicker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tinymce-colorpicker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tinymce-custom-styles-500071d87ecb0967bf74f13aaaaabbd7.yaml b/nuclei-templates/cve-less/plugins/tinymce-custom-styles-500071d87ecb0967bf74f13aaaaabbd7.yaml new file mode 100644 index 0000000000..c17d0674cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tinymce-custom-styles-500071d87ecb0967bf74f13aaaaabbd7.yaml @@ -0,0 +1,58 @@ +id: tinymce-custom-styles-500071d87ecb0967bf74f13aaaaabbd7 + +info: + name: > + TinyMCE Custom Styles <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31058d2e-9c23-4057-89a4-5847b6012330?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tinymce-custom-styles/" + google-query: inurl:"/wp-content/plugins/tinymce-custom-styles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tinymce-custom-styles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tinymce-custom-styles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tinymce-custom-styles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tinymce-custom-styles-c3680e3206f99027fb5f3986ae69948a.yaml b/nuclei-templates/cve-less/plugins/tinymce-custom-styles-c3680e3206f99027fb5f3986ae69948a.yaml new file mode 100644 index 0000000000..927f706797 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tinymce-custom-styles-c3680e3206f99027fb5f3986ae69948a.yaml @@ -0,0 +1,58 @@ +id: tinymce-custom-styles-c3680e3206f99027fb5f3986ae69948a + +info: + name: > + TinyMCE Custom Styles <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2a77443-9fca-4686-be48-b3905a33c87f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tinymce-custom-styles/" + google-query: inurl:"/wp-content/plugins/tinymce-custom-styles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tinymce-custom-styles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tinymce-custom-styles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tinymce-custom-styles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tippy-13d220693e087642304f87b309abc136.yaml b/nuclei-templates/cve-less/plugins/tippy-13d220693e087642304f87b309abc136.yaml new file mode 100644 index 0000000000..ab4a573f56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tippy-13d220693e087642304f87b309abc136.yaml @@ -0,0 +1,58 @@ +id: tippy-13d220693e087642304f87b309abc136 + +info: + name: > + Tippy <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tippy shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6460406-da83-4dad-97a5-fe961f0c46fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tippy/" + google-query: inurl:"/wp-content/plugins/tippy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tippy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tippy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tippy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tipsacarrier-6007b8b9442eb6013d2d90e94b8a6f90.yaml b/nuclei-templates/cve-less/plugins/tipsacarrier-6007b8b9442eb6013d2d90e94b8a6f90.yaml new file mode 100644 index 0000000000..d76a9a899d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tipsacarrier-6007b8b9442eb6013d2d90e94b8a6f90.yaml @@ -0,0 +1,58 @@ +id: tipsacarrier-6007b8b9442eb6013d2d90e94b8a6f90 + +info: + name: > + Tipsacarrier <= 1.4.4.2 - Missing Authorization to Order Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd6becbf-29cc-4744-8c9b-5b75f8c5f402?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tipsacarrier/" + google-query: inurl:"/wp-content/plugins/tipsacarrier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tipsacarrier,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tipsacarrier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tipsacarrier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/titan-framework-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/titan-framework-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..5eb42f09cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/titan-framework-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: titan-framework-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/titan-framework/" + google-query: inurl:"/wp-content/plugins/titan-framework/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,titan-framework,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/titan-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "titan-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/titan-framework-8048ca5fa2e5dc8c9443b2fbef022686.yaml b/nuclei-templates/cve-less/plugins/titan-framework-8048ca5fa2e5dc8c9443b2fbef022686.yaml new file mode 100644 index 0000000000..4b5c5dd9a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/titan-framework-8048ca5fa2e5dc8c9443b2fbef022686.yaml @@ -0,0 +1,58 @@ +id: titan-framework-8048ca5fa2e5dc8c9443b2fbef022686 + +info: + name: > + Titan Framework <= 1.5.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/009084cf-0a49-41ab-8b3b-fe46c00a889b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/titan-framework/" + google-query: inurl:"/wp-content/plugins/titan-framework/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,titan-framework,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/titan-framework/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "titan-framework" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/titan-labs-security-audit-cb74790ba4bbb7de85dca1c3cb33c74c.yaml b/nuclei-templates/cve-less/plugins/titan-labs-security-audit-cb74790ba4bbb7de85dca1c3cb33c74c.yaml new file mode 100644 index 0000000000..1d27dff7fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/titan-labs-security-audit-cb74790ba4bbb7de85dca1c3cb33c74c.yaml @@ -0,0 +1,58 @@ +id: titan-labs-security-audit-cb74790ba4bbb7de85dca1c3cb33c74c + +info: + name: > + Security Audit <= 1.0.0 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dab3786b-1f8e-428c-afee-afd3e43f40ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/titan-labs-security-audit/" + google-query: inurl:"/wp-content/plugins/titan-labs-security-audit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,titan-labs-security-audit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/titan-labs-security-audit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "titan-labs-security-audit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tk-google-fonts-0439b5ba8ec01f6ad565e8fbfefdff7e.yaml b/nuclei-templates/cve-less/plugins/tk-google-fonts-0439b5ba8ec01f6ad565e8fbfefdff7e.yaml new file mode 100644 index 0000000000..ec6c6b4459 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tk-google-fonts-0439b5ba8ec01f6ad565e8fbfefdff7e.yaml @@ -0,0 +1,58 @@ +id: tk-google-fonts-0439b5ba8ec01f6ad565e8fbfefdff7e + +info: + name: > + TK Google Fonts GDPR Compliant <= 2.2.11 - Missing Authorization to Font Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bc772a6-95a1-4420-bd97-1778002e2168?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tk-google-fonts/" + google-query: inurl:"/wp-content/plugins/tk-google-fonts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tk-google-fonts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tk-google-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tk-google-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tk-google-fonts-75dc3c235e29287a43892beb13ca3ae4.yaml b/nuclei-templates/cve-less/plugins/tk-google-fonts-75dc3c235e29287a43892beb13ca3ae4.yaml new file mode 100644 index 0000000000..d5a67c5551 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tk-google-fonts-75dc3c235e29287a43892beb13ca3ae4.yaml @@ -0,0 +1,58 @@ +id: tk-google-fonts-75dc3c235e29287a43892beb13ca3ae4 + +info: + name: > + TK Google Fonts GDPR Compliant <= 2.2.11 - Missing Authorization to Font Addition + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7546b0b7-8081-4762-9e20-76dfb3c8a8a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tk-google-fonts/" + google-query: inurl:"/wp-content/plugins/tk-google-fonts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tk-google-fonts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tk-google-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tk-google-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tlp-portfolio-248c17eb0194783cca6065d1efba6689.yaml b/nuclei-templates/cve-less/plugins/tlp-portfolio-248c17eb0194783cca6065d1efba6689.yaml new file mode 100644 index 0000000000..3bea81df6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tlp-portfolio-248c17eb0194783cca6065d1efba6689.yaml @@ -0,0 +1,58 @@ +id: tlp-portfolio-248c17eb0194783cca6065d1efba6689 + +info: + name: > + Portfolio – WordPress Portfolio Plugin <= 2.8.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c95bbba-6459-420f-a072-3b02c7d58ea0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tlp-portfolio/" + google-query: inurl:"/wp-content/plugins/tlp-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tlp-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tlp-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tlp-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tlp-team-cdba025b70cc52735f49fc0178ac6ba2.yaml b/nuclei-templates/cve-less/plugins/tlp-team-cdba025b70cc52735f49fc0178ac6ba2.yaml new file mode 100644 index 0000000000..a2377c5d95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tlp-team-cdba025b70cc52735f49fc0178ac6ba2.yaml @@ -0,0 +1,58 @@ +id: tlp-team-cdba025b70cc52735f49fc0178ac6ba2 + +info: + name: > + Team - WordPress Team Member Showcase Plugin <= 4.1.1 - Directory Traversal to Arbitrary File Read/Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/497cfc87-85ac-41d0-aeea-63c5fc64db0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tlp-team/" + google-query: inurl:"/wp-content/plugins/tlp-team/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tlp-team,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tlp-team/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tlp-team" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tm-woocommerce-compare-wishlist-4951c2f84359ebbaf9ae45fa01138a5f.yaml b/nuclei-templates/cve-less/plugins/tm-woocommerce-compare-wishlist-4951c2f84359ebbaf9ae45fa01138a5f.yaml new file mode 100644 index 0000000000..35289f870c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tm-woocommerce-compare-wishlist-4951c2f84359ebbaf9ae45fa01138a5f.yaml @@ -0,0 +1,58 @@ +id: tm-woocommerce-compare-wishlist-4951c2f84359ebbaf9ae45fa01138a5f + +info: + name: > + TM WooCommerce Compare & Wishlist <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/771ecb8c-feb1-40ea-b47b-a2ae033b3c87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tm-woocommerce-compare-wishlist/" + google-query: inurl:"/wp-content/plugins/tm-woocommerce-compare-wishlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tm-woocommerce-compare-wishlist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tm-woocommerce-compare-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tm-woocommerce-compare-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tml-2fa-df76c0e1569130642f03fed33b459e14.yaml b/nuclei-templates/cve-less/plugins/tml-2fa-df76c0e1569130642f03fed33b459e14.yaml new file mode 100644 index 0000000000..369e6668a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tml-2fa-df76c0e1569130642f03fed33b459e14.yaml @@ -0,0 +1,58 @@ +id: tml-2fa-df76c0e1569130642f03fed33b459e14 + +info: + name: > + Theme My Login 2FA < 1.2 - 2FA Bypass via Brute Force + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1398e296-9b20-4f8e-85f2-896888abc67e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tml-2fa/" + google-query: inurl:"/wp-content/plugins/tml-2fa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tml-2fa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tml-2fa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tml-2fa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/to-top-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml b/nuclei-templates/cve-less/plugins/to-top-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml new file mode 100644 index 0000000000..0358b41c67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/to-top-1ebcfb0d802f2876f9cb0982be3e0fd0.yaml @@ -0,0 +1,58 @@ +id: to-top-1ebcfb0d802f2876f9cb0982be3e0fd0 + +info: + name: > + CatchThemes Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5656b9-615d-4764-974a-301d3dd748e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/to-top/" + google-query: inurl:"/wp-content/plugins/to-top/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,to-top,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/to-top/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "to-top" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/toast-stick-anything-439f898124b090bed262004bd1d51e22.yaml b/nuclei-templates/cve-less/plugins/toast-stick-anything-439f898124b090bed262004bd1d51e22.yaml new file mode 100644 index 0000000000..ab8fa26d43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/toast-stick-anything-439f898124b090bed262004bd1d51e22.yaml @@ -0,0 +1,58 @@ +id: toast-stick-anything-439f898124b090bed262004bd1d51e22 + +info: + name: > + Sticky Anything <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba5485be-7612-406d-870d-6827f6c7ea71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/toast-stick-anything/" + google-query: inurl:"/wp-content/plugins/toast-stick-anything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,toast-stick-anything,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/toast-stick-anything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "toast-stick-anything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/toast-stick-anything-9efc44a2e2c2df22995a8fc10affc12c.yaml b/nuclei-templates/cve-less/plugins/toast-stick-anything-9efc44a2e2c2df22995a8fc10affc12c.yaml new file mode 100644 index 0000000000..5dc16c0c7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/toast-stick-anything-9efc44a2e2c2df22995a8fc10affc12c.yaml @@ -0,0 +1,58 @@ +id: toast-stick-anything-9efc44a2e2c2df22995a8fc10affc12c + +info: + name: > + Sticky Anything <= 2.1.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9c33bab-a27b-43b1-aa48-3f8c09a38528?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/toast-stick-anything/" + google-query: inurl:"/wp-content/plugins/toast-stick-anything/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,toast-stick-anything,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/toast-stick-anything/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "toast-stick-anything" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/toggle-the-title-d02abc95243fe34c87855a6ca2a95d58.yaml b/nuclei-templates/cve-less/plugins/toggle-the-title-d02abc95243fe34c87855a6ca2a95d58.yaml new file mode 100644 index 0000000000..c581ec29e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/toggle-the-title-d02abc95243fe34c87855a6ca2a95d58.yaml @@ -0,0 +1,58 @@ +id: toggle-the-title-d02abc95243fe34c87855a6ca2a95d58 + +info: + name: > + Toggle The Title <= 1.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1abdc53b-7abe-422b-aeea-5bf31733bdad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/toggle-the-title/" + google-query: inurl:"/wp-content/plugins/toggle-the-title/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,toggle-the-title,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/toggle-the-title/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "toggle-the-title" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tom-m8te-999f932c9f3d9b513b20f73dd0f5752b.yaml b/nuclei-templates/cve-less/plugins/tom-m8te-999f932c9f3d9b513b20f73dd0f5752b.yaml new file mode 100644 index 0000000000..2ab10ff8c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tom-m8te-999f932c9f3d9b513b20f73dd0f5752b.yaml @@ -0,0 +1,58 @@ +id: tom-m8te-999f932c9f3d9b513b20f73dd0f5752b + +info: + name: > + Tom M8te <= 1.5.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3c3c740-8ebe-44b2-a0ba-6beffe970cf1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tom-m8te/" + google-query: inurl:"/wp-content/plugins/tom-m8te/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tom-m8te,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tom-m8te/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tom-m8te" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/toolbar-to-share-4c6e2168599e221f42c1bf26fb04cbf7.yaml b/nuclei-templates/cve-less/plugins/toolbar-to-share-4c6e2168599e221f42c1bf26fb04cbf7.yaml new file mode 100644 index 0000000000..a4442f185f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/toolbar-to-share-4c6e2168599e221f42c1bf26fb04cbf7.yaml @@ -0,0 +1,58 @@ +id: toolbar-to-share-4c6e2168599e221f42c1bf26fb04cbf7 + +info: + name: > + ToolBar to Share <= 2.0 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbda7670-179a-41ed-8ec9-ae7f5102e645?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/toolbar-to-share/" + google-query: inurl:"/wp-content/plugins/toolbar-to-share/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,toolbar-to-share,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/toolbar-to-share/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "toolbar-to-share" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/toolpage-fc90c64fe13a7ebe4bd7cb7436d1b567.yaml b/nuclei-templates/cve-less/plugins/toolpage-fc90c64fe13a7ebe4bd7cb7436d1b567.yaml new file mode 100644 index 0000000000..6d49c8c14f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/toolpage-fc90c64fe13a7ebe4bd7cb7436d1b567.yaml @@ -0,0 +1,58 @@ +id: toolpage-fc90c64fe13a7ebe4bd7cb7436d1b567 + +info: + name: > + Toolpage <= 1.6.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5f23c14-e9ed-474c-9acc-2d6d43201572?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/toolpage/" + google-query: inurl:"/wp-content/plugins/toolpage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,toolpage,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/toolpage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "toolpage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/top-10-8a2fdef7cc698ec15988b37831ded08d.yaml b/nuclei-templates/cve-less/plugins/top-10-8a2fdef7cc698ec15988b37831ded08d.yaml new file mode 100644 index 0000000000..4c7d177b98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/top-10-8a2fdef7cc698ec15988b37831ded08d.yaml @@ -0,0 +1,58 @@ +id: top-10-8a2fdef7cc698ec15988b37831ded08d + +info: + name: > + Top 10 – Popular posts plugin - <= 3.2.4 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f50f1e64-5015-4e40-912e-92a4f16e1398?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/top-10/" + google-query: inurl:"/wp-content/plugins/top-10/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,top-10,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/top-10/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "top-10" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/top-10-a631956fae26932cfe37dec9f8eea277.yaml b/nuclei-templates/cve-less/plugins/top-10-a631956fae26932cfe37dec9f8eea277.yaml new file mode 100644 index 0000000000..51620a8694 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/top-10-a631956fae26932cfe37dec9f8eea277.yaml @@ -0,0 +1,58 @@ +id: top-10-a631956fae26932cfe37dec9f8eea277 + +info: + name: > + Top 10 – Popular posts plugin for WordPress <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blocks + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa23a535-f290-4517-b203-86e0331f55e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/top-10/" + google-query: inurl:"/wp-content/plugins/top-10/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,top-10,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/top-10/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "top-10" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/top-10-e382c8222b1abf6c6b2e0b2db7e0beeb.yaml b/nuclei-templates/cve-less/plugins/top-10-e382c8222b1abf6c6b2e0b2db7e0beeb.yaml new file mode 100644 index 0000000000..0b561b4794 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/top-10-e382c8222b1abf6c6b2e0b2db7e0beeb.yaml @@ -0,0 +1,58 @@ +id: top-10-e382c8222b1abf6c6b2e0b2db7e0beeb + +info: + name: > + Top 10 <= 2.9.4 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0af86e4-c30b-49e2-ad6a-97a415a74d18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/top-10/" + google-query: inurl:"/wp-content/plugins/top-10/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,top-10,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/top-10/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "top-10" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/top-10-e7e948bfa89ef889d57ad4a644f6ffc0.yaml b/nuclei-templates/cve-less/plugins/top-10-e7e948bfa89ef889d57ad4a644f6ffc0.yaml new file mode 100644 index 0000000000..4af7d0ca74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/top-10-e7e948bfa89ef889d57ad4a644f6ffc0.yaml @@ -0,0 +1,58 @@ +id: top-10-e7e948bfa89ef889d57ad4a644f6ffc0 + +info: + name: > + Top 10 – Popular posts plugin for WordPress <= 3.2.3 - Missing Authorization on tptn_ajax_clearcache + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14e832ec-7181-44d9-8d26-2f77e6111763?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/top-10/" + google-query: inurl:"/wp-content/plugins/top-10/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,top-10,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/top-10/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "top-10" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/top-25-social-icons-34bed79fb50712c291365a8ff729b6f4.yaml b/nuclei-templates/cve-less/plugins/top-25-social-icons-34bed79fb50712c291365a8ff729b6f4.yaml new file mode 100644 index 0000000000..eaa8c1733c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/top-25-social-icons-34bed79fb50712c291365a8ff729b6f4.yaml @@ -0,0 +1,58 @@ +id: top-25-social-icons-34bed79fb50712c291365a8ff729b6f4 + +info: + name: > + Download Top 25 Social Icons <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9e3e417-d8a8-4e32-99aa-650e0a25a415?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/top-25-social-icons/" + google-query: inurl:"/wp-content/plugins/top-25-social-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,top-25-social-icons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/top-25-social-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "top-25-social-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/top-bar-4f0560b0cde9af506953920ade591947.yaml b/nuclei-templates/cve-less/plugins/top-bar-4f0560b0cde9af506953920ade591947.yaml new file mode 100644 index 0000000000..265c6a4694 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/top-bar-4f0560b0cde9af506953920ade591947.yaml @@ -0,0 +1,58 @@ +id: top-bar-4f0560b0cde9af506953920ade591947 + +info: + name: > + Top Bar <= 3.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05ee4692-451b-4ff4-9bf0-8a16d39404ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/top-bar/" + google-query: inurl:"/wp-content/plugins/top-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,top-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/top-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "top-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/top-bar-7b68da6e2373d2ac5c585efcf03c710b.yaml b/nuclei-templates/cve-less/plugins/top-bar-7b68da6e2373d2ac5c585efcf03c710b.yaml new file mode 100644 index 0000000000..12b916d39d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/top-bar-7b68da6e2373d2ac5c585efcf03c710b.yaml @@ -0,0 +1,58 @@ +id: top-bar-7b68da6e2373d2ac5c585efcf03c710b + +info: + name: > + Top Bar <= 3.0.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36abd7e9-0ca4-4c22-ab13-08f2632a6797?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/top-bar/" + google-query: inurl:"/wp-content/plugins/top-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,top-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/top-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "top-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/top-bar-f8df3f710c2acd675329722d570c9bc9.yaml b/nuclei-templates/cve-less/plugins/top-bar-f8df3f710c2acd675329722d570c9bc9.yaml new file mode 100644 index 0000000000..c7fa3c8791 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/top-bar-f8df3f710c2acd675329722d570c9bc9.yaml @@ -0,0 +1,58 @@ +id: top-bar-f8df3f710c2acd675329722d570c9bc9 + +info: + name: > + Top Bar <= 3.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4195dbd4-7b6b-4201-887f-6da9bda618b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/top-bar/" + google-query: inurl:"/wp-content/plugins/top-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,top-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/top-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "top-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/top-table-of-contents-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/top-table-of-contents-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..c50aa475e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/top-table-of-contents-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: top-table-of-contents-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/top-table-of-contents/" + google-query: inurl:"/wp-content/plugins/top-table-of-contents/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,top-table-of-contents,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/top-table-of-contents/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "top-table-of-contents" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/torro-forms-0b90da005dc4b695e711677701780a3d.yaml b/nuclei-templates/cve-less/plugins/torro-forms-0b90da005dc4b695e711677701780a3d.yaml new file mode 100644 index 0000000000..cf041d67a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/torro-forms-0b90da005dc4b695e711677701780a3d.yaml @@ -0,0 +1,58 @@ +id: torro-forms-0b90da005dc4b695e711677701780a3d + +info: + name: > + Torro Forms <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e9641e2-fe33-4e22-895e-7974b4da6866?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/torro-forms/" + google-query: inurl:"/wp-content/plugins/torro-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,torro-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/torro-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "torro-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/total-donations-618ad32a66dd6a63ff6bcc4f51e7ca7b.yaml b/nuclei-templates/cve-less/plugins/total-donations-618ad32a66dd6a63ff6bcc4f51e7ca7b.yaml new file mode 100644 index 0000000000..b286325369 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/total-donations-618ad32a66dd6a63ff6bcc4f51e7ca7b.yaml @@ -0,0 +1,58 @@ +id: total-donations-618ad32a66dd6a63ff6bcc4f51e7ca7b + +info: + name: > + Total Donations <= 2.0.5 - Missing Authorization to Arbitrary Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/206c3f15-72d2-4aac-9500-0f794485639e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/total-donations/" + google-query: inurl:"/wp-content/plugins/total-donations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,total-donations,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/total-donations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "total-donations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/total-sales-for-woocommerce-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/total-sales-for-woocommerce-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..dbc82d9b11 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/total-sales-for-woocommerce-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: total-sales-for-woocommerce-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/total-sales-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/total-sales-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,total-sales-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/total-sales-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "total-sales-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/total-security-d59208c9d25614855049428d0906a55a.yaml b/nuclei-templates/cve-less/plugins/total-security-d59208c9d25614855049428d0906a55a.yaml new file mode 100644 index 0000000000..9ebab152af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/total-security-d59208c9d25614855049428d0906a55a.yaml @@ -0,0 +1,58 @@ +id: total-security-d59208c9d25614855049428d0906a55a + +info: + name: > + Total Security <= 3.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45d3cff1-3a86-4b79-bf43-1623d41ac821?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/total-security/" + google-query: inurl:"/wp-content/plugins/total-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,total-security,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/total-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "total-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/total-security-fa39168559be958bde89e0128746256e.yaml b/nuclei-templates/cve-less/plugins/total-security-fa39168559be958bde89e0128746256e.yaml new file mode 100644 index 0000000000..1f5b1b7dcb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/total-security-fa39168559be958bde89e0128746256e.yaml @@ -0,0 +1,58 @@ +id: total-security-fa39168559be958bde89e0128746256e + +info: + name: > + Total Security <= 3.4.0 - Unauthenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e24339c3-f8f8-4357-9717-a3077420603a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/total-security/" + google-query: inurl:"/wp-content/plugins/total-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,total-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/total-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "total-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/totalpoll-lite-79e3222cd5781d3ee2de3dbd9ec9763f.yaml b/nuclei-templates/cve-less/plugins/totalpoll-lite-79e3222cd5781d3ee2de3dbd9ec9763f.yaml new file mode 100644 index 0000000000..df4de4daf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/totalpoll-lite-79e3222cd5781d3ee2de3dbd9ec9763f.yaml @@ -0,0 +1,58 @@ +id: totalpoll-lite-79e3222cd5781d3ee2de3dbd9ec9763f + +info: + name: > + Total Poll Lite <= 4.9.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ef57441-8e35-44c4-b566-56e8f1dd18d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/totalpoll-lite/" + google-query: inurl:"/wp-content/plugins/totalpoll-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,totalpoll-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/totalpoll-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "totalpoll-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/totalpoll-lite-dfd03aad01c26cf05b1c4c93b960bbc9.yaml b/nuclei-templates/cve-less/plugins/totalpoll-lite-dfd03aad01c26cf05b1c4c93b960bbc9.yaml new file mode 100644 index 0000000000..148588c8fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/totalpoll-lite-dfd03aad01c26cf05b1c4c93b960bbc9.yaml @@ -0,0 +1,58 @@ +id: totalpoll-lite-dfd03aad01c26cf05b1c4c93b960bbc9 + +info: + name: > + Total Poll Lite <= 4.8.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3ae5e7-1f41-48cd-8aea-698e3b00066c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/totalpoll-lite/" + google-query: inurl:"/wp-content/plugins/totalpoll-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,totalpoll-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/totalpoll-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "totalpoll-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/totop-link-60f02b8fa4eb1579a77b1a967b981a9d.yaml b/nuclei-templates/cve-less/plugins/totop-link-60f02b8fa4eb1579a77b1a967b981a9d.yaml new file mode 100644 index 0000000000..1c61f3a744 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/totop-link-60f02b8fa4eb1579a77b1a967b981a9d.yaml @@ -0,0 +1,58 @@ +id: totop-link-60f02b8fa4eb1579a77b1a967b981a9d + +info: + name: > + ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b159d4f-494e-4ab4-8ed7-3421b437597e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/totop-link/" + google-query: inurl:"/wp-content/plugins/totop-link/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,totop-link,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/totop-link/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "totop-link" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tour-booking-manager-54c41ad802aaebe2d928746014c08472.yaml b/nuclei-templates/cve-less/plugins/tour-booking-manager-54c41ad802aaebe2d928746014c08472.yaml new file mode 100644 index 0000000000..1c2cef3e1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tour-booking-manager-54c41ad802aaebe2d928746014c08472.yaml @@ -0,0 +1,58 @@ +id: tour-booking-manager-54c41ad802aaebe2d928746014c08472 + +info: + name: > + WpTravelly <= 1.6.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e34e774-30fe-49dc-b1f8-8dd63da65d23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tour-booking-manager/" + google-query: inurl:"/wp-content/plugins/tour-booking-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tour-booking-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tour-booking-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tour-booking-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tourfic-2b22d0b76b6d55c94058bbf5818916eb.yaml b/nuclei-templates/cve-less/plugins/tourfic-2b22d0b76b6d55c94058bbf5818916eb.yaml new file mode 100644 index 0000000000..7dac2a3a5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tourfic-2b22d0b76b6d55c94058bbf5818916eb.yaml @@ -0,0 +1,58 @@ +id: tourfic-2b22d0b76b6d55c94058bbf5818916eb + +info: + name: > + Tourfic <= 2.11.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32d4c259-b56d-4f8f-84b8-7ef451fd02ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tourfic/" + google-query: inurl:"/wp-content/plugins/tourfic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tourfic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tourfic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tourfic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tourfic-98b35360d65753a713db3a25c694f42c.yaml b/nuclei-templates/cve-less/plugins/tourfic-98b35360d65753a713db3a25c694f42c.yaml new file mode 100644 index 0000000000..6bab0915a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tourfic-98b35360d65753a713db3a25c694f42c.yaml @@ -0,0 +1,58 @@ +id: tourfic-98b35360d65753a713db3a25c694f42c + +info: + name: > + Tourfic <= 2.11.15 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae39fac4-6b65-42a6-bd34-c364922ef675?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tourfic/" + google-query: inurl:"/wp-content/plugins/tourfic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tourfic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tourfic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tourfic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tourfic-edd8e3c62f3b71f626ad36553a59802b.yaml b/nuclei-templates/cve-less/plugins/tourfic-edd8e3c62f3b71f626ad36553a59802b.yaml new file mode 100644 index 0000000000..93cdcd7996 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tourfic-edd8e3c62f3b71f626ad36553a59802b.yaml @@ -0,0 +1,58 @@ +id: tourfic-edd8e3c62f3b71f626ad36553a59802b + +info: + name: > + Tourfic <= 2.11.17 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6973c8e0-d14b-4945-be1c-b7c8b44a4bcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tourfic/" + google-query: inurl:"/wp-content/plugins/tourfic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tourfic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tourfic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tourfic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tourfic-f0ebaf7908d2916224db8f5d1ff59d88.yaml b/nuclei-templates/cve-less/plugins/tourfic-f0ebaf7908d2916224db8f5d1ff59d88.yaml new file mode 100644 index 0000000000..d35140a02a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tourfic-f0ebaf7908d2916224db8f5d1ff59d88.yaml @@ -0,0 +1,58 @@ +id: tourfic-f0ebaf7908d2916224db8f5d1ff59d88 + +info: + name: > + Tourfic <= 2.11.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b258fa40-4e76-4c84-b32f-e6c46fee770a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tourfic/" + google-query: inurl:"/wp-content/plugins/tourfic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tourfic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tourfic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tourfic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tp-education-da386ce90f0520e508b80fb1a2e2a0c2.yaml b/nuclei-templates/cve-less/plugins/tp-education-da386ce90f0520e508b80fb1a2e2a0c2.yaml new file mode 100644 index 0000000000..f1eda0d71d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tp-education-da386ce90f0520e508b80fb1a2e2a0c2.yaml @@ -0,0 +1,58 @@ +id: tp-education-da386ce90f0520e508b80fb1a2e2a0c2 + +info: + name: > + TP Education <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfba9979-44a2-4ad4-bb6a-f54f73b628d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tp-education/" + google-query: inurl:"/wp-content/plugins/tp-education/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tp-education,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tp-education/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tp-education" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tpg-redirect-98c7efbdf31bd767f6d42c5af6007d9c.yaml b/nuclei-templates/cve-less/plugins/tpg-redirect-98c7efbdf31bd767f6d42c5af6007d9c.yaml new file mode 100644 index 0000000000..619bb72e9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tpg-redirect-98c7efbdf31bd767f6d42c5af6007d9c.yaml @@ -0,0 +1,58 @@ +id: tpg-redirect-98c7efbdf31bd767f6d42c5af6007d9c + +info: + name: > + TPG Redirect <= 1.0.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d92b9c21-067b-41c3-a385-a65faa8dd0ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tpg-redirect/" + google-query: inurl:"/wp-content/plugins/tpg-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tpg-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tpg-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tpg-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tr-easy-google-analytics-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/tr-easy-google-analytics-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..36556bb107 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tr-easy-google-analytics-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: tr-easy-google-analytics-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tr-easy-google-analytics/" + google-query: inurl:"/wp-content/plugins/tr-easy-google-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tr-easy-google-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tr-easy-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tr-easy-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/track-geolocation-of-users-using-contact-form-7-5fc14f2bf72ff01c08c1f94583d480b0.yaml b/nuclei-templates/cve-less/plugins/track-geolocation-of-users-using-contact-form-7-5fc14f2bf72ff01c08c1f94583d480b0.yaml new file mode 100644 index 0000000000..06b8eac314 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/track-geolocation-of-users-using-contact-form-7-5fc14f2bf72ff01c08c1f94583d480b0.yaml @@ -0,0 +1,58 @@ +id: track-geolocation-of-users-using-contact-form-7-5fc14f2bf72ff01c08c1f94583d480b0 + +info: + name: > + Track Geolocation Of Users Using Contact Form 7 <= 1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/724d8f79-f683-4b06-841d-a9104c87f3c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/track-geolocation-of-users-using-contact-form-7/" + google-query: inurl:"/wp-content/plugins/track-geolocation-of-users-using-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,track-geolocation-of-users-using-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/track-geolocation-of-users-using-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "track-geolocation-of-users-using-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/track-the-click-61b51e0560f095cce3544140b3170777.yaml b/nuclei-templates/cve-less/plugins/track-the-click-61b51e0560f095cce3544140b3170777.yaml new file mode 100644 index 0000000000..308d88499c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/track-the-click-61b51e0560f095cce3544140b3170777.yaml @@ -0,0 +1,58 @@ +id: track-the-click-61b51e0560f095cce3544140b3170777 + +info: + name: > + Track The Click <= 0.3.11 - Authenticated (Author+) SQL Injection via 'stats' REST Endpoint + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcddb0f3-41d5-4635-88ac-556ee3eec49a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/track-the-click/" + google-query: inurl:"/wp-content/plugins/track-the-click/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,track-the-click,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/track-the-click/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "track-the-click" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tracking-code-manager-421ea02f0f2faaa78ee159ebbd1f2ea2.yaml b/nuclei-templates/cve-less/plugins/tracking-code-manager-421ea02f0f2faaa78ee159ebbd1f2ea2.yaml new file mode 100644 index 0000000000..73e57af72f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tracking-code-manager-421ea02f0f2faaa78ee159ebbd1f2ea2.yaml @@ -0,0 +1,58 @@ +id: tracking-code-manager-421ea02f0f2faaa78ee159ebbd1f2ea2 + +info: + name: > + Tracking Code Manager <= 2.0.16 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0c962ba-43ef-4713-acd9-1e499f857df8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tracking-code-manager/" + google-query: inurl:"/wp-content/plugins/tracking-code-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tracking-code-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tracking-code-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tracking-code-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tracking-code-manager-6e8a9152de2bbc5b83be5ce9d45091f1.yaml b/nuclei-templates/cve-less/plugins/tracking-code-manager-6e8a9152de2bbc5b83be5ce9d45091f1.yaml new file mode 100644 index 0000000000..93732e2cdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tracking-code-manager-6e8a9152de2bbc5b83be5ce9d45091f1.yaml @@ -0,0 +1,58 @@ +id: tracking-code-manager-6e8a9152de2bbc5b83be5ce9d45091f1 + +info: + name: > + Tracking Code Manager <= 2.1.0 - Missing Authorization via change_order() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d54e5ad-0a97-4dd4-b53b-ad3f885dc506?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tracking-code-manager/" + google-query: inurl:"/wp-content/plugins/tracking-code-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tracking-code-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tracking-code-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tracking-code-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/trackship-for-woocommerce-8c789a924b584ff9b2a3b88bc5b7e816.yaml b/nuclei-templates/cve-less/plugins/trackship-for-woocommerce-8c789a924b584ff9b2a3b88bc5b7e816.yaml new file mode 100644 index 0000000000..02d0dcf51e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/trackship-for-woocommerce-8c789a924b584ff9b2a3b88bc5b7e816.yaml @@ -0,0 +1,58 @@ +id: trackship-for-woocommerce-8c789a924b584ff9b2a3b88bc5b7e816 + +info: + name: > + TrackShip for WooCommerce <= 1.7.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41de0cf6-d093-4c33-8123-a097ba3e0add?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/trackship-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/trackship-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,trackship-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/trackship-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "trackship-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tradetracker-store-1ff709162f10c9c6eac55480ea55c5a7.yaml b/nuclei-templates/cve-less/plugins/tradetracker-store-1ff709162f10c9c6eac55480ea55c5a7.yaml new file mode 100644 index 0000000000..c044524936 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tradetracker-store-1ff709162f10c9c6eac55480ea55c5a7.yaml @@ -0,0 +1,58 @@ +id: tradetracker-store-1ff709162f10c9c6eac55480ea55c5a7 + +info: + name: > + Tradetracker-Store < 4.6.60 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2ebbb5-0590-4e4a-a9b6-abc80b220d18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tradetracker-store/" + google-query: inurl:"/wp-content/plugins/tradetracker-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tradetracker-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tradetracker-store/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tradetracker-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.60') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/traffic-manager-0cc0200594a7eced582455e86333c795.yaml b/nuclei-templates/cve-less/plugins/traffic-manager-0cc0200594a7eced582455e86333c795.yaml new file mode 100644 index 0000000000..6127cc6edb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/traffic-manager-0cc0200594a7eced582455e86333c795.yaml @@ -0,0 +1,58 @@ +id: traffic-manager-0cc0200594a7eced582455e86333c795 + +info: + name: > + Traffic Manager <= 1.4.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3610644e-3481-4fed-a83c-cd9ce09775d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/traffic-manager/" + google-query: inurl:"/wp-content/plugins/traffic-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,traffic-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/traffic-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "traffic-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/traffic-manager-1b0051f6cdacf52fc28a89570f274917.yaml b/nuclei-templates/cve-less/plugins/traffic-manager-1b0051f6cdacf52fc28a89570f274917.yaml new file mode 100644 index 0000000000..149b8bcb0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/traffic-manager-1b0051f6cdacf52fc28a89570f274917.yaml @@ -0,0 +1,58 @@ +id: traffic-manager-1b0051f6cdacf52fc28a89570f274917 + +info: + name: > + Traffic Manager <= 1.4.5 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc98e78b-5388-4573-b2a1-9bad7901d507?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/traffic-manager/" + google-query: inurl:"/wp-content/plugins/traffic-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,traffic-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/traffic-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "traffic-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/trafficanalyzer-f3bf3aa52e1e30ba08101ace5617af2a.yaml b/nuclei-templates/cve-less/plugins/trafficanalyzer-f3bf3aa52e1e30ba08101ace5617af2a.yaml new file mode 100644 index 0000000000..7ff06f101f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/trafficanalyzer-f3bf3aa52e1e30ba08101ace5617af2a.yaml @@ -0,0 +1,58 @@ +id: trafficanalyzer-f3bf3aa52e1e30ba08101ace5617af2a + +info: + name: > + Traffic Analyzer < 3.4.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a385d286-c15c-4e95-b360-fec1ec455b47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/trafficanalyzer/" + google-query: inurl:"/wp-content/plugins/trafficanalyzer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,trafficanalyzer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/trafficanalyzer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "trafficanalyzer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/transbank-webpay-plus-rest-73d72f655c3b804018b0ad6a3a400257.yaml b/nuclei-templates/cve-less/plugins/transbank-webpay-plus-rest-73d72f655c3b804018b0ad6a3a400257.yaml new file mode 100644 index 0000000000..7b20571fe1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/transbank-webpay-plus-rest-73d72f655c3b804018b0ad6a3a400257.yaml @@ -0,0 +1,58 @@ +id: transbank-webpay-plus-rest-73d72f655c3b804018b0ad6a3a400257 + +info: + name: > + Transbank Webpay REST <= 1.6.6 - Authenticated (Administrator+) SQL Injection via orderby + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b737a26-e4ae-4c9f-a98a-a22a31ac4f99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/transbank-webpay-plus-rest/" + google-query: inurl:"/wp-content/plugins/transbank-webpay-plus-rest/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,transbank-webpay-plus-rest,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/transbank-webpay-plus-rest/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transbank-webpay-plus-rest" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/transcoder-d2e24dc9b57b626b239083dab805eaec.yaml b/nuclei-templates/cve-less/plugins/transcoder-d2e24dc9b57b626b239083dab805eaec.yaml new file mode 100644 index 0000000000..16b876329e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/transcoder-d2e24dc9b57b626b239083dab805eaec.yaml @@ -0,0 +1,58 @@ +id: transcoder-d2e24dc9b57b626b239083dab805eaec + +info: + name: > + Transcoder <= 1.3.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd47f21c-70e1-4458-a552-377956141a65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/transcoder/" + google-query: inurl:"/wp-content/plugins/transcoder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,transcoder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/transcoder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transcoder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/translatepress-multilingual-17f9d007266f9a0cab0ee55eb44edcc9.yaml b/nuclei-templates/cve-less/plugins/translatepress-multilingual-17f9d007266f9a0cab0ee55eb44edcc9.yaml new file mode 100644 index 0000000000..b65b14daba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/translatepress-multilingual-17f9d007266f9a0cab0ee55eb44edcc9.yaml @@ -0,0 +1,58 @@ +id: translatepress-multilingual-17f9d007266f9a0cab0ee55eb44edcc9 + +info: + name: > + TranslatePress <= 2.3.2 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77582ba1-98b0-41c1-a665-e49704313823?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/translatepress-multilingual/" + google-query: inurl:"/wp-content/plugins/translatepress-multilingual/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,translatepress-multilingual,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/translatepress-multilingual/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "translatepress-multilingual" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/translatepress-multilingual-1bcc8deaed7a36dfed3699cc2606446d.yaml b/nuclei-templates/cve-less/plugins/translatepress-multilingual-1bcc8deaed7a36dfed3699cc2606446d.yaml new file mode 100644 index 0000000000..8a8ae3a11f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/translatepress-multilingual-1bcc8deaed7a36dfed3699cc2606446d.yaml @@ -0,0 +1,58 @@ +id: translatepress-multilingual-1bcc8deaed7a36dfed3699cc2606446d + +info: + name: > + TranslatePress <= 2.0.8 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d00e477-8e01-4144-86e6-f1cc00fb1d0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/translatepress-multilingual/" + google-query: inurl:"/wp-content/plugins/translatepress-multilingual/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,translatepress-multilingual,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/translatepress-multilingual/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "translatepress-multilingual" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/translation-exchange-31af361d998f1bee646666eb75e8dde6.yaml b/nuclei-templates/cve-less/plugins/translation-exchange-31af361d998f1bee646666eb75e8dde6.yaml new file mode 100644 index 0000000000..39e32eeebc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/translation-exchange-31af361d998f1bee646666eb75e8dde6.yaml @@ -0,0 +1,58 @@ +id: translation-exchange-31af361d998f1bee646666eb75e8dde6 + +info: + name: > + Translation Exchange <= 1.0.14 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85ba54cc-3ef8-49ee-bef0-6fef8e116871?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/translation-exchange/" + google-query: inurl:"/wp-content/plugins/translation-exchange/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,translation-exchange,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/translation-exchange/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "translation-exchange" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-49c0e5a87593ae8cdbc066b20e281fbc.yaml b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-49c0e5a87593ae8cdbc066b20e281fbc.yaml new file mode 100644 index 0000000000..b693686538 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-49c0e5a87593ae8cdbc066b20e281fbc.yaml @@ -0,0 +1,58 @@ +id: transposh-translation-filter-for-wordpress-49c0e5a87593ae8cdbc066b20e281fbc + +info: + name: > + Transposh WordPress Translation <= 1.0.7 - Reflected Cross-Site Scripting via tp_tp + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf1cc19a-2ca2-4322-9f37-3f7e24ea38c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/" + google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/transposh-translation-filter-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transposh-translation-filter-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-4b35d32175d8c6a60caf01bbc915cbc9.yaml b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-4b35d32175d8c6a60caf01bbc915cbc9.yaml new file mode 100644 index 0000000000..f149190d65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-4b35d32175d8c6a60caf01bbc915cbc9.yaml @@ -0,0 +1,58 @@ +id: transposh-translation-filter-for-wordpress-4b35d32175d8c6a60caf01bbc915cbc9 + +info: + name: > + Transposh WordPress Translation <= 1.0.8.1 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e1d8afa-0a38-434b-b3d8-04019010ab21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/" + google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/transposh-translation-filter-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transposh-translation-filter-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-4b9ec610b796c8632d430b70259226bd.yaml b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-4b9ec610b796c8632d430b70259226bd.yaml new file mode 100644 index 0000000000..4c7aed879a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-4b9ec610b796c8632d430b70259226bd.yaml @@ -0,0 +1,58 @@ +id: transposh-translation-filter-for-wordpress-4b9ec610b796c8632d430b70259226bd + +info: + name: > + Transposh WordPress Translation <= 1.0.8.1 - Unauthorized Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/223373fc-9d78-47f0-b283-109f8e00b802?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/" + google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/transposh-translation-filter-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transposh-translation-filter-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-99547d0fc21ffda2676b791122585c77.yaml b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-99547d0fc21ffda2676b791122585c77.yaml new file mode 100644 index 0000000000..c09d5a789f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-99547d0fc21ffda2676b791122585c77.yaml @@ -0,0 +1,58 @@ +id: transposh-translation-filter-for-wordpress-99547d0fc21ffda2676b791122585c77 + +info: + name: > + Transposh WordPress Translation <= 1.0.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6a99d7f-f5b1-4bdc-ad67-353fea94d649?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/" + google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/transposh-translation-filter-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transposh-translation-filter-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-a687f130dc4fb0dc3fa1596936a6c928.yaml b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-a687f130dc4fb0dc3fa1596936a6c928.yaml new file mode 100644 index 0000000000..8f0bb9fe63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-a687f130dc4fb0dc3fa1596936a6c928.yaml @@ -0,0 +1,58 @@ +id: transposh-translation-filter-for-wordpress-a687f130dc4fb0dc3fa1596936a6c928 + +info: + name: > + Transposh WordPress Translation <= 1.0.8.1 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbf8a398-334b-4b89-8a39-b8f0032fefc7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/" + google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/transposh-translation-filter-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transposh-translation-filter-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-bc943b920a596196582824c3eeb70aba.yaml b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-bc943b920a596196582824c3eeb70aba.yaml new file mode 100644 index 0000000000..86649bead0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-bc943b920a596196582824c3eeb70aba.yaml @@ -0,0 +1,58 @@ +id: transposh-translation-filter-for-wordpress-bc943b920a596196582824c3eeb70aba + +info: + name: > + Transposh WordPress Translation <= 1.0.8.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd1f12ac-86ac-4be9-9575-98381c3b4291?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/" + google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/transposh-translation-filter-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transposh-translation-filter-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-d8f6d24ae9aefabd89bc3732379fc08a.yaml b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-d8f6d24ae9aefabd89bc3732379fc08a.yaml new file mode 100644 index 0000000000..edc8f748a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-d8f6d24ae9aefabd89bc3732379fc08a.yaml @@ -0,0 +1,58 @@ +id: transposh-translation-filter-for-wordpress-d8f6d24ae9aefabd89bc3732379fc08a + +info: + name: > + Transposh WordPress Translation <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting via 'tp_translation' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8aa19b3a-229e-460d-b592-c0a2c7fd5c06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/" + google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/transposh-translation-filter-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transposh-translation-filter-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-f437ea7631a9816d78b50dbf1934085a.yaml b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-f437ea7631a9816d78b50dbf1934085a.yaml new file mode 100644 index 0000000000..5e88655e0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-f437ea7631a9816d78b50dbf1934085a.yaml @@ -0,0 +1,58 @@ +id: transposh-translation-filter-for-wordpress-f437ea7631a9816d78b50dbf1934085a + +info: + name: > + Transposh WordPress Translation <= 1.0.8.1 - Authenticated (Admin+) SQL Injection via 'tp_editor' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/deb912f0-bfba-470f-9a18-47c3d65905dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/" + google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/transposh-translation-filter-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transposh-translation-filter-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-ff4e9233f972b9e92d912d8cb47ef8e2.yaml b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-ff4e9233f972b9e92d912d8cb47ef8e2.yaml new file mode 100644 index 0000000000..f6d4b7599f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/transposh-translation-filter-for-wordpress-ff4e9233f972b9e92d912d8cb47ef8e2.yaml @@ -0,0 +1,58 @@ +id: transposh-translation-filter-for-wordpress-ff4e9233f972b9e92d912d8cb47ef8e2 + +info: + name: > + Transposh WordPress Translation <= 1.0.8.1 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c774b520-9d9f-4102-8564-49673d5ae1e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/transposh-translation-filter-for-wordpress/" + google-query: inurl:"/wp-content/plugins/transposh-translation-filter-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,transposh-translation-filter-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/transposh-translation-filter-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transposh-translation-filter-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/travelers-map-d60ef1067dd86b18895f878c5b5156fd.yaml b/nuclei-templates/cve-less/plugins/travelers-map-d60ef1067dd86b18895f878c5b5156fd.yaml new file mode 100644 index 0000000000..440b5cc7b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/travelers-map-d60ef1067dd86b18895f878c5b5156fd.yaml @@ -0,0 +1,58 @@ +id: travelers-map-d60ef1067dd86b18895f878c5b5156fd + +info: + name: > + Travelers' Map <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23af50ec-e293-4c06-be64-474057e25845?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/travelers-map/" + google-query: inurl:"/wp-content/plugins/travelers-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,travelers-map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/travelers-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "travelers-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/travelmap-blog-24d707836e835d320b88fb566bce9822.yaml b/nuclei-templates/cve-less/plugins/travelmap-blog-24d707836e835d320b88fb566bce9822.yaml new file mode 100644 index 0000000000..e49d8a0dec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/travelmap-blog-24d707836e835d320b88fb566bce9822.yaml @@ -0,0 +1,58 @@ +id: travelmap-blog-24d707836e835d320b88fb566bce9822 + +info: + name: > + Travel Map <= 1.0.1 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f04a742-56be-42e9-9080-2131c6e98325?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/travelmap-blog/" + google-query: inurl:"/wp-content/plugins/travelmap-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,travelmap-blog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/travelmap-blog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "travelmap-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/travelpayouts-b09a62954fc53a69adf6069c4bfa2ef7.yaml b/nuclei-templates/cve-less/plugins/travelpayouts-b09a62954fc53a69adf6069c4bfa2ef7.yaml new file mode 100644 index 0000000000..2d74aa8edf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/travelpayouts-b09a62954fc53a69adf6069c4bfa2ef7.yaml @@ -0,0 +1,58 @@ +id: travelpayouts-b09a62954fc53a69adf6069c4bfa2ef7 + +info: + name: > + Travelpayouts: All Travel Brands in One Place <= 1.1.16 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9d19571-f0a1-4f15-a292-89b938c49afc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/travelpayouts/" + google-query: inurl:"/wp-content/plugins/travelpayouts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,travelpayouts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/travelpayouts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "travelpayouts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tree-website-map-77f419c6676bae16b665cb7bfb361770.yaml b/nuclei-templates/cve-less/plugins/tree-website-map-77f419c6676bae16b665cb7bfb361770.yaml new file mode 100644 index 0000000000..5874fcb884 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tree-website-map-77f419c6676bae16b665cb7bfb361770.yaml @@ -0,0 +1,58 @@ +id: tree-website-map-77f419c6676bae16b665cb7bfb361770 + +info: + name: > + Tree Sitemap (Pages, Posts & Categories list) <= 2.9 - Missing Authorization to Arbitrary Plugin Installation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf893b1e-9fcf-4a3a-862e-4f050617acc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tree-website-map/" + google-query: inurl:"/wp-content/plugins/tree-website-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tree-website-map,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tree-website-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tree-website-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/treepress-537feb2660b274ef93e595158af0eec1.yaml b/nuclei-templates/cve-less/plugins/treepress-537feb2660b274ef93e595158af0eec1.yaml new file mode 100644 index 0000000000..0abf1ba441 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/treepress-537feb2660b274ef93e595158af0eec1.yaml @@ -0,0 +1,58 @@ +id: treepress-537feb2660b274ef93e595158af0eec1 + +info: + name: > + TreePress – Easy Family Trees & Ancestor Profiles <= 2.0.22 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'post_title' parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbef8738-d639-48a5-98b7-abf9a7e9fec1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/treepress/" + google-query: inurl:"/wp-content/plugins/treepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,treepress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/treepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "treepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/trexanh-property-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/trexanh-property-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..350ef2cded --- /dev/null +++ b/nuclei-templates/cve-less/plugins/trexanh-property-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: trexanh-property-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/trexanh-property/" + google-query: inurl:"/wp-content/plugins/trexanh-property/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,trexanh-property,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/trexanh-property/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "trexanh-property" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/triberr-wordpress-plugin-feb2ed9a776f1da5d8e1058653f64bda.yaml b/nuclei-templates/cve-less/plugins/triberr-wordpress-plugin-feb2ed9a776f1da5d8e1058653f64bda.yaml new file mode 100644 index 0000000000..9a264e37a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/triberr-wordpress-plugin-feb2ed9a776f1da5d8e1058653f64bda.yaml @@ -0,0 +1,58 @@ +id: triberr-wordpress-plugin-feb2ed9a776f1da5d8e1058653f64bda + +info: + name: > + Triberr <= 4.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e8a8e0e-6dc0-4d9f-aee3-1fd940c49d3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/triberr-wordpress-plugin/" + google-query: inurl:"/wp-content/plugins/triberr-wordpress-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,triberr-wordpress-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/triberr-wordpress-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "triberr-wordpress-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tripay-payment-gateway-3b9f3653c0029d132688d85fbc757af3.yaml b/nuclei-templates/cve-less/plugins/tripay-payment-gateway-3b9f3653c0029d132688d85fbc757af3.yaml new file mode 100644 index 0000000000..895c9ed2e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tripay-payment-gateway-3b9f3653c0029d132688d85fbc757af3.yaml @@ -0,0 +1,58 @@ +id: tripay-payment-gateway-3b9f3653c0029d132688d85fbc757af3 + +info: + name: > + TriPay Payment Gateway <= 3.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/946add6f-4cd5-4c55-9399-a782140f217c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tripay-payment-gateway/" + google-query: inurl:"/wp-content/plugins/tripay-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tripay-payment-gateway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tripay-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tripay-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tripetto-cbd3eb6cc45789e5134a8a2c5f167a39.yaml b/nuclei-templates/cve-less/plugins/tripetto-cbd3eb6cc45789e5134a8a2c5f167a39.yaml new file mode 100644 index 0000000000..e28725dda6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tripetto-cbd3eb6cc45789e5134a8a2c5f167a39.yaml @@ -0,0 +1,58 @@ +id: tripetto-cbd3eb6cc45789e5134a8a2c5f167a39 + +info: + name: > + WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 5.1.4 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b430f0a-d50c-4923-8916-2c26bf5d619a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tripetto/" + google-query: inurl:"/wp-content/plugins/tripetto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tripetto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tripetto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tripetto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/trust-form-68ca9f8a242a5c678fbfe7eb11cba349.yaml b/nuclei-templates/cve-less/plugins/trust-form-68ca9f8a242a5c678fbfe7eb11cba349.yaml new file mode 100644 index 0000000000..f88bc432e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/trust-form-68ca9f8a242a5c678fbfe7eb11cba349.yaml @@ -0,0 +1,58 @@ +id: trust-form-68ca9f8a242a5c678fbfe7eb11cba349 + +info: + name: > + Trust Form <= 2.0.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d2daa67-50b6-4850-92bf-49f29b1d8eb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/trust-form/" + google-query: inurl:"/wp-content/plugins/trust-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,trust-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/trust-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "trust-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/trx_addons-69db74f4852004f23d22f9fcc0555117.yaml b/nuclei-templates/cve-less/plugins/trx_addons-69db74f4852004f23d22f9fcc0555117.yaml new file mode 100644 index 0000000000..c9bdab5dc7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/trx_addons-69db74f4852004f23d22f9fcc0555117.yaml @@ -0,0 +1,58 @@ +id: trx_addons-69db74f4852004f23d22f9fcc0555117 + +info: + name: > + ThemeREX Addons (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a14b674-620e-4247-a200-92d9f23acbca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/trx_addons/" + google-query: inurl:"/wp-content/plugins/trx_addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,trx_addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/trx_addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "trx_addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.70.3', '< 1.70.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ts-webfonts-for-conoha-dfc5edcffb51809997c1a8d53e1c44ad.yaml b/nuclei-templates/cve-less/plugins/ts-webfonts-for-conoha-dfc5edcffb51809997c1a8d53e1c44ad.yaml new file mode 100644 index 0000000000..b71b98d5a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ts-webfonts-for-conoha-dfc5edcffb51809997c1a8d53e1c44ad.yaml @@ -0,0 +1,58 @@ +id: ts-webfonts-for-conoha-dfc5edcffb51809997c1a8d53e1c44ad + +info: + name: > + TypeSquare Webfonts for ConoHa <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80e9aa1f-166f-47df-bc50-c7dd55c6e7cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ts-webfonts-for-conoha/" + google-query: inurl:"/wp-content/plugins/ts-webfonts-for-conoha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ts-webfonts-for-conoha,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ts-webfonts-for-conoha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ts-webfonts-for-conoha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ts-webfonts-for-sakura-20e7688da466978fa975c03a8c97cece.yaml b/nuclei-templates/cve-less/plugins/ts-webfonts-for-sakura-20e7688da466978fa975c03a8c97cece.yaml new file mode 100644 index 0000000000..f6e1bb0037 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ts-webfonts-for-sakura-20e7688da466978fa975c03a8c97cece.yaml @@ -0,0 +1,58 @@ +id: ts-webfonts-for-sakura-20e7688da466978fa975c03a8c97cece + +info: + name: > + TS Webfonts for SAKURA <= 3.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/887a1697-608e-4bf8-8c15-188737cb22c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ts-webfonts-for-sakura/" + google-query: inurl:"/wp-content/plugins/ts-webfonts-for-sakura/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ts-webfonts-for-sakura,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ts-webfonts-for-sakura/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ts-webfonts-for-sakura" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ts-webfonts-for-sakura-a105732b2a52f48ea5c6c2e4cd20e7e6.yaml b/nuclei-templates/cve-less/plugins/ts-webfonts-for-sakura-a105732b2a52f48ea5c6c2e4cd20e7e6.yaml new file mode 100644 index 0000000000..a77936afbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ts-webfonts-for-sakura-a105732b2a52f48ea5c6c2e4cd20e7e6.yaml @@ -0,0 +1,58 @@ +id: ts-webfonts-for-sakura-a105732b2a52f48ea5c6c2e4cd20e7e6 + +info: + name: > + TS Webfonts for SAKURA <= 3.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48be0157-5eb9-4e06-b406-0af659de034b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ts-webfonts-for-sakura/" + google-query: inurl:"/wp-content/plugins/ts-webfonts-for-sakura/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ts-webfonts-for-sakura,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ts-webfonts-for-sakura/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ts-webfonts-for-sakura" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ts-webfonts-for-sakura-c6294db0063d8f01b936cac40a7466ae.yaml b/nuclei-templates/cve-less/plugins/ts-webfonts-for-sakura-c6294db0063d8f01b936cac40a7466ae.yaml new file mode 100644 index 0000000000..a67036dacc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ts-webfonts-for-sakura-c6294db0063d8f01b936cac40a7466ae.yaml @@ -0,0 +1,58 @@ +id: ts-webfonts-for-sakura-c6294db0063d8f01b936cac40a7466ae + +info: + name: > + TS Webfonts for さくらのレンタルサーバ <= 3.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/025d576b-7342-4863-ac30-f1ff0205d638?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ts-webfonts-for-sakura/" + google-query: inurl:"/wp-content/plugins/ts-webfonts-for-sakura/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ts-webfonts-for-sakura,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ts-webfonts-for-sakura/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ts-webfonts-for-sakura" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ttv-easy-embed-player-f7f846ee6a2643596409a73557db5ac2.yaml b/nuclei-templates/cve-less/plugins/ttv-easy-embed-player-f7f846ee6a2643596409a73557db5ac2.yaml new file mode 100644 index 0000000000..be979323fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ttv-easy-embed-player-f7f846ee6a2643596409a73557db5ac2.yaml @@ -0,0 +1,58 @@ +id: ttv-easy-embed-player-f7f846ee6a2643596409a73557db5ac2 + +info: + name: > + Twitch Player <= 2.1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03c8ec0a-f75f-450f-86e7-a18dfbae9461?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ttv-easy-embed-player/" + google-query: inurl:"/wp-content/plugins/ttv-easy-embed-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ttv-easy-embed-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ttv-easy-embed-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ttv-easy-embed-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tubepress-57636a2970a5968684b69eba7f56b3ea.yaml b/nuclei-templates/cve-less/plugins/tubepress-57636a2970a5968684b69eba7f56b3ea.yaml new file mode 100644 index 0000000000..c581db92fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tubepress-57636a2970a5968684b69eba7f56b3ea.yaml @@ -0,0 +1,58 @@ +id: tubepress-57636a2970a5968684b69eba7f56b3ea + +info: + name: > + TubePress < 1.6.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a80d13c7-21e4-4cb5-b28d-340668732c0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tubepress/" + google-query: inurl:"/wp-content/plugins/tubepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tubepress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tubepress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tubepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tumult-hype-animations-6b17719b7745b3293d6a68a531034051.yaml b/nuclei-templates/cve-less/plugins/tumult-hype-animations-6b17719b7745b3293d6a68a531034051.yaml new file mode 100644 index 0000000000..ab933de4f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tumult-hype-animations-6b17719b7745b3293d6a68a531034051.yaml @@ -0,0 +1,58 @@ +id: tumult-hype-animations-6b17719b7745b3293d6a68a531034051 + +info: + name: > + Tumult Hype Animations <= 1.9.12 - Authenticated (Author+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb267bbd-cd62-49f7-9abc-c6734b23be22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tumult-hype-animations/" + google-query: inurl:"/wp-content/plugins/tumult-hype-animations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tumult-hype-animations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tumult-hype-animations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tumult-hype-animations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tumult-hype-animations-be55063f7f98deaf97bbbf0199feb448.yaml b/nuclei-templates/cve-less/plugins/tumult-hype-animations-be55063f7f98deaf97bbbf0199feb448.yaml new file mode 100644 index 0000000000..d180ee8151 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tumult-hype-animations-be55063f7f98deaf97bbbf0199feb448.yaml @@ -0,0 +1,58 @@ +id: tumult-hype-animations-be55063f7f98deaf97bbbf0199feb448 + +info: + name: > + Tumult Hype Animations <= 1.9.11 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee7408d2-3cff-4c80-bc07-b0418676e961?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tumult-hype-animations/" + google-query: inurl:"/wp-content/plugins/tumult-hype-animations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tumult-hype-animations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tumult-hype-animations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tumult-hype-animations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tune-library-61d4a8b20f3ed6218af8118f12f3c6f5.yaml b/nuclei-templates/cve-less/plugins/tune-library-61d4a8b20f3ed6218af8118f12f3c6f5.yaml new file mode 100644 index 0000000000..2a2c1c07aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tune-library-61d4a8b20f3ed6218af8118f12f3c6f5.yaml @@ -0,0 +1,58 @@ +id: tune-library-61d4a8b20f3ed6218af8118f12f3c6f5 + +info: + name: > + Tune Library < 1.5.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23aa8a2f-9238-4d93-b2d2-de7838ccb156?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tune-library/" + google-query: inurl:"/wp-content/plugins/tune-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tune-library,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tune-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tune-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/turn-off-comments-for-all-posts-0e14619d4299f9ad0b2cbdadcef1842c.yaml b/nuclei-templates/cve-less/plugins/turn-off-comments-for-all-posts-0e14619d4299f9ad0b2cbdadcef1842c.yaml new file mode 100644 index 0000000000..5b46e29206 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/turn-off-comments-for-all-posts-0e14619d4299f9ad0b2cbdadcef1842c.yaml @@ -0,0 +1,58 @@ +id: turn-off-comments-for-all-posts-0e14619d4299f9ad0b2cbdadcef1842c + +info: + name: > + Turn off all comments <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ee49082-5255-4ab7-9562-bd786a32382c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/turn-off-comments-for-all-posts/" + google-query: inurl:"/wp-content/plugins/turn-off-comments-for-all-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,turn-off-comments-for-all-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/turn-off-comments-for-all-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "turn-off-comments-for-all-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-015631a41e17e7c68847b5f1f1c1e6e5.yaml b/nuclei-templates/cve-less/plugins/tutor-015631a41e17e7c68847b5f1f1c1e6e5.yaml new file mode 100644 index 0000000000..d6d7c14082 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-015631a41e17e7c68847b5f1f1c1e6e5.yaml @@ -0,0 +1,58 @@ +id: tutor-015631a41e17e7c68847b5f1f1c1e6e5 + +info: + name: > + Tutor LMS <= 2.6.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-06bc0f0b4cde81f2a3c25e5d1294f81f.yaml b/nuclei-templates/cve-less/plugins/tutor-06bc0f0b4cde81f2a3c25e5d1294f81f.yaml new file mode 100644 index 0000000000..3dc14ef572 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-06bc0f0b4cde81f2a3c25e5d1294f81f.yaml @@ -0,0 +1,58 @@ +id: tutor-06bc0f0b4cde81f2a3c25e5d1294f81f + +info: + name: > + Tutor LMS <= 2.0.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed579468-c998-4bec-b3a5-01d0ff206d35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-0f7d324b49374ff1264595834ad272cb.yaml b/nuclei-templates/cve-less/plugins/tutor-0f7d324b49374ff1264595834ad272cb.yaml new file mode 100644 index 0000000000..51d5effe01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-0f7d324b49374ff1264595834ad272cb.yaml @@ -0,0 +1,58 @@ +id: tutor-0f7d324b49374ff1264595834ad272cb + +info: + name: > + Tutor LMS <= 1.8.2 - SQL Injection via tutor_quiz_builder_get_question_form + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79f9632e-cfaf-48bd-aeed-919fc729f2b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-14663e06b0c267ee32922b2e7b917924.yaml b/nuclei-templates/cve-less/plugins/tutor-14663e06b0c267ee32922b2e7b917924.yaml new file mode 100644 index 0000000000..51ce7e50e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-14663e06b0c267ee32922b2e7b917924.yaml @@ -0,0 +1,58 @@ +id: tutor-14663e06b0c267ee32922b2e7b917924 + +info: + name: > + Tutor LMS <= 2.0.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5aff79ef-6c96-4386-abf1-b4e6931ef0d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-1a3c55b78621c5a0f1132cb6e90ef267.yaml b/nuclei-templates/cve-less/plugins/tutor-1a3c55b78621c5a0f1132cb6e90ef267.yaml new file mode 100644 index 0000000000..d19fbe3890 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-1a3c55b78621c5a0f1132cb6e90ef267.yaml @@ -0,0 +1,58 @@ +id: tutor-1a3c55b78621c5a0f1132cb6e90ef267 + +info: + name: > + Tutor LMS <=1.8.2 - SQL Injection via tutor_answering_quiz_question/get_answer_by_id + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec83bf1f-a2da-4ecf-8d82-9a555c751073?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-1b5a3539f272e50644f8022d37b4430b.yaml b/nuclei-templates/cve-less/plugins/tutor-1b5a3539f272e50644f8022d37b4430b.yaml new file mode 100644 index 0000000000..a64929bdc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-1b5a3539f272e50644f8022d37b4430b.yaml @@ -0,0 +1,58 @@ +id: tutor-1b5a3539f272e50644f8022d37b4430b + +info: + name: > + Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/324fc401-04ca-4707-8727-b8c3a66f7fd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-2219d30096a201736b1d63372957d1b1.yaml b/nuclei-templates/cve-less/plugins/tutor-2219d30096a201736b1d63372957d1b1.yaml new file mode 100644 index 0000000000..d041719e4e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-2219d30096a201736b1d63372957d1b1.yaml @@ -0,0 +1,58 @@ +id: tutor-2219d30096a201736b1d63372957d1b1 + +info: + name: > + Tutor LMS <= 1.9.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76d57372-9fb5-4166-bfa9-835e3ff7b755?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-2b473e1a0769986163223c209e7c2396.yaml b/nuclei-templates/cve-less/plugins/tutor-2b473e1a0769986163223c209e7c2396.yaml new file mode 100644 index 0000000000..2be97d0f0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-2b473e1a0769986163223c209e7c2396.yaml @@ -0,0 +1,58 @@ +id: tutor-2b473e1a0769986163223c209e7c2396 + +info: + name: > + Tutor LMS <= 2.2.0 - Missing Authorization via REST API + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d6c9765-6936-4b22-835e-e899f62c14c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-3a1a2462f10e12efaa2197ad33a42396.yaml b/nuclei-templates/cve-less/plugins/tutor-3a1a2462f10e12efaa2197ad33a42396.yaml new file mode 100644 index 0000000000..e7dc76612e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-3a1a2462f10e12efaa2197ad33a42396.yaml @@ -0,0 +1,58 @@ +id: tutor-3a1a2462f10e12efaa2197ad33a42396 + +info: + name: > + Tutor LMS <= 2.1.10 - Authenticated (Tutor Instructor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d623512-ee99-4a73-a752-ecbb6ad96b63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-583b3f0f882e9563f461b70129fd6f7b.yaml b/nuclei-templates/cve-less/plugins/tutor-583b3f0f882e9563f461b70129fd6f7b.yaml new file mode 100644 index 0000000000..0cecb8bead --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-583b3f0f882e9563f461b70129fd6f7b.yaml @@ -0,0 +1,58 @@ +id: tutor-583b3f0f882e9563f461b70129fd6f7b + +info: + name: > + Tutor LMS <= 2.1.8 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf16617d-cec2-4943-bd20-7ade31878714?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-728966d9c09b57c99055d67de463c279.yaml b/nuclei-templates/cve-less/plugins/tutor-728966d9c09b57c99055d67de463c279.yaml new file mode 100644 index 0000000000..44ec55366c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-728966d9c09b57c99055d67de463c279.yaml @@ -0,0 +1,58 @@ +id: tutor-728966d9c09b57c99055d67de463c279 + +info: + name: > + Tutor LMS <= 2.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a8b5554-b4d9-48f2-ad16-cf96aabcbb6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-78fae6f744a75ffe299dd93a24365b9f.yaml b/nuclei-templates/cve-less/plugins/tutor-78fae6f744a75ffe299dd93a24365b9f.yaml new file mode 100644 index 0000000000..5bd782b1dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-78fae6f744a75ffe299dd93a24365b9f.yaml @@ -0,0 +1,58 @@ +id: tutor-78fae6f744a75ffe299dd93a24365b9f + +info: + name: > + Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/834c4ca9-7173-4c84-8287-9916ec72935d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-78ff72d9346255abccb5396c4cac06cb.yaml b/nuclei-templates/cve-less/plugins/tutor-78ff72d9346255abccb5396c4cac06cb.yaml new file mode 100644 index 0000000000..dc18ae2caf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-78ff72d9346255abccb5396c4cac06cb.yaml @@ -0,0 +1,58 @@ +id: tutor-78ff72d9346255abccb5396c4cac06cb + +info: + name: > + Tutor LMS <= 1.8.7 - Authenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76c0d4f8-230d-452a-b39d-cbcb0af0fd72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-7feda050b3f384761620a931ffec2f7f.yaml b/nuclei-templates/cve-less/plugins/tutor-7feda050b3f384761620a931ffec2f7f.yaml new file mode 100644 index 0000000000..9ab8c104a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-7feda050b3f384761620a931ffec2f7f.yaml @@ -0,0 +1,58 @@ +id: tutor-7feda050b3f384761620a931ffec2f7f + +info: + name: > + Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22420c2d-788c-4577-ae54-7b48f6063f5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-805b776aa99780dfe83d45b24c67ce87.yaml b/nuclei-templates/cve-less/plugins/tutor-805b776aa99780dfe83d45b24c67ce87.yaml new file mode 100644 index 0000000000..db3a143c83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-805b776aa99780dfe83d45b24c67ce87.yaml @@ -0,0 +1,58 @@ +id: tutor-805b776aa99780dfe83d45b24c67ce87 + +info: + name: > + Tutor LMS <= 1.9.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65526517-aec5-454b-94c0-973359d840e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-853a8966d699d4f6cdb8b175598ce3ed.yaml b/nuclei-templates/cve-less/plugins/tutor-853a8966d699d4f6cdb8b175598ce3ed.yaml new file mode 100644 index 0000000000..c0ad702607 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-853a8966d699d4f6cdb8b175598ce3ed.yaml @@ -0,0 +1,58 @@ +id: tutor-853a8966d699d4f6cdb8b175598ce3ed + +info: + name: > + Tutor LMS <= 2.1.10 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9dfee325-9001-4483-b3eb-846da0314529?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-982f78919d6ffdbae69689e67e460d30.yaml b/nuclei-templates/cve-less/plugins/tutor-982f78919d6ffdbae69689e67e460d30.yaml new file mode 100644 index 0000000000..a5239c96d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-982f78919d6ffdbae69689e67e460d30.yaml @@ -0,0 +1,58 @@ +id: tutor-982f78919d6ffdbae69689e67e460d30 + +info: + name: > + Tutor LMS – eLearning and online course solution <= 1.7.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1b81a26-c12c-4b57-9ef1-c53e0b87ad9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-a9f74f94f7fdfe42f50099f4c0f55e53.yaml b/nuclei-templates/cve-less/plugins/tutor-a9f74f94f7fdfe42f50099f4c0f55e53.yaml new file mode 100644 index 0000000000..ae28fe8ccd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-a9f74f94f7fdfe42f50099f4c0f55e53.yaml @@ -0,0 +1,58 @@ +id: tutor-a9f74f94f7fdfe42f50099f4c0f55e53 + +info: + name: > + Tutor LMS <= 1.9.8 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6db9c59e-16bc-4e61-9040-7000b212675f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-b38686638c5362ebcaa7af99aefa8146.yaml b/nuclei-templates/cve-less/plugins/tutor-b38686638c5362ebcaa7af99aefa8146.yaml new file mode 100644 index 0000000000..3f50faa770 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-b38686638c5362ebcaa7af99aefa8146.yaml @@ -0,0 +1,58 @@ +id: tutor-b38686638c5362ebcaa7af99aefa8146 + +info: + name: > + Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8d4029e-07b0-4ceb-ae6e-11a3f7416ebc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-b4ca6e1dc02a9ba7306fb5b7361185cc.yaml b/nuclei-templates/cve-less/plugins/tutor-b4ca6e1dc02a9ba7306fb5b7361185cc.yaml new file mode 100644 index 0000000000..4b13735a37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-b4ca6e1dc02a9ba7306fb5b7361185cc.yaml @@ -0,0 +1,58 @@ +id: tutor-b4ca6e1dc02a9ba7306fb5b7361185cc + +info: + name: > + Tutor LMS < 1.5.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d276af21-fa9d-46bd-94e3-03776d4f2238?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-b9268ddd3338fe184d978d9f6b4b6b66.yaml b/nuclei-templates/cve-less/plugins/tutor-b9268ddd3338fe184d978d9f6b4b6b66.yaml new file mode 100644 index 0000000000..641c2bb1f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-b9268ddd3338fe184d978d9f6b4b6b66.yaml @@ -0,0 +1,58 @@ +id: tutor-b9268ddd3338fe184d978d9f6b4b6b66 + +info: + name: > + Tutor LMS – eLearning and online course solution <=1.7.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6072f47-91b3-4c5d-b16e-61bcd7760604?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-c75d16ff72ec9720f6fa40f4e6a40b23.yaml b/nuclei-templates/cve-less/plugins/tutor-c75d16ff72ec9720f6fa40f4e6a40b23.yaml new file mode 100644 index 0000000000..d19f2f23e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-c75d16ff72ec9720f6fa40f4e6a40b23.yaml @@ -0,0 +1,58 @@ +id: tutor-c75d16ff72ec9720f6fa40f4e6a40b23 + +info: + name: > + Tutor LMS <= 2.2.0 - Authenticated (Student+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a64b1ff-0d3f-42fa-bab2-4f31bb8f0476?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-cb03fd3d39a18ba5fc9dfbdcafc632b1.yaml b/nuclei-templates/cve-less/plugins/tutor-cb03fd3d39a18ba5fc9dfbdcafc632b1.yaml new file mode 100644 index 0000000000..e3d8d80299 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-cb03fd3d39a18ba5fc9dfbdcafc632b1.yaml @@ -0,0 +1,58 @@ +id: tutor-cb03fd3d39a18ba5fc9dfbdcafc632b1 + +info: + name: > + Tutor LMS <= 2.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2b2a90f-7a0a-4150-8a24-14b2ed11663e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-d8208bd4e60d421585f9ef9118f52dc1.yaml b/nuclei-templates/cve-less/plugins/tutor-d8208bd4e60d421585f9ef9118f52dc1.yaml new file mode 100644 index 0000000000..e23bd27176 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-d8208bd4e60d421585f9ef9118f52dc1.yaml @@ -0,0 +1,58 @@ +id: tutor-d8208bd4e60d421585f9ef9118f52dc1 + +info: + name: > + Tutor LMS <=1.8.2 - SQL Injection via tutor_quiz_builder_get_answers_by_question + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6489214-2155-47f4-83ef-0119b3c26e43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-e2363905c79cd827257e78bbd587e9a9.yaml b/nuclei-templates/cve-less/plugins/tutor-e2363905c79cd827257e78bbd587e9a9.yaml new file mode 100644 index 0000000000..09c42c5038 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-e2363905c79cd827257e78bbd587e9a9.yaml @@ -0,0 +1,58 @@ +id: tutor-e2363905c79cd827257e78bbd587e9a9 + +info: + name: > + Tutor LMS – eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/050647a8-6743-46e4-b31c-0b5bd4a1007f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-e8391494de925affdef94809fe41363c.yaml b/nuclei-templates/cve-less/plugins/tutor-e8391494de925affdef94809fe41363c.yaml new file mode 100644 index 0000000000..20fe9cf829 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-e8391494de925affdef94809fe41363c.yaml @@ -0,0 +1,58 @@ +id: tutor-e8391494de925affdef94809fe41363c + +info: + name: > + Tutor LMS <= 1.9.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad7eee97-332a-4f3c-bba1-d108a769599d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-ee13651f12379100949dbc5d6ec901e8.yaml b/nuclei-templates/cve-less/plugins/tutor-ee13651f12379100949dbc5d6ec901e8.yaml new file mode 100644 index 0000000000..867d3e4dd5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-ee13651f12379100949dbc5d6ec901e8.yaml @@ -0,0 +1,58 @@ +id: tutor-ee13651f12379100949dbc5d6ec901e8 + +info: + name: > + Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9cee379-79f8-4a60-b1bb-ccab1e954512?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-f530ac7e06964741f1f737d7f624d307.yaml b/nuclei-templates/cve-less/plugins/tutor-f530ac7e06964741f1f737d7f624d307.yaml new file mode 100644 index 0000000000..f2b405e314 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-f530ac7e06964741f1f737d7f624d307.yaml @@ -0,0 +1,58 @@ +id: tutor-f530ac7e06964741f1f737d7f624d307 + +info: + name: > + Tutor LMS – eLearning and online course solution <= 1.7.6 - Unprotected AJAX including Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64bae119-12c3-4b3e-88a7-2eb5a7b1b537?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor/" + google-query: inurl:"/wp-content/plugins/tutor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tutor-lms-elementor-addons-57be4142bba97742b3c54d88f289eda5.yaml b/nuclei-templates/cve-less/plugins/tutor-lms-elementor-addons-57be4142bba97742b3c54d88f289eda5.yaml new file mode 100644 index 0000000000..9ef1ebf697 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tutor-lms-elementor-addons-57be4142bba97742b3c54d88f289eda5.yaml @@ -0,0 +1,58 @@ +id: tutor-lms-elementor-addons-57be4142bba97742b3c54d88f289eda5 + +info: + name: > + Tutor LMS Elementor Addons <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/959ce050-bafc-4d17-93bd-a9b09b4b4baa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tutor-lms-elementor-addons/" + google-query: inurl:"/wp-content/plugins/tutor-lms-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tutor-lms-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tutor-lms-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tutor-lms-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tuxedo-big-file-uploads-e87d1b56c2a442f8852b77f4c58543d2.yaml b/nuclei-templates/cve-less/plugins/tuxedo-big-file-uploads-e87d1b56c2a442f8852b77f4c58543d2.yaml new file mode 100644 index 0000000000..2fe6bfcf47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tuxedo-big-file-uploads-e87d1b56c2a442f8852b77f4c58543d2.yaml @@ -0,0 +1,58 @@ +id: tuxedo-big-file-uploads-e87d1b56c2a442f8852b77f4c58543d2 + +info: + name: > + Big File Uploads <= 2.1.1 - Cross-Site Request Forgery via actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93b527a8-30c0-4e47-bb2b-522380b21699?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tuxedo-big-file-uploads/" + google-query: inurl:"/wp-content/plugins/tuxedo-big-file-uploads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tuxedo-big-file-uploads,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tuxedo-big-file-uploads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tuxedo-big-file-uploads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twb-woocommerce-reviews-276bf528dcf846639fd31e2f34582a53.yaml b/nuclei-templates/cve-less/plugins/twb-woocommerce-reviews-276bf528dcf846639fd31e2f34582a53.yaml new file mode 100644 index 0000000000..1e385acf62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twb-woocommerce-reviews-276bf528dcf846639fd31e2f34582a53.yaml @@ -0,0 +1,58 @@ +id: twb-woocommerce-reviews-276bf528dcf846639fd31e2f34582a53 + +info: + name: > + TWB Woocommerce Reviews <= 1.7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f85df8f1-9283-48d0-8f19-88a4a839d501?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twb-woocommerce-reviews/" + google-query: inurl:"/wp-content/plugins/twb-woocommerce-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twb-woocommerce-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twb-woocommerce-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twb-woocommerce-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tweeple-ca308dcf17a0b7f5d26b3212b813a6aa.yaml b/nuclei-templates/cve-less/plugins/tweeple-ca308dcf17a0b7f5d26b3212b813a6aa.yaml new file mode 100644 index 0000000000..5290cff260 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tweeple-ca308dcf17a0b7f5d26b3212b813a6aa.yaml @@ -0,0 +1,58 @@ +id: tweeple-ca308dcf17a0b7f5d26b3212b813a6aa + +info: + name: > + Tweeple <= 0.9.5 - Reflected Cross-Site Scripting via id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9b1c96c-ab87-43a8-a3ac-17fea337b690?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tweeple/" + google-query: inurl:"/wp-content/plugins/tweeple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tweeple,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tweeple/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tweeple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tweet-blender-b04c389a2c7db09e215c22221497896f.yaml b/nuclei-templates/cve-less/plugins/tweet-blender-b04c389a2c7db09e215c22221497896f.yaml new file mode 100644 index 0000000000..ca51491b4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tweet-blender-b04c389a2c7db09e215c22221497896f.yaml @@ -0,0 +1,58 @@ +id: tweet-blender-b04c389a2c7db09e215c22221497896f + +info: + name: > + Tweet Blender <= 4.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af838653-d575-48fc-bded-f0068a6c6ebf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tweet-blender/" + google-query: inurl:"/wp-content/plugins/tweet-blender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tweet-blender,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tweet-blender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tweet-blender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tweet-old-post-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/tweet-old-post-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..116f285c2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tweet-old-post-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: tweet-old-post-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tweet-old-post/" + google-query: inurl:"/wp-content/plugins/tweet-old-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tweet-old-post,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tweet-old-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tweet-old-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tweet-old-post-b4cd17df95bd140cf7c61464c7525ad6.yaml b/nuclei-templates/cve-less/plugins/tweet-old-post-b4cd17df95bd140cf7c61464c7525ad6.yaml new file mode 100644 index 0000000000..82cad95812 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tweet-old-post-b4cd17df95bd140cf7c61464c7525ad6.yaml @@ -0,0 +1,58 @@ +id: tweet-old-post-b4cd17df95bd140cf7c61464c7525ad6 + +info: + name: > + Revive Old Posts <= 9.0.10 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6322e9be-ad71-4a91-ab9f-760107d920be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tweet-old-post/" + google-query: inurl:"/wp-content/plugins/tweet-old-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tweet-old-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tweet-old-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tweet-old-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tweet-wheel-afd2744612e8626c5e5d28907e19b048.yaml b/nuclei-templates/cve-less/plugins/tweet-wheel-afd2744612e8626c5e5d28907e19b048.yaml new file mode 100644 index 0000000000..efe66a0171 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tweet-wheel-afd2744612e8626c5e5d28907e19b048.yaml @@ -0,0 +1,58 @@ +id: tweet-wheel-afd2744612e8626c5e5d28907e19b048 + +info: + name: > + Tweet Wheel < 1.0.3.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8db6a27-111b-4e6d-966e-0af0833307b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tweet-wheel/" + google-query: inurl:"/wp-content/plugins/tweet-wheel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tweet-wheel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tweet-wheel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tweet-wheel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tweetscribe-181c4a45776e23b2e4688d3d65b94f78.yaml b/nuclei-templates/cve-less/plugins/tweetscribe-181c4a45776e23b2e4688d3d65b94f78.yaml new file mode 100644 index 0000000000..869dbf1eec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tweetscribe-181c4a45776e23b2e4688d3d65b94f78.yaml @@ -0,0 +1,58 @@ +id: tweetscribe-181c4a45776e23b2e4688d3d65b94f78 + +info: + name: > + TweetScribe <= 1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/396f785f-0354-462e-bcaa-69e364c8c4b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tweetscribe/" + google-query: inurl:"/wp-content/plugins/tweetscribe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tweetscribe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tweetscribe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tweetscribe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tweetscroll-widget-a75aed58343a47e8c366c92bf6c30f08.yaml b/nuclei-templates/cve-less/plugins/tweetscroll-widget-a75aed58343a47e8c366c92bf6c30f08.yaml new file mode 100644 index 0000000000..64e811e13f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tweetscroll-widget-a75aed58343a47e8c366c92bf6c30f08.yaml @@ -0,0 +1,58 @@ +id: tweetscroll-widget-a75aed58343a47e8c366c92bf6c30f08 + +info: + name: > + TweetScroll Widget <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3f3ff3b-d621-46d4-a98a-e5ebf65ddace?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tweetscroll-widget/" + google-query: inurl:"/wp-content/plugins/tweetscroll-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tweetscroll-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tweetscroll-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tweetscroll-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twenty20-227a5c7ee9b9e5c6c608ba88b684ac16.yaml b/nuclei-templates/cve-less/plugins/twenty20-227a5c7ee9b9e5c6c608ba88b684ac16.yaml new file mode 100644 index 0000000000..3880428437 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twenty20-227a5c7ee9b9e5c6c608ba88b684ac16.yaml @@ -0,0 +1,58 @@ +id: twenty20-227a5c7ee9b9e5c6c608ba88b684ac16 + +info: + name: > + Twenty20 Image Before-After <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a992dd59-ac56-4da0-9be7-fe32df440e5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twenty20/" + google-query: inurl:"/wp-content/plugins/twenty20/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twenty20,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twenty20/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twenty20" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twimp-wp-f1ba708b36938f8403e7e3c932465c6c.yaml b/nuclei-templates/cve-less/plugins/twimp-wp-f1ba708b36938f8403e7e3c932465c6c.yaml new file mode 100644 index 0000000000..b820cd0876 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twimp-wp-f1ba708b36938f8403e7e3c932465c6c.yaml @@ -0,0 +1,58 @@ +id: twimp-wp-f1ba708b36938f8403e7e3c932465c6c + +info: + name: > + Twimp WP <= 0.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25e4abf4-9869-436c-8fd3-9f59b2363ba7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twimp-wp/" + google-query: inurl:"/wp-content/plugins/twimp-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twimp-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twimp-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twimp-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twitget-1280f1445230b7ae1ede9b8d16dcfe7d.yaml b/nuclei-templates/cve-less/plugins/twitget-1280f1445230b7ae1ede9b8d16dcfe7d.yaml new file mode 100644 index 0000000000..8a62ab9c3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twitget-1280f1445230b7ae1ede9b8d16dcfe7d.yaml @@ -0,0 +1,58 @@ +id: twitget-1280f1445230b7ae1ede9b8d16dcfe7d + +info: + name: > + Twitget <= 3.3.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89ed1f07-a230-4478-b6d4-7f74c9dd7656?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twitget/" + google-query: inurl:"/wp-content/plugins/twitget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twitget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twitget-ae271d2d4ccc1afd11c18a1dfce05e0c.yaml b/nuclei-templates/cve-less/plugins/twitget-ae271d2d4ccc1afd11c18a1dfce05e0c.yaml new file mode 100644 index 0000000000..1e3cba10d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twitget-ae271d2d4ccc1afd11c18a1dfce05e0c.yaml @@ -0,0 +1,58 @@ +id: twitget-ae271d2d4ccc1afd11c18a1dfce05e0c + +info: + name: > + Twitget < 3.3.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d252639-8cbe-4c62-9218-ebdcbaf98393?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twitget/" + google-query: inurl:"/wp-content/plugins/twitget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twitget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twittee-text-tweet-95e6d76ba8d0fec093b1906b71015aa5.yaml b/nuclei-templates/cve-less/plugins/twittee-text-tweet-95e6d76ba8d0fec093b1906b71015aa5.yaml new file mode 100644 index 0000000000..ef6a8322e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twittee-text-tweet-95e6d76ba8d0fec093b1906b71015aa5.yaml @@ -0,0 +1,58 @@ +id: twittee-text-tweet-95e6d76ba8d0fec093b1906b71015aa5 + +info: + name: > + Twittee Text Tweet <= 1.0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e16d8d28-e1e5-46ab-a64c-1da07747559e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twittee-text-tweet/" + google-query: inurl:"/wp-content/plugins/twittee-text-tweet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twittee-text-tweet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twittee-text-tweet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twittee-text-tweet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twitter-cards-meta-61a96d10635962decc1ce6046743090a.yaml b/nuclei-templates/cve-less/plugins/twitter-cards-meta-61a96d10635962decc1ce6046743090a.yaml new file mode 100644 index 0000000000..ad11842d73 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twitter-cards-meta-61a96d10635962decc1ce6046743090a.yaml @@ -0,0 +1,58 @@ +id: twitter-cards-meta-61a96d10635962decc1ce6046743090a + +info: + name: > + Twitter Cards Meta <= 2.4.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f753b536-6ccd-4f79-83da-48cabb15b72a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twitter-cards-meta/" + google-query: inurl:"/wp-content/plugins/twitter-cards-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twitter-cards-meta,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitter-cards-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitter-cards-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twitter-cards-meta-f47b58aa7a47ddf3e1cee744a91d58ee.yaml b/nuclei-templates/cve-less/plugins/twitter-cards-meta-f47b58aa7a47ddf3e1cee744a91d58ee.yaml new file mode 100644 index 0000000000..cb920541c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twitter-cards-meta-f47b58aa7a47ddf3e1cee744a91d58ee.yaml @@ -0,0 +1,58 @@ +id: twitter-cards-meta-f47b58aa7a47ddf3e1cee744a91d58ee + +info: + name: > + Twitter Cards Meta – Best Twitter Card Plugin for WordPress < 2.5.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21fb5a51-f1e6-49d2-8289-4f4146bc9b28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twitter-cards-meta/" + google-query: inurl:"/wp-content/plugins/twitter-cards-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twitter-cards-meta,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitter-cards-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitter-cards-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twitter-friends-widget-d6876da6619cc37a90baffbdd9833da4.yaml b/nuclei-templates/cve-less/plugins/twitter-friends-widget-d6876da6619cc37a90baffbdd9833da4.yaml new file mode 100644 index 0000000000..f9e11a33c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twitter-friends-widget-d6876da6619cc37a90baffbdd9833da4.yaml @@ -0,0 +1,58 @@ +id: twitter-friends-widget-d6876da6619cc37a90baffbdd9833da4 + +info: + name: > + Twitter Friends Widget <= 3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4888a1dc-ed12-41c0-910b-6c9740a54ef0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twitter-friends-widget/" + google-query: inurl:"/wp-content/plugins/twitter-friends-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twitter-friends-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitter-friends-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitter-friends-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twitter-liveblog-42c67e99f4b0956315e05e4c9000cee0.yaml b/nuclei-templates/cve-less/plugins/twitter-liveblog-42c67e99f4b0956315e05e4c9000cee0.yaml new file mode 100644 index 0000000000..2a81d78e44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twitter-liveblog-42c67e99f4b0956315e05e4c9000cee0.yaml @@ -0,0 +1,58 @@ +id: twitter-liveblog-42c67e99f4b0956315e05e4c9000cee0 + +info: + name: > + Twitter LiveBlog <= 1.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c20e288e-492d-49ed-89cb-e1ee3e8c204e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twitter-liveblog/" + google-query: inurl:"/wp-content/plugins/twitter-liveblog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twitter-liveblog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitter-liveblog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitter-liveblog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twitter-plugin-0be6c78c98564af0756cb75d83e4ca54.yaml b/nuclei-templates/cve-less/plugins/twitter-plugin-0be6c78c98564af0756cb75d83e4ca54.yaml new file mode 100644 index 0000000000..da571c6437 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twitter-plugin-0be6c78c98564af0756cb75d83e4ca54.yaml @@ -0,0 +1,58 @@ +id: twitter-plugin-0be6c78c98564af0756cb75d83e4ca54 + +info: + name: > + BestWebSoft's Twitter <= 2.14 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6198e3e-a8e8-4d67-a0d6-b62f187d4903?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twitter-plugin/" + google-query: inurl:"/wp-content/plugins/twitter-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twitter-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitter-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitter-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twitter-plugin-d8d27a0f27f9a3ef698ef167496cc3cc.yaml b/nuclei-templates/cve-less/plugins/twitter-plugin-d8d27a0f27f9a3ef698ef167496cc3cc.yaml new file mode 100644 index 0000000000..3deeabe1e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twitter-plugin-d8d27a0f27f9a3ef698ef167496cc3cc.yaml @@ -0,0 +1,58 @@ +id: twitter-plugin-d8d27a0f27f9a3ef698ef167496cc3cc + +info: + name: > + BestWebSoft's Twitter <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74bf6cb2-318f-4b2a-b79c-729fe09570fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twitter-plugin/" + google-query: inurl:"/wp-content/plugins/twitter-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twitter-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitter-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitter-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twitter-plugin-df50b4bafe4c4501f744155f1ffc2d55.yaml b/nuclei-templates/cve-less/plugins/twitter-plugin-df50b4bafe4c4501f744155f1ffc2d55.yaml new file mode 100644 index 0000000000..9dcab7a298 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twitter-plugin-df50b4bafe4c4501f744155f1ffc2d55.yaml @@ -0,0 +1,58 @@ +id: twitter-plugin-df50b4bafe4c4501f744155f1ffc2d55 + +info: + name: > + BestWebSoft's Twitter < 2.55 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b1d4180-091c-4679-a8d2-a6915ec05772?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twitter-plugin/" + google-query: inurl:"/wp-content/plugins/twitter-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twitter-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitter-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitter-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.55') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/twitterdash-29127228d14d384699d6b5442d961328.yaml b/nuclei-templates/cve-less/plugins/twitterdash-29127228d14d384699d6b5442d961328.yaml new file mode 100644 index 0000000000..8520694710 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/twitterdash-29127228d14d384699d6b5442d961328.yaml @@ -0,0 +1,58 @@ +id: twitterdash-29127228d14d384699d6b5442d961328 + +info: + name: > + twitterDash <= 2.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b631b92-b8fb-4f9b-ae2a-bbfd16440ebb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/twitterdash/" + google-query: inurl:"/wp-content/plugins/twitterdash/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,twitterdash,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/twitterdash/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twitterdash" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/two-factor-authentication-5e2cda3c648eae11638d20b64a6ac7f2.yaml b/nuclei-templates/cve-less/plugins/two-factor-authentication-5e2cda3c648eae11638d20b64a6ac7f2.yaml new file mode 100644 index 0000000000..98b9488bce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/two-factor-authentication-5e2cda3c648eae11638d20b64a6ac7f2.yaml @@ -0,0 +1,58 @@ +id: two-factor-authentication-5e2cda3c648eae11638d20b64a6ac7f2 + +info: + name: > + Two Factor Authentication < 1.1.10 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd6b3ebe-a29b-4509-bb8c-d101073f21dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/two-factor-authentication/" + google-query: inurl:"/wp-content/plugins/two-factor-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,two-factor-authentication,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/two-factor-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "two-factor-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/two-factor-authentication-f066ce4a5d628014aa8c478503783258.yaml b/nuclei-templates/cve-less/plugins/two-factor-authentication-f066ce4a5d628014aa8c478503783258.yaml new file mode 100644 index 0000000000..d65fbb0e82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/two-factor-authentication-f066ce4a5d628014aa8c478503783258.yaml @@ -0,0 +1,58 @@ +id: two-factor-authentication-f066ce4a5d628014aa8c478503783258 + +info: + name: > + Two Factor Authentication <= 1.3.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76fb7f1d-4f41-4a73-acbf-c0f49f0123b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/two-factor-authentication/" + google-query: inurl:"/wp-content/plugins/two-factor-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,two-factor-authentication,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/two-factor-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "two-factor-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/tx-onepager-a3ea3eadba50d012fd5181689a40ff84.yaml b/nuclei-templates/cve-less/plugins/tx-onepager-a3ea3eadba50d012fd5181689a40ff84.yaml new file mode 100644 index 0000000000..0310fbdba5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/tx-onepager-a3ea3eadba50d012fd5181689a40ff84.yaml @@ -0,0 +1,58 @@ +id: tx-onepager-a3ea3eadba50d012fd5181689a40ff84 + +info: + name: > + Onepage Builder – Easiest Landing Page Builder For WordPress <= 2.4.1 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1db940b-6cfc-4109-aa02-37ddadcc1f8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/tx-onepager/" + google-query: inurl:"/wp-content/plugins/tx-onepager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,tx-onepager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/tx-onepager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tx-onepager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/typebot-2dfca9afbcd5108da5d0b371a8c3da93.yaml b/nuclei-templates/cve-less/plugins/typebot-2dfca9afbcd5108da5d0b371a8c3da93.yaml new file mode 100644 index 0000000000..3eacd30d40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/typebot-2dfca9afbcd5108da5d0b371a8c3da93.yaml @@ -0,0 +1,58 @@ +id: typebot-2dfca9afbcd5108da5d0b371a8c3da93 + +info: + name: > + Typebot | Build beautiful conversational forms < 1.4.3 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8f45c31-6e35-4f28-8f49-74cb08ff65bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/typebot/" + google-query: inurl:"/wp-content/plugins/typebot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,typebot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/typebot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "typebot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/types-f2d9478a61ae546bc6c42d7e589dc8be.yaml b/nuclei-templates/cve-less/plugins/types-f2d9478a61ae546bc6c42d7e589dc8be.yaml new file mode 100644 index 0000000000..82df99e726 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/types-f2d9478a61ae546bc6c42d7e589dc8be.yaml @@ -0,0 +1,58 @@ +id: types-f2d9478a61ae546bc6c42d7e589dc8be + +info: + name: > + Types <= 3.4.17 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09ec4633-7639-4d46-8070-9fc6909bc610?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/types/" + google-query: inurl:"/wp-content/plugins/types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,types,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/typofr-4d609a345d021b6f474f9e27302e1298.yaml b/nuclei-templates/cve-less/plugins/typofr-4d609a345d021b6f474f9e27302e1298.yaml new file mode 100644 index 0000000000..045dc0bd22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/typofr-4d609a345d021b6f474f9e27302e1298.yaml @@ -0,0 +1,58 @@ +id: typofr-4d609a345d021b6f474f9e27302e1298 + +info: + name: > + TypoFR <= 0.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8faa8bb-0ebe-4671-87cf-98edbebe913e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/typofr/" + google-query: inurl:"/wp-content/plugins/typofr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,typofr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/typofr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "typofr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ubigeo-peru-f2c3929c09b259d783ad3e308478fb8e.yaml b/nuclei-templates/cve-less/plugins/ubigeo-peru-f2c3929c09b259d783ad3e308478fb8e.yaml new file mode 100644 index 0000000000..60e4d23e5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ubigeo-peru-f2c3929c09b259d783ad3e308478fb8e.yaml @@ -0,0 +1,58 @@ +id: ubigeo-peru-f2c3929c09b259d783ad3e308478fb8e + +info: + name: > + Ubigeo de Perú para Woocommerce y WordPress <= 3.6.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23521bba-8f3a-4d87-901a-cf2d666eefa4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ubigeo-peru/" + google-query: inurl:"/wp-content/plugins/ubigeo-peru/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ubigeo-peru,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ubigeo-peru/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ubigeo-peru" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ucontext-474821f1bfc79c7314fe0d7eec328e34.yaml b/nuclei-templates/cve-less/plugins/ucontext-474821f1bfc79c7314fe0d7eec328e34.yaml new file mode 100644 index 0000000000..9b057bfb1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ucontext-474821f1bfc79c7314fe0d7eec328e34.yaml @@ -0,0 +1,58 @@ +id: ucontext-474821f1bfc79c7314fe0d7eec328e34 + +info: + name: > + uContext for Clickbank <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4af83d4b-2eae-481f-b3fd-d5bcacc1d709?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ucontext/" + google-query: inurl:"/wp-content/plugins/ucontext/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ucontext,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ucontext/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ucontext" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ucontext-for-amazon-cac3c9ade2b34b60466d535155587563.yaml b/nuclei-templates/cve-less/plugins/ucontext-for-amazon-cac3c9ade2b34b60466d535155587563.yaml new file mode 100644 index 0000000000..4196b82357 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ucontext-for-amazon-cac3c9ade2b34b60466d535155587563.yaml @@ -0,0 +1,58 @@ +id: ucontext-for-amazon-cac3c9ade2b34b60466d535155587563 + +info: + name: > + uContext for Amazon <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f7c43d4-cf21-4324-bc77-50bdc2c24661?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ucontext-for-amazon/" + google-query: inurl:"/wp-content/plugins/ucontext-for-amazon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ucontext-for-amazon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ucontext-for-amazon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ucontext-for-amazon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/udraw-bdbcc1232260c01ca170cb0fd5c807cf.yaml b/nuclei-templates/cve-less/plugins/udraw-bdbcc1232260c01ca170cb0fd5c807cf.yaml new file mode 100644 index 0000000000..d6e1d3fd98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/udraw-bdbcc1232260c01ca170cb0fd5c807cf.yaml @@ -0,0 +1,58 @@ +id: udraw-bdbcc1232260c01ca170cb0fd5c807cf + +info: + name: > + Web To Print Shop : uDraw <= 3.3.3 - Unauthenticated Arbitrary File Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5629d479-143d-4a03-ac64-cb304954a5ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/udraw/" + google-query: inurl:"/wp-content/plugins/udraw/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,udraw,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/udraw/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "udraw" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uji-countdown-15a33f4bb5e2d06a85f82ec34f8865fa.yaml b/nuclei-templates/cve-less/plugins/uji-countdown-15a33f4bb5e2d06a85f82ec34f8865fa.yaml new file mode 100644 index 0000000000..81a5375e4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uji-countdown-15a33f4bb5e2d06a85f82ec34f8865fa.yaml @@ -0,0 +1,58 @@ +id: uji-countdown-15a33f4bb5e2d06a85f82ec34f8865fa + +info: + name: > + Uji Countdown <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe44fe7f-0ccf-4297-a9a7-107695abfe13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uji-countdown/" + google-query: inurl:"/wp-content/plugins/uji-countdown/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uji-countdown,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uji-countdown/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uji-countdown" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uji-countdown-72e728e9748e016a77172519c9f57dce.yaml b/nuclei-templates/cve-less/plugins/uji-countdown-72e728e9748e016a77172519c9f57dce.yaml new file mode 100644 index 0000000000..24c40c21ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uji-countdown-72e728e9748e016a77172519c9f57dce.yaml @@ -0,0 +1,58 @@ +id: uji-countdown-72e728e9748e016a77172519c9f57dce + +info: + name: > + Uji Countdown <= 2.0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b9793e5-2a56-49d3-8c59-f552a4b08166?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uji-countdown/" + google-query: inurl:"/wp-content/plugins/uji-countdown/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uji-countdown,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uji-countdown/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uji-countdown" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uji-popup-de9e079bb83ef0de7a86b06c72e28cbc.yaml b/nuclei-templates/cve-less/plugins/uji-popup-de9e079bb83ef0de7a86b06c72e28cbc.yaml new file mode 100644 index 0000000000..c73019e0d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uji-popup-de9e079bb83ef0de7a86b06c72e28cbc.yaml @@ -0,0 +1,58 @@ +id: uji-popup-de9e079bb83ef0de7a86b06c72e28cbc + +info: + name: > + Uji Popup <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via uji_popup_code shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e81208c-771f-409e-b665-b07def0ca774?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uji-popup/" + google-query: inurl:"/wp-content/plugins/uji-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uji-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uji-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uji-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uk-cookie-187ba8ada5a41b0d7770ae8aebf496fa.yaml b/nuclei-templates/cve-less/plugins/uk-cookie-187ba8ada5a41b0d7770ae8aebf496fa.yaml new file mode 100644 index 0000000000..46c8258478 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uk-cookie-187ba8ada5a41b0d7770ae8aebf496fa.yaml @@ -0,0 +1,58 @@ +id: uk-cookie-187ba8ada5a41b0d7770ae8aebf496fa + +info: + name: > + Uk Cookie <= 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3df5cc6-f998-409a-93fe-e514633e4905?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uk-cookie/" + google-query: inurl:"/wp-content/plugins/uk-cookie/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uk-cookie,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uk-cookie/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uk-cookie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uk-cookie-consent-c62e1a09b5d25064f2b824e42c65ea26.yaml b/nuclei-templates/cve-less/plugins/uk-cookie-consent-c62e1a09b5d25064f2b824e42c65ea26.yaml new file mode 100644 index 0000000000..501cc8a3b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uk-cookie-consent-c62e1a09b5d25064f2b824e42c65ea26.yaml @@ -0,0 +1,58 @@ +id: uk-cookie-consent-c62e1a09b5d25064f2b824e42c65ea26 + +info: + name: > + Catapult UK Cookie Consent <= 2.3.9 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/465af9c6-9687-4417-96fb-b7df3d221a1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uk-cookie-consent/" + google-query: inurl:"/wp-content/plugins/uk-cookie-consent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uk-cookie-consent,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uk-cookie-consent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uk-cookie-consent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uleak-security-dashboard-19a7dd3894c625a145c40adc74330444.yaml b/nuclei-templates/cve-less/plugins/uleak-security-dashboard-19a7dd3894c625a145c40adc74330444.yaml new file mode 100644 index 0000000000..4dcb9393ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uleak-security-dashboard-19a7dd3894c625a145c40adc74330444.yaml @@ -0,0 +1,58 @@ +id: uleak-security-dashboard-19a7dd3894c625a145c40adc74330444 + +info: + name: > + ULeak Security & Monitoring Plugin <= 1.2.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45785032-2bbf-4398-94a1-f819f8e8a9ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uleak-security-dashboard/" + google-query: inurl:"/wp-content/plugins/uleak-security-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uleak-security-dashboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uleak-security-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uleak-security-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-2082dbaf9edb41272f9cdbee4745f6ea.yaml b/nuclei-templates/cve-less/plugins/ulisting-2082dbaf9edb41272f9cdbee4745f6ea.yaml new file mode 100644 index 0000000000..d7dfee601a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-2082dbaf9edb41272f9cdbee4745f6ea.yaml @@ -0,0 +1,58 @@ +id: ulisting-2082dbaf9edb41272f9cdbee4745f6ea + +info: + name: > + uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1814537d-8307-4d1f-86c8-801519172be5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-24b23f372a9b3fb67e55f59a220932b6.yaml b/nuclei-templates/cve-less/plugins/ulisting-24b23f372a9b3fb67e55f59a220932b6.yaml new file mode 100644 index 0000000000..a4d8291a2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-24b23f372a9b3fb67e55f59a220932b6.yaml @@ -0,0 +1,58 @@ +id: ulisting-24b23f372a9b3fb67e55f59a220932b6 + +info: + name: > + uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44e112a7-8f51-4d2a-a4b3-74a47ef3aec7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-3262dd8277294ea89d83139475cd5b78.yaml b/nuclei-templates/cve-less/plugins/ulisting-3262dd8277294ea89d83139475cd5b78.yaml new file mode 100644 index 0000000000..474cfe4a55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-3262dd8277294ea89d83139475cd5b78.yaml @@ -0,0 +1,58 @@ +id: ulisting-3262dd8277294ea89d83139475cd5b78 + +info: + name: > + uListing <= 1.6.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5ada976-03b8-4219-9ae3-9060fb7b9de5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-36444e5193280ad0907d2e76be8be503.yaml b/nuclei-templates/cve-less/plugins/ulisting-36444e5193280ad0907d2e76be8be503.yaml new file mode 100644 index 0000000000..1cf6bccd41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-36444e5193280ad0907d2e76be8be503.yaml @@ -0,0 +1,58 @@ +id: ulisting-36444e5193280ad0907d2e76be8be503 + +info: + name: > + Listing, Classified Ads & Business Directory – uListing <= 2.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c892e5da-bab2-4689-bad0-4b4789015113?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-3f0cdd113a5dc6e8c57d6d8884bb2046.yaml b/nuclei-templates/cve-less/plugins/ulisting-3f0cdd113a5dc6e8c57d6d8884bb2046.yaml new file mode 100644 index 0000000000..f303ddeb55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-3f0cdd113a5dc6e8c57d6d8884bb2046.yaml @@ -0,0 +1,58 @@ +id: ulisting-3f0cdd113a5dc6e8c57d6d8884bb2046 + +info: + name: > + Listing, Classified Ads & Business Directory – uListing <= 2.0.5 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/613f22f2-2f84-4d01-a1ea-c14a25843700?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-470a77f2468b82bfe33702afea1bef64.yaml b/nuclei-templates/cve-less/plugins/ulisting-470a77f2468b82bfe33702afea1bef64.yaml new file mode 100644 index 0000000000..e38154c4c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-470a77f2468b82bfe33702afea1bef64.yaml @@ -0,0 +1,58 @@ +id: ulisting-470a77f2468b82bfe33702afea1bef64 + +info: + name: > + uListing <= 1.6.6 - Unauthenticated Options Changes via wp_route + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff5755dc-2262-47f6-ac3a-6bca9529d088?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-6543c4464af9cc8a7951778c3557602f.yaml b/nuclei-templates/cve-less/plugins/ulisting-6543c4464af9cc8a7951778c3557602f.yaml new file mode 100644 index 0000000000..070c62c018 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-6543c4464af9cc8a7951778c3557602f.yaml @@ -0,0 +1,58 @@ +id: ulisting-6543c4464af9cc8a7951778c3557602f + +info: + name: > + Listing, Classified Ads & Business Directory – uListing <= 2.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f4bd246-5632-4701-aa57-3855e73e6eb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-83811d9b1f9b97a8bbd0a5e724834401.yaml b/nuclei-templates/cve-less/plugins/ulisting-83811d9b1f9b97a8bbd0a5e724834401.yaml new file mode 100644 index 0000000000..af16f84a71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-83811d9b1f9b97a8bbd0a5e724834401.yaml @@ -0,0 +1,58 @@ +id: ulisting-83811d9b1f9b97a8bbd0a5e724834401 + +info: + name: > + uListing <= 1.6.6 - Unauthenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a6615fd-7c37-45d9-a657-0ba00df840e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-854fbb986eea30c9b6ae9000bc6d9efa.yaml b/nuclei-templates/cve-less/plugins/ulisting-854fbb986eea30c9b6ae9000bc6d9efa.yaml new file mode 100644 index 0000000000..d84b03bcbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-854fbb986eea30c9b6ae9000bc6d9efa.yaml @@ -0,0 +1,58 @@ +id: ulisting-854fbb986eea30c9b6ae9000bc6d9efa + +info: + name: > + uListing <= 1.6.6 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10b7a88f-ce46-42aa-ab5a-81f38288a659?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-93bdb0cf774445292043ebf14695588f.yaml b/nuclei-templates/cve-less/plugins/ulisting-93bdb0cf774445292043ebf14695588f.yaml new file mode 100644 index 0000000000..6d57287f62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-93bdb0cf774445292043ebf14695588f.yaml @@ -0,0 +1,58 @@ +id: ulisting-93bdb0cf774445292043ebf14695588f + +info: + name: > + uListing <= 2.0.5 - Cross-Site Request Forgery leading to Settings Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7fe06c1-fe51-42b5-9c56-cb9e6513f4af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-97376ff2f9573b5a393871b387b01b84.yaml b/nuclei-templates/cve-less/plugins/ulisting-97376ff2f9573b5a393871b387b01b84.yaml new file mode 100644 index 0000000000..07ffccd6bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-97376ff2f9573b5a393871b387b01b84.yaml @@ -0,0 +1,58 @@ +id: ulisting-97376ff2f9573b5a393871b387b01b84 + +info: + name: > + uListing <= 1.6.6 - Unauthenticated Arbitrary Account Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c6bf45b-b02d-43bb-b682-7f1ae994e1d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-992243a3e82e516c6ec6b7febbf82953.yaml b/nuclei-templates/cve-less/plugins/ulisting-992243a3e82e516c6ec6b7febbf82953.yaml new file mode 100644 index 0000000000..243b861d2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-992243a3e82e516c6ec6b7febbf82953.yaml @@ -0,0 +1,58 @@ +id: ulisting-992243a3e82e516c6ec6b7febbf82953 + +info: + name: > + uListing plugin <= 2.0.5 - Authenticated Insecure Direct Object References (IDOR) + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85fd3e3c-f1cb-4384-86fd-3691f1deb963?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-a1f1c6c86ee1f2f79ad0b2ee7c41833d.yaml b/nuclei-templates/cve-less/plugins/ulisting-a1f1c6c86ee1f2f79ad0b2ee7c41833d.yaml new file mode 100644 index 0000000000..f183c05237 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-a1f1c6c86ee1f2f79ad0b2ee7c41833d.yaml @@ -0,0 +1,58 @@ +id: ulisting-a1f1c6c86ee1f2f79ad0b2ee7c41833d + +info: + name: > + Listing, Classified Ads & Business Directory – uListing <= 2.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0eba1e2-d34e-4164-a7cb-55148d308439?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-a20ba6f3c763563b32768dda0edf95aa.yaml b/nuclei-templates/cve-less/plugins/ulisting-a20ba6f3c763563b32768dda0edf95aa.yaml new file mode 100644 index 0000000000..eaebb9f51a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-a20ba6f3c763563b32768dda0edf95aa.yaml @@ -0,0 +1,58 @@ +id: ulisting-a20ba6f3c763563b32768dda0edf95aa + +info: + name: > + Listing, Classified Ads & Business Directory – uListing <= 2.0.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87d153df-93b0-40a3-b119-9fad41fbd0ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-a847b30526e9eda8af7322c234934756.yaml b/nuclei-templates/cve-less/plugins/ulisting-a847b30526e9eda8af7322c234934756.yaml new file mode 100644 index 0000000000..1dea4c48af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-a847b30526e9eda8af7322c234934756.yaml @@ -0,0 +1,58 @@ +id: ulisting-a847b30526e9eda8af7322c234934756 + +info: + name: > + uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71aa14b8-39bc-4b91-a7cf-9d203fdf44ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ulisting-c1bd4d0b368ec2fd5b9252cc36742695.yaml b/nuclei-templates/cve-less/plugins/ulisting-c1bd4d0b368ec2fd5b9252cc36742695.yaml new file mode 100644 index 0000000000..05c6505361 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ulisting-c1bd4d0b368ec2fd5b9252cc36742695.yaml @@ -0,0 +1,58 @@ +id: ulisting-c1bd4d0b368ec2fd5b9252cc36742695 + +info: + name: > + uListing <= 1.6.6 - Unauthenticated Arbitrary Account Changes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41800ea9-1ace-42fc-9e7f-d760a126342b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ulisting/" + google-query: inurl:"/wp-content/plugins/ulisting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ulisting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ulisting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ulisting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-410-80866fdc72be2b54c095a4fd7f7db5e4.yaml b/nuclei-templates/cve-less/plugins/ultimate-410-80866fdc72be2b54c095a4fd7f7db5e4.yaml new file mode 100644 index 0000000000..88082157b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-410-80866fdc72be2b54c095a4fd7f7db5e4.yaml @@ -0,0 +1,58 @@ +id: ultimate-410-80866fdc72be2b54c095a4fd7f7db5e4 + +info: + name: > + Ultimate 410 Gone Status Code <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c10be28-43ff-4b43-8186-6ad9a487321e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-410/" + google-query: inurl:"/wp-content/plugins/ultimate-410/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-410,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-410/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-410" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-1a33452c961e3444957f4bc07615cf79.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-1a33452c961e3444957f4bc07615cf79.yaml new file mode 100644 index 0000000000..04d7b21f2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-1a33452c961e3444957f4bc07615cf79.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-beaver-builder-lite-1a33452c961e3444957f4bc07615cf79 + +info: + name: > + Ultimate Addons for Beaver Builder - Lite <= 1.5.5 - Authenticated (Subscriber+) Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64452bb0-32bc-4acf-8e89-f6ae7c75cef4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-beaver-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-6a22eab260469991c892609c3554e5c2.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-6a22eab260469991c892609c3554e5c2.yaml new file mode 100644 index 0000000000..299d0522b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-6a22eab260469991c892609c3554e5c2.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-beaver-builder-lite-6a22eab260469991c892609c3554e5c2 + +info: + name: > + Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Icons Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9c6c35f-1095-4897-b4a6-e7b295c187de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-beaver-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-71c8544bfd8e2585abc3fe4c509dc5e8.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-71c8544bfd8e2585abc3fe4c509dc5e8.yaml new file mode 100644 index 0000000000..06f170436d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-71c8544bfd8e2585abc3fe4c509dc5e8.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-beaver-builder-lite-71c8544bfd8e2585abc3fe4c509dc5e8 + +info: + name: > + Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/552c0810-9687-4a66-91a4-e34228552a15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-beaver-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-74e928a44773876c1faeda39f648c8c1.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-74e928a44773876c1faeda39f648c8c1.yaml new file mode 100644 index 0000000000..b8b910280d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-74e928a44773876c1faeda39f648c8c1.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-beaver-builder-lite-74e928a44773876c1faeda39f648c8c1 + +info: + name: > + Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b290f4c-293d-41d5-b43e-b9c5c350552b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-beaver-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-909eee3c64db045125d6a0e9ea1350a2.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-909eee3c64db045125d6a0e9ea1350a2.yaml new file mode 100644 index 0000000000..734ec6c44c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-909eee3c64db045125d6a0e9ea1350a2.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-beaver-builder-lite-909eee3c64db045125d6a0e9ea1350a2 + +info: + name: > + Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Info Table Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b6c6e10-3feb-4ecd-a17a-81e15c471d3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-beaver-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-933cb3c57cef1616939f9329edac577e.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-933cb3c57cef1616939f9329edac577e.yaml new file mode 100644 index 0000000000..b3cb29e80d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-933cb3c57cef1616939f9329edac577e.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-beaver-builder-lite-933cb3c57cef1616939f9329edac577e + +info: + name: > + Ultimate Addons for Beaver Builder – Lite <= 1.5.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fa5ac48-57b6-4367-81a0-8310360d0c7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-beaver-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-b79883c3437a6dd7938862f157254782.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-b79883c3437a6dd7938862f157254782.yaml new file mode 100644 index 0000000000..8ca778ee7a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-beaver-builder-lite-b79883c3437a6dd7938862f157254782.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-beaver-builder-lite-b79883c3437a6dd7938862f157254782 + +info: + name: > + Ultimate Addons for Beaver Builder – Lite <= 1.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61c3a517-70c8-4fc2-b8d6-1dcb2ad811d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-beaver-builder-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-beaver-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-beaver-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-4c7073bcb34b91519f3886f6522a24df.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-4c7073bcb34b91519f3886f6522a24df.yaml new file mode 100644 index 0000000000..015e297b58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-4c7073bcb34b91519f3886f6522a24df.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-contact-form-7-4c7073bcb34b91519f3886f6522a24df + +info: + name: > + Ultimate Addons for Contact Form 7 <= 3.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/364946a5-ce1e-4872-895d-e7cf795a04f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-6cf0838d8f56929452bab2f8ff3f1bd8.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-6cf0838d8f56929452bab2f8ff3f1bd8.yaml new file mode 100644 index 0000000000..d7b9338776 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-6cf0838d8f56929452bab2f8ff3f1bd8.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-contact-form-7-6cf0838d8f56929452bab2f8ff3f1bd8 + +info: + name: > + Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated(Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/817ca119-ddaf-4525-beee-68c4e0aac544?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.1.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-6ecaac8965c567964f683839f3212253.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-6ecaac8965c567964f683839f3212253.yaml new file mode 100644 index 0000000000..dabb8b6333 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-6ecaac8965c567964f683839f3212253.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-contact-form-7-6ecaac8965c567964f683839f3212253 + +info: + name: > + Ultimate Addons for Contact Form 7 <= 3.1.23 - Authenticated (Subscriber+) SQL Injection via id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5db5c5e0-f2ba-4082-b3eb-33cc0ce418e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-8461759ea5a4f2c3230ae2ba89953371.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-8461759ea5a4f2c3230ae2ba89953371.yaml new file mode 100644 index 0000000000..8411e90fa6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-8461759ea5a4f2c3230ae2ba89953371.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-contact-form-7-8461759ea5a4f2c3230ae2ba89953371 + +info: + name: > + Ultimate Addons for Contact Form 7 <= 3.1.28 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1517d4-79d0-4d4b-b54d-86e00dabd874?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-89c7530bb0ccb65cbe93d8710754fbde.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-89c7530bb0ccb65cbe93d8710754fbde.yaml new file mode 100644 index 0000000000..016c336b19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-89c7530bb0ccb65cbe93d8710754fbde.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-contact-form-7-89c7530bb0ccb65cbe93d8710754fbde + +info: + name: > + Ultimate Addons for Contact Form 7 <= 3.1.28 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1723a465-75ca-4fea-ad9c-d96ffb5625a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-b2845fc817c419db85576f698a4d3013.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-b2845fc817c419db85576f698a4d3013.yaml new file mode 100644 index 0000000000..7db432cb76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-b2845fc817c419db85576f698a4d3013.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-contact-form-7-b2845fc817c419db85576f698a4d3013 + +info: + name: > + Ultimate Addons for Contact Form 7 <= 3.1.23 - Unauthenticated SQL Injection via form_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f10e5eef-1ccf-4f98-b0e9-5ed05b3881a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-b8421311d76851450148e6c1e68c8aa3.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-b8421311d76851450148e6c1e68c8aa3.yaml new file mode 100644 index 0000000000..0aa99a7dd1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-b8421311d76851450148e6c1e68c8aa3.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-contact-form-7-b8421311d76851450148e6c1e68c8aa3 + +info: + name: > + Ultimate Addons for Contact Form 7 <= 3.2.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73720e67-79e5-4b4c-8720-e28ad718b2b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-c0847a869834cac59e5bd8ee9a8f049f.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-c0847a869834cac59e5bd8ee9a8f049f.yaml new file mode 100644 index 0000000000..52f8e38983 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-contact-form-7-c0847a869834cac59e5bd8ee9a8f049f.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-contact-form-7-c0847a869834cac59e5bd8ee9a8f049f + +info: + name: > + Ultimate Addons for Contact Form 7 <= 3.1.0 - Reflected Cross-Site Scripting via 'page' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d857324c-94c9-471a-9da8-0b8c9bb50262?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-contact-form-7/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-contact-form-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-contact-form-7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-contact-form-7/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-contact-form-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-elementor-688329ccf7bb0b49cbf94f9e95fe056a.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-elementor-688329ccf7bb0b49cbf94f9e95fe056a.yaml new file mode 100644 index 0000000000..15096903df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-elementor-688329ccf7bb0b49cbf94f9e95fe056a.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-elementor-688329ccf7bb0b49cbf94f9e95fe056a + +info: + name: > + Mega Addons For Elementor <= 1.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f557c6e-2fbd-478d-8dc3-cdc550e523b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-11a2580b3d0abb5ce4a2d1b75225b077.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-11a2580b3d0abb5ce4a2d1b75225b077.yaml new file mode 100644 index 0000000000..4e03c6eb25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-11a2580b3d0abb5ce4a2d1b75225b077.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-11a2580b3d0abb5ce4a2d1b75225b077 + +info: + name: > + Spectra – WordPress Gutenberg Blocks <= 2.12.6 - Authenticated (Contributor+) Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-2e1aa97d2a69303c55e94b8b3fd49dd1.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-2e1aa97d2a69303c55e94b8b3fd49dd1.yaml new file mode 100644 index 0000000000..b299004d61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-2e1aa97d2a69303c55e94b8b3fd49dd1.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-2e1aa97d2a69303c55e94b8b3fd49dd1 + +info: + name: > + Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to WPForm/Blocks Import + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b225e5e-7207-4af4-b023-ad23fd540d56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-54ca82ae8ec1733aa6ce2fbfb7528cc8.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-54ca82ae8ec1733aa6ce2fbfb7528cc8.yaml new file mode 100644 index 0000000000..a25383c0b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-54ca82ae8ec1733aa6ce2fbfb7528cc8.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-54ca82ae8ec1733aa6ce2fbfb7528cc8 + +info: + name: > + Spectra – WordPress Gutenberg Blocks <= 2.3.1 - HTML Injection in Emails + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73323c62-c23f-4bf2-b266-df63db63d4d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-5e747ec4420f9649cb9fa7868eb33968.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-5e747ec4420f9649cb9fa7868eb33968.yaml new file mode 100644 index 0000000000..42bf77c076 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-5e747ec4420f9649cb9fa7868eb33968.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-5e747ec4420f9649cb9fa7868eb33968 + +info: + name: > + Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Captcha Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7e33fbc-da1b-4109-8b29-37e1050a559b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-74062d3bc6524d681fbfe5faf76c4ab5.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-74062d3bc6524d681fbfe5faf76c4ab5.yaml new file mode 100644 index 0000000000..c5c5bee0b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-74062d3bc6524d681fbfe5faf76c4ab5.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-74062d3bc6524d681fbfe5faf76c4ab5 + +info: + name: > + Spectra – WordPress Gutenberg Blocks <= 1.14.11 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d9b5f4e-5d98-49b2-adbb-1db906b07c45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-7f4172230ab5f4cfd3c2df5f07ea6d4e.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-7f4172230ab5f4cfd3c2df5f07ea6d4e.yaml new file mode 100644 index 0000000000..0f751cea2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-7f4172230ab5f4cfd3c2df5f07ea6d4e.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-7f4172230ab5f4cfd3c2df5f07ea6d4e + +info: + name: > + Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Missing Authorization to Captcha Setting Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/559c83e9-8c85-4d2a-b835-d6b314ba7eab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-c5f769a2ad53c678c35d169acd9dd76e.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-c5f769a2ad53c678c35d169acd9dd76e.yaml new file mode 100644 index 0000000000..26c9fce79a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-c5f769a2ad53c678c35d169acd9dd76e.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-c5f769a2ad53c678c35d169acd9dd76e + +info: + name: > + Spectra – WordPress Gutenberg Blocks <= 1.14.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4419a302-4305-44f8-a256-dd276b5cd751?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-d75adb1e1a8470a2c11b41a61ac1c215.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-d75adb1e1a8470a2c11b41a61ac1c215.yaml new file mode 100644 index 0000000000..f59134d893 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-d75adb1e1a8470a2c11b41a61ac1c215.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-d75adb1e1a8470a2c11b41a61ac1c215 + +info: + name: > + Spectra <= 2.6.6 - Authenticated (Contributor+) Server-Side Request Forgery in import_wpforms + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5886128e-e72f-4d84-8c17-1ed4a0fcc17e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-da3f3594c596e882f29a46f5eb088351.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-da3f3594c596e882f29a46f5eb088351.yaml new file mode 100644 index 0000000000..adf3bf76f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-da3f3594c596e882f29a46f5eb088351.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-da3f3594c596e882f29a46f5eb088351 + +info: + name: > + Spectra – WordPress Gutenberg Blocks <= 2.10.3 - Authenticated(Contributor+) Cross-Site Scripting via Custom CSS + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4933a30-974f-487d-9444-b0ea1283a09c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-e2ba51cd3a24abd61ca453335ef98edb.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-e2ba51cd3a24abd61ca453335ef98edb.yaml new file mode 100644 index 0000000000..797237e43f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-e2ba51cd3a24abd61ca453335ef98edb.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-e2ba51cd3a24abd61ca453335ef98edb + +info: + name: > + Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Email Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2f8cdd3-f873-42bd-9891-a63a398df846?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-e57055214b95f532f53777eeb789b4ce.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-e57055214b95f532f53777eeb789b4ce.yaml new file mode 100644 index 0000000000..36336183b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-e57055214b95f532f53777eeb789b4ce.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-e57055214b95f532f53777eeb789b4ce + +info: + name: > + Spectra <= 2.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0df493cb-2b5e-4a16-b6d8-4cd9a473540d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-f25e6249bdc00f58ed87833d8179196d.yaml b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-f25e6249bdc00f58ed87833d8179196d.yaml new file mode 100644 index 0000000000..840016b055 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-addons-for-gutenberg-f25e6249bdc00f58ed87833d8179196d.yaml @@ -0,0 +1,58 @@ +id: ultimate-addons-for-gutenberg-f25e6249bdc00f58ed87833d8179196d + +info: + name: > + Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Cross-Site Request Forgery to Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e828fbc-d465-4d69-b7d6-42e2ad87f73d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-addons-for-gutenberg/" + google-query: inurl:"/wp-content/plugins/ultimate-addons-for-gutenberg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-addons-for-gutenberg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-addons-for-gutenberg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-addons-for-gutenberg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-appointment-scheduling-9936959fd813ccd389d4906204f0314e.yaml b/nuclei-templates/cve-less/plugins/ultimate-appointment-scheduling-9936959fd813ccd389d4906204f0314e.yaml new file mode 100644 index 0000000000..666945bc2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-appointment-scheduling-9936959fd813ccd389d4906204f0314e.yaml @@ -0,0 +1,58 @@ +id: ultimate-appointment-scheduling-9936959fd813ccd389d4906204f0314e + +info: + name: > + Ultimate Appointment Booking & Scheduling < 1.1.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2339c392-49bc-4744-b82a-d40f3bb4a81e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-appointment-scheduling/" + google-query: inurl:"/wp-content/plugins/ultimate-appointment-scheduling/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-appointment-scheduling,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-appointment-scheduling/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-appointment-scheduling" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-blocks-8ecac7c0d333dc76f1706559fa2ff22f.yaml b/nuclei-templates/cve-less/plugins/ultimate-blocks-8ecac7c0d333dc76f1706559fa2ff22f.yaml new file mode 100644 index 0000000000..b351a55c53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-blocks-8ecac7c0d333dc76f1706559fa2ff22f.yaml @@ -0,0 +1,58 @@ +id: ultimate-blocks-8ecac7c0d333dc76f1706559fa2ff22f + +info: + name: > + Ultimate Blocks <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/387d28fa-f582-4d68-a781-fc210ef5bd30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-blocks/" + google-query: inurl:"/wp-content/plugins/ultimate-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-bootstrap-elements-for-elementor-825ff2ff95290127035d7fc582cf6f47.yaml b/nuclei-templates/cve-less/plugins/ultimate-bootstrap-elements-for-elementor-825ff2ff95290127035d7fc582cf6f47.yaml new file mode 100644 index 0000000000..5966a7fdcf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-bootstrap-elements-for-elementor-825ff2ff95290127035d7fc582cf6f47.yaml @@ -0,0 +1,58 @@ +id: ultimate-bootstrap-elements-for-elementor-825ff2ff95290127035d7fc582cf6f47 + +info: + name: > + Ultimate Bootstrap Elements for Elementor <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cb43deb-63f6-42d8-8dd6-55a59fca31ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-bootstrap-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/ultimate-bootstrap-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-bootstrap-elements-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-bootstrap-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-bootstrap-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-bootstrap-elements-for-elementor-b7beb3a7782030a0bf8580cffcb377f0.yaml b/nuclei-templates/cve-less/plugins/ultimate-bootstrap-elements-for-elementor-b7beb3a7782030a0bf8580cffcb377f0.yaml new file mode 100644 index 0000000000..da3f1801b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-bootstrap-elements-for-elementor-b7beb3a7782030a0bf8580cffcb377f0.yaml @@ -0,0 +1,58 @@ +id: ultimate-bootstrap-elements-for-elementor-b7beb3a7782030a0bf8580cffcb377f0 + +info: + name: > + Ultimate Bootstrap Elements for Elementor <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed191380-6037-4d59-8db7-cb33136a304e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-bootstrap-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/ultimate-bootstrap-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-bootstrap-elements-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-bootstrap-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-bootstrap-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-carousel-for-elementor-d246c52e9d4725c7b245a84d679cf9a0.yaml b/nuclei-templates/cve-less/plugins/ultimate-carousel-for-elementor-d246c52e9d4725c7b245a84d679cf9a0.yaml new file mode 100644 index 0000000000..b4885f7f7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-carousel-for-elementor-d246c52e9d4725c7b245a84d679cf9a0.yaml @@ -0,0 +1,58 @@ +id: ultimate-carousel-for-elementor-d246c52e9d4725c7b245a84d679cf9a0 + +info: + name: > + Ultimate Carousel For Elementor <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0e35280-0c2a-4fe1-bfbe-3321338ff1a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-carousel-for-elementor/" + google-query: inurl:"/wp-content/plugins/ultimate-carousel-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-carousel-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-carousel-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-carousel-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-carousel-for-visual-composer-5829eead4c96879234a4f24b2d7f9ad4.yaml b/nuclei-templates/cve-less/plugins/ultimate-carousel-for-visual-composer-5829eead4c96879234a4f24b2d7f9ad4.yaml new file mode 100644 index 0000000000..18788f13d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-carousel-for-visual-composer-5829eead4c96879234a4f24b2d7f9ad4.yaml @@ -0,0 +1,58 @@ +id: ultimate-carousel-for-visual-composer-5829eead4c96879234a4f24b2d7f9ad4 + +info: + name: > + Ultimate Carousel For WPBakery Page Builder <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c97fc289-1ee3-4401-a57e-b4c8d998259e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-carousel-for-visual-composer/" + google-query: inurl:"/wp-content/plugins/ultimate-carousel-for-visual-composer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-carousel-for-visual-composer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-carousel-for-visual-composer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-carousel-for-visual-composer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-category-excluder-47b41bc2712a70e4aff6fb8649c1924a.yaml b/nuclei-templates/cve-less/plugins/ultimate-category-excluder-47b41bc2712a70e4aff6fb8649c1924a.yaml new file mode 100644 index 0000000000..bc840752d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-category-excluder-47b41bc2712a70e4aff6fb8649c1924a.yaml @@ -0,0 +1,58 @@ +id: ultimate-category-excluder-47b41bc2712a70e4aff6fb8649c1924a + +info: + name: > + Ultimate Category Excluder <= 1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e30d2ca-1918-4fcf-979e-7cae0d84529e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-category-excluder/" + google-query: inurl:"/wp-content/plugins/ultimate-category-excluder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-category-excluder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-category-excluder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-category-excluder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-dashboard-5955a72c6d4dde7cf5a0b6e449e430ae.yaml b/nuclei-templates/cve-less/plugins/ultimate-dashboard-5955a72c6d4dde7cf5a0b6e449e430ae.yaml new file mode 100644 index 0000000000..3c66ed3225 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-dashboard-5955a72c6d4dde7cf5a0b6e449e430ae.yaml @@ -0,0 +1,58 @@ +id: ultimate-dashboard-5955a72c6d4dde7cf5a0b6e449e430ae + +info: + name: > + Ultimate Dashboard <= 3.7.10 - Login Page Disclosure on Multi-site + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56f3cb34-0452-4e3d-9442-0decc77f5e63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-dashboard/" + google-query: inurl:"/wp-content/plugins/ultimate-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-dashboard-74982fb1ee6ee7e80b9e6c7f6db4f09f.yaml b/nuclei-templates/cve-less/plugins/ultimate-dashboard-74982fb1ee6ee7e80b9e6c7f6db4f09f.yaml new file mode 100644 index 0000000000..39caf571db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-dashboard-74982fb1ee6ee7e80b9e6c7f6db4f09f.yaml @@ -0,0 +1,58 @@ +id: ultimate-dashboard-74982fb1ee6ee7e80b9e6c7f6db4f09f + +info: + name: > + Ultimate Dashboard <= 3.7.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10c1b000-537a-4009-a740-19666505989e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-dashboard/" + google-query: inurl:"/wp-content/plugins/ultimate-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-dashboard-b6be8c11fad37e887646a283e9c47ba4.yaml b/nuclei-templates/cve-less/plugins/ultimate-dashboard-b6be8c11fad37e887646a283e9c47ba4.yaml new file mode 100644 index 0000000000..ca9563f66c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-dashboard-b6be8c11fad37e887646a283e9c47ba4.yaml @@ -0,0 +1,58 @@ +id: ultimate-dashboard-b6be8c11fad37e887646a283e9c47ba4 + +info: + name: > + Ultimate Dashboard <= 3.7.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79cce1fc-a27f-4842-b1a2-2c53857add4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-dashboard/" + google-query: inurl:"/wp-content/plugins/ultimate-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-dashboard-c5b5b783e98de972c2044e0acdd3ca83.yaml b/nuclei-templates/cve-less/plugins/ultimate-dashboard-c5b5b783e98de972c2044e0acdd3ca83.yaml new file mode 100644 index 0000000000..ab8f3f8d54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-dashboard-c5b5b783e98de972c2044e0acdd3ca83.yaml @@ -0,0 +1,58 @@ +id: ultimate-dashboard-c5b5b783e98de972c2044e0acdd3ca83 + +info: + name: > + Ultimate Dashboard <= 3.7.5 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5103e60-771f-46cf-b432-21d131e30bcc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-dashboard/" + google-query: inurl:"/wp-content/plugins/ultimate-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-elementor-6c08edd49eae20ef345d45ae5326d421.yaml b/nuclei-templates/cve-less/plugins/ultimate-elementor-6c08edd49eae20ef345d45ae5326d421.yaml new file mode 100644 index 0000000000..763aa8ea16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-elementor-6c08edd49eae20ef345d45ae5326d421.yaml @@ -0,0 +1,58 @@ +id: ultimate-elementor-6c08edd49eae20ef345d45ae5326d421 + +info: + name: > + Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71e2db7c-53a7-4b17-b00a-ce71a00bf546?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-elementor/" + google-query: inurl:"/wp-content/plugins/ultimate-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.24.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-elementor-b3de31ba898622222026a1275ef3dc05.yaml b/nuclei-templates/cve-less/plugins/ultimate-elementor-b3de31ba898622222026a1275ef3dc05.yaml new file mode 100644 index 0000000000..157fefc4ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-elementor-b3de31ba898622222026a1275ef3dc05.yaml @@ -0,0 +1,58 @@ +id: ultimate-elementor-b3de31ba898622222026a1275ef3dc05 + +info: + name: > + Ultimate Addons for Elementor < 1.30.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99e8017a-346e-42d8-b9c1-29ed15da1156?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-elementor/" + google-query: inurl:"/wp-content/plugins/ultimate-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.30.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-facebook-comments-507dc7ea634baa930020adb83f291cb6.yaml b/nuclei-templates/cve-less/plugins/ultimate-facebook-comments-507dc7ea634baa930020adb83f291cb6.yaml new file mode 100644 index 0000000000..c5b6cc5542 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-facebook-comments-507dc7ea634baa930020adb83f291cb6.yaml @@ -0,0 +1,58 @@ +id: ultimate-facebook-comments-507dc7ea634baa930020adb83f291cb6 + +info: + name: > + Ultimate Social Comments – Email Notification & Lazy Load <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7de6415a-5236-46ec-ae2e-f4ec40c90f4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-facebook-comments/" + google-query: inurl:"/wp-content/plugins/ultimate-facebook-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-facebook-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-facebook-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-facebook-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-faqs-01d841cc481bc716c0f7b858b4f11c39.yaml b/nuclei-templates/cve-less/plugins/ultimate-faqs-01d841cc481bc716c0f7b858b4f11c39.yaml new file mode 100644 index 0000000000..0acade1b9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-faqs-01d841cc481bc716c0f7b858b4f11c39.yaml @@ -0,0 +1,58 @@ +id: ultimate-faqs-01d841cc481bc716c0f7b858b4f11c39 + +info: + name: > + Ultimate Faqs <= 1.8.21 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1818e80-e580-45d4-88ab-018cb1723947?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-faqs/" + google-query: inurl:"/wp-content/plugins/ultimate-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-faqs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-faqs-91fd3dac9c4d5ede970602c4fc325980.yaml b/nuclei-templates/cve-less/plugins/ultimate-faqs-91fd3dac9c4d5ede970602c4fc325980.yaml new file mode 100644 index 0000000000..e8dcdf915a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-faqs-91fd3dac9c4d5ede970602c4fc325980.yaml @@ -0,0 +1,58 @@ +id: ultimate-faqs-91fd3dac9c4d5ede970602c4fc325980 + +info: + name: > + Ultimate FAQ <= 1.8.24 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67f9f44b-badc-48d5-b1d9-11cd6501fa9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-faqs/" + google-query: inurl:"/wp-content/plugins/ultimate-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-faqs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-faqs-b632dc6cba0c61ee2bf8f89345f7cf19.yaml b/nuclei-templates/cve-less/plugins/ultimate-faqs-b632dc6cba0c61ee2bf8f89345f7cf19.yaml new file mode 100644 index 0000000000..d244c60265 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-faqs-b632dc6cba0c61ee2bf8f89345f7cf19.yaml @@ -0,0 +1,58 @@ +id: ultimate-faqs-b632dc6cba0c61ee2bf8f89345f7cf19 + +info: + name: > + Ultimate FAQ <= 1.8.29 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7eaa196b-429a-4d15-903b-16f33cc0bd6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-faqs/" + google-query: inurl:"/wp-content/plugins/ultimate-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-faqs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-faqs-c31ec2a99302fba742cc98be29fde1f0.yaml b/nuclei-templates/cve-less/plugins/ultimate-faqs-c31ec2a99302fba742cc98be29fde1f0.yaml new file mode 100644 index 0000000000..8d4dc1f200 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-faqs-c31ec2a99302fba742cc98be29fde1f0.yaml @@ -0,0 +1,58 @@ +id: ultimate-faqs-c31ec2a99302fba742cc98be29fde1f0 + +info: + name: > + Ultimate FAQ <= 1.8.24 - Unauthenticated Options Import/Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb562efb-eb17-4366-9f6d-02653df6ece1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-faqs/" + google-query: inurl:"/wp-content/plugins/ultimate-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-faqs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-faqs-deca81735cc88aee9510bee96ebea3f5.yaml b/nuclei-templates/cve-less/plugins/ultimate-faqs-deca81735cc88aee9510bee96ebea3f5.yaml new file mode 100644 index 0000000000..563efb6fb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-faqs-deca81735cc88aee9510bee96ebea3f5.yaml @@ -0,0 +1,58 @@ +id: ultimate-faqs-deca81735cc88aee9510bee96ebea3f5 + +info: + name: > + Ultimate FAQ <= 2.1.1 - Missing Authorization to Arbitrary FAQ Creation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80b3c2d3-b8dc-429f-b2d7-6a697ad47a9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-faqs/" + google-query: inurl:"/wp-content/plugins/ultimate-faqs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-faqs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-faqs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-faqs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-form-builder-lite-296629ec48c2e29c001ff73c83d740a4.yaml b/nuclei-templates/cve-less/plugins/ultimate-form-builder-lite-296629ec48c2e29c001ff73c83d740a4.yaml new file mode 100644 index 0000000000..59fd82a5f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-form-builder-lite-296629ec48c2e29c001ff73c83d740a4.yaml @@ -0,0 +1,58 @@ +id: ultimate-form-builder-lite-296629ec48c2e29c001ff73c83d740a4 + +info: + name: > + Ultimate Form Builder Lite <= 1.3.6 - SQL Injection to PHP Object Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13031db7-aeac-4d44-94f9-1cdb84781a55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-form-builder-lite/" + google-query: inurl:"/wp-content/plugins/ultimate-form-builder-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-form-builder-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-form-builder-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-form-builder-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-instagram-feed-ccaa53f193d436f82f09665a210de68c.yaml b/nuclei-templates/cve-less/plugins/ultimate-instagram-feed-ccaa53f193d436f82f09665a210de68c.yaml new file mode 100644 index 0000000000..633b7d9055 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-instagram-feed-ccaa53f193d436f82f09665a210de68c.yaml @@ -0,0 +1,58 @@ +id: ultimate-instagram-feed-ccaa53f193d436f82f09665a210de68c + +info: + name: > + Ultimate Instagram Feed – WordPress Plugin < 1.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6fe59e8-78cf-47f4-90eb-920f8e4fd204?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-instagram-feed/" + google-query: inurl:"/wp-content/plugins/ultimate-instagram-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-instagram-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-instagram-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-instagram-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-landing-page-55c8be1b98f905c0f97aa18a603d7cea.yaml b/nuclei-templates/cve-less/plugins/ultimate-landing-page-55c8be1b98f905c0f97aa18a603d7cea.yaml new file mode 100644 index 0000000000..3909032c2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-landing-page-55c8be1b98f905c0f97aa18a603d7cea.yaml @@ -0,0 +1,58 @@ +id: ultimate-landing-page-55c8be1b98f905c0f97aa18a603d7cea + +info: + name: > + Landing Page Builder – Free Landing Page Templates <= 3.1.9.8 - Local File Inclusion via 'lpp_template_select' + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c40bf215-81c1-423a-9d41-9a231dfc8053?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-landing-page/" + google-query: inurl:"/wp-content/plugins/ultimate-landing-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-landing-page,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-landing-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-landing-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-358ac8b0121729fe99fde2c984a71ee0.yaml b/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-358ac8b0121729fe99fde2c984a71ee0.yaml new file mode 100644 index 0000000000..5e21bc3590 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-358ac8b0121729fe99fde2c984a71ee0.yaml @@ -0,0 +1,58 @@ +id: ultimate-maps-by-supsystic-358ac8b0121729fe99fde2c984a71ee0 + +info: + name: > + Ultimate Maps by Supsystic <= 1.2.16 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b4108b7-fa78-4f1f-9eee-0e2383b4988c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-maps-by-supsystic/" + google-query: inurl:"/wp-content/plugins/ultimate-maps-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-maps-by-supsystic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-maps-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-maps-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-6f6b50e35dbc0c6deca59671d5ec0737.yaml b/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-6f6b50e35dbc0c6deca59671d5ec0737.yaml new file mode 100644 index 0000000000..3be60289ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-6f6b50e35dbc0c6deca59671d5ec0737.yaml @@ -0,0 +1,58 @@ +id: ultimate-maps-by-supsystic-6f6b50e35dbc0c6deca59671d5ec0737 + +info: + name: > + Ultimate Maps by Supsystic <= 1.2.4 - Reflected Cross-Site scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5848d3a-d6a8-4e56-9012-9d600a3cf7fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-maps-by-supsystic/" + google-query: inurl:"/wp-content/plugins/ultimate-maps-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-maps-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-maps-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-maps-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-d90dc94bb51dfa2f24514c386a4ae9c2.yaml b/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-d90dc94bb51dfa2f24514c386a4ae9c2.yaml new file mode 100644 index 0000000000..4b4937b164 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-maps-by-supsystic-d90dc94bb51dfa2f24514c386a4ae9c2.yaml @@ -0,0 +1,58 @@ +id: ultimate-maps-by-supsystic-d90dc94bb51dfa2f24514c386a4ae9c2 + +info: + name: > + Ultimate Maps by Supsystic <= 1.2.15 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d170af2a-9b8c-43ad-b712-b89bcfadd5b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-maps-by-supsystic/" + google-query: inurl:"/wp-content/plugins/ultimate-maps-by-supsystic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-maps-by-supsystic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-maps-by-supsystic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-maps-by-supsystic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-00490e9d02fc53f4fe0fd6d4af30aaaa.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-00490e9d02fc53f4fe0fd6d4af30aaaa.yaml new file mode 100644 index 0000000000..bfe21ee649 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-00490e9d02fc53f4fe0fd6d4af30aaaa.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-00490e9d02fc53f4fe0fd6d4af30aaaa + +info: + name: > + Ultimate Member <= 2.0.53 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eedf009-116c-4a98-8b84-e01bd35e7e60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.53') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-08b6d9dc73cde56d748bcfad89022c1b.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-08b6d9dc73cde56d748bcfad89022c1b.yaml new file mode 100644 index 0000000000..a8f0413a6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-08b6d9dc73cde56d748bcfad89022c1b.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-08b6d9dc73cde56d748bcfad89022c1b + +info: + name: > + Ultimate Member <= 2.0.10 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/244a23a2-8899-4ab4-8f8d-62756e4ea56b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-0e25a5015b31f614947b39dfb4bdedd7.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-0e25a5015b31f614947b39dfb4bdedd7.yaml new file mode 100644 index 0000000000..d589687136 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-0e25a5015b31f614947b39dfb4bdedd7.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-0e25a5015b31f614947b39dfb4bdedd7 + +info: + name: > + Ultimate Member <= 2.1.19 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c340b7c0-35ab-4707-a999-261a721a9a37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-18ceaed7f43455d18367a3a1c3285ab3.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-18ceaed7f43455d18367a3a1c3285ab3.yaml new file mode 100644 index 0000000000..0cf3db6861 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-18ceaed7f43455d18367a3a1c3285ab3.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-18ceaed7f43455d18367a3a1c3285ab3 + +info: + name: > + Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Remote Code Execution via Multi-Select + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed28fe16-0835-4e94-a30e-305e7ba03740?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-1f4b95ce58b10f02cade4467768773cc.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-1f4b95ce58b10f02cade4467768773cc.yaml new file mode 100644 index 0000000000..be7006df64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-1f4b95ce58b10f02cade4467768773cc.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-1f4b95ce58b10f02cade4467768773cc + +info: + name: > + Ultimate Member <= 2.0.3 - Improper Access Control + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3221af7-13ea-4c90-b2ca-75eb3d373ed3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-29ac257d0d3d26be4d0323f19b8203fa.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-29ac257d0d3d26be4d0323f19b8203fa.yaml new file mode 100644 index 0000000000..a7e1a88bba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-29ac257d0d3d26be4d0323f19b8203fa.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-29ac257d0d3d26be4d0323f19b8203fa + +info: + name: > + Ultimate Member <= 2.8.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8bc1653-8fee-468a-bb6d-f24959846ee5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-33abe543df77e7949cb3756acaf591a2.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-33abe543df77e7949cb3756acaf591a2.yaml new file mode 100644 index 0000000000..4492fe170d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-33abe543df77e7949cb3756acaf591a2.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-33abe543df77e7949cb3756acaf591a2 + +info: + name: > + Ultimate Member <= 1.3.88 - Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0549acd5-686b-4505-af68-f3f854096f63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.88') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-3c91005e14cc5d86d18c2bf91cfcd5a0.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-3c91005e14cc5d86d18c2bf91cfcd5a0.yaml new file mode 100644 index 0000000000..7a0b83c2c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-3c91005e14cc5d86d18c2bf91cfcd5a0.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-3c91005e14cc5d86d18c2bf91cfcd5a0 + +info: + name: > + Ultimate Member <= 2.0.51 - Cross-Site Request Forgery and Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acbe1c36-04e7-49af-90fa-d8acbe351b57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-3cc251560d3b16f1b023b3769603bce5.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-3cc251560d3b16f1b023b3769603bce5.yaml new file mode 100644 index 0000000000..77cc3daeb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-3cc251560d3b16f1b023b3769603bce5.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-3cc251560d3b16f1b023b3769603bce5 + +info: + name: > + Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04cd8da4-9da3-4c80-a77e-c2f792391593?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0', '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-40c98f25ab20a5cec3c5a2b4260a50d3.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-40c98f25ab20a5cec3c5a2b4260a50d3.yaml new file mode 100644 index 0000000000..6badfced8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-40c98f25ab20a5cec3c5a2b4260a50d3.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-40c98f25ab20a5cec3c5a2b4260a50d3 + +info: + name: > + Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Meta + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef2ac5c8-9e76-40b8-a2a4-8cb4291871f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-40e897d2ffdca51f7bd6bf3f82372d65.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-40e897d2ffdca51f7bd6bf3f82372d65.yaml new file mode 100644 index 0000000000..9215b907f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-40e897d2ffdca51f7bd6bf3f82372d65.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-40e897d2ffdca51f7bd6bf3f82372d65 + +info: + name: > + Ultimate Member <= 2.0.3 - Unauthorized Image File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e75e877-14e6-4e51-b435-d78f8ab95d12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-43eec6271332d7e594aedf23b6c236f2.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-43eec6271332d7e594aedf23b6c236f2.yaml new file mode 100644 index 0000000000..153826fe4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-43eec6271332d7e594aedf23b6c236f2.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-43eec6271332d7e594aedf23b6c236f2 + +info: + name: > + Ultimate Member <= 2.0.3 - Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9b6c62f-b53f-44f7-8fe2-22bac0074f9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-6192c67ee2c3bd9b9e931c78efebf58a.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-6192c67ee2c3bd9b9e931c78efebf58a.yaml new file mode 100644 index 0000000000..80c62d9fec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-6192c67ee2c3bd9b9e931c78efebf58a.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-6192c67ee2c3bd9b9e931c78efebf58a + +info: + name: > + Ultimate Member <= 2.6.0 - Cross-Site Request Forgery to Form Duplication + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97ced4ed-915b-4234-b59d-75db983f90e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-662783c84d37079d21b3524fa95f4917.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-662783c84d37079d21b3524fa95f4917.yaml new file mode 100644 index 0000000000..0024123c62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-662783c84d37079d21b3524fa95f4917.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-662783c84d37079d21b3524fa95f4917 + +info: + name: > + Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 2.1.3 - 2.8.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/005fa621-3c49-4c23-add5-d6b7a9110055?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.1.3', '<= 2.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-674e9e8ffc19e4d579a57273137742ea.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-674e9e8ffc19e4d579a57273137742ea.yaml new file mode 100644 index 0000000000..9ac38f43a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-674e9e8ffc19e4d579a57273137742ea.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-674e9e8ffc19e4d579a57273137742ea + +info: + name: > + Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Admin+) Limited Remote Code Execution via um_populate_dropdown_options + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdcdbba7-8280-457b-a511-66a486978a31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-7e2ae7bf2efb6bc23e281ebe6c72a235.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-7e2ae7bf2efb6bc23e281ebe6c72a235.yaml new file mode 100644 index 0000000000..2457f2d461 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-7e2ae7bf2efb6bc23e281ebe6c72a235.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-7e2ae7bf2efb6bc23e281ebe6c72a235 + +info: + name: > + Ultimate Member <= 2.1.11 - Authenticated Privilege Escalation via Profile Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3805936-675e-474f-a3f7-acea69bd72f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-7f5926ab268dbc1681fd3a5de983583a.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-7f5926ab268dbc1681fd3a5de983583a.yaml new file mode 100644 index 0000000000..e8a430c2ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-7f5926ab268dbc1681fd3a5de983583a.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-7f5926ab268dbc1681fd3a5de983583a + +info: + name: > + Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86ddd5fd-137b-478e-952e-b36fc6a5c28d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-80c655d3d796ab546d2bd2d7a2a197bc.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-80c655d3d796ab546d2bd2d7a2a197bc.yaml new file mode 100644 index 0000000000..39385a6535 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-80c655d3d796ab546d2bd2d7a2a197bc.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-80c655d3d796ab546d2bd2d7a2a197bc + +info: + name: > + Ultimate Member – User Profile, User Registration, Login & Membership Plugin <= 2.5.0 - Authenticated (Contributor+) Directory Traversal via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c7d5fbe-d272-46d4-9b33-889ba77dcc52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-85405b283a5b7488c3b527272c63f06e.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-85405b283a5b7488c3b527272c63f06e.yaml new file mode 100644 index 0000000000..6f311aaeff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-85405b283a5b7488c3b527272c63f06e.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-85405b283a5b7488c3b527272c63f06e + +info: + name: > + Ultimate Member < 2.0.4 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13033a3c-f020-4821-a7ad-bfcfca407df0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-913680c7cc113c5e372d717a86269c4e.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-913680c7cc113c5e372d717a86269c4e.yaml new file mode 100644 index 0000000000..282e55f251 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-913680c7cc113c5e372d717a86269c4e.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-913680c7cc113c5e372d717a86269c4e + +info: + name: > + Ultimate Member <= 2.0.39 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa0881ab-d731-4e57-8323-c49b9306bf50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-9c147c1fb503983534bc4ea0ae8ec8cf.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-9c147c1fb503983534bc4ea0ae8ec8cf.yaml new file mode 100644 index 0000000000..b6cdc2cc45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-9c147c1fb503983534bc4ea0ae8ec8cf.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-9c147c1fb503983534bc4ea0ae8ec8cf + +info: + name: > + Ultimate Member <= 1.3.39 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8d4dc12-ae17-477f-a8d2-da9747672a26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-a3c4d74b63323bef472fb10b591d6314.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-a3c4d74b63323bef472fb10b591d6314.yaml new file mode 100644 index 0000000000..81eb8d49e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-a3c4d74b63323bef472fb10b591d6314.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-a3c4d74b63323bef472fb10b591d6314 + +info: + name: > + Ultimate Member <= 2.0.17 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/561c8bcf-30b0-4ee6-b507-4cacf22c1e58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-a6054d32c09f0a33057b0746bec92f89.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-a6054d32c09f0a33057b0746bec92f89.yaml new file mode 100644 index 0000000000..f4fa567e29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-a6054d32c09f0a33057b0746bec92f89.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-a6054d32c09f0a33057b0746bec92f89 + +info: + name: > + Ultimate Member <= 2.0.6 - Multiple Cross-Site Request Forgery Issues + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9742a4d0-34b0-4f7f-aa2b-a6f7cb6aacd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-aaa278b6b3d118139396380f3db91970.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-aaa278b6b3d118139396380f3db91970.yaml new file mode 100644 index 0000000000..b54272330d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-aaa278b6b3d118139396380f3db91970.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-aaa278b6b3d118139396380f3db91970 + +info: + name: > + Ultimate Member <= 2.3.1 - Arbitrary Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d638120b-5396-408b-8273-d003ff9dd01d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-afb0b6e6fbde3c83cc029e81733d53ca.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-afb0b6e6fbde3c83cc029e81733d53ca.yaml new file mode 100644 index 0000000000..d52418d346 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-afb0b6e6fbde3c83cc029e81733d53ca.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-afb0b6e6fbde3c83cc029e81733d53ca + +info: + name: > + Ultimate Member <= 2.1.11 - Unauthenticated Privilege Escalation via User Roles + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1081eeb1-3240-478d-8679-7bf9293b5a95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-afb15d666e098434f8ebcb7a76b5d273.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-afb15d666e098434f8ebcb7a76b5d273.yaml new file mode 100644 index 0000000000..f0ac378652 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-afb15d666e098434f8ebcb7a76b5d273.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-afb15d666e098434f8ebcb7a76b5d273 + +info: + name: > + Ultimate Member <= 1.3.17 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d8bee60-33f8-465b-80a9-90bc7a4d2054?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-b9f884e6575d690e9989d7d2f0484ed9.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-b9f884e6575d690e9989d7d2f0484ed9.yaml new file mode 100644 index 0000000000..8cd0e308ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-b9f884e6575d690e9989d7d2f0484ed9.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-b9f884e6575d690e9989d7d2f0484ed9 + +info: + name: > + Ultimate Member <= 2.1.2 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65a0033d-2266-429c-aab2-80bd46c93b91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-bcc49c967f35b7af17804d1e16dc2e60.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-bcc49c967f35b7af17804d1e16dc2e60.yaml new file mode 100644 index 0000000000..9c1f0363c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-bcc49c967f35b7af17804d1e16dc2e60.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-bcc49c967f35b7af17804d1e16dc2e60 + +info: + name: > + Ultimate Member <= 2.0.39 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cec3799-cf44-412b-8590-b8fc60c58535?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-bcd9ca517989975e14b7cf4813bc0e1b.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-bcd9ca517989975e14b7cf4813bc0e1b.yaml new file mode 100644 index 0000000000..6eb684ed34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-bcd9ca517989975e14b7cf4813bc0e1b.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-bcd9ca517989975e14b7cf4813bc0e1b + +info: + name: > + Ultimate Member <= 2.1.12 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd46a2c3-f24d-4dff-b899-a95acb6310f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-c040e1b7f1d715ec00a05b885aa3bea9.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-c040e1b7f1d715ec00a05b885aa3bea9.yaml new file mode 100644 index 0000000000..6f8fa262ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-c040e1b7f1d715ec00a05b885aa3bea9.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-c040e1b7f1d715ec00a05b885aa3bea9 + +info: + name: > + Ultimate Member <= 2.0.27 - Multiple Cross-Site Scripting vulnerabilities + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/baab325d-58c2-446b-af70-6951eeef3bb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-c30bc91af795fd14b3e08b79d07d649a.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-c30bc91af795fd14b3e08b79d07d649a.yaml new file mode 100644 index 0000000000..42e2909eac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-c30bc91af795fd14b3e08b79d07d649a.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-c30bc91af795fd14b3e08b79d07d649a + +info: + name: > + Ultimate Member <= 2.0.39 - Unauthorized Profile Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00b4b903-4682-458b-9681-751179460b75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-c814b16777b5d2f124bf7a293b35df9d.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-c814b16777b5d2f124bf7a293b35df9d.yaml new file mode 100644 index 0000000000..7684f67f8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-c814b16777b5d2f124bf7a293b35df9d.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-c814b16777b5d2f124bf7a293b35df9d + +info: + name: > + Ultimate Member <= 2.0.51 - Cross-Site Request Forgery and Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf238e9d-be91-4c9a-8506-ee01927f5173?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-ca3f8b736fe25e4b904e1b16b1beb376.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-ca3f8b736fe25e4b904e1b16b1beb376.yaml new file mode 100644 index 0000000000..2cc0aa0257 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-ca3f8b736fe25e4b904e1b16b1beb376.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-ca3f8b736fe25e4b904e1b16b1beb376 + +info: + name: > + Ultimate Member <= 2.0.39 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e556d8c9-3ca5-4bec-a840-7a6d67532e59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-caa94527ec89b606495dedb1b363e9ed.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-caa94527ec89b606495dedb1b363e9ed.yaml new file mode 100644 index 0000000000..e777a32ba5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-caa94527ec89b606495dedb1b363e9ed.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-caa94527ec89b606495dedb1b363e9ed + +info: + name: > + Ultimate Member < 2.0.4 - Authenticated Unrestricted File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2af96c-09c5-4ddf-a910-04291aeeef49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-d14d68253fb2c57056fb03621a5ee651.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-d14d68253fb2c57056fb03621a5ee651.yaml new file mode 100644 index 0000000000..271b1588c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-d14d68253fb2c57056fb03621a5ee651.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-d14d68253fb2c57056fb03621a5ee651 + +info: + name: > + Ultimate Member <= 1.3.28 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97fd7952-a7f0-4797-82cd-840c0a3e5fbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-d6ddc334180239abe617a7bb4b11e74b.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-d6ddc334180239abe617a7bb4b11e74b.yaml new file mode 100644 index 0000000000..1414c4ca27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-d6ddc334180239abe617a7bb4b11e74b.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-d6ddc334180239abe617a7bb4b11e74b + +info: + name: > + Ultimate Member <= 2.3.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93cf6dce-892e-4106-bb37-b7952e5ea5a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-dac7bdda4e28b985a7da6425e9bc4314.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-dac7bdda4e28b985a7da6425e9bc4314.yaml new file mode 100644 index 0000000000..53a079d2e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-dac7bdda4e28b985a7da6425e9bc4314.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-dac7bdda4e28b985a7da6425e9bc4314 + +info: + name: > + Ultimate Member <= 2.0.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43b5a321-c82e-4d0b-9def-b74c3cf439d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-e00b98ac8c54622a944850cb2d386b43.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-e00b98ac8c54622a944850cb2d386b43.yaml new file mode 100644 index 0000000000..c57d9447b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-e00b98ac8c54622a944850cb2d386b43.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-e00b98ac8c54622a944850cb2d386b43 + +info: + name: > + Ultimate Member <= 2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7162b78-65b7-4f80-83f0-47d9afc2ed65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-f6c1c83fdf17318a9a2aff5f238d4136.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-f6c1c83fdf17318a9a2aff5f238d4136.yaml new file mode 100644 index 0000000000..3f69aefbc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-f6c1c83fdf17318a9a2aff5f238d4136.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-f6c1c83fdf17318a9a2aff5f238d4136 + +info: + name: > + Ultimate Member <= 2.0.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f24cfefe-f671-456d-a378-44a41fc81c0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-member-fd2089a519aca4aa15a99f294c4457f0.yaml b/nuclei-templates/cve-less/plugins/ultimate-member-fd2089a519aca4aa15a99f294c4457f0.yaml new file mode 100644 index 0000000000..3a20bba183 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-member-fd2089a519aca4aa15a99f294c4457f0.yaml @@ -0,0 +1,58 @@ +id: ultimate-member-fd2089a519aca4aa15a99f294c4457f0 + +info: + name: > + Ultimate Member <= 2.6.6 - Privilege Escalation via Arbitrary User Meta Updates + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b0e763e-f03e-41fb-8c6c-4de5d3acae00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-member/" + google-query: inurl:"/wp-content/plugins/ultimate-member/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-member,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-member/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-member" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-noindex-nofollow-tool-349558c766b935473393c8c3c8e1f5f7.yaml b/nuclei-templates/cve-less/plugins/ultimate-noindex-nofollow-tool-349558c766b935473393c8c3c8e1f5f7.yaml new file mode 100644 index 0000000000..97421bcb1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-noindex-nofollow-tool-349558c766b935473393c8c3c8e1f5f7.yaml @@ -0,0 +1,58 @@ +id: ultimate-noindex-nofollow-tool-349558c766b935473393c8c3c8e1f5f7 + +info: + name: > + Ultimate Noindex Nofollow Tool <= 1.1.2 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d7ca3ff-eae4-425f-8340-9d9b4952ce4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-noindex-nofollow-tool/" + google-query: inurl:"/wp-content/plugins/ultimate-noindex-nofollow-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-noindex-nofollow-tool,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-noindex-nofollow-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-noindex-nofollow-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-noindex-nofollow-tool-ii-4a5a32357411170270407ccbec6bd523.yaml b/nuclei-templates/cve-less/plugins/ultimate-noindex-nofollow-tool-ii-4a5a32357411170270407ccbec6bd523.yaml new file mode 100644 index 0000000000..2e3aeb1be3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-noindex-nofollow-tool-ii-4a5a32357411170270407ccbec6bd523.yaml @@ -0,0 +1,58 @@ +id: ultimate-noindex-nofollow-tool-ii-4a5a32357411170270407ccbec6bd523 + +info: + name: > + Ultimate Noindex Nofollow Tool II <= 1.3.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7761fe7c-e7f5-4bab-8820-42e6fcabcb2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-noindex-nofollow-tool-ii/" + google-query: inurl:"/wp-content/plugins/ultimate-noindex-nofollow-tool-ii/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-noindex-nofollow-tool-ii,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-noindex-nofollow-tool-ii/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-noindex-nofollow-tool-ii" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-post-6bd54388aa30b6dc806cb18d7d914f6a.yaml b/nuclei-templates/cve-less/plugins/ultimate-post-6bd54388aa30b6dc806cb18d7d914f6a.yaml new file mode 100644 index 0000000000..baf1bb1df6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-post-6bd54388aa30b6dc806cb18d7d914f6a.yaml @@ -0,0 +1,58 @@ +id: ultimate-post-6bd54388aa30b6dc806cb18d7d914f6a + +info: + name: > + PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Unauthorized Access Controls + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b323d910-23f6-41e2-9d64-d60398994996?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-post/" + google-query: inurl:"/wp-content/plugins/ultimate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-post-769f278ef7d8854e596567a95f8b276a.yaml b/nuclei-templates/cve-less/plugins/ultimate-post-769f278ef7d8854e596567a95f8b276a.yaml new file mode 100644 index 0000000000..db3e37a639 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-post-769f278ef7d8854e596567a95f8b276a.yaml @@ -0,0 +1,58 @@ +id: ultimate-post-769f278ef7d8854e596567a95f8b276a + +info: + name: > + Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/482bf861-e556-40af-b522-c22ef6c9938b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-post/" + google-query: inurl:"/wp-content/plugins/ultimate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-post-93a0069582fa34f4857779b646fe9dc3.yaml b/nuclei-templates/cve-less/plugins/ultimate-post-93a0069582fa34f4857779b646fe9dc3.yaml new file mode 100644 index 0000000000..e4dfffb955 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-post-93a0069582fa34f4857779b646fe9dc3.yaml @@ -0,0 +1,58 @@ +id: ultimate-post-93a0069582fa34f4857779b646fe9dc3 + +info: + name: > + PostX Gutenberg Blocks Saved Templates Addon <= 2.4.9 - Private Content Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/830a8e85-6134-4f85-996f-b0cb7ccb9d5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-post/" + google-query: inurl:"/wp-content/plugins/ultimate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-post-cd3ebd9e5b8349096037121f145eb200.yaml b/nuclei-templates/cve-less/plugins/ultimate-post-cd3ebd9e5b8349096037121f145eb200.yaml new file mode 100644 index 0000000000..665f826c6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-post-cd3ebd9e5b8349096037121f145eb200.yaml @@ -0,0 +1,58 @@ +id: ultimate-post-cd3ebd9e5b8349096037121f145eb200 + +info: + name: > + Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cce4d44a-4613-4230-ace1-2d26c7c487b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-post/" + google-query: inurl:"/wp-content/plugins/ultimate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-post-d5a9675642b3846bb1039f5b8393297a.yaml b/nuclei-templates/cve-less/plugins/ultimate-post-d5a9675642b3846bb1039f5b8393297a.yaml new file mode 100644 index 0000000000..cf343e26d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-post-d5a9675642b3846bb1039f5b8393297a.yaml @@ -0,0 +1,58 @@ +id: ultimate-post-d5a9675642b3846bb1039f5b8393297a + +info: + name: > + PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52b1d515-4965-4ab9-80dd-526b4ebeb3a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-post/" + google-query: inurl:"/wp-content/plugins/ultimate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-post-d8c9bea1d4420a5baa6bb9e5a5a7051e.yaml b/nuclei-templates/cve-less/plugins/ultimate-post-d8c9bea1d4420a5baa6bb9e5a5a7051e.yaml new file mode 100644 index 0000000000..af570247d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-post-d8c9bea1d4420a5baa6bb9e5a5a7051e.yaml @@ -0,0 +1,58 @@ +id: ultimate-post-d8c9bea1d4420a5baa6bb9e5a5a7051e + +info: + name: > + PostX - Gutenberg Post Grid Blocks <= 3.0.5 - Reflected Cross-Site Scripting via 'postx_type' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ab2e2ae-6f46-4815-a2d2-407767bfaba8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-post/" + google-query: inurl:"/wp-content/plugins/ultimate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-post-d9d7cdc24ee2887d8625dc92279b0527.yaml b/nuclei-templates/cve-less/plugins/ultimate-post-d9d7cdc24ee2887d8625dc92279b0527.yaml new file mode 100644 index 0000000000..7ba7a656b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-post-d9d7cdc24ee2887d8625dc92279b0527.yaml @@ -0,0 +1,58 @@ +id: ultimate-post-d9d7cdc24ee2887d8625dc92279b0527 + +info: + name: > + PostX - Gutenberg Blocks for Post Grid <= 2.4.9 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b6ac72f-11f4-46bd-a972-fbcb46b34ce6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-post/" + google-query: inurl:"/wp-content/plugins/ultimate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-post,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-post-e855f3857fc0bf41fee74940fd262c9f.yaml b/nuclei-templates/cve-less/plugins/ultimate-post-e855f3857fc0bf41fee74940fd262c9f.yaml new file mode 100644 index 0000000000..c2cc388276 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-post-e855f3857fc0bf41fee74940fd262c9f.yaml @@ -0,0 +1,58 @@ +id: ultimate-post-e855f3857fc0bf41fee74940fd262c9f + +info: + name: > + PostX – Gutenberg Blocks for Post Grid <= 3.2.3 - Incorrect Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2fd1bd8-dcc2-4c9a-be3f-b0a58992a239?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-post/" + google-query: inurl:"/wp-content/plugins/ultimate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-post-f1550f59a752c11a5990aadbb66d56bb.yaml b/nuclei-templates/cve-less/plugins/ultimate-post-f1550f59a752c11a5990aadbb66d56bb.yaml new file mode 100644 index 0000000000..8c628d8df7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-post-f1550f59a752c11a5990aadbb66d56bb.yaml @@ -0,0 +1,58 @@ +id: ultimate-post-f1550f59a752c11a5990aadbb66d56bb + +info: + name: > + PostX – Gutenberg Blocks for Post Grid <= 2.9.9 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0c9f4c5-a4f6-4cab-8531-5b88b3f347ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-post/" + google-query: inurl:"/wp-content/plugins/ultimate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-posts-widget-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/cve-less/plugins/ultimate-posts-widget-25a10466c42d47292b8a71c862e9a26a.yaml new file mode 100644 index 0000000000..00c247e88a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-posts-widget-25a10466c42d47292b8a71c862e9a26a.yaml @@ -0,0 +1,58 @@ +id: ultimate-posts-widget-25a10466c42d47292b8a71c862e9a26a + +info: + name: > + Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-posts-widget/" + google-query: inurl:"/wp-content/plugins/ultimate-posts-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-posts-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-posts-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-posts-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-posts-widget-36882e902da34c7275792dd2c6fee99b.yaml b/nuclei-templates/cve-less/plugins/ultimate-posts-widget-36882e902da34c7275792dd2c6fee99b.yaml new file mode 100644 index 0000000000..60659eba04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-posts-widget-36882e902da34c7275792dd2c6fee99b.yaml @@ -0,0 +1,58 @@ +id: ultimate-posts-widget-36882e902da34c7275792dd2c6fee99b + +info: + name: > + Ultimate Posts Widget <= 2.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d21209a7-efed-4526-8dd6-199e0fdf8657?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-posts-widget/" + google-query: inurl:"/wp-content/plugins/ultimate-posts-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-posts-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-posts-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-posts-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-posts-widget-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/cve-less/plugins/ultimate-posts-widget-6ac56b73dfbde68009426ab1366ff6c2.yaml new file mode 100644 index 0000000000..89de2f08f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-posts-widget-6ac56b73dfbde68009426ab1366ff6c2.yaml @@ -0,0 +1,58 @@ +id: ultimate-posts-widget-6ac56b73dfbde68009426ab1366ff6c2 + +info: + name: > + Inisev Analyst Module <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-posts-widget/" + google-query: inurl:"/wp-content/plugins/ultimate-posts-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-posts-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-posts-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-posts-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-posts-widget-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/cve-less/plugins/ultimate-posts-widget-c451f687ef3559dbeeebe92c1e87ed44.yaml new file mode 100644 index 0000000000..9954e6a548 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-posts-widget-c451f687ef3559dbeeebe92c1e87ed44.yaml @@ -0,0 +1,58 @@ +id: ultimate-posts-widget-c451f687ef3559dbeeebe92c1e87ed44 + +info: + name: > + Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-posts-widget/" + google-query: inurl:"/wp-content/plugins/ultimate-posts-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-posts-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-posts-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-posts-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-premium-plugin-0a55a8c44319eebd91a4589219732011.yaml b/nuclei-templates/cve-less/plugins/ultimate-premium-plugin-0a55a8c44319eebd91a4589219732011.yaml new file mode 100644 index 0000000000..0afba3381e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-premium-plugin-0a55a8c44319eebd91a4589219732011.yaml @@ -0,0 +1,58 @@ +id: ultimate-premium-plugin-0a55a8c44319eebd91a4589219732011 + +info: + name: > + USM Premium <= 16.2 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/631fc709-98e8-4655-96fc-c37717705a80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/Ultimate-Premium-Plugin/" + google-query: inurl:"/wp-content/plugins/Ultimate-Premium-Plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,Ultimate-Premium-Plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/Ultimate-Premium-Plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Ultimate-Premium-Plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 16.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-299e26f66452f89b69cd95a12049938a.yaml b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-299e26f66452f89b69cd95a12049938a.yaml new file mode 100644 index 0000000000..a4c6393d2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-299e26f66452f89b69cd95a12049938a.yaml @@ -0,0 +1,58 @@ +id: ultimate-product-catalogue-299e26f66452f89b69cd95a12049938a + +info: + name: > + Ultimate Product Catalog <= 4.2.11 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d216f8ea-2253-475d-9d23-9a83bfa2c21f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-product-catalogue/" + google-query: inurl:"/wp-content/plugins/ultimate-product-catalogue/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-product-catalogue/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-product-catalogue" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-3e1e0e265d4d4fc05de3487796f682db.yaml b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-3e1e0e265d4d4fc05de3487796f682db.yaml new file mode 100644 index 0000000000..ff38097372 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-3e1e0e265d4d4fc05de3487796f682db.yaml @@ -0,0 +1,58 @@ +id: ultimate-product-catalogue-3e1e0e265d4d4fc05de3487796f682db + +info: + name: > + Ultimate Product Catalog <= 4.2.22 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/283b10e6-61ae-4e1d-be7b-a63aece6ffda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-product-catalogue/" + google-query: inurl:"/wp-content/plugins/ultimate-product-catalogue/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-product-catalogue/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-product-catalogue" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-50a03dd43db2d419331c54a14051f151.yaml b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-50a03dd43db2d419331c54a14051f151.yaml new file mode 100644 index 0000000000..1aa116bd54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-50a03dd43db2d419331c54a14051f151.yaml @@ -0,0 +1,58 @@ +id: ultimate-product-catalogue-50a03dd43db2d419331c54a14051f151 + +info: + name: > + Ultimate Product Catalog – WordPress Catalog Plugin <= 5.0.25 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffe1eca0-eba0-4b4c-afe5-9bff4aa2f3f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-product-catalogue/" + google-query: inurl:"/wp-content/plugins/ultimate-product-catalogue/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-product-catalogue/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-product-catalogue" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-cde26cb38667ced94a7ae59e21d1dd95.yaml b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-cde26cb38667ced94a7ae59e21d1dd95.yaml new file mode 100644 index 0000000000..d8ccc24ab4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-cde26cb38667ced94a7ae59e21d1dd95.yaml @@ -0,0 +1,58 @@ +id: ultimate-product-catalogue-cde26cb38667ced94a7ae59e21d1dd95 + +info: + name: > + Ultimate Product Catalogue <= 5.2.15 - Cross-Site Request Forgery via reset_settings() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68721ded-0a80-4cff-aaf0-59b2fcf67456?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-product-catalogue/" + google-query: inurl:"/wp-content/plugins/ultimate-product-catalogue/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-product-catalogue/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-product-catalogue" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-cdfdacefadee3ac15d930a67722d11e2.yaml b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-cdfdacefadee3ac15d930a67722d11e2.yaml new file mode 100644 index 0000000000..8636e664ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-product-catalogue-cdfdacefadee3ac15d930a67722d11e2.yaml @@ -0,0 +1,58 @@ +id: ultimate-product-catalogue-cdfdacefadee3ac15d930a67722d11e2 + +info: + name: > + Ultimate Product Catalog <= 5.2.5 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/288559f0-eab6-4933-a026-8413476af6eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-product-catalogue/" + google-query: inurl:"/wp-content/plugins/ultimate-product-catalogue/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-product-catalogue,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-product-catalogue/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-product-catalogue" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-responsive-image-slider-5ed7439fdc6a179319e68a6091db0e8d.yaml b/nuclei-templates/cve-less/plugins/ultimate-responsive-image-slider-5ed7439fdc6a179319e68a6091db0e8d.yaml new file mode 100644 index 0000000000..17de0c0b40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-responsive-image-slider-5ed7439fdc6a179319e68a6091db0e8d.yaml @@ -0,0 +1,58 @@ +id: ultimate-responsive-image-slider-5ed7439fdc6a179319e68a6091db0e8d + +info: + name: > + Ultimate Responsive Image Slider <= 3.5.11 - Missing Authorization via AJAX action + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c92beb0-1fcf-4352-bd34-00e31b265c04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-responsive-image-slider/" + google-query: inurl:"/wp-content/plugins/ultimate-responsive-image-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-responsive-image-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-responsive-image-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-responsive-image-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-reviews-708bf4cdcd042a35006425f5ea7145d1.yaml b/nuclei-templates/cve-less/plugins/ultimate-reviews-708bf4cdcd042a35006425f5ea7145d1.yaml new file mode 100644 index 0000000000..721ff0a5bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-reviews-708bf4cdcd042a35006425f5ea7145d1.yaml @@ -0,0 +1,58 @@ +id: ultimate-reviews-708bf4cdcd042a35006425f5ea7145d1 + +info: + name: > + Ultimate Reviews < 2.1.33 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db30acd7-ce51-45d9-8ff0-6ceea8237a8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-reviews/" + google-query: inurl:"/wp-content/plugins/ultimate-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-reviews-9cac9db84fd0e9e4554d820862a40ccc.yaml b/nuclei-templates/cve-less/plugins/ultimate-reviews-9cac9db84fd0e9e4554d820862a40ccc.yaml new file mode 100644 index 0000000000..b0703cc2fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-reviews-9cac9db84fd0e9e4554d820862a40ccc.yaml @@ -0,0 +1,58 @@ +id: ultimate-reviews-9cac9db84fd0e9e4554d820862a40ccc + +info: + name: > + Ultimate Reviews <= 3.0.15 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e889182-f02f-4b6b-bb98-357fadae3dc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-reviews/" + google-query: inurl:"/wp-content/plugins/ultimate-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-reviews-c2f057b1286b0479a330a6cf26c60c67.yaml b/nuclei-templates/cve-less/plugins/ultimate-reviews-c2f057b1286b0479a330a6cf26c60c67.yaml new file mode 100644 index 0000000000..141c9490f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-reviews-c2f057b1286b0479a330a6cf26c60c67.yaml @@ -0,0 +1,58 @@ +id: ultimate-reviews-c2f057b1286b0479a330a6cf26c60c67 + +info: + name: > + Ultimate Reviews <= 3.2.8 - Unauthenticated stored Cross-Site Scripting via reviews + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69e15a1b-4984-4889-8c57-a731a0334963?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-reviews/" + google-query: inurl:"/wp-content/plugins/ultimate-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-sms-notifications-7e5407bb7184b7940282a0b93fde7bc8.yaml b/nuclei-templates/cve-less/plugins/ultimate-sms-notifications-7e5407bb7184b7940282a0b93fde7bc8.yaml new file mode 100644 index 0000000000..9aa15d5971 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-sms-notifications-7e5407bb7184b7940282a0b93fde7bc8.yaml @@ -0,0 +1,58 @@ +id: ultimate-sms-notifications-7e5407bb7184b7940282a0b93fde7bc8 + +info: + name: > + Ultimate SMS Notifications for WooCommerce <= 1.4.1 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b3df470-d0b7-49e8-bcb2-ac999e0b71d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-sms-notifications/" + google-query: inurl:"/wp-content/plugins/ultimate-sms-notifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-sms-notifications,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-sms-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-sms-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-0e6b771f58abc47bc1cd00cdb88a6b13.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-0e6b771f58abc47bc1cd00cdb88a6b13.yaml new file mode 100644 index 0000000000..8c6f33ad2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-0e6b771f58abc47bc1cd00cdb88a6b13.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-icons-0e6b771f58abc47bc1cd00cdb88a6b13 + +info: + name: > + Social Media & Share Icons <= 2.8.1 - Missing Authorization via handle_installation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bfb5d34-738d-4842-be93-9668fceb3334?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-icons/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-18e30a879d28e13fe4c17653ed1fbf81.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-18e30a879d28e13fe4c17653ed1fbf81.yaml new file mode 100644 index 0000000000..ffdfe68cb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-18e30a879d28e13fe4c17653ed1fbf81.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-icons-18e30a879d28e13fe4c17653ed1fbf81 + +info: + name: > + Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e43c5b-a094-44ab-a8a3-52d437f0e00d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-icons/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-25a10466c42d47292b8a71c862e9a26a.yaml new file mode 100644 index 0000000000..4e42bb0647 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-25a10466c42d47292b8a71c862e9a26a.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-icons-25a10466c42d47292b8a71c862e9a26a + +info: + name: > + Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-icons/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-3744994d57ee508f70c6a9f678c510bd.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-3744994d57ee508f70c6a9f678c510bd.yaml new file mode 100644 index 0000000000..ad6af4f043 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-3744994d57ee508f70c6a9f678c510bd.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-icons-3744994d57ee508f70c6a9f678c510bd + +info: + name: > + Social Media & Share Icons <= 2.8.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a8998db-ffc2-40b2-a191-09380984adac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-icons/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-50ee1df3b648d8ffe7c8bf72d2de42cd.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-50ee1df3b648d8ffe7c8bf72d2de42cd.yaml new file mode 100644 index 0000000000..b0bcdb9526 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-50ee1df3b648d8ffe7c8bf72d2de42cd.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-icons-50ee1df3b648d8ffe7c8bf72d2de42cd + +info: + name: > + Social Media Share Buttons & Social Sharing Icons <= 2.8.1 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cf2013a-d403-456f-aeb4-46b6e00b057f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-icons/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-87dbe2addf6a62fa336594e2b679e9d7.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-87dbe2addf6a62fa336594e2b679e9d7.yaml new file mode 100644 index 0000000000..4b3145a9c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-87dbe2addf6a62fa336594e2b679e9d7.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-icons-87dbe2addf6a62fa336594e2b679e9d7 + +info: + name: > + Social Media Share Buttons <= 2.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e01fd891-631e-47df-9f29-f3d4d5afa02f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-icons/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-b3e3aaaac8096f0ab040a4994ceb701a.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-b3e3aaaac8096f0ab040a4994ceb701a.yaml new file mode 100644 index 0000000000..3941fcafd0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-b3e3aaaac8096f0ab040a4994ceb701a.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-icons-b3e3aaaac8096f0ab040a4994ceb701a + +info: + name: > + Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d44a45fb-3bff-4a1f-8319-a58a47a9d76b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-icons/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-c451f687ef3559dbeeebe92c1e87ed44.yaml new file mode 100644 index 0000000000..c8633c370f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-icons-c451f687ef3559dbeeebe92c1e87ed44.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-icons-c451f687ef3559dbeeebe92c1e87ed44 + +info: + name: > + Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-icons/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-icons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-icons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-icons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-icons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-25a10466c42d47292b8a71c862e9a26a.yaml new file mode 100644 index 0000000000..29612e23a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-25a10466c42d47292b8a71c862e9a26a.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-plus-25a10466c42d47292b8a71c862e9a26a + +info: + name: > + Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-plus/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-plus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-6ac56b73dfbde68009426ab1366ff6c2.yaml new file mode 100644 index 0000000000..875d0acccd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-6ac56b73dfbde68009426ab1366ff6c2.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-plus-6ac56b73dfbde68009426ab1366ff6c2 + +info: + name: > + Inisev Analyst Module <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-plus/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-plus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-c451f687ef3559dbeeebe92c1e87ed44.yaml new file mode 100644 index 0000000000..f005d170ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-c451f687ef3559dbeeebe92c1e87ed44.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-plus-c451f687ef3559dbeeebe92c1e87ed44 + +info: + name: > + Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-plus/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-ea8ebad551118883e1feafe80a786b1f.yaml b/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-ea8ebad551118883e1feafe80a786b1f.yaml new file mode 100644 index 0000000000..8324bb9524 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-social-media-plus-ea8ebad551118883e1feafe80a786b1f.yaml @@ -0,0 +1,58 @@ +id: ultimate-social-media-plus-ea8ebad551118883e1feafe80a786b1f + +info: + name: > + Social Share Icons & Social Share Buttons <= 3.6.2 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cce13008-a0f8-458f-ade5-450d0dcc966a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-social-media-plus/" + google-query: inurl:"/wp-content/plugins/ultimate-social-media-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-social-media-plus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-social-media-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-social-media-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-store-kit-dd1f48796d4f00ba40c7555318c798d9.yaml b/nuclei-templates/cve-less/plugins/ultimate-store-kit-dd1f48796d4f00ba40c7555318c798d9.yaml new file mode 100644 index 0000000000..513f325921 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-store-kit-dd1f48796d4f00ba40c7555318c798d9.yaml @@ -0,0 +1,58 @@ +id: ultimate-store-kit-dd1f48796d4f00ba40c7555318c798d9 + +info: + name: > + Ultimate Store Kit Elementor Addons <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea630be6-16f8-4d93-ae27-8a29f82c5db9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-store-kit/" + google-query: inurl:"/wp-content/plugins/ultimate-store-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-store-kit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-store-kit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-store-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-tables-f75d5e3e7f3e99d9ce25d5222799613b.yaml b/nuclei-templates/cve-less/plugins/ultimate-tables-f75d5e3e7f3e99d9ce25d5222799613b.yaml new file mode 100644 index 0000000000..3cd8c4cb96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-tables-f75d5e3e7f3e99d9ce25d5222799613b.yaml @@ -0,0 +1,58 @@ +id: ultimate-tables-f75d5e3e7f3e99d9ce25d5222799613b + +info: + name: > + ULTIMATE TABLES <= 1.6.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eeb6df1-9857-47a2-ad7d-f1eb082e9448?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-tables/" + google-query: inurl:"/wp-content/plugins/ultimate-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-taxonomy-manager-4ebf29f3b4a848c6cc95b046c1f56126.yaml b/nuclei-templates/cve-less/plugins/ultimate-taxonomy-manager-4ebf29f3b4a848c6cc95b046c1f56126.yaml new file mode 100644 index 0000000000..1145f6a3ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-taxonomy-manager-4ebf29f3b4a848c6cc95b046c1f56126.yaml @@ -0,0 +1,58 @@ +id: ultimate-taxonomy-manager-4ebf29f3b4a848c6cc95b046c1f56126 + +info: + name: > + XYDAC Ultimate Taxonomy Manager <= 2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4baf39fd-4191-47eb-9b37-cdf290d6345b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-taxonomy-manager/" + google-query: inurl:"/wp-content/plugins/ultimate-taxonomy-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-taxonomy-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-taxonomy-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-taxonomy-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-taxonomy-manager-b8296fd7e9d3d8c36b36cd4afd336fd3.yaml b/nuclei-templates/cve-less/plugins/ultimate-taxonomy-manager-b8296fd7e9d3d8c36b36cd4afd336fd3.yaml new file mode 100644 index 0000000000..09f9c0f406 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-taxonomy-manager-b8296fd7e9d3d8c36b36cd4afd336fd3.yaml @@ -0,0 +1,58 @@ +id: ultimate-taxonomy-manager-b8296fd7e9d3d8c36b36cd4afd336fd3 + +info: + name: > + Ultimate Taxonomy Manager <= 2.0 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06f56834-e1e9-4a02-988a-df4c563182c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-taxonomy-manager/" + google-query: inurl:"/wp-content/plugins/ultimate-taxonomy-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-taxonomy-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-taxonomy-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-taxonomy-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-tinymce-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/ultimate-tinymce-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..3e321748b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-tinymce-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: ultimate-tinymce-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-tinymce/" + google-query: inurl:"/wp-content/plugins/ultimate-tinymce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-tinymce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-tinymce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-tinymce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-under-construction-4d6b9908316d738d104a51fdd9ba9967.yaml b/nuclei-templates/cve-less/plugins/ultimate-under-construction-4d6b9908316d738d104a51fdd9ba9967.yaml new file mode 100644 index 0000000000..64029348ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-under-construction-4d6b9908316d738d104a51fdd9ba9967.yaml @@ -0,0 +1,58 @@ +id: ultimate-under-construction-4d6b9908316d738d104a51fdd9ba9967 + +info: + name: > + Ultimate Under Construction <= 1.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdbd089d-1b7d-42e9-8f47-fec19a4dd7c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-under-construction/" + google-query: inurl:"/wp-content/plugins/ultimate-under-construction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-under-construction,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-under-construction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-under-construction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-weather-plugin-6dfcf8980861ee5739e5b83eb5156f9e.yaml b/nuclei-templates/cve-less/plugins/ultimate-weather-plugin-6dfcf8980861ee5739e5b83eb5156f9e.yaml new file mode 100644 index 0000000000..15c197533a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-weather-plugin-6dfcf8980861ee5739e5b83eb5156f9e.yaml @@ -0,0 +1,58 @@ +id: ultimate-weather-plugin-6dfcf8980861ee5739e5b83eb5156f9e + +info: + name: > + Local Weather <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2da9c3d0-7efb-4c34-bf31-2f17a52c21f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-weather-plugin/" + google-query: inurl:"/wp-content/plugins/ultimate-weather-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-weather-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-weather-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-weather-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate-wp-query-search-filter-f48aa8ce150f50f9f99d4d22650a952e.yaml b/nuclei-templates/cve-less/plugins/ultimate-wp-query-search-filter-f48aa8ce150f50f9f99d4d22650a952e.yaml new file mode 100644 index 0000000000..f646a9e30f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate-wp-query-search-filter-f48aa8ce150f50f9f99d4d22650a952e.yaml @@ -0,0 +1,58 @@ +id: ultimate-wp-query-search-filter-f48aa8ce150f50f9f99d4d22650a952e + +info: + name: > + Ultimate WP Query Search Filter <= 1.0.10 - Authenticated (Contributor+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ef0c46-5765-458e-80c0-ecfc6ead6df6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultimate-wp-query-search-filter/" + google-query: inurl:"/wp-content/plugins/ultimate-wp-query-search-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultimate-wp-query-search-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultimate-wp-query-search-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultimate-wp-query-search-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate_vc_addons-1dd6b9575ac3d36dc5c340f7191b2a11.yaml b/nuclei-templates/cve-less/plugins/ultimate_vc_addons-1dd6b9575ac3d36dc5c340f7191b2a11.yaml new file mode 100644 index 0000000000..1d6e2c8ba5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate_vc_addons-1dd6b9575ac3d36dc5c340f7191b2a11.yaml @@ -0,0 +1,58 @@ +id: ultimate_vc_addons-1dd6b9575ac3d36dc5c340f7191b2a11 + +info: + name: > + Ultimate Addons for WPBakery <= 3.19.17 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ece4eca1-9dc1-4f17-92e4-8b2e3e1a7306?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/Ultimate_VC_Addons/" + google-query: inurl:"/wp-content/plugins/Ultimate_VC_Addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,Ultimate_VC_Addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/Ultimate_VC_Addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Ultimate_VC_Addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.19.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate_vc_addons-42a6391e7ed0fe5a4ef825a270130c8a.yaml b/nuclei-templates/cve-less/plugins/ultimate_vc_addons-42a6391e7ed0fe5a4ef825a270130c8a.yaml new file mode 100644 index 0000000000..90b5bb633e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate_vc_addons-42a6391e7ed0fe5a4ef825a270130c8a.yaml @@ -0,0 +1,58 @@ +id: ultimate_vc_addons-42a6391e7ed0fe5a4ef825a270130c8a + +info: + name: > + Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90a8230f-7008-48af-a1a9-fbaf38dcb21c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/Ultimate_VC_Addons/" + google-query: inurl:"/wp-content/plugins/Ultimate_VC_Addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,Ultimate_VC_Addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/Ultimate_VC_Addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Ultimate_VC_Addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.19.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultimate_vc_addons-c12fe9671d21c1c91257ccad7444bd6a.yaml b/nuclei-templates/cve-less/plugins/ultimate_vc_addons-c12fe9671d21c1c91257ccad7444bd6a.yaml new file mode 100644 index 0000000000..641edfe5cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultimate_vc_addons-c12fe9671d21c1c91257ccad7444bd6a.yaml @@ -0,0 +1,58 @@ +id: ultimate_vc_addons-c12fe9671d21c1c91257ccad7444bd6a + +info: + name: > + Ultimate Addons for WPBakery Page Builder <= 3.19.14 - Authenticated(Contributor+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5222ce69-ac9f-4bb0-9832-8cdff1f8b078?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/Ultimate_VC_Addons/" + google-query: inurl:"/wp-content/plugins/Ultimate_VC_Addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,Ultimate_VC_Addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/Ultimate_VC_Addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Ultimate_VC_Addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.19.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ultra-companion-c2d16b936c79c5f7cc118ed34032bc44.yaml b/nuclei-templates/cve-less/plugins/ultra-companion-c2d16b936c79c5f7cc118ed34032bc44.yaml new file mode 100644 index 0000000000..173e2c7ba3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ultra-companion-c2d16b936c79c5f7cc118ed34032bc44.yaml @@ -0,0 +1,58 @@ +id: ultra-companion-c2d16b936c79c5f7cc118ed34032bc44 + +info: + name: > + Ultra Companion <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3639d0a6-6d9f-4f3e-bb25-85d4eb40b547?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ultra-companion/" + google-query: inurl:"/wp-content/plugins/ultra-companion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ultra-companion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ultra-companion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultra-companion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uncanny-automator-2ee8042813603dca155007c66d9f6e42.yaml b/nuclei-templates/cve-less/plugins/uncanny-automator-2ee8042813603dca155007c66d9f6e42.yaml new file mode 100644 index 0000000000..447e3bdb24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uncanny-automator-2ee8042813603dca155007c66d9f6e42.yaml @@ -0,0 +1,58 @@ +id: uncanny-automator-2ee8042813603dca155007c66d9f6e42 + +info: + name: > + Uncanny Automator <= 5.1.0.2 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5098e74a-9a99-48b3-9f44-b780bfdeb24e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uncanny-automator/" + google-query: inurl:"/wp-content/plugins/uncanny-automator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uncanny-automator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uncanny-automator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uncanny-automator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-66d45612d48c50a420406488ffbcd2d8.yaml b/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-66d45612d48c50a420406488ffbcd2d8.yaml new file mode 100644 index 0000000000..ca29d20aac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-66d45612d48c50a420406488ffbcd2d8.yaml @@ -0,0 +1,58 @@ +id: uncanny-learndash-toolkit-66d45612d48c50a420406488ffbcd2d8 + +info: + name: > + Uncanny Toolkit for LearnDash <= 3.6.4.3 - Missing Authorization via review-banner-visibility REST route + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdaa7450-3b51-470d-8903-52fd1d4215a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uncanny-learndash-toolkit/" + google-query: inurl:"/wp-content/plugins/uncanny-learndash-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uncanny-learndash-toolkit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uncanny-learndash-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uncanny-learndash-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-a75e8600265672ffbfe8fc90d6a06636.yaml b/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-a75e8600265672ffbfe8fc90d6a06636.yaml new file mode 100644 index 0000000000..50d58ae586 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-a75e8600265672ffbfe8fc90d6a06636.yaml @@ -0,0 +1,58 @@ +id: uncanny-learndash-toolkit-a75e8600265672ffbfe8fc90d6a06636 + +info: + name: > + Uncanny Toolkit for LearnDash <= 3.6.4.1 - Cross-Site Request Forgery to Arbitrary Plugin Install and Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ea4ca2d-6a67-43ad-817d-960cad3030b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uncanny-learndash-toolkit/" + google-query: inurl:"/wp-content/plugins/uncanny-learndash-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uncanny-learndash-toolkit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uncanny-learndash-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uncanny-learndash-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-c6423cfe94699f968f30f91786e41914.yaml b/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-c6423cfe94699f968f30f91786e41914.yaml new file mode 100644 index 0000000000..2dde8b5f31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uncanny-learndash-toolkit-c6423cfe94699f968f30f91786e41914.yaml @@ -0,0 +1,58 @@ +id: uncanny-learndash-toolkit-c6423cfe94699f968f30f91786e41914 + +info: + name: > + Uncanny Toolkit for LearnDash <= 3.6.4.3 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66e5a569-1dd5-40e9-8356-d7c82c8e30ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uncanny-learndash-toolkit/" + google-query: inurl:"/wp-content/plugins/uncanny-learndash-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uncanny-learndash-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uncanny-learndash-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uncanny-learndash-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uncode-core-0aa92524ef3f479006bf6a6cae10326a.yaml b/nuclei-templates/cve-less/plugins/uncode-core-0aa92524ef3f479006bf6a6cae10326a.yaml new file mode 100644 index 0000000000..9eb788f89e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uncode-core-0aa92524ef3f479006bf6a6cae10326a.yaml @@ -0,0 +1,58 @@ +id: uncode-core-0aa92524ef3f479006bf6a6cae10326a + +info: + name: > + Uncode Core <= 2.8.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4efe60a-d8e3-4e51-95b2-246e30e90e89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uncode-core/" + google-query: inurl:"/wp-content/plugins/uncode-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uncode-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uncode-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uncode-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uncode-core-7a2fa40c9c3153d28c4763e5656c59b8.yaml b/nuclei-templates/cve-less/plugins/uncode-core-7a2fa40c9c3153d28c4763e5656c59b8.yaml new file mode 100644 index 0000000000..2ad94fa89f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uncode-core-7a2fa40c9c3153d28c4763e5656c59b8.yaml @@ -0,0 +1,58 @@ +id: uncode-core-7a2fa40c9c3153d28c4763e5656c59b8 + +info: + name: > + Uncode Core <= 2.8.8 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb5e6767-d0a9-4ac4-816f-6fb57b1e5f9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uncode-core/" + google-query: inurl:"/wp-content/plugins/uncode-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uncode-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uncode-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uncode-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uncode-core-9ed7e89f3675608a54d511e5410f33f1.yaml b/nuclei-templates/cve-less/plugins/uncode-core-9ed7e89f3675608a54d511e5410f33f1.yaml new file mode 100644 index 0000000000..4a584ce42a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uncode-core-9ed7e89f3675608a54d511e5410f33f1.yaml @@ -0,0 +1,58 @@ +id: uncode-core-9ed7e89f3675608a54d511e5410f33f1 + +info: + name: > + Uncode Core <= 2.8.8 - Authenticated (Subscriber+) Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74ab025d-4e76-46e5-b8f8-963eeea5b802?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uncode-core/" + google-query: inurl:"/wp-content/plugins/uncode-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uncode-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uncode-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uncode-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unconfirmed-a24ad83ed56eb98da964ec89f37324d1.yaml b/nuclei-templates/cve-less/plugins/unconfirmed-a24ad83ed56eb98da964ec89f37324d1.yaml new file mode 100644 index 0000000000..812bf70eda --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unconfirmed-a24ad83ed56eb98da964ec89f37324d1.yaml @@ -0,0 +1,58 @@ +id: unconfirmed-a24ad83ed56eb98da964ec89f37324d1 + +info: + name: > + Unconfirmed < 1.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62128061-1ecc-484c-a054-4925f9ac6105?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unconfirmed/" + google-query: inurl:"/wp-content/plugins/unconfirmed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unconfirmed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unconfirmed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unconfirmed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/under-construction-page-74c4f31916c7f5bc337751afa8a7f10e.yaml b/nuclei-templates/cve-less/plugins/under-construction-page-74c4f31916c7f5bc337751afa8a7f10e.yaml new file mode 100644 index 0000000000..60bc53b3a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/under-construction-page-74c4f31916c7f5bc337751afa8a7f10e.yaml @@ -0,0 +1,58 @@ +id: under-construction-page-74c4f31916c7f5bc337751afa8a7f10e + +info: + name: > + Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/031a1203-6b0d-453b-be8a-12e7f55cb401?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/under-construction-page/" + google-query: inurl:"/wp-content/plugins/under-construction-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,under-construction-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/under-construction-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "under-construction-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/under-construction-page-88940c0e9fa7615075a5fc8e9bc16c56.yaml b/nuclei-templates/cve-less/plugins/under-construction-page-88940c0e9fa7615075a5fc8e9bc16c56.yaml new file mode 100644 index 0000000000..c134f98cdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/under-construction-page-88940c0e9fa7615075a5fc8e9bc16c56.yaml @@ -0,0 +1,58 @@ +id: under-construction-page-88940c0e9fa7615075a5fc8e9bc16c56 + +info: + name: > + Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fa84388-3597-4a54-9ae8-d6e04afe9061?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/under-construction-page/" + google-query: inurl:"/wp-content/plugins/under-construction-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,under-construction-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/under-construction-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "under-construction-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/underconstruction-0e39d853b3d4654c80796b1245bb017e.yaml b/nuclei-templates/cve-less/plugins/underconstruction-0e39d853b3d4654c80796b1245bb017e.yaml new file mode 100644 index 0000000000..4d62aceb23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/underconstruction-0e39d853b3d4654c80796b1245bb017e.yaml @@ -0,0 +1,58 @@ +id: underconstruction-0e39d853b3d4654c80796b1245bb017e + +info: + name: > + underConstruction < 1.09 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90bab2a1-7c19-45d2-909f-05014fb24740?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/underconstruction/" + google-query: inurl:"/wp-content/plugins/underconstruction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,underconstruction,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/underconstruction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "underconstruction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.09') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/underconstruction-49a29c208dcdf8c767e242ee9b07c664.yaml b/nuclei-templates/cve-less/plugins/underconstruction-49a29c208dcdf8c767e242ee9b07c664.yaml new file mode 100644 index 0000000000..3b23265518 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/underconstruction-49a29c208dcdf8c767e242ee9b07c664.yaml @@ -0,0 +1,58 @@ +id: underconstruction-49a29c208dcdf8c767e242ee9b07c664 + +info: + name: > + underConstruction <= 1.19 - Cross-Site Request Forgery to Construction Mode Disabled + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da9b1132-fb02-443d-8d56-9e89658aad89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/underconstruction/" + google-query: inurl:"/wp-content/plugins/underconstruction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,underconstruction,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/underconstruction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "underconstruction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/underconstruction-52197fd3d372d9ca3330b7fb6abe6c1e.yaml b/nuclei-templates/cve-less/plugins/underconstruction-52197fd3d372d9ca3330b7fb6abe6c1e.yaml new file mode 100644 index 0000000000..3e59069644 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/underconstruction-52197fd3d372d9ca3330b7fb6abe6c1e.yaml @@ -0,0 +1,58 @@ +id: underconstruction-52197fd3d372d9ca3330b7fb6abe6c1e + +info: + name: > + underConstruction <= 1.20 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/045717f4-0e31-41f8-b0c3-8118c768b648?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/underconstruction/" + google-query: inurl:"/wp-content/plugins/underconstruction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,underconstruction,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/underconstruction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "underconstruction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/underconstruction-8f08fc8519e9426e0c9c0ec2b77bcf6d.yaml b/nuclei-templates/cve-less/plugins/underconstruction-8f08fc8519e9426e0c9c0ec2b77bcf6d.yaml new file mode 100644 index 0000000000..a531cd07a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/underconstruction-8f08fc8519e9426e0c9c0ec2b77bcf6d.yaml @@ -0,0 +1,58 @@ +id: underconstruction-8f08fc8519e9426e0c9c0ec2b77bcf6d + +info: + name: > + underConstruction <= 1.18 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/059e5358-6a29-4cae-96b4-23897797b367?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/underconstruction/" + google-query: inurl:"/wp-content/plugins/underconstruction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,underconstruction,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/underconstruction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "underconstruction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/underconstruction-931565033fc7a18f04b3f4a474f02d5f.yaml b/nuclei-templates/cve-less/plugins/underconstruction-931565033fc7a18f04b3f4a474f02d5f.yaml new file mode 100644 index 0000000000..2520c3567f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/underconstruction-931565033fc7a18f04b3f4a474f02d5f.yaml @@ -0,0 +1,58 @@ +id: underconstruction-931565033fc7a18f04b3f4a474f02d5f + +info: + name: > + underConstruction <= 1.21 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/177f7111-b487-4e52-9106-54e0095a5dd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/underconstruction/" + google-query: inurl:"/wp-content/plugins/underconstruction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,underconstruction,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/underconstruction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "underconstruction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uniconsent-cmp-52d99f3d726c6a2b0f9591cf7e9202f7.yaml b/nuclei-templates/cve-less/plugins/uniconsent-cmp-52d99f3d726c6a2b0f9591cf7e9202f7.yaml new file mode 100644 index 0000000000..22bb1fb4d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uniconsent-cmp-52d99f3d726c6a2b0f9591cf7e9202f7.yaml @@ -0,0 +1,58 @@ +id: uniconsent-cmp-52d99f3d726c6a2b0f9591cf7e9202f7 + +info: + name: > + UniConsent Cookie Consent CMP for GDPR / CCPA <= 1.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19c9cf3e-553b-4cbd-9f2c-803e188a2581?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uniconsent-cmp/" + google-query: inurl:"/wp-content/plugins/uniconsent-cmp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uniconsent-cmp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uniconsent-cmp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uniconsent-cmp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uninstall-e0876152720c53588a74ce9328051604.yaml b/nuclei-templates/cve-less/plugins/uninstall-e0876152720c53588a74ce9328051604.yaml new file mode 100644 index 0000000000..d712e47dbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uninstall-e0876152720c53588a74ce9328051604.yaml @@ -0,0 +1,58 @@ +id: uninstall-e0876152720c53588a74ce9328051604 + +info: + name: > + WordPress Uninstall <= 1.2.1 - Cross-Site Request Forgery to Site Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f975d32-a008-46a9-bc00-420610464ecb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uninstall/" + google-query: inurl:"/wp-content/plugins/uninstall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uninstall,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uninstall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uninstall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unite-gallery-lite-103ae57e192be7c58d97324e70895c9f.yaml b/nuclei-templates/cve-less/plugins/unite-gallery-lite-103ae57e192be7c58d97324e70895c9f.yaml new file mode 100644 index 0000000000..a264004ce8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unite-gallery-lite-103ae57e192be7c58d97324e70895c9f.yaml @@ -0,0 +1,58 @@ +id: unite-gallery-lite-103ae57e192be7c58d97324e70895c9f + +info: + name: > + Unite Gallery Lite <= 1.4.6 - Cross-Site Request Forgery & Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/046fde5c-9f11-4f09-a4eb-83c289680a18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unite-gallery-lite/" + google-query: inurl:"/wp-content/plugins/unite-gallery-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unite-gallery-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unite-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unite-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unite-gallery-lite-1ccd8092085adf5a5342024d683bb79b.yaml b/nuclei-templates/cve-less/plugins/unite-gallery-lite-1ccd8092085adf5a5342024d683bb79b.yaml new file mode 100644 index 0000000000..199e339457 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unite-gallery-lite-1ccd8092085adf5a5342024d683bb79b.yaml @@ -0,0 +1,58 @@ +id: unite-gallery-lite-1ccd8092085adf5a5342024d683bb79b + +info: + name: > + Unite Gallery Lite < 1.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a30bb9-501b-44bd-8121-c137bb1c3ae5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unite-gallery-lite/" + google-query: inurl:"/wp-content/plugins/unite-gallery-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unite-gallery-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unite-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unite-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unite-gallery-lite-4b751d7bee414741f3c79461b74b4584.yaml b/nuclei-templates/cve-less/plugins/unite-gallery-lite-4b751d7bee414741f3c79461b74b4584.yaml new file mode 100644 index 0000000000..852ccba07c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unite-gallery-lite-4b751d7bee414741f3c79461b74b4584.yaml @@ -0,0 +1,58 @@ +id: unite-gallery-lite-4b751d7bee414741f3c79461b74b4584 + +info: + name: > + Unite Gallery Lite <= 1.7.61 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/577d8986-edc5-445f-80cf-7a7f2cca9749?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unite-gallery-lite/" + google-query: inurl:"/wp-content/plugins/unite-gallery-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unite-gallery-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unite-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unite-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.61') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unite-gallery-lite-d8d7674d520927a7ad2ed94f66363231.yaml b/nuclei-templates/cve-less/plugins/unite-gallery-lite-d8d7674d520927a7ad2ed94f66363231.yaml new file mode 100644 index 0000000000..3f8d66db07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unite-gallery-lite-d8d7674d520927a7ad2ed94f66363231.yaml @@ -0,0 +1,58 @@ +id: unite-gallery-lite-d8d7674d520927a7ad2ed94f66363231 + +info: + name: > + Unite Gallery Lite <= 1.7.59 - Authenticated(Administrator+) Local File Inclusion via 'view' parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c2925c1-f5c6-45b9-bc61-96f325c0372f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unite-gallery-lite/" + google-query: inurl:"/wp-content/plugins/unite-gallery-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unite-gallery-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unite-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unite-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unite-gallery-lite-e8e6f489ccaee4d00c096c7d8c466fc5.yaml b/nuclei-templates/cve-less/plugins/unite-gallery-lite-e8e6f489ccaee4d00c096c7d8c466fc5.yaml new file mode 100644 index 0000000000..6898d876e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unite-gallery-lite-e8e6f489ccaee4d00c096c7d8c466fc5.yaml @@ -0,0 +1,58 @@ +id: unite-gallery-lite-e8e6f489ccaee4d00c096c7d8c466fc5 + +info: + name: > + Unite Gallery Lite < 1.5 - Cross-Site Request Forgery and SQL Injection + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6a6fa09-f7bd-4ed0-8fdc-3f927b33af02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unite-gallery-lite/" + google-query: inurl:"/wp-content/plugins/unite-gallery-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unite-gallery-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unite-gallery-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unite-gallery-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/universal-analytics-ac061f34e871527fabbabb8afc45c209.yaml b/nuclei-templates/cve-less/plugins/universal-analytics-ac061f34e871527fabbabb8afc45c209.yaml new file mode 100644 index 0000000000..ef9a2fbf7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/universal-analytics-ac061f34e871527fabbabb8afc45c209.yaml @@ -0,0 +1,58 @@ +id: universal-analytics-ac061f34e871527fabbabb8afc45c209 + +info: + name: > + Universal Analytics <= 1.3.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19bf984d-fb2b-4a7e-828c-4f75175b4c1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/universal-analytics/" + google-query: inurl:"/wp-content/plugins/universal-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,universal-analytics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/universal-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "universal-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/universal-star-rating-09395db7be64b2d03b62fa45ed0398d7.yaml b/nuclei-templates/cve-less/plugins/universal-star-rating-09395db7be64b2d03b62fa45ed0398d7.yaml new file mode 100644 index 0000000000..2451063b19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/universal-star-rating-09395db7be64b2d03b62fa45ed0398d7.yaml @@ -0,0 +1,58 @@ +id: universal-star-rating-09395db7be64b2d03b62fa45ed0398d7 + +info: + name: > + Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/767bd8dd-993f-48d3-92f1-669d2329f1ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/universal-star-rating/" + google-query: inurl:"/wp-content/plugins/universal-star-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,universal-star-rating,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/universal-star-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "universal-star-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-addons-for-wpbakery-page-builder-7222dd54a342eb0ec1d2eb49f0d0425a.yaml b/nuclei-templates/cve-less/plugins/unlimited-addons-for-wpbakery-page-builder-7222dd54a342eb0ec1d2eb49f0d0425a.yaml new file mode 100644 index 0000000000..a1d5fa6872 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-addons-for-wpbakery-page-builder-7222dd54a342eb0ec1d2eb49f0d0425a.yaml @@ -0,0 +1,58 @@ +id: unlimited-addons-for-wpbakery-page-builder-7222dd54a342eb0ec1d2eb49f0d0425a + +info: + name: > + Unlimited Addons for WPBakery Page Builder <= 1.0.42 - Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a78b76d6-4068-4141-9726-7db439aa6a9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-addons-for-wpbakery-page-builder/" + google-query: inurl:"/wp-content/plugins/unlimited-addons-for-wpbakery-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-addons-for-wpbakery-page-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-addons-for-wpbakery-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-addons-for-wpbakery-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elementor-inner-sections-by-boomdevs-83be4877901e862ff402253df3e3d6d7.yaml b/nuclei-templates/cve-less/plugins/unlimited-elementor-inner-sections-by-boomdevs-83be4877901e862ff402253df3e3d6d7.yaml new file mode 100644 index 0000000000..c989eeb236 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elementor-inner-sections-by-boomdevs-83be4877901e862ff402253df3e3d6d7.yaml @@ -0,0 +1,58 @@ +id: unlimited-elementor-inner-sections-by-boomdevs-83be4877901e862ff402253df3e3d6d7 + +info: + name: > + Appsero <= 2.0.0 - Missing Authorization via handle_optin_optout + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376c5091-7921-4470-acbf-44db53db38fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/" + google-query: inurl:"/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elementor-inner-sections-by-boomdevs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elementor-inner-sections-by-boomdevs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elementor-inner-sections-by-boomdevs-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/unlimited-elementor-inner-sections-by-boomdevs-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..3acc7b493f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elementor-inner-sections-by-boomdevs-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: unlimited-elementor-inner-sections-by-boomdevs-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/" + google-query: inurl:"/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elementor-inner-sections-by-boomdevs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elementor-inner-sections-by-boomdevs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elementor-inner-sections-by-boomdevs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-0115c4f456db0247c3530a55e2dfe13e.yaml b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-0115c4f456db0247c3530a55e2dfe13e.yaml new file mode 100644 index 0000000000..58eabc57a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-0115c4f456db0247c3530a55e2dfe13e.yaml @@ -0,0 +1,58 @@ +id: unlimited-elements-for-elementor-0115c4f456db0247c3530a55e2dfe13e + +info: + name: > + Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Authenticated (Contributor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce1ac711-6026-49ef-b66b-2cc199697942?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.66') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-0ecdecef5b5861d9228c5e4232350428.yaml b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-0ecdecef5b5861d9228c5e4232350428.yaml new file mode 100644 index 0000000000..d2bdf90439 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-0ecdecef5b5861d9228c5e4232350428.yaml @@ -0,0 +1,58 @@ +id: unlimited-elements-for-elementor-0ecdecef5b5861d9228c5e4232350428 + +info: + name: > + Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f629fc93-84ce-4c33-b1c0-3a3194aac477?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.102') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-1f2c777b2d1a87f6daecfabe8050a1d2.yaml b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-1f2c777b2d1a87f6daecfabe8050a1d2.yaml new file mode 100644 index 0000000000..f790680f04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-1f2c777b2d1a87f6daecfabe8050a1d2.yaml @@ -0,0 +1,58 @@ +id: unlimited-elements-for-elementor-1f2c777b2d1a87f6daecfabe8050a1d2 + +info: + name: > + Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.93 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b3fc000-57e7-4be4-959f-27dac9717b9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.93') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-2304b21574018f9296b7348b5813fb8e.yaml b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-2304b21574018f9296b7348b5813fb8e.yaml new file mode 100644 index 0000000000..867cdff8cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-2304b21574018f9296b7348b5813fb8e.yaml @@ -0,0 +1,58 @@ +id: unlimited-elements-for-elementor-2304b21574018f9296b7348b5813fb8e + +info: + name: > + Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebc0c8e6-a365-4ef7-9c1a-41454855096c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.102') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-6a7387f7988e4dac2eb8210534154d2a.yaml b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-6a7387f7988e4dac2eb8210534154d2a.yaml new file mode 100644 index 0000000000..b669c89132 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-6a7387f7988e4dac2eb8210534154d2a.yaml @@ -0,0 +1,58 @@ +id: unlimited-elements-for-elementor-6a7387f7988e4dac2eb8210534154d2a + +info: + name: > + Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.60 - Arbitrary File Upload in File Manager + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a09102c-391e-4057-b883-3d2eef1671ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.60') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-8b1647a7cae04c475a434c97e40430f4.yaml b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-8b1647a7cae04c475a434c97e40430f4.yaml new file mode 100644 index 0000000000..59a5fd6c12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-8b1647a7cae04c475a434c97e40430f4.yaml @@ -0,0 +1,58 @@ +id: unlimited-elements-for-elementor-8b1647a7cae04c475a434c97e40430f4 + +info: + name: > + Unlimited Elements For Elementor <= 1.5.96 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47853750-0bf1-4df3-9c56-c6852543cfad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-a4e1a6eed6af75293ee8acc33aa5bb7f.yaml b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-a4e1a6eed6af75293ee8acc33aa5bb7f.yaml new file mode 100644 index 0000000000..c14f39dc4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-a4e1a6eed6af75293ee8acc33aa5bb7f.yaml @@ -0,0 +1,58 @@ +id: unlimited-elements-for-elementor-a4e1a6eed6af75293ee8acc33aa5bb7f + +info: + name: > + Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.102 - Authenticated (Admin+) Command Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58492dbb-b9e0-4477-b85d-ace06dba954c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.102') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-a752917f99712ba0255e64b4033cf044.yaml b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-a752917f99712ba0255e64b4033cf044.yaml new file mode 100644 index 0000000000..d5251a709a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-a752917f99712ba0255e64b4033cf044.yaml @@ -0,0 +1,58 @@ +id: unlimited-elements-for-elementor-a752917f99712ba0255e64b4033cf044 + +info: + name: > + Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.66 - Zip Extraction to Arbitrary File Upload in File Manager + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f600361c-cf7a-498c-aa3d-beeb28d27101?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.66') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-ba7ba7554cf607d5d507c2c2d4751a5b.yaml b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-ba7ba7554cf607d5d507c2c2d4751a5b.yaml new file mode 100644 index 0000000000..082486acb5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-ba7ba7554cf607d5d507c2c2d4751a5b.yaml @@ -0,0 +1,58 @@ +id: unlimited-elements-for-elementor-ba7ba7554cf607d5d507c2c2d4751a5b + +info: + name: > + Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.48 - Authenticated (Admin+) Cross Site Scripting (XSS) + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22bc7a0c-8a89-461b-8838-788dd6d5c63b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.48') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-f213f0cf0f29187e1d444e194fee045d.yaml b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-f213f0cf0f29187e1d444e194fee045d.yaml new file mode 100644 index 0000000000..e820ad86f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-elements-for-elementor-f213f0cf0f29187e1d444e194fee045d.yaml @@ -0,0 +1,58 @@ +id: unlimited-elements-for-elementor-f213f0cf0f29187e1d444e194fee045d + +info: + name: > + Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.65 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d49e28b-8b5e-4c67-a36d-c78ee33ffc6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-elements-for-elementor/" + google-query: inurl:"/wp-content/plugins/unlimited-elements-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-elements-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-elements-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-elements-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.65') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unlimited-popups-87cd3b8d44051ebe8fa42c56e4d1cbb3.yaml b/nuclei-templates/cve-less/plugins/unlimited-popups-87cd3b8d44051ebe8fa42c56e4d1cbb3.yaml new file mode 100644 index 0000000000..6ab1d110d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unlimited-popups-87cd3b8d44051ebe8fa42c56e4d1cbb3.yaml @@ -0,0 +1,58 @@ +id: unlimited-popups-87cd3b8d44051ebe8fa42c56e4d1cbb3 + +info: + name: > + Unlimited PopUps <= 4.5.3 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61a3c83f-1910-4c25-9b79-293c75d06e5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unlimited-popups/" + google-query: inurl:"/wp-content/plugins/unlimited-popups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unlimited-popups,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unlimited-popups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unlimited-popups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-0fee961f47a5a9afb9a972a5a5342a98.yaml b/nuclei-templates/cve-less/plugins/unusedcss-0fee961f47a5a9afb9a972a5a5342a98.yaml new file mode 100644 index 0000000000..167b897986 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-0fee961f47a5a9afb9a972a5a5342a98.yaml @@ -0,0 +1,58 @@ +id: unusedcss-0fee961f47a5a9afb9a972a5a5342a98 + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'uucss_update_rule' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19f126f8-1d59-44b5-8e0e-c37f1fbedf5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-26699e962c9e60112283bf64ac1ad60a.yaml b/nuclei-templates/cve-less/plugins/unusedcss-26699e962c9e60112283bf64ac1ad60a.yaml new file mode 100644 index 0000000000..2a6f5ceef4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-26699e962c9e60112283bf64ac1ad60a.yaml @@ -0,0 +1,58 @@ +id: unusedcss-26699e962c9e60112283bf64ac1ad60a + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_uucss_logs' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/488e26e2-d4d7-4036-a672-53c2d4c9d39b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-2a1f9d077aaf4e3fadb41e60e62e6854.yaml b/nuclei-templates/cve-less/plugins/unusedcss-2a1f9d077aaf4e3fadb41e60e62e6854.yaml new file mode 100644 index 0000000000..e0f8b6234e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-2a1f9d077aaf4e3fadb41e60e62e6854.yaml @@ -0,0 +1,58 @@ +id: unusedcss-2a1f9d077aaf4e3fadb41e60e62e6854 + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'queue_posts' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3108ef4-f889-4ae1-b86f-cedf46dcea19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-2b045fe9c22899f178f1269f6a026542.yaml b/nuclei-templates/cve-less/plugins/unusedcss-2b045fe9c22899f178f1269f6a026542.yaml new file mode 100644 index 0000000000..34535df8d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-2b045fe9c22899f178f1269f6a026542.yaml @@ -0,0 +1,58 @@ +id: unusedcss-2b045fe9c22899f178f1269f6a026542 + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'queue_posts' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d16fa590-1409-4f04-b8b7-0cce17412a5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-2b7ae4ca78bd06166aae6152ceb4da4c.yaml b/nuclei-templates/cve-less/plugins/unusedcss-2b7ae4ca78bd06166aae6152ceb4da4c.yaml new file mode 100644 index 0000000000..152cd9e0fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-2b7ae4ca78bd06166aae6152ceb4da4c.yaml @@ -0,0 +1,58 @@ +id: unusedcss-2b7ae4ca78bd06166aae6152ceb4da4c + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f9ee168-82b1-4d13-a84e-379f16dcb283?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-5c781006f6fca5d11eb9b4f46b04eda7.yaml b/nuclei-templates/cve-less/plugins/unusedcss-5c781006f6fca5d11eb9b4f46b04eda7.yaml new file mode 100644 index 0000000000..5b60173691 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-5c781006f6fca5d11eb9b4f46b04eda7.yaml @@ -0,0 +1,58 @@ +id: unusedcss-5c781006f6fca5d11eb9b4f46b04eda7 + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ajax_deactivate' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d95b01c3-5db4-40ac-8787-0db58a9cc3a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-6ec723a75cd7d5a7782b1351c8098782.yaml b/nuclei-templates/cve-less/plugins/unusedcss-6ec723a75cd7d5a7782b1351c8098782.yaml new file mode 100644 index 0000000000..bbeda0ed5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-6ec723a75cd7d5a7782b1351c8098782.yaml @@ -0,0 +1,58 @@ +id: unusedcss-6ec723a75cd7d5a7782b1351c8098782 + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'clear_page_cache' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b228f8b1-dd68-41ee-bc49-6a62e5267233?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-76ac5b6d638212e0347ed800db5531d1.yaml b/nuclei-templates/cve-less/plugins/unusedcss-76ac5b6d638212e0347ed800db5531d1.yaml new file mode 100644 index 0000000000..961823c933 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-76ac5b6d638212e0347ed800db5531d1.yaml @@ -0,0 +1,58 @@ +id: unusedcss-76ac5b6d638212e0347ed800db5531d1 + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_uucss_logs' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a52325f9-51b5-469c-865e-73a22002d46f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-7fabd60d3b2198be95329f47bacc886f.yaml b/nuclei-templates/cve-less/plugins/unusedcss-7fabd60d3b2198be95329f47bacc886f.yaml new file mode 100644 index 0000000000..601268957e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-7fabd60d3b2198be95329f47bacc886f.yaml @@ -0,0 +1,58 @@ +id: unusedcss-7fabd60d3b2198be95329f47bacc886f + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ajax_deactivate' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2296800-93d6-48fa-aa09-3d28fa6371d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-9a0b6c64179538a07b644a9798c3ccee.yaml b/nuclei-templates/cve-less/plugins/unusedcss-9a0b6c64179538a07b644a9798c3ccee.yaml new file mode 100644 index 0000000000..8fd81c630b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-9a0b6c64179538a07b644a9798c3ccee.yaml @@ -0,0 +1,58 @@ +id: unusedcss-9a0b6c64179538a07b644a9798c3ccee + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'clear_page_cache' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cba74f7-7183-4297-8f04-4818c01358ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-a0e3ff5d3be6b2d76d2f97e392703cee.yaml b/nuclei-templates/cve-less/plugins/unusedcss-a0e3ff5d3be6b2d76d2f97e392703cee.yaml new file mode 100644 index 0000000000..34ce97c99e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-a0e3ff5d3be6b2d76d2f97e392703cee.yaml @@ -0,0 +1,58 @@ +id: unusedcss-a0e3ff5d3be6b2d76d2f97e392703cee + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'attach_rule' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bb55b22-a0d0-424f-8e4f-57d3f239c149?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-a339149dde9b1d7d6ce8f5a68c95c72b.yaml b/nuclei-templates/cve-less/plugins/unusedcss-a339149dde9b1d7d6ce8f5a68c95c72b.yaml new file mode 100644 index 0000000000..356a186924 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-a339149dde9b1d7d6ce8f5a68c95c72b.yaml @@ -0,0 +1,58 @@ +id: unusedcss-a339149dde9b1d7d6ce8f5a68c95c72b + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'uucss_update_rule' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/263153c9-61c5-4df4-803b-8d274e2a5e35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-a5b2d252972ec3a0a983d2f147eccab3.yaml b/nuclei-templates/cve-less/plugins/unusedcss-a5b2d252972ec3a0a983d2f147eccab3.yaml new file mode 100644 index 0000000000..614489a088 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-a5b2d252972ec3a0a983d2f147eccab3.yaml @@ -0,0 +1,58 @@ +id: unusedcss-a5b2d252972ec3a0a983d2f147eccab3 + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'ucss_connect' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c66894a-8d0f-4946-ae4d-bffd35f3ffb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-bc3c5983bb2636786bed9c036578261b.yaml b/nuclei-templates/cve-less/plugins/unusedcss-bc3c5983bb2636786bed9c036578261b.yaml new file mode 100644 index 0000000000..d421b812cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-bc3c5983bb2636786bed9c036578261b.yaml @@ -0,0 +1,58 @@ +id: unusedcss-bc3c5983bb2636786bed9c036578261b + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 2.2.11 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ebdb591-4fd4-4ea3-a0db-b934c67176de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-dea1282ba49458404fbdca77bb502b69.yaml b/nuclei-templates/cve-less/plugins/unusedcss-dea1282ba49458404fbdca77bb502b69.yaml new file mode 100644 index 0000000000..70976cf9f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-dea1282ba49458404fbdca77bb502b69.yaml @@ -0,0 +1,58 @@ +id: unusedcss-dea1282ba49458404fbdca77bb502b69 + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Missing Authorization in 'ucss_connect' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eba48c51-87d9-4e7e-b4c1-0205cd96d033?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-e06f0873eb001cb3482364eb50615d1b.yaml b/nuclei-templates/cve-less/plugins/unusedcss-e06f0873eb001cb3482364eb50615d1b.yaml new file mode 100644 index 0000000000..376063b744 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-e06f0873eb001cb3482364eb50615d1b.yaml @@ -0,0 +1,58 @@ +id: unusedcss-e06f0873eb001cb3482364eb50615d1b + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.7.1 - Cross-Site Request Forgery via 'attach_rule' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11f74b86-a050-4247-b310-045bf48fd4bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unusedcss-fdaa7c7a6a16dd831123dd45077162f8.yaml b/nuclei-templates/cve-less/plugins/unusedcss-fdaa7c7a6a16dd831123dd45077162f8.yaml new file mode 100644 index 0000000000..064b18b361 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unusedcss-fdaa7c7a6a16dd831123dd45077162f8.yaml @@ -0,0 +1,58 @@ +id: unusedcss-fdaa7c7a6a16dd831123dd45077162f8 + +info: + name: > + RapidLoad Power-Up for Autoptimize <= 1.6.35 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb71befb-8b79-46b0-9d0b-0159542147c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unusedcss/" + google-query: inurl:"/wp-content/plugins/unusedcss/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unusedcss,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unusedcss/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unusedcss" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unyson-610d128e626440e80c8a487da8ac96e5.yaml b/nuclei-templates/cve-less/plugins/unyson-610d128e626440e80c8a487da8ac96e5.yaml new file mode 100644 index 0000000000..0bd816f524 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unyson-610d128e626440e80c8a487da8ac96e5.yaml @@ -0,0 +1,58 @@ +id: unyson-610d128e626440e80c8a487da8ac96e5 + +info: + name: > + Unyson <= 2.7.26 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32648d65-88a7-48fa-adeb-3060a1cf5b93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unyson/" + google-query: inurl:"/wp-content/plugins/unyson/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unyson,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unyson/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unyson" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/unyson-90e033d103f597ab6ef613db20a319e8.yaml b/nuclei-templates/cve-less/plugins/unyson-90e033d103f597ab6ef613db20a319e8.yaml new file mode 100644 index 0000000000..9defafb71f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/unyson-90e033d103f597ab6ef613db20a319e8.yaml @@ -0,0 +1,58 @@ +id: unyson-90e033d103f597ab6ef613db20a319e8 + +info: + name: > + Unyson <= 2.7.28 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35421b32-701a-4fc9-bcec-80684d874bab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/unyson/" + google-query: inurl:"/wp-content/plugins/unyson/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,unyson,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/unyson/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unyson" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/up-down-image-slideshow-gallery-7138d2ba8421f62a9d8f037aab75e745.yaml b/nuclei-templates/cve-less/plugins/up-down-image-slideshow-gallery-7138d2ba8421f62a9d8f037aab75e745.yaml new file mode 100644 index 0000000000..0bbff47dbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/up-down-image-slideshow-gallery-7138d2ba8421f62a9d8f037aab75e745.yaml @@ -0,0 +1,58 @@ +id: up-down-image-slideshow-gallery-7138d2ba8421f62a9d8f037aab75e745 + +info: + name: > + Up down image slideshow gallery <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b72cf6f-4924-4fa5-8e1a-4054dfe73be0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/up-down-image-slideshow-gallery/" + google-query: inurl:"/wp-content/plugins/up-down-image-slideshow-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,up-down-image-slideshow-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/up-down-image-slideshow-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "up-down-image-slideshow-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/update-alt-attribute-a1741d936a6f3f09256d6ab3128f4cf5.yaml b/nuclei-templates/cve-less/plugins/update-alt-attribute-a1741d936a6f3f09256d6ab3128f4cf5.yaml new file mode 100644 index 0000000000..542e650de9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/update-alt-attribute-a1741d936a6f3f09256d6ab3128f4cf5.yaml @@ -0,0 +1,58 @@ +id: update-alt-attribute-a1741d936a6f3f09256d6ab3128f4cf5 + +info: + name: > + Update Image Tag Alt Attribute <= 2.4.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25b13322-d305-45db-8ac7-20762398dc21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/update-alt-attribute/" + google-query: inurl:"/wp-content/plugins/update-alt-attribute/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,update-alt-attribute,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/update-alt-attribute/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "update-alt-attribute" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/update-alt-attribute-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/update-alt-attribute-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..1361198321 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/update-alt-attribute-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: update-alt-attribute-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/update-alt-attribute/" + google-query: inurl:"/wp-content/plugins/update-alt-attribute/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,update-alt-attribute,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/update-alt-attribute/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "update-alt-attribute" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/update-theme-and-plugins-from-zip-file-f49cbe09035132568d19e52e79936740.yaml b/nuclei-templates/cve-less/plugins/update-theme-and-plugins-from-zip-file-f49cbe09035132568d19e52e79936740.yaml new file mode 100644 index 0000000000..687871e571 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/update-theme-and-plugins-from-zip-file-f49cbe09035132568d19e52e79936740.yaml @@ -0,0 +1,58 @@ +id: update-theme-and-plugins-from-zip-file-f49cbe09035132568d19e52e79936740 + +info: + name: > + Update Theme and Plugins from Zip File <= 2.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e59293a6-cc61-4913-9ed0-13fa16299705?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/update-theme-and-plugins-from-zip-file/" + google-query: inurl:"/wp-content/plugins/update-theme-and-plugins-from-zip-file/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,update-theme-and-plugins-from-zip-file,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/update-theme-and-plugins-from-zip-file/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "update-theme-and-plugins-from-zip-file" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updater-5a578f0ccecd9e70dbf98ea6c2ad1d23.yaml b/nuclei-templates/cve-less/plugins/updater-5a578f0ccecd9e70dbf98ea6c2ad1d23.yaml new file mode 100644 index 0000000000..18a62481f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updater-5a578f0ccecd9e70dbf98ea6c2ad1d23.yaml @@ -0,0 +1,58 @@ +id: updater-5a578f0ccecd9e70dbf98ea6c2ad1d23 + +info: + name: > + Updater by BestWebSoft <= 1.34 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83157b37-75f6-4ab9-8759-3d9a9cb9303d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updater/" + google-query: inurl:"/wp-content/plugins/updater/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updater,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updater/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updater" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraft-c7d89f14d724c38d6f5b1f1ce939143f.yaml b/nuclei-templates/cve-less/plugins/updraft-c7d89f14d724c38d6f5b1f1ce939143f.yaml new file mode 100644 index 0000000000..9f746e7644 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraft-c7d89f14d724c38d6f5b1f1ce939143f.yaml @@ -0,0 +1,58 @@ +id: updraft-c7d89f14d724c38d6f5b1f1ce939143f + +info: + name: > + Updraft <= 0.6.1 - Reflected Cross-Site Scripting via 'backup_timestamp' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02bfc849-0f36-4647-9290-eddbacdb419b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraft/" + google-query: inurl:"/wp-content/plugins/updraft/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraft,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraft/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraft" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraftplus-00045a0149ac4849a8afd76259c91e36.yaml b/nuclei-templates/cve-less/plugins/updraftplus-00045a0149ac4849a8afd76259c91e36.yaml new file mode 100644 index 0000000000..725de80514 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraftplus-00045a0149ac4849a8afd76259c91e36.yaml @@ -0,0 +1,58 @@ +id: updraftplus-00045a0149ac4849a8afd76259c91e36 + +info: + name: > + UpdraftPlus <= 1.23.3 - Cross-Site Request Forgery to Cross-Site Scripting via action_authenticate_storage + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/597f06ac-f9c7-4dcb-bb72-15ed7e9d8ac6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraftplus/" + google-query: inurl:"/wp-content/plugins/updraftplus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraftplus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraftplus-1962b90b79f7e959c4385d817037dc9e.yaml b/nuclei-templates/cve-less/plugins/updraftplus-1962b90b79f7e959c4385d817037dc9e.yaml new file mode 100644 index 0000000000..30c5e7d2d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraftplus-1962b90b79f7e959c4385d817037dc9e.yaml @@ -0,0 +1,58 @@ +id: updraftplus-1962b90b79f7e959c4385d817037dc9e + +info: + name: > + UpdraftPlus WordPress Backup Plugin < 1.22.9 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aafa8eb8-73e6-48b5-a94e-85730d6250f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraftplus/" + google-query: inurl:"/wp-content/plugins/updraftplus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraftplus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.22.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraftplus-25f70760f08292d981b9d26ac7ec9db4.yaml b/nuclei-templates/cve-less/plugins/updraftplus-25f70760f08292d981b9d26ac7ec9db4.yaml new file mode 100644 index 0000000000..a0ef65afff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraftplus-25f70760f08292d981b9d26ac7ec9db4.yaml @@ -0,0 +1,58 @@ +id: updraftplus-25f70760f08292d981b9d26ac7ec9db4 + +info: + name: > + UpdraftPlus WordPress Backup Plugin <= 1.16.65 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17d11c96-fd3c-478e-9b0e-ba58116ee27f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraftplus/" + google-query: inurl:"/wp-content/plugins/updraftplus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraftplus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.16.66') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraftplus-50aa046ee7fe3b1495c79cf309977bf9.yaml b/nuclei-templates/cve-less/plugins/updraftplus-50aa046ee7fe3b1495c79cf309977bf9.yaml new file mode 100644 index 0000000000..71f9994bb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraftplus-50aa046ee7fe3b1495c79cf309977bf9.yaml @@ -0,0 +1,58 @@ +id: updraftplus-50aa046ee7fe3b1495c79cf309977bf9 + +info: + name: > + UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/266b1004-a374-4770-9659-bac3d167b585?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraftplus/" + google-query: inurl:"/wp-content/plugins/updraftplus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraftplus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.16.7', '< 1.22.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraftplus-84290819179c80fad98664a6919a3707.yaml b/nuclei-templates/cve-less/plugins/updraftplus-84290819179c80fad98664a6919a3707.yaml new file mode 100644 index 0000000000..16d36fdd5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraftplus-84290819179c80fad98664a6919a3707.yaml @@ -0,0 +1,58 @@ +id: updraftplus-84290819179c80fad98664a6919a3707 + +info: + name: > + UpdraftPlus <= 1.9.63 and UpdraftPlus (paid) <= 2.9.63 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31db39a3-1b0b-4fdf-bef1-72308e38c9ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraftplus/" + google-query: inurl:"/wp-content/plugins/updraftplus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraftplus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.64') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraftplus-adb867864793eef1f6a24c287d50691a.yaml b/nuclei-templates/cve-less/plugins/updraftplus-adb867864793eef1f6a24c287d50691a.yaml new file mode 100644 index 0000000000..e55918471b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraftplus-adb867864793eef1f6a24c287d50691a.yaml @@ -0,0 +1,58 @@ +id: updraftplus-adb867864793eef1f6a24c287d50691a + +info: + name: > + UpdraftPlus <= 1.23.10 - Cross-Site Request Forgery to Google Drive Storage Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1be11c5-0a44-4816-b6bf-d330cb51dbf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraftplus/" + google-query: inurl:"/wp-content/plugins/updraftplus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraftplus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraftplus-c3cfc3a43625bfa414c3f27665757d46.yaml b/nuclei-templates/cve-less/plugins/updraftplus-c3cfc3a43625bfa414c3f27665757d46.yaml new file mode 100644 index 0000000000..8b78a5003a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraftplus-c3cfc3a43625bfa414c3f27665757d46.yaml @@ -0,0 +1,58 @@ +id: updraftplus-c3cfc3a43625bfa414c3f27665757d46 + +info: + name: > + UpdraftPlus <= 1.13.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71b3bec2-3fb2-4b0a-aa6d-5c761d0796e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraftplus/" + google-query: inurl:"/wp-content/plugins/updraftplus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraftplus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraftplus-eed5fef42a38602252bb39c1154507e2.yaml b/nuclei-templates/cve-less/plugins/updraftplus-eed5fef42a38602252bb39c1154507e2.yaml new file mode 100644 index 0000000000..ea6f77a40a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraftplus-eed5fef42a38602252bb39c1154507e2.yaml @@ -0,0 +1,58 @@ +id: updraftplus-eed5fef42a38602252bb39c1154507e2 + +info: + name: > + UpdraftPlus WordPress Backup Plugin <= 1.16.68 - Reflected Cross-Site Scripting via updraft_restore + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58c63799-7d6a-417d-9992-4ab425ae1f1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraftplus/" + google-query: inurl:"/wp-content/plugins/updraftplus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraftplus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.7.4', '<= 1.16.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraftplus-f1749872ec46f0f647fe9218c75359fd.yaml b/nuclei-templates/cve-less/plugins/updraftplus-f1749872ec46f0f647fe9218c75359fd.yaml new file mode 100644 index 0000000000..9826187c81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraftplus-f1749872ec46f0f647fe9218c75359fd.yaml @@ -0,0 +1,58 @@ +id: updraftplus-f1749872ec46f0f647fe9218c75359fd + +info: + name: > + UpdraftPlus WordPress Backup Plugin < 1.6.59 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0987f9a5-eb11-4756-a09a-26dc66a8c690?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraftplus/" + google-query: inurl:"/wp-content/plugins/updraftplus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraftplus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraftplus-pro-50aa046ee7fe3b1495c79cf309977bf9.yaml b/nuclei-templates/cve-less/plugins/updraftplus-pro-50aa046ee7fe3b1495c79cf309977bf9.yaml new file mode 100644 index 0000000000..074508ba69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraftplus-pro-50aa046ee7fe3b1495c79cf309977bf9.yaml @@ -0,0 +1,58 @@ +id: updraftplus-pro-50aa046ee7fe3b1495c79cf309977bf9 + +info: + name: > + UpdraftPlus WordPress Backup Plugin < 1.22.3 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/266b1004-a374-4770-9659-bac3d167b585?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraftplus-pro/" + google-query: inurl:"/wp-content/plugins/updraftplus-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraftplus-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.22.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/updraftplus-pro-84290819179c80fad98664a6919a3707.yaml b/nuclei-templates/cve-less/plugins/updraftplus-pro-84290819179c80fad98664a6919a3707.yaml new file mode 100644 index 0000000000..2e2392b1ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/updraftplus-pro-84290819179c80fad98664a6919a3707.yaml @@ -0,0 +1,58 @@ +id: updraftplus-pro-84290819179c80fad98664a6919a3707 + +info: + name: > + UpdraftPlus <= 1.9.63 and UpdraftPlus (paid) <= 2.9.63 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31db39a3-1b0b-4fdf-bef1-72308e38c9ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/updraftplus-pro/" + google-query: inurl:"/wp-content/plugins/updraftplus-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,updraftplus-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/updraftplus-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "updraftplus-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.64') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/upload-file-type-settings-plugin-5edfe37e0774673d507ae94c41a64138.yaml b/nuclei-templates/cve-less/plugins/upload-file-type-settings-plugin-5edfe37e0774673d507ae94c41a64138.yaml new file mode 100644 index 0000000000..748f4d2fbc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/upload-file-type-settings-plugin-5edfe37e0774673d507ae94c41a64138.yaml @@ -0,0 +1,58 @@ +id: upload-file-type-settings-plugin-5edfe37e0774673d507ae94c41a64138 + +info: + name: > + Upload File Type Settings Plugin <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4dd4479-2f41-426f-b98c-7c654a82ccfe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/upload-file-type-settings-plugin/" + google-query: inurl:"/wp-content/plugins/upload-file-type-settings-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,upload-file-type-settings-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/upload-file-type-settings-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "upload-file-type-settings-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/upload-media-by-url-bd97d62d56ce3ddf250859ccd5e19efb.yaml b/nuclei-templates/cve-less/plugins/upload-media-by-url-bd97d62d56ce3ddf250859ccd5e19efb.yaml new file mode 100644 index 0000000000..f499a69902 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/upload-media-by-url-bd97d62d56ce3ddf250859ccd5e19efb.yaml @@ -0,0 +1,58 @@ +id: upload-media-by-url-bd97d62d56ce3ddf250859ccd5e19efb + +info: + name: > + Upload Media By URL <= 1.0.7 - Cross-Site Request Forgery via 'umbu_download' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18a0b8f2-4512-46a5-92a6-66d375c986dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/upload-media-by-url/" + google-query: inurl:"/wp-content/plugins/upload-media-by-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,upload-media-by-url,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/upload-media-by-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "upload-media-by-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uploader-38106c08054956ec9ec0eb985cd6a30a.yaml b/nuclei-templates/cve-less/plugins/uploader-38106c08054956ec9ec0eb985cd6a30a.yaml new file mode 100644 index 0000000000..e3f165dcc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uploader-38106c08054956ec9ec0eb985cd6a30a.yaml @@ -0,0 +1,58 @@ +id: uploader-38106c08054956ec9ec0eb985cd6a30a + +info: + name: > + Uploader <= 1.0.4 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99afde73-3f2b-4ba4-a82b-a6df42462384?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uploader/" + google-query: inurl:"/wp-content/plugins/uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uploader,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uploading-svgwebp-and-ico-files-31f526f5fc6023df268597ecb0e81e2e.yaml b/nuclei-templates/cve-less/plugins/uploading-svgwebp-and-ico-files-31f526f5fc6023df268597ecb0e81e2e.yaml new file mode 100644 index 0000000000..c897dd8b93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uploading-svgwebp-and-ico-files-31f526f5fc6023df268597ecb0e81e2e.yaml @@ -0,0 +1,58 @@ +id: uploading-svgwebp-and-ico-files-31f526f5fc6023df268597ecb0e81e2e + +info: + name: > + Uploading SVG, WEBP and ICO files <= 1.0.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4bc38197-3827-4c0e-a0a8-42d55f50605f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uploading-svgwebp-and-ico-files/" + google-query: inurl:"/wp-content/plugins/uploading-svgwebp-and-ico-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uploading-svgwebp-and-ico-files,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uploading-svgwebp-and-ico-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uploading-svgwebp-and-ico-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uploading-svgwebp-and-ico-files-3e6fcba7da4eb2d07480c9678c589c91.yaml b/nuclei-templates/cve-less/plugins/uploading-svgwebp-and-ico-files-3e6fcba7da4eb2d07480c9678c589c91.yaml new file mode 100644 index 0000000000..b3b3d4b7e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uploading-svgwebp-and-ico-files-3e6fcba7da4eb2d07480c9678c589c91.yaml @@ -0,0 +1,58 @@ +id: uploading-svgwebp-and-ico-files-3e6fcba7da4eb2d07480c9678c589c91 + +info: + name: > + Uploading SVG, WEBP and ICO files <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eff83c19-c223-4f70-affc-adb0f560264a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uploading-svgwebp-and-ico-files/" + google-query: inurl:"/wp-content/plugins/uploading-svgwebp-and-ico-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uploading-svgwebp-and-ico-files,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uploading-svgwebp-and-ico-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uploading-svgwebp-and-ico-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/uploading-svgwebp-and-ico-files-5c305c85e58387c07315e703af6d187a.yaml b/nuclei-templates/cve-less/plugins/uploading-svgwebp-and-ico-files-5c305c85e58387c07315e703af6d187a.yaml new file mode 100644 index 0000000000..35d2b81a67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/uploading-svgwebp-and-ico-files-5c305c85e58387c07315e703af6d187a.yaml @@ -0,0 +1,58 @@ +id: uploading-svgwebp-and-ico-files-5c305c85e58387c07315e703af6d187a + +info: + name: > + Uploading SVG, WEBP and ICO files <= 1.0.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9116cfea-eef8-480c-b75a-c6825d14f37a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/uploading-svgwebp-and-ico-files/" + google-query: inurl:"/wp-content/plugins/uploading-svgwebp-and-ico-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,uploading-svgwebp-and-ico-files,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/uploading-svgwebp-and-ico-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uploading-svgwebp-and-ico-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/upqode-google-maps-21d62382cf0e1f6a821aaecd2963e3e4.yaml b/nuclei-templates/cve-less/plugins/upqode-google-maps-21d62382cf0e1f6a821aaecd2963e3e4.yaml new file mode 100644 index 0000000000..d706d23f66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/upqode-google-maps-21d62382cf0e1f6a821aaecd2963e3e4.yaml @@ -0,0 +1,58 @@ +id: upqode-google-maps-21d62382cf0e1f6a821aaecd2963e3e4 + +info: + name: > + UpQode Google Maps <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6963b3ed-1b88-49bb-aa2e-99905c14f4c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/upqode-google-maps/" + google-query: inurl:"/wp-content/plugins/upqode-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,upqode-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/upqode-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "upqode-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/url-cloak-encrypt-2e334a9b30a8a16758bc7c2d1620372e.yaml b/nuclei-templates/cve-less/plugins/url-cloak-encrypt-2e334a9b30a8a16758bc7c2d1620372e.yaml new file mode 100644 index 0000000000..d97df9a6a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/url-cloak-encrypt-2e334a9b30a8a16758bc7c2d1620372e.yaml @@ -0,0 +1,58 @@ +id: url-cloak-encrypt-2e334a9b30a8a16758bc7c2d1620372e + +info: + name: > + Cloak & Encrypt < 3.8.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0dd2705e-d78c-4f31-b28f-1ba8b2495c80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/url-cloak-encrypt/" + google-query: inurl:"/wp-content/plugins/url-cloak-encrypt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,url-cloak-encrypt,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/url-cloak-encrypt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "url-cloak-encrypt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/url-params-89a1787cccb90fd10317497361aed1fe.yaml b/nuclei-templates/cve-less/plugins/url-params-89a1787cccb90fd10317497361aed1fe.yaml new file mode 100644 index 0000000000..49c5e6aab0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/url-params-89a1787cccb90fd10317497361aed1fe.yaml @@ -0,0 +1,58 @@ +id: url-params-89a1787cccb90fd10317497361aed1fe + +info: + name: > + URL Params <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98e22884-f7d6-47df-9b1b-9232c48e3685?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/url-params/" + google-query: inurl:"/wp-content/plugins/url-params/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,url-params,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/url-params/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "url-params" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/url-shortify-776a14f8c4824ce1b1f773d4a2d1c83a.yaml b/nuclei-templates/cve-less/plugins/url-shortify-776a14f8c4824ce1b1f773d4a2d1c83a.yaml new file mode 100644 index 0000000000..88a8b3e1cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/url-shortify-776a14f8c4824ce1b1f773d4a2d1c83a.yaml @@ -0,0 +1,58 @@ +id: url-shortify-776a14f8c4824ce1b1f773d4a2d1c83a + +info: + name: > + URL Shortify <= 1.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a66388d6-cf78-48b2-9363-53d1f72d1ff0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/url-shortify/" + google-query: inurl:"/wp-content/plugins/url-shortify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,url-shortify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/url-shortify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "url-shortify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/url-shortify-7d73c621a5e8b7d0767350621fede4eb.yaml b/nuclei-templates/cve-less/plugins/url-shortify-7d73c621a5e8b7d0767350621fede4eb.yaml new file mode 100644 index 0000000000..c69d0b40de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/url-shortify-7d73c621a5e8b7d0767350621fede4eb.yaml @@ -0,0 +1,58 @@ +id: url-shortify-7d73c621a5e8b7d0767350621fede4eb + +info: + name: > + URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress <= 1.6.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe82e9d2-764b-49da-a062-c5fc7c876396?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/url-shortify/" + google-query: inurl:"/wp-content/plugins/url-shortify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,url-shortify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/url-shortify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "url-shortify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/url-shortify-8987091ef60f2278d438fac982e52804.yaml b/nuclei-templates/cve-less/plugins/url-shortify-8987091ef60f2278d438fac982e52804.yaml new file mode 100644 index 0000000000..cd63dd9421 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/url-shortify-8987091ef60f2278d438fac982e52804.yaml @@ -0,0 +1,58 @@ +id: url-shortify-8987091ef60f2278d438fac982e52804 + +info: + name: > + URL Shortify <= 1.7.5 - Unauthenticated Stored Cross-Site Scripting via Referrer Header + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b452283-9f0d-469b-b1b8-4bd253f9ea1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/url-shortify/" + google-query: inurl:"/wp-content/plugins/url-shortify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,url-shortify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/url-shortify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "url-shortify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/url-shortify-c2468d3ae2dd3b63e789f3e42f85078a.yaml b/nuclei-templates/cve-less/plugins/url-shortify-c2468d3ae2dd3b63e789f3e42f85078a.yaml new file mode 100644 index 0000000000..691f59f91e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/url-shortify-c2468d3ae2dd3b63e789f3e42f85078a.yaml @@ -0,0 +1,58 @@ +id: url-shortify-c2468d3ae2dd3b63e789f3e42f85078a + +info: + name: > + URL Shortify <= 1.7.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddc4b758-5a1e-4d0a-949e-869fcd9df0bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/url-shortify/" + google-query: inurl:"/wp-content/plugins/url-shortify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,url-shortify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/url-shortify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "url-shortify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/urvanov-syntax-highlighter-05f9b585294ccf338dddc9365df56f99.yaml b/nuclei-templates/cve-less/plugins/urvanov-syntax-highlighter-05f9b585294ccf338dddc9365df56f99.yaml new file mode 100644 index 0000000000..8550dc9d41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/urvanov-syntax-highlighter-05f9b585294ccf338dddc9365df56f99.yaml @@ -0,0 +1,58 @@ +id: urvanov-syntax-highlighter-05f9b585294ccf338dddc9365df56f99 + +info: + name: > + Urvanov Syntax Highlighter <= 2.8.33 - Cross-Site Request Forgery via init_ajax + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c85fa64-4761-4b92-bd4f-7c220cf18288?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/urvanov-syntax-highlighter/" + google-query: inurl:"/wp-content/plugins/urvanov-syntax-highlighter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,urvanov-syntax-highlighter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/urvanov-syntax-highlighter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "urvanov-syntax-highlighter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-038cd4d7f3a85c2e02153b9f3d732338.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-038cd4d7f3a85c2e02153b9f3d732338.yaml new file mode 100644 index 0000000000..11f377de25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-038cd4d7f3a85c2e02153b9f3d732338.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-038cd4d7f3a85c2e02153b9f3d732338 + +info: + name: > + Welcart e-Commerce <= 2.8.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad0ed141-3d17-4fff-b788-7ff43f79d04c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-096aec3054df6ba2321176f02f5a1d37.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-096aec3054df6ba2321176f02f5a1d37.yaml new file mode 100644 index 0000000000..a9746d283b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-096aec3054df6ba2321176f02f5a1d37.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-096aec3054df6ba2321176f02f5a1d37 + +info: + name: > + Welcart e-Commerce <= 2.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/162afd58-3534-401b-9119-c1c26e15cd0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-1dc13a6a71c3d10751ef8c16460e007d.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-1dc13a6a71c3d10751ef8c16460e007d.yaml new file mode 100644 index 0000000000..60ea444ead --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-1dc13a6a71c3d10751ef8c16460e007d.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-1dc13a6a71c3d10751ef8c16460e007d + +info: + name: > + Welcart e-Commerce < 1.8.3 - Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/321d0121-5cc9-4736-89b0-228e45b48b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-210ee561ccacfc2a5ebd14551c7ee8ef.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-210ee561ccacfc2a5ebd14551c7ee8ef.yaml new file mode 100644 index 0000000000..a04275d788 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-210ee561ccacfc2a5ebd14551c7ee8ef.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-210ee561ccacfc2a5ebd14551c7ee8ef + +info: + name: > + Welcart e-Commerce 2.6.0-2.7.7 - Information Disclosure via Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e8ab165-57b8-4509-86b8-6e5226812264?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.6.0', '<= 2.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-21d8c490b865a29263e262b969e2ce3d.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-21d8c490b865a29263e262b969e2ce3d.yaml new file mode 100644 index 0000000000..bda41c58a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-21d8c490b865a29263e262b969e2ce3d.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-21d8c490b865a29263e262b969e2ce3d + +info: + name: > + Welcart e-Commerce <= 2.2.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/513f4a39-afba-4819-abf2-6ed168d11dfe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-229b28e3351ab434cc4be3a1c3322160.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-229b28e3351ab434cc4be3a1c3322160.yaml new file mode 100644 index 0000000000..f34ba3b606 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-229b28e3351ab434cc4be3a1c3322160.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-229b28e3351ab434cc4be3a1c3322160 + +info: + name: > + Welcart e-Commerce <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4c9a5b-93ec-4979-921a-91134cb09566?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-2711228331aed4ad8d57b410230e7202.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-2711228331aed4ad8d57b410230e7202.yaml new file mode 100644 index 0000000000..412528bbd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-2711228331aed4ad8d57b410230e7202.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-2711228331aed4ad8d57b410230e7202 + +info: + name: > + Welcart e-Commerce <= 2.9.6 - Authenticated (Administrator+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2677cea6-d60d-4e10-afd7-e088a5592b19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-2ddf644540fef01e3b57f8fb75bbef89.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-2ddf644540fef01e3b57f8fb75bbef89.yaml new file mode 100644 index 0000000000..bacc4edda2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-2ddf644540fef01e3b57f8fb75bbef89.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-2ddf644540fef01e3b57f8fb75bbef89 + +info: + name: > + Welcart e-Commerce <= 2.9.3 - Authenticated(Editor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a328643a-ab12-427e-9bcd-2d40738afb61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-2ff5131571517bfee0f572e860d19db4.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-2ff5131571517bfee0f572e860d19db4.yaml new file mode 100644 index 0000000000..1e80597bdc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-2ff5131571517bfee0f572e860d19db4.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-2ff5131571517bfee0f572e860d19db4 + +info: + name: > + Welcart e-Commerce <= 2.8.5 - Authenticated (Subscriber+) Information Disclosure and PHAR deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/518be2c6-36ca-4015-8b7f-451a806c7b1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-31114b788d1703e5027b3d9e13cfe612.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-31114b788d1703e5027b3d9e13cfe612.yaml new file mode 100644 index 0000000000..7a1d0e1211 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-31114b788d1703e5027b3d9e13cfe612.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-31114b788d1703e5027b3d9e13cfe612 + +info: + name: > + Welcart e-Commerce <= 1.9.35 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c694bce-e389-492a-827d-ae5293730612?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-4b4264267e112c94d109dcec42a2f42e.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-4b4264267e112c94d109dcec42a2f42e.yaml new file mode 100644 index 0000000000..ef4364ac2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-4b4264267e112c94d109dcec42a2f42e.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-4b4264267e112c94d109dcec42a2f42e + +info: + name: > + Welcart e-Commerce <= 2.9.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f23aa0e-eb1f-4310-9615-d67eb39389fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-4cfd2c744e2f57cb62950af3a51becf5.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-4cfd2c744e2f57cb62950af3a51becf5.yaml new file mode 100644 index 0000000000..bfa71bd5ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-4cfd2c744e2f57cb62950af3a51becf5.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-4cfd2c744e2f57cb62950af3a51becf5 + +info: + name: > + Welcart e-Commerce <= 2.9.14 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61799fbc-05dc-4de9-90f9-8712ba554607?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-4f7978d908f1ff8c4cd9a4c00b97533c.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-4f7978d908f1ff8c4cd9a4c00b97533c.yaml new file mode 100644 index 0000000000..8a0353cd76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-4f7978d908f1ff8c4cd9a4c00b97533c.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-4f7978d908f1ff8c4cd9a4c00b97533c + +info: + name: > + Welcart e-Commerce < 1.4.18 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec2edcdf-3a0c-40bc-8b33-1ad15cad5acb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-4fe7d1bc981304a877651572e2d01606.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-4fe7d1bc981304a877651572e2d01606.yaml new file mode 100644 index 0000000000..292c7ef4b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-4fe7d1bc981304a877651572e2d01606.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-4fe7d1bc981304a877651572e2d01606 + +info: + name: > + Welcart e-Commerce <= 1.8.2 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f8f6ade-84a2-4a42-9208-a74f5ebe19b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-72bbf06194176f982771d77cb4853bda.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-72bbf06194176f982771d77cb4853bda.yaml new file mode 100644 index 0000000000..8cfe0db9f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-72bbf06194176f982771d77cb4853bda.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-72bbf06194176f982771d77cb4853bda + +info: + name: > + Welcart e-Commerce < 1.5.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be6c08b9-bba7-4780-99b9-4b80e6b4872a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-774c036e84ef68a0e067057a5470d4c6.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-774c036e84ef68a0e067057a5470d4c6.yaml new file mode 100644 index 0000000000..591745c673 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-774c036e84ef68a0e067057a5470d4c6.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-774c036e84ef68a0e067057a5470d4c6 + +info: + name: > + Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/671f5ba5-1f18-49fa-aa97-eaebdb3417bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-87df231a3fe89988f05561dc4a2eda17.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-87df231a3fe89988f05561dc4a2eda17.yaml new file mode 100644 index 0000000000..769147ac01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-87df231a3fe89988f05561dc4a2eda17.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-87df231a3fe89988f05561dc4a2eda17 + +info: + name: > + Welcart e-Commerce < 1.2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2022fa8b-2b2a-43a3-9447-90eed326f187?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-88d558d73b2f64520cd166163d121c99.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-88d558d73b2f64520cd166163d121c99.yaml new file mode 100644 index 0000000000..fe1c44fff0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-88d558d73b2f64520cd166163d121c99.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-88d558d73b2f64520cd166163d121c99 + +info: + name: > + Welcart e-Commerce 2.6.10-2.8.4 - Information Disclosure via Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bdfabd43-0ffa-4c25-aa72-0572e7007a01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.6.10', '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-8cf84dc81a40a5707b5bcb6a5de08836.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-8cf84dc81a40a5707b5bcb6a5de08836.yaml new file mode 100644 index 0000000000..a874769b89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-8cf84dc81a40a5707b5bcb6a5de08836.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-8cf84dc81a40a5707b5bcb6a5de08836 + +info: + name: > + Welcart e-Commerce <= 2.8.10 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/772c9330-97d5-42d5-a49c-d9a86a14b235?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-b635a88aed40383d80b165aae1551858.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-b635a88aed40383d80b165aae1551858.yaml new file mode 100644 index 0000000000..75585f6fbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-b635a88aed40383d80b165aae1551858.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-b635a88aed40383d80b165aae1551858 + +info: + name: > + Welcart e-Commerce <= 1.3.12 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d681fcaf-c7b3-496f-b0d8-a8ed48901cec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-c124fe326fda2227cda364e6977789ed.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-c124fe326fda2227cda364e6977789ed.yaml new file mode 100644 index 0000000000..49f90d1441 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-c124fe326fda2227cda364e6977789ed.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-c124fe326fda2227cda364e6977789ed + +info: + name: > + Welcart e-Commerce <= 1.8.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/103ce24e-1c21-4c25-b3d0-6f595bf58979?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-c85d6be596b55b91d137e8053b85f064.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-c85d6be596b55b91d137e8053b85f064.yaml new file mode 100644 index 0000000000..46def124e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-c85d6be596b55b91d137e8053b85f064.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-c85d6be596b55b91d137e8053b85f064 + +info: + name: > + Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5eb9b1f-39d5-4c5d-8fb3-71d4bbe5f43a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-cfe5fa3015f2fc55d2b05163019ba81a.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-cfe5fa3015f2fc55d2b05163019ba81a.yaml new file mode 100644 index 0000000000..651f465c77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-cfe5fa3015f2fc55d2b05163019ba81a.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-cfe5fa3015f2fc55d2b05163019ba81a + +info: + name: > + Welcart e-Commerce <= 2.8.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b27b2e40-c703-4fa0-bff0-788e7a0351c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-defc78f281b1b753471f78628f828031.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-defc78f281b1b753471f78628f828031.yaml new file mode 100644 index 0000000000..d7db988963 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-defc78f281b1b753471f78628f828031.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-defc78f281b1b753471f78628f828031 + +info: + name: > + Welcart e-Commerce <= 2.8.4 - Authenticated (Subscriber+) Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f87df7cc-54bb-454c-94be-c8c4768cbe44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-e3d6a99c1f59024071ddea4c2fb68561.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-e3d6a99c1f59024071ddea4c2fb68561.yaml new file mode 100644 index 0000000000..60a0e7e6fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-e3d6a99c1f59024071ddea4c2fb68561.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-e3d6a99c1f59024071ddea4c2fb68561 + +info: + name: > + Welcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d82e856b-c8c9-4139-ad54-89368e3b7125?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-e4a8e0f95ee7761efbfd23ea0c0e9596.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-e4a8e0f95ee7761efbfd23ea0c0e9596.yaml new file mode 100644 index 0000000000..1b969eab4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-e4a8e0f95ee7761efbfd23ea0c0e9596.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-e4a8e0f95ee7761efbfd23ea0c0e9596 + +info: + name: > + Welcart e-Commerce <= 2.9.4 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23399606-20b6-4d0b-b613-06dc838dc1e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-ed4c279d09c7012524c7ccab923e2ae4.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-ed4c279d09c7012524c7ccab923e2ae4.yaml new file mode 100644 index 0000000000..deea1bd616 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-ed4c279d09c7012524c7ccab923e2ae4.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-ed4c279d09c7012524c7ccab923e2ae4 + +info: + name: > + Welcart e-Commerce < 1.2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16a4ebde-7c92-4ad2-9c8d-3bef0a8c600b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-f06d882e6e9ca473dc32139014858b23.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-f06d882e6e9ca473dc32139014858b23.yaml new file mode 100644 index 0000000000..d6769b8f9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-f06d882e6e9ca473dc32139014858b23.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-f06d882e6e9ca473dc32139014858b23 + +info: + name: > + Welcart e-Commerce < 1.8.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b86a774-a420-41a8-85ad-44fe8b32d4c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-f56dc5bbdc913e57ded42347de5ef8aa.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-f56dc5bbdc913e57ded42347de5ef8aa.yaml new file mode 100644 index 0000000000..b319dd4043 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-f56dc5bbdc913e57ded42347de5ef8aa.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-f56dc5bbdc913e57ded42347de5ef8aa + +info: + name: > + Welcart e-Commerce <= 2.8.21 - Authenticated(level_5+) SQL Injection via get_logs + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35dadb9c-f0c6-4b74-bb31-5e9d504b3db5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-fc6e5379eaab092cc08185fd85a10348.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-fc6e5379eaab092cc08185fd85a10348.yaml new file mode 100644 index 0000000000..c013fa6ac6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-fc6e5379eaab092cc08185fd85a10348.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-fc6e5379eaab092cc08185fd85a10348 + +info: + name: > + Welcart e-Commerce <= 2.8.21 - Authenticated(Editor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a908ac17-666f-4725-86f4-c9af4589fb69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usc-e-shop-fdd08ff4357466d1ef831234fd4686a2.yaml b/nuclei-templates/cve-less/plugins/usc-e-shop-fdd08ff4357466d1ef831234fd4686a2.yaml new file mode 100644 index 0000000000..85103227c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usc-e-shop-fdd08ff4357466d1ef831234fd4686a2.yaml @@ -0,0 +1,58 @@ +id: usc-e-shop-fdd08ff4357466d1ef831234fd4686a2 + +info: + name: > + Welcart e-Commerce <= 2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f690e67c-119f-4ea6-9505-101e7f7a3dea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usc-e-shop/" + google-query: inurl:"/wp-content/plugins/usc-e-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usc-e-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usc-e-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usc-e-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/use-any-font-4c69021959bdea7c58c778958310ad50.yaml b/nuclei-templates/cve-less/plugins/use-any-font-4c69021959bdea7c58c778958310ad50.yaml new file mode 100644 index 0000000000..4d38d4bf4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/use-any-font-4c69021959bdea7c58c778958310ad50.yaml @@ -0,0 +1,58 @@ +id: use-any-font-4c69021959bdea7c58c778958310ad50 + +info: + name: > + Use Any Font <= 6.1.7 - Cross-Site Request Forgery to API Key Deactivation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e60428e-1641-470f-a6f1-7c2b4140a6bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/use-any-font/" + google-query: inurl:"/wp-content/plugins/use-any-font/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,use-any-font,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/use-any-font/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "use-any-font" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/use-any-font-bdb0853cb6d84b9abe929218f47378a4.yaml b/nuclei-templates/cve-less/plugins/use-any-font-bdb0853cb6d84b9abe929218f47378a4.yaml new file mode 100644 index 0000000000..8361e99c44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/use-any-font-bdb0853cb6d84b9abe929218f47378a4.yaml @@ -0,0 +1,58 @@ +id: use-any-font-bdb0853cb6d84b9abe929218f47378a4 + +info: + name: > + Use Any Font <= 6.2.0 - Unauthenticated Arbitrary CSS Appending + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb6de4da-0d60-4332-be25-5521e430a4fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/use-any-font/" + google-query: inurl:"/wp-content/plugins/use-any-font/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,use-any-font,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/use-any-font/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "use-any-font" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/use-memcached-f91c9276892eda169cc400a6c1591e0c.yaml b/nuclei-templates/cve-less/plugins/use-memcached-f91c9276892eda169cc400a6c1591e0c.yaml new file mode 100644 index 0000000000..98ea6b9571 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/use-memcached-f91c9276892eda169cc400a6c1591e0c.yaml @@ -0,0 +1,58 @@ +id: use-memcached-f91c9276892eda169cc400a6c1591e0c + +info: + name: > + Use Memcached <= 1.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b63f4de2-32e1-4c5e-a64d-fb66d2e2b3a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/use-memcached/" + google-query: inurl:"/wp-content/plugins/use-memcached/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,use-memcached,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/use-memcached/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "use-memcached" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/use-your-drive-97b7c398dfbcdf367ba6ab6fa80d3110.yaml b/nuclei-templates/cve-less/plugins/use-your-drive-97b7c398dfbcdf367ba6ab6fa80d3110.yaml new file mode 100644 index 0000000000..e91d6c1034 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/use-your-drive-97b7c398dfbcdf367ba6ab6fa80d3110.yaml @@ -0,0 +1,58 @@ +id: use-your-drive-97b7c398dfbcdf367ba6ab6fa80d3110 + +info: + name: > + Use-Your-Drive < 1.18.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1087f744-44c2-4fa1-92d9-872a5bfd571d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/use-your-drive/" + google-query: inurl:"/wp-content/plugins/use-your-drive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,use-your-drive,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/use-your-drive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "use-your-drive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.18.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/useful-banner-manager-663fd6040ba08a6cf95a5d56aa372c7d.yaml b/nuclei-templates/cve-less/plugins/useful-banner-manager-663fd6040ba08a6cf95a5d56aa372c7d.yaml new file mode 100644 index 0000000000..49c7c847eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/useful-banner-manager-663fd6040ba08a6cf95a5d56aa372c7d.yaml @@ -0,0 +1,58 @@ +id: useful-banner-manager-663fd6040ba08a6cf95a5d56aa372c7d + +info: + name: > + Useful Banner Manager <= 1.6.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57a39691-8fff-4e62-a03a-70b428025d77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/useful-banner-manager/" + google-query: inurl:"/wp-content/plugins/useful-banner-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,useful-banner-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/useful-banner-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "useful-banner-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-access-manager-6233e05856841c02f1c38924069a60ef.yaml b/nuclei-templates/cve-less/plugins/user-access-manager-6233e05856841c02f1c38924069a60ef.yaml new file mode 100644 index 0000000000..a45812a49f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-access-manager-6233e05856841c02f1c38924069a60ef.yaml @@ -0,0 +1,58 @@ +id: user-access-manager-6233e05856841c02f1c38924069a60ef + +info: + name: > + User Access Manager <= 2.2.16 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88c5752c-ef4e-4343-810e-ecf1f33d3538?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-access-manager/" + google-query: inurl:"/wp-content/plugins/user-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-access-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-access-manager-96bfdb264056a59de7cf266b01d0316c.yaml b/nuclei-templates/cve-less/plugins/user-access-manager-96bfdb264056a59de7cf266b01d0316c.yaml new file mode 100644 index 0000000000..9f3e63e965 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-access-manager-96bfdb264056a59de7cf266b01d0316c.yaml @@ -0,0 +1,58 @@ +id: user-access-manager-96bfdb264056a59de7cf266b01d0316c + +info: + name: > + User Access Manager < 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14d81210-9360-4153-9b5a-35d12cc0cbf0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-access-manager/" + google-query: inurl:"/wp-content/plugins/user-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-access-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activation-email-044b344fe9d706549aa3d52095be3dd2.yaml b/nuclei-templates/cve-less/plugins/user-activation-email-044b344fe9d706549aa3d52095be3dd2.yaml new file mode 100644 index 0000000000..cba1e12cc2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activation-email-044b344fe9d706549aa3d52095be3dd2.yaml @@ -0,0 +1,58 @@ +id: user-activation-email-044b344fe9d706549aa3d52095be3dd2 + +info: + name: > + User Activation Email <= 1.3.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a7687fe-6246-4bd3-9d4f-e7fa6398f265?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activation-email/" + google-query: inurl:"/wp-content/plugins/user-activation-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activation-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activation-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activation-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-a9046caf138583ab295d7c397e7fc905.yaml b/nuclei-templates/cve-less/plugins/user-activity-a9046caf138583ab295d7c397e7fc905.yaml new file mode 100644 index 0000000000..3050b4564d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-a9046caf138583ab295d7c397e7fc905.yaml @@ -0,0 +1,58 @@ +id: user-activity-a9046caf138583ab295d7c397e7fc905 + +info: + name: > + User Activity <= 1.0.1 - IP Address Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a38a72a-7336-4aa5-8491-6879dfa4d0ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity/" + google-query: inurl:"/wp-content/plugins/user-activity/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-log-02cae5f64c7458f6a2f1e1b080ca9389.yaml b/nuclei-templates/cve-less/plugins/user-activity-log-02cae5f64c7458f6a2f1e1b080ca9389.yaml new file mode 100644 index 0000000000..dbb750e9e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-log-02cae5f64c7458f6a2f1e1b080ca9389.yaml @@ -0,0 +1,58 @@ +id: user-activity-log-02cae5f64c7458f6a2f1e1b080ca9389 + +info: + name: > + User Activity Log <= 1.6.5 - Unauthenticated Data Export to Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb7e9ea4-c450-491f-b924-47ed4abec64a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity-log/" + google-query: inurl:"/wp-content/plugins/user-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-log-1e01dff414d04212c3c6453a2d281edc.yaml b/nuclei-templates/cve-less/plugins/user-activity-log-1e01dff414d04212c3c6453a2d281edc.yaml new file mode 100644 index 0000000000..0c0139a2c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-log-1e01dff414d04212c3c6453a2d281edc.yaml @@ -0,0 +1,58 @@ +id: user-activity-log-1e01dff414d04212c3c6453a2d281edc + +info: + name: > + User Activity Log <= 1.6.2 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64be6e85-00c9-49f5-9ee2-08dbe434a848?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity-log/" + google-query: inurl:"/wp-content/plugins/user-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-log-cf0ba687a6ace638f9be60d1f6b85b3d.yaml b/nuclei-templates/cve-less/plugins/user-activity-log-cf0ba687a6ace638f9be60d1f6b85b3d.yaml new file mode 100644 index 0000000000..2baad6746c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-log-cf0ba687a6ace638f9be60d1f6b85b3d.yaml @@ -0,0 +1,58 @@ +id: user-activity-log-cf0ba687a6ace638f9be60d1f6b85b3d + +info: + name: > + User Activity Log <= 1.6.6 - IP Address Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77462f1f-f7d8-4d11-aaf1-82395897fcfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity-log/" + google-query: inurl:"/wp-content/plugins/user-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-log-e27368e4785bcd7f22809f69244573f8.yaml b/nuclei-templates/cve-less/plugins/user-activity-log-e27368e4785bcd7f22809f69244573f8.yaml new file mode 100644 index 0000000000..73bbbb5c33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-log-e27368e4785bcd7f22809f69244573f8.yaml @@ -0,0 +1,58 @@ +id: user-activity-log-e27368e4785bcd7f22809f69244573f8 + +info: + name: > + User Activity Log <= 1.9 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9df788e-a92e-4519-9e23-8aed08479b68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity-log/" + google-query: inurl:"/wp-content/plugins/user-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-log-e95622a863397746d0d019b16e681085.yaml b/nuclei-templates/cve-less/plugins/user-activity-log-e95622a863397746d0d019b16e681085.yaml new file mode 100644 index 0000000000..9bb6ecb05c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-log-e95622a863397746d0d019b16e681085.yaml @@ -0,0 +1,58 @@ +id: user-activity-log-e95622a863397746d0d019b16e681085 + +info: + name: > + User Activity Log <= 1.6.4 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4ca985e-cae1-4e26-ad2d-413724cfd45d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity-log/" + google-query: inurl:"/wp-content/plugins/user-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-log-ee6d7181de7e06427ee243be8abb06fb.yaml b/nuclei-templates/cve-less/plugins/user-activity-log-ee6d7181de7e06427ee243be8abb06fb.yaml new file mode 100644 index 0000000000..b267393713 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-log-ee6d7181de7e06427ee243be8abb06fb.yaml @@ -0,0 +1,58 @@ +id: user-activity-log-ee6d7181de7e06427ee243be8abb06fb + +info: + name: > + User Activity Log <= 1.6.2 - Authenticated(Administrator+) SQL Injection via txtsearch + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17a787da-5630-42ec-b5b0-47435db765a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity-log/" + google-query: inurl:"/wp-content/plugins/user-activity-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-log-pro-580004f61a42f3e8c462a7bbd946dd47.yaml b/nuclei-templates/cve-less/plugins/user-activity-log-pro-580004f61a42f3e8c462a7bbd946dd47.yaml new file mode 100644 index 0000000000..b6b8f1de4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-log-pro-580004f61a42f3e8c462a7bbd946dd47.yaml @@ -0,0 +1,58 @@ +id: user-activity-log-pro-580004f61a42f3e8c462a7bbd946dd47 + +info: + name: > + User Activity Log Pro <= 2.3.4 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2054dcd-1a65-48bc-9dcf-824fa448921d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity-log-pro/" + google-query: inurl:"/wp-content/plugins/user-activity-log-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity-log-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity-log-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity-log-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-log-pro-948ee2018064c5e8007e811b1634bf17.yaml b/nuclei-templates/cve-less/plugins/user-activity-log-pro-948ee2018064c5e8007e811b1634bf17.yaml new file mode 100644 index 0000000000..41dbe76b4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-log-pro-948ee2018064c5e8007e811b1634bf17.yaml @@ -0,0 +1,58 @@ +id: user-activity-log-pro-948ee2018064c5e8007e811b1634bf17 + +info: + name: > + User Activity Log Pro <= 2.3.3 - Unauthenticated Stored Cross-Site Scripting via User-Agent header + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcf205a3-be7b-49e7-ba02-3f69632ed65f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity-log-pro/" + google-query: inurl:"/wp-content/plugins/user-activity-log-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity-log-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity-log-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity-log-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-log-pro-cab9aea0ec63087506e1760b3541b9ef.yaml b/nuclei-templates/cve-less/plugins/user-activity-log-pro-cab9aea0ec63087506e1760b3541b9ef.yaml new file mode 100644 index 0000000000..16eaad1e3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-log-pro-cab9aea0ec63087506e1760b3541b9ef.yaml @@ -0,0 +1,58 @@ +id: user-activity-log-pro-cab9aea0ec63087506e1760b3541b9ef + +info: + name: > + User Activity Log Pro <= 2.3.3 - Tracking Bypass via IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9666913e-55a3-441c-85ef-8a12756e37ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity-log-pro/" + google-query: inurl:"/wp-content/plugins/user-activity-log-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity-log-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity-log-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity-log-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-tracking-and-log-86f9a1d2e10b6f707453e4230d5a4770.yaml b/nuclei-templates/cve-less/plugins/user-activity-tracking-and-log-86f9a1d2e10b6f707453e4230d5a4770.yaml new file mode 100644 index 0000000000..572695167b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-tracking-and-log-86f9a1d2e10b6f707453e4230d5a4770.yaml @@ -0,0 +1,58 @@ +id: user-activity-tracking-and-log-86f9a1d2e10b6f707453e4230d5a4770 + +info: + name: > + User Activity Tracking and Log <= 4.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/420f56de-4c83-4c9f-933c-0422467bbc7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity-tracking-and-log/" + google-query: inurl:"/wp-content/plugins/user-activity-tracking-and-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity-tracking-and-log,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity-tracking-and-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity-tracking-and-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-activity-tracking-and-log-aceb5c3c8c29eefd527f85b61425b8aa.yaml b/nuclei-templates/cve-less/plugins/user-activity-tracking-and-log-aceb5c3c8c29eefd527f85b61425b8aa.yaml new file mode 100644 index 0000000000..c7298cd3ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-activity-tracking-and-log-aceb5c3c8c29eefd527f85b61425b8aa.yaml @@ -0,0 +1,58 @@ +id: user-activity-tracking-and-log-aceb5c3c8c29eefd527f85b61425b8aa + +info: + name: > + User Activity Tracking and Log <= 4.1.3 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e2268fc-5f29-4c69-9585-81240354ae77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-activity-tracking-and-log/" + google-query: inurl:"/wp-content/plugins/user-activity-tracking-and-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-activity-tracking-and-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-activity-tracking-and-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-activity-tracking-and-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-avatar-1a7905e3891eb108823307ae3d6bb4ec.yaml b/nuclei-templates/cve-less/plugins/user-avatar-1a7905e3891eb108823307ae3d6bb4ec.yaml new file mode 100644 index 0000000000..bff094ed2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-avatar-1a7905e3891eb108823307ae3d6bb4ec.yaml @@ -0,0 +1,58 @@ +id: user-avatar-1a7905e3891eb108823307ae3d6bb4ec + +info: + name: > + User Avatar <= 1.4.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6903e37e-5251-47bb-8023-755821af4689?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-avatar/" + google-query: inurl:"/wp-content/plugins/user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-avatar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-avatar-reloaded-48546947f3dbea6a3d1c0687b8db90bb.yaml b/nuclei-templates/cve-less/plugins/user-avatar-reloaded-48546947f3dbea6a3d1c0687b8db90bb.yaml new file mode 100644 index 0000000000..dbc0697042 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-avatar-reloaded-48546947f3dbea6a3d1c0687b8db90bb.yaml @@ -0,0 +1,58 @@ +id: user-avatar-reloaded-48546947f3dbea6a3d1c0687b8db90bb + +info: + name: > + User Avatar – Reloaded <= 1.2.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3ecf638-dfc4-4e9d-bca8-cd008227e934?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-avatar-reloaded/" + google-query: inurl:"/wp-content/plugins/user-avatar-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-avatar-reloaded,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-avatar-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-avatar-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-blocker-78588e22a79e99f07ccbdc69fa52af87.yaml b/nuclei-templates/cve-less/plugins/user-blocker-78588e22a79e99f07ccbdc69fa52af87.yaml new file mode 100644 index 0000000000..665c2dee0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-blocker-78588e22a79e99f07ccbdc69fa52af87.yaml @@ -0,0 +1,58 @@ +id: user-blocker-78588e22a79e99f07ccbdc69fa52af87 + +info: + name: > + User Blocker <= 1.5.5 - Authenticated (Admin+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ee6dedb-72bc-43b0-a7cb-9069533df705?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-blocker/" + google-query: inurl:"/wp-content/plugins/user-blocker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-blocker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-blocker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-blocker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-domain-whitelist-3f3bfd2ca93dfdb22d963aa7b5cb0c46.yaml b/nuclei-templates/cve-less/plugins/user-domain-whitelist-3f3bfd2ca93dfdb22d963aa7b5cb0c46.yaml new file mode 100644 index 0000000000..6992807833 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-domain-whitelist-3f3bfd2ca93dfdb22d963aa7b5cb0c46.yaml @@ -0,0 +1,58 @@ +id: user-domain-whitelist-3f3bfd2ca93dfdb22d963aa7b5cb0c46 + +info: + name: > + User Domain Whitelist <= 1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82df7569-919a-4f95-b0e2-f866133771eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-domain-whitelist/" + google-query: inurl:"/wp-content/plugins/user-domain-whitelist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-domain-whitelist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-domain-whitelist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-domain-whitelist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-export-with-their-meta-data-07eca49e75cf7db4ec73f20f42d19592.yaml b/nuclei-templates/cve-less/plugins/user-export-with-their-meta-data-07eca49e75cf7db4ec73f20f42d19592.yaml new file mode 100644 index 0000000000..1911ef8c28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-export-with-their-meta-data-07eca49e75cf7db4ec73f20f42d19592.yaml @@ -0,0 +1,58 @@ +id: user-export-with-their-meta-data-07eca49e75cf7db4ec73f20f42d19592 + +info: + name: > + Export Users With Meta <= 0.6.8 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e8aa5c4-7e80-42c9-9f89-e9957e613cd3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-export-with-their-meta-data/" + google-query: inurl:"/wp-content/plugins/user-export-with-their-meta-data/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-export-with-their-meta-data,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-export-with-their-meta-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-export-with-their-meta-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-export-with-their-meta-data-b68fe278807d5bbe8b9f9515e0348d4e.yaml b/nuclei-templates/cve-less/plugins/user-export-with-their-meta-data-b68fe278807d5bbe8b9f9515e0348d4e.yaml new file mode 100644 index 0000000000..f9e2023e62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-export-with-their-meta-data-b68fe278807d5bbe8b9f9515e0348d4e.yaml @@ -0,0 +1,58 @@ +id: user-export-with-their-meta-data-b68fe278807d5bbe8b9f9515e0348d4e + +info: + name: > + Export Users With Meta < 0.6.5 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69618c44-5298-4b03-a63a-76f195206c8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-export-with-their-meta-data/" + google-query: inurl:"/wp-content/plugins/user-export-with-their-meta-data/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-export-with-their-meta-data,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-export-with-their-meta-data/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-export-with-their-meta-data" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-ip-and-location-0fd2b55ebd627169d7e7b82b7b9c0e52.yaml b/nuclei-templates/cve-less/plugins/user-ip-and-location-0fd2b55ebd627169d7e7b82b7b9c0e52.yaml new file mode 100644 index 0000000000..88d8aa89de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-ip-and-location-0fd2b55ebd627169d7e7b82b7b9c0e52.yaml @@ -0,0 +1,58 @@ +id: user-ip-and-location-0fd2b55ebd627169d7e7b82b7b9c0e52 + +info: + name: > + User IP and Location <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c557fc55-3c0d-43ff-8575-32f669299b39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-ip-and-location/" + google-query: inurl:"/wp-content/plugins/user-ip-and-location/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-ip-and-location,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-ip-and-location/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-ip-and-location" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-location-and-ip-2ccf4a97a0b2b289a9997f10c05da014.yaml b/nuclei-templates/cve-less/plugins/user-location-and-ip-2ccf4a97a0b2b289a9997f10c05da014.yaml new file mode 100644 index 0000000000..314dd9a1c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-location-and-ip-2ccf4a97a0b2b289a9997f10c05da014.yaml @@ -0,0 +1,58 @@ +id: user-location-and-ip-2ccf4a97a0b2b289a9997f10c05da014 + +info: + name: > + User Location and IP <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e501592-4411-4c0a-aa67-e2d0a29d5d35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-location-and-ip/" + google-query: inurl:"/wp-content/plugins/user-location-and-ip/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-location-and-ip,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-location-and-ip/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-location-and-ip" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-login-history-933c9d4b3eacccddbe4abc821f273b41.yaml b/nuclei-templates/cve-less/plugins/user-login-history-933c9d4b3eacccddbe4abc821f273b41.yaml new file mode 100644 index 0000000000..b176999434 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-login-history-933c9d4b3eacccddbe4abc821f273b41.yaml @@ -0,0 +1,58 @@ +id: user-login-history-933c9d4b3eacccddbe4abc821f273b41 + +info: + name: > + User Login History Plugin <= 1.5.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b5dc0af-90cf-41dd-a77b-4b99f267c0d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-login-history/" + google-query: inurl:"/wp-content/plugins/user-login-history/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-login-history,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-login-history/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-login-history" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-login-log-f899587161f02b977d621dc3afe7bca7.yaml b/nuclei-templates/cve-less/plugins/user-login-log-f899587161f02b977d621dc3afe7bca7.yaml new file mode 100644 index 0000000000..03e4142f31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-login-log-f899587161f02b977d621dc3afe7bca7.yaml @@ -0,0 +1,58 @@ +id: user-login-log-f899587161f02b977d621dc3afe7bca7 + +info: + name: > + User Login Log <= 2.2.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5684366b-f09c-4710-a43e-ff451d88b0e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-login-log/" + google-query: inurl:"/wp-content/plugins/user-login-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-login-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-login-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-login-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-meta-1bdc37d166ed1b52a0580bcf09d995a0.yaml b/nuclei-templates/cve-less/plugins/user-meta-1bdc37d166ed1b52a0580bcf09d995a0.yaml new file mode 100644 index 0000000000..5278b8b4db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-meta-1bdc37d166ed1b52a0580bcf09d995a0.yaml @@ -0,0 +1,58 @@ +id: user-meta-1bdc37d166ed1b52a0580bcf09d995a0 + +info: + name: > + User Meta – User Profile Builder and User management plugin <= 2.4.3 - Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba20a30c-7dd2-4cb7-b055-9a105461f7d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-meta/" + google-query: inurl:"/wp-content/plugins/user-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-meta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-meta-5115b57fde3d1e0fc01f9c1b4fc604ad.yaml b/nuclei-templates/cve-less/plugins/user-meta-5115b57fde3d1e0fc01f9c1b4fc604ad.yaml new file mode 100644 index 0000000000..ab502ed768 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-meta-5115b57fde3d1e0fc01f9c1b4fc604ad.yaml @@ -0,0 +1,58 @@ +id: user-meta-5115b57fde3d1e0fc01f9c1b4fc604ad + +info: + name: > + User Meta <= 3.0 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/662fcf6c-1095-4cea-949f-91af8fba1e47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-meta/" + google-query: inurl:"/wp-content/plugins/user-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-meta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-meta-ef13d8f60909d5e2009ffdcbdc23e29a.yaml b/nuclei-templates/cve-less/plugins/user-meta-ef13d8f60909d5e2009ffdcbdc23e29a.yaml new file mode 100644 index 0000000000..41198effbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-meta-ef13d8f60909d5e2009ffdcbdc23e29a.yaml @@ -0,0 +1,58 @@ +id: user-meta-ef13d8f60909d5e2009ffdcbdc23e29a + +info: + name: > + User Meta <= 2.4.2 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abe8efec-8f00-40bc-bc28-98435d11ebd3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-meta/" + google-query: inurl:"/wp-content/plugins/user-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-meta,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-meta-manager-9613ac9ff24ae943d3cd927f06034317.yaml b/nuclei-templates/cve-less/plugins/user-meta-manager-9613ac9ff24ae943d3cd927f06034317.yaml new file mode 100644 index 0000000000..c207e84dfa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-meta-manager-9613ac9ff24ae943d3cd927f06034317.yaml @@ -0,0 +1,58 @@ +id: user-meta-manager-9613ac9ff24ae943d3cd927f06034317 + +info: + name: > + User Meta Manager <= 3.4.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0e02954-a2e7-417b-a467-fee0076d9b2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-meta-manager/" + google-query: inurl:"/wp-content/plugins/user-meta-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-meta-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-meta-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-meta-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-meta-manager-fd49f8dca96bc998246e314731906420.yaml b/nuclei-templates/cve-less/plugins/user-meta-manager-fd49f8dca96bc998246e314731906420.yaml new file mode 100644 index 0000000000..8a4f3919c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-meta-manager-fd49f8dca96bc998246e314731906420.yaml @@ -0,0 +1,58 @@ +id: user-meta-manager-fd49f8dca96bc998246e314731906420 + +info: + name: > + User Meta Manager <= 3.4.9 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db6bb000-4f46-4a5a-b118-dcd3e78e4029?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-meta-manager/" + google-query: inurl:"/wp-content/plugins/user-meta-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-meta-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-meta-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-meta-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-meta-shortcodes-5edf46c467e512c2a9c72dfadcf57fa5.yaml b/nuclei-templates/cve-less/plugins/user-meta-shortcodes-5edf46c467e512c2a9c72dfadcf57fa5.yaml new file mode 100644 index 0000000000..daf57f1800 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-meta-shortcodes-5edf46c467e512c2a9c72dfadcf57fa5.yaml @@ -0,0 +1,58 @@ +id: user-meta-shortcodes-5edf46c467e512c2a9c72dfadcf57fa5 + +info: + name: > + User meta shortcodes <= 0.5 - Improper Access Control + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2e76535-b97e-4104-8e90-ac21348b34ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-meta-shortcodes/" + google-query: inurl:"/wp-content/plugins/user-meta-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-meta-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-meta-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-meta-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-photo-70ddedc5487f163b43d7ace431e3f2c6.yaml b/nuclei-templates/cve-less/plugins/user-photo-70ddedc5487f163b43d7ace431e3f2c6.yaml new file mode 100644 index 0000000000..b00588fb95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-photo-70ddedc5487f163b43d7ace431e3f2c6.yaml @@ -0,0 +1,58 @@ +id: user-photo-70ddedc5487f163b43d7ace431e3f2c6 + +info: + name: > + User Photo <= 0.9.4 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76eff464-69f0-47c1-bdcb-f8caa28a1280?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-photo/" + google-query: inurl:"/wp-content/plugins/user-photo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-photo,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-photo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-photo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-photo-8e79000a55d2a7778e1f3a653b09e17f.yaml b/nuclei-templates/cve-less/plugins/user-photo-8e79000a55d2a7778e1f3a653b09e17f.yaml new file mode 100644 index 0000000000..28cc14e9d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-photo-8e79000a55d2a7778e1f3a653b09e17f.yaml @@ -0,0 +1,58 @@ +id: user-photo-8e79000a55d2a7778e1f3a653b09e17f + +info: + name: > + User Photo <= 0.9.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa39debf-b2c0-4e85-bef9-90e1365f96f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-photo/" + google-query: inurl:"/wp-content/plugins/user-photo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-photo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-photo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-photo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-private-files-2203cb02480ab13ddbd56959a93d1555.yaml b/nuclei-templates/cve-less/plugins/user-private-files-2203cb02480ab13ddbd56959a93d1555.yaml new file mode 100644 index 0000000000..d82d1d216a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-private-files-2203cb02480ab13ddbd56959a93d1555.yaml @@ -0,0 +1,58 @@ +id: user-private-files-2203cb02480ab13ddbd56959a93d1555 + +info: + name: > + Frontend File Manager & Sharing – User Private Files <= 1.1.2 - Subscriber+ Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67ca3305-9a04-421f-a38e-66b69d2bbd38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-private-files/" + google-query: inurl:"/wp-content/plugins/user-private-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-private-files,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-private-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-private-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-private-files-34d2a65b3d8097e555cf3aab3134db2d.yaml b/nuclei-templates/cve-less/plugins/user-private-files-34d2a65b3d8097e555cf3aab3134db2d.yaml new file mode 100644 index 0000000000..de8769b472 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-private-files-34d2a65b3d8097e555cf3aab3134db2d.yaml @@ -0,0 +1,58 @@ +id: user-private-files-34d2a65b3d8097e555cf3aab3134db2d + +info: + name: > + WordPress File Sharing Plugin <= 2.0.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1df04293-87e9-4ab4-975d-54d36a993ab0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-private-files/" + google-query: inurl:"/wp-content/plugins/user-private-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-private-files,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-private-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-private-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-private-files-d150ec7618e98f105f22738eb7217f44.yaml b/nuclei-templates/cve-less/plugins/user-private-files-d150ec7618e98f105f22738eb7217f44.yaml new file mode 100644 index 0000000000..c307fb970d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-private-files-d150ec7618e98f105f22738eb7217f44.yaml @@ -0,0 +1,58 @@ +id: user-private-files-d150ec7618e98f105f22738eb7217f44 + +info: + name: > + User Private Files < 2.0.5 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e53e75be-d4d6-4c10-b192-fe9691f27dd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-private-files/" + google-query: inurl:"/wp-content/plugins/user-private-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-private-files,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-private-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-private-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-profile-103b877d6c6654d012dcfb8c68378ae3.yaml b/nuclei-templates/cve-less/plugins/user-profile-103b877d6c6654d012dcfb8c68378ae3.yaml new file mode 100644 index 0000000000..aa06ca350e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-profile-103b877d6c6654d012dcfb8c68378ae3.yaml @@ -0,0 +1,58 @@ +id: user-profile-103b877d6c6654d012dcfb8c68378ae3 + +info: + name: > + User profile <= 2.0.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20d16cc4-3bc2-4f1b-b7ba-17993199a997?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-profile/" + google-query: inurl:"/wp-content/plugins/user-profile/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-profile,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-profile/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-profile" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-registration-1ab35ec2ada14325b98997bb858be8c8.yaml b/nuclei-templates/cve-less/plugins/user-registration-1ab35ec2ada14325b98997bb858be8c8.yaml new file mode 100644 index 0000000000..d1bf379f95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-registration-1ab35ec2ada14325b98997bb858be8c8.yaml @@ -0,0 +1,58 @@ +id: user-registration-1ab35ec2ada14325b98997bb858be8c8 + +info: + name: > + User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.4 - Unauthenticated Stored Self-Based Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62b809dc-4089-4822-8aeb-7049fcfe376e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-registration/" + google-query: inurl:"/wp-content/plugins/user-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-registration-2612ae00d02e310a6680f563b8b56eab.yaml b/nuclei-templates/cve-less/plugins/user-registration-2612ae00d02e310a6680f563b8b56eab.yaml new file mode 100644 index 0000000000..d17d463033 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-registration-2612ae00d02e310a6680f563b8b56eab.yaml @@ -0,0 +1,58 @@ +id: user-registration-2612ae00d02e310a6680f563b8b56eab + +info: + name: > + User Registration <= 2.3.2.1 - Missing Authorization via send_test_email + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a671128a-74e6-4f92-94af-9e5e37ed7b7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-registration/" + google-query: inurl:"/wp-content/plugins/user-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-registration,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-registration-3d14b08568400569a677dd320c2e823a.yaml b/nuclei-templates/cve-less/plugins/user-registration-3d14b08568400569a677dd320c2e823a.yaml new file mode 100644 index 0000000000..3aae4145cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-registration-3d14b08568400569a677dd320c2e823a.yaml @@ -0,0 +1,58 @@ +id: user-registration-3d14b08568400569a677dd320c2e823a + +info: + name: > + User Registration <= 3.0.1 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3590277a-3319-4707-b728-d75ea59e8ad9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-registration/" + google-query: inurl:"/wp-content/plugins/user-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-registration-4d9fd3b2756396c2e2474f36f3b3ed72.yaml b/nuclei-templates/cve-less/plugins/user-registration-4d9fd3b2756396c2e2474f36f3b3ed72.yaml new file mode 100644 index 0000000000..65e354926a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-registration-4d9fd3b2756396c2e2474f36f3b3ed72.yaml @@ -0,0 +1,58 @@ +id: user-registration-4d9fd3b2756396c2e2474f36f3b3ed72 + +info: + name: > + User Registration <= 2.3.0 - Authenticated (Administrator+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26529849-c52c-40e5-8085-6764c22a03e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-registration/" + google-query: inurl:"/wp-content/plugins/user-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-registration-563b5a5f445bb7fdee347bcd0ac2e921.yaml b/nuclei-templates/cve-less/plugins/user-registration-563b5a5f445bb7fdee347bcd0ac2e921.yaml new file mode 100644 index 0000000000..063c6d2b9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-registration-563b5a5f445bb7fdee347bcd0ac2e921.yaml @@ -0,0 +1,58 @@ +id: user-registration-563b5a5f445bb7fdee347bcd0ac2e921 + +info: + name: > + User Registration <= 2.3.2.1 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5835fed0-5b9d-47b5-82ae-f0f19830ae2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-registration/" + google-query: inurl:"/wp-content/plugins/user-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-registration-5a06b4b0b81af48987e3d90166388572.yaml b/nuclei-templates/cve-less/plugins/user-registration-5a06b4b0b81af48987e3d90166388572.yaml new file mode 100644 index 0000000000..3b7bfcda01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-registration-5a06b4b0b81af48987e3d90166388572.yaml @@ -0,0 +1,58 @@ +id: user-registration-5a06b4b0b81af48987e3d90166388572 + +info: + name: > + User Registration – Custom Registration Form, Login Form And User Profile For WordPress <= 3.0.4.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b70b9b1-bde9-4a32-ae7b-a4c8d73abbc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-registration/" + google-query: inurl:"/wp-content/plugins/user-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-registration-89a71e03ca88d2c02f3be0f2c0d21756.yaml b/nuclei-templates/cve-less/plugins/user-registration-89a71e03ca88d2c02f3be0f2c0d21756.yaml new file mode 100644 index 0000000000..7515dccf7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-registration-89a71e03ca88d2c02f3be0f2c0d21756.yaml @@ -0,0 +1,58 @@ +id: user-registration-89a71e03ca88d2c02f3be0f2c0d21756 + +info: + name: > + User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Unauthenticated Media Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/864a3444-0479-4b9f-beca-584a4a9b8682?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-registration/" + google-query: inurl:"/wp-content/plugins/user-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-registration-a3ab87ca43ceb26b3f09e3ed0047a2de.yaml b/nuclei-templates/cve-less/plugins/user-registration-a3ab87ca43ceb26b3f09e3ed0047a2de.yaml new file mode 100644 index 0000000000..8c0c1ca513 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-registration-a3ab87ca43ceb26b3f09e3ed0047a2de.yaml @@ -0,0 +1,58 @@ +id: user-registration-a3ab87ca43ceb26b3f09e3ed0047a2de + +info: + name: > + User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin <= 3.1.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d03459d8-b1f2-4270-a294-403754db1f2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-registration/" + google-query: inurl:"/wp-content/plugins/user-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-registration-d95100aaa0c0f9fcb84493d4239628ac.yaml b/nuclei-templates/cve-less/plugins/user-registration-d95100aaa0c0f9fcb84493d4239628ac.yaml new file mode 100644 index 0000000000..1111cda84f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-registration-d95100aaa0c0f9fcb84493d4239628ac.yaml @@ -0,0 +1,58 @@ +id: user-registration-d95100aaa0c0f9fcb84493d4239628ac + +info: + name: > + User Registration <= 3.0.2 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a979e885-f7dd-4616-a881-64f3d97c309d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-registration/" + google-query: inurl:"/wp-content/plugins/user-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-registration-f2f2b27ba49b35955a269b199809763e.yaml b/nuclei-templates/cve-less/plugins/user-registration-f2f2b27ba49b35955a269b199809763e.yaml new file mode 100644 index 0000000000..572d5b8664 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-registration-f2f2b27ba49b35955a269b199809763e.yaml @@ -0,0 +1,58 @@ +id: user-registration-f2f2b27ba49b35955a269b199809763e + +info: + name: > + User Registration <= 2.2.4 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c07ea205-5a05-43f5-993e-c6e30f660ac8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-registration/" + google-query: inurl:"/wp-content/plugins/user-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-rights-access-manager-954c2405c628d0efb2aa813bafba83c6.yaml b/nuclei-templates/cve-less/plugins/user-rights-access-manager-954c2405c628d0efb2aa813bafba83c6.yaml new file mode 100644 index 0000000000..0ad7f90a34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-rights-access-manager-954c2405c628d0efb2aa813bafba83c6.yaml @@ -0,0 +1,58 @@ +id: user-rights-access-manager-954c2405c628d0efb2aa813bafba83c6 + +info: + name: > + User Rights Access Manager <= 1.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/033b0f16-02fb-44b9-9e07-2393afe14cc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-rights-access-manager/" + google-query: inurl:"/wp-content/plugins/user-rights-access-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-rights-access-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-rights-access-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-rights-access-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-role-19953c61fa61f206c9ea957d11e2d617.yaml b/nuclei-templates/cve-less/plugins/user-role-19953c61fa61f206c9ea957d11e2d617.yaml new file mode 100644 index 0000000000..ddc4a8ed7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-role-19953c61fa61f206c9ea957d11e2d617.yaml @@ -0,0 +1,58 @@ +id: user-role-19953c61fa61f206c9ea957d11e2d617 + +info: + name: > + User Role <= 1.5.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/277ee4f8-4b13-4a58-a4ea-28f639ecea5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-role/" + google-query: inurl:"/wp-content/plugins/user-role/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-role,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-role/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-role" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-role-be510149fd1b62e5b5bb38762ffb0573.yaml b/nuclei-templates/cve-less/plugins/user-role-be510149fd1b62e5b5bb38762ffb0573.yaml new file mode 100644 index 0000000000..1e4ca922da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-role-be510149fd1b62e5b5bb38762ffb0573.yaml @@ -0,0 +1,58 @@ +id: user-role-be510149fd1b62e5b5bb38762ffb0573 + +info: + name: > + User Role by BestWebSoft <= 1.6.6 - Cross-Site Request Forgery to Privilege Escalation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4bc525-a21f-46f2-895a-c8474f72eb92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-role/" + google-query: inurl:"/wp-content/plugins/user-role/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-role,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-role/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-role" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-shortcodes-plus-4c45cf0c9392dc7bd44f9128bee077ba.yaml b/nuclei-templates/cve-less/plugins/user-shortcodes-plus-4c45cf0c9392dc7bd44f9128bee077ba.yaml new file mode 100644 index 0000000000..19cda3153f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-shortcodes-plus-4c45cf0c9392dc7bd44f9128bee077ba.yaml @@ -0,0 +1,58 @@ +id: user-shortcodes-plus-4c45cf0c9392dc7bd44f9128bee077ba + +info: + name: > + User Shortcodes Plus <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via user_meta Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76a0a87a-dff0-4a51-bad0-8868c342ecde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-shortcodes-plus/" + google-query: inurl:"/wp-content/plugins/user-shortcodes-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-shortcodes-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-shortcodes-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-shortcodes-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-spam-remover-6c1be9857aef3e70d84394860b7ed82f.yaml b/nuclei-templates/cve-less/plugins/user-spam-remover-6c1be9857aef3e70d84394860b7ed82f.yaml new file mode 100644 index 0000000000..da1d57c3ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-spam-remover-6c1be9857aef3e70d84394860b7ed82f.yaml @@ -0,0 +1,58 @@ +id: user-spam-remover-6c1be9857aef3e70d84394860b7ed82f + +info: + name: > + User Spam Remover <= 1.0 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6efadbe7-ee9b-44cb-b7c6-4c38a872abf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-spam-remover/" + google-query: inurl:"/wp-content/plugins/user-spam-remover/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-spam-remover,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-spam-remover/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-spam-remover" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-submitted-posts-17a41e1a16870158d7b7f29143acb1a4.yaml b/nuclei-templates/cve-less/plugins/user-submitted-posts-17a41e1a16870158d7b7f29143acb1a4.yaml new file mode 100644 index 0000000000..cd79d7ac01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-submitted-posts-17a41e1a16870158d7b7f29143acb1a4.yaml @@ -0,0 +1,58 @@ +id: user-submitted-posts-17a41e1a16870158d7b7f29143acb1a4 + +info: + name: > + User Submitted Posts <= 20230809 - Unauthenticated Stored Cross-Site Scripting via 'user-submitted-content' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb4d37c-c4c2-4523-9b4e-73ffb7be81ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-submitted-posts/" + google-query: inurl:"/wp-content/plugins/user-submitted-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-submitted-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-submitted-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-submitted-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20230809') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-submitted-posts-36cace1718aa377bc2a0687653bc5015.yaml b/nuclei-templates/cve-less/plugins/user-submitted-posts-36cace1718aa377bc2a0687653bc5015.yaml new file mode 100644 index 0000000000..98488be54c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-submitted-posts-36cace1718aa377bc2a0687653bc5015.yaml @@ -0,0 +1,58 @@ +id: user-submitted-posts-36cace1718aa377bc2a0687653bc5015 + +info: + name: > + User Submitted Posts <= 20190312 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a97877b-fb4d-4e87-bcff-56be65fee6ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-submitted-posts/" + google-query: inurl:"/wp-content/plugins/user-submitted-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-submitted-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-submitted-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-submitted-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 20190426') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-submitted-posts-b4200cfb6c25751d846b15f9be817013.yaml b/nuclei-templates/cve-less/plugins/user-submitted-posts-b4200cfb6c25751d846b15f9be817013.yaml new file mode 100644 index 0000000000..ebb343ee91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-submitted-posts-b4200cfb6c25751d846b15f9be817013.yaml @@ -0,0 +1,58 @@ +id: user-submitted-posts-b4200cfb6c25751d846b15f9be817013 + +info: + name: > + User Submitted Posts <= 20230902 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/babbe506-3abd-462a-b5b8-5979696eb6e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-submitted-posts/" + google-query: inurl:"/wp-content/plugins/user-submitted-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-submitted-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-submitted-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-submitted-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20230902') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-submitted-posts-e52fe8ccbb854729b4cd4efd3c029a6b.yaml b/nuclei-templates/cve-less/plugins/user-submitted-posts-e52fe8ccbb854729b4cd4efd3c029a6b.yaml new file mode 100644 index 0000000000..ddfb46e219 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-submitted-posts-e52fe8ccbb854729b4cd4efd3c029a6b.yaml @@ -0,0 +1,58 @@ +id: user-submitted-posts-e52fe8ccbb854729b4cd4efd3c029a6b + +info: + name: > + User Submitted Posts < 20160215 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da848ced-acc4-48bc-8fbe-e90cdd53b3e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-submitted-posts/" + google-query: inurl:"/wp-content/plugins/user-submitted-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-submitted-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-submitted-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-submitted-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 20160215') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-submitted-posts-ec6e68cb23a447be8fad62b8d99d082d.yaml b/nuclei-templates/cve-less/plugins/user-submitted-posts-ec6e68cb23a447be8fad62b8d99d082d.yaml new file mode 100644 index 0000000000..f0ab126f6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-submitted-posts-ec6e68cb23a447be8fad62b8d99d082d.yaml @@ -0,0 +1,58 @@ +id: user-submitted-posts-ec6e68cb23a447be8fad62b8d99d082d + +info: + name: > + User Submitted Posts <= 20230901 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7fca965-86f8-4ee4-a9d6-cb18fe5f098e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-submitted-posts/" + google-query: inurl:"/wp-content/plugins/user-submitted-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-submitted-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-submitted-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-submitted-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20230901') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-submitted-posts-ef952e49d818ad8d9f5105858ddc8b74.yaml b/nuclei-templates/cve-less/plugins/user-submitted-posts-ef952e49d818ad8d9f5105858ddc8b74.yaml new file mode 100644 index 0000000000..0f23eaad0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-submitted-posts-ef952e49d818ad8d9f5105858ddc8b74.yaml @@ -0,0 +1,58 @@ +id: user-submitted-posts-ef952e49d818ad8d9f5105858ddc8b74 + +info: + name: > + User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d21ca709-183f-4dd1-849c-f1b2a4f7ec43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-submitted-posts/" + google-query: inurl:"/wp-content/plugins/user-submitted-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-submitted-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-submitted-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-submitted-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20230811') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/user-verification-ca88165c86af83d72c5c99df7036335e.yaml b/nuclei-templates/cve-less/plugins/user-verification-ca88165c86af83d72c5c99df7036335e.yaml new file mode 100644 index 0000000000..1e47bd22ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/user-verification-ca88165c86af83d72c5c99df7036335e.yaml @@ -0,0 +1,58 @@ +id: user-verification-ca88165c86af83d72c5c99df7036335e + +info: + name: > + User Verification <= 1.0.93 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7e3a8ee-9950-4da4-8450-8b5902b3b876?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/user-verification/" + google-query: inurl:"/wp-content/plugins/user-verification/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,user-verification,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/user-verification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "user-verification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.93') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/useragent-spy-6cfb5c63bbc7af6b76f9e01d4d2fe2ac.yaml b/nuclei-templates/cve-less/plugins/useragent-spy-6cfb5c63bbc7af6b76f9e01d4d2fe2ac.yaml new file mode 100644 index 0000000000..c0bafe43a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/useragent-spy-6cfb5c63bbc7af6b76f9e01d4d2fe2ac.yaml @@ -0,0 +1,58 @@ +id: useragent-spy-6cfb5c63bbc7af6b76f9e01d4d2fe2ac + +info: + name: > + UserAgent-Spy <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/434755f8-b2af-4f35-9af9-f0b9578718c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/useragent-spy/" + google-query: inurl:"/wp-content/plugins/useragent-spy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,useragent-spy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/useragent-spy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "useragent-spy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userback-0c4c2f31024fbf5cfab7d01fe111d650.yaml b/nuclei-templates/cve-less/plugins/userback-0c4c2f31024fbf5cfab7d01fe111d650.yaml new file mode 100644 index 0000000000..7ef465abd0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userback-0c4c2f31024fbf5cfab7d01fe111d650.yaml @@ -0,0 +1,58 @@ +id: userback-0c4c2f31024fbf5cfab7d01fe111d650 + +info: + name: > + Userback <= 1.0.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2178b39c-5341-4f53-82be-668b400d7f25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userback/" + google-query: inurl:"/wp-content/plugins/userback/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userback,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userback/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userback" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userfeedback-lite-1e3a0fb44323bb8b37d482026ed1bcb6.yaml b/nuclei-templates/cve-less/plugins/userfeedback-lite-1e3a0fb44323bb8b37d482026ed1bcb6.yaml new file mode 100644 index 0000000000..14a369b1f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userfeedback-lite-1e3a0fb44323bb8b37d482026ed1bcb6.yaml @@ -0,0 +1,58 @@ +id: userfeedback-lite-1e3a0fb44323bb8b37d482026ed1bcb6 + +info: + name: > + User Feedback <= 1.0.9 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abc056b0-55a2-439c-b7f6-4a2fc48c9823?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userfeedback-lite/" + google-query: inurl:"/wp-content/plugins/userfeedback-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userfeedback-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userfeedback-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userfeedback-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userfeedback-lite-61ee64923a0fe1e6df3a4bb79ec27733.yaml b/nuclei-templates/cve-less/plugins/userfeedback-lite-61ee64923a0fe1e6df3a4bb79ec27733.yaml new file mode 100644 index 0000000000..d67f0d739b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userfeedback-lite-61ee64923a0fe1e6df3a4bb79ec27733.yaml @@ -0,0 +1,58 @@ +id: userfeedback-lite-61ee64923a0fe1e6df3a4bb79ec27733 + +info: + name: > + User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds <= 1.0.13 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a649fbea-65cf-45c9-b853-2733f27518af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userfeedback-lite/" + google-query: inurl:"/wp-content/plugins/userfeedback-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userfeedback-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userfeedback-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userfeedback-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userfeedback-lite-bc5c4137940b6ee9a3fd20aa718b68a9.yaml b/nuclei-templates/cve-less/plugins/userfeedback-lite-bc5c4137940b6ee9a3fd20aa718b68a9.yaml new file mode 100644 index 0000000000..ac2fc8bb43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userfeedback-lite-bc5c4137940b6ee9a3fd20aa718b68a9.yaml @@ -0,0 +1,58 @@ +id: userfeedback-lite-bc5c4137940b6ee9a3fd20aa718b68a9 + +info: + name: > + User Feedback <= 1.0.7 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9e45bc2-6db6-49cd-8a4a-58489a8ddac2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userfeedback-lite/" + google-query: inurl:"/wp-content/plugins/userfeedback-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userfeedback-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userfeedback-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userfeedback-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userfeedback-lite-bdeaf570096cf99a20e12f37d41beaeb.yaml b/nuclei-templates/cve-less/plugins/userfeedback-lite-bdeaf570096cf99a20e12f37d41beaeb.yaml new file mode 100644 index 0000000000..4ecd74628a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userfeedback-lite-bdeaf570096cf99a20e12f37d41beaeb.yaml @@ -0,0 +1,58 @@ +id: userfeedback-lite-bdeaf570096cf99a20e12f37d41beaeb + +info: + name: > + User Feedback <= 1.0.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63c7bb29-c8b2-49ee-8ac4-1046b61b7e6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userfeedback-lite/" + google-query: inurl:"/wp-content/plugins/userfeedback-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userfeedback-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userfeedback-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userfeedback-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userheat-783cdb329475b25222f6cb9b44f2e64c.yaml b/nuclei-templates/cve-less/plugins/userheat-783cdb329475b25222f6cb9b44f2e64c.yaml new file mode 100644 index 0000000000..86f20a4faf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userheat-783cdb329475b25222f6cb9b44f2e64c.yaml @@ -0,0 +1,58 @@ +id: userheat-783cdb329475b25222f6cb9b44f2e64c + +info: + name: > + UserHeat Plugin <= 1.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c03b5670-9f7e-4001-ba90-197559b794a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userheat/" + google-query: inurl:"/wp-content/plugins/userheat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userheat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userheat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userheat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userlike-e37188c1de6df4d33488960fa6e214fa.yaml b/nuclei-templates/cve-less/plugins/userlike-e37188c1de6df4d33488960fa6e214fa.yaml new file mode 100644 index 0000000000..9680c2d932 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userlike-e37188c1de6df4d33488960fa6e214fa.yaml @@ -0,0 +1,58 @@ +id: userlike-e37188c1de6df4d33488960fa6e214fa + +info: + name: > + Userlike <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14c94d47-c911-4874-a897-58f4c0800329?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userlike/" + google-query: inurl:"/wp-content/plugins/userlike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userlike,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userlike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userlike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/username-updater-2508566224c9697f712ccd556a0ee74e.yaml b/nuclei-templates/cve-less/plugins/username-updater-2508566224c9697f712ccd556a0ee74e.yaml new file mode 100644 index 0000000000..5012b79226 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/username-updater-2508566224c9697f712ccd556a0ee74e.yaml @@ -0,0 +1,58 @@ +id: username-updater-2508566224c9697f712ccd556a0ee74e + +info: + name: > + Easy Username Updater <= 1.0.3 - Cross-Site Request Forgery to Username Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e3e996b-6988-42ab-9766-ddc070243c1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/username-updater/" + google-query: inurl:"/wp-content/plugins/username-updater/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,username-updater,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/username-updater/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "username-updater" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userplus-dbb603a582acad18868b604587ba2dff.yaml b/nuclei-templates/cve-less/plugins/userplus-dbb603a582acad18868b604587ba2dff.yaml new file mode 100644 index 0000000000..aa31b09fd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userplus-dbb603a582acad18868b604587ba2dff.yaml @@ -0,0 +1,58 @@ +id: userplus-dbb603a582acad18868b604587ba2dff + +info: + name: > + UserPlus <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acd0349b-7864-4e4e-84ba-6f0ec5b585f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userplus/" + google-query: inurl:"/wp-content/plugins/userplus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userplus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userplus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userplus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-04f8df43c58f1fcfe62ac6f2791a6403.yaml b/nuclei-templates/cve-less/plugins/userpro-04f8df43c58f1fcfe62ac6f2791a6403.yaml new file mode 100644 index 0000000000..dca6976e3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-04f8df43c58f1fcfe62ac6f2791a6403.yaml @@ -0,0 +1,58 @@ +id: userpro-04f8df43c58f1fcfe62ac6f2791a6403 + +info: + name: > + UserPro <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via userpro_save_userdata + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d30adc5-27a5-4549-84fc-b930f27f03e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-0738939cc65ce7903ad33d05a6227fd2.yaml b/nuclei-templates/cve-less/plugins/userpro-0738939cc65ce7903ad33d05a6227fd2.yaml new file mode 100644 index 0000000000..21bbd62bc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-0738939cc65ce7903ad33d05a6227fd2.yaml @@ -0,0 +1,58 @@ +id: userpro-0738939cc65ce7903ad33d05a6227fd2 + +info: + name: > + UserPro <= 5.1.1 - Sensitive Information Disclosure via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4072ba5f-6385-4fa3-85b6-89dac7b60a92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-154b839caaa4713224f0ab043264e6ea.yaml b/nuclei-templates/cve-less/plugins/userpro-154b839caaa4713224f0ab043264e6ea.yaml new file mode 100644 index 0000000000..4b51e6d476 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-154b839caaa4713224f0ab043264e6ea.yaml @@ -0,0 +1,58 @@ +id: userpro-154b839caaa4713224f0ab043264e6ea + +info: + name: > + UserPro <= 5.1.1 - Authentication Bypass to Administrator + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3cf9f38-c20e-40dc-a7a1-65b0c6ba7925?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-183bcbf1ecc01c4bcdfd0244c1054c88.yaml b/nuclei-templates/cve-less/plugins/userpro-183bcbf1ecc01c4bcdfd0244c1054c88.yaml new file mode 100644 index 0000000000..4ffffc89f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-183bcbf1ecc01c4bcdfd0244c1054c88.yaml @@ -0,0 +1,58 @@ +id: userpro-183bcbf1ecc01c4bcdfd0244c1054c88 + +info: + name: > + UserPro <= 5.1.1 - Cross-Site Request Forgery to Privilege Escalation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73600498-f55c-4b8e-a625-4f292e58e0ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-3c7a7bda89b03e9d2cc247c341834e4e.yaml b/nuclei-templates/cve-less/plugins/userpro-3c7a7bda89b03e9d2cc247c341834e4e.yaml new file mode 100644 index 0000000000..29cc06ddb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-3c7a7bda89b03e9d2cc247c341834e4e.yaml @@ -0,0 +1,58 @@ +id: userpro-3c7a7bda89b03e9d2cc247c341834e4e + +info: + name: > + UserPro <= 4.9.17 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51957ee1-a423-485b-8cfd-8eafaf6744e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.9.17.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-3e54e940d7f7e91b150b3a2075b3abc6.yaml b/nuclei-templates/cve-less/plugins/userpro-3e54e940d7f7e91b150b3a2075b3abc6.yaml new file mode 100644 index 0000000000..4d63ae6100 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-3e54e940d7f7e91b150b3a2075b3abc6.yaml @@ -0,0 +1,58 @@ +id: userpro-3e54e940d7f7e91b150b3a2075b3abc6 + +info: + name: > + UserPro <= 5.1.4 - Missing Authorization to Arbitrary Shortcode Execution via userpro_shortcode_template + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cbe9175-4a6f-4eb6-8d31-9a9fda9b4f40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-656244efbeeadce5c71da45e29bb9a67.yaml b/nuclei-templates/cve-less/plugins/userpro-656244efbeeadce5c71da45e29bb9a67.yaml new file mode 100644 index 0000000000..bd06335a46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-656244efbeeadce5c71da45e29bb9a67.yaml @@ -0,0 +1,58 @@ +id: userpro-656244efbeeadce5c71da45e29bb9a67 + +info: + name: > + UserPro <= 4.9.23 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e90fe49-4ead-4468-b3cc-30040e4f278f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-73550b54c3b3918e019ec5d1a646e218.yaml b/nuclei-templates/cve-less/plugins/userpro-73550b54c3b3918e019ec5d1a646e218.yaml new file mode 100644 index 0000000000..82125b3c78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-73550b54c3b3918e019ec5d1a646e218.yaml @@ -0,0 +1,58 @@ +id: userpro-73550b54c3b3918e019ec5d1a646e218 + +info: + name: > + UserPro <= 5.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21cb424c-4efd-4c12-a08a-6d574f118c28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '5.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-89d956efcfdb19ea855c5732e7ba78c5.yaml b/nuclei-templates/cve-less/plugins/userpro-89d956efcfdb19ea855c5732e7ba78c5.yaml new file mode 100644 index 0000000000..e48b2c360a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-89d956efcfdb19ea855c5732e7ba78c5.yaml @@ -0,0 +1,58 @@ +id: userpro-89d956efcfdb19ea855c5732e7ba78c5 + +info: + name: > + UserPro <= 4.9.34 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/741028c9-6021-4522-b7e5-b31f0c3a9f10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-ae32c7f72e10e74657f2f9c1c4ca3ce3.yaml b/nuclei-templates/cve-less/plugins/userpro-ae32c7f72e10e74657f2f9c1c4ca3ce3.yaml new file mode 100644 index 0000000000..21adaf6e93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-ae32c7f72e10e74657f2f9c1c4ca3ce3.yaml @@ -0,0 +1,58 @@ +id: userpro-ae32c7f72e10e74657f2f9c1c4ca3ce3 + +info: + name: > + UserPro <= 5.1.6 - Disabled Membership Registration Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea070d9c-c04c-432f-a110-47b9eaa67614?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-caff8f6f354132f41c0e30a99b04fa75.yaml b/nuclei-templates/cve-less/plugins/userpro-caff8f6f354132f41c0e30a99b04fa75.yaml new file mode 100644 index 0000000000..2f8b325d6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-caff8f6f354132f41c0e30a99b04fa75.yaml @@ -0,0 +1,58 @@ +id: userpro-caff8f6f354132f41c0e30a99b04fa75 + +info: + name: > + UserPro <= 5.1.4 - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8bed9c0-dae3-405e-a946-5f28a3c30851?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-dc4223fef5ec45deab1fbfe214a6cedd.yaml b/nuclei-templates/cve-less/plugins/userpro-dc4223fef5ec45deab1fbfe214a6cedd.yaml new file mode 100644 index 0000000000..3ed159f825 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-dc4223fef5ec45deab1fbfe214a6cedd.yaml @@ -0,0 +1,58 @@ +id: userpro-dc4223fef5ec45deab1fbfe214a6cedd + +info: + name: > + UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed6e2b9e-3d70-4c07-a779-45164816b89c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-e552b5aef7987e0ab7219edb686bfcc2.yaml b/nuclei-templates/cve-less/plugins/userpro-e552b5aef7987e0ab7219edb686bfcc2.yaml new file mode 100644 index 0000000000..a4eda8abfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-e552b5aef7987e0ab7219edb686bfcc2.yaml @@ -0,0 +1,58 @@ +id: userpro-e552b5aef7987e0ab7219edb686bfcc2 + +info: + name: > + UserPro <= 5.1.1 - Cross-Site Request Forgery to Sensitive Information Exposure + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0372efe4-b5be-4601-be43-5c12332ea1a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-e9ae8122ab019b9f575d632976e78882.yaml b/nuclei-templates/cve-less/plugins/userpro-e9ae8122ab019b9f575d632976e78882.yaml new file mode 100644 index 0000000000..44a95b3760 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-e9ae8122ab019b9f575d632976e78882.yaml @@ -0,0 +1,58 @@ +id: userpro-e9ae8122ab019b9f575d632976e78882 + +info: + name: > + UserPro <= 5.1.0 - Cross-Site Request Forgery to PHP Object Injection + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbb601ce-a884-4894-af13-dab14885c7eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-ec4b5ca541f179f9756ae5a9210d5761.yaml b/nuclei-templates/cve-less/plugins/userpro-ec4b5ca541f179f9756ae5a9210d5761.yaml new file mode 100644 index 0000000000..9ddc508f82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-ec4b5ca541f179f9756ae5a9210d5761.yaml @@ -0,0 +1,58 @@ +id: userpro-ec4b5ca541f179f9756ae5a9210d5761 + +info: + name: > + UserPro <= 5.1.1 - Insecure Password Reset Mechanism + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de9be7bc-4f8a-4393-8ebb-1b1f141b7585?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userpro-fbcad9f6d7319e6ca8392a71ea0bffb3.yaml b/nuclei-templates/cve-less/plugins/userpro-fbcad9f6d7319e6ca8392a71ea0bffb3.yaml new file mode 100644 index 0000000000..b8df8f8ad2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userpro-fbcad9f6d7319e6ca8392a71ea0bffb3.yaml @@ -0,0 +1,58 @@ +id: userpro-fbcad9f6d7319e6ca8392a71ea0bffb3 + +info: + name: > + UserPro <= 5.1.1 - Missing Authorization via multiple functions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c4f8798-c0f9-4d05-808e-375864a0ad95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userpro/" + google-query: inurl:"/wp-content/plugins/userpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userpro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userpro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml new file mode 100644 index 0000000000..af41a3913f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml @@ -0,0 +1,58 @@ +id: users-customers-import-export-for-wp-woocommerce-0088814ed74fd156e9ee132de51ef1d2 + +info: + name: > + WebToffee Plugins <= (Various Versions) - Arbitrary User Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27ac48a7-52ee-46cb-a6d0-efbd2b516445?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + google-query: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-customers-import-export-for-wp-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-0ced1508729f529a88bdefd2f552e467.yaml b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-0ced1508729f529a88bdefd2f552e467.yaml new file mode 100644 index 0000000000..f66b3b3bca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-0ced1508729f529a88bdefd2f552e467.yaml @@ -0,0 +1,58 @@ +id: users-customers-import-export-for-wp-woocommerce-0ced1508729f529a88bdefd2f552e467 + +info: + name: > + Export and Import Users and Customers <= 2.4.8 - Authenticated (Shop Manager+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55b3e2dc-dc4f-408b-bbc6-da72ed5ad245?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + google-query: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-customers-import-export-for-wp-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-2178e4e9767ddbb5794b39d1005e082d.yaml b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-2178e4e9767ddbb5794b39d1005e082d.yaml new file mode 100644 index 0000000000..d2a08fcb5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-2178e4e9767ddbb5794b39d1005e082d.yaml @@ -0,0 +1,58 @@ +id: users-customers-import-export-for-wp-woocommerce-2178e4e9767ddbb5794b39d1005e082d + +info: + name: > + Export and Import Users and Customers <= 2.5.3 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f7a5e27-af7e-4e32-be9b-08e1133bb323?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + google-query: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-customers-import-export-for-wp-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-4f3805308ff329789ed39fb1a7c50453.yaml b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-4f3805308ff329789ed39fb1a7c50453.yaml new file mode 100644 index 0000000000..07b8723a66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-4f3805308ff329789ed39fb1a7c50453.yaml @@ -0,0 +1,58 @@ +id: users-customers-import-export-for-wp-woocommerce-4f3805308ff329789ed39fb1a7c50453 + +info: + name: > + Export and Import Users and Customers <= 2.4.1 - Missing Authorization to Authenticated (Shop Manager) Arbitrary User Password Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47337214-9cc3-4b12-bb71-9acbab3649b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + google-query: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-customers-import-export-for-wp-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-a5584c4a9e33feea6b14b638918b3b10.yaml b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-a5584c4a9e33feea6b14b638918b3b10.yaml new file mode 100644 index 0000000000..f123e7f7e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-a5584c4a9e33feea6b14b638918b3b10.yaml @@ -0,0 +1,58 @@ +id: users-customers-import-export-for-wp-woocommerce-a5584c4a9e33feea6b14b638918b3b10 + +info: + name: > + Import Export WordPress Users and WooCommerce Customers <= 1.3.1 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5966a86c-f1e6-4d53-b32a-fa1440d65819?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + google-query: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-customers-import-export-for-wp-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-b9a49aa567e405f97048b32968f3519a.yaml b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-b9a49aa567e405f97048b32968f3519a.yaml new file mode 100644 index 0000000000..72d3938c07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-customers-import-export-for-wp-woocommerce-b9a49aa567e405f97048b32968f3519a.yaml @@ -0,0 +1,58 @@ +id: users-customers-import-export-for-wp-woocommerce-b9a49aa567e405f97048b32968f3519a + +info: + name: > + Import Export WordPress Users <= 2.5.2 - Authenticated (Shop Manager+) Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a8d0f86-73fe-43a6-a03a-38bf815dd30b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + google-query: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-customers-import-export-for-wp-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-customers-import-export-for-wp-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-customers-import-export-for-wp-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-profile-picture-28ec3275d51e7b8c31fce132b1bffc74.yaml b/nuclei-templates/cve-less/plugins/users-profile-picture-28ec3275d51e7b8c31fce132b1bffc74.yaml new file mode 100644 index 0000000000..cf18bd2ab7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-profile-picture-28ec3275d51e7b8c31fce132b1bffc74.yaml @@ -0,0 +1,58 @@ +id: users-profile-picture-28ec3275d51e7b8c31fce132b1bffc74 + +info: + name: > + User Profile Picture < 2.6.0 - Authenticated Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f963cd2-0069-4e58-a5e5-8a9bfea65168?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-profile-picture/" + google-query: inurl:"/wp-content/plugins/users-profile-picture/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-profile-picture,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-profile-picture/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-profile-picture" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-profile-picture-e433366cbf26ba8f78929a0ce010f58a.yaml b/nuclei-templates/cve-less/plugins/users-profile-picture-e433366cbf26ba8f78929a0ce010f58a.yaml new file mode 100644 index 0000000000..1a78612637 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-profile-picture-e433366cbf26ba8f78929a0ce010f58a.yaml @@ -0,0 +1,58 @@ +id: users-profile-picture-e433366cbf26ba8f78929a0ce010f58a + +info: + name: > + User Profile Picture <= 2.4.0 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6535f932-3aa4-4686-adf6-4e7a1f494e02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-profile-picture/" + google-query: inurl:"/wp-content/plugins/users-profile-picture/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-profile-picture,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-profile-picture/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-profile-picture" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-ultra-4d92bacdb897e72bc7c9b888465bfb12.yaml b/nuclei-templates/cve-less/plugins/users-ultra-4d92bacdb897e72bc7c9b888465bfb12.yaml new file mode 100644 index 0000000000..c1e35c897a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-ultra-4d92bacdb897e72bc7c9b888465bfb12.yaml @@ -0,0 +1,58 @@ +id: users-ultra-4d92bacdb897e72bc7c9b888465bfb12 + +info: + name: > + Users Ultra Membership Plugin <= 1.5.63 - Authenticated Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49754f41-b809-4a97-ab8f-233f51dc058f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-ultra/" + google-query: inurl:"/wp-content/plugins/users-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-ultra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-ultra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.64') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-ultra-4ee3b92fe5cef5ace6e0821bce6a628f.yaml b/nuclei-templates/cve-less/plugins/users-ultra-4ee3b92fe5cef5ace6e0821bce6a628f.yaml new file mode 100644 index 0000000000..50fcdc7584 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-ultra-4ee3b92fe5cef5ace6e0821bce6a628f.yaml @@ -0,0 +1,58 @@ +id: users-ultra-4ee3b92fe5cef5ace6e0821bce6a628f + +info: + name: > + Users Ultra <= 1.5.15 - Multiple SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/235c9967-808f-45f2-85cf-7ee7a523593d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-ultra/" + google-query: inurl:"/wp-content/plugins/users-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-ultra,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-ultra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-ultra-7d8cf8e800d2870ca230bed514c737c3.yaml b/nuclei-templates/cve-less/plugins/users-ultra-7d8cf8e800d2870ca230bed514c737c3.yaml new file mode 100644 index 0000000000..e07e0faeab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-ultra-7d8cf8e800d2870ca230bed514c737c3.yaml @@ -0,0 +1,58 @@ +id: users-ultra-7d8cf8e800d2870ca230bed514c737c3 + +info: + name: > + Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 1.5.58 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef4134a1-e2c6-495a-bc00-cc8cd783cd7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-ultra/" + google-query: inurl:"/wp-content/plugins/users-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-ultra,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-ultra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-ultra-9ae9897b899214e88181a9313e35781d.yaml b/nuclei-templates/cve-less/plugins/users-ultra-9ae9897b899214e88181a9313e35781d.yaml new file mode 100644 index 0000000000..b7b5d944fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-ultra-9ae9897b899214e88181a9313e35781d.yaml @@ -0,0 +1,58 @@ +id: users-ultra-9ae9897b899214e88181a9313e35781d + +info: + name: > + Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a9f7a61-535f-45c8-a7e7-e8b095cacaa1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-ultra/" + google-query: inurl:"/wp-content/plugins/users-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-ultra,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-ultra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.63') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-ultra-ccec5144654bab62438c0000b0cd001b.yaml b/nuclei-templates/cve-less/plugins/users-ultra-ccec5144654bab62438c0000b0cd001b.yaml new file mode 100644 index 0000000000..ad2ad8d953 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-ultra-ccec5144654bab62438c0000b0cd001b.yaml @@ -0,0 +1,58 @@ +id: users-ultra-ccec5144654bab62438c0000b0cd001b + +info: + name: > + Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Scripting via p_name parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00cb5ce9-cca2-4e41-8d00-1d2ca7770dce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-ultra/" + google-query: inurl:"/wp-content/plugins/users-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-ultra,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-ultra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.63') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-ultra-d7cc53ebc89a0251fb7abbabbb69e870.yaml b/nuclei-templates/cve-less/plugins/users-ultra-d7cc53ebc89a0251fb7abbabbb69e870.yaml new file mode 100644 index 0000000000..6780ee38de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-ultra-d7cc53ebc89a0251fb7abbabbb69e870.yaml @@ -0,0 +1,58 @@ +id: users-ultra-d7cc53ebc89a0251fb7abbabbb69e870 + +info: + name: > + Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin < 1.5.63 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe2a538b-60a5-4595-b901-4477679e6b8a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-ultra/" + google-query: inurl:"/wp-content/plugins/users-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-ultra,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-ultra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.63') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/users-ultra-ee6588c23752ef8db22d5c7efc9281bf.yaml b/nuclei-templates/cve-less/plugins/users-ultra-ee6588c23752ef8db22d5c7efc9281bf.yaml new file mode 100644 index 0000000000..6364a196d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/users-ultra-ee6588c23752ef8db22d5c7efc9281bf.yaml @@ -0,0 +1,58 @@ +id: users-ultra-ee6588c23752ef8db22d5c7efc9281bf + +info: + name: > + Users Ultra Membership, Users Community and Member Profiles With PayPal Integration Plugin <= 3.1.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d9ffbf3-520a-4563-85e1-27c1cc544856?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/users-ultra/" + google-query: inurl:"/wp-content/plugins/users-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,users-ultra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/users-ultra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "users-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/usersnap-650d3965dc4c579880213651d87a4777.yaml b/nuclei-templates/cve-less/plugins/usersnap-650d3965dc4c579880213651d87a4777.yaml new file mode 100644 index 0000000000..0cee71d7e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/usersnap-650d3965dc4c579880213651d87a4777.yaml @@ -0,0 +1,58 @@ +id: usersnap-650d3965dc4c579880213651d87a4777 + +info: + name: > + Usersnap <= 4.16 - Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ad00419-e9fa-4f78-b0d9-02cfb412a04d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/usersnap/" + google-query: inurl:"/wp-content/plugins/usersnap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,usersnap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/usersnap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "usersnap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userswp-467ae4d6a0b8db0e5b6c781618b2d3ee.yaml b/nuclei-templates/cve-less/plugins/userswp-467ae4d6a0b8db0e5b6c781618b2d3ee.yaml new file mode 100644 index 0000000000..cdc2cc4025 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userswp-467ae4d6a0b8db0e5b6c781618b2d3ee.yaml @@ -0,0 +1,58 @@ +id: userswp-467ae4d6a0b8db0e5b6c781618b2d3ee + +info: + name: > + UsersWP <= 1.2.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef53c2c-01fb-41b6-b329-d952ce3424e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userswp/" + google-query: inurl:"/wp-content/plugins/userswp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userswp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userswp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userswp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userswp-608aad3fd1d4f9ba2d0904fa4c5d78c2.yaml b/nuclei-templates/cve-less/plugins/userswp-608aad3fd1d4f9ba2d0904fa4c5d78c2.yaml new file mode 100644 index 0000000000..37486b45be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userswp-608aad3fd1d4f9ba2d0904fa4c5d78c2.yaml @@ -0,0 +1,58 @@ +id: userswp-608aad3fd1d4f9ba2d0904fa4c5d78c2 + +info: + name: > + UsersWP <= 1.2.3 - Subscriber+ User Avatar Override + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f31b42c8-cf82-49cf-ac4c-d42a28252d66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userswp/" + google-query: inurl:"/wp-content/plugins/userswp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userswp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userswp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userswp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userswp-8d1c622642cdaf2469921f84335dfe12.yaml b/nuclei-templates/cve-less/plugins/userswp-8d1c622642cdaf2469921f84335dfe12.yaml new file mode 100644 index 0000000000..87ca54f6c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userswp-8d1c622642cdaf2469921f84335dfe12.yaml @@ -0,0 +1,58 @@ +id: userswp-8d1c622642cdaf2469921f84335dfe12 + +info: + name: > + UsersWP <= 1.2.3.9 - Authenticated (Administrator+) CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/567c4487-32e3-4afd-aec7-2f8171a49ebc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userswp/" + google-query: inurl:"/wp-content/plugins/userswp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userswp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userswp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userswp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/userswp-e839aa50a0f3e00f901dfe5f18166d4a.yaml b/nuclei-templates/cve-less/plugins/userswp-e839aa50a0f3e00f901dfe5f18166d4a.yaml new file mode 100644 index 0000000000..c536ffc39c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/userswp-e839aa50a0f3e00f901dfe5f18166d4a.yaml @@ -0,0 +1,58 @@ +id: userswp-e839aa50a0f3e00f901dfe5f18166d4a + +info: + name: > + UsersWP <= 1.2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a308056-aadc-4fc3-8133-2b05f3d9aabe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/userswp/" + google-query: inurl:"/wp-content/plugins/userswp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,userswp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/userswp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "userswp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/utm-tracker-fae9c4f5e42508587fcd2ed1f9caedd8.yaml b/nuclei-templates/cve-less/plugins/utm-tracker-fae9c4f5e42508587fcd2ed1f9caedd8.yaml new file mode 100644 index 0000000000..6060186488 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/utm-tracker-fae9c4f5e42508587fcd2ed1f9caedd8.yaml @@ -0,0 +1,58 @@ +id: utm-tracker-fae9c4f5e42508587fcd2ed1f9caedd8 + +info: + name: > + UTM Tracker <= 1.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/077ec165-edd3-4c2c-b1ea-01ca5b80f779?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/utm-tracker/" + google-query: inurl:"/wp-content/plugins/utm-tracker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,utm-tracker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/utm-tracker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "utm-tracker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/utubevideo-gallery-17199c68a13d9adf35ea73d24856f5f8.yaml b/nuclei-templates/cve-less/plugins/utubevideo-gallery-17199c68a13d9adf35ea73d24856f5f8.yaml new file mode 100644 index 0000000000..790e03154a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/utubevideo-gallery-17199c68a13d9adf35ea73d24856f5f8.yaml @@ -0,0 +1,58 @@ +id: utubevideo-gallery-17199c68a13d9adf35ea73d24856f5f8 + +info: + name: > + uTubeVideo Gallery <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7f7b6b1-61d6-4911-ad1f-16a14c16618d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/utubevideo-gallery/" + google-query: inurl:"/wp-content/plugins/utubevideo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,utubevideo-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/utubevideo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "utubevideo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ux-flat-58b2abf7cb460597ca6a6d20fc9fbdcc.yaml b/nuclei-templates/cve-less/plugins/ux-flat-58b2abf7cb460597ca6a6d20fc9fbdcc.yaml new file mode 100644 index 0000000000..d963e51de1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ux-flat-58b2abf7cb460597ca6a6d20fc9fbdcc.yaml @@ -0,0 +1,58 @@ +id: ux-flat-58b2abf7cb460597ca6a6d20fc9fbdcc + +info: + name: > + UX Flat <= 4.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d93db2c-7baf-42d8-9b4a-be91b27221a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ux-flat/" + google-query: inurl:"/wp-content/plugins/ux-flat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ux-flat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ux-flat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ux-flat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/validated-22471b3f81db400388be79d0e5d0cf32.yaml b/nuclei-templates/cve-less/plugins/validated-22471b3f81db400388be79d0e5d0cf32.yaml new file mode 100644 index 0000000000..6e278f533f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/validated-22471b3f81db400388be79d0e5d0cf32.yaml @@ -0,0 +1,58 @@ +id: validated-22471b3f81db400388be79d0e5d0cf32 + +info: + name: > + Validated <= 1.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf808fec-8d84-43ab-85bc-b3b60ab4df31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/validated/" + google-query: inurl:"/wp-content/plugins/validated/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,validated,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/validated/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "validated" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vanguard-eef4fef4e9f3255888f8b403eb0a1916.yaml b/nuclei-templates/cve-less/plugins/vanguard-eef4fef4e9f3255888f8b403eb0a1916.yaml new file mode 100644 index 0000000000..f9deb00800 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vanguard-eef4fef4e9f3255888f8b403eb0a1916.yaml @@ -0,0 +1,58 @@ +id: vanguard-eef4fef4e9f3255888f8b403eb0a1916 + +info: + name: > + Vanguard - Marketplace Digital Products PHP7 <= 2.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9799ebf-1810-4c34-8262-2559de61c1c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vanguard/" + google-query: inurl:"/wp-content/plugins/vanguard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vanguard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vanguard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vanguard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vc-tabs-02e92fc9d8edd2a31ef37844cc4fdd57.yaml b/nuclei-templates/cve-less/plugins/vc-tabs-02e92fc9d8edd2a31ef37844cc4fdd57.yaml new file mode 100644 index 0000000000..b19ac70056 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vc-tabs-02e92fc9d8edd2a31ef37844cc4fdd57.yaml @@ -0,0 +1,58 @@ +id: vc-tabs-02e92fc9d8edd2a31ef37844cc4fdd57 + +info: + name: > + Tabs – Responsive Tabs with WooCommerce Product Tab Extension <= 3.6.0 - Authenticated (Admin+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f48e35e-12fd-4f75-bcb1-6820846298a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vc-tabs/" + google-query: inurl:"/wp-content/plugins/vc-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vc-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vc-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vc-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vc-tabs-e4bedac25bcf1a2f58f7010119167cc3.yaml b/nuclei-templates/cve-less/plugins/vc-tabs-e4bedac25bcf1a2f58f7010119167cc3.yaml new file mode 100644 index 0000000000..b28d743572 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vc-tabs-e4bedac25bcf1a2f58f7010119167cc3.yaml @@ -0,0 +1,58 @@ +id: vc-tabs-e4bedac25bcf1a2f58f7010119167cc3 + +info: + name: > + Tabs <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7723579-33ca-4007-a6fa-31b15f3e70a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vc-tabs/" + google-query: inurl:"/wp-content/plugins/vc-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vc-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vc-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vc-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vc_clipboard-02e2e7490cf032ead7b1cdd23b1c4e3e.yaml b/nuclei-templates/cve-less/plugins/vc_clipboard-02e2e7490cf032ead7b1cdd23b1c4e3e.yaml new file mode 100644 index 0000000000..c2dad35386 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vc_clipboard-02e2e7490cf032ead7b1cdd23b1c4e3e.yaml @@ -0,0 +1,58 @@ +id: vc_clipboard-02e2e7490cf032ead7b1cdd23b1c4e3e + +info: + name: > + WPBakery Page Builder Clipboard < 4.5.8 - Arbitrary License Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57a12c21-4a5d-4fbd-8720-93e78164f216?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vc_clipboard/" + google-query: inurl:"/wp-content/plugins/vc_clipboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vc_clipboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vc_clipboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vc_clipboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vc_clipboard-3ff23277c9ba98ae052e3b9f7bce2ce5.yaml b/nuclei-templates/cve-less/plugins/vc_clipboard-3ff23277c9ba98ae052e3b9f7bce2ce5.yaml new file mode 100644 index 0000000000..b50317e43c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vc_clipboard-3ff23277c9ba98ae052e3b9f7bce2ce5.yaml @@ -0,0 +1,58 @@ +id: vc_clipboard-3ff23277c9ba98ae052e3b9f7bce2ce5 + +info: + name: > + WPBakery Page Builder Clipboard <= 4.5.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2dae6b53-11f3-432c-ad27-940c429055a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vc_clipboard/" + google-query: inurl:"/wp-content/plugins/vc_clipboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vc_clipboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vc_clipboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vc_clipboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/venture-event-manager-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/venture-event-manager-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..df49a90edb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/venture-event-manager-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: venture-event-manager-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/venture-event-manager/" + google-query: inurl:"/wp-content/plugins/venture-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,venture-event-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/venture-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "venture-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/verge3d-61bd18cfe47ff36978c91845f9ffc1e4.yaml b/nuclei-templates/cve-less/plugins/verge3d-61bd18cfe47ff36978c91845f9ffc1e4.yaml new file mode 100644 index 0000000000..230c5a5598 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/verge3d-61bd18cfe47ff36978c91845f9ffc1e4.yaml @@ -0,0 +1,58 @@ +id: verge3d-61bd18cfe47ff36978c91845f9ffc1e4 + +info: + name: > + Verge3D <= 4.5.2 - Authenticated(Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71dd864f-1975-4cee-be26-0cdb0d54be95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/verge3d/" + google-query: inurl:"/wp-content/plugins/verge3d/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,verge3d,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/verge3d/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "verge3d" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/verification-code-for-comments-f5a38f2fe44d1f55847f0985e9ae01e0.yaml b/nuclei-templates/cve-less/plugins/verification-code-for-comments-f5a38f2fe44d1f55847f0985e9ae01e0.yaml new file mode 100644 index 0000000000..8a15d415ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/verification-code-for-comments-f5a38f2fe44d1f55847f0985e9ae01e0.yaml @@ -0,0 +1,58 @@ +id: verification-code-for-comments-f5a38f2fe44d1f55847f0985e9ae01e0 + +info: + name: > + Verification Code for Comments <= 2.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51ff2654-fa38-4807-87f5-53a9996839c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/verification-code-for-comments/" + google-query: inurl:"/wp-content/plugins/verification-code-for-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,verification-code-for-comments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/verification-code-for-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "verification-code-for-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/verse-o-matic-6172c422eaf36f3edbfde89320e25329.yaml b/nuclei-templates/cve-less/plugins/verse-o-matic-6172c422eaf36f3edbfde89320e25329.yaml new file mode 100644 index 0000000000..9d71ea5fdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/verse-o-matic-6172c422eaf36f3edbfde89320e25329.yaml @@ -0,0 +1,58 @@ +id: verse-o-matic-6172c422eaf36f3edbfde89320e25329 + +info: + name: > + Verse-O-Matic <= 4.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c16543db-2f8c-4266-9fb2-fc429f5647b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/verse-o-matic/" + google-query: inurl:"/wp-content/plugins/verse-o-matic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,verse-o-matic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/verse-o-matic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "verse-o-matic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vertical-marquee-plugin-673a5e282a31715aadad077526dcf5b4.yaml b/nuclei-templates/cve-less/plugins/vertical-marquee-plugin-673a5e282a31715aadad077526dcf5b4.yaml new file mode 100644 index 0000000000..2f2b7db0b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vertical-marquee-plugin-673a5e282a31715aadad077526dcf5b4.yaml @@ -0,0 +1,58 @@ +id: vertical-marquee-plugin-673a5e282a31715aadad077526dcf5b4 + +info: + name: > + Vertical Marquee Plugin <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06c86c87-840c-4ca6-9582-98254194eb1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vertical-marquee-plugin/" + google-query: inurl:"/wp-content/plugins/vertical-marquee-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vertical-marquee-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vertical-marquee-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vertical-marquee-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vertical-marquee-plugin-67a5e177b639db224cce52014e47431a.yaml b/nuclei-templates/cve-less/plugins/vertical-marquee-plugin-67a5e177b639db224cce52014e47431a.yaml new file mode 100644 index 0000000000..9338b2f80f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vertical-marquee-plugin-67a5e177b639db224cce52014e47431a.yaml @@ -0,0 +1,58 @@ +id: vertical-marquee-plugin-67a5e177b639db224cce52014e47431a + +info: + name: > + Vertical marquee plugin <= 7.1 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd90d9c0-0cab-4fd3-b016-106032f300f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vertical-marquee-plugin/" + google-query: inurl:"/wp-content/plugins/vertical-marquee-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vertical-marquee-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vertical-marquee-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vertical-marquee-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vertical-scroll-recent-post-3cd2547007d3bd29308efde9fcc7a52a.yaml b/nuclei-templates/cve-less/plugins/vertical-scroll-recent-post-3cd2547007d3bd29308efde9fcc7a52a.yaml new file mode 100644 index 0000000000..30f13b8a47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vertical-scroll-recent-post-3cd2547007d3bd29308efde9fcc7a52a.yaml @@ -0,0 +1,58 @@ +id: vertical-scroll-recent-post-3cd2547007d3bd29308efde9fcc7a52a + +info: + name: > + Vertical scroll recent post <= 13.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9002fe5c-d7c7-4d4a-9e92-db6ff390d78b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vertical-scroll-recent-post/" + google-query: inurl:"/wp-content/plugins/vertical-scroll-recent-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vertical-scroll-recent-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vertical-scroll-recent-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vertical-scroll-recent-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 14.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vertical-scroll-recent-post-4703f57dd95a665cc36f6d5726f726bb.yaml b/nuclei-templates/cve-less/plugins/vertical-scroll-recent-post-4703f57dd95a665cc36f6d5726f726bb.yaml new file mode 100644 index 0000000000..15c341c716 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vertical-scroll-recent-post-4703f57dd95a665cc36f6d5726f726bb.yaml @@ -0,0 +1,58 @@ +id: vertical-scroll-recent-post-4703f57dd95a665cc36f6d5726f726bb + +info: + name: > + Vertical scroll recent post <= 14.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a0e93cb-4311-4b38-8eb4-17152e1f3475?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vertical-scroll-recent-post/" + google-query: inurl:"/wp-content/plugins/vertical-scroll-recent-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vertical-scroll-recent-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vertical-scroll-recent-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vertical-scroll-recent-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vertical-scroll-recent-post-c284496133c2f9c59611c8aa7ef34141.yaml b/nuclei-templates/cve-less/plugins/vertical-scroll-recent-post-c284496133c2f9c59611c8aa7ef34141.yaml new file mode 100644 index 0000000000..2ffeb82e76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vertical-scroll-recent-post-c284496133c2f9c59611c8aa7ef34141.yaml @@ -0,0 +1,58 @@ +id: vertical-scroll-recent-post-c284496133c2f9c59611c8aa7ef34141 + +info: + name: > + Vertical scroll recent post <= 14.0 - Cross-Site Request Forgery via vsrp_admin_options + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/307bbfe6-8a57-461d-aa7d-bce962da4239?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vertical-scroll-recent-post/" + google-query: inurl:"/wp-content/plugins/vertical-scroll-recent-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vertical-scroll-recent-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vertical-scroll-recent-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vertical-scroll-recent-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/verweise-wordpress-twitter-011e0a807fc0a0f2b6240634cb1a2fc2.yaml b/nuclei-templates/cve-less/plugins/verweise-wordpress-twitter-011e0a807fc0a0f2b6240634cb1a2fc2.yaml new file mode 100644 index 0000000000..61a76960d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/verweise-wordpress-twitter-011e0a807fc0a0f2b6240634cb1a2fc2.yaml @@ -0,0 +1,58 @@ +id: verweise-wordpress-twitter-011e0a807fc0a0f2b6240634cb1a2fc2 + +info: + name: > + verwei.se – WordPress – Twitter <= 1.0 2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9291a17-7add-4cc2-ab44-9b640940c6b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/verweise-wordpress-twitter/" + google-query: inurl:"/wp-content/plugins/verweise-wordpress-twitter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,verweise-wordpress-twitter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/verweise-wordpress-twitter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "verweise-wordpress-twitter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/very-simple-breadcrumb-af6a5ec90875038596d2be175f9973f4.yaml b/nuclei-templates/cve-less/plugins/very-simple-breadcrumb-af6a5ec90875038596d2be175f9973f4.yaml new file mode 100644 index 0000000000..836e40d968 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/very-simple-breadcrumb-af6a5ec90875038596d2be175f9973f4.yaml @@ -0,0 +1,58 @@ +id: very-simple-breadcrumb-af6a5ec90875038596d2be175f9973f4 + +info: + name: > + Very Simple Breadcrumb <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13874012-09b4-4e6a-a364-07321dbd0167?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/very-simple-breadcrumb/" + google-query: inurl:"/wp-content/plugins/very-simple-breadcrumb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,very-simple-breadcrumb,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/very-simple-breadcrumb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "very-simple-breadcrumb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/very-simple-contact-form-6cdecc6c25d61ef54d3cce62a39d5781.yaml b/nuclei-templates/cve-less/plugins/very-simple-contact-form-6cdecc6c25d61ef54d3cce62a39d5781.yaml new file mode 100644 index 0000000000..b628d559b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/very-simple-contact-form-6cdecc6c25d61ef54d3cce62a39d5781.yaml @@ -0,0 +1,58 @@ +id: very-simple-contact-form-6cdecc6c25d61ef54d3cce62a39d5781 + +info: + name: > + VS Contact Form <= 13.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3f665b8-fbd5-4100-baf6-3fa99332a5dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/very-simple-contact-form/" + google-query: inurl:"/wp-content/plugins/very-simple-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,very-simple-contact-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/very-simple-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "very-simple-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/very-simple-contact-form-ac7f9e7a96a60fd50d34edd3ddfed5fd.yaml b/nuclei-templates/cve-less/plugins/very-simple-contact-form-ac7f9e7a96a60fd50d34edd3ddfed5fd.yaml new file mode 100644 index 0000000000..35bc06f4c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/very-simple-contact-form-ac7f9e7a96a60fd50d34edd3ddfed5fd.yaml @@ -0,0 +1,58 @@ +id: very-simple-contact-form-ac7f9e7a96a60fd50d34edd3ddfed5fd + +info: + name: > + VS Contact Form <= 14.7 - CAPTCHA Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cc5c663-d1e3-4656-ac69-0d610eeaf774?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/very-simple-contact-form/" + google-query: inurl:"/wp-content/plugins/very-simple-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,very-simple-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/very-simple-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "very-simple-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/very-simple-contact-form-c4a0d7f41c623cf7ed897902ed58a4d2.yaml b/nuclei-templates/cve-less/plugins/very-simple-contact-form-c4a0d7f41c623cf7ed897902ed58a4d2.yaml new file mode 100644 index 0000000000..49a9a1aa64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/very-simple-contact-form-c4a0d7f41c623cf7ed897902ed58a4d2.yaml @@ -0,0 +1,58 @@ +id: very-simple-contact-form-c4a0d7f41c623cf7ed897902ed58a4d2 + +info: + name: > + Very Simple Contact Form <= 11.5 - Captcha Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25a8b9c9-da25-48b9-ada1-ca8a5941b2c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/very-simple-contact-form/" + google-query: inurl:"/wp-content/plugins/very-simple-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,very-simple-contact-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/very-simple-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "very-simple-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/very-simple-google-maps-1f531b026c2443d4ba9e4c6118234d6d.yaml b/nuclei-templates/cve-less/plugins/very-simple-google-maps-1f531b026c2443d4ba9e4c6118234d6d.yaml new file mode 100644 index 0000000000..1a837a14fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/very-simple-google-maps-1f531b026c2443d4ba9e4c6118234d6d.yaml @@ -0,0 +1,58 @@ +id: very-simple-google-maps-1f531b026c2443d4ba9e4c6118234d6d + +info: + name: > + Very Simple Google Maps <= 2.8.4 - Authenticated (Contributor+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e11fcc5-c9af-43e7-8c1d-803124e04e63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/very-simple-google-maps/" + google-query: inurl:"/wp-content/plugins/very-simple-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,very-simple-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/very-simple-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "very-simple-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/very-simple-google-maps-3937fc851cb1ff4a5bb8e086fcf8881e.yaml b/nuclei-templates/cve-less/plugins/very-simple-google-maps-3937fc851cb1ff4a5bb8e086fcf8881e.yaml new file mode 100644 index 0000000000..1af43c5a2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/very-simple-google-maps-3937fc851cb1ff4a5bb8e086fcf8881e.yaml @@ -0,0 +1,58 @@ +id: very-simple-google-maps-3937fc851cb1ff4a5bb8e086fcf8881e + +info: + name: > + Very Simple Google Maps <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fca7837c-ad24-44ce-b073-7df3f8bc4300?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/very-simple-google-maps/" + google-query: inurl:"/wp-content/plugins/very-simple-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,very-simple-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/very-simple-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "very-simple-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-background-5826ca6dc34aaca6ed2393f60977f5a4.yaml b/nuclei-templates/cve-less/plugins/video-background-5826ca6dc34aaca6ed2393f60977f5a4.yaml new file mode 100644 index 0000000000..af9987f091 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-background-5826ca6dc34aaca6ed2393f60977f5a4.yaml @@ -0,0 +1,58 @@ +id: video-background-5826ca6dc34aaca6ed2393f60977f5a4 + +info: + name: > + Video Background <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45792c95-8abf-4d0c-85a1-cda6f505949d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-background/" + google-query: inurl:"/wp-content/plugins/video-background/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-background,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-background/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-background" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-central-0c9e1bdf3a0788fe28746e6155355583.yaml b/nuclei-templates/cve-less/plugins/video-central-0c9e1bdf3a0788fe28746e6155355583.yaml new file mode 100644 index 0000000000..28218b987f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-central-0c9e1bdf3a0788fe28746e6155355583.yaml @@ -0,0 +1,58 @@ +id: video-central-0c9e1bdf3a0788fe28746e6155355583 + +info: + name: > + Video Central for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87eb6644-fd70-42a1-b05d-b166cb89c45c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-central/" + google-query: inurl:"/wp-content/plugins/video-central/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-central,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-central/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-central" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-comments-webcam-recorder-78372eee8a5b2f566eb2e73090f227ad.yaml b/nuclei-templates/cve-less/plugins/video-comments-webcam-recorder-78372eee8a5b2f566eb2e73090f227ad.yaml new file mode 100644 index 0000000000..7e9dff3a76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-comments-webcam-recorder-78372eee8a5b2f566eb2e73090f227ad.yaml @@ -0,0 +1,58 @@ +id: video-comments-webcam-recorder-78372eee8a5b2f566eb2e73090f227ad + +info: + name: > + HTML5 Webcam Microphone Recorder Forms < 1.55 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ddb9fc8-bed4-42ff-9664-6ea8fb136ec0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-comments-webcam-recorder/" + google-query: inurl:"/wp-content/plugins/video-comments-webcam-recorder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-comments-webcam-recorder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-comments-webcam-recorder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-comments-webcam-recorder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.55') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-04b07d5a23563c59738fac6ed8c55499.yaml b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-04b07d5a23563c59738fac6ed8c55499.yaml new file mode 100644 index 0000000000..8abb79d56f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-04b07d5a23563c59738fac6ed8c55499.yaml @@ -0,0 +1,58 @@ +id: video-conferencing-with-zoom-api-04b07d5a23563c59738fac6ed8c55499 + +info: + name: > + Video Conferencing with Zoom <= 4.4.5 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0966057b-8a3c-4d3c-84cb-cf36f1d97922?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-conferencing-with-zoom-api/" + google-query: inurl:"/wp-content/plugins/video-conferencing-with-zoom-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-conferencing-with-zoom-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-conferencing-with-zoom-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-conferencing-with-zoom-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-0f74188fa6907e010455dac3c70a8990.yaml b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-0f74188fa6907e010455dac3c70a8990.yaml new file mode 100644 index 0000000000..0628aef9f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-0f74188fa6907e010455dac3c70a8990.yaml @@ -0,0 +1,58 @@ +id: video-conferencing-with-zoom-api-0f74188fa6907e010455dac3c70a8990 + +info: + name: > + Video Conferencing with Zoom <= 4.2.1 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba2515d9-ced0-4b49-87c4-04c8391c2608?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-conferencing-with-zoom-api/" + google-query: inurl:"/wp-content/plugins/video-conferencing-with-zoom-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-conferencing-with-zoom-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-conferencing-with-zoom-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-conferencing-with-zoom-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-9285e52d6060d6dfe3360f4e1f181cf7.yaml b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-9285e52d6060d6dfe3360f4e1f181cf7.yaml new file mode 100644 index 0000000000..c499d46f50 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-9285e52d6060d6dfe3360f4e1f181cf7.yaml @@ -0,0 +1,58 @@ +id: video-conferencing-with-zoom-api-9285e52d6060d6dfe3360f4e1f181cf7 + +info: + name: > + Video Conferencing with Zoom <= 4.4.4 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14da4735-894e-408a-864b-cdc76feacde9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-conferencing-with-zoom-api/" + google-query: inurl:"/wp-content/plugins/video-conferencing-with-zoom-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-conferencing-with-zoom-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-conferencing-with-zoom-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-conferencing-with-zoom-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-b3301724d1287a8bf29be9b1cdb836e4.yaml b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-b3301724d1287a8bf29be9b1cdb836e4.yaml new file mode 100644 index 0000000000..7ff142e921 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-b3301724d1287a8bf29be9b1cdb836e4.yaml @@ -0,0 +1,58 @@ +id: video-conferencing-with-zoom-api-b3301724d1287a8bf29be9b1cdb836e4 + +info: + name: > + Video Conferencing with Zoom <= 3.8.16 - E-mail Address Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a528a2b5-55e5-46e4-8f04-0d2b49f2f683?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-conferencing-with-zoom-api/" + google-query: inurl:"/wp-content/plugins/video-conferencing-with-zoom-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-conferencing-with-zoom-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-conferencing-with-zoom-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-conferencing-with-zoom-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-bb335261eec45408126dfda83cd4c302.yaml b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-bb335261eec45408126dfda83cd4c302.yaml new file mode 100644 index 0000000000..a18b22fbf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-bb335261eec45408126dfda83cd4c302.yaml @@ -0,0 +1,58 @@ +id: video-conferencing-with-zoom-api-bb335261eec45408126dfda83cd4c302 + +info: + name: > + Video Conferencing with Zoom <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89bdd732-a9ee-4ab8-a70e-195b92142fe1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-conferencing-with-zoom-api/" + google-query: inurl:"/wp-content/plugins/video-conferencing-with-zoom-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-conferencing-with-zoom-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-conferencing-with-zoom-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-conferencing-with-zoom-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-f10237083d4fb8765ca105c0d369da21.yaml b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-f10237083d4fb8765ca105c0d369da21.yaml new file mode 100644 index 0000000000..45596ed93f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-conferencing-with-zoom-api-f10237083d4fb8765ca105c0d369da21.yaml @@ -0,0 +1,58 @@ +id: video-conferencing-with-zoom-api-f10237083d4fb8765ca105c0d369da21 + +info: + name: > + Video Conferencing with Zoom <= 4.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06e48355-6932-4401-8787-e6432444930f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-conferencing-with-zoom-api/" + google-query: inurl:"/wp-content/plugins/video-conferencing-with-zoom-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-conferencing-with-zoom-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-conferencing-with-zoom-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-conferencing-with-zoom-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-contest-9390ac5e66dccc4c03531e3f70a3187f.yaml b/nuclei-templates/cve-less/plugins/video-contest-9390ac5e66dccc4c03531e3f70a3187f.yaml new file mode 100644 index 0000000000..8543ff7e76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-contest-9390ac5e66dccc4c03531e3f70a3187f.yaml @@ -0,0 +1,58 @@ +id: video-contest-9390ac5e66dccc4c03531e3f70a3187f + +info: + name: > + Video Contest WordPress Plugin <= 3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86079059-11c7-4545-b254-6bf524367b46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-contest/" + google-query: inurl:"/wp-content/plugins/video-contest/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-contest,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-contest/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-contest" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-contest-9c305cd17e2c5e4b31590488ef7540fc.yaml b/nuclei-templates/cve-less/plugins/video-contest-9c305cd17e2c5e4b31590488ef7540fc.yaml new file mode 100644 index 0000000000..aa7092f7dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-contest-9c305cd17e2c5e4b31590488ef7540fc.yaml @@ -0,0 +1,58 @@ +id: video-contest-9c305cd17e2c5e4b31590488ef7540fc + +info: + name: > + Video Contest WordPress Plugin <= 3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/597fe53e-769e-4edd-b0b9-2bd2cff50da6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-contest/" + google-query: inurl:"/wp-content/plugins/video-contest/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-contest,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-contest/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-contest" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-embed-box-a38e11881f3b1727628c06798dde0846.yaml b/nuclei-templates/cve-less/plugins/video-embed-box-a38e11881f3b1727628c06798dde0846.yaml new file mode 100644 index 0000000000..555cce8f84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-embed-box-a38e11881f3b1727628c06798dde0846.yaml @@ -0,0 +1,58 @@ +id: video-embed-box-a38e11881f3b1727628c06798dde0846 + +info: + name: > + Video Embed <= 1.0 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/667023f9-9c45-4182-b1f1-9d85d17aaf58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-embed-box/" + google-query: inurl:"/wp-content/plugins/video-embed-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-embed-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-embed-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-embed-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-062f64c8e6a3f6d8894bd4ff8b102cb3.yaml b/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-062f64c8e6a3f6d8894bd4ff8b102cb3.yaml new file mode 100644 index 0000000000..2db278319c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-062f64c8e6a3f6d8894bd4ff8b102cb3.yaml @@ -0,0 +1,58 @@ +id: video-embed-thumbnail-generator-062f64c8e6a3f6d8894bd4ff8b102cb3 + +info: + name: > + Videopack (formerly Video Embed & Thumbnail Generator) < 2.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbdfef0e-aadd-456b-84f6-ecd626400cbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-embed-thumbnail-generator/" + google-query: inurl:"/wp-content/plugins/video-embed-thumbnail-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-embed-thumbnail-generator,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-embed-thumbnail-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-embed-thumbnail-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-e01f827fa521817af1e20ee7feffc395.yaml b/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-e01f827fa521817af1e20ee7feffc395.yaml new file mode 100644 index 0000000000..3a8fa42168 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-embed-thumbnail-generator-e01f827fa521817af1e20ee7feffc395.yaml @@ -0,0 +1,58 @@ +id: video-embed-thumbnail-generator-e01f827fa521817af1e20ee7feffc395 + +info: + name: > + Videopack (formerly Video Embed & Thumbnail Generator) <= 1.1 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f743d15a-a283-4138-9a12-7cf4dd235431?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-embed-thumbnail-generator/" + google-query: inurl:"/wp-content/plugins/video-embed-thumbnail-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-embed-thumbnail-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-embed-thumbnail-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-embed-thumbnail-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-grid-da5e4c18307210c3c7624c0c204213c5.yaml b/nuclei-templates/cve-less/plugins/video-grid-da5e4c18307210c3c7624c0c204213c5.yaml new file mode 100644 index 0000000000..01736bd865 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-grid-da5e4c18307210c3c7624c0c204213c5.yaml @@ -0,0 +1,58 @@ +id: video-grid-da5e4c18307210c3c7624c0c204213c5 + +info: + name: > + Video Grid <= 1.21 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c92e166d-2ede-4280-a875-d30c0cf6f467?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-grid/" + google-query: inurl:"/wp-content/plugins/video-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-grid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-lead-form-2c3b5f42630b423898a1e16a09268499.yaml b/nuclei-templates/cve-less/plugins/video-lead-form-2c3b5f42630b423898a1e16a09268499.yaml new file mode 100644 index 0000000000..b3ae542c6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-lead-form-2c3b5f42630b423898a1e16a09268499.yaml @@ -0,0 +1,58 @@ +id: video-lead-form-2c3b5f42630b423898a1e16a09268499 + +info: + name: > + Video Lead Form < 0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cae1f5c7-ae91-4f45-8b4f-b2be89d36437?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-lead-form/" + google-query: inurl:"/wp-content/plugins/video-lead-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-lead-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-lead-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-lead-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-list-manager-0641eb85b540308df0a59914e6860d1d.yaml b/nuclei-templates/cve-less/plugins/video-list-manager-0641eb85b540308df0a59914e6860d1d.yaml new file mode 100644 index 0000000000..3541828c54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-list-manager-0641eb85b540308df0a59914e6860d1d.yaml @@ -0,0 +1,58 @@ +id: video-list-manager-0641eb85b540308df0a59914e6860d1d + +info: + name: > + Video List Manager <= 1.7 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b2d42ab-46c1-4c3e-b99a-1cdcade1b5bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-list-manager/" + google-query: inurl:"/wp-content/plugins/video-list-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-list-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-list-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-list-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-playlist-and-gallery-plugin-b02a15f7379c80def93c3f96c6e69608.yaml b/nuclei-templates/cve-less/plugins/video-playlist-and-gallery-plugin-b02a15f7379c80def93c3f96c6e69608.yaml new file mode 100644 index 0000000000..5b921dbbe7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-playlist-and-gallery-plugin-b02a15f7379c80def93c3f96c6e69608.yaml @@ -0,0 +1,58 @@ +id: video-playlist-and-gallery-plugin-b02a15f7379c80def93c3f96c6e69608 + +info: + name: > + Cincopa video and media plug-in < 1.137 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c671f1e-21a7-45b7-951d-41b1c308dc9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-playlist-and-gallery-plugin/" + google-query: inurl:"/wp-content/plugins/video-playlist-and-gallery-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-playlist-and-gallery-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-playlist-and-gallery-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-playlist-and-gallery-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.137') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-playlist-and-gallery-plugin-cf54779dba07a41267cf823153d0f954.yaml b/nuclei-templates/cve-less/plugins/video-playlist-and-gallery-plugin-cf54779dba07a41267cf823153d0f954.yaml new file mode 100644 index 0000000000..5dcb84e60c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-playlist-and-gallery-plugin-cf54779dba07a41267cf823153d0f954.yaml @@ -0,0 +1,58 @@ +id: video-playlist-and-gallery-plugin-cf54779dba07a41267cf823153d0f954 + +info: + name: > + Post Video Players <= 1.159 - Cross-Site Request Forgery via cincopa_mp_mt_options_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/285d2b85-cdd0-4447-8cdc-b641751e4a5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-playlist-and-gallery-plugin/" + google-query: inurl:"/wp-content/plugins/video-playlist-and-gallery-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-playlist-and-gallery-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-playlist-and-gallery-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-playlist-and-gallery-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.159') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-playlist-for-youtube-a0ce396e7f670f307c62bda6d8db01dd.yaml b/nuclei-templates/cve-less/plugins/video-playlist-for-youtube-a0ce396e7f670f307c62bda6d8db01dd.yaml new file mode 100644 index 0000000000..b1a10d0cf0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-playlist-for-youtube-a0ce396e7f670f307c62bda6d8db01dd.yaml @@ -0,0 +1,58 @@ +id: video-playlist-for-youtube-a0ce396e7f670f307c62bda6d8db01dd + +info: + name: > + Video Playlist For YouTube <= 6.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d72c8140-90f1-49f5-bc42-925e29ecc0b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-playlist-for-youtube/" + google-query: inurl:"/wp-content/plugins/video-playlist-for-youtube/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-playlist-for-youtube,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-playlist-for-youtube/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-playlist-for-youtube" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-popup-73b8394a2820dad4a75a3855507d242d.yaml b/nuclei-templates/cve-less/plugins/video-popup-73b8394a2820dad4a75a3855507d242d.yaml new file mode 100644 index 0000000000..bc27f842d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-popup-73b8394a2820dad4a75a3855507d242d.yaml @@ -0,0 +1,58 @@ +id: video-popup-73b8394a2820dad4a75a3855507d242d + +info: + name: > + Video PopUp <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/670ea03e-2f76-48a4-9f40-bc4cfd987a89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-popup/" + google-query: inurl:"/wp-content/plugins/video-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-posts-webcam-recorder-5db7f2428ab16ac575d716a8cfad3c32.yaml b/nuclei-templates/cve-less/plugins/video-posts-webcam-recorder-5db7f2428ab16ac575d716a8cfad3c32.yaml new file mode 100644 index 0000000000..871939e47d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-posts-webcam-recorder-5db7f2428ab16ac575d716a8cfad3c32.yaml @@ -0,0 +1,58 @@ +id: video-posts-webcam-recorder-5db7f2428ab16ac575d716a8cfad3c32 + +info: + name: > + Video Posts Webcam Recorder < 3.2.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4e343eb-b83d-43bf-a26d-db10dac18099?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-posts-webcam-recorder/" + google-query: inurl:"/wp-content/plugins/video-posts-webcam-recorder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-posts-webcam-recorder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-posts-webcam-recorder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-posts-webcam-recorder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-posts-webcam-recorder-c54528cc487e7accd04a692896738ff0.yaml b/nuclei-templates/cve-less/plugins/video-posts-webcam-recorder-c54528cc487e7accd04a692896738ff0.yaml new file mode 100644 index 0000000000..56d316e2f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-posts-webcam-recorder-c54528cc487e7accd04a692896738ff0.yaml @@ -0,0 +1,58 @@ +id: video-posts-webcam-recorder-c54528cc487e7accd04a692896738ff0 + +info: + name: > + Video Posts Webcam Recorder <= 1.55.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e0e022b-857d-4e7f-99d2-3837014c254e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-posts-webcam-recorder/" + google-query: inurl:"/wp-content/plugins/video-posts-webcam-recorder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-posts-webcam-recorder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-posts-webcam-recorder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-posts-webcam-recorder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.55.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-sidebar-widgets-24e6c274146f1f712f8edfca9e42b8b8.yaml b/nuclei-templates/cve-less/plugins/video-sidebar-widgets-24e6c274146f1f712f8edfca9e42b8b8.yaml new file mode 100644 index 0000000000..378d8eb8d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-sidebar-widgets-24e6c274146f1f712f8edfca9e42b8b8.yaml @@ -0,0 +1,58 @@ +id: video-sidebar-widgets-24e6c274146f1f712f8edfca9e42b8b8 + +info: + name: > + Video Sidebar Widgets <= 6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50e85f2c-3e3a-40b0-af82-7278656533d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-sidebar-widgets/" + google-query: inurl:"/wp-content/plugins/video-sidebar-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-sidebar-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-sidebar-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-sidebar-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-slider-with-thumbnails-8d15869c84f7bfe6c6e24ef3e0872ddf.yaml b/nuclei-templates/cve-less/plugins/video-slider-with-thumbnails-8d15869c84f7bfe6c6e24ef3e0872ddf.yaml new file mode 100644 index 0000000000..4b5aab9baa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-slider-with-thumbnails-8d15869c84f7bfe6c6e24ef3e0872ddf.yaml @@ -0,0 +1,58 @@ +id: video-slider-with-thumbnails-8d15869c84f7bfe6c6e24ef3e0872ddf + +info: + name: > + Video Gallery <= 1.0.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cfbad9f-61ba-4216-9078-c1e7e809899a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-slider-with-thumbnails/" + google-query: inurl:"/wp-content/plugins/video-slider-with-thumbnails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-slider-with-thumbnails,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-slider-with-thumbnails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-slider-with-thumbnails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-synchro-pdf-b6332548231f9e6746e56fba70247618.yaml b/nuclei-templates/cve-less/plugins/video-synchro-pdf-b6332548231f9e6746e56fba70247618.yaml new file mode 100644 index 0000000000..9221d06b1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-synchro-pdf-b6332548231f9e6746e56fba70247618.yaml @@ -0,0 +1,58 @@ +id: video-synchro-pdf-b6332548231f9e6746e56fba70247618 + +info: + name: > + Videos sync PDF <= 1.7.4 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/068d9502-705e-45dc-a7fb-e75866226fdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-synchro-pdf/" + google-query: inurl:"/wp-content/plugins/video-synchro-pdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-synchro-pdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-synchro-pdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-synchro-pdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-thumbnails-66fc8c140dcc821532233cac0866d8de.yaml b/nuclei-templates/cve-less/plugins/video-thumbnails-66fc8c140dcc821532233cac0866d8de.yaml new file mode 100644 index 0000000000..f43f4bf6d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-thumbnails-66fc8c140dcc821532233cac0866d8de.yaml @@ -0,0 +1,58 @@ +id: video-thumbnails-66fc8c140dcc821532233cac0866d8de + +info: + name: > + Video Thumbnails <= 2.12.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb2f463f-2c99-4a6c-92b9-45fb2192381d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-thumbnails/" + google-query: inurl:"/wp-content/plugins/video-thumbnails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-thumbnails,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-thumbnails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-thumbnails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/video-xml-sitemap-generator-6dedc798f36ce152fba54a352e7344d1.yaml b/nuclei-templates/cve-less/plugins/video-xml-sitemap-generator-6dedc798f36ce152fba54a352e7344d1.yaml new file mode 100644 index 0000000000..513f596b56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/video-xml-sitemap-generator-6dedc798f36ce152fba54a352e7344d1.yaml @@ -0,0 +1,58 @@ +id: video-xml-sitemap-generator-6dedc798f36ce152fba54a352e7344d1 + +info: + name: > + Video XML Sitemap Generator <= 1.0.0 - Cross-Site Request Forgery via video_sitemap_generate + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e11e1b5-dbba-4920-a65c-210600878861?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/video-xml-sitemap-generator/" + google-query: inurl:"/wp-content/plugins/video-xml-sitemap-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,video-xml-sitemap-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/video-xml-sitemap-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "video-xml-sitemap-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videojs-html5-player-affad12bbe06868aff921eeaa6373196.yaml b/nuclei-templates/cve-less/plugins/videojs-html5-player-affad12bbe06868aff921eeaa6373196.yaml new file mode 100644 index 0000000000..dc24a6e3e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videojs-html5-player-affad12bbe06868aff921eeaa6373196.yaml @@ -0,0 +1,58 @@ +id: videojs-html5-player-affad12bbe06868aff921eeaa6373196 + +info: + name: > + Videojs HTML5 Player <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef4ecdd3-1041-4dbe-a804-59a51f6123e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videojs-html5-player/" + google-query: inurl:"/wp-content/plugins/videojs-html5-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videojs-html5-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videojs-html5-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videojs-html5-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videojs-html5-video-player-for-wordpress-cb800bf450a42c7a99ab39154ac260ab.yaml b/nuclei-templates/cve-less/plugins/videojs-html5-video-player-for-wordpress-cb800bf450a42c7a99ab39154ac260ab.yaml new file mode 100644 index 0000000000..7ab0474b44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videojs-html5-video-player-for-wordpress-cb800bf450a42c7a99ab39154ac260ab.yaml @@ -0,0 +1,58 @@ +id: videojs-html5-video-player-for-wordpress-cb800bf450a42c7a99ab39154ac260ab + +info: + name: > + Video.js – HTML5 Video Player for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92084af7-142b-45de-8881-dee5cf1367e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videojs-html5-video-player-for-wordpress/" + google-query: inurl:"/wp-content/plugins/videojs-html5-video-player-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videojs-html5-video-player-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videojs-html5-video-player-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videojs-html5-video-player-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-03b6c1fcf0f57a257ac2a3d2a55d5120.yaml b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-03b6c1fcf0f57a257ac2a3d2a55d5120.yaml new file mode 100644 index 0000000000..b6ca8b15e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-03b6c1fcf0f57a257ac2a3d2a55d5120.yaml @@ -0,0 +1,58 @@ +id: videowhisper-live-streaming-integration-03b6c1fcf0f57a257ac2a3d2a55d5120 + +info: + name: > + Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.25.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51880262-78ad-4791-8e3d-f6718de9f2a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videowhisper-live-streaming-integration/" + google-query: inurl:"/wp-content/plugins/videowhisper-live-streaming-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videowhisper-live-streaming-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videowhisper-live-streaming-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.25.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-42a62f1f71a30dceae90a70ace46a441.yaml b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-42a62f1f71a30dceae90a70ace46a441.yaml new file mode 100644 index 0000000000..1adc257019 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-42a62f1f71a30dceae90a70ace46a441.yaml @@ -0,0 +1,58 @@ +id: videowhisper-live-streaming-integration-42a62f1f71a30dceae90a70ace46a441 + +info: + name: > + Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.27.4 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6e4c583-c0d5-4040-86d5-0f1b4dddcb81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videowhisper-live-streaming-integration/" + google-query: inurl:"/wp-content/plugins/videowhisper-live-streaming-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videowhisper-live-streaming-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videowhisper-live-streaming-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.27.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-6a21a7f0a6f77d602fe9c552fd42f33f.yaml b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-6a21a7f0a6f77d602fe9c552fd42f33f.yaml new file mode 100644 index 0000000000..9721ac6a48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-6a21a7f0a6f77d602fe9c552fd42f33f.yaml @@ -0,0 +1,58 @@ +id: videowhisper-live-streaming-integration-6a21a7f0a6f77d602fe9c552fd42f33f + +info: + name: > + Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Arbitrary File Read/Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5e45e96-3cfb-42a9-b8b7-519489bc03ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videowhisper-live-streaming-integration/" + google-query: inurl:"/wp-content/plugins/videowhisper-live-streaming-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videowhisper-live-streaming-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videowhisper-live-streaming-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.29.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-7d1e8292f93556701618a4f3a10127bf.yaml b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-7d1e8292f93556701618a4f3a10127bf.yaml new file mode 100644 index 0000000000..67d388acbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-7d1e8292f93556701618a4f3a10127bf.yaml @@ -0,0 +1,58 @@ +id: videowhisper-live-streaming-integration-7d1e8292f93556701618a4f3a10127bf + +info: + name: > + Broadcast Live Video – Live Streaming < 4.29.5 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/959846a3-0e57-4227-a52b-942b589596f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videowhisper-live-streaming-integration/" + google-query: inurl:"/wp-content/plugins/videowhisper-live-streaming-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videowhisper-live-streaming-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videowhisper-live-streaming-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.29.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-86f850e8e3017abf354eb04e885cbf48.yaml b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-86f850e8e3017abf354eb04e885cbf48.yaml new file mode 100644 index 0000000000..a325d55b5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-86f850e8e3017abf354eb04e885cbf48.yaml @@ -0,0 +1,58 @@ +id: videowhisper-live-streaming-integration-86f850e8e3017abf354eb04e885cbf48 + +info: + name: > + Live Streaming - Broadcast Live Video <= 5.5.15 - Missing Authorization to Unauthenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27180d98-223a-4d86-b8ea-e47da1d61bbf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videowhisper-live-streaming-integration/" + google-query: inurl:"/wp-content/plugins/videowhisper-live-streaming-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videowhisper-live-streaming-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videowhisper-live-streaming-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-a2cc7daca48d70191ab86ec84c12d114.yaml b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-a2cc7daca48d70191ab86ec84c12d114.yaml new file mode 100644 index 0000000000..4fa6654419 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-a2cc7daca48d70191ab86ec84c12d114.yaml @@ -0,0 +1,58 @@ +id: videowhisper-live-streaming-integration-a2cc7daca48d70191ab86ec84c12d114 + +info: + name: > + Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP <= 4.29.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b3a2738-5312-4b34-9bd3-4ff95a91706e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videowhisper-live-streaming-integration/" + google-query: inurl:"/wp-content/plugins/videowhisper-live-streaming-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videowhisper-live-streaming-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videowhisper-live-streaming-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.29.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-e248f5c6da990a6a809a8d58910d242b.yaml b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-e248f5c6da990a6a809a8d58910d242b.yaml new file mode 100644 index 0000000000..1d2018a1b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-e248f5c6da990a6a809a8d58910d242b.yaml @@ -0,0 +1,58 @@ +id: videowhisper-live-streaming-integration-e248f5c6da990a6a809a8d58910d242b + +info: + name: > + Broadcast Live Video – Live Streaming < 4.27.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a96da08b-f43d-4432-8c47-c86a1a1299ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videowhisper-live-streaming-integration/" + google-query: inurl:"/wp-content/plugins/videowhisper-live-streaming-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videowhisper-live-streaming-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videowhisper-live-streaming-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.27.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-e3eb91ea8e0abf266056dc6051ae44be.yaml b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-e3eb91ea8e0abf266056dc6051ae44be.yaml new file mode 100644 index 0000000000..4f07e20b2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videowhisper-live-streaming-integration-e3eb91ea8e0abf266056dc6051ae44be.yaml @@ -0,0 +1,58 @@ +id: videowhisper-live-streaming-integration-e3eb91ea8e0abf266056dc6051ae44be + +info: + name: > + Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP < 4.29.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36aecabd-4982-426d-be47-075c23a452a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videowhisper-live-streaming-integration/" + google-query: inurl:"/wp-content/plugins/videowhisper-live-streaming-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videowhisper-live-streaming-integration,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videowhisper-live-streaming-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videowhisper-live-streaming-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.29.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videowhisper-video-conference-integration-482450ad7baa658a3b68c206f814d808.yaml b/nuclei-templates/cve-less/plugins/videowhisper-video-conference-integration-482450ad7baa658a3b68c206f814d808.yaml new file mode 100644 index 0000000000..2515ed619f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videowhisper-video-conference-integration-482450ad7baa658a3b68c206f814d808.yaml @@ -0,0 +1,58 @@ +id: videowhisper-video-conference-integration-482450ad7baa658a3b68c206f814d808 + +info: + name: > + Webcam Video Conference <= 4.91.8 - Unrestricted File Upload leading to Remote Code Execuction + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef5e73e-a627-4e9c-9784-493ace5c8614?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videowhisper-video-conference-integration/" + google-query: inurl:"/wp-content/plugins/videowhisper-video-conference-integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videowhisper-video-conference-integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videowhisper-video-conference-integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videowhisper-video-conference-integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.91.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videowhisper-video-presentation-9998c7f7c7bb7712cfa7f84562a697aa.yaml b/nuclei-templates/cve-less/plugins/videowhisper-video-presentation-9998c7f7c7bb7712cfa7f84562a697aa.yaml new file mode 100644 index 0000000000..9c8a23c82d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videowhisper-video-presentation-9998c7f7c7bb7712cfa7f84562a697aa.yaml @@ -0,0 +1,58 @@ +id: videowhisper-video-presentation-9998c7f7c7bb7712cfa7f84562a697aa + +info: + name: > + VideoWhisper Video Presentation <= 3.25 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f57458b-0cd2-4958-8190-c89076771e86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videowhisper-video-presentation/" + google-query: inurl:"/wp-content/plugins/videowhisper-video-presentation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videowhisper-video-presentation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videowhisper-video-presentation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videowhisper-video-presentation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/videowhisper-video-presentation-cefd687fbbabebb599cedccce0e05504.yaml b/nuclei-templates/cve-less/plugins/videowhisper-video-presentation-cefd687fbbabebb599cedccce0e05504.yaml new file mode 100644 index 0000000000..a755f64684 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/videowhisper-video-presentation-cefd687fbbabebb599cedccce0e05504.yaml @@ -0,0 +1,58 @@ +id: videowhisper-video-presentation-cefd687fbbabebb599cedccce0e05504 + +info: + name: > + VideoWhisper Video Presentation <= 4.1.4 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc26d20e-3ecd-438e-a123-5015ecc17290?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/videowhisper-video-presentation/" + google-query: inurl:"/wp-content/plugins/videowhisper-video-presentation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,videowhisper-video-presentation,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/videowhisper-video-presentation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "videowhisper-video-presentation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/view-all-posts-pages-2a6d9f6b466aaa4a0be1aebe9eb53633.yaml b/nuclei-templates/cve-less/plugins/view-all-posts-pages-2a6d9f6b466aaa4a0be1aebe9eb53633.yaml new file mode 100644 index 0000000000..c1fb4b432f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/view-all-posts-pages-2a6d9f6b466aaa4a0be1aebe9eb53633.yaml @@ -0,0 +1,58 @@ +id: view-all-posts-pages-2a6d9f6b466aaa4a0be1aebe9eb53633 + +info: + name: > + View All Post's Pages <= 0.9.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61d731cb-2c1b-4835-b8ea-4d1b330fdad9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/view-all-posts-pages/" + google-query: inurl:"/wp-content/plugins/view-all-posts-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,view-all-posts-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/view-all-posts-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "view-all-posts-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-0b7d0113722a4b24cdf6bdf7adba767c.yaml b/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-0b7d0113722a4b24cdf6bdf7adba767c.yaml new file mode 100644 index 0000000000..ba0d7ba673 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-0b7d0113722a4b24cdf6bdf7adba767c.yaml @@ -0,0 +1,58 @@ +id: views-for-wpforms-lite-0b7d0113722a4b24cdf6bdf7adba767c + +info: + name: > + Views for WPForms <= 3.2.2 - Missing Authorization via save_view + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/views-for-wpforms-lite/" + google-query: inurl:"/wp-content/plugins/views-for-wpforms-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,views-for-wpforms-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/views-for-wpforms-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "views-for-wpforms-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-56d2c56931ff57a31974c2c98619fbfb.yaml b/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-56d2c56931ff57a31974c2c98619fbfb.yaml new file mode 100644 index 0000000000..0f221bd705 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-56d2c56931ff57a31974c2c98619fbfb.yaml @@ -0,0 +1,58 @@ +id: views-for-wpforms-lite-56d2c56931ff57a31974c2c98619fbfb + +info: + name: > + Views for WPForms <= 3.2.2 - Missing Authorization via get_form_fields + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/views-for-wpforms-lite/" + google-query: inurl:"/wp-content/plugins/views-for-wpforms-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,views-for-wpforms-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/views-for-wpforms-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "views-for-wpforms-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-8cd4e41bc9637a2e580f2b8d0e6a5222.yaml b/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-8cd4e41bc9637a2e580f2b8d0e6a5222.yaml new file mode 100644 index 0000000000..9b3acebc0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-8cd4e41bc9637a2e580f2b8d0e6a5222.yaml @@ -0,0 +1,58 @@ +id: views-for-wpforms-lite-8cd4e41bc9637a2e580f2b8d0e6a5222 + +info: + name: > + Views for WPForms <= 3.2.2 - Missing Authorization via create_view + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/views-for-wpforms-lite/" + google-query: inurl:"/wp-content/plugins/views-for-wpforms-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,views-for-wpforms-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/views-for-wpforms-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "views-for-wpforms-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-a603f2f7b17ff9bc553bc5b3bf9dd764.yaml b/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-a603f2f7b17ff9bc553bc5b3bf9dd764.yaml new file mode 100644 index 0000000000..801b9d2429 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-a603f2f7b17ff9bc553bc5b3bf9dd764.yaml @@ -0,0 +1,58 @@ +id: views-for-wpforms-lite-a603f2f7b17ff9bc553bc5b3bf9dd764 + +info: + name: > + Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via save_view + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/views-for-wpforms-lite/" + google-query: inurl:"/wp-content/plugins/views-for-wpforms-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,views-for-wpforms-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/views-for-wpforms-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "views-for-wpforms-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-c6f76b277135a527f7d758e51abc2864.yaml b/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-c6f76b277135a527f7d758e51abc2864.yaml new file mode 100644 index 0000000000..9bdd2fe61c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/views-for-wpforms-lite-c6f76b277135a527f7d758e51abc2864.yaml @@ -0,0 +1,58 @@ +id: views-for-wpforms-lite-c6f76b277135a527f7d758e51abc2864 + +info: + name: > + Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via create_view + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/views-for-wpforms-lite/" + google-query: inurl:"/wp-content/plugins/views-for-wpforms-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,views-for-wpforms-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/views-for-wpforms-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "views-for-wpforms-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vigilantor-9d9f04adbd773a74d47487580aa614ff.yaml b/nuclei-templates/cve-less/plugins/vigilantor-9d9f04adbd773a74d47487580aa614ff.yaml new file mode 100644 index 0000000000..ea6202120f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vigilantor-9d9f04adbd773a74d47487580aa614ff.yaml @@ -0,0 +1,58 @@ +id: vigilantor-9d9f04adbd773a74d47487580aa614ff + +info: + name: > + VigilanTor <= 1.3.10 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ea71d63-27ce-4f24-b3ef-de38e6f25e0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vigilantor/" + google-query: inurl:"/wp-content/plugins/vigilantor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vigilantor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vigilantor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vigilantor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-059937c2ab51cec2bc81f288819c3352.yaml b/nuclei-templates/cve-less/plugins/vikbooking-059937c2ab51cec2bc81f288819c3352.yaml new file mode 100644 index 0000000000..f725ab0468 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-059937c2ab51cec2bc81f288819c3352.yaml @@ -0,0 +1,58 @@ +id: vikbooking-059937c2ab51cec2bc81f288819c3352 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in admin_widgets_welcome function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/035d5f4a-1145-48e0-8388-e319088ebd52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-0f884ba817e82a09c51444fd8fb9e0c3.yaml b/nuclei-templates/cve-less/plugins/vikbooking-0f884ba817e82a09c51444fd8fb9e0c3.yaml new file mode 100644 index 0000000000..575dd4819a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-0f884ba817e82a09c51444fd8fb9e0c3.yaml @@ -0,0 +1,58 @@ +id: vikbooking-0f884ba817e82a09c51444fd8fb9e0c3 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.8 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c3f4796-3496-4786-9afb-bd32827764ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-1132ab9cdb5e1aa03187f7d03bdc59a2.yaml b/nuclei-templates/cve-less/plugins/vikbooking-1132ab9cdb5e1aa03187f7d03bdc59a2.yaml new file mode 100644 index 0000000000..6d82bab304 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-1132ab9cdb5e1aa03187f7d03bdc59a2.yaml @@ -0,0 +1,58 @@ +id: vikbooking-1132ab9cdb5e1aa03187f7d03bdc59a2 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.3 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3df8a0a2-e248-4c2e-a9c2-b5afc79cdd2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-11c30745c195f14e48360fc77cdc8022.yaml b/nuclei-templates/cve-less/plugins/vikbooking-11c30745c195f14e48360fc77cdc8022.yaml new file mode 100644 index 0000000000..4569da8511 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-11c30745c195f14e48360fc77cdc8022.yaml @@ -0,0 +1,58 @@ +id: vikbooking-11c30745c195f14e48360fc77cdc8022 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.6.1 - Cross-Site Request Forgery in listenTosFieldSavingTask function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8445aed7-107c-4627-9390-b4b5eb402b11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-12086c6161e4cc7ce0b879de54cf11f6.yaml b/nuclei-templates/cve-less/plugins/vikbooking-12086c6161e4cc7ce0b879de54cf11f6.yaml new file mode 100644 index 0000000000..8ccff2946c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-12086c6161e4cc7ce0b879de54cf11f6.yaml @@ -0,0 +1,58 @@ +id: vikbooking-12086c6161e4cc7ce0b879de54cf11f6 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.11 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/530ee998-de16-407f-8e84-b0d7c31c6f5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-149a8ac4ac482f385c63390cadbe0a31.yaml b/nuclei-templates/cve-less/plugins/vikbooking-149a8ac4ac482f385c63390cadbe0a31.yaml new file mode 100644 index 0000000000..abef554706 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-149a8ac4ac482f385c63390cadbe0a31.yaml @@ -0,0 +1,58 @@ +id: vikbooking-149a8ac4ac482f385c63390cadbe0a31 + +info: + name: > + VikBooking <= 1.5.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b7f31c-084e-489c-a902-c16e62b99e45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-3dd533aeaca3a609962577867487da63.yaml b/nuclei-templates/cve-less/plugins/vikbooking-3dd533aeaca3a609962577867487da63.yaml new file mode 100644 index 0000000000..3295bf8063 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-3dd533aeaca3a609962577867487da63.yaml @@ -0,0 +1,58 @@ +id: vikbooking-3dd533aeaca3a609962577867487da63 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_admin_widget function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5ef15c4-c96b-4e88-a941-e34d23a0e06a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-403f4119f5106c46647a3bb6c05fea16.yaml b/nuclei-templates/cve-less/plugins/vikbooking-403f4119f5106c46647a3bb6c05fea16.yaml new file mode 100644 index 0000000000..ec9a57633e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-403f4119f5106c46647a3bb6c05fea16.yaml @@ -0,0 +1,58 @@ +id: vikbooking-403f4119f5106c46647a3bb6c05fea16 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d806853-48c7-4c1c-9a9f-37d493695682?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-9ff0528f3bdcbc7bc2a574ec76b7073c.yaml b/nuclei-templates/cve-less/plugins/vikbooking-9ff0528f3bdcbc7bc2a574ec76b7073c.yaml new file mode 100644 index 0000000000..6f041ec3b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-9ff0528f3bdcbc7bc2a574ec76b7073c.yaml @@ -0,0 +1,58 @@ +id: vikbooking-9ff0528f3bdcbc7bc2a574ec76b7073c + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64196936-a0b8-48a7-ba5c-01ce061df82c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-ba194baade8141b72395aa7c5242d733.yaml b/nuclei-templates/cve-less/plugins/vikbooking-ba194baade8141b72395aa7c5242d733.yaml new file mode 100644 index 0000000000..e2b05026ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-ba194baade8141b72395aa7c5242d733.yaml @@ -0,0 +1,58 @@ +id: vikbooking-ba194baade8141b72395aa7c5242d733 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.6.1 - Cross-Site Request Forgery in multiple functions in admin/controller.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b670550-cf04-4db1-95e7-0330b5793c58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-c0b90ff70024ded1dfbdce03e3404db4.yaml b/nuclei-templates/cve-less/plugins/vikbooking-c0b90ff70024ded1dfbdce03e3404db4.yaml new file mode 100644 index 0000000000..6933f81dae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-c0b90ff70024ded1dfbdce03e3404db4.yaml @@ -0,0 +1,58 @@ +id: vikbooking-c0b90ff70024ded1dfbdce03e3404db4 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in saveconfig function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/385c6324-3d8e-4dc7-b8ca-309b05e7bdcc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-c19786c26a81604ba7bc3b6d58623c1b.yaml b/nuclei-templates/cve-less/plugins/vikbooking-c19786c26a81604ba7bc3b6d58623c1b.yaml new file mode 100644 index 0000000000..5bfbbcf9ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-c19786c26a81604ba7bc3b6d58623c1b.yaml @@ -0,0 +1,58 @@ +id: vikbooking-c19786c26a81604ba7bc3b6d58623c1b + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0631ac6-2d85-4073-be2c-05480deecf97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-c235b99db232fa89dbe1e8ea3f927b66.yaml b/nuclei-templates/cve-less/plugins/vikbooking-c235b99db232fa89dbe1e8ea3f927b66.yaml new file mode 100644 index 0000000000..cc22321785 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-c235b99db232fa89dbe1e8ea3f927b66.yaml @@ -0,0 +1,58 @@ +id: vikbooking-c235b99db232fa89dbe1e8ea3f927b66 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetmplfile function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ad32ff7-0557-439d-aa0f-49c5ea4271ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-d0ed43596ccad23cf6dcc12ca585066a.yaml b/nuclei-templates/cve-less/plugins/vikbooking-d0ed43596ccad23cf6dcc12ca585066a.yaml new file mode 100644 index 0000000000..16b99af95e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-d0ed43596ccad23cf6dcc12ca585066a.yaml @@ -0,0 +1,58 @@ +id: vikbooking-d0ed43596ccad23cf6dcc12ca585066a + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in savetranslationstay function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2594cef-6bde-425f-9412-fd4ed3da312e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-ea274279c76479017f4b24af2da83e22.yaml b/nuclei-templates/cve-less/plugins/vikbooking-ea274279c76479017f4b24af2da83e22.yaml new file mode 100644 index 0000000000..de75b5a8b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-ea274279c76479017f4b24af2da83e22.yaml @@ -0,0 +1,58 @@ +id: vikbooking-ea274279c76479017f4b24af2da83e22 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in widgets_watch_data function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b07b46a6-8a5d-40cb-8af9-baf0f1722736?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-f0f2d05530912202185a73680e9244c7.yaml b/nuclei-templates/cve-less/plugins/vikbooking-f0f2d05530912202185a73680e9244c7.yaml new file mode 100644 index 0000000000..74586741b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-f0f2d05530912202185a73680e9244c7.yaml @@ -0,0 +1,58 @@ +id: vikbooking-f0f2d05530912202185a73680e9244c7 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.6.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/364c8488-dab2-46bd-84b6-adfa59e2b013?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-fa15faecec3c0097e1e35ec5d5e47da4.yaml b/nuclei-templates/cve-less/plugins/vikbooking-fa15faecec3c0097e1e35ec5d5e47da4.yaml new file mode 100644 index 0000000000..31641158a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-fa15faecec3c0097e1e35ec5d5e47da4.yaml @@ -0,0 +1,58 @@ +id: vikbooking-fa15faecec3c0097e1e35ec5d5e47da4 + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.7 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebe215c6-b328-49b7-aed7-e164e1c5f0d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-fcfcdfbc5ea20598aae14247eec11a2c.yaml b/nuclei-templates/cve-less/plugins/vikbooking-fcfcdfbc5ea20598aae14247eec11a2c.yaml new file mode 100644 index 0000000000..c4b26709f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-fcfcdfbc5ea20598aae14247eec11a2c.yaml @@ -0,0 +1,58 @@ +id: vikbooking-fcfcdfbc5ea20598aae14247eec11a2c + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in save_admin_widgets function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2945971-80c6-44a2-bc65-1243af365692?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikbooking-ffb7f4edd06313966de8aad6a57d25cc.yaml b/nuclei-templates/cve-less/plugins/vikbooking-ffb7f4edd06313966de8aad6a57d25cc.yaml new file mode 100644 index 0000000000..b63073ac8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikbooking-ffb7f4edd06313966de8aad6a57d25cc.yaml @@ -0,0 +1,58 @@ +id: vikbooking-ffb7f4edd06313966de8aad6a57d25cc + +info: + name: > + VikBooking Hotel Booking Engine & PMS <= 1.5.12 - Cross-Site Request Forgery in exec_multitask_widgets function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6adc0154-169a-4d72-8687-66dbf6766139?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikbooking/" + google-query: inurl:"/wp-content/plugins/vikbooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikbooking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikbooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikbooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikrentcar-16743b52ce55d3a70d56b31f8a11af2a.yaml b/nuclei-templates/cve-less/plugins/vikrentcar-16743b52ce55d3a70d56b31f8a11af2a.yaml new file mode 100644 index 0000000000..bb31b1067d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikrentcar-16743b52ce55d3a70d56b31f8a11af2a.yaml @@ -0,0 +1,58 @@ +id: vikrentcar-16743b52ce55d3a70d56b31f8a11af2a + +info: + name: > + Vik Rent Car <= 1.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a79fda3-44eb-41fd-b049-971b959daecf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikrentcar/" + google-query: inurl:"/wp-content/plugins/vikrentcar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikrentcar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikrentcar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikrentcar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikrentcar-24d354774853bc075905dadb9ff31bb3.yaml b/nuclei-templates/cve-less/plugins/vikrentcar-24d354774853bc075905dadb9ff31bb3.yaml new file mode 100644 index 0000000000..daaf2f6352 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikrentcar-24d354774853bc075905dadb9ff31bb3.yaml @@ -0,0 +1,58 @@ +id: vikrentcar-24d354774853bc075905dadb9ff31bb3 + +info: + name: > + VikRentCar Car Rental Management System <= 1.3.2 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c01a8fbc-c16a-40e2-b628-f874cd3b21e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikrentcar/" + google-query: inurl:"/wp-content/plugins/vikrentcar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikrentcar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikrentcar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikrentcar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikrentcar-89a7d7a1b88043a7292e56fadd9f32f2.yaml b/nuclei-templates/cve-less/plugins/vikrentcar-89a7d7a1b88043a7292e56fadd9f32f2.yaml new file mode 100644 index 0000000000..2a0a3f0321 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikrentcar-89a7d7a1b88043a7292e56fadd9f32f2.yaml @@ -0,0 +1,58 @@ +id: vikrentcar-89a7d7a1b88043a7292e56fadd9f32f2 + +info: + name: > + VikRentCar Car Rental Management System <= 1.3.0 - Authenticated (Admin+) Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05dcfd2d-6488-4f82-b20b-4968e4a00796?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikrentcar/" + google-query: inurl:"/wp-content/plugins/vikrentcar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikrentcar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikrentcar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikrentcar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vikrentcar-8e0a508178120443600d129a2e7dbdba.yaml b/nuclei-templates/cve-less/plugins/vikrentcar-8e0a508178120443600d129a2e7dbdba.yaml new file mode 100644 index 0000000000..b5277aee49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vikrentcar-8e0a508178120443600d129a2e7dbdba.yaml @@ -0,0 +1,58 @@ +id: vikrentcar-8e0a508178120443600d129a2e7dbdba + +info: + name: > + VikRentCar Car Rental Management System < 1.1.10 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acbe0ccd-f814-4cdd-ab70-6b8d29166e25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vikrentcar/" + google-query: inurl:"/wp-content/plugins/vikrentcar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vikrentcar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vikrentcar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vikrentcar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vimeo-video-autoplay-automute-eaecffa52785ff552863c4cf8f09811c.yaml b/nuclei-templates/cve-less/plugins/vimeo-video-autoplay-automute-eaecffa52785ff552863c4cf8f09811c.yaml new file mode 100644 index 0000000000..e5e9afaf8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vimeo-video-autoplay-automute-eaecffa52785ff552863c4cf8f09811c.yaml @@ -0,0 +1,58 @@ +id: vimeo-video-autoplay-automute-eaecffa52785ff552863c4cf8f09811c + +info: + name: > + Vimeo Video Autoplay Automute <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3494e39-b4dc-46c1-9e8f-2c04fa3df940?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vimeo-video-autoplay-automute/" + google-query: inurl:"/wp-content/plugins/vimeo-video-autoplay-automute/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vimeo-video-autoplay-automute,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vimeo-video-autoplay-automute/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vimeo-video-autoplay-automute" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vimeography-bebe54861e63e8c1edcba180c7d233b2.yaml b/nuclei-templates/cve-less/plugins/vimeography-bebe54861e63e8c1edcba180c7d233b2.yaml new file mode 100644 index 0000000000..6dd382fd37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vimeography-bebe54861e63e8c1edcba180c7d233b2.yaml @@ -0,0 +1,58 @@ +id: vimeography-bebe54861e63e8c1edcba180c7d233b2 + +info: + name: > + Vimeography: Vimeo Video Gallery WordPress Plugin <= 2.3.2 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/853516b2-ec50-4937-89d3-d16042a6f71c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vimeography/" + google-query: inurl:"/wp-content/plugins/vimeography/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vimeography,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vimeography/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vimeography" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/virim-88ade2a77a8822c9ff6c3f53c1bb583d.yaml b/nuclei-templates/cve-less/plugins/virim-88ade2a77a8822c9ff6c3f53c1bb583d.yaml new file mode 100644 index 0000000000..965c4fd48e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/virim-88ade2a77a8822c9ff6c3f53c1bb583d.yaml @@ -0,0 +1,58 @@ +id: virim-88ade2a77a8822c9ff6c3f53c1bb583d + +info: + name: > + Virim <= 0.4 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b12deaa4-246e-4502-8091-fcbe5a2eae15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/virim/" + google-query: inurl:"/wp-content/plugins/virim/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,virim,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/virim/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "virim" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/virtual-robotstxt-littlebizzy-2d9ff787627cd2e1924f86a1568cd815.yaml b/nuclei-templates/cve-less/plugins/virtual-robotstxt-littlebizzy-2d9ff787627cd2e1924f86a1568cd815.yaml new file mode 100644 index 0000000000..6059b0929e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/virtual-robotstxt-littlebizzy-2d9ff787627cd2e1924f86a1568cd815.yaml @@ -0,0 +1,58 @@ +id: virtual-robotstxt-littlebizzy-2d9ff787627cd2e1924f86a1568cd815 + +info: + name: > + Virtual Robots.txt < 1.10 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11653fa1-c6f5-4bcc-81d2-dd469300b40a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/virtual-robotstxt-littlebizzy/" + google-query: inurl:"/wp-content/plugins/virtual-robotstxt-littlebizzy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,virtual-robotstxt-littlebizzy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/virtual-robotstxt-littlebizzy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "virtual-robotstxt-littlebizzy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visibility-logic-elementor-72146eb794f4fa05966f36db5696ae7f.yaml b/nuclei-templates/cve-less/plugins/visibility-logic-elementor-72146eb794f4fa05966f36db5696ae7f.yaml new file mode 100644 index 0000000000..0e793610b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visibility-logic-elementor-72146eb794f4fa05966f36db5696ae7f.yaml @@ -0,0 +1,58 @@ +id: visibility-logic-elementor-72146eb794f4fa05966f36db5696ae7f + +info: + name: > + Visibility Logic for Elementor <= 2.3.4 - Cross-Site Request Forgery via toggle_option + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb8aca3a-e4f7-41d6-9ea9-d189817c2c04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visibility-logic-elementor/" + google-query: inurl:"/wp-content/plugins/visibility-logic-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visibility-logic-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visibility-logic-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visibility-logic-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visibility-logic-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/visibility-logic-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..f40090cc59 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visibility-logic-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: visibility-logic-elementor-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visibility-logic-elementor/" + google-query: inurl:"/wp-content/plugins/visibility-logic-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visibility-logic-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visibility-logic-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visibility-logic-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vision-b3d167dc589e1f7c398305699f98be68.yaml b/nuclei-templates/cve-less/plugins/vision-b3d167dc589e1f7c398305699f98be68.yaml new file mode 100644 index 0000000000..aac57e5bdd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vision-b3d167dc589e1f7c398305699f98be68.yaml @@ -0,0 +1,58 @@ +id: vision-b3d167dc589e1f7c398305699f98be68 + +info: + name: > + Vision Interactive <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e99c10d-6632-4520-9239-9b831becd103?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vision/" + google-query: inurl:"/wp-content/plugins/vision/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vision,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vision/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vision" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vision-c13eb59a9d6116b65835e8ca21a2d0eb.yaml b/nuclei-templates/cve-less/plugins/vision-c13eb59a9d6116b65835e8ca21a2d0eb.yaml new file mode 100644 index 0000000000..7be5509871 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vision-c13eb59a9d6116b65835e8ca21a2d0eb.yaml @@ -0,0 +1,58 @@ +id: vision-c13eb59a9d6116b65835e8ca21a2d0eb + +info: + name: > + Vision Interactive <= 1.7.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24c4449e-0f20-4c77-a83c-05f547a9d853?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vision/" + google-query: inurl:"/wp-content/plugins/vision/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vision,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vision/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vision" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visitor-analytics-io-8e9a9f02c6675b20e9272fbaa352217c.yaml b/nuclei-templates/cve-less/plugins/visitor-analytics-io-8e9a9f02c6675b20e9272fbaa352217c.yaml new file mode 100644 index 0000000000..92b5baec6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visitor-analytics-io-8e9a9f02c6675b20e9272fbaa352217c.yaml @@ -0,0 +1,58 @@ +id: visitor-analytics-io-8e9a9f02c6675b20e9272fbaa352217c + +info: + name: > + TWIPLA (Visitor Analytics IO) <= 1.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a604c8d-1e4a-42c2-b7cf-ee6cae54730c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visitor-analytics-io/" + google-query: inurl:"/wp-content/plugins/visitor-analytics-io/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visitor-analytics-io,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visitor-analytics-io/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visitor-analytics-io" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visitors-app-e71ce69c47edc4e510fe6e645722913d.yaml b/nuclei-templates/cve-less/plugins/visitors-app-e71ce69c47edc4e510fe6e645722913d.yaml new file mode 100644 index 0000000000..4fd481985c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visitors-app-e71ce69c47edc4e510fe6e645722913d.yaml @@ -0,0 +1,58 @@ +id: visitors-app-e71ce69c47edc4e510fe6e645722913d + +info: + name: > + Visitors <= 0.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae9df4e5-b1d2-400b-89c7-eac5fbf2a8d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visitors-app/" + google-query: inurl:"/wp-content/plugins/visitors-app/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visitors-app,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visitors-app/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visitors-app" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visitors-online-25b24f1a950efe4f8999613471b96c47.yaml b/nuclei-templates/cve-less/plugins/visitors-online-25b24f1a950efe4f8999613471b96c47.yaml new file mode 100644 index 0000000000..fc1d7cca25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visitors-online-25b24f1a950efe4f8999613471b96c47.yaml @@ -0,0 +1,58 @@ +id: visitors-online-25b24f1a950efe4f8999613471b96c47 + +info: + name: > + Visitors Online by BestWebSoft <= 0.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dfa4ddf-bbe7-49b1-8b0d-c030ae81d0e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visitors-online/" + google-query: inurl:"/wp-content/plugins/visitors-online/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visitors-online,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visitors-online/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visitors-online" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visitors-online-fa2ea82db1a96118628c1703677b3f4f.yaml b/nuclei-templates/cve-less/plugins/visitors-online-fa2ea82db1a96118628c1703677b3f4f.yaml new file mode 100644 index 0000000000..8a74f1316c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visitors-online-fa2ea82db1a96118628c1703677b3f4f.yaml @@ -0,0 +1,58 @@ +id: visitors-online-fa2ea82db1a96118628c1703677b3f4f + +info: + name: > + Visitors Online by BestWebSoft < 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9032d416-28d1-4fdc-ac95-ba807df165a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visitors-online/" + google-query: inurl:"/wp-content/plugins/visitors-online/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visitors-online,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visitors-online/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visitors-online" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-354f6d128f8dd6bd63a76dae47bd8628.yaml b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-354f6d128f8dd6bd63a76dae47bd8628.yaml new file mode 100644 index 0000000000..6176cc23ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-354f6d128f8dd6bd63a76dae47bd8628.yaml @@ -0,0 +1,58 @@ +id: visitors-traffic-real-time-statistics-354f6d128f8dd6bd63a76dae47bd8628 + +info: + name: > + Visitor Traffic Real Time Statistics <= 1.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae741363-b0aa-4263-bb49-d3baa213167a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visitors-traffic-real-time-statistics/" + google-query: inurl:"/wp-content/plugins/visitors-traffic-real-time-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visitors-traffic-real-time-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visitors-traffic-real-time-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-36f12570b7647f69d0074b300c5e8c91.yaml b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-36f12570b7647f69d0074b300c5e8c91.yaml new file mode 100644 index 0000000000..8b72ffcfec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-36f12570b7647f69d0074b300c5e8c91.yaml @@ -0,0 +1,58 @@ +id: visitors-traffic-real-time-statistics-36f12570b7647f69d0074b300c5e8c91 + +info: + name: > + Visitor Traffic Real Time Statistics <= 2.11 - Missing Authorization to Arbitrary Plugin Installation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33086968-359f-46d7-825e-29c4e4449899?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visitors-traffic-real-time-statistics/" + google-query: inurl:"/wp-content/plugins/visitors-traffic-real-time-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visitors-traffic-real-time-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visitors-traffic-real-time-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-4fea783b4afcd4b123f2e73a82fb91f6.yaml b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-4fea783b4afcd4b123f2e73a82fb91f6.yaml new file mode 100644 index 0000000000..a93d7c430b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-4fea783b4afcd4b123f2e73a82fb91f6.yaml @@ -0,0 +1,58 @@ +id: visitors-traffic-real-time-statistics-4fea783b4afcd4b123f2e73a82fb91f6 + +info: + name: > + Visitor Traffic Real Time Statistics <= 3.8 - Subscriber+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17f85a52-7f55-4e11-8be3-f088eaad41b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visitors-traffic-real-time-statistics/" + google-query: inurl:"/wp-content/plugins/visitors-traffic-real-time-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visitors-traffic-real-time-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visitors-traffic-real-time-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-5a91aad28267261ebd2de3c8343f1995.yaml b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-5a91aad28267261ebd2de3c8343f1995.yaml new file mode 100644 index 0000000000..6fd9b78585 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-5a91aad28267261ebd2de3c8343f1995.yaml @@ -0,0 +1,58 @@ +id: visitors-traffic-real-time-statistics-5a91aad28267261ebd2de3c8343f1995 + +info: + name: > + Visitors Traffic Real Time Statistics <= 7.2 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4aac424-abf3-4d6c-a0a4-a95e2cf89864?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visitors-traffic-real-time-statistics/" + google-query: inurl:"/wp-content/plugins/visitors-traffic-real-time-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visitors-traffic-real-time-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visitors-traffic-real-time-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-95fcd32657de195d1ff10c3dd6c72f1b.yaml b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-95fcd32657de195d1ff10c3dd6c72f1b.yaml new file mode 100644 index 0000000000..0f21190d1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visitors-traffic-real-time-statistics-95fcd32657de195d1ff10c3dd6c72f1b.yaml @@ -0,0 +1,58 @@ +id: visitors-traffic-real-time-statistics-95fcd32657de195d1ff10c3dd6c72f1b + +info: + name: > + Visitor Traffic Real Time Statistics <= 1.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/043f5052-6606-4f0e-a6f2-d7276eb50106?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visitors-traffic-real-time-statistics/" + google-query: inurl:"/wp-content/plugins/visitors-traffic-real-time-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visitors-traffic-real-time-statistics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visitors-traffic-real-time-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visitors-traffic-real-time-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visual-footer-credit-remover-364c4ddc9c54073c09edf9a8678d0eaa.yaml b/nuclei-templates/cve-less/plugins/visual-footer-credit-remover-364c4ddc9c54073c09edf9a8678d0eaa.yaml new file mode 100644 index 0000000000..6836250f84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visual-footer-credit-remover-364c4ddc9c54073c09edf9a8678d0eaa.yaml @@ -0,0 +1,58 @@ +id: visual-footer-credit-remover-364c4ddc9c54073c09edf9a8678d0eaa + +info: + name: > + Visual Footer Credit Remover <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fcb65a0-4218-4728-9c29-0d1a03f438a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visual-footer-credit-remover/" + google-query: inurl:"/wp-content/plugins/visual-footer-credit-remover/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visual-footer-credit-remover,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visual-footer-credit-remover/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visual-footer-credit-remover" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visual-form-builder-02a51eb116d83b932887ff5f7b3fb4a8.yaml b/nuclei-templates/cve-less/plugins/visual-form-builder-02a51eb116d83b932887ff5f7b3fb4a8.yaml new file mode 100644 index 0000000000..b9e31b3d9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visual-form-builder-02a51eb116d83b932887ff5f7b3fb4a8.yaml @@ -0,0 +1,58 @@ +id: visual-form-builder-02a51eb116d83b932887ff5f7b3fb4a8 + +info: + name: > + Visual Form Builder <= 3.0.6 - Admin+ Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/897824d0-17cc-4322-bcd9-5e41d141bf62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visual-form-builder/" + google-query: inurl:"/wp-content/plugins/visual-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visual-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visual-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visual-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visual-form-builder-4c347b72fa44728662f7bf8d25a3a220.yaml b/nuclei-templates/cve-less/plugins/visual-form-builder-4c347b72fa44728662f7bf8d25a3a220.yaml new file mode 100644 index 0000000000..cbec83a2a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visual-form-builder-4c347b72fa44728662f7bf8d25a3a220.yaml @@ -0,0 +1,58 @@ +id: visual-form-builder-4c347b72fa44728662f7bf8d25a3a220 + +info: + name: > + Visual Form Builder <= 3.0.3 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50e373bd-4408-4406-a411-3284fa71e7ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visual-form-builder/" + google-query: inurl:"/wp-content/plugins/visual-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visual-form-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visual-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visual-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visual-form-builder-531bd0b3fee40b8878bba597b7ee560f.yaml b/nuclei-templates/cve-less/plugins/visual-form-builder-531bd0b3fee40b8878bba597b7ee560f.yaml new file mode 100644 index 0000000000..34574f6a02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visual-form-builder-531bd0b3fee40b8878bba597b7ee560f.yaml @@ -0,0 +1,58 @@ +id: visual-form-builder-531bd0b3fee40b8878bba597b7ee560f + +info: + name: > + Visual Form Builder <= 3.0.5 - Unauthenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fe81113-6ed1-48f2-a6d0-db4c19f6df10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visual-form-builder/" + google-query: inurl:"/wp-content/plugins/visual-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visual-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visual-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visual-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visual-form-builder-bbd390969a32b30a2e60ec6fbae2e10c.yaml b/nuclei-templates/cve-less/plugins/visual-form-builder-bbd390969a32b30a2e60ec6fbae2e10c.yaml new file mode 100644 index 0000000000..073ff8a1a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visual-form-builder-bbd390969a32b30a2e60ec6fbae2e10c.yaml @@ -0,0 +1,58 @@ +id: visual-form-builder-bbd390969a32b30a2e60ec6fbae2e10c + +info: + name: > + Visual Form Builder <= 3.0.7 - Cross-Site Request Forgery to Data Modification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a26473b9-8cc1-47e6-a3d3-4ebf1f9e902a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visual-form-builder/" + google-query: inurl:"/wp-content/plugins/visual-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visual-form-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visual-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visual-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visual-form-builder-fd65d6ef4219e436898ad3cacb24b677.yaml b/nuclei-templates/cve-less/plugins/visual-form-builder-fd65d6ef4219e436898ad3cacb24b677.yaml new file mode 100644 index 0000000000..39e188d120 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visual-form-builder-fd65d6ef4219e436898ad3cacb24b677.yaml @@ -0,0 +1,58 @@ +id: visual-form-builder-fd65d6ef4219e436898ad3cacb24b677 + +info: + name: > + Visual Form Builder <= 3.0.5 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bdbd3a1a-a206-4e50-893d-1b2d6c8d153a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visual-form-builder/" + google-query: inurl:"/wp-content/plugins/visual-form-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visual-form-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visual-form-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visual-form-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visual-link-preview-1ba012726d7c27bdaaa5794ed01a43ce.yaml b/nuclei-templates/cve-less/plugins/visual-link-preview-1ba012726d7c27bdaaa5794ed01a43ce.yaml new file mode 100644 index 0000000000..5175e8974c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visual-link-preview-1ba012726d7c27bdaaa5794ed01a43ce.yaml @@ -0,0 +1,58 @@ +id: visual-link-preview-1ba012726d7c27bdaaa5794ed01a43ce + +info: + name: > + Visual Link Preview <= 2.2.2 - Unauthorised AJAX Calls + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/012e019f-9146-45bc-b4d7-aa724dbebdc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visual-link-preview/" + google-query: inurl:"/wp-content/plugins/visual-link-preview/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visual-link-preview,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visual-link-preview/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visual-link-preview" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visual-portfolio-904ef9700805f0f3f94a1742149713b3.yaml b/nuclei-templates/cve-less/plugins/visual-portfolio-904ef9700805f0f3f94a1742149713b3.yaml new file mode 100644 index 0000000000..980d2be281 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visual-portfolio-904ef9700805f0f3f94a1742149713b3.yaml @@ -0,0 +1,58 @@ +id: visual-portfolio-904ef9700805f0f3f94a1742149713b3 + +info: + name: > + Visual Portfolio, Photo Gallery & Post Grid <= 2.17.1 - Unauthenticated CSS Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e20082a0-dca6-4a26-919f-d59752dfbe90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visual-portfolio/" + google-query: inurl:"/wp-content/plugins/visual-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visual-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visual-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visual-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.17.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visual-portfolio-f7bdb4090710d2db62425857f01fcc9d.yaml b/nuclei-templates/cve-less/plugins/visual-portfolio-f7bdb4090710d2db62425857f01fcc9d.yaml new file mode 100644 index 0000000000..f5ff48effc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visual-portfolio-f7bdb4090710d2db62425857f01fcc9d.yaml @@ -0,0 +1,58 @@ +id: visual-portfolio-f7bdb4090710d2db62425857f01fcc9d + +info: + name: > + Visual Portfolio, Photo Gallery & Post Grid <= 2.18.0 - Contributor+ CSS Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7519c43-d8d1-4412-b2f3-77f59736924c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visual-portfolio/" + google-query: inurl:"/wp-content/plugins/visual-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visual-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visual-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visual-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualcomposer-1390282d7da53f6dd62f69c33ae3d8da.yaml b/nuclei-templates/cve-less/plugins/visualcomposer-1390282d7da53f6dd62f69c33ae3d8da.yaml new file mode 100644 index 0000000000..39d3682e9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualcomposer-1390282d7da53f6dd62f69c33ae3d8da.yaml @@ -0,0 +1,58 @@ +id: visualcomposer-1390282d7da53f6dd62f69c33ae3d8da + +info: + name: > + Visual Composer Premium <= 45.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/622b9b46-774d-4251-9a79-73e5b398de57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualcomposer/" + google-query: inurl:"/wp-content/plugins/visualcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualcomposer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 45.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualcomposer-8a58bcfdfe2c7ef0990c9f0e6222a7d9.yaml b/nuclei-templates/cve-less/plugins/visualcomposer-8a58bcfdfe2c7ef0990c9f0e6222a7d9.yaml new file mode 100644 index 0000000000..1fb13f18db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualcomposer-8a58bcfdfe2c7ef0990c9f0e6222a7d9.yaml @@ -0,0 +1,58 @@ +id: visualcomposer-8a58bcfdfe2c7ef0990c9f0e6222a7d9 + +info: + name: > + Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Title' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26c7be89-a83d-4912-aef5-4cc046b5d768?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualcomposer/" + google-query: inurl:"/wp-content/plugins/visualcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualcomposer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 45.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualcomposer-9c4cf933125615aec48f1e67f49080b2.yaml b/nuclei-templates/cve-less/plugins/visualcomposer-9c4cf933125615aec48f1e67f49080b2.yaml new file mode 100644 index 0000000000..d9846e51b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualcomposer-9c4cf933125615aec48f1e67f49080b2.yaml @@ -0,0 +1,58 @@ +id: visualcomposer-9c4cf933125615aec48f1e67f49080b2 + +info: + name: > + Visual Composer Website Builder <= 45.0 - Authenticated Stored Cross-Site Scripting via 'Text Block' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38dd95b2-d747-44f3-a3f5-d32221381554?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualcomposer/" + google-query: inurl:"/wp-content/plugins/visualcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualcomposer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 45.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualcomposer-b1162d19127bf06b82fd09bfd50f373f.yaml b/nuclei-templates/cve-less/plugins/visualcomposer-b1162d19127bf06b82fd09bfd50f373f.yaml new file mode 100644 index 0000000000..2de7ab9efa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualcomposer-b1162d19127bf06b82fd09bfd50f373f.yaml @@ -0,0 +1,58 @@ +id: visualcomposer-b1162d19127bf06b82fd09bfd50f373f + +info: + name: > + Visual Composer <= 26.0 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c476d9af-9060-4294-874a-86e550253d3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualcomposer/" + google-query: inurl:"/wp-content/plugins/visualcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualcomposer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 26.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualcomposer-f7c4402196deebd8e7afa93ed50fb9fe.yaml b/nuclei-templates/cve-less/plugins/visualcomposer-f7c4402196deebd8e7afa93ed50fb9fe.yaml new file mode 100644 index 0000000000..8e66cf81f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualcomposer-f7c4402196deebd8e7afa93ed50fb9fe.yaml @@ -0,0 +1,58 @@ +id: visualcomposer-f7c4402196deebd8e7afa93ed50fb9fe + +info: + name: > + Visual Composer Website Builder <= 45.6.0 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3042586-dd23-487f-a79c-7ad5b5e38677?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualcomposer/" + google-query: inurl:"/wp-content/plugins/visualcomposer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualcomposer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualcomposer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualcomposer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 45.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualizer-2124b535b772d79cc24446b949f6de44.yaml b/nuclei-templates/cve-less/plugins/visualizer-2124b535b772d79cc24446b949f6de44.yaml new file mode 100644 index 0000000000..68f1b6c221 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualizer-2124b535b772d79cc24446b949f6de44.yaml @@ -0,0 +1,58 @@ +id: visualizer-2124b535b772d79cc24446b949f6de44 + +info: + name: > + Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9606d92-8061-4dfc-a6e2-509b54613277?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualizer/" + google-query: inurl:"/wp-content/plugins/visualizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualizer-41ad3634ff8212271a6b431b84da2b4e.yaml b/nuclei-templates/cve-less/plugins/visualizer-41ad3634ff8212271a6b431b84da2b4e.yaml new file mode 100644 index 0000000000..32df3fe9d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualizer-41ad3634ff8212271a6b431b84da2b4e.yaml @@ -0,0 +1,58 @@ +id: visualizer-41ad3634ff8212271a6b431b84da2b4e + +info: + name: > + Visualizer: Tables and Charts Manager for WordPress <= 3.3.0 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54a425b0-592a-433d-b9e7-776760536668?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualizer/" + google-query: inurl:"/wp-content/plugins/visualizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualizer-4f85b81befb670bebb2829a27d7eeb09.yaml b/nuclei-templates/cve-less/plugins/visualizer-4f85b81befb670bebb2829a27d7eeb09.yaml new file mode 100644 index 0000000000..c748920a2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualizer-4f85b81befb670bebb2829a27d7eeb09.yaml @@ -0,0 +1,58 @@ +id: visualizer-4f85b81befb670bebb2829a27d7eeb09 + +info: + name: > + Visualizer <= 3.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88829cca-4389-4b1a-a376-7abfbc37508e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualizer/" + google-query: inurl:"/wp-content/plugins/visualizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualizer-586527cb70d024f19104907acee04683.yaml b/nuclei-templates/cve-less/plugins/visualizer-586527cb70d024f19104907acee04683.yaml new file mode 100644 index 0000000000..23fd472011 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualizer-586527cb70d024f19104907acee04683.yaml @@ -0,0 +1,58 @@ +id: visualizer-586527cb70d024f19104907acee04683 + +info: + name: > + Visualizer <= 3.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d32ceb67-8ad1-4f59-b4a8-63c9c3e8b90c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualizer/" + google-query: inurl:"/wp-content/plugins/visualizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualizer-9153236cbe43b83fd86d1f43d04bc623.yaml b/nuclei-templates/cve-less/plugins/visualizer-9153236cbe43b83fd86d1f43d04bc623.yaml new file mode 100644 index 0000000000..edc8703077 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualizer-9153236cbe43b83fd86d1f43d04bc623.yaml @@ -0,0 +1,58 @@ +id: visualizer-9153236cbe43b83fd86d1f43d04bc623 + +info: + name: > + Visualizer: Tables and Charts Manager for WordPress <= 3.3.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eaaf1ac0-1ea6-4bcb-a385-87267525801c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualizer/" + google-query: inurl:"/wp-content/plugins/visualizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualizer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualizer-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/visualizer-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..459d0eabf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualizer-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: visualizer-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualizer/" + google-query: inurl:"/wp-content/plugins/visualizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualizer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualizer-9bbff95ee11b793fca5a68930a481dc0.yaml b/nuclei-templates/cve-less/plugins/visualizer-9bbff95ee11b793fca5a68930a481dc0.yaml new file mode 100644 index 0000000000..cc6e66226d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualizer-9bbff95ee11b793fca5a68930a481dc0.yaml @@ -0,0 +1,58 @@ +id: visualizer-9bbff95ee11b793fca5a68930a481dc0 + +info: + name: > + Visualizer <= 3.10.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a97f74bf-c3a5-4bb3-a7fd-d3f43af6ec42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualizer/" + google-query: inurl:"/wp-content/plugins/visualizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/visualizer-a42d8ff7a7669fd14fcfc52a34b52ce7.yaml b/nuclei-templates/cve-less/plugins/visualizer-a42d8ff7a7669fd14fcfc52a34b52ce7.yaml new file mode 100644 index 0000000000..1591a9fd4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/visualizer-a42d8ff7a7669fd14fcfc52a34b52ce7.yaml @@ -0,0 +1,58 @@ +id: visualizer-a42d8ff7a7669fd14fcfc52a34b52ce7 + +info: + name: > + Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d25ed357-2895-47c7-9418-628068c6d18e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/visualizer/" + google-query: inurl:"/wp-content/plugins/visualizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,visualizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/visualizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "visualizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vitamin-78063a4bd6e10b68423683776f51a447.yaml b/nuclei-templates/cve-less/plugins/vitamin-78063a4bd6e10b68423683776f51a447.yaml new file mode 100644 index 0000000000..19226056e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vitamin-78063a4bd6e10b68423683776f51a447.yaml @@ -0,0 +1,58 @@ +id: vitamin-78063a4bd6e10b68423683776f51a447 + +info: + name: > + Vitamin < 1.1.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/992a91da-724f-40cc-b552-113d62fe20c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vitamin/" + google-query: inurl:"/wp-content/plugins/vitamin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vitamin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vitamin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vitamin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vitepos-lite-d6b6bc643ec1ba18798cef4b6b37fe69.yaml b/nuclei-templates/cve-less/plugins/vitepos-lite-d6b6bc643ec1ba18798cef4b6b37fe69.yaml new file mode 100644 index 0000000000..8e103537d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vitepos-lite-d6b6bc643ec1ba18798cef4b6b37fe69.yaml @@ -0,0 +1,58 @@ +id: vitepos-lite-d6b6bc643ec1ba18798cef4b6b37fe69 + +info: + name: > + Vitepos <= 3.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ece7e74-ffd9-48f9-b66b-58708233b24b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vitepos-lite/" + google-query: inurl:"/wp-content/plugins/vitepos-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vitepos-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vitepos-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vitepos-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-12bc74e09861e7d74d799801df685593.yaml b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-12bc74e09861e7d74d799801df685593.yaml new file mode 100644 index 0000000000..e8612c946f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-12bc74e09861e7d74d799801df685593.yaml @@ -0,0 +1,58 @@ +id: vk-all-in-one-expansion-unit-12bc74e09861e7d74d799801df685593 + +info: + name: > + VK All in One Expansion Unit <= 9.96.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bc697b3-20f6-46df-a250-f2009a60200e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-all-in-one-expansion-unit/" + google-query: inurl:"/wp-content/plugins/vk-all-in-one-expansion-unit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-all-in-one-expansion-unit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-all-in-one-expansion-unit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.96.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-5f7a0857cd225d8f715faf1ad377962f.yaml b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-5f7a0857cd225d8f715faf1ad377962f.yaml new file mode 100644 index 0000000000..bcde93ac21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-5f7a0857cd225d8f715faf1ad377962f.yaml @@ -0,0 +1,58 @@ +id: vk-all-in-one-expansion-unit-5f7a0857cd225d8f715faf1ad377962f + +info: + name: > + VK All in One Expansion Unit <= 9.88.1.0 - Stored (Contributor+) Cross-Site Scripting in Profile Setting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40c5dd26-6063-4ab2-a370-464e84d806b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-all-in-one-expansion-unit/" + google-query: inurl:"/wp-content/plugins/vk-all-in-one-expansion-unit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-all-in-one-expansion-unit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-all-in-one-expansion-unit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.88.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-649bbe5603010e1e08e8da0606e10331.yaml b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-649bbe5603010e1e08e8da0606e10331.yaml new file mode 100644 index 0000000000..9bee055e1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-649bbe5603010e1e08e8da0606e10331.yaml @@ -0,0 +1,58 @@ +id: vk-all-in-one-expansion-unit-649bbe5603010e1e08e8da0606e10331 + +info: + name: > + VK All in One Expansion Unit <= 9.95.0.1 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea2b5dca-42a5-49d4-800d-b268572968a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-all-in-one-expansion-unit/" + google-query: inurl:"/wp-content/plugins/vk-all-in-one-expansion-unit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-all-in-one-expansion-unit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-all-in-one-expansion-unit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.95.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-8f7f33ee1e4675fee4c38d5051fea8e5.yaml b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-8f7f33ee1e4675fee4c38d5051fea8e5.yaml new file mode 100644 index 0000000000..de8fa8cacc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-8f7f33ee1e4675fee4c38d5051fea8e5.yaml @@ -0,0 +1,58 @@ +id: vk-all-in-one-expansion-unit-8f7f33ee1e4675fee4c38d5051fea8e5 + +info: + name: > + VK All in One Expansion Unit <= 9.88.1.0 - Stored (Contributor+) Cross-Site Scripting in CTA Post + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1da39f3d-512c-49e0-89cb-672783e5ca4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-all-in-one-expansion-unit/" + google-query: inurl:"/wp-content/plugins/vk-all-in-one-expansion-unit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-all-in-one-expansion-unit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-all-in-one-expansion-unit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.88.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-c77161a5bde1c663570a6c8d07d1524e.yaml b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-c77161a5bde1c663570a6c8d07d1524e.yaml new file mode 100644 index 0000000000..e5ff1f43ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-c77161a5bde1c663570a6c8d07d1524e.yaml @@ -0,0 +1,58 @@ +id: vk-all-in-one-expansion-unit-c77161a5bde1c663570a6c8d07d1524e + +info: + name: > + VK All in One Expansion Unit <= 9.85.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1f10e67-d301-46ba-b92e-432819cb9606?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-all-in-one-expansion-unit/" + google-query: inurl:"/wp-content/plugins/vk-all-in-one-expansion-unit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-all-in-one-expansion-unit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-all-in-one-expansion-unit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.85.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-c9d94923a4b0892540bbb0f51f12aa0e.yaml b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-c9d94923a4b0892540bbb0f51f12aa0e.yaml new file mode 100644 index 0000000000..2eaff974a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-all-in-one-expansion-unit-c9d94923a4b0892540bbb0f51f12aa0e.yaml @@ -0,0 +1,58 @@ +id: vk-all-in-one-expansion-unit-c9d94923a4b0892540bbb0f51f12aa0e + +info: + name: > + VK All in One Expansion Unit <= 9.87.0.1 - Reflected Cross-Site Scripting via REQUEST_URI + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/390e9c30-e4c0-474d-9915-dd46f5464cea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-all-in-one-expansion-unit/" + google-query: inurl:"/wp-content/plugins/vk-all-in-one-expansion-unit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-all-in-one-expansion-unit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-all-in-one-expansion-unit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-all-in-one-expansion-unit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.87.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-block-patterns-0d1db255d715c554771e21ce6d36684e.yaml b/nuclei-templates/cve-less/plugins/vk-block-patterns-0d1db255d715c554771e21ce6d36684e.yaml new file mode 100644 index 0000000000..af7738e1c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-block-patterns-0d1db255d715c554771e21ce6d36684e.yaml @@ -0,0 +1,58 @@ +id: vk-block-patterns-0d1db255d715c554771e21ce6d36684e + +info: + name: > + VK Block Patterns <= 1.31.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90c0be4a-1146-4a17-918e-ed5362bde022?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-block-patterns/" + google-query: inurl:"/wp-content/plugins/vk-block-patterns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-block-patterns,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-block-patterns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-block-patterns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.31.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-block-patterns-eda825401e6ca5d10a15871a11cf4f40.yaml b/nuclei-templates/cve-less/plugins/vk-block-patterns-eda825401e6ca5d10a15871a11cf4f40.yaml new file mode 100644 index 0000000000..1839689fc3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-block-patterns-eda825401e6ca5d10a15871a11cf4f40.yaml @@ -0,0 +1,58 @@ +id: vk-block-patterns-eda825401e6ca5d10a15871a11cf4f40 + +info: + name: > + VK Block Patterns <= 1.31.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-block-patterns/" + google-query: inurl:"/wp-content/plugins/vk-block-patterns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-block-patterns,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-block-patterns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-block-patterns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.31.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-blocks-06ebadedd58b7ae3403fa022e6ae3a90.yaml b/nuclei-templates/cve-less/plugins/vk-blocks-06ebadedd58b7ae3403fa022e6ae3a90.yaml new file mode 100644 index 0000000000..aa0fe44541 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-blocks-06ebadedd58b7ae3403fa022e6ae3a90.yaml @@ -0,0 +1,58 @@ +id: vk-blocks-06ebadedd58b7ae3403fa022e6ae3a90 + +info: + name: > + VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12a94f5b-bc30-4a65-b397-54488c836ec3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-blocks/" + google-query: inurl:"/wp-content/plugins/vk-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.57.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-blocks-30ce892560143a1889e7a76a4e09b69d.yaml b/nuclei-templates/cve-less/plugins/vk-blocks-30ce892560143a1889e7a76a4e09b69d.yaml new file mode 100644 index 0000000000..8feee6a266 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-blocks-30ce892560143a1889e7a76a4e09b69d.yaml @@ -0,0 +1,58 @@ +id: vk-blocks-30ce892560143a1889e7a76a4e09b69d + +info: + name: > + VK Blocks <= 1.57.0.5 - Authenticated(Contributor+) Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b90b7f6c-df7f-48a5-b283-cf5facbd71e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-blocks/" + google-query: inurl:"/wp-content/plugins/vk-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.57.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-blocks-4131547f48ef03f81376294e8bfec1f9.yaml b/nuclei-templates/cve-less/plugins/vk-blocks-4131547f48ef03f81376294e8bfec1f9.yaml new file mode 100644 index 0000000000..3fa7b72755 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-blocks-4131547f48ef03f81376294e8bfec1f9.yaml @@ -0,0 +1,58 @@ +id: vk-blocks-4131547f48ef03f81376294e8bfec1f9 + +info: + name: > + VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Tag Edit + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e01f5bd8-de0f-48aa-8007-61a0ebd0ebf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-blocks/" + google-query: inurl:"/wp-content/plugins/vk-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-blocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.53.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-blocks-768fa7749718c2471763f91755f4694f.yaml b/nuclei-templates/cve-less/plugins/vk-blocks-768fa7749718c2471763f91755f4694f.yaml new file mode 100644 index 0000000000..eaf27a0ef9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-blocks-768fa7749718c2471763f91755f4694f.yaml @@ -0,0 +1,58 @@ +id: vk-blocks-768fa7749718c2471763f91755f4694f + +info: + name: > + VK Blocks <= 1.63.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05dd7c96-7880-44a8-a06f-037bc627fd8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-blocks/" + google-query: inurl:"/wp-content/plugins/vk-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.63.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-blocks-7d646a32d0c4bc3814bc480ca69d5434.yaml b/nuclei-templates/cve-less/plugins/vk-blocks-7d646a32d0c4bc3814bc480ca69d5434.yaml new file mode 100644 index 0000000000..73f5f7df46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-blocks-7d646a32d0c4bc3814bc480ca69d5434.yaml @@ -0,0 +1,58 @@ +id: vk-blocks-7d646a32d0c4bc3814bc480ca69d5434 + +info: + name: > + VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Post + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03d05c74-da50-4175-86f5-f39a89dbffd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-blocks/" + google-query: inurl:"/wp-content/plugins/vk-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-blocks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.53.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-blocks-pro-4131547f48ef03f81376294e8bfec1f9.yaml b/nuclei-templates/cve-less/plugins/vk-blocks-pro-4131547f48ef03f81376294e8bfec1f9.yaml new file mode 100644 index 0000000000..26339eda6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-blocks-pro-4131547f48ef03f81376294e8bfec1f9.yaml @@ -0,0 +1,58 @@ +id: vk-blocks-pro-4131547f48ef03f81376294e8bfec1f9 + +info: + name: > + VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Tag Edit + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e01f5bd8-de0f-48aa-8007-61a0ebd0ebf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-blocks-pro/" + google-query: inurl:"/wp-content/plugins/vk-blocks-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-blocks-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-blocks-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-blocks-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.53.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-blocks-pro-7d646a32d0c4bc3814bc480ca69d5434.yaml b/nuclei-templates/cve-less/plugins/vk-blocks-pro-7d646a32d0c4bc3814bc480ca69d5434.yaml new file mode 100644 index 0000000000..b58f6bb07f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-blocks-pro-7d646a32d0c4bc3814bc480ca69d5434.yaml @@ -0,0 +1,58 @@ +id: vk-blocks-pro-7d646a32d0c4bc3814bc480ca69d5434 + +info: + name: > + VK Blocks <= 1.53.0.1 - Stored (Contributor+) Cross-Site Scripting in Post + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03d05c74-da50-4175-86f5-f39a89dbffd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-blocks-pro/" + google-query: inurl:"/wp-content/plugins/vk-blocks-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-blocks-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-blocks-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-blocks-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.53.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-filter-search-0ade74287dacdefe3e19153b1abafe0f.yaml b/nuclei-templates/cve-less/plugins/vk-filter-search-0ade74287dacdefe3e19153b1abafe0f.yaml new file mode 100644 index 0000000000..698ff5d1b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-filter-search-0ade74287dacdefe3e19153b1abafe0f.yaml @@ -0,0 +1,58 @@ +id: vk-filter-search-0ade74287dacdefe3e19153b1abafe0f + +info: + name: > + VK Filter Search <= 2.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/012946d4-82ce-48b9-9b9a-1fc49846dca6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-filter-search/" + google-query: inurl:"/wp-content/plugins/vk-filter-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-filter-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-filter-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-filter-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vk-poster-group-d8b1183c7012780dff9901b361328ade.yaml b/nuclei-templates/cve-less/plugins/vk-poster-group-d8b1183c7012780dff9901b361328ade.yaml new file mode 100644 index 0000000000..64ea7f4320 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vk-poster-group-d8b1183c7012780dff9901b361328ade.yaml @@ -0,0 +1,58 @@ +id: vk-poster-group-d8b1183c7012780dff9901b361328ade + +info: + name: > + VK Poster Group <= 2.0.3 - Reflected Cross-Site Scripting via vkp_repost + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14f030bd-8d8d-4152-817d-d72c9b7a0152?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vk-poster-group/" + google-query: inurl:"/wp-content/plugins/vk-poster-group/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vk-poster-group,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vk-poster-group/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vk-poster-group" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vm-backups-213063abe242012045731163716041ce.yaml b/nuclei-templates/cve-less/plugins/vm-backups-213063abe242012045731163716041ce.yaml new file mode 100644 index 0000000000..6407679179 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vm-backups-213063abe242012045731163716041ce.yaml @@ -0,0 +1,58 @@ +id: vm-backups-213063abe242012045731163716041ce + +info: + name: > + VM Backups <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/450d4c30-b799-44c9-b60e-a1d701e9055e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vm-backups/" + google-query: inurl:"/wp-content/plugins/vm-backups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vm-backups,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vm-backups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vm-backups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vm-backups-a4378f0df660425c1f67e7a182915736.yaml b/nuclei-templates/cve-less/plugins/vm-backups-a4378f0df660425c1f67e7a182915736.yaml new file mode 100644 index 0000000000..eba01f7e54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vm-backups-a4378f0df660425c1f67e7a182915736.yaml @@ -0,0 +1,58 @@ +id: vm-backups-a4378f0df660425c1f67e7a182915736 + +info: + name: > + VM Backups <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67c86b04-fdbd-4782-a362-fdec5e1f7c92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vm-backups/" + google-query: inurl:"/wp-content/plugins/vm-backups/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vm-backups,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vm-backups/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vm-backups" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vn-calendar-495d298d6c0fc5fe1a9847d638c40959.yaml b/nuclei-templates/cve-less/plugins/vn-calendar-495d298d6c0fc5fe1a9847d638c40959.yaml new file mode 100644 index 0000000000..0264ac793a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vn-calendar-495d298d6c0fc5fe1a9847d638c40959.yaml @@ -0,0 +1,58 @@ +id: vn-calendar-495d298d6c0fc5fe1a9847d638c40959 + +info: + name: > + VN Calendar <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5224233f-6cb4-4fd9-b25b-e32db612cb7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vn-calendar/" + google-query: inurl:"/wp-content/plugins/vn-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vn-calendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vn-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vn-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vod-infomaniak-a84518c46b40e343620d7d2d2c269c9e.yaml b/nuclei-templates/cve-less/plugins/vod-infomaniak-a84518c46b40e343620d7d2d2c269c9e.yaml new file mode 100644 index 0000000000..9fcf2a745d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vod-infomaniak-a84518c46b40e343620d7d2d2c269c9e.yaml @@ -0,0 +1,58 @@ +id: vod-infomaniak-a84518c46b40e343620d7d2d2c269c9e + +info: + name: > + VOD Infomaniak <= 1.5.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd805cb5-45ce-4213-b313-d9e300527265?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vod-infomaniak/" + google-query: inurl:"/wp-content/plugins/vod-infomaniak/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vod-infomaniak,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vod-infomaniak/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vod-infomaniak" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vodpod-video-gallery-7d553117936251fe3b1ece76fb8572be.yaml b/nuclei-templates/cve-less/plugins/vodpod-video-gallery-7d553117936251fe3b1ece76fb8572be.yaml new file mode 100644 index 0000000000..69508ae268 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vodpod-video-gallery-7d553117936251fe3b1ece76fb8572be.yaml @@ -0,0 +1,58 @@ +id: vodpod-video-gallery-7d553117936251fe3b1ece76fb8572be + +info: + name: > + Vodpod Video Gallery <= 3.1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c609a29-3c72-4921-ab7a-2f2593b2e4b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vodpod-video-gallery/" + google-query: inurl:"/wp-content/plugins/vodpod-video-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vodpod-video-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vodpod-video-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vodpod-video-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/void-elementor-post-grid-addon-for-elementor-page-builder-e26003fb15eb8dfdd3862b141bc3094e.yaml b/nuclei-templates/cve-less/plugins/void-elementor-post-grid-addon-for-elementor-page-builder-e26003fb15eb8dfdd3862b141bc3094e.yaml new file mode 100644 index 0000000000..5353f0b900 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/void-elementor-post-grid-addon-for-elementor-page-builder-e26003fb15eb8dfdd3862b141bc3094e.yaml @@ -0,0 +1,58 @@ +id: void-elementor-post-grid-addon-for-elementor-page-builder-e26003fb15eb8dfdd3862b141bc3094e + +info: + name: > + Void Elementor Post Grid Addon for Elementor Page builder <= 2.1.10 - Missing Authorization to Review Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b847857-5dc9-4793-b9d6-759f27377fe3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/void-elementor-post-grid-addon-for-elementor-page-builder/" + google-query: inurl:"/wp-content/plugins/void-elementor-post-grid-addon-for-elementor-page-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,void-elementor-post-grid-addon-for-elementor-page-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/void-elementor-post-grid-addon-for-elementor-page-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "void-elementor-post-grid-addon-for-elementor-page-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/void-elementor-whmcs-elements-261bb3f8fcb24ed57cf7abcc44aedfa4.yaml b/nuclei-templates/cve-less/plugins/void-elementor-whmcs-elements-261bb3f8fcb24ed57cf7abcc44aedfa4.yaml new file mode 100644 index 0000000000..0d1435e198 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/void-elementor-whmcs-elements-261bb3f8fcb24ed57cf7abcc44aedfa4.yaml @@ -0,0 +1,58 @@ +id: void-elementor-whmcs-elements-261bb3f8fcb24ed57cf7abcc44aedfa4 + +info: + name: > + Void Elementor WHMCS Elements For Elementor Page Builder <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dabfdab-2c7a-4c9b-9c8f-a93639da1a35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/void-elementor-whmcs-elements/" + google-query: inurl:"/wp-content/plugins/void-elementor-whmcs-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,void-elementor-whmcs-elements,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/void-elementor-whmcs-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "void-elementor-whmcs-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vospari-forms-c401610c8e651db75595790ef198f851.yaml b/nuclei-templates/cve-less/plugins/vospari-forms-c401610c8e651db75595790ef198f851.yaml new file mode 100644 index 0000000000..3ebc09cc44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vospari-forms-c401610c8e651db75595790ef198f851.yaml @@ -0,0 +1,58 @@ +id: vospari-forms-c401610c8e651db75595790ef198f851 + +info: + name: > + Vospari Forms < 1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bb4a3f3-495d-4ece-9436-9c317688982c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vospari-forms/" + google-query: inurl:"/wp-content/plugins/vospari-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vospari-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vospari-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vospari-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/votecount-for-balatarin-77ab2c9cedf221b773b22cab621c11cd.yaml b/nuclei-templates/cve-less/plugins/votecount-for-balatarin-77ab2c9cedf221b773b22cab621c11cd.yaml new file mode 100644 index 0000000000..d5cc9e9a36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/votecount-for-balatarin-77ab2c9cedf221b773b22cab621c11cd.yaml @@ -0,0 +1,58 @@ +id: votecount-for-balatarin-77ab2c9cedf221b773b22cab621c11cd + +info: + name: > + Votecount For Balatarin <= 0.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/507464cf-43a3-49bd-b8d8-9bc8030670e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/votecount-for-balatarin/" + google-query: inurl:"/wp-content/plugins/votecount-for-balatarin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,votecount-for-balatarin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/votecount-for-balatarin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "votecount-for-balatarin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/voting-record-ad8900917be83354859c30baad4cca67.yaml b/nuclei-templates/cve-less/plugins/voting-record-ad8900917be83354859c30baad4cca67.yaml new file mode 100644 index 0000000000..6dd17beae1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/voting-record-ad8900917be83354859c30baad4cca67.yaml @@ -0,0 +1,58 @@ +id: voting-record-ad8900917be83354859c30baad4cca67 + +info: + name: > + Voting Record <= 2.0 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f93aa003-5b8b-4836-af65-80df2f9fbdb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/voting-record/" + google-query: inurl:"/wp-content/plugins/voting-record/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,voting-record,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/voting-record/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "voting-record" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/voting-record-d7a48a2145831cedc1837e88079bf034.yaml b/nuclei-templates/cve-less/plugins/voting-record-d7a48a2145831cedc1837e88079bf034.yaml new file mode 100644 index 0000000000..948fc395f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/voting-record-d7a48a2145831cedc1837e88079bf034.yaml @@ -0,0 +1,58 @@ +id: voting-record-d7a48a2145831cedc1837e88079bf034 + +info: + name: > + Voting Record <= 2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/286c3e26-07a8-4fca-9fdc-98e62ae88b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/voting-record/" + google-query: inurl:"/wp-content/plugins/voting-record/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,voting-record,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/voting-record/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "voting-record" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vr-calendar-sync-616950a87be3ab946c404a2c6a2e1022.yaml b/nuclei-templates/cve-less/plugins/vr-calendar-sync-616950a87be3ab946c404a2c6a2e1022.yaml new file mode 100644 index 0000000000..6fe3c1e0a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vr-calendar-sync-616950a87be3ab946c404a2c6a2e1022.yaml @@ -0,0 +1,58 @@ +id: vr-calendar-sync-616950a87be3ab946c404a2c6a2e1022 + +info: + name: > + VR Calendar <= 2.3.1 - Unauthenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf2a57fa-28f8-4fd0-814b-a4c9ae77817a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vr-calendar-sync/" + google-query: inurl:"/wp-content/plugins/vr-calendar-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vr-calendar-sync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vr-calendar-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vr-calendar-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vr-calendar-sync-a514896a8210fef61861b6a5fb93d0c5.yaml b/nuclei-templates/cve-less/plugins/vr-calendar-sync-a514896a8210fef61861b6a5fb93d0c5.yaml new file mode 100644 index 0000000000..b7b5c963a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vr-calendar-sync-a514896a8210fef61861b6a5fb93d0c5.yaml @@ -0,0 +1,58 @@ +id: vr-calendar-sync-a514896a8210fef61861b6a5fb93d0c5 + +info: + name: > + VR Calendar <= 2.3.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a868226f-4ca1-4ec1-b55e-3029e3ed2d5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vr-calendar-sync/" + google-query: inurl:"/wp-content/plugins/vr-calendar-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vr-calendar-sync,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vr-calendar-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vr-calendar-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vrm360-739af30ba304d3e19c7edf50976bcb67.yaml b/nuclei-templates/cve-less/plugins/vrm360-739af30ba304d3e19c7edf50976bcb67.yaml new file mode 100644 index 0000000000..0143744f84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vrm360-739af30ba304d3e19c7edf50976bcb67.yaml @@ -0,0 +1,58 @@ +id: vrm360-739af30ba304d3e19c7edf50976bcb67 + +info: + name: > + Vrm 360 3D Model Viewer <= 1.2.1 - Authenticated (Contributor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92a543e2-1af1-4857-8e2f-c8658eac7fe0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vrm360/" + google-query: inurl:"/wp-content/plugins/vrm360/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vrm360,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vrm360/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vrm360" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vrm360-902c45e06d6e22c072a9fbbf19901e92.yaml b/nuclei-templates/cve-less/plugins/vrm360-902c45e06d6e22c072a9fbbf19901e92.yaml new file mode 100644 index 0000000000..8aacc6864e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vrm360-902c45e06d6e22c072a9fbbf19901e92.yaml @@ -0,0 +1,58 @@ +id: vrm360-902c45e06d6e22c072a9fbbf19901e92 + +info: + name: > + Vrm 360 3D Model Viewer <= 1.2.1 - Authenticated(Subscriber+) Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c71183f-45e7-44de-a957-614ce417db90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vrm360/" + google-query: inurl:"/wp-content/plugins/vrm360/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vrm360,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vrm360/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vrm360" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vslider-c05c9af186400589f780a92d671602c2.yaml b/nuclei-templates/cve-less/plugins/vslider-c05c9af186400589f780a92d671602c2.yaml new file mode 100644 index 0000000000..eca23d6d4e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vslider-c05c9af186400589f780a92d671602c2.yaml @@ -0,0 +1,58 @@ +id: vslider-c05c9af186400589f780a92d671602c2 + +info: + name: > + vSlider Multi Image Slider <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72a2449c-4292-45e6-bfe8-106f8043fcad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vslider/" + google-query: inurl:"/wp-content/plugins/vslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/vslider-f6de196088ccb0c72ee71de4440a1879.yaml b/nuclei-templates/cve-less/plugins/vslider-f6de196088ccb0c72ee71de4440a1879.yaml new file mode 100644 index 0000000000..969cfc43cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/vslider-f6de196088ccb0c72ee71de4440a1879.yaml @@ -0,0 +1,58 @@ +id: vslider-f6de196088ccb0c72ee71de4440a1879 + +info: + name: > + vSlider Multi Image Slider <= 4.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14376064-13c4-4874-afea-395af2a1933d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/vslider/" + google-query: inurl:"/wp-content/plugins/vslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,vslider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/vslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w-dalil-a9e063bb904bfdeb89be1c3d634b4901.yaml b/nuclei-templates/cve-less/plugins/w-dalil-a9e063bb904bfdeb89be1c3d634b4901.yaml new file mode 100644 index 0000000000..b779178d19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w-dalil-a9e063bb904bfdeb89be1c3d634b4901.yaml @@ -0,0 +1,58 @@ +id: w-dalil-a9e063bb904bfdeb89be1c3d634b4901 + +info: + name: > + W-DALIL <= 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c6f4890-8bc9-4ead-8d69-478fa51c2176?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w-dalil/" + google-query: inurl:"/wp-content/plugins/w-dalil/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w-dalil,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w-dalil/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w-dalil" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-237d90f247ac40e7588399f654c2f945.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-237d90f247ac40e7588399f654c2f945.yaml new file mode 100644 index 0000000000..ac7e943504 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3-total-cache-237d90f247ac40e7588399f654c2f945.yaml @@ -0,0 +1,58 @@ +id: w3-total-cache-237d90f247ac40e7588399f654c2f945 + +info: + name: > + W3 Total Cache <= 2.1.3 - Reflected Cross-Site Scripting via extension + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abbf1bb8-16db-48b6-b2ff-d828fcb7f7c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3-total-cache/" + google-query: inurl:"/wp-content/plugins/w3-total-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3-total-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3-total-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3-total-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-389652b9ed2920a4e8345ff324a62971.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-389652b9ed2920a4e8345ff324a62971.yaml new file mode 100644 index 0000000000..89829c3e5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3-total-cache-389652b9ed2920a4e8345ff324a62971.yaml @@ -0,0 +1,58 @@ +id: w3-total-cache-389652b9ed2920a4e8345ff324a62971 + +info: + name: > + W3 Total Cache <= 0.9.2.8 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f9a6fc2-0375-480e-8c42-c6b97613bf68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3-total-cache/" + google-query: inurl:"/wp-content/plugins/w3-total-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3-total-cache,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3-total-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3-total-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-3b7846f9454db2dd18a15d1689f18426.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-3b7846f9454db2dd18a15d1689f18426.yaml new file mode 100644 index 0000000000..b76c774019 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3-total-cache-3b7846f9454db2dd18a15d1689f18426.yaml @@ -0,0 +1,58 @@ +id: w3-total-cache-3b7846f9454db2dd18a15d1689f18426 + +info: + name: > + W3 Total Cache <= 2.1.4 - Reflected Cross-Site Scripting via extension + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4d421df-310b-4a83-b521-c0d00045df52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3-total-cache/" + google-query: inurl:"/wp-content/plugins/w3-total-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3-total-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3-total-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3-total-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.5', '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-4ca0a5e4c5d3b1a483a53f4021ede181.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-4ca0a5e4c5d3b1a483a53f4021ede181.yaml new file mode 100644 index 0000000000..ae8503cbac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3-total-cache-4ca0a5e4c5d3b1a483a53f4021ede181.yaml @@ -0,0 +1,58 @@ +id: w3-total-cache-4ca0a5e4c5d3b1a483a53f4021ede181 + +info: + name: > + W3 Total Cache <= 0.9.2.4 - Insecure Cryptography to Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/836bac94-fd74-4ef9-a79b-4ea13de8f44f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3-total-cache/" + google-query: inurl:"/wp-content/plugins/w3-total-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3-total-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3-total-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3-total-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-61d22084a07ab6379ed5a9d407ab8f1e.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-61d22084a07ab6379ed5a9d407ab8f1e.yaml new file mode 100644 index 0000000000..10bb596543 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3-total-cache-61d22084a07ab6379ed5a9d407ab8f1e.yaml @@ -0,0 +1,58 @@ +id: w3-total-cache-61d22084a07ab6379ed5a9d407ab8f1e + +info: + name: > + W3 Total Cache <= 0.9.2.4 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/110f4ca6-3e59-4348-bb45-6e5fcfa81491?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3-total-cache/" + google-query: inurl:"/wp-content/plugins/w3-total-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3-total-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3-total-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3-total-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-656dd25ede0c1a0fb3db612c85cade65.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-656dd25ede0c1a0fb3db612c85cade65.yaml new file mode 100644 index 0000000000..b5764ae3e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3-total-cache-656dd25ede0c1a0fb3db612c85cade65.yaml @@ -0,0 +1,58 @@ +id: w3-total-cache-656dd25ede0c1a0fb3db612c85cade65 + +info: + name: > + W3 Total Cache <= 0.9.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71114965-c8e3-4f2f-b308-f75adc7f2d31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3-total-cache/" + google-query: inurl:"/wp-content/plugins/w3-total-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3-total-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3-total-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3-total-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-6cc6a3d6d739a61d420343f25551dbad.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-6cc6a3d6d739a61d420343f25551dbad.yaml new file mode 100644 index 0000000000..d8c3d4b864 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3-total-cache-6cc6a3d6d739a61d420343f25551dbad.yaml @@ -0,0 +1,58 @@ +id: w3-total-cache-6cc6a3d6d739a61d420343f25551dbad + +info: + name: > + W3 Total Cache <= 2.1.2 Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d9cf724-9ae7-4414-88d1-10640491df34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3-total-cache/" + google-query: inurl:"/wp-content/plugins/w3-total-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3-total-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3-total-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3-total-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-8437380ee000b7b821ec06d0f6614d78.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-8437380ee000b7b821ec06d0f6614d78.yaml new file mode 100644 index 0000000000..11c1037638 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3-total-cache-8437380ee000b7b821ec06d0f6614d78.yaml @@ -0,0 +1,58 @@ +id: w3-total-cache-8437380ee000b7b821ec06d0f6614d78 + +info: + name: > + W3 Total Cache <= 0.9.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a910fd44-4de1-41e8-8da2-d72a2f835797?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3-total-cache/" + google-query: inurl:"/wp-content/plugins/w3-total-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3-total-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3-total-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3-total-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-ba551800e95fe2ce106bcd3e144638e2.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-ba551800e95fe2ce106bcd3e144638e2.yaml new file mode 100644 index 0000000000..07e411e2ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3-total-cache-ba551800e95fe2ce106bcd3e144638e2.yaml @@ -0,0 +1,58 @@ +id: w3-total-cache-ba551800e95fe2ce106bcd3e144638e2 + +info: + name: > + W3 Total Cache <= 0.9.2.4 - Password Hash Extraction + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00599865-9091-46e1-b2a9-78cbd10f6f22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3-total-cache/" + google-query: inurl:"/wp-content/plugins/w3-total-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3-total-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3-total-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3-total-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-d85a4206680fff0382032f3de61ef4b1.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-d85a4206680fff0382032f3de61ef4b1.yaml new file mode 100644 index 0000000000..01e224906c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3-total-cache-d85a4206680fff0382032f3de61ef4b1.yaml @@ -0,0 +1,58 @@ +id: w3-total-cache-d85a4206680fff0382032f3de61ef4b1 + +info: + name: > + Guzzle <= 6.5.7 and 7.0-7.4.4 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2a4b5bb-d3c9-42e0-8714-ae75069c7c3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3-total-cache/" + google-query: inurl:"/wp-content/plugins/w3-total-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3-total-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3-total-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3-total-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3-total-cache-e3b3066110fe8b51abc2330a4086e518.yaml b/nuclei-templates/cve-less/plugins/w3-total-cache-e3b3066110fe8b51abc2330a4086e518.yaml new file mode 100644 index 0000000000..84ca9e2564 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3-total-cache-e3b3066110fe8b51abc2330a4086e518.yaml @@ -0,0 +1,58 @@ +id: w3-total-cache-e3b3066110fe8b51abc2330a4086e518 + +info: + name: > + W3 Total Cache 0.9.2.6-0.9.3 - File Read / Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b34dd60-359c-44a0-9e47-dc8c4e66b50e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3-total-cache/" + google-query: inurl:"/wp-content/plugins/w3-total-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3-total-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3-total-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3-total-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 0.9.2.6', '<= 0.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3s-cf7-zoho-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/w3s-cf7-zoho-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..6d376f6e12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3s-cf7-zoho-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: w3s-cf7-zoho-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3s-cf7-zoho/" + google-query: inurl:"/wp-content/plugins/w3s-cf7-zoho/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3s-cf7-zoho,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3s-cf7-zoho/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3s-cf7-zoho" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w3speedster-wp-a31d8c67055bd157a9c5d5f833b91a5a.yaml b/nuclei-templates/cve-less/plugins/w3speedster-wp-a31d8c67055bd157a9c5d5f833b91a5a.yaml new file mode 100644 index 0000000000..7f52afe2db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w3speedster-wp-a31d8c67055bd157a9c5d5f833b91a5a.yaml @@ -0,0 +1,58 @@ +id: w3speedster-wp-a31d8c67055bd157a9c5d5f833b91a5a + +info: + name: > + W3SPEEDSTER <= 7.19 - Cross-Site Request Forgery via launch + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e358355e-097c-4a6d-a21a-3d08098efff0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w3speedster-wp/" + google-query: inurl:"/wp-content/plugins/w3speedster-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w3speedster-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w3speedster-wp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w3speedster-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w4-post-list-081112230905e11fac17a07fd3185d02.yaml b/nuclei-templates/cve-less/plugins/w4-post-list-081112230905e11fac17a07fd3185d02.yaml new file mode 100644 index 0000000000..6af5d3ba8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w4-post-list-081112230905e11fac17a07fd3185d02.yaml @@ -0,0 +1,58 @@ +id: w4-post-list-081112230905e11fac17a07fd3185d02 + +info: + name: > + W4 Post List <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Options + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64ed8547-0dc1-4f0a-8b0b-27ce20b8bbd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w4-post-list/" + google-query: inurl:"/wp-content/plugins/w4-post-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w4-post-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w4-post-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w4-post-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w4-post-list-9ce8bccb779cbb91638a31953a621086.yaml b/nuclei-templates/cve-less/plugins/w4-post-list-9ce8bccb779cbb91638a31953a621086.yaml new file mode 100644 index 0000000000..861a1db21b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w4-post-list-9ce8bccb779cbb91638a31953a621086.yaml @@ -0,0 +1,58 @@ +id: w4-post-list-9ce8bccb779cbb91638a31953a621086 + +info: + name: > + W4 Post List <= 2.4.5 - Information Disclosure via post_excerpt + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ac7408d-8ec7-415b-bf52-024182888cb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w4-post-list/" + google-query: inurl:"/wp-content/plugins/w4-post-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w4-post-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w4-post-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w4-post-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w4-post-list-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/w4-post-list-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..175d7663bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w4-post-list-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: w4-post-list-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w4-post-list/" + google-query: inurl:"/wp-content/plugins/w4-post-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w4-post-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w4-post-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w4-post-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w4-post-list-bfcfe2a24b673f9c7c3adba8fe6586b3.yaml b/nuclei-templates/cve-less/plugins/w4-post-list-bfcfe2a24b673f9c7c3adba8fe6586b3.yaml new file mode 100644 index 0000000000..b58564abd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w4-post-list-bfcfe2a24b673f9c7c3adba8fe6586b3.yaml @@ -0,0 +1,58 @@ +id: w4-post-list-bfcfe2a24b673f9c7c3adba8fe6586b3 + +info: + name: > + W4 Post List <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'w4pl[no_items_text]' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/feb9af10-7df2-4eb1-8546-debaa925df42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w4-post-list/" + google-query: inurl:"/wp-content/plugins/w4-post-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w4-post-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w4-post-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w4-post-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/w4-post-list-d895c4410550575e217cad2419400870.yaml b/nuclei-templates/cve-less/plugins/w4-post-list-d895c4410550575e217cad2419400870.yaml new file mode 100644 index 0000000000..754b718312 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/w4-post-list-d895c4410550575e217cad2419400870.yaml @@ -0,0 +1,58 @@ +id: w4-post-list-d895c4410550575e217cad2419400870 + +info: + name: > + W4 Post List <= 2.4.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d6a7230-07c7-43f3-a844-77d2bb19545d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/w4-post-list/" + google-query: inurl:"/wp-content/plugins/w4-post-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,w4-post-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/w4-post-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "w4-post-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wa-sticky-button-bbd0071d59903fe2f31999b2357a095e.yaml b/nuclei-templates/cve-less/plugins/wa-sticky-button-bbd0071d59903fe2f31999b2357a095e.yaml new file mode 100644 index 0000000000..4a4aa21233 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wa-sticky-button-bbd0071d59903fe2f31999b2357a095e.yaml @@ -0,0 +1,58 @@ +id: wa-sticky-button-bbd0071d59903fe2f31999b2357a095e + +info: + name: > + WP Sticky Button <= 1.4 - Missing Authorization to Arbitrary Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a39e9b54-6beb-4dbd-a4cf-ba05e73a58a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wa-sticky-button/" + google-query: inurl:"/wp-content/plugins/wa-sticky-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wa-sticky-button,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wa-sticky-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wa-sticky-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/waiting-1209e60c33aa42384c4d16b88f0a5ed8.yaml b/nuclei-templates/cve-less/plugins/waiting-1209e60c33aa42384c4d16b88f0a5ed8.yaml new file mode 100644 index 0000000000..b033518103 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/waiting-1209e60c33aa42384c4d16b88f0a5ed8.yaml @@ -0,0 +1,58 @@ +id: waiting-1209e60c33aa42384c4d16b88f0a5ed8 + +info: + name: > + Waiting: One-click countdowns <= 0.6.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/293070c8-783f-404d-9250-392713703ce4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/waiting/" + google-query: inurl:"/wp-content/plugins/waiting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,waiting,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/waiting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "waiting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/waiting-2724145ee24f5785e7f7e4619d00fbc8.yaml b/nuclei-templates/cve-less/plugins/waiting-2724145ee24f5785e7f7e4619d00fbc8.yaml new file mode 100644 index 0000000000..09d32cc03c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/waiting-2724145ee24f5785e7f7e4619d00fbc8.yaml @@ -0,0 +1,58 @@ +id: waiting-2724145ee24f5785e7f7e4619d00fbc8 + +info: + name: > + Waiting: One-click countdowns <= 0.6.2 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38cc5a39-6ec3-4ce9-b9ad-d4ca5dafe9a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/waiting/" + google-query: inurl:"/wp-content/plugins/waiting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,waiting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/waiting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "waiting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/waiting-8c1942cb96af03432bec152c3b3fb8a0.yaml b/nuclei-templates/cve-less/plugins/waiting-8c1942cb96af03432bec152c3b3fb8a0.yaml new file mode 100644 index 0000000000..9dfc1ef498 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/waiting-8c1942cb96af03432bec152c3b3fb8a0.yaml @@ -0,0 +1,58 @@ +id: waiting-8c1942cb96af03432bec152c3b3fb8a0 + +info: + name: > + Waiting: One-click countdowns <= 0.6.2 - Authenticated (Administrator+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ef5b0de-0b8b-4286-86ea-6dca0dbc1a52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/waiting/" + google-query: inurl:"/wp-content/plugins/waiting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,waiting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/waiting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "waiting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/waiting-e15e05d52edf8dfda475d35365b1fa33.yaml b/nuclei-templates/cve-less/plugins/waiting-e15e05d52edf8dfda475d35365b1fa33.yaml new file mode 100644 index 0000000000..10d7898467 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/waiting-e15e05d52edf8dfda475d35365b1fa33.yaml @@ -0,0 +1,58 @@ +id: waiting-e15e05d52edf8dfda475d35365b1fa33 + +info: + name: > + Waiting: One-click countdowns <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'pbc_down[meta][id]' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17d12a35-35a1-4f7b-aa03-33ddafe17f5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/waiting/" + google-query: inurl:"/wp-content/plugins/waiting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,waiting,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/waiting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "waiting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/waiting-f0771147e509df66bb2795f5abd8b650.yaml b/nuclei-templates/cve-less/plugins/waiting-f0771147e509df66bb2795f5abd8b650.yaml new file mode 100644 index 0000000000..08fc9a0f7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/waiting-f0771147e509df66bb2795f5abd8b650.yaml @@ -0,0 +1,58 @@ +id: waiting-f0771147e509df66bb2795f5abd8b650 + +info: + name: > + Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ffba592-6d0d-408f-89fa-079066750b0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/waiting/" + google-query: inurl:"/wp-content/plugins/waiting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,waiting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/waiting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "waiting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/waitlist-woocommerce-9c997af79b10bc0805f0be2e95bc48ad.yaml b/nuclei-templates/cve-less/plugins/waitlist-woocommerce-9c997af79b10bc0805f0be2e95bc48ad.yaml new file mode 100644 index 0000000000..4126d686af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/waitlist-woocommerce-9c997af79b10bc0805f0be2e95bc48ad.yaml @@ -0,0 +1,58 @@ +id: waitlist-woocommerce-9c997af79b10bc0805f0be2e95bc48ad + +info: + name: > + Waitlist Woocommerce ( Back in stock notifier ) <= 2.5.1 - Cross-Site Request Forgery to Arbitrary Options Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c056904-5b2d-4ca6-8dcf-8ab5c1a7645b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/waitlist-woocommerce/" + google-query: inurl:"/wp-content/plugins/waitlist-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,waitlist-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/waitlist-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "waitlist-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/walk-score-bde36549e6c813f81edb8dd7a9a04ef9.yaml b/nuclei-templates/cve-less/plugins/walk-score-bde36549e6c813f81edb8dd7a9a04ef9.yaml new file mode 100644 index 0000000000..9644b420b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/walk-score-bde36549e6c813f81edb8dd7a9a04ef9.yaml @@ -0,0 +1,58 @@ +id: walk-score-bde36549e6c813f81edb8dd7a9a04ef9 + +info: + name: > + Walk Score Plugin <= 0.5.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91d72089-6ad9-401b-ab7b-0996e28d3be9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/walk-score/" + google-query: inurl:"/wp-content/plugins/walk-score/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,walk-score,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/walk-score/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "walk-score" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wallet-system-for-woocommerce-7706ecb0938b8fb85c383697e07572be.yaml b/nuclei-templates/cve-less/plugins/wallet-system-for-woocommerce-7706ecb0938b8fb85c383697e07572be.yaml new file mode 100644 index 0000000000..c10dc10ee9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wallet-system-for-woocommerce-7706ecb0938b8fb85c383697e07572be.yaml @@ -0,0 +1,58 @@ +id: wallet-system-for-woocommerce-7706ecb0938b8fb85c383697e07572be + +info: + name: > + Wallet System for WooCommerce <= 2.5.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b81b06b4-559f-4b69-9fdd-e09e66525867?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wallet-system-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/wallet-system-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wallet-system-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wallet-system-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wallet-system-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wangguard-537a2dc42705104ff023fd51b5c2411d.yaml b/nuclei-templates/cve-less/plugins/wangguard-537a2dc42705104ff023fd51b5c2411d.yaml new file mode 100644 index 0000000000..69ac766d6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wangguard-537a2dc42705104ff023fd51b5c2411d.yaml @@ -0,0 +1,58 @@ +id: wangguard-537a2dc42705104ff023fd51b5c2411d + +info: + name: > + WangGuard < 1.8.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcd50211-447c-4097-9281-551a3caad1a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wangguard/" + google-query: inurl:"/wp-content/plugins/wangguard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wangguard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wangguard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wangguard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wappointment-169d659b2a655a618a75f90fea3adcb4.yaml b/nuclei-templates/cve-less/plugins/wappointment-169d659b2a655a618a75f90fea3adcb4.yaml new file mode 100644 index 0000000000..cbc774ba34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wappointment-169d659b2a655a618a75f90fea3adcb4.yaml @@ -0,0 +1,58 @@ +id: wappointment-169d659b2a655a618a75f90fea3adcb4 + +info: + name: > + Appointment Bookings for Zoom GoogleMeet and more – Wappointment <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf753fcf-9db0-4161-97e5-0f09c3452544?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wappointment/" + google-query: inurl:"/wp-content/plugins/wappointment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wappointment,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wappointment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wappointment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wapppress-builds-android-app-for-website-d09fc1530295f530d642bfbf2434f308.yaml b/nuclei-templates/cve-less/plugins/wapppress-builds-android-app-for-website-d09fc1530295f530d642bfbf2434f308.yaml new file mode 100644 index 0000000000..74fd04bcf8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wapppress-builds-android-app-for-website-d09fc1530295f530d642bfbf2434f308.yaml @@ -0,0 +1,58 @@ +id: wapppress-builds-android-app-for-website-d09fc1530295f530d642bfbf2434f308 + +info: + name: > + WappPress <= 5.0.3 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07eab536-6f20-45ec-9f9e-70ab35555db2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wapppress-builds-android-app-for-website/" + google-query: inurl:"/wp-content/plugins/wapppress-builds-android-app-for-website/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wapppress-builds-android-app-for-website,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wapppress-builds-android-app-for-website/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wapppress-builds-android-app-for-website" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wassup-0d76cdabd99991797881aa307b9b2932.yaml b/nuclei-templates/cve-less/plugins/wassup-0d76cdabd99991797881aa307b9b2932.yaml new file mode 100644 index 0000000000..207bc53ed6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wassup-0d76cdabd99991797881aa307b9b2932.yaml @@ -0,0 +1,58 @@ +id: wassup-0d76cdabd99991797881aa307b9b2932 + +info: + name: > + WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored Cross-Site Scripting via IP + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5318c2d-7b58-4830-bbc0-6d160968290f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wassup/" + google-query: inurl:"/wp-content/plugins/wassup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wassup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wassup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wassup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wassup-20a5a74760194c2a8f6292ec671e20a6.yaml b/nuclei-templates/cve-less/plugins/wassup-20a5a74760194c2a8f6292ec671e20a6.yaml new file mode 100644 index 0000000000..ea537b824e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wassup-20a5a74760194c2a8f6292ec671e20a6.yaml @@ -0,0 +1,58 @@ +id: wassup-20a5a74760194c2a8f6292ec671e20a6 + +info: + name: > + WassUp Real Time Analytics 1.4 - 1.4.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5205fcde-2e6c-49de-b132-1ebefcd1ba59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wassup/" + google-query: inurl:"/wp-content/plugins/wassup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wassup,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wassup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wassup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.4', '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wassup-4b2830a65cedd0c5dc26608a77f72c10.yaml b/nuclei-templates/cve-less/plugins/wassup-4b2830a65cedd0c5dc26608a77f72c10.yaml new file mode 100644 index 0000000000..dd3d3b0384 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wassup-4b2830a65cedd0c5dc26608a77f72c10.yaml @@ -0,0 +1,58 @@ +id: wassup-4b2830a65cedd0c5dc26608a77f72c10 + +info: + name: > + WassUp Real Time Analytics < 1.8.3.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f4a0b8d-0f3b-4ab1-929e-071b45781ca7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wassup/" + google-query: inurl:"/wp-content/plugins/wassup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wassup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wassup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wassup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wassup-c1bbee5af74211de37a39642515f7de2.yaml b/nuclei-templates/cve-less/plugins/wassup-c1bbee5af74211de37a39642515f7de2.yaml new file mode 100644 index 0000000000..f3c6565ee0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wassup-c1bbee5af74211de37a39642515f7de2.yaml @@ -0,0 +1,58 @@ +id: wassup-c1bbee5af74211de37a39642515f7de2 + +info: + name: > + WassUp Real Time Analytics < 1.9.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b72bf37-05c8-424e-98d1-39fe032368ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wassup/" + google-query: inurl:"/wp-content/plugins/wassup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wassup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wassup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wassup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watcheezy-798f3fd97aa989f25f329926174d2a78.yaml b/nuclei-templates/cve-less/plugins/watcheezy-798f3fd97aa989f25f329926174d2a78.yaml new file mode 100644 index 0000000000..02d14b5d32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watcheezy-798f3fd97aa989f25f329926174d2a78.yaml @@ -0,0 +1,58 @@ +id: watcheezy-798f3fd97aa989f25f329926174d2a78 + +info: + name: > + Watcheezy Live chat plugin for WordPress <= 2.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee1a3105-ebb2-44ce-bbbe-3ab95d69670a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watcheezy/" + google-query: inurl:"/wp-content/plugins/watcheezy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watcheezy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watcheezy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watcheezy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watchtowerhq-7f144a6800afc0e683d9d4b4e5524bee.yaml b/nuclei-templates/cve-less/plugins/watchtowerhq-7f144a6800afc0e683d9d4b4e5524bee.yaml new file mode 100644 index 0000000000..be3bcea76e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watchtowerhq-7f144a6800afc0e683d9d4b4e5524bee.yaml @@ -0,0 +1,58 @@ +id: watchtowerhq-7f144a6800afc0e683d9d4b4e5524bee + +info: + name: > + WatchTowerHQ <= 3.6.16 - Type Juggling to Authentication Bypass in check_ota + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/481c738e-d544-4587-8632-e85a7ddd8b14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watchtowerhq/" + google-query: inurl:"/wp-content/plugins/watchtowerhq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watchtowerhq,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watchtowerhq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watchtowerhq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watchtowerhq-b817d9941d4ed7ec0b863760a17d14b5.yaml b/nuclei-templates/cve-less/plugins/watchtowerhq-b817d9941d4ed7ec0b863760a17d14b5.yaml new file mode 100644 index 0000000000..1f9ead069d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watchtowerhq-b817d9941d4ed7ec0b863760a17d14b5.yaml @@ -0,0 +1,58 @@ +id: watchtowerhq-b817d9941d4ed7ec0b863760a17d14b5 + +info: + name: > + WatchTowerHQ <= 3.6.15 - Unauthenticated Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38526b0c-a5d9-4f54-bd6f-30ab34d266f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watchtowerhq/" + google-query: inurl:"/wp-content/plugins/watchtowerhq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watchtowerhq,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watchtowerhq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watchtowerhq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watchtowerhq-c416f9baa331de51ce04675f6be775e1.yaml b/nuclei-templates/cve-less/plugins/watchtowerhq-c416f9baa331de51ce04675f6be775e1.yaml new file mode 100644 index 0000000000..f3df5e3b99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watchtowerhq-c416f9baa331de51ce04675f6be775e1.yaml @@ -0,0 +1,58 @@ +id: watchtowerhq-c416f9baa331de51ce04675f6be775e1 + +info: + name: > + WatchTowerHQ <= 3.6.15 - Unauthenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04e2f1f3-95c9-4a90-8c76-7b405a3815f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watchtowerhq/" + google-query: inurl:"/wp-content/plugins/watchtowerhq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watchtowerhq,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watchtowerhq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watchtowerhq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watermark-reloaded-b5016fe0cbf526aff24bd66f2a8d0464.yaml b/nuclei-templates/cve-less/plugins/watermark-reloaded-b5016fe0cbf526aff24bd66f2a8d0464.yaml new file mode 100644 index 0000000000..5621f4432c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watermark-reloaded-b5016fe0cbf526aff24bd66f2a8d0464.yaml @@ -0,0 +1,58 @@ +id: watermark-reloaded-b5016fe0cbf526aff24bd66f2a8d0464 + +info: + name: > + Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/656300ce-6e94-4382-b0ed-9cecca5b917c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watermark-reloaded/" + google-query: inurl:"/wp-content/plugins/watermark-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watermark-reloaded,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watermark-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watermark-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wats-8cc533b05aae8f8735d3033cbbcc92b8.yaml b/nuclei-templates/cve-less/plugins/wats-8cc533b05aae8f8735d3033cbbcc92b8.yaml new file mode 100644 index 0000000000..f6b730468d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wats-8cc533b05aae8f8735d3033cbbcc92b8.yaml @@ -0,0 +1,58 @@ +id: wats-8cc533b05aae8f8735d3033cbbcc92b8 + +info: + name: > + WordPress Advanced Ticket System, Elite Support Helpdesk <= 1.0.63 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9ae8fa3-206c-496d-9902-c6468964b717?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wats/" + google-query: inurl:"/wp-content/plugins/wats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wats,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.64') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watu-10c1cecb5e025d7fe3193dda4559f4a3.yaml b/nuclei-templates/cve-less/plugins/watu-10c1cecb5e025d7fe3193dda4559f4a3.yaml new file mode 100644 index 0000000000..c3fca6daa2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watu-10c1cecb5e025d7fe3193dda4559f4a3.yaml @@ -0,0 +1,58 @@ +id: watu-10c1cecb5e025d7fe3193dda4559f4a3 + +info: + name: > + Watu Quiz <= 3.3.9.2 - Reflected Cross-Site Scripting via 'question' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d24dbdf-8fb0-41c3-8c35-e0d65c6b96f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watu/" + google-query: inurl:"/wp-content/plugins/watu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watu-22dc3c966bc99d033ff51a2a9e75f62c.yaml b/nuclei-templates/cve-less/plugins/watu-22dc3c966bc99d033ff51a2a9e75f62c.yaml new file mode 100644 index 0000000000..7d27138cb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watu-22dc3c966bc99d033ff51a2a9e75f62c.yaml @@ -0,0 +1,58 @@ +id: watu-22dc3c966bc99d033ff51a2a9e75f62c + +info: + name: > + Watu Quiz <= 3.3.8.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36ef164e-33cc-41b1-8e28-d2af89739f04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watu/" + google-query: inurl:"/wp-content/plugins/watu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watu-498902087f55cd027211cbff49f69fac.yaml b/nuclei-templates/cve-less/plugins/watu-498902087f55cd027211cbff49f69fac.yaml new file mode 100644 index 0000000000..2b1e99ea0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watu-498902087f55cd027211cbff49f69fac.yaml @@ -0,0 +1,58 @@ +id: watu-498902087f55cd027211cbff49f69fac + +info: + name: > + Watu Quiz <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c31732fa-eb35-4932-bee6-08955a14b010?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watu/" + google-query: inurl:"/wp-content/plugins/watu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watu-89a35a79088c1cac6da4471e1521db2a.yaml b/nuclei-templates/cve-less/plugins/watu-89a35a79088c1cac6da4471e1521db2a.yaml new file mode 100644 index 0000000000..c95fe8b253 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watu-89a35a79088c1cac6da4471e1521db2a.yaml @@ -0,0 +1,58 @@ +id: watu-89a35a79088c1cac6da4471e1521db2a + +info: + name: > + Watu Quiz <= 2.6.7 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34526c98-caf8-42d9-8782-7ea9b3a75e9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watu/" + google-query: inurl:"/wp-content/plugins/watu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watu-bc7de59ba516744b35b1924de01c50d6.yaml b/nuclei-templates/cve-less/plugins/watu-bc7de59ba516744b35b1924de01c50d6.yaml new file mode 100644 index 0000000000..b66c4e1a72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watu-bc7de59ba516744b35b1924de01c50d6.yaml @@ -0,0 +1,58 @@ +id: watu-bc7de59ba516744b35b1924de01c50d6 + +info: + name: > + Watu Quiz <= 3.3.8.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/965b5979-9bf6-4124-86c4-e246f8f17270?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watu/" + google-query: inurl:"/wp-content/plugins/watu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watu-c2cbb8ef0136e2fd003d5d3fa4115b69.yaml b/nuclei-templates/cve-less/plugins/watu-c2cbb8ef0136e2fd003d5d3fa4115b69.yaml new file mode 100644 index 0000000000..edf415eeb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watu-c2cbb8ef0136e2fd003d5d3fa4115b69.yaml @@ -0,0 +1,58 @@ +id: watu-c2cbb8ef0136e2fd003d5d3fa4115b69 + +info: + name: > + Watu Quiz <= 3.3.8 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81936c52-feb7-4f10-940d-cfce5963f400?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watu/" + google-query: inurl:"/wp-content/plugins/watu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watu-ce97e7aa4395e3d292936b1987fa10a3.yaml b/nuclei-templates/cve-less/plugins/watu-ce97e7aa4395e3d292936b1987fa10a3.yaml new file mode 100644 index 0000000000..35807bb8fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watu-ce97e7aa4395e3d292936b1987fa10a3.yaml @@ -0,0 +1,58 @@ +id: watu-ce97e7aa4395e3d292936b1987fa10a3 + +info: + name: > + Watu Quiz <= 3.3.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6341bdcc-c99f-40c3-81c4-ad90ff19f802?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watu/" + google-query: inurl:"/wp-content/plugins/watu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watu-dc2fc518b05ca80ce1806da39fabb982.yaml b/nuclei-templates/cve-less/plugins/watu-dc2fc518b05ca80ce1806da39fabb982.yaml new file mode 100644 index 0000000000..b265ee34ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watu-dc2fc518b05ca80ce1806da39fabb982.yaml @@ -0,0 +1,58 @@ +id: watu-dc2fc518b05ca80ce1806da39fabb982 + +info: + name: > + Watu Quiz <= 3.4.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acc261eb-fafa-4e9d-b7ab-a449f14a7638?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watu/" + google-query: inurl:"/wp-content/plugins/watu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watupro-cee24bd7bc9abfcb337ea3d0346213d6.yaml b/nuclei-templates/cve-less/plugins/watupro-cee24bd7bc9abfcb337ea3d0346213d6.yaml new file mode 100644 index 0000000000..abf9d8409f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watupro-cee24bd7bc9abfcb337ea3d0346213d6.yaml @@ -0,0 +1,58 @@ +id: watupro-cee24bd7bc9abfcb337ea3d0346213d6 + +info: + name: > + WatuPRO < 5.5.3.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6226ae5-3b75-4521-b060-004f291203c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watupro/" + google-query: inurl:"/wp-content/plugins/watupro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watupro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watupro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watupro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.5.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/watupro-e908001e4e531adbaea4081ce2990e50.yaml b/nuclei-templates/cve-less/plugins/watupro-e908001e4e531adbaea4081ce2990e50.yaml new file mode 100644 index 0000000000..4d778b0d30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/watupro-e908001e4e531adbaea4081ce2990e50.yaml @@ -0,0 +1,58 @@ +id: watupro-e908001e4e531adbaea4081ce2990e50 + +info: + name: > + WatuPRO < 4.9.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48f39d6c-621b-4c78-9459-68bb67a94f57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/watupro/" + google-query: inurl:"/wp-content/plugins/watupro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,watupro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/watupro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "watupro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.9.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-builder-898754090db0c7c53df1a53b0a6b37dc.yaml b/nuclei-templates/cve-less/plugins/wc-builder-898754090db0c7c53df1a53b0a6b37dc.yaml new file mode 100644 index 0000000000..262be68df9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-builder-898754090db0c7c53df1a53b0a6b37dc.yaml @@ -0,0 +1,58 @@ +id: wc-builder-898754090db0c7c53df1a53b0a6b37dc + +info: + name: > + WC Builder <= 1.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e984ff1-9dcf-4cd3-b617-1f9e25ecae0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-builder/" + google-query: inurl:"/wp-content/plugins/wc-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-captcha-59d95b9687e55d617dd1230a739e9c20.yaml b/nuclei-templates/cve-less/plugins/wc-captcha-59d95b9687e55d617dd1230a739e9c20.yaml new file mode 100644 index 0000000000..89644e202a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-captcha-59d95b9687e55d617dd1230a739e9c20.yaml @@ -0,0 +1,58 @@ +id: wc-captcha-59d95b9687e55d617dd1230a739e9c20 + +info: + name: > + WC Captcha <= 1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/400dde23-eafb-4ace-8b4a-ac88d0b200ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-captcha/" + google-query: inurl:"/wp-content/plugins/wc-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-captcha,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-category-showcase-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wc-category-showcase-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..238e38e88d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-category-showcase-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wc-category-showcase-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-category-showcase/" + google-query: inurl:"/wp-content/plugins/wc-category-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-category-showcase,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-category-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-category-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-ciudades-y-regiones-de-chile-dfcbb5ca7eda2dc1efe66c0932fc3702.yaml b/nuclei-templates/cve-less/plugins/wc-ciudades-y-regiones-de-chile-dfcbb5ca7eda2dc1efe66c0932fc3702.yaml new file mode 100644 index 0000000000..b3f0511a2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-ciudades-y-regiones-de-chile-dfcbb5ca7eda2dc1efe66c0932fc3702.yaml @@ -0,0 +1,58 @@ +id: wc-ciudades-y-regiones-de-chile-dfcbb5ca7eda2dc1efe66c0932fc3702 + +info: + name: > + MkRapel Regiones y Ciudades de Chile para WC <= 4.3.0 - Cross-Site Request Forgery via multiple functions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70bac5e0-8182-426c-94da-e6832af8c487?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-ciudades-y-regiones-de-chile/" + google-query: inurl:"/wp-content/plugins/wc-ciudades-y-regiones-de-chile/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-ciudades-y-regiones-de-chile,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-ciudades-y-regiones-de-chile/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-ciudades-y-regiones-de-chile" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-customer-source-324d03958cfaceefa9e17d53cf4690e2.yaml b/nuclei-templates/cve-less/plugins/wc-customer-source-324d03958cfaceefa9e17d53cf4690e2.yaml new file mode 100644 index 0000000000..510d4bbb67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-customer-source-324d03958cfaceefa9e17d53cf4690e2.yaml @@ -0,0 +1,58 @@ +id: wc-customer-source-324d03958cfaceefa9e17d53cf4690e2 + +info: + name: > + Where Did You Hear About Us Checkout Field for WooCommerce <= 1.3.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbee3720-6ab9-4470-b2d2-09824db8de4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-customer-source/" + google-query: inurl:"/wp-content/plugins/wc-customer-source/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-customer-source,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-customer-source/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-customer-source" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-dynamic-pricing-and-discounts-9febd7c017184f2da162cbcd9ca6acbf.yaml b/nuclei-templates/cve-less/plugins/wc-dynamic-pricing-and-discounts-9febd7c017184f2da162cbcd9ca6acbf.yaml new file mode 100644 index 0000000000..6bad1dc9a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-dynamic-pricing-and-discounts-9febd7c017184f2da162cbcd9ca6acbf.yaml @@ -0,0 +1,58 @@ +id: wc-dynamic-pricing-and-discounts-9febd7c017184f2da162cbcd9ca6acbf + +info: + name: > + WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Unauthenticated Settings Import/Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1e6685-44a7-452e-89ab-b9fffb65a12b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-dynamic-pricing-and-discounts/" + google-query: inurl:"/wp-content/plugins/wc-dynamic-pricing-and-discounts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-dynamic-pricing-and-discounts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-dynamic-pricing-and-discounts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-dynamic-pricing-and-discounts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-dynamic-pricing-and-discounts-e783401602a498d4131896498c1a16c5.yaml b/nuclei-templates/cve-less/plugins/wc-dynamic-pricing-and-discounts-e783401602a498d4131896498c1a16c5.yaml new file mode 100644 index 0000000000..7bedd907b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-dynamic-pricing-and-discounts-e783401602a498d4131896498c1a16c5.yaml @@ -0,0 +1,58 @@ +id: wc-dynamic-pricing-and-discounts-e783401602a498d4131896498c1a16c5 + +info: + name: > + WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcaa5d0e-b764-4566-bd46-2d41dc391c36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-dynamic-pricing-and-discounts/" + google-query: inurl:"/wp-content/plugins/wc-dynamic-pricing-and-discounts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-dynamic-pricing-and-discounts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-dynamic-pricing-and-discounts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-dynamic-pricing-and-discounts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-fields-factory-6351a80c46e754ccfc255c93464a7133.yaml b/nuclei-templates/cve-less/plugins/wc-fields-factory-6351a80c46e754ccfc255c93464a7133.yaml new file mode 100644 index 0000000000..c611aeb635 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-fields-factory-6351a80c46e754ccfc255c93464a7133.yaml @@ -0,0 +1,58 @@ +id: wc-fields-factory-6351a80c46e754ccfc255c93464a7133 + +info: + name: > + WC Fields Factory <= 4.1.5 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70ca7ad4-6848-4f87-ae2d-4b9c2ffa668e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-fields-factory/" + google-query: inurl:"/wp-content/plugins/wc-fields-factory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-fields-factory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-fields-factory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-fields-factory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-frontend-manager-0c52b9ced5fad811a9c32501960e026a.yaml b/nuclei-templates/cve-less/plugins/wc-frontend-manager-0c52b9ced5fad811a9c32501960e026a.yaml new file mode 100644 index 0000000000..54d8e2958d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-frontend-manager-0c52b9ced5fad811a9c32501960e026a.yaml @@ -0,0 +1,58 @@ +id: wc-frontend-manager-0c52b9ced5fad811a9c32501960e026a + +info: + name: > + WCFM Frontend Manager <= 6.6.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d946d4b5-bed7-4808-b133-783b2dcd7992?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-frontend-manager/" + google-query: inurl:"/wp-content/plugins/wc-frontend-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-frontend-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-frontend-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-frontend-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '6.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-frontend-manager-21c7f53627abc5f5c7e2ab4c4c0be8ef.yaml b/nuclei-templates/cve-less/plugins/wc-frontend-manager-21c7f53627abc5f5c7e2ab4c4c0be8ef.yaml new file mode 100644 index 0000000000..f5e11b2f70 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-frontend-manager-21c7f53627abc5f5c7e2ab4c4c0be8ef.yaml @@ -0,0 +1,58 @@ +id: wc-frontend-manager-21c7f53627abc5f5c7e2ab4c4c0be8ef + +info: + name: > + WCFM - Frontend Manager for WooCommerce <= 6.5.11 - Customer/Subscriber+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eb23014-7bc6-4505-85d7-91d29bb2d8fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-frontend-manager/" + google-query: inurl:"/wp-content/plugins/wc-frontend-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-frontend-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-frontend-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-frontend-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-frontend-manager-3e07b6da33478750c50e5b536bd946ad.yaml b/nuclei-templates/cve-less/plugins/wc-frontend-manager-3e07b6da33478750c50e5b536bd946ad.yaml new file mode 100644 index 0000000000..fe597e7390 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-frontend-manager-3e07b6da33478750c50e5b536bd946ad.yaml @@ -0,0 +1,58 @@ +id: wc-frontend-manager-3e07b6da33478750c50e5b536bd946ad + +info: + name: > + WCFM Frontend Manager <= 6.5.13 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/798b57ad-0922-435c-8b4d-8a96b388b314?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-frontend-manager/" + google-query: inurl:"/wp-content/plugins/wc-frontend-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-frontend-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-frontend-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-frontend-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-frontend-manager-678114ef3e2b187e51ff0be3e7f2cb83.yaml b/nuclei-templates/cve-less/plugins/wc-frontend-manager-678114ef3e2b187e51ff0be3e7f2cb83.yaml new file mode 100644 index 0000000000..7d1cd4b3e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-frontend-manager-678114ef3e2b187e51ff0be3e7f2cb83.yaml @@ -0,0 +1,58 @@ +id: wc-frontend-manager-678114ef3e2b187e51ff0be3e7f2cb83 + +info: + name: > + WCFM – Frontend Manager for WooCommerce <= 6.7.8 - Authenticated (Shop manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e30e4615-f9b6-4ff6-a227-82cace868f93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-frontend-manager/" + google-query: inurl:"/wp-content/plugins/wc-frontend-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-frontend-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-frontend-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-frontend-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-gsheetconnector-561949f2365cf48493988b7c3c181142.yaml b/nuclei-templates/cve-less/plugins/wc-gsheetconnector-561949f2365cf48493988b7c3c181142.yaml new file mode 100644 index 0000000000..433d9aa688 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-gsheetconnector-561949f2365cf48493988b7c3c181142.yaml @@ -0,0 +1,58 @@ +id: wc-gsheetconnector-561949f2365cf48493988b7c3c181142 + +info: + name: > + WooCommerce Google Sheet Connector <= 1.3.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e30e64e7-5de9-4eb3-914f-457daa6f3fe5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-gsheetconnector/" + google-query: inurl:"/wp-content/plugins/wc-gsheetconnector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-gsheetconnector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-gsheetconnector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-gsheetconnector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-gsheetconnector-792043f233fdfdf73c23cd58a8394e1e.yaml b/nuclei-templates/cve-less/plugins/wc-gsheetconnector-792043f233fdfdf73c23cd58a8394e1e.yaml new file mode 100644 index 0000000000..616773c30a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-gsheetconnector-792043f233fdfdf73c23cd58a8394e1e.yaml @@ -0,0 +1,58 @@ +id: wc-gsheetconnector-792043f233fdfdf73c23cd58a8394e1e + +info: + name: > + WooCommerce Google Sheet Connector <= 1.3.11 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-gsheetconnector/" + google-query: inurl:"/wp-content/plugins/wc-gsheetconnector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-gsheetconnector,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-gsheetconnector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-gsheetconnector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-multi-currency-4ff702381866f61703ebf71fe12af15e.yaml b/nuclei-templates/cve-less/plugins/wc-multi-currency-4ff702381866f61703ebf71fe12af15e.yaml new file mode 100644 index 0000000000..6ecfefc88a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-multi-currency-4ff702381866f61703ebf71fe12af15e.yaml @@ -0,0 +1,58 @@ +id: wc-multi-currency-4ff702381866f61703ebf71fe12af15e + +info: + name: > + Multi Currency For WooCommerce <= 1.5.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97bc3a8-ce82-47c2-9ff1-174b2656a296?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-multi-currency/" + google-query: inurl:"/wp-content/plugins/wc-multi-currency/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-multi-currency,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-multi-currency/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-multi-currency" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-multi-currency-cb35d75b82f07351d5d16e14c21403c2.yaml b/nuclei-templates/cve-less/plugins/wc-multi-currency-cb35d75b82f07351d5d16e14c21403c2.yaml new file mode 100644 index 0000000000..38d46f051e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-multi-currency-cb35d75b82f07351d5d16e14c21403c2.yaml @@ -0,0 +1,58 @@ +id: wc-multi-currency-cb35d75b82f07351d5d16e14c21403c2 + +info: + name: > + Multi Currency For WooCommerce <= 1.5.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a19d494-08d1-479a-8ba4-edeb2873866a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-multi-currency/" + google-query: inurl:"/wp-content/plugins/wc-multi-currency/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-multi-currency,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-multi-currency/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-multi-currency" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-multishipping-7255e5fa9e3ec3cf7fa69588c79329ad.yaml b/nuclei-templates/cve-less/plugins/wc-multishipping-7255e5fa9e3ec3cf7fa69588c79329ad.yaml new file mode 100644 index 0000000000..ff5abe8569 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-multishipping-7255e5fa9e3ec3cf7fa69588c79329ad.yaml @@ -0,0 +1,58 @@ +id: wc-multishipping-7255e5fa9e3ec3cf7fa69588c79329ad + +info: + name: > + WCMultiShipping <= 2.3.5 - Missing Authorization to Log Export + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b19657c-3e95-42cf-8d1a-64fa50b3b82b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-multishipping/" + google-query: inurl:"/wp-content/plugins/wc-multishipping/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-multishipping,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-multishipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-multishipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-09629550fe11748b689836fcea30749f.yaml b/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-09629550fe11748b689836fcea30749f.yaml new file mode 100644 index 0000000000..5b74339ddd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-09629550fe11748b689836fcea30749f.yaml @@ -0,0 +1,58 @@ +id: wc-multivendor-marketplace-09629550fe11748b689836fcea30749f + +info: + name: > + WCFM Marketplace <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f99e9f01-cc98-4af5-bb95-f56f6a550e96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-multivendor-marketplace/" + google-query: inurl:"/wp-content/plugins/wc-multivendor-marketplace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-multivendor-marketplace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-multivendor-marketplace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-multivendor-marketplace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-1478aed4c0e54759cab266ed6c352f80.yaml b/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-1478aed4c0e54759cab266ed6c352f80.yaml new file mode 100644 index 0000000000..d4a07a0bbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-1478aed4c0e54759cab266ed6c352f80.yaml @@ -0,0 +1,58 @@ +id: wc-multivendor-marketplace-1478aed4c0e54759cab266ed6c352f80 + +info: + name: > + WCFM Marketplace <= 3.4.11 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85730e9b-c5da-473c-a324-891c5c9f7ba3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-multivendor-marketplace/" + google-query: inurl:"/wp-content/plugins/wc-multivendor-marketplace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-multivendor-marketplace,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-multivendor-marketplace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-multivendor-marketplace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-5567b70c50ecdd16ecc424f15907fa4e.yaml b/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-5567b70c50ecdd16ecc424f15907fa4e.yaml new file mode 100644 index 0000000000..292780efd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-5567b70c50ecdd16ecc424f15907fa4e.yaml @@ -0,0 +1,58 @@ +id: wc-multivendor-marketplace-5567b70c50ecdd16ecc424f15907fa4e + +info: + name: > + WCFM - WooCommerce Multivendor Marketplace <= 3.4.11 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d6e9aea-6ccb-4c83-83bb-63c9c9f59005?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-multivendor-marketplace/" + google-query: inurl:"/wp-content/plugins/wc-multivendor-marketplace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-multivendor-marketplace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-multivendor-marketplace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-multivendor-marketplace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-f2b7f592ec3ba706f4f8d466824a06fa.yaml b/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-f2b7f592ec3ba706f4f8d466824a06fa.yaml new file mode 100644 index 0000000000..37c792cb77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-multivendor-marketplace-f2b7f592ec3ba706f4f8d466824a06fa.yaml @@ -0,0 +1,58 @@ +id: wc-multivendor-marketplace-f2b7f592ec3ba706f4f8d466824a06fa + +info: + name: > + WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c2cc9a3-cd20-4c9e-baa4-1aea69f84331?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-multivendor-marketplace/" + google-query: inurl:"/wp-content/plugins/wc-multivendor-marketplace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-multivendor-marketplace,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-multivendor-marketplace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-multivendor-marketplace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-multivendor-membership-30f699fd6cdbd468ddc76c3c8a6a1ad8.yaml b/nuclei-templates/cve-less/plugins/wc-multivendor-membership-30f699fd6cdbd468ddc76c3c8a6a1ad8.yaml new file mode 100644 index 0000000000..7db64f906b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-multivendor-membership-30f699fd6cdbd468ddc76c3c8a6a1ad8.yaml @@ -0,0 +1,58 @@ +id: wc-multivendor-membership-30f699fd6cdbd468ddc76c3c8a6a1ad8 + +info: + name: > + WCFM Membership <= 2.9.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3758db41-a3c5-436a-bb9a-5886f10d1519?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-multivendor-membership/" + google-query: inurl:"/wp-content/plugins/wc-multivendor-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-multivendor-membership,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-multivendor-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-multivendor-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-multivendor-membership-56e813efb82c352fb78dd0b9d790ba93.yaml b/nuclei-templates/cve-less/plugins/wc-multivendor-membership-56e813efb82c352fb78dd0b9d790ba93.yaml new file mode 100644 index 0000000000..7ff0c79c93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-multivendor-membership-56e813efb82c352fb78dd0b9d790ba93.yaml @@ -0,0 +1,58 @@ +id: wc-multivendor-membership-56e813efb82c352fb78dd0b9d790ba93 + +info: + name: > + WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0870de2d-bca5-4d57-a07f-877a416ce0d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-multivendor-membership/" + google-query: inurl:"/wp-content/plugins/wc-multivendor-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-multivendor-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-multivendor-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-multivendor-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-multivendor-membership-97518b1e79707fc1ebbeb0e1daae9dba.yaml b/nuclei-templates/cve-less/plugins/wc-multivendor-membership-97518b1e79707fc1ebbeb0e1daae9dba.yaml new file mode 100644 index 0000000000..144b7e2a54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-multivendor-membership-97518b1e79707fc1ebbeb0e1daae9dba.yaml @@ -0,0 +1,58 @@ +id: wc-multivendor-membership-97518b1e79707fc1ebbeb0e1daae9dba + +info: + name: > + WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42222c64-6492-4774-b5bc-8e62a1a328cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-multivendor-membership/" + google-query: inurl:"/wp-content/plugins/wc-multivendor-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-multivendor-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-multivendor-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-multivendor-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-multivendor-membership-a335f75177dafe5e24035ba2e131a198.yaml b/nuclei-templates/cve-less/plugins/wc-multivendor-membership-a335f75177dafe5e24035ba2e131a198.yaml new file mode 100644 index 0000000000..ae841fe0c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-multivendor-membership-a335f75177dafe5e24035ba2e131a198.yaml @@ -0,0 +1,58 @@ +id: wc-multivendor-membership-a335f75177dafe5e24035ba2e131a198 + +info: + name: > + WCFM Membership <= 2.10.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c6577a2-6722-4d3b-958d-1143dca414cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-multivendor-membership/" + google-query: inurl:"/wp-content/plugins/wc-multivendor-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-multivendor-membership,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-multivendor-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-multivendor-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-order-limit-lite-87d943234d9fd7c1b966ece253dc1110.yaml b/nuclei-templates/cve-less/plugins/wc-order-limit-lite-87d943234d9fd7c1b966ece253dc1110.yaml new file mode 100644 index 0000000000..68882893f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-order-limit-lite-87d943234d9fd7c1b966ece253dc1110.yaml @@ -0,0 +1,58 @@ +id: wc-order-limit-lite-87d943234d9fd7c1b966ece253dc1110 + +info: + name: > + Order Limit for WooCommerce <= 2.0.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1d32a1d-076e-4a93-a678-145d154edb3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-order-limit-lite/" + google-query: inurl:"/wp-content/plugins/wc-order-limit-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-order-limit-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-order-limit-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-order-limit-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-payment-gateway-per-category-dd705d1a34267a8e434a4d7783906fdf.yaml b/nuclei-templates/cve-less/plugins/wc-payment-gateway-per-category-dd705d1a34267a8e434a4d7783906fdf.yaml new file mode 100644 index 0000000000..481707027c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-payment-gateway-per-category-dd705d1a34267a8e434a4d7783906fdf.yaml @@ -0,0 +1,58 @@ +id: wc-payment-gateway-per-category-dd705d1a34267a8e434a4d7783906fdf + +info: + name: > + WooCommerce Payment Gateway Per Category <= 2.0.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39719351-3388-4175-89a0-8ce153a8bf44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-payment-gateway-per-category/" + google-query: inurl:"/wp-content/plugins/wc-payment-gateway-per-category/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-payment-gateway-per-category,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-payment-gateway-per-category/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-payment-gateway-per-category" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-peach-payments-gateway-bf0e4365c0a80682381fd05937032a09.yaml b/nuclei-templates/cve-less/plugins/wc-peach-payments-gateway-bf0e4365c0a80682381fd05937032a09.yaml new file mode 100644 index 0000000000..f98d23460e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-peach-payments-gateway-bf0e4365c0a80682381fd05937032a09.yaml @@ -0,0 +1,58 @@ +id: wc-peach-payments-gateway-bf0e4365c0a80682381fd05937032a09 + +info: + name: > + Peach Payments Gateway <= 3.1.9 - Missing Authorization via peach_core_version_rollback() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3152208e-e4f7-4f48-b6a1-05a656d9c826?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-peach-payments-gateway/" + google-query: inurl:"/wp-content/plugins/wc-peach-payments-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-peach-payments-gateway,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-peach-payments-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-peach-payments-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-product-table-lite-a4d40046e4eca99f143d32a308572489.yaml b/nuclei-templates/cve-less/plugins/wc-product-table-lite-a4d40046e4eca99f143d32a308572489.yaml new file mode 100644 index 0000000000..04e884df6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-product-table-lite-a4d40046e4eca99f143d32a308572489.yaml @@ -0,0 +1,58 @@ +id: wc-product-table-lite-a4d40046e4eca99f143d32a308572489 + +info: + name: > + WooCommerce Product Table Lite <= 2.6.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4528f805-bbf3-4a0f-a06f-879c6e607bfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-product-table-lite/" + google-query: inurl:"/wp-content/plugins/wc-product-table-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-product-table-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-product-table-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-product-table-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-quantity-plus-minus-button-43fc63136cea65380642c1d5a8771c07.yaml b/nuclei-templates/cve-less/plugins/wc-quantity-plus-minus-button-43fc63136cea65380642c1d5a8771c07.yaml new file mode 100644 index 0000000000..3d34f922ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-quantity-plus-minus-button-43fc63136cea65380642c1d5a8771c07.yaml @@ -0,0 +1,58 @@ +id: wc-quantity-plus-minus-button-43fc63136cea65380642c1d5a8771c07 + +info: + name: > + Quantity Plus Minus Button for WooCommerce by CodeAstrology <= 1.1.9 - Cross-Site Request Forgery via wqpmb_form_submit + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/658ff7da-6496-4cca-8b1c-76b794c20aad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-quantity-plus-minus-button/" + google-query: inurl:"/wp-content/plugins/wc-quantity-plus-minus-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-quantity-plus-minus-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-quantity-plus-minus-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-quantity-plus-minus-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-return-warrranty-50a3dde160b2a73e3a26cf26d3c385b6.yaml b/nuclei-templates/cve-less/plugins/wc-return-warrranty-50a3dde160b2a73e3a26cf26d3c385b6.yaml new file mode 100644 index 0000000000..0458f5d86a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-return-warrranty-50a3dde160b2a73e3a26cf26d3c385b6.yaml @@ -0,0 +1,58 @@ +id: wc-return-warrranty-50a3dde160b2a73e3a26cf26d3c385b6 + +info: + name: > + Return and Warranty Management System for WooCommerce <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa1e6527-d874-4003-b36b-5769c2950864?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-return-warrranty/" + google-query: inurl:"/wp-content/plugins/wc-return-warrranty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-return-warrranty,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-return-warrranty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-return-warrranty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-sales-notification-9a08cd964e2072002295aa2ccec0ac6e.yaml b/nuclei-templates/cve-less/plugins/wc-sales-notification-9a08cd964e2072002295aa2ccec0ac6e.yaml new file mode 100644 index 0000000000..cd4d71d569 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-sales-notification-9a08cd964e2072002295aa2ccec0ac6e.yaml @@ -0,0 +1,58 @@ +id: wc-sales-notification-9a08cd964e2072002295aa2ccec0ac6e + +info: + name: > + WC Sales Notification <= 1.2.2 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43fc71bb-87ba-4cf9-ae4d-1cba7bd84806?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-sales-notification/" + google-query: inurl:"/wp-content/plugins/wc-sales-notification/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-sales-notification,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-sales-notification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-sales-notification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-serial-numbers-a6e3e3fb130ca53fe59b00bde1e4c562.yaml b/nuclei-templates/cve-less/plugins/wc-serial-numbers-a6e3e3fb130ca53fe59b00bde1e4c562.yaml new file mode 100644 index 0000000000..7e5a011f90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-serial-numbers-a6e3e3fb130ca53fe59b00bde1e4c562.yaml @@ -0,0 +1,58 @@ +id: wc-serial-numbers-a6e3e3fb130ca53fe59b00bde1e4c562 + +info: + name: > + Serial Numbers for WooCommerce – License Manager <= 1.6.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8671b549-2cce-4f38-ad2d-a9472f7e8e7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-serial-numbers/" + google-query: inurl:"/wp-content/plugins/wc-serial-numbers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-serial-numbers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-serial-numbers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-serial-numbers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-shortcodes-603a30eceae4e23d58fec3225b0d2f29.yaml b/nuclei-templates/cve-less/plugins/wc-shortcodes-603a30eceae4e23d58fec3225b0d2f29.yaml new file mode 100644 index 0000000000..a3ee3d5354 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-shortcodes-603a30eceae4e23d58fec3225b0d2f29.yaml @@ -0,0 +1,58 @@ +id: wc-shortcodes-603a30eceae4e23d58fec3225b0d2f29 + +info: + name: > + Galleries by Angie Makes <= 1.67 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bb7920b-2999-4bd3-bfef-3b9971f845e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-shortcodes/" + google-query: inurl:"/wp-content/plugins/wc-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.67') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-shortcodes-d28bd5fd4f3450ea3f311605e6d65b1d.yaml b/nuclei-templates/cve-less/plugins/wc-shortcodes-d28bd5fd4f3450ea3f311605e6d65b1d.yaml new file mode 100644 index 0000000000..09212ebea2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-shortcodes-d28bd5fd4f3450ea3f311605e6d65b1d.yaml @@ -0,0 +1,58 @@ +id: wc-shortcodes-d28bd5fd4f3450ea3f311605e6d65b1d + +info: + name: > + Shortcodes by Angie Makes <= 3.46 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e20feb23-f78e-42e7-8922-e7cf37dbdcb1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-shortcodes/" + google-query: inurl:"/wp-content/plugins/wc-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-shortcodes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-support-system-1b283946c80a7878d62493f2e843e97b.yaml b/nuclei-templates/cve-less/plugins/wc-support-system-1b283946c80a7878d62493f2e843e97b.yaml new file mode 100644 index 0000000000..b40f55ea55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-support-system-1b283946c80a7878d62493f2e843e97b.yaml @@ -0,0 +1,58 @@ +id: wc-support-system-1b283946c80a7878d62493f2e843e97b + +info: + name: > + Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efab7ec7-7143-4556-8d68-4a7e34f46e9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-support-system/" + google-query: inurl:"/wp-content/plugins/wc-support-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-support-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-support-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-support-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-support-system-a215ad133aa4b98aa9f0101d4d17e0cc.yaml b/nuclei-templates/cve-less/plugins/wc-support-system-a215ad133aa4b98aa9f0101d4d17e0cc.yaml new file mode 100644 index 0000000000..5d905da35b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-support-system-a215ad133aa4b98aa9f0101d4d17e0cc.yaml @@ -0,0 +1,58 @@ +id: wc-support-system-a215ad133aa4b98aa9f0101d4d17e0cc + +info: + name: > + Woocommerce Support System <= 1.2.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8004a306-4c8f-40e9-accc-a12d65b5f2f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-support-system/" + google-query: inurl:"/wp-content/plugins/wc-support-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-support-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-support-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-support-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-vendors-07b010f0b7d81d013a7b9731f936031d.yaml b/nuclei-templates/cve-less/plugins/wc-vendors-07b010f0b7d81d013a7b9731f936031d.yaml new file mode 100644 index 0000000000..0b41ca1fae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-vendors-07b010f0b7d81d013a7b9731f936031d.yaml @@ -0,0 +1,58 @@ +id: wc-vendors-07b010f0b7d81d013a7b9731f936031d + +info: + name: > + WC Vendors Marketplace <= 2.4.7 - Authenticated (Shop manager+) SQL Injection via search dates + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64f879af-aa8f-4edf-8369-ca032603d529?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-vendors/" + google-query: inurl:"/wp-content/plugins/wc-vendors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-vendors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-vendors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-vendors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-vendors-e8bc31ae76ca92a9ee7834937815ba80.yaml b/nuclei-templates/cve-less/plugins/wc-vendors-e8bc31ae76ca92a9ee7834937815ba80.yaml new file mode 100644 index 0000000000..5a140e7fdf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-vendors-e8bc31ae76ca92a9ee7834937815ba80.yaml @@ -0,0 +1,58 @@ +id: wc-vendors-e8bc31ae76ca92a9ee7834937815ba80 + +info: + name: > + WC Vendors Marketplace <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Sites Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de805955-b7c7-455b-bc1a-69b8a14ba79d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-vendors/" + google-query: inurl:"/wp-content/plugins/wc-vendors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-vendors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-vendors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-vendors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-venipak-shipping-1f67e045b6e7fe7d437958d4ed1bb1b5.yaml b/nuclei-templates/cve-less/plugins/wc-venipak-shipping-1f67e045b6e7fe7d437958d4ed1bb1b5.yaml new file mode 100644 index 0000000000..0682efb18e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-venipak-shipping-1f67e045b6e7fe7d437958d4ed1bb1b5.yaml @@ -0,0 +1,58 @@ +id: wc-venipak-shipping-1f67e045b6e7fe7d437958d4ed1bb1b5 + +info: + name: > + Shipping with Venipak for WooCommerce <= 1.19.5 - Reflected Cross-Site Scripting via 'venipak_labels_link' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58e8befa-bc8d-4731-be2c-ccf613b39fdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-venipak-shipping/" + google-query: inurl:"/wp-content/plugins/wc-venipak-shipping/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-venipak-shipping,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-venipak-shipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-venipak-shipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.19.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc-zelle-7957be3fab19e29df56fc4f0499a1aaf.yaml b/nuclei-templates/cve-less/plugins/wc-zelle-7957be3fab19e29df56fc4f0499a1aaf.yaml new file mode 100644 index 0000000000..c4e7fe8337 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc-zelle-7957be3fab19e29df56fc4f0499a1aaf.yaml @@ -0,0 +1,58 @@ +id: wc-zelle-7957be3fab19e29df56fc4f0499a1aaf + +info: + name: > + Checkout with Zelle on Woocommerce <= 3.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ad5544a-6694-41e4-940f-fa96daf4b41d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc-zelle/" + google-query: inurl:"/wp-content/plugins/wc-zelle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc-zelle,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc-zelle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc-zelle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wc4bp-bf0f79649962d2d1514ad595e16e29b6.yaml b/nuclei-templates/cve-less/plugins/wc4bp-bf0f79649962d2d1514ad595e16e29b6.yaml new file mode 100644 index 0000000000..5ec5d35f5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wc4bp-bf0f79649962d2d1514ad595e16e29b6.yaml @@ -0,0 +1,58 @@ +id: wc4bp-bf0f79649962d2d1514ad595e16e29b6 + +info: + name: > + BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78da9e79-399e-43e3-ac27-a162861cae71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wc4bp/" + google-query: inurl:"/wp-content/plugins/wc4bp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wc4bp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wc4bp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wc4bp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wcfm-marketplace-rest-api-054a823a88fd659044cb1d5f3fc034a5.yaml b/nuclei-templates/cve-less/plugins/wcfm-marketplace-rest-api-054a823a88fd659044cb1d5f3fc034a5.yaml new file mode 100644 index 0000000000..c35fe06665 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wcfm-marketplace-rest-api-054a823a88fd659044cb1d5f3fc034a5.yaml @@ -0,0 +1,58 @@ +id: wcfm-marketplace-rest-api-054a823a88fd659044cb1d5f3fc034a5 + +info: + name: > + WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0520601-7e5c-412d-a8da-df1bf8ce28df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wcfm-marketplace-rest-api/" + google-query: inurl:"/wp-content/plugins/wcfm-marketplace-rest-api/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wcfm-marketplace-rest-api,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wcfm-marketplace-rest-api/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wcfm-marketplace-rest-api" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wck-custom-fields-and-custom-post-types-creator-1e89a13fba73865588209c9be692cd21.yaml b/nuclei-templates/cve-less/plugins/wck-custom-fields-and-custom-post-types-creator-1e89a13fba73865588209c9be692cd21.yaml new file mode 100644 index 0000000000..6b6c9fbb98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wck-custom-fields-and-custom-post-types-creator-1e89a13fba73865588209c9be692cd21.yaml @@ -0,0 +1,58 @@ +id: wck-custom-fields-and-custom-post-types-creator-1e89a13fba73865588209c9be692cd21 + +info: + name: > + Custom Post Types and Custom Fields creator <= 2.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/796e35bc-db5f-45e3-8f79-73b30add877f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wck-custom-fields-and-custom-post-types-creator/" + google-query: inurl:"/wp-content/plugins/wck-custom-fields-and-custom-post-types-creator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wck-custom-fields-and-custom-post-types-creator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wck-custom-fields-and-custom-post-types-creator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wck-custom-fields-and-custom-post-types-creator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wcp-contact-form-313015abf6a4029981fb303ae0c8c403.yaml b/nuclei-templates/cve-less/plugins/wcp-contact-form-313015abf6a4029981fb303ae0c8c403.yaml new file mode 100644 index 0000000000..a4e8f8c333 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wcp-contact-form-313015abf6a4029981fb303ae0c8c403.yaml @@ -0,0 +1,58 @@ +id: wcp-contact-form-313015abf6a4029981fb303ae0c8c403 + +info: + name: > + WCP Contact Form <= 3.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9844b47-427a-4f2f-9f42-00adcbcf133c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wcp-contact-form/" + google-query: inurl:"/wp-content/plugins/wcp-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wcp-contact-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wcp-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wcp-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wcp-contact-form-d5eec60f27d6879accd492bf02988af0.yaml b/nuclei-templates/cve-less/plugins/wcp-contact-form-d5eec60f27d6879accd492bf02988af0.yaml new file mode 100644 index 0000000000..10e8b45563 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wcp-contact-form-d5eec60f27d6879accd492bf02988af0.yaml @@ -0,0 +1,58 @@ +id: wcp-contact-form-d5eec60f27d6879accd492bf02988af0 + +info: + name: > + WCP Contact Form <= 3.1.0 - Missing Authorization via downloadCsv + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17a4bd5c-0cd3-46e4-b6ee-edf87f0e92ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wcp-contact-form/" + google-query: inurl:"/wp-content/plugins/wcp-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wcp-contact-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wcp-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wcp-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wcp-contact-form-dcababdc75851dd1c392ab090e66bbb5.yaml b/nuclei-templates/cve-less/plugins/wcp-contact-form-dcababdc75851dd1c392ab090e66bbb5.yaml new file mode 100644 index 0000000000..c174147f33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wcp-contact-form-dcababdc75851dd1c392ab090e66bbb5.yaml @@ -0,0 +1,58 @@ +id: wcp-contact-form-dcababdc75851dd1c392ab090e66bbb5 + +info: + name: > + WCP Contact Form <= 3.1.0 - Reflected Cross-Site Scripting via tab parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33fd4542-0a46-4779-be02-d713dcbc8f96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wcp-contact-form/" + google-query: inurl:"/wp-content/plugins/wcp-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wcp-contact-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wcp-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wcp-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wcp-openweather-16ac809b05b30c0b6fd94eeae5705ae7.yaml b/nuclei-templates/cve-less/plugins/wcp-openweather-16ac809b05b30c0b6fd94eeae5705ae7.yaml new file mode 100644 index 0000000000..9c0af89239 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wcp-openweather-16ac809b05b30c0b6fd94eeae5705ae7.yaml @@ -0,0 +1,58 @@ +id: wcp-openweather-16ac809b05b30c0b6fd94eeae5705ae7 + +info: + name: > + WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5b573e2-373f-41bc-8d9a-ea42e908ac4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wcp-openweather/" + google-query: inurl:"/wp-content/plugins/wcp-openweather/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wcp-openweather,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wcp-openweather/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wcp-openweather" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wcp-openweather-f67cd9a7d9946e522cc9799584d6f928.yaml b/nuclei-templates/cve-less/plugins/wcp-openweather-f67cd9a7d9946e522cc9799584d6f928.yaml new file mode 100644 index 0000000000..97f97818d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wcp-openweather-f67cd9a7d9946e522cc9799584d6f928.yaml @@ -0,0 +1,58 @@ +id: wcp-openweather-f67cd9a7d9946e522cc9799584d6f928 + +info: + name: > + WCP OpenWeather <= 2.5.0 - Reflected Cross-Site Scripting via 'tab' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab8cc5d1-8ea2-4590-90c4-6541f336b057?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wcp-openweather/" + google-query: inurl:"/wp-content/plugins/wcp-openweather/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wcp-openweather,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wcp-openweather/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wcp-openweather" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wd-facebook-feed-416f9daf88fd1151a6d830797c7cec0b.yaml b/nuclei-templates/cve-less/plugins/wd-facebook-feed-416f9daf88fd1151a6d830797c7cec0b.yaml new file mode 100644 index 0000000000..7ad80e0080 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wd-facebook-feed-416f9daf88fd1151a6d830797c7cec0b.yaml @@ -0,0 +1,58 @@ +id: wd-facebook-feed-416f9daf88fd1151a6d830797c7cec0b + +info: + name: > + 10Web Social Post Feed <= 1.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db959eaf-300c-4ecd-ac15-216a17ec5a50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wd-facebook-feed/" + google-query: inurl:"/wp-content/plugins/wd-facebook-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wd-facebook-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wd-facebook-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wd-facebook-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wd-google-analytics-68962a84ced90a9ac882bf37153f6810.yaml b/nuclei-templates/cve-less/plugins/wd-google-analytics-68962a84ced90a9ac882bf37153f6810.yaml new file mode 100644 index 0000000000..33fff262c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wd-google-analytics-68962a84ced90a9ac882bf37153f6810.yaml @@ -0,0 +1,58 @@ +id: wd-google-analytics-68962a84ced90a9ac882bf37153f6810 + +info: + name: > + 10WebAnalytics <= 1.2.12 - Missing Authorization via gawd_wd_bp_install_notice_status + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dd2a4cb-dd74-4b00-82f5-3bf1452e71a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wd-google-analytics/" + google-query: inurl:"/wp-content/plugins/wd-google-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wd-google-analytics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wd-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wd-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wd-google-analytics-bec851a00ad3a57c79ae718c7939bfce.yaml b/nuclei-templates/cve-less/plugins/wd-google-analytics-bec851a00ad3a57c79ae718c7939bfce.yaml new file mode 100644 index 0000000000..bcb3c97ab0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wd-google-analytics-bec851a00ad3a57c79ae718c7939bfce.yaml @@ -0,0 +1,58 @@ +id: wd-google-analytics-bec851a00ad3a57c79ae718c7939bfce + +info: + name: > + 10WebAnalytics <= 1.2.8 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db29f17d-1d2b-4f78-a78d-1579e2a5d975?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wd-google-analytics/" + google-query: inurl:"/wp-content/plugins/wd-google-analytics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wd-google-analytics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wd-google-analytics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wd-google-analytics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wd-google-maps-2dba3f9d9e05a82800f2a05f03266828.yaml b/nuclei-templates/cve-less/plugins/wd-google-maps-2dba3f9d9e05a82800f2a05f03266828.yaml new file mode 100644 index 0000000000..3b87da7a6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wd-google-maps-2dba3f9d9e05a82800f2a05f03266828.yaml @@ -0,0 +1,58 @@ +id: wd-google-maps-2dba3f9d9e05a82800f2a05f03266828 + +info: + name: > + 10Web Map Builder for Google Maps <= 1.0.74 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e20afee-9336-458e-ab5c-b320c6887b83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wd-google-maps/" + google-query: inurl:"/wp-content/plugins/wd-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wd-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wd-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wd-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.74') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wd-google-maps-49fe0ec6f2b7aab6fa4c17842c7d352a.yaml b/nuclei-templates/cve-less/plugins/wd-google-maps-49fe0ec6f2b7aab6fa4c17842c7d352a.yaml new file mode 100644 index 0000000000..8939c1fbff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wd-google-maps-49fe0ec6f2b7aab6fa4c17842c7d352a.yaml @@ -0,0 +1,58 @@ +id: wd-google-maps-49fe0ec6f2b7aab6fa4c17842c7d352a + +info: + name: > + 10Web Map Builder for Google Maps <= 1.0.72 - Unauthenticated SQL Injection via Multiple Parameters + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64e806df-4919-4a58-8f21-075f09668174?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wd-google-maps/" + google-query: inurl:"/wp-content/plugins/wd-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wd-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wd-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wd-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.72') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wd-google-maps-7e3117bf0f4e61f1c6678c5ed0029bc5.yaml b/nuclei-templates/cve-less/plugins/wd-google-maps-7e3117bf0f4e61f1c6678c5ed0029bc5.yaml new file mode 100644 index 0000000000..df7321cb75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wd-google-maps-7e3117bf0f4e61f1c6678c5ed0029bc5.yaml @@ -0,0 +1,58 @@ +id: wd-google-maps-7e3117bf0f4e61f1c6678c5ed0029bc5 + +info: + name: > + 10WebMapBuilder <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ace1a3-81e2-4887-be27-606b49f77357?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wd-google-maps/" + google-query: inurl:"/wp-content/plugins/wd-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wd-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wd-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wd-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.71') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wd-google-maps-beb09afd16c7dbf0c14aa5a401d0f673.yaml b/nuclei-templates/cve-less/plugins/wd-google-maps-beb09afd16c7dbf0c14aa5a401d0f673.yaml new file mode 100644 index 0000000000..78ae21b737 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wd-google-maps-beb09afd16c7dbf0c14aa5a401d0f673.yaml @@ -0,0 +1,58 @@ +id: wd-google-maps-beb09afd16c7dbf0c14aa5a401d0f673 + +info: + name: > + 10Web Map Builder for Google Maps <= 1.0.73 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63666c16-9f68-4a27-b163-4c25f0a7589e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wd-google-maps/" + google-query: inurl:"/wp-content/plugins/wd-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wd-google-maps,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wd-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wd-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.74') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wd-instagram-feed-12d0498f23c173f6e13e28a5406baf6c.yaml b/nuclei-templates/cve-less/plugins/wd-instagram-feed-12d0498f23c173f6e13e28a5406baf6c.yaml new file mode 100644 index 0000000000..a049a67742 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wd-instagram-feed-12d0498f23c173f6e13e28a5406baf6c.yaml @@ -0,0 +1,58 @@ +id: wd-instagram-feed-12d0498f23c173f6e13e28a5406baf6c + +info: + name: > + WD Instagram Feed <= 1.3.0 - Cross-site scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8daa685-d366-4b08-9f30-b14700fdee03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wd-instagram-feed/" + google-query: inurl:"/wp-content/plugins/wd-instagram-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wd-instagram-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wd-instagram-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wd-instagram-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wd-instagram-feed-6c265d4dd5a13df1986f278910f69c7d.yaml b/nuclei-templates/cve-less/plugins/wd-instagram-feed-6c265d4dd5a13df1986f278910f69c7d.yaml new file mode 100644 index 0000000000..da2b94c787 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wd-instagram-feed-6c265d4dd5a13df1986f278910f69c7d.yaml @@ -0,0 +1,58 @@ +id: wd-instagram-feed-6c265d4dd5a13df1986f278910f69c7d + +info: + name: > + 10Web Social Photo Feed <= 1.4.28 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5aa0006-435d-4874-8d71-659d5d72e702?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wd-instagram-feed/" + google-query: inurl:"/wp-content/plugins/wd-instagram-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wd-instagram-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wd-instagram-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wd-instagram-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wds-multisite-aggregate-ab7b45d23a9e44cbc1f94f5b43ecd585.yaml b/nuclei-templates/cve-less/plugins/wds-multisite-aggregate-ab7b45d23a9e44cbc1f94f5b43ecd585.yaml new file mode 100644 index 0000000000..0dd7ec68cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wds-multisite-aggregate-ab7b45d23a9e44cbc1f94f5b43ecd585.yaml @@ -0,0 +1,58 @@ +id: wds-multisite-aggregate-ab7b45d23a9e44cbc1f94f5b43ecd585 + +info: + name: > + WDS Multisite Aggregate <= 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dad12b10-2e04-4bc2-b5ad-c00cb287e456?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wds-multisite-aggregate/" + google-query: inurl:"/wp-content/plugins/wds-multisite-aggregate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wds-multisite-aggregate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wds-multisite-aggregate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wds-multisite-aggregate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weather-atlas-f48e8a5fbf1e696f1cc387a7e678c77c.yaml b/nuclei-templates/cve-less/plugins/weather-atlas-f48e8a5fbf1e696f1cc387a7e678c77c.yaml new file mode 100644 index 0000000000..980f5d52dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weather-atlas-f48e8a5fbf1e696f1cc387a7e678c77c.yaml @@ -0,0 +1,58 @@ +id: weather-atlas-f48e8a5fbf1e696f1cc387a7e678c77c + +info: + name: > + Weather Atlas Widget <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2324caa-f804-4f76-9d08-8951fbee4669?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weather-atlas/" + google-query: inurl:"/wp-content/plugins/weather-atlas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weather-atlas,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weather-atlas/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weather-atlas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weather-effect-f85537b61e94963bbc9d5c86e5b9998c.yaml b/nuclei-templates/cve-less/plugins/weather-effect-f85537b61e94963bbc9d5c86e5b9998c.yaml new file mode 100644 index 0000000000..333a6d47de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weather-effect-f85537b61e94963bbc9d5c86e5b9998c.yaml @@ -0,0 +1,58 @@ +id: weather-effect-f85537b61e94963bbc9d5c86e5b9998c + +info: + name: > + Weather Effect – Christmas Santa Snow Falling <= 1.3.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/041c4d44-28ee-49a4-8407-367ad2960cf6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weather-effect/" + google-query: inurl:"/wp-content/plugins/weather-effect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weather-effect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weather-effect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weather-effect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weather-effect-fa8d9c6fc1b3f748c9c03e858b8946b9.yaml b/nuclei-templates/cve-less/plugins/weather-effect-fa8d9c6fc1b3f748c9c03e858b8946b9.yaml new file mode 100644 index 0000000000..c6b680651a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weather-effect-fa8d9c6fc1b3f748c9c03e858b8946b9.yaml @@ -0,0 +1,58 @@ +id: weather-effect-fa8d9c6fc1b3f748c9c03e858b8946b9 + +info: + name: > + Weather Effect – Christmas Santa Snow Falling <= 1.3.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3ace116-69e1-44b1-a63f-693153ab4679?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weather-effect/" + google-query: inurl:"/wp-content/plugins/weather-effect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weather-effect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weather-effect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weather-effect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weaverx-theme-support-5614f511e973e614fd375402d8486642.yaml b/nuclei-templates/cve-less/plugins/weaverx-theme-support-5614f511e973e614fd375402d8486642.yaml new file mode 100644 index 0000000000..d4e0c0df60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weaverx-theme-support-5614f511e973e614fd375402d8486642.yaml @@ -0,0 +1,58 @@ +id: weaverx-theme-support-5614f511e973e614fd375402d8486642 + +info: + name: > + Weaver Xtreme Theme Support <= 6.3.0 - Authenticated (Administrator+) PHP Object Injection via Imported File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/572689c6-d7d6-46c3-9e96-b9185337e8ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weaverx-theme-support/" + google-query: inurl:"/wp-content/plugins/weaverx-theme-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weaverx-theme-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weaverx-theme-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weaverx-theme-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weaverx-theme-support-d8d38e7154b358bc9b031a2ad78ce806.yaml b/nuclei-templates/cve-less/plugins/weaverx-theme-support-d8d38e7154b358bc9b031a2ad78ce806.yaml new file mode 100644 index 0000000000..5dc062a59e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weaverx-theme-support-d8d38e7154b358bc9b031a2ad78ce806.yaml @@ -0,0 +1,58 @@ +id: weaverx-theme-support-d8d38e7154b358bc9b031a2ad78ce806 + +info: + name: > + Weaver Xtreme Theme Support <= 6.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7431ee0f-f485-48a4-9cdd-8fb2ac43e216?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weaverx-theme-support/" + google-query: inurl:"/wp-content/plugins/weaverx-theme-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weaverx-theme-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weaverx-theme-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weaverx-theme-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/web-application-firewall-504399029097a5e86b5ba9c9da19637b.yaml b/nuclei-templates/cve-less/plugins/web-application-firewall-504399029097a5e86b5ba9c9da19637b.yaml new file mode 100644 index 0000000000..875beb7918 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/web-application-firewall-504399029097a5e86b5ba9c9da19637b.yaml @@ -0,0 +1,58 @@ +id: web-application-firewall-504399029097a5e86b5ba9c9da19637b + +info: + name: > + Malware Scanner <= 4.7.2 and Web Application Firewall <= 2.1.1 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6347f588-a3fd-4909-ad57-9d78787b5728?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/web-application-firewall/" + google-query: inurl:"/wp-content/plugins/web-application-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,web-application-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web-application-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web-application-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/web-directory-free-263813b94544d66ca6de0f83221d4012.yaml b/nuclei-templates/cve-less/plugins/web-directory-free-263813b94544d66ca6de0f83221d4012.yaml new file mode 100644 index 0000000000..464d56662d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/web-directory-free-263813b94544d66ca6de0f83221d4012.yaml @@ -0,0 +1,58 @@ +id: web-directory-free-263813b94544d66ca6de0f83221d4012 + +info: + name: > + Web Directory Free <= 1.6.8 - Authenticated (Contributor+) SQL Injection via post_id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d831fa81-4714-4757-b75d-0a8f5edda910?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/web-directory-free/" + google-query: inurl:"/wp-content/plugins/web-directory-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,web-directory-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web-directory-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web-directory-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/web-invoice-1da82cb5548de3f68423707825b69043.yaml b/nuclei-templates/cve-less/plugins/web-invoice-1da82cb5548de3f68423707825b69043.yaml new file mode 100644 index 0000000000..d55ad04db8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/web-invoice-1da82cb5548de3f68423707825b69043.yaml @@ -0,0 +1,58 @@ +id: web-invoice-1da82cb5548de3f68423707825b69043 + +info: + name: > + Web Invoice <= 2.1.3 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/272515e3-18ae-4e7f-8503-722d7964b3c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/web-invoice/" + google-query: inurl:"/wp-content/plugins/web-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,web-invoice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/web-invoice-4d7353aae0306a1d0c2e5c68f3406ced.yaml b/nuclei-templates/cve-less/plugins/web-invoice-4d7353aae0306a1d0c2e5c68f3406ced.yaml new file mode 100644 index 0000000000..e800beb9be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/web-invoice-4d7353aae0306a1d0c2e5c68f3406ced.yaml @@ -0,0 +1,58 @@ +id: web-invoice-4d7353aae0306a1d0c2e5c68f3406ced + +info: + name: > + Web Invoice <= 2.1.3 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1add368-81d2-455f-a95a-c13566c58d39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/web-invoice/" + google-query: inurl:"/wp-content/plugins/web-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,web-invoice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/web-stat-6f7706168cb1bf8ff1d56088b3f10d22.yaml b/nuclei-templates/cve-less/plugins/web-stat-6f7706168cb1bf8ff1d56088b3f10d22.yaml new file mode 100644 index 0000000000..cd491ae0cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/web-stat-6f7706168cb1bf8ff1d56088b3f10d22.yaml @@ -0,0 +1,58 @@ +id: web-stat-6f7706168cb1bf8ff1d56088b3f10d22 + +info: + name: > + Web-Stat <= 1.4.0 - API Key Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83e396c3-e843-4337-bf90-894d9d7de2a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/web-stat/" + google-query: inurl:"/wp-content/plugins/web-stat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,web-stat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web-stat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web-stat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/web-stories-1c085614f4dda72120112eb265cf3956.yaml b/nuclei-templates/cve-less/plugins/web-stories-1c085614f4dda72120112eb265cf3956.yaml new file mode 100644 index 0000000000..e41eb2cdde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/web-stories-1c085614f4dda72120112eb265cf3956.yaml @@ -0,0 +1,58 @@ +id: web-stories-1c085614f4dda72120112eb265cf3956 + +info: + name: > + Web Stories for WordPress <= 1.31.0 - Insufficient Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63f2e02c-baa4-446c-bf1c-96ce099ad02e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/web-stories/" + google-query: inurl:"/wp-content/plugins/web-stories/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,web-stories,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web-stories/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web-stories" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.32.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/web-stories-6090167e88ca71d53352f4ae35082be0.yaml b/nuclei-templates/cve-less/plugins/web-stories-6090167e88ca71d53352f4ae35082be0.yaml new file mode 100644 index 0000000000..07b339108d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/web-stories-6090167e88ca71d53352f4ae35082be0.yaml @@ -0,0 +1,58 @@ +id: web-stories-6090167e88ca71d53352f4ae35082be0 + +info: + name: > + Web Stories <= 1.24.0 - Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7817a840-325a-4709-8374-84bb32d98d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/web-stories/" + google-query: inurl:"/wp-content/plugins/web-stories/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,web-stories,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web-stories/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web-stories" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.24.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/web3-authentication-a39c97187fc8c6885698e5dd59bde6ea.yaml b/nuclei-templates/cve-less/plugins/web3-authentication-a39c97187fc8c6885698e5dd59bde6ea.yaml new file mode 100644 index 0000000000..2d3ffa188f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/web3-authentication-a39c97187fc8c6885698e5dd59bde6ea.yaml @@ -0,0 +1,58 @@ +id: web3-authentication-a39c97187fc8c6885698e5dd59bde6ea + +info: + name: > + Web3 – Crypto wallet Login & NFT token gating <= 2.6.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e30b62de-7280-4c29-b882-dfa83e65966b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/web3-authentication/" + google-query: inurl:"/wp-content/plugins/web3-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,web3-authentication,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web3-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web3-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/web3-authentication-de99acad607297a91554bdcebfb71c6e.yaml b/nuclei-templates/cve-less/plugins/web3-authentication-de99acad607297a91554bdcebfb71c6e.yaml new file mode 100644 index 0000000000..dec9d285d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/web3-authentication-de99acad607297a91554bdcebfb71c6e.yaml @@ -0,0 +1,58 @@ +id: web3-authentication-de99acad607297a91554bdcebfb71c6e + +info: + name: > + Web3 <= 2.8.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/079d60c1-a15a-4d3e-b295-8c1e024b74ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/web3-authentication/" + google-query: inurl:"/wp-content/plugins/web3-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,web3-authentication,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/web3-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web3-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webapp-builder-f2c489e7cd964714f8d10d151c46e5bf.yaml b/nuclei-templates/cve-less/plugins/webapp-builder-f2c489e7cd964714f8d10d151c46e5bf.yaml new file mode 100644 index 0000000000..db8d6cd342 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webapp-builder-f2c489e7cd964714f8d10d151c46e5bf.yaml @@ -0,0 +1,58 @@ +id: webapp-builder-f2c489e7cd964714f8d10d151c46e5bf + +info: + name: > + Webapp builder 2.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb866476-14c0-4ade-90b0-670418b397fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webapp-builder/" + google-query: inurl:"/wp-content/plugins/webapp-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webapp-builder,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webapp-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webapp-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webappick-pdf-invoice-for-woocommerce-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/webappick-pdf-invoice-for-woocommerce-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..00e2f78890 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webappick-pdf-invoice-for-woocommerce-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: webappick-pdf-invoice-for-woocommerce-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webappick-pdf-invoice-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webappick-pdf-invoice-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webappick-pdf-invoice-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webappick-pdf-invoice-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webappick-product-feed-for-woocommerce-e28aab5b6692c380e9af77bda5d75a97.yaml b/nuclei-templates/cve-less/plugins/webappick-product-feed-for-woocommerce-e28aab5b6692c380e9af77bda5d75a97.yaml new file mode 100644 index 0000000000..0bef740aed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webappick-product-feed-for-woocommerce-e28aab5b6692c380e9af77bda5d75a97.yaml @@ -0,0 +1,58 @@ +id: webappick-product-feed-for-woocommerce-e28aab5b6692c380e9af77bda5d75a97 + +info: + name: > + WooCommerce Product Feed for Google, Facebook, eBay and Many More <= 3.1.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64aa45bd-7bf8-4fe9-85e7-ace226e09f34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webappick-product-feed-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/webappick-product-feed-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webappick-product-feed-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webappick-product-feed-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webappick-product-feed-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webarx-01553cdc4d088a5ffa18c2b6b9ad5640.yaml b/nuclei-templates/cve-less/plugins/webarx-01553cdc4d088a5ffa18c2b6b9ad5640.yaml new file mode 100644 index 0000000000..fd9f641601 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webarx-01553cdc4d088a5ffa18c2b6b9ad5640.yaml @@ -0,0 +1,58 @@ +id: webarx-01553cdc4d088a5ffa18c2b6b9ad5640 + +info: + name: > + WebARX <= 1.3.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8534891-2269-4afe-b83f-df512ca36456?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webarx/" + google-query: inurl:"/wp-content/plugins/webarx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webarx,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webarx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webarx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webarx-c1098b6c3ef986df5a9cd4bcd3f22c1d.yaml b/nuclei-templates/cve-less/plugins/webarx-c1098b6c3ef986df5a9cd4bcd3f22c1d.yaml new file mode 100644 index 0000000000..5066b7bb6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webarx-c1098b6c3ef986df5a9cd4bcd3f22c1d.yaml @@ -0,0 +1,58 @@ +id: webarx-c1098b6c3ef986df5a9cd4bcd3f22c1d + +info: + name: > + WebARX <= 1.3.0 - Firewall Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504fca80-7e81-412b-891f-2679451ff6e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webarx/" + google-query: inurl:"/wp-content/plugins/webarx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webarx,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webarx/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webarx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webba-booking-lite-2a09ce4f54ecaad8c53766c936fa0a77.yaml b/nuclei-templates/cve-less/plugins/webba-booking-lite-2a09ce4f54ecaad8c53766c936fa0a77.yaml new file mode 100644 index 0000000000..8fab704e0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webba-booking-lite-2a09ce4f54ecaad8c53766c936fa0a77.yaml @@ -0,0 +1,58 @@ +id: webba-booking-lite-2a09ce4f54ecaad8c53766c936fa0a77 + +info: + name: > + Webba Booking <= 4.5.33 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12a195a0-f992-462d-9b4e-69e8a2975635?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webba-booking-lite/" + google-query: inurl:"/wp-content/plugins/webba-booking-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webba-booking-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webba-booking-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webba-booking-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webba-booking-lite-852d49969bf0838b042595dfd6400dc8.yaml b/nuclei-templates/cve-less/plugins/webba-booking-lite-852d49969bf0838b042595dfd6400dc8.yaml new file mode 100644 index 0000000000..5d727e1282 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webba-booking-lite-852d49969bf0838b042595dfd6400dc8.yaml @@ -0,0 +1,58 @@ +id: webba-booking-lite-852d49969bf0838b042595dfd6400dc8 + +info: + name: > + Webba Booking <= 4.2.21 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f6c33f4-58e7-4a0b-8293-5cb951f63ffc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webba-booking-lite/" + google-query: inurl:"/wp-content/plugins/webba-booking-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webba-booking-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webba-booking-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webba-booking-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webcam-2way-videochat-0f5da3ff5cb74e14389716d803ec3198.yaml b/nuclei-templates/cve-less/plugins/webcam-2way-videochat-0f5da3ff5cb74e14389716d803ec3198.yaml new file mode 100644 index 0000000000..a788329f6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webcam-2way-videochat-0f5da3ff5cb74e14389716d803ec3198.yaml @@ -0,0 +1,58 @@ +id: webcam-2way-videochat-0f5da3ff5cb74e14389716d803ec3198 + +info: + name: > + 2Way VideoCalls and Random Chat – HTML5 Webcam Videochat <= 5.2.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26f8a133-c4a0-4c6c-a09e-47b81c65a731?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webcam-2way-videochat/" + google-query: inurl:"/wp-content/plugins/webcam-2way-videochat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webcam-2way-videochat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webcam-2way-videochat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webcam-2way-videochat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webengage-a81e63270dce3acdb86d52d988c823c1.yaml b/nuclei-templates/cve-less/plugins/webengage-a81e63270dce3acdb86d52d988c823c1.yaml new file mode 100644 index 0000000000..5bf72f9732 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webengage-a81e63270dce3acdb86d52d988c823c1.yaml @@ -0,0 +1,58 @@ +id: webengage-a81e63270dce3acdb86d52d988c823c1 + +info: + name: > + WebEngage Feedback, Survey and Notification < 2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f82845c-55db-491a-90c1-326884abb5d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webengage/" + google-query: inurl:"/wp-content/plugins/webengage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webengage,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webengage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webengage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webflow-pages-d242d8704b7ccc1eaddd7fe775c62763.yaml b/nuclei-templates/cve-less/plugins/webflow-pages-d242d8704b7ccc1eaddd7fe775c62763.yaml new file mode 100644 index 0000000000..10ecb08da5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webflow-pages-d242d8704b7ccc1eaddd7fe775c62763.yaml @@ -0,0 +1,58 @@ +id: webflow-pages-d242d8704b7ccc1eaddd7fe775c62763 + +info: + name: > + Webflow Pages <= 1.0.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a01141ed-9b9c-426f-96b3-c6ceade4d35c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webflow-pages/" + google-query: inurl:"/wp-content/plugins/webflow-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webflow-pages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webflow-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webflow-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webful-simple-grocery-shop-4107aeeea36af4cc92554c8214549a0c.yaml b/nuclei-templates/cve-less/plugins/webful-simple-grocery-shop-4107aeeea36af4cc92554c8214549a0c.yaml new file mode 100644 index 0000000000..f836de767d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webful-simple-grocery-shop-4107aeeea36af4cc92554c8214549a0c.yaml @@ -0,0 +1,58 @@ +id: webful-simple-grocery-shop-4107aeeea36af4cc92554c8214549a0c + +info: + name: > + WordPress Simple Shop <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/937e56cc-58dc-483c-8f17-ced3b1f7a481?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webful-simple-grocery-shop/" + google-query: inurl:"/wp-content/plugins/webful-simple-grocery-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webful-simple-grocery-shop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webful-simple-grocery-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webful-simple-grocery-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webhotelier-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/webhotelier-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..22c031f4e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webhotelier-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: webhotelier-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webhotelier/" + google-query: inurl:"/wp-content/plugins/webhotelier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webhotelier,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webhotelier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webhotelier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webinar-and-video-conference-with-jitsi-meet-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/webinar-and-video-conference-with-jitsi-meet-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..7200a6a8c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webinar-and-video-conference-with-jitsi-meet-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: webinar-and-video-conference-with-jitsi-meet-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webinar-and-video-conference-with-jitsi-meet/" + google-query: inurl:"/wp-content/plugins/webinar-and-video-conference-with-jitsi-meet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webinar-and-video-conference-with-jitsi-meet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webinar-and-video-conference-with-jitsi-meet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webinar-and-video-conference-with-jitsi-meet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webinar-and-video-conference-with-jitsi-meet-c115c2b38773f756d29db80a784da83d.yaml b/nuclei-templates/cve-less/plugins/webinar-and-video-conference-with-jitsi-meet-c115c2b38773f756d29db80a784da83d.yaml new file mode 100644 index 0000000000..9b4a6a181a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webinar-and-video-conference-with-jitsi-meet-c115c2b38773f756d29db80a784da83d.yaml @@ -0,0 +1,58 @@ +id: webinar-and-video-conference-with-jitsi-meet-c115c2b38773f756d29db80a784da83d + +info: + name: > + Webinar and Video Conference with Jitsi Meet <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f610d7ef-fb7c-4c3b-bde2-d7071331be70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webinar-and-video-conference-with-jitsi-meet/" + google-query: inurl:"/wp-content/plugins/webinar-and-video-conference-with-jitsi-meet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webinar-and-video-conference-with-jitsi-meet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webinar-and-video-conference-with-jitsi-meet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webinar-and-video-conference-with-jitsi-meet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webinar-ignition-24235010dc5f596c69c8fc2e49290c79.yaml b/nuclei-templates/cve-less/plugins/webinar-ignition-24235010dc5f596c69c8fc2e49290c79.yaml new file mode 100644 index 0000000000..4e6357fda7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webinar-ignition-24235010dc5f596c69c8fc2e49290c79.yaml @@ -0,0 +1,58 @@ +id: webinar-ignition-24235010dc5f596c69c8fc2e49290c79 + +info: + name: > + WebinarIgnition <= 3.05.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ea6044-bf7b-469d-89ec-a9b89ef5715e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webinar-ignition/" + google-query: inurl:"/wp-content/plugins/webinar-ignition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webinar-ignition,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webinar-ignition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webinar-ignition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.05.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webinar-ignition-248f6a7272fbf1cbf24050ac1a199f58.yaml b/nuclei-templates/cve-less/plugins/webinar-ignition-248f6a7272fbf1cbf24050ac1a199f58.yaml new file mode 100644 index 0000000000..c1fea0dc0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webinar-ignition-248f6a7272fbf1cbf24050ac1a199f58.yaml @@ -0,0 +1,58 @@ +id: webinar-ignition-248f6a7272fbf1cbf24050ac1a199f58 + +info: + name: > + WebinarIgnition <= 3.05.0 - Missing Authorization to Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24517dc6-4995-48ee-9b02-5c7c29d359f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webinar-ignition/" + google-query: inurl:"/wp-content/plugins/webinar-ignition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webinar-ignition,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webinar-ignition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webinar-ignition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.05.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webinar-ignition-5178d59b66e68e951d4f7950c9fe1897.yaml b/nuclei-templates/cve-less/plugins/webinar-ignition-5178d59b66e68e951d4f7950c9fe1897.yaml new file mode 100644 index 0000000000..d0b901623c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webinar-ignition-5178d59b66e68e951d4f7950c9fe1897.yaml @@ -0,0 +1,58 @@ +id: webinar-ignition-5178d59b66e68e951d4f7950c9fe1897 + +info: + name: > + WebinarIgnition <= 3.05.0 - Authenticated(Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4244d3-a611-416d-8159-2f6a8cf61b30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webinar-ignition/" + google-query: inurl:"/wp-content/plugins/webinar-ignition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webinar-ignition,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webinar-ignition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webinar-ignition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.05.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webinar-ignition-ce19f0865e2754bb33aa14bd9af59e12.yaml b/nuclei-templates/cve-less/plugins/webinar-ignition-ce19f0865e2754bb33aa14bd9af59e12.yaml new file mode 100644 index 0000000000..6fd5f758f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webinar-ignition-ce19f0865e2754bb33aa14bd9af59e12.yaml @@ -0,0 +1,58 @@ +id: webinar-ignition-ce19f0865e2754bb33aa14bd9af59e12 + +info: + name: > + WebinarIgnition <= 3.05.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cef43a2-7917-4abd-b8f5-4a7604eadb70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webinar-ignition/" + google-query: inurl:"/wp-content/plugins/webinar-ignition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webinar-ignition,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webinar-ignition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webinar-ignition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.05.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webinar-ignition-ea72a950c1ec7c195be94a36b1f4a88b.yaml b/nuclei-templates/cve-less/plugins/webinar-ignition-ea72a950c1ec7c195be94a36b1f4a88b.yaml new file mode 100644 index 0000000000..5d52769a27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webinar-ignition-ea72a950c1ec7c195be94a36b1f4a88b.yaml @@ -0,0 +1,58 @@ +id: webinar-ignition-ea72a950c1ec7c195be94a36b1f4a88b + +info: + name: > + WebinarIgnition <= 2.14.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49c65776-130d-4c22-b4f8-ababac8cf341?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webinar-ignition/" + google-query: inurl:"/wp-content/plugins/webinar-ignition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webinar-ignition,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webinar-ignition/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webinar-ignition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.14.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weblibrarian-078737c487b7cb7dd59dfa47479456c5.yaml b/nuclei-templates/cve-less/plugins/weblibrarian-078737c487b7cb7dd59dfa47479456c5.yaml new file mode 100644 index 0000000000..9c1cd82388 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weblibrarian-078737c487b7cb7dd59dfa47479456c5.yaml @@ -0,0 +1,58 @@ +id: weblibrarian-078737c487b7cb7dd59dfa47479456c5 + +info: + name: > + WebLibrarian < 3.4.8.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d918cfa5-8bae-45a0-a888-06f4cdb2ef33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weblibrarian/" + google-query: inurl:"/wp-content/plugins/weblibrarian/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weblibrarian,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weblibrarian/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weblibrarian" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weblibrarian-09a7bcc8ea30f2211fb747659d8fc0b2.yaml b/nuclei-templates/cve-less/plugins/weblibrarian-09a7bcc8ea30f2211fb747659d8fc0b2.yaml new file mode 100644 index 0000000000..e38e039835 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weblibrarian-09a7bcc8ea30f2211fb747659d8fc0b2.yaml @@ -0,0 +1,58 @@ +id: weblibrarian-09a7bcc8ea30f2211fb747659d8fc0b2 + +info: + name: > + WebLibrarian < 3.4.8.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73fae3a0-6987-45bf-a20e-4ea9c6f73924?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weblibrarian/" + google-query: inurl:"/wp-content/plugins/weblibrarian/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weblibrarian,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weblibrarian/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weblibrarian" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weblibrarian-19dc9eaf0f82c574889586e002e668f6.yaml b/nuclei-templates/cve-less/plugins/weblibrarian-19dc9eaf0f82c574889586e002e668f6.yaml new file mode 100644 index 0000000000..d50ff85ccc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weblibrarian-19dc9eaf0f82c574889586e002e668f6.yaml @@ -0,0 +1,58 @@ +id: weblibrarian-19dc9eaf0f82c574889586e002e668f6 + +info: + name: > + Web Librarian <= 3.5.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ca2d48b-5fb6-4eb9-85ea-be5a21130039?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weblibrarian/" + google-query: inurl:"/wp-content/plugins/weblibrarian/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weblibrarian,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weblibrarian/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weblibrarian" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weblibrarian-721a4bb5a70d51824521f6e59c15ccd0.yaml b/nuclei-templates/cve-less/plugins/weblibrarian-721a4bb5a70d51824521f6e59c15ccd0.yaml new file mode 100644 index 0000000000..8fcc666241 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weblibrarian-721a4bb5a70d51824521f6e59c15ccd0.yaml @@ -0,0 +1,58 @@ +id: weblibrarian-721a4bb5a70d51824521f6e59c15ccd0 + +info: + name: > + WebLibrarian < 3.4.8.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8881c74f-9941-4919-8a15-99407fca0946?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weblibrarian/" + google-query: inurl:"/wp-content/plugins/weblibrarian/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weblibrarian,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weblibrarian/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weblibrarian" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weblibrarian-df8c113b5a2942a4fbbfe352003deb48.yaml b/nuclei-templates/cve-less/plugins/weblibrarian-df8c113b5a2942a4fbbfe352003deb48.yaml new file mode 100644 index 0000000000..33026e9266 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weblibrarian-df8c113b5a2942a4fbbfe352003deb48.yaml @@ -0,0 +1,58 @@ +id: weblibrarian-df8c113b5a2942a4fbbfe352003deb48 + +info: + name: > + WebLibrarian <= 3.5.8.1 - Reflected Cross-Site Scripting via multiple parameters + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b4b05a8-3a32-4fa9-9ff5-a2a62b11a05d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weblibrarian/" + google-query: inurl:"/wp-content/plugins/weblibrarian/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weblibrarian,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weblibrarian/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weblibrarian" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-2f71afc8c2d9293f41fbc23cbef8e12e.yaml b/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-2f71afc8c2d9293f41fbc23cbef8e12e.yaml new file mode 100644 index 0000000000..581ff6192b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-2f71afc8c2d9293f41fbc23cbef8e12e.yaml @@ -0,0 +1,58 @@ +id: weblizar-pinterest-feeds-2f71afc8c2d9293f41fbc23cbef8e12e + +info: + name: > + Weblizar Pin Feeds < 1.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd052762-5bd3-4008-b6b9-aca7be1151c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weblizar-pinterest-feeds/" + google-query: inurl:"/wp-content/plugins/weblizar-pinterest-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weblizar-pinterest-feeds,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weblizar-pinterest-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weblizar-pinterest-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-658f027744f04fc24b4bbaa34345300a.yaml b/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-658f027744f04fc24b4bbaa34345300a.yaml new file mode 100644 index 0000000000..711d66fa1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-658f027744f04fc24b4bbaa34345300a.yaml @@ -0,0 +1,58 @@ +id: weblizar-pinterest-feeds-658f027744f04fc24b4bbaa34345300a + +info: + name: > + Weblizar Pin Feeds < 1.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c291da3-1326-40d8-b8e1-dfcf006ace0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weblizar-pinterest-feeds/" + google-query: inurl:"/wp-content/plugins/weblizar-pinterest-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weblizar-pinterest-feeds,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weblizar-pinterest-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weblizar-pinterest-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-9052f6be826c55f21c5dca387bdd8f58.yaml b/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-9052f6be826c55f21c5dca387bdd8f58.yaml new file mode 100644 index 0000000000..408564a066 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-9052f6be826c55f21c5dca387bdd8f58.yaml @@ -0,0 +1,58 @@ +id: weblizar-pinterest-feeds-9052f6be826c55f21c5dca387bdd8f58 + +info: + name: > + Weblizar Pin Feeds < 1.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aeacc3e5-020f-44b9-b412-c5a9114e0178?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weblizar-pinterest-feeds/" + google-query: inurl:"/wp-content/plugins/weblizar-pinterest-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weblizar-pinterest-feeds,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weblizar-pinterest-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weblizar-pinterest-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-c4fa0744bf528288e2b344cf15e3e525.yaml b/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-c4fa0744bf528288e2b344cf15e3e525.yaml new file mode 100644 index 0000000000..5b5132c74f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weblizar-pinterest-feeds-c4fa0744bf528288e2b344cf15e3e525.yaml @@ -0,0 +1,58 @@ +id: weblizar-pinterest-feeds-c4fa0744bf528288e2b344cf15e3e525 + +info: + name: > + Weblizar Pin Feeds < 1.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9adc6f3e-2360-480c-9f91-f47474e66c78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weblizar-pinterest-feeds/" + google-query: inurl:"/wp-content/plugins/weblizar-pinterest-feeds/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weblizar-pinterest-feeds,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weblizar-pinterest-feeds/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weblizar-pinterest-feeds" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webmaster-tools-ed6d1649ba9976ebdf4a57c36e036026.yaml b/nuclei-templates/cve-less/plugins/webmaster-tools-ed6d1649ba9976ebdf4a57c36e036026.yaml new file mode 100644 index 0000000000..24edaebbc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webmaster-tools-ed6d1649ba9976ebdf4a57c36e036026.yaml @@ -0,0 +1,58 @@ +id: webmaster-tools-ed6d1649ba9976ebdf4a57c36e036026 + +info: + name: > + Webmaster Tools <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e80bb7de-ce18-40d5-bf4c-9616739b2f9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webmaster-tools/" + google-query: inurl:"/wp-content/plugins/webmaster-tools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webmaster-tools,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webmaster-tools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webmaster-tools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webmaster-tools-fcf19f2a25a048981731715a2abd665b.yaml b/nuclei-templates/cve-less/plugins/webmaster-tools-fcf19f2a25a048981731715a2abd665b.yaml new file mode 100644 index 0000000000..627e698cc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webmaster-tools-fcf19f2a25a048981731715a2abd665b.yaml @@ -0,0 +1,58 @@ +id: webmaster-tools-fcf19f2a25a048981731715a2abd665b + +info: + name: > + Webmaster Tools <= 2.0 - Cross-Site Request Forgery vin lionscripts_plg_f + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4112ca9a-39fa-4fe8-a060-9f8f492eb846?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webmaster-tools/" + google-query: inurl:"/wp-content/plugins/webmaster-tools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webmaster-tools,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webmaster-tools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webmaster-tools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webmaster-tools-verification-200b5675cd7f93f9a3a59f8b16a025dd.yaml b/nuclei-templates/cve-less/plugins/webmaster-tools-verification-200b5675cd7f93f9a3a59f8b16a025dd.yaml new file mode 100644 index 0000000000..8655f4ea52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webmaster-tools-verification-200b5675cd7f93f9a3a59f8b16a025dd.yaml @@ -0,0 +1,58 @@ +id: webmaster-tools-verification-200b5675cd7f93f9a3a59f8b16a025dd + +info: + name: > + Webmaster Tools Verification <= 1.2 - Missing Authorization to Arbitrary Plugin Deactivation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/546f388e-16e2-4c0b-acb0-a462bff4ef77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webmaster-tools-verification/" + google-query: inurl:"/wp-content/plugins/webmaster-tools-verification/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webmaster-tools-verification,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webmaster-tools-verification/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webmaster-tools-verification" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webp-converter-for-media-52ad3a4045cbc52c94981ea4e45a3cca.yaml b/nuclei-templates/cve-less/plugins/webp-converter-for-media-52ad3a4045cbc52c94981ea4e45a3cca.yaml new file mode 100644 index 0000000000..36428e5a6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webp-converter-for-media-52ad3a4045cbc52c94981ea4e45a3cca.yaml @@ -0,0 +1,58 @@ +id: webp-converter-for-media-52ad3a4045cbc52c94981ea4e45a3cca + +info: + name: > + WebP Converter for Media – Convert WebP and AVIF & Optimize Images <= 1.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cbb8495-70e0-48cc-84d9-6d3cf3ec5355?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webp-converter-for-media/" + google-query: inurl:"/wp-content/plugins/webp-converter-for-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webp-converter-for-media,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webp-converter-for-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webp-converter-for-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webp-converter-for-media-a5e6cd84098c70182c2285443d912164.yaml b/nuclei-templates/cve-less/plugins/webp-converter-for-media-a5e6cd84098c70182c2285443d912164.yaml new file mode 100644 index 0000000000..09d59a6f9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webp-converter-for-media-a5e6cd84098c70182c2285443d912164.yaml @@ -0,0 +1,58 @@ +id: webp-converter-for-media-a5e6cd84098c70182c2285443d912164 + +info: + name: > + WebP Converter for Media <= 4.0.2 - Unauthenticated Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16919724-e495-492e-8cc7-639e6d8473c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webp-converter-for-media/" + google-query: inurl:"/wp-content/plugins/webp-converter-for-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webp-converter-for-media,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webp-converter-for-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webp-converter-for-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webp-express-3d333cad26fc8b3d5422c9b862bc540d.yaml b/nuclei-templates/cve-less/plugins/webp-express-3d333cad26fc8b3d5422c9b862bc540d.yaml new file mode 100644 index 0000000000..6e24bcf966 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webp-express-3d333cad26fc8b3d5422c9b862bc540d.yaml @@ -0,0 +1,58 @@ +id: webp-express-3d333cad26fc8b3d5422c9b862bc540d + +info: + name: > + WebP Express <= 0.14.10 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b7108fc-0eb2-4f9f-b747-3b83c57a1b53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webp-express/" + google-query: inurl:"/wp-content/plugins/webp-express/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webp-express,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webp-express/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webp-express" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.14.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webp-express-a115c09e275d981be8fd48f835f5a022.yaml b/nuclei-templates/cve-less/plugins/webp-express-a115c09e275d981be8fd48f835f5a022.yaml new file mode 100644 index 0000000000..963f086568 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webp-express-a115c09e275d981be8fd48f835f5a022.yaml @@ -0,0 +1,58 @@ +id: webp-express-a115c09e275d981be8fd48f835f5a022 + +info: + name: > + WebP Express < 0.14.11 - Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f4893b9-e032-45d6-a542-0ead70c61e2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webp-express/" + google-query: inurl:"/wp-content/plugins/webp-express/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webp-express,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webp-express/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webp-express" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.14.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webpushr-web-push-notifications-8ddc4ba3a0f497ef212e13a7d6e63ce3.yaml b/nuclei-templates/cve-less/plugins/webpushr-web-push-notifications-8ddc4ba3a0f497ef212e13a7d6e63ce3.yaml new file mode 100644 index 0000000000..e9fc50c8b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webpushr-web-push-notifications-8ddc4ba3a0f497ef212e13a7d6e63ce3.yaml @@ -0,0 +1,58 @@ +id: webpushr-web-push-notifications-8ddc4ba3a0f497ef212e13a7d6e63ce3 + +info: + name: > + Webpushr <= 4.35.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32348f79-232f-42e6-bbea-aba6203d9f26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webpushr-web-push-notifications/" + google-query: inurl:"/wp-content/plugins/webpushr-web-push-notifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webpushr-web-push-notifications,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webpushr-web-push-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webpushr-web-push-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.35.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webpushr-web-push-notifications-99ed4f84114970decbe599553d25ef62.yaml b/nuclei-templates/cve-less/plugins/webpushr-web-push-notifications-99ed4f84114970decbe599553d25ef62.yaml new file mode 100644 index 0000000000..ab40c71b81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webpushr-web-push-notifications-99ed4f84114970decbe599553d25ef62.yaml @@ -0,0 +1,58 @@ +id: webpushr-web-push-notifications-99ed4f84114970decbe599553d25ef62 + +info: + name: > + Webpushr <= 4.34.0 - Cross-Site Request Forgery to Local File Inclusion via menu + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e140973b-d37c-45bf-aed2-9223bd812957?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webpushr-web-push-notifications/" + google-query: inurl:"/wp-content/plugins/webpushr-web-push-notifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webpushr-web-push-notifications,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webpushr-web-push-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webpushr-web-push-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.34.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webpushr-web-push-notifications-c54aa5c11f04ffd29f7bfb4d878ecdae.yaml b/nuclei-templates/cve-less/plugins/webpushr-web-push-notifications-c54aa5c11f04ffd29f7bfb4d878ecdae.yaml new file mode 100644 index 0000000000..febb3f6d17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webpushr-web-push-notifications-c54aa5c11f04ffd29f7bfb4d878ecdae.yaml @@ -0,0 +1,58 @@ +id: webpushr-web-push-notifications-c54aa5c11f04ffd29f7bfb4d878ecdae + +info: + name: > + Webpushr <= 4.34.0 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e092d67-ab81-4366-824c-cfb240ba3042?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webpushr-web-push-notifications/" + google-query: inurl:"/wp-content/plugins/webpushr-web-push-notifications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webpushr-web-push-notifications,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webpushr-web-push-notifications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webpushr-web-push-notifications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.34.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webriti-smtp-mail-65f94ea0710a1cc5f2df8da6f9883ee7.yaml b/nuclei-templates/cve-less/plugins/webriti-smtp-mail-65f94ea0710a1cc5f2df8da6f9883ee7.yaml new file mode 100644 index 0000000000..8067ae3b3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webriti-smtp-mail-65f94ea0710a1cc5f2df8da6f9883ee7.yaml @@ -0,0 +1,58 @@ +id: webriti-smtp-mail-65f94ea0710a1cc5f2df8da6f9883ee7 + +info: + name: > + Webriti SMTP Mail <= 1.0 - Cross-Site Request Forgery to options update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/053d374e-68b2-4d48-af6d-45087d5ce211?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webriti-smtp-mail/" + google-query: inurl:"/wp-content/plugins/webriti-smtp-mail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webriti-smtp-mail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webriti-smtp-mail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webriti-smtp-mail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webrotate-360-product-viewer-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/webrotate-360-product-viewer-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..2b172e4e24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webrotate-360-product-viewer-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: webrotate-360-product-viewer-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webrotate-360-product-viewer/" + google-query: inurl:"/wp-content/plugins/webrotate-360-product-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webrotate-360-product-viewer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webrotate-360-product-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webrotate-360-product-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/websimon-tables-eb4c190ad02fb7be0bb121747087fd9e.yaml b/nuclei-templates/cve-less/plugins/websimon-tables-eb4c190ad02fb7be0bb121747087fd9e.yaml new file mode 100644 index 0000000000..0f5de3164d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/websimon-tables-eb4c190ad02fb7be0bb121747087fd9e.yaml @@ -0,0 +1,58 @@ +id: websimon-tables-eb4c190ad02fb7be0bb121747087fd9e + +info: + name: > + Websimon Tables <= 1.3.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51c1c4ee-c17f-4565-b800-f306569fc502?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/websimon-tables/" + google-query: inurl:"/wp-content/plugins/websimon-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,websimon-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/websimon-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "websimon-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/website-article-monetization-by-magenet-9f77fe459a0e5283ffcbf11ae93f5733.yaml b/nuclei-templates/cve-less/plugins/website-article-monetization-by-magenet-9f77fe459a0e5283ffcbf11ae93f5733.yaml new file mode 100644 index 0000000000..6df8232766 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/website-article-monetization-by-magenet-9f77fe459a0e5283ffcbf11ae93f5733.yaml @@ -0,0 +1,58 @@ +id: website-article-monetization-by-magenet-9f77fe459a0e5283ffcbf11ae93f5733 + +info: + name: > + Website Article Monetization By MageNet <= 1.0.11 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8564dbb-6be8-4999-be65-d28609e05451?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/website-article-monetization-by-magenet/" + google-query: inurl:"/wp-content/plugins/website-article-monetization-by-magenet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,website-article-monetization-by-magenet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/website-article-monetization-by-magenet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "website-article-monetization-by-magenet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/website-file-changes-monitor-b4286607d776cde455809a59a67464fa.yaml b/nuclei-templates/cve-less/plugins/website-file-changes-monitor-b4286607d776cde455809a59a67464fa.yaml new file mode 100644 index 0000000000..aff896427b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/website-file-changes-monitor-b4286607d776cde455809a59a67464fa.yaml @@ -0,0 +1,58 @@ +id: website-file-changes-monitor-b4286607d776cde455809a59a67464fa + +info: + name: > + Website File Changes Monitor <= 1.8.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2046c6cf-32fa-4fac-a4bc-00f11f739d14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/website-file-changes-monitor/" + google-query: inurl:"/wp-content/plugins/website-file-changes-monitor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,website-file-changes-monitor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/website-file-changes-monitor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "website-file-changes-monitor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/website-monetization-by-magenet-fb6bf968c60057d0db8de1f7c72a739d.yaml b/nuclei-templates/cve-less/plugins/website-monetization-by-magenet-fb6bf968c60057d0db8de1f7c72a739d.yaml new file mode 100644 index 0000000000..1bc4c0ffe0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/website-monetization-by-magenet-fb6bf968c60057d0db8de1f7c72a739d.yaml @@ -0,0 +1,58 @@ +id: website-monetization-by-magenet-fb6bf968c60057d0db8de1f7c72a739d + +info: + name: > + Website Monetization by MageNet <= 1.0.29.1 - Cross-Site Request Forgery via admin_magenet_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f1f3562-f869-4442-b77f-c06c5683c1b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/website-monetization-by-magenet/" + google-query: inurl:"/wp-content/plugins/website-monetization-by-magenet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,website-monetization-by-magenet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/website-monetization-by-magenet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "website-monetization-by-magenet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.29.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/webwinkelkeur-bb474de523e33ab78eb1474118c2fa7e.yaml b/nuclei-templates/cve-less/plugins/webwinkelkeur-bb474de523e33ab78eb1474118c2fa7e.yaml new file mode 100644 index 0000000000..c0758e7a70 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/webwinkelkeur-bb474de523e33ab78eb1474118c2fa7e.yaml @@ -0,0 +1,58 @@ +id: webwinkelkeur-bb474de523e33ab78eb1474118c2fa7e + +info: + name: > + WebwinkelKeur <= 3.24 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a077e95f-7912-4b94-89f3-54f37adfcd8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/webwinkelkeur/" + google-query: inurl:"/wp-content/plugins/webwinkelkeur/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,webwinkelkeur,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/webwinkelkeur/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "webwinkelkeur" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wechat-broadcast-71573a0535f08f2db438af64d10b0f1d.yaml b/nuclei-templates/cve-less/plugins/wechat-broadcast-71573a0535f08f2db438af64d10b0f1d.yaml new file mode 100644 index 0000000000..2bc23eed8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wechat-broadcast-71573a0535f08f2db438af64d10b0f1d.yaml @@ -0,0 +1,58 @@ +id: wechat-broadcast-71573a0535f08f2db438af64d10b0f1d + +info: + name: > + 微信群发助手-Wechat Broadcast <= 1.2.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/324fcf1b-a811-4750-bf48-87cb6570d51a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wechat-broadcast/" + google-query: inurl:"/wp-content/plugins/wechat-broadcast/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wechat-broadcast,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wechat-broadcast/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wechat-broadcast" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wechat-reward-bcff2870cae12c5758ea4c72282891f6.yaml b/nuclei-templates/cve-less/plugins/wechat-reward-bcff2870cae12c5758ea4c72282891f6.yaml new file mode 100644 index 0000000000..8bd3cdad61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wechat-reward-bcff2870cae12c5758ea4c72282891f6.yaml @@ -0,0 +1,58 @@ +id: wechat-reward-bcff2870cae12c5758ea4c72282891f6 + +info: + name: > + Wechat Reward <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b0f5c2c-f01a-4a09-99c2-2b7dfe3bcd05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wechat-reward/" + google-query: inurl:"/wp-content/plugins/wechat-reward/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wechat-reward,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wechat-reward/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wechat-reward" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wedevs-project-manager-0a72b6924fec36fec1dd6c3deccd8793.yaml b/nuclei-templates/cve-less/plugins/wedevs-project-manager-0a72b6924fec36fec1dd6c3deccd8793.yaml new file mode 100644 index 0000000000..6792ef9174 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wedevs-project-manager-0a72b6924fec36fec1dd6c3deccd8793.yaml @@ -0,0 +1,58 @@ +id: wedevs-project-manager-0a72b6924fec36fec1dd6c3deccd8793 + +info: + name: > + WP Project Manager <= 2.6.4 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a5e4708-db3e-483c-852f-1a487825cf92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wedevs-project-manager/" + google-query: inurl:"/wp-content/plugins/wedevs-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wedevs-project-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wedevs-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wedevs-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wedevs-project-manager-4c439a45b0012520f242bad12e03107a.yaml b/nuclei-templates/cve-less/plugins/wedevs-project-manager-4c439a45b0012520f242bad12e03107a.yaml new file mode 100644 index 0000000000..6e211db232 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wedevs-project-manager-4c439a45b0012520f242bad12e03107a.yaml @@ -0,0 +1,58 @@ +id: wedevs-project-manager-4c439a45b0012520f242bad12e03107a + +info: + name: > + WP Project Manager <= 2.6.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd625d24-c1e9-465d-896a-bff75d8c534f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wedevs-project-manager/" + google-query: inurl:"/wp-content/plugins/wedevs-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wedevs-project-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wedevs-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wedevs-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wedevs-project-manager-8a54587701c521af8ba2b5105bfe686a.yaml b/nuclei-templates/cve-less/plugins/wedevs-project-manager-8a54587701c521af8ba2b5105bfe686a.yaml new file mode 100644 index 0000000000..da0d7322f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wedevs-project-manager-8a54587701c521af8ba2b5105bfe686a.yaml @@ -0,0 +1,58 @@ +id: wedevs-project-manager-8a54587701c521af8ba2b5105bfe686a + +info: + name: > + WP Project Manager <= 2.4.13 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef5859b7-0f15-43ad-9f45-aa846d045f5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wedevs-project-manager/" + google-query: inurl:"/wp-content/plugins/wedevs-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wedevs-project-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wedevs-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wedevs-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wedevs-project-manager-b61b6ac3b97f0d01cb8ed1723488895c.yaml b/nuclei-templates/cve-less/plugins/wedevs-project-manager-b61b6ac3b97f0d01cb8ed1723488895c.yaml new file mode 100644 index 0000000000..71288eb9f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wedevs-project-manager-b61b6ac3b97f0d01cb8ed1723488895c.yaml @@ -0,0 +1,58 @@ +id: wedevs-project-manager-b61b6ac3b97f0d01cb8ed1723488895c + +info: + name: > + WP Project Manager <= 2.6.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f83a6631-ff6c-422e-8b6c-49576fadb89f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wedevs-project-manager/" + google-query: inurl:"/wp-content/plugins/wedevs-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wedevs-project-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wedevs-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wedevs-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wedevs-project-manager-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wedevs-project-manager-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..98aaeac037 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wedevs-project-manager-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wedevs-project-manager-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wedevs-project-manager/" + google-query: inurl:"/wp-content/plugins/wedevs-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wedevs-project-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wedevs-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wedevs-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wedevs-project-manager-df9102694b36792bdabf02d0dae189bc.yaml b/nuclei-templates/cve-less/plugins/wedevs-project-manager-df9102694b36792bdabf02d0dae189bc.yaml new file mode 100644 index 0000000000..d43cc68c25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wedevs-project-manager-df9102694b36792bdabf02d0dae189bc.yaml @@ -0,0 +1,58 @@ +id: wedevs-project-manager-df9102694b36792bdabf02d0dae189bc + +info: + name: > + WP Project Manager <= 2.6.0 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79dabaa6-d907-4fa6-bc6f-f28f39578256?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wedevs-project-manager/" + google-query: inurl:"/wp-content/plugins/wedevs-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wedevs-project-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wedevs-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wedevs-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wedevs-project-manager-edc5ca28f14c37c2e01dbf4e23653e4f.yaml b/nuclei-templates/cve-less/plugins/wedevs-project-manager-edc5ca28f14c37c2e01dbf4e23653e4f.yaml new file mode 100644 index 0000000000..a8fb4c045b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wedevs-project-manager-edc5ca28f14c37c2e01dbf4e23653e4f.yaml @@ -0,0 +1,58 @@ +id: wedevs-project-manager-edc5ca28f14c37c2e01dbf4e23653e4f + +info: + name: > + WP Project Manager <= 2.4.0 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/456c13f5-4a8b-4eea-a2a0-f37f8508551b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wedevs-project-manager/" + google-query: inurl:"/wp-content/plugins/wedevs-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wedevs-project-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wedevs-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wedevs-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wedocs-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wedocs-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..2b16001d02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wedocs-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wedocs-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wedocs/" + google-query: inurl:"/wp-content/plugins/wedocs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wedocs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wedocs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wedocs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.6', '<= 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weebotlite-910100abea99ef6c374051083d0fe4ff.yaml b/nuclei-templates/cve-less/plugins/weebotlite-910100abea99ef6c374051083d0fe4ff.yaml new file mode 100644 index 0000000000..d71aafd777 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weebotlite-910100abea99ef6c374051083d0fe4ff.yaml @@ -0,0 +1,58 @@ +id: weebotlite-910100abea99ef6c374051083d0fe4ff + +info: + name: > + weebotLite <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66518929-d5e7-4b4d-a04c-a96ad0df308c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weebotlite/" + google-query: inurl:"/wp-content/plugins/weebotlite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weebotlite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weebotlite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weebotlite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weekly-class-schedule-b226e8f4a0772170244c06930bdb6dc9.yaml b/nuclei-templates/cve-less/plugins/weekly-class-schedule-b226e8f4a0772170244c06930bdb6dc9.yaml new file mode 100644 index 0000000000..ee627a92d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weekly-class-schedule-b226e8f4a0772170244c06930bdb6dc9.yaml @@ -0,0 +1,58 @@ +id: weekly-class-schedule-b226e8f4a0772170244c06930bdb6dc9 + +info: + name: > + Weekly Class Schedule <= 3.19 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6951a50-954b-4c2b-8499-7623027406c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weekly-class-schedule/" + google-query: inurl:"/wp-content/plugins/weekly-class-schedule/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weekly-class-schedule,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weekly-class-schedule/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weekly-class-schedule" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weekly-schedule-a7639c71f3241814b9c95f17c5919356.yaml b/nuclei-templates/cve-less/plugins/weekly-schedule-a7639c71f3241814b9c95f17c5919356.yaml new file mode 100644 index 0000000000..7bc75089d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weekly-schedule-a7639c71f3241814b9c95f17c5919356.yaml @@ -0,0 +1,58 @@ +id: weekly-schedule-a7639c71f3241814b9c95f17c5919356 + +info: + name: > + Weekly Schedule <= 3.4.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94f03821-eb33-4eb6-b7ff-b32a74facdd2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weekly-schedule/" + google-query: inurl:"/wp-content/plugins/weekly-schedule/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weekly-schedule,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weekly-schedule/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weekly-schedule" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weforms-20aadb46b84139edf712ada2a54996af.yaml b/nuclei-templates/cve-less/plugins/weforms-20aadb46b84139edf712ada2a54996af.yaml new file mode 100644 index 0000000000..094141bdb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weforms-20aadb46b84139edf712ada2a54996af.yaml @@ -0,0 +1,58 @@ +id: weforms-20aadb46b84139edf712ada2a54996af + +info: + name: > + weForms <= 1.6.18 - Missing Authorization via export_form_entries + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2b7258e-c594-415a-a872-d5b28397e40d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weforms/" + google-query: inurl:"/wp-content/plugins/weforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weforms-22ec989ac05e231b0a72ec153f660e8e.yaml b/nuclei-templates/cve-less/plugins/weforms-22ec989ac05e231b0a72ec153f660e8e.yaml new file mode 100644 index 0000000000..84dc51af7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weforms-22ec989ac05e231b0a72ec153f660e8e.yaml @@ -0,0 +1,58 @@ +id: weforms-22ec989ac05e231b0a72ec153f660e8e + +info: + name: > + weForms – Easy Drag & Drop Contact Form Builder For WordPress <= 1.6.17 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c44efe0-bdc0-42e0-9bdd-cf25bff1d2d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weforms/" + google-query: inurl:"/wp-content/plugins/weforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weforms-38f8a2f1ccb6fa8679c01ae474dc43d3.yaml b/nuclei-templates/cve-less/plugins/weforms-38f8a2f1ccb6fa8679c01ae474dc43d3.yaml new file mode 100644 index 0000000000..a3cbcb78b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weforms-38f8a2f1ccb6fa8679c01ae474dc43d3.yaml @@ -0,0 +1,58 @@ +id: weforms-38f8a2f1ccb6fa8679c01ae474dc43d3 + +info: + name: > + weForms <= 1.6.20 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c71dc22-0b1b-4628-bbab-4154714e8804?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weforms/" + google-query: inurl:"/wp-content/plugins/weforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weforms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weforms-4e68aefc025803a73af9ddad4f651646.yaml b/nuclei-templates/cve-less/plugins/weforms-4e68aefc025803a73af9ddad4f651646.yaml new file mode 100644 index 0000000000..ff01626bae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weforms-4e68aefc025803a73af9ddad4f651646.yaml @@ -0,0 +1,58 @@ +id: weforms-4e68aefc025803a73af9ddad4f651646 + +info: + name: > + weForms <= 1.6.21 - Unauthenticated Stored Cross-Site Scripting via Referer + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weforms/" + google-query: inurl:"/wp-content/plugins/weforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weforms-61c13420e3dc8f41c004527b0a6dcd7f.yaml b/nuclei-templates/cve-less/plugins/weforms-61c13420e3dc8f41c004527b0a6dcd7f.yaml new file mode 100644 index 0000000000..54a6badbf0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weforms-61c13420e3dc8f41c004527b0a6dcd7f.yaml @@ -0,0 +1,58 @@ +id: weforms-61c13420e3dc8f41c004527b0a6dcd7f + +info: + name: > + weForms <= 1.6.13 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9e67057-7086-4108-a629-87610a12ec19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weforms/" + google-query: inurl:"/wp-content/plugins/weforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weforms-b76b106cd104db99c0e761b215cfa76f.yaml b/nuclei-templates/cve-less/plugins/weforms-b76b106cd104db99c0e761b215cfa76f.yaml new file mode 100644 index 0000000000..36a2ba1c43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weforms-b76b106cd104db99c0e761b215cfa76f.yaml @@ -0,0 +1,58 @@ +id: weforms-b76b106cd104db99c0e761b215cfa76f + +info: + name: > + WeForms <= 1.4.7 - CSV injection via form entry + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53bffb82-b9df-40a0-947b-ecae512f363a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weforms/" + google-query: inurl:"/wp-content/plugins/weforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weglot-9b9cbf166c5c9952b460a90920fbb492.yaml b/nuclei-templates/cve-less/plugins/weglot-9b9cbf166c5c9952b460a90920fbb492.yaml new file mode 100644 index 0000000000..227ae11439 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weglot-9b9cbf166c5c9952b460a90920fbb492.yaml @@ -0,0 +1,58 @@ +id: weglot-9b9cbf166c5c9952b460a90920fbb492 + +info: + name: > + Translate WordPress and go Multilingual – Weglot <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d87134e8-9d73-4a39-b071-37a5dac033b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weglot/" + google-query: inurl:"/wp-content/plugins/weglot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weglot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weglot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weglot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weight-based-shipping-for-woocommerce-962608679c37b286812f3dffa30e38de.yaml b/nuclei-templates/cve-less/plugins/weight-based-shipping-for-woocommerce-962608679c37b286812f3dffa30e38de.yaml new file mode 100644 index 0000000000..49b3d4bb09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weight-based-shipping-for-woocommerce-962608679c37b286812f3dffa30e38de.yaml @@ -0,0 +1,58 @@ +id: weight-based-shipping-for-woocommerce-962608679c37b286812f3dffa30e38de + +info: + name: > + WooCommerce Weight Based Shipping <= 5.4.1 - Cross-Site Request Forgery leading to Plugin Settings Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5086b8d-6c74-4970-9937-5ddc5b528495?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weight-based-shipping-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/weight-based-shipping-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weight-based-shipping-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weight-based-shipping-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weight-based-shipping-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/weixin-robot-advanced-2bcf120ca9cfae0292d17d841a512698.yaml b/nuclei-templates/cve-less/plugins/weixin-robot-advanced-2bcf120ca9cfae0292d17d841a512698.yaml new file mode 100644 index 0000000000..5ea6d8cc7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/weixin-robot-advanced-2bcf120ca9cfae0292d17d841a512698.yaml @@ -0,0 +1,58 @@ +id: weixin-robot-advanced-2bcf120ca9cfae0292d17d841a512698 + +info: + name: > + 微信机器人高级版 <= 6.2.1 - Reflected Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d2a238f-7192-49f0-be2e-3a35fca651d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/weixin-robot-advanced/" + google-query: inurl:"/wp-content/plugins/weixin-robot-advanced/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,weixin-robot-advanced,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/weixin-robot-advanced/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weixin-robot-advanced" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/welcome-email-editor-9ad568f26d284db1bbd80573c9ce9895.yaml b/nuclei-templates/cve-less/plugins/welcome-email-editor-9ad568f26d284db1bbd80573c9ce9895.yaml new file mode 100644 index 0000000000..18411b15a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/welcome-email-editor-9ad568f26d284db1bbd80573c9ce9895.yaml @@ -0,0 +1,58 @@ +id: welcome-email-editor-9ad568f26d284db1bbd80573c9ce9895 + +info: + name: > + Welcome Email Editor <= 5.0.5 - Missing Authorization via ajax_handler + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/943cd10b-1b58-4803-ba6f-291f73353422?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/welcome-email-editor/" + google-query: inurl:"/wp-content/plugins/welcome-email-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,welcome-email-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/welcome-email-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "welcome-email-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wemail-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wemail-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..cfb8cfd104 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wemail-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wemail-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wemail/" + google-query: inurl:"/wp-content/plugins/wemail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wemail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wemail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wemail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wemanage-app-worker-5b8de369a947d5ef9762408c0a15df35.yaml b/nuclei-templates/cve-less/plugins/wemanage-app-worker-5b8de369a947d5ef9762408c0a15df35.yaml new file mode 100644 index 0000000000..0abb04a70c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wemanage-app-worker-5b8de369a947d5ef9762408c0a15df35.yaml @@ -0,0 +1,58 @@ +id: wemanage-app-worker-5b8de369a947d5ef9762408c0a15df35 + +info: + name: > + Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring <= 1.2.2 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4219c10-9d2a-429d-9ac7-61efc02bd4cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wemanage-app-worker/" + google-query: inurl:"/wp-content/plugins/wemanage-app-worker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wemanage-app-worker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wemanage-app-worker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wemanage-app-worker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wen-responsive-columns-c849c5ba3c9b4616d8436c9196e9a011.yaml b/nuclei-templates/cve-less/plugins/wen-responsive-columns-c849c5ba3c9b4616d8436c9196e9a011.yaml new file mode 100644 index 0000000000..1a7be2be07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wen-responsive-columns-c849c5ba3c9b4616d8436c9196e9a011.yaml @@ -0,0 +1,58 @@ +id: wen-responsive-columns-c849c5ba3c9b4616d8436c9196e9a011 + +info: + name: > + WEN Responsive Columns <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9755323f-42bd-491d-8d82-b1905eed0d9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wen-responsive-columns/" + google-query: inurl:"/wp-content/plugins/wen-responsive-columns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wen-responsive-columns,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wen-responsive-columns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wen-responsive-columns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wens-responsive-column-layout-shortcodes-a04fa743a93c3af81940f7c153cec33e.yaml b/nuclei-templates/cve-less/plugins/wens-responsive-column-layout-shortcodes-a04fa743a93c3af81940f7c153cec33e.yaml new file mode 100644 index 0000000000..61d9802709 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wens-responsive-column-layout-shortcodes-a04fa743a93c3af81940f7c153cec33e.yaml @@ -0,0 +1,58 @@ +id: wens-responsive-column-layout-shortcodes-a04fa743a93c3af81940f7c153cec33e + +info: + name: > + eVision Responsive Column Layout Shortcodes <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c47e9220-d7d7-4a66-b555-8fa837d45d59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wens-responsive-column-layout-shortcodes/" + google-query: inurl:"/wp-content/plugins/wens-responsive-column-layout-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wens-responsive-column-layout-shortcodes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wens-responsive-column-layout-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wens-responsive-column-layout-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wepos-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wepos-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..ecb8aac03f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wepos-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wepos-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wepos/" + google-query: inurl:"/wp-content/plugins/wepos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wepos,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wepos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wepos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wesecur-security-b205c6392eb0136cf0df5ea96fc73a56.yaml b/nuclei-templates/cve-less/plugins/wesecur-security-b205c6392eb0136cf0df5ea96fc73a56.yaml new file mode 100644 index 0000000000..8c5a7e5500 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wesecur-security-b205c6392eb0136cf0df5ea96fc73a56.yaml @@ -0,0 +1,58 @@ +id: wesecur-security-b205c6392eb0136cf0df5ea96fc73a56 + +info: + name: > + WeSecur Security <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d732ea2d-c763-4735-b541-6c5fd5167cb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wesecur-security/" + google-query: inurl:"/wp-content/plugins/wesecur-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wesecur-security,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wesecur-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wesecur-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wf-cookie-consent-0533a60780cf9a211a23b93d336f2dae.yaml b/nuclei-templates/cve-less/plugins/wf-cookie-consent-0533a60780cf9a211a23b93d336f2dae.yaml new file mode 100644 index 0000000000..b95004cf16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wf-cookie-consent-0533a60780cf9a211a23b93d336f2dae.yaml @@ -0,0 +1,58 @@ +id: wf-cookie-consent-0533a60780cf9a211a23b93d336f2dae + +info: + name: > + WF Cookie Consent <= 1.1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00fa2ca1-a1bd-4b58-ae64-1b61534c1e3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wf-cookie-consent/" + google-query: inurl:"/wp-content/plugins/wf-cookie-consent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wf-cookie-consent,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wf-cookie-consent/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wf-cookie-consent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wh-testimonials-d863abcdf052b29c71bf4158cc87a13f.yaml b/nuclei-templates/cve-less/plugins/wh-testimonials-d863abcdf052b29c71bf4158cc87a13f.yaml new file mode 100644 index 0000000000..91b577bb71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wh-testimonials-d863abcdf052b29c71bf4158cc87a13f.yaml @@ -0,0 +1,58 @@ +id: wh-testimonials-d863abcdf052b29c71bf4158cc87a13f + +info: + name: > + WH Testimonials <= 3.0.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6fe5f1a-787e-4662-915f-c6f04961e194?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wh-testimonials/" + google-query: inurl:"/wp-content/plugins/wh-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wh-testimonials,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wh-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wh-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wha-crossword-363aa4459971c85215990cb3c8eb5496.yaml b/nuclei-templates/cve-less/plugins/wha-crossword-363aa4459971c85215990cb3c8eb5496.yaml new file mode 100644 index 0000000000..bd2b0c8097 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wha-crossword-363aa4459971c85215990cb3c8eb5496.yaml @@ -0,0 +1,58 @@ +id: wha-crossword-363aa4459971c85215990cb3c8eb5496 + +info: + name: > + WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16b0947e-3bb2-4150-b810-2e77de3e75da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wha-crossword/" + google-query: inurl:"/wp-content/plugins/wha-crossword/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wha-crossword,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wha-crossword/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wha-crossword" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wha-crossword-c67d4649ea18743c5c7a2e3701c4b78b.yaml b/nuclei-templates/cve-less/plugins/wha-crossword-c67d4649ea18743c5c7a2e3701c4b78b.yaml new file mode 100644 index 0000000000..9f65d744e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wha-crossword-c67d4649ea18743c5c7a2e3701c4b78b.yaml @@ -0,0 +1,58 @@ +id: wha-crossword-c67d4649ea18743c5c7a2e3701c4b78b + +info: + name: > + WHA Crossword <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb7316cd-8a15-4b81-b57c-b8e4adcaf1ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wha-crossword/" + google-query: inurl:"/wp-content/plugins/wha-crossword/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wha-crossword,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wha-crossword/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wha-crossword" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wha-puzzle-054cca949d3d20e70e41393d4d7ba0fa.yaml b/nuclei-templates/cve-less/plugins/wha-puzzle-054cca949d3d20e70e41393d4d7ba0fa.yaml new file mode 100644 index 0000000000..f908c1fcc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wha-puzzle-054cca949d3d20e70e41393d4d7ba0fa.yaml @@ -0,0 +1,58 @@ +id: wha-puzzle-054cca949d3d20e70e41393d4d7ba0fa + +info: + name: > + WHA Puzzle <= 1.0.9 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36f7eb57-76ac-4130-abb3-6521f9d042ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wha-puzzle/" + google-query: inurl:"/wp-content/plugins/wha-puzzle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wha-puzzle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wha-puzzle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wha-puzzle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wha-wordsearch-6fde6e46382738cc90cbede415252e23.yaml b/nuclei-templates/cve-less/plugins/wha-wordsearch-6fde6e46382738cc90cbede415252e23.yaml new file mode 100644 index 0000000000..54d777be08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wha-wordsearch-6fde6e46382738cc90cbede415252e23.yaml @@ -0,0 +1,58 @@ +id: wha-wordsearch-6fde6e46382738cc90cbede415252e23 + +info: + name: > + Word Search Puzzles game <= 2.0.1 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7566beda-649f-4dfc-860f-fb1c48809461?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wha-wordsearch/" + google-query: inurl:"/wp-content/plugins/wha-wordsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wha-wordsearch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wha-wordsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wha-wordsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wha-wordsearch-9c32419221ff25df45de1a2bef4b454c.yaml b/nuclei-templates/cve-less/plugins/wha-wordsearch-9c32419221ff25df45de1a2bef4b454c.yaml new file mode 100644 index 0000000000..6107f6bbba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wha-wordsearch-9c32419221ff25df45de1a2bef4b454c.yaml @@ -0,0 +1,58 @@ +id: wha-wordsearch-9c32419221ff25df45de1a2bef4b454c + +info: + name: > + Word Search Puzzles game <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9efbbb82-8127-4f11-84d4-2ce27f2cbefe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wha-wordsearch/" + google-query: inurl:"/wp-content/plugins/wha-wordsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wha-wordsearch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wha-wordsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wha-wordsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/whats-new-genarator-4f768a2e6ed5431813ce2815c2416c7e.yaml b/nuclei-templates/cve-less/plugins/whats-new-genarator-4f768a2e6ed5431813ce2815c2416c7e.yaml new file mode 100644 index 0000000000..a4eb7ed19e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/whats-new-genarator-4f768a2e6ed5431813ce2815c2416c7e.yaml @@ -0,0 +1,58 @@ +id: whats-new-genarator-4f768a2e6ed5431813ce2815c2416c7e + +info: + name: > + What's New Generator <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da11abe7-49fa-496b-bcd7-c666eef63896?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/whats-new-genarator/" + google-query: inurl:"/wp-content/plugins/whats-new-genarator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,whats-new-genarator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/whats-new-genarator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "whats-new-genarator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/whatsapp-35617caa27e1534d5543f128d4268283.yaml b/nuclei-templates/cve-less/plugins/whatsapp-35617caa27e1534d5543f128d4268283.yaml new file mode 100644 index 0000000000..7dbf13ce38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/whatsapp-35617caa27e1534d5543f128d4268283.yaml @@ -0,0 +1,58 @@ +id: whatsapp-35617caa27e1534d5543f128d4268283 + +info: + name: > + WhatsApp Share Button <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77911b0f-c028-49ae-b85e-15909d806e30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/whatsapp/" + google-query: inurl:"/wp-content/plugins/whatsapp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,whatsapp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/whatsapp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "whatsapp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/whatshelp-chat-button-5010f538683e4ce673730780a1277a01.yaml b/nuclei-templates/cve-less/plugins/whatshelp-chat-button-5010f538683e4ce673730780a1277a01.yaml new file mode 100644 index 0000000000..eabcd272e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/whatshelp-chat-button-5010f538683e4ce673730780a1277a01.yaml @@ -0,0 +1,58 @@ +id: whatshelp-chat-button-5010f538683e4ce673730780a1277a01 + +info: + name: > + Chat Button <= 1.8.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f2ed813-3bf3-4ee3-a030-778cbd93bba3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/whatshelp-chat-button/" + google-query: inurl:"/wp-content/plugins/whatshelp-chat-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,whatshelp-chat-button,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/whatshelp-chat-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "whatshelp-chat-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/when-last-login-e5890c71dc0cd4588ccd030aa7bc5fbd.yaml b/nuclei-templates/cve-less/plugins/when-last-login-e5890c71dc0cd4588ccd030aa7bc5fbd.yaml new file mode 100644 index 0000000000..3808de86c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/when-last-login-e5890c71dc0cd4588ccd030aa7bc5fbd.yaml @@ -0,0 +1,58 @@ +id: when-last-login-e5890c71dc0cd4588ccd030aa7bc5fbd + +info: + name: > + When Last Login <= 1.2.1 - Cross-Site Request Forgery via wll_hide_subscription_notice + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81638472-b635-4100-8fb9-3daf35fa172e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/when-last-login/" + google-query: inurl:"/wp-content/plugins/when-last-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,when-last-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/when-last-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "when-last-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/which-template-file-93c626578b9ec2f6ee1b804fc44e2116.yaml b/nuclei-templates/cve-less/plugins/which-template-file-93c626578b9ec2f6ee1b804fc44e2116.yaml new file mode 100644 index 0000000000..893b5f85e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/which-template-file-93c626578b9ec2f6ee1b804fc44e2116.yaml @@ -0,0 +1,58 @@ +id: which-template-file-93c626578b9ec2f6ee1b804fc44e2116 + +info: + name: > + which template file <= 4.8.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/279314a4-2d70-4036-ae9a-27bb694b03db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/which-template-file/" + google-query: inurl:"/wp-content/plugins/which-template-file/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,which-template-file,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/which-template-file/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "which-template-file" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/which-template-file-c6789a8c4ddf7f4894074b67cbbeecc0.yaml b/nuclei-templates/cve-less/plugins/which-template-file-c6789a8c4ddf7f4894074b67cbbeecc0.yaml new file mode 100644 index 0000000000..6c51ab1ed4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/which-template-file-c6789a8c4ddf7f4894074b67cbbeecc0.yaml @@ -0,0 +1,58 @@ +id: which-template-file-c6789a8c4ddf7f4894074b67cbbeecc0 + +info: + name: > + which template file <= 5.0.0 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be3208c8-aceb-4ac9-91e1-d5de5a85f74d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/which-template-file/" + google-query: inurl:"/wp-content/plugins/which-template-file/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,which-template-file,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/which-template-file/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "which-template-file" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/white-label-5163255cf1a46ed12d467697bfe3f205.yaml b/nuclei-templates/cve-less/plugins/white-label-5163255cf1a46ed12d467697bfe3f205.yaml new file mode 100644 index 0000000000..bdd7994912 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/white-label-5163255cf1a46ed12d467697bfe3f205.yaml @@ -0,0 +1,58 @@ +id: white-label-5163255cf1a46ed12d467697bfe3f205 + +info: + name: > + White Label <= 2.9.0 - Cross-Site Request Forgery via white_label_reset_wl_admins + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/383da457-b930-470c-a68a-db3e87af7a80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/white-label/" + google-query: inurl:"/wp-content/plugins/white-label/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,white-label,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/white-label/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "white-label" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/white-label-branding-elementor-e6a4bf4b7def7461fd0f2bf14330f22c.yaml b/nuclei-templates/cve-less/plugins/white-label-branding-elementor-e6a4bf4b7def7461fd0f2bf14330f22c.yaml new file mode 100644 index 0000000000..01acc51043 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/white-label-branding-elementor-e6a4bf4b7def7461fd0f2bf14330f22c.yaml @@ -0,0 +1,58 @@ +id: white-label-branding-elementor-e6a4bf4b7def7461fd0f2bf14330f22c + +info: + name: > + White Label Branding for Elementor Page Builder <= 1.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e187b71-860e-4404-bbe2-193c6ecfd485?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/white-label-branding-elementor/" + google-query: inurl:"/wp-content/plugins/white-label-branding-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,white-label-branding-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/white-label-branding-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "white-label-branding-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/white-label-cms-5442adae59d3e3922670d74f56222668.yaml b/nuclei-templates/cve-less/plugins/white-label-cms-5442adae59d3e3922670d74f56222668.yaml new file mode 100644 index 0000000000..4d1a17aac9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/white-label-cms-5442adae59d3e3922670d74f56222668.yaml @@ -0,0 +1,58 @@ +id: white-label-cms-5442adae59d3e3922670d74f56222668 + +info: + name: > + White Label CMS <= 2.7.3 - Missing Authorization to Plugin Settings Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13a206ea-0890-4535-9da7-54a7a45f0452?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/white-label-cms/" + google-query: inurl:"/wp-content/plugins/white-label-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,white-label-cms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/white-label-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "white-label-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/white-label-cms-7987b5631645ef011c12aa6fb80cc221.yaml b/nuclei-templates/cve-less/plugins/white-label-cms-7987b5631645ef011c12aa6fb80cc221.yaml new file mode 100644 index 0000000000..de9316ebf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/white-label-cms-7987b5631645ef011c12aa6fb80cc221.yaml @@ -0,0 +1,58 @@ +id: white-label-cms-7987b5631645ef011c12aa6fb80cc221 + +info: + name: > + White Label CMS < 1.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62dacee5-9b55-4d0e-aa35-d97a1666f9e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/white-label-cms/" + google-query: inurl:"/wp-content/plugins/white-label-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,white-label-cms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/white-label-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "white-label-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/white-label-cms-84f16791aafe87d42cf363331892fb65.yaml b/nuclei-templates/cve-less/plugins/white-label-cms-84f16791aafe87d42cf363331892fb65.yaml new file mode 100644 index 0000000000..8f74e1338a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/white-label-cms-84f16791aafe87d42cf363331892fb65.yaml @@ -0,0 +1,58 @@ +id: white-label-cms-84f16791aafe87d42cf363331892fb65 + +info: + name: > + White Label CMS <= 2.4 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cae74177-7bfc-4fe2-9d45-0bc567a17909?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/white-label-cms/" + google-query: inurl:"/wp-content/plugins/white-label-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,white-label-cms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/white-label-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "white-label-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/white-label-cms-c371077c38bdbe69f0a63c723cbb2e25.yaml b/nuclei-templates/cve-less/plugins/white-label-cms-c371077c38bdbe69f0a63c723cbb2e25.yaml new file mode 100644 index 0000000000..06ad75e790 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/white-label-cms-c371077c38bdbe69f0a63c723cbb2e25.yaml @@ -0,0 +1,58 @@ +id: white-label-cms-c371077c38bdbe69f0a63c723cbb2e25 + +info: + name: > + White Label CMS < 1.5.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97fc00d0-ca3d-462a-ac9f-bfac4c882cc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/white-label-cms/" + google-query: inurl:"/wp-content/plugins/white-label-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,white-label-cms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/white-label-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "white-label-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/white-label-cms-ed7d98d793a5f352e711f6139453960a.yaml b/nuclei-templates/cve-less/plugins/white-label-cms-ed7d98d793a5f352e711f6139453960a.yaml new file mode 100644 index 0000000000..fa5a719ef8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/white-label-cms-ed7d98d793a5f352e711f6139453960a.yaml @@ -0,0 +1,58 @@ +id: white-label-cms-ed7d98d793a5f352e711f6139453960a + +info: + name: > + White Label MS <= 2.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08f59eb8-8865-401f-bb02-3192184e0415?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/white-label-cms/" + google-query: inurl:"/wp-content/plugins/white-label-cms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,white-label-cms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/white-label-cms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "white-label-cms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/white-page-publication-4a259e9179bf39bf0792ee310ede4901.yaml b/nuclei-templates/cve-less/plugins/white-page-publication-4a259e9179bf39bf0792ee310ede4901.yaml new file mode 100644 index 0000000000..171d6b8cb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/white-page-publication-4a259e9179bf39bf0792ee310ede4901.yaml @@ -0,0 +1,58 @@ +id: white-page-publication-4a259e9179bf39bf0792ee310ede4901 + +info: + name: > + WhitePage <= 1.1.5 - Cross-Site Request Forgery via params_api_form.php + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b377236-bb56-4d31-837a-c5064d46a6c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/white-page-publication/" + google-query: inurl:"/wp-content/plugins/white-page-publication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,white-page-publication,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/white-page-publication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "white-page-publication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/whizz-8475202b9f0509bc3f7f733c6c0c1b7b.yaml b/nuclei-templates/cve-less/plugins/whizz-8475202b9f0509bc3f7f733c6c0c1b7b.yaml new file mode 100644 index 0000000000..a0708b276d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/whizz-8475202b9f0509bc3f7f733c6c0c1b7b.yaml @@ -0,0 +1,58 @@ +id: whizz-8475202b9f0509bc3f7f733c6c0c1b7b + +info: + name: > + WHIZZ < 1.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3abac0a1-a696-48b1-88d9-d0b102c82ac3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/whizz/" + google-query: inurl:"/wp-content/plugins/whizz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,whizz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/whizz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "whizz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/whizz-b7bde08d72b1bc77eb8f6cd0fab4feae.yaml b/nuclei-templates/cve-less/plugins/whizz-b7bde08d72b1bc77eb8f6cd0fab4feae.yaml new file mode 100644 index 0000000000..82c433951d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/whizz-b7bde08d72b1bc77eb8f6cd0fab4feae.yaml @@ -0,0 +1,58 @@ +id: whizz-b7bde08d72b1bc77eb8f6cd0fab4feae + +info: + name: > + WHIZZ < 1.0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acde42e4-7445-427a-b4fa-9ef225049bb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/whizz/" + google-query: inurl:"/wp-content/plugins/whizz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,whizz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/whizz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "whizz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/whizzy-41404190c9a7f512053b049611a997bf.yaml b/nuclei-templates/cve-less/plugins/whizzy-41404190c9a7f512053b049611a997bf.yaml new file mode 100644 index 0000000000..9414974a02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/whizzy-41404190c9a7f512053b049611a997bf.yaml @@ -0,0 +1,58 @@ +id: whizzy-41404190c9a7f512053b049611a997bf + +info: + name: > + Whizzy <= 1.1.18 - Authenticated (Subscriber+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ededa54-654f-48dc-87d5-7321e041e6fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/whizzy/" + google-query: inurl:"/wp-content/plugins/whizzy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,whizzy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/whizzy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "whizzy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/whizzy-6ab5c2b9e9da3c807bbb85a9044847fe.yaml b/nuclei-templates/cve-less/plugins/whizzy-6ab5c2b9e9da3c807bbb85a9044847fe.yaml new file mode 100644 index 0000000000..2fc413b6c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/whizzy-6ab5c2b9e9da3c807bbb85a9044847fe.yaml @@ -0,0 +1,58 @@ +id: whizzy-6ab5c2b9e9da3c807bbb85a9044847fe + +info: + name: > + Whizzy <= 1.1.18 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8278f5bf-2f40-4f3d-b38d-0ecea9d47f83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/whizzy/" + google-query: inurl:"/wp-content/plugins/whizzy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,whizzy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/whizzy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "whizzy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/whmcs-bridge-239a7878d9add7cd58180811b224bdbf.yaml b/nuclei-templates/cve-less/plugins/whmcs-bridge-239a7878d9add7cd58180811b224bdbf.yaml new file mode 100644 index 0000000000..d0ba080597 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/whmcs-bridge-239a7878d9add7cd58180811b224bdbf.yaml @@ -0,0 +1,58 @@ +id: whmcs-bridge-239a7878d9add7cd58180811b224bdbf + +info: + name: > + WHMCS Bridge <= 6.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f08fd6e-4c1b-40e7-92ba-72cdd03ff585?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/whmcs-bridge/" + google-query: inurl:"/wp-content/plugins/whmcs-bridge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,whmcs-bridge,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/whmcs-bridge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "whmcs-bridge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/whmcs-bridge-f7ea807ec289aa8d8be34a1208e9ebb9.yaml b/nuclei-templates/cve-less/plugins/whmcs-bridge-f7ea807ec289aa8d8be34a1208e9ebb9.yaml new file mode 100644 index 0000000000..6b6ec6ef73 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/whmcs-bridge-f7ea807ec289aa8d8be34a1208e9ebb9.yaml @@ -0,0 +1,58 @@ +id: whmcs-bridge-f7ea807ec289aa8d8be34a1208e9ebb9 + +info: + name: > + WHMCS Bridge <= 6.1 Subscriber+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24ba85a0-dbc7-4c9d-a67f-d449c1d275ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/whmcs-bridge/" + google-query: inurl:"/wp-content/plugins/whmcs-bridge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,whmcs-bridge,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/whmcs-bridge/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "whmcs-bridge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/who-hit-the-page-hit-counter-4d3c4e1a467914ea53537050432b3938.yaml b/nuclei-templates/cve-less/plugins/who-hit-the-page-hit-counter-4d3c4e1a467914ea53537050432b3938.yaml new file mode 100644 index 0000000000..ca92b4e570 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/who-hit-the-page-hit-counter-4d3c4e1a467914ea53537050432b3938.yaml @@ -0,0 +1,58 @@ +id: who-hit-the-page-hit-counter-4d3c4e1a467914ea53537050432b3938 + +info: + name: > + Who Hit The Page – Hit Counter <= 1.4.14.3 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54c94de4-59b4-4f0b-85db-2074a41d04f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/who-hit-the-page-hit-counter/" + google-query: inurl:"/wp-content/plugins/who-hit-the-page-hit-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,who-hit-the-page-hit-counter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/who-hit-the-page-hit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "who-hit-the-page-hit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.14.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/who-hit-the-page-hit-counter-a52b3eb784f2d8ce0a9c250a80d5caf4.yaml b/nuclei-templates/cve-less/plugins/who-hit-the-page-hit-counter-a52b3eb784f2d8ce0a9c250a80d5caf4.yaml new file mode 100644 index 0000000000..c4a1c9359a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/who-hit-the-page-hit-counter-a52b3eb784f2d8ce0a9c250a80d5caf4.yaml @@ -0,0 +1,58 @@ +id: who-hit-the-page-hit-counter-a52b3eb784f2d8ce0a9c250a80d5caf4 + +info: + name: > + Who Hit The Page – Hit Counter <= 1.4.14.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/714d7811-0425-4833-a7b2-a408799181e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/who-hit-the-page-hit-counter/" + google-query: inurl:"/wp-content/plugins/who-hit-the-page-hit-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,who-hit-the-page-hit-counter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/who-hit-the-page-hit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "who-hit-the-page-hit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.14.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/who-hit-the-page-hit-counter-de2e48f236e18fa41cbab430238c4a68.yaml b/nuclei-templates/cve-less/plugins/who-hit-the-page-hit-counter-de2e48f236e18fa41cbab430238c4a68.yaml new file mode 100644 index 0000000000..96f01671d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/who-hit-the-page-hit-counter-de2e48f236e18fa41cbab430238c4a68.yaml @@ -0,0 +1,58 @@ +id: who-hit-the-page-hit-counter-de2e48f236e18fa41cbab430238c4a68 + +info: + name: > + Who Hit The Page – Hit Counter <= 1.4.14.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07663fae-53e9-45d2-834c-6e1392484e0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/who-hit-the-page-hit-counter/" + google-query: inurl:"/wp-content/plugins/who-hit-the-page-hit-counter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,who-hit-the-page-hit-counter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/who-hit-the-page-hit-counter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "who-hit-the-page-hit-counter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.14.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wholesale-market-8c2cb48bfeb76279d7566cc81ccb49f0.yaml b/nuclei-templates/cve-less/plugins/wholesale-market-8c2cb48bfeb76279d7566cc81ccb49f0.yaml new file mode 100644 index 0000000000..f45eec78ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wholesale-market-8c2cb48bfeb76279d7566cc81ccb49f0.yaml @@ -0,0 +1,58 @@ +id: wholesale-market-8c2cb48bfeb76279d7566cc81ccb49f0 + +info: + name: > + Wholesale Market <= 2.2.0 - Information Disclosure via Unauthenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adcbb70e-c99f-4f05-8869-50cf16f6de79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wholesale-market/" + google-query: inurl:"/wp-content/plugins/wholesale-market/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wholesale-market,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wholesale-market/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wholesale-market" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wholesale-market-for-woocommerce-519740287ea130c472e2b41307bc4416.yaml b/nuclei-templates/cve-less/plugins/wholesale-market-for-woocommerce-519740287ea130c472e2b41307bc4416.yaml new file mode 100644 index 0000000000..5c6e7bcab1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wholesale-market-for-woocommerce-519740287ea130c472e2b41307bc4416.yaml @@ -0,0 +1,58 @@ +id: wholesale-market-for-woocommerce-519740287ea130c472e2b41307bc4416 + +info: + name: > + Wholesale Market for WooCommerce <= 1.0.7 - Authenticated (Administrator+) Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52f820c5-d4ce-4925-a055-a7c75a320971?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wholesale-market-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/wholesale-market-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wholesale-market-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wholesale-market-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wholesale-market-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wholesale-market-for-woocommerce-cb9daa85351403585e36c2f7a51816cd.yaml b/nuclei-templates/cve-less/plugins/wholesale-market-for-woocommerce-cb9daa85351403585e36c2f7a51816cd.yaml new file mode 100644 index 0000000000..a9f4919fb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wholesale-market-for-woocommerce-cb9daa85351403585e36c2f7a51816cd.yaml @@ -0,0 +1,58 @@ +id: wholesale-market-for-woocommerce-cb9daa85351403585e36c2f7a51816cd + +info: + name: > + Wholesale Market for WooCommerce <= 1.0.6 - Unauthenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/959f7e13-ef58-4b02-a721-7bb10373aaaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wholesale-market-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/wholesale-market-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wholesale-market-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wholesale-market-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wholesale-market-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wholesale-market-for-woocommerce-f7ab3183d6a1c8faf8c7fa4cce5c285d.yaml b/nuclei-templates/cve-less/plugins/wholesale-market-for-woocommerce-f7ab3183d6a1c8faf8c7fa4cce5c285d.yaml new file mode 100644 index 0000000000..d2cc0c70df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wholesale-market-for-woocommerce-f7ab3183d6a1c8faf8c7fa4cce5c285d.yaml @@ -0,0 +1,58 @@ +id: wholesale-market-for-woocommerce-f7ab3183d6a1c8faf8c7fa4cce5c285d + +info: + name: > + Wholesale Market for WooCommerce < 2.0.0 - Authenticated (Administrator+) Arbitrary Log File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8436ba39-b236-4d76-95b6-d2bed3728d8a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wholesale-market-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/wholesale-market-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wholesale-market-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wholesale-market-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wholesale-market-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wholesalex-315c913a950b5ab55bf23c5c0352b368.yaml b/nuclei-templates/cve-less/plugins/wholesalex-315c913a950b5ab55bf23c5c0352b368.yaml new file mode 100644 index 0000000000..0c68611d0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wholesalex-315c913a950b5ab55bf23c5c0352b368.yaml @@ -0,0 +1,58 @@ +id: wholesalex-315c913a950b5ab55bf23c5c0352b368 + +info: + name: > + WholesaleX <= 1.3.2 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cf7ec81-625b-4abf-9304-256701e933ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wholesalex/" + google-query: inurl:"/wp-content/plugins/wholesalex/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wholesalex,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wholesalex/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wholesalex" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wholesalex-6923c1be5ff9c6a809243f9a5e70bfcf.yaml b/nuclei-templates/cve-less/plugins/wholesalex-6923c1be5ff9c6a809243f9a5e70bfcf.yaml new file mode 100644 index 0000000000..c3bc0428da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wholesalex-6923c1be5ff9c6a809243f9a5e70bfcf.yaml @@ -0,0 +1,58 @@ +id: wholesalex-6923c1be5ff9c6a809243f9a5e70bfcf + +info: + name: > + WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) <= 1.3.2 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4bce9d1-38b9-4c25-b5dc-fd9dedfc3ede?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wholesalex/" + google-query: inurl:"/wp-content/plugins/wholesalex/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wholesalex,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wholesalex/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wholesalex" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wholesalex-dee36755177c71d5de078f0f334f5c8c.yaml b/nuclei-templates/cve-less/plugins/wholesalex-dee36755177c71d5de078f0f334f5c8c.yaml new file mode 100644 index 0000000000..0c9d99979b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wholesalex-dee36755177c71d5de078f0f334f5c8c.yaml @@ -0,0 +1,58 @@ +id: wholesalex-dee36755177c71d5de078f0f334f5c8c + +info: + name: > + WholesaleX <= 1.3.1 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX actions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64df8260-603b-48ba-b88b-f89994dd8329?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wholesalex/" + google-query: inurl:"/wp-content/plugins/wholesalex/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wholesalex,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wholesalex/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wholesalex" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wholesalex-fcf9aaed3d1b8f79608285d878f326bc.yaml b/nuclei-templates/cve-less/plugins/wholesalex-fcf9aaed3d1b8f79608285d878f326bc.yaml new file mode 100644 index 0000000000..86af0aed53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wholesalex-fcf9aaed3d1b8f79608285d878f326bc.yaml @@ -0,0 +1,58 @@ +id: wholesalex-fcf9aaed3d1b8f79608285d878f326bc + +info: + name: > + WholesaleX <= 1.3.1 - Sensitive Information Exposure via export_users + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/710f663a-c8ff-457b-8b3f-4f6601ba321f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wholesalex/" + google-query: inurl:"/wp-content/plugins/wholesalex/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wholesalex,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wholesalex/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wholesalex" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/whydowork-adsense-13ab8a3f776049bebae928b8bd527987.yaml b/nuclei-templates/cve-less/plugins/whydowork-adsense-13ab8a3f776049bebae928b8bd527987.yaml new file mode 100644 index 0000000000..02a4444e58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/whydowork-adsense-13ab8a3f776049bebae928b8bd527987.yaml @@ -0,0 +1,58 @@ +id: whydowork-adsense-13ab8a3f776049bebae928b8bd527987 + +info: + name: > + WhyDoWork AdSense <= 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd36530d-4165-4b98-a75f-b9c88178a5b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/whydowork-adsense/" + google-query: inurl:"/wp-content/plugins/whydowork-adsense/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,whydowork-adsense,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/whydowork-adsense/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "whydowork-adsense" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/whydowork-adsense-29fe63e56224db942ac29ad8bcab73cb.yaml b/nuclei-templates/cve-less/plugins/whydowork-adsense-29fe63e56224db942ac29ad8bcab73cb.yaml new file mode 100644 index 0000000000..541958f3e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/whydowork-adsense-29fe63e56224db942ac29ad8bcab73cb.yaml @@ -0,0 +1,58 @@ +id: whydowork-adsense-29fe63e56224db942ac29ad8bcab73cb + +info: + name: > + WhyDoWork AdSense <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0719db26-da88-4bda-ae83-f489591c8128?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/whydowork-adsense/" + google-query: inurl:"/wp-content/plugins/whydowork-adsense/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,whydowork-adsense,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/whydowork-adsense/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "whydowork-adsense" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-094fc0c37d514333a53dda18143a300a.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-094fc0c37d514333a53dda18143a300a.yaml new file mode 100644 index 0000000000..1b5335ce17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-094fc0c37d514333a53dda18143a300a.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-094fc0c37d514333a53dda18143a300a + +info: + name: > + Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_sort_order + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b26604b-2423-4130-b0ef-8f63a392c760?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-0b0e708bccfb3aa959792527101f43e8.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-0b0e708bccfb3aa959792527101f43e8.yaml new file mode 100644 index 0000000000..c840a5f4aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-0b0e708bccfb3aa959792527101f43e8.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-0b0e708bccfb3aa959792527101f43e8 + +info: + name: > + Wicked Folders <= 2.18.16 - Missing Authorization on ajax_edit_folder + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ad60a11-e307-4ec9-9099-091a87ff1d3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-192adf4b1d06945fee5aacceae89bc97.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-192adf4b1d06945fee5aacceae89bc97.yaml new file mode 100644 index 0000000000..fb47aab855 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-192adf4b1d06945fee5aacceae89bc97.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-192adf4b1d06945fee5aacceae89bc97 + +info: + name: > + Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_folder_order + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4104f69f-b185-498a-aabf-2126ffb94ab3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-1ae6c66606c2f76330e0314294bf793f.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-1ae6c66606c2f76330e0314294bf793f.yaml new file mode 100644 index 0000000000..b3a1769754 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-1ae6c66606c2f76330e0314294bf793f.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-1ae6c66606c2f76330e0314294bf793f + +info: + name: > + Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_move_object + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc01108f-e781-484b-997a-c1d4e218a3f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-30f703a8acc3080fb74debd07614d86d.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-30f703a8acc3080fb74debd07614d86d.yaml new file mode 100644 index 0000000000..f816ddad79 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-30f703a8acc3080fb74debd07614d86d.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-30f703a8acc3080fb74debd07614d86d + +info: + name: > + Wicked Folders <= 2.18.16 - Missing Authorization on ajax_add_folder + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2764b360-228d-48c1-8a29-d3764e532799?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-3831d6e441ebd610665743a8c0a63dc7.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-3831d6e441ebd610665743a8c0a63dc7.yaml new file mode 100644 index 0000000000..6185744327 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-3831d6e441ebd610665743a8c0a63dc7.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-3831d6e441ebd610665743a8c0a63dc7 + +info: + name: > + Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29358ea9-21b7-4294-8fc9-0d38e689cf53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-38cfa7354fceb66defa5b11a8b1426c0.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-38cfa7354fceb66defa5b11a8b1426c0.yaml new file mode 100644 index 0000000000..eac4980277 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-38cfa7354fceb66defa5b11a8b1426c0.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-38cfa7354fceb66defa5b11a8b1426c0 + +info: + name: > + Wicked Folders <= 2.18.9 - Subscriber+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edd7f442-32a1-4ce9-bf47-96f313a8d5df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-414ea88c3052f2317af7072cb92eace3.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-414ea88c3052f2317af7072cb92eace3.yaml new file mode 100644 index 0000000000..bb1484a209 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-414ea88c3052f2317af7072cb92eace3.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-414ea88c3052f2317af7072cb92eace3 + +info: + name: > + Wicked Folders <= 2.18.16 - Missing Authorization via ajax_save_state + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c43e93-69a3-407e-860e-ab25af5d7177?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-41e14165ad1acfba7a5c854923e3ff08.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-41e14165ad1acfba7a5c854923e3ff08.yaml new file mode 100644 index 0000000000..0d39e449d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-41e14165ad1acfba7a5c854923e3ff08.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-41e14165ad1acfba7a5c854923e3ff08 + +info: + name: > + Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae8dbf54-ea62-4901-b34f-079b708ca0b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-4604c654a4b997b8c024a5034ff5a092.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-4604c654a4b997b8c024a5034ff5a092.yaml new file mode 100644 index 0000000000..b43ec050e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-4604c654a4b997b8c024a5034ff5a092.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-4604c654a4b997b8c024a5034ff5a092 + +info: + name: > + Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_unassign_folders + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e52b27fa-10e8-43d0-be29-774c2f5487ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-4d2d5a55f2e91189ca973872c711a490.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-4d2d5a55f2e91189ca973872c711a490.yaml new file mode 100644 index 0000000000..b5a5bac790 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-4d2d5a55f2e91189ca973872c711a490.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-4d2d5a55f2e91189ca973872c711a490 + +info: + name: > + Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_clone_folder + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80797183-c69f-4dce-a2e0-52a395ceffaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-5f610251a978e5acf9ae5800b76c24c6.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-5f610251a978e5acf9ae5800b76c24c6.yaml new file mode 100644 index 0000000000..35da5a622f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-5f610251a978e5acf9ae5800b76c24c6.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-5f610251a978e5acf9ae5800b76c24c6 + +info: + name: > + Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_save_folder + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43b43802-f301-4748-98b9-eea78a249355?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-68f67c3c9420931e292f3ba3431422cd.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-68f67c3c9420931e292f3ba3431422cd.yaml new file mode 100644 index 0000000000..31d8037171 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-68f67c3c9420931e292f3ba3431422cd.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-68f67c3c9420931e292f3ba3431422cd + +info: + name: > + Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_state + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/261a1bf0-a147-48c8-878e-f9b725ac74d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-84c888c9934970f66e3e629431140250.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-84c888c9934970f66e3e629431140250.yaml new file mode 100644 index 0000000000..8d55ef333c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-84c888c9934970f66e3e629431140250.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-84c888c9934970f66e3e629431140250 + +info: + name: > + Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0be428ae-40ae-4cc0-82ad-d121b6d2d27e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-893145b250531536b2c0fa0f1e330f2c.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-893145b250531536b2c0fa0f1e330f2c.yaml new file mode 100644 index 0000000000..07c6188e78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-893145b250531536b2c0fa0f1e330f2c.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-893145b250531536b2c0fa0f1e330f2c + +info: + name: > + Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3728280-3487-4cb2-8e37-f33811bc0a22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-98f5671f8000cd41848d0242c4d503d1.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-98f5671f8000cd41848d0242c4d503d1.yaml new file mode 100644 index 0000000000..f618bbaac1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-98f5671f8000cd41848d0242c4d503d1.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-98f5671f8000cd41848d0242c4d503d1 + +info: + name: > + Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c26d6de-5653-4be8-9526-39b30cb61625?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-be4129faca04d80ed9ac385cd5b2bcc3.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-be4129faca04d80ed9ac385cd5b2bcc3.yaml new file mode 100644 index 0000000000..396fc1783a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-be4129faca04d80ed9ac385cd5b2bcc3.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-be4129faca04d80ed9ac385cd5b2bcc3 + +info: + name: > + Wicked Folders <= 2.18.16 - Missing Authorization via ajax_delete_folder + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35fb658f-6ffa-4df7-bfcd-25307d89fc26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-d79b94a0512e6933bbccf753fd89114f.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-d79b94a0512e6933bbccf753fd89114f.yaml new file mode 100644 index 0000000000..65b7548a1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-d79b94a0512e6933bbccf753fd89114f.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-d79b94a0512e6933bbccf753fd89114f + +info: + name: > + Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder_order + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d392d0b-f286-44da-aa32-a08d0279baed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-de667b04628eecce001a8b74a40e92e3.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-de667b04628eecce001a8b74a40e92e3.yaml new file mode 100644 index 0000000000..d284976530 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-de667b04628eecce001a8b74a40e92e3.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-de667b04628eecce001a8b74a40e92e3 + +info: + name: > + Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_edit_folder + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51b88442-3961-42e2-8ff4-7726819a7f0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-dfd279bb4131501197e1f533c2de9f14.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-dfd279bb4131501197e1f533c2de9f14.yaml new file mode 100644 index 0000000000..245b1aa463 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-dfd279bb4131501197e1f533c2de9f14.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-dfd279bb4131501197e1f533c2de9f14 + +info: + name: > + Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_add_folder + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08c0ea6c-7e2f-482f-b30c-0e3bcd992159?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wicked-folders-e8700910e77f438a47719067618b1f42.yaml b/nuclei-templates/cve-less/plugins/wicked-folders-e8700910e77f438a47719067618b1f42.yaml new file mode 100644 index 0000000000..0b9f6ae510 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wicked-folders-e8700910e77f438a47719067618b1f42.yaml @@ -0,0 +1,58 @@ +id: wicked-folders-e8700910e77f438a47719067618b1f42 + +info: + name: > + Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62b56928-7125-4211-b233-07b5b51881c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wicked-folders/" + google-query: inurl:"/wp-content/plugins/wicked-folders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wicked-folders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wicked-folders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wicked-folders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widget-google-reviews-459b18886f45ada6d060921939e88905.yaml b/nuclei-templates/cve-less/plugins/widget-google-reviews-459b18886f45ada6d060921939e88905.yaml new file mode 100644 index 0000000000..6fa85b889d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widget-google-reviews-459b18886f45ada6d060921939e88905.yaml @@ -0,0 +1,58 @@ +id: widget-google-reviews-459b18886f45ada6d060921939e88905 + +info: + name: > + Plugin for Google Reviews <= 3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8971d54-b54e-4e62-9db2-fa87d2564599?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widget-google-reviews/" + google-query: inurl:"/wp-content/plugins/widget-google-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widget-google-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-google-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-google-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widget-google-reviews-4de563d96c4862070b39ddbeaaf2aa52.yaml b/nuclei-templates/cve-less/plugins/widget-google-reviews-4de563d96c4862070b39ddbeaaf2aa52.yaml new file mode 100644 index 0000000000..3ae72622cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widget-google-reviews-4de563d96c4862070b39ddbeaaf2aa52.yaml @@ -0,0 +1,58 @@ +id: widget-google-reviews-4de563d96c4862070b39ddbeaaf2aa52 + +info: + name: > + Plugin for Google Reviews <= 2.2.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed128ef2-0399-4daa-95f6-f5ba74281d89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widget-google-reviews/" + google-query: inurl:"/wp-content/plugins/widget-google-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widget-google-reviews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-google-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-google-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widget-google-reviews-69fd4d1a3d07810924c63e0b65d11e51.yaml b/nuclei-templates/cve-less/plugins/widget-google-reviews-69fd4d1a3d07810924c63e0b65d11e51.yaml new file mode 100644 index 0000000000..e961b37f9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widget-google-reviews-69fd4d1a3d07810924c63e0b65d11e51.yaml @@ -0,0 +1,58 @@ +id: widget-google-reviews-69fd4d1a3d07810924c63e0b65d11e51 + +info: + name: > + Plugin for Google Reviews <= 2.2.3 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75aa7541-d9d4-4526-9831-238327d0f3ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widget-google-reviews/" + google-query: inurl:"/wp-content/plugins/widget-google-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widget-google-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-google-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-google-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widget-logic-068331b2d9acf141050172c5e67910ff.yaml b/nuclei-templates/cve-less/plugins/widget-logic-068331b2d9acf141050172c5e67910ff.yaml new file mode 100644 index 0000000000..c39bbb14be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widget-logic-068331b2d9acf141050172c5e67910ff.yaml @@ -0,0 +1,58 @@ +id: widget-logic-068331b2d9acf141050172c5e67910ff + +info: + name: > + Widget Logic < 5.10.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4999de1-07b7-49ef-8897-267b836bc469?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widget-logic/" + google-query: inurl:"/wp-content/plugins/widget-logic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widget-logic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-logic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-logic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widget-post-slider-7bdd14c359e34ad7380502271a0ac656.yaml b/nuclei-templates/cve-less/plugins/widget-post-slider-7bdd14c359e34ad7380502271a0ac656.yaml new file mode 100644 index 0000000000..6075176190 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widget-post-slider-7bdd14c359e34ad7380502271a0ac656.yaml @@ -0,0 +1,58 @@ +id: widget-post-slider-7bdd14c359e34ad7380502271a0ac656 + +info: + name: > + Widget Post Slider <= 1.3.5. - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74e15c52-4245-41b0-8005-41e9ac2c2edc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widget-post-slider/" + google-query: inurl:"/wp-content/plugins/widget-post-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widget-post-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-post-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-post-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widget-settings-importexport-a5767736936a5d7db756e536a6ac0996.yaml b/nuclei-templates/cve-less/plugins/widget-settings-importexport-a5767736936a5d7db756e536a6ac0996.yaml new file mode 100644 index 0000000000..70cd715183 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widget-settings-importexport-a5767736936a5d7db756e536a6ac0996.yaml @@ -0,0 +1,58 @@ +id: widget-settings-importexport-a5767736936a5d7db756e536a6ac0996 + +info: + name: > + Widget Settings Importer/Exporter Plugin <= 1.5.3 - Unauthorized Widget Import to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e14f0fc6-fca4-4dd7-8f7b-ed5ed535c9af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widget-settings-importexport/" + google-query: inurl:"/wp-content/plugins/widget-settings-importexport/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widget-settings-importexport,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-settings-importexport/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-settings-importexport" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widget-shortcode-6ec64fa1d5347bc867f5cb9d59094e81.yaml b/nuclei-templates/cve-less/plugins/widget-shortcode-6ec64fa1d5347bc867f5cb9d59094e81.yaml new file mode 100644 index 0000000000..f00ff8dd7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widget-shortcode-6ec64fa1d5347bc867f5cb9d59094e81.yaml @@ -0,0 +1,58 @@ +id: widget-shortcode-6ec64fa1d5347bc867f5cb9d59094e81 + +info: + name: > + Widget Shortcode <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e8abfd1-6e16-4c86-b430-44cec21a5267?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widget-shortcode/" + google-query: inurl:"/wp-content/plugins/widget-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widget-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widget-twitter-b5c74375abda0734f64c322204bc8108.yaml b/nuclei-templates/cve-less/plugins/widget-twitter-b5c74375abda0734f64c322204bc8108.yaml new file mode 100644 index 0000000000..5c5188cd58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widget-twitter-b5c74375abda0734f64c322204bc8108.yaml @@ -0,0 +1,58 @@ +id: widget-twitter-b5c74375abda0734f64c322204bc8108 + +info: + name: > + WD WidgetTwitter <= 1.0.9 - Authenticated (Contributor+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86cdbfec-b1af-48ec-ae70-f97768694e44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widget-twitter/" + google-query: inurl:"/wp-content/plugins/widget-twitter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widget-twitter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widget-twitter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widget-twitter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-20b8b7b7f0087daadf58f3d74ba2a999.yaml b/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-20b8b7b7f0087daadf58f3d74ba2a999.yaml new file mode 100644 index 0000000000..4003e12bc6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-20b8b7b7f0087daadf58f3d74ba2a999.yaml @@ -0,0 +1,58 @@ +id: widgetkit-for-elementor-20b8b7b7f0087daadf58f3d74ba2a999 + +info: + name: > + All-in-One Addons for Elementor - WidgetKit <= 2.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/988f102e-08b6-4436-be03-fc37a4084ca1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgetkit-for-elementor/" + google-query: inurl:"/wp-content/plugins/widgetkit-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgetkit-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgetkit-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-85a1c6e007a9a1b0879129219d595f5f.yaml b/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-85a1c6e007a9a1b0879129219d595f5f.yaml new file mode 100644 index 0000000000..389b453b1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-85a1c6e007a9a1b0879129219d595f5f.yaml @@ -0,0 +1,58 @@ +id: widgetkit-for-elementor-85a1c6e007a9a1b0879129219d595f5f + +info: + name: > + All-in-One Addons for Elementor - WidgetKit <= 2.3.9 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/916a9d2b-0da6-494a-a3aa-5d5f4ccdd4b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgetkit-for-elementor/" + google-query: inurl:"/wp-content/plugins/widgetkit-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgetkit-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgetkit-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-bc4814d8e32bebe97767bb786c515063.yaml b/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-bc4814d8e32bebe97767bb786c515063.yaml new file mode 100644 index 0000000000..9668ed0868 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-bc4814d8e32bebe97767bb786c515063.yaml @@ -0,0 +1,58 @@ +id: widgetkit-for-elementor-bc4814d8e32bebe97767bb786c515063 + +info: + name: > + WidgetKit <= 2.5.0 - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e809cd39-7bb0-475f-a2ae-c7bc4bdba63c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgetkit-for-elementor/" + google-query: inurl:"/wp-content/plugins/widgetkit-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgetkit-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgetkit-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-f92fdb8def6ac7c07ce14435754a7ffa.yaml b/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-f92fdb8def6ac7c07ce14435754a7ffa.yaml new file mode 100644 index 0000000000..8248be2202 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgetkit-for-elementor-f92fdb8def6ac7c07ce14435754a7ffa.yaml @@ -0,0 +1,58 @@ +id: widgetkit-for-elementor-f92fdb8def6ac7c07ce14435754a7ffa + +info: + name: > + All-in-One Addons for Elementor – WidgetKit <= 2.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Widgets + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27945f52-7594-46f6-a760-2ee5dd094914?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgetkit-for-elementor/" + google-query: inurl:"/wp-content/plugins/widgetkit-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgetkit-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgetkit-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgetkit-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgets-controller-bcfdb3c82ae0485dc6fcdad4aba69c36.yaml b/nuclei-templates/cve-less/plugins/widgets-controller-bcfdb3c82ae0485dc6fcdad4aba69c36.yaml new file mode 100644 index 0000000000..aaad0aaea1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgets-controller-bcfdb3c82ae0485dc6fcdad4aba69c36.yaml @@ -0,0 +1,58 @@ +id: widgets-controller-bcfdb3c82ae0485dc6fcdad4aba69c36 + +info: + name: > + Widgets Controller <= 1.1 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1d671c-017e-454b-8aa3-86f6d396b437?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgets-controller/" + google-query: inurl:"/wp-content/plugins/widgets-controller/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgets-controller,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgets-controller/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgets-controller" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgets-for-alibaba-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/widgets-for-alibaba-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..edb3bf6fe9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgets-for-alibaba-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: widgets-for-alibaba-reviews-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgets-for-alibaba-reviews/" + google-query: inurl:"/wp-content/plugins/widgets-for-alibaba-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgets-for-alibaba-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgets-for-alibaba-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgets-for-alibaba-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgets-for-aliexpress-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/widgets-for-aliexpress-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..27a3cf8631 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgets-for-aliexpress-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: widgets-for-aliexpress-reviews-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgets-for-aliexpress-reviews/" + google-query: inurl:"/wp-content/plugins/widgets-for-aliexpress-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgets-for-aliexpress-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgets-for-aliexpress-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgets-for-aliexpress-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgets-for-ebay-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/widgets-for-ebay-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..bf715ec4e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgets-for-ebay-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: widgets-for-ebay-reviews-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgets-for-ebay-reviews/" + google-query: inurl:"/wp-content/plugins/widgets-for-ebay-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgets-for-ebay-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgets-for-ebay-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgets-for-ebay-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgets-for-sourceforge-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/widgets-for-sourceforge-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..61544e7e08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgets-for-sourceforge-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: widgets-for-sourceforge-reviews-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgets-for-sourceforge-reviews/" + google-query: inurl:"/wp-content/plugins/widgets-for-sourceforge-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgets-for-sourceforge-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgets-for-sourceforge-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgets-for-sourceforge-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgets-for-thumbtack-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/widgets-for-thumbtack-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..147c78eb68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgets-for-thumbtack-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: widgets-for-thumbtack-reviews-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgets-for-thumbtack-reviews/" + google-query: inurl:"/wp-content/plugins/widgets-for-thumbtack-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgets-for-thumbtack-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgets-for-thumbtack-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgets-for-thumbtack-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgets-for-zillow-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/widgets-for-zillow-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..993c7676a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgets-for-zillow-reviews-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: widgets-for-zillow-reviews-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgets-for-zillow-reviews/" + google-query: inurl:"/wp-content/plugins/widgets-for-zillow-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgets-for-zillow-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgets-for-zillow-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgets-for-zillow-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgets-on-pages-022d6e4b68c3750efdb62382e3088ee3.yaml b/nuclei-templates/cve-less/plugins/widgets-on-pages-022d6e4b68c3750efdb62382e3088ee3.yaml new file mode 100644 index 0000000000..eca7a67931 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgets-on-pages-022d6e4b68c3750efdb62382e3088ee3.yaml @@ -0,0 +1,58 @@ +id: widgets-on-pages-022d6e4b68c3750efdb62382e3088ee3 + +info: + name: > + Widgets on Pages <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57be3e10-6920-4ad8-b9cf-cf5a703ca373?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgets-on-pages/" + google-query: inurl:"/wp-content/plugins/widgets-on-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgets-on-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgets-on-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgets-on-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/widgetshortcode-d17eaa15397a887312aedfb1919c156f.yaml b/nuclei-templates/cve-less/plugins/widgetshortcode-d17eaa15397a887312aedfb1919c156f.yaml new file mode 100644 index 0000000000..3fdc081b4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/widgetshortcode-d17eaa15397a887312aedfb1919c156f.yaml @@ -0,0 +1,58 @@ +id: widgetshortcode-d17eaa15397a887312aedfb1919c156f + +info: + name: > + WidgetShortcode <= 0.3.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00234d96-cece-4217-89c9-1a329887e8da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/widgetshortcode/" + google-query: inurl:"/wp-content/plugins/widgetshortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,widgetshortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/widgetshortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "widgetshortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wikipop-11d411cbc5ec47f84a5a874c5f4a706d.yaml b/nuclei-templates/cve-less/plugins/wikipop-11d411cbc5ec47f84a5a874c5f4a706d.yaml new file mode 100644 index 0000000000..e66bf517ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wikipop-11d411cbc5ec47f84a5a874c5f4a706d.yaml @@ -0,0 +1,58 @@ +id: wikipop-11d411cbc5ec47f84a5a874c5f4a706d + +info: + name: > + WikiPop <= 2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dbebce4-599b-4241-aa9a-3d2486a57d52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wikipop/" + google-query: inurl:"/wp-content/plugins/wikipop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wikipop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wikipop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wikipop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/winterlock-a51f4e9f249cf27f338341ad1f220702.yaml b/nuclei-templates/cve-less/plugins/winterlock-a51f4e9f249cf27f338341ad1f220702.yaml new file mode 100644 index 0000000000..15f3682bfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/winterlock-a51f4e9f249cf27f338341ad1f220702.yaml @@ -0,0 +1,58 @@ +id: winterlock-a51f4e9f249cf27f338341ad1f220702 + +info: + name: > + WP System Log < 1.0.21 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5733a60-8078-48ed-9395-ea79b4199f7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/winterlock/" + google-query: inurl:"/wp-content/plugins/winterlock/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,winterlock,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/winterlock/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "winterlock" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wip-custom-login-41ebdf42bbd34392f33d2e300bcf1f22.yaml b/nuclei-templates/cve-less/plugins/wip-custom-login-41ebdf42bbd34392f33d2e300bcf1f22.yaml new file mode 100644 index 0000000000..6cb34b044d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wip-custom-login-41ebdf42bbd34392f33d2e300bcf1f22.yaml @@ -0,0 +1,58 @@ +id: wip-custom-login-41ebdf42bbd34392f33d2e300bcf1f22 + +info: + name: > + WIP Custom Login <= 1.2.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e41a12d-44a6-4851-b72a-ffa65bbbeb0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wip-custom-login/" + google-query: inurl:"/wp-content/plugins/wip-custom-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wip-custom-login,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wip-custom-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wip-custom-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wip-custom-login-604150a52b0430463d87d2c334416504.yaml b/nuclei-templates/cve-less/plugins/wip-custom-login-604150a52b0430463d87d2c334416504.yaml new file mode 100644 index 0000000000..ebb27f7048 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wip-custom-login-604150a52b0430463d87d2c334416504.yaml @@ -0,0 +1,58 @@ +id: wip-custom-login-604150a52b0430463d87d2c334416504 + +info: + name: > + WIP Custom Login <= 1.2.9 - Cross-Site Request Forgery via save_option + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15b93e63-5ef2-4fb1-8c6b-28fcfab8e34d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wip-custom-login/" + google-query: inurl:"/wp-content/plugins/wip-custom-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wip-custom-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wip-custom-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wip-custom-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wise-chat-6a2f9e4e8b4608d42296886211931452.yaml b/nuclei-templates/cve-less/plugins/wise-chat-6a2f9e4e8b4608d42296886211931452.yaml new file mode 100644 index 0000000000..152398aada --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wise-chat-6a2f9e4e8b4608d42296886211931452.yaml @@ -0,0 +1,58 @@ +id: wise-chat-6a2f9e4e8b4608d42296886211931452 + +info: + name: > + Wise Chat <= 2.6.3 - Reverse Tabnabbing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c46b26c7-3302-4730-915c-1882b315600c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wise-chat/" + google-query: inurl:"/wp-content/plugins/wise-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wise-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wise-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wise-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wise-chat-af5cb5e26919d347db9037fb5a77d7dd.yaml b/nuclei-templates/cve-less/plugins/wise-chat-af5cb5e26919d347db9037fb5a77d7dd.yaml new file mode 100644 index 0000000000..f361fe86b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wise-chat-af5cb5e26919d347db9037fb5a77d7dd.yaml @@ -0,0 +1,58 @@ +id: wise-chat-af5cb5e26919d347db9037fb5a77d7dd + +info: + name: > + Wise Chat <= 3.1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a9ed6f2-3def-420c-b6d5-6343fcd7b147?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wise-chat/" + google-query: inurl:"/wp-content/plugins/wise-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wise-chat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wise-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wise-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wiseagentleadform-b236dd17f6f9d64bfcd1ad06166ef939.yaml b/nuclei-templates/cve-less/plugins/wiseagentleadform-b236dd17f6f9d64bfcd1ad06166ef939.yaml new file mode 100644 index 0000000000..c4398824b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wiseagentleadform-b236dd17f6f9d64bfcd1ad06166ef939.yaml @@ -0,0 +1,58 @@ +id: wiseagentleadform-b236dd17f6f9d64bfcd1ad06166ef939 + +info: + name: > + Wise Agent Capture Forms <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c2c5b41-bc56-428f-9edc-2a8fd8212310?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wiseagentleadform/" + google-query: inurl:"/wp-content/plugins/wiseagentleadform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wiseagentleadform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wiseagentleadform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wiseagentleadform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wiser-notify-6b2cae5676cc752aa89b0a0ababa3a92.yaml b/nuclei-templates/cve-less/plugins/wiser-notify-6b2cae5676cc752aa89b0a0ababa3a92.yaml new file mode 100644 index 0000000000..292fdb37fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wiser-notify-6b2cae5676cc752aa89b0a0ababa3a92.yaml @@ -0,0 +1,58 @@ +id: wiser-notify-6b2cae5676cc752aa89b0a0ababa3a92 + +info: + name: > + WiserNotify Social Proof <= 2.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86055b1b-23a6-4e33-8818-0af58c8e6383?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wiser-notify/" + google-query: inurl:"/wp-content/plugins/wiser-notify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wiser-notify,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wiser-notify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wiser-notify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wish-wait-list-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml b/nuclei-templates/cve-less/plugins/wish-wait-list-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml new file mode 100644 index 0000000000..cb234f18b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wish-wait-list-for-woocommerce-dfec65d3ffe11067030127a9c011404a.yaml @@ -0,0 +1,58 @@ +id: wish-wait-list-for-woocommerce-dfec65d3ffe11067030127a9c011404a + +info: + name: > + BeRocket Plugins <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8fc89c0-292d-47b4-90b3-79edf3a9e76d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wish-wait-list-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/wish-wait-list-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wish-wait-list-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wish-wait-list-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wish-wait-list-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wishsuite-636baab4ac31da3f60a0d64060238890.yaml b/nuclei-templates/cve-less/plugins/wishsuite-636baab4ac31da3f60a0d64060238890.yaml new file mode 100644 index 0000000000..4e8f2e7784 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wishsuite-636baab4ac31da3f60a0d64060238890.yaml @@ -0,0 +1,58 @@ +id: wishsuite-636baab4ac31da3f60a0d64060238890 + +info: + name: > + WishSuite <= 1.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b515782a-d7ec-41a6-92f8-91823f2c0dcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wishsuite/" + google-query: inurl:"/wp-content/plugins/wishsuite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wishsuite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wishsuite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wishsuite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wishsuite-b1e2122cdc23a9d17ef80227bd4601b9.yaml b/nuclei-templates/cve-less/plugins/wishsuite-b1e2122cdc23a9d17ef80227bd4601b9.yaml new file mode 100644 index 0000000000..2eda404d8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wishsuite-b1e2122cdc23a9d17ef80227bd4601b9.yaml @@ -0,0 +1,58 @@ +id: wishsuite-b1e2122cdc23a9d17ef80227bd4601b9 + +info: + name: > + WishSuite <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7d13d78-4d3f-476a-ba67-b47d0195a1ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wishsuite/" + google-query: inurl:"/wp-content/plugins/wishsuite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wishsuite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wishsuite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wishsuite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wishsuite-cab8156a963bed782ca63418d284864e.yaml b/nuclei-templates/cve-less/plugins/wishsuite-cab8156a963bed782ca63418d284864e.yaml new file mode 100644 index 0000000000..bc8ec60379 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wishsuite-cab8156a963bed782ca63418d284864e.yaml @@ -0,0 +1,58 @@ +id: wishsuite-cab8156a963bed782ca63418d284864e + +info: + name: > + WishSuite <= 1.3.3 - Cross-Site Request Forgery via plugin_activation() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2f3fcd1-6dff-409b-b8c1-46c5485980ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wishsuite/" + google-query: inurl:"/wp-content/plugins/wishsuite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wishsuite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wishsuite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wishsuite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woc-open-close-4690da6a9cd43936031eeb63dbe5ba89.yaml b/nuclei-templates/cve-less/plugins/woc-open-close-4690da6a9cd43936031eeb63dbe5ba89.yaml new file mode 100644 index 0000000000..bce7d37be1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woc-open-close-4690da6a9cd43936031eeb63dbe5ba89.yaml @@ -0,0 +1,58 @@ +id: woc-open-close-4690da6a9cd43936031eeb63dbe5ba89 + +info: + name: > + Open Close WooCommerce Store <= 4.9.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93b5525c-a298-420d-80cd-84cb35913981?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woc-open-close/" + google-query: inurl:"/wp-content/plugins/woc-open-close/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woc-open-close,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woc-open-close/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woc-open-close" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woc-order-alert-484dd45c6c89790208a6369cc9e3257b.yaml b/nuclei-templates/cve-less/plugins/woc-order-alert-484dd45c6c89790208a6369cc9e3257b.yaml new file mode 100644 index 0000000000..86774f9f7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woc-order-alert-484dd45c6c89790208a6369cc9e3257b.yaml @@ -0,0 +1,58 @@ +id: woc-order-alert-484dd45c6c89790208a6369cc9e3257b + +info: + name: > + Order Listener for WooCommerce – Play Sounds Instantly on New Orders <= 3.2.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a2f4c83-27a6-4c50-b701-8374f21b3799?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woc-order-alert/" + google-query: inurl:"/wp-content/plugins/woc-order-alert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woc-order-alert,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woc-order-alert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woc-order-alert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wolfnet-idx-for-wordpress-b64173f040b81fec7a1fc17ca0c0ce07.yaml b/nuclei-templates/cve-less/plugins/wolfnet-idx-for-wordpress-b64173f040b81fec7a1fc17ca0c0ce07.yaml new file mode 100644 index 0000000000..64811699ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wolfnet-idx-for-wordpress-b64173f040b81fec7a1fc17ca0c0ce07.yaml @@ -0,0 +1,58 @@ +id: wolfnet-idx-for-wordpress-b64173f040b81fec7a1fc17ca0c0ce07 + +info: + name: > + WolfNet IDX for WordPress <= 1.19.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c226ca9a-8a2e-4e56-a039-96c31526a379?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wolfnet-idx-for-wordpress/" + google-query: inurl:"/wp-content/plugins/wolfnet-idx-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wolfnet-idx-for-wordpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wolfnet-idx-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wolfnet-idx-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.19.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wonderm00ns-simple-facebook-open-graph-tags-a603cc9c5e1a7b03e0366ddf1342a158.yaml b/nuclei-templates/cve-less/plugins/wonderm00ns-simple-facebook-open-graph-tags-a603cc9c5e1a7b03e0366ddf1342a158.yaml new file mode 100644 index 0000000000..84c28f8508 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wonderm00ns-simple-facebook-open-graph-tags-a603cc9c5e1a7b03e0366ddf1342a158.yaml @@ -0,0 +1,58 @@ +id: wonderm00ns-simple-facebook-open-graph-tags-a603cc9c5e1a7b03e0366ddf1342a158 + +info: + name: > + Open Graph and Twitter Card Tags < 2.2.4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27ec8f97-9b34-4737-bb45-37baf59598f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wonderm00ns-simple-facebook-open-graph-tags/" + google-query: inurl:"/wp-content/plugins/wonderm00ns-simple-facebook-open-graph-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wonderm00ns-simple-facebook-open-graph-tags,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wonderm00ns-simple-facebook-open-graph-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wonderm00ns-simple-facebook-open-graph-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wonderplugin-audio-065dcae4701acc4da94fbbf470a429a5.yaml b/nuclei-templates/cve-less/plugins/wonderplugin-audio-065dcae4701acc4da94fbbf470a429a5.yaml new file mode 100644 index 0000000000..aaec774214 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wonderplugin-audio-065dcae4701acc4da94fbbf470a429a5.yaml @@ -0,0 +1,58 @@ +id: wonderplugin-audio-065dcae4701acc4da94fbbf470a429a5 + +info: + name: > + WonderPlugin Audio Player < 2.1 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99721c3e-cddf-4709-aef9-92bb42e43f83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wonderplugin-audio/" + google-query: inurl:"/wp-content/plugins/wonderplugin-audio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wonderplugin-audio,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wonderplugin-audio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wonderplugin-audio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wonderplugin-audio-66fd05b591a1b1e766cf1d8976a2f593.yaml b/nuclei-templates/cve-less/plugins/wonderplugin-audio-66fd05b591a1b1e766cf1d8976a2f593.yaml new file mode 100644 index 0000000000..9bb1e57c60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wonderplugin-audio-66fd05b591a1b1e766cf1d8976a2f593.yaml @@ -0,0 +1,58 @@ +id: wonderplugin-audio-66fd05b591a1b1e766cf1d8976a2f593 + +info: + name: > + WonderPlugin Audio Player <= 2.0 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7fb9fd-5551-43aa-8bab-e99430a08124?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wonderplugin-audio/" + google-query: inurl:"/wp-content/plugins/wonderplugin-audio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wonderplugin-audio,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wonderplugin-audio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wonderplugin-audio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wonderplugin-pdf-embed-4fd129ac95b2130cc2038525d8a627da.yaml b/nuclei-templates/cve-less/plugins/wonderplugin-pdf-embed-4fd129ac95b2130cc2038525d8a627da.yaml new file mode 100644 index 0000000000..d8ad3a399e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wonderplugin-pdf-embed-4fd129ac95b2130cc2038525d8a627da.yaml @@ -0,0 +1,58 @@ +id: wonderplugin-pdf-embed-4fd129ac95b2130cc2038525d8a627da + +info: + name: > + Wonder PDF Embed <= 1.6 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d8331ce-666d-4d5a-b9cd-08562e3eea43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wonderplugin-pdf-embed/" + google-query: inurl:"/wp-content/plugins/wonderplugin-pdf-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wonderplugin-pdf-embed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wonderplugin-pdf-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wonderplugin-pdf-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wonderplugin-slider-lite-e6c6234529a7a371a2050a65eda4af25.yaml b/nuclei-templates/cve-less/plugins/wonderplugin-slider-lite-e6c6234529a7a371a2050a65eda4af25.yaml new file mode 100644 index 0000000000..8c9ed529a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wonderplugin-slider-lite-e6c6234529a7a371a2050a65eda4af25.yaml @@ -0,0 +1,58 @@ +id: wonderplugin-slider-lite-e6c6234529a7a371a2050a65eda4af25 + +info: + name: > + Wonder Slider Lite <= 13.9 - Reflected Cross-Site Scripting via 'page' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/712d2d8b-2103-4262-807e-bb26cabb771c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wonderplugin-slider-lite/" + google-query: inurl:"/wp-content/plugins/wonderplugin-slider-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wonderplugin-slider-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wonderplugin-slider-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wonderplugin-slider-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wonderplugin-video-embed-da919374ddf5731e45e304b65e085880.yaml b/nuclei-templates/cve-less/plugins/wonderplugin-video-embed-da919374ddf5731e45e304b65e085880.yaml new file mode 100644 index 0000000000..4f79ea301c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wonderplugin-video-embed-da919374ddf5731e45e304b65e085880.yaml @@ -0,0 +1,58 @@ +id: wonderplugin-video-embed-da919374ddf5731e45e304b65e085880 + +info: + name: > + Wonder Video Embed <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c232ddc0-35e8-42e0-8fff-831c74457615?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wonderplugin-video-embed/" + google-query: inurl:"/wp-content/plugins/wonderplugin-video-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wonderplugin-video-embed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wonderplugin-video-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wonderplugin-video-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-abandoned-cart-recovery-919e97db9044ec7b244c9151671a753a.yaml b/nuclei-templates/cve-less/plugins/woo-abandoned-cart-recovery-919e97db9044ec7b244c9151671a753a.yaml new file mode 100644 index 0000000000..caa2b0ee53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-abandoned-cart-recovery-919e97db9044ec7b244c9151671a753a.yaml @@ -0,0 +1,58 @@ +id: woo-abandoned-cart-recovery-919e97db9044ec7b244c9151671a753a + +info: + name: > + Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45b627f9-e7c6-4bf6-b1c7-d607f3e083f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-abandoned-cart-recovery/" + google-query: inurl:"/wp-content/plugins/woo-abandoned-cart-recovery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-abandoned-cart-recovery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-abandoned-cart-recovery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-abandoned-cart-recovery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-add-to-cart-text-change-e6dc5c65c5e3da715fdfcb77e5293453.yaml b/nuclei-templates/cve-less/plugins/woo-add-to-cart-text-change-e6dc5c65c5e3da715fdfcb77e5293453.yaml new file mode 100644 index 0000000000..4e0a96ea54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-add-to-cart-text-change-e6dc5c65c5e3da715fdfcb77e5293453.yaml @@ -0,0 +1,58 @@ +id: woo-add-to-cart-text-change-e6dc5c65c5e3da715fdfcb77e5293453 + +info: + name: > + Add to Cart Text Changer and Customize Button, Add Custom Icon <= 2.0 - Cross-Site Request Forgery via wactc_text_form + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4470c03-64fc-46d9-b224-de5a3149c3d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-add-to-cart-text-change/" + google-query: inurl:"/wp-content/plugins/woo-add-to-cart-text-change/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-add-to-cart-text-change,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-add-to-cart-text-change/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-add-to-cart-text-change" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-address-book-35ff0530e249316fdf7a2ba6a6ea24d8.yaml b/nuclei-templates/cve-less/plugins/woo-address-book-35ff0530e249316fdf7a2ba6a6ea24d8.yaml new file mode 100644 index 0000000000..b33d7cc414 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-address-book-35ff0530e249316fdf7a2ba6a6ea24d8.yaml @@ -0,0 +1,58 @@ +id: woo-address-book-35ff0530e249316fdf7a2ba6a6ea24d8 + +info: + name: > + WooCommerce Address Book < 1.6.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/642b589d-cb4b-46a0-b9f3-fad8b26bba0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-address-book/" + google-query: inurl:"/wp-content/plugins/woo-address-book/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-address-book,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-address-book/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-address-book" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-advance-search-c0b1d947b4291937f57429344da7ac74.yaml b/nuclei-templates/cve-less/plugins/woo-advance-search-c0b1d947b4291937f57429344da7ac74.yaml new file mode 100644 index 0000000000..1508fd0907 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-advance-search-c0b1d947b4291937f57429344da7ac74.yaml @@ -0,0 +1,58 @@ +id: woo-advance-search-c0b1d947b4291937f57429344da7ac74 + +info: + name: > + Advance Search for WooCommerce < 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e46732ac-1aa4-434d-8c49-7ed065bc907b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-advance-search/" + google-query: inurl:"/wp-content/plugins/woo-advance-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-advance-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-advance-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-advance-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-advance-search-cd59c1c91da7bd7850f2d8eefef7525f.yaml b/nuclei-templates/cve-less/plugins/woo-advance-search-cd59c1c91da7bd7850f2d8eefef7525f.yaml new file mode 100644 index 0000000000..81acc2901f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-advance-search-cd59c1c91da7bd7850f2d8eefef7525f.yaml @@ -0,0 +1,58 @@ +id: woo-advance-search-cd59c1c91da7bd7850f2d8eefef7525f + +info: + name: > + Advance Search for WooCommerce <= 1.0.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/236dd639-7f05-4fe8-bb81-5d023ebe7962?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-advance-search/" + google-query: inurl:"/wp-content/plugins/woo-advance-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-advance-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-advance-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-advance-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-advanced-sales-report-email-1a3d5e6e024266b84857a352fd89d5d4.yaml b/nuclei-templates/cve-less/plugins/woo-advanced-sales-report-email-1a3d5e6e024266b84857a352fd89d5d4.yaml new file mode 100644 index 0000000000..e0feee1aa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-advanced-sales-report-email-1a3d5e6e024266b84857a352fd89d5d4.yaml @@ -0,0 +1,58 @@ +id: woo-advanced-sales-report-email-1a3d5e6e024266b84857a352fd89d5d4 + +info: + name: > + Sales Report Email for WooCommerce <= 2.8.0 - Missing Authorization for Email Functionality + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8befbf2-0d9d-4d0e-87de-0f1b26c0acd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-advanced-sales-report-email/" + google-query: inurl:"/wp-content/plugins/woo-advanced-sales-report-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-advanced-sales-report-email,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-advanced-sales-report-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-advanced-sales-report-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-advanced-shipment-tracking-7d0205a12fc304106a260b15c9e203c3.yaml b/nuclei-templates/cve-less/plugins/woo-advanced-shipment-tracking-7d0205a12fc304106a260b15c9e203c3.yaml new file mode 100644 index 0000000000..99459e8e4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-advanced-shipment-tracking-7d0205a12fc304106a260b15c9e203c3.yaml @@ -0,0 +1,58 @@ +id: woo-advanced-shipment-tracking-7d0205a12fc304106a260b15c9e203c3 + +info: + name: > + Advanced Shipment Tracking for WooCommerce <= 3.5.2 - Cross-Site Request Forgery via paginate_shipping_provider_list and filter_shipping_provider_list + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b55a80ed-5e27-4087-a792-e78066a41399?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-advanced-shipment-tracking/" + google-query: inurl:"/wp-content/plugins/woo-advanced-shipment-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-advanced-shipment-tracking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-advanced-shipment-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-advanced-shipment-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-advanced-shipment-tracking-c176f376f5ace8dd8c28eea850150499.yaml b/nuclei-templates/cve-less/plugins/woo-advanced-shipment-tracking-c176f376f5ace8dd8c28eea850150499.yaml new file mode 100644 index 0000000000..9ec81c8209 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-advanced-shipment-tracking-c176f376f5ace8dd8c28eea850150499.yaml @@ -0,0 +1,58 @@ +id: woo-advanced-shipment-tracking-c176f376f5ace8dd8c28eea850150499 + +info: + name: > + Advanced Shipment Tracking for WooCommerce <= 3.2.6 - Authenticated WordPress Options Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4174b47a-75d0-4ada-bd4d-efbaf0b1a049?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-advanced-shipment-tracking/" + google-query: inurl:"/wp-content/plugins/woo-advanced-shipment-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-advanced-shipment-tracking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-advanced-shipment-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-advanced-shipment-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-alidropship-321cda5857ad757ce4e9e189c0e44351.yaml b/nuclei-templates/cve-less/plugins/woo-alidropship-321cda5857ad757ce4e9e189c0e44351.yaml new file mode 100644 index 0000000000..fd7647afdf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-alidropship-321cda5857ad757ce4e9e189c0e44351.yaml @@ -0,0 +1,58 @@ +id: woo-alidropship-321cda5857ad757ce4e9e189c0e44351 + +info: + name: > + ALD Dropping and Fulfillment for AliExpress and WooCommerce <= 1.0.21 - Cross-Site Request Forgery to Order Information Disclosure + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4352b2dc-d2a7-4cc9-a44f-1f5be46e2482?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-alidropship/" + google-query: inurl:"/wp-content/plugins/woo-alidropship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-alidropship,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-alidropship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-alidropship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-aliexpress-dropshipping-665a15eb3c74a6909c9a809b40156100.yaml b/nuclei-templates/cve-less/plugins/woo-aliexpress-dropshipping-665a15eb3c74a6909c9a809b40156100.yaml new file mode 100644 index 0000000000..7bf500c459 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-aliexpress-dropshipping-665a15eb3c74a6909c9a809b40156100.yaml @@ -0,0 +1,58 @@ +id: woo-aliexpress-dropshipping-665a15eb3c74a6909c9a809b40156100 + +info: + name: > + Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.1 - Unauthenticated Arbitrary Content Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02d994b7-2891-47d0-92d3-c33c4eac54f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-aliexpress-dropshipping/" + google-query: inurl:"/wp-content/plugins/woo-aliexpress-dropshipping/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-aliexpress-dropshipping,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-aliexpress-dropshipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-aliexpress-dropshipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-aliexpress-dropshipping-b53f2739c791cac0974587f72b226309.yaml b/nuclei-templates/cve-less/plugins/woo-aliexpress-dropshipping-b53f2739c791cac0974587f72b226309.yaml new file mode 100644 index 0000000000..e25af646d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-aliexpress-dropshipping-b53f2739c791cac0974587f72b226309.yaml @@ -0,0 +1,58 @@ +id: woo-aliexpress-dropshipping-b53f2739c791cac0974587f72b226309 + +info: + name: > + Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy <= 2.1.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbc7e515-c712-4a39-a0f7-c3f646083060?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-aliexpress-dropshipping/" + google-query: inurl:"/wp-content/plugins/woo-aliexpress-dropshipping/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-aliexpress-dropshipping,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-aliexpress-dropshipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-aliexpress-dropshipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-altcoin-payment-gateway-30b073e9b1352950780f07d63c18b80e.yaml b/nuclei-templates/cve-less/plugins/woo-altcoin-payment-gateway-30b073e9b1352950780f07d63c18b80e.yaml new file mode 100644 index 0000000000..9219150746 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-altcoin-payment-gateway-30b073e9b1352950780f07d63c18b80e.yaml @@ -0,0 +1,58 @@ +id: woo-altcoin-payment-gateway-30b073e9b1352950780f07d63c18b80e + +info: + name: > + Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop <= 1.6.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/626ea1f2-df66-4903-9cbe-7186cf62291b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-altcoin-payment-gateway/" + google-query: inurl:"/wp-content/plugins/woo-altcoin-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-altcoin-payment-gateway,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-altcoin-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-altcoin-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-altcoin-payment-gateway-fa3a0e16158897f1a5622777bde0d373.yaml b/nuclei-templates/cve-less/plugins/woo-altcoin-payment-gateway-fa3a0e16158897f1a5622777bde0d373.yaml new file mode 100644 index 0000000000..8588b9b618 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-altcoin-payment-gateway-fa3a0e16158897f1a5622777bde0d373.yaml @@ -0,0 +1,58 @@ +id: woo-altcoin-payment-gateway-fa3a0e16158897f1a5622777bde0d373 + +info: + name: > + Bitcoin / AltCoin Payment Gateway for WooCommerce <= 1.7.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4e1315b-31e5-428c-9a48-6185b4eeb2fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-altcoin-payment-gateway/" + google-query: inurl:"/wp-content/plugins/woo-altcoin-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-altcoin-payment-gateway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-altcoin-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-altcoin-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-availability-date-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/woo-availability-date-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..39b23c2d00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-availability-date-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: woo-availability-date-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-availability-date/" + google-query: inurl:"/wp-content/plugins/woo-availability-date/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-availability-date,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-availability-date/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-availability-date" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-billingo-plus-ed2236ee570598966dd60e4e75f31def.yaml b/nuclei-templates/cve-less/plugins/woo-billingo-plus-ed2236ee570598966dd60e4e75f31def.yaml new file mode 100644 index 0000000000..61ebb273f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-billingo-plus-ed2236ee570598966dd60e4e75f31def.yaml @@ -0,0 +1,58 @@ +id: woo-billingo-plus-ed2236ee570598966dd60e4e75f31def + +info: + name: > + Multiple Plugins from Viszt Peter - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f70a2a58-d9b8-456d-ae4f-9c60b3d6b8a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-billingo-plus/" + google-query: inurl:"/wp-content/plugins/woo-billingo-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-billingo-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-billingo-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-billingo-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers-6028c54ef4ac7396964867f4a36d1c6f.yaml b/nuclei-templates/cve-less/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers-6028c54ef4ac7396964867f4a36d1c6f.yaml new file mode 100644 index 0000000000..cf8e1202a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers-6028c54ef4ac7396964867f4a36d1c6f.yaml @@ -0,0 +1,58 @@ +id: woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers-6028c54ef4ac7396964867f4a36d1c6f + +info: + name: > + Woocommerce Blocker Lite <= 2.1.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4f84b2a-2674-42a1-9db1-d9c1f3db2376?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/" + google-query: inurl:"/wp-content/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-blocker-lite-prevent-fake-orders-and-blacklist-fraud-customers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bookings-calendar-beebd9357e523ac8ce9429685a86283c.yaml b/nuclei-templates/cve-less/plugins/woo-bookings-calendar-beebd9357e523ac8ce9429685a86283c.yaml new file mode 100644 index 0000000000..4a7ca34cb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bookings-calendar-beebd9357e523ac8ce9429685a86283c.yaml @@ -0,0 +1,58 @@ +id: woo-bookings-calendar-beebd9357e523ac8ce9429685a86283c + +info: + name: > + WooCommerce Bookings Calendar <= 1.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6aff1ea6-c6d2-4195-899b-3a038b73a7f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bookings-calendar/" + google-query: inurl:"/wp-content/plugins/woo-bookings-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bookings-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bookings-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bookings-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bought-together-75a6b15f48d4510d78d2b82a83179681.yaml b/nuclei-templates/cve-less/plugins/woo-bought-together-75a6b15f48d4510d78d2b82a83179681.yaml new file mode 100644 index 0000000000..ad95ce9f67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bought-together-75a6b15f48d4510d78d2b82a83179681.yaml @@ -0,0 +1,58 @@ +id: woo-bought-together-75a6b15f48d4510d78d2b82a83179681 + +info: + name: > + WPC Frequently Bought Together for WooCommerce <= 7.0.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2e98359-6b38-4132-9699-a0180813bff3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bought-together/" + google-query: inurl:"/wp-content/plugins/woo-bought-together/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bought-together,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bought-together/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bought-together" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-0d7505c66909a7f3ed3a00f6a96e3574.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-0d7505c66909a7f3ed3a00f6a96e3574.yaml new file mode 100644 index 0000000000..a4627fc31b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-0d7505c66909a7f3ed3a00f6a96e3574.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-0d7505c66909a7f3ed3a00f6a96e3574 + +info: + name: > + BEAR <= 1.1.3.1 - Cross-Site Request Forgery via Multiple Functions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7e3818c-883f-4633-a460-a8c0446edffc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-1a98182627ada5df6f3381c144225d78.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-1a98182627ada5df6f3381c144225d78.yaml new file mode 100644 index 0000000000..d8a19e4761 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-1a98182627ada5df6f3381c144225d78.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-1a98182627ada5df6f3381c144225d78 + +info: + name: > + BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c42f56a2-b9f9-40ef-86ad-fea6cf2e29f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-279b072b9f314efe6eaa0526f843e1e3.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-279b072b9f314efe6eaa0526f843e1e3.yaml new file mode 100644 index 0000000000..cf46410cbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-279b072b9f314efe6eaa0526f843e1e3.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-279b072b9f314efe6eaa0526f843e1e3 + +info: + name: > + BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58d25eeb-b12c-4850-8308-eaa30982b5a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-2c64ec746b7e41f305498188d926d390.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-2c64ec746b7e41f305498188d926d390.yaml new file mode 100644 index 0000000000..e6585707a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-2c64ec746b7e41f305498188d926d390.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-2c64ec746b7e41f305498188d926d390 + +info: + name: > + BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26d8b75b-befa-4c6a-b072-0da44e437174?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-3174ef274fa543dfe91589efb1d4f079.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-3174ef274fa543dfe91589efb1d4f079.yaml new file mode 100644 index 0000000000..ce7da1d0cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-3174ef274fa543dfe91589efb1d4f079.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-3174ef274fa543dfe91589efb1d4f079 + +info: + name: > + BEAR <= 1.1.4.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2df8570b-c1a2-4a1b-b4d4-fe7a75eb05b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-31c3ed011ea62ab6b0c75e066a9aedba.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-31c3ed011ea62ab6b0c75e066a9aedba.yaml new file mode 100644 index 0000000000..71f87f4033 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-31c3ed011ea62ab6b0c75e066a9aedba.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-31c3ed011ea62ab6b0c75e066a9aedba + +info: + name: > + BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab633506-63a1-4be1-b402-c7f0bcc4ea7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-40d6fd2347c9fdc44764f85da9bdf3cd.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-40d6fd2347c9fdc44764f85da9bdf3cd.yaml new file mode 100644 index 0000000000..cca948eba7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-40d6fd2347c9fdc44764f85da9bdf3cd.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-40d6fd2347c9fdc44764f85da9bdf3cd + +info: + name: > + BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f14b0b9-6ccd-4f53-b015-e8537127b909?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-4c865f41093e5024a99224cc98999126.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-4c865f41093e5024a99224cc98999126.yaml new file mode 100644 index 0000000000..9b01d33ff5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-4c865f41093e5024a99224cc98999126.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-4c865f41093e5024a99224cc98999126 + +info: + name: > + BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a4db03d-ec40-4145-aa95-fee78bda5205?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-8717d29877e2716945b774b8b7bdcce3.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-8717d29877e2716945b774b8b7bdcce3.yaml new file mode 100644 index 0000000000..750d3f40ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-8717d29877e2716945b774b8b7bdcce3.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-8717d29877e2716945b774b8b7bdcce3 + +info: + name: > + BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c045b31f-b4d6-470e-8f93-36eb70bb75f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-a16906c099275dafdc8327b1b913b90b.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-a16906c099275dafdc8327b1b913b90b.yaml new file mode 100644 index 0000000000..f388d312d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-a16906c099275dafdc8327b1b913b90b.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-a16906c099275dafdc8327b1b913b90b + +info: + name: > + BEAR <= 1.1.4 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Plugin Options + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32682598-ad1c-4aa1-bdf2-a7966a4d1dbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-ad48b0930ccb8ba605ddc4459d92eb83.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-ad48b0930ccb8ba605ddc4459d92eb83.yaml new file mode 100644 index 0000000000..c18a9362cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-ad48b0930ccb8ba605ddc4459d92eb83.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-ad48b0930ccb8ba605ddc4459d92eb83 + +info: + name: > + BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31c5e524-ef4d-48c7-baa0-595f8060a167?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-b5f79719a2f0199ef2281b12f3375388.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-b5f79719a2f0199ef2281b12f3375388.yaml new file mode 100644 index 0000000000..9a190ce272 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-b5f79719a2f0199ef2281b12f3375388.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-b5f79719a2f0199ef2281b12f3375388 + +info: + name: > + BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc20f303-cac3-4517-9c45-153c410a13af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-b9712f471d4d13ca925287df646b0e0b.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-b9712f471d4d13ca925287df646b0e0b.yaml new file mode 100644 index 0000000000..470d5a1fda --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-b9712f471d4d13ca925287df646b0e0b.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-b9712f471d4d13ca925287df646b0e0b + +info: + name: > + BEAR <= 1.1.4 - Missing Authorization via Several Functions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/411b7889-c2c6-48cb-967d-091585705e17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-bfb67ddb86bdaa0fb13f07ddf26fc0aa.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-bfb67ddb86bdaa0fb13f07ddf26fc0aa.yaml new file mode 100644 index 0000000000..525442eb05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-bfb67ddb86bdaa0fb13f07ddf26fc0aa.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-bfb67ddb86bdaa0fb13f07ddf26fc0aa + +info: + name: > + BEAR <= 1.1.4.1 & WOLF <= 1.0.8.1 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12188a74-b1a6-4aa4-88b4-2d0d0dd32916?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-c7c8e86fe8e5b4d368e1042cf3070ec8.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-c7c8e86fe8e5b4d368e1042cf3070ec8.yaml new file mode 100644 index 0000000000..cbcbd303a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-c7c8e86fe8e5b4d368e1042cf3070ec8.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-c7c8e86fe8e5b4d368e1042cf3070ec8 + +info: + name: > + BEAR <= 1.1.3.3 - Missing Authorization to Product Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dfd0246-4265-4dde-8a1e-18b7042eae74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-de9fc871b36bb1f0c6b5f7fa879cfa84.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-de9fc871b36bb1f0c6b5f7fa879cfa84.yaml new file mode 100644 index 0000000000..6db8697784 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-de9fc871b36bb1f0c6b5f7fa879cfa84.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-de9fc871b36bb1f0c6b5f7fa879cfa84 + +info: + name: > + BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product Manipulation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40bf51bf-efb2-4504-815b-4681d1078f77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-df6b45b19424e9077c2131a407f92c61.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-df6b45b19424e9077c2131a407f92c61.yaml new file mode 100644 index 0000000000..5ea24e5c8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-df6b45b19424e9077c2131a407f92c61.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-df6b45b19424e9077c2131a407f92c61 + +info: + name: > + BEAR <= 1.1.3.3 - Missing Authorization to Product Manipulation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d10475f-83dd-4e59-83e4-aeaa72a22b96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-editor-f064b3d43557a2b70b82cf2abcbc206d.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-editor-f064b3d43557a2b70b82cf2abcbc206d.yaml new file mode 100644 index 0000000000..df5f338b40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-editor-f064b3d43557a2b70b82cf2abcbc206d.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-editor-f064b3d43557a2b70b82cf2abcbc206d + +info: + name: > + BEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile Creation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/639f3941-7783-4500-aca4-5e8155db6460?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-editor/" + google-query: inurl:"/wp-content/plugins/woo-bulk-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-bulk-price-update-9bae62947b00cd1f996b54815106f5ed.yaml b/nuclei-templates/cve-less/plugins/woo-bulk-price-update-9bae62947b00cd1f996b54815106f5ed.yaml new file mode 100644 index 0000000000..426db711fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-bulk-price-update-9bae62947b00cd1f996b54815106f5ed.yaml @@ -0,0 +1,58 @@ +id: woo-bulk-price-update-9bae62947b00cd1f996b54815106f5ed + +info: + name: > + Bulk Price Update for Woocommerce <= 2.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc3af81e-7fa3-43a0-a403-87a042253632?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-bulk-price-update/" + google-query: inurl:"/wp-content/plugins/woo-bulk-price-update/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-bulk-price-update,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-bulk-price-update/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-bulk-price-update" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-cart-abandonment-recovery-2cb72da676dcd5a807c86a857bed18a6.yaml b/nuclei-templates/cve-less/plugins/woo-cart-abandonment-recovery-2cb72da676dcd5a807c86a857bed18a6.yaml new file mode 100644 index 0000000000..4d467b48b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-cart-abandonment-recovery-2cb72da676dcd5a807c86a857bed18a6.yaml @@ -0,0 +1,58 @@ +id: woo-cart-abandonment-recovery-2cb72da676dcd5a807c86a857bed18a6 + +info: + name: > + WooCommerce Cart Abandonment Recovery <= 1.2.26 - Cross-Site Request Forgery to Templates/Abandoned Orders Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a466c8f-835d-4d37-a273-7b5689dfbcea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-cart-abandonment-recovery/" + google-query: inurl:"/wp-content/plugins/woo-cart-abandonment-recovery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-cart-abandonment-recovery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-cart-abandonment-recovery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-cart-abandonment-recovery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-cart-all-in-one-b8b7b83ec8db40ca0658077a3631988b.yaml b/nuclei-templates/cve-less/plugins/woo-cart-all-in-one-b8b7b83ec8db40ca0658077a3631988b.yaml new file mode 100644 index 0000000000..ef4584c447 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-cart-all-in-one-b8b7b83ec8db40ca0658077a3631988b.yaml @@ -0,0 +1,58 @@ +id: woo-cart-all-in-one-b8b7b83ec8db40ca0658077a3631988b + +info: + name: > + Cart All In One For WooCommerce <= 1.1.10 - Cross-Site Request Forgery to Cart Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d5d2217-306c-4ea2-9727-5c02f7d67c2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-cart-all-in-one/" + google-query: inurl:"/wp-content/plugins/woo-cart-all-in-one/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-cart-all-in-one,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-cart-all-in-one/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-cart-all-in-one" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-category-slider-by-pluginever-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/woo-category-slider-by-pluginever-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..4671c4186c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-category-slider-by-pluginever-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: woo-category-slider-by-pluginever-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-category-slider-by-pluginever/" + google-query: inurl:"/wp-content/plugins/woo-category-slider-by-pluginever/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-category-slider-by-pluginever,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-category-slider-by-pluginever/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-category-slider-by-pluginever" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-category-slider-grid-9d69b5dedc1dea8d291f6cedb75f3be2.yaml b/nuclei-templates/cve-less/plugins/woo-category-slider-grid-9d69b5dedc1dea8d291f6cedb75f3be2.yaml new file mode 100644 index 0000000000..7c07699d49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-category-slider-grid-9d69b5dedc1dea8d291f6cedb75f3be2.yaml @@ -0,0 +1,58 @@ +id: woo-category-slider-grid-9d69b5dedc1dea8d291f6cedb75f3be2 + +info: + name: > + Category Slider for WooCommerce <= 1.4.15 - Missing Authorization via notice dismissal functionality + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab1bd64b-8575-4ab4-bca5-8d5ce6f476d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-category-slider-grid/" + google-query: inurl:"/wp-content/plugins/woo-category-slider-grid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-category-slider-grid,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-category-slider-grid/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-category-slider-grid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-checkout-field-editor-pro-d8db32c50c0bea30a973b5af0530e9fa.yaml b/nuclei-templates/cve-less/plugins/woo-checkout-field-editor-pro-d8db32c50c0bea30a973b5af0530e9fa.yaml new file mode 100644 index 0000000000..bd6ede5611 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-checkout-field-editor-pro-d8db32c50c0bea30a973b5af0530e9fa.yaml @@ -0,0 +1,58 @@ +id: woo-checkout-field-editor-pro-d8db32c50c0bea30a973b5af0530e9fa + +info: + name: > + Checkout Field Editor <= 1.7.2 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a176f206-eb96-4902-8355-eec3c9ff6809?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-checkout-field-editor-pro/" + google-query: inurl:"/wp-content/plugins/woo-checkout-field-editor-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-checkout-field-editor-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-checkout-field-editor-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-checkout-field-editor-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-checkout-for-digital-goods-d6e20ffc56fbb7647d56a679f340333c.yaml b/nuclei-templates/cve-less/plugins/woo-checkout-for-digital-goods-d6e20ffc56fbb7647d56a679f340333c.yaml new file mode 100644 index 0000000000..3eea11448d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-checkout-for-digital-goods-d6e20ffc56fbb7647d56a679f340333c.yaml @@ -0,0 +1,58 @@ +id: woo-checkout-for-digital-goods-d6e20ffc56fbb7647d56a679f340333c + +info: + name: > + Digital Goods < 2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/601ad4f3-2160-4af6-b3d5-c2af52746aab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-checkout-for-digital-goods/" + google-query: inurl:"/wp-content/plugins/woo-checkout-for-digital-goods/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-checkout-for-digital-goods,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-checkout-for-digital-goods/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-checkout-for-digital-goods" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-checkout-regsiter-field-editor-f717a47fafca36f7d936ae0544056836.yaml b/nuclei-templates/cve-less/plugins/woo-checkout-regsiter-field-editor-f717a47fafca36f7d936ae0544056836.yaml new file mode 100644 index 0000000000..b9fee0cb25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-checkout-regsiter-field-editor-f717a47fafca36f7d936ae0544056836.yaml @@ -0,0 +1,58 @@ +id: woo-checkout-regsiter-field-editor-f717a47fafca36f7d936ae0544056836 + +info: + name: > + WooCommerce Checkout Field Editor (Checkout Manager) <= 2.1.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f99d8b5-e71d-4b40-8223-f0e53b9dd84f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-checkout-regsiter-field-editor/" + google-query: inurl:"/wp-content/plugins/woo-checkout-regsiter-field-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-checkout-regsiter-field-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-checkout-regsiter-field-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-checkout-regsiter-field-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-clover-gateway-by-zaytech-bfd48818a8f8d2ed09939883a8a76d0e.yaml b/nuclei-templates/cve-less/plugins/woo-clover-gateway-by-zaytech-bfd48818a8f8d2ed09939883a8a76d0e.yaml new file mode 100644 index 0000000000..e9cd95610c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-clover-gateway-by-zaytech-bfd48818a8f8d2ed09939883a8a76d0e.yaml @@ -0,0 +1,58 @@ +id: woo-clover-gateway-by-zaytech-bfd48818a8f8d2ed09939883a8a76d0e + +info: + name: > + WooCommerce Clover Payment Gateway <= 1.3.1 - Missing Authorization via callback_handler + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57aacffa-0f49-4a33-ae40-d1c151363284?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-clover-gateway-by-zaytech/" + google-query: inurl:"/wp-content/plugins/woo-clover-gateway-by-zaytech/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-clover-gateway-by-zaytech,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-clover-gateway-by-zaytech/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-clover-gateway-by-zaytech" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-conditional-discount-rules-for-checkout-74ac9426139c38e6a637e2d13087eef0.yaml b/nuclei-templates/cve-less/plugins/woo-conditional-discount-rules-for-checkout-74ac9426139c38e6a637e2d13087eef0.yaml new file mode 100644 index 0000000000..b7697efd39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-conditional-discount-rules-for-checkout-74ac9426139c38e6a637e2d13087eef0.yaml @@ -0,0 +1,58 @@ +id: woo-conditional-discount-rules-for-checkout-74ac9426139c38e6a637e2d13087eef0 + +info: + name: > + WooCommerce Dynamic Pricing and Discount Rules <= 2.4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d624f234-c57a-4a66-900d-362194a79d34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-conditional-discount-rules-for-checkout/" + google-query: inurl:"/wp-content/plugins/woo-conditional-discount-rules-for-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-conditional-discount-rules-for-checkout,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-conditional-discount-rules-for-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-conditional-discount-rules-for-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-confirmation-email-1d7d1acaaeae708601e11c980ce64351.yaml b/nuclei-templates/cve-less/plugins/woo-confirmation-email-1d7d1acaaeae708601e11c980ce64351.yaml new file mode 100644 index 0000000000..1e17282324 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-confirmation-email-1d7d1acaaeae708601e11c980ce64351.yaml @@ -0,0 +1,58 @@ +id: woo-confirmation-email-1d7d1acaaeae708601e11c980ce64351 + +info: + name: > + User Email Verification for WooCommerce <= 3.5.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/282ef0bb-4db5-4b07-9aad-b128e8fdb915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-confirmation-email/" + google-query: inurl:"/wp-content/plugins/woo-confirmation-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-confirmation-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-confirmation-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-confirmation-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-confirmation-email-20bfb39c28e57afafa73126a681ef707.yaml b/nuclei-templates/cve-less/plugins/woo-confirmation-email-20bfb39c28e57afafa73126a681ef707.yaml new file mode 100644 index 0000000000..4c43093789 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-confirmation-email-20bfb39c28e57afafa73126a681ef707.yaml @@ -0,0 +1,58 @@ +id: woo-confirmation-email-20bfb39c28e57afafa73126a681ef707 + +info: + name: > + User Email Verification for WooCommerce <= 3.5.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1e31357-7fbc-414b-a4f4-53fa5f2fc715?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-confirmation-email/" + google-query: inurl:"/wp-content/plugins/woo-confirmation-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-confirmation-email,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-confirmation-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-confirmation-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-confirmation-email-b62e00bc83e523a8ff2af72e62215cf4.yaml b/nuclei-templates/cve-less/plugins/woo-confirmation-email-b62e00bc83e523a8ff2af72e62215cf4.yaml new file mode 100644 index 0000000000..5aa391ce44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-confirmation-email-b62e00bc83e523a8ff2af72e62215cf4.yaml @@ -0,0 +1,58 @@ +id: woo-confirmation-email-b62e00bc83e523a8ff2af72e62215cf4 + +info: + name: > + Woo Confirmation Email < 3.2.0 - Improper Access Control + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fccfe581-16aa-4a6e-a6aa-60c05e4d26cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-confirmation-email/" + google-query: inurl:"/wp-content/plugins/woo-confirmation-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-confirmation-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-confirmation-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-confirmation-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-coupon-usage-929f7bccf6d99dcdb90fbc58af16ac0f.yaml b/nuclei-templates/cve-less/plugins/woo-coupon-usage-929f7bccf6d99dcdb90fbc58af16ac0f.yaml new file mode 100644 index 0000000000..52649a7f10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-coupon-usage-929f7bccf6d99dcdb90fbc58af16ac0f.yaml @@ -0,0 +1,58 @@ +id: woo-coupon-usage-929f7bccf6d99dcdb90fbc58af16ac0f + +info: + name: > + Coupon Affiliates <= 5.4.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0d93ee4-63e1-4fa7-9346-f56354124b9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-coupon-usage/" + google-query: inurl:"/wp-content/plugins/woo-coupon-usage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-coupon-usage,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-coupon-usage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-coupon-usage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-coupon-usage-d6c1488951c377a5fdee8dcb8a391129.yaml b/nuclei-templates/cve-less/plugins/woo-coupon-usage-d6c1488951c377a5fdee8dcb8a391129.yaml new file mode 100644 index 0000000000..a11bddc8fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-coupon-usage-d6c1488951c377a5fdee8dcb8a391129.yaml @@ -0,0 +1,58 @@ +id: woo-coupon-usage-d6c1488951c377a5fdee8dcb8a391129 + +info: + name: > + Coupon Affiliates <= 5.4.5 - Reflected Cross-Site Scripting via 'page' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c6fc6be-7e9a-40cb-b9cd-bb71d4f487f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-coupon-usage/" + google-query: inurl:"/wp-content/plugins/woo-coupon-usage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-coupon-usage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-coupon-usage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-coupon-usage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-coupon-usage-dfbc847d6328add5c7ec6fda715f3e24.yaml b/nuclei-templates/cve-less/plugins/woo-coupon-usage-dfbc847d6328add5c7ec6fda715f3e24.yaml new file mode 100644 index 0000000000..ffc5fac7ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-coupon-usage-dfbc847d6328add5c7ec6fda715f3e24.yaml @@ -0,0 +1,58 @@ +id: woo-coupon-usage-dfbc847d6328add5c7ec6fda715f3e24 + +info: + name: > + WooCommerce Affiliate Plugin - Coupon Affiliates < 4.16.4.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb7fc87c-4680-477e-94f5-9c502edce61d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-coupon-usage/" + google-query: inurl:"/wp-content/plugins/woo-coupon-usage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-coupon-usage,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-coupon-usage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-coupon-usage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.16.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-coupon-usage-f98bb5a74d2fa1a9c0b6c8217a328496.yaml b/nuclei-templates/cve-less/plugins/woo-coupon-usage-f98bb5a74d2fa1a9c0b6c8217a328496.yaml new file mode 100644 index 0000000000..18a1ee95b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-coupon-usage-f98bb5a74d2fa1a9c0b6c8217a328496.yaml @@ -0,0 +1,58 @@ +id: woo-coupon-usage-f98bb5a74d2fa1a9c0b6c8217a328496 + +info: + name: > + Coupon Affiliates <= 5.12.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17cb080f-83f5-4917-af76-bfcc741ae053?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-coupon-usage/" + google-query: inurl:"/wp-content/plugins/woo-coupon-usage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-coupon-usage,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-coupon-usage/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-coupon-usage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-currency-daeaf69e03551f5a39540769cb2822ca.yaml b/nuclei-templates/cve-less/plugins/woo-currency-daeaf69e03551f5a39540769cb2822ca.yaml new file mode 100644 index 0000000000..8979abb55d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-currency-daeaf69e03551f5a39540769cb2822ca.yaml @@ -0,0 +1,58 @@ +id: woo-currency-daeaf69e03551f5a39540769cb2822ca + +info: + name: > + WBW Currency Switcher <= 1.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb56b00c-31dd-4076-aeaf-9b249f04f1c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-currency/" + google-query: inurl:"/wp-content/plugins/woo-currency/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-currency,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-currency/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-currency" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-custom-and-sequential-order-number-1c1bae32227727e0a4d5c09c16777000.yaml b/nuclei-templates/cve-less/plugins/woo-custom-and-sequential-order-number-1c1bae32227727e0a4d5c09c16777000.yaml new file mode 100644 index 0000000000..f694474b62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-custom-and-sequential-order-number-1c1bae32227727e0a4d5c09c16777000.yaml @@ -0,0 +1,58 @@ +id: woo-custom-and-sequential-order-number-1c1bae32227727e0a4d5c09c16777000 + +info: + name: > + Woo Custom and Sequential Order Number <= 2.6.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67279c70-c416-4d18-9951-470773b9221a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-custom-and-sequential-order-number/" + google-query: inurl:"/wp-content/plugins/woo-custom-and-sequential-order-number/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-custom-and-sequential-order-number,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-custom-and-sequential-order-number/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-custom-and-sequential-order-number" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-custom-checkout-fields-49cbb81571d3991f2ef26ba874e53110.yaml b/nuclei-templates/cve-less/plugins/woo-custom-checkout-fields-49cbb81571d3991f2ef26ba874e53110.yaml new file mode 100644 index 0000000000..15d23616e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-custom-checkout-fields-49cbb81571d3991f2ef26ba874e53110.yaml @@ -0,0 +1,58 @@ +id: woo-custom-checkout-fields-49cbb81571d3991f2ef26ba874e53110 + +info: + name: > + Woocommerce Custom Checkout Fields Editor With Drag & Drop <= 0.1 - Reflected Cross-Site Scripting via 'tab' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e3899d8-170e-481f-8c80-90addc66eb41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-custom-checkout-fields/" + google-query: inurl:"/wp-content/plugins/woo-custom-checkout-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-custom-checkout-fields,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-custom-checkout-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-custom-checkout-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-custom-emails-05692bb82558cd77ced2449a9947331d.yaml b/nuclei-templates/cve-less/plugins/woo-custom-emails-05692bb82558cd77ced2449a9947331d.yaml new file mode 100644 index 0000000000..c418b8969e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-custom-emails-05692bb82558cd77ced2449a9947331d.yaml @@ -0,0 +1,58 @@ +id: woo-custom-emails-05692bb82558cd77ced2449a9947331d + +info: + name: > + Woo Custom Emails <= 2.2 - Missing Authorization to Unauthenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ee1660e-10c0-447b-8562-c3af07997f56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-custom-emails/" + google-query: inurl:"/wp-content/plugins/woo-custom-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-custom-emails,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-custom-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-custom-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-custom-emails-6fa0ab83d8badc8c29c9bbd5b82377a3.yaml b/nuclei-templates/cve-less/plugins/woo-custom-emails-6fa0ab83d8badc8c29c9bbd5b82377a3.yaml new file mode 100644 index 0000000000..edf1a07cd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-custom-emails-6fa0ab83d8badc8c29c9bbd5b82377a3.yaml @@ -0,0 +1,58 @@ +id: woo-custom-emails-6fa0ab83d8badc8c29c9bbd5b82377a3 + +info: + name: > + Woo Custom Emails <= 2.2 - Reflected Cross-Site Scripting via wcemails_edit + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6782d8b3-32f9-42e1-874c-35a1e93ffde0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-custom-emails/" + google-query: inurl:"/wp-content/plugins/woo-custom-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-custom-emails,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-custom-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-custom-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-discount-rules-d279b5b7a9de7113552384d130438d18.yaml b/nuclei-templates/cve-less/plugins/woo-discount-rules-d279b5b7a9de7113552384d130438d18.yaml new file mode 100644 index 0000000000..fe8bb3dcb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-discount-rules-d279b5b7a9de7113552384d130438d18.yaml @@ -0,0 +1,58 @@ +id: woo-discount-rules-d279b5b7a9de7113552384d130438d18 + +info: + name: > + Discount Rules for WooCommerce <= 2.4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40c20b9d-9a7d-46ca-81d1-c58150dae2cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-discount-rules/" + google-query: inurl:"/wp-content/plugins/woo-discount-rules/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-discount-rules,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-discount-rules/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-discount-rules" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-easy-duplicate-product-6c3c2bf7b8f6a532d25d6bbbc66fa7c9.yaml b/nuclei-templates/cve-less/plugins/woo-easy-duplicate-product-6c3c2bf7b8f6a532d25d6bbbc66fa7c9.yaml new file mode 100644 index 0000000000..91a28d12d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-easy-duplicate-product-6c3c2bf7b8f6a532d25d6bbbc66fa7c9.yaml @@ -0,0 +1,58 @@ +id: woo-easy-duplicate-product-6c3c2bf7b8f6a532d25d6bbbc66fa7c9 + +info: + name: > + WooCommerce Easy Duplicate Product <= 0.3.0.0 - Reflected Cross-Site Scripting via wedp_duplicated + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b06d68e-153d-4cee-94d5-cbeac7468665?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-easy-duplicate-product/" + google-query: inurl:"/wp-content/plugins/woo-easy-duplicate-product/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-easy-duplicate-product,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-easy-duplicate-product/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-easy-duplicate-product" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-easy-duplicate-product-7afdbaf504234dadcc9587b5a57a9cbb.yaml b/nuclei-templates/cve-less/plugins/woo-easy-duplicate-product-7afdbaf504234dadcc9587b5a57a9cbb.yaml new file mode 100644 index 0000000000..b4c3e797b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-easy-duplicate-product-7afdbaf504234dadcc9587b5a57a9cbb.yaml @@ -0,0 +1,58 @@ +id: woo-easy-duplicate-product-7afdbaf504234dadcc9587b5a57a9cbb + +info: + name: > + WooCommerce Easy Duplicate Product <= 0.3.0.7 - Missing Authorization via wedp_duplicate_product_action + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02d11be0-2e2e-4c76-8a8e-f3f637b99809?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-easy-duplicate-product/" + google-query: inurl:"/wp-content/plugins/woo-easy-duplicate-product/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-easy-duplicate-product,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-easy-duplicate-product/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-easy-duplicate-product" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-ecommerce-tracking-for-google-and-facebook-0870bc8b1d530b3be68df9963ba1cc56.yaml b/nuclei-templates/cve-less/plugins/woo-ecommerce-tracking-for-google-and-facebook-0870bc8b1d530b3be68df9963ba1cc56.yaml new file mode 100644 index 0000000000..6149a60684 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-ecommerce-tracking-for-google-and-facebook-0870bc8b1d530b3be68df9963ba1cc56.yaml @@ -0,0 +1,58 @@ +id: woo-ecommerce-tracking-for-google-and-facebook-0870bc8b1d530b3be68df9963ba1cc56 + +info: + name: > + WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking <= 3.7.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3f7e1a4-88b2-4069-adb8-d51278b48234?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-ecommerce-tracking-for-google-and-facebook/" + google-query: inurl:"/wp-content/plugins/woo-ecommerce-tracking-for-google-and-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-ecommerce-tracking-for-google-and-facebook,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-ecommerce-tracking-for-google-and-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-ecommerce-tracking-for-google-and-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-edit-templates-fd2527f160b6f8cee6c4ddf5aa4628c1.yaml b/nuclei-templates/cve-less/plugins/woo-edit-templates-fd2527f160b6f8cee6c4ddf5aa4628c1.yaml new file mode 100644 index 0000000000..c1ed765357 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-edit-templates-fd2527f160b6f8cee6c4ddf5aa4628c1.yaml @@ -0,0 +1,58 @@ +id: woo-edit-templates-fd2527f160b6f8cee6c4ddf5aa4628c1 + +info: + name: > + Edit WooCommerce Templates <= 1.1.1 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34f7ab72-a4e3-4264-b6d3-530dd255dc87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-edit-templates/" + google-query: inurl:"/wp-content/plugins/woo-edit-templates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-edit-templates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-edit-templates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-edit-templates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-enviopack-fb541598017032d47ba3cc3277c46760.yaml b/nuclei-templates/cve-less/plugins/woo-enviopack-fb541598017032d47ba3cc3277c46760.yaml new file mode 100644 index 0000000000..b56708df48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-enviopack-fb541598017032d47ba3cc3277c46760.yaml @@ -0,0 +1,58 @@ +id: woo-enviopack-fb541598017032d47ba3cc3277c46760 + +info: + name: > + WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da81c849-fc85-4794-a79f-fcc3ef6a3bbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-enviopack/" + google-query: inurl:"/wp-content/plugins/woo-enviopack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-enviopack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-enviopack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-enviopack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-esto-57f4b88a911e06a50ba6bc2f26eebab2.yaml b/nuclei-templates/cve-less/plugins/woo-esto-57f4b88a911e06a50ba6bc2f26eebab2.yaml new file mode 100644 index 0000000000..d23f6d1011 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-esto-57f4b88a911e06a50ba6bc2f26eebab2.yaml @@ -0,0 +1,58 @@ +id: woo-esto-57f4b88a911e06a50ba6bc2f26eebab2 + +info: + name: > + Woocommerce ESTO <= 2.23.1 - Cross-Site Request Forgery via saveSetting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49f7e35d-e453-4e60-8f73-12891def267a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-esto/" + google-query: inurl:"/wp-content/plugins/woo-esto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-esto,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-esto/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-esto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.23.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-gift-cards-lite-3a32b3729ec435ff7a8be0b786f133fc.yaml b/nuclei-templates/cve-less/plugins/woo-gift-cards-lite-3a32b3729ec435ff7a8be0b786f133fc.yaml new file mode 100644 index 0000000000..8b068fde17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-gift-cards-lite-3a32b3729ec435ff7a8be0b786f133fc.yaml @@ -0,0 +1,58 @@ +id: woo-gift-cards-lite-3a32b3729ec435ff7a8be0b786f133fc + +info: + name: > + Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates <= 2.6.6 - Missing Authorization to Unauthenticated Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0d0c44-0ee8-400b-a4ea-e5520c2a6710?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-gift-cards-lite/" + google-query: inurl:"/wp-content/plugins/woo-gift-cards-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-gift-cards-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-gift-cards-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-gift-cards-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-gift-cards-lite-dea87137a3d1b873f5ca5b46839f87d8.yaml b/nuclei-templates/cve-less/plugins/woo-gift-cards-lite-dea87137a3d1b873f5ca5b46839f87d8.yaml new file mode 100644 index 0000000000..699051e912 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-gift-cards-lite-dea87137a3d1b873f5ca5b46839f87d8.yaml @@ -0,0 +1,58 @@ +id: woo-gift-cards-lite-dea87137a3d1b873f5ca5b46839f87d8 + +info: + name: > + Ultimate Gift Cards for WooCommerce <= 2.1.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2da322ea-0206-4838-8ac4-9dd201bb00bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-gift-cards-lite/" + google-query: inurl:"/wp-content/plugins/woo-gift-cards-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-gift-cards-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-gift-cards-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-gift-cards-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-gutenberg-products-block-03ab94cbc5738569e6dbfc88111c85a5.yaml b/nuclei-templates/cve-less/plugins/woo-gutenberg-products-block-03ab94cbc5738569e6dbfc88111c85a5.yaml new file mode 100644 index 0000000000..a05bebcbe6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-gutenberg-products-block-03ab94cbc5738569e6dbfc88111c85a5.yaml @@ -0,0 +1,58 @@ +id: woo-gutenberg-products-block-03ab94cbc5738569e6dbfc88111c85a5 + +info: + name: > + WooCommerce <= 8.1.1 & WooCommerce Blocks <= 11.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image alt Attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/525dec5b-b457-483c-ab2d-09dd320edcaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-gutenberg-products-block/" + google-query: inurl:"/wp-content/plugins/woo-gutenberg-products-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-gutenberg-products-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-gutenberg-products-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-gutenberg-products-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-gutenberg-products-block-749a7702ffa607983798f5d2868f83ea.yaml b/nuclei-templates/cve-less/plugins/woo-gutenberg-products-block-749a7702ffa607983798f5d2868f83ea.yaml new file mode 100644 index 0000000000..e5a666b11e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-gutenberg-products-block-749a7702ffa607983798f5d2868f83ea.yaml @@ -0,0 +1,58 @@ +id: woo-gutenberg-products-block-749a7702ffa607983798f5d2868f83ea + +info: + name: > + WooCommerce Blocks < 5.5 - Authenticated Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6d9d093-1e31-4d36-ac55-79cf82b231bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-gutenberg-products-block/" + google-query: inurl:"/wp-content/plugins/woo-gutenberg-products-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-gutenberg-products-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-gutenberg-products-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-gutenberg-products-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-login-redirect-63de733b8b1cbcf5195bd25b24651bd1.yaml b/nuclei-templates/cve-less/plugins/woo-login-redirect-63de733b8b1cbcf5195bd25b24651bd1.yaml new file mode 100644 index 0000000000..24d0b9a6db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-login-redirect-63de733b8b1cbcf5195bd25b24651bd1.yaml @@ -0,0 +1,58 @@ +id: woo-login-redirect-63de733b8b1cbcf5195bd25b24651bd1 + +info: + name: > + WooCommerce Login Redirect <= 2.2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53d5fbcf-7af7-4345-b207-0a3277f78065?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-login-redirect/" + google-query: inurl:"/wp-content/plugins/woo-login-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-login-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-login-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-login-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-login-redirect-ce92d15642911831d9ca92e448d0dc45.yaml b/nuclei-templates/cve-less/plugins/woo-login-redirect-ce92d15642911831d9ca92e448d0dc45.yaml new file mode 100644 index 0000000000..49c4792879 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-login-redirect-ce92d15642911831d9ca92e448d0dc45.yaml @@ -0,0 +1,58 @@ +id: woo-login-redirect-ce92d15642911831d9ca92e448d0dc45 + +info: + name: > + WooCommerce Login Redirect <= 2.2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8b0d708-4f74-4e6d-9581-f65caf976d45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-login-redirect/" + google-query: inurl:"/wp-content/plugins/woo-login-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-login-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-login-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-login-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-mailerlite-88cd9d196e2b824c736badcdf2c60486.yaml b/nuclei-templates/cve-less/plugins/woo-mailerlite-88cd9d196e2b824c736badcdf2c60486.yaml new file mode 100644 index 0000000000..67f93a0bcc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-mailerlite-88cd9d196e2b824c736badcdf2c60486.yaml @@ -0,0 +1,58 @@ +id: woo-mailerlite-88cd9d196e2b824c736badcdf2c60486 + +info: + name: > + MailerLite – WooCommerce integration <= 2.0.8 - Missing Authorization via Multiple Functions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/757690b0-6c59-4e74-aad2-f5fde9f7a2fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-mailerlite/" + google-query: inurl:"/wp-content/plugins/woo-mailerlite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-mailerlite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-mailerlite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-mailerlite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-mailerlite-cca05bc5622e1c098579dbd96b0cb97a.yaml b/nuclei-templates/cve-less/plugins/woo-mailerlite-cca05bc5622e1c098579dbd96b0cb97a.yaml new file mode 100644 index 0000000000..fea5ceae49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-mailerlite-cca05bc5622e1c098579dbd96b0cb97a.yaml @@ -0,0 +1,58 @@ +id: woo-mailerlite-cca05bc5622e1c098579dbd96b0cb97a + +info: + name: > + MailerLite – WooCommerce integration <= 2.0.8 - Cross-Site Request Forgery via Multiple AJAX Functions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ea7ccb0-c0fb-4ef3-8041-9bf5abe36e3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-mailerlite/" + google-query: inurl:"/wp-content/plugins/woo-mailerlite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-mailerlite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-mailerlite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-mailerlite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-min-max-quantity-step-control-single-c32694721413767cb44f24e1463718a9.yaml b/nuclei-templates/cve-less/plugins/woo-min-max-quantity-step-control-single-c32694721413767cb44f24e1463718a9.yaml new file mode 100644 index 0000000000..375c432df4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-min-max-quantity-step-control-single-c32694721413767cb44f24e1463718a9.yaml @@ -0,0 +1,58 @@ +id: woo-min-max-quantity-step-control-single-c32694721413767cb44f24e1463718a9 + +info: + name: > + Min Max Control <= 4.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4240fcda-c61d-4888-8837-5012e5ba1f26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-min-max-quantity-step-control-single/" + google-query: inurl:"/wp-content/plugins/woo-min-max-quantity-step-control-single/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-min-max-quantity-step-control-single,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-min-max-quantity-step-control-single/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-min-max-quantity-step-control-single" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-moneybird-23c9a6bcdbbbbe8c2bbfd755ec5ced2f.yaml b/nuclei-templates/cve-less/plugins/woo-moneybird-23c9a6bcdbbbbe8c2bbfd755ec5ced2f.yaml new file mode 100644 index 0000000000..d920f75ec3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-moneybird-23c9a6bcdbbbbe8c2bbfd755ec5ced2f.yaml @@ -0,0 +1,58 @@ +id: woo-moneybird-23c9a6bcdbbbbe8c2bbfd755ec5ced2f + +info: + name: > + Integration of Moneybird for WooCommerce <= 2.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/962c0440-04d7-4201-829c-dad9b8f796d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-moneybird/" + google-query: inurl:"/wp-content/plugins/woo-moneybird/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-moneybird,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-moneybird/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-moneybird" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-multi-currency-04585caadf98109f09006297093db829.yaml b/nuclei-templates/cve-less/plugins/woo-multi-currency-04585caadf98109f09006297093db829.yaml new file mode 100644 index 0000000000..c5bb69756b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-multi-currency-04585caadf98109f09006297093db829.yaml @@ -0,0 +1,58 @@ +id: woo-multi-currency-04585caadf98109f09006297093db829 + +info: + name: > + CURCY <= 2.1.25 - Missing Authorization to Currency Exchange Retrieval + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca24aa2f-5d31-4128-af75-68bd24637ee7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-multi-currency/" + google-query: inurl:"/wp-content/plugins/woo-multi-currency/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-multi-currency,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-multi-currency/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-multi-currency" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-multi-currency-4e4599c0d5b0830c29196e68a72f1714.yaml b/nuclei-templates/cve-less/plugins/woo-multi-currency-4e4599c0d5b0830c29196e68a72f1714.yaml new file mode 100644 index 0000000000..147c620d6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-multi-currency-4e4599c0d5b0830c29196e68a72f1714.yaml @@ -0,0 +1,58 @@ +id: woo-multi-currency-4e4599c0d5b0830c29196e68a72f1714 + +info: + name: > + WooCommerce Multi Currency <= 2.1.17 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a490c6-14c1-4c71-b44c-1e362cc892a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-multi-currency/" + google-query: inurl:"/wp-content/plugins/woo-multi-currency/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-multi-currency,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-multi-currency/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-multi-currency" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-myghpay-payment-gateway-eb8db2756daf0437e7a0fbebd28c57f2.yaml b/nuclei-templates/cve-less/plugins/woo-myghpay-payment-gateway-eb8db2756daf0437e7a0fbebd28c57f2.yaml new file mode 100644 index 0000000000..64cc6d8c68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-myghpay-payment-gateway-eb8db2756daf0437e7a0fbebd28c57f2.yaml @@ -0,0 +1,58 @@ +id: woo-myghpay-payment-gateway-eb8db2756daf0437e7a0fbebd28c57f2 + +info: + name: > + WooCommerce myghpay Payment Gateway <= 3.0 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4528a772-6758-4a6e-a325-5f9fd9f1b71d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-myghpay-payment-gateway/" + google-query: inurl:"/wp-content/plugins/woo-myghpay-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-myghpay-payment-gateway,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-myghpay-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-myghpay-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-order-export-lite-17a0ab6b1d7221d78713c85b5cfc7d09.yaml b/nuclei-templates/cve-less/plugins/woo-order-export-lite-17a0ab6b1d7221d78713c85b5cfc7d09.yaml new file mode 100644 index 0000000000..18d3532d87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-order-export-lite-17a0ab6b1d7221d78713c85b5cfc7d09.yaml @@ -0,0 +1,58 @@ +id: woo-order-export-lite-17a0ab6b1d7221d78713c85b5cfc7d09 + +info: + name: > + Advanced Order Export For WooCommerce <= 1.5.4 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92bd8f53-7845-4741-84e7-4930dfa973ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-order-export-lite/" + google-query: inurl:"/wp-content/plugins/woo-order-export-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-order-export-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-order-export-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-order-export-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-order-export-lite-45f3255db2b21cf02cfd20c83ca9648c.yaml b/nuclei-templates/cve-less/plugins/woo-order-export-lite-45f3255db2b21cf02cfd20c83ca9648c.yaml new file mode 100644 index 0000000000..3079dfa179 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-order-export-lite-45f3255db2b21cf02cfd20c83ca9648c.yaml @@ -0,0 +1,58 @@ +id: woo-order-export-lite-45f3255db2b21cf02cfd20c83ca9648c + +info: + name: > + Advanced Order Export for WooCommerce <= 3.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2628f9dd-a020-49e6-bcea-f839e1d1a8a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-order-export-lite/" + google-query: inurl:"/wp-content/plugins/woo-order-export-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-order-export-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-order-export-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-order-export-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-order-export-lite-585b04156d64682d18676fed41ed4dfa.yaml b/nuclei-templates/cve-less/plugins/woo-order-export-lite-585b04156d64682d18676fed41ed4dfa.yaml new file mode 100644 index 0000000000..5358067213 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-order-export-lite-585b04156d64682d18676fed41ed4dfa.yaml @@ -0,0 +1,58 @@ +id: woo-order-export-lite-585b04156d64682d18676fed41ed4dfa + +info: + name: > + Advanced Order Export For WooCommerce <= 3.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a425e1c-9b18-468f-975a-57239ce24601?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-order-export-lite/" + google-query: inurl:"/wp-content/plugins/woo-order-export-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-order-export-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-order-export-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-order-export-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-order-export-lite-82c4fdf6c165bae11c6baa8d84cc1665.yaml b/nuclei-templates/cve-less/plugins/woo-order-export-lite-82c4fdf6c165bae11c6baa8d84cc1665.yaml new file mode 100644 index 0000000000..ee98b7852f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-order-export-lite-82c4fdf6c165bae11c6baa8d84cc1665.yaml @@ -0,0 +1,58 @@ +id: woo-order-export-lite-82c4fdf6c165bae11c6baa8d84cc1665 + +info: + name: > + Advanced Order Export For WooCommerce <= 3.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e9291e8-b4f5-4fd1-aded-4690f82f6905?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-order-export-lite/" + google-query: inurl:"/wp-content/plugins/woo-order-export-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-order-export-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-order-export-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-order-export-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-order-export-lite-8cd31768dc61f0033829ab9bfd911338.yaml b/nuclei-templates/cve-less/plugins/woo-order-export-lite-8cd31768dc61f0033829ab9bfd911338.yaml new file mode 100644 index 0000000000..0a139c23f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-order-export-lite-8cd31768dc61f0033829ab9bfd911338.yaml @@ -0,0 +1,58 @@ +id: woo-order-export-lite-8cd31768dc61f0033829ab9bfd911338 + +info: + name: > + Advanced Order Export for WooCommerce <= 3.1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c89d541f-d34e-46f9-a7cd-aeb00b2e8ad0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-order-export-lite/" + google-query: inurl:"/wp-content/plugins/woo-order-export-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-order-export-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-order-export-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-order-export-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-order-export-lite-b59d3f14536598579f52eca567b11500.yaml b/nuclei-templates/cve-less/plugins/woo-order-export-lite-b59d3f14536598579f52eca567b11500.yaml new file mode 100644 index 0000000000..27acf55f2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-order-export-lite-b59d3f14536598579f52eca567b11500.yaml @@ -0,0 +1,58 @@ +id: woo-order-export-lite-b59d3f14536598579f52eca567b11500 + +info: + name: > + Advanced Order Export For WooCommerce <= 3.4.4 - Authenticated (Shop Manager+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86d5af9f-ffe9-4d22-885d-e117da7687de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-order-export-lite/" + google-query: inurl:"/wp-content/plugins/woo-order-export-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-order-export-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-order-export-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-order-export-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-order-export-lite-db3f5d95cd42ccb9361196cfcc805ca2.yaml b/nuclei-templates/cve-less/plugins/woo-order-export-lite-db3f5d95cd42ccb9361196cfcc805ca2.yaml new file mode 100644 index 0000000000..ecc452a59a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-order-export-lite-db3f5d95cd42ccb9361196cfcc805ca2.yaml @@ -0,0 +1,58 @@ +id: woo-order-export-lite-db3f5d95cd42ccb9361196cfcc805ca2 + +info: + name: > + Advanced Order Export For WooCommerce <= 3.1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d6488ce-e34a-4b23-806d-fa2fb948ea8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-order-export-lite/" + google-query: inurl:"/wp-content/plugins/woo-order-export-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-order-export-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-order-export-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-order-export-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-orders-tracking-1a6f3983d747959c89e7ec5dc65f9024.yaml b/nuclei-templates/cve-less/plugins/woo-orders-tracking-1a6f3983d747959c89e7ec5dc65f9024.yaml new file mode 100644 index 0000000000..63e764e04a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-orders-tracking-1a6f3983d747959c89e7ec5dc65f9024.yaml @@ -0,0 +1,58 @@ +id: woo-orders-tracking-1a6f3983d747959c89e7ec5dc65f9024 + +info: + name: > + Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/991ab188-869c-4875-80f3-940000a1717b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-orders-tracking/" + google-query: inurl:"/wp-content/plugins/woo-orders-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-orders-tracking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-orders-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-orders-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-orders-tracking-685c428e53c4340f09b6fcad98e8d448.yaml b/nuclei-templates/cve-less/plugins/woo-orders-tracking-685c428e53c4340f09b6fcad98e8d448.yaml new file mode 100644 index 0000000000..651124afb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-orders-tracking-685c428e53c4340f09b6fcad98e8d448.yaml @@ -0,0 +1,58 @@ +id: woo-orders-tracking-685c428e53c4340f09b6fcad98e8d448 + +info: + name: > + Orders Tracking for WooCommerce <= 1.2.5 - Authenticated (Administrator+) Directory Traversal via 'file_url' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a62e8b2-7606-4842-8be5-dff8634539d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-orders-tracking/" + google-query: inurl:"/wp-content/plugins/woo-orders-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-orders-tracking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-orders-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-orders-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-orders-tracking-dc785a9dfefaca6a0bea1613af751930.yaml b/nuclei-templates/cve-less/plugins/woo-orders-tracking-dc785a9dfefaca6a0bea1613af751930.yaml new file mode 100644 index 0000000000..6851e76fc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-orders-tracking-dc785a9dfefaca6a0bea1613af751930.yaml @@ -0,0 +1,58 @@ +id: woo-orders-tracking-dc785a9dfefaca6a0bea1613af751930 + +info: + name: > + Orders Tracking for WooCommerce <= 1.0.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0eed0fd-8841-41d1-80fb-dd02f2a1edf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-orders-tracking/" + google-query: inurl:"/wp-content/plugins/woo-orders-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-orders-tracking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-orders-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-orders-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-parcel-pro-24c087c6076b1a75e662317afa8f98e8.yaml b/nuclei-templates/cve-less/plugins/woo-parcel-pro-24c087c6076b1a75e662317afa8f98e8.yaml new file mode 100644 index 0000000000..e96ffd9456 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-parcel-pro-24c087c6076b1a75e662317afa8f98e8.yaml @@ -0,0 +1,58 @@ +id: woo-parcel-pro-24c087c6076b1a75e662317afa8f98e8 + +info: + name: > + Parcel Pro <= 1.6.11 - Open Redirect via 'redirect' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95d4fbf6-e21a-48db-bfb3-32fc9116afa0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-parcel-pro/" + google-query: inurl:"/wp-content/plugins/woo-parcel-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-parcel-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-parcel-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-parcel-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-payment-gateway-for-piraeus-bank-1c405e04f6277e8f63afc203bd74a63b.yaml b/nuclei-templates/cve-less/plugins/woo-payment-gateway-for-piraeus-bank-1c405e04f6277e8f63afc203bd74a63b.yaml new file mode 100644 index 0000000000..ecb162b9b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-payment-gateway-for-piraeus-bank-1c405e04f6277e8f63afc203bd74a63b.yaml @@ -0,0 +1,58 @@ +id: woo-payment-gateway-for-piraeus-bank-1c405e04f6277e8f63afc203bd74a63b + +info: + name: > + Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f17c4748-2a95-495c-ad3b-86b272855791?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-payment-gateway-for-piraeus-bank/" + google-query: inurl:"/wp-content/plugins/woo-payment-gateway-for-piraeus-bank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-payment-gateway-for-piraeus-bank,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-payment-gateway-for-piraeus-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-payment-gateway-for-piraeus-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-16eec9967d2bcd67afac046816dc70ce.yaml b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-16eec9967d2bcd67afac046816dc70ce.yaml new file mode 100644 index 0000000000..6d3a15ef0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-16eec9967d2bcd67afac046816dc70ce.yaml @@ -0,0 +1,58 @@ +id: woo-pdf-invoice-builder-16eec9967d2bcd67afac046816dc70ce + +info: + name: > + WooCommerce PDF Invoice Builder <= 1.2.101 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/652367a0-fca2-4313-8217-d8811ada0ab5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/" + google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-pdf-invoice-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-pdf-invoice-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.101') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-5fd419efd8243713404055494bed8420.yaml b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-5fd419efd8243713404055494bed8420.yaml new file mode 100644 index 0000000000..86b1be9f63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-5fd419efd8243713404055494bed8420.yaml @@ -0,0 +1,58 @@ +id: woo-pdf-invoice-builder-5fd419efd8243713404055494bed8420 + +info: + name: > + WooCommerce PDF Invoice Builder <= 1.2.103 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb0d093b-c339-4b19-a6cd-d2589b8e57ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/" + google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-pdf-invoice-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-pdf-invoice-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.103') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-6173b7b86957899221b3529556dc4a8a.yaml b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-6173b7b86957899221b3529556dc4a8a.yaml new file mode 100644 index 0000000000..c64e2e8f75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-6173b7b86957899221b3529556dc4a8a.yaml @@ -0,0 +1,58 @@ +id: woo-pdf-invoice-builder-6173b7b86957899221b3529556dc4a8a + +info: + name: > + WooCommerce PDF Invoice Builder <= 1.2.89 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/200fbfc1-df21-43b0-8eb1-b2ba0cc0c0df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/" + google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-pdf-invoice-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-pdf-invoice-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.91') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-669481af47f05337ab733ec932b4b377.yaml b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-669481af47f05337ab733ec932b4b377.yaml new file mode 100644 index 0000000000..0333fe3ec6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-669481af47f05337ab733ec932b4b377.yaml @@ -0,0 +1,58 @@ +id: woo-pdf-invoice-builder-669481af47f05337ab733ec932b4b377 + +info: + name: > + WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a765360-8603-4ba1-a6db-dd0175ff3ddf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/" + google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-pdf-invoice-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-pdf-invoice-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.90') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-83c650e19a6e1371f9525c06e9d1b62b.yaml b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-83c650e19a6e1371f9525c06e9d1b62b.yaml new file mode 100644 index 0000000000..5882dda851 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-83c650e19a6e1371f9525c06e9d1b62b.yaml @@ -0,0 +1,58 @@ +id: woo-pdf-invoice-builder-83c650e19a6e1371f9525c06e9d1b62b + +info: + name: > + WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery to Custom Field Creation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b7aac1c-6962-49cf-850f-ab7b1d220090?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/" + google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-pdf-invoice-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-pdf-invoice-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.90') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-c34ad7d49b6b5e2f77c281c8865fee0c.yaml b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-c34ad7d49b6b5e2f77c281c8865fee0c.yaml new file mode 100644 index 0000000000..c3bad57f60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-c34ad7d49b6b5e2f77c281c8865fee0c.yaml @@ -0,0 +1,58 @@ +id: woo-pdf-invoice-builder-c34ad7d49b6b5e2f77c281c8865fee0c + +info: + name: > + WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via Save + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebf2e701-9f9b-4a78-a61a-0cf90cdd9755?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/" + google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-pdf-invoice-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-pdf-invoice-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.90') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-e3fb45d4e1d6f55f124a91bc17024113.yaml b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-e3fb45d4e1d6f55f124a91bc17024113.yaml new file mode 100644 index 0000000000..a38d765320 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-pdf-invoice-builder-e3fb45d4e1d6f55f124a91bc17024113.yaml @@ -0,0 +1,58 @@ +id: woo-pdf-invoice-builder-e3fb45d4e1d6f55f124a91bc17024113 + +info: + name: > + WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated (Subscriber+) SQL Injection via Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4336d597-7e87-46eb-8abd-9fafd6cd25d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-pdf-invoice-builder/" + google-query: inurl:"/wp-content/plugins/woo-pdf-invoice-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-pdf-invoice-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-pdf-invoice-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-pdf-invoice-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.89') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-pensopay-4745429fbf9ec000c34eb26fe0eb2f46.yaml b/nuclei-templates/cve-less/plugins/woo-pensopay-4745429fbf9ec000c34eb26fe0eb2f46.yaml new file mode 100644 index 0000000000..c229e6d920 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-pensopay-4745429fbf9ec000c34eb26fe0eb2f46.yaml @@ -0,0 +1,58 @@ +id: woo-pensopay-4745429fbf9ec000c34eb26fe0eb2f46 + +info: + name: > + WooCommerce PensoPay <= 6.3.1 - Reflected Cross-Site Scripting via 'pensopay_action' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6845b506-3d38-47f6-9348-d7931e65707a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-pensopay/" + google-query: inurl:"/wp-content/plugins/woo-pensopay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-pensopay,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-pensopay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-pensopay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-permalink-manager-cb1f5da1a0250368a9a1a2840b5fd8ff.yaml b/nuclei-templates/cve-less/plugins/woo-permalink-manager-cb1f5da1a0250368a9a1a2840b5fd8ff.yaml new file mode 100644 index 0000000000..5ee6581f9b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-permalink-manager-cb1f5da1a0250368a9a1a2840b5fd8ff.yaml @@ -0,0 +1,58 @@ +id: woo-permalink-manager-cb1f5da1a0250368a9a1a2840b5fd8ff + +info: + name: > + Premmerce Permalink Manager for WooCommerce <= 2.3.10 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e206ad70-c50d-46c3-b3d8-ad7305bfaa32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-permalink-manager/" + google-query: inurl:"/wp-content/plugins/woo-permalink-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-permalink-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-permalink-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-permalink-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-popup-cecf0eea6a928571e9c6c0b109812dde.yaml b/nuclei-templates/cve-less/plugins/woo-popup-cecf0eea6a928571e9c6c0b109812dde.yaml new file mode 100644 index 0000000000..9340dc112d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-popup-cecf0eea6a928571e9c6c0b109812dde.yaml @@ -0,0 +1,58 @@ +id: woo-popup-cecf0eea6a928571e9c6c0b109812dde + +info: + name: > + woo-popup <= 1.2.2 - Reflecte Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/568d9b75-3ac9-47eb-b958-4f1781a6edc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-popup/" + google-query: inurl:"/wp-content/plugins/woo-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-popup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-preview-emails-4696b6dfedb443693738f04c3e5960c7.yaml b/nuclei-templates/cve-less/plugins/woo-preview-emails-4696b6dfedb443693738f04c3e5960c7.yaml new file mode 100644 index 0000000000..ae0f45fdf5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-preview-emails-4696b6dfedb443693738f04c3e5960c7.yaml @@ -0,0 +1,58 @@ +id: woo-preview-emails-4696b6dfedb443693738f04c3e5960c7 + +info: + name: > + Preview E-Mails for WooCommerce <= 1.6.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0de5502-20a4-4436-89c6-ef42b8b40c08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-preview-emails/" + google-query: inurl:"/wp-content/plugins/woo-preview-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-preview-emails,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-preview-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-preview-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-preview-emails-f05f9460461d72edc72c6f486798730b.yaml b/nuclei-templates/cve-less/plugins/woo-preview-emails-f05f9460461d72edc72c6f486798730b.yaml new file mode 100644 index 0000000000..a2cb132fa5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-preview-emails-f05f9460461d72edc72c6f486798730b.yaml @@ -0,0 +1,58 @@ +id: woo-preview-emails-f05f9460461d72edc72c6f486798730b + +info: + name: > + Preview E-mails for WooCommerce <= 2.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d9e80da-4cc6-425c-892f-1ff34b07583f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-preview-emails/" + google-query: inurl:"/wp-content/plugins/woo-preview-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-preview-emails,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-preview-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-preview-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-attachment-8ec1d88a0440fb4d4bbc8ae34370a592.yaml b/nuclei-templates/cve-less/plugins/woo-product-attachment-8ec1d88a0440fb4d4bbc8ae34370a592.yaml new file mode 100644 index 0000000000..3a2e1778ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-attachment-8ec1d88a0440fb4d4bbc8ae34370a592.yaml @@ -0,0 +1,58 @@ +id: woo-product-attachment-8ec1d88a0440fb4d4bbc8ae34370a592 + +info: + name: > + WooCommerce Product Attachment <= 2.1.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8be9c76-08aa-4d41-8599-cc3494be7e58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-attachment/" + google-query: inurl:"/wp-content/plugins/woo-product-attachment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-attachment,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-attachment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-attachment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-bundle-9b89103e6239de0df78ba6046e07241b.yaml b/nuclei-templates/cve-less/plugins/woo-product-bundle-9b89103e6239de0df78ba6046e07241b.yaml new file mode 100644 index 0000000000..9de5458b55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-bundle-9b89103e6239de0df78ba6046e07241b.yaml @@ -0,0 +1,58 @@ +id: woo-product-bundle-9b89103e6239de0df78ba6046e07241b + +info: + name: > + WPC Product Bundles for WooCommerce <= 7.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5188dc72-a00d-4a07-b178-3f3ef26d7fc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-bundle/" + google-query: inurl:"/wp-content/plugins/woo-product-bundle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-bundle,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-bundle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-bundle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-26d0ee067e8dc6608c7e062864b37750.yaml b/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-26d0ee067e8dc6608c7e062864b37750.yaml new file mode 100644 index 0000000000..d4af5c72b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-26d0ee067e8dc6608c7e062864b37750.yaml @@ -0,0 +1,58 @@ +id: woo-product-carousel-slider-and-grid-ultimate-26d0ee067e8dc6608c7e062864b37750 + +info: + name: > + Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.7 - Authenticated(Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed8636bf-229a-42a5-a19c-332679613dd2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/" + google-query: inurl:"/wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-carousel-slider-and-grid-ultimate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-carousel-slider-and-grid-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..2c9e40b323 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-carousel-slider-and-grid-ultimate-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: woo-product-carousel-slider-and-grid-ultimate-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/" + google-query: inurl:"/wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-carousel-slider-and-grid-ultimate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-carousel-slider-and-grid-ultimate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-carousel-slider-and-grid-ultimate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-category-discount-01c368446b8700dac5340c9b9ddef1fe.yaml b/nuclei-templates/cve-less/plugins/woo-product-category-discount-01c368446b8700dac5340c9b9ddef1fe.yaml new file mode 100644 index 0000000000..b10558860d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-category-discount-01c368446b8700dac5340c9b9ddef1fe.yaml @@ -0,0 +1,58 @@ +id: woo-product-category-discount-01c368446b8700dac5340c9b9ddef1fe + +info: + name: > + Category Discount Woocommerce <= 4.12 - Missing Authorization via wpcd_save_discount() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/996b44bb-d1e0-4f82-b8ee-a98b0ae994f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-category-discount/" + google-query: inurl:"/wp-content/plugins/woo-product-category-discount/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-category-discount,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-category-discount/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-category-discount" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-category-discount-96e5ec11f01f1860b01e6de9ecd0a44e.yaml b/nuclei-templates/cve-less/plugins/woo-product-category-discount-96e5ec11f01f1860b01e6de9ecd0a44e.yaml new file mode 100644 index 0000000000..2d74d3b0dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-category-discount-96e5ec11f01f1860b01e6de9ecd0a44e.yaml @@ -0,0 +1,58 @@ +id: woo-product-category-discount-96e5ec11f01f1860b01e6de9ecd0a44e + +info: + name: > + Category Discount Woocommerce <= 4.11 - Cross-Site Request Forgery via wpcd_save_discount() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f04dee5b-d16f-4ef0-88a4-1567e2287bd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-category-discount/" + google-query: inurl:"/wp-content/plugins/woo-product-category-discount/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-category-discount,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-category-discount/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-category-discount" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-enquiry-971d7261bd1edf88014f77f83ee8b436.yaml b/nuclei-templates/cve-less/plugins/woo-product-enquiry-971d7261bd1edf88014f77f83ee8b436.yaml new file mode 100644 index 0000000000..7ad3100c71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-enquiry-971d7261bd1edf88014f77f83ee8b436.yaml @@ -0,0 +1,58 @@ +id: woo-product-enquiry-971d7261bd1edf88014f77f83ee8b436 + +info: + name: > + WooCommerce Product Enquiry <= 2.3.4 - Unauthenticated Self-Based Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97c68df7-69fd-4817-9473-3d3e1fd6d348?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-enquiry/" + google-query: inurl:"/wp-content/plugins/woo-product-enquiry/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-enquiry,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-enquiry/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-enquiry" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-feed-pro-092da9a0754379d27798e711aadf357a.yaml b/nuclei-templates/cve-less/plugins/woo-product-feed-pro-092da9a0754379d27798e711aadf357a.yaml new file mode 100644 index 0000000000..5327a333a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-feed-pro-092da9a0754379d27798e711aadf357a.yaml @@ -0,0 +1,58 @@ +id: woo-product-feed-pro-092da9a0754379d27798e711aadf357a + +info: + name: > + Product Feed PRO for WooCommerce <= 12.4.0 - Cross-Site Request Forgery via update_project + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b0939a-1699-483c-9a4f-7978155e6ad1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-feed-pro/" + google-query: inurl:"/wp-content/plugins/woo-product-feed-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-feed-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-feed-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-feed-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-feed-pro-57778ba99fa499e925c126c40d1e19eb.yaml b/nuclei-templates/cve-less/plugins/woo-product-feed-pro-57778ba99fa499e925c126c40d1e19eb.yaml new file mode 100644 index 0000000000..c6a0e52d25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-feed-pro-57778ba99fa499e925c126c40d1e19eb.yaml @@ -0,0 +1,58 @@ +id: woo-product-feed-pro-57778ba99fa499e925c126c40d1e19eb + +info: + name: > + Product Feed PRO for WooCommerce <= 11.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d990802-a964-493a-8f34-4b5784f52e60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-feed-pro/" + google-query: inurl:"/wp-content/plugins/woo-product-feed-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-feed-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-feed-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-feed-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 11.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-feed-pro-b6ba556ddde027cab29e149fd92ec34e.yaml b/nuclei-templates/cve-less/plugins/woo-product-feed-pro-b6ba556ddde027cab29e149fd92ec34e.yaml new file mode 100644 index 0000000000..f87ac47bd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-feed-pro-b6ba556ddde027cab29e149fd92ec34e.yaml @@ -0,0 +1,58 @@ +id: woo-product-feed-pro-b6ba556ddde027cab29e149fd92ec34e + +info: + name: > + Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More <= 13.3.1 - Sensitive Information Exposure via Log Files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6edff9f-9876-4824-b057-8acbda861ffa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-feed-pro/" + google-query: inurl:"/wp-content/plugins/woo-product-feed-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-feed-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-feed-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-feed-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-feed-pro-e33771324145cc65657e7a62ea2644b5.yaml b/nuclei-templates/cve-less/plugins/woo-product-feed-pro-e33771324145cc65657e7a62ea2644b5.yaml new file mode 100644 index 0000000000..275d1b091b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-feed-pro-e33771324145cc65657e7a62ea2644b5.yaml @@ -0,0 +1,58 @@ +id: woo-product-feed-pro-e33771324145cc65657e7a62ea2644b5 + +info: + name: > + Product Feed PRO for WooCommerce <= 11.0.6 - Settings Update to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b7e0b5-56a2-4f1f-be13-92721f4055fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-feed-pro/" + google-query: inurl:"/wp-content/plugins/woo-product-feed-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-feed-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-feed-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-feed-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 11.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-feed-pro-f7380d2067d81298695b7ed10624b075.yaml b/nuclei-templates/cve-less/plugins/woo-product-feed-pro-f7380d2067d81298695b7ed10624b075.yaml new file mode 100644 index 0000000000..41c4106f7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-feed-pro-f7380d2067d81298695b7ed10624b075.yaml @@ -0,0 +1,58 @@ +id: woo-product-feed-pro-f7380d2067d81298695b7ed10624b075 + +info: + name: > + Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More <= 13.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42da00cf-5fda-4ad7-ad74-0328f492abcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-feed-pro/" + google-query: inurl:"/wp-content/plugins/woo-product-feed-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-feed-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-feed-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-feed-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-filter-44c408e8dae2b7e08323b9972af77572.yaml b/nuclei-templates/cve-less/plugins/woo-product-filter-44c408e8dae2b7e08323b9972af77572.yaml new file mode 100644 index 0000000000..ab77b54c1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-filter-44c408e8dae2b7e08323b9972af77572.yaml @@ -0,0 +1,58 @@ +id: woo-product-filter-44c408e8dae2b7e08323b9972af77572 + +info: + name: > + Product Filter by WBW <= 2.5.0 - Missing Authorization via getListForTbl + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77acb885-1776-4a74-96d0-4edbf1a92917?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-filter/" + google-query: inurl:"/wp-content/plugins/woo-product-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-filter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-gallery-slider-35e78d37b187cb4c7fe5d6abc5c15922.yaml b/nuclei-templates/cve-less/plugins/woo-product-gallery-slider-35e78d37b187cb4c7fe5d6abc5c15922.yaml new file mode 100644 index 0000000000..4a186aeaec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-gallery-slider-35e78d37b187cb4c7fe5d6abc5c15922.yaml @@ -0,0 +1,58 @@ +id: woo-product-gallery-slider-35e78d37b187cb4c7fe5d6abc5c15922 + +info: + name: > + Product Gallery Slider for WooCommerce <= 2.2.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df911497-8504-424e-8717-42d0bb6c90f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-gallery-slider/" + google-query: inurl:"/wp-content/plugins/woo-product-gallery-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-gallery-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-gallery-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-gallery-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-gallery-slider-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/woo-product-gallery-slider-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..47b7805aba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-gallery-slider-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: woo-product-gallery-slider-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-gallery-slider/" + google-query: inurl:"/wp-content/plugins/woo-product-gallery-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-gallery-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-gallery-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-gallery-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-reviews-shortcode-345d3d45cedd9f71e91c6e61868d3c59.yaml b/nuclei-templates/cve-less/plugins/woo-product-reviews-shortcode-345d3d45cedd9f71e91c6e61868d3c59.yaml new file mode 100644 index 0000000000..3d2c1aeb7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-reviews-shortcode-345d3d45cedd9f71e91c6e61868d3c59.yaml @@ -0,0 +1,58 @@ +id: woo-product-reviews-shortcode-345d3d45cedd9f71e91c6e61868d3c59 + +info: + name: > + Builder for WooCommerce reviews shortcodes – ReviewShort <= 1.01.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62805bc2-16e6-4252-bea1-5c2b69cf9bc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-reviews-shortcode/" + google-query: inurl:"/wp-content/plugins/woo-product-reviews-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-reviews-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-reviews-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-reviews-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.01.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-slider-and-carousel-with-category-ba63b488e2407e68ac5be6c07d4b813b.yaml b/nuclei-templates/cve-less/plugins/woo-product-slider-and-carousel-with-category-ba63b488e2407e68ac5be6c07d4b813b.yaml new file mode 100644 index 0000000000..ebe0294ab6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-slider-and-carousel-with-category-ba63b488e2407e68ac5be6c07d4b813b.yaml @@ -0,0 +1,58 @@ +id: woo-product-slider-and-carousel-with-category-ba63b488e2407e68ac5be6c07d4b813b + +info: + name: > + Product Slider and Carousel with Category for WooCommerce <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf464e16-f5cf-4b3e-a9ee-b3df9aa38c9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-slider-and-carousel-with-category/" + google-query: inurl:"/wp-content/plugins/woo-product-slider-and-carousel-with-category/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-slider-and-carousel-with-category,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-slider-and-carousel-with-category/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-slider-and-carousel-with-category" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-slider-c1072dc6be25d5ca69ffa07a2d068093.yaml b/nuclei-templates/cve-less/plugins/woo-product-slider-c1072dc6be25d5ca69ffa07a2d068093.yaml new file mode 100644 index 0000000000..64a0b3dc26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-slider-c1072dc6be25d5ca69ffa07a2d068093.yaml @@ -0,0 +1,58 @@ +id: woo-product-slider-c1072dc6be25d5ca69ffa07a2d068093 + +info: + name: > + Product Slider for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d11e8124-1028-4dba-bbd9-c45699d78909?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-slider/" + google-query: inurl:"/wp-content/plugins/woo-product-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-slider-f700ae3c5b4e92d34fddc6f86f957267.yaml b/nuclei-templates/cve-less/plugins/woo-product-slider-f700ae3c5b4e92d34fddc6f86f957267.yaml new file mode 100644 index 0000000000..c1fbf352f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-slider-f700ae3c5b4e92d34fddc6f86f957267.yaml @@ -0,0 +1,58 @@ +id: woo-product-slider-f700ae3c5b4e92d34fddc6f86f957267 + +info: + name: > + Product Slider for WooCommerce <= 2.5.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2e8d217-51a7-4653-bb23-c53f5c75cb85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-slider/" + google-query: inurl:"/wp-content/plugins/woo-product-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-table-e2d12fb1743cf7c34146fef09c867ef4.yaml b/nuclei-templates/cve-less/plugins/woo-product-table-e2d12fb1743cf7c34146fef09c867ef4.yaml new file mode 100644 index 0000000000..e4c67fc6ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-table-e2d12fb1743cf7c34146fef09c867ef4.yaml @@ -0,0 +1,58 @@ +id: woo-product-table-e2d12fb1743cf7c34146fef09c867ef4 + +info: + name: > + Product Table for WooCommerce <= 3.1.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4494a0f-57fb-4ed7-8fdc-85b5dcee6549?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-table/" + google-query: inurl:"/wp-content/plugins/woo-product-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-table,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-tables-ff403ca55433c3790064bbfc25253b20.yaml b/nuclei-templates/cve-less/plugins/woo-product-tables-ff403ca55433c3790064bbfc25253b20.yaml new file mode 100644 index 0000000000..fe2fb3be1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-tables-ff403ca55433c3790064bbfc25253b20.yaml @@ -0,0 +1,58 @@ +id: woo-product-tables-ff403ca55433c3790064bbfc25253b20 + +info: + name: > + Product Table by WBW <= 1.8.6 - Cross-Site Request Forgery via saveGroup + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eff03dbc-1bb7-4a72-b57c-f1bde966c286?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-tables/" + google-query: inurl:"/wp-content/plugins/woo-product-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-tables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-variation-gallery-865b10a62092a11efd2388d72979b0d5.yaml b/nuclei-templates/cve-less/plugins/woo-product-variation-gallery-865b10a62092a11efd2388d72979b0d5.yaml new file mode 100644 index 0000000000..ed9cab65c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-variation-gallery-865b10a62092a11efd2388d72979b0d5.yaml @@ -0,0 +1,58 @@ +id: woo-product-variation-gallery-865b10a62092a11efd2388d72979b0d5 + +info: + name: > + Variation Images Gallery for WooCommerce <= 2.3.3 - Reflected Cross-Site Scripting via style + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aaf7107c-1e9f-4020-aed3-a6a687a0cf6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-variation-gallery/" + google-query: inurl:"/wp-content/plugins/woo-product-variation-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-variation-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-variation-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-variation-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-product-variation-swatches-820cc233aa3e1e97214079c055bbd5fb.yaml b/nuclei-templates/cve-less/plugins/woo-product-variation-swatches-820cc233aa3e1e97214079c055bbd5fb.yaml new file mode 100644 index 0000000000..4fc73eb1ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-product-variation-swatches-820cc233aa3e1e97214079c055bbd5fb.yaml @@ -0,0 +1,58 @@ +id: woo-product-variation-swatches-820cc233aa3e1e97214079c055bbd5fb + +info: + name: > + Variation Swatches for WooCommerce <= 2.3.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72a0df23-38cd-4926-9099-8eb652e05a15?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-product-variation-swatches/" + google-query: inurl:"/wp-content/plugins/woo-product-variation-swatches/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-product-variation-swatches,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-product-variation-swatches/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-product-variation-swatches" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-products-widgets-for-elementor-b224632750bfc8c01cfd4c8878280cb5.yaml b/nuclei-templates/cve-less/plugins/woo-products-widgets-for-elementor-b224632750bfc8c01cfd4c8878280cb5.yaml new file mode 100644 index 0000000000..8d1f9fb677 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-products-widgets-for-elementor-b224632750bfc8c01cfd4c8878280cb5.yaml @@ -0,0 +1,58 @@ +id: woo-products-widgets-for-elementor-b224632750bfc8c01cfd4c8878280cb5 + +info: + name: > + Woo Products Widgets For Elementor <= 1.0.7 - Authenticated (Contributor+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5652587e-280b-4bdf-b096-e09fe0194658?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-products-widgets-for-elementor/" + google-query: inurl:"/wp-content/plugins/woo-products-widgets-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-products-widgets-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-products-widgets-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-products-widgets-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-refund-and-exchange-lite-96ff12fd53b9282c4a2c4aeb674ac66e.yaml b/nuclei-templates/cve-less/plugins/woo-refund-and-exchange-lite-96ff12fd53b9282c4a2c4aeb674ac66e.yaml new file mode 100644 index 0000000000..1c1b8e196e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-refund-and-exchange-lite-96ff12fd53b9282c4a2c4aeb674ac66e.yaml @@ -0,0 +1,58 @@ +id: woo-refund-and-exchange-lite-96ff12fd53b9282c4a2c4aeb674ac66e + +info: + name: > + Return Refund and Exchange For WooCommerce <= 4.0.8 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3871bae4-f954-4692-8af8-1f96f8fcb778?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-refund-and-exchange-lite/" + google-query: inurl:"/wp-content/plugins/woo-refund-and-exchange-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-refund-and-exchange-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-refund-and-exchange-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-refund-and-exchange-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-related-products-refresh-on-reload-f9f7aa614950622531a31e76990cf4c8.yaml b/nuclei-templates/cve-less/plugins/woo-related-products-refresh-on-reload-f9f7aa614950622531a31e76990cf4c8.yaml new file mode 100644 index 0000000000..7d2c31cafc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-related-products-refresh-on-reload-f9f7aa614950622531a31e76990cf4c8.yaml @@ -0,0 +1,58 @@ +id: woo-related-products-refresh-on-reload-f9f7aa614950622531a31e76990cf4c8 + +info: + name: > + Related Products for WooCommerce <= 3.3.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a98498b8-9397-42e9-9c99-a576975c9ac9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-related-products-refresh-on-reload/" + google-query: inurl:"/wp-content/plugins/woo-related-products-refresh-on-reload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-related-products-refresh-on-reload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-related-products-refresh-on-reload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-related-products-refresh-on-reload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-reviews-by-wiremo-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/woo-reviews-by-wiremo-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..c81d6a6ab5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-reviews-by-wiremo-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: woo-reviews-by-wiremo-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-reviews-by-wiremo/" + google-query: inurl:"/wp-content/plugins/woo-reviews-by-wiremo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-reviews-by-wiremo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-reviews-by-wiremo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-reviews-by-wiremo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.96') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-shipping-dpd-baltic-39e0cd9a1bb57b7c976fa340879a57c5.yaml b/nuclei-templates/cve-less/plugins/woo-shipping-dpd-baltic-39e0cd9a1bb57b7c976fa340879a57c5.yaml new file mode 100644 index 0000000000..7fc01545e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-shipping-dpd-baltic-39e0cd9a1bb57b7c976fa340879a57c5.yaml @@ -0,0 +1,58 @@ +id: woo-shipping-dpd-baltic-39e0cd9a1bb57b7c976fa340879a57c5 + +info: + name: > + WooCommerce Shipping – DPD baltic <= 1.2.54 - Missing Authorization to Arbitrary Options Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4b13a45-9141-47e3-ba11-c0ce15235936?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-shipping-dpd-baltic/" + google-query: inurl:"/wp-content/plugins/woo-shipping-dpd-baltic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-shipping-dpd-baltic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-shipping-dpd-baltic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-shipping-dpd-baltic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.56') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-shipping-dpd-baltic-bbc1707c7a5ee3103ec07e525a958c37.yaml b/nuclei-templates/cve-less/plugins/woo-shipping-dpd-baltic-bbc1707c7a5ee3103ec07e525a958c37.yaml new file mode 100644 index 0000000000..0eaf7bb6db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-shipping-dpd-baltic-bbc1707c7a5ee3103ec07e525a958c37.yaml @@ -0,0 +1,58 @@ +id: woo-shipping-dpd-baltic-bbc1707c7a5ee3103ec07e525a958c37 + +info: + name: > + WooCommerce Shipping – DPD baltic <= 1.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/926827a5-4231-4188-bece-fd37c1829412?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-shipping-dpd-baltic/" + google-query: inurl:"/wp-content/plugins/woo-shipping-dpd-baltic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-shipping-dpd-baltic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-shipping-dpd-baltic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-shipping-dpd-baltic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-sku-label-changer-8f9a4b2e27aff6f1c97baa2ca96cfe9f.yaml b/nuclei-templates/cve-less/plugins/woo-sku-label-changer-8f9a4b2e27aff6f1c97baa2ca96cfe9f.yaml new file mode 100644 index 0000000000..eef9546133 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-sku-label-changer-8f9a4b2e27aff6f1c97baa2ca96cfe9f.yaml @@ -0,0 +1,58 @@ +id: woo-sku-label-changer-8f9a4b2e27aff6f1c97baa2ca96cfe9f + +info: + name: > + SKU Label Changer For WooCommerce <= 3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/793594f7-6325-4561-ad74-a08aebc20c53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-sku-label-changer/" + google-query: inurl:"/wp-content/plugins/woo-sku-label-changer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-sku-label-changer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-sku-label-changer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-sku-label-changer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-smart-quick-view-a4bcc5ba22f6cf25dbecf393d91d5f77.yaml b/nuclei-templates/cve-less/plugins/woo-smart-quick-view-a4bcc5ba22f6cf25dbecf393d91d5f77.yaml new file mode 100644 index 0000000000..81758298c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-smart-quick-view-a4bcc5ba22f6cf25dbecf393d91d5f77.yaml @@ -0,0 +1,58 @@ +id: woo-smart-quick-view-a4bcc5ba22f6cf25dbecf393d91d5f77 + +info: + name: > + WPC Smart Quick View for WooCommerce <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45ac52e1-9f0e-499e-9125-2581940f5bdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-smart-quick-view/" + google-query: inurl:"/wp-content/plugins/woo-smart-quick-view/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-smart-quick-view,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-smart-quick-view/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-smart-quick-view" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-smart-wishlist-0960254cf84107ae737889786d951876.yaml b/nuclei-templates/cve-less/plugins/woo-smart-wishlist-0960254cf84107ae737889786d951876.yaml new file mode 100644 index 0000000000..aa429dc358 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-smart-wishlist-0960254cf84107ae737889786d951876.yaml @@ -0,0 +1,58 @@ +id: woo-smart-wishlist-0960254cf84107ae737889786d951876 + +info: + name: > + WPC Smart Wishlist for WooCommerce <= 2.9.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30c0118c-3dae-4d76-8e9f-ea747d44a788?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-smart-wishlist/" + google-query: inurl:"/wp-content/plugins/woo-smart-wishlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-smart-wishlist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-smart-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-smart-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-smart-wishlist-6ecaf4687f30a18c2f1e4bdfe098e4f9.yaml b/nuclei-templates/cve-less/plugins/woo-smart-wishlist-6ecaf4687f30a18c2f1e4bdfe098e4f9.yaml new file mode 100644 index 0000000000..5a67e788d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-smart-wishlist-6ecaf4687f30a18c2f1e4bdfe098e4f9.yaml @@ -0,0 +1,58 @@ +id: woo-smart-wishlist-6ecaf4687f30a18c2f1e4bdfe098e4f9 + +info: + name: > + WPC Smart Wishlist for WooCommerce <= 4.7.1 - Cross-Site Request Forgery via wishlist_add and wishlist_remove + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/655fc91d-5920-4214-8ef1-8191e2683f9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-smart-wishlist/" + google-query: inurl:"/wp-content/plugins/woo-smart-wishlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-smart-wishlist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-smart-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-smart-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-smart-wishlist-de4740107fbd20caea40fce59ea96c07.yaml b/nuclei-templates/cve-less/plugins/woo-smart-wishlist-de4740107fbd20caea40fce59ea96c07.yaml new file mode 100644 index 0000000000..21729f6d4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-smart-wishlist-de4740107fbd20caea40fce59ea96c07.yaml @@ -0,0 +1,58 @@ +id: woo-smart-wishlist-de4740107fbd20caea40fce59ea96c07 + +info: + name: > + WPC Smart Wishlist for WooCommerce <= 2.9.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2a5d8ef-109c-471b-a135-c834f090eb5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-smart-wishlist/" + google-query: inurl:"/wp-content/plugins/woo-smart-wishlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-smart-wishlist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-smart-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-smart-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-thank-you-page-customizer-179df283f6f4faa0dd973e427dd4bc30.yaml b/nuclei-templates/cve-less/plugins/woo-thank-you-page-customizer-179df283f6f4faa0dd973e427dd4bc30.yaml new file mode 100644 index 0000000000..43b1360f87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-thank-you-page-customizer-179df283f6f4faa0dd973e427dd4bc30.yaml @@ -0,0 +1,58 @@ +id: woo-thank-you-page-customizer-179df283f6f4faa0dd973e427dd4bc30 + +info: + name: > + Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e7ebc0c-6936-4632-a602-7131c7d8bd6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-thank-you-page-customizer/" + google-query: inurl:"/wp-content/plugins/woo-thank-you-page-customizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-thank-you-page-customizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-thank-you-page-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-thank-you-page-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-thank-you-page-customizer-5cee27767ae5190db018a1cdcac6e39b.yaml b/nuclei-templates/cve-less/plugins/woo-thank-you-page-customizer-5cee27767ae5190db018a1cdcac6e39b.yaml new file mode 100644 index 0000000000..8323cd973e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-thank-you-page-customizer-5cee27767ae5190db018a1cdcac6e39b.yaml @@ -0,0 +1,58 @@ +id: woo-thank-you-page-customizer-5cee27767ae5190db018a1cdcac6e39b + +info: + name: > + Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/310afe02-3a51-4633-b359-65ae58d0c032?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-thank-you-page-customizer/" + google-query: inurl:"/wp-content/plugins/woo-thank-you-page-customizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-thank-you-page-customizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-thank-you-page-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-thank-you-page-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-thank-you-page-customizer-7bdefad8c5305dfe4fbbdb047ffa82e3.yaml b/nuclei-templates/cve-less/plugins/woo-thank-you-page-customizer-7bdefad8c5305dfe4fbbdb047ffa82e3.yaml new file mode 100644 index 0000000000..c93de7a6b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-thank-you-page-customizer-7bdefad8c5305dfe4fbbdb047ffa82e3.yaml @@ -0,0 +1,58 @@ +id: woo-thank-you-page-customizer-7bdefad8c5305dfe4fbbdb047ffa82e3 + +info: + name: > + Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.0.13 - Cross-Site Request Forgery via send_email + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecd504ad-8812-46ec-be18-e98d05982312?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-thank-you-page-customizer/" + google-query: inurl:"/wp-content/plugins/woo-thank-you-page-customizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-thank-you-page-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-thank-you-page-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-thank-you-page-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-thank-you-page-nextmove-lite-13f75b4807aa41447c76b6287198f0e6.yaml b/nuclei-templates/cve-less/plugins/woo-thank-you-page-nextmove-lite-13f75b4807aa41447c76b6287198f0e6.yaml new file mode 100644 index 0000000000..3cf97384d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-thank-you-page-nextmove-lite-13f75b4807aa41447c76b6287198f0e6.yaml @@ -0,0 +1,58 @@ +id: woo-thank-you-page-nextmove-lite-13f75b4807aa41447c76b6287198f0e6 + +info: + name: > + NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d9332be-2cf0-46cd-81e4-6436aeec0f83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-thank-you-page-nextmove-lite/" + google-query: inurl:"/wp-content/plugins/woo-thank-you-page-nextmove-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-thank-you-page-nextmove-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-thank-you-page-nextmove-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-thank-you-page-nextmove-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-thank-you-page-nextmove-lite-87df5cc36f24c1b7dd693537f9d2db36.yaml b/nuclei-templates/cve-less/plugins/woo-thank-you-page-nextmove-lite-87df5cc36f24c1b7dd693537f9d2db36.yaml new file mode 100644 index 0000000000..9288d03ff0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-thank-you-page-nextmove-lite-87df5cc36f24c1b7dd693537f9d2db36.yaml @@ -0,0 +1,58 @@ +id: woo-thank-you-page-nextmove-lite-87df5cc36f24c1b7dd693537f9d2db36 + +info: + name: > + NextMove Lite <= 2.17.0 - Missing Authorization to Authenticated(Subscriber+) Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b04ab77-880b-423a-bba6-59822f0463bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-thank-you-page-nextmove-lite/" + google-query: inurl:"/wp-content/plugins/woo-thank-you-page-nextmove-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-thank-you-page-nextmove-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-thank-you-page-nextmove-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-thank-you-page-nextmove-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-thank-you-page-nextmove-lite-c43b2bc97ac2bdb36f5cf0cc1582221c.yaml b/nuclei-templates/cve-less/plugins/woo-thank-you-page-nextmove-lite-c43b2bc97ac2bdb36f5cf0cc1582221c.yaml new file mode 100644 index 0000000000..5a4b91cc1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-thank-you-page-nextmove-lite-c43b2bc97ac2bdb36f5cf0cc1582221c.yaml @@ -0,0 +1,58 @@ +id: woo-thank-you-page-nextmove-lite-c43b2bc97ac2bdb36f5cf0cc1582221c + +info: + name: > + NextMove Lite <= 2.18.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8add6b9-8d53-4239-bbbc-d32a562fd9b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-thank-you-page-nextmove-lite/" + google-query: inurl:"/wp-content/plugins/woo-thank-you-page-nextmove-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-thank-you-page-nextmove-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-thank-you-page-nextmove-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-thank-you-page-nextmove-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.18.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-tipdonation-45a6c5ecbb4131cfd2ebe25ca43d9a26.yaml b/nuclei-templates/cve-less/plugins/woo-tipdonation-45a6c5ecbb4131cfd2ebe25ca43d9a26.yaml new file mode 100644 index 0000000000..a1607d70f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-tipdonation-45a6c5ecbb4131cfd2ebe25ca43d9a26.yaml @@ -0,0 +1,58 @@ +id: woo-tipdonation-45a6c5ecbb4131cfd2ebe25ca43d9a26 + +info: + name: > + Woocommerce Tip/Donation <= 1.2 - Authenticated (Shop manager+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ec83425-c756-450e-ac46-c897ad72714c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-tipdonation/" + google-query: inurl:"/wp-content/plugins/woo-tipdonation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-tipdonation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-tipdonation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-tipdonation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-total-sales-60fd57f03f391911c0b737f75f701788.yaml b/nuclei-templates/cve-less/plugins/woo-total-sales-60fd57f03f391911c0b737f75f701788.yaml new file mode 100644 index 0000000000..bc31ed2a7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-total-sales-60fd57f03f391911c0b737f75f701788.yaml @@ -0,0 +1,58 @@ +id: woo-total-sales-60fd57f03f391911c0b737f75f701788 + +info: + name: > + Woo Total Sales <= 3.1.4 - Missing Authorization to Unauthenticated Sales Report Retrieval + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/630d5dcc-ee51-4c2d-b4fb-191637311d6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-total-sales/" + google-query: inurl:"/wp-content/plugins/woo-total-sales/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-total-sales,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-total-sales/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-total-sales" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-tranzila-gateway-24387a4b139635373353e5f045ea2527.yaml b/nuclei-templates/cve-less/plugins/woo-tranzila-gateway-24387a4b139635373353e5f045ea2527.yaml new file mode 100644 index 0000000000..82750a7bc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-tranzila-gateway-24387a4b139635373353e5f045ea2527.yaml @@ -0,0 +1,58 @@ +id: woo-tranzila-gateway-24387a4b139635373353e5f045ea2527 + +info: + name: > + WooCommerce Tranzila Gateway <= 1.0.8 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ed30ebb-cb06-428c-a60e-676f36e75fa9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-tranzila-gateway/" + google-query: inurl:"/wp-content/plugins/woo-tranzila-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-tranzila-gateway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-tranzila-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-tranzila-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-variation-gallery-9404e968e946456749ff0111b0225ba5.yaml b/nuclei-templates/cve-less/plugins/woo-variation-gallery-9404e968e946456749ff0111b0225ba5.yaml new file mode 100644 index 0000000000..e85fee2401 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-variation-gallery-9404e968e946456749ff0111b0225ba5.yaml @@ -0,0 +1,58 @@ +id: woo-variation-gallery-9404e968e946456749ff0111b0225ba5 + +info: + name: > + Additional Variation Images Gallery for WooCommerce <= 1.1.28 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76e46759-ff83-4a6b-b510-28965c88bb94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-variation-gallery/" + google-query: inurl:"/wp-content/plugins/woo-variation-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-variation-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-variation-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-variation-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-variation-swatches-2b30ea73d6d558993d47f6388caba82c.yaml b/nuclei-templates/cve-less/plugins/woo-variation-swatches-2b30ea73d6d558993d47f6388caba82c.yaml new file mode 100644 index 0000000000..111ef0a3d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-variation-swatches-2b30ea73d6d558993d47f6388caba82c.yaml @@ -0,0 +1,58 @@ +id: woo-variation-swatches-2b30ea73d6d558993d47f6388caba82c + +info: + name: > + Variation Swatches for WooCommerce <= 1.0.61 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9c3ab75-93fb-4c63-a430-61d02a031e46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-variation-swatches/" + google-query: inurl:"/wp-content/plugins/woo-variation-swatches/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-variation-swatches,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-variation-swatches/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-variation-swatches" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.62') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-viet-4246ff71c6ef488c4b4e4889ffbb362f.yaml b/nuclei-templates/cve-less/plugins/woo-viet-4246ff71c6ef488c4b4e4889ffbb362f.yaml new file mode 100644 index 0000000000..a801e403b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-viet-4246ff71c6ef488c4b4e4889ffbb362f.yaml @@ -0,0 +1,58 @@ +id: woo-viet-4246ff71c6ef488c4b4e4889ffbb362f + +info: + name: > + Woo Viet <= 1.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4204209b-054f-4249-87d0-a0837ac172d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-viet/" + google-query: inurl:"/wp-content/plugins/woo-viet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-viet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-viet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-viet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-56d4c43d31e2f8fea26c256a0553165d.yaml b/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-56d4c43d31e2f8fea26c256a0553165d.yaml new file mode 100644 index 0000000000..6af97cdada --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-56d4c43d31e2f8fea26c256a0553165d.yaml @@ -0,0 +1,58 @@ +id: woo-vietnam-checkout-56d4c43d31e2f8fea26c256a0553165d + +info: + name: > + Woocommerce Vietnam Checkout <= 2.0.5 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4483fb33-3815-4ec9-9df4-a971844f4855?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-vietnam-checkout/" + google-query: inurl:"/wp-content/plugins/woo-vietnam-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-vietnam-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-vietnam-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-vietnam-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-b2ee5069c05c98988181a6b0620a514c.yaml b/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-b2ee5069c05c98988181a6b0620a514c.yaml new file mode 100644 index 0000000000..8cce81fa6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-b2ee5069c05c98988181a6b0620a514c.yaml @@ -0,0 +1,58 @@ +id: woo-vietnam-checkout-b2ee5069c05c98988181a6b0620a514c + +info: + name: > + Woocommerce Vietnam Checkout <= 2.0.7 - Authenticated (Shop manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02402620-89db-448d-9028-379856735a2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-vietnam-checkout/" + google-query: inurl:"/wp-content/plugins/woo-vietnam-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-vietnam-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-vietnam-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-vietnam-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-eab2919aee1646dd0938cff504effdc4.yaml b/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-eab2919aee1646dd0938cff504effdc4.yaml new file mode 100644 index 0000000000..726f3e9122 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-vietnam-checkout-eab2919aee1646dd0938cff504effdc4.yaml @@ -0,0 +1,58 @@ +id: woo-vietnam-checkout-eab2919aee1646dd0938cff504effdc4 + +info: + name: > + Woocommerce Vietnam Checkout <= 2.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7d6f828-0d7b-4ee2-a316-ab55eb7a3d70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-vietnam-checkout/" + google-query: inurl:"/wp-content/plugins/woo-vietnam-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-vietnam-checkout,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-vietnam-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-vietnam-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-vipps-e6cf650c13f11df4cb2b334fe314415e.yaml b/nuclei-templates/cve-less/plugins/woo-vipps-e6cf650c13f11df4cb2b334fe314415e.yaml new file mode 100644 index 0000000000..18e2aa00ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-vipps-e6cf650c13f11df4cb2b334fe314415e.yaml @@ -0,0 +1,58 @@ +id: woo-vipps-e6cf650c13f11df4cb2b334fe314415e + +info: + name: > + Pay with Vipps for WooCommerce <= 1.14.13 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2950a264-b60c-48ad-b8e0-6d0e1a230982?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-vipps/" + google-query: inurl:"/wp-content/plugins/woo-vipps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-vipps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-vipps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-vipps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-wallet-6cf5df1f5906c35e420af33d77451aff.yaml b/nuclei-templates/cve-less/plugins/woo-wallet-6cf5df1f5906c35e420af33d77451aff.yaml new file mode 100644 index 0000000000..7f67630750 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-wallet-6cf5df1f5906c35e420af33d77451aff.yaml @@ -0,0 +1,58 @@ +id: woo-wallet-6cf5df1f5906c35e420af33d77451aff + +info: + name: > + TeraWallet – For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via lock_unlock_terawallet + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65189c49-600d-4a69-a687-0ff9e327783e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-wallet/" + google-query: inurl:"/wp-content/plugins/woo-wallet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-wallet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-wallet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-wallet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-wallet-b6b61804ee61270fd88ffc6edea74fbb.yaml b/nuclei-templates/cve-less/plugins/woo-wallet-b6b61804ee61270fd88ffc6edea74fbb.yaml new file mode 100644 index 0000000000..967764e1d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-wallet-b6b61804ee61270fd88ffc6edea74fbb.yaml @@ -0,0 +1,58 @@ +id: woo-wallet-b6b61804ee61270fd88ffc6edea74fbb + +info: + name: > + TeraWallet – For WooCommerce <= 1.4.3 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec57e0b2-61b0-4b67-9784-dbb4e6c4e4a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-wallet/" + google-query: inurl:"/wp-content/plugins/woo-wallet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-wallet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-wallet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-wallet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-wallet-d38b07bf476ecd6b9ce90d545b02abb0.yaml b/nuclei-templates/cve-less/plugins/woo-wallet-d38b07bf476ecd6b9ce90d545b02abb0.yaml new file mode 100644 index 0000000000..f4810ffc35 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-wallet-d38b07bf476ecd6b9ce90d545b02abb0.yaml @@ -0,0 +1,58 @@ +id: woo-wallet-d38b07bf476ecd6b9ce90d545b02abb0 + +info: + name: > + TeraWallet – For WooCommerce <= 1.3.24 - Cross-Site Request Forgery via admin_options + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d274f8b1-0f7c-44cc-8063-3d04a33a9404?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-wallet/" + google-query: inurl:"/wp-content/plugins/woo-wallet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-wallet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-wallet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-wallet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-wallet-d844d4bb69ae6b349312f77792834a3c.yaml b/nuclei-templates/cve-less/plugins/woo-wallet-d844d4bb69ae6b349312f77792834a3c.yaml new file mode 100644 index 0000000000..90ad64aef1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-wallet-d844d4bb69ae6b349312f77792834a3c.yaml @@ -0,0 +1,58 @@ +id: woo-wallet-d844d4bb69ae6b349312f77792834a3c + +info: + name: > + TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.5.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e35b077-8bb4-49fb-bd79-d9086d9a26dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-wallet/" + google-query: inurl:"/wp-content/plugins/woo-wallet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-wallet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-wallet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-wallet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-wallet-fcef50fc4ab0d04c6eb8673c640961fc.yaml b/nuclei-templates/cve-less/plugins/woo-wallet-fcef50fc4ab0d04c6eb8673c640961fc.yaml new file mode 100644 index 0000000000..664178db9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-wallet-fcef50fc4ab0d04c6eb8673c640961fc.yaml @@ -0,0 +1,58 @@ +id: woo-wallet-fcef50fc4ab0d04c6eb8673c640961fc + +info: + name: > + TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.4.10 - Missing Authorization to Authenticated (Subscriber+) User Email Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18e24a2e-cbc6-4285-b846-bea513b6ff69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-wallet/" + google-query: inurl:"/wp-content/plugins/woo-wallet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-wallet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-wallet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-wallet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-whatsapp-request-quote-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/woo-whatsapp-request-quote-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..ea1b92629b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-whatsapp-request-quote-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: woo-whatsapp-request-quote-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-whatsapp-request-quote/" + google-query: inurl:"/wp-content/plugins/woo-whatsapp-request-quote/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-whatsapp-request-quote,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-whatsapp-request-quote/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-whatsapp-request-quote" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woo-zoho-359caa278db872385828cbff71df46b1.yaml b/nuclei-templates/cve-less/plugins/woo-zoho-359caa278db872385828cbff71df46b1.yaml new file mode 100644 index 0000000000..0103594448 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woo-zoho-359caa278db872385828cbff71df46b1.yaml @@ -0,0 +1,58 @@ +id: woo-zoho-359caa278db872385828cbff71df46b1 + +info: + name: > + Integration for WooCommerce and Zoho CRM <= 1.3.6 - Open Redirect via setup_plugin + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb3b1429-4d58-41e3-bc99-9d0d38885293?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woo-zoho/" + google-query: inurl:"/wp-content/plugins/woo-zoho/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woo-zoho,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woo-zoho/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woo-zoho" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-03ab94cbc5738569e6dbfc88111c85a5.yaml b/nuclei-templates/cve-less/plugins/woocommerce-03ab94cbc5738569e6dbfc88111c85a5.yaml new file mode 100644 index 0000000000..6e8760f989 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-03ab94cbc5738569e6dbfc88111c85a5.yaml @@ -0,0 +1,58 @@ +id: woocommerce-03ab94cbc5738569e6dbfc88111c85a5 + +info: + name: > + WooCommerce <= 8.1.1 & WooCommerce Blocks <= 11.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image alt Attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/525dec5b-b457-483c-ab2d-09dd320edcaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-2checkout-payment-ff847df8e45ccd8c8631d5e2f3e5787c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-2checkout-payment-ff847df8e45ccd8c8631d5e2f3e5787c.yaml new file mode 100644 index 0000000000..5bd2e53cc7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-2checkout-payment-ff847df8e45ccd8c8631d5e2f3e5787c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-2checkout-payment-ff847df8e45ccd8c8631d5e2f3e5787c + +info: + name: > + 2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc6a4a5-b133-4ee1-a345-a7c812624b03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-2checkout-payment/" + google-query: inurl:"/wp-content/plugins/woocommerce-2checkout-payment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-2checkout-payment,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-2checkout-payment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-2checkout-payment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-42f5857c1a1a9fe3bd07b32288faed9d.yaml b/nuclei-templates/cve-less/plugins/woocommerce-42f5857c1a1a9fe3bd07b32288faed9d.yaml new file mode 100644 index 0000000000..8aee90dc05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-42f5857c1a1a9fe3bd07b32288faed9d.yaml @@ -0,0 +1,58 @@ +id: woocommerce-42f5857c1a1a9fe3bd07b32288faed9d + +info: + name: > + WooCommerce <= 3.5.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2283bd6-7d69-40b9-a1f3-56b9c71c8574?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-487085694140471bbcc32f33541e46e2.yaml b/nuclei-templates/cve-less/plugins/woocommerce-487085694140471bbcc32f33541e46e2.yaml new file mode 100644 index 0000000000..9ab3d7380a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-487085694140471bbcc32f33541e46e2.yaml @@ -0,0 +1,58 @@ +id: woocommerce-487085694140471bbcc32f33541e46e2 + +info: + name: > + WooCommerce < 5.5 - Authenticated Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a17560b-4fe0-4e1b-b4a2-c411f1123914?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-6b3293fc7e42148d6c0cc437d12f11f2.yaml b/nuclei-templates/cve-less/plugins/woocommerce-6b3293fc7e42148d6c0cc437d12f11f2.yaml new file mode 100644 index 0000000000..b4b7b13234 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-6b3293fc7e42148d6c0cc437d12f11f2.yaml @@ -0,0 +1,58 @@ +id: woocommerce-6b3293fc7e42148d6c0cc437d12f11f2 + +info: + name: > + WooCommerce <= 2.3.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29b9cb4a-741d-4c38-b458-abd9900a8dce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-6bdece41810a5c3396f0d8933c273aac.yaml b/nuclei-templates/cve-less/plugins/woocommerce-6bdece41810a5c3396f0d8933c273aac.yaml new file mode 100644 index 0000000000..7044c64d78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-6bdece41810a5c3396f0d8933c273aac.yaml @@ -0,0 +1,58 @@ +id: woocommerce-6bdece41810a5c3396f0d8933c273aac + +info: + name: > + WooCommerce <= 8.2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb8517bc-f45f-40a1-ae80-ed227c8b32d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-74b60f27afca1a7a8208f5a85162c261.yaml b/nuclei-templates/cve-less/plugins/woocommerce-74b60f27afca1a7a8208f5a85162c261.yaml new file mode 100644 index 0000000000..6e6939b14f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-74b60f27afca1a7a8208f5a85162c261.yaml @@ -0,0 +1,58 @@ +id: woocommerce-74b60f27afca1a7a8208f5a85162c261 + +info: + name: > + WooCommerce <= 2.2.10 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4309271-f93a-46ac-8b0b-d6193487ac98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-78f0103ede56d833dde1d4c6ee111bb8.yaml b/nuclei-templates/cve-less/plugins/woocommerce-78f0103ede56d833dde1d4c6ee111bb8.yaml new file mode 100644 index 0000000000..8bf92aee76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-78f0103ede56d833dde1d4c6ee111bb8.yaml @@ -0,0 +1,58 @@ +id: woocommerce-78f0103ede56d833dde1d4c6ee111bb8 + +info: + name: > + WooCommerce <= 6.2.0 - Incorrect Authorization Checks on REST API Endpoints + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e6c1e98-72a2-4e74-bfd4-4054187d4d19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-7f0ce5b9ec72dd2d493ed1d295a17a8c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-7f0ce5b9ec72dd2d493ed1d295a17a8c.yaml new file mode 100644 index 0000000000..48a188ff45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-7f0ce5b9ec72dd2d493ed1d295a17a8c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-7f0ce5b9ec72dd2d493ed1d295a17a8c + +info: + name: > + WooCommerce <= 8.5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa2258e4-f802-490b-8c10-4f008698a032?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-8157d8b031515138cda4bb1e1c15680c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-8157d8b031515138cda4bb1e1c15680c.yaml new file mode 100644 index 0000000000..4ffae6ba44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-8157d8b031515138cda4bb1e1c15680c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-8157d8b031515138cda4bb1e1c15680c + +info: + name: > + WooCommerce <= 2.6.8 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36f107cf-4b85-4016-b7af-b73a706cf1a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-8278cbb2c639762ea7b3c55a978dbdc6.yaml b/nuclei-templates/cve-less/plugins/woocommerce-8278cbb2c639762ea7b3c55a978dbdc6.yaml new file mode 100644 index 0000000000..c9080feee0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-8278cbb2c639762ea7b3c55a978dbdc6.yaml @@ -0,0 +1,58 @@ +id: woocommerce-8278cbb2c639762ea7b3c55a978dbdc6 + +info: + name: > + WooCommerce <= 3.4.5 - WooCommerce File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54acaeeb-bc39-441a-b0bc-6005dc452d27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-a3fbd1fe770668e38f708933d8dad89a.yaml b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-a3fbd1fe770668e38f708933d8dad89a.yaml new file mode 100644 index 0000000000..570d8ea402 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-a3fbd1fe770668e38f708933d8dad89a.yaml @@ -0,0 +1,58 @@ +id: woocommerce-abandoned-cart-a3fbd1fe770668e38f708933d8dad89a + +info: + name: > + Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-abandoned-cart/" + google-query: inurl:"/wp-content/plugins/woocommerce-abandoned-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-abandoned-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-abandoned-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-af9a5eb02914599951c2e164f6765355.yaml b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-af9a5eb02914599951c2e164f6765355.yaml new file mode 100644 index 0000000000..31b39e3bd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-af9a5eb02914599951c2e164f6765355.yaml @@ -0,0 +1,58 @@ +id: woocommerce-abandoned-cart-af9a5eb02914599951c2e164f6765355 + +info: + name: > + Abandoned Cart Lite for WooCommerce <= 5.15.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/524e9ec1-9c7c-4b06-915c-8122ea6c3601?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-abandoned-cart/" + google-query: inurl:"/wp-content/plugins/woocommerce-abandoned-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-abandoned-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-abandoned-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.15.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-d06e8f101fc29e27f35965c937d312fd.yaml b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-d06e8f101fc29e27f35965c937d312fd.yaml new file mode 100644 index 0000000000..f89478c4d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-d06e8f101fc29e27f35965c937d312fd.yaml @@ -0,0 +1,58 @@ +id: woocommerce-abandoned-cart-d06e8f101fc29e27f35965c937d312fd + +info: + name: > + Abandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68052614-204f-4237-af0e-4b8210ebd59f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-abandoned-cart/" + google-query: inurl:"/wp-content/plugins/woocommerce-abandoned-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-abandoned-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-abandoned-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.15.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-d3760060833c9e24b772fab4457401bf.yaml b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-d3760060833c9e24b772fab4457401bf.yaml new file mode 100644 index 0000000000..096266e875 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-d3760060833c9e24b772fab4457401bf.yaml @@ -0,0 +1,58 @@ +id: woocommerce-abandoned-cart-d3760060833c9e24b772fab4457401bf + +info: + name: > + Abandoned Cart Lite for WooCommerce <= 5.16.1 - Missing Authorization via multiple AJAX functions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51cfe955-f854-4f88-a009-93f92ae13d86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-abandoned-cart/" + google-query: inurl:"/wp-content/plugins/woocommerce-abandoned-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-abandoned-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-abandoned-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.16.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-ea2c685d00d1a8d5b19ac5e3ca2b27ac.yaml b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-ea2c685d00d1a8d5b19ac5e3ca2b27ac.yaml new file mode 100644 index 0000000000..8fbe88a1a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-ea2c685d00d1a8d5b19ac5e3ca2b27ac.yaml @@ -0,0 +1,58 @@ +id: woocommerce-abandoned-cart-ea2c685d00d1a8d5b19ac5e3ca2b27ac + +info: + name: > + Abandoned Cart Lite for WooCommerce <= 5.8.5 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab5d87d2-f3cb-4926-9cbf-acdbe9169f64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-abandoned-cart/" + google-query: inurl:"/wp-content/plugins/woocommerce-abandoned-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-abandoned-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-abandoned-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-pro-a3fbd1fe770668e38f708933d8dad89a.yaml b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-pro-a3fbd1fe770668e38f708933d8dad89a.yaml new file mode 100644 index 0000000000..edb8708686 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-abandoned-cart-pro-a3fbd1fe770668e38f708933d8dad89a.yaml @@ -0,0 +1,58 @@ +id: woocommerce-abandoned-cart-pro-a3fbd1fe770668e38f708933d8dad89a + +info: + name: > + Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9cc5c6d-4396-4ebf-8788-f01dd9e9cfbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-abandoned-cart-pro/" + google-query: inurl:"/wp-content/plugins/woocommerce-abandoned-cart-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-abandoned-cart-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-abandoned-cart-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-abandoned-cart-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-aca82f89029d85161f52ea200f7cad49.yaml b/nuclei-templates/cve-less/plugins/woocommerce-aca82f89029d85161f52ea200f7cad49.yaml new file mode 100644 index 0000000000..007cb3589f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-aca82f89029d85161f52ea200f7cad49.yaml @@ -0,0 +1,58 @@ +id: woocommerce-aca82f89029d85161f52ea200f7cad49 + +info: + name: > + WooCommerce <= 3.2.3 - Authenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69fa0b8f-8509-47a8-951a-830271b2b29e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-add-to-cart-custom-redirect-754ce0f32f23ec71660fa4b4da98462b.yaml b/nuclei-templates/cve-less/plugins/woocommerce-add-to-cart-custom-redirect-754ce0f32f23ec71660fa4b4da98462b.yaml new file mode 100644 index 0000000000..7b225c00db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-add-to-cart-custom-redirect-754ce0f32f23ec71660fa4b4da98462b.yaml @@ -0,0 +1,58 @@ +id: woocommerce-add-to-cart-custom-redirect-754ce0f32f23ec71660fa4b4da98462b + +info: + name: > + WooCommerce Add to Cart Custom Redirect <= 1.2.13 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36c6a116-37cc-4ade-b601-5f9d6aaf9217?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-add-to-cart-custom-redirect/" + google-query: inurl:"/wp-content/plugins/woocommerce-add-to-cart-custom-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-add-to-cart-custom-redirect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-add-to-cart-custom-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-add-to-cart-custom-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-ajax-filters-d6de9c59d6ad94b2ef11d2e62d1ccaa3.yaml b/nuclei-templates/cve-less/plugins/woocommerce-ajax-filters-d6de9c59d6ad94b2ef11d2e62d1ccaa3.yaml new file mode 100644 index 0000000000..3f4987dc6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-ajax-filters-d6de9c59d6ad94b2ef11d2e62d1ccaa3.yaml @@ -0,0 +1,58 @@ +id: woocommerce-ajax-filters-d6de9c59d6ad94b2ef11d2e62d1ccaa3 + +info: + name: > + Advanced AJAX Product Filters <= 1.5.4.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e282a23-07e8-464a-9d6e-a2eb506064bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-ajax-filters/" + google-query: inurl:"/wp-content/plugins/woocommerce-ajax-filters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-ajax-filters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-ajax-filters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-ajax-filters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-alidropship-a08ed7f8c49cfccd0922eb203ec35499.yaml b/nuclei-templates/cve-less/plugins/woocommerce-alidropship-a08ed7f8c49cfccd0922eb203ec35499.yaml new file mode 100644 index 0000000000..efec245c9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-alidropship-a08ed7f8c49cfccd0922eb203ec35499.yaml @@ -0,0 +1,58 @@ +id: woocommerce-alidropship-a08ed7f8c49cfccd0922eb203ec35499 + +info: + name: > + ALD - AliExpress Dropshipping and Fulfillment for WooCommerce Premium <= 1.1.0 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/192728d1-786d-41eb-9133-ad8517052478?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-alidropship/" + google-query: inurl:"/wp-content/plugins/woocommerce-alidropship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-alidropship,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-alidropship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-alidropship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-amazon-affiliates-light-version-11c10e4dc5f28f5f7b4e3c822488409f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-amazon-affiliates-light-version-11c10e4dc5f28f5f7b4e3c822488409f.yaml new file mode 100644 index 0000000000..fdb41d7ed0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-amazon-affiliates-light-version-11c10e4dc5f28f5f7b4e3c822488409f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-amazon-affiliates-light-version-11c10e4dc5f28f5f7b4e3c822488409f + +info: + name: > + WZone - Lite <= 3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2278347-d961-47d7-b89d-61a82441597c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-amazon-affiliates-light-version/" + google-query: inurl:"/wp-content/plugins/woocommerce-amazon-affiliates-light-version/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-amazon-affiliates-light-version,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-amazon-affiliates-light-version/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-amazon-affiliates-light-version" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-aweber-newsletter-subscription-31cb28ae35765828074fe75a48e7d24a.yaml b/nuclei-templates/cve-less/plugins/woocommerce-aweber-newsletter-subscription-31cb28ae35765828074fe75a48e7d24a.yaml new file mode 100644 index 0000000000..c3a1849afb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-aweber-newsletter-subscription-31cb28ae35765828074fe75a48e7d24a.yaml @@ -0,0 +1,58 @@ +id: woocommerce-aweber-newsletter-subscription-31cb28ae35765828074fe75a48e7d24a + +info: + name: > + WooCommerce AWeber Newsletter Subscription <= 4.0.2 - Missing Authorization to Access Token Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d187a8d6-fa81-45c6-a107-f8b96b130e6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-aweber-newsletter-subscription/" + google-query: inurl:"/wp-content/plugins/woocommerce-aweber-newsletter-subscription/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-aweber-newsletter-subscription,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-aweber-newsletter-subscription/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-aweber-newsletter-subscription" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-bookings-469be2a58c38c17e864a03db20b30c4c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-bookings-469be2a58c38c17e864a03db20b30c4c.yaml new file mode 100644 index 0000000000..9bd9fd9cb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-bookings-469be2a58c38c17e864a03db20b30c4c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-bookings-469be2a58c38c17e864a03db20b30c4c + +info: + name: > + WooCommerce Bookings <= 2.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a54841af-65ce-4434-a67e-79ea673ec8f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-bookings/" + google-query: inurl:"/wp-content/plugins/woocommerce-bookings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-bookings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-bookings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-bookings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-bookings-88bae4ee7812477c9e872ff70c893eb5.yaml b/nuclei-templates/cve-less/plugins/woocommerce-bookings-88bae4ee7812477c9e872ff70c893eb5.yaml new file mode 100644 index 0000000000..570338e6c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-bookings-88bae4ee7812477c9e872ff70c893eb5.yaml @@ -0,0 +1,58 @@ +id: woocommerce-bookings-88bae4ee7812477c9e872ff70c893eb5 + +info: + name: > + WooCommerce Bookings <= 1.15.78 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b365fb8-7a93-4306-b2b1-ce47dc19457a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-bookings/" + google-query: inurl:"/wp-content/plugins/woocommerce-bookings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-bookings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-bookings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-bookings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15.78') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-box-office-26df4386152f6b2123dc8be12dc2c025.yaml b/nuclei-templates/cve-less/plugins/woocommerce-box-office-26df4386152f6b2123dc8be12dc2c025.yaml new file mode 100644 index 0000000000..26c2dd774d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-box-office-26df4386152f6b2123dc8be12dc2c025.yaml @@ -0,0 +1,58 @@ +id: woocommerce-box-office-26df4386152f6b2123dc8be12dc2c025 + +info: + name: > + WooCommerce Box Office <= 1.2.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff2097a9-fe7a-48f3-be9c-dc0caef74262?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-box-office/" + google-query: inurl:"/wp-content/plugins/woocommerce-box-office/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-box-office,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-box-office/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-box-office" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-box-office-615764f544ee769c8562683adf2e3c22.yaml b/nuclei-templates/cve-less/plugins/woocommerce-box-office-615764f544ee769c8562683adf2e3c22.yaml new file mode 100644 index 0000000000..f543fea33a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-box-office-615764f544ee769c8562683adf2e3c22.yaml @@ -0,0 +1,58 @@ +id: woocommerce-box-office-615764f544ee769c8562683adf2e3c22 + +info: + name: > + WooCommerce Box Office <= 1.1.50 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ebd05d5-a65d-49df-a865-882e9d17fc0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-box-office/" + google-query: inurl:"/wp-content/plugins/woocommerce-box-office/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-box-office,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-box-office/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-box-office" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-box-office-e7840c043e4c24ed6e535dc7a65aee86.yaml b/nuclei-templates/cve-less/plugins/woocommerce-box-office-e7840c043e4c24ed6e535dc7a65aee86.yaml new file mode 100644 index 0000000000..8396740d43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-box-office-e7840c043e4c24ed6e535dc7a65aee86.yaml @@ -0,0 +1,58 @@ +id: woocommerce-box-office-e7840c043e4c24ed6e535dc7a65aee86 + +info: + name: > + WooCommerce Box Office <= 1.1.51 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8872eca8-4812-4f5f-b775-cbfab90ba2ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-box-office/" + google-query: inurl:"/wp-content/plugins/woocommerce-box-office/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-box-office,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-box-office/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-box-office" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-brands-36407f459596fb4be9dff24b707a16b5.yaml b/nuclei-templates/cve-less/plugins/woocommerce-brands-36407f459596fb4be9dff24b707a16b5.yaml new file mode 100644 index 0000000000..11a1ce8eec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-brands-36407f459596fb4be9dff24b707a16b5.yaml @@ -0,0 +1,58 @@ +id: woocommerce-brands-36407f459596fb4be9dff24b707a16b5 + +info: + name: > + WooCommerce Brands <= 1.6.45 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/accdcff0-f361-4632-b0b7-e55975adeebb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-brands/" + google-query: inurl:"/wp-content/plugins/woocommerce-brands/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-brands,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-brands/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-brands" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.45') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-brands-e749226d2f0bc5e5b3821630005dc969.yaml b/nuclei-templates/cve-less/plugins/woocommerce-brands-e749226d2f0bc5e5b3821630005dc969.yaml new file mode 100644 index 0000000000..5cddf5d03e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-brands-e749226d2f0bc5e5b3821630005dc969.yaml @@ -0,0 +1,58 @@ +id: woocommerce-brands-e749226d2f0bc5e5b3821630005dc969 + +info: + name: > + WooCommerce Brands <= 1.6.49 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a26a6f28-4a7f-421d-a69e-2afbe1367106?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-brands/" + google-query: inurl:"/wp-content/plugins/woocommerce-brands/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-brands,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-brands/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-brands" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.49') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-bulk-order-form-d9e29420afd04acd93625f8acad7ad8f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-bulk-order-form-d9e29420afd04acd93625f8acad7ad8f.yaml new file mode 100644 index 0000000000..794911b969 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-bulk-order-form-d9e29420afd04acd93625f8acad7ad8f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-bulk-order-form-d9e29420afd04acd93625f8acad7ad8f + +info: + name: > + Quick/Bulk Order Form for WooCommerce <= 3.5.7 - Authenticated (Shop manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/898af9aa-72c4-46a6-afc2-76dd17672fbc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-bulk-order-form/" + google-query: inurl:"/wp-content/plugins/woocommerce-bulk-order-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-bulk-order-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-bulk-order-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-bulk-order-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-bulk-stock-management-8a651f3bc7f119f869db333cd8567d87.yaml b/nuclei-templates/cve-less/plugins/woocommerce-bulk-stock-management-8a651f3bc7f119f869db333cd8567d87.yaml new file mode 100644 index 0000000000..59f308e138 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-bulk-stock-management-8a651f3bc7f119f869db333cd8567d87.yaml @@ -0,0 +1,58 @@ +id: woocommerce-bulk-stock-management-8a651f3bc7f119f869db333cd8567d87 + +info: + name: > + WooCommerce Bulk Stock Management <= 2.2.33 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f5d874a-d70e-4d3f-a9aa-d24707a3f7f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-bulk-stock-management/" + google-query: inurl:"/wp-content/plugins/woocommerce-bulk-stock-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-bulk-stock-management,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-bulk-stock-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-bulk-stock-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-c27b32abd810b7ccfab57cf684c27b3d.yaml b/nuclei-templates/cve-less/plugins/woocommerce-c27b32abd810b7ccfab57cf684c27b3d.yaml new file mode 100644 index 0000000000..3443b9d834 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-c27b32abd810b7ccfab57cf684c27b3d.yaml @@ -0,0 +1,58 @@ +id: woocommerce-c27b32abd810b7ccfab57cf684c27b3d + +info: + name: > + WooCommerce <= 6.5.1 - Authenticated (Admin+) HTML Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94d682bb-ed94-40fc-98b4-2f404d6cd8ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-12f3d91aee2db4ef957651a35087221c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-12f3d91aee2db4ef957651a35087221c.yaml new file mode 100644 index 0000000000..bf6cda10b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-12f3d91aee2db4ef957651a35087221c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-catalog-enquiry-12f3d91aee2db4ef957651a35087221c + +info: + name: > + Product Catalog Enquiry for WooCommerce by MultiVendorX <= 5.0.5 - Cross-Site Request Forgery via REST API + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb00342-64f9-4eeb-ba75-1c1544b11334?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-catalog-enquiry/" + google-query: inurl:"/wp-content/plugins/woocommerce-catalog-enquiry/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-catalog-enquiry,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-catalog-enquiry/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-catalog-enquiry" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-9c5f7452ef32bc2b3e47c8bc589c9872.yaml b/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-9c5f7452ef32bc2b3e47c8bc589c9872.yaml new file mode 100644 index 0000000000..a850036db1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-9c5f7452ef32bc2b3e47c8bc589c9872.yaml @@ -0,0 +1,58 @@ +id: woocommerce-catalog-enquiry-9c5f7452ef32bc2b3e47c8bc589c9872 + +info: + name: > + WC Catalog Enquiry <= 3.0.5 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfe1d122-610a-47c1-944d-bf7352e9ff38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-catalog-enquiry/" + google-query: inurl:"/wp-content/plugins/woocommerce-catalog-enquiry/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-catalog-enquiry,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-catalog-enquiry/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-catalog-enquiry" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-a21ec241225c68d34de1331139c91c71.yaml b/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-a21ec241225c68d34de1331139c91c71.yaml new file mode 100644 index 0000000000..8dbee1035f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-a21ec241225c68d34de1331139c91c71.yaml @@ -0,0 +1,58 @@ +id: woocommerce-catalog-enquiry-a21ec241225c68d34de1331139c91c71 + +info: + name: > + Product Catalog Mode For WooCommerce <= 5.0.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52c4c16f-2e6e-4cbd-b061-4324a6002eab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-catalog-enquiry/" + google-query: inurl:"/wp-content/plugins/woocommerce-catalog-enquiry/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-catalog-enquiry,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-catalog-enquiry/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-catalog-enquiry" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-b8512840012a562de1323a1815a4b21e.yaml b/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-b8512840012a562de1323a1815a4b21e.yaml new file mode 100644 index 0000000000..35a725b2f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-catalog-enquiry-b8512840012a562de1323a1815a4b21e.yaml @@ -0,0 +1,58 @@ +id: woocommerce-catalog-enquiry-b8512840012a562de1323a1815a4b21e + +info: + name: > + Product Catalog Enquiry <= 5.0.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03177018-94cb-4e14-9476-e2d369414c38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-catalog-enquiry/" + google-query: inurl:"/wp-content/plugins/woocommerce-catalog-enquiry/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-catalog-enquiry,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-catalog-enquiry/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-catalog-enquiry" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-chained-products-a49761e8700910d2b10517900bb96f1c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-chained-products-a49761e8700910d2b10517900bb96f1c.yaml new file mode 100644 index 0000000000..9bd7f1d312 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-chained-products-a49761e8700910d2b10517900bb96f1c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-chained-products-a49761e8700910d2b10517900bb96f1c + +info: + name: > + WooCommerce Chained Products < 2.12.0 - Missing Authorization to Arbitrary Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b839c7d-76fb-465e-9f27-1882cf0099fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-chained-products/" + google-query: inurl:"/wp-content/plugins/woocommerce-chained-products/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-chained-products,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-chained-products/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-chained-products" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-checkout-manager-c27f182f563d1fb6d07ba79eda84b6fe.yaml b/nuclei-templates/cve-less/plugins/woocommerce-checkout-manager-c27f182f563d1fb6d07ba79eda84b6fe.yaml new file mode 100644 index 0000000000..7351abd683 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-checkout-manager-c27f182f563d1fb6d07ba79eda84b6fe.yaml @@ -0,0 +1,58 @@ +id: woocommerce-checkout-manager-c27f182f563d1fb6d07ba79eda84b6fe + +info: + name: > + WooCommerce Checkout Manager <= 7.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fffd7d50-6563-4652-8fae-3fe698125c59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-checkout-manager/" + google-query: inurl:"/wp-content/plugins/woocommerce-checkout-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-checkout-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-checkout-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-checkout-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-checkout-manager-eb73f0a8b99b79a58df7341a863670b9.yaml b/nuclei-templates/cve-less/plugins/woocommerce-checkout-manager-eb73f0a8b99b79a58df7341a863670b9.yaml new file mode 100644 index 0000000000..ca45212c17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-checkout-manager-eb73f0a8b99b79a58df7341a863670b9.yaml @@ -0,0 +1,58 @@ +id: woocommerce-checkout-manager-eb73f0a8b99b79a58df7341a863670b9 + +info: + name: > + WooCommerce Checkout Manager <= 4.2.6 - Unauthenticated Arbitrary Media Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37d13a43-13f4-460d-b5ea-5def8a379d54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-checkout-manager/" + google-query: inurl:"/wp-content/plugins/woocommerce-checkout-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-checkout-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-checkout-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-checkout-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-cloak-affiliate-links-45dd3e2337c1445444e70d9c65cc1e8d.yaml b/nuclei-templates/cve-less/plugins/woocommerce-cloak-affiliate-links-45dd3e2337c1445444e70d9c65cc1e8d.yaml new file mode 100644 index 0000000000..e196a1f688 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-cloak-affiliate-links-45dd3e2337c1445444e70d9c65cc1e8d.yaml @@ -0,0 +1,58 @@ +id: woocommerce-cloak-affiliate-links-45dd3e2337c1445444e70d9c65cc1e8d + +info: + name: > + WooCommerce Cloak Affiliate Links <= 1.0.33 - Missing Authorization to Unauthenticated Permalink Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c731e39-998e-44d2-8cf9-4d9c39731c5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-cloak-affiliate-links/" + google-query: inurl:"/wp-content/plugins/woocommerce-cloak-affiliate-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-cloak-affiliate-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-cloak-affiliate-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-cloak-affiliate-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-composite-products-866b0214eeca06aa312ee4f312dac633.yaml b/nuclei-templates/cve-less/plugins/woocommerce-composite-products-866b0214eeca06aa312ee4f312dac633.yaml new file mode 100644 index 0000000000..e91c0ec942 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-composite-products-866b0214eeca06aa312ee4f312dac633.yaml @@ -0,0 +1,58 @@ +id: woocommerce-composite-products-866b0214eeca06aa312ee4f312dac633 + +info: + name: > + WooCommerce Composite Products <= 8.7.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d45bd32-d693-40e6-9b30-9e0b91eb4660?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-composite-products/" + google-query: inurl:"/wp-content/plugins/woocommerce-composite-products/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-composite-products,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-composite-products/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-composite-products" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-8f3437550e10d6083b697e38767da0b0.yaml b/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-8f3437550e10d6083b697e38767da0b0.yaml new file mode 100644 index 0000000000..b0e74e9306 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-8f3437550e10d6083b697e38767da0b0.yaml @@ -0,0 +1,58 @@ +id: woocommerce-conversion-tracking-8f3437550e10d6083b697e38767da0b0 + +info: + name: > + WooCommerce Conversion Tracking <= 2.0.11 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf798142-4daf-41f5-8416-701d03476520?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-conversion-tracking/" + google-query: inurl:"/wp-content/plugins/woocommerce-conversion-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-conversion-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-conversion-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..93019196a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: woocommerce-conversion-tracking-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-conversion-tracking/" + google-query: inurl:"/wp-content/plugins/woocommerce-conversion-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-conversion-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-conversion-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-f4f0c2c884affbdbf175616a0bb1ff76.yaml b/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-f4f0c2c884affbdbf175616a0bb1ff76.yaml new file mode 100644 index 0000000000..69ef4fb2ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-conversion-tracking-f4f0c2c884affbdbf175616a0bb1ff76.yaml @@ -0,0 +1,58 @@ +id: woocommerce-conversion-tracking-f4f0c2c884affbdbf175616a0bb1ff76 + +info: + name: > + WooCommerce Conversion Tracking <= 2.0.11 - Missing Authorization via wcct_install_happy_addons + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4775ef21-01d6-4c5a-9e3e-f9b6e093fc7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-conversion-tracking/" + google-query: inurl:"/wp-content/plugins/woocommerce-conversion-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-conversion-tracking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-conversion-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-conversion-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-2e62f757ecb9e88c7028d520dbc7db1f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-2e62f757ecb9e88c7028d520dbc7db1f.yaml new file mode 100644 index 0000000000..7b954b1bd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-2e62f757ecb9e88c7028d520dbc7db1f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-currency-switcher-2e62f757ecb9e88c7028d520dbc7db1f + +info: + name: > + WOOCS – WooCommerce Currency Switcher <= 1.4.1.4 - Cross-Site Request Forgery via delete_profiles_data + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/139d4ec2-1147-4332-a56d-633890f32560?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-currency-switcher/" + google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-406a6ababbf7eb821b04527364536110.yaml b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-406a6ababbf7eb821b04527364536110.yaml new file mode 100644 index 0000000000..1055ea0947 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-406a6ababbf7eb821b04527364536110.yaml @@ -0,0 +1,58 @@ +id: woocommerce-currency-switcher-406a6ababbf7eb821b04527364536110 + +info: + name: > + WOOCS – WooCommerce Currency Switcher <= 1.4.1.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6db5f214-ba1a-4528-9bb6-0592822bf8bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-currency-switcher/" + google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-419388b03e7c101be5aa9e9f67fb81d9.yaml b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-419388b03e7c101be5aa9e9f67fb81d9.yaml new file mode 100644 index 0000000000..851eafef1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-419388b03e7c101be5aa9e9f67fb81d9.yaml @@ -0,0 +1,58 @@ +id: woocommerce-currency-switcher-419388b03e7c101be5aa9e9f67fb81d9 + +info: + name: > + WOOCS <= 1.3.7.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5442453-6b72-4c8b-8b9f-59b8536aac73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-currency-switcher/" + google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-4a8f4a33d3fd03ddfa522524f9449c10.yaml b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-4a8f4a33d3fd03ddfa522524f9449c10.yaml new file mode 100644 index 0000000000..6488ce011e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-4a8f4a33d3fd03ddfa522524f9449c10.yaml @@ -0,0 +1,58 @@ +id: woocommerce-currency-switcher-4a8f4a33d3fd03ddfa522524f9449c10 + +info: + name: > + WOOCS <= 1.3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cbcb659-6732-4893-b6a0-52a558cea351?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-currency-switcher/" + google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-6bedb1579a7e4736e9514fa8e953db76.yaml b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-6bedb1579a7e4736e9514fa8e953db76.yaml new file mode 100644 index 0000000000..c72dce4311 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-6bedb1579a7e4736e9514fa8e953db76.yaml @@ -0,0 +1,58 @@ +id: woocommerce-currency-switcher-6bedb1579a7e4736e9514fa8e953db76 + +info: + name: > + WOOCS <= 1.3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3fcadf-60bd-4a2e-a30c-e276dd04368c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-currency-switcher/" + google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-730d551e137dbe1c7e3252334b46b802.yaml b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-730d551e137dbe1c7e3252334b46b802.yaml new file mode 100644 index 0000000000..f4bc308aea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-730d551e137dbe1c7e3252334b46b802.yaml @@ -0,0 +1,58 @@ +id: woocommerce-currency-switcher-730d551e137dbe1c7e3252334b46b802 + +info: + name: > + FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c1d49d0-c9aa-401c-80b9-d4df7fe97691?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-currency-switcher/" + google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-92d281b70c0c1113532c8a9e6c09ac40.yaml b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-92d281b70c0c1113532c8a9e6c09ac40.yaml new file mode 100644 index 0000000000..b5cb10802a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-92d281b70c0c1113532c8a9e6c09ac40.yaml @@ -0,0 +1,58 @@ +id: woocommerce-currency-switcher-92d281b70c0c1113532c8a9e6c09ac40 + +info: + name: > + WooCommerce Currency Switcher <= 1.3.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b85d8451-5283-4a76-8565-c667a3d2d917?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-currency-switcher/" + google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-94b50ea832a6fb6b13dcb5407b94970f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-94b50ea832a6fb6b13dcb5407b94970f.yaml new file mode 100644 index 0000000000..594daf7f60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-94b50ea832a6fb6b13dcb5407b94970f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-currency-switcher-94b50ea832a6fb6b13dcb5407b94970f + +info: + name: > + FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cb37019-33f6-4f72-adfc-befbfbf69e47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-currency-switcher/" + google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-a667090a25b41229ec62a693f2dae2ee.yaml b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-a667090a25b41229ec62a693f2dae2ee.yaml new file mode 100644 index 0000000000..2300444927 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-a667090a25b41229ec62a693f2dae2ee.yaml @@ -0,0 +1,58 @@ +id: woocommerce-currency-switcher-a667090a25b41229ec62a693f2dae2ee + +info: + name: > + WOOCS <= 1.3.7.4 - Reflected Cross-Site Scripting via AJAX action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd53147f-2230-4b8b-a1a1-df377b334072?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-currency-switcher/" + google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-ddc4061947d45933e373a65e6831e3d2.yaml b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-ddc4061947d45933e373a65e6831e3d2.yaml new file mode 100644 index 0000000000..cd47995558 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-currency-switcher-ddc4061947d45933e373a65e6831e3d2.yaml @@ -0,0 +1,58 @@ +id: woocommerce-currency-switcher-ddc4061947d45933e373a65e6831e3d2 + +info: + name: > + WOOCS – Currency Switcher for WooCommerce Professional Free <= 1.3.7 - Authenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c15eda1f-dc9f-4601-a337-ad3e66baf3b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-currency-switcher/" + google-query: inurl:"/wp-content/plugins/woocommerce-currency-switcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-currency-switcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-currency-switcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-currency-switcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-1cb42f62394546a329e0486aa05cce34.yaml b/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-1cb42f62394546a329e0486aa05cce34.yaml new file mode 100644 index 0000000000..e90101f108 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-1cb42f62394546a329e0486aa05cce34.yaml @@ -0,0 +1,58 @@ +id: woocommerce-customers-manager-1cb42f62394546a329e0486aa05cce34 + +info: + name: > + WooCommerce Customers Manager <= 29.6 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a14cf955-e354-49c3-a685-d5bd51c79ba9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-customers-manager/" + google-query: inurl:"/wp-content/plugins/woocommerce-customers-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-customers-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-customers-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-customers-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 29.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-9ab63666836232ba83e4036d46f6e9b9.yaml b/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-9ab63666836232ba83e4036d46f6e9b9.yaml new file mode 100644 index 0000000000..300c401784 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-9ab63666836232ba83e4036d46f6e9b9.yaml @@ -0,0 +1,58 @@ +id: woocommerce-customers-manager-9ab63666836232ba83e4036d46f6e9b9 + +info: + name: > + WooCommerce Customers Manager <= 29.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4c438e0-ea25-4372-8e4e-5d7163cc3447?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-customers-manager/" + google-query: inurl:"/wp-content/plugins/woocommerce-customers-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-customers-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-customers-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-customers-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 29.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-fc1bee3fb68d7c35aad200db5adf3590.yaml b/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-fc1bee3fb68d7c35aad200db5adf3590.yaml new file mode 100644 index 0000000000..27d4644109 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-customers-manager-fc1bee3fb68d7c35aad200db5adf3590.yaml @@ -0,0 +1,58 @@ +id: woocommerce-customers-manager-fc1bee3fb68d7c35aad200db5adf3590 + +info: + name: > + WooCommerce Customers Manager <= 29.7 - Missing Authorization to Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e904a619-4388-4c83-af7b-9642cb0b97c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-customers-manager/" + google-query: inurl:"/wp-content/plugins/woocommerce-customers-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-customers-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-customers-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-customers-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 29.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-cvr-payment-gateway-47a69422b8abe1dcc847b3db9997fa97.yaml b/nuclei-templates/cve-less/plugins/woocommerce-cvr-payment-gateway-47a69422b8abe1dcc847b3db9997fa97.yaml new file mode 100644 index 0000000000..0a618c9da3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-cvr-payment-gateway-47a69422b8abe1dcc847b3db9997fa97.yaml @@ -0,0 +1,58 @@ +id: woocommerce-cvr-payment-gateway-47a69422b8abe1dcc847b3db9997fa97 + +info: + name: > + WooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f72ba0e2-a9c4-43b0-a01f-185554090162?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-cvr-payment-gateway/" + google-query: inurl:"/wp-content/plugins/woocommerce-cvr-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-cvr-payment-gateway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-cvr-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-cvr-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-dd9c5510a5d40b29d6b46c88b274a46a.yaml b/nuclei-templates/cve-less/plugins/woocommerce-dd9c5510a5d40b29d6b46c88b274a46a.yaml new file mode 100644 index 0000000000..2ecb2d2717 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-dd9c5510a5d40b29d6b46c88b274a46a.yaml @@ -0,0 +1,58 @@ +id: woocommerce-dd9c5510a5d40b29d6b46c88b274a46a + +info: + name: > + WooCommerce <= 5.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dbaeabb-2610-4b24-8c47-a04b073bd290?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-delivery-notes-0416673ace5e88173c78bb032365c216.yaml b/nuclei-templates/cve-less/plugins/woocommerce-delivery-notes-0416673ace5e88173c78bb032365c216.yaml new file mode 100644 index 0000000000..76b3388ce1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-delivery-notes-0416673ace5e88173c78bb032365c216.yaml @@ -0,0 +1,58 @@ +id: woocommerce-delivery-notes-0416673ace5e88173c78bb032365c216 + +info: + name: > + Print Invoice & Delivery Notes for WooCommerce <= 4.7.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ddd27ba-ae65-4bb4-989d-0d677e15077a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-delivery-notes/" + google-query: inurl:"/wp-content/plugins/woocommerce-delivery-notes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-delivery-notes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-delivery-notes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-delivery-notes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-delivery-notes-1ba99d8d0c43c59d761a87f64764e3da.yaml b/nuclei-templates/cve-less/plugins/woocommerce-delivery-notes-1ba99d8d0c43c59d761a87f64764e3da.yaml new file mode 100644 index 0000000000..e9f3e7b37d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-delivery-notes-1ba99d8d0c43c59d761a87f64764e3da.yaml @@ -0,0 +1,58 @@ +id: woocommerce-delivery-notes-1ba99d8d0c43c59d761a87f64764e3da + +info: + name: > + Print Invoice & Delivery Notes for WooCommerce <= 4.7.2 - Cross-Site Request Forgery via ts_reset_tracking_setting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d811782e-3b59-4a46-9a2e-f24ef3dfbd4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-delivery-notes/" + google-query: inurl:"/wp-content/plugins/woocommerce-delivery-notes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-delivery-notes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-delivery-notes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-delivery-notes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-delivery-notes-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml b/nuclei-templates/cve-less/plugins/woocommerce-delivery-notes-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml new file mode 100644 index 0000000000..d85fb6aedf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-delivery-notes-1fa3ecb606b6c8eedf4f6c369e031dd5.yaml @@ -0,0 +1,58 @@ +id: woocommerce-delivery-notes-1fa3ecb606b6c8eedf4f6c369e031dd5 + +info: + name: > + Multiple Plugins by tychesoftwares <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a07d293-4c50-4be0-955f-b7c4a0eaef4b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-delivery-notes/" + google-query: inurl:"/wp-content/plugins/woocommerce-delivery-notes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-delivery-notes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-delivery-notes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-delivery-notes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-dropshipping-397fa61492d70ec7211788fe03e433d9.yaml b/nuclei-templates/cve-less/plugins/woocommerce-dropshipping-397fa61492d70ec7211788fe03e433d9.yaml new file mode 100644 index 0000000000..d1230d317e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-dropshipping-397fa61492d70ec7211788fe03e433d9.yaml @@ -0,0 +1,58 @@ +id: woocommerce-dropshipping-397fa61492d70ec7211788fe03e433d9 + +info: + name: > + WooCommerce Dropshipping Premium <= 4.3 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be0a6471-a78e-4fab-8ef5-93d16859bff4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-dropshipping/" + google-query: inurl:"/wp-content/plugins/woocommerce-dropshipping/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-dropshipping,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-dropshipping/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-dropshipping" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-e115a05599db838c2333feb6f8913d93.yaml b/nuclei-templates/cve-less/plugins/woocommerce-e115a05599db838c2333feb6f8913d93.yaml new file mode 100644 index 0000000000..5a3b3f2e05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-e115a05599db838c2333feb6f8913d93.yaml @@ -0,0 +1,58 @@ +id: woocommerce-e115a05599db838c2333feb6f8913d93 + +info: + name: > + WooCommerce <= 2.2.2 - Cross-Site Scripting via range Parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3d5f51f-6abd-49d0-b8cd-bbe518787ab8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-ean-payment-gateway-327db16d1bb219d0ce7124ea14eed0f3.yaml b/nuclei-templates/cve-less/plugins/woocommerce-ean-payment-gateway-327db16d1bb219d0ce7124ea14eed0f3.yaml new file mode 100644 index 0000000000..54a0df00b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-ean-payment-gateway-327db16d1bb219d0ce7124ea14eed0f3.yaml @@ -0,0 +1,58 @@ +id: woocommerce-ean-payment-gateway-327db16d1bb219d0ce7124ea14eed0f3 + +info: + name: > + WooCommerce EAN Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) EAN Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2760b183-3c15-4f0e-b72f-7c0333f9d4b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-ean-payment-gateway/" + google-query: inurl:"/wp-content/plugins/woocommerce-ean-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-ean-payment-gateway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-ean-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-ean-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-ef7a31408ee94f0eeed2849750238bac.yaml b/nuclei-templates/cve-less/plugins/woocommerce-ef7a31408ee94f0eeed2849750238bac.yaml new file mode 100644 index 0000000000..8eb2959755 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-ef7a31408ee94f0eeed2849750238bac.yaml @@ -0,0 +1,58 @@ +id: woocommerce-ef7a31408ee94f0eeed2849750238bac + +info: + name: > + WooCommerce < 4.7.0 - Insecure Direct Object Reference via order_id Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4279efe9-df57-405a-85a0-6c22e912662c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce/" + google-query: inurl:"/wp-content/plugins/woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-exporter-63060da1b9f2c3cbd43712f8f4871703.yaml b/nuclei-templates/cve-less/plugins/woocommerce-exporter-63060da1b9f2c3cbd43712f8f4871703.yaml new file mode 100644 index 0000000000..940521dbdc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-exporter-63060da1b9f2c3cbd43712f8f4871703.yaml @@ -0,0 +1,58 @@ +id: woocommerce-exporter-63060da1b9f2c3cbd43712f8f4871703 + +info: + name: > + WooCommerce - Store Exporter <= 2.7.2 - Reflected Cross-Site Scripting via 'filter' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/947286b0-347f-47ab-885a-7805b50f0be8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-exporter/" + google-query: inurl:"/wp-content/plugins/woocommerce-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-exporter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-exporter-675cb8bcb438f10a9bd4c15d9cbed954.yaml b/nuclei-templates/cve-less/plugins/woocommerce-exporter-675cb8bcb438f10a9bd4c15d9cbed954.yaml new file mode 100644 index 0000000000..fc02e29cf9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-exporter-675cb8bcb438f10a9bd4c15d9cbed954.yaml @@ -0,0 +1,58 @@ +id: woocommerce-exporter-675cb8bcb438f10a9bd4c15d9cbed954 + +info: + name: > + WooCommerce – Store Exporter <= 1.8.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d748e0f8-fe00-4751-9c24-561fd27e62c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-exporter/" + google-query: inurl:"/wp-content/plugins/woocommerce-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-exporter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-exporter-94e6a09d2cc84f5575e6e27866d15b32.yaml b/nuclei-templates/cve-less/plugins/woocommerce-exporter-94e6a09d2cc84f5575e6e27866d15b32.yaml new file mode 100644 index 0000000000..42caf75fd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-exporter-94e6a09d2cc84f5575e6e27866d15b32.yaml @@ -0,0 +1,58 @@ +id: woocommerce-exporter-94e6a09d2cc84f5575e6e27866d15b32 + +info: + name: > + WooCommerce – Store Exporter <= 2.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bae23a4-0f25-430f-8bad-6ec7b2de3dbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-exporter/" + google-query: inurl:"/wp-content/plugins/woocommerce-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-exporter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-09fe90e01138ef94b76cf31af60e964c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-09fe90e01138ef94b76cf31af60e964c.yaml new file mode 100644 index 0000000000..779e3a47c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-09fe90e01138ef94b76cf31af60e964c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-follow-up-emails-09fe90e01138ef94b76cf31af60e964c + +info: + name: > + WooCommerce Follow-Up Emails <= 4.9.40 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fee61cd-7359-4193-8cf2-86e0527a8ef1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-follow-up-emails/" + google-query: inurl:"/wp-content/plugins/woocommerce-follow-up-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-follow-up-emails,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-follow-up-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-follow-up-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-1a8df042079c3b5a71f5229720de76a0.yaml b/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-1a8df042079c3b5a71f5229720de76a0.yaml new file mode 100644 index 0000000000..e43b413ad1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-1a8df042079c3b5a71f5229720de76a0.yaml @@ -0,0 +1,58 @@ +id: woocommerce-follow-up-emails-1a8df042079c3b5a71f5229720de76a0 + +info: + name: > + WooCommerce Follow-Up Emails <= 4.9.40 - Authenticated Arbitrary File Upload in Template Editing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a169934d-17ce-4d34-be00-c5ac0b488066?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-follow-up-emails/" + google-query: inurl:"/wp-content/plugins/woocommerce-follow-up-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-follow-up-emails,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-follow-up-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-follow-up-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-9f39bbe8da0a79b61b743c5fac55c881.yaml b/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-9f39bbe8da0a79b61b743c5fac55c881.yaml new file mode 100644 index 0000000000..50b0032790 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-9f39bbe8da0a79b61b743c5fac55c881.yaml @@ -0,0 +1,58 @@ +id: woocommerce-follow-up-emails-9f39bbe8da0a79b61b743c5fac55c881 + +info: + name: > + WooCommerce Follow-Up Emails <= 4.9.50 - Authenticated (Follow-up emails manager+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc5276e2-e9de-4409-bbe0-4d0b37244367?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-follow-up-emails/" + google-query: inurl:"/wp-content/plugins/woocommerce-follow-up-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-follow-up-emails,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-follow-up-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-follow-up-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-c78f898e91c2c10e61af831a7f77760d.yaml b/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-c78f898e91c2c10e61af831a7f77760d.yaml new file mode 100644 index 0000000000..92ffceef42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-follow-up-emails-c78f898e91c2c10e61af831a7f77760d.yaml @@ -0,0 +1,58 @@ +id: woocommerce-follow-up-emails-c78f898e91c2c10e61af831a7f77760d + +info: + name: > + WooCommerce Follow-Up Emails <= 4.9.40 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4487391e-baa4-4320-a23d-b52a42e2de90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-follow-up-emails/" + google-query: inurl:"/wp-content/plugins/woocommerce-follow-up-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-follow-up-emails,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-follow-up-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-follow-up-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-for-japan-010c2fa504f8e0c5ce7acdd2e0b14e5d.yaml b/nuclei-templates/cve-less/plugins/woocommerce-for-japan-010c2fa504f8e0c5ce7acdd2e0b14e5d.yaml new file mode 100644 index 0000000000..21b4b1acc1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-for-japan-010c2fa504f8e0c5ce7acdd2e0b14e5d.yaml @@ -0,0 +1,58 @@ +id: woocommerce-for-japan-010c2fa504f8e0c5ce7acdd2e0b14e5d + +info: + name: > + Japanized For WooCommerce <= 2.6.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fc675e8-8ba1-40b0-829e-7a48d5eb586d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-for-japan/" + google-query: inurl:"/wp-content/plugins/woocommerce-for-japan/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-for-japan,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-for-japan/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-for-japan" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-for-japan-8d1e93909b79d28537c696fa4ea3a13b.yaml b/nuclei-templates/cve-less/plugins/woocommerce-for-japan-8d1e93909b79d28537c696fa4ea3a13b.yaml new file mode 100644 index 0000000000..e721be2ad1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-for-japan-8d1e93909b79d28537c696fa4ea3a13b.yaml @@ -0,0 +1,58 @@ +id: woocommerce-for-japan-8d1e93909b79d28537c696fa4ea3a13b + +info: + name: > + Japanized For WooCommerce <= 2.5.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea7d643c-3388-469f-b4a9-5c68341e2af0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-for-japan/" + google-query: inurl:"/wp-content/plugins/woocommerce-for-japan/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-for-japan,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-for-japan/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-for-japan" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-for-japan-af335eaec6af4f82a164161fc36ab9ea.yaml b/nuclei-templates/cve-less/plugins/woocommerce-for-japan-af335eaec6af4f82a164161fc36ab9ea.yaml new file mode 100644 index 0000000000..841c6dcd26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-for-japan-af335eaec6af4f82a164161fc36ab9ea.yaml @@ -0,0 +1,58 @@ +id: woocommerce-for-japan-af335eaec6af4f82a164161fc36ab9ea + +info: + name: > + Japanized For WooCommerce <= 2.5.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb606a30-2f7c-41e9-9ebc-9f1b0b84fff8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-for-japan/" + google-query: inurl:"/wp-content/plugins/woocommerce-for-japan/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-for-japan,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-for-japan/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-for-japan" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-frontend-shop-manager-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/woocommerce-frontend-shop-manager-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..10b8a5e01c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-frontend-shop-manager-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: woocommerce-frontend-shop-manager-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-frontend-shop-manager/" + google-query: inurl:"/wp-content/plugins/woocommerce-frontend-shop-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-frontend-shop-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-frontend-shop-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-frontend-shop-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz-ffaaa29eafbfa43f1ab24fb78aa6ea85.yaml b/nuclei-templates/cve-less/plugins/woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz-ffaaa29eafbfa43f1ab24fb78aa6ea85.yaml new file mode 100644 index 0000000000..464931a0a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz-ffaaa29eafbfa43f1ab24fb78aa6ea85.yaml @@ -0,0 +1,58 @@ +id: woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz-ffaaa29eafbfa43f1ab24fb78aa6ea85 + +info: + name: > + Kiwiz - Certification de facturation - Woocommerce <= 2.1.3 - Unauthenticated Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/603f0c9d-6964-4911-b4a5-bdad24a1a8dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz/" + google-query: inurl:"/wp-content/plugins/woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-gateway-certification-de-facture-et-gestion-de-pdf-kiwiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-gateway-gocardless-372a57ef9400497453c7017d55fedd93.yaml b/nuclei-templates/cve-less/plugins/woocommerce-gateway-gocardless-372a57ef9400497453c7017d55fedd93.yaml new file mode 100644 index 0000000000..13f20a0330 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-gateway-gocardless-372a57ef9400497453c7017d55fedd93.yaml @@ -0,0 +1,58 @@ +id: woocommerce-gateway-gocardless-372a57ef9400497453c7017d55fedd93 + +info: + name: > + WooCommerce GoCardless Gateway <= 2.5.6 - Unauthenticated Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa174135-d7aa-44f1-8924-44313fc70a75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-gateway-gocardless/" + google-query: inurl:"/wp-content/plugins/woocommerce-gateway-gocardless/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-gateway-gocardless,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-gateway-gocardless/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-gateway-gocardless" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-gateway-nab-dp-ab20415721ed085ae618181a838033a3.yaml b/nuclei-templates/cve-less/plugins/woocommerce-gateway-nab-dp-ab20415721ed085ae618181a838033a3.yaml new file mode 100644 index 0000000000..c5ed2bd385 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-gateway-nab-dp-ab20415721ed085ae618181a838033a3.yaml @@ -0,0 +1,58 @@ +id: woocommerce-gateway-nab-dp-ab20415721ed085ae618181a838033a3 + +info: + name: > + NAB Transact < 2.1.2 - Payment System Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1dccdbbd-fd3c-4d76-a05a-42f1c7f7132f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-gateway-nab-dp/" + google-query: inurl:"/wp-content/plugins/woocommerce-gateway-nab-dp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-gateway-nab-dp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-gateway-nab-dp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-gateway-nab-dp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-0187684b30a8dd357634d24962eef6bd.yaml b/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-0187684b30a8dd357634d24962eef6bd.yaml new file mode 100644 index 0000000000..c032861d81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-0187684b30a8dd357634d24962eef6bd.yaml @@ -0,0 +1,58 @@ +id: woocommerce-gateway-stripe-0187684b30a8dd357634d24962eef6bd + +info: + name: > + Stripe Gateway <= 7.6.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e4ad8fa-b04c-4821-aadb-3120f824557f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-gateway-stripe/" + google-query: inurl:"/wp-content/plugins/woocommerce-gateway-stripe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-gateway-stripe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-gateway-stripe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-gateway-stripe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-0b81aaa01f44c52b0f6d2c057df8ef8e.yaml b/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-0b81aaa01f44c52b0f6d2c057df8ef8e.yaml new file mode 100644 index 0000000000..c349e67d04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-0b81aaa01f44c52b0f6d2c057df8ef8e.yaml @@ -0,0 +1,58 @@ +id: woocommerce-gateway-stripe-0b81aaa01f44c52b0f6d2c057df8ef8e + +info: + name: > + WooCommerce Stripe Payment Gateway <= 7.4.0 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70971072-d743-466b-affe-d7f79d5712aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-gateway-stripe/" + google-query: inurl:"/wp-content/plugins/woocommerce-gateway-stripe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-gateway-stripe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-gateway-stripe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-gateway-stripe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '7.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-1dd78a63fe389dc209197bb2e45c0680.yaml b/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-1dd78a63fe389dc209197bb2e45c0680.yaml new file mode 100644 index 0000000000..e5e0f4561f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-1dd78a63fe389dc209197bb2e45c0680.yaml @@ -0,0 +1,58 @@ +id: woocommerce-gateway-stripe-1dd78a63fe389dc209197bb2e45c0680 + +info: + name: > + WooCommerce Stripe Payment Gateway <= 7.6.1 - Insecure Direct Object Reference via update_payment_intent_ajax + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ee04e4d-4385-4854-9bfe-1b957ca13963?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-gateway-stripe/" + google-query: inurl:"/wp-content/plugins/woocommerce-gateway-stripe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-gateway-stripe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-gateway-stripe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-gateway-stripe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-3b50ede48b2cfc5cc49521992d3d9653.yaml b/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-3b50ede48b2cfc5cc49521992d3d9653.yaml new file mode 100644 index 0000000000..d9b32c3e9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-gateway-stripe-3b50ede48b2cfc5cc49521992d3d9653.yaml @@ -0,0 +1,58 @@ +id: woocommerce-gateway-stripe-3b50ede48b2cfc5cc49521992d3d9653 + +info: + name: > + WooCommerce Stripe Payment Gateway <= 7.4.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c3789d0-6872-4691-94d9-58e1ac303c31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-gateway-stripe/" + google-query: inurl:"/wp-content/plugins/woocommerce-gateway-stripe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-gateway-stripe,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-gateway-stripe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-gateway-stripe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-help-scout-be181067e24f0cdc8c0b449617d32f97.yaml b/nuclei-templates/cve-less/plugins/woocommerce-help-scout-be181067e24f0cdc8c0b449617d32f97.yaml new file mode 100644 index 0000000000..811594821a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-help-scout-be181067e24f0cdc8c0b449617d32f97.yaml @@ -0,0 +1,58 @@ +id: woocommerce-help-scout-be181067e24f0cdc8c0b449617d32f97 + +info: + name: > + WooCommerce Help Scout <= 2.9.1 - Arbitrary File Upload to Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f98f4b3-8cce-45dd-a138-5f2c8031fab5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-help-scout/" + google-query: inurl:"/wp-content/plugins/woocommerce-help-scout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-help-scout,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-help-scout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-help-scout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-127ab045dd12eca20b1f05cdaef8b291.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-127ab045dd12eca20b1f05cdaef8b291.yaml new file mode 100644 index 0000000000..5e848f11f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-127ab045dd12eca20b1f05cdaef8b291.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-127ab045dd12eca20b1f05cdaef8b291 + +info: + name: > + Booster (<= 5.6.6) and Booster Plus (<= 5.6.4) for WooCommerce - Authenticated (Shop Manager+) Information Exposure via Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d8f7252-5e91-4e42-a6a5-056da491b4f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-21b746fb77ead6544f6c7dbfa1edc718.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-21b746fb77ead6544f6c7dbfa1edc718.yaml new file mode 100644 index 0000000000..6cb021889b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-21b746fb77ead6544f6c7dbfa1edc718.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-21b746fb77ead6544f6c7dbfa1edc718 + +info: + name: > + Booster for WooCommerce <= 7.1.1 - Authenticated (Subscriber+) Information Disclosure via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1426809-b245-4868-be87-c96b3c5c05f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-2594adb9a7b091439405e835629ab066.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-2594adb9a7b091439405e835629ab066.yaml new file mode 100644 index 0000000000..b943338593 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-2594adb9a7b091439405e835629ab066.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-2594adb9a7b091439405e835629ab066 + +info: + name: > + Booster (<= 5.6.6), Booster Plus (<= 5.6.5), and Booster Elite (<= 1.1.7) for WooCommerce - Cross-Site Request Forgery leading to Arbitrary Custom Role Creation/Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21cc3f71-7591-4111-a58a-d863df74587f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-38cbe872337aaa11f53f5f047e11de00.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-38cbe872337aaa11f53f5f047e11de00.yaml new file mode 100644 index 0000000000..c0a55c61df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-38cbe872337aaa11f53f5f047e11de00.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-38cbe872337aaa11f53f5f047e11de00 + +info: + name: > + Booster for WooCommerce <= 7.1.2 - Missing Authorization to Product Creation/Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00ec2f57-48ee-49ea-ae8f-e7b24bf4535c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-3ae6c1779315005d2af44a96ee77af2d.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-3ae6c1779315005d2af44a96ee77af2d.yaml new file mode 100644 index 0000000000..d8daff73b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-3ae6c1779315005d2af44a96ee77af2d.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-3ae6c1779315005d2af44a96ee77af2d + +info: + name: > + Booster for WooCommerce (Free <= 5.6.6, Premium <= 5.6.4) - Cross-Site Request Forgery to File Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3acbdb2a-e7c6-4062-b48a-7035e464edaf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-4281d6cbf86b1cb2ecab3675e42347ac.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-4281d6cbf86b1cb2ecab3675e42347ac.yaml new file mode 100644 index 0000000000..01fa19526f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-4281d6cbf86b1cb2ecab3675e42347ac.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-4281d6cbf86b1cb2ecab3675e42347ac + +info: + name: > + Booster for WooCommerce <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0257620-3a0e-4011-9378-7aa423e7c0b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-42e7549e05a04879d284fb2372860cb2.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-42e7549e05a04879d284fb2372860cb2.yaml new file mode 100644 index 0000000000..591bcb427b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-42e7549e05a04879d284fb2372860cb2.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-42e7549e05a04879d284fb2372860cb2 + +info: + name: > + Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in General Module + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd861a13-4215-4a69-adb5-cd28dce4509b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-58678de90c143fa9b35140b23ca7ba6c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-58678de90c143fa9b35140b23ca7ba6c.yaml new file mode 100644 index 0000000000..69d6c28216 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-58678de90c143fa9b35140b23ca7ba6c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-58678de90c143fa9b35140b23ca7ba6c + +info: + name: > + Booster (<= 6.0.0), Booster Plus (<= 6.0.0), and Booster Elite (<= 6.0.0) for WooCommerce - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0af6e55d-def9-4bb1-ade9-56aa8184961c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-6db5d1fe8cacae7e42ba1eadc757c2cf.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-6db5d1fe8cacae7e42ba1eadc757c2cf.yaml new file mode 100644 index 0000000000..aebacd5f87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-6db5d1fe8cacae7e42ba1eadc757c2cf.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-6db5d1fe8cacae7e42ba1eadc757c2cf + +info: + name: > + Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1653de8f-62eb-488b-9e97-8b30221b509f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-761ad1a5f416d5f845100fe45755bedf.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-761ad1a5f416d5f845100fe45755bedf.yaml new file mode 100644 index 0000000000..bbbc0bbdb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-761ad1a5f416d5f845100fe45755bedf.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-761ad1a5f416d5f845100fe45755bedf + +info: + name: > + Booster for WooCommerce <= 5.6.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07ca231c-5b88-4721-a01f-8c135d4cf50b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-7832435d7568bbf632e364a36f5e57e1.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-7832435d7568bbf632e364a36f5e57e1.yaml new file mode 100644 index 0000000000..a1cdede9f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-7832435d7568bbf632e364a36f5e57e1.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-7832435d7568bbf632e364a36f5e57e1 + +info: + name: > + Booster for WooCommerce <= 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56dc5138-c864-4e36-8b7d-38ac49589c06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-882bdd3fdb6681642f156a22924c9a36.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-882bdd3fdb6681642f156a22924c9a36.yaml new file mode 100644 index 0000000000..ef4074f0a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-882bdd3fdb6681642f156a22924c9a36.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-882bdd3fdb6681642f156a22924c9a36 + +info: + name: > + Booster (<= 5.6.2), Booster Plus (< 6.0.0), and Booster Elite (< 6.0.0) for WooCommerce - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4d86204-51df-4adf-aac4-f5e007d9f3c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-885fb17b6662f56f045b926c01f35175.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-885fb17b6662f56f045b926c01f35175.yaml new file mode 100644 index 0000000000..a10900564d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-885fb17b6662f56f045b926c01f35175.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-885fb17b6662f56f045b926c01f35175 + +info: + name: > + Booster for WooCommerce <= 7.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/981639a3-63c4-4b3f-827f-4d770bd44806?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-9c19725e7330d8a4aba8b2ac8de32961.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-9c19725e7330d8a4aba8b2ac8de32961.yaml new file mode 100644 index 0000000000..41189cac3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-9c19725e7330d8a4aba8b2ac8de32961.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-9c19725e7330d8a4aba8b2ac8de32961 + +info: + name: > + Booster for WooCommerce <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+) Order Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d94661c1-2d70-4943-9452-b51a76116ebb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-a2e4cd3309d1f111f649373058fb4d50.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-a2e4cd3309d1f111f649373058fb4d50.yaml new file mode 100644 index 0000000000..f8b6920396 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-a2e4cd3309d1f111f649373058fb4d50.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-a2e4cd3309d1f111f649373058fb4d50 + +info: + name: > + Booster for WooCommerce <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0b86c45-c346-4df7-844e-01de027bbc1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-aca759ef038f25525825e47a4ffc724f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-aca759ef038f25525825e47a4ffc724f.yaml new file mode 100644 index 0000000000..bfcdc48f4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-aca759ef038f25525825e47a4ffc724f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-aca759ef038f25525825e47a4ffc724f + +info: + name: > + Booster for WooCommerce <= 5.4.3 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af37f301-d97f-47d3-b6a8-88cb41344541?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-ae7ec62fe186e1a7a30df795c82f42a1.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-ae7ec62fe186e1a7a30df795c82f42a1.yaml new file mode 100644 index 0000000000..fd86705ae4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-ae7ec62fe186e1a7a30df795c82f42a1.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-ae7ec62fe186e1a7a30df795c82f42a1 + +info: + name: > + Booster for WooCommerce <= 3.7.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/befd6971-29e1-477e-95b8-e7385fbd247d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-bf615bf143d1873d5b3b8d3683682f8b.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-bf615bf143d1873d5b3b8d3683682f8b.yaml new file mode 100644 index 0000000000..6926633110 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-bf615bf143d1873d5b3b8d3683682f8b.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-bf615bf143d1873d5b3b8d3683682f8b + +info: + name: > + Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in Product XML Feeds Module + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81b4a218-7752-4276-a523-1edbe1e36442?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-cba7d92a9ae2afc427a931dcb7ec0c7f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-cba7d92a9ae2afc427a931dcb7ec0c7f.yaml new file mode 100644 index 0000000000..cceb03e60b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-cba7d92a9ae2afc427a931dcb7ec0c7f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-cba7d92a9ae2afc427a931dcb7ec0c7f + +info: + name: > + Booster for WooCommerce <= 7.1.0 - Authenticated (Subscriber+) Information Disclosure via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4cd49b2-ff93-4582-906b-b690d8472c38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-e3b83c4eb77b086c6d4b79728a8e33f2.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-e3b83c4eb77b086c6d4b79728a8e33f2.yaml new file mode 100644 index 0000000000..a172f808fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-e3b83c4eb77b086c6d4b79728a8e33f2.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-e3b83c4eb77b086c6d4b79728a8e33f2 + +info: + name: > + Booster for WooCommerce <= 5.4.8 - Reflected Cross-Site Scripting in PDF Invoicing Module + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96265dd0-ed3d-4557-80e9-41f8b943b2a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-jetpack-f2f846fb0dd5d9b11e1e9659c07919f7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-f2f846fb0dd5d9b11e1e9659c07919f7.yaml new file mode 100644 index 0000000000..c2962796af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-jetpack-f2f846fb0dd5d9b11e1e9659c07919f7.yaml @@ -0,0 +1,58 @@ +id: woocommerce-jetpack-f2f846fb0dd5d9b11e1e9659c07919f7 + +info: + name: > + Booster for WooCommerce <= 7.1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/819f93ae-cfbd-4ba5-979f-18adc7b9c8fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-jetpack/" + google-query: inurl:"/wp-content/plugins/woocommerce-jetpack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-jetpack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-jetpack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-jetpack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-menu-extension-a56026625ece44a82e5e6eba005e9ec0.yaml b/nuclei-templates/cve-less/plugins/woocommerce-menu-extension-a56026625ece44a82e5e6eba005e9ec0.yaml new file mode 100644 index 0000000000..85f447d8d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-menu-extension-a56026625ece44a82e5e6eba005e9ec0.yaml @@ -0,0 +1,58 @@ +id: woocommerce-menu-extension-a56026625ece44a82e5e6eba005e9ec0 + +info: + name: > + WooCommerce Menu Extension <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/173c8c8a-a015-4522-b957-1805f520a77d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-menu-extension/" + google-query: inurl:"/wp-content/plugins/woocommerce-menu-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-menu-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-menu-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-menu-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-mercadopago-792751d76323c735bfedba81a5c362e9.yaml b/nuclei-templates/cve-less/plugins/woocommerce-mercadopago-792751d76323c735bfedba81a5c362e9.yaml new file mode 100644 index 0000000000..e03ee7ff46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-mercadopago-792751d76323c735bfedba81a5c362e9.yaml @@ -0,0 +1,58 @@ +id: woocommerce-mercadopago-792751d76323c735bfedba81a5c362e9 + +info: + name: > + Mercado Pago payments for WooCommerce <= 6.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce30649a-c1a0-42d5-b2e7-1ebe7989efa3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-mercadopago/" + google-query: inurl:"/wp-content/plugins/woocommerce-mercadopago/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-mercadopago,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-mercadopago/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-mercadopago" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-multi-currency-fdd08f1e50818f896e8c8a898740f26b.yaml b/nuclei-templates/cve-less/plugins/woocommerce-multi-currency-fdd08f1e50818f896e8c8a898740f26b.yaml new file mode 100644 index 0000000000..1c84f12705 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-multi-currency-fdd08f1e50818f896e8c8a898740f26b.yaml @@ -0,0 +1,58 @@ +id: woocommerce-multi-currency-fdd08f1e50818f896e8c8a898740f26b + +info: + name: > + WooCommerce Multi Currency <= 2.1.17 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2318ae9-4115-442e-9293-a9251787c5f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-multi-currency/" + google-query: inurl:"/wp-content/plugins/woocommerce-multi-currency/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-multi-currency,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-multi-currency/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-multi-currency" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-multilingual-405af1244e8e91b41a724bfd16213a75.yaml b/nuclei-templates/cve-less/plugins/woocommerce-multilingual-405af1244e8e91b41a724bfd16213a75.yaml new file mode 100644 index 0000000000..e477daed09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-multilingual-405af1244e8e91b41a724bfd16213a75.yaml @@ -0,0 +1,58 @@ +id: woocommerce-multilingual-405af1244e8e91b41a724bfd16213a75 + +info: + name: > + WooCommerce Multilingual & Multicurrency <= 5.3.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc34de39-bd2f-4ca2-8363-d436d5e2db8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-multilingual/" + google-query: inurl:"/wp-content/plugins/woocommerce-multilingual/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-multilingual,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-multilingual/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-multilingual" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-multilingual-a3fe0d186555bfccf2ee6cc4060fb41e.yaml b/nuclei-templates/cve-less/plugins/woocommerce-multilingual-a3fe0d186555bfccf2ee6cc4060fb41e.yaml new file mode 100644 index 0000000000..e1ea96c5b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-multilingual-a3fe0d186555bfccf2ee6cc4060fb41e.yaml @@ -0,0 +1,58 @@ +id: woocommerce-multilingual-a3fe0d186555bfccf2ee6cc4060fb41e + +info: + name: > + WooCommerce Multilingual & Multicurrency with WPML <= 5.3.3.1 - Authenticated (Shop Manager+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0f58b8-46d6-4deb-bfcc-806bb635b060?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-multilingual/" + google-query: inurl:"/wp-content/plugins/woocommerce-multilingual/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-multilingual,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-multilingual/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-multilingual" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-ninjaforms-product-addons-293d0db4cdca8f446d52a99ed91cf4be.yaml b/nuclei-templates/cve-less/plugins/woocommerce-ninjaforms-product-addons-293d0db4cdca8f446d52a99ed91cf4be.yaml new file mode 100644 index 0000000000..894a331e72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-ninjaforms-product-addons-293d0db4cdca8f446d52a99ed91cf4be.yaml @@ -0,0 +1,58 @@ +id: woocommerce-ninjaforms-product-addons-293d0db4cdca8f446d52a99ed91cf4be + +info: + name: > + WooCommerce Ninja Forms Product Add-ons <= 1.7.0 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/601d70ff-2e0e-403b-9c58-130d378a8240?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-ninjaforms-product-addons/" + google-query: inurl:"/wp-content/plugins/woocommerce-ninjaforms-product-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-ninjaforms-product-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-ninjaforms-product-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-ninjaforms-product-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-one-page-checkout-3df49792a8ece76a8d711abde91f5cbd.yaml b/nuclei-templates/cve-less/plugins/woocommerce-one-page-checkout-3df49792a8ece76a8d711abde91f5cbd.yaml new file mode 100644 index 0000000000..a27916c321 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-one-page-checkout-3df49792a8ece76a8d711abde91f5cbd.yaml @@ -0,0 +1,58 @@ +id: woocommerce-one-page-checkout-3df49792a8ece76a8d711abde91f5cbd + +info: + name: > + WooCommerce One Page Checkout <= 2.3.0 - Authenticated (Contributor+) Local File Inclusion via `woocommerce_one_page_checkout` + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffac779c-c17f-46bd-9276-a1ce2db4e95c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-one-page-checkout/" + google-query: inurl:"/wp-content/plugins/woocommerce-one-page-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-one-page-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-one-page-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-one-page-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-order-address-print-b81127029753923b54df2f74db7ead66.yaml b/nuclei-templates/cve-less/plugins/woocommerce-order-address-print-b81127029753923b54df2f74db7ead66.yaml new file mode 100644 index 0000000000..fdc28df20c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-order-address-print-b81127029753923b54df2f74db7ead66.yaml @@ -0,0 +1,58 @@ +id: woocommerce-order-address-print-b81127029753923b54df2f74db7ead66 + +info: + name: > + Woocommerce Order address Print <= 3.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bbf4e86-308c-43f3-a54c-e1c6ee21260e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-order-address-print/" + google-query: inurl:"/wp-content/plugins/woocommerce-order-address-print/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-order-address-print,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-order-address-print/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-order-address-print" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-order-barcodes-d43224e006298ab64602bb491da85360.yaml b/nuclei-templates/cve-less/plugins/woocommerce-order-barcodes-d43224e006298ab64602bb491da85360.yaml new file mode 100644 index 0000000000..304a621444 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-order-barcodes-d43224e006298ab64602bb491da85360.yaml @@ -0,0 +1,58 @@ +id: woocommerce-order-barcodes-d43224e006298ab64602bb491da85360 + +info: + name: > + WooCommerce Order Barcodes <= 1.6.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cefa38d0-7da1-48dd-98d7-fe2f36e19d7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-order-barcodes/" + google-query: inurl:"/wp-content/plugins/woocommerce-order-barcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-order-barcodes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-order-barcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-order-barcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-order-status-change-notifier-ae1b1a51b391401549de89991091def2.yaml b/nuclei-templates/cve-less/plugins/woocommerce-order-status-change-notifier-ae1b1a51b391401549de89991091def2.yaml new file mode 100644 index 0000000000..5d9731b08b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-order-status-change-notifier-ae1b1a51b391401549de89991091def2.yaml @@ -0,0 +1,58 @@ +id: woocommerce-order-status-change-notifier-ae1b1a51b391401549de89991091def2 + +info: + name: > + WooCommerce Order Status Change Notifier <= 1.1.0 - Authenticated (Subscriber+) Arbitrary Order Status Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66bc83f5-0f6c-425f-a560-e79e777b76ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-order-status-change-notifier/" + google-query: inurl:"/wp-content/plugins/woocommerce-order-status-change-notifier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-order-status-change-notifier,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-order-status-change-notifier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-order-status-change-notifier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-payments-477398bcb43958a50c7a7519798e0391.yaml b/nuclei-templates/cve-less/plugins/woocommerce-payments-477398bcb43958a50c7a7519798e0391.yaml new file mode 100644 index 0000000000..b0d11611b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-payments-477398bcb43958a50c7a7519798e0391.yaml @@ -0,0 +1,58 @@ +id: woocommerce-payments-477398bcb43958a50c7a7519798e0391 + +info: + name: > + WooCommerce Payments <= 5.9.0 - Missing Authorization via redirect_pay_for_order_to_update_payment_method + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1811827d-88ae-45e0-a41e-d15fd0adf44a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-payments/" + google-query: inurl:"/wp-content/plugins/woocommerce-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-payments,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-payments-8f2275f20711e7ff52e234ab96188172.yaml b/nuclei-templates/cve-less/plugins/woocommerce-payments-8f2275f20711e7ff52e234ab96188172.yaml new file mode 100644 index 0000000000..708d723794 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-payments-8f2275f20711e7ff52e234ab96188172.yaml @@ -0,0 +1,58 @@ +id: woocommerce-payments-8f2275f20711e7ff52e234ab96188172 + +info: + name: > + WooCommerce Payments <= 6.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13617b70-9b57-4873-9942-12bffed411e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-payments/" + google-query: inurl:"/wp-content/plugins/woocommerce-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-payments-b9180b9244a3340bd6331bb97ffb0fd1.yaml b/nuclei-templates/cve-less/plugins/woocommerce-payments-b9180b9244a3340bd6331bb97ffb0fd1.yaml new file mode 100644 index 0000000000..0ac66e81cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-payments-b9180b9244a3340bd6331bb97ffb0fd1.yaml @@ -0,0 +1,58 @@ +id: woocommerce-payments-b9180b9244a3340bd6331bb97ffb0fd1 + +info: + name: > + WooCommerce Payments 4.8.0 - 5.6.1 Authentication Bypass and Privilege Escalation + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/41cf57ff-421d-4db2-894f-17f2c4d4b9ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-payments/" + google-query: inurl:"/wp-content/plugins/woocommerce-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-payments,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.8.0', '<= 5.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-payments-ce1aa5091f6bad027f616e3d2a1d6732.yaml b/nuclei-templates/cve-less/plugins/woocommerce-payments-ce1aa5091f6bad027f616e3d2a1d6732.yaml new file mode 100644 index 0000000000..9af0dfc6b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-payments-ce1aa5091f6bad027f616e3d2a1d6732.yaml @@ -0,0 +1,58 @@ +id: woocommerce-payments-ce1aa5091f6bad027f616e3d2a1d6732 + +info: + name: > + WooPayments – Fully Integrated Solution Built and Supported by Woo <= 6.6.2 - Unauthenticated Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68f5bc13-b0b2-48b6-82ac-ff02367f4780?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-payments/" + google-query: inurl:"/wp-content/plugins/woocommerce-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-payments-f291a0b96ba11ad5b48df58ad86c38db.yaml b/nuclei-templates/cve-less/plugins/woocommerce-payments-f291a0b96ba11ad5b48df58ad86c38db.yaml new file mode 100644 index 0000000000..db7c621a44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-payments-f291a0b96ba11ad5b48df58ad86c38db.yaml @@ -0,0 +1,58 @@ +id: woocommerce-payments-f291a0b96ba11ad5b48df58ad86c38db + +info: + name: > + WooCommerce Payments <= 5.9.0 - Authenticated (Shop manager+) SQL Injection via currency parameters + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1f0ec5c-6853-4df9-816a-1790f3dc86e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-payments/" + google-query: inurl:"/wp-content/plugins/woocommerce-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-payments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-paypal-payments-4f7331e8a3ba4696249e7fcea579fa07.yaml b/nuclei-templates/cve-less/plugins/woocommerce-paypal-payments-4f7331e8a3ba4696249e7fcea579fa07.yaml new file mode 100644 index 0000000000..7a0cb32651 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-paypal-payments-4f7331e8a3ba4696249e7fcea579fa07.yaml @@ -0,0 +1,58 @@ +id: woocommerce-paypal-payments-4f7331e8a3ba4696249e7fcea579fa07 + +info: + name: > + WooCommerce PayPal Payments <= 2.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1023edcb-9879-4dde-b62e-3ce65d7fef2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-paypal-payments/" + google-query: inurl:"/wp-content/plugins/woocommerce-paypal-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-paypal-payments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-paypal-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-paypal-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-payu-paisa-a236237c099e41f3f0f40af4eb789d56.yaml b/nuclei-templates/cve-less/plugins/woocommerce-payu-paisa-a236237c099e41f3f0f40af4eb789d56.yaml new file mode 100644 index 0000000000..d09fcae6be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-payu-paisa-a236237c099e41f3f0f40af4eb789d56.yaml @@ -0,0 +1,58 @@ +id: woocommerce-payu-paisa-a236237c099e41f3f0f40af4eb789d56 + +info: + name: > + WooCommerce PayU India <= 2.1.1 - Improper Input Validation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9428f710-db34-418f-9918-b35609ca5185?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-payu-paisa/" + google-query: inurl:"/wp-content/plugins/woocommerce-payu-paisa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-payu-paisa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-payu-paisa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-payu-paisa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-20e967f496e19df1e9123f3c23d87252.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-20e967f496e19df1e9123f3c23d87252.yaml new file mode 100644 index 0000000000..0df60ac392 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-20e967f496e19df1e9123f3c23d87252.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pdf-invoices-packing-slips-20e967f496e19df1e9123f3c23d87252 + +info: + name: > + PDF Invoices & Packing Slips for WooCommerce <= 3.7.6 - Authenticated (Shop Manager+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a92e307d-b3c0-441a-abac-580a60dd44cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + google-query: inurl:"/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pdf-invoices-packing-slips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-300feb509f489660d5d15d529d154d5c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-300feb509f489660d5d15d529d154d5c.yaml new file mode 100644 index 0000000000..f1d16e801d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-300feb509f489660d5d15d529d154d5c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pdf-invoices-packing-slips-300feb509f489660d5d15d529d154d5c + +info: + name: > + PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18f16148-b4a8-4f89-af0d-c0baba8f9ccf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + google-query: inurl:"/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pdf-invoices-packing-slips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-682c136fe192ebcfc486e6f937b67fae.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-682c136fe192ebcfc486e6f937b67fae.yaml new file mode 100644 index 0000000000..52fcbf5ff6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-682c136fe192ebcfc486e6f937b67fae.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pdf-invoices-packing-slips-682c136fe192ebcfc486e6f937b67fae + +info: + name: > + WooCommerce PDF Invoices & Packing Slips <= 3.2.5 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d33a880-0238-4d27-a433-6a09844bef3f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + google-query: inurl:"/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pdf-invoices-packing-slips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-7e729c66876df948651c9d3837d1f01c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-7e729c66876df948651c9d3837d1f01c.yaml new file mode 100644 index 0000000000..561566ea0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-7e729c66876df948651c9d3837d1f01c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pdf-invoices-packing-slips-7e729c66876df948651c9d3837d1f01c + +info: + name: > + WooCommerce PDF Invoices & Packing Slips <= 2.0.12 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf7075f-7209-49e6-acf9-6739b178d4dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + google-query: inurl:"/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pdf-invoices-packing-slips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-822c565b84349831aeea48fc4b498976.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-822c565b84349831aeea48fc4b498976.yaml new file mode 100644 index 0000000000..482c3d11ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-822c565b84349831aeea48fc4b498976.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pdf-invoices-packing-slips-822c565b84349831aeea48fc4b498976 + +info: + name: > + PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d0e5d24-5d65-4ed5-8086-347969cbd3ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + google-query: inurl:"/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pdf-invoices-packing-slips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-c7680f1772f94d4abf62aaaeb8635605.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-c7680f1772f94d4abf62aaaeb8635605.yaml new file mode 100644 index 0000000000..ab12fc33c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-c7680f1772f94d4abf62aaaeb8635605.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pdf-invoices-packing-slips-c7680f1772f94d4abf62aaaeb8635605 + +info: + name: > + WooCommerce PDF Invoices & Packing Slips <= 2.10.4 - Reflected Cross-Site Scripting via tab and section parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d7f9291-5a57-4aca-b18f-623bf07348a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + google-query: inurl:"/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pdf-invoices-packing-slips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.10.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-f245b6f7ab151ad35769fbe02b21bebd.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-f245b6f7ab151ad35769fbe02b21bebd.yaml new file mode 100644 index 0000000000..e1a13d6ead --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-f245b6f7ab151ad35769fbe02b21bebd.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pdf-invoices-packing-slips-f245b6f7ab151ad35769fbe02b21bebd + +info: + name: > + WooCommerce PDF Invoices & Packing Slips <= 2.15.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9aeb996c-723a-402a-a0f8-4212391c64eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + google-query: inurl:"/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pdf-invoices-packing-slips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-fe9c9963c880e901919af258a30c3298.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-fe9c9963c880e901919af258a30c3298.yaml new file mode 100644 index 0000000000..951d1dec33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pdf-invoices-packing-slips-fe9c9963c880e901919af258a30c3298.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pdf-invoices-packing-slips-fe9c9963c880e901919af258a30c3298 + +info: + name: > + WooCommerce PDF Invoices & Packing Slips 2.14.0 - 3.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1cb99dc-31a7-4d0f-afee-ca8c04cee5fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + google-query: inurl:"/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pdf-invoices-packing-slips,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pdf-invoices-packing-slips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.14.0', '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pos-c5f695dbb7b3e9a0ae3b6a589e6824c0.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pos-c5f695dbb7b3e9a0ae3b6a589e6824c0.yaml new file mode 100644 index 0000000000..fcdff95efa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pos-c5f695dbb7b3e9a0ae3b6a589e6824c0.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pos-c5f695dbb7b3e9a0ae3b6a589e6824c0 + +info: + name: > + WooCommerce POS <= 1.4.11 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6b8ba69-aa8b-436f-990c-39e283f5d2f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pos/" + google-query: inurl:"/wp-content/plugins/woocommerce-pos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-0fc3c475af9db5468072b0d596ac658f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-0fc3c475af9db5468072b0d596ac658f.yaml new file mode 100644 index 0000000000..f35cc960a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-0fc3c475af9db5468072b0d596ac658f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pre-orders-0fc3c475af9db5468072b0d596ac658f + +info: + name: > + WooCommerce Pre-Orders <= 2.0.2 - Cross-Site Request Forgery to Order Cancellation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14e6e06c-edc0-44ef-ba07-50fcfc4fd7b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pre-orders/" + google-query: inurl:"/wp-content/plugins/woocommerce-pre-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pre-orders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pre-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pre-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-32013e3714497eae530c018b20664f08.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-32013e3714497eae530c018b20664f08.yaml new file mode 100644 index 0000000000..5d9bd5b083 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-32013e3714497eae530c018b20664f08.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pre-orders-32013e3714497eae530c018b20664f08 + +info: + name: > + WooCommerce Pre-Orders <= 1.9.0 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b93f66ac-5c9b-483a-a7ad-0a404d3935e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pre-orders/" + google-query: inurl:"/wp-content/plugins/woocommerce-pre-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pre-orders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pre-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pre-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-7d14368de367a2adadf4a2871484c186.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-7d14368de367a2adadf4a2871484c186.yaml new file mode 100644 index 0000000000..41359e2386 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-7d14368de367a2adadf4a2871484c186.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pre-orders-7d14368de367a2adadf4a2871484c186 + +info: + name: > + WooCommerce Pre-Orders <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3915c2f-400d-433d-bbc8-4d88258123dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pre-orders/" + google-query: inurl:"/wp-content/plugins/woocommerce-pre-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pre-orders,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pre-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pre-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-875dd3da0012185a61616213c415a5c6.yaml b/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-875dd3da0012185a61616213c415a5c6.yaml new file mode 100644 index 0000000000..17a9ba37a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-pre-orders-875dd3da0012185a61616213c415a5c6.yaml @@ -0,0 +1,58 @@ +id: woocommerce-pre-orders-875dd3da0012185a61616213c415a5c6 + +info: + name: > + WooCommerce Pre-Orders <= 2.0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1436ca4-933b-426a-987d-c5cbbc29353b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-pre-orders/" + google-query: inurl:"/wp-content/plugins/woocommerce-pre-orders/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-pre-orders,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-pre-orders/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-pre-orders" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-predictive-search-8943f00b83bb9af4ef7c839b2bef305e.yaml b/nuclei-templates/cve-less/plugins/woocommerce-predictive-search-8943f00b83bb9af4ef7c839b2bef305e.yaml new file mode 100644 index 0000000000..be7a242aae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-predictive-search-8943f00b83bb9af4ef7c839b2bef305e.yaml @@ -0,0 +1,58 @@ +id: woocommerce-predictive-search-8943f00b83bb9af4ef7c839b2bef305e + +info: + name: > + WooCommerce Predictive Search <= 5.8.0 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ea2726a-a601-45ac-9f20-c34b82edf441?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-predictive-search/" + google-query: inurl:"/wp-content/plugins/woocommerce-predictive-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-predictive-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-predictive-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-predictive-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-predictive-search-eec24adc2af4f908f31797f26239353a.yaml b/nuclei-templates/cve-less/plugins/woocommerce-predictive-search-eec24adc2af4f908f31797f26239353a.yaml new file mode 100644 index 0000000000..aaf7a315cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-predictive-search-eec24adc2af4f908f31797f26239353a.yaml @@ -0,0 +1,58 @@ +id: woocommerce-predictive-search-eec24adc2af4f908f31797f26239353a + +info: + name: > + WooCommerce Predictive Search <= 5.8.0 - Cross-Site Request Forgery via multiple AJAX actions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc428f4b-fe82-419a-aee3-38f0bb582506?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-predictive-search/" + google-query: inurl:"/wp-content/plugins/woocommerce-predictive-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-predictive-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-predictive-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-predictive-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-addon-1f1d174c2e97694f79432cc5756f8ec3.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-1f1d174c2e97694f79432cc5756f8ec3.yaml new file mode 100644 index 0000000000..9a481d5e10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-1f1d174c2e97694f79432cc5756f8ec3.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-addon-1f1d174c2e97694f79432cc5756f8ec3 + +info: + name: > + Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f95bcc3-354e-4016-9a17-945569b076b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-addon/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 32.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-addon-3385cb8b008c9eac317535d656ebf7b2.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-3385cb8b008c9eac317535d656ebf7b2.yaml new file mode 100644 index 0000000000..40a6d04464 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-3385cb8b008c9eac317535d656ebf7b2.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-addon-3385cb8b008c9eac317535d656ebf7b2 + +info: + name: > + PPOM for WooCommerce <= 18.3 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b84c0f8c-25a7-47c7-93cf-9b5060c07c72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-addon/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 18.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-addon-3e690c446445b36926062b98d511c3ea.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-3e690c446445b36926062b98d511c3ea.yaml new file mode 100644 index 0000000000..9f9340143c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-3e690c446445b36926062b98d511c3ea.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-addon-3e690c446445b36926062b98d511c3ea + +info: + name: > + PPOM for WooCommerce <= 32.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d223de07-6377-491f-8d2c-9c31aa814792?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-addon/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-addon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 32.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-addon-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..e05337e1c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-addon-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-addon/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-addon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 32.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-addon-c42befeaabe8cc2f04b4d79fa9968af7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-c42befeaabe8cc2f04b4d79fa9968af7.yaml new file mode 100644 index 0000000000..3283a326c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-c42befeaabe8cc2f04b4d79fa9968af7.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-addon-c42befeaabe8cc2f04b4d79fa9968af7 + +info: + name: > + PPOM for WooCommerce <= 23.9 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bde357d-e34a-4931-a1a4-bd3ed3b72cec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-addon/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-addon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 23.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-addon-cad557e1501fb237a72952936969ee8d.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-cad557e1501fb237a72952936969ee8d.yaml new file mode 100644 index 0000000000..f9208db2f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-addon-cad557e1501fb237a72952936969ee8d.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-addon-cad557e1501fb237a72952936969ee8d + +info: + name: > + PPOM for WooCommerce <= 32.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f105002-a19a-4376-af65-7e9416175174?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-addon/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-addon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-addon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-addon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-addon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 32.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-addons-0250c115051a0a19911ae4becfbbb8c8.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-addons-0250c115051a0a19911ae4becfbbb8c8.yaml new file mode 100644 index 0000000000..5b32370dc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-addons-0250c115051a0a19911ae4becfbbb8c8.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-addons-0250c115051a0a19911ae4becfbbb8c8 + +info: + name: > + WooCommerce Product Add-ons <= 6.1.3 - Authenticated (Shop Manager+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d77666b5-956d-420b-93ed-a15cdbfcced7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-addons/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-addons-60ae0dd0a6141b106409f50a537c78fa.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-addons-60ae0dd0a6141b106409f50a537c78fa.yaml new file mode 100644 index 0000000000..f6b7050a98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-addons-60ae0dd0a6141b106409f50a537c78fa.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-addons-60ae0dd0a6141b106409f50a537c78fa + +info: + name: > + WooCommerce Product Add-ons <= 6.1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5bd3852-c1a5-4d7d-b4fb-59911fba4873?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-addons/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-category-selection-widget-a51a38d55ed23a34d7d068afc04d5742.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-category-selection-widget-a51a38d55ed23a34d7d068afc04d5742.yaml new file mode 100644 index 0000000000..83f401aebf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-category-selection-widget-a51a38d55ed23a34d7d068afc04d5742.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-category-selection-widget-a51a38d55ed23a34d7d068afc04d5742 + +info: + name: > + WooCommerce Product Categories Selection Widget <= 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f68c70b-9fde-43a6-8a7c-00938aa0e109?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-category-selection-widget/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-category-selection-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-category-selection-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-category-selection-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-category-selection-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-importer-370954cd310380bf196a7af5fabc1594.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-importer-370954cd310380bf196a7af5fabc1594.yaml new file mode 100644 index 0000000000..db08693e4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-importer-370954cd310380bf196a7af5fabc1594.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-importer-370954cd310380bf196a7af5fabc1594 + +info: + name: > + WooCommerce – Product Importer <= 1.5.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8d44f9b-0eee-49ee-b640-40f3bd377be0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-importer/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-payments-ad492c1cfb90e87fe9d66d5cf28a0298.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-payments-ad492c1cfb90e87fe9d66d5cf28a0298.yaml new file mode 100644 index 0000000000..781bbd7780 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-payments-ad492c1cfb90e87fe9d66d5cf28a0298.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-payments-ad492c1cfb90e87fe9d66d5cf28a0298 + +info: + name: > + Payment gateway per Product for WooCommerce <= 3.2.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/597786ce-58eb-4e96-a80e-bad3e75787fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-payments/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-payments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-payments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-payments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-payments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-recommendations-ad4e5ec7c446d0edde1fe1894b44d8fb.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-recommendations-ad4e5ec7c446d0edde1fe1894b44d8fb.yaml new file mode 100644 index 0000000000..3dc151db17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-recommendations-ad4e5ec7c446d0edde1fe1894b44d8fb.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-recommendations-ad4e5ec7c446d0edde1fe1894b44d8fb + +info: + name: > + WooCommerce Product Recommendations < 2.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/826fe5a8-3290-4f70-b9bb-8bd4aec3634c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-recommendations/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-recommendations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-recommendations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-recommendations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-recommendations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-sort-and-display-65c990e02c196c01529c8a603f8098c6.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-sort-and-display-65c990e02c196c01529c8a603f8098c6.yaml new file mode 100644 index 0000000000..f64d3dc469 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-sort-and-display-65c990e02c196c01529c8a603f8098c6.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-sort-and-display-65c990e02c196c01529c8a603f8098c6 + +info: + name: > + Product Sort and Display for WooCommerce <= 2.4.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8bd778b-1d56-4544-b2c3-a77a7ec05aa4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-sort-and-display/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-sort-and-display/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-sort-and-display,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-sort-and-display/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-sort-and-display" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-stock-alert-e39ea928bd894c6c2a483c3234cd1111.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-stock-alert-e39ea928bd894c6c2a483c3234cd1111.yaml new file mode 100644 index 0000000000..f39707dba7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-stock-alert-e39ea928bd894c6c2a483c3234cd1111.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-stock-alert-e39ea928bd894c6c2a483c3234cd1111 + +info: + name: > + WooCommerce Product Stock Alert <= 2.0.1 - Missing Authorization via API + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09bdfade-85d0-4922-a83a-3e213adfa4ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-stock-alert/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-stock-alert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-stock-alert,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-stock-alert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-stock-alert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-stock-alert-e8c2deda009bcec0877e0c00cb99051a.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-stock-alert-e8c2deda009bcec0877e0c00cb99051a.yaml new file mode 100644 index 0000000000..2d79cd2711 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-stock-alert-e8c2deda009bcec0877e0c00cb99051a.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-stock-alert-e8c2deda009bcec0877e0c00cb99051a + +info: + name: > + WooCommerce Product Stock Alert <= 2.0.1 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91e1a199-f062-4555-ae7b-ed8732686303?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-stock-alert/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-stock-alert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-stock-alert,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-stock-alert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-stock-alert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-85987e7f67f649cd4fc002f1b0337124.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-85987e7f67f649cd4fc002f1b0337124.yaml new file mode 100644 index 0000000000..07797e7b0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-85987e7f67f649cd4fc002f1b0337124.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-vendors-85987e7f67f649cd4fc002f1b0337124 + +info: + name: > + WooCommerce Product Vendors <= 2.2.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4457df6-81ca-4149-bcca-623cff2cbeef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-vendors/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-vendors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-vendors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-vendors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-b89386d59e4ac2c68e4b5b1c7b8ceed1.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-b89386d59e4ac2c68e4b5b1c7b8ceed1.yaml new file mode 100644 index 0000000000..34c0be3de8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-b89386d59e4ac2c68e4b5b1c7b8ceed1.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-vendors-b89386d59e4ac2c68e4b5b1c7b8ceed1 + +info: + name: > + WooCommerce Product Vendors <= 2.1.78 - Authenticated (Shop manager+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1388873f-8053-4ba9-8707-093bc0e8f2f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-vendors/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-vendors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-vendors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-vendors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.78') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-d801fbca464a51e293e83c92692f388d.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-d801fbca464a51e293e83c92692f388d.yaml new file mode 100644 index 0000000000..137b1a3861 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-d801fbca464a51e293e83c92692f388d.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-vendors-d801fbca464a51e293e83c92692f388d + +info: + name: > + WooCommerce Product Vendors <= 2.1.76 - Authenticated (Vendor admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed8f8984-bea6-44aa-9bde-5b40b455767f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-vendors/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-vendors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-vendors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-vendors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.76') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-de80de004725b03b45137b9eba24ca0e.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-de80de004725b03b45137b9eba24ca0e.yaml new file mode 100644 index 0000000000..214fecee5c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-de80de004725b03b45137b9eba24ca0e.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-vendors-de80de004725b03b45137b9eba24ca0e + +info: + name: > + WooCommerce Product Vendors <= 2.1.76 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a93c0dd4-8341-438d-8730-470e9a230d97?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-vendors/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-vendors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-vendors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-vendors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.76') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-e78a0243a637937a0520333d07ecbb4e.yaml b/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-e78a0243a637937a0520333d07ecbb4e.yaml new file mode 100644 index 0000000000..b594235f93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-product-vendors-e78a0243a637937a0520333d07ecbb4e.yaml @@ -0,0 +1,58 @@ +id: woocommerce-product-vendors-e78a0243a637937a0520333d07ecbb4e + +info: + name: > + WooCommerce Product Vendors <= 2.2.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcce0a92-520d-45ac-845e-a1635f763eed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-product-vendors/" + google-query: inurl:"/wp-content/plugins/woocommerce-product-vendors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-product-vendors,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-product-vendors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-product-vendors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-designer-9d44943de528e08b2e8164cbb922f935.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-designer-9d44943de528e08b2e8164cbb922f935.yaml new file mode 100644 index 0000000000..8290bf0666 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-designer-9d44943de528e08b2e8164cbb922f935.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-designer-9d44943de528e08b2e8164cbb922f935 + +info: + name: > + Woocommerce Product Designer <= 4.3.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70d168a4-a659-4354-889e-7907215351a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-designer/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-designer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-designer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-designer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-designer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-0a19ecfdd9174c31fe37388d883b8078.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-0a19ecfdd9174c31fe37388d883b8078.yaml new file mode 100644 index 0000000000..de7c0a85be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-0a19ecfdd9174c31fe37388d883b8078.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-0a19ecfdd9174c31fe37388d883b8078 + +info: + name: > + HUSKY – Products Filter for WooCommerce Professional <= 1.3.1 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/518f23c3-f3e3-4cff-bd30-a8211f74c3ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-174314b50918543554df901d90f75335.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-174314b50918543554df901d90f75335.yaml new file mode 100644 index 0000000000..dcf9d58937 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-174314b50918543554df901d90f75335.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-174314b50918543554df901d90f75335 + +info: + name: > + HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86e3eae3-21bb-4695-8650-4c6ba6ababe3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-2662479a714ea06abb48b0b84a949600.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-2662479a714ea06abb48b0b84a949600.yaml new file mode 100644 index 0000000000..2608e603f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-2662479a714ea06abb48b0b84a949600.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-2662479a714ea06abb48b0b84a949600 + +info: + name: > + HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Unauthenticated SQL Injection via search terms + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b905b8ec-d13d-4455-9c5f-61aaa09d75ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-4d5b5eea5b0d303e259444505b764438.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-4d5b5eea5b0d303e259444505b764438.yaml new file mode 100644 index 0000000000..b63baefe96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-4d5b5eea5b0d303e259444505b764438.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-4d5b5eea5b0d303e259444505b764438 + +info: + name: > + HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.2 - Authenticated (Admin+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a0a0395-c193-4686-ba97-73fdd40d3048?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-57308f16648d2cd63200f80e8b82615f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-57308f16648d2cd63200f80e8b82615f.yaml new file mode 100644 index 0000000000..5ea520591c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-57308f16648d2cd63200f80e8b82615f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-57308f16648d2cd63200f80e8b82615f + +info: + name: > + HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d9179d2-2e90-4de7-8178-073a0ce5865b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-745b890d4e4ab266ecb625f54f34190e.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-745b890d4e4ab266ecb625f54f34190e.yaml new file mode 100644 index 0000000000..49da119701 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-745b890d4e4ab266ecb625f54f34190e.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-745b890d4e4ab266ecb625f54f34190e + +info: + name: > + WOOF - Products Filter for WooCommerce <= 1.1.9 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e650516-49eb-4475-8faa-76ca123d531f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-b127fca718a0b357c2daf67816c8cec2.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-b127fca718a0b357c2daf67816c8cec2.yaml new file mode 100644 index 0000000000..196bcc93fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-b127fca718a0b357c2daf67816c8cec2.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-b127fca718a0b357c2daf67816c8cec2 + +info: + name: > + HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Missing Authorization via woof_meta_get_keys() + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d00edaf1-2a97-4000-afd9-432ca8fa3df4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-d449c0063627e88ef77e8f2a6b150e88.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-d449c0063627e88ef77e8f2a6b150e88.yaml new file mode 100644 index 0000000000..63d85d01ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-d449c0063627e88ef77e8f2a6b150e88.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-d449c0063627e88ef77e8f2a6b150e88 + +info: + name: > + WOOF - Products Filter for WooCommerce <= 1.1.9 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9f4760c-a794-43e0-80a3-88b3f41810f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-d97caddab7bd05fd7de5182cc29d4629.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-d97caddab7bd05fd7de5182cc29d4629.yaml new file mode 100644 index 0000000000..c6703e74ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-d97caddab7bd05fd7de5182cc29d4629.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-d97caddab7bd05fd7de5182cc29d4629 + +info: + name: > + HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/748bc714-25ba-404e-ac3d-e588fd95b2f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-dbbbee37e25f2954b72ee20a77edf10c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-dbbbee37e25f2954b72ee20a77edf10c.yaml new file mode 100644 index 0000000000..9963d9216e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-dbbbee37e25f2954b72ee20a77edf10c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-dbbbee37e25f2954b72ee20a77edf10c + +info: + name: > + WOOF - Products Filter for WooCommerce <= 1.2.6.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d94c0775-3852-463f-b393-1a12e63548e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-f93c186c199b2993e134631be68ea0a1.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-f93c186c199b2993e134631be68ea0a1.yaml new file mode 100644 index 0000000000..e0ed878ff0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-f93c186c199b2993e134631be68ea0a1.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-f93c186c199b2993e134631be68ea0a1 + +info: + name: > + HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.2 - Authenticated (Subscriber+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fed4181-400b-4414-aa50-1e7bc92d542f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-filter-fc942581b6d806c7e158aaa084482451.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-fc942581b6d806c7e158aaa084482451.yaml new file mode 100644 index 0000000000..0d0351b71a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-filter-fc942581b6d806c7e158aaa084482451.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-filter-fc942581b6d806c7e158aaa084482451 + +info: + name: > + HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.2 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fff8dfbc-fd59-47db-85bb-de2a7c6a9a5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-filter/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-slider-333375d8287e28edefeeceeb32f12475.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-slider-333375d8287e28edefeeceeb32f12475.yaml new file mode 100644 index 0000000000..c867bf74a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-slider-333375d8287e28edefeeceeb32f12475.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-slider-333375d8287e28edefeeceeb32f12475 + +info: + name: > + PickPlugins Product Slider for WooCommerce <= 1.13.21 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f803e16-7f47-4696-927f-450aaa5fda5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-slider/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-products-slider-b143f95f119acbc330075f594bca9125.yaml b/nuclei-templates/cve-less/plugins/woocommerce-products-slider-b143f95f119acbc330075f594bca9125.yaml new file mode 100644 index 0000000000..4900550358 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-products-slider-b143f95f119acbc330075f594bca9125.yaml @@ -0,0 +1,58 @@ +id: woocommerce-products-slider-b143f95f119acbc330075f594bca9125 + +info: + name: > + PickPlugins Product Slider for WooCommerce <= 1.13.41 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43854ca5-02ba-4926-9a5e-d9fd5b1af448?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-products-slider/" + google-query: inurl:"/wp-content/plugins/woocommerce-products-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-products-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-products-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-products-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-putler-connector-0c5c03e535c02675bf0d5fbe19ae065d.yaml b/nuclei-templates/cve-less/plugins/woocommerce-putler-connector-0c5c03e535c02675bf0d5fbe19ae065d.yaml new file mode 100644 index 0000000000..280c9cfa37 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-putler-connector-0c5c03e535c02675bf0d5fbe19ae065d.yaml @@ -0,0 +1,58 @@ +id: woocommerce-putler-connector-0c5c03e535c02675bf0d5fbe19ae065d + +info: + name: > + Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'putler_connector_sync_complete' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09a1388e-6c87-44cd-a137-4212b569423b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-putler-connector/" + google-query: inurl:"/wp-content/plugins/woocommerce-putler-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-putler-connector,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-putler-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-putler-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-putler-connector-cb9adf9824210ad3d3e7d6f714b65556.yaml b/nuclei-templates/cve-less/plugins/woocommerce-putler-connector-cb9adf9824210ad3d3e7d6f714b65556.yaml new file mode 100644 index 0000000000..6f79d0788e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-putler-connector-cb9adf9824210ad3d3e7d6f714b65556.yaml @@ -0,0 +1,58 @@ +id: woocommerce-putler-connector-cb9adf9824210ad3d3e7d6f714b65556 + +info: + name: > + Putler Connector for WooCommerce <= 2.12.0 - Missing Authorization via 'send_resync_request' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38537f60-52f4-4007-b26f-6948b9263931?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-putler-connector/" + google-query: inurl:"/wp-content/plugins/woocommerce-putler-connector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-putler-connector,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-putler-connector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-putler-connector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-sendinblue-newsletter-subscription-a4d2edadf2ab61a5bc7487773709b53f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-sendinblue-newsletter-subscription-a4d2edadf2ab61a5bc7487773709b53f.yaml new file mode 100644 index 0000000000..3b3c088458 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-sendinblue-newsletter-subscription-a4d2edadf2ab61a5bc7487773709b53f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-sendinblue-newsletter-subscription-a4d2edadf2ab61a5bc7487773709b53f + +info: + name: > + Sendinblue for WooCommerce <= 4.0.17 - Authenticated (Editor+) Arbitrary File Download and Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a24378f-cf76-4937-99e5-a5fb2d206859?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-sendinblue-newsletter-subscription/" + google-query: inurl:"/wp-content/plugins/woocommerce-sendinblue-newsletter-subscription/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-sendinblue-newsletter-subscription,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-sendinblue-newsletter-subscription/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-sendinblue-newsletter-subscription" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-shipping-canada-post-38e07b44fffc0387d1db0b5b701e8767.yaml b/nuclei-templates/cve-less/plugins/woocommerce-shipping-canada-post-38e07b44fffc0387d1db0b5b701e8767.yaml new file mode 100644 index 0000000000..4861312620 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-shipping-canada-post-38e07b44fffc0387d1db0b5b701e8767.yaml @@ -0,0 +1,58 @@ +id: woocommerce-shipping-canada-post-38e07b44fffc0387d1db0b5b701e8767 + +info: + name: > + WooCommerce Canada Post Shipping <= 2.8.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff850f88-6e89-48dd-ad70-dda4018c22fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-shipping-canada-post/" + google-query: inurl:"/wp-content/plugins/woocommerce-shipping-canada-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-shipping-canada-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-shipping-canada-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-shipping-canada-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-shipping-canada-post-df5510828b9908f177a3676bf0d29efa.yaml b/nuclei-templates/cve-less/plugins/woocommerce-shipping-canada-post-df5510828b9908f177a3676bf0d29efa.yaml new file mode 100644 index 0000000000..801f3e6aca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-shipping-canada-post-df5510828b9908f177a3676bf0d29efa.yaml @@ -0,0 +1,58 @@ +id: woocommerce-shipping-canada-post-df5510828b9908f177a3676bf0d29efa + +info: + name: > + WooCommerce Canada Post Shipping <= 2.8.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/549788e3-e31a-46a6-a2de-361747c98514?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-shipping-canada-post/" + google-query: inurl:"/wp-content/plugins/woocommerce-shipping-canada-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-shipping-canada-post,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-shipping-canada-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-shipping-canada-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-2fa400cde48ebbb1e062c53ea041ad86.yaml b/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-2fa400cde48ebbb1e062c53ea041ad86.yaml new file mode 100644 index 0000000000..fa6c171e0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-2fa400cde48ebbb1e062c53ea041ad86.yaml @@ -0,0 +1,58 @@ +id: woocommerce-shipping-multiple-addresses-2fa400cde48ebbb1e062c53ea041ad86 + +info: + name: > + WooCommerce Ship to Multiple Addresses <= 3.8.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63ab255f-e061-447b-a2b6-21a85eed9d57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-shipping-multiple-addresses/" + google-query: inurl:"/wp-content/plugins/woocommerce-shipping-multiple-addresses/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-shipping-multiple-addresses,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-shipping-multiple-addresses/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-shipping-multiple-addresses" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-a044d35c75736c87fd061116f4c5b4e5.yaml b/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-a044d35c75736c87fd061116f4c5b4e5.yaml new file mode 100644 index 0000000000..773f648788 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-a044d35c75736c87fd061116f4c5b4e5.yaml @@ -0,0 +1,58 @@ +id: woocommerce-shipping-multiple-addresses-a044d35c75736c87fd061116f4c5b4e5 + +info: + name: > + WooCommerce Ship to Multiple Addresses <= 3.8.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bda44801-6599-459d-a70c-164f563bf158?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-shipping-multiple-addresses/" + google-query: inurl:"/wp-content/plugins/woocommerce-shipping-multiple-addresses/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-shipping-multiple-addresses,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-shipping-multiple-addresses/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-shipping-multiple-addresses" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-c19f8aaf85e78b37bfb8827bc7a43d0f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-c19f8aaf85e78b37bfb8827bc7a43d0f.yaml new file mode 100644 index 0000000000..330f2ed26f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-c19f8aaf85e78b37bfb8827bc7a43d0f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-shipping-multiple-addresses-c19f8aaf85e78b37bfb8827bc7a43d0f + +info: + name: > + WooCommerce Ship to Multiple Addresses <= 3.8.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b32c517-ef6b-4cc9-8316-6289676d8222?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-shipping-multiple-addresses/" + google-query: inurl:"/wp-content/plugins/woocommerce-shipping-multiple-addresses/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-shipping-multiple-addresses,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-shipping-multiple-addresses/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-shipping-multiple-addresses" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-d3e334361801ef90de8fcb6bd64767c5.yaml b/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-d3e334361801ef90de8fcb6bd64767c5.yaml new file mode 100644 index 0000000000..7e456d15ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-d3e334361801ef90de8fcb6bd64767c5.yaml @@ -0,0 +1,58 @@ +id: woocommerce-shipping-multiple-addresses-d3e334361801ef90de8fcb6bd64767c5 + +info: + name: > + WooCommerce Ship to Multiple Addresses <= 3.8.3 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/163328e9-2918-4bc0-8bbc-90d7e992754d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-shipping-multiple-addresses/" + google-query: inurl:"/wp-content/plugins/woocommerce-shipping-multiple-addresses/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-shipping-multiple-addresses,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-shipping-multiple-addresses/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-shipping-multiple-addresses" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-fd721cac9b419bce8f15888dfbaef077.yaml b/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-fd721cac9b419bce8f15888dfbaef077.yaml new file mode 100644 index 0000000000..f07cff8912 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-shipping-multiple-addresses-fd721cac9b419bce8f15888dfbaef077.yaml @@ -0,0 +1,58 @@ +id: woocommerce-shipping-multiple-addresses-fd721cac9b419bce8f15888dfbaef077 + +info: + name: > + WooCommerce Ship to Multiple Addresses <= 3.8.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ac43ba-cc49-4688-9efa-585551f3c40c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-shipping-multiple-addresses/" + google-query: inurl:"/wp-content/plugins/woocommerce-shipping-multiple-addresses/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-shipping-multiple-addresses,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-shipping-multiple-addresses/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-shipping-multiple-addresses" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-shipping-per-product-40b2ce035ef569465fd6e4b21f17410c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-shipping-per-product-40b2ce035ef569465fd6e4b21f17410c.yaml new file mode 100644 index 0000000000..6a57132e05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-shipping-per-product-40b2ce035ef569465fd6e4b21f17410c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-shipping-per-product-40b2ce035ef569465fd6e4b21f17410c + +info: + name: > + WooCommerce Shipping Per Product <= 2.5.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b0504f3-f8df-4b37-bafa-5320920e9571?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-shipping-per-product/" + google-query: inurl:"/wp-content/plugins/woocommerce-shipping-per-product/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-shipping-per-product,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-shipping-per-product/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-shipping-per-product" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-simple-registration-806f7834f371ee46a5b9d44d9bbedb5e.yaml b/nuclei-templates/cve-less/plugins/woocommerce-simple-registration-806f7834f371ee46a5b9d44d9bbedb5e.yaml new file mode 100644 index 0000000000..31063576d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-simple-registration-806f7834f371ee46a5b9d44d9bbedb5e.yaml @@ -0,0 +1,58 @@ +id: woocommerce-simple-registration-806f7834f371ee46a5b9d44d9bbedb5e + +info: + name: > + Simple Registration for WooCommerce <= 1.5.6 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80178b72-56ff-448f-a558-de0b63198e44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-simple-registration/" + google-query: inurl:"/wp-content/plugins/woocommerce-simple-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-simple-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-simple-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-simple-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-social-media-share-buttons-3cf6e0cef1945cb6c17b1720f47371b0.yaml b/nuclei-templates/cve-less/plugins/woocommerce-social-media-share-buttons-3cf6e0cef1945cb6c17b1720f47371b0.yaml new file mode 100644 index 0000000000..1c381641d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-social-media-share-buttons-3cf6e0cef1945cb6c17b1720f47371b0.yaml @@ -0,0 +1,58 @@ +id: woocommerce-social-media-share-buttons-3cf6e0cef1945cb6c17b1720f47371b0 + +info: + name: > + Woocommerce Social Media Share Buttons <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5c96063-a6ac-4325-9f44-a6f8344e00ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-social-media-share-buttons/" + google-query: inurl:"/wp-content/plugins/woocommerce-social-media-share-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-social-media-share-buttons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-social-media-share-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-social-media-share-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-square-249dbfd7183b6684ad412dc7f00e598b.yaml b/nuclei-templates/cve-less/plugins/woocommerce-square-249dbfd7183b6684ad412dc7f00e598b.yaml new file mode 100644 index 0000000000..502c4b0b4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-square-249dbfd7183b6684ad412dc7f00e598b.yaml @@ -0,0 +1,58 @@ +id: woocommerce-square-249dbfd7183b6684ad412dc7f00e598b + +info: + name: > + WooCommerce Square <= 3.8.1 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0660d753-177e-419a-9e81-3ee2d08cfbc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-square/" + google-query: inurl:"/wp-content/plugins/woocommerce-square/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-square,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-square/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-square" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-stock-manager-814789c90e4385b5926fdbf0791f6c8c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-stock-manager-814789c90e4385b5926fdbf0791f6c8c.yaml new file mode 100644 index 0000000000..a02234329b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-stock-manager-814789c90e4385b5926fdbf0791f6c8c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-stock-manager-814789c90e4385b5926fdbf0791f6c8c + +info: + name: > + Stock Manager for WooCommerce <= 2.10.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99984fff-94e3-46fb-8241-88fcda556054?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-stock-manager/" + google-query: inurl:"/wp-content/plugins/woocommerce-stock-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-stock-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-stock-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-stock-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.11.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-stock-manager-febc39f061d4ea440e6c2d9bf3acdb4c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-stock-manager-febc39f061d4ea440e6c2d9bf3acdb4c.yaml new file mode 100644 index 0000000000..b4c2e95500 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-stock-manager-febc39f061d4ea440e6c2d9bf3acdb4c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-stock-manager-febc39f061d4ea440e6c2d9bf3acdb4c + +info: + name: > + WooCommerce Stock Manager <= 2.5.7 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376f2fbf-98a4-49d9-bd22-40da5d37b62d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-stock-manager/" + google-query: inurl:"/wp-content/plugins/woocommerce-stock-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-stock-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-stock-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-stock-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-22e18aac0c8974a11f388cc18919e7ec.yaml b/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-22e18aac0c8974a11f388cc18919e7ec.yaml new file mode 100644 index 0000000000..870d5f2510 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-22e18aac0c8974a11f388cc18919e7ec.yaml @@ -0,0 +1,58 @@ +id: woocommerce-store-toolkit-22e18aac0c8974a11f388cc18919e7ec + +info: + name: > + Store Toolkit for WooCommerce <= 2.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a769f8a-c1c1-4be1-b7ae-e1cb6eeda28c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-store-toolkit/" + google-query: inurl:"/wp-content/plugins/woocommerce-store-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-store-toolkit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-store-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-store-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-6604e9811397b340324d84776057ca87.yaml b/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-6604e9811397b340324d84776057ca87.yaml new file mode 100644 index 0000000000..daf75819ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-6604e9811397b340324d84776057ca87.yaml @@ -0,0 +1,58 @@ +id: woocommerce-store-toolkit-6604e9811397b340324d84776057ca87 + +info: + name: > + Store Toolkit for WooCommerce <= 1.5.7 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbd4a482-7176-446f-804d-e0cd0764a2cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-store-toolkit/" + google-query: inurl:"/wp-content/plugins/woocommerce-store-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-store-toolkit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-store-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-store-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-a07726826b94a32080195c3e79a97baf.yaml b/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-a07726826b94a32080195c3e79a97baf.yaml new file mode 100644 index 0000000000..65ec4bd16d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-store-toolkit-a07726826b94a32080195c3e79a97baf.yaml @@ -0,0 +1,58 @@ +id: woocommerce-store-toolkit-a07726826b94a32080195c3e79a97baf + +info: + name: > + Store Toolkit for WooCommerce <= 1.5.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26399541-a6a7-4c01-b72c-1ebf73f18c84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-store-toolkit/" + google-query: inurl:"/wp-content/plugins/woocommerce-store-toolkit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-store-toolkit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-store-toolkit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-store-toolkit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-5d14f17d0a9567bc2e5e172cd96c2e2f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-5d14f17d0a9567bc2e5e172cd96c2e2f.yaml new file mode 100644 index 0000000000..27db75145c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-5d14f17d0a9567bc2e5e172cd96c2e2f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-subscriptions-5d14f17d0a9567bc2e5e172cd96c2e2f + +info: + name: > + WooCommerce Subscriptions < 5.8.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c01e3a86-8a2a-4200-b328-fb71afb2b196?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-subscriptions/" + google-query: inurl:"/wp-content/plugins/woocommerce-subscriptions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-subscriptions,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-subscriptions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-subscriptions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-c710e29aeb4a754ea209ddfa89b2e510.yaml b/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-c710e29aeb4a754ea209ddfa89b2e510.yaml new file mode 100644 index 0000000000..667ef3ea09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-c710e29aeb4a754ea209ddfa89b2e510.yaml @@ -0,0 +1,58 @@ +id: woocommerce-subscriptions-c710e29aeb4a754ea209ddfa89b2e510 + +info: + name: > + WooCommerce Subscriptions <= 5.1.2 - Missing Authorization to Insecure Direct Object Reference + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a45a6b3d-49e1-4e25-aa66-15b396da8986?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-subscriptions/" + google-query: inurl:"/wp-content/plugins/woocommerce-subscriptions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-subscriptions,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-subscriptions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-subscriptions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-f9c4b5a4e9087a30d794272cce966354.yaml b/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-f9c4b5a4e9087a30d794272cce966354.yaml new file mode 100644 index 0000000000..12de7f8801 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-subscriptions-f9c4b5a4e9087a30d794272cce966354.yaml @@ -0,0 +1,58 @@ +id: woocommerce-subscriptions-f9c4b5a4e9087a30d794272cce966354 + +info: + name: > + WooCommerce Subscriptions < 2.6.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a71fda4-3c67-4053-ac1e-9cf3f5feb8c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-subscriptions/" + google-query: inurl:"/wp-content/plugins/woocommerce-subscriptions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-subscriptions,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-subscriptions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-subscriptions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-superfaktura-c713f885667125d83707da22fe966bb2.yaml b/nuclei-templates/cve-less/plugins/woocommerce-superfaktura-c713f885667125d83707da22fe966bb2.yaml new file mode 100644 index 0000000000..7e8226179c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-superfaktura-c713f885667125d83707da22fe966bb2.yaml @@ -0,0 +1,58 @@ +id: woocommerce-superfaktura-c713f885667125d83707da22fe966bb2 + +info: + name: > + SuperFaktura WooCommerce <= 1.40.3 - Authenticated (Subscriber+) Blind Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/520598d7-863f-4bf3-ba74-fa9b2cc32767?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-superfaktura/" + google-query: inurl:"/wp-content/plugins/woocommerce-superfaktura/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-superfaktura,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-superfaktura/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-superfaktura" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.40.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-upload-files-82ad20df19b26c5e50cfbeea380e1cf4.yaml b/nuclei-templates/cve-less/plugins/woocommerce-upload-files-82ad20df19b26c5e50cfbeea380e1cf4.yaml new file mode 100644 index 0000000000..0c46597a88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-upload-files-82ad20df19b26c5e50cfbeea380e1cf4.yaml @@ -0,0 +1,58 @@ +id: woocommerce-upload-files-82ad20df19b26c5e50cfbeea380e1cf4 + +info: + name: > + WooCommerce Upload Files <= 59.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e353a269-c7f5-4b6a-9f9e-be459ead0335?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-upload-files/" + google-query: inurl:"/wp-content/plugins/woocommerce-upload-files/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-upload-files,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-upload-files/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-upload-files" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 59.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-warranties-and-returns-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/woocommerce-warranties-and-returns-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..c9b34555bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-warranties-and-returns-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: woocommerce-warranties-and-returns-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-warranties-and-returns/" + google-query: inurl:"/wp-content/plugins/woocommerce-warranties-and-returns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-warranties-and-returns,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-warranties-and-returns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-warranties-and-returns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-warranty-17db65035566800d21b599e4302d577c.yaml b/nuclei-templates/cve-less/plugins/woocommerce-warranty-17db65035566800d21b599e4302d577c.yaml new file mode 100644 index 0000000000..383b22786c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-warranty-17db65035566800d21b599e4302d577c.yaml @@ -0,0 +1,58 @@ +id: woocommerce-warranty-17db65035566800d21b599e4302d577c + +info: + name: > + WooCommerce Warranty Requests <= 2.2.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8970d08-6c75-4dbb-ad24-6d9ba4c07530?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-warranty/" + google-query: inurl:"/wp-content/plugins/woocommerce-warranty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-warranty,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-warranty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-warranty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-warranty-90191aff4f4fd94ead6048a6f9309bb7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-warranty-90191aff4f4fd94ead6048a6f9309bb7.yaml new file mode 100644 index 0000000000..eb7040c067 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-warranty-90191aff4f4fd94ead6048a6f9309bb7.yaml @@ -0,0 +1,58 @@ +id: woocommerce-warranty-90191aff4f4fd94ead6048a6f9309bb7 + +info: + name: > + WooCommerce Warranty Requests <= 2.2.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03e96aea-30a2-4cd3-8967-52e1870cc293?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-warranty/" + google-query: inurl:"/wp-content/plugins/woocommerce-warranty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-warranty,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-warranty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-warranty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-warranty-ac9e437a3a3be183da02189f782c1fad.yaml b/nuclei-templates/cve-less/plugins/woocommerce-warranty-ac9e437a3a3be183da02189f782c1fad.yaml new file mode 100644 index 0000000000..640e822f2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-warranty-ac9e437a3a3be183da02189f782c1fad.yaml @@ -0,0 +1,58 @@ +id: woocommerce-warranty-ac9e437a3a3be183da02189f782c1fad + +info: + name: > + WooCommerce Warranty Requests <= 2.1.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59b09f36-79e8-4f14-b970-a7994d193782?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-warranty/" + google-query: inurl:"/wp-content/plugins/woocommerce-warranty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-warranty,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-warranty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-warranty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-warranty-d1c23493ccad67b72beabba59496692f.yaml b/nuclei-templates/cve-less/plugins/woocommerce-warranty-d1c23493ccad67b72beabba59496692f.yaml new file mode 100644 index 0000000000..31f9bfb8e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-warranty-d1c23493ccad67b72beabba59496692f.yaml @@ -0,0 +1,58 @@ +id: woocommerce-warranty-d1c23493ccad67b72beabba59496692f + +info: + name: > + WooCommerce Warranty Requests <= 2.1.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1665fda6-005d-42ba-883d-2e3ad7abe0ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-warranty/" + google-query: inurl:"/wp-content/plugins/woocommerce-warranty/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-warranty,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-warranty/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-warranty" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-wholesale-prices-6d6e0436ccffe0043617b48128024cf4.yaml b/nuclei-templates/cve-less/plugins/woocommerce-wholesale-prices-6d6e0436ccffe0043617b48128024cf4.yaml new file mode 100644 index 0000000000..98dd307ede --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-wholesale-prices-6d6e0436ccffe0043617b48128024cf4.yaml @@ -0,0 +1,58 @@ +id: woocommerce-wholesale-prices-6d6e0436ccffe0043617b48128024cf4 + +info: + name: > + Wholesale Suite <= 2.1.5 - Authenticated (Subscriber+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/972fba75-8230-4991-a697-34ab850ddee5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-wholesale-prices/" + google-query: inurl:"/wp-content/plugins/woocommerce-wholesale-prices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-wholesale-prices,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-wholesale-prices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-wholesale-prices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-wholesale-prices-ea695aba033f5eaa6e1bbebc4ad1cb3b.yaml b/nuclei-templates/cve-less/plugins/woocommerce-wholesale-prices-ea695aba033f5eaa6e1bbebc4ad1cb3b.yaml new file mode 100644 index 0000000000..6363ea1849 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-wholesale-prices-ea695aba033f5eaa6e1bbebc4ad1cb3b.yaml @@ -0,0 +1,58 @@ +id: woocommerce-wholesale-prices-ea695aba033f5eaa6e1bbebc4ad1cb3b + +info: + name: > + Wholesale Suite <= 2.1.5 - Missing Authorization to Plugin Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f713f2f8-545a-4f54-a028-8422c0942a63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-wholesale-prices/" + google-query: inurl:"/wp-content/plugins/woocommerce-wholesale-prices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-wholesale-prices,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-wholesale-prices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-wholesale-prices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-wholesale-pricing-a0de754d48741e450291ec842fdf7fcc.yaml b/nuclei-templates/cve-less/plugins/woocommerce-wholesale-pricing-a0de754d48741e450291ec842fdf7fcc.yaml new file mode 100644 index 0000000000..5e505660b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-wholesale-pricing-a0de754d48741e450291ec842fdf7fcc.yaml @@ -0,0 +1,58 @@ +id: woocommerce-wholesale-pricing-a0de754d48741e450291ec842fdf7fcc + +info: + name: > + Wholesale For WooCommerce <= 2.3.0 - Unauthenticated Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c1c208e-ae4a-40fb-9495-5268e5e929e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-wholesale-pricing/" + google-query: inurl:"/wp-content/plugins/woocommerce-wholesale-pricing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-wholesale-pricing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-wholesale-pricing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-wholesale-pricing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-wholesale-pricing-f5210926c29e7df2401ce419d82b4fb7.yaml b/nuclei-templates/cve-less/plugins/woocommerce-wholesale-pricing-f5210926c29e7df2401ce419d82b4fb7.yaml new file mode 100644 index 0000000000..c600c96dc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-wholesale-pricing-f5210926c29e7df2401ce419d82b4fb7.yaml @@ -0,0 +1,58 @@ +id: woocommerce-wholesale-pricing-f5210926c29e7df2401ce419d82b4fb7 + +info: + name: > + Wholesale For WooCommerce <= 2.3.0 - Unauthenticated Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f734db8-216e-43f3-8082-ebdcc28d3606?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-wholesale-pricing/" + google-query: inurl:"/wp-content/plugins/woocommerce-wholesale-pricing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-wholesale-pricing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-wholesale-pricing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-wholesale-pricing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woocommerce-woocart-popup-lite-90a621b8b64ebeedf4e6b4f1f9506dab.yaml b/nuclei-templates/cve-less/plugins/woocommerce-woocart-popup-lite-90a621b8b64ebeedf4e6b4f1f9506dab.yaml new file mode 100644 index 0000000000..80028bf94f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woocommerce-woocart-popup-lite-90a621b8b64ebeedf4e6b4f1f9506dab.yaml @@ -0,0 +1,58 @@ +id: woocommerce-woocart-popup-lite-90a621b8b64ebeedf4e6b4f1f9506dab + +info: + name: > + Popup Cart Lite for WooCommerce <= 1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05cac571-6689-4a69-b600-3cfeaa1d3c47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woocommerce-woocart-popup-lite/" + google-query: inurl:"/wp-content/plugins/woocommerce-woocart-popup-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woocommerce-woocart-popup-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woocommerce-woocart-popup-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woocommerce-woocart-popup-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woodiscuz-woocommerce-comments-11d5ca6aae21b29aac64f7355ab7d838.yaml b/nuclei-templates/cve-less/plugins/woodiscuz-woocommerce-comments-11d5ca6aae21b29aac64f7355ab7d838.yaml new file mode 100644 index 0000000000..bfe70dfd56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woodiscuz-woocommerce-comments-11d5ca6aae21b29aac64f7355ab7d838.yaml @@ -0,0 +1,58 @@ +id: woodiscuz-woocommerce-comments-11d5ca6aae21b29aac64f7355ab7d838 + +info: + name: > + WooDiscuz – WooCommerce Comments <= 2.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01bd8a24-5580-4b16-94b3-c231d5fe7a01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woodiscuz-woocommerce-comments/" + google-query: inurl:"/wp-content/plugins/woodiscuz-woocommerce-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woodiscuz-woocommerce-comments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woodiscuz-woocommerce-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woodiscuz-woocommerce-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woodiscuz-woocommerce-comments-1dbd0f5d4eba498d79dffc911453625c.yaml b/nuclei-templates/cve-less/plugins/woodiscuz-woocommerce-comments-1dbd0f5d4eba498d79dffc911453625c.yaml new file mode 100644 index 0000000000..d9e24cc722 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woodiscuz-woocommerce-comments-1dbd0f5d4eba498d79dffc911453625c.yaml @@ -0,0 +1,58 @@ +id: woodiscuz-woocommerce-comments-1dbd0f5d4eba498d79dffc911453625c + +info: + name: > + WooDiscuz – WooCommerce Comments <= 2.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0bfa461-5cea-40e8-af9f-800cdbb6efb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woodiscuz-woocommerce-comments/" + google-query: inurl:"/wp-content/plugins/woodiscuz-woocommerce-comments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woodiscuz-woocommerce-comments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woodiscuz-woocommerce-comments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woodiscuz-woocommerce-comments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woodmart-core-32a5c2fd9daa910750906c2719426827.yaml b/nuclei-templates/cve-less/plugins/woodmart-core-32a5c2fd9daa910750906c2719426827.yaml new file mode 100644 index 0000000000..4fe7e8a7dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woodmart-core-32a5c2fd9daa910750906c2719426827.yaml @@ -0,0 +1,58 @@ +id: woodmart-core-32a5c2fd9daa910750906c2719426827 + +info: + name: > + Woodmart Core <= 1.0.36 - Authentication Bypass to Privilege Escalation + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60f043e9-7947-4fff-a9a8-94a1f421db7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woodmart-core/" + google-query: inurl:"/wp-content/plugins/woodmart-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woodmart-core,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woodmart-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woodmart-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woodmart-core-e297cccd68c340cc70a93b54e4b06686.yaml b/nuclei-templates/cve-less/plugins/woodmart-core-e297cccd68c340cc70a93b54e4b06686.yaml new file mode 100644 index 0000000000..891fd0ef06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woodmart-core-e297cccd68c340cc70a93b54e4b06686.yaml @@ -0,0 +1,58 @@ +id: woodmart-core-e297cccd68c340cc70a93b54e4b06686 + +info: + name: > + Woodmart Core <= 1.0.36 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef79e5a8-8bac-42b3-a064-6eea597701c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woodmart-core/" + google-query: inurl:"/wp-content/plugins/woodmart-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woodmart-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woodmart-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woodmart-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wooemailreport-b8484e4bbe43b173d4b67998a26e2ce3.yaml b/nuclei-templates/cve-less/plugins/wooemailreport-b8484e4bbe43b173d4b67998a26e2ce3.yaml new file mode 100644 index 0000000000..2df28b5b22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wooemailreport-b8484e4bbe43b173d4b67998a26e2ce3.yaml @@ -0,0 +1,58 @@ +id: wooemailreport-b8484e4bbe43b173d4b67998a26e2ce3 + +info: + name: > + Woocommerce Email Report <= 2.4 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abdbee50-b8c3-4254-a828-37629a798c92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wooemailreport/" + google-query: inurl:"/wp-content/plugins/wooemailreport/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wooemailreport,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wooemailreport/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wooemailreport" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wooframework-branding-1cab07c4811f7b84831ca9fc37bca8af.yaml b/nuclei-templates/cve-less/plugins/wooframework-branding-1cab07c4811f7b84831ca9fc37bca8af.yaml new file mode 100644 index 0000000000..3feaa6a5c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wooframework-branding-1cab07c4811f7b84831ca9fc37bca8af.yaml @@ -0,0 +1,58 @@ +id: wooframework-branding-1cab07c4811f7b84831ca9fc37bca8af + +info: + name: > + WooFramework Branding <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/930d8c9e-4af0-49f0-adcc-246800e71284?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wooframework-branding/" + google-query: inurl:"/wp-content/plugins/wooframework-branding/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wooframework-branding,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wooframework-branding/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wooframework-branding" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wooframework-tweaks-9657eccbcacadfd84a104020a1ba720f.yaml b/nuclei-templates/cve-less/plugins/wooframework-tweaks-9657eccbcacadfd84a104020a1ba720f.yaml new file mode 100644 index 0000000000..8a81e77182 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wooframework-tweaks-9657eccbcacadfd84a104020a1ba720f.yaml @@ -0,0 +1,58 @@ +id: wooframework-tweaks-9657eccbcacadfd84a104020a1ba720f + +info: + name: > + WooFramework Tweaks <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d8056cb-58e5-468b-9316-c862c6d8c930?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wooframework-tweaks/" + google-query: inurl:"/wp-content/plugins/wooframework-tweaks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wooframework-tweaks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wooframework-tweaks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wooframework-tweaks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woofunnels-aero-checkout-211b4e2e29da3a6c7a3f6f46fc11c764.yaml b/nuclei-templates/cve-less/plugins/woofunnels-aero-checkout-211b4e2e29da3a6c7a3f6f46fc11c764.yaml new file mode 100644 index 0000000000..59aca8633f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woofunnels-aero-checkout-211b4e2e29da3a6c7a3f6f46fc11c764.yaml @@ -0,0 +1,58 @@ +id: woofunnels-aero-checkout-211b4e2e29da3a6c7a3f6f46fc11c764 + +info: + name: > + FunnelKit Checkout <= 3.10.3 - Authenticated(Subscriber+) Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f789ff9-5d86-4911-8b2f-2a425393c61d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woofunnels-aero-checkout/" + google-query: inurl:"/wp-content/plugins/woofunnels-aero-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woofunnels-aero-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woofunnels-aero-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woofunnels-aero-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woofunnels-aero-checkout-3553b5d538c18918d9dc4a1b5515d805.yaml b/nuclei-templates/cve-less/plugins/woofunnels-aero-checkout-3553b5d538c18918d9dc4a1b5515d805.yaml new file mode 100644 index 0000000000..8b7f1b3246 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woofunnels-aero-checkout-3553b5d538c18918d9dc4a1b5515d805.yaml @@ -0,0 +1,58 @@ +id: woofunnels-aero-checkout-3553b5d538c18918d9dc4a1b5515d805 + +info: + name: > + FunnelKit Checkout <= 3.10.3 - Unauthenticated Arbitrary Content Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9d07faf-cc88-4233-a552-55e3376a2fc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woofunnels-aero-checkout/" + google-query: inurl:"/wp-content/plugins/woofunnels-aero-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woofunnels-aero-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woofunnels-aero-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woofunnels-aero-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woofunnels-aero-checkout-a3e402dfd0b7363889b8931013656dea.yaml b/nuclei-templates/cve-less/plugins/woofunnels-aero-checkout-a3e402dfd0b7363889b8931013656dea.yaml new file mode 100644 index 0000000000..fa1b5b753d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woofunnels-aero-checkout-a3e402dfd0b7363889b8931013656dea.yaml @@ -0,0 +1,58 @@ +id: woofunnels-aero-checkout-a3e402dfd0b7363889b8931013656dea + +info: + name: > + FunnelKit Checkout <= 3.10.3 - Authenticated(Subscriber+) Missing Authorization to Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9603e394-b358-4599-8610-ef5737a39de0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woofunnels-aero-checkout/" + google-query: inurl:"/wp-content/plugins/woofunnels-aero-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woofunnels-aero-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woofunnels-aero-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woofunnels-aero-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-00621ef6c76184f88ccca1414d74fac7.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-00621ef6c76184f88ccca1414d74fac7.yaml new file mode 100644 index 0000000000..1995e5de7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-00621ef6c76184f88ccca1414d74fac7.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-00621ef6c76184f88ccca1414d74fac7 + +info: + name: > + ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27b8e0c0-fb0b-4d36-abc4-3e66ec7b5195?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-092f1fde35361407c0c7db51482b885d.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-092f1fde35361407c0c7db51482b885d.yaml new file mode 100644 index 0000000000..2e86532c2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-092f1fde35361407c0c7db51482b885d.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-092f1fde35361407c0c7db51482b885d + +info: + name: > + ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.7 - Authenticated (contributor+) Stored Cross-Site Scripting via _id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/563d44cd-5f5a-4914-8312-c554085b0821?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-0affc1d09cec859aeeea9abdfeb1c7b6.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-0affc1d09cec859aeeea9abdfeb1c7b6.yaml new file mode 100644 index 0000000000..b5b5a08b57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-0affc1d09cec859aeeea9abdfeb1c7b6.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-0affc1d09cec859aeeea9abdfeb1c7b6 + +info: + name: > + ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/860c2339-b2a9-4a4e-a186-07a5fb042b06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-2f369022c90ab11184f498c7e18175e1.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-2f369022c90ab11184f498c7e18175e1.yaml new file mode 100644 index 0000000000..5f712fc997 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-2f369022c90ab11184f498c7e18175e1.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-2f369022c90ab11184f498c7e18175e1 + +info: + name: > + WooLentor <= 2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c101b69d-02c2-4075-8de7-0988ba3c74cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-7c425cf580174869d5b1f033a9941ff6.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-7c425cf580174869d5b1f033a9941ff6.yaml new file mode 100644 index 0000000000..1569157e42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-7c425cf580174869d5b1f033a9941ff6.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-7c425cf580174869d5b1f033a9941ff6 + +info: + name: > + WooLentor <= 2.6.2 - Cross-Site Request Forgery via process_data + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c068079-0857-4116-8edb-1bc2fea3c6b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-925ecf8dc9bb2b2baefb9be7dfe4e0e0.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-925ecf8dc9bb2b2baefb9be7dfe4e0e0.yaml new file mode 100644 index 0000000000..83526ec5be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-925ecf8dc9bb2b2baefb9be7dfe4e0e0.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-925ecf8dc9bb2b2baefb9be7dfe4e0e0 + +info: + name: > + ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e64525-6080-40f3-a296-389b800a5e8a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-9d840efd84947ddae0da773e8bea6c66.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-9d840efd84947ddae0da773e8bea6c66.yaml new file mode 100644 index 0000000000..c385dfb64e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-9d840efd84947ddae0da773e8bea6c66.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-9d840efd84947ddae0da773e8bea6c66 + +info: + name: > + ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32b70801-d80f-40dc-8321-e12ac0b8c695?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-a09c2c9abc79ca137e522820700cc3d7.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-a09c2c9abc79ca137e522820700cc3d7.yaml new file mode 100644 index 0000000000..63f75f3f48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-a09c2c9abc79ca137e522820700cc3d7.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-a09c2c9abc79ca137e522820700cc3d7 + +info: + name: > + ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6d8212d-7e72-487d-a4e8-0582fa72f602?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-bd64f1f16c4920e8819a833f00007e5e.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-bd64f1f16c4920e8819a833f00007e5e.yaml new file mode 100644 index 0000000000..bcc2799dd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-bd64f1f16c4920e8819a833f00007e5e.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-bd64f1f16c4920e8819a833f00007e5e + +info: + name: > + WooLentor – WooCommerce Elementor Addons + Builder <= 1.8.5 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2edc7c4d-598d-4c9c-9aad-ccc97f6a3ac0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-c4fa40659d43973eb06846ab990bf0bc.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-c4fa40659d43973eb06846ab990bf0bc.yaml new file mode 100644 index 0000000000..74348c6056 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-c4fa40659d43973eb06846ab990bf0bc.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-c4fa40659d43973eb06846ab990bf0bc + +info: + name: > + WooLentor <= 2.5.3 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fdb6e4d-a94d-448c-aaea-0f38eeafd033?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-e2e16530577d94aba470c5d11e9df874.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-e2e16530577d94aba470c5d11e9df874.yaml new file mode 100644 index 0000000000..34b14e81a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-e2e16530577d94aba470c5d11e9df874.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-e2e16530577d94aba470c5d11e9df874 + +info: + name: > + ShopLentor <= 2.5.1 - Cross-Site Request Forgery to Post Updates + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db952443-2588-4da0-87d8-5bd2d3be039c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woolentor-addons-f19b67578553b4899e4857d2a0013f9e.yaml b/nuclei-templates/cve-less/plugins/woolentor-addons-f19b67578553b4899e4857d2a0013f9e.yaml new file mode 100644 index 0000000000..87a63e5399 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woolentor-addons-f19b67578553b4899e4857d2a0013f9e.yaml @@ -0,0 +1,58 @@ +id: woolentor-addons-f19b67578553b4899e4857d2a0013f9e + +info: + name: > + ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/263324cb-31b7-40ad-ad7d-4582e128cd75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woolentor-addons/" + google-query: inurl:"/wp-content/plugins/woolentor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woolentor-addons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woolentor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woolentor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woomotiv-fb36175cd4f9026269e4e65b050f0b1c.yaml b/nuclei-templates/cve-less/plugins/woomotiv-fb36175cd4f9026269e4e65b050f0b1c.yaml new file mode 100644 index 0000000000..d3095a2af3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woomotiv-fb36175cd4f9026269e4e65b050f0b1c.yaml @@ -0,0 +1,58 @@ +id: woomotiv-fb36175cd4f9026269e4e65b050f0b1c + +info: + name: > + Live Sales Notification for Woocommerce – Woomotiv <= 3.4.3 - Cross-Site Request Forgery via ajax_cancel_review + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1c1b43-def2-4f9f-b5c7-075ca188f6e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woomotiv/" + google-query: inurl:"/wp-content/plugins/woomotiv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woomotiv,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woomotiv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woomotiv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woopra-4e90b64e5c0880980f44418deca3c91b.yaml b/nuclei-templates/cve-less/plugins/woopra-4e90b64e5c0880980f44418deca3c91b.yaml new file mode 100644 index 0000000000..7d787b64bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woopra-4e90b64e5c0880980f44418deca3c91b.yaml @@ -0,0 +1,58 @@ +id: woopra-4e90b64e5c0880980f44418deca3c91b + +info: + name: > + Various Affected Software (Various Versions) - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d5d9ef7-3832-495c-b61b-7e24c2e60893?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woopra/" + google-query: inurl:"/wp-content/plugins/woopra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woopra,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woopra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woopra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wooreviews-importer-b55a13d9b3421679e7e8eb49d23be81c.yaml b/nuclei-templates/cve-less/plugins/wooreviews-importer-b55a13d9b3421679e7e8eb49d23be81c.yaml new file mode 100644 index 0000000000..85feba8349 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wooreviews-importer-b55a13d9b3421679e7e8eb49d23be81c.yaml @@ -0,0 +1,58 @@ +id: wooreviews-importer-b55a13d9b3421679e7e8eb49d23be81c + +info: + name: > + IRivYou <= 2.2.1 - Cross-Site Request Forgery via saveOptionsReviewsPlugin + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5607cc07-5104-45d0-8279-ba0ef3ebcbe9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wooreviews-importer/" + google-query: inurl:"/wp-content/plugins/wooreviews-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wooreviews-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wooreviews-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wooreviews-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woorewards-9d13f1d3852ef39a0de552cc88d8fec7.yaml b/nuclei-templates/cve-less/plugins/woorewards-9d13f1d3852ef39a0de552cc88d8fec7.yaml new file mode 100644 index 0000000000..605fd8406e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woorewards-9d13f1d3852ef39a0de552cc88d8fec7.yaml @@ -0,0 +1,58 @@ +id: woorewards-9d13f1d3852ef39a0de552cc88d8fec7 + +info: + name: > + MyRewards <= 5.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4eff0dfd-f7e6-4f5f-b1c8-00f69fa0df78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woorewards/" + google-query: inurl:"/wp-content/plugins/woorewards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woorewards,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woorewards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woorewards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woosaleskit-bar-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/woosaleskit-bar-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..9919736a6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woosaleskit-bar-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: woosaleskit-bar-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woosaleskit-bar/" + google-query: inurl:"/wp-content/plugins/woosaleskit-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woosaleskit-bar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woosaleskit-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woosaleskit-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wooshark-aliexpress-importer-362d3676648172fe24d0a4f6ea7f422f.yaml b/nuclei-templates/cve-less/plugins/wooshark-aliexpress-importer-362d3676648172fe24d0a4f6ea7f422f.yaml new file mode 100644 index 0000000000..8d6a018461 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wooshark-aliexpress-importer-362d3676648172fe24d0a4f6ea7f422f.yaml @@ -0,0 +1,58 @@ +id: wooshark-aliexpress-importer-362d3676648172fe24d0a4f6ea7f422f + +info: + name: > + Sharkdropship for AliExpress Dropship and Affiliate <= 2.2.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8812cfe-4bbe-44ba-9513-7f81bad68d11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wooshark-aliexpress-importer/" + google-query: inurl:"/wp-content/plugins/wooshark-aliexpress-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wooshark-aliexpress-importer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wooshark-aliexpress-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wooshark-aliexpress-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wooshark-aliexpress-importer-b2a85d8fd51446e550fee890b46b39fe.yaml b/nuclei-templates/cve-less/plugins/wooshark-aliexpress-importer-b2a85d8fd51446e550fee890b46b39fe.yaml new file mode 100644 index 0000000000..66692a236a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wooshark-aliexpress-importer-b2a85d8fd51446e550fee890b46b39fe.yaml @@ -0,0 +1,58 @@ +id: wooshark-aliexpress-importer-b2a85d8fd51446e550fee890b46b39fe + +info: + name: > + Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a2e636d-e602-4ab0-80f2-525a8a1f8388?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wooshark-aliexpress-importer/" + google-query: inurl:"/wp-content/plugins/wooshark-aliexpress-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wooshark-aliexpress-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wooshark-aliexpress-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wooshark-aliexpress-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woosidebars-354dafbbd9f0f8346bf3ecdcdb25b186.yaml b/nuclei-templates/cve-less/plugins/woosidebars-354dafbbd9f0f8346bf3ecdcdb25b186.yaml new file mode 100644 index 0000000000..3c0a58be86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woosidebars-354dafbbd9f0f8346bf3ecdcdb25b186.yaml @@ -0,0 +1,58 @@ +id: woosidebars-354dafbbd9f0f8346bf3ecdcdb25b186 + +info: + name: > + WooSidebars <= 1.4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e15b81f7-4d3b-4505-b345-1019fed0fef1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woosidebars/" + google-query: inurl:"/wp-content/plugins/woosidebars/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woosidebars,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woosidebars/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woosidebars" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woosidebars-sbm-converter-209b59f9f6a6704c1242005d050454d8.yaml b/nuclei-templates/cve-less/plugins/woosidebars-sbm-converter-209b59f9f6a6704c1242005d050454d8.yaml new file mode 100644 index 0000000000..1b49093b30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woosidebars-sbm-converter-209b59f9f6a6704c1242005d050454d8.yaml @@ -0,0 +1,58 @@ +id: woosidebars-sbm-converter-209b59f9f6a6704c1242005d050454d8 + +info: + name: > + WooSidebars Sidebar Manager Converter <= 1.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3462a1b7-74d9-431a-b1c6-9960f1ad0c19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woosidebars-sbm-converter/" + google-query: inurl:"/wp-content/plugins/woosidebars-sbm-converter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woosidebars-sbm-converter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woosidebars-sbm-converter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woosidebars-sbm-converter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woosms-sms-module-for-woocommerce-9cbc81546b21a100994e807b3ec7d261.yaml b/nuclei-templates/cve-less/plugins/woosms-sms-module-for-woocommerce-9cbc81546b21a100994e807b3ec7d261.yaml new file mode 100644 index 0000000000..a7423bbc2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woosms-sms-module-for-woocommerce-9cbc81546b21a100994e807b3ec7d261.yaml @@ -0,0 +1,58 @@ +id: woosms-sms-module-for-woocommerce-9cbc81546b21a100994e807b3ec7d261 + +info: + name: > + BulkGate SMS Plugin for WooCommerce <= 3.0.2 - Missing Authorization via Multiple AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93e590f8-5f8d-4ee5-bcff-96bcb8daf4b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woosms-sms-module-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/woosms-sms-module-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woosms-sms-module-for-woocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woosms-sms-module-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woosms-sms-module-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woosquare-19746aa654bdce1c5c57da933bb299ae.yaml b/nuclei-templates/cve-less/plugins/woosquare-19746aa654bdce1c5c57da933bb299ae.yaml new file mode 100644 index 0000000000..494d89b403 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woosquare-19746aa654bdce1c5c57da933bb299ae.yaml @@ -0,0 +1,58 @@ +id: woosquare-19746aa654bdce1c5c57da933bb299ae + +info: + name: > + APIExperts Square for WooCommerce <= 4.2.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e43713c7-32bd-4b82-a4da-6c02d91f3d3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woosquare/" + google-query: inurl:"/wp-content/plugins/woosquare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woosquare,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woosquare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woosquare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woosquare-63a838c07fa7f4dbcc749cd4ec305acf.yaml b/nuclei-templates/cve-less/plugins/woosquare-63a838c07fa7f4dbcc749cd4ec305acf.yaml new file mode 100644 index 0000000000..fad54d7cd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woosquare-63a838c07fa7f4dbcc749cd4ec305acf.yaml @@ -0,0 +1,58 @@ +id: woosquare-63a838c07fa7f4dbcc749cd4ec305acf + +info: + name: > + APIExperts Square for WooCommerce <= 4.4.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e1193b1-6e5a-4ecc-ae97-1a3129ad330e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woosquare/" + google-query: inurl:"/wp-content/plugins/woosquare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woosquare,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woosquare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woosquare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woostify-sites-library-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/woostify-sites-library-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..54a89dc0ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woostify-sites-library-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: woostify-sites-library-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woostify-sites-library/" + google-query: inurl:"/wp-content/plugins/woostify-sites-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woostify-sites-library,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woostify-sites-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woostify-sites-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woostify-sites-library-bf6365dff081103c217daff8833cbf80.yaml b/nuclei-templates/cve-less/plugins/woostify-sites-library-bf6365dff081103c217daff8833cbf80.yaml new file mode 100644 index 0000000000..9e696735ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woostify-sites-library-bf6365dff081103c217daff8833cbf80.yaml @@ -0,0 +1,58 @@ +id: woostify-sites-library-bf6365dff081103c217daff8833cbf80 + +info: + name: > + Woostify Sites Library + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/977ab23a-06b2-4f54-a2c2-3be2316eaceb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woostify-sites-library/" + google-query: inurl:"/wp-content/plugins/woostify-sites-library/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woostify-sites-library,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woostify-sites-library/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woostify-sites-library" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woosupply-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/woosupply-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..a5c318fbb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woosupply-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: woosupply-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woosupply/" + google-query: inurl:"/wp-content/plugins/woosupply/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woosupply,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woosupply/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woosupply" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2.') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wooswipe-e20e9bcb00e5e945a6bb2c24c79d65cf.yaml b/nuclei-templates/cve-less/plugins/wooswipe-e20e9bcb00e5e945a6bb2c24c79d65cf.yaml new file mode 100644 index 0000000000..c1bff7f5fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wooswipe-e20e9bcb00e5e945a6bb2c24c79d65cf.yaml @@ -0,0 +1,58 @@ +id: wooswipe-e20e9bcb00e5e945a6bb2c24c79d65cf + +info: + name: > + WooSwipe WooCommerce Gallery <= 3.0.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d66665b6-8cb2-4bc0-929d-4a8689bada9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wooswipe/" + google-query: inurl:"/wp-content/plugins/wooswipe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wooswipe,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wooswipe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wooswipe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woovip-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/woovip-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..fd2c9f2616 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woovip-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: woovip-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woovip/" + google-query: inurl:"/wp-content/plugins/woovip/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woovip,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woovip/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woovip" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woovirtualwallet-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/woovirtualwallet-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..33bc649795 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woovirtualwallet-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: woovirtualwallet-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woovirtualwallet/" + google-query: inurl:"/wp-content/plugins/woovirtualwallet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woovirtualwallet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woovirtualwallet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woovirtualwallet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woozone-605a67411fb1b4e46eb2a9b231a35b01.yaml b/nuclei-templates/cve-less/plugins/woozone-605a67411fb1b4e46eb2a9b231a35b01.yaml new file mode 100644 index 0000000000..98dfebc1a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woozone-605a67411fb1b4e46eb2a9b231a35b01.yaml @@ -0,0 +1,58 @@ +id: woozone-605a67411fb1b4e46eb2a9b231a35b01 + +info: + name: > + WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8abe5885-0f04-4545-a2fe-7aa2a1dcbbe6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woozone/" + google-query: inurl:"/wp-content/plugins/woozone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woozone,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woozone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woozone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woozone-854e0c6e8605c626361126b016b08a27.yaml b/nuclei-templates/cve-less/plugins/woozone-854e0c6e8605c626361126b016b08a27.yaml new file mode 100644 index 0000000000..9370dd7488 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woozone-854e0c6e8605c626361126b016b08a27.yaml @@ -0,0 +1,58 @@ +id: woozone-854e0c6e8605c626361126b016b08a27 + +info: + name: > + WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7193052f-1bef-426c-b0fe-4d70931f47ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woozone/" + google-query: inurl:"/wp-content/plugins/woozone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woozone,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woozone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woozone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woozone-9fc89469f8a530afdf83c67ae386fe4e.yaml b/nuclei-templates/cve-less/plugins/woozone-9fc89469f8a530afdf83c67ae386fe4e.yaml new file mode 100644 index 0000000000..f86d34e9e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woozone-9fc89469f8a530afdf83c67ae386fe4e.yaml @@ -0,0 +1,58 @@ +id: woozone-9fc89469f8a530afdf83c67ae386fe4e + +info: + name: > + WZone <= 14.0.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2621d2f1-7ce3-4858-9633-080ef916d374?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woozone/" + google-query: inurl:"/wp-content/plugins/woozone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woozone,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woozone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woozone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woozone-c9f6ba5dc3a76ccaf9e57d79e18e6ca4.yaml b/nuclei-templates/cve-less/plugins/woozone-c9f6ba5dc3a76ccaf9e57d79e18e6ca4.yaml new file mode 100644 index 0000000000..43e13269b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woozone-c9f6ba5dc3a76ccaf9e57d79e18e6ca4.yaml @@ -0,0 +1,58 @@ +id: woozone-c9f6ba5dc3a76ccaf9e57d79e18e6ca4 + +info: + name: > + WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca88c62d-0f27-40e0-9dd2-21d3d133fda3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woozone/" + google-query: inurl:"/wp-content/plugins/woozone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woozone,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woozone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woozone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woozone-e261de97ae518fadfa674900f6884131.yaml b/nuclei-templates/cve-less/plugins/woozone-e261de97ae518fadfa674900f6884131.yaml new file mode 100644 index 0000000000..8c1791bbd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woozone-e261de97ae518fadfa674900f6884131.yaml @@ -0,0 +1,58 @@ +id: woozone-e261de97ae518fadfa674900f6884131 + +info: + name: > + WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1a14fc2-cebe-4a0e-92b0-af2a9c805401?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woozone/" + google-query: inurl:"/wp-content/plugins/woozone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woozone,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woozone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woozone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/woozone-e2b6dedf58550635a9af3b0cb010148d.yaml b/nuclei-templates/cve-less/plugins/woozone-e2b6dedf58550635a9af3b0cb010148d.yaml new file mode 100644 index 0000000000..ad90b75933 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/woozone-e2b6dedf58550635a9af3b0cb010148d.yaml @@ -0,0 +1,58 @@ +id: woozone-e2b6dedf58550635a9af3b0cb010148d + +info: + name: > + WooCommerce Amazon Affiliates - Wordpress Plugin <= 14.0.10 - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5b110a5-4027-4c98-a348-325c8b9c8405?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/woozone/" + google-query: inurl:"/wp-content/plugins/woozone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,woozone,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/woozone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woozone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/word-balloon-367b7f8831e5629ea2336d98cf86a14a.yaml b/nuclei-templates/cve-less/plugins/word-balloon-367b7f8831e5629ea2336d98cf86a14a.yaml new file mode 100644 index 0000000000..0ed9b1c070 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/word-balloon-367b7f8831e5629ea2336d98cf86a14a.yaml @@ -0,0 +1,58 @@ +id: word-balloon-367b7f8831e5629ea2336d98cf86a14a + +info: + name: > + Word Balloon <= 4.19.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/503dcefe-1147-4b8e-96e2-c21f49a7bc5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/word-balloon/" + google-query: inurl:"/wp-content/plugins/word-balloon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,word-balloon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/word-balloon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "word-balloon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.19.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/word-balloon-a3cc2155590ae1415e931b5fb88c4ba6.yaml b/nuclei-templates/cve-less/plugins/word-balloon-a3cc2155590ae1415e931b5fb88c4ba6.yaml new file mode 100644 index 0000000000..a70abef6cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/word-balloon-a3cc2155590ae1415e931b5fb88c4ba6.yaml @@ -0,0 +1,58 @@ +id: word-balloon-a3cc2155590ae1415e931b5fb88c4ba6 + +info: + name: > + Word Balloon <= 4.20.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54297bce-e5b7-469e-9c28-1d88e78aacc7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/word-balloon/" + google-query: inurl:"/wp-content/plugins/word-balloon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,word-balloon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/word-balloon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "word-balloon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.20.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/word-replacer-ultra-82ccd5e1aeac71fd905aec731ee6d6b0.yaml b/nuclei-templates/cve-less/plugins/word-replacer-ultra-82ccd5e1aeac71fd905aec731ee6d6b0.yaml new file mode 100644 index 0000000000..88e75965f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/word-replacer-ultra-82ccd5e1aeac71fd905aec731ee6d6b0.yaml @@ -0,0 +1,58 @@ +id: word-replacer-ultra-82ccd5e1aeac71fd905aec731ee6d6b0 + +info: + name: > + Word Replacer Pro <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Content Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1da53718-c2a2-45d0-ad43-daff3c68342d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/word-replacer-ultra/" + google-query: inurl:"/wp-content/plugins/word-replacer-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,word-replacer-ultra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/word-replacer-ultra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "word-replacer-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/word-replacer-ultra-ca80be8d82d9f4b7b474971b5f658d56.yaml b/nuclei-templates/cve-less/plugins/word-replacer-ultra-ca80be8d82d9f4b7b474971b5f658d56.yaml new file mode 100644 index 0000000000..5cb679b197 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/word-replacer-ultra-ca80be8d82d9f4b7b474971b5f658d56.yaml @@ -0,0 +1,58 @@ +id: word-replacer-ultra-ca80be8d82d9f4b7b474971b5f658d56 + +info: + name: > + Word Replacer Pro <= 1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd31e8b0-6089-4521-a80f-e65e61ad062f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/word-replacer-ultra/" + google-query: inurl:"/wp-content/plugins/word-replacer-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,word-replacer-ultra,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/word-replacer-ultra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "word-replacer-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordable-3161964a915ebff8fbd41c85d4b1281d.yaml b/nuclei-templates/cve-less/plugins/wordable-3161964a915ebff8fbd41c85d4b1281d.yaml new file mode 100644 index 0000000000..bbf0a5af27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordable-3161964a915ebff8fbd41c85d4b1281d.yaml @@ -0,0 +1,58 @@ +id: wordable-3161964a915ebff8fbd41c85d4b1281d + +info: + name: > + Wordable <= 3.1.1 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be1ab218-37bd-407a-8cb9-66f761849c21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordable/" + google-query: inurl:"/wp-content/plugins/wordable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordable,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordapp-755ac9508c7a76c31cd7d0edf80b8b6e.yaml b/nuclei-templates/cve-less/plugins/wordapp-755ac9508c7a76c31cd7d0edf80b8b6e.yaml new file mode 100644 index 0000000000..e2bf6f3d16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordapp-755ac9508c7a76c31cd7d0edf80b8b6e.yaml @@ -0,0 +1,58 @@ +id: wordapp-755ac9508c7a76c31cd7d0edf80b8b6e + +info: + name: > + Wordapp <= 1.5.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80440bfa-4a02-4441-bbdb-52d7dd065a9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordapp/" + google-query: inurl:"/wp-content/plugins/wordapp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordapp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordapp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordapp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordfence-058c5e78b9996f732b9318d662c631ea.yaml b/nuclei-templates/cve-less/plugins/wordfence-058c5e78b9996f732b9318d662c631ea.yaml new file mode 100644 index 0000000000..4fce8fc42e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordfence-058c5e78b9996f732b9318d662c631ea.yaml @@ -0,0 +1,58 @@ +id: wordfence-058c5e78b9996f732b9318d662c631ea + +info: + name: > + Wordfence Security – Firewall & Malware Scan <= 5.1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58c79117-3a36-4a23-9f3d-067094d13edf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordfence/" + google-query: inurl:"/wp-content/plugins/wordfence/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordfence,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordfence/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordfence" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordfence-2be64cfcc4c65cd88d9acc6ffb63f29d.yaml b/nuclei-templates/cve-less/plugins/wordfence-2be64cfcc4c65cd88d9acc6ffb63f29d.yaml new file mode 100644 index 0000000000..fc633a5c6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordfence-2be64cfcc4c65cd88d9acc6ffb63f29d.yaml @@ -0,0 +1,58 @@ +id: wordfence-2be64cfcc4c65cd88d9acc6ffb63f29d + +info: + name: > + Wordfence <= 5.1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b56dcd7-f261-42db-833d-5673c8805bb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordfence/" + google-query: inurl:"/wp-content/plugins/wordfence/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordfence,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordfence/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordfence" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordfence-aaccf9d8425eddd13e4ac4f8c70f1e50.yaml b/nuclei-templates/cve-less/plugins/wordfence-aaccf9d8425eddd13e4ac4f8c70f1e50.yaml new file mode 100644 index 0000000000..fcaa69b87a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordfence-aaccf9d8425eddd13e4ac4f8c70f1e50.yaml @@ -0,0 +1,58 @@ +id: wordfence-aaccf9d8425eddd13e4ac4f8c70f1e50 + +info: + name: > + Wordfence Security – Firewall & Malware Scan <= 7.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/833eb481-4fb4-432e-8e93-3f497ccbf1eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordfence/" + google-query: inurl:"/wp-content/plugins/wordfence/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordfence,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordfence/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordfence" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordlift-4626cb693582f4ef4c3fd754ef5fda3a.yaml b/nuclei-templates/cve-less/plugins/wordlift-4626cb693582f4ef4c3fd754ef5fda3a.yaml new file mode 100644 index 0000000000..1debcf5006 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordlift-4626cb693582f4ef4c3fd754ef5fda3a.yaml @@ -0,0 +1,58 @@ +id: wordlift-4626cb693582f4ef4c3fd754ef5fda3a + +info: + name: > + Wordlift <= 3.37.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b644e61a-5842-43a6-9525-97e1339dcc94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordlift/" + google-query: inurl:"/wp-content/plugins/wordlift/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordlift,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordlift/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordlift" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.37.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-23-related-posts-plugin-0a3943b43f76d9a29800828b188b084b.yaml b/nuclei-templates/cve-less/plugins/wordpress-23-related-posts-plugin-0a3943b43f76d9a29800828b188b084b.yaml new file mode 100644 index 0000000000..21d5c8061f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-23-related-posts-plugin-0a3943b43f76d9a29800828b188b084b.yaml @@ -0,0 +1,58 @@ +id: wordpress-23-related-posts-plugin-0a3943b43f76d9a29800828b188b084b + +info: + name: > + Related Posts < 2.7.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ae3ad65-54d7-4ee0-894f-8ffd9fa8ac35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-23-related-posts-plugin/" + google-query: inurl:"/wp-content/plugins/wordpress-23-related-posts-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-23-related-posts-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-23-related-posts-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-23-related-posts-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-23-related-posts-plugin-c52e6603b19e1ddbfb9c023a9a70f51b.yaml b/nuclei-templates/cve-less/plugins/wordpress-23-related-posts-plugin-c52e6603b19e1ddbfb9c023a9a70f51b.yaml new file mode 100644 index 0000000000..5e88527162 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-23-related-posts-plugin-c52e6603b19e1ddbfb9c023a9a70f51b.yaml @@ -0,0 +1,58 @@ +id: wordpress-23-related-posts-plugin-c52e6603b19e1ddbfb9c023a9a70f51b + +info: + name: > + WordPress Related Posts <= 3.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c55792d6-3f31-4635-ad5c-17d03a5b2977?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-23-related-posts-plugin/" + google-query: inurl:"/wp-content/plugins/wordpress-23-related-posts-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-23-related-posts-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-23-related-posts-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-23-related-posts-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-access-control-6ab743a2d3b53689e8dd020c482ecaf3.yaml b/nuclei-templates/cve-less/plugins/wordpress-access-control-6ab743a2d3b53689e8dd020c482ecaf3.yaml new file mode 100644 index 0000000000..264ee963ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-access-control-6ab743a2d3b53689e8dd020c482ecaf3.yaml @@ -0,0 +1,58 @@ +id: wordpress-access-control-6ab743a2d3b53689e8dd020c482ecaf3 + +info: + name: > + WordPress Access Control <= 4.0.13 - Improper Access Control to Sensitive Information Exposure via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31f13524-2bd7-4157-b378-455ac4f822a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-access-control/" + google-query: inurl:"/wp-content/plugins/wordpress-access-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-access-control,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-access-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-access-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-admanager-8fd44c63d94c422a14e4d5e118df7d97.yaml b/nuclei-templates/cve-less/plugins/wordpress-admanager-8fd44c63d94c422a14e4d5e118df7d97.yaml new file mode 100644 index 0000000000..c110e9ae65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-admanager-8fd44c63d94c422a14e4d5e118df7d97.yaml @@ -0,0 +1,58 @@ +id: wordpress-admanager-8fd44c63d94c422a14e4d5e118df7d97 + +info: + name: > + Ad Manager <= 1.1.2 - Open Redirection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c19d9288-39b2-4db1-abc6-ba87f98fecad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-admanager/" + google-query: inurl:"/wp-content/plugins/wordpress-admanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-admanager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-admanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-admanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-backup-to-dropbox-5ae574c1617e1bfbc92584f8f9bebe8c.yaml b/nuclei-templates/cve-less/plugins/wordpress-backup-to-dropbox-5ae574c1617e1bfbc92584f8f9bebe8c.yaml new file mode 100644 index 0000000000..168aa71512 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-backup-to-dropbox-5ae574c1617e1bfbc92584f8f9bebe8c.yaml @@ -0,0 +1,58 @@ +id: wordpress-backup-to-dropbox-5ae574c1617e1bfbc92584f8f9bebe8c + +info: + name: > + WordPress Backup to Dropbox < 4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c10c2256-4ffd-489a-afae-b455bf45c3ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-backup-to-dropbox/" + google-query: inurl:"/wp-content/plugins/wordpress-backup-to-dropbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-backup-to-dropbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-backup-to-dropbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-backup-to-dropbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-console-97c1ceb18f16975e668ed8d0bd718768.yaml b/nuclei-templates/cve-less/plugins/wordpress-console-97c1ceb18f16975e668ed8d0bd718768.yaml new file mode 100644 index 0000000000..77d15269d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-console-97c1ceb18f16975e668ed8d0bd718768.yaml @@ -0,0 +1,58 @@ +id: wordpress-console-97c1ceb18f16975e668ed8d0bd718768 + +info: + name: > + WordPress Console <= 0.3.9 - Missing Authorization via reload.php + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd3cd605-6292-4a04-9aee-f4b9a8127e8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-console/" + google-query: inurl:"/wp-content/plugins/wordpress-console/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-console,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-console/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-console" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-countdown-widget-0c91dc81841b4946dcdd188b1f4f59d9.yaml b/nuclei-templates/cve-less/plugins/wordpress-countdown-widget-0c91dc81841b4946dcdd188b1f4f59d9.yaml new file mode 100644 index 0000000000..6bcd96304a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-countdown-widget-0c91dc81841b4946dcdd188b1f4f59d9.yaml @@ -0,0 +1,58 @@ +id: wordpress-countdown-widget-0c91dc81841b4946dcdd188b1f4f59d9 + +info: + name: > + WordPress Countdown Widget <= 3.1.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c79cbc1-4d8f-4330-b063-e5987238fca1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-countdown-widget/" + google-query: inurl:"/wp-content/plugins/wordpress-countdown-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-countdown-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-countdown-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-countdown-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-countdown-widget-475773ebaa71f55189abb950928342c8.yaml b/nuclei-templates/cve-less/plugins/wordpress-countdown-widget-475773ebaa71f55189abb950928342c8.yaml new file mode 100644 index 0000000000..da9f395f4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-countdown-widget-475773ebaa71f55189abb950928342c8.yaml @@ -0,0 +1,58 @@ +id: wordpress-countdown-widget-475773ebaa71f55189abb950928342c8 + +info: + name: > + WordPress Countdown Widget <= 3.1.9.1 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bd2ce54-9ccb-4943-a01a-c9e8c1ff2d0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-countdown-widget/" + google-query: inurl:"/wp-content/plugins/wordpress-countdown-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-countdown-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-countdown-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-countdown-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-country-selector-004a45b0040859f9d7a9047f0ccf10be.yaml b/nuclei-templates/cve-less/plugins/wordpress-country-selector-004a45b0040859f9d7a9047f0ccf10be.yaml new file mode 100644 index 0000000000..569198de65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-country-selector-004a45b0040859f9d7a9047f0ccf10be.yaml @@ -0,0 +1,58 @@ +id: wordpress-country-selector-004a45b0040859f9d7a9047f0ccf10be + +info: + name: > + WordPress Country Selector <= 1.6.5 - Reflected Cross-Site Scripting via AJAX call of check_country_selector + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef80a076-98cb-42c1-8d7d-0a6b38d7bfc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-country-selector/" + google-query: inurl:"/wp-content/plugins/wordpress-country-selector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-country-selector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-country-selector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-country-selector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-database-reset-93f8396aa2e225fac63eb4694d99073e.yaml b/nuclei-templates/cve-less/plugins/wordpress-database-reset-93f8396aa2e225fac63eb4694d99073e.yaml new file mode 100644 index 0000000000..4a12adb339 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-database-reset-93f8396aa2e225fac63eb4694d99073e.yaml @@ -0,0 +1,58 @@ +id: wordpress-database-reset-93f8396aa2e225fac63eb4694d99073e + +info: + name: > + WP Database Reset <= 3.1 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ca6605f-7c9c-43c7-ae32-ca1d781c1e86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-database-reset/" + google-query: inurl:"/wp-content/plugins/wordpress-database-reset/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-database-reset,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-database-reset/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-database-reset" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-database-reset-eb85d378289992deb2bdae8ab06df635.yaml b/nuclei-templates/cve-less/plugins/wordpress-database-reset-eb85d378289992deb2bdae8ab06df635.yaml new file mode 100644 index 0000000000..ed23313b65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-database-reset-eb85d378289992deb2bdae8ab06df635.yaml @@ -0,0 +1,58 @@ +id: wordpress-database-reset-eb85d378289992deb2bdae8ab06df635 + +info: + name: > + Database Reset <= 3.22 - Cross-Site Request Forgery to WP Reset Plugin Installation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e493cf-d022-404d-a501-a6671e6116f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-database-reset/" + google-query: inurl:"/wp-content/plugins/wordpress-database-reset/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-database-reset,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-database-reset/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-database-reset" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-database-reset-f4aa3f1d5ea67fd4f48e9da5d1dfcb26.yaml b/nuclei-templates/cve-less/plugins/wordpress-database-reset-f4aa3f1d5ea67fd4f48e9da5d1dfcb26.yaml new file mode 100644 index 0000000000..22c62034f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-database-reset-f4aa3f1d5ea67fd4f48e9da5d1dfcb26.yaml @@ -0,0 +1,58 @@ +id: wordpress-database-reset-f4aa3f1d5ea67fd4f48e9da5d1dfcb26 + +info: + name: > + WP Database Reset <= 3.1 - Unauthenticated Database Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a29aea7-9e22-4edb-80d9-266843a416a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-database-reset/" + google-query: inurl:"/wp-content/plugins/wordpress-database-reset/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-database-reset,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-database-reset/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-database-reset" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin-b86559278d78c8a80909bf3088ee795a.yaml b/nuclei-templates/cve-less/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin-b86559278d78c8a80909bf3088ee795a.yaml new file mode 100644 index 0000000000..9cc2e191ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin-b86559278d78c8a80909bf3088ee795a.yaml @@ -0,0 +1,58 @@ +id: wordpress-easy-paypal-payment-or-donation-accept-plugin-b86559278d78c8a80909bf3088ee795a + +info: + name: > + Easy Accept Payments <= 4.9.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd340ecc-d698-43e1-a15c-479088fb8cf4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/" + google-query: inurl:"/wp-content/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-easy-paypal-payment-or-donation-accept-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-easy-paypal-payment-or-donation-accept-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin-c10b1142778769e9493bfb35c88879e4.yaml b/nuclei-templates/cve-less/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin-c10b1142778769e9493bfb35c88879e4.yaml new file mode 100644 index 0000000000..252a9aadf0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin-c10b1142778769e9493bfb35c88879e4.yaml @@ -0,0 +1,58 @@ +id: wordpress-easy-paypal-payment-or-donation-accept-plugin-c10b1142778769e9493bfb35c88879e4 + +info: + name: > + Easy Accept Payments for PayPal <= 4.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1871009-8bf1-47a6-9fef-9ab2798b057c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/" + google-query: inurl:"/wp-content/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-easy-paypal-payment-or-donation-accept-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-easy-paypal-payment-or-donation-accept-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-easy-paypal-payment-or-donation-accept-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-exit-box-lite-31081287c88cb43d85e54ce23366ff88.yaml b/nuclei-templates/cve-less/plugins/wordpress-exit-box-lite-31081287c88cb43d85e54ce23366ff88.yaml new file mode 100644 index 0000000000..468a17391a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-exit-box-lite-31081287c88cb43d85e54ce23366ff88.yaml @@ -0,0 +1,58 @@ +id: wordpress-exit-box-lite-31081287c88cb43d85e54ce23366ff88 + +info: + name: > + WordPress Exit Box Lite <= 1.06 - Full Path Dislcosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1abf0bbd-c502-4db8-9e01-413517082dd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-exit-box-lite/" + google-query: inurl:"/wp-content/plugins/wordpress-exit-box-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-exit-box-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-exit-box-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-exit-box-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.06') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-exit-box-lite-3b6f736b0a47011b88af56143e4fb668.yaml b/nuclei-templates/cve-less/plugins/wordpress-exit-box-lite-3b6f736b0a47011b88af56143e4fb668.yaml new file mode 100644 index 0000000000..804563ff2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-exit-box-lite-3b6f736b0a47011b88af56143e4fb668.yaml @@ -0,0 +1,58 @@ +id: wordpress-exit-box-lite-3b6f736b0a47011b88af56143e4fb668 + +info: + name: > + WordPress Exit Box Lite <= 1.0.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c865d60-9e9f-450a-a3c4-43d991bf2478?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-exit-box-lite/" + google-query: inurl:"/wp-content/plugins/wordpress-exit-box-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-exit-box-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-exit-box-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-exit-box-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.06') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-feed-statistics-53e4fc6f46b4ed911de81fb486aade37.yaml b/nuclei-templates/cve-less/plugins/wordpress-feed-statistics-53e4fc6f46b4ed911de81fb486aade37.yaml new file mode 100644 index 0000000000..e8dfb38247 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-feed-statistics-53e4fc6f46b4ed911de81fb486aade37.yaml @@ -0,0 +1,58 @@ +id: wordpress-feed-statistics-53e4fc6f46b4ed911de81fb486aade37 + +info: + name: > + Feed Statistics <= 4.1 - Cross-Site Request Forgery via init + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5740c07-28b3-40ce-997e-e4ec76348cf4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-feed-statistics/" + google-query: inurl:"/wp-content/plugins/wordpress-feed-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-feed-statistics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-feed-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-feed-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-feed-statistics-de270735c8bc70be908d067be8516116.yaml b/nuclei-templates/cve-less/plugins/wordpress-feed-statistics-de270735c8bc70be908d067be8516116.yaml new file mode 100644 index 0000000000..ed3d8f9cb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-feed-statistics-de270735c8bc70be908d067be8516116.yaml @@ -0,0 +1,58 @@ +id: wordpress-feed-statistics-de270735c8bc70be908d067be8516116 + +info: + name: > + Feed Statistics < 4.0 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dca8f186-c58a-40bc-b1d1-b29bcf4631c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-feed-statistics/" + google-query: inurl:"/wp-content/plugins/wordpress-feed-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-feed-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-feed-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-feed-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-file-upload-pro-12fc948c06bbe2558fcf0a602f5f480e.yaml b/nuclei-templates/cve-less/plugins/wordpress-file-upload-pro-12fc948c06bbe2558fcf0a602f5f480e.yaml new file mode 100644 index 0000000000..059ba47a99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-file-upload-pro-12fc948c06bbe2558fcf0a602f5f480e.yaml @@ -0,0 +1,58 @@ +id: wordpress-file-upload-pro-12fc948c06bbe2558fcf0a602f5f480e + +info: + name: > + WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23334d94-e5b8-4c88-8765-02ad19e17248?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-file-upload-pro/" + google-query: inurl:"/wp-content/plugins/wordpress-file-upload-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-file-upload-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-file-upload-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-file-upload-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.19.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-file-upload-pro-6bee4ceb90dc1010814fe03431f27200.yaml b/nuclei-templates/cve-less/plugins/wordpress-file-upload-pro-6bee4ceb90dc1010814fe03431f27200.yaml new file mode 100644 index 0000000000..f9da0ce391 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-file-upload-pro-6bee4ceb90dc1010814fe03431f27200.yaml @@ -0,0 +1,58 @@ +id: wordpress-file-upload-pro-6bee4ceb90dc1010814fe03431f27200 + +info: + name: > + WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abd6eeac-0a7e-4762-809f-593cd85f303d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-file-upload-pro/" + google-query: inurl:"/wp-content/plugins/wordpress-file-upload-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-file-upload-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-file-upload-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-file-upload-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.19.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-file-upload-pro-7723e642214a4cc19dd0a90f922c5611.yaml b/nuclei-templates/cve-less/plugins/wordpress-file-upload-pro-7723e642214a4cc19dd0a90f922c5611.yaml new file mode 100644 index 0000000000..698e49640e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-file-upload-pro-7723e642214a4cc19dd0a90f922c5611.yaml @@ -0,0 +1,58 @@ +id: wordpress-file-upload-pro-7723e642214a4cc19dd0a90f922c5611 + +info: + name: > + WordPress File Upload / WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9cc0348-396e-4be1-92f5-851d20804ef5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-file-upload-pro/" + google-query: inurl:"/wp-content/plugins/wordpress-file-upload-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-file-upload-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-file-upload-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-file-upload-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.16.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-flash-uploader-c25ccd4ececc7e49a3a30276bcef3c5c.yaml b/nuclei-templates/cve-less/plugins/wordpress-flash-uploader-c25ccd4ececc7e49a3a30276bcef3c5c.yaml new file mode 100644 index 0000000000..0e5b7870f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-flash-uploader-c25ccd4ececc7e49a3a30276bcef3c5c.yaml @@ -0,0 +1,58 @@ +id: wordpress-flash-uploader-c25ccd4ececc7e49a3a30276bcef3c5c + +info: + name: > + Flash Uploader <= 3.1.2 - Arbitrary Command Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1388322-d935-4101-a6c4-a7c99228ddec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-flash-uploader/" + google-query: inurl:"/wp-content/plugins/wordpress-flash-uploader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-flash-uploader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-flash-uploader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-flash-uploader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-form-manager-19a0491cf914c310a86ae542abd14b9a.yaml b/nuclei-templates/cve-less/plugins/wordpress-form-manager-19a0491cf914c310a86ae542abd14b9a.yaml new file mode 100644 index 0000000000..74fa4103fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-form-manager-19a0491cf914c310a86ae542abd14b9a.yaml @@ -0,0 +1,58 @@ +id: wordpress-form-manager-19a0491cf914c310a86ae542abd14b9a + +info: + name: > + Form Manager <= 1.7.2 - Authenticated Remote Command Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f033d5d-d76b-4c63-80bc-32fdd0e7987e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-form-manager/" + google-query: inurl:"/wp-content/plugins/wordpress-form-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-form-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-form-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-form-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-gallery-plugin-757461bd55fd10188ca28b32819858c1.yaml b/nuclei-templates/cve-less/plugins/wordpress-gallery-plugin-757461bd55fd10188ca28b32819858c1.yaml new file mode 100644 index 0000000000..01a04e450b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-gallery-plugin-757461bd55fd10188ca28b32819858c1.yaml @@ -0,0 +1,58 @@ +id: wordpress-gallery-plugin-757461bd55fd10188ca28b32819858c1 + +info: + name: > + WordPress Gallery Plugin <= 1.4 - Unauthenticated Remote File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1374b266-4b20-4706-a4d2-482122964693?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-gallery-plugin/" + google-query: inurl:"/wp-content/plugins/wordpress-gallery-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-gallery-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-gallery-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-gallery-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-gallery-transformation-352ac8649ed0ca01e334a505a5c69503.yaml b/nuclei-templates/cve-less/plugins/wordpress-gallery-transformation-352ac8649ed0ca01e334a505a5c69503.yaml new file mode 100644 index 0000000000..9436be1fc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-gallery-transformation-352ac8649ed0ca01e334a505a5c69503.yaml @@ -0,0 +1,58 @@ +id: wordpress-gallery-transformation-352ac8649ed0ca01e334a505a5c69503 + +info: + name: > + WordPress Gallery Transforation < 0.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35b74f5b-f088-4307-81ba-2c379754c4a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-gallery-transformation/" + google-query: inurl:"/wp-content/plugins/wordpress-gallery-transformation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-gallery-transformation,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-gallery-transformation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-gallery-transformation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-gdpr-8d35451021499279a9a8ae84e508d492.yaml b/nuclei-templates/cve-less/plugins/wordpress-gdpr-8d35451021499279a9a8ae84e508d492.yaml new file mode 100644 index 0000000000..ebe1630946 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-gdpr-8d35451021499279a9a8ae84e508d492.yaml @@ -0,0 +1,58 @@ +id: wordpress-gdpr-8d35451021499279a9a8ae84e508d492 + +info: + name: > + WordPress GDPR & CCPA < 1.9.26 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe023bc0-11b9-4520-874a-4656f633d4ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-gdpr/" + google-query: inurl:"/wp-content/plugins/wordpress-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-gdpr-fcc5426738caa36fef03b50110efc0b4.yaml b/nuclei-templates/cve-less/plugins/wordpress-gdpr-fcc5426738caa36fef03b50110efc0b4.yaml new file mode 100644 index 0000000000..0536897e34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-gdpr-fcc5426738caa36fef03b50110efc0b4.yaml @@ -0,0 +1,58 @@ +id: wordpress-gdpr-fcc5426738caa36fef03b50110efc0b4 + +info: + name: > + WordPress GDPR & CCPA <= 1.9.26 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e91f4af-7ac6-4c85-bbf4-ac06d516a570?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-gdpr/" + google-query: inurl:"/wp-content/plugins/wordpress-gdpr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-gdpr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-gdpr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-gdpr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-instagram-feed-81a1379b5306a9cfccfcaaf08bd3abdb.yaml b/nuclei-templates/cve-less/plugins/wordpress-instagram-feed-81a1379b5306a9cfccfcaaf08bd3abdb.yaml new file mode 100644 index 0000000000..dfbfd29092 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-instagram-feed-81a1379b5306a9cfccfcaaf08bd3abdb.yaml @@ -0,0 +1,58 @@ +id: wordpress-instagram-feed-81a1379b5306a9cfccfcaaf08bd3abdb + +info: + name: > + WD Instagram Feed Premium <= 1.3.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a2c11bb-88cb-43ae-b9b7-5b6262a315e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-instagram-feed/" + google-query: inurl:"/wp-content/plugins/wordpress-instagram-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-instagram-feed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-instagram-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-instagram-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-language-a96c597219ed29fc68772417c5a3093c.yaml b/nuclei-templates/cve-less/plugins/wordpress-language-a96c597219ed29fc68772417c5a3093c.yaml new file mode 100644 index 0000000000..b0447b2fa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-language-a96c597219ed29fc68772417c5a3093c.yaml @@ -0,0 +1,58 @@ +id: wordpress-language-a96c597219ed29fc68772417c5a3093c + +info: + name: > + Language <= 1.2.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11fc48b0-cee2-4392-866b-5c0f366e5d98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-language/" + google-query: inurl:"/wp-content/plugins/wordpress-language/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-language,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-language/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-language" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-member-private-conversation-06202f5e4de9fb07c515215afeba85ee.yaml b/nuclei-templates/cve-less/plugins/wordpress-member-private-conversation-06202f5e4de9fb07c515215afeba85ee.yaml new file mode 100644 index 0000000000..3bf0b45a83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-member-private-conversation-06202f5e4de9fb07c515215afeba85ee.yaml @@ -0,0 +1,58 @@ +id: wordpress-member-private-conversation-06202f5e4de9fb07c515215afeba85ee + +info: + name: > + Nmedia WordPress Member Conversation < 1.4 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9b67fc9-87a2-4bd6-a45b-fdfe43ce7ed8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-member-private-conversation/" + google-query: inurl:"/wp-content/plugins/wordpress-member-private-conversation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-member-private-conversation,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-member-private-conversation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-member-private-conversation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-meta-robots-f1ed96d1b2d98c3026e1dd704ae2087a.yaml b/nuclei-templates/cve-less/plugins/wordpress-meta-robots-f1ed96d1b2d98c3026e1dd704ae2087a.yaml new file mode 100644 index 0000000000..fa9840c3c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-meta-robots-f1ed96d1b2d98c3026e1dd704ae2087a.yaml @@ -0,0 +1,58 @@ +id: wordpress-meta-robots-f1ed96d1b2d98c3026e1dd704ae2087a + +info: + name: > + WordPress Meta Robots <= 2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/974b9211-04e4-4309-8a7b-aeccc5b55ce7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-meta-robots/" + google-query: inurl:"/wp-content/plugins/wordpress-meta-robots/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-meta-robots,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-meta-robots/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-meta-robots" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-mobile-pack-6e0d2cdfe1ad1668438fc68f481cce1d.yaml b/nuclei-templates/cve-less/plugins/wordpress-mobile-pack-6e0d2cdfe1ad1668438fc68f481cce1d.yaml new file mode 100644 index 0000000000..d49f43e3a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-mobile-pack-6e0d2cdfe1ad1668438fc68f481cce1d.yaml @@ -0,0 +1,58 @@ +id: wordpress-mobile-pack-6e0d2cdfe1ad1668438fc68f481cce1d + +info: + name: > + WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps < 2.1.3 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32594284-a7ed-4f43-b0cf-dc0e561768c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-mobile-pack/" + google-query: inurl:"/wp-content/plugins/wordpress-mobile-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-mobile-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-mobile-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-mobile-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-mobile-pack-860afca6e31101e845f00131fa4002f8.yaml b/nuclei-templates/cve-less/plugins/wordpress-mobile-pack-860afca6e31101e845f00131fa4002f8.yaml new file mode 100644 index 0000000000..d594a4b941 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-mobile-pack-860afca6e31101e845f00131fa4002f8.yaml @@ -0,0 +1,58 @@ +id: wordpress-mobile-pack-860afca6e31101e845f00131fa4002f8 + +info: + name: > + WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps < 2.0.2 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb6bbbbb-b201-4fd5-8ee1-2369fb27070f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-mobile-pack/" + google-query: inurl:"/wp-content/plugins/wordpress-mobile-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-mobile-pack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-mobile-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-mobile-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-mobile-pack-961d82f12e20011650e9c4bbef7df9eb.yaml b/nuclei-templates/cve-less/plugins/wordpress-mobile-pack-961d82f12e20011650e9c4bbef7df9eb.yaml new file mode 100644 index 0000000000..ba0e88e485 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-mobile-pack-961d82f12e20011650e9c4bbef7df9eb.yaml @@ -0,0 +1,58 @@ +id: wordpress-mobile-pack-961d82f12e20011650e9c4bbef7df9eb + +info: + name: > + WordPress Mobile Pack <= 3.4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f545c20-5be1-42bc-9268-640590ee4bf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-mobile-pack/" + google-query: inurl:"/wp-content/plugins/wordpress-mobile-pack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-mobile-pack,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-mobile-pack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-mobile-pack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-multisite-user-sync-438cf6d09d279a07d988d54f0a418a95.yaml b/nuclei-templates/cve-less/plugins/wordpress-multisite-user-sync-438cf6d09d279a07d988d54f0a418a95.yaml new file mode 100644 index 0000000000..4384794023 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-multisite-user-sync-438cf6d09d279a07d988d54f0a418a95.yaml @@ -0,0 +1,58 @@ +id: wordpress-multisite-user-sync-438cf6d09d279a07d988d54f0a418a95 + +info: + name: > + WordPress Multisite User Sync/Unsync (Premium) <= 2.1.1 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c6e444a-3737-46ab-b5e8-b0c1f215050a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-multisite-user-sync/" + google-query: inurl:"/wp-content/plugins/wordpress-multisite-user-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-multisite-user-sync,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-multisite-user-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-multisite-user-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-nextgen-galleryview-64d1005014509c77d54b45b09764489b.yaml b/nuclei-templates/cve-less/plugins/wordpress-nextgen-galleryview-64d1005014509c77d54b45b09764489b.yaml new file mode 100644 index 0000000000..9217ed7e55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-nextgen-galleryview-64d1005014509c77d54b45b09764489b.yaml @@ -0,0 +1,58 @@ +id: wordpress-nextgen-galleryview-64d1005014509c77d54b45b09764489b + +info: + name: > + NextGen GalleryView <= 0.5.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/052ea3af-96d8-4e83-b4e7-3db30b556d0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-nextgen-galleryview/" + google-query: inurl:"/wp-content/plugins/wordpress-nextgen-galleryview/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-nextgen-galleryview,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-nextgen-galleryview/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-nextgen-galleryview" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-nextgen-galleryview-8517e4991bb30bbf1e9448cc624f7284.yaml b/nuclei-templates/cve-less/plugins/wordpress-nextgen-galleryview-8517e4991bb30bbf1e9448cc624f7284.yaml new file mode 100644 index 0000000000..265ceb97bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-nextgen-galleryview-8517e4991bb30bbf1e9448cc624f7284.yaml @@ -0,0 +1,58 @@ +id: wordpress-nextgen-galleryview-8517e4991bb30bbf1e9448cc624f7284 + +info: + name: > + NextGen GalleryView <= 0.5.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/043ed446-3af3-4d90-8da7-b1fe73e06bba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-nextgen-galleryview/" + google-query: inurl:"/wp-content/plugins/wordpress-nextgen-galleryview/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-nextgen-galleryview,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-nextgen-galleryview/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-nextgen-galleryview" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-ping-optimizer-2760701a1ef8db138bc19b206575f1f8.yaml b/nuclei-templates/cve-less/plugins/wordpress-ping-optimizer-2760701a1ef8db138bc19b206575f1f8.yaml new file mode 100644 index 0000000000..b495912115 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-ping-optimizer-2760701a1ef8db138bc19b206575f1f8.yaml @@ -0,0 +1,58 @@ +id: wordpress-ping-optimizer-2760701a1ef8db138bc19b206575f1f8 + +info: + name: > + WordPress Ping Optimizer <= 2.35.1.3.0 - Cross-Site Request Forgery to Log Clearing + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e93072c-eb0c-46a7-8ed7-7f48916dab50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-ping-optimizer/" + google-query: inurl:"/wp-content/plugins/wordpress-ping-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-ping-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-ping-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-ping-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.35.1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-ping-optimizer-6b5c7dbafc7933afc0d5047343324578.yaml b/nuclei-templates/cve-less/plugins/wordpress-ping-optimizer-6b5c7dbafc7933afc0d5047343324578.yaml new file mode 100644 index 0000000000..ee1e41d7a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-ping-optimizer-6b5c7dbafc7933afc0d5047343324578.yaml @@ -0,0 +1,58 @@ +id: wordpress-ping-optimizer-6b5c7dbafc7933afc0d5047343324578 + +info: + name: > + WordPress Ping Optimizer <= 2.35.1.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f9ce7a1-3e90-4b98-9fc2-4fcd37d332ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-ping-optimizer/" + google-query: inurl:"/wp-content/plugins/wordpress-ping-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-ping-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-ping-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-ping-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.35.1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-plugin-for-simple-google-adsense-insertion-1bd642d2e3ff9973b88e9924e704fbb7.yaml b/nuclei-templates/cve-less/plugins/wordpress-plugin-for-simple-google-adsense-insertion-1bd642d2e3ff9973b88e9924e704fbb7.yaml new file mode 100644 index 0000000000..28c927a094 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-plugin-for-simple-google-adsense-insertion-1bd642d2e3ff9973b88e9924e704fbb7.yaml @@ -0,0 +1,58 @@ +id: wordpress-plugin-for-simple-google-adsense-insertion-1bd642d2e3ff9973b88e9924e704fbb7 + +info: + name: > + WP Simple Adsense Insertion <= 2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08e7125a-0fab-4a4c-8428-127f71847810?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-plugin-for-simple-google-adsense-insertion/" + google-query: inurl:"/wp-content/plugins/wordpress-plugin-for-simple-google-adsense-insertion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-plugin-for-simple-google-adsense-insertion,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-plugin-for-simple-google-adsense-insertion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-plugin-for-simple-google-adsense-insertion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-popular-posts-05a7a0498d570dab847e4a9ab6951cdd.yaml b/nuclei-templates/cve-less/plugins/wordpress-popular-posts-05a7a0498d570dab847e4a9ab6951cdd.yaml new file mode 100644 index 0000000000..027044cfcf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-popular-posts-05a7a0498d570dab847e4a9ab6951cdd.yaml @@ -0,0 +1,58 @@ +id: wordpress-popular-posts-05a7a0498d570dab847e4a9ab6951cdd + +info: + name: > + WordPress Popular Posts <= 5.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9012824-7221-4b93-a5fb-65caf7994e92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-popular-posts/" + google-query: inurl:"/wp-content/plugins/wordpress-popular-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-popular-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-popular-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-popular-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-popular-posts-178d99b6f6579f15b7e84dce26c43816.yaml b/nuclei-templates/cve-less/plugins/wordpress-popular-posts-178d99b6f6579f15b7e84dce26c43816.yaml new file mode 100644 index 0000000000..b71fa1cb41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-popular-posts-178d99b6f6579f15b7e84dce26c43816.yaml @@ -0,0 +1,58 @@ +id: wordpress-popular-posts-178d99b6f6579f15b7e84dce26c43816 + +info: + name: > + WordPress Popular Posts <= 5.3.2 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47d4cf6a-400f-4001-95de-f93e574bb2ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-popular-posts/" + google-query: inurl:"/wp-content/plugins/wordpress-popular-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-popular-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-popular-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-popular-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-popular-posts-93d2bfa4a5e5debcba57e4ef188367d5.yaml b/nuclei-templates/cve-less/plugins/wordpress-popular-posts-93d2bfa4a5e5debcba57e4ef188367d5.yaml new file mode 100644 index 0000000000..7e09625472 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-popular-posts-93d2bfa4a5e5debcba57e4ef188367d5.yaml @@ -0,0 +1,58 @@ +id: wordpress-popular-posts-93d2bfa4a5e5debcba57e4ef188367d5 + +info: + name: > + WordPress Popular Posts <= 6.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a91e8713-a760-4acd-9987-2a6b11dbdd56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-popular-posts/" + google-query: inurl:"/wp-content/plugins/wordpress-popular-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-popular-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-popular-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-popular-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-popular-posts-9912c297cff35bf8bf01c7b24d0db7f5.yaml b/nuclei-templates/cve-less/plugins/wordpress-popular-posts-9912c297cff35bf8bf01c7b24d0db7f5.yaml new file mode 100644 index 0000000000..8d67bc307f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-popular-posts-9912c297cff35bf8bf01c7b24d0db7f5.yaml @@ -0,0 +1,58 @@ +id: wordpress-popular-posts-9912c297cff35bf8bf01c7b24d0db7f5 + +info: + name: > + WordPress Popular Posts <= 5.3.2 - Authenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb37b784-b1ff-4cee-889d-751218e5b95d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-popular-posts/" + google-query: inurl:"/wp-content/plugins/wordpress-popular-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-popular-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-popular-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-popular-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-popular-posts-c4493263837f30eb253dcd6ff28e47dc.yaml b/nuclei-templates/cve-less/plugins/wordpress-popular-posts-c4493263837f30eb253dcd6ff28e47dc.yaml new file mode 100644 index 0000000000..82caccf392 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-popular-posts-c4493263837f30eb253dcd6ff28e47dc.yaml @@ -0,0 +1,58 @@ +id: wordpress-popular-posts-c4493263837f30eb253dcd6ff28e47dc + +info: + name: > + WordPress Popular Posts <= 6.0.5 - Unauthenticated Views Changes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f42b3fc-cb2a-4e95-a55b-608ae64d8b58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-popular-posts/" + google-query: inurl:"/wp-content/plugins/wordpress-popular-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-popular-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-popular-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-popular-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-popup-a5647b646e9ca22a1d24f5022994a6b7.yaml b/nuclei-templates/cve-less/plugins/wordpress-popup-a5647b646e9ca22a1d24f5022994a6b7.yaml new file mode 100644 index 0000000000..9028d37e42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-popup-a5647b646e9ca22a1d24f5022994a6b7.yaml @@ -0,0 +1,58 @@ +id: wordpress-popup-a5647b646e9ca22a1d24f5022994a6b7 + +info: + name: > + Hustle <= 6.0.7 - Unauthenticated CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57d0991b-f10e-4ab8-a8a2-55bf708eefee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-popup/" + google-query: inurl:"/wp-content/plugins/wordpress-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-popup-a9d45b4a14ad045ecea1bcd26aa66e30.yaml b/nuclei-templates/cve-less/plugins/wordpress-popup-a9d45b4a14ad045ecea1bcd26aa66e30.yaml new file mode 100644 index 0000000000..ff8af1938c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-popup-a9d45b4a14ad045ecea1bcd26aa66e30.yaml @@ -0,0 +1,58 @@ +id: wordpress-popup-a9d45b4a14ad045ecea1bcd26aa66e30 + +info: + name: > + Hustle <= 7.8.3 - Sensitive Information Exposure via Exposed Hubspot API Keys + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-popup/" + google-query: inurl:"/wp-content/plugins/wordpress-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-processing-embed-336c529affe134c8a71f1e7879ec0dcb.yaml b/nuclei-templates/cve-less/plugins/wordpress-processing-embed-336c529affe134c8a71f1e7879ec0dcb.yaml new file mode 100644 index 0000000000..862e9d7652 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-processing-embed-336c529affe134c8a71f1e7879ec0dcb.yaml @@ -0,0 +1,58 @@ +id: wordpress-processing-embed-336c529affe134c8a71f1e7879ec0dcb + +info: + name: > + WordPress Processing Embed <= 0.5.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cc196c8-1f8f-4ddd-9f27-45d318895b91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-processing-embed/" + google-query: inurl:"/wp-content/plugins/wordpress-processing-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-processing-embed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-processing-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-processing-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-sentinel-3d4fded5713d977453c4246e8903bc20.yaml b/nuclei-templates/cve-less/plugins/wordpress-sentinel-3d4fded5713d977453c4246e8903bc20.yaml new file mode 100644 index 0000000000..5a38d51756 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-sentinel-3d4fded5713d977453c4246e8903bc20.yaml @@ -0,0 +1,58 @@ +id: wordpress-sentinel-3d4fded5713d977453c4246e8903bc20 + +info: + name: > + WordPress Sentinel <= 1.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2642726-a878-46d1-9c17-a4c8f4d5e315?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-sentinel/" + google-query: inurl:"/wp-content/plugins/wordpress-sentinel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-sentinel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-sentinel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-sentinel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-sentinel-909fb52910e98c1692077a1c3b14b033.yaml b/nuclei-templates/cve-less/plugins/wordpress-sentinel-909fb52910e98c1692077a1c3b14b033.yaml new file mode 100644 index 0000000000..84ce5656e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-sentinel-909fb52910e98c1692077a1c3b14b033.yaml @@ -0,0 +1,58 @@ +id: wordpress-sentinel-909fb52910e98c1692077a1c3b14b033 + +info: + name: > + WordPress Sentinel < 1.0.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c16b6a15-9f15-44a6-8663-201f64af81cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-sentinel/" + google-query: inurl:"/wp-content/plugins/wordpress-sentinel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-sentinel,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-sentinel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-sentinel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-sentinel-aeea609833832e1baa1f0bd27367ec6d.yaml b/nuclei-templates/cve-less/plugins/wordpress-sentinel-aeea609833832e1baa1f0bd27367ec6d.yaml new file mode 100644 index 0000000000..67910acf61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-sentinel-aeea609833832e1baa1f0bd27367ec6d.yaml @@ -0,0 +1,58 @@ +id: wordpress-sentinel-aeea609833832e1baa1f0bd27367ec6d + +info: + name: > + WordPress Sentinel <= 1.0.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a691a44d-0a33-4f13-9afe-255c557ee10f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-sentinel/" + google-query: inurl:"/wp-content/plugins/wordpress-sentinel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-sentinel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-sentinel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-sentinel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-0cab757218d53679bf548112d251d15c.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-0cab757218d53679bf548112d251d15c.yaml new file mode 100644 index 0000000000..d4bae013ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-seo-0cab757218d53679bf548112d251d15c.yaml @@ -0,0 +1,58 @@ +id: wordpress-seo-0cab757218d53679bf548112d251d15c + +info: + name: > + Yoast SEO <= 1.7.3.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc7d0124-9ddd-4f88-bffd-e09e10137a3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-seo/" + google-query: inurl:"/wp-content/plugins/wordpress-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.7', '<= 1.7.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-3bbe5a341cf1e072236bafa671320c7b.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-3bbe5a341cf1e072236bafa671320c7b.yaml new file mode 100644 index 0000000000..c85854b83c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-seo-3bbe5a341cf1e072236bafa671320c7b.yaml @@ -0,0 +1,58 @@ +id: wordpress-seo-3bbe5a341cf1e072236bafa671320c7b + +info: + name: > + Yoast SEO <= 22.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e04b161-3cd0-454d-869c-56f42bd8afb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-seo/" + google-query: inurl:"/wp-content/plugins/wordpress-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 22.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-3ea36d65c6ea5b35072fe01e09307dfa.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-3ea36d65c6ea5b35072fe01e09307dfa.yaml new file mode 100644 index 0000000000..f8a424f860 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-seo-3ea36d65c6ea5b35072fe01e09307dfa.yaml @@ -0,0 +1,58 @@ +id: wordpress-seo-3ea36d65c6ea5b35072fe01e09307dfa + +info: + name: > + Yoast SEO <= 9.1.0 - Race Condition to Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8b62157-8c32-462f-aba7-dab137f98f32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-seo/" + google-query: inurl:"/wp-content/plugins/wordpress-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-seo,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-4a0b4f088a324947da6aaf5af5ea450e.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-4a0b4f088a324947da6aaf5af5ea450e.yaml new file mode 100644 index 0000000000..fadaf99af6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-seo-4a0b4f088a324947da6aaf5af5ea450e.yaml @@ -0,0 +1,58 @@ +id: wordpress-seo-4a0b4f088a324947da6aaf5af5ea450e + +info: + name: > + Yoast SEO <= 1.7.3.3 - Blind SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddf4ec13-bca3-4994-9e11-11fbbead371a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-seo/" + google-query: inurl:"/wp-content/plugins/wordpress-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-seo,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.7', '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-5e0b93fe3a022a24343b38fe5a2f7283.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-5e0b93fe3a022a24343b38fe5a2f7283.yaml new file mode 100644 index 0000000000..530ea58fd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-seo-5e0b93fe3a022a24343b38fe5a2f7283.yaml @@ -0,0 +1,58 @@ +id: wordpress-seo-5e0b93fe3a022a24343b38fe5a2f7283 + +info: + name: > + Yoast SEO <= 3.4.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cde6b5b-f760-467b-940f-06a1f983ddc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-seo/" + google-query: inurl:"/wp-content/plugins/wordpress-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-a3fa83da79405e5abf7cb2c0fd1ed37b.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-a3fa83da79405e5abf7cb2c0fd1ed37b.yaml new file mode 100644 index 0000000000..a9e369888f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-seo-a3fa83da79405e5abf7cb2c0fd1ed37b.yaml @@ -0,0 +1,58 @@ +id: wordpress-seo-a3fa83da79405e5abf7cb2c0fd1ed37b + +info: + name: > + Yoast SEO <= 21.0 - Authenticated (Seo Manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/385a82ff-50ad-4787-845b-fb5f639f6466?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-seo/" + google-query: inurl:"/wp-content/plugins/wordpress-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 21.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-c4ae1764980f5453e8096a0bd6623d73.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-c4ae1764980f5453e8096a0bd6623d73.yaml new file mode 100644 index 0000000000..19f683f5ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-seo-c4ae1764980f5453e8096a0bd6623d73.yaml @@ -0,0 +1,58 @@ +id: wordpress-seo-c4ae1764980f5453e8096a0bd6623d73 + +info: + name: > + Yoast SEO <= 2.1.1 - Cross Site Scripting via post_title parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4187f559-87ba-46ab-9b45-7a36dd98d71d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-seo/" + google-query: inurl:"/wp-content/plugins/wordpress-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-e132f1944facf59d50c4939f26f4d93f.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-e132f1944facf59d50c4939f26f4d93f.yaml new file mode 100644 index 0000000000..f7ce31f689 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-seo-e132f1944facf59d50c4939f26f4d93f.yaml @@ -0,0 +1,58 @@ +id: wordpress-seo-e132f1944facf59d50c4939f26f4d93f + +info: + name: > + Yoast SEO <= 5.7.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbc393a6-8357-47b2-9abd-aa611b09eb1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-seo/" + google-query: inurl:"/wp-content/plugins/wordpress-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-ec23ceaa5e6474fc50d6e6ec68c64eb6.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-ec23ceaa5e6474fc50d6e6ec68c64eb6.yaml new file mode 100644 index 0000000000..62c718448d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-seo-ec23ceaa5e6474fc50d6e6ec68c64eb6.yaml @@ -0,0 +1,58 @@ +id: wordpress-seo-ec23ceaa5e6474fc50d6e6ec68c64eb6 + +info: + name: > + Yoast SEO <= 17.2 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f162e046-a7d3-4f2c-899d-6c46cb92c8ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-seo/" + google-query: inurl:"/wp-content/plugins/wordpress-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 17.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-faaf1948155c5f302388ba2e8f465a89.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-faaf1948155c5f302388ba2e8f465a89.yaml new file mode 100644 index 0000000000..790ece13db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-seo-faaf1948155c5f302388ba2e8f465a89.yaml @@ -0,0 +1,58 @@ +id: wordpress-seo-faaf1948155c5f302388ba2e8f465a89 + +info: + name: > + Yoast SEO <= 11.5 - Authenticated Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69b173ec-f7e9-4473-9b85-9a204a51cdf5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-seo/" + google-query: inurl:"/wp-content/plugins/wordpress-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-seo-premium-4b1052f9f0f7a36afef9bbca9c94d0af.yaml b/nuclei-templates/cve-less/plugins/wordpress-seo-premium-4b1052f9f0f7a36afef9bbca9c94d0af.yaml new file mode 100644 index 0000000000..a3dd66221e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-seo-premium-4b1052f9f0f7a36afef9bbca9c94d0af.yaml @@ -0,0 +1,58 @@ +id: wordpress-seo-premium-4b1052f9f0f7a36afef9bbca9c94d0af + +info: + name: > + Yoast SEO Premium <= 20.4 - Missing Authorization to Zapier Key Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c54770f1-1409-4208-a4ab-0ff3dbc3835d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-seo-premium/" + google-query: inurl:"/wp-content/plugins/wordpress-seo-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-seo-premium,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-seo-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-seo-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 20.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-02744bc958048e60b6fe8becee3f2311.yaml b/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-02744bc958048e60b6fe8becee3f2311.yaml new file mode 100644 index 0000000000..0868256849 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-02744bc958048e60b6fe8becee3f2311.yaml @@ -0,0 +1,58 @@ +id: wordpress-simple-paypal-shopping-cart-02744bc958048e60b6fe8becee3f2311 + +info: + name: > + WordPress Simple PayPal Shopping Cart <= 4.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63a9fd8b-c71a-4945-bc02-1761331df832?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-simple-paypal-shopping-cart/" + google-query: inurl:"/wp-content/plugins/wordpress-simple-paypal-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-simple-paypal-shopping-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-simple-paypal-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-simple-paypal-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-6b95e055e3edeffca7582f29e2098070.yaml b/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-6b95e055e3edeffca7582f29e2098070.yaml new file mode 100644 index 0000000000..e5451e10fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-6b95e055e3edeffca7582f29e2098070.yaml @@ -0,0 +1,58 @@ +id: wordpress-simple-paypal-shopping-cart-6b95e055e3edeffca7582f29e2098070 + +info: + name: > + WordPress Simple Shopping Cart <= 4.7.1 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6201a1-7ca9-461b-b9ad-16407120dfae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-simple-paypal-shopping-cart/" + google-query: inurl:"/wp-content/plugins/wordpress-simple-paypal-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-simple-paypal-shopping-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-simple-paypal-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-simple-paypal-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-9a4d0d65ff4983f3b672d24a253f60cd.yaml b/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-9a4d0d65ff4983f3b672d24a253f60cd.yaml new file mode 100644 index 0000000000..b5199d9325 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-9a4d0d65ff4983f3b672d24a253f60cd.yaml @@ -0,0 +1,58 @@ +id: wordpress-simple-paypal-shopping-cart-9a4d0d65ff4983f3b672d24a253f60cd + +info: + name: > + WP Simple Shopping Cart <= 4.6.3 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4453bc-557b-4abf-85c6-4aecfd8f4012?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-simple-paypal-shopping-cart/" + google-query: inurl:"/wp-content/plugins/wordpress-simple-paypal-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-simple-paypal-shopping-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-simple-paypal-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-simple-paypal-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-d8a3146b821fb343fd351d5a10339bc8.yaml b/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-d8a3146b821fb343fd351d5a10339bc8.yaml new file mode 100644 index 0000000000..0e3d286729 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-simple-paypal-shopping-cart-d8a3146b821fb343fd351d5a10339bc8.yaml @@ -0,0 +1,58 @@ +id: wordpress-simple-paypal-shopping-cart-d8a3146b821fb343fd351d5a10339bc8 + +info: + name: > + WordPress Simple PayPal Shopping Cart < 3.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4071c361-3a68-49b7-ac50-4b32e2e1c3ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-simple-paypal-shopping-cart/" + google-query: inurl:"/wp-content/plugins/wordpress-simple-paypal-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-simple-paypal-shopping-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-simple-paypal-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-simple-paypal-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-social-login-40cf6c93cbbc13dcb57a60ba2f57fb5f.yaml b/nuclei-templates/cve-less/plugins/wordpress-social-login-40cf6c93cbbc13dcb57a60ba2f57fb5f.yaml new file mode 100644 index 0000000000..72e97c5b88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-social-login-40cf6c93cbbc13dcb57a60ba2f57fb5f.yaml @@ -0,0 +1,58 @@ +id: wordpress-social-login-40cf6c93cbbc13dcb57a60ba2f57fb5f + +info: + name: > + WordPress Social Login <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b987822d-2b1b-4f79-988b-4bd731864b63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-social-login/" + google-query: inurl:"/wp-content/plugins/wordpress-social-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-social-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-social-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-social-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-social-login-710e5bb2b38338950e0e2ed07d09069e.yaml b/nuclei-templates/cve-less/plugins/wordpress-social-login-710e5bb2b38338950e0e2ed07d09069e.yaml new file mode 100644 index 0000000000..14efd1fb8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-social-login-710e5bb2b38338950e0e2ed07d09069e.yaml @@ -0,0 +1,58 @@ +id: wordpress-social-login-710e5bb2b38338950e0e2ed07d09069e + +info: + name: > + WordPress Social Login <= 3.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8b03deb-4134-4dde-8545-a14977a47209?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-social-login/" + google-query: inurl:"/wp-content/plugins/wordpress-social-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-social-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-social-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-social-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-social-login-adeb22f24ece0b4bc846eeeff12f100f.yaml b/nuclei-templates/cve-less/plugins/wordpress-social-login-adeb22f24ece0b4bc846eeeff12f100f.yaml new file mode 100644 index 0000000000..e499ec0a34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-social-login-adeb22f24ece0b4bc846eeeff12f100f.yaml @@ -0,0 +1,58 @@ +id: wordpress-social-login-adeb22f24ece0b4bc846eeeff12f100f + +info: + name: > + WordPress Social Login <= 3.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc2c3bdb-65b9-4e0b-899f-bd08077bc8ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-social-login/" + google-query: inurl:"/wp-content/plugins/wordpress-social-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-social-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-social-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-social-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-social-login-e0d816c541690f9c52144ee19295acfb.yaml b/nuclei-templates/cve-less/plugins/wordpress-social-login-e0d816c541690f9c52144ee19295acfb.yaml new file mode 100644 index 0000000000..32c2637193 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-social-login-e0d816c541690f9c52144ee19295acfb.yaml @@ -0,0 +1,58 @@ +id: wordpress-social-login-e0d816c541690f9c52144ee19295acfb + +info: + name: > + WordPress Social Login <= 2.1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13e77d77-8f09-4fb9-8ff9-a8e66afe0393?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-social-login/" + google-query: inurl:"/wp-content/plugins/wordpress-social-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-social-login,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-social-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-social-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-tabs-slides-b256004910fed4c7647ff561ae5de5c8.yaml b/nuclei-templates/cve-less/plugins/wordpress-tabs-slides-b256004910fed4c7647ff561ae5de5c8.yaml new file mode 100644 index 0000000000..d0db7d2942 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-tabs-slides-b256004910fed4c7647ff561ae5de5c8.yaml @@ -0,0 +1,58 @@ +id: wordpress-tabs-slides-b256004910fed4c7647ff561ae5de5c8 + +info: + name: > + WP Tabs Slides <= 2.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98ebcc70-58c3-4c9d-a1cd-776c159647ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-tabs-slides/" + google-query: inurl:"/wp-content/plugins/wordpress-tabs-slides/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-tabs-slides,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-tabs-slides/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-tabs-slides" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-toolbar-5d23bca1d1789e21db9aa8a0def5c93b.yaml b/nuclei-templates/cve-less/plugins/wordpress-toolbar-5d23bca1d1789e21db9aa8a0def5c93b.yaml new file mode 100644 index 0000000000..16fb6073da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-toolbar-5d23bca1d1789e21db9aa8a0def5c93b.yaml @@ -0,0 +1,58 @@ +id: wordpress-toolbar-5d23bca1d1789e21db9aa8a0def5c93b + +info: + name: > + WordPress Toolbar Plugin <= 2.2.6 - Open Redirect via wptbto + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e88a45e5-f882-419e-b0b0-612912666693?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-toolbar/" + google-query: inurl:"/wp-content/plugins/wordpress-toolbar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-toolbar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-toolbar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-toolbar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-tooltips-166d139550be5e578382c81fd839bb55.yaml b/nuclei-templates/cve-less/plugins/wordpress-tooltips-166d139550be5e578382c81fd839bb55.yaml new file mode 100644 index 0000000000..73c4458274 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-tooltips-166d139550be5e578382c81fd839bb55.yaml @@ -0,0 +1,58 @@ +id: wordpress-tooltips-166d139550be5e578382c81fd839bb55 + +info: + name: > + WordPress Tooltips <= 9.4.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fe28cf5-466d-4a28-b6bd-6d77c54b97f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-tooltips/" + google-query: inurl:"/wp-content/plugins/wordpress-tooltips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-tooltips,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-tooltips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-tooltips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-tooltips-68662c1466a6ef85961a45678881f8c7.yaml b/nuclei-templates/cve-less/plugins/wordpress-tooltips-68662c1466a6ef85961a45678881f8c7.yaml new file mode 100644 index 0000000000..73f74d895b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-tooltips-68662c1466a6ef85961a45678881f8c7.yaml @@ -0,0 +1,58 @@ +id: wordpress-tooltips-68662c1466a6ef85961a45678881f8c7 + +info: + name: > + WordPress Tooltips <= 8.2.5 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6b9e63f-0492-4d51-a8ae-0874ef57e852?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-tooltips/" + google-query: inurl:"/wp-content/plugins/wordpress-tooltips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-tooltips,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-tooltips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-tooltips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-tooltips-8904938c0e9840b0a2511b1de74ee529.yaml b/nuclei-templates/cve-less/plugins/wordpress-tooltips-8904938c0e9840b0a2511b1de74ee529.yaml new file mode 100644 index 0000000000..975296a8b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-tooltips-8904938c0e9840b0a2511b1de74ee529.yaml @@ -0,0 +1,58 @@ +id: wordpress-tooltips-8904938c0e9840b0a2511b1de74ee529 + +info: + name: > + WordPress Tooltips <= 9.4.3 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83189c51-2605-4808-a0fa-3e5245cc0806?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-tooltips/" + google-query: inurl:"/wp-content/plugins/wordpress-tooltips/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-tooltips,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-tooltips/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-tooltips" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-twitterbot-773ba4639bef3a2cc4abde5ded928895.yaml b/nuclei-templates/cve-less/plugins/wordpress-twitterbot-773ba4639bef3a2cc4abde5ded928895.yaml new file mode 100644 index 0000000000..fe6ad663d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-twitterbot-773ba4639bef3a2cc4abde5ded928895.yaml @@ -0,0 +1,58 @@ +id: wordpress-twitterbot-773ba4639bef3a2cc4abde5ded928895 + +info: + name: > + Marketing Twitter Bot <= 1.11 - Cross-Site Request Forgery to Settings Update and Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2795202-64e6-488b-a0e1-da2923f6f791?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-twitterbot/" + google-query: inurl:"/wp-content/plugins/wordpress-twitterbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-twitterbot,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-twitterbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-twitterbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-users-41da9a8fbffc2a03fc19ba494b850b3a.yaml b/nuclei-templates/cve-less/plugins/wordpress-users-41da9a8fbffc2a03fc19ba494b850b3a.yaml new file mode 100644 index 0000000000..5d3cb83562 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-users-41da9a8fbffc2a03fc19ba494b850b3a.yaml @@ -0,0 +1,58 @@ +id: wordpress-users-41da9a8fbffc2a03fc19ba494b850b3a + +info: + name: > + WordPress Users <= 1.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef8a43c7-f391-44fc-882c-26c1c8b5df78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-users/" + google-query: inurl:"/wp-content/plugins/wordpress-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-users,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-users-4944da448643beff513f9225eb7219f0.yaml b/nuclei-templates/cve-less/plugins/wordpress-users-4944da448643beff513f9225eb7219f0.yaml new file mode 100644 index 0000000000..227cae4d07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-users-4944da448643beff513f9225eb7219f0.yaml @@ -0,0 +1,58 @@ +id: wordpress-users-4944da448643beff513f9225eb7219f0 + +info: + name: > + WordPress Users <= 1.4 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c1a7bda-29c5-4b4b-bbd8-71187609892e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-users/" + google-query: inurl:"/wp-content/plugins/wordpress-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-users,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-whois-search-bd7b626f96c68af8d6a9ffc833f69a62.yaml b/nuclei-templates/cve-less/plugins/wordpress-whois-search-bd7b626f96c68af8d6a9ffc833f69a62.yaml new file mode 100644 index 0000000000..8ee8354b7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-whois-search-bd7b626f96c68af8d6a9ffc833f69a62.yaml @@ -0,0 +1,58 @@ +id: wordpress-whois-search-bd7b626f96c68af8d6a9ffc833f69a62 + +info: + name: > + WHOIS <= 1.4.2.2 - Reflected Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f625b10b-f104-49a8-9dbb-f880f5df8693?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-whois-search/" + google-query: inurl:"/wp-content/plugins/wordpress-whois-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-whois-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-whois-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-whois-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordpress-whois-search-e7674c99987b6c4c7435d1f976b8d7fb.yaml b/nuclei-templates/cve-less/plugins/wordpress-whois-search-e7674c99987b6c4c7435d1f976b8d7fb.yaml new file mode 100644 index 0000000000..9618331c6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordpress-whois-search-e7674c99987b6c4c7435d1f976b8d7fb.yaml @@ -0,0 +1,58 @@ +id: wordpress-whois-search-e7674c99987b6c4c7435d1f976b8d7fb + +info: + name: > + WHOIS <= 1.4.2.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c1dbd73-6ea6-4e9d-84e2-055ab9db5f4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordpress-whois-search/" + google-query: inurl:"/wp-content/plugins/wordpress-whois-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordpress-whois-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordpress-whois-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordpress-whois-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordprezi-a32e0707f724d294df7bedd19626586f.yaml b/nuclei-templates/cve-less/plugins/wordprezi-a32e0707f724d294df7bedd19626586f.yaml new file mode 100644 index 0000000000..9aba6bb286 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordprezi-a32e0707f724d294df7bedd19626586f.yaml @@ -0,0 +1,58 @@ +id: wordprezi-a32e0707f724d294df7bedd19626586f + +info: + name: > + WordPrezi <= 0.8.2 - Authenticated (Contributor+) Strored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f8e836e-c9af-4614-83b2-c15e77d51155?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordprezi/" + google-query: inurl:"/wp-content/plugins/wordprezi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordprezi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordprezi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordprezi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordspew-cd4550e19ad68ff40f21b1f3220a5912.yaml b/nuclei-templates/cve-less/plugins/wordspew-cd4550e19ad68ff40f21b1f3220a5912.yaml new file mode 100644 index 0000000000..289c2caf74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordspew-cd4550e19ad68ff40f21b1f3220a5912.yaml @@ -0,0 +1,58 @@ +id: wordspew-cd4550e19ad68ff40f21b1f3220a5912 + +info: + name: > + WordSpew <= 3.71 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8028b14b-8a41-4284-9560-4b8595e7eaa9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordspew/" + google-query: inurl:"/wp-content/plugins/wordspew/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordspew,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordspew/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordspew" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.71') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordthumb-b970262dad30a7d484efebc698a4fbb7.yaml b/nuclei-templates/cve-less/plugins/wordthumb-b970262dad30a7d484efebc698a4fbb7.yaml new file mode 100644 index 0000000000..e7bdd37ac6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordthumb-b970262dad30a7d484efebc698a4fbb7.yaml @@ -0,0 +1,58 @@ +id: wordthumb-b970262dad30a7d484efebc698a4fbb7 + +info: + name: > + TimThumb <= 2.8.13 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73776e0a-4d2a-44f9-97a2-f06055ce2c63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordthumb/" + google-query: inurl:"/wp-content/plugins/wordthumb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordthumb,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordthumb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordthumb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.07') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordtube-95162b6c7bf303f9400020b8a2a23185.yaml b/nuclei-templates/cve-less/plugins/wordtube-95162b6c7bf303f9400020b8a2a23185.yaml new file mode 100644 index 0000000000..6b0a21ccb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordtube-95162b6c7bf303f9400020b8a2a23185.yaml @@ -0,0 +1,58 @@ +id: wordtube-95162b6c7bf303f9400020b8a2a23185 + +info: + name: > + wordTube <= 1.43 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42ff1e17-ccc2-478b-a3b5-88e3bea28a5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordtube/" + google-query: inurl:"/wp-content/plugins/wordtube/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordtube,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordtube/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordtube" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.43') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wordtube-d61196f45e716711cfb53207a0939fc2.yaml b/nuclei-templates/cve-less/plugins/wordtube-d61196f45e716711cfb53207a0939fc2.yaml new file mode 100644 index 0000000000..7aa4679636 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wordtube-d61196f45e716711cfb53207a0939fc2.yaml @@ -0,0 +1,58 @@ +id: wordtube-d61196f45e716711cfb53207a0939fc2 + +info: + name: > + wordTube <= 1.43 - Directory Traversal and File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c652a98-2762-4ecf-8037-58377d6e1b5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wordtube/" + google-query: inurl:"/wp-content/plugins/wordtube/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wordtube,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wordtube/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wordtube" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.43') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/workscout-core-295565d6c00c49b75df12a1f75ae3147.yaml b/nuclei-templates/cve-less/plugins/workscout-core-295565d6c00c49b75df12a1f75ae3147.yaml new file mode 100644 index 0000000000..159f02744a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/workscout-core-295565d6c00c49b75df12a1f75ae3147.yaml @@ -0,0 +1,58 @@ +id: workscout-core-295565d6c00c49b75df12a1f75ae3147 + +info: + name: > + WorkScout - Job Board WordPress Theme <= 2.0.31 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3785938d-d55a-487d-8709-2d3bdd4b8c0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/workscout-core/" + google-query: inurl:"/wp-content/plugins/workscout-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,workscout-core,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/workscout-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "workscout-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/worth-the-read-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/worth-the-read-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..2a5956322d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/worth-the-read-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: worth-the-read-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/worth-the-read/" + google-query: inurl:"/wp-content/plugins/worth-the-read/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,worth-the-read,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/worth-the-read/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "worth-the-read" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wow-moodboard-lite-046715d681a1f3005e1ea96f6c71e30f.yaml b/nuclei-templates/cve-less/plugins/wow-moodboard-lite-046715d681a1f3005e1ea96f6c71e30f.yaml new file mode 100644 index 0000000000..f1bf5e2c7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wow-moodboard-lite-046715d681a1f3005e1ea96f6c71e30f.yaml @@ -0,0 +1,58 @@ +id: wow-moodboard-lite-046715d681a1f3005e1ea96f6c71e30f + +info: + name: > + Wow Moodboard Lite <= 1.1.1.1 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f815a4e5-cca2-4b86-96f4-ad956814d685?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wow-moodboard-lite/" + google-query: inurl:"/wp-content/plugins/wow-moodboard-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wow-moodboard-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wow-moodboard-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wow-moodboard-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-2fa-01aeea137ad62c07f9208d787662a3f3.yaml b/nuclei-templates/cve-less/plugins/wp-2fa-01aeea137ad62c07f9208d787662a3f3.yaml new file mode 100644 index 0000000000..3dff2450bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-2fa-01aeea137ad62c07f9208d787662a3f3.yaml @@ -0,0 +1,58 @@ +id: wp-2fa-01aeea137ad62c07f9208d787662a3f3 + +info: + name: > + WP 2FA <= 2.2.1 - Time-Based TOTP attack to Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d2ebbc4-dc8b-47e5-b8d9-758424de4426?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-2fa/" + google-query: inurl:"/wp-content/plugins/wp-2fa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-2fa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-2fa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-2fa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-2fa-2cdb07f7994925a2e6c4e7d56439a615.yaml b/nuclei-templates/cve-less/plugins/wp-2fa-2cdb07f7994925a2e6c4e7d56439a615.yaml new file mode 100644 index 0000000000..10d45b4476 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-2fa-2cdb07f7994925a2e6c4e7d56439a615.yaml @@ -0,0 +1,58 @@ +id: wp-2fa-2cdb07f7994925a2e6c4e7d56439a615 + +info: + name: > + WP 2FA – Two-factor authentication for WordPress <= 2.6.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8620d181-22f9-4054-9d5c-1b26a315d10c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-2fa/" + google-query: inurl:"/wp-content/plugins/wp-2fa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-2fa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-2fa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-2fa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-2fa-35260dcdba60bfeb24022f0e25251913.yaml b/nuclei-templates/cve-less/plugins/wp-2fa-35260dcdba60bfeb24022f0e25251913.yaml new file mode 100644 index 0000000000..aca4940896 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-2fa-35260dcdba60bfeb24022f0e25251913.yaml @@ -0,0 +1,58 @@ +id: wp-2fa-35260dcdba60bfeb24022f0e25251913 + +info: + name: > + WP 2FA – Two-factor authentication for WordPress <= 2.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0af451be-2477-453c-a230-7f3fb804398b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-2fa/" + google-query: inurl:"/wp-content/plugins/wp-2fa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-2fa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-2fa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-2fa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-2fa-4ff6298b795b2324bce636d08965d81d.yaml b/nuclei-templates/cve-less/plugins/wp-2fa-4ff6298b795b2324bce636d08965d81d.yaml new file mode 100644 index 0000000000..2e78d693b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-2fa-4ff6298b795b2324bce636d08965d81d.yaml @@ -0,0 +1,58 @@ +id: wp-2fa-4ff6298b795b2324bce636d08965d81d + +info: + name: > + WP 2FA – Two-factor authentication for WordPress <= 2.2.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c51a3f8-dee1-4744-8353-864312c89021?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-2fa/" + google-query: inurl:"/wp-content/plugins/wp-2fa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-2fa,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-2fa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-2fa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-2fa-681ba8b639ed4b20d46dc5044edc1ee3.yaml b/nuclei-templates/cve-less/plugins/wp-2fa-681ba8b639ed4b20d46dc5044edc1ee3.yaml new file mode 100644 index 0000000000..a1cc68d4ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-2fa-681ba8b639ed4b20d46dc5044edc1ee3.yaml @@ -0,0 +1,58 @@ +id: wp-2fa-681ba8b639ed4b20d46dc5044edc1ee3 + +info: + name: > + WP 2FA <= 2.5.0 - Insecure Direct Object Reference to Arbitrary Email Sending + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/caff9be6-4161-47a0-ba47-6c8fc0c4ab40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-2fa/" + google-query: inurl:"/wp-content/plugins/wp-2fa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-2fa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-2fa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-2fa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-2fa-c057e704d00bbfb4a8d170d3b72c040a.yaml b/nuclei-templates/cve-less/plugins/wp-2fa-c057e704d00bbfb4a8d170d3b72c040a.yaml new file mode 100644 index 0000000000..b4774b8e54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-2fa-c057e704d00bbfb4a8d170d3b72c040a.yaml @@ -0,0 +1,58 @@ +id: wp-2fa-c057e704d00bbfb4a8d170d3b72c040a + +info: + name: > + WP 2FA – Two-factor authentication for WordPress <= 2.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0feaff52-062f-45d3-bece-b2c78bdd720e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-2fa/" + google-query: inurl:"/wp-content/plugins/wp-2fa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-2fa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-2fa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-2fa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-3dbanner-rotator-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-3dbanner-rotator-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..5184587351 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-3dbanner-rotator-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-3dbanner-rotator-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-3dbanner-rotator/" + google-query: inurl:"/wp-content/plugins/wp-3dbanner-rotator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-3dbanner-rotator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-3dbanner-rotator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-3dbanner-rotator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-3dflick-slideshow-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-3dflick-slideshow-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..59be6856bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-3dflick-slideshow-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-3dflick-slideshow-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-3dflick-slideshow/" + google-query: inurl:"/wp-content/plugins/wp-3dflick-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-3dflick-slideshow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-3dflick-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-3dflick-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-404-auto-redirect-to-similar-post-aab17c6b24a2dfba03255d9a47e0c674.yaml b/nuclei-templates/cve-less/plugins/wp-404-auto-redirect-to-similar-post-aab17c6b24a2dfba03255d9a47e0c674.yaml new file mode 100644 index 0000000000..fc0cb74570 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-404-auto-redirect-to-similar-post-aab17c6b24a2dfba03255d9a47e0c674.yaml @@ -0,0 +1,58 @@ +id: wp-404-auto-redirect-to-similar-post-aab17c6b24a2dfba03255d9a47e0c674 + +info: + name: > + WP 404 Auto Redirect to Similar Post <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33166510-41b2-4e9a-8bd7-501235729346?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-404-auto-redirect-to-similar-post/" + google-query: inurl:"/wp-content/plugins/wp-404-auto-redirect-to-similar-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-404-auto-redirect-to-similar-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-404-auto-redirect-to-similar-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-404-auto-redirect-to-similar-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-404-auto-redirect-to-similar-post-bdbbe04b17b8a1ca6597cc1e008085c0.yaml b/nuclei-templates/cve-less/plugins/wp-404-auto-redirect-to-similar-post-bdbbe04b17b8a1ca6597cc1e008085c0.yaml new file mode 100644 index 0000000000..1414ae8a30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-404-auto-redirect-to-similar-post-bdbbe04b17b8a1ca6597cc1e008085c0.yaml @@ -0,0 +1,58 @@ +id: wp-404-auto-redirect-to-similar-post-bdbbe04b17b8a1ca6597cc1e008085c0 + +info: + name: > + WP 404 Auto Redirect to Similar Post <= 1.0.4 - Reflected Cross-Site Scripting via Debug Mode URI + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/297b9605-602f-458f-8b36-a184cdbd20df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-404-auto-redirect-to-similar-post/" + google-query: inurl:"/wp-content/plugins/wp-404-auto-redirect-to-similar-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-404-auto-redirect-to-similar-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-404-auto-redirect-to-similar-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-404-auto-redirect-to-similar-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-404-auto-redirect-to-similar-post-e213c95c0a4a994ef52b0b98d3d99e14.yaml b/nuclei-templates/cve-less/plugins/wp-404-auto-redirect-to-similar-post-e213c95c0a4a994ef52b0b98d3d99e14.yaml new file mode 100644 index 0000000000..284d399128 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-404-auto-redirect-to-similar-post-e213c95c0a4a994ef52b0b98d3d99e14.yaml @@ -0,0 +1,58 @@ +id: wp-404-auto-redirect-to-similar-post-e213c95c0a4a994ef52b0b98d3d99e14 + +info: + name: > + WP 404 Auto Redirect to Similar Post <= 1.0.3 - Reflected Cross-Site Scripting via request + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eef5549-3f89-4d6f-8c4e-6e4ee6082042?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-404-auto-redirect-to-similar-post/" + google-query: inurl:"/wp-content/plugins/wp-404-auto-redirect-to-similar-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-404-auto-redirect-to-similar-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-404-auto-redirect-to-similar-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-404-auto-redirect-to-similar-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-abstracts-manuscripts-manager-0f680b0fba849d5d9ea4bc12dadd3c2e.yaml b/nuclei-templates/cve-less/plugins/wp-abstracts-manuscripts-manager-0f680b0fba849d5d9ea4bc12dadd3c2e.yaml new file mode 100644 index 0000000000..bad8f4b88e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-abstracts-manuscripts-manager-0f680b0fba849d5d9ea4bc12dadd3c2e.yaml @@ -0,0 +1,58 @@ +id: wp-abstracts-manuscripts-manager-0f680b0fba849d5d9ea4bc12dadd3c2e + +info: + name: > + WP Abstracts <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba03ee30-6da7-42fc-9cc9-2408bfbb09ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-abstracts-manuscripts-manager/" + google-query: inurl:"/wp-content/plugins/wp-abstracts-manuscripts-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-abstracts-manuscripts-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-abstracts-manuscripts-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-abstracts-manuscripts-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-abstracts-manuscripts-manager-de1f04792375136ec89153b76014f079.yaml b/nuclei-templates/cve-less/plugins/wp-abstracts-manuscripts-manager-de1f04792375136ec89153b76014f079.yaml new file mode 100644 index 0000000000..0c77137745 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-abstracts-manuscripts-manager-de1f04792375136ec89153b76014f079.yaml @@ -0,0 +1,58 @@ +id: wp-abstracts-manuscripts-manager-de1f04792375136ec89153b76014f079 + +info: + name: > + WP Abstracts <= 2.6.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b74908-65ed-4b6f-856f-e95cfd64f998?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-abstracts-manuscripts-manager/" + google-query: inurl:"/wp-content/plugins/wp-abstracts-manuscripts-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-abstracts-manuscripts-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-abstracts-manuscripts-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-abstracts-manuscripts-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-abstracts-manuscripts-manager-fbf758a644d0a5c8124110ba01ca9800.yaml b/nuclei-templates/cve-less/plugins/wp-abstracts-manuscripts-manager-fbf758a644d0a5c8124110ba01ca9800.yaml new file mode 100644 index 0000000000..c71b46c62c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-abstracts-manuscripts-manager-fbf758a644d0a5c8124110ba01ca9800.yaml @@ -0,0 +1,58 @@ +id: wp-abstracts-manuscripts-manager-fbf758a644d0a5c8124110ba01ca9800 + +info: + name: > + WP Abstracts <= 2.6.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/495df695-864e-4a77-bcd1-d1845c55a6c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-abstracts-manuscripts-manager/" + google-query: inurl:"/wp-content/plugins/wp-abstracts-manuscripts-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-abstracts-manuscripts-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-abstracts-manuscripts-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-abstracts-manuscripts-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-academic-people-52128069b8783cc721b252c69306747a.yaml b/nuclei-templates/cve-less/plugins/wp-academic-people-52128069b8783cc721b252c69306747a.yaml new file mode 100644 index 0000000000..0b6dc7bdbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-academic-people-52128069b8783cc721b252c69306747a.yaml @@ -0,0 +1,58 @@ +id: wp-academic-people-52128069b8783cc721b252c69306747a + +info: + name: > + WP Academic People List <= 0.4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce5efd37-131f-4b75-b682-023a07070ca0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-academic-people/" + google-query: inurl:"/wp-content/plugins/wp-academic-people/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-academic-people,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-academic-people/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-academic-people" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-accessibility-helper-3be3a9644337351c7a40dbeb1dd937c1.yaml b/nuclei-templates/cve-less/plugins/wp-accessibility-helper-3be3a9644337351c7a40dbeb1dd937c1.yaml new file mode 100644 index 0000000000..f7e59b12ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-accessibility-helper-3be3a9644337351c7a40dbeb1dd937c1.yaml @@ -0,0 +1,58 @@ +id: wp-accessibility-helper-3be3a9644337351c7a40dbeb1dd937c1 + +info: + name: > + WP Accessibility Helper <= 0.6.0.6 - Reflected Cross-Site Scripting via wahi + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/261b5905-9194-40d3-99cb-1c7a832218dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-accessibility-helper/" + google-query: inurl:"/wp-content/plugins/wp-accessibility-helper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-accessibility-helper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-accessibility-helper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-accessibility-helper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.6.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-accessibility-helper-6194829f785c406e2e428c86316d96c5.yaml b/nuclei-templates/cve-less/plugins/wp-accessibility-helper-6194829f785c406e2e428c86316d96c5.yaml new file mode 100644 index 0000000000..f407f6e296 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-accessibility-helper-6194829f785c406e2e428c86316d96c5.yaml @@ -0,0 +1,58 @@ +id: wp-accessibility-helper-6194829f785c406e2e428c86316d96c5 + +info: + name: > + WP Accessibility Helper (WAH) <= 0.6.2.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc186712-5314-4471-bf02-4fd580c338c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-accessibility-helper/" + google-query: inurl:"/wp-content/plugins/wp-accessibility-helper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-accessibility-helper,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-accessibility-helper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-accessibility-helper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-accessibility-helper-bd68d113848e70b56a089eb9f2977075.yaml b/nuclei-templates/cve-less/plugins/wp-accessibility-helper-bd68d113848e70b56a089eb9f2977075.yaml new file mode 100644 index 0000000000..911f0a5917 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-accessibility-helper-bd68d113848e70b56a089eb9f2977075.yaml @@ -0,0 +1,58 @@ +id: wp-accessibility-helper-bd68d113848e70b56a089eb9f2977075 + +info: + name: > + WP Accessibility Helper (WAH) <= 0.6.2.4 - Missing Authorization via AJAX action + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b97b84a8-cf4e-4648-8d58-b81a71b7988c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-accessibility-helper/" + google-query: inurl:"/wp-content/plugins/wp-accessibility-helper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-accessibility-helper,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-accessibility-helper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-accessibility-helper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-action-network-17cbc81bfbd2835ea082db7b23dfca8c.yaml b/nuclei-templates/cve-less/plugins/wp-action-network-17cbc81bfbd2835ea082db7b23dfca8c.yaml new file mode 100644 index 0000000000..49d35a9bb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-action-network-17cbc81bfbd2835ea082db7b23dfca8c.yaml @@ -0,0 +1,58 @@ +id: wp-action-network-17cbc81bfbd2835ea082db7b23dfca8c + +info: + name: > + Action Network <= 1.4.2 - Reflected Cross-Site Scripting via 'search' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4366cf8-bf50-4d9f-9a85-2c2de7f7e90d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-action-network/" + google-query: inurl:"/wp-content/plugins/wp-action-network/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-action-network,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-action-network/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-action-network" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-action-network-8fe65facf4fd0cb40e8b7fae00de182d.yaml b/nuclei-templates/cve-less/plugins/wp-action-network-8fe65facf4fd0cb40e8b7fae00de182d.yaml new file mode 100644 index 0000000000..64f6bf1c40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-action-network-8fe65facf4fd0cb40e8b7fae00de182d.yaml @@ -0,0 +1,58 @@ +id: wp-action-network-8fe65facf4fd0cb40e8b7fae00de182d + +info: + name: > + WordPress Action Network 1.4.3 -Authentcated (Admin+) SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdf18ae2-f0d4-44d4-9dd1-6ac36d859d68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-action-network/" + google-query: inurl:"/wp-content/plugins/wp-action-network/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-action-network,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-action-network/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-action-network" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ada-compliance-check-basic-33ab7e0d75c2ed6bd56f09ac49100c0b.yaml b/nuclei-templates/cve-less/plugins/wp-ada-compliance-check-basic-33ab7e0d75c2ed6bd56f09ac49100c0b.yaml new file mode 100644 index 0000000000..2bbf32fcb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ada-compliance-check-basic-33ab7e0d75c2ed6bd56f09ac49100c0b.yaml @@ -0,0 +1,58 @@ +id: wp-ada-compliance-check-basic-33ab7e0d75c2ed6bd56f09ac49100c0b + +info: + name: > + WP ADA Compliance Check Basic – Most Comprehensive Web Accessibility Solution for WordPress <= 3.1.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/689ed1b8-8ef9-4994-8a39-9e0b079aed9a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ada-compliance-check-basic/" + google-query: inurl:"/wp-content/plugins/wp-ada-compliance-check-basic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ada-compliance-check-basic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ada-compliance-check-basic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ada-compliance-check-basic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-admin-logo-changer-410921c5c60a1f559b97b16f075ad4ff.yaml b/nuclei-templates/cve-less/plugins/wp-admin-logo-changer-410921c5c60a1f559b97b16f075ad4ff.yaml new file mode 100644 index 0000000000..e4766515f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-admin-logo-changer-410921c5c60a1f559b97b16f075ad4ff.yaml @@ -0,0 +1,58 @@ +id: wp-admin-logo-changer-410921c5c60a1f559b97b16f075ad4ff + +info: + name: > + WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd01d83e-a337-4f93-8bd0-0c9f3c786583?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-admin-logo-changer/" + google-query: inurl:"/wp-content/plugins/wp-admin-logo-changer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-admin-logo-changer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-admin-logo-changer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-admin-logo-changer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-admin-notification-center-b82cc40f758ba3c73375abdf46eafb06.yaml b/nuclei-templates/cve-less/plugins/wp-admin-notification-center-b82cc40f758ba3c73375abdf46eafb06.yaml new file mode 100644 index 0000000000..cfd09b2cb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-admin-notification-center-b82cc40f758ba3c73375abdf46eafb06.yaml @@ -0,0 +1,58 @@ +id: wp-admin-notification-center-b82cc40f758ba3c73375abdf46eafb06 + +info: + name: > + Hide admin notices – Admin Notification Center <= 2.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b98c5623-15fe-4937-9a0e-770aa0ab06f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-admin-notification-center/" + google-query: inurl:"/wp-content/plugins/wp-admin-notification-center/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-admin-notification-center,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-admin-notification-center/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-admin-notification-center" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-admin-style-04d32a3642a2c96352c83010608db77d.yaml b/nuclei-templates/cve-less/plugins/wp-admin-style-04d32a3642a2c96352c83010608db77d.yaml new file mode 100644 index 0000000000..dddacb62a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-admin-style-04d32a3642a2c96352c83010608db77d.yaml @@ -0,0 +1,58 @@ +id: wp-admin-style-04d32a3642a2c96352c83010608db77d + +info: + name: > + WP Admin Style <= 0.1.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c755b87-68b9-4a42-bb4d-ecdb4cff6de2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-admin-style/" + google-query: inurl:"/wp-content/plugins/wp-admin-style/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-admin-style,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-admin-style/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-admin-style" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-admin-ui-customize-d5f34e92eea10518421633a7bf6a6987.yaml b/nuclei-templates/cve-less/plugins/wp-admin-ui-customize-d5f34e92eea10518421633a7bf6a6987.yaml new file mode 100644 index 0000000000..68fae84924 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-admin-ui-customize-d5f34e92eea10518421633a7bf6a6987.yaml @@ -0,0 +1,58 @@ +id: wp-admin-ui-customize-d5f34e92eea10518421633a7bf6a6987 + +info: + name: > + WP Admin UI Customize <= 1.5.12 - Authenticated (Administrator+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0306c785-0dc3-44fb-a3cc-9afb5ab81651?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-admin-ui-customize/" + google-query: inurl:"/wp-content/plugins/wp-admin-ui-customize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-admin-ui-customize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-admin-ui-customize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-admin-ui-customize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-advanced-search-84ddf5342f72d908358cc5325eb7e319.yaml b/nuclei-templates/cve-less/plugins/wp-advanced-search-84ddf5342f72d908358cc5325eb7e319.yaml new file mode 100644 index 0000000000..e0b8b46397 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-advanced-search-84ddf5342f72d908358cc5325eb7e319.yaml @@ -0,0 +1,58 @@ +id: wp-advanced-search-84ddf5342f72d908358cc5325eb7e319 + +info: + name: > + WordPress WP-Advanced-Search <= 3.3.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33129b72-0976-4c09-9cea-b5ba321ae46f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-advanced-search/" + google-query: inurl:"/wp-content/plugins/wp-advanced-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-advanced-search,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-advanced-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-advanced-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-advanced-search-e8896aaa278ff92ff4eab642f544ea11.yaml b/nuclei-templates/cve-less/plugins/wp-advanced-search-e8896aaa278ff92ff4eab642f544ea11.yaml new file mode 100644 index 0000000000..98e9519cd7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-advanced-search-e8896aaa278ff92ff4eab642f544ea11.yaml @@ -0,0 +1,58 @@ +id: wp-advanced-search-e8896aaa278ff92ff4eab642f544ea11 + +info: + name: > + WP-Advanced-Search <= 3.3.8 - Cross-Site Request Forgery leading to Plugin Settings Updates + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2ba21cd-d8f3-402a-b067-1758937d9eb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-advanced-search/" + google-query: inurl:"/wp-content/plugins/wp-advanced-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-advanced-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-advanced-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-advanced-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-affiliate-disclosure-78aa7f4c0fd135cd902e3c93c245e07f.yaml b/nuclei-templates/cve-less/plugins/wp-affiliate-disclosure-78aa7f4c0fd135cd902e3c93c245e07f.yaml new file mode 100644 index 0000000000..ce4606fc0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-affiliate-disclosure-78aa7f4c0fd135cd902e3c93c245e07f.yaml @@ -0,0 +1,58 @@ +id: wp-affiliate-disclosure-78aa7f4c0fd135cd902e3c93c245e07f + +info: + name: > + WP Affiliate Disclosure <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via $id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e38ee27-30a4-45be-bab6-a3e65ada215f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-affiliate-disclosure/" + google-query: inurl:"/wp-content/plugins/wp-affiliate-disclosure/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-affiliate-disclosure,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-affiliate-disclosure/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-affiliate-disclosure" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-affiliate-disclosure-c87c4ea28269200455ab4fe854f72ca0.yaml b/nuclei-templates/cve-less/plugins/wp-affiliate-disclosure-c87c4ea28269200455ab4fe854f72ca0.yaml new file mode 100644 index 0000000000..604d47952b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-affiliate-disclosure-c87c4ea28269200455ab4fe854f72ca0.yaml @@ -0,0 +1,58 @@ +id: wp-affiliate-disclosure-c87c4ea28269200455ab4fe854f72ca0 + +info: + name: > + WP Affiliate Disclosure <= 1.2.6 - Cross-Site Request Forgery via check_capability + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11cc8c6e-b60e-46b3-966e-07b1fb2bf8e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-affiliate-disclosure/" + google-query: inurl:"/wp-content/plugins/wp-affiliate-disclosure/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-affiliate-disclosure,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-affiliate-disclosure/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-affiliate-disclosure" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-affiliate-links-7a21d7c86e8ebeab0cea551daecba3fc.yaml b/nuclei-templates/cve-less/plugins/wp-affiliate-links-7a21d7c86e8ebeab0cea551daecba3fc.yaml new file mode 100644 index 0000000000..ef650c5f0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-affiliate-links-7a21d7c86e8ebeab0cea551daecba3fc.yaml @@ -0,0 +1,58 @@ +id: wp-affiliate-links-7a21d7c86e8ebeab0cea551daecba3fc + +info: + name: > + WP Affiliate Links <= 0.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba4638be-29d3-4638-84d3-6a9d540bfa33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-affiliate-links/" + google-query: inurl:"/wp-content/plugins/wp-affiliate-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-affiliate-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-affiliate-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-affiliate-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-affiliate-platform-9760015c4d350e201fad6b9179af7df3.yaml b/nuclei-templates/cve-less/plugins/wp-affiliate-platform-9760015c4d350e201fad6b9179af7df3.yaml new file mode 100644 index 0000000000..684c2d587f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-affiliate-platform-9760015c4d350e201fad6b9179af7df3.yaml @@ -0,0 +1,58 @@ +id: wp-affiliate-platform-9760015c4d350e201fad6b9179af7df3 + +info: + name: > + WP Affiliate Platform <= 6.3.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b49af95-2310-4f71-921b-ee66588dd6d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-affiliate-platform/" + google-query: inurl:"/wp-content/plugins/wp-affiliate-platform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-affiliate-platform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-affiliate-platform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-affiliate-platform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-affiliate-platform-9d26ce45ae3e2b9cd30cf1aaa62ddd92.yaml b/nuclei-templates/cve-less/plugins/wp-affiliate-platform-9d26ce45ae3e2b9cd30cf1aaa62ddd92.yaml new file mode 100644 index 0000000000..6f11057daa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-affiliate-platform-9d26ce45ae3e2b9cd30cf1aaa62ddd92.yaml @@ -0,0 +1,58 @@ +id: wp-affiliate-platform-9d26ce45ae3e2b9cd30cf1aaa62ddd92 + +info: + name: > + WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6096b9a-f7bb-454a-8203-50ac99d37100?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-affiliate-platform/" + google-query: inurl:"/wp-content/plugins/wp-affiliate-platform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-affiliate-platform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-affiliate-platform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-affiliate-platform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-affiliate-platform-f655053c752606f8cf271b5e2d50d49f.yaml b/nuclei-templates/cve-less/plugins/wp-affiliate-platform-f655053c752606f8cf271b5e2d50d49f.yaml new file mode 100644 index 0000000000..ef7e132a43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-affiliate-platform-f655053c752606f8cf271b5e2d50d49f.yaml @@ -0,0 +1,58 @@ +id: wp-affiliate-platform-f655053c752606f8cf271b5e2d50d49f + +info: + name: > + WP Affiliate Platform <= 6.3.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b96e5ff-804c-41b6-ae34-5184a704b38e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-affiliate-platform/" + google-query: inurl:"/wp-content/plugins/wp-affiliate-platform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-affiliate-platform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-affiliate-platform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-affiliate-platform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-airbnb-review-slider-5f97cab1c787955760a43df34e0be9d5.yaml b/nuclei-templates/cve-less/plugins/wp-airbnb-review-slider-5f97cab1c787955760a43df34e0be9d5.yaml new file mode 100644 index 0000000000..d5783ffff9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-airbnb-review-slider-5f97cab1c787955760a43df34e0be9d5.yaml @@ -0,0 +1,58 @@ +id: wp-airbnb-review-slider-5f97cab1c787955760a43df34e0be9d5 + +info: + name: > + WP Airbnb Review Slider <= 3.2 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/038d1144-81b8-4e4b-b0d5-60516f02dbdf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-airbnb-review-slider/" + google-query: inurl:"/wp-content/plugins/wp-airbnb-review-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-airbnb-review-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-airbnb-review-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-airbnb-review-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-airbnb-review-slider-bbbfb24fae80d53d9d732dd1134e3189.yaml b/nuclei-templates/cve-less/plugins/wp-airbnb-review-slider-bbbfb24fae80d53d9d732dd1134e3189.yaml new file mode 100644 index 0000000000..9d3a6bd332 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-airbnb-review-slider-bbbfb24fae80d53d9d732dd1134e3189.yaml @@ -0,0 +1,58 @@ +id: wp-airbnb-review-slider-bbbfb24fae80d53d9d732dd1134e3189 + +info: + name: > + WP Airbnb Review Slider <= 3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c265590c-be4f-4191-8368-7d366d182dc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-airbnb-review-slider/" + google-query: inurl:"/wp-content/plugins/wp-airbnb-review-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-airbnb-review-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-airbnb-review-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-airbnb-review-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-backup-8616428f32a57e2652dd917dc2c90d74.yaml b/nuclei-templates/cve-less/plugins/wp-all-backup-8616428f32a57e2652dd917dc2c90d74.yaml new file mode 100644 index 0000000000..931b8fd927 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-backup-8616428f32a57e2652dd917dc2c90d74.yaml @@ -0,0 +1,58 @@ +id: wp-all-backup-8616428f32a57e2652dd917dc2c90d74 + +info: + name: > + WP All Backup <= 2.4.3 - Cross-Site Request Forgery to Backup Storage Modification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e087817e-9edb-4c93-96c6-e8d8e99d4d9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-backup/" + google-query: inurl:"/wp-content/plugins/wp-all-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-backup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-export-1ab755d3e95de25c386caeb2d042c3d1.yaml b/nuclei-templates/cve-less/plugins/wp-all-export-1ab755d3e95de25c386caeb2d042c3d1.yaml new file mode 100644 index 0000000000..09f269ed0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-export-1ab755d3e95de25c386caeb2d042c3d1.yaml @@ -0,0 +1,58 @@ +id: wp-all-export-1ab755d3e95de25c386caeb2d042c3d1 + +info: + name: > + WP All Export <= 1.3.0 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28bdf97b-86e7-4d4b-a3e4-6624e9858a93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-export/" + google-query: inurl:"/wp-content/plugins/wp-all-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-export,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-export-3e761f82934df2ab4021a24d8a5d3f17.yaml b/nuclei-templates/cve-less/plugins/wp-all-export-3e761f82934df2ab4021a24d8a5d3f17.yaml new file mode 100644 index 0000000000..24e310eeee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-export-3e761f82934df2ab4021a24d8a5d3f17.yaml @@ -0,0 +1,58 @@ +id: wp-all-export-3e761f82934df2ab4021a24d8a5d3f17 + +info: + name: > + Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Authenticated (Admin+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43f976ee-cba7-4f5d-b9c6-a6f66c0011d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-export/" + google-query: inurl:"/wp-content/plugins/wp-all-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-export,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-export-54815dfa4753d9cdf9883b354532f577.yaml b/nuclei-templates/cve-less/plugins/wp-all-export-54815dfa4753d9cdf9883b354532f577.yaml new file mode 100644 index 0000000000..0d2ea8c18c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-export-54815dfa4753d9cdf9883b354532f577.yaml @@ -0,0 +1,58 @@ +id: wp-all-export-54815dfa4753d9cdf9883b354532f577 + +info: + name: > + Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Cross-Site Request Forgery to Remote Code Execution + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b70e8bce-1793-40f0-bdb1-100cf5f431e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-export/" + google-query: inurl:"/wp-content/plugins/wp-all-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-export,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-export-a04852934ccd4497c8403afda3917aa6.yaml b/nuclei-templates/cve-less/plugins/wp-all-export-a04852934ccd4497c8403afda3917aa6.yaml new file mode 100644 index 0000000000..af1826a047 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-export-a04852934ccd4497c8403afda3917aa6.yaml @@ -0,0 +1,58 @@ +id: wp-all-export-a04852934ccd4497c8403afda3917aa6 + +info: + name: > + Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Cross-Site Request Forgery to PHAR Deserialization + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc18341-135b-4522-a9db-510e4c4d9704?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-export/" + google-query: inurl:"/wp-content/plugins/wp-all-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-export,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-export-c1088d4a7272923461f43cf76023c143.yaml b/nuclei-templates/cve-less/plugins/wp-all-export-c1088d4a7272923461f43cf76023c143.yaml new file mode 100644 index 0000000000..271bc13492 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-export-c1088d4a7272923461f43cf76023c143.yaml @@ -0,0 +1,58 @@ +id: wp-all-export-c1088d4a7272923461f43cf76023c143 + +info: + name: > + Export any WordPress data to XML/CSV <= 1.3.4 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8613acf-d6e8-434f-820b-d854ed1f6299?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-export/" + google-query: inurl:"/wp-content/plugins/wp-all-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-export,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-export-pro-3e761f82934df2ab4021a24d8a5d3f17.yaml b/nuclei-templates/cve-less/plugins/wp-all-export-pro-3e761f82934df2ab4021a24d8a5d3f17.yaml new file mode 100644 index 0000000000..a39c1880b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-export-pro-3e761f82934df2ab4021a24d8a5d3f17.yaml @@ -0,0 +1,58 @@ +id: wp-all-export-pro-3e761f82934df2ab4021a24d8a5d3f17 + +info: + name: > + Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Authenticated (Admin+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43f976ee-cba7-4f5d-b9c6-a6f66c0011d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-export-pro/" + google-query: inurl:"/wp-content/plugins/wp-all-export-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-export-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-export-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-export-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-export-pro-54815dfa4753d9cdf9883b354532f577.yaml b/nuclei-templates/cve-less/plugins/wp-all-export-pro-54815dfa4753d9cdf9883b354532f577.yaml new file mode 100644 index 0000000000..2ec6a82102 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-export-pro-54815dfa4753d9cdf9883b354532f577.yaml @@ -0,0 +1,58 @@ +id: wp-all-export-pro-54815dfa4753d9cdf9883b354532f577 + +info: + name: > + Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Cross-Site Request Forgery to Remote Code Execution + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b70e8bce-1793-40f0-bdb1-100cf5f431e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-export-pro/" + google-query: inurl:"/wp-content/plugins/wp-all-export-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-export-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-export-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-export-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-export-pro-92aa647881d350b340f99ec0dcdafcc3.yaml b/nuclei-templates/cve-less/plugins/wp-all-export-pro-92aa647881d350b340f99ec0dcdafcc3.yaml new file mode 100644 index 0000000000..ebbb0fe196 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-export-pro-92aa647881d350b340f99ec0dcdafcc3.yaml @@ -0,0 +1,58 @@ +id: wp-all-export-pro-92aa647881d350b340f99ec0dcdafcc3 + +info: + name: > + WP ALL Export Pro <= 1.7.8 - Authenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c901f85d-fcdb-43e5-8626-f2410e4e328f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-export-pro/" + google-query: inurl:"/wp-content/plugins/wp-all-export-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-export-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-export-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-export-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-export-pro-a04852934ccd4497c8403afda3917aa6.yaml b/nuclei-templates/cve-less/plugins/wp-all-export-pro-a04852934ccd4497c8403afda3917aa6.yaml new file mode 100644 index 0000000000..b10de51a1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-export-pro-a04852934ccd4497c8403afda3917aa6.yaml @@ -0,0 +1,58 @@ +id: wp-all-export-pro-a04852934ccd4497c8403afda3917aa6 + +info: + name: > + Export any WordPress data to XML/CSV < 1.4.1 & WP ALL Export Pro < 1.8.6 - Cross-Site Request Forgery to PHAR Deserialization + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdc18341-135b-4522-a9db-510e4c4d9704?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-export-pro/" + google-query: inurl:"/wp-content/plugins/wp-all-export-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-export-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-export-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-export-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-export-pro-c8d77620d025f09aeefa4638ee5b37e1.yaml b/nuclei-templates/cve-less/plugins/wp-all-export-pro-c8d77620d025f09aeefa4638ee5b37e1.yaml new file mode 100644 index 0000000000..91cf4fb806 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-export-pro-c8d77620d025f09aeefa4638ee5b37e1.yaml @@ -0,0 +1,58 @@ +id: wp-all-export-pro-c8d77620d025f09aeefa4638ee5b37e1 + +info: + name: > + WP ALL Export Pro <= 1.7.8 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4421c1b-742c-4307-9736-d6263bab4ae4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-export-pro/" + google-query: inurl:"/wp-content/plugins/wp-all-export-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-export-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-export-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-export-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-490b87f43f2fe349a60db708b8fdfe27.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-490b87f43f2fe349a60db708b8fdfe27.yaml new file mode 100644 index 0000000000..e119515828 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-490b87f43f2fe349a60db708b8fdfe27.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-490b87f43f2fe349a60db708b8fdfe27 + +info: + name: > + Import any XML or CSV File to WordPress <= 3.6.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbd4f08c-9989-4af9-b615-1db82909a1db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-54d38a1874377a19e755c0dd341fe745.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-54d38a1874377a19e755c0dd341fe745.yaml new file mode 100644 index 0000000000..288c3dab4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-54d38a1874377a19e755c0dd341fe745.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-54d38a1874377a19e755c0dd341fe745 + +info: + name: > + Import any XML or CSV File to WordPress <= 3.7.3 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/121cad41-d3cd-4042-b568-3d91909a38d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-5b6052811294a634af9b6d15efbb8d49.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-5b6052811294a634af9b6d15efbb8d49.yaml new file mode 100644 index 0000000000..8fe29e993c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-5b6052811294a634af9b6d15efbb8d49.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-5b6052811294a634af9b6d15efbb8d49 + +info: + name: > + Import any XML or CSV File to WordPress <= 3.2.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f999f89-29eb-4871-a304-0ba6954e7e5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-6542eb9293767f9620f37e7f59fd2a40.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-6542eb9293767f9620f37e7f59fd2a40.yaml new file mode 100644 index 0000000000..b590107640 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-6542eb9293767f9620f37e7f59fd2a40.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-6542eb9293767f9620f37e7f59fd2a40 + +info: + name: > + WP All Import <= 3.4.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/406fe34a-0991-4653-9924-b6586091d7df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-655d94e53e4a588a8f5f35013abd45f6.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-655d94e53e4a588a8f5f35013abd45f6.yaml new file mode 100644 index 0000000000..5998d7d27d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-655d94e53e4a588a8f5f35013abd45f6.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-655d94e53e4a588a8f5f35013abd45f6 + +info: + name: > + Import any XML or CSV File to WordPress <= 3.4.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9704b633-5779-42a7-90d7-e532448f2e51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-6e8d8a68dd9873805b5f71eb69761022.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-6e8d8a68dd9873805b5f71eb69761022.yaml new file mode 100644 index 0000000000..ae4cf85dba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-6e8d8a68dd9873805b5f71eb69761022.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-6e8d8a68dd9873805b5f71eb69761022 + +info: + name: > + Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eab85a0a-f328-4cb6-b01f-d7e57540969d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-81844f67a8cb300bf38ea9c090e351aa.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-81844f67a8cb300bf38ea9c090e351aa.yaml new file mode 100644 index 0000000000..e5b4871ea5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-81844f67a8cb300bf38ea9c090e351aa.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-81844f67a8cb300bf38ea9c090e351aa + +info: + name: > + Import any XML or CSV File to WordPress <= 3.2.3 & PRO < 4.1.1 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1bdda78-e0e3-4d0b-81b8-9c018f445225?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-8b209ab2ce1916ae647e2542cfaaa488.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-8b209ab2ce1916ae647e2542cfaaa488.yaml new file mode 100644 index 0000000000..16ef9d18ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-8b209ab2ce1916ae647e2542cfaaa488.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-8b209ab2ce1916ae647e2542cfaaa488 + +info: + name: > + Import any XML or CSV File to WordPress < 3.2.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b39c8e1-f2b7-436d-97d1-2d503d7ac835?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-8f60c3b6446189e3058b9237676dd33f.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-8f60c3b6446189e3058b9237676dd33f.yaml new file mode 100644 index 0000000000..7c09613214 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-8f60c3b6446189e3058b9237676dd33f.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-8f60c3b6446189e3058b9237676dd33f + +info: + name: > + Import any XML or CSV File to WordPress <= 3.6.8 - Authenticated (Administrator+) Arbitrary File Upload via Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/420bcda3-e275-4811-ae37-df69d4d60cee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-aed64fd523c0d1b492fdf86a110cd8b5.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-aed64fd523c0d1b492fdf86a110cd8b5.yaml new file mode 100644 index 0000000000..1069fd27ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-aed64fd523c0d1b492fdf86a110cd8b5.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-aed64fd523c0d1b492fdf86a110cd8b5 + +info: + name: > + WP All Import <= 3.6.7 - Authenticated (Administrator+) Arbitrary Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a5ce873-e90b-4bdc-b428-426818ff9a86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-c459c6390d6920d9836ff6f1ec3a05e1.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-c459c6390d6920d9836ff6f1ec3a05e1.yaml new file mode 100644 index 0000000000..03d1d916ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-c459c6390d6920d9836ff6f1ec3a05e1.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-c459c6390d6920d9836ff6f1ec3a05e1 + +info: + name: > + Import any XML or CSV File to WordPress <= 3.4.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4d19f85-e39f-46e6-b62c-b6d3dc51a0df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-d244aad713442e8917ed457759893c6e.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-d244aad713442e8917ed457759893c6e.yaml new file mode 100644 index 0000000000..55bf253a7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-d244aad713442e8917ed457759893c6e.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-d244aad713442e8917ed457759893c6e + +info: + name: > + WP All Import <= 3.4.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/deb6821e-93ff-4636-912b-887deba59577?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-dcb0952ba59e4cf6e5088fb4c3d3565e.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-dcb0952ba59e4cf6e5088fb4c3d3565e.yaml new file mode 100644 index 0000000000..eb1f5f79fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-dcb0952ba59e4cf6e5088fb4c3d3565e.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-dcb0952ba59e4cf6e5088fb4c3d3565e + +info: + name: > + WP All Import <= 3.6.7 - Admin+ Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1072ad88-5760-4f2a-82b3-d515d6f73e52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-e69997328ca18e69bd3343eedbb036ad.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-e69997328ca18e69bd3343eedbb036ad.yaml new file mode 100644 index 0000000000..7cffbac067 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-e69997328ca18e69bd3343eedbb036ad.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-e69997328ca18e69bd3343eedbb036ad + +info: + name: > + Import any XML or CSV File <= 3.7.2 - Authenticated (Admin+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40682959-6cb0-4ffb-9338-519e82eb746e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-ea7f76443ee4f847f0d00da3e01a11a3.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-ea7f76443ee4f847f0d00da3e01a11a3.yaml new file mode 100644 index 0000000000..42e281e5d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-ea7f76443ee4f847f0d00da3e01a11a3.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-ea7f76443ee4f847f0d00da3e01a11a3 + +info: + name: > + Import any XML or CSV File to WordPress <= 3.6.7 - Admin+ Malicious File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d281333-d9af-4eb7-bc5c-ea7ceeddac03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import/" + google-query: inurl:"/wp-content/plugins/wp-all-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-pro-5b6052811294a634af9b6d15efbb8d49.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-pro-5b6052811294a634af9b6d15efbb8d49.yaml new file mode 100644 index 0000000000..2956f4085b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-pro-5b6052811294a634af9b6d15efbb8d49.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-pro-5b6052811294a634af9b6d15efbb8d49 + +info: + name: > + Import any XML or CSV File to WordPress <= 3.2.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f999f89-29eb-4871-a304-0ba6954e7e5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import-pro/" + google-query: inurl:"/wp-content/plugins/wp-all-import-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-all-import-pro-81844f67a8cb300bf38ea9c090e351aa.yaml b/nuclei-templates/cve-less/plugins/wp-all-import-pro-81844f67a8cb300bf38ea9c090e351aa.yaml new file mode 100644 index 0000000000..8cb9b09096 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-all-import-pro-81844f67a8cb300bf38ea9c090e351aa.yaml @@ -0,0 +1,58 @@ +id: wp-all-import-pro-81844f67a8cb300bf38ea9c090e351aa + +info: + name: > + Import any XML or CSV File to WordPress <= 3.2.3 & PRO < 4.1.1 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1bdda78-e0e3-4d0b-81b8-9c018f445225?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-all-import-pro/" + google-query: inurl:"/wp-content/plugins/wp-all-import-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-all-import-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-all-import-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-all-import-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-amasin-the-amazon-affiliate-shop-5595c7f205cd9ae7c0c1e3237881d78f.yaml b/nuclei-templates/cve-less/plugins/wp-amasin-the-amazon-affiliate-shop-5595c7f205cd9ae7c0c1e3237881d78f.yaml new file mode 100644 index 0000000000..c32a45f5ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-amasin-the-amazon-affiliate-shop-5595c7f205cd9ae7c0c1e3237881d78f.yaml @@ -0,0 +1,58 @@ +id: wp-amasin-the-amazon-affiliate-shop-5595c7f205cd9ae7c0c1e3237881d78f + +info: + name: > + WP AmASIN – The Amazon Affiliate Shop <= 0.9.6 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/649cbd38-d926-4638-9fb9-6704befa1660?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/" + google-query: inurl:"/wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-amasin-the-amazon-affiliate-shop,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-amasin-the-amazon-affiliate-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-amazon-shop-90f8bc64469472ae0cd3174d5b6a7976.yaml b/nuclei-templates/cve-less/plugins/wp-amazon-shop-90f8bc64469472ae0cd3174d5b6a7976.yaml new file mode 100644 index 0000000000..419ec3f069 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-amazon-shop-90f8bc64469472ae0cd3174d5b6a7976.yaml @@ -0,0 +1,58 @@ +id: wp-amazon-shop-90f8bc64469472ae0cd3174d5b6a7976 + +info: + name: > + Dropshipping & Affiliation with Amazon <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17240c75-4e2a-45d2-8114-414c7e81af87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-amazon-shop/" + google-query: inurl:"/wp-content/plugins/wp-amazon-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-amazon-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-amazon-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-amazon-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-amo-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/wp-amo-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..60204d6b2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-amo-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: wp-amo-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-amo/" + google-query: inurl:"/wp-content/plugins/wp-amo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-amo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-amo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-amo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-analytify-4570eda0c03b7f7b441d2c3a25dcd80e.yaml b/nuclei-templates/cve-less/plugins/wp-analytify-4570eda0c03b7f7b441d2c3a25dcd80e.yaml new file mode 100644 index 0000000000..dbc49b851c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-analytify-4570eda0c03b7f7b441d2c3a25dcd80e.yaml @@ -0,0 +1,58 @@ +id: wp-analytify-4570eda0c03b7f7b441d2c3a25dcd80e + +info: + name: > + Analytify – Google Analytics Dashboard For WordPress <= 4.2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6efb57a-9638-44d1-a8d1-8eeadcc81ecc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-analytify/" + google-query: inurl:"/wp-content/plugins/wp-analytify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-analytify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-analytify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-analytify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-analytify-70ab06ad0d2802465de5c71330534e85.yaml b/nuclei-templates/cve-less/plugins/wp-analytify-70ab06ad0d2802465de5c71330534e85.yaml new file mode 100644 index 0000000000..5be113ad2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-analytify-70ab06ad0d2802465de5c71330534e85.yaml @@ -0,0 +1,58 @@ +id: wp-analytify-70ab06ad0d2802465de5c71330534e85 + +info: + name: > + Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) <= 5.2.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a659071-df11-4318-86c2-7881163c8b62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-analytify/" + google-query: inurl:"/wp-content/plugins/wp-analytify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-analytify,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-analytify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-analytify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-analytify-899a0dde0ba2e19723247e16c93f4325.yaml b/nuclei-templates/cve-less/plugins/wp-analytify-899a0dde0ba2e19723247e16c93f4325.yaml new file mode 100644 index 0000000000..82e1448ad5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-analytify-899a0dde0ba2e19723247e16c93f4325.yaml @@ -0,0 +1,58 @@ +id: wp-analytify-899a0dde0ba2e19723247e16c93f4325 + +info: + name: > + Analytify Dashboard <= 5.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7362f3f-c5d9-4ba0-b9c3-282c58861e2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-analytify/" + google-query: inurl:"/wp-content/plugins/wp-analytify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-analytify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-analytify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-analytify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-analytify-8fa6b82859e5d82c0a64a9973f57957b.yaml b/nuclei-templates/cve-less/plugins/wp-analytify-8fa6b82859e5d82c0a64a9973f57957b.yaml new file mode 100644 index 0000000000..a60df6c59b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-analytify-8fa6b82859e5d82c0a64a9973f57957b.yaml @@ -0,0 +1,58 @@ +id: wp-analytify-8fa6b82859e5d82c0a64a9973f57957b + +info: + name: > + Analytify <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c399c6a-d5e4-4b88-a0a9-003233d5d59f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-analytify/" + google-query: inurl:"/wp-content/plugins/wp-analytify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-analytify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-analytify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-analytify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-analytify-d12af8e80ae1c421ffa919ff53dc2e47.yaml b/nuclei-templates/cve-less/plugins/wp-analytify-d12af8e80ae1c421ffa919ff53dc2e47.yaml new file mode 100644 index 0000000000..854dee7995 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-analytify-d12af8e80ae1c421ffa919ff53dc2e47.yaml @@ -0,0 +1,58 @@ +id: wp-analytify-d12af8e80ae1c421ffa919ff53dc2e47 + +info: + name: > + Analytify Dashboard <= 5.1.0 - Missing Authorization to Opt-In + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/970b3a0f-c1cc-4d85-8271-a523ccdbcc39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-analytify/" + google-query: inurl:"/wp-content/plugins/wp-analytify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-analytify,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-analytify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-analytify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-analytify-d2645755bf5586970e23e1757a9c7bfe.yaml b/nuclei-templates/cve-less/plugins/wp-analytify-d2645755bf5586970e23e1757a9c7bfe.yaml new file mode 100644 index 0000000000..4ad81b4a99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-analytify-d2645755bf5586970e23e1757a9c7bfe.yaml @@ -0,0 +1,58 @@ +id: wp-analytify-d2645755bf5586970e23e1757a9c7bfe + +info: + name: > + Analytify <= 4.2.3 - Missing Authorization & Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a462789a-d311-47d7-9f54-190eaf5da03f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-analytify/" + google-query: inurl:"/wp-content/plugins/wp-analytify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-analytify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-analytify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-analytify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-anything-slider-aaaf4480d575f84ecd3c01a63e4a0287.yaml b/nuclei-templates/cve-less/plugins/wp-anything-slider-aaaf4480d575f84ecd3c01a63e4a0287.yaml new file mode 100644 index 0000000000..061981f443 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-anything-slider-aaaf4480d575f84ecd3c01a63e4a0287.yaml @@ -0,0 +1,58 @@ +id: wp-anything-slider-aaaf4480d575f84ecd3c01a63e4a0287 + +info: + name: > + Wp anything slider <= 9.1 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/535e754e-f851-4809-a148-d9ba808b9d8a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-anything-slider/" + google-query: inurl:"/wp-content/plugins/wp-anything-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-anything-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-anything-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-anything-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-aparat-098bdb5ff12e782e87bacda8082a6346.yaml b/nuclei-templates/cve-less/plugins/wp-aparat-098bdb5ff12e782e87bacda8082a6346.yaml new file mode 100644 index 0000000000..9ddebef3db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-aparat-098bdb5ff12e782e87bacda8082a6346.yaml @@ -0,0 +1,58 @@ +id: wp-aparat-098bdb5ff12e782e87bacda8082a6346 + +info: + name: > + Aparat for WordPress <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf1000eb-fac3-4710-bfcd-a6cc2c6327d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-aparat/" + google-query: inurl:"/wp-content/plugins/wp-aparat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-aparat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-aparat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-aparat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-app-maker-2b14d8058c7a99881803f353bd15c8bf.yaml b/nuclei-templates/cve-less/plugins/wp-app-maker-2b14d8058c7a99881803f353bd15c8bf.yaml new file mode 100644 index 0000000000..26bec90674 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-app-maker-2b14d8058c7a99881803f353bd15c8bf.yaml @@ -0,0 +1,58 @@ +id: wp-app-maker-2b14d8058c7a99881803f353bd15c8bf + +info: + name: > + WP App Maker <= 1.0.16.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2413083-262c-4646-91fa-f9b51010f3e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-app-maker/" + google-query: inurl:"/wp-content/plugins/wp-app-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-app-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-app-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-app-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.16.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-appbox-e587e1665fb732b10014cf1110ac13b4.yaml b/nuclei-templates/cve-less/plugins/wp-appbox-e587e1665fb732b10014cf1110ac13b4.yaml new file mode 100644 index 0000000000..96454ae5e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-appbox-e587e1665fb732b10014cf1110ac13b4.yaml @@ -0,0 +1,58 @@ +id: wp-appbox-e587e1665fb732b10014cf1110ac13b4 + +info: + name: > + WP-Appbox <= 4.3.20 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73c3dfc7-58de-4b24-ad91-0f8040d1f75e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-appbox/" + google-query: inurl:"/wp-content/plugins/wp-appbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-appbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-appbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-appbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-appointments-schedules-2d20c9ee33e7e10b4c0f0dcd5f256173.yaml b/nuclei-templates/cve-less/plugins/wp-appointments-schedules-2d20c9ee33e7e10b4c0f0dcd5f256173.yaml new file mode 100644 index 0000000000..f053446711 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-appointments-schedules-2d20c9ee33e7e10b4c0f0dcd5f256173.yaml @@ -0,0 +1,58 @@ +id: wp-appointments-schedules-2d20c9ee33e7e10b4c0f0dcd5f256173 + +info: + name: > + Appointments Scheduler <= 1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2afa0d46-eead-4eb3-9bf1-81fafd3f0f88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-appointments-schedules/" + google-query: inurl:"/wp-content/plugins/wp-appointments-schedules/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-appointments-schedules,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-appointments-schedules/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-appointments-schedules" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-asset-clean-up-157e1680396fa809586b361348ce2314.yaml b/nuclei-templates/cve-less/plugins/wp-asset-clean-up-157e1680396fa809586b361348ce2314.yaml new file mode 100644 index 0000000000..f4b4d922b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-asset-clean-up-157e1680396fa809586b361348ce2314.yaml @@ -0,0 +1,58 @@ +id: wp-asset-clean-up-157e1680396fa809586b361348ce2314 + +info: + name: > + Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting via AJAX Action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81a3460e-f2c8-422f-9256-3aef24afb42b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-asset-clean-up/" + google-query: inurl:"/wp-content/plugins/wp-asset-clean-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-asset-clean-up,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-asset-clean-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-asset-clean-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-asset-clean-up-16b8fc2e25c46e7423213d8067c33e6d.yaml b/nuclei-templates/cve-less/plugins/wp-asset-clean-up-16b8fc2e25c46e7423213d8067c33e6d.yaml new file mode 100644 index 0000000000..9a3191777c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-asset-clean-up-16b8fc2e25c46e7423213d8067c33e6d.yaml @@ -0,0 +1,58 @@ +id: wp-asset-clean-up-16b8fc2e25c46e7423213d8067c33e6d + +info: + name: > + Asset CleanUp: Page Speed Booster <= 1.3.8.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/752e3d68-001b-4523-9040-b1ef8fbffa7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-asset-clean-up/" + google-query: inurl:"/wp-content/plugins/wp-asset-clean-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-asset-clean-up,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-asset-clean-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-asset-clean-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-asset-clean-up-7caff55cfec661a72791dee0bee83561.yaml b/nuclei-templates/cve-less/plugins/wp-asset-clean-up-7caff55cfec661a72791dee0bee83561.yaml new file mode 100644 index 0000000000..7d0a95c0f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-asset-clean-up-7caff55cfec661a72791dee0bee83561.yaml @@ -0,0 +1,58 @@ +id: wp-asset-clean-up-7caff55cfec661a72791dee0bee83561 + +info: + name: > + Asset CleanUp <= 1.3.8.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4835539-a66c-4d14-b3c3-9a3a64e89ea6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-asset-clean-up/" + google-query: inurl:"/wp-content/plugins/wp-asset-clean-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-asset-clean-up,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-asset-clean-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-asset-clean-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-athletics-3b9b22b591de089c72309692f7ac4907.yaml b/nuclei-templates/cve-less/plugins/wp-athletics-3b9b22b591de089c72309692f7ac4907.yaml new file mode 100644 index 0000000000..c05f6bfc91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-athletics-3b9b22b591de089c72309692f7ac4907.yaml @@ -0,0 +1,58 @@ +id: wp-athletics-3b9b22b591de089c72309692f7ac4907 + +info: + name: > + WP Athletics <= 1.1.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d62da9a3-3a57-4bbd-b07d-8df39fa14c52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-athletics/" + google-query: inurl:"/wp-content/plugins/wp-athletics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-athletics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-athletics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-athletics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-athletics-6a4f3e2a82b7793dde5ce79a450d31bf.yaml b/nuclei-templates/cve-less/plugins/wp-athletics-6a4f3e2a82b7793dde5ce79a450d31bf.yaml new file mode 100644 index 0000000000..3b446caf29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-athletics-6a4f3e2a82b7793dde5ce79a450d31bf.yaml @@ -0,0 +1,58 @@ +id: wp-athletics-6a4f3e2a82b7793dde5ce79a450d31bf + +info: + name: > + WP Athletics <= 1.1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df20aa75-c6d3-48a6-9b19-7547bf12fb82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-athletics/" + google-query: inurl:"/wp-content/plugins/wp-athletics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-athletics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-athletics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-athletics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-attachment-export-512d60f62525369cb1c0a614152e673f.yaml b/nuclei-templates/cve-less/plugins/wp-attachment-export-512d60f62525369cb1c0a614152e673f.yaml new file mode 100644 index 0000000000..25398645db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-attachment-export-512d60f62525369cb1c0a614152e673f.yaml @@ -0,0 +1,58 @@ +id: wp-attachment-export-512d60f62525369cb1c0a614152e673f + +info: + name: > + WP Attachment Export < 0.2.4 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbd8d37d-50f7-4480-acef-cdec33c9f07f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-attachment-export/" + google-query: inurl:"/wp-content/plugins/wp-attachment-export/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-attachment-export,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-attachment-export/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-attachment-export" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-attachments-607d97f75ca23282557e4dc2fc682915.yaml b/nuclei-templates/cve-less/plugins/wp-attachments-607d97f75ca23282557e4dc2fc682915.yaml new file mode 100644 index 0000000000..93576cd11e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-attachments-607d97f75ca23282557e4dc2fc682915.yaml @@ -0,0 +1,58 @@ +id: wp-attachments-607d97f75ca23282557e4dc2fc682915 + +info: + name: > + WP Attachments <= 5.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c715f9-8655-448e-a8d2-71f24c9d48ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-attachments/" + google-query: inurl:"/wp-content/plugins/wp-attachments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-attachments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-attachments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-attachments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-attachments-bb80630c4629833cfa0b6983a79076e1.yaml b/nuclei-templates/cve-less/plugins/wp-attachments-bb80630c4629833cfa0b6983a79076e1.yaml new file mode 100644 index 0000000000..672703340b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-attachments-bb80630c4629833cfa0b6983a79076e1.yaml @@ -0,0 +1,58 @@ +id: wp-attachments-bb80630c4629833cfa0b6983a79076e1 + +info: + name: > + WP Attachments <= 5.0.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f23b144e-4380-4099-89b5-816c8c2f710f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-attachments/" + google-query: inurl:"/wp-content/plugins/wp-attachments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-attachments,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-attachments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-attachments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-attachments-d368d355a42efc82f9add75ee0c1d079.yaml b/nuclei-templates/cve-less/plugins/wp-attachments-d368d355a42efc82f9add75ee0c1d079.yaml new file mode 100644 index 0000000000..744a355cb4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-attachments-d368d355a42efc82f9add75ee0c1d079.yaml @@ -0,0 +1,58 @@ +id: wp-attachments-d368d355a42efc82f9add75ee0c1d079 + +info: + name: > + WP Attachments <= 5.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/360cba3a-dfae-4b1c-9b33-f531fb9b12e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-attachments/" + google-query: inurl:"/wp-content/plugins/wp-attachments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-attachments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-attachments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-attachments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-0f1369367add235ed7f30ce397da16e3.yaml b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-0f1369367add235ed7f30ce397da16e3.yaml new file mode 100644 index 0000000000..2809dcfb0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-0f1369367add235ed7f30ce397da16e3.yaml @@ -0,0 +1,58 @@ +id: wp-auto-affiliate-links-0f1369367add235ed7f30ce397da16e3 + +info: + name: > + Auto Affiliate Links <= 6.3 - Cross-Site Request Forgery via aalDeleteLink function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f738ecf3-5f10-43ab-b8ce-34ac41229e9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-auto-affiliate-links/" + google-query: inurl:"/wp-content/plugins/wp-auto-affiliate-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-auto-affiliate-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-auto-affiliate-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-30897ef76876a3c79e7909e7acb376e5.yaml b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-30897ef76876a3c79e7909e7acb376e5.yaml new file mode 100644 index 0000000000..63694daa26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-30897ef76876a3c79e7909e7acb376e5.yaml @@ -0,0 +1,58 @@ +id: wp-auto-affiliate-links-30897ef76876a3c79e7909e7acb376e5 + +info: + name: > + Auto Affiliate Links <= 6.4.2.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c84ffd3-e000-4d67-9789-e439e7c128e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-auto-affiliate-links/" + google-query: inurl:"/wp-content/plugins/wp-auto-affiliate-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-auto-affiliate-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-auto-affiliate-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-599f329db78aa16926991b18378d93d9.yaml b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-599f329db78aa16926991b18378d93d9.yaml new file mode 100644 index 0000000000..9e84198335 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-599f329db78aa16926991b18378d93d9.yaml @@ -0,0 +1,58 @@ +id: wp-auto-affiliate-links-599f329db78aa16926991b18378d93d9 + +info: + name: > + Auto Affiliate Links <= 6.4.3.1 - Authenticated (Editor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d34b675-ff66-475e-b838-657dd51fc48c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-auto-affiliate-links/" + google-query: inurl:"/wp-content/plugins/wp-auto-affiliate-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-auto-affiliate-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-auto-affiliate-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-5a61a27c8209633543dc7131ccce0c7b.yaml b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-5a61a27c8209633543dc7131ccce0c7b.yaml new file mode 100644 index 0000000000..7ad41340d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-5a61a27c8209633543dc7131ccce0c7b.yaml @@ -0,0 +1,58 @@ +id: wp-auto-affiliate-links-5a61a27c8209633543dc7131ccce0c7b + +info: + name: > + Auto Affiliate Links <= 6.4.3 - Missing Authorization via aalAddLink + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09e5aa34-ab28-4349-ac5f-6a0479e641e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-auto-affiliate-links/" + google-query: inurl:"/wp-content/plugins/wp-auto-affiliate-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-auto-affiliate-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-auto-affiliate-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-ade8d23b5006403a0ff80adcff26f453.yaml b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-ade8d23b5006403a0ff80adcff26f453.yaml new file mode 100644 index 0000000000..328241c946 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-ade8d23b5006403a0ff80adcff26f453.yaml @@ -0,0 +1,58 @@ +id: wp-auto-affiliate-links-ade8d23b5006403a0ff80adcff26f453 + +info: + name: > + Auto Affiliate Links <= 6.2.1.5 - Authenticated (Subscriber+) Plugin Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f787c75-7b27-4256-ac0c-abc2988ea7c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-auto-affiliate-links/" + google-query: inurl:"/wp-content/plugins/wp-auto-affiliate-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-auto-affiliate-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-auto-affiliate-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-d7c92809e4625ed3fe6e7ee1f56c18ee.yaml b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-d7c92809e4625ed3fe6e7ee1f56c18ee.yaml new file mode 100644 index 0000000000..8c8a044dfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-auto-affiliate-links-d7c92809e4625ed3fe6e7ee1f56c18ee.yaml @@ -0,0 +1,58 @@ +id: wp-auto-affiliate-links-d7c92809e4625ed3fe6e7ee1f56c18ee + +info: + name: > + Auto Affiliate Links <= 6.3.0.2 - Cross-Site Request Forgery via aalChangeOptions function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/611af50f-7f60-4c09-be64-3f2705e06206?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-auto-affiliate-links/" + google-query: inurl:"/wp-content/plugins/wp-auto-affiliate-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-auto-affiliate-links,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-auto-affiliate-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-auto-affiliate-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-auto-republish-83c485f2e43507746d6f598a094e8632.yaml b/nuclei-templates/cve-less/plugins/wp-auto-republish-83c485f2e43507746d6f598a094e8632.yaml new file mode 100644 index 0000000000..5bb0dca4e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-auto-republish-83c485f2e43507746d6f598a094e8632.yaml @@ -0,0 +1,58 @@ +id: wp-auto-republish-83c485f2e43507746d6f598a094e8632 + +info: + name: > + RevivePress – Keep your Old Content Evergreen <= 1.5.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63ecb518-50d6-49ad-92e4-c5a7494ced82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-auto-republish/" + google-query: inurl:"/wp-content/plugins/wp-auto-republish/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-auto-republish,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-auto-republish/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-auto-republish" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-automatic-652fe9285b64528e4143d85b4b2dc5a1.yaml b/nuclei-templates/cve-less/plugins/wp-automatic-652fe9285b64528e4143d85b4b2dc5a1.yaml new file mode 100644 index 0000000000..86df91c347 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-automatic-652fe9285b64528e4143d85b4b2dc5a1.yaml @@ -0,0 +1,58 @@ +id: wp-automatic-652fe9285b64528e4143d85b4b2dc5a1 + +info: + name: > + Automatic <= 3.92.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8b319be-f312-4d02-840f-e2a91c16b67a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-automatic/" + google-query: inurl:"/wp-content/plugins/wp-automatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-automatic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-automatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-automatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.92.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-automatic-6d3dc09a9fc43aca247841d5ac80b15c.yaml b/nuclei-templates/cve-less/plugins/wp-automatic-6d3dc09a9fc43aca247841d5ac80b15c.yaml new file mode 100644 index 0000000000..c1c178f47c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-automatic-6d3dc09a9fc43aca247841d5ac80b15c.yaml @@ -0,0 +1,58 @@ +id: wp-automatic-6d3dc09a9fc43aca247841d5ac80b15c + +info: + name: > + WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0567dc8-7a4c-42f4-bf45-f31a8efaa354?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-automatic/" + google-query: inurl:"/wp-content/plugins/wp-automatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-automatic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-automatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-automatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.53.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-automatic-90f8c1652860b9223ed16176900d2afd.yaml b/nuclei-templates/cve-less/plugins/wp-automatic-90f8c1652860b9223ed16176900d2afd.yaml new file mode 100644 index 0000000000..bd3bcb1874 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-automatic-90f8c1652860b9223ed16176900d2afd.yaml @@ -0,0 +1,58 @@ +id: wp-automatic-90f8c1652860b9223ed16176900d2afd + +info: + name: > + Automatic <= 3.92.0 - Cross-Site Request Forgery to Privilege Escalation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12adf619-4be8-4ecf-8f67-284fc44d87d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-automatic/" + google-query: inurl:"/wp-content/plugins/wp-automatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-automatic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-automatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-automatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.92.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-automatic-bb78f143e91055aae4c346dd861f8fa1.yaml b/nuclei-templates/cve-less/plugins/wp-automatic-bb78f143e91055aae4c346dd861f8fa1.yaml new file mode 100644 index 0000000000..7033055293 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-automatic-bb78f143e91055aae4c346dd861f8fa1.yaml @@ -0,0 +1,58 @@ +id: wp-automatic-bb78f143e91055aae4c346dd861f8fa1 + +info: + name: > + WordPress Automatic Plugin <= 3.92.1 Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6231e47e-2120-4746-97c1-2aa80aa18f4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-automatic/" + google-query: inurl:"/wp-content/plugins/wp-automatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-automatic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-automatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-automatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.92.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-automatic-bfe038d664cd2a78c28c48237b8f9052.yaml b/nuclei-templates/cve-less/plugins/wp-automatic-bfe038d664cd2a78c28c48237b8f9052.yaml new file mode 100644 index 0000000000..1c54b61d24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-automatic-bfe038d664cd2a78c28c48237b8f9052.yaml @@ -0,0 +1,58 @@ +id: wp-automatic-bfe038d664cd2a78c28c48237b8f9052 + +info: + name: > + Automatic <= 3.92.0 - Unauthenticated Arbitrary File Download and Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/620e8931-64f0-4d9c-9a4c-1f5a703845ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-automatic/" + google-query: inurl:"/wp-content/plugins/wp-automatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-automatic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-automatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-automatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.92.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-autosearch-8757d0b374234a37718f99a73c9ea57a.yaml b/nuclei-templates/cve-less/plugins/wp-autosearch-8757d0b374234a37718f99a73c9ea57a.yaml new file mode 100644 index 0000000000..d99083996c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-autosearch-8757d0b374234a37718f99a73c9ea57a.yaml @@ -0,0 +1,58 @@ +id: wp-autosearch-8757d0b374234a37718f99a73c9ea57a + +info: + name: > + WP AutoComplete Search <= 1.0.4 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b498e274-db8c-438f-8e19-43f3018d1663?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-autosearch/" + google-query: inurl:"/wp-content/plugins/wp-autosearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-autosearch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-autosearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-autosearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-backgrounds-lite-275ca735c51459885db221498880b57d.yaml b/nuclei-templates/cve-less/plugins/wp-backgrounds-lite-275ca735c51459885db221498880b57d.yaml new file mode 100644 index 0000000000..e23f54604e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-backgrounds-lite-275ca735c51459885db221498880b57d.yaml @@ -0,0 +1,58 @@ +id: wp-backgrounds-lite-275ca735c51459885db221498880b57d + +info: + name: > + WP-Backgrounds Lite <= 2.3 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7a05894-8f9d-442f-961c-2e80aa25c3db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-backgrounds-lite/" + google-query: inurl:"/wp-content/plugins/wp-backgrounds-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-backgrounds-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-backgrounds-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-backgrounds-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-backitup-6dee28ffa5289832e7634748227965f3.yaml b/nuclei-templates/cve-less/plugins/wp-backitup-6dee28ffa5289832e7634748227965f3.yaml new file mode 100644 index 0000000000..15e304fd8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-backitup-6dee28ffa5289832e7634748227965f3.yaml @@ -0,0 +1,58 @@ +id: wp-backitup-6dee28ffa5289832e7634748227965f3 + +info: + name: > + Backup and Restore WordPress – Backup Plugin <= 1.9 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/facb10e9-23f3-4152-bc9a-cecaafebea94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-backitup/" + google-query: inurl:"/wp-content/plugins/wp-backitup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-backitup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-backitup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-backitup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-backitup-ef2dda421f64bcf3a7eba43646d7c8ab.yaml b/nuclei-templates/cve-less/plugins/wp-backitup-ef2dda421f64bcf3a7eba43646d7c8ab.yaml new file mode 100644 index 0000000000..88d898db8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-backitup-ef2dda421f64bcf3a7eba43646d7c8ab.yaml @@ -0,0 +1,58 @@ +id: wp-backitup-ef2dda421f64bcf3a7eba43646d7c8ab + +info: + name: > + Backup and Restore WordPress WordPress <= 1.45 - Unauthenticated Information Exposure via Log Files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6db51b8e-2e4b-4041-b261-d46cfdb372dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-backitup/" + google-query: inurl:"/wp-content/plugins/wp-backitup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-backitup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-backitup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-backitup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.45') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-backup-bank-133f9da4970886f2c6daa016271571ae.yaml b/nuclei-templates/cve-less/plugins/wp-backup-bank-133f9da4970886f2c6daa016271571ae.yaml new file mode 100644 index 0000000000..d6105975e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-backup-bank-133f9da4970886f2c6daa016271571ae.yaml @@ -0,0 +1,58 @@ +id: wp-backup-bank-133f9da4970886f2c6daa016271571ae + +info: + name: > + Backup Bank: WordPress Backup Plugin <= 4.0.28 - Missing Authorization via post_user_feedback_backup_bank + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5ab6dcd-ef22-4fea-9e35-9358ede3ff5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-backup-bank/" + google-query: inurl:"/wp-content/plugins/wp-backup-bank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-backup-bank,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-backup-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-backup-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-backup-manager-24094706612b6a6d63025fb464dc964d.yaml b/nuclei-templates/cve-less/plugins/wp-backup-manager-24094706612b6a6d63025fb464dc964d.yaml new file mode 100644 index 0000000000..34c96c34bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-backup-manager-24094706612b6a6d63025fb464dc964d.yaml @@ -0,0 +1,58 @@ +id: wp-backup-manager-24094706612b6a6d63025fb464dc964d + +info: + name: > + WP Backup Manager <= 1.13.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ee3416b-d6df-4f8b-834b-4e78516c00ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-backup-manager/" + google-query: inurl:"/wp-content/plugins/wp-backup-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-backup-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-backup-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-backup-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-backup-plus-54581f8752e2a09c1534ddfc5763d754.yaml b/nuclei-templates/cve-less/plugins/wp-backup-plus-54581f8752e2a09c1534ddfc5763d754.yaml new file mode 100644 index 0000000000..ae7406ae31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-backup-plus-54581f8752e2a09c1534ddfc5763d754.yaml @@ -0,0 +1,58 @@ +id: wp-backup-plus-54581f8752e2a09c1534ddfc5763d754 + +info: + name: > + WP Backup+ <= 2018-11-22 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbcb33c1-d8f4-4ff9-8148-7bce494b2f0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-backup-plus/" + google-query: inurl:"/wp-content/plugins/wp-backup-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-backup-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-backup-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-backup-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2018-11-22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-baidu-submit-2820cb8fd83fcd8f6cd4181103e215ab.yaml b/nuclei-templates/cve-less/plugins/wp-baidu-submit-2820cb8fd83fcd8f6cd4181103e215ab.yaml new file mode 100644 index 0000000000..af002e0496 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-baidu-submit-2820cb8fd83fcd8f6cd4181103e215ab.yaml @@ -0,0 +1,58 @@ +id: wp-baidu-submit-2820cb8fd83fcd8f6cd4181103e215ab + +info: + name: > + WP BaiDu Submit <= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2241fa07-b6b7-4e5d-8951-ae844a7b88e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-baidu-submit/" + google-query: inurl:"/wp-content/plugins/wp-baidu-submit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-baidu-submit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-baidu-submit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-baidu-submit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ban-012d37d1a0419e2b4d417ad1bf8624b8.yaml b/nuclei-templates/cve-less/plugins/wp-ban-012d37d1a0419e2b4d417ad1bf8624b8.yaml new file mode 100644 index 0000000000..af6124c412 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ban-012d37d1a0419e2b4d417ad1bf8624b8.yaml @@ -0,0 +1,58 @@ +id: wp-ban-012d37d1a0419e2b4d417ad1bf8624b8 + +info: + name: > + WP-Ban <= 1.69 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5be89866-f60d-4cc6-ac00-80ad15a07fe3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ban/" + google-query: inurl:"/wp-content/plugins/wp-ban/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ban,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ban/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ban" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.69') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ban-cd2f40630317ec8325a0d94cdae423ba.yaml b/nuclei-templates/cve-less/plugins/wp-ban-cd2f40630317ec8325a0d94cdae423ba.yaml new file mode 100644 index 0000000000..413418e1bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ban-cd2f40630317ec8325a0d94cdae423ba.yaml @@ -0,0 +1,58 @@ +id: wp-ban-cd2f40630317ec8325a0d94cdae423ba + +info: + name: > + WP-Ban < 1.64 - Improper Input Validation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee8f274b-fe25-4111-94a4-e67dd17dc24b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ban/" + google-query: inurl:"/wp-content/plugins/wp-ban/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ban,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ban/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ban" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.64') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-bannerize-b6ce71d23b8bb3b641046b5238bd95ce.yaml b/nuclei-templates/cve-less/plugins/wp-bannerize-b6ce71d23b8bb3b641046b5238bd95ce.yaml new file mode 100644 index 0000000000..018d704cd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-bannerize-b6ce71d23b8bb3b641046b5238bd95ce.yaml @@ -0,0 +1,58 @@ +id: wp-bannerize-b6ce71d23b8bb3b641046b5238bd95ce + +info: + name: > + WP Bannerize 2.0.0 - 4.0.2 - Authenticated SQL Injection via id Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bafadafe-4aa5-4349-8a9c-89b21ada47ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-bannerize/" + google-query: inurl:"/wp-content/plugins/wp-bannerize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-bannerize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-bannerize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-bannerize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.0.0', '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-bannerize-pro-aedddcad604ad7e5d2eeb8d8f5ee448e.yaml b/nuclei-templates/cve-less/plugins/wp-bannerize-pro-aedddcad604ad7e5d2eeb8d8f5ee448e.yaml new file mode 100644 index 0000000000..03cd597b8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-bannerize-pro-aedddcad604ad7e5d2eeb8d8f5ee448e.yaml @@ -0,0 +1,58 @@ +id: wp-bannerize-pro-aedddcad604ad7e5d2eeb8d8f5ee448e + +info: + name: > + WP Bannerize Pro <= 1.6.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edc35f8c-f916-433e-9d3f-4992e8c9d7cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-bannerize-pro/" + google-query: inurl:"/wp-content/plugins/wp-bannerize-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-bannerize-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-bannerize-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-bannerize-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-basic-elements-ae553332abea3b98510af17f933a8bf7.yaml b/nuclei-templates/cve-less/plugins/wp-basic-elements-ae553332abea3b98510af17f933a8bf7.yaml new file mode 100644 index 0000000000..59cffc338d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-basic-elements-ae553332abea3b98510af17f933a8bf7.yaml @@ -0,0 +1,58 @@ +id: wp-basic-elements-ae553332abea3b98510af17f933a8bf7 + +info: + name: > + WP Basic Elements <= 5.2.15 - Cross-Site Request Forgery via wpbe_save_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78e79423-7b69-4d85-a939-96eb5385624c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-basic-elements/" + google-query: inurl:"/wp-content/plugins/wp-basic-elements/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-basic-elements,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-basic-elements/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-basic-elements" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-best-quiz-d89cd4d50e467aee5b89a046ed25a308.yaml b/nuclei-templates/cve-less/plugins/wp-best-quiz-d89cd4d50e467aee5b89a046ed25a308.yaml new file mode 100644 index 0000000000..041b0e0f7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-best-quiz-d89cd4d50e467aee5b89a046ed25a308.yaml @@ -0,0 +1,58 @@ +id: wp-best-quiz-d89cd4d50e467aee5b89a046ed25a308 + +info: + name: > + WP Best Quiz <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70254a2f-08da-4f78-85d1-08c746167e0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-best-quiz/" + google-query: inurl:"/wp-content/plugins/wp-best-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-best-quiz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-best-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-best-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-better-emails-91762f25ca1ba53290ed2c419bfe3a07.yaml b/nuclei-templates/cve-less/plugins/wp-better-emails-91762f25ca1ba53290ed2c419bfe3a07.yaml new file mode 100644 index 0000000000..abeea32ba7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-better-emails-91762f25ca1ba53290ed2c419bfe3a07.yaml @@ -0,0 +1,58 @@ +id: wp-better-emails-91762f25ca1ba53290ed2c419bfe3a07 + +info: + name: > + WP Better Emails <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b96d71cb-3af4-4d67-a4af-41bab79a7f61?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-better-emails/" + google-query: inurl:"/wp-content/plugins/wp-better-emails/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-better-emails,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-better-emails/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-better-emails" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-better-permalinks-1fb46247dc51fca766c3b6cc15fb0753.yaml b/nuclei-templates/cve-less/plugins/wp-better-permalinks-1fb46247dc51fca766c3b6cc15fb0753.yaml new file mode 100644 index 0000000000..4fd8297db7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-better-permalinks-1fb46247dc51fca766c3b6cc15fb0753.yaml @@ -0,0 +1,58 @@ +id: wp-better-permalinks-1fb46247dc51fca766c3b6cc15fb0753 + +info: + name: > + WP Better Permalinks < 3.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8ccf307-3bb8-45c5-91da-7d0f46e96694?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-better-permalinks/" + google-query: inurl:"/wp-content/plugins/wp-better-permalinks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-better-permalinks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-better-permalinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-better-permalinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-bitly-d6f90ea934e0ed467a2133d2d162346d.yaml b/nuclei-templates/cve-less/plugins/wp-bitly-d6f90ea934e0ed467a2133d2d162346d.yaml new file mode 100644 index 0000000000..d92c7124ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-bitly-d6f90ea934e0ed467a2133d2d162346d.yaml @@ -0,0 +1,58 @@ +id: wp-bitly-d6f90ea934e0ed467a2133d2d162346d + +info: + name: > + Bitly's WordPress Plugin <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31522e54-f260-46d0-8d57-2d46af7d3450?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-bitly/" + google-query: inurl:"/wp-content/plugins/wp-bitly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-bitly,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-bitly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-bitly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-blipbot-549e52f202fcfb1294c6d1e3496da00f.yaml b/nuclei-templates/cve-less/plugins/wp-blipbot-549e52f202fcfb1294c6d1e3496da00f.yaml new file mode 100644 index 0000000000..1f8c86aca6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-blipbot-549e52f202fcfb1294c6d1e3496da00f.yaml @@ -0,0 +1,58 @@ +id: wp-blipbot-549e52f202fcfb1294c6d1e3496da00f + +info: + name: > + WP BlipBot <= 3.0.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd89c6ff-2737-4c48-8b0f-f305c4735775?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-blipbot/" + google-query: inurl:"/wp-content/plugins/wp-blipbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-blipbot,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-blipbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-blipbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-bliss-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-bliss-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..9c45a0381a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-bliss-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-bliss-gallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-bliss-gallery/" + google-query: inurl:"/wp-content/plugins/wp-bliss-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-bliss-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-bliss-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-bliss-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-blog-and-widgets-8bfdb58ec24e0630da2bd7f7847728ae.yaml b/nuclei-templates/cve-less/plugins/wp-blog-and-widgets-8bfdb58ec24e0630da2bd7f7847728ae.yaml new file mode 100644 index 0000000000..584ea9d21f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-blog-and-widgets-8bfdb58ec24e0630da2bd7f7847728ae.yaml @@ -0,0 +1,58 @@ +id: wp-blog-and-widgets-8bfdb58ec24e0630da2bd7f7847728ae + +info: + name: > + WP Blog and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/434a724e-0bc6-4218-8ad4-c52e1880a75f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-blog-and-widgets/" + google-query: inurl:"/wp-content/plugins/wp-blog-and-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-blog-and-widgets,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-blog-and-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-blog-and-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-blog-and-widgets-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/wp-blog-and-widgets-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..3d6c7839e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-blog-and-widgets-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: wp-blog-and-widgets-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-blog-and-widgets/" + google-query: inurl:"/wp-content/plugins/wp-blog-and-widgets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-blog-and-widgets,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-blog-and-widgets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-blog-and-widgets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-blogs-planetarium-34fbecc9c7ff44a06fa49fc5283f7c1f.yaml b/nuclei-templates/cve-less/plugins/wp-blogs-planetarium-34fbecc9c7ff44a06fa49fc5283f7c1f.yaml new file mode 100644 index 0000000000..f467a89beb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-blogs-planetarium-34fbecc9c7ff44a06fa49fc5283f7c1f.yaml @@ -0,0 +1,58 @@ +id: wp-blogs-planetarium-34fbecc9c7ff44a06fa49fc5283f7c1f + +info: + name: > + WP Blogs' Planetarium <= 1.0 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b203694-e18a-4262-bf58-f1dcd0358890?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-blogs-planetarium/" + google-query: inurl:"/wp-content/plugins/wp-blogs-planetarium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-blogs-planetarium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-blogs-planetarium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-blogs-planetarium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-board-4e8e6308af14cc738d0cb86b4562e1c4.yaml b/nuclei-templates/cve-less/plugins/wp-board-4e8e6308af14cc738d0cb86b4562e1c4.yaml new file mode 100644 index 0000000000..83f1b6e882 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-board-4e8e6308af14cc738d0cb86b4562e1c4.yaml @@ -0,0 +1,58 @@ +id: wp-board-4e8e6308af14cc738d0cb86b4562e1c4 + +info: + name: > + WP Board <= 1.1(Beta) - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbedf0da-699e-429d-9ec7-6803f3c77a84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-board/" + google-query: inurl:"/wp-content/plugins/wp-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-board,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1(Beta)') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-booking-system-4f49b393f88ca9ff4cbed10f183193ed.yaml b/nuclei-templates/cve-less/plugins/wp-booking-system-4f49b393f88ca9ff4cbed10f183193ed.yaml new file mode 100644 index 0000000000..921f9d32f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-booking-system-4f49b393f88ca9ff4cbed10f183193ed.yaml @@ -0,0 +1,58 @@ +id: wp-booking-system-4f49b393f88ca9ff4cbed10f183193ed + +info: + name: > + WP Booking System <= 2.0.18 - Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/540fef7f-8952-4525-9d07-fe3b3d777359?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-booking-system/" + google-query: inurl:"/wp-content/plugins/wp-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-booking-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-booking-system-7be8b313071b390988085960c7a1cc2b.yaml b/nuclei-templates/cve-less/plugins/wp-booking-system-7be8b313071b390988085960c7a1cc2b.yaml new file mode 100644 index 0000000000..632737028d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-booking-system-7be8b313071b390988085960c7a1cc2b.yaml @@ -0,0 +1,58 @@ +id: wp-booking-system-7be8b313071b390988085960c7a1cc2b + +info: + name: > + WP Booking System – Booking Calendar <= 2.0.14 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f294575d-ce83-4301-ae38-3f0761d9b610?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-booking-system/" + google-query: inurl:"/wp-content/plugins/wp-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-booking-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-booking-system-96e25e69c7f878ae73c7f29f99c97760.yaml b/nuclei-templates/cve-less/plugins/wp-booking-system-96e25e69c7f878ae73c7f29f99c97760.yaml new file mode 100644 index 0000000000..2e0198a547 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-booking-system-96e25e69c7f878ae73c7f29f99c97760.yaml @@ -0,0 +1,58 @@ +id: wp-booking-system-96e25e69c7f878ae73c7f29f99c97760 + +info: + name: > + WP Booking System Free version < 1.5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/843822f0-dd4c-4ae6-823d-96dd7a59df8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-booking-system/" + google-query: inurl:"/wp-content/plugins/wp-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-booking-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-booking-system-bba48b2b3db8c722b3183d512e2cbe2e.yaml b/nuclei-templates/cve-less/plugins/wp-booking-system-bba48b2b3db8c722b3183d512e2cbe2e.yaml new file mode 100644 index 0000000000..813ed1ec46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-booking-system-bba48b2b3db8c722b3183d512e2cbe2e.yaml @@ -0,0 +1,58 @@ +id: wp-booking-system-bba48b2b3db8c722b3183d512e2cbe2e + +info: + name: > + WP Booking System <= 2.0.19.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/805c46ec-0b8a-4a40-bfc9-5d2d8d43a17b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-booking-system/" + google-query: inurl:"/wp-content/plugins/wp-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-booking-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.19.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-booking-system-cb489cb39876b1f1dad08fd79397698a.yaml b/nuclei-templates/cve-less/plugins/wp-booking-system-cb489cb39876b1f1dad08fd79397698a.yaml new file mode 100644 index 0000000000..fd100ac144 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-booking-system-cb489cb39876b1f1dad08fd79397698a.yaml @@ -0,0 +1,58 @@ +id: wp-booking-system-cb489cb39876b1f1dad08fd79397698a + +info: + name: > + WP Booking System – Booking Calendar < 1.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae35a02c-ba33-478d-a054-98b486e2192a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-booking-system/" + google-query: inurl:"/wp-content/plugins/wp-booking-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-booking-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-booking-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-booking-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-booking-system-premium-cb489cb39876b1f1dad08fd79397698a.yaml b/nuclei-templates/cve-less/plugins/wp-booking-system-premium-cb489cb39876b1f1dad08fd79397698a.yaml new file mode 100644 index 0000000000..c5bc59662a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-booking-system-premium-cb489cb39876b1f1dad08fd79397698a.yaml @@ -0,0 +1,58 @@ +id: wp-booking-system-premium-cb489cb39876b1f1dad08fd79397698a + +info: + name: > + WP Booking System – Booking Calendar < 1.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae35a02c-ba33-478d-a054-98b486e2192a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-booking-system-premium/" + google-query: inurl:"/wp-content/plugins/wp-booking-system-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-booking-system-premium,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-booking-system-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-booking-system-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-booklet-12bc7ed9ac4b4df7c9585c5a1693f987.yaml b/nuclei-templates/cve-less/plugins/wp-booklet-12bc7ed9ac4b4df7c9585c5a1693f987.yaml new file mode 100644 index 0000000000..83ac259e57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-booklet-12bc7ed9ac4b4df7c9585c5a1693f987.yaml @@ -0,0 +1,58 @@ +id: wp-booklet-12bc7ed9ac4b4df7c9585c5a1693f987 + +info: + name: > + WP Booklet <= 2.1.8 - Authenticated (Subscriber+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02551726-672d-481a-8b77-ec7bf33a22c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-booklet/" + google-query: inurl:"/wp-content/plugins/wp-booklet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-booklet,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-booklet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-booklet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-books-gallery-6e616d77f2461fd1d3e6a21e8750c36c.yaml b/nuclei-templates/cve-less/plugins/wp-books-gallery-6e616d77f2461fd1d3e6a21e8750c36c.yaml new file mode 100644 index 0000000000..50784341f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-books-gallery-6e616d77f2461fd1d3e6a21e8750c36c.yaml @@ -0,0 +1,58 @@ +id: wp-books-gallery-6e616d77f2461fd1d3e6a21e8750c36c + +info: + name: > + WordPress Books Gallery <= 4.4.8 - Cross-Site Request Forgery leading to Plugin Settings Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2e10791-7158-47ae-85c9-4a5a53b25d68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-books-gallery/" + google-query: inurl:"/wp-content/plugins/wp-books-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-books-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-books-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-books-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-bootstrap-gallery-2326f2ccfd7003acca183b6e98abdbd2.yaml b/nuclei-templates/cve-less/plugins/wp-bootstrap-gallery-2326f2ccfd7003acca183b6e98abdbd2.yaml new file mode 100644 index 0000000000..a6964a734c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-bootstrap-gallery-2326f2ccfd7003acca183b6e98abdbd2.yaml @@ -0,0 +1,58 @@ +id: wp-bootstrap-gallery-2326f2ccfd7003acca183b6e98abdbd2 + +info: + name: > + WP Bootstrap Gallery <= 1.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/040005bc-bdc3-4085-8192-cd0a7e38fee0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-bootstrap-gallery/" + google-query: inurl:"/wp-content/plugins/wp-bootstrap-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-bootstrap-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-bootstrap-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-bootstrap-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-born-babies-2a429e3083a4c7d371b1df483f6771d1.yaml b/nuclei-templates/cve-less/plugins/wp-born-babies-2a429e3083a4c7d371b1df483f6771d1.yaml new file mode 100644 index 0000000000..ea1dcf66f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-born-babies-2a429e3083a4c7d371b1df483f6771d1.yaml @@ -0,0 +1,58 @@ +id: wp-born-babies-2a429e3083a4c7d371b1df483f6771d1 + +info: + name: > + //// WP BORN BABIES PLUGIN /// <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f97d97fd-5eac-4fdb-b65a-4c42c3005a2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-born-babies/" + google-query: inurl:"/wp-content/plugins/wp-born-babies/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-born-babies,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-born-babies/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-born-babies" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-broken-images-9dbf8fc670267468d6465754d6800d70.yaml b/nuclei-templates/cve-less/plugins/wp-broken-images-9dbf8fc670267468d6465754d6800d70.yaml new file mode 100644 index 0000000000..2baf22ac2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-broken-images-9dbf8fc670267468d6465754d6800d70.yaml @@ -0,0 +1,58 @@ +id: wp-broken-images-9dbf8fc670267468d6465754d6800d70 + +info: + name: > + Broken Images <= 0.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d6e97cd-7da7-43ab-bd88-ebd442d50aa3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-broken-images/" + google-query: inurl:"/wp-content/plugins/wp-broken-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-broken-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-broken-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-broken-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-browser-update-1bed895aa03e840b8e1fbdc433b64dc4.yaml b/nuclei-templates/cve-less/plugins/wp-browser-update-1bed895aa03e840b8e1fbdc433b64dc4.yaml new file mode 100644 index 0000000000..9ab9c369a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-browser-update-1bed895aa03e840b8e1fbdc433b64dc4.yaml @@ -0,0 +1,58 @@ +id: wp-browser-update-1bed895aa03e840b8e1fbdc433b64dc4 + +info: + name: > + WP BrowserUpdate <= 4.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d3fa716-6f11-428c-b2da-2bb768a92fe0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-browser-update/" + google-query: inurl:"/wp-content/plugins/wp-browser-update/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-browser-update,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-browser-update/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-browser-update" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-browser-update-324762b1db43ab659ab273b35e9a6427.yaml b/nuclei-templates/cve-less/plugins/wp-browser-update-324762b1db43ab659ab273b35e9a6427.yaml new file mode 100644 index 0000000000..0aecf3157d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-browser-update-324762b1db43ab659ab273b35e9a6427.yaml @@ -0,0 +1,58 @@ +id: wp-browser-update-324762b1db43ab659ab273b35e9a6427 + +info: + name: > + WP BrowserUpdate <= 4.4.1 - Cross-Site Request Forgery via wpbu_administration + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/050ca18d-7596-4094-b24a-752857f5e478?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-browser-update/" + google-query: inurl:"/wp-content/plugins/wp-browser-update/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-browser-update,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-browser-update/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-browser-update" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-business-directory-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/wp-business-directory-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..d5756246a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-business-directory-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: wp-business-directory-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-business-directory/" + google-query: inurl:"/wp-content/plugins/wp-business-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-business-directory,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-business-directory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-business-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-business-intelligence-lite-f8cc4565cf41b4df5b2b7d0c05a42787.yaml b/nuclei-templates/cve-less/plugins/wp-business-intelligence-lite-f8cc4565cf41b4df5b2b7d0c05a42787.yaml new file mode 100644 index 0000000000..a4b411749a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-business-intelligence-lite-f8cc4565cf41b4df5b2b7d0c05a42787.yaml @@ -0,0 +1,58 @@ +id: wp-business-intelligence-lite-f8cc4565cf41b4df5b2b7d0c05a42787 + +info: + name: > + WP Business Intelligence Lite <= 1.6.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7eb6137-5c03-4f73-a478-c1c18ee91fba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-business-intelligence-lite/" + google-query: inurl:"/wp-content/plugins/wp-business-intelligence-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-business-intelligence-lite,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-business-intelligence-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-business-intelligence-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cachecom-648854ce1a941daab3125afb660bc4a5.yaml b/nuclei-templates/cve-less/plugins/wp-cachecom-648854ce1a941daab3125afb660bc4a5.yaml new file mode 100644 index 0000000000..a33f421b39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cachecom-648854ce1a941daab3125afb660bc4a5.yaml @@ -0,0 +1,58 @@ +id: wp-cachecom-648854ce1a941daab3125afb660bc4a5 + +info: + name: > + WP-Cache.com <= 1.1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9a28625-19e4-4696-bb51-7115368120d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cachecom/" + google-query: inurl:"/wp-content/plugins/wp-cachecom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cachecom,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cachecom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cachecom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cafe-34721fea6a2d4e3ec618e5f696ce767f.yaml b/nuclei-templates/cve-less/plugins/wp-cafe-34721fea6a2d4e3ec618e5f696ce767f.yaml new file mode 100644 index 0000000000..c1ddcd544c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cafe-34721fea6a2d4e3ec618e5f696ce767f.yaml @@ -0,0 +1,58 @@ +id: wp-cafe-34721fea6a2d4e3ec618e5f696ce767f + +info: + name: > + WPCafe <= 2.2.22 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4261bc62-a091-408b-8643-e6fa61d62103?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cafe/" + google-query: inurl:"/wp-content/plugins/wp-cafe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cafe,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cafe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cafe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cal-f584c8e11a9dac20a4d8a5133459696f.yaml b/nuclei-templates/cve-less/plugins/wp-cal-f584c8e11a9dac20a4d8a5133459696f.yaml new file mode 100644 index 0000000000..3eddeec70a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cal-f584c8e11a9dac20a4d8a5133459696f.yaml @@ -0,0 +1,58 @@ +id: wp-cal-f584c8e11a9dac20a4d8a5133459696f + +info: + name: > + WP-Cal <= 0.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bb7ee83-f75a-4f19-8595-f5cf2ee97ae0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cal/" + google-query: inurl:"/wp-content/plugins/wp-cal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cal,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-calameo-d827c61ecd6e1b49bd9f088b6451ceb2.yaml b/nuclei-templates/cve-less/plugins/wp-calameo-d827c61ecd6e1b49bd9f088b6451ceb2.yaml new file mode 100644 index 0000000000..c5041dfe6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-calameo-d827c61ecd6e1b49bd9f088b6451ceb2.yaml @@ -0,0 +1,58 @@ +id: wp-calameo-d827c61ecd6e1b49bd9f088b6451ceb2 + +info: + name: > + WP Calameo <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebe03cde-7956-4185-8990-8d47f174e60a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-calameo/" + google-query: inurl:"/wp-content/plugins/wp-calameo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-calameo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-calameo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-calameo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-calendar-7d771013dd99d35b0d7273344b75ad3f.yaml b/nuclei-templates/cve-less/plugins/wp-calendar-7d771013dd99d35b0d7273344b75ad3f.yaml new file mode 100644 index 0000000000..3361ab057d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-calendar-7d771013dd99d35b0d7273344b75ad3f.yaml @@ -0,0 +1,58 @@ +id: wp-calendar-7d771013dd99d35b0d7273344b75ad3f + +info: + name: > + WP Calendar <= 1.5.3 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c16cd71e-a09e-4d34-99be-b632a3e64253?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-calendar/" + google-query: inurl:"/wp-content/plugins/wp-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-captcha-0a98ad5ece69d0c7228854255adb9a0c.yaml b/nuclei-templates/cve-less/plugins/wp-captcha-0a98ad5ece69d0c7228854255adb9a0c.yaml new file mode 100644 index 0000000000..c90f1d0bb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-captcha-0a98ad5ece69d0c7228854255adb9a0c.yaml @@ -0,0 +1,58 @@ +id: wp-captcha-0a98ad5ece69d0c7228854255adb9a0c + +info: + name: > + WP Captcha <= 2.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/810adc9a-d4e1-46a8-89e4-22615cbbb9c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-captcha/" + google-query: inurl:"/wp-content/plugins/wp-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-captcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-captcha-da8dfca2c41b22eddf583b5ba482b227.yaml b/nuclei-templates/cve-less/plugins/wp-captcha-da8dfca2c41b22eddf583b5ba482b227.yaml new file mode 100644 index 0000000000..1dcfb91114 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-captcha-da8dfca2c41b22eddf583b5ba482b227.yaml @@ -0,0 +1,58 @@ +id: wp-captcha-da8dfca2c41b22eddf583b5ba482b227 + +info: + name: > + WP Captcha <= 2.0.0 - CAPTCHA Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bc2a04c-7b7c-483f-b81b-97a7caac179c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-captcha/" + google-query: inurl:"/wp-content/plugins/wp-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-captcha,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-carousel-free-4b6f3787781ed281c4bf315d7815f11d.yaml b/nuclei-templates/cve-less/plugins/wp-carousel-free-4b6f3787781ed281c4bf315d7815f11d.yaml new file mode 100644 index 0000000000..b76cc82d28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-carousel-free-4b6f3787781ed281c4bf315d7815f11d.yaml @@ -0,0 +1,58 @@ +id: wp-carousel-free-4b6f3787781ed281c4bf315d7815f11d + +info: + name: > + Carousel, Slider, Gallery by WP Carousel <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3559bba-daa2-4a00-958c-6568cdbb592f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-carousel-free/" + google-query: inurl:"/wp-content/plugins/wp-carousel-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-carousel-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-carousel-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-carousel-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-carousel-free-6ae6ba71c1c511094e234e44db33e39b.yaml b/nuclei-templates/cve-less/plugins/wp-carousel-free-6ae6ba71c1c511094e234e44db33e39b.yaml new file mode 100644 index 0000000000..abd2b8a1e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-carousel-free-6ae6ba71c1c511094e234e44db33e39b.yaml @@ -0,0 +1,58 @@ +id: wp-carousel-free-6ae6ba71c1c511094e234e44db33e39b + +info: + name: > + Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9349208c-3e86-4ec6-9e10-5ecaa4923922?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-carousel-free/" + google-query: inurl:"/wp-content/plugins/wp-carousel-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-carousel-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-carousel-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-carousel-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-carousel-free-91917d1d663ea184f4f2f69e04c99474.yaml b/nuclei-templates/cve-less/plugins/wp-carousel-free-91917d1d663ea184f4f2f69e04c99474.yaml new file mode 100644 index 0000000000..3b9ea3c964 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-carousel-free-91917d1d663ea184f4f2f69e04c99474.yaml @@ -0,0 +1,58 @@ +id: wp-carousel-free-91917d1d663ea184f4f2f69e04c99474 + +info: + name: > + Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d66df15e-1a0a-49e9-bcf9-67091499b24e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-carousel-free/" + google-query: inurl:"/wp-content/plugins/wp-carousel-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-carousel-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-carousel-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-carousel-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-carouselslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-carouselslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..b98c831d7d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-carouselslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-carouselslideshow-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-carouselslideshow/" + google-query: inurl:"/wp-content/plugins/wp-carouselslideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-carouselslideshow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-carouselslideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-carouselslideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-catalogue-525630ec5598f74dd721d94a531fba2f.yaml b/nuclei-templates/cve-less/plugins/wp-catalogue-525630ec5598f74dd721d94a531fba2f.yaml new file mode 100644 index 0000000000..d68237aed0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-catalogue-525630ec5598f74dd721d94a531fba2f.yaml @@ -0,0 +1,58 @@ +id: wp-catalogue-525630ec5598f74dd721d94a531fba2f + +info: + name: > + WP Catalogue <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5684d4b7-8a3e-47ee-9d7b-195cb5db9a66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-catalogue/" + google-query: inurl:"/wp-content/plugins/wp-catalogue/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-catalogue,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-catalogue/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-catalogue" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-categories-widget-aab20aa3ba5a82ccff2265ebe56cac66.yaml b/nuclei-templates/cve-less/plugins/wp-categories-widget-aab20aa3ba5a82ccff2265ebe56cac66.yaml new file mode 100644 index 0000000000..aa92d3529a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-categories-widget-aab20aa3ba5a82ccff2265ebe56cac66.yaml @@ -0,0 +1,58 @@ +id: wp-categories-widget-aab20aa3ba5a82ccff2265ebe56cac66 + +info: + name: > + WP Categories Widget <= 2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6240290-4b6c-46ba-9f78-e6bba3504f17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-categories-widget/" + google-query: inurl:"/wp-content/plugins/wp-categories-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-categories-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-categories-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-categories-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-category-meta-070f5b1993a30da98cfd837719ef997d.yaml b/nuclei-templates/cve-less/plugins/wp-category-meta-070f5b1993a30da98cfd837719ef997d.yaml new file mode 100644 index 0000000000..8e36dc6972 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-category-meta-070f5b1993a30da98cfd837719ef997d.yaml @@ -0,0 +1,58 @@ +id: wp-category-meta-070f5b1993a30da98cfd837719ef997d + +info: + name: > + Category Meta <= 1.2.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf2ddc42-9910-40e5-9546-89f229b852da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-category-meta/" + google-query: inurl:"/wp-content/plugins/wp-category-meta/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-category-meta,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-category-meta/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-category-meta" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-category-posts-list-2349a7bd555a58451ac9e6f7145fe711.yaml b/nuclei-templates/cve-less/plugins/wp-category-posts-list-2349a7bd555a58451ac9e6f7145fe711.yaml new file mode 100644 index 0000000000..ed3f190c12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-category-posts-list-2349a7bd555a58451ac9e6f7145fe711.yaml @@ -0,0 +1,58 @@ +id: wp-category-posts-list-2349a7bd555a58451ac9e6f7145fe711 + +info: + name: > + WP Category Post List Widget <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15d61530-5ef9-4dce-8ace-6d8cc07c7b5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-category-posts-list/" + google-query: inurl:"/wp-content/plugins/wp-category-posts-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-category-posts-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-category-posts-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-category-posts-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-category-posts-list-91173f58fb32fd621503c873c6d8b146.yaml b/nuclei-templates/cve-less/plugins/wp-category-posts-list-91173f58fb32fd621503c873c6d8b146.yaml new file mode 100644 index 0000000000..47fa4558cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-category-posts-list-91173f58fb32fd621503c873c6d8b146.yaml @@ -0,0 +1,58 @@ +id: wp-category-posts-list-91173f58fb32fd621503c873c6d8b146 + +info: + name: > + WP Category Post List Widget <= 2.0.3 - Cross-Site Request Forgery via gen_set_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c61b5668-18d8-42e0-9ee3-d26ab7424350?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-category-posts-list/" + google-query: inurl:"/wp-content/plugins/wp-category-posts-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-category-posts-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-category-posts-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-category-posts-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-central-124c235f99b301743df1e63ff167148a.yaml b/nuclei-templates/cve-less/plugins/wp-central-124c235f99b301743df1e63ff167148a.yaml new file mode 100644 index 0000000000..5e66c26778 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-central-124c235f99b301743df1e63ff167148a.yaml @@ -0,0 +1,58 @@ +id: wp-central-124c235f99b301743df1e63ff167148a + +info: + name: > + wpCentral <= 1.5.0 - Improper Access Control to Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/540d444f-7a6c-4c14-a9c7-52209ad59a11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-central/" + google-query: inurl:"/wp-content/plugins/wp-central/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-central,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-central/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-central" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-central-40f584e497f01d406cc7fecd2f3771f0.yaml b/nuclei-templates/cve-less/plugins/wp-central-40f584e497f01d406cc7fecd2f3771f0.yaml new file mode 100644 index 0000000000..27d26d2f08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-central-40f584e497f01d406cc7fecd2f3771f0.yaml @@ -0,0 +1,58 @@ +id: wp-central-40f584e497f01d406cc7fecd2f3771f0 + +info: + name: > + wpCentral <= 1.5.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49d03254-7399-4a5d-9ce9-7d4736b8b2ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-central/" + google-query: inurl:"/wp-content/plugins/wp-central/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-central,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-central/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-central" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cerber-00e68b1df25f64641326f1dec4151572.yaml b/nuclei-templates/cve-less/plugins/wp-cerber-00e68b1df25f64641326f1dec4151572.yaml new file mode 100644 index 0000000000..7bb0a4a912 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cerber-00e68b1df25f64641326f1dec4151572.yaml @@ -0,0 +1,58 @@ +id: wp-cerber-00e68b1df25f64641326f1dec4151572 + +info: + name: > + WP Cerber Security <= 9.3.2 - User Enumeration Bypass via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a700c1c-2ac2-47b8-95e6-ee1a02f50c12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cerber/" + google-query: inurl:"/wp-content/plugins/wp-cerber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cerber,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cerber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cerber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cerber-42ad4e32d4737220d58f4a4e7f0c15a2.yaml b/nuclei-templates/cve-less/plugins/wp-cerber-42ad4e32d4737220d58f4a4e7f0c15a2.yaml new file mode 100644 index 0000000000..3c35d813f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cerber-42ad4e32d4737220d58f4a4e7f0c15a2.yaml @@ -0,0 +1,58 @@ +id: wp-cerber-42ad4e32d4737220d58f4a4e7f0c15a2 + +info: + name: > + Cerber Security, Anti-spam & Malware Scan < 2.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df657cdc-00fc-476a-a64f-abfdd6b30739?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cerber/" + google-query: inurl:"/wp-content/plugins/wp-cerber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cerber,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cerber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cerber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cerber-47b0a77f72cd6358c4ce2e9a58f14fae.yaml b/nuclei-templates/cve-less/plugins/wp-cerber-47b0a77f72cd6358c4ce2e9a58f14fae.yaml new file mode 100644 index 0000000000..b9f5166655 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cerber-47b0a77f72cd6358c4ce2e9a58f14fae.yaml @@ -0,0 +1,58 @@ +id: wp-cerber-47b0a77f72cd6358c4ce2e9a58f14fae + +info: + name: > + WP Cerber Security <= 9.0 - User Enumeration Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/081a5fda-abe2-4f20-bea2-3f7dd3c3a6cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cerber/" + google-query: inurl:"/wp-content/plugins/wp-cerber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cerber,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cerber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cerber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cerber-5915172b226df8e80423b0b8b00c97b9.yaml b/nuclei-templates/cve-less/plugins/wp-cerber-5915172b226df8e80423b0b8b00c97b9.yaml new file mode 100644 index 0000000000..08128aec1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cerber-5915172b226df8e80423b0b8b00c97b9.yaml @@ -0,0 +1,58 @@ +id: wp-cerber-5915172b226df8e80423b0b8b00c97b9 + +info: + name: > + WP Cerber Security <= 9.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cd9cbba-10b0-4fb0-ad49-4593a307a615?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cerber/" + google-query: inurl:"/wp-content/plugins/wp-cerber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cerber,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cerber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cerber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cerber-e40d5c75fb230023d171a6172222366a.yaml b/nuclei-templates/cve-less/plugins/wp-cerber-e40d5c75fb230023d171a6172222366a.yaml new file mode 100644 index 0000000000..b1803e2a85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cerber-e40d5c75fb230023d171a6172222366a.yaml @@ -0,0 +1,58 @@ +id: wp-cerber-e40d5c75fb230023d171a6172222366a + +info: + name: > + WP Cerber Security <= 8.9.5.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03329efa-6ffd-42e1-ab7e-cc21cb48866f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cerber/" + google-query: inurl:"/wp-content/plugins/wp-cerber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cerber,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cerber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cerber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.9.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cerber-f1c926e99dc13eb40c609c7d4094f9b0.yaml b/nuclei-templates/cve-less/plugins/wp-cerber-f1c926e99dc13eb40c609c7d4094f9b0.yaml new file mode 100644 index 0000000000..42acc7fead --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cerber-f1c926e99dc13eb40c609c7d4094f9b0.yaml @@ -0,0 +1,58 @@ +id: wp-cerber-f1c926e99dc13eb40c609c7d4094f9b0 + +info: + name: > + WP Cerber Security < 8.9.3 - Multifactor Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/855d3e2a-8ab1-4e7b-b435-f3c31171deeb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cerber/" + google-query: inurl:"/wp-content/plugins/wp-cerber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cerber,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cerber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cerber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cerber-f203d2dfc14bc6efd92b667d0eba2f47.yaml b/nuclei-templates/cve-less/plugins/wp-cerber-f203d2dfc14bc6efd92b667d0eba2f47.yaml new file mode 100644 index 0000000000..5daedbba7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cerber-f203d2dfc14bc6efd92b667d0eba2f47.yaml @@ -0,0 +1,58 @@ +id: wp-cerber-f203d2dfc14bc6efd92b667d0eba2f47 + +info: + name: > + WP Cerber < 8.9.3 - Access Bypass Control + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6e48963-e773-46e1-ae45-03fe5e20f09e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cerber/" + google-query: inurl:"/wp-content/plugins/wp-cerber/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cerber,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cerber/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cerber" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cfm-23d9a477d53eb5ee302467e17a43e605.yaml b/nuclei-templates/cve-less/plugins/wp-cfm-23d9a477d53eb5ee302467e17a43e605.yaml new file mode 100644 index 0000000000..837a01c666 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cfm-23d9a477d53eb5ee302467e17a43e605.yaml @@ -0,0 +1,58 @@ +id: wp-cfm-23d9a477d53eb5ee302467e17a43e605 + +info: + name: > + WP-CFM <= 1.7.8 - Cross-Site Request Forgery via multiple AJAX functions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9790c592-1445-4f9d-987e-ae5ab49c4dcd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cfm/" + google-query: inurl:"/wp-content/plugins/wp-cfm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cfm,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cfm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cfm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-championship-cb362ac834e4e127112e662b8e597a11.yaml b/nuclei-templates/cve-less/plugins/wp-championship-cb362ac834e4e127112e662b8e597a11.yaml new file mode 100644 index 0000000000..859e0764ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-championship-cb362ac834e4e127112e662b8e597a11.yaml @@ -0,0 +1,58 @@ +id: wp-championship-cb362ac834e4e127112e662b8e597a11 + +info: + name: > + wp-championship <= 9.2 - Multiple Cross-Site Request Forgery Vulnerabilities + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd1838c4-00df-4177-84be-1f8c19ceae4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-championship/" + google-query: inurl:"/wp-content/plugins/wp-championship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-championship,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-championship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-championship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-championship-cb7fe4a1f5c046460e4d69413b578527.yaml b/nuclei-templates/cve-less/plugins/wp-championship-cb7fe4a1f5c046460e4d69413b578527.yaml new file mode 100644 index 0000000000..74d35f4658 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-championship-cb7fe4a1f5c046460e4d69413b578527.yaml @@ -0,0 +1,58 @@ +id: wp-championship-cb7fe4a1f5c046460e4d69413b578527 + +info: + name: > + wp-championship < 5.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28d3388e-0731-46b6-bf66-e7a1d98c321a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-championship/" + google-query: inurl:"/wp-content/plugins/wp-championship/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-championship,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-championship/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-championship" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-change-email-sender-f5fc5ba02aa4560ef332189f36172c97.yaml b/nuclei-templates/cve-less/plugins/wp-change-email-sender-f5fc5ba02aa4560ef332189f36172c97.yaml new file mode 100644 index 0000000000..21dcb3e1c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-change-email-sender-f5fc5ba02aa4560ef332189f36172c97.yaml @@ -0,0 +1,58 @@ +id: wp-change-email-sender-f5fc5ba02aa4560ef332189f36172c97 + +info: + name: > + WP Change Email Sender <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88855d83-d182-4b10-b44f-cd0edec07db1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-change-email-sender/" + google-query: inurl:"/wp-content/plugins/wp-change-email-sender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-change-email-sender,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-change-email-sender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-change-email-sender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-charts-c499c5763cb0c8fadcbd79a7862db8b4.yaml b/nuclei-templates/cve-less/plugins/wp-charts-c499c5763cb0c8fadcbd79a7862db8b4.yaml new file mode 100644 index 0000000000..859a8885ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-charts-c499c5763cb0c8fadcbd79a7862db8b4.yaml @@ -0,0 +1,58 @@ +id: wp-charts-c499c5763cb0c8fadcbd79a7862db8b4 + +info: + name: > + WordPress Charts <= 0.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2de2d2c5-1373-45b6-93a0-575713226669?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-charts/" + google-query: inurl:"/wp-content/plugins/wp-charts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-charts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-charts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-charts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-chatbot-3243534248880dc4d13208e428d3bdd1.yaml b/nuclei-templates/cve-less/plugins/wp-chatbot-3243534248880dc4d13208e428d3bdd1.yaml new file mode 100644 index 0000000000..665d24b9e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-chatbot-3243534248880dc4d13208e428d3bdd1.yaml @@ -0,0 +1,58 @@ +id: wp-chatbot-3243534248880dc4d13208e428d3bdd1 + +info: + name: > + WP-Chatbot for Messenger <= 4.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/432df51f-2855-4bf2-8be1-77a893e3aa29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-chatbot/" + google-query: inurl:"/wp-content/plugins/wp-chatbot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-chatbot,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-chatbot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-chatbot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-chgfontsize-13481b1ed77fd504fee89b917516fad5.yaml b/nuclei-templates/cve-less/plugins/wp-chgfontsize-13481b1ed77fd504fee89b917516fad5.yaml new file mode 100644 index 0000000000..10a9228b5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-chgfontsize-13481b1ed77fd504fee89b917516fad5.yaml @@ -0,0 +1,58 @@ +id: wp-chgfontsize-13481b1ed77fd504fee89b917516fad5 + +info: + name: > + WP-chgFontSize <= 1.8 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b897790-43f7-4ca4-8abe-9dc736a7c011?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-chgfontsize/" + google-query: inurl:"/wp-content/plugins/wp-chgfontsize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-chgfontsize,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-chgfontsize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-chgfontsize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-child-theme-generator-c4cf1ef74f307e3d974c13ea6edd24eb.yaml b/nuclei-templates/cve-less/plugins/wp-child-theme-generator-c4cf1ef74f307e3d974c13ea6edd24eb.yaml new file mode 100644 index 0000000000..13232fa23c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-child-theme-generator-c4cf1ef74f307e3d974c13ea6edd24eb.yaml @@ -0,0 +1,58 @@ +id: wp-child-theme-generator-c4cf1ef74f307e3d974c13ea6edd24eb + +info: + name: > + WP Child Theme Generator <= 1.1.0 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49fcd2cb-d880-4152-a736-33fd90f07083?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-child-theme-generator/" + google-query: inurl:"/wp-content/plugins/wp-child-theme-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-child-theme-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-child-theme-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-child-theme-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-chinese-conversion-ba1043324d157b0279fb5fef89ed3d34.yaml b/nuclei-templates/cve-less/plugins/wp-chinese-conversion-ba1043324d157b0279fb5fef89ed3d34.yaml new file mode 100644 index 0000000000..e54433ab1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-chinese-conversion-ba1043324d157b0279fb5fef89ed3d34.yaml @@ -0,0 +1,58 @@ +id: wp-chinese-conversion-ba1043324d157b0279fb5fef89ed3d34 + +info: + name: > + WP Chinese Conversion <= 1.1.16 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95c47c7b-df83-43ee-9091-136b6622e88c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-chinese-conversion/" + google-query: inurl:"/wp-content/plugins/wp-chinese-conversion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-chinese-conversion,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-chinese-conversion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-chinese-conversion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cirrus-217b5f3c17336fde467ad6d4d4052a6d.yaml b/nuclei-templates/cve-less/plugins/wp-cirrus-217b5f3c17336fde467ad6d4d4052a6d.yaml new file mode 100644 index 0000000000..255dcf9044 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cirrus-217b5f3c17336fde467ad6d4d4052a6d.yaml @@ -0,0 +1,58 @@ +id: wp-cirrus-217b5f3c17336fde467ad6d4d4052a6d + +info: + name: > + WP-Cirrus <= 0.6.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/710aa0fd-34e2-4f0e-b354-0722d9692410?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cirrus/" + google-query: inurl:"/wp-content/plugins/wp-cirrus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cirrus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cirrus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cirrus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cirrus-a7963745ff69e39eb4bbcfe48cff5818.yaml b/nuclei-templates/cve-less/plugins/wp-cirrus-a7963745ff69e39eb4bbcfe48cff5818.yaml new file mode 100644 index 0000000000..610b858364 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cirrus-a7963745ff69e39eb4bbcfe48cff5818.yaml @@ -0,0 +1,58 @@ +id: wp-cirrus-a7963745ff69e39eb4bbcfe48cff5818 + +info: + name: > + WP-Cirrus <= 0.6.11 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cab3c9c-39c6-4279-9573-858b0592c3fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cirrus/" + google-query: inurl:"/wp-content/plugins/wp-cirrus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cirrus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cirrus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cirrus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-clean-up-2b8ff50cbfd95099e68cc6637c86457e.yaml b/nuclei-templates/cve-less/plugins/wp-clean-up-2b8ff50cbfd95099e68cc6637c86457e.yaml new file mode 100644 index 0000000000..bb75cca11a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-clean-up-2b8ff50cbfd95099e68cc6637c86457e.yaml @@ -0,0 +1,58 @@ +id: wp-clean-up-2b8ff50cbfd95099e68cc6637c86457e + +info: + name: > + WP Clean Up <= 1.2.3 - Cross-Site Request Forgery via wp_clean_up_optimize + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f342fb7-8f52-43d9-a887-1cf1fffa6ec6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-clean-up/" + google-query: inurl:"/wp-content/plugins/wp-clean-up/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-clean-up,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-clean-up/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-clean-up" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cleanfix-3dc2fefb55b6d17e837bc91376ca059e.yaml b/nuclei-templates/cve-less/plugins/wp-cleanfix-3dc2fefb55b6d17e837bc91376ca059e.yaml new file mode 100644 index 0000000000..3bc4b02b6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cleanfix-3dc2fefb55b6d17e837bc91376ca059e.yaml @@ -0,0 +1,58 @@ +id: wp-cleanfix-3dc2fefb55b6d17e837bc91376ca059e + +info: + name: > + WP Cleanfix <= 3.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0d594e40-ae4d-43f7-b57e-8070a68d1c94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cleanfix/" + google-query: inurl:"/wp-content/plugins/wp-cleanfix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cleanfix,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cleanfix/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cleanfix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cleanfix-40d1328c8d4c642fffaf6abab5865649.yaml b/nuclei-templates/cve-less/plugins/wp-cleanfix-40d1328c8d4c642fffaf6abab5865649.yaml new file mode 100644 index 0000000000..d8d13ec787 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cleanfix-40d1328c8d4c642fffaf6abab5865649.yaml @@ -0,0 +1,58 @@ +id: wp-cleanfix-40d1328c8d4c642fffaf6abab5865649 + +info: + name: > + WP Cleanfix <= 5.6.2 - Missing Authorization via register + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57896fa8-9360-41e8-a60e-8b95d01c25ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cleanfix/" + google-query: inurl:"/wp-content/plugins/wp-cleanfix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cleanfix,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cleanfix/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cleanfix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cleanfix-75c70b1bb438dfcca6e33d6263e0e86e.yaml b/nuclei-templates/cve-less/plugins/wp-cleanfix-75c70b1bb438dfcca6e33d6263e0e86e.yaml new file mode 100644 index 0000000000..ae00644cb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cleanfix-75c70b1bb438dfcca6e33d6263e0e86e.yaml @@ -0,0 +1,58 @@ +id: wp-cleanfix-75c70b1bb438dfcca6e33d6263e0e86e + +info: + name: > + WP Cleanfix Plugin < 5.0.0 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a2c62a8-bc00-43b7-a3e8-a45d0cb75854?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cleanfix/" + google-query: inurl:"/wp-content/plugins/wp-cleanfix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cleanfix,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cleanfix/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cleanfix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-client-logo-carousel-119ed13ee8d9c38858fd75fb1eb0a4cd.yaml b/nuclei-templates/cve-less/plugins/wp-client-logo-carousel-119ed13ee8d9c38858fd75fb1eb0a4cd.yaml new file mode 100644 index 0000000000..984bf51451 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-client-logo-carousel-119ed13ee8d9c38858fd75fb1eb0a4cd.yaml @@ -0,0 +1,58 @@ +id: wp-client-logo-carousel-119ed13ee8d9c38858fd75fb1eb0a4cd + +info: + name: > + Client Logo Carousel <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1c11388-fff4-4206-b7b5-3d7e3e0da16a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-client-logo-carousel/" + google-query: inurl:"/wp-content/plugins/wp-client-logo-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-client-logo-carousel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-client-logo-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-client-logo-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-client-reports-11a9c2fdd6ced3454ae2f484273892ee.yaml b/nuclei-templates/cve-less/plugins/wp-client-reports-11a9c2fdd6ced3454ae2f484273892ee.yaml new file mode 100644 index 0000000000..5dd7499f02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-client-reports-11a9c2fdd6ced3454ae2f484273892ee.yaml @@ -0,0 +1,58 @@ +id: wp-client-reports-11a9c2fdd6ced3454ae2f484273892ee + +info: + name: > + WP Client Reports <= 1.0.16 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34cddc7b-575c-4494-afa0-cd85c7b313e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-client-reports/" + google-query: inurl:"/wp-content/plugins/wp-client-reports/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-client-reports,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-client-reports/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-client-reports" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-client-reports-a5b46952d543f797449f79e0a9cccb18.yaml b/nuclei-templates/cve-less/plugins/wp-client-reports-a5b46952d543f797449f79e0a9cccb18.yaml new file mode 100644 index 0000000000..2989acc340 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-client-reports-a5b46952d543f797449f79e0a9cccb18.yaml @@ -0,0 +1,58 @@ +id: wp-client-reports-a5b46952d543f797449f79e0a9cccb18 + +info: + name: > + WP Client Reports <= 1.0.22 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd95f517-baf6-4feb-a9a5-f73008634dd4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-client-reports/" + google-query: inurl:"/wp-content/plugins/wp-client-reports/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-client-reports,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-client-reports/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-client-reports" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-25a10466c42d47292b8a71c862e9a26a.yaml b/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-25a10466c42d47292b8a71c862e9a26a.yaml new file mode 100644 index 0000000000..16298a73e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-25a10466c42d47292b8a71c862e9a26a.yaml @@ -0,0 +1,58 @@ +id: wp-clone-by-wp-academy-25a10466c42d47292b8a71c862e9a26a + +info: + name: > + Inisev Plugins (Various Versions) - Missing Authorization on handle_installation function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf7bdd0e-f3b3-4be5-8a30-2c6d9cb783a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-clone-by-wp-academy/" + google-query: inurl:"/wp-content/plugins/wp-clone-by-wp-academy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-clone-by-wp-academy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-clone-by-wp-academy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-clone-by-wp-academy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-6ac56b73dfbde68009426ab1366ff6c2.yaml b/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-6ac56b73dfbde68009426ab1366ff6c2.yaml new file mode 100644 index 0000000000..025f5210f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-6ac56b73dfbde68009426ab1366ff6c2.yaml @@ -0,0 +1,58 @@ +id: wp-clone-by-wp-academy-6ac56b73dfbde68009426ab1366ff6c2 + +info: + name: > + Inisev Analyst Module <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fee47bb5-5af9-426c-8760-193276e046ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-clone-by-wp-academy/" + google-query: inurl:"/wp-content/plugins/wp-clone-by-wp-academy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-clone-by-wp-academy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-clone-by-wp-academy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-clone-by-wp-academy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-7379020b548b14b7be62b539ae5d76a2.yaml b/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-7379020b548b14b7be62b539ae5d76a2.yaml new file mode 100644 index 0000000000..b2945f6b24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-7379020b548b14b7be62b539ae5d76a2.yaml @@ -0,0 +1,58 @@ +id: wp-clone-by-wp-academy-7379020b548b14b7be62b539ae5d76a2 + +info: + name: > + Clone <= 2.3.7 - Missing Authorization via wp_ajax_tifm_save_decision + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b6db928-f8ff-4e78-bfc7-51f1d1ccd1fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-clone-by-wp-academy/" + google-query: inurl:"/wp-content/plugins/wp-clone-by-wp-academy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-clone-by-wp-academy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-clone-by-wp-academy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-clone-by-wp-academy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-a1129a205ef2deec4965e57f9f73108e.yaml b/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-a1129a205ef2deec4965e57f9f73108e.yaml new file mode 100644 index 0000000000..fcc2ea2b6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-a1129a205ef2deec4965e57f9f73108e.yaml @@ -0,0 +1,58 @@ +id: wp-clone-by-wp-academy-a1129a205ef2deec4965e57f9f73108e + +info: + name: > + WP Clone <= 2.4.2 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44a921e7-cce3-4347-968d-76dab243fcd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-clone-by-wp-academy/" + google-query: inurl:"/wp-content/plugins/wp-clone-by-wp-academy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-clone-by-wp-academy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-clone-by-wp-academy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-clone-by-wp-academy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-c451f687ef3559dbeeebe92c1e87ed44.yaml b/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-c451f687ef3559dbeeebe92c1e87ed44.yaml new file mode 100644 index 0000000000..b57dca7a9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-clone-by-wp-academy-c451f687ef3559dbeeebe92c1e87ed44.yaml @@ -0,0 +1,58 @@ +id: wp-clone-by-wp-academy-c451f687ef3559dbeeebe92c1e87ed44 + +info: + name: > + Inisev Plugins (Various Versions) - Cross-Site Request Forgery on handle_installation function + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab7c8926-c762-49b1-bc97-4b7a2f4f97fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-clone-by-wp-academy/" + google-query: inurl:"/wp-content/plugins/wp-clone-by-wp-academy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-clone-by-wp-academy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-clone-by-wp-academy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-clone-by-wp-academy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cloudflare-page-cache-7da86808d4989a68c5d31062aa40a7e0.yaml b/nuclei-templates/cve-less/plugins/wp-cloudflare-page-cache-7da86808d4989a68c5d31062aa40a7e0.yaml new file mode 100644 index 0000000000..251b661763 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cloudflare-page-cache-7da86808d4989a68c5d31062aa40a7e0.yaml @@ -0,0 +1,58 @@ +id: wp-cloudflare-page-cache-7da86808d4989a68c5d31062aa40a7e0 + +info: + name: > + Super Page Cache for Cloudflare <= 4.7.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a853bbb4-9866-4bc4-94da-d7826863d23b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cloudflare-page-cache/" + google-query: inurl:"/wp-content/plugins/wp-cloudflare-page-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cloudflare-page-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cloudflare-page-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cloudflare-page-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cloudflare-page-cache-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/wp-cloudflare-page-cache-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..9aadf9fb18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cloudflare-page-cache-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: wp-cloudflare-page-cache-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cloudflare-page-cache/" + google-query: inurl:"/wp-content/plugins/wp-cloudflare-page-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cloudflare-page-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cloudflare-page-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cloudflare-page-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cloudy-0ad53ed111e4c9bd0fa768a28b64118e.yaml b/nuclei-templates/cve-less/plugins/wp-cloudy-0ad53ed111e4c9bd0fa768a28b64118e.yaml new file mode 100644 index 0000000000..ecad87f568 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cloudy-0ad53ed111e4c9bd0fa768a28b64118e.yaml @@ -0,0 +1,58 @@ +id: wp-cloudy-0ad53ed111e4c9bd0fa768a28b64118e + +info: + name: > + WP Cloudy <= 4.4.9 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d85b98c3-c912-4467-962c-eb64465266b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cloudy/" + google-query: inurl:"/wp-content/plugins/wp-cloudy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cloudy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cloudy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cloudy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-club-manager-88ba893aacf7da3ba8fb038d6bba0a0b.yaml b/nuclei-templates/cve-less/plugins/wp-club-manager-88ba893aacf7da3ba8fb038d6bba0a0b.yaml new file mode 100644 index 0000000000..601305e996 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-club-manager-88ba893aacf7da3ba8fb038d6bba0a0b.yaml @@ -0,0 +1,58 @@ +id: wp-club-manager-88ba893aacf7da3ba8fb038d6bba0a0b + +info: + name: > + WP Club Manager <= 2.2.11 - Authenticated (Player+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb364d54-bd44-426f-8f11-8ee5a7527c5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-club-manager/" + google-query: inurl:"/wp-content/plugins/wp-club-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-club-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-club-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-club-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-club-manager-980a1e8d0e2c9d6875260534aa15c2ab.yaml b/nuclei-templates/cve-less/plugins/wp-club-manager-980a1e8d0e2c9d6875260534aa15c2ab.yaml new file mode 100644 index 0000000000..7a32dcd0f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-club-manager-980a1e8d0e2c9d6875260534aa15c2ab.yaml @@ -0,0 +1,58 @@ +id: wp-club-manager-980a1e8d0e2c9d6875260534aa15c2ab + +info: + name: > + WP Club Manager <= 2.2.11 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29137748-91b1-4b01-9f05-63da592e941a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-club-manager/" + google-query: inurl:"/wp-content/plugins/wp-club-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-club-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-club-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-club-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-club-manager-dabe11ac9a89ef7717da39d4e9cb7dcc.yaml b/nuclei-templates/cve-less/plugins/wp-club-manager-dabe11ac9a89ef7717da39d4e9cb7dcc.yaml new file mode 100644 index 0000000000..8080737209 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-club-manager-dabe11ac9a89ef7717da39d4e9cb7dcc.yaml @@ -0,0 +1,58 @@ +id: wp-club-manager-dabe11ac9a89ef7717da39d4e9cb7dcc + +info: + name: > + WP Club Manager – WordPress Sports Club Plugin <= 2.2.10 - Missing Authorization to Unauthenticated Event Permalink Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64c2c8c2-58f5-4b7d-b226-39ba39e887d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-club-manager/" + google-query: inurl:"/wp-content/plugins/wp-club-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-club-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-club-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-club-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-code-highlightjs-ca875a69734817c022d2b5742d18b09a.yaml b/nuclei-templates/cve-less/plugins/wp-code-highlightjs-ca875a69734817c022d2b5742d18b09a.yaml new file mode 100644 index 0000000000..396d79d570 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-code-highlightjs-ca875a69734817c022d2b5742d18b09a.yaml @@ -0,0 +1,58 @@ +id: wp-code-highlightjs-ca875a69734817c022d2b5742d18b09a + +info: + name: > + WP Code Highlight.js <= 0.6.2 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef7727e5-fb20-4d9b-baaa-c123a0100ee0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-code-highlightjs/" + google-query: inurl:"/wp-content/plugins/wp-code-highlightjs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-code-highlightjs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-code-highlightjs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-code-highlightjs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-codemirror-block-291a48e25bfa003aa951458172971d46.yaml b/nuclei-templates/cve-less/plugins/wp-codemirror-block-291a48e25bfa003aa951458172971d46.yaml new file mode 100644 index 0000000000..ca7e6d3e60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-codemirror-block-291a48e25bfa003aa951458172971d46.yaml @@ -0,0 +1,58 @@ +id: wp-codemirror-block-291a48e25bfa003aa951458172971d46 + +info: + name: > + CodeMirror Blocks <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52569aac-1e9e-40fb-9ff4-5eeb7940375d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-codemirror-block/" + google-query: inurl:"/wp-content/plugins/wp-codemirror-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-codemirror-block,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-codemirror-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-codemirror-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-coder-03747b0c7844da2a502c367644e13831.yaml b/nuclei-templates/cve-less/plugins/wp-coder-03747b0c7844da2a502c367644e13831.yaml new file mode 100644 index 0000000000..2798c17966 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-coder-03747b0c7844da2a502c367644e13831.yaml @@ -0,0 +1,58 @@ +id: wp-coder-03747b0c7844da2a502c367644e13831 + +info: + name: > + Multiple Wow-Company Plugins (Various Versions) -- Reflected Cross-Site Scripting via 'page' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a95af34-559c-4644-9941-7bd1551aba33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-coder/" + google-query: inurl:"/wp-content/plugins/wp-coder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-coder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-coder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-coder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-coder-245098f6b0653f99e8181fe1d0b4d9ec.yaml b/nuclei-templates/cve-less/plugins/wp-coder-245098f6b0653f99e8181fe1d0b4d9ec.yaml new file mode 100644 index 0000000000..297dbed915 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-coder-245098f6b0653f99e8181fe1d0b4d9ec.yaml @@ -0,0 +1,58 @@ +id: wp-coder-245098f6b0653f99e8181fe1d0b4d9ec + +info: + name: > + WP Coder <= 3.5 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7394f468-b1d6-477e-9213-e01c74e2e504?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-coder/" + google-query: inurl:"/wp-content/plugins/wp-coder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-coder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-coder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-coder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-coder-83f22a47dbd6befc1b5b2de701a66592.yaml b/nuclei-templates/cve-less/plugins/wp-coder-83f22a47dbd6befc1b5b2de701a66592.yaml new file mode 100644 index 0000000000..e37637b9eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-coder-83f22a47dbd6befc1b5b2de701a66592.yaml @@ -0,0 +1,58 @@ +id: wp-coder-83f22a47dbd6befc1b5b2de701a66592 + +info: + name: > + WP Coder <= 2.5.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc64c550-0d19-42d4-aa2b-829e74b166bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-coder/" + google-query: inurl:"/wp-content/plugins/wp-coder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-coder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-coder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-coder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-coder-d4baf5319f8e6cff227085b65be4db6a.yaml b/nuclei-templates/cve-less/plugins/wp-coder-d4baf5319f8e6cff227085b65be4db6a.yaml new file mode 100644 index 0000000000..447544c27c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-coder-d4baf5319f8e6cff227085b65be4db6a.yaml @@ -0,0 +1,58 @@ +id: wp-coder-d4baf5319f8e6cff227085b65be4db6a + +info: + name: > + WP Coder – add custom html, css and js code <= 2.5.3 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4b6a9cd-4d29-4bd8-afa3-b5d455ad8340?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-coder/" + google-query: inurl:"/wp-content/plugins/wp-coder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-coder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-coder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-coder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-coder-ed25dc4554a62fa61ab6134b2e367cf7.yaml b/nuclei-templates/cve-less/plugins/wp-coder-ed25dc4554a62fa61ab6134b2e367cf7.yaml new file mode 100644 index 0000000000..6bf966be15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-coder-ed25dc4554a62fa61ab6134b2e367cf7.yaml @@ -0,0 +1,58 @@ +id: wp-coder-ed25dc4554a62fa61ab6134b2e367cf7 + +info: + name: > + WP Coder <= 2.5.1 - Remote File Inclusion leading to Remote Code Execution via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63f53e3c-b038-4722-b5ba-7212e50b5978?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-coder/" + google-query: inurl:"/wp-content/plugins/wp-coder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-coder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-coder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-coder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-comment-fields-0cde94286321975aa282d120f32f5bac.yaml b/nuclei-templates/cve-less/plugins/wp-comment-fields-0cde94286321975aa282d120f32f5bac.yaml new file mode 100644 index 0000000000..da5df05dbc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-comment-fields-0cde94286321975aa282d120f32f5bac.yaml @@ -0,0 +1,58 @@ +id: wp-comment-fields-0cde94286321975aa282d120f32f5bac + +info: + name: > + Comments Extra Fields For Post,Pages and CPT <= 5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-comment-fields/" + google-query: inurl:"/wp-content/plugins/wp-comment-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-comment-fields,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-comment-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-comment-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-comment-fields-287b97d3800f658fb6c7787e238d09c5.yaml b/nuclei-templates/cve-less/plugins/wp-comment-fields-287b97d3800f658fb6c7787e238d09c5.yaml new file mode 100644 index 0000000000..ffa7f6687a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-comment-fields-287b97d3800f658fb6c7787e238d09c5.yaml @@ -0,0 +1,58 @@ +id: wp-comment-fields-287b97d3800f658fb6c7787e238d09c5 + +info: + name: > + WordPress Comments Fields <= 4.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ebe34fd-6860-4074-ae86-37f979f54dc9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-comment-fields/" + google-query: inurl:"/wp-content/plugins/wp-comment-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-comment-fields,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-comment-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-comment-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-comment-fields-6fee77f4c30ccce8c47c0e8979fa4163.yaml b/nuclei-templates/cve-less/plugins/wp-comment-fields-6fee77f4c30ccce8c47c0e8979fa4163.yaml new file mode 100644 index 0000000000..ee20e21fb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-comment-fields-6fee77f4c30ccce8c47c0e8979fa4163.yaml @@ -0,0 +1,58 @@ +id: wp-comment-fields-6fee77f4c30ccce8c47c0e8979fa4163 + +info: + name: > + Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-comment-fields/" + google-query: inurl:"/wp-content/plugins/wp-comment-fields/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-comment-fields,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-comment-fields/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-comment-fields" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-comment-remix-1498b56c7721705e179b43bd40cfa29f.yaml b/nuclei-templates/cve-less/plugins/wp-comment-remix-1498b56c7721705e179b43bd40cfa29f.yaml new file mode 100644 index 0000000000..94bcbf3857 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-comment-remix-1498b56c7721705e179b43bd40cfa29f.yaml @@ -0,0 +1,58 @@ +id: wp-comment-remix-1498b56c7721705e179b43bd40cfa29f + +info: + name: > + WP Comment Remix < 1.4.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5de56a2e-f8e2-47d9-8a2b-989de640f018?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-comment-remix/" + google-query: inurl:"/wp-content/plugins/wp-comment-remix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-comment-remix,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-comment-remix/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-comment-remix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-comment-remix-574c183518fa14bb1a854e4b68f72a19.yaml b/nuclei-templates/cve-less/plugins/wp-comment-remix-574c183518fa14bb1a854e4b68f72a19.yaml new file mode 100644 index 0000000000..58c8a3daaa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-comment-remix-574c183518fa14bb1a854e4b68f72a19.yaml @@ -0,0 +1,58 @@ +id: wp-comment-remix-574c183518fa14bb1a854e4b68f72a19 + +info: + name: > + WP Comment Remix <= 1.4.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e619e8e-e04b-4e42-9cee-65e5dedff3b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-comment-remix/" + google-query: inurl:"/wp-content/plugins/wp-comment-remix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-comment-remix,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-comment-remix/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-comment-remix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-comment-remix-5defb55cded48a565a064567cc9f2fde.yaml b/nuclei-templates/cve-less/plugins/wp-comment-remix-5defb55cded48a565a064567cc9f2fde.yaml new file mode 100644 index 0000000000..0465039dda --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-comment-remix-5defb55cded48a565a064567cc9f2fde.yaml @@ -0,0 +1,58 @@ +id: wp-comment-remix-5defb55cded48a565a064567cc9f2fde + +info: + name: > + WP Comment Remix < 1.4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0459d852-4d6b-4457-ad8d-47a3cddded8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-comment-remix/" + google-query: inurl:"/wp-content/plugins/wp-comment-remix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-comment-remix,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-comment-remix/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-comment-remix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-commentnavi-c4c58ad76c633d16084174a989d36082.yaml b/nuclei-templates/cve-less/plugins/wp-commentnavi-c4c58ad76c633d16084174a989d36082.yaml new file mode 100644 index 0000000000..ff7163856c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-commentnavi-c4c58ad76c633d16084174a989d36082.yaml @@ -0,0 +1,58 @@ +id: wp-commentnavi-c4c58ad76c633d16084174a989d36082 + +info: + name: > + WP-CommentNavi <= 1.12.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba3b414-82a0-4793-9702-cec64d92271e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-commentnavi/" + google-query: inurl:"/wp-content/plugins/wp-commentnavi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-commentnavi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-commentnavi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-commentnavi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-compress-image-optimizer-214d7a66a2d3ba448e1f7f45ccd8e5f3.yaml b/nuclei-templates/cve-less/plugins/wp-compress-image-optimizer-214d7a66a2d3ba448e1f7f45ccd8e5f3.yaml new file mode 100644 index 0000000000..9250cd1cb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-compress-image-optimizer-214d7a66a2d3ba448e1f7f45ccd8e5f3.yaml @@ -0,0 +1,58 @@ +id: wp-compress-image-optimizer-214d7a66a2d3ba448e1f7f45ccd8e5f3 + +info: + name: > + WP Compress – Image Optimizer [All-In-One] <= 6.10.33 - Unauthenticated Directory Traversal via css + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/defb87dd-bf5f-411f-b948-699337d05d44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-compress-image-optimizer/" + google-query: inurl:"/wp-content/plugins/wp-compress-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-compress-image-optimizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-compress-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-compress-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.10.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-compress-image-optimizer-388de01a3c00f86461e75b59a8e80e96.yaml b/nuclei-templates/cve-less/plugins/wp-compress-image-optimizer-388de01a3c00f86461e75b59a8e80e96.yaml new file mode 100644 index 0000000000..1dd7dedb98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-compress-image-optimizer-388de01a3c00f86461e75b59a8e80e96.yaml @@ -0,0 +1,58 @@ +id: wp-compress-image-optimizer-388de01a3c00f86461e75b59a8e80e96 + +info: + name: > + WP Compress – Image Optimizer [All-In-One] <= 6.10.35 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81fd6ec4-9cff-4604-8b7f-5b8683096c34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-compress-image-optimizer/" + google-query: inurl:"/wp-content/plugins/wp-compress-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-compress-image-optimizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-compress-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-compress-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.10.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-compress-image-optimizer-ab5c346298e5bc332a45956af170b3b8.yaml b/nuclei-templates/cve-less/plugins/wp-compress-image-optimizer-ab5c346298e5bc332a45956af170b3b8.yaml new file mode 100644 index 0000000000..2730cc0d96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-compress-image-optimizer-ab5c346298e5bc332a45956af170b3b8.yaml @@ -0,0 +1,58 @@ +id: wp-compress-image-optimizer-ab5c346298e5bc332a45956af170b3b8 + +info: + name: > + WP Compress – Image Optimizer <= 6.11.10 - Missing Authorization to Unauthenticated CDN Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88a46a24-6d46-44cc-ac01-70a1c329cb51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-compress-image-optimizer/" + google-query: inurl:"/wp-content/plugins/wp-compress-image-optimizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-compress-image-optimizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-compress-image-optimizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-compress-image-optimizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.11.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-concours-31a7c57e145b1990f031344b13acb01b.yaml b/nuclei-templates/cve-less/plugins/wp-concours-31a7c57e145b1990f031344b13acb01b.yaml new file mode 100644 index 0000000000..f258bbdead --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-concours-31a7c57e145b1990f031344b13acb01b.yaml @@ -0,0 +1,58 @@ +id: wp-concours-31a7c57e145b1990f031344b13acb01b + +info: + name: > + WP Concours <= 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76f32441-ce6a-472d-a437-c284cb91eb8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-concours/" + google-query: inurl:"/wp-content/plugins/wp-concours/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-concours,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-concours/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-concours" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-config-file-editor-416feeed72e481e9c6ade025bb1108e9.yaml b/nuclei-templates/cve-less/plugins/wp-config-file-editor-416feeed72e481e9c6ade025bb1108e9.yaml new file mode 100644 index 0000000000..1ac9474436 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-config-file-editor-416feeed72e481e9c6ade025bb1108e9.yaml @@ -0,0 +1,58 @@ +id: wp-config-file-editor-416feeed72e481e9c6ade025bb1108e9 + +info: + name: > + WP Config File Editor <= 1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ce4a14-5c56-4ca0-9deb-80cd609b71e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-config-file-editor/" + google-query: inurl:"/wp-content/plugins/wp-config-file-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-config-file-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-config-file-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-config-file-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-construction-mode-aadc81f29bdd98e82b479da656b5f939.yaml b/nuclei-templates/cve-less/plugins/wp-construction-mode-aadc81f29bdd98e82b479da656b5f939.yaml new file mode 100644 index 0000000000..5ac3cb5beb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-construction-mode-aadc81f29bdd98e82b479da656b5f939.yaml @@ -0,0 +1,58 @@ +id: wp-construction-mode-aadc81f29bdd98e82b479da656b5f939 + +info: + name: > + WP Construction Mode <= 1.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e4dbf38-e955-4634-9a07-775ea49b0051?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-construction-mode/" + google-query: inurl:"/wp-content/plugins/wp-construction-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-construction-mode,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-construction-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-construction-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-consultant-ac90b1e42401eceeda1d0c4445ebc72b.yaml b/nuclei-templates/cve-less/plugins/wp-consultant-ac90b1e42401eceeda1d0c4445ebc72b.yaml new file mode 100644 index 0000000000..6097b37961 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-consultant-ac90b1e42401eceeda1d0c4445ebc72b.yaml @@ -0,0 +1,58 @@ +id: wp-consultant-ac90b1e42401eceeda1d0c4445ebc72b + +info: + name: > + WP Consultant <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e54613a-24c7-4e2d-a14b-07912acfb69a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-consultant/" + google-query: inurl:"/wp-content/plugins/wp-consultant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-consultant,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-consultant/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-consultant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-contact-form-007c1b62fcbe28eefc7df62d2a9616c8.yaml b/nuclei-templates/cve-less/plugins/wp-contact-form-007c1b62fcbe28eefc7df62d2a9616c8.yaml new file mode 100644 index 0000000000..809aac0809 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-contact-form-007c1b62fcbe28eefc7df62d2a9616c8.yaml @@ -0,0 +1,58 @@ +id: wp-contact-form-007c1b62fcbe28eefc7df62d2a9616c8 + +info: + name: > + WP Contact Form <= 1.6 - Cross-Site Request Forgery via wpcf_adminpage + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5decbb3-05a0-403f-918a-9b516df85778?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-contact-form/" + google-query: inurl:"/wp-content/plugins/wp-contact-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-contact-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-contact-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-contact-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-contact-sidebar-widget-faf2b2d46d16f4cbc167cb1d3ca32849.yaml b/nuclei-templates/cve-less/plugins/wp-contact-sidebar-widget-faf2b2d46d16f4cbc167cb1d3ca32849.yaml new file mode 100644 index 0000000000..0ca243d9a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-contact-sidebar-widget-faf2b2d46d16f4cbc167cb1d3ca32849.yaml @@ -0,0 +1,58 @@ +id: wp-contact-sidebar-widget-faf2b2d46d16f4cbc167cb1d3ca32849 + +info: + name: > + WP-Contact <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0051e869-47b1-42ea-911a-49a4462d33ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-contact-sidebar-widget/" + google-query: inurl:"/wp-content/plugins/wp-contact-sidebar-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-contact-sidebar-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-contact-sidebar-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-contact-sidebar-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-contact-slider-13a0eed39cd76523725bdb9ac6f8ad2f.yaml b/nuclei-templates/cve-less/plugins/wp-contact-slider-13a0eed39cd76523725bdb9ac6f8ad2f.yaml new file mode 100644 index 0000000000..ad37c96a68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-contact-slider-13a0eed39cd76523725bdb9ac6f8ad2f.yaml @@ -0,0 +1,58 @@ +id: wp-contact-slider-13a0eed39cd76523725bdb9ac6f8ad2f + +info: + name: > + WP Contact Slider <= 2.4.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9ef419c-3546-489b-b841-b12b8918abdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-contact-slider/" + google-query: inurl:"/wp-content/plugins/wp-contact-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-contact-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-contact-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-contact-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-contact-slider-d8df0d0d76816bab3218aaeebd329b4b.yaml b/nuclei-templates/cve-less/plugins/wp-contact-slider-d8df0d0d76816bab3218aaeebd329b4b.yaml new file mode 100644 index 0000000000..b07cec5b16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-contact-slider-d8df0d0d76816bab3218aaeebd329b4b.yaml @@ -0,0 +1,58 @@ +id: wp-contact-slider-d8df0d0d76816bab3218aaeebd329b4b + +info: + name: > + WP Contact Slider <= 2.4.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/217b4ed7-90d3-4871-b034-7e1b324dc6a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-contact-slider/" + google-query: inurl:"/wp-content/plugins/wp-contact-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-contact-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-contact-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-contact-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-contactform-03e041af34914994b5b4b3e20ec8ee2e.yaml b/nuclei-templates/cve-less/plugins/wp-contactform-03e041af34914994b5b4b3e20ec8ee2e.yaml new file mode 100644 index 0000000000..d46f7c5410 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-contactform-03e041af34914994b5b4b3e20ec8ee2e.yaml @@ -0,0 +1,58 @@ +id: wp-contactform-03e041af34914994b5b4b3e20ec8ee2e + +info: + name: > + WP-ContactForm <= 1.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c2465b8-09d2-4895-bc97-6f6f2e349d50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-contactform/" + google-query: inurl:"/wp-content/plugins/wp-contactform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-contactform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-contactform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-contactform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-contactform-fbe96c78719e34780f9334cd4775f2cc.yaml b/nuclei-templates/cve-less/plugins/wp-contactform-fbe96c78719e34780f9334cd4775f2cc.yaml new file mode 100644 index 0000000000..ed154a62cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-contactform-fbe96c78719e34780f9334cd4775f2cc.yaml @@ -0,0 +1,58 @@ +id: wp-contactform-fbe96c78719e34780f9334cd4775f2cc + +info: + name: > + WP-ContactForm <= 1.5.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00f9fd4b-4730-4fa5-80b2-00d97dc72b8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-contactform/" + google-query: inurl:"/wp-content/plugins/wp-contactform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-contactform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-contactform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-contactform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-contacts-manager-49aab57e3a849669daec0648093b2a24.yaml b/nuclei-templates/cve-less/plugins/wp-contacts-manager-49aab57e3a849669daec0648093b2a24.yaml new file mode 100644 index 0000000000..cefdea91d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-contacts-manager-49aab57e3a849669daec0648093b2a24.yaml @@ -0,0 +1,58 @@ +id: wp-contacts-manager-49aab57e3a849669daec0648093b2a24 + +info: + name: > + WP Contacts Manager <= 2.2.4 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b352b2e4-8d72-4ebd-8dcd-8e2740759f3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-contacts-manager/" + google-query: inurl:"/wp-content/plugins/wp-contacts-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-contacts-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-contacts-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-contacts-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-content-copy-protection-d51d69d330a061dad190bd18258e5c37.yaml b/nuclei-templates/cve-less/plugins/wp-content-copy-protection-d51d69d330a061dad190bd18258e5c37.yaml new file mode 100644 index 0000000000..4e47effa38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-content-copy-protection-d51d69d330a061dad190bd18258e5c37.yaml @@ -0,0 +1,58 @@ +id: wp-content-copy-protection-d51d69d330a061dad190bd18258e5c37 + +info: + name: > + WP Content Copy Protection <= 3.4.4 - Cross-Site Request Forgery to Setting Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbc8e925-878a-42e2-ae78-35ec95e07526?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-content-copy-protection/" + google-query: inurl:"/wp-content/plugins/wp-content-copy-protection/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-content-copy-protection,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-content-copy-protection/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-content-copy-protection" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-content-copy-protector-d7e80e6f1bf77fdb58c4ef0772ba692b.yaml b/nuclei-templates/cve-less/plugins/wp-content-copy-protector-d7e80e6f1bf77fdb58c4ef0772ba692b.yaml new file mode 100644 index 0000000000..27e99fa2df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-content-copy-protector-d7e80e6f1bf77fdb58c4ef0772ba692b.yaml @@ -0,0 +1,58 @@ +id: wp-content-copy-protector-d7e80e6f1bf77fdb58c4ef0772ba692b + +info: + name: > + WP Content Copy Protection & No Right Click <= 3.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9589d44b-55c3-45b4-84bb-c86143de3f95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-content-copy-protector/" + google-query: inurl:"/wp-content/plugins/wp-content-copy-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-content-copy-protector,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-content-copy-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-content-copy-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-content-copy-protector-e6f9d411cfc36ab403436e5079e013a0.yaml b/nuclei-templates/cve-less/plugins/wp-content-copy-protector-e6f9d411cfc36ab403436e5079e013a0.yaml new file mode 100644 index 0000000000..fc558f3ba2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-content-copy-protector-e6f9d411cfc36ab403436e5079e013a0.yaml @@ -0,0 +1,58 @@ +id: wp-content-copy-protector-e6f9d411cfc36ab403436e5079e013a0 + +info: + name: > + WP Copy Protection & No Right Click <= 3.1.4 - Missing Authorization to Arbitrary Plugin Installation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c062d60b-eda8-4039-8655-64f32e70839a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-content-copy-protector/" + google-query: inurl:"/wp-content/plugins/wp-content-copy-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-content-copy-protector,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-content-copy-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-content-copy-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-content-filter-cf0e16a0243bc8e5fbe7907a0ee34454.yaml b/nuclei-templates/cve-less/plugins/wp-content-filter-cf0e16a0243bc8e5fbe7907a0ee34454.yaml new file mode 100644 index 0000000000..09776668f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-content-filter-cf0e16a0243bc8e5fbe7907a0ee34454.yaml @@ -0,0 +1,58 @@ +id: wp-content-filter-cf0e16a0243bc8e5fbe7907a0ee34454 + +info: + name: > + WP Content Filter – Censor All Offensive Content From Your Site <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95ffefff-80e1-4f5a-8939-47a00f75493d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-content-filter/" + google-query: inurl:"/wp-content/plugins/wp-content-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-content-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-content-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-content-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-content-pilot-0eba82d1fba78dd21145988eca694adc.yaml b/nuclei-templates/cve-less/plugins/wp-content-pilot-0eba82d1fba78dd21145988eca694adc.yaml new file mode 100644 index 0000000000..0e6acd6432 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-content-pilot-0eba82d1fba78dd21145988eca694adc.yaml @@ -0,0 +1,58 @@ +id: wp-content-pilot-0eba82d1fba78dd21145988eca694adc + +info: + name: > + WP Content Pilot – Autoblogging & Affiliate Marketing Plugin <= 1.3.3 - Authenticated (Contributor+) Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/373c10df-0d9c-4f76-8d1f-cad6bcfed141?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-content-pilot/" + google-query: inurl:"/wp-content/plugins/wp-content-pilot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-content-pilot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-content-pilot/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-content-pilot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cookie-user-info-11d8ae615e422011cdb2e654cf3c2a37.yaml b/nuclei-templates/cve-less/plugins/wp-cookie-user-info-11d8ae615e422011cdb2e654cf3c2a37.yaml new file mode 100644 index 0000000000..be13bed3d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cookie-user-info-11d8ae615e422011cdb2e654cf3c2a37.yaml @@ -0,0 +1,58 @@ +id: wp-cookie-user-info-11d8ae615e422011cdb2e654cf3c2a37 + +info: + name: > + Cookie Notification Plugin for WordPress < 1.0.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e61a5989-ea75-4c11-a937-66488ecdb10d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cookie-user-info/" + google-query: inurl:"/wp-content/plugins/wp-cookie-user-info/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cookie-user-info,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cookie-user-info/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cookie-user-info" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cookiechoise-e18f49f80ec9826dcfb049693894ccc8.yaml b/nuclei-templates/cve-less/plugins/wp-cookiechoise-e18f49f80ec9826dcfb049693894ccc8.yaml new file mode 100644 index 0000000000..292e791950 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cookiechoise-e18f49f80ec9826dcfb049693894ccc8.yaml @@ -0,0 +1,58 @@ +id: wp-cookiechoise-e18f49f80ec9826dcfb049693894ccc8 + +info: + name: > + Wp Cookie Choice <= 1.1.0 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/278d2d44-16e1-4560-9988-02d900443e42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cookiechoise/" + google-query: inurl:"/wp-content/plugins/wp-cookiechoise/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cookiechoise,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cookiechoise/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cookiechoise" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-copyprotect-e1febe978f6ac681c905f0209b923309.yaml b/nuclei-templates/cve-less/plugins/wp-copyprotect-e1febe978f6ac681c905f0209b923309.yaml new file mode 100644 index 0000000000..be087e73ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-copyprotect-e1febe978f6ac681c905f0209b923309.yaml @@ -0,0 +1,58 @@ +id: wp-copyprotect-e1febe978f6ac681c905f0209b923309 + +info: + name: > + WP-CopyProtect [Protect your blog posts] <= 3.1.0 - Cross-Site Request Forgery via CopyProtect_options_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6461a8f-297e-49ad-aa9b-9379f0984423?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-copyprotect/" + google-query: inurl:"/wp-content/plugins/wp-copyprotect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-copyprotect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-copyprotect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-copyprotect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-copysafe-web-0146139ec324fe379ee6ec8f57dc3c30.yaml b/nuclei-templates/cve-less/plugins/wp-copysafe-web-0146139ec324fe379ee6ec8f57dc3c30.yaml new file mode 100644 index 0000000000..0e5c148b13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-copysafe-web-0146139ec324fe379ee6ec8f57dc3c30.yaml @@ -0,0 +1,58 @@ +id: wp-copysafe-web-0146139ec324fe379ee6ec8f57dc3c30 + +info: + name: > + CopySafe Web Protection <= 3.13 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07e110b3-ef10-482d-a564-c9f23631e5f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-copysafe-web/" + google-query: inurl:"/wp-content/plugins/wp-copysafe-web/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-copysafe-web,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-copysafe-web/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-copysafe-web" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-copysafe-web-79179ad54ba7abdd62ae8ef75c3ac232.yaml b/nuclei-templates/cve-less/plugins/wp-copysafe-web-79179ad54ba7abdd62ae8ef75c3ac232.yaml new file mode 100644 index 0000000000..c2d87f4d6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-copysafe-web-79179ad54ba7abdd62ae8ef75c3ac232.yaml @@ -0,0 +1,58 @@ +id: wp-copysafe-web-79179ad54ba7abdd62ae8ef75c3ac232 + +info: + name: > + CopySafe Web Protection < 2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f47d50dc-ec14-40c8-95a2-f393986ed71b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-copysafe-web/" + google-query: inurl:"/wp-content/plugins/wp-copysafe-web/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-copysafe-web,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-copysafe-web/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-copysafe-web" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cors-e46a5a03ceb7f18070858cdd9f1f8b5c.yaml b/nuclei-templates/cve-less/plugins/wp-cors-e46a5a03ceb7f18070858cdd9f1f8b5c.yaml new file mode 100644 index 0000000000..cbdeff83ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cors-e46a5a03ceb7f18070858cdd9f1f8b5c.yaml @@ -0,0 +1,58 @@ +id: wp-cors-e46a5a03ceb7f18070858cdd9f1f8b5c + +info: + name: > + WP-CORS <= 0.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d571dcc-74a4-4380-8961-890f10443b80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cors/" + google-query: inurl:"/wp-content/plugins/wp-cors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-countdown-block-c70d49119f4b9f186615bc657f763711.yaml b/nuclei-templates/cve-less/plugins/wp-countdown-block-c70d49119f4b9f186615bc657f763711.yaml new file mode 100644 index 0000000000..b8fd0876e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-countdown-block-c70d49119f4b9f186615bc657f763711.yaml @@ -0,0 +1,58 @@ +id: wp-countdown-block-c70d49119f4b9f186615bc657f763711 + +info: + name: > + Countdown Block <= 1.1.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a656052-3b8a-4a93-b4f8-372b448a8373?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-countdown-block/" + google-query: inurl:"/wp-content/plugins/wp-countdown-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-countdown-block,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-countdown-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-countdown-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-courses-863ed304215cd2e175d9703d88e6083d.yaml b/nuclei-templates/cve-less/plugins/wp-courses-863ed304215cd2e175d9703d88e6083d.yaml new file mode 100644 index 0000000000..4638802a53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-courses-863ed304215cd2e175d9703d88e6083d.yaml @@ -0,0 +1,58 @@ +id: wp-courses-863ed304215cd2e175d9703d88e6083d + +info: + name: > + WP Courses LMS < 2.0.44 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49fc7174-9263-4158-8cdc-cd249179eb3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-courses/" + google-query: inurl:"/wp-content/plugins/wp-courses/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-courses,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-courses/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-courses" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-courses-940c6ab33d2bde0b6449cfe6f3d13395.yaml b/nuclei-templates/cve-less/plugins/wp-courses-940c6ab33d2bde0b6449cfe6f3d13395.yaml new file mode 100644 index 0000000000..15cc7f95bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-courses-940c6ab33d2bde0b6449cfe6f3d13395.yaml @@ -0,0 +1,58 @@ +id: wp-courses-940c6ab33d2bde0b6449cfe6f3d13395 + +info: + name: > + WP Courses <= 2.0.28 - Improper Access Controls + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0bce89d-6b1d-4e7f-bd7f-6143a3b622de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-courses/" + google-query: inurl:"/wp-content/plugins/wp-courses/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-courses,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-courses/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-courses" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-crm-977852d7cbd71ce5f22a0af60232cc54.yaml b/nuclei-templates/cve-less/plugins/wp-crm-977852d7cbd71ce5f22a0af60232cc54.yaml new file mode 100644 index 0000000000..5a9d4d2d06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-crm-977852d7cbd71ce5f22a0af60232cc54.yaml @@ -0,0 +1,58 @@ +id: wp-crm-977852d7cbd71ce5f22a0af60232cc54 + +info: + name: > + WP-CRM – Customer Relations Management for WordPress <= 1.2.1 - CSV injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/313af4a0-f32b-443f-a976-e06499d3c94b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-crm/" + google-query: inurl:"/wp-content/plugins/wp-crm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-crm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-crm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-crm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-crm-system-0f98500a56d8bff1fd15d46c8720db00.yaml b/nuclei-templates/cve-less/plugins/wp-crm-system-0f98500a56d8bff1fd15d46c8720db00.yaml new file mode 100644 index 0000000000..b13431a47e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-crm-system-0f98500a56d8bff1fd15d46c8720db00.yaml @@ -0,0 +1,58 @@ +id: wp-crm-system-0f98500a56d8bff1fd15d46c8720db00 + +info: + name: > + WP-CRM System <= 3.2.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c70865c8-3c63-4988-a1fd-f8f10c20228f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-crm-system/" + google-query: inurl:"/wp-content/plugins/wp-crm-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-crm-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-crm-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-crm-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cron-dashboard-2f795470b566b4d4e27fdf7c4b01f4e4.yaml b/nuclei-templates/cve-less/plugins/wp-cron-dashboard-2f795470b566b4d4e27fdf7c4b01f4e4.yaml new file mode 100644 index 0000000000..9026ca726e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cron-dashboard-2f795470b566b4d4e27fdf7c4b01f4e4.yaml @@ -0,0 +1,58 @@ +id: wp-cron-dashboard-2f795470b566b4d4e27fdf7c4b01f4e4 + +info: + name: > + WP-Cron Dashboard < 1.1.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70ac8447-3d42-4577-8d46-528966a9f002?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cron-dashboard/" + google-query: inurl:"/wp-content/plugins/wp-cron-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cron-dashboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cron-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cron-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-crontrol-ab25c765042411f076e2c34c06b3fa2a.yaml b/nuclei-templates/cve-less/plugins/wp-crontrol-ab25c765042411f076e2c34c06b3fa2a.yaml new file mode 100644 index 0000000000..7e71cbe157 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-crontrol-ab25c765042411f076e2c34c06b3fa2a.yaml @@ -0,0 +1,58 @@ +id: wp-crontrol-ab25c765042411f076e2c34c06b3fa2a + +info: + name: > + WP Crontrol <= 1.16.1 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b0c1afc-0e77-4a56-89cb-84e2fcc8aa21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-crontrol/" + google-query: inurl:"/wp-content/plugins/wp-crontrol/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-crontrol,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-crontrol/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-crontrol" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-crowdfunding-1dcb303214a4e16964564ee6c958b8e1.yaml b/nuclei-templates/cve-less/plugins/wp-crowdfunding-1dcb303214a4e16964564ee6c958b8e1.yaml new file mode 100644 index 0000000000..7130279fd0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-crowdfunding-1dcb303214a4e16964564ee6c958b8e1.yaml @@ -0,0 +1,58 @@ +id: wp-crowdfunding-1dcb303214a4e16964564ee6c958b8e1 + +info: + name: > + WP Crowdfunding <= 2.1.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fb42402-4cd8-4d5d-b95a-47076ace27c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-crowdfunding/" + google-query: inurl:"/wp-content/plugins/wp-crowdfunding/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-crowdfunding,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-crowdfunding/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-crowdfunding" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-crowdfunding-1ed0f12e4f8286a9294dfd9901458db7.yaml b/nuclei-templates/cve-less/plugins/wp-crowdfunding-1ed0f12e4f8286a9294dfd9901458db7.yaml new file mode 100644 index 0000000000..8b63d814f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-crowdfunding-1ed0f12e4f8286a9294dfd9901458db7.yaml @@ -0,0 +1,58 @@ +id: wp-crowdfunding-1ed0f12e4f8286a9294dfd9901458db7 + +info: + name: > + WP Crowdfunding <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/294b5bd1-a7c8-4c06-b107-e80bf3b35da8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-crowdfunding/" + google-query: inurl:"/wp-content/plugins/wp-crowdfunding/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-crowdfunding,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-crowdfunding/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-crowdfunding" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-crowdfunding-53abed64d2c7da6e29618b2b45471eff.yaml b/nuclei-templates/cve-less/plugins/wp-crowdfunding-53abed64d2c7da6e29618b2b45471eff.yaml new file mode 100644 index 0000000000..a207f3636c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-crowdfunding-53abed64d2c7da6e29618b2b45471eff.yaml @@ -0,0 +1,58 @@ +id: wp-crowdfunding-53abed64d2c7da6e29618b2b45471eff + +info: + name: > + WP Crowdfunding <= 2.1.4 - Missing Authorization via settings_reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cddf4aa1-5c7d-4aa1-9384-1c352f0c6da9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-crowdfunding/" + google-query: inurl:"/wp-content/plugins/wp-crowdfunding/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-crowdfunding,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-crowdfunding/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-crowdfunding" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-crowdfunding-738aec4d264c39b57fdb9fa2e1cd1e49.yaml b/nuclei-templates/cve-less/plugins/wp-crowdfunding-738aec4d264c39b57fdb9fa2e1cd1e49.yaml new file mode 100644 index 0000000000..6a0a393bc9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-crowdfunding-738aec4d264c39b57fdb9fa2e1cd1e49.yaml @@ -0,0 +1,58 @@ +id: wp-crowdfunding-738aec4d264c39b57fdb9fa2e1cd1e49 + +info: + name: > + WP Crowdfunding <= 2.1.6 - Reflected Cross-Site Scripting via postid + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f13a432-e37d-4183-85ff-e2a04b40cda8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-crowdfunding/" + google-query: inurl:"/wp-content/plugins/wp-crowdfunding/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-crowdfunding,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-crowdfunding/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-crowdfunding" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-crowdfunding-91cfe4c5d855055ec913db3b32084f9f.yaml b/nuclei-templates/cve-less/plugins/wp-crowdfunding-91cfe4c5d855055ec913db3b32084f9f.yaml new file mode 100644 index 0000000000..d294bbf14a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-crowdfunding-91cfe4c5d855055ec913db3b32084f9f.yaml @@ -0,0 +1,58 @@ +id: wp-crowdfunding-91cfe4c5d855055ec913db3b32084f9f + +info: + name: > + WP Crowdfunding <= 2.1.7 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9842bb5-0a71-40a9-83bc-f1841b660693?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-crowdfunding/" + google-query: inurl:"/wp-content/plugins/wp-crowdfunding/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-crowdfunding,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-crowdfunding/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-crowdfunding" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-crowdfunding-c28a0d08c5fbf894a1f8488da42215b4.yaml b/nuclei-templates/cve-less/plugins/wp-crowdfunding-c28a0d08c5fbf894a1f8488da42215b4.yaml new file mode 100644 index 0000000000..aadf9b4462 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-crowdfunding-c28a0d08c5fbf894a1f8488da42215b4.yaml @@ -0,0 +1,58 @@ +id: wp-crowdfunding-c28a0d08c5fbf894a1f8488da42215b4 + +info: + name: > + WP Crowdfunding <= 2.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2546ea7e-133a-44b8-9cdb-1b345a45d583?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-crowdfunding/" + google-query: inurl:"/wp-content/plugins/wp-crowdfunding/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-crowdfunding,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-crowdfunding/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-crowdfunding" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-csv-1f51055337b26e17849cecf509bf67bf.yaml b/nuclei-templates/cve-less/plugins/wp-csv-1f51055337b26e17849cecf509bf67bf.yaml new file mode 100644 index 0000000000..9136ade31e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-csv-1f51055337b26e17849cecf509bf67bf.yaml @@ -0,0 +1,58 @@ +id: wp-csv-1f51055337b26e17849cecf509bf67bf + +info: + name: > + WP CSV <= 1.8.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75b91e92-7c00-447d-80fa-6e20ca8df7ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-csv/" + google-query: inurl:"/wp-content/plugins/wp-csv/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-csv,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-csv/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-csv" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-csv-exporter-4e6e2faa30d1cb67b640ff4b64c7c434.yaml b/nuclei-templates/cve-less/plugins/wp-csv-exporter-4e6e2faa30d1cb67b640ff4b64c7c434.yaml new file mode 100644 index 0000000000..ddf868762e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-csv-exporter-4e6e2faa30d1cb67b640ff4b64c7c434.yaml @@ -0,0 +1,58 @@ +id: wp-csv-exporter-4e6e2faa30d1cb67b640ff4b64c7c434 + +info: + name: > + WP CSV Exporter <= 1.3.6 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32f47b68-e1ae-4ed1-9513-bba60aab65fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-csv-exporter/" + google-query: inurl:"/wp-content/plugins/wp-csv-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-csv-exporter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-csv-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-csv-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-csv-exporter-968c8d1a2b35e84ec8cc4db089cc5a0f.yaml b/nuclei-templates/cve-less/plugins/wp-csv-exporter-968c8d1a2b35e84ec8cc4db089cc5a0f.yaml new file mode 100644 index 0000000000..3b33635770 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-csv-exporter-968c8d1a2b35e84ec8cc4db089cc5a0f.yaml @@ -0,0 +1,58 @@ +id: wp-csv-exporter-968c8d1a2b35e84ec8cc4db089cc5a0f + +info: + name: > + WP CSV Exporter <= 1.3.6 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/442551ba-409d-4b46-bdba-111a8df00a47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-csv-exporter/" + google-query: inurl:"/wp-content/plugins/wp-csv-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-csv-exporter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-csv-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-csv-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-csv-to-database-83d9cd71e386193f00255f0781416f64.yaml b/nuclei-templates/cve-less/plugins/wp-csv-to-database-83d9cd71e386193f00255f0781416f64.yaml new file mode 100644 index 0000000000..5f7eb7a545 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-csv-to-database-83d9cd71e386193f00255f0781416f64.yaml @@ -0,0 +1,58 @@ +id: wp-csv-to-database-83d9cd71e386193f00255f0781416f64 + +info: + name: > + WP CSV to Database <= 2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/136bf4c5-5309-479e-8d6b-f8a7334da9b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-csv-to-database/" + google-query: inurl:"/wp-content/plugins/wp-csv-to-database/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-csv-to-database,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-csv-to-database/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-csv-to-database" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cufon-ec9648c71f1130788ab995bdc3f376ab.yaml b/nuclei-templates/cve-less/plugins/wp-cufon-ec9648c71f1130788ab995bdc3f376ab.yaml new file mode 100644 index 0000000000..e8a14f8332 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cufon-ec9648c71f1130788ab995bdc3f376ab.yaml @@ -0,0 +1,58 @@ +id: wp-cufon-ec9648c71f1130788ab995bdc3f376ab + +info: + name: > + WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3041bb06-504c-4de1-8a1a-12041e09400e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cufon/" + google-query: inurl:"/wp-content/plugins/wp-cufon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cufon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cufon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cufon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cumulus-ac62ca2ddae58ee9be23fe2a4d7fe3df.yaml b/nuclei-templates/cve-less/plugins/wp-cumulus-ac62ca2ddae58ee9be23fe2a4d7fe3df.yaml new file mode 100644 index 0000000000..654d7ba484 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cumulus-ac62ca2ddae58ee9be23fe2a4d7fe3df.yaml @@ -0,0 +1,58 @@ +id: wp-cumulus-ac62ca2ddae58ee9be23fe2a4d7fe3df + +info: + name: > + WP-Cumulus <= 1.22 - Cross-Site Scripting via tagcloud + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a7737b3-d85b-471f-8252-3ee6b598786d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cumulus/" + google-query: inurl:"/wp-content/plugins/wp-cumulus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cumulus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cumulus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cumulus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cumulus-ae74e5195b986dc457ca3bcab394fb91.yaml b/nuclei-templates/cve-less/plugins/wp-cumulus-ae74e5195b986dc457ca3bcab394fb91.yaml new file mode 100644 index 0000000000..8f4dee90ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cumulus-ae74e5195b986dc457ca3bcab394fb91.yaml @@ -0,0 +1,58 @@ +id: wp-cumulus-ae74e5195b986dc457ca3bcab394fb91 + +info: + name: > + WP Cumulus < 1.22 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c637882-1854-4502-9907-88053d141cfc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cumulus/" + google-query: inurl:"/wp-content/plugins/wp-cumulus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cumulus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cumulus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cumulus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-cumulus-b5fa15c1717b09cfe3a9444e5c71ce00.yaml b/nuclei-templates/cve-less/plugins/wp-cumulus-b5fa15c1717b09cfe3a9444e5c71ce00.yaml new file mode 100644 index 0000000000..f33295bc2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-cumulus-b5fa15c1717b09cfe3a9444e5c71ce00.yaml @@ -0,0 +1,58 @@ +id: wp-cumulus-b5fa15c1717b09cfe3a9444e5c71ce00 + +info: + name: > + WP-Cumulus <= 1.20 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21ec0fc9-4fb2-43fd-aba5-8f452d35d7b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-cumulus/" + google-query: inurl:"/wp-content/plugins/wp-cumulus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-cumulus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-cumulus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-cumulus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-curriculo-vitae-3e2d48fb8718138bcd53c5ef0645702a.yaml b/nuclei-templates/cve-less/plugins/wp-curriculo-vitae-3e2d48fb8718138bcd53c5ef0645702a.yaml new file mode 100644 index 0000000000..45642bea2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-curriculo-vitae-3e2d48fb8718138bcd53c5ef0645702a.yaml @@ -0,0 +1,58 @@ +id: wp-curriculo-vitae-3e2d48fb8718138bcd53c5ef0645702a + +info: + name: > + WP-Curriculo Vitae Free <= 6.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bc0969f-7b29-41fb-8d41-869049f87c7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-curriculo-vitae/" + google-query: inurl:"/wp-content/plugins/wp-curriculo-vitae/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-curriculo-vitae,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-curriculo-vitae/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-curriculo-vitae" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-admin-interface-32ed4b36d9532730d50e66214a30b7fa.yaml b/nuclei-templates/cve-less/plugins/wp-custom-admin-interface-32ed4b36d9532730d50e66214a30b7fa.yaml new file mode 100644 index 0000000000..aaf357ad75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-admin-interface-32ed4b36d9532730d50e66214a30b7fa.yaml @@ -0,0 +1,58 @@ +id: wp-custom-admin-interface-32ed4b36d9532730d50e66214a30b7fa + +info: + name: > + WP Custom Admin Interface <= 7.28 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e57f4853-cade-4bb5-8f12-4a88a200921f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-admin-interface/" + google-query: inurl:"/wp-content/plugins/wp-custom-admin-interface/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-admin-interface,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-admin-interface/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-admin-interface" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-admin-interface-440ba93423360c612c2bdc92f81276f2.yaml b/nuclei-templates/cve-less/plugins/wp-custom-admin-interface-440ba93423360c612c2bdc92f81276f2.yaml new file mode 100644 index 0000000000..e4f6c70345 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-admin-interface-440ba93423360c612c2bdc92f81276f2.yaml @@ -0,0 +1,58 @@ +id: wp-custom-admin-interface-440ba93423360c612c2bdc92f81276f2 + +info: + name: > + WP Custom Admin Interface <= 7.31 - Missing Authorization via wpcai_pro_notice_disable + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b040f47-b126-4640-9fc5-bda8650f6c69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-admin-interface/" + google-query: inurl:"/wp-content/plugins/wp-custom-admin-interface/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-admin-interface,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-admin-interface/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-admin-interface" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-admin-interface-5bdecbba58ada95bd7bc5fd2be57ef44.yaml b/nuclei-templates/cve-less/plugins/wp-custom-admin-interface-5bdecbba58ada95bd7bc5fd2be57ef44.yaml new file mode 100644 index 0000000000..b1f07186d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-admin-interface-5bdecbba58ada95bd7bc5fd2be57ef44.yaml @@ -0,0 +1,58 @@ +id: wp-custom-admin-interface-5bdecbba58ada95bd7bc5fd2be57ef44 + +info: + name: > + WP Custom Admin Interface <= 7.32 - Missing Authorization to Transients Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/418b9138-9ae0-41f1-a75b-69cbcaffbb88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-admin-interface/" + google-query: inurl:"/wp-content/plugins/wp-custom-admin-interface/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-admin-interface,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-admin-interface/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-admin-interface" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-author-url-050cddb029ad5e41b8d75ac57910a3a4.yaml b/nuclei-templates/cve-less/plugins/wp-custom-author-url-050cddb029ad5e41b8d75ac57910a3a4.yaml new file mode 100644 index 0000000000..2b73ae7261 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-author-url-050cddb029ad5e41b8d75ac57910a3a4.yaml @@ -0,0 +1,58 @@ +id: wp-custom-author-url-050cddb029ad5e41b8d75ac57910a3a4 + +info: + name: > + WP Custom Author URL <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f3a57ce-eead-4631-93da-ba1a0a33ec2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-author-url/" + google-query: inurl:"/wp-content/plugins/wp-custom-author-url/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-author-url,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-author-url/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-author-url" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-body-class-64d4110e0f9003166c73a24b6fad0a3d.yaml b/nuclei-templates/cve-less/plugins/wp-custom-body-class-64d4110e0f9003166c73a24b6fad0a3d.yaml new file mode 100644 index 0000000000..ee07f33e09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-body-class-64d4110e0f9003166c73a24b6fad0a3d.yaml @@ -0,0 +1,58 @@ +id: wp-custom-body-class-64d4110e0f9003166c73a24b6fad0a3d + +info: + name: > + Custom Body Class <= 0.6.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69a9f449-9f94-4da3-9fd0-4eac72b6d8be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-body-class/" + google-query: inurl:"/wp-content/plugins/wp-custom-body-class/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-body-class,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-body-class/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-body-class" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-body-class-d03a7182da2d0e0b179ec3d956910e32.yaml b/nuclei-templates/cve-less/plugins/wp-custom-body-class-d03a7182da2d0e0b179ec3d956910e32.yaml new file mode 100644 index 0000000000..0db422f86c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-body-class-d03a7182da2d0e0b179ec3d956910e32.yaml @@ -0,0 +1,58 @@ +id: wp-custom-body-class-d03a7182da2d0e0b179ec3d956910e32 + +info: + name: > + Custom Body Class <= 0.6.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e013542-8a8c-440d-9130-61057d97990d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-body-class/" + google-query: inurl:"/wp-content/plugins/wp-custom-body-class/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-body-class,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-body-class/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-body-class" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-cursors-31292a415c3bd76b8562016d2514c1b7.yaml b/nuclei-templates/cve-less/plugins/wp-custom-cursors-31292a415c3bd76b8562016d2514c1b7.yaml new file mode 100644 index 0000000000..771125dfb8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-cursors-31292a415c3bd76b8562016d2514c1b7.yaml @@ -0,0 +1,58 @@ +id: wp-custom-cursors-31292a415c3bd76b8562016d2514c1b7 + +info: + name: > + WP Custom Cursors <= 3.0.1 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3034130-98f8-4907-862f-e04ff67b4d20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-cursors/" + google-query: inurl:"/wp-content/plugins/wp-custom-cursors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-cursors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-cursors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-cursors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-cursors-5c48a008fb4b7cf800ee3deda45c5f7c.yaml b/nuclei-templates/cve-less/plugins/wp-custom-cursors-5c48a008fb4b7cf800ee3deda45c5f7c.yaml new file mode 100644 index 0000000000..71b5b4fd21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-cursors-5c48a008fb4b7cf800ee3deda45c5f7c.yaml @@ -0,0 +1,58 @@ +id: wp-custom-cursors-5c48a008fb4b7cf800ee3deda45c5f7c + +info: + name: > + WP Custom Cursors | WordPress Cursor <= 3.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0c04f12-7602-4d57-aa0c-54ecbf7f8875?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-cursors/" + google-query: inurl:"/wp-content/plugins/wp-custom-cursors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-cursors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-cursors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-cursors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-cursors-9698878f57267bfd24968203a9fc1400.yaml b/nuclei-templates/cve-less/plugins/wp-custom-cursors-9698878f57267bfd24968203a9fc1400.yaml new file mode 100644 index 0000000000..f2699685fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-cursors-9698878f57267bfd24968203a9fc1400.yaml @@ -0,0 +1,58 @@ +id: wp-custom-cursors-9698878f57267bfd24968203a9fc1400 + +info: + name: > + WP Custom Cursors < 3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efadd529-f369-4c7a-ab71-170e72c997f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-cursors/" + google-query: inurl:"/wp-content/plugins/wp-custom-cursors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-cursors,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-cursors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-cursors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-cursors-990bebfd04ffccf7784d9ed7851bc9ac.yaml b/nuclei-templates/cve-less/plugins/wp-custom-cursors-990bebfd04ffccf7784d9ed7851bc9ac.yaml new file mode 100644 index 0000000000..9fb68fb59b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-cursors-990bebfd04ffccf7784d9ed7851bc9ac.yaml @@ -0,0 +1,58 @@ +id: wp-custom-cursors-990bebfd04ffccf7784d9ed7851bc9ac + +info: + name: > + WP Custom Cursors <= 3.0 - Cross-Site Request Forgery to Cursor Manipulation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/112e4abe-aac7-4fac-b03f-b998374846c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-cursors/" + google-query: inurl:"/wp-content/plugins/wp-custom-cursors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-cursors,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-cursors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-cursors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-cursors-ece3289501587998363581768a050e75.yaml b/nuclei-templates/cve-less/plugins/wp-custom-cursors-ece3289501587998363581768a050e75.yaml new file mode 100644 index 0000000000..da6907e6b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-cursors-ece3289501587998363581768a050e75.yaml @@ -0,0 +1,58 @@ +id: wp-custom-cursors-ece3289501587998363581768a050e75 + +info: + name: > + WP Custom Cursors <= 3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27885b7f-ef8c-45ea-995c-92cd1939e1c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-cursors/" + google-query: inurl:"/wp-content/plugins/wp-custom-cursors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-cursors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-cursors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-cursors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-fields-search-0b1be450ec6216c739b3d0139ea02732.yaml b/nuclei-templates/cve-less/plugins/wp-custom-fields-search-0b1be450ec6216c739b3d0139ea02732.yaml new file mode 100644 index 0000000000..5bd24ea9e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-fields-search-0b1be450ec6216c739b3d0139ea02732.yaml @@ -0,0 +1,58 @@ +id: wp-custom-fields-search-0b1be450ec6216c739b3d0139ea02732 + +info: + name: > + WP Custom Fields Search <= 1.2.34 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce106c3a-e99b-4182-84d8-8f896edbbefd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-fields-search/" + google-query: inurl:"/wp-content/plugins/wp-custom-fields-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-fields-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-fields-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-fields-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-fields-search-8eccd870a6d15f799494bf58d6a610b0.yaml b/nuclei-templates/cve-less/plugins/wp-custom-fields-search-8eccd870a6d15f799494bf58d6a610b0.yaml new file mode 100644 index 0000000000..5aed54124f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-fields-search-8eccd870a6d15f799494bf58d6a610b0.yaml @@ -0,0 +1,58 @@ +id: wp-custom-fields-search-8eccd870a6d15f799494bf58d6a610b0 + +info: + name: > + WP Custom Fields Search <= 0.3.28 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52696d42-b522-47d3-9a59-92078145c2be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-fields-search/" + google-query: inurl:"/wp-content/plugins/wp-custom-fields-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-fields-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-fields-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-fields-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-login-page-4fd05a735543332a71cc4808699480af.yaml b/nuclei-templates/cve-less/plugins/wp-custom-login-page-4fd05a735543332a71cc4808699480af.yaml new file mode 100644 index 0000000000..bab8bad87a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-login-page-4fd05a735543332a71cc4808699480af.yaml @@ -0,0 +1,58 @@ +id: wp-custom-login-page-4fd05a735543332a71cc4808699480af + +info: + name: > + Custom Login Page <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44cde2d1-8cb4-4185-a7e6-58a2bec0dae9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-login-page/" + google-query: inurl:"/wp-content/plugins/wp-custom-login-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-login-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-login-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-login-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-pages-4e0f6a7fdb6146beb66009561f485674.yaml b/nuclei-templates/cve-less/plugins/wp-custom-pages-4e0f6a7fdb6146beb66009561f485674.yaml new file mode 100644 index 0000000000..bbf7ad239b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-pages-4e0f6a7fdb6146beb66009561f485674.yaml @@ -0,0 +1,58 @@ +id: wp-custom-pages-4e0f6a7fdb6146beb66009561f485674 + +info: + name: > + WP Custom Pages <= 0.5.0.1 - Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b1b0dbd-084a-44e5-b711-1d5bafb0a300?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-pages/" + google-query: inurl:"/wp-content/plugins/wp-custom-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-post-template-fae9e4b7c0dc6fb3f6341b0fd31d1ab6.yaml b/nuclei-templates/cve-less/plugins/wp-custom-post-template-fae9e4b7c0dc6fb3f6341b0fd31d1ab6.yaml new file mode 100644 index 0000000000..4d65d0ed3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-post-template-fae9e4b7c0dc6fb3f6341b0fd31d1ab6.yaml @@ -0,0 +1,58 @@ +id: wp-custom-post-template-fae9e4b7c0dc6fb3f6341b0fd31d1ab6 + +info: + name: > + WP Custom Post Template <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b796b514-b6ca-4a22-9340-df02fec97075?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-post-template/" + google-query: inurl:"/wp-content/plugins/wp-custom-post-template/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-post-template,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-post-template/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-post-template" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-custom-widget-area-23aac587b81f89d6096ca89681943380.yaml b/nuclei-templates/cve-less/plugins/wp-custom-widget-area-23aac587b81f89d6096ca89681943380.yaml new file mode 100644 index 0000000000..6647fb2967 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-custom-widget-area-23aac587b81f89d6096ca89681943380.yaml @@ -0,0 +1,58 @@ +id: wp-custom-widget-area-23aac587b81f89d6096ca89681943380 + +info: + name: > + WP Custom Widget area <= 1.2.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64559d37-0c6b-45f5-8a2a-6e70cb5e423c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-custom-widget-area/" + google-query: inurl:"/wp-content/plugins/wp-custom-widget-area/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-custom-widget-area,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-custom-widget-area/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-custom-widget-area" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-customer-reviews-11af501cd400c11d4471a7dd2fad2f1e.yaml b/nuclei-templates/cve-less/plugins/wp-customer-reviews-11af501cd400c11d4471a7dd2fad2f1e.yaml new file mode 100644 index 0000000000..6bd4ca6707 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-customer-reviews-11af501cd400c11d4471a7dd2fad2f1e.yaml @@ -0,0 +1,58 @@ +id: wp-customer-reviews-11af501cd400c11d4471a7dd2fad2f1e + +info: + name: > + WP Customer Reviews <= 3.7.0 - Authenticated (Contributor+) Malicious Redirect via HTTP-EQUIV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1beb2a35-0346-4aa1-8cc3-a18a47e82eb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-customer-reviews/" + google-query: inurl:"/wp-content/plugins/wp-customer-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-customer-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-customer-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-customer-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-customer-reviews-6ed86de0b04577fc056eab4066eb09a3.yaml b/nuclei-templates/cve-less/plugins/wp-customer-reviews-6ed86de0b04577fc056eab4066eb09a3.yaml new file mode 100644 index 0000000000..39e0a76870 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-customer-reviews-6ed86de0b04577fc056eab4066eb09a3.yaml @@ -0,0 +1,58 @@ +id: wp-customer-reviews-6ed86de0b04577fc056eab4066eb09a3 + +info: + name: > + WP Customer Reviews <= 3.5.5 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd67e334-88fd-49c7-a20c-9c2f95e9950c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-customer-reviews/" + google-query: inurl:"/wp-content/plugins/wp-customer-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-customer-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-customer-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-customer-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-customer-reviews-a0746efee95fbf7d166096b25b7d8be2.yaml b/nuclei-templates/cve-less/plugins/wp-customer-reviews-a0746efee95fbf7d166096b25b7d8be2.yaml new file mode 100644 index 0000000000..fecff78c74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-customer-reviews-a0746efee95fbf7d166096b25b7d8be2.yaml @@ -0,0 +1,58 @@ +id: wp-customer-reviews-a0746efee95fbf7d166096b25b7d8be2 + +info: + name: > + WP Customer Reviews <= 3.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f81950be-de32-4fa1-94fe-42667414fe2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-customer-reviews/" + google-query: inurl:"/wp-content/plugins/wp-customer-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-customer-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-customer-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-customer-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-customer-reviews-b3f06bebea4c15ec9085029db00fb9fa.yaml b/nuclei-templates/cve-less/plugins/wp-customer-reviews-b3f06bebea4c15ec9085029db00fb9fa.yaml new file mode 100644 index 0000000000..01547cea05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-customer-reviews-b3f06bebea4c15ec9085029db00fb9fa.yaml @@ -0,0 +1,58 @@ +id: wp-customer-reviews-b3f06bebea4c15ec9085029db00fb9fa + +info: + name: > + WP Customer Reviews <= 3.4.2 - Multiple Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51e1a30e-774e-4478-be34-486ed4142a7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-customer-reviews/" + google-query: inurl:"/wp-content/plugins/wp-customer-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-customer-reviews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-customer-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-customer-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-customer-reviews-c2b458a87e9095667109688e878e4bb7.yaml b/nuclei-templates/cve-less/plugins/wp-customer-reviews-c2b458a87e9095667109688e878e4bb7.yaml new file mode 100644 index 0000000000..5d162689ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-customer-reviews-c2b458a87e9095667109688e878e4bb7.yaml @@ -0,0 +1,58 @@ +id: wp-customer-reviews-c2b458a87e9095667109688e878e4bb7 + +info: + name: > + WP Customer Reviews <= 3.6.6 - Authenticated (Subscriber+) Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24b9984c-ec33-4492-815b-67a21ac4da0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-customer-reviews/" + google-query: inurl:"/wp-content/plugins/wp-customer-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-customer-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-customer-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-customer-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-customer-reviews-daafab6254624f5514eee093537d860d.yaml b/nuclei-templates/cve-less/plugins/wp-customer-reviews-daafab6254624f5514eee093537d860d.yaml new file mode 100644 index 0000000000..a8c9c9d7de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-customer-reviews-daafab6254624f5514eee093537d860d.yaml @@ -0,0 +1,58 @@ +id: wp-customer-reviews-daafab6254624f5514eee093537d860d + +info: + name: > + WP Customer Reviews <= 3.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f70ec123-fff3-4f03-a424-37e0e579b765?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-customer-reviews/" + google-query: inurl:"/wp-content/plugins/wp-customer-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-customer-reviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-customer-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-customer-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-customer-reviews-e97ef8cef65f1238fc33971be91c7b6a.yaml b/nuclei-templates/cve-less/plugins/wp-customer-reviews-e97ef8cef65f1238fc33971be91c7b6a.yaml new file mode 100644 index 0000000000..bbe57c14a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-customer-reviews-e97ef8cef65f1238fc33971be91c7b6a.yaml @@ -0,0 +1,58 @@ +id: wp-customer-reviews-e97ef8cef65f1238fc33971be91c7b6a + +info: + name: > + Customer Reviews < 3.0.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f682b623-f9c5-44ce-90db-c6ee4c27a93b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-customer-reviews/" + google-query: inurl:"/wp-content/plugins/wp-customer-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-customer-reviews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-customer-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-customer-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-d3-5b558ed2503b6bdcb6a02e6d5ffb6d95.yaml b/nuclei-templates/cve-less/plugins/wp-d3-5b558ed2503b6bdcb6a02e6d5ffb6d95.yaml new file mode 100644 index 0000000000..99e4c31437 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-d3-5b558ed2503b6bdcb6a02e6d5ffb6d95.yaml @@ -0,0 +1,58 @@ +id: wp-d3-5b558ed2503b6bdcb6a02e6d5ffb6d95 + +info: + name: > + Wp-D3 < 2.4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec6331e1-7a7c-486d-873b-02b3af38387c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-d3/" + google-query: inurl:"/wp-content/plugins/wp-d3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-d3,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-d3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-d3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-d3-8e3ce96babe760c2cb16640799a8d0b9.yaml b/nuclei-templates/cve-less/plugins/wp-d3-8e3ce96babe760c2cb16640799a8d0b9.yaml new file mode 100644 index 0000000000..94a9168867 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-d3-8e3ce96babe760c2cb16640799a8d0b9.yaml @@ -0,0 +1,58 @@ +id: wp-d3-8e3ce96babe760c2cb16640799a8d0b9 + +info: + name: > + Wp-D3 <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89409461-c87e-4882-bf53-cc789e459b4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-d3/" + google-query: inurl:"/wp-content/plugins/wp-d3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-d3,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-d3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-d3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dark-mode-129be45dc62378c19cbd82aa0287c865.yaml b/nuclei-templates/cve-less/plugins/wp-dark-mode-129be45dc62378c19cbd82aa0287c865.yaml new file mode 100644 index 0000000000..ae49cbdc62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dark-mode-129be45dc62378c19cbd82aa0287c865.yaml @@ -0,0 +1,58 @@ +id: wp-dark-mode-129be45dc62378c19cbd82aa0287c865 + +info: + name: > + WP Dark Mode <= 4.0.7 - Authenticated (Subscriber+) Local File Inclusion via 'style' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d43234d0-5f44-4484-a8d6-16d43d1db51e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dark-mode/" + google-query: inurl:"/wp-content/plugins/wp-dark-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dark-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dark-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dark-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dark-mode-9b4ecfa65ce2bd75653c853011940f82.yaml b/nuclei-templates/cve-less/plugins/wp-dark-mode-9b4ecfa65ce2bd75653c853011940f82.yaml new file mode 100644 index 0000000000..be30368c8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dark-mode-9b4ecfa65ce2bd75653c853011940f82.yaml @@ -0,0 +1,58 @@ +id: wp-dark-mode-9b4ecfa65ce2bd75653c853011940f82 + +info: + name: > + WP Dark Mode <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/108f3e7b-f4c1-445c-914c-97960b21b5fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dark-mode/" + google-query: inurl:"/wp-content/plugins/wp-dark-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dark-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dark-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dark-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wp-dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..656d83b8d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wp-dark-mode-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dark-mode/" + google-query: inurl:"/wp-content/plugins/wp-dark-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dark-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dark-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dark-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dashboard-notes-49ce77ee7ff4dfc9b11f4efe4714eccb.yaml b/nuclei-templates/cve-less/plugins/wp-dashboard-notes-49ce77ee7ff4dfc9b11f4efe4714eccb.yaml new file mode 100644 index 0000000000..56013b1b3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dashboard-notes-49ce77ee7ff4dfc9b11f4efe4714eccb.yaml @@ -0,0 +1,58 @@ +id: wp-dashboard-notes-49ce77ee7ff4dfc9b11f4efe4714eccb + +info: + name: > + WP Dashboard Notes <= 1.0.10 - Missing Authorization to Arbitrary Private Notes Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64a36778-c17c-44ee-8b09-c221d27184f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dashboard-notes/" + google-query: inurl:"/wp-content/plugins/wp-dashboard-notes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dashboard-notes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dashboard-notes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dashboard-notes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dashboard-notes-d64722e01dc579e8e1b721ed84873800.yaml b/nuclei-templates/cve-less/plugins/wp-dashboard-notes-d64722e01dc579e8e1b721ed84873800.yaml new file mode 100644 index 0000000000..879e65638d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dashboard-notes-d64722e01dc579e8e1b721ed84873800.yaml @@ -0,0 +1,58 @@ +id: wp-dashboard-notes-d64722e01dc579e8e1b721ed84873800 + +info: + name: > + WP Dashboard Notes <= 1.0.10 - Insecure Direct Object References to Authenticated Private Note Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6f1233b-55d6-488a-8667-b5454f71020c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dashboard-notes/" + google-query: inurl:"/wp-content/plugins/wp-dashboard-notes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dashboard-notes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dashboard-notes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dashboard-notes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-data-access-69231840a822d24bacb2d776a5d46cf4.yaml b/nuclei-templates/cve-less/plugins/wp-data-access-69231840a822d24bacb2d776a5d46cf4.yaml new file mode 100644 index 0000000000..06489e9a47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-data-access-69231840a822d24bacb2d776a5d46cf4.yaml @@ -0,0 +1,58 @@ +id: wp-data-access-69231840a822d24bacb2d776a5d46cf4 + +info: + name: > + WP Data Access <= 5.3.7 - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f562e33-2aef-46f0-8a65-691155ede9e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-data-access/" + google-query: inurl:"/wp-content/plugins/wp-data-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-data-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-data-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-data-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-data-access-f5497363e91c49e85823434d8464dab9.yaml b/nuclei-templates/cve-less/plugins/wp-data-access-f5497363e91c49e85823434d8464dab9.yaml new file mode 100644 index 0000000000..9ee8c20539 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-data-access-f5497363e91c49e85823434d8464dab9.yaml @@ -0,0 +1,58 @@ +id: wp-data-access-f5497363e91c49e85823434d8464dab9 + +info: + name: > + WP Data Access <= 4.3.1 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cb9cc24-920f-402d-8a87-8b6c6a1b1a51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-data-access/" + google-query: inurl:"/wp-content/plugins/wp-data-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-data-access,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-data-access/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-data-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-database-admin-6cf9abd0a55631980f6943dc1552464b.yaml b/nuclei-templates/cve-less/plugins/wp-database-admin-6cf9abd0a55631980f6943dc1552464b.yaml new file mode 100644 index 0000000000..deaa5e94bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-database-admin-6cf9abd0a55631980f6943dc1552464b.yaml @@ -0,0 +1,58 @@ +id: wp-database-admin-6cf9abd0a55631980f6943dc1552464b + +info: + name: > + WordPress Database Administrator <= 1.0.3 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c314acf-d5bb-433a-8e2d-4ca333944bb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-database-admin/" + google-query: inurl:"/wp-content/plugins/wp-database-admin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-database-admin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-database-admin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-database-admin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-database-backup-01a81435c686a1247dfccda6d4fceb1e.yaml b/nuclei-templates/cve-less/plugins/wp-database-backup-01a81435c686a1247dfccda6d4fceb1e.yaml new file mode 100644 index 0000000000..ebd99857cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-database-backup-01a81435c686a1247dfccda6d4fceb1e.yaml @@ -0,0 +1,58 @@ +id: wp-database-backup-01a81435c686a1247dfccda6d4fceb1e + +info: + name: > + WP Database Backup <= 4.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acf1e98a-9e9d-453d-afce-6e47fce3a2d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-database-backup/" + google-query: inurl:"/wp-content/plugins/wp-database-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-database-backup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-database-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-database-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-database-backup-0ccf2aeb067cc807426227d06027c42a.yaml b/nuclei-templates/cve-less/plugins/wp-database-backup-0ccf2aeb067cc807426227d06027c42a.yaml new file mode 100644 index 0000000000..8858f9d2ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-database-backup-0ccf2aeb067cc807426227d06027c42a.yaml @@ -0,0 +1,58 @@ +id: wp-database-backup-0ccf2aeb067cc807426227d06027c42a + +info: + name: > + WP Database Backup <= 5.5 - Unauthenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c58a2de0-8bb3-4e48-889e-0a8f47ca2959?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-database-backup/" + google-query: inurl:"/wp-content/plugins/wp-database-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-database-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-database-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-database-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-database-backup-230f648691b91c6194be1f415c1bb8f9.yaml b/nuclei-templates/cve-less/plugins/wp-database-backup-230f648691b91c6194be1f415c1bb8f9.yaml new file mode 100644 index 0000000000..023c4a8f54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-database-backup-230f648691b91c6194be1f415c1bb8f9.yaml @@ -0,0 +1,58 @@ +id: wp-database-backup-230f648691b91c6194be1f415c1bb8f9 + +info: + name: > + WP Database Backup <= 4.3.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30b9c4ca-1744-4907-930b-28ef5494d29c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-database-backup/" + google-query: inurl:"/wp-content/plugins/wp-database-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-database-backup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-database-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-database-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-database-backup-434ae7a95fc78d705c7843354abb6396.yaml b/nuclei-templates/cve-less/plugins/wp-database-backup-434ae7a95fc78d705c7843354abb6396.yaml new file mode 100644 index 0000000000..303e1e4069 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-database-backup-434ae7a95fc78d705c7843354abb6396.yaml @@ -0,0 +1,58 @@ +id: wp-database-backup-434ae7a95fc78d705c7843354abb6396 + +info: + name: > + WP Database Backup <= 4.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17422c79-494a-4c90-a48c-1aad9e0fa4c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-database-backup/" + google-query: inurl:"/wp-content/plugins/wp-database-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-database-backup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-database-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-database-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-database-backup-570d7dad3e17c051e824f46c008efb18.yaml b/nuclei-templates/cve-less/plugins/wp-database-backup-570d7dad3e17c051e824f46c008efb18.yaml new file mode 100644 index 0000000000..069ae3eb9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-database-backup-570d7dad3e17c051e824f46c008efb18.yaml @@ -0,0 +1,58 @@ +id: wp-database-backup-570d7dad3e17c051e824f46c008efb18 + +info: + name: > + WP Database Backup <= 5.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ccd7f4e-46c6-4783-9a3f-30c72bbc981e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-database-backup/" + google-query: inurl:"/wp-content/plugins/wp-database-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-database-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-database-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-database-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-database-backup-71e8880d940289fc5d83f840f7f72d23.yaml b/nuclei-templates/cve-less/plugins/wp-database-backup-71e8880d940289fc5d83f840f7f72d23.yaml new file mode 100644 index 0000000000..7530a283b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-database-backup-71e8880d940289fc5d83f840f7f72d23.yaml @@ -0,0 +1,58 @@ +id: wp-database-backup-71e8880d940289fc5d83f840f7f72d23 + +info: + name: > + WP Database Backup <= 5.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf0f87fe-d318-4f49-993c-3255f4e77ef1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-database-backup/" + google-query: inurl:"/wp-content/plugins/wp-database-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-database-backup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-database-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-database-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-database-backup-8927f27721e1d8b23d2e73cb09a3c9b9.yaml b/nuclei-templates/cve-less/plugins/wp-database-backup-8927f27721e1d8b23d2e73cb09a3c9b9.yaml new file mode 100644 index 0000000000..3e66b68d4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-database-backup-8927f27721e1d8b23d2e73cb09a3c9b9.yaml @@ -0,0 +1,58 @@ +id: wp-database-backup-8927f27721e1d8b23d2e73cb09a3c9b9 + +info: + name: > + WP Database Backup <= 5.8.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f49670e-6a7f-46f9-ad1e-44f66dc32f7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-database-backup/" + google-query: inurl:"/wp-content/plugins/wp-database-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-database-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-database-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-database-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-database-backup-ad22dd4e7945e819f768594bfd7f51a8.yaml b/nuclei-templates/cve-less/plugins/wp-database-backup-ad22dd4e7945e819f768594bfd7f51a8.yaml new file mode 100644 index 0000000000..92d1183f2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-database-backup-ad22dd4e7945e819f768594bfd7f51a8.yaml @@ -0,0 +1,58 @@ +id: wp-database-backup-ad22dd4e7945e819f768594bfd7f51a8 + +info: + name: > + WP Database Backup <= 4.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c80d994e-997f-457b-b6f9-3589815dc86e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-database-backup/" + google-query: inurl:"/wp-content/plugins/wp-database-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-database-backup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-database-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-database-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-datepicker-e6aa8433ac2636bbe0e1dd25466b1760.yaml b/nuclei-templates/cve-less/plugins/wp-datepicker-e6aa8433ac2636bbe0e1dd25466b1760.yaml new file mode 100644 index 0000000000..05e72d9cf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-datepicker-e6aa8433ac2636bbe0e1dd25466b1760.yaml @@ -0,0 +1,58 @@ +id: wp-datepicker-e6aa8433ac2636bbe0e1dd25466b1760 + +info: + name: > + WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45a42f20-a4d7-4c8e-a144-505a6723a2a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-datepicker/" + google-query: inurl:"/wp-content/plugins/wp-datepicker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-datepicker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-datepicker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-datepicker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-db-backup-067d3779b4dc783cbbb0a5aaab128700.yaml b/nuclei-templates/cve-less/plugins/wp-db-backup-067d3779b4dc783cbbb0a5aaab128700.yaml new file mode 100644 index 0000000000..b3a1a67bf9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-db-backup-067d3779b4dc783cbbb0a5aaab128700.yaml @@ -0,0 +1,58 @@ +id: wp-db-backup-067d3779b4dc783cbbb0a5aaab128700 + +info: + name: > + Database Backup for WordPress <= 2.3.3 - Authenticated Stored Cross-Site Scripting via backup_receipient Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/453c656a-c26d-44c3-bc7d-7fc502a00b03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-db-backup/" + google-query: inurl:"/wp-content/plugins/wp-db-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-db-backup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-db-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-db-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-db-backup-39941d45971237ca65a192ec3e53bd89.yaml b/nuclei-templates/cve-less/plugins/wp-db-backup-39941d45971237ca65a192ec3e53bd89.yaml new file mode 100644 index 0000000000..86c7e2e56c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-db-backup-39941d45971237ca65a192ec3e53bd89.yaml @@ -0,0 +1,58 @@ +id: wp-db-backup-39941d45971237ca65a192ec3e53bd89 + +info: + name: > + Database Backup for WordPress <= 2.2.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b73d309-5c3a-4a46-95df-fd7a59c66275?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-db-backup/" + google-query: inurl:"/wp-content/plugins/wp-db-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-db-backup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-db-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-db-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-db-backup-5741da0b171618ff87448def21553be2.yaml b/nuclei-templates/cve-less/plugins/wp-db-backup-5741da0b171618ff87448def21553be2.yaml new file mode 100644 index 0000000000..e8088df529 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-db-backup-5741da0b171618ff87448def21553be2.yaml @@ -0,0 +1,58 @@ +id: wp-db-backup-5741da0b171618ff87448def21553be2 + +info: + name: > + Database Backup for WordPress <= 2.5.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/211350ac-24c4-4aa7-aea6-5dc44f753185?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-db-backup/" + google-query: inurl:"/wp-content/plugins/wp-db-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-db-backup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-db-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-db-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-db-backup-b872392d30229399db8513dcb00793fb.yaml b/nuclei-templates/cve-less/plugins/wp-db-backup-b872392d30229399db8513dcb00793fb.yaml new file mode 100644 index 0000000000..800cf3932b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-db-backup-b872392d30229399db8513dcb00793fb.yaml @@ -0,0 +1,58 @@ +id: wp-db-backup-b872392d30229399db8513dcb00793fb + +info: + name: > + Database Backup for WordPress <= 2.5 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4062f981-a1d2-4e54-8fd9-f8855af0a7db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-db-backup/" + google-query: inurl:"/wp-content/plugins/wp-db-backup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-db-backup,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-db-backup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-db-backup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-db-backup.php-1354435c4f5fd2cf36a77bfe4d9efd70.yaml b/nuclei-templates/cve-less/plugins/wp-db-backup.php-1354435c4f5fd2cf36a77bfe4d9efd70.yaml new file mode 100644 index 0000000000..9e3a1756f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-db-backup.php-1354435c4f5fd2cf36a77bfe4d9efd70.yaml @@ -0,0 +1,58 @@ +id: wp-db-backup.php-1354435c4f5fd2cf36a77bfe4d9efd70 + +info: + name: > + Skippy WP-DB Backup (Legacy Plugin) <= 1.7 - Authenticated (Admin+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e38b567-9567-4b08-8fab-3971547394b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-db-backup.php/" + google-query: inurl:"/wp-content/plugins/wp-db-backup.php/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-db-backup.php,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-db-backup.php/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-db-backup.php" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dbmanager-2e5e8e1009429a76d7f18bdd3c57a7a9.yaml b/nuclei-templates/cve-less/plugins/wp-dbmanager-2e5e8e1009429a76d7f18bdd3c57a7a9.yaml new file mode 100644 index 0000000000..02077dc034 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dbmanager-2e5e8e1009429a76d7f18bdd3c57a7a9.yaml @@ -0,0 +1,58 @@ +id: wp-dbmanager-2e5e8e1009429a76d7f18bdd3c57a7a9 + +info: + name: > + WP DB Manager < 2.7.2 - Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c3192ee-f241-47b2-b10f-fc38f394012a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dbmanager/" + google-query: inurl:"/wp-content/plugins/wp-dbmanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dbmanager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dbmanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dbmanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dbmanager-46753bc0e0a5000c6953d11b4c87a555.yaml b/nuclei-templates/cve-less/plugins/wp-dbmanager-46753bc0e0a5000c6953d11b4c87a555.yaml new file mode 100644 index 0000000000..1ea76dae95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dbmanager-46753bc0e0a5000c6953d11b4c87a555.yaml @@ -0,0 +1,58 @@ +id: wp-dbmanager-46753bc0e0a5000c6953d11b4c87a555 + +info: + name: > + WP-DBManager < 2.72 - Command Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7aca3b02-6c97-4d86-9378-e808c184e84c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dbmanager/" + google-query: inurl:"/wp-content/plugins/wp-dbmanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dbmanager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dbmanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dbmanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.72') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dbmanager-d56c9f9434c8eee9514eb927acff9263.yaml b/nuclei-templates/cve-less/plugins/wp-dbmanager-d56c9f9434c8eee9514eb927acff9263.yaml new file mode 100644 index 0000000000..d4fd6ae31d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dbmanager-d56c9f9434c8eee9514eb927acff9263.yaml @@ -0,0 +1,58 @@ +id: wp-dbmanager-d56c9f9434c8eee9514eb927acff9263 + +info: + name: > + WP-DBManager < 2.72 - OS Command Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de476d40-47eb-417f-927f-d80d32745965?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dbmanager/" + google-query: inurl:"/wp-content/plugins/wp-dbmanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dbmanager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dbmanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dbmanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.72') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dbmanager-ee247de60df1bfe0f1ecd93cf598296f.yaml b/nuclei-templates/cve-less/plugins/wp-dbmanager-ee247de60df1bfe0f1ecd93cf598296f.yaml new file mode 100644 index 0000000000..af297f3743 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dbmanager-ee247de60df1bfe0f1ecd93cf598296f.yaml @@ -0,0 +1,58 @@ +id: wp-dbmanager-ee247de60df1bfe0f1ecd93cf598296f + +info: + name: > + WP-DBManager <= 2.80.7 - Authenticated (Admin+) Remote Code Execution on Multi-Site + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00500322-0984-49f5-8a6f-8cf72d125e6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dbmanager/" + google-query: inurl:"/wp-content/plugins/wp-dbmanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dbmanager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dbmanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dbmanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.80.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-debugging-7f4824acb6f88f468d76a43937c8bc24.yaml b/nuclei-templates/cve-less/plugins/wp-debugging-7f4824acb6f88f468d76a43937c8bc24.yaml new file mode 100644 index 0000000000..8e48bcbbca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-debugging-7f4824acb6f88f468d76a43937c8bc24.yaml @@ -0,0 +1,58 @@ +id: wp-debugging-7f4824acb6f88f468d76a43937c8bc24 + +info: + name: > + WP Debugging <= 2.10.2 - Unauthenticated Plugin Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c6aef41-e4f9-4494-a5fd-47f55973d1d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-debugging/" + google-query: inurl:"/wp-content/plugins/wp-debugging/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-debugging,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-debugging/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-debugging" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-default-feature-image-498a64542dbb51a5eba70d23bf7af5b7.yaml b/nuclei-templates/cve-less/plugins/wp-default-feature-image-498a64542dbb51a5eba70d23bf7af5b7.yaml new file mode 100644 index 0000000000..2955aa1b1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-default-feature-image-498a64542dbb51a5eba70d23bf7af5b7.yaml @@ -0,0 +1,58 @@ +id: wp-default-feature-image-498a64542dbb51a5eba70d23bf7af5b7 + +info: + name: > + WP Default Feature Image <= 1.0.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/380024dc-ed2a-4a7b-b5f8-47879ad2d659?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-default-feature-image/" + google-query: inurl:"/wp-content/plugins/wp-default-feature-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-default-feature-image,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-default-feature-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-default-feature-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-design-maps-places-9a9c52cdec433248e8d2c508fc3c6161.yaml b/nuclei-templates/cve-less/plugins/wp-design-maps-places-9a9c52cdec433248e8d2c508fc3c6161.yaml new file mode 100644 index 0000000000..485ae88bd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-design-maps-places-9a9c52cdec433248e8d2c508fc3c6161.yaml @@ -0,0 +1,58 @@ +id: wp-design-maps-places-9a9c52cdec433248e8d2c508fc3c6161 + +info: + name: > + WP Design Maps & Places <= 1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddd2c0c2-49b5-4745-9e52-d0ae6b997640?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-design-maps-places/" + google-query: inurl:"/wp-content/plugins/wp-design-maps-places/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-design-maps-places,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-design-maps-places/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-design-maps-places" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dialog-0b351fbbceddd3af3b8762c10e45e612.yaml b/nuclei-templates/cve-less/plugins/wp-dialog-0b351fbbceddd3af3b8762c10e45e612.yaml new file mode 100644 index 0000000000..26880b0c6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dialog-0b351fbbceddd3af3b8762c10e45e612.yaml @@ -0,0 +1,58 @@ +id: wp-dialog-0b351fbbceddd3af3b8762c10e45e612 + +info: + name: > + WP Dialog <= 1.2.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03d02297-0cc6-4935-b282-9b95d8292954?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dialog/" + google-query: inurl:"/wp-content/plugins/wp-dialog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dialog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dialog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dialog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-discord-invite-9f99c3916170112c6519a28e2f1378e6.yaml b/nuclei-templates/cve-less/plugins/wp-discord-invite-9f99c3916170112c6519a28e2f1378e6.yaml new file mode 100644 index 0000000000..5bb1a5297f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-discord-invite-9f99c3916170112c6519a28e2f1378e6.yaml @@ -0,0 +1,58 @@ +id: wp-discord-invite-9f99c3916170112c6519a28e2f1378e6 + +info: + name: > + WP Discord Invite <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc4048a9-b69c-4f4c-8a30-e57bb057b00c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-discord-invite/" + google-query: inurl:"/wp-content/plugins/wp-discord-invite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-discord-invite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-discord-invite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-discord-invite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-discord-invite-d4039daa19b11d4d7dd3d98ae4448907.yaml b/nuclei-templates/cve-less/plugins/wp-discord-invite-d4039daa19b11d4d7dd3d98ae4448907.yaml new file mode 100644 index 0000000000..bcde66fd94 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-discord-invite-d4039daa19b11d4d7dd3d98ae4448907.yaml @@ -0,0 +1,58 @@ +id: wp-discord-invite-d4039daa19b11d4d7dd3d98ae4448907 + +info: + name: > + WP Discord Invite < 2.5.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d92bfa61-7ae2-427a-8f3a-82709471735b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-discord-invite/" + google-query: inurl:"/wp-content/plugins/wp-discord-invite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-discord-invite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-discord-invite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-discord-invite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-discussion-board-78755e457e479cae23d5dca42eeac5db.yaml b/nuclei-templates/cve-less/plugins/wp-discussion-board-78755e457e479cae23d5dca42eeac5db.yaml new file mode 100644 index 0000000000..30b754b48d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-discussion-board-78755e457e479cae23d5dca42eeac5db.yaml @@ -0,0 +1,58 @@ +id: wp-discussion-board-78755e457e479cae23d5dca42eeac5db + +info: + name: > + Discussion Board <= 2.4.8 - Authenticated (Subscriber+) Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e9d7776-aa96-47c8-9e31-5484ab65bc66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-discussion-board/" + google-query: inurl:"/wp-content/plugins/wp-discussion-board/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-discussion-board,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-discussion-board/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-discussion-board" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-display-users-426286a65b9c6cb22be8026fc66ac3eb.yaml b/nuclei-templates/cve-less/plugins/wp-display-users-426286a65b9c6cb22be8026fc66ac3eb.yaml new file mode 100644 index 0000000000..0b8f1d0194 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-display-users-426286a65b9c6cb22be8026fc66ac3eb.yaml @@ -0,0 +1,58 @@ +id: wp-display-users-426286a65b9c6cb22be8026fc66ac3eb + +info: + name: > + Display Users <= 2.0.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/660058f0-ccd9-4bb9-9e11-f1e1d1100ef2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-display-users/" + google-query: inurl:"/wp-content/plugins/wp-display-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-display-users,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-display-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-display-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-docs-35dda5414154f53d96b973b68d2be63d.yaml b/nuclei-templates/cve-less/plugins/wp-docs-35dda5414154f53d96b973b68d2be63d.yaml new file mode 100644 index 0000000000..5b26208800 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-docs-35dda5414154f53d96b973b68d2be63d.yaml @@ -0,0 +1,58 @@ +id: wp-docs-35dda5414154f53d96b973b68d2be63d + +info: + name: > + WP Docs <= 1.9.8 - Cross-Site Request Forgery to folder management + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6003b1bf-b176-4ca9-9de2-58133259e0f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-docs/" + google-query: inurl:"/wp-content/plugins/wp-docs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-docs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-docs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-docs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-docs-8438c9473d07feba9507b08f7b2ca394.yaml b/nuclei-templates/cve-less/plugins/wp-docs-8438c9473d07feba9507b08f7b2ca394.yaml new file mode 100644 index 0000000000..5bdffff55c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-docs-8438c9473d07feba9507b08f7b2ca394.yaml @@ -0,0 +1,58 @@ +id: wp-docs-8438c9473d07feba9507b08f7b2ca394 + +info: + name: > + WP Docs <= 1.9.8 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45a870f4-7ad1-447b-81ea-5d9e9b67b1bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-docs/" + google-query: inurl:"/wp-content/plugins/wp-docs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-docs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-docs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-docs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-docs-de718f2bd31fc4ccd0bdde8aa56c6557.yaml b/nuclei-templates/cve-less/plugins/wp-docs-de718f2bd31fc4ccd0bdde8aa56c6557.yaml new file mode 100644 index 0000000000..8f28c4e6ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-docs-de718f2bd31fc4ccd0bdde8aa56c6557.yaml @@ -0,0 +1,58 @@ +id: wp-docs-de718f2bd31fc4ccd0bdde8aa56c6557 + +info: + name: > + WP Docs <= 1.9.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ac15c0d-74d3-4121-a63e-97dbbe594274?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-docs/" + google-query: inurl:"/wp-content/plugins/wp-docs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-docs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-docs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-docs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-domain-redirect-4e4e50f7a420b0e140281c805ef6a928.yaml b/nuclei-templates/cve-less/plugins/wp-domain-redirect-4e4e50f7a420b0e140281c805ef6a928.yaml new file mode 100644 index 0000000000..af6c3c0fb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-domain-redirect-4e4e50f7a420b0e140281c805ef6a928.yaml @@ -0,0 +1,58 @@ +id: wp-domain-redirect-4e4e50f7a420b0e140281c805ef6a928 + +info: + name: > + WP Domain Redirect <= 1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/188b6da2-1d4f-44af-82e1-a642170bcb36?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-domain-redirect/" + google-query: inurl:"/wp-content/plugins/wp-domain-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-domain-redirect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-domain-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-domain-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-donate-9f7bf70b345ad8176b09c272029728d7.yaml b/nuclei-templates/cve-less/plugins/wp-donate-9f7bf70b345ad8176b09c272029728d7.yaml new file mode 100644 index 0000000000..88dd4eba43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-donate-9f7bf70b345ad8176b09c272029728d7.yaml @@ -0,0 +1,58 @@ +id: wp-donate-9f7bf70b345ad8176b09c272029728d7 + +info: + name: > + WP Donate <= 1.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ef36265-bf71-4b6a-ae76-9318d6896aac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-donate/" + google-query: inurl:"/wp-content/plugins/wp-donate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-donate,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-donate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-donate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-downgrade-c8a533331a66588a41e484e2593bc634.yaml b/nuclei-templates/cve-less/plugins/wp-downgrade-c8a533331a66588a41e484e2593bc634.yaml new file mode 100644 index 0000000000..83f8f631a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-downgrade-c8a533331a66588a41e484e2593bc634.yaml @@ -0,0 +1,58 @@ +id: wp-downgrade-c8a533331a66588a41e484e2593bc634 + +info: + name: > + WP Downgrade <= 1.2.2 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d1f9fb7-fcb8-41ec-8c2f-0864e245f873?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-downgrade/" + google-query: inurl:"/wp-content/plugins/wp-downgrade/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-downgrade,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-downgrade/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-downgrade" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-download-38075b2ddd2270a10fc2d087e129aea8.yaml b/nuclei-templates/cve-less/plugins/wp-download-38075b2ddd2270a10fc2d087e129aea8.yaml new file mode 100644 index 0000000000..8769b638a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-download-38075b2ddd2270a10fc2d087e129aea8.yaml @@ -0,0 +1,58 @@ +id: wp-download-38075b2ddd2270a10fc2d087e129aea8 + +info: + name: > + WP-Download <= 1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb8232cd-4fd5-4e0f-90d0-91e5eb7e70c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-download/" + google-query: inurl:"/wp-content/plugins/wp-download/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-download,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-download/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-download" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-download-manager-f8b195ad87a5a50c5754f7800933e00c.yaml b/nuclei-templates/cve-less/plugins/wp-download-manager-f8b195ad87a5a50c5754f7800933e00c.yaml new file mode 100644 index 0000000000..c0774cefc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-download-manager-f8b195ad87a5a50c5754f7800933e00c.yaml @@ -0,0 +1,58 @@ +id: wp-download-manager-f8b195ad87a5a50c5754f7800933e00c + +info: + name: > + WP-DownloadManager Plugin < 1.61 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/822f5b92-8c58-4132-80a7-d15e1215c934?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-download-manager/" + google-query: inurl:"/wp-content/plugins/wp-download-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-download-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-download-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-download-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.61') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-downloadmanager-2a2c96d8b7e05bdda2ce23679852b0ec.yaml b/nuclei-templates/cve-less/plugins/wp-downloadmanager-2a2c96d8b7e05bdda2ce23679852b0ec.yaml new file mode 100644 index 0000000000..a224ca471b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-downloadmanager-2a2c96d8b7e05bdda2ce23679852b0ec.yaml @@ -0,0 +1,58 @@ +id: wp-downloadmanager-2a2c96d8b7e05bdda2ce23679852b0ec + +info: + name: > + WP-DownloadManager <= 1.68.4 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfe48948-7fc9-4806-b1b5-9fac5a6c7d96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-downloadmanager/" + google-query: inurl:"/wp-content/plugins/wp-downloadmanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-downloadmanager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-downloadmanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-downloadmanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.68.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-downloadmanager-46ca57fda9611a4d8d3fe3eb2317d1ac.yaml b/nuclei-templates/cve-less/plugins/wp-downloadmanager-46ca57fda9611a4d8d3fe3eb2317d1ac.yaml new file mode 100644 index 0000000000..a80054ebfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-downloadmanager-46ca57fda9611a4d8d3fe3eb2317d1ac.yaml @@ -0,0 +1,58 @@ +id: wp-downloadmanager-46ca57fda9611a4d8d3fe3eb2317d1ac + +info: + name: > + WP-DownloadManager <= 1.68.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f15d39ba-9211-4d35-8252-20d53c6bc249?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-downloadmanager/" + google-query: inurl:"/wp-content/plugins/wp-downloadmanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-downloadmanager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-downloadmanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-downloadmanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.68.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-downloadmanager-504f4fd7f6488b8460fa7b0e025293ef.yaml b/nuclei-templates/cve-less/plugins/wp-downloadmanager-504f4fd7f6488b8460fa7b0e025293ef.yaml new file mode 100644 index 0000000000..552526ee47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-downloadmanager-504f4fd7f6488b8460fa7b0e025293ef.yaml @@ -0,0 +1,58 @@ +id: wp-downloadmanager-504f4fd7f6488b8460fa7b0e025293ef + +info: + name: > + WP-DownloadManager plugin <= 1.68.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a27da737-d925-471f-b0e0-25bc27a95714?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-downloadmanager/" + google-query: inurl:"/wp-content/plugins/wp-downloadmanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-downloadmanager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-downloadmanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-downloadmanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.68.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-downloadmanager-fde55a7ed22dac34f683215367ee2443.yaml b/nuclei-templates/cve-less/plugins/wp-downloadmanager-fde55a7ed22dac34f683215367ee2443.yaml new file mode 100644 index 0000000000..dee72dac7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-downloadmanager-fde55a7ed22dac34f683215367ee2443.yaml @@ -0,0 +1,58 @@ +id: wp-downloadmanager-fde55a7ed22dac34f683215367ee2443 + +info: + name: > + WP-DownloadManager plugin <= 1.68.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bede3241-6383-4bdb-ac28-cd9781b608d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-downloadmanager/" + google-query: inurl:"/wp-content/plugins/wp-downloadmanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-downloadmanager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-downloadmanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-downloadmanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.68.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dreamworkgallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-dreamworkgallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..4ab497ad3e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dreamworkgallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-dreamworkgallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dreamworkgallery/" + google-query: inurl:"/wp-content/plugins/wp-dreamworkgallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dreamworkgallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dreamworkgallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dreamworkgallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ds-blog-map-7fd62997a96edc06785da25d5644aff0.yaml b/nuclei-templates/cve-less/plugins/wp-ds-blog-map-7fd62997a96edc06785da25d5644aff0.yaml new file mode 100644 index 0000000000..84aa034174 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ds-blog-map-7fd62997a96edc06785da25d5644aff0.yaml @@ -0,0 +1,58 @@ +id: wp-ds-blog-map-7fd62997a96edc06785da25d5644aff0 + +info: + name: > + WP DS Blog Map <= 3.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89384b42-8c66-469d-a7d2-1c50c89cfe7e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ds-blog-map/" + google-query: inurl:"/wp-content/plugins/wp-ds-blog-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ds-blog-map,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ds-blog-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ds-blog-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dtree-30-1f13b5881c3d355245302cf4439befbf.yaml b/nuclei-templates/cve-less/plugins/wp-dtree-30-1f13b5881c3d355245302cf4439befbf.yaml new file mode 100644 index 0000000000..1d4286e21d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dtree-30-1f13b5881c3d355245302cf4439befbf.yaml @@ -0,0 +1,58 @@ +id: wp-dtree-30-1f13b5881c3d355245302cf4439befbf + +info: + name: > + WP-dTree <= 4.4.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61808624-b2c7-4e86-b5a1-56f32fca9eaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dtree-30/" + google-query: inurl:"/wp-content/plugins/wp-dtree-30/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dtree-30,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dtree-30/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dtree-30" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dtree-30-21fdda375898746027e6f9dda342b8cd.yaml b/nuclei-templates/cve-less/plugins/wp-dtree-30-21fdda375898746027e6f9dda342b8cd.yaml new file mode 100644 index 0000000000..ea32e64b2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dtree-30-21fdda375898746027e6f9dda342b8cd.yaml @@ -0,0 +1,58 @@ +id: wp-dtree-30-21fdda375898746027e6f9dda342b8cd + +info: + name: > + WP-dTree <= 4.4.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cde92185-d63a-47b3-a17e-3f2b2b20270c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dtree-30/" + google-query: inurl:"/wp-content/plugins/wp-dtree-30/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dtree-30,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dtree-30/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dtree-30" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dtree-30-5a34f6e49c7ef01f010ae75476cc8b14.yaml b/nuclei-templates/cve-less/plugins/wp-dtree-30-5a34f6e49c7ef01f010ae75476cc8b14.yaml new file mode 100644 index 0000000000..bfd9bfbdd7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dtree-30-5a34f6e49c7ef01f010ae75476cc8b14.yaml @@ -0,0 +1,58 @@ +id: wp-dtree-30-5a34f6e49c7ef01f010ae75476cc8b14 + +info: + name: > + WP-dTree <= 4.4.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c01da54-fbbe-42f9-a76e-8e823027d62a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dtree-30/" + google-query: inurl:"/wp-content/plugins/wp-dtree-30/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dtree-30,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dtree-30/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dtree-30" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-422c4f76899e03c0666b1907832b3ab3.yaml b/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-422c4f76899e03c0666b1907832b3ab3.yaml new file mode 100644 index 0000000000..afbf1d55ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-422c4f76899e03c0666b1907832b3ab3.yaml @@ -0,0 +1,58 @@ +id: wp-dummy-content-generator-422c4f76899e03c0666b1907832b3ab3 + +info: + name: > + WP Dummy Content Generator <= 2.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4dad030-41e4-4d67-8650-8d268c44d352?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dummy-content-generator/" + google-query: inurl:"/wp-content/plugins/wp-dummy-content-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dummy-content-generator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dummy-content-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dummy-content-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-4b8f53dac7b962db019d821a894cbb82.yaml b/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-4b8f53dac7b962db019d821a894cbb82.yaml new file mode 100644 index 0000000000..53fc1bfae4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-4b8f53dac7b962db019d821a894cbb82.yaml @@ -0,0 +1,58 @@ +id: wp-dummy-content-generator-4b8f53dac7b962db019d821a894cbb82 + +info: + name: > + WP Dummy Content Generator <= 3.2.1 - Unauthenticated Code Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2bda5d0-9589-4925-baa6-6e207e6fc978?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dummy-content-generator/" + google-query: inurl:"/wp-content/plugins/wp-dummy-content-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dummy-content-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dummy-content-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dummy-content-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-65d839a96475e08e7231c85cc5b59ef7.yaml b/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-65d839a96475e08e7231c85cc5b59ef7.yaml new file mode 100644 index 0000000000..b70aa8825c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-65d839a96475e08e7231c85cc5b59ef7.yaml @@ -0,0 +1,58 @@ +id: wp-dummy-content-generator-65d839a96475e08e7231c85cc5b59ef7 + +info: + name: > + WP Dummy Content Generator <= 3.1.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b44d23c-4872-491f-8a91-b0feb888ac54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dummy-content-generator/" + google-query: inurl:"/wp-content/plugins/wp-dummy-content-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dummy-content-generator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dummy-content-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dummy-content-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-e41b83efa869789b0f40a748caa1121d.yaml b/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-e41b83efa869789b0f40a748caa1121d.yaml new file mode 100644 index 0000000000..4ed2604fad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dummy-content-generator-e41b83efa869789b0f40a748caa1121d.yaml @@ -0,0 +1,58 @@ +id: wp-dummy-content-generator-e41b83efa869789b0f40a748caa1121d + +info: + name: > + WP Dummy Content Generator <= 2.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0576737d-8330-4a80-af70-4f0eab6657ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dummy-content-generator/" + google-query: inurl:"/wp-content/plugins/wp-dummy-content-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dummy-content-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dummy-content-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dummy-content-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-duplicate-page-783792bc349c3286b30c741d65b88b21.yaml b/nuclei-templates/cve-less/plugins/wp-duplicate-page-783792bc349c3286b30c741d65b88b21.yaml new file mode 100644 index 0000000000..3029f9a7a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-duplicate-page-783792bc349c3286b30c741d65b88b21.yaml @@ -0,0 +1,58 @@ +id: wp-duplicate-page-783792bc349c3286b30c741d65b88b21 + +info: + name: > + WP Duplicate Page <= 1.2 - Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52944aa6-a6ee-46ce-bd0c-18c69fe1ada7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-duplicate-page/" + google-query: inurl:"/wp-content/plugins/wp-duplicate-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-duplicate-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-duplicate-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-duplicate-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dynamic-keywords-injector-9cb0eb94b28c3edb80588351824c0d35.yaml b/nuclei-templates/cve-less/plugins/wp-dynamic-keywords-injector-9cb0eb94b28c3edb80588351824c0d35.yaml new file mode 100644 index 0000000000..25cebc2f5b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dynamic-keywords-injector-9cb0eb94b28c3edb80588351824c0d35.yaml @@ -0,0 +1,58 @@ +id: wp-dynamic-keywords-injector-9cb0eb94b28c3edb80588351824c0d35 + +info: + name: > + WP Dynamic Keywords Injector <= 2.3.15 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b00784-9120-403d-9788-3cd3c3c020aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dynamic-keywords-injector/" + google-query: inurl:"/wp-content/plugins/wp-dynamic-keywords-injector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dynamic-keywords-injector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dynamic-keywords-injector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dynamic-keywords-injector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-dynamic-keywords-injector-a13ac145586953796d79d44892866da5.yaml b/nuclei-templates/cve-less/plugins/wp-dynamic-keywords-injector-a13ac145586953796d79d44892866da5.yaml new file mode 100644 index 0000000000..ada9959a66 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-dynamic-keywords-injector-a13ac145586953796d79d44892866da5.yaml @@ -0,0 +1,58 @@ +id: wp-dynamic-keywords-injector-a13ac145586953796d79d44892866da5 + +info: + name: > + WP Dynamic Keywords Injector <= 2.3.21 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/992f9f08-82c1-4bbd-bbd2-543ad8affe53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-dynamic-keywords-injector/" + google-query: inurl:"/wp-content/plugins/wp-dynamic-keywords-injector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-dynamic-keywords-injector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-dynamic-keywords-injector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-dynamic-keywords-injector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-e-commerce-18d6c29d9809d383ee48c11e640d6bfc.yaml b/nuclei-templates/cve-less/plugins/wp-e-commerce-18d6c29d9809d383ee48c11e640d6bfc.yaml new file mode 100644 index 0000000000..c0290a4507 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-e-commerce-18d6c29d9809d383ee48c11e640d6bfc.yaml @@ -0,0 +1,58 @@ +id: wp-e-commerce-18d6c29d9809d383ee48c11e640d6bfc + +info: + name: > + WP eCommerce <= 3.15.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ba5da2b-6944-4243-a4f2-0f887abf7a66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-e-commerce/" + google-query: inurl:"/wp-content/plugins/wp-e-commerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-e-commerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-e-commerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-e-commerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.15.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-e-commerce-5f327ec92a2ed47a19cfa74c78839e26.yaml b/nuclei-templates/cve-less/plugins/wp-e-commerce-5f327ec92a2ed47a19cfa74c78839e26.yaml new file mode 100644 index 0000000000..058792b331 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-e-commerce-5f327ec92a2ed47a19cfa74c78839e26.yaml @@ -0,0 +1,58 @@ +id: wp-e-commerce-5f327ec92a2ed47a19cfa74c78839e26 + +info: + name: > + WP eCommerce < 3.8.7.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d1302c4-7aeb-49f4-aa11-2c0e08bd9c71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-e-commerce/" + google-query: inurl:"/wp-content/plugins/wp-e-commerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-e-commerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-e-commerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-e-commerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-e-commerce-985a4d5103b9ddb67f837c1ceb401728.yaml b/nuclei-templates/cve-less/plugins/wp-e-commerce-985a4d5103b9ddb67f837c1ceb401728.yaml new file mode 100644 index 0000000000..8500f156e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-e-commerce-985a4d5103b9ddb67f837c1ceb401728.yaml @@ -0,0 +1,58 @@ +id: wp-e-commerce-985a4d5103b9ddb67f837c1ceb401728 + +info: + name: > + WP eCommerce < 3.8.7.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4aa89fab-b6fe-423a-a7f5-dbe6c92d1b56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-e-commerce/" + google-query: inurl:"/wp-content/plugins/wp-e-commerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-e-commerce,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-e-commerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-e-commerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-e-commerce-bf5cbdf8020a636cc9f21e15a59d9023.yaml b/nuclei-templates/cve-less/plugins/wp-e-commerce-bf5cbdf8020a636cc9f21e15a59d9023.yaml new file mode 100644 index 0000000000..d6cf15a6e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-e-commerce-bf5cbdf8020a636cc9f21e15a59d9023.yaml @@ -0,0 +1,58 @@ +id: wp-e-commerce-bf5cbdf8020a636cc9f21e15a59d9023 + +info: + name: > + WP eCommerce <= 3.15.1 - Missing Authorization to Unauthenticated Arbitrary Post Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0a9f3d2-aa7f-4fc2-9cfd-b69ec3f63160?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-e-commerce/" + google-query: inurl:"/wp-content/plugins/wp-e-commerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-e-commerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-e-commerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-e-commerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.15.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easy-contact-1a94885b829a17aaf2fa1ae77773a27a.yaml b/nuclei-templates/cve-less/plugins/wp-easy-contact-1a94885b829a17aaf2fa1ae77773a27a.yaml new file mode 100644 index 0000000000..184955bbd0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easy-contact-1a94885b829a17aaf2fa1ae77773a27a.yaml @@ -0,0 +1,58 @@ +id: wp-easy-contact-1a94885b829a17aaf2fa1ae77773a27a + +info: + name: > + Best Contact Management Software <= 3.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80ba732f-b3cc-4b42-8c56-9fa1cee08c7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easy-contact/" + google-query: inurl:"/wp-content/plugins/wp-easy-contact/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easy-contact,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easy-contact/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easy-contact" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easy-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/wp-easy-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..fe801e1535 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easy-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: wp-easy-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easy-gallery/" + google-query: inurl:"/wp-content/plugins/wp-easy-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easy-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easy-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easy-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easy-pay-7019ae891ef15e3836bd8cf0d5c1f6e9.yaml b/nuclei-templates/cve-less/plugins/wp-easy-pay-7019ae891ef15e3836bd8cf0d5c1f6e9.yaml new file mode 100644 index 0000000000..8eb4d00d2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easy-pay-7019ae891ef15e3836bd8cf0d5c1f6e9.yaml @@ -0,0 +1,58 @@ +id: wp-easy-pay-7019ae891ef15e3836bd8cf0d5c1f6e9 + +info: + name: > + WP EasyPay <= 4.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8786f44-09b9-4281-b615-5df4b494a083?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easy-pay/" + google-query: inurl:"/wp-content/plugins/wp-easy-pay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easy-pay,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easy-pay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easy-pay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easy-pay-978317c4070e7121d6a698893d413687.yaml b/nuclei-templates/cve-less/plugins/wp-easy-pay-978317c4070e7121d6a698893d413687.yaml new file mode 100644 index 0000000000..3ed97040a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easy-pay-978317c4070e7121d6a698893d413687.yaml @@ -0,0 +1,58 @@ +id: wp-easy-pay-978317c4070e7121d6a698893d413687 + +info: + name: > + WP EasyPay <= 4.0.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2c1606e-b6b6-4f7d-8473-1015677ded7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easy-pay/" + google-query: inurl:"/wp-content/plugins/wp-easy-pay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easy-pay,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easy-pay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easy-pay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easy-pay-e9841c7d453db007ae94f5b33ac69fd2.yaml b/nuclei-templates/cve-less/plugins/wp-easy-pay-e9841c7d453db007ae94f5b33ac69fd2.yaml new file mode 100644 index 0000000000..6b1810f818 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easy-pay-e9841c7d453db007ae94f5b33ac69fd2.yaml @@ -0,0 +1,58 @@ +id: wp-easy-pay-e9841c7d453db007ae94f5b33ac69fd2 + +info: + name: > + WP EasyPay – Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1fbb3a6-fcc2-47c5-a086-331e69292add?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easy-pay/" + google-query: inurl:"/wp-content/plugins/wp-easy-pay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easy-pay,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easy-pay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easy-pay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easybooking-e5c5d5728e5c08ed8fa4fe79d2c3e420.yaml b/nuclei-templates/cve-less/plugins/wp-easybooking-e5c5d5728e5c08ed8fa4fe79d2c3e420.yaml new file mode 100644 index 0000000000..47ff508e8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easybooking-e5c5d5728e5c08ed8fa4fe79d2c3e420.yaml @@ -0,0 +1,58 @@ +id: wp-easybooking-e5c5d5728e5c08ed8fa4fe79d2c3e420 + +info: + name: > + WP Easybooking <= 1.0.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e23bdcf9-8068-40c5-b27e-4562040068ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easybooking/" + google-query: inurl:"/wp-content/plugins/wp-easybooking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easybooking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easybooking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easybooking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-00935a43a6eeac3216e5733aff1322b8.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-00935a43a6eeac3216e5733aff1322b8.yaml new file mode 100644 index 0000000000..5bf83dbf4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-00935a43a6eeac3216e5733aff1322b8.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-00935a43a6eeac3216e5733aff1322b8 + +info: + name: > + Shopping Cart & eCommerce Store <= 5.4.2 - Authenticated (Admin+) Local File Inclusion via import_file_url + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/936e753b-b3e9-43c9-8686-c610faa8b20e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-039f1cb39ecb5839b4ea52ff55c41eac.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-039f1cb39ecb5839b4ea52ff55c41eac.yaml new file mode 100644 index 0000000000..7125f08e10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-039f1cb39ecb5839b4ea52ff55c41eac.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-039f1cb39ecb5839b4ea52ff55c41eac + +info: + name: > + Shopping Cart & eCommerce Store < 3.0.16 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ed683bf-be49-43e9-a1ba-9af7c2bf97b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-0cbf88d6c1cf37efa7d39650814fcfdb.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-0cbf88d6c1cf37efa7d39650814fcfdb.yaml new file mode 100644 index 0000000000..18e83b8614 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-0cbf88d6c1cf37efa7d39650814fcfdb.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-0cbf88d6c1cf37efa7d39650814fcfdb + +info: + name: > + WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_duplicate_product + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/041830b8-f059-46f5-961b-3ba908d161f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-2b72a770047348328de1929b10696b75.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-2b72a770047348328de1929b10696b75.yaml new file mode 100644 index 0000000000..c1931de7d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-2b72a770047348328de1929b10696b75.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-2b72a770047348328de1929b10696b75 + +info: + name: > + Shopping Cart & eCommerce Store <= 5.6.3 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/576ca901-45e2-4e6d-9bc4-370bf1f68077?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-2e1c1b8086549c30cda9ee97a6f1462b.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-2e1c1b8086549c30cda9ee97a6f1462b.yaml new file mode 100644 index 0000000000..c56eece709 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-2e1c1b8086549c30cda9ee97a6f1462b.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-2e1c1b8086549c30cda9ee97a6f1462b + +info: + name: > + WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_delete_product + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b36e94e4-b1e8-4803-9377-c4d710b029de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-32c514a1869a13a710a63935ad684892.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-32c514a1869a13a710a63935ad684892.yaml new file mode 100644 index 0000000000..54688c7e58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-32c514a1869a13a710a63935ad684892.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-32c514a1869a13a710a63935ad684892 + +info: + name: > + Shopping Cart & eCommerce Store <= 5.6.4 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93daab72-1243-4a05-91d3-9254a1aac727?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-333442feab2beac98ba52d2344da3703.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-333442feab2beac98ba52d2344da3703.yaml new file mode 100644 index 0000000000..562dec8878 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-333442feab2beac98ba52d2344da3703.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-333442feab2beac98ba52d2344da3703 + +info: + name: > + WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcca7ade-8b35-4ba1-a8b4-b1e815b025e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-3c89e27202b3ceefaa020a7f1c33e993.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-3c89e27202b3ceefaa020a7f1c33e993.yaml new file mode 100644 index 0000000000..b47080d2c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-3c89e27202b3ceefaa020a7f1c33e993.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-3c89e27202b3ceefaa020a7f1c33e993 + +info: + name: > + WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_activate_product + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02fd8469-cd99-42dc-9a28-c0ea08512bb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-558868c7563df01c1f5dedf319b2c882.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-558868c7563df01c1f5dedf319b2c882.yaml new file mode 100644 index 0000000000..e2b456826d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-558868c7563df01c1f5dedf319b2c882.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-558868c7563df01c1f5dedf319b2c882 + +info: + name: > + WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_deactivate_product + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1268604c-08eb-4d86-8e97-9cdaa3e19c1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-5c5967c0bbcbea315d0f076aa78401d0.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-5c5967c0bbcbea315d0f076aa78401d0.yaml new file mode 100644 index 0000000000..82c3d73540 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-5c5967c0bbcbea315d0f076aa78401d0.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-5c5967c0bbcbea315d0f076aa78401d0 + +info: + name: > + WP EasyCart <= 5.4.10 - Authenticated (Administrator+) SQL Injection via 'orderby' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c1ddaf-4bf2-4937-b7bf-a09162db043e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-6a08a7b07ff874974a20d821c1b5579b.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-6a08a7b07ff874974a20d821c1b5579b.yaml new file mode 100644 index 0000000000..c534c6827f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-6a08a7b07ff874974a20d821c1b5579b.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-6a08a7b07ff874974a20d821c1b5579b + +info: + name: > + EasyCart <= 2.0.5 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d76b6355-a1c5-41a0-b3b6-ee13e5490314?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-72e9256e7194c6f152bbcbf59294459d.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-72e9256e7194c6f152bbcbf59294459d.yaml new file mode 100644 index 0000000000..71ce01b36b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-72e9256e7194c6f152bbcbf59294459d.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-72e9256e7194c6f152bbcbf59294459d + +info: + name: > + WP EasyCart <= 5.5.19 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f21955b-1fd2-4d92-acfd-07fc1ff194fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-850e9ef75c282ac77bdc710fb921007a.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-850e9ef75c282ac77bdc710fb921007a.yaml new file mode 100644 index 0000000000..370194b793 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-850e9ef75c282ac77bdc710fb921007a.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-850e9ef75c282ac77bdc710fb921007a + +info: + name: > + WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_bulk_deactivate_product + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a68b8df9-9b50-4617-9308-76a2a9036d7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-8bf5f589d084befe53d71ebadbbe38a9.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-8bf5f589d084befe53d71ebadbbe38a9.yaml new file mode 100644 index 0000000000..6d8a6858e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-8bf5f589d084befe53d71ebadbbe38a9.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-8bf5f589d084befe53d71ebadbbe38a9 + +info: + name: > + Shopping Cart & eCommerce Store <= 5.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d20ffc7c-0e12-45ec-940f-a42655093021?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-easycart-b86446f22d4643018e6ef2052ed1d120.yaml b/nuclei-templates/cve-less/plugins/wp-easycart-b86446f22d4643018e6ef2052ed1d120.yaml new file mode 100644 index 0000000000..a621b9a452 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-easycart-b86446f22d4643018e6ef2052ed1d120.yaml @@ -0,0 +1,58 @@ +id: wp-easycart-b86446f22d4643018e6ef2052ed1d120 + +info: + name: > + EasyCart 1.1.30 - 3.0.20 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91c147f9-8179-4ce0-8d17-87ea47cf08fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-easycart/" + google-query: inurl:"/wp-content/plugins/wp-easycart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-easycart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-easycart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-easycart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.1.30', '<= 3.0.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ecommerce-cvs-importer-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-ecommerce-cvs-importer-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..fd2d5b2c1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ecommerce-cvs-importer-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-ecommerce-cvs-importer-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ecommerce-cvs-importer/" + google-query: inurl:"/wp-content/plugins/wp-ecommerce-cvs-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ecommerce-cvs-importer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-cvs-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ecommerce-cvs-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ecommerce-paypal-51e05e1842b40dddcacbdfa060eb58f3.yaml b/nuclei-templates/cve-less/plugins/wp-ecommerce-paypal-51e05e1842b40dddcacbdfa060eb58f3.yaml new file mode 100644 index 0000000000..073a8b3fe1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ecommerce-paypal-51e05e1842b40dddcacbdfa060eb58f3.yaml @@ -0,0 +1,58 @@ +id: wp-ecommerce-paypal-51e05e1842b40dddcacbdfa060eb58f3 + +info: + name: > + Easy PayPal Buy Now Button <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e8ff1f4-1217-4bb5-ba2d-6d2ff847072a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ecommerce-paypal/" + google-query: inurl:"/wp-content/plugins/wp-ecommerce-paypal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ecommerce-paypal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-paypal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ecommerce-paypal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ecommerce-paypal-8bdc053cc4675755b000b5fc58ac8d1d.yaml b/nuclei-templates/cve-less/plugins/wp-ecommerce-paypal-8bdc053cc4675755b000b5fc58ac8d1d.yaml new file mode 100644 index 0000000000..5b390f0e98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ecommerce-paypal-8bdc053cc4675755b000b5fc58ac8d1d.yaml @@ -0,0 +1,58 @@ +id: wp-ecommerce-paypal-8bdc053cc4675755b000b5fc58ac8d1d + +info: + name: > + Easy PayPal Buy Now Button <= 1.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f6fd0bb-d37b-40b6-b84e-9b21aae891cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ecommerce-paypal/" + google-query: inurl:"/wp-content/plugins/wp-ecommerce-paypal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ecommerce-paypal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-paypal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ecommerce-paypal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ecommerce-paypal-a742d112c80df865f27dc03fd5bad80a.yaml b/nuclei-templates/cve-less/plugins/wp-ecommerce-paypal-a742d112c80df865f27dc03fd5bad80a.yaml new file mode 100644 index 0000000000..0923f7673b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ecommerce-paypal-a742d112c80df865f27dc03fd5bad80a.yaml @@ -0,0 +1,58 @@ +id: wp-ecommerce-paypal-a742d112c80df865f27dc03fd5bad80a + +info: + name: > + Easy PayPal & Stripe Buy Now Button <= 1.8.3 & Contact Form 7 – PayPal & Stripe Add-on <= 2.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5276227-9bd4-4ad8-a6b7-ac7d05e8b056?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ecommerce-paypal/" + google-query: inurl:"/wp-content/plugins/wp-ecommerce-paypal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ecommerce-paypal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-paypal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ecommerce-paypal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ecommerce-shop-styling-3b47626efde37c9b368853074eff5ac4.yaml b/nuclei-templates/cve-less/plugins/wp-ecommerce-shop-styling-3b47626efde37c9b368853074eff5ac4.yaml new file mode 100644 index 0000000000..641b7350e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ecommerce-shop-styling-3b47626efde37c9b368853074eff5ac4.yaml @@ -0,0 +1,58 @@ +id: wp-ecommerce-shop-styling-3b47626efde37c9b368853074eff5ac4 + +info: + name: > + WP eCommerce Shop Styling < 2.6 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc737b3-4072-4dd4-8e50-ec94dc2a17d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ecommerce-shop-styling/" + google-query: inurl:"/wp-content/plugins/wp-ecommerce-shop-styling/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ecommerce-shop-styling,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-shop-styling/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ecommerce-shop-styling" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ecommerce-shop-styling-ea6169545e62509ba8c9c97e59403c47.yaml b/nuclei-templates/cve-less/plugins/wp-ecommerce-shop-styling-ea6169545e62509ba8c9c97e59403c47.yaml new file mode 100644 index 0000000000..ab1f444d9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ecommerce-shop-styling-ea6169545e62509ba8c9c97e59403c47.yaml @@ -0,0 +1,58 @@ +id: wp-ecommerce-shop-styling-ea6169545e62509ba8c9c97e59403c47 + +info: + name: > + WP eCommerce Shop Styling < 1.8 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0de1962-13bd-4710-ae1f-ab5ced7cc59d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ecommerce-shop-styling/" + google-query: inurl:"/wp-content/plugins/wp-ecommerce-shop-styling/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ecommerce-shop-styling,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-shop-styling/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ecommerce-shop-styling" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-edit-menu-466f828dbbe6a38b41f50c90b304f162.yaml b/nuclei-templates/cve-less/plugins/wp-edit-menu-466f828dbbe6a38b41f50c90b304f162.yaml new file mode 100644 index 0000000000..d454ca9528 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-edit-menu-466f828dbbe6a38b41f50c90b304f162.yaml @@ -0,0 +1,58 @@ +id: wp-edit-menu-466f828dbbe6a38b41f50c90b304f162 + +info: + name: > + WP Edit Menu < 1.5.0 - Missing Authorization to Post Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dce76d59-e798-4762-8247-eddebd38c165?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-edit-menu/" + google-query: inurl:"/wp-content/plugins/wp-edit-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-edit-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-edit-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-edit-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-edit-menu-d194b7c99710bb89f1ee39dafcb5d71b.yaml b/nuclei-templates/cve-less/plugins/wp-edit-menu-d194b7c99710bb89f1ee39dafcb5d71b.yaml new file mode 100644 index 0000000000..6b28a5659d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-edit-menu-d194b7c99710bb89f1ee39dafcb5d71b.yaml @@ -0,0 +1,58 @@ +id: wp-edit-menu-d194b7c99710bb89f1ee39dafcb5d71b + +info: + name: > + WP Edit Menu <= 1.5.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71415e73-0c7c-4f4a-9322-8d8a1d61c0d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-edit-menu/" + google-query: inurl:"/wp-content/plugins/wp-edit-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-edit-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-edit-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-edit-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-edit-password-protected-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wp-edit-password-protected-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..f10487b4a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-edit-password-protected-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wp-edit-password-protected-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-edit-password-protected/" + google-query: inurl:"/wp-content/plugins/wp-edit-password-protected/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-edit-password-protected,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-edit-password-protected/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-edit-password-protected" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-edit-username-267f0e0e2934a72d1de6f6f1105dcde9.yaml b/nuclei-templates/cve-less/plugins/wp-edit-username-267f0e0e2934a72d1de6f6f1105dcde9.yaml new file mode 100644 index 0000000000..2501ad546a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-edit-username-267f0e0e2934a72d1de6f6f1105dcde9.yaml @@ -0,0 +1,58 @@ +id: wp-edit-username-267f0e0e2934a72d1de6f6f1105dcde9 + +info: + name: > + WP Edit Username <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f445de97-b6fd-4180-b63e-5b8da40dae6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-edit-username/" + google-query: inurl:"/wp-content/plugins/wp-edit-username/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-edit-username,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-edit-username/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-edit-username" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-edit-username-7b1e0db7c2338cbba544192fa7f81810.yaml b/nuclei-templates/cve-less/plugins/wp-edit-username-7b1e0db7c2338cbba544192fa7f81810.yaml new file mode 100644 index 0000000000..4bf26174bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-edit-username-7b1e0db7c2338cbba544192fa7f81810.yaml @@ -0,0 +1,58 @@ +id: wp-edit-username-7b1e0db7c2338cbba544192fa7f81810 + +info: + name: > + WP Edit Username <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47461b7b-e986-4048-88aa-175242305795?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-edit-username/" + google-query: inurl:"/wp-content/plugins/wp-edit-username/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-edit-username,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-edit-username/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-edit-username" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-editor-1184e292a35a8344c32cddb99a8fcb99.yaml b/nuclei-templates/cve-less/plugins/wp-editor-1184e292a35a8344c32cddb99a8fcb99.yaml new file mode 100644 index 0000000000..76bbd60ef0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-editor-1184e292a35a8344c32cddb99a8fcb99.yaml @@ -0,0 +1,58 @@ +id: wp-editor-1184e292a35a8344c32cddb99a8fcb99 + +info: + name: > + WP Editor <= 1.2.6.3 - Authenticated (Admin+) SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d5a1aec-11f5-4516-9454-651ca4cd6600?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-editor/" + google-query: inurl:"/wp-content/plugins/wp-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-editor-1681b68cd41846205691e7808fd5da5e.yaml b/nuclei-templates/cve-less/plugins/wp-editor-1681b68cd41846205691e7808fd5da5e.yaml new file mode 100644 index 0000000000..922e796273 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-editor-1681b68cd41846205691e7808fd5da5e.yaml @@ -0,0 +1,58 @@ +id: wp-editor-1681b68cd41846205691e7808fd5da5e + +info: + name: > + WP Editor <= 1.2.7 - Sensitive Information Exposure via log file + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66b1f539-9192-43f5-a77d-9763024e6b74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-editor/" + google-query: inurl:"/wp-content/plugins/wp-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-editor-38bda0676f9c2f71340a844a3a8819c1.yaml b/nuclei-templates/cve-less/plugins/wp-editor-38bda0676f9c2f71340a844a3a8819c1.yaml new file mode 100644 index 0000000000..5fb097317c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-editor-38bda0676f9c2f71340a844a3a8819c1.yaml @@ -0,0 +1,58 @@ +id: wp-editor-38bda0676f9c2f71340a844a3a8819c1 + +info: + name: > + WP Editor < 1.2.6 - Incorrect Permission Assignment or Protection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72aa362f-927d-427f-8de9-f5119d53497e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-editor/" + google-query: inurl:"/wp-content/plugins/wp-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-editor-b9526b8daaa2ae88bfa635ff810051bf.yaml b/nuclei-templates/cve-less/plugins/wp-editor-b9526b8daaa2ae88bfa635ff810051bf.yaml new file mode 100644 index 0000000000..6393a64c61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-editor-b9526b8daaa2ae88bfa635ff810051bf.yaml @@ -0,0 +1,58 @@ +id: wp-editor-b9526b8daaa2ae88bfa635ff810051bf + +info: + name: > + WP Editor <= 1.2.6.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4e16526-89a5-4d49-ab9d-dcc7ad3bc8d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-editor/" + google-query: inurl:"/wp-content/plugins/wp-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-editor,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-editor-eb8ded5298215dd0e82d0abb7c7916df.yaml b/nuclei-templates/cve-less/plugins/wp-editor-eb8ded5298215dd0e82d0abb7c7916df.yaml new file mode 100644 index 0000000000..e0a0120580 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-editor-eb8ded5298215dd0e82d0abb7c7916df.yaml @@ -0,0 +1,58 @@ +id: wp-editor-eb8ded5298215dd0e82d0abb7c7916df + +info: + name: > + WP Editor < 1.2.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aee4fb6f-8ee6-4d6e-8167-876c9453f78f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-editor/" + google-query: inurl:"/wp-content/plugins/wp-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-editor-fd1c6aef8498143f615d9a33fd78c139.yaml b/nuclei-templates/cve-less/plugins/wp-editor-fd1c6aef8498143f615d9a33fd78c139.yaml new file mode 100644 index 0000000000..a23085a852 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-editor-fd1c6aef8498143f615d9a33fd78c139.yaml @@ -0,0 +1,58 @@ +id: wp-editor-fd1c6aef8498143f615d9a33fd78c139 + +info: + name: > + WP Editor <= 1.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50bbcfcb-7001-42e7-926c-ec4bf4ea35f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-editor/" + google-query: inurl:"/wp-content/plugins/wp-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-editormd-74293ce2d79dd2a7920de3a46ed52f1d.yaml b/nuclei-templates/cve-less/plugins/wp-editormd-74293ce2d79dd2a7920de3a46ed52f1d.yaml new file mode 100644 index 0000000000..6ea66d6b1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-editormd-74293ce2d79dd2a7920de3a46ed52f1d.yaml @@ -0,0 +1,58 @@ +id: wp-editormd-74293ce2d79dd2a7920de3a46ed52f1d + +info: + name: > + WP Editor.md – The Perfect WordPress Markdown Editor < 10.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bdc46d3e-dfb7-4586-86d2-8e4b3805ec22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-editormd/" + google-query: inurl:"/wp-content/plugins/wp-editormd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-editormd,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-editormd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-editormd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 10.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-education-6bb2bf3114fc53c78aea9aa0493d5c3b.yaml b/nuclei-templates/cve-less/plugins/wp-education-6bb2bf3114fc53c78aea9aa0493d5c3b.yaml new file mode 100644 index 0000000000..34a6843556 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-education-6bb2bf3114fc53c78aea9aa0493d5c3b.yaml @@ -0,0 +1,58 @@ +id: wp-education-6bb2bf3114fc53c78aea9aa0493d5c3b + +info: + name: > + WP Education <= 1.2.6 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91062d2c-f2a6-4a92-b684-e133391afe60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-education/" + google-query: inurl:"/wp-content/plugins/wp-education/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-education,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-education/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-education" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-eggdrop-af2b2579ba875af3f2aa500d0c6dc341.yaml b/nuclei-templates/cve-less/plugins/wp-eggdrop-af2b2579ba875af3f2aa500d0c6dc341.yaml new file mode 100644 index 0000000000..1afc0ad51a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-eggdrop-af2b2579ba875af3f2aa500d0c6dc341.yaml @@ -0,0 +1,58 @@ +id: wp-eggdrop-af2b2579ba875af3f2aa500d0c6dc341 + +info: + name: > + WP-Eggdrop <= 0.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cd509f7-100a-4f28-8d5a-b6b906456c52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-eggdrop/" + google-query: inurl:"/wp-content/plugins/wp-eggdrop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-eggdrop,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-eggdrop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-eggdrop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-eggdrop-f0134606fede470163532ed054b5ffbb.yaml b/nuclei-templates/cve-less/plugins/wp-eggdrop-f0134606fede470163532ed054b5ffbb.yaml new file mode 100644 index 0000000000..30a66d2273 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-eggdrop-f0134606fede470163532ed054b5ffbb.yaml @@ -0,0 +1,58 @@ +id: wp-eggdrop-f0134606fede470163532ed054b5ffbb + +info: + name: > + WP-Eggdrop <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21238925-b87c-43ea-b4ab-9b5d311d3a0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-eggdrop/" + google-query: inurl:"/wp-content/plugins/wp-eggdrop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-eggdrop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-eggdrop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-eggdrop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-email-00703f6574c6499c4c754c18b06e2fac.yaml b/nuclei-templates/cve-less/plugins/wp-email-00703f6574c6499c4c754c18b06e2fac.yaml new file mode 100644 index 0000000000..4f0b98c146 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-email-00703f6574c6499c4c754c18b06e2fac.yaml @@ -0,0 +1,58 @@ +id: wp-email-00703f6574c6499c4c754c18b06e2fac + +info: + name: > + WP-EMail <= 2.69.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e8745da-fd3a-44b3-b288-9a2b83e8dcd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-email/" + google-query: inurl:"/wp-content/plugins/wp-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.69.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-email-9f58597847e89287848eee54c2091729.yaml b/nuclei-templates/cve-less/plugins/wp-email-9f58597847e89287848eee54c2091729.yaml new file mode 100644 index 0000000000..3bc499f2fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-email-9f58597847e89287848eee54c2091729.yaml @@ -0,0 +1,58 @@ +id: wp-email-9f58597847e89287848eee54c2091729 + +info: + name: > + WP-EMail <= 2.68.2 - Spam Protection Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89a02485-a2a5-467d-ad19-6b267059389d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-email/" + google-query: inurl:"/wp-content/plugins/wp-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.69.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-email-aff34bbee6abae075d8a005450eb25f1.yaml b/nuclei-templates/cve-less/plugins/wp-email-aff34bbee6abae075d8a005450eb25f1.yaml new file mode 100644 index 0000000000..d40741be53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-email-aff34bbee6abae075d8a005450eb25f1.yaml @@ -0,0 +1,58 @@ +id: wp-email-aff34bbee6abae075d8a005450eb25f1 + +info: + name: > + WP-EMail <= 2.68.2 - Cross-Site Request Forgery to Log Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ba90d0f-5ef9-4931-85a9-edf08275510f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-email/" + google-query: inurl:"/wp-content/plugins/wp-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.69.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-email-capture-01c32de4da27201264daa86cce20846d.yaml b/nuclei-templates/cve-less/plugins/wp-email-capture-01c32de4da27201264daa86cce20846d.yaml new file mode 100644 index 0000000000..28933bbefc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-email-capture-01c32de4da27201264daa86cce20846d.yaml @@ -0,0 +1,58 @@ +id: wp-email-capture-01c32de4da27201264daa86cce20846d + +info: + name: > + WordPress Email Marketing Plugin – WP Email Capture <= 3.10 - Missing Authorization to Email Capture List Download + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a41d78b9-9bdb-48dd-b3ec-2559e79fa251?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-email-capture/" + google-query: inurl:"/wp-content/plugins/wp-email-capture/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-email-capture,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-email-capture/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-email-capture" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-email-capture-8b5e824a12086cc74066614f2e4e51cc.yaml b/nuclei-templates/cve-less/plugins/wp-email-capture-8b5e824a12086cc74066614f2e4e51cc.yaml new file mode 100644 index 0000000000..f65ca4a102 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-email-capture-8b5e824a12086cc74066614f2e4e51cc.yaml @@ -0,0 +1,58 @@ +id: wp-email-capture-8b5e824a12086cc74066614f2e4e51cc + +info: + name: > + WP Email Capture <= 3.9.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3924b6f4-75ba-4ee8-b02f-a23fbd24ed67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-email-capture/" + google-query: inurl:"/wp-content/plugins/wp-email-capture/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-email-capture,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-email-capture/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-email-capture" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-email-capture-c12916d335310986eaec85514752de0c.yaml b/nuclei-templates/cve-less/plugins/wp-email-capture-c12916d335310986eaec85514752de0c.yaml new file mode 100644 index 0000000000..ba832cd0e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-email-capture-c12916d335310986eaec85514752de0c.yaml @@ -0,0 +1,58 @@ +id: wp-email-capture-c12916d335310986eaec85514752de0c + +info: + name: > + WordPress Email Marketing Plugin – WP Email Capture <= 3.9.3 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f052dfc-609d-43ed-a8bb-e30294749d03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-email-capture/" + google-query: inurl:"/wp-content/plugins/wp-email-capture/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-email-capture,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-email-capture/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-email-capture" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-email-capture-f31ccb9cf3abf671f018dab7c32b0baa.yaml b/nuclei-templates/cve-less/plugins/wp-email-capture-f31ccb9cf3abf671f018dab7c32b0baa.yaml new file mode 100644 index 0000000000..438c2e1c18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-email-capture-f31ccb9cf3abf671f018dab7c32b0baa.yaml @@ -0,0 +1,58 @@ +id: wp-email-capture-f31ccb9cf3abf671f018dab7c32b0baa + +info: + name: > + WordPress Email Marketing Plugin – WP Email Capture <= 3.10 - Information Exposure via wp_email_capture_options_process + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4570948-1625-44b3-8af6-73765d9710ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-email-capture/" + google-query: inurl:"/wp-content/plugins/wp-email-capture/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-email-capture,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-email-capture/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-email-capture" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-email-template-6f39409e9cc737c9be51051f78033048.yaml b/nuclei-templates/cve-less/plugins/wp-email-template-6f39409e9cc737c9be51051f78033048.yaml new file mode 100644 index 0000000000..064a7f2881 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-email-template-6f39409e9cc737c9be51051f78033048.yaml @@ -0,0 +1,58 @@ +id: wp-email-template-6f39409e9cc737c9be51051f78033048 + +info: + name: > + WP HTML Mail < 2.2.11 - HTML injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/946ba166-3309-4e47-8b6b-d3f017bbfcc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-email-template/" + google-query: inurl:"/wp-content/plugins/wp-email-template/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-email-template,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-email-template/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-email-template" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-email-users-f523c60311785f4d77bdd4f2724550c9.yaml b/nuclei-templates/cve-less/plugins/wp-email-users-f523c60311785f4d77bdd4f2724550c9.yaml new file mode 100644 index 0000000000..968c0ced9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-email-users-f523c60311785f4d77bdd4f2724550c9.yaml @@ -0,0 +1,58 @@ +id: wp-email-users-f523c60311785f4d77bdd4f2724550c9 + +info: + name: > + WP Email Users <= 1.7.6 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7ad9f8c-9b76-4b3e-987c-ed99beeb2937?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-email-users/" + google-query: inurl:"/wp-content/plugins/wp-email-users/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-email-users,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-email-users/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-email-users" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-embed-facebook-d255ee9fa48bc6c366622d018f796d6c.yaml b/nuclei-templates/cve-less/plugins/wp-embed-facebook-d255ee9fa48bc6c366622d018f796d6c.yaml new file mode 100644 index 0000000000..a112f643a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-embed-facebook-d255ee9fa48bc6c366622d018f796d6c.yaml @@ -0,0 +1,58 @@ +id: wp-embed-facebook-d255ee9fa48bc6c366622d018f796d6c + +info: + name: > + Magic Embeds <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88ade7a7-da31-4752-b100-40dae81735b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-embed-facebook/" + google-query: inurl:"/wp-content/plugins/wp-embed-facebook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-embed-facebook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-embed-facebook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-embed-facebook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-emoji-one-dba2619ab2d561166f40c11574711a13.yaml b/nuclei-templates/cve-less/plugins/wp-emoji-one-dba2619ab2d561166f40c11574711a13.yaml new file mode 100644 index 0000000000..d265d30a25 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-emoji-one-dba2619ab2d561166f40c11574711a13.yaml @@ -0,0 +1,58 @@ +id: wp-emoji-one-dba2619ab2d561166f40c11574711a13 + +info: + name: > + WP Emoji One <= 0.6.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbcf3487-c1d4-4173-b197-1dd381990eb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-emoji-one/" + google-query: inurl:"/wp-content/plugins/wp-emoji-one/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-emoji-one,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-emoji-one/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-emoji-one" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-estimation-form-55c899bce76676ae0bd2f27011d06ab7.yaml b/nuclei-templates/cve-less/plugins/wp-estimation-form-55c899bce76676ae0bd2f27011d06ab7.yaml new file mode 100644 index 0000000000..596af39da6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-estimation-form-55c899bce76676ae0bd2f27011d06ab7.yaml @@ -0,0 +1,58 @@ +id: wp-estimation-form-55c899bce76676ae0bd2f27011d06ab7 + +info: + name: > + WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ae916a0-b0a8-4722-9d8a-3d1f163bc8e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-estimation-form/" + google-query: inurl:"/wp-content/plugins/wp-estimation-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-estimation-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-estimation-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-estimation-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.1.75') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-estimation-form-56c7f8b22a3b891b810a80379c9e7a01.yaml b/nuclei-templates/cve-less/plugins/wp-estimation-form-56c7f8b22a3b891b810a80379c9e7a01.yaml new file mode 100644 index 0000000000..ab5d9f5758 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-estimation-form-56c7f8b22a3b891b810a80379c9e7a01.yaml @@ -0,0 +1,58 @@ +id: wp-estimation-form-56c7f8b22a3b891b810a80379c9e7a01 + +info: + name: > + WP Cost Estimation & Payment Forms Builder <= 10.1.75 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bf1fe22-2cee-4828-bd68-7269b66152b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-estimation-form/" + google-query: inurl:"/wp-content/plugins/wp-estimation-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-estimation-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-estimation-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-estimation-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.1.75') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-estimation-form-f77ac51d7f87288e232b2c219c40d8d5.yaml b/nuclei-templates/cve-less/plugins/wp-estimation-form-f77ac51d7f87288e232b2c219c40d8d5.yaml new file mode 100644 index 0000000000..c13d929689 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-estimation-form-f77ac51d7f87288e232b2c219c40d8d5.yaml @@ -0,0 +1,58 @@ +id: wp-estimation-form-f77ac51d7f87288e232b2c219c40d8d5 + +info: + name: > + WP Cost Estimation & Payment Forms Builder <= 10.1.76 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/563d01c1-dead-4d1a-9f4a-39351b8e94cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-estimation-form/" + google-query: inurl:"/wp-content/plugins/wp-estimation-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-estimation-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-estimation-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-estimation-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.1.76') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-event-aggregator-e5c02072906413fc46145a5e93a1996b.yaml b/nuclei-templates/cve-less/plugins/wp-event-aggregator-e5c02072906413fc46145a5e93a1996b.yaml new file mode 100644 index 0000000000..8f0c307425 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-event-aggregator-e5c02072906413fc46145a5e93a1996b.yaml @@ -0,0 +1,58 @@ +id: wp-event-aggregator-e5c02072906413fc46145a5e93a1996b + +info: + name: > + WP Event Aggregator <= 1.7.6 - Cross-Site Request Forgery via wpea_deauthorize_user() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b26e5f7-bd35-4412-a608-9cdfeff0b025?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-event-aggregator/" + google-query: inurl:"/wp-content/plugins/wp-event-aggregator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-event-aggregator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-event-aggregator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-event-aggregator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-event-manager-0d45a6acc266b9099e698fb6465812c3.yaml b/nuclei-templates/cve-less/plugins/wp-event-manager-0d45a6acc266b9099e698fb6465812c3.yaml new file mode 100644 index 0000000000..f6e6928d47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-event-manager-0d45a6acc266b9099e698fb6465812c3.yaml @@ -0,0 +1,58 @@ +id: wp-event-manager-0d45a6acc266b9099e698fb6465812c3 + +info: + name: > + WP Event Manager <= 3.1.41 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f25b2a4b-d863-4f24-ae67-4c8e41602c6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-event-manager/" + google-query: inurl:"/wp-content/plugins/wp-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-event-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-event-manager-0e1bfe9ca60605b5abd7dce920ae439f.yaml b/nuclei-templates/cve-less/plugins/wp-event-manager-0e1bfe9ca60605b5abd7dce920ae439f.yaml new file mode 100644 index 0000000000..40a510e5de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-event-manager-0e1bfe9ca60605b5abd7dce920ae439f.yaml @@ -0,0 +1,58 @@ +id: wp-event-manager-0e1bfe9ca60605b5abd7dce920ae439f + +info: + name: > + WP Event Manager – Easily Build your Calendar of Events! <= 3.1.27 - Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01c3c913-2296-4ec3-b7cb-6418ab2f0ea1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-event-manager/" + google-query: inurl:"/wp-content/plugins/wp-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-event-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-event-manager-1c01adecb12aee3257c9d0dbd49129d4.yaml b/nuclei-templates/cve-less/plugins/wp-event-manager-1c01adecb12aee3257c9d0dbd49129d4.yaml new file mode 100644 index 0000000000..d51a22fec5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-event-manager-1c01adecb12aee3257c9d0dbd49129d4.yaml @@ -0,0 +1,58 @@ +id: wp-event-manager-1c01adecb12aee3257c9d0dbd49129d4 + +info: + name: > + WP Event Manager <= 3.1.41 - Reflected Cross-Site Scripting via plugin + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-event-manager/" + google-query: inurl:"/wp-content/plugins/wp-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-event-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-event-manager-5dfd39caa2a4a17a9d81b2bcb48fe7a9.yaml b/nuclei-templates/cve-less/plugins/wp-event-manager-5dfd39caa2a4a17a9d81b2bcb48fe7a9.yaml new file mode 100644 index 0000000000..84ffef2f97 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-event-manager-5dfd39caa2a4a17a9d81b2bcb48fe7a9.yaml @@ -0,0 +1,58 @@ +id: wp-event-manager-5dfd39caa2a4a17a9d81b2bcb48fe7a9 + +info: + name: > + WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd9d22b0-a84a-4bf2-b8b4-89bae2970f29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-event-manager/" + google-query: inurl:"/wp-content/plugins/wp-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-event-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.37.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-event-manager-b1c130064cba38fde3b249c93cb244d8.yaml b/nuclei-templates/cve-less/plugins/wp-event-manager-b1c130064cba38fde3b249c93cb244d8.yaml new file mode 100644 index 0000000000..73d747e200 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-event-manager-b1c130064cba38fde3b249c93cb244d8.yaml @@ -0,0 +1,58 @@ +id: wp-event-manager-b1c130064cba38fde3b249c93cb244d8 + +info: + name: > + WP Event Manager <= 3.1.22 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c31f7d3-1f2f-4ec5-802b-ec0b22087d43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-event-manager/" + google-query: inurl:"/wp-content/plugins/wp-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-event-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-event-manager-c18f4199236ac87f44c609c0bce30e9b.yaml b/nuclei-templates/cve-less/plugins/wp-event-manager-c18f4199236ac87f44c609c0bce30e9b.yaml new file mode 100644 index 0000000000..321bd76506 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-event-manager-c18f4199236ac87f44c609c0bce30e9b.yaml @@ -0,0 +1,58 @@ +id: wp-event-manager-c18f4199236ac87f44c609c0bce30e9b + +info: + name: > + WP Event Manager <= 3.1.42 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc83aca-f533-4a8c-b12c-e21156ce6088?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-event-manager/" + google-query: inurl:"/wp-content/plugins/wp-event-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-event-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-event-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-event-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-event-solution-0b82fadb36c481a1a5ef36694d259943.yaml b/nuclei-templates/cve-less/plugins/wp-event-solution-0b82fadb36c481a1a5ef36694d259943.yaml new file mode 100644 index 0000000000..860d36705a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-event-solution-0b82fadb36c481a1a5ef36694d259943.yaml @@ -0,0 +1,58 @@ +id: wp-event-solution-0b82fadb36c481a1a5ef36694d259943 + +info: + name: > + Eventin <= 3.3.52 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f256036d-11e8-4311-baa0-d15193c72da0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-event-solution/" + google-query: inurl:"/wp-content/plugins/wp-event-solution/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-event-solution,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-event-solution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-event-solution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-event-solution-470fcf5d296c10b95ff256d3ed543789.yaml b/nuclei-templates/cve-less/plugins/wp-event-solution-470fcf5d296c10b95ff256d3ed543789.yaml new file mode 100644 index 0000000000..9fc5b3419e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-event-solution-470fcf5d296c10b95ff256d3ed543789.yaml @@ -0,0 +1,58 @@ +id: wp-event-solution-470fcf5d296c10b95ff256d3ed543789 + +info: + name: > + Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin <= 3.3.50 - Missing Authorization to Unauthenticated Events Export + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cbdf679-1657-4249-a433-8fe0cddd94be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-event-solution/" + google-query: inurl:"/wp-content/plugins/wp-event-solution/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-event-solution,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-event-solution/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-event-solution" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.50') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-2fc3b192219eef2561c8cf224133798e.yaml b/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-2fc3b192219eef2561c8cf224133798e.yaml new file mode 100644 index 0000000000..73e86a8ce7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-2fc3b192219eef2561c8cf224133798e.yaml @@ -0,0 +1,58 @@ +id: wp-expand-tabs-free-2fc3b192219eef2561c8cf224133798e + +info: + name: > + WP Tabs <= 2.1.14 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28a8b3fe-6f15-4085-a370-a2e867f7018b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-expand-tabs-free/" + google-query: inurl:"/wp-content/plugins/wp-expand-tabs-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-expand-tabs-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-expand-tabs-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-expand-tabs-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-92b868ab957b2d6b33921f7b3f3c0643.yaml b/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-92b868ab957b2d6b33921f7b3f3c0643.yaml new file mode 100644 index 0000000000..0f89620ed4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-92b868ab957b2d6b33921f7b3f3c0643.yaml @@ -0,0 +1,58 @@ +id: wp-expand-tabs-free-92b868ab957b2d6b33921f7b3f3c0643 + +info: + name: > + WP Tabs – Responsive Tabs Plugin for WordPress <= 1.8.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69401e9f-6bd3-49b8-8ebd-6904db680610?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-expand-tabs-free/" + google-query: inurl:"/wp-content/plugins/wp-expand-tabs-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-expand-tabs-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-expand-tabs-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-expand-tabs-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-e352fc57a2782b7212eb2f2b84743eba.yaml b/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-e352fc57a2782b7212eb2f2b84743eba.yaml new file mode 100644 index 0000000000..eee88c1cd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-e352fc57a2782b7212eb2f2b84743eba.yaml @@ -0,0 +1,58 @@ +id: wp-expand-tabs-free-e352fc57a2782b7212eb2f2b84743eba + +info: + name: > + WP Tabs <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf4dcdab-6c74-4c0e-bdda-67e60025a873?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-expand-tabs-free/" + google-query: inurl:"/wp-content/plugins/wp-expand-tabs-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-expand-tabs-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-expand-tabs-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-expand-tabs-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-e835818e3176559c0f65d870084d0fe9.yaml b/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-e835818e3176559c0f65d870084d0fe9.yaml new file mode 100644 index 0000000000..877c9eac4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-expand-tabs-free-e835818e3176559c0f65d870084d0fe9.yaml @@ -0,0 +1,58 @@ +id: wp-expand-tabs-free-e835818e3176559c0f65d870084d0fe9 + +info: + name: > + WP Tabs <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/433c8908-587e-4086-9d0c-c9b1819b26e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-expand-tabs-free/" + google-query: inurl:"/wp-content/plugins/wp-expand-tabs-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-expand-tabs-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-expand-tabs-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-expand-tabs-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-experiments-free-2560e5ea38a398fb682ed22ee1d9efc5.yaml b/nuclei-templates/cve-less/plugins/wp-experiments-free-2560e5ea38a398fb682ed22ee1d9efc5.yaml new file mode 100644 index 0000000000..ac90671687 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-experiments-free-2560e5ea38a398fb682ed22ee1d9efc5.yaml @@ -0,0 +1,58 @@ +id: wp-experiments-free-2560e5ea38a398fb682ed22ee1d9efc5 + +info: + name: > + Title Experiments Free <= 9.0.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f35cc8b-11be-4664-be48-12a8db872d66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-experiments-free/" + google-query: inurl:"/wp-content/plugins/wp-experiments-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-experiments-free,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-experiments-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-experiments-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 9.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-express-checkout-ba0174f27e21e2789733491b8587f8b7.yaml b/nuclei-templates/cve-less/plugins/wp-express-checkout-ba0174f27e21e2789733491b8587f8b7.yaml new file mode 100644 index 0000000000..5f17a026c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-express-checkout-ba0174f27e21e2789733491b8587f8b7.yaml @@ -0,0 +1,58 @@ +id: wp-express-checkout-ba0174f27e21e2789733491b8587f8b7 + +info: + name: > + WP Express Checkout <= 2.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting via pec_coupon[code] + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b35ee801-f04d-4b22-8238-053b02a6ee0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-express-checkout/" + google-query: inurl:"/wp-content/plugins/wp-express-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-express-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-express-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-express-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-express-checkout-e4fa85790fd0d4e4853e9542fdd405a2.yaml b/nuclei-templates/cve-less/plugins/wp-express-checkout-e4fa85790fd0d4e4853e9542fdd405a2.yaml new file mode 100644 index 0000000000..47771cfe09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-express-checkout-e4fa85790fd0d4e4853e9542fdd405a2.yaml @@ -0,0 +1,58 @@ +id: wp-express-checkout-e4fa85790fd0d4e4853e9542fdd405a2 + +info: + name: > + WP Express Checkout (Accept PayPal Payments) <= 2.3.7 - Unauthenticated Price Manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42cd1b53-400f-4933-b3cc-2fd9079e241c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-express-checkout/" + google-query: inurl:"/wp-content/plugins/wp-express-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-express-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-express-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-express-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-extended-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-extended-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..2a19ba6432 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-extended-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-extended-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-extended/" + google-query: inurl:"/wp-content/plugins/wp-extended/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-extended,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-extended/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-extended" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-extended-search-2124f2372d43d33c582fb413bf11d2cf.yaml b/nuclei-templates/cve-less/plugins/wp-extended-search-2124f2372d43d33c582fb413bf11d2cf.yaml new file mode 100644 index 0000000000..77a1724354 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-extended-search-2124f2372d43d33c582fb413bf11d2cf.yaml @@ -0,0 +1,58 @@ +id: wp-extended-search-2124f2372d43d33c582fb413bf11d2cf + +info: + name: > + WP Extended Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b47478f-3bd5-4eda-897f-4570aea4530a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-extended-search/" + google-query: inurl:"/wp-content/plugins/wp-extended-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-extended-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-extended-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-extended-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-extra-04bca0e78f8b136ea82b1c4e9e1fafd4.yaml b/nuclei-templates/cve-less/plugins/wp-extra-04bca0e78f8b136ea82b1c4e9e1fafd4.yaml new file mode 100644 index 0000000000..fe0b28a5bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-extra-04bca0e78f8b136ea82b1c4e9e1fafd4.yaml @@ -0,0 +1,58 @@ +id: wp-extra-04bca0e78f8b136ea82b1c4e9e1fafd4 + +info: + name: > + WP EXtra <= 6.2 - Missing Authorization to Arbitrary Email Sending + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93c10a58-c5f2-440b-a88e-5314143fdd90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-extra/" + google-query: inurl:"/wp-content/plugins/wp-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-extra,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-extra-1bacae6a1e466eb95d42535d2732f49e.yaml b/nuclei-templates/cve-less/plugins/wp-extra-1bacae6a1e466eb95d42535d2732f49e.yaml new file mode 100644 index 0000000000..3f78c185c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-extra-1bacae6a1e466eb95d42535d2732f49e.yaml @@ -0,0 +1,58 @@ +id: wp-extra-1bacae6a1e466eb95d42535d2732f49e + +info: + name: > + WP EXtra <= 6.2 - Missing Authorization to Export Settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed5c433b-eaab-4716-8749-2a5598a1dbb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-extra/" + google-query: inurl:"/wp-content/plugins/wp-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-extra,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-extra-72f52b3195cda1a84eb378b7230b5a8a.yaml b/nuclei-templates/cve-less/plugins/wp-extra-72f52b3195cda1a84eb378b7230b5a8a.yaml new file mode 100644 index 0000000000..9e4d818d18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-extra-72f52b3195cda1a84eb378b7230b5a8a.yaml @@ -0,0 +1,58 @@ +id: wp-extra-72f52b3195cda1a84eb378b7230b5a8a + +info: + name: > + WP EXtra <= 6.2 - Missing Authorization to .htaccess File Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87e3dd5e-0d77-4d78-8171-0beaf9482699?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-extra/" + google-query: inurl:"/wp-content/plugins/wp-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-extra,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-extra-cf9d9e6d9a79f949d859a47a9fc67035.yaml b/nuclei-templates/cve-less/plugins/wp-extra-cf9d9e6d9a79f949d859a47a9fc67035.yaml new file mode 100644 index 0000000000..0c630eee10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-extra-cf9d9e6d9a79f949d859a47a9fc67035.yaml @@ -0,0 +1,58 @@ +id: wp-extra-cf9d9e6d9a79f949d859a47a9fc67035 + +info: + name: > + WP EXtra <= 6.4 - Cross-Site Request Forgery ToolImport + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3f3104-e213-4b0f-9821-b3f1a5c06191?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-extra/" + google-query: inurl:"/wp-content/plugins/wp-extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-extra,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-extra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-extra-file-types-388ae826ccb91352f7d4e90d33114225.yaml b/nuclei-templates/cve-less/plugins/wp-extra-file-types-388ae826ccb91352f7d4e90d33114225.yaml new file mode 100644 index 0000000000..5dce546f55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-extra-file-types-388ae826ccb91352f7d4e90d33114225.yaml @@ -0,0 +1,58 @@ +id: wp-extra-file-types-388ae826ccb91352f7d4e90d33114225 + +info: + name: > + WP Extra File Types <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae397949-12d2-4323-871e-4fd4f14f35c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-extra-file-types/" + google-query: inurl:"/wp-content/plugins/wp-extra-file-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-extra-file-types,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-extra-file-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-extra-file-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-facebook-feed-0680dda962d6629defb4aaff80f780c3.yaml b/nuclei-templates/cve-less/plugins/wp-facebook-feed-0680dda962d6629defb4aaff80f780c3.yaml new file mode 100644 index 0000000000..cb8e6b3dcb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-facebook-feed-0680dda962d6629defb4aaff80f780c3.yaml @@ -0,0 +1,58 @@ +id: wp-facebook-feed-0680dda962d6629defb4aaff80f780c3 + +info: + name: > + The Awesome Feed – Custom Feed <= 2.2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01878991-37c7-4c7b-b68c-d59ca66521e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-facebook-feed/" + google-query: inurl:"/wp-content/plugins/wp-facebook-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-facebook-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-facebook-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-facebook-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-facebook-feed-19cdc4c29e421f2a623449d500d3da59.yaml b/nuclei-templates/cve-less/plugins/wp-facebook-feed-19cdc4c29e421f2a623449d500d3da59.yaml new file mode 100644 index 0000000000..e98d0d4717 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-facebook-feed-19cdc4c29e421f2a623449d500d3da59.yaml @@ -0,0 +1,58 @@ +id: wp-facebook-feed-19cdc4c29e421f2a623449d500d3da59 + +info: + name: > + The Awesome Feed – Custom Feed <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6892fefa-3866-4dbf-8604-dd4bc1e7d481?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-facebook-feed/" + google-query: inurl:"/wp-content/plugins/wp-facebook-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-facebook-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-facebook-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-facebook-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-facebook-messenger-e11138180e51155554e951dfca6551c2.yaml b/nuclei-templates/cve-less/plugins/wp-facebook-messenger-e11138180e51155554e951dfca6551c2.yaml new file mode 100644 index 0000000000..43d66d1a11 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-facebook-messenger-e11138180e51155554e951dfca6551c2.yaml @@ -0,0 +1,58 @@ +id: wp-facebook-messenger-e11138180e51155554e951dfca6551c2 + +info: + name: > + Live Chat with Facebook Messenger <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa32a790-242f-4142-9f4d-e1b2a07045bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-facebook-messenger/" + google-query: inurl:"/wp-content/plugins/wp-facebook-messenger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-facebook-messenger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-facebook-messenger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-facebook-messenger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-facebook-reviews-1f98c7de637a490b84e9178dba93c59d.yaml b/nuclei-templates/cve-less/plugins/wp-facebook-reviews-1f98c7de637a490b84e9178dba93c59d.yaml new file mode 100644 index 0000000000..0cfd31b482 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-facebook-reviews-1f98c7de637a490b84e9178dba93c59d.yaml @@ -0,0 +1,58 @@ +id: wp-facebook-reviews-1f98c7de637a490b84e9178dba93c59d + +info: + name: > + WP Review Slider <= 12.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9985cac5-30bf-4e8b-91d5-0b3da36ed851?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-facebook-reviews/" + google-query: inurl:"/wp-content/plugins/wp-facebook-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-facebook-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-facebook-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-facebook-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-facebook-reviews-33420cd1d54a09491bc3d21e0f948bd1.yaml b/nuclei-templates/cve-less/plugins/wp-facebook-reviews-33420cd1d54a09491bc3d21e0f948bd1.yaml new file mode 100644 index 0000000000..dc0e3781af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-facebook-reviews-33420cd1d54a09491bc3d21e0f948bd1.yaml @@ -0,0 +1,58 @@ +id: wp-facebook-reviews-33420cd1d54a09491bc3d21e0f948bd1 + +info: + name: > + WP Review Slider <= 12.1 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab770acd-9420-4201-9e67-dfea86dba168?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-facebook-reviews/" + google-query: inurl:"/wp-content/plugins/wp-facebook-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-facebook-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-facebook-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-facebook-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-facebook-reviews-a6734b6686a1620a7fb5250d66545fe3.yaml b/nuclei-templates/cve-less/plugins/wp-facebook-reviews-a6734b6686a1620a7fb5250d66545fe3.yaml new file mode 100644 index 0000000000..6644cb3764 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-facebook-reviews-a6734b6686a1620a7fb5250d66545fe3.yaml @@ -0,0 +1,58 @@ +id: wp-facebook-reviews-a6734b6686a1620a7fb5250d66545fe3 + +info: + name: > + WP Review Slider <= 12.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62233370-3b54-4d89-93e7-07afdae4a413?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-facebook-reviews/" + google-query: inurl:"/wp-content/plugins/wp-facebook-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-facebook-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-facebook-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-facebook-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-facebook-reviews-de4b42af1ef3e90d957d2f6f01c968f1.yaml b/nuclei-templates/cve-less/plugins/wp-facebook-reviews-de4b42af1ef3e90d957d2f6f01c968f1.yaml new file mode 100644 index 0000000000..54e9b2f309 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-facebook-reviews-de4b42af1ef3e90d957d2f6f01c968f1.yaml @@ -0,0 +1,58 @@ +id: wp-facebook-reviews-de4b42af1ef3e90d957d2f6f01c968f1 + +info: + name: > + WP Review Slider < 11.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8a87f7b-471b-44c0-a0bd-06a9ba24a566?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-facebook-reviews/" + google-query: inurl:"/wp-content/plugins/wp-facebook-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-facebook-reviews,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-facebook-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-facebook-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 11.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-facethumb-00db16fbca7a4f9a03bd9187fe606bf2.yaml b/nuclei-templates/cve-less/plugins/wp-facethumb-00db16fbca7a4f9a03bd9187fe606bf2.yaml new file mode 100644 index 0000000000..0448e35189 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-facethumb-00db16fbca7a4f9a03bd9187fe606bf2.yaml @@ -0,0 +1,58 @@ +id: wp-facethumb-00db16fbca7a4f9a03bd9187fe606bf2 + +info: + name: > + WP-FaceThumb < 0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5bb8804-0b90-44c3-bf74-bbc6b4baf229?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-facethumb/" + google-query: inurl:"/wp-content/plugins/wp-facethumb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-facethumb,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-facethumb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-facethumb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-facethumb-f4af8d356c8b91106f18b8295f1a09bd.yaml b/nuclei-templates/cve-less/plugins/wp-facethumb-f4af8d356c8b91106f18b8295f1a09bd.yaml new file mode 100644 index 0000000000..078088754b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-facethumb-f4af8d356c8b91106f18b8295f1a09bd.yaml @@ -0,0 +1,58 @@ +id: wp-facethumb-f4af8d356c8b91106f18b8295f1a09bd + +info: + name: > + WP Facethumb <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/835db0c0-f3c9-4acd-aee8-bf7b52447ac9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-facethumb/" + google-query: inurl:"/wp-content/plugins/wp-facethumb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-facethumb,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-facethumb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-facethumb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fade-in-text-news-eac77b73e6b9904c178e050ff0c75895.yaml b/nuclei-templates/cve-less/plugins/wp-fade-in-text-news-eac77b73e6b9904c178e050ff0c75895.yaml new file mode 100644 index 0000000000..1e52b018e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fade-in-text-news-eac77b73e6b9904c178e050ff0c75895.yaml @@ -0,0 +1,58 @@ +id: wp-fade-in-text-news-eac77b73e6b9904c178e050ff0c75895 + +info: + name: > + WP fade in text news <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4accf10-710e-4cba-8d61-04e422324f9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fade-in-text-news/" + google-query: inurl:"/wp-content/plugins/wp-fade-in-text-news/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fade-in-text-news,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fade-in-text-news/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fade-in-text-news" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-2bc9467a4d3e89abb47c57f5fb5c5502.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-2bc9467a4d3e89abb47c57f5fb5c5502.yaml new file mode 100644 index 0000000000..56ba53b631 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-2bc9467a4d3e89abb47c57f5fb5c5502.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-2bc9467a4d3e89abb47c57f5fb5c5502 + +info: + name: > + WP Fastest Cache < 0.8.4.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c23c3b24-893f-4589-8fab-bd54259bd105?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.8.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-2c2de25348b7c75ca7429eb5ebee61e0.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-2c2de25348b7c75ca7429eb5ebee61e0.yaml new file mode 100644 index 0000000000..bdfb21ded0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-2c2de25348b7c75ca7429eb5ebee61e0.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-2c2de25348b7c75ca7429eb5ebee61e0 + +info: + name: > + WP Fastest Cache <= 0.8.9.5 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07fc1249-a50d-4038-8cbe-35ff7a3d28b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-34c60f50f8424840987ed5ec10c2ec3b.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-34c60f50f8424840987ed5ec10c2ec3b.yaml new file mode 100644 index 0000000000..928cd2c762 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-34c60f50f8424840987ed5ec10c2ec3b.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-34c60f50f8424840987ed5ec10c2ec3b + +info: + name: > + WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via rules[0][content] parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9dac1d91-b9a9-47e0-86cb-2000659196c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-5159dc207c489f95e16ee89d4e708b82.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-5159dc207c489f95e16ee89d4e708b82.yaml new file mode 100644 index 0000000000..c644049fd2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-5159dc207c489f95e16ee89d4e708b82.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-5159dc207c489f95e16ee89d4e708b82 + +info: + name: > + WP Fastest Cache <= 0.9.1.6 - Authenticated (Admin+) Directory Traversal to Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20989781-def0-4ffd-bf24-40ed34b3e922?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.9.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-528f5db23cd029b151a95682806084f9.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-528f5db23cd029b151a95682806084f9.yaml new file mode 100644 index 0000000000..62468d7bf7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-528f5db23cd029b151a95682806084f9.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-528f5db23cd029b151a95682806084f9 + +info: + name: > + WP Fastest Cache <= 1.1.2 - Missing Authorization to Cache Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae643666-70cb-4eb4-a183-e1649264ded4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-5c10da7a2c723b79d143625ddb915594.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-5c10da7a2c723b79d143625ddb915594.yaml new file mode 100644 index 0000000000..bb3087a1f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-5c10da7a2c723b79d143625ddb915594.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-5c10da7a2c723b79d143625ddb915594 + +info: + name: > + WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via wpFastestCachePage options, wpFastestCachePreload_number or wpFastestCacheLanguage parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8ca195d-312b-41d2-a9d7-4d306fc800ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-6c168d1ea28ed0681002f0d31c5c68ec.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-6c168d1ea28ed0681002f0d31c5c68ec.yaml new file mode 100644 index 0000000000..d33fd3b467 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-6c168d1ea28ed0681002f0d31c5c68ec.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-6c168d1ea28ed0681002f0d31c5c68ec + +info: + name: > + WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_toolbar_save_settings_callback' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a87f610a-c1ef-4365-bd74-569989587d41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-781be145445f4ecc9aced0ff98acc796.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-781be145445f4ecc9aced0ff98acc796.yaml new file mode 100644 index 0000000000..fd45e2a1ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-781be145445f4ecc9aced0ff98acc796.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-781be145445f4ecc9aced0ff98acc796 + +info: + name: > + WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/024f4058-065b-48b4-a08a-d9732d4375cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-7bdbbcae3cce706a901ef3f3a6b92425.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-7bdbbcae3cce706a901ef3f3a6b92425.yaml new file mode 100644 index 0000000000..aec80c3715 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-7bdbbcae3cce706a901ef3f3a6b92425.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-7bdbbcae3cce706a901ef3f3a6b92425 + +info: + name: > + WP Fastest Cache < 0.8.3.5 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df32e1d0-3645-432c-a2e4-2d63709c4ffd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.8.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-87d8a616e4f6cf2eb5659e011debac27.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-87d8a616e4f6cf2eb5659e011debac27.yaml new file mode 100644 index 0000000000..d307c3879f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-87d8a616e4f6cf2eb5659e011debac27.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-87d8a616e4f6cf2eb5659e011debac27 + +info: + name: > + WP Fastest Cache <= 0.8.8.5 - Cross-Site Scripting via the rules[0][content] parameter in a wpfc_save_exclude_pages action + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef6538e7-8cde-4c49-9965-0624a25ffe65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-880d7d40699b96b833547889085219bd.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-880d7d40699b96b833547889085219bd.yaml new file mode 100644 index 0000000000..e1d58db898 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-880d7d40699b96b833547889085219bd.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-880d7d40699b96b833547889085219bd + +info: + name: > + WP Fastest Cache <= 1.1.4 - Authenticated(Administrator+) Blind Server Side Request Forgery via check_url + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b937940c-a3e0-49d3-b066-550b78351b54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-8cc833441ebc75f63db145d2a0ea886f.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-8cc833441ebc75f63db145d2a0ea886f.yaml new file mode 100644 index 0000000000..c237242fb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-8cc833441ebc75f63db145d2a0ea886f.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-8cc833441ebc75f63db145d2a0ea886f + +info: + name: > + WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_clear_cache_of_allsites_callback' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/096257a4-6ee9-41e1-8a59-4ffcd309f83c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-a5a9392a98391031218baa6258f9a301.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-a5a9392a98391031218baa6258f9a301.yaml new file mode 100644 index 0000000000..ae77bdb710 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-a5a9392a98391031218baa6258f9a301.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-a5a9392a98391031218baa6258f9a301 + +info: + name: > + WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_pause_cdn_integration_ajax_request_callback' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1743b26-861e-4a61-80de-b8cc82308228?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-a984dcb982c3439de2d89b2a845332c4.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-a984dcb982c3439de2d89b2a845332c4.yaml new file mode 100644 index 0000000000..e259a937db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-a984dcb982c3439de2d89b2a845332c4.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-a984dcb982c3439de2d89b2a845332c4 + +info: + name: > + WP Fastest Cache < 0.9.5 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/859fe629-701e-4d47-8e90-59860f7c6b82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-aa83e2ade173c8a794348dca58308ca5.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-aa83e2ade173c8a794348dca58308ca5.yaml new file mode 100644 index 0000000000..5d775142e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-aa83e2ade173c8a794348dca58308ca5.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-aa83e2ade173c8a794348dca58308ca5 + +info: + name: > + WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b793a4cb-3130-428e-9b61-8ce29fcdaf70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-aee951aa25d6cb6b8a83ee793cc48cd4.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-aee951aa25d6cb6b8a83ee793cc48cd4.yaml new file mode 100644 index 0000000000..9f4739ad69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-aee951aa25d6cb6b8a83ee793cc48cd4.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-aee951aa25d6cb6b8a83ee793cc48cd4 + +info: + name: > + WP Fastest Cache <= 0.8.9.0 - Directory Traversal to Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d1ad409-d5d3-4231-9a7c-de881c7b9de2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-b042f2e0c8fff5912a04fa9b2c227c26.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-b042f2e0c8fff5912a04fa9b2c227c26.yaml new file mode 100644 index 0000000000..77c0d547ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-b042f2e0c8fff5912a04fa9b2c227c26.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-b042f2e0c8fff5912a04fa9b2c227c26 + +info: + name: > + WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_start_cdn_integration_ajax_request_callback' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17c7c61d-c110-448e-ad8a-bc1c00393524?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-c154f039f669a6109ec8e5a85b87164a.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-c154f039f669a6109ec8e5a85b87164a.yaml new file mode 100644 index 0000000000..b52c6082f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-c154f039f669a6109ec8e5a85b87164a.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-c154f039f669a6109ec8e5a85b87164a + +info: + name: > + WP Fastest Cache <= 0.8.8.5 - Cross-Site Request Forgery via page to wpfastestcacheoptions + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5965a8b6-116e-4029-9a76-b64c03c25ece?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-c21f1786e3abdb7c657091d8024583d5.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-c21f1786e3abdb7c657091d8024583d5.yaml new file mode 100644 index 0000000000..b79a9c9627 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-c21f1786e3abdb7c657091d8024583d5.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-c21f1786e3abdb7c657091d8024583d5 + +info: + name: > + WP Fastest Cache < 0.9.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/372a4550-c38e-46d6-b7f2-15e05708d128?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-c81b4ef2016d652c733da1bfa6c2e44c.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-c81b4ef2016d652c733da1bfa6c2e44c.yaml new file mode 100644 index 0000000000..7d3853de15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-c81b4ef2016d652c733da1bfa6c2e44c.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-c81b4ef2016d652c733da1bfa6c2e44c + +info: + name: > + WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCssAndJsCacheToolbar' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d3858f5-3f13-400c-acf4-eb3dc3a43308?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-cda6fd724330a43ee464ed21db562f0f.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-cda6fd724330a43ee464ed21db562f0f.yaml new file mode 100644 index 0000000000..794a2ad7ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-cda6fd724330a43ee464ed21db562f0f.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-cda6fd724330a43ee464ed21db562f0f + +info: + name: > + WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_clear_cache_of_allsites_callback' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bae67a68-4bd1-4b52-b3dd-af0eef014028?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-da0ca9a834853b4f5e811265296c5adc.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-da0ca9a834853b4f5e811265296c5adc.yaml new file mode 100644 index 0000000000..f77cd4f9fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-da0ca9a834853b4f5e811265296c5adc.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-da0ca9a834853b4f5e811265296c5adc + +info: + name: > + WP Fastest Cache <= 1.2.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/876efd71-8867-44b8-8017-86fad2a1b89f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-dca77da230ccc48431ba72fffaf1572c.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-dca77da230ccc48431ba72fffaf1572c.yaml new file mode 100644 index 0000000000..51be2b1828 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-dca77da230ccc48431ba72fffaf1572c.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-dca77da230ccc48431ba72fffaf1572c + +info: + name: > + WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_preload_single_callback' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56a90042-a6c0-4487-811b-ced23c97f9f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-e73d249d01ad89f85ce6653e71044320.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-e73d249d01ad89f85ce6653e71044320.yaml new file mode 100644 index 0000000000..eee89409b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-e73d249d01ad89f85ce6653e71044320.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-e73d249d01ad89f85ce6653e71044320 + +info: + name: > + WP Fastest Cache <= 1.1.2 - Missing Authorization in 'deleteCssAndJsCacheToolbar' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4bb2d72-ff31-4220-acb3-ed17bb9229b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-e894ea885bc953386f78fce46ae1e024.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-e894ea885bc953386f78fce46ae1e024.yaml new file mode 100644 index 0000000000..b9854cda18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-e894ea885bc953386f78fce46ae1e024.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-e894ea885bc953386f78fce46ae1e024 + +info: + name: > + WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_callback' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c8034ff-cf36-498f-9efc-a4e6bbb92b2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-eff26e4e38ea08eb75bc359769b06555.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-eff26e4e38ea08eb75bc359769b06555.yaml new file mode 100644 index 0000000000..ff8b62d553 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-eff26e4e38ea08eb75bc359769b06555.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-eff26e4e38ea08eb75bc359769b06555 + +info: + name: > + WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_purgecache_varnish_callback' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8e90994-3b5c-4ae6-a27f-890a9101b440?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-fc23a4effa46a10b3b1c7e7c56d41874.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-fc23a4effa46a10b3b1c7e7c56d41874.yaml new file mode 100644 index 0000000000..ba7b57e78f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-fc23a4effa46a10b3b1c7e7c56d41874.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-fc23a4effa46a10b3b1c7e7c56d41874 + +info: + name: > + WP Fastest Cache <= 1.1.2 - Missing Authorization in 'wpfc_purgecache_varnish_callback' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e567aec-07e5-494a-936d-93b40d3e3043?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fastest-cache-feb6288652d7faad54d04d9b1b85ce3b.yaml b/nuclei-templates/cve-less/plugins/wp-fastest-cache-feb6288652d7faad54d04d9b1b85ce3b.yaml new file mode 100644 index 0000000000..07e76ad6ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fastest-cache-feb6288652d7faad54d04d9b1b85ce3b.yaml @@ -0,0 +1,58 @@ +id: wp-fastest-cache-feb6288652d7faad54d04d9b1b85ce3b + +info: + name: > + WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_remove_cdn_integration_ajax_request_callback' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49ba5cfa-c2cc-49ac-b22d-7e36ccca6ac5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fastest-cache/" + google-query: inurl:"/wp-content/plugins/wp-fastest-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fastest-cache,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fastest-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fastest-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-favorite-posts-7d31af080da908940b0bf5332e53662b.yaml b/nuclei-templates/cve-less/plugins/wp-favorite-posts-7d31af080da908940b0bf5332e53662b.yaml new file mode 100644 index 0000000000..2739904add --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-favorite-posts-7d31af080da908940b0bf5332e53662b.yaml @@ -0,0 +1,58 @@ +id: wp-favorite-posts-7d31af080da908940b0bf5332e53662b + +info: + name: > + WP Favorite Posts <= 1.6.5 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2211d0d0-e7ab-485f-81b0-f52f87b7d01e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-favorite-posts/" + google-query: inurl:"/wp-content/plugins/wp-favorite-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-favorite-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-favorite-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-favorite-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fb-autoconnect-92964841ce29c9fa3f7d3cfce6a290be.yaml b/nuclei-templates/cve-less/plugins/wp-fb-autoconnect-92964841ce29c9fa3f7d3cfce6a290be.yaml new file mode 100644 index 0000000000..7a6cd80986 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fb-autoconnect-92964841ce29c9fa3f7d3cfce6a290be.yaml @@ -0,0 +1,58 @@ +id: wp-fb-autoconnect-92964841ce29c9fa3f7d3cfce6a290be + +info: + name: > + WP-FB-AutoConnect <= 4.6.1 - Cross-Site Request Forgery via jfb_admin_page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eab1fe39-dda2-49c9-9c76-c1127626a85c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fb-autoconnect/" + google-query: inurl:"/wp-content/plugins/wp-fb-autoconnect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fb-autoconnect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fb-autoconnect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fb-autoconnect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-featured-content-and-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/wp-featured-content-and-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..17df1e7dd6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-featured-content-and-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: wp-featured-content-and-slider-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-featured-content-and-slider/" + google-query: inurl:"/wp-content/plugins/wp-featured-content-and-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-featured-content-and-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-featured-content-and-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-featured-content-and-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fevents-book-0b46297c5a1cfd566b6a7dde332d02ec.yaml b/nuclei-templates/cve-less/plugins/wp-fevents-book-0b46297c5a1cfd566b6a7dde332d02ec.yaml new file mode 100644 index 0000000000..db49f68c1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fevents-book-0b46297c5a1cfd566b6a7dde332d02ec.yaml @@ -0,0 +1,58 @@ +id: wp-fevents-book-0b46297c5a1cfd566b6a7dde332d02ec + +info: + name: > + WP FEvents Book <= 0.46 - Authenticated (Subscriber+) Insecure Direct Object Reference to Booking Manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f63d494c-1d1e-4faa-930a-3fcf2b136182?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fevents-book/" + google-query: inurl:"/wp-content/plugins/wp-fevents-book/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fevents-book,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fevents-book/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fevents-book" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fevents-book-6baff9c0f37923203f19e1b9ed3bec89.yaml b/nuclei-templates/cve-less/plugins/wp-fevents-book-6baff9c0f37923203f19e1b9ed3bec89.yaml new file mode 100644 index 0000000000..b206470e13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fevents-book-6baff9c0f37923203f19e1b9ed3bec89.yaml @@ -0,0 +1,58 @@ +id: wp-fevents-book-6baff9c0f37923203f19e1b9ed3bec89 + +info: + name: > + WP FEvents Book <= 0.46 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/088aead8-37bb-4277-81e0-b7e2c13e9072?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fevents-book/" + google-query: inurl:"/wp-content/plugins/wp-fevents-book/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fevents-book,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fevents-book/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fevents-book" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-download-light-91e729c82f2d9f67d872d81509700a6c.yaml b/nuclei-templates/cve-less/plugins/wp-file-download-light-91e729c82f2d9f67d872d81509700a6c.yaml new file mode 100644 index 0000000000..18855a5dfd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-download-light-91e729c82f2d9f67d872d81509700a6c.yaml @@ -0,0 +1,58 @@ +id: wp-file-download-light-91e729c82f2d9f67d872d81509700a6c + +info: + name: > + WP File Download Light <= 1.3.3 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb2f764f-1e50-4e42-9b70-88f9967906fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-download-light/" + google-query: inurl:"/wp-content/plugins/wp-file-download-light/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-download-light,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-download-light/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-download-light" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-get-contents-255053b922939496ac6eb4ab1dee395c.yaml b/nuclei-templates/cve-less/plugins/wp-file-get-contents-255053b922939496ac6eb4ab1dee395c.yaml new file mode 100644 index 0000000000..494429e7ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-get-contents-255053b922939496ac6eb4ab1dee395c.yaml @@ -0,0 +1,58 @@ +id: wp-file-get-contents-255053b922939496ac6eb4ab1dee395c + +info: + name: > + JSM file_get_contents() Shortcode <= 2.7.0 - Authenticated (Contributor+) Server-Side Request Forgery via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/191d5bcc-70d8-430b-9215-00ffdc04be87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-get-contents/" + google-query: inurl:"/wp-content/plugins/wp-file-get-contents/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-get-contents,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-get-contents/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-get-contents" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-04ad31792d5c51d45b79863f46499a91.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-04ad31792d5c51d45b79863f46499a91.yaml new file mode 100644 index 0000000000..6830570b02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-04ad31792d5c51d45b79863f46499a91.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-04ad31792d5c51d45b79863f46499a91 + +info: + name: > + WP File Manager <= 7.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb088999-0727-4645-890b-f584b85cda48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager/" + google-query: inurl:"/wp-content/plugins/wp-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-125b5a46ac07b4fbf1d6669e65082c22.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-125b5a46ac07b4fbf1d6669e65082c22.yaml new file mode 100644 index 0000000000..d8f623e46a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-125b5a46ac07b4fbf1d6669e65082c22.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-125b5a46ac07b4fbf1d6669e65082c22 + +info: + name: > + File Manager <= 7.2.4 - Cross-Site Request Forgery to Local JS File Inclusion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager/" + google-query: inurl:"/wp-content/plugins/wp-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-51f90b4356078332ed05b86ecb626225.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-51f90b4356078332ed05b86ecb626225.yaml new file mode 100644 index 0000000000..7f6ecaab8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-51f90b4356078332ed05b86ecb626225.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-51f90b4356078332ed05b86ecb626225 + +info: + name: > + File Manager <= 6.8 - Arbitrary File Upload/Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dab7e451-f2ea-4f41-8e38-a2a983ccb18b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager/" + google-query: inurl:"/wp-content/plugins/wp-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-6943b3fa4f51347e8c8fc20d043e8814.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-6943b3fa4f51347e8c8fc20d043e8814.yaml new file mode 100644 index 0000000000..b33786bb3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-6943b3fa4f51347e8c8fc20d043e8814.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-6943b3fa4f51347e8c8fc20d043e8814 + +info: + name: > + File Manager <= 3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e93632e3-7321-48ee-828a-c539e16f07b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager/" + google-query: inurl:"/wp-content/plugins/wp-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-7b25308fe9b7c95a04987753945e2077.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-7b25308fe9b7c95a04987753945e2077.yaml new file mode 100644 index 0000000000..4c9e017e06 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-7b25308fe9b7c95a04987753945e2077.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-7b25308fe9b7c95a04987753945e2077 + +info: + name: > + File Manager <= 7.2.1 - Sensitive Information Exposure via Backup Filenames + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager/" + google-query: inurl:"/wp-content/plugins/wp-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-8ce49b249ec2d999d67fd390598bddc7.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-8ce49b249ec2d999d67fd390598bddc7.yaml new file mode 100644 index 0000000000..440e9dda1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-8ce49b249ec2d999d67fd390598bddc7.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-8ce49b249ec2d999d67fd390598bddc7 + +info: + name: > + File Manager And File Manager Pro (Multiple Versions) - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager/" + google-query: inurl:"/wp-content/plugins/wp-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-ab69897227314aa3081e7c66ae76a1a8.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-ab69897227314aa3081e7c66ae76a1a8.yaml new file mode 100644 index 0000000000..88feca1e77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-ab69897227314aa3081e7c66ae76a1a8.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-ab69897227314aa3081e7c66ae76a1a8 + +info: + name: > + WP File Manager <= 6.4 - Unauthenticated Resource Access to Site Backups + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46438bd3-7c4a-4939-ab46-05dc8bbe461f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager/" + google-query: inurl:"/wp-content/plugins/wp-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-e2709c74f557b8f05efa6466674d741e.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-e2709c74f557b8f05efa6466674d741e.yaml new file mode 100644 index 0000000000..2b80982ebb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-e2709c74f557b8f05efa6466674d741e.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-e2709c74f557b8f05efa6466674d741e + +info: + name: > + File Manager <= 3.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6208afdb-502c-44e8-b50a-22fa87ee80df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager/" + google-query: inurl:"/wp-content/plugins/wp-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-f02efca96aea9cf0bcb75d72789d8419.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-f02efca96aea9cf0bcb75d72789d8419.yaml new file mode 100644 index 0000000000..b5ad2017e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-f02efca96aea9cf0bcb75d72789d8419.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-f02efca96aea9cf0bcb75d72789d8419 + +info: + name: > + File Manager <= 7.2.5 - Authenticated (Administrator+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca98fbc6-8cfa-4997-8a46-344afb75a97e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager/" + google-query: inurl:"/wp-content/plugins/wp-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-fd8eab398a722e719e1bf89dd3138490.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-fd8eab398a722e719e1bf89dd3138490.yaml new file mode 100644 index 0000000000..a6fccc1676 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-fd8eab398a722e719e1bf89dd3138490.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-fd8eab398a722e719e1bf89dd3138490 + +info: + name: > + File Manager <= 2.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69e92c75-5b14-43d9-a169-a1f8b51ab41d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager/" + google-query: inurl:"/wp-content/plugins/wp-file-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-pro-8ce49b249ec2d999d67fd390598bddc7.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-pro-8ce49b249ec2d999d67fd390598bddc7.yaml new file mode 100644 index 0000000000..85edddd417 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-pro-8ce49b249ec2d999d67fd390598bddc7.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-pro-8ce49b249ec2d999d67fd390598bddc7 + +info: + name: > + File Manager And File Manager Pro (Multiple Versions) - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93f377a1-2c33-4dd7-8fd6-190d9148e804?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager-pro/" + google-query: inurl:"/wp-content/plugins/wp-file-manager-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-pro-d3109a73b6d87d8103efae9f126590cb.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-pro-d3109a73b6d87d8103efae9f126590cb.yaml new file mode 100644 index 0000000000..70643e94ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-pro-d3109a73b6d87d8103efae9f126590cb.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-pro-d3109a73b6d87d8103efae9f126590cb + +info: + name: > + File Manager Pro <= 8.3.4 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e8e0257-a745-495f-a103-c032b95209fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager-pro/" + google-query: inurl:"/wp-content/plugins/wp-file-manager-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-manager-pro-f7fdc67eadf58def32919b2ae093d4d8.yaml b/nuclei-templates/cve-less/plugins/wp-file-manager-pro-f7fdc67eadf58def32919b2ae093d4d8.yaml new file mode 100644 index 0000000000..0bdb5efb98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-manager-pro-f7fdc67eadf58def32919b2ae093d4d8.yaml @@ -0,0 +1,58 @@ +id: wp-file-manager-pro-f7fdc67eadf58def32919b2ae093d4d8 + +info: + name: > + File Manager Pro <= 8.3.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94750424-bb52-4236-962e-aa8cbdeb1459?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-manager-pro/" + google-query: inurl:"/wp-content/plugins/wp-file-manager-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-manager-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-manager-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-manager-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-1145c2b3c9a783cc9ddbd56cf0e9e202.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-1145c2b3c9a783cc9ddbd56cf0e9e202.yaml new file mode 100644 index 0000000000..960491e261 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-1145c2b3c9a783cc9ddbd56cf0e9e202.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-1145c2b3c9a783cc9ddbd56cf0e9e202 + +info: + name: > + WordPress File Upload <= 4.12.2 - Directory Traversal to Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb5a65a2-e748-4c23-8cae-cb0a7de74911?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.12.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-12fc948c06bbe2558fcf0a602f5f480e.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-12fc948c06bbe2558fcf0a602f5f480e.yaml new file mode 100644 index 0000000000..514e73a79f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-12fc948c06bbe2558fcf0a602f5f480e.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-12fc948c06bbe2558fcf0a602f5f480e + +info: + name: > + WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23334d94-e5b8-4c88-8765-02ad19e17248?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.19.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-1d2216e58fa97236cb9e7bf56c440d7a.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-1d2216e58fa97236cb9e7bf56c440d7a.yaml new file mode 100644 index 0000000000..9b128e9922 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-1d2216e58fa97236cb9e7bf56c440d7a.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-1d2216e58fa97236cb9e7bf56c440d7a + +info: + name: > + WordPress File Upload < 2.4.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3083afd-ca84-4088-8e72-95254d56a0c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-1ea0fe6e846ccbee16701a333d122fbe.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-1ea0fe6e846ccbee16701a333d122fbe.yaml new file mode 100644 index 0000000000..1ba22f6575 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-1ea0fe6e846ccbee16701a333d122fbe.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-1ea0fe6e846ccbee16701a333d122fbe + +info: + name: > + WordPress File Upload <= 4.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Malicious SVG + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19e9a9f7-d2e3-4ebb-b121-99c7c81ede4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.16.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-257266db439be46c584223cbad6695eb.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-257266db439be46c584223cbad6695eb.yaml new file mode 100644 index 0000000000..c94141a691 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-257266db439be46c584223cbad6695eb.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-257266db439be46c584223cbad6695eb + +info: + name: > + WordPress File Upload <= 3.4.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd8e6b8a-0161-4bf7-b480-77258337e9b9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-3384b3561233822afc35f30b762beb0e.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-3384b3561233822afc35f30b762beb0e.yaml new file mode 100644 index 0000000000..eb16ad272c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-3384b3561233822afc35f30b762beb0e.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-3384b3561233822afc35f30b762beb0e + +info: + name: > + WordPress File Upload <= 4.16.2 - Authenticated Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/499483a0-957b-459e-b2f5-fc39c4f86c9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.16.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-392e3e13340828fa089ab176edcbfb0e.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-392e3e13340828fa089ab176edcbfb0e.yaml new file mode 100644 index 0000000000..306133d37a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-392e3e13340828fa089ab176edcbfb0e.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-392e3e13340828fa089ab176edcbfb0e + +info: + name: > + Wordpress File Upload <= 4.23.2 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e1915d9-8ea9-4ab2-9746-3c49bc0bd7c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.23.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-50251b72083cccfc7a4f498fee677478.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-50251b72083cccfc7a4f498fee677478.yaml new file mode 100644 index 0000000000..7ef0b93312 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-50251b72083cccfc7a4f498fee677478.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-50251b72083cccfc7a4f498fee677478 + +info: + name: > + WordPress File Upload <= 2.4.6 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85bea3da-f54a-4a77-9abe-6c24bbdcc25c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-558dd2abba5a0995e4e08d93b33b9766.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-558dd2abba5a0995e4e08d93b33b9766.yaml new file mode 100644 index 0000000000..92300a3256 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-558dd2abba5a0995e4e08d93b33b9766.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-558dd2abba5a0995e4e08d93b33b9766 + +info: + name: > + WordPress File Upload < 2.7.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65a02152-be62-4e27-8a31-e88f23e0236f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-6bee4ceb90dc1010814fe03431f27200.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-6bee4ceb90dc1010814fe03431f27200.yaml new file mode 100644 index 0000000000..3a18f22bea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-6bee4ceb90dc1010814fe03431f27200.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-6bee4ceb90dc1010814fe03431f27200 + +info: + name: > + WordPress File Upload / WordPress File Upload Pro <= 4.19.1 - Authenticated (Administrator+) Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abd6eeac-0a7e-4762-809f-593cd85f303d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.19.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-7723e642214a4cc19dd0a90f922c5611.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-7723e642214a4cc19dd0a90f922c5611.yaml new file mode 100644 index 0000000000..48363ce273 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-7723e642214a4cc19dd0a90f922c5611.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-7723e642214a4cc19dd0a90f922c5611 + +info: + name: > + WordPress File Upload / WordPress File Upload Pro <= 4.16.2 - Authenticated (Contributor+) Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9cc0348-396e-4be1-92f5-851d20804ef5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.16.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-8e67911649c9d62ea26bf9814db29d96.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-8e67911649c9d62ea26bf9814db29d96.yaml new file mode 100644 index 0000000000..4e1af399d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-8e67911649c9d62ea26bf9814db29d96.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-8e67911649c9d62ea26bf9814db29d96 + +info: + name: > + WordPress File Upload <= 4.24.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f665099-d1c3-43a9-b37b-c9f42c9172ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.24.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-90d37fd2fba0470460729c814dc702e8.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-90d37fd2fba0470460729c814dc702e8.yaml new file mode 100644 index 0000000000..5fecbb484c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-90d37fd2fba0470460729c814dc702e8.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-90d37fd2fba0470460729c814dc702e8 + +info: + name: > + WordPress File Upload <= 4.3.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd60fa87-d3da-4e3f-bd9b-b9d117bdbc4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-95115eb6cd7773daea0c3290d4bc4306.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-95115eb6cd7773daea0c3290d4bc4306.yaml new file mode 100644 index 0000000000..3e1c216f7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-95115eb6cd7773daea0c3290d4bc4306.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-95115eb6cd7773daea0c3290d4bc4306 + +info: + name: > + WordPress File Upload <= 4.3.2 - Cross-Site Scripting via Shortcodes + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d65a987-e8a6-4615-b681-9f48b7caed4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-c497e96a3198128f634a2cba43cbd62b.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-c497e96a3198128f634a2cba43cbd62b.yaml new file mode 100644 index 0000000000..ab0f07ee45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-c497e96a3198128f634a2cba43cbd62b.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-c497e96a3198128f634a2cba43cbd62b + +info: + name: > + WordPress File Upload <= 2.4.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a85eec18-49cc-44c0-ac86-ccc192a621a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-file-upload-ee7a8e2edf67246d96fc10ab588599db.yaml b/nuclei-templates/cve-less/plugins/wp-file-upload-ee7a8e2edf67246d96fc10ab588599db.yaml new file mode 100644 index 0000000000..f25fbb93a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-file-upload-ee7a8e2edf67246d96fc10ab588599db.yaml @@ -0,0 +1,58 @@ +id: wp-file-upload-ee7a8e2edf67246d96fc10ab588599db + +info: + name: > + WordPress File Upload < 3.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffeb4b5e-4c83-4b0e-a513-6b5cada95073?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-file-upload/" + google-query: inurl:"/wp-content/plugins/wp-file-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-file-upload,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-file-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-file-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-filemanager-de2762b35b84b3a5bdda7739f2f6324a.yaml b/nuclei-templates/cve-less/plugins/wp-filemanager-de2762b35b84b3a5bdda7739f2f6324a.yaml new file mode 100644 index 0000000000..fede48c607 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-filemanager-de2762b35b84b3a5bdda7739f2f6324a.yaml @@ -0,0 +1,58 @@ +id: wp-filemanager-de2762b35b84b3a5bdda7739f2f6324a + +info: + name: > + Wp-FileManager <= 1.2 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/117e797a-1878-4b5f-9846-4a73b5396ece?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-filemanager/" + google-query: inurl:"/wp-content/plugins/wp-filemanager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-filemanager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-filemanager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-filemanager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-film-studio-074487038ea654261d72956b1f3003fc.yaml b/nuclei-templates/cve-less/plugins/wp-film-studio-074487038ea654261d72956b1f3003fc.yaml new file mode 100644 index 0000000000..4dfdb968d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-film-studio-074487038ea654261d72956b1f3003fc.yaml @@ -0,0 +1,58 @@ +id: wp-film-studio-074487038ea654261d72956b1f3003fc + +info: + name: > + WP Film Studio <= 1.3.4 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae5121bd-2f3f-4d87-a2fd-d11bb9f8dc2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-film-studio/" + google-query: inurl:"/wp-content/plugins/wp-film-studio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-film-studio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-film-studio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-film-studio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-flipclock-d86c9fbec6faeed6e24c9e1120c7e0c6.yaml b/nuclei-templates/cve-less/plugins/wp-flipclock-d86c9fbec6faeed6e24c9e1120c7e0c6.yaml new file mode 100644 index 0000000000..2d822c22bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-flipclock-d86c9fbec6faeed6e24c9e1120c7e0c6.yaml @@ -0,0 +1,58 @@ +id: wp-flipclock-d86c9fbec6faeed6e24c9e1120c7e0c6 + +info: + name: > + WP Flipclock <= 1.7.4 - Authenticated (Contributor+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/376404a5-176e-4c73-8281-27b138218879?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-flipclock/" + google-query: inurl:"/wp-content/plugins/wp-flipclock/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-flipclock,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-flipclock/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-flipclock" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-flipslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-flipslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..7f97b0a1fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-flipslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-flipslideshow-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-flipslideshow/" + google-query: inurl:"/wp-content/plugins/wp-flipslideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-flipslideshow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-flipslideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-flipslideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-floating-menu-4aff32f6f1228de170ce7ff458bf1831.yaml b/nuclei-templates/cve-less/plugins/wp-floating-menu-4aff32f6f1228de170ce7ff458bf1831.yaml new file mode 100644 index 0000000000..a716e44440 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-floating-menu-4aff32f6f1228de170ce7ff458bf1831.yaml @@ -0,0 +1,58 @@ +id: wp-floating-menu-4aff32f6f1228de170ce7ff458bf1831 + +info: + name: > + WP Floating Menu <= 1.4.0 - Cross-Site Scripting via id Parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1b8ac82-4c2d-44bf-ac9e-1c1abead0613?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-floating-menu/" + google-query: inurl:"/wp-content/plugins/wp-floating-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-floating-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-floating-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-floating-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-flybox-216ef8528cdb19a4a187eee0e2877db5.yaml b/nuclei-templates/cve-less/plugins/wp-flybox-216ef8528cdb19a4a187eee0e2877db5.yaml new file mode 100644 index 0000000000..0d70bc6791 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-flybox-216ef8528cdb19a4a187eee0e2877db5.yaml @@ -0,0 +1,58 @@ +id: wp-flybox-216ef8528cdb19a4a187eee0e2877db5 + +info: + name: > + WP-FlyBox <= 6.46 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09c60d0a-bc1f-407f-aa0e-2ae0b7db5ae3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-flybox/" + google-query: inurl:"/wp-content/plugins/wp-flybox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-flybox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-flybox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-flybox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-font-awesome-7e2bbcff98524a357bbf2e605454a087.yaml b/nuclei-templates/cve-less/plugins/wp-font-awesome-7e2bbcff98524a357bbf2e605454a087.yaml new file mode 100644 index 0000000000..d287d68228 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-font-awesome-7e2bbcff98524a357bbf2e605454a087.yaml @@ -0,0 +1,58 @@ +id: wp-font-awesome-7e2bbcff98524a357bbf2e605454a087 + +info: + name: > + WP Font Awesome <= 1.7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d9c4c5c-78cd-4c58-911a-fb67de0c1dca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-font-awesome/" + google-query: inurl:"/wp-content/plugins/wp-font-awesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-font-awesome,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-font-awesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-font-awesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-font-awesome-cedcad8fb42c104219ce15d5179e2ec0.yaml b/nuclei-templates/cve-less/plugins/wp-font-awesome-cedcad8fb42c104219ce15d5179e2ec0.yaml new file mode 100644 index 0000000000..e7a06c99c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-font-awesome-cedcad8fb42c104219ce15d5179e2ec0.yaml @@ -0,0 +1,58 @@ +id: wp-font-awesome-cedcad8fb42c104219ce15d5179e2ec0 + +info: + name: > + WP Font Awesome <= 1.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59ee0b56-c11f-4951-aac0-8344200e4484?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-font-awesome/" + google-query: inurl:"/wp-content/plugins/wp-font-awesome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-font-awesome,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-font-awesome/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-font-awesome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-food-manager-af40b53dc8c1c75f92915027f96fff8f.yaml b/nuclei-templates/cve-less/plugins/wp-food-manager-af40b53dc8c1c75f92915027f96fff8f.yaml new file mode 100644 index 0000000000..c464553aa1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-food-manager-af40b53dc8c1c75f92915027f96fff8f.yaml @@ -0,0 +1,58 @@ +id: wp-food-manager-af40b53dc8c1c75f92915027f96fff8f + +info: + name: > + WP Food Manager <= 1.0.3 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a78b274-f83f-4168-a8d2-9ee945518b60?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-food-manager/" + google-query: inurl:"/wp-content/plugins/wp-food-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-food-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-food-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-food-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-football-40f4199a368e88456e06377e7668ed2b.yaml b/nuclei-templates/cve-less/plugins/wp-football-40f4199a368e88456e06377e7668ed2b.yaml new file mode 100644 index 0000000000..fcba8752ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-football-40f4199a368e88456e06377e7668ed2b.yaml @@ -0,0 +1,58 @@ +id: wp-football-40f4199a368e88456e06377e7668ed2b + +info: + name: > + wp-football <= 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15e06f6e-2a13-490e-8e41-d9f7db8e78e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-football/" + google-query: inurl:"/wp-content/plugins/wp-football/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-football,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-football/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-football" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-footnotes-a8ccc8e656f57b6f03393d18f5ac6d44.yaml b/nuclei-templates/cve-less/plugins/wp-footnotes-a8ccc8e656f57b6f03393d18f5ac6d44.yaml new file mode 100644 index 0000000000..9382ba7e9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-footnotes-a8ccc8e656f57b6f03393d18f5ac6d44.yaml @@ -0,0 +1,58 @@ +id: wp-footnotes-a8ccc8e656f57b6f03393d18f5ac6d44 + +info: + name: > + WP-Footnotes <= 2.2 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8369d83a-bfbf-4e29-8b0b-ceb371a271b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-footnotes/" + google-query: inurl:"/wp-content/plugins/wp-footnotes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-footnotes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-footnotes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-footnotes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-forecast-ac7ff3acb8eeb83f868977100c1901f2.yaml b/nuclei-templates/cve-less/plugins/wp-forecast-ac7ff3acb8eeb83f868977100c1901f2.yaml new file mode 100644 index 0000000000..60331b0db6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-forecast-ac7ff3acb8eeb83f868977100c1901f2.yaml @@ -0,0 +1,58 @@ +id: wp-forecast-ac7ff3acb8eeb83f868977100c1901f2 + +info: + name: > + wp-forecast <= 9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e53cd64c-9278-48cc-8181-1d6c40a05eb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-forecast/" + google-query: inurl:"/wp-content/plugins/wp-forecast/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-forecast,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-forecast/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-forecast" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-forecast-f00922a5d35b3c6ca276e64048795ab0.yaml b/nuclei-templates/cve-less/plugins/wp-forecast-f00922a5d35b3c6ca276e64048795ab0.yaml new file mode 100644 index 0000000000..41b218f72e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-forecast-f00922a5d35b3c6ca276e64048795ab0.yaml @@ -0,0 +1,58 @@ +id: wp-forecast-f00922a5d35b3c6ca276e64048795ab0 + +info: + name: > + wp-forecast <= 7.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0551a2ca-b920-4a60-9c16-0bb14fd63a23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-forecast/" + google-query: inurl:"/wp-content/plugins/wp-forecast/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-forecast,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-forecast/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-forecast" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-forms-puzzle-captcha-67bff2c5d8fb36a5ed2e0ba46f102703.yaml b/nuclei-templates/cve-less/plugins/wp-forms-puzzle-captcha-67bff2c5d8fb36a5ed2e0ba46f102703.yaml new file mode 100644 index 0000000000..6d431c6380 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-forms-puzzle-captcha-67bff2c5d8fb36a5ed2e0ba46f102703.yaml @@ -0,0 +1,58 @@ +id: wp-forms-puzzle-captcha-67bff2c5d8fb36a5ed2e0ba46f102703 + +info: + name: > + WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c75edd2-fc38-48b1-b58c-1d19c95c3db8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-forms-puzzle-captcha/" + google-query: inurl:"/wp-content/plugins/wp-forms-puzzle-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-forms-puzzle-captcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-forms-puzzle-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-forms-puzzle-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-forms-puzzle-captcha-d806a63c536300d0b583cd9fc85457ce.yaml b/nuclei-templates/cve-less/plugins/wp-forms-puzzle-captcha-d806a63c536300d0b583cd9fc85457ce.yaml new file mode 100644 index 0000000000..d02737b768 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-forms-puzzle-captcha-d806a63c536300d0b583cd9fc85457ce.yaml @@ -0,0 +1,58 @@ +id: wp-forms-puzzle-captcha-d806a63c536300d0b583cd9fc85457ce + +info: + name: > + WP Forms Puzzle Captcha <= 4.1 - Captcha Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58502e48-c1cf-4b94-954c-71046256c917?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-forms-puzzle-captcha/" + google-query: inurl:"/wp-content/plugins/wp-forms-puzzle-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-forms-puzzle-captcha,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-forms-puzzle-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-forms-puzzle-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-forms-puzzle-captcha-f1e4ab77de69b73a462cc92d770eba6e.yaml b/nuclei-templates/cve-less/plugins/wp-forms-puzzle-captcha-f1e4ab77de69b73a462cc92d770eba6e.yaml new file mode 100644 index 0000000000..ce2ec30133 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-forms-puzzle-captcha-f1e4ab77de69b73a462cc92d770eba6e.yaml @@ -0,0 +1,58 @@ +id: wp-forms-puzzle-captcha-f1e4ab77de69b73a462cc92d770eba6e + +info: + name: > + WP Forms Puzzle Captcha <= 4.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f34854a-5ca1-48a3-81d5-80f80f3a85fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-forms-puzzle-captcha/" + google-query: inurl:"/wp-content/plugins/wp-forms-puzzle-captcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-forms-puzzle-captcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-forms-puzzle-captcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-forms-puzzle-captcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-forum-6e024b27bbd5dc8c98695441370b8501.yaml b/nuclei-templates/cve-less/plugins/wp-forum-6e024b27bbd5dc8c98695441370b8501.yaml new file mode 100644 index 0000000000..c9f4c3e69e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-forum-6e024b27bbd5dc8c98695441370b8501.yaml @@ -0,0 +1,58 @@ +id: wp-forum-6e024b27bbd5dc8c98695441370b8501 + +info: + name: > + WP Forum <= 2.3 - Multiple SQL Injections + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8259785-b15b-49df-bf9c-9108a6a59070?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-forum/" + google-query: inurl:"/wp-content/plugins/wp-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-forum,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-forum-a6e364da6e9eb1d449de394f7ac6c782.yaml b/nuclei-templates/cve-less/plugins/wp-forum-a6e364da6e9eb1d449de394f7ac6c782.yaml new file mode 100644 index 0000000000..98db19bd6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-forum-a6e364da6e9eb1d449de394f7ac6c782.yaml @@ -0,0 +1,58 @@ +id: wp-forum-a6e364da6e9eb1d449de394f7ac6c782 + +info: + name: > + WP-Forum <= 1.7.4 - Remote SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1d354fc-8137-44fa-980a-215dbeb7d15c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-forum/" + google-query: inurl:"/wp-content/plugins/wp-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-forum,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fountain-5cd702313892426c4d5db9e30cd43042.yaml b/nuclei-templates/cve-less/plugins/wp-fountain-5cd702313892426c4d5db9e30cd43042.yaml new file mode 100644 index 0000000000..5750809a15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fountain-5cd702313892426c4d5db9e30cd43042.yaml @@ -0,0 +1,58 @@ +id: wp-fountain-5cd702313892426c4d5db9e30cd43042 + +info: + name: > + WP Fountain <= 1.5.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ded05261-36f2-4414-b30a-7467b0c79938?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fountain/" + google-query: inurl:"/wp-content/plugins/wp-fountain/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fountain,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fountain/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fountain" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-front-end-profile-0ed606409f522ba3351ac7659014c32c.yaml b/nuclei-templates/cve-less/plugins/wp-front-end-profile-0ed606409f522ba3351ac7659014c32c.yaml new file mode 100644 index 0000000000..ae88af9bfb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-front-end-profile-0ed606409f522ba3351ac7659014c32c.yaml @@ -0,0 +1,58 @@ +id: wp-front-end-profile-0ed606409f522ba3351ac7659014c32c + +info: + name: > + WP Front End Profile <= 0.2.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46825646-f611-4e9d-bee8-36656a1d54ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-front-end-profile/" + google-query: inurl:"/wp-content/plugins/wp-front-end-profile/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-front-end-profile,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-front-end-profile/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-front-end-profile" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-front-end-profile-c8cceb90ecf899fbb284e13c71ee2405.yaml b/nuclei-templates/cve-less/plugins/wp-front-end-profile-c8cceb90ecf899fbb284e13c71ee2405.yaml new file mode 100644 index 0000000000..14b0049906 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-front-end-profile-c8cceb90ecf899fbb284e13c71ee2405.yaml @@ -0,0 +1,58 @@ +id: wp-front-end-profile-c8cceb90ecf899fbb284e13c71ee2405 + +info: + name: > + WP Front End Profile <= 0.2.1 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8aefc77-b5fb-45b0-b3ba-67d850c72e77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-front-end-profile/" + google-query: inurl:"/wp-content/plugins/wp-front-end-profile/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-front-end-profile,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-front-end-profile/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-front-end-profile" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-front-end-profile-fc6a57b91ab486b0b4aef62bb7676ee2.yaml b/nuclei-templates/cve-less/plugins/wp-front-end-profile-fc6a57b91ab486b0b4aef62bb7676ee2.yaml new file mode 100644 index 0000000000..b11da4401c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-front-end-profile-fc6a57b91ab486b0b4aef62bb7676ee2.yaml @@ -0,0 +1,58 @@ +id: wp-front-end-profile-fc6a57b91ab486b0b4aef62bb7676ee2 + +info: + name: > + WP Frontend Profile <= 1.3.1 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91de6cf4-e5df-4130-bb96-92b89717a678?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-front-end-profile/" + google-query: inurl:"/wp-content/plugins/wp-front-end-profile/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-front-end-profile,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-front-end-profile/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-front-end-profile" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-full-auto-tags-manager-73b4a317dbf4f39375dbd58ae18a9d97.yaml b/nuclei-templates/cve-less/plugins/wp-full-auto-tags-manager-73b4a317dbf4f39375dbd58ae18a9d97.yaml new file mode 100644 index 0000000000..dea88bc5c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-full-auto-tags-manager-73b4a317dbf4f39375dbd58ae18a9d97.yaml @@ -0,0 +1,58 @@ +id: wp-full-auto-tags-manager-73b4a317dbf4f39375dbd58ae18a9d97 + +info: + name: > + WP Full Auto Tags Manager <= 2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bf209b8-7c12-4fc3-af7f-4fd25777caab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-full-auto-tags-manager/" + google-query: inurl:"/wp-content/plugins/wp-full-auto-tags-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-full-auto-tags-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-full-auto-tags-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-full-auto-tags-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-full-stripe-free-667e350f42b763781ac08f9d6c648e0b.yaml b/nuclei-templates/cve-less/plugins/wp-full-stripe-free-667e350f42b763781ac08f9d6c648e0b.yaml new file mode 100644 index 0000000000..f4d152d261 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-full-stripe-free-667e350f42b763781ac08f9d6c648e0b.yaml @@ -0,0 +1,58 @@ +id: wp-full-stripe-free-667e350f42b763781ac08f9d6c648e0b + +info: + name: > + WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7c630c0-b37f-48d5-a87c-8e7c60103a30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-full-stripe-free/" + google-query: inurl:"/wp-content/plugins/wp-full-stripe-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-full-stripe-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-full-stripe-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-full-stripe-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-full-stripe-free-75e488bcf8c81561792f2b21f5fbd763.yaml b/nuclei-templates/cve-less/plugins/wp-full-stripe-free-75e488bcf8c81561792f2b21f5fbd763.yaml new file mode 100644 index 0000000000..668783dd71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-full-stripe-free-75e488bcf8c81561792f2b21f5fbd763.yaml @@ -0,0 +1,58 @@ +id: wp-full-stripe-free-75e488bcf8c81561792f2b21f5fbd763 + +info: + name: > + WP Full Stripe Free <= 7.0.15 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4f7211b-0ff0-406e-9a0a-2dd7b1314d6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-full-stripe-free/" + google-query: inurl:"/wp-content/plugins/wp-full-stripe-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-full-stripe-free,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-full-stripe-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-full-stripe-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-full-stripe-free-c18b0aa1f2de13dec1ee3b9448c0e5ba.yaml b/nuclei-templates/cve-less/plugins/wp-full-stripe-free-c18b0aa1f2de13dec1ee3b9448c0e5ba.yaml new file mode 100644 index 0000000000..3e7140d072 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-full-stripe-free-c18b0aa1f2de13dec1ee3b9448c0e5ba.yaml @@ -0,0 +1,58 @@ +id: wp-full-stripe-free-c18b0aa1f2de13dec1ee3b9448c0e5ba + +info: + name: > + WP Full Stripe Free <= 7.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2afbc0a4-32ad-4fc4-9b10-5c06784f72f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-full-stripe-free/" + google-query: inurl:"/wp-content/plugins/wp-full-stripe-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-full-stripe-free,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-full-stripe-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-full-stripe-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fullcalendar-4d29004b4f45680a61808cd7f630a100.yaml b/nuclei-templates/cve-less/plugins/wp-fullcalendar-4d29004b4f45680a61808cd7f630a100.yaml new file mode 100644 index 0000000000..90fc1c5adb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fullcalendar-4d29004b4f45680a61808cd7f630a100.yaml @@ -0,0 +1,58 @@ +id: wp-fullcalendar-4d29004b4f45680a61808cd7f630a100 + +info: + name: > + WP FullCalendar <= 1.4.1 - Missing Authorization to Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27d25885-1a85-40a0-9759-3ae0c8d73d11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fullcalendar/" + google-query: inurl:"/wp-content/plugins/wp-fullcalendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fullcalendar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fullcalendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fullcalendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fundraising-donation-62232a302f7fe9f8b0db43176a902970.yaml b/nuclei-templates/cve-less/plugins/wp-fundraising-donation-62232a302f7fe9f8b0db43176a902970.yaml new file mode 100644 index 0000000000..296f2da6b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fundraising-donation-62232a302f7fe9f8b0db43176a902970.yaml @@ -0,0 +1,58 @@ +id: wp-fundraising-donation-62232a302f7fe9f8b0db43176a902970 + +info: + name: > + WP Fundraising Donation and Crowdfunding Platform <= 1.4.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdb35927-b239-4243-a2d0-2e2c2cc61668?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fundraising-donation/" + google-query: inurl:"/wp-content/plugins/wp-fundraising-donation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fundraising-donation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fundraising-donation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fundraising-donation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-funeral-press-45b180f701bbda6c2ac66302babf8238.yaml b/nuclei-templates/cve-less/plugins/wp-funeral-press-45b180f701bbda6c2ac66302babf8238.yaml new file mode 100644 index 0000000000..5fd86a5ec4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-funeral-press-45b180f701bbda6c2ac66302babf8238.yaml @@ -0,0 +1,58 @@ +id: wp-funeral-press-45b180f701bbda6c2ac66302babf8238 + +info: + name: > + WP FuneralPress <= 1.1.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5aeb5f26-32a4-4eba-829d-759e4c92a034?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-funeral-press/" + google-query: inurl:"/wp-content/plugins/wp-funeral-press/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-funeral-press,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-funeral-press/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-funeral-press" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fusion-lite-815613664281ce9641a420b93ff49909.yaml b/nuclei-templates/cve-less/plugins/wp-fusion-lite-815613664281ce9641a420b93ff49909.yaml new file mode 100644 index 0000000000..a057fc8787 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fusion-lite-815613664281ce9641a420b93ff49909.yaml @@ -0,0 +1,58 @@ +id: wp-fusion-lite-815613664281ce9641a420b93ff49909 + +info: + name: > + WP Fusion Lite <= 3.41.24 - Authenticated (Contributor+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d22013e5-896a-4dcb-bbe4-e6be7d697816?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fusion-lite/" + google-query: inurl:"/wp-content/plugins/wp-fusion-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fusion-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fusion-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fusion-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.41.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fusion-lite-91f81bae19c8e6b1e95305d25a17b6e0.yaml b/nuclei-templates/cve-less/plugins/wp-fusion-lite-91f81bae19c8e6b1e95305d25a17b6e0.yaml new file mode 100644 index 0000000000..144c98091f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fusion-lite-91f81bae19c8e6b1e95305d25a17b6e0.yaml @@ -0,0 +1,58 @@ +id: wp-fusion-lite-91f81bae19c8e6b1e95305d25a17b6e0 + +info: + name: > + WP Fusion Lite <= 3.37.18 – Cross-Site Request Forgery to Data Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a539a4e-f4df-46c7-83c2-9f189f081405?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fusion-lite/" + google-query: inurl:"/wp-content/plugins/wp-fusion-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fusion-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fusion-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fusion-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.37.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fusion-lite-cdfacbb67934ca9294af25220e6a52b7.yaml b/nuclei-templates/cve-less/plugins/wp-fusion-lite-cdfacbb67934ca9294af25220e6a52b7.yaml new file mode 100644 index 0000000000..3556e2ae20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fusion-lite-cdfacbb67934ca9294af25220e6a52b7.yaml @@ -0,0 +1,58 @@ +id: wp-fusion-lite-cdfacbb67934ca9294af25220e6a52b7 + +info: + name: > + WP Fusion Lite <= 3.37.18 – Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/651df16c-2472-4124-90a3-69b98e478ed3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fusion-lite/" + google-query: inurl:"/wp-content/plugins/wp-fusion-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fusion-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fusion-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fusion-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.37.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-fusion-lite-e8cf37239a5b69d21791d9c5728d4701.yaml b/nuclei-templates/cve-less/plugins/wp-fusion-lite-e8cf37239a5b69d21791d9c5728d4701.yaml new file mode 100644 index 0000000000..5a510d50ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-fusion-lite-e8cf37239a5b69d21791d9c5728d4701.yaml @@ -0,0 +1,58 @@ +id: wp-fusion-lite-e8cf37239a5b69d21791d9c5728d4701 + +info: + name: > + WP Fusion Lite – Marketing Automation and CRM Integration for WordPress <= 3.42.10 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b245791-6aac-4ee3-9278-5b7c01f13263?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-fusion-lite/" + google-query: inurl:"/wp-content/plugins/wp-fusion-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-fusion-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-fusion-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-fusion-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.42.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gallery-exporter-de0285827724428521077b71df2ee67d.yaml b/nuclei-templates/cve-less/plugins/wp-gallery-exporter-de0285827724428521077b71df2ee67d.yaml new file mode 100644 index 0000000000..c504dc79cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gallery-exporter-de0285827724428521077b71df2ee67d.yaml @@ -0,0 +1,58 @@ +id: wp-gallery-exporter-de0285827724428521077b71df2ee67d + +info: + name: > + WordPress Gallery Exporter <= 1.3 - Authenticated (Administrator+) Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b871883c-509b-4776-b550-349b3f5aa365?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gallery-exporter/" + google-query: inurl:"/wp-content/plugins/wp-gallery-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gallery-exporter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gallery-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gallery-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gallery-metabox-377dfbc1893c3f82b60d799556ea4360.yaml b/nuclei-templates/cve-less/plugins/wp-gallery-metabox-377dfbc1893c3f82b60d799556ea4360.yaml new file mode 100644 index 0000000000..e779b4d16c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gallery-metabox-377dfbc1893c3f82b60d799556ea4360.yaml @@ -0,0 +1,58 @@ +id: wp-gallery-metabox-377dfbc1893c3f82b60d799556ea4360 + +info: + name: > + WP Gallery Metabox <= 1.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46c4b7f7-e3e6-46b8-b959-07775db8bb6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gallery-metabox/" + google-query: inurl:"/wp-content/plugins/wp-gallery-metabox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gallery-metabox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gallery-metabox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gallery-metabox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-6e07c5d5d730f2ffaadc2b47ec323077.yaml b/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-6e07c5d5d730f2ffaadc2b47ec323077.yaml new file mode 100644 index 0000000000..da778c2469 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-6e07c5d5d730f2ffaadc2b47ec323077.yaml @@ -0,0 +1,58 @@ +id: wp-gdpr-compliance-6e07c5d5d730f2ffaadc2b47ec323077 + +info: + name: > + WP GDPR Compliance <= 2.0.23 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46fccb4e-8dd9-414d-bd65-e62acffee18d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gdpr-compliance/" + google-query: inurl:"/wp-content/plugins/wp-gdpr-compliance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gdpr-compliance,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gdpr-compliance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gdpr-compliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-7963dd486edaf4e2c2e742763011f365.yaml b/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-7963dd486edaf4e2c2e742763011f365.yaml new file mode 100644 index 0000000000..a18ee3e34f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-7963dd486edaf4e2c2e742763011f365.yaml @@ -0,0 +1,58 @@ +id: wp-gdpr-compliance-7963dd486edaf4e2c2e742763011f365 + +info: + name: > + WP GDPR Compliance <= 1.4.2 - Arbitrary Options Update and Action Calling + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9312c73d-8eb6-4ca0-a03b-566099dc6487?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gdpr-compliance/" + google-query: inurl:"/wp-content/plugins/wp-gdpr-compliance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gdpr-compliance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gdpr-compliance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gdpr-compliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-8501b849b0f302eafdaedb3a9eb077f6.yaml b/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-8501b849b0f302eafdaedb3a9eb077f6.yaml new file mode 100644 index 0000000000..db185b2bfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-8501b849b0f302eafdaedb3a9eb077f6.yaml @@ -0,0 +1,58 @@ +id: wp-gdpr-compliance-8501b849b0f302eafdaedb3a9eb077f6 + +info: + name: > + Cookie Information | Free GDPR Consent Solution <= 2.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c0b0bf7-55dd-40a1-8f12-f0ec0315c0ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gdpr-compliance/" + google-query: inurl:"/wp-content/plugins/wp-gdpr-compliance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gdpr-compliance,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gdpr-compliance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gdpr-compliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-9a25bf02d1d516ebfa83ea0a4af36e6d.yaml b/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-9a25bf02d1d516ebfa83ea0a4af36e6d.yaml new file mode 100644 index 0000000000..f55a552dfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gdpr-compliance-9a25bf02d1d516ebfa83ea0a4af36e6d.yaml @@ -0,0 +1,58 @@ +id: wp-gdpr-compliance-9a25bf02d1d516ebfa83ea0a4af36e6d + +info: + name: > + Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42a4ef37-c842-4925-b06a-3e6423337567?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gdpr-compliance/" + google-query: inurl:"/wp-content/plugins/wp-gdpr-compliance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gdpr-compliance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gdpr-compliance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gdpr-compliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gdpr-core-97711fb53683ab26635f9b3f2754784c.yaml b/nuclei-templates/cve-less/plugins/wp-gdpr-core-97711fb53683ab26635f9b3f2754784c.yaml new file mode 100644 index 0000000000..9d3929494c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gdpr-core-97711fb53683ab26635f9b3f2754784c.yaml @@ -0,0 +1,58 @@ +id: wp-gdpr-core-97711fb53683ab26635f9b3f2754784c + +info: + name: > + WP GDPR <= 2.1.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee3fdeb2-9e2a-4fe7-aa74-aaf60a74c060?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gdpr-core/" + google-query: inurl:"/wp-content/plugins/wp-gdpr-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gdpr-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gdpr-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gdpr-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gdpr-core-ccf9bbc2066dab286ce4f7f98f9f46d7.yaml b/nuclei-templates/cve-less/plugins/wp-gdpr-core-ccf9bbc2066dab286ce4f7f98f9f46d7.yaml new file mode 100644 index 0000000000..a1b6a87aac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gdpr-core-ccf9bbc2066dab286ce4f7f98f9f46d7.yaml @@ -0,0 +1,58 @@ +id: wp-gdpr-core-ccf9bbc2066dab286ce4f7f98f9f46d7 + +info: + name: > + WP GDPR <= 2.1.1 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/032e775a-97be-4d93-bac3-094e35be4b11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gdpr-core/" + google-query: inurl:"/wp-content/plugins/wp-gdpr-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gdpr-core,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gdpr-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gdpr-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-githuber-md-37948e20cc8aeb00d7f629d9bf7d79ee.yaml b/nuclei-templates/cve-less/plugins/wp-githuber-md-37948e20cc8aeb00d7f629d9bf7d79ee.yaml new file mode 100644 index 0000000000..ee7e2ce009 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-githuber-md-37948e20cc8aeb00d7f629d9bf7d79ee.yaml @@ -0,0 +1,58 @@ +id: wp-githuber-md-37948e20cc8aeb00d7f629d9bf7d79ee + +info: + name: > + WP Githuber MD <= 1.16.2 - Authenticated (Author+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6fda35d-8b82-4a7a-8db6-21dc38a841f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-githuber-md/" + google-query: inurl:"/wp-content/plugins/wp-githuber-md/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-githuber-md,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-githuber-md/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-githuber-md" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-glossary-782e75e9ade7cd09f2f9dfc0e07ecdf7.yaml b/nuclei-templates/cve-less/plugins/wp-glossary-782e75e9ade7cd09f2f9dfc0e07ecdf7.yaml new file mode 100644 index 0000000000..58129bb0d3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-glossary-782e75e9ade7cd09f2f9dfc0e07ecdf7.yaml @@ -0,0 +1,58 @@ +id: wp-glossary-782e75e9ade7cd09f2f9dfc0e07ecdf7 + +info: + name: > + Glossary <= 3.1.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fca34e4e-3324-4942-854b-a4511f88af8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-glossary/" + google-query: inurl:"/wp-content/plugins/wp-glossary/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-glossary,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-glossary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-glossary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-glossary-c8baa9ed85af66dd4a921b8f2c5af1ac.yaml b/nuclei-templates/cve-less/plugins/wp-glossary-c8baa9ed85af66dd4a921b8f2c5af1ac.yaml new file mode 100644 index 0000000000..499335463b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-glossary-c8baa9ed85af66dd4a921b8f2c5af1ac.yaml @@ -0,0 +1,58 @@ +id: wp-glossary-c8baa9ed85af66dd4a921b8f2c5af1ac + +info: + name: > + WP Glossary <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a189e25-0d9e-4e0c-b74d-e7f9d2556872?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-glossary/" + google-query: inurl:"/wp-content/plugins/wp-glossary/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-glossary,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-glossary/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-glossary" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gmappity-easy-google-maps-8f06cbf2f40450a7e41adaa2e12c5c0e.yaml b/nuclei-templates/cve-less/plugins/wp-gmappity-easy-google-maps-8f06cbf2f40450a7e41adaa2e12c5c0e.yaml new file mode 100644 index 0000000000..11becafcab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gmappity-easy-google-maps-8f06cbf2f40450a7e41adaa2e12c5c0e.yaml @@ -0,0 +1,58 @@ +id: wp-gmappity-easy-google-maps-8f06cbf2f40450a7e41adaa2e12c5c0e + +info: + name: > + Google Maps made Simple <= 0.6 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/262db9aa-0db5-48cd-a85b-3e6302e88a42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gmappity-easy-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-gmappity-easy-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gmappity-easy-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gmappity-easy-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gmappity-easy-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-analytics-events-cf4a1e3cd78f1384d3dc34cdb54fb3f8.yaml b/nuclei-templates/cve-less/plugins/wp-google-analytics-events-cf4a1e3cd78f1384d3dc34cdb54fb3f8.yaml new file mode 100644 index 0000000000..27edd9d4cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-analytics-events-cf4a1e3cd78f1384d3dc34cdb54fb3f8.yaml @@ -0,0 +1,58 @@ +id: wp-google-analytics-events-cf4a1e3cd78f1384d3dc34cdb54fb3f8 + +info: + name: > + WP Google Analytics Events <= 2.8.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb112c12-2587-46de-a688-d0f04e1ec431?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-analytics-events/" + google-query: inurl:"/wp-content/plugins/wp-google-analytics-events/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-analytics-events,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-analytics-events/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-analytics-events" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-fonts-693e37cf0d606fc058da1d65dc80c30a.yaml b/nuclei-templates/cve-less/plugins/wp-google-fonts-693e37cf0d606fc058da1d65dc80c30a.yaml new file mode 100644 index 0000000000..9a590265f4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-fonts-693e37cf0d606fc058da1d65dc80c30a.yaml @@ -0,0 +1,58 @@ +id: wp-google-fonts-693e37cf0d606fc058da1d65dc80c30a + +info: + name: > + WP Google Fonts <= 3.1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/561b2487-0d6a-4cc7-b41c-0e88f45d3038?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-fonts/" + google-query: inurl:"/wp-content/plugins/wp-google-fonts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-fonts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-fonts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-fonts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-0677fc472ce6636d2560dd0fee27206d.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-0677fc472ce6636d2560dd0fee27206d.yaml new file mode 100644 index 0000000000..0334d1dfba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-0677fc472ce6636d2560dd0fee27206d.yaml @@ -0,0 +1,58 @@ +id: wp-google-map-plugin-0677fc472ce6636d2560dd0fee27206d + +info: + name: > + WP Google Map Plugin < 2.3.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc3bc6e8-aae7-451e-b26a-cc5e8fcd0a33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-map-plugin/" + google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-map-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-map-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-0680dcfefb929cf836c59db202cd40da.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-0680dcfefb929cf836c59db202cd40da.yaml new file mode 100644 index 0000000000..cb05ada141 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-0680dcfefb929cf836c59db202cd40da.yaml @@ -0,0 +1,58 @@ +id: wp-google-map-plugin-0680dcfefb929cf836c59db202cd40da + +info: + name: > + WP Google Map Plugin <= 4.1.4 - Authenticated SQL Injection via Orderby + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/470d91c1-bcde-4497-a558-35bc0156ddca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-map-plugin/" + google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-map-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-map-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-map-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-09e6dfe7f784e608ed0fba91188d7274.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-09e6dfe7f784e608ed0fba91188d7274.yaml new file mode 100644 index 0000000000..646cb740f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-09e6dfe7f784e608ed0fba91188d7274.yaml @@ -0,0 +1,58 @@ +id: wp-google-map-plugin-09e6dfe7f784e608ed0fba91188d7274 + +info: + name: > + WP Google Map Plugin < 2.3.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8555b662-f1c8-418a-896e-1558e6e34c14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-map-plugin/" + google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-map-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-map-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-4778c289f09f336f1a397e49c205f5e1.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-4778c289f09f336f1a397e49c205f5e1.yaml new file mode 100644 index 0000000000..776ee53e70 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-4778c289f09f336f1a397e49c205f5e1.yaml @@ -0,0 +1,58 @@ +id: wp-google-map-plugin-4778c289f09f336f1a397e49c205f5e1 + +info: + name: > + WP Google Map Plugin <= 4.4.2 - Cross-Site Request Forgery via delete() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71f58781-3fb3-4eba-8e5a-f98f006f4607?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-map-plugin/" + google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-map-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-map-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-5237dfae31b24b8180bcd6193ab8bd7f.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-5237dfae31b24b8180bcd6193ab8bd7f.yaml new file mode 100644 index 0000000000..338aa6e3c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-5237dfae31b24b8180bcd6193ab8bd7f.yaml @@ -0,0 +1,58 @@ +id: wp-google-map-plugin-5237dfae31b24b8180bcd6193ab8bd7f + +info: + name: > + WP MAPS <= 4.3.9 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98553e47-f121-4300-b6d9-ab309516cf1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-map-plugin/" + google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-map-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-map-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-map-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-6a35bf1797897f8d13c75911c491ac65.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-6a35bf1797897f8d13c75911c491ac65.yaml new file mode 100644 index 0000000000..ff7fe5789e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-6a35bf1797897f8d13c75911c491ac65.yaml @@ -0,0 +1,58 @@ +id: wp-google-map-plugin-6a35bf1797897f8d13c75911c491ac65 + +info: + name: > + WP Google Map Plugin < 2.3.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f89718f2-e25b-4393-986a-34ef3076a59c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-map-plugin/" + google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-map-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-map-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-7149f44d871608d660e807410983089b.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-7149f44d871608d660e807410983089b.yaml new file mode 100644 index 0000000000..8df15f79dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-7149f44d871608d660e807410983089b.yaml @@ -0,0 +1,58 @@ +id: wp-google-map-plugin-7149f44d871608d660e807410983089b + +info: + name: > + WP MAPS – Easiest & Most Advanced WordPress Plugin for Google Maps < 4.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5aa41416-c945-489b-81a3-1222a5e24469?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-map-plugin/" + google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-map-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-map-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-map-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-7382281cd5a556c25b2c10e2b81ec2b8.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-7382281cd5a556c25b2c10e2b81ec2b8.yaml new file mode 100644 index 0000000000..bd2622a17f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-7382281cd5a556c25b2c10e2b81ec2b8.yaml @@ -0,0 +1,58 @@ +id: wp-google-map-plugin-7382281cd5a556c25b2c10e2b81ec2b8 + +info: + name: > + WP Google Map Plugin <= 3.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94f803f4-0a06-4b77-9483-5c63f6dfd2f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-map-plugin/" + google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-map-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-map-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-map-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-ab2c33982fe57a3db954e28d388810a5.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-ab2c33982fe57a3db954e28d388810a5.yaml new file mode 100644 index 0000000000..c318a45d9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-ab2c33982fe57a3db954e28d388810a5.yaml @@ -0,0 +1,58 @@ +id: wp-google-map-plugin-ab2c33982fe57a3db954e28d388810a5 + +info: + name: > + WP Google Map Plugin < 2.3.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca32fd93-cab3-431b-91c3-9ed244f9d1f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-map-plugin/" + google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-map-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-map-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-map-plugin-b619ff669f813db2e4bf72a01401c559.yaml b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-b619ff669f813db2e4bf72a01401c559.yaml new file mode 100644 index 0000000000..c522494065 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-map-plugin-b619ff669f813db2e4bf72a01401c559.yaml @@ -0,0 +1,58 @@ +id: wp-google-map-plugin-b619ff669f813db2e4bf72a01401c559 + +info: + name: > + WP MAPS – Easiest & Most Advanced WordPress Plugin for Google Maps <= 4.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/beceb191-654b-48ea-9b8f-3f4ca974160e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-map-plugin/" + google-query: inurl:"/wp-content/plugins/wp-google-map-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-map-plugin,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-map-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-map-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-019dd8c7d843763da77dfac2e01453aa.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-019dd8c7d843763da77dfac2e01453aa.yaml new file mode 100644 index 0000000000..aef0572b7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-019dd8c7d843763da77dfac2e01453aa.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-019dd8c7d843763da77dfac2e01453aa + +info: + name: > + WP Google Maps < 7.10.43 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b23d4868-068a-4ee9-8253-8f7063cdb03e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.10.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-2cd3d2328b9309d385778042d73c86e8.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-2cd3d2328b9309d385778042d73c86e8.yaml new file mode 100644 index 0000000000..73225cf56a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-2cd3d2328b9309d385778042d73c86e8.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-2cd3d2328b9309d385778042d73c86e8 + +info: + name: > + WP Google Maps <= 7.11.34 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4744edff-d130-4f45-93a0-a67ec91dbe10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.11.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-363421e443d86bf6a03f6199bd5c6045.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-363421e443d86bf6a03f6199bd5c6045.yaml new file mode 100644 index 0000000000..ea37814a86 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-363421e443d86bf6a03f6199bd5c6045.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-363421e443d86bf6a03f6199bd5c6045 + +info: + name: > + WP Google Maps <= 8.1.11 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/328438ba-128d-4094-83a5-bfd6e1616fa4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-69657f4112d937c57fc4155d562b7525.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-69657f4112d937c57fc4155d562b7525.yaml new file mode 100644 index 0000000000..32306f7cba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-69657f4112d937c57fc4155d562b7525.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-69657f4112d937c57fc4155d562b7525 + +info: + name: > + WP Go Maps <= 9.0.32 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/208c5ed1-879f-45ea-833e-d2e54c4f063f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-69aedfc905a5a0f0e668841416c424fd.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-69aedfc905a5a0f0e668841416c424fd.yaml new file mode 100644 index 0000000000..4c9b63a51c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-69aedfc905a5a0f0e668841416c424fd.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-69aedfc905a5a0f0e668841416c424fd + +info: + name: > + WP Google Maps <= 8.1.12 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84520916-3c9e-4b01-918f-d1fc86eb5e0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-73bf56678d08f13f561affd2573b6e8a.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-73bf56678d08f13f561affd2573b6e8a.yaml new file mode 100644 index 0000000000..349a025487 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-73bf56678d08f13f561affd2573b6e8a.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-73bf56678d08f13f561affd2573b6e8a + +info: + name: > + WP Go Maps (formerly WP Google Maps) <= 9.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67f405d0-7139-4b5c-ab3c-cd1de5592866?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-7b9a92238f85900b8c03567a6a71f188.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-7b9a92238f85900b8c03567a6a71f188.yaml new file mode 100644 index 0000000000..45854c09e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-7b9a92238f85900b8c03567a6a71f188.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-7b9a92238f85900b8c03567a6a71f188 + +info: + name: > + WP Google Maps <= 9.0.27 - Unauthenticated Stored Cross-Site Scripting via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a468814-ecb7-4414-9472-6c2aaa5f5c2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-8a13eb8b9bb39899a8b48afee98189b2.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-8a13eb8b9bb39899a8b48afee98189b2.yaml new file mode 100644 index 0000000000..c87dba5e95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-8a13eb8b9bb39899a8b48afee98189b2.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-8a13eb8b9bb39899a8b48afee98189b2 + +info: + name: > + WP Google Maps <= 9.0.29 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89dec659-5427-46bb-8250-1e4a132611df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-8c03b52626997e166cccabfb7426db2b.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-8c03b52626997e166cccabfb7426db2b.yaml new file mode 100644 index 0000000000..4111cad358 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-8c03b52626997e166cccabfb7426db2b.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-8c03b52626997e166cccabfb7426db2b + +info: + name: > + WP Go Maps <= 9.0.15 - Authenticated (Admin+) Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e7c1eab-78d7-48f8-810b-db6cea668d92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-9c83e22896300f312af778a1727c5b7c.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-9c83e22896300f312af778a1727c5b7c.yaml new file mode 100644 index 0000000000..9ca7109e41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-9c83e22896300f312af778a1727c5b7c.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-9c83e22896300f312af778a1727c5b7c + +info: + name: > + WP Go Maps (formerly WP Google Maps) <= 9.0.28 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c3115b-8921-429d-b517-b946edab1cd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-9fa457edab3267f4204b5dd4138a4aa0.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-9fa457edab3267f4204b5dd4138a4aa0.yaml new file mode 100644 index 0000000000..bdc62f4ea6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-9fa457edab3267f4204b5dd4138a4aa0.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-9fa457edab3267f4204b5dd4138a4aa0 + +info: + name: > + WP Google Maps <= 6.0.26 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17d3a2e4-d6f3-4302-91b0-2408ccd8958a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-ea627a7f49b873c84bcdde34c37b25bd.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-ea627a7f49b873c84bcdde34c37b25bd.yaml new file mode 100644 index 0000000000..9e8c118068 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-ea627a7f49b873c84bcdde34c37b25bd.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-ea627a7f49b873c84bcdde34c37b25bd + +info: + name: > + WP Go Maps (formerly WP Google Maps) <= 9.0.34 - Information Exposure to Potential Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/509cccbd-3aa0-45f1-84a0-387d678ebf65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-f4a3d95a0a4f34bdd233d89b3cc7dec8.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-f4a3d95a0a4f34bdd233d89b3cc7dec8.yaml new file mode 100644 index 0000000000..c9b2b91db4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-f4a3d95a0a4f34bdd233d89b3cc7dec8.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-f4a3d95a0a4f34bdd233d89b3cc7dec8 + +info: + name: > + WP Go Maps (formerly WP Google Maps) <= 7.11.17 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a672c18b-1426-49fd-9590-eab8204afd5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps/" + google-query: inurl:"/wp-content/plugins/wp-google-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-maps-pro-622602817799a1869bfcc5c18c23392a.yaml b/nuclei-templates/cve-less/plugins/wp-google-maps-pro-622602817799a1869bfcc5c18c23392a.yaml new file mode 100644 index 0000000000..530e96f942 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-maps-pro-622602817799a1869bfcc5c18c23392a.yaml @@ -0,0 +1,58 @@ +id: wp-google-maps-pro-622602817799a1869bfcc5c18c23392a + +info: + name: > + WP Google Maps Pro <= 8.1.11 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45700ca9-8bda-4148-b19f-86ed39c60117?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-maps-pro/" + google-query: inurl:"/wp-content/plugins/wp-google-maps-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-maps-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-maps-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-maps-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-my-business-auto-publish-1f645d98bf29f7b2e378ac42457eb0cd.yaml b/nuclei-templates/cve-less/plugins/wp-google-my-business-auto-publish-1f645d98bf29f7b2e378ac42457eb0cd.yaml new file mode 100644 index 0000000000..57bd8893fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-my-business-auto-publish-1f645d98bf29f7b2e378ac42457eb0cd.yaml @@ -0,0 +1,58 @@ +id: wp-google-my-business-auto-publish-1f645d98bf29f7b2e378ac42457eb0cd + +info: + name: > + WP Google My Business Auto Publish <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb9bcd3e-bb8c-4c7b-8904-56790acd2655?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-my-business-auto-publish/" + google-query: inurl:"/wp-content/plugins/wp-google-my-business-auto-publish/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-my-business-auto-publish,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-my-business-auto-publish/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-my-business-auto-publish" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-my-business-auto-publish-5bc39e042d909c5c804ae61b49719209.yaml b/nuclei-templates/cve-less/plugins/wp-google-my-business-auto-publish-5bc39e042d909c5c804ae61b49719209.yaml new file mode 100644 index 0000000000..39eae57e1e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-my-business-auto-publish-5bc39e042d909c5c804ae61b49719209.yaml @@ -0,0 +1,58 @@ +id: wp-google-my-business-auto-publish-5bc39e042d909c5c804ae61b49719209 + +info: + name: > + Auto Publish for Google My Business <= 3.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d4b9f07-a4a0-4cbd-a147-281570bc7f4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-my-business-auto-publish/" + google-query: inurl:"/wp-content/plugins/wp-google-my-business-auto-publish/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-my-business-auto-publish,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-my-business-auto-publish/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-my-business-auto-publish" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-places-review-slider-12c0516e02b16dc0e022502178a348b1.yaml b/nuclei-templates/cve-less/plugins/wp-google-places-review-slider-12c0516e02b16dc0e022502178a348b1.yaml new file mode 100644 index 0000000000..f81d5531f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-places-review-slider-12c0516e02b16dc0e022502178a348b1.yaml @@ -0,0 +1,58 @@ +id: wp-google-places-review-slider-12c0516e02b16dc0e022502178a348b1 + +info: + name: > + WP Google Review Slider <= 13.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fe11179-6e18-44ae-a5f9-334e334cff73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-places-review-slider/" + google-query: inurl:"/wp-content/plugins/wp-google-places-review-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-places-review-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-places-review-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-places-review-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-places-review-slider-63e8aaca3bf1d75703f616e718360745.yaml b/nuclei-templates/cve-less/plugins/wp-google-places-review-slider-63e8aaca3bf1d75703f616e718360745.yaml new file mode 100644 index 0000000000..71ad866d3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-places-review-slider-63e8aaca3bf1d75703f616e718360745.yaml @@ -0,0 +1,58 @@ +id: wp-google-places-review-slider-63e8aaca3bf1d75703f616e718360745 + +info: + name: > + WP Google Review Slider <= 11.7 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cbb1e71-baf1-4d1d-96c8-93fd2686297d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-places-review-slider/" + google-query: inurl:"/wp-content/plugins/wp-google-places-review-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-places-review-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-places-review-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-places-review-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-places-review-slider-8f14563b89ae2fb865ea87d5f251bc48.yaml b/nuclei-templates/cve-less/plugins/wp-google-places-review-slider-8f14563b89ae2fb865ea87d5f251bc48.yaml new file mode 100644 index 0000000000..c6a55f5f44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-places-review-slider-8f14563b89ae2fb865ea87d5f251bc48.yaml @@ -0,0 +1,58 @@ +id: wp-google-places-review-slider-8f14563b89ae2fb865ea87d5f251bc48 + +info: + name: > + WP Google Review Slider <= 11.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5985318-2ce6-4ecb-a92f-362bc5909bd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-places-review-slider/" + google-query: inurl:"/wp-content/plugins/wp-google-places-review-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-places-review-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-places-review-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-places-review-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-google-tag-manager-8a0f63d90f622470f02014f08a84be2f.yaml b/nuclei-templates/cve-less/plugins/wp-google-tag-manager-8a0f63d90f622470f02014f08a84be2f.yaml new file mode 100644 index 0000000000..0eb0a27ca0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-google-tag-manager-8a0f63d90f622470f02014f08a84be2f.yaml @@ -0,0 +1,58 @@ +id: wp-google-tag-manager-8a0f63d90f622470f02014f08a84be2f + +info: + name: > + WP Google Tag Manager <= 1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1cb265d8-eb18-42ee-9141-2fe81c0c4585?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-google-tag-manager/" + google-query: inurl:"/wp-content/plugins/wp-google-tag-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-google-tag-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-google-tag-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-google-tag-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gotowebinar-352c9721f769a69dbdfdbca5d48088a2.yaml b/nuclei-templates/cve-less/plugins/wp-gotowebinar-352c9721f769a69dbdfdbca5d48088a2.yaml new file mode 100644 index 0000000000..4630ed83c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gotowebinar-352c9721f769a69dbdfdbca5d48088a2.yaml @@ -0,0 +1,58 @@ +id: wp-gotowebinar-352c9721f769a69dbdfdbca5d48088a2 + +info: + name: > + WP GoToWebinar <= 14.45 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e40f07b5-9e6e-430b-86fc-3bb863a51b01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gotowebinar/" + google-query: inurl:"/wp-content/plugins/wp-gotowebinar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gotowebinar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gotowebinar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gotowebinar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.45') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gotowebinar-7ef847bd47bcec43447f7d6368de1312.yaml b/nuclei-templates/cve-less/plugins/wp-gotowebinar-7ef847bd47bcec43447f7d6368de1312.yaml new file mode 100644 index 0000000000..faa45009a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gotowebinar-7ef847bd47bcec43447f7d6368de1312.yaml @@ -0,0 +1,58 @@ +id: wp-gotowebinar-7ef847bd47bcec43447f7d6368de1312 + +info: + name: > + WP GoToWebinar <= 14.46 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b229ea2-3a7d-42bd-a235-ffd18e206c8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gotowebinar/" + google-query: inurl:"/wp-content/plugins/wp-gotowebinar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gotowebinar,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gotowebinar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gotowebinar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gpx-maps-2948a715e4c44d771b627432c9f5701c.yaml b/nuclei-templates/cve-less/plugins/wp-gpx-maps-2948a715e4c44d771b627432c9f5701c.yaml new file mode 100644 index 0000000000..2941865d04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gpx-maps-2948a715e4c44d771b627432c9f5701c.yaml @@ -0,0 +1,58 @@ +id: wp-gpx-maps-2948a715e4c44d771b627432c9f5701c + +info: + name: > + WP GPX Maps < 1.1.23 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7a6eff3-a592-4476-aff4-c133bb4e5870?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gpx-maps/" + google-query: inurl:"/wp-content/plugins/wp-gpx-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gpx-maps,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gpx-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gpx-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-gpx-maps-87f838d84fa79999236dcd79f1342013.yaml b/nuclei-templates/cve-less/plugins/wp-gpx-maps-87f838d84fa79999236dcd79f1342013.yaml new file mode 100644 index 0000000000..5c131d563d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-gpx-maps-87f838d84fa79999236dcd79f1342013.yaml @@ -0,0 +1,58 @@ +id: wp-gpx-maps-87f838d84fa79999236dcd79f1342013 + +info: + name: > + WP GPX Map <= 1.7.05 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/625c1df5-6655-4319-8833-5519b464e53e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-gpx-maps/" + google-query: inurl:"/wp-content/plugins/wp-gpx-maps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-gpx-maps,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-gpx-maps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-gpx-maps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-graphql-026295425673c504bf7857c72ec29c89.yaml b/nuclei-templates/cve-less/plugins/wp-graphql-026295425673c504bf7857c72ec29c89.yaml new file mode 100644 index 0000000000..cbb81db8a3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-graphql-026295425673c504bf7857c72ec29c89.yaml @@ -0,0 +1,58 @@ +id: wp-graphql-026295425673c504bf7857c72ec29c89 + +info: + name: > + WPGraphQL <= 0.2.3 - Administrative User Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80e74852-517e-4cd0-a7d3-6f6fe3433bff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-graphql/" + google-query: inurl:"/wp-content/plugins/wp-graphql/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-graphql,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-graphql/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-graphql" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-graphql-3ce969cc21aaadf47f9f21f5d1e9275b.yaml b/nuclei-templates/cve-less/plugins/wp-graphql-3ce969cc21aaadf47f9f21f5d1e9275b.yaml new file mode 100644 index 0000000000..3004469ff0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-graphql-3ce969cc21aaadf47f9f21f5d1e9275b.yaml @@ -0,0 +1,58 @@ +id: wp-graphql-3ce969cc21aaadf47f9f21f5d1e9275b + +info: + name: > + WPGraphQL <= 1.3.5 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd22276b-41d4-4795-a79e-d770d0cf4b76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-graphql/" + google-query: inurl:"/wp-content/plugins/wp-graphql/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-graphql,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-graphql/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-graphql" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-graphql-57520ddea3aef158b3f4c190e8c7e07c.yaml b/nuclei-templates/cve-less/plugins/wp-graphql-57520ddea3aef158b3f4c190e8c7e07c.yaml new file mode 100644 index 0000000000..031a341e0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-graphql-57520ddea3aef158b3f4c190e8c7e07c.yaml @@ -0,0 +1,58 @@ +id: wp-graphql-57520ddea3aef158b3f4c190e8c7e07c + +info: + name: > + WPGraphQL <= 0.2.3 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cb7bc91-b2e9-4ede-80cf-6b961ac6dcb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-graphql/" + google-query: inurl:"/wp-content/plugins/wp-graphql/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-graphql,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-graphql/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-graphql" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-graphql-b238fd34b5c3e924a09fd674d5421611.yaml b/nuclei-templates/cve-less/plugins/wp-graphql-b238fd34b5c3e924a09fd674d5421611.yaml new file mode 100644 index 0000000000..54604eadb3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-graphql-b238fd34b5c3e924a09fd674d5421611.yaml @@ -0,0 +1,58 @@ +id: wp-graphql-b238fd34b5c3e924a09fd674d5421611 + +info: + name: > + WPGraphQL <= 1.14.5 - Authenticated (Editor+) Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38efd6d6-b931-41a7-b55d-b98cdeef4145?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-graphql/" + google-query: inurl:"/wp-content/plugins/wp-graphql/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-graphql,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-graphql/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-graphql" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.14.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-graphql-b842e16402f90d1b3c5bd6bd8d47b010.yaml b/nuclei-templates/cve-less/plugins/wp-graphql-b842e16402f90d1b3c5bd6bd8d47b010.yaml new file mode 100644 index 0000000000..662dac6693 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-graphql-b842e16402f90d1b3c5bd6bd8d47b010.yaml @@ -0,0 +1,58 @@ +id: wp-graphql-b842e16402f90d1b3c5bd6bd8d47b010 + +info: + name: > + WPGraphQL <= 0.2.3 - Unauthenticated Comment Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2be9815d-56c6-4574-9b4c-75fff40a148d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-graphql/" + google-query: inurl:"/wp-content/plugins/wp-graphql/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-graphql,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-graphql/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-graphql" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-graphql-ffeca4920c42635f66f540ad7d4822e8.yaml b/nuclei-templates/cve-less/plugins/wp-graphql-ffeca4920c42635f66f540ad7d4822e8.yaml new file mode 100644 index 0000000000..dea933ef78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-graphql-ffeca4920c42635f66f540ad7d4822e8.yaml @@ -0,0 +1,58 @@ +id: wp-graphql-ffeca4920c42635f66f540ad7d4822e8 + +info: + name: > + WPGraphQL <= 0.3.4 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af455697-59da-488e-82fe-bb0fad65a810?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-graphql/" + google-query: inurl:"/wp-content/plugins/wp-graphql/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-graphql,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-graphql/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-graphql" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-graphql-woocommerce-bc8d13f34974a281819e2214a599c545.yaml b/nuclei-templates/cve-less/plugins/wp-graphql-woocommerce-bc8d13f34974a281819e2214a599c545.yaml new file mode 100644 index 0000000000..87d315133e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-graphql-woocommerce-bc8d13f34974a281819e2214a599c545.yaml @@ -0,0 +1,58 @@ +id: wp-graphql-woocommerce-bc8d13f34974a281819e2214a599c545 + +info: + name: > + WPGraphQL WooCommerce <= 0.11.0 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c926145-f0b5-44cf-bea6-e9bdf6e8e687?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-graphql-woocommerce/" + google-query: inurl:"/wp-content/plugins/wp-graphql-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-graphql-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-graphql-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-graphql-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.11.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-guestmap-25e2788cf757f6544d551ea3a1e2ff53.yaml b/nuclei-templates/cve-less/plugins/wp-guestmap-25e2788cf757f6544d551ea3a1e2ff53.yaml new file mode 100644 index 0000000000..95fc9f4877 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-guestmap-25e2788cf757f6544d551ea3a1e2ff53.yaml @@ -0,0 +1,58 @@ +id: wp-guestmap-25e2788cf757f6544d551ea3a1e2ff53 + +info: + name: > + WP Guestmap <= 1.8 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54560426-a9c9-4a60-9690-8e797e0e7e8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-guestmap/" + google-query: inurl:"/wp-content/plugins/wp-guestmap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-guestmap,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-guestmap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-guestmap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-guppy-a903ab4eb75c172e6eca10c67cb489f2.yaml b/nuclei-templates/cve-less/plugins/wp-guppy-a903ab4eb75c172e6eca10c67cb489f2.yaml new file mode 100644 index 0000000000..f34607d44b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-guppy-a903ab4eb75c172e6eca10c67cb489f2.yaml @@ -0,0 +1,58 @@ +id: wp-guppy-a903ab4eb75c172e6eca10c67cb489f2 + +info: + name: > + WP Guppy < 1.3 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1983cc82-c527-47d9-84ba-f903dda1b1ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-guppy/" + google-query: inurl:"/wp-content/plugins/wp-guppy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-guppy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-guppy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-guppy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-header-images-40e3027a5e804a97b0f46e2e4f30f502.yaml b/nuclei-templates/cve-less/plugins/wp-header-images-40e3027a5e804a97b0f46e2e4f30f502.yaml new file mode 100644 index 0000000000..0075dad5a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-header-images-40e3027a5e804a97b0f46e2e4f30f502.yaml @@ -0,0 +1,58 @@ +id: wp-header-images-40e3027a5e804a97b0f46e2e4f30f502 + +info: + name: > + WP Header Images <= 2.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43412c79-3612-4e73-ba79-cb8688e776fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-header-images/" + google-query: inurl:"/wp-content/plugins/wp-header-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-header-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-header-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-header-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-helper-lite-7a5eb553f654c8abb18f57d79b8b5c6d.yaml b/nuclei-templates/cve-less/plugins/wp-helper-lite-7a5eb553f654c8abb18f57d79b8b5c6d.yaml new file mode 100644 index 0000000000..4a7b2e6832 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-helper-lite-7a5eb553f654c8abb18f57d79b8b5c6d.yaml @@ -0,0 +1,58 @@ +id: wp-helper-lite-7a5eb553f654c8abb18f57d79b8b5c6d + +info: + name: > + WP Helper Premium <= 4.5.1 - Cross-Site Request Forgery via whp_fields + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73e2c5bd-c81d-48ee-a5fc-346dd820d0a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-helper-lite/" + google-query: inurl:"/wp-content/plugins/wp-helper-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-helper-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-helper-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-helper-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-helper-lite-a7962c57d554ba3791bc1c180659f4a3.yaml b/nuclei-templates/cve-less/plugins/wp-helper-lite-a7962c57d554ba3791bc1c180659f4a3.yaml new file mode 100644 index 0000000000..45a17f5554 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-helper-lite-a7962c57d554ba3791bc1c180659f4a3.yaml @@ -0,0 +1,58 @@ +id: wp-helper-lite-a7962c57d554ba3791bc1c180659f4a3 + +info: + name: > + WP Helper Premium <= 4.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce8526f0-9dfb-4020-aa58-d2ff5bd652bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-helper-lite/" + google-query: inurl:"/wp-content/plugins/wp-helper-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-helper-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-helper-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-helper-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-helper-lite-b94cc0b7afe53c571ed57e681c321c40.yaml b/nuclei-templates/cve-less/plugins/wp-helper-lite-b94cc0b7afe53c571ed57e681c321c40.yaml new file mode 100644 index 0000000000..12224f4318 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-helper-lite-b94cc0b7afe53c571ed57e681c321c40.yaml @@ -0,0 +1,58 @@ +id: wp-helper-lite-b94cc0b7afe53c571ed57e681c321c40 + +info: + name: > + WP Helper Premium < 4.6.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faa3eb51-fdee-443e-aacb-04900f609efd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-helper-lite/" + google-query: inurl:"/wp-content/plugins/wp-helper-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-helper-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-helper-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-helper-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hide-9e68449652754ef8472e39a728f388be.yaml b/nuclei-templates/cve-less/plugins/wp-hide-9e68449652754ef8472e39a728f388be.yaml new file mode 100644 index 0000000000..439d2e72f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hide-9e68449652754ef8472e39a728f388be.yaml @@ -0,0 +1,58 @@ +id: wp-hide-9e68449652754ef8472e39a728f388be + +info: + name: > + WP Hide <= 0.0.2 - Missing Authorization to Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e534021-1c63-4db9-914b-7f9b3b613087?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hide/" + google-query: inurl:"/wp-content/plugins/wp-hide/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hide,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hide-backed-notices-d44a9e8c9bb990d8de78849d0af5d4fe.yaml b/nuclei-templates/cve-less/plugins/wp-hide-backed-notices-d44a9e8c9bb990d8de78849d0af5d4fe.yaml new file mode 100644 index 0000000000..e822457987 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hide-backed-notices-d44a9e8c9bb990d8de78849d0af5d4fe.yaml @@ -0,0 +1,58 @@ +id: wp-hide-backed-notices-d44a9e8c9bb990d8de78849d0af5d4fe + +info: + name: > + Hide Dashboard Notifications <= 1.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/186e4147-4cb4-4337-9c3c-d47589b06b20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hide-backed-notices/" + google-query: inurl:"/wp-content/plugins/wp-hide-backed-notices/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hide-backed-notices,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hide-backed-notices/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hide-backed-notices" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hide-pages-0d6956dd795b21ad1b36b190e37feb8e.yaml b/nuclei-templates/cve-less/plugins/wp-hide-pages-0d6956dd795b21ad1b36b190e37feb8e.yaml new file mode 100644 index 0000000000..324cf505b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hide-pages-0d6956dd795b21ad1b36b190e37feb8e.yaml @@ -0,0 +1,58 @@ +id: wp-hide-pages-0d6956dd795b21ad1b36b190e37feb8e + +info: + name: > + WP Hide Pages <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46e7ca97-6dd9-4e27-8e69-2e73f9490ea7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hide-pages/" + google-query: inurl:"/wp-content/plugins/wp-hide-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hide-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hide-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hide-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hide-post-1f01b8aac13069c5d246c4165063f59f.yaml b/nuclei-templates/cve-less/plugins/wp-hide-post-1f01b8aac13069c5d246c4165063f59f.yaml new file mode 100644 index 0000000000..93ec4371aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hide-post-1f01b8aac13069c5d246c4165063f59f.yaml @@ -0,0 +1,58 @@ +id: wp-hide-post-1f01b8aac13069c5d246c4165063f59f + +info: + name: > + WP Hide Post <= 2.0.10 - Cross-Site Request Forgery via save_bulk_edit_data + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c957f3f-fb98-49ff-b317-93b1accd0d47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hide-post/" + google-query: inurl:"/wp-content/plugins/wp-hide-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hide-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hide-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hide-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hide-security-enhancer-7d8abe3c50b03fecc955bd5577c71ca3.yaml b/nuclei-templates/cve-less/plugins/wp-hide-security-enhancer-7d8abe3c50b03fecc955bd5577c71ca3.yaml new file mode 100644 index 0000000000..a06a514f38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hide-security-enhancer-7d8abe3c50b03fecc955bd5577c71ca3.yaml @@ -0,0 +1,58 @@ +id: wp-hide-security-enhancer-7d8abe3c50b03fecc955bd5577c71ca3 + +info: + name: > + WP Hide & Security Enhancer <= 1.7.9.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08aa24a3-4306-4857-88ac-ecdcc578cdf5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hide-security-enhancer/" + google-query: inurl:"/wp-content/plugins/wp-hide-security-enhancer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hide-security-enhancer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hide-security-enhancer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hide-security-enhancer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hijri-4daf2f8ba4a45a7e36fb255ce745667e.yaml b/nuclei-templates/cve-less/plugins/wp-hijri-4daf2f8ba4a45a7e36fb255ce745667e.yaml new file mode 100644 index 0000000000..0694b46e6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hijri-4daf2f8ba4a45a7e36fb255ce745667e.yaml @@ -0,0 +1,58 @@ +id: wp-hijri-4daf2f8ba4a45a7e36fb255ce745667e + +info: + name: > + WP-Hijri <= 1.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67aaf9fa-e92b-42f2-94ac-f27c5d073002?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hijri/" + google-query: inurl:"/wp-content/plugins/wp-hijri/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hijri,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hijri/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hijri" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-home-page-menu-1663017756a06282bb3d18d015739d82.yaml b/nuclei-templates/cve-less/plugins/wp-home-page-menu-1663017756a06282bb3d18d015739d82.yaml new file mode 100644 index 0000000000..fe25d940ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-home-page-menu-1663017756a06282bb3d18d015739d82.yaml @@ -0,0 +1,58 @@ +id: wp-home-page-menu-1663017756a06282bb3d18d015739d82 + +info: + name: > + WP Home Page Menu < 3.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9394801-4a74-4327-9afd-35f4166c2abb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-home-page-menu/" + google-query: inurl:"/wp-content/plugins/wp-home-page-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-home-page-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-home-page-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-home-page-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-homepage-slideshow-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-homepage-slideshow-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..d35617f938 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-homepage-slideshow-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-homepage-slideshow-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-homepage-slideshow/" + google-query: inurl:"/wp-content/plugins/wp-homepage-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-homepage-slideshow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-homepage-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-homepage-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hotel-booking-1ca57b94b0c3924da7aeb6a7b470fb34.yaml b/nuclei-templates/cve-less/plugins/wp-hotel-booking-1ca57b94b0c3924da7aeb6a7b470fb34.yaml new file mode 100644 index 0000000000..b6063dbddc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hotel-booking-1ca57b94b0c3924da7aeb6a7b470fb34.yaml @@ -0,0 +1,58 @@ +id: wp-hotel-booking-1ca57b94b0c3924da7aeb6a7b470fb34 + +info: + name: > + WP Hotel Booking <= 1.10.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71fe1729-4bb5-4b95-9183-b4d793bcfd72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hotel-booking/" + google-query: inurl:"/wp-content/plugins/wp-hotel-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hotel-booking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hotel-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hotel-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hotel-booking-1dcd89bf2988fc6137fe33f02a552c95.yaml b/nuclei-templates/cve-less/plugins/wp-hotel-booking-1dcd89bf2988fc6137fe33f02a552c95.yaml new file mode 100644 index 0000000000..e1854cb696 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hotel-booking-1dcd89bf2988fc6137fe33f02a552c95.yaml @@ -0,0 +1,58 @@ +id: wp-hotel-booking-1dcd89bf2988fc6137fe33f02a552c95 + +info: + name: > + WP Hotel Booking <= 1.10.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd9826d7-f8f5-4d3d-8145-3d4e6a63d784?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hotel-booking/" + google-query: inurl:"/wp-content/plugins/wp-hotel-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hotel-booking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hotel-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hotel-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.10.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hotel-booking-9d40d7d424169039478e2bac7970cbe4.yaml b/nuclei-templates/cve-less/plugins/wp-hotel-booking-9d40d7d424169039478e2bac7970cbe4.yaml new file mode 100644 index 0000000000..f0df1e288a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hotel-booking-9d40d7d424169039478e2bac7970cbe4.yaml @@ -0,0 +1,58 @@ +id: wp-hotel-booking-9d40d7d424169039478e2bac7970cbe4 + +info: + name: > + WP Hotel Booking <= 1.10.3 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c31d037-1f9e-4887-aaff-3c32fb8b4501?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hotel-booking/" + google-query: inurl:"/wp-content/plugins/wp-hotel-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hotel-booking,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hotel-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hotel-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hotel-booking-b9f4dda3ee3f676f0c301784c74a1eb5.yaml b/nuclei-templates/cve-less/plugins/wp-hotel-booking-b9f4dda3ee3f676f0c301784c74a1eb5.yaml new file mode 100644 index 0000000000..e9c498f60b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hotel-booking-b9f4dda3ee3f676f0c301784c74a1eb5.yaml @@ -0,0 +1,58 @@ +id: wp-hotel-booking-b9f4dda3ee3f676f0c301784c74a1eb5 + +info: + name: > + WP Hotel Booking <= 2.0.7 - Missing Authorization to (Subscriber+) Arbitrary Post Deletion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0439d2ee-7742-4aa7-ba4e-db55c6b2718e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hotel-booking/" + google-query: inurl:"/wp-content/plugins/wp-hotel-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hotel-booking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hotel-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hotel-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hotel-booking-c965265cd81e4009a888757a2fe10108.yaml b/nuclei-templates/cve-less/plugins/wp-hotel-booking-c965265cd81e4009a888757a2fe10108.yaml new file mode 100644 index 0000000000..8652e99e92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hotel-booking-c965265cd81e4009a888757a2fe10108.yaml @@ -0,0 +1,58 @@ +id: wp-hotel-booking-c965265cd81e4009a888757a2fe10108 + +info: + name: > + WP Hotel Booking <= 2.0.7 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6a02da1-b005-4fa9-9657-1c5f019f3858?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hotel-booking/" + google-query: inurl:"/wp-content/plugins/wp-hotel-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hotel-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hotel-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hotel-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hotel-booking-e2b770c20c0fc55c7a4f89e727dd45de.yaml b/nuclei-templates/cve-less/plugins/wp-hotel-booking-e2b770c20c0fc55c7a4f89e727dd45de.yaml new file mode 100644 index 0000000000..dfc636bf78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hotel-booking-e2b770c20c0fc55c7a4f89e727dd45de.yaml @@ -0,0 +1,58 @@ +id: wp-hotel-booking-e2b770c20c0fc55c7a4f89e727dd45de + +info: + name: > + WP Hotel Booking <= 2.0.9.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/489256a8-e28f-4d7c-895a-928e9463bb1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hotel-booking/" + google-query: inurl:"/wp-content/plugins/wp-hotel-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hotel-booking,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hotel-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hotel-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-hotel-booking-f3912809d80374ed45475cdb257fbe88.yaml b/nuclei-templates/cve-less/plugins/wp-hotel-booking-f3912809d80374ed45475cdb257fbe88.yaml new file mode 100644 index 0000000000..f530757ba0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-hotel-booking-f3912809d80374ed45475cdb257fbe88.yaml @@ -0,0 +1,58 @@ +id: wp-hotel-booking-f3912809d80374ed45475cdb257fbe88 + +info: + name: > + WP Hotel Booking <= 2.0.8 - Insufficient Authorization to Unauthorized Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/370ccbad-4001-4af5-8d32-fd6b04a8fc41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-hotel-booking/" + google-query: inurl:"/wp-content/plugins/wp-hotel-booking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-hotel-booking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-hotel-booking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-hotel-booking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-htaccess-control-4c313c7653b942a477e04e3a6c17f18a.yaml b/nuclei-templates/cve-less/plugins/wp-htaccess-control-4c313c7653b942a477e04e3a6c17f18a.yaml new file mode 100644 index 0000000000..74afd06e12 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-htaccess-control-4c313c7653b942a477e04e3a6c17f18a.yaml @@ -0,0 +1,58 @@ +id: wp-htaccess-control-4c313c7653b942a477e04e3a6c17f18a + +info: + name: > + WP htaccess Control <= 3.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6741b770-79d3-4797-8f8f-4ca83fde4705?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-htaccess-control/" + google-query: inurl:"/wp-content/plugins/wp-htaccess-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-htaccess-control,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-htaccess-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-htaccess-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-html-author-bio-by-ahmad-awais-752b08f32f0cfee54f18be53421a36cb.yaml b/nuclei-templates/cve-less/plugins/wp-html-author-bio-by-ahmad-awais-752b08f32f0cfee54f18be53421a36cb.yaml new file mode 100644 index 0000000000..28d66aa42d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-html-author-bio-by-ahmad-awais-752b08f32f0cfee54f18be53421a36cb.yaml @@ -0,0 +1,58 @@ +id: wp-html-author-bio-by-ahmad-awais-752b08f32f0cfee54f18be53421a36cb + +info: + name: > + WP HTML Author Bio <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11b640a9-a031-4061-a4d2-93decd634acf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-html-author-bio-by-ahmad-awais/" + google-query: inurl:"/wp-content/plugins/wp-html-author-bio-by-ahmad-awais/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-html-author-bio-by-ahmad-awais,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-html-author-bio-by-ahmad-awais/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-html-author-bio-by-ahmad-awais" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-html-mail-0d54afc8ed70fc0c6271f164073322bf.yaml b/nuclei-templates/cve-less/plugins/wp-html-mail-0d54afc8ed70fc0c6271f164073322bf.yaml new file mode 100644 index 0000000000..72591bc629 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-html-mail-0d54afc8ed70fc0c6271f164073322bf.yaml @@ -0,0 +1,58 @@ +id: wp-html-mail-0d54afc8ed70fc0c6271f164073322bf + +info: + name: > + WP HTML Mail < 2.9.1 - HTML Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3af900c-4048-4f4f-93e9-c60ca34d015b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-html-mail/" + google-query: inurl:"/wp-content/plugins/wp-html-mail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-html-mail,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-html-mail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-html-mail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-html-mail-29dfa6e3862f7e4332686362811dfe12.yaml b/nuclei-templates/cve-less/plugins/wp-html-mail-29dfa6e3862f7e4332686362811dfe12.yaml new file mode 100644 index 0000000000..258bf1bfff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-html-mail-29dfa6e3862f7e4332686362811dfe12.yaml @@ -0,0 +1,58 @@ +id: wp-html-mail-29dfa6e3862f7e4332686362811dfe12 + +info: + name: > + WP HTML Mail <= 3.0.9 - Missing Authorization on Rest Route + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a42449f-aef1-42b8-af58-4f4aab7008f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-html-mail/" + google-query: inurl:"/wp-content/plugins/wp-html-mail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-html-mail,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-html-mail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-html-mail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-html-mail-a97999937eba2822f909f308d3c02136.yaml b/nuclei-templates/cve-less/plugins/wp-html-mail-a97999937eba2822f909f308d3c02136.yaml new file mode 100644 index 0000000000..6188174651 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-html-mail-a97999937eba2822f909f308d3c02136.yaml @@ -0,0 +1,58 @@ +id: wp-html-mail-a97999937eba2822f909f308d3c02136 + +info: + name: > + WordPress Email Template Designer < 3.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/532ce349-0f4c-4197-bbbd-1e3dcbd0c9d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-html-mail/" + google-query: inurl:"/wp-content/plugins/wp-html-mail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-html-mail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-html-mail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-html-mail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-html-mail-e6cee718e04226d8b1f750fff9c130ff.yaml b/nuclei-templates/cve-less/plugins/wp-html-mail-e6cee718e04226d8b1f750fff9c130ff.yaml new file mode 100644 index 0000000000..d63a42cf3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-html-mail-e6cee718e04226d8b1f750fff9c130ff.yaml @@ -0,0 +1,58 @@ +id: wp-html-mail-e6cee718e04226d8b1f750fff9c130ff + +info: + name: > + WP HTML Mail <= 3.4.0 - Cross-Site Request Forgery via 'send_test' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dda9aa4a-bac7-4aa1-b0c3-c8e37b1fbe70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-html-mail/" + google-query: inurl:"/wp-content/plugins/wp-html-mail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-html-mail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-html-mail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-html-mail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-html-sitemap-817be9a0bd25037cf51f3d6111fd059e.yaml b/nuclei-templates/cve-less/plugins/wp-html-sitemap-817be9a0bd25037cf51f3d6111fd059e.yaml new file mode 100644 index 0000000000..5ef428e3b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-html-sitemap-817be9a0bd25037cf51f3d6111fd059e.yaml @@ -0,0 +1,58 @@ +id: wp-html-sitemap-817be9a0bd25037cf51f3d6111fd059e + +info: + name: > + WP HTML Sitemap <= 1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e766f735-f5b2-4189-b4b1-40161c5aba8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-html-sitemap/" + google-query: inurl:"/wp-content/plugins/wp-html-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-html-sitemap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-html-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-html-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-htpasswd-f030486cf056eab3637611e650524a05.yaml b/nuclei-templates/cve-less/plugins/wp-htpasswd-f030486cf056eab3637611e650524a05.yaml new file mode 100644 index 0000000000..f2fb2012bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-htpasswd-f030486cf056eab3637611e650524a05.yaml @@ -0,0 +1,58 @@ +id: wp-htpasswd-f030486cf056eab3637611e650524a05 + +info: + name: > + WP htpasswd <= 1.7 - Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36fd8125-f876-49c2-a0bb-4c7ef95b462c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-htpasswd/" + google-query: inurl:"/wp-content/plugins/wp-htpasswd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-htpasswd,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-htpasswd/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-htpasswd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-humanstxt-e4bd7eea0fd05e8e2fe20b6f0c6b7046.yaml b/nuclei-templates/cve-less/plugins/wp-humanstxt-e4bd7eea0fd05e8e2fe20b6f0c6b7046.yaml new file mode 100644 index 0000000000..752c1d3be3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-humanstxt-e4bd7eea0fd05e8e2fe20b6f0c6b7046.yaml @@ -0,0 +1,58 @@ +id: wp-humanstxt-e4bd7eea0fd05e8e2fe20b6f0c6b7046 + +info: + name: > + WP Humans.txt <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/617c850f-8d7b-42d4-ac40-2381c4c6bde6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-humanstxt/" + google-query: inurl:"/wp-content/plugins/wp-humanstxt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-humanstxt,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-humanstxt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-humanstxt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ical-availability-2d9904a0be3734fb0155be062ed61702.yaml b/nuclei-templates/cve-less/plugins/wp-ical-availability-2d9904a0be3734fb0155be062ed61702.yaml new file mode 100644 index 0000000000..1d5973b846 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ical-availability-2d9904a0be3734fb0155be062ed61702.yaml @@ -0,0 +1,58 @@ +id: wp-ical-availability-2d9904a0be3734fb0155be062ed61702 + +info: + name: > + WP iCal Availability <= 1.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc3f1d4e-84f7-4878-8b06-10444caa7dcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ical-availability/" + google-query: inurl:"/wp-content/plugins/wp-ical-availability/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ical-availability,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ical-availability/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ical-availability" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ical-availability-e3f695a2140d0d6b1618f7ffa872601f.yaml b/nuclei-templates/cve-less/plugins/wp-ical-availability-e3f695a2140d0d6b1618f7ffa872601f.yaml new file mode 100644 index 0000000000..abc73970a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ical-availability-e3f695a2140d0d6b1618f7ffa872601f.yaml @@ -0,0 +1,58 @@ +id: wp-ical-availability-e3f695a2140d0d6b1618f7ffa872601f + +info: + name: > + WP iCal Availability <= 1.0.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c38ac30d-95dc-415e-8ea6-507ed87d34db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ical-availability/" + google-query: inurl:"/wp-content/plugins/wp-ical-availability/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ical-availability,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ical-availability/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ical-availability" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-icommerce-f4d44f135652b4f97e23ce29c089eca6.yaml b/nuclei-templates/cve-less/plugins/wp-icommerce-f4d44f135652b4f97e23ce29c089eca6.yaml new file mode 100644 index 0000000000..84f33a6aab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-icommerce-f4d44f135652b4f97e23ce29c089eca6.yaml @@ -0,0 +1,58 @@ +id: wp-icommerce-f4d44f135652b4f97e23ce29c089eca6 + +info: + name: > + WP iCommerce – the first interactive ecommerce for wordpress <= 1.1.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffd44a71-486b-4182-bd91-e31dd06d0d4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-icommerce/" + google-query: inurl:"/wp-content/plugins/wp-icommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-icommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-icommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-icommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-image-carousel-074f8cb869df86a1b6d64a4a39d460b8.yaml b/nuclei-templates/cve-less/plugins/wp-image-carousel-074f8cb869df86a1b6d64a4a39d460b8.yaml new file mode 100644 index 0000000000..dba2d892af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-image-carousel-074f8cb869df86a1b6d64a4a39d460b8.yaml @@ -0,0 +1,58 @@ +id: wp-image-carousel-074f8cb869df86a1b6d64a4a39d460b8 + +info: + name: > + WP Image Carousel WordPress - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f4bb514-80bd-4d66-a60f-0a6a287af5de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-image-carousel/" + google-query: inurl:"/wp-content/plugins/wp-image-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-image-carousel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-image-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-image-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-image-news-slider-2d5c1e4ab0db1f2ad3a139f4145f58ad.yaml b/nuclei-templates/cve-less/plugins/wp-image-news-slider-2d5c1e4ab0db1f2ad3a139f4145f58ad.yaml new file mode 100644 index 0000000000..15e1a0d9bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-image-news-slider-2d5c1e4ab0db1f2ad3a139f4145f58ad.yaml @@ -0,0 +1,58 @@ +id: wp-image-news-slider-2d5c1e4ab0db1f2ad3a139f4145f58ad + +info: + name: > + Image News Slider <= 3.2 - Unspecified Vulnerability + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2735f9a5-3f5b-4eac-a19a-59925c1fe1b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-image-news-slider/" + google-query: inurl:"/wp-content/plugins/wp-image-news-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-image-news-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-image-news-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-image-news-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-image-news-slider-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-image-news-slider-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..182e38ad26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-image-news-slider-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-image-news-slider-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-image-news-slider/" + google-query: inurl:"/wp-content/plugins/wp-image-news-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-image-news-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-image-news-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-image-news-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-image-slideshow-b5617dec0fcbbbc761aa88231d94be83.yaml b/nuclei-templates/cve-less/plugins/wp-image-slideshow-b5617dec0fcbbbc761aa88231d94be83.yaml new file mode 100644 index 0000000000..b090f968c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-image-slideshow-b5617dec0fcbbbc761aa88231d94be83.yaml @@ -0,0 +1,58 @@ +id: wp-image-slideshow-b5617dec0fcbbbc761aa88231d94be83 + +info: + name: > + wp image slideshow <= 12.0 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e24383b-5b0f-4114-908b-4c2778632f73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-image-slideshow/" + google-query: inurl:"/wp-content/plugins/wp-image-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-image-slideshow,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-image-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-image-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-image-zoooom-11ece8e5656573afec625cc63879b1c5.yaml b/nuclei-templates/cve-less/plugins/wp-image-zoooom-11ece8e5656573afec625cc63879b1c5.yaml new file mode 100644 index 0000000000..a7541cef41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-image-zoooom-11ece8e5656573afec625cc63879b1c5.yaml @@ -0,0 +1,58 @@ +id: wp-image-zoooom-11ece8e5656573afec625cc63879b1c5 + +info: + name: > + WP Image Zoom <= 1.23 - Cross-Site Request Forgery to Denial of Service + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/312bb534-2a40-42f1-9a3e-8b1395e1e199?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-image-zoooom/" + google-query: inurl:"/wp-content/plugins/wp-image-zoooom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-image-zoooom,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-image-zoooom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-image-zoooom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-image-zoooom-fdc1c524e165c5f1685c267f450ebcb9.yaml b/nuclei-templates/cve-less/plugins/wp-image-zoooom-fdc1c524e165c5f1685c267f450ebcb9.yaml new file mode 100644 index 0000000000..55cc1927ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-image-zoooom-fdc1c524e165c5f1685c267f450ebcb9.yaml @@ -0,0 +1,58 @@ +id: wp-image-zoooom-fdc1c524e165c5f1685c267f450ebcb9 + +info: + name: > + WP Image Zoom <= 1.46 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee1aab28-e9db-4010-ad46-ad4aec1d5dab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-image-zoooom/" + google-query: inurl:"/wp-content/plugins/wp-image-zoooom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-image-zoooom,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-image-zoooom/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-image-zoooom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.46') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-import-export-lite-5f94fd73fc44e0e8d375d47e5fc1e6c1.yaml b/nuclei-templates/cve-less/plugins/wp-import-export-lite-5f94fd73fc44e0e8d375d47e5fc1e6c1.yaml new file mode 100644 index 0000000000..78c0789af4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-import-export-lite-5f94fd73fc44e0e8d375d47e5fc1e6c1.yaml @@ -0,0 +1,58 @@ +id: wp-import-export-lite-5f94fd73fc44e0e8d375d47e5fc1e6c1 + +info: + name: > + WP Import Export Lite <= 3.9.26 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc6b4a5-ff13-457f-9e06-de15e8cb5510?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-import-export-lite/" + google-query: inurl:"/wp-content/plugins/wp-import-export-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-import-export-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-import-export-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-import-export-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-import-export-lite-a9b4271e0f7289a56cd0261063f73943.yaml b/nuclei-templates/cve-less/plugins/wp-import-export-lite-a9b4271e0f7289a56cd0261063f73943.yaml new file mode 100644 index 0000000000..f2e6fb0dc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-import-export-lite-a9b4271e0f7289a56cd0261063f73943.yaml @@ -0,0 +1,58 @@ +id: wp-import-export-lite-a9b4271e0f7289a56cd0261063f73943 + +info: + name: > + WP Import Export Lite & WP Import Export <= 3.9.15 - Unauthenticated Sensitive Data Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c9cbe99-699a-4812-a8ae-aefd2b1e2c00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-import-export-lite/" + google-query: inurl:"/wp-content/plugins/wp-import-export-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-import-export-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-import-export-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-import-export-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-inject-807cd0a33bfd97782e746e860be1d566.yaml b/nuclei-templates/cve-less/plugins/wp-inject-807cd0a33bfd97782e746e860be1d566.yaml new file mode 100644 index 0000000000..0508ab09a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-inject-807cd0a33bfd97782e746e860be1d566.yaml @@ -0,0 +1,58 @@ +id: wp-inject-807cd0a33bfd97782e746e860be1d566 + +info: + name: > + ImageInject <= 1.15 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bdb68bc-b773-4537-98dd-c54ffa5309c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-inject/" + google-query: inurl:"/wp-content/plugins/wp-inject/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-inject,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-inject/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-inject" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-inject-9741c51413af2327faa27cd2e2fade6e.yaml b/nuclei-templates/cve-less/plugins/wp-inject-9741c51413af2327faa27cd2e2fade6e.yaml new file mode 100644 index 0000000000..46dfad3d4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-inject-9741c51413af2327faa27cd2e2fade6e.yaml @@ -0,0 +1,58 @@ +id: wp-inject-9741c51413af2327faa27cd2e2fade6e + +info: + name: > + ImageInject <= 1.18 - Authenticated (Admin+) Stored XSS + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3dd3b5e-b0df-45b0-b42d-eaea765f3193?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-inject/" + google-query: inurl:"/wp-content/plugins/wp-inject/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-inject,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-inject/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-inject" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-inject-eaace189d52939bb1c67d181a1aa5e03.yaml b/nuclei-templates/cve-less/plugins/wp-inject-eaace189d52939bb1c67d181a1aa5e03.yaml new file mode 100644 index 0000000000..16e372d3d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-inject-eaace189d52939bb1c67d181a1aa5e03.yaml @@ -0,0 +1,58 @@ +id: wp-inject-eaace189d52939bb1c67d181a1aa5e03 + +info: + name: > + ImageInject <= 1.15 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb38d3bc-ae82-40ef-b20d-525d51432b1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-inject/" + google-query: inurl:"/wp-content/plugins/wp-inject/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-inject,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-inject/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-inject" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-insert-6cca6746a9736e02869580a9ebe96b4c.yaml b/nuclei-templates/cve-less/plugins/wp-insert-6cca6746a9736e02869580a9ebe96b4c.yaml new file mode 100644 index 0000000000..1677c347db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-insert-6cca6746a9736e02869580a9ebe96b4c.yaml @@ -0,0 +1,58 @@ +id: wp-insert-6cca6746a9736e02869580a9ebe96b4c + +info: + name: > + Wp-Insert <= 2.4.2 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2df89ab9-5cc2-46cb-99b2-bc864e960a35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-insert/" + google-query: inurl:"/wp-content/plugins/wp-insert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-insert,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-insert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-insert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-insert-c33e053383feb22bc4a0a09a68717fb4.yaml b/nuclei-templates/cve-less/plugins/wp-insert-c33e053383feb22bc4a0a09a68717fb4.yaml new file mode 100644 index 0000000000..1dc1bb3431 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-insert-c33e053383feb22bc4a0a09a68717fb4.yaml @@ -0,0 +1,58 @@ +id: wp-insert-c33e053383feb22bc4a0a09a68717fb4 + +info: + name: > + Wp-Insert <= 2.5.0 Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f607b33a-58ef-4526-9ca1-aaa444aa12bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-insert/" + google-query: inurl:"/wp-content/plugins/wp-insert/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-insert,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-insert/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-insert" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-instagram-bank-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/wp-instagram-bank-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..e893c795b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-instagram-bank-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: wp-instagram-bank-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-instagram-bank/" + google-query: inurl:"/wp-content/plugins/wp-instagram-bank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-instagram-bank,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-instagram-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-instagram-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-instance-rename-cfe80c2324444169a4424a703a8b6196.yaml b/nuclei-templates/cve-less/plugins/wp-instance-rename-cfe80c2324444169a4424a703a8b6196.yaml new file mode 100644 index 0000000000..cde2875f6f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-instance-rename-cfe80c2324444169a4424a703a8b6196.yaml @@ -0,0 +1,58 @@ +id: wp-instance-rename-cfe80c2324444169a4424a703a8b6196 + +info: + name: > + WordPress Renaming Tool by Vlajo <= 1.0 - Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20140f76-b369-4191-bfd1-0f508112ce0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-instance-rename/" + google-query: inurl:"/wp-content/plugins/wp-instance-rename/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-instance-rename,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-instance-rename/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-instance-rename" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-insurance-be2ba6e35694514824b8df64e723158d.yaml b/nuclei-templates/cve-less/plugins/wp-insurance-be2ba6e35694514824b8df64e723158d.yaml new file mode 100644 index 0000000000..d382deef39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-insurance-be2ba6e35694514824b8df64e723158d.yaml @@ -0,0 +1,58 @@ +id: wp-insurance-be2ba6e35694514824b8df64e723158d + +info: + name: > + WP Insurance – WordPress Insurance Service Plugin <= 2.1.3 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37264b0f-b021-41f8-a72d-3ee0d06b19a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-insurance/" + google-query: inurl:"/wp-content/plugins/wp-insurance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-insurance,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-insurance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-insurance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-integrator-ef0c35cfc8264d312ebd8c7577e88c19.yaml b/nuclei-templates/cve-less/plugins/wp-integrator-ef0c35cfc8264d312ebd8c7577e88c19.yaml new file mode 100644 index 0000000000..38a4be9af5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-integrator-ef0c35cfc8264d312ebd8c7577e88c19.yaml @@ -0,0 +1,58 @@ +id: wp-integrator-ef0c35cfc8264d312ebd8c7577e88c19 + +info: + name: > + WordPress Integrator <= 1.32 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/615efe27-3f3f-4d99-ba8d-a575608121c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-integrator/" + google-query: inurl:"/wp-content/plugins/wp-integrator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-integrator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-integrator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-integrator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-intercom-slack-280619c8c575de4aa0faedb1d7908342.yaml b/nuclei-templates/cve-less/plugins/wp-intercom-slack-280619c8c575de4aa0faedb1d7908342.yaml new file mode 100644 index 0000000000..83468d6ef0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-intercom-slack-280619c8c575de4aa0faedb1d7908342.yaml @@ -0,0 +1,58 @@ +id: wp-intercom-slack-280619c8c575de4aa0faedb1d7908342 + +info: + name: > + WP Intercom Slack <= 1.2.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ca30fef-a014-4d19-b9f8-c51db512795b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-intercom-slack/" + google-query: inurl:"/wp-content/plugins/wp-intercom-slack/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-intercom-slack,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-intercom-slack/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-intercom-slack" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-inventory-manager-363c3c176ac2ef6391bdaf79f83140e3.yaml b/nuclei-templates/cve-less/plugins/wp-inventory-manager-363c3c176ac2ef6391bdaf79f83140e3.yaml new file mode 100644 index 0000000000..b360ecaba6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-inventory-manager-363c3c176ac2ef6391bdaf79f83140e3.yaml @@ -0,0 +1,58 @@ +id: wp-inventory-manager-363c3c176ac2ef6391bdaf79f83140e3 + +info: + name: > + WP Inventory Manager <= 2.1.0.12 - Reflected Cross-Site Scripting via 'message' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b168045-9b68-43a7-89ce-d00a88bf8acd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-inventory-manager/" + google-query: inurl:"/wp-content/plugins/wp-inventory-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-inventory-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-inventory-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-inventory-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-inventory-manager-52c7fb159214201f2c95219274f70ec6.yaml b/nuclei-templates/cve-less/plugins/wp-inventory-manager-52c7fb159214201f2c95219274f70ec6.yaml new file mode 100644 index 0000000000..0cdb004950 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-inventory-manager-52c7fb159214201f2c95219274f70ec6.yaml @@ -0,0 +1,58 @@ +id: wp-inventory-manager-52c7fb159214201f2c95219274f70ec6 + +info: + name: > + WP Inventory Manager <= 2.1.0.13 - Cross-Site Request Forgery via delete_item + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95986a4d-94fb-4afe-ba1e-382d6f4c550f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-inventory-manager/" + google-query: inurl:"/wp-content/plugins/wp-inventory-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-inventory-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-inventory-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-inventory-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-inventory-manager-d6fda2db9aef5ee17aff3a1a9d5aae26.yaml b/nuclei-templates/cve-less/plugins/wp-inventory-manager-d6fda2db9aef5ee17aff3a1a9d5aae26.yaml new file mode 100644 index 0000000000..1a5e4eae5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-inventory-manager-d6fda2db9aef5ee17aff3a1a9d5aae26.yaml @@ -0,0 +1,58 @@ +id: wp-inventory-manager-d6fda2db9aef5ee17aff3a1a9d5aae26 + +info: + name: > + WP Inventory Manager <= 2.1.0.11 - Reflected Cross-Site Scripting via 'message' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/363ece80-1fa6-4019-84c9-e0a65f02625d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-inventory-manager/" + google-query: inurl:"/wp-content/plugins/wp-inventory-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-inventory-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-inventory-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-inventory-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-inventory-manager-da8ea76dfd26f4abbbdb294a05baca1e.yaml b/nuclei-templates/cve-less/plugins/wp-inventory-manager-da8ea76dfd26f4abbbdb294a05baca1e.yaml new file mode 100644 index 0000000000..c7949ab640 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-inventory-manager-da8ea76dfd26f4abbbdb294a05baca1e.yaml @@ -0,0 +1,58 @@ +id: wp-inventory-manager-da8ea76dfd26f4abbbdb294a05baca1e + +info: + name: > + WP Inventory Manager <= 2.1.0.13 - Cross-Site Request Forgery via delete_item + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d51f0230-b85c-4c2d-9fa0-e68b52e51c76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-inventory-manager/" + google-query: inurl:"/wp-content/plugins/wp-inventory-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-inventory-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-inventory-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-inventory-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-invoice-57a112bd1c50a2fbcdf02a29f1461095.yaml b/nuclei-templates/cve-less/plugins/wp-invoice-57a112bd1c50a2fbcdf02a29f1461095.yaml new file mode 100644 index 0000000000..e2f6c365e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-invoice-57a112bd1c50a2fbcdf02a29f1461095.yaml @@ -0,0 +1,58 @@ +id: wp-invoice-57a112bd1c50a2fbcdf02a29f1461095 + +info: + name: > + WP-Invoice – Web Invoice and Billing <= 4.1.0 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/def28d93-744f-4232-b745-8430d466b9fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-invoice/" + google-query: inurl:"/wp-content/plugins/wp-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-invoice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-invoice-68ccb9bcad04a1c6dd8014a68d2d5fe9.yaml b/nuclei-templates/cve-less/plugins/wp-invoice-68ccb9bcad04a1c6dd8014a68d2d5fe9.yaml new file mode 100644 index 0000000000..51fd47c2c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-invoice-68ccb9bcad04a1c6dd8014a68d2d5fe9.yaml @@ -0,0 +1,58 @@ +id: wp-invoice-68ccb9bcad04a1c6dd8014a68d2d5fe9 + +info: + name: > + WP-Invoice – Web Invoice and Billing <= 4.1.0 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57ed9593-787c-41c0-abad-c70459e1d128?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-invoice/" + google-query: inurl:"/wp-content/plugins/wp-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-invoice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-invoice-7137b8fac252650babdfc2fa8502b307.yaml b/nuclei-templates/cve-less/plugins/wp-invoice-7137b8fac252650babdfc2fa8502b307.yaml new file mode 100644 index 0000000000..f618c1644e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-invoice-7137b8fac252650babdfc2fa8502b307.yaml @@ -0,0 +1,58 @@ +id: wp-invoice-7137b8fac252650babdfc2fa8502b307 + +info: + name: > + WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/965107bd-e1ee-4a0c-af9e-bdd765d3eab5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-invoice/" + google-query: inurl:"/wp-content/plugins/wp-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-invoice,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-invoice-875ad9422b6c5059d922fea2bec00a1f.yaml b/nuclei-templates/cve-less/plugins/wp-invoice-875ad9422b6c5059d922fea2bec00a1f.yaml new file mode 100644 index 0000000000..84e7617ed3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-invoice-875ad9422b6c5059d922fea2bec00a1f.yaml @@ -0,0 +1,58 @@ +id: wp-invoice-875ad9422b6c5059d922fea2bec00a1f + +info: + name: > + WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ffdcc0f-8214-4056-abe1-926ed255e9f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-invoice/" + google-query: inurl:"/wp-content/plugins/wp-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-invoice,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-invoice-891def7bec49bf5ec54dedc52d9240f9.yaml b/nuclei-templates/cve-less/plugins/wp-invoice-891def7bec49bf5ec54dedc52d9240f9.yaml new file mode 100644 index 0000000000..73946cca4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-invoice-891def7bec49bf5ec54dedc52d9240f9.yaml @@ -0,0 +1,58 @@ +id: wp-invoice-891def7bec49bf5ec54dedc52d9240f9 + +info: + name: > + WP-Invoice – Web Invoice and Billing <= 4.1.0 - Unauthorized Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10ed13e9-f196-47cc-9e45-a7646444cc5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-invoice/" + google-query: inurl:"/wp-content/plugins/wp-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-invoice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-invoice-916c5b9976a17729e06d1b6fb0458ebf.yaml b/nuclei-templates/cve-less/plugins/wp-invoice-916c5b9976a17729e06d1b6fb0458ebf.yaml new file mode 100644 index 0000000000..d73fb734ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-invoice-916c5b9976a17729e06d1b6fb0458ebf.yaml @@ -0,0 +1,58 @@ +id: wp-invoice-916c5b9976a17729e06d1b6fb0458ebf + +info: + name: > + WP-Invoice – Web Invoice and Billing <= 4.1.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e036fd56-c13f-486d-acae-66378426d380?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-invoice/" + google-query: inurl:"/wp-content/plugins/wp-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-invoice,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-job-manager-a866bf8732fbf685f3dd9ae8b9f07dfa.yaml b/nuclei-templates/cve-less/plugins/wp-job-manager-a866bf8732fbf685f3dd9ae8b9f07dfa.yaml new file mode 100644 index 0000000000..3fc6d08e93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-job-manager-a866bf8732fbf685f3dd9ae8b9f07dfa.yaml @@ -0,0 +1,58 @@ +id: wp-job-manager-a866bf8732fbf685f3dd9ae8b9f07dfa + +info: + name: > + WP Job Manager <= 2.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69430e1a-db2f-4715-84aa-5a1dfd712180?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-job-manager/" + google-query: inurl:"/wp-content/plugins/wp-job-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-job-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-job-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-job-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-job-manager-ab18ce3ab5c885047a8f794ed3023e87.yaml b/nuclei-templates/cve-less/plugins/wp-job-manager-ab18ce3ab5c885047a8f794ed3023e87.yaml new file mode 100644 index 0000000000..1f8f07548b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-job-manager-ab18ce3ab5c885047a8f794ed3023e87.yaml @@ -0,0 +1,58 @@ +id: wp-job-manager-ab18ce3ab5c885047a8f794ed3023e87 + +info: + name: > + WP Job Manager <= 2.0.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b1af76a-3836-4527-9ea6-8bffa173a84e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-job-manager/" + google-query: inurl:"/wp-content/plugins/wp-job-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-job-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-job-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-job-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-job-openings-e0b60cc25d6815b825cf11a25f942d5d.yaml b/nuclei-templates/cve-less/plugins/wp-job-openings-e0b60cc25d6815b825cf11a25f942d5d.yaml new file mode 100644 index 0000000000..e3f72d3d2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-job-openings-e0b60cc25d6815b825cf11a25f942d5d.yaml @@ -0,0 +1,58 @@ +id: wp-job-openings-e0b60cc25d6815b825cf11a25f942d5d + +info: + name: > + WP Job Openings <= 3.4.2 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/334be95c-438a-4e03-9ee4-9a6d2c2fa5f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-job-openings/" + google-query: inurl:"/wp-content/plugins/wp-job-openings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-job-openings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-job-openings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-job-openings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-job-portal-549d5bc8afbc0ac7d09fc136717ff89d.yaml b/nuclei-templates/cve-less/plugins/wp-job-portal-549d5bc8afbc0ac7d09fc136717ff89d.yaml new file mode 100644 index 0000000000..fdce62fd0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-job-portal-549d5bc8afbc0ac7d09fc136717ff89d.yaml @@ -0,0 +1,58 @@ +id: wp-job-portal-549d5bc8afbc0ac7d09fc136717ff89d + +info: + name: > + WP Job Portal <= 2.0.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d68d2144-96b9-482e-9791-c3506661596e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-job-portal/" + google-query: inurl:"/wp-content/plugins/wp-job-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-job-portal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-job-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-job-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-job-portal-965d1bb3ea0dc7dd2bd7703dedecb0bb.yaml b/nuclei-templates/cve-less/plugins/wp-job-portal-965d1bb3ea0dc7dd2bd7703dedecb0bb.yaml new file mode 100644 index 0000000000..52a13d6622 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-job-portal-965d1bb3ea0dc7dd2bd7703dedecb0bb.yaml @@ -0,0 +1,58 @@ +id: wp-job-portal-965d1bb3ea0dc7dd2bd7703dedecb0bb + +info: + name: > + WP Job Portal <= 2.0.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0aa1fad-1ff4-4bc5-a584-99b528470990?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-job-portal/" + google-query: inurl:"/wp-content/plugins/wp-job-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-job-portal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-job-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-job-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-job-portal-a5de647c0bebb3ff3775ad99edcea819.yaml b/nuclei-templates/cve-less/plugins/wp-job-portal-a5de647c0bebb3ff3775ad99edcea819.yaml new file mode 100644 index 0000000000..af5bda06f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-job-portal-a5de647c0bebb3ff3775ad99edcea819.yaml @@ -0,0 +1,58 @@ +id: wp-job-portal-a5de647c0bebb3ff3775ad99edcea819 + +info: + name: > + WP Job Portal <= 2.0.1 - Missing Authorization to Settings Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ce039db-b597-4bbf-8067-933a262ae1b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-job-portal/" + google-query: inurl:"/wp-content/plugins/wp-job-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-job-portal,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-job-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-job-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-job-portal-f2a0a0a17a439c3fab0b66d207898f19.yaml b/nuclei-templates/cve-less/plugins/wp-job-portal-f2a0a0a17a439c3fab0b66d207898f19.yaml new file mode 100644 index 0000000000..6a574103de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-job-portal-f2a0a0a17a439c3fab0b66d207898f19.yaml @@ -0,0 +1,58 @@ +id: wp-job-portal-f2a0a0a17a439c3fab0b66d207898f19 + +info: + name: > + WP Job Portal <= 2.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f11ea6b2-1225-42a5-aa7b-260315d0bec5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-job-portal/" + google-query: inurl:"/wp-content/plugins/wp-job-portal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-job-portal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-job-portal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-job-portal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-jobhunt-8605cf70b09f39b80921d3235eaa5a54.yaml b/nuclei-templates/cve-less/plugins/wp-jobhunt-8605cf70b09f39b80921d3235eaa5a54.yaml new file mode 100644 index 0000000000..f89fda2f8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-jobhunt-8605cf70b09f39b80921d3235eaa5a54.yaml @@ -0,0 +1,58 @@ +id: wp-jobhunt-8605cf70b09f39b80921d3235eaa5a54 + +info: + name: > + JobCareer | Job Board Responsive WordPress Theme < 2.4 - User Enumeration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3c515e2-dc69-4686-b60f-413542bf2118?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobhunt/" + google-query: inurl:"/wp-content/plugins/wp-jobhunt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobhunt,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobhunt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobhunt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-jobhunt-8b266025d0f3695c542ad07de2e9b34c.yaml b/nuclei-templates/cve-less/plugins/wp-jobhunt-8b266025d0f3695c542ad07de2e9b34c.yaml new file mode 100644 index 0000000000..a72c5d3985 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-jobhunt-8b266025d0f3695c542ad07de2e9b34c.yaml @@ -0,0 +1,58 @@ +id: wp-jobhunt-8b266025d0f3695c542ad07de2e9b34c + +info: + name: > + JobCareer | Job Board Responsive WordPress Theme < 2.4 - Unauthenticated Arbitrary Password Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acbea2eb-fa87-4117-b347-049c819599c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobhunt/" + google-query: inurl:"/wp-content/plugins/wp-jobhunt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobhunt,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobhunt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobhunt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-jobs-1a1e231870f2d36ae969bc3201047b95.yaml b/nuclei-templates/cve-less/plugins/wp-jobs-1a1e231870f2d36ae969bc3201047b95.yaml new file mode 100644 index 0000000000..73ef372cf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-jobs-1a1e231870f2d36ae969bc3201047b95.yaml @@ -0,0 +1,58 @@ +id: wp-jobs-1a1e231870f2d36ae969bc3201047b95 + +info: + name: > + WP Jobs < 1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66ed3f4d-1977-487a-942e-3dd599586957?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobs/" + google-query: inurl:"/wp-content/plugins/wp-jobs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-jobs-b2a0f64728c134eb1a214207f2b340c0.yaml b/nuclei-templates/cve-less/plugins/wp-jobs-b2a0f64728c134eb1a214207f2b340c0.yaml new file mode 100644 index 0000000000..b6bf8e301a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-jobs-b2a0f64728c134eb1a214207f2b340c0.yaml @@ -0,0 +1,58 @@ +id: wp-jobs-b2a0f64728c134eb1a214207f2b340c0 + +info: + name: > + WP Jobs < 1.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/921489e9-a083-47b3-a20d-e2566b51d8d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobs/" + google-query: inurl:"/wp-content/plugins/wp-jobs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobs,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-jobsearch-0b45e780227d592e1f06fb820f3146b8.yaml b/nuclei-templates/cve-less/plugins/wp-jobsearch-0b45e780227d592e1f06fb820f3146b8.yaml new file mode 100644 index 0000000000..6dcb5ca08a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-jobsearch-0b45e780227d592e1f06fb820f3146b8.yaml @@ -0,0 +1,58 @@ +id: wp-jobsearch-0b45e780227d592e1f06fb820f3146b8 + +info: + name: > + WP JobSearch <= 2.3.3 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71cc804f-6146-4594-8e7a-854754a1ff20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobsearch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-jobsearch-91fa130b7c3ea6431b231102505db7d5.yaml b/nuclei-templates/cve-less/plugins/wp-jobsearch-91fa130b7c3ea6431b231102505db7d5.yaml new file mode 100644 index 0000000000..ad23d571cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-jobsearch-91fa130b7c3ea6431b231102505db7d5.yaml @@ -0,0 +1,58 @@ +id: wp-jobsearch-91fa130b7c3ea6431b231102505db7d5 + +info: + name: > + JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Settings Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59170f0a-975e-487c-bdb0-585c802b3127?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobsearch,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-jobsearch-a75fd23fc24c5b8e6f032ef260fd0fc8.yaml b/nuclei-templates/cve-less/plugins/wp-jobsearch-a75fd23fc24c5b8e6f032ef260fd0fc8.yaml new file mode 100644 index 0000000000..e67ba40cdf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-jobsearch-a75fd23fc24c5b8e6f032ef260fd0fc8.yaml @@ -0,0 +1,58 @@ +id: wp-jobsearch-a75fd23fc24c5b8e6f032ef260fd0fc8 + +info: + name: > + WP JobSearch <= 2.3.3 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f66d7-ba47-4b7b-9b94-ea4459cf6233?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobsearch,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-jobsearch-a7b8efd454ece6d5c8233c73f0d61099.yaml b/nuclei-templates/cve-less/plugins/wp-jobsearch-a7b8efd454ece6d5c8233c73f0d61099.yaml new file mode 100644 index 0000000000..316adf7274 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-jobsearch-a7b8efd454ece6d5c8233c73f0d61099.yaml @@ -0,0 +1,58 @@ +id: wp-jobsearch-a7b8efd454ece6d5c8233c73f0d61099 + +info: + name: > + JobSearch WP Job Board <= 1.8.1 - Missing Authorization to Arbitrary Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/839a0cc0-a656-4107-a748-4ad85e950237?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobsearch,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-jobsearch-a81ba5cd5b7c78f82a652995b8b78367.yaml b/nuclei-templates/cve-less/plugins/wp-jobsearch-a81ba5cd5b7c78f82a652995b8b78367.yaml new file mode 100644 index 0000000000..5de5d8fc81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-jobsearch-a81ba5cd5b7c78f82a652995b8b78367.yaml @@ -0,0 +1,58 @@ +id: wp-jobsearch-a81ba5cd5b7c78f82a652995b8b78367 + +info: + name: > + JobSearch WP Job Board < = 1.8.1 - Missing Authorization on jobsearch_update_job_import_schedule_call() function + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9114018f-0678-4973-bb1e-932f0d93f963?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jobsearch/" + google-query: inurl:"/wp-content/plugins/wp-jobsearch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jobsearch,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jobsearch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jobsearch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-js-6c30c87bb2fee4db66c7047f9fb31811.yaml b/nuclei-templates/cve-less/plugins/wp-js-6c30c87bb2fee4db66c7047f9fb31811.yaml new file mode 100644 index 0000000000..7d2ea51828 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-js-6c30c87bb2fee4db66c7047f9fb31811.yaml @@ -0,0 +1,58 @@ +id: wp-js-6c30c87bb2fee4db66c7047f9fb31811 + +info: + name: > + WP JS <= 2.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ab82117-73dd-4257-8dfc-01dadcc3a83f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-js/" + google-query: inurl:"/wp-content/plugins/wp-js/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-js,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-js/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-js" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-jump-menu-9a1755a05c804d6305bb91e5146a62c4.yaml b/nuclei-templates/cve-less/plugins/wp-jump-menu-9a1755a05c804d6305bb91e5146a62c4.yaml new file mode 100644 index 0000000000..fe0be62408 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-jump-menu-9a1755a05c804d6305bb91e5146a62c4.yaml @@ -0,0 +1,58 @@ +id: wp-jump-menu-9a1755a05c804d6305bb91e5146a62c4 + +info: + name: > + WP Jump Menu <= 3.6.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d34c665-e99c-408e-b7ab-d08a1a51c6c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-jump-menu/" + google-query: inurl:"/wp-content/plugins/wp-jump-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-jump-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-jump-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-jump-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-knowledgebase-fe2e1db48888e950bcc3a91fea1678a4.yaml b/nuclei-templates/cve-less/plugins/wp-knowledgebase-fe2e1db48888e950bcc3a91fea1678a4.yaml new file mode 100644 index 0000000000..c4db2989ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-knowledgebase-fe2e1db48888e950bcc3a91fea1678a4.yaml @@ -0,0 +1,58 @@ +id: wp-knowledgebase-fe2e1db48888e950bcc3a91fea1678a4 + +info: + name: > + WP Knowledgebase <= 1.3.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa5ee133-e38a-4dfe-975c-f194aa6e90b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-knowledgebase/" + google-query: inurl:"/wp-content/plugins/wp-knowledgebase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-knowledgebase,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-knowledgebase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-knowledgebase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-latest-posts-2f5edb5bb8d4702a159f34742943af0d.yaml b/nuclei-templates/cve-less/plugins/wp-latest-posts-2f5edb5bb8d4702a159f34742943af0d.yaml new file mode 100644 index 0000000000..02b29e21d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-latest-posts-2f5edb5bb8d4702a159f34742943af0d.yaml @@ -0,0 +1,58 @@ +id: wp-latest-posts-2f5edb5bb8d4702a159f34742943af0d + +info: + name: > + WP Latest Posts <= 5.0.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57d90ba7-b655-4655-981c-548ff96c3bb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-latest-posts/" + google-query: inurl:"/wp-content/plugins/wp-latest-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-latest-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-latest-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-latest-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-latest-posts-ebb04d83edca666591b8c2ebf9b4b8bd.yaml b/nuclei-templates/cve-less/plugins/wp-latest-posts-ebb04d83edca666591b8c2ebf9b4b8bd.yaml new file mode 100644 index 0000000000..61a02f6f84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-latest-posts-ebb04d83edca666591b8c2ebf9b4b8bd.yaml @@ -0,0 +1,58 @@ +id: wp-latest-posts-ebb04d83edca666591b8c2ebf9b4b8bd + +info: + name: > + WP Latest Posts <= 3.7.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/942aad86-787e-4c25-a98b-9b7fe64aec23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-latest-posts/" + google-query: inurl:"/wp-content/plugins/wp-latest-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-latest-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-latest-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-latest-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-letsencrypt-ssl-f5a7556a27575fd8d1312f715924210f.yaml b/nuclei-templates/cve-less/plugins/wp-letsencrypt-ssl-f5a7556a27575fd8d1312f715924210f.yaml new file mode 100644 index 0000000000..42d8172e3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-letsencrypt-ssl-f5a7556a27575fd8d1312f715924210f.yaml @@ -0,0 +1,58 @@ +id: wp-letsencrypt-ssl-f5a7556a27575fd8d1312f715924210f + +info: + name: > + WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score <= 7.0 - Sensitive Information Exposure via insufficiently protected files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ab99751-24b7-41db-8a27-d86eda3eeee5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-letsencrypt-ssl/" + google-query: inurl:"/wp-content/plugins/wp-letsencrypt-ssl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-letsencrypt-ssl,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-letsencrypt-ssl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-letsencrypt-ssl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-levoslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-levoslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..dcf2617f88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-levoslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-levoslideshow-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-levoslideshow/" + google-query: inurl:"/wp-content/plugins/wp-levoslideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-levoslideshow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-levoslideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-levoslideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-lightbox-2-9d391b643840d9b9d7ead6e546f2d7b1.yaml b/nuclei-templates/cve-less/plugins/wp-lightbox-2-9d391b643840d9b9d7ead6e546f2d7b1.yaml new file mode 100644 index 0000000000..8815fc119c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-lightbox-2-9d391b643840d9b9d7ead6e546f2d7b1.yaml @@ -0,0 +1,58 @@ +id: wp-lightbox-2-9d391b643840d9b9d7ead6e546f2d7b1 + +info: + name: > + WP Lightbox 2 <= 3.0.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ef104ae-b67c-4669-adeb-e5397561c0ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-lightbox-2/" + google-query: inurl:"/wp-content/plugins/wp-lightbox-2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-lightbox-2,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-lightbox-2/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-lightbox-2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-like-button-00aa1f64cb2e6c80b8a5546f8e6d1be0.yaml b/nuclei-templates/cve-less/plugins/wp-like-button-00aa1f64cb2e6c80b8a5546f8e6d1be0.yaml new file mode 100644 index 0000000000..2467c5c222 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-like-button-00aa1f64cb2e6c80b8a5546f8e6d1be0.yaml @@ -0,0 +1,58 @@ +id: wp-like-button-00aa1f64cb2e6c80b8a5546f8e6d1be0 + +info: + name: > + WP Like Button <= 1.7.0 - Missing Authorization via crublabFBLBAjax + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da550fd7-3c1a-4b07-afc0-2366e0f5cccd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-like-button/" + google-query: inurl:"/wp-content/plugins/wp-like-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-like-button,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-like-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-like-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-like-button-d25b2870a2ba1a71b2f08074d958c754.yaml b/nuclei-templates/cve-less/plugins/wp-like-button-d25b2870a2ba1a71b2f08074d958c754.yaml new file mode 100644 index 0000000000..5774c4345b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-like-button-d25b2870a2ba1a71b2f08074d958c754.yaml @@ -0,0 +1,58 @@ +id: wp-like-button-d25b2870a2ba1a71b2f08074d958c754 + +info: + name: > + WP Like Button <= 1.6.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6d054e4-0ef7-401d-9d81-24cc0f875432?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-like-button/" + google-query: inurl:"/wp-content/plugins/wp-like-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-like-button,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-like-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-like-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-like-button-d4b7dbaa3f20ba708731c645b0814aa7.yaml b/nuclei-templates/cve-less/plugins/wp-like-button-d4b7dbaa3f20ba708731c645b0814aa7.yaml new file mode 100644 index 0000000000..f93921e2ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-like-button-d4b7dbaa3f20ba708731c645b0814aa7.yaml @@ -0,0 +1,58 @@ +id: wp-like-button-d4b7dbaa3f20ba708731c645b0814aa7 + +info: + name: > + WP Like Button <= 1.6.11 - Cross-Site Request Forgery via 'saveData' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/989836fc-a15d-4424-be0e-348e1acc7466?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-like-button/" + google-query: inurl:"/wp-content/plugins/wp-like-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-like-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-like-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-like-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-limit-failed-login-attempts-6a540f27193664ae64c1c9c67379218b.yaml b/nuclei-templates/cve-less/plugins/wp-limit-failed-login-attempts-6a540f27193664ae64c1c9c67379218b.yaml new file mode 100644 index 0000000000..022e5874f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-limit-failed-login-attempts-6a540f27193664ae64c1c9c67379218b.yaml @@ -0,0 +1,58 @@ +id: wp-limit-failed-login-attempts-6a540f27193664ae64c1c9c67379218b + +info: + name: > + Limit Login Attempts (Spam Protection) <= 2.8 - Missing Authorization to Arbitrary Plugin Installation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da24aad2-ae6b-411e-a229-0df585215731?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-limit-failed-login-attempts/" + google-query: inurl:"/wp-content/plugins/wp-limit-failed-login-attempts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-limit-failed-login-attempts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-limit-failed-login-attempts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-limit-failed-login-attempts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-limit-failed-login-attempts-a7118940def94872d54ec018ff1c6fc1.yaml b/nuclei-templates/cve-less/plugins/wp-limit-failed-login-attempts-a7118940def94872d54ec018ff1c6fc1.yaml new file mode 100644 index 0000000000..c4e524d5bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-limit-failed-login-attempts-a7118940def94872d54ec018ff1c6fc1.yaml @@ -0,0 +1,58 @@ +id: wp-limit-failed-login-attempts-a7118940def94872d54ec018ff1c6fc1 + +info: + name: > + Limit Login Attempts (Spam Protection) <= 4.9.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49ea8af1-7171-4498-bfb0-bb3cbd72e6f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-limit-failed-login-attempts/" + google-query: inurl:"/wp-content/plugins/wp-limit-failed-login-attempts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-limit-failed-login-attempts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-limit-failed-login-attempts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-limit-failed-login-attempts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-limit-login-attempts-6811a32eecdf5ce987fe449d57d50384.yaml b/nuclei-templates/cve-less/plugins/wp-limit-login-attempts-6811a32eecdf5ce987fe449d57d50384.yaml new file mode 100644 index 0000000000..1a071dd4d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-limit-login-attempts-6811a32eecdf5ce987fe449d57d50384.yaml @@ -0,0 +1,58 @@ +id: wp-limit-login-attempts-6811a32eecdf5ce987fe449d57d50384 + +info: + name: > + WP Limit Login Attempts < 2.0.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db7234a1-e888-454d-8a1c-4de19c4cbec4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-limit-login-attempts/" + google-query: inurl:"/wp-content/plugins/wp-limit-login-attempts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-limit-login-attempts,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-limit-login-attempts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-limit-login-attempts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-limit-login-attempts-b0713874d1e1aea3108651f256578abe.yaml b/nuclei-templates/cve-less/plugins/wp-limit-login-attempts-b0713874d1e1aea3108651f256578abe.yaml new file mode 100644 index 0000000000..0675990447 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-limit-login-attempts-b0713874d1e1aea3108651f256578abe.yaml @@ -0,0 +1,58 @@ +id: wp-limit-login-attempts-b0713874d1e1aea3108651f256578abe + +info: + name: > + WP Limit Login Attempts <= 2.6.4 - IP Spoofing to Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef60c109-30e2-48e9-8599-6f226e74b6bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-limit-login-attempts/" + google-query: inurl:"/wp-content/plugins/wp-limit-login-attempts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-limit-login-attempts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-limit-login-attempts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-limit-login-attempts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-limit-posts-automatically-fe81b0cd67440d8b6f9d1a6ebbe2565c.yaml b/nuclei-templates/cve-less/plugins/wp-limit-posts-automatically-fe81b0cd67440d8b6f9d1a6ebbe2565c.yaml new file mode 100644 index 0000000000..f45949176c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-limit-posts-automatically-fe81b0cd67440d8b6f9d1a6ebbe2565c.yaml @@ -0,0 +1,58 @@ +id: wp-limit-posts-automatically-fe81b0cd67440d8b6f9d1a6ebbe2565c + +info: + name: > + WP Limit Posts Automatically <= 0.7 - Cross-Site Request Forgery leading to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee03ca88-97c1-45b0-a9d9-1ed57e124f13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-limit-posts-automatically/" + google-query: inurl:"/wp-content/plugins/wp-limit-posts-automatically/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-limit-posts-automatically,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-limit-posts-automatically/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-limit-posts-automatically" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-limits-f3e27a924e055b88af7811293412cc67.yaml b/nuclei-templates/cve-less/plugins/wp-limits-f3e27a924e055b88af7811293412cc67.yaml new file mode 100644 index 0000000000..178e75e195 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-limits-f3e27a924e055b88af7811293412cc67.yaml @@ -0,0 +1,58 @@ +id: wp-limits-f3e27a924e055b88af7811293412cc67 + +info: + name: > + Wp Limits <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee3ff4ee-48d3-4b35-b6c9-320bd42780d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-limits/" + google-query: inurl:"/wp-content/plugins/wp-limits/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-limits,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-limits/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-limits" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-line-notify-b546805f046a6ab76ad9842bd21444bd.yaml b/nuclei-templates/cve-less/plugins/wp-line-notify-b546805f046a6ab76ad9842bd21444bd.yaml new file mode 100644 index 0000000000..a49c93f883 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-line-notify-b546805f046a6ab76ad9842bd21444bd.yaml @@ -0,0 +1,58 @@ +id: wp-line-notify-b546805f046a6ab76ad9842bd21444bd + +info: + name: > + LINE Notify <= 1.4.4 - Reflected Cross-Site Scripting via 'uid' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b4e7c02-48d3-4271-a3bc-e7d3256b7217?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-line-notify/" + google-query: inurl:"/wp-content/plugins/wp-line-notify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-line-notify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-line-notify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-line-notify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-linkedin-auto-publish-e30e15a9c4996773efb6051e3f90c9c4.yaml b/nuclei-templates/cve-less/plugins/wp-linkedin-auto-publish-e30e15a9c4996773efb6051e3f90c9c4.yaml new file mode 100644 index 0000000000..ed065b6df8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-linkedin-auto-publish-e30e15a9c4996773efb6051e3f90c9c4.yaml @@ -0,0 +1,58 @@ +id: wp-linkedin-auto-publish-e30e15a9c4996773efb6051e3f90c9c4 + +info: + name: > + WP LinkedIn Auto Publish <= 8.11 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c1c8310-76c3-4505-9504-993e594804a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-linkedin-auto-publish/" + google-query: inurl:"/wp-content/plugins/wp-linkedin-auto-publish/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-linkedin-auto-publish,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-linkedin-auto-publish/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-linkedin-auto-publish" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-links-page-c714b4c448de917cbe9dde73273b4f80.yaml b/nuclei-templates/cve-less/plugins/wp-links-page-c714b4c448de917cbe9dde73273b4f80.yaml new file mode 100644 index 0000000000..b5bbcd5d36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-links-page-c714b4c448de917cbe9dde73273b4f80.yaml @@ -0,0 +1,58 @@ +id: wp-links-page-c714b4c448de917cbe9dde73273b4f80 + +info: + name: > + WP Links Page <= 4.9.4 - Cross-Site Request Forgery via wplf_ajax_update_screenshots + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa70ddc-9a5c-4001-967a-5aad789c862c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-links-page/" + google-query: inurl:"/wp-content/plugins/wp-links-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-links-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-links-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-links-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-links-page-e52be0435f55047670368cd34b580535.yaml b/nuclei-templates/cve-less/plugins/wp-links-page-e52be0435f55047670368cd34b580535.yaml new file mode 100644 index 0000000000..014fdac291 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-links-page-e52be0435f55047670368cd34b580535.yaml @@ -0,0 +1,58 @@ +id: wp-links-page-e52be0435f55047670368cd34b580535 + +info: + name: > + WP Links Page <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ef3297d-8686-44aa-ac73-793b644be3f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-links-page/" + google-query: inurl:"/wp-content/plugins/wp-links-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-links-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-links-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-links-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-lister-for-amazon-178c8e00fd5bfb5400710e1fa21e320a.yaml b/nuclei-templates/cve-less/plugins/wp-lister-for-amazon-178c8e00fd5bfb5400710e1fa21e320a.yaml new file mode 100644 index 0000000000..9a5aaf59d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-lister-for-amazon-178c8e00fd5bfb5400710e1fa21e320a.yaml @@ -0,0 +1,58 @@ +id: wp-lister-for-amazon-178c8e00fd5bfb5400710e1fa21e320a + +info: + name: > + WP-Lister Lite for Amazon <= 2.4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08746755-9abe-4120-8ffb-90f2f9f1b7cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-lister-for-amazon/" + google-query: inurl:"/wp-content/plugins/wp-lister-for-amazon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-lister-for-amazon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-lister-for-amazon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-lister-for-amazon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-lister-for-amazon-6cd99d073813881160ae0f456cc4a754.yaml b/nuclei-templates/cve-less/plugins/wp-lister-for-amazon-6cd99d073813881160ae0f456cc4a754.yaml new file mode 100644 index 0000000000..5573f7872c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-lister-for-amazon-6cd99d073813881160ae0f456cc4a754.yaml @@ -0,0 +1,58 @@ +id: wp-lister-for-amazon-6cd99d073813881160ae0f456cc4a754 + +info: + name: > + WP-Lister Lite for Amazon <= 2.6.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0814c64e-f786-4cc3-85ee-c8cfbebf7e2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-lister-for-amazon/" + google-query: inurl:"/wp-content/plugins/wp-lister-for-amazon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-lister-for-amazon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-lister-for-amazon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-lister-for-amazon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-lister-for-amazon-fbce84a8ee57be3789217c9b7a75a712.yaml b/nuclei-templates/cve-less/plugins/wp-lister-for-amazon-fbce84a8ee57be3789217c9b7a75a712.yaml new file mode 100644 index 0000000000..0e0e289b3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-lister-for-amazon-fbce84a8ee57be3789217c9b7a75a712.yaml @@ -0,0 +1,58 @@ +id: wp-lister-for-amazon-fbce84a8ee57be3789217c9b7a75a712 + +info: + name: > + WP-Lister Lite for Amazon <= 2.6.11 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36f37875-69fe-41cb-a68d-ad73d53d1a83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-lister-for-amazon/" + google-query: inurl:"/wp-content/plugins/wp-lister-for-amazon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-lister-for-amazon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-lister-for-amazon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-lister-for-amazon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-lister-for-ebay-1691930e201b6c9ce529fab20806ab3a.yaml b/nuclei-templates/cve-less/plugins/wp-lister-for-ebay-1691930e201b6c9ce529fab20806ab3a.yaml new file mode 100644 index 0000000000..84fc7c6349 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-lister-for-ebay-1691930e201b6c9ce529fab20806ab3a.yaml @@ -0,0 +1,58 @@ +id: wp-lister-for-ebay-1691930e201b6c9ce529fab20806ab3a + +info: + name: > + WP-Lister Lite for eBay <= 3.5.11 - Authenticated (Shop Manager+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7179fe0d-8cfa-4b43-82d6-5523d65ff780?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-lister-for-ebay/" + google-query: inurl:"/wp-content/plugins/wp-lister-for-ebay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-lister-for-ebay,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-lister-for-ebay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-lister-for-ebay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-lister-for-ebay-d5ae4878a4d320a4dee3c301e3085c64.yaml b/nuclei-templates/cve-less/plugins/wp-lister-for-ebay-d5ae4878a4d320a4dee3c301e3085c64.yaml new file mode 100644 index 0000000000..d357563c1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-lister-for-ebay-d5ae4878a4d320a4dee3c301e3085c64.yaml @@ -0,0 +1,58 @@ +id: wp-lister-for-ebay-d5ae4878a4d320a4dee3c301e3085c64 + +info: + name: > + WP-Lister Lite for eBay <= 3.5.7 - Reflected Cross-Site Scripting via 's' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70d05b9e-bead-42f9-9d19-c92c8e6440cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-lister-for-ebay/" + google-query: inurl:"/wp-content/plugins/wp-lister-for-ebay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-lister-for-ebay,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-lister-for-ebay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-lister-for-ebay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-lister-for-ebay-dc87f7ad02889b2fba3b573d8f507b49.yaml b/nuclei-templates/cve-less/plugins/wp-lister-for-ebay-dc87f7ad02889b2fba3b573d8f507b49.yaml new file mode 100644 index 0000000000..0e429ad74d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-lister-for-ebay-dc87f7ad02889b2fba3b573d8f507b49.yaml @@ -0,0 +1,58 @@ +id: wp-lister-for-ebay-dc87f7ad02889b2fba3b573d8f507b49 + +info: + name: > + WP-Lister Lite for eBay <= 3.5.11 - Authenticated (Shop Manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/613b4ad3-9aea-4c1c-9d73-1fb51da26477?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-lister-for-ebay/" + google-query: inurl:"/wp-content/plugins/wp-lister-for-ebay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-lister-for-ebay,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-lister-for-ebay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-lister-for-ebay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-listings-1732e4e08bdb234132d824677ffb996f.yaml b/nuclei-templates/cve-less/plugins/wp-listings-1732e4e08bdb234132d824677ffb996f.yaml new file mode 100644 index 0000000000..3dfb0241e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-listings-1732e4e08bdb234132d824677ffb996f.yaml @@ -0,0 +1,58 @@ +id: wp-listings-1732e4e08bdb234132d824677ffb996f + +info: + name: > + IMPress Listings <= 2.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b98668e-a20f-49a3-a6d6-6da6d1c044d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-listings/" + google-query: inurl:"/wp-content/plugins/wp-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-listings,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-listings-828d5e38dbe1047738a24a003f9a3134.yaml b/nuclei-templates/cve-less/plugins/wp-listings-828d5e38dbe1047738a24a003f9a3134.yaml new file mode 100644 index 0000000000..a31370b7d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-listings-828d5e38dbe1047738a24a003f9a3134.yaml @@ -0,0 +1,58 @@ +id: wp-listings-828d5e38dbe1047738a24a003f9a3134 + +info: + name: > + IMPress Listings <= 2.6.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f426c32e-a376-4447-b83f-409a8eb0c499?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-listings/" + google-query: inurl:"/wp-content/plugins/wp-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-listings,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-listings-c94bdab6658e87ec5036df9af1fd3f36.yaml b/nuclei-templates/cve-less/plugins/wp-listings-c94bdab6658e87ec5036df9af1fd3f36.yaml new file mode 100644 index 0000000000..ac26d04fd8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-listings-c94bdab6658e87ec5036df9af1fd3f36.yaml @@ -0,0 +1,58 @@ +id: wp-listings-c94bdab6658e87ec5036df9af1fd3f36 + +info: + name: > + IMPress Listings <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Listing Fields + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d31b9022-ae45-4bc2-b820-fb88faf0796f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-listings/" + google-query: inurl:"/wp-content/plugins/wp-listings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-listings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-listings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-listings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-software-for-wordpress-7695d17d2a6f043e2b7067503447a869.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-software-for-wordpress-7695d17d2a6f043e2b7067503447a869.yaml new file mode 100644 index 0000000000..7bcaec3a2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-software-for-wordpress-7695d17d2a6f043e2b7067503447a869.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-software-for-wordpress-7695d17d2a6f043e2b7067503447a869 + +info: + name: > + LiveChat <= 4.5.15 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b80e90d-72bd-4253-b84b-d2706e1abd4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-software-for-wordpress/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-software-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-software-for-wordpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-software-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-software-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-0afdcc5a66b8604c315ccd15a101d49e.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-0afdcc5a66b8604c315ccd15a101d49e.yaml new file mode 100644 index 0000000000..ac174ab500 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-0afdcc5a66b8604c315ccd15a101d49e.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-0afdcc5a66b8604c315ccd15a101d49e + +info: + name: > + WP Live Chat Support <= 7.1.04 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fc2b6cb-cca1-4d90-a229-12ec9d1f4b8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.04') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-18d01dbad64386da194504c3f5ffe26e.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-18d01dbad64386da194504c3f5ffe26e.yaml new file mode 100644 index 0000000000..6143a964c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-18d01dbad64386da194504c3f5ffe26e.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-18d01dbad64386da194504c3f5ffe26e + +info: + name: > + WP Live Chat Support <= 8.0.27 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35b5a6ab-8909-49aa-8427-19355e6a7303?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-245c40ef7971bdcc79b4668a4d4b1ccf.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-245c40ef7971bdcc79b4668a4d4b1ccf.yaml new file mode 100644 index 0000000000..c8375f7027 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-245c40ef7971bdcc79b4668a4d4b1ccf.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-245c40ef7971bdcc79b4668a4d4b1ccf + +info: + name: > + WP Live Chat Support <= 7.0.06 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbc1d257-bc56-4e8f-bdb4-b2a323026625?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.06') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-39656d176cfde17eb173675dd34ae675.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-39656d176cfde17eb173675dd34ae675.yaml new file mode 100644 index 0000000000..917afaa993 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-39656d176cfde17eb173675dd34ae675.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-39656d176cfde17eb173675dd34ae675 + +info: + name: > + WP Live Chat Support <= 8.0.15 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67e2636a-1a5d-4526-aace-b276faf321a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-3ae5086ca70170003dc9a3bdb44eba92.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-3ae5086ca70170003dc9a3bdb44eba92.yaml new file mode 100644 index 0000000000..666806b558 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-3ae5086ca70170003dc9a3bdb44eba92.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-3ae5086ca70170003dc9a3bdb44eba92 + +info: + name: > + WP Live Chat Support <= 8.0.32 - Unprotected Functions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90689ba2-4f82-4116-85d7-1266189aa34e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.0.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-66eb7f5c446de79e267dceb74a880097.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-66eb7f5c446de79e267dceb74a880097.yaml new file mode 100644 index 0000000000..bc30659868 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-66eb7f5c446de79e267dceb74a880097.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-66eb7f5c446de79e267dceb74a880097 + +info: + name: > + 3CX Live Chat <= 8.0.07 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/220133fe-ebf3-4cfe-8882-1c961b384ff3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.07') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-84da1bcb85beb132b593a5fff336db83.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-84da1bcb85beb132b593a5fff336db83.yaml new file mode 100644 index 0000000000..78e19b871b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-84da1bcb85beb132b593a5fff336db83.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-84da1bcb85beb132b593a5fff336db83 + +info: + name: > + WP Live Chat Support <= 8.0.17 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef3b11ef-c328-489e-8c12-331621a0327c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-875e2588a6c7f11db1b0d18dfa5a3b24.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-875e2588a6c7f11db1b0d18dfa5a3b24.yaml new file mode 100644 index 0000000000..8d618b8b74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-875e2588a6c7f11db1b0d18dfa5a3b24.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-875e2588a6c7f11db1b0d18dfa5a3b24 + +info: + name: > + WP Live Chat Support <= 8.0.05 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab58a6e8-624b-4268-a95a-0e004f8e8c86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.05') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-ac9a4353796cc2c432e6ec8cb3e235d2.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-ac9a4353796cc2c432e6ec8cb3e235d2.yaml new file mode 100644 index 0000000000..a311aaec76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-ac9a4353796cc2c432e6ec8cb3e235d2.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-ac9a4353796cc2c432e6ec8cb3e235d2 + +info: + name: > + 3CX Free Live Chat <= 6.2.03 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f33bc98-167d-4913-8de5-b80296955673?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.03') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-b1af204538776bc3f4caa86c078ec978.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-b1af204538776bc3f4caa86c078ec978.yaml new file mode 100644 index 0000000000..50ad8b29e2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-b1af204538776bc3f4caa86c078ec978.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-b1af204538776bc3f4caa86c078ec978 + +info: + name: > + WP Live Chat Support < 4.1.0 - JavaScript Code Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed9a6e27-c18f-4edf-b793-16021ebf0a6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-e810e3355fe67bdcfcad0632d29d1e56.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-e810e3355fe67bdcfcad0632d29d1e56.yaml new file mode 100644 index 0000000000..4b42f172de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-e810e3355fe67bdcfcad0632d29d1e56.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-e810e3355fe67bdcfcad0632d29d1e56 + +info: + name: > + WP Live Chat Support <= 7.1.02 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ee1a4de-25be-46fa-907e-1856862ae52e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.02') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-pro-5dad5dd2cab63732345a28406c0429ec.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-pro-5dad5dd2cab63732345a28406c0429ec.yaml new file mode 100644 index 0000000000..d8f3de1e10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-pro-5dad5dd2cab63732345a28406c0429ec.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-pro-5dad5dd2cab63732345a28406c0429ec + +info: + name: > + WP Live Chat Support Pro <= 8.0.26 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/227fb6d1-3515-4172-9d7c-57a66d17858f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support-pro/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support-pro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-live-chat-support-pro-f4c8de2dff39667b20d17f36ad03ed25.yaml b/nuclei-templates/cve-less/plugins/wp-live-chat-support-pro-f4c8de2dff39667b20d17f36ad03ed25.yaml new file mode 100644 index 0000000000..a4e18be8be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-live-chat-support-pro-f4c8de2dff39667b20d17f36ad03ed25.yaml @@ -0,0 +1,58 @@ +id: wp-live-chat-support-pro-f4c8de2dff39667b20d17f36ad03ed25 + +info: + name: > + WP Live Chat Support Pro <= 8.0.06 - Remote Code Execution via unrestricted file upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfd3926e-cdb6-44a6-bada-cb83458ca172?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-live-chat-support-pro/" + google-query: inurl:"/wp-content/plugins/wp-live-chat-support-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-live-chat-support-pro,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-live-chat-support-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-live-chat-support-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.06') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-livephp-9088cbacca16ddb298ad417146be5fc5.yaml b/nuclei-templates/cve-less/plugins/wp-livephp-9088cbacca16ddb298ad417146be5fc5.yaml new file mode 100644 index 0000000000..ecebfe1de0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-livephp-9088cbacca16ddb298ad417146be5fc5.yaml @@ -0,0 +1,58 @@ +id: wp-livephp-9088cbacca16ddb298ad417146be5fc5 + +info: + name: > + WP Live.php <= 1.2.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37f7edb2-4fc0-4785-a49d-6bae9aa57d42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-livephp/" + google-query: inurl:"/wp-content/plugins/wp-livephp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-livephp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-livephp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-livephp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-login-and-logout-redirect-73c1cd9e5bfe098bfeb3d4b81b96f05b.yaml b/nuclei-templates/cve-less/plugins/wp-login-and-logout-redirect-73c1cd9e5bfe098bfeb3d4b81b96f05b.yaml new file mode 100644 index 0000000000..ae8295fdda --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-login-and-logout-redirect-73c1cd9e5bfe098bfeb3d4b81b96f05b.yaml @@ -0,0 +1,58 @@ +id: wp-login-and-logout-redirect-73c1cd9e5bfe098bfeb3d4b81b96f05b + +info: + name: > + WP Login and Logout Redirect <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c293c3a-383d-4e3c-bf1b-4d64e9cd3eb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-login-and-logout-redirect/" + google-query: inurl:"/wp-content/plugins/wp-login-and-logout-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-login-and-logout-redirect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-login-and-logout-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-login-and-logout-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-login-box-1b107fac39fc60c6674fcf9f0d2a0f84.yaml b/nuclei-templates/cve-less/plugins/wp-login-box-1b107fac39fc60c6674fcf9f0d2a0f84.yaml new file mode 100644 index 0000000000..fbd22889c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-login-box-1b107fac39fc60c6674fcf9f0d2a0f84.yaml @@ -0,0 +1,58 @@ +id: wp-login-box-1b107fac39fc60c6674fcf9f0d2a0f84 + +info: + name: > + WP Login Box <= 2.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66c58d4c-8c36-40af-827d-0e86f2110e3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-login-box/" + google-query: inurl:"/wp-content/plugins/wp-login-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-login-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-login-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-login-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-login-security-and-history-d5419bc1feddd2eafb9324b9b87684d7.yaml b/nuclei-templates/cve-less/plugins/wp-login-security-and-history-d5419bc1feddd2eafb9324b9b87684d7.yaml new file mode 100644 index 0000000000..9324641b44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-login-security-and-history-d5419bc1feddd2eafb9324b9b87684d7.yaml @@ -0,0 +1,58 @@ +id: wp-login-security-and-history-d5419bc1feddd2eafb9324b9b87684d7 + +info: + name: > + WP Login Security and History <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78a411e3-5228-4ac2-bf39-6bdec5d9e313?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-login-security-and-history/" + google-query: inurl:"/wp-content/plugins/wp-login-security-and-history/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-login-security-and-history,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-login-security-and-history/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-login-security-and-history" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-logo-showcase-99abe0055e8aeebf770fa9b05612b4e1.yaml b/nuclei-templates/cve-less/plugins/wp-logo-showcase-99abe0055e8aeebf770fa9b05612b4e1.yaml new file mode 100644 index 0000000000..e5c6ea243d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-logo-showcase-99abe0055e8aeebf770fa9b05612b4e1.yaml @@ -0,0 +1,58 @@ +id: wp-logo-showcase-99abe0055e8aeebf770fa9b05612b4e1 + +info: + name: > + Logo Slider and Showcase <= 1.3.36 - Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7ac9097-b02b-4f0a-8bc3-6c6af0bdab89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-logo-showcase/" + google-query: inurl:"/wp-content/plugins/wp-logo-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-logo-showcase,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-logo-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-logo-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-logo-showcase-responsive-slider-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/wp-logo-showcase-responsive-slider-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..02ce7b6ed5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-logo-showcase-responsive-slider-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: wp-logo-showcase-responsive-slider-slider-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-logo-showcase-responsive-slider-slider/" + google-query: inurl:"/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-logo-showcase-responsive-slider-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-logo-showcase-responsive-slider-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-logo-showcase-responsive-slider-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-lytebox-cda07eafd840bbbfe97d5dd1471777f9.yaml b/nuclei-templates/cve-less/plugins/wp-lytebox-cda07eafd840bbbfe97d5dd1471777f9.yaml new file mode 100644 index 0000000000..77d62a1ee7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-lytebox-cda07eafd840bbbfe97d5dd1471777f9.yaml @@ -0,0 +1,58 @@ +id: wp-lytebox-cda07eafd840bbbfe97d5dd1471777f9 + +info: + name: > + Lytebox <= 1.3 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b865fde-1c47-4574-932c-334ebefb3579?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-lytebox/" + google-query: inurl:"/wp-content/plugins/wp-lytebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-lytebox,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-lytebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-lytebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-bank-7bbbf63e0874145284bff009623a4860.yaml b/nuclei-templates/cve-less/plugins/wp-mail-bank-7bbbf63e0874145284bff009623a4860.yaml new file mode 100644 index 0000000000..58f030e0b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-bank-7bbbf63e0874145284bff009623a4860.yaml @@ -0,0 +1,58 @@ +id: wp-mail-bank-7bbbf63e0874145284bff009623a4860 + +info: + name: > + Mail Bank - #1 Mail SMTP Plugin for WordPress <= 4.0.14 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31a3a3c1-be0e-46d5-9fa3-563febc5569b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-bank/" + google-query: inurl:"/wp-content/plugins/wp-mail-bank/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-bank,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-bank/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-bank" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-catcher-2f15c2e1797d3dce53478e732579afa9.yaml b/nuclei-templates/cve-less/plugins/wp-mail-catcher-2f15c2e1797d3dce53478e732579afa9.yaml new file mode 100644 index 0000000000..2d4e2a6295 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-catcher-2f15c2e1797d3dce53478e732579afa9.yaml @@ -0,0 +1,58 @@ +id: wp-mail-catcher-2f15c2e1797d3dce53478e732579afa9 + +info: + name: > + Mail logging – WP Mail Catcher <= 2.1.3 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47aed582-efb6-4caf-a65b-57995907ecaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-catcher/" + google-query: inurl:"/wp-content/plugins/wp-mail-catcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-catcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-catcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-catcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-catcher-3aca48d71f7f1c4be4b57fb19e19bd9d.yaml b/nuclei-templates/cve-less/plugins/wp-mail-catcher-3aca48d71f7f1c4be4b57fb19e19bd9d.yaml new file mode 100644 index 0000000000..50c31149f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-catcher-3aca48d71f7f1c4be4b57fb19e19bd9d.yaml @@ -0,0 +1,58 @@ +id: wp-mail-catcher-3aca48d71f7f1c4be4b57fb19e19bd9d + +info: + name: > + WP Mail Catcher <= 2.1.2 - Unauthenticated Stored Cross-Site Scripting via Email Subject + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1525e1c9-4b94-4f9f-92c5-fc69fe000771?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-catcher/" + google-query: inurl:"/wp-content/plugins/wp-mail-catcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-catcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-catcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-catcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-catcher-6c96ae1b407264caa660411d1fa4575c.yaml b/nuclei-templates/cve-less/plugins/wp-mail-catcher-6c96ae1b407264caa660411d1fa4575c.yaml new file mode 100644 index 0000000000..f6f32975d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-catcher-6c96ae1b407264caa660411d1fa4575c.yaml @@ -0,0 +1,58 @@ +id: wp-mail-catcher-6c96ae1b407264caa660411d1fa4575c + +info: + name: > + WP Mail Catcher <= 2.1.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfb45af3-c22a-4045-b564-22f7081868d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-catcher/" + google-query: inurl:"/wp-content/plugins/wp-mail-catcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-catcher,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-catcher/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-catcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-cfbf975d1c5266eb2e6c08324dadc438.yaml b/nuclei-templates/cve-less/plugins/wp-mail-cfbf975d1c5266eb2e6c08324dadc438.yaml new file mode 100644 index 0000000000..ad8a3b0fd7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-cfbf975d1c5266eb2e6c08324dadc438.yaml @@ -0,0 +1,58 @@ +id: wp-mail-cfbf975d1c5266eb2e6c08324dadc438 + +info: + name: > + WP Mail <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08ded669-7e43-4da4-87e7-c7d75fa53d8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail/" + google-query: inurl:"/wp-content/plugins/wp-mail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-log-179315a1d6d0707060d355a5241e7195.yaml b/nuclei-templates/cve-less/plugins/wp-mail-log-179315a1d6d0707060d355a5241e7195.yaml new file mode 100644 index 0000000000..5fdefe7743 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-log-179315a1d6d0707060d355a5241e7195.yaml @@ -0,0 +1,58 @@ +id: wp-mail-log-179315a1d6d0707060d355a5241e7195 + +info: + name: > + WP Mail Log <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting via Email + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86ee1acb-6f0c-40e6-80a0-fc93b61c1602?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-log/" + google-query: inurl:"/wp-content/plugins/wp-mail-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-log-31c57eb5baf7bb0acd957fca651b5df2.yaml b/nuclei-templates/cve-less/plugins/wp-mail-log-31c57eb5baf7bb0acd957fca651b5df2.yaml new file mode 100644 index 0000000000..147b99ba42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-log-31c57eb5baf7bb0acd957fca651b5df2.yaml @@ -0,0 +1,58 @@ +id: wp-mail-log-31c57eb5baf7bb0acd957fca651b5df2 + +info: + name: > + WP Mail Log Plugin <= 1.1.2 - Authenticated(Contributor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0542f8bf-8fb1-4c47-89b7-106a6feacca1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-log/" + google-query: inurl:"/wp-content/plugins/wp-mail-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-log-74effda90864a740ff398e9c12c52b1c.yaml b/nuclei-templates/cve-less/plugins/wp-mail-log-74effda90864a740ff398e9c12c52b1c.yaml new file mode 100644 index 0000000000..9cefbc46a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-log-74effda90864a740ff398e9c12c52b1c.yaml @@ -0,0 +1,58 @@ +id: wp-mail-log-74effda90864a740ff398e9c12c52b1c + +info: + name: > + WP Mail Log <= 1.1.2 - Authenticated (Contributor+) SQL injection via key + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64c72788-a8fa-4f5b-a5b0-8754e952a14d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-log/" + google-query: inurl:"/wp-content/plugins/wp-mail-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-log-8be88bbbbf187ed081686352f66fd170.yaml b/nuclei-templates/cve-less/plugins/wp-mail-log-8be88bbbbf187ed081686352f66fd170.yaml new file mode 100644 index 0000000000..82744b1c89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-log-8be88bbbbf187ed081686352f66fd170.yaml @@ -0,0 +1,58 @@ +id: wp-mail-log-8be88bbbbf187ed081686352f66fd170 + +info: + name: > + WP Mail Log <= 1.1.2 - Authenticated (Contributor+) Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3d14d8f-61f4-4942-9eff-42264bb036bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-log/" + google-query: inurl:"/wp-content/plugins/wp-mail-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-log-95ff4ff837620d6ea480a2d73422a590.yaml b/nuclei-templates/cve-less/plugins/wp-mail-log-95ff4ff837620d6ea480a2d73422a590.yaml new file mode 100644 index 0000000000..28980d78c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-log-95ff4ff837620d6ea480a2d73422a590.yaml @@ -0,0 +1,58 @@ +id: wp-mail-log-95ff4ff837620d6ea480a2d73422a590 + +info: + name: > + WP Mail Log <= 1.1.2 - Authenticated (Contributor+) SQL Injection via id + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/099cc754-6a56-498f-848a-a242733e7fb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-log/" + google-query: inurl:"/wp-content/plugins/wp-mail-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-log-e4f7324bab65bcd3d88d8e669baede29.yaml b/nuclei-templates/cve-less/plugins/wp-mail-log-e4f7324bab65bcd3d88d8e669baede29.yaml new file mode 100644 index 0000000000..a8df04f311 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-log-e4f7324bab65bcd3d88d8e669baede29.yaml @@ -0,0 +1,58 @@ +id: wp-mail-log-e4f7324bab65bcd3d88d8e669baede29 + +info: + name: > + WP Mail Log <= 1.1.2 - Incorrect Authorization to Authenticated (Contributor+) Data Viewing and Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf169c9c-26f6-4af7-926e-1be34e638fd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-log/" + google-query: inurl:"/wp-content/plugins/wp-mail-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-log-fe1c7e5641b372bf56ee629133d6f4e5.yaml b/nuclei-templates/cve-less/plugins/wp-mail-log-fe1c7e5641b372bf56ee629133d6f4e5.yaml new file mode 100644 index 0000000000..52ec76a8b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-log-fe1c7e5641b372bf56ee629133d6f4e5.yaml @@ -0,0 +1,58 @@ +id: wp-mail-log-fe1c7e5641b372bf56ee629133d6f4e5 + +info: + name: > + WP Mail Log <= 1.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5155cee-df51-4da3-be86-38df2ab9908f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-log/" + google-query: inurl:"/wp-content/plugins/wp-mail-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-log,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-logging-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wp-mail-logging-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..7ec5eab3f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-logging-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wp-mail-logging-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-logging/" + google-query: inurl:"/wp-content/plugins/wp-mail-logging/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-logging,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-logging/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-logging" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-logging-e597c8ed0035e8185b143a4799be8f2d.yaml b/nuclei-templates/cve-less/plugins/wp-mail-logging-e597c8ed0035e8185b143a4799be8f2d.yaml new file mode 100644 index 0000000000..fdab50630b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-logging-e597c8ed0035e8185b143a4799be8f2d.yaml @@ -0,0 +1,58 @@ +id: wp-mail-logging-e597c8ed0035e8185b143a4799be8f2d + +info: + name: > + WP Mail Logging <= 1.11.1 - Unauthenticated Stored Cross-Site Scripting via Email + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef20b3e6-d8f4-458e-b604-b46ef16e229e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-logging/" + google-query: inurl:"/wp-content/plugins/wp-mail-logging/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-logging,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-logging/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-logging" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mail-smtp-pro-da10288b29dd37bfe67b8eab58492860.yaml b/nuclei-templates/cve-less/plugins/wp-mail-smtp-pro-da10288b29dd37bfe67b8eab58492860.yaml new file mode 100644 index 0000000000..4001c4f018 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mail-smtp-pro-da10288b29dd37bfe67b8eab58492860.yaml @@ -0,0 +1,58 @@ +id: wp-mail-smtp-pro-da10288b29dd37bfe67b8eab58492860 + +info: + name: > + WP Mail SMTP Pro <= 3.8.0 - Missing Authorization to Information Dislcosure via is_print_page + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a813251b-a4c1-4b23-ad03-dcc1f4f19eb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mail-smtp-pro/" + google-query: inurl:"/wp-content/plugins/wp-mail-smtp-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mail-smtp-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mail-smtp-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mail-smtp-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mailster-6435ffbe89f0f4a16cb704e9095f5d40.yaml b/nuclei-templates/cve-less/plugins/wp-mailster-6435ffbe89f0f4a16cb704e9095f5d40.yaml new file mode 100644 index 0000000000..2f499ac12e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mailster-6435ffbe89f0f4a16cb704e9095f5d40.yaml @@ -0,0 +1,58 @@ +id: wp-mailster-6435ffbe89f0f4a16cb704e9095f5d40 + +info: + name: > + WP Mailster < 1.5.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f61bda49-1eb0-49a3-8af1-8cadf088464f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mailster/" + google-query: inurl:"/wp-content/plugins/wp-mailster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mailster,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mailster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mailster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mailto-links-d9f0423766ca387f95476b5cd1e1b1e4.yaml b/nuclei-templates/cve-less/plugins/wp-mailto-links-d9f0423766ca387f95476b5cd1e1b1e4.yaml new file mode 100644 index 0000000000..5975975e35 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mailto-links-d9f0423766ca387f95476b5cd1e1b1e4.yaml @@ -0,0 +1,58 @@ +id: wp-mailto-links-d9f0423766ca387f95476b5cd1e1b1e4 + +info: + name: > + WP Mailto Links – Protect Email Addresses <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec882062-0059-47ca-a007-3347e7adb70b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mailto-links/" + google-query: inurl:"/wp-content/plugins/wp-mailto-links/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mailto-links,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mailto-links/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mailto-links" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mailup-5be3d6220be540ab529a6f616f5316f8.yaml b/nuclei-templates/cve-less/plugins/wp-mailup-5be3d6220be540ab529a6f616f5316f8.yaml new file mode 100644 index 0000000000..f4ca70242d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mailup-5be3d6220be540ab529a6f616f5316f8.yaml @@ -0,0 +1,58 @@ +id: wp-mailup-5be3d6220be540ab529a6f616f5316f8 + +info: + name: > + MailUp newsletter sign-up form < 1.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20227433-a2f0-4a00-b6cc-95708135c0b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mailup/" + google-query: inurl:"/wp-content/plugins/wp-mailup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mailup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mailup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mailup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mailup-74a3eb8891dcef7e1892db3c005e178d.yaml b/nuclei-templates/cve-less/plugins/wp-mailup-74a3eb8891dcef7e1892db3c005e178d.yaml new file mode 100644 index 0000000000..e4a22a8ed4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mailup-74a3eb8891dcef7e1892db3c005e178d.yaml @@ -0,0 +1,58 @@ +id: wp-mailup-74a3eb8891dcef7e1892db3c005e178d + +info: + name: > + MailUp newsletter sign-up form < 1.3.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c793bf75-5e44-4511-9005-4175f349cef4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mailup/" + google-query: inurl:"/wp-content/plugins/wp-mailup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mailup,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mailup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mailup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-6dc10d5c3a8a61c313df3cbcf576a1b8.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-6dc10d5c3a8a61c313df3cbcf576a1b8.yaml new file mode 100644 index 0000000000..b6862c29df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-6dc10d5c3a8a61c313df3cbcf576a1b8.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-6dc10d5c3a8a61c313df3cbcf576a1b8 + +info: + name: > + WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f2fa602-79db-4bb3-a55c-75da59116f06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance/" + google-query: inurl:"/wp-content/plugins/wp-maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-aab671eab1f3a35319bc119c20a62b84.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-aab671eab1f3a35319bc119c20a62b84.yaml new file mode 100644 index 0000000000..64c5e296a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-aab671eab1f3a35319bc119c20a62b84.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-aab671eab1f3a35319bc119c20a62b84 + +info: + name: > + WP Maintenance <= 6.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002e61b-7395-4ba7-8695-da17cfc001cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance/" + google-query: inurl:"/wp-content/plugins/wp-maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-d9b09bd810ab52f398f0afdd79c897af.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-d9b09bd810ab52f398f0afdd79c897af.yaml new file mode 100644 index 0000000000..ba63050970 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-d9b09bd810ab52f398f0afdd79c897af.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-d9b09bd810ab52f398f0afdd79c897af + +info: + name: > + WP Maintenance <= 6.1.6 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/645328f3-2bcb-4287-952c-2e23ec57bb4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance/" + google-query: inurl:"/wp-content/plugins/wp-maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-e8d379239814ced6a5f09013cbb811b8.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-e8d379239814ced6a5f09013cbb811b8.yaml new file mode 100644 index 0000000000..b51af8002b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-e8d379239814ced6a5f09013cbb811b8.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-e8d379239814ced6a5f09013cbb811b8 + +info: + name: > + WP Maintenance <= 6.1.3 - IP Restriction Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87a1cc00-330c-40c3-a174-8ea50075c4bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance/" + google-query: inurl:"/wp-content/plugins/wp-maintenance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-12a42b489a4f41309029bce2b7df59b4.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-12a42b489a4f41309029bce2b7df59b4.yaml new file mode 100644 index 0000000000..efc32a7503 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-12a42b489a4f41309029bce2b7df59b4.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-mode-12a42b489a4f41309029bce2b7df59b4 + +info: + name: > + WP Maintenance Mode & Coming Soon <= 2.4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/840e9a50-ce53-4b9a-b6ae-c5016e11373b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/wp-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-18112388a9914d1cf0c8f86d0f31e148.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-18112388a9914d1cf0c8f86d0f31e148.yaml new file mode 100644 index 0000000000..6624abe60c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-18112388a9914d1cf0c8f86d0f31e148.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-mode-18112388a9914d1cf0c8f86d0f31e148 + +info: + name: > + WP Maintenance Mode <= 1.8.7 - Missing Authorization Checks & Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f42dc6ab-4035-4e9e-b956-40395c7e309f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/wp-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-27c270156b5cf78eb4bb31035b7f5db8.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-27c270156b5cf78eb4bb31035b7f5db8.yaml new file mode 100644 index 0000000000..ae1b4dfa35 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-27c270156b5cf78eb4bb31035b7f5db8.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-mode-27c270156b5cf78eb4bb31035b7f5db8 + +info: + name: > + WP Maintenance Mode <= 2.0.6 - Authenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3de6969-a27c-40a1-87ff-ce09a702613c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/wp-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-92df025ccfa89a1351393b8f44caea90.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-92df025ccfa89a1351393b8f44caea90.yaml new file mode 100644 index 0000000000..cfcfc840a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-92df025ccfa89a1351393b8f44caea90.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-mode-92df025ccfa89a1351393b8f44caea90 + +info: + name: > + ThemeIsle SDK <= Various Versions - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/wp-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance-mode,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-a8309537878561527873c9aaba1b29f6.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-a8309537878561527873c9aaba1b29f6.yaml new file mode 100644 index 0000000000..8f7b75b8f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-a8309537878561527873c9aaba1b29f6.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-mode-a8309537878561527873c9aaba1b29f6 + +info: + name: > + WP Maintenance Mode <= 2.0.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00d69e80-36fa-4b74-8138-56c0bf576e44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/wp-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance-mode,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-c03b6eeac707e2faa28a70a9e28fd5e0.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-c03b6eeac707e2faa28a70a9e28fd5e0.yaml new file mode 100644 index 0000000000..cb4b965189 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-c03b6eeac707e2faa28a70a9e28fd5e0.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-mode-c03b6eeac707e2faa28a70a9e28fd5e0 + +info: + name: > + LightStart – Maintenance Mode, Coming Soon and Landing Page Builder <= 2.6.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b57d3d1d-dcdb-4f11-82d8-183778baa075?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/wp-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance-mode,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-f508bbced58788f18196a525afb794c1.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-f508bbced58788f18196a525afb794c1.yaml new file mode 100644 index 0000000000..d9b6c5c861 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-f508bbced58788f18196a525afb794c1.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-mode-f508bbced58788f18196a525afb794c1 + +info: + name: > + WP Maintenance Mode <= 2.0.6 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cf2201d-6da0-4f66-9135-c6b34ef7c65f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/wp-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance-mode,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-7393cd06bd9f0a8e6b160ee1e40091a1.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-7393cd06bd9f0a8e6b160ee1e40091a1.yaml new file mode 100644 index 0000000000..21694603dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-7393cd06bd9f0a8e6b160ee1e40091a1.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-mode-site-under-construction-7393cd06bd9f0a8e6b160ee1e40091a1 + +info: + name: > + WooCommerce Conditional Marketing Mailer <= 1.5.1 - Improper Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37a25fdf-da5d-42bd-a803-afb3787aabf4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance-mode-site-under-construction/" + google-query: inurl:"/wp-content/plugins/wp-maintenance-mode-site-under-construction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance-mode-site-under-construction,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance-mode-site-under-construction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance-mode-site-under-construction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-9a4983ebf76516d5539ccc05a21c897b.yaml b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-9a4983ebf76516d5539ccc05a21c897b.yaml new file mode 100644 index 0000000000..61723334ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maintenance-mode-site-under-construction-9a4983ebf76516d5539ccc05a21c897b.yaml @@ -0,0 +1,58 @@ +id: wp-maintenance-mode-site-under-construction-9a4983ebf76516d5539ccc05a21c897b + +info: + name: > + WP Maintenance Mode & Site Under Construction < 1.8.2 - Missing Authorization to Arbitrary Plugin Installation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/808e5246-30b1-4706-b11f-27fb74b117ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maintenance-mode-site-under-construction/" + google-query: inurl:"/wp-content/plugins/wp-maintenance-mode-site-under-construction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maintenance-mode-site-under-construction,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maintenance-mode-site-under-construction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maintenance-mode-site-under-construction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-manutencao-a9cc9d2366f33cd5741768b12deb923f.yaml b/nuclei-templates/cve-less/plugins/wp-manutencao-a9cc9d2366f33cd5741768b12deb923f.yaml new file mode 100644 index 0000000000..b9443ad0e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-manutencao-a9cc9d2366f33cd5741768b12deb923f.yaml @@ -0,0 +1,58 @@ +id: wp-manutencao-a9cc9d2366f33cd5741768b12deb923f + +info: + name: > + WordPress Manutenção <= 1.0.6 - IP Spoofing to Maintenance Mode Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6664039-554b-43bf-8925-00c1e62e28f5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-manutencao/" + google-query: inurl:"/wp-content/plugins/wp-manutencao/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-manutencao,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-manutencao/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-manutencao" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-map-block-5b50465ae2f78659823d6ff4bd2ffc8a.yaml b/nuclei-templates/cve-less/plugins/wp-map-block-5b50465ae2f78659823d6ff4bd2ffc8a.yaml new file mode 100644 index 0000000000..a17e704e51 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-map-block-5b50465ae2f78659823d6ff4bd2ffc8a.yaml @@ -0,0 +1,58 @@ +id: wp-map-block-5b50465ae2f78659823d6ff4bd2ffc8a + +info: + name: > + WP Map Block – Gutenberg Map Block for Google Map and OpenStreet Map <= 1.2.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8eba82b9-20cd-4bf1-85bc-2daea4423ee8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-map-block/" + google-query: inurl:"/wp-content/plugins/wp-map-block/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-map-block,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-map-block/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-map-block" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mapa-politico-spain-85d2798dcbad09cd3df8222f6cc3a39d.yaml b/nuclei-templates/cve-less/plugins/wp-mapa-politico-spain-85d2798dcbad09cd3df8222f6cc3a39d.yaml new file mode 100644 index 0000000000..0b8458e780 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mapa-politico-spain-85d2798dcbad09cd3df8222f6cc3a39d.yaml @@ -0,0 +1,58 @@ +id: wp-mapa-politico-spain-85d2798dcbad09cd3df8222f6cc3a39d + +info: + name: > + Mapa Politico España < 3.7.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd2f7567-a438-417b-bf0f-dec7a9f098b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mapa-politico-spain/" + google-query: inurl:"/wp-content/plugins/wp-mapa-politico-spain/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mapa-politico-spain,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mapa-politico-spain/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mapa-politico-spain" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mapit-76a5d195529e4a00633fd456330950cc.yaml b/nuclei-templates/cve-less/plugins/wp-mapit-76a5d195529e4a00633fd456330950cc.yaml new file mode 100644 index 0000000000..dd2f2bc2f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mapit-76a5d195529e4a00633fd456330950cc.yaml @@ -0,0 +1,58 @@ +id: wp-mapit-76a5d195529e4a00633fd456330950cc + +info: + name: > + WP MapIt <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ef6f598-e1a7-4036-9485-1aad0416349a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mapit/" + google-query: inurl:"/wp-content/plugins/wp-mapit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mapit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mapit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mapit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-marketing-automations-17e239a9a613785a57f9dff8c47dabbc.yaml b/nuclei-templates/cve-less/plugins/wp-marketing-automations-17e239a9a613785a57f9dff8c47dabbc.yaml new file mode 100644 index 0000000000..1049c991ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-marketing-automations-17e239a9a613785a57f9dff8c47dabbc.yaml @@ -0,0 +1,58 @@ +id: wp-marketing-automations-17e239a9a613785a57f9dff8c47dabbc + +info: + name: > + Abandoned Cart Recovery for WooCommerce by Autonami <= 2.1.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/245ae6f7-3539-4c91-89f1-29d1e12493b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-marketing-automations/" + google-query: inurl:"/wp-content/plugins/wp-marketing-automations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-marketing-automations,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-marketing-automations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-marketing-automations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-marketing-automations-2d0f997ee92e7b6c06625a4a937305f5.yaml b/nuclei-templates/cve-less/plugins/wp-marketing-automations-2d0f997ee92e7b6c06625a4a937305f5.yaml new file mode 100644 index 0000000000..e956645b65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-marketing-automations-2d0f997ee92e7b6c06625a4a937305f5.yaml @@ -0,0 +1,58 @@ +id: wp-marketing-automations-2d0f997ee92e7b6c06625a4a937305f5 + +info: + name: > + Automation By Autonami <= 2.6.1 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8af44af4-ea56-4686-ad35-5bcdd98ba2cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-marketing-automations/" + google-query: inurl:"/wp-content/plugins/wp-marketing-automations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-marketing-automations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-marketing-automations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-marketing-automations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-marketing-automations-d18e40088a787bdccb931530c8848277.yaml b/nuclei-templates/cve-less/plugins/wp-marketing-automations-d18e40088a787bdccb931530c8848277.yaml new file mode 100644 index 0000000000..29fff4dfee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-marketing-automations-d18e40088a787bdccb931530c8848277.yaml @@ -0,0 +1,58 @@ +id: wp-marketing-automations-d18e40088a787bdccb931530c8848277 + +info: + name: > + Automation By Autonami <= 2.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ec1d883-147f-4a15-89ab-bd9c41893589?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-marketing-automations/" + google-query: inurl:"/wp-content/plugins/wp-marketing-automations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-marketing-automations,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-marketing-automations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-marketing-automations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-masquerade-923b7799c6c4b8b6606ee152480bc325.yaml b/nuclei-templates/cve-less/plugins/wp-masquerade-923b7799c6c4b8b6606ee152480bc325.yaml new file mode 100644 index 0000000000..f587b5cee9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-masquerade-923b7799c6c4b8b6606ee152480bc325.yaml @@ -0,0 +1,58 @@ +id: wp-masquerade-923b7799c6c4b8b6606ee152480bc325 + +info: + name: > + WP Masquerade <= 1.1.0 - Authenticated (Subscriber+) Account Takeover + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d79dc179-8f0e-47e3-9697-82d9c9d44be2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-masquerade/" + google-query: inurl:"/wp-content/plugins/wp-masquerade/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-masquerade,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-masquerade/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-masquerade" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-matrix-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-matrix-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..999ee56b3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-matrix-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-matrix-gallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-matrix-gallery/" + google-query: inurl:"/wp-content/plugins/wp-matrix-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-matrix-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-matrix-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-matrix-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-maximum-upload-file-size-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wp-maximum-upload-file-size-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..4b9cf29642 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-maximum-upload-file-size-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wp-maximum-upload-file-size-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-maximum-upload-file-size/" + google-query: inurl:"/wp-content/plugins/wp-maximum-upload-file-size/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-maximum-upload-file-size,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-maximum-upload-file-size/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-maximum-upload-file-size" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-media-category-management-5a3ba228c7ef68acd338809eb5946660.yaml b/nuclei-templates/cve-less/plugins/wp-media-category-management-5a3ba228c7ef68acd338809eb5946660.yaml new file mode 100644 index 0000000000..b54baba7e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-media-category-management-5a3ba228c7ef68acd338809eb5946660.yaml @@ -0,0 +1,58 @@ +id: wp-media-category-management-5a3ba228c7ef68acd338809eb5946660 + +info: + name: > + WP Media Category Management <= 2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cce0fd52-b4a3-4608-81ca-f50c859ae6a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-media-category-management/" + google-query: inurl:"/wp-content/plugins/wp-media-category-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-media-category-management,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-media-category-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-media-category-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-media-cleaner-ee67de5781e7fd9c2318027f775c66d6.yaml b/nuclei-templates/cve-less/plugins/wp-media-cleaner-ee67de5781e7fd9c2318027f775c66d6.yaml new file mode 100644 index 0000000000..b5a244b700 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-media-cleaner-ee67de5781e7fd9c2318027f775c66d6.yaml @@ -0,0 +1,58 @@ +id: wp-media-cleaner-ee67de5781e7fd9c2318027f775c66d6 + +info: + name: > + WP Media Cleaner <= 2.2.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0654ddef-0a6e-4241-b226-947b5b0415b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-media-cleaner/" + google-query: inurl:"/wp-content/plugins/wp-media-cleaner/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-media-cleaner,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-media-cleaner/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-media-cleaner" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-media-folder-1196705650803cf1c8c204bb4b542a25.yaml b/nuclei-templates/cve-less/plugins/wp-media-folder-1196705650803cf1c8c204bb4b542a25.yaml new file mode 100644 index 0000000000..1a5e19be43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-media-folder-1196705650803cf1c8c204bb4b542a25.yaml @@ -0,0 +1,58 @@ +id: wp-media-folder-1196705650803cf1c8c204bb4b542a25 + +info: + name: > + WP Media folder <= 5.7.2 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5e4a172-38de-49d3-8a5d-62253cf6d67c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-media-folder/" + google-query: inurl:"/wp-content/plugins/wp-media-folder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-media-folder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-media-folder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-media-folder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-media-folder-2da7a3f2515edfb050506d62d2d86fdd.yaml b/nuclei-templates/cve-less/plugins/wp-media-folder-2da7a3f2515edfb050506d62d2d86fdd.yaml new file mode 100644 index 0000000000..eb5adc3b27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-media-folder-2da7a3f2515edfb050506d62d2d86fdd.yaml @@ -0,0 +1,58 @@ +id: wp-media-folder-2da7a3f2515edfb050506d62d2d86fdd + +info: + name: > + WP Media folder <= 5.7.2 - Missing Authorization to Authenticated(Subscriber+) Plugin settings change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d96a3d43-81dd-4c23-984b-a9ddf450164b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-media-folder/" + google-query: inurl:"/wp-content/plugins/wp-media-folder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-media-folder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-media-folder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-media-folder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-media-folder-a0b0c399b7514c70fcf0e05e68ca4408.yaml b/nuclei-templates/cve-less/plugins/wp-media-folder-a0b0c399b7514c70fcf0e05e68ca4408.yaml new file mode 100644 index 0000000000..2f65442e96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-media-folder-a0b0c399b7514c70fcf0e05e68ca4408.yaml @@ -0,0 +1,58 @@ +id: wp-media-folder-a0b0c399b7514c70fcf0e05e68ca4408 + +info: + name: > + WP Media folder <= 5.7.2 - Missing Authorization to Authenticated(Subscriber+) Title Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eed4626-1fa5-49b1-864e-c37e4cf58ad8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-media-folder/" + google-query: inurl:"/wp-content/plugins/wp-media-folder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-media-folder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-media-folder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-media-folder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-media-library-categories-5a62a90392d8e5e62d1e1ad4b9531478.yaml b/nuclei-templates/cve-less/plugins/wp-media-library-categories-5a62a90392d8e5e62d1e1ad4b9531478.yaml new file mode 100644 index 0000000000..2ccf6b8c3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-media-library-categories-5a62a90392d8e5e62d1e1ad4b9531478.yaml @@ -0,0 +1,58 @@ +id: wp-media-library-categories-5a62a90392d8e5e62d1e1ad4b9531478 + +info: + name: > + Media Library Categories <= 1.9.9 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d542c1e8-7e9f-4687-8739-0ebcb865b998?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-media-library-categories/" + google-query: inurl:"/wp-content/plugins/wp-media-library-categories/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-media-library-categories,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-media-library-categories/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-media-library-categories" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-media-library-categories-9fd777f73c4ef625b6fdbf9d8363a65e.yaml b/nuclei-templates/cve-less/plugins/wp-media-library-categories-9fd777f73c4ef625b6fdbf9d8363a65e.yaml new file mode 100644 index 0000000000..42db9b7f4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-media-library-categories-9fd777f73c4ef625b6fdbf9d8363a65e.yaml @@ -0,0 +1,58 @@ +id: wp-media-library-categories-9fd777f73c4ef625b6fdbf9d8363a65e + +info: + name: > + Media Library Categories <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44982138-7ebb-4562-a869-f17bfecd16d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-media-library-categories/" + google-query: inurl:"/wp-content/plugins/wp-media-library-categories/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-media-library-categories,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-media-library-categories/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-media-library-categories" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-media-player-cf07672d5cc5a9d43b461f631786b4cf.yaml b/nuclei-templates/cve-less/plugins/wp-media-player-cf07672d5cc5a9d43b461f631786b4cf.yaml new file mode 100644 index 0000000000..0fc8041f54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-media-player-cf07672d5cc5a9d43b461f631786b4cf.yaml @@ -0,0 +1,58 @@ +id: wp-media-player-cf07672d5cc5a9d43b461f631786b4cf + +info: + name: > + WP Silverlight Media Player <= 0.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a9dd9b6-28c7-4f7d-95bb-e93ccc6abc30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-media-player/" + google-query: inurl:"/wp-content/plugins/wp-media-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-media-player,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-media-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-media-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-members-00ca2c99ad053400f72b1ad04cedfa49.yaml b/nuclei-templates/cve-less/plugins/wp-members-00ca2c99ad053400f72b1ad04cedfa49.yaml new file mode 100644 index 0000000000..9c732a15a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-members-00ca2c99ad053400f72b1ad04cedfa49.yaml @@ -0,0 +1,58 @@ +id: wp-members-00ca2c99ad053400f72b1ad04cedfa49 + +info: + name: > + WP-Members Membership Plugin <= 3.4.8 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46c61f38-553e-43b2-a666-b160db40e66d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-members/" + google-query: inurl:"/wp-content/plugins/wp-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-members,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-members-0a288cfd79394a91cc2f2e98f7ebe8f7.yaml b/nuclei-templates/cve-less/plugins/wp-members-0a288cfd79394a91cc2f2e98f7ebe8f7.yaml new file mode 100644 index 0000000000..c36a93c046 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-members-0a288cfd79394a91cc2f2e98f7ebe8f7.yaml @@ -0,0 +1,58 @@ +id: wp-members-0a288cfd79394a91cc2f2e98f7ebe8f7 + +info: + name: > + WP-Members Membership Plugin <= 3.4.9.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/033069d2-8e0f-4c67-b18c-fdd471d85f87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-members/" + google-query: inurl:"/wp-content/plugins/wp-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-members,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-members-7700c6b035beec7a0abef5d3cdd6b1cf.yaml b/nuclei-templates/cve-less/plugins/wp-members-7700c6b035beec7a0abef5d3cdd6b1cf.yaml new file mode 100644 index 0000000000..876615f08b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-members-7700c6b035beec7a0abef5d3cdd6b1cf.yaml @@ -0,0 +1,58 @@ +id: wp-members-7700c6b035beec7a0abef5d3cdd6b1cf + +info: + name: > + WP-Members <= 3.2.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/249ac834-e7de-42cc-9ac1-82e7c18eac31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-members/" + google-query: inurl:"/wp-content/plugins/wp-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-members,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-members-a980d40221670f484b92312f4acbd125.yaml b/nuclei-templates/cve-less/plugins/wp-members-a980d40221670f484b92312f4acbd125.yaml new file mode 100644 index 0000000000..5eea36ce8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-members-a980d40221670f484b92312f4acbd125.yaml @@ -0,0 +1,58 @@ +id: wp-members-a980d40221670f484b92312f4acbd125 + +info: + name: > + WP-Members < 3.1.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4db5d4ec-0f49-40fb-97b3-f0146cbbbe52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-members/" + google-query: inurl:"/wp-content/plugins/wp-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-members,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-members-ceb215b10a19ec9d161edd4eed36fac8.yaml b/nuclei-templates/cve-less/plugins/wp-members-ceb215b10a19ec9d161edd4eed36fac8.yaml new file mode 100644 index 0000000000..201df7c8f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-members-ceb215b10a19ec9d161edd4eed36fac8.yaml @@ -0,0 +1,58 @@ +id: wp-members-ceb215b10a19ec9d161edd4eed36fac8 + +info: + name: > + WP-Members Membership Plugin <= 3.4.9.3 - Unprotected Storage of Potentially Sensitive Files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4319fa2e-8826-4100-9156-cbe80582367e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-members/" + google-query: inurl:"/wp-content/plugins/wp-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-members,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-members-dcbc79daa691cad653de67a9ff1a5707.yaml b/nuclei-templates/cve-less/plugins/wp-members-dcbc79daa691cad653de67a9ff1a5707.yaml new file mode 100644 index 0000000000..76dba5ac38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-members-dcbc79daa691cad653de67a9ff1a5707.yaml @@ -0,0 +1,58 @@ +id: wp-members-dcbc79daa691cad653de67a9ff1a5707 + +info: + name: > + WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf05a79a-0375-4c9d-bbf0-a87484327b87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-members/" + google-query: inurl:"/wp-content/plugins/wp-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-members,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-members-e2f5ffd9a4d18c5b5627131fa4317643.yaml b/nuclei-templates/cve-less/plugins/wp-members-e2f5ffd9a4d18c5b5627131fa4317643.yaml new file mode 100644 index 0000000000..9587df5450 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-members-e2f5ffd9a4d18c5b5627131fa4317643.yaml @@ -0,0 +1,58 @@ +id: wp-members-e2f5ffd9a4d18c5b5627131fa4317643 + +info: + name: > + WP-Members Membership Plugin <= 3.4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/631e1061-50b1-4df2-b876-37b4cd3e2478?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-members/" + google-query: inurl:"/wp-content/plugins/wp-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-members,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-members-e3501204b93612b8ff957cf7e1036632.yaml b/nuclei-templates/cve-less/plugins/wp-members-e3501204b93612b8ff957cf7e1036632.yaml new file mode 100644 index 0000000000..95a373a25f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-members-e3501204b93612b8ff957cf7e1036632.yaml @@ -0,0 +1,58 @@ +id: wp-members-e3501204b93612b8ff957cf7e1036632 + +info: + name: > + WP-Members Membership <= 3.4.7.3 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dabc2ae0-6005-4287-b1b0-385bc6d5c467?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-members/" + google-query: inurl:"/wp-content/plugins/wp-members/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-members,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-members/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-members" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-membership-398e2e434c59ceafeecf5e603168a0d7.yaml b/nuclei-templates/cve-less/plugins/wp-membership-398e2e434c59ceafeecf5e603168a0d7.yaml new file mode 100644 index 0000000000..67243117c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-membership-398e2e434c59ceafeecf5e603168a0d7.yaml @@ -0,0 +1,58 @@ +id: wp-membership-398e2e434c59ceafeecf5e603168a0d7 + +info: + name: > + WP Membership <= 1.2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/443bae1e-21a0-44b3-bda0-a189f5c69a16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-membership/" + google-query: inurl:"/wp-content/plugins/wp-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-membership,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-membership-a284426b60f71419209b182f0b3fc61e.yaml b/nuclei-templates/cve-less/plugins/wp-membership-a284426b60f71419209b182f0b3fc61e.yaml new file mode 100644 index 0000000000..1751a114e0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-membership-a284426b60f71419209b182f0b3fc61e.yaml @@ -0,0 +1,58 @@ +id: wp-membership-a284426b60f71419209b182f0b3fc61e + +info: + name: > + WP Membership <= 1.2.3 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5607fffa-341f-4237-b064-00fe2e6c9c9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-membership/" + google-query: inurl:"/wp-content/plugins/wp-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-membership-c1fc6421a52e6ac7d9b0f476667cd29a.yaml b/nuclei-templates/cve-less/plugins/wp-membership-c1fc6421a52e6ac7d9b0f476667cd29a.yaml new file mode 100644 index 0000000000..b7491d3554 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-membership-c1fc6421a52e6ac7d9b0f476667cd29a.yaml @@ -0,0 +1,58 @@ +id: wp-membership-c1fc6421a52e6ac7d9b0f476667cd29a + +info: + name: > + Multiple E-plugins (Various Versions) - Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629d4809-1dd2-4b67-8d8d-9c55f5240f94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-membership/" + google-query: inurl:"/wp-content/plugins/wp-membership/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-membership,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-membership/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-membership" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-memory-da896910a5cacf8279e4d7de14e16a7d.yaml b/nuclei-templates/cve-less/plugins/wp-memory-da896910a5cacf8279e4d7de14e16a7d.yaml new file mode 100644 index 0000000000..a55a2f558e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-memory-da896910a5cacf8279e4d7de14e16a7d.yaml @@ -0,0 +1,58 @@ +id: wp-memory-da896910a5cacf8279e4d7de14e16a7d + +info: + name: > + Memory Usage <= 2.45 - Missing Authorization to Arbitrary Plugin Installation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4349f322-41ee-43d2-b0a9-567b89aa5d76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-memory/" + google-query: inurl:"/wp-content/plugins/wp-memory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-memory,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-memory/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-memory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.45') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-and-date-remover-9a466e34216ffe71aad25917ff6bfb32.yaml b/nuclei-templates/cve-less/plugins/wp-meta-and-date-remover-9a466e34216ffe71aad25917ff6bfb32.yaml new file mode 100644 index 0000000000..1ec04be3ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-and-date-remover-9a466e34216ffe71aad25917ff6bfb32.yaml @@ -0,0 +1,58 @@ +id: wp-meta-and-date-remover-9a466e34216ffe71aad25917ff6bfb32 + +info: + name: > + WP Meta and Date Remover < 2.2.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3da0a44f-d4b4-4330-a2e3-d25a2a7df926?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-and-date-remover/" + google-query: inurl:"/wp-content/plugins/wp-meta-and-date-remover/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-and-date-remover,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-and-date-remover/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-and-date-remover" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-and-date-remover-d52eb2dcb52eaf5c45a9c76db66b7765.yaml b/nuclei-templates/cve-less/plugins/wp-meta-and-date-remover-d52eb2dcb52eaf5c45a9c76db66b7765.yaml new file mode 100644 index 0000000000..b33b9262c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-and-date-remover-d52eb2dcb52eaf5c45a9c76db66b7765.yaml @@ -0,0 +1,58 @@ +id: wp-meta-and-date-remover-d52eb2dcb52eaf5c45a9c76db66b7765 + +info: + name: > + WP Meta and Date Remover <= 2.3.0 - Cross-Site Request Forgery via updateSettings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faa9ad87-44b2-47b3-a05c-52e59af7255a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-and-date-remover/" + google-query: inurl:"/wp-content/plugins/wp-meta-and-date-remover/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-and-date-remover,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-and-date-remover/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-and-date-remover" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-388ffda3d201191cb375824a74d92ffc.yaml b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-388ffda3d201191cb375824a74d92ffc.yaml new file mode 100644 index 0000000000..c11d6f279f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-388ffda3d201191cb375824a74d92ffc.yaml @@ -0,0 +1,58 @@ +id: wp-meta-data-filter-and-taxonomy-filter-388ffda3d201191cb375824a74d92ffc + +info: + name: > + Meta Data Filter & Taxonomies Filter <= 1.2.7.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77b7fb02-1b79-4b0b-99ab-fa042e86391a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-data-filter-and-taxonomy-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-407035e57e51b9b24244b7b6677f36c6.yaml b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-407035e57e51b9b24244b7b6677f36c6.yaml new file mode 100644 index 0000000000..ff6f135471 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-407035e57e51b9b24244b7b6677f36c6.yaml @@ -0,0 +1,58 @@ +id: wp-meta-data-filter-and-taxonomy-filter-407035e57e51b9b24244b7b6677f36c6 + +info: + name: > + WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d338b583-4587-4b8d-b78e-a1b9a1054435?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-data-filter-and-taxonomy-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-412021edf597308d1e073bd0f08f6dda.yaml b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-412021edf597308d1e073bd0f08f6dda.yaml new file mode 100644 index 0000000000..4838af2995 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-412021edf597308d1e073bd0f08f6dda.yaml @@ -0,0 +1,58 @@ +id: wp-meta-data-filter-and-taxonomy-filter-412021edf597308d1e073bd0f08f6dda + +info: + name: > + WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.2 - Unauthenticated Arbitrary Shortcode Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3da58a5-3b07-4c53-ae20-35b3d7750023?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-data-filter-and-taxonomy-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-4f95fbf5d542e431aaee4d569011a0a0.yaml b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-4f95fbf5d542e431aaee4d569011a0a0.yaml new file mode 100644 index 0000000000..1908a2cd46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-4f95fbf5d542e431aaee4d569011a0a0.yaml @@ -0,0 +1,58 @@ +id: wp-meta-data-filter-and-taxonomy-filter-4f95fbf5d542e431aaee4d569011a0a0 + +info: + name: > + WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09bc815e-cf79-4d94-a934-366c251be551?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-data-filter-and-taxonomy-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-6028fbb33888953a639d7f4fdb105b84.yaml b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-6028fbb33888953a639d7f4fdb105b84.yaml new file mode 100644 index 0000000000..01cc102f93 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-6028fbb33888953a639d7f4fdb105b84.yaml @@ -0,0 +1,58 @@ +id: wp-meta-data-filter-and-taxonomy-filter-6028fbb33888953a639d7f4fdb105b84 + +info: + name: > + MDTF – Meta Data and Taxonomies Filter <= 1.3.0.1 - Relected Cross-Site Scripting via 'tax_name' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6edb6604-9da8-421e-933b-bac02b179bd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-data-filter-and-taxonomy-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-74e2cca43a241e929e4d02ce42179766.yaml b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-74e2cca43a241e929e4d02ce42179766.yaml new file mode 100644 index 0000000000..5c0bfdc608 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-74e2cca43a241e929e4d02ce42179766.yaml @@ -0,0 +1,58 @@ +id: wp-meta-data-filter-and-taxonomy-filter-74e2cca43a241e929e4d02ce42179766 + +info: + name: > + WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/325298a6-954b-4cf7-a96a-9571cdb0b5a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-data-filter-and-taxonomy-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-a210c90325ac6434534abb97976ad7c8.yaml b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-a210c90325ac6434534abb97976ad7c8.yaml new file mode 100644 index 0000000000..03c0cf4691 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-a210c90325ac6434534abb97976ad7c8.yaml @@ -0,0 +1,58 @@ +id: wp-meta-data-filter-and-taxonomy-filter-a210c90325ac6434534abb97976ad7c8 + +info: + name: > + WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1f482d3-d2f6-4161-8bcf-3d43d5ac10ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-data-filter-and-taxonomy-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-cd3ec729b30fa6c24f2c8dc5202be75f.yaml b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-cd3ec729b30fa6c24f2c8dc5202be75f.yaml new file mode 100644 index 0000000000..b13385aec8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-data-filter-and-taxonomy-filter-cd3ec729b30fa6c24f2c8dc5202be75f.yaml @@ -0,0 +1,58 @@ +id: wp-meta-data-filter-and-taxonomy-filter-cd3ec729b30fa6c24f2c8dc5202be75f + +info: + name: > + WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c33b51bb-d368-4056-97f2-03543c4e9f8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + google-query: inurl:"/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-data-filter-and-taxonomy-filter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-data-filter-and-taxonomy-filter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-051ffefc51104be6bb17d2b5cf41b941.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-051ffefc51104be6bb17d2b5cf41b941.yaml new file mode 100644 index 0000000000..91ea930553 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-051ffefc51104be6bb17d2b5cf41b941.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-051ffefc51104be6bb17d2b5cf41b941 + +info: + name: > + WP Meta SEO <= 4.5.3 - Missing Authorization in 'checkAllCategoryInSitemap' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f589e21-7417-4b43-b580-4f1d3c2041f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-2e08f88f4d646fb37132bf634ea9d86a.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-2e08f88f4d646fb37132bf634ea9d86a.yaml new file mode 100644 index 0000000000..fb93e47c8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-2e08f88f4d646fb37132bf634ea9d86a.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-2e08f88f4d646fb37132bf634ea9d86a + +info: + name: > + WP Meta SEO <= 4.4.6 - Admin+ Stored Cross-Site Scripting via breadcrumbs + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bce8b43a-a69e-44d1-adab-98253e86cb33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-2f2d8b93ad701e19ec6f3207f936eef8.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-2f2d8b93ad701e19ec6f3207f936eef8.yaml new file mode 100644 index 0000000000..89e623d75f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-2f2d8b93ad701e19ec6f3207f936eef8.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-2f2d8b93ad701e19ec6f3207f936eef8 + +info: + name: > + WP Meta SEO <= 4.5.3 - Missing Authorization in 'regenerateSitemaps' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a3f835e-0aa9-4581-9150-fe5041e0f293?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-48db89bfccb085b8a9e9bacdc76c0af1.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-48db89bfccb085b8a9e9bacdc76c0af1.yaml new file mode 100644 index 0000000000..06a8ebb13d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-48db89bfccb085b8a9e9bacdc76c0af1.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-48db89bfccb085b8a9e9bacdc76c0af1 + +info: + name: > + WP Meta SEO <= 4.5.3 - Missing Authorization in 'wpmsGGSaveInformation' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/702f9d3b-5d33-4215-ac76-9aae3162d775?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-8315a66d2bff25e165368a9ba5b2cd91.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-8315a66d2bff25e165368a9ba5b2cd91.yaml new file mode 100644 index 0000000000..47063afa09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-8315a66d2bff25e165368a9ba5b2cd91.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-8315a66d2bff25e165368a9ba5b2cd91 + +info: + name: > + WP Meta SEO <= 4.5.2 - Missing Authorization in 'startProcess' to Arbitrary Redirect via 'update_link_redirect' task + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29c47391-5d37-4f49-8806-1f378a6306d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-853440dc6a0bac372d49c0a52406c979.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-853440dc6a0bac372d49c0a52406c979.yaml new file mode 100644 index 0000000000..e6f3eb2fda --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-853440dc6a0bac372d49c0a52406c979.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-853440dc6a0bac372d49c0a52406c979 + +info: + name: > + WP Meta SEO <= 4.4.8 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69c7b0e4-89bf-480c-8e89-b1514d2bfefe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-8f211e542f6f3ea8f0872b9525089564.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-8f211e542f6f3ea8f0872b9525089564.yaml new file mode 100644 index 0000000000..a1b1bc0093 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-8f211e542f6f3ea8f0872b9525089564.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-8f211e542f6f3ea8f0872b9525089564 + +info: + name: > + WP Meta SEO <= 4.5.2 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2c83287-13ca-4fdc-95b6-97da150b0c09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-9ba2b29c37ba8aee356eadac5eafa36d.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-9ba2b29c37ba8aee356eadac5eafa36d.yaml new file mode 100644 index 0000000000..8d4a87b180 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-9ba2b29c37ba8aee356eadac5eafa36d.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-9ba2b29c37ba8aee356eadac5eafa36d + +info: + name: > + WP Meta SEO <= 4.5.4 - Authenticated (Author+) PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f07d76e-1973-4ea7-b448-666466cd688f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-a77598a8619865ebfa5a440835fd61e6.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-a77598a8619865ebfa5a440835fd61e6.yaml new file mode 100644 index 0000000000..2f5db8b950 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-a77598a8619865ebfa5a440835fd61e6.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-a77598a8619865ebfa5a440835fd61e6 + +info: + name: > + WP Meta SEO <= 4.5.3 - Missing Authorization in 'saveSitemapSettings' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d1e498a-ddcb-4c67-bf0d-bb45b6fe0e9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-b140b905bbbe2df2a34bd620d01bfe72.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-b140b905bbbe2df2a34bd620d01bfe72.yaml new file mode 100644 index 0000000000..4c2640b6ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-b140b905bbbe2df2a34bd620d01bfe72.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-b140b905bbbe2df2a34bd620d01bfe72 + +info: + name: > + WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'setIgnore' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b978749-7ea5-45f4-9f69-66a19c0e39ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-b8cc5900239df821d12d0c9f9351444a.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-b8cc5900239df821d12d0c9f9351444a.yaml new file mode 100644 index 0000000000..57f42473df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-b8cc5900239df821d12d0c9f9351444a.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-b8cc5900239df821d12d0c9f9351444a + +info: + name: > + WP Meta SEO <= 4.5.12 - Information Exposure via Meta Description + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0323b54b-c15b-4d2d-9e8f-3df87c84dd49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-c8739a5f40e6869f84a528bbf32f369f.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-c8739a5f40e6869f84a528bbf32f369f.yaml new file mode 100644 index 0000000000..65df4329bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-c8739a5f40e6869f84a528bbf32f369f.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-c8739a5f40e6869f84a528bbf32f369f + +info: + name: > + WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'regenerateSitemaps' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/764aec73-f291-4372-9dde-812ffaf025ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-c9a67836be647194b958b42b1afed33a.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-c9a67836be647194b958b42b1afed33a.yaml new file mode 100644 index 0000000000..6ca4bd49c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-c9a67836be647194b958b42b1afed33a.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-c9a67836be647194b958b42b1afed33a + +info: + name: > + WP Meta SEO <= 4.5.12 - Unauthenticated Stored Cross-Site Scripting via Referer header + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca91e41d-b728-4eb0-86d5-043813d8c2c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meta-seo-eb91f445c10e82b7c3e98be1062a0e24.yaml b/nuclei-templates/cve-less/plugins/wp-meta-seo-eb91f445c10e82b7c3e98be1062a0e24.yaml new file mode 100644 index 0000000000..e020b94bd7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meta-seo-eb91f445c10e82b7c3e98be1062a0e24.yaml @@ -0,0 +1,58 @@ +id: wp-meta-seo-eb91f445c10e82b7c3e98be1062a0e24 + +info: + name: > + WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/978d5715-7993-4f89-8d69-895467633bfb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meta-seo/" + google-query: inurl:"/wp-content/plugins/wp-meta-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meta-seo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meta-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meta-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-meteor-a24478d45a578be442865b8c295c465f.yaml b/nuclei-templates/cve-less/plugins/wp-meteor-a24478d45a578be442865b8c295c465f.yaml new file mode 100644 index 0000000000..69ec7089d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-meteor-a24478d45a578be442865b8c295c465f.yaml @@ -0,0 +1,58 @@ +id: wp-meteor-a24478d45a578be442865b8c295c465f + +info: + name: > + WP Meteor Page Speed Optimization Topping <= 3.1.4 - Cross-Site Request Forgery via processAjaxNoticeDismiss + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d246a99-fd92-4132-9576-efa065a58f59?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-meteor/" + google-query: inurl:"/wp-content/plugins/wp-meteor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-meteor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-meteor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-meteor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-microblogs-a4cab622005282169cece09a74ca7822.yaml b/nuclei-templates/cve-less/plugins/wp-microblogs-a4cab622005282169cece09a74ca7822.yaml new file mode 100644 index 0000000000..9e0d8a563c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-microblogs-a4cab622005282169cece09a74ca7822.yaml @@ -0,0 +1,58 @@ +id: wp-microblogs-a4cab622005282169cece09a74ca7822 + +info: + name: > + WP Microblogs <= 0.4.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b84f9b-2b01-4e25-907d-4be735594d07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-microblogs/" + google-query: inurl:"/wp-content/plugins/wp-microblogs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-microblogs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-microblogs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-microblogs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-migrate-db-pro-94e62ec82b514bdceccaf12bf9504a39.yaml b/nuclei-templates/cve-less/plugins/wp-migrate-db-pro-94e62ec82b514bdceccaf12bf9504a39.yaml new file mode 100644 index 0000000000..6c110463e7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-migrate-db-pro-94e62ec82b514bdceccaf12bf9504a39.yaml @@ -0,0 +1,58 @@ +id: wp-migrate-db-pro-94e62ec82b514bdceccaf12bf9504a39 + +info: + name: > + WP Migrate Pro <= 2.6.10 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b69f90a-1dd3-4184-aee3-9b0251b981cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-migrate-db-pro/" + google-query: inurl:"/wp-content/plugins/wp-migrate-db-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-migrate-db-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-migrate-db-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-migrate-db-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-migration-duplicator-0db6e70cdcdc7229b4099d9f0f9133ae.yaml b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-0db6e70cdcdc7229b4099d9f0f9133ae.yaml new file mode 100644 index 0000000000..1247d32fc5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-0db6e70cdcdc7229b4099d9f0f9133ae.yaml @@ -0,0 +1,58 @@ +id: wp-migration-duplicator-0db6e70cdcdc7229b4099d9f0f9133ae + +info: + name: > + WordPress Backup & Migration <= 1.4.7 - Unauthenticated Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40570bb7-1638-4305-876e-86ad4c336944?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-migration-duplicator/" + google-query: inurl:"/wp-content/plugins/wp-migration-duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-migration-duplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-migration-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-migration-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-migration-duplicator-4b9b30de695a6c7d318c6f418b6450d0.yaml b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-4b9b30de695a6c7d318c6f418b6450d0.yaml new file mode 100644 index 0000000000..6567c6bb15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-4b9b30de695a6c7d318c6f418b6450d0.yaml @@ -0,0 +1,58 @@ +id: wp-migration-duplicator-4b9b30de695a6c7d318c6f418b6450d0 + +info: + name: > + WordPress Backup & Migration <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93de1604-2494-4c51-a93d-b01bf7ed4c07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-migration-duplicator/" + google-query: inurl:"/wp-content/plugins/wp-migration-duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-migration-duplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-migration-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-migration-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-migration-duplicator-766e921c63902196b3dd14a962737125.yaml b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-766e921c63902196b3dd14a962737125.yaml new file mode 100644 index 0000000000..da4fd23cb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-766e921c63902196b3dd14a962737125.yaml @@ -0,0 +1,58 @@ +id: wp-migration-duplicator-766e921c63902196b3dd14a962737125 + +info: + name: > + WordPress Backup & Migration <= 1.4.8 - Missing Authorization to Directory Traversal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/339c4eba-fa34-4db6-be4b-bcf0ba98121a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-migration-duplicator/" + google-query: inurl:"/wp-content/plugins/wp-migration-duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-migration-duplicator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-migration-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-migration-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-migration-duplicator-9cffec44ea772b6c67672a3ffd4bf0f4.yaml b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-9cffec44ea772b6c67672a3ffd4bf0f4.yaml new file mode 100644 index 0000000000..38bfdb0898 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-9cffec44ea772b6c67672a3ffd4bf0f4.yaml @@ -0,0 +1,58 @@ +id: wp-migration-duplicator-9cffec44ea772b6c67672a3ffd4bf0f4 + +info: + name: > + WordPress Backup & Migration <= 1.4.3 - Missing Authorization to Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7de132d5-51c9-464c-b687-8e367dd8d846?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-migration-duplicator/" + google-query: inurl:"/wp-content/plugins/wp-migration-duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-migration-duplicator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-migration-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-migration-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-migration-duplicator-beccbd5d983b56da7098c3b6df8c3b57.yaml b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-beccbd5d983b56da7098c3b6df8c3b57.yaml new file mode 100644 index 0000000000..3afcb30730 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-beccbd5d983b56da7098c3b6df8c3b57.yaml @@ -0,0 +1,58 @@ +id: wp-migration-duplicator-beccbd5d983b56da7098c3b6df8c3b57 + +info: + name: > + WordPress Backup & Migration <= 1.4.0 - Missing Authorization via wt_delete_schedule + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ce978334-42e1-4334-a2d1-c3966339e4fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-migration-duplicator/" + google-query: inurl:"/wp-content/plugins/wp-migration-duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-migration-duplicator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-migration-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-migration-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-migration-duplicator-f9b95c5df8218e5c27a0db54debfd7c6.yaml b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-f9b95c5df8218e5c27a0db54debfd7c6.yaml new file mode 100644 index 0000000000..32ea7a774a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-migration-duplicator-f9b95c5df8218e5c27a0db54debfd7c6.yaml @@ -0,0 +1,58 @@ +id: wp-migration-duplicator-f9b95c5df8218e5c27a0db54debfd7c6 + +info: + name: > + WordPress Backup & Migration <= 1.4.1 - Missing Authorization to Settings and Schedule Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adfc5084-ed33-4600-bd34-d3516f1a1b96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-migration-duplicator/" + google-query: inurl:"/wp-content/plugins/wp-migration-duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-migration-duplicator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-migration-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-migration-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-miniaudioplayer-c27c7bc4ca057439f5c832171e19b8eb.yaml b/nuclei-templates/cve-less/plugins/wp-miniaudioplayer-c27c7bc4ca057439f5c832171e19b8eb.yaml new file mode 100644 index 0000000000..976f6b333e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-miniaudioplayer-c27c7bc4ca057439f5c832171e19b8eb.yaml @@ -0,0 +1,58 @@ +id: wp-miniaudioplayer-c27c7bc4ca057439f5c832171e19b8eb + +info: + name: > + mb.miniAudioPlayer <= 1.7.6 - Multiple Vulnerabilities + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/381708ae-3180-4058-a6f4-e925bfc658ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-miniaudioplayer/" + google-query: inurl:"/wp-content/plugins/wp-miniaudioplayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-miniaudioplayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-miniaudioplayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-miniaudioplayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mlm-1d57464ff64efe2d03c6cb93be9a6afe.yaml b/nuclei-templates/cve-less/plugins/wp-mlm-1d57464ff64efe2d03c6cb93be9a6afe.yaml new file mode 100644 index 0000000000..8ae3d61c0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mlm-1d57464ff64efe2d03c6cb93be9a6afe.yaml @@ -0,0 +1,58 @@ +id: wp-mlm-1d57464ff64efe2d03c6cb93be9a6afe + +info: + name: > + WP MLM Unilevel <= 4.0 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abcc1ed6-1871-4e8c-9469-c44dbfca5a17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mlm/" + google-query: inurl:"/wp-content/plugins/wp-mlm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mlm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mlm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mlm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mlm-7ab1b8001b5218efd4de7d54884624ea.yaml b/nuclei-templates/cve-less/plugins/wp-mlm-7ab1b8001b5218efd4de7d54884624ea.yaml new file mode 100644 index 0000000000..db7a3468f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mlm-7ab1b8001b5218efd4de7d54884624ea.yaml @@ -0,0 +1,58 @@ +id: wp-mlm-7ab1b8001b5218efd4de7d54884624ea + +info: + name: > + WP MLM <= 4.0 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3451ed9-9a9a-443f-b1ce-dcd07bd3e6ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mlm/" + google-query: inurl:"/wp-content/plugins/wp-mlm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mlm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mlm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mlm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mobile-bankid-integration-85ff2c77617a0afcf489782fd73dc851.yaml b/nuclei-templates/cve-less/plugins/wp-mobile-bankid-integration-85ff2c77617a0afcf489782fd73dc851.yaml new file mode 100644 index 0000000000..61a0cb1779 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mobile-bankid-integration-85ff2c77617a0afcf489782fd73dc851.yaml @@ -0,0 +1,58 @@ +id: wp-mobile-bankid-integration-85ff2c77617a0afcf489782fd73dc851 + +info: + name: > + WP-Mobile-BankID-Integration <= 1.0.0 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4712b12f-097b-4106-b2ba-e4c6cb7c32c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/WP-Mobile-BankID-Integration/" + google-query: inurl:"/wp-content/plugins/WP-Mobile-BankID-Integration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,WP-Mobile-BankID-Integration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/WP-Mobile-BankID-Integration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "WP-Mobile-BankID-Integration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mpdf-587a081cbf30acea89ba24ccbad04bdd.yaml b/nuclei-templates/cve-less/plugins/wp-mpdf-587a081cbf30acea89ba24ccbad04bdd.yaml new file mode 100644 index 0000000000..9941c0b82a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mpdf-587a081cbf30acea89ba24ccbad04bdd.yaml @@ -0,0 +1,58 @@ +id: wp-mpdf-587a081cbf30acea89ba24ccbad04bdd + +info: + name: > + wp-mpdf <= 3.5.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c47386ee-25c8-4a77-92e8-5a82afc9c826?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mpdf/" + google-query: inurl:"/wp-content/plugins/wp-mpdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mpdf,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mpdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mpdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-mpdf-d805f3809c5645b75249ec0ee72ac4c8.yaml b/nuclei-templates/cve-less/plugins/wp-mpdf-d805f3809c5645b75249ec0ee72ac4c8.yaml new file mode 100644 index 0000000000..2b63c7f3e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-mpdf-d805f3809c5645b75249ec0ee72ac4c8.yaml @@ -0,0 +1,58 @@ +id: wp-mpdf-d805f3809c5645b75249ec0ee72ac4c8 + +info: + name: > + wp-mpdf <= 3.7.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc26fef6-58e8-441c-ae72-19a3822903a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-mpdf/" + google-query: inurl:"/wp-content/plugins/wp-mpdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-mpdf,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-mpdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-mpdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-multi-store-locator-f8b65cf3e0a27eff31bc4c61ee628d1e.yaml b/nuclei-templates/cve-less/plugins/wp-multi-store-locator-f8b65cf3e0a27eff31bc4c61ee628d1e.yaml new file mode 100644 index 0000000000..4709c9f8c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-multi-store-locator-f8b65cf3e0a27eff31bc4c61ee628d1e.yaml @@ -0,0 +1,58 @@ +id: wp-multi-store-locator-f8b65cf3e0a27eff31bc4c61ee628d1e + +info: + name: > + WP Multi Store Locator <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9da31ff-4173-4aee-a3a6-8eebaa0d71ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-multi-store-locator/" + google-query: inurl:"/wp-content/plugins/wp-multi-store-locator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-multi-store-locator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-multi-store-locator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-multi-store-locator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-multisite-content-copier-f964c84de99e9a1b22168e1a03305b04.yaml b/nuclei-templates/cve-less/plugins/wp-multisite-content-copier-f964c84de99e9a1b22168e1a03305b04.yaml new file mode 100644 index 0000000000..12fc46cc23 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-multisite-content-copier-f964c84de99e9a1b22168e1a03305b04.yaml @@ -0,0 +1,58 @@ +id: wp-multisite-content-copier-f964c84de99e9a1b22168e1a03305b04 + +info: + name: > + Multisite Content Copier/Updater <= 1.4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4953b95-e013-482c-bcc7-1a95f8941624?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-multisite-content-copier/" + google-query: inurl:"/wp-content/plugins/wp-multisite-content-copier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-multisite-content-copier,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-multisite-content-copier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-multisite-content-copier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-multisite-content-copier-pro-b01e4229acbf8d04a3ea8a3add02fd51.yaml b/nuclei-templates/cve-less/plugins/wp-multisite-content-copier-pro-b01e4229acbf8d04a3ea8a3add02fd51.yaml new file mode 100644 index 0000000000..24e367d66b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-multisite-content-copier-pro-b01e4229acbf8d04a3ea8a3add02fd51.yaml @@ -0,0 +1,58 @@ +id: wp-multisite-content-copier-pro-b01e4229acbf8d04a3ea8a3add02fd51 + +info: + name: > + Multisite Content Copier/Updater Pro < 2.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e152d9f-4fb9-41b9-baa4-b1bebac89641?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-multisite-content-copier-pro/" + google-query: inurl:"/wp-content/plugins/wp-multisite-content-copier-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-multisite-content-copier-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-multisite-content-copier-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-multisite-content-copier-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-nested-pages-2628ec35fd0d634f503face1acac9f3d.yaml b/nuclei-templates/cve-less/plugins/wp-nested-pages-2628ec35fd0d634f503face1acac9f3d.yaml new file mode 100644 index 0000000000..9941280cb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-nested-pages-2628ec35fd0d634f503face1acac9f3d.yaml @@ -0,0 +1,58 @@ +id: wp-nested-pages-2628ec35fd0d634f503face1acac9f3d + +info: + name: > + Nested Pages <= 3.1.20 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dcc6225-b47a-4184-a2f3-1292e5abe1bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-nested-pages/" + google-query: inurl:"/wp-content/plugins/wp-nested-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-nested-pages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-nested-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-nested-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-nested-pages-45c1e4dae128391ea2cc462d89ea9873.yaml b/nuclei-templates/cve-less/plugins/wp-nested-pages-45c1e4dae128391ea2cc462d89ea9873.yaml new file mode 100644 index 0000000000..da941389a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-nested-pages-45c1e4dae128391ea2cc462d89ea9873.yaml @@ -0,0 +1,58 @@ +id: wp-nested-pages-45c1e4dae128391ea2cc462d89ea9873 + +info: + name: > + Nested Pages <= 3.1.15 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40a08542-5e2e-4689-b26f-99a1350185cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-nested-pages/" + google-query: inurl:"/wp-content/plugins/wp-nested-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-nested-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-nested-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-nested-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-nested-pages-a1585fbfbb722da035628da67638c64a.yaml b/nuclei-templates/cve-less/plugins/wp-nested-pages-a1585fbfbb722da035628da67638c64a.yaml new file mode 100644 index 0000000000..c048004979 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-nested-pages-a1585fbfbb722da035628da67638c64a.yaml @@ -0,0 +1,58 @@ +id: wp-nested-pages-a1585fbfbb722da035628da67638c64a + +info: + name: > + Nested Pages <= 3.2.3 - Missing Authorization to Authenticated (Editor+) Plugin Settings Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c3e61e9-3610-41b5-9820-28012dc657fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-nested-pages/" + google-query: inurl:"/wp-content/plugins/wp-nested-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-nested-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-nested-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-nested-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-nested-pages-a5430dc528533c2edeaccbfbb9028a8f.yaml b/nuclei-templates/cve-less/plugins/wp-nested-pages-a5430dc528533c2edeaccbfbb9028a8f.yaml new file mode 100644 index 0000000000..4b2d2cce82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-nested-pages-a5430dc528533c2edeaccbfbb9028a8f.yaml @@ -0,0 +1,58 @@ +id: wp-nested-pages-a5430dc528533c2edeaccbfbb9028a8f + +info: + name: > + Nested Pages <= 3.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec9029a3-be05-469a-a8e2-20987a4a4ad9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-nested-pages/" + google-query: inurl:"/wp-content/plugins/wp-nested-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-nested-pages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-nested-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-nested-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-nested-pages-fa85581f8faec8e54a152a5a0efaf823.yaml b/nuclei-templates/cve-less/plugins/wp-nested-pages-fa85581f8faec8e54a152a5a0efaf823.yaml new file mode 100644 index 0000000000..caad17bf6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-nested-pages-fa85581f8faec8e54a152a5a0efaf823.yaml @@ -0,0 +1,58 @@ +id: wp-nested-pages-fa85581f8faec8e54a152a5a0efaf823 + +info: + name: > + Nested Pages <= 3.1.15 - Cross-Site Request Forgery to Arbitrary Post Deletion and Modification + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecbbe9f0-bf6c-4153-9843-8ae7713adef9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-nested-pages/" + google-query: inurl:"/wp-content/plugins/wp-nested-pages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-nested-pages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-nested-pages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-nested-pages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-news-magazine-444a6d6c5748b1105adf9f2574afc368.yaml b/nuclei-templates/cve-less/plugins/wp-news-magazine-444a6d6c5748b1105adf9f2574afc368.yaml new file mode 100644 index 0000000000..0265f00985 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-news-magazine-444a6d6c5748b1105adf9f2574afc368.yaml @@ -0,0 +1,58 @@ +id: wp-news-magazine-444a6d6c5748b1105adf9f2574afc368 + +info: + name: > + WP News <= 1.1.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f53e9354-248f-4d13-a1c0-8355b268fae2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-news-magazine/" + google-query: inurl:"/wp-content/plugins/wp-news-magazine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-news-magazine,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-news-magazine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-news-magazine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-noexternallinks-e8487dc3f356aea666909141340ca69c.yaml b/nuclei-templates/cve-less/plugins/wp-noexternallinks-e8487dc3f356aea666909141340ca69c.yaml new file mode 100644 index 0000000000..3814f8c30d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-noexternallinks-e8487dc3f356aea666909141340ca69c.yaml @@ -0,0 +1,58 @@ +id: wp-noexternallinks-e8487dc3f356aea666909141340ca69c + +info: + name: > + WP No External Links < 3.5.19 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4568dc-afcd-4172-b39a-0d06dfa2f87a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-noexternallinks/" + google-query: inurl:"/wp-content/plugins/wp-noexternallinks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-noexternallinks,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-noexternallinks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-noexternallinks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-not-login-hide-wpnlh-e4874305a11ba506fee5f820a68e7e63.yaml b/nuclei-templates/cve-less/plugins/wp-not-login-hide-wpnlh-e4874305a11ba506fee5f820a68e7e63.yaml new file mode 100644 index 0000000000..12a03f415d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-not-login-hide-wpnlh-e4874305a11ba506fee5f820a68e7e63.yaml @@ -0,0 +1,58 @@ +id: wp-not-login-hide-wpnlh-e4874305a11ba506fee5f820a68e7e63 + +info: + name: > + WP Not Login Hide <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fc46de4-af1c-4e38-9caa-55b7b18a69ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-not-login-hide-wpnlh/" + google-query: inurl:"/wp-content/plugins/wp-not-login-hide-wpnlh/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-not-login-hide-wpnlh,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-not-login-hide-wpnlh/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-not-login-hide-wpnlh" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-olivecart-57987a7ef285cce42daf7bbeebe78cfc.yaml b/nuclei-templates/cve-less/plugins/wp-olivecart-57987a7ef285cce42daf7bbeebe78cfc.yaml new file mode 100644 index 0000000000..a876ddad1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-olivecart-57987a7ef285cce42daf7bbeebe78cfc.yaml @@ -0,0 +1,58 @@ +id: wp-olivecart-57987a7ef285cce42daf7bbeebe78cfc + +info: + name: > + WP-OliveCart <= 1.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5a124b3-257b-4331-ac8f-eecd7a759127?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-olivecart/" + google-query: inurl:"/wp-content/plugins/wp-olivecart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-olivecart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-olivecart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-olivecart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-open-street-map-a2b96140a75a31f47368cade76c6e421.yaml b/nuclei-templates/cve-less/plugins/wp-open-street-map-a2b96140a75a31f47368cade76c6e421.yaml new file mode 100644 index 0000000000..7b438a2807 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-open-street-map-a2b96140a75a31f47368cade76c6e421.yaml @@ -0,0 +1,58 @@ +id: wp-open-street-map-a2b96140a75a31f47368cade76c6e421 + +info: + name: > + WP Open Street Map <= 1.25 - Cross-Site Request Forgery via wp_openstreetmaps + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1aa0fd9d-6c9f-4110-92a0-064fa4b9b589?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-open-street-map/" + google-query: inurl:"/wp-content/plugins/wp-open-street-map/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-open-street-map,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-open-street-map/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-open-street-map" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-opening-hours-59655d2ccadb8aa0cfd1aeca8138f97d.yaml b/nuclei-templates/cve-less/plugins/wp-opening-hours-59655d2ccadb8aa0cfd1aeca8138f97d.yaml new file mode 100644 index 0000000000..a211c0da76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-opening-hours-59655d2ccadb8aa0cfd1aeca8138f97d.yaml @@ -0,0 +1,58 @@ +id: wp-opening-hours-59655d2ccadb8aa0cfd1aeca8138f97d + +info: + name: > + Opening Hours <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb9bce29-9842-4d8a-ac9b-24432a28851c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-opening-hours/" + google-query: inurl:"/wp-content/plugins/wp-opening-hours/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-opening-hours,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-opening-hours/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-opening-hours" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-opt-in-1045ae974bdd8bcaee8ec5d4a243aff7.yaml b/nuclei-templates/cve-less/plugins/wp-opt-in-1045ae974bdd8bcaee8ec5d4a243aff7.yaml new file mode 100644 index 0000000000..0cc74413e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-opt-in-1045ae974bdd8bcaee8ec5d4a243aff7.yaml @@ -0,0 +1,58 @@ +id: wp-opt-in-1045ae974bdd8bcaee8ec5d4a243aff7 + +info: + name: > + WP Opt-in <= 1.4.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eac9d9b5-6812-4fe2-9427-500d4bb2ea09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-opt-in/" + google-query: inurl:"/wp-content/plugins/wp-opt-in/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-opt-in,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-opt-in/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-opt-in" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-optimize-4393e503b4c5e360e86d4cf75de99b91.yaml b/nuclei-templates/cve-less/plugins/wp-optimize-4393e503b4c5e360e86d4cf75de99b91.yaml new file mode 100644 index 0000000000..fdc191327f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-optimize-4393e503b4c5e360e86d4cf75de99b91.yaml @@ -0,0 +1,58 @@ +id: wp-optimize-4393e503b4c5e360e86d4cf75de99b91 + +info: + name: > + WP-Optimize <= 3.2.12 & SrbTransLatin <= 2.4 - Stored/Reflected Cross-Site Scripting via Third Party Library + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdb822e8-583e-4437-a735-b116aa8886e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-optimize/" + google-query: inurl:"/wp-content/plugins/wp-optimize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-optimize,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-optimize/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-optimize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-optin-wheel-411b8509491892139820c81fdaf43572.yaml b/nuclei-templates/cve-less/plugins/wp-optin-wheel-411b8509491892139820c81fdaf43572.yaml new file mode 100644 index 0000000000..be73677a67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-optin-wheel-411b8509491892139820c81fdaf43572.yaml @@ -0,0 +1,58 @@ +id: wp-optin-wheel-411b8509491892139820c81fdaf43572 + +info: + name: > + WP Optin Wheel <= 1.4.2 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a83ade5-5e53-4d53-ada0-43d487e5e23f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-optin-wheel/" + google-query: inurl:"/wp-content/plugins/wp-optin-wheel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-optin-wheel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-optin-wheel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-optin-wheel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-original-media-path-40022e8f0d8dd6d5dda3b842e2bc95ed.yaml b/nuclei-templates/cve-less/plugins/wp-original-media-path-40022e8f0d8dd6d5dda3b842e2bc95ed.yaml new file mode 100644 index 0000000000..758c6ff9fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-original-media-path-40022e8f0d8dd6d5dda3b842e2bc95ed.yaml @@ -0,0 +1,58 @@ +id: wp-original-media-path-40022e8f0d8dd6d5dda3b842e2bc95ed + +info: + name: > + WP Original Media Path <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/277eb517-c949-41e9-becf-af056fd32f35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-original-media-path/" + google-query: inurl:"/wp-content/plugins/wp-original-media-path/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-original-media-path,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-original-media-path/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-original-media-path" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-page-duplicator-73f67eef9808ee2307cc661b7742b37f.yaml b/nuclei-templates/cve-less/plugins/wp-page-duplicator-73f67eef9808ee2307cc661b7742b37f.yaml new file mode 100644 index 0000000000..e98f151cf1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-page-duplicator-73f67eef9808ee2307cc661b7742b37f.yaml @@ -0,0 +1,58 @@ +id: wp-page-duplicator-73f67eef9808ee2307cc661b7742b37f + +info: + name: > + Page Duplicator <= 0.1.1 - Missing Authorization to Unauthenticated Post/Page Duplication + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc10e91-4810-4a0d-919c-de3e87137f76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-page-duplicator/" + google-query: inurl:"/wp-content/plugins/wp-page-duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-page-duplicator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-page-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-page-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-page-numbers-ff4872dcc815f541fc27c739fcf1dea7.yaml b/nuclei-templates/cve-less/plugins/wp-page-numbers-ff4872dcc815f541fc27c739fcf1dea7.yaml new file mode 100644 index 0000000000..de676199a9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-page-numbers-ff4872dcc815f541fc27c739fcf1dea7.yaml @@ -0,0 +1,58 @@ +id: wp-page-numbers-ff4872dcc815f541fc27c739fcf1dea7 + +info: + name: > + WP Page Numbers <= 0.5 - Cross-Site Request Forgery via wp_page_numbers_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44a2e2f3-1902-43c5-8e3c-4174cb1ffa63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-page-numbers/" + google-query: inurl:"/wp-content/plugins/wp-page-numbers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-page-numbers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-page-numbers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-page-numbers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-page-post-widget-clone-f6874af8a1671c63716fd288efc17414.yaml b/nuclei-templates/cve-less/plugins/wp-page-post-widget-clone-f6874af8a1671c63716fd288efc17414.yaml new file mode 100644 index 0000000000..a6707f5d92 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-page-post-widget-clone-f6874af8a1671c63716fd288efc17414.yaml @@ -0,0 +1,58 @@ +id: wp-page-post-widget-clone-f6874af8a1671c63716fd288efc17414 + +info: + name: > + WP Page Post Widget Clone <= 1.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7006aa50-8fcf-46ad-921b-b47cbdb7d9e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-page-post-widget-clone/" + google-query: inurl:"/wp-content/plugins/wp-page-post-widget-clone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-page-post-widget-clone,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-page-post-widget-clone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-page-post-widget-clone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-page-widget-62e712c4c51e2629997a1a286dd08453.yaml b/nuclei-templates/cve-less/plugins/wp-page-widget-62e712c4c51e2629997a1a286dd08453.yaml new file mode 100644 index 0000000000..de77914b6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-page-widget-62e712c4c51e2629997a1a286dd08453.yaml @@ -0,0 +1,58 @@ +id: wp-page-widget-62e712c4c51e2629997a1a286dd08453 + +info: + name: > + WP Page Widget <= 3.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e6654b6-90ae-4a5e-bff3-82848813872a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-page-widget/" + google-query: inurl:"/wp-content/plugins/wp-page-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-page-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-page-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-page-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-pagebuilder-1b7c0478a7036329e96c3ed903574a31.yaml b/nuclei-templates/cve-less/plugins/wp-pagebuilder-1b7c0478a7036329e96c3ed903574a31.yaml new file mode 100644 index 0000000000..8bf11afa9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-pagebuilder-1b7c0478a7036329e96c3ed903574a31.yaml @@ -0,0 +1,58 @@ +id: wp-pagebuilder-1b7c0478a7036329e96c3ed903574a31 + +info: + name: > + WP Page Builder <= 1.2.3 - Multiple Stored Cross-Site scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0383bc6-919d-4858-a5b7-abe8a4a6c684?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-pagebuilder/" + google-query: inurl:"/wp-content/plugins/wp-pagebuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-pagebuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pagebuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pagebuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-pagebuilder-3e7f60a3df49d0f7fb4057d158598ecf.yaml b/nuclei-templates/cve-less/plugins/wp-pagebuilder-3e7f60a3df49d0f7fb4057d158598ecf.yaml new file mode 100644 index 0000000000..ca5b978740 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-pagebuilder-3e7f60a3df49d0f7fb4057d158598ecf.yaml @@ -0,0 +1,58 @@ +id: wp-pagebuilder-3e7f60a3df49d0f7fb4057d158598ecf + +info: + name: > + WP Page Builder <= 1.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecf1ce11-58cd-459c-ab9e-6ac40535fabd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-pagebuilder/" + google-query: inurl:"/wp-content/plugins/wp-pagebuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-pagebuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pagebuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pagebuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-pagebuilder-a43b3bc12796ff1c85d44370263684f7.yaml b/nuclei-templates/cve-less/plugins/wp-pagebuilder-a43b3bc12796ff1c85d44370263684f7.yaml new file mode 100644 index 0000000000..1e52282b0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-pagebuilder-a43b3bc12796ff1c85d44370263684f7.yaml @@ -0,0 +1,58 @@ +id: wp-pagebuilder-a43b3bc12796ff1c85d44370263684f7 + +info: + name: > + WP Page Builder <= 1.2.3 - Insecure Default to Unauthorized Page Editing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3ec9b11-e689-4796-8b05-59ab05a98184?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-pagebuilder/" + google-query: inurl:"/wp-content/plugins/wp-pagebuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-pagebuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pagebuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pagebuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-pagebuilder-dcd836cebf0e20586e7baffdfe54c10c.yaml b/nuclei-templates/cve-less/plugins/wp-pagebuilder-dcd836cebf0e20586e7baffdfe54c10c.yaml new file mode 100644 index 0000000000..99fe43073f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-pagebuilder-dcd836cebf0e20586e7baffdfe54c10c.yaml @@ -0,0 +1,58 @@ +id: wp-pagebuilder-dcd836cebf0e20586e7baffdfe54c10c + +info: + name: > + WP Page Builder <= 1.2.6 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7b40a67-40b2-4f9b-9f31-0afaeaebbeab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-pagebuilder/" + google-query: inurl:"/wp-content/plugins/wp-pagebuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-pagebuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pagebuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pagebuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-paginate-2cf1a19662092e1fd3d184af328e1b57.yaml b/nuclei-templates/cve-less/plugins/wp-paginate-2cf1a19662092e1fd3d184af328e1b57.yaml new file mode 100644 index 0000000000..300f596b4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-paginate-2cf1a19662092e1fd3d184af328e1b57.yaml @@ -0,0 +1,58 @@ +id: wp-paginate-2cf1a19662092e1fd3d184af328e1b57 + +info: + name: > + WP-Paginate <= 2.1.8 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6d45e18-7aa0-4f73-bf07-069870b467f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-paginate/" + google-query: inurl:"/wp-content/plugins/wp-paginate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-paginate,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-paginate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-paginate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-paginate-ac056be778ddfca7dda3b1e72c3f8315.yaml b/nuclei-templates/cve-less/plugins/wp-paginate-ac056be778ddfca7dda3b1e72c3f8315.yaml new file mode 100644 index 0000000000..f8d0785c36 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-paginate-ac056be778ddfca7dda3b1e72c3f8315.yaml @@ -0,0 +1,58 @@ +id: wp-paginate-ac056be778ddfca7dda3b1e72c3f8315 + +info: + name: > + WP Paginate <= 2.1.3 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b3786d2-b1b5-4d96-9ef7-957909061186?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-paginate/" + google-query: inurl:"/wp-content/plugins/wp-paginate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-paginate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-paginate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-paginate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-payeezy-pay-d4e69b9467d19a12ce87ff85410a8c01.yaml b/nuclei-templates/cve-less/plugins/wp-payeezy-pay-d4e69b9467d19a12ce87ff85410a8c01.yaml new file mode 100644 index 0000000000..3bd6557d2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-payeezy-pay-d4e69b9467d19a12ce87ff85410a8c01.yaml @@ -0,0 +1,58 @@ +id: wp-payeezy-pay-d4e69b9467d19a12ce87ff85410a8c01 + +info: + name: > + WP Payeezy Pay < 2.98 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6a4872e-0f62-44b1-b77e-0817b065980f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-payeezy-pay/" + google-query: inurl:"/wp-content/plugins/wp-payeezy-pay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-payeezy-pay,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-payeezy-pay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-payeezy-pay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.98') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-payment-form-899cd60c14dae78cdc6100d2ac624744.yaml b/nuclei-templates/cve-less/plugins/wp-payment-form-899cd60c14dae78cdc6100d2ac624744.yaml new file mode 100644 index 0000000000..c56a5ea64a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-payment-form-899cd60c14dae78cdc6100d2ac624744.yaml @@ -0,0 +1,58 @@ +id: wp-payment-form-899cd60c14dae78cdc6100d2ac624744 + +info: + name: > + Simple Payment Donations <= 4.2.0 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a453a38f-0ef5-446b-886f-c208c1baa648?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-payment-form/" + google-query: inurl:"/wp-content/plugins/wp-payment-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-payment-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-payment-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-payment-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-paytm-pay-0b2d1a45be009b6e70cf642e2a8cf8b0.yaml b/nuclei-templates/cve-less/plugins/wp-paytm-pay-0b2d1a45be009b6e70cf642e2a8cf8b0.yaml new file mode 100644 index 0000000000..db47391866 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-paytm-pay-0b2d1a45be009b6e70cf642e2a8cf8b0.yaml @@ -0,0 +1,58 @@ +id: wp-paytm-pay-0b2d1a45be009b6e70cf642e2a8cf8b0 + +info: + name: > + Paytm – Donation Plugin <= 1.3.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b88efc1b-dc2d-4fe2-ba2b-e29898ed1bc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-paytm-pay/" + google-query: inurl:"/wp-content/plugins/wp-paytm-pay/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-paytm-pay,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-paytm-pay/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-paytm-pay" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-pdf-generator-c703a061b8844fae5d93d775fc4ecbe8.yaml b/nuclei-templates/cve-less/plugins/wp-pdf-generator-c703a061b8844fae5d93d775fc4ecbe8.yaml new file mode 100644 index 0000000000..6cd5e1f9d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-pdf-generator-c703a061b8844fae5d93d775fc4ecbe8.yaml @@ -0,0 +1,58 @@ +id: wp-pdf-generator-c703a061b8844fae5d93d775fc4ecbe8 + +info: + name: > + WP PDF Generator <= 1.2.2 - Cross-Site Request Forgery to PDF Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28a4c868-a24d-4fd8-ae0e-d5c0bf3a7436?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-pdf-generator/" + google-query: inurl:"/wp-content/plugins/wp-pdf-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-pdf-generator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pdf-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pdf-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-people-1077c15755f408817e721c74b28ad3a7.yaml b/nuclei-templates/cve-less/plugins/wp-people-1077c15755f408817e721c74b28ad3a7.yaml new file mode 100644 index 0000000000..ae77123a6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-people-1077c15755f408817e721c74b28ad3a7.yaml @@ -0,0 +1,58 @@ +id: wp-people-1077c15755f408817e721c74b28ad3a7 + +info: + name: > + WP People <= 3.4.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22a42dc3-0b9b-47c8-9236-5dc3b58149c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-people/" + google-query: inurl:"/wp-content/plugins/wp-people/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-people,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-people/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-people" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-performance-score-booster-b7c469773d7593a7dd075aebd86fb19a.yaml b/nuclei-templates/cve-less/plugins/wp-performance-score-booster-b7c469773d7593a7dd075aebd86fb19a.yaml new file mode 100644 index 0000000000..91b6165eec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-performance-score-booster-b7c469773d7593a7dd075aebd86fb19a.yaml @@ -0,0 +1,58 @@ +id: wp-performance-score-booster-b7c469773d7593a7dd075aebd86fb19a + +info: + name: > + WP Performance Score Booster <= 2.0 - Settings Change via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d97af468-d345-4d19-a1b0-f42d890a34d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-performance-score-booster/" + google-query: inurl:"/wp-content/plugins/wp-performance-score-booster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-performance-score-booster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-performance-score-booster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-performance-score-booster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-pexels-free-stock-photos-f9cd598e625ead7b114953b55ded2f31.yaml b/nuclei-templates/cve-less/plugins/wp-pexels-free-stock-photos-f9cd598e625ead7b114953b55ded2f31.yaml new file mode 100644 index 0000000000..52ea3940da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-pexels-free-stock-photos-f9cd598e625ead7b114953b55ded2f31.yaml @@ -0,0 +1,58 @@ +id: wp-pexels-free-stock-photos-f9cd598e625ead7b114953b55ded2f31 + +info: + name: > + Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/597660c5-8c99-40b1-8780-5a2ab9c07656?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-pexels-free-stock-photos/" + google-query: inurl:"/wp-content/plugins/wp-pexels-free-stock-photos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-pexels-free-stock-photos,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pexels-free-stock-photos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pexels-free-stock-photos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-photo-album-plus-1738a4677acfcf43b6595c38e083bc1c.yaml b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-1738a4677acfcf43b6595c38e083bc1c.yaml new file mode 100644 index 0000000000..7a6e4ae882 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-1738a4677acfcf43b6595c38e083bc1c.yaml @@ -0,0 +1,58 @@ +id: wp-photo-album-plus-1738a4677acfcf43b6595c38e083bc1c + +info: + name: > + WP Photo Album Plus <= 8.5.02.005 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/017fe804-a1a5-4f8d-a531-e928d668dbc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-photo-album-plus/" + google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-photo-album-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-album-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.02.005') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-photo-album-plus-1a15d3860222a3fd81a5cd2f0cd29cc3.yaml b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-1a15d3860222a3fd81a5cd2f0cd29cc3.yaml new file mode 100644 index 0000000000..ef1656ca31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-1a15d3860222a3fd81a5cd2f0cd29cc3.yaml @@ -0,0 +1,58 @@ +id: wp-photo-album-plus-1a15d3860222a3fd81a5cd2f0cd29cc3 + +info: + name: > + WP Photo Album Plus <= 8.5.02.005 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72f3925d-6b3a-43bf-bfd1-fef7e71d5e43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-photo-album-plus/" + google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-photo-album-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-album-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.02.005') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-photo-album-plus-20a2e4a6290983370284d76170f55741.yaml b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-20a2e4a6290983370284d76170f55741.yaml new file mode 100644 index 0000000000..bbf3f200ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-20a2e4a6290983370284d76170f55741.yaml @@ -0,0 +1,58 @@ +id: wp-photo-album-plus-20a2e4a6290983370284d76170f55741 + +info: + name: > + WP Photo Album Plus <= 8.6.03.004 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80f7e161-b071-4cb1-8080-ff0ad926a5ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-photo-album-plus/" + google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-photo-album-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-album-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.6.03.004') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-photo-album-plus-669581ec1a30e7b96468876d795acc3e.yaml b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-669581ec1a30e7b96468876d795acc3e.yaml new file mode 100644 index 0000000000..6ac73258f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-669581ec1a30e7b96468876d795acc3e.yaml @@ -0,0 +1,58 @@ +id: wp-photo-album-plus-669581ec1a30e7b96468876d795acc3e + +info: + name: > + WP Photo Album Plus <= 5.4.17 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d5a7f60-0850-4322-a7d8-8e5c144efe51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-photo-album-plus/" + google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-photo-album-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-album-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-photo-album-plus-6e313c2d32fa44151bb5398004b93815.yaml b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-6e313c2d32fa44151bb5398004b93815.yaml new file mode 100644 index 0000000000..b27942e8aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-6e313c2d32fa44151bb5398004b93815.yaml @@ -0,0 +1,58 @@ +id: wp-photo-album-plus-6e313c2d32fa44151bb5398004b93815 + +info: + name: > + WP Photo Album Plus <= 8.5.02.005 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5486d50c-8544-4368-b58b-66024a8ae86d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-photo-album-plus/" + google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-photo-album-plus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-album-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.5.02.005') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-photo-album-plus-8ca87aad5255d876a5c1cfa42d199cb3.yaml b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-8ca87aad5255d876a5c1cfa42d199cb3.yaml new file mode 100644 index 0000000000..d883c965ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-8ca87aad5255d876a5c1cfa42d199cb3.yaml @@ -0,0 +1,58 @@ +id: wp-photo-album-plus-8ca87aad5255d876a5c1cfa42d199cb3 + +info: + name: > + WP Photo Album Plus <= 1.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb102a58-2fc0-4441-8f51-a6109e323878?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-photo-album-plus/" + google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-photo-album-plus,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-album-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-photo-album-plus-9cb518fd50dfbf2df48bad0ade9b992b.yaml b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-9cb518fd50dfbf2df48bad0ade9b992b.yaml new file mode 100644 index 0000000000..9b489fbae2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-9cb518fd50dfbf2df48bad0ade9b992b.yaml @@ -0,0 +1,58 @@ +id: wp-photo-album-plus-9cb518fd50dfbf2df48bad0ade9b992b + +info: + name: > + WP Photo Album Plus < 6.1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97f6e03b-19ac-450b-9895-45f7d5328907?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-photo-album-plus/" + google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-photo-album-plus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-album-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-photo-album-plus-b3f583df01b20215cf8c32eded7781af.yaml b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-b3f583df01b20215cf8c32eded7781af.yaml new file mode 100644 index 0000000000..40c0de8882 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-b3f583df01b20215cf8c32eded7781af.yaml @@ -0,0 +1,58 @@ +id: wp-photo-album-plus-b3f583df01b20215cf8c32eded7781af + +info: + name: > + WP Photo Album Plus < 5.0.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4bd90ca2-85ae-42e3-b2a0-fae6ec28d6b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-photo-album-plus/" + google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-photo-album-plus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-album-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-photo-album-plus-e0955365088800798455704629f84855.yaml b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-e0955365088800798455704629f84855.yaml new file mode 100644 index 0000000000..3512de1bbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-photo-album-plus-e0955365088800798455704629f84855.yaml @@ -0,0 +1,58 @@ +id: wp-photo-album-plus-e0955365088800798455704629f84855 + +info: + name: > + WP Photo Album Plus <= 8.0.10 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0c01e62-7a31-49de-851c-f52ce578bd95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-photo-album-plus/" + google-query: inurl:"/wp-content/plugins/wp-photo-album-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-photo-album-plus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-album-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-album-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-photo-text-slider-50-6068fa535a8253f59a90a4115ac59459.yaml b/nuclei-templates/cve-less/plugins/wp-photo-text-slider-50-6068fa535a8253f59a90a4115ac59459.yaml new file mode 100644 index 0000000000..2b5ff60fb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-photo-text-slider-50-6068fa535a8253f59a90a4115ac59459.yaml @@ -0,0 +1,58 @@ +id: wp-photo-text-slider-50-6068fa535a8253f59a90a4115ac59459 + +info: + name: > + Wp photo text slider 50 <= 8.0 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/515502b5-c344-4855-aff1-57833233c5d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-photo-text-slider-50/" + google-query: inurl:"/wp-content/plugins/wp-photo-text-slider-50/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-photo-text-slider-50,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-photo-text-slider-50/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-photo-text-slider-50" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-php-widget-744495d3ff838bb26ab75ce1cff94317.yaml b/nuclei-templates/cve-less/plugins/wp-php-widget-744495d3ff838bb26ab75ce1cff94317.yaml new file mode 100644 index 0000000000..ace13de4fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-php-widget-744495d3ff838bb26ab75ce1cff94317.yaml @@ -0,0 +1,58 @@ +id: wp-php-widget-744495d3ff838bb26ab75ce1cff94317 + +info: + name: > + WP PHP Widget <= 1.0.2 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac402867-baa3-412c-b5de-c01e6a790ded?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-php-widget/" + google-query: inurl:"/wp-content/plugins/wp-php-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-php-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-php-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-php-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-phpmyadmin-extension-8d1c748e2defc5d91fbb1dd267386d44.yaml b/nuclei-templates/cve-less/plugins/wp-phpmyadmin-extension-8d1c748e2defc5d91fbb1dd267386d44.yaml new file mode 100644 index 0000000000..2033999355 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-phpmyadmin-extension-8d1c748e2defc5d91fbb1dd267386d44.yaml @@ -0,0 +1,58 @@ +id: wp-phpmyadmin-extension-8d1c748e2defc5d91fbb1dd267386d44 + +info: + name: > + WP phpMyAdmin <= 5.2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d056ad60-0102-490e-89a8-31fe6513645e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-phpmyadmin-extension/" + google-query: inurl:"/wp-content/plugins/wp-phpmyadmin-extension/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-phpmyadmin-extension,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-phpmyadmin-extension/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-phpmyadmin-extension" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-picasa-image-453e6aa482844b66a1b60332d0011a80.yaml b/nuclei-templates/cve-less/plugins/wp-picasa-image-453e6aa482844b66a1b60332d0011a80.yaml new file mode 100644 index 0000000000..beed6c3026 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-picasa-image-453e6aa482844b66a1b60332d0011a80.yaml @@ -0,0 +1,58 @@ +id: wp-picasa-image-453e6aa482844b66a1b60332d0011a80 + +info: + name: > + WP-Picasa-Image <= 1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60030ee9-ad5d-4d84-a019-1906b20ebbc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-picasa-image/" + google-query: inurl:"/wp-content/plugins/wp-picasa-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-picasa-image,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-picasa-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-picasa-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-pinterest-automatic-9c4aad914c8baa77edd573a5d1dca1f4.yaml b/nuclei-templates/cve-less/plugins/wp-pinterest-automatic-9c4aad914c8baa77edd573a5d1dca1f4.yaml new file mode 100644 index 0000000000..3335291e34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-pinterest-automatic-9c4aad914c8baa77edd573a5d1dca1f4.yaml @@ -0,0 +1,58 @@ +id: wp-pinterest-automatic-9c4aad914c8baa77edd573a5d1dca1f4 + +info: + name: > + Pinterest Automatic <= 4.14.3 - Unuathenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4fdc902-4cfe-4116-a294-9a0fcb2de346?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-pinterest-automatic/" + google-query: inurl:"/wp-content/plugins/wp-pinterest-automatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-pinterest-automatic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pinterest-automatic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pinterest-automatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.14.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-pipes-a48d0e7d0d0abab8208c9ac988b86701.yaml b/nuclei-templates/cve-less/plugins/wp-pipes-a48d0e7d0d0abab8208c9ac988b86701.yaml new file mode 100644 index 0000000000..c89f49fec8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-pipes-a48d0e7d0d0abab8208c9ac988b86701.yaml @@ -0,0 +1,58 @@ +id: wp-pipes-a48d0e7d0d0abab8208c9ac988b86701 + +info: + name: > + WP Pipes <= 1.33 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bca8b173-8e7c-41ad-9316-b38cc2ce0e66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-pipes/" + google-query: inurl:"/wp-content/plugins/wp-pipes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-pipes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pipes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pipes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-pipes-d7894fe3e27e0eed0959b050f56097d8.yaml b/nuclei-templates/cve-less/plugins/wp-pipes-d7894fe3e27e0eed0959b050f56097d8.yaml new file mode 100644 index 0000000000..1d0ee145ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-pipes-d7894fe3e27e0eed0959b050f56097d8.yaml @@ -0,0 +1,58 @@ +id: wp-pipes-d7894fe3e27e0eed0959b050f56097d8 + +info: + name: > + WP Pipes <= 1.4.0 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/094bf4e2-b774-4015-b6c6-c829c16556eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-pipes/" + google-query: inurl:"/wp-content/plugins/wp-pipes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-pipes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pipes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pipes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-piwik-2cdd87e3f80dc46e464c425f1498ee45.yaml b/nuclei-templates/cve-less/plugins/wp-piwik-2cdd87e3f80dc46e464c425f1498ee45.yaml new file mode 100644 index 0000000000..6d80e6d37a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-piwik-2cdd87e3f80dc46e464c425f1498ee45.yaml @@ -0,0 +1,58 @@ +id: wp-piwik-2cdd87e3f80dc46e464c425f1498ee45 + +info: + name: > + WP-Piwik <= 1.0.27 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Display Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68a520bb-261a-43f0-993d-de208035afe5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-piwik/" + google-query: inurl:"/wp-content/plugins/wp-piwik/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-piwik,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-piwik/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-piwik" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-piwik-59221c8c4cf4b83ed678f38b12740d87.yaml b/nuclei-templates/cve-less/plugins/wp-piwik-59221c8c4cf4b83ed678f38b12740d87.yaml new file mode 100644 index 0000000000..35e7de5cdc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-piwik-59221c8c4cf4b83ed678f38b12740d87.yaml @@ -0,0 +1,58 @@ +id: wp-piwik-59221c8c4cf4b83ed678f38b12740d87 + +info: + name: > + WP-Matomo Integration (WP-Piwik) < 1.0.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c46cf202-320b-40a0-9de0-e4992f23395f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-piwik/" + google-query: inurl:"/wp-content/plugins/wp-piwik/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-piwik,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-piwik/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-piwik" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-piwik-9872ae4cefad3c4ed3119e4c32d1b891.yaml b/nuclei-templates/cve-less/plugins/wp-piwik-9872ae4cefad3c4ed3119e4c32d1b891.yaml new file mode 100644 index 0000000000..6ec6960f58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-piwik-9872ae4cefad3c4ed3119e4c32d1b891.yaml @@ -0,0 +1,58 @@ +id: wp-piwik-9872ae4cefad3c4ed3119e4c32d1b891 + +info: + name: > + WP-Matomo Integration (WP-Piwik) <= 1.0.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faa4f041-4740-4ebb-afb3-10019ce571be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-piwik/" + google-query: inurl:"/wp-content/plugins/wp-piwik/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-piwik,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-piwik/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-piwik" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-planet-b888730346b1af7ed35cfb04de015b09.yaml b/nuclei-templates/cve-less/plugins/wp-planet-b888730346b1af7ed35cfb04de015b09.yaml new file mode 100644 index 0000000000..664ce16c61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-planet-b888730346b1af7ed35cfb04de015b09.yaml @@ -0,0 +1,58 @@ +id: wp-planet-b888730346b1af7ed35cfb04de015b09 + +info: + name: > + WP-Planet <= 0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e520850-5cc7-40f8-9222-e7e50d21f347?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-planet/" + google-query: inurl:"/wp-content/plugins/wp-planet/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-planet,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-planet/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-planet" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-plotly-2304e691feb866a99a567fd410649f69.yaml b/nuclei-templates/cve-less/plugins/wp-plotly-2304e691feb866a99a567fd410649f69.yaml new file mode 100644 index 0000000000..53d3f13c01 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-plotly-2304e691feb866a99a567fd410649f69.yaml @@ -0,0 +1,58 @@ +id: wp-plotly-2304e691feb866a99a567fd410649f69 + +info: + name: > + Plotly <= 1.0.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ec7f51d-5d65-40ff-9fe5-0fa6d5225fba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-plotly/" + google-query: inurl:"/wp-content/plugins/wp-plotly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-plotly,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-plotly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-plotly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-plotly-9098123c91e037cb8b4722ce5e0246b6.yaml b/nuclei-templates/cve-less/plugins/wp-plotly-9098123c91e037cb8b4722ce5e0246b6.yaml new file mode 100644 index 0000000000..707db48977 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-plotly-9098123c91e037cb8b4722ce5e0246b6.yaml @@ -0,0 +1,58 @@ +id: wp-plotly-9098123c91e037cb8b4722ce5e0246b6 + +info: + name: > + Plotly < 1.0.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50cb130d-2e9c-429c-a56c-4546e705981a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-plotly/" + google-query: inurl:"/wp-content/plugins/wp-plotly/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-plotly,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-plotly/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-plotly" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-plugin-lister-7ae4b63767ade919d8f9b4392d05e652.yaml b/nuclei-templates/cve-less/plugins/wp-plugin-lister-7ae4b63767ade919d8f9b4392d05e652.yaml new file mode 100644 index 0000000000..3503c61f81 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-plugin-lister-7ae4b63767ade919d8f9b4392d05e652.yaml @@ -0,0 +1,58 @@ +id: wp-plugin-lister-7ae4b63767ade919d8f9b4392d05e652 + +info: + name: > + WP Plugin Lister <= 2.1.0 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b819e88-111a-4611-ae23-87ac7a878b4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-plugin-lister/" + google-query: inurl:"/wp-content/plugins/wp-plugin-lister/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-plugin-lister,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-plugin-lister/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-plugin-lister" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-plugin-manager-a447458eea9f44bc06114a67289afadc.yaml b/nuclei-templates/cve-less/plugins/wp-plugin-manager-a447458eea9f44bc06114a67289afadc.yaml new file mode 100644 index 0000000000..588c2ebe8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-plugin-manager-a447458eea9f44bc06114a67289afadc.yaml @@ -0,0 +1,58 @@ +id: wp-plugin-manager-a447458eea9f44bc06114a67289afadc + +info: + name: > + WP Plugin Manager <= 1.1.7 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/623decc5-bdb7-42c9-8531-8004ddc16682?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-plugin-manager/" + google-query: inurl:"/wp-content/plugins/wp-plugin-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-plugin-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-plugin-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-plugin-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-pocket-urls-d20347ab3694d4969b9a9d128b6ebd42.yaml b/nuclei-templates/cve-less/plugins/wp-pocket-urls-d20347ab3694d4969b9a9d128b6ebd42.yaml new file mode 100644 index 0000000000..c3b8f49d57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-pocket-urls-d20347ab3694d4969b9a9d128b6ebd42.yaml @@ -0,0 +1,58 @@ +id: wp-pocket-urls-d20347ab3694d4969b9a9d128b6ebd42 + +info: + name: > + WP Pocket URLs <= 1.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a22873f-6f09-4183-92c5-a84e0d378920?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-pocket-urls/" + google-query: inurl:"/wp-content/plugins/wp-pocket-urls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-pocket-urls,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pocket-urls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pocket-urls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-politic-1981b0b53f874fc3ac5cfb1e486c1b8b.yaml b/nuclei-templates/cve-less/plugins/wp-politic-1981b0b53f874fc3ac5cfb1e486c1b8b.yaml new file mode 100644 index 0000000000..a6f77c2e0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-politic-1981b0b53f874fc3ac5cfb1e486c1b8b.yaml @@ -0,0 +1,58 @@ +id: wp-politic-1981b0b53f874fc3ac5cfb1e486c1b8b + +info: + name: > + HT Politic <= 2.3.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b127a47-d22f-47b5-92a8-440a5892a181?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-politic/" + google-query: inurl:"/wp-content/plugins/wp-politic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-politic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-politic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-politic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-poll-65871570265ff3cbf8c9f9629c5ab326.yaml b/nuclei-templates/cve-less/plugins/wp-poll-65871570265ff3cbf8c9f9629c5ab326.yaml new file mode 100644 index 0000000000..8911667ac5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-poll-65871570265ff3cbf8c9f9629c5ab326.yaml @@ -0,0 +1,58 @@ +id: wp-poll-65871570265ff3cbf8c9f9629c5ab326 + +info: + name: > + LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.68 - Missing Authorization via activate_addon + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa154536-9f9f-48c3-96c7-4091991e4f6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-poll/" + google-query: inurl:"/wp-content/plugins/wp-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-poll,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-poll-b72d7e0205356324b67801ccf623ea08.yaml b/nuclei-templates/cve-less/plugins/wp-poll-b72d7e0205356324b67801ccf623ea08.yaml new file mode 100644 index 0000000000..8262b0146f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-poll-b72d7e0205356324b67801ccf623ea08.yaml @@ -0,0 +1,58 @@ +id: wp-poll-b72d7e0205356324b67801ccf623ea08 + +info: + name: > + LiquidPoll – Polls, Surveys, NPS and Feedback Reviews <= 3.3.76 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84f57623-b6a6-4717-857d-93fa9d279882?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-poll/" + google-query: inurl:"/wp-content/plugins/wp-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-poll,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.76') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-polls-228a265800d06a8158d2945ad50b57f5.yaml b/nuclei-templates/cve-less/plugins/wp-polls-228a265800d06a8158d2945ad50b57f5.yaml new file mode 100644 index 0000000000..d923fc4f32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-polls-228a265800d06a8158d2945ad50b57f5.yaml @@ -0,0 +1,58 @@ +id: wp-polls-228a265800d06a8158d2945ad50b57f5 + +info: + name: > + WP-Polls <= 2.71 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1cc604a-b3dc-4dc1-b20b-4021b5b7d426?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-polls/" + google-query: inurl:"/wp-content/plugins/wp-polls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-polls,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-polls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-polls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.71') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-polls-72b547593d28ba78083c2d30dcb45b59.yaml b/nuclei-templates/cve-less/plugins/wp-polls-72b547593d28ba78083c2d30dcb45b59.yaml new file mode 100644 index 0000000000..cc4747db20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-polls-72b547593d28ba78083c2d30dcb45b59.yaml @@ -0,0 +1,58 @@ +id: wp-polls-72b547593d28ba78083c2d30dcb45b59 + +info: + name: > + WP-Polls <= 2.73 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa105250-7d19-49c9-af20-6d5e033314e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-polls/" + google-query: inurl:"/wp-content/plugins/wp-polls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-polls,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-polls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-polls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.73') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-polls-bc43778c342efbd129c6364212fbe04d.yaml b/nuclei-templates/cve-less/plugins/wp-polls-bc43778c342efbd129c6364212fbe04d.yaml new file mode 100644 index 0000000000..8f9aa54379 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-polls-bc43778c342efbd129c6364212fbe04d.yaml @@ -0,0 +1,58 @@ +id: wp-polls-bc43778c342efbd129c6364212fbe04d + +info: + name: > + WP-Polls <= 2.76.0 - Race Condition + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d19b433f-2245-4ba3-8f46-36a184c2454d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-polls/" + google-query: inurl:"/wp-content/plugins/wp-polls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-polls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-polls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-polls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.76.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-polls-d279c90e5e616e3125c9a657ba8ab939.yaml b/nuclei-templates/cve-less/plugins/wp-polls-d279c90e5e616e3125c9a657ba8ab939.yaml new file mode 100644 index 0000000000..5458d3f1d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-polls-d279c90e5e616e3125c9a657ba8ab939.yaml @@ -0,0 +1,58 @@ +id: wp-polls-d279c90e5e616e3125c9a657ba8ab939 + +info: + name: > + WP-Polls <= 2.75.6 - IP Validation Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc53ad70-d630-4d4a-bcca-79732134e6a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-polls/" + google-query: inurl:"/wp-content/plugins/wp-polls/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-polls,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-polls/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-polls" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.75.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-popup-banners-10b51d35ae6aafbea477ae24a9c22ccc.yaml b/nuclei-templates/cve-less/plugins/wp-popup-banners-10b51d35ae6aafbea477ae24a9c22ccc.yaml new file mode 100644 index 0000000000..f56fb53863 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-popup-banners-10b51d35ae6aafbea477ae24a9c22ccc.yaml @@ -0,0 +1,58 @@ +id: wp-popup-banners-10b51d35ae6aafbea477ae24a9c22ccc + +info: + name: > + WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8281cb20-73d3-4ab5-910e-d353b2a5cbd8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-popup-banners/" + google-query: inurl:"/wp-content/plugins/wp-popup-banners/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-popup-banners,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-popup-banners/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-popup-banners" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-popup-banners-92d1ed4c27e6f1a39ae5c39770d54c23.yaml b/nuclei-templates/cve-less/plugins/wp-popup-banners-92d1ed4c27e6f1a39ae5c39770d54c23.yaml new file mode 100644 index 0000000000..6ebd75b0fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-popup-banners-92d1ed4c27e6f1a39ae5c39770d54c23.yaml @@ -0,0 +1,58 @@ +id: wp-popup-banners-92d1ed4c27e6f1a39ae5c39770d54c23 + +info: + name: > + WP Popup Banners <= 1.2.5 - Authenticated (Subscriber+) SQL Injection via 'value' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa64d6b4-5673-4d88-b5c7-d3441eaa0706?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-popup-banners/" + google-query: inurl:"/wp-content/plugins/wp-popup-banners/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-popup-banners,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-popup-banners/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-popup-banners" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-popup-builder-aad2940a7ed6f57fa5fd0a2a1f283a4d.yaml b/nuclei-templates/cve-less/plugins/wp-popup-builder-aad2940a7ed6f57fa5fd0a2a1f283a4d.yaml new file mode 100644 index 0000000000..e2924a732e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-popup-builder-aad2940a7ed6f57fa5fd0a2a1f283a4d.yaml @@ -0,0 +1,58 @@ +id: wp-popup-builder-aad2940a7ed6f57fa5fd0a2a1f283a4d + +info: + name: > + WP Popup Builder <= 1.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbc14a5f-fa6b-47fa-8e8b-502409b18ed6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-popup-builder/" + google-query: inurl:"/wp-content/plugins/wp-popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-popup-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-popup-builder-c232fc614c70c66e672cbac2a32ca9cd.yaml b/nuclei-templates/cve-less/plugins/wp-popup-builder-c232fc614c70c66e672cbac2a32ca9cd.yaml new file mode 100644 index 0000000000..04c9eb764a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-popup-builder-c232fc614c70c66e672cbac2a32ca9cd.yaml @@ -0,0 +1,58 @@ +id: wp-popup-builder-c232fc614c70c66e672cbac2a32ca9cd + +info: + name: > + WP Popup Builder <= 1.2.9 - Missing Authorization and Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f613411e-2b2e-401d-87cd-a002e9c2fc08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-popup-builder/" + google-query: inurl:"/wp-content/plugins/wp-popup-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-popup-builder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-popup-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-popup-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-popups-lite-2aa273895136d445a6cf0ea6a1d06c8e.yaml b/nuclei-templates/cve-less/plugins/wp-popups-lite-2aa273895136d445a6cf0ea6a1d06c8e.yaml new file mode 100644 index 0000000000..51704843c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-popups-lite-2aa273895136d445a6cf0ea6a1d06c8e.yaml @@ -0,0 +1,58 @@ +id: wp-popups-lite-2aa273895136d445a6cf0ea6a1d06c8e + +info: + name: > + WP Popups <= 2.1.5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8810d237-06d5-45a0-8402-a2e7e15418d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-popups-lite/" + google-query: inurl:"/wp-content/plugins/wp-popups-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-popups-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-popups-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-popups-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-popups-lite-3f71ab9bea10d44c97baaae5fd797060.yaml b/nuclei-templates/cve-less/plugins/wp-popups-lite-3f71ab9bea10d44c97baaae5fd797060.yaml new file mode 100644 index 0000000000..a96416fcbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-popups-lite-3f71ab9bea10d44c97baaae5fd797060.yaml @@ -0,0 +1,58 @@ +id: wp-popups-lite-3f71ab9bea10d44c97baaae5fd797060 + +info: + name: > + WP Popups <= 2.1.4.7 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa441e45-9c33-483e-8332-49ac4dc7eaa3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-popups-lite/" + google-query: inurl:"/wp-content/plugins/wp-popups-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-popups-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-popups-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-popups-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-popups-lite-44f42e89daa3749af5c9d461caa7bbaa.yaml b/nuclei-templates/cve-less/plugins/wp-popups-lite-44f42e89daa3749af5c9d461caa7bbaa.yaml new file mode 100644 index 0000000000..5e6b609916 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-popups-lite-44f42e89daa3749af5c9d461caa7bbaa.yaml @@ -0,0 +1,58 @@ +id: wp-popups-lite-44f42e89daa3749af5c9d461caa7bbaa + +info: + name: > + WP Popups – WordPress Popup builder <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9747cda-735c-4087-8c4d-9c445c6d1596?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-popups-lite/" + google-query: inurl:"/wp-content/plugins/wp-popups-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-popups-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-popups-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-popups-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-popups-lite-690de1b98dd30a46cb8901aa5c2f16aa.yaml b/nuclei-templates/cve-less/plugins/wp-popups-lite-690de1b98dd30a46cb8901aa5c2f16aa.yaml new file mode 100644 index 0000000000..e74460289e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-popups-lite-690de1b98dd30a46cb8901aa5c2f16aa.yaml @@ -0,0 +1,58 @@ +id: wp-popups-lite-690de1b98dd30a46cb8901aa5c2f16aa + +info: + name: > + WP Popups <= 2.1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccb6275e-d933-428c-890c-dbfb95d5e4a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-popups-lite/" + google-query: inurl:"/wp-content/plugins/wp-popups-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-popups-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-popups-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-popups-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-portfolio-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/wp-portfolio-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..c75efdf320 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-portfolio-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: wp-portfolio-gallery-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-portfolio-gallery/" + google-query: inurl:"/wp-content/plugins/wp-portfolio-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-portfolio-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-portfolio-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-portfolio-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-post-author-b3367042bf6f7f08c7f7fe623f66bded.yaml b/nuclei-templates/cve-less/plugins/wp-post-author-b3367042bf6f7f08c7f7fe623f66bded.yaml new file mode 100644 index 0000000000..9410e8882c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-post-author-b3367042bf6f7f08c7f7fe623f66bded.yaml @@ -0,0 +1,58 @@ +id: wp-post-author-b3367042bf6f7f08c7f7fe623f66bded + +info: + name: > + WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization to Rating Manipulation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a82a3b7-eb05-4f52-84b7-f1a97dddedf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-post-author/" + google-query: inurl:"/wp-content/plugins/wp-post-author/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-post-author,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-author/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-author" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-post-author-de2cc205752867abbe773a0b92ad0ea7.yaml b/nuclei-templates/cve-less/plugins/wp-post-author-de2cc205752867abbe773a0b92ad0ea7.yaml new file mode 100644 index 0000000000..32542c2ab5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-post-author-de2cc205752867abbe773a0b92ad0ea7.yaml @@ -0,0 +1,58 @@ +id: wp-post-author-de2cc205752867abbe773a0b92ad0ea7 + +info: + name: > + WP Post Author – Enhance Your Posts with the Author Bio, Co-Authors, Guest Authors, and Post Rating System, including User Registration Form Builder <= 3.6.4 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df681544-f64b-4590-a377-08b05693ff1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-post-author/" + google-query: inurl:"/wp-content/plugins/wp-post-author/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-post-author,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-author/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-author" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-post-columns-2e27bbe1226fc43e3aceee610de45550.yaml b/nuclei-templates/cve-less/plugins/wp-post-columns-2e27bbe1226fc43e3aceee610de45550.yaml new file mode 100644 index 0000000000..bc9c44b634 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-post-columns-2e27bbe1226fc43e3aceee610de45550.yaml @@ -0,0 +1,58 @@ +id: wp-post-columns-2e27bbe1226fc43e3aceee610de45550 + +info: + name: > + WP Post Columns <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d96e5986-8c89-4e7e-aa63-f41aa13eeff4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-post-columns/" + google-query: inurl:"/wp-content/plugins/wp-post-columns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-post-columns,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-columns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-columns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-post-comment-rating-872e77979f08b8dfa6cf8411f0e84c8f.yaml b/nuclei-templates/cve-less/plugins/wp-post-comment-rating-872e77979f08b8dfa6cf8411f0e84c8f.yaml new file mode 100644 index 0000000000..887ae3d4a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-post-comment-rating-872e77979f08b8dfa6cf8411f0e84c8f.yaml @@ -0,0 +1,58 @@ +id: wp-post-comment-rating-872e77979f08b8dfa6cf8411f0e84c8f + +info: + name: > + WP Post Rating <= 2.4.6 - Missing Authorization to Vote Manipulation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/96ab5bb0-724c-434b-acc4-be8265b4838f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-post-comment-rating/" + google-query: inurl:"/wp-content/plugins/wp-post-comment-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-post-comment-rating,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-comment-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-comment-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-post-disclaimer-1387aa003d8d347fdc448b66fea447f4.yaml b/nuclei-templates/cve-less/plugins/wp-post-disclaimer-1387aa003d8d347fdc448b66fea447f4.yaml new file mode 100644 index 0000000000..a3f17aa092 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-post-disclaimer-1387aa003d8d347fdc448b66fea447f4.yaml @@ -0,0 +1,58 @@ +id: wp-post-disclaimer-1387aa003d8d347fdc448b66fea447f4 + +info: + name: > + WP Post Disclaimer <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb2829eb-3079-429e-ab0f-e23a2c32d616?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-post-disclaimer/" + google-query: inurl:"/wp-content/plugins/wp-post-disclaimer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-post-disclaimer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-disclaimer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-disclaimer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-post-modal-8e3b2acb0664262c6a53a39a282fbea3.yaml b/nuclei-templates/cve-less/plugins/wp-post-modal-8e3b2acb0664262c6a53a39a282fbea3.yaml new file mode 100644 index 0000000000..418c6067a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-post-modal-8e3b2acb0664262c6a53a39a282fbea3.yaml @@ -0,0 +1,58 @@ +id: wp-post-modal-8e3b2acb0664262c6a53a39a282fbea3 + +info: + name: > + WP Post Popup <= 3.7.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fe46da6-add5-42d4-a2db-7a8bada2968c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-post-modal/" + google-query: inurl:"/wp-content/plugins/wp-post-modal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-post-modal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-modal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-modal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-post-page-clone-477f1ad4dc386cbc51b27ed2633fd23f.yaml b/nuclei-templates/cve-less/plugins/wp-post-page-clone-477f1ad4dc386cbc51b27ed2633fd23f.yaml new file mode 100644 index 0000000000..79233ae6f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-post-page-clone-477f1ad4dc386cbc51b27ed2633fd23f.yaml @@ -0,0 +1,58 @@ +id: wp-post-page-clone-477f1ad4dc386cbc51b27ed2633fd23f + +info: + name: > + WP Post Page Clone <= 1.1 - Missing Authorization to Post Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c62b50a-f760-40c5-a408-27a6cfd44126?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-post-page-clone/" + google-query: inurl:"/wp-content/plugins/wp-post-page-clone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-post-page-clone,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-page-clone/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-page-clone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-post-styling-4746a61d808453b3b90542c6699809d7.yaml b/nuclei-templates/cve-less/plugins/wp-post-styling-4746a61d808453b3b90542c6699809d7.yaml new file mode 100644 index 0000000000..08de33cd26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-post-styling-4746a61d808453b3b90542c6699809d7.yaml @@ -0,0 +1,58 @@ +id: wp-post-styling-4746a61d808453b3b90542c6699809d7 + +info: + name: > + WP Post Styling <= 1.3.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c8529fc-9995-45c5-ad21-c960eb796fb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-post-styling/" + google-query: inurl:"/wp-content/plugins/wp-post-styling/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-post-styling,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-post-styling/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-post-styling" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-postratings-230dca5ad7a4f65f364511571d38f472.yaml b/nuclei-templates/cve-less/plugins/wp-postratings-230dca5ad7a4f65f364511571d38f472.yaml new file mode 100644 index 0000000000..c0d486d431 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-postratings-230dca5ad7a4f65f364511571d38f472.yaml @@ -0,0 +1,58 @@ +id: wp-postratings-230dca5ad7a4f65f364511571d38f472 + +info: + name: > + WP-PostRatings <= 1.86 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8d1c4ab-1207-4414-9351-3ef2a3cd131b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-postratings/" + google-query: inurl:"/wp-content/plugins/wp-postratings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-postratings,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-postratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-postratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.86') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-postratings-421d9d9506623e25232b233cfeaf22ca.yaml b/nuclei-templates/cve-less/plugins/wp-postratings-421d9d9506623e25232b233cfeaf22ca.yaml new file mode 100644 index 0000000000..d16e70e66b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-postratings-421d9d9506623e25232b233cfeaf22ca.yaml @@ -0,0 +1,58 @@ +id: wp-postratings-421d9d9506623e25232b233cfeaf22ca + +info: + name: > + WP-PostRatings <= 1.91 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6aed9434-1681-47d6-bbc1-0815db548a24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-postratings/" + google-query: inurl:"/wp-content/plugins/wp-postratings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-postratings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-postratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-postratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.91') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-postratings-8dec592932911140013173fa65adb3b3.yaml b/nuclei-templates/cve-less/plugins/wp-postratings-8dec592932911140013173fa65adb3b3.yaml new file mode 100644 index 0000000000..2c88845c65 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-postratings-8dec592932911140013173fa65adb3b3.yaml @@ -0,0 +1,58 @@ +id: wp-postratings-8dec592932911140013173fa65adb3b3 + +info: + name: > + WP-PostRatings <= 1.89 - Race Condition + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba27d52e-e43a-4f03-ad99-632c18279413?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-postratings/" + google-query: inurl:"/wp-content/plugins/wp-postratings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-postratings,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-postratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-postratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.89') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-postratings-ac814100e213d264685a18f0bee470c2.yaml b/nuclei-templates/cve-less/plugins/wp-postratings-ac814100e213d264685a18f0bee470c2.yaml new file mode 100644 index 0000000000..f1a743fe19 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-postratings-ac814100e213d264685a18f0bee470c2.yaml @@ -0,0 +1,58 @@ +id: wp-postratings-ac814100e213d264685a18f0bee470c2 + +info: + name: > + WP-PostRatings <= 1.61 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b8306b8-1f4c-48fb-8eb7-bf02a2f77e04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-postratings/" + google-query: inurl:"/wp-content/plugins/wp-postratings/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-postratings,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-postratings/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-postratings" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.61') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-posturl-544ee7aee750c4df26fe7f3c5d3e9353.yaml b/nuclei-templates/cve-less/plugins/wp-posturl-544ee7aee750c4df26fe7f3c5d3e9353.yaml new file mode 100644 index 0000000000..d0697b0c56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-posturl-544ee7aee750c4df26fe7f3c5d3e9353.yaml @@ -0,0 +1,58 @@ +id: wp-posturl-544ee7aee750c4df26fe7f3c5d3e9353 + +info: + name: > + Add Post URL <= 2.1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24d08127-67b6-434a-8dbe-233a47854f9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-posturl/" + google-query: inurl:"/wp-content/plugins/wp-posturl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-posturl,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-posturl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-posturl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-postviews-888312a64923f43849174a79d906913e.yaml b/nuclei-templates/cve-less/plugins/wp-postviews-888312a64923f43849174a79d906913e.yaml new file mode 100644 index 0000000000..a454c4d32c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-postviews-888312a64923f43849174a79d906913e.yaml @@ -0,0 +1,58 @@ +id: wp-postviews-888312a64923f43849174a79d906913e + +info: + name: > + WP-PostViews < 1.63 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87eaa518-44fb-48ae-b700-ac65141905b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-postviews/" + google-query: inurl:"/wp-content/plugins/wp-postviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-postviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-postviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-postviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.63') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-power-stats-d2359b1121bed9933888a9df14ebd74e.yaml b/nuclei-templates/cve-less/plugins/wp-power-stats-d2359b1121bed9933888a9df14ebd74e.yaml new file mode 100644 index 0000000000..a431f1741a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-power-stats-d2359b1121bed9933888a9df14ebd74e.yaml @@ -0,0 +1,58 @@ +id: wp-power-stats-d2359b1121bed9933888a9df14ebd74e + +info: + name: > + WP Power Stats <= 2.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a86a694b-5e45-4e94-a22c-2c5faa7172a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-power-stats/" + google-query: inurl:"/wp-content/plugins/wp-power-stats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-power-stats,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-power-stats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-power-stats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-powerplaygallery-3fd0f15662f38cc8cf4de2e9cf15e403.yaml b/nuclei-templates/cve-less/plugins/wp-powerplaygallery-3fd0f15662f38cc8cf4de2e9cf15e403.yaml new file mode 100644 index 0000000000..a107258897 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-powerplaygallery-3fd0f15662f38cc8cf4de2e9cf15e403.yaml @@ -0,0 +1,58 @@ +id: wp-powerplaygallery-3fd0f15662f38cc8cf4de2e9cf15e403 + +info: + name: > + Powerplay Gallery <= 3.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/474ad5a5-6384-41cb-a60b-e25477d48ad7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-powerplaygallery/" + google-query: inurl:"/wp-content/plugins/wp-powerplaygallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-powerplaygallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-powerplaygallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-powerplaygallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-powerplaygallery-4d6fdc24cec05dab8e1448ebdf64ba23.yaml b/nuclei-templates/cve-less/plugins/wp-powerplaygallery-4d6fdc24cec05dab8e1448ebdf64ba23.yaml new file mode 100644 index 0000000000..b9d5ea6cc7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-powerplaygallery-4d6fdc24cec05dab8e1448ebdf64ba23.yaml @@ -0,0 +1,58 @@ +id: wp-powerplaygallery-4d6fdc24cec05dab8e1448ebdf64ba23 + +info: + name: > + Powerplay Gallery <= 3.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c44b9eb6-96a8-4e19-b4c1-72a69b9f159f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-powerplaygallery/" + google-query: inurl:"/wp-content/plugins/wp-powerplaygallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-powerplaygallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-powerplaygallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-powerplaygallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-powerplaygallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-powerplaygallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..f1a1c7cf3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-powerplaygallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-powerplaygallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-powerplaygallery/" + google-query: inurl:"/wp-content/plugins/wp-powerplaygallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-powerplaygallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-powerplaygallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-powerplaygallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-powerplaygallery-f8194d7ca5455df0340759073541f5a7.yaml b/nuclei-templates/cve-less/plugins/wp-powerplaygallery-f8194d7ca5455df0340759073541f5a7.yaml new file mode 100644 index 0000000000..21b022b796 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-powerplaygallery-f8194d7ca5455df0340759073541f5a7.yaml @@ -0,0 +1,58 @@ +id: wp-powerplaygallery-f8194d7ca5455df0340759073541f5a7 + +info: + name: > + Powerplay Gallery <= 3.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2655ec9f-471f-48e7-8e1c-a428ef3b46ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-powerplaygallery/" + google-query: inurl:"/wp-content/plugins/wp-powerplaygallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-powerplaygallery,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-powerplaygallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-powerplaygallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-prayer-93817db5fd5a790f9a8413665f75bc03.yaml b/nuclei-templates/cve-less/plugins/wp-prayer-93817db5fd5a790f9a8413665f75bc03.yaml new file mode 100644 index 0000000000..d21a6fb64f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-prayer-93817db5fd5a790f9a8413665f75bc03.yaml @@ -0,0 +1,58 @@ +id: wp-prayer-93817db5fd5a790f9a8413665f75bc03 + +info: + name: > + WP Prayer <= 1.6.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc23d52c-68e5-4f5c-9334-acae70fd4c42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-prayer/" + google-query: inurl:"/wp-content/plugins/wp-prayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-prayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-prayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-prayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-prayer-c57cd7bd5b015a60858f3a01ad1d45ea.yaml b/nuclei-templates/cve-less/plugins/wp-prayer-c57cd7bd5b015a60858f3a01ad1d45ea.yaml new file mode 100644 index 0000000000..9e162c6f45 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-prayer-c57cd7bd5b015a60858f3a01ad1d45ea.yaml @@ -0,0 +1,58 @@ +id: wp-prayer-c57cd7bd5b015a60858f3a01ad1d45ea + +info: + name: > + WP Prayer <= 1.6.5 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7efbdb1-989f-4171-ab55-aff66014337a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-prayer/" + google-query: inurl:"/wp-content/plugins/wp-prayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-prayer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-prayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-prayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-prayer-fc6f44579727101979a58b50043c9f62.yaml b/nuclei-templates/cve-less/plugins/wp-prayer-fc6f44579727101979a58b50043c9f62.yaml new file mode 100644 index 0000000000..dde9898a27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-prayer-fc6f44579727101979a58b50043c9f62.yaml @@ -0,0 +1,58 @@ +id: wp-prayer-fc6f44579727101979a58b50043c9f62 + +info: + name: > + WP Prayer <= 1.9.6 - Authenticated(Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9738054-058f-47be-9973-f119fbfd4396?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-prayer/" + google-query: inurl:"/wp-content/plugins/wp-prayer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-prayer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-prayer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-prayer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-print-b73d87f96280b93d84cc00f272e356ef.yaml b/nuclei-templates/cve-less/plugins/wp-print-b73d87f96280b93d84cc00f272e356ef.yaml new file mode 100644 index 0000000000..ff6185d500 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-print-b73d87f96280b93d84cc00f272e356ef.yaml @@ -0,0 +1,58 @@ +id: wp-print-b73d87f96280b93d84cc00f272e356ef + +info: + name: > + WP-Print <= 2.51 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f8945e9-51db-46aa-b198-3762b6628553?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-print/" + google-query: inurl:"/wp-content/plugins/wp-print/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-print,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-print/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-print" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-private-content-plus-13ab88959bcdd9c68f7d9d04453c2d2d.yaml b/nuclei-templates/cve-less/plugins/wp-private-content-plus-13ab88959bcdd9c68f7d9d04453c2d2d.yaml new file mode 100644 index 0000000000..9fa98becd4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-private-content-plus-13ab88959bcdd9c68f7d9d04453c2d2d.yaml @@ -0,0 +1,58 @@ +id: wp-private-content-plus-13ab88959bcdd9c68f7d9d04453c2d2d + +info: + name: > + WP Private Content Plus <= 1.31 - Unauthenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb26ea7b-fc54-4cef-aaa8-3a41e8d0c371?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-private-content-plus/" + google-query: inurl:"/wp-content/plugins/wp-private-content-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-private-content-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-private-content-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-private-content-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-private-content-plus-aed641f4c8c8fbdbffc5591e24cc25c4.yaml b/nuclei-templates/cve-less/plugins/wp-private-content-plus-aed641f4c8c8fbdbffc5591e24cc25c4.yaml new file mode 100644 index 0000000000..3521f8e099 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-private-content-plus-aed641f4c8c8fbdbffc5591e24cc25c4.yaml @@ -0,0 +1,58 @@ +id: wp-private-content-plus-aed641f4c8c8fbdbffc5591e24cc25c4 + +info: + name: > + WP Private Content Plus <= 3.6 - Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-private-content-plus/" + google-query: inurl:"/wp-content/plugins/wp-private-content-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-private-content-plus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-private-content-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-private-content-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-private-content-plus-ed06ada3e2d61861fecb8610e5d7a1ac.yaml b/nuclei-templates/cve-less/plugins/wp-private-content-plus-ed06ada3e2d61861fecb8610e5d7a1ac.yaml new file mode 100644 index 0000000000..122565306b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-private-content-plus-ed06ada3e2d61861fecb8610e5d7a1ac.yaml @@ -0,0 +1,58 @@ +id: wp-private-content-plus-ed06ada3e2d61861fecb8610e5d7a1ac + +info: + name: > + WP Private Content Plus <= 3.1 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/238f6d81-78ba-426c-866a-31f9279e4f99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-private-content-plus/" + google-query: inurl:"/wp-content/plugins/wp-private-content-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-private-content-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-private-content-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-private-content-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-private-message-f96de744475c9f8a69cb4acf328a0bc2.yaml b/nuclei-templates/cve-less/plugins/wp-private-message-f96de744475c9f8a69cb4acf328a0bc2.yaml new file mode 100644 index 0000000000..57ded98b44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-private-message-f96de744475c9f8a69cb4acf328a0bc2.yaml @@ -0,0 +1,58 @@ +id: wp-private-message-f96de744475c9f8a69cb4acf328a0bc2 + +info: + name: > + WP Private Message < 1.0.6 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14026e96-7e21-45db-b258-13b014ec478c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-private-message/" + google-query: inurl:"/wp-content/plugins/wp-private-message/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-private-message,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-private-message/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-private-message" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-pro-quiz-f47da71d7fbe6f22fdb13d8b16b739c2.yaml b/nuclei-templates/cve-less/plugins/wp-pro-quiz-f47da71d7fbe6f22fdb13d8b16b739c2.yaml new file mode 100644 index 0000000000..841a7b4b60 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-pro-quiz-f47da71d7fbe6f22fdb13d8b16b739c2.yaml @@ -0,0 +1,58 @@ +id: wp-pro-quiz-f47da71d7fbe6f22fdb13d8b16b739c2 + +info: + name: > + WP-Pro-Quiz <= 0.37 - Arbitrary Quiz Deletion via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/303bdead-96e4-45f4-8b57-f1cb703bbe16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-pro-quiz/" + google-query: inurl:"/wp-content/plugins/wp-pro-quiz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-pro-quiz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-pro-quiz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-pro-quiz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-product-feed-manager-68254971cbcf2fc6d5bd7c51c76b34c5.yaml b/nuclei-templates/cve-less/plugins/wp-product-feed-manager-68254971cbcf2fc6d5bd7c51c76b34c5.yaml new file mode 100644 index 0000000000..eee0a40f9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-product-feed-manager-68254971cbcf2fc6d5bd7c51c76b34c5.yaml @@ -0,0 +1,58 @@ +id: wp-product-feed-manager-68254971cbcf2fc6d5bd7c51c76b34c5 + +info: + name: > + WooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37bfb60d-8e2d-4c77-880c-3d17a6a434b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-product-feed-manager/" + google-query: inurl:"/wp-content/plugins/wp-product-feed-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-product-feed-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-product-feed-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-product-feed-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-product-feed-manager-ac3cdb02dfa19f5b0080855ac08f88be.yaml b/nuclei-templates/cve-less/plugins/wp-product-feed-manager-ac3cdb02dfa19f5b0080855ac08f88be.yaml new file mode 100644 index 0000000000..8d038a17b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-product-feed-manager-ac3cdb02dfa19f5b0080855ac08f88be.yaml @@ -0,0 +1,58 @@ +id: wp-product-feed-manager-ac3cdb02dfa19f5b0080855ac08f88be + +info: + name: > + WooCommerce Google Feed Manager <= 2.2.0 - Authenticated (Shop manager+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf36c00f-e6a2-4630-b5ef-9015365be436?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-product-feed-manager/" + google-query: inurl:"/wp-content/plugins/wp-product-feed-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-product-feed-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-product-feed-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-product-feed-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-publications-76cc9ef157cda8ab12c517a7c91088af.yaml b/nuclei-templates/cve-less/plugins/wp-publications-76cc9ef157cda8ab12c517a7c91088af.yaml new file mode 100644 index 0000000000..39c8dc54ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-publications-76cc9ef157cda8ab12c517a7c91088af.yaml @@ -0,0 +1,58 @@ +id: wp-publications-76cc9ef157cda8ab12c517a7c91088af + +info: + name: > + wp-publications < 1.1 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c08b7a7-297b-4ad7-b829-3ccbae7b2e41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-publications/" + google-query: inurl:"/wp-content/plugins/wp-publications/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-publications,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-publications/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-publications" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-qrcode-me-v-card-800d1ab574434819322506f176feb04a.yaml b/nuclei-templates/cve-less/plugins/wp-qrcode-me-v-card-800d1ab574434819322506f176feb04a.yaml new file mode 100644 index 0000000000..b4d9a96c98 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-qrcode-me-v-card-800d1ab574434819322506f176feb04a.yaml @@ -0,0 +1,58 @@ +id: wp-qrcode-me-v-card-800d1ab574434819322506f176feb04a + +info: + name: > + QR code MeCard/vCard generator <= 1.6.0 - Missing Authorization via wqm_make_url_permanent + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8896fa5a-1642-4fcd-8fff-1e5828c28523?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-qrcode-me-v-card/" + google-query: inurl:"/wp-content/plugins/wp-qrcode-me-v-card/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-qrcode-me-v-card,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-qrcode-me-v-card/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-qrcode-me-v-card" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-18ba5164adc930f4c13bf8eac8771529.yaml b/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-18ba5164adc930f4c13bf8eac8771529.yaml new file mode 100644 index 0000000000..bb9d68ff2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-18ba5164adc930f4c13bf8eac8771529.yaml @@ -0,0 +1,58 @@ +id: wp-quick-front-end-editor-18ba5164adc930f4c13bf8eac8771529 + +info: + name: > + WP Quick FrontEnd Editor <= 5.5 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c392750b-ae4a-48b5-9ccb-43852fb13e27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-quick-front-end-editor/" + google-query: inurl:"/wp-content/plugins/wp-quick-front-end-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-quick-front-end-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-quick-front-end-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-quick-front-end-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-34686e9b40a6d9c4dcc8e1fbb6d4343b.yaml b/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-34686e9b40a6d9c4dcc8e1fbb6d4343b.yaml new file mode 100644 index 0000000000..b97aa88158 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-34686e9b40a6d9c4dcc8e1fbb6d4343b.yaml @@ -0,0 +1,58 @@ +id: wp-quick-front-end-editor-34686e9b40a6d9c4dcc8e1fbb6d4343b + +info: + name: > + WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed137706-1313-4bff-882b-13d9fa11498c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-quick-front-end-editor/" + google-query: inurl:"/wp-content/plugins/wp-quick-front-end-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-quick-front-end-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-quick-front-end-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-quick-front-end-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-480b8a3eac01c8a8ea01d02be8cf6e9e.yaml b/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-480b8a3eac01c8a8ea01d02be8cf6e9e.yaml new file mode 100644 index 0000000000..858271e223 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-480b8a3eac01c8a8ea01d02be8cf6e9e.yaml @@ -0,0 +1,58 @@ +id: wp-quick-front-end-editor-480b8a3eac01c8a8ea01d02be8cf6e9e + +info: + name: > + WP Quick FrontEnd Editor <= 5.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ce8ae7d-c2a5-4da3-8bdd-20dfdb5ce700?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-quick-front-end-editor/" + google-query: inurl:"/wp-content/plugins/wp-quick-front-end-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-quick-front-end-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-quick-front-end-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-quick-front-end-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-f945b2013c9f8db455b1c19cba6e241e.yaml b/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-f945b2013c9f8db455b1c19cba6e241e.yaml new file mode 100644 index 0000000000..c86bd6681d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-quick-front-end-editor-f945b2013c9f8db455b1c19cba6e241e.yaml @@ -0,0 +1,58 @@ +id: wp-quick-front-end-editor-f945b2013c9f8db455b1c19cba6e241e + +info: + name: > + WP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5492bff-cfd9-41ed-a59b-4445d5e83e86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-quick-front-end-editor/" + google-query: inurl:"/wp-content/plugins/wp-quick-front-end-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-quick-front-end-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-quick-front-end-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-quick-front-end-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-quick-post-duplicator-10b5f73ced4f4ae8f40389dd6e188b1c.yaml b/nuclei-templates/cve-less/plugins/wp-quick-post-duplicator-10b5f73ced4f4ae8f40389dd6e188b1c.yaml new file mode 100644 index 0000000000..6568325d68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-quick-post-duplicator-10b5f73ced4f4ae8f40389dd6e188b1c.yaml @@ -0,0 +1,58 @@ +id: wp-quick-post-duplicator-10b5f73ced4f4ae8f40389dd6e188b1c + +info: + name: > + WP Quick Post Duplicator <= 2.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12a576ee-f8a9-4740-b87b-091a46970d53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-quick-post-duplicator/" + google-query: inurl:"/wp-content/plugins/wp-quick-post-duplicator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-quick-post-duplicator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-quick-post-duplicator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-quick-post-duplicator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-radio-4750f217b4fbd830bf2a4ee2b5c1530d.yaml b/nuclei-templates/cve-less/plugins/wp-radio-4750f217b4fbd830bf2a4ee2b5c1530d.yaml new file mode 100644 index 0000000000..6249e21997 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-radio-4750f217b4fbd830bf2a4ee2b5c1530d.yaml @@ -0,0 +1,58 @@ +id: wp-radio-4750f217b4fbd830bf2a4ee2b5c1530d + +info: + name: > + WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b46e9771-37ff-4825-9af9-02ecde424653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-radio/" + google-query: inurl:"/wp-content/plugins/wp-radio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-radio,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-radio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-radio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-radio-785b1c3458487127cc883fbac1f1ef7f.yaml b/nuclei-templates/cve-less/plugins/wp-radio-785b1c3458487127cc883fbac1f1ef7f.yaml new file mode 100644 index 0000000000..c38be9b3dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-radio-785b1c3458487127cc883fbac1f1ef7f.yaml @@ -0,0 +1,58 @@ +id: wp-radio-785b1c3458487127cc883fbac1f1ef7f + +info: + name: > + WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/486ffdc9-a3e7-4f4c-89b1-b668a5d41aa5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-radio/" + google-query: inurl:"/wp-content/plugins/wp-radio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-radio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-radio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-radio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-radio-86ac2d003a393175395c9b05a6663062.yaml b/nuclei-templates/cve-less/plugins/wp-radio-86ac2d003a393175395c9b05a6663062.yaml new file mode 100644 index 0000000000..45e8c15001 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-radio-86ac2d003a393175395c9b05a6663062.yaml @@ -0,0 +1,58 @@ +id: wp-radio-86ac2d003a393175395c9b05a6663062 + +info: + name: > + WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/874e9e14-1330-40f0-8199-8abcaae58e98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-radio/" + google-query: inurl:"/wp-content/plugins/wp-radio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-radio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-radio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-radio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reactions-lite-0b686c4cb6f413d46dafa7ed933109c6.yaml b/nuclei-templates/cve-less/plugins/wp-reactions-lite-0b686c4cb6f413d46dafa7ed933109c6.yaml new file mode 100644 index 0000000000..efb2b328ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reactions-lite-0b686c4cb6f413d46dafa7ed933109c6.yaml @@ -0,0 +1,58 @@ +id: wp-reactions-lite-0b686c4cb6f413d46dafa7ed933109c6 + +info: + name: > + WP Reactions Lite <= 1.3.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cceca0e-5411-4b8c-a261-91098a8bc7fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reactions-lite/" + google-query: inurl:"/wp-content/plugins/wp-reactions-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reactions-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reactions-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reactions-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reactions-lite-1fa1c4ce292a4074e0d2a4792b491027.yaml b/nuclei-templates/cve-less/plugins/wp-reactions-lite-1fa1c4ce292a4074e0d2a4792b491027.yaml new file mode 100644 index 0000000000..d3270c9885 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reactions-lite-1fa1c4ce292a4074e0d2a4792b491027.yaml @@ -0,0 +1,58 @@ +id: wp-reactions-lite-1fa1c4ce292a4074e0d2a4792b491027 + +info: + name: > + WP Reactions Lite <= 1.3.8 - Cross-Site Request Forgery via AJAX action + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/558b4b31-fd4f-4265-bddc-baf484d48fc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reactions-lite/" + google-query: inurl:"/wp-content/plugins/wp-reactions-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reactions-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reactions-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reactions-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recall-60df39bb0575c5dbb8ccfec2f18ede40.yaml b/nuclei-templates/cve-less/plugins/wp-recall-60df39bb0575c5dbb8ccfec2f18ede40.yaml new file mode 100644 index 0000000000..349fc459db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recall-60df39bb0575c5dbb8ccfec2f18ede40.yaml @@ -0,0 +1,58 @@ +id: wp-recall-60df39bb0575c5dbb8ccfec2f18ede40 + +info: + name: > + WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99a21d91-e17a-400e-9013-c074e76bbf6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recall/" + google-query: inurl:"/wp-content/plugins/wp-recall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 16.26.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recall-8d8383b244607eb18513c4f27a52d173.yaml b/nuclei-templates/cve-less/plugins/wp-recall-8d8383b244607eb18513c4f27a52d173.yaml new file mode 100644 index 0000000000..313f58cd9a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recall-8d8383b244607eb18513c4f27a52d173.yaml @@ -0,0 +1,58 @@ +id: wp-recall-8d8383b244607eb18513c4f27a52d173 + +info: + name: > + WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/813821c8-a9f9-408e-b85e-1c24d90f5e4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recall/" + google-query: inurl:"/wp-content/plugins/wp-recall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 16.26.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recall-c0cb61dd6fecf2d07db617deb2e20095.yaml b/nuclei-templates/cve-less/plugins/wp-recall-c0cb61dd6fecf2d07db617deb2e20095.yaml new file mode 100644 index 0000000000..d94554db1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recall-c0cb61dd6fecf2d07db617deb2e20095.yaml @@ -0,0 +1,58 @@ +id: wp-recall-c0cb61dd6fecf2d07db617deb2e20095 + +info: + name: > + WP-Recall – Registration, Profile, Commerce & More <= 16.26.5 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97ed0ef5-2a01-4531-a844-81766bdfc7c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recall/" + google-query: inurl:"/wp-content/plugins/wp-recall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 16.26.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recaptcha-e3d831bb072ff08836a63c6a4ebecea3.yaml b/nuclei-templates/cve-less/plugins/wp-recaptcha-e3d831bb072ff08836a63c6a4ebecea3.yaml new file mode 100644 index 0000000000..9fdf4d7453 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recaptcha-e3d831bb072ff08836a63c6a4ebecea3.yaml @@ -0,0 +1,58 @@ +id: wp-recaptcha-e3d831bb072ff08836a63c6a4ebecea3 + +info: + name: > + WP-reCAPTCHA <= 2.9.8.2 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a437e3ac-5428-4820-8037-8592b86e0dd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recaptcha/" + google-query: inurl:"/wp-content/plugins/wp-recaptcha/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recaptcha,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recaptcha/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recaptcha" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recentcomments-7e43f159f02a44d44b4f5f778ba799d4.yaml b/nuclei-templates/cve-less/plugins/wp-recentcomments-7e43f159f02a44d44b4f5f778ba799d4.yaml new file mode 100644 index 0000000000..9730d7dbdc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recentcomments-7e43f159f02a44d44b4f5f778ba799d4.yaml @@ -0,0 +1,58 @@ +id: wp-recentcomments-7e43f159f02a44d44b4f5f778ba799d4 + +info: + name: > + WP-RecentComments <= 2.2.7 - Unauthenticated Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3becd450-b0de-466a-9721-b156a2ba1de3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recentcomments/" + google-query: inurl:"/wp-content/plugins/wp-recentcomments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recentcomments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recentcomments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recentcomments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recentcomments-a8f25522ea55ec9a76938298a24a0acc.yaml b/nuclei-templates/cve-less/plugins/wp-recentcomments-a8f25522ea55ec9a76938298a24a0acc.yaml new file mode 100644 index 0000000000..070235c88c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recentcomments-a8f25522ea55ec9a76938298a24a0acc.yaml @@ -0,0 +1,58 @@ +id: wp-recentcomments-a8f25522ea55ec9a76938298a24a0acc + +info: + name: > + WP-RecentComments <= 2.0.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9ddbb9c-c2c9-4e34-ac22-2afe8050e15b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recentcomments/" + google-query: inurl:"/wp-content/plugins/wp-recentcomments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recentcomments,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recentcomments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recentcomments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recentcomments-d9b7779382ec9bca0dc96d41eb9855af.yaml b/nuclei-templates/cve-less/plugins/wp-recentcomments-d9b7779382ec9bca0dc96d41eb9855af.yaml new file mode 100644 index 0000000000..849bf317ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recentcomments-d9b7779382ec9bca0dc96d41eb9855af.yaml @@ -0,0 +1,58 @@ +id: wp-recentcomments-d9b7779382ec9bca0dc96d41eb9855af + +info: + name: > + WP-RecentComments <= 2.0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c6f44ba-a8c1-4248-8f54-ee86d4b5aa20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recentcomments/" + google-query: inurl:"/wp-content/plugins/wp-recentcomments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recentcomments,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recentcomments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recentcomments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recipe-maker-08ecb188f4c24bff415036a618bb6f62.yaml b/nuclei-templates/cve-less/plugins/wp-recipe-maker-08ecb188f4c24bff415036a618bb6f62.yaml new file mode 100644 index 0000000000..9eb1def5f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recipe-maker-08ecb188f4c24bff415036a618bb6f62.yaml @@ -0,0 +1,58 @@ +id: wp-recipe-maker-08ecb188f4c24bff415036a618bb6f62 + +info: + name: > + WP Recipe Maker <= 9.1.0 - Reflected Cross-Site Scripting via Referer + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20842e95-4b91-4138-9e32-7c090724bf64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recipe-maker/" + google-query: inurl:"/wp-content/plugins/wp-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recipe-maker,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recipe-maker-30317bfce905faf2637e9a9df56ecb43.yaml b/nuclei-templates/cve-less/plugins/wp-recipe-maker-30317bfce905faf2637e9a9df56ecb43.yaml new file mode 100644 index 0000000000..b9ef9b87d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recipe-maker-30317bfce905faf2637e9a9df56ecb43.yaml @@ -0,0 +1,58 @@ +id: wp-recipe-maker-30317bfce905faf2637e9a9df56ecb43 + +info: + name: > + WP Recipe Maker <= 8.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f75093a5-e0cc-4d3b-bdef-a65561127b3d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recipe-maker/" + google-query: inurl:"/wp-content/plugins/wp-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recipe-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recipe-maker-348b2d2c08f931f9d2b3643ac2152b3a.yaml b/nuclei-templates/cve-less/plugins/wp-recipe-maker-348b2d2c08f931f9d2b3643ac2152b3a.yaml new file mode 100644 index 0000000000..ad68d9f8b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recipe-maker-348b2d2c08f931f9d2b3643ac2152b3a.yaml @@ -0,0 +1,58 @@ +id: wp-recipe-maker-348b2d2c08f931f9d2b3643ac2152b3a + +info: + name: > + WP Recipe Maker <= 9.2.1 - Authenticated Stored Cross-Site Scripting via Video Embed + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c098b35-606e-4dde-8683-4c90f518ddb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recipe-maker/" + google-query: inurl:"/wp-content/plugins/wp-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recipe-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recipe-maker-55265bc94a3e60f3cd5f796b692a1dbf.yaml b/nuclei-templates/cve-less/plugins/wp-recipe-maker-55265bc94a3e60f3cd5f796b692a1dbf.yaml new file mode 100644 index 0000000000..3435b28d00 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recipe-maker-55265bc94a3e60f3cd5f796b692a1dbf.yaml @@ -0,0 +1,58 @@ +id: wp-recipe-maker-55265bc94a3e60f3cd5f796b692a1dbf + +info: + name: > + WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Recipe Notes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recipe-maker/" + google-query: inurl:"/wp-content/plugins/wp-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recipe-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recipe-maker-563c86924064bbeed4e8a4af90017e06.yaml b/nuclei-templates/cve-less/plugins/wp-recipe-maker-563c86924064bbeed4e8a4af90017e06.yaml new file mode 100644 index 0000000000..74fb77bd02 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recipe-maker-563c86924064bbeed4e8a4af90017e06.yaml @@ -0,0 +1,58 @@ +id: wp-recipe-maker-563c86924064bbeed4e8a4af90017e06 + +info: + name: > + WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via header_tag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f463ed1-06ad-430f-b450-1a73dc54f8a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recipe-maker/" + google-query: inurl:"/wp-content/plugins/wp-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recipe-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recipe-maker-827537b84b4ae3840c51006c12ccc5df.yaml b/nuclei-templates/cve-less/plugins/wp-recipe-maker-827537b84b4ae3840c51006c12ccc5df.yaml new file mode 100644 index 0000000000..252ae69ce6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recipe-maker-827537b84b4ae3840c51006c12ccc5df.yaml @@ -0,0 +1,58 @@ +id: wp-recipe-maker-827537b84b4ae3840c51006c12ccc5df + +info: + name: > + WP Recipe Maker <= 9.1.2 - Missing Authorization to Authenticated (Subscriber+) SQL Injecton + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b10d8f8a-517f-4286-b501-0ca040529362?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recipe-maker/" + google-query: inurl:"/wp-content/plugins/wp-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recipe-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recipe-maker-948461229b764fced19a13ef5ba11252.yaml b/nuclei-templates/cve-less/plugins/wp-recipe-maker-948461229b764fced19a13ef5ba11252.yaml new file mode 100644 index 0000000000..69e886e7ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recipe-maker-948461229b764fced19a13ef5ba11252.yaml @@ -0,0 +1,58 @@ +id: wp-recipe-maker-948461229b764fced19a13ef5ba11252 + +info: + name: > + WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7c949f0-fcd1-4984-95a2-b19fb72f04bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recipe-maker/" + google-query: inurl:"/wp-content/plugins/wp-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recipe-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recipe-maker-96587021500f654fee1593a976493ca2.yaml b/nuclei-templates/cve-less/plugins/wp-recipe-maker-96587021500f654fee1593a976493ca2.yaml new file mode 100644 index 0000000000..97891299ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recipe-maker-96587021500f654fee1593a976493ca2.yaml @@ -0,0 +1,58 @@ +id: wp-recipe-maker-96587021500f654fee1593a976493ca2 + +info: + name: > + WP Recipe Maker <= 9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wprm-recipe-roundup-item Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/69cc7b6c-b6c2-4bba-afb4-86ba1b36b295?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recipe-maker/" + google-query: inurl:"/wp-content/plugins/wp-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recipe-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recipe-maker-c3b5c2246526b047e580623567471684.yaml b/nuclei-templates/cve-less/plugins/wp-recipe-maker-c3b5c2246526b047e580623567471684.yaml new file mode 100644 index 0000000000..cfdf117337 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recipe-maker-c3b5c2246526b047e580623567471684.yaml @@ -0,0 +1,58 @@ +id: wp-recipe-maker-c3b5c2246526b047e580623567471684 + +info: + name: > + WP Recipe Maker <= 9.1.0 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec201702-8c8c-4049-b647-422d18001b7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recipe-maker/" + google-query: inurl:"/wp-content/plugins/wp-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recipe-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recipe-maker-cb50f73b0638afd5cd0d186b2a6577a5.yaml b/nuclei-templates/cve-less/plugins/wp-recipe-maker-cb50f73b0638afd5cd0d186b2a6577a5.yaml new file mode 100644 index 0000000000..8e8a331ae8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recipe-maker-cb50f73b0638afd5cd0d186b2a6577a5.yaml @@ -0,0 +1,58 @@ +id: wp-recipe-maker-cb50f73b0638afd5cd0d186b2a6577a5 + +info: + name: > + WP Recipe Maker <= 9.1.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recipe-maker/" + google-query: inurl:"/wp-content/plugins/wp-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recipe-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-recipe-maker-f594e103526836b64061a1f68427567d.yaml b/nuclei-templates/cve-less/plugins/wp-recipe-maker-f594e103526836b64061a1f68427567d.yaml new file mode 100644 index 0000000000..191b0c62b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-recipe-maker-f594e103526836b64061a1f68427567d.yaml @@ -0,0 +1,58 @@ +id: wp-recipe-maker-f594e103526836b64061a1f68427567d + +info: + name: > + WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via icon_color + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53a51408-e5d8-4727-9dec-8321c062c31e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-recipe-maker/" + google-query: inurl:"/wp-content/plugins/wp-recipe-maker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-recipe-maker,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-recipe-maker/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-recipe-maker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-register-profile-with-shortcode-7ae915288e9c3c74b018a1157e470354.yaml b/nuclei-templates/cve-less/plugins/wp-register-profile-with-shortcode-7ae915288e9c3c74b018a1157e470354.yaml new file mode 100644 index 0000000000..7a722adca7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-register-profile-with-shortcode-7ae915288e9c3c74b018a1157e470354.yaml @@ -0,0 +1,58 @@ +id: wp-register-profile-with-shortcode-7ae915288e9c3c74b018a1157e470354 + +info: + name: > + WP Register Profile With Shortcode <= 3.5.9 - Cross-Site Request Forgery to User Password Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca564941-4780-4da2-b937-c9bd45966d81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-register-profile-with-shortcode/" + google-query: inurl:"/wp-content/plugins/wp-register-profile-with-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-register-profile-with-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-register-profile-with-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-register-profile-with-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-register-profile-with-shortcode-e5cd3f1b72f8c188bcce67a3cd5ccf0a.yaml b/nuclei-templates/cve-less/plugins/wp-register-profile-with-shortcode-e5cd3f1b72f8c188bcce67a3cd5ccf0a.yaml new file mode 100644 index 0000000000..57fb9240a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-register-profile-with-shortcode-e5cd3f1b72f8c188bcce67a3cd5ccf0a.yaml @@ -0,0 +1,58 @@ +id: wp-register-profile-with-shortcode-e5cd3f1b72f8c188bcce67a3cd5ccf0a + +info: + name: > + WP Register Profile With Shortcode <= 3.5.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c20f87e-3670-444c-aa8a-28988dfe2fd9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-register-profile-with-shortcode/" + google-query: inurl:"/wp-content/plugins/wp-register-profile-with-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-register-profile-with-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-register-profile-with-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-register-profile-with-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-related-posts-7db34627f1b70dfb15b3a62077ab868f.yaml b/nuclei-templates/cve-less/plugins/wp-related-posts-7db34627f1b70dfb15b3a62077ab868f.yaml new file mode 100644 index 0000000000..d240eb78c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-related-posts-7db34627f1b70dfb15b3a62077ab868f.yaml @@ -0,0 +1,58 @@ +id: wp-related-posts-7db34627f1b70dfb15b3a62077ab868f + +info: + name: > + WP Related Posts <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87e9d29b-9e0d-409c-97a5-7c444dff7382?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-related-posts/" + google-query: inurl:"/wp-content/plugins/wp-related-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-related-posts,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-related-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-related-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-remote-site-search-07a16aaf94526ab4a5492ec25d7bc965.yaml b/nuclei-templates/cve-less/plugins/wp-remote-site-search-07a16aaf94526ab4a5492ec25d7bc965.yaml new file mode 100644 index 0000000000..184f0b0043 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-remote-site-search-07a16aaf94526ab4a5492ec25d7bc965.yaml @@ -0,0 +1,58 @@ +id: wp-remote-site-search-07a16aaf94526ab4a5492ec25d7bc965 + +info: + name: > + WP Remote Site Search <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79d4e5a8-028a-488e-b419-77a0981a28a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-remote-site-search/" + google-query: inurl:"/wp-content/plugins/wp-remote-site-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-remote-site-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-remote-site-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-remote-site-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-remote-users-sync-b5b3726a38a0d1a56eeda75879ed92d9.yaml b/nuclei-templates/cve-less/plugins/wp-remote-users-sync-b5b3726a38a0d1a56eeda75879ed92d9.yaml new file mode 100644 index 0000000000..621c893301 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-remote-users-sync-b5b3726a38a0d1a56eeda75879ed92d9.yaml @@ -0,0 +1,58 @@ +id: wp-remote-users-sync-b5b3726a38a0d1a56eeda75879ed92d9 + +info: + name: > + WP Remote Users Sync <= 1.2.11 - Missing Authorization to Authenticated (Subscriber+) Log View + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e87cfc4-8e7c-47d6-80fc-9c293cdd8acb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-remote-users-sync/" + google-query: inurl:"/wp-content/plugins/wp-remote-users-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-remote-users-sync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-remote-users-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-remote-users-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-remote-users-sync-be653cd14bcab55a461716f49e0f0156.yaml b/nuclei-templates/cve-less/plugins/wp-remote-users-sync-be653cd14bcab55a461716f49e0f0156.yaml new file mode 100644 index 0000000000..f166404645 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-remote-users-sync-be653cd14bcab55a461716f49e0f0156.yaml @@ -0,0 +1,58 @@ +id: wp-remote-users-sync-be653cd14bcab55a461716f49e0f0156 + +info: + name: > + WP Remote Users Sync <= 1.2.12 - Authenticated (Subscriber+) Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e78c759-4a54-4ee4-8eff-df91fe9dad46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-remote-users-sync/" + google-query: inurl:"/wp-content/plugins/wp-remote-users-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-remote-users-sync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-remote-users-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-remote-users-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-replicate-post-64ddeafe0a6eb1f3dc3db9049ece872d.yaml b/nuclei-templates/cve-less/plugins/wp-replicate-post-64ddeafe0a6eb1f3dc3db9049ece872d.yaml new file mode 100644 index 0000000000..4319e668db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-replicate-post-64ddeafe0a6eb1f3dc3db9049ece872d.yaml @@ -0,0 +1,58 @@ +id: wp-replicate-post-64ddeafe0a6eb1f3dc3db9049ece872d + +info: + name: > + WP Replicate Post <= 4.0.2 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/916e6f8b-cb29-4062-9a05-0337cfdb382a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-replicate-post/" + google-query: inurl:"/wp-content/plugins/wp-replicate-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-replicate-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-replicate-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-replicate-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reply-notify-ad6d214a4db8beee18bddf61121faca2.yaml b/nuclei-templates/cve-less/plugins/wp-reply-notify-ad6d214a4db8beee18bddf61121faca2.yaml new file mode 100644 index 0000000000..305a6c0924 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reply-notify-ad6d214a4db8beee18bddf61121faca2.yaml @@ -0,0 +1,58 @@ +id: wp-reply-notify-ad6d214a4db8beee18bddf61121faca2 + +info: + name: > + WP-Reply Notify <= 1.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/837e596e-a4a7-4fcf-a761-aed35a789770?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reply-notify/" + google-query: inurl:"/wp-content/plugins/wp-reply-notify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reply-notify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reply-notify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reply-notify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-report-post-1540a4d1322834c5a338a51354b58ee1.yaml b/nuclei-templates/cve-less/plugins/wp-report-post-1540a4d1322834c5a338a51354b58ee1.yaml new file mode 100644 index 0000000000..bb4594d352 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-report-post-1540a4d1322834c5a338a51354b58ee1.yaml @@ -0,0 +1,58 @@ +id: wp-report-post-1540a4d1322834c5a338a51354b58ee1 + +info: + name: > + WP Report Post <= 2.1.2 - Authenticated (Editor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8dae13e5-cee7-4392-af71-7d466ba6f6c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-report-post/" + google-query: inurl:"/wp-content/plugins/wp-report-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-report-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-report-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-report-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-report-post-b9c578185717d2a2b3d8049789a9a952.yaml b/nuclei-templates/cve-less/plugins/wp-report-post-b9c578185717d2a2b3d8049789a9a952.yaml new file mode 100644 index 0000000000..c9f959586f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-report-post-b9c578185717d2a2b3d8049789a9a952.yaml @@ -0,0 +1,58 @@ +id: wp-report-post-b9c578185717d2a2b3d8049789a9a952 + +info: + name: > + WP Report Post <= 2.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09e28b72-55c6-4f2f-b689-a8989945651b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-report-post/" + google-query: inurl:"/wp-content/plugins/wp-report-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-report-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-report-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-report-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-report-post-fdf3c9a8ce0d028a3ed00c7adbf8cbb4.yaml b/nuclei-templates/cve-less/plugins/wp-report-post-fdf3c9a8ce0d028a3ed00c7adbf8cbb4.yaml new file mode 100644 index 0000000000..6e5dc2fc78 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-report-post-fdf3c9a8ce0d028a3ed00c7adbf8cbb4.yaml @@ -0,0 +1,58 @@ +id: wp-report-post-fdf3c9a8ce0d028a3ed00c7adbf8cbb4 + +info: + name: > + WP Report Post <= 2.1.2 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4a273e7-eb8a-4cfa-80c2-f87d04a6a33e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-report-post/" + google-query: inurl:"/wp-content/plugins/wp-report-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-report-post,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-report-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-report-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-repost-0e94306a43ae08419eb38c17f3bdf17f.yaml b/nuclei-templates/cve-less/plugins/wp-repost-0e94306a43ae08419eb38c17f3bdf17f.yaml new file mode 100644 index 0000000000..67a7b45310 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-repost-0e94306a43ae08419eb38c17f3bdf17f.yaml @@ -0,0 +1,58 @@ +id: wp-repost-0e94306a43ae08419eb38c17f3bdf17f + +info: + name: > + WP Repost <= 0.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbf0f614-e5e9-486c-a0dd-cd494708a2a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-repost/" + google-query: inurl:"/wp-content/plugins/wp-repost/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-repost,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-repost/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-repost" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-repost-f62d90a1456165ae9d04c07d4bf69a25.yaml b/nuclei-templates/cve-less/plugins/wp-repost-f62d90a1456165ae9d04c07d4bf69a25.yaml new file mode 100644 index 0000000000..973e4d94fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-repost-f62d90a1456165ae9d04c07d4bf69a25.yaml @@ -0,0 +1,58 @@ +id: wp-repost-f62d90a1456165ae9d04c07d4bf69a25 + +info: + name: > + WP Repost <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scritping + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/438689aa-3b85-4dd7-ac3e-a37906efd79c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-repost/" + google-query: inurl:"/wp-content/plugins/wp-repost/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-repost,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-repost/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-repost" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reroute-email-1c70785f67dd945fd36f027518750446.yaml b/nuclei-templates/cve-less/plugins/wp-reroute-email-1c70785f67dd945fd36f027518750446.yaml new file mode 100644 index 0000000000..acf5eefbe2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reroute-email-1c70785f67dd945fd36f027518750446.yaml @@ -0,0 +1,58 @@ +id: wp-reroute-email-1c70785f67dd945fd36f027518750446 + +info: + name: > + WP Reroute Email <= 1.4.9 - Unauthenticated Stored Cross-Site Scripting via Email Subject + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a0e962b-b6a0-4179-91d0-5ede508a9895?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reroute-email/" + google-query: inurl:"/wp-content/plugins/wp-reroute-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reroute-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reroute-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reroute-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reroute-email-20b79e43dd02b60a0996dbe99e7ba439.yaml b/nuclei-templates/cve-less/plugins/wp-reroute-email-20b79e43dd02b60a0996dbe99e7ba439.yaml new file mode 100644 index 0000000000..9d93a31c87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reroute-email-20b79e43dd02b60a0996dbe99e7ba439.yaml @@ -0,0 +1,58 @@ +id: wp-reroute-email-20b79e43dd02b60a0996dbe99e7ba439 + +info: + name: > + WP Reroute Email <= 1.4.6 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/395a8ca6-78b8-43f2-8e8c-896702b5da0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reroute-email/" + google-query: inurl:"/wp-content/plugins/wp-reroute-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reroute-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reroute-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reroute-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reroute-email-ca75f0bb6be077d73d2ab1f9278e0078.yaml b/nuclei-templates/cve-less/plugins/wp-reroute-email-ca75f0bb6be077d73d2ab1f9278e0078.yaml new file mode 100644 index 0000000000..c089bd4c22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reroute-email-ca75f0bb6be077d73d2ab1f9278e0078.yaml @@ -0,0 +1,58 @@ +id: wp-reroute-email-ca75f0bb6be077d73d2ab1f9278e0078 + +info: + name: > + WP Reroute Email <= 1.4.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c3a047f-be12-4308-a4a5-fbbbc37f674d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reroute-email/" + google-query: inurl:"/wp-content/plugins/wp-reroute-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reroute-email,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reroute-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reroute-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reset-07bd4b69b402b2bb38b733353ad05536.yaml b/nuclei-templates/cve-less/plugins/wp-reset-07bd4b69b402b2bb38b733353ad05536.yaml new file mode 100644 index 0000000000..f60268d608 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reset-07bd4b69b402b2bb38b733353ad05536.yaml @@ -0,0 +1,58 @@ +id: wp-reset-07bd4b69b402b2bb38b733353ad05536 + +info: + name: > + WP Reset – Most Advanced WordPress Reset Tool (PRO) 5.00- 5.98 - Missing Authorization to Database Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e91fabe-469f-4743-bb8d-76ef20313b37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reset/" + google-query: inurl:"/wp-content/plugins/wp-reset/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reset,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reset/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reset" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 5.00', '<= 5.98') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reset-1ac9ed75dda676d9de3cd3380fd4d32a.yaml b/nuclei-templates/cve-less/plugins/wp-reset-1ac9ed75dda676d9de3cd3380fd4d32a.yaml new file mode 100644 index 0000000000..da7f7e3356 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reset-1ac9ed75dda676d9de3cd3380fd4d32a.yaml @@ -0,0 +1,58 @@ +id: wp-reset-1ac9ed75dda676d9de3cd3380fd4d32a + +info: + name: > + WP Reset PRO 5.00-5.98 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66afddee-a136-4c71-9e5d-3cc1552010cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reset/" + google-query: inurl:"/wp-content/plugins/wp-reset/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reset,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reset/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reset" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 5.00', '<= 5.98') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reset-83fdf9d48a350c095ff472b1a9a82eb4.yaml b/nuclei-templates/cve-less/plugins/wp-reset-83fdf9d48a350c095ff472b1a9a82eb4.yaml new file mode 100644 index 0000000000..3260eb14e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reset-83fdf9d48a350c095ff472b1a9a82eb4.yaml @@ -0,0 +1,58 @@ +id: wp-reset-83fdf9d48a350c095ff472b1a9a82eb4 + +info: + name: > + WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68f41e88-ed36-4361-bddd-41495a540cd9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reset/" + google-query: inurl:"/wp-content/plugins/wp-reset/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reset,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reset/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reset" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reset-dc229c244bcfffc7d06d63944e8371c4.yaml b/nuclei-templates/cve-less/plugins/wp-reset-dc229c244bcfffc7d06d63944e8371c4.yaml new file mode 100644 index 0000000000..5e3ff4155b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reset-dc229c244bcfffc7d06d63944e8371c4.yaml @@ -0,0 +1,58 @@ +id: wp-reset-dc229c244bcfffc7d06d63944e8371c4 + +info: + name: > + WP Reset <= 1.86 - Authenticated Stored Cross-Site Scripting via extra_data Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0252d07a-cf84-479d-a71b-a9b13a9765d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reset/" + google-query: inurl:"/wp-content/plugins/wp-reset/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reset,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reset/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reset" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.86') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-menu-56eaa7b8dc455f22f829544599237693.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-menu-56eaa7b8dc455f22f829544599237693.yaml new file mode 100644 index 0000000000..b0262614f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-menu-56eaa7b8dc455f22f829544599237693.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-menu-56eaa7b8dc455f22f829544599237693 + +info: + name: > + WP Responsive Menu <= 3.1.7 - Missing Authorization to Settings Update & Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d0a822f-94b2-4875-b4b2-5c866555e3bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-menu/" + google-query: inurl:"/wp-content/plugins/wp-responsive-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-menu,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-photo-gallery-d5756f65fb344b6553377b88f83d5a57.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-photo-gallery-d5756f65fb344b6553377b88f83d5a57.yaml new file mode 100644 index 0000000000..5a3900cbf9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-photo-gallery-d5756f65fb344b6553377b88f83d5a57.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-photo-gallery-d5756f65fb344b6553377b88f83d5a57 + +info: + name: > + Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.13 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51a1c2de-56be-4487-874a-a916e8a6992a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-photo-gallery/" + google-query: inurl:"/wp-content/plugins/wp-responsive-photo-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-photo-gallery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-photo-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-photo-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-preview-9f9f1456664e215602c73448e19f0749.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-preview-9f9f1456664e215602c73448e19f0749.yaml new file mode 100644 index 0000000000..c79edbc62d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-preview-9f9f1456664e215602c73448e19f0749.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-preview-9f9f1456664e215602c73448e19f0749 + +info: + name: > + WordPress Responsive Preview <= 1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/221a8ff6-1f6e-41a0-82ef-eaa14ff84a26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-preview/" + google-query: inurl:"/wp-content/plugins/wp-responsive-preview/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-preview,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-preview/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-preview" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-recent-post-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-recent-post-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..dba54311fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-recent-post-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-recent-post-slider-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-recent-post-slider/" + google-query: inurl:"/wp-content/plugins/wp-responsive-recent-post-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-recent-post-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-recent-post-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-recent-post-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-25a9f7730c5842083500e9e166082efc.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-25a9f7730c5842083500e9e166082efc.yaml new file mode 100644 index 0000000000..2e59c1cba0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-25a9f7730c5842083500e9e166082efc.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-slider-with-lightbox-25a9f7730c5842083500e9e166082efc + +info: + name: > + Thumbnail Slider With Lightbox <= 1.0 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e51e1cd2-6de9-4820-8bba-1c6b5053e2c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-slider-with-lightbox/" + google-query: inurl:"/wp-content/plugins/wp-responsive-slider-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-slider-with-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-slider-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-slider-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-bd4c9f634768986dc47827bf4d97837f.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-bd4c9f634768986dc47827bf4d97837f.yaml new file mode 100644 index 0000000000..de3397e4d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-bd4c9f634768986dc47827bf4d97837f.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-slider-with-lightbox-bd4c9f634768986dc47827bf4d97837f + +info: + name: > + Thumbnail Slider With Lightbox <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/055b7ed5-268a-485e-ac7d-8082dc9fb2ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-slider-with-lightbox/" + google-query: inurl:"/wp-content/plugins/wp-responsive-slider-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-slider-with-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-slider-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-slider-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-f125bb3227f74edc5c60e8c9d6eb9da3.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-f125bb3227f74edc5c60e8c9d6eb9da3.yaml new file mode 100644 index 0000000000..f48ab4091d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-slider-with-lightbox-f125bb3227f74edc5c60e8c9d6eb9da3.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-slider-with-lightbox-f125bb3227f74edc5c60e8c9d6eb9da3 + +info: + name: > + Thumbnail Slider With Lightbox <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Image Title + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/547c425d-8b0f-4e65-8b8a-c3a3059301fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-slider-with-lightbox/" + google-query: inurl:"/wp-content/plugins/wp-responsive-slider-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-slider-with-lightbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-slider-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-slider-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-testimonials-slider-and-widget-6ee9ba365ca511bfc329f7df63da810e.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-testimonials-slider-and-widget-6ee9ba365ca511bfc329f7df63da810e.yaml new file mode 100644 index 0000000000..e51815a4da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-testimonials-slider-and-widget-6ee9ba365ca511bfc329f7df63da810e.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-testimonials-slider-and-widget-6ee9ba365ca511bfc329f7df63da810e + +info: + name: > + WP Responsive Testimonials Slider And Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17f118c5-c485-448b-8ab7-3f7fd44be583?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-testimonials-slider-and-widget/" + google-query: inurl:"/wp-content/plugins/wp-responsive-testimonials-slider-and-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-testimonials-slider-and-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-testimonials-slider-and-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-testimonials-slider-and-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-2f648ce81ebcdfff75d3b5dc6ad4dbca.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-2f648ce81ebcdfff75d3b5dc6ad4dbca.yaml new file mode 100644 index 0000000000..ae7e5a2978 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-2f648ce81ebcdfff75d3b5dc6ad4dbca.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-thumbnail-slider-2f648ce81ebcdfff75d3b5dc6ad4dbca + +info: + name: > + Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4bf4e12-5cbb-45bc-938e-62163baaa15d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-thumbnail-slider/" + google-query: inurl:"/wp-content/plugins/wp-responsive-thumbnail-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-thumbnail-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-thumbnail-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-thumbnail-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-961b204cf44c68d337a8c4abce4e5661.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-961b204cf44c68d337a8c4abce4e5661.yaml new file mode 100644 index 0000000000..f778efd63c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-961b204cf44c68d337a8c4abce4e5661.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-thumbnail-slider-961b204cf44c68d337a8c4abce4e5661 + +info: + name: > + Thumbnail carousel slider <= 1.0 - Cross-Site Request Forgery to Mass Slider Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bde75c5a-b0b7-4f26-91e9-dd4816e276c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-thumbnail-slider/" + google-query: inurl:"/wp-content/plugins/wp-responsive-thumbnail-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-thumbnail-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-thumbnail-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-thumbnail-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-b2718ea6f3f6ed667b8cfc7c6db95d2f.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-b2718ea6f3f6ed667b8cfc7c6db95d2f.yaml new file mode 100644 index 0000000000..7ab3e9a34b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-thumbnail-slider-b2718ea6f3f6ed667b8cfc7c6db95d2f.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-thumbnail-slider-b2718ea6f3f6ed667b8cfc7c6db95d2f + +info: + name: > + Thumbnail carousel slider <= 1.1.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99711f41-d21b-4725-acc8-9542283daf12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-thumbnail-slider/" + google-query: inurl:"/wp-content/plugins/wp-responsive-thumbnail-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-thumbnail-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-thumbnail-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-thumbnail-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-video-gallery-with-lightbox-c3b3583607c5150ae09b547b67030790.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-video-gallery-with-lightbox-c3b3583607c5150ae09b547b67030790.yaml new file mode 100644 index 0000000000..a8113a54d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-video-gallery-with-lightbox-c3b3583607c5150ae09b547b67030790.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-video-gallery-with-lightbox-c3b3583607c5150ae09b547b67030790 + +info: + name: > + video carousel slider with lightbox 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc052b00-65a7-4668-8bdd-b06d69d12a4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-video-gallery-with-lightbox/" + google-query: inurl:"/wp-content/plugins/wp-responsive-video-gallery-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-video-gallery-with-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-video-gallery-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-video-gallery-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-responsive-video-gallery-with-lightbox-e1d3d085ab54042265af9032b57a352b.yaml b/nuclei-templates/cve-less/plugins/wp-responsive-video-gallery-with-lightbox-e1d3d085ab54042265af9032b57a352b.yaml new file mode 100644 index 0000000000..cf1e3a664f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-responsive-video-gallery-with-lightbox-e1d3d085ab54042265af9032b57a352b.yaml @@ -0,0 +1,58 @@ +id: wp-responsive-video-gallery-with-lightbox-e1d3d085ab54042265af9032b57a352b + +info: + name: > + video carousel slider with lightbox <= 1.0.22 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e88bb3a8-de24-46fb-a3e4-9ca3fdd4cca7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-responsive-video-gallery-with-lightbox/" + google-query: inurl:"/wp-content/plugins/wp-responsive-video-gallery-with-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-responsive-video-gallery-with-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-responsive-video-gallery-with-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-responsive-video-gallery-with-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rest-api-authentication-c4daa9433506094793f25873e18663b9.yaml b/nuclei-templates/cve-less/plugins/wp-rest-api-authentication-c4daa9433506094793f25873e18663b9.yaml new file mode 100644 index 0000000000..3249b6af7e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rest-api-authentication-c4daa9433506094793f25873e18663b9.yaml @@ -0,0 +1,58 @@ +id: wp-rest-api-authentication-c4daa9433506094793f25873e18663b9 + +info: + name: > + WordPress REST API Authentication <= 2.4.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bdb35f31-60a6-40b5-aed3-102a1c8c4fd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rest-api-authentication/" + google-query: inurl:"/wp-content/plugins/wp-rest-api-authentication/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rest-api-authentication,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rest-api-authentication/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rest-api-authentication" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-restful-db7767ed937dfde97dcfb07b299497ed.yaml b/nuclei-templates/cve-less/plugins/wp-restful-db7767ed937dfde97dcfb07b299497ed.yaml new file mode 100644 index 0000000000..5e91844858 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-restful-db7767ed937dfde97dcfb07b299497ed.yaml @@ -0,0 +1,58 @@ +id: wp-restful-db7767ed937dfde97dcfb07b299497ed + +info: + name: > + WP Restful <= 0.1 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fab1e59-5123-4ccb-bc0c-b8908643af89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-restful/" + google-query: inurl:"/wp-content/plugins/wp-restful/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-restful,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-restful/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-restful" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-retina-2x-575007d168cd026eefe7a606e43b0e70.yaml b/nuclei-templates/cve-less/plugins/wp-retina-2x-575007d168cd026eefe7a606e43b0e70.yaml new file mode 100644 index 0000000000..184289ae62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-retina-2x-575007d168cd026eefe7a606e43b0e70.yaml @@ -0,0 +1,58 @@ +id: wp-retina-2x-575007d168cd026eefe7a606e43b0e70 + +info: + name: > + WP Retina 2x <= 6.4.5 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52c2aae5-17c2-45eb-b55f-bb27555fb1f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-retina-2x/" + google-query: inurl:"/wp-content/plugins/wp-retina-2x/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-retina-2x,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-retina-2x/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-retina-2x" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-retina-2x-6bed45cc7ffa2c1423965f9f86a13b79.yaml b/nuclei-templates/cve-less/plugins/wp-retina-2x-6bed45cc7ffa2c1423965f9f86a13b79.yaml new file mode 100644 index 0000000000..e0f4e8d5b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-retina-2x-6bed45cc7ffa2c1423965f9f86a13b79.yaml @@ -0,0 +1,58 @@ +id: wp-retina-2x-6bed45cc7ffa2c1423965f9f86a13b79 + +info: + name: > + Perfect Images <= 5.2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9f3349e-de64-498e-bb82-5ceff1456265?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-retina-2x/" + google-query: inurl:"/wp-content/plugins/wp-retina-2x/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-retina-2x,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-retina-2x/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-retina-2x" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-retina-2x-ad6eca81b2e556f270b3ae3f5090cf96.yaml b/nuclei-templates/cve-less/plugins/wp-retina-2x-ad6eca81b2e556f270b3ae3f5090cf96.yaml new file mode 100644 index 0000000000..6927f27c0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-retina-2x-ad6eca81b2e556f270b3ae3f5090cf96.yaml @@ -0,0 +1,58 @@ +id: wp-retina-2x-ad6eca81b2e556f270b3ae3f5090cf96 + +info: + name: > + WP Retina 2x <= 5.2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09618198-06fd-438b-a526-c7bf5b2570a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-retina-2x/" + google-query: inurl:"/wp-content/plugins/wp-retina-2x/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-retina-2x,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-retina-2x/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-retina-2x" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reviews-plugin-for-google-46456613c7a836ce3b1a8f48d3151f77.yaml b/nuclei-templates/cve-less/plugins/wp-reviews-plugin-for-google-46456613c7a836ce3b1a8f48d3151f77.yaml new file mode 100644 index 0000000000..f6f19e63ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reviews-plugin-for-google-46456613c7a836ce3b1a8f48d3151f77.yaml @@ -0,0 +1,58 @@ +id: wp-reviews-plugin-for-google-46456613c7a836ce3b1a8f48d3151f77 + +info: + name: > + Widgets for Google Reviews < 9.8 - Authenticated (Contributor+) Stored XSS + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8540b8f3-aace-4559-b83c-6244f2249548?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reviews-plugin-for-google/" + google-query: inurl:"/wp-content/plugins/wp-reviews-plugin-for-google/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reviews-plugin-for-google,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reviews-plugin-for-google/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reviews-plugin-for-google" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reviews-plugin-for-google-61b7e681fc2aebd347be4e6d876bf4f7.yaml b/nuclei-templates/cve-less/plugins/wp-reviews-plugin-for-google-61b7e681fc2aebd347be4e6d876bf4f7.yaml new file mode 100644 index 0000000000..6fa733f199 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reviews-plugin-for-google-61b7e681fc2aebd347be4e6d876bf4f7.yaml @@ -0,0 +1,58 @@ +id: wp-reviews-plugin-for-google-61b7e681fc2aebd347be4e6d876bf4f7 + +info: + name: > + Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/504c0132-530b-4184-b19a-97e68df79b48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reviews-plugin-for-google/" + google-query: inurl:"/wp-content/plugins/wp-reviews-plugin-for-google/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reviews-plugin-for-google,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reviews-plugin-for-google/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reviews-plugin-for-google" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-reviews-plugin-for-google-ed0f9423d4c48dfd65b856931b8ae551.yaml b/nuclei-templates/cve-less/plugins/wp-reviews-plugin-for-google-ed0f9423d4c48dfd65b856931b8ae551.yaml new file mode 100644 index 0000000000..a907d3ee0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-reviews-plugin-for-google-ed0f9423d4c48dfd65b856931b8ae551.yaml @@ -0,0 +1,58 @@ +id: wp-reviews-plugin-for-google-ed0f9423d4c48dfd65b856931b8ae551 + +info: + name: > + Widgets for Google Reviews <= 10.9 - Cross-Site Request Forgery to Plugin Settings Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70968476-b064-477f-999f-4aa2c51d89cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-reviews-plugin-for-google/" + google-query: inurl:"/wp-content/plugins/wp-reviews-plugin-for-google/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-reviews-plugin-for-google,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-reviews-plugin-for-google/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-reviews-plugin-for-google" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-roadmap-1c48d6771b0e3d17023908b8bdc75005.yaml b/nuclei-templates/cve-less/plugins/wp-roadmap-1c48d6771b0e3d17023908b8bdc75005.yaml new file mode 100644 index 0000000000..f25cdfb559 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-roadmap-1c48d6771b0e3d17023908b8bdc75005.yaml @@ -0,0 +1,58 @@ +id: wp-roadmap-1c48d6771b0e3d17023908b8bdc75005 + +info: + name: > + WP Roadmap <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24fc2554-375a-4216-91bf-41921cc4b436?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-roadmap/" + google-query: inurl:"/wp-content/plugins/wp-roadmap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-roadmap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-roadmap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-roadmap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rocket-b300eab2789f0638494228aea0ada3b0.yaml b/nuclei-templates/cve-less/plugins/wp-rocket-b300eab2789f0638494228aea0ada3b0.yaml new file mode 100644 index 0000000000..052403df5e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rocket-b300eab2789f0638494228aea0ada3b0.yaml @@ -0,0 +1,58 @@ +id: wp-rocket-b300eab2789f0638494228aea0ada3b0 + +info: + name: > + WP Rocket <= 2.10.3 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9167e4bd-74be-46c9-b06e-566c13c02c7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rocket/" + google-query: inurl:"/wp-content/plugins/wp-rocket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rocket,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rocket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rocket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-roles-at-registration-0822b2c02c49629a19bf084eb6d8580a.yaml b/nuclei-templates/cve-less/plugins/wp-roles-at-registration-0822b2c02c49629a19bf084eb6d8580a.yaml new file mode 100644 index 0000000000..b6cf6a1a85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-roles-at-registration-0822b2c02c49629a19bf084eb6d8580a.yaml @@ -0,0 +1,58 @@ +id: wp-roles-at-registration-0822b2c02c49629a19bf084eb6d8580a + +info: + name: > + WP Roles at Registration <= 0.23 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a4eeb77-7a8b-489f-8ded-bbe09e881758?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-roles-at-registration/" + google-query: inurl:"/wp-content/plugins/wp-roles-at-registration/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-roles-at-registration,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-roles-at-registration/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-roles-at-registration" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.23') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rollback-79ab1b5d546d12b519823b2566724735.yaml b/nuclei-templates/cve-less/plugins/wp-rollback-79ab1b5d546d12b519823b2566724735.yaml new file mode 100644 index 0000000000..33cec0e4da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rollback-79ab1b5d546d12b519823b2566724735.yaml @@ -0,0 +1,58 @@ +id: wp-rollback-79ab1b5d546d12b519823b2566724735 + +info: + name: > + Rollback < 1.2.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0d68506-ee5c-4b01-a0d2-caf2482106e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rollback/" + google-query: inurl:"/wp-content/plugins/wp-rollback/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rollback,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rollback/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rollback" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rollback-7a4c9972726e4955d433f6a7b81c1d28.yaml b/nuclei-templates/cve-less/plugins/wp-rollback-7a4c9972726e4955d433f6a7b81c1d28.yaml new file mode 100644 index 0000000000..ce4ca90aa8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rollback-7a4c9972726e4955d433f6a7b81c1d28.yaml @@ -0,0 +1,58 @@ +id: wp-rollback-7a4c9972726e4955d433f6a7b81c1d28 + +info: + name: > + WP Rollback < 1.2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a3cfa87-ad48-401c-b823-f61d5a7af680?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rollback/" + google-query: inurl:"/wp-content/plugins/wp-rollback/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rollback,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rollback/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rollback" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-royal-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-royal-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..4df704aca8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-royal-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-royal-gallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-royal-gallery/" + google-query: inurl:"/wp-content/plugins/wp-royal-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-royal-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-royal-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-royal-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rss-aggregator-2565b37cf24425d8b3b9a64e0058d4a4.yaml b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-2565b37cf24425d8b3b9a64e0058d4a4.yaml new file mode 100644 index 0000000000..293b3dd265 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-2565b37cf24425d8b3b9a64e0058d4a4.yaml @@ -0,0 +1,58 @@ +id: wp-rss-aggregator-2565b37cf24425d8b3b9a64e0058d4a4 + +info: + name: > + WP RSS Aggregator <= 4.23.4 - Authenticated (Admin+) Stored Cross-Site Scripting via RSS Feed Source + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rss-aggregator/" + google-query: inurl:"/wp-content/plugins/wp-rss-aggregator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rss-aggregator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rss-aggregator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rss-aggregator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.23.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rss-aggregator-788781eedb2bbfc885e59d651ce4ff66.yaml b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-788781eedb2bbfc885e59d651ce4ff66.yaml new file mode 100644 index 0000000000..8a513b4c1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-788781eedb2bbfc885e59d651ce4ff66.yaml @@ -0,0 +1,58 @@ +id: wp-rss-aggregator-788781eedb2bbfc885e59d651ce4ff66 + +info: + name: > + WP RSS Aggregator <= 4.19.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b4bb70a-ee8e-4e1a-9989-7658307bedc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rss-aggregator/" + google-query: inurl:"/wp-content/plugins/wp-rss-aggregator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rss-aggregator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rss-aggregator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rss-aggregator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.19.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rss-aggregator-7a5699f4eb992769878daf8812d2e5b5.yaml b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-7a5699f4eb992769878daf8812d2e5b5.yaml new file mode 100644 index 0000000000..18fde34361 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-7a5699f4eb992769878daf8812d2e5b5.yaml @@ -0,0 +1,58 @@ +id: wp-rss-aggregator-7a5699f4eb992769878daf8812d2e5b5 + +info: + name: > + WP RSS Aggregator <= 4.23.5 - Authenticated (Admin+) Server-Side Request Forgery via RSS Feed Source + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2154383e-eabb-4964-8991-423dd68d5efb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rss-aggregator/" + google-query: inurl:"/wp-content/plugins/wp-rss-aggregator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rss-aggregator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rss-aggregator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rss-aggregator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '4.23.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rss-aggregator-b26100fb2d07199c87c48d6d1e20e10e.yaml b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-b26100fb2d07199c87c48d6d1e20e10e.yaml new file mode 100644 index 0000000000..12de2d62dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-b26100fb2d07199c87c48d6d1e20e10e.yaml @@ -0,0 +1,58 @@ +id: wp-rss-aggregator-b26100fb2d07199c87c48d6d1e20e10e + +info: + name: > + WP RSS Aggregator <= 4.19.2 - Subscriber+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5776ae23-3846-41bf-92dd-948230c334bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rss-aggregator/" + google-query: inurl:"/wp-content/plugins/wp-rss-aggregator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rss-aggregator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rss-aggregator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rss-aggregator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.19.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rss-aggregator-c9743e9890778c464db472a56cb6fc0e.yaml b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-c9743e9890778c464db472a56cb6fc0e.yaml new file mode 100644 index 0000000000..7ab612e025 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rss-aggregator-c9743e9890778c464db472a56cb6fc0e.yaml @@ -0,0 +1,58 @@ +id: wp-rss-aggregator-c9743e9890778c464db472a56cb6fc0e + +info: + name: > + WP RSS Aggregator <= 4.19.1 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0d8a530-53fd-4e2f-aa57-d75c89dc2a51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rss-aggregator/" + google-query: inurl:"/wp-content/plugins/wp-rss-aggregator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rss-aggregator,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rss-aggregator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rss-aggregator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.19.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rss-by-publishers-462fb716ec2f0ec4e2f418a785fb1df8.yaml b/nuclei-templates/cve-less/plugins/wp-rss-by-publishers-462fb716ec2f0ec4e2f418a785fb1df8.yaml new file mode 100644 index 0000000000..a903e12136 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rss-by-publishers-462fb716ec2f0ec4e2f418a785fb1df8.yaml @@ -0,0 +1,58 @@ +id: wp-rss-by-publishers-462fb716ec2f0ec4e2f418a785fb1df8 + +info: + name: > + WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3940232c-b3d4-488b-830d-797bdab9cfbe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rss-by-publishers/" + google-query: inurl:"/wp-content/plugins/wp-rss-by-publishers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rss-by-publishers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rss-by-publishers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rss-by-publishers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rss-by-publishers-74b1a71215563001aea36d2a3bce8f35.yaml b/nuclei-templates/cve-less/plugins/wp-rss-by-publishers-74b1a71215563001aea36d2a3bce8f35.yaml new file mode 100644 index 0000000000..83578e5738 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rss-by-publishers-74b1a71215563001aea36d2a3bce8f35.yaml @@ -0,0 +1,58 @@ +id: wp-rss-by-publishers-74b1a71215563001aea36d2a3bce8f35 + +info: + name: > + WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66bc8d9c-1a5f-4dca-b15f-8fdf821dbc6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rss-by-publishers/" + google-query: inurl:"/wp-content/plugins/wp-rss-by-publishers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rss-by-publishers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rss-by-publishers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rss-by-publishers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rss-by-publishers-ee3fe625ab8f88885d07211e8987b8d5.yaml b/nuclei-templates/cve-less/plugins/wp-rss-by-publishers-ee3fe625ab8f88885d07211e8987b8d5.yaml new file mode 100644 index 0000000000..95e4441fa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rss-by-publishers-ee3fe625ab8f88885d07211e8987b8d5.yaml @@ -0,0 +1,58 @@ +id: wp-rss-by-publishers-ee3fe625ab8f88885d07211e8987b8d5 + +info: + name: > + WP RSS By Publishers <= 0.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3745b681-cb09-4a5b-a57b-c7f35b8c5133?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rss-by-publishers/" + google-query: inurl:"/wp-content/plugins/wp-rss-by-publishers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rss-by-publishers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rss-by-publishers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rss-by-publishers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rss-images-2efaa05e7b1e6abe1f42ac71047e9bba.yaml b/nuclei-templates/cve-less/plugins/wp-rss-images-2efaa05e7b1e6abe1f42ac71047e9bba.yaml new file mode 100644 index 0000000000..928fe4a4c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rss-images-2efaa05e7b1e6abe1f42ac71047e9bba.yaml @@ -0,0 +1,58 @@ +id: wp-rss-images-2efaa05e7b1e6abe1f42ac71047e9bba + +info: + name: > + WP RSS Images <= 1.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adb70798-2ef9-4384-bcca-8862afa044ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rss-images/" + google-query: inurl:"/wp-content/plugins/wp-rss-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rss-images,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rss-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rss-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-rss-poster-59933ed8813fc650ac85aae65e91d1d9.yaml b/nuclei-templates/cve-less/plugins/wp-rss-poster-59933ed8813fc650ac85aae65e91d1d9.yaml new file mode 100644 index 0000000000..03c1967666 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-rss-poster-59933ed8813fc650ac85aae65e91d1d9.yaml @@ -0,0 +1,58 @@ +id: wp-rss-poster-59933ed8813fc650ac85aae65e91d1d9 + +info: + name: > + WP Rss Poster <= 1.0.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fd2ed33-6977-4480-bdcb-d7afae7bfd06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-rss-poster/" + google-query: inurl:"/wp-content/plugins/wp-rss-poster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-rss-poster,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-rss-poster/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-rss-poster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-s3-693d96d86e403672dd1c5e131a4895d3.yaml b/nuclei-templates/cve-less/plugins/wp-s3-693d96d86e403672dd1c5e131a4895d3.yaml new file mode 100644 index 0000000000..3f38b25462 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-s3-693d96d86e403672dd1c5e131a4895d3.yaml @@ -0,0 +1,58 @@ +id: wp-s3-693d96d86e403672dd1c5e131a4895d3 + +info: + name: > + WordPress Amazon S3 Plugin <= 1.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab779713-7004-47f6-af16-2db2c7c1013b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-s3/" + google-query: inurl:"/wp-content/plugins/wp-s3/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-s3,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-s3/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-s3" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-s3-smart-upload-00fe1d8fca57ad1440836b41da0ce6fd.yaml b/nuclei-templates/cve-less/plugins/wp-s3-smart-upload-00fe1d8fca57ad1440836b41da0ce6fd.yaml new file mode 100644 index 0000000000..cbc7589beb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-s3-smart-upload-00fe1d8fca57ad1440836b41da0ce6fd.yaml @@ -0,0 +1,58 @@ +id: wp-s3-smart-upload-00fe1d8fca57ad1440836b41da0ce6fd + +info: + name: > + SSU <= 1.5.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d488cfef-8ee7-483a-94f2-c172e5576005?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-s3-smart-upload/" + google-query: inurl:"/wp-content/plugins/wp-s3-smart-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-s3-smart-upload,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-s3-smart-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-s3-smart-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-safe-search-e4bfbf2cbba7e1243929a6da3f0f2ec5.yaml b/nuclei-templates/cve-less/plugins/wp-safe-search-e4bfbf2cbba7e1243929a6da3f0f2ec5.yaml new file mode 100644 index 0000000000..09409296b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-safe-search-e4bfbf2cbba7e1243929a6da3f0f2ec5.yaml @@ -0,0 +1,58 @@ +id: wp-safe-search-e4bfbf2cbba7e1243929a6da3f0f2ec5 + +info: + name: > + WP Safe Search <= 0.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3669af4-06b4-4088-ae23-c167ba65f79c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-safe-search/" + google-query: inurl:"/wp-content/plugins/wp-safe-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-safe-search,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-safe-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-safe-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-scheduled-posts-49f4f7442b45f88ffafdd0b100d2831c.yaml b/nuclei-templates/cve-less/plugins/wp-scheduled-posts-49f4f7442b45f88ffafdd0b100d2831c.yaml new file mode 100644 index 0000000000..5b37ec9bf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-scheduled-posts-49f4f7442b45f88ffafdd0b100d2831c.yaml @@ -0,0 +1,58 @@ +id: wp-scheduled-posts-49f4f7442b45f88ffafdd0b100d2831c + +info: + name: > + SchedulePress <= 5.0.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72be8df6-7489-4214-af6e-d1d95f79fd8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-scheduled-posts/" + google-query: inurl:"/wp-content/plugins/wp-scheduled-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-scheduled-posts,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-scheduled-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-scheduled-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-schema-pro-8bdef51e6a9551cb787f034110fc0fe2.yaml b/nuclei-templates/cve-less/plugins/wp-schema-pro-8bdef51e6a9551cb787f034110fc0fe2.yaml new file mode 100644 index 0000000000..a8a80b6c48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-schema-pro-8bdef51e6a9551cb787f034110fc0fe2.yaml @@ -0,0 +1,58 @@ +id: wp-schema-pro-8bdef51e6a9551cb787f034110fc0fe2 + +info: + name: > + Schema Pro <= 2.7.15 - Authenticated (Contributor+) Custom Field Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dafc355c-18e7-4312-bd16-8ef65ad54dad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-schema-pro/" + google-query: inurl:"/wp-content/plugins/wp-schema-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-schema-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-schema-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-schema-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-schema-pro-c23d0468fa1aa29e9cff4258e8e5f1b7.yaml b/nuclei-templates/cve-less/plugins/wp-schema-pro-c23d0468fa1aa29e9cff4258e8e5f1b7.yaml new file mode 100644 index 0000000000..6630609164 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-schema-pro-c23d0468fa1aa29e9cff4258e8e5f1b7.yaml @@ -0,0 +1,58 @@ +id: wp-schema-pro-c23d0468fa1aa29e9cff4258e8e5f1b7 + +info: + name: > + Schema Pro <= 2.7.8 - Authenticated(Contributor+) Missing Authorization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/645ab4b9-e421-4610-b99b-960a7fbb7779?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-schema-pro/" + google-query: inurl:"/wp-content/plugins/wp-schema-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-schema-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-schema-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-schema-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-schema-pro-e2131dbbacfbe2a2f95adf59d0db7bef.yaml b/nuclei-templates/cve-less/plugins/wp-schema-pro-e2131dbbacfbe2a2f95adf59d0db7bef.yaml new file mode 100644 index 0000000000..300f7a119e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-schema-pro-e2131dbbacfbe2a2f95adf59d0db7bef.yaml @@ -0,0 +1,58 @@ +id: wp-schema-pro-e2131dbbacfbe2a2f95adf59d0db7bef + +info: + name: > + Schema Pro <= 2.7.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8808e4bd-76ea-4e31-8a2c-92c5b7dd3c68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-schema-pro/" + google-query: inurl:"/wp-content/plugins/wp-schema-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-schema-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-schema-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-schema-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-scrippets-57f5b93dff7110d58cb432e56910af6c.yaml b/nuclei-templates/cve-less/plugins/wp-scrippets-57f5b93dff7110d58cb432e56910af6c.yaml new file mode 100644 index 0000000000..29b5ae0864 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-scrippets-57f5b93dff7110d58cb432e56910af6c.yaml @@ -0,0 +1,58 @@ +id: wp-scrippets-57f5b93dff7110d58cb432e56910af6c + +info: + name: > + WP Scrippets <= 1.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e02cf6d3-3c50-4da5-b28c-7bda30deca3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-scrippets/" + google-query: inurl:"/wp-content/plugins/wp-scrippets/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-scrippets,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-scrippets/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-scrippets" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-search-keyword-redirect-f19084b39601e7bc7ba34fa7ad78104e.yaml b/nuclei-templates/cve-less/plugins/wp-search-keyword-redirect-f19084b39601e7bc7ba34fa7ad78104e.yaml new file mode 100644 index 0000000000..dbac4b4acf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-search-keyword-redirect-f19084b39601e7bc7ba34fa7ad78104e.yaml @@ -0,0 +1,58 @@ +id: wp-search-keyword-redirect-f19084b39601e7bc7ba34fa7ad78104e + +info: + name: > + Search Keyword Redirect <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb1f5fc6-9e0e-423a-bd71-32e12d201c37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-search-keyword-redirect/" + google-query: inurl:"/wp-content/plugins/wp-search-keyword-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-search-keyword-redirect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-search-keyword-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-search-keyword-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-64c7c31089552dec4abb3ef175072235.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-64c7c31089552dec4abb3ef175072235.yaml new file mode 100644 index 0000000000..172f01f180 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-64c7c31089552dec4abb3ef175072235.yaml @@ -0,0 +1,58 @@ +id: wp-security-audit-log-64c7c31089552dec4abb3ef175072235 + +info: + name: > + WP Activity Log <= 4.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d0a8be3-6630-4cf7-b6cb-cdc86b99acb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-audit-log,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-896c32b149ebcd3122663a40d0461f18.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-896c32b149ebcd3122663a40d0461f18.yaml new file mode 100644 index 0000000000..7a4b025818 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-896c32b149ebcd3122663a40d0461f18.yaml @@ -0,0 +1,58 @@ +id: wp-security-audit-log-896c32b149ebcd3122663a40d0461f18 + +info: + name: > + WP Activity Log <= 4.6.1 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63c6eca6-9b55-48b5-ada3-97dd20d60f31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-audit-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-a5b0543470506882efb8fd3f9daadcc9.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-a5b0543470506882efb8fd3f9daadcc9.yaml new file mode 100644 index 0000000000..b1e384d69b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-a5b0543470506882efb8fd3f9daadcc9.yaml @@ -0,0 +1,58 @@ +id: wp-security-audit-log-a5b0543470506882efb8fd3f9daadcc9 + +info: + name: > + WP Security Audit Log <= 3.1.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12837ce3-eeeb-4034-a90d-fc615056a818?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-audit-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-dd3770633c5e3f81d160a943bc75a752.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-dd3770633c5e3f81d160a943bc75a752.yaml new file mode 100644 index 0000000000..8feb2f2102 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-dd3770633c5e3f81d160a943bc75a752.yaml @@ -0,0 +1,58 @@ +id: wp-security-audit-log-dd3770633c5e3f81d160a943bc75a752 + +info: + name: > + WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-audit-log,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-eacb463d459e2bbbfb442e19685437c7.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-eacb463d459e2bbbfb442e19685437c7.yaml new file mode 100644 index 0000000000..544cc51645 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-eacb463d459e2bbbfb442e19685437c7.yaml @@ -0,0 +1,58 @@ +id: wp-security-audit-log-eacb463d459e2bbbfb442e19685437c7 + +info: + name: > + WP Activity Log <= 1.2.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f025b73-9a1a-4890-90ef-700f73ac018f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-audit-log,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-f0b0a230f7453036382fc231a8391538.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-f0b0a230f7453036382fc231a8391538.yaml new file mode 100644 index 0000000000..710bf5ba47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-f0b0a230f7453036382fc231a8391538.yaml @@ -0,0 +1,58 @@ +id: wp-security-audit-log-f0b0a230f7453036382fc231a8391538 + +info: + name: > + WP Activity Log <= 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanup + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2008e0b-32c6-46fb-93b9-2b0004f478e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-audit-log,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-b55e1b34aba62c4a9df9aec2a27f5d8a.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-b55e1b34aba62c4a9df9aec2a27f5d8a.yaml new file mode 100644 index 0000000000..a2eb442bf4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-b55e1b34aba62c4a9df9aec2a27f5d8a.yaml @@ -0,0 +1,58 @@ +id: wp-security-audit-log-premium-b55e1b34aba62c4a9df9aec2a27f5d8a + +info: + name: > + WP Activity Log Premium <= 4.6.4 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f060ea1-01e2-4e5b-82ba-b5cdd0d8290a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log-premium/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-dd3770633c5e3f81d160a943bc75a752.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-dd3770633c5e3f81d160a943bc75a752.yaml new file mode 100644 index 0000000000..e6e91e303f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-dd3770633c5e3f81d160a943bc75a752.yaml @@ -0,0 +1,58 @@ +id: wp-security-audit-log-premium-dd3770633c5e3f81d160a943bc75a752 + +info: + name: > + WP Activity Log <= 4.5.0 - Missing Capabilities Check to User Enumeration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f51f0919-498e-4f86-a933-1b7f2c4a10a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log-premium/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-f0b0a230f7453036382fc231a8391538.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-f0b0a230f7453036382fc231a8391538.yaml new file mode 100644 index 0000000000..eeac31e557 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-f0b0a230f7453036382fc231a8391538.yaml @@ -0,0 +1,58 @@ +id: wp-security-audit-log-premium-f0b0a230f7453036382fc231a8391538 + +info: + name: > + WP Activity Log <= 4.5.0 - Cross-Site Request Forgery via ajax_run_cleanup + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2008e0b-32c6-46fb-93b9-2b0004f478e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log-premium/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-f254c1351f2a36bee58dc6381cb8f93e.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-f254c1351f2a36bee58dc6381cb8f93e.yaml new file mode 100644 index 0000000000..cfff21dbf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-f254c1351f2a36bee58dc6381cb8f93e.yaml @@ -0,0 +1,58 @@ +id: wp-security-audit-log-premium-f254c1351f2a36bee58dc6381cb8f93e + +info: + name: > + WP Activity Log Premium <= 4.5.0 - Cross-Site Request Forgery via ajax_switch_db + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c659f6d-e02b-42ab-ba02-eb9b00602ad4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log-premium/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-fb8070a3ea093b2b03c1a0de45c253ff.yaml b/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-fb8070a3ea093b2b03c1a0de45c253ff.yaml new file mode 100644 index 0000000000..0fe058c182 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-audit-log-premium-fb8070a3ea093b2b03c1a0de45c253ff.yaml @@ -0,0 +1,58 @@ +id: wp-security-audit-log-premium-fb8070a3ea093b2b03c1a0de45c253ff + +info: + name: > + WP Activity Log Premium <= 4.5.0 - Missing Authorization via ajax_switch_db + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e29fd6b-462a-42be-9a2a-b6717b20a937?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-audit-log-premium/" + google-query: inurl:"/wp-content/plugins/wp-security-audit-log-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-audit-log-premium,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-audit-log-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-audit-log-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-hardening-02cf6d254ae1f4fae318bf77bab478be.yaml b/nuclei-templates/cve-less/plugins/wp-security-hardening-02cf6d254ae1f4fae318bf77bab478be.yaml new file mode 100644 index 0000000000..d8e4bf45be --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-hardening-02cf6d254ae1f4fae318bf77bab478be.yaml @@ -0,0 +1,58 @@ +id: wp-security-hardening-02cf6d254ae1f4fae318bf77bab478be + +info: + name: > + WP Hardening – Fix Your WordPress Security <= 1.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/acd61330-eba8-4311-8b60-30c3124067f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-hardening/" + google-query: inurl:"/wp-content/plugins/wp-security-hardening/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-hardening,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-hardening/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-hardening" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-hardening-4db11f352c6c8a3ad49ea7bd3d7d466b.yaml b/nuclei-templates/cve-less/plugins/wp-security-hardening-4db11f352c6c8a3ad49ea7bd3d7d466b.yaml new file mode 100644 index 0000000000..2f634c3dc0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-hardening-4db11f352c6c8a3ad49ea7bd3d7d466b.yaml @@ -0,0 +1,58 @@ +id: wp-security-hardening-4db11f352c6c8a3ad49ea7bd3d7d466b + +info: + name: > + WP Hardening – Fix Your WordPress Security <= 1.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdf6d876-631f-493d-a324-3bb8efedd84a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-hardening/" + google-query: inurl:"/wp-content/plugins/wp-security-hardening/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-hardening,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-hardening/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-hardening" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-pro-8e950dd64eb760b48f921b3528ca5c9f.yaml b/nuclei-templates/cve-less/plugins/wp-security-pro-8e950dd64eb760b48f921b3528ca5c9f.yaml new file mode 100644 index 0000000000..782f9bd4d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-pro-8e950dd64eb760b48f921b3528ca5c9f.yaml @@ -0,0 +1,58 @@ +id: wp-security-pro-8e950dd64eb760b48f921b3528ca5c9f + +info: + name: > + WordPress Security <= 4.2 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9462b048-0e01-43b0-894d-43a53f744eb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-pro/" + google-query: inurl:"/wp-content/plugins/wp-security-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-security-questions-5eaff96b7044868ab9324ffea89f33a1.yaml b/nuclei-templates/cve-less/plugins/wp-security-questions-5eaff96b7044868ab9324ffea89f33a1.yaml new file mode 100644 index 0000000000..3de5b2b807 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-security-questions-5eaff96b7044868ab9324ffea89f33a1.yaml @@ -0,0 +1,58 @@ +id: wp-security-questions-5eaff96b7044868ab9324ffea89f33a1 + +info: + name: > + WP Security Question <= 1.0.5 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23f9d758-4b5e-44e5-9f58-a37b01c4ffdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-security-questions/" + google-query: inurl:"/wp-content/plugins/wp-security-questions/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-security-questions,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-security-questions/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-security-questions" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sendfox-492dc981351dd6fd004e149962bdd870.yaml b/nuclei-templates/cve-less/plugins/wp-sendfox-492dc981351dd6fd004e149962bdd870.yaml new file mode 100644 index 0000000000..b140438968 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sendfox-492dc981351dd6fd004e149962bdd870.yaml @@ -0,0 +1,58 @@ +id: wp-sendfox-492dc981351dd6fd004e149962bdd870 + +info: + name: > + WP SendFox <= 1.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d79b092c-9e2c-4752-bf95-d3a6ac145073?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sendfox/" + google-query: inurl:"/wp-content/plugins/wp-sendfox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sendfox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sendfox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sendfox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sentry-d34327d1e992d219d0a1381df1c090fa.yaml b/nuclei-templates/cve-less/plugins/wp-sentry-d34327d1e992d219d0a1381df1c090fa.yaml new file mode 100644 index 0000000000..5b524f0f2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sentry-d34327d1e992d219d0a1381df1c090fa.yaml @@ -0,0 +1,58 @@ +id: wp-sentry-d34327d1e992d219d0a1381df1c090fa + +info: + name: > + WP Sentry <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/697e9828-2bc9-4732-b564-4cb44a1dc369?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sentry/" + google-query: inurl:"/wp-content/plugins/wp-sentry/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sentry,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sentry/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sentry" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-seo-redirect-301-0da88a23adab8991ac9273c6a18e2665.yaml b/nuclei-templates/cve-less/plugins/wp-seo-redirect-301-0da88a23adab8991ac9273c6a18e2665.yaml new file mode 100644 index 0000000000..fa2714c324 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-seo-redirect-301-0da88a23adab8991ac9273c6a18e2665.yaml @@ -0,0 +1,58 @@ +id: wp-seo-redirect-301-0da88a23adab8991ac9273c6a18e2665 + +info: + name: > + WP SEO Redirect 301 <= 2.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55bd9bb4-6a81-4e9d-b0a9-76725aba6635?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-seo-redirect-301/" + google-query: inurl:"/wp-content/plugins/wp-seo-redirect-301/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-seo-redirect-301,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-seo-redirect-301/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-seo-redirect-301" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-seo-tags-d9e051e1f4b85b4ae8c0ea3e691890cc.yaml b/nuclei-templates/cve-less/plugins/wp-seo-tags-d9e051e1f4b85b4ae8c0ea3e691890cc.yaml new file mode 100644 index 0000000000..6ec4f1f879 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-seo-tags-d9e051e1f4b85b4ae8c0ea3e691890cc.yaml @@ -0,0 +1,58 @@ +id: wp-seo-tags-d9e051e1f4b85b4ae8c0ea3e691890cc + +info: + name: > + WP SEO Tags <= 2.2.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16e7a7c5-b845-4f28-bee6-fde54d003e13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-seo-tags/" + google-query: inurl:"/wp-content/plugins/wp-seo-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-seo-tags,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-seo-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-seo-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-seopress-13e2a2185dde6af6bd269d22e183dd35.yaml b/nuclei-templates/cve-less/plugins/wp-seopress-13e2a2185dde6af6bd269d22e183dd35.yaml new file mode 100644 index 0000000000..af4601bd26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-seopress-13e2a2185dde6af6bd269d22e183dd35.yaml @@ -0,0 +1,58 @@ +id: wp-seopress-13e2a2185dde6af6bd269d22e183dd35 + +info: + name: > + SEOPress <= 6.5.0.2 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06863974-e428-418b-891a-ade59ee46c4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-seopress/" + google-query: inurl:"/wp-content/plugins/wp-seopress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-seopress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-seopress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-seopress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-seopress-c6c1e0bf86c779c9f71689d63880acf1.yaml b/nuclei-templates/cve-less/plugins/wp-seopress-c6c1e0bf86c779c9f71689d63880acf1.yaml new file mode 100644 index 0000000000..24b04229c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-seopress-c6c1e0bf86c779c9f71689d63880acf1.yaml @@ -0,0 +1,58 @@ +id: wp-seopress-c6c1e0bf86c779c9f71689d63880acf1 + +info: + name: > + SEOPress 5.0.0 - 5.0.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9157fa5e-3af8-48ee-bb73-3df6109aae76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-seopress/" + google-query: inurl:"/wp-content/plugins/wp-seopress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-seopress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-seopress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-seopress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '5.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-seopress-e3109d7817fd480896a3a3bc464556af.yaml b/nuclei-templates/cve-less/plugins/wp-seopress-e3109d7817fd480896a3a3bc464556af.yaml new file mode 100644 index 0000000000..446782f5e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-seopress-e3109d7817fd480896a3a3bc464556af.yaml @@ -0,0 +1,58 @@ +id: wp-seopress-e3109d7817fd480896a3a3bc464556af + +info: + name: > + SEOPress – On-site SEO <= 7.5.2.1 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46e66230-06d6-452e-a7aa-862b2bb8c27d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-seopress/" + google-query: inurl:"/wp-content/plugins/wp-seopress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-seopress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-seopress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-seopress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-seopress-fa9cf150c44f8d9dc935bb57af5fe0c5.yaml b/nuclei-templates/cve-less/plugins/wp-seopress-fa9cf150c44f8d9dc935bb57af5fe0c5.yaml new file mode 100644 index 0000000000..a7105ece58 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-seopress-fa9cf150c44f8d9dc935bb57af5fe0c5.yaml @@ -0,0 +1,58 @@ +id: wp-seopress-fa9cf150c44f8d9dc935bb57af5fe0c5 + +info: + name: > + SEOPress <= 7.6.1 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c6ba21-7631-4bbd-b08e-926d2f129cc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-seopress/" + google-query: inurl:"/wp-content/plugins/wp-seopress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-seopress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-seopress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-seopress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-seopress-fb48c2712fa8a78f7a012c1644582d5a.yaml b/nuclei-templates/cve-less/plugins/wp-seopress-fb48c2712fa8a78f7a012c1644582d5a.yaml new file mode 100644 index 0000000000..eb1f8cd3f0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-seopress-fb48c2712fa8a78f7a012c1644582d5a.yaml @@ -0,0 +1,58 @@ +id: wp-seopress-fb48c2712fa8a78f7a012c1644582d5a + +info: + name: > + SEOPress – On-site SEO <= 7.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/098efef9-f5e0-4827-bd4e-88867b7dc3b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-seopress/" + google-query: inurl:"/wp-content/plugins/wp-seopress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-seopress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-seopress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-seopress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-server-stats-47415a21e09795154df1ff35281901c5.yaml b/nuclei-templates/cve-less/plugins/wp-server-stats-47415a21e09795154df1ff35281901c5.yaml new file mode 100644 index 0000000000..aa358644a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-server-stats-47415a21e09795154df1ff35281901c5.yaml @@ -0,0 +1,58 @@ +id: wp-server-stats-47415a21e09795154df1ff35281901c5 + +info: + name: > + WP Server Health Stats <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c394295f-d1b5-48be-978f-f15a6b56e40f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-server-stats/" + google-query: inurl:"/wp-content/plugins/wp-server-stats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-server-stats,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-server-stats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-server-stats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-server-stats-be1ae498f783b881934c37ce01f5e849.yaml b/nuclei-templates/cve-less/plugins/wp-server-stats-be1ae498f783b881934c37ce01f5e849.yaml new file mode 100644 index 0000000000..a42ececc8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-server-stats-be1ae498f783b881934c37ce01f5e849.yaml @@ -0,0 +1,58 @@ +id: wp-server-stats-be1ae498f783b881934c37ce01f5e849 + +info: + name: > + WP Server Health Stats <= 1.7.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68fc0a8b-b667-49fd-b015-ced27f5ccce8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-server-stats/" + google-query: inurl:"/wp-content/plugins/wp-server-stats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-server-stats,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-server-stats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-server-stats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ses-13e3b44160360e3746c78b8d29452ac0.yaml b/nuclei-templates/cve-less/plugins/wp-ses-13e3b44160360e3746c78b8d29452ac0.yaml new file mode 100644 index 0000000000..1941b8e8d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ses-13e3b44160360e3746c78b8d29452ac0.yaml @@ -0,0 +1,58 @@ +id: wp-ses-13e3b44160360e3746c78b8d29452ac0 + +info: + name: > + guzzlehttp/psr7 < 1.9.1 & 2.4.5 - Interpretation Conflict + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2638bb80-7066-45c0-ab74-4ba407d50cae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ses/" + google-query: inurl:"/wp-content/plugins/wp-ses/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ses,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ses/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ses" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ses-e6c4489ab4760cc2610080b31e1c8d78.yaml b/nuclei-templates/cve-less/plugins/wp-ses-e6c4489ab4760cc2610080b31e1c8d78.yaml new file mode 100644 index 0000000000..66579e69d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ses-e6c4489ab4760cc2610080b31e1c8d78.yaml @@ -0,0 +1,58 @@ +id: wp-ses-e6c4489ab4760cc2610080b31e1c8d78 + +info: + name: > + WP Offload SES Lite <= 1.4.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/132a6661-c21b-4ba6-955a-2c905425de6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ses/" + google-query: inurl:"/wp-content/plugins/wp-ses/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ses,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ses/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ses" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-setup-wizard-c10fda9bfdd3663d875e2a0fc2207f2e.yaml b/nuclei-templates/cve-less/plugins/wp-setup-wizard-c10fda9bfdd3663d875e2a0fc2207f2e.yaml new file mode 100644 index 0000000000..037c223de8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-setup-wizard-c10fda9bfdd3663d875e2a0fc2207f2e.yaml @@ -0,0 +1,58 @@ +id: wp-setup-wizard-c10fda9bfdd3663d875e2a0fc2207f2e + +info: + name: > + WP Setup Wizard <= 1.0.8.1 - Authenticated (Subscriber+) Full Database Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f46b01e4-1022-45aa-8511-6d2519e4e562?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-setup-wizard/" + google-query: inurl:"/wp-content/plugins/wp-setup-wizard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-setup-wizard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-setup-wizard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-setup-wizard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-shamsi-26e6e5cc3851b03fa772529952303fc4.yaml b/nuclei-templates/cve-less/plugins/wp-shamsi-26e6e5cc3851b03fa772529952303fc4.yaml new file mode 100644 index 0000000000..4138d04c07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-shamsi-26e6e5cc3851b03fa772529952303fc4.yaml @@ -0,0 +1,58 @@ +id: wp-shamsi-26e6e5cc3851b03fa772529952303fc4 + +info: + name: > + WP Shamsi <= 4.1.1 - Missing Authorization to Plugin Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35a0a0b8-2d62-4675-9bec-d26164271a03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-shamsi/" + google-query: inurl:"/wp-content/plugins/wp-shamsi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-shamsi,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-shamsi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-shamsi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-shamsi-4a71f65ecef18d04fe003f6a65b7d9e2.yaml b/nuclei-templates/cve-less/plugins/wp-shamsi-4a71f65ecef18d04fe003f6a65b7d9e2.yaml new file mode 100644 index 0000000000..9b2b4312b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-shamsi-4a71f65ecef18d04fe003f6a65b7d9e2.yaml @@ -0,0 +1,58 @@ +id: wp-shamsi-4a71f65ecef18d04fe003f6a65b7d9e2 + +info: + name: > + WP Shamsi <= 4.3.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8fc88821-b2be-49a5-a2cf-53e87d0349a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-shamsi/" + google-query: inurl:"/wp-content/plugins/wp-shamsi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-shamsi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-shamsi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-shamsi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-shamsi-738fbfc3eb4f88850a59e7c7149f1534.yaml b/nuclei-templates/cve-less/plugins/wp-shamsi-738fbfc3eb4f88850a59e7c7149f1534.yaml new file mode 100644 index 0000000000..9b20526848 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-shamsi-738fbfc3eb4f88850a59e7c7149f1534.yaml @@ -0,0 +1,58 @@ +id: wp-shamsi-738fbfc3eb4f88850a59e7c7149f1534 + +info: + name: > + WP Shamsi <= 4.1.0 - Missing Authorization to Arbitrary Plugin Deactivation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b498c5a-9fd1-43b8-b456-f6cec65d5077?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-shamsi/" + google-query: inurl:"/wp-content/plugins/wp-shamsi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-shamsi,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-shamsi/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-shamsi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-share-buttons-analytics-by-getsocial-28f21eddf2463cba2cb6b77e1419e5f9.yaml b/nuclei-templates/cve-less/plugins/wp-share-buttons-analytics-by-getsocial-28f21eddf2463cba2cb6b77e1419e5f9.yaml new file mode 100644 index 0000000000..feac91e8cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-share-buttons-analytics-by-getsocial-28f21eddf2463cba2cb6b77e1419e5f9.yaml @@ -0,0 +1,58 @@ +id: wp-share-buttons-analytics-by-getsocial-28f21eddf2463cba2cb6b77e1419e5f9 + +info: + name: > + Social Share Buttons & Analytics Plugin – GetSocial.io <= 4.3.12 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/513124f6-ea14-46ca-94c5-f9fa15b19d8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-share-buttons-analytics-by-getsocial/" + google-query: inurl:"/wp-content/plugins/wp-share-buttons-analytics-by-getsocial/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-share-buttons-analytics-by-getsocial,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-share-buttons-analytics-by-getsocial/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-share-buttons-analytics-by-getsocial" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-shieldon-61c8d3fe6528b22ae362e184d779fcaf.yaml b/nuclei-templates/cve-less/plugins/wp-shieldon-61c8d3fe6528b22ae362e184d779fcaf.yaml new file mode 100644 index 0000000000..037155d604 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-shieldon-61c8d3fe6528b22ae362e184d779fcaf.yaml @@ -0,0 +1,58 @@ +id: wp-shieldon-61c8d3fe6528b22ae362e184d779fcaf + +info: + name: > + WP Shieldon <= 1.6.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c8eaba3-9c23-4f35-8669-0ce345918fa6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-shieldon/" + google-query: inurl:"/wp-content/plugins/wp-shieldon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-shieldon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-shieldon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-shieldon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-shop-original-9bf86f14d92b1788e3ded94564f9e0cb.yaml b/nuclei-templates/cve-less/plugins/wp-shop-original-9bf86f14d92b1788e3ded94564f9e0cb.yaml new file mode 100644 index 0000000000..8fb0e5957f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-shop-original-9bf86f14d92b1788e3ded94564f9e0cb.yaml @@ -0,0 +1,58 @@ +id: wp-shop-original-9bf86f14d92b1788e3ded94564f9e0cb + +info: + name: > + WP Shop <= 3.9.6 - Missing Authentication to Settings Change and Order Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f1700c2-9c1f-4882-9f11-13b4ee8477a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-shop-original/" + google-query: inurl:"/wp-content/plugins/wp-shop-original/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-shop-original,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-shop-original/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-shop-original" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-shopping-cart-1033fcda6639f4daeff0c508d8a82d3b.yaml b/nuclei-templates/cve-less/plugins/wp-shopping-cart-1033fcda6639f4daeff0c508d8a82d3b.yaml new file mode 100644 index 0000000000..de7c4fb87b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-shopping-cart-1033fcda6639f4daeff0c508d8a82d3b.yaml @@ -0,0 +1,58 @@ +id: wp-shopping-cart-1033fcda6639f4daeff0c508d8a82d3b + +info: + name: > + Instinct WP e-Commerce <= 3.4 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9be4ad83-14da-499e-b216-e5f26016fa35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-shopping-cart/" + google-query: inurl:"/wp-content/plugins/wp-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-shopping-cart,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-shortcode-485c8e5c2bb61a87b483e8c051daba67.yaml b/nuclei-templates/cve-less/plugins/wp-shortcode-485c8e5c2bb61a87b483e8c051daba67.yaml new file mode 100644 index 0000000000..8d85d82a16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-shortcode-485c8e5c2bb61a87b483e8c051daba67.yaml @@ -0,0 +1,58 @@ +id: wp-shortcode-485c8e5c2bb61a87b483e8c051daba67 + +info: + name: > + WP Shortcode by MyThemeShop <= 1.4.16 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/763fec04-72c5-4910-af97-f58b5b69a02e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-shortcode/" + google-query: inurl:"/wp-content/plugins/wp-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-shortcode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-shoutbox-live-chat-adaa6144e39af9e742e7ba711c4a036d.yaml b/nuclei-templates/cve-less/plugins/wp-shoutbox-live-chat-adaa6144e39af9e742e7ba711c4a036d.yaml new file mode 100644 index 0000000000..55b62098ab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-shoutbox-live-chat-adaa6144e39af9e742e7ba711c4a036d.yaml @@ -0,0 +1,58 @@ +id: wp-shoutbox-live-chat-adaa6144e39af9e742e7ba711c4a036d + +info: + name: > + Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2630dbfe-2e11-4671-9a75-377237ac1ea1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-shoutbox-live-chat/" + google-query: inurl:"/wp-content/plugins/wp-shoutbox-live-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-shoutbox-live-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-shoutbox-live-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-shoutbox-live-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-shoutbox-live-chat-c35613a2745b5628f153e1858939c22a.yaml b/nuclei-templates/cve-less/plugins/wp-shoutbox-live-chat-c35613a2745b5628f153e1858939c22a.yaml new file mode 100644 index 0000000000..dbd86ba508 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-shoutbox-live-chat-c35613a2745b5628f153e1858939c22a.yaml @@ -0,0 +1,58 @@ +id: wp-shoutbox-live-chat-c35613a2745b5628f153e1858939c22a + +info: + name: > + Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4e1ca02-4eb5-4a46-99d5-89630f37d9ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-shoutbox-live-chat/" + google-query: inurl:"/wp-content/plugins/wp-shoutbox-live-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-shoutbox-live-chat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-shoutbox-live-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-shoutbox-live-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-show-posts-10f63d314e85015ce49d2337fc605c93.yaml b/nuclei-templates/cve-less/plugins/wp-show-posts-10f63d314e85015ce49d2337fc605c93.yaml new file mode 100644 index 0000000000..b37bc7c38a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-show-posts-10f63d314e85015ce49d2337fc605c93.yaml @@ -0,0 +1,58 @@ +id: wp-show-posts-10f63d314e85015ce49d2337fc605c93 + +info: + name: > + WP Show Posts <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40733449-7953-452e-aa11-60306be9bc5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-show-posts/" + google-query: inurl:"/wp-content/plugins/wp-show-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-show-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-show-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-show-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-show-posts-353fc9ffdc08426a0ffe5e2540b9087b.yaml b/nuclei-templates/cve-less/plugins/wp-show-posts-353fc9ffdc08426a0ffe5e2540b9087b.yaml new file mode 100644 index 0000000000..16f65035d1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-show-posts-353fc9ffdc08426a0ffe5e2540b9087b.yaml @@ -0,0 +1,58 @@ +id: wp-show-posts-353fc9ffdc08426a0ffe5e2540b9087b + +info: + name: > + WP Show Posts <= 1.1.4 - Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-show-posts/" + google-query: inurl:"/wp-content/plugins/wp-show-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-show-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-show-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-show-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-show-posts-d8e5ca43d4d7693416e241c26cbea0ec.yaml b/nuclei-templates/cve-less/plugins/wp-show-posts-d8e5ca43d4d7693416e241c26cbea0ec.yaml new file mode 100644 index 0000000000..d081bbcb3d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-show-posts-d8e5ca43d4d7693416e241c26cbea0ec.yaml @@ -0,0 +1,58 @@ +id: wp-show-posts-d8e5ca43d4d7693416e241c26cbea0ec + +info: + name: > + WP Show Posts <= 1.1.5 - Improper Authorization to Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6bb3680-0623-4633-971e-3bc4a52dfad3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-show-posts/" + google-query: inurl:"/wp-content/plugins/wp-show-posts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-show-posts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-show-posts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-show-posts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-showhide-d3ed4033e1c7b404f15d64bf377cadc7.yaml b/nuclei-templates/cve-less/plugins/wp-showhide-d3ed4033e1c7b404f15d64bf377cadc7.yaml new file mode 100644 index 0000000000..68a103e2f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-showhide-d3ed4033e1c7b404f15d64bf377cadc7.yaml @@ -0,0 +1,58 @@ +id: wp-showhide-d3ed4033e1c7b404f15d64bf377cadc7 + +info: + name: > + WP-ShowHide <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1c4b5e9-e141-4d0d-866a-ff4fb8b68dea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-showhide/" + google-query: inurl:"/wp-content/plugins/wp-showhide/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-showhide,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-showhide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-showhide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.04') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-booking-calendar-839915408da31966610f43b45f853f1c.yaml b/nuclei-templates/cve-less/plugins/wp-simple-booking-calendar-839915408da31966610f43b45f853f1c.yaml new file mode 100644 index 0000000000..3e7b7538dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-booking-calendar-839915408da31966610f43b45f853f1c.yaml @@ -0,0 +1,58 @@ +id: wp-simple-booking-calendar-839915408da31966610f43b45f853f1c + +info: + name: > + WP Simple Booking Calendar <= 2.0.8.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f72e5bb-e076-4379-8699-e399761c043f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-booking-calendar/" + google-query: inurl:"/wp-content/plugins/wp-simple-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-booking-calendar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-booking-calendar-bac170dcd3835d8bbf7c00e58b6af261.yaml b/nuclei-templates/cve-less/plugins/wp-simple-booking-calendar-bac170dcd3835d8bbf7c00e58b6af261.yaml new file mode 100644 index 0000000000..0549868a14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-booking-calendar-bac170dcd3835d8bbf7c00e58b6af261.yaml @@ -0,0 +1,58 @@ +id: wp-simple-booking-calendar-bac170dcd3835d8bbf7c00e58b6af261 + +info: + name: > + WP Simple Booking Calendar <= 2.0.6 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93164941-effe-4363-811e-3161cff10c88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-booking-calendar/" + google-query: inurl:"/wp-content/plugins/wp-simple-booking-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-booking-calendar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-booking-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-booking-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-events-9bd31a69895b603beba548b13ee3a848.yaml b/nuclei-templates/cve-less/plugins/wp-simple-events-9bd31a69895b603beba548b13ee3a848.yaml new file mode 100644 index 0000000000..7ed9bbeefe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-events-9bd31a69895b603beba548b13ee3a848.yaml @@ -0,0 +1,58 @@ +id: wp-simple-events-9bd31a69895b603beba548b13ee3a848 + +info: + name: > + WP Simple Events <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53de68ad-76a6-4043-8369-7679c1c5c1cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-events/" + google-query: inurl:"/wp-content/plugins/wp-simple-events/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-events,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-events/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-events" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-firewall-380d905325ab5069c99a7e476a1a4f89.yaml b/nuclei-templates/cve-less/plugins/wp-simple-firewall-380d905325ab5069c99a7e476a1a4f89.yaml new file mode 100644 index 0000000000..8d18d1afba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-firewall-380d905325ab5069c99a7e476a1a4f89.yaml @@ -0,0 +1,58 @@ +id: wp-simple-firewall-380d905325ab5069c99a7e476a1a4f89 + +info: + name: > + Shield Security <= 17.0.17 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/674461ad-9b61-48c4-af2a-5dfcaeb38215?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-firewall/" + google-query: inurl:"/wp-content/plugins/wp-simple-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-firewall,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 17.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-firewall-3f0faa20d6a05156c4a1c46312d50cf7.yaml b/nuclei-templates/cve-less/plugins/wp-simple-firewall-3f0faa20d6a05156c4a1c46312d50cf7.yaml new file mode 100644 index 0000000000..4095782f0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-firewall-3f0faa20d6a05156c4a1c46312d50cf7.yaml @@ -0,0 +1,58 @@ +id: wp-simple-firewall-3f0faa20d6a05156c4a1c46312d50cf7 + +info: + name: > + Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 18.5.9 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/063826cc-7ff3-4869-9831-f6a4a4bbe74c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-firewall/" + google-query: inurl:"/wp-content/plugins/wp-simple-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 18.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-firewall-90c7f750404de09cdcd8955a310ab0ab.yaml b/nuclei-templates/cve-less/plugins/wp-simple-firewall-90c7f750404de09cdcd8955a310ab0ab.yaml new file mode 100644 index 0000000000..5da2f314d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-firewall-90c7f750404de09cdcd8955a310ab0ab.yaml @@ -0,0 +1,58 @@ +id: wp-simple-firewall-90c7f750404de09cdcd8955a310ab0ab + +info: + name: > + Shield Security <= 13.0.5 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/287c6cdc-f534-4b87-8a97-ee1e3666cd25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-firewall/" + google-query: inurl:"/wp-content/plugins/wp-simple-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-firewall,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-firewall-c9d4c4f2e6258505d4c75758afeb7ff1.yaml b/nuclei-templates/cve-less/plugins/wp-simple-firewall-c9d4c4f2e6258505d4c75758afeb7ff1.yaml new file mode 100644 index 0000000000..d8c04ad885 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-firewall-c9d4c4f2e6258505d4c75758afeb7ff1.yaml @@ -0,0 +1,58 @@ +id: wp-simple-firewall-c9d4c4f2e6258505d4c75758afeb7ff1 + +info: + name: > + Shield Security <= 18.5.7 - Unauthenticated Stored Cross-Site Scripting via getColumnContent_Page + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcd02dfa-688e-4375-92cb-8d0e7cbaaa6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-firewall/" + google-query: inurl:"/wp-content/plugins/wp-simple-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 18.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-firewall-ce7b15ad921b8740cd4f98bd5c07c031.yaml b/nuclei-templates/cve-less/plugins/wp-simple-firewall-ce7b15ad921b8740cd4f98bd5c07c031.yaml new file mode 100644 index 0000000000..ff1585e2df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-firewall-ce7b15ad921b8740cd4f98bd5c07c031.yaml @@ -0,0 +1,58 @@ +id: wp-simple-firewall-ce7b15ad921b8740cd4f98bd5c07c031 + +info: + name: > + Shield Security <= 17.0.17 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/162dff28-94ea-4a47-a6cb-a13317cf1a04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-firewall/" + google-query: inurl:"/wp-content/plugins/wp-simple-firewall/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-firewall,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-firewall/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-firewall" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 17.0.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-galleries-49548450e8e603c888246b4324b9abfb.yaml b/nuclei-templates/cve-less/plugins/wp-simple-galleries-49548450e8e603c888246b4324b9abfb.yaml new file mode 100644 index 0000000000..be4bd1d4c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-galleries-49548450e8e603c888246b4324b9abfb.yaml @@ -0,0 +1,58 @@ +id: wp-simple-galleries-49548450e8e603c888246b4324b9abfb + +info: + name: > + WP Simple Galleries <= 1.34 - Authenticated (Contributor+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0dc8f7cf-d8be-4229-b823-3bd9bc9f6eda?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-galleries/" + google-query: inurl:"/wp-content/plugins/wp-simple-galleries/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-galleries,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-galleries/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-galleries" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-0ec33f0610c3b4ae6a2adacc48ffade7.yaml b/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-0ec33f0610c3b4ae6a2adacc48ffade7.yaml new file mode 100644 index 0000000000..41bca55ad0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-0ec33f0610c3b4ae6a2adacc48ffade7.yaml @@ -0,0 +1,58 @@ +id: wp-simple-html-sitemap-0ec33f0610c3b4ae6a2adacc48ffade7 + +info: + name: > + WP Simple HTML Sitemap <= 2.2 - Reflected Cross-Site Scripting via id + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26e52072-9465-4b56-9794-f17861b7c70c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-html-sitemap/" + google-query: inurl:"/wp-content/plugins/wp-simple-html-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-html-sitemap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-html-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-html-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-1697fb18453f32ca7e1c0790f12f9bda.yaml b/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-1697fb18453f32ca7e1c0790f12f9bda.yaml new file mode 100644 index 0000000000..f8cbb6778d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-1697fb18453f32ca7e1c0790f12f9bda.yaml @@ -0,0 +1,58 @@ +id: wp-simple-html-sitemap-1697fb18453f32ca7e1c0790f12f9bda + +info: + name: > + WP Simple HTML Sitemap <= 2.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eff4cb35-492b-448a-8d16-b9210917c567?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-html-sitemap/" + google-query: inurl:"/wp-content/plugins/wp-simple-html-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-html-sitemap,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-html-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-html-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-56ca15387b80b4855859eb683a9c79c5.yaml b/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-56ca15387b80b4855859eb683a9c79c5.yaml new file mode 100644 index 0000000000..278c7fa456 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-56ca15387b80b4855859eb683a9c79c5.yaml @@ -0,0 +1,58 @@ +id: wp-simple-html-sitemap-56ca15387b80b4855859eb683a9c79c5 + +info: + name: > + WordPress Simple HTML Sitemap <= 2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a0bc461-d4fa-46d5-8725-9ab4c540b80e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-html-sitemap/" + google-query: inurl:"/wp-content/plugins/wp-simple-html-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-html-sitemap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-html-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-html-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-be653a8d2bee2421f88f0e6d66ccc0f3.yaml b/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-be653a8d2bee2421f88f0e6d66ccc0f3.yaml new file mode 100644 index 0000000000..17e98c1c10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-html-sitemap-be653a8d2bee2421f88f0e6d66ccc0f3.yaml @@ -0,0 +1,58 @@ +id: wp-simple-html-sitemap-be653a8d2bee2421f88f0e6d66ccc0f3 + +info: + name: > + WP Simple HTML Sitemap <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fca6d469-60e7-4866-a53c-d207817c9204?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-html-sitemap/" + google-query: inurl:"/wp-content/plugins/wp-simple-html-sitemap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-html-sitemap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-html-sitemap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-html-sitemap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simple-post-view-170b4d1a9ba8f9c16cc0bc165c8fd973.yaml b/nuclei-templates/cve-less/plugins/wp-simple-post-view-170b4d1a9ba8f9c16cc0bc165c8fd973.yaml new file mode 100644 index 0000000000..922a8dca39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simple-post-view-170b4d1a9ba8f9c16cc0bc165c8fd973.yaml @@ -0,0 +1,58 @@ +id: wp-simple-post-view-170b4d1a9ba8f9c16cc0bc165c8fd973 + +info: + name: > + Post View Count <= 2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/114cf149-e923-4e21-9eb0-e38941799304?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simple-post-view/" + google-query: inurl:"/wp-content/plugins/wp-simple-post-view/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simple-post-view,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simple-post-view/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simple-post-view" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-simplemail-bdefbe0337f0d8136e413e9977ce9dce.yaml b/nuclei-templates/cve-less/plugins/wp-simplemail-bdefbe0337f0d8136e413e9977ce9dce.yaml new file mode 100644 index 0000000000..97c8a76de5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-simplemail-bdefbe0337f0d8136e413e9977ce9dce.yaml @@ -0,0 +1,58 @@ +id: wp-simplemail-bdefbe0337f0d8136e413e9977ce9dce + +info: + name: > + WP SimpleMail <= 1.0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53a58c45-b7fd-469e-8c67-4f20707f2363?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-simplemail/" + google-query: inurl:"/wp-content/plugins/wp-simplemail/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-simplemail,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-simplemail/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-simplemail" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-site-protector-edb0b1b70571f2dd40f46a09b0477a9b.yaml b/nuclei-templates/cve-less/plugins/wp-site-protector-edb0b1b70571f2dd40f46a09b0477a9b.yaml new file mode 100644 index 0000000000..749c6924c6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-site-protector-edb0b1b70571f2dd40f46a09b0477a9b.yaml @@ -0,0 +1,58 @@ +id: wp-site-protector-edb0b1b70571f2dd40f46a09b0477a9b + +info: + name: > + WP Site Protector <= 2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f92f614b-162a-4ca5-bf7d-9d7088f59af9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-site-protector/" + google-query: inurl:"/wp-content/plugins/wp-site-protector/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-site-protector,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-site-protector/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-site-protector" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sitemap-page-f2a1201d248d9810b0b0d58bf8df9f81.yaml b/nuclei-templates/cve-less/plugins/wp-sitemap-page-f2a1201d248d9810b0b0d58bf8df9f81.yaml new file mode 100644 index 0000000000..73ae6054a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sitemap-page-f2a1201d248d9810b0b0d58bf8df9f81.yaml @@ -0,0 +1,58 @@ +id: wp-sitemap-page-f2a1201d248d9810b0b0d58bf8df9f81 + +info: + name: > + WP Sitemap Page <= 1.6.6 - Admin+ Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6616c4b-6021-42c8-afe1-bfd789b895ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sitemap-page/" + google-query: inurl:"/wp-content/plugins/wp-sitemap-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sitemap-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sitemap-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sitemap-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slick-slider-and-image-carousel-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/wp-slick-slider-and-image-carousel-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..745ef5701f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slick-slider-and-image-carousel-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: wp-slick-slider-and-image-carousel-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slick-slider-and-image-carousel/" + google-query: inurl:"/wp-content/plugins/wp-slick-slider-and-image-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slick-slider-and-image-carousel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slick-slider-and-image-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slick-slider-and-image-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-3171c38b67df36d18560a0a3bce363f3.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-3171c38b67df36d18560a0a3bce363f3.yaml new file mode 100644 index 0000000000..c41a904686 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-3171c38b67df36d18560a0a3bce363f3.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-3171c38b67df36d18560a0a3bce363f3 + +info: + name: > + SlimStat Analytics <= 5.1.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33cba63c-4629-48fd-850f-f68dad626a67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-323a2528ecc021abe5c2c6bd363f0d32.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-323a2528ecc021abe5c2c6bd363f0d32.yaml new file mode 100644 index 0000000000..0b361a04fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-323a2528ecc021abe5c2c6bd363f0d32.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-323a2528ecc021abe5c2c6bd363f0d32 + +info: + name: > + Slimstat Analytics <= 3.9.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1e30342-143d-4ea3-9947-b5e5c55725a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-423f90da633eb79297c96d8f0abf8be5.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-423f90da633eb79297c96d8f0abf8be5.yaml new file mode 100644 index 0000000000..42ad7542ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-423f90da633eb79297c96d8f0abf8be5.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-423f90da633eb79297c96d8f0abf8be5 + +info: + name: > + Slimstat Analytics <= 5.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c14a863-2aed-4f65-a0e3-eb73e485ce85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-49bd4bae2777384dde2f9b06bf68d410.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-49bd4bae2777384dde2f9b06bf68d410.yaml new file mode 100644 index 0000000000..56888986fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-49bd4bae2777384dde2f9b06bf68d410.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-49bd4bae2777384dde2f9b06bf68d410 + +info: + name: > + Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Blind SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07c0f5a5-3455-4f06-b481-f4d678309c50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-597e668e79f61dad3842fcd6906ce6f8.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-597e668e79f61dad3842fcd6906ce6f8.yaml new file mode 100644 index 0000000000..add7a7c737 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-597e668e79f61dad3842fcd6906ce6f8.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-597e668e79f61dad3842fcd6906ce6f8 + +info: + name: > + Slimstat Analytics <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f533dbd-4dd0-48ec-b083-e6284acab067?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-64166b21a8975f062b52f4886bce7163.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-64166b21a8975f062b52f4886bce7163.yaml new file mode 100644 index 0000000000..91b59bbf6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-64166b21a8975f062b52f4886bce7163.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-64166b21a8975f062b52f4886bce7163 + +info: + name: > + Slimstat Analytics <= 5.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52aee4b8-f494-4eeb-8357-71ce8d5bc656?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-9024f709636fd6877d65d2f3b4c1635e.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-9024f709636fd6877d65d2f3b4c1635e.yaml new file mode 100644 index 0000000000..e204b7bc76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-9024f709636fd6877d65d2f3b4c1635e.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-9024f709636fd6877d65d2f3b4c1635e + +info: + name: > + WP Slimstat <= 4.8 - Unauthenticated Stored Cross-Site Scripting from Visitors + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fd8277c-b096-4cee-bd13-fcb8c8b00ca0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-971075c7b5684cf126577f8a88b91254.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-971075c7b5684cf126577f8a88b91254.yaml new file mode 100644 index 0000000000..44c69bbb8f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-971075c7b5684cf126577f8a88b91254.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-971075c7b5684cf126577f8a88b91254 + +info: + name: > + Slimstat Analytics <= 5.0.5.1 - Missing Authorization via delete_pageview + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cbb8501e-7e8b-4ed6-8792-c685a69de982?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-9ab73d918da016b8bea0197df7034889.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-9ab73d918da016b8bea0197df7034889.yaml new file mode 100644 index 0000000000..25c3a770fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-9ab73d918da016b8bea0197df7034889.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-9ab73d918da016b8bea0197df7034889 + +info: + name: > + Slimstat Analytics <= 5.0.4 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6334b02e-ffab-49f9-969b-d015c2babc29?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-c568408b66270ee8858beb6b5337a826.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-c568408b66270ee8858beb6b5337a826.yaml new file mode 100644 index 0000000000..dd38b09e1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-c568408b66270ee8858beb6b5337a826.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-c568408b66270ee8858beb6b5337a826 + +info: + name: > + Slimstat Analytics < 4.1.6.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/046526ef-3db9-47e4-b454-472def7935e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-d15c506a6326f67745ff7867b3d43cbf.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-d15c506a6326f67745ff7867b3d43cbf.yaml new file mode 100644 index 0000000000..9276677272 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-d15c506a6326f67745ff7867b3d43cbf.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-d15c506a6326f67745ff7867b3d43cbf + +info: + name: > + Slimstat Analytics <= 4.9.3.2 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fce15e1c-e2eb-4bd9-8b07-78d87a6ae1cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-f260533813247786590cffbf5861c8f5.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-f260533813247786590cffbf5861c8f5.yaml new file mode 100644 index 0000000000..165446b92f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-f260533813247786590cffbf5861c8f5.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-f260533813247786590cffbf5861c8f5 + +info: + name: > + Slimstat Analytics <= 3.5.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/915d73ed-33ae-4580-9a51-aa4e9a015ff6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-slimstat-f800126fa2e8457384feccc64971626b.yaml b/nuclei-templates/cve-less/plugins/wp-slimstat-f800126fa2e8457384feccc64971626b.yaml new file mode 100644 index 0000000000..3d4793d1e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-slimstat-f800126fa2e8457384feccc64971626b.yaml @@ -0,0 +1,58 @@ +id: wp-slimstat-f800126fa2e8457384feccc64971626b + +info: + name: > + Slimstat Analytics <= 5.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/875c6474-5bf3-4556-b529-299cd2f65afe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-slimstat/" + google-query: inurl:"/wp-content/plugins/wp-slimstat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-slimstat,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-slimstat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-slimstat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smart-contracts-221016fc8948bfb930fdcdca33f79836.yaml b/nuclei-templates/cve-less/plugins/wp-smart-contracts-221016fc8948bfb930fdcdca33f79836.yaml new file mode 100644 index 0000000000..39293b80ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smart-contracts-221016fc8948bfb930fdcdca33f79836.yaml @@ -0,0 +1,58 @@ +id: wp-smart-contracts-221016fc8948bfb930fdcdca33f79836 + +info: + name: > + WPSmartContracts <= 1.3.11 - Authenticated (Author+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4aff8870-4222-454a-90cd-044784cb4224?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smart-contracts/" + google-query: inurl:"/wp-content/plugins/wp-smart-contracts/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smart-contracts,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smart-contracts/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smart-contracts" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smart-crm-invoices-free-ee95b664445938e62cfbf4d8ed5ffe44.yaml b/nuclei-templates/cve-less/plugins/wp-smart-crm-invoices-free-ee95b664445938e62cfbf4d8ed5ffe44.yaml new file mode 100644 index 0000000000..75f69c6af9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smart-crm-invoices-free-ee95b664445938e62cfbf4d8ed5ffe44.yaml @@ -0,0 +1,58 @@ +id: wp-smart-crm-invoices-free-ee95b664445938e62cfbf4d8ed5ffe44 + +info: + name: > + WP smart CRM & Invoices FREE <= 1.8.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a2eb266-a050-48b9-a0bb-5d48b2c0f970?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smart-crm-invoices-free/" + google-query: inurl:"/wp-content/plugins/wp-smart-crm-invoices-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smart-crm-invoices-free,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smart-crm-invoices-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smart-crm-invoices-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smart-editor-475ba1df38c75381825efc84071f7c9f.yaml b/nuclei-templates/cve-less/plugins/wp-smart-editor-475ba1df38c75381825efc84071f7c9f.yaml new file mode 100644 index 0000000000..d3f6b18f31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smart-editor-475ba1df38c75381825efc84071f7c9f.yaml @@ -0,0 +1,58 @@ +id: wp-smart-editor-475ba1df38c75381825efc84071f7c9f + +info: + name: > + WP Smart Editor <= 1.3.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e6bd1d4-25ba-4475-8840-06f3d614d6d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smart-editor/" + google-query: inurl:"/wp-content/plugins/wp-smart-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smart-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smart-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smart-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smart-import-7d8c7a6621cd6acf11eab3f4d618152a.yaml b/nuclei-templates/cve-less/plugins/wp-smart-import-7d8c7a6621cd6acf11eab3f4d618152a.yaml new file mode 100644 index 0000000000..1882ddf3e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smart-import-7d8c7a6621cd6acf11eab3f4d618152a.yaml @@ -0,0 +1,58 @@ +id: wp-smart-import-7d8c7a6621cd6acf11eab3f4d618152a + +info: + name: > + WordPress Importer : Import any XML File to WordPress < 1.0.1 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fcd44c2-5b06-4c3c-b6b2-c58771245fe2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smart-import/" + google-query: inurl:"/wp-content/plugins/wp-smart-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smart-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smart-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smart-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smart-import-ba1778641ae55d3040d21a76affd5b00.yaml b/nuclei-templates/cve-less/plugins/wp-smart-import-ba1778641ae55d3040d21a76affd5b00.yaml new file mode 100644 index 0000000000..921e439abd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smart-import-ba1778641ae55d3040d21a76affd5b00.yaml @@ -0,0 +1,58 @@ +id: wp-smart-import-ba1778641ae55d3040d21a76affd5b00 + +info: + name: > + WordPress Importer <= 1.0.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f86e1ef-c898-4a54-8204-a9ec4caab586?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smart-import/" + google-query: inurl:"/wp-content/plugins/wp-smart-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smart-import,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smart-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smart-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smart-import-ccfe47d5faf99f962197429daac2a562.yaml b/nuclei-templates/cve-less/plugins/wp-smart-import-ccfe47d5faf99f962197429daac2a562.yaml new file mode 100644 index 0000000000..85e2a4b559 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smart-import-ccfe47d5faf99f962197429daac2a562.yaml @@ -0,0 +1,58 @@ +id: wp-smart-import-ccfe47d5faf99f962197429daac2a562 + +info: + name: > + WP Smart Import : Import any XML File to WordPress <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28bc0672-3469-4f58-860d-9e13da46804e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smart-import/" + google-query: inurl:"/wp-content/plugins/wp-smart-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smart-import,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smart-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smart-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smart-import-ed2e7de8683ce4c367d3321852d1f7db.yaml b/nuclei-templates/cve-less/plugins/wp-smart-import-ed2e7de8683ce4c367d3321852d1f7db.yaml new file mode 100644 index 0000000000..8aa308ced4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smart-import-ed2e7de8683ce4c367d3321852d1f7db.yaml @@ -0,0 +1,58 @@ +id: wp-smart-import-ed2e7de8683ce4c367d3321852d1f7db + +info: + name: > + WordPress Importer: Import any XML File to WordPress <= 1.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22dbd787-2b9a-4883-9203-c79fc241596d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smart-import/" + google-query: inurl:"/wp-content/plugins/wp-smart-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smart-import,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smart-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smart-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smart-preloader-19694fc6eba31e53a1ac14bdaf6f6028.yaml b/nuclei-templates/cve-less/plugins/wp-smart-preloader-19694fc6eba31e53a1ac14bdaf6f6028.yaml new file mode 100644 index 0000000000..d97baa9fe7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smart-preloader-19694fc6eba31e53a1ac14bdaf6f6028.yaml @@ -0,0 +1,58 @@ +id: wp-smart-preloader-19694fc6eba31e53a1ac14bdaf6f6028 + +info: + name: > + WP Smart Preloader <= 1.15 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e43fb223-8b0a-4232-8e15-43f8b38652c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smart-preloader/" + google-query: inurl:"/wp-content/plugins/wp-smart-preloader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smart-preloader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smart-preloader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smart-preloader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smiley-77e2d5337a10d2b6f8dfe7d3c316ea63.yaml b/nuclei-templates/cve-less/plugins/wp-smiley-77e2d5337a10d2b6f8dfe7d3c316ea63.yaml new file mode 100644 index 0000000000..3624107e7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smiley-77e2d5337a10d2b6f8dfe7d3c316ea63.yaml @@ -0,0 +1,58 @@ +id: wp-smiley-77e2d5337a10d2b6f8dfe7d3c316ea63 + +info: + name: > + WP Smiley <= 1.4.1 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c12e6063-2db7-4f8b-a7c3-3e40bc9ff2a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smiley/" + google-query: inurl:"/wp-content/plugins/wp-smiley/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smiley,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smiley/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smiley" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smiley-ae9135d7bf1c7296c12f3a734a25c4bf.yaml b/nuclei-templates/cve-less/plugins/wp-smiley-ae9135d7bf1c7296c12f3a734a25c4bf.yaml new file mode 100644 index 0000000000..38318ea51a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smiley-ae9135d7bf1c7296c12f3a734a25c4bf.yaml @@ -0,0 +1,58 @@ +id: wp-smiley-ae9135d7bf1c7296c12f3a734a25c4bf + +info: + name: > + WP Smiley <= 1.4.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/629fe670-f48b-4eb6-86f9-e1bac3771530?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smiley/" + google-query: inurl:"/wp-content/plugins/wp-smiley/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smiley,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smiley/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smiley" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sms-2a19a88ce4a92a9c8fbf2df45764b32f.yaml b/nuclei-templates/cve-less/plugins/wp-sms-2a19a88ce4a92a9c8fbf2df45764b32f.yaml new file mode 100644 index 0000000000..d88b94fa87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sms-2a19a88ce4a92a9c8fbf2df45764b32f.yaml @@ -0,0 +1,58 @@ +id: wp-sms-2a19a88ce4a92a9c8fbf2df45764b32f + +info: + name: > + WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8f53053-5150-4fba-b8d6-3d6c9df32c69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sms/" + google-query: inurl:"/wp-content/plugins/wp-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sms-2eac9220f1c0d85aff9cba25bec21ed8.yaml b/nuclei-templates/cve-less/plugins/wp-sms-2eac9220f1c0d85aff9cba25bec21ed8.yaml new file mode 100644 index 0000000000..35079838bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sms-2eac9220f1c0d85aff9cba25bec21ed8.yaml @@ -0,0 +1,58 @@ +id: wp-sms-2eac9220f1c0d85aff9cba25bec21ed8 + +info: + name: > + WP SMS <= 6.1.4 - Reflected Cross-Site Scripting via 'delete_mobile' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04970416-06db-4339-ac22-34fde5a48f2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sms/" + google-query: inurl:"/wp-content/plugins/wp-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sms-604205ec49f025926385a1b0eaceae3d.yaml b/nuclei-templates/cve-less/plugins/wp-sms-604205ec49f025926385a1b0eaceae3d.yaml new file mode 100644 index 0000000000..3882d0850e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sms-604205ec49f025926385a1b0eaceae3d.yaml @@ -0,0 +1,58 @@ +id: wp-sms-604205ec49f025926385a1b0eaceae3d + +info: + name: > + WP SMS <= 5.4.12 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90ebe593-6511-4998-a45e-795f3597b191?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sms/" + google-query: inurl:"/wp-content/plugins/wp-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sms-69342488f4f3aabf705547384317c745.yaml b/nuclei-templates/cve-less/plugins/wp-sms-69342488f4f3aabf705547384317c745.yaml new file mode 100644 index 0000000000..eea15753da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sms-69342488f4f3aabf705547384317c745.yaml @@ -0,0 +1,58 @@ +id: wp-sms-69342488f4f3aabf705547384317c745 + +info: + name: > + WP SMS <= 6.6.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e07e570-e4c0-472c-b582-40a87a6507bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sms/" + google-query: inurl:"/wp-content/plugins/wp-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sms-84f2aef7f11acfd2b73b896d3ef7cd04.yaml b/nuclei-templates/cve-less/plugins/wp-sms-84f2aef7f11acfd2b73b896d3ef7cd04.yaml new file mode 100644 index 0000000000..bd6696338d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sms-84f2aef7f11acfd2b73b896d3ef7cd04.yaml @@ -0,0 +1,58 @@ +id: wp-sms-84f2aef7f11acfd2b73b896d3ef7cd04 + +info: + name: > + WP SMS <= 6.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6d874a2-f0cd-49d2-b531-5d780db7d25d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sms/" + google-query: inurl:"/wp-content/plugins/wp-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sms-a21f47d4523bdd1432738c19a9cc15fb.yaml b/nuclei-templates/cve-less/plugins/wp-sms-a21f47d4523bdd1432738c19a9cc15fb.yaml new file mode 100644 index 0000000000..80b03e4a1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sms-a21f47d4523bdd1432738c19a9cc15fb.yaml @@ -0,0 +1,58 @@ +id: wp-sms-a21f47d4523bdd1432738c19a9cc15fb + +info: + name: > + WP SMS <= 6.0.4 - Information Disclosure via REST API + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57377380-0435-4747-abba-50063978d8e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sms/" + google-query: inurl:"/wp-content/plugins/wp-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sms-f21ce23a89308829a19c21d66925ddd0.yaml b/nuclei-templates/cve-less/plugins/wp-sms-f21ce23a89308829a19c21d66925ddd0.yaml new file mode 100644 index 0000000000..23a53431ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sms-f21ce23a89308829a19c21d66925ddd0.yaml @@ -0,0 +1,58 @@ +id: wp-sms-f21ce23a89308829a19c21d66925ddd0 + +info: + name: > + WP SMS <= 6.5.2 - Reflected Cross-Site Scripting via 'page' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31f7dc1e-2008-4672-85ba-56fa35f4f0e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sms/" + google-query: inurl:"/wp-content/plugins/wp-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sms-f7c37966d32c6dbab8ccdc2a7eb8df23.yaml b/nuclei-templates/cve-less/plugins/wp-sms-f7c37966d32c6dbab8ccdc2a7eb8df23.yaml new file mode 100644 index 0000000000..ddb375d458 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sms-f7c37966d32c6dbab8ccdc2a7eb8df23.yaml @@ -0,0 +1,58 @@ +id: wp-sms-f7c37966d32c6dbab8ccdc2a7eb8df23 + +info: + name: > + WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94ad6b51-ff8d-48d5-9a70-1781d13990a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sms/" + google-query: inurl:"/wp-content/plugins/wp-sms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smtp-4cb0701b6db05c073e2060623ec2f204.yaml b/nuclei-templates/cve-less/plugins/wp-smtp-4cb0701b6db05c073e2060623ec2f204.yaml new file mode 100644 index 0000000000..232499570d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smtp-4cb0701b6db05c073e2060623ec2f204.yaml @@ -0,0 +1,58 @@ +id: wp-smtp-4cb0701b6db05c073e2060623ec2f204 + +info: + name: > + WP SMTP 1.2 - 1.2.6 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee269bc7-2822-4a07-be91-6763c1cf6cf2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smtp/" + google-query: inurl:"/wp-content/plugins/wp-smtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.2', '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smushit-607f1baa27192c23513225845ec25b9b.yaml b/nuclei-templates/cve-less/plugins/wp-smushit-607f1baa27192c23513225845ec25b9b.yaml new file mode 100644 index 0000000000..68dd33b996 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smushit-607f1baa27192c23513225845ec25b9b.yaml @@ -0,0 +1,58 @@ +id: wp-smushit-607f1baa27192c23513225845ec25b9b + +info: + name: > + Smush – Lazy Load Images, Optimize & Compress Images <= 2.7.5 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a4c36d4-5d0f-4e73-b356-0b7326fcb524?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smushit/" + google-query: inurl:"/wp-content/plugins/wp-smushit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smushit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smushit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smushit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-smushit-7a3ab4b4d26a299b96225464ccb1d356.yaml b/nuclei-templates/cve-less/plugins/wp-smushit-7a3ab4b4d26a299b96225464ccb1d356.yaml new file mode 100644 index 0000000000..d5b220df7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-smushit-7a3ab4b4d26a299b96225464ccb1d356.yaml @@ -0,0 +1,58 @@ +id: wp-smushit-7a3ab4b4d26a299b96225464ccb1d356 + +info: + name: > + Smush – Lazy Load Images, Optimize & Compress Images <= 3.9.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64b22728-cb07-48be-94b7-1089156490cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-smushit/" + google-query: inurl:"/wp-content/plugins/wp-smushit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-smushit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-smushit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-smushit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-social-0f9348eac96a42ea06d72213f997cb8e.yaml b/nuclei-templates/cve-less/plugins/wp-social-0f9348eac96a42ea06d72213f997cb8e.yaml new file mode 100644 index 0000000000..e415d1f520 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-social-0f9348eac96a42ea06d72213f997cb8e.yaml @@ -0,0 +1,58 @@ +id: wp-social-0f9348eac96a42ea06d72213f997cb8e + +info: + name: > + Wp Social Login and Register Social Counter <= 3.0.0 - Missing Authorization to Unauthenticated Social Login/Share Status Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f145c85-f3c6-46a7-b8ae-d486dd23087d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-social/" + google-query: inurl:"/wp-content/plugins/wp-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-social-bookmark-menu-8682c5fbeed29195fc3c6e36608df123.yaml b/nuclei-templates/cve-less/plugins/wp-social-bookmark-menu-8682c5fbeed29195fc3c6e36608df123.yaml new file mode 100644 index 0000000000..abc99b5b0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-social-bookmark-menu-8682c5fbeed29195fc3c6e36608df123.yaml @@ -0,0 +1,58 @@ +id: wp-social-bookmark-menu-8682c5fbeed29195fc3c6e36608df123 + +info: + name: > + WP Social Bookmark Menu <= 1.2 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/120a75c5-4fff-4a77-b376-d6968853b40e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-social-bookmark-menu/" + google-query: inurl:"/wp-content/plugins/wp-social-bookmark-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-social-bookmark-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social-bookmark-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social-bookmark-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-social-bookmarking-light-7e1c6a231bffdfe14a3a2ce673d73608.yaml b/nuclei-templates/cve-less/plugins/wp-social-bookmarking-light-7e1c6a231bffdfe14a3a2ce673d73608.yaml new file mode 100644 index 0000000000..73535dcc2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-social-bookmarking-light-7e1c6a231bffdfe14a3a2ce673d73608.yaml @@ -0,0 +1,58 @@ +id: wp-social-bookmarking-light-7e1c6a231bffdfe14a3a2ce673d73608 + +info: + name: > + WP Social Bookmarking Light < 1.7.10 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4a63360-01eb-491e-b25d-501adb83f57f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-social-bookmarking-light/" + google-query: inurl:"/wp-content/plugins/wp-social-bookmarking-light/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-social-bookmarking-light,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social-bookmarking-light/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social-bookmarking-light" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-social-bookmarking-light-df9c64a17ee3d013ca8c6b78de44f86b.yaml b/nuclei-templates/cve-less/plugins/wp-social-bookmarking-light-df9c64a17ee3d013ca8c6b78de44f86b.yaml new file mode 100644 index 0000000000..3d9cc3024a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-social-bookmarking-light-df9c64a17ee3d013ca8c6b78de44f86b.yaml @@ -0,0 +1,58 @@ +id: wp-social-bookmarking-light-df9c64a17ee3d013ca8c6b78de44f86b + +info: + name: > + WP Social Bookmarking Light <= 2.0.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7997ae20-88d2-4e12-87a0-a6e83808a495?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-social-bookmarking-light/" + google-query: inurl:"/wp-content/plugins/wp-social-bookmarking-light/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-social-bookmarking-light,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social-bookmarking-light/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social-bookmarking-light" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-social-buttons-7b54be45a2f07bfa9d249dae96b2b8a9.yaml b/nuclei-templates/cve-less/plugins/wp-social-buttons-7b54be45a2f07bfa9d249dae96b2b8a9.yaml new file mode 100644 index 0000000000..7b1c19d203 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-social-buttons-7b54be45a2f07bfa9d249dae96b2b8a9.yaml @@ -0,0 +1,58 @@ +id: wp-social-buttons-7b54be45a2f07bfa9d249dae96b2b8a9 + +info: + name: > + WP Social Buttons <= 2.1 - Admin+ Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4198c51-4a26-4a50-b2c5-0467f8008b5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-social-buttons/" + google-query: inurl:"/wp-content/plugins/wp-social-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-social-buttons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-social-f8238c64411cb9dd2c01251b0ae0655a.yaml b/nuclei-templates/cve-less/plugins/wp-social-f8238c64411cb9dd2c01251b0ae0655a.yaml new file mode 100644 index 0000000000..2f727900c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-social-f8238c64411cb9dd2c01251b0ae0655a.yaml @@ -0,0 +1,58 @@ +id: wp-social-f8238c64411cb9dd2c01251b0ae0655a + +info: + name: > + Wp Social <= 1.9.0 - Authenticated (Subscriber+) Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/105dcbbb-9ee2-4a5a-9b65-bbac931d1080?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-social/" + google-query: inurl:"/wp-content/plugins/wp-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-social,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-social-feed-3799bad4858d7913f9586ea4576ffdaf.yaml b/nuclei-templates/cve-less/plugins/wp-social-feed-3799bad4858d7913f9586ea4576ffdaf.yaml new file mode 100644 index 0000000000..58d639a9ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-social-feed-3799bad4858d7913f9586ea4576ffdaf.yaml @@ -0,0 +1,58 @@ +id: wp-social-feed-3799bad4858d7913f9586ea4576ffdaf + +info: + name: > + Social Feed <= 2.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f124b5a0-b58b-45ff-bd22-7a09a9abd9bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-social-feed/" + google-query: inurl:"/wp-content/plugins/wp-social-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-social-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-social-invitations-4abec42ea1e0860b972b9757ce0cdb30.yaml b/nuclei-templates/cve-less/plugins/wp-social-invitations-4abec42ea1e0860b972b9757ce0cdb30.yaml new file mode 100644 index 0000000000..a9ec5b97ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-social-invitations-4abec42ea1e0860b972b9757ce0cdb30.yaml @@ -0,0 +1,58 @@ +id: wp-social-invitations-4abec42ea1e0860b972b9757ce0cdb30 + +info: + name: > + WordPress Social Invitations – Lite <= 1.4.4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57a68d4a-4857-4631-8863-6ff847490ef5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-social-invitations/" + google-query: inurl:"/wp-content/plugins/wp-social-invitations/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-social-invitations,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social-invitations/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social-invitations" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-social-sharing-bde0dbf50dee086cf6c52ee659134929.yaml b/nuclei-templates/cve-less/plugins/wp-social-sharing-bde0dbf50dee086cf6c52ee659134929.yaml new file mode 100644 index 0000000000..59e34d03e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-social-sharing-bde0dbf50dee086cf6c52ee659134929.yaml @@ -0,0 +1,58 @@ +id: wp-social-sharing-bde0dbf50dee086cf6c52ee659134929 + +info: + name: > + WP Social Sharing <= 2.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c2c8025-6a1b-475d-bc28-9f2ec3ad7bdc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-social-sharing/" + google-query: inurl:"/wp-content/plugins/wp-social-sharing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-social-sharing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social-sharing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social-sharing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-social-widget-78c7195ce152d6d5bdeab7f38e20a1db.yaml b/nuclei-templates/cve-less/plugins/wp-social-widget-78c7195ce152d6d5bdeab7f38e20a1db.yaml new file mode 100644 index 0000000000..7864806752 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-social-widget-78c7195ce152d6d5bdeab7f38e20a1db.yaml @@ -0,0 +1,58 @@ +id: wp-social-widget-78c7195ce152d6d5bdeab7f38e20a1db + +info: + name: > + WP Social Widget <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bebedaa9-6689-4863-91c6-2ab52a9353db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-social-widget/" + google-query: inurl:"/wp-content/plugins/wp-social-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-social-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-social-widget-877e1c3b42118075385c29c980e6d4e6.yaml b/nuclei-templates/cve-less/plugins/wp-social-widget-877e1c3b42118075385c29c980e6d4e6.yaml new file mode 100644 index 0000000000..f7cedeaae7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-social-widget-877e1c3b42118075385c29c980e6d4e6.yaml @@ -0,0 +1,58 @@ +id: wp-social-widget-877e1c3b42118075385c29c980e6d4e6 + +info: + name: > + WP Social Widget <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1df421ac-c8fc-4505-989e-1d822ca6de7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-social-widget/" + google-query: inurl:"/wp-content/plugins/wp-social-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-social-widget,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-social-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-social-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-socializer-9c5f430746b739fbae6902b53c806e7a.yaml b/nuclei-templates/cve-less/plugins/wp-socializer-9c5f430746b739fbae6902b53c806e7a.yaml new file mode 100644 index 0000000000..a8c6f3bbd1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-socializer-9c5f430746b739fbae6902b53c806e7a.yaml @@ -0,0 +1,58 @@ +id: wp-socializer-9c5f430746b739fbae6902b53c806e7a + +info: + name: > + WP Socializer – Simple & Easy Social Media Share Icons <= 7.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0016c624-9c0c-4157-8597-8b374dff7f14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-socializer/" + google-query: inurl:"/wp-content/plugins/wp-socializer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-socializer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-socializer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-socializer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-songbook-04e0aa1c786990263905d4523aa6fa2d.yaml b/nuclei-templates/cve-less/plugins/wp-songbook-04e0aa1c786990263905d4523aa6fa2d.yaml new file mode 100644 index 0000000000..c179966504 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-songbook-04e0aa1c786990263905d4523aa6fa2d.yaml @@ -0,0 +1,58 @@ +id: wp-songbook-04e0aa1c786990263905d4523aa6fa2d + +info: + name: > + WP Songbook <= 2.0.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2809d55f-14f8-4916-800f-4d4fb9ee88c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-songbook/" + google-query: inurl:"/wp-content/plugins/wp-songbook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-songbook,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-songbook/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-songbook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-soononline-page-52e5de8cae8585e04365085f31752913.yaml b/nuclei-templates/cve-less/plugins/wp-soononline-page-52e5de8cae8585e04365085f31752913.yaml new file mode 100644 index 0000000000..56ef020e20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-soononline-page-52e5de8cae8585e04365085f31752913.yaml @@ -0,0 +1,58 @@ +id: wp-soononline-page-52e5de8cae8585e04365085f31752913 + +info: + name: > + WPsoonOnlinePage <= 1.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a554b365-b54b-4696-87f6-df5099e15708?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-soononline-page/" + google-query: inurl:"/wp-content/plugins/wp-soononline-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-soononline-page,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-soononline-page/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-soononline-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sort-order-a561a450756c85ce3eedf88a4f646811.yaml b/nuclei-templates/cve-less/plugins/wp-sort-order-a561a450756c85ce3eedf88a4f646811.yaml new file mode 100644 index 0000000000..4dfdaf93c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sort-order-a561a450756c85ce3eedf88a4f646811.yaml @@ -0,0 +1,58 @@ +id: wp-sort-order-a561a450756c85ce3eedf88a4f646811 + +info: + name: > + WP Sort Order <= 1.3.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6499f46-b3b6-496f-a9bc-531bcbba2418?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sort-order/" + google-query: inurl:"/wp-content/plugins/wp-sort-order/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sort-order,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sort-order/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sort-order" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-source-control-4c18709c2b499b4e0a77ed40ef54cc76.yaml b/nuclei-templates/cve-less/plugins/wp-source-control-4c18709c2b499b4e0a77ed40ef54cc76.yaml new file mode 100644 index 0000000000..5de70d2ee9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-source-control-4c18709c2b499b4e0a77ed40ef54cc76.yaml @@ -0,0 +1,58 @@ +id: wp-source-control-4c18709c2b499b4e0a77ed40ef54cc76 + +info: + name: > + WP Source Control < 3.1.1 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cec4d7a-81e0-489a-b549-5848ed9a8449?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-source-control/" + google-query: inurl:"/wp-content/plugins/wp-source-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-source-control,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-source-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-source-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-special-textboxes-1e506d7d0a79883a044afbbb48ac382a.yaml b/nuclei-templates/cve-less/plugins/wp-special-textboxes-1e506d7d0a79883a044afbbb48ac382a.yaml new file mode 100644 index 0000000000..27cc21cee6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-special-textboxes-1e506d7d0a79883a044afbbb48ac382a.yaml @@ -0,0 +1,58 @@ +id: wp-special-textboxes-1e506d7d0a79883a044afbbb48ac382a + +info: + name: > + Special Text Boxes <= 5.9.109 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/938d24c2-24f5-42d4-9a8f-f25b65a312f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-special-textboxes/" + google-query: inurl:"/wp-content/plugins/wp-special-textboxes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-special-textboxes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-special-textboxes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-special-textboxes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.109') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-spell-check-98dad0bdb32669bad2542d8ed31dc9ac.yaml b/nuclei-templates/cve-less/plugins/wp-spell-check-98dad0bdb32669bad2542d8ed31dc9ac.yaml new file mode 100644 index 0000000000..393acdcecf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-spell-check-98dad0bdb32669bad2542d8ed31dc9ac.yaml @@ -0,0 +1,58 @@ +id: wp-spell-check-98dad0bdb32669bad2542d8ed31dc9ac + +info: + name: > + WP Spell Check <= 9.17 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9eef053c-16a1-4624-8393-08e78b221d4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-spell-check/" + google-query: inurl:"/wp-content/plugins/wp-spell-check/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-spell-check,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-spell-check/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-spell-check" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-spell-check-b804d82967d372f1edcb1ab799e70f37.yaml b/nuclei-templates/cve-less/plugins/wp-spell-check-b804d82967d372f1edcb1ab799e70f37.yaml new file mode 100644 index 0000000000..591ebacd80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-spell-check-b804d82967d372f1edcb1ab799e70f37.yaml @@ -0,0 +1,58 @@ +id: wp-spell-check-b804d82967d372f1edcb1ab799e70f37 + +info: + name: > + WP Spell Check <= 9.12 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e5674e2-593a-4f53-bb03-9184eccc3244?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-spell-check/" + google-query: inurl:"/wp-content/plugins/wp-spell-check/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-spell-check,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-spell-check/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-spell-check" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-spell-check-fc588495329f4334ef4deb847bcc6bbe.yaml b/nuclei-templates/cve-less/plugins/wp-spell-check-fc588495329f4334ef4deb847bcc6bbe.yaml new file mode 100644 index 0000000000..212335f73f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-spell-check-fc588495329f4334ef4deb847bcc6bbe.yaml @@ -0,0 +1,58 @@ +id: wp-spell-check-fc588495329f4334ef4deb847bcc6bbe + +info: + name: > + WP Spell Check <= 7.1.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76c39a00-b40a-4d06-96bc-864624e0ef8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-spell-check/" + google-query: inurl:"/wp-content/plugins/wp-spell-check/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-spell-check,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-spell-check/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-spell-check" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-splashing-images-3ea0e1871dec257bfd7cde582f2ade2e.yaml b/nuclei-templates/cve-less/plugins/wp-splashing-images-3ea0e1871dec257bfd7cde582f2ade2e.yaml new file mode 100644 index 0000000000..00c355c378 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-splashing-images-3ea0e1871dec257bfd7cde582f2ade2e.yaml @@ -0,0 +1,58 @@ +id: wp-splashing-images-3ea0e1871dec257bfd7cde582f2ade2e + +info: + name: > + Splashing Images < 2.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae77b00e-bbcf-4fe2-ab7f-d2e21ef54d3e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-splashing-images/" + google-query: inurl:"/wp-content/plugins/wp-splashing-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-splashing-images,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-splashing-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-splashing-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-splashing-images-8a665769e5dbc54922bf72bb281bcb8c.yaml b/nuclei-templates/cve-less/plugins/wp-splashing-images-8a665769e5dbc54922bf72bb281bcb8c.yaml new file mode 100644 index 0000000000..7217e9f614 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-splashing-images-8a665769e5dbc54922bf72bb281bcb8c.yaml @@ -0,0 +1,58 @@ +id: wp-splashing-images-8a665769e5dbc54922bf72bb281bcb8c + +info: + name: > + Splashing Images <= 2.1 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efc2a21d-b6f9-405d-a9a0-779a736e5d94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-splashing-images/" + google-query: inurl:"/wp-content/plugins/wp-splashing-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-splashing-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-splashing-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-splashing-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sponsors-6e76234b4d1dbafb645996466faffb64.yaml b/nuclei-templates/cve-less/plugins/wp-sponsors-6e76234b4d1dbafb645996466faffb64.yaml new file mode 100644 index 0000000000..8f42d9acfd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sponsors-6e76234b4d1dbafb645996466faffb64.yaml @@ -0,0 +1,58 @@ +id: wp-sponsors-6e76234b4d1dbafb645996466faffb64 + +info: + name: > + Sponsors <= 3.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4af04219-26c5-401d-94ef-11d2321f98bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sponsors/" + google-query: inurl:"/wp-content/plugins/wp-sponsors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sponsors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sponsors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sponsors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sponsors-dfaf8f13c7a5730a90b10c23bd27623b.yaml b/nuclei-templates/cve-less/plugins/wp-sponsors-dfaf8f13c7a5730a90b10c23bd27623b.yaml new file mode 100644 index 0000000000..cb2ff237fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sponsors-dfaf8f13c7a5730a90b10c23bd27623b.yaml @@ -0,0 +1,58 @@ +id: wp-sponsors-dfaf8f13c7a5730a90b10c23bd27623b + +info: + name: > + Sponsors <= 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3235ecfb-8aac-4e0c-b11e-77727c362194?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sponsors/" + google-query: inurl:"/wp-content/plugins/wp-sponsors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sponsors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sponsors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sponsors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-spreadplugin-70f0c41d6aa67cd78e36b9d8660c315e.yaml b/nuclei-templates/cve-less/plugins/wp-spreadplugin-70f0c41d6aa67cd78e36b9d8660c315e.yaml new file mode 100644 index 0000000000..e7bd28a0dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-spreadplugin-70f0c41d6aa67cd78e36b9d8660c315e.yaml @@ -0,0 +1,58 @@ +id: wp-spreadplugin-70f0c41d6aa67cd78e36b9d8660c315e + +info: + name: > + WP SpreadPlugin < 3.8.6.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/308b4cfa-3d4f-46a1-a6a8-eaa2653b4953?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-spreadplugin/" + google-query: inurl:"/wp-content/plugins/wp-spreadplugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-spreadplugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-spreadplugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-spreadplugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-staging-3d60381961999c332401ff6c0d1b2fcd.yaml b/nuclei-templates/cve-less/plugins/wp-staging-3d60381961999c332401ff6c0d1b2fcd.yaml new file mode 100644 index 0000000000..71cfb8c881 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-staging-3d60381961999c332401ff6c0d1b2fcd.yaml @@ -0,0 +1,58 @@ +id: wp-staging-3d60381961999c332401ff6c0d1b2fcd + +info: + name: > + WP STAGING – Backup Duplicator & Migration <= 2.9.17 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/184c07ad-e0d9-47c9-9582-828947cc97f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-staging/" + google-query: inurl:"/wp-content/plugins/wp-staging/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-staging,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-staging/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-staging" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-staging-491b3ba699d00a68d515de73a1bb974a.yaml b/nuclei-templates/cve-less/plugins/wp-staging-491b3ba699d00a68d515de73a1bb974a.yaml new file mode 100644 index 0000000000..5255eec919 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-staging-491b3ba699d00a68d515de73a1bb974a.yaml @@ -0,0 +1,58 @@ +id: wp-staging-491b3ba699d00a68d515de73a1bb974a + +info: + name: > + WP STAGING WordPress Backup Plugin < 3.2.0 - Sensitive Information Exposure via cache files + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe8816d8-1687-4a3c-9f2a-23f21d679cc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-staging/" + google-query: inurl:"/wp-content/plugins/wp-staging/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-staging,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-staging/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-staging" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-staging-84e23826180e38f8c23713de5476118f.yaml b/nuclei-templates/cve-less/plugins/wp-staging-84e23826180e38f8c23713de5476118f.yaml new file mode 100644 index 0000000000..9856053100 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-staging-84e23826180e38f8c23713de5476118f.yaml @@ -0,0 +1,58 @@ +id: wp-staging-84e23826180e38f8c23713de5476118f + +info: + name: > + WP STAGING WordPress Backup Plugin Free <= 3.1.2 and Pro <= 5.1.2 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e03668-c9ee-4c4b-8240-998ef45a5326?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-staging/" + google-query: inurl:"/wp-content/plugins/wp-staging/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-staging,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-staging/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-staging" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-staging-cb4f2a317f426735af573c79456925c6.yaml b/nuclei-templates/cve-less/plugins/wp-staging-cb4f2a317f426735af573c79456925c6.yaml new file mode 100644 index 0000000000..4784947cbc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-staging-cb4f2a317f426735af573c79456925c6.yaml @@ -0,0 +1,58 @@ +id: wp-staging-cb4f2a317f426735af573c79456925c6 + +info: + name: > + WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75eab54b-dbe0-4440-b4ab-601c5041e180?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-staging/" + google-query: inurl:"/wp-content/plugins/wp-staging/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-staging,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-staging/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-staging" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-staging-f1e3da63f99b2cc6fa2a68c3535839bf.yaml b/nuclei-templates/cve-less/plugins/wp-staging-f1e3da63f99b2cc6fa2a68c3535839bf.yaml new file mode 100644 index 0000000000..55e2d66eab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-staging-f1e3da63f99b2cc6fa2a68c3535839bf.yaml @@ -0,0 +1,58 @@ +id: wp-staging-f1e3da63f99b2cc6fa2a68c3535839bf + +info: + name: > + WP Staging (Free <= 3.3.3, Pro <= 5.3.3) - Authenticated (Administrator+) Stored Cross-Site-Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bcbdf6f-770c-4496-a643-94dbf63e893a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-staging/" + google-query: inurl:"/wp-content/plugins/wp-staging/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-staging,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-staging/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-staging" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-staging-pro-84e23826180e38f8c23713de5476118f.yaml b/nuclei-templates/cve-less/plugins/wp-staging-pro-84e23826180e38f8c23713de5476118f.yaml new file mode 100644 index 0000000000..91a3202ab6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-staging-pro-84e23826180e38f8c23713de5476118f.yaml @@ -0,0 +1,58 @@ +id: wp-staging-pro-84e23826180e38f8c23713de5476118f + +info: + name: > + WP STAGING WordPress Backup Plugin Free <= 3.1.2 and Pro <= 5.1.2 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3e03668-c9ee-4c4b-8240-998ef45a5326?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-staging-pro/" + google-query: inurl:"/wp-content/plugins/wp-staging-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-staging-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-staging-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-staging-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-staging-pro-cb4f2a317f426735af573c79456925c6.yaml b/nuclei-templates/cve-less/plugins/wp-staging-pro-cb4f2a317f426735af573c79456925c6.yaml new file mode 100644 index 0000000000..141f82a0ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-staging-pro-cb4f2a317f426735af573c79456925c6.yaml @@ -0,0 +1,58 @@ +id: wp-staging-pro-cb4f2a317f426735af573c79456925c6 + +info: + name: > + WP STAGING <= 3.4.3 and WP STAGING Pro <= 5.4.3 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75eab54b-dbe0-4440-b4ab-601c5041e180?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-staging-pro/" + google-query: inurl:"/wp-content/plugins/wp-staging-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-staging-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-staging-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-staging-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-staging-pro-f1e3da63f99b2cc6fa2a68c3535839bf.yaml b/nuclei-templates/cve-less/plugins/wp-staging-pro-f1e3da63f99b2cc6fa2a68c3535839bf.yaml new file mode 100644 index 0000000000..fccf712c87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-staging-pro-f1e3da63f99b2cc6fa2a68c3535839bf.yaml @@ -0,0 +1,58 @@ +id: wp-staging-pro-f1e3da63f99b2cc6fa2a68c3535839bf + +info: + name: > + WP Staging (Free <= 3.3.3, Pro <= 5.3.3) - Authenticated (Administrator+) Stored Cross-Site-Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bcbdf6f-770c-4496-a643-94dbf63e893a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-staging-pro/" + google-query: inurl:"/wp-content/plugins/wp-staging-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-staging-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-staging-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-staging-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stateless-1aa8a227283e43da0f41a656224571d0.yaml b/nuclei-templates/cve-less/plugins/wp-stateless-1aa8a227283e43da0f41a656224571d0.yaml new file mode 100644 index 0000000000..2f3c3bd0e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stateless-1aa8a227283e43da0f41a656224571d0.yaml @@ -0,0 +1,58 @@ +id: wp-stateless-1aa8a227283e43da0f41a656224571d0 + +info: + name: > + WP-Stateless – Google Cloud Storage <= 3.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38b8151f-4938-4101-9886-783f54984d20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stateless/" + google-query: inurl:"/wp-content/plugins/wp-stateless/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stateless,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stateless/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stateless" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stateless-99a5656c2d3d84a74af5b274cf1cca3f.yaml b/nuclei-templates/cve-less/plugins/wp-stateless-99a5656c2d3d84a74af5b274cf1cca3f.yaml new file mode 100644 index 0000000000..1f5c5633d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stateless-99a5656c2d3d84a74af5b274cf1cca3f.yaml @@ -0,0 +1,58 @@ +id: wp-stateless-99a5656c2d3d84a74af5b274cf1cca3f + +info: + name: > + WP-Stateless – Google Cloud Storage <= 3.4.0 - Missing Authorization to Limited Arbitrary Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a475017-ef45-4614-bdc6-ddd619b8caf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stateless/" + google-query: inurl:"/wp-content/plugins/wp-stateless/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stateless,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stateless/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stateless" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-077764df60648b9aef2b2fc6c9e65d50.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-077764df60648b9aef2b2fc6c9e65d50.yaml new file mode 100644 index 0000000000..8a4dcc4c21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-077764df60648b9aef2b2fc6c9e65d50.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-077764df60648b9aef2b2fc6c9e65d50 + +info: + name: > + WP Statistics <= 13.1.5 - Unauthenticated Blind SQL Injection via IP + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9555c48f-5ce3-4c0c-88f3-83776b42b808?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-089f9d6847e0d3965eee292fee99d926.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-089f9d6847e0d3965eee292fee99d926.yaml new file mode 100644 index 0000000000..2313269d2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-089f9d6847e0d3965eee292fee99d926.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-089f9d6847e0d3965eee292fee99d926 + +info: + name: > + WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/215937d9-739b-4198-b375-6d171bbac64a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-1c8db3326f7e7fbd2267d1b19822a630.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-1c8db3326f7e7fbd2267d1b19822a630.yaml new file mode 100644 index 0000000000..f85cfdfff7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-1c8db3326f7e7fbd2267d1b19822a630.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-1c8db3326f7e7fbd2267d1b19822a630 + +info: + name: > + WP Statistics <= 13.1.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46545227-3c04-40a4-a25c-8f43845e90d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-2a14d3fb0a465f1cdb9f64f93f69aedd.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-2a14d3fb0a465f1cdb9f64f93f69aedd.yaml new file mode 100644 index 0000000000..b3584b7419 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-2a14d3fb0a465f1cdb9f64f93f69aedd.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-2a14d3fb0a465f1cdb9f64f93f69aedd + +info: + name: > + WP Statistics <= 13.1.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb7e922a-fae0-46f9-b8c1-0986b88f2813?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 13.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-2fefd80a39593e8b391e705011e7dfb1.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-2fefd80a39593e8b391e705011e7dfb1.yaml new file mode 100644 index 0000000000..de90d1c6f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-2fefd80a39593e8b391e705011e7dfb1.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-2fefd80a39593e8b391e705011e7dfb1 + +info: + name: > + WP Statistics <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting via platform + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2165d61-dc86-4893-91c4-85f0a577fc1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-3465e5292d73a551eb6c16bb4b06a27c.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-3465e5292d73a551eb6c16bb4b06a27c.yaml new file mode 100644 index 0000000000..ee5dd64b15 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-3465e5292d73a551eb6c16bb4b06a27c.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-3465e5292d73a551eb6c16bb4b06a27c + +info: + name: > + WP Statistics <= 13.1.5 - Unauthenticated Blind SQL Injection via current_page_type + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f0051d5-b236-420c-ae65-14610d05c6d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-3a4442e88172a0a47b7f5df765c70f36.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-3a4442e88172a0a47b7f5df765c70f36.yaml new file mode 100644 index 0000000000..3e5366dde8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-3a4442e88172a0a47b7f5df765c70f36.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-3a4442e88172a0a47b7f5df765c70f36 + +info: + name: > + WP Statistics <= 14.5 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e44e4bdd-d84e-4315-9232-48a3b240242d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-4533ca9d47b3b4f7b077cc893cacad61.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-4533ca9d47b3b4f7b077cc893cacad61.yaml new file mode 100644 index 0000000000..ad32de09e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-4533ca9d47b3b4f7b077cc893cacad61.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-4533ca9d47b3b4f7b077cc893cacad61 + +info: + name: > + WP Statistics <= 12.0.7 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3be36cd6-27a3-4b15-9e43-b1f6c25efae6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-4ab5b9d0741d36fdeb0d5b8e06672d39.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-4ab5b9d0741d36fdeb0d5b8e06672d39.yaml new file mode 100644 index 0000000000..53869f45f3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-4ab5b9d0741d36fdeb0d5b8e06672d39.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-4ab5b9d0741d36fdeb0d5b8e06672d39 + +info: + name: > + WP Statistics <= 13.2.16 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ffd60d2-ae8d-4738-a4f4-6df6e0ffa8c6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.2.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-4c0f6a08d37bb188811061a17ff42cfa.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-4c0f6a08d37bb188811061a17ff42cfa.yaml new file mode 100644 index 0000000000..eb3ce2e105 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-4c0f6a08d37bb188811061a17ff42cfa.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-4c0f6a08d37bb188811061a17ff42cfa + +info: + name: > + WP Statistics <= 12.6.3 - Referer Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdbad4b2-961a-41df-b284-14deb0a76677?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-5c2247e17c791b6fdfbffdac85a13840.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-5c2247e17c791b6fdfbffdac85a13840.yaml new file mode 100644 index 0000000000..ac7bc60f54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-5c2247e17c791b6fdfbffdac85a13840.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-5c2247e17c791b6fdfbffdac85a13840 + +info: + name: > + WP Statistics <= 13.2.10 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7638fd24-d376-4b5b-98bb-4a40ada6a4da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-5cdc77b83509c234be9fd2621b4d50a6.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-5cdc77b83509c234be9fd2621b4d50a6.yaml new file mode 100644 index 0000000000..1b9c1c9b2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-5cdc77b83509c234be9fd2621b4d50a6.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-5cdc77b83509c234be9fd2621b4d50a6 + +info: + name: > + WP Statistics <= 13.2.8 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6e4d8c3-f3ab-40f9-a8d2-77b53a8dba72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-84d819f2c5dbd24e5ca9102c42b9b228.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-84d819f2c5dbd24e5ca9102c42b9b228.yaml new file mode 100644 index 0000000000..2e808ec089 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-84d819f2c5dbd24e5ca9102c42b9b228.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-84d819f2c5dbd24e5ca9102c42b9b228 + +info: + name: > + WP Statistics <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting via browser + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcb68038-96a6-40b6-a37c-757fc19cbe0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-98db2564f4a4bc79566064c237408008.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-98db2564f4a4bc79566064c237408008.yaml new file mode 100644 index 0000000000..fcd078cf49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-98db2564f4a4bc79566064c237408008.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-98db2564f4a4bc79566064c237408008 + +info: + name: > + WP Statistics <= 13.2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6f549c8-673b-4032-9b56-5a2e2239eff3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 13.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-99d2db479f6570516dd28aa787f58742.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-99d2db479f6570516dd28aa787f58742.yaml new file mode 100644 index 0000000000..11c4c35a76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-99d2db479f6570516dd28aa787f58742.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-99d2db479f6570516dd28aa787f58742 + +info: + name: > + WP Statistics <= 13.1.5 - Unauthenticated Stored Cross-Site Scripting via IP + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e3bcd70-d19c-4c0f-80d0-a69e2ab947d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-b396ad7ddae66e7db7a5d4c1747eea0d.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-b396ad7ddae66e7db7a5d4c1747eea0d.yaml new file mode 100644 index 0000000000..32d90c5ba3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-b396ad7ddae66e7db7a5d4c1747eea0d.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-b396ad7ddae66e7db7a5d4c1747eea0d + +info: + name: > + WP Statistics <= 12.0.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bcd981fb-ef75-4ed3-a18f-4ad9eaa148f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-c7e70d0a47cc47b927ca88ef25cbbeb3.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-c7e70d0a47cc47b927ca88ef25cbbeb3.yaml new file mode 100644 index 0000000000..5ce808c5ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-c7e70d0a47cc47b927ca88ef25cbbeb3.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-c7e70d0a47cc47b927ca88ef25cbbeb3 + +info: + name: > + WP Statistics <= 12.6.6.1 - Unauthenticated Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f9fd9e1-c4b8-420e-a4d3-30c934853a98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.6.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-cf0e8508a150a92dcb38be8ebc42b5eb.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-cf0e8508a150a92dcb38be8ebc42b5eb.yaml new file mode 100644 index 0000000000..9f026a8d24 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-cf0e8508a150a92dcb38be8ebc42b5eb.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-cf0e8508a150a92dcb38be8ebc42b5eb + +info: + name: > + WP Statistics <= 13.0.7 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f561cce-1c0c-40f5-abba-ada8bc503aa8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 13.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-d323b2ee541571a78879d377867cb57c.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-d323b2ee541571a78879d377867cb57c.yaml new file mode 100644 index 0000000000..3d872df1cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-d323b2ee541571a78879d377867cb57c.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-d323b2ee541571a78879d377867cb57c + +info: + name: > + WP Statistics <= 12.0.9 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb519441-2598-4907-8e49-036c455176ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-fba6fe4ba924ddd9440214f83e497b37.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-fba6fe4ba924ddd9440214f83e497b37.yaml new file mode 100644 index 0000000000..79e8ab0a8d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-fba6fe4ba924ddd9440214f83e497b37.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-fba6fe4ba924ddd9440214f83e497b37 + +info: + name: > + WP Statistics <= 13.1.4 - Unauthenticated Blind SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbc2a1f7-4c3c-4f37-a187-572f40e9b792?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-statistics-fe0f4f4fb6e560c8f83991dc7a6212ad.yaml b/nuclei-templates/cve-less/plugins/wp-statistics-fe0f4f4fb6e560c8f83991dc7a6212ad.yaml new file mode 100644 index 0000000000..79e0fac281 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-statistics-fe0f4f4fb6e560c8f83991dc7a6212ad.yaml @@ -0,0 +1,58 @@ +id: wp-statistics-fe0f4f4fb6e560c8f83991dc7a6212ad + +info: + name: > + WP Statistics <= 12.6.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc684cd2-f01a-4c2d-b979-a47b83d01bd2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-statistics/" + google-query: inurl:"/wp-content/plugins/wp-statistics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-statistics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-statistics/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-statistics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stats-422debdfe258e02ddb505987826a2ea3.yaml b/nuclei-templates/cve-less/plugins/wp-stats-422debdfe258e02ddb505987826a2ea3.yaml new file mode 100644 index 0000000000..774efe4b41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stats-422debdfe258e02ddb505987826a2ea3.yaml @@ -0,0 +1,58 @@ +id: wp-stats-422debdfe258e02ddb505987826a2ea3 + +info: + name: > + WP-Stats < 2.52 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3df11929-37be-4c52-ae53-fbbe926659b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stats/" + google-query: inurl:"/wp-content/plugins/wp-stats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stats,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.52') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stats-dashboard-cca20bceb29d548b71fff2c6b265d9c3.yaml b/nuclei-templates/cve-less/plugins/wp-stats-dashboard-cca20bceb29d548b71fff2c6b265d9c3.yaml new file mode 100644 index 0000000000..fe15de3d3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stats-dashboard-cca20bceb29d548b71fff2c6b265d9c3.yaml @@ -0,0 +1,58 @@ +id: wp-stats-dashboard-cca20bceb29d548b71fff2c6b265d9c3 + +info: + name: > + WP-Stats-Dashboard <= 2.9.4 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53a28cee-fda0-43eb-8012-5059bb061694?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stats-dashboard/" + google-query: inurl:"/wp-content/plugins/wp-stats-dashboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stats-dashboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stats-dashboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stats-dashboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stats-manager-1085089f2339a1b75325ca6667c1e32b.yaml b/nuclei-templates/cve-less/plugins/wp-stats-manager-1085089f2339a1b75325ca6667c1e32b.yaml new file mode 100644 index 0000000000..45af87f9d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stats-manager-1085089f2339a1b75325ca6667c1e32b.yaml @@ -0,0 +1,58 @@ +id: wp-stats-manager-1085089f2339a1b75325ca6667c1e32b + +info: + name: > + WP Visitor Statistics (Real Time Traffic) <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ef9a757-625b-417a-b0ec-f13e2ff4f0f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stats-manager/" + google-query: inurl:"/wp-content/plugins/wp-stats-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stats-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stats-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stats-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stats-manager-1be66c0880c6c44fa345977c011d45e4.yaml b/nuclei-templates/cve-less/plugins/wp-stats-manager-1be66c0880c6c44fa345977c011d45e4.yaml new file mode 100644 index 0000000000..76229297b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stats-manager-1be66c0880c6c44fa345977c011d45e4.yaml @@ -0,0 +1,58 @@ +id: wp-stats-manager-1be66c0880c6c44fa345977c011d45e4 + +info: + name: > + WP Visitor Statistics (Real Time Traffic) <= 5.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd3c1e65-fcb2-4e31-973b-8271a833c6ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stats-manager/" + google-query: inurl:"/wp-content/plugins/wp-stats-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stats-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stats-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stats-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stats-manager-6d7c8242c157e79033d5cce1ebd197e9.yaml b/nuclei-templates/cve-less/plugins/wp-stats-manager-6d7c8242c157e79033d5cce1ebd197e9.yaml new file mode 100644 index 0000000000..a2e31edaf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stats-manager-6d7c8242c157e79033d5cce1ebd197e9.yaml @@ -0,0 +1,58 @@ +id: wp-stats-manager-6d7c8242c157e79033d5cce1ebd197e9 + +info: + name: > + WP Visitor Statistics (Real Time Traffic) <= 5.4 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/693fbac2-46b8-4771-99b5-6cd97096286e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stats-manager/" + google-query: inurl:"/wp-content/plugins/wp-stats-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stats-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stats-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stats-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stats-manager-784bab21dbff631c360386613afa3af2.yaml b/nuclei-templates/cve-less/plugins/wp-stats-manager-784bab21dbff631c360386613afa3af2.yaml new file mode 100644 index 0000000000..e6c6e0be1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stats-manager-784bab21dbff631c360386613afa3af2.yaml @@ -0,0 +1,58 @@ +id: wp-stats-manager-784bab21dbff631c360386613afa3af2 + +info: + name: > + WP Visitor Statistics (Real Time Traffic) <= 5.7 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79f14b3f-3163-41c2-88ff-a1e0879e8248?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stats-manager/" + google-query: inurl:"/wp-content/plugins/wp-stats-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stats-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stats-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stats-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stats-manager-8bca0401c2687aab215b4ddd44231c26.yaml b/nuclei-templates/cve-less/plugins/wp-stats-manager-8bca0401c2687aab215b4ddd44231c26.yaml new file mode 100644 index 0000000000..5ba7c96470 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stats-manager-8bca0401c2687aab215b4ddd44231c26.yaml @@ -0,0 +1,58 @@ +id: wp-stats-manager-8bca0401c2687aab215b4ddd44231c26 + +info: + name: > + WP Visitor Statistics (Real Time Traffic) <= 4.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9687e8e5-add1-477d-9cb7-f94b8af10da5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stats-manager/" + google-query: inurl:"/wp-content/plugins/wp-stats-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stats-manager,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stats-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stats-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stats-manager-933664bac0ba7d546ec800941231f6f3.yaml b/nuclei-templates/cve-less/plugins/wp-stats-manager-933664bac0ba7d546ec800941231f6f3.yaml new file mode 100644 index 0000000000..53e6ced74a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stats-manager-933664bac0ba7d546ec800941231f6f3.yaml @@ -0,0 +1,58 @@ +id: wp-stats-manager-933664bac0ba7d546ec800941231f6f3 + +info: + name: > + WP Visitor Statistics (Real Time Traffic) <= 6.9.4 - Sensitive Information Exposure via Log File + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2d69d59-390d-4f3c-96ba-487707cac7a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stats-manager/" + google-query: inurl:"/wp-content/plugins/wp-stats-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stats-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stats-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stats-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stats-manager-a3d20ed9da7c57fc778f0d01bfbac322.yaml b/nuclei-templates/cve-less/plugins/wp-stats-manager-a3d20ed9da7c57fc778f0d01bfbac322.yaml new file mode 100644 index 0000000000..45b3333052 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stats-manager-a3d20ed9da7c57fc778f0d01bfbac322.yaml @@ -0,0 +1,58 @@ +id: wp-stats-manager-a3d20ed9da7c57fc778f0d01bfbac322 + +info: + name: > + WP Visitor Statistics (Real Time Traffic) <= 6.8.1 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8e511ec-93d3-45f3-98ee-ffa7a79bf74e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stats-manager/" + google-query: inurl:"/wp-content/plugins/wp-stats-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stats-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stats-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stats-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-sticky-social-a15cdcee1d81fbf41320a2105863ebbb.yaml b/nuclei-templates/cve-less/plugins/wp-sticky-social-a15cdcee1d81fbf41320a2105863ebbb.yaml new file mode 100644 index 0000000000..e63a31ea22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-sticky-social-a15cdcee1d81fbf41320a2105863ebbb.yaml @@ -0,0 +1,58 @@ +id: wp-sticky-social-a15cdcee1d81fbf41320a2105863ebbb + +info: + name: > + WP Sticky Social <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a272e12b-97a2-421a-a703-3acce2ed8313?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-sticky-social/" + google-query: inurl:"/wp-content/plugins/wp-sticky-social/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-sticky-social,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-sticky-social/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-sticky-social" + part: body + + - type: dsl + dsl: + - compare_versions(version, '1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stripe-checkout-23d71c471ed57b8e6edb42812714c4cc.yaml b/nuclei-templates/cve-less/plugins/wp-stripe-checkout-23d71c471ed57b8e6edb42812714c4cc.yaml new file mode 100644 index 0000000000..c50598cc99 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stripe-checkout-23d71c471ed57b8e6edb42812714c4cc.yaml @@ -0,0 +1,58 @@ +id: wp-stripe-checkout-23d71c471ed57b8e6edb42812714c4cc + +info: + name: > + WP Stripe Checkout <= 1.2.2.37 - Sensitive Information Exposure via Debug Log + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f244b8e-94ae-4d95-83a7-53b826e98656?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stripe-checkout/" + google-query: inurl:"/wp-content/plugins/wp-stripe-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stripe-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stripe-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stripe-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2.37') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stripe-checkout-8a4ffb5cbc3cc45c48f96fc0d6e8fdac.yaml b/nuclei-templates/cve-less/plugins/wp-stripe-checkout-8a4ffb5cbc3cc45c48f96fc0d6e8fdac.yaml new file mode 100644 index 0000000000..20a06323f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stripe-checkout-8a4ffb5cbc3cc45c48f96fc0d6e8fdac.yaml @@ -0,0 +1,58 @@ +id: wp-stripe-checkout-8a4ffb5cbc3cc45c48f96fc0d6e8fdac + +info: + name: > + WP Stripe Checkout <= 1.2.2.20 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bf6b196-6dd8-41b7-9838-287be16559fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stripe-checkout/" + google-query: inurl:"/wp-content/plugins/wp-stripe-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stripe-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stripe-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stripe-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stripe-checkout-deed3fa156af1c41e337b8275419b59f.yaml b/nuclei-templates/cve-less/plugins/wp-stripe-checkout-deed3fa156af1c41e337b8275419b59f.yaml new file mode 100644 index 0000000000..30421c0b4e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stripe-checkout-deed3fa156af1c41e337b8275419b59f.yaml @@ -0,0 +1,58 @@ +id: wp-stripe-checkout-deed3fa156af1c41e337b8275419b59f + +info: + name: > + WP Stripe Checkout <= 1.2.2.41 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe5227f0-3f7f-4d31-8d46-de2eec44b514?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stripe-checkout/" + google-query: inurl:"/wp-content/plugins/wp-stripe-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stripe-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stripe-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stripe-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-stripe-donation-538423ca9f2308dfd7db2d7106fab896.yaml b/nuclei-templates/cve-less/plugins/wp-stripe-donation-538423ca9f2308dfd7db2d7106fab896.yaml new file mode 100644 index 0000000000..d44fc7f9e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-stripe-donation-538423ca9f2308dfd7db2d7106fab896.yaml @@ -0,0 +1,58 @@ +id: wp-stripe-donation-538423ca9f2308dfd7db2d7106fab896 + +info: + name: > + Accept Stripe Donation – AidWP <= 3.1.5 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27161b4b-d11c-487b-b1ce-7e43bf7b2e57?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-stripe-donation/" + google-query: inurl:"/wp-content/plugins/wp-stripe-donation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-stripe-donation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-stripe-donation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-stripe-donation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-structuring-markup-d5d53242307fbcb60f1d07b6a75cb319.yaml b/nuclei-templates/cve-less/plugins/wp-structuring-markup-d5d53242307fbcb60f1d07b6a75cb319.yaml new file mode 100644 index 0000000000..2e82f9f154 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-structuring-markup-d5d53242307fbcb60f1d07b6a75cb319.yaml @@ -0,0 +1,58 @@ +id: wp-structuring-markup-d5d53242307fbcb60f1d07b6a75cb319 + +info: + name: > + Markup <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9ac2142-7872-4061-9557-d27015403595?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-structuring-markup/" + google-query: inurl:"/wp-content/plugins/wp-structuring-markup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-structuring-markup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-structuring-markup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-structuring-markup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-subscribe-a4b9301f609713ae947856e0a785959d.yaml b/nuclei-templates/cve-less/plugins/wp-subscribe-a4b9301f609713ae947856e0a785959d.yaml new file mode 100644 index 0000000000..6d004c281d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-subscribe-a4b9301f609713ae947856e0a785959d.yaml @@ -0,0 +1,58 @@ +id: wp-subscribe-a4b9301f609713ae947856e0a785959d + +info: + name: > + WP Subscribe <= 1.2.12 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46ca2967-5b75-49f5-8b0c-1e9274423c93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-subscribe/" + google-query: inurl:"/wp-content/plugins/wp-subscribe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-subscribe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-subscribe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-subscribe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-subtitle-8e8d26048a256bd2a6af10c450c287bb.yaml b/nuclei-templates/cve-less/plugins/wp-subtitle-8e8d26048a256bd2a6af10c450c287bb.yaml new file mode 100644 index 0000000000..f609fe2974 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-subtitle-8e8d26048a256bd2a6af10c450c287bb.yaml @@ -0,0 +1,58 @@ +id: wp-subtitle-8e8d26048a256bd2a6af10c450c287bb + +info: + name: > + WP Subtitle <= 3.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bc66669-ee38-408a-9dea-e6421cc6f75c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-subtitle/" + google-query: inurl:"/wp-content/plugins/wp-subtitle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-subtitle,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-subtitle/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-subtitle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-super-cache-0a730b29011862fa99f3ba28ddcb0a8c.yaml b/nuclei-templates/cve-less/plugins/wp-super-cache-0a730b29011862fa99f3ba28ddcb0a8c.yaml new file mode 100644 index 0000000000..202fbe9800 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-super-cache-0a730b29011862fa99f3ba28ddcb0a8c.yaml @@ -0,0 +1,58 @@ +id: wp-super-cache-0a730b29011862fa99f3ba28ddcb0a8c + +info: + name: > + WP Super Cache <= 1.7.2 - Authenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/733ae8c8-fa52-418d-b42e-75516906fb66?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-super-cache/" + google-query: inurl:"/wp-content/plugins/wp-super-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-super-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-super-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-super-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-super-cache-578845e46f5e10ee10237d1397f1fce9.yaml b/nuclei-templates/cve-less/plugins/wp-super-cache-578845e46f5e10ee10237d1397f1fce9.yaml new file mode 100644 index 0000000000..5a984705c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-super-cache-578845e46f5e10ee10237d1397f1fce9.yaml @@ -0,0 +1,58 @@ +id: wp-super-cache-578845e46f5e10ee10237d1397f1fce9 + +info: + name: > + WP Super Cache <= 1.7.2 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18afd787-2b1f-452c-90d8-75e0df9322fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-super-cache/" + google-query: inurl:"/wp-content/plugins/wp-super-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-super-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-super-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-super-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-super-cache-afeb8327fb03504a0b5ac79fd5a442f7.yaml b/nuclei-templates/cve-less/plugins/wp-super-cache-afeb8327fb03504a0b5ac79fd5a442f7.yaml new file mode 100644 index 0000000000..4c73cd7e6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-super-cache-afeb8327fb03504a0b5ac79fd5a442f7.yaml @@ -0,0 +1,58 @@ +id: wp-super-cache-afeb8327fb03504a0b5ac79fd5a442f7 + +info: + name: > + WP Super Cache <= 1.2 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9d70f5c-e05f-47c9-994c-0e1da5b2fe01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-super-cache/" + google-query: inurl:"/wp-content/plugins/wp-super-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-super-cache,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-super-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-super-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-super-cache-c29571f39de26e98c4a31202523c55d7.yaml b/nuclei-templates/cve-less/plugins/wp-super-cache-c29571f39de26e98c4a31202523c55d7.yaml new file mode 100644 index 0000000000..330dca07fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-super-cache-c29571f39de26e98c4a31202523c55d7.yaml @@ -0,0 +1,58 @@ +id: wp-super-cache-c29571f39de26e98c4a31202523c55d7 + +info: + name: > + WP Super Cache < 1.3.2 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6196b07-a2fc-45ac-8700-a1ce2713a960?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-super-cache/" + google-query: inurl:"/wp-content/plugins/wp-super-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-super-cache,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-super-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-super-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-super-cache-d80662422b2866b3d65a5445924467ed.yaml b/nuclei-templates/cve-less/plugins/wp-super-cache-d80662422b2866b3d65a5445924467ed.yaml new file mode 100644 index 0000000000..5a0364713d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-super-cache-d80662422b2866b3d65a5445924467ed.yaml @@ -0,0 +1,58 @@ +id: wp-super-cache-d80662422b2866b3d65a5445924467ed + +info: + name: > + WP Super Cache Plugin <= 1.3 - Multiple Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2fcbd6c5-dd03-439c-b6b8-54b0c24a1c27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-super-cache/" + google-query: inurl:"/wp-content/plugins/wp-super-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-super-cache,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-super-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-super-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-super-cache-fce354233cc8042e718d5365b3a58e08.yaml b/nuclei-templates/cve-less/plugins/wp-super-cache-fce354233cc8042e718d5365b3a58e08.yaml new file mode 100644 index 0000000000..78e46ba421 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-super-cache-fce354233cc8042e718d5365b3a58e08.yaml @@ -0,0 +1,58 @@ +id: wp-super-cache-fce354233cc8042e718d5365b3a58e08 + +info: + name: > + WP Super Cache <= 1.7.1 - Authenticated (Admin+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f6bc166-8489-44bc-862e-dd4dcc1dcff8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-super-cache/" + google-query: inurl:"/wp-content/plugins/wp-super-cache/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-super-cache,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-super-cache/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-super-cache" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-super-minify-83ffcb1b7b93055d3871683fd17b0c51.yaml b/nuclei-templates/cve-less/plugins/wp-super-minify-83ffcb1b7b93055d3871683fd17b0c51.yaml new file mode 100644 index 0000000000..fa2b22b5e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-super-minify-83ffcb1b7b93055d3871683fd17b0c51.yaml @@ -0,0 +1,58 @@ +id: wp-super-minify-83ffcb1b7b93055d3871683fd17b0c51 + +info: + name: > + WP Super Minify <= 1.5.1 - Cross-Site Request Forgery via 'wpsmy_admin_options' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af59fcf6-4435-45f0-8904-ff520ea86157?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-super-minify/" + google-query: inurl:"/wp-content/plugins/wp-super-minify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-super-minify,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-super-minify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-super-minify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-super-popup-39af241a774d2dcd3cc32b6204b6cb7b.yaml b/nuclei-templates/cve-less/plugins/wp-super-popup-39af241a774d2dcd3cc32b6204b6cb7b.yaml new file mode 100644 index 0000000000..55a8d2f0c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-super-popup-39af241a774d2dcd3cc32b6204b6cb7b.yaml @@ -0,0 +1,58 @@ +id: wp-super-popup-39af241a774d2dcd3cc32b6204b6cb7b + +info: + name: > + WP Super Popup <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b458e27-331b-4ae2-ade8-8b14aeffb1e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-super-popup/" + google-query: inurl:"/wp-content/plugins/wp-super-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-super-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-super-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-super-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-superb-slideshow-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-superb-slideshow-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..ffd8b18091 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-superb-slideshow-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-superb-slideshow-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-superb-slideshow/" + google-query: inurl:"/wp-content/plugins/wp-superb-slideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-superb-slideshow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-superb-slideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-superb-slideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-385055003f5f62851bef6489ef8b74ea.yaml b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-385055003f5f62851bef6489ef8b74ea.yaml new file mode 100644 index 0000000000..2434025418 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-385055003f5f62851bef6489ef8b74ea.yaml @@ -0,0 +1,58 @@ +id: wp-support-plus-responsive-ticket-system-385055003f5f62851bef6489ef8b74ea + +info: + name: > + WP Support Plus Responsive Ticket System <= 4.0 - JavaScript Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b22aaac4-39f1-482b-9fc7-79825cf2e818?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/" + google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-support-plus-responsive-ticket-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-support-plus-responsive-ticket-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-45e53acb580bbd675bfc6be68ad774dd.yaml b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-45e53acb580bbd675bfc6be68ad774dd.yaml new file mode 100644 index 0000000000..96cadf3f47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-45e53acb580bbd675bfc6be68ad774dd.yaml @@ -0,0 +1,58 @@ +id: wp-support-plus-responsive-ticket-system-45e53acb580bbd675bfc6be68ad774dd + +info: + name: > + WP Support Plus Responsive Ticket System <= 4.1 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99433521-721b-41c3-8736-fd2943901b4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/" + google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-support-plus-responsive-ticket-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-support-plus-responsive-ticket-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-497a0a1ea8afe0e920601e57f5c6ccaa.yaml b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-497a0a1ea8afe0e920601e57f5c6ccaa.yaml new file mode 100644 index 0000000000..76b8f143cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-497a0a1ea8afe0e920601e57f5c6ccaa.yaml @@ -0,0 +1,58 @@ +id: wp-support-plus-responsive-ticket-system-497a0a1ea8afe0e920601e57f5c6ccaa + +info: + name: > + WP Support Plus Responsive Ticket System <= 9.1.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80b31295-474e-4375-b566-c628e869da10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/" + google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-support-plus-responsive-ticket-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-support-plus-responsive-ticket-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 9.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-4fb356daa205fa86efebf393915d0c50.yaml b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-4fb356daa205fa86efebf393915d0c50.yaml new file mode 100644 index 0000000000..25cea6a1b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-4fb356daa205fa86efebf393915d0c50.yaml @@ -0,0 +1,58 @@ +id: wp-support-plus-responsive-ticket-system-4fb356daa205fa86efebf393915d0c50 + +info: + name: > + Support Plus Responsive Ticket System <= 4.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92c79e51-3b14-4d1c-893b-a683b55f3011?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/" + google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-support-plus-responsive-ticket-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-support-plus-responsive-ticket-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-8775037057b715229697772ba91f4bf3.yaml b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-8775037057b715229697772ba91f4bf3.yaml new file mode 100644 index 0000000000..af1eca4806 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-8775037057b715229697772ba91f4bf3.yaml @@ -0,0 +1,58 @@ +id: wp-support-plus-responsive-ticket-system-8775037057b715229697772ba91f4bf3 + +info: + name: > + Support Plus Responsive Ticket System < 7.1.0 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59da86c4-1a68-4077-8b56-9c6c8afe26ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/" + google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-support-plus-responsive-ticket-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-support-plus-responsive-ticket-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-9ffc56b5ea5f6b924435376642f18ea0.yaml b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-9ffc56b5ea5f6b924435376642f18ea0.yaml new file mode 100644 index 0000000000..b903b3bd18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-9ffc56b5ea5f6b924435376642f18ea0.yaml @@ -0,0 +1,58 @@ +id: wp-support-plus-responsive-ticket-system-9ffc56b5ea5f6b924435376642f18ea0 + +info: + name: > + Support Plus Responsive Ticket System <= 4.1 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bac8245c-292a-4b16-950f-fa3d06e41a09?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/" + google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-support-plus-responsive-ticket-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-support-plus-responsive-ticket-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-d69b023495447f633ec6d9d561e7345f.yaml b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-d69b023495447f633ec6d9d561e7345f.yaml new file mode 100644 index 0000000000..af30bc5a9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-d69b023495447f633ec6d9d561e7345f.yaml @@ -0,0 +1,58 @@ +id: wp-support-plus-responsive-ticket-system-d69b023495447f633ec6d9d561e7345f + +info: + name: > + WP Support Plus Responsive Ticket System <= 9.0.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72ed9cba-fe5c-4cee-9e1b-c3edde2521ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/" + google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-support-plus-responsive-ticket-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-support-plus-responsive-ticket-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-e87da4fdaddc8c3f88dc163d8c30bc5e.yaml b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-e87da4fdaddc8c3f88dc163d8c30bc5e.yaml new file mode 100644 index 0000000000..08e0f9cf43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-e87da4fdaddc8c3f88dc163d8c30bc5e.yaml @@ -0,0 +1,58 @@ +id: wp-support-plus-responsive-ticket-system-e87da4fdaddc8c3f88dc163d8c30bc5e + +info: + name: > + WP Support Plus Responsive Ticket System <= 4.1 - Improper Authentication + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e744c77-efa2-4910-af18-56aa15424412?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/" + google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-support-plus-responsive-ticket-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-support-plus-responsive-ticket-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-f30cbcc00e52a547df9af466cf2eeb9d.yaml b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-f30cbcc00e52a547df9af466cf2eeb9d.yaml new file mode 100644 index 0000000000..78ccc5e1e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-support-plus-responsive-ticket-system-f30cbcc00e52a547df9af466cf2eeb9d.yaml @@ -0,0 +1,58 @@ +id: wp-support-plus-responsive-ticket-system-f30cbcc00e52a547df9af466cf2eeb9d + +info: + name: > + WP Support Plus Responsive Ticket System <= 9.1.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9a989db-683c-492c-8c26-abef0fecf00e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-support-plus-responsive-ticket-system/" + google-query: inurl:"/wp-content/plugins/wp-support-plus-responsive-ticket-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-support-plus-responsive-ticket-system,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-support-plus-responsive-ticket-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-support-plus-responsive-ticket-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 9.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-survey-and-poll-7aeb0cb02f45fcefa48994c17b9a07f7.yaml b/nuclei-templates/cve-less/plugins/wp-survey-and-poll-7aeb0cb02f45fcefa48994c17b9a07f7.yaml new file mode 100644 index 0000000000..6c3491019f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-survey-and-poll-7aeb0cb02f45fcefa48994c17b9a07f7.yaml @@ -0,0 +1,58 @@ +id: wp-survey-and-poll-7aeb0cb02f45fcefa48994c17b9a07f7 + +info: + name: > + WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress < 1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/944cd237-d5cb-44da-8d4a-5cf7edd368a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-survey-and-poll/" + google-query: inurl:"/wp-content/plugins/wp-survey-and-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-survey-and-poll,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-survey-and-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-survey-and-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-survey-and-quiz-tool-19c5c13179457ac1c8bd83d2fa6c9156.yaml b/nuclei-templates/cve-less/plugins/wp-survey-and-quiz-tool-19c5c13179457ac1c8bd83d2fa6c9156.yaml new file mode 100644 index 0000000000..28fd0cb050 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-survey-and-quiz-tool-19c5c13179457ac1c8bd83d2fa6c9156.yaml @@ -0,0 +1,58 @@ +id: wp-survey-and-quiz-tool-19c5c13179457ac1c8bd83d2fa6c9156 + +info: + name: > + WP Survey And Quiz Tool < 1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a77f8a2b-c61b-4942-93b5-202ebce4cf96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-survey-and-quiz-tool/" + google-query: inurl:"/wp-content/plugins/wp-survey-and-quiz-tool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-survey-and-quiz-tool,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-survey-and-quiz-tool/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-survey-and-quiz-tool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-survey-plus-e9cbfa821e4a40c5bf6ec29f2c85944c.yaml b/nuclei-templates/cve-less/plugins/wp-survey-plus-e9cbfa821e4a40c5bf6ec29f2c85944c.yaml new file mode 100644 index 0000000000..902412f3f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-survey-plus-e9cbfa821e4a40c5bf6ec29f2c85944c.yaml @@ -0,0 +1,58 @@ +id: wp-survey-plus-e9cbfa821e4a40c5bf6ec29f2c85944c + +info: + name: > + WP Survey Plus <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/496249cf-f75e-42e6-a189-332dd73d14bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-survey-plus/" + google-query: inurl:"/wp-content/plugins/wp-survey-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-survey-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-survey-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-survey-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-svg-images-d123d567f469bf81fa1efe0cec4fc6a4.yaml b/nuclei-templates/cve-less/plugins/wp-svg-images-d123d567f469bf81fa1efe0cec4fc6a4.yaml new file mode 100644 index 0000000000..aaeb99a1c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-svg-images-d123d567f469bf81fa1efe0cec4fc6a4.yaml @@ -0,0 +1,58 @@ +id: wp-svg-images-d123d567f469bf81fa1efe0cec4fc6a4 + +info: + name: > + WP SVG Images <= 3.3 - Authenticated (author+) Stored Cross-Site Scripting via SVG + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b72a26dd-0d20-462e-bb71-ed83eae6766e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-svg-images/" + google-query: inurl:"/wp-content/plugins/wp-svg-images/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-svg-images,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-svg-images/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-svg-images" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-swimteam-99900192dbf1fe9dc977df0b62f5f3df.yaml b/nuclei-templates/cve-less/plugins/wp-swimteam-99900192dbf1fe9dc977df0b62f5f3df.yaml new file mode 100644 index 0000000000..938e0b7434 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-swimteam-99900192dbf1fe9dc977df0b62f5f3df.yaml @@ -0,0 +1,58 @@ +id: wp-swimteam-99900192dbf1fe9dc977df0b62f5f3df + +info: + name: > + Swim Team < 1.45.1085 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98d008a4-5dbf-410f-8753-d5aeb28b4447?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-swimteam/" + google-query: inurl:"/wp-content/plugins/wp-swimteam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-swimteam,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-swimteam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-swimteam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.44.1077') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-2fec5b54bae57b8457c08f84660fdcc9.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-2fec5b54bae57b8457c08f84660fdcc9.yaml new file mode 100644 index 0000000000..48fcd7ccbe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-symposium-2fec5b54bae57b8457c08f84660fdcc9.yaml @@ -0,0 +1,58 @@ +id: wp-symposium-2fec5b54bae57b8457c08f84660fdcc9 + +info: + name: > + WP Symposium <= 15.8 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ad379ad-8733-4015-a892-375604339695?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-symposium/" + google-query: inurl:"/wp-content/plugins/wp-symposium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-symposium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-symposium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-symposium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 15.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-320ea2b9c0bedd9f6c8b24cfa2e671a3.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-320ea2b9c0bedd9f6c8b24cfa2e671a3.yaml new file mode 100644 index 0000000000..6949b1fc4b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-symposium-320ea2b9c0bedd9f6c8b24cfa2e671a3.yaml @@ -0,0 +1,58 @@ +id: wp-symposium-320ea2b9c0bedd9f6c8b24cfa2e671a3 + +info: + name: > + WP Symposium <= 14.10 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccc7fd8b-ac7d-4b40-816a-a5a1565c422a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-symposium/" + google-query: inurl:"/wp-content/plugins/wp-symposium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-symposium,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-symposium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-symposium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-491436cd325d5b03202c1b421dcad671.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-491436cd325d5b03202c1b421dcad671.yaml new file mode 100644 index 0000000000..df5ff8e54e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-symposium-491436cd325d5b03202c1b421dcad671.yaml @@ -0,0 +1,58 @@ +id: wp-symposium-491436cd325d5b03202c1b421dcad671 + +info: + name: > + WP Symposium < 14.11 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a14c04e8-72cc-4415-a95c-e26f6335b485?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-symposium/" + google-query: inurl:"/wp-content/plugins/wp-symposium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-symposium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-symposium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-symposium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 14.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-4ae9af0b470e9693506c7f0dea29cf9b.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-4ae9af0b470e9693506c7f0dea29cf9b.yaml new file mode 100644 index 0000000000..8028ece4b4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-symposium-4ae9af0b470e9693506c7f0dea29cf9b.yaml @@ -0,0 +1,58 @@ +id: wp-symposium-4ae9af0b470e9693506c7f0dea29cf9b + +info: + name: > + WP Symposium < 15.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbba83c2-4dc3-4850-8bbf-f9c700247b49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-symposium/" + google-query: inurl:"/wp-content/plugins/wp-symposium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-symposium,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-symposium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-symposium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 15.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-8339317d8346b6724b17c27a89e2d93a.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-8339317d8346b6724b17c27a89e2d93a.yaml new file mode 100644 index 0000000000..234ae5625b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-symposium-8339317d8346b6724b17c27a89e2d93a.yaml @@ -0,0 +1,58 @@ +id: wp-symposium-8339317d8346b6724b17c27a89e2d93a + +info: + name: > + WP Symposium < 13.04 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28286b89-0fcd-4616-8246-d8a19d632674?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-symposium/" + google-query: inurl:"/wp-content/plugins/wp-symposium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-symposium,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-symposium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-symposium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 13.04') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-94c6416d0acf4ef5543b79e97739f29b.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-94c6416d0acf4ef5543b79e97739f29b.yaml new file mode 100644 index 0000000000..0551d56896 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-symposium-94c6416d0acf4ef5543b79e97739f29b.yaml @@ -0,0 +1,58 @@ +id: wp-symposium-94c6416d0acf4ef5543b79e97739f29b + +info: + name: > + WP Symposium <= 14.11 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3eee437-e65e-461e-9350-c89f21171e3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-symposium/" + google-query: inurl:"/wp-content/plugins/wp-symposium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-symposium,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-symposium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-symposium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-ab05d89891e41c4ee487b45fc002d7f7.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-ab05d89891e41c4ee487b45fc002d7f7.yaml new file mode 100644 index 0000000000..5c2f4eb64f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-symposium-ab05d89891e41c4ee487b45fc002d7f7.yaml @@ -0,0 +1,58 @@ +id: wp-symposium-ab05d89891e41c4ee487b45fc002d7f7 + +info: + name: > + WP Symposium <= 13.04 - Open Redirection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd4d7c44-890c-4560-b637-cdc0ca00de31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-symposium/" + google-query: inurl:"/wp-content/plugins/wp-symposium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-symposium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-symposium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-symposium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 13.04') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-ea4a5a60afde85ede6fced3685c1e946.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-ea4a5a60afde85ede6fced3685c1e946.yaml new file mode 100644 index 0000000000..e83ab442f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-symposium-ea4a5a60afde85ede6fced3685c1e946.yaml @@ -0,0 +1,58 @@ +id: wp-symposium-ea4a5a60afde85ede6fced3685c1e946 + +info: + name: > + WP Symposium < 11.12.24 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a03f2dc-21c4-44e9-b7bf-8d4420430466?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-symposium/" + google-query: inurl:"/wp-content/plugins/wp-symposium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-symposium,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-symposium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-symposium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 11.12.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-f66731d5fdc6cfd1b64d52850c4933f1.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-f66731d5fdc6cfd1b64d52850c4933f1.yaml new file mode 100644 index 0000000000..aa637a8aca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-symposium-f66731d5fdc6cfd1b64d52850c4933f1.yaml @@ -0,0 +1,58 @@ +id: wp-symposium-f66731d5fdc6cfd1b64d52850c4933f1 + +info: + name: > + WP Symposium <= 15.8.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59971f3d-2f98-44fd-a105-621a315721ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-symposium/" + google-query: inurl:"/wp-content/plugins/wp-symposium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-symposium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-symposium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-symposium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 15.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-symposium-f6896d23342ecbcbdbcbfcb5cd72746c.yaml b/nuclei-templates/cve-less/plugins/wp-symposium-f6896d23342ecbcbdbcbfcb5cd72746c.yaml new file mode 100644 index 0000000000..b5d14a7cea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-symposium-f6896d23342ecbcbdbcbfcb5cd72746c.yaml @@ -0,0 +1,58 @@ +id: wp-symposium-f6896d23342ecbcbdbcbfcb5cd72746c + +info: + name: > + WP Symposium <= 11.11.26 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a896f57-e742-4eb6-85dc-c45d3f0747d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-symposium/" + google-query: inurl:"/wp-content/plugins/wp-symposium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-symposium,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-symposium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-symposium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.11.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-syntax-2f32fe11ebe5c9f4865c13025a6e4323.yaml b/nuclei-templates/cve-less/plugins/wp-syntax-2f32fe11ebe5c9f4865c13025a6e4323.yaml new file mode 100644 index 0000000000..39b463dede --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-syntax-2f32fe11ebe5c9f4865c13025a6e4323.yaml @@ -0,0 +1,58 @@ +id: wp-syntax-2f32fe11ebe5c9f4865c13025a6e4323 + +info: + name: > + WP Syntax < 0.9.10 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46b3b01c-8739-4b51-be34-1dd3c50d772e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-syntax/" + google-query: inurl:"/wp-content/plugins/wp-syntax/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-syntax,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-syntax/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-syntax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-t-wap-9296439439a688a4e97beee133155172.yaml b/nuclei-templates/cve-less/plugins/wp-t-wap-9296439439a688a4e97beee133155172.yaml new file mode 100644 index 0000000000..b6dc13f4ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-t-wap-9296439439a688a4e97beee133155172.yaml @@ -0,0 +1,58 @@ +id: wp-t-wap-9296439439a688a4e97beee133155172 + +info: + name: > + WP-T-Wap <= 1.13.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f14e464-cf48-4f8a-a1db-a8adced8321f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-t-wap/" + google-query: inurl:"/wp-content/plugins/wp-t-wap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-t-wap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-t-wap/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-t-wap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-table-a6d8f41f2ddaf46a5ebf99480a45e53f.yaml b/nuclei-templates/cve-less/plugins/wp-table-a6d8f41f2ddaf46a5ebf99480a45e53f.yaml new file mode 100644 index 0000000000..718fe97bea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-table-a6d8f41f2ddaf46a5ebf99480a45e53f.yaml @@ -0,0 +1,58 @@ +id: wp-table-a6d8f41f2ddaf46a5ebf99480a45e53f + +info: + name: > + WP-Table <= 1.43 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/182370f5-0f56-4757-8276-1399606c1a2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-table/" + google-query: inurl:"/wp-content/plugins/wp-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-table,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.43') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-table-builder-fe0115e4206583520304b505b1843190.yaml b/nuclei-templates/cve-less/plugins/wp-table-builder-fe0115e4206583520304b505b1843190.yaml new file mode 100644 index 0000000000..188545e901 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-table-builder-fe0115e4206583520304b505b1843190.yaml @@ -0,0 +1,58 @@ +id: wp-table-builder-fe0115e4206583520304b505b1843190 + +info: + name: > + WP Table Builder – WordPress Table Plugin <= 1.4.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91d5d052-d219-4c2f-9341-19f415ff90c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-table-builder/" + google-query: inurl:"/wp-content/plugins/wp-table-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-table-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-table-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-table-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-table-cc04ccc2cdbcd0bde6cfa02b200848c8.yaml b/nuclei-templates/cve-less/plugins/wp-table-cc04ccc2cdbcd0bde6cfa02b200848c8.yaml new file mode 100644 index 0000000000..77ab013e76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-table-cc04ccc2cdbcd0bde6cfa02b200848c8.yaml @@ -0,0 +1,58 @@ +id: wp-table-cc04ccc2cdbcd0bde6cfa02b200848c8 + +info: + name: > + wp-Table <= 1.43 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b2b5da9-a421-48fb-9e91-8ef495cbdc37?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-table/" + google-query: inurl:"/wp-content/plugins/wp-table/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-table,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-table/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-table" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.43') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-table-manager-63379065ec53581cef23820054e2a064.yaml b/nuclei-templates/cve-less/plugins/wp-table-manager-63379065ec53581cef23820054e2a064.yaml new file mode 100644 index 0000000000..7789349dae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-table-manager-63379065ec53581cef23820054e2a064.yaml @@ -0,0 +1,58 @@ +id: wp-table-manager-63379065ec53581cef23820054e2a064 + +info: + name: > + WP Table Manager <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f835944-fd27-4f7e-a10d-330fd0fe4ff4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-table-manager/" + google-query: inurl:"/wp-content/plugins/wp-table-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-table-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-table-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-table-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-table-reloaded-4fd8626c11bff94fd8a393ce1bb61f0e.yaml b/nuclei-templates/cve-less/plugins/wp-table-reloaded-4fd8626c11bff94fd8a393ce1bb61f0e.yaml new file mode 100644 index 0000000000..614061f54b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-table-reloaded-4fd8626c11bff94fd8a393ce1bb61f0e.yaml @@ -0,0 +1,58 @@ +id: wp-table-reloaded-4fd8626c11bff94fd8a393ce1bb61f0e + +info: + name: > + WP-Table Reloaded <= 1.9.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bacae6f-d23d-414c-8d8a-0f1702eafd84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-table-reloaded/" + google-query: inurl:"/wp-content/plugins/wp-table-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-table-reloaded,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-table-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-table-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-table-reloaded-c5db9aebd1fc40e9e4c7b7eca92c3a88.yaml b/nuclei-templates/cve-less/plugins/wp-table-reloaded-c5db9aebd1fc40e9e4c7b7eca92c3a88.yaml new file mode 100644 index 0000000000..b3a6c3acf2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-table-reloaded-c5db9aebd1fc40e9e4c7b7eca92c3a88.yaml @@ -0,0 +1,58 @@ +id: wp-table-reloaded-c5db9aebd1fc40e9e4c7b7eca92c3a88 + +info: + name: > + WP-Table Reloaded <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6065d77d-33ca-4f54-b485-ff1ce71b5e2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-table-reloaded/" + google-query: inurl:"/wp-content/plugins/wp-table-reloaded/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-table-reloaded,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-table-reloaded/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-table-reloaded" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-taxonomy-import-ea4dc9da45a9f3810a9a2f98b5102871.yaml b/nuclei-templates/cve-less/plugins/wp-taxonomy-import-ea4dc9da45a9f3810a9a2f98b5102871.yaml new file mode 100644 index 0000000000..77e08c6bf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-taxonomy-import-ea4dc9da45a9f3810a9a2f98b5102871.yaml @@ -0,0 +1,58 @@ +id: wp-taxonomy-import-ea4dc9da45a9f3810a9a2f98b5102871 + +info: + name: > + WP Taxonomy Import <= 1.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a200bb51-09bd-4eaa-8a57-93c3515f720c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-taxonomy-import/" + google-query: inurl:"/wp-content/plugins/wp-taxonomy-import/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-taxonomy-import,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-taxonomy-import/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-taxonomy-import" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-team-manager-092e64b42de134fb4233d6bec85b9415.yaml b/nuclei-templates/cve-less/plugins/wp-team-manager-092e64b42de134fb4233d6bec85b9415.yaml new file mode 100644 index 0000000000..258978422a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-team-manager-092e64b42de134fb4233d6bec85b9415.yaml @@ -0,0 +1,58 @@ +id: wp-team-manager-092e64b42de134fb4233d6bec85b9415 + +info: + name: > + WordPress Team Manager <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62d1b4a2-5c1e-4381-a455-082bee734ff2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-team-manager/" + google-query: inurl:"/wp-content/plugins/wp-team-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-team-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-team-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-team-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-team-showcase-and-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/wp-team-showcase-and-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..36d2f4979f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-team-showcase-and-slider-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: wp-team-showcase-and-slider-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-team-showcase-and-slider/" + google-query: inurl:"/wp-content/plugins/wp-team-showcase-and-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-team-showcase-and-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-team-showcase-and-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-team-showcase-and-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-tell-a-friend-popup-form-98b6ebee95a026d40c782ddad544fd4e.yaml b/nuclei-templates/cve-less/plugins/wp-tell-a-friend-popup-form-98b6ebee95a026d40c782ddad544fd4e.yaml new file mode 100644 index 0000000000..6d61c5fdb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-tell-a-friend-popup-form-98b6ebee95a026d40c782ddad544fd4e.yaml @@ -0,0 +1,58 @@ +id: wp-tell-a-friend-popup-form-98b6ebee95a026d40c782ddad544fd4e + +info: + name: > + wp tell a friend popup form <= 7.1 - Cross-Site Request Forgery via 'TellAFriend_admin' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f760821-98d4-4154-a4ae-861283f991f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-tell-a-friend-popup-form/" + google-query: inurl:"/wp-content/plugins/wp-tell-a-friend-popup-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-tell-a-friend-popup-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tell-a-friend-popup-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tell-a-friend-popup-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-tell-a-friend-popup-form-d4c59ee10654dc665fe7870643db894a.yaml b/nuclei-templates/cve-less/plugins/wp-tell-a-friend-popup-form-d4c59ee10654dc665fe7870643db894a.yaml new file mode 100644 index 0000000000..9c17bc8e04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-tell-a-friend-popup-form-d4c59ee10654dc665fe7870643db894a.yaml @@ -0,0 +1,58 @@ +id: wp-tell-a-friend-popup-form-d4c59ee10654dc665fe7870643db894a + +info: + name: > + wp tell a friend popup form <= 7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec860ad9-7054-4ed2-a8f2-6589e4db36cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-tell-a-friend-popup-form/" + google-query: inurl:"/wp-content/plugins/wp-tell-a-friend-popup-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-tell-a-friend-popup-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tell-a-friend-popup-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tell-a-friend-popup-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-terms-popup-d03335b5fcf3342ce30e3d6994089bf1.yaml b/nuclei-templates/cve-less/plugins/wp-terms-popup-d03335b5fcf3342ce30e3d6994089bf1.yaml new file mode 100644 index 0000000000..fdb90bf210 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-terms-popup-d03335b5fcf3342ce30e3d6994089bf1.yaml @@ -0,0 +1,58 @@ +id: wp-terms-popup-d03335b5fcf3342ce30e3d6994089bf1 + +info: + name: > + WP Terms Popup <= 2.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fae586f3-dc4b-45ee-83b2-cdaa0336fe07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-terms-popup/" + google-query: inurl:"/wp-content/plugins/wp-terms-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-terms-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-terms-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-terms-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-testimonial-with-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/wp-testimonial-with-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..cf25954311 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-testimonial-with-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: wp-testimonial-with-widget-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-testimonial-with-widget/" + google-query: inurl:"/wp-content/plugins/wp-testimonial-with-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-testimonial-with-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-testimonial-with-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-testimonial-with-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-testimonials-b810e04fd2ee9ba72626a776c33f0a7b.yaml b/nuclei-templates/cve-less/plugins/wp-testimonials-b810e04fd2ee9ba72626a776c33f0a7b.yaml new file mode 100644 index 0000000000..1a29b30884 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-testimonials-b810e04fd2ee9ba72626a776c33f0a7b.yaml @@ -0,0 +1,58 @@ +id: wp-testimonials-b810e04fd2ee9ba72626a776c33f0a7b + +info: + name: > + WP-Testimonials <= 3.4.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06b8d1ce-fd4d-423d-aadf-f114f8a92add?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-testimonials/" + google-query: inurl:"/wp-content/plugins/wp-testimonials/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-testimonials,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-testimonials/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-testimonials" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-testing-23d65a0c7f78efb0a00d9004db77bb73.yaml b/nuclei-templates/cve-less/plugins/wp-testing-23d65a0c7f78efb0a00d9004db77bb73.yaml new file mode 100644 index 0000000000..26d875fffb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-testing-23d65a0c7f78efb0a00d9004db77bb73.yaml @@ -0,0 +1,58 @@ +id: wp-testing-23d65a0c7f78efb0a00d9004db77bb73 + +info: + name: > + Psychological tests & quizzes <= 0.21.19 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/daa9abc2-310f-4bd9-9b88-d6f3024ab5f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-testing/" + google-query: inurl:"/wp-content/plugins/wp-testing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-testing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-testing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-testing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.21.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-testing-a2c4b877b0651ff620e8169263705757.yaml b/nuclei-templates/cve-less/plugins/wp-testing-a2c4b877b0651ff620e8169263705757.yaml new file mode 100644 index 0000000000..675c94b408 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-testing-a2c4b877b0651ff620e8169263705757.yaml @@ -0,0 +1,58 @@ +id: wp-testing-a2c4b877b0651ff620e8169263705757 + +info: + name: > + Psychological tests & quizzes <= 0.21.19 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d463709-8afd-4db6-bd0a-524d7b27f4ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-testing/" + google-query: inurl:"/wp-content/plugins/wp-testing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-testing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-testing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-testing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.21.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ticket-2335d22fc63434a5bcaa426b8fe660ca.yaml b/nuclei-templates/cve-less/plugins/wp-ticket-2335d22fc63434a5bcaa426b8fe660ca.yaml new file mode 100644 index 0000000000..0c95c6279c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ticket-2335d22fc63434a5bcaa426b8fe660ca.yaml @@ -0,0 +1,58 @@ +id: wp-ticket-2335d22fc63434a5bcaa426b8fe660ca + +info: + name: > + Customer Service Software & Support Ticket System < 5.10.4 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e67422cc-c1ad-40b6-abae-23447e2ff491?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ticket/" + google-query: inurl:"/wp-content/plugins/wp-ticket/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ticket,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ticket/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ticket" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-tiles-b470f5de6fb2ae7a347b8e6eaf7d8ee9.yaml b/nuclei-templates/cve-less/plugins/wp-tiles-b470f5de6fb2ae7a347b8e6eaf7d8ee9.yaml new file mode 100644 index 0000000000..9e55974ca6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-tiles-b470f5de6fb2ae7a347b8e6eaf7d8ee9.yaml @@ -0,0 +1,58 @@ +id: wp-tiles-b470f5de6fb2ae7a347b8e6eaf7d8ee9 + +info: + name: > + WP Tiles <= 1.1.2 - Authenticated(Subscriber+) Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efaef405-9721-4fb6-bcb4-4bd4f78742fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-tiles/" + google-query: inurl:"/wp-content/plugins/wp-tiles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-tiles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tiles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tiles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-tiles-bb37f5b838caa5657fedd0a448ebd7d3.yaml b/nuclei-templates/cve-less/plugins/wp-tiles-bb37f5b838caa5657fedd0a448ebd7d3.yaml new file mode 100644 index 0000000000..b852b47920 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-tiles-bb37f5b838caa5657fedd0a448ebd7d3.yaml @@ -0,0 +1,58 @@ +id: wp-tiles-bb37f5b838caa5657fedd0a448ebd7d3 + +info: + name: > + WP Tiles <= 1.1.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/52876909-3d2a-480d-9c47-39e96d088ff3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-tiles/" + google-query: inurl:"/wp-content/plugins/wp-tiles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-tiles,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tiles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tiles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-tiles-d83c363445764249cee1964637302b09.yaml b/nuclei-templates/cve-less/plugins/wp-tiles-d83c363445764249cee1964637302b09.yaml new file mode 100644 index 0000000000..8f8d9ab917 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-tiles-d83c363445764249cee1964637302b09.yaml @@ -0,0 +1,58 @@ +id: wp-tiles-d83c363445764249cee1964637302b09 + +info: + name: > + WP Tiles <= 1.1.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d128197-802c-48fb-8782-eb4e10126e55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-tiles/" + google-query: inurl:"/wp-content/plugins/wp-tiles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-tiles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tiles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tiles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-time-capsule-09442a8e62653817975163ce52e15dd6.yaml b/nuclei-templates/cve-less/plugins/wp-time-capsule-09442a8e62653817975163ce52e15dd6.yaml new file mode 100644 index 0000000000..fc22dd2689 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-time-capsule-09442a8e62653817975163ce52e15dd6.yaml @@ -0,0 +1,58 @@ +id: wp-time-capsule-09442a8e62653817975163ce52e15dd6 + +info: + name: > + Backup and Staging by WP Time Capsule <= 1.22.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d4df759-1d5a-478a-aab1-f728fe909b5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-time-capsule/" + google-query: inurl:"/wp-content/plugins/wp-time-capsule/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-time-capsule,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-time-capsule/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-time-capsule" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.22.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-time-capsule-3a16571e5ca596c6b7dc35af4b36d41d.yaml b/nuclei-templates/cve-less/plugins/wp-time-capsule-3a16571e5ca596c6b7dc35af4b36d41d.yaml new file mode 100644 index 0000000000..1159be9a17 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-time-capsule-3a16571e5ca596c6b7dc35af4b36d41d.yaml @@ -0,0 +1,58 @@ +id: wp-time-capsule-3a16571e5ca596c6b7dc35af4b36d41d + +info: + name: > + Backup and Staging by WP Time Capsule <= 1.21.15 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8672fd2-dc7a-4717-9d25-84180ad9b134?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-time-capsule/" + google-query: inurl:"/wp-content/plugins/wp-time-capsule/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-time-capsule,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-time-capsule/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-time-capsule" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.21.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-099c9bac2b6d7ddf1f9ecc25ace0905e.yaml b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-099c9bac2b6d7ddf1f9ecc25ace0905e.yaml new file mode 100644 index 0000000000..fa877feb5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-099c9bac2b6d7ddf1f9ecc25ace0905e.yaml @@ -0,0 +1,58 @@ +id: wp-time-slots-booking-form-099c9bac2b6d7ddf1f9ecc25ace0905e + +info: + name: > + WP Time Slots Booking Form <= 1.1.81 - Authenticated (Admin+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72c16a66-05fa-4d47-937d-415f18cec0ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-time-slots-booking-form/" + google-query: inurl:"/wp-content/plugins/wp-time-slots-booking-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-time-slots-booking-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-time-slots-booking-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-time-slots-booking-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.81') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-1b5cbc1452a8c85b5da51d915487aec1.yaml b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-1b5cbc1452a8c85b5da51d915487aec1.yaml new file mode 100644 index 0000000000..ac03923ca9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-1b5cbc1452a8c85b5da51d915487aec1.yaml @@ -0,0 +1,58 @@ +id: wp-time-slots-booking-form-1b5cbc1452a8c85b5da51d915487aec1 + +info: + name: > + WP Time Slots Booking Form <= 1.1.62 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e584e2e-0625-4777-b44c-2d682c9a4c34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-time-slots-booking-form/" + google-query: inurl:"/wp-content/plugins/wp-time-slots-booking-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-time-slots-booking-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-time-slots-booking-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-time-slots-booking-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.62') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-23b8ee7d3cf1c8b343f01dee0e6b0127.yaml b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-23b8ee7d3cf1c8b343f01dee0e6b0127.yaml new file mode 100644 index 0000000000..457e16089a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-23b8ee7d3cf1c8b343f01dee0e6b0127.yaml @@ -0,0 +1,58 @@ +id: wp-time-slots-booking-form-23b8ee7d3cf1c8b343f01dee0e6b0127 + +info: + name: > + WP Time Slots Booking Form <= 1.1.76 - Missing Authorization to Feedback Submission + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c732b0e-9898-48f2-99b2-068f31532b17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-time-slots-booking-form/" + google-query: inurl:"/wp-content/plugins/wp-time-slots-booking-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-time-slots-booking-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-time-slots-booking-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-time-slots-booking-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.76') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-35d905a17c07bb22f6bef2c153cb7c2c.yaml b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-35d905a17c07bb22f6bef2c153cb7c2c.yaml new file mode 100644 index 0000000000..1cb524faf9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-35d905a17c07bb22f6bef2c153cb7c2c.yaml @@ -0,0 +1,58 @@ +id: wp-time-slots-booking-form-35d905a17c07bb22f6bef2c153cb7c2c + +info: + name: > + WP Time Slots Booking Form <= 1.2.06 - Unauthenticated Price Manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7a731ff-12e9-4fab-a055-c0193b3b2da8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-time-slots-booking-form/" + google-query: inurl:"/wp-content/plugins/wp-time-slots-booking-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-time-slots-booking-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-time-slots-booking-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-time-slots-booking-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.06') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-b9b9aa6a14a97f87b3f16ec3dcb05759.yaml b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-b9b9aa6a14a97f87b3f16ec3dcb05759.yaml new file mode 100644 index 0000000000..3c2793c1d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-b9b9aa6a14a97f87b3f16ec3dcb05759.yaml @@ -0,0 +1,58 @@ +id: wp-time-slots-booking-form-b9b9aa6a14a97f87b3f16ec3dcb05759 + +info: + name: > + WP Time Slots Booking Form <= 1.1.76 - Cross-Site Request Forgery to Feedback Submission + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/032f3363-83c0-4548-81f0-724a71931add?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-time-slots-booking-form/" + google-query: inurl:"/wp-content/plugins/wp-time-slots-booking-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-time-slots-booking-form,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-time-slots-booking-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-time-slots-booking-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.76') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-ba2fa23f53107ae20224ebf362890e0c.yaml b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-ba2fa23f53107ae20224ebf362890e0c.yaml new file mode 100644 index 0000000000..b0bcffdd67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-time-slots-booking-form-ba2fa23f53107ae20224ebf362890e0c.yaml @@ -0,0 +1,58 @@ +id: wp-time-slots-booking-form-ba2fa23f53107ae20224ebf362890e0c + +info: + name: > + WP Time Slots Booking Form <= 1.1.82 - Improper Authorization Checks + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a748589-51e5-4e3c-930c-d073d5cc94bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-time-slots-booking-form/" + google-query: inurl:"/wp-content/plugins/wp-time-slots-booking-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-time-slots-booking-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-time-slots-booking-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-time-slots-booking-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.82') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-timed-popup-5abf4f5c282834f3798f994f3f36892f.yaml b/nuclei-templates/cve-less/plugins/wp-timed-popup-5abf4f5c282834f3798f994f3f36892f.yaml new file mode 100644 index 0000000000..0ea64e26db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-timed-popup-5abf4f5c282834f3798f994f3f36892f.yaml @@ -0,0 +1,58 @@ +id: wp-timed-popup-5abf4f5c282834f3798f994f3f36892f + +info: + name: > + Timed Popup WordPress Plugin <= 1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/feb25e04-8cd2-49d8-a459-4302c1ec332c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-timed-popup/" + google-query: inurl:"/wp-content/plugins/wp-timed-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-timed-popup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-timed-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-timed-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-tmkm-amazon-b1af016f9e6a13ef862b57d6918f5436.yaml b/nuclei-templates/cve-less/plugins/wp-tmkm-amazon-b1af016f9e6a13ef862b57d6918f5436.yaml new file mode 100644 index 0000000000..a46aec5d0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-tmkm-amazon-b1af016f9e6a13ef862b57d6918f5436.yaml @@ -0,0 +1,58 @@ +id: wp-tmkm-amazon-b1af016f9e6a13ef862b57d6918f5436 + +info: + name: > + wp-tmkm-amazon < 1.5.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13f6bf06-2c24-43ac-9412-08b3d4914a21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-tmkm-amazon/" + google-query: inurl:"/wp-content/plugins/wp-tmkm-amazon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-tmkm-amazon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tmkm-amazon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tmkm-amazon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-todo-0c05bed3e63ebe0076e41774e5d167dd.yaml b/nuclei-templates/cve-less/plugins/wp-todo-0c05bed3e63ebe0076e41774e5d167dd.yaml new file mode 100644 index 0000000000..10fbc9864e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-todo-0c05bed3e63ebe0076e41774e5d167dd.yaml @@ -0,0 +1,58 @@ +id: wp-todo-0c05bed3e63ebe0076e41774e5d167dd + +info: + name: > + WP To Do <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e5cbe1f-0a16-4301-a83c-af9456afe44d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-todo/" + google-query: inurl:"/wp-content/plugins/wp-todo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-todo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-todo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-todo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-topbar-08fad01812fb757e5dc8ffa5260888ab.yaml b/nuclei-templates/cve-less/plugins/wp-topbar-08fad01812fb757e5dc8ffa5260888ab.yaml new file mode 100644 index 0000000000..98205d5772 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-topbar-08fad01812fb757e5dc8ffa5260888ab.yaml @@ -0,0 +1,58 @@ +id: wp-topbar-08fad01812fb757e5dc8ffa5260888ab + +info: + name: > + WP TopBar <= 5.36 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b1242fc-1bbf-4686-ba7d-d948336f65a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-topbar/" + google-query: inurl:"/wp-content/plugins/wp-topbar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-topbar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-topbar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-topbar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-topbar-808f401d9d8c5d86d169e876e53df971.yaml b/nuclei-templates/cve-less/plugins/wp-topbar-808f401d9d8c5d86d169e876e53df971.yaml new file mode 100644 index 0000000000..19e7ab1345 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-topbar-808f401d9d8c5d86d169e876e53df971.yaml @@ -0,0 +1,58 @@ +id: wp-topbar-808f401d9d8c5d86d169e876e53df971 + +info: + name: > + WP-TopBar <= 5.36 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b72cfc20-b133-4682-91e1-497236aba035?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-topbar/" + google-query: inurl:"/wp-content/plugins/wp-topbar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-topbar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-topbar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-topbar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.36') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-total-hacks-f6fedef4900f687723635382ff2bb4d5.yaml b/nuclei-templates/cve-less/plugins/wp-total-hacks-f6fedef4900f687723635382ff2bb4d5.yaml new file mode 100644 index 0000000000..cd1ee98c5a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-total-hacks-f6fedef4900f687723635382ff2bb4d5.yaml @@ -0,0 +1,58 @@ +id: wp-total-hacks-f6fedef4900f687723635382ff2bb4d5 + +info: + name: > + WP Total Hacks <= 4.7.2 - Authenticated (Subscriber+) Plugin Options Update to Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3732bf4c-e5e4-4947-9044-9a49e7547cf3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-total-hacks/" + google-query: inurl:"/wp-content/plugins/wp-total-hacks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-total-hacks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-total-hacks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-total-hacks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-tradingview-28c3e191fb5a4aac43fb323a1cacb211.yaml b/nuclei-templates/cve-less/plugins/wp-tradingview-28c3e191fb5a4aac43fb323a1cacb211.yaml new file mode 100644 index 0000000000..4099df1e9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-tradingview-28c3e191fb5a4aac43fb323a1cacb211.yaml @@ -0,0 +1,58 @@ +id: wp-tradingview-28c3e191fb5a4aac43fb323a1cacb211 + +info: + name: > + WP TradingView <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b63a8253-b6cc-4cca-baec-4d0e32e1b8d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-tradingview/" + google-query: inurl:"/wp-content/plugins/wp-tradingview/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-tradingview,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tradingview/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tradingview" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-translitera-1398c704e82e0c99d9df5d75e0d38bc0.yaml b/nuclei-templates/cve-less/plugins/wp-translitera-1398c704e82e0c99d9df5d75e0d38bc0.yaml new file mode 100644 index 0000000000..adb0aea9d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-translitera-1398c704e82e0c99d9df5d75e0d38bc0.yaml @@ -0,0 +1,58 @@ +id: wp-translitera-1398c704e82e0c99d9df5d75e0d38bc0 + +info: + name: > + WP Translitera <= p1.2.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad427bea-1b0e-46bb-85fc-53c51fb40a17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-translitera/" + google-query: inurl:"/wp-content/plugins/wp-translitera/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-translitera,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-translitera/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-translitera" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= p1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-travel-60704cf340adf2f27bf6eb359b29de1e.yaml b/nuclei-templates/cve-less/plugins/wp-travel-60704cf340adf2f27bf6eb359b29de1e.yaml new file mode 100644 index 0000000000..e63d908e10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-travel-60704cf340adf2f27bf6eb359b29de1e.yaml @@ -0,0 +1,58 @@ +id: wp-travel-60704cf340adf2f27bf6eb359b29de1e + +info: + name: > + WP Travel <= 7.7.0 - Missing Authorization via Multiple AJAX Actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d23d2cdf-206e-4714-9753-198519ba737b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-travel/" + google-query: inurl:"/wp-content/plugins/wp-travel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-travel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-travel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-travel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-travel-b8daa06004410466af99c0f3caa27fee.yaml b/nuclei-templates/cve-less/plugins/wp-travel-b8daa06004410466af99c0f3caa27fee.yaml new file mode 100644 index 0000000000..e091fd23ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-travel-b8daa06004410466af99c0f3caa27fee.yaml @@ -0,0 +1,58 @@ +id: wp-travel-b8daa06004410466af99c0f3caa27fee + +info: + name: > + WP Travel <= 4.4.6 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28dea1e9-e772-488e-b98f-93a46ab84581?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-travel/" + google-query: inurl:"/wp-content/plugins/wp-travel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-travel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-travel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-travel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-travel-engine-0345a4f0aab13c10753508309e5ccf34.yaml b/nuclei-templates/cve-less/plugins/wp-travel-engine-0345a4f0aab13c10753508309e5ccf34.yaml new file mode 100644 index 0000000000..06de1bdaa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-travel-engine-0345a4f0aab13c10753508309e5ccf34.yaml @@ -0,0 +1,58 @@ +id: wp-travel-engine-0345a4f0aab13c10753508309e5ccf34 + +info: + name: > + WP Travel Engine <= 5.7.9 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/659fcb95-9041-443e-9b75-0d2f8c6108aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-travel-engine/" + google-query: inurl:"/wp-content/plugins/wp-travel-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-travel-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-travel-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-travel-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-travel-engine-12373fb4bdec1cf1197ea716e420bdce.yaml b/nuclei-templates/cve-less/plugins/wp-travel-engine-12373fb4bdec1cf1197ea716e420bdce.yaml new file mode 100644 index 0000000000..3ca508dfa7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-travel-engine-12373fb4bdec1cf1197ea716e420bdce.yaml @@ -0,0 +1,58 @@ +id: wp-travel-engine-12373fb4bdec1cf1197ea716e420bdce + +info: + name: > + WP Travel Engine <= 5.7.9 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed053a6b-4163-4e82-a180-619a7841899a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-travel-engine/" + google-query: inurl:"/wp-content/plugins/wp-travel-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-travel-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-travel-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-travel-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-travel-engine-615ecebdae8d81f4fc482834631b0455.yaml b/nuclei-templates/cve-less/plugins/wp-travel-engine-615ecebdae8d81f4fc482834631b0455.yaml new file mode 100644 index 0000000000..7fe9434e29 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-travel-engine-615ecebdae8d81f4fc482834631b0455.yaml @@ -0,0 +1,58 @@ +id: wp-travel-engine-615ecebdae8d81f4fc482834631b0455 + +info: + name: > + WP Travel Engine <= 5.8.0 - Unauthenticated Price Manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a19bd0c-87b3-421b-a7af-c473ac084813?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-travel-engine/" + google-query: inurl:"/wp-content/plugins/wp-travel-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-travel-engine,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-travel-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-travel-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-travel-engine-f6c6555824d98b71401c19c502cb055d.yaml b/nuclei-templates/cve-less/plugins/wp-travel-engine-f6c6555824d98b71401c19c502cb055d.yaml new file mode 100644 index 0000000000..7af51c170b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-travel-engine-f6c6555824d98b71401c19c502cb055d.yaml @@ -0,0 +1,58 @@ +id: wp-travel-engine-f6c6555824d98b71401c19c502cb055d + +info: + name: > + WP Travel Engine <= 5.3.0 - Editor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a107839e-b79b-4868-9232-eca050eb1551?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-travel-engine/" + google-query: inurl:"/wp-content/plugins/wp-travel-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-travel-engine,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-travel-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-travel-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-trending-post-slider-and-widget-4c44757f9cbb823ed3a472ca5e2ff612.yaml b/nuclei-templates/cve-less/plugins/wp-trending-post-slider-and-widget-4c44757f9cbb823ed3a472ca5e2ff612.yaml new file mode 100644 index 0000000000..3941c18077 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-trending-post-slider-and-widget-4c44757f9cbb823ed3a472ca5e2ff612.yaml @@ -0,0 +1,58 @@ +id: wp-trending-post-slider-and-widget-4c44757f9cbb823ed3a472ca5e2ff612 + +info: + name: > + Trending/Popular Post Slider and Widget <= 1.5.7 - Cross-Site Request Forgery via wtpsw_post_view_count + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a0cffca-94d8-46b8-8b84-57e76a5bfd94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-trending-post-slider-and-widget/" + google-query: inurl:"/wp-content/plugins/wp-trending-post-slider-and-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-trending-post-slider-and-widget,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-trending-post-slider-and-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-trending-post-slider-and-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-trending-post-slider-and-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml b/nuclei-templates/cve-less/plugins/wp-trending-post-slider-and-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml new file mode 100644 index 0000000000..db244a802b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-trending-post-slider-and-widget-9f65d6fc085d85b53357bd33fa3d4834.yaml @@ -0,0 +1,58 @@ +id: wp-trending-post-slider-and-widget-9f65d6fc085d85b53357bd33fa3d4834 + +info: + name: > + Multiple WPOnlineSupport Plugins <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2931fda2-edc8-44ea-9fff-ae9d94aa01bf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-trending-post-slider-and-widget/" + google-query: inurl:"/wp-content/plugins/wp-trending-post-slider-and-widget/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-trending-post-slider-and-widget,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-trending-post-slider-and-widget/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-trending-post-slider-and-widget" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-tripadvisor-review-slider-5aea692cc96187a31807c0f2f26416eb.yaml b/nuclei-templates/cve-less/plugins/wp-tripadvisor-review-slider-5aea692cc96187a31807c0f2f26416eb.yaml new file mode 100644 index 0000000000..bed607a17f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-tripadvisor-review-slider-5aea692cc96187a31807c0f2f26416eb.yaml @@ -0,0 +1,58 @@ +id: wp-tripadvisor-review-slider-5aea692cc96187a31807c0f2f26416eb + +info: + name: > + WP TripAdvisor Review Slider <= 10.7 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6324795d-3fab-4806-b7d8-f122d31429ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-tripadvisor-review-slider/" + google-query: inurl:"/wp-content/plugins/wp-tripadvisor-review-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-tripadvisor-review-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tripadvisor-review-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tripadvisor-review-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-tripadvisor-review-slider-60704a9704a6bd75205a7bd8179ee4be.yaml b/nuclei-templates/cve-less/plugins/wp-tripadvisor-review-slider-60704a9704a6bd75205a7bd8179ee4be.yaml new file mode 100644 index 0000000000..1defe8da26 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-tripadvisor-review-slider-60704a9704a6bd75205a7bd8179ee4be.yaml @@ -0,0 +1,58 @@ +id: wp-tripadvisor-review-slider-60704a9704a6bd75205a7bd8179ee4be + +info: + name: > + WP TripAdvisor Review Slider <= 11.8 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bee43fe3-d39a-475e-90c5-24fa569c646a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-tripadvisor-review-slider/" + google-query: inurl:"/wp-content/plugins/wp-tripadvisor-review-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-tripadvisor-review-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-tripadvisor-review-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-tripadvisor-review-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ttisbdir-d9ebf3668fe7cefc2f8b63111d50df87.yaml b/nuclei-templates/cve-less/plugins/wp-ttisbdir-d9ebf3668fe7cefc2f8b63111d50df87.yaml new file mode 100644 index 0000000000..82e2f5463c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ttisbdir-d9ebf3668fe7cefc2f8b63111d50df87.yaml @@ -0,0 +1,58 @@ +id: wp-ttisbdir-d9ebf3668fe7cefc2f8b63111d50df87 + +info: + name: > + WP-Business Directory <= 1.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a503925-7fbf-42e8-9cee-604858c8ec0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ttisbdir/" + google-query: inurl:"/wp-content/plugins/wp-ttisbdir/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ttisbdir,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ttisbdir/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ttisbdir" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-twitter-feed-455782a485d876c2acfcbf2a3f64d156.yaml b/nuclei-templates/cve-less/plugins/wp-twitter-feed-455782a485d876c2acfcbf2a3f64d156.yaml new file mode 100644 index 0000000000..5ee2376329 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-twitter-feed-455782a485d876c2acfcbf2a3f64d156.yaml @@ -0,0 +1,58 @@ +id: wp-twitter-feed-455782a485d876c2acfcbf2a3f64d156 + +info: + name: > + Peadig's Twitter Feed: Embedded Timeline WordPress Plugin <= 2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2553a858-bbea-4ef2-8d45-e0a665123065?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-twitter-feed/" + google-query: inurl:"/wp-content/plugins/wp-twitter-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-twitter-feed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-twitter-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-twitter-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-twitter-mega-fan-box-f762f226f7d0453e8c9973d68200bc39.yaml b/nuclei-templates/cve-less/plugins/wp-twitter-mega-fan-box-f762f226f7d0453e8c9973d68200bc39.yaml new file mode 100644 index 0000000000..7b85f58c1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-twitter-mega-fan-box-f762f226f7d0453e8c9973d68200bc39.yaml @@ -0,0 +1,58 @@ +id: wp-twitter-mega-fan-box-f762f226f7d0453e8c9973d68200bc39 + +info: + name: > + WP Twitter Mega Fan Box Widget <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64225f1c-3981-4bae-bb6a-95d1a27ad6aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-twitter-mega-fan-box/" + google-query: inurl:"/wp-content/plugins/wp-twitter-mega-fan-box/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-twitter-mega-fan-box,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-twitter-mega-fan-box/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-twitter-mega-fan-box" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ulike-18de9e095474a950fd157d62f9dc2e8b.yaml b/nuclei-templates/cve-less/plugins/wp-ulike-18de9e095474a950fd157d62f9dc2e8b.yaml new file mode 100644 index 0000000000..d1766d15dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ulike-18de9e095474a950fd157d62f9dc2e8b.yaml @@ -0,0 +1,58 @@ +id: wp-ulike-18de9e095474a950fd157d62f9dc2e8b + +info: + name: > + WP ULike < 3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/413962b8-09ac-4b5d-a52d-5ca832bba9f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ulike/" + google-query: inurl:"/wp-content/plugins/wp-ulike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ulike,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ulike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ulike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ulike-4082ebaabfc2d3e63cea9e5b73f5105a.yaml b/nuclei-templates/cve-less/plugins/wp-ulike-4082ebaabfc2d3e63cea9e5b73f5105a.yaml new file mode 100644 index 0000000000..96354d8566 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ulike-4082ebaabfc2d3e63cea9e5b73f5105a.yaml @@ -0,0 +1,58 @@ +id: wp-ulike-4082ebaabfc2d3e63cea9e5b73f5105a + +info: + name: > + WP ULike <= 4.6.4 - Race Condition + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d5ee8f1-8d86-4af0-af01-b31d2ff993d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ulike/" + google-query: inurl:"/wp-content/plugins/wp-ulike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ulike,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ulike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ulike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ulike-44f7bceac9641de69745cf2de93af035.yaml b/nuclei-templates/cve-less/plugins/wp-ulike-44f7bceac9641de69745cf2de93af035.yaml new file mode 100644 index 0000000000..7ac92794e4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ulike-44f7bceac9641de69745cf2de93af035.yaml @@ -0,0 +1,58 @@ +id: wp-ulike-44f7bceac9641de69745cf2de93af035 + +info: + name: > + WP ULike <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2f777b6-5872-4196-81fb-82a9b6aaef2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ulike/" + google-query: inurl:"/wp-content/plugins/wp-ulike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ulike,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ulike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ulike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ulike-5e4d2604a5e90cd0dc912e39171976ad.yaml b/nuclei-templates/cve-less/plugins/wp-ulike-5e4d2604a5e90cd0dc912e39171976ad.yaml new file mode 100644 index 0000000000..bcfb519c7b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ulike-5e4d2604a5e90cd0dc912e39171976ad.yaml @@ -0,0 +1,58 @@ +id: wp-ulike-5e4d2604a5e90cd0dc912e39171976ad + +info: + name: > + WP ULike <= 4.6.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d844ca83-84e5-4b6c-ae26-f300c7328d78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ulike/" + google-query: inurl:"/wp-content/plugins/wp-ulike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ulike,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ulike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ulike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ulike-9047e8467f610de62edfbde349b606d7.yaml b/nuclei-templates/cve-less/plugins/wp-ulike-9047e8467f610de62edfbde349b606d7.yaml new file mode 100644 index 0000000000..b84ad4af47 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ulike-9047e8467f610de62edfbde349b606d7.yaml @@ -0,0 +1,58 @@ +id: wp-ulike-9047e8467f610de62edfbde349b606d7 + +info: + name: > + WP ULike < 3.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/515a6a42-f353-47ae-9e74-4f9b2000bcb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ulike/" + google-query: inurl:"/wp-content/plugins/wp-ulike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ulike,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ulike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ulike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ulike-bd4d77259e44439674b77141abd7a906.yaml b/nuclei-templates/cve-less/plugins/wp-ulike-bd4d77259e44439674b77141abd7a906.yaml new file mode 100644 index 0000000000..0000675f88 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ulike-bd4d77259e44439674b77141abd7a906.yaml @@ -0,0 +1,58 @@ +id: wp-ulike-bd4d77259e44439674b77141abd7a906 + +info: + name: > + WP ULike <= 4.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4deb1527-0637-44f2-b336-d0cf2a48fa52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ulike/" + google-query: inurl:"/wp-content/plugins/wp-ulike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ulike,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ulike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ulike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ulike-dea805289f838218c2f4999e6fa41c84.yaml b/nuclei-templates/cve-less/plugins/wp-ulike-dea805289f838218c2f4999e6fa41c84.yaml new file mode 100644 index 0000000000..236dc0473f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ulike-dea805289f838218c2f4999e6fa41c84.yaml @@ -0,0 +1,58 @@ +id: wp-ulike-dea805289f838218c2f4999e6fa41c84 + +info: + name: > + WP ULike – Most Advanced WordPress Marketing Toolkit <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d225dee1-305c-4378-bc07-192347a0c838?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ulike/" + google-query: inurl:"/wp-content/plugins/wp-ulike/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ulike,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ulike/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ulike" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-0d112b75baa32165ac17ae118d62fed2.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-0d112b75baa32165ac17ae118d62fed2.yaml new file mode 100644 index 0000000000..68330a2d38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-0d112b75baa32165ac17ae118d62fed2.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-csv-importer-0d112b75baa32165ac17ae118d62fed2 + +info: + name: > + WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4fe8b1f-da1c-4f94-9ab4-272766b488c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-51b67c232457e0e4e3e29917fed2f232.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-51b67c232457e0e4e3e29917fed2f232.yaml new file mode 100644 index 0000000000..adbda0c1e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-51b67c232457e0e4e3e29917fed2f232.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-csv-importer-51b67c232457e0e4e3e29917fed2f232 + +info: + name: > + WP Ultimate CSV Importer <= 7.9.8 - Arbitrary Usermeta Update to Authenticated (Author+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fdba41f-daa5-44e8-bc47-aa8b7bd31054?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-72bc0780c4316abe13ceb4d45308b845.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-72bc0780c4316abe13ceb4d45308b845.yaml new file mode 100644 index 0000000000..2cd4ccb7db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-72bc0780c4316abe13ceb4d45308b845.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-csv-importer-72bc0780c4316abe13ceb4d45308b845 + +info: + name: > + Import CSV or XML Datafeed With Ease <= 3.7.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad09e91d-8ef8-49b2-84e8-fdbf28d65a8a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-7705126a4ed4d1dc1d9561088cab0d7f.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-7705126a4ed4d1dc1d9561088cab0d7f.yaml new file mode 100644 index 0000000000..f135babaab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-7705126a4ed4d1dc1d9561088cab0d7f.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-csv-importer-7705126a4ed4d1dc1d9561088cab0d7f + +info: + name: > + WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db1bad2e-55df-40c5-9a3f-651858a19b42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-87ab1df12e024103ce206734007bad62.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-87ab1df12e024103ce206734007bad62.yaml new file mode 100644 index 0000000000..e8d687fb62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-87ab1df12e024103ce206734007bad62.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-csv-importer-87ab1df12e024103ce206734007bad62 + +info: + name: > + WP Ultimate CSV Importer <= 6.5.2 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/258177c4-d3d4-4465-8b73-0af1b02485b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-944848224aa29d59185411875e6e7a83.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-944848224aa29d59185411875e6e7a83.yaml new file mode 100644 index 0000000000..e8fc52d24d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-944848224aa29d59185411875e6e7a83.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-csv-importer-944848224aa29d59185411875e6e7a83 + +info: + name: > + WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory Listing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6404476e-0c32-4f8e-882f-6a1785ba5748?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-c5aaff2cbf4515e9a35f03f837f2957f.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-c5aaff2cbf4515e9a35f03f837f2957f.yaml new file mode 100644 index 0000000000..94f9627e63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-c5aaff2cbf4515e9a35f03f837f2957f.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-csv-importer-c5aaff2cbf4515e9a35f03f837f2957f + +info: + name: > + Easy Drag And drop All Import : WP Ultimate CSV Importer < 3.8.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4a79c36-8371-4035-8c21-4bc0296fa12a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-c7addb8e32d754a1c27b6eb5611849e7.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-c7addb8e32d754a1c27b6eb5611849e7.yaml new file mode 100644 index 0000000000..df856d7bd9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-c7addb8e32d754a1c27b6eb5611849e7.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-csv-importer-c7addb8e32d754a1c27b6eb5611849e7 + +info: + name: > + Easy Drag And drop All Import : WP Ultimate CSV Importer <= 5.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0eae97c-d7e5-4dde-a323-d90a20826341?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-dc21ebc00161a8071a291b6ff6e22872.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-dc21ebc00161a8071a291b6ff6e22872.yaml new file mode 100644 index 0000000000..5176321802 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-dc21ebc00161a8071a291b6ff6e22872.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-csv-importer-dc21ebc00161a8071a291b6ff6e22872 + +info: + name: > + WP Ultimate CSV Importer <= 6.5.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9176a81-fe51-48dd-a151-4596443b430f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-e5b4ec8d38e3122f17a3232664bd3572.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-e5b4ec8d38e3122f17a3232664bd3572.yaml new file mode 100644 index 0000000000..d21f83a509 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-e5b4ec8d38e3122f17a3232664bd3572.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-csv-importer-e5b4ec8d38e3122f17a3232664bd3572 + +info: + name: > + WP Ultimate CSV Importer <= 6.5.7 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04a64a52-f0a0-4559-834d-88d3edd1bb6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-e9ce7b3589ea1d2e769d3fe233efa510.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-e9ce7b3589ea1d2e769d3fe233efa510.yaml new file mode 100644 index 0000000000..94b270ca1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-csv-importer-e9ce7b3589ea1d2e769d3fe233efa510.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-csv-importer-e9ce7b3589ea1d2e769d3fe233efa510 + +info: + name: > + WP Ultimate CSV Importer <= 6.4.2 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b3081ff-9898-46a2-8e02-30cd83f4fbe4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-csv-importer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-csv-importer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-csv-importer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-csv-importer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-csv-importer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-email-marketer-4abbb6efa9b6eb6c9ea1daf1a46873cb.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-email-marketer-4abbb6efa9b6eb6c9ea1daf1a46873cb.yaml new file mode 100644 index 0000000000..4e4255ff4c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-email-marketer-4abbb6efa9b6eb6c9ea1daf1a46873cb.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-email-marketer-4abbb6efa9b6eb6c9ea1daf1a46873cb + +info: + name: > + WP Ultimate Email Marketer <= 1.2.0 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35806af6-bb63-41c8-a20b-f5e36d2aa515?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-email-marketer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-email-marketer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-email-marketer,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-email-marketer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-email-marketer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-email-marketer-d7975313aa0a75118cad6d46dc36f4d3.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-email-marketer-d7975313aa0a75118cad6d46dc36f4d3.yaml new file mode 100644 index 0000000000..29edb85a2c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-email-marketer-d7975313aa0a75118cad6d46dc36f4d3.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-email-marketer-d7975313aa0a75118cad6d46dc36f4d3 + +info: + name: > + WP Ultimate Email Marketer <= 1.2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ea9dda4-d667-46f3-893b-a1ae60b6ba75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-email-marketer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-email-marketer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-email-marketer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-email-marketer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-email-marketer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-email-marketer-fc176b004d2c6f19188839a3973c1a4d.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-email-marketer-fc176b004d2c6f19188839a3973c1a4d.yaml new file mode 100644 index 0000000000..1c8565979e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-email-marketer-fc176b004d2c6f19188839a3973c1a4d.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-email-marketer-fc176b004d2c6f19188839a3973c1a4d + +info: + name: > + WP Ultimate Email Marketer <= 1.1.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d49a2180-cf3f-4ef9-805f-e7592b793a2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-email-marketer/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-email-marketer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-email-marketer,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-email-marketer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-email-marketer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-exporter-c50d345162d88814f557da562004033c.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-exporter-c50d345162d88814f557da562004033c.yaml new file mode 100644 index 0000000000..cf73a32c16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-exporter-c50d345162d88814f557da562004033c.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-exporter-c50d345162d88814f557da562004033c + +info: + name: > + WP Ultimate Exporter <= 2.4.1 - Unauthenticated Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61f7e01e-c9ce-47f6-96d0-de908ce7e90c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-exporter/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-exporter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-exporter-df373c772cbef38a246093f173c5b45a.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-exporter-df373c772cbef38a246093f173c5b45a.yaml new file mode 100644 index 0000000000..23673e927b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-exporter-df373c772cbef38a246093f173c5b45a.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-exporter-df373c772cbef38a246093f173c5b45a + +info: + name: > + Export WordPress Data with Advanced Filters < 1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15deb0db-5a13-4018-88e5-5f5cb61bd495?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-exporter/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-exporter,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-exporter-e989541539b3897cd4ab2d9eb3394079.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-exporter-e989541539b3897cd4ab2d9eb3394079.yaml new file mode 100644 index 0000000000..8a114dbd14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-exporter-e989541539b3897cd4ab2d9eb3394079.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-exporter-e989541539b3897cd4ab2d9eb3394079 + +info: + name: > + Export WordPress Data with Advanced Filters <= 1.4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e8c06c7-dbe0-4b2b-99bc-89f18277e540?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-exporter/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-exporter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-recipe-1e6683ba97d940c27fa31053738ff471.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-recipe-1e6683ba97d940c27fa31053738ff471.yaml new file mode 100644 index 0000000000..734b344b3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-recipe-1e6683ba97d940c27fa31053738ff471.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-recipe-1e6683ba97d940c27fa31053738ff471 + +info: + name: > + WP Ultimate Recipe < 3.12.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c7d4401-33aa-43c4-8659-a5664b3cf1da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-recipe/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-recipe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-recipe,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-recipe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-recipe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.12.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-review-101443664a3de2bb124cd3553eeabe4b.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-review-101443664a3de2bb124cd3553eeabe4b.yaml new file mode 100644 index 0000000000..b9451dc335 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-review-101443664a3de2bb124cd3553eeabe4b.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-review-101443664a3de2bb124cd3553eeabe4b + +info: + name: > + Wp Ultimate Review <= 2.0.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/892372c9-380c-43b2-b928-b5964574c414?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-review/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-review/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-review,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-review/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-review" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-review-60ae23854ab0f767b1c82b0fb6a8dc96.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-review-60ae23854ab0f767b1c82b0fb6a8dc96.yaml new file mode 100644 index 0000000000..2783ca931c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-review-60ae23854ab0f767b1c82b0fb6a8dc96.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-review-60ae23854ab0f767b1c82b0fb6a8dc96 + +info: + name: > + Wp Ultimate Review <= 2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c198008f-271e-431e-beb9-3a9f93cbbf8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-review/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-review/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-review,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-review/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-review" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-review-7ec860262e0c4326c23d456dc0dfb1da.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-review-7ec860262e0c4326c23d456dc0dfb1da.yaml new file mode 100644 index 0000000000..3aa949cef4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-review-7ec860262e0c4326c23d456dc0dfb1da.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-review-7ec860262e0c4326c23d456dc0dfb1da + +info: + name: > + Wp Ultimate Review <= 2.2.5 - Unauthenticated Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b813f3d8-b765-4cf5-aec0-786140e2a0ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-review/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-review/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-review,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-review/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-review" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-review-86e49b910c876d1cc23d6f192f89fdb5.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-review-86e49b910c876d1cc23d6f192f89fdb5.yaml new file mode 100644 index 0000000000..b8e87c2179 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-review-86e49b910c876d1cc23d6f192f89fdb5.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-review-86e49b910c876d1cc23d6f192f89fdb5 + +info: + name: > + Wp Ultimate Review <= 2.3.0 - Cross-Site Request Forgery via wur_settings_view + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1559fb43-cc5e-4dd2-80d8-06a137c7276d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-review/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-review/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-review,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-review/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-review" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-review-be633c3be5c6aae5c5d02b60c8c542b1.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-review-be633c3be5c6aae5c5d02b60c8c542b1.yaml new file mode 100644 index 0000000000..15c31444d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-review-be633c3be5c6aae5c5d02b60c8c542b1.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-review-be633c3be5c6aae5c5d02b60c8c542b1 + +info: + name: > + Wp Ultimate Review <= 2.3.2 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31418a45-7dae-4cd4-8f85-0498a285ef6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-review/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-review/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-review,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-review/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-review" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-review-cc90e11a79b5063f7474d47d11615e6d.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-review-cc90e11a79b5063f7474d47d11615e6d.yaml new file mode 100644 index 0000000000..f4271f5f49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-review-cc90e11a79b5063f7474d47d11615e6d.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-review-cc90e11a79b5063f7474d47d11615e6d + +info: + name: > + Wp Ultimate Review <= 2.2.5 - Unauthenticated Review Restriction Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8122afe3-35bf-463b-8443-c093f00bf210?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-review/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-review/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-review,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-review/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-review" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultimate-review-f59ad0e4ed3c2f1220e9486cbde45cae.yaml b/nuclei-templates/cve-less/plugins/wp-ultimate-review-f59ad0e4ed3c2f1220e9486cbde45cae.yaml new file mode 100644 index 0000000000..e901a89d8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultimate-review-f59ad0e4ed3c2f1220e9486cbde45cae.yaml @@ -0,0 +1,58 @@ +id: wp-ultimate-review-f59ad0e4ed3c2f1220e9486cbde45cae + +info: + name: > + Wp Ultimate Review <= 2.2.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15349295-4ee7-4746-ae34-200ffd24aa82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultimate-review/" + google-query: inurl:"/wp-content/plugins/wp-ultimate-review/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultimate-review,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultimate-review/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultimate-review" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-ultra-simple-paypal-shopping-cart-6ee5c39e29212bcfe2590b9e64dd32ec.yaml b/nuclei-templates/cve-less/plugins/wp-ultra-simple-paypal-shopping-cart-6ee5c39e29212bcfe2590b9e64dd32ec.yaml new file mode 100644 index 0000000000..96cd993adf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-ultra-simple-paypal-shopping-cart-6ee5c39e29212bcfe2590b9e64dd32ec.yaml @@ -0,0 +1,58 @@ +id: wp-ultra-simple-paypal-shopping-cart-6ee5c39e29212bcfe2590b9e64dd32ec + +info: + name: > + WordPress Ultra Simple Paypal Shopping Cart <= 4.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb6ac547-59fd-4d51-a140-06f7f70a43ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-ultra-simple-paypal-shopping-cart/" + google-query: inurl:"/wp-content/plugins/wp-ultra-simple-paypal-shopping-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-ultra-simple-paypal-shopping-cart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-ultra-simple-paypal-shopping-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-ultra-simple-paypal-shopping-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-unique-article-header-image-b96d233c9f831b3a15126c8efb4195dc.yaml b/nuclei-templates/cve-less/plugins/wp-unique-article-header-image-b96d233c9f831b3a15126c8efb4195dc.yaml new file mode 100644 index 0000000000..eea405cc95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-unique-article-header-image-b96d233c9f831b3a15126c8efb4195dc.yaml @@ -0,0 +1,58 @@ +id: wp-unique-article-header-image-b96d233c9f831b3a15126c8efb4195dc + +info: + name: > + WP Unique Article Header Image <= 1.0 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/444a848d-61bc-4801-815f-d68bea59f5bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-unique-article-header-image/" + google-query: inurl:"/wp-content/plugins/wp-unique-article-header-image/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-unique-article-header-image,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-unique-article-header-image/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-unique-article-header-image" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-upg-b03939b1629e023f1100df8dea055a3b.yaml b/nuclei-templates/cve-less/plugins/wp-upg-b03939b1629e023f1100df8dea055a3b.yaml new file mode 100644 index 0000000000..751118e363 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-upg-b03939b1629e023f1100df8dea055a3b.yaml @@ -0,0 +1,58 @@ +id: wp-upg-b03939b1629e023f1100df8dea055a3b + +info: + name: > + User Post Gallery - UPG <= 2.19 - Missing Authorization to Remote Command Execution + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19c370f1-322b-4c35-b100-244547373e1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-upg/" + google-query: inurl:"/wp-content/plugins/wp-upg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-upg,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-upg/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-upg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-upload-restriction-451bef3a18327362fa560f933f5185ec.yaml b/nuclei-templates/cve-less/plugins/wp-upload-restriction-451bef3a18327362fa560f933f5185ec.yaml new file mode 100644 index 0000000000..38c35c8768 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-upload-restriction-451bef3a18327362fa560f933f5185ec.yaml @@ -0,0 +1,58 @@ +id: wp-upload-restriction-451bef3a18327362fa560f933f5185ec + +info: + name: > + WP Upload Restriction <= 2.2.4 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac7a9adb-4ba1-4194-8218-e81a0fc9b93b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-upload-restriction/" + google-query: inurl:"/wp-content/plugins/wp-upload-restriction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-upload-restriction,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-upload-restriction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-upload-restriction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-upload-restriction-5a577e1325bef2936221483c67cddb03.yaml b/nuclei-templates/cve-less/plugins/wp-upload-restriction-5a577e1325bef2936221483c67cddb03.yaml new file mode 100644 index 0000000000..1d74b1c106 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-upload-restriction-5a577e1325bef2936221483c67cddb03.yaml @@ -0,0 +1,58 @@ +id: wp-upload-restriction-5a577e1325bef2936221483c67cddb03 + +info: + name: > + WP Upload Restriction <= 2.2.4 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/205a6972-b49f-4b6d-b0de-7a047d5ee496?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-upload-restriction/" + google-query: inurl:"/wp-content/plugins/wp-upload-restriction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-upload-restriction,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-upload-restriction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-upload-restriction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-upload-restriction-f55c5d00698b3df2b8933d7fd6999c2a.yaml b/nuclei-templates/cve-less/plugins/wp-upload-restriction-f55c5d00698b3df2b8933d7fd6999c2a.yaml new file mode 100644 index 0000000000..18369a4b05 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-upload-restriction-f55c5d00698b3df2b8933d7fd6999c2a.yaml @@ -0,0 +1,58 @@ +id: wp-upload-restriction-f55c5d00698b3df2b8933d7fd6999c2a + +info: + name: > + WP Upload Restriction <= 2.2.4 – Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1257da54-e008-4e25-bc83-36246f00960e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-upload-restriction/" + google-query: inurl:"/wp-content/plugins/wp-upload-restriction/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-upload-restriction,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-upload-restriction/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-upload-restriction" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-1a67fea2fb785d012349551999e163de.yaml b/nuclei-templates/cve-less/plugins/wp-user-1a67fea2fb785d012349551999e163de.yaml new file mode 100644 index 0000000000..ff8977f50d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-1a67fea2fb785d012349551999e163de.yaml @@ -0,0 +1,58 @@ +id: wp-user-1a67fea2fb785d012349551999e163de + +info: + name: > + WP User – Custom Registration Forms, Login and User Profile < 7.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0831971-3862-4774-8375-fe5870ef82d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user/" + google-query: inurl:"/wp-content/plugins/wp-user/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-873b35008af518fb3d54c42d47368243.yaml b/nuclei-templates/cve-less/plugins/wp-user-873b35008af518fb3d54c42d47368243.yaml new file mode 100644 index 0000000000..d444bc26df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-873b35008af518fb3d54c42d47368243.yaml @@ -0,0 +1,58 @@ +id: wp-user-873b35008af518fb3d54c42d47368243 + +info: + name: > + WP User <= 7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ee21796-5340-4f84-b1c4-a95137a27223?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user/" + google-query: inurl:"/wp-content/plugins/wp-user/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-0698a66e8bb0aa2a8b088a7a1889cbc2.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-0698a66e8bb0aa2a8b088a7a1889cbc2.yaml new file mode 100644 index 0000000000..b17254f214 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-0698a66e8bb0aa2a8b088a7a1889cbc2.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-0698a66e8bb0aa2a8b088a7a1889cbc2 + +info: + name: > + ProfilePress <= 4.15.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via profilepress-edit-profile Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3b9d0ab-d785-4e93-9ab8-f75673a27334?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-0e94d67e78f08a20056789a0d440afe2.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-0e94d67e78f08a20056789a0d440afe2.yaml new file mode 100644 index 0000000000..5dc58e6d48 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-0e94d67e78f08a20056789a0d440afe2.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-0e94d67e78f08a20056789a0d440afe2 + +info: + name: > + Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via [reg-select-role] Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53e16bca-7c85-4d56-8233-b3b53f793b39?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-1f71e71cd24bceed84937a152a603cb2.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-1f71e71cd24bceed84937a152a603cb2.yaml new file mode 100644 index 0000000000..19ea789e20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-1f71e71cd24bceed84937a152a603cb2.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-1f71e71cd24bceed84937a152a603cb2 + +info: + name: > + Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'reg-single-checkbox' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4986bc3-ee34-43a6-bad2-9f6665adb35c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-3eb275ee591fa0c16b66f277e10e13bc.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-3eb275ee591fa0c16b66f277e10e13bc.yaml new file mode 100644 index 0000000000..afe5366257 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-3eb275ee591fa0c16b66f277e10e13bc.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-3eb275ee591fa0c16b66f277e10e13bc + +info: + name: > + ProfilePress <= 4.13.1 - Limited Privilege Escalation via 'acceptable_defined_roles' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b2840ee-3b48-415e-9bed-d34d0b6e36d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-48b606f51693dab11522b09034d3ae96.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-48b606f51693dab11522b09034d3ae96.yaml new file mode 100644 index 0000000000..ee9ee55eb2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-48b606f51693dab11522b09034d3ae96.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-48b606f51693dab11522b09034d3ae96 + +info: + name: > + ProfilePress 3.0 - 3.1.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68e838d4-2ff2-4925-b2ff-ba3f7b379010?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-51b25af2629d0400d7625bb870546310.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-51b25af2629d0400d7625bb870546310.yaml new file mode 100644 index 0000000000..32535a8e6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-51b25af2629d0400d7625bb870546310.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-51b25af2629d0400d7625bb870546310 + +info: + name: > + ProfilePress <= 4.3.2 - Authenticated (Admin+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80127842-a931-41c7-9af8-3f0452a8c1a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-6281ccf1cb45a0f040d0e2c858dca63e.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-6281ccf1cb45a0f040d0e2c858dca63e.yaml new file mode 100644 index 0000000000..c1df737e90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-6281ccf1cb45a0f040d0e2c858dca63e.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-6281ccf1cb45a0f040d0e2c858dca63e + +info: + name: > + ProfilePress <= 4.13.1 Cross-Site Request Forgery via 'admin_notice' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e103f59a-00fa-4d4c-b4fc-834754886d49?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-6587cf615ade25a9efae204930a519bd.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-6587cf615ade25a9efae204930a519bd.yaml new file mode 100644 index 0000000000..c0138f830a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-6587cf615ade25a9efae204930a519bd.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-6587cf615ade25a9efae204930a519bd + +info: + name: > + User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) 3.0.0 - 3.1.3 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57531d89-1f54-43f4-a19d-9fda5e69f2ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-6819e71a564d878e4f4419dfc409235b.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-6819e71a564d878e4f4419dfc409235b.yaml new file mode 100644 index 0000000000..1c056cddbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-6819e71a564d878e4f4419dfc409235b.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-6819e71a564d878e4f4419dfc409235b + +info: + name: > + Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.4 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ffd74de-6629-4088-ba5c-ac9dd5c6322c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.14.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-72031d703636f4d374acfec2037f647b.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-72031d703636f4d374acfec2037f647b.yaml new file mode 100644 index 0000000000..4af201d206 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-72031d703636f4d374acfec2037f647b.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-72031d703636f4d374acfec2037f647b + +info: + name: > + ProfilePress <= 4.5.3 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8416840-c022-40a1-bcd3-17b34df11d95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-7433993cea900124b0f7230cf232b44d.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-7433993cea900124b0f7230cf232b44d.yaml new file mode 100644 index 0000000000..5c70e0ae53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-7433993cea900124b0f7230cf232b44d.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-7433993cea900124b0f7230cf232b44d + +info: + name: > + ProfilePress <= 3.1.7 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/179821bb-5b0d-4c41-a410-db433987a870?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-77904fe78351f83bbdf488cb644ca3d1.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-77904fe78351f83bbdf488cb644ca3d1.yaml new file mode 100644 index 0000000000..15a5c08edd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-77904fe78351f83bbdf488cb644ca3d1.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-77904fe78351f83bbdf488cb644ca3d1 + +info: + name: > + Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.15.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4eb296af-547a-44aa-b804-833204b75256?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-813e33d3439eeca37bb846e820e1b423.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-813e33d3439eeca37bb846e820e1b423.yaml new file mode 100644 index 0000000000..9f655a8ebf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-813e33d3439eeca37bb846e820e1b423.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-813e33d3439eeca37bb846e820e1b423 + +info: + name: > + Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7911c774-3fb0-4d6c-a847-101e5ad8637a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.14.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-82bdc31754953bb5cbc55f18a69f9401.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-82bdc31754953bb5cbc55f18a69f9401.yaml new file mode 100644 index 0000000000..545fc61ab5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-82bdc31754953bb5cbc55f18a69f9401.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-82bdc31754953bb5cbc55f18a69f9401 + +info: + name: > + User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) 3.0.0 - 3.1.3 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71955ba0-42ba-49a1-8b91-81069c6132ea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-88e8a642963113f357e180145695e08e.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-88e8a642963113f357e180145695e08e.yaml new file mode 100644 index 0000000000..ba8bfd0723 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-88e8a642963113f357e180145695e08e.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-88e8a642963113f357e180145695e08e + +info: + name: > + ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46d4d573-3845-4d20-8a48-a2f28850383c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.14.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-90145687b353ad4682e8d470b00e07e1.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-90145687b353ad4682e8d470b00e07e1.yaml new file mode 100644 index 0000000000..106f7152ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-90145687b353ad4682e8d470b00e07e1.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-90145687b353ad4682e8d470b00e07e1 + +info: + name: > + ProfilePress <= 4.5.4 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4077fda-3f39-4e17-b7b8-3f1b6bf0a9e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-93365cd3a26ee2a497f31876bb4917f2.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-93365cd3a26ee2a497f31876bb4917f2.yaml new file mode 100644 index 0000000000..bc5ceaa98e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-93365cd3a26ee2a497f31876bb4917f2.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-93365cd3a26ee2a497f31876bb4917f2 + +info: + name: > + ProfilePress <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5201963b-3b30-4e7a-9ad1-d9fa7bf629e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-9e91fef8c5a09e4e777921aa54a9f471.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-9e91fef8c5a09e4e777921aa54a9f471.yaml new file mode 100644 index 0000000000..6134a0abc3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-9e91fef8c5a09e4e777921aa54a9f471.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-9e91fef8c5a09e4e777921aa54a9f471 + +info: + name: > + Paid Membership, User Registration, User Profile & Restrict Content Plugin – ProfilePress <= 3.1.10 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/684253b3-0a96-4822-84c8-bde8ed45f35e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-a51251f0d703aa8b0485bf4eda435396.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-a51251f0d703aa8b0485bf4eda435396.yaml new file mode 100644 index 0000000000..c7a604e9d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-a51251f0d703aa8b0485bf4eda435396.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-a51251f0d703aa8b0485bf4eda435396 + +info: + name: > + ProfilePress <= 4.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/833006a6-462a-4729-8f3e-dca74a3802a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-b376ae9eb5e73985c7b2db36dc58f72f.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-b376ae9eb5e73985c7b2db36dc58f72f.yaml new file mode 100644 index 0000000000..8c2765999e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-b376ae9eb5e73985c7b2db36dc58f72f.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-b376ae9eb5e73985c7b2db36dc58f72f + +info: + name: > + ProfilePress <= 3.2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/746b9ecc-49c1-4f6e-9f86-4147c98fe325?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-b67db9ae21f25fb045ea60943b5dc06e.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-b67db9ae21f25fb045ea60943b5dc06e.yaml new file mode 100644 index 0000000000..9715dd7658 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-b67db9ae21f25fb045ea60943b5dc06e.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-b67db9ae21f25fb045ea60943b5dc06e + +info: + name: > + ProfilePress <= 3.2.2 - Reflected Cross-Site Scripting via ppress_cc_data Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2a87cb3-5cce-4b5a-937d-71e96aeef7c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-c25b123faba0bdec0e1756161a7f2a1e.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-c25b123faba0bdec0e1756161a7f2a1e.yaml new file mode 100644 index 0000000000..e688fec5e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-c25b123faba0bdec0e1756161a7f2a1e.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-c25b123faba0bdec0e1756161a7f2a1e + +info: + name: > + ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d54f585-0116-4517-84f1-271e89a05539?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-c396441598767a6e09e79d93045681a8.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-c396441598767a6e09e79d93045681a8.yaml new file mode 100644 index 0000000000..864a2bb73f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-c396441598767a6e09e79d93045681a8.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-c396441598767a6e09e79d93045681a8 + +info: + name: > + ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9bb2ae16-7886-4e66-83e0-59806dd67450?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0.0', '<= 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-ce05c14849e5f32e89c54867b5580301.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-ce05c14849e5f32e89c54867b5580301.yaml new file mode 100644 index 0000000000..d87bd353f9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-ce05c14849e5f32e89c54867b5580301.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-ce05c14849e5f32e89c54867b5580301 + +info: + name: > + ProfilePress <= 4.14.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via [edit-profile-text-box] shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e50081f-6658-4cc7-bf0a-d04464820926?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.14.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-d60068516760d7fad3a37219e7d9a9f1.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-d60068516760d7fad3a37219e7d9a9f1.yaml new file mode 100644 index 0000000000..b0d0d93eb9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-d60068516760d7fad3a37219e7d9a9f1.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-d60068516760d7fad3a37219e7d9a9f1 + +info: + name: > + ProfilePress <= 4.13.2 - Information Disclosure via Debug Log + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f5357e0-1e1b-4090-a6ae-9587c6a8d290?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.13.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-ea7c82866444834be834917feb8c07e7.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-ea7c82866444834be834917feb8c07e7.yaml new file mode 100644 index 0000000000..a4fbb39537 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-ea7c82866444834be834917feb8c07e7.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-ea7c82866444834be834917feb8c07e7 + +info: + name: > + ProfilePress <= 4.15.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38ec1a6b-f5ee-446a-9e6c-3485dafb85ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-avatar-faa5c662684f3e34d87e4c432d1f9f4a.yaml b/nuclei-templates/cve-less/plugins/wp-user-avatar-faa5c662684f3e34d87e4c432d1f9f4a.yaml new file mode 100644 index 0000000000..3c0ccbb7d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-avatar-faa5c662684f3e34d87e4c432d1f9f4a.yaml @@ -0,0 +1,58 @@ +id: wp-user-avatar-faa5c662684f3e34d87e4c432d1f9f4a + +info: + name: > + ProfilePress <= 4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Form Settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43c9dcec-f769-4c55-93d0-c2aa45a4fa16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-control-833c717ddaa425412e5078aad2dee670.yaml b/nuclei-templates/cve-less/plugins/wp-user-control-833c717ddaa425412e5078aad2dee670.yaml new file mode 100644 index 0000000000..3f65908e08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-control-833c717ddaa425412e5078aad2dee670.yaml @@ -0,0 +1,58 @@ +id: wp-user-control-833c717ddaa425412e5078aad2dee670 + +info: + name: > + WP User Control <= 1.5.3 - Insecure Password Reset Mechanism + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4ca1736-7b99-49db-9367-586dbc14df41?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-control/" + google-query: inurl:"/wp-content/plugins/wp-user-control/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-control,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-control/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-control" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-dcecbe3ad598b0f09d573e5ce1408664.yaml b/nuclei-templates/cve-less/plugins/wp-user-dcecbe3ad598b0f09d573e5ce1408664.yaml new file mode 100644 index 0000000000..f28447e7a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-dcecbe3ad598b0f09d573e5ce1408664.yaml @@ -0,0 +1,58 @@ +id: wp-user-dcecbe3ad598b0f09d573e5ce1408664 + +info: + name: > + WP User <= 7.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91a1604c-c729-4c68-90a8-91862a351ecc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user/" + google-query: inurl:"/wp-content/plugins/wp-user/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-frontend-009b7c3c01cbc1b8e5b1583fe598205f.yaml b/nuclei-templates/cve-less/plugins/wp-user-frontend-009b7c3c01cbc1b8e5b1583fe598205f.yaml new file mode 100644 index 0000000000..5687ac07bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-frontend-009b7c3c01cbc1b8e5b1583fe598205f.yaml @@ -0,0 +1,58 @@ +id: wp-user-frontend-009b7c3c01cbc1b8e5b1583fe598205f + +info: + name: > + WP User Frontend <= 3.6.8 - Missing Authorization via AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e8e967f-f627-4c0c-ac0f-0a66ae25c602?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-frontend/" + google-query: inurl:"/wp-content/plugins/wp-user-frontend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-frontend,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-frontend-36566c3afb06b969f751eee41300c71b.yaml b/nuclei-templates/cve-less/plugins/wp-user-frontend-36566c3afb06b969f751eee41300c71b.yaml new file mode 100644 index 0000000000..2bab2b6a91 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-frontend-36566c3afb06b969f751eee41300c71b.yaml @@ -0,0 +1,58 @@ +id: wp-user-frontend-36566c3afb06b969f751eee41300c71b + +info: + name: > + WP User Frontend <= 3.5.25 - SQL Injection & Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9793793-44d5-4628-a57b-c1254645e648?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-frontend/" + google-query: inurl:"/wp-content/plugins/wp-user-frontend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-frontend,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-frontend-878f413ec190d0a95a0db0404871c06a.yaml b/nuclei-templates/cve-less/plugins/wp-user-frontend-878f413ec190d0a95a0db0404871c06a.yaml new file mode 100644 index 0000000000..20014c9221 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-frontend-878f413ec190d0a95a0db0404871c06a.yaml @@ -0,0 +1,58 @@ +id: wp-user-frontend-878f413ec190d0a95a0db0404871c06a + +info: + name: > + WP User Frontend <= 3.6.5 - Authenticated (Author+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31de3c9b-068d-47d8-9811-feae07f2e9d0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-frontend/" + google-query: inurl:"/wp-content/plugins/wp-user-frontend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-frontend,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-frontend-9cdff4661ff94d9ebac19d8fc5548ae6.yaml b/nuclei-templates/cve-less/plugins/wp-user-frontend-9cdff4661ff94d9ebac19d8fc5548ae6.yaml new file mode 100644 index 0000000000..2a2b25405e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-frontend-9cdff4661ff94d9ebac19d8fc5548ae6.yaml @@ -0,0 +1,58 @@ +id: wp-user-frontend-9cdff4661ff94d9ebac19d8fc5548ae6 + +info: + name: > + WP User Frontend <= 3.5.28 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a0f77ca-2fb5-4e73-a0fa-dfbeb39fbd84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-frontend/" + google-query: inurl:"/wp-content/plugins/wp-user-frontend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-frontend,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-frontend-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wp-user-frontend-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..7ef783b19d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-frontend-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wp-user-frontend-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-frontend/" + google-query: inurl:"/wp-content/plugins/wp-user-frontend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-frontend,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-frontend/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-frontend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-manager-5acef1bfe4bd1454c852e9b74429a91a.yaml b/nuclei-templates/cve-less/plugins/wp-user-manager-5acef1bfe4bd1454c852e9b74429a91a.yaml new file mode 100644 index 0000000000..5a4da146bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-manager-5acef1bfe4bd1454c852e9b74429a91a.yaml @@ -0,0 +1,58 @@ +id: wp-user-manager-5acef1bfe4bd1454c852e9b74429a91a + +info: + name: > + User Registration < 2.0.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b581e866-2b3b-4d6f-8bd3-d370c6482d12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-manager/" + google-query: inurl:"/wp-content/plugins/wp-user-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-manager-966b6ace296100d0ad47e45751a9a6b6.yaml b/nuclei-templates/cve-less/plugins/wp-user-manager-966b6ace296100d0ad47e45751a9a6b6.yaml new file mode 100644 index 0000000000..32ad980fba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-manager-966b6ace296100d0ad47e45751a9a6b6.yaml @@ -0,0 +1,58 @@ +id: wp-user-manager-966b6ace296100d0ad47e45751a9a6b6 + +info: + name: > + WP User Manager <= 2.6.2 - Arbitrary User Password Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8815abff-6bd5-4ce4-9adf-afd699f628c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-manager/" + google-query: inurl:"/wp-content/plugins/wp-user-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-merger-7f2ad53d025d64620bae59b467d70f5b.yaml b/nuclei-templates/cve-less/plugins/wp-user-merger-7f2ad53d025d64620bae59b467d70f5b.yaml new file mode 100644 index 0000000000..7e4229dc34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-merger-7f2ad53d025d64620bae59b467d70f5b.yaml @@ -0,0 +1,58 @@ +id: wp-user-merger-7f2ad53d025d64620bae59b467d70f5b + +info: + name: > + WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aef312be-85d6-45e7-a34f-7f7cc415df3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-merger/" + google-query: inurl:"/wp-content/plugins/wp-user-merger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-merger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-merger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-merger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-merger-9e9c8555eaf480676d3bf05dbd493869.yaml b/nuclei-templates/cve-less/plugins/wp-user-merger-9e9c8555eaf480676d3bf05dbd493869.yaml new file mode 100644 index 0000000000..125375204f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-merger-9e9c8555eaf480676d3bf05dbd493869.yaml @@ -0,0 +1,58 @@ +id: wp-user-merger-9e9c8555eaf480676d3bf05dbd493869 + +info: + name: > + WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2a6f8ec-6a3e-453d-9ef4-794b5791ac2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-merger/" + google-query: inurl:"/wp-content/plugins/wp-user-merger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-merger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-merger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-merger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-merger-f267d62c47f700236f07eb0616a44f03.yaml b/nuclei-templates/cve-less/plugins/wp-user-merger-f267d62c47f700236f07eb0616a44f03.yaml new file mode 100644 index 0000000000..0b3acb609a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-merger-f267d62c47f700236f07eb0616a44f03.yaml @@ -0,0 +1,58 @@ +id: wp-user-merger-f267d62c47f700236f07eb0616a44f03 + +info: + name: > + WP User Merger <= 1.5.2 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55ed6e73-4e9a-4201-91c2-0f7153ec1cb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-merger/" + google-query: inurl:"/wp-content/plugins/wp-user-merger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-merger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-merger/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-merger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-profile-avatar-8d7a863f5c4efdd21d67e64b56b84820.yaml b/nuclei-templates/cve-less/plugins/wp-user-profile-avatar-8d7a863f5c4efdd21d67e64b56b84820.yaml new file mode 100644 index 0000000000..2fb3b0cd28 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-profile-avatar-8d7a863f5c4efdd21d67e64b56b84820.yaml @@ -0,0 +1,58 @@ +id: wp-user-profile-avatar-8d7a863f5c4efdd21d67e64b56b84820 + +info: + name: > + WP User Profile Avatar <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af053fdc-e40c-4dfa-8d16-09c72d839031?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-profile-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-profile-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-profile-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-profile-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-profile-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-profile-avatar-af96d1868fb4ef94535942e6a7a96e89.yaml b/nuclei-templates/cve-less/plugins/wp-user-profile-avatar-af96d1868fb4ef94535942e6a7a96e89.yaml new file mode 100644 index 0000000000..6fc710c9aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-profile-avatar-af96d1868fb4ef94535942e6a7a96e89.yaml @@ -0,0 +1,58 @@ +id: wp-user-profile-avatar-af96d1868fb4ef94535942e6a7a96e89 + +info: + name: > + WP User Profile Avatar <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c291aa80-f1cd-4933-b522-73ec115a3a68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-profile-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-profile-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-profile-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-profile-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-profile-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-profile-avatar-ec4121cea31885fa26a199486b7f74e3.yaml b/nuclei-templates/cve-less/plugins/wp-user-profile-avatar-ec4121cea31885fa26a199486b7f74e3.yaml new file mode 100644 index 0000000000..d50e52f47c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-profile-avatar-ec4121cea31885fa26a199486b7f74e3.yaml @@ -0,0 +1,58 @@ +id: wp-user-profile-avatar-ec4121cea31885fa26a199486b7f74e3 + +info: + name: > + WP User Profile Avatar <= 1.0.0 - Authenticated (Author+) Insecure Direct Object Reference to Avatar Deletion/Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/75c325a1-1a88-4b67-a5f8-6307627d8c6a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-profile-avatar/" + google-query: inurl:"/wp-content/plugins/wp-user-profile-avatar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-profile-avatar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-profile-avatar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-profile-avatar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-user-switch-e3973fedf7a8f63d43b3386884883485.yaml b/nuclei-templates/cve-less/plugins/wp-user-switch-e3973fedf7a8f63d43b3386884883485.yaml new file mode 100644 index 0000000000..41a9978d0f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-user-switch-e3973fedf7a8f63d43b3386884883485.yaml @@ -0,0 +1,58 @@ +id: wp-user-switch-e3973fedf7a8f63d43b3386884883485 + +info: + name: > + WP User Switch <= 1.0.2 - Authenticated (Subscriber+) Authentication Bypass via Cookie + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e89d912d-fa7a-4fb1-8872-95fa861c21ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-user-switch/" + google-query: inurl:"/wp-content/plugins/wp-user-switch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-user-switch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-user-switch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-user-switch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-useronline-5b8cbfd6e3ba79c4725fe838c412c514.yaml b/nuclei-templates/cve-less/plugins/wp-useronline-5b8cbfd6e3ba79c4725fe838c412c514.yaml new file mode 100644 index 0000000000..c1ed1bfdfc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-useronline-5b8cbfd6e3ba79c4725fe838c412c514.yaml @@ -0,0 +1,58 @@ +id: wp-useronline-5b8cbfd6e3ba79c4725fe838c412c514 + +info: + name: > + WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c4fb14c-de6d-4247-8f83-050f1350f6a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-useronline/" + google-query: inurl:"/wp-content/plugins/wp-useronline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-useronline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-useronline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-useronline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.88.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-useronline-669b73ac27d820ad91a32920ca859ce3.yaml b/nuclei-templates/cve-less/plugins/wp-useronline-669b73ac27d820ad91a32920ca859ce3.yaml new file mode 100644 index 0000000000..d7919dba31 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-useronline-669b73ac27d820ad91a32920ca859ce3.yaml @@ -0,0 +1,58 @@ +id: wp-useronline-669b73ac27d820ad91a32920ca859ce3 + +info: + name: > + WP-UserOnline <= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a44a55e-a96a-4698-9948-6ef33138a834?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-useronline/" + google-query: inurl:"/wp-content/plugins/wp-useronline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-useronline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-useronline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-useronline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.87.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-useronline-7db35c118cdf678977312aec08d43ff0.yaml b/nuclei-templates/cve-less/plugins/wp-useronline-7db35c118cdf678977312aec08d43ff0.yaml new file mode 100644 index 0000000000..8fd06980f8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-useronline-7db35c118cdf678977312aec08d43ff0.yaml @@ -0,0 +1,58 @@ +id: wp-useronline-7db35c118cdf678977312aec08d43ff0 + +info: + name: > + WP-UserOnline <= 2.88.2 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e11662b0-5f67-4c27-abdb-522204acb35e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-useronline/" + google-query: inurl:"/wp-content/plugins/wp-useronline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-useronline,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-useronline/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-useronline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.88.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-users-disable-453fdd29f3b3ed3425776068af53e39d.yaml b/nuclei-templates/cve-less/plugins/wp-users-disable-453fdd29f3b3ed3425776068af53e39d.yaml new file mode 100644 index 0000000000..2a35ff9e6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-users-disable-453fdd29f3b3ed3425776068af53e39d.yaml @@ -0,0 +1,58 @@ +id: wp-users-disable-453fdd29f3b3ed3425776068af53e39d + +info: + name: > + Disable User Login <= 1.0.1 - Missing Authorization to Unauthenticated Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/caa2bbdf-353e-49a2-b0e5-d9236848a211?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-users-disable/" + google-query: inurl:"/wp-content/plugins/wp-users-disable/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-users-disable,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-users-disable/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-users-disable" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-users-exporter-5709251856e505a66ad635cfb702132a.yaml b/nuclei-templates/cve-less/plugins/wp-users-exporter-5709251856e505a66ad635cfb702132a.yaml new file mode 100644 index 0000000000..2294e05290 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-users-exporter-5709251856e505a66ad635cfb702132a.yaml @@ -0,0 +1,58 @@ +id: wp-users-exporter-5709251856e505a66ad635cfb702132a + +info: + name: > + WP Users Exporter <= 1.4.2 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7da1d7cf-e8b5-4b7c-bdc1-13ef8c11b663?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-users-exporter/" + google-query: inurl:"/wp-content/plugins/wp-users-exporter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-users-exporter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-users-exporter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-users-exporter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-users-media-6c042e8ea6605a500a8eb10aee943be3.yaml b/nuclei-templates/cve-less/plugins/wp-users-media-6c042e8ea6605a500a8eb10aee943be3.yaml new file mode 100644 index 0000000000..ac13f2b6f6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-users-media-6c042e8ea6605a500a8eb10aee943be3.yaml @@ -0,0 +1,58 @@ +id: wp-users-media-6c042e8ea6605a500a8eb10aee943be3 + +info: + name: > + WP Users Media <= 4.2.3 - Missing Authorization via wpusme_save_settings + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e125188-4aff-4c64-b4ec-a363db2431b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-users-media/" + google-query: inurl:"/wp-content/plugins/wp-users-media/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-users-media,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-users-media/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-users-media" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-vertical-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-vertical-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..ac67b70ada --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-vertical-gallery-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-vertical-gallery-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-vertical-gallery/" + google-query: inurl:"/wp-content/plugins/wp-vertical-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-vertical-gallery,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-vertical-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-vertical-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-9ef0672874cd901f6cd102e8cb391c48.yaml b/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-9ef0672874cd901f6cd102e8cb391c48.yaml new file mode 100644 index 0000000000..ed9c1be243 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-9ef0672874cd901f6cd102e8cb391c48.yaml @@ -0,0 +1,58 @@ +id: wp-vertical-image-slider-9ef0672874cd901f6cd102e8cb391c48 + +info: + name: > + wordpress vertical image slider plugin <= 1.2.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9983364-9b52-4acc-91d4-b352c6d24d52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-vertical-image-slider/" + google-query: inurl:"/wp-content/plugins/wp-vertical-image-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-vertical-image-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-vertical-image-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-vertical-image-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-ea2ac4bbba26e325b5bfe41be94a548c.yaml b/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-ea2ac4bbba26e325b5bfe41be94a548c.yaml new file mode 100644 index 0000000000..b226fb0444 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-vertical-image-slider-ea2ac4bbba26e325b5bfe41be94a548c.yaml @@ -0,0 +1,58 @@ +id: wp-vertical-image-slider-ea2ac4bbba26e325b5bfe41be94a548c + +info: + name: > + wordpress vertical image slider plugin <= 1.2.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59c40a86-ea1c-4015-ac47-2b7b91cc3519?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-vertical-image-slider/" + google-query: inurl:"/wp-content/plugins/wp-vertical-image-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-vertical-image-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-vertical-image-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-vertical-image-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-video-gallery-free-259e85ddeb38f519130917626241cfb2.yaml b/nuclei-templates/cve-less/plugins/wp-video-gallery-free-259e85ddeb38f519130917626241cfb2.yaml new file mode 100644 index 0000000000..01d40b6f14 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-video-gallery-free-259e85ddeb38f519130917626241cfb2.yaml @@ -0,0 +1,58 @@ +id: wp-video-gallery-free-259e85ddeb38f519130917626241cfb2 + +info: + name: > + WP Video Gallery <= 1.7.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53889ac8-a101-4aae-a1d2-f25cbf6f58e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-video-gallery-free/" + google-query: inurl:"/wp-content/plugins/wp-video-gallery-free/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-video-gallery-free,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-video-gallery-free/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-video-gallery-free" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-video-lightbox-9a15f5067a143fbe0852c7999a453016.yaml b/nuclei-templates/cve-less/plugins/wp-video-lightbox-9a15f5067a143fbe0852c7999a453016.yaml new file mode 100644 index 0000000000..1b781e190f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-video-lightbox-9a15f5067a143fbe0852c7999a453016.yaml @@ -0,0 +1,58 @@ +id: wp-video-lightbox-9a15f5067a143fbe0852c7999a453016 + +info: + name: > + WP Video Lightbox <= 1.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd3d3fe1-8fdd-404c-a8f7-2b9893ff6c0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-video-lightbox/" + google-query: inurl:"/wp-content/plugins/wp-video-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-video-lightbox,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-video-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-video-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-video-lightbox-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/wp-video-lightbox-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..6206c2ad4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-video-lightbox-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: wp-video-lightbox-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-video-lightbox/" + google-query: inurl:"/wp-content/plugins/wp-video-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-video-lightbox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-video-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-video-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-video-lightbox-d27fa19d4b96ffbe2e62694bb7f786a1.yaml b/nuclei-templates/cve-less/plugins/wp-video-lightbox-d27fa19d4b96ffbe2e62694bb7f786a1.yaml new file mode 100644 index 0000000000..d205aa73b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-video-lightbox-d27fa19d4b96ffbe2e62694bb7f786a1.yaml @@ -0,0 +1,58 @@ +id: wp-video-lightbox-d27fa19d4b96ffbe2e62694bb7f786a1 + +info: + name: > + WP Video Lightbox <= 1.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da2d8494-aea3-4a1e-9eca-946c0bd390cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-video-lightbox/" + google-query: inurl:"/wp-content/plugins/wp-video-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-video-lightbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-video-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-video-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-video-lightbox-ea22f32ac37f9f8e0f263b4584b31b1a.yaml b/nuclei-templates/cve-less/plugins/wp-video-lightbox-ea22f32ac37f9f8e0f263b4584b31b1a.yaml new file mode 100644 index 0000000000..7ef914727b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-video-lightbox-ea22f32ac37f9f8e0f263b4584b31b1a.yaml @@ -0,0 +1,58 @@ +id: wp-video-lightbox-ea22f32ac37f9f8e0f263b4584b31b1a + +info: + name: > + WP Video Lightbox <= 1.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb68f3b4-b4c7-4e16-bed2-2bd41f1b5a44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-video-lightbox/" + google-query: inurl:"/wp-content/plugins/wp-video-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-video-lightbox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-video-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-video-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-video-lightbox-f81f2c3fb0fd545df0470702817f5fe2.yaml b/nuclei-templates/cve-less/plugins/wp-video-lightbox-f81f2c3fb0fd545df0470702817f5fe2.yaml new file mode 100644 index 0000000000..c5482b1d16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-video-lightbox-f81f2c3fb0fd545df0470702817f5fe2.yaml @@ -0,0 +1,58 @@ +id: wp-video-lightbox-f81f2c3fb0fd545df0470702817f5fe2 + +info: + name: > + WP Video Lightbox <= 1.9.2 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e4a2c3cf-0785-4bf0-9ad8-0d2479545067?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-video-lightbox/" + google-query: inurl:"/wp-content/plugins/wp-video-lightbox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-video-lightbox,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-video-lightbox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-video-lightbox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-vipergb-f5789b694dfc2fa041ad362aac79382e.yaml b/nuclei-templates/cve-less/plugins/wp-vipergb-f5789b694dfc2fa041ad362aac79382e.yaml new file mode 100644 index 0000000000..8d2c353815 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-vipergb-f5789b694dfc2fa041ad362aac79382e.yaml @@ -0,0 +1,58 @@ +id: wp-vipergb-f5789b694dfc2fa041ad362aac79382e + +info: + name: > + Viper GuestBook <= 1.3.15 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39843d5b-702d-466d-9e17-ccf1c4444220?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-vipergb/" + google-query: inurl:"/wp-content/plugins/wp-vipergb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-vipergb,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-vipergb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-vipergb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-vipergb-fe07dbc2056b4c877acab0ca5ff47ac2.yaml b/nuclei-templates/cve-less/plugins/wp-vipergb-fe07dbc2056b4c877acab0ca5ff47ac2.yaml new file mode 100644 index 0000000000..d3b7dc8210 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-vipergb-fe07dbc2056b4c877acab0ca5ff47ac2.yaml @@ -0,0 +1,58 @@ +id: wp-vipergb-fe07dbc2056b4c877acab0ca5ff47ac2 + +info: + name: > + WP-ViperGB <= 1.3.10 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30dda650-3262-4d22-bec7-b6de3bc25381?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-vipergb/" + google-query: inurl:"/wp-content/plugins/wp-vipergb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-vipergb,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-vipergb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-vipergb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-visual-slidebox-builder-1302cc789091d34c6db79147cc295acd.yaml b/nuclei-templates/cve-less/plugins/wp-visual-slidebox-builder-1302cc789091d34c6db79147cc295acd.yaml new file mode 100644 index 0000000000..51004c302a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-visual-slidebox-builder-1302cc789091d34c6db79147cc295acd.yaml @@ -0,0 +1,58 @@ +id: wp-visual-slidebox-builder-1302cc789091d34c6db79147cc295acd + +info: + name: > + Visual Slide Box Builder <= 3.2.9 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38a405f2-344c-4ee1-a67e-5f6afad66b84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-visual-slidebox-builder/" + google-query: inurl:"/wp-content/plugins/wp-visual-slidebox-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-visual-slidebox-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-visual-slidebox-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-visual-slidebox-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-voting-contest-671933c31cfdf22d6690b9521e0d209c.yaml b/nuclei-templates/cve-less/plugins/wp-voting-contest-671933c31cfdf22d6690b9521e0d209c.yaml new file mode 100644 index 0000000000..c7d2f18dbf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-voting-contest-671933c31cfdf22d6690b9521e0d209c.yaml @@ -0,0 +1,58 @@ +id: wp-voting-contest-671933c31cfdf22d6690b9521e0d209c + +info: + name: > + WP Voting Contest < 3.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73472066-8e5c-46a4-906d-f459a2ebf40d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-voting-contest/" + google-query: inurl:"/wp-content/plugins/wp-voting-contest/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-voting-contest,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-voting-contest/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-voting-contest" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-webinarsystem-fafafb2a28dce19928fc435ec7cb0821.yaml b/nuclei-templates/cve-less/plugins/wp-webinarsystem-fafafb2a28dce19928fc435ec7cb0821.yaml new file mode 100644 index 0000000000..76e874a918 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-webinarsystem-fafafb2a28dce19928fc435ec7cb0821.yaml @@ -0,0 +1,58 @@ +id: wp-webinarsystem-fafafb2a28dce19928fc435ec7cb0821 + +info: + name: > + WebinarPress <= 1.33.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca0e51b2-640a-4bd1-b667-74107b7dcc6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-webinarsystem/" + google-query: inurl:"/wp-content/plugins/wp-webinarsystem/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-webinarsystem,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-webinarsystem/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-webinarsystem" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.33.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-whatsapp-15be6de4677a81d9742115b7d4dbf93c.yaml b/nuclei-templates/cve-less/plugins/wp-whatsapp-15be6de4677a81d9742115b7d4dbf93c.yaml new file mode 100644 index 0000000000..ae5fed2d1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-whatsapp-15be6de4677a81d9742115b7d4dbf93c.yaml @@ -0,0 +1,58 @@ +id: wp-whatsapp-15be6de4677a81d9742115b7d4dbf93c + +info: + name: > + WP Chat App <= 3.6.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Block Image Attribute + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bba2901-55a7-4ef1-ab3c-1415aa99c729?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-whatsapp/" + google-query: inurl:"/wp-content/plugins/wp-whatsapp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-whatsapp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-whatsapp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-whatsapp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-whatsapp-45fa634ab986eb98d5523af1f02322fd.yaml b/nuclei-templates/cve-less/plugins/wp-whatsapp-45fa634ab986eb98d5523af1f02322fd.yaml new file mode 100644 index 0000000000..b477f91b80 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-whatsapp-45fa634ab986eb98d5523af1f02322fd.yaml @@ -0,0 +1,58 @@ +id: wp-whatsapp-45fa634ab986eb98d5523af1f02322fd + +info: + name: > + WP Chat App <= 3.6.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc7689ea-3e7b-4367-872d-fa036a29f842?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-whatsapp/" + google-query: inurl:"/wp-content/plugins/wp-whatsapp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-whatsapp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-whatsapp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-whatsapp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-whatsapp-50ffb87c6ba7528dcf0d0be367e8a965.yaml b/nuclei-templates/cve-less/plugins/wp-whatsapp-50ffb87c6ba7528dcf0d0be367e8a965.yaml new file mode 100644 index 0000000000..c5b0c96797 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-whatsapp-50ffb87c6ba7528dcf0d0be367e8a965.yaml @@ -0,0 +1,58 @@ +id: wp-whatsapp-50ffb87c6ba7528dcf0d0be367e8a965 + +info: + name: > + WP Chat App <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85a94f32-e1e5-48ea-822e-c54d0592da28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-whatsapp/" + google-query: inurl:"/wp-content/plugins/wp-whatsapp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-whatsapp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-whatsapp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-whatsapp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-whatsapp-b8a0ef29774cb506ae49e9736f363d94.yaml b/nuclei-templates/cve-less/plugins/wp-whatsapp-b8a0ef29774cb506ae49e9736f363d94.yaml new file mode 100644 index 0000000000..3e5c4cde8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-whatsapp-b8a0ef29774cb506ae49e9736f363d94.yaml @@ -0,0 +1,58 @@ +id: wp-whatsapp-b8a0ef29774cb506ae49e9736f363d94 + +info: + name: > + WP Chat App <= 3.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73232bff-b11a-4580-8cde-5bf085ba749c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-whatsapp/" + google-query: inurl:"/wp-content/plugins/wp-whatsapp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-whatsapp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-whatsapp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-whatsapp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-whatsapp-chat-a04496fc12c107641a2dfaedc56869ca.yaml b/nuclei-templates/cve-less/plugins/wp-whatsapp-chat-a04496fc12c107641a2dfaedc56869ca.yaml new file mode 100644 index 0000000000..d5e2e00372 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-whatsapp-chat-a04496fc12c107641a2dfaedc56869ca.yaml @@ -0,0 +1,58 @@ +id: wp-whatsapp-chat-a04496fc12c107641a2dfaedc56869ca + +info: + name: > + WP Social Chat – Click To Chat App <= 6.0.4 - Administrator+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bff16371-51a9-44c9-ba6f-3680f84b880a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-whatsapp-chat/" + google-query: inurl:"/wp-content/plugins/wp-whatsapp-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-whatsapp-chat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-whatsapp-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-whatsapp-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-whois-domain-a66081067407b18cb9328a87caf935e9.yaml b/nuclei-templates/cve-less/plugins/wp-whois-domain-a66081067407b18cb9328a87caf935e9.yaml new file mode 100644 index 0000000000..0740a84abc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-whois-domain-a66081067407b18cb9328a87caf935e9.yaml @@ -0,0 +1,58 @@ +id: wp-whois-domain-a66081067407b18cb9328a87caf935e9 + +info: + name: > + WP Whois Domain <= 1.0.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d7f48a9-07f9-4add-bfa2-7ddbcf2f866f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-whois-domain/" + google-query: inurl:"/wp-content/plugins/wp-whois-domain/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-whois-domain,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-whois-domain/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-whois-domain" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-whydonate-b4434ce76a215860884d76b7a0613c9a.yaml b/nuclei-templates/cve-less/plugins/wp-whydonate-b4434ce76a215860884d76b7a0613c9a.yaml new file mode 100644 index 0000000000..4e04802492 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-whydonate-b4434ce76a215860884d76b7a0613c9a.yaml @@ -0,0 +1,58 @@ +id: wp-whydonate-b4434ce76a215860884d76b7a0613c9a + +info: + name: > + Whydonate – FREE Donate button <= 3.12.14 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec1461a9-4504-4e60-9e38-a7257666e699?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-whydonate/" + google-query: inurl:"/wp-content/plugins/wp-whydonate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-whydonate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-whydonate/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-whydonate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.12.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-woocommerce-quickbooks-2f31a15bf76b537432656c32ac9543f6.yaml b/nuclei-templates/cve-less/plugins/wp-woocommerce-quickbooks-2f31a15bf76b537432656c32ac9543f6.yaml new file mode 100644 index 0000000000..dc4a56f2cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-woocommerce-quickbooks-2f31a15bf76b537432656c32ac9543f6.yaml @@ -0,0 +1,58 @@ +id: wp-woocommerce-quickbooks-2f31a15bf76b537432656c32ac9543f6 + +info: + name: > + Integration for WooCommerce and QuickBooks <= 1.2.3 - Open Redirect via setup_plugin + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8176dd33-80d2-4cc7-9edb-e1d7a1277f28?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-woocommerce-quickbooks/" + google-query: inurl:"/wp-content/plugins/wp-woocommerce-quickbooks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-woocommerce-quickbooks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-woocommerce-quickbooks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-woocommerce-quickbooks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-word-count-12dbefa5509a29120cd218ac3cfa3bd8.yaml b/nuclei-templates/cve-less/plugins/wp-word-count-12dbefa5509a29120cd218ac3cfa3bd8.yaml new file mode 100644 index 0000000000..f9b57db8ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-word-count-12dbefa5509a29120cd218ac3cfa3bd8.yaml @@ -0,0 +1,58 @@ +id: wp-word-count-12dbefa5509a29120cd218ac3cfa3bd8 + +info: + name: > + WP Word Count <= 3.2.4 - Missing Authorization via calculate_statistics + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/55dfd822-9034-4982-bfe7-eb86119e1f07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-word-count/" + google-query: inurl:"/wp-content/plugins/wp-word-count/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-word-count,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-word-count/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-word-count" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-word-count-7fe1343755ae3216e2612ce9dec35f72.yaml b/nuclei-templates/cve-less/plugins/wp-word-count-7fe1343755ae3216e2612ce9dec35f72.yaml new file mode 100644 index 0000000000..44646aa1a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-word-count-7fe1343755ae3216e2612ce9dec35f72.yaml @@ -0,0 +1,58 @@ +id: wp-word-count-7fe1343755ae3216e2612ce9dec35f72 + +info: + name: > + WP Word Count <= 3.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7e632f-eada-4a3f-9e92-ba00c6aa503e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-word-count/" + google-query: inurl:"/wp-content/plugins/wp-word-count/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-word-count,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-word-count/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-word-count" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-worthy-41b9f790801ad7eb3878c73ca1b86fd1.yaml b/nuclei-templates/cve-less/plugins/wp-worthy-41b9f790801ad7eb3878c73ca1b86fd1.yaml new file mode 100644 index 0000000000..8eda460d3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-worthy-41b9f790801ad7eb3878c73ca1b86fd1.yaml @@ -0,0 +1,58 @@ +id: wp-worthy-41b9f790801ad7eb3878c73ca1b86fd1 + +info: + name: > + Worthy – VG WORT Integration für WordPress <= 1.6.5-6497609 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7717cd0f-6aac-4cb0-b27e-2517d5d7ecd9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-worthy/" + google-query: inurl:"/wp-content/plugins/wp-worthy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-worthy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-worthy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-worthy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5-6497609') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-yasslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wp-yasslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..51b2f68663 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-yasslideshow-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wp-yasslideshow-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-yasslideshow/" + google-query: inurl:"/wp-content/plugins/wp-yasslideshow/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-yasslideshow,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-yasslideshow/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-yasslideshow" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-yelp-review-slider-aea7c598ba9d4fa4ffd8fc15ef6dd40c.yaml b/nuclei-templates/cve-less/plugins/wp-yelp-review-slider-aea7c598ba9d4fa4ffd8fc15ef6dd40c.yaml new file mode 100644 index 0000000000..1b518108c2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-yelp-review-slider-aea7c598ba9d4fa4ffd8fc15ef6dd40c.yaml @@ -0,0 +1,58 @@ +id: wp-yelp-review-slider-aea7c598ba9d4fa4ffd8fc15ef6dd40c + +info: + name: > + WP Yelp Review Slider <= 7.0 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdacd8b2-ef34-424d-bc05-bc059f6ab3b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-yelp-review-slider/" + google-query: inurl:"/wp-content/plugins/wp-yelp-review-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-yelp-review-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-yelp-review-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-yelp-review-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-youtube-live-72dd99a1f42299b6be0b974a6a37581e.yaml b/nuclei-templates/cve-less/plugins/wp-youtube-live-72dd99a1f42299b6be0b974a6a37581e.yaml new file mode 100644 index 0000000000..09cb8bdf0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-youtube-live-72dd99a1f42299b6be0b974a6a37581e.yaml @@ -0,0 +1,58 @@ +id: wp-youtube-live-72dd99a1f42299b6be0b974a6a37581e + +info: + name: > + WP YouTube Live <= 1.7.21 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d540b53-5c39-43d5-a055-cc5eccfa65b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-youtube-live/" + google-query: inurl:"/wp-content/plugins/wp-youtube-live/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-youtube-live,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-youtube-live/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-youtube-live" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-youtube-live-ed930301ff6966bb2b42fba1c213a244.yaml b/nuclei-templates/cve-less/plugins/wp-youtube-live-ed930301ff6966bb2b42fba1c213a244.yaml new file mode 100644 index 0000000000..da88c99c4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-youtube-live-ed930301ff6966bb2b42fba1c213a244.yaml @@ -0,0 +1,58 @@ +id: wp-youtube-live-ed930301ff6966bb2b42fba1c213a244 + +info: + name: > + WP YouTube Live <= 1.8.2 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5018aac-59fb-4d95-bbdd-8ceaa4f8fad1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-youtube-live/" + google-query: inurl:"/wp-content/plugins/wp-youtube-live/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-youtube-live,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-youtube-live/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-youtube-live" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-youtube-lyte-762212510e78e95a2afd8767337992cf.yaml b/nuclei-templates/cve-less/plugins/wp-youtube-lyte-762212510e78e95a2afd8767337992cf.yaml new file mode 100644 index 0000000000..5397a7d217 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-youtube-lyte-762212510e78e95a2afd8767337992cf.yaml @@ -0,0 +1,58 @@ +id: wp-youtube-lyte-762212510e78e95a2afd8767337992cf + +info: + name: > + WP YouTube Lyte <= 1.7.15 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28d3fe13-20f8-48af-9476-98d2bef467e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-youtube-lyte/" + google-query: inurl:"/wp-content/plugins/wp-youtube-lyte/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-youtube-lyte,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-youtube-lyte/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-youtube-lyte" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp-zillow-review-slider-fd55f9f1199bb3c6e4b47c897716c4d9.yaml b/nuclei-templates/cve-less/plugins/wp-zillow-review-slider-fd55f9f1199bb3c6e4b47c897716c4d9.yaml new file mode 100644 index 0000000000..2079f77dde --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp-zillow-review-slider-fd55f9f1199bb3c6e4b47c897716c4d9.yaml @@ -0,0 +1,58 @@ +id: wp-zillow-review-slider-fd55f9f1199bb3c6e4b47c897716c4d9 + +info: + name: > + WP Zillow Review Slider <= 2.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3d52baf-0f2b-4791-96ce-ec57502ed646?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp-zillow-review-slider/" + google-query: inurl:"/wp-content/plugins/wp-zillow-review-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp-zillow-review-slider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp-zillow-review-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-zillow-review-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp125-498ee45b8c7fc3083e30dce9b4fdf901.yaml b/nuclei-templates/cve-less/plugins/wp125-498ee45b8c7fc3083e30dce9b4fdf901.yaml new file mode 100644 index 0000000000..ec6304dcb6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp125-498ee45b8c7fc3083e30dce9b4fdf901.yaml @@ -0,0 +1,58 @@ +id: wp125-498ee45b8c7fc3083e30dce9b4fdf901 + +info: + name: > + WP125 <= 1.5.4 - Cross-Site Request Forgery to Arbitrary Ad Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6263e0cd-5843-444d-8d12-61a898a77724?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp125/" + google-query: inurl:"/wp-content/plugins/wp125/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp125,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp125/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp125" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp125-4fb52fd64080462536a5af2ab82cbace.yaml b/nuclei-templates/cve-less/plugins/wp125-4fb52fd64080462536a5af2ab82cbace.yaml new file mode 100644 index 0000000000..41efb716b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp125-4fb52fd64080462536a5af2ab82cbace.yaml @@ -0,0 +1,58 @@ +id: wp125-4fb52fd64080462536a5af2ab82cbace + +info: + name: > + WP125 <= 1.4.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83d4f114-c113-4c66-be74-2d438aa00502?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp125/" + google-query: inurl:"/wp-content/plugins/wp125/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp125,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp125/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp125" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp2android-turn-wp-site-into-android-app-742c9543d814556f22bc231e7b11cfdd.yaml b/nuclei-templates/cve-less/plugins/wp2android-turn-wp-site-into-android-app-742c9543d814556f22bc231e7b11cfdd.yaml new file mode 100644 index 0000000000..2588d3c649 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp2android-turn-wp-site-into-android-app-742c9543d814556f22bc231e7b11cfdd.yaml @@ -0,0 +1,58 @@ +id: wp2android-turn-wp-site-into-android-app-742c9543d814556f22bc231e7b11cfdd + +info: + name: > + Wp2android <= 1.1.4 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63effbe3-e509-4f62-a7aa-7727e855bebf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp2android-turn-wp-site-into-android-app/" + google-query: inurl:"/wp-content/plugins/wp2android-turn-wp-site-into-android-app/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp2android-turn-wp-site-into-android-app,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp2android-turn-wp-site-into-android-app/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp2android-turn-wp-site-into-android-app" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp2leads-867cda99b5370418b92599a3b962874f.yaml b/nuclei-templates/cve-less/plugins/wp2leads-867cda99b5370418b92599a3b962874f.yaml new file mode 100644 index 0000000000..d09bd30825 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp2leads-867cda99b5370418b92599a3b962874f.yaml @@ -0,0 +1,58 @@ +id: wp2leads-867cda99b5370418b92599a3b962874f + +info: + name: > + WP2LEADS <= 3.2.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7f77ca2-c69e-4f59-ad7b-a244863de424?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp2leads/" + google-query: inurl:"/wp-content/plugins/wp2leads/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp2leads,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp2leads/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp2leads" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wp2syslog-648a83746134b316901bad2fa3ef15ab.yaml b/nuclei-templates/cve-less/plugins/wp2syslog-648a83746134b316901bad2fa3ef15ab.yaml new file mode 100644 index 0000000000..b14c25300f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wp2syslog-648a83746134b316901bad2fa3ef15ab.yaml @@ -0,0 +1,58 @@ +id: wp2syslog-648a83746134b316901bad2fa3ef15ab + +info: + name: > + wp2syslog <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a7f64e1-c815-426b-99cc-03ab62aaf9de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wp2syslog/" + google-query: inurl:"/wp-content/plugins/wp2syslog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wp2syslog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wp2syslog/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp2syslog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpagecontact-7d9cfe7c7d057a8bbf5fcb3c72a54c2b.yaml b/nuclei-templates/cve-less/plugins/wpagecontact-7d9cfe7c7d057a8bbf5fcb3c72a54c2b.yaml new file mode 100644 index 0000000000..0e3ba9db1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpagecontact-7d9cfe7c7d057a8bbf5fcb3c72a54c2b.yaml @@ -0,0 +1,58 @@ +id: wpagecontact-7d9cfe7c7d057a8bbf5fcb3c72a54c2b + +info: + name: > + WordPress Page Contact <= 1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5361df27-493c-4731-9502-071af4894bbb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpagecontact/" + google-query: inurl:"/wp-content/plugins/wpagecontact/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpagecontact,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpagecontact/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpagecontact" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpappninja-5e80d211739bf78fc6d29ff73646a991.yaml b/nuclei-templates/cve-less/plugins/wpappninja-5e80d211739bf78fc6d29ff73646a991.yaml new file mode 100644 index 0000000000..46d8eb69e9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpappninja-5e80d211739bf78fc6d29ff73646a991.yaml @@ -0,0 +1,58 @@ +id: wpappninja-5e80d211739bf78fc6d29ff73646a991 + +info: + name: > + WPMobile.App — Android and iOS Mobile Application <= 11.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/091c6cb3-dc5a-4fb8-a1a5-770b2361401f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpappninja/" + google-query: inurl:"/wp-content/plugins/wpappninja/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpappninja,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpappninja/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpappninja" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpappninja-6481182e7ac4b130cac34d43758d1847.yaml b/nuclei-templates/cve-less/plugins/wpappninja-6481182e7ac4b130cac34d43758d1847.yaml new file mode 100644 index 0000000000..5c1678e369 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpappninja-6481182e7ac4b130cac34d43758d1847.yaml @@ -0,0 +1,58 @@ +id: wpappninja-6481182e7ac4b130cac34d43758d1847 + +info: + name: > + WPMobile.App — Android and iOS Mobile Application <= 11.18 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/355decb2-2667-4056-836c-9ac8897f340e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpappninja/" + google-query: inurl:"/wp-content/plugins/wpappninja/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpappninja,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpappninja/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpappninja" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpappninja-f7b23b7f219bdfa01165ca96135e1423.yaml b/nuclei-templates/cve-less/plugins/wpappninja-f7b23b7f219bdfa01165ca96135e1423.yaml new file mode 100644 index 0000000000..5d672a2e54 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpappninja-f7b23b7f219bdfa01165ca96135e1423.yaml @@ -0,0 +1,58 @@ +id: wpappninja-f7b23b7f219bdfa01165ca96135e1423 + +info: + name: > + WPMobile.App <= 11.20 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02b5aefe-ba27-4273-927c-7779df83eb18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpappninja/" + google-query: inurl:"/wp-content/plugins/wpappninja/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpappninja,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpappninja/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpappninja" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpaudio-mp3-player-75529ea91935af94487230f89ef485d5.yaml b/nuclei-templates/cve-less/plugins/wpaudio-mp3-player-75529ea91935af94487230f89ef485d5.yaml new file mode 100644 index 0000000000..bd8fb23382 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpaudio-mp3-player-75529ea91935af94487230f89ef485d5.yaml @@ -0,0 +1,58 @@ +id: wpaudio-mp3-player-75529ea91935af94487230f89ef485d5 + +info: + name: > + WPaudio MP3 Player <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d19eeb42-2438-4126-8c60-14839baceff0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpaudio-mp3-player/" + google-query: inurl:"/wp-content/plugins/wpaudio-mp3-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpaudio-mp3-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpaudio-mp3-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpaudio-mp3-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpb-advanced-faq-ea35e08ef79a30cf67846c992e562b69.yaml b/nuclei-templates/cve-less/plugins/wpb-advanced-faq-ea35e08ef79a30cf67846c992e562b69.yaml new file mode 100644 index 0000000000..bc5100811c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpb-advanced-faq-ea35e08ef79a30cf67846c992e562b69.yaml @@ -0,0 +1,58 @@ +id: wpb-advanced-faq-ea35e08ef79a30cf67846c992e562b69 + +info: + name: > + WPB Advanced FAQ <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2b173e8-5bdd-4048-8201-2d66ce2f2eca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpb-advanced-faq/" + google-query: inurl:"/wp-content/plugins/wpb-advanced-faq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpb-advanced-faq,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpb-advanced-faq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpb-advanced-faq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpb-show-core-27aee4f01d78d059f9dfc206e065e8b8.yaml b/nuclei-templates/cve-less/plugins/wpb-show-core-27aee4f01d78d059f9dfc206e065e8b8.yaml new file mode 100644 index 0000000000..38523916d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpb-show-core-27aee4f01d78d059f9dfc206e065e8b8.yaml @@ -0,0 +1,58 @@ +id: wpb-show-core-27aee4f01d78d059f9dfc206e065e8b8 + +info: + name: > + WPB Show Core <= 2.2 - Unauthenticated Local File Inlclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/845fbf0f-c7c4-483e-b671-1a703d857792?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpb-show-core/" + google-query: inurl:"/wp-content/plugins/wpb-show-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpb-show-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpb-show-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpb-show-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpb-show-core-72aca1ce30687d819e7bbef9469c5435.yaml b/nuclei-templates/cve-less/plugins/wpb-show-core-72aca1ce30687d819e7bbef9469c5435.yaml new file mode 100644 index 0000000000..c97c9f1213 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpb-show-core-72aca1ce30687d819e7bbef9469c5435.yaml @@ -0,0 +1,58 @@ +id: wpb-show-core-72aca1ce30687d819e7bbef9469c5435 + +info: + name: > + WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dec2e656-8936-43e2-b156-e96718fd7ef4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpb-show-core/" + google-query: inurl:"/wp-content/plugins/wpb-show-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpb-show-core,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpb-show-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpb-show-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpb-show-core-7f6904f57576a4004d7574ed67ed80fe.yaml b/nuclei-templates/cve-less/plugins/wpb-show-core-7f6904f57576a4004d7574ed67ed80fe.yaml new file mode 100644 index 0000000000..57f076c9d5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpb-show-core-7f6904f57576a4004d7574ed67ed80fe.yaml @@ -0,0 +1,58 @@ +id: wpb-show-core-7f6904f57576a4004d7574ed67ed80fe + +info: + name: > + WPB Show Core <= 2.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31f72c5b-a99b-48a1-959b-9718b33139b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpb-show-core/" + google-query: inurl:"/wp-content/plugins/wpb-show-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpb-show-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpb-show-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpb-show-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpb-show-core-a601da5135d3caac4f0c675dffcf2dc4.yaml b/nuclei-templates/cve-less/plugins/wpb-show-core-a601da5135d3caac4f0c675dffcf2dc4.yaml new file mode 100644 index 0000000000..41696d238b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpb-show-core-a601da5135d3caac4f0c675dffcf2dc4.yaml @@ -0,0 +1,58 @@ +id: wpb-show-core-a601da5135d3caac4f0c675dffcf2dc4 + +info: + name: > + WPB Show Core <= 2.6 - Reflected Cross-Site Scripting via 'file' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3438426a-c07d-4aeb-8272-2e13b70419a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpb-show-core/" + google-query: inurl:"/wp-content/plugins/wpb-show-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpb-show-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpb-show-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpb-show-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpb-show-core-e005bf53dd0cb1727a65fdd723c2b325.yaml b/nuclei-templates/cve-less/plugins/wpb-show-core-e005bf53dd0cb1727a65fdd723c2b325.yaml new file mode 100644 index 0000000000..c6da82f497 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpb-show-core-e005bf53dd0cb1727a65fdd723c2b325.yaml @@ -0,0 +1,58 @@ +id: wpb-show-core-e005bf53dd0cb1727a65fdd723c2b325 + +info: + name: > + WPB Show Core <= 2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e054485-71cc-47c2-9bd6-4f060dc76738?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpb-show-core/" + google-query: inurl:"/wp-content/plugins/wpb-show-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpb-show-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpb-show-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpb-show-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpb-show-core-f27c27a0d0d7414568ced2d665d44341.yaml b/nuclei-templates/cve-less/plugins/wpb-show-core-f27c27a0d0d7414568ced2d665d44341.yaml new file mode 100644 index 0000000000..1900a8a78b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpb-show-core-f27c27a0d0d7414568ced2d665d44341.yaml @@ -0,0 +1,58 @@ +id: wpb-show-core-f27c27a0d0d7414568ced2d665d44341 + +info: + name: > + WPB Show Core <= 2.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4460f0a-9417-48bf-b6b3-27a80632dd71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpb-show-core/" + google-query: inurl:"/wp-content/plugins/wpb-show-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpb-show-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpb-show-core/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpb-show-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpbenchmark-5950b11bfaba8d27fdadd77f829d5bd8.yaml b/nuclei-templates/cve-less/plugins/wpbenchmark-5950b11bfaba8d27fdadd77f829d5bd8.yaml new file mode 100644 index 0000000000..37c6a03c76 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpbenchmark-5950b11bfaba8d27fdadd77f829d5bd8.yaml @@ -0,0 +1,58 @@ +id: wpbenchmark-5950b11bfaba8d27fdadd77f829d5bd8 + +info: + name: > + WordPress Hosting Benchmark tool <= 1.3.6 - Cross-Site Request Forgery via execute_plugin() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f26a6ace-4623-4931-a4e4-8176d799d274?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpbenchmark/" + google-query: inurl:"/wp-content/plugins/wpbenchmark/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpbenchmark,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpbenchmark/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpbenchmark" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpbits-addons-for-elementor-23e0e7010272bc0edbef97452d9c2437.yaml b/nuclei-templates/cve-less/plugins/wpbits-addons-for-elementor-23e0e7010272bc0edbef97452d9c2437.yaml new file mode 100644 index 0000000000..b4cd117135 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpbits-addons-for-elementor-23e0e7010272bc0edbef97452d9c2437.yaml @@ -0,0 +1,58 @@ +id: wpbits-addons-for-elementor-23e0e7010272bc0edbef97452d9c2437 + +info: + name: > + WPBITS Addons For Elementor Page Builder <= 1.3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05cd8f96-533a-4036-a01f-6ba1ad2d2b5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpbits-addons-for-elementor/" + google-query: inurl:"/wp-content/plugins/wpbits-addons-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpbits-addons-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpbits-addons-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpbits-addons-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpbrutalai-131875d333b38df6cd9a906f0f1d6d15.yaml b/nuclei-templates/cve-less/plugins/wpbrutalai-131875d333b38df6cd9a906f0f1d6d15.yaml new file mode 100644 index 0000000000..2a742f8583 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpbrutalai-131875d333b38df6cd9a906f0f1d6d15.yaml @@ -0,0 +1,58 @@ +id: wpbrutalai-131875d333b38df6cd9a906f0f1d6d15 + +info: + name: > + WP Brutal AI < 2.06 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/227cf3fe-4e76-4827-ac92-788bca450b52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpbrutalai/" + google-query: inurl:"/wp-content/plugins/wpbrutalai/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpbrutalai,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpbrutalai/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpbrutalai" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.06') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpbrutalai-24f75a43b0feb32392540a8e35cfe74d.yaml b/nuclei-templates/cve-less/plugins/wpbrutalai-24f75a43b0feb32392540a8e35cfe74d.yaml new file mode 100644 index 0000000000..a16e66772f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpbrutalai-24f75a43b0feb32392540a8e35cfe74d.yaml @@ -0,0 +1,58 @@ +id: wpbrutalai-24f75a43b0feb32392540a8e35cfe74d + +info: + name: > + WP Brutal AI < 2.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2aabec9-1968-4c0e-baed-9aa78eb236e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpbrutalai/" + google-query: inurl:"/wp-content/plugins/wpbrutalai/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpbrutalai,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpbrutalai/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpbrutalai" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpbrutalai-55c5d66fcb1a0e14740f101ab90eeba9.yaml b/nuclei-templates/cve-less/plugins/wpbrutalai-55c5d66fcb1a0e14740f101ab90eeba9.yaml new file mode 100644 index 0000000000..f2c9022d2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpbrutalai-55c5d66fcb1a0e14740f101ab90eeba9.yaml @@ -0,0 +1,58 @@ +id: wpbrutalai-55c5d66fcb1a0e14740f101ab90eeba9 + +info: + name: > + WP Brutal AI < 2.0.0 - Cross-Site Request Forgery to SQL Injection + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4eb5833-25cd-4a6c-9240-37a9f8c1b120?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpbrutalai/" + google-query: inurl:"/wp-content/plugins/wpbrutalai/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpbrutalai,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpbrutalai/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpbrutalai" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpbulky-wp-bulk-edit-post-types-e83a61f4951a190bf506663021152379.yaml b/nuclei-templates/cve-less/plugins/wpbulky-wp-bulk-edit-post-types-e83a61f4951a190bf506663021152379.yaml new file mode 100644 index 0000000000..32ac883a3b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpbulky-wp-bulk-edit-post-types-e83a61f4951a190bf506663021152379.yaml @@ -0,0 +1,58 @@ +id: wpbulky-wp-bulk-edit-post-types-e83a61f4951a190bf506663021152379 + +info: + name: > + WPBulky <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d908e8ac-6864-4951-bbef-8d98ac641912?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpbulky-wp-bulk-edit-post-types/" + google-query: inurl:"/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpbulky-wp-bulk-edit-post-types,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpbulky-wp-bulk-edit-post-types/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpbulky-wp-bulk-edit-post-types" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpc-badge-management-0c0c3155e7f5976c6ad290b0d35fa570.yaml b/nuclei-templates/cve-less/plugins/wpc-badge-management-0c0c3155e7f5976c6ad290b0d35fa570.yaml new file mode 100644 index 0000000000..7aa5ae9355 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpc-badge-management-0c0c3155e7f5976c6ad290b0d35fa570.yaml @@ -0,0 +1,58 @@ +id: wpc-badge-management-0c0c3155e7f5976c6ad290b0d35fa570 + +info: + name: > + WPC Badge Management for WooCommerce <= 2.4.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1db1c415-7c57-47bb-82d9-44168259ae1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpc-badge-management/" + google-query: inurl:"/wp-content/plugins/wpc-badge-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpc-badge-management,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpc-badge-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpc-badge-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpc-composite-products-7d701d3a30fca3143559ca73fdb370ec.yaml b/nuclei-templates/cve-less/plugins/wpc-composite-products-7d701d3a30fca3143559ca73fdb370ec.yaml new file mode 100644 index 0000000000..6c0ae95098 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpc-composite-products-7d701d3a30fca3143559ca73fdb370ec.yaml @@ -0,0 +1,58 @@ +id: wpc-composite-products-7d701d3a30fca3143559ca73fdb370ec + +info: + name: > + WPC Composite Products for WooCommerce <= 7.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3bea017-9fc3-4e14-97c4-5bb525650cde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpc-composite-products/" + google-query: inurl:"/wp-content/plugins/wpc-composite-products/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpc-composite-products,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpc-composite-products/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpc-composite-products" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpc-grouped-product-5207af68b5cb6f829d0bffea5881c5d4.yaml b/nuclei-templates/cve-less/plugins/wpc-grouped-product-5207af68b5cb6f829d0bffea5881c5d4.yaml new file mode 100644 index 0000000000..3944852830 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpc-grouped-product-5207af68b5cb6f829d0bffea5881c5d4.yaml @@ -0,0 +1,58 @@ +id: wpc-grouped-product-5207af68b5cb6f829d0bffea5881c5d4 + +info: + name: > + WPC Grouped Product for WooCommerce <= 4.4.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc1abdd7-d563-44af-86d3-58005706d624?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpc-grouped-product/" + google-query: inurl:"/wp-content/plugins/wpc-grouped-product/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpc-grouped-product,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpc-grouped-product/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpc-grouped-product" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcal-8e0c44401a0d94704f78e1b86fc33007.yaml b/nuclei-templates/cve-less/plugins/wpcal-8e0c44401a0d94704f78e1b86fc33007.yaml new file mode 100644 index 0000000000..70f2c43f44 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcal-8e0c44401a0d94704f78e1b86fc33007.yaml @@ -0,0 +1,58 @@ +id: wpcal-8e0c44401a0d94704f78e1b86fc33007 + +info: + name: > + WPCal.io – Easy Meeting Scheduler <= 0.9.5.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/020df8cb-a9ce-4f04-b88f-ceb988beeb75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcal/" + google-query: inurl:"/wp-content/plugins/wpcal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcal/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcalc-8c686690daafe251c11d3b5105b46fb5.yaml b/nuclei-templates/cve-less/plugins/wpcalc-8c686690daafe251c11d3b5105b46fb5.yaml new file mode 100644 index 0000000000..32d96f7ebb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcalc-8c686690daafe251c11d3b5105b46fb5.yaml @@ -0,0 +1,58 @@ +id: wpcalc-8c686690daafe251c11d3b5105b46fb5 + +info: + name: > + WPcalc – Create any online calculators <= 2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5aef1bc6-b155-4a70-9d08-75951e0725ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcalc/" + google-query: inurl:"/wp-content/plugins/wpcalc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcalc,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcalc/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcalc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcargo-1a30a24dd5f7f3d1429055cabcbadceb.yaml b/nuclei-templates/cve-less/plugins/wpcargo-1a30a24dd5f7f3d1429055cabcbadceb.yaml new file mode 100644 index 0000000000..b203215677 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcargo-1a30a24dd5f7f3d1429055cabcbadceb.yaml @@ -0,0 +1,58 @@ +id: wpcargo-1a30a24dd5f7f3d1429055cabcbadceb + +info: + name: > + WPCargo Track & Trace <= 6.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cc7ec8b-4480-4422-8831-97f20a5d8d67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcargo/" + google-query: inurl:"/wp-content/plugins/wpcargo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcargo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcargo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcargo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcargo-db32a0bf7f699c5e4cc79b9b16676c96.yaml b/nuclei-templates/cve-less/plugins/wpcargo-db32a0bf7f699c5e4cc79b9b16676c96.yaml new file mode 100644 index 0000000000..ce1a46f202 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcargo-db32a0bf7f699c5e4cc79b9b16676c96.yaml @@ -0,0 +1,58 @@ +id: wpcargo-db32a0bf7f699c5e4cc79b9b16676c96 + +info: + name: > + WPCargo <= 6.8.9 - Unauthenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14a1b8af-bd32-4245-92d6-549cae68c626?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcargo/" + google-query: inurl:"/wp-content/plugins/wpcargo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcargo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcargo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcargo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcargo-f0b2493ebe50f27c282dd108348c8532.yaml b/nuclei-templates/cve-less/plugins/wpcargo-f0b2493ebe50f27c282dd108348c8532.yaml new file mode 100644 index 0000000000..679f018503 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcargo-f0b2493ebe50f27c282dd108348c8532.yaml @@ -0,0 +1,58 @@ +id: wpcargo-f0b2493ebe50f27c282dd108348c8532 + +info: + name: > + WPCargo Track & Trace <= 6.9.4 - Admin+ Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/510b1390-b8e6-41b5-8691-3043fa3fb47d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcargo/" + google-query: inurl:"/wp-content/plugins/wpcargo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcargo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcargo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcargo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.9.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcb-4295379b4ef5affb647e77f938ae4ec4.yaml b/nuclei-templates/cve-less/plugins/wpcb-4295379b4ef5affb647e77f938ae4ec4.yaml new file mode 100644 index 0000000000..62ee49cbe9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcb-4295379b4ef5affb647e77f938ae4ec4.yaml @@ -0,0 +1,58 @@ +id: wpcb-4295379b4ef5affb647e77f938ae4ec4 + +info: + name: > + WPCB <= 2.4.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cfbaa87-1af7-4f5d-820b-1f2194765121?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcb/" + google-query: inurl:"/wp-content/plugins/wpcb/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcb,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcb/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcb" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcf7-redirect-0446faf7e8a09fe554612052c4885eba.yaml b/nuclei-templates/cve-less/plugins/wpcf7-redirect-0446faf7e8a09fe554612052c4885eba.yaml new file mode 100644 index 0000000000..702bb41083 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcf7-redirect-0446faf7e8a09fe554612052c4885eba.yaml @@ -0,0 +1,58 @@ +id: wpcf7-redirect-0446faf7e8a09fe554612052c4885eba + +info: + name: > + Redirection for Contact Form 7 <= 2.3.3 - Authenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/774afb96-4385-4693-a446-c87f81b39feb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcf7-redirect/" + google-query: inurl:"/wp-content/plugins/wpcf7-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcf7-redirect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcf7-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcf7-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcf7-redirect-1b89c40965836bd2b2d15087fcdb7314.yaml b/nuclei-templates/cve-less/plugins/wpcf7-redirect-1b89c40965836bd2b2d15087fcdb7314.yaml new file mode 100644 index 0000000000..87af6ec136 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcf7-redirect-1b89c40965836bd2b2d15087fcdb7314.yaml @@ -0,0 +1,58 @@ +id: wpcf7-redirect-1b89c40965836bd2b2d15087fcdb7314 + +info: + name: > + Redirection for Contact Form 7 <= 2.3.3 - Unauthenticated Arbitrary Nonce Generation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/773ed184-1478-417d-9a57-93f3971d4bc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcf7-redirect/" + google-query: inurl:"/wp-content/plugins/wpcf7-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcf7-redirect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcf7-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcf7-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcf7-redirect-31ee70bfe05643b60268fd1099915dd0.yaml b/nuclei-templates/cve-less/plugins/wpcf7-redirect-31ee70bfe05643b60268fd1099915dd0.yaml new file mode 100644 index 0000000000..f000483d0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcf7-redirect-31ee70bfe05643b60268fd1099915dd0.yaml @@ -0,0 +1,58 @@ +id: wpcf7-redirect-31ee70bfe05643b60268fd1099915dd0 + +info: + name: > + Redirection for Contact Form 7 <= 2.3.3 - Unprotected AJAX Actions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e9823e6-bcd4-4c1e-bf86-caf472748b12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcf7-redirect/" + google-query: inurl:"/wp-content/plugins/wpcf7-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcf7-redirect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcf7-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcf7-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcf7-redirect-42471f956508e099a58e2e33212c947e.yaml b/nuclei-templates/cve-less/plugins/wpcf7-redirect-42471f956508e099a58e2e33212c947e.yaml new file mode 100644 index 0000000000..a1b1ed87a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcf7-redirect-42471f956508e099a58e2e33212c947e.yaml @@ -0,0 +1,58 @@ +id: wpcf7-redirect-42471f956508e099a58e2e33212c947e + +info: + name: > + Redirection for Contact Form 7 <= 2.7.0 - Authenticated(Editor+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/527c344e-870e-4bd9-b111-86cc2821367d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcf7-redirect/" + google-query: inurl:"/wp-content/plugins/wpcf7-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcf7-redirect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcf7-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcf7-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcf7-redirect-7cb2e46e237585083f0f410d32da724a.yaml b/nuclei-templates/cve-less/plugins/wpcf7-redirect-7cb2e46e237585083f0f410d32da724a.yaml new file mode 100644 index 0000000000..7cc5f9ef1f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcf7-redirect-7cb2e46e237585083f0f410d32da724a.yaml @@ -0,0 +1,58 @@ +id: wpcf7-redirect-7cb2e46e237585083f0f410d32da724a + +info: + name: > + Redirection for Contact Form 7 <= 2.3.3 - Authenticated Arbitrary Post Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab8f8370-50bd-48c8-89e1-8b19b51f78b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcf7-redirect/" + google-query: inurl:"/wp-content/plugins/wpcf7-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcf7-redirect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcf7-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcf7-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcf7-redirect-8eae6b3d481165727afe77f464d11a2d.yaml b/nuclei-templates/cve-less/plugins/wpcf7-redirect-8eae6b3d481165727afe77f464d11a2d.yaml new file mode 100644 index 0000000000..fa635265b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcf7-redirect-8eae6b3d481165727afe77f464d11a2d.yaml @@ -0,0 +1,58 @@ +id: wpcf7-redirect-8eae6b3d481165727afe77f464d11a2d + +info: + name: > + Redirection for Contact Form 7 <= 2.4.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/752b9c5f-4c36-4182-9dd4-0e840a727ceb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcf7-redirect/" + google-query: inurl:"/wp-content/plugins/wpcf7-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcf7-redirect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcf7-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcf7-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcf7-redirect-981460190387e68d2f348e5da885ce72.yaml b/nuclei-templates/cve-less/plugins/wpcf7-redirect-981460190387e68d2f348e5da885ce72.yaml new file mode 100644 index 0000000000..be51f67361 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcf7-redirect-981460190387e68d2f348e5da885ce72.yaml @@ -0,0 +1,58 @@ +id: wpcf7-redirect-981460190387e68d2f348e5da885ce72 + +info: + name: > + Redirection for Contact Form 7 <= 2.3.3 - Authenticated Arbitrary Plugin Installation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ee6ffb3-9a4a-4564-bfef-116a12268c3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcf7-redirect/" + google-query: inurl:"/wp-content/plugins/wpcf7-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcf7-redirect,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcf7-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcf7-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcf7-redirect-c6f31211c94f2b3281ba219f5092b473.yaml b/nuclei-templates/cve-less/plugins/wpcf7-redirect-c6f31211c94f2b3281ba219f5092b473.yaml new file mode 100644 index 0000000000..ca1f6ab293 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcf7-redirect-c6f31211c94f2b3281ba219f5092b473.yaml @@ -0,0 +1,58 @@ +id: wpcf7-redirect-c6f31211c94f2b3281ba219f5092b473 + +info: + name: > + Redirection for Contact Form 7 <= 2.4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ec1ce79-bc10-4b04-8e49-15e16e6730a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcf7-redirect/" + google-query: inurl:"/wp-content/plugins/wpcf7-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcf7-redirect,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcf7-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcf7-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcf7-redirect-fc89ed1d43552a7a477f16e3ec9d6e29.yaml b/nuclei-templates/cve-less/plugins/wpcf7-redirect-fc89ed1d43552a7a477f16e3ec9d6e29.yaml new file mode 100644 index 0000000000..0594258a96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcf7-redirect-fc89ed1d43552a7a477f16e3ec9d6e29.yaml @@ -0,0 +1,58 @@ +id: wpcf7-redirect-fc89ed1d43552a7a477f16e3ec9d6e29 + +info: + name: > + Redirection for Contact Form 7 <= 2.9.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cf17c08-25b7-450d-acd9-963a1f79e495?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcf7-redirect/" + google-query: inurl:"/wp-content/plugins/wpcf7-redirect/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcf7-redirect,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcf7-redirect/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcf7-redirect" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcodefactory-helper-e0c846e88f45df5b86f82a30f1ef58f4.yaml b/nuclei-templates/cve-less/plugins/wpcodefactory-helper-e0c846e88f45df5b86f82a30f1ef58f4.yaml new file mode 100644 index 0000000000..7b66d9a7d0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcodefactory-helper-e0c846e88f45df5b86f82a30f1ef58f4.yaml @@ -0,0 +1,58 @@ +id: wpcodefactory-helper-e0c846e88f45df5b86f82a30f1ef58f4 + +info: + name: > + WPFactory Helper <= 1.5.2 - Reflected Cross-Site Scripting via item_slug + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7c77259a-cdf3-4fa0-b468-9e98645293fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcodefactory-helper/" + google-query: inurl:"/wp-content/plugins/wpcodefactory-helper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcodefactory-helper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcodefactory-helper/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcodefactory-helper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcommenttwit-aa2e0c1ddafa9b3b45d0cc288ae14d9b.yaml b/nuclei-templates/cve-less/plugins/wpcommenttwit-aa2e0c1ddafa9b3b45d0cc288ae14d9b.yaml new file mode 100644 index 0000000000..0b89cf9143 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcommenttwit-aa2e0c1ddafa9b3b45d0cc288ae14d9b.yaml @@ -0,0 +1,58 @@ +id: wpcommenttwit-aa2e0c1ddafa9b3b45d0cc288ae14d9b + +info: + name: > + wpCommentTwit Plugin <= 0.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc40be19-9256-4c90-8438-b71b9481625d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcommenttwit/" + google-query: inurl:"/wp-content/plugins/wpcommenttwit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcommenttwit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcommenttwit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcommenttwit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpcomplete-22285771e4513b7b2557db1a144305fd.yaml b/nuclei-templates/cve-less/plugins/wpcomplete-22285771e4513b7b2557db1a144305fd.yaml new file mode 100644 index 0000000000..84b9fea9af --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpcomplete-22285771e4513b7b2557db1a144305fd.yaml @@ -0,0 +1,58 @@ +id: wpcomplete-22285771e4513b7b2557db1a144305fd + +info: + name: > + WPComplete <= 2.9.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e3adbc2-fa45-4c35-a214-2b101e8c9748?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpcomplete/" + google-query: inurl:"/wp-content/plugins/wpcomplete/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpcomplete,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpcomplete/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpcomplete" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.9.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-0c5b7f509db51c1a7230bd37febd24a9.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-0c5b7f509db51c1a7230bd37febd24a9.yaml new file mode 100644 index 0000000000..1bb35baa72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-0c5b7f509db51c1a7230bd37febd24a9.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-0c5b7f509db51c1a7230bd37febd24a9 + +info: + name: > + wpDataTables <= 2.1.27 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bba9e06-4c5b-43e4-a51b-af57c5390c8a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-19cf3f1ecae01908df4ff2c886d4fa04.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-19cf3f1ecae01908df4ff2c886d4fa04.yaml new file mode 100644 index 0000000000..afd39142dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-19cf3f1ecae01908df4ff2c886d4fa04.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-19cf3f1ecae01908df4ff2c886d4fa04 + +info: + name: > + wpDataTables (Premium) <= 3.4.1 - Blind SQL Injection via length Parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16b407ab-9687-4a10-b458-ad39661e4fb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-1cf3419f9a5e9bc6544a37dc3d117609.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-1cf3419f9a5e9bc6544a37dc3d117609.yaml new file mode 100644 index 0000000000..38fb5cded9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-1cf3419f9a5e9bc6544a37dc3d117609.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-1cf3419f9a5e9bc6544a37dc3d117609 + +info: + name: > + wpDataTables (Premium) <= 1.5.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a4ae629-51c8-4acc-bf95-fb0282e88383?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-23d1479acb7980e0e80c8871beec9664.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-23d1479acb7980e0e80c8871beec9664.yaml new file mode 100644 index 0000000000..9e7772b697 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-23d1479acb7980e0e80c8871beec9664.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-23d1479acb7980e0e80c8871beec9664 + +info: + name: > + wpDataTables - Tables & Table Charts <= 2.1.65 - Authenticated(Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0c458644-a799-4bea-abcb-06a946dc19df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.66') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-25ab8b4cfcb0262dc70ad0a958834bfd.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-25ab8b4cfcb0262dc70ad0a958834bfd.yaml new file mode 100644 index 0000000000..6406ce7fc4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-25ab8b4cfcb0262dc70ad0a958834bfd.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-25ab8b4cfcb0262dc70ad0a958834bfd + +info: + name: > + wpDataTables (Premium) <= 3.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/775e9f94-b66d-4c22-81ef-c335c0654f08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-3df29a28a26a7ffb43fd457831c6ecb6.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-3df29a28a26a7ffb43fd457831c6ecb6.yaml new file mode 100644 index 0000000000..71af0d9948 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-3df29a28a26a7ffb43fd457831c6ecb6.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-3df29a28a26a7ffb43fd457831c6ecb6 + +info: + name: > + wpDataTables (Premium) <= 3.4.1 - Improper Access Control leading to Table Permission Takeover + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/103b7db9-1571-4fce-852f-68d5df7ee4ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-46151945d00d6bf25de490ff58da7c2c.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-46151945d00d6bf25de490ff58da7c2c.yaml new file mode 100644 index 0000000000..60878d93bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-46151945d00d6bf25de490ff58da7c2c.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-46151945d00d6bf25de490ff58da7c2c + +info: + name: > + wpDataTables (Premium) <= 3.4.1 - Blind SQL Injection via start Parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/546bd215-61aa-48bd-915e-7ced0128f53d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-597ddaaf7d3e092f9fab20618eafe4bf.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-597ddaaf7d3e092f9fab20618eafe4bf.yaml new file mode 100644 index 0000000000..f9a437f1c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-597ddaaf7d3e092f9fab20618eafe4bf.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-597ddaaf7d3e092f9fab20618eafe4bf + +info: + name: > + wpDataTables Lite plugin <= 2.0.11 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb68f328-3090-487e-bb1f-95fe1571abd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-60aa5e34343915a312cec2a9e0258902.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-60aa5e34343915a312cec2a9e0258902.yaml new file mode 100644 index 0000000000..05c02cf049 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-60aa5e34343915a312cec2a9e0258902.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-60aa5e34343915a312cec2a9e0258902 + +info: + name: > + wpDataTables Lite plugin <= 2.0.11 - SQL injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4831a75-9d2b-4808-8b23-f1e9750fd905?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-63badef136741f64fed4a6df28e08497.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-63badef136741f64fed4a6df28e08497.yaml new file mode 100644 index 0000000000..349a0a288c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-63badef136741f64fed4a6df28e08497.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-63badef136741f64fed4a6df28e08497 + +info: + name: > + wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 - Reflected Cross-Site Scripting. + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-983af3d35ec99acfdee458670c0dbf30.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-983af3d35ec99acfdee458670c0dbf30.yaml new file mode 100644 index 0000000000..aada4bf896 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-983af3d35ec99acfdee458670c0dbf30.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-983af3d35ec99acfdee458670c0dbf30 + +info: + name: > + wpDataTables – WordPress Tables & Table Charts Plugin <= 2.1.27 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59b90bf9-c053-4c70-ab30-e1565a65cbce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-bf60bab5b44140ba04d1559cd2178f30.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-bf60bab5b44140ba04d1559cd2178f30.yaml new file mode 100644 index 0000000000..fc9f1fe07c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-bf60bab5b44140ba04d1559cd2178f30.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-bf60bab5b44140ba04d1559cd2178f30 + +info: + name: > + wpDataTables <= 2.1.49 - Authenticated (Contributor+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e42831f-844d-40dc-965e-80334aab333c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.49') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdatatables-f804d8bbf28112a85600c922c4860868.yaml b/nuclei-templates/cve-less/plugins/wpdatatables-f804d8bbf28112a85600c922c4860868.yaml new file mode 100644 index 0000000000..22527d1c9d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdatatables-f804d8bbf28112a85600c922c4860868.yaml @@ -0,0 +1,58 @@ +id: wpdatatables-f804d8bbf28112a85600c922c4860868 + +info: + name: > + wpDataTables (Premium) <= 3.4.1 - Improper Access Control leading to Table Data Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/203ba9ca-2054-465f-ad93-ff103cade8aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdatatables/" + google-query: inurl:"/wp-content/plugins/wpdatatables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdatatables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdatatables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdatatables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdbspringclean-a5e440b48c52ba08f10c05d92c40559d.yaml b/nuclei-templates/cve-less/plugins/wpdbspringclean-a5e440b48c52ba08f10c05d92c40559d.yaml new file mode 100644 index 0000000000..6c6bb10fee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdbspringclean-a5e440b48c52ba08f10c05d92c40559d.yaml @@ -0,0 +1,58 @@ +id: wpdbspringclean-a5e440b48c52ba08f10c05d92c40559d + +info: + name: > + WPDBSpringClean <= 1.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6627f96-63d6-4f22-9eb7-fb42e748ae38?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdbspringclean/" + google-query: inurl:"/wp-content/plugins/wpdbspringclean/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdbspringclean,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdbspringclean/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdbspringclean" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdeepl-8452e21745012f33387aa8675156e84d.yaml b/nuclei-templates/cve-less/plugins/wpdeepl-8452e21745012f33387aa8675156e84d.yaml new file mode 100644 index 0000000000..a7334159fa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdeepl-8452e21745012f33387aa8675156e84d.yaml @@ -0,0 +1,58 @@ +id: wpdeepl-8452e21745012f33387aa8675156e84d + +info: + name: > + DeepL Pro API translation <= 2.1.4 - Cross-Site Request Forgery via saveSettings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fc58078-7520-4ee7-b5a1-d6a362ac1860?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdeepl/" + google-query: inurl:"/wp-content/plugins/wpdeepl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdeepl,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdeepl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdeepl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdeepl-cc7c61101245515951b3119b10be8047.yaml b/nuclei-templates/cve-less/plugins/wpdeepl-cc7c61101245515951b3119b10be8047.yaml new file mode 100644 index 0000000000..001c94e52e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdeepl-cc7c61101245515951b3119b10be8047.yaml @@ -0,0 +1,58 @@ +id: wpdeepl-cc7c61101245515951b3119b10be8047 + +info: + name: > + DeepL Pro API Translation <= 1.7.4 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06f3c08a-9791-4c66-a173-8bbbb38d05ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdeepl/" + google-query: inurl:"/wp-content/plugins/wpdeepl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdeepl,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdeepl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdeepl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdeepl-e18f5ca4b5b5eca3a99631f697d0e3f8.yaml b/nuclei-templates/cve-less/plugins/wpdeepl-e18f5ca4b5b5eca3a99631f697d0e3f8.yaml new file mode 100644 index 0000000000..7b70762943 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdeepl-e18f5ca4b5b5eca3a99631f697d0e3f8.yaml @@ -0,0 +1,58 @@ +id: wpdeepl-e18f5ca4b5b5eca3a99631f697d0e3f8 + +info: + name: > + DeepL Pro API translation <= 2.4.1.1 - Cross-Site Request Forgery via wpdeepl_prune_logs + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b60cb1af-c9f3-4cea-9699-d66a52eb87eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdeepl/" + google-query: inurl:"/wp-content/plugins/wpdeepl/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdeepl,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdeepl/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdeepl" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdevart-vertical-menu-802460476421cb6c2e180a48c3796054.yaml b/nuclei-templates/cve-less/plugins/wpdevart-vertical-menu-802460476421cb6c2e180a48c3796054.yaml new file mode 100644 index 0000000000..c93eee52ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdevart-vertical-menu-802460476421cb6c2e180a48c3796054.yaml @@ -0,0 +1,58 @@ +id: wpdevart-vertical-menu-802460476421cb6c2e180a48c3796054 + +info: + name: > + Responsive Vertical Icon Menu <= 1.5.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe7f75b4-f315-44f7-8e67-1680eeee3942?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdevart-vertical-menu/" + google-query: inurl:"/wp-content/plugins/wpdevart-vertical-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdevart-vertical-menu,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdevart-vertical-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdevart-vertical-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdevart-vertical-menu-cfda816b6240f8a3b82f71453a31052b.yaml b/nuclei-templates/cve-less/plugins/wpdevart-vertical-menu-cfda816b6240f8a3b82f71453a31052b.yaml new file mode 100644 index 0000000000..29bb18fd89 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdevart-vertical-menu-cfda816b6240f8a3b82f71453a31052b.yaml @@ -0,0 +1,58 @@ +id: wpdevart-vertical-menu-cfda816b6240f8a3b82f71453a31052b + +info: + name: > + Responsive Vertical Icon Menu <= 1.5.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df534aba-242a-45c2-9d1c-6a08b58f8ee7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdevart-vertical-menu/" + google-query: inurl:"/wp-content/plugins/wpdevart-vertical-menu/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdevart-vertical-menu,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdevart-vertical-menu/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdevart-vertical-menu" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdirectorykit-169725f2f4440d7e4d2c8758f176453b.yaml b/nuclei-templates/cve-less/plugins/wpdirectorykit-169725f2f4440d7e4d2c8758f176453b.yaml new file mode 100644 index 0000000000..a34c4591cd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdirectorykit-169725f2f4440d7e4d2c8758f176453b.yaml @@ -0,0 +1,58 @@ +id: wpdirectorykit-169725f2f4440d7e4d2c8758f176453b + +info: + name: > + WP Directory Kit <= 1.2.6 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60083262-198d-4a7d-bb0a-717a744e20f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdirectorykit/" + google-query: inurl:"/wp-content/plugins/wpdirectorykit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdirectorykit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdirectorykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdirectorykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdirectorykit-23de0bb4163d3b6bba768143cf2dcf96.yaml b/nuclei-templates/cve-less/plugins/wpdirectorykit-23de0bb4163d3b6bba768143cf2dcf96.yaml new file mode 100644 index 0000000000..12cba15944 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdirectorykit-23de0bb4163d3b6bba768143cf2dcf96.yaml @@ -0,0 +1,58 @@ +id: wpdirectorykit-23de0bb4163d3b6bba768143cf2dcf96 + +info: + name: > + WP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change/Delete, Demo Import, Directory Kit Modification/Deletion via admin_page_display + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a7a6da3-d67c-42b3-8826-7e7fc9b938b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdirectorykit/" + google-query: inurl:"/wp-content/plugins/wpdirectorykit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdirectorykit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdirectorykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdirectorykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdirectorykit-4885793b2807286a2196897535bf89a5.yaml b/nuclei-templates/cve-less/plugins/wpdirectorykit-4885793b2807286a2196897535bf89a5.yaml new file mode 100644 index 0000000000..fa8c857765 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdirectorykit-4885793b2807286a2196897535bf89a5.yaml @@ -0,0 +1,58 @@ +id: wpdirectorykit-4885793b2807286a2196897535bf89a5 + +info: + name: > + WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87399a07-d2d8-42cd-81f0-9060f6cfff48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdirectorykit/" + google-query: inurl:"/wp-content/plugins/wpdirectorykit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdirectorykit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdirectorykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdirectorykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdirectorykit-4b446531318d71c375cbec3251c138e5.yaml b/nuclei-templates/cve-less/plugins/wpdirectorykit-4b446531318d71c375cbec3251c138e5.yaml new file mode 100644 index 0000000000..970f354bfd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdirectorykit-4b446531318d71c375cbec3251c138e5.yaml @@ -0,0 +1,58 @@ +id: wpdirectorykit-4b446531318d71c375cbec3251c138e5 + +info: + name: > + WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50c5154c-1573-4c2b-85a1-a89bdb22dc7d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdirectorykit/" + google-query: inurl:"/wp-content/plugins/wpdirectorykit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdirectorykit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdirectorykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdirectorykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdirectorykit-504a39994c84bd2792f780a53fd144b4.yaml b/nuclei-templates/cve-less/plugins/wpdirectorykit-504a39994c84bd2792f780a53fd144b4.yaml new file mode 100644 index 0000000000..0c87a413c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdirectorykit-504a39994c84bd2792f780a53fd144b4.yaml @@ -0,0 +1,58 @@ +id: wpdirectorykit-504a39994c84bd2792f780a53fd144b4 + +info: + name: > + WP Directory Kit <= 1.2.3 - Reflected Cross-Site Scripting via 'search' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/847f1c00-0e8f-4d38-84af-fe959e2efe5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdirectorykit/" + google-query: inurl:"/wp-content/plugins/wpdirectorykit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdirectorykit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdirectorykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdirectorykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdirectorykit-6bec264de722325d8055d26873b10d23.yaml b/nuclei-templates/cve-less/plugins/wpdirectorykit-6bec264de722325d8055d26873b10d23.yaml new file mode 100644 index 0000000000..517d7e53e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdirectorykit-6bec264de722325d8055d26873b10d23.yaml @@ -0,0 +1,58 @@ +id: wpdirectorykit-6bec264de722325d8055d26873b10d23 + +info: + name: > + WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/09b315e6-d973-467d-8b8d-4b7b4a7ca3f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdirectorykit/" + google-query: inurl:"/wp-content/plugins/wpdirectorykit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdirectorykit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdirectorykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdirectorykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdirectorykit-85863960848d10abf7509addf7ced106.yaml b/nuclei-templates/cve-less/plugins/wpdirectorykit-85863960848d10abf7509addf7ced106.yaml new file mode 100644 index 0000000000..30ac106296 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdirectorykit-85863960848d10abf7509addf7ced106.yaml @@ -0,0 +1,58 @@ +id: wpdirectorykit-85863960848d10abf7509addf7ced106 + +info: + name: > + WP Directory Kit <= 1.2.2 - Missing Authorization to Plugin Installation, Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_public_action + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abb1a758-5c16-4841-b1c7-0705ab16b328?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdirectorykit/" + google-query: inurl:"/wp-content/plugins/wpdirectorykit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdirectorykit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdirectorykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdirectorykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdirectorykit-b5f02e86b0a4e22a4260a76da5ba5c23.yaml b/nuclei-templates/cve-less/plugins/wpdirectorykit-b5f02e86b0a4e22a4260a76da5ba5c23.yaml new file mode 100644 index 0000000000..a16d533c56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdirectorykit-b5f02e86b0a4e22a4260a76da5ba5c23.yaml @@ -0,0 +1,58 @@ +id: wpdirectorykit-b5f02e86b0a4e22a4260a76da5ba5c23 + +info: + name: > + WP Directory Kit <= 1.2.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b40070af-3f2c-4bd1-bd33-1a0aa37c6e62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdirectorykit/" + google-query: inurl:"/wp-content/plugins/wpdirectorykit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdirectorykit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdirectorykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdirectorykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdirectorykit-de6c40221b62e856a02b07f7a8b63ef2.yaml b/nuclei-templates/cve-less/plugins/wpdirectorykit-de6c40221b62e856a02b07f7a8b63ef2.yaml new file mode 100644 index 0000000000..fed03460da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdirectorykit-de6c40221b62e856a02b07f7a8b63ef2.yaml @@ -0,0 +1,58 @@ +id: wpdirectorykit-de6c40221b62e856a02b07f7a8b63ef2 + +info: + name: > + WP Directory Kit <= 1.1.9 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f01ee24-544b-45cb-9cf3-7db8263d8e54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdirectorykit/" + google-query: inurl:"/wp-content/plugins/wpdirectorykit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdirectorykit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdirectorykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdirectorykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdirectorykit-f5cbed8041a7afd2170e85e7e9cafc79.yaml b/nuclei-templates/cve-less/plugins/wpdirectorykit-f5cbed8041a7afd2170e85e7e9cafc79.yaml new file mode 100644 index 0000000000..4a6d12174e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdirectorykit-f5cbed8041a7afd2170e85e7e9cafc79.yaml @@ -0,0 +1,58 @@ +id: wpdirectorykit-f5cbed8041a7afd2170e85e7e9cafc79 + +info: + name: > + WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82c6ed2f-20e8-46d1-a460-16d32b7536cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdirectorykit/" + google-query: inurl:"/wp-content/plugins/wpdirectorykit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdirectorykit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdirectorykit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdirectorykit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-0bc93e8d9149869cc1871c88dbbfb381.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-0bc93e8d9149869cc1871c88dbbfb381.yaml new file mode 100644 index 0000000000..3b7bd52d07 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-0bc93e8d9149869cc1871c88dbbfb381.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-0bc93e8d9149869cc1871c88dbbfb381 + +info: + name: > + Comments - wpDiscuz <= 7.3.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/afbf555a-1b70-4966-9b05-46e9de04e660?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-16a0db053a94923b7846b57810e1f6c8.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-16a0db053a94923b7846b57810e1f6c8.yaml new file mode 100644 index 0000000000..1de83ee8bd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-16a0db053a94923b7846b57810e1f6c8.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-16a0db053a94923b7846b57810e1f6c8 + +info: + name: > + wpDiscuz <= 7.6.15 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Alternative Text + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3eddc03d-ecff-4b50-a574-7b6b62e53af0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-1ed3919ab7a486f4e9a15463ad8bff96.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-1ed3919ab7a486f4e9a15463ad8bff96.yaml new file mode 100644 index 0000000000..c1134891ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-1ed3919ab7a486f4e9a15463ad8bff96.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-1ed3919ab7a486f4e9a15463ad8bff96 + +info: + name: > + wpDiscuz <= 7.6.3 - Authenticated(Author+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/359c573f-7031-4f56-b66f-c37339667aca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-223865afe5d53909b5b1a1c4a2e94a6b.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-223865afe5d53909b5b1a1c4a2e94a6b.yaml new file mode 100644 index 0000000000..e3a77081d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-223865afe5d53909b5b1a1c4a2e94a6b.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-223865afe5d53909b5b1a1c4a2e94a6b + +info: + name: > + wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d09bdab-ffab-44cc-bba2-821b21a8e343?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-51bab80f0c546820e2f032bc9393b40e.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-51bab80f0c546820e2f032bc9393b40e.yaml new file mode 100644 index 0000000000..29bee10584 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-51bab80f0c546820e2f032bc9393b40e.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-51bab80f0c546820e2f032bc9393b40e + +info: + name: > + wpDiscuz <= 7.6.11 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53af9dfd-eb2d-4f6f-b02f-daf790b95f1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-5a55693edc24427d1f47532bb94de1b0.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-5a55693edc24427d1f47532bb94de1b0.yaml new file mode 100644 index 0000000000..eb37568550 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-5a55693edc24427d1f47532bb94de1b0.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-5a55693edc24427d1f47532bb94de1b0 + +info: + name: > + Comments - wpDiscuz 7.0 - 7.0.4 - Unauthenticated Arbitrary File Upload leading to Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc3efc42-7cf5-4dcd-9653-891deaae19c3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 7.0', '<= 7.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-6c13f07e879053414ff6baeb7933d2d9.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-6c13f07e879053414ff6baeb7933d2d9.yaml new file mode 100644 index 0000000000..9915bcfb38 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-6c13f07e879053414ff6baeb7933d2d9.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-6c13f07e879053414ff6baeb7933d2d9 + +info: + name: > + Comments – wpDiscuz <= 7.4.2 - Insecure Direct Object References + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7782522-78bc-4ad2-997e-81c8870d55fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-6fc4af928f6f064abafe70a5e89e72c3.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-6fc4af928f6f064abafe70a5e89e72c3.yaml new file mode 100644 index 0000000000..7414e17cba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-6fc4af928f6f064abafe70a5e89e72c3.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-6fc4af928f6f064abafe70a5e89e72c3 + +info: + name: > + Comments - wpDiscuz <= 7.3.3 - Arbitrary Comment Addition/Edition/Deletion by Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e641453c-8fa0-4b44-b912-b797aeae1795?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-80cc11249951d77617837d489d137970.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-80cc11249951d77617837d489d137970.yaml new file mode 100644 index 0000000000..94ea263093 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-80cc11249951d77617837d489d137970.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-80cc11249951d77617837d489d137970 + +info: + name: > + wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase/Decrease + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b30ac1b0-eae2-4194-bf8e-ae73b4236965?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-8e49820ed6d4efe09269732fec37b1be.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-8e49820ed6d4efe09269732fec37b1be.yaml new file mode 100644 index 0000000000..b5b0a60d3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-8e49820ed6d4efe09269732fec37b1be.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-8e49820ed6d4efe09269732fec37b1be + +info: + name: > + wpDiscuz <= 7.6.10 - Insufficient Authorization to Comment Submission on Deleted Posts + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a1fe36b-75d2-48c3-bfac-af965eb9363f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-a0549630b70baaa25b54d3a02da3e3cd.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-a0549630b70baaa25b54d3a02da3e3cd.yaml new file mode 100644 index 0000000000..e1c0d77513 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-a0549630b70baaa25b54d3a02da3e3cd.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-a0549630b70baaa25b54d3a02da3e3cd + +info: + name: > + Comments - wpDiscuz <= 5.3.5 - Blind SQL Injection via order Parameter + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79b0a90b-5b75-4757-bd7b-909350f54175?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-a9411edebf4b02260a501cf288486160.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-a9411edebf4b02260a501cf288486160.yaml new file mode 100644 index 0000000000..32de1b0643 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-a9411edebf4b02260a501cf288486160.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-a9411edebf4b02260a501cf288486160 + +info: + name: > + wpDiscuz <= 7.6.10 - Unauthenticated Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fa1299e-308e-47ea-843c-c76b8a412ce9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-b26f381c9f7354f3462011430c6f3516.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-b26f381c9f7354f3462011430c6f3516.yaml new file mode 100644 index 0000000000..825f8826a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-b26f381c9f7354f3462011430c6f3516.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-b26f381c9f7354f3462011430c6f3516 + +info: + name: > + wpDiscuz <= 7.6.3 - Missing Authorization via AJAX actions + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4e8ad3c1-549b-4401-8cf4-a8b7f81fbc11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-bb1322086ee5fb78a847811248987555.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-bb1322086ee5fb78a847811248987555.yaml new file mode 100644 index 0000000000..3eae75db64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-bb1322086ee5fb78a847811248987555.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-bb1322086ee5fb78a847811248987555 + +info: + name: > + wpDiscuz <= 7.6.12 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f68bc7e9-3bfe-4b2f-82a1-92bbde1a133a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-d7dc7eb24d3a5429c846eb87b8592531.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-d7dc7eb24d3a5429c846eb87b8592531.yaml new file mode 100644 index 0000000000..3011626b18 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-d7dc7eb24d3a5429c846eb87b8592531.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-d7dc7eb24d3a5429c846eb87b8592531 + +info: + name: > + wpDiscuz <= 7.6.11 - Unauthenticated Stored Cross-Site Scripting via Comment Uploaded Image Filename + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/026ff6f4-077e-4fee-8fbe-8176f8ca5af3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdiscuz-f66d967d74fa7c849a46bb1299b2eece.yaml b/nuclei-templates/cve-less/plugins/wpdiscuz-f66d967d74fa7c849a46bb1299b2eece.yaml new file mode 100644 index 0000000000..d14933defa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdiscuz-f66d967d74fa7c849a46bb1299b2eece.yaml @@ -0,0 +1,58 @@ +id: wpdiscuz-f66d967d74fa7c849a46bb1299b2eece + +info: + name: > + Comments - wpDiscuz <= 7.3.11 Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d3771ee-b664-4416-93b7-96ab1e3510cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdiscuz/" + google-query: inurl:"/wp-content/plugins/wpdiscuz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdiscuz,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdiscuz/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdiscuz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdm-gutenberg-blocks-5096ea0bd77ac20a45ea75149ea1f0e9.yaml b/nuclei-templates/cve-less/plugins/wpdm-gutenberg-blocks-5096ea0bd77ac20a45ea75149ea1f0e9.yaml new file mode 100644 index 0000000000..433ffc41bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdm-gutenberg-blocks-5096ea0bd77ac20a45ea75149ea1f0e9.yaml @@ -0,0 +1,58 @@ +id: wpdm-gutenberg-blocks-5096ea0bd77ac20a45ea75149ea1f0e9 + +info: + name: > + Gutenberge Blocks <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f090e1f1-2713-4f3a-b908-9407c242fdf9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdm-gutenberg-blocks/" + google-query: inurl:"/wp-content/plugins/wpdm-gutenberg-blocks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdm-gutenberg-blocks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdm-gutenberg-blocks/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdm-gutenberg-blocks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdm-premium-packages-1a67baf6167d3af7ea57dc54d855070a.yaml b/nuclei-templates/cve-less/plugins/wpdm-premium-packages-1a67baf6167d3af7ea57dc54d855070a.yaml new file mode 100644 index 0000000000..20d8e50523 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdm-premium-packages-1a67baf6167d3af7ea57dc54d855070a.yaml @@ -0,0 +1,58 @@ +id: wpdm-premium-packages-1a67baf6167d3af7ea57dc54d855070a + +info: + name: > + Premium Packages - Sell Digital Products Securely <= 5.7.4 - Arbitrary User Meta Update to Authenticated (Subscriber+) Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82137302-60ca-44d5-b087-dc96e2815fca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdm-premium-packages/" + google-query: inurl:"/wp-content/plugins/wpdm-premium-packages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdm-premium-packages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdm-premium-packages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdm-premium-packages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpdm-premium-packages-9cbb5db009f771b1f71dcb8eaf85d7e6.yaml b/nuclei-templates/cve-less/plugins/wpdm-premium-packages-9cbb5db009f771b1f71dcb8eaf85d7e6.yaml new file mode 100644 index 0000000000..ef6d889e43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpdm-premium-packages-9cbb5db009f771b1f71dcb8eaf85d7e6.yaml @@ -0,0 +1,58 @@ +id: wpdm-premium-packages-9cbb5db009f771b1f71dcb8eaf85d7e6 + +info: + name: > + Premium Packages <= 5.8.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7df2996f-bc0e-4608-a80e-6167ac26469a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpdm-premium-packages/" + google-query: inurl:"/wp-content/plugins/wpdm-premium-packages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpdm-premium-packages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpdm-premium-packages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpdm-premium-packages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpematico-ce2aa47cca210105b9ad928ad1c57540.yaml b/nuclei-templates/cve-less/plugins/wpematico-ce2aa47cca210105b9ad928ad1c57540.yaml new file mode 100644 index 0000000000..ffe3803143 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpematico-ce2aa47cca210105b9ad928ad1c57540.yaml @@ -0,0 +1,58 @@ +id: wpematico-ce2aa47cca210105b9ad928ad1c57540 + +info: + name: > + WPeMatico RSS Feed Fetcher <= 2.6.11 - Admin+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a62a3a71-0dbb-48d6-ba1a-f218fefac871?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpematico/" + google-query: inurl:"/wp-content/plugins/wpematico/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpematico,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpematico/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpematico" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforms-1c7acc022622f36ca344db11dcebaddf.yaml b/nuclei-templates/cve-less/plugins/wpforms-1c7acc022622f36ca344db11dcebaddf.yaml new file mode 100644 index 0000000000..4946047019 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforms-1c7acc022622f36ca344db11dcebaddf.yaml @@ -0,0 +1,58 @@ +id: wpforms-1c7acc022622f36ca344db11dcebaddf + +info: + name: > + WPForms Pro 1.8.4 - 1.8.5.3 - Unauthenticated Stored Cross-Site Scripting via Form Submission + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31c080b8-ba00-4e96-8961-2a1c3a017004?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforms/" + google-query: inurl:"/wp-content/plugins/wpforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.8.4', '<= 1.8.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforms-4ca7bd0e8f61ffa08f04711e58090827.yaml b/nuclei-templates/cve-less/plugins/wpforms-4ca7bd0e8f61ffa08f04711e58090827.yaml new file mode 100644 index 0000000000..51a1e95214 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforms-4ca7bd0e8f61ffa08f04711e58090827.yaml @@ -0,0 +1,58 @@ +id: wpforms-4ca7bd0e8f61ffa08f04711e58090827 + +info: + name: > + WPForms Pro <= 1.7.6 - CSV Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01cfe0da-0ffc-4046-b58a-a31f5d10d1bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforms/" + google-query: inurl:"/wp-content/plugins/wpforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforms-7a378944e613d1b359a5928a9883a2f4.yaml b/nuclei-templates/cve-less/plugins/wpforms-7a378944e613d1b359a5928a9883a2f4.yaml new file mode 100644 index 0000000000..2c08d0231d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforms-7a378944e613d1b359a5928a9883a2f4.yaml @@ -0,0 +1,58 @@ +id: wpforms-7a378944e613d1b359a5928a9883a2f4 + +info: + name: > + Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b10303e0-c864-4088-91d1-d38c24094812?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforms/" + google-query: inurl:"/wp-content/plugins/wpforms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforms-lite-220dd315bf8421f9ddbac8301f226083.yaml b/nuclei-templates/cve-less/plugins/wpforms-lite-220dd315bf8421f9ddbac8301f226083.yaml new file mode 100644 index 0000000000..893a790674 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforms-lite-220dd315bf8421f9ddbac8301f226083.yaml @@ -0,0 +1,58 @@ +id: wpforms-lite-220dd315bf8421f9ddbac8301f226083 + +info: + name: > + Contact Form by WPForms – Drag & Drop Form Builder for WordPress <= 1.8.7.2 - Unauthenticated Price Manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68a509ae-9943-4b9a-8ede-2b5732e96e6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforms-lite/" + google-query: inurl:"/wp-content/plugins/wpforms-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforms-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforms-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforms-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforms-lite-3833fde53c02f881d8b11d577a449782.yaml b/nuclei-templates/cve-less/plugins/wpforms-lite-3833fde53c02f881d8b11d577a449782.yaml new file mode 100644 index 0000000000..8a850480bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforms-lite-3833fde53c02f881d8b11d577a449782.yaml @@ -0,0 +1,58 @@ +id: wpforms-lite-3833fde53c02f881d8b11d577a449782 + +info: + name: > + Contact Form by WPForms <= 1.5.8.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7633efe4-f914-4683-a79b-baaa60975282?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforms-lite/" + google-query: inurl:"/wp-content/plugins/wpforms-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforms-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforms-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforms-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforms-lite-7a378944e613d1b359a5928a9883a2f4.yaml b/nuclei-templates/cve-less/plugins/wpforms-lite-7a378944e613d1b359a5928a9883a2f4.yaml new file mode 100644 index 0000000000..b0036acf77 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforms-lite-7a378944e613d1b359a5928a9883a2f4.yaml @@ -0,0 +1,58 @@ +id: wpforms-lite-7a378944e613d1b359a5928a9883a2f4 + +info: + name: > + Contact Form by WPForms (Free and Premium) <= 1.8.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b10303e0-c864-4088-91d1-d38c24094812?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforms-lite/" + google-query: inurl:"/wp-content/plugins/wpforms-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforms-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforms-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforms-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-026833d334ad1214ad9b4e4b3b4251a9.yaml b/nuclei-templates/cve-less/plugins/wpforo-026833d334ad1214ad9b4e4b3b4251a9.yaml new file mode 100644 index 0000000000..76d517c6d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-026833d334ad1214ad9b4e4b3b4251a9.yaml @@ -0,0 +1,58 @@ +id: wpforo-026833d334ad1214ad9b4e4b3b4251a9 + +info: + name: > + wpForo Forum <= 2.2.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71078aaf-9803-4b46-bc94-dbcb43745629?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-038a878abb8f9607405d070f7e55bf0f.yaml b/nuclei-templates/cve-less/plugins/wpforo-038a878abb8f9607405d070f7e55bf0f.yaml new file mode 100644 index 0000000000..dfed8aca90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-038a878abb8f9607405d070f7e55bf0f.yaml @@ -0,0 +1,58 @@ +id: wpforo-038a878abb8f9607405d070f7e55bf0f + +info: + name: > + wpForo Forum < 1.4.12 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3155f8ba-b50e-490c-81bd-4a63142f164b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-0974ad31ae0ff4ed4780871fa5a19327.yaml b/nuclei-templates/cve-less/plugins/wpforo-0974ad31ae0ff4ed4780871fa5a19327.yaml new file mode 100644 index 0000000000..e460d84b6e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-0974ad31ae0ff4ed4780871fa5a19327.yaml @@ -0,0 +1,58 @@ +id: wpforo-0974ad31ae0ff4ed4780871fa5a19327 + +info: + name: > + wpForo Forum <= 1.6.5 - Cross-Site Scripting via wpf-dw-td-value class + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89a6aab0-e85b-4604-b911-03a01c5cca13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-180565f2bb1ffb1d14acebaf2b798b98.yaml b/nuclei-templates/cve-less/plugins/wpforo-180565f2bb1ffb1d14acebaf2b798b98.yaml new file mode 100644 index 0000000000..1ab6c56bb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-180565f2bb1ffb1d14acebaf2b798b98.yaml @@ -0,0 +1,58 @@ +id: wpforo-180565f2bb1ffb1d14acebaf2b798b98 + +info: + name: > + wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07c01ab7-8bf8-4aa5-b5e6-8e47a3bf1f7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-472cf1af897e591100ceb6b96fb80de8.yaml b/nuclei-templates/cve-less/plugins/wpforo-472cf1af897e591100ceb6b96fb80de8.yaml new file mode 100644 index 0000000000..2fa97ccef0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-472cf1af897e591100ceb6b96fb80de8.yaml @@ -0,0 +1,58 @@ +id: wpforo-472cf1af897e591100ceb6b96fb80de8 + +info: + name: > + wpForo Forum <= 1.4.12 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fea6ddd5-f168-471c-99eb-efc46d1bfeb9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-51d849db0aa0f9961d0bb5eb2d81e11e.yaml b/nuclei-templates/cve-less/plugins/wpforo-51d849db0aa0f9961d0bb5eb2d81e11e.yaml new file mode 100644 index 0000000000..e0f924fe2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-51d849db0aa0f9961d0bb5eb2d81e11e.yaml @@ -0,0 +1,58 @@ +id: wpforo-51d849db0aa0f9961d0bb5eb2d81e11e + +info: + name: > + wpForo Forum <= 2.2.3 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01f4318f-b56b-4a34-987b-05edeee5da69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-5e08a8bcdaa0ffc86e373916165d670a.yaml b/nuclei-templates/cve-less/plugins/wpforo-5e08a8bcdaa0ffc86e373916165d670a.yaml new file mode 100644 index 0000000000..a1bd23f7ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-5e08a8bcdaa0ffc86e373916165d670a.yaml @@ -0,0 +1,58 @@ +id: wpforo-5e08a8bcdaa0ffc86e373916165d670a + +info: + name: > + wpForo < = 1.5.1 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44ba3eee-525e-46ba-ae02-6f7a28f80c50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-5fc70b9a54a47a4a18b6ce16ce7c23ba.yaml b/nuclei-templates/cve-less/plugins/wpforo-5fc70b9a54a47a4a18b6ce16ce7c23ba.yaml new file mode 100644 index 0000000000..5f3dbb70bb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-5fc70b9a54a47a4a18b6ce16ce7c23ba.yaml @@ -0,0 +1,58 @@ +id: wpforo-5fc70b9a54a47a4a18b6ce16ce7c23ba + +info: + name: > + wpForo Forum <= 2.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ce1a40f-1489-42be-963e-052274a56e47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-7796a6543f11d887deb3ec9c31928648.yaml b/nuclei-templates/cve-less/plugins/wpforo-7796a6543f11d887deb3ec9c31928648.yaml new file mode 100644 index 0000000000..e1daf3f079 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-7796a6543f11d887deb3ec9c31928648.yaml @@ -0,0 +1,58 @@ +id: wpforo-7796a6543f11d887deb3ec9c31928648 + +info: + name: > + wpForo Forum <= 2.0.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca46ea28-3115-4db1-8aeb-cbef731b0376?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-86ba8169e30edfd0fbeaaac7e702dfce.yaml b/nuclei-templates/cve-less/plugins/wpforo-86ba8169e30edfd0fbeaaac7e702dfce.yaml new file mode 100644 index 0000000000..ba558aa74f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-86ba8169e30edfd0fbeaaac7e702dfce.yaml @@ -0,0 +1,58 @@ +id: wpforo-86ba8169e30edfd0fbeaaac7e702dfce + +info: + name: > + wpForo Forum <= 2.1.7 - Authenticated (Subscriber+) Local File Include, Server-Side Request Forgery, and PHAR Deserialization via file_get_contents + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/800fa098-b29f-4979-b7bd-b1186a4dafcb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-b1ced039ec3e12066bd1cc12c97938c8.yaml b/nuclei-templates/cve-less/plugins/wpforo-b1ced039ec3e12066bd1cc12c97938c8.yaml new file mode 100644 index 0000000000..3c3f2de2aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-b1ced039ec3e12066bd1cc12c97938c8.yaml @@ -0,0 +1,58 @@ +id: wpforo-b1ced039ec3e12066bd1cc12c97938c8 + +info: + name: > + wpForo Forum <= 2.0.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a313f4d0-fd9e-47f1-99eb-351a2aff9bea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-c0b1c2357ac077725cbe857dcad08e43.yaml b/nuclei-templates/cve-less/plugins/wpforo-c0b1c2357ac077725cbe857dcad08e43.yaml new file mode 100644 index 0000000000..f2f334c355 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-c0b1c2357ac077725cbe857dcad08e43.yaml @@ -0,0 +1,58 @@ +id: wpforo-c0b1c2357ac077725cbe857dcad08e43 + +info: + name: > + wpForo Forum <= 1.9.6 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebf84c6a-fd6c-4113-91ff-27c7564cabdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-c32ce9a33cb4b84bfdebec18aaf08699.yaml b/nuclei-templates/cve-less/plugins/wpforo-c32ce9a33cb4b84bfdebec18aaf08699.yaml new file mode 100644 index 0000000000..57a76a50a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-c32ce9a33cb4b84bfdebec18aaf08699.yaml @@ -0,0 +1,58 @@ +id: wpforo-c32ce9a33cb4b84bfdebec18aaf08699 + +info: + name: > + wpForo Forum <= 2.2.5 - Cross-Site Request Forgery via logout() + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bce40ee-c378-4a44-9c5d-d83151975309?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-c9f41d227d49a467420a82298376145f.yaml b/nuclei-templates/cve-less/plugins/wpforo-c9f41d227d49a467420a82298376145f.yaml new file mode 100644 index 0000000000..9fbbc95b95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-c9f41d227d49a467420a82298376145f.yaml @@ -0,0 +1,58 @@ +id: wpforo-c9f41d227d49a467420a82298376145f + +info: + name: > + wpForo Forum <= 1.6.5 - Cross-Site Scripting via langid parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15967a0f-2512-4418-b503-b9d53032d40f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-cc42a23c3489a21703ade49d1baae26a.yaml b/nuclei-templates/cve-less/plugins/wpforo-cc42a23c3489a21703ade49d1baae26a.yaml new file mode 100644 index 0000000000..2b2e72dd8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-cc42a23c3489a21703ade49d1baae26a.yaml @@ -0,0 +1,58 @@ +id: wpforo-cc42a23c3489a21703ade49d1baae26a + +info: + name: > + wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Privacy Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e35be8ee-81a3-42ce-8304-992bc75663fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-d2f0460858f178a35a9b0566104e93cb.yaml b/nuclei-templates/cve-less/plugins/wpforo-d2f0460858f178a35a9b0566104e93cb.yaml new file mode 100644 index 0000000000..97275656cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-d2f0460858f178a35a9b0566104e93cb.yaml @@ -0,0 +1,58 @@ +id: wpforo-d2f0460858f178a35a9b0566104e93cb + +info: + name: > + wpForo Forum <= 2.0.5 - Insecure Direct Object Reference to Forum Status Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee78642c-ad2a-4012-94e8-e01f71863791?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-dcbc26c1e59709ba0a55cede543653d5.yaml b/nuclei-templates/cve-less/plugins/wpforo-dcbc26c1e59709ba0a55cede543653d5.yaml new file mode 100644 index 0000000000..b57905f5fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-dcbc26c1e59709ba0a55cede543653d5.yaml @@ -0,0 +1,58 @@ +id: wpforo-dcbc26c1e59709ba0a55cede543653d5 + +info: + name: > + wpForo Forum <= 1.6.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bee82d8-d019-450b-b532-5b3e2e3aff6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-df308cf6b44530f23e6aa9e16f45633a.yaml b/nuclei-templates/cve-less/plugins/wpforo-df308cf6b44530f23e6aa9e16f45633a.yaml new file mode 100644 index 0000000000..eaa22a6fbb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-df308cf6b44530f23e6aa9e16f45633a.yaml @@ -0,0 +1,58 @@ +id: wpforo-df308cf6b44530f23e6aa9e16f45633a + +info: + name: > + wpForo Forum <= 2.0.9 - Authenticated (Subscriber+) HTML Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83cb1333-3c74-426d-9838-a5cb90be29b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-e0fff88ad101eb2ee95866f7be5ec00c.yaml b/nuclei-templates/cve-less/plugins/wpforo-e0fff88ad101eb2ee95866f7be5ec00c.yaml new file mode 100644 index 0000000000..df98afc498 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-e0fff88ad101eb2ee95866f7be5ec00c.yaml @@ -0,0 +1,58 @@ +id: wpforo-e0fff88ad101eb2ee95866f7be5ec00c + +info: + name: > + wpForo Forum <= 2.1.8 - Reflected Cross-Site Scripting via 'wpforo_debug' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35b6a26a-d7c1-4538-87f3-fcb1095797a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-e5552ad191b551e3319c3d216b7466cf.yaml b/nuclei-templates/cve-less/plugins/wpforo-e5552ad191b551e3319c3d216b7466cf.yaml new file mode 100644 index 0000000000..171f602c3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-e5552ad191b551e3319c3d216b7466cf.yaml @@ -0,0 +1,58 @@ +id: wpforo-e5552ad191b551e3319c3d216b7466cf + +info: + name: > + wpForo Forum <= 1.6.5 - Cross-Site Scripting via s parameter + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c65619-e96c-47e1-b42a-a85d0b5237d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpforo-ee5b4c2ac22e2de04acc625e8a8d31f3.yaml b/nuclei-templates/cve-less/plugins/wpforo-ee5b4c2ac22e2de04acc625e8a8d31f3.yaml new file mode 100644 index 0000000000..7ceb27cbb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpforo-ee5b4c2ac22e2de04acc625e8a8d31f3.yaml @@ -0,0 +1,58 @@ +id: wpforo-ee5b4c2ac22e2de04acc625e8a8d31f3 + +info: + name: > + wpForo Forum <= 2.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5607a60e-a04a-4d28-bb04-bdacf8e97c56?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpforo/" + google-query: inurl:"/wp-content/plugins/wpforo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpforo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpforo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpforo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfrom-email-f018dd006c86a273640a9091528e99af.yaml b/nuclei-templates/cve-less/plugins/wpfrom-email-f018dd006c86a273640a9091528e99af.yaml new file mode 100644 index 0000000000..e70b1cfd7f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfrom-email-f018dd006c86a273640a9091528e99af.yaml @@ -0,0 +1,58 @@ +id: wpfrom-email-f018dd006c86a273640a9091528e99af + +info: + name: > + WPFrom Email <= 1.8.8 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24a041d0-d443-453d-bd7d-65cceee48b14?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfrom-email/" + google-query: inurl:"/wp-content/plugins/wpfrom-email/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfrom-email,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfrom-email/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfrom-email" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfront-notification-bar-450b5eb205eb4e03e4e00eea052c76d9.yaml b/nuclei-templates/cve-less/plugins/wpfront-notification-bar-450b5eb205eb4e03e4e00eea052c76d9.yaml new file mode 100644 index 0000000000..588e8ae816 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfront-notification-bar-450b5eb205eb4e03e4e00eea052c76d9.yaml @@ -0,0 +1,58 @@ +id: wpfront-notification-bar-450b5eb205eb4e03e4e00eea052c76d9 + +info: + name: > + WPFront Notification Bar <= 3.3.2 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16b37992-a87e-42bb-ab0f-cb32506874e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfront-notification-bar/" + google-query: inurl:"/wp-content/plugins/wpfront-notification-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfront-notification-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfront-notification-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfront-notification-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfront-notification-bar-88bd79040ab3368b09f14c252d140de8.yaml b/nuclei-templates/cve-less/plugins/wpfront-notification-bar-88bd79040ab3368b09f14c252d140de8.yaml new file mode 100644 index 0000000000..e286442c5f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfront-notification-bar-88bd79040ab3368b09f14c252d140de8.yaml @@ -0,0 +1,58 @@ +id: wpfront-notification-bar-88bd79040ab3368b09f14c252d140de8 + +info: + name: > + WPFront Notification Bar <= 2.0.0 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97396207-4892-4d1a-8740-3000484f1317?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfront-notification-bar/" + google-query: inurl:"/wp-content/plugins/wpfront-notification-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfront-notification-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfront-notification-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfront-notification-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfront-notification-bar-994b2a0046a121a24de62a7ef6f747b0.yaml b/nuclei-templates/cve-less/plugins/wpfront-notification-bar-994b2a0046a121a24de62a7ef6f747b0.yaml new file mode 100644 index 0000000000..0ba1690fe9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfront-notification-bar-994b2a0046a121a24de62a7ef6f747b0.yaml @@ -0,0 +1,58 @@ +id: wpfront-notification-bar-994b2a0046a121a24de62a7ef6f747b0 + +info: + name: > + WPFront Notification Bar <= 1.9.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58bdd837-adae-4fa9-9ca3-00633a6a1ede?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfront-notification-bar/" + google-query: inurl:"/wp-content/plugins/wpfront-notification-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfront-notification-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfront-notification-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfront-notification-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfront-notification-bar-b0586fa88a487c798158f25ead9b6004.yaml b/nuclei-templates/cve-less/plugins/wpfront-notification-bar-b0586fa88a487c798158f25ead9b6004.yaml new file mode 100644 index 0000000000..d18ad9a502 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfront-notification-bar-b0586fa88a487c798158f25ead9b6004.yaml @@ -0,0 +1,58 @@ +id: wpfront-notification-bar-b0586fa88a487c798158f25ead9b6004 + +info: + name: > + WPFront Notification Bar <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via wpfront-notification-bar-options[custom_class] + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19a5a9f3-637c-42af-9775-5651a14cf516?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfront-notification-bar/" + google-query: inurl:"/wp-content/plugins/wpfront-notification-bar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfront-notification-bar,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfront-notification-bar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfront-notification-bar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfront-scroll-top-357b47caf5db9e0098a5f7a1e50f8dc7.yaml b/nuclei-templates/cve-less/plugins/wpfront-scroll-top-357b47caf5db9e0098a5f7a1e50f8dc7.yaml new file mode 100644 index 0000000000..deaefe75ad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfront-scroll-top-357b47caf5db9e0098a5f7a1e50f8dc7.yaml @@ -0,0 +1,58 @@ +id: wpfront-scroll-top-357b47caf5db9e0098a5f7a1e50f8dc7 + +info: + name: > + WPFront Scroll Top <= 2.0.5 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adb84461-6675-497f-ac53-cf72bd4c17bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfront-scroll-top/" + google-query: inurl:"/wp-content/plugins/wpfront-scroll-top/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfront-scroll-top,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfront-scroll-top/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfront-scroll-top" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfront-user-role-editor-42deb2684c3eba9205d231d5d23306bf.yaml b/nuclei-templates/cve-less/plugins/wpfront-user-role-editor-42deb2684c3eba9205d231d5d23306bf.yaml new file mode 100644 index 0000000000..9be8c9330c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfront-user-role-editor-42deb2684c3eba9205d231d5d23306bf.yaml @@ -0,0 +1,58 @@ +id: wpfront-user-role-editor-42deb2684c3eba9205d231d5d23306bf + +info: + name: > + WPFront User Role Editor <= 3.2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffd889b0-ff2e-469a-bd0b-f009cf773ade?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfront-user-role-editor/" + google-query: inurl:"/wp-content/plugins/wpfront-user-role-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfront-user-role-editor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfront-user-role-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfront-user-role-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfront-user-role-editor-94d9ce1faf35ceff75a34ff49e69f6d9.yaml b/nuclei-templates/cve-less/plugins/wpfront-user-role-editor-94d9ce1faf35ceff75a34ff49e69f6d9.yaml new file mode 100644 index 0000000000..2c929fa0e8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfront-user-role-editor-94d9ce1faf35ceff75a34ff49e69f6d9.yaml @@ -0,0 +1,58 @@ +id: wpfront-user-role-editor-94d9ce1faf35ceff75a34ff49e69f6d9 + +info: + name: > + WPFront User Role Editor <= 3.2.1.11184 - Limited Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/078a0647-fc3a-436c-bf00-8776b16e66ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfront-user-role-editor/" + google-query: inurl:"/wp-content/plugins/wpfront-user-role-editor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfront-user-role-editor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfront-user-role-editor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfront-user-role-editor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1.11184') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfunnels-6ab516426049dc622ee1b94cc628b61c.yaml b/nuclei-templates/cve-less/plugins/wpfunnels-6ab516426049dc622ee1b94cc628b61c.yaml new file mode 100644 index 0000000000..771413eddb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfunnels-6ab516426049dc622ee1b94cc628b61c.yaml @@ -0,0 +1,58 @@ +id: wpfunnels-6ab516426049dc622ee1b94cc628b61c + +info: + name: > + WPFunnels <= 3.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b028923-82fe-4dd6-af77-69d7744f2812?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfunnels/" + google-query: inurl:"/wp-content/plugins/wpfunnels/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfunnels,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfunnels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfunnels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfunnels-7a5213754c46194429382d819c00f511.yaml b/nuclei-templates/cve-less/plugins/wpfunnels-7a5213754c46194429382d819c00f511.yaml new file mode 100644 index 0000000000..46beb96602 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfunnels-7a5213754c46194429382d819c00f511.yaml @@ -0,0 +1,58 @@ +id: wpfunnels-7a5213754c46194429382d819c00f511 + +info: + name: > + WPFunnels <= 2.7.16 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c1464ab-217e-4c66-94f8-49376755dba7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfunnels/" + google-query: inurl:"/wp-content/plugins/wpfunnels/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfunnels,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfunnels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfunnels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfunnels-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wpfunnels-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..95f5b1004c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfunnels-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wpfunnels-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfunnels/" + google-query: inurl:"/wp-content/plugins/wpfunnels/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfunnels,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfunnels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfunnels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpfunnels-c470f8f5625ce2e9f7a4e073bc31fb3b.yaml b/nuclei-templates/cve-less/plugins/wpfunnels-c470f8f5625ce2e9f7a4e073bc31fb3b.yaml new file mode 100644 index 0000000000..7d1ceb4cf2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpfunnels-c470f8f5625ce2e9f7a4e073bc31fb3b.yaml @@ -0,0 +1,58 @@ +id: wpfunnels-c470f8f5625ce2e9f7a4e073bc31fb3b + +info: + name: > + WPFunnels <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ff43e5d-bffd-4e2b-a6de-938559cd6f02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpfunnels/" + google-query: inurl:"/wp-content/plugins/wpfunnels/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpfunnels,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpfunnels/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpfunnels" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpgateway-e8e4caf35c45fbc7a371f3be1ae5a251.yaml b/nuclei-templates/cve-less/plugins/wpgateway-e8e4caf35c45fbc7a371f3be1ae5a251.yaml new file mode 100644 index 0000000000..65e9edef2d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpgateway-e8e4caf35c45fbc7a371f3be1ae5a251.yaml @@ -0,0 +1,58 @@ +id: wpgateway-e8e4caf35c45fbc7a371f3be1ae5a251 + +info: + name: > + WPGateway <= 3.5 - Unauthenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b75c681-ecd2-4603-8819-07b2e9b8d547?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpgateway/" + google-query: inurl:"/wp-content/plugins/wpgateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpgateway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpgateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpgateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpgenious-job-listing-17d9d2647ecfd4b0be797349f3817c27.yaml b/nuclei-templates/cve-less/plugins/wpgenious-job-listing-17d9d2647ecfd4b0be797349f3817c27.yaml new file mode 100644 index 0000000000..489bdcb27b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpgenious-job-listing-17d9d2647ecfd4b0be797349f3817c27.yaml @@ -0,0 +1,58 @@ +id: wpgenious-job-listing-17d9d2647ecfd4b0be797349f3817c27 + +info: + name: > + WpGenius Job Listing <= 1.0.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/821b8ed1-10be-4798-826a-aaaef4888950?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpgenious-job-listing/" + google-query: inurl:"/wp-content/plugins/wpgenious-job-listing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpgenious-job-listing,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpgenious-job-listing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpgenious-job-listing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpgform-44fe84770decd19120a8d913bc09bfe5.yaml b/nuclei-templates/cve-less/plugins/wpgform-44fe84770decd19120a8d913bc09bfe5.yaml new file mode 100644 index 0000000000..1b0bfd5f08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpgform-44fe84770decd19120a8d913bc09bfe5.yaml @@ -0,0 +1,58 @@ +id: wpgform-44fe84770decd19120a8d913bc09bfe5 + +info: + name: > + Google Forms <= 0.95 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8035023c-347f-4227-98cb-5b277fba4812?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpgform/" + google-query: inurl:"/wp-content/plugins/wpgform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpgform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpgform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpgform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.95') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpgform-82c5164bc77f066c7a8d33b886720225.yaml b/nuclei-templates/cve-less/plugins/wpgform-82c5164bc77f066c7a8d33b886720225.yaml new file mode 100644 index 0000000000..6995527320 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpgform-82c5164bc77f066c7a8d33b886720225.yaml @@ -0,0 +1,58 @@ +id: wpgform-82c5164bc77f066c7a8d33b886720225 + +info: + name: > + Google Forms <= 0.93 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/968ead80-eed6-4a42-a3cd-73cf4cbbb1e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpgform/" + google-query: inurl:"/wp-content/plugins/wpgform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpgform,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpgform/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpgform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.94') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpglobus-3ba8578c9b517b602d4e446e82ee6f17.yaml b/nuclei-templates/cve-less/plugins/wpglobus-3ba8578c9b517b602d4e446e82ee6f17.yaml new file mode 100644 index 0000000000..4f0465b0fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpglobus-3ba8578c9b517b602d4e446e82ee6f17.yaml @@ -0,0 +1,58 @@ +id: wpglobus-3ba8578c9b517b602d4e446e82ee6f17 + +info: + name: > + WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[post_type][page] + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c32824cc-8895-462f-bd5b-03b8da4db680?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpglobus/" + google-query: inurl:"/wp-content/plugins/wpglobus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpglobus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpglobus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpglobus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpglobus-485a36eabec5f4b9943990f0033b308d.yaml b/nuclei-templates/cve-less/plugins/wpglobus-485a36eabec5f4b9943990f0033b308d.yaml new file mode 100644 index 0000000000..c9e873d15e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpglobus-485a36eabec5f4b9943990f0033b308d.yaml @@ -0,0 +1,58 @@ +id: wpglobus-485a36eabec5f4b9943990f0033b308d + +info: + name: > + WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[enabled_languages] + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab3033c5-95c3-44eb-8602-410288fc423f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpglobus/" + google-query: inurl:"/wp-content/plugins/wpglobus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpglobus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpglobus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpglobus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpglobus-83e2358dd513fd53b034068ccf305836.yaml b/nuclei-templates/cve-less/plugins/wpglobus-83e2358dd513fd53b034068ccf305836.yaml new file mode 100644 index 0000000000..2898acc7a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpglobus-83e2358dd513fd53b034068ccf305836.yaml @@ -0,0 +1,58 @@ +id: wpglobus-83e2358dd513fd53b034068ccf305836 + +info: + name: > + WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting via wpglobus_option[selector_wp_list_pages][show_selector] + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b85b1e3-4eb0-4ba1-8d61-ec82fac123ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpglobus/" + google-query: inurl:"/wp-content/plugins/wpglobus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpglobus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpglobus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpglobus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpglobus-c384382f7d3c6321e1b275243f5d2c28.yaml b/nuclei-templates/cve-less/plugins/wpglobus-c384382f7d3c6321e1b275243f5d2c28.yaml new file mode 100644 index 0000000000..1a3ece9c56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpglobus-c384382f7d3c6321e1b275243f5d2c28.yaml @@ -0,0 +1,58 @@ +id: wpglobus-c384382f7d3c6321e1b275243f5d2c28 + +info: + name: > + WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[more_languages] + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76b11177-782a-4d9c-a974-4cb9ff55fa99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpglobus/" + google-query: inurl:"/wp-content/plugins/wpglobus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpglobus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpglobus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpglobus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpglobus-ddb8a7f2865d6d7dbea16193f41bd919.yaml b/nuclei-templates/cve-less/plugins/wpglobus-ddb8a7f2865d6d7dbea16193f41bd919.yaml new file mode 100644 index 0000000000..696540e532 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpglobus-ddb8a7f2865d6d7dbea16193f41bd919.yaml @@ -0,0 +1,58 @@ +id: wpglobus-ddb8a7f2865d6d7dbea16193f41bd919 + +info: + name: > + WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[browser_redirect][redirect_by_language] + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c09536b3-9f8d-4b11-b69a-684b65078870?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpglobus/" + google-query: inurl:"/wp-content/plugins/wpglobus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpglobus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpglobus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpglobus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpglobus-e95762dedf29574050fd40fac42c78ac.yaml b/nuclei-templates/cve-less/plugins/wpglobus-e95762dedf29574050fd40fac42c78ac.yaml new file mode 100644 index 0000000000..8a584f51e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpglobus-e95762dedf29574050fd40fac42c78ac.yaml @@ -0,0 +1,58 @@ +id: wpglobus-e95762dedf29574050fd40fac42c78ac + +info: + name: > + WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/113dcd4d-e62f-44dc-8087-28d265ef66be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpglobus/" + google-query: inurl:"/wp-content/plugins/wpglobus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpglobus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpglobus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpglobus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpglobus-f4fb22207f3c1928cb95d88c1e1f82b7.yaml b/nuclei-templates/cve-less/plugins/wpglobus-f4fb22207f3c1928cb95d88c1e1f82b7.yaml new file mode 100644 index 0000000000..24ee8b2415 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpglobus-f4fb22207f3c1928cb95d88c1e1f82b7.yaml @@ -0,0 +1,58 @@ +id: wpglobus-f4fb22207f3c1928cb95d88c1e1f82b7 + +info: + name: > + WPGlobus – Multilingual Everything! <= 1.9.6 - Cross-Site Scripting via wpglobus_option[post_type][post] + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90cd3722-c3cb-4ac3-871d-cacda49be294?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpglobus/" + google-query: inurl:"/wp-content/plugins/wpglobus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpglobus,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpglobus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpglobus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpglobus-translate-options-db22094eea816af85bb6ec1f6633c114.yaml b/nuclei-templates/cve-less/plugins/wpglobus-translate-options-db22094eea816af85bb6ec1f6633c114.yaml new file mode 100644 index 0000000000..1a4eb4a39a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpglobus-translate-options-db22094eea816af85bb6ec1f6633c114.yaml @@ -0,0 +1,58 @@ +id: wpglobus-translate-options-db22094eea816af85bb6ec1f6633c114 + +info: + name: > + WPGlobus Translate Options <= 2.1.0 - Reflected Cross-Site Scripting via page + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf0a1568-e97c-41ea-b2c3-ba335f0b4360?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpglobus-translate-options/" + google-query: inurl:"/wp-content/plugins/wpglobus-translate-options/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpglobus-translate-options,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpglobus-translate-options/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpglobus-translate-options" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wphotfiles-faa612ca5bdaf4285ef55a7ed1d04960.yaml b/nuclei-templates/cve-less/plugins/wphotfiles-faa612ca5bdaf4285ef55a7ed1d04960.yaml new file mode 100644 index 0000000000..930b45d785 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wphotfiles-faa612ca5bdaf4285ef55a7ed1d04960.yaml @@ -0,0 +1,58 @@ +id: wphotfiles-faa612ca5bdaf4285ef55a7ed1d04960 + +info: + name: > + Hot Files: File Sharing and Download Manager Plugin <= 1.0.0 - Cross-Site scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4ce2353-e4ec-4f55-a341-c1b11be86642?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wphotfiles/" + google-query: inurl:"/wp-content/plugins/wphotfiles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wphotfiles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wphotfiles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wphotfiles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpide-13d6d07ad8433fc4c13ab399af9c2000.yaml b/nuclei-templates/cve-less/plugins/wpide-13d6d07ad8433fc4c13ab399af9c2000.yaml new file mode 100644 index 0000000000..1bb49b9995 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpide-13d6d07ad8433fc4c13ab399af9c2000.yaml @@ -0,0 +1,58 @@ +id: wpide-13d6d07ad8433fc4c13ab399af9c2000 + +info: + name: > + WPIDE – File Manager & Code Editor <= 2.6 - Authenticated (Admininstrator+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/67f143a4-2467-48cf-8024-8529ef4ed449?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpide/" + google-query: inurl:"/wp-content/plugins/wpide/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpide,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpide-a281a6daee68ba362dc7d77d71441ffb.yaml b/nuclei-templates/cve-less/plugins/wpide-a281a6daee68ba362dc7d77d71441ffb.yaml new file mode 100644 index 0000000000..7a126f2d46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpide-a281a6daee68ba362dc7d77d71441ffb.yaml @@ -0,0 +1,58 @@ +id: wpide-a281a6daee68ba362dc7d77d71441ffb + +info: + name: > + WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c77db815-e401-4410-b6ec-e6668dd988ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpide/" + google-query: inurl:"/wp-content/plugins/wpide/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpide,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpide-ec9c194a00305798df823bbd977744c9.yaml b/nuclei-templates/cve-less/plugins/wpide-ec9c194a00305798df823bbd977744c9.yaml new file mode 100644 index 0000000000..a89dd6b3b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpide-ec9c194a00305798df823bbd977744c9.yaml @@ -0,0 +1,58 @@ +id: wpide-ec9c194a00305798df823bbd977744c9 + +info: + name: > + WPide <= 2.6 - Authenticated (Administrator+) Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63902f5b-98e2-4586-9e20-4b900b6f861a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpide/" + google-query: inurl:"/wp-content/plugins/wpide/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpide,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpide/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpide" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpify-woo-739e325811d595a476c8a9d5ed5b690b.yaml b/nuclei-templates/cve-less/plugins/wpify-woo-739e325811d595a476c8a9d5ed5b690b.yaml new file mode 100644 index 0000000000..5a7d02ad2b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpify-woo-739e325811d595a476c8a9d5ed5b690b.yaml @@ -0,0 +1,58 @@ +id: wpify-woo-739e325811d595a476c8a9d5ed5b690b + +info: + name: > + WPify Woo Czech <= 4.0.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/44f691f2-b3f4-49b7-8710-015b5b11db18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpify-woo/" + google-query: inurl:"/wp-content/plugins/wpify-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpify-woo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpify-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpify-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpify-woo-f47e9f4ca218e71c08ad0ae51486eb67.yaml b/nuclei-templates/cve-less/plugins/wpify-woo-f47e9f4ca218e71c08ad0ae51486eb67.yaml new file mode 100644 index 0000000000..ac81d96637 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpify-woo-f47e9f4ca218e71c08ad0ae51486eb67.yaml @@ -0,0 +1,58 @@ +id: wpify-woo-f47e9f4ca218e71c08ad0ae51486eb67 + +info: + name: > + WPify Woo Czech <= 4.0.10 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2bafede8-9bd0-4c38-a402-42d419cc03fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpify-woo/" + google-query: inurl:"/wp-content/plugins/wpify-woo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpify-woo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpify-woo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpify-woo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpjam-basic-d8720ff7be23b66bec0bd659c201c502.yaml b/nuclei-templates/cve-less/plugins/wpjam-basic-d8720ff7be23b66bec0bd659c201c502.yaml new file mode 100644 index 0000000000..df79e65f3a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpjam-basic-d8720ff7be23b66bec0bd659c201c502.yaml @@ -0,0 +1,58 @@ +id: wpjam-basic-d8720ff7be23b66bec0bd659c201c502 + +info: + name: > + WPJAM Basic <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a5ccc0b-a80a-41df-991c-5c356eb10512?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpjam-basic/" + google-query: inurl:"/wp-content/plugins/wpjam-basic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpjam-basic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpjam-basic/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpjam-basic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpjobboard-15e650b4ee038f777984c647938b664a.yaml b/nuclei-templates/cve-less/plugins/wpjobboard-15e650b4ee038f777984c647938b664a.yaml new file mode 100644 index 0000000000..b085633c74 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpjobboard-15e650b4ee038f777984c647938b664a.yaml @@ -0,0 +1,58 @@ +id: wpjobboard-15e650b4ee038f777984c647938b664a + +info: + name: > + WP Job Board <= 4.4.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bfedb93-76e6-4d3f-bf44-1e6d8947c7d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpjobboard/" + google-query: inurl:"/wp-content/plugins/wpjobboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpjobboard,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpjobboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpjobboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpjobboard-251f38cefaa8d1370dc48f71e7aae210.yaml b/nuclei-templates/cve-less/plugins/wpjobboard-251f38cefaa8d1370dc48f71e7aae210.yaml new file mode 100644 index 0000000000..c60a25c089 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpjobboard-251f38cefaa8d1370dc48f71e7aae210.yaml @@ -0,0 +1,58 @@ +id: wpjobboard-251f38cefaa8d1370dc48f71e7aae210 + +info: + name: > + WPJobBoard <= 4.5.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fa1a551-36d4-488c-898a-3c13b509b8c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpjobboard/" + google-query: inurl:"/wp-content/plugins/wpjobboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpjobboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpjobboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpjobboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpjobboard-528b7498cac098c3cafe6540ba1e4135.yaml b/nuclei-templates/cve-less/plugins/wpjobboard-528b7498cac098c3cafe6540ba1e4135.yaml new file mode 100644 index 0000000000..cb907c35ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpjobboard-528b7498cac098c3cafe6540ba1e4135.yaml @@ -0,0 +1,58 @@ +id: wpjobboard-528b7498cac098c3cafe6540ba1e4135 + +info: + name: > + WPJobBoard <= 5.9.0 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cd1d385-001c-4c84-9a80-553315336a63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpjobboard/" + google-query: inurl:"/wp-content/plugins/wpjobboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpjobboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpjobboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpjobboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpjobboard-52e9c784ee926500b6a7a44692c6aef8.yaml b/nuclei-templates/cve-less/plugins/wpjobboard-52e9c784ee926500b6a7a44692c6aef8.yaml new file mode 100644 index 0000000000..7bd90c0157 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpjobboard-52e9c784ee926500b6a7a44692c6aef8.yaml @@ -0,0 +1,58 @@ +id: wpjobboard-52e9c784ee926500b6a7a44692c6aef8 + +info: + name: > + WPJobBoard <= 5.5.3 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90b97e57-a021-462c-b3d2-49cf959950dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpjobboard/" + google-query: inurl:"/wp-content/plugins/wpjobboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpjobboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpjobboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpjobboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpkoi-templates-for-elementor-13b1426aee2c11f321401f7155b3cd3d.yaml b/nuclei-templates/cve-less/plugins/wpkoi-templates-for-elementor-13b1426aee2c11f321401f7155b3cd3d.yaml new file mode 100644 index 0000000000..e0c0377897 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpkoi-templates-for-elementor-13b1426aee2c11f321401f7155b3cd3d.yaml @@ -0,0 +1,58 @@ +id: wpkoi-templates-for-elementor-13b1426aee2c11f321401f7155b3cd3d + +info: + name: > + WPKoi Templates for Elementor <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Heading Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/31f7ae51-2fb2-4311-bc78-7198d6e6b623?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpkoi-templates-for-elementor/" + google-query: inurl:"/wp-content/plugins/wpkoi-templates-for-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpkoi-templates-for-elementor,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpkoi-templates-for-elementor/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpkoi-templates-for-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wplegalpages-5ab744233de8cca4ab1cbaa602802c09.yaml b/nuclei-templates/cve-less/plugins/wplegalpages-5ab744233de8cca4ab1cbaa602802c09.yaml new file mode 100644 index 0000000000..8a0a4c4bee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wplegalpages-5ab744233de8cca4ab1cbaa602802c09.yaml @@ -0,0 +1,58 @@ +id: wplegalpages-5ab744233de8cca4ab1cbaa602802c09 + +info: + name: > + Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages < 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/805e3eba-639e-48a1-a867-a2c56fa01081?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wplegalpages/" + google-query: inurl:"/wp-content/plugins/wplegalpages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wplegalpages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wplegalpages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wplegalpages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wplegalpages-7251846dd87f32952c517012f5416bb3.yaml b/nuclei-templates/cve-less/plugins/wplegalpages-7251846dd87f32952c517012f5416bb3.yaml new file mode 100644 index 0000000000..dffca570cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wplegalpages-7251846dd87f32952c517012f5416bb3.yaml @@ -0,0 +1,58 @@ +id: wplegalpages-7251846dd87f32952c517012f5416bb3 + +info: + name: > + WPLegalPages <= 2.9.2 - Authenticated (Author+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68d7b5d0-c777-4ff9-bdef-a7762cfbdf1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wplegalpages/" + google-query: inurl:"/wp-content/plugins/wplegalpages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wplegalpages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wplegalpages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wplegalpages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wplegalpages-aa2d32a6da076063dc14a9036390d1fe.yaml b/nuclei-templates/cve-less/plugins/wplegalpages-aa2d32a6da076063dc14a9036390d1fe.yaml new file mode 100644 index 0000000000..da211602ea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wplegalpages-aa2d32a6da076063dc14a9036390d1fe.yaml @@ -0,0 +1,58 @@ +id: wplegalpages-aa2d32a6da076063dc14a9036390d1fe + +info: + name: > + Privacy Policy Generator, Terms & Conditions Generator - WPLegalPages <= 2.7.0 - Arbitrary Settings Update to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e85adbd-7e82-4949-916b-20aba1f97bf1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wplegalpages/" + google-query: inurl:"/wp-content/plugins/wplegalpages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wplegalpages,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wplegalpages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wplegalpages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wplite-3910ec4d645c60375887481edfe719b7.yaml b/nuclei-templates/cve-less/plugins/wplite-3910ec4d645c60375887481edfe719b7.yaml new file mode 100644 index 0000000000..ed351642aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wplite-3910ec4d645c60375887481edfe719b7.yaml @@ -0,0 +1,58 @@ +id: wplite-3910ec4d645c60375887481edfe719b7 + +info: + name: > + WPlite <= 1.3.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3503c7bf-5e96-4033-89c1-b7c13c5489d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wplite/" + google-query: inurl:"/wp-content/plugins/wplite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wplite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wplite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wplite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wplr-sync-3bdb0d0ea9cf8219d34566c6858ae4f8.yaml b/nuclei-templates/cve-less/plugins/wplr-sync-3bdb0d0ea9cf8219d34566c6858ae4f8.yaml new file mode 100644 index 0000000000..47a4d068ff --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wplr-sync-3bdb0d0ea9cf8219d34566c6858ae4f8.yaml @@ -0,0 +1,58 @@ +id: wplr-sync-3bdb0d0ea9cf8219d34566c6858ae4f8 + +info: + name: > + Photo Engine <= 6.2.5 - Authenticated (Author+) Insecure Direct Object Reference in ajax_generate_auth_token + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db6bec6c-77d1-4dab-9893-cf33a2fac629?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wplr-sync/" + google-query: inurl:"/wp-content/plugins/wplr-sync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wplr-sync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wplr-sync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wplr-sync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpmandrill-12a5a8360002b901fa077eaf0cb0a07a.yaml b/nuclei-templates/cve-less/plugins/wpmandrill-12a5a8360002b901fa077eaf0cb0a07a.yaml new file mode 100644 index 0000000000..51422100b7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpmandrill-12a5a8360002b901fa077eaf0cb0a07a.yaml @@ -0,0 +1,58 @@ +id: wpmandrill-12a5a8360002b901fa077eaf0cb0a07a + +info: + name: > + wpMandrill <= 1.33 - Missing Authorization via getAjaxStats + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b89cf8ef-9fa0-4ede-8ec9-c166d0db74fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpmandrill/" + google-query: inurl:"/wp-content/plugins/wpmandrill/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpmandrill,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpmandrill/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpmandrill" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpmarketplace-1c957d73e722d9ee39589589b266de33.yaml b/nuclei-templates/cve-less/plugins/wpmarketplace-1c957d73e722d9ee39589589b266de33.yaml new file mode 100644 index 0000000000..5193908a1d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpmarketplace-1c957d73e722d9ee39589589b266de33.yaml @@ -0,0 +1,58 @@ +id: wpmarketplace-1c957d73e722d9ee39589589b266de33 + +info: + name: > + Marketplace <= 2.4.0 - Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e834db1-0859-4e58-a11c-96e8f201b097?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpmarketplace/" + google-query: inurl:"/wp-content/plugins/wpmarketplace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpmarketplace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpmarketplace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpmarketplace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpmarketplace-8cc608a635186c89042b092a2deb5e86.yaml b/nuclei-templates/cve-less/plugins/wpmarketplace-8cc608a635186c89042b092a2deb5e86.yaml new file mode 100644 index 0000000000..0ffdc9de6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpmarketplace-8cc608a635186c89042b092a2deb5e86.yaml @@ -0,0 +1,58 @@ +id: wpmarketplace-8cc608a635186c89042b092a2deb5e86 + +info: + name: > + WP Marketplace – Complete Shopping Cart / eCommerce Solution <= 2.4.0 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/091b2d1d-983a-45ab-935e-635991e8bc8b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpmarketplace/" + google-query: inurl:"/wp-content/plugins/wpmarketplace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpmarketplace,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpmarketplace/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpmarketplace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpml-cb38c4c6a570ec5691624654c5d4d34c.yaml b/nuclei-templates/cve-less/plugins/wpml-cb38c4c6a570ec5691624654c5d4d34c.yaml new file mode 100644 index 0000000000..1126644c69 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpml-cb38c4c6a570ec5691624654c5d4d34c.yaml @@ -0,0 +1,58 @@ +id: wpml-cb38c4c6a570ec5691624654c5d4d34c + +info: + name: > + WPML < 3.1.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/884973e2-3836-448f-8c0d-1235fb2c09b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpml/" + google-query: inurl:"/wp-content/plugins/wpml/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpml,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpml/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpml" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpo365-login-41c658cc02437ea28ef89a50228368a2.yaml b/nuclei-templates/cve-less/plugins/wpo365-login-41c658cc02437ea28ef89a50228368a2.yaml new file mode 100644 index 0000000000..78b86de185 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpo365-login-41c658cc02437ea28ef89a50228368a2.yaml @@ -0,0 +1,58 @@ +id: wpo365-login-41c658cc02437ea28ef89a50228368a2 + +info: + name: > + WordPress + Microsoft Office 365 / Azure AD | LOGIN <= 15.3 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd552e86-5f0f-4203-b648-f069503b48e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpo365-login/" + google-query: inurl:"/wp-content/plugins/wpo365-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpo365-login,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpo365-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpo365-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 15.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpo365-login-fa8823b3be9be96069014fd7460133fa.yaml b/nuclei-templates/cve-less/plugins/wpo365-login-fa8823b3be9be96069014fd7460133fa.yaml new file mode 100644 index 0000000000..04121c31fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpo365-login-fa8823b3be9be96069014fd7460133fa.yaml @@ -0,0 +1,58 @@ +id: wpo365-login-fa8823b3be9be96069014fd7460133fa + +info: + name: > + WPO365 | LOGIN <= 11.6 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d4cf93d-61af-4721-9751-9891e08ce7b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpo365-login/" + google-query: inurl:"/wp-content/plugins/wpo365-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpo365-login,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpo365-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpo365-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpopal-core-features-e2fa4c8a4519773eef901f4abb2bc665.yaml b/nuclei-templates/cve-less/plugins/wpopal-core-features-e2fa4c8a4519773eef901f4abb2bc665.yaml new file mode 100644 index 0000000000..41446b8736 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpopal-core-features-e2fa4c8a4519773eef901f4abb2bc665.yaml @@ -0,0 +1,58 @@ +id: wpopal-core-features-e2fa4c8a4519773eef901f4abb2bc665 + +info: + name: > + CSSTidy - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb534d86-c477-4a9c-b048-2fbc002168b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpopal-core-features/" + google-query: inurl:"/wp-content/plugins/wpopal-core-features/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpopal-core-features,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpopal-core-features/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpopal-core-features" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wppageflip-92ae3c7f62669bb059cdddeab166dfdd.yaml b/nuclei-templates/cve-less/plugins/wppageflip-92ae3c7f62669bb059cdddeab166dfdd.yaml new file mode 100644 index 0000000000..d82a5331f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wppageflip-92ae3c7f62669bb059cdddeab166dfdd.yaml @@ -0,0 +1,58 @@ +id: wppageflip-92ae3c7f62669bb059cdddeab166dfdd + +info: + name: > + A Page Flip Book < 3.0 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b291ed6f-0998-40fc-a628-4df6416c9fc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wppageflip/" + google-query: inurl:"/wp-content/plugins/wppageflip/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wppageflip,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wppageflip/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wppageflip" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wppdf-2bf5272ec6d886fad7b7b1d47db7c04d.yaml b/nuclei-templates/cve-less/plugins/wppdf-2bf5272ec6d886fad7b7b1d47db7c04d.yaml new file mode 100644 index 0000000000..2471c88c62 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wppdf-2bf5272ec6d886fad7b7b1d47db7c04d.yaml @@ -0,0 +1,58 @@ +id: wppdf-2bf5272ec6d886fad7b7b1d47db7c04d + +info: + name: > + Responsive flipbook <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3de98970-06a3-4bde-a7cb-42b6456fea6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wppdf/" + google-query: inurl:"/wp-content/plugins/wppdf/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wppdf,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wppdf/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wppdf" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpperformancetester-f14cc7b2edd1a1231a45d376dd4df337.yaml b/nuclei-templates/cve-less/plugins/wpperformancetester-f14cc7b2edd1a1231a45d376dd4df337.yaml new file mode 100644 index 0000000000..2e8a6ddab0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpperformancetester-f14cc7b2edd1a1231a45d376dd4df337.yaml @@ -0,0 +1,58 @@ +id: wpperformancetester-f14cc7b2edd1a1231a45d376dd4df337 + +info: + name: > + WPPerformanceTester <= 2.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3fb35366-b09c-4667-8fb9-6f80ba6d09f0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpperformancetester/" + google-query: inurl:"/wp-content/plugins/wpperformancetester/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpperformancetester,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpperformancetester/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpperformancetester" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wppizza-32909284311b9711b0c941168cf05813.yaml b/nuclei-templates/cve-less/plugins/wppizza-32909284311b9711b0c941168cf05813.yaml new file mode 100644 index 0000000000..c3474ba43e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wppizza-32909284311b9711b0c941168cf05813.yaml @@ -0,0 +1,58 @@ +id: wppizza-32909284311b9711b0c941168cf05813 + +info: + name: > + WPPizza <= 3.17.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/225ac126-7448-4faf-92c7-ee96831b272e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wppizza/" + google-query: inurl:"/wp-content/plugins/wppizza/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wppizza,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wppizza/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wppizza" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.17.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wppizza-81f88656b7bb4f363fcac664b1d8935a.yaml b/nuclei-templates/cve-less/plugins/wppizza-81f88656b7bb4f363fcac664b1d8935a.yaml new file mode 100644 index 0000000000..ccdfd15320 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wppizza-81f88656b7bb4f363fcac664b1d8935a.yaml @@ -0,0 +1,58 @@ +id: wppizza-81f88656b7bb4f363fcac664b1d8935a + +info: + name: > + WPPizza <= 3.18.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccfdb5f5-8417-44a3-a27c-157a9619c68b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wppizza/" + google-query: inurl:"/wp-content/plugins/wppizza/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wppizza,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wppizza/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wppizza" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.18.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wppizza-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml b/nuclei-templates/cve-less/plugins/wppizza-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml new file mode 100644 index 0000000000..db80b832f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wppizza-af71bdcfe6e10b4aec22bfd701d5b3f4.yaml @@ -0,0 +1,58 @@ +id: wppizza-af71bdcfe6e10b4aec22bfd701d5b3f4 + +info: + name: > + PrettyPhoto Library (Multiple Plugins and Themes) <= 3.1.4 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2cc5962f-4d3c-43ea-996b-a5bb3d0dccef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wppizza/" + google-query: inurl:"/wp-content/plugins/wppizza/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wppizza,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wppizza/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wppizza" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.11.8.18') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wppizza-e4bdb79e642b57f61de774ae24d8a0ad.yaml b/nuclei-templates/cve-less/plugins/wppizza-e4bdb79e642b57f61de774ae24d8a0ad.yaml new file mode 100644 index 0000000000..48a67302f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wppizza-e4bdb79e642b57f61de774ae24d8a0ad.yaml @@ -0,0 +1,58 @@ +id: wppizza-e4bdb79e642b57f61de774ae24d8a0ad + +info: + name: > + WPPizza <= 3.18.10 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc00cbc-ec65-4664-8ec6-8cfb47196ec1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wppizza/" + google-query: inurl:"/wp-content/plugins/wppizza/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wppizza,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wppizza/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wppizza" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.18.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wppm-11e0416c47cc399cafbb7b5feca59d4c.yaml b/nuclei-templates/cve-less/plugins/wppm-11e0416c47cc399cafbb7b5feca59d4c.yaml new file mode 100644 index 0000000000..54c0f2ef9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wppm-11e0416c47cc399cafbb7b5feca59d4c.yaml @@ -0,0 +1,58 @@ +id: wppm-11e0416c47cc399cafbb7b5feca59d4c + +info: + name: > + WP Plugin Manager (wppm) <= 1.6.4.b - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa178e13-b4a5-4847-ac0e-9f14f8c9b446?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wppm/" + google-query: inurl:"/wp-content/plugins/wppm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wppm,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wppm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wppm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4.b') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpqa-399a0cfb0032357f26f899d011d7490f.yaml b/nuclei-templates/cve-less/plugins/wpqa-399a0cfb0032357f26f899d011d7490f.yaml new file mode 100644 index 0000000000..0d964ae3d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpqa-399a0cfb0032357f26f899d011d7490f.yaml @@ -0,0 +1,58 @@ +id: wpqa-399a0cfb0032357f26f899d011d7490f + +info: + name: > + WPQA - Builder forms Addon For WordPress < 5.2 - Stored Cross-Site Scripting via Profile fields + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/082b57a9-4703-4908-9119-47fc4034c35d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpqa/" + google-query: inurl:"/wp-content/plugins/wpqa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpqa,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpqa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpqa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpqa-5cfa8b6a040b435f7a92a3787291a533.yaml b/nuclei-templates/cve-less/plugins/wpqa-5cfa8b6a040b435f7a92a3787291a533.yaml new file mode 100644 index 0000000000..9639c35aea --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpqa-5cfa8b6a040b435f7a92a3787291a533.yaml @@ -0,0 +1,58 @@ +id: wpqa-5cfa8b6a040b435f7a92a3787291a533 + +info: + name: > + WPQA - Builder forms Addon For WordPress < 5.7 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd7b72bb-2cf7-4a8d-b323-66c94b500cb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpqa/" + google-query: inurl:"/wp-content/plugins/wpqa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpqa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpqa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpqa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpqa-a41befce41d6aff1f7ad093dd0e01517.yaml b/nuclei-templates/cve-less/plugins/wpqa-a41befce41d6aff1f7ad093dd0e01517.yaml new file mode 100644 index 0000000000..2fb658569b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpqa-a41befce41d6aff1f7ad093dd0e01517.yaml @@ -0,0 +1,58 @@ +id: wpqa-a41befce41d6aff1f7ad093dd0e01517 + +info: + name: > + WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Profile Picture Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df0dcdf4-fcb1-4832-b39b-4ec3ee980506?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpqa/" + google-query: inurl:"/wp-content/plugins/wpqa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpqa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpqa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpqa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpqa-c453f0ecd6a4881debc7f71c36086298.yaml b/nuclei-templates/cve-less/plugins/wpqa-c453f0ecd6a4881debc7f71c36086298.yaml new file mode 100644 index 0000000000..e5d9e45981 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpqa-c453f0ecd6a4881debc7f71c36086298.yaml @@ -0,0 +1,58 @@ +id: wpqa-c453f0ecd6a4881debc7f71c36086298 + +info: + name: > + WPQA < 5.9 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a86301cd-1268-4168-a8e7-6946711dc256?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpqa/" + google-query: inurl:"/wp-content/plugins/wpqa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpqa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpqa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpqa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpqa-c890a2d3e19ae2099edf204803cc83b0.yaml b/nuclei-templates/cve-less/plugins/wpqa-c890a2d3e19ae2099edf204803cc83b0.yaml new file mode 100644 index 0000000000..e9395075a7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpqa-c890a2d3e19ae2099edf204803cc83b0.yaml @@ -0,0 +1,58 @@ +id: wpqa-c890a2d3e19ae2099edf204803cc83b0 + +info: + name: > + WPQA - Builder forms Addon For WordPress <= 5.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b5fb356-df9a-45c1-a663-b762ca1b65c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpqa/" + google-query: inurl:"/wp-content/plugins/wpqa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpqa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpqa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpqa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpqa-dd3fead301df531f0d1ae759b6afb54b.yaml b/nuclei-templates/cve-less/plugins/wpqa-dd3fead301df531f0d1ae759b6afb54b.yaml new file mode 100644 index 0000000000..ffbca13776 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpqa-dd3fead301df531f0d1ae759b6afb54b.yaml @@ -0,0 +1,58 @@ +id: wpqa-dd3fead301df531f0d1ae759b6afb54b + +info: + name: > + WPQA - Builder forms Addon For WordPress <= 5.4 - Unauthenticated Private Message Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/048c37c2-0ace-4bf1-8cb8-554c4645be21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpqa/" + google-query: inurl:"/wp-content/plugins/wpqa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpqa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpqa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpqa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpqa-dda12396183ee405a0b6804083230616.yaml b/nuclei-templates/cve-less/plugins/wpqa-dda12396183ee405a0b6804083230616.yaml new file mode 100644 index 0000000000..18947e476c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpqa-dda12396183ee405a0b6804083230616.yaml @@ -0,0 +1,58 @@ +id: wpqa-dda12396183ee405a0b6804083230616 + +info: + name: > + WPQA - Builder forms Addon For WordPress (<= 5.9.2), Himer (<= 1.9.3) and Discy (<= 5.5.3) - Authenticated (Subscriber+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/085da0fa-9487-4938-94ea-c1593be7c023?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpqa/" + google-query: inurl:"/wp-content/plugins/wpqa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpqa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpqa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpqa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpqa-dfd03ed6db32c6975ee246c21a630603.yaml b/nuclei-templates/cve-less/plugins/wpqa-dfd03ed6db32c6975ee246c21a630603.yaml new file mode 100644 index 0000000000..10f97d66cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpqa-dfd03ed6db32c6975ee246c21a630603.yaml @@ -0,0 +1,58 @@ +id: wpqa-dfd03ed6db32c6975ee246c21a630603 + +info: + name: > + WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Private Message Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56036bb2-3af3-4f69-ab79-78c5bb266231?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpqa/" + google-query: inurl:"/wp-content/plugins/wpqa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpqa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpqa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpqa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wps-child-theme-generator-272502bd23e70077d3c0e25865267220.yaml b/nuclei-templates/cve-less/plugins/wps-child-theme-generator-272502bd23e70077d3c0e25865267220.yaml new file mode 100644 index 0000000000..8d660b1c87 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wps-child-theme-generator-272502bd23e70077d3c0e25865267220.yaml @@ -0,0 +1,58 @@ +id: wps-child-theme-generator-272502bd23e70077d3c0e25865267220 + +info: + name: > + WPS Child Theme Generator < 1.2 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3c0bd6ee-da23-4e1e-9dbc-1ee4a111f7f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wps-child-theme-generator/" + google-query: inurl:"/wp-content/plugins/wps-child-theme-generator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wps-child-theme-generator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wps-child-theme-generator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wps-child-theme-generator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wps-hide-login-631db0a162eaa0bf7ba9778e5dde5467.yaml b/nuclei-templates/cve-less/plugins/wps-hide-login-631db0a162eaa0bf7ba9778e5dde5467.yaml new file mode 100644 index 0000000000..d04fc32a21 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wps-hide-login-631db0a162eaa0bf7ba9778e5dde5467.yaml @@ -0,0 +1,58 @@ +id: wps-hide-login-631db0a162eaa0bf7ba9778e5dde5467 + +info: + name: > + WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'action=rp' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d106394-0dad-4d96-9063-6824fce65bdd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wps-hide-login/" + google-query: inurl:"/wp-content/plugins/wps-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wps-hide-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wps-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wps-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wps-hide-login-7c05693517b55b87f0d7f83514eb2c07.yaml b/nuclei-templates/cve-less/plugins/wps-hide-login-7c05693517b55b87f0d7f83514eb2c07.yaml new file mode 100644 index 0000000000..5e2bf48ff5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wps-hide-login-7c05693517b55b87f0d7f83514eb2c07.yaml @@ -0,0 +1,58 @@ +id: wps-hide-login-7c05693517b55b87f0d7f83514eb2c07 + +info: + name: > + WPS Hide Login <= 1.9.11 - Hidden Login Page Location Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb81e90f-8da4-483c-9bc1-18b6c016df5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wps-hide-login/" + google-query: inurl:"/wp-content/plugins/wps-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wps-hide-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wps-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wps-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wps-hide-login-db674a6de8d9817e777becabcbbc904f.yaml b/nuclei-templates/cve-less/plugins/wps-hide-login-db674a6de8d9817e777becabcbbc904f.yaml new file mode 100644 index 0000000000..ec93fccf96 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wps-hide-login-db674a6de8d9817e777becabcbbc904f.yaml @@ -0,0 +1,58 @@ +id: wps-hide-login-db674a6de8d9817e777becabcbbc904f + +info: + name: > + WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'action=confirmaction' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db3724bf-35bb-4e28-b5e2-1bbc96adc7b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wps-hide-login/" + google-query: inurl:"/wp-content/plugins/wps-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wps-hide-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wps-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wps-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wps-hide-login-e36199753fc8222b9a4c8dc023f4878a.yaml b/nuclei-templates/cve-less/plugins/wps-hide-login-e36199753fc8222b9a4c8dc023f4878a.yaml new file mode 100644 index 0000000000..8a5c5160b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wps-hide-login-e36199753fc8222b9a4c8dc023f4878a.yaml @@ -0,0 +1,58 @@ +id: wps-hide-login-e36199753fc8222b9a4c8dc023f4878a + +info: + name: > + WPS Hide Login <= 1.5.4.2 - Hidden Login Page Location Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7808329f-1688-480c-a83c-c4ab2fa86da6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wps-hide-login/" + google-query: inurl:"/wp-content/plugins/wps-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wps-hide-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wps-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wps-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wps-hide-login-e8798ed63a85d45d71422ad1f5961970.yaml b/nuclei-templates/cve-less/plugins/wps-hide-login-e8798ed63a85d45d71422ad1f5961970.yaml new file mode 100644 index 0000000000..30009a0ae5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wps-hide-login-e8798ed63a85d45d71422ad1f5961970.yaml @@ -0,0 +1,58 @@ +id: wps-hide-login-e8798ed63a85d45d71422ad1f5961970 + +info: + name: > + WPS Hide Login <= 1.9.0 - Hidden Login Page Location Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e0e503f4-5864-49f0-aa52-6a44af5e8087?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wps-hide-login/" + google-query: inurl:"/wp-content/plugins/wps-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wps-hide-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wps-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wps-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wps-hide-login-eb378c658d67b036fda08c9801554621.yaml b/nuclei-templates/cve-less/plugins/wps-hide-login-eb378c658d67b036fda08c9801554621.yaml new file mode 100644 index 0000000000..f7cecef494 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wps-hide-login-eb378c658d67b036fda08c9801554621.yaml @@ -0,0 +1,58 @@ +id: wps-hide-login-eb378c658d67b036fda08c9801554621 + +info: + name: > + WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via 'adminhash' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7076c253-91ac-46b4-91ad-89a296408959?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wps-hide-login/" + google-query: inurl:"/wp-content/plugins/wps-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wps-hide-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wps-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wps-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wps-hide-login-efc5740c90ff0a59809e4e9849d0d149.yaml b/nuclei-templates/cve-less/plugins/wps-hide-login-efc5740c90ff0a59809e4e9849d0d149.yaml new file mode 100644 index 0000000000..311e07a19c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wps-hide-login-efc5740c90ff0a59809e4e9849d0d149.yaml @@ -0,0 +1,58 @@ +id: wps-hide-login-efc5740c90ff0a59809e4e9849d0d149 + +info: + name: > + WPS Hide Login <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9c7cf6f9-6fd0-487f-93cf-516b52736512?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wps-hide-login/" + google-query: inurl:"/wp-content/plugins/wps-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wps-hide-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wps-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wps-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wps-hide-login-ffe4a494ba525ff7867c7e82eb26993d.yaml b/nuclei-templates/cve-less/plugins/wps-hide-login-ffe4a494ba525ff7867c7e82eb26993d.yaml new file mode 100644 index 0000000000..aad0c9418f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wps-hide-login-ffe4a494ba525ff7867c7e82eb26993d.yaml @@ -0,0 +1,58 @@ +id: wps-hide-login-ffe4a494ba525ff7867c7e82eb26993d + +info: + name: > + WPS Hide Login <= 1.5.2.2 - Login Page Disclosure via Referer Header + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d94f0347-2167-4840-b21c-3279de0f9325?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wps-hide-login/" + google-query: inurl:"/wp-content/plugins/wps-hide-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wps-hide-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wps-hide-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wps-hide-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpschoolpress-a9a638b4142268e1bac6a40ef293c66b.yaml b/nuclei-templates/cve-less/plugins/wpschoolpress-a9a638b4142268e1bac6a40ef293c66b.yaml new file mode 100644 index 0000000000..b0a71957aa --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpschoolpress-a9a638b4142268e1bac6a40ef293c66b.yaml @@ -0,0 +1,58 @@ +id: wpschoolpress-a9a638b4142268e1bac6a40ef293c66b + +info: + name: > + WPSchoolPress <= 2.2.4 - Authenticated(Teacher+) SQL Injection via ClassID + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d070e12e-ec53-4574-ac37-dc8805d9a553?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpschoolpress/" + google-query: inurl:"/wp-content/plugins/wpschoolpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpschoolpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpschoolpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpschoolpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpschoolpress-b9006062d746b8caf6ca2e15e2892f35.yaml b/nuclei-templates/cve-less/plugins/wpschoolpress-b9006062d746b8caf6ca2e15e2892f35.yaml new file mode 100644 index 0000000000..0ebde775cf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpschoolpress-b9006062d746b8caf6ca2e15e2892f35.yaml @@ -0,0 +1,58 @@ +id: wpschoolpress-b9006062d746b8caf6ca2e15e2892f35 + +info: + name: > + School Management System – WPSchoolPress <= 2.1.16 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/850f554f-abb5-4b9f-9b7b-67439abb1a31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpschoolpress/" + google-query: inurl:"/wp-content/plugins/wpschoolpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpschoolpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpschoolpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpschoolpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpschoolpress-f1f206bccc7ec9ca4ed21059b6547361.yaml b/nuclei-templates/cve-less/plugins/wpschoolpress-f1f206bccc7ec9ca4ed21059b6547361.yaml new file mode 100644 index 0000000000..b578afd6eb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpschoolpress-f1f206bccc7ec9ca4ed21059b6547361.yaml @@ -0,0 +1,58 @@ +id: wpschoolpress-f1f206bccc7ec9ca4ed21059b6547361 + +info: + name: > + WPSchoolPress <= 2.2.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1410d37a-fa8d-41e1-bed7-1c1436b52a83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpschoolpress/" + google-query: inurl:"/wp-content/plugins/wpschoolpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpschoolpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpschoolpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpschoolpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpschoolpress-f6bb81d744ef9464f6fccc27a671bc84.yaml b/nuclei-templates/cve-less/plugins/wpschoolpress-f6bb81d744ef9464f6fccc27a671bc84.yaml new file mode 100644 index 0000000000..de5c4b9880 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpschoolpress-f6bb81d744ef9464f6fccc27a671bc84.yaml @@ -0,0 +1,58 @@ +id: wpschoolpress-f6bb81d744ef9464f6fccc27a671bc84 + +info: + name: > + School Management System – WPSchoolPress <= 2.1.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7de51bf2-f3dc-40d7-8d63-c85c267c4e98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpschoolpress/" + google-query: inurl:"/wp-content/plugins/wpschoolpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpschoolpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpschoolpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpschoolpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpseo-local-062a12d42d5fa439eba03cd3a142a5ad.yaml b/nuclei-templates/cve-less/plugins/wpseo-local-062a12d42d5fa439eba03cd3a142a5ad.yaml new file mode 100644 index 0000000000..962fdd6c42 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpseo-local-062a12d42d5fa439eba03cd3a142a5ad.yaml @@ -0,0 +1,58 @@ +id: wpseo-local-062a12d42d5fa439eba03cd3a142a5ad + +info: + name: > + Yoast SEO: Local <= 14.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b239185f-c368-4768-8f6a-ef9bc593929d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpseo-local/" + google-query: inurl:"/wp-content/plugins/wpseo-local/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpseo-local,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpseo-local/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpseo-local" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpseo-local-559e4b65f535b45dcfe5d339b535e1b8.yaml b/nuclei-templates/cve-less/plugins/wpseo-local-559e4b65f535b45dcfe5d339b535e1b8.yaml new file mode 100644 index 0000000000..5f4eb72641 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpseo-local-559e4b65f535b45dcfe5d339b535e1b8.yaml @@ -0,0 +1,58 @@ +id: wpseo-local-559e4b65f535b45dcfe5d339b535e1b8 + +info: + name: > + Yoast SEO: Local <= 14.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d536acc-b297-4acd-97e2-87eae2e2b95a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpseo-local/" + google-query: inurl:"/wp-content/plugins/wpseo-local/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpseo-local,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpseo-local/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpseo-local" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpseo-local-6f2bfa44316597918db6902f22101641.yaml b/nuclei-templates/cve-less/plugins/wpseo-local-6f2bfa44316597918db6902f22101641.yaml new file mode 100644 index 0000000000..fde01c549f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpseo-local-6f2bfa44316597918db6902f22101641.yaml @@ -0,0 +1,58 @@ +id: wpseo-local-6f2bfa44316597918db6902f22101641 + +info: + name: > + Yoast SEO: Local <= 14.9 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb6457ea-6353-4a69-ad72-cd5acd47ed8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpseo-local/" + google-query: inurl:"/wp-content/plugins/wpseo-local/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpseo-local,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpseo-local/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpseo-local" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 14.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpshopgermany-it-recht-kanzlei-8b316c2c5c57a5bec4fddd68dace9cd3.yaml b/nuclei-templates/cve-less/plugins/wpshopgermany-it-recht-kanzlei-8b316c2c5c57a5bec4fddd68dace9cd3.yaml new file mode 100644 index 0000000000..631fdf82f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpshopgermany-it-recht-kanzlei-8b316c2c5c57a5bec4fddd68dace9cd3.yaml @@ -0,0 +1,58 @@ +id: wpshopgermany-it-recht-kanzlei-8b316c2c5c57a5bec4fddd68dace9cd3 + +info: + name: > + wpShopGermany IT-RECHT KANZLEI <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/220766ef-29a6-46f6-8c67-d1879db79400?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpshopgermany-it-recht-kanzlei/" + google-query: inurl:"/wp-content/plugins/wpshopgermany-it-recht-kanzlei/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpshopgermany-it-recht-kanzlei,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpshopgermany-it-recht-kanzlei/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpshopgermany-it-recht-kanzlei" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpshopgermany-protectedshops-c41eb0b63074858e7a2ad3fb4237d823.yaml b/nuclei-templates/cve-less/plugins/wpshopgermany-protectedshops-c41eb0b63074858e7a2ad3fb4237d823.yaml new file mode 100644 index 0000000000..a05487e001 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpshopgermany-protectedshops-c41eb0b63074858e7a2ad3fb4237d823.yaml @@ -0,0 +1,58 @@ +id: wpshopgermany-protectedshops-c41eb0b63074858e7a2ad3fb4237d823 + +info: + name: > + wpShopGermany - Protected Shops <= 2.0 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21cc5aec-ab5f-412b-aed0-bb41584a84cf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpshopgermany-protectedshops/" + google-query: inurl:"/wp-content/plugins/wpshopgermany-protectedshops/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpshopgermany-protectedshops,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpshopgermany-protectedshops/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpshopgermany-protectedshops" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpsimpletools-log-viewer-955bd8a9c17ef8d9a80499ee35d81209.yaml b/nuclei-templates/cve-less/plugins/wpsimpletools-log-viewer-955bd8a9c17ef8d9a80499ee35d81209.yaml new file mode 100644 index 0000000000..a2a9af6c16 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpsimpletools-log-viewer-955bd8a9c17ef8d9a80499ee35d81209.yaml @@ -0,0 +1,58 @@ +id: wpsimpletools-log-viewer-955bd8a9c17ef8d9a80499ee35d81209 + +info: + name: > + Basic Log Viewer <= 1.0.4 - Cross-Site Request Forgery via wpst_lw_viewer + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18acd104-a5a5-4811-9aea-abc227a1712c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpsimpletools-log-viewer/" + google-query: inurl:"/wp-content/plugins/wpsimpletools-log-viewer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpsimpletools-log-viewer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpsimpletools-log-viewer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpsimpletools-log-viewer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpsimpletools-upload-limit-9de482ee3d956ce585f6bd7d5fa3f9c1.yaml b/nuclei-templates/cve-less/plugins/wpsimpletools-upload-limit-9de482ee3d956ce585f6bd7d5fa3f9c1.yaml new file mode 100644 index 0000000000..7620cf36d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpsimpletools-upload-limit-9de482ee3d956ce585f6bd7d5fa3f9c1.yaml @@ -0,0 +1,58 @@ +id: wpsimpletools-upload-limit-9de482ee3d956ce585f6bd7d5fa3f9c1 + +info: + name: > + Manage Upload Limit <= 1.0.4 - Reflected Cross-Site Scripting via upload_limit + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b90bf09-639c-497c-a58e-3972250db1e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpsimpletools-upload-limit/" + google-query: inurl:"/wp-content/plugins/wpsimpletools-upload-limit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpsimpletools-upload-limit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpsimpletools-upload-limit/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpsimpletools-upload-limit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpsite-background-takeover-d2df040b2ddbf2c6a18a499a718c8a17.yaml b/nuclei-templates/cve-less/plugins/wpsite-background-takeover-d2df040b2ddbf2c6a18a499a718c8a17.yaml new file mode 100644 index 0000000000..6b869e3fa0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpsite-background-takeover-d2df040b2ddbf2c6a18a499a718c8a17.yaml @@ -0,0 +1,58 @@ +id: wpsite-background-takeover-d2df040b2ddbf2c6a18a499a718c8a17 + +info: + name: > + WP Background Takeover < 4.1.5 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27eea04f-3f5f-4f13-9553-4fdea9be865b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpsite-background-takeover/" + google-query: inurl:"/wp-content/plugins/wpsite-background-takeover/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpsite-background-takeover,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpsite-background-takeover/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpsite-background-takeover" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpsite-follow-us-badges-c3fe9adbef48906de6288ff04a6a51a9.yaml b/nuclei-templates/cve-less/plugins/wpsite-follow-us-badges-c3fe9adbef48906de6288ff04a6a51a9.yaml new file mode 100644 index 0000000000..32b507f58c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpsite-follow-us-badges-c3fe9adbef48906de6288ff04a6a51a9.yaml @@ -0,0 +1,58 @@ +id: wpsite-follow-us-badges-c3fe9adbef48906de6288ff04a6a51a9 + +info: + name: > + Follow Us Badges <= 3.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsite_follow_us_badges Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef1ccef8-9066-4f5c-b5c5-9fa6e54f0e87?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpsite-follow-us-badges/" + google-query: inurl:"/wp-content/plugins/wpsite-follow-us-badges/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpsite-follow-us-badges,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpsite-follow-us-badges/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpsite-follow-us-badges" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpslacksync-41acc719f07692e44cc41d180d104907.yaml b/nuclei-templates/cve-less/plugins/wpslacksync-41acc719f07692e44cc41d180d104907.yaml new file mode 100644 index 0000000000..191fbca12b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpslacksync-41acc719f07692e44cc41d180d104907.yaml @@ -0,0 +1,58 @@ +id: wpslacksync-41acc719f07692e44cc41d180d104907 + +info: + name: > + WP SlackSync <= 1.8.5 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e005861c-3ca5-4cee-a84b-9ebc095f4a1f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpslacksync/" + google-query: inurl:"/wp-content/plugins/wpslacksync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpslacksync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpslacksync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpslacksync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpsnapapp-894d5909f0af3672921ffb2138091248.yaml b/nuclei-templates/cve-less/plugins/wpsnapapp-894d5909f0af3672921ffb2138091248.yaml new file mode 100644 index 0000000000..d6f066b3f2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpsnapapp-894d5909f0af3672921ffb2138091248.yaml @@ -0,0 +1,58 @@ +id: wpsnapapp-894d5909f0af3672921ffb2138091248 + +info: + name: > + WP Snap App <= 1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c17b388-1f9a-473f-a71b-a3f72bdf301b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpsnapapp/" + google-query: inurl:"/wp-content/plugins/wpsnapapp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpsnapapp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpsnapapp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpsnapapp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpsolr-search-engine-e0c5d4dca3eeae77e08a24a0d2c24dce.yaml b/nuclei-templates/cve-less/plugins/wpsolr-search-engine-e0c5d4dca3eeae77e08a24a0d2c24dce.yaml new file mode 100644 index 0000000000..727d375483 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpsolr-search-engine-e0c5d4dca3eeae77e08a24a0d2c24dce.yaml @@ -0,0 +1,58 @@ +id: wpsolr-search-engine-e0c5d4dca3eeae77e08a24a0d2c24dce + +info: + name: > + WPSOLR – Elasticsearch and Solr search <= 8.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/048077bc-30da-472c-97ea-24317dbde712?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpsolr-search-engine/" + google-query: inurl:"/wp-content/plugins/wpsolr-search-engine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpsolr-search-engine,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpsolr-search-engine/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpsolr-search-engine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpss-7cf13e2bb716c26880ecc9fba4b8b446.yaml b/nuclei-templates/cve-less/plugins/wpss-7cf13e2bb716c26880ecc9fba4b8b446.yaml new file mode 100644 index 0000000000..959714a802 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpss-7cf13e2bb716c26880ecc9fba4b8b446.yaml @@ -0,0 +1,58 @@ +id: wpss-7cf13e2bb716c26880ecc9fba4b8b446 + +info: + name: > + WordPress Spreadsheet <= 0.6 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/424ebeb4-eb53-4c87-9a86-aff1c784aa3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpSS/" + google-query: inurl:"/wp-content/plugins/wpSS/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpSS,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpSS/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpSS" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpss-dfc9289a15b5d9ef4c8b8a78a1e983f0.yaml b/nuclei-templates/cve-less/plugins/wpss-dfc9289a15b5d9ef4c8b8a78a1e983f0.yaml new file mode 100644 index 0000000000..503e8ad14c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpss-dfc9289a15b5d9ef4c8b8a78a1e983f0.yaml @@ -0,0 +1,58 @@ +id: wpss-dfc9289a15b5d9ef4c8b8a78a1e983f0 + +info: + name: > + WordPress Spreadsheet <= 0.62 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a3c3b3b-7fc9-4586-9a51-33642654dc9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpSS/" + google-query: inurl:"/wp-content/plugins/wpSS/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpSS,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpSS/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpSS" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.62') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpss-ee3866229b628cfe3699728232f7f492.yaml b/nuclei-templates/cve-less/plugins/wpss-ee3866229b628cfe3699728232f7f492.yaml new file mode 100644 index 0000000000..446c0c6e11 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpss-ee3866229b628cfe3699728232f7f492.yaml @@ -0,0 +1,58 @@ +id: wpss-ee3866229b628cfe3699728232f7f492 + +info: + name: > + WordPress Spreadsheet (wpSS) <= 0.62 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8650383a-712b-4830-894f-cd7ec7b0d5bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpSS/" + google-query: inurl:"/wp-content/plugins/wpSS/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpSS,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpSS/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpSS" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.62') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpstorecart-1f49340070b07f37e2b631ba71cc0b18.yaml b/nuclei-templates/cve-less/plugins/wpstorecart-1f49340070b07f37e2b631ba71cc0b18.yaml new file mode 100644 index 0000000000..1162696493 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpstorecart-1f49340070b07f37e2b631ba71cc0b18.yaml @@ -0,0 +1,58 @@ +id: wpstorecart-1f49340070b07f37e2b631ba71cc0b18 + +info: + name: > + IDB Ecommerce (wpStoreCart 5) < 2.5.30 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0cb0970-7e21-44ff-bbca-4b3e18f4466e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpstorecart/" + google-query: inurl:"/wp-content/plugins/wpstorecart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpstorecart,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpstorecart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpstorecart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.29') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpstream-d011f1f83d77935b57f8c936c3d34792.yaml b/nuclei-templates/cve-less/plugins/wpstream-d011f1f83d77935b57f8c936c3d34792.yaml new file mode 100644 index 0000000000..6dd3fda95a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpstream-d011f1f83d77935b57f8c936c3d34792.yaml @@ -0,0 +1,58 @@ +id: wpstream-d011f1f83d77935b57f8c936c3d34792 + +info: + name: > + WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.5.4 - Cross-Site Request Forgery via wpstream_update_local_event_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0c91a58-31e9-4f6e-81fb-0681fb9ce4d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpstream/" + google-query: inurl:"/wp-content/plugins/wpstream/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpstream,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpstream/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpstream" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpstream-d118e9921cdb49f79910263f2b2e7390.yaml b/nuclei-templates/cve-less/plugins/wpstream-d118e9921cdb49f79910263f2b2e7390.yaml new file mode 100644 index 0000000000..436c901de9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpstream-d118e9921cdb49f79910263f2b2e7390.yaml @@ -0,0 +1,58 @@ +id: wpstream-d118e9921cdb49f79910263f2b2e7390 + +info: + name: > + WpStream – Live Streaming, Video on Demand, Pay Per View <= 4.4.10 - Cross-Site Request Forgery via wpstream_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0219851f-7fce-42e0-ba82-77af84b17d9f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpstream/" + google-query: inurl:"/wp-content/plugins/wpstream/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpstream,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpstream/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpstream" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.4.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpsynchro-7c11f7c384d9dd8d4651247b810c16b8.yaml b/nuclei-templates/cve-less/plugins/wpsynchro-7c11f7c384d9dd8d4651247b810c16b8.yaml new file mode 100644 index 0000000000..587a994de3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpsynchro-7c11f7c384d9dd8d4651247b810c16b8.yaml @@ -0,0 +1,58 @@ +id: wpsynchro-7c11f7c384d9dd8d4651247b810c16b8 + +info: + name: > + WP Migration Plugin DB & Files – WP Synchro <= 1.11.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe9659ff-7233-44d4-aaff-ad3089511a67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpsynchro/" + google-query: inurl:"/wp-content/plugins/wpsynchro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpsynchro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpsynchro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpsynchro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.11.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpsynchro-e74a81eb9870251841dabcabe93454ff.yaml b/nuclei-templates/cve-less/plugins/wpsynchro-e74a81eb9870251841dabcabe93454ff.yaml new file mode 100644 index 0000000000..af5245ee09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpsynchro-e74a81eb9870251841dabcabe93454ff.yaml @@ -0,0 +1,58 @@ +id: wpsynchro-e74a81eb9870251841dabcabe93454ff + +info: + name: > + WP Migration Plugin DB & Files – WP Synchro <= 1.9.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f1b6f041-5ea6-48ca-9ca7-4ce96cbfa275?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpsynchro/" + google-query: inurl:"/wp-content/plugins/wpsynchro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpsynchro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpsynchro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpsynchro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wptables-81fef267b7d2479d27762ebd528c25d5.yaml b/nuclei-templates/cve-less/plugins/wptables-81fef267b7d2479d27762ebd528c25d5.yaml new file mode 100644 index 0000000000..c616502f08 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wptables-81fef267b7d2479d27762ebd528c25d5.yaml @@ -0,0 +1,58 @@ +id: wptables-81fef267b7d2479d27762ebd528c25d5 + +info: + name: > + WordPress Tables <= 1.3.9 - Reflected Cross-Site Scripting via error_msg + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/099dfb18-fc73-4a19-b017-1675c9acfa2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wptables/" + google-query: inurl:"/wp-content/plugins/wptables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wptables,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wptables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wptables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wptf-image-gallery-0e5c12aafd12c94fc7a397fbe2697f9a.yaml b/nuclei-templates/cve-less/plugins/wptf-image-gallery-0e5c12aafd12c94fc7a397fbe2697f9a.yaml new file mode 100644 index 0000000000..8505f8a8e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wptf-image-gallery-0e5c12aafd12c94fc7a397fbe2697f9a.yaml @@ -0,0 +1,58 @@ +id: wptf-image-gallery-0e5c12aafd12c94fc7a397fbe2697f9a + +info: + name: > + wptf-image-gallery <= 1.0.3 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/134e09a8-f89a-4282-b2e8-09b84f04aae7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wptf-image-gallery/" + google-query: inurl:"/wp-content/plugins/wptf-image-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wptf-image-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wptf-image-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wptf-image-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wptools-08963ed44b1cea3058d5d701a7dc7bd5.yaml b/nuclei-templates/cve-less/plugins/wptools-08963ed44b1cea3058d5d701a7dc7bd5.yaml new file mode 100644 index 0000000000..730c4490c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wptools-08963ed44b1cea3058d5d701a7dc7bd5.yaml @@ -0,0 +1,58 @@ +id: wptools-08963ed44b1cea3058d5d701a7dc7bd5 + +info: + name: > + WP Tools <= 3.41 - Missing Authorization leading to Authenticated (Subscriber+) Authorization Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4eeed189-3c57-4f23-bb6c-3e84603a83fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wptools/" + google-query: inurl:"/wp-content/plugins/wptools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wptools,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wptools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wptools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.41') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wptools-509c39acb39a633805d6b569fc41a485.yaml b/nuclei-templates/cve-less/plugins/wptools-509c39acb39a633805d6b569fc41a485.yaml new file mode 100644 index 0000000000..cf66b0a77a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wptools-509c39acb39a633805d6b569fc41a485.yaml @@ -0,0 +1,58 @@ +id: wptools-509c39acb39a633805d6b569fc41a485 + +info: + name: > + WP Tools <= 3.42 - Missing Authorization to Select Plugin Installation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/668a77e4-9d0a-4835-be5c-4c1acfe7ba43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wptools/" + google-query: inurl:"/wp-content/plugins/wptools/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wptools,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wptools/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wptools" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wptouch-1b6d42c938576bb7e9892a86129f9bc5.yaml b/nuclei-templates/cve-less/plugins/wptouch-1b6d42c938576bb7e9892a86129f9bc5.yaml new file mode 100644 index 0000000000..5e839e6a52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wptouch-1b6d42c938576bb7e9892a86129f9bc5.yaml @@ -0,0 +1,58 @@ +id: wptouch-1b6d42c938576bb7e9892a86129f9bc5 + +info: + name: > + WPtouch <= 4.3.44 - Authenticated (Administrator+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7148e182-858c-42b1-b9db-9b7a267483e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wptouch/" + google-query: inurl:"/wp-content/plugins/wptouch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wptouch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wptouch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wptouch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wptouch-4578c261077bba561117707849a7d191.yaml b/nuclei-templates/cve-less/plugins/wptouch-4578c261077bba561117707849a7d191.yaml new file mode 100644 index 0000000000..f2b685a4fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wptouch-4578c261077bba561117707849a7d191.yaml @@ -0,0 +1,58 @@ +id: wptouch-4578c261077bba561117707849a7d191 + +info: + name: > + WPtouch <= 4.3.44 - Authenticated (Administrator+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dad27b29-d106-44f2-9b88-6cce0c0cf4a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wptouch/" + google-query: inurl:"/wp-content/plugins/wptouch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wptouch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wptouch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wptouch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.44') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wptouch-92f2fb442048282c27cd8fc5629a2db5.yaml b/nuclei-templates/cve-less/plugins/wptouch-92f2fb442048282c27cd8fc5629a2db5.yaml new file mode 100644 index 0000000000..065aa43213 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wptouch-92f2fb442048282c27cd8fc5629a2db5.yaml @@ -0,0 +1,58 @@ +id: wptouch-92f2fb442048282c27cd8fc5629a2db5 + +info: + name: > + WPtouch <= 1.9.8 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8a3e69e-b6d2-495a-878d-1c2329e9e553?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wptouch/" + google-query: inurl:"/wp-content/plugins/wptouch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wptouch,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wptouch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wptouch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wptouch-c426bf1b8239d541e948689bf4281f26.yaml b/nuclei-templates/cve-less/plugins/wptouch-c426bf1b8239d541e948689bf4281f26.yaml new file mode 100644 index 0000000000..0a6988bfb7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wptouch-c426bf1b8239d541e948689bf4281f26.yaml @@ -0,0 +1,58 @@ +id: wptouch-c426bf1b8239d541e948689bf4281f26 + +info: + name: > + WPtouch < 1.9.20 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f34f98a0-9df4-4b50-ae6a-7912e4b12bb2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wptouch/" + google-query: inurl:"/wp-content/plugins/wptouch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wptouch,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wptouch/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wptouch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.20') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpupper-share-buttons-94f3a814c03c449b36cb253d7f80d949.yaml b/nuclei-templates/cve-less/plugins/wpupper-share-buttons-94f3a814c03c449b36cb253d7f80d949.yaml new file mode 100644 index 0000000000..e9063a1d6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpupper-share-buttons-94f3a814c03c449b36cb253d7f80d949.yaml @@ -0,0 +1,58 @@ +id: wpupper-share-buttons-94f3a814c03c449b36cb253d7f80d949 + +info: + name: > + WPUpper Share Buttons <= 3.42 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eda18b47-1c23-4ef5-9628-d6b5842bca04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpupper-share-buttons/" + google-query: inurl:"/wp-content/plugins/wpupper-share-buttons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpupper-share-buttons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpupper-share-buttons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpupper-share-buttons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpview-0da2272f6fad3d314fe055d518112eb5.yaml b/nuclei-templates/cve-less/plugins/wpview-0da2272f6fad3d314fe055d518112eb5.yaml new file mode 100644 index 0000000000..dc3439346c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpview-0da2272f6fad3d314fe055d518112eb5.yaml @@ -0,0 +1,58 @@ +id: wpview-0da2272f6fad3d314fe055d518112eb5 + +info: + name: > + wpView <= 1.3.0 - Authenticated(Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4cad108-6574-4f14-8a37-89c4c10279d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpview/" + google-query: inurl:"/wp-content/plugins/wpview/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpview,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpview/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpview" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backup-mainwp-a7bf9a411638a6c87526e9cf7c7ea42c.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backup-mainwp-a7bf9a411638a6c87526e9cf7c7ea42c.yaml new file mode 100644 index 0000000000..a34cf71746 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backup-mainwp-a7bf9a411638a6c87526e9cf7c7ea42c.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backup-mainwp-a7bf9a411638a6c87526e9cf7c7ea42c + +info: + name: > + WPvivid Backup for MainWP <= 0.9.32 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a8430ed-6aeb-46a3-8c42-59646845706e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backup-mainwp/" + google-query: inurl:"/wp-content/plugins/wpvivid-backup-mainwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backup-mainwp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backup-mainwp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backup-mainwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-02311b741caefd1373a75d8083768696.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-02311b741caefd1373a75d8083768696.yaml new file mode 100644 index 0000000000..d1dae6bed0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-02311b741caefd1373a75d8083768696.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-02311b741caefd1373a75d8083768696 + +info: + name: > + WPvivid Backup and Migration <= 0.9.68 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef8bfb38-4f20-4f9f-bb30-a88f3be2d2d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '0.9.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-0bef183926021b3705ecb7e440cd2280.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-0bef183926021b3705ecb7e440cd2280.yaml new file mode 100644 index 0000000000..2ebf84ef9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-0bef183926021b3705ecb7e440cd2280.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-0bef183926021b3705ecb7e440cd2280 + +info: + name: > + Migration, Backup, Staging – WPvivid <= 0.9.68 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15ce5666-f020-4264-989d-713e4520e012?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.9.69') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-167f863d325454383d95967607b16eaf.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-167f863d325454383d95967607b16eaf.yaml new file mode 100644 index 0000000000..4ee0ee267f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-167f863d325454383d95967607b16eaf.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-167f863d325454383d95967607b16eaf + +info: + name: > + Migration, Backup, Staging – WPvivid <= 0.9.91 - Google Drive Client Secret Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4658109d-295c-4a1b-b219-ca1f4664ff1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.91') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-21742813963970be1b852e62999d105e.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-21742813963970be1b852e62999d105e.yaml new file mode 100644 index 0000000000..54a7c916d9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-21742813963970be1b852e62999d105e.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-21742813963970be1b852e62999d105e + +info: + name: > + Migration, Backup, Staging – WPvivid <= 0.9.74 - Authenticated (Admin+) PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7e2ca2e-c495-47f8-9c18-da5ba73d9e70?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.74') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-261f8d0d96a6973bf1fe24c56cd5b3ec.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-261f8d0d96a6973bf1fe24c56cd5b3ec.yaml new file mode 100644 index 0000000000..c21dcb3a0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-261f8d0d96a6973bf1fe24c56cd5b3ec.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-261f8d0d96a6973bf1fe24c56cd5b3ec + +info: + name: > + Migration, Backup, Staging – WPvivid <= 0.9.70 - Authenticated Arbitrary File Read + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2760587c-78f5-40b1-affd-dfdfb2bc2a68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.70') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-549345c10b291ab93f71309abaa38002.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-549345c10b291ab93f71309abaa38002.yaml new file mode 100644 index 0000000000..b0404a051f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-549345c10b291ab93f71309abaa38002.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-549345c10b291ab93f71309abaa38002 + +info: + name: > + Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/320f4260-20c2-4f27-91ba-d2488b417f62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.89') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-574ff230e2226e2c8ffbb0d383453c99.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-574ff230e2226e2c8ffbb0d383453c99.yaml new file mode 100644 index 0000000000..da9f9b3331 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-574ff230e2226e2c8ffbb0d383453c99.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-574ff230e2226e2c8ffbb0d383453c99 + +info: + name: > + WPvivid Backup Plugin <= 0.9.90 - Missing Authorization via 'start_staging' and 'get_staging_progress' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28e723ee-e99a-4ec4-b492-bfba04d27fd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.9.91') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-66174d632ca5e11403564d89ab52d0f1.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-66174d632ca5e11403564d89ab52d0f1.yaml new file mode 100644 index 0000000000..959595ac53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-66174d632ca5e11403564d89ab52d0f1.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-66174d632ca5e11403564d89ab52d0f1 + +info: + name: > + Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cdcac5f9-a744-4853-8a80-ed38fec81dbb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.89') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-6fc26492de3e14b8a03318635a942d46.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-6fc26492de3e14b8a03318635a942d46.yaml new file mode 100644 index 0000000000..9b1dedfa84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-6fc26492de3e14b8a03318635a942d46.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-6fc26492de3e14b8a03318635a942d46 + +info: + name: > + Migration, Backup, Staging – WPvivid <= 0.9.89 - Authenticated (Administrator+) Arbitrary Directory Deletion via Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d94f38f-4b52-4b0d-800c-a6fca40bda3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '0.9.89') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-70efeee5b28a1c15fdfabb1bea0a8d31.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-70efeee5b28a1c15fdfabb1bea0a8d31.yaml new file mode 100644 index 0000000000..2fbc866f49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-70efeee5b28a1c15fdfabb1bea0a8d31.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-70efeee5b28a1c15fdfabb1bea0a8d31 + +info: + name: > + WPvivid Backup and Migration <= 0.9.68 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f17976e-d6b9-40fb-b2fb-d60bcfd68d12?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.68') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-92cb4c71463b35b1c480a90397f7eb13.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-92cb4c71463b35b1c480a90397f7eb13.yaml new file mode 100644 index 0000000000..a5518a5bb1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-92cb4c71463b35b1c480a90397f7eb13.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-92cb4c71463b35b1c480a90397f7eb13 + +info: + name: > + Migration, Backup, Staging – WPvivid <= 0.9.69 - Reflected Cross-Site Scripting via sub_page Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec4d807b-7119-40f0-99a8-5df8471c515b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.9.70') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-a6bc1c4f18d7c787b94d2c3a536d60d6.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-a6bc1c4f18d7c787b94d2c3a536d60d6.yaml new file mode 100644 index 0000000000..cbb22fde61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-a6bc1c4f18d7c787b94d2c3a536d60d6.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-a6bc1c4f18d7c787b94d2c3a536d60d6 + +info: + name: > + WPvivid <= 0.9.94 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bad0bd6b-9c88-4d31-90b5-92d3ceb8c0af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.94') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-c09b3bbf7fa2f9da4c4d07cfecb5595a.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-c09b3bbf7fa2f9da4c4d07cfecb5595a.yaml new file mode 100644 index 0000000000..4f9863e26e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-c09b3bbf7fa2f9da4c4d07cfecb5595a.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-c09b3bbf7fa2f9da4c4d07cfecb5595a + +info: + name: > + Migration, Backup, Staging – WPvivid <= 0.9.75 - Authenticated (Administrator+) Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c6c2695-6244-43fa-8920-7dba14668659?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.75') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-ed94652247c936f26c87589210c8b78f.yaml b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-ed94652247c936f26c87589210c8b78f.yaml new file mode 100644 index 0000000000..c05480d75d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvivid-backuprestore-ed94652247c936f26c87589210c8b78f.yaml @@ -0,0 +1,58 @@ +id: wpvivid-backuprestore-ed94652247c936f26c87589210c8b78f + +info: + name: > + WPvivid Backup & Migration Plugin <= 0.9.99 - Authenticated (Admin+) PHAR Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf26fc68-9fd4-4e4e-b34f-c947d95891f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvivid-backuprestore/" + google-query: inurl:"/wp-content/plugins/wpvivid-backuprestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvivid-backuprestore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvivid-backuprestore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvivid-backuprestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.99') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvr-0494f8e348129a631af8f56e0ffddc34.yaml b/nuclei-templates/cve-less/plugins/wpvr-0494f8e348129a631af8f56e0ffddc34.yaml new file mode 100644 index 0000000000..70f9f1c053 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvr-0494f8e348129a631af8f56e0ffddc34.yaml @@ -0,0 +1,58 @@ +id: wpvr-0494f8e348129a631af8f56e0ffddc34 + +info: + name: > + WP VR <= 8.2.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/13a0dd72-1124-4b5d-9bad-fe4fea8e3e68?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvr/" + google-query: inurl:"/wp-content/plugins/wpvr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvr-05be7d772f531cd07131df257a1f15a1.yaml b/nuclei-templates/cve-less/plugins/wpvr-05be7d772f531cd07131df257a1f15a1.yaml new file mode 100644 index 0000000000..7b564d0971 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvr-05be7d772f531cd07131df257a1f15a1.yaml @@ -0,0 +1,58 @@ +id: wpvr-05be7d772f531cd07131df257a1f15a1 + +info: + name: > + WP VR <= 8.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fbde737-0730-49a4-a84e-a9c5e0e32af5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvr/" + google-query: inurl:"/wp-content/plugins/wpvr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvr-05c834cda01a386b0744c30fe4c1b224.yaml b/nuclei-templates/cve-less/plugins/wpvr-05c834cda01a386b0744c30fe4c1b224.yaml new file mode 100644 index 0000000000..e1111cb5a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvr-05c834cda01a386b0744c30fe4c1b224.yaml @@ -0,0 +1,58 @@ +id: wpvr-05c834cda01a386b0744c30fe4c1b224 + +info: + name: > + WP VR <= 8.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecb86ea6-2aca-4f7c-be81-a572b53b7953?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvr/" + google-query: inurl:"/wp-content/plugins/wpvr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvr,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvr-0e6778305a28eacf186b54844a0e5ea0.yaml b/nuclei-templates/cve-less/plugins/wpvr-0e6778305a28eacf186b54844a0e5ea0.yaml new file mode 100644 index 0000000000..b889633a6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvr-0e6778305a28eacf186b54844a0e5ea0.yaml @@ -0,0 +1,58 @@ +id: wpvr-0e6778305a28eacf186b54844a0e5ea0 + +info: + name: > + WP VR <= 8.3.14 - Missing Authorization to Plugin Version Downgrade + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34fcc835-593f-435b-ad00-07ca0cb649fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvr/" + google-query: inurl:"/wp-content/plugins/wpvr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvr,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvr-30833f7da41d4fcbb3740f51789c1920.yaml b/nuclei-templates/cve-less/plugins/wpvr-30833f7da41d4fcbb3740f51789c1920.yaml new file mode 100644 index 0000000000..7610c5ac34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvr-30833f7da41d4fcbb3740f51789c1920.yaml @@ -0,0 +1,58 @@ +id: wpvr-30833f7da41d4fcbb3740f51789c1920 + +info: + name: > + WP VR <= 8.3.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc08e4cf-3964-406e-9046-420e749df4b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvr/" + google-query: inurl:"/wp-content/plugins/wpvr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvr-30df02f445ade717ac7c0e2991062171.yaml b/nuclei-templates/cve-less/plugins/wpvr-30df02f445ade717ac7c0e2991062171.yaml new file mode 100644 index 0000000000..b494eecede --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvr-30df02f445ade717ac7c0e2991062171.yaml @@ -0,0 +1,58 @@ +id: wpvr-30df02f445ade717ac7c0e2991062171 + +info: + name: > + WP VR <= 8.2.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54b495e8-f641-444d-a3d4-a54bb0836c40?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvr/" + google-query: inurl:"/wp-content/plugins/wpvr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvr,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpvr-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/wpvr-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..6053c39064 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpvr-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: wpvr-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpvr/" + google-query: inurl:"/wp-content/plugins/wpvr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpvr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpvr/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpvr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-1453924550bc29c555e5d4ba1d470f33.yaml b/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-1453924550bc29c555e5d4ba1d470f33.yaml new file mode 100644 index 0000000000..5825abec4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-1453924550bc29c555e5d4ba1d470f33.yaml @@ -0,0 +1,58 @@ +id: wpzoom-addons-for-beaver-builder-1453924550bc29c555e5d4ba1d470f33 + +info: + name: > + Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03564cae-df90-454b-8379-6ad9f22b7389?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpzoom-addons-for-beaver-builder/" + google-query: inurl:"/wp-content/plugins/wpzoom-addons-for-beaver-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpzoom-addons-for-beaver-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpzoom-addons-for-beaver-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-435ab56c3c78663cfa598710697f9daf.yaml b/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-435ab56c3c78663cfa598710697f9daf.yaml new file mode 100644 index 0000000000..a1a1347742 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-435ab56c3c78663cfa598710697f9daf.yaml @@ -0,0 +1,58 @@ +id: wpzoom-addons-for-beaver-builder-435ab56c3c78663cfa598710697f9daf + +info: + name: > + Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02fceb91-7691-4629-b18b-57959e9f3f62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpzoom-addons-for-beaver-builder/" + google-query: inurl:"/wp-content/plugins/wpzoom-addons-for-beaver-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpzoom-addons-for-beaver-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpzoom-addons-for-beaver-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-46443215df27c06259cb9cb549f79f5d.yaml b/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-46443215df27c06259cb9cb549f79f5d.yaml new file mode 100644 index 0000000000..9ae53b8d8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-46443215df27c06259cb9cb549f79f5d.yaml @@ -0,0 +1,58 @@ +id: wpzoom-addons-for-beaver-builder-46443215df27c06259cb9cb549f79f5d + +info: + name: > + Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6baa44c7-1c13-45ad-9fb5-da06933f3cd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpzoom-addons-for-beaver-builder/" + google-query: inurl:"/wp-content/plugins/wpzoom-addons-for-beaver-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpzoom-addons-for-beaver-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpzoom-addons-for-beaver-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-6fe1ccb7efc24357409ad5ff0b713ab1.yaml b/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-6fe1ccb7efc24357409ad5ff0b713ab1.yaml new file mode 100644 index 0000000000..1f50fb7c84 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-6fe1ccb7efc24357409ad5ff0b713ab1.yaml @@ -0,0 +1,58 @@ +id: wpzoom-addons-for-beaver-builder-6fe1ccb7efc24357409ad5ff0b713ab1 + +info: + name: > + Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/746385e0-6bb9-47f2-a3e7-72f8e28be731?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpzoom-addons-for-beaver-builder/" + google-query: inurl:"/wp-content/plugins/wpzoom-addons-for-beaver-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpzoom-addons-for-beaver-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpzoom-addons-for-beaver-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-c8eb6bc5db7f4876cb01e7f978c6ef1d.yaml b/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-c8eb6bc5db7f4876cb01e7f978c6ef1d.yaml new file mode 100644 index 0000000000..1c19899cf5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpzoom-addons-for-beaver-builder-c8eb6bc5db7f4876cb01e7f978c6ef1d.yaml @@ -0,0 +1,58 @@ +id: wpzoom-addons-for-beaver-builder-c8eb6bc5db7f4876cb01e7f978c6ef1d + +info: + name: > + Beaver Builder Addons by WPZOOM <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/781987af-3753-46ec-9d56-fb8b6ef42277?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpzoom-addons-for-beaver-builder/" + google-query: inurl:"/wp-content/plugins/wpzoom-addons-for-beaver-builder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpzoom-addons-for-beaver-builder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpzoom-addons-for-beaver-builder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpzoom-addons-for-beaver-builder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpzoom-elementor-addons-0c1df7bc0f650153d4deab14ee137704.yaml b/nuclei-templates/cve-less/plugins/wpzoom-elementor-addons-0c1df7bc0f650153d4deab14ee137704.yaml new file mode 100644 index 0000000000..96ae1186ee --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpzoom-elementor-addons-0c1df7bc0f650153d4deab14ee137704.yaml @@ -0,0 +1,58 @@ +id: wpzoom-elementor-addons-0c1df7bc0f650153d4deab14ee137704 + +info: + name: > + WPZOOM Addons for Elementor (Templates, Widgets) <= <=1.1.35 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61589c29-3f81-49e2-b001-c51892141c76?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpzoom-elementor-addons/" + google-query: inurl:"/wp-content/plugins/wpzoom-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpzoom-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpzoom-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpzoom-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.35') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpzoom-portfolio-0ee2773c0417239ca9eb51cc09f9c94f.yaml b/nuclei-templates/cve-less/plugins/wpzoom-portfolio-0ee2773c0417239ca9eb51cc09f9c94f.yaml new file mode 100644 index 0000000000..c6c554e9d8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpzoom-portfolio-0ee2773c0417239ca9eb51cc09f9c94f.yaml @@ -0,0 +1,58 @@ +id: wpzoom-portfolio-0ee2773c0417239ca9eb51cc09f9c94f + +info: + name: > + WPZOOM Portfolio <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84cb907c-bd6b-4031-96a1-8a6de71923e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpzoom-portfolio/" + google-query: inurl:"/wp-content/plugins/wpzoom-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpzoom-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpzoom-portfolio/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpzoom-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wpzoom-shortcodes-3b341aa619ead8c67e0c3faf1b78e638.yaml b/nuclei-templates/cve-less/plugins/wpzoom-shortcodes-3b341aa619ead8c67e0c3faf1b78e638.yaml new file mode 100644 index 0000000000..7ae7967913 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wpzoom-shortcodes-3b341aa619ead8c67e0c3faf1b78e638.yaml @@ -0,0 +1,58 @@ +id: wpzoom-shortcodes-3b341aa619ead8c67e0c3faf1b78e638 + +info: + name: > + WPZOOM Shortcodes <= 1.0.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2a95c6f-7248-4805-af86-11fd536b5d8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wpzoom-shortcodes/" + google-query: inurl:"/wp-content/plugins/wpzoom-shortcodes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wpzoom-shortcodes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wpzoom-shortcodes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpzoom-shortcodes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wrc-pricing-tables-b7300a2ec84dffd7f0d27ca9d7ff574b.yaml b/nuclei-templates/cve-less/plugins/wrc-pricing-tables-b7300a2ec84dffd7f0d27ca9d7ff574b.yaml new file mode 100644 index 0000000000..dc5679e6b0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wrc-pricing-tables-b7300a2ec84dffd7f0d27ca9d7ff574b.yaml @@ -0,0 +1,58 @@ +id: wrc-pricing-tables-b7300a2ec84dffd7f0d27ca9d7ff574b + +info: + name: > + WRC Pricing Tables <= 2.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7028184-2b16-45a8-893a-37eb74bab329?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wrc-pricing-tables/" + google-query: inurl:"/wp-content/plugins/wrc-pricing-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wrc-pricing-tables,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wrc-pricing-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wrc-pricing-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wrc-pricing-tables-c3986a6ffb844160a08c3a8660d4bd5e.yaml b/nuclei-templates/cve-less/plugins/wrc-pricing-tables-c3986a6ffb844160a08c3a8660d4bd5e.yaml new file mode 100644 index 0000000000..3c4d7ce35e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wrc-pricing-tables-c3986a6ffb844160a08c3a8660d4bd5e.yaml @@ -0,0 +1,58 @@ +id: wrc-pricing-tables-c3986a6ffb844160a08c3a8660d4bd5e + +info: + name: > + WRC Pricing Tables <= 2.3.7 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/823dc422-12f4-4f7d-a305-2e4db18bafdf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wrc-pricing-tables/" + google-query: inurl:"/wp-content/plugins/wrc-pricing-tables/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wrc-pricing-tables,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wrc-pricing-tables/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wrc-pricing-tables" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ws-facebook-likebox-4ece1b2368b1b6541fd5808b6263c140.yaml b/nuclei-templates/cve-less/plugins/ws-facebook-likebox-4ece1b2368b1b6541fd5808b6263c140.yaml new file mode 100644 index 0000000000..4c2b2dfdba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ws-facebook-likebox-4ece1b2368b1b6541fd5808b6263c140.yaml @@ -0,0 +1,58 @@ +id: ws-facebook-likebox-4ece1b2368b1b6541fd5808b6263c140 + +info: + name: > + WS Facebook Like Box Widget <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bebc229-9d15-439f-a8df-f68455bc5193?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ws-facebook-likebox/" + google-query: inurl:"/wp-content/plugins/ws-facebook-likebox/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ws-facebook-likebox,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ws-facebook-likebox/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ws-facebook-likebox" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ws-form-832185af76432ae76d6be1580f0d17e2.yaml b/nuclei-templates/cve-less/plugins/ws-form-832185af76432ae76d6be1580f0d17e2.yaml new file mode 100644 index 0000000000..7b196fb745 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ws-form-832185af76432ae76d6be1580f0d17e2.yaml @@ -0,0 +1,58 @@ +id: ws-form-832185af76432ae76d6be1580f0d17e2 + +info: + name: > + WS Form LITE and WS Form Pro < 1.8.176 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2990ed9-061e-4d35-aae0-99282a4f3737?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ws-form/" + google-query: inurl:"/wp-content/plugins/ws-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ws-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ws-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ws-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.176') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ws-form-a9651b358db184ef2f9f80cf3ecfa474.yaml b/nuclei-templates/cve-less/plugins/ws-form-a9651b358db184ef2f9f80cf3ecfa474.yaml new file mode 100644 index 0000000000..cf9879327d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ws-form-a9651b358db184ef2f9f80cf3ecfa474.yaml @@ -0,0 +1,58 @@ +id: ws-form-a9651b358db184ef2f9f80cf3ecfa474 + +info: + name: > + WS Form LITE and Pro < 1.8.176 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd650510-2d1c-48a1-a5fa-d4c26f3d030c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ws-form/" + google-query: inurl:"/wp-content/plugins/ws-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ws-form,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ws-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ws-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.176') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ws-form-b4ff9a96de0f409f95e972962d7a3e6d.yaml b/nuclei-templates/cve-less/plugins/ws-form-b4ff9a96de0f409f95e972962d7a3e6d.yaml new file mode 100644 index 0000000000..5477df32b6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ws-form-b4ff9a96de0f409f95e972962d7a3e6d.yaml @@ -0,0 +1,58 @@ +id: ws-form-b4ff9a96de0f409f95e972962d7a3e6d + +info: + name: > + WS Form LITE <= 1.9.170 - Authenticated(Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3171015-227d-420a-ba3a-e6e2dc17ba8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ws-form/" + google-query: inurl:"/wp-content/plugins/ws-form/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ws-form,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ws-form/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ws-form" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.9.171') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ws-form-pro-832185af76432ae76d6be1580f0d17e2.yaml b/nuclei-templates/cve-less/plugins/ws-form-pro-832185af76432ae76d6be1580f0d17e2.yaml new file mode 100644 index 0000000000..94258f58db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ws-form-pro-832185af76432ae76d6be1580f0d17e2.yaml @@ -0,0 +1,58 @@ +id: ws-form-pro-832185af76432ae76d6be1580f0d17e2 + +info: + name: > + WS Form LITE and WS Form Pro < 1.8.176 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2990ed9-061e-4d35-aae0-99282a4f3737?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ws-form-pro/" + google-query: inurl:"/wp-content/plugins/ws-form-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ws-form-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ws-form-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ws-form-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.176') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ws-form-pro-a9651b358db184ef2f9f80cf3ecfa474.yaml b/nuclei-templates/cve-less/plugins/ws-form-pro-a9651b358db184ef2f9f80cf3ecfa474.yaml new file mode 100644 index 0000000000..12dd746a1b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ws-form-pro-a9651b358db184ef2f9f80cf3ecfa474.yaml @@ -0,0 +1,58 @@ +id: ws-form-pro-a9651b358db184ef2f9f80cf3ecfa474 + +info: + name: > + WS Form LITE and Pro < 1.8.176 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd650510-2d1c-48a1-a5fa-d4c26f3d030c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ws-form-pro/" + google-query: inurl:"/wp-content/plugins/ws-form-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ws-form-pro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ws-form-pro/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ws-form-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.176') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wsb-brands-02b515a3d90192b157fb5edc5ea88a55.yaml b/nuclei-templates/cve-less/plugins/wsb-brands-02b515a3d90192b157fb5edc5ea88a55.yaml new file mode 100644 index 0000000000..980c0dc8ae --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wsb-brands-02b515a3d90192b157fb5edc5ea88a55.yaml @@ -0,0 +1,58 @@ +id: wsb-brands-02b515a3d90192b157fb5edc5ea88a55 + +info: + name: > + WSB Brands <= 1.1.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via $logo + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/89321887-0116-47fb-b65b-008c9fb01b62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wsb-brands/" + google-query: inurl:"/wp-content/plugins/wsb-brands/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wsb-brands,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wsb-brands/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wsb-brands" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wsecure-8435cd6b84481f3b14132a8d7f815c94.yaml b/nuclei-templates/cve-less/plugins/wsecure-8435cd6b84481f3b14132a8d7f815c94.yaml new file mode 100644 index 0000000000..60019b1f56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wsecure-8435cd6b84481f3b14132a8d7f815c94.yaml @@ -0,0 +1,58 @@ +id: wsecure-8435cd6b84481f3b14132a8d7f815c94 + +info: + name: > + wSecure Lite < 2.4 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bac57319-3b0c-4b83-af9e-7b5539ef087a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wsecure/" + google-query: inurl:"/wp-content/plugins/wsecure/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wsecure,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wsecure/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wsecure" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wsecure-9b48b8479f4c58ab28f6369c437cd823.yaml b/nuclei-templates/cve-less/plugins/wsecure-9b48b8479f4c58ab28f6369c437cd823.yaml new file mode 100644 index 0000000000..b5879b276c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wsecure-9b48b8479f4c58ab28f6369c437cd823.yaml @@ -0,0 +1,58 @@ +id: wsecure-9b48b8479f4c58ab28f6369c437cd823 + +info: + name: > + wSecure Lite <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05f5addb-ab1d-4b67-b969-3b95d43be790?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wsecure/" + google-query: inurl:"/wp-content/plugins/wsecure/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wsecure,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wsecure/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wsecure" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wsm-downloader-8589ee226f71b9ad4c2ae9aa0680e0d9.yaml b/nuclei-templates/cve-less/plugins/wsm-downloader-8589ee226f71b9ad4c2ae9aa0680e0d9.yaml new file mode 100644 index 0000000000..9a24426ecb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wsm-downloader-8589ee226f71b9ad4c2ae9aa0680e0d9.yaml @@ -0,0 +1,58 @@ +id: wsm-downloader-8589ee226f71b9ad4c2ae9aa0680e0d9 + +info: + name: > + WSM Downloader <- 1.4.0 - Domain Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6374cda-5aa2-4a2c-8d20-5641cfc33529?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wsm-downloader/" + google-query: inurl:"/wp-content/plugins/wsm-downloader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wsm-downloader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wsm-downloader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wsm-downloader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wsm-downloader-de76eb4127c4abe851f7593ebf365054.yaml b/nuclei-templates/cve-less/plugins/wsm-downloader-de76eb4127c4abe851f7593ebf365054.yaml new file mode 100644 index 0000000000..1cab495938 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wsm-downloader-de76eb4127c4abe851f7593ebf365054.yaml @@ -0,0 +1,58 @@ +id: wsm-downloader-de76eb4127c4abe851f7593ebf365054 + +info: + name: > + WSM Downloader <= 1.4.0 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36d3dae0-4705-487a-a4a4-c12280e866a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wsm-downloader/" + google-query: inurl:"/wp-content/plugins/wsm-downloader/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wsm-downloader,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wsm-downloader/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wsm-downloader" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wti-like-post-3324e66b3f1d865a4a88e7aa92b87f29.yaml b/nuclei-templates/cve-less/plugins/wti-like-post-3324e66b3f1d865a4a88e7aa92b87f29.yaml new file mode 100644 index 0000000000..ae618d3277 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wti-like-post-3324e66b3f1d865a4a88e7aa92b87f29.yaml @@ -0,0 +1,58 @@ +id: wti-like-post-3324e66b3f1d865a4a88e7aa92b87f29 + +info: + name: > + WTI Like Post < 1.4.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1800241-802b-4c6a-a9d8-a7cf78450346?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wti-like-post/" + google-query: inurl:"/wp-content/plugins/wti-like-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wti-like-post,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wti-like-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wti-like-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wti-like-post-bea1167e010c002491bae397468a7fde.yaml b/nuclei-templates/cve-less/plugins/wti-like-post-bea1167e010c002491bae397468a7fde.yaml new file mode 100644 index 0000000000..e072498485 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wti-like-post-bea1167e010c002491bae397468a7fde.yaml @@ -0,0 +1,58 @@ +id: wti-like-post-bea1167e010c002491bae397468a7fde + +info: + name: > + WTI Like Post <= 1.4.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21dd21cb-35b7-47df-a9f0-6fd92c45a8ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wti-like-post/" + google-query: inurl:"/wp-content/plugins/wti-like-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wti-like-post,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wti-like-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wti-like-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wti-like-post-fe235b16e5129f2873d5a71f2024f409.yaml b/nuclei-templates/cve-less/plugins/wti-like-post-fe235b16e5129f2873d5a71f2024f409.yaml new file mode 100644 index 0000000000..8f0d33089d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wti-like-post-fe235b16e5129f2873d5a71f2024f409.yaml @@ -0,0 +1,58 @@ +id: wti-like-post-fe235b16e5129f2873d5a71f2024f409 + +info: + name: > + WTI Like Post <= 1.4.6 - IP Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6a2580f-4a40-4aed-acbf-afecbd16bbf7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wti-like-post/" + google-query: inurl:"/wp-content/plugins/wti-like-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wti-like-post,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wti-like-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wti-like-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wu-rating-530246c3333edec963a6035638964677.yaml b/nuclei-templates/cve-less/plugins/wu-rating-530246c3333edec963a6035638964677.yaml new file mode 100644 index 0000000000..23a5af808e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wu-rating-530246c3333edec963a6035638964677.yaml @@ -0,0 +1,58 @@ +id: wu-rating-530246c3333edec963a6035638964677 + +info: + name: > + Wu-Rating <= 1.0 12319 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3abd265-f1b0-49e5-ba50-5af91e855f5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wu-rating/" + google-query: inurl:"/wp-content/plugins/wu-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wu-rating,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wu-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wu-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0 12319') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wufoo-shortcode-e7037db773bf01752d04e36ac2a2c9a0.yaml b/nuclei-templates/cve-less/plugins/wufoo-shortcode-e7037db773bf01752d04e36ac2a2c9a0.yaml new file mode 100644 index 0000000000..b26bab9bc8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wufoo-shortcode-e7037db773bf01752d04e36ac2a2c9a0.yaml @@ -0,0 +1,58 @@ +id: wufoo-shortcode-e7037db773bf01752d04e36ac2a2c9a0 + +info: + name: > + Wufoo Shortcode <= 1.51 - Authenticated (Contributor+) Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76ccc688-79c0-4b6e-aac9-cf18baf9af46?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wufoo-shortcode/" + google-query: inurl:"/wp-content/plugins/wufoo-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wufoo-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wufoo-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wufoo-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.51') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wwm-social-share-on-image-hover-92ee681763fb9cdadb89c1275ea24df6.yaml b/nuclei-templates/cve-less/plugins/wwm-social-share-on-image-hover-92ee681763fb9cdadb89c1275ea24df6.yaml new file mode 100644 index 0000000000..2341214968 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wwm-social-share-on-image-hover-92ee681763fb9cdadb89c1275ea24df6.yaml @@ -0,0 +1,58 @@ +id: wwm-social-share-on-image-hover-92ee681763fb9cdadb89c1275ea24df6 + +info: + name: > + WWM Social Share On Image Hover <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c9ab868b-51ab-4dad-b662-8302cda9c0e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wwm-social-share-on-image-hover/" + google-query: inurl:"/wp-content/plugins/wwm-social-share-on-image-hover/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wwm-social-share-on-image-hover,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wwm-social-share-on-image-hover/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wwm-social-share-on-image-hover" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/www-xml-sitemap-generator-org-c30ecd15c33e495c7a907535cf50c4ac.yaml b/nuclei-templates/cve-less/plugins/www-xml-sitemap-generator-org-c30ecd15c33e495c7a907535cf50c4ac.yaml new file mode 100644 index 0000000000..001b43e5a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/www-xml-sitemap-generator-org-c30ecd15c33e495c7a907535cf50c4ac.yaml @@ -0,0 +1,58 @@ +id: www-xml-sitemap-generator-org-c30ecd15c33e495c7a907535cf50c4ac + +info: + name: > + XML Sitemap Generator for Google <= 2.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/650dfc4c-d851-481c-af8f-4dfe1e128a1d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/www-xml-sitemap-generator-org/" + google-query: inurl:"/wp-content/plugins/www-xml-sitemap-generator-org/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,www-xml-sitemap-generator-org,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/www-xml-sitemap-generator-org/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "www-xml-sitemap-generator-org" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wxsync-506b320d59fe9094f7b88764f2b3b6fd.yaml b/nuclei-templates/cve-less/plugins/wxsync-506b320d59fe9094f7b88764f2b3b6fd.yaml new file mode 100644 index 0000000000..67859c43b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wxsync-506b320d59fe9094f7b88764f2b3b6fd.yaml @@ -0,0 +1,58 @@ +id: wxsync-506b320d59fe9094f7b88764f2b3b6fd + +info: + name: > + WxSync <= 2.7.24 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c85c13ed-6981-4062-8aca-800721b28b88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wxsync/" + google-query: inurl:"/wp-content/plugins/wxsync/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wxsync,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wxsync/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wxsync" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wysija-newsletters-16a2ba366a797ba0d5eb3e8be47b4c59.yaml b/nuclei-templates/cve-less/plugins/wysija-newsletters-16a2ba366a797ba0d5eb3e8be47b4c59.yaml new file mode 100644 index 0000000000..203c0af761 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wysija-newsletters-16a2ba366a797ba0d5eb3e8be47b4c59.yaml @@ -0,0 +1,58 @@ +id: wysija-newsletters-16a2ba366a797ba0d5eb3e8be47b4c59 + +info: + name: > + MailPoet Newsletters <= 2.6.6 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5763e3b-01b3-4541-8fef-80fcb7e7e88e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wysija-newsletters/" + google-query: inurl:"/wp-content/plugins/wysija-newsletters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wysija-newsletters,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wysija-newsletters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wysija-newsletters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wysija-newsletters-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/plugins/wysija-newsletters-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..6b10cd78c7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wysija-newsletters-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,58 @@ +id: wysija-newsletters-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wysija-newsletters/" + google-query: inurl:"/wp-content/plugins/wysija-newsletters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wysija-newsletters,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wysija-newsletters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wysija-newsletters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wysija-newsletters-7b51f983a57c524a14f0aa93885b9cf0.yaml b/nuclei-templates/cve-less/plugins/wysija-newsletters-7b51f983a57c524a14f0aa93885b9cf0.yaml new file mode 100644 index 0000000000..32f0e3c58c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wysija-newsletters-7b51f983a57c524a14f0aa93885b9cf0.yaml @@ -0,0 +1,58 @@ +id: wysija-newsletters-7b51f983a57c524a14f0aa93885b9cf0 + +info: + name: > + MailPoet Newsletters <= 2.2 - Multiple SQL Injections + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/289569f5-8a8d-4427-8ad4-e431c955311e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wysija-newsletters/" + google-query: inurl:"/wp-content/plugins/wysija-newsletters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wysija-newsletters,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wysija-newsletters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wysija-newsletters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wysija-newsletters-d6e885fce7f28ee6559b8945eb076a5d.yaml b/nuclei-templates/cve-less/plugins/wysija-newsletters-d6e885fce7f28ee6559b8945eb076a5d.yaml new file mode 100644 index 0000000000..82bdd6cecf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wysija-newsletters-d6e885fce7f28ee6559b8945eb076a5d.yaml @@ -0,0 +1,58 @@ +id: wysija-newsletters-d6e885fce7f28ee6559b8945eb076a5d + +info: + name: > + MailPoet Newsletters <= 2.6.7 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e3194a7-5b3d-4805-9a35-50ebe65aa6ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wysija-newsletters/" + google-query: inurl:"/wp-content/plugins/wysija-newsletters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wysija-newsletters,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wysija-newsletters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wysija-newsletters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wysija-newsletters-eb211f56901dd02ad29cd2f46f132fad.yaml b/nuclei-templates/cve-less/plugins/wysija-newsletters-eb211f56901dd02ad29cd2f46f132fad.yaml new file mode 100644 index 0000000000..6739f6b9a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wysija-newsletters-eb211f56901dd02ad29cd2f46f132fad.yaml @@ -0,0 +1,58 @@ +id: wysija-newsletters-eb211f56901dd02ad29cd2f46f132fad + +info: + name: > + MailPoet Newsletters (Previous) <= 2.6.10 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/557172d0-33ad-427a-b575-df529e2aaab0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wysija-newsletters/" + google-query: inurl:"/wp-content/plugins/wysija-newsletters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wysija-newsletters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wysija-newsletters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wysija-newsletters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/wysija-newsletters-f7d5e9c6698316d3dbc370fb98b6400f.yaml b/nuclei-templates/cve-less/plugins/wysija-newsletters-f7d5e9c6698316d3dbc370fb98b6400f.yaml new file mode 100644 index 0000000000..2e2aca96b8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/wysija-newsletters-f7d5e9c6698316d3dbc370fb98b6400f.yaml @@ -0,0 +1,58 @@ +id: wysija-newsletters-f7d5e9c6698316d3dbc370fb98b6400f + +info: + name: > + MailPoet Newsletters <= 2.8.1 - Spam Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/464a41f6-5569-4306-be99-566e2354c73b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/wysija-newsletters/" + google-query: inurl:"/wp-content/plugins/wysija-newsletters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,wysija-newsletters,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/wysija-newsletters/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wysija-newsletters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/x-forms-express-0943806ea17e69fbad3f9008b6d8edaf.yaml b/nuclei-templates/cve-less/plugins/x-forms-express-0943806ea17e69fbad3f9008b6d8edaf.yaml new file mode 100644 index 0000000000..18bb8691c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/x-forms-express-0943806ea17e69fbad3f9008b6d8edaf.yaml @@ -0,0 +1,58 @@ +id: x-forms-express-0943806ea17e69fbad3f9008b6d8edaf + +info: + name: > + NEX-Forms Lite – WordPress Contact Form builder < 3.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93badb2f-bb47-4ae6-a447-d8237cc9237f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/x-forms-express/" + google-query: inurl:"/wp-content/plugins/x-forms-express/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,x-forms-express,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/x-forms-express/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "x-forms-express" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-04c5acbffc68842824e9b1f4759868d3.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-04c5acbffc68842824e9b1f4759868d3.yaml new file mode 100644 index 0000000000..eb0eabd370 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-04c5acbffc68842824e9b1f4759868d3.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-04c5acbffc68842824e9b1f4759868d3 + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.2 - Remote Command Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd7c763f-5c2b-407e-bdb1-4ea34fac5f4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-10a6f997b77b37003eabf2a216fdeced.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-10a6f997b77b37003eabf2a216fdeced.yaml new file mode 100644 index 0000000000..9cf3cd1f6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-10a6f997b77b37003eabf2a216fdeced.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-10a6f997b77b37003eabf2a216fdeced + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 4.2.152 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5b7538f-891a-423f-97d1-b0212efcdb98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.2.153') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-1603594359d529d2b8fdbef947c8f58c.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-1603594359d529d2b8fdbef947c8f58c.yaml new file mode 100644 index 0000000000..2daeccc993 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-1603594359d529d2b8fdbef947c8f58c.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-1603594359d529d2b8fdbef947c8f58c + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin 4.2.1 - 4.2.12 - Unprotected AJAX Actions + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c703856-9519-4181-9312-dcf862840bd9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 4.2.1', '<= 4.2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-1c3b4e53e5b3379877d01d32e9f8b494.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-1c3b4e53e5b3379877d01d32e9f8b494.yaml new file mode 100644 index 0000000000..43847f2c8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-1c3b4e53e5b3379877d01d32e9f8b494.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-1c3b4e53e5b3379877d01d32e9f8b494 + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8cdd8b4-52e6-431b-b2f0-bfe1d0c1dd91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-259f1c198d6aae45fe01969db446735f.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-259f1c198d6aae45fe01969db446735f.yaml new file mode 100644 index 0000000000..96ee1a38c9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-259f1c198d6aae45fe01969db446735f.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-259f1c198d6aae45fe01969db446735f + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f06008c0-0ce3-4d78-934e-2a7fa5ce4e98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-34ff52c103b465dd566bb0b7233b8c5c.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-34ff52c103b465dd566bb0b7233b8c5c.yaml new file mode 100644 index 0000000000..1c86fb58a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-34ff52c103b465dd566bb0b7233b8c5c.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-34ff52c103b465dd566bb0b7233b8c5c + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Improper Access Control to Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6eab3497-bf77-43a8-962d-d63db7290777?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-614dbc5cead598413ac3ce439b53a52e.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-614dbc5cead598413ac3ce439b53a52e.yaml new file mode 100644 index 0000000000..578bacdca7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-614dbc5cead598413ac3ce439b53a52e.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-614dbc5cead598413ac3ce439b53a52e + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/afd05b33-a347-49f6-81f0-879606819ca6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-66945b5d2da91990e6148061d7f22822.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-66945b5d2da91990e6148061d7f22822.yaml new file mode 100644 index 0000000000..5bbec03f03 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-66945b5d2da91990e6148061d7f22822.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-66945b5d2da91990e6148061d7f22822 + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15abde72-515a-4e1c-af4c-d9da56a5cbe2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-9584af5b5f010003c1054d63d9d8c800.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-9584af5b5f010003c1054d63d9d8c800.yaml new file mode 100644 index 0000000000..2addff8de6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-9584af5b5f010003c1054d63d9d8c800.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-9584af5b5f010003c1054d63d9d8c800 + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.2 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d19e18d-6f2e-48e7-b8da-1d399dc4d65c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-981dc1dc52b06f3430863bd14410cb31.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-981dc1dc52b06f3430863bd14410cb31.yaml new file mode 100644 index 0000000000..7dff1963ec --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-981dc1dc52b06f3430863bd14410cb31.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-981dc1dc52b06f3430863bd14410cb31 + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fae9f282-eb67-4ad9-be2d-677238527934?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-ba15e4c927467d88c6d7ea80fbe845a6.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-ba15e4c927467d88c6d7ea80fbe845a6.yaml new file mode 100644 index 0000000000..7a9c139b3f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-ba15e4c927467d88c6d7ea80fbe845a6.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-ba15e4c927467d88c6d7ea80fbe845a6 + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 4.2.16 - Unauthenticated Plugin Settings Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e40a954-53c4-453b-85f0-d3febaa6ae84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-c66baa1c275e274488b7d52e2acbab59.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-c66baa1c275e274488b7d52e2acbab59.yaml new file mode 100644 index 0000000000..6126fcc7d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-c66baa1c275e274488b7d52e2acbab59.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-c66baa1c275e274488b7d52e2acbab59 + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.1 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9bffba4-5bcd-4ef7-a8d8-84ba452827ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-d6467913a640b127b20e07c49e842d3b.yaml b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-d6467913a640b127b20e07c49e842d3b.yaml new file mode 100644 index 0000000000..dd76b993c0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xcloner-backup-and-restore-d6467913a640b127b20e07c49e842d3b.yaml @@ -0,0 +1,58 @@ +id: xcloner-backup-and-restore-d6467913a640b127b20e07c49e842d3b + +info: + name: > + Backup, Restore and Migrate WordPress Sites With the XCloner Plugin <= 3.1.0 - Multiple Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92d59dd4-7338-40ac-9a73-37e9e85351d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xcloner-backup-and-restore/" + google-query: inurl:"/wp-content/plugins/xcloner-backup-and-restore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xcloner-backup-and-restore,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xcloner-backup-and-restore/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xcloner-backup-and-restore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xen-carousel-780fa31d43c1e72887f541f835fe2c28.yaml b/nuclei-templates/cve-less/plugins/xen-carousel-780fa31d43c1e72887f541f835fe2c28.yaml new file mode 100644 index 0000000000..8bc99018ce --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xen-carousel-780fa31d43c1e72887f541f835fe2c28.yaml @@ -0,0 +1,58 @@ +id: xen-carousel-780fa31d43c1e72887f541f835fe2c28 + +info: + name: > + XEN Carousel <= 0.12.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25ba4be3-0bcd-41ff-8a7a-fd6ae848afb8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xen-carousel/" + google-query: inurl:"/wp-content/plugins/xen-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xen-carousel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xen-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xen-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.12.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xforwoocommerce-05a9cfff31ff66f2865f7b47e03322c5.yaml b/nuclei-templates/cve-less/plugins/xforwoocommerce-05a9cfff31ff66f2865f7b47e03322c5.yaml new file mode 100644 index 0000000000..3d047145fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xforwoocommerce-05a9cfff31ff66f2865f7b47e03322c5.yaml @@ -0,0 +1,58 @@ +id: xforwoocommerce-05a9cfff31ff66f2865f7b47e03322c5 + +info: + name: > + Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05481984-7c18-4ec7-8d7c-831809c3e86b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xforwoocommerce/" + google-query: inurl:"/wp-content/plugins/xforwoocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xforwoocommerce,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xforwoocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xforwoocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xforwoocommerce-ad605f98f0b12012c381eafdf54cfada.yaml b/nuclei-templates/cve-less/plugins/xforwoocommerce-ad605f98f0b12012c381eafdf54cfada.yaml new file mode 100644 index 0000000000..7595515b22 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xforwoocommerce-ad605f98f0b12012c381eafdf54cfada.yaml @@ -0,0 +1,58 @@ +id: xforwoocommerce-ad605f98f0b12012c381eafdf54cfada + +info: + name: > + XforWooCommerce <= 2.0.2 - Authenticated (Subscriber+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5de8b93a-d7b1-4679-8c3c-2ac099a1f58f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xforwoocommerce/" + google-query: inurl:"/wp-content/plugins/xforwoocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xforwoocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xforwoocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xforwoocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xhanch-my-twitter-1ce0c9b4a51f3fdac3a650bd3678e546.yaml b/nuclei-templates/cve-less/plugins/xhanch-my-twitter-1ce0c9b4a51f3fdac3a650bd3678e546.yaml new file mode 100644 index 0000000000..78a8ea66c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xhanch-my-twitter-1ce0c9b4a51f3fdac3a650bd3678e546.yaml @@ -0,0 +1,58 @@ +id: xhanch-my-twitter-1ce0c9b4a51f3fdac3a650bd3678e546 + +info: + name: > + Xhanch – My Twitter <= 2.7.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6d394af-67b0-4754-bdec-6ee89b7e8bbd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xhanch-my-twitter/" + google-query: inurl:"/wp-content/plugins/xhanch-my-twitter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xhanch-my-twitter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xhanch-my-twitter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xhanch-my-twitter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xili-tidy-tags-ec41c915e32b517417556f61cbbe4554.yaml b/nuclei-templates/cve-less/plugins/xili-tidy-tags-ec41c915e32b517417556f61cbbe4554.yaml new file mode 100644 index 0000000000..a6486c33bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xili-tidy-tags-ec41c915e32b517417556f61cbbe4554.yaml @@ -0,0 +1,58 @@ +id: xili-tidy-tags-ec41c915e32b517417556f61cbbe4554 + +info: + name: > + xili-tidy-tags <= 1.12.03 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32fe8a09-b08f-42dc-b436-96a6ea50a439?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xili-tidy-tags/" + google-query: inurl:"/wp-content/plugins/xili-tidy-tags/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xili-tidy-tags,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xili-tidy-tags/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xili-tidy-tags" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.03') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xllentech-english-islamic-calendar-cfbef53d87854aaa058c431289304e79.yaml b/nuclei-templates/cve-less/plugins/xllentech-english-islamic-calendar-cfbef53d87854aaa058c431289304e79.yaml new file mode 100644 index 0000000000..a1095d6fd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xllentech-english-islamic-calendar-cfbef53d87854aaa058c431289304e79.yaml @@ -0,0 +1,58 @@ +id: xllentech-english-islamic-calendar-cfbef53d87854aaa058c431289304e79 + +info: + name: > + Xllentech English Islamic Calendar <= 2.6.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a550e489-904b-4785-b6f3-992b7dfe5bd2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xllentech-english-islamic-calendar/" + google-query: inurl:"/wp-content/plugins/xllentech-english-islamic-calendar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xllentech-english-islamic-calendar,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xllentech-english-islamic-calendar/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xllentech-english-islamic-calendar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xml-file-export-import-for-stampscom-and-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml b/nuclei-templates/cve-less/plugins/xml-file-export-import-for-stampscom-and-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml new file mode 100644 index 0000000000..8a29e51272 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xml-file-export-import-for-stampscom-and-woocommerce-0088814ed74fd156e9ee132de51ef1d2.yaml @@ -0,0 +1,58 @@ +id: xml-file-export-import-for-stampscom-and-woocommerce-0088814ed74fd156e9ee132de51ef1d2 + +info: + name: > + WebToffee Plugins <= (Various Versions) - Arbitrary User Creation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27ac48a7-52ee-46cb-a6d0-efbd2b516445?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xml-file-export-import-for-stampscom-and-woocommerce/" + google-query: inurl:"/wp-content/plugins/xml-file-export-import-for-stampscom-and-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xml-file-export-import-for-stampscom-and-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xml-file-export-import-for-stampscom-and-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xml-file-export-import-for-stampscom-and-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xml-for-google-merchant-center-ad7168d347e726627d613abda6b471b1.yaml b/nuclei-templates/cve-less/plugins/xml-for-google-merchant-center-ad7168d347e726627d613abda6b471b1.yaml new file mode 100644 index 0000000000..829c424cab --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xml-for-google-merchant-center-ad7168d347e726627d613abda6b471b1.yaml @@ -0,0 +1,58 @@ +id: xml-for-google-merchant-center-ad7168d347e726627d613abda6b471b1 + +info: + name: > + XML for Google Merchant Center <= 3.0.1 - Reflected Cross-Site Scripting via page parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16bd14a1-e69b-4b7d-8c0e-a294e120d2a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xml-for-google-merchant-center/" + google-query: inurl:"/wp-content/plugins/xml-for-google-merchant-center/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xml-for-google-merchant-center,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xml-for-google-merchant-center/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xml-for-google-merchant-center" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xml-sitemap-feed-ed9d6de2b2caf08fa88d82aee7a4dacf.yaml b/nuclei-templates/cve-less/plugins/xml-sitemap-feed-ed9d6de2b2caf08fa88d82aee7a4dacf.yaml new file mode 100644 index 0000000000..1bb7f65593 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xml-sitemap-feed-ed9d6de2b2caf08fa88d82aee7a4dacf.yaml @@ -0,0 +1,58 @@ +id: xml-sitemap-feed-ed9d6de2b2caf08fa88d82aee7a4dacf + +info: + name: > + XML Sitemap & Google News <= 5.4.8 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87888350-1230-4fec-9de2-c58fa24e6a05?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xml-sitemap-feed/" + google-query: inurl:"/wp-content/plugins/xml-sitemap-feed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xml-sitemap-feed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xml-sitemap-feed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xml-sitemap-feed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xml-sitemap-generator-for-google-cdde1a134c6ef6b26a1e78ad1a41d56f.yaml b/nuclei-templates/cve-less/plugins/xml-sitemap-generator-for-google-cdde1a134c6ef6b26a1e78ad1a41d56f.yaml new file mode 100644 index 0000000000..45da68c2b9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xml-sitemap-generator-for-google-cdde1a134c6ef6b26a1e78ad1a41d56f.yaml @@ -0,0 +1,58 @@ +id: xml-sitemap-generator-for-google-cdde1a134c6ef6b26a1e78ad1a41d56f + +info: + name: > + XML Sitemap Generator for Google <= 1.3.3 - Cross-Site Request Forgery to Plugin Settings Changes + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b03a9aaa-ce9a-47bf-8574-0eba92fcf0c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xml-sitemap-generator-for-google/" + google-query: inurl:"/wp-content/plugins/xml-sitemap-generator-for-google/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xml-sitemap-generator-for-google,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xml-sitemap-generator-for-google/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xml-sitemap-generator-for-google" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xml-sitemaps-for-videos-a35a0e7274ecf003f21418a2f0fe05e6.yaml b/nuclei-templates/cve-less/plugins/xml-sitemaps-for-videos-a35a0e7274ecf003f21418a2f0fe05e6.yaml new file mode 100644 index 0000000000..34381ad114 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xml-sitemaps-for-videos-a35a0e7274ecf003f21418a2f0fe05e6.yaml @@ -0,0 +1,58 @@ +id: xml-sitemaps-for-videos-a35a0e7274ecf003f21418a2f0fe05e6 + +info: + name: > + Google XML Sitemap for Videos <= 2.6.1 - Cross-Site Request Forgery via video_sitemap_generate + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/feb4f3dc-9abf-4ee3-834e-e5516652d810?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xml-sitemaps-for-videos/" + google-query: inurl:"/wp-content/plugins/xml-sitemaps-for-videos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xml-sitemaps-for-videos,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xml-sitemaps-for-videos/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xml-sitemaps-for-videos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xo-liteslider-3f7130e05b74b1e5f65b8d9e77a1373e.yaml b/nuclei-templates/cve-less/plugins/xo-liteslider-3f7130e05b74b1e5f65b8d9e77a1373e.yaml new file mode 100644 index 0000000000..c9ba157039 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xo-liteslider-3f7130e05b74b1e5f65b8d9e77a1373e.yaml @@ -0,0 +1,58 @@ +id: xo-liteslider-3f7130e05b74b1e5f65b8d9e77a1373e + +info: + name: > + XO Slider <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/85150a6f-b2f3-4b95-9c9b-78f50cb8468f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xo-liteslider/" + google-query: inurl:"/wp-content/plugins/xo-liteslider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xo-liteslider,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xo-liteslider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xo-liteslider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xo-security-0d6d2e1e75a3d7c24aa16b9420abf358.yaml b/nuclei-templates/cve-less/plugins/xo-security-0d6d2e1e75a3d7c24aa16b9420abf358.yaml new file mode 100644 index 0000000000..0652355c6d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xo-security-0d6d2e1e75a3d7c24aa16b9420abf358.yaml @@ -0,0 +1,58 @@ +id: xo-security-0d6d2e1e75a3d7c24aa16b9420abf358 + +info: + name: > + XO Security < 1.5.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/61684e5a-9ee1-4ae9-b26a-4552af957017?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xo-security/" + google-query: inurl:"/wp-content/plugins/xo-security/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xo-security,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xo-security/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xo-security" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xorbin-digital-flash-clock-75fb06485693f13299e4aa42a8ec1d70.yaml b/nuclei-templates/cve-less/plugins/xorbin-digital-flash-clock-75fb06485693f13299e4aa42a8ec1d70.yaml new file mode 100644 index 0000000000..09de93bef8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xorbin-digital-flash-clock-75fb06485693f13299e4aa42a8ec1d70.yaml @@ -0,0 +1,58 @@ +id: xorbin-digital-flash-clock-75fb06485693f13299e4aa42a8ec1d70 + +info: + name: > + Xorbin Digital Flash Clock < 1.0 - DOM Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9954c283-4dd5-4b78-8c86-97b93a1880b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xorbin-digital-flash-clock/" + google-query: inurl:"/wp-content/plugins/xorbin-digital-flash-clock/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xorbin-digital-flash-clock,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xorbin-digital-flash-clock/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xorbin-digital-flash-clock" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xpinner-lite-68634c1a8c946edc4c46f0185186727b.yaml b/nuclei-templates/cve-less/plugins/xpinner-lite-68634c1a8c946edc4c46f0185186727b.yaml new file mode 100644 index 0000000000..4af5ca2f8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xpinner-lite-68634c1a8c946edc4c46f0185186727b.yaml @@ -0,0 +1,58 @@ +id: xpinner-lite-68634c1a8c946edc4c46f0185186727b + +info: + name: > + XPinner Lite <= 2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a01cdc31-3cab-43b0-a5ef-75fb11eeb621?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xpinner-lite/" + google-query: inurl:"/wp-content/plugins/xpinner-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xpinner-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xpinner-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xpinner-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xpinner-lite-7fd7a99aaec9de09c58a50b6b832a9fa.yaml b/nuclei-templates/cve-less/plugins/xpinner-lite-7fd7a99aaec9de09c58a50b6b832a9fa.yaml new file mode 100644 index 0000000000..2604cc6ae5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xpinner-lite-7fd7a99aaec9de09c58a50b6b832a9fa.yaml @@ -0,0 +1,58 @@ +id: xpinner-lite-7fd7a99aaec9de09c58a50b6b832a9fa + +info: + name: > + xPinner Lite <= 2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7392fcb8-f125-4a1e-bb33-5614aeacb4cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xpinner-lite/" + google-query: inurl:"/wp-content/plugins/xpinner-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xpinner-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xpinner-lite/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xpinner-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xpro-elementor-addons-85070818b2a0ed18993539089f99013d.yaml b/nuclei-templates/cve-less/plugins/xpro-elementor-addons-85070818b2a0ed18993539089f99013d.yaml new file mode 100644 index 0000000000..2b7c035f04 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xpro-elementor-addons-85070818b2a0ed18993539089f99013d.yaml @@ -0,0 +1,58 @@ +id: xpro-elementor-addons-85070818b2a0ed18993539089f99013d + +info: + name: > + 130+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07e7f03e-0d5d-4405-a0e7-9547fc762f0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xpro-elementor-addons/" + google-query: inurl:"/wp-content/plugins/xpro-elementor-addons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xpro-elementor-addons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xpro-elementor-addons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xpro-elementor-addons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xqueue-maileon-4589a6370d5dbea689df46df9c5577a1.yaml b/nuclei-templates/cve-less/plugins/xqueue-maileon-4589a6370d5dbea689df46df9c5577a1.yaml new file mode 100644 index 0000000000..a109bd44f1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xqueue-maileon-4589a6370d5dbea689df46df9c5577a1.yaml @@ -0,0 +1,58 @@ +id: xqueue-maileon-4589a6370d5dbea689df46df9c5577a1 + +info: + name: > + Maileon <= 2.16.0 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a67972d7-abfd-4ce3-9e47-30736ab32af5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xqueue-maileon/" + google-query: inurl:"/wp-content/plugins/xqueue-maileon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xqueue-maileon,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xqueue-maileon/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xqueue-maileon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xserver-migrator-5b3901e02ad2424b1793990cd718f093.yaml b/nuclei-templates/cve-less/plugins/xserver-migrator-5b3901e02ad2424b1793990cd718f093.yaml new file mode 100644 index 0000000000..be045669db --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xserver-migrator-5b3901e02ad2424b1793990cd718f093.yaml @@ -0,0 +1,58 @@ +id: xserver-migrator-5b3901e02ad2424b1793990cd718f093 + +info: + name: > + Xserver Migrator <= 1.6.1 - Cross-Site Request Forgery to Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bde2a8a5-2d18-4659-bb35-dff4f521dbb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xserver-migrator/" + google-query: inurl:"/wp-content/plugins/xserver-migrator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xserver-migrator,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xserver-migrator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xserver-migrator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/xtremelocator-2adf451d71caa92a7f7c155d4ef7aae4.yaml b/nuclei-templates/cve-less/plugins/xtremelocator-2adf451d71caa92a7f7c155d4ef7aae4.yaml new file mode 100644 index 0000000000..736f489e95 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/xtremelocator-2adf451d71caa92a7f7c155d4ef7aae4.yaml @@ -0,0 +1,58 @@ +id: xtremelocator-2adf451d71caa92a7f7c155d4ef7aae4 + +info: + name: > + Xtreme Locator Dealer Locator Plugin <= 3.0.1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a09af8e-8da6-46e4-90e5-6ce1f8bfd36b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/xtremelocator/" + google-query: inurl:"/wp-content/plugins/xtremelocator/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,xtremelocator,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/xtremelocator/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xtremelocator" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yabp-474b68fd8dad59276b2b0abb985452ea.yaml b/nuclei-templates/cve-less/plugins/yabp-474b68fd8dad59276b2b0abb985452ea.yaml new file mode 100644 index 0000000000..d574f3af53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yabp-474b68fd8dad59276b2b0abb985452ea.yaml @@ -0,0 +1,58 @@ +id: yabp-474b68fd8dad59276b2b0abb985452ea + +info: + name: > + Yet Another bol.com - <= 1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57d2ac19-812a-4a64-815b-bc3fffe8af26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yabp/" + google-query: inurl:"/wp-content/plugins/yabp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yabp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yabp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yabp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yada-wiki-57f13a889e0cffca9cc00946f63d375b.yaml b/nuclei-templates/cve-less/plugins/yada-wiki-57f13a889e0cffca9cc00946f63d375b.yaml new file mode 100644 index 0000000000..5e929cd2a8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yada-wiki-57f13a889e0cffca9cc00946f63d375b.yaml @@ -0,0 +1,58 @@ +id: yada-wiki-57f13a889e0cffca9cc00946f63d375b + +info: + name: > + Yada Wiki <= 3.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63b272f5-08d1-4c5b-a500-d919903793b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yada-wiki/" + google-query: inurl:"/wp-content/plugins/yada-wiki/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yada-wiki,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yada-wiki/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yada-wiki" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yahoo-updates-for-wordpress-489466a4c841b3b26e3fdf281284debf.yaml b/nuclei-templates/cve-less/plugins/yahoo-updates-for-wordpress-489466a4c841b3b26e3fdf281284debf.yaml new file mode 100644 index 0000000000..969264907b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yahoo-updates-for-wordpress-489466a4c841b3b26e3fdf281284debf.yaml @@ -0,0 +1,58 @@ +id: yahoo-updates-for-wordpress-489466a4c841b3b26e3fdf281284debf + +info: + name: > + Yahoo Updates For WordPress <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f5ff15d-2436-48d4-a31d-6bfd9704149f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yahoo-updates-for-wordpress/" + google-query: inurl:"/wp-content/plugins/yahoo-updates-for-wordpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yahoo-updates-for-wordpress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yahoo-updates-for-wordpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yahoo-updates-for-wordpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yamaps-f801c1aeb4734b7133d474f559fadcb5.yaml b/nuclei-templates/cve-less/plugins/yamaps-f801c1aeb4734b7133d474f559fadcb5.yaml new file mode 100644 index 0000000000..e2552dbf8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yamaps-f801c1aeb4734b7133d474f559fadcb5.yaml @@ -0,0 +1,58 @@ +id: yamaps-f801c1aeb4734b7133d474f559fadcb5 + +info: + name: > + YaMaps <= 0.6.25 - Authenticaterd (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1056804b-c317-4b9f-85ce-41b4ed0ac40a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yamaps/" + google-query: inurl:"/wp-content/plugins/yamaps/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yamaps,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yamaps/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yamaps" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.25') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yandex-money-button-480067fff73f218a897f527d009097f5.yaml b/nuclei-templates/cve-less/plugins/yandex-money-button-480067fff73f218a897f527d009097f5.yaml new file mode 100644 index 0000000000..ba83f24118 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yandex-money-button-480067fff73f218a897f527d009097f5.yaml @@ -0,0 +1,58 @@ +id: yandex-money-button-480067fff73f218a897f527d009097f5 + +info: + name: > + Titan Framework <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fcae647f-7eed-4ecd-83b8-482b55b86ec9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yandex-money-button/" + google-query: inurl:"/wp-content/plugins/yandex-money-button/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yandex-money-button,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yandex-money-button/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yandex-money-button" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yandexnews-feed-by-teplitsa-0cfa07456732530e831220894e1919de.yaml b/nuclei-templates/cve-less/plugins/yandexnews-feed-by-teplitsa-0cfa07456732530e831220894e1919de.yaml new file mode 100644 index 0000000000..4d216d3e0a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yandexnews-feed-by-teplitsa-0cfa07456732530e831220894e1919de.yaml @@ -0,0 +1,58 @@ +id: yandexnews-feed-by-teplitsa-0cfa07456732530e831220894e1919de + +info: + name: > + Yandex.News Feed by Teplitsa <= 1.12.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/756810c0-d805-4391-a67b-19b40597d219?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yandexnews-feed-by-teplitsa/" + google-query: inurl:"/wp-content/plugins/yandexnews-feed-by-teplitsa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yandexnews-feed-by-teplitsa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yandexnews-feed-by-teplitsa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yandexnews-feed-by-teplitsa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.12.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yatra-3cae7fcdb0832a80c22b613ce2425d20.yaml b/nuclei-templates/cve-less/plugins/yatra-3cae7fcdb0832a80c22b613ce2425d20.yaml new file mode 100644 index 0000000000..bd858cce27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yatra-3cae7fcdb0832a80c22b613ce2425d20.yaml @@ -0,0 +1,58 @@ +id: yatra-3cae7fcdb0832a80c22b613ce2425d20 + +info: + name: > + Yatra <= 2.1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07372843-f7d3-4ae4-96b4-ef3f475504ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yatra/" + google-query: inurl:"/wp-content/plugins/yatra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yatra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yatra/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yatra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yawpp-6ef860020cf2393d29a3d4b7f6db6475.yaml b/nuclei-templates/cve-less/plugins/yawpp-6ef860020cf2393d29a3d4b7f6db6475.yaml new file mode 100644 index 0000000000..cbac962259 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yawpp-6ef860020cf2393d29a3d4b7f6db6475.yaml @@ -0,0 +1,58 @@ +id: yawpp-6ef860020cf2393d29a3d4b7f6db6475 + +info: + name: > + YAWPP (Yet Another WordPress Petition Plugin) <= 1.2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/53071503-0edd-458f-a24d-107d576695ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yawpp/" + google-query: inurl:"/wp-content/plugins/yawpp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yawpp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yawpp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yawpp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yawpp-a37629b8951d8dca9eaa0034808a75be.yaml b/nuclei-templates/cve-less/plugins/yawpp-a37629b8951d8dca9eaa0034808a75be.yaml new file mode 100644 index 0000000000..936e34b9ef --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yawpp-a37629b8951d8dca9eaa0034808a75be.yaml @@ -0,0 +1,58 @@ +id: yawpp-a37629b8951d8dca9eaa0034808a75be + +info: + name: > + YAWPP (Yet Another WordPress Petition Plugin) <= 1.2.1 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7eed1ae6-ee59-4616-9564-9aa5ec302ea9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yawpp/" + google-query: inurl:"/wp-content/plugins/yawpp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yawpp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yawpp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yawpp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yaysmtp-1880e59c92fe0e79ed53bd8a0e62de6d.yaml b/nuclei-templates/cve-less/plugins/yaysmtp-1880e59c92fe0e79ed53bd8a0e62de6d.yaml new file mode 100644 index 0000000000..bc96c987e3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yaysmtp-1880e59c92fe0e79ed53bd8a0e62de6d.yaml @@ -0,0 +1,58 @@ +id: yaysmtp-1880e59c92fe0e79ed53bd8a0e62de6d + +info: + name: > + YaySMTP <= 2.4.5 - Unauthenticated Stored Cross-Site Scripting via Email + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68e6ec3a-c5fd-4f63-a9a0-2c9ddfb96e2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yaysmtp/" + google-query: inurl:"/wp-content/plugins/yaysmtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yaysmtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yaysmtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yaysmtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yaysmtp-3dde0f0622765c2ad7f47077755dade6.yaml b/nuclei-templates/cve-less/plugins/yaysmtp-3dde0f0622765c2ad7f47077755dade6.yaml new file mode 100644 index 0000000000..65889d4537 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yaysmtp-3dde0f0622765c2ad7f47077755dade6.yaml @@ -0,0 +1,58 @@ +id: yaysmtp-3dde0f0622765c2ad7f47077755dade6 + +info: + name: > + YaySMTP – Simple WP SMTP Mail <= 2.2 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5da24fa-fc7c-406b-896d-8cb8cc107cff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yaysmtp/" + google-query: inurl:"/wp-content/plugins/yaysmtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yaysmtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yaysmtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yaysmtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yaysmtp-4d3dbfcfc5bd83e1f32cd6ab14a72545.yaml b/nuclei-templates/cve-less/plugins/yaysmtp-4d3dbfcfc5bd83e1f32cd6ab14a72545.yaml new file mode 100644 index 0000000000..908e4f515e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yaysmtp-4d3dbfcfc5bd83e1f32cd6ab14a72545.yaml @@ -0,0 +1,58 @@ +id: yaysmtp-4d3dbfcfc5bd83e1f32cd6ab14a72545 + +info: + name: > + YaySMTP – Simple WP SMTP Mail <= 2.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba551103-f373-40b0-831f-a1c59bb874ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yaysmtp/" + google-query: inurl:"/wp-content/plugins/yaysmtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yaysmtp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yaysmtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yaysmtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yaysmtp-53237b2a666711b5ed5327cacfdd45f6.yaml b/nuclei-templates/cve-less/plugins/yaysmtp-53237b2a666711b5ed5327cacfdd45f6.yaml new file mode 100644 index 0000000000..aadae1c26d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yaysmtp-53237b2a666711b5ed5327cacfdd45f6.yaml @@ -0,0 +1,58 @@ +id: yaysmtp-53237b2a666711b5ed5327cacfdd45f6 + +info: + name: > + YaySMTP – Simple WP SMTP Mail <= 2.2 - Missing Authorization to Sensitive Information Exposure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b68e8d4-58d4-4753-bda3-60c0d874f822?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yaysmtp/" + google-query: inurl:"/wp-content/plugins/yaysmtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yaysmtp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yaysmtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yaysmtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yaysmtp-c5709fba92c5e77b429d3d6d877dbdaa.yaml b/nuclei-templates/cve-less/plugins/yaysmtp-c5709fba92c5e77b429d3d6d877dbdaa.yaml new file mode 100644 index 0000000000..b4cb7e171a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yaysmtp-c5709fba92c5e77b429d3d6d877dbdaa.yaml @@ -0,0 +1,58 @@ +id: yaysmtp-c5709fba92c5e77b429d3d6d877dbdaa + +info: + name: > + YaySMTP – Simple WP SMTP Mail <= 2.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b2b1db53-227c-4887-b24d-37c0d2bedf69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yaysmtp/" + google-query: inurl:"/wp-content/plugins/yaysmtp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yaysmtp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yaysmtp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yaysmtp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yds-support-ticket-system-099d72d33b89027185d04eec96bd1d04.yaml b/nuclei-templates/cve-less/plugins/yds-support-ticket-system-099d72d33b89027185d04eec96bd1d04.yaml new file mode 100644 index 0000000000..fc0dbda8fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yds-support-ticket-system-099d72d33b89027185d04eec96bd1d04.yaml @@ -0,0 +1,58 @@ +id: yds-support-ticket-system-099d72d33b89027185d04eec96bd1d04 + +info: + name: > + YDS Support Ticket System <= 1.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8742e30-e49c-46c9-92d5-216d32d00d51?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yds-support-ticket-system/" + google-query: inurl:"/wp-content/plugins/yds-support-ticket-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yds-support-ticket-system,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yds-support-ticket-system/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yds-support-ticket-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yellow-pencil-visual-theme-customizer-0a6ee246dd7e0fbebdf1fe319b82ca2c.yaml b/nuclei-templates/cve-less/plugins/yellow-pencil-visual-theme-customizer-0a6ee246dd7e0fbebdf1fe319b82ca2c.yaml new file mode 100644 index 0000000000..1474e9e625 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yellow-pencil-visual-theme-customizer-0a6ee246dd7e0fbebdf1fe319b82ca2c.yaml @@ -0,0 +1,58 @@ +id: yellow-pencil-visual-theme-customizer-0a6ee246dd7e0fbebdf1fe319b82ca2c + +info: + name: > + Visual CSS Style Editor <= 7.2.0 - Unauthenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4b3b4a4-9a56-49b8-b3d3-7e50954b4487?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yellow-pencil-visual-theme-customizer/" + google-query: inurl:"/wp-content/plugins/yellow-pencil-visual-theme-customizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yellow-pencil-visual-theme-customizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yellow-pencil-visual-theme-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yellow-pencil-visual-theme-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yellow-pencil-visual-theme-customizer-7a834f58a606cf067ebc7019fbcc29e8.yaml b/nuclei-templates/cve-less/plugins/yellow-pencil-visual-theme-customizer-7a834f58a606cf067ebc7019fbcc29e8.yaml new file mode 100644 index 0000000000..6eba6fab0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yellow-pencil-visual-theme-customizer-7a834f58a606cf067ebc7019fbcc29e8.yaml @@ -0,0 +1,58 @@ +id: yellow-pencil-visual-theme-customizer-7a834f58a606cf067ebc7019fbcc29e8 + +info: + name: > + YellowPencil Visual CSS Style Editor <= 7.5.8 - Reflected Cross-Site Scripting liveLink + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/967ff273-33f3-4580-928a-7764583429aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yellow-pencil-visual-theme-customizer/" + google-query: inurl:"/wp-content/plugins/yellow-pencil-visual-theme-customizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yellow-pencil-visual-theme-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yellow-pencil-visual-theme-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yellow-pencil-visual-theme-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yellow-pencil-visual-theme-customizer-bc75273fcc2a01b62e53de804d6a871c.yaml b/nuclei-templates/cve-less/plugins/yellow-pencil-visual-theme-customizer-bc75273fcc2a01b62e53de804d6a871c.yaml new file mode 100644 index 0000000000..cda5eb4fa6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yellow-pencil-visual-theme-customizer-bc75273fcc2a01b62e53de804d6a871c.yaml @@ -0,0 +1,58 @@ +id: yellow-pencil-visual-theme-customizer-bc75273fcc2a01b62e53de804d6a871c + +info: + name: > + Visual CSS Style Editor <= 7.5.3 - Reflected Cross-Site Scripting via wyp_page_type parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2608f894-88ed-4f34-a382-8eab7eaab2e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yellow-pencil-visual-theme-customizer/" + google-query: inurl:"/wp-content/plugins/yellow-pencil-visual-theme-customizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yellow-pencil-visual-theme-customizer,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yellow-pencil-visual-theme-customizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yellow-pencil-visual-theme-customizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yellow-yard-04f24d8a77ed9613e08490a191c4df98.yaml b/nuclei-templates/cve-less/plugins/yellow-yard-04f24d8a77ed9613e08490a191c4df98.yaml new file mode 100644 index 0000000000..1e7b03a2f5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yellow-yard-04f24d8a77ed9613e08490a191c4df98.yaml @@ -0,0 +1,58 @@ +id: yellow-yard-04f24d8a77ed9613e08490a191c4df98 + +info: + name: > + Yellow Yard Searchbar <= 2.7.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8472cdbe-89a8-49ac-ab7e-065ebf717692?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yellow-yard/" + google-query: inurl:"/wp-content/plugins/yellow-yard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yellow-yard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yellow-yard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yellow-yard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yellow-yard-c5527d6f57853cc49c907b306043f9d1.yaml b/nuclei-templates/cve-less/plugins/yellow-yard-c5527d6f57853cc49c907b306043f9d1.yaml new file mode 100644 index 0000000000..8a6b7ff0d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yellow-yard-c5527d6f57853cc49c907b306043f9d1.yaml @@ -0,0 +1,58 @@ +id: yellow-yard-c5527d6f57853cc49c907b306043f9d1 + +info: + name: > + Yellow Yard Searchbar <= 2.7.27 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0c4ef62-1274-4cf3-88fc-ccabedbbe26c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yellow-yard/" + google-query: inurl:"/wp-content/plugins/yellow-yard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yellow-yard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yellow-yard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yellow-yard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yesno-d1fe830178bd836f853d2f1e8ea1327c.yaml b/nuclei-templates/cve-less/plugins/yesno-d1fe830178bd836f853d2f1e8ea1327c.yaml new file mode 100644 index 0000000000..7ba5d3fa9e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yesno-d1fe830178bd836f853d2f1e8ea1327c.yaml @@ -0,0 +1,58 @@ +id: yesno-d1fe830178bd836f853d2f1e8ea1327c + +info: + name: > + Yes/No Chart < 1.0.12 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcbc0ceb-7e23-4475-a138-25dc15ec17f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yesno/" + google-query: inurl:"/wp-content/plugins/yesno/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yesno,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yesno/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yesno" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-6fe67f9ebf1fd28c0850e6428387bc2e.yaml b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-6fe67f9ebf1fd28c0850e6428387bc2e.yaml new file mode 100644 index 0000000000..740cf701c1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-6fe67f9ebf1fd28c0850e6428387bc2e.yaml @@ -0,0 +1,58 @@ +id: yet-another-related-posts-plugin-6fe67f9ebf1fd28c0850e6428387bc2e + +info: + name: > + YARPP – Yet Another Related Posts Plugin <= 5.30.3 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35bd7462-8dab-43b2-9941-fef6f826cfdc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/" + google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yet-another-related-posts-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yet-another-related-posts-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.30.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-9da0817673d4e46e6fd57b591efba31c.yaml b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-9da0817673d4e46e6fd57b591efba31c.yaml new file mode 100644 index 0000000000..1e4604a2a2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-9da0817673d4e46e6fd57b591efba31c.yaml @@ -0,0 +1,58 @@ +id: yet-another-related-posts-plugin-9da0817673d4e46e6fd57b591efba31c + +info: + name: > + YARPP – Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de8b14c0-00f8-4c4d-ae78-bc29a1e5007c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/" + google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yet-another-related-posts-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yet-another-related-posts-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.30.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-bff9375a673f8d2d232dddd7e1d5201a.yaml b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-bff9375a673f8d2d232dddd7e1d5201a.yaml new file mode 100644 index 0000000000..4879e279e1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-bff9375a673f8d2d232dddd7e1d5201a.yaml @@ -0,0 +1,58 @@ +id: yet-another-related-posts-plugin-bff9375a673f8d2d232dddd7e1d5201a + +info: + name: > + Yet Another Related Posts Plugin (YARPP) <= 5.30.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10aa1dd7-f909-4ebe-b29b-2f2743b3e08a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/" + google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yet-another-related-posts-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yet-another-related-posts-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.30.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-c1c98038e2071b40fa92b1876951feb1.yaml b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-c1c98038e2071b40fa92b1876951feb1.yaml new file mode 100644 index 0000000000..c280c87129 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-c1c98038e2071b40fa92b1876951feb1.yaml @@ -0,0 +1,58 @@ +id: yet-another-related-posts-plugin-c1c98038e2071b40fa92b1876951feb1 + +info: + name: > + YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1091862b-784b-496f-a951-6784544cb51b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/" + google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yet-another-related-posts-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yet-another-related-posts-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.30.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-f373bbafc03e475d3ffabbbd84f90eda.yaml b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-f373bbafc03e475d3ffabbbd84f90eda.yaml new file mode 100644 index 0000000000..8c8e9b2788 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yet-another-related-posts-plugin-f373bbafc03e475d3ffabbbd84f90eda.yaml @@ -0,0 +1,58 @@ +id: yet-another-related-posts-plugin-f373bbafc03e475d3ffabbbd84f90eda + +info: + name: > + YARPP - Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Subscriber+) SQL Injection via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bda2f3f6-b036-4feb-bb38-1d4eaf965c24?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yet-another-related-posts-plugin/" + google-query: inurl:"/wp-content/plugins/yet-another-related-posts-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yet-another-related-posts-plugin,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yet-another-related-posts-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yet-another-related-posts-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.30.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yet-another-stars-rating-146da8f6895b52d2f71daced48bc4bb3.yaml b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-146da8f6895b52d2f71daced48bc4bb3.yaml new file mode 100644 index 0000000000..3a8fbc0859 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-146da8f6895b52d2f71daced48bc4bb3.yaml @@ -0,0 +1,58 @@ +id: yet-another-stars-rating-146da8f6895b52d2f71daced48bc4bb3 + +info: + name: > + Yet Another Stars Rating <= 3.1.2 - Authenticated (Subscriber+) Cross-Site Scripting via Shortcodes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0781264-ed26-4e4b-a7ab-40e65bc71571?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yet-another-stars-rating/" + google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yet-another-stars-rating,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yet-another-stars-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yet-another-stars-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yet-another-stars-rating-2f087270cc2f0766f3522e85859f5682.yaml b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-2f087270cc2f0766f3522e85859f5682.yaml new file mode 100644 index 0000000000..59ea716e27 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-2f087270cc2f0766f3522e85859f5682.yaml @@ -0,0 +1,58 @@ +id: yet-another-stars-rating-2f087270cc2f0766f3522e85859f5682 + +info: + name: > + Yasr – Yet Another Stars Rating <= 2.9.9 - Cross-Site Scripting via source + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cabe5d20-710c-47d7-a5a3-562287ab5706?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yet-another-stars-rating/" + google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yet-another-stars-rating,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yet-another-stars-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yet-another-stars-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yet-another-stars-rating-61995cd0cadb8b6360d652af233c94df.yaml b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-61995cd0cadb8b6360d652af233c94df.yaml new file mode 100644 index 0000000000..ac8618ed2f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-61995cd0cadb8b6360d652af233c94df.yaml @@ -0,0 +1,58 @@ +id: yet-another-stars-rating-61995cd0cadb8b6360d652af233c94df + +info: + name: > + Yasr – Yet Another Stars Rating < 0.9.1 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25a25dae-578b-40d6-95c3-8428ca545ac3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yet-another-stars-rating/" + google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yet-another-stars-rating,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yet-another-stars-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yet-another-stars-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yet-another-stars-rating-c1cf31deca47ab06031c32c6f87e918a.yaml b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-c1cf31deca47ab06031c32c6f87e918a.yaml new file mode 100644 index 0000000000..bf5614b459 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-c1cf31deca47ab06031c32c6f87e918a.yaml @@ -0,0 +1,58 @@ +id: yet-another-stars-rating-c1cf31deca47ab06031c32c6f87e918a + +info: + name: > + Yet Another Stars Rating <= 3.4.3 - Missing Authorization via init + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/395b016f-018c-458d-a585-34f3de3eae5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yet-another-stars-rating/" + google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yet-another-stars-rating,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yet-another-stars-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yet-another-stars-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yet-another-stars-rating-efe780e12c2c72ceb89cb957cd97aaac.yaml b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-efe780e12c2c72ceb89cb957cd97aaac.yaml new file mode 100644 index 0000000000..7b26e8b9e6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yet-another-stars-rating-efe780e12c2c72ceb89cb957cd97aaac.yaml @@ -0,0 +1,58 @@ +id: yet-another-stars-rating-efe780e12c2c72ceb89cb957cd97aaac + +info: + name: > + Yet Another Stars Rating <= 3.3.8 - Missing Authorization to Vote Tampering + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2294251f-ef51-4ef7-ad7a-905cc2bc00b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yet-another-stars-rating/" + google-query: inurl:"/wp-content/plugins/yet-another-stars-rating/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yet-another-stars-rating,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yet-another-stars-rating/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yet-another-stars-rating" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-custom-woocommerce-product-tabs-6208ba5c5d5d6da9586016ed5d7a8c01.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-custom-woocommerce-product-tabs-6208ba5c5d5d6da9586016ed5d7a8c01.yaml new file mode 100644 index 0000000000..b4c7273adb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-custom-woocommerce-product-tabs-6208ba5c5d5d6da9586016ed5d7a8c01.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-custom-woocommerce-product-tabs-6208ba5c5d5d6da9586016ed5d7a8c01 + +info: + name: > + Custom Product Tabs for WooCommerce <= 1.7.7 - Subscriber+ Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e093a923-4b9b-4def-a81b-78584aead5c1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-custom-woocommerce-product-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-custom-woocommerce-product-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-custom-woocommerce-product-tabs-8d1ec64befa71150df8d15ca9a46e658.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-custom-woocommerce-product-tabs-8d1ec64befa71150df8d15ca9a46e658.yaml new file mode 100644 index 0000000000..187dfbbc9c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-custom-woocommerce-product-tabs-8d1ec64befa71150df8d15ca9a46e658.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-custom-woocommerce-product-tabs-8d1ec64befa71150df8d15ca9a46e658 + +info: + name: > + Custom Product Tabs for WooCommerce <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/03cd1f6e-2400-44e7-b2b0-32c9890e1c1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-custom-woocommerce-product-tabs,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-custom-woocommerce-product-tabs/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-custom-woocommerce-product-tabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-03e1e5461591c1057ed60beb9b3bae79.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-03e1e5461591c1057ed60beb9b3bae79.yaml new file mode 100644 index 0000000000..6c170b904f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-03e1e5461591c1057ed60beb9b3bae79.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-mailchimp-extender-03e1e5461591c1057ed60beb9b3bae79 + +info: + name: > + Easy Forms for Mailchimp <= 6.8.10 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0926bcf2-9cce-420d-a02f-52675224a71b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-mailchimp-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-mailchimp-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-177659464b8d85544069425197c4369a.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-177659464b8d85544069425197c4369a.yaml new file mode 100644 index 0000000000..f92a237891 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-177659464b8d85544069425197c4369a.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-mailchimp-extender-177659464b8d85544069425197c4369a + +info: + name: > + Easy Forms for MailChimp <= 6.8.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c30d517b-e051-408c-a022-4399c3d62390?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-mailchimp-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-mailchimp-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-23c724086aac6deded1ebc7c3f6322cf.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-23c724086aac6deded1ebc7c3f6322cf.yaml new file mode 100644 index 0000000000..81f3bc9ab8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-23c724086aac6deded1ebc7c3f6322cf.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-mailchimp-extender-23c724086aac6deded1ebc7c3f6322cf + +info: + name: > + Easy Forms for Mailchimp 3.0 - 5.0.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8877261-c60c-4433-9a4d-f1a99cac66c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-mailchimp-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-mailchimp-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 3.0', '<= 5.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-386a0afabc9239508b641e7c3c487c92.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-386a0afabc9239508b641e7c3c487c92.yaml new file mode 100644 index 0000000000..b83097a3d4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-386a0afabc9239508b641e7c3c487c92.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-mailchimp-extender-386a0afabc9239508b641e7c3c487c92 + +info: + name: > + Easy Forms for Mailchimp <= 6.8.8 - Reflected Cross-Site Scripting via 'sql_error' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4afb25d5-dce1-4a7a-8afe-0fc2a384b945?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-mailchimp-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-mailchimp-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-53951cc6c6fc3a1b6dbee499dbf71331.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-53951cc6c6fc3a1b6dbee499dbf71331.yaml new file mode 100644 index 0000000000..e80aba2a13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-53951cc6c6fc3a1b6dbee499dbf71331.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-mailchimp-extender-53951cc6c6fc3a1b6dbee499dbf71331 + +info: + name: > + Easy Forms for Mailchimp <= 6.8.8 - Authenticated (Administrator+) Cross-Site Scripting via Form Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4953e1b6-6ad1-41f5-b50b-43de078008ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-mailchimp-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-mailchimp-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-548ea404dc918edae3aacbe70f4f2745.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-548ea404dc918edae3aacbe70f4f2745.yaml new file mode 100644 index 0000000000..c29ce1b512 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-548ea404dc918edae3aacbe70f4f2745.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-mailchimp-extender-548ea404dc918edae3aacbe70f4f2745 + +info: + name: > + Easy Forms for Mailchimp <= 6.8.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5f07017-e2b6-4051-8df8-3d0cfa59c7d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-mailchimp-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-mailchimp-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-85182e02e56cd4169277eefa805fcb8b.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-85182e02e56cd4169277eefa805fcb8b.yaml new file mode 100644 index 0000000000..9eb568922e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-85182e02e56cd4169277eefa805fcb8b.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-mailchimp-extender-85182e02e56cd4169277eefa805fcb8b + +info: + name: > + Easy Forms for Mailchimp <= 6.5.2 - Code Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7f1a0d90-2574-4d48-b673-f47c8bc65d21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-mailchimp-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-mailchimp-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-b2623a7e77be214a3a6362bd14987ece.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-b2623a7e77be214a3a6362bd14987ece.yaml new file mode 100644 index 0000000000..2048cb34a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-b2623a7e77be214a3a6362bd14987ece.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-mailchimp-extender-b2623a7e77be214a3a6362bd14987ece + +info: + name: > + Easy Forms for Mailchimp <= 6.8.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/873b6ace-0377-42d8-a6c5-3fe0226cebc5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-mailchimp-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-mailchimp-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-cce904a4a7f2d422f5ff2c8c1b3c77b4.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-cce904a4a7f2d422f5ff2c8c1b3c77b4.yaml new file mode 100644 index 0000000000..f53346f5fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-cce904a4a7f2d422f5ff2c8c1b3c77b4.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-mailchimp-extender-cce904a4a7f2d422f5ff2c8c1b3c77b4 + +info: + name: > + Easy Forms for Mailchimp <= 6.8.10 - Sensitive Information Exposure via logfile + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dc07bcec-f822-492a-b73d-79e791907dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-mailchimp-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-mailchimp-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-fe922fd0e38d640f64cea8429582a5c0.yaml b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-fe922fd0e38d640f64cea8429582a5c0.yaml new file mode 100644 index 0000000000..904b523262 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yikes-inc-easy-mailchimp-extender-fe922fd0e38d640f64cea8429582a5c0.yaml @@ -0,0 +1,58 @@ +id: yikes-inc-easy-mailchimp-extender-fe922fd0e38d640f64cea8429582a5c0 + +info: + name: > + Easy Forms for MailChimp <= 6.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1be5da88-723a-4386-a73e-3fe90eefb6ba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + google-query: inurl:"/wp-content/plugins/yikes-inc-easy-mailchimp-extender/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yikes-inc-easy-mailchimp-extender,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yikes-inc-easy-mailchimp-extender/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yikes-inc-easy-mailchimp-extender" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-advanced-refund-system-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-advanced-refund-system-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..68a4caccd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-advanced-refund-system-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-advanced-refund-system-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-advanced-refund-system-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-advanced-refund-system-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-advanced-refund-system-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-advanced-refund-system-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-advanced-refund-system-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-color-and-label-variations-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-color-and-label-variations-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..c4bc0bdecc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-color-and-label-variations-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-color-and-label-variations-for-woocommerce-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-color-and-label-variations-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-color-and-label-variations-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-color-and-label-variations-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-color-and-label-variations-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-color-and-label-variations-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.25.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-color-and-label-variations-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-color-and-label-variations-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..2605c49047 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-color-and-label-variations-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-color-and-label-variations-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-color-and-label-variations-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-color-and-label-variations-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-color-and-label-variations-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-color-and-label-variations-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-color-and-label-variations-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-custom-thank-you-page-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-custom-thank-you-page-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..2286da3151 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-custom-thank-you-page-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-custom-thank-you-page-for-woocommerce-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-custom-thank-you-page-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-custom-thank-you-page-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-custom-thank-you-page-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-custom-thank-you-page-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-custom-thank-you-page-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-custom-thank-you-page-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-custom-thank-you-page-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..8400a430fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-custom-thank-you-page-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-custom-thank-you-page-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-custom-thank-you-page-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-custom-thank-you-page-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-custom-thank-you-page-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-custom-thank-you-page-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-custom-thank-you-page-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-desktop-notifications-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-desktop-notifications-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..260c1d6efe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-desktop-notifications-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-desktop-notifications-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-desktop-notifications-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-desktop-notifications-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-desktop-notifications-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-desktop-notifications-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-desktop-notifications-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-donations-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-donations-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..b317be2e0b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-donations-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-donations-for-woocommerce-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-donations-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-donations-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-donations-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-donations-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-donations-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-easy-login-register-popup-for-woocommerce-77b9a05dcc6a23ba6229304e9509d659.yaml b/nuclei-templates/cve-less/plugins/yith-easy-login-register-popup-for-woocommerce-77b9a05dcc6a23ba6229304e9509d659.yaml new file mode 100644 index 0000000000..3db4a33fda --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-easy-login-register-popup-for-woocommerce-77b9a05dcc6a23ba6229304e9509d659.yaml @@ -0,0 +1,58 @@ +id: yith-easy-login-register-popup-for-woocommerce-77b9a05dcc6a23ba6229304e9509d659 + +info: + name: > + YITH Easy Login & Register Popup for WooCommerce <= 1.8.0 - Authentication Bypass via Password Reset + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e186123e-313f-4b0e-9579-135cfdfa4bc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-easy-login-register-popup-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-easy-login-register-popup-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-easy-login-register-popup-for-woocommerce,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-easy-login-register-popup-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-easy-login-register-popup-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-essential-kit-for-woocommerce-1-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-essential-kit-for-woocommerce-1-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..d86d666d13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-essential-kit-for-woocommerce-1-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-essential-kit-for-woocommerce-1-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-essential-kit-for-woocommerce-1/" + google-query: inurl:"/wp-content/plugins/yith-essential-kit-for-woocommerce-1/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-essential-kit-for-woocommerce-1,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-essential-kit-for-woocommerce-1/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-essential-kit-for-woocommerce-1" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.13.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-infinite-scrolling-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-infinite-scrolling-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..254760e7b2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-infinite-scrolling-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-infinite-scrolling-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-infinite-scrolling/" + google-query: inurl:"/wp-content/plugins/yith-infinite-scrolling/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-infinite-scrolling,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-infinite-scrolling/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-infinite-scrolling" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-maintenance-mode-47f2a0e84b3d74553b2adb604a344eb0.yaml b/nuclei-templates/cve-less/plugins/yith-maintenance-mode-47f2a0e84b3d74553b2adb604a344eb0.yaml new file mode 100644 index 0000000000..f8a65391fe --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-maintenance-mode-47f2a0e84b3d74553b2adb604a344eb0.yaml @@ -0,0 +1,58 @@ +id: yith-maintenance-mode-47f2a0e84b3d74553b2adb604a344eb0 + +info: + name: > + YITH Maintenance Mode <= 1.1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf00d5a9-bf7f-404c-b91f-1d7cf14d883b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/yith-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-maintenance-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-maintenance-mode-9e36292a7ac47d63600972695d9e0b66.yaml b/nuclei-templates/cve-less/plugins/yith-maintenance-mode-9e36292a7ac47d63600972695d9e0b66.yaml new file mode 100644 index 0000000000..f3c0ab5440 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-maintenance-mode-9e36292a7ac47d63600972695d9e0b66.yaml @@ -0,0 +1,58 @@ +id: yith-maintenance-mode-9e36292a7ac47d63600972695d9e0b66 + +info: + name: > + YITH Maintenance Mode <= 1.3.7 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f617090-f2cf-4ac4-8d09-c1d5c21e120d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/yith-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-maintenance-mode,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-maintenance-mode-c63c09dfe0443988600f74c6f35feaf4.yaml b/nuclei-templates/cve-less/plugins/yith-maintenance-mode-c63c09dfe0443988600f74c6f35feaf4.yaml new file mode 100644 index 0000000000..d4a8d4eb71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-maintenance-mode-c63c09dfe0443988600f74c6f35feaf4.yaml @@ -0,0 +1,58 @@ +id: yith-maintenance-mode-c63c09dfe0443988600f74c6f35feaf4 + +info: + name: > + YITH Maintenance Mode <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3589fd35-df91-48fb-b3be-4954f1e05656?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-maintenance-mode/" + google-query: inurl:"/wp-content/plugins/yith-maintenance-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-maintenance-mode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-maintenance-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-maintenance-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-paypal-express-checkout-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-paypal-express-checkout-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..37b77c6a57 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-paypal-express-checkout-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-paypal-express-checkout-for-woocommerce-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-paypal-express-checkout-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-paypal-express-checkout-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-paypal-express-checkout-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-paypal-express-checkout-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-paypal-express-checkout-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.20.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-paypal-express-checkout-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-paypal-express-checkout-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..f4bae4f605 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-paypal-express-checkout-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-paypal-express-checkout-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-paypal-express-checkout-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-paypal-express-checkout-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-paypal-express-checkout-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-paypal-express-checkout-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-paypal-express-checkout-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-paypal-payments-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-paypal-payments-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..0e7f436fe2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-paypal-payments-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-paypal-payments-for-woocommerce-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-paypal-payments-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-paypal-payments-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-paypal-payments-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-paypal-payments-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-paypal-payments-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-pre-order-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-pre-order-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..810c48ac64 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-pre-order-for-woocommerce-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-pre-order-for-woocommerce-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-pre-order-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-pre-order-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-pre-order-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-pre-order-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-pre-order-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-pre-order-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-pre-order-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..d10e76a70e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-pre-order-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-pre-order-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-pre-order-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-pre-order-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-pre-order-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-pre-order-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-pre-order-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-product-size-charts-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-product-size-charts-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..857a2e5cdb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-product-size-charts-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-product-size-charts-for-woocommerce-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-product-size-charts-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yith-product-size-charts-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-product-size-charts-for-woocommerce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-product-size-charts-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-product-size-charts-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-account-funds-premium-982ffbf6beec794e0b1ae79fe9b1aaa9.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-account-funds-premium-982ffbf6beec794e0b1ae79fe9b1aaa9.yaml new file mode 100644 index 0000000000..5da74d9dba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-account-funds-premium-982ffbf6beec794e0b1ae79fe9b1aaa9.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-account-funds-premium-982ffbf6beec794e0b1ae79fe9b1aaa9 + +info: + name: > + YITH WooCommerce Account Funds Premium <= 1.33.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbd0fb22-a39c-43f5-a93c-976b7e49967b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-account-funds-premium/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-account-funds-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-account-funds-premium,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-account-funds-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-account-funds-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.33.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-added-to-cart-popup-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-added-to-cart-popup-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..001d480735 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-added-to-cart-popup-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-added-to-cart-popup-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-added-to-cart-popup/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-added-to-cart-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-added-to-cart-popup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-added-to-cart-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-added-to-cart-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-added-to-cart-popup-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-added-to-cart-popup-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..415f0922c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-added-to-cart-popup-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-added-to-cart-popup-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-added-to-cart-popup/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-added-to-cart-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-added-to-cart-popup,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-added-to-cart-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-added-to-cart-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-advanced-reviews-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-advanced-reviews-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..efe50c825e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-advanced-reviews-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-advanced-reviews-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-advanced-reviews/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-advanced-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-advanced-reviews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-advanced-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-advanced-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-advanced-reviews-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-advanced-reviews-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..f324a25961 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-advanced-reviews-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-advanced-reviews-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-advanced-reviews/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-advanced-reviews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-advanced-reviews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-advanced-reviews/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-advanced-reviews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-affiliates-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-affiliates-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..e93ef985c5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-affiliates-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-affiliates-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-affiliates/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-affiliates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-affiliates,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-affiliates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-affiliates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-affiliates-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-affiliates-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..dde101f3c3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-affiliates-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-affiliates-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-affiliates/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-affiliates/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-affiliates,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-affiliates/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-affiliates" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-navigation-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-navigation-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..c5c7f8fd6c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-navigation-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-ajax-navigation-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-ajax-navigation/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-ajax-navigation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-ajax-navigation,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-ajax-navigation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-ajax-navigation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.15.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-search-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-search-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..9bdab17faf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-search-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-ajax-search-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-ajax-search/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-ajax-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-ajax-search,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-ajax-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-ajax-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.25.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-search-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-search-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..d5c6cbe22b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-ajax-search-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-ajax-search-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-ajax-search/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-ajax-search/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-ajax-search,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-ajax-search/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-ajax-search" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-authorizenet-payment-gateway-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-authorizenet-payment-gateway-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..9010d61e4f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-authorizenet-payment-gateway-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-authorizenet-payment-gateway-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-authorizenet-payment-gateway/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-authorizenet-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-authorizenet-payment-gateway,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-authorizenet-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-authorizenet-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-authorizenet-payment-gateway-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-authorizenet-payment-gateway-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..c5b823f4e5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-authorizenet-payment-gateway-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-authorizenet-payment-gateway-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-authorizenet-payment-gateway/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-authorizenet-payment-gateway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-authorizenet-payment-gateway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-authorizenet-payment-gateway/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-authorizenet-payment-gateway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-badges-management-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-badges-management-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..b2654a14a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-badges-management-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-badges-management-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-badges-management/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-badges-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-badges-management,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-badges-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-badges-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.10.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-badges-management-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-badges-management-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..9bb6a0f7bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-badges-management-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-badges-management-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-badges-management/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-badges-management/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-badges-management,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-badges-management/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-badges-management" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-best-sellers-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-best-sellers-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..a94b061fb0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-best-sellers-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-best-sellers-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-best-sellers/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-best-sellers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-best-sellers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-best-sellers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-best-sellers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-brands-add-on-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-brands-add-on-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..744a29eb82 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-brands-add-on-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-brands-add-on-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-brands-add-on/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-brands-add-on/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-brands-add-on,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-brands-add-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-brands-add-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-brands-add-on-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-brands-add-on-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..4fda606ca5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-brands-add-on-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-brands-add-on-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-brands-add-on/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-brands-add-on/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-brands-add-on,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-brands-add-on/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-brands-add-on" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-bulk-product-editing-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-bulk-product-editing-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..c07d2ba0fc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-bulk-product-editing-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-bulk-product-editing-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-bulk-product-editing/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-bulk-product-editing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-bulk-product-editing,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-bulk-product-editing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-bulk-product-editing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-bulk-product-editing-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-bulk-product-editing-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..3d3724ded0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-bulk-product-editing-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-bulk-product-editing-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-bulk-product-editing/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-bulk-product-editing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-bulk-product-editing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-bulk-product-editing/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-bulk-product-editing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-cart-messages-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-cart-messages-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..2ea2771abf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-cart-messages-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-cart-messages-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-cart-messages/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-cart-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-cart-messages,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-cart-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-cart-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-cart-messages-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-cart-messages-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..435d6a99c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-cart-messages-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-cart-messages-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-cart-messages/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-cart-messages/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-cart-messages,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-cart-messages/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-cart-messages" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-catalog-mode-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-catalog-mode-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..9a1379340d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-catalog-mode-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-catalog-mode-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-catalog-mode/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-catalog-mode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-catalog-mode,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-catalog-mode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-catalog-mode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-category-accordion-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-category-accordion-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..5f9b6d20a0 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-category-accordion-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-category-accordion-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-category-accordion/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-category-accordion/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-category-accordion,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-category-accordion/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-category-accordion" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-282e251eab336c690b3101edf7ffeddc.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-282e251eab336c690b3101edf7ffeddc.yaml new file mode 100644 index 0000000000..f087b7ade9 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-282e251eab336c690b3101edf7ffeddc.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-compare-282e251eab336c690b3101edf7ffeddc + +info: + name: > + YITH WooCommerce Compare <= 2.37.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f822d5b9-46fb-4910-8d92-8c73e01d7e50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-compare/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-compare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-compare,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-compare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-compare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.37.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..4df1d6825b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-compare-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-compare/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-compare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-compare,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-compare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-compare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.20.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..0be056797c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-compare-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-compare-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-compare/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-compare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-compare,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-compare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-compare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-featured-video-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-featured-video-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..438cdbaf2e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-featured-video-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-featured-video-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-featured-video/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-featured-video/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-featured-video,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-featured-video/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-featured-video" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-frequently-bought-together-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-frequently-bought-together-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..6476a759c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-frequently-bought-together-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-frequently-bought-together-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-frequently-bought-together/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-frequently-bought-together/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-frequently-bought-together,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-frequently-bought-together/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-frequently-bought-together" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.18.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-frequently-bought-together-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-frequently-bought-together-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..741a1e8b49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-frequently-bought-together-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-frequently-bought-together-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-frequently-bought-together/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-frequently-bought-together/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-frequently-bought-together,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-frequently-bought-together/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-frequently-bought-together" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..a471b9b53a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-gift-cards-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-gift-cards/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-gift-cards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-gift-cards,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-gift-cards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-gift-cards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.14.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..ebcd0d2860 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-gift-cards-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-gift-cards/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-gift-cards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-gift-cards,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-gift-cards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-gift-cards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-premium-41e80875772903dab5f7014a7dce0bda.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-premium-41e80875772903dab5f7014a7dce0bda.yaml new file mode 100644 index 0000000000..f790c0d5cb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-premium-41e80875772903dab5f7014a7dce0bda.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-gift-cards-premium-41e80875772903dab5f7014a7dce0bda + +info: + name: > + YITH WooCommerce Gift Cards Premium <= 3.3.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b6489f8-061d-4fbd-81f2-9f508dd0e7f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-gift-cards-premium/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-gift-cards-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-gift-cards-premium,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-gift-cards-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-gift-cards-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-premium-4a463e7ba518b96c1fea8ec0461b05e3.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-premium-4a463e7ba518b96c1fea8ec0461b05e3.yaml new file mode 100644 index 0000000000..a35d8d1cd3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-premium-4a463e7ba518b96c1fea8ec0461b05e3.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-gift-cards-premium-4a463e7ba518b96c1fea8ec0461b05e3 + +info: + name: > + YITH WooCommerce Gift Cards Premium <= 3.23.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1e77760b-4e61-462c-9245-0e40f161d565?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-gift-cards-premium/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-gift-cards-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-gift-cards-premium,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-gift-cards-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-gift-cards-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.23.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-premium-83ba46f68dcdc63735fee9175b72793e.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-premium-83ba46f68dcdc63735fee9175b72793e.yaml new file mode 100644 index 0000000000..a95a9b50b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-gift-cards-premium-83ba46f68dcdc63735fee9175b72793e.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-gift-cards-premium-83ba46f68dcdc63735fee9175b72793e + +info: + name: > + Yith WooCommerce Gift Cards Premium <= 3.19.0 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd4f7b73-947b-4962-9880-5f279580f43c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-gift-cards-premium/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-gift-cards-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-gift-cards-premium,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-gift-cards-premium/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-gift-cards-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.19.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-mailchimp-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-mailchimp-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..63ed9bb628 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-mailchimp-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-mailchimp-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-mailchimp/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-mailchimp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-mailchimp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-mailchimp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-mailchimp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-mailchimp-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-mailchimp-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..fcddb3928f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-mailchimp-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-mailchimp-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-mailchimp/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-mailchimp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-mailchimp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-mailchimp/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-mailchimp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-multi-step-checkout-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-multi-step-checkout-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..58707aca39 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-multi-step-checkout-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-multi-step-checkout-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-multi-step-checkout/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-multi-step-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-multi-step-checkout,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-multi-step-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-multi-step-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-multi-step-checkout-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-multi-step-checkout-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..2ff0c69856 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-multi-step-checkout-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-multi-step-checkout-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-multi-step-checkout/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-multi-step-checkout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-multi-step-checkout,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-multi-step-checkout/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-multi-step-checkout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-name-your-price-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-name-your-price-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..aaef6e9cbd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-name-your-price-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-name-your-price-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-name-your-price/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-name-your-price/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-name-your-price,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-name-your-price/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-name-your-price" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-order-tracking-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-order-tracking-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..a5a5fbf4cc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-order-tracking-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-order-tracking-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-order-tracking/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-order-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-order-tracking,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-order-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-order-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-order-tracking-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-order-tracking-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..cca3db6256 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-order-tracking-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-order-tracking-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-order-tracking/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-order-tracking/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-order-tracking,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-order-tracking/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-order-tracking" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-pdf-invoice-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-pdf-invoice-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..7f3e1633b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-pdf-invoice-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-pdf-invoice-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-pdf-invoice/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-pdf-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-pdf-invoice,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-pdf-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-pdf-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-pdf-invoice-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-pdf-invoice-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..572667c5a5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-pdf-invoice-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-pdf-invoice-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-pdf-invoice/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-pdf-invoice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-pdf-invoice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-pdf-invoice/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-pdf-invoice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-points-and-rewards-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-points-and-rewards-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..dbb61c37dd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-points-and-rewards-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-points-and-rewards-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-points-and-rewards/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-points-and-rewards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-points-and-rewards,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-points-and-rewards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-points-and-rewards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-points-and-rewards-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-points-and-rewards-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..95ce8e4bf3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-points-and-rewards-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-points-and-rewards-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-points-and-rewards/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-points-and-rewards/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-points-and-rewards,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-points-and-rewards/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-points-and-rewards" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-popup-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-popup-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..54e5fb202d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-popup-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-popup-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-popup/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-popup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-popup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-popup/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-popup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.21.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-255ea4aa4e6fb6ceab7bcf43313eab50.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-255ea4aa4e6fb6ceab7bcf43313eab50.yaml new file mode 100644 index 0000000000..340472b740 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-255ea4aa4e6fb6ceab7bcf43313eab50.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-product-add-ons-255ea4aa4e6fb6ceab7bcf43313eab50 + +info: + name: > + YITH WooCommerce Product Add-Ons <= 4.2.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e95773c-b968-47b3-8ae7-9a8d3389666c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-add-ons/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-add-ons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-add-ons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-add-ons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-27280f97d7c2f094c66e491abb0e38cf.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-27280f97d7c2f094c66e491abb0e38cf.yaml new file mode 100644 index 0000000000..6cf93d0237 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-27280f97d7c2f094c66e491abb0e38cf.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-product-add-ons-27280f97d7c2f094c66e491abb0e38cf + +info: + name: > + YITH WooCommerce Product Add-Ons <= 4.5.0 - Unuathenticated Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3efb7b1-5230-40f9-a8a0-3712916284be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-add-ons/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-add-ons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-add-ons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-add-ons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..12556e50ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-product-add-ons-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-add-ons/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-add-ons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-add-ons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-add-ons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-61ed528306912302d784398edae3cbb2.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-61ed528306912302d784398edae3cbb2.yaml new file mode 100644 index 0000000000..8f578d0e13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-61ed528306912302d784398edae3cbb2.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-product-add-ons-61ed528306912302d784398edae3cbb2 + +info: + name: > + YITH WooCommerce Product Add-Ons <= 4.3.0 - Authenticated(Shop Manager+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7edd06d9-3897-4644-a77e-e58ab6d14c95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-add-ons/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-add-ons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-add-ons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-add-ons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..7b8ee18899 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-add-ons-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-product-add-ons-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-add-ons/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-add-ons/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-add-ons,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-add-ons/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-add-ons" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.21') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-product-bundles-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-bundles-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..4ebe35e717 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-bundles-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-product-bundles-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-bundles/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-bundles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-bundles,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-bundles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-bundles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-product-bundles-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-bundles-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..9d94521f09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-bundles-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-product-bundles-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-bundles/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-bundles/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-bundles,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-bundles/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-bundles" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-product-slider-carousel-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-slider-carousel-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..bb96267b4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-slider-carousel-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-product-slider-carousel-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-slider-carousel/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-slider-carousel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-slider-carousel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-slider-carousel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-slider-carousel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.16.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-product-vendors-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-vendors-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..c9a1e78a41 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-vendors-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-product-vendors-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-vendors/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-vendors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-vendors,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-vendors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-vendors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-product-vendors-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-vendors-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..4f9e438ed6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-product-vendors-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-product-vendors-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-product-vendors/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-product-vendors/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-product-vendors,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-product-vendors/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-product-vendors" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-questions-and-answers-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-questions-and-answers-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..7fa2303349 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-questions-and-answers-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-questions-and-answers-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-questions-and-answers/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-questions-and-answers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-questions-and-answers,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-questions-and-answers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-questions-and-answers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-questions-and-answers-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-questions-and-answers-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..624ccd8590 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-questions-and-answers-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-questions-and-answers-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-questions-and-answers/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-questions-and-answers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-questions-and-answers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-questions-and-answers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-questions-and-answers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-quick-view-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-quick-view-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..609af57cf6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-quick-view-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-quick-view-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-quick-view/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-quick-view/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-quick-view,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-quick-view/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-quick-view" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.21.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-quick-view-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-quick-view-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..3b8702d563 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-quick-view-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-quick-view-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-quick-view/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-quick-view/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-quick-view,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-quick-view/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-quick-view" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-recover-abandoned-cart-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-recover-abandoned-cart-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..ed80c8282c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-recover-abandoned-cart-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-recover-abandoned-cart-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-recover-abandoned-cart/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-recover-abandoned-cart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-recover-abandoned-cart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-recover-abandoned-cart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-recover-abandoned-cart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-request-a-quote-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-request-a-quote-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..2c633ff4b5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-request-a-quote-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-request-a-quote-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-request-a-quote/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-request-a-quote/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-request-a-quote,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-request-a-quote/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-request-a-quote" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.15.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-request-a-quote-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-request-a-quote-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..d20c63a6a6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-request-a-quote-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-request-a-quote-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-request-a-quote/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-request-a-quote/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-request-a-quote,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-request-a-quote/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-request-a-quote" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-social-login-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-social-login-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..5ecb22bf30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-social-login-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-social-login-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-social-login/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-social-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-social-login,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-social-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-social-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-social-login-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-social-login-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..b4c796cac2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-social-login-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-social-login-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-social-login/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-social-login/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-social-login,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-social-login/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-social-login" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-stripe-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-stripe-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..261a0aba3c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-stripe-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-stripe-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-stripe/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-stripe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-stripe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-stripe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-stripe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-stripe-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-stripe-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..b82f0270a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-stripe-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-stripe-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-stripe/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-stripe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-stripe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-stripe/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-stripe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-subscription-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-subscription-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..4101e28fa3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-subscription-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-subscription-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-subscription/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-subscription/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-subscription,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-subscription/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-subscription" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.16.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-subscription-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-subscription-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..0bf35205ac --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-subscription-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-subscription-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-subscription/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-subscription/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-subscription,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-subscription/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-subscription" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-tab-manager-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-tab-manager-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..26c58bbe9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-tab-manager-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-tab-manager-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-tab-manager/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-tab-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-tab-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-tab-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-tab-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.17.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-waiting-list-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-waiting-list-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..0f09bc918f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-waiting-list-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-waiting-list-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-waiting-list/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-waiting-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-waiting-list,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-waiting-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-waiting-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.21.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-waiting-list-bcdc9da8f16c2dd363504b15d634a8b3.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-waiting-list-bcdc9da8f16c2dd363504b15d634a8b3.yaml new file mode 100644 index 0000000000..a01b30845e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-waiting-list-bcdc9da8f16c2dd363504b15d634a8b3.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-waiting-list-bcdc9da8f16c2dd363504b15d634a8b3 + +info: + name: > + YITH WooCommerce Waiting List <= 2.6.0 - Cross-Site Request forgery via 'save_mail_status' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0bcc1457-abbc-4bd9-a0a8-80e3d5624d95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-waiting-list/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-waiting-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-waiting-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-waiting-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-waiting-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-waiting-list-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-waiting-list-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..0c53ab9b61 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-waiting-list-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-waiting-list-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-waiting-list/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-waiting-list/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-waiting-list,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-waiting-list/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-waiting-list" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-wishlist-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-wishlist-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..31acbe720a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-wishlist-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-wishlist-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-wishlist/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-wishlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-wishlist,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.14.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-wishlist-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-wishlist-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..574775a72e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-wishlist-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-wishlist-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-wishlist/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-wishlist/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-wishlist,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-wishlist/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-wishlist" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-zoom-magnifier-564f40d4fe0ef114f55053468e52e333.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-zoom-magnifier-564f40d4fe0ef114f55053468e52e333.yaml new file mode 100644 index 0000000000..7ede97a51b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-zoom-magnifier-564f40d4fe0ef114f55053468e52e333.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-zoom-magnifier-564f40d4fe0ef114f55053468e52e333 + +info: + name: > + YITH plugins by YITHEMES <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f002d061-4e9d-49be-9d4c-c470ec97f653?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-zoom-magnifier/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-zoom-magnifier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-zoom-magnifier,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-zoom-magnifier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-zoom-magnifier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.14.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yith-woocommerce-zoom-magnifier-e1335c6f9c71ba603c44dff8a99e9a32.yaml b/nuclei-templates/cve-less/plugins/yith-woocommerce-zoom-magnifier-e1335c6f9c71ba603c44dff8a99e9a32.yaml new file mode 100644 index 0000000000..38911659f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yith-woocommerce-zoom-magnifier-e1335c6f9c71ba603c44dff8a99e9a32.yaml @@ -0,0 +1,58 @@ +id: yith-woocommerce-zoom-magnifier-e1335c6f9c71ba603c44dff8a99e9a32 + +info: + name: > + YIT Plugin Framework <= 3.3.8 - Authenticated Settings Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b34a0c6-3573-48c7-8edb-c9cf9503da06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yith-woocommerce-zoom-magnifier/" + google-query: inurl:"/wp-content/plugins/yith-woocommerce-zoom-magnifier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yith-woocommerce-zoom-magnifier,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yith-woocommerce-zoom-magnifier/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yith-woocommerce-zoom-magnifier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yml-for-yandex-market-2bf6e569a041eba29b626a0e786e076e.yaml b/nuclei-templates/cve-less/plugins/yml-for-yandex-market-2bf6e569a041eba29b626a0e786e076e.yaml new file mode 100644 index 0000000000..c099c57975 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yml-for-yandex-market-2bf6e569a041eba29b626a0e786e076e.yaml @@ -0,0 +1,58 @@ +id: yml-for-yandex-market-2bf6e569a041eba29b626a0e786e076e + +info: + name: > + YML for Yandex Market <= 4.2.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c343cee6-909d-4c1a-a6e4-f916a2ae223e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yml-for-yandex-market/" + google-query: inurl:"/wp-content/plugins/yml-for-yandex-market/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yml-for-yandex-market,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yml-for-yandex-market/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yml-for-yandex-market" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yml-for-yandex-market-af78913e8aa3b92d3397ebee3054a3e9.yaml b/nuclei-templates/cve-less/plugins/yml-for-yandex-market-af78913e8aa3b92d3397ebee3054a3e9.yaml new file mode 100644 index 0000000000..cddbd7e86e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yml-for-yandex-market-af78913e8aa3b92d3397ebee3054a3e9.yaml @@ -0,0 +1,58 @@ +id: yml-for-yandex-market-af78913e8aa3b92d3397ebee3054a3e9 + +info: + name: > + Yml for Yandex Market <= 3.10.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a823a21e-78b5-4186-bb67-88799509970d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yml-for-yandex-market/" + google-query: inurl:"/wp-content/plugins/yml-for-yandex-market/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yml-for-yandex-market,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yml-for-yandex-market/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yml-for-yandex-market" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.10.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yoo-slider-1327cd5b3a24f53dc0f827abbdb99b36.yaml b/nuclei-templates/cve-less/plugins/yoo-slider-1327cd5b3a24f53dc0f827abbdb99b36.yaml new file mode 100644 index 0000000000..a9f8bd0b63 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yoo-slider-1327cd5b3a24f53dc0f827abbdb99b36.yaml @@ -0,0 +1,58 @@ +id: yoo-slider-1327cd5b3a24f53dc0f827abbdb99b36 + +info: + name: > + Yoo Slider – Image Slider & Video Slider <= 2.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5a3a5dd8-1608-4a73-a571-25da811e4605?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yoo-slider/" + google-query: inurl:"/wp-content/plugins/yoo-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yoo-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yoo-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yoo-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yoo-slider-6496be73d20798eb7af74bf20b42d8fa.yaml b/nuclei-templates/cve-less/plugins/yoo-slider-6496be73d20798eb7af74bf20b42d8fa.yaml new file mode 100644 index 0000000000..83f8d87be1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yoo-slider-6496be73d20798eb7af74bf20b42d8fa.yaml @@ -0,0 +1,58 @@ +id: yoo-slider-6496be73d20798eb7af74bf20b42d8fa + +info: + name: > + Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29d112ca-c793-4459-a5a0-7f1a3de9de71?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yoo-slider/" + google-query: inurl:"/wp-content/plugins/yoo-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yoo-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yoo-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yoo-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yoo-slider-7da4dea81c55210aa215efa50cd5e1a7.yaml b/nuclei-templates/cve-less/plugins/yoo-slider-7da4dea81c55210aa215efa50cd5e1a7.yaml new file mode 100644 index 0000000000..3e7f45b30d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yoo-slider-7da4dea81c55210aa215efa50cd5e1a7.yaml @@ -0,0 +1,58 @@ +id: yoo-slider-7da4dea81c55210aa215efa50cd5e1a7 + +info: + name: > + Yoo Slider plugin <= 2.0.0 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1f643bd-a168-4506-9606-0b8b91573ebb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yoo-slider/" + google-query: inurl:"/wp-content/plugins/yoo-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yoo-slider,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yoo-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yoo-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yoo-slider-7f7eb1234b1c572ad770fcbedeeb7de7.yaml b/nuclei-templates/cve-less/plugins/yoo-slider-7f7eb1234b1c572ad770fcbedeeb7de7.yaml new file mode 100644 index 0000000000..4cbf1c0262 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yoo-slider-7f7eb1234b1c572ad770fcbedeeb7de7.yaml @@ -0,0 +1,58 @@ +id: yoo-slider-7f7eb1234b1c572ad770fcbedeeb7de7 + +info: + name: > + Yoo Slider <= 2.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4852bd93-032f-4e11-ac30-7268684f08e2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yoo-slider/" + google-query: inurl:"/wp-content/plugins/yoo-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yoo-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yoo-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yoo-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yoo-slider-e46bfa26b6acc9d0ed585b68ffa95ec6.yaml b/nuclei-templates/cve-less/plugins/yoo-slider-e46bfa26b6acc9d0ed585b68ffa95ec6.yaml new file mode 100644 index 0000000000..f7b4225462 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yoo-slider-e46bfa26b6acc9d0ed585b68ffa95ec6.yaml @@ -0,0 +1,58 @@ +id: yoo-slider-e46bfa26b6acc9d0ed585b68ffa95ec6 + +info: + name: > + Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9906b19-1ac7-4015-adb3-0674dde0331e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yoo-slider/" + google-query: inurl:"/wp-content/plugins/yoo-slider/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yoo-slider,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yoo-slider/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yoo-slider" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yookassa-10647c17dbf9c37ea854931ce84957f9.yaml b/nuclei-templates/cve-less/plugins/yookassa-10647c17dbf9c37ea854931ce84957f9.yaml new file mode 100644 index 0000000000..4cfdb5263c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yookassa-10647c17dbf9c37ea854931ce84957f9.yaml @@ -0,0 +1,58 @@ +id: yookassa-10647c17dbf9c37ea854931ce84957f9 + +info: + name: > + ЮKassa для WooCommerce <= 2.3.0 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a027f8f-bec8-456c-804b-b18fdb9532db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yookassa/" + google-query: inurl:"/wp-content/plugins/yookassa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yookassa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yookassa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yookassa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yookassa-d03a599615f97ee32ed6c9f069046608.yaml b/nuclei-templates/cve-less/plugins/yookassa-d03a599615f97ee32ed6c9f069046608.yaml new file mode 100644 index 0000000000..77130c4150 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yookassa-d03a599615f97ee32ed6c9f069046608.yaml @@ -0,0 +1,58 @@ +id: yookassa-d03a599615f97ee32ed6c9f069046608 + +info: + name: > + ЮKassa для WooCommerce <= 2.3.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87e32ddb-6f3e-4896-965c-f30b016f9a72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yookassa/" + google-query: inurl:"/wp-content/plugins/yookassa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yookassa,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yookassa/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yookassa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yop-poll-0779481b7f80c0411ff97013b26aee05.yaml b/nuclei-templates/cve-less/plugins/yop-poll-0779481b7f80c0411ff97013b26aee05.yaml new file mode 100644 index 0000000000..70656960d2 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yop-poll-0779481b7f80c0411ff97013b26aee05.yaml @@ -0,0 +1,58 @@ +id: yop-poll-0779481b7f80c0411ff97013b26aee05 + +info: + name: > + YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Options Module + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7edad4f6-e470-4a72-b618-d2dad64e0ac1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yop-poll/" + google-query: inurl:"/wp-content/plugins/yop-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yop-poll,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yop-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yop-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yop-poll-2209fd73f482335c124e2a704dbac383.yaml b/nuclei-templates/cve-less/plugins/yop-poll-2209fd73f482335c124e2a704dbac383.yaml new file mode 100644 index 0000000000..571c3c5e56 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yop-poll-2209fd73f482335c124e2a704dbac383.yaml @@ -0,0 +1,58 @@ +id: yop-poll-2209fd73f482335c124e2a704dbac383 + +info: + name: > + YOP Poll <= 6.3.0 - Author+ Stored Cross-Site Scripting via Preview Module + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2f4e5f34-c107-44da-9f73-e7b25f83e803?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yop-poll/" + google-query: inurl:"/wp-content/plugins/yop-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yop-poll,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yop-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yop-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yop-poll-3ceff14dcfb2e0311d597c89266b0063.yaml b/nuclei-templates/cve-less/plugins/yop-poll-3ceff14dcfb2e0311d597c89266b0063.yaml new file mode 100644 index 0000000000..57aebfed8a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yop-poll-3ceff14dcfb2e0311d597c89266b0063.yaml @@ -0,0 +1,58 @@ +id: yop-poll-3ceff14dcfb2e0311d597c89266b0063 + +info: + name: > + YOP Poll <= 5.8.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3323b809-b778-48fb-967c-cedba9010495?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yop-poll/" + google-query: inurl:"/wp-content/plugins/yop-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yop-poll,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yop-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yop-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yop-poll-538b036c9b7ca7079f6e2a5cc2642fb5.yaml b/nuclei-templates/cve-less/plugins/yop-poll-538b036c9b7ca7079f6e2a5cc2642fb5.yaml new file mode 100644 index 0000000000..80992b3e90 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yop-poll-538b036c9b7ca7079f6e2a5cc2642fb5.yaml @@ -0,0 +1,58 @@ +id: yop-poll-538b036c9b7ca7079f6e2a5cc2642fb5 + +info: + name: > + YOP Poll <= 6.5.28 - Reusable Captcha via validateImage + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33f8f75d-c57e-456c-a48a-82fa668adb1c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yop-poll/" + google-query: inurl:"/wp-content/plugins/yop-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yop-poll,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yop-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yop-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.28') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yop-poll-570709303e69e8bea02cdb35b74ee58c.yaml b/nuclei-templates/cve-less/plugins/yop-poll-570709303e69e8bea02cdb35b74ee58c.yaml new file mode 100644 index 0000000000..be09a57f9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yop-poll-570709303e69e8bea02cdb35b74ee58c.yaml @@ -0,0 +1,58 @@ +id: yop-poll-570709303e69e8bea02cdb35b74ee58c + +info: + name: > + YOP Poll <= 6.1.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6754c9a-81e1-4b39-a125-5293ee4ff758?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yop-poll/" + google-query: inurl:"/wp-content/plugins/yop-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yop-poll,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yop-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yop-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yop-poll-5cd8506b97bde8d30090476ea4e9f6d6.yaml b/nuclei-templates/cve-less/plugins/yop-poll-5cd8506b97bde8d30090476ea4e9f6d6.yaml new file mode 100644 index 0000000000..4e85b13e75 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yop-poll-5cd8506b97bde8d30090476ea4e9f6d6.yaml @@ -0,0 +1,58 @@ +id: yop-poll-5cd8506b97bde8d30090476ea4e9f6d6 + +info: + name: > + YOP Poll <= 6.0.2 - Reflected Cross-Site Scripting via poll_id Parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a753b4ba-9223-4eff-95e3-da7a1b2830a6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yop-poll/" + google-query: inurl:"/wp-content/plugins/yop-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yop-poll,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yop-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yop-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yop-poll-7a46739bfced50470df5ec8fce622b5b.yaml b/nuclei-templates/cve-less/plugins/yop-poll-7a46739bfced50470df5ec8fce622b5b.yaml new file mode 100644 index 0000000000..c34a2f0d49 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yop-poll-7a46739bfced50470df5ec8fce622b5b.yaml @@ -0,0 +1,58 @@ +id: yop-poll-7a46739bfced50470df5ec8fce622b5b + +info: + name: > + YOP Poll <= 6.3.4 - Author+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7beaa9e-517b-4717-b896-3e37424e27a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yop-poll/" + google-query: inurl:"/wp-content/plugins/yop-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yop-poll,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yop-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yop-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yop-poll-ac4eaf61003a7bcab0c4c83244d45aab.yaml b/nuclei-templates/cve-less/plugins/yop-poll-ac4eaf61003a7bcab0c4c83244d45aab.yaml new file mode 100644 index 0000000000..df13136c67 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yop-poll-ac4eaf61003a7bcab0c4c83244d45aab.yaml @@ -0,0 +1,58 @@ +id: yop-poll-ac4eaf61003a7bcab0c4c83244d45aab + +info: + name: > + YOP Poll <= 6.4.2 - IP Spoofing via X-Forwarded-For header + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff840236-4368-45aa-a9a3-7e02f20783d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yop-poll/" + google-query: inurl:"/wp-content/plugins/yop-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yop-poll,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yop-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yop-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yop-poll-cb10630ddc7da513be3fbc863f316ce2.yaml b/nuclei-templates/cve-less/plugins/yop-poll-cb10630ddc7da513be3fbc863f316ce2.yaml new file mode 100644 index 0000000000..7fa35a257f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yop-poll-cb10630ddc7da513be3fbc863f316ce2.yaml @@ -0,0 +1,58 @@ +id: yop-poll-cb10630ddc7da513be3fbc863f316ce2 + +info: + name: > + YOP Poll <= 6.2.7 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5df238dd-6269-4ee0-a0f4-12bdb74f74e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yop-poll/" + google-query: inurl:"/wp-content/plugins/yop-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yop-poll,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yop-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yop-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yop-poll-dde39ba4d7059070e8dd3bb604ff98da.yaml b/nuclei-templates/cve-less/plugins/yop-poll-dde39ba4d7059070e8dd3bb604ff98da.yaml new file mode 100644 index 0000000000..ca7538230e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yop-poll-dde39ba4d7059070e8dd3bb604ff98da.yaml @@ -0,0 +1,58 @@ +id: yop-poll-dde39ba4d7059070e8dd3bb604ff98da + +info: + name: > + YOP Poll <= 6.5.26 - Race Condition to Vote Manipulation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/360b1927-a863-46be-ad11-3f6251c75a3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yop-poll/" + google-query: inurl:"/wp-content/plugins/yop-poll/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yop-poll,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yop-poll/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yop-poll" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.5.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yotpo-reviews-for-woocommerce-2209fd38d31d7045610e08e5a8e2302b.yaml b/nuclei-templates/cve-less/plugins/yotpo-reviews-for-woocommerce-2209fd38d31d7045610e08e5a8e2302b.yaml new file mode 100644 index 0000000000..6f17ddb81c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yotpo-reviews-for-woocommerce-2209fd38d31d7045610e08e5a8e2302b.yaml @@ -0,0 +1,58 @@ +id: yotpo-reviews-for-woocommerce-2209fd38d31d7045610e08e5a8e2302b + +info: + name: > + Yotpo Reviews for WooCommerce (Unofficial) <= 2.0.4 - Cross-Site Request Forgery to Plugin Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6297753c-72c0-4926-9365-d0c760ddfd2a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yotpo-reviews-for-woocommerce/" + google-query: inurl:"/wp-content/plugins/yotpo-reviews-for-woocommerce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yotpo-reviews-for-woocommerce,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yotpo-reviews-for-woocommerce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yotpo-reviews-for-woocommerce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yotuwp-easy-youtube-embed-371f210cfb55319010fd16b3a7c4efca.yaml b/nuclei-templates/cve-less/plugins/yotuwp-easy-youtube-embed-371f210cfb55319010fd16b3a7c4efca.yaml new file mode 100644 index 0000000000..75366b82dc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yotuwp-easy-youtube-embed-371f210cfb55319010fd16b3a7c4efca.yaml @@ -0,0 +1,58 @@ +id: yotuwp-easy-youtube-embed-371f210cfb55319010fd16b3a7c4efca + +info: + name: > + Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.8 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91c1100b-be67-4610-947a-c6a010a2757e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yotuwp-easy-youtube-embed/" + google-query: inurl:"/wp-content/plugins/yotuwp-easy-youtube-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yotuwp-easy-youtube-embed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yotuwp-easy-youtube-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yotuwp-easy-youtube-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yotuwp-easy-youtube-embed-fcbd76097c62e0d5592f5bd058f1a16f.yaml b/nuclei-templates/cve-less/plugins/yotuwp-easy-youtube-embed-fcbd76097c62e0d5592f5bd058f1a16f.yaml new file mode 100644 index 0000000000..6f829c400c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yotuwp-easy-youtube-embed-fcbd76097c62e0d5592f5bd058f1a16f.yaml @@ -0,0 +1,58 @@ +id: yotuwp-easy-youtube-embed-fcbd76097c62e0d5592f5bd058f1a16f + +info: + name: > + Video Gallery <= 1.3.12 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93b5bc57-3bfa-4477-a9d4-f0563008cf94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yotuwp-easy-youtube-embed/" + google-query: inurl:"/wp-content/plugins/yotuwp-easy-youtube-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yotuwp-easy-youtube-embed,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yotuwp-easy-youtube-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yotuwp-easy-youtube-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/you-shang-43a1e8131c5398f64ddb0148cb86b0fc.yaml b/nuclei-templates/cve-less/plugins/you-shang-43a1e8131c5398f64ddb0148cb86b0fc.yaml new file mode 100644 index 0000000000..eed2f9c7ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/you-shang-43a1e8131c5398f64ddb0148cb86b0fc.yaml @@ -0,0 +1,58 @@ +id: you-shang-43a1e8131c5398f64ddb0148cb86b0fc + +info: + name: > + 有赏 You Shang <= 1.0.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5c0ae44-18e5-4fd1-a1a8-b70fc15a8c26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/you-shang/" + google-query: inurl:"/wp-content/plugins/you-shang/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,you-shang,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/you-shang/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "you-shang" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youforms-free-for-copecart-0b4cf00934e898c124e66c8a24ee9c38.yaml b/nuclei-templates/cve-less/plugins/youforms-free-for-copecart-0b4cf00934e898c124e66c8a24ee9c38.yaml new file mode 100644 index 0000000000..eb68a0fcbc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youforms-free-for-copecart-0b4cf00934e898c124e66c8a24ee9c38.yaml @@ -0,0 +1,58 @@ +id: youforms-free-for-copecart-0b4cf00934e898c124e66c8a24ee9c38 + +info: + name: > + youForms for WordPress – Creating Forms for CopeCart <= 1.0.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1d67b80-67b7-4194-ab90-e9f8cea1ac33?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youforms-free-for-copecart/" + google-query: inurl:"/wp-content/plugins/youforms-free-for-copecart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youforms-free-for-copecart,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youforms-free-for-copecart/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youforms-free-for-copecart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/your-text-manager-882b62316645c3c4ca02d06b90f3ba4c.yaml b/nuclei-templates/cve-less/plugins/your-text-manager-882b62316645c3c4ca02d06b90f3ba4c.yaml new file mode 100644 index 0000000000..17b4693c83 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/your-text-manager-882b62316645c3c4ca02d06b90f3ba4c.yaml @@ -0,0 +1,58 @@ +id: your-text-manager-882b62316645c3c4ca02d06b90f3ba4c + +info: + name: > + Your Text Manager <= 0.3.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9dd48d0f-00c2-4f76-923b-eb5c7a2b4468?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/your-text-manager/" + google-query: inurl:"/wp-content/plugins/your-text-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,your-text-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/your-text-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "your-text-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yourchannel-14a83f20a2e76cecad34b8959bcb030a.yaml b/nuclei-templates/cve-less/plugins/yourchannel-14a83f20a2e76cecad34b8959bcb030a.yaml new file mode 100644 index 0000000000..965944efca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yourchannel-14a83f20a2e76cecad34b8959bcb030a.yaml @@ -0,0 +1,58 @@ +id: yourchannel-14a83f20a2e76cecad34b8959bcb030a + +info: + name: > + YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7ae863c-4638-49ab-bb1f-52346884c3aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yourchannel/" + google-query: inurl:"/wp-content/plugins/yourchannel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yourchannel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yourchannel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourchannel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yourchannel-3989a9901d352d6a2f1182e6cf00355e.yaml b/nuclei-templates/cve-less/plugins/yourchannel-3989a9901d352d6a2f1182e6cf00355e.yaml new file mode 100644 index 0000000000..e1845f94a4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yourchannel-3989a9901d352d6a2f1182e6cf00355e.yaml @@ -0,0 +1,58 @@ +id: yourchannel-3989a9901d352d6a2f1182e6cf00355e + +info: + name: > + YourChannel <= 1.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'yrc_lang[Videos]' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6ebce82-6260-489e-b0b1-5037a0100626?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yourchannel/" + google-query: inurl:"/wp-content/plugins/yourchannel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yourchannel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yourchannel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourchannel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yourchannel-46e730049923010c8fef590481e6af11.yaml b/nuclei-templates/cve-less/plugins/yourchannel-46e730049923010c8fef590481e6af11.yaml new file mode 100644 index 0000000000..a8151b04de --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yourchannel-46e730049923010c8fef590481e6af11.yaml @@ -0,0 +1,58 @@ +id: yourchannel-46e730049923010c8fef590481e6af11 + +info: + name: > + YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Settings Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c20db2d-f73d-4e52-a275-ab1975ae4b17?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yourchannel/" + google-query: inurl:"/wp-content/plugins/yourchannel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yourchannel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yourchannel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourchannel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yourchannel-79b5bcc733210544f6943a7d400a5741.yaml b/nuclei-templates/cve-less/plugins/yourchannel-79b5bcc733210544f6943a7d400a5741.yaml new file mode 100644 index 0000000000..719b83aa2a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yourchannel-79b5bcc733210544f6943a7d400a5741.yaml @@ -0,0 +1,58 @@ +id: yourchannel-79b5bcc733210544f6943a7d400a5741 + +info: + name: > + YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45851efe-2584-4b5e-8e4c-24f289d3bc32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yourchannel/" + google-query: inurl:"/wp-content/plugins/yourchannel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yourchannel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yourchannel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourchannel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yourchannel-7b03e9c7a48a7a487481072b229c74d2.yaml b/nuclei-templates/cve-less/plugins/yourchannel-7b03e9c7a48a7a487481072b229c74d2.yaml new file mode 100644 index 0000000000..227b09ec33 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yourchannel-7b03e9c7a48a7a487481072b229c74d2.yaml @@ -0,0 +1,58 @@ +id: yourchannel-7b03e9c7a48a7a487481072b229c74d2 + +info: + name: > + YourChannel <= 1.2.2 Authenticated (Contributor+) Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d18e1c7-65b6-4c1f-88bf-4014418ff920?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yourchannel/" + google-query: inurl:"/wp-content/plugins/yourchannel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yourchannel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yourchannel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourchannel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yourchannel-7eee22ee9d7eafb911cff5c522c34cc9.yaml b/nuclei-templates/cve-less/plugins/yourchannel-7eee22ee9d7eafb911cff5c522c34cc9.yaml new file mode 100644 index 0000000000..4866c57b4a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yourchannel-7eee22ee9d7eafb911cff5c522c34cc9.yaml @@ -0,0 +1,58 @@ +id: yourchannel-7eee22ee9d7eafb911cff5c522c34cc9 + +info: + name: > + YourChannel <= 1.2.1 - Missing Authorization Checks leading to Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de2c2c90-52b6-4315-a8d1-6519a90f81e7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yourchannel/" + google-query: inurl:"/wp-content/plugins/yourchannel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yourchannel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yourchannel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourchannel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yourchannel-874a492260299c7a5afa8a7cc7cbcac9.yaml b/nuclei-templates/cve-less/plugins/yourchannel-874a492260299c7a5afa8a7cc7cbcac9.yaml new file mode 100644 index 0000000000..41f5be95c4 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yourchannel-874a492260299c7a5afa8a7cc7cbcac9.yaml @@ -0,0 +1,58 @@ +id: yourchannel-874a492260299c7a5afa8a7cc7cbcac9 + +info: + name: > + YourChannel <= 1.2.3 - Missing Authorization to Plugin Settings Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34817e32-d5a3-403a-85f0-1d60af8945de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yourchannel/" + google-query: inurl:"/wp-content/plugins/yourchannel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yourchannel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yourchannel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourchannel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yourchannel-9ffefef754ef7b05c84f3b0ba93de0df.yaml b/nuclei-templates/cve-less/plugins/yourchannel-9ffefef754ef7b05c84f3b0ba93de0df.yaml new file mode 100644 index 0000000000..094267c565 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yourchannel-9ffefef754ef7b05c84f3b0ba93de0df.yaml @@ -0,0 +1,58 @@ +id: yourchannel-9ffefef754ef7b05c84f3b0ba93de0df + +info: + name: > + YourChannel <= 1.2.3 - Missing Authorization to Plugin Cache Reset + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/541d202b-f3ed-44d8-93a6-e158209db885?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yourchannel/" + google-query: inurl:"/wp-content/plugins/yourchannel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yourchannel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yourchannel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourchannel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yourchannel-bda0e76aad71129453d100395876792d.yaml b/nuclei-templates/cve-less/plugins/yourchannel-bda0e76aad71129453d100395876792d.yaml new file mode 100644 index 0000000000..cd85c118bc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yourchannel-bda0e76aad71129453d100395876792d.yaml @@ -0,0 +1,58 @@ +id: yourchannel-bda0e76aad71129453d100395876792d + +info: + name: > + YourChannel <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a81d5615-0b96-4d89-a525-7e80a10a9317?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yourchannel/" + google-query: inurl:"/wp-content/plugins/yourchannel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yourchannel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yourchannel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourchannel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yourchannel-c9984a876e871660704819ab2121a5a0.yaml b/nuclei-templates/cve-less/plugins/yourchannel-c9984a876e871660704819ab2121a5a0.yaml new file mode 100644 index 0000000000..8e05ff3609 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yourchannel-c9984a876e871660704819ab2121a5a0.yaml @@ -0,0 +1,58 @@ +id: yourchannel-c9984a876e871660704819ab2121a5a0 + +info: + name: > + YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Language Translation Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c1cec0b1-b77c-4d21-a3d2-c79fd3250bb0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yourchannel/" + google-query: inurl:"/wp-content/plugins/yourchannel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yourchannel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yourchannel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourchannel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yourmembers-4841648779bddf5eb17a1f0352588205.yaml b/nuclei-templates/cve-less/plugins/yourmembers-4841648779bddf5eb17a1f0352588205.yaml new file mode 100644 index 0000000000..a7076a8fe6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yourmembers-4841648779bddf5eb17a1f0352588205.yaml @@ -0,0 +1,58 @@ +id: yourmembers-4841648779bddf5eb17a1f0352588205 + +info: + name: > + YourMembers <= 3.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/80dbb49d-d21d-41ef-90af-f74f46e5b703?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yourmembers/" + google-query: inurl:"/wp-content/plugins/yourmembers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yourmembers,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yourmembers/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourmembers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yousaytoo-auto-publishing-plugin-4ad999fa82a381d094bc99654eb86aca.yaml b/nuclei-templates/cve-less/plugins/yousaytoo-auto-publishing-plugin-4ad999fa82a381d094bc99654eb86aca.yaml new file mode 100644 index 0000000000..b961f80c1c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yousaytoo-auto-publishing-plugin-4ad999fa82a381d094bc99654eb86aca.yaml @@ -0,0 +1,58 @@ +id: yousaytoo-auto-publishing-plugin-4ad999fa82a381d094bc99654eb86aca + +info: + name: > + YouSayToo auto-publishing plugin <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02325b2a-af00-4b99-91ae-64163a8980fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yousaytoo-auto-publishing-plugin/" + google-query: inurl:"/wp-content/plugins/yousaytoo-auto-publishing-plugin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yousaytoo-auto-publishing-plugin,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yousaytoo-auto-publishing-plugin/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yousaytoo-auto-publishing-plugin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-channel-3485e314595e8ba9b90ab54d159e74ca.yaml b/nuclei-templates/cve-less/plugins/youtube-channel-3485e314595e8ba9b90ab54d159e74ca.yaml new file mode 100644 index 0000000000..6dded52634 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-channel-3485e314595e8ba9b90ab54d159e74ca.yaml @@ -0,0 +1,58 @@ +id: youtube-channel-3485e314595e8ba9b90ab54d159e74ca + +info: + name: > + My YouTube Channel <= 3.23.3 - Cross-Site Request Forgery to Cache Deletion + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3670665c-0ae1-47d6-b463-581eb195666e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-channel/" + google-query: inurl:"/wp-content/plugins/youtube-channel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-channel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-channel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-channel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.23.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-channel-3f9ac076d173ecd9afccb09cd7195bfc.yaml b/nuclei-templates/cve-less/plugins/youtube-channel-3f9ac076d173ecd9afccb09cd7195bfc.yaml new file mode 100644 index 0000000000..56af447c8e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-channel-3f9ac076d173ecd9afccb09cd7195bfc.yaml @@ -0,0 +1,58 @@ +id: youtube-channel-3f9ac076d173ecd9afccb09cd7195bfc + +info: + name: > + My YouTube Channel <= 3.0.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d979f899-8cdc-4230-b1b5-865c025dc86a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-channel/" + google-query: inurl:"/wp-content/plugins/youtube-channel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-channel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-channel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-channel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-channel-8e4fe58479cedd644fbbd3b418e0b682.yaml b/nuclei-templates/cve-less/plugins/youtube-channel-8e4fe58479cedd644fbbd3b418e0b682.yaml new file mode 100644 index 0000000000..9694727393 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-channel-8e4fe58479cedd644fbbd3b418e0b682.yaml @@ -0,0 +1,58 @@ +id: youtube-channel-8e4fe58479cedd644fbbd3b418e0b682 + +info: + name: > + YouTube Channel < 3.0.12.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86e62a7d-53d6-40c8-823d-811cfb3d75b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-channel/" + google-query: inurl:"/wp-content/plugins/youtube-channel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-channel,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-channel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-channel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-channel-dd26803b22794f717e5726511579315e.yaml b/nuclei-templates/cve-less/plugins/youtube-channel-dd26803b22794f717e5726511579315e.yaml new file mode 100644 index 0000000000..bfd956dc0d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-channel-dd26803b22794f717e5726511579315e.yaml @@ -0,0 +1,58 @@ +id: youtube-channel-dd26803b22794f717e5726511579315e + +info: + name: > + My YouTube Channel <= 3.0.12.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/486b6a75-d101-4f3a-8436-6c23dd0ff200?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-channel/" + google-query: inurl:"/wp-content/plugins/youtube-channel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-channel,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-channel/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-channel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.12.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-channel-gallery-b830431516693664401f38e9ff6fdd82.yaml b/nuclei-templates/cve-less/plugins/youtube-channel-gallery-b830431516693664401f38e9ff6fdd82.yaml new file mode 100644 index 0000000000..57cb0be147 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-channel-gallery-b830431516693664401f38e9ff6fdd82.yaml @@ -0,0 +1,58 @@ +id: youtube-channel-gallery-b830431516693664401f38e9ff6fdd82 + +info: + name: > + Youtube Channel Gallery <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/070f6a8e-a06d-4f48-9703-933515a3098c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-channel-gallery/" + google-query: inurl:"/wp-content/plugins/youtube-channel-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-channel-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-channel-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-channel-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-embed-315a019742ffab737ef11e333f6ddf51.yaml b/nuclei-templates/cve-less/plugins/youtube-embed-315a019742ffab737ef11e333f6ddf51.yaml new file mode 100644 index 0000000000..9b8436cb09 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-embed-315a019742ffab737ef11e333f6ddf51.yaml @@ -0,0 +1,58 @@ +id: youtube-embed-315a019742ffab737ef11e333f6ddf51 + +info: + name: > + YouTube Embed <= 5.2.1 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/483564f8-6308-4913-82e2-78d69aebb6dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-embed/" + google-query: inurl:"/wp-content/plugins/youtube-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-embed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-embed-b86d996fd3fb32f4d4a2741c181e0be2.yaml b/nuclei-templates/cve-less/plugins/youtube-embed-b86d996fd3fb32f4d4a2741c181e0be2.yaml new file mode 100644 index 0000000000..16558d978a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-embed-b86d996fd3fb32f4d4a2741c181e0be2.yaml @@ -0,0 +1,58 @@ +id: youtube-embed-b86d996fd3fb32f4d4a2741c181e0be2 + +info: + name: > + YouTube Embed <= 3.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f95bd2d-c835-4824-b241-f645b4a8fdb2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-embed/" + google-query: inurl:"/wp-content/plugins/youtube-embed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-embed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-embed/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-embed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-embed-plus-ee98789d25d36584b37cbc76b4f1f9c4.yaml b/nuclei-templates/cve-less/plugins/youtube-embed-plus-ee98789d25d36584b37cbc76b4f1f9c4.yaml new file mode 100644 index 0000000000..f996cc3d55 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-embed-plus-ee98789d25d36584b37cbc76b4f1f9c4.yaml @@ -0,0 +1,58 @@ +id: youtube-embed-plus-ee98789d25d36584b37cbc76b4f1f9c4 + +info: + name: > + Embed Plus Plugin for YouTube <= 11.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91ebde99-3383-4179-a72b-2709c1db9e53?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-embed-plus/" + google-query: inurl:"/wp-content/plugins/youtube-embed-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-embed-plus,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-embed-plus/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-embed-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-feeder-ba80b860d4e6bf99a76e42ede7281809.yaml b/nuclei-templates/cve-less/plugins/youtube-feeder-ba80b860d4e6bf99a76e42ede7281809.yaml new file mode 100644 index 0000000000..e29f2dec6a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-feeder-ba80b860d4e6bf99a76e42ede7281809.yaml @@ -0,0 +1,58 @@ +id: youtube-feeder-ba80b860d4e6bf99a76e42ede7281809 + +info: + name: > + Youtube Feeder <= 2.0.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8641aa6d-e865-46cd-91f5-faec81a7bb55?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-feeder/" + google-query: inurl:"/wp-content/plugins/youtube-feeder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-feeder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-feeder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-feeder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-playlist-player-803fd151825baa056b93685e93955a54.yaml b/nuclei-templates/cve-less/plugins/youtube-playlist-player-803fd151825baa056b93685e93955a54.yaml new file mode 100644 index 0000000000..3fb061bc46 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-playlist-player-803fd151825baa056b93685e93955a54.yaml @@ -0,0 +1,58 @@ +id: youtube-playlist-player-803fd151825baa056b93685e93955a54 + +info: + name: > + YouTube Playlist Player <= 4.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02cffe63-dad2-4f6b-9530-7f494e3071d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-playlist-player/" + google-query: inurl:"/wp-content/plugins/youtube-playlist-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-playlist-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-playlist-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-playlist-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-playlist-player-a14f62f5c8828736c014cf6f6d52173a.yaml b/nuclei-templates/cve-less/plugins/youtube-playlist-player-a14f62f5c8828736c014cf6f6d52173a.yaml new file mode 100644 index 0000000000..d984bbf491 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-playlist-player-a14f62f5c8828736c014cf6f6d52173a.yaml @@ -0,0 +1,58 @@ +id: youtube-playlist-player-a14f62f5c8828736c014cf6f6d52173a + +info: + name: > + YouTube Playlist Player <= 4.6.4 - Cross-Site Request Forgery in ytpp_settings + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39aed7e9-05c6-4251-b489-de7a33ed2c2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-playlist-player/" + google-query: inurl:"/wp-content/plugins/youtube-playlist-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-playlist-player,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-playlist-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-playlist-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-shortcode-de2bc693a1c312889ab71164989a7177.yaml b/nuclei-templates/cve-less/plugins/youtube-shortcode-de2bc693a1c312889ab71164989a7177.yaml new file mode 100644 index 0000000000..24f482f2df --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-shortcode-de2bc693a1c312889ab71164989a7177.yaml @@ -0,0 +1,58 @@ +id: youtube-shortcode-de2bc693a1c312889ab71164989a7177 + +info: + name: > + Youtube Shortcode <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fadfe181-cc30-407c-baec-dc8f70cffe27?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-shortcode/" + google-query: inurl:"/wp-content/plugins/youtube-shortcode/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-shortcode,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-shortcode/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-shortcode" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-showcase-adff1d89188982b4e28e29b803f67a6e.yaml b/nuclei-templates/cve-less/plugins/youtube-showcase-adff1d89188982b4e28e29b803f67a6e.yaml new file mode 100644 index 0000000000..af99ece895 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-showcase-adff1d89188982b4e28e29b803f67a6e.yaml @@ -0,0 +1,58 @@ +id: youtube-showcase-adff1d89188982b4e28e29b803f67a6e + +info: + name: > + Video Gallery & Management <= 3.3.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e226d75f-37b2-4af2-bba0-0fd3a96cc1a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-showcase/" + google-query: inurl:"/wp-content/plugins/youtube-showcase/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-showcase,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-showcase/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-showcase" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-speedload-1850212bc734be4160339a2e211bb5c6.yaml b/nuclei-templates/cve-less/plugins/youtube-speedload-1850212bc734be4160339a2e211bb5c6.yaml new file mode 100644 index 0000000000..7e075bd69a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-speedload-1850212bc734be4160339a2e211bb5c6.yaml @@ -0,0 +1,58 @@ +id: youtube-speedload-1850212bc734be4160339a2e211bb5c6 + +info: + name: > + Youtube SpeedLoad <= 0.6.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9d11c022-9938-4a9e-be16-db986fdfa1c8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-speedload/" + google-query: inurl:"/wp-content/plugins/youtube-speedload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-speedload,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-speedload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-speedload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-video-inserter-62d169261c9604e6c54d2dda26a18971.yaml b/nuclei-templates/cve-less/plugins/youtube-video-inserter-62d169261c9604e6c54d2dda26a18971.yaml new file mode 100644 index 0000000000..8191e94f68 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-video-inserter-62d169261c9604e6c54d2dda26a18971.yaml @@ -0,0 +1,58 @@ +id: youtube-video-inserter-62d169261c9604e6c54d2dda26a18971 + +info: + name: > + YouTube Video Inserter <= 1.2.1.0 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/391ec941-eb19-4505-b03a-0f4b240e8819?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-video-inserter/" + google-query: inurl:"/wp-content/plugins/youtube-video-inserter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-video-inserter,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-video-inserter/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-video-inserter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-video-player-2b8463e6867dce79ddd40af4dd9780fd.yaml b/nuclei-templates/cve-less/plugins/youtube-video-player-2b8463e6867dce79ddd40af4dd9780fd.yaml new file mode 100644 index 0000000000..b7230951fd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-video-player-2b8463e6867dce79ddd40af4dd9780fd.yaml @@ -0,0 +1,58 @@ +id: youtube-video-player-2b8463e6867dce79ddd40af4dd9780fd + +info: + name: > + YouTube Embed, Playlist and Popup <= 2.3.8 - Contributor+ Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9087b16e-488b-431d-a7f7-ab0d49520756?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-video-player/" + google-query: inurl:"/wp-content/plugins/youtube-video-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-video-player,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-video-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-video-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-video-player-9f08d8940e734966b92051cba3f5ff32.yaml b/nuclei-templates/cve-less/plugins/youtube-video-player-9f08d8940e734966b92051cba3f5ff32.yaml new file mode 100644 index 0000000000..851ba91a0c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-video-player-9f08d8940e734966b92051cba3f5ff32.yaml @@ -0,0 +1,58 @@ +id: youtube-video-player-9f08d8940e734966b92051cba3f5ff32 + +info: + name: > + YouTube Embed <= 2.6.3 - Authenticated (Admin+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e374887-0062-4ca2-8e43-13a6c4207f84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-video-player/" + google-query: inurl:"/wp-content/plugins/youtube-video-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-video-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-video-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-video-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youtube-widget-responsive-d5afc9936d3ec0ef2f1ebf204d2b6f90.yaml b/nuclei-templates/cve-less/plugins/youtube-widget-responsive-d5afc9936d3ec0ef2f1ebf204d2b6f90.yaml new file mode 100644 index 0000000000..a5548dec30 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youtube-widget-responsive-d5afc9936d3ec0ef2f1ebf204d2b6f90.yaml @@ -0,0 +1,58 @@ +id: youtube-widget-responsive-d5afc9936d3ec0ef2f1ebf204d2b6f90 + +info: + name: > + Widget Responsive for Youtube <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72daa533-8b17-420c-9b51-b5f72da2726c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youtube-widget-responsive/" + google-query: inurl:"/wp-content/plugins/youtube-widget-responsive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youtube-widget-responsive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youtube-widget-responsive/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youtube-widget-responsive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youzify-0bcd48a3f1b52a4a7092a42bfa6473a6.yaml b/nuclei-templates/cve-less/plugins/youzify-0bcd48a3f1b52a4a7092a42bfa6473a6.yaml new file mode 100644 index 0000000000..120e58bcdc --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youzify-0bcd48a3f1b52a4a7092a42bfa6473a6.yaml @@ -0,0 +1,58 @@ +id: youzify-0bcd48a3f1b52a4a7092a42bfa6473a6 + +info: + name: > + Youzify <= 1.2.2 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94c98edf-6f4a-4c23-afa7-d5caaa22397f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youzify/" + google-query: inurl:"/wp-content/plugins/youzify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youzify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youzify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youzify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youzify-1eaf6ff13c8b718103c9b459aa46b172.yaml b/nuclei-templates/cve-less/plugins/youzify-1eaf6ff13c8b718103c9b459aa46b172.yaml new file mode 100644 index 0000000000..91d439ec5d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youzify-1eaf6ff13c8b718103c9b459aa46b172.yaml @@ -0,0 +1,58 @@ +id: youzify-1eaf6ff13c8b718103c9b459aa46b172 + +info: + name: > + Youzify <= 1.1.9 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6977a58-cce0-4ae8-abe6-1870bbb2bf06?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youzify/" + google-query: inurl:"/wp-content/plugins/youzify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youzify,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youzify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youzify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youzify-87cb25b1c7747f5af4e409cfd05ed832.yaml b/nuclei-templates/cve-less/plugins/youzify-87cb25b1c7747f5af4e409cfd05ed832.yaml new file mode 100644 index 0000000000..816aac57d7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youzify-87cb25b1c7747f5af4e409cfd05ed832.yaml @@ -0,0 +1,58 @@ +id: youzify-87cb25b1c7747f5af4e409cfd05ed832 + +info: + name: > + Youzify <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ea4b216-0b29-45eb-bd61-962f76265ba6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youzify/" + google-query: inurl:"/wp-content/plugins/youzify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youzify,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youzify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youzify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youzify-8b9fbd031d6f59226821b7faa24713d4.yaml b/nuclei-templates/cve-less/plugins/youzify-8b9fbd031d6f59226821b7faa24713d4.yaml new file mode 100644 index 0000000000..77c497fc6b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youzify-8b9fbd031d6f59226821b7faa24713d4.yaml @@ -0,0 +1,58 @@ +id: youzify-8b9fbd031d6f59226821b7faa24713d4 + +info: + name: > + Youzify <= 1.0.6 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac8a8698-0f8d-4204-8539-ce129d98b2b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youzify/" + google-query: inurl:"/wp-content/plugins/youzify/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youzify,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youzify/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youzify" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/youzify-moderation-deb298ce4863a239756c2bf229347f46.yaml b/nuclei-templates/cve-less/plugins/youzify-moderation-deb298ce4863a239756c2bf229347f46.yaml new file mode 100644 index 0000000000..426b907149 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/youzify-moderation-deb298ce4863a239756c2bf229347f46.yaml @@ -0,0 +1,58 @@ +id: youzify-moderation-deb298ce4863a239756c2bf229347f46 + +info: + name: > + Buddypress Moderation <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c544990-9fd2-4f1b-a02c-a13959d68580?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/youzify-moderation/" + google-query: inurl:"/wp-content/plugins/youzify-moderation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,youzify-moderation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/youzify-moderation/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "youzify-moderation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yt-player-3976419442f6726cc8fee397bc7f22ee.yaml b/nuclei-templates/cve-less/plugins/yt-player-3976419442f6726cc8fee397bc7f22ee.yaml new file mode 100644 index 0000000000..cb77fa1b71 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yt-player-3976419442f6726cc8fee397bc7f22ee.yaml @@ -0,0 +1,58 @@ +id: yt-player-3976419442f6726cc8fee397bc7f22ee + +info: + name: > + Video Player for YouTube <= 1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0dbed7a2-730d-42f2-9d57-3f07900d33e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yt-player/" + google-query: inurl:"/wp-content/plugins/yt-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yt-player,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yt-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yt-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yurl-retwitt-76b896e05441bad3b87a1f15a06f97a4.yaml b/nuclei-templates/cve-less/plugins/yurl-retwitt-76b896e05441bad3b87a1f15a06f97a4.yaml new file mode 100644 index 0000000000..9430c35fcd --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yurl-retwitt-76b896e05441bad3b87a1f15a06f97a4.yaml @@ -0,0 +1,58 @@ +id: yurl-retwitt-76b896e05441bad3b87a1f15a06f97a4 + +info: + name: > + yURL ReTwitt <= 1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24d050ad-0816-46a3-a37e-17356acf88d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yurl-retwitt/" + google-query: inurl:"/wp-content/plugins/yurl-retwitt/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yurl-retwitt,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yurl-retwitt/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yurl-retwitt" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/yuzo-related-post-73a2e276237565aa409d25c41f8ca0e2.yaml b/nuclei-templates/cve-less/plugins/yuzo-related-post-73a2e276237565aa409d25c41f8ca0e2.yaml new file mode 100644 index 0000000000..327e70a706 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/yuzo-related-post-73a2e276237565aa409d25c41f8ca0e2.yaml @@ -0,0 +1,58 @@ +id: yuzo-related-post-73a2e276237565aa409d25c41f8ca0e2 + +info: + name: > + Yuzo Related Posts <= 5.12.93 - Missing Authorization to Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d392b84b-2a1f-430c-84a1-22431763a6a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/yuzo-related-post/" + google-query: inurl:"/wp-content/plugins/yuzo-related-post/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,yuzo-related-post,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/yuzo-related-post/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yuzo-related-post" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.12.94') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/z-url-preview-7afc53a437871814faec30b27e8447a5.yaml b/nuclei-templates/cve-less/plugins/z-url-preview-7afc53a437871814faec30b27e8447a5.yaml new file mode 100644 index 0000000000..b496b7bd40 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/z-url-preview-7afc53a437871814faec30b27e8447a5.yaml @@ -0,0 +1,58 @@ +id: z-url-preview-7afc53a437871814faec30b27e8447a5 + +info: + name: > + Z-URL Preview <= 1.6.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5db103a-a823-47ac-a1f4-c297619cf1a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/z-url-preview/" + google-query: inurl:"/wp-content/plugins/z-url-preview/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,z-url-preview,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/z-url-preview/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "z-url-preview" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zd-youtube-flv-player-aa439b9d2e93b6ff2495abedfda870b3.yaml b/nuclei-templates/cve-less/plugins/zd-youtube-flv-player-aa439b9d2e93b6ff2495abedfda870b3.yaml new file mode 100644 index 0000000000..614646b961 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zd-youtube-flv-player-aa439b9d2e93b6ff2495abedfda870b3.yaml @@ -0,0 +1,58 @@ +id: zd-youtube-flv-player-aa439b9d2e93b6ff2495abedfda870b3 + +info: + name: > + ZD YouTube FLV Player <= 1.2.6 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f26854-7e25-4e64-9f03-916ece6fde03?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zd-youtube-flv-player/" + google-query: inurl:"/wp-content/plugins/zd-youtube-flv-player/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zd-youtube-flv-player,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zd-youtube-flv-player/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zd-youtube-flv-player" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zdstats-e5d3824dce2c042eb639b46cc57ff2d2.yaml b/nuclei-templates/cve-less/plugins/zdstats-e5d3824dce2c042eb639b46cc57ff2d2.yaml new file mode 100644 index 0000000000..ad40535412 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zdstats-e5d3824dce2c042eb639b46cc57ff2d2.yaml @@ -0,0 +1,58 @@ +id: zdstats-e5d3824dce2c042eb639b46cc57ff2d2 + +info: + name: > + ZdStatistics <= 2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f04166e0-9f43-43ad-9552-618b81ab2d6f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zdstats/" + google-query: inurl:"/wp-content/plugins/zdstats/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zdstats,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zdstats/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zdstats" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zeenshare-09e64e82ae55462158eeb5e726a22311.yaml b/nuclei-templates/cve-less/plugins/zeenshare-09e64e82ae55462158eeb5e726a22311.yaml new file mode 100644 index 0000000000..5e76843ba5 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zeenshare-09e64e82ae55462158eeb5e726a22311.yaml @@ -0,0 +1,58 @@ +id: zeenshare-09e64e82ae55462158eeb5e726a22311 + +info: + name: > + Zeenshare <= 1.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc4bfa81-c781-42df-91c7-3daed1e6a6f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zeenshare/" + google-query: inurl:"/wp-content/plugins/zeenshare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zeenshare,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zeenshare/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zeenshare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zen-mobile-app-native-6dca12dc38630f4f9ae87a5c64f8992b.yaml b/nuclei-templates/cve-less/plugins/zen-mobile-app-native-6dca12dc38630f4f9ae87a5c64f8992b.yaml new file mode 100644 index 0000000000..20dc4e1a32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zen-mobile-app-native-6dca12dc38630f4f9ae87a5c64f8992b.yaml @@ -0,0 +1,58 @@ +id: zen-mobile-app-native-6dca12dc38630f4f9ae87a5c64f8992b + +info: + name: > + Wordpress Plugin Mobile App Native 3.0 <= 3.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ad38d18-689c-41ab-9e33-fccbf6791cdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zen-mobile-app-native/" + google-query: inurl:"/wp-content/plugins/zen-mobile-app-native/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zen-mobile-app-native,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zen-mobile-app-native/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zen-mobile-app-native" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zendesk-754636da4394eed1ba762eb903570de0.yaml b/nuclei-templates/cve-less/plugins/zendesk-754636da4394eed1ba762eb903570de0.yaml new file mode 100644 index 0000000000..704ebf86da --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zendesk-754636da4394eed1ba762eb903570de0.yaml @@ -0,0 +1,58 @@ +id: zendesk-754636da4394eed1ba762eb903570de0 + +info: + name: > + Zendesk Support for WordPress <= 1.8.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/212b7da7-bd3e-42df-8b50-a3eb472cf440?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zendesk/" + google-query: inurl:"/wp-content/plugins/zendesk/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zendesk,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zendesk/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zendesk" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zendesk-help-center-83e7004306bfbb58dbc0b94ba733c14a.yaml b/nuclei-templates/cve-less/plugins/zendesk-help-center-83e7004306bfbb58dbc0b94ba733c14a.yaml new file mode 100644 index 0000000000..2a650283c8 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zendesk-help-center-83e7004306bfbb58dbc0b94ba733c14a.yaml @@ -0,0 +1,58 @@ +id: zendesk-help-center-83e7004306bfbb58dbc0b94ba733c14a + +info: + name: > + Help Center by BestWebSoft <= 1.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5ec709c-c67d-4067-a118-166e104d148a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zendesk-help-center/" + google-query: inurl:"/wp-content/plugins/zendesk-help-center/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zendesk-help-center,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zendesk-help-center/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zendesk-help-center" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zendrop-dropshipping-and-fulfillment-1e3f4e1ff5158794a25646563fe28f9d.yaml b/nuclei-templates/cve-less/plugins/zendrop-dropshipping-and-fulfillment-1e3f4e1ff5158794a25646563fe28f9d.yaml new file mode 100644 index 0000000000..05d1ffcc20 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zendrop-dropshipping-and-fulfillment-1e3f4e1ff5158794a25646563fe28f9d.yaml @@ -0,0 +1,58 @@ +id: zendrop-dropshipping-and-fulfillment-1e3f4e1ff5158794a25646563fe28f9d + +info: + name: > + Zendrop – Global Dropshipping <= 1.0.0 - SQL Injection in setMetaData + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/153e435b-9986-4242-a89b-12e8f1552803?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zendrop-dropshipping-and-fulfillment/" + google-query: inurl:"/wp-content/plugins/zendrop-dropshipping-and-fulfillment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zendrop-dropshipping-and-fulfillment,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zendrop-dropshipping-and-fulfillment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zendrop-dropshipping-and-fulfillment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zendrop-dropshipping-and-fulfillment-e98f58904228ac7173e5fcfac5af85a6.yaml b/nuclei-templates/cve-less/plugins/zendrop-dropshipping-and-fulfillment-e98f58904228ac7173e5fcfac5af85a6.yaml new file mode 100644 index 0000000000..d45f69ceaf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zendrop-dropshipping-and-fulfillment-e98f58904228ac7173e5fcfac5af85a6.yaml @@ -0,0 +1,58 @@ +id: zendrop-dropshipping-and-fulfillment-e98f58904228ac7173e5fcfac5af85a6 + +info: + name: > + Zendrop – Global Dropshipping <= 1.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6a0be61b-a1ee-499f-b991-58d5494bce18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zendrop-dropshipping-and-fulfillment/" + google-query: inurl:"/wp-content/plugins/zendrop-dropshipping-and-fulfillment/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zendrop-dropshipping-and-fulfillment,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zendrop-dropshipping-and-fulfillment/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zendrop-dropshipping-and-fulfillment" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zeno-font-resizer-230d51cfd302c1eecd4d3a3387befab9.yaml b/nuclei-templates/cve-less/plugins/zeno-font-resizer-230d51cfd302c1eecd4d3a3387befab9.yaml new file mode 100644 index 0000000000..d5a54c6c52 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zeno-font-resizer-230d51cfd302c1eecd4d3a3387befab9.yaml @@ -0,0 +1,58 @@ +id: zeno-font-resizer-230d51cfd302c1eecd4d3a3387befab9 + +info: + name: > + Zeno Font Resizer <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4dbba653-e23e-43e6-9dc5-83a6c99f8dc6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zeno-font-resizer/" + google-query: inurl:"/wp-content/plugins/zeno-font-resizer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zeno-font-resizer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zeno-font-resizer/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zeno-font-resizer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zephyr-project-manager-0683602aa21df3d5a8b5ad8b8d019fd4.yaml b/nuclei-templates/cve-less/plugins/zephyr-project-manager-0683602aa21df3d5a8b5ad8b8d019fd4.yaml new file mode 100644 index 0000000000..9c91d518b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zephyr-project-manager-0683602aa21df3d5a8b5ad8b8d019fd4.yaml @@ -0,0 +1,58 @@ +id: zephyr-project-manager-0683602aa21df3d5a8b5ad8b8d019fd4 + +info: + name: > + Zephyr Project Manager <= 3.3.93 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/236387f0-b58e-4ef1-b370-a0703a7902eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zephyr-project-manager/" + google-query: inurl:"/wp-content/plugins/zephyr-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zephyr-project-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zephyr-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zephyr-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.93') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zephyr-project-manager-37c471f64e53100c9ad9fb469cb0b5ca.yaml b/nuclei-templates/cve-less/plugins/zephyr-project-manager-37c471f64e53100c9ad9fb469cb0b5ca.yaml new file mode 100644 index 0000000000..357b796c13 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zephyr-project-manager-37c471f64e53100c9ad9fb469cb0b5ca.yaml @@ -0,0 +1,58 @@ +id: zephyr-project-manager-37c471f64e53100c9ad9fb469cb0b5ca + +info: + name: > + Zephyr Project Manager <= 3.3.9 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9af929a3-6e17-40c7-9fce-1ce0eb72bc7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zephyr-project-manager/" + google-query: inurl:"/wp-content/plugins/zephyr-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zephyr-project-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zephyr-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zephyr-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zephyr-project-manager-624c5301cd644d9b563918924237400c.yaml b/nuclei-templates/cve-less/plugins/zephyr-project-manager-624c5301cd644d9b563918924237400c.yaml new file mode 100644 index 0000000000..e00796bb53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zephyr-project-manager-624c5301cd644d9b563918924237400c.yaml @@ -0,0 +1,58 @@ +id: zephyr-project-manager-624c5301cd644d9b563918924237400c + +info: + name: > + Zephyr Project Manager <= 3.2.40 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22d50526-e21f-412d-9eed-b9b1f48c3358?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zephyr-project-manager/" + google-query: inurl:"/wp-content/plugins/zephyr-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zephyr-project-manager,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zephyr-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zephyr-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.2.40') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zephyr-project-manager-e94377837818e9045e22fcbe33f9af9d.yaml b/nuclei-templates/cve-less/plugins/zephyr-project-manager-e94377837818e9045e22fcbe33f9af9d.yaml new file mode 100644 index 0000000000..502f9bda32 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zephyr-project-manager-e94377837818e9045e22fcbe33f9af9d.yaml @@ -0,0 +1,58 @@ +id: zephyr-project-manager-e94377837818e9045e22fcbe33f9af9d + +info: + name: > + Zephyr Project Manager < 3.2.55 - Missing Authorization to Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74aad4b3-3e35-4abe-ba26-48334da0face?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zephyr-project-manager/" + google-query: inurl:"/wp-content/plugins/zephyr-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zephyr-project-manager,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zephyr-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zephyr-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.2.55') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zephyr-project-manager-ffa1a3ac7c56aa84edc8d1c4d2786035.yaml b/nuclei-templates/cve-less/plugins/zephyr-project-manager-ffa1a3ac7c56aa84edc8d1c4d2786035.yaml new file mode 100644 index 0000000000..6559d7dfa6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zephyr-project-manager-ffa1a3ac7c56aa84edc8d1c4d2786035.yaml @@ -0,0 +1,58 @@ +id: zephyr-project-manager-ffa1a3ac7c56aa84edc8d1c4d2786035 + +info: + name: > + Zephyr Project Manager <= 3.2.42 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/baab579f-2d77-4dbe-979a-54956dfdcb77?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zephyr-project-manager/" + google-query: inurl:"/wp-content/plugins/zephyr-project-manager/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zephyr-project-manager,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zephyr-project-manager/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zephyr-project-manager" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.2.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zero-bs-accounting-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml b/nuclei-templates/cve-less/plugins/zero-bs-accounting-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml new file mode 100644 index 0000000000..3fed8ae4f7 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zero-bs-accounting-b8a6e7f15ae6e5ea9f7d57f9d81da663.yaml @@ -0,0 +1,58 @@ +id: zero-bs-accounting-b8a6e7f15ae6e5ea9f7d57f9d81da663 + +info: + name: > + Appsero <= 1.2.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e869800a-6fbc-4a1a-97fd-92ecbf3305ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zero-bs-accounting/" + google-query: inurl:"/wp-content/plugins/zero-bs-accounting/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zero-bs-accounting,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zero-bs-accounting/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zero-bs-accounting" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zero-bs-crm-38ff57a3a79c762236aaaeaffc92c374.yaml b/nuclei-templates/cve-less/plugins/zero-bs-crm-38ff57a3a79c762236aaaeaffc92c374.yaml new file mode 100644 index 0000000000..3bcbc90d34 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zero-bs-crm-38ff57a3a79c762236aaaeaffc92c374.yaml @@ -0,0 +1,58 @@ +id: zero-bs-crm-38ff57a3a79c762236aaaeaffc92c374 + +info: + name: > + Jetpack CRM <= 5.4.2 - Authenticated (Administrator+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/de0fbcf0-64c6-4b33-8a9d-9c9c5d826a4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zero-bs-crm/" + google-query: inurl:"/wp-content/plugins/zero-bs-crm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zero-bs-crm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zero-bs-crm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zero-bs-crm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zero-bs-crm-aec751941690d89755638c950f64d01d.yaml b/nuclei-templates/cve-less/plugins/zero-bs-crm-aec751941690d89755638c950f64d01d.yaml new file mode 100644 index 0000000000..bff96ea406 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zero-bs-crm-aec751941690d89755638c950f64d01d.yaml @@ -0,0 +1,58 @@ +id: zero-bs-crm-aec751941690d89755638c950f64d01d + +info: + name: > + Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98ab264f-b210-41d0-bb6f-b4f31d933f80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zero-bs-crm/" + google-query: inurl:"/wp-content/plugins/zero-bs-crm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zero-bs-crm,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zero-bs-crm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zero-bs-crm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zero-bs-crm-e541a07e8afe605f1bf04dc95e06d38b.yaml b/nuclei-templates/cve-less/plugins/zero-bs-crm-e541a07e8afe605f1bf04dc95e06d38b.yaml new file mode 100644 index 0000000000..d3875b75ba --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zero-bs-crm-e541a07e8afe605f1bf04dc95e06d38b.yaml @@ -0,0 +1,58 @@ +id: zero-bs-crm-e541a07e8afe605f1bf04dc95e06d38b + +info: + name: > + Jetpack CRM <= 5.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20b3cd2a-ee32-49e0-8281-16afb8e42448?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zero-bs-crm/" + google-query: inurl:"/wp-content/plugins/zero-bs-crm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zero-bs-crm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zero-bs-crm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zero-bs-crm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zero-bs-crm-ebb8de96320f3c64a91f6dbb13b596fa.yaml b/nuclei-templates/cve-less/plugins/zero-bs-crm-ebb8de96320f3c64a91f6dbb13b596fa.yaml new file mode 100644 index 0000000000..7ad83ab712 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zero-bs-crm-ebb8de96320f3c64a91f6dbb13b596fa.yaml @@ -0,0 +1,58 @@ +id: zero-bs-crm-ebb8de96320f3c64a91f6dbb13b596fa + +info: + name: > + Jetpack CRM <= 5.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efacb174-5eb6-4a58-bd76-8111031bbd4d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zero-bs-crm/" + google-query: inurl:"/wp-content/plugins/zero-bs-crm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zero-bs-crm,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zero-bs-crm/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zero-bs-crm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zero-spam-76cebc35705efab283512491fbfb5ded.yaml b/nuclei-templates/cve-less/plugins/zero-spam-76cebc35705efab283512491fbfb5ded.yaml new file mode 100644 index 0000000000..c30200e2a1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zero-spam-76cebc35705efab283512491fbfb5ded.yaml @@ -0,0 +1,58 @@ +id: zero-spam-76cebc35705efab283512491fbfb5ded + +info: + name: > + Zero Spam <= 5.5.6 - Spam Protection Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48ab8363-bc1c-47b4-8eb4-6093cd7591c9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zero-spam/" + google-query: inurl:"/wp-content/plugins/zero-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zero-spam,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zero-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zero-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zero-spam-8d3590a739a7dcd2c4eca80910f2eb77.yaml b/nuclei-templates/cve-less/plugins/zero-spam-8d3590a739a7dcd2c4eca80910f2eb77.yaml new file mode 100644 index 0000000000..e9c92b2f85 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zero-spam-8d3590a739a7dcd2c4eca80910f2eb77.yaml @@ -0,0 +1,58 @@ +id: zero-spam-8d3590a739a7dcd2c4eca80910f2eb77 + +info: + name: > + Zero Spam <= 5.4.4 - Authenticated (Administrator+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7576dd9-198b-49a7-950e-fc301e4bc5f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zero-spam/" + google-query: inurl:"/wp-content/plugins/zero-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zero-spam,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zero-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zero-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zero-spam-e1ad6d026d68d47f5c4c4162b3b2d312.yaml b/nuclei-templates/cve-less/plugins/zero-spam-e1ad6d026d68d47f5c4c4162b3b2d312.yaml new file mode 100644 index 0000000000..aa2e49fe43 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zero-spam-e1ad6d026d68d47f5c4c4162b3b2d312.yaml @@ -0,0 +1,58 @@ +id: zero-spam-e1ad6d026d68d47f5c4c4162b3b2d312 + +info: + name: > + Zero Spam <= 5.2.10 - Admin+ SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57969f04-4758-4e62-8fbb-7b14629321d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zero-spam/" + google-query: inurl:"/wp-content/plugins/zero-spam/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zero-spam,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zero-spam/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zero-spam" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zerobounce-3b122e7dd636f2979e4419665efeeeb4.yaml b/nuclei-templates/cve-less/plugins/zerobounce-3b122e7dd636f2979e4419665efeeeb4.yaml new file mode 100644 index 0000000000..bd6ebd7acf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zerobounce-3b122e7dd636f2979e4419665efeeeb4.yaml @@ -0,0 +1,58 @@ +id: zerobounce-3b122e7dd636f2979e4419665efeeeb4 + +info: + name: > + ZeroBounce Email Verification & Validation <= 1.0.11 - Authenticated (Administrator+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7d215e9-e615-46ab-b0b8-b37f10cfae98?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zerobounce/" + google-query: inurl:"/wp-content/plugins/zerobounce/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zerobounce,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zerobounce/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zerobounce" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zingiri-forum-b3a1763459f84e01883c4eac1864668d.yaml b/nuclei-templates/cve-less/plugins/zingiri-forum-b3a1763459f84e01883c4eac1864668d.yaml new file mode 100644 index 0000000000..d486592094 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zingiri-forum-b3a1763459f84e01883c4eac1864668d.yaml @@ -0,0 +1,58 @@ +id: zingiri-forum-b3a1763459f84e01883c4eac1864668d + +info: + name: > + Forums < 1.4.4 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d791cd67-03a8-4408-8ca7-7b1ea613e660?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zingiri-forum/" + google-query: inurl:"/wp-content/plugins/zingiri-forum/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zingiri-forum,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zingiri-forum/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zingiri-forum" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zingiri-web-shop-47fb80194f8e9eb6848064791850ac64.yaml b/nuclei-templates/cve-less/plugins/zingiri-web-shop-47fb80194f8e9eb6848064791850ac64.yaml new file mode 100644 index 0000000000..fc80945e8b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zingiri-web-shop-47fb80194f8e9eb6848064791850ac64.yaml @@ -0,0 +1,58 @@ +id: zingiri-web-shop-47fb80194f8e9eb6848064791850ac64 + +info: + name: > + Zingiri Web Shop < 2.4.0 - Multiple Vulnerabilities + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd5b0c3a-0dd0-440f-b3a5-6d80f70e0f7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zingiri-web-shop/" + google-query: inurl:"/wp-content/plugins/zingiri-web-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zingiri-web-shop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zingiri-web-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zingiri-web-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zingiri-web-shop-f4ee9df210a60a8c7b3151780ca279b1.yaml b/nuclei-templates/cve-less/plugins/zingiri-web-shop-f4ee9df210a60a8c7b3151780ca279b1.yaml new file mode 100644 index 0000000000..4f59c3500b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zingiri-web-shop-f4ee9df210a60a8c7b3151780ca279b1.yaml @@ -0,0 +1,58 @@ +id: zingiri-web-shop-f4ee9df210a60a8c7b3151780ca279b1 + +info: + name: > + Zingiri Web Shop Plugin <= 2.4.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a946cca6-670b-4baf-a941-43d0a0261c0d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zingiri-web-shop/" + google-query: inurl:"/wp-content/plugins/zingiri-web-shop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zingiri-web-shop,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zingiri-web-shop/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zingiri-web-shop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zionbuilder-c982dae5e8a9922c1cd4de17c56c6264.yaml b/nuclei-templates/cve-less/plugins/zionbuilder-c982dae5e8a9922c1cd4de17c56c6264.yaml new file mode 100644 index 0000000000..e1913695b3 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zionbuilder-c982dae5e8a9922c1cd4de17c56c6264.yaml @@ -0,0 +1,58 @@ +id: zionbuilder-c982dae5e8a9922c1cd4de17c56c6264 + +info: + name: > + WordPress Page Builder – Zion Builder <= 3.6.9 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d8bd9bc-5062-4966-bc44-bfe033d5fc9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zionbuilder/" + google-query: inurl:"/wp-content/plugins/zionbuilder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zionbuilder,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zionbuilder/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zionbuilder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zip-attachments-0cc87c7e1c569749aff97d224894c613.yaml b/nuclei-templates/cve-less/plugins/zip-attachments-0cc87c7e1c569749aff97d224894c613.yaml new file mode 100644 index 0000000000..4003d5fcad --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zip-attachments-0cc87c7e1c569749aff97d224894c613.yaml @@ -0,0 +1,58 @@ +id: zip-attachments-0cc87c7e1c569749aff97d224894c613 + +info: + name: > + Zip Attachments <= 1.5 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5b5d36d-02de-4569-b2cf-addc122ebe34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zip-attachments/" + google-query: inurl:"/wp-content/plugins/zip-attachments/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zip-attachments,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zip-attachments/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zip-attachments" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zip-recipes-6dd6d330b8c5b9519a5c7e7eb2275f8f.yaml b/nuclei-templates/cve-less/plugins/zip-recipes-6dd6d330b8c5b9519a5c7e7eb2275f8f.yaml new file mode 100644 index 0000000000..965c8471ed --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zip-recipes-6dd6d330b8c5b9519a5c7e7eb2275f8f.yaml @@ -0,0 +1,58 @@ +id: zip-recipes-6dd6d330b8c5b9519a5c7e7eb2275f8f + +info: + name: > + Recipe Maker For Your Food Blog from Zip Recipes <= 8.0.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ebd1483a-949d-4edb-9b86-007879d2d207?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zip-recipes/" + google-query: inurl:"/wp-content/plugins/zip-recipes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zip-recipes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zip-recipes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zip-recipes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zip-recipes-cb09c78d8cbad27edaa184a301bc9557.yaml b/nuclei-templates/cve-less/plugins/zip-recipes-cb09c78d8cbad27edaa184a301bc9557.yaml new file mode 100644 index 0000000000..ba3a850849 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zip-recipes-cb09c78d8cbad27edaa184a301bc9557.yaml @@ -0,0 +1,58 @@ +id: zip-recipes-cb09c78d8cbad27edaa184a301bc9557 + +info: + name: > + Zip Recipes <= 8.0.6 - Reflected Cross-Site Scripting via 's' parameter + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd7d3afd-6648-4ffb-85a9-cd5a6096963e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zip-recipes/" + google-query: inurl:"/wp-content/plugins/zip-recipes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zip-recipes,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zip-recipes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zip-recipes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zip-recipes-dafddc9bea1e241db1766d412621b738.yaml b/nuclei-templates/cve-less/plugins/zip-recipes-dafddc9bea1e241db1766d412621b738.yaml new file mode 100644 index 0000000000..0cd088913a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zip-recipes-dafddc9bea1e241db1766d412621b738.yaml @@ -0,0 +1,58 @@ +id: zip-recipes-dafddc9bea1e241db1766d412621b738 + +info: + name: > + Recipe Maker For Your Food Blog from Zip Recipes <= 8.1.0 - Authenticated(Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01ab2ed8-ff2f-41ac-bbbd-d8878fd067d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zip-recipes/" + google-query: inurl:"/wp-content/plugins/zip-recipes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zip-recipes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zip-recipes/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zip-recipes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zippy-5296c4f305bae7ac7b64bb4111846d67.yaml b/nuclei-templates/cve-less/plugins/zippy-5296c4f305bae7ac7b64bb4111846d67.yaml new file mode 100644 index 0000000000..defa0cebdb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zippy-5296c4f305bae7ac7b64bb4111846d67.yaml @@ -0,0 +1,58 @@ +id: zippy-5296c4f305bae7ac7b64bb4111846d67 + +info: + name: > + Zippy <= 1.6.5 - Authenticated(Author+) PHP Object Injection via unzipPosts + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9df75a5c-b70b-452e-a280-29a5005fe60b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zippy/" + google-query: inurl:"/wp-content/plugins/zippy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zippy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zippy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zippy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zippy-79737b0e5975df19862e5152b14611f3.yaml b/nuclei-templates/cve-less/plugins/zippy-79737b0e5975df19862e5152b14611f3.yaml new file mode 100644 index 0000000000..c640e63878 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zippy-79737b0e5975df19862e5152b14611f3.yaml @@ -0,0 +1,58 @@ +id: zippy-79737b0e5975df19862e5152b14611f3 + +info: + name: > + Zippy <= 1.6.9 - Authenticated (Editor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d8c5b14-6a4c-4d66-85cc-b6ab3b886ff7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zippy/" + google-query: inurl:"/wp-content/plugins/zippy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zippy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zippy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zippy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zippy-919cf6f31f29222aa869aeeb40e21222.yaml b/nuclei-templates/cve-less/plugins/zippy-919cf6f31f29222aa869aeeb40e21222.yaml new file mode 100644 index 0000000000..acbbf3d584 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zippy-919cf6f31f29222aa869aeeb40e21222.yaml @@ -0,0 +1,58 @@ +id: zippy-919cf6f31f29222aa869aeeb40e21222 + +info: + name: > + Zippy <= 1.6.2 - Missing Authorization via adminInit + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ffb078c-2a92-4682-aaa9-c519e28e7e18?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zippy/" + google-query: inurl:"/wp-content/plugins/zippy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zippy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zippy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zippy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zippy-c592d86340244bb94d180507b23fa5a8.yaml b/nuclei-templates/cve-less/plugins/zippy-c592d86340244bb94d180507b23fa5a8.yaml new file mode 100644 index 0000000000..977a0e59ca --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zippy-c592d86340244bb94d180507b23fa5a8.yaml @@ -0,0 +1,58 @@ +id: zippy-c592d86340244bb94d180507b23fa5a8 + +info: + name: > + Zippy <= 1.6.1 - Authenticated (Contributor+) Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c306428-8880-483f-be3a-6f6b87e55eef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zippy/" + google-query: inurl:"/wp-content/plugins/zippy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zippy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zippy/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zippy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/ziteboard-online-whiteboard-a3ba5f2761ca9302a85775ee3b727b37.yaml b/nuclei-templates/cve-less/plugins/ziteboard-online-whiteboard-a3ba5f2761ca9302a85775ee3b727b37.yaml new file mode 100644 index 0000000000..68c5c15a72 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/ziteboard-online-whiteboard-a3ba5f2761ca9302a85775ee3b727b37.yaml @@ -0,0 +1,58 @@ +id: ziteboard-online-whiteboard-a3ba5f2761ca9302a85775ee3b727b37 + +info: + name: > + Ziteboard Online Whiteboard <= 2.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via ziteboard Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5608f50-e17a-471f-b644-dceb64d82f0c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/ziteboard-online-whiteboard/" + google-query: inurl:"/wp-content/plugins/ziteboard-online-whiteboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,ziteboard-online-whiteboard,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/ziteboard-online-whiteboard/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ziteboard-online-whiteboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zm-ajax-login-register-bd15ec75a9f06fe35c580f88aeba9b7d.yaml b/nuclei-templates/cve-less/plugins/zm-ajax-login-register-bd15ec75a9f06fe35c580f88aeba9b7d.yaml new file mode 100644 index 0000000000..b0431bc33a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zm-ajax-login-register-bd15ec75a9f06fe35c580f88aeba9b7d.yaml @@ -0,0 +1,58 @@ +id: zm-ajax-login-register-bd15ec75a9f06fe35c580f88aeba9b7d + +info: + name: > + ZM Ajax Login & Register <= 1.0.9 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82b46474-9a32-4d7e-8fa4-91f6465c5fa7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zm-ajax-login-register/" + google-query: inurl:"/wp-content/plugins/zm-ajax-login-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zm-ajax-login-register,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zm-ajax-login-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zm-ajax-login-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zm-ajax-login-register-c9973ef86938dfe0c48a5abdfafd30a8.yaml b/nuclei-templates/cve-less/plugins/zm-ajax-login-register-c9973ef86938dfe0c48a5abdfafd30a8.yaml new file mode 100644 index 0000000000..e63a610e4d --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zm-ajax-login-register-c9973ef86938dfe0c48a5abdfafd30a8.yaml @@ -0,0 +1,58 @@ +id: zm-ajax-login-register-c9973ef86938dfe0c48a5abdfafd30a8 + +info: + name: > + ZM Ajax Login & Register <= 2.0.2 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b10d01ec-54ef-456b-9410-ed013343a962?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zm-ajax-login-register/" + google-query: inurl:"/wp-content/plugins/zm-ajax-login-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zm-ajax-login-register,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zm-ajax-login-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zm-ajax-login-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zm-ajax-login-register-ffbdefeb8e9807045768193f5cbcf332.yaml b/nuclei-templates/cve-less/plugins/zm-ajax-login-register-ffbdefeb8e9807045768193f5cbcf332.yaml new file mode 100644 index 0000000000..4c459b50bf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zm-ajax-login-register-ffbdefeb8e9807045768193f5cbcf332.yaml @@ -0,0 +1,58 @@ +id: zm-ajax-login-register-ffbdefeb8e9807045768193f5cbcf332 + +info: + name: > + zM Ajax Login & Register <= 1.0.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65cb692f-b518-4581-ba63-c43eb450c56e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zm-ajax-login-register/" + google-query: inurl:"/wp-content/plugins/zm-ajax-login-register/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zm-ajax-login-register,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zm-ajax-login-register/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zm-ajax-login-register" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zm-gallery-d6a4a05c68d8a3214ff9eb4a728a2600.yaml b/nuclei-templates/cve-less/plugins/zm-gallery-d6a4a05c68d8a3214ff9eb4a728a2600.yaml new file mode 100644 index 0000000000..e595eb0893 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zm-gallery-d6a4a05c68d8a3214ff9eb4a728a2600.yaml @@ -0,0 +1,58 @@ +id: zm-gallery-d6a4a05c68d8a3214ff9eb4a728a2600 + +info: + name: > + ZM Gallery <= 1.0 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e56e1fe-bb53-422c-9219-b79e24f0f915?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zm-gallery/" + google-query: inurl:"/wp-content/plugins/zm-gallery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zm-gallery,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zm-gallery/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zm-gallery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-campaigns-51be17f4121e81eef8733d9b91f0a025.yaml b/nuclei-templates/cve-less/plugins/zoho-campaigns-51be17f4121e81eef8733d9b91f0a025.yaml new file mode 100644 index 0000000000..dc83cabe7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-campaigns-51be17f4121e81eef8733d9b91f0a025.yaml @@ -0,0 +1,58 @@ +id: zoho-campaigns-51be17f4121e81eef8733d9b91f0a025 + +info: + name: > + Zoho Campaigns <= 2.0.6 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e604979e-81e0-4c9a-844c-381599bf226e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-campaigns/" + google-query: inurl:"/wp-content/plugins/zoho-campaigns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-campaigns,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-campaigns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-campaigns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-campaigns-6dfc8c4749111821f698bf2e3a274663.yaml b/nuclei-templates/cve-less/plugins/zoho-campaigns-6dfc8c4749111821f698bf2e3a274663.yaml new file mode 100644 index 0000000000..d4e192e95e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-campaigns-6dfc8c4749111821f698bf2e3a274663.yaml @@ -0,0 +1,58 @@ +id: zoho-campaigns-6dfc8c4749111821f698bf2e3a274663 + +info: + name: > + Zoho Campaigns <= 2.0.7 - Cross-Site Request Forgery via zcwc_optin_save + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd784fce-67a1-4740-9b0e-dcf54342f018?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-campaigns/" + google-query: inurl:"/wp-content/plugins/zoho-campaigns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-campaigns,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-campaigns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-campaigns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-campaigns-b96f5bf9788a7a3f117bdd9d17e4d783.yaml b/nuclei-templates/cve-less/plugins/zoho-campaigns-b96f5bf9788a7a3f117bdd9d17e4d783.yaml new file mode 100644 index 0000000000..cbcaea4b1a --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-campaigns-b96f5bf9788a7a3f117bdd9d17e4d783.yaml @@ -0,0 +1,58 @@ +id: zoho-campaigns-b96f5bf9788a7a3f117bdd9d17e4d783 + +info: + name: > + Zoho Campaigns <= 2.0.7 - Cross-Site Request Forgery via zcwc_integration_disconnect + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bb377a9-fd31-4e1e-97d0-b764acba3122?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-campaigns/" + google-query: inurl:"/wp-content/plugins/zoho-campaigns/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-campaigns,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-campaigns/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-campaigns" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-crm-forms-16abe83fb7023039495bc71d0e3e2b48.yaml b/nuclei-templates/cve-less/plugins/zoho-crm-forms-16abe83fb7023039495bc71d0e3e2b48.yaml new file mode 100644 index 0000000000..b6d902252c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-crm-forms-16abe83fb7023039495bc71d0e3e2b48.yaml @@ -0,0 +1,58 @@ +id: zoho-crm-forms-16abe83fb7023039495bc71d0e3e2b48 + +info: + name: > + Zoho CRM Lead Magnet <= 1.6.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9171908-5b6e-44f3-ab93-899932be527f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-crm-forms/" + google-query: inurl:"/wp-content/plugins/zoho-crm-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-crm-forms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-crm-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-crm-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-crm-forms-8e8dcc759eccd2518e9fba14e695c093.yaml b/nuclei-templates/cve-less/plugins/zoho-crm-forms-8e8dcc759eccd2518e9fba14e695c093.yaml new file mode 100644 index 0000000000..effd174542 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-crm-forms-8e8dcc759eccd2518e9fba14e695c093.yaml @@ -0,0 +1,58 @@ +id: zoho-crm-forms-8e8dcc759eccd2518e9fba14e695c093 + +info: + name: > + Zoho CRM Lead Magnet <= 1.7.5.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57caddaa-c548-4f07-ab34-327df62951b5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-crm-forms/" + google-query: inurl:"/wp-content/plugins/zoho-crm-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-crm-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-crm-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-crm-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.5.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-crm-forms-db1fed2fca8e80d33156bce8fe1dd724.yaml b/nuclei-templates/cve-less/plugins/zoho-crm-forms-db1fed2fca8e80d33156bce8fe1dd724.yaml new file mode 100644 index 0000000000..eee9d6b29b --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-crm-forms-db1fed2fca8e80d33156bce8fe1dd724.yaml @@ -0,0 +1,58 @@ +id: zoho-crm-forms-db1fed2fca8e80d33156bce8fe1dd724 + +info: + name: > + Zoho CRM Lead Magnet <= 1.7.2.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54a610c6-2615-4900-bf63-8ae93aeabb8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-crm-forms/" + google-query: inurl:"/wp-content/plugins/zoho-crm-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-crm-forms,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-crm-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-crm-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-forms-f34776806e968812940c4c4d5f82b503.yaml b/nuclei-templates/cve-less/plugins/zoho-forms-f34776806e968812940c4c4d5f82b503.yaml new file mode 100644 index 0000000000..c4a02d2d7c --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-forms-f34776806e968812940c4c4d5f82b503.yaml @@ -0,0 +1,58 @@ +id: zoho-forms-f34776806e968812940c4c4d5f82b503 + +info: + name: > + Zoho Forms <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57e9b09c-adfb-4fc2-8d2b-41cfc1f73e22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-forms/" + google-query: inurl:"/wp-content/plugins/zoho-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-forms-fe0f3dd2df39b34940cdb1e352238936.yaml b/nuclei-templates/cve-less/plugins/zoho-forms-fe0f3dd2df39b34940cdb1e352238936.yaml new file mode 100644 index 0000000000..deb3d72c9f --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-forms-fe0f3dd2df39b34940cdb1e352238936.yaml @@ -0,0 +1,58 @@ +id: zoho-forms-fe0f3dd2df39b34940cdb1e352238936 + +info: + name: > + Zoho Forms <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65db0063-63c4-400b-9192-ddcc16c0a541?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-forms/" + google-query: inurl:"/wp-content/plugins/zoho-forms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-forms,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-forms/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-forms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-salesiq-177e4a3cb284ab639d60d2cdc0a716b5.yaml b/nuclei-templates/cve-less/plugins/zoho-salesiq-177e4a3cb284ab639d60d2cdc0a716b5.yaml new file mode 100644 index 0000000000..e3ae8ae8fb --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-salesiq-177e4a3cb284ab639d60d2cdc0a716b5.yaml @@ -0,0 +1,58 @@ +id: zoho-salesiq-177e4a3cb284ab639d60d2cdc0a716b5 + +info: + name: > + Zoho SalesIQ <= 1.0.8 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9fba508-9a18-4c02-8d3a-0bcf990c457d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-salesiq/" + google-query: inurl:"/wp-content/plugins/zoho-salesiq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-salesiq,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-salesiq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-salesiq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-salesiq-379056d331237206cad69e45d8d3007e.yaml b/nuclei-templates/cve-less/plugins/zoho-salesiq-379056d331237206cad69e45d8d3007e.yaml new file mode 100644 index 0000000000..9e8475cf53 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-salesiq-379056d331237206cad69e45d8d3007e.yaml @@ -0,0 +1,58 @@ +id: zoho-salesiq-379056d331237206cad69e45d8d3007e + +info: + name: > + Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b01ee276-baed-4678-894d-1407e538a0a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-salesiq/" + google-query: inurl:"/wp-content/plugins/zoho-salesiq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-salesiq,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-salesiq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-salesiq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-salesiq-4ecc6299ecfad3b8f439662203eb02a8.yaml b/nuclei-templates/cve-less/plugins/zoho-salesiq-4ecc6299ecfad3b8f439662203eb02a8.yaml new file mode 100644 index 0000000000..721e9dda0e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-salesiq-4ecc6299ecfad3b8f439662203eb02a8.yaml @@ -0,0 +1,58 @@ +id: zoho-salesiq-4ecc6299ecfad3b8f439662203eb02a8 + +info: + name: > + Zoho SalesIQ <= 1.0.8 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bf59f44-356c-4d84-add3-72e8905a80f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-salesiq/" + google-query: inurl:"/wp-content/plugins/zoho-salesiq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-salesiq,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-salesiq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-salesiq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zoho-salesiq-808251beac3177b1d028049231c161e6.yaml b/nuclei-templates/cve-less/plugins/zoho-salesiq-808251beac3177b1d028049231c161e6.yaml new file mode 100644 index 0000000000..bd7650b609 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zoho-salesiq-808251beac3177b1d028049231c161e6.yaml @@ -0,0 +1,58 @@ +id: zoho-salesiq-808251beac3177b1d028049231c161e6 + +info: + name: > + Zoho SalesIQ <= 1.0.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd9cfbe-2bf4-4218-a29d-c4b70ed132af?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zoho-salesiq/" + google-query: inurl:"/wp-content/plugins/zoho-salesiq/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zoho-salesiq,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zoho-salesiq/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zoho-salesiq" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zopim-live-chat-7727a5f68ed648a5191d57e52492a289.yaml b/nuclei-templates/cve-less/plugins/zopim-live-chat-7727a5f68ed648a5191d57e52492a289.yaml new file mode 100644 index 0000000000..686c69cab1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zopim-live-chat-7727a5f68ed648a5191d57e52492a289.yaml @@ -0,0 +1,58 @@ +id: zopim-live-chat-7727a5f68ed648a5191d57e52492a289 + +info: + name: > + Zendesk Chat < 1.2.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee1b6961-1453-4f59-b03a-ab78b2e3f9d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zopim-live-chat/" + google-query: inurl:"/wp-content/plugins/zopim-live-chat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zopim-live-chat,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zopim-live-chat/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zopim-live-chat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zotpress-01df5885583291c622278972bf76eb28.yaml b/nuclei-templates/cve-less/plugins/zotpress-01df5885583291c622278972bf76eb28.yaml new file mode 100644 index 0000000000..1cbbbc98b1 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zotpress-01df5885583291c622278972bf76eb28.yaml @@ -0,0 +1,58 @@ +id: zotpress-01df5885583291c622278972bf76eb28 + +info: + name: > + Zotpress <= 7.3.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/617dcc0e-e212-4da0-8918-e55e6b3895fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zotpress/" + google-query: inurl:"/wp-content/plugins/zotpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zotpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zotpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zotpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zotpress-1c48bf4d484ac338c2e58423c802cdcb.yaml b/nuclei-templates/cve-less/plugins/zotpress-1c48bf4d484ac338c2e58423c802cdcb.yaml new file mode 100644 index 0000000000..a6ff14babf --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zotpress-1c48bf4d484ac338c2e58423c802cdcb.yaml @@ -0,0 +1,58 @@ +id: zotpress-1c48bf4d484ac338c2e58423c802cdcb + +info: + name: > + Zotpress <= 7.3.7 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29a2cb14-bf70-4936-a7c9-bf417a403de8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zotpress/" + google-query: inurl:"/wp-content/plugins/zotpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zotpress,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zotpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zotpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zotpress-895ca2434557d1111d9453e776e1d9be.yaml b/nuclei-templates/cve-less/plugins/zotpress-895ca2434557d1111d9453e776e1d9be.yaml new file mode 100644 index 0000000000..45762c521e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zotpress-895ca2434557d1111d9453e776e1d9be.yaml @@ -0,0 +1,58 @@ +id: zotpress-895ca2434557d1111d9453e776e1d9be + +info: + name: > + Zotpress <= 7.3.4 - Reflected Cross-Site Scripting via 'PHP_SELF' + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/140b1f50-7c04-4396-ab0a-098bd06c80a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zotpress/" + google-query: inurl:"/wp-content/plugins/zotpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zotpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zotpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zotpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zotpress-d38242ac867a6661d41aa63eccb9b83c.yaml b/nuclei-templates/cve-less/plugins/zotpress-d38242ac867a6661d41aa63eccb9b83c.yaml new file mode 100644 index 0000000000..c43cff6f10 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zotpress-d38242ac867a6661d41aa63eccb9b83c.yaml @@ -0,0 +1,58 @@ +id: zotpress-d38242ac867a6661d41aa63eccb9b83c + +info: + name: > + Zotpress < 6.1.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b3d9549d-4d75-4b6a-90e2-4d403731d78f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zotpress/" + google-query: inurl:"/wp-content/plugins/zotpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zotpress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zotpress/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zotpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zx-csv-upload-11b8e915a665a007145e1d71a284462b.yaml b/nuclei-templates/cve-less/plugins/zx-csv-upload-11b8e915a665a007145e1d71a284462b.yaml new file mode 100644 index 0000000000..b5e797983e --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zx-csv-upload-11b8e915a665a007145e1d71a284462b.yaml @@ -0,0 +1,58 @@ +id: zx-csv-upload-11b8e915a665a007145e1d71a284462b + +info: + name: > + ZX_CSV Upload <= 1 - Authenticated (Admin+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7804c518-d0d6-474e-9a56-daf6a6eecccc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zx-csv-upload/" + google-query: inurl:"/wp-content/plugins/zx-csv-upload/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zx-csv-upload,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zx-csv-upload/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zx-csv-upload" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/plugins/zynith-seo-f761a34ad9eca6bfb3e6a9ab7b2cb2d8.yaml b/nuclei-templates/cve-less/plugins/zynith-seo-f761a34ad9eca6bfb3e6a9ab7b2cb2d8.yaml new file mode 100644 index 0000000000..e1ed8134d6 --- /dev/null +++ b/nuclei-templates/cve-less/plugins/zynith-seo-f761a34ad9eca6bfb3e6a9ab7b2cb2d8.yaml @@ -0,0 +1,58 @@ +id: zynith-seo-f761a34ad9eca6bfb3e6a9ab7b2cb2d8 + +info: + name: > + Zynith SEO <= 7.4.9 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f8e32a0-c67c-41cc-97ba-920f3ea5ea93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/plugins/zynith-seo/" + google-query: inurl:"/wp-content/plugins/zynith-seo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-plugin,zynith-seo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/plugins/zynith-seo/readme.txt" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Stable tag: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zynith-seo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/15zine-c8e594cea5366acd20db9ff8e1b21b92.yaml b/nuclei-templates/cve-less/themes/15zine-c8e594cea5366acd20db9ff8e1b21b92.yaml new file mode 100644 index 0000000000..4abfac2119 --- /dev/null +++ b/nuclei-templates/cve-less/themes/15zine-c8e594cea5366acd20db9ff8e1b21b92.yaml @@ -0,0 +1,58 @@ +id: 15zine-c8e594cea5366acd20db9ff8e1b21b92 + +info: + name: > + 15Zine | Magazine Newspaper Blog News WordPress Theme < 3.3.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad5c8eb8-8e58-4bed-a39c-b54e2cfd9cd3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/15zine/" + google-query: inurl:"/wp-content/themes/15zine/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,15zine,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/15zine/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "15zine" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/aapna-4790b4ad8b25152cb39533647a69d638.yaml b/nuclei-templates/cve-less/themes/aapna-4790b4ad8b25152cb39533647a69d638.yaml new file mode 100644 index 0000000000..b4f4e575d2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/aapna-4790b4ad8b25152cb39533647a69d638.yaml @@ -0,0 +1,58 @@ +id: aapna-4790b4ad8b25152cb39533647a69d638 + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/aapna/" + google-query: inurl:"/wp-content/themes/aapna/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,aapna,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/aapna/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aapna" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-basic-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/accesspress-basic-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..2a35679fcb --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-basic-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: accesspress-basic-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-basic/" + google-query: inurl:"/wp-content/themes/accesspress-basic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-basic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-basic/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-basic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-basic-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/accesspress-basic-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..2e5d4d914d --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-basic-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: accesspress-basic-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-basic/" + google-query: inurl:"/wp-content/themes/accesspress-basic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-basic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-basic/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-basic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/accesspress-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..efc9f220c1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: accesspress-lite-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-lite/" + google-query: inurl:"/wp-content/themes/accesspress-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.92') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-lite-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/accesspress-lite-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..182f252cdb --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-lite-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: accesspress-lite-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-lite/" + google-query: inurl:"/wp-content/themes/accesspress-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.92') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-mag-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/accesspress-mag-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..d0f1d8e517 --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-mag-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: accesspress-mag-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-mag/" + google-query: inurl:"/wp-content/themes/accesspress-mag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-mag,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-mag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-mag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-mag-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/accesspress-mag-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..9564155a30 --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-mag-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: accesspress-mag-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-mag/" + google-query: inurl:"/wp-content/themes/accesspress-mag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-mag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-mag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-mag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-parallax-new-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/accesspress-parallax-new-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..1781d61110 --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-parallax-new-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: accesspress-parallax-new-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-parallax-new/" + google-query: inurl:"/wp-content/themes/accesspress-parallax-new/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-parallax-new,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-parallax-new/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-parallax-new" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-parallax-new-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/accesspress-parallax-new-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..9d2dab881a --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-parallax-new-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: accesspress-parallax-new-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-parallax-new/" + google-query: inurl:"/wp-content/themes/accesspress-parallax-new/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-parallax-new,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-parallax-new/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-parallax-new" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-root-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/accesspress-root-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..8f18fb327c --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-root-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: accesspress-root-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-root/" + google-query: inurl:"/wp-content/themes/accesspress-root/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-root,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-root/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-root" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-root-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/accesspress-root-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..856fa79ac1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-root-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: accesspress-root-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-root/" + google-query: inurl:"/wp-content/themes/accesspress-root/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-root,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-root/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-root" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-staple-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/accesspress-staple-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..ea1c597031 --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-staple-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: accesspress-staple-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-staple/" + google-query: inurl:"/wp-content/themes/accesspress-staple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-staple,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-staple/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-staple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-store-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/accesspress-store-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..41e1f452cf --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-store-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: accesspress-store-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-store/" + google-query: inurl:"/wp-content/themes/accesspress-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-store,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accesspress-store-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/accesspress-store-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..f998bc7d46 --- /dev/null +++ b/nuclei-templates/cve-less/themes/accesspress-store-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: accesspress-store-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accesspress-store/" + google-query: inurl:"/wp-content/themes/accesspress-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accesspress-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accesspress-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accesspress-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accio-24f878705cb6e0f5cec5d442fe0259a1.yaml b/nuclei-templates/cve-less/themes/accio-24f878705cb6e0f5cec5d442fe0259a1.yaml new file mode 100644 index 0000000000..1e1fbc312c --- /dev/null +++ b/nuclei-templates/cve-less/themes/accio-24f878705cb6e0f5cec5d442fe0259a1.yaml @@ -0,0 +1,58 @@ +id: accio-24f878705cb6e0f5cec5d442fe0259a1 + +info: + name: > + Accio | Responsive Onepage Parallax Agency WordPress Theme <= 1.1.0 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a56874fe-cb2b-4024-a8db-9cf6c4d0012a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accio/" + google-query: inurl:"/wp-content/themes/accio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accio/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accio-one-page-32d2ee023e5c98d46821542b46ed3472.yaml b/nuclei-templates/cve-less/themes/accio-one-page-32d2ee023e5c98d46821542b46ed3472.yaml new file mode 100644 index 0000000000..66c0df3833 --- /dev/null +++ b/nuclei-templates/cve-less/themes/accio-one-page-32d2ee023e5c98d46821542b46ed3472.yaml @@ -0,0 +1,58 @@ +id: accio-one-page-32d2ee023e5c98d46821542b46ed3472 + +info: + name: > + Accio | Responsive Onepage Parallax Site Template < 1.1.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0099f55-651c-4997-bf6d-97125c4260e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accio-one-page/" + google-query: inurl:"/wp-content/themes/accio-one-page/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accio-one-page,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accio-one-page/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accio-one-page" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/accountra-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml b/nuclei-templates/cve-less/themes/accountra-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml new file mode 100644 index 0000000000..ae296490cb --- /dev/null +++ b/nuclei-templates/cve-less/themes/accountra-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml @@ -0,0 +1,58 @@ +id: accountra-0eadfcaa632fa9ba5901b3c6b61b28a7 + +info: + name: > + Multiple Themes by jegstudio <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edb34ad0-352e-462e-a7f1-64a804a760ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/accountra/" + google-query: inurl:"/wp-content/themes/accountra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,accountra,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/accountra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "accountra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/activello-18df9000e9dcd67d242e383e74bea4f4.yaml b/nuclei-templates/cve-less/themes/activello-18df9000e9dcd67d242e383e74bea4f4.yaml new file mode 100644 index 0000000000..1ac4c7fa04 --- /dev/null +++ b/nuclei-templates/cve-less/themes/activello-18df9000e9dcd67d242e383e74bea4f4.yaml @@ -0,0 +1,58 @@ +id: activello-18df9000e9dcd67d242e383e74bea4f4 + +info: + name: > + Activello <= 1.4.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4c1add9-2141-4221-889b-f9b0efebd6c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/activello/" + google-query: inurl:"/wp-content/themes/activello/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,activello,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/activello/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activello" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/activello-72ccbc519dc7d87cb6145ad667cfc553.yaml b/nuclei-templates/cve-less/themes/activello-72ccbc519dc7d87cb6145ad667cfc553.yaml new file mode 100644 index 0000000000..04ce97209d --- /dev/null +++ b/nuclei-templates/cve-less/themes/activello-72ccbc519dc7d87cb6145ad667cfc553.yaml @@ -0,0 +1,58 @@ +id: activello-72ccbc519dc7d87cb6145ad667cfc553 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9e4e989-8e55-4ea7-8f42-9f67cfab1168?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/activello/" + google-query: inurl:"/wp-content/themes/activello/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,activello,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/activello/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activello" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/activello-860fdeef59df60170db304dfbf6f0b2b.yaml b/nuclei-templates/cve-less/themes/activello-860fdeef59df60170db304dfbf6f0b2b.yaml new file mode 100644 index 0000000000..1c2a874ccd --- /dev/null +++ b/nuclei-templates/cve-less/themes/activello-860fdeef59df60170db304dfbf6f0b2b.yaml @@ -0,0 +1,58 @@ +id: activello-860fdeef59df60170db304dfbf6f0b2b + +info: + name: > + Activello <= 1.4.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e312db9f-8f02-4c7e-9d49-553a154c95a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/activello/" + google-query: inurl:"/wp-content/themes/activello/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,activello,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/activello/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activello" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/activello-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/activello-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..e079d7c0b4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/activello-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: activello-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/activello/" + google-query: inurl:"/wp-content/themes/activello/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,activello,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/activello/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "activello" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/adifier-b4f8ef061eeaa39684a868f52e5b3f72.yaml b/nuclei-templates/cve-less/themes/adifier-b4f8ef061eeaa39684a868f52e5b3f72.yaml new file mode 100644 index 0000000000..f129bd659e --- /dev/null +++ b/nuclei-templates/cve-less/themes/adifier-b4f8ef061eeaa39684a868f52e5b3f72.yaml @@ -0,0 +1,58 @@ +id: adifier-b4f8ef061eeaa39684a868f52e5b3f72 + +info: + name: > + Adifier (Premium Theme) < 3.1.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2250d512-dfe0-47d3-a61f-4e501d105f30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/adifier/" + google-query: inurl:"/wp-content/themes/adifier/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,adifier,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/adifier/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adifier" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/adifier-system-9ac9653b7778a104c1c015f03f55c35c.yaml b/nuclei-templates/cve-less/themes/adifier-system-9ac9653b7778a104c1c015f03f55c35c.yaml new file mode 100644 index 0000000000..c1087a9c03 --- /dev/null +++ b/nuclei-templates/cve-less/themes/adifier-system-9ac9653b7778a104c1c015f03f55c35c.yaml @@ -0,0 +1,58 @@ +id: adifier-system-9ac9653b7778a104c1c015f03f55c35c + +info: + name: > + Adifier System < 3.1.4 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e64d865-5acc-419b-8c61-e8fd8207fa94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/adifier-system/" + google-query: inurl:"/wp-content/themes/adifier-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,adifier-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/adifier-system/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adifier-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/adifier-system-fc94e531c85615591e0410bbc642dfdf.yaml b/nuclei-templates/cve-less/themes/adifier-system-fc94e531c85615591e0410bbc642dfdf.yaml new file mode 100644 index 0000000000..6d6de016f1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/adifier-system-fc94e531c85615591e0410bbc642dfdf.yaml @@ -0,0 +1,58 @@ +id: adifier-system-fc94e531c85615591e0410bbc642dfdf + +info: + name: > + Adifier System < 3.1.4 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8574ff9-847c-4337-8c0e-2a717b51f66c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/adifier-system/" + google-query: inurl:"/wp-content/themes/adifier-system/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,adifier-system,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/adifier-system/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adifier-system" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/adventure-journal-e75bbb3acde201345699c9ea2b1c0b80.yaml b/nuclei-templates/cve-less/themes/adventure-journal-e75bbb3acde201345699c9ea2b1c0b80.yaml new file mode 100644 index 0000000000..1e6d912ed7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/adventure-journal-e75bbb3acde201345699c9ea2b1c0b80.yaml @@ -0,0 +1,58 @@ +id: adventure-journal-e75bbb3acde201345699c9ea2b1c0b80 + +info: + name: > + Adventure Journal <= 1.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/965cd061-d34e-4749-85a6-efa2456b1446?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/adventure-journal/" + google-query: inurl:"/wp-content/themes/adventure-journal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,adventure-journal,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/adventure-journal/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "adventure-journal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/affluent-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/affluent-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..d6444fc698 --- /dev/null +++ b/nuclei-templates/cve-less/themes/affluent-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: affluent-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/affluent/" + google-query: inurl:"/wp-content/themes/affluent/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,affluent,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/affluent/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "affluent" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/aidreform-5bf9d91713d8c35818245877f73557be.yaml b/nuclei-templates/cve-less/themes/aidreform-5bf9d91713d8c35818245877f73557be.yaml new file mode 100644 index 0000000000..e77f2a2e78 --- /dev/null +++ b/nuclei-templates/cve-less/themes/aidreform-5bf9d91713d8c35818245877f73557be.yaml @@ -0,0 +1,58 @@ +id: aidreform-5bf9d91713d8c35818245877f73557be + +info: + name: > + Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/aidreform/" + google-query: inurl:"/wp-content/themes/aidreform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,aidreform,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/aidreform/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "aidreform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/akal-fe56f2af6a571fb33fc7c4e1b9783967.yaml b/nuclei-templates/cve-less/themes/akal-fe56f2af6a571fb33fc7c4e1b9783967.yaml new file mode 100644 index 0000000000..cda7270f31 --- /dev/null +++ b/nuclei-templates/cve-less/themes/akal-fe56f2af6a571fb33fc7c4e1b9783967.yaml @@ -0,0 +1,58 @@ +id: akal-fe56f2af6a571fb33fc7c4e1b9783967 + +info: + name: > + Akal - Multipurpose WordPress Theme (All Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8aec2a8b-c0d7-440f-a389-1d98cef77c2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/akal/" + google-query: inurl:"/wp-content/themes/akal/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,akal,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/akal/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "akal" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/allegiant-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/allegiant-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..eeca1d960b --- /dev/null +++ b/nuclei-templates/cve-less/themes/allegiant-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: allegiant-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/allegiant/" + google-query: inurl:"/wp-content/themes/allegiant/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,allegiant,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/allegiant/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "allegiant" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/almera-2df8a8571d64dba2e22b8dd47eadb176.yaml b/nuclei-templates/cve-less/themes/almera-2df8a8571d64dba2e22b8dd47eadb176.yaml new file mode 100644 index 0000000000..41a2ba1f02 --- /dev/null +++ b/nuclei-templates/cve-less/themes/almera-2df8a8571d64dba2e22b8dd47eadb176.yaml @@ -0,0 +1,58 @@ +id: almera-2df8a8571d64dba2e22b8dd47eadb176 + +info: + name: > + Almera Responsive Portfolio Site Template < 1.1.8 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1695816-0f54-4095-8884-bc9856b4dac1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/almera/" + google-query: inurl:"/wp-content/themes/almera/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,almera,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/almera/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "almera" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/almera-b3f6da3b653ea452b8c40472572fa927.yaml b/nuclei-templates/cve-less/themes/almera-b3f6da3b653ea452b8c40472572fa927.yaml new file mode 100644 index 0000000000..d01dc923c2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/almera-b3f6da3b653ea452b8c40472572fa927.yaml @@ -0,0 +1,58 @@ +id: almera-b3f6da3b653ea452b8c40472572fa927 + +info: + name: > + Almera Responsive Portfolio Site Template < 2015-05-15 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b606c7eb-39ce-40a0-b642-6f240f7c8c42?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/almera/" + google-query: inurl:"/wp-content/themes/almera/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,almera,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/almera/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "almera" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/althea-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml b/nuclei-templates/cve-less/themes/althea-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml new file mode 100644 index 0000000000..20b15ae168 --- /dev/null +++ b/nuclei-templates/cve-less/themes/althea-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml @@ -0,0 +1,58 @@ +id: althea-wp-37917ea4c5b30e9a2f479f087050ff0a + +info: + name: > + ColibriWP Theme framework <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/althea-wp/" + google-query: inurl:"/wp-content/themes/althea-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,althea-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/althea-wp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "althea-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/amela-161c9677e95eb847dc432eddc65db142.yaml b/nuclei-templates/cve-less/themes/amela-161c9677e95eb847dc432eddc65db142.yaml new file mode 100644 index 0000000000..014ce9771d --- /dev/null +++ b/nuclei-templates/cve-less/themes/amela-161c9677e95eb847dc432eddc65db142.yaml @@ -0,0 +1,58 @@ +id: amela-161c9677e95eb847dc432eddc65db142 + +info: + name: > + Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8b0f14-f31a-45cd-bb98-0b717059aa80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/amela/" + google-query: inurl:"/wp-content/themes/amela/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,amela,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/amela/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "amela" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/anand-4790b4ad8b25152cb39533647a69d638.yaml b/nuclei-templates/cve-less/themes/anand-4790b4ad8b25152cb39533647a69d638.yaml new file mode 100644 index 0000000000..718eef8364 --- /dev/null +++ b/nuclei-templates/cve-less/themes/anand-4790b4ad8b25152cb39533647a69d638.yaml @@ -0,0 +1,58 @@ +id: anand-4790b4ad8b25152cb39533647a69d638 + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/anand/" + google-query: inurl:"/wp-content/themes/anand/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,anand,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/anand/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anand" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/andyblue-2a9919a2db8ebb02104bc342de5cafa4.yaml b/nuclei-templates/cve-less/themes/andyblue-2a9919a2db8ebb02104bc342de5cafa4.yaml new file mode 100644 index 0000000000..e43753bb2f --- /dev/null +++ b/nuclei-templates/cve-less/themes/andyblue-2a9919a2db8ebb02104bc342de5cafa4.yaml @@ -0,0 +1,58 @@ +id: andyblue-2a9919a2db8ebb02104bc342de5cafa4 + +info: + name: > + AndyBlue Theme < 1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a341bcc4-fe5b-452d-aa93-4e3dd8d42403?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/andyblue/" + google-query: inurl:"/wp-content/themes/andyblue/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,andyblue,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/andyblue/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "andyblue" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/anfaust-4790b4ad8b25152cb39533647a69d638.yaml b/nuclei-templates/cve-less/themes/anfaust-4790b4ad8b25152cb39533647a69d638.yaml new file mode 100644 index 0000000000..7a59e25e62 --- /dev/null +++ b/nuclei-templates/cve-less/themes/anfaust-4790b4ad8b25152cb39533647a69d638.yaml @@ -0,0 +1,58 @@ +id: anfaust-4790b4ad8b25152cb39533647a69d638 + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/anfaust/" + google-query: inurl:"/wp-content/themes/anfaust/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,anfaust,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/anfaust/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "anfaust" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/antioch-694a19ed51aeba4709fe5b1bfc70368e.yaml b/nuclei-templates/cve-less/themes/antioch-694a19ed51aeba4709fe5b1bfc70368e.yaml new file mode 100644 index 0000000000..cd590c3bb3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/antioch-694a19ed51aeba4709fe5b1bfc70368e.yaml @@ -0,0 +1,58 @@ +id: antioch-694a19ed51aeba4709fe5b1bfc70368e + +info: + name: > + Antioch <= 1.3 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b826595-c977-4550-aa52-93bcd4a365fe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/antioch/" + google-query: inurl:"/wp-content/themes/antioch/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,antioch,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/antioch/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "antioch" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/antisnews-1eca6946030b47a7e15dbf74278035b1.yaml b/nuclei-templates/cve-less/themes/antisnews-1eca6946030b47a7e15dbf74278035b1.yaml new file mode 100644 index 0000000000..27dd3277fb --- /dev/null +++ b/nuclei-templates/cve-less/themes/antisnews-1eca6946030b47a7e15dbf74278035b1.yaml @@ -0,0 +1,58 @@ +id: antisnews-1eca6946030b47a7e15dbf74278035b1 + +info: + name: > + Antisnews <= 1.09 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa325b30-3799-41b4-bdb8-90f42a659511?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/antisnews/" + google-query: inurl:"/wp-content/themes/antisnews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,antisnews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/antisnews/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "antisnews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.09') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/antreas-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/antreas-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..e42ebc94b8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/antreas-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: antreas-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/antreas/" + google-query: inurl:"/wp-content/themes/antreas/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,antreas,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/antreas/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "antreas" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/appzend-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/cve-less/themes/appzend-4afe438c3219ba223c08f05567ce5890.yaml new file mode 100644 index 0000000000..9f49ab08c9 --- /dev/null +++ b/nuclei-templates/cve-less/themes/appzend-4afe438c3219ba223c08f05567ce5890.yaml @@ -0,0 +1,58 @@ +id: appzend-4afe438c3219ba223c08f05567ce5890 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/appzend/" + google-query: inurl:"/wp-content/themes/appzend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,appzend,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/appzend/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appzend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/appzend-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/cve-less/themes/appzend-57ce58b6230c68936a87b493b14f2285.yaml new file mode 100644 index 0000000000..131a7d4f00 --- /dev/null +++ b/nuclei-templates/cve-less/themes/appzend-57ce58b6230c68936a87b493b14f2285.yaml @@ -0,0 +1,58 @@ +id: appzend-57ce58b6230c68936a87b493b14f2285 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/appzend/" + google-query: inurl:"/wp-content/themes/appzend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,appzend,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/appzend/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "appzend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/arendelle-161c9677e95eb847dc432eddc65db142.yaml b/nuclei-templates/cve-less/themes/arendelle-161c9677e95eb847dc432eddc65db142.yaml new file mode 100644 index 0000000000..5ede939518 --- /dev/null +++ b/nuclei-templates/cve-less/themes/arendelle-161c9677e95eb847dc432eddc65db142.yaml @@ -0,0 +1,58 @@ +id: arendelle-161c9677e95eb847dc432eddc65db142 + +info: + name: > + Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8b0f14-f31a-45cd-bb98-0b717059aa80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/arendelle/" + google-query: inurl:"/wp-content/themes/arendelle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,arendelle,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/arendelle/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arendelle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/arendelle-4790b4ad8b25152cb39533647a69d638.yaml b/nuclei-templates/cve-less/themes/arendelle-4790b4ad8b25152cb39533647a69d638.yaml new file mode 100644 index 0000000000..f9fcd083e1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/arendelle-4790b4ad8b25152cb39533647a69d638.yaml @@ -0,0 +1,58 @@ +id: arendelle-4790b4ad8b25152cb39533647a69d638 + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/arendelle/" + google-query: inurl:"/wp-content/themes/arendelle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,arendelle,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/arendelle/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arendelle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/arrival-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/arrival-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..1ef48c5867 --- /dev/null +++ b/nuclei-templates/cve-less/themes/arrival-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: arrival-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/arrival/" + google-query: inurl:"/wp-content/themes/arrival/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,arrival,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/arrival/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arrival" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/arrival-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/arrival-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..9638675ba9 --- /dev/null +++ b/nuclei-templates/cve-less/themes/arrival-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: arrival-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/arrival/" + google-query: inurl:"/wp-content/themes/arrival/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,arrival,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/arrival/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arrival" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/artificial-intelligence-e655964abfea5d2b4e77a9418e2e0409.yaml b/nuclei-templates/cve-less/themes/artificial-intelligence-e655964abfea5d2b4e77a9418e2e0409.yaml new file mode 100644 index 0000000000..d907c1352e --- /dev/null +++ b/nuclei-templates/cve-less/themes/artificial-intelligence-e655964abfea5d2b4e77a9418e2e0409.yaml @@ -0,0 +1,58 @@ +id: artificial-intelligence-e655964abfea5d2b4e77a9418e2e0409 + +info: + name: > + Artificial Intelligence < 1.2.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37cc54a9-a780-42b5-b64d-c47470f17db7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/artificial-intelligence/" + google-query: inurl:"/wp-content/themes/artificial-intelligence/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,artificial-intelligence,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/artificial-intelligence/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "artificial-intelligence" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/arya-multipurpose-60f02b355aaa909eb31e9332ca9f9968.yaml b/nuclei-templates/cve-less/themes/arya-multipurpose-60f02b355aaa909eb31e9332ca9f9968.yaml new file mode 100644 index 0000000000..9fd5748545 --- /dev/null +++ b/nuclei-templates/cve-less/themes/arya-multipurpose-60f02b355aaa909eb31e9332ca9f9968.yaml @@ -0,0 +1,58 @@ +id: arya-multipurpose-60f02b355aaa909eb31e9332ca9f9968 + +info: + name: > + Arya Multipurpose <= 1.0.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d5c4bf6-36f7-4e6d-a012-95594e3d93f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/arya-multipurpose/" + google-query: inurl:"/wp-content/themes/arya-multipurpose/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,arya-multipurpose,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/arya-multipurpose/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arya-multipurpose" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/arya-multipurpose-pro-6d10f2e1e54180210b870dbff144a87b.yaml b/nuclei-templates/cve-less/themes/arya-multipurpose-pro-6d10f2e1e54180210b870dbff144a87b.yaml new file mode 100644 index 0000000000..796dd38eea --- /dev/null +++ b/nuclei-templates/cve-less/themes/arya-multipurpose-pro-6d10f2e1e54180210b870dbff144a87b.yaml @@ -0,0 +1,58 @@ +id: arya-multipurpose-pro-6d10f2e1e54180210b870dbff144a87b + +info: + name: > + Arya Multipurpose Pro <= 1.0.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22cfbaa1-5412-4944-899c-7ae41d017384?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/arya-multipurpose-pro/" + google-query: inurl:"/wp-content/themes/arya-multipurpose-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,arya-multipurpose-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/arya-multipurpose-pro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "arya-multipurpose-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/ask-me-1c2da71dac8a1ffb07f1c87e262b5e0e.yaml b/nuclei-templates/cve-less/themes/ask-me-1c2da71dac8a1ffb07f1c87e262b5e0e.yaml new file mode 100644 index 0000000000..1d7c27ad9e --- /dev/null +++ b/nuclei-templates/cve-less/themes/ask-me-1c2da71dac8a1ffb07f1c87e262b5e0e.yaml @@ -0,0 +1,58 @@ +id: ask-me-1c2da71dac8a1ffb07f1c87e262b5e0e + +info: + name: > + Ask Me <= 6.8.3 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5eaac50c-c585-4587-91b7-9d0613345ef2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/ask-me/" + google-query: inurl:"/wp-content/themes/ask-me/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,ask-me,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ask-me/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ask-me" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/ask-me-3b38633cbeac82c001940cb4aed44709.yaml b/nuclei-templates/cve-less/themes/ask-me-3b38633cbeac82c001940cb4aed44709.yaml new file mode 100644 index 0000000000..86e081d9f6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/ask-me-3b38633cbeac82c001940cb4aed44709.yaml @@ -0,0 +1,58 @@ +id: ask-me-3b38633cbeac82c001940cb4aed44709 + +info: + name: > + Ask Me < 6.8.7 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c18938b-6c0d-461e-b83e-26bc8e7bc1b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/ask-me/" + google-query: inurl:"/wp-content/themes/ask-me/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,ask-me,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ask-me/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ask-me" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.8.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/ask-me-b27f19c1380e428266833869dc85c54d.yaml b/nuclei-templates/cve-less/themes/ask-me-b27f19c1380e428266833869dc85c54d.yaml new file mode 100644 index 0000000000..21bee2d13c --- /dev/null +++ b/nuclei-templates/cve-less/themes/ask-me-b27f19c1380e428266833869dc85c54d.yaml @@ -0,0 +1,58 @@ +id: ask-me-b27f19c1380e428266833869dc85c54d + +info: + name: > + Ask Me <= 6.8.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfafdc46-e747-42b4-963b-7b966b1f67a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/ask-me/" + google-query: inurl:"/wp-content/themes/ask-me/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,ask-me,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ask-me/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ask-me" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/ask-me-e8eee7b13f0d955b5b5dd5ba7908051b.yaml b/nuclei-templates/cve-less/themes/ask-me-e8eee7b13f0d955b5b5dd5ba7908051b.yaml new file mode 100644 index 0000000000..4166931351 --- /dev/null +++ b/nuclei-templates/cve-less/themes/ask-me-e8eee7b13f0d955b5b5dd5ba7908051b.yaml @@ -0,0 +1,58 @@ +id: ask-me-e8eee7b13f0d955b5b5dd5ba7908051b + +info: + name: > + Ask Me <= 6.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b191a337-ec45-4357-9b37-6ca0af9cb2f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/ask-me/" + google-query: inurl:"/wp-content/themes/ask-me/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,ask-me,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ask-me/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ask-me" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/astra-069688784bb13290b6aea0da4a233825.yaml b/nuclei-templates/cve-less/themes/astra-069688784bb13290b6aea0da4a233825.yaml new file mode 100644 index 0000000000..df7d1e13ab --- /dev/null +++ b/nuclei-templates/cve-less/themes/astra-069688784bb13290b6aea0da4a233825.yaml @@ -0,0 +1,58 @@ +id: astra-069688784bb13290b6aea0da4a233825 + +info: + name: > + Astra <= 4.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Theme Header/Footer + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a97b3cf1-e7b7-41c6-8b7a-e06bda77f7f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/astra/" + google-query: inurl:"/wp-content/themes/astra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,astra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/astra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/astra-4d6ff8c8afd1310bcbc6da555c1c2ca4.yaml b/nuclei-templates/cve-less/themes/astra-4d6ff8c8afd1310bcbc6da555c1c2ca4.yaml new file mode 100644 index 0000000000..a23a61fdaf --- /dev/null +++ b/nuclei-templates/cve-less/themes/astra-4d6ff8c8afd1310bcbc6da555c1c2ca4.yaml @@ -0,0 +1,58 @@ +id: astra-4d6ff8c8afd1310bcbc6da555c1c2ca4 + +info: + name: > + Astra <= 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed914e67-4cf7-49b1-96be-ed8c604e6dce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/astra/" + google-query: inurl:"/wp-content/themes/astra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,astra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/astra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "astra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/atahualpa-b8aaeac54a85cc121f7aef5c9dc1b9be.yaml b/nuclei-templates/cve-less/themes/atahualpa-b8aaeac54a85cc121f7aef5c9dc1b9be.yaml new file mode 100644 index 0000000000..7816e35b8c --- /dev/null +++ b/nuclei-templates/cve-less/themes/atahualpa-b8aaeac54a85cc121f7aef5c9dc1b9be.yaml @@ -0,0 +1,58 @@ +id: atahualpa-b8aaeac54a85cc121f7aef5c9dc1b9be + +info: + name: > + Atahualpa <= 3.7.24 - Cross-Site Scripting via Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb2fffb1-cc8c-46a4-b3ea-2b1aac684fbd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/atahualpa/" + google-query: inurl:"/wp-content/themes/atahualpa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,atahualpa,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/atahualpa/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "atahualpa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.7.24') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/atahualpa-e8b1937b8d22149355604761f9e2e597.yaml b/nuclei-templates/cve-less/themes/atahualpa-e8b1937b8d22149355604761f9e2e597.yaml new file mode 100644 index 0000000000..1c72833a26 --- /dev/null +++ b/nuclei-templates/cve-less/themes/atahualpa-e8b1937b8d22149355604761f9e2e597.yaml @@ -0,0 +1,58 @@ +id: atahualpa-e8b1937b8d22149355604761f9e2e597 + +info: + name: > + Atahualpa < 3.6.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56259eda-db70-4a26-a08e-e4d998dbe50d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/atahualpa/" + google-query: inurl:"/wp-content/themes/atahualpa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,atahualpa,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/atahualpa/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "atahualpa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/atlast-business-4790b4ad8b25152cb39533647a69d638.yaml b/nuclei-templates/cve-less/themes/atlast-business-4790b4ad8b25152cb39533647a69d638.yaml new file mode 100644 index 0000000000..b8a2108d56 --- /dev/null +++ b/nuclei-templates/cve-less/themes/atlast-business-4790b4ad8b25152cb39533647a69d638.yaml @@ -0,0 +1,58 @@ +id: atlast-business-4790b4ad8b25152cb39533647a69d638 + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/atlast-business/" + google-query: inurl:"/wp-content/themes/atlast-business/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,atlast-business,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/atlast-business/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "atlast-business" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/attorney-7b1133cf795e5004c4eb6459afb4af96.yaml b/nuclei-templates/cve-less/themes/attorney-7b1133cf795e5004c4eb6459afb4af96.yaml new file mode 100644 index 0000000000..63a266fe87 --- /dev/null +++ b/nuclei-templates/cve-less/themes/attorney-7b1133cf795e5004c4eb6459afb4af96.yaml @@ -0,0 +1,58 @@ +id: attorney-7b1133cf795e5004c4eb6459afb4af96 + +info: + name: > + Attorney <= 3 - Missing Authorization to Unauthenticated Arbitrary Content Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc875b3-8250-4447-b921-243926849fa2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/attorney/" + google-query: inurl:"/wp-content/themes/attorney/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,attorney,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/attorney/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "attorney" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/attorney-ac1c1976acfd0aeffc2f834a988bb3ea.yaml b/nuclei-templates/cve-less/themes/attorney-ac1c1976acfd0aeffc2f834a988bb3ea.yaml new file mode 100644 index 0000000000..fb408fdb90 --- /dev/null +++ b/nuclei-templates/cve-less/themes/attorney-ac1c1976acfd0aeffc2f834a988bb3ea.yaml @@ -0,0 +1,58 @@ +id: attorney-ac1c1976acfd0aeffc2f834a988bb3ea + +info: + name: > + Attorney <= 3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/026443b6-4ab5-4f31-8a8d-2019097bde4c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/attorney/" + google-query: inurl:"/wp-content/themes/attorney/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,attorney,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/attorney/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "attorney" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/auberge-5d7be31521ee03a3c41d06e3d9d363f9.yaml b/nuclei-templates/cve-less/themes/auberge-5d7be31521ee03a3c41d06e3d9d363f9.yaml new file mode 100644 index 0000000000..5a67b0ca85 --- /dev/null +++ b/nuclei-templates/cve-less/themes/auberge-5d7be31521ee03a3c41d06e3d9d363f9.yaml @@ -0,0 +1,58 @@ +id: auberge-5d7be31521ee03a3c41d06e3d9d363f9 + +info: + name: > + Auberge < 1.4.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22dcdd92-75d1-44aa-aaae-434ec4bdc20f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/auberge/" + google-query: inurl:"/wp-content/themes/auberge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,auberge,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/auberge/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "auberge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-003889b218e2b00be9012c017586c0d2.yaml b/nuclei-templates/cve-less/themes/avada-003889b218e2b00be9012c017586c0d2.yaml new file mode 100644 index 0000000000..7b471588e8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-003889b218e2b00be9012c017586c0d2.yaml @@ -0,0 +1,58 @@ +id: avada-003889b218e2b00be9012c017586c0d2 + +info: + name: > + Avada <= 7.11.6 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87ca07ac-6080-45d7-a8f5-74a918adec43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-45a743f5d162595c13c7d51a595d52ef.yaml b/nuclei-templates/cve-less/themes/avada-45a743f5d162595c13c7d51a595d52ef.yaml new file mode 100644 index 0000000000..cea08f7b6a --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-45a743f5d162595c13c7d51a595d52ef.yaml @@ -0,0 +1,58 @@ +id: avada-45a743f5d162595c13c7d51a595d52ef + +info: + name: > + Avada <= 5.1.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6781c76b-bfcb-43b3-8275-5b4c2aa1fe07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-49fe6661a7e83dfa08fd330a80312c71.yaml b/nuclei-templates/cve-less/themes/avada-49fe6661a7e83dfa08fd330a80312c71.yaml new file mode 100644 index 0000000000..aad83a9c74 --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-49fe6661a7e83dfa08fd330a80312c71.yaml @@ -0,0 +1,58 @@ +id: avada-49fe6661a7e83dfa08fd330a80312c71 + +info: + name: > + Avada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cde6e758-9723-43f2-9972-32be8aeb2b91?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-51e019b787984ebb59dc9257a3fe25a4.yaml b/nuclei-templates/cve-less/themes/avada-51e019b787984ebb59dc9257a3fe25a4.yaml new file mode 100644 index 0000000000..979ab6146a --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-51e019b787984ebb59dc9257a3fe25a4.yaml @@ -0,0 +1,58 @@ +id: avada-51e019b787984ebb59dc9257a3fe25a4 + +info: + name: > + Avada <= 6.2.2 - Authenticated (Contributor+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/684a1e8e-30f2-47dd-9df6-145198030c52?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-855366bc54f67a90854fe071e412ecdb.yaml b/nuclei-templates/cve-less/themes/avada-855366bc54f67a90854fe071e412ecdb.yaml new file mode 100644 index 0000000000..f5c95ca3d0 --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-855366bc54f67a90854fe071e412ecdb.yaml @@ -0,0 +1,58 @@ +id: avada-855366bc54f67a90854fe071e412ecdb + +info: + name: > + Avada <= 7.11.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfffed4d-dacb-4591-840c-45105a58362a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-907496c3b43ef59b87d499ec04fd4467.yaml b/nuclei-templates/cve-less/themes/avada-907496c3b43ef59b87d499ec04fd4467.yaml new file mode 100644 index 0000000000..ed5be58bc4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-907496c3b43ef59b87d499ec04fd4467.yaml @@ -0,0 +1,58 @@ +id: avada-907496c3b43ef59b87d499ec04fd4467 + +info: + name: > + Avada <= 7.11.6 - Authenticated (Editor+) SQL Injection via entry + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccf0d2ca-2891-45d1-8ea2-90dd435b359f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-9abc850c93257e8269e3f6780cf7c973.yaml b/nuclei-templates/cve-less/themes/avada-9abc850c93257e8269e3f6780cf7c973.yaml new file mode 100644 index 0000000000..8712d5c0e6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-9abc850c93257e8269e3f6780cf7c973.yaml @@ -0,0 +1,58 @@ +id: avada-9abc850c93257e8269e3f6780cf7c973 + +info: + name: > + Avada <= 7.11.5 - Authenticated(Contributor+) Sensitive Information Exposure via Form Entries + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd224169-ae51-4af8-b6de-706ed580ff8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-b6efebccc72344ca35f158202f79667f.yaml b/nuclei-templates/cve-less/themes/avada-b6efebccc72344ca35f158202f79667f.yaml new file mode 100644 index 0000000000..f46a399b25 --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-b6efebccc72344ca35f158202f79667f.yaml @@ -0,0 +1,58 @@ +id: avada-b6efebccc72344ca35f158202f79667f + +info: + name: > + Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8db8bbc3-43ca-4ef5-a44d-2987c8597961?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-bb65f92eeb63b478b2f218d634d42a06.yaml b/nuclei-templates/cve-less/themes/avada-bb65f92eeb63b478b2f218d634d42a06.yaml new file mode 100644 index 0000000000..08f47c8118 --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-bb65f92eeb63b478b2f218d634d42a06.yaml @@ -0,0 +1,58 @@ +id: avada-bb65f92eeb63b478b2f218d634d42a06 + +info: + name: > + Avada <= 7.11.1 - Authenticated(Author+) Arbitrary File Upload via Zip Extraction + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3b62eb2-6c03-4e24-a454-5de54a4521b2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-c75774e4c2c9b9851693b07aeb2b25ad.yaml b/nuclei-templates/cve-less/themes/avada-c75774e4c2c9b9851693b07aeb2b25ad.yaml new file mode 100644 index 0000000000..941dcd6b74 --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-c75774e4c2c9b9851693b07aeb2b25ad.yaml @@ -0,0 +1,58 @@ +id: avada-c75774e4c2c9b9851693b07aeb2b25ad + +info: + name: > + Avada <= 7.11.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ff6ff104-44c8-49a9-bebd-abb82e8e1cd6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-d882958bab372a69d811837406b3986e.yaml b/nuclei-templates/cve-less/themes/avada-d882958bab372a69d811837406b3986e.yaml new file mode 100644 index 0000000000..10caa2b45f --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-d882958bab372a69d811837406b3986e.yaml @@ -0,0 +1,58 @@ +id: avada-d882958bab372a69d811837406b3986e + +info: + name: > + Fusion Builder <= 3.6.1 & Avada <= 7.6.1 - Unauthenticated Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad3de7e6-a080-4ce8-aa27-21e7f8fdb2c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 7.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-e3ee06b08069cc90d373b87f289545a0.yaml b/nuclei-templates/cve-less/themes/avada-e3ee06b08069cc90d373b87f289545a0.yaml new file mode 100644 index 0000000000..00caa09291 --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-e3ee06b08069cc90d373b87f289545a0.yaml @@ -0,0 +1,58 @@ +id: avada-e3ee06b08069cc90d373b87f289545a0 + +info: + name: > + Avada <= 7.11.1 - Authenticated(Contributor+) Arbitrary File Upload via 'ajax_import_options' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a73f7812-771d-4d9f-9a7c-e4e01ec05023?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-e6b2cb8bfdcceb721cbe5b7ffbe02c9a.yaml b/nuclei-templates/cve-less/themes/avada-e6b2cb8bfdcceb721cbe5b7ffbe02c9a.yaml new file mode 100644 index 0000000000..f64628853c --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-e6b2cb8bfdcceb721cbe5b7ffbe02c9a.yaml @@ -0,0 +1,58 @@ +id: avada-e6b2cb8bfdcceb721cbe5b7ffbe02c9a + +info: + name: > + Avada <= 7.11.1 - Authenticated(Contributor+) Server Side Request Forgery via 'ajax_import_options' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43b11ab0-c7f2-4a7a-aab7-7f9dd58ec1ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.11.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-ed2bbae23b6c0e2ec39d5d24fb1592c1.yaml b/nuclei-templates/cve-less/themes/avada-ed2bbae23b6c0e2ec39d5d24fb1592c1.yaml new file mode 100644 index 0000000000..396c975252 --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-ed2bbae23b6c0e2ec39d5d24fb1592c1.yaml @@ -0,0 +1,58 @@ +id: avada-ed2bbae23b6c0e2ec39d5d24fb1592c1 + +info: + name: > + Avada <= 5.1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/95624a3b-70cc-4815-a604-c6b19fc84e93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/avada-f93d99515ef4e6bdea2dd530448d23e4.yaml b/nuclei-templates/cve-less/themes/avada-f93d99515ef4e6bdea2dd530448d23e4.yaml new file mode 100644 index 0000000000..0f7360e992 --- /dev/null +++ b/nuclei-templates/cve-less/themes/avada-f93d99515ef4e6bdea2dd530448d23e4.yaml @@ -0,0 +1,58 @@ +id: avada-f93d99515ef4e6bdea2dd530448d23e4 + +info: + name: > + Avada <= 7.8.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef45fa78-7005-483e-a708-5aab0f7ba07b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Avada/" + google-query: inurl:"/wp-content/themes/Avada/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Avada,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Avada/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Avada" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.8.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/axioma-4dcbb5c4a13afaeaec2eb944e1efc4e0.yaml b/nuclei-templates/cve-less/themes/axioma-4dcbb5c4a13afaeaec2eb944e1efc4e0.yaml new file mode 100644 index 0000000000..e5793e7bae --- /dev/null +++ b/nuclei-templates/cve-less/themes/axioma-4dcbb5c4a13afaeaec2eb944e1efc4e0.yaml @@ -0,0 +1,58 @@ +id: axioma-4dcbb5c4a13afaeaec2eb944e1efc4e0 + +info: + name: > + Axioma Premium Responsive < 1.1.2 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae74048a-ea29-46cc-913b-86094640e88d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/axioma/" + google-query: inurl:"/wp-content/themes/axioma/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,axioma,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/axioma/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "axioma" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bacola-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml b/nuclei-templates/cve-less/themes/bacola-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml new file mode 100644 index 0000000000..00ef90c42f --- /dev/null +++ b/nuclei-templates/cve-less/themes/bacola-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml @@ -0,0 +1,58 @@ +id: bacola-0ed3cd48ec0b8d5d59c0c2a69ba7db3d + +info: + name: > + Multiple Themes by KlbTheme <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d5036a-c756-47a6-b071-c393f8a6ce5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bacola/" + google-query: inurl:"/wp-content/themes/bacola/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bacola,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bacola/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bacola" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/balkon-25caf82ba3c3384a973d48ab8eff05a3.yaml b/nuclei-templates/cve-less/themes/balkon-25caf82ba3c3384a973d48ab8eff05a3.yaml new file mode 100644 index 0000000000..effd04daf7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/balkon-25caf82ba3c3384a973d48ab8eff05a3.yaml @@ -0,0 +1,58 @@ +id: balkon-25caf82ba3c3384a973d48ab8eff05a3 + +info: + name: > + Balkon <= 1.3.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cfcc1a4d-c6c7-4ca8-afe5-79298e7ad3d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/balkon/" + google-query: inurl:"/wp-content/themes/balkon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,balkon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/balkon/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "balkon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bazaar-lite-4790b4ad8b25152cb39533647a69d638.yaml b/nuclei-templates/cve-less/themes/bazaar-lite-4790b4ad8b25152cb39533647a69d638.yaml new file mode 100644 index 0000000000..818cd66b87 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bazaar-lite-4790b4ad8b25152cb39533647a69d638.yaml @@ -0,0 +1,58 @@ +id: bazaar-lite-4790b4ad8b25152cb39533647a69d638 + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bazaar-lite/" + google-query: inurl:"/wp-content/themes/bazaar-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bazaar-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bazaar-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bazaar-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bbe-9d3718684afa0305d0420944743522e1.yaml b/nuclei-templates/cve-less/themes/bbe-9d3718684afa0305d0420944743522e1.yaml new file mode 100644 index 0000000000..a181bb74a1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bbe-9d3718684afa0305d0420944743522e1.yaml @@ -0,0 +1,58 @@ +id: bbe-9d3718684afa0305d0420944743522e1 + +info: + name: > + BBE < 1.53 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/34d5dbd4-5546-439e-a47a-4f9385116adc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bbe/" + google-query: inurl:"/wp-content/themes/bbe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bbe,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bbe/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bbe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.53') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/beauty-premium-430614badd7183227eb02d22143e3a52.yaml b/nuclei-templates/cve-less/themes/beauty-premium-430614badd7183227eb02d22143e3a52.yaml new file mode 100644 index 0000000000..e0da516e83 --- /dev/null +++ b/nuclei-templates/cve-less/themes/beauty-premium-430614badd7183227eb02d22143e3a52.yaml @@ -0,0 +1,58 @@ +id: beauty-premium-430614badd7183227eb02d22143e3a52 + +info: + name: > + Beauty & Clean <= 1.0.8 - Cross-Site Request Forgery & Arbitrary File Upload + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e06c7e0a-f972-430a-9f87-786e0c6e1a84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/beauty-premium/" + google-query: inurl:"/wp-content/themes/beauty-premium/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,beauty-premium,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/beauty-premium/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "beauty-premium" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bello-0d1b849fd565592736828b4a54b39135.yaml b/nuclei-templates/cve-less/themes/bello-0d1b849fd565592736828b4a54b39135.yaml new file mode 100644 index 0000000000..bf28c13656 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bello-0d1b849fd565592736828b4a54b39135.yaml @@ -0,0 +1,58 @@ +id: bello-0d1b849fd565592736828b4a54b39135 + +info: + name: > + Bello - Directory & Listing <= 1.5.9 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fa39169-1cba-43ce-aa29-adf7ce09ce75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bello/" + google-query: inurl:"/wp-content/themes/bello/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bello,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bello/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bello" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bello-84b15db6be01953ae7e773bc858c3601.yaml b/nuclei-templates/cve-less/themes/bello-84b15db6be01953ae7e773bc858c3601.yaml new file mode 100644 index 0000000000..f1877134cf --- /dev/null +++ b/nuclei-templates/cve-less/themes/bello-84b15db6be01953ae7e773bc858c3601.yaml @@ -0,0 +1,58 @@ +id: bello-84b15db6be01953ae7e773bc858c3601 + +info: + name: > + Bello - Directory & Listing - < 1.6.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2f10cc4-82a8-4668-b1e5-a08a0f79b59c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bello/" + google-query: inurl:"/wp-content/themes/bello/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bello,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bello/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bello" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bello-a5df397db51ff69150f57b2d7f5c09a8.yaml b/nuclei-templates/cve-less/themes/bello-a5df397db51ff69150f57b2d7f5c09a8.yaml new file mode 100644 index 0000000000..ce9c1fc24d --- /dev/null +++ b/nuclei-templates/cve-less/themes/bello-a5df397db51ff69150f57b2d7f5c09a8.yaml @@ -0,0 +1,58 @@ +id: bello-a5df397db51ff69150f57b2d7f5c09a8 + +info: + name: > + Directory & Listing < 1.6.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/349e3b4a-c46b-48f6-acf7-bcdc86c13db7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bello/" + google-query: inurl:"/wp-content/themes/bello/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bello,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bello/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bello" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/betheme-0eda30de3bc2dbaa94da2af30caf268c.yaml b/nuclei-templates/cve-less/themes/betheme-0eda30de3bc2dbaa94da2af30caf268c.yaml new file mode 100644 index 0000000000..1211e15641 --- /dev/null +++ b/nuclei-templates/cve-less/themes/betheme-0eda30de3bc2dbaa94da2af30caf268c.yaml @@ -0,0 +1,58 @@ +id: betheme-0eda30de3bc2dbaa94da2af30caf268c + +info: + name: > + Betheme <= 26.6.2 - Missing Authorization to Post Title Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff3b35c-f7e3-4cae-b7f1-1a0930173ac5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,betheme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 26.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/betheme-4177059b270800f6cdd2567297565b05.yaml b/nuclei-templates/cve-less/themes/betheme-4177059b270800f6cdd2567297565b05.yaml new file mode 100644 index 0000000000..848edf6fed --- /dev/null +++ b/nuclei-templates/cve-less/themes/betheme-4177059b270800f6cdd2567297565b05.yaml @@ -0,0 +1,58 @@ +id: betheme-4177059b270800f6cdd2567297565b05 + +info: + name: > + Betheme <= 26.6.2 - Missing Authorization Checks to Private Page/Post Data Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8068fb3-5a19-4b17-848b-32cebfff2537?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,betheme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 26.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/betheme-4248ab6c48d79553c417ff3c6f6afabd.yaml b/nuclei-templates/cve-less/themes/betheme-4248ab6c48d79553c417ff3c6f6afabd.yaml new file mode 100644 index 0000000000..06eb225c6b --- /dev/null +++ b/nuclei-templates/cve-less/themes/betheme-4248ab6c48d79553c417ff3c6f6afabd.yaml @@ -0,0 +1,58 @@ +id: betheme-4248ab6c48d79553c417ff3c6f6afabd + +info: + name: > + Betheme <= 26.6.2 - Missing Authorization Check on Core Functionality + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8eec2f0-1b6f-45cf-8291-019bc1d08f9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,betheme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 26.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/betheme-6bcabc3b4e69486405e1172846710922.yaml b/nuclei-templates/cve-less/themes/betheme-6bcabc3b4e69486405e1172846710922.yaml new file mode 100644 index 0000000000..c39bb9ee48 --- /dev/null +++ b/nuclei-templates/cve-less/themes/betheme-6bcabc3b4e69486405e1172846710922.yaml @@ -0,0 +1,58 @@ +id: betheme-6bcabc3b4e69486405e1172846710922 + +info: + name: > + Betheme <= 27.1.1 - Missing Authorization via '_tool_history_delete' + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e75bb6-83d9-43db-8c89-0995698ca0ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,betheme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 27.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/betheme-a0089e085e056ad847052764bb440612.yaml b/nuclei-templates/cve-less/themes/betheme-a0089e085e056ad847052764bb440612.yaml new file mode 100644 index 0000000000..2d7be97b3a --- /dev/null +++ b/nuclei-templates/cve-less/themes/betheme-a0089e085e056ad847052764bb440612.yaml @@ -0,0 +1,58 @@ +id: betheme-a0089e085e056ad847052764bb440612 + +info: + name: > + Betheme <= 26.7.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c14b948f-129d-4223-b3ee-0bef1f9fc703?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,betheme,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 26.7.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/betheme-a02d18d0740894600f021e06a20fd2de.yaml b/nuclei-templates/cve-less/themes/betheme-a02d18d0740894600f021e06a20fd2de.yaml new file mode 100644 index 0000000000..4cb66c298b --- /dev/null +++ b/nuclei-templates/cve-less/themes/betheme-a02d18d0740894600f021e06a20fd2de.yaml @@ -0,0 +1,58 @@ +id: betheme-a02d18d0740894600f021e06a20fd2de + +info: + name: > + Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe00b89f-b475-4aec-8df8-89d842d92e4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,betheme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 26.5.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/betheme-c3f3aac4022202f47e3ad7f05ff237dd.yaml b/nuclei-templates/cve-less/themes/betheme-c3f3aac4022202f47e3ad7f05ff237dd.yaml new file mode 100644 index 0000000000..c3c314d087 --- /dev/null +++ b/nuclei-templates/cve-less/themes/betheme-c3f3aac4022202f47e3ad7f05ff237dd.yaml @@ -0,0 +1,58 @@ +id: betheme-c3f3aac4022202f47e3ad7f05ff237dd + +info: + name: > + Betheme <= 26.5.1.4 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f5e984d5-2537-4a4a-a071-084e0c1c3b5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,betheme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 26.5.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/betheme-eef54adf293c01cfcd3711ba2746f5e0.yaml b/nuclei-templates/cve-less/themes/betheme-eef54adf293c01cfcd3711ba2746f5e0.yaml new file mode 100644 index 0000000000..d29cc3019d --- /dev/null +++ b/nuclei-templates/cve-less/themes/betheme-eef54adf293c01cfcd3711ba2746f5e0.yaml @@ -0,0 +1,58 @@ +id: betheme-eef54adf293c01cfcd3711ba2746f5e0 + +info: + name: > + Betheme <= 26.6.2 - Missing Authorization to Post Status Change + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa657530-7c85-4399-94bb-feaa7d21a47a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,betheme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 26.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/betheme-f2c966f060ba4e0ec53591e455e174f0.yaml b/nuclei-templates/cve-less/themes/betheme-f2c966f060ba4e0ec53591e455e174f0.yaml new file mode 100644 index 0000000000..320356f6c7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/betheme-f2c966f060ba4e0ec53591e455e174f0.yaml @@ -0,0 +1,58 @@ +id: betheme-f2c966f060ba4e0ec53591e455e174f0 + +info: + name: > + Betheme <= 26.6.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e1d4080-cd8a-455a-85f4-87f195ebe4a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,betheme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 26.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/betheme-f626e9df68cec35c776cf1191c5c3f5d.yaml b/nuclei-templates/cve-less/themes/betheme-f626e9df68cec35c776cf1191c5c3f5d.yaml new file mode 100644 index 0000000000..4451f26ca6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/betheme-f626e9df68cec35c776cf1191c5c3f5d.yaml @@ -0,0 +1,58 @@ +id: betheme-f626e9df68cec35c776cf1191c5c3f5d + +info: + name: > + Betheme <= 26.6.2 - Missing Authorization to Theme Settings Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ec44487-7529-46a8-b2eb-cc5fe0f8f062?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,betheme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 26.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/betheme-f83868d3a00a9fcf53648bc46fb152f1.yaml b/nuclei-templates/cve-less/themes/betheme-f83868d3a00a9fcf53648bc46fb152f1.yaml new file mode 100644 index 0000000000..f53eceae25 --- /dev/null +++ b/nuclei-templates/cve-less/themes/betheme-f83868d3a00a9fcf53648bc46fb152f1.yaml @@ -0,0 +1,58 @@ +id: betheme-f83868d3a00a9fcf53648bc46fb152f1 + +info: + name: > + Betheme <= 27.1.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72bdc81e-1a9d-4dd8-93a5-fb1026d6a2d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/betheme/" + google-query: inurl:"/wp-content/themes/betheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,betheme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/betheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "betheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 27.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/big-store-b619e22c55f5ef6d348009289f2fb6f6.yaml b/nuclei-templates/cve-less/themes/big-store-b619e22c55f5ef6d348009289f2fb6f6.yaml new file mode 100644 index 0000000000..db7ad289d7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/big-store-b619e22c55f5ef6d348009289f2fb6f6.yaml @@ -0,0 +1,58 @@ +id: big-store-b619e22c55f5ef6d348009289f2fb6f6 + +info: + name: > + Big Store <= 1.9.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a1859dca-d771-470c-ae4a-48246977212c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/big-store/" + google-query: inurl:"/wp-content/themes/big-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,big-store,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/big-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "big-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bingle-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/bingle-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..96d918c2c8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bingle-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: bingle-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bingle/" + google-query: inurl:"/wp-content/themes/bingle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bingle,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bingle/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bingle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bingle-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/bingle-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..68aaf7944e --- /dev/null +++ b/nuclei-templates/cve-less/themes/bingle-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: bingle-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bingle/" + google-query: inurl:"/wp-content/themes/bingle/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bingle,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bingle/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bingle" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/black-letterhead-530c76ddc7a277b970fa701ca1edf42b.yaml b/nuclei-templates/cve-less/themes/black-letterhead-530c76ddc7a277b970fa701ca1edf42b.yaml new file mode 100644 index 0000000000..6ff3657081 --- /dev/null +++ b/nuclei-templates/cve-less/themes/black-letterhead-530c76ddc7a277b970fa701ca1edf42b.yaml @@ -0,0 +1,58 @@ +id: black-letterhead-530c76ddc7a277b970fa701ca1edf42b + +info: + name: > + Black-Letterhead <= 1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8617dc53-8994-4fab-a3df-27863ad3dd10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/black-letterhead/" + google-query: inurl:"/wp-content/themes/black-letterhead/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,black-letterhead,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/black-letterhead/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "black-letterhead" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blessing-d850c5ed075967896003b1b01706f556.yaml b/nuclei-templates/cve-less/themes/blessing-d850c5ed075967896003b1b01706f556.yaml new file mode 100644 index 0000000000..c41fcdba60 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blessing-d850c5ed075967896003b1b01706f556.yaml @@ -0,0 +1,58 @@ +id: blessing-d850c5ed075967896003b1b01706f556 + +info: + name: > + Blessing Premium Responsive WordPress Theme < 1.3.2.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db0feb49-35c3-4bb1-9ec9-2b5bdbb28189?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blessing/" + google-query: inurl:"/wp-content/themes/blessing/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blessing,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blessing/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blessing" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blix-54409f2bc5984d61c42ec97047d41adc.yaml b/nuclei-templates/cve-less/themes/blix-54409f2bc5984d61c42ec97047d41adc.yaml new file mode 100644 index 0000000000..762dd71a28 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blix-54409f2bc5984d61c42ec97047d41adc.yaml @@ -0,0 +1,58 @@ +id: blix-54409f2bc5984d61c42ec97047d41adc + +info: + name: > + Blix <= 0.9.1, Blixed <= 1.0, BlixKrieg <= 2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/928584e5-7391-4442-820e-d5d5fc288572?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blix/" + google-query: inurl:"/wp-content/themes/blix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blix,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blix/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blix-c0b95532030c59fee6c1d3ae2a188201.yaml b/nuclei-templates/cve-less/themes/blix-c0b95532030c59fee6c1d3ae2a188201.yaml new file mode 100644 index 0000000000..7e5495ea43 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blix-c0b95532030c59fee6c1d3ae2a188201.yaml @@ -0,0 +1,58 @@ +id: blix-c0b95532030c59fee6c1d3ae2a188201 + +info: + name: > + Blix 0.9.1 and Blix 0.9.1 Rus - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/537b6f36-ae45-465a-b139-6753d50d8e10?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blix/" + google-query: inurl:"/wp-content/themes/blix/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blix,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blix/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blix" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blixed-54409f2bc5984d61c42ec97047d41adc.yaml b/nuclei-templates/cve-less/themes/blixed-54409f2bc5984d61c42ec97047d41adc.yaml new file mode 100644 index 0000000000..b2394185dd --- /dev/null +++ b/nuclei-templates/cve-less/themes/blixed-54409f2bc5984d61c42ec97047d41adc.yaml @@ -0,0 +1,58 @@ +id: blixed-54409f2bc5984d61c42ec97047d41adc + +info: + name: > + Blix <= 0.9.1, Blixed <= 1.0, BlixKrieg <= 2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/928584e5-7391-4442-820e-d5d5fc288572?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blixed/" + google-query: inurl:"/wp-content/themes/blixed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blixed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blixed/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blixed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blixkrieg-54409f2bc5984d61c42ec97047d41adc.yaml b/nuclei-templates/cve-less/themes/blixkrieg-54409f2bc5984d61c42ec97047d41adc.yaml new file mode 100644 index 0000000000..51f9d15363 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blixkrieg-54409f2bc5984d61c42ec97047d41adc.yaml @@ -0,0 +1,58 @@ +id: blixkrieg-54409f2bc5984d61c42ec97047d41adc + +info: + name: > + Blix <= 0.9.1, Blixed <= 1.0, BlixKrieg <= 2.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/928584e5-7391-4442-820e-d5d5fc288572?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blixkrieg/" + google-query: inurl:"/wp-content/themes/blixkrieg/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blixkrieg,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blixkrieg/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blixkrieg" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blocksy-07a77988897e3af64d686b49eda84d8d.yaml b/nuclei-templates/cve-less/themes/blocksy-07a77988897e3af64d686b49eda84d8d.yaml new file mode 100644 index 0000000000..f5da23f2f4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blocksy-07a77988897e3af64d686b49eda84d8d.yaml @@ -0,0 +1,58 @@ +id: blocksy-07a77988897e3af64d686b49eda84d8d + +info: + name: > + Blocksy <= 2.0.26 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fdeab668-9094-485f-aa01-13ba5c10ea89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blocksy/" + google-query: inurl:"/wp-content/themes/blocksy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blocksy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blocksy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.26') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blocksy-0ec4296664350dc8ee374e0d44043428.yaml b/nuclei-templates/cve-less/themes/blocksy-0ec4296664350dc8ee374e0d44043428.yaml new file mode 100644 index 0000000000..131681b934 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blocksy-0ec4296664350dc8ee374e0d44043428.yaml @@ -0,0 +1,58 @@ +id: blocksy-0ec4296664350dc8ee374e0d44043428 + +info: + name: > + Blocksy <= 2.0.22 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5f86dd96-fc87-4dc8-8435-f279a8def021?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blocksy/" + google-query: inurl:"/wp-content/themes/blocksy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blocksy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blocksy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.22') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blocksy-924efae616f0032d8047ad716d24a484.yaml b/nuclei-templates/cve-less/themes/blocksy-924efae616f0032d8047ad716d24a484.yaml new file mode 100644 index 0000000000..f4089e9823 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blocksy-924efae616f0032d8047ad716d24a484.yaml @@ -0,0 +1,58 @@ +id: blocksy-924efae616f0032d8047ad716d24a484 + +info: + name: > + Blocksy <= 2.0.42 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22d1ccf3-ac1a-4dfc-81c3-b8eb88795bc1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blocksy/" + google-query: inurl:"/wp-content/themes/blocksy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blocksy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blocksy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.42') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blocksy-9f5f23c716774bbd462d447842ecf871.yaml b/nuclei-templates/cve-less/themes/blocksy-9f5f23c716774bbd462d447842ecf871.yaml new file mode 100644 index 0000000000..8031a5fada --- /dev/null +++ b/nuclei-templates/cve-less/themes/blocksy-9f5f23c716774bbd462d447842ecf871.yaml @@ -0,0 +1,58 @@ +id: blocksy-9f5f23c716774bbd462d447842ecf871 + +info: + name: > + Blocksy <= 2.0.19 - Authenticated (Editor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e781e1aa-7fa2-4cea-913b-4aa582ec6a4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blocksy/" + google-query: inurl:"/wp-content/themes/blocksy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blocksy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blocksy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blocksy-bc2b1b1b8cc260b904b43a53b27b1dc7.yaml b/nuclei-templates/cve-less/themes/blocksy-bc2b1b1b8cc260b904b43a53b27b1dc7.yaml new file mode 100644 index 0000000000..ba0375efe5 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blocksy-bc2b1b1b8cc260b904b43a53b27b1dc7.yaml @@ -0,0 +1,58 @@ +id: blocksy-bc2b1b1b8cc260b904b43a53b27b1dc7 + +info: + name: > + Blocksy <= 2.0.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via About Me block + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e3f71928-3f1d-4c15-8655-41cdfb707370?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blocksy/" + google-query: inurl:"/wp-content/themes/blocksy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blocksy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blocksy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.39') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blocksy-db7f8fed7cd5746da95374c4a1d925a5.yaml b/nuclei-templates/cve-less/themes/blocksy-db7f8fed7cd5746da95374c4a1d925a5.yaml new file mode 100644 index 0000000000..3e69f6c9f5 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blocksy-db7f8fed7cd5746da95374c4a1d925a5.yaml @@ -0,0 +1,58 @@ +id: blocksy-db7f8fed7cd5746da95374c4a1d925a5 + +info: + name: > + Blocksy <= 2.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/030ec6bb-f19d-4145-b3fb-bd647c154666?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blocksy/" + google-query: inurl:"/wp-content/themes/blocksy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blocksy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blocksy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blocksy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bloger-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/bloger-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..7b3c970f22 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bloger-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: bloger-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bloger/" + google-query: inurl:"/wp-content/themes/bloger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bloger,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bloger/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bloger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bloger-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/bloger-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..66c42278a7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bloger-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: bloger-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bloger/" + google-query: inurl:"/wp-content/themes/bloger/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bloger,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bloger/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bloger" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blogger-buzz-e5b5400c624e25843b2372f9abb89d26.yaml b/nuclei-templates/cve-less/themes/blogger-buzz-e5b5400c624e25843b2372f9abb89d26.yaml new file mode 100644 index 0000000000..47ff78f885 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blogger-buzz-e5b5400c624e25843b2372f9abb89d26.yaml @@ -0,0 +1,58 @@ +id: blogger-buzz-e5b5400c624e25843b2372f9abb89d26 + +info: + name: > + Blogger Buzz <= 1.2.4 - Missing Authorization via activate_plugin + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/823dce74-2688-4573-b0c8-353f1789ea48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blogger-buzz/" + google-query: inurl:"/wp-content/themes/blogger-buzz/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blogger-buzz,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blogger-buzz/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blogger-buzz" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blooog-v1.1-e7c3ee180660fac9fead4fadabb98bef.yaml b/nuclei-templates/cve-less/themes/blooog-v1.1-e7c3ee180660fac9fead4fadabb98bef.yaml new file mode 100644 index 0000000000..5dcab44b48 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blooog-v1.1-e7c3ee180660fac9fead4fadabb98bef.yaml @@ -0,0 +1,58 @@ +id: blooog-v1.1-e7c3ee180660fac9fead4fadabb98bef + +info: + name: > + Bloog <= 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c49dcb39-7d03-4d7e-9a07-7ac8a6506e7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Blooog-v1.1/" + google-query: inurl:"/wp-content/themes/Blooog-v1.1/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Blooog-v1.1,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Blooog-v1.1/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Blooog-v1.1" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blossom-spa-a9b48fe75d8b0cb9e851b9c9fd985412.yaml b/nuclei-templates/cve-less/themes/blossom-spa-a9b48fe75d8b0cb9e851b9c9fd985412.yaml new file mode 100644 index 0000000000..9951b2f926 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blossom-spa-a9b48fe75d8b0cb9e851b9c9fd985412.yaml @@ -0,0 +1,58 @@ +id: blossom-spa-a9b48fe75d8b0cb9e851b9c9fd985412 + +info: + name: > + Blossom Spa <= 1.3.3 - Sensitive Information Exposure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5e54dbf9-a5d1-413d-96ac-93dd499c21a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blossom-spa/" + google-query: inurl:"/wp-content/themes/blossom-spa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blossom-spa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blossom-spa/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blossom-spa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/blue-memories-f021202130cf5324996d350595ae862c.yaml b/nuclei-templates/cve-less/themes/blue-memories-f021202130cf5324996d350595ae862c.yaml new file mode 100644 index 0000000000..f6ad7dd982 --- /dev/null +++ b/nuclei-templates/cve-less/themes/blue-memories-f021202130cf5324996d350595ae862c.yaml @@ -0,0 +1,58 @@ +id: blue-memories-f021202130cf5324996d350595ae862c + +info: + name: > + Blue Memories <= 1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e292e704-4b98-4e95-ac25-29cedcf005c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/blue-memories/" + google-query: inurl:"/wp-content/themes/blue-memories/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,blue-memories,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/blue-memories/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "blue-memories" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bolster-5bf9d91713d8c35818245877f73557be.yaml b/nuclei-templates/cve-less/themes/bolster-5bf9d91713d8c35818245877f73557be.yaml new file mode 100644 index 0000000000..3ab5748ba3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bolster-5bf9d91713d8c35818245877f73557be.yaml @@ -0,0 +1,58 @@ +id: bolster-5bf9d91713d8c35818245877f73557be + +info: + name: > + Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bolster/" + google-query: inurl:"/wp-content/themes/bolster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bolster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bolster/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bolster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bonkers-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/bonkers-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..f04ae36f63 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bonkers-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: bonkers-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bonkers/" + google-query: inurl:"/wp-content/themes/bonkers/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bonkers,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bonkers/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bonkers" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/brain-power-4790b4ad8b25152cb39533647a69d638.yaml b/nuclei-templates/cve-less/themes/brain-power-4790b4ad8b25152cb39533647a69d638.yaml new file mode 100644 index 0000000000..ee383857ad --- /dev/null +++ b/nuclei-templates/cve-less/themes/brain-power-4790b4ad8b25152cb39533647a69d638.yaml @@ -0,0 +1,58 @@ +id: brain-power-4790b4ad8b25152cb39533647a69d638 + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/brain-power/" + google-query: inurl:"/wp-content/themes/brain-power/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,brain-power,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/brain-power/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brain-power" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bricks-006e2e470c53d4a4e5eb56e28322392e.yaml b/nuclei-templates/cve-less/themes/bricks-006e2e470c53d4a4e5eb56e28322392e.yaml new file mode 100644 index 0000000000..5954cb8977 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bricks-006e2e470c53d4a4e5eb56e28322392e.yaml @@ -0,0 +1,58 @@ +id: bricks-006e2e470c53d4a4e5eb56e28322392e + +info: + name: > + Bricks <= 1.9.6 - Unauthenticated Remote Code Execution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b97b1c86-22a4-462b-9140-55139cf02c7a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bricks/" + google-query: inurl:"/wp-content/themes/bricks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bricks,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bricks/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bricks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bricks-76570c8af26fd8add3788aed77d646fa.yaml b/nuclei-templates/cve-less/themes/bricks-76570c8af26fd8add3788aed77d646fa.yaml new file mode 100644 index 0000000000..5165985356 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bricks-76570c8af26fd8add3788aed77d646fa.yaml @@ -0,0 +1,58 @@ +id: bricks-76570c8af26fd8add3788aed77d646fa + +info: + name: > + Bricks 1.0 - 1.5.3 - Missing Authorization to Arbitrary Content Creation/Modification + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a711984-4eb2-4d96-b2b9-0ecd840679b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bricks/" + google-query: inurl:"/wp-content/themes/bricks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bricks,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bricks/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bricks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0', '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bricks-8d874ea95f55c0ec9bb8e08a17ec4807.yaml b/nuclei-templates/cve-less/themes/bricks-8d874ea95f55c0ec9bb8e08a17ec4807.yaml new file mode 100644 index 0000000000..e6fbffe7a1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bricks-8d874ea95f55c0ec9bb8e08a17ec4807.yaml @@ -0,0 +1,58 @@ +id: bricks-8d874ea95f55c0ec9bb8e08a17ec4807 + +info: + name: > + Bricks 1.2 - 1.5.3 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2471d06b-7d9a-41b9-b38c-3f40322d8a5b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bricks/" + google-query: inurl:"/wp-content/themes/bricks/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bricks,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bricks/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bricks" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.2', '<= 1.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bridge-c39e88fb98a263a4718fa22351cd75a3.yaml b/nuclei-templates/cve-less/themes/bridge-c39e88fb98a263a4718fa22351cd75a3.yaml new file mode 100644 index 0000000000..dc4afaef35 --- /dev/null +++ b/nuclei-templates/cve-less/themes/bridge-c39e88fb98a263a4718fa22351cd75a3.yaml @@ -0,0 +1,58 @@ +id: bridge-c39e88fb98a263a4718fa22351cd75a3 + +info: + name: > + Bridge - Creative Multipurpose WordPress Theme < 11.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1a1af528-79c6-4197-b247-9789b290a642?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bridge/" + google-query: inurl:"/wp-content/themes/bridge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bridge,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bridge/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bridge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 11.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/brilliance-72ccbc519dc7d87cb6145ad667cfc553.yaml b/nuclei-templates/cve-less/themes/brilliance-72ccbc519dc7d87cb6145ad667cfc553.yaml new file mode 100644 index 0000000000..081ab83745 --- /dev/null +++ b/nuclei-templates/cve-less/themes/brilliance-72ccbc519dc7d87cb6145ad667cfc553.yaml @@ -0,0 +1,58 @@ +id: brilliance-72ccbc519dc7d87cb6145ad667cfc553 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9e4e989-8e55-4ea7-8f42-9f67cfab1168?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/brilliance/" + google-query: inurl:"/wp-content/themes/brilliance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,brilliance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/brilliance/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brilliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/brilliance-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/brilliance-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..6abc0ce23f --- /dev/null +++ b/nuclei-templates/cve-less/themes/brilliance-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: brilliance-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/brilliance/" + google-query: inurl:"/wp-content/themes/brilliance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,brilliance,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/brilliance/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brilliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/brilliance-ee1a1b54258e473972fcc31462b15e8f.yaml b/nuclei-templates/cve-less/themes/brilliance-ee1a1b54258e473972fcc31462b15e8f.yaml new file mode 100644 index 0000000000..1b025e0eaf --- /dev/null +++ b/nuclei-templates/cve-less/themes/brilliance-ee1a1b54258e473972fcc31462b15e8f.yaml @@ -0,0 +1,58 @@ +id: brilliance-ee1a1b54258e473972fcc31462b15e8f + +info: + name: > + Brilliance <= 1.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5726c70-c2c7-45b9-bd03-38cf1320646a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/brilliance/" + google-query: inurl:"/wp-content/themes/brilliance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,brilliance,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/brilliance/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brilliance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/brite-37917ea4c5b30e9a2f479f087050ff0a.yaml b/nuclei-templates/cve-less/themes/brite-37917ea4c5b30e9a2f479f087050ff0a.yaml new file mode 100644 index 0000000000..2f97433d26 --- /dev/null +++ b/nuclei-templates/cve-less/themes/brite-37917ea4c5b30e9a2f479f087050ff0a.yaml @@ -0,0 +1,58 @@ +id: brite-37917ea4c5b30e9a2f479f087050ff0a + +info: + name: > + ColibriWP Theme framework <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/brite/" + google-query: inurl:"/wp-content/themes/brite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,brite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/brite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/brooklyn-145399e0c7a9d439e5ba93f1ed497004.yaml b/nuclei-templates/cve-less/themes/brooklyn-145399e0c7a9d439e5ba93f1ed497004.yaml new file mode 100644 index 0000000000..48fd837517 --- /dev/null +++ b/nuclei-templates/cve-less/themes/brooklyn-145399e0c7a9d439e5ba93f1ed497004.yaml @@ -0,0 +1,58 @@ +id: brooklyn-145399e0c7a9d439e5ba93f1ed497004 + +info: + name: > + Brooklyn <= 4.9.7.6 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dd962a5-ec0e-415f-8efa-91e78bb80d16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/brooklyn/" + google-query: inurl:"/wp-content/themes/brooklyn/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,brooklyn,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/brooklyn/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brooklyn" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/brooklyn-fb3df7b0090a05c3bb2c9600778e1c86.yaml b/nuclei-templates/cve-less/themes/brooklyn-fb3df7b0090a05c3bb2c9600778e1c86.yaml new file mode 100644 index 0000000000..b0b6dbea7b --- /dev/null +++ b/nuclei-templates/cve-less/themes/brooklyn-fb3df7b0090a05c3bb2c9600778e1c86.yaml @@ -0,0 +1,58 @@ +id: brooklyn-fb3df7b0090a05c3bb2c9600778e1c86 + +info: + name: > + Brooklyn <= 4.9.7.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/724d8382-cef3-4584-a255-c2ecc7c986b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/brooklyn/" + google-query: inurl:"/wp-content/themes/brooklyn/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,brooklyn,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/brooklyn/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brooklyn" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9.7.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/brovy-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/brovy-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..88f6e49b75 --- /dev/null +++ b/nuclei-templates/cve-less/themes/brovy-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: brovy-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/brovy/" + google-query: inurl:"/wp-content/themes/brovy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,brovy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/brovy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brovy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/brovy-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/brovy-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..7fad5373d6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/brovy-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: brovy-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/brovy/" + google-query: inurl:"/wp-content/themes/brovy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,brovy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/brovy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "brovy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/buddyboss-theme-ab3814e3ae070036041f3fc37ac29f36.yaml b/nuclei-templates/cve-less/themes/buddyboss-theme-ab3814e3ae070036041f3fc37ac29f36.yaml new file mode 100644 index 0000000000..934ef49695 --- /dev/null +++ b/nuclei-templates/cve-less/themes/buddyboss-theme-ab3814e3ae070036041f3fc37ac29f36.yaml @@ -0,0 +1,58 @@ +id: buddyboss-theme-ab3814e3ae070036041f3fc37ac29f36 + +info: + name: > + BuddyBoss Theme <= 2.4.60 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ccbeb69e-6476-42a6-86ac-723947c70301?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/buddyboss-theme/" + google-query: inurl:"/wp-content/themes/buddyboss-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,buddyboss-theme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/buddyboss-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buddyboss-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.60') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/builderchild-depot-2e6c4db554765f15e335810f248cb790.yaml b/nuclei-templates/cve-less/themes/builderchild-depot-2e6c4db554765f15e335810f248cb790.yaml new file mode 100644 index 0000000000..19c548c0ba --- /dev/null +++ b/nuclei-templates/cve-less/themes/builderchild-depot-2e6c4db554765f15e335810f248cb790.yaml @@ -0,0 +1,58 @@ +id: builderchild-depot-2e6c4db554765f15e335810f248cb790 + +info: + name: > + iThemes Builder Depot Theme < 5.0.30 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/063457b6-b02b-4f4c-b746-576b7b919e67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/BuilderChild-Depot/" + google-query: inurl:"/wp-content/themes/BuilderChild-Depot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,BuilderChild-Depot,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/BuilderChild-Depot/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "BuilderChild-Depot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/builderchild-market-493e804a1e5431f2ca50d457edc4b8eb.yaml b/nuclei-templates/cve-less/themes/builderchild-market-493e804a1e5431f2ca50d457edc4b8eb.yaml new file mode 100644 index 0000000000..fd97f7fb19 --- /dev/null +++ b/nuclei-templates/cve-less/themes/builderchild-market-493e804a1e5431f2ca50d457edc4b8eb.yaml @@ -0,0 +1,58 @@ +id: builderchild-market-493e804a1e5431f2ca50d457edc4b8eb + +info: + name: > + Market < 5.1.27 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb329862-8cfa-49a5-b9cb-908acc4182e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/BuilderChild-Market/" + google-query: inurl:"/wp-content/themes/BuilderChild-Market/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,BuilderChild-Market,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/BuilderChild-Market/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "BuilderChild-Market" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.1.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/bunnypresslite-4790b4ad8b25152cb39533647a69d638.yaml b/nuclei-templates/cve-less/themes/bunnypresslite-4790b4ad8b25152cb39533647a69d638.yaml new file mode 100644 index 0000000000..f7005c192e --- /dev/null +++ b/nuclei-templates/cve-less/themes/bunnypresslite-4790b4ad8b25152cb39533647a69d638.yaml @@ -0,0 +1,58 @@ +id: bunnypresslite-4790b4ad8b25152cb39533647a69d638 + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/bunnypresslite/" + google-query: inurl:"/wp-content/themes/bunnypresslite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,bunnypresslite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/bunnypresslite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "bunnypresslite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/business-pro-958193ceafe9fa46f427a02590b8676e.yaml b/nuclei-templates/cve-less/themes/business-pro-958193ceafe9fa46f427a02590b8676e.yaml new file mode 100644 index 0000000000..5cccdf7816 --- /dev/null +++ b/nuclei-templates/cve-less/themes/business-pro-958193ceafe9fa46f427a02590b8676e.yaml @@ -0,0 +1,58 @@ +id: business-pro-958193ceafe9fa46f427a02590b8676e + +info: + name: > + Business Pro <= 1.10.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bb97b95-fa6a-4566-b448-b774bb732455?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/business-pro/" + google-query: inurl:"/wp-content/themes/business-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,business-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/business-pro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "business-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.10.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/buzzstore-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/cve-less/themes/buzzstore-4afe438c3219ba223c08f05567ce5890.yaml new file mode 100644 index 0000000000..6b50aca2bf --- /dev/null +++ b/nuclei-templates/cve-less/themes/buzzstore-4afe438c3219ba223c08f05567ce5890.yaml @@ -0,0 +1,58 @@ +id: buzzstore-4afe438c3219ba223c08f05567ce5890 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/buzzstore/" + google-query: inurl:"/wp-content/themes/buzzstore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,buzzstore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/buzzstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buzzstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/buzzstore-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/cve-less/themes/buzzstore-57ce58b6230c68936a87b493b14f2285.yaml new file mode 100644 index 0000000000..269ad67644 --- /dev/null +++ b/nuclei-templates/cve-less/themes/buzzstore-57ce58b6230c68936a87b493b14f2285.yaml @@ -0,0 +1,58 @@ +id: buzzstore-57ce58b6230c68936a87b493b14f2285 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/buzzstore/" + google-query: inurl:"/wp-content/themes/buzzstore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,buzzstore,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/buzzstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "buzzstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/cafe-bistro-4790b4ad8b25152cb39533647a69d638.yaml b/nuclei-templates/cve-less/themes/cafe-bistro-4790b4ad8b25152cb39533647a69d638.yaml new file mode 100644 index 0000000000..db95012c7a --- /dev/null +++ b/nuclei-templates/cve-less/themes/cafe-bistro-4790b4ad8b25152cb39533647a69d638.yaml @@ -0,0 +1,58 @@ +id: cafe-bistro-4790b4ad8b25152cb39533647a69d638 + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/cafe-bistro/" + google-query: inurl:"/wp-content/themes/cafe-bistro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,cafe-bistro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/cafe-bistro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cafe-bistro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/cakifo-02d6de68e2eb0c0f7215999509c086c8.yaml b/nuclei-templates/cve-less/themes/cakifo-02d6de68e2eb0c0f7215999509c086c8.yaml new file mode 100644 index 0000000000..3cd2cf7598 --- /dev/null +++ b/nuclei-templates/cve-less/themes/cakifo-02d6de68e2eb0c0f7215999509c086c8.yaml @@ -0,0 +1,58 @@ +id: cakifo-02d6de68e2eb0c0f7215999509c086c8 + +info: + name: > + Cakifo 1.0 - 1.6.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3742f2c5-55be-426c-8445-bf58eeebc74b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/cakifo/" + google-query: inurl:"/wp-content/themes/cakifo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,cakifo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/cakifo/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cakifo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 1.0', '<= 1.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/calliope-37917ea4c5b30e9a2f479f087050ff0a.yaml b/nuclei-templates/cve-less/themes/calliope-37917ea4c5b30e9a2f479f087050ff0a.yaml new file mode 100644 index 0000000000..c033ffac84 --- /dev/null +++ b/nuclei-templates/cve-less/themes/calliope-37917ea4c5b30e9a2f479f087050ff0a.yaml @@ -0,0 +1,58 @@ +id: calliope-37917ea4c5b30e9a2f479f087050ff0a + +info: + name: > + ColibriWP Theme framework <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/calliope/" + google-query: inurl:"/wp-content/themes/calliope/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,calliope,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/calliope/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "calliope" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.33') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/car-repair-service-619d74f5efad50bb0716462ce5537ea9.yaml b/nuclei-templates/cve-less/themes/car-repair-service-619d74f5efad50bb0716462ce5537ea9.yaml new file mode 100644 index 0000000000..bd390efa61 --- /dev/null +++ b/nuclei-templates/cve-less/themes/car-repair-service-619d74f5efad50bb0716462ce5537ea9.yaml @@ -0,0 +1,58 @@ +id: car-repair-service-619d74f5efad50bb0716462ce5537ea9 + +info: + name: > + Car Repair Services & Auto Mechanic < 4.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c799a373-3c0e-4b77-9e51-0e6bd2ab4b7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/car-repair-service/" + google-query: inurl:"/wp-content/themes/car-repair-service/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,car-repair-service,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/car-repair-service/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "car-repair-service" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/cardealer-77435d9114ce158ef3aadb96d9fd0449.yaml b/nuclei-templates/cve-less/themes/cardealer-77435d9114ce158ef3aadb96d9fd0449.yaml new file mode 100644 index 0000000000..01c1cf0840 --- /dev/null +++ b/nuclei-templates/cve-less/themes/cardealer-77435d9114ce158ef3aadb96d9fd0449.yaml @@ -0,0 +1,58 @@ +id: cardealer-77435d9114ce158ef3aadb96d9fd0449 + +info: + name: > + Car Dealer Automotive WordPress Theme < 1.1.9 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5c39fded-8b32-463f-9d22-adb371ca217e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/cardealer/" + google-query: inurl:"/wp-content/themes/cardealer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,cardealer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/cardealer/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cardealer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/careerfy-0b2658951b7cfc28db2aef3263c845a3.yaml b/nuclei-templates/cve-less/themes/careerfy-0b2658951b7cfc28db2aef3263c845a3.yaml new file mode 100644 index 0000000000..0d75e105b5 --- /dev/null +++ b/nuclei-templates/cve-less/themes/careerfy-0b2658951b7cfc28db2aef3263c845a3.yaml @@ -0,0 +1,58 @@ +id: careerfy-0b2658951b7cfc28db2aef3263c845a3 + +info: + name: > + Careerfy < 3.9.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e8e42f-8ee5-40ff-934f-b7d580bc5548?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/careerfy/" + google-query: inurl:"/wp-content/themes/careerfy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,careerfy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/careerfy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "careerfy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/careerup-3dadecf90476b3cb59a265c7ae6d0c01.yaml b/nuclei-templates/cve-less/themes/careerup-3dadecf90476b3cb59a265c7ae6d0c01.yaml new file mode 100644 index 0000000000..e1ecf41180 --- /dev/null +++ b/nuclei-templates/cve-less/themes/careerup-3dadecf90476b3cb59a265c7ae6d0c01.yaml @@ -0,0 +1,58 @@ +id: careerup-3dadecf90476b3cb59a265c7ae6d0c01 + +info: + name: > + CareerUp < 2.3.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a4ef9e6-2299-4024-a6a9-482199ca06db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/careerup/" + google-query: inurl:"/wp-content/themes/careerup/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,careerup,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/careerup/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "careerup" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/carspot-67f647f4edf0dc956943ef2a579b4258.yaml b/nuclei-templates/cve-less/themes/carspot-67f647f4edf0dc956943ef2a579b4258.yaml new file mode 100644 index 0000000000..54e3db46ff --- /dev/null +++ b/nuclei-templates/cve-less/themes/carspot-67f647f4edf0dc956943ef2a579b4258.yaml @@ -0,0 +1,58 @@ +id: carspot-67f647f4edf0dc956943ef2a579b4258 + +info: + name: > + CarSpot – Dealership Wordpress Classified Theme < 2.1.7 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ac58649-4c1a-4c2c-a94b-a3cf08ecb4df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/carspot/" + google-query: inurl:"/wp-content/themes/carspot/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,carspot,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/carspot/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "carspot" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/chankhe-cf02434258a49a4a00aa24a96c05817d.yaml b/nuclei-templates/cve-less/themes/chankhe-cf02434258a49a4a00aa24a96c05817d.yaml new file mode 100644 index 0000000000..efa76f60f8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/chankhe-cf02434258a49a4a00aa24a96c05817d.yaml @@ -0,0 +1,58 @@ +id: chankhe-cf02434258a49a4a00aa24a96c05817d + +info: + name: > + Chankhe <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efa4b67c-1bb8-413a-8cb8-039168b0b586?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/chankhe/" + google-query: inurl:"/wp-content/themes/chankhe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,chankhe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/chankhe/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "chankhe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/citybook-17f6998fdf35be8a6349776a3309aedc.yaml b/nuclei-templates/cve-less/themes/citybook-17f6998fdf35be8a6349776a3309aedc.yaml new file mode 100644 index 0000000000..313a91af43 --- /dev/null +++ b/nuclei-templates/cve-less/themes/citybook-17f6998fdf35be8a6349776a3309aedc.yaml @@ -0,0 +1,58 @@ +id: citybook-17f6998fdf35be8a6349776a3309aedc + +info: + name: > + CTHthemes CityBook < 2.3.4, TownHub < 1.0.6, EasyBook < 1.2.2 Themes - Authenticated Post Deleition via IDOR + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08eb1d49-9928-43f8-97fc-14105e3a4a25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/citybook/" + google-query: inurl:"/wp-content/themes/citybook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,citybook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/citybook/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "citybook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/citybook-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml b/nuclei-templates/cve-less/themes/citybook-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml new file mode 100644 index 0000000000..79998610fe --- /dev/null +++ b/nuclei-templates/cve-less/themes/citybook-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml @@ -0,0 +1,58 @@ +id: citybook-8b6ac4c7233f8f6a37118bbf7ac73ad8 + +info: + name: > + CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/788e1c5c-67a9-4b06-a2cf-15c980e83618?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/citybook/" + google-query: inurl:"/wp-content/themes/citybook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,citybook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/citybook/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "citybook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/citybook-be3f332add5d9ce678efc86e37a29e03.yaml b/nuclei-templates/cve-less/themes/citybook-be3f332add5d9ce678efc86e37a29e03.yaml new file mode 100644 index 0000000000..7322ce6de5 --- /dev/null +++ b/nuclei-templates/cve-less/themes/citybook-be3f332add5d9ce678efc86e37a29e03.yaml @@ -0,0 +1,58 @@ +id: citybook-be3f332add5d9ce678efc86e37a29e03 + +info: + name: > + CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e292a1f-d475-4c52-b790-b5215e1870ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/citybook/" + google-query: inurl:"/wp-content/themes/citybook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,citybook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/citybook/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "citybook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/citybook-f5204789b3d63c1e5dd223fef5d1ac5d.yaml b/nuclei-templates/cve-less/themes/citybook-f5204789b3d63c1e5dd223fef5d1ac5d.yaml new file mode 100644 index 0000000000..e80d03706a --- /dev/null +++ b/nuclei-templates/cve-less/themes/citybook-f5204789b3d63c1e5dd223fef5d1ac5d.yaml @@ -0,0 +1,58 @@ +id: citybook-f5204789b3d63c1e5dd223fef5d1ac5d + +info: + name: > + CTHthemes CityBook Theme < 2.3.4, TownHub Theme < 1.0.6, EasyBook Theme < 1.2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b51a7670-9fa6-4df9-bef6-c7ebe6b09c5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/citybook/" + google-query: inurl:"/wp-content/themes/citybook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,citybook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/citybook/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "citybook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/citylogic-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/cve-less/themes/citylogic-086335e3764d29c07c7d7cc4e2750c93.yaml new file mode 100644 index 0000000000..3684e809f7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/citylogic-086335e3764d29c07c7d7cc4e2750c93.yaml @@ -0,0 +1,58 @@ +id: citylogic-086335e3764d29c07c7d7cc4e2750c93 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/citylogic/" + google-query: inurl:"/wp-content/themes/citylogic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,citylogic,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/citylogic/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "citylogic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.30') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/classic-7cba36ac5159d909041a39ae02e640fa.yaml b/nuclei-templates/cve-less/themes/classic-7cba36ac5159d909041a39ae02e640fa.yaml new file mode 100644 index 0000000000..42eb35f7ad --- /dev/null +++ b/nuclei-templates/cve-less/themes/classic-7cba36ac5159d909041a39ae02e640fa.yaml @@ -0,0 +1,58 @@ +id: classic-7cba36ac5159d909041a39ae02e640fa + +info: + name: > + Classic <= 1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b44a4d74-5c2b-454a-992a-74a3a71fa5dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/classic/" + google-query: inurl:"/wp-content/themes/classic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,classic,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/classic/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/classima-94f85d394521a13053659cf48cf14634.yaml b/nuclei-templates/cve-less/themes/classima-94f85d394521a13053659cf48cf14634.yaml new file mode 100644 index 0000000000..7a31175add --- /dev/null +++ b/nuclei-templates/cve-less/themes/classima-94f85d394521a13053659cf48cf14634.yaml @@ -0,0 +1,58 @@ +id: classima-94f85d394521a13053659cf48cf14634 + +info: + name: > + Classima < 2.1.11 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4cfee2e2-3486-4be8-954f-6d7f9b6d54ec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/classima/" + google-query: inurl:"/wp-content/themes/classima/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,classima,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/classima/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classima" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/classipress-376edc97e45ef94c79a753de3d636245.yaml b/nuclei-templates/cve-less/themes/classipress-376edc97e45ef94c79a753de3d636245.yaml new file mode 100644 index 0000000000..e204e51b28 --- /dev/null +++ b/nuclei-templates/cve-less/themes/classipress-376edc97e45ef94c79a753de3d636245.yaml @@ -0,0 +1,58 @@ +id: classipress-376edc97e45ef94c79a753de3d636245 + +info: + name: > + Classipress <= 3.1.4 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7af32d7b-3832-4192-bc31-b4ba1f419668?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/classipress/" + google-query: inurl:"/wp-content/themes/classipress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,classipress,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/classipress/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "classipress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/clotya-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml b/nuclei-templates/cve-less/themes/clotya-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml new file mode 100644 index 0000000000..cac6d382f6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/clotya-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml @@ -0,0 +1,58 @@ +id: clotya-0ed3cd48ec0b8d5d59c0c2a69ba7db3d + +info: + name: > + Multiple Themes by KlbTheme <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d5036a-c756-47a6-b071-c393f8a6ce5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/clotya/" + google-query: inurl:"/wp-content/themes/clotya/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,clotya,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/clotya/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "clotya" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/club-theme-5bf9d91713d8c35818245877f73557be.yaml b/nuclei-templates/cve-less/themes/club-theme-5bf9d91713d8c35818245877f73557be.yaml new file mode 100644 index 0000000000..386cac0ad0 --- /dev/null +++ b/nuclei-templates/cve-less/themes/club-theme-5bf9d91713d8c35818245877f73557be.yaml @@ -0,0 +1,58 @@ +id: club-theme-5bf9d91713d8c35818245877f73557be + +info: + name: > + Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/club-theme/" + google-query: inurl:"/wp-content/themes/club-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,club-theme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/club-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "club-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/colibri-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml b/nuclei-templates/cve-less/themes/colibri-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml new file mode 100644 index 0000000000..c0a5f14e4a --- /dev/null +++ b/nuclei-templates/cve-less/themes/colibri-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml @@ -0,0 +1,58 @@ +id: colibri-wp-37917ea4c5b30e9a2f479f087050ff0a + +info: + name: > + ColibriWP Theme framework <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/colibri-wp/" + google-query: inurl:"/wp-content/themes/colibri-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,colibri-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/colibri-wp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.94') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/colibri-wp-7b784615e846271087f6cdcbcbcd3d70.yaml b/nuclei-templates/cve-less/themes/colibri-wp-7b784615e846271087f6cdcbcbcd3d70.yaml new file mode 100644 index 0000000000..809b310ce4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/colibri-wp-7b784615e846271087f6cdcbcbcd3d70.yaml @@ -0,0 +1,58 @@ +id: colibri-wp-7b784615e846271087f6cdcbcbcd3d70 + +info: + name: > + Colibri WP <= 1.0.94 - Cross-Site Request Forgery to Limited Plugin Installation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/db56844f-9988-4f6a-ba1d-f190ff009f2b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/colibri-wp/" + google-query: inurl:"/wp-content/themes/colibri-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,colibri-wp,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/colibri-wp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colibri-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.94') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/college-4790b4ad8b25152cb39533647a69d638.yaml b/nuclei-templates/cve-less/themes/college-4790b4ad8b25152cb39533647a69d638.yaml new file mode 100644 index 0000000000..a09b196240 --- /dev/null +++ b/nuclei-templates/cve-less/themes/college-4790b4ad8b25152cb39533647a69d638.yaml @@ -0,0 +1,58 @@ +id: college-4790b4ad8b25152cb39533647a69d638 + +info: + name: > + Multiple Themes (Various Versions) - Reflected Cross-Site Scripting via Search Field + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/32253923-ffec-4312-bcdf-06c5aed77d30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/college/" + google-query: inurl:"/wp-content/themes/college/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,college,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/college/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "college" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/colormag-15626a5f31201ec9a6bcc2f5d39038c5.yaml b/nuclei-templates/cve-less/themes/colormag-15626a5f31201ec9a6bcc2f5d39038c5.yaml new file mode 100644 index 0000000000..ebf61ae806 --- /dev/null +++ b/nuclei-templates/cve-less/themes/colormag-15626a5f31201ec9a6bcc2f5d39038c5.yaml @@ -0,0 +1,58 @@ +id: colormag-15626a5f31201ec9a6bcc2f5d39038c5 + +info: + name: > + ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/colormag/" + google-query: inurl:"/wp-content/themes/colormag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,colormag,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/colormag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colormag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/colormag-be833eb15318e91b50173179ef1ced63.yaml b/nuclei-templates/cve-less/themes/colormag-be833eb15318e91b50173179ef1ced63.yaml new file mode 100644 index 0000000000..1ef44a44ff --- /dev/null +++ b/nuclei-templates/cve-less/themes/colormag-be833eb15318e91b50173179ef1ced63.yaml @@ -0,0 +1,58 @@ +id: colormag-be833eb15318e91b50173179ef1ced63 + +info: + name: > + ColorMag <= 3.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a4b44d89-6f1e-4a23-91ea-e79fc3221183?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/colormag/" + google-query: inurl:"/wp-content/themes/colormag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,colormag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/colormag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colormag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/colornews-a2599bd3c91638fd59172f5a65248fdd.yaml b/nuclei-templates/cve-less/themes/colornews-a2599bd3c91638fd59172f5a65248fdd.yaml new file mode 100644 index 0000000000..cf3e3d5b8b --- /dev/null +++ b/nuclei-templates/cve-less/themes/colornews-a2599bd3c91638fd59172f5a65248fdd.yaml @@ -0,0 +1,58 @@ +id: colornews-a2599bd3c91638fd59172f5a65248fdd + +info: + name: > + ColorNews <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84c74c68-619f-4372-8abe-36c1b8eca858?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/colornews/" + google-query: inurl:"/wp-content/themes/colornews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,colornews,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/colornews/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colornews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/colorway-0b548a7717c352b81e5b3026850fe79e.yaml b/nuclei-templates/cve-less/themes/colorway-0b548a7717c352b81e5b3026850fe79e.yaml new file mode 100644 index 0000000000..f1f2f38774 --- /dev/null +++ b/nuclei-templates/cve-less/themes/colorway-0b548a7717c352b81e5b3026850fe79e.yaml @@ -0,0 +1,58 @@ +id: colorway-0b548a7717c352b81e5b3026850fe79e + +info: + name: > + ColorWay <= 4.2.3 - Cross Site Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecfa530c-a164-4215-b68a-7be81be3fd48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/colorway/" + google-query: inurl:"/wp-content/themes/colorway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,colorway,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/colorway/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colorway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/colorway-eec026409b2ce5ae4162f07361f714bc.yaml b/nuclei-templates/cve-less/themes/colorway-eec026409b2ce5ae4162f07361f714bc.yaml new file mode 100644 index 0000000000..6cbc2ca5d6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/colorway-eec026409b2ce5ae4162f07361f714bc.yaml @@ -0,0 +1,58 @@ +id: colorway-eec026409b2ce5ae4162f07361f714bc + +info: + name: > + ColorWay <= 3.4.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edd1f4f9-c0d7-4b7b-bb5e-7388e0935e32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/colorway/" + google-query: inurl:"/wp-content/themes/colorway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,colorway,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/colorway/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "colorway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/construction-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/construction-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..2e33fa89ae --- /dev/null +++ b/nuclei-templates/cve-less/themes/construction-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: construction-lite-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/construction-lite/" + google-query: inurl:"/wp-content/themes/construction-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,construction-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/construction-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "construction-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/construction-lite-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/construction-lite-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..44045d83a6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/construction-lite-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: construction-lite-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/construction-lite/" + google-query: inurl:"/wp-content/themes/construction-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,construction-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/construction-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "construction-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/cordobo-green-park-c96b02624922c50381a023e57cd89cf7.yaml b/nuclei-templates/cve-less/themes/cordobo-green-park-c96b02624922c50381a023e57cd89cf7.yaml new file mode 100644 index 0000000000..10cab6a4c4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/cordobo-green-park-c96b02624922c50381a023e57cd89cf7.yaml @@ -0,0 +1,58 @@ +id: cordobo-green-park-c96b02624922c50381a023e57cd89cf7 + +info: + name: > + Cordobo Green Park (All Versions) - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df9ad765-dc7b-4da6-951e-045274caeaae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/cordobo-green-park/" + google-query: inurl:"/wp-content/themes/cordobo-green-park/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,cordobo-green-park,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/cordobo-green-park/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cordobo-green-park" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/corsa-32eb01ee606ecc19d89dc769776b1c92.yaml b/nuclei-templates/cve-less/themes/corsa-32eb01ee606ecc19d89dc769776b1c92.yaml new file mode 100644 index 0000000000..cb06f7d62f --- /dev/null +++ b/nuclei-templates/cve-less/themes/corsa-32eb01ee606ecc19d89dc769776b1c92.yaml @@ -0,0 +1,58 @@ +id: corsa-32eb01ee606ecc19d89dc769776b1c92 + +info: + name: > + Corsa Theme <= 1.5 - Authenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6d3089d3-8ea4-47f7-bbcd-3408a099ae94?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/corsa/" + google-query: inurl:"/wp-content/themes/corsa/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,corsa,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/corsa/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "corsa" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/cosmetsy-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml b/nuclei-templates/cve-less/themes/cosmetsy-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml new file mode 100644 index 0000000000..0cce6f9836 --- /dev/null +++ b/nuclei-templates/cve-less/themes/cosmetsy-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml @@ -0,0 +1,58 @@ +id: cosmetsy-0ed3cd48ec0b8d5d59c0c2a69ba7db3d + +info: + name: > + Multiple Themes by KlbTheme <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d5036a-c756-47a6-b071-c393f8a6ce5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/cosmetsy/" + google-query: inurl:"/wp-content/themes/cosmetsy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,cosmetsy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/cosmetsy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cosmetsy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/couponis-demo-7ffc401b1ac82b8be2938971d08cc9fb.yaml b/nuclei-templates/cve-less/themes/couponis-demo-7ffc401b1ac82b8be2938971d08cc9fb.yaml new file mode 100644 index 0000000000..ab581b7734 --- /dev/null +++ b/nuclei-templates/cve-less/themes/couponis-demo-7ffc401b1ac82b8be2938971d08cc9fb.yaml @@ -0,0 +1,58 @@ +id: couponis-demo-7ffc401b1ac82b8be2938971d08cc9fb + +info: + name: > + Couponis Demo < 2.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fd67a02-b0fb-4c4f-9564-c3ee0180e79c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/couponis-demo/" + google-query: inurl:"/wp-content/themes/couponis-demo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,couponis-demo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/couponis-demo/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "couponis-demo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/cover-wp-ab5cb4980d96d0502a1385c5c51d0ea4.yaml b/nuclei-templates/cve-less/themes/cover-wp-ab5cb4980d96d0502a1385c5c51d0ea4.yaml new file mode 100644 index 0000000000..136547b7cc --- /dev/null +++ b/nuclei-templates/cve-less/themes/cover-wp-ab5cb4980d96d0502a1385c5c51d0ea4.yaml @@ -0,0 +1,58 @@ +id: cover-wp-ab5cb4980d96d0502a1385c5c51d0ea4 + +info: + name: > + Cover WP <= 1.6.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d76a807-d81d-45fc-a571-625a6ecf670b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/cover-wp/" + google-query: inurl:"/wp-content/themes/cover-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,cover-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/cover-wp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cover-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/craft-blog-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/cve-less/themes/craft-blog-4afe438c3219ba223c08f05567ce5890.yaml new file mode 100644 index 0000000000..e17212780d --- /dev/null +++ b/nuclei-templates/cve-less/themes/craft-blog-4afe438c3219ba223c08f05567ce5890.yaml @@ -0,0 +1,58 @@ +id: craft-blog-4afe438c3219ba223c08f05567ce5890 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/craft-blog/" + google-query: inurl:"/wp-content/themes/craft-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,craft-blog,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/craft-blog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "craft-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/craft-blog-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/cve-less/themes/craft-blog-57ce58b6230c68936a87b493b14f2285.yaml new file mode 100644 index 0000000000..acebc5f6fa --- /dev/null +++ b/nuclei-templates/cve-less/themes/craft-blog-57ce58b6230c68936a87b493b14f2285.yaml @@ -0,0 +1,58 @@ +id: craft-blog-57ce58b6230c68936a87b493b14f2285 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/craft-blog/" + google-query: inurl:"/wp-content/themes/craft-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,craft-blog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/craft-blog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "craft-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/cream-blog-3f03bc4b4b5619e488422c5b9dbcc730.yaml b/nuclei-templates/cve-less/themes/cream-blog-3f03bc4b4b5619e488422c5b9dbcc730.yaml new file mode 100644 index 0000000000..b32ae63dc4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/cream-blog-3f03bc4b4b5619e488422c5b9dbcc730.yaml @@ -0,0 +1,58 @@ +id: cream-blog-3f03bc4b4b5619e488422c5b9dbcc730 + +info: + name: > + Cream Blog, Fascinate, Glaze Blog Lite, & Everest News (All Versions) - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b97404f-c34d-483d-b11c-03a706306270?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/cream-blog/" + google-query: inurl:"/wp-content/themes/cream-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,cream-blog,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/cream-blog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "cream-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/customizr-019dda7346a94447f0c3df91572a74eb.yaml b/nuclei-templates/cve-less/themes/customizr-019dda7346a94447f0c3df91572a74eb.yaml new file mode 100644 index 0000000000..93bbffb4fe --- /dev/null +++ b/nuclei-templates/cve-less/themes/customizr-019dda7346a94447f0c3df91572a74eb.yaml @@ -0,0 +1,58 @@ +id: customizr-019dda7346a94447f0c3df91572a74eb + +info: + name: > + Customizr <= 4.3.0 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d9f6b600-a35a-49c2-8758-a7cc5c00e947?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/customizr/" + google-query: inurl:"/wp-content/themes/customizr/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,customizr,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/customizr/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "customizr" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/darcie-88f76b0fbecb245eab5d377f2510f527.yaml b/nuclei-templates/cve-less/themes/darcie-88f76b0fbecb245eab5d377f2510f527.yaml new file mode 100644 index 0000000000..a156f78ba3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/darcie-88f76b0fbecb245eab5d377f2510f527.yaml @@ -0,0 +1,58 @@ +id: darcie-88f76b0fbecb245eab5d377f2510f527 + +info: + name: > + Darcie <= 1.1.5 - Reflected Cross-Site Scripting via JS split + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83d162f9-32a9-4d03-845e-6fc9b8574fb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/darcie/" + google-query: inurl:"/wp-content/themes/darcie/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,darcie,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/darcie/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "darcie" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/default-mag-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/cve-less/themes/default-mag-086335e3764d29c07c7d7cc4e2750c93.yaml new file mode 100644 index 0000000000..405ef53a29 --- /dev/null +++ b/nuclei-templates/cve-less/themes/default-mag-086335e3764d29c07c7d7cc4e2750c93.yaml @@ -0,0 +1,58 @@ +id: default-mag-086335e3764d29c07c7d7cc4e2750c93 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/default-mag/" + google-query: inurl:"/wp-content/themes/default-mag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,default-mag,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/default-mag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "default-mag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/designfolio-plus-3724085b216ee48b2a3bc8286f400ae9.yaml b/nuclei-templates/cve-less/themes/designfolio-plus-3724085b216ee48b2a3bc8286f400ae9.yaml new file mode 100644 index 0000000000..9c83cc9037 --- /dev/null +++ b/nuclei-templates/cve-less/themes/designfolio-plus-3724085b216ee48b2a3bc8286f400ae9.yaml @@ -0,0 +1,58 @@ +id: designfolio-plus-3724085b216ee48b2a3bc8286f400ae9 + +info: + name: > + DesignFolio Plus Theme (Unkown Versions) - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20746c92-6e63-47dd-b0f7-9d20bdbdd9cb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/designfolio-plus/" + google-query: inurl:"/wp-content/themes/designfolio-plus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,designfolio-plus,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/designfolio-plus/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "designfolio-plus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/digital-agency-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/digital-agency-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..d3b5dd0440 --- /dev/null +++ b/nuclei-templates/cve-less/themes/digital-agency-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: digital-agency-lite-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/digital-agency-lite/" + google-query: inurl:"/wp-content/themes/digital-agency-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,digital-agency-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/digital-agency-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digital-agency-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/digital-agency-lite-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/digital-agency-lite-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..f3e57ca66f --- /dev/null +++ b/nuclei-templates/cve-less/themes/digital-agency-lite-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: digital-agency-lite-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/digital-agency-lite/" + google-query: inurl:"/wp-content/themes/digital-agency-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,digital-agency-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/digital-agency-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digital-agency-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/digital-store-f5fc5bca6e41d90a9454914bbfeeafc7.yaml b/nuclei-templates/cve-less/themes/digital-store-f5fc5bca6e41d90a9454914bbfeeafc7.yaml new file mode 100644 index 0000000000..ba95b09529 --- /dev/null +++ b/nuclei-templates/cve-less/themes/digital-store-f5fc5bca6e41d90a9454914bbfeeafc7.yaml @@ -0,0 +1,58 @@ +id: digital-store-f5fc5bca6e41d90a9454914bbfeeafc7 + +info: + name: > + Easy Digital Downloads (EDD) Digital Store < 1.3.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ee3d536-6d7b-41dc-9d63-52b9b4facf73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/digital-store/" + google-query: inurl:"/wp-content/themes/digital-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,digital-store,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/digital-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "digital-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/diplomat-c41f2615174c7d773c4d8f292dfcd2a3.yaml b/nuclei-templates/cve-less/themes/diplomat-c41f2615174c7d773c4d8f292dfcd2a3.yaml new file mode 100644 index 0000000000..1cbb1c10ff --- /dev/null +++ b/nuclei-templates/cve-less/themes/diplomat-c41f2615174c7d773c4d8f292dfcd2a3.yaml @@ -0,0 +1,58 @@ +id: diplomat-c41f2615174c7d773c4d8f292dfcd2a3 + +info: + name: > + Diplomat Theme <= 1.0.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04f37062-da7e-4c26-ab15-50dcef8ca301?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/diplomat/" + google-query: inurl:"/wp-content/themes/diplomat/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,diplomat,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/diplomat/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "diplomat" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/discy-3cce740c3da6d548d8d19689826c4cf1.yaml b/nuclei-templates/cve-less/themes/discy-3cce740c3da6d548d8d19689826c4cf1.yaml new file mode 100644 index 0000000000..fb2acc0968 --- /dev/null +++ b/nuclei-templates/cve-less/themes/discy-3cce740c3da6d548d8d19689826c4cf1.yaml @@ -0,0 +1,58 @@ +id: discy-3cce740c3da6d548d8d19689826c4cf1 + +info: + name: > + Discy - Social Questions and Answers WordPress Theme <= 4.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19f2fe7c-f702-4db6-9914-2839a62ffdd5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/discy/" + google-query: inurl:"/wp-content/themes/discy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,discy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/discy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "discy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/discy-46244fdcad0724fd77e42ba287d7514a.yaml b/nuclei-templates/cve-less/themes/discy-46244fdcad0724fd77e42ba287d7514a.yaml new file mode 100644 index 0000000000..44f76c74b0 --- /dev/null +++ b/nuclei-templates/cve-less/themes/discy-46244fdcad0724fd77e42ba287d7514a.yaml @@ -0,0 +1,58 @@ +id: discy-46244fdcad0724fd77e42ba287d7514a + +info: + name: > + Discy <= 5.1 - Cross-Site Request Forgery to Settings Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3f821d6-6a4e-4e3b-98e1-e38a34d5c8f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/discy/" + google-query: inurl:"/wp-content/themes/discy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,discy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/discy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "discy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/discy-dda12396183ee405a0b6804083230616.yaml b/nuclei-templates/cve-less/themes/discy-dda12396183ee405a0b6804083230616.yaml new file mode 100644 index 0000000000..79f3dfafd4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/discy-dda12396183ee405a0b6804083230616.yaml @@ -0,0 +1,58 @@ +id: discy-dda12396183ee405a0b6804083230616 + +info: + name: > + WPQA - Builder forms Addon For WordPress (<= 5.9.2), Himer (<= 1.9.3) and Discy (<= 5.5.3) - Authenticated (Subscriber+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/085da0fa-9487-4938-94ea-c1593be7c023?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/discy/" + google-query: inurl:"/wp-content/themes/discy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,discy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/discy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "discy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/discy-e286b3a8935bca8a0217c3e2e8d64e5c.yaml b/nuclei-templates/cve-less/themes/discy-e286b3a8935bca8a0217c3e2e8d64e5c.yaml new file mode 100644 index 0000000000..d2b9359b7e --- /dev/null +++ b/nuclei-templates/cve-less/themes/discy-e286b3a8935bca8a0217c3e2e8d64e5c.yaml @@ -0,0 +1,58 @@ +id: discy-e286b3a8935bca8a0217c3e2e8d64e5c + +info: + name: > + Discy <= 5.1 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9077bdce-31c9-4877-8bb5-db87046125cc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/discy/" + google-query: inurl:"/wp-content/themes/discy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,discy,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/discy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "discy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/divi-1ea409fe86fe5baf6c5d95a328e05b6b.yaml b/nuclei-templates/cve-less/themes/divi-1ea409fe86fe5baf6c5d95a328e05b6b.yaml new file mode 100644 index 0000000000..39545e4637 --- /dev/null +++ b/nuclei-templates/cve-less/themes/divi-1ea409fe86fe5baf6c5d95a328e05b6b.yaml @@ -0,0 +1,58 @@ +id: divi-1ea409fe86fe5baf6c5d95a328e05b6b + +info: + name: > + Divi <= 4.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c01cbc25-bdf7-4525-8c7b-194bd0aeb32b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Divi/" + google-query: inurl:"/wp-content/themes/Divi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Divi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Divi/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.20.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/divi-4f3dfe26281afe74af18534af8dcf024.yaml b/nuclei-templates/cve-less/themes/divi-4f3dfe26281afe74af18534af8dcf024.yaml new file mode 100644 index 0000000000..415c9e982b --- /dev/null +++ b/nuclei-templates/cve-less/themes/divi-4f3dfe26281afe74af18534af8dcf024.yaml @@ -0,0 +1,58 @@ +id: divi-4f3dfe26281afe74af18534af8dcf024 + +info: + name: > + Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efac70f6-d959-41f7-bdef-d554f1c9133e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Divi/" + google-query: inurl:"/wp-content/themes/Divi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Divi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Divi/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.25.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/divi-e37e5d73321c4c6eb17ee3379b565090.yaml b/nuclei-templates/cve-less/themes/divi-e37e5d73321c4c6eb17ee3379b565090.yaml new file mode 100644 index 0000000000..47c1902754 --- /dev/null +++ b/nuclei-templates/cve-less/themes/divi-e37e5d73321c4c6eb17ee3379b565090.yaml @@ -0,0 +1,58 @@ +id: divi-e37e5d73321c4c6eb17ee3379b565090 + +info: + name: > + Divi <= 4.23.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/999475c5-5f17-47fa-a0d0-47cb5a8a0eb4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Divi/" + google-query: inurl:"/wp-content/themes/Divi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Divi,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Divi/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.23.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/divi-ec458e7be91893393a96a7bb4f01d557.yaml b/nuclei-templates/cve-less/themes/divi-ec458e7be91893393a96a7bb4f01d557.yaml new file mode 100644 index 0000000000..8417124aa1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/divi-ec458e7be91893393a96a7bb4f01d557.yaml @@ -0,0 +1,58 @@ +id: divi-ec458e7be91893393a96a7bb4f01d557 + +info: + name: > + Elegant Themes (Multiple Versions) - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e03bc79-b42e-4015-8476-2b0488c71028?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Divi/" + google-query: inurl:"/wp-content/themes/Divi/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Divi,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Divi/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Divi" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/doko-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/doko-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..721e8f1e5e --- /dev/null +++ b/nuclei-templates/cve-less/themes/doko-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: doko-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/doko/" + google-query: inurl:"/wp-content/themes/doko/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,doko,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/doko/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "doko" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/doko-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/doko-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..e41538c096 --- /dev/null +++ b/nuclei-templates/cve-less/themes/doko-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: doko-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/doko/" + google-query: inurl:"/wp-content/themes/doko/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,doko,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/doko/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "doko" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.27') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/dt-the7-0086334fa92fba62187d0290e70cdbe7.yaml b/nuclei-templates/cve-less/themes/dt-the7-0086334fa92fba62187d0290e70cdbe7.yaml new file mode 100644 index 0000000000..c6e8615f30 --- /dev/null +++ b/nuclei-templates/cve-less/themes/dt-the7-0086334fa92fba62187d0290e70cdbe7.yaml @@ -0,0 +1,58 @@ +id: dt-the7-0086334fa92fba62187d0290e70cdbe7 + +info: + name: > + The7 <= 11.6.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24c67243-0452-4820-bfb4-b7ac4804aa4b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/dt-the7/" + google-query: inurl:"/wp-content/themes/dt-the7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,dt-the7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/dt-the7/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dt-the7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/dt-the7-c2a573da80f21ade51e0477e5d127224.yaml b/nuclei-templates/cve-less/themes/dt-the7-c2a573da80f21ade51e0477e5d127224.yaml new file mode 100644 index 0000000000..f8f02cc31d --- /dev/null +++ b/nuclei-templates/cve-less/themes/dt-the7-c2a573da80f21ade51e0477e5d127224.yaml @@ -0,0 +1,58 @@ +id: dt-the7-c2a573da80f21ade51e0477e5d127224 + +info: + name: > + The7 <= 11.6.0 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4f481478-5dc9-4b11-ba3e-1942882a9f43?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/dt-the7/" + google-query: inurl:"/wp-content/themes/dt-the7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,dt-the7,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/dt-the7/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "dt-the7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.6.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/easybook-17f6998fdf35be8a6349776a3309aedc.yaml b/nuclei-templates/cve-less/themes/easybook-17f6998fdf35be8a6349776a3309aedc.yaml new file mode 100644 index 0000000000..31dde68403 --- /dev/null +++ b/nuclei-templates/cve-less/themes/easybook-17f6998fdf35be8a6349776a3309aedc.yaml @@ -0,0 +1,58 @@ +id: easybook-17f6998fdf35be8a6349776a3309aedc + +info: + name: > + CTHthemes CityBook < 2.3.4, TownHub < 1.0.6, EasyBook < 1.2.2 Themes - Authenticated Post Deleition via IDOR + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08eb1d49-9928-43f8-97fc-14105e3a4a25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/easybook/" + google-query: inurl:"/wp-content/themes/easybook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,easybook,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/easybook/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easybook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/easybook-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml b/nuclei-templates/cve-less/themes/easybook-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml new file mode 100644 index 0000000000..c46bd3bae2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/easybook-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml @@ -0,0 +1,58 @@ +id: easybook-8b6ac4c7233f8f6a37118bbf7ac73ad8 + +info: + name: > + CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/788e1c5c-67a9-4b06-a2cf-15c980e83618?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/easybook/" + google-query: inurl:"/wp-content/themes/easybook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,easybook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/easybook/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easybook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/easybook-be3f332add5d9ce678efc86e37a29e03.yaml b/nuclei-templates/cve-less/themes/easybook-be3f332add5d9ce678efc86e37a29e03.yaml new file mode 100644 index 0000000000..4dac439676 --- /dev/null +++ b/nuclei-templates/cve-less/themes/easybook-be3f332add5d9ce678efc86e37a29e03.yaml @@ -0,0 +1,58 @@ +id: easybook-be3f332add5d9ce678efc86e37a29e03 + +info: + name: > + CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e292a1f-d475-4c52-b790-b5215e1870ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/easybook/" + google-query: inurl:"/wp-content/themes/easybook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,easybook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/easybook/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easybook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/easybook-f5204789b3d63c1e5dd223fef5d1ac5d.yaml b/nuclei-templates/cve-less/themes/easybook-f5204789b3d63c1e5dd223fef5d1ac5d.yaml new file mode 100644 index 0000000000..bc6bbb4a66 --- /dev/null +++ b/nuclei-templates/cve-less/themes/easybook-f5204789b3d63c1e5dd223fef5d1ac5d.yaml @@ -0,0 +1,58 @@ +id: easybook-f5204789b3d63c1e5dd223fef5d1ac5d + +info: + name: > + CTHthemes CityBook Theme < 2.3.4, TownHub Theme < 1.0.6, EasyBook Theme < 1.2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b51a7670-9fa6-4df9-bef6-c7ebe6b09c5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/easybook/" + google-query: inurl:"/wp-content/themes/easybook/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,easybook,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/easybook/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "easybook" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/edge-48efc81cbefdf18882ef324fd2ff057b.yaml b/nuclei-templates/cve-less/themes/edge-48efc81cbefdf18882ef324fd2ff057b.yaml new file mode 100644 index 0000000000..4bc486cd6f --- /dev/null +++ b/nuclei-templates/cve-less/themes/edge-48efc81cbefdf18882ef324fd2ff057b.yaml @@ -0,0 +1,58 @@ +id: edge-48efc81cbefdf18882ef324fd2ff057b + +info: + name: > + Edge <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/526c45c8-7543-4384-af80-b3798857f79d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/edge/" + google-query: inurl:"/wp-content/themes/edge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,edge,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/edge/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/edict-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/edict-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..d6dbca8ebf --- /dev/null +++ b/nuclei-templates/cve-less/themes/edict-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: edict-lite-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/edict-lite/" + google-query: inurl:"/wp-content/themes/edict-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,edict-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/edict-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edict-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/edict-lite-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/edict-lite-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..cc6521f043 --- /dev/null +++ b/nuclei-templates/cve-less/themes/edict-lite-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: edict-lite-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/edict-lite/" + google-query: inurl:"/wp-content/themes/edict-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,edict-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/edict-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "edict-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/editorialmag-3220945a9ad1b5aa7c5c294cafd443a6.yaml b/nuclei-templates/cve-less/themes/editorialmag-3220945a9ad1b5aa7c5c294cafd443a6.yaml new file mode 100644 index 0000000000..9823e1549f --- /dev/null +++ b/nuclei-templates/cve-less/themes/editorialmag-3220945a9ad1b5aa7c5c294cafd443a6.yaml @@ -0,0 +1,58 @@ +id: editorialmag-3220945a9ad1b5aa7c5c294cafd443a6 + +info: + name: > + Editorialmag <= 1.2.0 - Missing Authorization to Authenticated Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5fd470bb-d791-45dc-a743-6f03fc75f00c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/editorialmag/" + google-query: inurl:"/wp-content/themes/editorialmag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,editorialmag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/editorialmag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "editorialmag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/educenter-8b501a3e440ee475a390c14b78d1469e.yaml b/nuclei-templates/cve-less/themes/educenter-8b501a3e440ee475a390c14b78d1469e.yaml new file mode 100644 index 0000000000..4415ed8250 --- /dev/null +++ b/nuclei-templates/cve-less/themes/educenter-8b501a3e440ee475a390c14b78d1469e.yaml @@ -0,0 +1,58 @@ +id: educenter-8b501a3e440ee475a390c14b78d1469e + +info: + name: > + Educenter <= 1.5.7 - Missing Authorization via activate_plugin + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/344ad959-038a-46d1-b515-ae3473af8209?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/educenter/" + google-query: inurl:"/wp-content/themes/educenter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,educenter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/educenter/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "educenter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/eight-sec-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/eight-sec-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..7b154c43b4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/eight-sec-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: eight-sec-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/eight-sec/" + google-query: inurl:"/wp-content/themes/eight-sec/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,eight-sec,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eight-sec/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eight-sec" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/eight-sec-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/eight-sec-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..3e4d20871c --- /dev/null +++ b/nuclei-templates/cve-less/themes/eight-sec-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: eight-sec-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/eight-sec/" + google-query: inurl:"/wp-content/themes/eight-sec/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,eight-sec,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eight-sec/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eight-sec" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/eightlaw-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/eightlaw-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..8fac26de26 --- /dev/null +++ b/nuclei-templates/cve-less/themes/eightlaw-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: eightlaw-lite-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/eightlaw-lite/" + google-query: inurl:"/wp-content/themes/eightlaw-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,eightlaw-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eightlaw-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eightlaw-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/eightlaw-lite-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/eightlaw-lite-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..49ac229114 --- /dev/null +++ b/nuclei-templates/cve-less/themes/eightlaw-lite-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: eightlaw-lite-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/eightlaw-lite/" + google-query: inurl:"/wp-content/themes/eightlaw-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,eightlaw-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eightlaw-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eightlaw-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/eightmedi-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/eightmedi-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..c005b53655 --- /dev/null +++ b/nuclei-templates/cve-less/themes/eightmedi-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: eightmedi-lite-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/eightmedi-lite/" + google-query: inurl:"/wp-content/themes/eightmedi-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,eightmedi-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eightmedi-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eightmedi-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/eightmedi-lite-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/eightmedi-lite-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..5205fffe8a --- /dev/null +++ b/nuclei-templates/cve-less/themes/eightmedi-lite-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: eightmedi-lite-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/eightmedi-lite/" + google-query: inurl:"/wp-content/themes/eightmedi-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,eightmedi-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eightmedi-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eightmedi-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/eightstore-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/eightstore-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..1fdd72fd91 --- /dev/null +++ b/nuclei-templates/cve-less/themes/eightstore-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: eightstore-lite-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/eightstore-lite/" + google-query: inurl:"/wp-content/themes/eightstore-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,eightstore-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eightstore-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eightstore-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/eightstore-lite-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/eightstore-lite-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..3856634532 --- /dev/null +++ b/nuclei-templates/cve-less/themes/eightstore-lite-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: eightstore-lite-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/eightstore-lite/" + google-query: inurl:"/wp-content/themes/eightstore-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,eightstore-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/eightstore-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "eightstore-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/elegant-grunge-0aff17e28ef121a8c519ec81ffed16b1.yaml b/nuclei-templates/cve-less/themes/elegant-grunge-0aff17e28ef121a8c519ec81ffed16b1.yaml new file mode 100644 index 0000000000..65263c723e --- /dev/null +++ b/nuclei-templates/cve-less/themes/elegant-grunge-0aff17e28ef121a8c519ec81ffed16b1.yaml @@ -0,0 +1,58 @@ +id: elegant-grunge-0aff17e28ef121a8c519ec81ffed16b1 + +info: + name: > + Elegant Grunge <= 1.0.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94dd90ef-d801-4fd6-ade7-e1e7ad2e5fec?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/elegant-grunge/" + google-query: inurl:"/wp-content/themes/elegant-grunge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,elegant-grunge,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/elegant-grunge/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elegant-grunge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/elemin-7b82f3d715a6e6e5e86a24db471b8d19.yaml b/nuclei-templates/cve-less/themes/elemin-7b82f3d715a6e6e5e86a24db471b8d19.yaml new file mode 100644 index 0000000000..109f429936 --- /dev/null +++ b/nuclei-templates/cve-less/themes/elemin-7b82f3d715a6e6e5e86a24db471b8d19.yaml @@ -0,0 +1,58 @@ +id: elemin-7b82f3d715a6e6e5e86a24db471b8d19 + +info: + name: > + Elemin < 1.4.3 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea3ba0f5-6bc2-455c-b4e3-891ed6b2518c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/elemin/" + google-query: inurl:"/wp-content/themes/elemin/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,elemin,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/elemin/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elemin" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/elevate-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml b/nuclei-templates/cve-less/themes/elevate-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml new file mode 100644 index 0000000000..059bc8e41f --- /dev/null +++ b/nuclei-templates/cve-less/themes/elevate-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml @@ -0,0 +1,58 @@ +id: elevate-wp-37917ea4c5b30e9a2f479f087050ff0a + +info: + name: > + ColibriWP Theme framework <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/elevate-wp/" + google-query: inurl:"/wp-content/themes/elevate-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,elevate-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/elevate-wp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "elevate-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/emmet-lite-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/cve-less/themes/emmet-lite-086335e3764d29c07c7d7cc4e2750c93.yaml new file mode 100644 index 0000000000..e1d0d71543 --- /dev/null +++ b/nuclei-templates/cve-less/themes/emmet-lite-086335e3764d29c07c7d7cc4e2750c93.yaml @@ -0,0 +1,58 @@ +id: emmet-lite-086335e3764d29c07c7d7cc4e2750c93 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/emmet-lite/" + google-query: inurl:"/wp-content/themes/emmet-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,emmet-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/emmet-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "emmet-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/enfold-1876a4c168f4df4e89e5c4309cb04275.yaml b/nuclei-templates/cve-less/themes/enfold-1876a4c168f4df4e89e5c4309cb04275.yaml new file mode 100644 index 0000000000..af71234b10 --- /dev/null +++ b/nuclei-templates/cve-less/themes/enfold-1876a4c168f4df4e89e5c4309cb04275.yaml @@ -0,0 +1,58 @@ +id: enfold-1876a4c168f4df4e89e5c4309cb04275 + +info: + name: > + Enfold < 3.0.1 - Unspecified Vulnerability + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4f3d386-98cc-4b5a-b13f-841e812bb37f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/enfold/" + google-query: inurl:"/wp-content/themes/enfold/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,enfold,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/enfold/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enfold" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/enfold-35b352df5d14bf9606b8ec800fc7030c.yaml b/nuclei-templates/cve-less/themes/enfold-35b352df5d14bf9606b8ec800fc7030c.yaml new file mode 100644 index 0000000000..37372724de --- /dev/null +++ b/nuclei-templates/cve-less/themes/enfold-35b352df5d14bf9606b8ec800fc7030c.yaml @@ -0,0 +1,58 @@ +id: enfold-35b352df5d14bf9606b8ec800fc7030c + +info: + name: > + Enfold <= 5.6.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/100b700f-8812-48be-8a04-28f60a57b35f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/enfold/" + google-query: inurl:"/wp-content/themes/enfold/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,enfold,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/enfold/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enfold" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/enfold-ed5e4871114b7f75ca3b625c577f01e9.yaml b/nuclei-templates/cve-less/themes/enfold-ed5e4871114b7f75ca3b625c577f01e9.yaml new file mode 100644 index 0000000000..1b600cc0c4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/enfold-ed5e4871114b7f75ca3b625c577f01e9.yaml @@ -0,0 +1,58 @@ +id: enfold-ed5e4871114b7f75ca3b625c577f01e9 + +info: + name: > + Enfold - Responsive Multi-Purpose Theme < 4.8.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0793db6-5a9b-4726-935e-c8d614443611?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/enfold/" + google-query: inurl:"/wp-content/themes/enfold/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,enfold,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/enfold/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enfold" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.8.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/enlighten-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/enlighten-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..f2dd131e08 --- /dev/null +++ b/nuclei-templates/cve-less/themes/enlighten-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: enlighten-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/enlighten/" + google-query: inurl:"/wp-content/themes/enlighten/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,enlighten,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/enlighten/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enlighten" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/enlighten-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/enlighten-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..dd8cf4a69f --- /dev/null +++ b/nuclei-templates/cve-less/themes/enlighten-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: enlighten-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/enlighten/" + google-query: inurl:"/wp-content/themes/enlighten/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,enlighten,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/enlighten/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "enlighten" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/epic-church-7968590f04797f892b64c6624bb7ba86.yaml b/nuclei-templates/cve-less/themes/epic-church-7968590f04797f892b64c6624bb7ba86.yaml new file mode 100644 index 0000000000..e389eca567 --- /dev/null +++ b/nuclei-templates/cve-less/themes/epic-church-7968590f04797f892b64c6624bb7ba86.yaml @@ -0,0 +1,58 @@ +id: epic-church-7968590f04797f892b64c6624bb7ba86 + +info: + name: > + Epic Church by Organized Themes <= 3.6 - Arbitrary File Download + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2450277e-589d-4153-bd3f-ffed1a8b4340?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/epic-church/" + google-query: inurl:"/wp-content/themes/epic-church/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,epic-church,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/epic-church/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "epic-church" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/estrutura-basica-f89b8b2276b119437fe5d13da6f29ea1.yaml b/nuclei-templates/cve-less/themes/estrutura-basica-f89b8b2276b119437fe5d13da6f29ea1.yaml new file mode 100644 index 0000000000..5f88a30f86 --- /dev/null +++ b/nuclei-templates/cve-less/themes/estrutura-basica-f89b8b2276b119437fe5d13da6f29ea1.yaml @@ -0,0 +1,58 @@ +id: estrutura-basica-f89b8b2276b119437fe5d13da6f29ea1 + +info: + name: > + estrutura-basica (All Known Versions) - Path Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f980e902-820b-43e0-8334-fc70c711a126?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/estrutura-basica/" + google-query: inurl:"/wp-content/themes/estrutura-basica/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,estrutura-basica,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/estrutura-basica/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "estrutura-basica" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/everest-news-3f03bc4b4b5619e488422c5b9dbcc730.yaml b/nuclei-templates/cve-less/themes/everest-news-3f03bc4b4b5619e488422c5b9dbcc730.yaml new file mode 100644 index 0000000000..22d53ecaee --- /dev/null +++ b/nuclei-templates/cve-less/themes/everest-news-3f03bc4b4b5619e488422c5b9dbcc730.yaml @@ -0,0 +1,58 @@ +id: everest-news-3f03bc4b4b5619e488422c5b9dbcc730 + +info: + name: > + Cream Blog, Fascinate, Glaze Blog Lite, & Everest News (All Versions) - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b97404f-c34d-483d-b11c-03a706306270?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/everest-news/" + google-query: inurl:"/wp-content/themes/everest-news/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,everest-news,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/everest-news/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-news" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/everest-news-47a3d5ecf22b909cbf2d50dac0698416.yaml b/nuclei-templates/cve-less/themes/everest-news-47a3d5ecf22b909cbf2d50dac0698416.yaml new file mode 100644 index 0000000000..76784a5bd3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/everest-news-47a3d5ecf22b909cbf2d50dac0698416.yaml @@ -0,0 +1,58 @@ +id: everest-news-47a3d5ecf22b909cbf2d50dac0698416 + +info: + name: > + Everest News <= 1.1.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac96d3c5-1409-47f7-9e8e-0c35aa8199ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/everest-news/" + google-query: inurl:"/wp-content/themes/everest-news/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,everest-news,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/everest-news/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-news" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/everest-news-pro-006ac377302a554decdd04aa7ce724fd.yaml b/nuclei-templates/cve-less/themes/everest-news-pro-006ac377302a554decdd04aa7ce724fd.yaml new file mode 100644 index 0000000000..69d1a831bc --- /dev/null +++ b/nuclei-templates/cve-less/themes/everest-news-pro-006ac377302a554decdd04aa7ce724fd.yaml @@ -0,0 +1,58 @@ +id: everest-news-pro-006ac377302a554decdd04aa7ce724fd + +info: + name: > + Everest News Pro <= 1.1.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb967453-59d6-4b03-8c75-1906b99bff80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/everest-news-pro/" + google-query: inurl:"/wp-content/themes/everest-news-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,everest-news-pro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/everest-news-pro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everest-news-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/everse-161c9677e95eb847dc432eddc65db142.yaml b/nuclei-templates/cve-less/themes/everse-161c9677e95eb847dc432eddc65db142.yaml new file mode 100644 index 0000000000..f28feffc4f --- /dev/null +++ b/nuclei-templates/cve-less/themes/everse-161c9677e95eb847dc432eddc65db142.yaml @@ -0,0 +1,58 @@ +id: everse-161c9677e95eb847dc432eddc65db142 + +info: + name: > + Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8b0f14-f31a-45cd-bb98-0b717059aa80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/everse/" + google-query: inurl:"/wp-content/themes/everse/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,everse,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/everse/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "everse" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/evolve-170bc795059fb0d98227f8d8677e21e8.yaml b/nuclei-templates/cve-less/themes/evolve-170bc795059fb0d98227f8d8677e21e8.yaml new file mode 100644 index 0000000000..3500421b36 --- /dev/null +++ b/nuclei-templates/cve-less/themes/evolve-170bc795059fb0d98227f8d8677e21e8.yaml @@ -0,0 +1,58 @@ +id: evolve-170bc795059fb0d98227f8d8677e21e8 + +info: + name: > + Evolve < 1.2.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d7ea482-c45e-4a73-9e64-4d4438e197b4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/evolve/" + google-query: inurl:"/wp-content/themes/evolve/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,evolve,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/evolve/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "evolve" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/exquisite-wp-4569fe83ce2bb42a6e266298e47ccef7.yaml b/nuclei-templates/cve-less/themes/exquisite-wp-4569fe83ce2bb42a6e266298e47ccef7.yaml new file mode 100644 index 0000000000..500f776092 --- /dev/null +++ b/nuclei-templates/cve-less/themes/exquisite-wp-4569fe83ce2bb42a6e266298e47ccef7.yaml @@ -0,0 +1,58 @@ +id: exquisite-wp-4569fe83ce2bb42a6e266298e47ccef7 + +info: + name: > + Exquisite - Ultimate Newspaper Theme <= 1.3.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/238dc80f-0d82-44e2-a950-321defb2361b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/exquisite-wp/" + google-query: inurl:"/wp-content/themes/exquisite-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,exquisite-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/exquisite-wp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "exquisite-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/extra-1d46fd13f5959cf6806058064008bc68.yaml b/nuclei-templates/cve-less/themes/extra-1d46fd13f5959cf6806058064008bc68.yaml new file mode 100644 index 0000000000..8f0699d7fc --- /dev/null +++ b/nuclei-templates/cve-less/themes/extra-1d46fd13f5959cf6806058064008bc68.yaml @@ -0,0 +1,58 @@ +id: extra-1d46fd13f5959cf6806058064008bc68 + +info: + name: > + ElegantThemes <= 1.2.3 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/18b5777c-d176-4214-81ac-b92188704196?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/extra/" + google-query: inurl:"/wp-content/themes/extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/extra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/extra-4f3dfe26281afe74af18534af8dcf024.yaml b/nuclei-templates/cve-less/themes/extra-4f3dfe26281afe74af18534af8dcf024.yaml new file mode 100644 index 0000000000..1938333138 --- /dev/null +++ b/nuclei-templates/cve-less/themes/extra-4f3dfe26281afe74af18534af8dcf024.yaml @@ -0,0 +1,58 @@ +id: extra-4f3dfe26281afe74af18534af8dcf024 + +info: + name: > + Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/efac70f6-d959-41f7-bdef-d554f1c9133e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/extra/" + google-query: inurl:"/wp-content/themes/extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,extra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/extra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.25.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/extra-ec458e7be91893393a96a7bb4f01d557.yaml b/nuclei-templates/cve-less/themes/extra-ec458e7be91893393a96a7bb4f01d557.yaml new file mode 100644 index 0000000000..5c81611966 --- /dev/null +++ b/nuclei-templates/cve-less/themes/extra-ec458e7be91893393a96a7bb4f01d557.yaml @@ -0,0 +1,58 @@ +id: extra-ec458e7be91893393a96a7bb4f01d557 + +info: + name: > + Elegant Themes (Multiple Versions) - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e03bc79-b42e-4015-8476-2b0488c71028?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/extra/" + google-query: inurl:"/wp-content/themes/extra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,extra,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/extra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "extra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/f8-lite-e63ed950312b124c0d59757ed157173d.yaml b/nuclei-templates/cve-less/themes/f8-lite-e63ed950312b124c0d59757ed157173d.yaml new file mode 100644 index 0000000000..9dfcce548f --- /dev/null +++ b/nuclei-templates/cve-less/themes/f8-lite-e63ed950312b124c0d59757ed157173d.yaml @@ -0,0 +1,58 @@ +id: f8-lite-e63ed950312b124c0d59757ed157173d + +info: + name: > + F8 Lite <= 4.2.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08d18e18-b9f2-4a4d-bf9b-4a64a7881a4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/f8-lite/" + google-query: inurl:"/wp-content/themes/f8-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,f8-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/f8-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "f8-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/fascinate-3f03bc4b4b5619e488422c5b9dbcc730.yaml b/nuclei-templates/cve-less/themes/fascinate-3f03bc4b4b5619e488422c5b9dbcc730.yaml new file mode 100644 index 0000000000..e5981ce6f9 --- /dev/null +++ b/nuclei-templates/cve-less/themes/fascinate-3f03bc4b4b5619e488422c5b9dbcc730.yaml @@ -0,0 +1,58 @@ +id: fascinate-3f03bc4b4b5619e488422c5b9dbcc730 + +info: + name: > + Cream Blog, Fascinate, Glaze Blog Lite, & Everest News (All Versions) - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b97404f-c34d-483d-b11c-03a706306270?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/fascinate/" + google-query: inurl:"/wp-content/themes/fascinate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,fascinate,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fascinate/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fascinate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/financio-5f8311aafd1822576a08e6d0d9e190d6.yaml b/nuclei-templates/cve-less/themes/financio-5f8311aafd1822576a08e6d0d9e190d6.yaml new file mode 100644 index 0000000000..7f87cc7b52 --- /dev/null +++ b/nuclei-templates/cve-less/themes/financio-5f8311aafd1822576a08e6d0d9e190d6.yaml @@ -0,0 +1,58 @@ +id: financio-5f8311aafd1822576a08e6d0d9e190d6 + +info: + name: > + Financio <= 1.1.3 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ec03e35-9de7-44e8-88be-5a374edd8984?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/financio/" + google-query: inurl:"/wp-content/themes/financio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,financio,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/financio/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "financio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/fitness-park-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/cve-less/themes/fitness-park-4afe438c3219ba223c08f05567ce5890.yaml new file mode 100644 index 0000000000..db60920249 --- /dev/null +++ b/nuclei-templates/cve-less/themes/fitness-park-4afe438c3219ba223c08f05567ce5890.yaml @@ -0,0 +1,58 @@ +id: fitness-park-4afe438c3219ba223c08f05567ce5890 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/fitness-park/" + google-query: inurl:"/wp-content/themes/fitness-park/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,fitness-park,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fitness-park/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fitness-park" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/fitness-park-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/cve-less/themes/fitness-park-57ce58b6230c68936a87b493b14f2285.yaml new file mode 100644 index 0000000000..4a1172f079 --- /dev/null +++ b/nuclei-templates/cve-less/themes/fitness-park-57ce58b6230c68936a87b493b14f2285.yaml @@ -0,0 +1,58 @@ +id: fitness-park-57ce58b6230c68936a87b493b14f2285 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/fitness-park/" + google-query: inurl:"/wp-content/themes/fitness-park/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,fitness-park,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fitness-park/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fitness-park" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/flashy-8fedd556095791de1de8cc0522ea9441.yaml b/nuclei-templates/cve-less/themes/flashy-8fedd556095791de1de8cc0522ea9441.yaml new file mode 100644 index 0000000000..358a194aff --- /dev/null +++ b/nuclei-templates/cve-less/themes/flashy-8fedd556095791de1de8cc0522ea9441.yaml @@ -0,0 +1,58 @@ +id: flashy-8fedd556095791de1de8cc0522ea9441 + +info: + name: > + flashy <= 1.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78e7d0f7-b588-407b-bb3e-068589114ab0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/flashy/" + google-query: inurl:"/wp-content/themes/flashy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,flashy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/flashy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flashy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/flatsome-77106c0ccdc78c4aab3d70ea99b49ace.yaml b/nuclei-templates/cve-less/themes/flatsome-77106c0ccdc78c4aab3d70ea99b49ace.yaml new file mode 100644 index 0000000000..ae7d3a28b8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/flatsome-77106c0ccdc78c4aab3d70ea99b49ace.yaml @@ -0,0 +1,58 @@ +id: flatsome-77106c0ccdc78c4aab3d70ea99b49ace + +info: + name: > + Flatsome <= 3.16.8 - Reflected Cross-Site Scripting in UX Builder + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c6d0868-e5d6-4497-8967-6af46f4fe7d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/flatsome/" + google-query: inurl:"/wp-content/themes/flatsome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,flatsome,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/flatsome/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flatsome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.16.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/flatsome-87cfaaeceb9c0891333268e59bdaed28.yaml b/nuclei-templates/cve-less/themes/flatsome-87cfaaeceb9c0891333268e59bdaed28.yaml new file mode 100644 index 0000000000..9480dd9829 --- /dev/null +++ b/nuclei-templates/cve-less/themes/flatsome-87cfaaeceb9c0891333268e59bdaed28.yaml @@ -0,0 +1,58 @@ +id: flatsome-87cfaaeceb9c0891333268e59bdaed28 + +info: + name: > + Flatsome <= 3.17.5 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfc4863a-1b8c-4b13-9df1-18f221b40b26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/flatsome/" + google-query: inurl:"/wp-content/themes/flatsome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,flatsome,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/flatsome/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "flatsome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.17.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/focusblog-09bb804f266b350634cb031ea62ca641.yaml b/nuclei-templates/cve-less/themes/focusblog-09bb804f266b350634cb031ea62ca641.yaml new file mode 100644 index 0000000000..dd81a23cb5 --- /dev/null +++ b/nuclei-templates/cve-less/themes/focusblog-09bb804f266b350634cb031ea62ca641.yaml @@ -0,0 +1,58 @@ +id: focusblog-09bb804f266b350634cb031ea62ca641 + +info: + name: > + Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97c652c-f191-493d-9857-acaa4db8a49a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/focusblog/" + google-query: inurl:"/wp-content/themes/focusblog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,focusblog,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/focusblog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "focusblog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/focusblog-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/themes/focusblog-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..816744209b --- /dev/null +++ b/nuclei-templates/cve-less/themes/focusblog-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: focusblog-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/focusblog/" + google-query: inurl:"/wp-content/themes/focusblog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,focusblog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/focusblog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "focusblog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/foodbakery-2687b8db8bc7e715cc5827b0aedae5fd.yaml b/nuclei-templates/cve-less/themes/foodbakery-2687b8db8bc7e715cc5827b0aedae5fd.yaml new file mode 100644 index 0000000000..e519d879db --- /dev/null +++ b/nuclei-templates/cve-less/themes/foodbakery-2687b8db8bc7e715cc5827b0aedae5fd.yaml @@ -0,0 +1,58 @@ +id: foodbakery-2687b8db8bc7e715cc5827b0aedae5fd + +info: + name: > + FoodBakery | Delivery Restaurant Directory WordPress Theme <= 2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6c9e5cd4-303c-48a7-aef8-20c804aa5985?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/foodbakery/" + google-query: inurl:"/wp-content/themes/foodbakery/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,foodbakery,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/foodbakery/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "foodbakery" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/footysquare-5bf9d91713d8c35818245877f73557be.yaml b/nuclei-templates/cve-less/themes/footysquare-5bf9d91713d8c35818245877f73557be.yaml new file mode 100644 index 0000000000..06be39fc58 --- /dev/null +++ b/nuclei-templates/cve-less/themes/footysquare-5bf9d91713d8c35818245877f73557be.yaml @@ -0,0 +1,58 @@ +id: footysquare-5bf9d91713d8c35818245877f73557be + +info: + name: > + Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/footysquare/" + google-query: inurl:"/wp-content/themes/footysquare/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,footysquare,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/footysquare/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "footysquare" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/fotography-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/fotography-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..e4891449b5 --- /dev/null +++ b/nuclei-templates/cve-less/themes/fotography-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: fotography-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/fotography/" + google-query: inurl:"/wp-content/themes/fotography/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,fotography,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fotography/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fotography" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/fotography-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/fotography-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..da476920cc --- /dev/null +++ b/nuclei-templates/cve-less/themes/fotography-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: fotography-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/fotography/" + google-query: inurl:"/wp-content/themes/fotography/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,fotography,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fotography/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fotography" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/freesia-empire-81558dbfc1c686b52278115bcc212692.yaml b/nuclei-templates/cve-less/themes/freesia-empire-81558dbfc1c686b52278115bcc212692.yaml new file mode 100644 index 0000000000..db52a3eb65 --- /dev/null +++ b/nuclei-templates/cve-less/themes/freesia-empire-81558dbfc1c686b52278115bcc212692.yaml @@ -0,0 +1,58 @@ +id: freesia-empire-81558dbfc1c686b52278115bcc212692 + +info: + name: > + Freesia Empire <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a051e3-4489-4124-abf6-905b7ff7fd3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/freesia-empire/" + google-query: inurl:"/wp-content/themes/freesia-empire/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,freesia-empire,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/freesia-empire/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "freesia-empire" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/fruitful-547ae69e23e79945ee41118869bf3151.yaml b/nuclei-templates/cve-less/themes/fruitful-547ae69e23e79945ee41118869bf3151.yaml new file mode 100644 index 0000000000..5f636bf295 --- /dev/null +++ b/nuclei-templates/cve-less/themes/fruitful-547ae69e23e79945ee41118869bf3151.yaml @@ -0,0 +1,58 @@ +id: fruitful-547ae69e23e79945ee41118869bf3151 + +info: + name: > + Fruitful < 3.8.2 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/49cf047f-4e8c-4f37-b8c0-d931c02fda7c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/fruitful/" + google-query: inurl:"/wp-content/themes/fruitful/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,fruitful,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fruitful/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fruitful" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/furnob-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml b/nuclei-templates/cve-less/themes/furnob-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml new file mode 100644 index 0000000000..8018acefef --- /dev/null +++ b/nuclei-templates/cve-less/themes/furnob-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml @@ -0,0 +1,58 @@ +id: furnob-0ed3cd48ec0b8d5d59c0c2a69ba7db3d + +info: + name: > + Multiple Themes by KlbTheme <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d5036a-c756-47a6-b071-c393f8a6ce5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/furnob/" + google-query: inurl:"/wp-content/themes/furnob/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,furnob,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/furnob/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "furnob" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/fusion-delisted-50500b0da9551f89249fc057d52b16ad.yaml b/nuclei-templates/cve-less/themes/fusion-delisted-50500b0da9551f89249fc057d52b16ad.yaml new file mode 100644 index 0000000000..ce9e538a27 --- /dev/null +++ b/nuclei-templates/cve-less/themes/fusion-delisted-50500b0da9551f89249fc057d52b16ad.yaml @@ -0,0 +1,58 @@ +id: fusion-delisted-50500b0da9551f89249fc057d52b16ad + +info: + name: > + Fusion <= 3.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f286857-2fd3-4884-982f-47773f7af636?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/fusion-delisted/" + google-query: inurl:"/wp-content/themes/fusion-delisted/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,fusion-delisted,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/fusion-delisted/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "fusion-delisted" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/gameplan-d95348460c662925b6cdc57ffd4469ba.yaml b/nuclei-templates/cve-less/themes/gameplan-d95348460c662925b6cdc57ffd4469ba.yaml new file mode 100644 index 0000000000..0eb0162056 --- /dev/null +++ b/nuclei-templates/cve-less/themes/gameplan-d95348460c662925b6cdc57ffd4469ba.yaml @@ -0,0 +1,58 @@ +id: gameplan-d95348460c662925b6cdc57ffd4469ba + +info: + name: > + Gameplan - Event and Gym Fitness WordPress Theme <= 1.6.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7ac251c8-4ade-4391-aedd-f48b13045a31?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/gameplan/" + google-query: inurl:"/wp-content/themes/gameplan/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,gameplan,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/gameplan/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gameplan" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/gamestheme-999d17b4d58bf12011698692c265aa6e.yaml b/nuclei-templates/cve-less/themes/gamestheme-999d17b4d58bf12011698692c265aa6e.yaml new file mode 100644 index 0000000000..502b53b9dd --- /dev/null +++ b/nuclei-templates/cve-less/themes/gamestheme-999d17b4d58bf12011698692c265aa6e.yaml @@ -0,0 +1,58 @@ +id: gamestheme-999d17b4d58bf12011698692c265aa6e + +info: + name: > + GamesTheme <= 1.0.3 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ad47937-8125-405c-9fd3-9b3b210942fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/GamesTheme/" + google-query: inurl:"/wp-content/themes/GamesTheme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,GamesTheme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/GamesTheme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "GamesTheme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/glaze-blog-lite-3f03bc4b4b5619e488422c5b9dbcc730.yaml b/nuclei-templates/cve-less/themes/glaze-blog-lite-3f03bc4b4b5619e488422c5b9dbcc730.yaml new file mode 100644 index 0000000000..772c64c03f --- /dev/null +++ b/nuclei-templates/cve-less/themes/glaze-blog-lite-3f03bc4b4b5619e488422c5b9dbcc730.yaml @@ -0,0 +1,58 @@ +id: glaze-blog-lite-3f03bc4b4b5619e488422c5b9dbcc730 + +info: + name: > + Cream Blog, Fascinate, Glaze Blog Lite, & Everest News (All Versions) - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9b97404f-c34d-483d-b11c-03a706306270?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/glaze-blog-lite/" + google-query: inurl:"/wp-content/themes/glaze-blog-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,glaze-blog-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/glaze-blog-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "glaze-blog-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/goodnex-43e8debd4c3b7f8c8ab3ef6be25475c7.yaml b/nuclei-templates/cve-less/themes/goodnex-43e8debd4c3b7f8c8ab3ef6be25475c7.yaml new file mode 100644 index 0000000000..0d921cc3e3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/goodnex-43e8debd4c3b7f8c8ab3ef6be25475c7.yaml @@ -0,0 +1,58 @@ +id: goodnex-43e8debd4c3b7f8c8ab3ef6be25475c7 + +info: + name: > + Goodnex Responsive HTML5/CSS3 Site Template < 1.1.3 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf658b2c-9c98-47af-abfc-9689cdbfcda3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/goodnex/" + google-query: inurl:"/wp-content/themes/goodnex/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,goodnex,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/goodnex/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "goodnex" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/goto-442aecad9b46601423fcf0fe82256c7f.yaml b/nuclei-templates/cve-less/themes/goto-442aecad9b46601423fcf0fe82256c7f.yaml new file mode 100644 index 0000000000..f721f5ee3e --- /dev/null +++ b/nuclei-templates/cve-less/themes/goto-442aecad9b46601423fcf0fe82256c7f.yaml @@ -0,0 +1,58 @@ +id: goto-442aecad9b46601423fcf0fe82256c7f + +info: + name: > + Goto - Tour & Travel WordPress Theme < 2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/82c3c97d-f9dd-4667-a1a8-94cf12947618?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/goto/" + google-query: inurl:"/wp-content/themes/goto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,goto,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/goto/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "goto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/goto-4847183a2bd6b773eb419ec6d2799ae7.yaml b/nuclei-templates/cve-less/themes/goto-4847183a2bd6b773eb419ec6d2799ae7.yaml new file mode 100644 index 0000000000..712e534a3f --- /dev/null +++ b/nuclei-templates/cve-less/themes/goto-4847183a2bd6b773eb419ec6d2799ae7.yaml @@ -0,0 +1,58 @@ +id: goto-4847183a2bd6b773eb419ec6d2799ae7 + +info: + name: > + Goto - Tour & Travel WordPress Theme < 2.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b2eb0e8-98b6-4a97-9825-0be4032b5d4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/goto/" + google-query: inurl:"/wp-content/themes/goto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,goto,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/goto/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "goto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/goto-e8d662d192f7e80a8946662a46a27738.yaml b/nuclei-templates/cve-less/themes/goto-e8d662d192f7e80a8946662a46a27738.yaml new file mode 100644 index 0000000000..4e4ae3bb0c --- /dev/null +++ b/nuclei-templates/cve-less/themes/goto-e8d662d192f7e80a8946662a46a27738.yaml @@ -0,0 +1,58 @@ +id: goto-e8d662d192f7e80a8946662a46a27738 + +info: + name: > + Goto - Tour & Travel WordPress Theme < 2.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59ada382-5559-49a5-84ea-69201d185829?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/goto/" + google-query: inurl:"/wp-content/themes/goto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,goto,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/goto/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "goto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/graphene-3f304f35d6ee539a7dae259777309bd7.yaml b/nuclei-templates/cve-less/themes/graphene-3f304f35d6ee539a7dae259777309bd7.yaml new file mode 100644 index 0000000000..50154bdd1b --- /dev/null +++ b/nuclei-templates/cve-less/themes/graphene-3f304f35d6ee539a7dae259777309bd7.yaml @@ -0,0 +1,58 @@ +id: graphene-3f304f35d6ee539a7dae259777309bd7 + +info: + name: > + Graphene <= 2.9.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e2f19051-fe80-469c-a514-ec3a848a4015?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/graphene/" + google-query: inurl:"/wp-content/themes/graphene/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,graphene,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/graphene/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "graphene" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/greenmart-b4cada853b7b3a733e2f6bbdfd522497.yaml b/nuclei-templates/cve-less/themes/greenmart-b4cada853b7b3a733e2f6bbdfd522497.yaml new file mode 100644 index 0000000000..6cce5e82c6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/greenmart-b4cada853b7b3a733e2f6bbdfd522497.yaml @@ -0,0 +1,58 @@ +id: greenmart-b4cada853b7b3a733e2f6bbdfd522497 + +info: + name: > + GreenMart – Organic & Food WooCommerce WordPress Theme < 2.4.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a2f60a9-c061-4ef9-a582-c82eb1311e5a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/greenmart/" + google-query: inurl:"/wp-content/themes/greenmart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,greenmart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/greenmart/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "greenmart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/gucherry-blog-48870272d1c6df07d927cc89f91930ec.yaml b/nuclei-templates/cve-less/themes/gucherry-blog-48870272d1c6df07d927cc89f91930ec.yaml new file mode 100644 index 0000000000..645f0045dc --- /dev/null +++ b/nuclei-templates/cve-less/themes/gucherry-blog-48870272d1c6df07d927cc89f91930ec.yaml @@ -0,0 +1,58 @@ +id: gucherry-blog-48870272d1c6df07d927cc89f91930ec + +info: + name: > + GuCherry Blog <= 1.1.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a01ed06-4b48-4958-9990-469bf43d3e00?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/gucherry-blog/" + google-query: inurl:"/wp-content/themes/gucherry-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,gucherry-blog,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/gucherry-blog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "gucherry-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/happenstance-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/cve-less/themes/happenstance-086335e3764d29c07c7d7cc4e2750c93.yaml new file mode 100644 index 0000000000..a341afb943 --- /dev/null +++ b/nuclei-templates/cve-less/themes/happenstance-086335e3764d29c07c7d7cc4e2750c93.yaml @@ -0,0 +1,58 @@ +id: happenstance-086335e3764d29c07c7d7cc4e2750c93 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/happenstance/" + google-query: inurl:"/wp-content/themes/happenstance/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,happenstance,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/happenstance/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "happenstance" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/hashone-06cd0f178ae533c7b94126d052d17b3f.yaml b/nuclei-templates/cve-less/themes/hashone-06cd0f178ae533c7b94126d052d17b3f.yaml new file mode 100644 index 0000000000..79593b62f8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/hashone-06cd0f178ae533c7b94126d052d17b3f.yaml @@ -0,0 +1,58 @@ +id: hashone-06cd0f178ae533c7b94126d052d17b3f + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3543a39-ad88-40be-93b8-36ec638db4bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/hashone/" + google-query: inurl:"/wp-content/themes/hashone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,hashone,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/hashone/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hashone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/hashone-d566c0816c38ea6ca24760850c1eaf4a.yaml b/nuclei-templates/cve-less/themes/hashone-d566c0816c38ea6ca24760850c1eaf4a.yaml new file mode 100644 index 0000000000..dc980f7fb1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/hashone-d566c0816c38ea6ca24760850c1eaf4a.yaml @@ -0,0 +1,58 @@ +id: hashone-d566c0816c38ea6ca24760850c1eaf4a + +info: + name: > + Multiple Themes (Various Versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/154a838c-f8bb-4568-b066-a78264c75eea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/hashone/" + google-query: inurl:"/wp-content/themes/hashone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,hashone,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/hashone/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hashone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/headway-27ec034aba5d4951c82cebc35f1cf5b5.yaml b/nuclei-templates/cve-less/themes/headway-27ec034aba5d4951c82cebc35f1cf5b5.yaml new file mode 100644 index 0000000000..1c929048d4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/headway-27ec034aba5d4951c82cebc35f1cf5b5.yaml @@ -0,0 +1,58 @@ +id: headway-27ec034aba5d4951c82cebc35f1cf5b5 + +info: + name: > + Headway < 3.8.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/77fdfb42-6540-43be-be5c-63dd6e1a34d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/headway/" + google-query: inurl:"/wp-content/themes/headway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,headway,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/headway/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "headway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.8.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/hello-elementor-5aee783cc8ced806fe0ecf20e182e607.yaml b/nuclei-templates/cve-less/themes/hello-elementor-5aee783cc8ced806fe0ecf20e182e607.yaml new file mode 100644 index 0000000000..7b7b8da74e --- /dev/null +++ b/nuclei-templates/cve-less/themes/hello-elementor-5aee783cc8ced806fe0ecf20e182e607.yaml @@ -0,0 +1,58 @@ +id: hello-elementor-5aee783cc8ced806fe0ecf20e182e607 + +info: + name: > + Hello Elementor <= 3.0.0 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3092a92-db5b-4e22-b4cf-43b773c7eb48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/hello-elementor/" + google-query: inurl:"/wp-content/themes/hello-elementor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,hello-elementor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/hello-elementor/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hello-elementor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/himer-dda12396183ee405a0b6804083230616.yaml b/nuclei-templates/cve-less/themes/himer-dda12396183ee405a0b6804083230616.yaml new file mode 100644 index 0000000000..acc6832a8c --- /dev/null +++ b/nuclei-templates/cve-less/themes/himer-dda12396183ee405a0b6804083230616.yaml @@ -0,0 +1,58 @@ +id: himer-dda12396183ee405a0b6804083230616 + +info: + name: > + WPQA - Builder forms Addon For WordPress (<= 5.9.2), Himer (<= 1.9.3) and Discy (<= 5.5.3) - Authenticated (Subscriber+) Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/085da0fa-9487-4938-94ea-c1593be7c023?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/himer/" + google-query: inurl:"/wp-content/themes/himer/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,himer,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/himer/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "himer" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/holding_pattern-5970a067cb1dc2fa3e954c8bf2cf2b8e.yaml b/nuclei-templates/cve-less/themes/holding_pattern-5970a067cb1dc2fa3e954c8bf2cf2b8e.yaml new file mode 100644 index 0000000000..4d9423e768 --- /dev/null +++ b/nuclei-templates/cve-less/themes/holding_pattern-5970a067cb1dc2fa3e954c8bf2cf2b8e.yaml @@ -0,0 +1,58 @@ +id: holding_pattern-5970a067cb1dc2fa3e954c8bf2cf2b8e + +info: + name: > + Holding Pattern <= 0.6 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/15fecefa-f1f1-47f3-8ad7-ec7772ecafc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/holding_pattern/" + google-query: inurl:"/wp-content/themes/holding_pattern/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,holding_pattern,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/holding_pattern/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "holding_pattern" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/houzez-7f368981191f0cf6c7a56557a4488185.yaml b/nuclei-templates/cve-less/themes/houzez-7f368981191f0cf6c7a56557a4488185.yaml new file mode 100644 index 0000000000..202e726f1d --- /dev/null +++ b/nuclei-templates/cve-less/themes/houzez-7f368981191f0cf6c7a56557a4488185.yaml @@ -0,0 +1,58 @@ +id: houzez-7f368981191f0cf6c7a56557a4488185 + +info: + name: > + Houzez <= 2.8.2 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64087631-3514-4fec-ad2f-b095d7c727bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/houzez/" + google-query: inurl:"/wp-content/themes/houzez/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,houzez,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/houzez/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "houzez" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.8.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/houzez-a707f28c337bd9658c006013182d7d8f.yaml b/nuclei-templates/cve-less/themes/houzez-a707f28c337bd9658c006013182d7d8f.yaml new file mode 100644 index 0000000000..bf471496c9 --- /dev/null +++ b/nuclei-templates/cve-less/themes/houzez-a707f28c337bd9658c006013182d7d8f.yaml @@ -0,0 +1,58 @@ +id: houzez-a707f28c337bd9658c006013182d7d8f + +info: + name: > + Houzez <= 2.7.1 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0578f4d1-5953-4fbe-8bc3-0569bee57a1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/houzez/" + google-query: inurl:"/wp-content/themes/houzez/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,houzez,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/houzez/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "houzez" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/hueman-59b839d07dc6fe1d9770afd5dab3f742.yaml b/nuclei-templates/cve-less/themes/hueman-59b839d07dc6fe1d9770afd5dab3f742.yaml new file mode 100644 index 0000000000..b785ceef6d --- /dev/null +++ b/nuclei-templates/cve-less/themes/hueman-59b839d07dc6fe1d9770afd5dab3f742.yaml @@ -0,0 +1,58 @@ +id: hueman-59b839d07dc6fe1d9770afd5dab3f742 + +info: + name: > + Hueman <= 3.6.3 - Cross-Site Request Forgery Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d54b4dc9-8590-433c-873a-efb49e2e79cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/hueman/" + google-query: inurl:"/wp-content/themes/hueman/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,hueman,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/hueman/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hueman" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/hugo-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml b/nuclei-templates/cve-less/themes/hugo-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml new file mode 100644 index 0000000000..45cbf6be99 --- /dev/null +++ b/nuclei-templates/cve-less/themes/hugo-wp-37917ea4c5b30e9a2f479f087050ff0a.yaml @@ -0,0 +1,58 @@ +id: hugo-wp-37917ea4c5b30e9a2f479f087050ff0a + +info: + name: > + ColibriWP Theme framework <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/hugo-wp/" + google-query: inurl:"/wp-content/themes/hugo-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,hugo-wp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/hugo-wp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hugo-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/hybrid-e0526e94c953cbf63946457c72f3fcad.yaml b/nuclei-templates/cve-less/themes/hybrid-e0526e94c953cbf63946457c72f3fcad.yaml new file mode 100644 index 0000000000..c533b62bfe --- /dev/null +++ b/nuclei-templates/cve-less/themes/hybrid-e0526e94c953cbf63946457c72f3fcad.yaml @@ -0,0 +1,58 @@ +id: hybrid-e0526e94c953cbf63946457c72f3fcad + +info: + name: > + Hybrid < 0.10 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48e30af6-d28c-4547-aef9-d216064c9829?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/hybrid/" + google-query: inurl:"/wp-content/themes/hybrid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,hybrid,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/hybrid/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "hybrid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.10') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/i-excel-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/cve-less/themes/i-excel-086335e3764d29c07c7d7cc4e2750c93.yaml new file mode 100644 index 0000000000..a783935af1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/i-excel-086335e3764d29c07c7d7cc4e2750c93.yaml @@ -0,0 +1,58 @@ +id: i-excel-086335e3764d29c07c7d7cc4e2750c93 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/i-excel/" + google-query: inurl:"/wp-content/themes/i-excel/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,i-excel,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/i-excel/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "i-excel" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/i-max-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/cve-less/themes/i-max-086335e3764d29c07c7d7cc4e2750c93.yaml new file mode 100644 index 0000000000..082b54265f --- /dev/null +++ b/nuclei-templates/cve-less/themes/i-max-086335e3764d29c07c7d7cc4e2750c93.yaml @@ -0,0 +1,58 @@ +id: i-max-086335e3764d29c07c7d7cc4e2750c93 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/i-max/" + google-query: inurl:"/wp-content/themes/i-max/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,i-max,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/i-max/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "i-max" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/ignition-09bb804f266b350634cb031ea62ca641.yaml b/nuclei-templates/cve-less/themes/ignition-09bb804f266b350634cb031ea62ca641.yaml new file mode 100644 index 0000000000..106ad7d41d --- /dev/null +++ b/nuclei-templates/cve-less/themes/ignition-09bb804f266b350634cb031ea62ca641.yaml @@ -0,0 +1,58 @@ +id: ignition-09bb804f266b350634cb031ea62ca641 + +info: + name: > + Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97c652c-f191-493d-9857-acaa4db8a49a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/ignition/" + google-query: inurl:"/wp-content/themes/ignition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,ignition,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ignition/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ignition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/ignition-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/themes/ignition-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..4c405a8437 --- /dev/null +++ b/nuclei-templates/cve-less/themes/ignition-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: ignition-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/ignition/" + google-query: inurl:"/wp-content/themes/ignition/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,ignition,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ignition/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ignition" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/illdy-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/illdy-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..7a034a7039 --- /dev/null +++ b/nuclei-templates/cve-less/themes/illdy-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: illdy-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/illdy/" + google-query: inurl:"/wp-content/themes/illdy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,illdy,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/illdy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "illdy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/intrace-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml b/nuclei-templates/cve-less/themes/intrace-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml new file mode 100644 index 0000000000..3f2308e275 --- /dev/null +++ b/nuclei-templates/cve-less/themes/intrace-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml @@ -0,0 +1,58 @@ +id: intrace-0eadfcaa632fa9ba5901b3c6b61b28a7 + +info: + name: > + Multiple Themes by jegstudio <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edb34ad0-352e-462e-a7f1-64a804a760ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/intrace/" + google-query: inurl:"/wp-content/themes/intrace/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,intrace,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/intrace/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "intrace" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/intrepidity-a725115e3c0edf17f7d3885d6b810646.yaml b/nuclei-templates/cve-less/themes/intrepidity-a725115e3c0edf17f7d3885d6b810646.yaml new file mode 100644 index 0000000000..b1c0b5ba84 --- /dev/null +++ b/nuclei-templates/cve-less/themes/intrepidity-a725115e3c0edf17f7d3885d6b810646.yaml @@ -0,0 +1,58 @@ +id: intrepidity-a725115e3c0edf17f7d3885d6b810646 + +info: + name: > + Intrepidity <= 1.5.1 - Cross-Site Request Forgery via mytheme_add_admin + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01cc613a-d0b5-4c8f-8961-8f8aaf63b8ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/intrepidity/" + google-query: inurl:"/wp-content/themes/intrepidity/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,intrepidity,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/intrepidity/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "intrepidity" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/invento-632fa81c7cda7a0da5783abd37b66f4c.yaml b/nuclei-templates/cve-less/themes/invento-632fa81c7cda7a0da5783abd37b66f4c.yaml new file mode 100644 index 0000000000..fd615a2e88 --- /dev/null +++ b/nuclei-templates/cve-less/themes/invento-632fa81c7cda7a0da5783abd37b66f4c.yaml @@ -0,0 +1,58 @@ +id: invento-632fa81c7cda7a0da5783abd37b66f4c + +info: + name: > + Invento | Architecture Building Agency Template <= 2015-05-15 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aaf38354-f95a-4bc5-a63e-3774eadf4fcb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/invento/" + google-query: inurl:"/wp-content/themes/invento/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,invento,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/invento/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "invento" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2015-05-15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/ithemes-mobile-fa869fa1b9881b5f13b3949335d2518c.yaml b/nuclei-templates/cve-less/themes/ithemes-mobile-fa869fa1b9881b5f13b3949335d2518c.yaml new file mode 100644 index 0000000000..ed4e628606 --- /dev/null +++ b/nuclei-templates/cve-less/themes/ithemes-mobile-fa869fa1b9881b5f13b3949335d2518c.yaml @@ -0,0 +1,58 @@ +id: ithemes-mobile-fa869fa1b9881b5f13b3949335d2518c + +info: + name: > + iThemes Mobile < 1.2.8 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64ccf609-5cdf-4f05-ad83-4fb7aa475ba5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/ithemes-mobile/" + google-query: inurl:"/wp-content/themes/ithemes-mobile/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,ithemes-mobile,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ithemes-mobile/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ithemes-mobile" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/jannah-073caac98b397aafa1ef62965d38c4a4.yaml b/nuclei-templates/cve-less/themes/jannah-073caac98b397aafa1ef62965d38c4a4.yaml new file mode 100644 index 0000000000..fdc451b670 --- /dev/null +++ b/nuclei-templates/cve-less/themes/jannah-073caac98b397aafa1ef62965d38c4a4.yaml @@ -0,0 +1,58 @@ +id: jannah-073caac98b397aafa1ef62965d38c4a4 + +info: + name: > + Jannah <= 5.4.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40494f1e-d5df-4ed0-b107-aa52cb28bc0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/jannah/" + google-query: inurl:"/wp-content/themes/jannah/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,jannah,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/jannah/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jannah" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/jannah-6edf86dbe6ca8c2373758418bafd3a5c.yaml b/nuclei-templates/cve-less/themes/jannah-6edf86dbe6ca8c2373758418bafd3a5c.yaml new file mode 100644 index 0000000000..3c4d9d17a3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/jannah-6edf86dbe6ca8c2373758418bafd3a5c.yaml @@ -0,0 +1,58 @@ +id: jannah-6edf86dbe6ca8c2373758418bafd3a5c + +info: + name: > + Jannah - Newspaper Magazine News BuddyPress AMP < 5.4.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b04ea62-8e6b-4876-a9f8-7bc342e837f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/jannah/" + google-query: inurl:"/wp-content/themes/jannah/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,jannah,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/jannah/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jannah" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/jnews-9eec149d26b5525f47c83e62d5178cba.yaml b/nuclei-templates/cve-less/themes/jnews-9eec149d26b5525f47c83e62d5178cba.yaml new file mode 100644 index 0000000000..08d8a7f812 --- /dev/null +++ b/nuclei-templates/cve-less/themes/jnews-9eec149d26b5525f47c83e62d5178cba.yaml @@ -0,0 +1,58 @@ +id: jnews-9eec149d26b5525f47c83e62d5178cba + +info: + name: > + JNews - WordPress Newspaper Magazine Blog AMP Theme < 8.0.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/400d31ba-2cef-4558-8983-6689f7e4b93c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/jnews/" + google-query: inurl:"/wp-content/themes/jnews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,jnews,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/jnews/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jnews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 8.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/jobeleon-wpjobboard-d4c3b2bb6cecd391eb07e1531f6f5e45.yaml b/nuclei-templates/cve-less/themes/jobeleon-wpjobboard-d4c3b2bb6cecd391eb07e1531f6f5e45.yaml new file mode 100644 index 0000000000..c951139966 --- /dev/null +++ b/nuclei-templates/cve-less/themes/jobeleon-wpjobboard-d4c3b2bb6cecd391eb07e1531f6f5e45.yaml @@ -0,0 +1,58 @@ +id: jobeleon-wpjobboard-d4c3b2bb6cecd391eb07e1531f6f5e45 + +info: + name: > + Jobeleon Theme <= 1.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fef2f3fd-d6a3-4cb5-af5f-3fad8a67ca9c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/jobeleon-wpjobboard/" + google-query: inurl:"/wp-content/themes/jobeleon-wpjobboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,jobeleon-wpjobboard,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/jobeleon-wpjobboard/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jobeleon-wpjobboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/jupiter-25e01eb0a9bc2abfaf531fab30be9b46.yaml b/nuclei-templates/cve-less/themes/jupiter-25e01eb0a9bc2abfaf531fab30be9b46.yaml new file mode 100644 index 0000000000..680861c549 --- /dev/null +++ b/nuclei-templates/cve-less/themes/jupiter-25e01eb0a9bc2abfaf531fab30be9b46.yaml @@ -0,0 +1,58 @@ +id: jupiter-25e01eb0a9bc2abfaf531fab30be9b46 + +info: + name: > + JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/089cde8a-2896-4e4c-90c1-30605ccc919d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/jupiter/" + google-query: inurl:"/wp-content/themes/jupiter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,jupiter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/jupiter/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/jupiter-2fbd93f620678f9df8d36f97616c7078.yaml b/nuclei-templates/cve-less/themes/jupiter-2fbd93f620678f9df8d36f97616c7078.yaml new file mode 100644 index 0000000000..9e2d1827a1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/jupiter-2fbd93f620678f9df8d36f97616c7078.yaml @@ -0,0 +1,58 @@ +id: jupiter-2fbd93f620678f9df8d36f97616c7078 + +info: + name: > + Jupiter Theme <= 6.10.1 - Authenticated Arbitrary Plugin Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab870fc4-1651-414e-8702-cbe9829a4e75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/jupiter/" + google-query: inurl:"/wp-content/themes/jupiter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,jupiter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/jupiter/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/jupiter-f3750481cefda659186282ffd61f21aa.yaml b/nuclei-templates/cve-less/themes/jupiter-f3750481cefda659186282ffd61f21aa.yaml new file mode 100644 index 0000000000..b13adcc1f0 --- /dev/null +++ b/nuclei-templates/cve-less/themes/jupiter-f3750481cefda659186282ffd61f21aa.yaml @@ -0,0 +1,58 @@ +id: jupiter-f3750481cefda659186282ffd61f21aa + +info: + name: > + Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b54f38b6-5f98-469c-802a-a4c1e1f2ab0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/jupiter/" + google-query: inurl:"/wp-content/themes/jupiter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,jupiter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/jupiter/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.10.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/jupiterx-0fb4e97ee7da5e51631d72f53857a9d4.yaml b/nuclei-templates/cve-less/themes/jupiterx-0fb4e97ee7da5e51631d72f53857a9d4.yaml new file mode 100644 index 0000000000..02849c9248 --- /dev/null +++ b/nuclei-templates/cve-less/themes/jupiterx-0fb4e97ee7da5e51631d72f53857a9d4.yaml @@ -0,0 +1,58 @@ +id: jupiterx-0fb4e97ee7da5e51631d72f53857a9d4 + +info: + name: > + JupiterX Theme <= 2.0.6 and JupiterX Core <= 2.0.6 - Authenticated Arbitrary Plugin Deactivation and Settings Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/147b7be2-8bbe-4e95-bfcb-1c4ff8a41a3b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/jupiterx/" + google-query: inurl:"/wp-content/themes/jupiterx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,jupiterx,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/jupiterx/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/jupiterx-25e01eb0a9bc2abfaf531fab30be9b46.yaml b/nuclei-templates/cve-less/themes/jupiterx-25e01eb0a9bc2abfaf531fab30be9b46.yaml new file mode 100644 index 0000000000..0bd61cbdfd --- /dev/null +++ b/nuclei-templates/cve-less/themes/jupiterx-25e01eb0a9bc2abfaf531fab30be9b46.yaml @@ -0,0 +1,58 @@ +id: jupiterx-25e01eb0a9bc2abfaf531fab30be9b46 + +info: + name: > + JupiterX Theme <= 2.0.6 and Jupiter Theme <= 6.10.1 - Authenticated Path Traversal and Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/089cde8a-2896-4e4c-90c1-30605ccc919d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/jupiterx/" + google-query: inurl:"/wp-content/themes/jupiterx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,jupiterx,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/jupiterx/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/jupiterx-427edef992d7f7fdd62c26fd579e2341.yaml b/nuclei-templates/cve-less/themes/jupiterx-427edef992d7f7fdd62c26fd579e2341.yaml new file mode 100644 index 0000000000..512e230a22 --- /dev/null +++ b/nuclei-templates/cve-less/themes/jupiterx-427edef992d7f7fdd62c26fd579e2341.yaml @@ -0,0 +1,58 @@ +id: jupiterx-427edef992d7f7fdd62c26fd579e2341 + +info: + name: > + JupiterX Theme <= 3.0.0 - Authenticated Local File Inclusion via print_pane + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5abb538-9e69-485e-9389-90a2422510ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/jupiterx/" + google-query: inurl:"/wp-content/themes/jupiterx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,jupiterx,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/jupiterx/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "jupiterx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/kathmag-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/cve-less/themes/kathmag-4afe438c3219ba223c08f05567ce5890.yaml new file mode 100644 index 0000000000..0fdc30a0f8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/kathmag-4afe438c3219ba223c08f05567ce5890.yaml @@ -0,0 +1,58 @@ +id: kathmag-4afe438c3219ba223c08f05567ce5890 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/kathmag/" + google-query: inurl:"/wp-content/themes/kathmag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,kathmag,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/kathmag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kathmag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/kathmag-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/cve-less/themes/kathmag-57ce58b6230c68936a87b493b14f2285.yaml new file mode 100644 index 0000000000..5fb056f849 --- /dev/null +++ b/nuclei-templates/cve-less/themes/kathmag-57ce58b6230c68936a87b493b14f2285.yaml @@ -0,0 +1,58 @@ +id: kathmag-57ce58b6230c68936a87b493b14f2285 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/kathmag/" + google-query: inurl:"/wp-content/themes/kathmag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,kathmag,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/kathmag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kathmag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/kingcabs-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/cve-less/themes/kingcabs-4afe438c3219ba223c08f05567ce5890.yaml new file mode 100644 index 0000000000..52fcc21c88 --- /dev/null +++ b/nuclei-templates/cve-less/themes/kingcabs-4afe438c3219ba223c08f05567ce5890.yaml @@ -0,0 +1,58 @@ +id: kingcabs-4afe438c3219ba223c08f05567ce5890 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/kingcabs/" + google-query: inurl:"/wp-content/themes/kingcabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,kingcabs,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/kingcabs/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingcabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/kingcabs-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/cve-less/themes/kingcabs-57ce58b6230c68936a87b493b14f2285.yaml new file mode 100644 index 0000000000..faea2d5ab2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/kingcabs-57ce58b6230c68936a87b493b14f2285.yaml @@ -0,0 +1,58 @@ +id: kingcabs-57ce58b6230c68936a87b493b14f2285 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/kingcabs/" + google-query: inurl:"/wp-content/themes/kingcabs/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,kingcabs,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/kingcabs/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingcabs" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/kingclub-theme-5bf9d91713d8c35818245877f73557be.yaml b/nuclei-templates/cve-less/themes/kingclub-theme-5bf9d91713d8c35818245877f73557be.yaml new file mode 100644 index 0000000000..f359a3ca17 --- /dev/null +++ b/nuclei-templates/cve-less/themes/kingclub-theme-5bf9d91713d8c35818245877f73557be.yaml @@ -0,0 +1,58 @@ +id: kingclub-theme-5bf9d91713d8c35818245877f73557be + +info: + name: > + Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/kingclub-theme/" + google-query: inurl:"/wp-content/themes/kingclub-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,kingclub-theme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/kingclub-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "kingclub-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/lattice-a3693c90a0060afc06ae1758aa95f75e.yaml b/nuclei-templates/cve-less/themes/lattice-a3693c90a0060afc06ae1758aa95f75e.yaml new file mode 100644 index 0000000000..d5012d295e --- /dev/null +++ b/nuclei-templates/cve-less/themes/lattice-a3693c90a0060afc06ae1758aa95f75e.yaml @@ -0,0 +1,58 @@ +id: lattice-a3693c90a0060afc06ae1758aa95f75e + +info: + name: > + Lattice < 1.1.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/74e25ef2-ca4d-416e-8a9b-2ed09a93d1aa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/lattice/" + google-query: inurl:"/wp-content/themes/lattice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,lattice,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/lattice/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lattice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/lightning-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/cve-less/themes/lightning-086335e3764d29c07c7d7cc4e2750c93.yaml new file mode 100644 index 0000000000..622a631829 --- /dev/null +++ b/nuclei-templates/cve-less/themes/lightning-086335e3764d29c07c7d7cc4e2750c93.yaml @@ -0,0 +1,58 @@ +id: lightning-086335e3764d29c07c7d7cc4e2750c93 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/lightning/" + google-query: inurl:"/wp-content/themes/lightning/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,lightning,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/lightning/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "lightning" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 15.19.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/listeo-27a371efed383b3d1ada42fe51a20c93.yaml b/nuclei-templates/cve-less/themes/listeo-27a371efed383b3d1ada42fe51a20c93.yaml new file mode 100644 index 0000000000..83491a795f --- /dev/null +++ b/nuclei-templates/cve-less/themes/listeo-27a371efed383b3d1ada42fe51a20c93.yaml @@ -0,0 +1,58 @@ +id: listeo-27a371efed383b3d1ada42fe51a20c93 + +info: + name: > + Listeo - Directory & Listings With Booking - WordPress Theme < 1.6.11 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8b019499-8edf-4921-9612-12d39c2e8e85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/listeo/" + google-query: inurl:"/wp-content/themes/listeo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,listeo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/listeo/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "listeo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/listeo-328e4f3efad73259f1eb9967e17030cd.yaml b/nuclei-templates/cve-less/themes/listeo-328e4f3efad73259f1eb9967e17030cd.yaml new file mode 100644 index 0000000000..5ad04e72a4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/listeo-328e4f3efad73259f1eb9967e17030cd.yaml @@ -0,0 +1,58 @@ +id: listeo-328e4f3efad73259f1eb9967e17030cd + +info: + name: > + Listeo - Directory & Listings With Booking - WordPress Theme < 1.6.11 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd22eaa1-e76d-4192-8d08-9bb984b08439?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/listeo/" + google-query: inurl:"/wp-content/themes/listeo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,listeo,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/listeo/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "listeo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/listingo-fa1aa4f0aefa698e79145595ae3e2cba.yaml b/nuclei-templates/cve-less/themes/listingo-fa1aa4f0aefa698e79145595ae3e2cba.yaml new file mode 100644 index 0000000000..b07bac550a --- /dev/null +++ b/nuclei-templates/cve-less/themes/listingo-fa1aa4f0aefa698e79145595ae3e2cba.yaml @@ -0,0 +1,58 @@ +id: listingo-fa1aa4f0aefa698e79145595ae3e2cba + +info: + name: > + Listingo <= 3.2.5 - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62bc53ae-7cdb-491c-a315-5bf8fa80c27b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/listingo/" + google-query: inurl:"/wp-content/themes/listingo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,listingo,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/listingo/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "listingo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/listingpro-150cb95f9f40b2e120f1867ef595a1a2.yaml b/nuclei-templates/cve-less/themes/listingpro-150cb95f9f40b2e120f1867ef595a1a2.yaml new file mode 100644 index 0000000000..ad7607a219 --- /dev/null +++ b/nuclei-templates/cve-less/themes/listingpro-150cb95f9f40b2e120f1867ef595a1a2.yaml @@ -0,0 +1,58 @@ +id: listingpro-150cb95f9f40b2e120f1867ef595a1a2 + +info: + name: > + ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ddb979b5-8fd6-41ed-a535-ad6646a14677?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/listingpro/" + google-query: inurl:"/wp-content/themes/listingpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,listingpro,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/listingpro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "listingpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.14.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/listingpro-5ff88083e32bfbabf7c17c2a2829921d.yaml b/nuclei-templates/cve-less/themes/listingpro-5ff88083e32bfbabf7c17c2a2829921d.yaml new file mode 100644 index 0000000000..f044945035 --- /dev/null +++ b/nuclei-templates/cve-less/themes/listingpro-5ff88083e32bfbabf7c17c2a2829921d.yaml @@ -0,0 +1,58 @@ +id: listingpro-5ff88083e32bfbabf7c17c2a2829921d + +info: + name: > + ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e7ad57d0-375b-4a64-a61c-90b72052552f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/listingpro/" + google-query: inurl:"/wp-content/themes/listingpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,listingpro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/listingpro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "listingpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.14.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/listingpro-7cb74951ec30df91b0363483bf7bb394.yaml b/nuclei-templates/cve-less/themes/listingpro-7cb74951ec30df91b0363483bf7bb394.yaml new file mode 100644 index 0000000000..68b2d7c712 --- /dev/null +++ b/nuclei-templates/cve-less/themes/listingpro-7cb74951ec30df91b0363483bf7bb394.yaml @@ -0,0 +1,58 @@ +id: listingpro-7cb74951ec30df91b0363483bf7bb394 + +info: + name: > + ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Arbitrary Plugin Installation, Activation and Deactivation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a08fa649-3092-4c26-a009-2dd576b9b1ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/listingpro/" + google-query: inurl:"/wp-content/themes/listingpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,listingpro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/listingpro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "listingpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/listingpro-9db9bcd8fc228077bf75d34eb26eccd1.yaml b/nuclei-templates/cve-less/themes/listingpro-9db9bcd8fc228077bf75d34eb26eccd1.yaml new file mode 100644 index 0000000000..bd2ff6b6c7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/listingpro-9db9bcd8fc228077bf75d34eb26eccd1.yaml @@ -0,0 +1,58 @@ +id: listingpro-9db9bcd8fc228077bf75d34eb26eccd1 + +info: + name: > + ListingPro - WordPress Directory & Listing Theme < 2.6.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b21f8e-8d66-4d3e-a383-bea20a3c4498?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/listingpro/" + google-query: inurl:"/wp-content/themes/listingpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,listingpro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/listingpro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "listingpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/listingpro-e612ae5fb8c05a8c56c1d21cf4568559.yaml b/nuclei-templates/cve-less/themes/listingpro-e612ae5fb8c05a8c56c1d21cf4568559.yaml new file mode 100644 index 0000000000..7b2cf64714 --- /dev/null +++ b/nuclei-templates/cve-less/themes/listingpro-e612ae5fb8c05a8c56c1d21cf4568559.yaml @@ -0,0 +1,58 @@ +id: listingpro-e612ae5fb8c05a8c56c1d21cf4568559 + +info: + name: > + ListingPro - WordPress Directory & Listing Theme < 2.0.14.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4af4b971-7304-47c9-8d01-eae36e40c45c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/listingpro/" + google-query: inurl:"/wp-content/themes/listingpro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,listingpro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/listingpro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "listingpro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.14.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/luxe-09bb804f266b350634cb031ea62ca641.yaml b/nuclei-templates/cve-less/themes/luxe-09bb804f266b350634cb031ea62ca641.yaml new file mode 100644 index 0000000000..0ef2fd17dc --- /dev/null +++ b/nuclei-templates/cve-less/themes/luxe-09bb804f266b350634cb031ea62ca641.yaml @@ -0,0 +1,58 @@ +id: luxe-09bb804f266b350634cb031ea62ca641 + +info: + name: > + Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97c652c-f191-493d-9857-acaa4db8a49a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/luxe/" + google-query: inurl:"/wp-content/themes/luxe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,luxe,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/luxe/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "luxe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/luxe-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/themes/luxe-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..d2930cf0bf --- /dev/null +++ b/nuclei-templates/cve-less/themes/luxe-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: luxe-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/luxe/" + google-query: inurl:"/wp-content/themes/luxe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,luxe,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/luxe/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "luxe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/machic-core-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml b/nuclei-templates/cve-less/themes/machic-core-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml new file mode 100644 index 0000000000..17c7542d7d --- /dev/null +++ b/nuclei-templates/cve-less/themes/machic-core-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml @@ -0,0 +1,58 @@ +id: machic-core-0ed3cd48ec0b8d5d59c0c2a69ba7db3d + +info: + name: > + Multiple Themes by KlbTheme <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d5036a-c756-47a6-b071-c393f8a6ce5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/machic-core/" + google-query: inurl:"/wp-content/themes/machic-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,machic-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/machic-core/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "machic-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/machic-core-126a4deb066c34b8dce5df40cd3bb8ed.yaml b/nuclei-templates/cve-less/themes/machic-core-126a4deb066c34b8dce5df40cd3bb8ed.yaml new file mode 100644 index 0000000000..c122afaa33 --- /dev/null +++ b/nuclei-templates/cve-less/themes/machic-core-126a4deb066c34b8dce5df40cd3bb8ed.yaml @@ -0,0 +1,58 @@ +id: machic-core-126a4deb066c34b8dce5df40cd3bb8ed + +info: + name: > + Machic Core <= 1.2.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4fc9628-b254-405b-a7cc-bb955618bc35?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/machic-core/" + google-query: inurl:"/wp-content/themes/machic-core/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,machic-core,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/machic-core/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "machic-core" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/magazine-edge-f5a034fa03b4780f360af411f657fb5a.yaml b/nuclei-templates/cve-less/themes/magazine-edge-f5a034fa03b4780f360af411f657fb5a.yaml new file mode 100644 index 0000000000..4777574599 --- /dev/null +++ b/nuclei-templates/cve-less/themes/magazine-edge-f5a034fa03b4780f360af411f657fb5a.yaml @@ -0,0 +1,58 @@ +id: magazine-edge-f5a034fa03b4780f360af411f657fb5a + +info: + name: > + Magazine Edge <= 1.13 - Authenticated (Subscriber+) Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a2a29ea-3ff3-4b80-8a40-1a00491076ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/magazine-edge/" + google-query: inurl:"/wp-content/themes/magazine-edge/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,magazine-edge,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/magazine-edge/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "magazine-edge" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/materialis-30dc0670053ac012aae9f0b808f32600.yaml b/nuclei-templates/cve-less/themes/materialis-30dc0670053ac012aae9f0b808f32600.yaml new file mode 100644 index 0000000000..119e3fbbb3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/materialis-30dc0670053ac012aae9f0b808f32600.yaml @@ -0,0 +1,58 @@ +id: materialis-30dc0670053ac012aae9f0b808f32600 + +info: + name: > + Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c9c3302-47cd-4dbe-b79e-5e6032928074?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/materialis/" + google-query: inurl:"/wp-content/themes/materialis/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,materialis,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/materialis/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "materialis" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.172') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/medibazar-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml b/nuclei-templates/cve-less/themes/medibazar-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml new file mode 100644 index 0000000000..abe73f452e --- /dev/null +++ b/nuclei-templates/cve-less/themes/medibazar-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml @@ -0,0 +1,58 @@ +id: medibazar-0ed3cd48ec0b8d5d59c0c2a69ba7db3d + +info: + name: > + Multiple Themes by KlbTheme <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d5036a-c756-47a6-b071-c393f8a6ce5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/medibazar/" + google-query: inurl:"/wp-content/themes/medibazar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,medibazar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/medibazar/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "medibazar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/medical-heed-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/cve-less/themes/medical-heed-4afe438c3219ba223c08f05567ce5890.yaml new file mode 100644 index 0000000000..b98e06a74e --- /dev/null +++ b/nuclei-templates/cve-less/themes/medical-heed-4afe438c3219ba223c08f05567ce5890.yaml @@ -0,0 +1,58 @@ +id: medical-heed-4afe438c3219ba223c08f05567ce5890 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/medical-heed/" + google-query: inurl:"/wp-content/themes/medical-heed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,medical-heed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/medical-heed/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "medical-heed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/medical-heed-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/cve-less/themes/medical-heed-57ce58b6230c68936a87b493b14f2285.yaml new file mode 100644 index 0000000000..c9300e7f81 --- /dev/null +++ b/nuclei-templates/cve-less/themes/medical-heed-57ce58b6230c68936a87b493b14f2285.yaml @@ -0,0 +1,58 @@ +id: medical-heed-57ce58b6230c68936a87b493b14f2285 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/medical-heed/" + google-query: inurl:"/wp-content/themes/medical-heed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,medical-heed,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/medical-heed/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "medical-heed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/mediciti-lite-90a7b869d3e2a4d7bc3ba6fed7e1b85c.yaml b/nuclei-templates/cve-less/themes/mediciti-lite-90a7b869d3e2a4d7bc3ba6fed7e1b85c.yaml new file mode 100644 index 0000000000..293fdb2cd7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/mediciti-lite-90a7b869d3e2a4d7bc3ba6fed7e1b85c.yaml @@ -0,0 +1,58 @@ +id: mediciti-lite-90a7b869d3e2a4d7bc3ba6fed7e1b85c + +info: + name: > + Mediciti Lite <= 1.3.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec2825b2-c8df-40fd-b44d-a840be66446f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/mediciti-lite/" + google-query: inurl:"/wp-content/themes/mediciti-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,mediciti-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/mediciti-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediciti-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/medikaid-161c9677e95eb847dc432eddc65db142.yaml b/nuclei-templates/cve-less/themes/medikaid-161c9677e95eb847dc432eddc65db142.yaml new file mode 100644 index 0000000000..47c27fce8a --- /dev/null +++ b/nuclei-templates/cve-less/themes/medikaid-161c9677e95eb847dc432eddc65db142.yaml @@ -0,0 +1,58 @@ +id: medikaid-161c9677e95eb847dc432eddc65db142 + +info: + name: > + Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8b0f14-f31a-45cd-bb98-0b717059aa80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/medikaid/" + google-query: inurl:"/wp-content/themes/medikaid/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,medikaid,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/medikaid/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "medikaid" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/mediumishh-8ddcc8df3c11e4879c7d118b2a205450.yaml b/nuclei-templates/cve-less/themes/mediumishh-8ddcc8df3c11e4879c7d118b2a205450.yaml new file mode 100644 index 0000000000..8f21ce84cc --- /dev/null +++ b/nuclei-templates/cve-less/themes/mediumishh-8ddcc8df3c11e4879c7d118b2a205450.yaml @@ -0,0 +1,58 @@ +id: mediumishh-8ddcc8df3c11e4879c7d118b2a205450 + +info: + name: > + Mediumish <= 1.0.47 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46e2693a-809f-43f9-b189-35a0c73bf34e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/mediumishh/" + google-query: inurl:"/wp-content/themes/mediumishh/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,mediumishh,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/mediumishh/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mediumishh" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.47') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/medzone-lite-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/medzone-lite-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..9f6d8a1d09 --- /dev/null +++ b/nuclei-templates/cve-less/themes/medzone-lite-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: medzone-lite-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/medzone-lite/" + google-query: inurl:"/wp-content/themes/medzone-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,medzone-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/medzone-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "medzone-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/meris-7905993a7c5a7f25cd0e632ebe3eba34.yaml b/nuclei-templates/cve-less/themes/meris-7905993a7c5a7f25cd0e632ebe3eba34.yaml new file mode 100644 index 0000000000..822f79a81a --- /dev/null +++ b/nuclei-templates/cve-less/themes/meris-7905993a7c5a7f25cd0e632ebe3eba34.yaml @@ -0,0 +1,58 @@ +id: meris-7905993a7c5a7f25cd0e632ebe3eba34 + +info: + name: > + Meris <= 1.1.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a627f10a-1463-4e4b-98a9-2008fa76e25a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/meris/" + google-query: inurl:"/wp-content/themes/meris/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,meris,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/meris/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "meris" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/mesmerize-30dc0670053ac012aae9f0b808f32600.yaml b/nuclei-templates/cve-less/themes/mesmerize-30dc0670053ac012aae9f0b808f32600.yaml new file mode 100644 index 0000000000..ea5fe38341 --- /dev/null +++ b/nuclei-templates/cve-less/themes/mesmerize-30dc0670053ac012aae9f0b808f32600.yaml @@ -0,0 +1,58 @@ +id: mesmerize-30dc0670053ac012aae9f0b808f32600 + +info: + name: > + Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c9c3302-47cd-4dbe-b79e-5e6032928074?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/mesmerize/" + google-query: inurl:"/wp-content/themes/mesmerize/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,mesmerize,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/mesmerize/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mesmerize" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.89') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/metrostore-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/cve-less/themes/metrostore-4afe438c3219ba223c08f05567ce5890.yaml new file mode 100644 index 0000000000..15b20439e3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/metrostore-4afe438c3219ba223c08f05567ce5890.yaml @@ -0,0 +1,58 @@ +id: metrostore-4afe438c3219ba223c08f05567ce5890 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/metrostore/" + google-query: inurl:"/wp-content/themes/metrostore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,metrostore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/metrostore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metrostore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/metrostore-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/cve-less/themes/metrostore-57ce58b6230c68936a87b493b14f2285.yaml new file mode 100644 index 0000000000..698176e588 --- /dev/null +++ b/nuclei-templates/cve-less/themes/metrostore-57ce58b6230c68936a87b493b14f2285.yaml @@ -0,0 +1,58 @@ +id: metrostore-57ce58b6230c68936a87b493b14f2285 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/metrostore/" + google-query: inurl:"/wp-content/themes/metrostore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,metrostore,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/metrostore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "metrostore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/minus-09bb804f266b350634cb031ea62ca641.yaml b/nuclei-templates/cve-less/themes/minus-09bb804f266b350634cb031ea62ca641.yaml new file mode 100644 index 0000000000..3e9414a844 --- /dev/null +++ b/nuclei-templates/cve-less/themes/minus-09bb804f266b350634cb031ea62ca641.yaml @@ -0,0 +1,58 @@ +id: minus-09bb804f266b350634cb031ea62ca641 + +info: + name: > + Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97c652c-f191-493d-9857-acaa4db8a49a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/minus/" + google-query: inurl:"/wp-content/themes/minus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,minus,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/minus/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "minus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/minus-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/themes/minus-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..50aff285ef --- /dev/null +++ b/nuclei-templates/cve-less/themes/minus-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: minus-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/minus/" + google-query: inurl:"/wp-content/themes/minus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,minus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/minus/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "minus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/mocho-blog-0eeb168325aaf2fd5bb4eb1250e0882d.yaml b/nuclei-templates/cve-less/themes/mocho-blog-0eeb168325aaf2fd5bb4eb1250e0882d.yaml new file mode 100644 index 0000000000..0cae43f992 --- /dev/null +++ b/nuclei-templates/cve-less/themes/mocho-blog-0eeb168325aaf2fd5bb4eb1250e0882d.yaml @@ -0,0 +1,58 @@ +id: mocho-blog-0eeb168325aaf2fd5bb4eb1250e0882d + +info: + name: > + Mocho Blog <= 1.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f10fd22e-a25b-4f16-ad65-a995559908e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/mocho-blog/" + google-query: inurl:"/wp-content/themes/mocho-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,mocho-blog,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/mocho-blog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mocho-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/modern-51ba94283b04aa5998cb156cf18689aa.yaml b/nuclei-templates/cve-less/themes/modern-51ba94283b04aa5998cb156cf18689aa.yaml new file mode 100644 index 0000000000..11582606c4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/modern-51ba94283b04aa5998cb156cf18689aa.yaml @@ -0,0 +1,58 @@ +id: modern-51ba94283b04aa5998cb156cf18689aa + +info: + name: > + Modern <= 1.4.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae1820ab-6a24-45b3-801c-34c5515c8868?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/modern/" + google-query: inurl:"/wp-content/themes/modern/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,modern,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/modern/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "modern" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/monolit-3b0c578afae8e4197f9fa7776b2f418c.yaml b/nuclei-templates/cve-less/themes/monolit-3b0c578afae8e4197f9fa7776b2f418c.yaml new file mode 100644 index 0000000000..8c5d6a78c7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/monolit-3b0c578afae8e4197f9fa7776b2f418c.yaml @@ -0,0 +1,58 @@ +id: monolit-3b0c578afae8e4197f9fa7776b2f418c + +info: + name: > + Monolit <= 2.0.6 - Unauthenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/60a574c7-47de-4427-8d38-d510ea996f75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/monolit/" + google-query: inurl:"/wp-content/themes/monolit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,monolit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/monolit/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "monolit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/morning-coffee-59015ab41c28db2b3674f30b01c20313.yaml b/nuclei-templates/cve-less/themes/morning-coffee-59015ab41c28db2b3674f30b01c20313.yaml new file mode 100644 index 0000000000..38879626ba --- /dev/null +++ b/nuclei-templates/cve-less/themes/morning-coffee-59015ab41c28db2b3674f30b01c20313.yaml @@ -0,0 +1,58 @@ +id: morning-coffee-59015ab41c28db2b3674f30b01c20313 + +info: + name: > + Morning Coffee < 3.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/84ef0f21-74af-4cb7-bab6-47c25df0522e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/morning-coffee/" + google-query: inurl:"/wp-content/themes/morning-coffee/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,morning-coffee,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/morning-coffee/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "morning-coffee" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/motor-cf765c7372b51ee3e57db42cf2ef8936.yaml b/nuclei-templates/cve-less/themes/motor-cf765c7372b51ee3e57db42cf2ef8936.yaml new file mode 100644 index 0000000000..7b33d2c135 --- /dev/null +++ b/nuclei-templates/cve-less/themes/motor-cf765c7372b51ee3e57db42cf2ef8936.yaml @@ -0,0 +1,58 @@ +id: motor-cf765c7372b51ee3e57db42cf2ef8936 + +info: + name: > + Motor – Cars, Parts, Service, Equipments and Accessories WooCommerce Store < 3.1.0 - Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b811f085-9374-41e7-a9ab-fecff0b9e19d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/motor/" + google-query: inurl:"/wp-content/themes/motor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,motor,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/motor/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "motor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/mtheme-unus-3ca22e0c044d3496c6201e10375e41b4.yaml b/nuclei-templates/cve-less/themes/mtheme-unus-3ca22e0c044d3496c6201e10375e41b4.yaml new file mode 100644 index 0000000000..897bd197f3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/mtheme-unus-3ca22e0c044d3496c6201e10375e41b4.yaml @@ -0,0 +1,58 @@ +id: mtheme-unus-3ca22e0c044d3496c6201e10375e41b4 + +info: + name: > + mTheme-Unus < 2.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/df53dea5-4497-45ee-8f5c-e43f19a702f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/mTheme-Unus/" + google-query: inurl:"/wp-content/themes/mTheme-Unus/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,mTheme-Unus,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/mTheme-Unus/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "mTheme-Unus" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/naturemag-lite-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/naturemag-lite-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..de8dc59d66 --- /dev/null +++ b/nuclei-templates/cve-less/themes/naturemag-lite-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: naturemag-lite-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/naturemag-lite/" + google-query: inurl:"/wp-content/themes/naturemag-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,naturemag-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/naturemag-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "naturemag-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/neon-ce8dd1af11ff660941fa17a3827331a2.yaml b/nuclei-templates/cve-less/themes/neon-ce8dd1af11ff660941fa17a3827331a2.yaml new file mode 100644 index 0000000000..6f86778622 --- /dev/null +++ b/nuclei-templates/cve-less/themes/neon-ce8dd1af11ff660941fa17a3827331a2.yaml @@ -0,0 +1,58 @@ +id: neon-ce8dd1af11ff660941fa17a3827331a2 + +info: + name: > + Neon - Bootstrap Admin Theme <= 2.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7b29589-804b-4d37-a3f4-919f0c1126c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/neon/" + google-query: inurl:"/wp-content/themes/neon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,neon,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/neon/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "neon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/neosense-c7e8c47233570f8175e41802ba29bf54.yaml b/nuclei-templates/cve-less/themes/neosense-c7e8c47233570f8175e41802ba29bf54.yaml new file mode 100644 index 0000000000..a48552e413 --- /dev/null +++ b/nuclei-templates/cve-less/themes/neosense-c7e8c47233570f8175e41802ba29bf54.yaml @@ -0,0 +1,58 @@ +id: neosense-c7e8c47233570f8175e41802ba29bf54 + +info: + name: > + Neosense - Multipurpose WordPress Theme | WordPress < 1.8 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da807a8d-56de-494d-9f8a-9f749ab6c90e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/neosense/" + google-query: inurl:"/wp-content/themes/neosense/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,neosense,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/neosense/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "neosense" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/networker-68d0e40bde0f989b020b573553c376d1.yaml b/nuclei-templates/cve-less/themes/networker-68d0e40bde0f989b020b573553c376d1.yaml new file mode 100644 index 0000000000..32f19adc82 --- /dev/null +++ b/nuclei-templates/cve-less/themes/networker-68d0e40bde0f989b020b573553c376d1.yaml @@ -0,0 +1,58 @@ +id: networker-68d0e40bde0f989b020b573553c376d1 + +info: + name: > + Networker - Tech News WordPress Theme with Dark Mode <= 1.1.9 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1c2b9858-eb0c-42bd-bc32-c58c0f809fc8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/networker/" + google-query: inurl:"/wp-content/themes/networker/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,networker,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/networker/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "networker" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/news-6d0c9deb010be5b44d8bbfb44b8f1a81.yaml b/nuclei-templates/cve-less/themes/news-6d0c9deb010be5b44d8bbfb44b8f1a81.yaml new file mode 100644 index 0000000000..6244189d0d --- /dev/null +++ b/nuclei-templates/cve-less/themes/news-6d0c9deb010be5b44d8bbfb44b8f1a81.yaml @@ -0,0 +1,58 @@ +id: news-6d0c9deb010be5b44d8bbfb44b8f1a81 + +info: + name: > + News <= 0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f70c96c-5146-41d8-9d9c-7f2adb336049?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/news/" + google-query: inurl:"/wp-content/themes/news/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,news,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/news/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "news" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newsmag-4ce967b961dc587fdbeb05e0806627ae.yaml b/nuclei-templates/cve-less/themes/newsmag-4ce967b961dc587fdbeb05e0806627ae.yaml new file mode 100644 index 0000000000..a94703a39b --- /dev/null +++ b/nuclei-templates/cve-less/themes/newsmag-4ce967b961dc587fdbeb05e0806627ae.yaml @@ -0,0 +1,58 @@ +id: newsmag-4ce967b961dc587fdbeb05e0806627ae + +info: + name: > + Newsmag < 5.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9918ffe1-5911-48d7-84ba-8e6568d6f50c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/newsmag/" + google-query: inurl:"/wp-content/themes/newsmag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,newsmag,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/newsmag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsmag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newsmag-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/newsmag-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..80663a951d --- /dev/null +++ b/nuclei-templates/cve-less/themes/newsmag-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: newsmag-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/newsmag/" + google-query: inurl:"/wp-content/themes/newsmag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,newsmag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/newsmag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsmag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newsmag-bff7cd3ae66179edd6f79145d30bd8a6.yaml b/nuclei-templates/cve-less/themes/newsmag-bff7cd3ae66179edd6f79145d30bd8a6.yaml new file mode 100644 index 0000000000..e06ab0f688 --- /dev/null +++ b/nuclei-templates/cve-less/themes/newsmag-bff7cd3ae66179edd6f79145d30bd8a6.yaml @@ -0,0 +1,58 @@ +id: newsmag-bff7cd3ae66179edd6f79145d30bd8a6 + +info: + name: > + tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8347b4e-a5ba-49c5-9ae6-690a1a5c9aac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/newsmag/" + google-query: inurl:"/wp-content/themes/newsmag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,newsmag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/newsmag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsmag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newsmag-eee75ef3c538836fcb67797f819fea53.yaml b/nuclei-templates/cve-less/themes/newsmag-eee75ef3c538836fcb67797f819fea53.yaml new file mode 100644 index 0000000000..26fc823d7e --- /dev/null +++ b/nuclei-templates/cve-less/themes/newsmag-eee75ef3c538836fcb67797f819fea53.yaml @@ -0,0 +1,58 @@ +id: newsmag-eee75ef3c538836fcb67797f819fea53 + +info: + name: > + Newsmag <= 2.4.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/debe6f54-0f56-4bc9-a0cd-4f2caa1ed9e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/newsmag/" + google-query: inurl:"/wp-content/themes/newsmag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,newsmag,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/newsmag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsmag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newsmatic-8182d66ef4e973d2ca9cb45d86ff3d4f.yaml b/nuclei-templates/cve-less/themes/newsmatic-8182d66ef4e973d2ca9cb45d86ff3d4f.yaml new file mode 100644 index 0000000000..7b24ba9cb0 --- /dev/null +++ b/nuclei-templates/cve-less/themes/newsmatic-8182d66ef4e973d2ca9cb45d86ff3d4f.yaml @@ -0,0 +1,58 @@ +id: newsmatic-8182d66ef4e973d2ca9cb45d86ff3d4f + +info: + name: > + Newsmatic <= 1.3.4 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd2ea430-48ce-43c3-ba3d-8ef5f91460ce?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/newsmatic/" + google-query: inurl:"/wp-content/themes/newsmatic/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,newsmatic,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/newsmatic/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsmatic" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newspaper-8196dc2fb2d79f5488f7ada6ad314549.yaml b/nuclei-templates/cve-less/themes/newspaper-8196dc2fb2d79f5488f7ada6ad314549.yaml new file mode 100644 index 0000000000..5e65d8413f --- /dev/null +++ b/nuclei-templates/cve-less/themes/newspaper-8196dc2fb2d79f5488f7ada6ad314549.yaml @@ -0,0 +1,58 @@ +id: newspaper-8196dc2fb2d79f5488f7ada6ad314549 + +info: + name: > + Newspaper - News & WooCommerce WordPress Theme <= 6.7 - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc742fa0-7d10-4fe4-b95c-7d4ca563d402?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Newspaper/" + google-query: inurl:"/wp-content/themes/Newspaper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Newspaper,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Newspaper/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Newspaper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.7.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newspaper-a588607108cf849846e45967a8f41100.yaml b/nuclei-templates/cve-less/themes/newspaper-a588607108cf849846e45967a8f41100.yaml new file mode 100644 index 0000000000..bce1f0e79d --- /dev/null +++ b/nuclei-templates/cve-less/themes/newspaper-a588607108cf849846e45967a8f41100.yaml @@ -0,0 +1,58 @@ +id: newspaper-a588607108cf849846e45967a8f41100 + +info: + name: > + Newspaper <= 11.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6aa43e74-9911-4c7a-b01a-cb77c2c3fe99?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Newspaper/" + google-query: inurl:"/wp-content/themes/Newspaper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Newspaper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Newspaper/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Newspaper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newspaper-bff7cd3ae66179edd6f79145d30bd8a6.yaml b/nuclei-templates/cve-less/themes/newspaper-bff7cd3ae66179edd6f79145d30bd8a6.yaml new file mode 100644 index 0000000000..b955421750 --- /dev/null +++ b/nuclei-templates/cve-less/themes/newspaper-bff7cd3ae66179edd6f79145d30bd8a6.yaml @@ -0,0 +1,58 @@ +id: newspaper-bff7cd3ae66179edd6f79145d30bd8a6 + +info: + name: > + tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8347b4e-a5ba-49c5-9ae6-690a1a5c9aac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Newspaper/" + google-query: inurl:"/wp-content/themes/Newspaper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Newspaper,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Newspaper/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Newspaper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newspaper-c159f842979de9da3050a83cd3188bb4.yaml b/nuclei-templates/cve-less/themes/newspaper-c159f842979de9da3050a83cd3188bb4.yaml new file mode 100644 index 0000000000..60449a2f07 --- /dev/null +++ b/nuclei-templates/cve-less/themes/newspaper-c159f842979de9da3050a83cd3188bb4.yaml @@ -0,0 +1,58 @@ +id: newspaper-c159f842979de9da3050a83cd3188bb4 + +info: + name: > + Newspaper <= 11.5.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25cde35e-ba76-4651-8828-71ddd4c8a164?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Newspaper/" + google-query: inurl:"/wp-content/themes/Newspaper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Newspaper,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Newspaper/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Newspaper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 11.5.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newspaper-e9eec5a929c2311a5540a7010e91443f.yaml b/nuclei-templates/cve-less/themes/newspaper-e9eec5a929c2311a5540a7010e91443f.yaml new file mode 100644 index 0000000000..8dee23e7a3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/newspaper-e9eec5a929c2311a5540a7010e91443f.yaml @@ -0,0 +1,58 @@ +id: newspaper-e9eec5a929c2311a5540a7010e91443f + +info: + name: > + tagDiv Cloud Library < 2.7 - Missing Authorization to Arbitrary User Metadata Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24e8d1a4-9853-4f60-a371-7fdbe86d554b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Newspaper/" + google-query: inurl:"/wp-content/themes/Newspaper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Newspaper,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Newspaper/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Newspaper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 12.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newspaper-f7df930f39831ca9c998366434d0f175.yaml b/nuclei-templates/cve-less/themes/newspaper-f7df930f39831ca9c998366434d0f175.yaml new file mode 100644 index 0000000000..1fbe28cd03 --- /dev/null +++ b/nuclei-templates/cve-less/themes/newspaper-f7df930f39831ca9c998366434d0f175.yaml @@ -0,0 +1,58 @@ +id: newspaper-f7df930f39831ca9c998366434d0f175 + +info: + name: > + Newspaper - News & WooCommerce WordPress Theme < 6.7.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f6ea94a-c8c7-4ff9-9fdd-a40acd6ec4f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Newspaper/" + google-query: inurl:"/wp-content/themes/Newspaper/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Newspaper,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Newspaper/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Newspaper" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 6.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newspaper-lite-17b72cbae2806ebc0f250c3c7b56eebd.yaml b/nuclei-templates/cve-less/themes/newspaper-lite-17b72cbae2806ebc0f250c3c7b56eebd.yaml new file mode 100644 index 0000000000..2f13e5abcc --- /dev/null +++ b/nuclei-templates/cve-less/themes/newspaper-lite-17b72cbae2806ebc0f250c3c7b56eebd.yaml @@ -0,0 +1,58 @@ +id: newspaper-lite-17b72cbae2806ebc0f250c3c7b56eebd + +info: + name: > + Newspaper Lite < 11.0 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/21dd2899-cb2d-4266-be79-bdf00e60e9a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/newspaper-lite/" + google-query: inurl:"/wp-content/themes/newspaper-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,newspaper-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/newspaper-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newspaper-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 10.3.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newspaper-x-72ccbc519dc7d87cb6145ad667cfc553.yaml b/nuclei-templates/cve-less/themes/newspaper-x-72ccbc519dc7d87cb6145ad667cfc553.yaml new file mode 100644 index 0000000000..a349f6259a --- /dev/null +++ b/nuclei-templates/cve-less/themes/newspaper-x-72ccbc519dc7d87cb6145ad667cfc553.yaml @@ -0,0 +1,58 @@ +id: newspaper-x-72ccbc519dc7d87cb6145ad667cfc553 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9e4e989-8e55-4ea7-8f42-9f67cfab1168?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/newspaper-x/" + google-query: inurl:"/wp-content/themes/newspaper-x/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,newspaper-x,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/newspaper-x/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newspaper-x" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newspaper-x-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/newspaper-x-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..da7f16fd49 --- /dev/null +++ b/nuclei-templates/cve-less/themes/newspaper-x-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: newspaper-x-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/newspaper-x/" + google-query: inurl:"/wp-content/themes/newspaper-x/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,newspaper-x,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/newspaper-x/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newspaper-x" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/newsxpress-7d03328ac3d4c62cd7bbe97808deaeca.yaml b/nuclei-templates/cve-less/themes/newsxpress-7d03328ac3d4c62cd7bbe97808deaeca.yaml new file mode 100644 index 0000000000..b89d22601a --- /dev/null +++ b/nuclei-templates/cve-less/themes/newsxpress-7d03328ac3d4c62cd7bbe97808deaeca.yaml @@ -0,0 +1,58 @@ +id: newsxpress-7d03328ac3d4c62cd7bbe97808deaeca + +info: + name: > + NewsXpress <= 1.0.7 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cd5e9736-e4d9-4730-aaaf-2069a9633f02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/newsxpress/" + google-query: inurl:"/wp-content/themes/newsxpress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,newsxpress,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/newsxpress/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "newsxpress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/nexos-34acc22fa074776c63206475018db5f7.yaml b/nuclei-templates/cve-less/themes/nexos-34acc22fa074776c63206475018db5f7.yaml new file mode 100644 index 0000000000..e0e9b14c66 --- /dev/null +++ b/nuclei-templates/cve-less/themes/nexos-34acc22fa074776c63206475018db5f7.yaml @@ -0,0 +1,58 @@ +id: nexos-34acc22fa074776c63206475018db5f7 + +info: + name: > + Nexos - Real Estate WordPress Theme <= 1.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed3ad791-4d4d-41df-bf14-2aef77d6fecb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/nexos/" + google-query: inurl:"/wp-content/themes/nexos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,nexos,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/nexos/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nexos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/nexos-a1ee8803b42d3b197599b6095f91fefd.yaml b/nuclei-templates/cve-less/themes/nexos-a1ee8803b42d3b197599b6095f91fefd.yaml new file mode 100644 index 0000000000..3762f0a545 --- /dev/null +++ b/nuclei-templates/cve-less/themes/nexos-a1ee8803b42d3b197599b6095f91fefd.yaml @@ -0,0 +1,58 @@ +id: nexos-a1ee8803b42d3b197599b6095f91fefd + +info: + name: > + Nexos - Real Estate WordPress Theme < 1.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6221374-3c0d-4d37-8a27-130c504ea70d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/nexos/" + google-query: inurl:"/wp-content/themes/nexos/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,nexos,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/nexos/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nexos" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/nexter-4671c56fe35cfb879a2471b3343a30c7.yaml b/nuclei-templates/cve-less/themes/nexter-4671c56fe35cfb879a2471b3343a30c7.yaml new file mode 100644 index 0000000000..3f7df98e81 --- /dev/null +++ b/nuclei-templates/cve-less/themes/nexter-4671c56fe35cfb879a2471b3343a30c7.yaml @@ -0,0 +1,58 @@ +id: nexter-4671c56fe35cfb879a2471b3343a30c7 + +info: + name: > + Nexter <= 2.0.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e26d4914-23fd-4e93-a08a-7e9dd5222a73?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/nexter/" + google-query: inurl:"/wp-content/themes/nexter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,nexter,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/nexter/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nexter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/nexter-fad17491d46d93aa052a2c5d2ff91e1e.yaml b/nuclei-templates/cve-less/themes/nexter-fad17491d46d93aa052a2c5d2ff91e1e.yaml new file mode 100644 index 0000000000..3c0830ca46 --- /dev/null +++ b/nuclei-templates/cve-less/themes/nexter-fad17491d46d93aa052a2c5d2ff91e1e.yaml @@ -0,0 +1,58 @@ +id: nexter-fad17491d46d93aa052a2c5d2ff91e1e + +info: + name: > + Nexter <= 2.0.3 - Authenticated (Subscriber+) SQL Injection via 'to' and 'from' + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a0164123-11b0-4b3b-bc76-c6aee8ca9d34?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/nexter/" + google-query: inurl:"/wp-content/themes/nexter/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,nexter,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/nexter/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nexter" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/nictitate-e239f345bc8a481c67e859f476dff343.yaml b/nuclei-templates/cve-less/themes/nictitate-e239f345bc8a481c67e859f476dff343.yaml new file mode 100644 index 0000000000..1b95615947 --- /dev/null +++ b/nuclei-templates/cve-less/themes/nictitate-e239f345bc8a481c67e859f476dff343.yaml @@ -0,0 +1,58 @@ +id: nictitate-e239f345bc8a481c67e859f476dff343 + +info: + name: > + Nictitate <= 1.1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66a5a011-4c2f-4da9-9b17-96af830ba880?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/nictitate/" + google-query: inurl:"/wp-content/themes/nictitate/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,nictitate,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/nictitate/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nictitate" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/nokke-161c9677e95eb847dc432eddc65db142.yaml b/nuclei-templates/cve-less/themes/nokke-161c9677e95eb847dc432eddc65db142.yaml new file mode 100644 index 0000000000..d2492a37f2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/nokke-161c9677e95eb847dc432eddc65db142.yaml @@ -0,0 +1,58 @@ +id: nokke-161c9677e95eb847dc432eddc65db142 + +info: + name: > + Multiple DeoThemes Themes <= (Various Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1b8b0f14-f31a-45cd-bb98-0b717059aa80?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/nokke/" + google-query: inurl:"/wp-content/themes/nokke/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,nokke,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/nokke/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nokke" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/noo-jobmonster-416263074de0ee717fb7c97e5e787220.yaml b/nuclei-templates/cve-less/themes/noo-jobmonster-416263074de0ee717fb7c97e5e787220.yaml new file mode 100644 index 0000000000..8f18985b6b --- /dev/null +++ b/nuclei-templates/cve-less/themes/noo-jobmonster-416263074de0ee717fb7c97e5e787220.yaml @@ -0,0 +1,58 @@ +id: noo-jobmonster-416263074de0ee717fb7c97e5e787220 + +info: + name: > + Noo JobMonster <= 4.6.6 - Sensitive Information Disclosure via Directory Listing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/07eec594-6c46-4df0-92f1-f090e510d79d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/noo-jobmonster/" + google-query: inurl:"/wp-content/themes/noo-jobmonster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,noo-jobmonster,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/noo-jobmonster/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "noo-jobmonster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.6.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/noo-jobmonster-484e846ac2c2ca29eb31f11236276ff2.yaml b/nuclei-templates/cve-less/themes/noo-jobmonster-484e846ac2c2ca29eb31f11236276ff2.yaml new file mode 100644 index 0000000000..0dd37a417a --- /dev/null +++ b/nuclei-templates/cve-less/themes/noo-jobmonster-484e846ac2c2ca29eb31f11236276ff2.yaml @@ -0,0 +1,58 @@ +id: noo-jobmonster-484e846ac2c2ca29eb31f11236276ff2 + +info: + name: > + Noo JobMonster < 4.5.2.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a2f646fb-b089-492d-9d90-0f43b18e1a90?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/noo-jobmonster/" + google-query: inurl:"/wp-content/themes/noo-jobmonster/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,noo-jobmonster,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/noo-jobmonster/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "noo-jobmonster" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.5.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/nova-lite-2cf62694c1273a50c31799d50a62c51a.yaml b/nuclei-templates/cve-less/themes/nova-lite-2cf62694c1273a50c31799d50a62c51a.yaml new file mode 100644 index 0000000000..de22e3a046 --- /dev/null +++ b/nuclei-templates/cve-less/themes/nova-lite-2cf62694c1273a50c31799d50a62c51a.yaml @@ -0,0 +1,58 @@ +id: nova-lite-2cf62694c1273a50c31799d50a62c51a + +info: + name: > + Nova Lite < 1.3.9 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/46a16b7b-6de4-49a6-83e3-309f8ab43505?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/nova-lite/" + google-query: inurl:"/wp-content/themes/nova-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,nova-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/nova-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nova-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.3.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/nsc-47b642ac75c1b5d9ea7b88cb11912c96.yaml b/nuclei-templates/cve-less/themes/nsc-47b642ac75c1b5d9ea7b88cb11912c96.yaml new file mode 100644 index 0000000000..0d2ef15251 --- /dev/null +++ b/nuclei-templates/cve-less/themes/nsc-47b642ac75c1b5d9ea7b88cb11912c96.yaml @@ -0,0 +1,58 @@ +id: nsc-47b642ac75c1b5d9ea7b88cb11912c96 + +info: + name: > + nsc <= 1.0 - Prototype Pollution to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5909513d-8877-40ff-bee9-d565141b7ed2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/nsc/" + google-query: inurl:"/wp-content/themes/nsc/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,nsc,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/nsc/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "nsc" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/oceanwp-e5433fd914f5f7bdfa5093c95eaa7f18.yaml b/nuclei-templates/cve-less/themes/oceanwp-e5433fd914f5f7bdfa5093c95eaa7f18.yaml new file mode 100644 index 0000000000..2e476ed354 --- /dev/null +++ b/nuclei-templates/cve-less/themes/oceanwp-e5433fd914f5f7bdfa5093c95eaa7f18.yaml @@ -0,0 +1,58 @@ +id: oceanwp-e5433fd914f5f7bdfa5093c95eaa7f18 + +info: + name: > + OceanWP <= 3.5.4 - Missing Authorization to Sensitive Information Exposure via Limited Local File Inclusion + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ec2743d-0d96-4056-8fdf-dc81d4e9b76f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/oceanwp/" + google-query: inurl:"/wp-content/themes/oceanwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,oceanwp,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/oceanwp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oceanwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.5.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/oceanwp-edb6cbfc2b955228bcb748bd996c120c.yaml b/nuclei-templates/cve-less/themes/oceanwp-edb6cbfc2b955228bcb748bd996c120c.yaml new file mode 100644 index 0000000000..b59b2fe43c --- /dev/null +++ b/nuclei-templates/cve-less/themes/oceanwp-edb6cbfc2b955228bcb748bd996c120c.yaml @@ -0,0 +1,58 @@ +id: oceanwp-edb6cbfc2b955228bcb748bd996c120c + +info: + name: > + OceanWP <= 3.4.1 - Authenticated (Subscriber+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fa57b92-3a3e-418c-bfc2-7ed2602004e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/oceanwp/" + google-query: inurl:"/wp-content/themes/oceanwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,oceanwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/oceanwp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "oceanwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/onair2-3a52346bbe93c0a607f0387208360f6f.yaml b/nuclei-templates/cve-less/themes/onair2-3a52346bbe93c0a607f0387208360f6f.yaml new file mode 100644 index 0000000000..5c609af2e9 --- /dev/null +++ b/nuclei-templates/cve-less/themes/onair2-3a52346bbe93c0a607f0387208360f6f.yaml @@ -0,0 +1,58 @@ +id: onair2-3a52346bbe93c0a607f0387208360f6f + +info: + name: > + QT KenthaRadio < 2.0.2 & OnAir2 < 3.9.9.2 - Server-Side Request Forgery & Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/93b5552e-bb24-4dfb-a779-8451f619ff50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/onair2/" + google-query: inurl:"/wp-content/themes/onair2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,onair2,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/onair2/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onair2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.9.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/onetone-161c93480bad1a6fddf7935d08286cca.yaml b/nuclei-templates/cve-less/themes/onetone-161c93480bad1a6fddf7935d08286cca.yaml new file mode 100644 index 0000000000..f10c93417d --- /dev/null +++ b/nuclei-templates/cve-less/themes/onetone-161c93480bad1a6fddf7935d08286cca.yaml @@ -0,0 +1,58 @@ +id: onetone-161c93480bad1a6fddf7935d08286cca + +info: + name: > + OneTone <= 3.0.6 & OneTone Companion <= 1.1.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2777158-baa4-4209-ae15-03da5adafc75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/onetone/" + google-query: inurl:"/wp-content/themes/onetone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,onetone,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/onetone/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onetone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/onetone-95f9bc03677a083bf89832ea0c794033.yaml b/nuclei-templates/cve-less/themes/onetone-95f9bc03677a083bf89832ea0c794033.yaml new file mode 100644 index 0000000000..f89529c94e --- /dev/null +++ b/nuclei-templates/cve-less/themes/onetone-95f9bc03677a083bf89832ea0c794033.yaml @@ -0,0 +1,58 @@ +id: onetone-95f9bc03677a083bf89832ea0c794033 + +info: + name: > + OneTone <= 3.0.6 & OneTone Companion <= 1.1.1 - Unauthenticated Settings Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a8082c60-436d-42e3-8aa5-cd2cb8ce6355?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/onetone/" + google-query: inurl:"/wp-content/themes/onetone/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,onetone,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/onetone/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "onetone" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/online-estore-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/cve-less/themes/online-estore-4afe438c3219ba223c08f05567ce5890.yaml new file mode 100644 index 0000000000..d58f66ac4f --- /dev/null +++ b/nuclei-templates/cve-less/themes/online-estore-4afe438c3219ba223c08f05567ce5890.yaml @@ -0,0 +1,58 @@ +id: online-estore-4afe438c3219ba223c08f05567ce5890 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/online-estore/" + google-query: inurl:"/wp-content/themes/online-estore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,online-estore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/online-estore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "online-estore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/online-estore-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/cve-less/themes/online-estore-57ce58b6230c68936a87b493b14f2285.yaml new file mode 100644 index 0000000000..9c90cc9f1c --- /dev/null +++ b/nuclei-templates/cve-less/themes/online-estore-57ce58b6230c68936a87b493b14f2285.yaml @@ -0,0 +1,58 @@ +id: online-estore-57ce58b6230c68936a87b493b14f2285 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/online-estore/" + google-query: inurl:"/wp-content/themes/online-estore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,online-estore,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/online-estore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "online-estore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/opstore-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/opstore-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..6b7d007c7f --- /dev/null +++ b/nuclei-templates/cve-less/themes/opstore-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: opstore-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/opstore/" + google-query: inurl:"/wp-content/themes/opstore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,opstore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/opstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/opstore-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/opstore-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..b86df4e028 --- /dev/null +++ b/nuclei-templates/cve-less/themes/opstore-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: opstore-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/opstore/" + google-query: inurl:"/wp-content/themes/opstore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,opstore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/opstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "opstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/optimizepress-cc59f91f842a517b5809b79cc65f1b6e.yaml b/nuclei-templates/cve-less/themes/optimizepress-cc59f91f842a517b5809b79cc65f1b6e.yaml new file mode 100644 index 0000000000..bdf4e7e665 --- /dev/null +++ b/nuclei-templates/cve-less/themes/optimizepress-cc59f91f842a517b5809b79cc65f1b6e.yaml @@ -0,0 +1,58 @@ +id: optimizepress-cc59f91f842a517b5809b79cc65f1b6e + +info: + name: > + OptimizePress < 1.6 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b8eeeed6-bb8c-47d3-afa5-84eb7ed2c971?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/optimizepress/" + google-query: inurl:"/wp-content/themes/optimizepress/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,optimizepress,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/optimizepress/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "optimizepress" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/outdoor-7818a6f8e7606cc76a49355022fa2087.yaml b/nuclei-templates/cve-less/themes/outdoor-7818a6f8e7606cc76a49355022fa2087.yaml new file mode 100644 index 0000000000..cc8583864a --- /dev/null +++ b/nuclei-templates/cve-less/themes/outdoor-7818a6f8e7606cc76a49355022fa2087.yaml @@ -0,0 +1,58 @@ +id: outdoor-7818a6f8e7606cc76a49355022fa2087 + +info: + name: > + Outdoor <= 3.9.6 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ef60f4c3-e38f-4f95-80cd-5e1f5512ebf5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/outdoor/" + google-query: inurl:"/wp-content/themes/outdoor/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,outdoor,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/outdoor/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "outdoor" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.9.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/parallaxsome-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/parallaxsome-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..d47c1cbd6a --- /dev/null +++ b/nuclei-templates/cve-less/themes/parallaxsome-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: parallaxsome-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/parallaxsome/" + google-query: inurl:"/wp-content/themes/parallaxsome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,parallaxsome,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/parallaxsome/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "parallaxsome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/parallaxsome-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/parallaxsome-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..79e0d11fad --- /dev/null +++ b/nuclei-templates/cve-less/themes/parallaxsome-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: parallaxsome-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/parallaxsome/" + google-query: inurl:"/wp-content/themes/parallaxsome/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,parallaxsome,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/parallaxsome/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "parallaxsome" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/parallelus-salutation-ab49cd0603fd2aad8bd2addfd19e8e37.yaml b/nuclei-templates/cve-less/themes/parallelus-salutation-ab49cd0603fd2aad8bd2addfd19e8e37.yaml new file mode 100644 index 0000000000..11867bf8e3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/parallelus-salutation-ab49cd0603fd2aad8bd2addfd19e8e37.yaml @@ -0,0 +1,58 @@ +id: parallelus-salutation-ab49cd0603fd2aad8bd2addfd19e8e37 + +info: + name: > + Salutation Responsive WordPress Theme < 3.0.16 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/47f0795c-5a79-47e8-b118-f4f0e95ac53b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/parallelus-salutation/" + google-query: inurl:"/wp-content/themes/parallelus-salutation/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,parallelus-salutation,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/parallelus-salutation/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "parallelus-salutation" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/partdo-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml b/nuclei-templates/cve-less/themes/partdo-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml new file mode 100644 index 0000000000..406e633614 --- /dev/null +++ b/nuclei-templates/cve-less/themes/partdo-0ed3cd48ec0b8d5d59c0c2a69ba7db3d.yaml @@ -0,0 +1,58 @@ +id: partdo-0ed3cd48ec0b8d5d59c0c2a69ba7db3d + +info: + name: > + Multiple Themes by KlbTheme <= (Various Versions) - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d5036a-c756-47a6-b071-c393f8a6ce5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/partdo/" + google-query: inurl:"/wp-content/themes/partdo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,partdo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/partdo/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "partdo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/pathway-37917ea4c5b30e9a2f479f087050ff0a.yaml b/nuclei-templates/cve-less/themes/pathway-37917ea4c5b30e9a2f479f087050ff0a.yaml new file mode 100644 index 0000000000..95dc34c239 --- /dev/null +++ b/nuclei-templates/cve-less/themes/pathway-37917ea4c5b30e9a2f479f087050ff0a.yaml @@ -0,0 +1,58 @@ +id: pathway-37917ea4c5b30e9a2f479f087050ff0a + +info: + name: > + ColibriWP Theme framework <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/pathway/" + google-query: inurl:"/wp-content/themes/pathway/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,pathway,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pathway/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pathway" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.15') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/performag-09bb804f266b350634cb031ea62ca641.yaml b/nuclei-templates/cve-less/themes/performag-09bb804f266b350634cb031ea62ca641.yaml new file mode 100644 index 0000000000..d1d7a16836 --- /dev/null +++ b/nuclei-templates/cve-less/themes/performag-09bb804f266b350634cb031ea62ca641.yaml @@ -0,0 +1,58 @@ +id: performag-09bb804f266b350634cb031ea62ca641 + +info: + name: > + Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97c652c-f191-493d-9857-acaa4db8a49a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/performag/" + google-query: inurl:"/wp-content/themes/performag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,performag,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/performag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "performag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/performag-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/themes/performag-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..875bd20a59 --- /dev/null +++ b/nuclei-templates/cve-less/themes/performag-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: performag-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/performag/" + google-query: inurl:"/wp-content/themes/performag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,performag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/performag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "performag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/photocrati-theme-5f8f39bace71e82e660205813ebdbf8f.yaml b/nuclei-templates/cve-less/themes/photocrati-theme-5f8f39bace71e82e660205813ebdbf8f.yaml new file mode 100644 index 0000000000..de5087b26f --- /dev/null +++ b/nuclei-templates/cve-less/themes/photocrati-theme-5f8f39bace71e82e660205813ebdbf8f.yaml @@ -0,0 +1,58 @@ +id: photocrati-theme-5f8f39bace71e82e660205813ebdbf8f + +info: + name: > + PhotoCrati Theme <= 4.0 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/102ab838-9011-4da6-bc24-179be1328bcc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/photocrati-theme/" + google-query: inurl:"/wp-content/themes/photocrati-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,photocrati-theme,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/photocrati-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photocrati-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/photocrati-theme-95e54f65e6d0b56382227247b6627a71.yaml b/nuclei-templates/cve-less/themes/photocrati-theme-95e54f65e6d0b56382227247b6627a71.yaml new file mode 100644 index 0000000000..fb0cb100c0 --- /dev/null +++ b/nuclei-templates/cve-less/themes/photocrati-theme-95e54f65e6d0b56382227247b6627a71.yaml @@ -0,0 +1,58 @@ +id: photocrati-theme-95e54f65e6d0b56382227247b6627a71 + +info: + name: > + Photocrati <= 4.8.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5ab685c-1e58-43f3-a984-52afcfaa5aca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/photocrati-theme/" + google-query: inurl:"/wp-content/themes/photocrati-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,photocrati-theme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/photocrati-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photocrati-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/photology-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml b/nuclei-templates/cve-less/themes/photology-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml new file mode 100644 index 0000000000..3631bd8fb0 --- /dev/null +++ b/nuclei-templates/cve-less/themes/photology-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml @@ -0,0 +1,58 @@ +id: photology-0eadfcaa632fa9ba5901b3c6b61b28a7 + +info: + name: > + Multiple Themes by jegstudio <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edb34ad0-352e-462e-a7f1-64a804a760ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/photology/" + google-query: inurl:"/wp-content/themes/photology/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,photology,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/photology/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "photology" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/pinboard-da11574313c0b78ab88b69a807dbc63e.yaml b/nuclei-templates/cve-less/themes/pinboard-da11574313c0b78ab88b69a807dbc63e.yaml new file mode 100644 index 0000000000..bb8e7bbfae --- /dev/null +++ b/nuclei-templates/cve-less/themes/pinboard-da11574313c0b78ab88b69a807dbc63e.yaml @@ -0,0 +1,58 @@ +id: pinboard-da11574313c0b78ab88b69a807dbc63e + +info: + name: > + Pinboard <= 1.1.10 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17f2a0d5-6640-4ef9-a219-93a92571a5d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/pinboard/" + google-query: inurl:"/wp-content/themes/pinboard/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,pinboard,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pinboard/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pinboard" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.11') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/pinfinity-d160b72531c6001a36910570c68caf3f.yaml b/nuclei-templates/cve-less/themes/pinfinity-d160b72531c6001a36910570c68caf3f.yaml new file mode 100644 index 0000000000..74d0020a39 --- /dev/null +++ b/nuclei-templates/cve-less/themes/pinfinity-d160b72531c6001a36910570c68caf3f.yaml @@ -0,0 +1,58 @@ +id: pinfinity-d160b72531c6001a36910570c68caf3f + +info: + name: > + Pinfinity <= 1.9.2 - Reflected Cross-site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adbf25c2-b572-4a83-811e-3a5dda1ad8cd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/pinfinity/" + google-query: inurl:"/wp-content/themes/pinfinity/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,pinfinity,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pinfinity/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pinfinity" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/pixiv-custom-caeb5a0b48102c1758efb7acc2ae32c5.yaml b/nuclei-templates/cve-less/themes/pixiv-custom-caeb5a0b48102c1758efb7acc2ae32c5.yaml new file mode 100644 index 0000000000..676e91e150 --- /dev/null +++ b/nuclei-templates/cve-less/themes/pixiv-custom-caeb5a0b48102c1758efb7acc2ae32c5.yaml @@ -0,0 +1,58 @@ +id: pixiv-custom-caeb5a0b48102c1758efb7acc2ae32c5 + +info: + name: > + Pixiv Custom < 2.1.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7327f439-0088-4ad8-898a-30740fc62d6e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/pixiv-custom/" + google-query: inurl:"/wp-content/themes/pixiv-custom/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,pixiv-custom,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pixiv-custom/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixiv-custom" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/pixova-lite-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/pixova-lite-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..98dbbc10d2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/pixova-lite-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: pixova-lite-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/pixova-lite/" + google-query: inurl:"/wp-content/themes/pixova-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,pixova-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pixova-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pixova-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/platform-39d9e91ebde9c4d0e5ed1e82b99b21f1.yaml b/nuclei-templates/cve-less/themes/platform-39d9e91ebde9c4d0e5ed1e82b99b21f1.yaml new file mode 100644 index 0000000000..87241b4684 --- /dev/null +++ b/nuclei-templates/cve-less/themes/platform-39d9e91ebde9c4d0e5ed1e82b99b21f1.yaml @@ -0,0 +1,58 @@ +id: platform-39d9e91ebde9c4d0e5ed1e82b99b21f1 + +info: + name: > + Platform 4 <= 1.1.4 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1a3666b-2329-49c3-b017-9b495d90415e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/platform/" + google-query: inurl:"/wp-content/themes/platform/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,platform,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/platform/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "platform" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/pliska-a2a9df8b3604a4aa48635001d225e7fd.yaml b/nuclei-templates/cve-less/themes/pliska-a2a9df8b3604a4aa48635001d225e7fd.yaml new file mode 100644 index 0000000000..d1cd2c9b1a --- /dev/null +++ b/nuclei-templates/cve-less/themes/pliska-a2a9df8b3604a4aa48635001d225e7fd.yaml @@ -0,0 +1,58 @@ +id: pliska-a2a9df8b3604a4aa48635001d225e7fd + +info: + name: > + Pliska <= 0.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b4da6327-9ad1-4a53-b2c4-a4c31f56d0e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/pliska/" + google-query: inurl:"/wp-content/themes/pliska/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,pliska,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pliska/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pliska" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/pont-5bbc8aa8376e0b4126beac5ed3fccdfe.yaml b/nuclei-templates/cve-less/themes/pont-5bbc8aa8376e0b4126beac5ed3fccdfe.yaml new file mode 100644 index 0000000000..906ed688ab --- /dev/null +++ b/nuclei-templates/cve-less/themes/pont-5bbc8aa8376e0b4126beac5ed3fccdfe.yaml @@ -0,0 +1,58 @@ +id: pont-5bbc8aa8376e0b4126beac5ed3fccdfe + +info: + name: > + Pont <= 1.5 - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fe78766-0beb-4d6d-a2e6-92f79f117f50?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/pont/" + google-query: inurl:"/wp-content/themes/pont/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,pont,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pont/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pont" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/pool-7ff920414ab7dcbc44bc64e30066047c.yaml b/nuclei-templates/cve-less/themes/pool-7ff920414ab7dcbc44bc64e30066047c.yaml new file mode 100644 index 0000000000..db2bed69ea --- /dev/null +++ b/nuclei-templates/cve-less/themes/pool-7ff920414ab7dcbc44bc64e30066047c.yaml @@ -0,0 +1,58 @@ +id: pool-7ff920414ab7dcbc44bc64e30066047c + +info: + name: > + Pool <= 1.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/072fbfe7-37df-412e-bddb-68837473b3d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/pool/" + google-query: inurl:"/wp-content/themes/pool/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,pool,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pool/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pool" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/popularfx-64d81acfaf286b16665d31bcc42d2bfa.yaml b/nuclei-templates/cve-less/themes/popularfx-64d81acfaf286b16665d31bcc42d2bfa.yaml new file mode 100644 index 0000000000..4a66bda81c --- /dev/null +++ b/nuclei-templates/cve-less/themes/popularfx-64d81acfaf286b16665d31bcc42d2bfa.yaml @@ -0,0 +1,58 @@ +id: popularfx-64d81acfaf286b16665d31bcc42d2bfa + +info: + name: > + PopularFX <= 1.2.4 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dd248b4b-e7a6-4997-81d8-1d163cd85a9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/popularfx/" + google-query: inurl:"/wp-content/themes/popularfx/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,popularfx,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/popularfx/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "popularfx" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/porto-68e18ce0101bb6035f701d461eb70415.yaml b/nuclei-templates/cve-less/themes/porto-68e18ce0101bb6035f701d461eb70415.yaml new file mode 100644 index 0000000000..339d46b325 --- /dev/null +++ b/nuclei-templates/cve-less/themes/porto-68e18ce0101bb6035f701d461eb70415.yaml @@ -0,0 +1,58 @@ +id: porto-68e18ce0101bb6035f701d461eb70415 + +info: + name: > + Porto <= 7.1.0 - Authenticated (Contributor+) Local File Inclusion via Post Meta + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4bc3da9e-4b5f-4200-9df9-0ae953571377?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/porto/" + google-query: inurl:"/wp-content/themes/porto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,porto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/porto/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "porto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/porto-a4ba9fcc1f7e22d1ee8a16e40da81130.yaml b/nuclei-templates/cve-less/themes/porto-a4ba9fcc1f7e22d1ee8a16e40da81130.yaml new file mode 100644 index 0000000000..1b8047b2da --- /dev/null +++ b/nuclei-templates/cve-less/themes/porto-a4ba9fcc1f7e22d1ee8a16e40da81130.yaml @@ -0,0 +1,58 @@ +id: porto-a4ba9fcc1f7e22d1ee8a16e40da81130 + +info: + name: > + Porto <= 7.1.0 - Unauthenticated Local File Inclusion via porto_ajax_posts + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98ccc604-79c6-4be9-acb0-23fc82a31dfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/porto/" + google-query: inurl:"/wp-content/themes/porto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,porto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/porto/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "porto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/pressive-09bb804f266b350634cb031ea62ca641.yaml b/nuclei-templates/cve-less/themes/pressive-09bb804f266b350634cb031ea62ca641.yaml new file mode 100644 index 0000000000..09d4fd28a5 --- /dev/null +++ b/nuclei-templates/cve-less/themes/pressive-09bb804f266b350634cb031ea62ca641.yaml @@ -0,0 +1,58 @@ +id: pressive-09bb804f266b350634cb031ea62ca641 + +info: + name: > + Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97c652c-f191-493d-9857-acaa4db8a49a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/pressive/" + google-query: inurl:"/wp-content/themes/pressive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,pressive,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pressive/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pressive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/pressive-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/themes/pressive-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..07dfd7a610 --- /dev/null +++ b/nuclei-templates/cve-less/themes/pressive-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: pressive-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/pressive/" + google-query: inurl:"/wp-content/themes/pressive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,pressive,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pressive/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pressive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/punte-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/punte-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..6c0cb65541 --- /dev/null +++ b/nuclei-templates/cve-less/themes/punte-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: punte-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/punte/" + google-query: inurl:"/wp-content/themes/punte/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,punte,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/punte/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "punte" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/punte-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/punte-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..466c78d9cf --- /dev/null +++ b/nuclei-templates/cve-less/themes/punte-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: punte-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/punte/" + google-query: inurl:"/wp-content/themes/punte/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,punte,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/punte/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "punte" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/pyrmont-v2-f10a2f89b43d6c910b6e1605fdde5663.yaml b/nuclei-templates/cve-less/themes/pyrmont-v2-f10a2f89b43d6c910b6e1605fdde5663.yaml new file mode 100644 index 0000000000..54ba239002 --- /dev/null +++ b/nuclei-templates/cve-less/themes/pyrmont-v2-f10a2f89b43d6c910b6e1605fdde5663.yaml @@ -0,0 +1,58 @@ +id: pyrmont-v2-f10a2f89b43d6c910b6e1605fdde5663 + +info: + name: > + Pyrmont V2 <= 2.0.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d03b4dcd-297d-4361-9cc4-6ccf3d4f0e85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/pyrmont-v2/" + google-query: inurl:"/wp-content/themes/pyrmont-v2/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,pyrmont-v2,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/pyrmont-v2/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "pyrmont-v2" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/quota-b91f6a56da52c114b3a84093ea345821.yaml b/nuclei-templates/cve-less/themes/quota-b91f6a56da52c114b3a84093ea345821.yaml new file mode 100644 index 0000000000..9180a2d891 --- /dev/null +++ b/nuclei-templates/cve-less/themes/quota-b91f6a56da52c114b3a84093ea345821.yaml @@ -0,0 +1,58 @@ +id: quota-b91f6a56da52c114b3a84093ea345821 + +info: + name: > + Easy Digital Downloads - Quota < 1.2.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9a13cbc7-fd51-43e6-bf22-4d0510c5a1c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/quota/" + google-query: inurl:"/wp-content/themes/quota/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,quota,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/quota/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "quota" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/raise-mag-a81a5bf9125eeee92e00bfdaa83c90ee.yaml b/nuclei-templates/cve-less/themes/raise-mag-a81a5bf9125eeee92e00bfdaa83c90ee.yaml new file mode 100644 index 0000000000..df0f8db887 --- /dev/null +++ b/nuclei-templates/cve-less/themes/raise-mag-a81a5bf9125eeee92e00bfdaa83c90ee.yaml @@ -0,0 +1,58 @@ +id: raise-mag-a81a5bf9125eeee92e00bfdaa83c90ee + +info: + name: > + Wishful Blog <= 2.0.1 & Raise Mag <= 1.0.7 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb33f779-d045-48dd-babe-8b1fab903124?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/raise-mag/" + google-query: inurl:"/wp-content/themes/raise-mag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,raise-mag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/raise-mag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "raise-mag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/real-estate-directory-0c8164317d8680b32c0889f7b19b5e0b.yaml b/nuclei-templates/cve-less/themes/real-estate-directory-0c8164317d8680b32c0889f7b19b5e0b.yaml new file mode 100644 index 0000000000..974f738cc0 --- /dev/null +++ b/nuclei-templates/cve-less/themes/real-estate-directory-0c8164317d8680b32c0889f7b19b5e0b.yaml @@ -0,0 +1,58 @@ +id: real-estate-directory-0c8164317d8680b32c0889f7b19b5e0b + +info: + name: > + Real Estate Directory <= 1.0.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17031e21-e697-4e01-8848-c3957f5dac7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/real-estate-directory/" + google-query: inurl:"/wp-content/themes/real-estate-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,real-estate-directory,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/real-estate-directory/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-estate-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/real-estate-directory-527c1df8473c8a3efd5589ba81b0395f.yaml b/nuclei-templates/cve-less/themes/real-estate-directory-527c1df8473c8a3efd5589ba81b0395f.yaml new file mode 100644 index 0000000000..3b0afd1c3d --- /dev/null +++ b/nuclei-templates/cve-less/themes/real-estate-directory-527c1df8473c8a3efd5589ba81b0395f.yaml @@ -0,0 +1,58 @@ +id: real-estate-directory-527c1df8473c8a3efd5589ba81b0395f + +info: + name: > + Real Estate Directory <= 1.0.5 - Cross-Site Request Forgery via rdm_activate_plugin + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/39a50c49-5c24-4ae7-8f77-4f3d98270f8f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/real-estate-directory/" + google-query: inurl:"/wp-content/themes/real-estate-directory/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,real-estate-directory,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/real-estate-directory/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "real-estate-directory" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/realestate-7-8be48b3453eb15360ed107a9ab69d0f6.yaml b/nuclei-templates/cve-less/themes/realestate-7-8be48b3453eb15360ed107a9ab69d0f6.yaml new file mode 100644 index 0000000000..f173c22b71 --- /dev/null +++ b/nuclei-templates/cve-less/themes/realestate-7-8be48b3453eb15360ed107a9ab69d0f6.yaml @@ -0,0 +1,58 @@ +id: realestate-7-8be48b3453eb15360ed107a9ab69d0f6 + +info: + name: > + Real Estate 7 Theme <= 3.3.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/952aec28-a380-4c6d-8391-b21cddf90a5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/realestate-7/" + google-query: inurl:"/wp-content/themes/realestate-7/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,realestate-7,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/realestate-7/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "realestate-7" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/realhomes-4a61498f6efba74cb49bf8c1a7045be1.yaml b/nuclei-templates/cve-less/themes/realhomes-4a61498f6efba74cb49bf8c1a7045be1.yaml new file mode 100644 index 0000000000..037e521e45 --- /dev/null +++ b/nuclei-templates/cve-less/themes/realhomes-4a61498f6efba74cb49bf8c1a7045be1.yaml @@ -0,0 +1,58 @@ +id: realhomes-4a61498f6efba74cb49bf8c1a7045be1 + +info: + name: > + RealHomes <= 4.0.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3ee6004-03d1-4216-b22e-0aadc1f4d9de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/realhomes/" + google-query: inurl:"/wp-content/themes/realhomes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,realhomes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/realhomes/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "realhomes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/realhomes-d33a8c081c58ee9aa399ed8893b885f0.yaml b/nuclei-templates/cve-less/themes/realhomes-d33a8c081c58ee9aa399ed8893b885f0.yaml new file mode 100644 index 0000000000..2f2cd29337 --- /dev/null +++ b/nuclei-templates/cve-less/themes/realhomes-d33a8c081c58ee9aa399ed8893b885f0.yaml @@ -0,0 +1,58 @@ +id: realhomes-d33a8c081c58ee9aa399ed8893b885f0 + +info: + name: > + RealHomes <= 4.0.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d918b6ae-a72c-48dc-885b-19be49d578dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/realhomes/" + google-query: inurl:"/wp-content/themes/realhomes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,realhomes,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/realhomes/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "realhomes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/redline-6d6ebc25c70df8d2d5941ea4d08ecee0.yaml b/nuclei-templates/cve-less/themes/redline-6d6ebc25c70df8d2d5941ea4d08ecee0.yaml new file mode 100644 index 0000000000..ecc8fda4a4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/redline-6d6ebc25c70df8d2d5941ea4d08ecee0.yaml @@ -0,0 +1,58 @@ +id: redline-6d6ebc25c70df8d2d5941ea4d08ecee0 + +info: + name: > + RedLine < 1.66 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/362fcd02-73c3-413b-8076-694c4d55544d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/redline/" + google-query: inurl:"/wp-content/themes/redline/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,redline,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/redline/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "redline" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.66') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/regina-lite-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/regina-lite-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..7bbece02fc --- /dev/null +++ b/nuclei-templates/cve-less/themes/regina-lite-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: regina-lite-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/regina-lite/" + google-query: inurl:"/wp-content/themes/regina-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,regina-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/regina-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "regina-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/regina-lite-f1520e7afffb75e51c28f74d7ae1e832.yaml b/nuclei-templates/cve-less/themes/regina-lite-f1520e7afffb75e51c28f74d7ae1e832.yaml new file mode 100644 index 0000000000..29c11bd792 --- /dev/null +++ b/nuclei-templates/cve-less/themes/regina-lite-f1520e7afffb75e51c28f74d7ae1e832.yaml @@ -0,0 +1,58 @@ +id: regina-lite-f1520e7afffb75e51c28f74d7ae1e832 + +info: + name: > + Regina Lite <= 2.0.7 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dcd3452-a340-44e5-b292-347dc69ab863?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/regina-lite/" + google-query: inurl:"/wp-content/themes/regina-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,regina-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/regina-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "regina-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/rehub-theme-7848dbbabd9f06e0c602290bde397eb1.yaml b/nuclei-templates/cve-less/themes/rehub-theme-7848dbbabd9f06e0c602290bde397eb1.yaml new file mode 100644 index 0000000000..ca826c3ec8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/rehub-theme-7848dbbabd9f06e0c602290bde397eb1.yaml @@ -0,0 +1,58 @@ +id: rehub-theme-7848dbbabd9f06e0c602290bde397eb1 + +info: + name: > + Rehub <= 19.6.1 - Authenticated (Subscriber+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b23ab054-11c9-4229-9adc-6eef6f81c3f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/rehub-theme/" + google-query: inurl:"/wp-content/themes/rehub-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,rehub-theme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/rehub-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rehub-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/rehub-theme-b4a06dd8a8b5f551ef3c31a46e092a4e.yaml b/nuclei-templates/cve-less/themes/rehub-theme-b4a06dd8a8b5f551ef3c31a46e092a4e.yaml new file mode 100644 index 0000000000..b64fcf00d8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/rehub-theme-b4a06dd8a8b5f551ef3c31a46e092a4e.yaml @@ -0,0 +1,58 @@ +id: rehub-theme-b4a06dd8a8b5f551ef3c31a46e092a4e + +info: + name: > + Rehub <= 19.6.1 - Authenticated (Editor+) Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5244db8-86b3-4d1d-8fd6-febfd5a7372e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/rehub-theme/" + google-query: inurl:"/wp-content/themes/rehub-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,rehub-theme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/rehub-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rehub-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/rehub-theme-b8220e763aaa4255ba01ed2e30a358fd.yaml b/nuclei-templates/cve-less/themes/rehub-theme-b8220e763aaa4255ba01ed2e30a358fd.yaml new file mode 100644 index 0000000000..f44d27de5d --- /dev/null +++ b/nuclei-templates/cve-less/themes/rehub-theme-b8220e763aaa4255ba01ed2e30a358fd.yaml @@ -0,0 +1,58 @@ +id: rehub-theme-b8220e763aaa4255ba01ed2e30a358fd + +info: + name: > + Rehub <= 19.6.1 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e188b3a4-ddb2-405b-840f-4f13db5dbf3a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/rehub-theme/" + google-query: inurl:"/wp-content/themes/rehub-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,rehub-theme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/rehub-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rehub-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.6.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/resoto-87e4105fcd662623c87dc5371d2bcde2.yaml b/nuclei-templates/cve-less/themes/resoto-87e4105fcd662623c87dc5371d2bcde2.yaml new file mode 100644 index 0000000000..9229039bd9 --- /dev/null +++ b/nuclei-templates/cve-less/themes/resoto-87e4105fcd662623c87dc5371d2bcde2.yaml @@ -0,0 +1,58 @@ +id: resoto-87e4105fcd662623c87dc5371d2bcde2 + +info: + name: > + Resoto <= 1.0.8 - Missing Authorization leading to Authenticated (Subscriber+) Arbitrary Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb5c5e82-d6e5-4237-958f-12fc4698e77e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/resoto/" + google-query: inurl:"/wp-content/themes/resoto/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,resoto,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/resoto/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "resoto" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/responsive-935bd93984704dacecafedc205b598e5.yaml b/nuclei-templates/cve-less/themes/responsive-935bd93984704dacecafedc205b598e5.yaml new file mode 100644 index 0000000000..94ca30c737 --- /dev/null +++ b/nuclei-templates/cve-less/themes/responsive-935bd93984704dacecafedc205b598e5.yaml @@ -0,0 +1,58 @@ +id: responsive-935bd93984704dacecafedc205b598e5 + +info: + name: > + Responsive <= 5.0.2 - Missing Authorization to HTML Injection + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbe0cc57-a17d-4f91-887f-fe819b32f6b3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/responsive/" + google-query: inurl:"/wp-content/themes/responsive/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,responsive,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/responsive/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "responsive" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/restaurant-and-cafe-c69c081915e9f9d8dfc0bc8f1bf2863b.yaml b/nuclei-templates/cve-less/themes/restaurant-and-cafe-c69c081915e9f9d8dfc0bc8f1bf2863b.yaml new file mode 100644 index 0000000000..bce7275e26 --- /dev/null +++ b/nuclei-templates/cve-less/themes/restaurant-and-cafe-c69c081915e9f9d8dfc0bc8f1bf2863b.yaml @@ -0,0 +1,58 @@ +id: restaurant-and-cafe-c69c081915e9f9d8dfc0bc8f1bf2863b + +info: + name: > + Restaurant and Cafe <= 1.2.1 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f4424be-d63d-431d-a237-2bff6c4a647a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/restaurant-and-cafe/" + google-query: inurl:"/wp-content/themes/restaurant-and-cafe/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,restaurant-and-cafe,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/restaurant-and-cafe/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restaurant-and-cafe" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/restricted-site-access-da96835466676ae365fbd594b9bba421.yaml b/nuclei-templates/cve-less/themes/restricted-site-access-da96835466676ae365fbd594b9bba421.yaml new file mode 100644 index 0000000000..fdca1696c8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/restricted-site-access-da96835466676ae365fbd594b9bba421.yaml @@ -0,0 +1,58 @@ +id: restricted-site-access-da96835466676ae365fbd594b9bba421 + +info: + name: > + Restricted Site Access <= 7.4.1 - IP Spoofing to Protection Mechanism Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/804169d3-a53a-42ba-821d-e9647ac075c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/restricted-site-access/" + google-query: inurl:"/wp-content/themes/restricted-site-access/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,restricted-site-access,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/restricted-site-access/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "restricted-site-access" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/revolve-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/revolve-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..95676d283c --- /dev/null +++ b/nuclei-templates/cve-less/themes/revolve-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: revolve-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/revolve/" + google-query: inurl:"/wp-content/themes/revolve/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,revolve,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/revolve/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revolve" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/revolve-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/revolve-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..723964c300 --- /dev/null +++ b/nuclei-templates/cve-less/themes/revolve-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: revolve-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/revolve/" + google-query: inurl:"/wp-content/themes/revolve/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,revolve,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/revolve/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "revolve" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/ripple-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/ripple-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..e6740c3e45 --- /dev/null +++ b/nuclei-templates/cve-less/themes/ripple-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: ripple-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/ripple/" + google-query: inurl:"/wp-content/themes/ripple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,ripple,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ripple/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ripple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/ripple-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/ripple-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..387f129079 --- /dev/null +++ b/nuclei-templates/cve-less/themes/ripple-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: ripple-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/ripple/" + google-query: inurl:"/wp-content/themes/ripple/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,ripple,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ripple/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ripple" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/rise-09bb804f266b350634cb031ea62ca641.yaml b/nuclei-templates/cve-less/themes/rise-09bb804f266b350634cb031ea62ca641.yaml new file mode 100644 index 0000000000..31b83c5197 --- /dev/null +++ b/nuclei-templates/cve-less/themes/rise-09bb804f266b350634cb031ea62ca641.yaml @@ -0,0 +1,58 @@ +id: rise-09bb804f266b350634cb031ea62ca641 + +info: + name: > + Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97c652c-f191-493d-9857-acaa4db8a49a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/rise/" + google-query: inurl:"/wp-content/themes/rise/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,rise,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/rise/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rise" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/rise-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/themes/rise-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..790cfa2d7b --- /dev/null +++ b/nuclei-templates/cve-less/themes/rise-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: rise-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/rise/" + google-query: inurl:"/wp-content/themes/rise/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,rise,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/rise/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "rise" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/royal-elementor-kit-a2114fc45474e481aea36dcc9b5f1c4d.yaml b/nuclei-templates/cve-less/themes/royal-elementor-kit-a2114fc45474e481aea36dcc9b5f1c4d.yaml new file mode 100644 index 0000000000..5f5d89b9a2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/royal-elementor-kit-a2114fc45474e481aea36dcc9b5f1c4d.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-kit-a2114fc45474e481aea36dcc9b5f1c4d + +info: + name: > + Royal Elementor Kit <= 1.0.116 - Missing Authorization to Arbitrary Transient Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/royal-elementor-kit/" + google-query: inurl:"/wp-content/themes/royal-elementor-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,royal-elementor-kit,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/royal-elementor-kit/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.116') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/royal-elementor-kit-c3f19b4938e0be4a55a8b5f19fc9f5b1.yaml b/nuclei-templates/cve-less/themes/royal-elementor-kit-c3f19b4938e0be4a55a8b5f19fc9f5b1.yaml new file mode 100644 index 0000000000..3a67bf10c8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/royal-elementor-kit-c3f19b4938e0be4a55a8b5f19fc9f5b1.yaml @@ -0,0 +1,58 @@ +id: royal-elementor-kit-c3f19b4938e0be4a55a8b5f19fc9f5b1 + +info: + name: > + Royal Elementor Kit <= 1.0.116 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90863334-9464-466b-bb32-870c78095ca4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/royal-elementor-kit/" + google-query: inurl:"/wp-content/themes/royal-elementor-kit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,royal-elementor-kit,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/royal-elementor-kit/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "royal-elementor-kit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.116') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/sakala-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/sakala-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..5f0f832a9e --- /dev/null +++ b/nuclei-templates/cve-less/themes/sakala-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: sakala-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/sakala/" + google-query: inurl:"/wp-content/themes/sakala/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,sakala,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/sakala/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sakala" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/sakala-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/sakala-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..7098d7d62b --- /dev/null +++ b/nuclei-templates/cve-less/themes/sakala-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: sakala-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/sakala/" + google-query: inurl:"/wp-content/themes/sakala/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,sakala,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/sakala/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sakala" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/salutation-wp-26ee088c8368fd2a8bcecfc18ae8bb11.yaml b/nuclei-templates/cve-less/themes/salutation-wp-26ee088c8368fd2a8bcecfc18ae8bb11.yaml new file mode 100644 index 0000000000..26e1171acd --- /dev/null +++ b/nuclei-templates/cve-less/themes/salutation-wp-26ee088c8368fd2a8bcecfc18ae8bb11.yaml @@ -0,0 +1,58 @@ +id: salutation-wp-26ee088c8368fd2a8bcecfc18ae8bb11 + +info: + name: > + Salutation < 3.0.16 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/895e9ead-14d8-432b-81dd-4d292eee462a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/salutation-wp/" + google-query: inurl:"/wp-content/themes/salutation-wp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,salutation-wp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/salutation-wp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "salutation-wp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.16') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/sarada-lite-4dd17e99df33e7a68f2a978cf00a71e1.yaml b/nuclei-templates/cve-less/themes/sarada-lite-4dd17e99df33e7a68f2a978cf00a71e1.yaml new file mode 100644 index 0000000000..606f69511e --- /dev/null +++ b/nuclei-templates/cve-less/themes/sarada-lite-4dd17e99df33e7a68f2a978cf00a71e1.yaml @@ -0,0 +1,58 @@ +id: sarada-lite-4dd17e99df33e7a68f2a978cf00a71e1 + +info: + name: > + Sarada Lite <= 1.1.2 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aff013d9-9e0d-42e8-a351-f1278060e649?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/sarada-lite/" + google-query: inurl:"/wp-content/themes/sarada-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,sarada-lite,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/sarada-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sarada-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/scoreme-88013bc8aa189f38a19a59f4e02b7e1e.yaml b/nuclei-templates/cve-less/themes/scoreme-88013bc8aa189f38a19a59f4e02b7e1e.yaml new file mode 100644 index 0000000000..e47191ac12 --- /dev/null +++ b/nuclei-templates/cve-less/themes/scoreme-88013bc8aa189f38a19a59f4e02b7e1e.yaml @@ -0,0 +1,58 @@ +id: scoreme-88013bc8aa189f38a19a59f4e02b7e1e + +info: + name: > + ScoreMe <= 2016-04-01 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd671562-adc8-40b0-af26-9daef70effa6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/scoreme/" + google-query: inurl:"/wp-content/themes/scoreme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,scoreme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/scoreme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scoreme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2016-04-01') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/scrollme-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/scrollme-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..5353fb9822 --- /dev/null +++ b/nuclei-templates/cve-less/themes/scrollme-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: scrollme-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/scrollme/" + google-query: inurl:"/wp-content/themes/scrollme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,scrollme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/scrollme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scrollme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/scrollme-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/scrollme-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..d7c6731ee5 --- /dev/null +++ b/nuclei-templates/cve-less/themes/scrollme-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: scrollme-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/scrollme/" + google-query: inurl:"/wp-content/themes/scrollme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,scrollme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/scrollme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "scrollme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/shapely-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/shapely-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..5cfd0652c2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/shapely-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: shapely-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/shapely/" + google-query: inurl:"/wp-content/themes/shapely/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,shapely,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/shapely/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shapely" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/shoppette-c5cd64fdc88a18d66954d78adc22f76d.yaml b/nuclei-templates/cve-less/themes/shoppette-c5cd64fdc88a18d66954d78adc22f76d.yaml new file mode 100644 index 0000000000..9f682c9b4e --- /dev/null +++ b/nuclei-templates/cve-less/themes/shoppette-c5cd64fdc88a18d66954d78adc22f76d.yaml @@ -0,0 +1,58 @@ +id: shoppette-c5cd64fdc88a18d66954d78adc22f76d + +info: + name: > + Easy Digital Downloads – Shoppette Theme < 1.0.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dcfe3035-db43-499f-b09f-be528725b1d8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/shoppette/" + google-query: inurl:"/wp-content/themes/shoppette/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,shoppette,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/shoppette/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shoppette" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/shopstar-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/cve-less/themes/shopstar-086335e3764d29c07c7d7cc4e2750c93.yaml new file mode 100644 index 0000000000..d723f9b3c4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/shopstar-086335e3764d29c07c7d7cc4e2750c93.yaml @@ -0,0 +1,58 @@ +id: shopstar-086335e3764d29c07c7d7cc4e2750c93 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/shopstar/" + google-query: inurl:"/wp-content/themes/shopstar/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,shopstar,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/shopstar/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "shopstar" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1.34') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/simpolio-464f844153534ce96044f5502d947b55.yaml b/nuclei-templates/cve-less/themes/simpolio-464f844153534ce96044f5502d947b55.yaml new file mode 100644 index 0000000000..1c8850ed5c --- /dev/null +++ b/nuclei-templates/cve-less/themes/simpolio-464f844153534ce96044f5502d947b55.yaml @@ -0,0 +1,58 @@ +id: simpolio-464f844153534ce96044f5502d947b55 + +info: + name: > + Simpolio - Fullscreen Portfolio & Blog HTML Theme <= 1.3.2 - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/27b9ff55-f2b4-4713-a39d-6f57ee4c229b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/simpolio/" + google-query: inurl:"/wp-content/themes/simpolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,simpolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/simpolio/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "simpolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/sirius-b962a43c022ee33e3f132497b433375e.yaml b/nuclei-templates/cve-less/themes/sirius-b962a43c022ee33e3f132497b433375e.yaml new file mode 100644 index 0000000000..9f0de7a769 --- /dev/null +++ b/nuclei-templates/cve-less/themes/sirius-b962a43c022ee33e3f132497b433375e.yaml @@ -0,0 +1,58 @@ +id: sirius-b962a43c022ee33e3f132497b433375e + +info: + name: > + Sirius <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28f08640-cd63-4f2a-a785-1956dc051991?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/sirius/" + google-query: inurl:"/wp-content/themes/sirius/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,sirius,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/sirius/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sirius" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/sliding-door-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/cve-less/themes/sliding-door-086335e3764d29c07c7d7cc4e2750c93.yaml new file mode 100644 index 0000000000..4f7b0735fb --- /dev/null +++ b/nuclei-templates/cve-less/themes/sliding-door-086335e3764d29c07c7d7cc4e2750c93.yaml @@ -0,0 +1,58 @@ +id: sliding-door-086335e3764d29c07c7d7cc4e2750c93 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/sliding-door/" + google-query: inurl:"/wp-content/themes/sliding-door/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,sliding-door,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/sliding-door/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sliding-door" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/smartit-dc6219f91f46d9292d66b44460a2668b.yaml b/nuclei-templates/cve-less/themes/smartit-dc6219f91f46d9292d66b44460a2668b.yaml new file mode 100644 index 0000000000..7ad1f794d6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/smartit-dc6219f91f46d9292d66b44460a2668b.yaml @@ -0,0 +1,58 @@ +id: smartit-dc6219f91f46d9292d66b44460a2668b + +info: + name: > + SmartIT Premium Responsive (Unspecified Version) - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76bb0578-d562-4612-b7aa-db49c43b2fe1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/smartit/" + google-query: inurl:"/wp-content/themes/smartit/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,smartit,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/smartit/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "smartit" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/soledad-1e964bc864ca0fa372e686235b23e1f1.yaml b/nuclei-templates/cve-less/themes/soledad-1e964bc864ca0fa372e686235b23e1f1.yaml new file mode 100644 index 0000000000..136e0f6080 --- /dev/null +++ b/nuclei-templates/cve-less/themes/soledad-1e964bc864ca0fa372e686235b23e1f1.yaml @@ -0,0 +1,58 @@ +id: soledad-1e964bc864ca0fa372e686235b23e1f1 + +info: + name: > + Soledad <= 8.4.1 - Unauthenticated PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e954190-7c58-4044-a85e-a188fe5b6d89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/soledad/" + google-query: inurl:"/wp-content/themes/soledad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,soledad,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/soledad/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soledad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/soledad-33c4d0a0f515bd1cedf9cdcf55231d10.yaml b/nuclei-templates/cve-less/themes/soledad-33c4d0a0f515bd1cedf9cdcf55231d10.yaml new file mode 100644 index 0000000000..c9596f2e7d --- /dev/null +++ b/nuclei-templates/cve-less/themes/soledad-33c4d0a0f515bd1cedf9cdcf55231d10.yaml @@ -0,0 +1,58 @@ +id: soledad-33c4d0a0f515bd1cedf9cdcf55231d10 + +info: + name: > + Soledad <= 8.2.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee1ee4c4-871d-4a3d-8ca6-3675d248d5e8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/soledad/" + google-query: inurl:"/wp-content/themes/soledad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,soledad,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/soledad/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soledad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/soledad-4f22cc4c7f59ad21868eda159380a421.yaml b/nuclei-templates/cve-less/themes/soledad-4f22cc4c7f59ad21868eda159380a421.yaml new file mode 100644 index 0000000000..7fee9e56e8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/soledad-4f22cc4c7f59ad21868eda159380a421.yaml @@ -0,0 +1,58 @@ +id: soledad-4f22cc4c7f59ad21868eda159380a421 + +info: + name: > + Soledad <= 8.4.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/30881bed-9a5c-4a7f-9065-f11a1b336892?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/soledad/" + google-query: inurl:"/wp-content/themes/soledad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,soledad,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/soledad/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soledad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/soledad-6a8cda00f1080a3aa286a272f860fd12.yaml b/nuclei-templates/cve-less/themes/soledad-6a8cda00f1080a3aa286a272f860fd12.yaml new file mode 100644 index 0000000000..ff4c02786d --- /dev/null +++ b/nuclei-templates/cve-less/themes/soledad-6a8cda00f1080a3aa286a272f860fd12.yaml @@ -0,0 +1,58 @@ +id: soledad-6a8cda00f1080a3aa286a272f860fd12 + +info: + name: > + Soledad <= 8.4.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f6412bf-65ec-445f-a1fe-27aeb8330712?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/soledad/" + google-query: inurl:"/wp-content/themes/soledad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,soledad,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/soledad/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soledad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/soledad-6b8df25137f38e4882527178954fd3e6.yaml b/nuclei-templates/cve-less/themes/soledad-6b8df25137f38e4882527178954fd3e6.yaml new file mode 100644 index 0000000000..3d21278ceb --- /dev/null +++ b/nuclei-templates/cve-less/themes/soledad-6b8df25137f38e4882527178954fd3e6.yaml @@ -0,0 +1,58 @@ +id: soledad-6b8df25137f38e4882527178954fd3e6 + +info: + name: > + Soledad <= 8.4.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f83b36fe-4e46-4ab7-a113-6dcfa7cce625?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/soledad/" + google-query: inurl:"/wp-content/themes/soledad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,soledad,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/soledad/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soledad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/soledad-7cd3fabdb13125f30851d3aa6b007d33.yaml b/nuclei-templates/cve-less/themes/soledad-7cd3fabdb13125f30851d3aa6b007d33.yaml new file mode 100644 index 0000000000..6793cea442 --- /dev/null +++ b/nuclei-templates/cve-less/themes/soledad-7cd3fabdb13125f30851d3aa6b007d33.yaml @@ -0,0 +1,58 @@ +id: soledad-7cd3fabdb13125f30851d3aa6b007d33 + +info: + name: > + Soledad <= 8.4.5 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9454765-f70b-4d8d-a5cc-28bc34375216?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/soledad/" + google-query: inurl:"/wp-content/themes/soledad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,soledad,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/soledad/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soledad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/soledad-bca67036ec26c26cd0007b6d8426083e.yaml b/nuclei-templates/cve-less/themes/soledad-bca67036ec26c26cd0007b6d8426083e.yaml new file mode 100644 index 0000000000..80b538b278 --- /dev/null +++ b/nuclei-templates/cve-less/themes/soledad-bca67036ec26c26cd0007b6d8426083e.yaml @@ -0,0 +1,58 @@ +id: soledad-bca67036ec26c26cd0007b6d8426083e + +info: + name: > + Soledad <= 8.2.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1fd566e5-90f5-4f67-8998-85cabea33e93?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/soledad/" + google-query: inurl:"/wp-content/themes/soledad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,soledad,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/soledad/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soledad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/soledad-c15a76ab76b6bacb9d3a014790c1e98c.yaml b/nuclei-templates/cve-less/themes/soledad-c15a76ab76b6bacb9d3a014790c1e98c.yaml new file mode 100644 index 0000000000..dde0c5ccbc --- /dev/null +++ b/nuclei-templates/cve-less/themes/soledad-c15a76ab76b6bacb9d3a014790c1e98c.yaml @@ -0,0 +1,58 @@ +id: soledad-c15a76ab76b6bacb9d3a014790c1e98c + +info: + name: > + Soledad <= 8.2.5 - Authenticated (Subscriber+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4113a88f-5203-4fe6-9fb4-c59a63174418?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/soledad/" + google-query: inurl:"/wp-content/themes/soledad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,soledad,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/soledad/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soledad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.2.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/soledad-f1943d1009d5a9a5f1799b0883b7d043.yaml b/nuclei-templates/cve-less/themes/soledad-f1943d1009d5a9a5f1799b0883b7d043.yaml new file mode 100644 index 0000000000..ad2512bfaa --- /dev/null +++ b/nuclei-templates/cve-less/themes/soledad-f1943d1009d5a9a5f1799b0883b7d043.yaml @@ -0,0 +1,58 @@ +id: soledad-f1943d1009d5a9a5f1799b0883b7d043 + +info: + name: > + Soledad <= 8.4.1 - Authenticated (Contributor+) SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7a9846c4-4678-4c25-84fd-b05d21ea34fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/soledad/" + google-query: inurl:"/wp-content/themes/soledad/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,soledad,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/soledad/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soledad" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 8.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/soundblast-5bf9d91713d8c35818245877f73557be.yaml b/nuclei-templates/cve-less/themes/soundblast-5bf9d91713d8c35818245877f73557be.yaml new file mode 100644 index 0000000000..d601e308a2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/soundblast-5bf9d91713d8c35818245877f73557be.yaml @@ -0,0 +1,58 @@ +id: soundblast-5bf9d91713d8c35818245877f73557be + +info: + name: > + Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/soundblast/" + google-query: inurl:"/wp-content/themes/soundblast/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,soundblast,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/soundblast/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "soundblast" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/spa-and-salon-8605169c0986bc4adffdd4b6cd4bbc09.yaml b/nuclei-templates/cve-less/themes/spa-and-salon-8605169c0986bc4adffdd4b6cd4bbc09.yaml new file mode 100644 index 0000000000..89264957f6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/spa-and-salon-8605169c0986bc4adffdd4b6cd4bbc09.yaml @@ -0,0 +1,58 @@ +id: spa-and-salon-8605169c0986bc4adffdd4b6cd4bbc09 + +info: + name: > + Spa and Salon <= 1.2.7 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c6e6335-7f18-425a-bb86-7e4fc09dae86?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/spa-and-salon/" + google-query: inurl:"/wp-content/themes/spa-and-salon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,spa-and-salon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/spa-and-salon/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spa-and-salon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/sparklestore-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/cve-less/themes/sparklestore-4afe438c3219ba223c08f05567ce5890.yaml new file mode 100644 index 0000000000..1303de9113 --- /dev/null +++ b/nuclei-templates/cve-less/themes/sparklestore-4afe438c3219ba223c08f05567ce5890.yaml @@ -0,0 +1,58 @@ +id: sparklestore-4afe438c3219ba223c08f05567ce5890 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/sparklestore/" + google-query: inurl:"/wp-content/themes/sparklestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,sparklestore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/sparklestore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sparklestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.6.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/sparklestore-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/cve-less/themes/sparklestore-57ce58b6230c68936a87b493b14f2285.yaml new file mode 100644 index 0000000000..a0239161c3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/sparklestore-57ce58b6230c68936a87b493b14f2285.yaml @@ -0,0 +1,58 @@ +id: sparklestore-57ce58b6230c68936a87b493b14f2285 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/sparklestore/" + google-query: inurl:"/wp-content/themes/sparklestore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,sparklestore,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/sparklestore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sparklestore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.5.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/sparkling-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/sparkling-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..d8bebd3c7f --- /dev/null +++ b/nuclei-templates/cve-less/themes/sparkling-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: sparkling-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/sparkling/" + google-query: inurl:"/wp-content/themes/sparkling/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,sparkling,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/sparkling/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "sparkling" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/spidermag-4afe438c3219ba223c08f05567ce5890.yaml b/nuclei-templates/cve-less/themes/spidermag-4afe438c3219ba223c08f05567ce5890.yaml new file mode 100644 index 0000000000..6622c53be8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/spidermag-4afe438c3219ba223c08f05567ce5890.yaml @@ -0,0 +1,58 @@ +id: spidermag-4afe438c3219ba223c08f05567ce5890 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c37bfdeb-2d0c-4ace-94cc-b85c16985994?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/spidermag/" + google-query: inurl:"/wp-content/themes/spidermag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,spidermag,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/spidermag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spidermag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/spidermag-57ce58b6230c68936a87b493b14f2285.yaml b/nuclei-templates/cve-less/themes/spidermag-57ce58b6230c68936a87b493b14f2285.yaml new file mode 100644 index 0000000000..dd6ed0eb93 --- /dev/null +++ b/nuclei-templates/cve-less/themes/spidermag-57ce58b6230c68936a87b493b14f2285.yaml @@ -0,0 +1,58 @@ +id: spidermag-57ce58b6230c68936a87b493b14f2285 + +info: + name: > + Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/62e30cef-ce5d-4450-989e-f08f09b7638f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/spidermag/" + google-query: inurl:"/wp-content/themes/spidermag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,spidermag,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/spidermag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spidermag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/spikes-5bf9d91713d8c35818245877f73557be.yaml b/nuclei-templates/cve-less/themes/spikes-5bf9d91713d8c35818245877f73557be.yaml new file mode 100644 index 0000000000..83a469efb5 --- /dev/null +++ b/nuclei-templates/cve-less/themes/spikes-5bf9d91713d8c35818245877f73557be.yaml @@ -0,0 +1,58 @@ +id: spikes-5bf9d91713d8c35818245877f73557be + +info: + name: > + Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/spikes/" + google-query: inurl:"/wp-content/themes/spikes/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,spikes,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/spikes/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spikes" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/spikes-black-5bf9d91713d8c35818245877f73557be.yaml b/nuclei-templates/cve-less/themes/spikes-black-5bf9d91713d8c35818245877f73557be.yaml new file mode 100644 index 0000000000..cff73621e8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/spikes-black-5bf9d91713d8c35818245877f73557be.yaml @@ -0,0 +1,58 @@ +id: spikes-black-5bf9d91713d8c35818245877f73557be + +info: + name: > + Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/spikes-black/" + google-query: inurl:"/wp-content/themes/spikes-black/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,spikes-black,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/spikes-black/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "spikes-black" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/square-3715092a367ddcdb9354396fe5cef26a.yaml b/nuclei-templates/cve-less/themes/square-3715092a367ddcdb9354396fe5cef26a.yaml new file mode 100644 index 0000000000..82d5745f15 --- /dev/null +++ b/nuclei-templates/cve-less/themes/square-3715092a367ddcdb9354396fe5cef26a.yaml @@ -0,0 +1,58 @@ +id: square-3715092a367ddcdb9354396fe5cef26a + +info: + name: > + Square <= 2.0.0 - Missing Authorization via activate_plugin + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3ca4c3c-2b20-42d4-8dcf-77f4d52c25a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/square/" + google-query: inurl:"/wp-content/themes/square/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,square,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/square/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "square" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/squared-09bb804f266b350634cb031ea62ca641.yaml b/nuclei-templates/cve-less/themes/squared-09bb804f266b350634cb031ea62ca641.yaml new file mode 100644 index 0000000000..8b9d4a47b2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/squared-09bb804f266b350634cb031ea62ca641.yaml @@ -0,0 +1,58 @@ +id: squared-09bb804f266b350634cb031ea62ca641 + +info: + name: > + Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97c652c-f191-493d-9857-acaa4db8a49a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/squared/" + google-query: inurl:"/wp-content/themes/squared/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,squared,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/squared/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squared" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/squared-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/themes/squared-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..f6a95ce28c --- /dev/null +++ b/nuclei-templates/cve-less/themes/squared-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: squared-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/squared/" + google-query: inurl:"/wp-content/themes/squared/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,squared,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/squared/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squared" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/squaretype-301d4c247a680f6ce86b39ab492df068.yaml b/nuclei-templates/cve-less/themes/squaretype-301d4c247a680f6ce86b39ab492df068.yaml new file mode 100644 index 0000000000..64d6bf82c6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/squaretype-301d4c247a680f6ce86b39ab492df068.yaml @@ -0,0 +1,58 @@ +id: squaretype-301d4c247a680f6ce86b39ab492df068 + +info: + name: > + Squaretype - Modern Blog WordPress Theme < 3.0.4 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b94202ef-75d6-4b6f-96b5-f9760cc0a628?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/squaretype/" + google-query: inurl:"/wp-content/themes/squaretype/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,squaretype,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/squaretype/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "squaretype" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/startupzy-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml b/nuclei-templates/cve-less/themes/startupzy-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml new file mode 100644 index 0000000000..f08c623cfc --- /dev/null +++ b/nuclei-templates/cve-less/themes/startupzy-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml @@ -0,0 +1,58 @@ +id: startupzy-0eadfcaa632fa9ba5901b3c6b61b28a7 + +info: + name: > + Multiple Themes by jegstudio <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edb34ad0-352e-462e-a7f1-64a804a760ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/startupzy/" + google-query: inurl:"/wp-content/themes/startupzy/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,startupzy,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/startupzy/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "startupzy" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/statfort-5bf9d91713d8c35818245877f73557be.yaml b/nuclei-templates/cve-less/themes/statfort-5bf9d91713d8c35818245877f73557be.yaml new file mode 100644 index 0000000000..8370a67054 --- /dev/null +++ b/nuclei-templates/cve-less/themes/statfort-5bf9d91713d8c35818245877f73557be.yaml @@ -0,0 +1,58 @@ +id: statfort-5bf9d91713d8c35818245877f73557be + +info: + name: > + Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/statfort/" + google-query: inurl:"/wp-content/themes/statfort/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,statfort,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/statfort/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "statfort" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/storevilla-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/storevilla-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..c40a738dc7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/storevilla-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: storevilla-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/storevilla/" + google-query: inurl:"/wp-content/themes/storevilla/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,storevilla,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/storevilla/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "storevilla" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/storevilla-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/storevilla-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..f5340f6c8c --- /dev/null +++ b/nuclei-templates/cve-less/themes/storevilla-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: storevilla-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/storevilla/" + google-query: inurl:"/wp-content/themes/storevilla/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,storevilla,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/storevilla/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "storevilla" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/storied-09bb804f266b350634cb031ea62ca641.yaml b/nuclei-templates/cve-less/themes/storied-09bb804f266b350634cb031ea62ca641.yaml new file mode 100644 index 0000000000..224c57e1a8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/storied-09bb804f266b350634cb031ea62ca641.yaml @@ -0,0 +1,58 @@ +id: storied-09bb804f266b350634cb031ea62ca641 + +info: + name: > + Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97c652c-f191-493d-9857-acaa4db8a49a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/storied/" + google-query: inurl:"/wp-content/themes/storied/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,storied,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/storied/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "storied" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/storied-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/themes/storied-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..942f634731 --- /dev/null +++ b/nuclei-templates/cve-less/themes/storied-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: storied-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/storied/" + google-query: inurl:"/wp-content/themes/storied/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,storied,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/storied/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "storied" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/superio-cb7c43df76e71bb6d20f5f4c8a5d90eb.yaml b/nuclei-templates/cve-less/themes/superio-cb7c43df76e71bb6d20f5f4c8a5d90eb.yaml new file mode 100644 index 0000000000..37a9422f85 --- /dev/null +++ b/nuclei-templates/cve-less/themes/superio-cb7c43df76e71bb6d20f5f4c8a5d90eb.yaml @@ -0,0 +1,58 @@ +id: superio-cb7c43df76e71bb6d20f5f4c8a5d90eb + +info: + name: > + Superio - Job Board <= 1.2.32 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a341a264-0b1a-47a2-8c7e-9a6e10c5ad0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/superio/" + google-query: inurl:"/wp-content/themes/superio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,superio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/superio/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "superio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.32') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/swape-7ec2393a2db75328cb78362c45e273f6.yaml b/nuclei-templates/cve-less/themes/swape-7ec2393a2db75328cb78362c45e273f6.yaml new file mode 100644 index 0000000000..76d14ba1f9 --- /dev/null +++ b/nuclei-templates/cve-less/themes/swape-7ec2393a2db75328cb78362c45e273f6.yaml @@ -0,0 +1,58 @@ +id: swape-7ec2393a2db75328cb78362c45e273f6 + +info: + name: > + Swape - App Showcase & App Store WordPress Theme < 1.2.1 - Missing Authorization to Arbitrary Options Update + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be2c1555-4616-4759-bd9b-12f8b3c3a3d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/swape/" + google-query: inurl:"/wp-content/themes/swape/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,swape,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/swape/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swape" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/swing-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/swing-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..f2a4b344fe --- /dev/null +++ b/nuclei-templates/cve-less/themes/swing-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: swing-lite-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/swing-lite/" + google-query: inurl:"/wp-content/themes/swing-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,swing-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/swing-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swing-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/swing-lite-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/swing-lite-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..55498ff289 --- /dev/null +++ b/nuclei-templates/cve-less/themes/swing-lite-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: swing-lite-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/swing-lite/" + google-query: inurl:"/wp-content/themes/swing-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,swing-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/swing-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "swing-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/t1-51d5d1c24b78c2a34638e1c642bf73fd.yaml b/nuclei-templates/cve-less/themes/t1-51d5d1c24b78c2a34638e1c642bf73fd.yaml new file mode 100644 index 0000000000..d98681b956 --- /dev/null +++ b/nuclei-templates/cve-less/themes/t1-51d5d1c24b78c2a34638e1c642bf73fd.yaml @@ -0,0 +1,58 @@ +id: t1-51d5d1c24b78c2a34638e1c642bf73fd + +info: + name: > + T1 Theme <= 19.0 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/901d4e10-06e9-4acd-ba4a-85a537fa10bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/t1/" + google-query: inurl:"/wp-content/themes/t1/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,t1,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/t1/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "t1" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 19.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/tainacan-interface-72e35bfea95d9e42520259e2f04f4250.yaml b/nuclei-templates/cve-less/themes/tainacan-interface-72e35bfea95d9e42520259e2f04f4250.yaml new file mode 100644 index 0000000000..7d1ec183bf --- /dev/null +++ b/nuclei-templates/cve-less/themes/tainacan-interface-72e35bfea95d9e42520259e2f04f4250.yaml @@ -0,0 +1,58 @@ +id: tainacan-interface-72e35bfea95d9e42520259e2f04f4250 + +info: + name: > + Tainacan Interface <= 2.7.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3ffd63ca-5ea4-451c-aa97-092a754ca79f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/tainacan-interface/" + google-query: inurl:"/wp-content/themes/tainacan-interface/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,tainacan-interface,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/tainacan-interface/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "tainacan-interface" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/teardrop-aa0917a06c9e064c66e0e15d0b79978d.yaml b/nuclei-templates/cve-less/themes/teardrop-aa0917a06c9e064c66e0e15d0b79978d.yaml new file mode 100644 index 0000000000..5c5e0bb273 --- /dev/null +++ b/nuclei-templates/cve-less/themes/teardrop-aa0917a06c9e064c66e0e15d0b79978d.yaml @@ -0,0 +1,58 @@ +id: teardrop-aa0917a06c9e064c66e0e15d0b79978d + +info: + name: > + Teardrop - Fullscreen Photography Theme | Portfolio <= 1.8.5 - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63d806ed-2cfc-4ac6-9ebb-75c13d2cfad4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/teardrop/" + google-query: inurl:"/wp-content/themes/teardrop/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,teardrop,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/teardrop/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "teardrop" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/teluro-37917ea4c5b30e9a2f479f087050ff0a.yaml b/nuclei-templates/cve-less/themes/teluro-37917ea4c5b30e9a2f479f087050ff0a.yaml new file mode 100644 index 0000000000..0c866ca543 --- /dev/null +++ b/nuclei-templates/cve-less/themes/teluro-37917ea4c5b30e9a2f479f087050ff0a.yaml @@ -0,0 +1,58 @@ +id: teluro-37917ea4c5b30e9a2f479f087050ff0a + +info: + name: > + ColibriWP Theme framework <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/teluro/" + google-query: inurl:"/wp-content/themes/teluro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,teluro,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/teluro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "teluro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/the-conference-3d5a012eeeb1f6dd0f8bcd44e5b5cd93.yaml b/nuclei-templates/cve-less/themes/the-conference-3d5a012eeeb1f6dd0f8bcd44e5b5cd93.yaml new file mode 100644 index 0000000000..1e6d419f68 --- /dev/null +++ b/nuclei-templates/cve-less/themes/the-conference-3d5a012eeeb1f6dd0f8bcd44e5b5cd93.yaml @@ -0,0 +1,58 @@ +id: the-conference-3d5a012eeeb1f6dd0f8bcd44e5b5cd93 + +info: + name: > + The Conference <= 1.2.0 - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/abdd2653-d50c-4eee-9cab-36519fd2b209?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/the-conference/" + google-query: inurl:"/wp-content/themes/the-conference/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,the-conference,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the-conference/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-conference" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/the-erudite-86bc0489b6564a6b791112624ecc4c24.yaml b/nuclei-templates/cve-less/themes/the-erudite-86bc0489b6564a6b791112624ecc4c24.yaml new file mode 100644 index 0000000000..d82e3aae35 --- /dev/null +++ b/nuclei-templates/cve-less/themes/the-erudite-86bc0489b6564a6b791112624ecc4c24.yaml @@ -0,0 +1,58 @@ +id: the-erudite-86bc0489b6564a6b791112624ecc4c24 + +info: + name: > + The Erudite <= 2.7.8 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa098919-66ed-41e5-a5f9-291e1859e889?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/the-erudite/" + google-query: inurl:"/wp-content/themes/the-erudite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,the-erudite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the-erudite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-erudite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.7.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/the-launcher-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/the-launcher-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..9c42476392 --- /dev/null +++ b/nuclei-templates/cve-less/themes/the-launcher-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: the-launcher-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/the-launcher/" + google-query: inurl:"/wp-content/themes/the-launcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,the-launcher,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the-launcher/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-launcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/the-launcher-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/the-launcher-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..a1824bad6c --- /dev/null +++ b/nuclei-templates/cve-less/themes/the-launcher-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: the-launcher-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/the-launcher/" + google-query: inurl:"/wp-content/themes/the-launcher/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,the-launcher,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the-launcher/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-launcher" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/the-monday-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/the-monday-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..6d5acfa67b --- /dev/null +++ b/nuclei-templates/cve-less/themes/the-monday-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: the-monday-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/the-monday/" + google-query: inurl:"/wp-content/themes/the-monday/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,the-monday,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the-monday/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-monday" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/the-monday-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/the-monday-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..3e4c49765a --- /dev/null +++ b/nuclei-templates/cve-less/themes/the-monday-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: the-monday-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/the-monday/" + google-query: inurl:"/wp-content/themes/the-monday/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,the-monday,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the-monday/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the-monday" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/the100-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/the100-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..553269d872 --- /dev/null +++ b/nuclei-templates/cve-less/themes/the100-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: the100-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/the100/" + google-query: inurl:"/wp-content/themes/the100/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,the100,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the100/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the100" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/the100-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/the100-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..32f6197896 --- /dev/null +++ b/nuclei-templates/cve-less/themes/the100-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: the100-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/the100/" + google-query: inurl:"/wp-content/themes/the100/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,the100,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/the100/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "the100" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/thegem-0f0ddbff82e7ef39ec0bd688d9ec8fea.yaml b/nuclei-templates/cve-less/themes/thegem-0f0ddbff82e7ef39ec0bd688d9ec8fea.yaml new file mode 100644 index 0000000000..4add588c3b --- /dev/null +++ b/nuclei-templates/cve-less/themes/thegem-0f0ddbff82e7ef39ec0bd688d9ec8fea.yaml @@ -0,0 +1,58 @@ +id: thegem-0f0ddbff82e7ef39ec0bd688d9ec8fea + +info: + name: > + TheGem < 5.8.1.1 - Improper Authentication + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3942bba9-3c3a-47bf-9a53-95376917d6bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/thegem/" + google-query: inurl:"/wp-content/themes/thegem/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,thegem,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/thegem/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thegem" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/thegem-8d422c3c7895b2b4d7494cb28df2efe5.yaml b/nuclei-templates/cve-less/themes/thegem-8d422c3c7895b2b4d7494cb28df2efe5.yaml new file mode 100644 index 0000000000..d8104383a4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/thegem-8d422c3c7895b2b4d7494cb28df2efe5.yaml @@ -0,0 +1,58 @@ +id: thegem-8d422c3c7895b2b4d7494cb28df2efe5 + +info: + name: > + TheGem < 5.8.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6134c76d-754b-4e54-aa4e-b791d9321b8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/thegem/" + google-query: inurl:"/wp-content/themes/thegem/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,thegem,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/thegem/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thegem" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/thegem-9132b473713ba452ca61cd28b37b6336.yaml b/nuclei-templates/cve-less/themes/thegem-9132b473713ba452ca61cd28b37b6336.yaml new file mode 100644 index 0000000000..097f6a5957 --- /dev/null +++ b/nuclei-templates/cve-less/themes/thegem-9132b473713ba452ca61cd28b37b6336.yaml @@ -0,0 +1,58 @@ +id: thegem-9132b473713ba452ca61cd28b37b6336 + +info: + name: > + TheGem < 5.8.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fc4d4103-a19a-45a5-9059-23eb7f72c84b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/thegem/" + google-query: inurl:"/wp-content/themes/thegem/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,thegem,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/thegem/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thegem" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/thegem-a830a457478521ad7f5b87d39b666bbf.yaml b/nuclei-templates/cve-less/themes/thegem-a830a457478521ad7f5b87d39b666bbf.yaml new file mode 100644 index 0000000000..254ebf1fc3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/thegem-a830a457478521ad7f5b87d39b666bbf.yaml @@ -0,0 +1,58 @@ +id: thegem-a830a457478521ad7f5b87d39b666bbf + +info: + name: > + TheGem <= 5.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a243fbde-951b-43e0-a432-c92ae4b04c26?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/thegem/" + google-query: inurl:"/wp-content/themes/thegem/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,thegem,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/thegem/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thegem" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.9.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/thegem-e3e7d2debbf761854054ecabf536826d.yaml b/nuclei-templates/cve-less/themes/thegem-e3e7d2debbf761854054ecabf536826d.yaml new file mode 100644 index 0000000000..2e6c1219d4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/thegem-e3e7d2debbf761854054ecabf536826d.yaml @@ -0,0 +1,58 @@ +id: thegem-e3e7d2debbf761854054ecabf536826d + +info: + name: > + TheGem < 5.8.1.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/074e8e37-147d-47ea-93ed-652d7de7be9e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/thegem/" + google-query: inurl:"/wp-content/themes/thegem/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,thegem,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/thegem/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thegem" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 5.8.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/themify-ultra-1e0aaf982b61c73dcc9a05511e801c09.yaml b/nuclei-templates/cve-less/themes/themify-ultra-1e0aaf982b61c73dcc9a05511e801c09.yaml new file mode 100644 index 0000000000..1a73bd7147 --- /dev/null +++ b/nuclei-templates/cve-less/themes/themify-ultra-1e0aaf982b61c73dcc9a05511e801c09.yaml @@ -0,0 +1,58 @@ +id: themify-ultra-1e0aaf982b61c73dcc9a05511e801c09 + +info: + name: > + Themify Ultra <= 7.3.5 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc994b2a-b3da-4edc-ada3-1150065efd30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/themify-ultra/" + google-query: inurl:"/wp-content/themes/themify-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,themify-ultra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/themify-ultra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/themify-ultra-3d30a7e8f0b8f6bc4309468a15c7f314.yaml b/nuclei-templates/cve-less/themes/themify-ultra-3d30a7e8f0b8f6bc4309468a15c7f314.yaml new file mode 100644 index 0000000000..188fe3c9e6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/themify-ultra-3d30a7e8f0b8f6bc4309468a15c7f314.yaml @@ -0,0 +1,58 @@ +id: themify-ultra-3d30a7e8f0b8f6bc4309468a15c7f314 + +info: + name: > + Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17c6a91c-e2a6-4f17-b145-145e9e7a0079?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/themify-ultra/" + google-query: inurl:"/wp-content/themes/themify-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,themify-ultra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/themify-ultra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/themify-ultra-c842576ba599cc503a47eb67c0e70851.yaml b/nuclei-templates/cve-less/themes/themify-ultra-c842576ba599cc503a47eb67c0e70851.yaml new file mode 100644 index 0000000000..39f304c03d --- /dev/null +++ b/nuclei-templates/cve-less/themes/themify-ultra-c842576ba599cc503a47eb67c0e70851.yaml @@ -0,0 +1,58 @@ +id: themify-ultra-c842576ba599cc503a47eb67c0e70851 + +info: + name: > + Themify Ultra <= 7.3.5 - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed5251e7-64d2-4210-9864-144952a49327?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/themify-ultra/" + google-query: inurl:"/wp-content/themes/themify-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,themify-ultra,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/themify-ultra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/themify-ultra-e85a48bb53d03fe4f0288a0ec1595649.yaml b/nuclei-templates/cve-less/themes/themify-ultra-e85a48bb53d03fe4f0288a0ec1595649.yaml new file mode 100644 index 0000000000..42b9f8d536 --- /dev/null +++ b/nuclei-templates/cve-less/themes/themify-ultra-e85a48bb53d03fe4f0288a0ec1595649.yaml @@ -0,0 +1,58 @@ +id: themify-ultra-e85a48bb53d03fe4f0288a0ec1595649 + +info: + name: > + Themify Ultra <= 7.3.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a32f50f7-d271-45f6-9a73-838a8dcb901f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/themify-ultra/" + google-query: inurl:"/wp-content/themes/themify-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,themify-ultra,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/themify-ultra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/themify-ultra-f655e8b1894773f9d99ee26fcaeba800.yaml b/nuclei-templates/cve-less/themes/themify-ultra-f655e8b1894773f9d99ee26fcaeba800.yaml new file mode 100644 index 0000000000..0f005046ea --- /dev/null +++ b/nuclei-templates/cve-less/themes/themify-ultra-f655e8b1894773f9d99ee26fcaeba800.yaml @@ -0,0 +1,58 @@ +id: themify-ultra-f655e8b1894773f9d99ee26fcaeba800 + +info: + name: > + Themify Ultra <= 7.3.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5cf17465-59a9-475d-bd1a-9e3623190926?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/themify-ultra/" + google-query: inurl:"/wp-content/themes/themify-ultra/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,themify-ultra,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/themify-ultra/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "themify-ultra" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/theroof-b3e7445697f1970506026aee23a35900.yaml b/nuclei-templates/cve-less/themes/theroof-b3e7445697f1970506026aee23a35900.yaml new file mode 100644 index 0000000000..b3084b4b1c --- /dev/null +++ b/nuclei-templates/cve-less/themes/theroof-b3e7445697f1970506026aee23a35900.yaml @@ -0,0 +1,58 @@ +id: theroof-b3e7445697f1970506026aee23a35900 + +info: + name: > + TheRoof <= 1.0.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/624d9627-0ffc-409f-beb7-60e80177aa9b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/theroof/" + google-query: inurl:"/wp-content/themes/theroof/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,theroof,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/theroof/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "theroof" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/thrive-theme-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/themes/thrive-theme-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..7185ecc420 --- /dev/null +++ b/nuclei-templates/cve-less/themes/thrive-theme-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: thrive-theme-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/thrive-theme/" + google-query: inurl:"/wp-content/themes/thrive-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,thrive-theme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/thrive-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/thrive-theme-c88aacc0c258c2583886d5df08f00e4f.yaml b/nuclei-templates/cve-less/themes/thrive-theme-c88aacc0c258c2583886d5df08f00e4f.yaml new file mode 100644 index 0000000000..be902b9409 --- /dev/null +++ b/nuclei-templates/cve-less/themes/thrive-theme-c88aacc0c258c2583886d5df08f00e4f.yaml @@ -0,0 +1,58 @@ +id: thrive-theme-c88aacc0c258c2583886d5df08f00e4f + +info: + name: > + Thrive Theme Builder < 3.24.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/353c3cd9-5ada-466b-b8e5-d40e0ec4e867?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/thrive-theme/" + google-query: inurl:"/wp-content/themes/thrive-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,thrive-theme,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/thrive-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.24.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/thrive-theme-ec5c5e05e1261f9960d3089a18968f4c.yaml b/nuclei-templates/cve-less/themes/thrive-theme-ec5c5e05e1261f9960d3089a18968f4c.yaml new file mode 100644 index 0000000000..71ea5b9417 --- /dev/null +++ b/nuclei-templates/cve-less/themes/thrive-theme-ec5c5e05e1261f9960d3089a18968f4c.yaml @@ -0,0 +1,58 @@ +id: thrive-theme-ec5c5e05e1261f9960d3089a18968f4c + +info: + name: > + Thrive Theme Builder < 3.24.0 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fd6fa4f-8f4d-4d2f-ac67-98124cfa9592?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/thrive-theme/" + google-query: inurl:"/wp-content/themes/thrive-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,thrive-theme,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/thrive-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.24.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/thrive-theme-fece5d89023061344eacddb3239c9c49.yaml b/nuclei-templates/cve-less/themes/thrive-theme-fece5d89023061344eacddb3239c9c49.yaml new file mode 100644 index 0000000000..9113d5c82c --- /dev/null +++ b/nuclei-templates/cve-less/themes/thrive-theme-fece5d89023061344eacddb3239c9c49.yaml @@ -0,0 +1,58 @@ +id: thrive-theme-fece5d89023061344eacddb3239c9c49 + +info: + name: > + Thrive Theme Builder < 3.24.0 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b345dfe-3945-405a-9825-c88816b2adee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/thrive-theme/" + google-query: inurl:"/wp-content/themes/thrive-theme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,thrive-theme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/thrive-theme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "thrive-theme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 3.24.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/total-99f1c42a705f1b7c13a404d5bf315c5f.yaml b/nuclei-templates/cve-less/themes/total-99f1c42a705f1b7c13a404d5bf315c5f.yaml new file mode 100644 index 0000000000..a688d65033 --- /dev/null +++ b/nuclei-templates/cve-less/themes/total-99f1c42a705f1b7c13a404d5bf315c5f.yaml @@ -0,0 +1,58 @@ +id: total-99f1c42a705f1b7c13a404d5bf315c5f + +info: + name: > + Total Theme <= 2.1.19 - Authenticated(Subscriber+) Plugin Activation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c4dfd5af-0af0-469c-81ed-52867609550c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/total/" + google-query: inurl:"/wp-content/themes/total/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,total,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/total/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "total" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.19') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/total-e9ad128afe18da7565a18caa795c2ef0.yaml b/nuclei-templates/cve-less/themes/total-e9ad128afe18da7565a18caa795c2ef0.yaml new file mode 100644 index 0000000000..bed5f7ad79 --- /dev/null +++ b/nuclei-templates/cve-less/themes/total-e9ad128afe18da7565a18caa795c2ef0.yaml @@ -0,0 +1,58 @@ +id: total-e9ad128afe18da7565a18caa795c2ef0 + +info: + name: > + Total <= 2.1.59 - Missing Authorization to Authenticated (Subscriber+) Sections Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26b64ae3-5839-47d5-9c65-7c595bb18e6c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/total/" + google-query: inurl:"/wp-content/themes/total/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,total,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/total/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "total" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.1.59') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/townhub-17f6998fdf35be8a6349776a3309aedc.yaml b/nuclei-templates/cve-less/themes/townhub-17f6998fdf35be8a6349776a3309aedc.yaml new file mode 100644 index 0000000000..d8b5880d42 --- /dev/null +++ b/nuclei-templates/cve-less/themes/townhub-17f6998fdf35be8a6349776a3309aedc.yaml @@ -0,0 +1,58 @@ +id: townhub-17f6998fdf35be8a6349776a3309aedc + +info: + name: > + CTHthemes CityBook < 2.3.4, TownHub < 1.0.6, EasyBook < 1.2.2 Themes - Authenticated Post Deleition via IDOR + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08eb1d49-9928-43f8-97fc-14105e3a4a25?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/townhub/" + google-query: inurl:"/wp-content/themes/townhub/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,townhub,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/townhub/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "townhub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/townhub-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml b/nuclei-templates/cve-less/themes/townhub-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml new file mode 100644 index 0000000000..e53af6e7e3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/townhub-8b6ac4c7233f8f6a37118bbf7ac73ad8.yaml @@ -0,0 +1,58 @@ +id: townhub-8b6ac4c7233f8f6a37118bbf7ac73ad8 + +info: + name: > + CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/788e1c5c-67a9-4b06-a2cf-15c980e83618?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/townhub/" + google-query: inurl:"/wp-content/themes/townhub/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,townhub,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/townhub/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "townhub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/townhub-be3f332add5d9ce678efc86e37a29e03.yaml b/nuclei-templates/cve-less/themes/townhub-be3f332add5d9ce678efc86e37a29e03.yaml new file mode 100644 index 0000000000..8aa61c26b9 --- /dev/null +++ b/nuclei-templates/cve-less/themes/townhub-be3f332add5d9ce678efc86e37a29e03.yaml @@ -0,0 +1,58 @@ +id: townhub-be3f332add5d9ce678efc86e37a29e03 + +info: + name: > + CTHthemes CityBook <= 2.3.3, TownHub <= 1.0.5, and EasyBook <= 1.2.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3e292a1f-d475-4c52-b790-b5215e1870ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/townhub/" + google-query: inurl:"/wp-content/themes/townhub/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,townhub,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/townhub/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "townhub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/townhub-f5204789b3d63c1e5dd223fef5d1ac5d.yaml b/nuclei-templates/cve-less/themes/townhub-f5204789b3d63c1e5dd223fef5d1ac5d.yaml new file mode 100644 index 0000000000..aed62ede7d --- /dev/null +++ b/nuclei-templates/cve-less/themes/townhub-f5204789b3d63c1e5dd223fef5d1ac5d.yaml @@ -0,0 +1,58 @@ +id: townhub-f5204789b3d63c1e5dd223fef5d1ac5d + +info: + name: > + CTHthemes CityBook Theme < 2.3.4, TownHub Theme < 1.0.6, EasyBook Theme < 1.2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b51a7670-9fa6-4df9-bef6-c7ebe6b09c5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/townhub/" + google-query: inurl:"/wp-content/themes/townhub/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,townhub,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/townhub/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "townhub" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/transcend-a746469ba08e7ad3eaafd923d2717c92.yaml b/nuclei-templates/cve-less/themes/transcend-a746469ba08e7ad3eaafd923d2717c92.yaml new file mode 100644 index 0000000000..cb84e4a59e --- /dev/null +++ b/nuclei-templates/cve-less/themes/transcend-a746469ba08e7ad3eaafd923d2717c92.yaml @@ -0,0 +1,58 @@ +id: transcend-a746469ba08e7ad3eaafd923d2717c92 + +info: + name: > + Epsilon Framework Themes (Various Versions) - Function Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/transcend/" + google-query: inurl:"/wp-content/themes/transcend/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,transcend,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/transcend/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "transcend" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/travey-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml b/nuclei-templates/cve-less/themes/travey-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml new file mode 100644 index 0000000000..82c0ae729c --- /dev/null +++ b/nuclei-templates/cve-less/themes/travey-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml @@ -0,0 +1,58 @@ +id: travey-0eadfcaa632fa9ba5901b3c6b61b28a7 + +info: + name: > + Multiple Themes by jegstudio <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edb34ad0-352e-462e-a7f1-64a804a760ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/travey/" + google-query: inurl:"/wp-content/themes/travey/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,travey,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/travey/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "travey" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/trending-1def92176b2075addd1971f8bb11410a.yaml b/nuclei-templates/cve-less/themes/trending-1def92176b2075addd1971f8bb11410a.yaml new file mode 100644 index 0000000000..3edd5697fe --- /dev/null +++ b/nuclei-templates/cve-less/themes/trending-1def92176b2075addd1971f8bb11410a.yaml @@ -0,0 +1,58 @@ +id: trending-1def92176b2075addd1971f8bb11410a + +info: + name: > + Trending < 0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed5d8b70-eb0e-4e5c-a68a-d9bff493c04c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/trending/" + google-query: inurl:"/wp-content/themes/trending/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,trending,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/trending/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "trending" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/truemag-909fb4f06b4694caa086894d4ab6e947.yaml b/nuclei-templates/cve-less/themes/truemag-909fb4f06b4694caa086894d4ab6e947.yaml new file mode 100644 index 0000000000..8aeae80c60 --- /dev/null +++ b/nuclei-templates/cve-less/themes/truemag-909fb4f06b4694caa086894d4ab6e947.yaml @@ -0,0 +1,58 @@ +id: truemag-909fb4f06b4694caa086894d4ab6e947 + +info: + name: > + Truemag (Unknown Versions) - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/25250755-0d22-44f4-8930-3a60efd61e32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/truemag/" + google-query: inurl:"/wp-content/themes/truemag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,truemag,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/truemag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "truemag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/twenty-twelve-edd-b586a8ab64bee13c2ee807e747d50adb.yaml b/nuclei-templates/cve-less/themes/twenty-twelve-edd-b586a8ab64bee13c2ee807e747d50adb.yaml new file mode 100644 index 0000000000..b9926d36a7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/twenty-twelve-edd-b586a8ab64bee13c2ee807e747d50adb.yaml @@ -0,0 +1,58 @@ +id: twenty-twelve-edd-b586a8ab64bee13c2ee807e747d50adb + +info: + name: > + Easy Digital Downloads (EDD) Twenty-Twelve < 1.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12946a87-0b61-45ea-aae3-385d860b0db8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/twenty-twelve-edd/" + google-query: inurl:"/wp-content/themes/twenty-twelve-edd/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,twenty-twelve-edd,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/twenty-twelve-edd/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twenty-twelve-edd" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/twentyfifteen-a1f41447ffcf38fa9b963d8ece31aad9.yaml b/nuclei-templates/cve-less/themes/twentyfifteen-a1f41447ffcf38fa9b963d8ece31aad9.yaml new file mode 100644 index 0000000000..789442c386 --- /dev/null +++ b/nuclei-templates/cve-less/themes/twentyfifteen-a1f41447ffcf38fa9b963d8ece31aad9.yaml @@ -0,0 +1,58 @@ +id: twentyfifteen-a1f41447ffcf38fa9b963d8ece31aad9 + +info: + name: > + Twenty Fifteen Theme <= 1.1 & WordPress Core < 4.2.2 - Cross-Site Scripting via example.html + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57666105-81e4-4ef4-8889-9ce9995d2629?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/twentyfifteen/" + google-query: inurl:"/wp-content/themes/twentyfifteen/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,twentyfifteen,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/twentyfifteen/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "twentyfifteen" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/u-design-3d5c779f38ece858601f73d1cc738733.yaml b/nuclei-templates/cve-less/themes/u-design-3d5c779f38ece858601f73d1cc738733.yaml new file mode 100644 index 0000000000..173f504dbb --- /dev/null +++ b/nuclei-templates/cve-less/themes/u-design-3d5c779f38ece858601f73d1cc738733.yaml @@ -0,0 +1,58 @@ +id: u-design-3d5c779f38ece858601f73d1cc738733 + +info: + name: > + UDesign <= 4.7.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8a02f5b1-5f0a-45f7-925c-1837a47dd051?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/u-design/" + google-query: inurl:"/wp-content/themes/u-design/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,u-design,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/u-design/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "u-design" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.7.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/u-design-3f3928c6559acc265ac4dc8abe8f4e68.yaml b/nuclei-templates/cve-less/themes/u-design-3f3928c6559acc265ac4dc8abe8f4e68.yaml new file mode 100644 index 0000000000..53f6d8bdeb --- /dev/null +++ b/nuclei-templates/cve-less/themes/u-design-3f3928c6559acc265ac4dc8abe8f4e68.yaml @@ -0,0 +1,58 @@ +id: u-design-3f3928c6559acc265ac4dc8abe8f4e68 + +info: + name: > + uDesign Theme 2.3.0 - 2.7.9 - Unauthenticated DOM Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ef18e0e-8fad-464b-943b-54fbbe169ce9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/u-design/" + google-query: inurl:"/wp-content/themes/u-design/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,u-design,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/u-design/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "u-design" + part: body + + - type: dsl + dsl: + - compare_versions(version, '>= 2.3.0', '<= 2.7.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/ultra-seven-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/ultra-seven-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..62f5750534 --- /dev/null +++ b/nuclei-templates/cve-less/themes/ultra-seven-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: ultra-seven-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/ultra-seven/" + google-query: inurl:"/wp-content/themes/ultra-seven/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,ultra-seven,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ultra-seven/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultra-seven" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/ultra-seven-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/ultra-seven-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..7c51f41dda --- /dev/null +++ b/nuclei-templates/cve-less/themes/ultra-seven-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: ultra-seven-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/ultra-seven/" + google-query: inurl:"/wp-content/themes/ultra-seven/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,ultra-seven,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/ultra-seven/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "ultra-seven" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/uncode-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/uncode-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..86f11633a8 --- /dev/null +++ b/nuclei-templates/cve-less/themes/uncode-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: uncode-lite-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/uncode-lite/" + google-query: inurl:"/wp-content/themes/uncode-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,uncode-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/uncode-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uncode-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/uncode-lite-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/uncode-lite-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..e7f57afa2e --- /dev/null +++ b/nuclei-templates/cve-less/themes/uncode-lite-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: uncode-lite-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/uncode-lite/" + google-query: inurl:"/wp-content/themes/uncode-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,uncode-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/uncode-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "uncode-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/unique-df4c2356c55ce196a7dc2c935ff36c73.yaml b/nuclei-templates/cve-less/themes/unique-df4c2356c55ce196a7dc2c935ff36c73.yaml new file mode 100644 index 0000000000..5047735974 --- /dev/null +++ b/nuclei-templates/cve-less/themes/unique-df4c2356c55ce196a7dc2c935ff36c73.yaml @@ -0,0 +1,58 @@ +id: unique-df4c2356c55ce196a7dc2c935ff36c73 + +info: + name: > + Unique <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a203577-0ced-4e1e-a7db-e4ca53a5bade?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/unique/" + google-query: inurl:"/wp-content/themes/unique/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,unique,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/unique/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unique" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 0.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/unnamed-babd8720f51cdfc03ee525219e51d67f.yaml b/nuclei-templates/cve-less/themes/unnamed-babd8720f51cdfc03ee525219e51d67f.yaml new file mode 100644 index 0000000000..d17fa27aa7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/unnamed-babd8720f51cdfc03ee525219e51d67f.yaml @@ -0,0 +1,58 @@ +id: unnamed-babd8720f51cdfc03ee525219e51d67f + +info: + name: > + Unnamed < 1.2.17.1 and Unnamed SE < 1.0.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/360cb170-a888-4b7f-8ea2-1d74a404f1df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/unnamed/" + google-query: inurl:"/wp-content/themes/unnamed/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,unnamed,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/unnamed/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unnamed" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.17') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/unnamed-se-babd8720f51cdfc03ee525219e51d67f.yaml b/nuclei-templates/cve-less/themes/unnamed-se-babd8720f51cdfc03ee525219e51d67f.yaml new file mode 100644 index 0000000000..45dba8e1c7 --- /dev/null +++ b/nuclei-templates/cve-less/themes/unnamed-se-babd8720f51cdfc03ee525219e51d67f.yaml @@ -0,0 +1,58 @@ +id: unnamed-se-babd8720f51cdfc03ee525219e51d67f + +info: + name: > + Unnamed < 1.2.17.1 and Unnamed SE < 1.0.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/360cb170-a888-4b7f-8ea2-1d74a404f1df?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/unnamed-se/" + google-query: inurl:"/wp-content/themes/unnamed-se/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,unnamed-se,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/unnamed-se/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "unnamed-se" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/upfrontwp-4fc88bb474bb1a0cdd35b01d04f15578.yaml b/nuclei-templates/cve-less/themes/upfrontwp-4fc88bb474bb1a0cdd35b01d04f15578.yaml new file mode 100644 index 0000000000..4b31c45632 --- /dev/null +++ b/nuclei-templates/cve-less/themes/upfrontwp-4fc88bb474bb1a0cdd35b01d04f15578.yaml @@ -0,0 +1,58 @@ +id: upfrontwp-4fc88bb474bb1a0cdd35b01d04f15578 + +info: + name: > + Upfrontwp <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83ac0dfc-88cd-48f0-9914-2258d5dfe834?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/upfrontwp/" + google-query: inurl:"/wp-content/themes/upfrontwp/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,upfrontwp,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/upfrontwp/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "upfrontwp" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/vernissage-1f43087f32c2016495bdaad26c9a18a2.yaml b/nuclei-templates/cve-less/themes/vernissage-1f43087f32c2016495bdaad26c9a18a2.yaml new file mode 100644 index 0000000000..2565b6888f --- /dev/null +++ b/nuclei-templates/cve-less/themes/vernissage-1f43087f32c2016495bdaad26c9a18a2.yaml @@ -0,0 +1,58 @@ +id: vernissage-1f43087f32c2016495bdaad26c9a18a2 + +info: + name: > + Vernissage <= 1.2.9 - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/56405a91-259c-4700-bbc1-ffe0d77f3974?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/vernissage/" + google-query: inurl:"/wp-content/themes/vernissage/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,vernissage,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vernissage/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vernissage" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/vertice-37917ea4c5b30e9a2f479f087050ff0a.yaml b/nuclei-templates/cve-less/themes/vertice-37917ea4c5b30e9a2f479f087050ff0a.yaml new file mode 100644 index 0000000000..a07858dcc3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/vertice-37917ea4c5b30e9a2f479f087050ff0a.yaml @@ -0,0 +1,58 @@ +id: vertice-37917ea4c5b30e9a2f479f087050ff0a + +info: + name: > + ColibriWP Theme framework <= (Various Versions) - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/890bcce2-18c2-4df8-a945-0c23437534fc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/vertice/" + google-query: inurl:"/wp-content/themes/vertice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,vertice,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vertice/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vertice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/viable-blog-6d87a6f7248c4528f7d5ef6ed7c11eba.yaml b/nuclei-templates/cve-less/themes/viable-blog-6d87a6f7248c4528f7d5ef6ed7c11eba.yaml new file mode 100644 index 0000000000..767385d607 --- /dev/null +++ b/nuclei-templates/cve-less/themes/viable-blog-6d87a6f7248c4528f7d5ef6ed7c11eba.yaml @@ -0,0 +1,58 @@ +id: viable-blog-6d87a6f7248c4528f7d5ef6ed7c11eba + +info: + name: > + Viable blog <= 1.1.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/262b5326-a5e6-4063-a345-59dedd14c3c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/viable-blog/" + google-query: inurl:"/wp-content/themes/viable-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,viable-blog,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/viable-blog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "viable-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/viral-06cd0f178ae533c7b94126d052d17b3f.yaml b/nuclei-templates/cve-less/themes/viral-06cd0f178ae533c7b94126d052d17b3f.yaml new file mode 100644 index 0000000000..246a011769 --- /dev/null +++ b/nuclei-templates/cve-less/themes/viral-06cd0f178ae533c7b94126d052d17b3f.yaml @@ -0,0 +1,58 @@ +id: viral-06cd0f178ae533c7b94126d052d17b3f + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3543a39-ad88-40be-93b8-36ec638db4bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/viral/" + google-query: inurl:"/wp-content/themes/viral/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,viral,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/viral/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "viral" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/viral-d566c0816c38ea6ca24760850c1eaf4a.yaml b/nuclei-templates/cve-less/themes/viral-d566c0816c38ea6ca24760850c1eaf4a.yaml new file mode 100644 index 0000000000..c1a302d94e --- /dev/null +++ b/nuclei-templates/cve-less/themes/viral-d566c0816c38ea6ca24760850c1eaf4a.yaml @@ -0,0 +1,58 @@ +id: viral-d566c0816c38ea6ca24760850c1eaf4a + +info: + name: > + Multiple Themes (Various Versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/154a838c-f8bb-4568-b066-a78264c75eea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/viral/" + google-query: inurl:"/wp-content/themes/viral/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,viral,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/viral/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "viral" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.8.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/viral-mag-800d496f51d819e5732256fbd162712b.yaml b/nuclei-templates/cve-less/themes/viral-mag-800d496f51d819e5732256fbd162712b.yaml new file mode 100644 index 0000000000..2fcedb3834 --- /dev/null +++ b/nuclei-templates/cve-less/themes/viral-mag-800d496f51d819e5732256fbd162712b.yaml @@ -0,0 +1,58 @@ +id: viral-mag-800d496f51d819e5732256fbd162712b + +info: + name: > + Viral Mag <= 1.0.9 - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/48aa5be8-a5d9-4f5e-ba30-d6afb3f0fee0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/viral-mag/" + google-query: inurl:"/wp-content/themes/viral-mag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,viral-mag,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/viral-mag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "viral-mag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/viral-news-06cd0f178ae533c7b94126d052d17b3f.yaml b/nuclei-templates/cve-less/themes/viral-news-06cd0f178ae533c7b94126d052d17b3f.yaml new file mode 100644 index 0000000000..20839d6e61 --- /dev/null +++ b/nuclei-templates/cve-less/themes/viral-news-06cd0f178ae533c7b94126d052d17b3f.yaml @@ -0,0 +1,58 @@ +id: viral-news-06cd0f178ae533c7b94126d052d17b3f + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3543a39-ad88-40be-93b8-36ec638db4bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/viral-news/" + google-query: inurl:"/wp-content/themes/viral-news/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,viral-news,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/viral-news/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "viral-news" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/viral-news-d566c0816c38ea6ca24760850c1eaf4a.yaml b/nuclei-templates/cve-less/themes/viral-news-d566c0816c38ea6ca24760850c1eaf4a.yaml new file mode 100644 index 0000000000..157906be6c --- /dev/null +++ b/nuclei-templates/cve-less/themes/viral-news-d566c0816c38ea6ca24760850c1eaf4a.yaml @@ -0,0 +1,58 @@ +id: viral-news-d566c0816c38ea6ca24760850c1eaf4a + +info: + name: > + Multiple Themes (Various Versions) - Missing Authorization to Arbitrary Plugin Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/154a838c-f8bb-4568-b066-a78264c75eea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/viral-news/" + google-query: inurl:"/wp-content/themes/viral-news/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,viral-news,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/viral-news/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "viral-news" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/virtue-2d42369e26f63aede3d7de3de1ae9995.yaml b/nuclei-templates/cve-less/themes/virtue-2d42369e26f63aede3d7de3de1ae9995.yaml new file mode 100644 index 0000000000..f13528338e --- /dev/null +++ b/nuclei-templates/cve-less/themes/virtue-2d42369e26f63aede3d7de3de1ae9995.yaml @@ -0,0 +1,58 @@ +id: virtue-2d42369e26f63aede3d7de3de1ae9995 + +info: + name: > + Virtue <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d8272233-afb3-46f1-ab85-189a3923e29d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/virtue/" + google-query: inurl:"/wp-content/themes/virtue/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,virtue,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/virtue/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "virtue" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 3.4.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/vistered-little-8fb46ccbfe8eb892f418af64a9d461a7.yaml b/nuclei-templates/cve-less/themes/vistered-little-8fb46ccbfe8eb892f418af64a9d461a7.yaml new file mode 100644 index 0000000000..b211b58c3e --- /dev/null +++ b/nuclei-templates/cve-less/themes/vistered-little-8fb46ccbfe8eb892f418af64a9d461a7.yaml @@ -0,0 +1,58 @@ +id: vistered-little-8fb46ccbfe8eb892f418af64a9d461a7 + +info: + name: > + Vistered Little (Unspecified Version) - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/510ef568-fe5e-427e-a5ab-76c65250ade3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/Vistered-Little/" + google-query: inurl:"/wp-content/themes/Vistered-Little/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,Vistered-Little,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/Vistered-Little/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Vistered-Little" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= *') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/vmag-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/vmag-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..be14262043 --- /dev/null +++ b/nuclei-templates/cve-less/themes/vmag-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: vmag-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/vmag/" + google-query: inurl:"/wp-content/themes/vmag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,vmag,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vmag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vmag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/vmag-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/vmag-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..04d509cefe --- /dev/null +++ b/nuclei-templates/cve-less/themes/vmag-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: vmag-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/vmag/" + google-query: inurl:"/wp-content/themes/vmag/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,vmag,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vmag/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vmag" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.2.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/vmagazine-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/vmagazine-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..e5fd652759 --- /dev/null +++ b/nuclei-templates/cve-less/themes/vmagazine-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: vmagazine-lite-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/vmagazine-lite/" + google-query: inurl:"/wp-content/themes/vmagazine-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,vmagazine-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vmagazine-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vmagazine-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/vmagazine-lite-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/vmagazine-lite-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..7f01c66cda --- /dev/null +++ b/nuclei-templates/cve-less/themes/vmagazine-lite-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: vmagazine-lite-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/vmagazine-lite/" + google-query: inurl:"/wp-content/themes/vmagazine-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,vmagazine-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vmagazine-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vmagazine-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/vmagazine-news-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/vmagazine-news-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..de1efc4eab --- /dev/null +++ b/nuclei-templates/cve-less/themes/vmagazine-news-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: vmagazine-news-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/vmagazine-news/" + google-query: inurl:"/wp-content/themes/vmagazine-news/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,vmagazine-news,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vmagazine-news/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vmagazine-news" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/vmagazine-news-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/vmagazine-news-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..47d469aa06 --- /dev/null +++ b/nuclei-templates/cve-less/themes/vmagazine-news-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: vmagazine-news-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/vmagazine-news/" + google-query: inurl:"/wp-content/themes/vmagazine-news/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,vmagazine-news,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/vmagazine-news/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "vmagazine-news" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/voice-09bb804f266b350634cb031ea62ca641.yaml b/nuclei-templates/cve-less/themes/voice-09bb804f266b350634cb031ea62ca641.yaml new file mode 100644 index 0000000000..7f3f822b94 --- /dev/null +++ b/nuclei-templates/cve-less/themes/voice-09bb804f266b350634cb031ea62ca641.yaml @@ -0,0 +1,58 @@ +id: voice-09bb804f266b350634cb031ea62ca641 + +info: + name: > + Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e97c652c-f191-493d-9857-acaa4db8a49a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/voice/" + google-query: inurl:"/wp-content/themes/voice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,voice,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/voice/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "voice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/voice-bceae5f53d1ac07f2efbd28988c0d5d9.yaml b/nuclei-templates/cve-less/themes/voice-bceae5f53d1ac07f2efbd28988c0d5d9.yaml new file mode 100644 index 0000000000..6ea6846782 --- /dev/null +++ b/nuclei-templates/cve-less/themes/voice-bceae5f53d1ac07f2efbd28988c0d5d9.yaml @@ -0,0 +1,58 @@ +id: voice-bceae5f53d1ac07f2efbd28988c0d5d9 + +info: + name: > + Multiple Thrive Themes and Plugins (Various Versions) - Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2be56d2-d473-455e-8d6e-d2df6abb19ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/voice/" + google-query: inurl:"/wp-content/themes/voice/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,voice,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/voice/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "voice" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.0.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/weaver-xtreme-13c73556a747c83cbb4df9719464f4fd.yaml b/nuclei-templates/cve-less/themes/weaver-xtreme-13c73556a747c83cbb4df9719464f4fd.yaml new file mode 100644 index 0000000000..333208a65b --- /dev/null +++ b/nuclei-templates/cve-less/themes/weaver-xtreme-13c73556a747c83cbb4df9719464f4fd.yaml @@ -0,0 +1,58 @@ +id: weaver-xtreme-13c73556a747c83cbb4df9719464f4fd + +info: + name: > + Weaver Xtreme Theme <= 5.0.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b2bef63-c871-45e4-bb05-12bbba20ca5e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/weaver-xtreme/" + google-query: inurl:"/wp-content/themes/weaver-xtreme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,weaver-xtreme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/weaver-xtreme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weaver-xtreme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 5.0.7') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/weaver-xtreme-17ab37dbc7beb458edc5925614c59dfa.yaml b/nuclei-templates/cve-less/themes/weaver-xtreme-17ab37dbc7beb458edc5925614c59dfa.yaml new file mode 100644 index 0000000000..19e5df7f6e --- /dev/null +++ b/nuclei-templates/cve-less/themes/weaver-xtreme-17ab37dbc7beb458edc5925614c59dfa.yaml @@ -0,0 +1,58 @@ +id: weaver-xtreme-17ab37dbc7beb458edc5925614c59dfa + +info: + name: > + Weaver Xtreme <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc7384d7-c2fd-4d63-9b80-bb5bde9a23d5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/weaver-xtreme/" + google-query: inurl:"/wp-content/themes/weaver-xtreme/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,weaver-xtreme,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/weaver-xtreme/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weaver-xtreme" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 6.3.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/web-minimalist-200901-8cf1ee9f0e6e79fc8ffcfb9414ff6340.yaml b/nuclei-templates/cve-less/themes/web-minimalist-200901-8cf1ee9f0e6e79fc8ffcfb9414ff6340.yaml new file mode 100644 index 0000000000..04ff932030 --- /dev/null +++ b/nuclei-templates/cve-less/themes/web-minimalist-200901-8cf1ee9f0e6e79fc8ffcfb9414ff6340.yaml @@ -0,0 +1,58 @@ +id: web-minimalist-200901-8cf1ee9f0e6e79fc8ffcfb9414ff6340 + +info: + name: > + Web Minimalist 200901 <= 1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/90ce0f70-d3a2-48cb-b6f8-7dda7ac25866?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/web-minimalist-200901/" + google-query: inurl:"/wp-content/themes/web-minimalist-200901/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,web-minimalist-200901,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/web-minimalist-200901/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "web-minimalist-200901" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/weeklynews-a66c423ab6d157ff18cae8cbb8d16a15.yaml b/nuclei-templates/cve-less/themes/weeklynews-a66c423ab6d157ff18cae8cbb8d16a15.yaml new file mode 100644 index 0000000000..d9966c93f2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/weeklynews-a66c423ab6d157ff18cae8cbb8d16a15.yaml @@ -0,0 +1,58 @@ +id: weeklynews-a66c423ab6d157ff18cae8cbb8d16a15 + +info: + name: > + Weekly News < 2.2.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45c08d51-ed01-4f92-9290-1964c4f3657c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/weeklynews/" + google-query: inurl:"/wp-content/themes/weeklynews/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,weeklynews,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/weeklynews/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "weeklynews" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/westand-5bf9d91713d8c35818245877f73557be.yaml b/nuclei-templates/cve-less/themes/westand-5bf9d91713d8c35818245877f73557be.yaml new file mode 100644 index 0000000000..ea001249c6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/westand-5bf9d91713d8c35818245877f73557be.yaml @@ -0,0 +1,58 @@ +id: westand-5bf9d91713d8c35818245877f73557be + +info: + name: > + Themes from Chimpstudio and Pixfill (Various Versions) - Unauthenticated Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8e3c45ac-44c0-47e1-81af-65014f064513?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/westand/" + google-query: inurl:"/wp-content/themes/westand/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,westand,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/westand/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "westand" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/winters-1bdc5a83caa0df98ccf44a6fbb6306e2.yaml b/nuclei-templates/cve-less/themes/winters-1bdc5a83caa0df98ccf44a6fbb6306e2.yaml new file mode 100644 index 0000000000..bf3915aeb0 --- /dev/null +++ b/nuclei-templates/cve-less/themes/winters-1bdc5a83caa0df98ccf44a6fbb6306e2.yaml @@ -0,0 +1,58 @@ +id: winters-1bdc5a83caa0df98ccf44a6fbb6306e2 + +info: + name: > + Winters <= 1.4.3 - Prototype Pollution to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f8b75a1-f0f2-445b-a1c7-1628916470d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/winters/" + google-query: inurl:"/wp-content/themes/winters/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,winters,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/winters/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "winters" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/wishful-blog-a81a5bf9125eeee92e00bfdaa83c90ee.yaml b/nuclei-templates/cve-less/themes/wishful-blog-a81a5bf9125eeee92e00bfdaa83c90ee.yaml new file mode 100644 index 0000000000..2495e38de6 --- /dev/null +++ b/nuclei-templates/cve-less/themes/wishful-blog-a81a5bf9125eeee92e00bfdaa83c90ee.yaml @@ -0,0 +1,58 @@ +id: wishful-blog-a81a5bf9125eeee92e00bfdaa83c90ee + +info: + name: > + Wishful Blog <= 2.0.1 & Raise Mag <= 1.0.7 - Unauthenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fb33f779-d045-48dd-babe-8b1fab903124?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/wishful-blog/" + google-query: inurl:"/wp-content/themes/wishful-blog/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,wishful-blog,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wishful-blog/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wishful-blog" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/woodmart-1a6b9215905d609bfa19a88fafbe9af4.yaml b/nuclei-templates/cve-less/themes/woodmart-1a6b9215905d609bfa19a88fafbe9af4.yaml new file mode 100644 index 0000000000..1ff40bf66a --- /dev/null +++ b/nuclei-templates/cve-less/themes/woodmart-1a6b9215905d609bfa19a88fafbe9af4.yaml @@ -0,0 +1,58 @@ +id: woodmart-1a6b9215905d609bfa19a88fafbe9af4 + +info: + name: > + Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/02fde6b1-d709-4329-ae9c-fea444c1aec8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/woodmart/" + google-query: inurl:"/wp-content/themes/woodmart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,woodmart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/woodmart/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woodmart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/woodmart-1d9a2ca68f50fb01ed55a21dfdc7c1dc.yaml b/nuclei-templates/cve-less/themes/woodmart-1d9a2ca68f50fb01ed55a21dfdc7c1dc.yaml new file mode 100644 index 0000000000..88f64210bb --- /dev/null +++ b/nuclei-templates/cve-less/themes/woodmart-1d9a2ca68f50fb01ed55a21dfdc7c1dc.yaml @@ -0,0 +1,58 @@ +id: woodmart-1d9a2ca68f50fb01ed55a21dfdc7c1dc + +info: + name: > + Woodmart <= 7.0.4 - Unauthenticated Arbitrary Content Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb1db880-0942-4fac-a548-8b6a28dce8c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/woodmart/" + google-query: inurl:"/wp-content/themes/woodmart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,woodmart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/woodmart/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woodmart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.0.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/woodmart-27976922dece0aca2bde50f6320bde6f.yaml b/nuclei-templates/cve-less/themes/woodmart-27976922dece0aca2bde50f6320bde6f.yaml new file mode 100644 index 0000000000..6e5db91e79 --- /dev/null +++ b/nuclei-templates/cve-less/themes/woodmart-27976922dece0aca2bde50f6320bde6f.yaml @@ -0,0 +1,58 @@ +id: woodmart-27976922dece0aca2bde50f6320bde6f + +info: + name: > + WoodMart <= 7.2.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0e0e0c15-caf6-4166-a365-a2a73cd9ebc4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/woodmart/" + google-query: inurl:"/wp-content/themes/woodmart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,woodmart,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/woodmart/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woodmart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/woodmart-7bd424eb93435e30d87b1474845a32ce.yaml b/nuclei-templates/cve-less/themes/woodmart-7bd424eb93435e30d87b1474845a32ce.yaml new file mode 100644 index 0000000000..d4033a10d3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/woodmart-7bd424eb93435e30d87b1474845a32ce.yaml @@ -0,0 +1,58 @@ +id: woodmart-7bd424eb93435e30d87b1474845a32ce + +info: + name: > + WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73017e92-d95e-4b9c-a44a-779b498f58b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/woodmart/" + google-query: inurl:"/wp-content/themes/woodmart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,woodmart,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/woodmart/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woodmart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/woodmart-9ab86db9ce48449a4c43692df0ff7e17.yaml b/nuclei-templates/cve-less/themes/woodmart-9ab86db9ce48449a4c43692df0ff7e17.yaml new file mode 100644 index 0000000000..deb49093f2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/woodmart-9ab86db9ce48449a4c43692df0ff7e17.yaml @@ -0,0 +1,58 @@ +id: woodmart-9ab86db9ce48449a4c43692df0ff7e17 + +info: + name: > + WoodMart <= 7.2.4 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6fc92b8f-6794-461a-b6b6-598de21f5e2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/woodmart/" + google-query: inurl:"/wp-content/themes/woodmart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,woodmart,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/woodmart/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woodmart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/woodmart-a392159f37a0ade5203b528da67d0e66.yaml b/nuclei-templates/cve-less/themes/woodmart-a392159f37a0ade5203b528da67d0e66.yaml new file mode 100644 index 0000000000..fb99278d5e --- /dev/null +++ b/nuclei-templates/cve-less/themes/woodmart-a392159f37a0ade5203b528da67d0e66.yaml @@ -0,0 +1,58 @@ +id: woodmart-a392159f37a0ade5203b528da67d0e66 + +info: + name: > + WoodMart <= 7.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9a60c4e-a524-4a99-858a-14787f37d60c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/woodmart/" + google-query: inurl:"/wp-content/themes/woodmart/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,woodmart,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/woodmart/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woodmart" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/woohoo-cc3c8c63ee92500b82ad257317be9d73.yaml b/nuclei-templates/cve-less/themes/woohoo-cc3c8c63ee92500b82ad257317be9d73.yaml new file mode 100644 index 0000000000..096e44284e --- /dev/null +++ b/nuclei-templates/cve-less/themes/woohoo-cc3c8c63ee92500b82ad257317be9d73.yaml @@ -0,0 +1,58 @@ +id: woohoo-cc3c8c63ee92500b82ad257317be9d73 + +info: + name: > + WooHoo Newspaper Magazine Theme <= 2.5.3 - Cross-Site Request Forgery to Settings Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2c657483-204c-4117-ac7c-c0522d9c3816?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/woohoo/" + google-query: inurl:"/wp-content/themes/woohoo/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,woohoo,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/woohoo/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "woohoo" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.5.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/workreap-26b89a3f8ab991ddf909838ee3f83a8f.yaml b/nuclei-templates/cve-less/themes/workreap-26b89a3f8ab991ddf909838ee3f83a8f.yaml new file mode 100644 index 0000000000..387bcd85f4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/workreap-26b89a3f8ab991ddf909838ee3f83a8f.yaml @@ -0,0 +1,58 @@ +id: workreap-26b89a3f8ab991ddf909838ee3f83a8f + +info: + name: > + Workreap <= 2.6.3 - Insecure Direct Object Reference + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9ee90c4-e9ab-426e-8b92-217de43bd2e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/workreap/" + google-query: inurl:"/wp-content/themes/workreap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,workreap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/workreap/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "workreap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/workreap-5b880f984cc2c6ee6aced998be3c7997.yaml b/nuclei-templates/cve-less/themes/workreap-5b880f984cc2c6ee6aced998be3c7997.yaml new file mode 100644 index 0000000000..c17946fa59 --- /dev/null +++ b/nuclei-templates/cve-less/themes/workreap-5b880f984cc2c6ee6aced998be3c7997.yaml @@ -0,0 +1,58 @@ +id: workreap-5b880f984cc2c6ee6aced998be3c7997 + +info: + name: > + Workreap < 2.6.3 - Insecure Direct Objection Reference to Private Message Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b37766e2-95d2-4a95-9381-ed65ce09b3d6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/workreap/" + google-query: inurl:"/wp-content/themes/workreap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,workreap,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/workreap/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "workreap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.6.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/workreap-8b0a78ba7d4de258f1d5d80e510c721b.yaml b/nuclei-templates/cve-less/themes/workreap-8b0a78ba7d4de258f1d5d80e510c721b.yaml new file mode 100644 index 0000000000..9392232b19 --- /dev/null +++ b/nuclei-templates/cve-less/themes/workreap-8b0a78ba7d4de258f1d5d80e510c721b.yaml @@ -0,0 +1,58 @@ +id: workreap-8b0a78ba7d4de258f1d5d80e510c721b + +info: + name: > + Workreap - Freelance Marketplace and Directory WordPress Theme < 2.2.2 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/59a05868-7457-4fb1-845e-bf7044d5cb81?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/workreap/" + google-query: inurl:"/wp-content/themes/workreap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,workreap,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/workreap/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "workreap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/workreap-c1a5d94e24ff3bf97db23d2e01bc94ca.yaml b/nuclei-templates/cve-less/themes/workreap-c1a5d94e24ff3bf97db23d2e01bc94ca.yaml new file mode 100644 index 0000000000..f647254beb --- /dev/null +++ b/nuclei-templates/cve-less/themes/workreap-c1a5d94e24ff3bf97db23d2e01bc94ca.yaml @@ -0,0 +1,58 @@ +id: workreap-c1a5d94e24ff3bf97db23d2e01bc94ca + +info: + name: > + Workreap < 2.2.2 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9cfa753b-dbf5-4fe7-be69-fd8972a45e44?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/workreap/" + google-query: inurl:"/wp-content/themes/workreap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,workreap,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/workreap/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "workreap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/workreap-f3ff7e279524c365a3f486be69df6e9f.yaml b/nuclei-templates/cve-less/themes/workreap-f3ff7e279524c365a3f486be69df6e9f.yaml new file mode 100644 index 0000000000..f5e75a4fa0 --- /dev/null +++ b/nuclei-templates/cve-less/themes/workreap-f3ff7e279524c365a3f486be69df6e9f.yaml @@ -0,0 +1,58 @@ +id: workreap-f3ff7e279524c365a3f486be69df6e9f + +info: + name: > + Workreap Theme < 2.2.2 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a18963cb-24c7-45b4-987d-5a8789b1ab0a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/workreap/" + google-query: inurl:"/wp-content/themes/workreap/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,workreap,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/workreap/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "workreap" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 2.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/workscout-295565d6c00c49b75df12a1f75ae3147.yaml b/nuclei-templates/cve-less/themes/workscout-295565d6c00c49b75df12a1f75ae3147.yaml new file mode 100644 index 0000000000..205364c503 --- /dev/null +++ b/nuclei-templates/cve-less/themes/workscout-295565d6c00c49b75df12a1f75ae3147.yaml @@ -0,0 +1,58 @@ +id: workscout-295565d6c00c49b75df12a1f75ae3147 + +info: + name: > + WorkScout - Job Board WordPress Theme <= 2.0.31 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3785938d-d55a-487d-8709-2d3bdd4b8c0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/workscout/" + google-query: inurl:"/wp-content/themes/workscout/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,workscout,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/workscout/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "workscout" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.31') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/wp-portfolio-10655f6004e5353e2b6a2b5ad40ac777.yaml b/nuclei-templates/cve-less/themes/wp-portfolio-10655f6004e5353e2b6a2b5ad40ac777.yaml new file mode 100644 index 0000000000..0c6332769d --- /dev/null +++ b/nuclei-templates/cve-less/themes/wp-portfolio-10655f6004e5353e2b6a2b5ad40ac777.yaml @@ -0,0 +1,58 @@ +id: wp-portfolio-10655f6004e5353e2b6a2b5ad40ac777 + +info: + name: > + WP Portfolio <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bbba961-a1e6-440a-9b39-919363f7031d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/wp-portfolio/" + google-query: inurl:"/wp-content/themes/wp-portfolio/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,wp-portfolio,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wp-portfolio/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-portfolio" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/wp-store-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/wp-store-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..cc9062dfe3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/wp-store-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: wp-store-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/wp-store/" + google-query: inurl:"/wp-content/themes/wp-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,wp-store,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wp-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/wp-store-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/wp-store-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..15c7b7dd01 --- /dev/null +++ b/nuclei-templates/cve-less/themes/wp-store-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: wp-store-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/wp-store/" + google-query: inurl:"/wp-content/themes/wp-store/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,wp-store,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wp-store/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wp-store" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/wphrm-d1dc7536ba0bbf23ad7893c422769d48.yaml b/nuclei-templates/cve-less/themes/wphrm-d1dc7536ba0bbf23ad7893c422769d48.yaml new file mode 100644 index 0000000000..d0be1bcd60 --- /dev/null +++ b/nuclei-templates/cve-less/themes/wphrm-d1dc7536ba0bbf23ad7893c422769d48.yaml @@ -0,0 +1,58 @@ +id: wphrm-d1dc7536ba0bbf23ad7893c422769d48 + +info: + name: > + WPHRM - Human Resource Management System < 1.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94d8211d-4027-4335-8c06-d8080231e511?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/wphrm/" + google-query: inurl:"/wp-content/themes/wphrm/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,wphrm,critical + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wphrm/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wphrm" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/wplms-1a3b140e25db47aa6f5e6de5d03caa41.yaml b/nuclei-templates/cve-less/themes/wplms-1a3b140e25db47aa6f5e6de5d03caa41.yaml new file mode 100644 index 0000000000..f40155916b --- /dev/null +++ b/nuclei-templates/cve-less/themes/wplms-1a3b140e25db47aa6f5e6de5d03caa41.yaml @@ -0,0 +1,58 @@ +id: wplms-1a3b140e25db47aa6f5e6de5d03caa41 + +info: + name: > + WPLMS < 4.900 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9071acdf-8d40-4e8b-8d1f-be2cabf3d66e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/wplms/" + google-query: inurl:"/wp-content/themes/wplms/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,wplms,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wplms/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wplms" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 4.900') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/wpparallax-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/wpparallax-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..281764c375 --- /dev/null +++ b/nuclei-templates/cve-less/themes/wpparallax-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: wpparallax-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/wpparallax/" + google-query: inurl:"/wp-content/themes/wpparallax/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,wpparallax,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wpparallax/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpparallax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/wpparallax-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/wpparallax-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..4d42ece026 --- /dev/null +++ b/nuclei-templates/cve-less/themes/wpparallax-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: wpparallax-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/wpparallax/" + google-query: inurl:"/wp-content/themes/wpparallax/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,wpparallax,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wpparallax/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpparallax" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/wpzoom-inspiro-pro-0d2429a44660b0fd9009cfc551d51d85.yaml b/nuclei-templates/cve-less/themes/wpzoom-inspiro-pro-0d2429a44660b0fd9009cfc551d51d85.yaml new file mode 100644 index 0000000000..d71dd49acc --- /dev/null +++ b/nuclei-templates/cve-less/themes/wpzoom-inspiro-pro-0d2429a44660b0fd9009cfc551d51d85.yaml @@ -0,0 +1,58 @@ +id: wpzoom-inspiro-pro-0d2429a44660b0fd9009cfc551d51d85 + +info: + name: > + Inspiro Pro <= 7.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fa15ee50-2cbb-4833-b512-0971eaf12ff2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/wpzoom-inspiro-pro/" + google-query: inurl:"/wp-content/themes/wpzoom-inspiro-pro/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,wpzoom-inspiro-pro,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wpzoom-inspiro-pro/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wpzoom-inspiro-pro" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 7.2.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/wyzi-business-finder-a5fba451ec49e569a6e3b33c31987240.yaml b/nuclei-templates/cve-less/themes/wyzi-business-finder-a5fba451ec49e569a6e3b33c31987240.yaml new file mode 100644 index 0000000000..3f562ff0c2 --- /dev/null +++ b/nuclei-templates/cve-less/themes/wyzi-business-finder-a5fba451ec49e569a6e3b33c31987240.yaml @@ -0,0 +1,58 @@ +id: wyzi-business-finder-a5fba451ec49e569a6e3b33c31987240 + +info: + name: > + Wyzi - Social Directory WordPress Theme <= 2.4.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/552d2d0d-1f4a-4557-ba8e-9f63acbfffba?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/wyzi-business-finder/" + google-query: inurl:"/wp-content/themes/wyzi-business-finder/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,wyzi-business-finder,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/wyzi-business-finder/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "wyzi-business-finder" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.4.2') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/x-t9-086335e3764d29c07c7d7cc4e2750c93.yaml b/nuclei-templates/cve-less/themes/x-t9-086335e3764d29c07c7d7cc4e2750c93.yaml new file mode 100644 index 0000000000..66b264ffe5 --- /dev/null +++ b/nuclei-templates/cve-less/themes/x-t9-086335e3764d29c07c7d7cc4e2750c93.yaml @@ -0,0 +1,58 @@ +id: x-t9-086335e3764d29c07c7d7cc4e2750c93 + +info: + name: > + Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3b007d8a-3096-42f3-a7be-e0e0d3addf0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/x-t9/" + google-query: inurl:"/wp-content/themes/x-t9/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,x-t9,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/x-t9/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "x-t9" + part: body + + - type: dsl + dsl: + - compare_versions(version, '< 1.19.1') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/xenon-809667597aa78113de32ecd2d78b1168.yaml b/nuclei-templates/cve-less/themes/xenon-809667597aa78113de32ecd2d78b1168.yaml new file mode 100644 index 0000000000..a08abb9bd1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/xenon-809667597aa78113de32ecd2d78b1168.yaml @@ -0,0 +1,58 @@ +id: xenon-809667597aa78113de32ecd2d78b1168 + +info: + name: > + Xenon - Bootstrap Admin Theme with AngularJS <= 1.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f2b70e27-87fb-4905-bbfa-62cca3dbb433?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/xenon/" + google-query: inurl:"/wp-content/themes/xenon/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,xenon,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/xenon/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xenon" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/xstore-015cd56d3f2f470971a1fb745e9facf8.yaml b/nuclei-templates/cve-less/themes/xstore-015cd56d3f2f470971a1fb745e9facf8.yaml new file mode 100644 index 0000000000..00e7538d46 --- /dev/null +++ b/nuclei-templates/cve-less/themes/xstore-015cd56d3f2f470971a1fb745e9facf8.yaml @@ -0,0 +1,58 @@ +id: xstore-015cd56d3f2f470971a1fb745e9facf8 + +info: + name: > + XStore <= 9.3.5 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa197b6b-be18-48c2-a7e3-d921b4ef1c54?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/xstore/" + google-query: inurl:"/wp-content/themes/xstore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,xstore,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/xstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/xstore-38fb7f7c173d005d7a2c4887d0346c93.yaml b/nuclei-templates/cve-less/themes/xstore-38fb7f7c173d005d7a2c4887d0346c93.yaml new file mode 100644 index 0000000000..1f9d00963d --- /dev/null +++ b/nuclei-templates/cve-less/themes/xstore-38fb7f7c173d005d7a2c4887d0346c93.yaml @@ -0,0 +1,58 @@ +id: xstore-38fb7f7c173d005d7a2c4887d0346c93 + +info: + name: > + XStore <= 9.3.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/415d69d9-2afd-41f8-8339-ea32fac3aa48?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/xstore/" + google-query: inurl:"/wp-content/themes/xstore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,xstore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/xstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/xstore-5eda4166c53220a4fc1a66df7cda1b76.yaml b/nuclei-templates/cve-less/themes/xstore-5eda4166c53220a4fc1a66df7cda1b76.yaml new file mode 100644 index 0000000000..04e202bb73 --- /dev/null +++ b/nuclei-templates/cve-less/themes/xstore-5eda4166c53220a4fc1a66df7cda1b76.yaml @@ -0,0 +1,58 @@ +id: xstore-5eda4166c53220a4fc1a66df7cda1b76 + +info: + name: > + XStore <= 9.3.5 - Unauthenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/683cc327-e17e-49f6-a903-f8a40bb832d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/xstore/" + google-query: inurl:"/wp-content/themes/xstore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,xstore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/xstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/xstore-8a9cd0a3b3bf0281b86f1864c19141dc.yaml b/nuclei-templates/cve-less/themes/xstore-8a9cd0a3b3bf0281b86f1864c19141dc.yaml new file mode 100644 index 0000000000..c3a724215c --- /dev/null +++ b/nuclei-templates/cve-less/themes/xstore-8a9cd0a3b3bf0281b86f1864c19141dc.yaml @@ -0,0 +1,58 @@ +id: xstore-8a9cd0a3b3bf0281b86f1864c19141dc + +info: + name: > + XStore <= 9.3.5 - Authenticated (Subscriber+) Arbitrary Options Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/19fe28c0-c0ef-49aa-91c1-2e273201babd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/xstore/" + google-query: inurl:"/wp-content/themes/xstore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,xstore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/xstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/xstore-a093f9ab0678625e44f3702b1a154c42.yaml b/nuclei-templates/cve-less/themes/xstore-a093f9ab0678625e44f3702b1a154c42.yaml new file mode 100644 index 0000000000..7a3f5010a1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/xstore-a093f9ab0678625e44f3702b1a154c42.yaml @@ -0,0 +1,58 @@ +id: xstore-a093f9ab0678625e44f3702b1a154c42 + +info: + name: > + XStore <= 9.3.5 - Unauthenticated Local File Inclusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fb4c58d-321d-453f-92b9-ae409541911b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/xstore/" + google-query: inurl:"/wp-content/themes/xstore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,xstore,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/xstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/xstore-bf873db96785a26a3145cbfaa5b26d6e.yaml b/nuclei-templates/cve-less/themes/xstore-bf873db96785a26a3145cbfaa5b26d6e.yaml new file mode 100644 index 0000000000..469b05103f --- /dev/null +++ b/nuclei-templates/cve-less/themes/xstore-bf873db96785a26a3145cbfaa5b26d6e.yaml @@ -0,0 +1,58 @@ +id: xstore-bf873db96785a26a3145cbfaa5b26d6e + +info: + name: > + XStore <= 9.3.5 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f8cc16d-4e42-47b0-8ba0-df3252071826?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/xstore/" + google-query: inurl:"/wp-content/themes/xstore/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,xstore,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/xstore/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "xstore" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 9.3.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/yourjourney-4eeae71a78a49f8b3e46b309da962e47.yaml b/nuclei-templates/cve-less/themes/yourjourney-4eeae71a78a49f8b3e46b309da962e47.yaml new file mode 100644 index 0000000000..b6fb2a678b --- /dev/null +++ b/nuclei-templates/cve-less/themes/yourjourney-4eeae71a78a49f8b3e46b309da962e47.yaml @@ -0,0 +1,58 @@ +id: yourjourney-4eeae71a78a49f8b3e46b309da962e47 + +info: + name: > + Your Journey <= 1.9.8 - Prototype Pollution to Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c738e051-ad1c-4115-94d3-127dd5dff935?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/yourjourney/" + google-query: inurl:"/wp-content/themes/yourjourney/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,yourjourney,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/yourjourney/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yourjourney" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.9.8') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/yuki-2820877b5dbf766c7f6817fd492690e8.yaml b/nuclei-templates/cve-less/themes/yuki-2820877b5dbf766c7f6817fd492690e8.yaml new file mode 100644 index 0000000000..cd1359f527 --- /dev/null +++ b/nuclei-templates/cve-less/themes/yuki-2820877b5dbf766c7f6817fd492690e8.yaml @@ -0,0 +1,58 @@ +id: yuki-2820877b5dbf766c7f6817fd492690e8 + +info: + name: > + Yuki <= 1.3.14 - Cross-Site Request Forgery to Theme Setting Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dfb760fb-f281-4649-9bd3-92f8e281f07e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/yuki/" + google-query: inurl:"/wp-content/themes/yuki/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,yuki,medium + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/yuki/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yuki" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.14') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/yuki-3787d9c397d58c6e8f2c674f16ffe8c1.yaml b/nuclei-templates/cve-less/themes/yuki-3787d9c397d58c6e8f2c674f16ffe8c1.yaml new file mode 100644 index 0000000000..10275233a1 --- /dev/null +++ b/nuclei-templates/cve-less/themes/yuki-3787d9c397d58c6e8f2c674f16ffe8c1.yaml @@ -0,0 +1,58 @@ +id: yuki-3787d9c397d58c6e8f2c674f16ffe8c1 + +info: + name: > + Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d964e0ef-f14e-463b-bf4e-3f25788df03c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/yuki/" + google-query: inurl:"/wp-content/themes/yuki/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,yuki,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/yuki/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "yuki" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.3.13') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/zeever-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml b/nuclei-templates/cve-less/themes/zeever-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml new file mode 100644 index 0000000000..2be2574ebd --- /dev/null +++ b/nuclei-templates/cve-less/themes/zeever-0eadfcaa632fa9ba5901b3c6b61b28a7.yaml @@ -0,0 +1,58 @@ +id: zeever-0eadfcaa632fa9ba5901b3c6b61b28a7 + +info: + name: > + Multiple Themes by jegstudio <= (Various Versions) - Missing Authorization to Notice Dismissal + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edb34ad0-352e-462e-a7f1-64a804a760ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/zeever/" + google-query: inurl:"/wp-content/themes/zeever/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,zeever,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zeever/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zeever" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.1.0') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/zenlite-2c9dd1c9df5c34a137e9f118a0781a3d.yaml b/nuclei-templates/cve-less/themes/zenlite-2c9dd1c9df5c34a137e9f118a0781a3d.yaml new file mode 100644 index 0000000000..588ce9f9c4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/zenlite-2c9dd1c9df5c34a137e9f118a0781a3d.yaml @@ -0,0 +1,58 @@ +id: zenlite-2c9dd1c9df5c34a137e9f118a0781a3d + +info: + name: > + ZenLite <= 4.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68042416-efa6-4814-a8d9-c74ab652c4ed?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/zenlite/" + google-query: inurl:"/wp-content/themes/zenlite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,zenlite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zenlite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zenlite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 4.3') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/zigcy-baby-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/zigcy-baby-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..fcf7db20e4 --- /dev/null +++ b/nuclei-templates/cve-less/themes/zigcy-baby-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: zigcy-baby-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/zigcy-baby/" + google-query: inurl:"/wp-content/themes/zigcy-baby/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,zigcy-baby,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zigcy-baby/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zigcy-baby" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/zigcy-baby-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/zigcy-baby-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..e74e863057 --- /dev/null +++ b/nuclei-templates/cve-less/themes/zigcy-baby-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: zigcy-baby-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/zigcy-baby/" + google-query: inurl:"/wp-content/themes/zigcy-baby/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,zigcy-baby,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zigcy-baby/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zigcy-baby" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.6') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/zigcy-cosmetics-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/zigcy-cosmetics-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..71326b1af3 --- /dev/null +++ b/nuclei-templates/cve-less/themes/zigcy-cosmetics-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: zigcy-cosmetics-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/zigcy-cosmetics/" + google-query: inurl:"/wp-content/themes/zigcy-cosmetics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,zigcy-cosmetics,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zigcy-cosmetics/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zigcy-cosmetics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/zigcy-cosmetics-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/zigcy-cosmetics-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..3e6410ed7f --- /dev/null +++ b/nuclei-templates/cve-less/themes/zigcy-cosmetics-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: zigcy-cosmetics-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/zigcy-cosmetics/" + google-query: inurl:"/wp-content/themes/zigcy-cosmetics/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,zigcy-cosmetics,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zigcy-cosmetics/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zigcy-cosmetics" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 1.0.5') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/zigcy-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml b/nuclei-templates/cve-less/themes/zigcy-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml new file mode 100644 index 0000000000..f22374e5fa --- /dev/null +++ b/nuclei-templates/cve-less/themes/zigcy-lite-6ca6c33ebd7ae06f9203f7a1178920a1.yaml @@ -0,0 +1,58 @@ +id: zigcy-lite-6ca6c33ebd7ae06f9203f7a1178920a1 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Missing Authorization to Arbitrary Plugin Deactivation/Activation + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9e15727a-35c4-42c0-9997-cdcd40ac8e5f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/zigcy-lite/" + google-query: inurl:"/wp-content/themes/zigcy-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,zigcy-lite,high + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zigcy-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zigcy-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/themes/zigcy-lite-f89ee1fe18d2f93346e76054105f5916.yaml b/nuclei-templates/cve-less/themes/zigcy-lite-f89ee1fe18d2f93346e76054105f5916.yaml new file mode 100644 index 0000000000..514203c1f0 --- /dev/null +++ b/nuclei-templates/cve-less/themes/zigcy-lite-f89ee1fe18d2f93346e76054105f5916.yaml @@ -0,0 +1,58 @@ +id: zigcy-lite-f89ee1fe18d2f93346e76054105f5916 + +info: + name: > + AccessPress Themes and Plugin <= Various Versions - Authenticated (Subscriber+) Arbitrary File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ef1a097-955c-4a0e-a1a2-b34ae2903d0e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + fofa-query: "wp-content/themes/zigcy-lite/" + google-query: inurl:"/wp-content/themes/zigcy-lite/" + shodan-query: 'vuln:' + tags: cve,wordpress,wp-theme,zigcy-lite,low + +http: + - method: GET + redirects: true + max-redirects: 3 + path: + - "{{BaseURL}}/wp-content/themes/zigcy-lite/style.css" + + extractors: + - type: regex + name: version + part: body + group: 1 + internal: true + regex: + - "(?mi)Version: ([0-9.]+)" + + - type: regex + name: version + part: body + group: 1 + regex: + - "(?mi)Version: ([0-9.]+)" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "zigcy-lite" + part: body + + - type: dsl + dsl: + - compare_versions(version, '<= 2.0.9') \ No newline at end of file diff --git a/nuclei-templates/cve-less/unknown/wordpress-0042364065f970f48ab5056dcb1d420a.yaml b/nuclei-templates/cve-less/unknown/wordpress-0042364065f970f48ab5056dcb1d420a.yaml new file mode 100644 index 0000000000..33c4f168f5 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-0042364065f970f48ab5056dcb1d420a.yaml @@ -0,0 +1,60 @@ +id: wordpress-0042364065f970f48ab5056dcb1d420a + +info: + name: > + WordPress Core < 2.0.5 - User Metadata Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91531e13-5344-442c-99d3-8ccfd61b715d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.4') + - compare_versions(version_by_js, '<= 2.0.4') + - compare_versions(version_by_css, '<= 2.0.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-0172488aa035b017b8e0c4e3e3cf4cc6.yaml b/nuclei-templates/cve-less/unknown/wordpress-0172488aa035b017b8e0c4e3e3cf4cc6.yaml new file mode 100644 index 0000000000..0de33021e0 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-0172488aa035b017b8e0c4e3e3cf4cc6.yaml @@ -0,0 +1,60 @@ +id: wordpress-0172488aa035b017b8e0c4e3e3cf4cc6 + +info: + name: > + WordPress Core < 5.4.2 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bc6a8c0e-1136-41ff-bfc2-450434aa6326?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_js, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_css, '>= 5.3', '<= 5.3.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-0237978a3384b095d5321701a9e4c218.yaml b/nuclei-templates/cve-less/unknown/wordpress-0237978a3384b095d5321701a9e4c218.yaml new file mode 100644 index 0000000000..f0b73f131b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-0237978a3384b095d5321701a9e4c218.yaml @@ -0,0 +1,60 @@ +id: wordpress-0237978a3384b095d5321701a9e4c218 + +info: + name: > + WordPress Core & WordPress MU < 2.8.1 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79ea853e-9d1d-4be0-8fd4-a80a924018ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8') + - compare_versions(version_by_js, '<= 2.8') + - compare_versions(version_by_css, '<= 2.8') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-02631bececa52d06693d83ca2861605d.yaml b/nuclei-templates/cve-less/unknown/wordpress-02631bececa52d06693d83ca2861605d.yaml new file mode 100644 index 0000000000..6d2b97aefb --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-02631bececa52d06693d83ca2861605d.yaml @@ -0,0 +1,60 @@ +id: wordpress-02631bececa52d06693d83ca2861605d + +info: + name: > + WordPress Core < 3.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7c70db1-5058-45e5-bd12-3e2cab0338ad?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.3.1') + - compare_versions(version_by_js, '<= 3.3.1') + - compare_versions(version_by_css, '<= 3.3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-026d101570c060723759d89bd6e308cf.yaml b/nuclei-templates/cve-less/unknown/wordpress-026d101570c060723759d89bd6e308cf.yaml new file mode 100644 index 0000000000..5423b6cf56 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-026d101570c060723759d89bd6e308cf.yaml @@ -0,0 +1,60 @@ +id: wordpress-026d101570c060723759d89bd6e308cf + +info: + name: > + WordPress Core < 4.2.4 - Cross-Site Request Forgery to Post Lockage + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/812d99bc-8d86-44a9-bafa-be8ce979229c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_js, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_css, '>= 4.2', '<= 4.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-0422552738ed57c09ee0769345670612.yaml b/nuclei-templates/cve-less/unknown/wordpress-0422552738ed57c09ee0769345670612.yaml new file mode 100644 index 0000000000..c2a148d75a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-0422552738ed57c09ee0769345670612.yaml @@ -0,0 +1,60 @@ +id: wordpress-0422552738ed57c09ee0769345670612 + +info: + name: > + WordPress Core < 3.3.2 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f419b83c-9253-4ca6-a02a-7daad1819581?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.3.1') + - compare_versions(version_by_js, '<= 3.3.1') + - compare_versions(version_by_css, '<= 3.3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-066a3076f693bdf1acf756f1b6327c5f.yaml b/nuclei-templates/cve-less/unknown/wordpress-066a3076f693bdf1acf756f1b6327c5f.yaml new file mode 100644 index 0000000000..1e9f2b295e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-066a3076f693bdf1acf756f1b6327c5f.yaml @@ -0,0 +1,60 @@ +id: wordpress-066a3076f693bdf1acf756f1b6327c5f + +info: + name: > + WordPress Core < 2.3.3 & WordPress MU < 1.3.2 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8afcb18c-71e6-4c77-b0f9-0700ee05966e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.3.2') + - compare_versions(version_by_js, '<= 2.3.2') + - compare_versions(version_by_css, '<= 2.3.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-06a1f246d74b734b86d335ccd2dc4a01.yaml b/nuclei-templates/cve-less/unknown/wordpress-06a1f246d74b734b86d335ccd2dc4a01.yaml new file mode 100644 index 0000000000..33c29f8dd1 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-06a1f246d74b734b86d335ccd2dc4a01.yaml @@ -0,0 +1,60 @@ +id: wordpress-06a1f246d74b734b86d335ccd2dc4a01 + +info: + name: > + WordPress Core <= 1.5.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/35ac717c-e299-4a56-bead-cb1d050da75c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 1.5.1.2') + - compare_versions(version_by_js, '<= 1.5.1.2') + - compare_versions(version_by_css, '<= 1.5.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-06eaa8e1425630a567e0b531b6144921.yaml b/nuclei-templates/cve-less/unknown/wordpress-06eaa8e1425630a567e0b531b6144921.yaml new file mode 100644 index 0000000000..8f5c2399c9 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-06eaa8e1425630a567e0b531b6144921.yaml @@ -0,0 +1,60 @@ +id: wordpress-06eaa8e1425630a567e0b531b6144921 + +info: + name: > + WordPress Core < 4.5.3 - Cross-Site Scripting via Customizer + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/16102d4c-86d6-471e-b787-54e4bc14b5a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_js, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_css, '>= 4.5', '<= 4.5.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-072624dc7d74f6a2cec4f67acf2de9d1.yaml b/nuclei-templates/cve-less/unknown/wordpress-072624dc7d74f6a2cec4f67acf2de9d1.yaml new file mode 100644 index 0000000000..91249b0d0d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-072624dc7d74f6a2cec4f67acf2de9d1.yaml @@ -0,0 +1,60 @@ +id: wordpress-072624dc7d74f6a2cec4f67acf2de9d1 + +info: + name: > + WordPress Core < 4.9.5 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd23b9cd-3492-4f6f-b90d-5215e175c1e3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.9', '<= 4.9.4') + - compare_versions(version_by_js, '>= 4.9', '<= 4.9.4') + - compare_versions(version_by_css, '>= 4.9', '<= 4.9.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-07ca900da4dc5001e6cb25234fc6e73d.yaml b/nuclei-templates/cve-less/unknown/wordpress-07ca900da4dc5001e6cb25234fc6e73d.yaml new file mode 100644 index 0000000000..c44bb647ed --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-07ca900da4dc5001e6cb25234fc6e73d.yaml @@ -0,0 +1,60 @@ +id: wordpress-07ca900da4dc5001e6cb25234fc6e73d + +info: + name: > + WordPress Core < 4.8.2 - Cross-Site Scripting via Javascript: and Data: URLs + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fe1301d9-738b-485f-b8db-c23c16e4f99d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_js, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_css, '>= 4.8', '<= 4.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-0a463c0e0d577561524cb644f755db53.yaml b/nuclei-templates/cve-less/unknown/wordpress-0a463c0e0d577561524cb644f755db53.yaml new file mode 100644 index 0000000000..0b48facf67 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-0a463c0e0d577561524cb644f755db53.yaml @@ -0,0 +1,60 @@ +id: wordpress-0a463c0e0d577561524cb644f755db53 + +info: + name: > + WordPress Core & WordPress MU < 2.8.1 - Username Enumeration + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08f83fd1-5e8c-472f-819a-6078a5d2a56b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8') + - compare_versions(version_by_js, '<= 2.8') + - compare_versions(version_by_css, '<= 2.8') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-0a8a35fbbc78dd50ed9a1fd51d25c173.yaml b/nuclei-templates/cve-less/unknown/wordpress-0a8a35fbbc78dd50ed9a1fd51d25c173.yaml new file mode 100644 index 0000000000..169bc18029 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-0a8a35fbbc78dd50ed9a1fd51d25c173.yaml @@ -0,0 +1,60 @@ +id: wordpress-0a8a35fbbc78dd50ed9a1fd51d25c173 + +info: + name: > + WordPress Core < 4.7.3 - Cross-Site Scripting via Taxonomy names + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/98acac5c-65d7-4aaf-adcc-a58515c28fc3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-0ae1ba28e23d58a365d7073e99c6de1b.yaml b/nuclei-templates/cve-less/unknown/wordpress-0ae1ba28e23d58a365d7073e99c6de1b.yaml new file mode 100644 index 0000000000..670fc9bf75 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-0ae1ba28e23d58a365d7073e99c6de1b.yaml @@ -0,0 +1,60 @@ +id: wordpress-0ae1ba28e23d58a365d7073e99c6de1b + +info: + name: > + WordPress Core < 2.1 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/94332eb8-0961-4c8d-97bb-3d5d08e8119f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.1') + - compare_versions(version_by_js, '< 2.1') + - compare_versions(version_by_css, '< 2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-0b50f0f28babbc448215255d35b08cbd.yaml b/nuclei-templates/cve-less/unknown/wordpress-0b50f0f28babbc448215255d35b08cbd.yaml new file mode 100644 index 0000000000..dc1de8d035 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-0b50f0f28babbc448215255d35b08cbd.yaml @@ -0,0 +1,60 @@ +id: wordpress-0b50f0f28babbc448215255d35b08cbd + +info: + name: > + WordPress Core < 4.9.1 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0b4ec57a-c52a-40c1-897a-db67efbd7177?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.9') + - compare_versions(version_by_js, '4.9') + - compare_versions(version_by_css, '4.9') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-0cd25473d47849a11f534f0b196b97ae.yaml b/nuclei-templates/cve-less/unknown/wordpress-0cd25473d47849a11f534f0b196b97ae.yaml new file mode 100644 index 0000000000..1767b65413 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-0cd25473d47849a11f534f0b196b97ae.yaml @@ -0,0 +1,60 @@ +id: wordpress-0cd25473d47849a11f534f0b196b97ae + +info: + name: > + WordPress Core < 4.6 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da8d1659-c532-4020-be16-527c1437952a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 4.6') + - compare_versions(version_by_js, '< 4.6') + - compare_versions(version_by_css, '< 4.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-0d3f9dd10d8064109eb7d0fcaaa9781a.yaml b/nuclei-templates/cve-less/unknown/wordpress-0d3f9dd10d8064109eb7d0fcaaa9781a.yaml new file mode 100644 index 0000000000..a4b1c84e3f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-0d3f9dd10d8064109eb7d0fcaaa9781a.yaml @@ -0,0 +1,60 @@ +id: wordpress-0d3f9dd10d8064109eb7d0fcaaa9781a + +info: + name: > + WordPress Core <= 3.5.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e1e973e3-f2a2-465c-aec7-5a7d4290c00b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.5.1') + - compare_versions(version_by_js, '<= 3.5.1') + - compare_versions(version_by_css, '<= 3.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-0fee042b6a20e8a086589f7c49af6cff.yaml b/nuclei-templates/cve-less/unknown/wordpress-0fee042b6a20e8a086589f7c49af6cff.yaml new file mode 100644 index 0000000000..1cc77b17e5 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-0fee042b6a20e8a086589f7c49af6cff.yaml @@ -0,0 +1,60 @@ +id: wordpress-0fee042b6a20e8a086589f7c49af6cff + +info: + name: > + WordPress Core < 5.7.1 - XXE Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9df45c8e-c040-4031-9c51-4c43d12f08b0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.7', '< 5.7.1') + - compare_versions(version_by_js, '>= 5.7', '< 5.7.1') + - compare_versions(version_by_css, '>= 5.7', '< 5.7.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-1102f5d7c1c9264053f1bc000dbf9c63.yaml b/nuclei-templates/cve-less/unknown/wordpress-1102f5d7c1c9264053f1bc000dbf9c63.yaml new file mode 100644 index 0000000000..d6dd511dec --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-1102f5d7c1c9264053f1bc000dbf9c63.yaml @@ -0,0 +1,60 @@ +id: wordpress-1102f5d7c1c9264053f1bc000dbf9c63 + +info: + name: > + WordPress Core <= 3.9.1 - XML External Entity (XXE) Weakness + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ac39498-3171-4d91-a911-381c8ed751dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.9.2') + - compare_versions(version_by_js, '< 3.9.2') + - compare_versions(version_by_css, '< 3.9.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-11ad77b375218c092b9d958404588a21.yaml b/nuclei-templates/cve-less/unknown/wordpress-11ad77b375218c092b9d958404588a21.yaml new file mode 100644 index 0000000000..27131fea1f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-11ad77b375218c092b9d958404588a21.yaml @@ -0,0 +1,60 @@ +id: wordpress-11ad77b375218c092b9d958404588a21 + +info: + name: > + WordPress Core < 4.7.5 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d357f92a-3c20-4972-af4d-65053027d31c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-11c49c812e1dbe37ef382e53f5b155cb.yaml b/nuclei-templates/cve-less/unknown/wordpress-11c49c812e1dbe37ef382e53f5b155cb.yaml new file mode 100644 index 0000000000..c1ab8bddc4 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-11c49c812e1dbe37ef382e53f5b155cb.yaml @@ -0,0 +1,60 @@ +id: wordpress-11c49c812e1dbe37ef382e53f5b155cb + +info: + name: > + WordPress Core < 6.0.3 - Stored Cross-Site Scripting via wp-mail.php + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eadbfb77-fb9a-4363-acc8-8dd9b87820eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 6.0', '<= 6.0.2') + - compare_versions(version_by_js, '>= 6.0', '<= 6.0.2') + - compare_versions(version_by_css, '>= 6.0', '<= 6.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-12b542c9c6e5694670c0b26901250872.yaml b/nuclei-templates/cve-less/unknown/wordpress-12b542c9c6e5694670c0b26901250872.yaml new file mode 100644 index 0000000000..1d33c4b938 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-12b542c9c6e5694670c0b26901250872.yaml @@ -0,0 +1,60 @@ +id: wordpress-12b542c9c6e5694670c0b26901250872 + +info: + name: > + WordPress Core < 5.2.4 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eaea07ad-e6f1-4f23-a508-94203967af7f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-134a1dabe92be141f3cf9a4c6b83a0a4.yaml b/nuclei-templates/cve-less/unknown/wordpress-134a1dabe92be141f3cf9a4c6b83a0a4.yaml new file mode 100644 index 0000000000..8a4c35cb90 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-134a1dabe92be141f3cf9a4c6b83a0a4.yaml @@ -0,0 +1,60 @@ +id: wordpress-134a1dabe92be141f3cf9a4c6b83a0a4 + +info: + name: > + WordPress Core < 4.2.2 - Cross-Site Scripting via Comments + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7dff5a77-a5d6-4aba-bf39-aa110a4f4996?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.2', '<= 4.2.1') + - compare_versions(version_by_js, '>= 4.2', '<= 4.2.1') + - compare_versions(version_by_css, '>= 4.2', '<= 4.2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-136966708251602ce9c1073ea31fe905.yaml b/nuclei-templates/cve-less/unknown/wordpress-136966708251602ce9c1073ea31fe905.yaml new file mode 100644 index 0000000000..d9f28039f3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-136966708251602ce9c1073ea31fe905.yaml @@ -0,0 +1,60 @@ +id: wordpress-136966708251602ce9c1073ea31fe905 + +info: + name: > + WordPress Core < 4.5.3 - Revision History Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/10a811f3-0c5b-4e06-a9bb-338d36d0b5eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_js, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_css, '>= 4.5', '<= 4.5.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-141c7f9cf7e30f994110491cc5e7c119.yaml b/nuclei-templates/cve-less/unknown/wordpress-141c7f9cf7e30f994110491cc5e7c119.yaml new file mode 100644 index 0000000000..31084f25f6 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-141c7f9cf7e30f994110491cc5e7c119.yaml @@ -0,0 +1,60 @@ +id: wordpress-141c7f9cf7e30f994110491cc5e7c119 + +info: + name: > + WordPress Core <= 2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f460d529-f15e-4c23-ad67-94d3f4bc0c2e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.2') + - compare_versions(version_by_js, '<= 2.2') + - compare_versions(version_by_css, '<= 2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-148a48158ed2a590392455c4205415e9.yaml b/nuclei-templates/cve-less/unknown/wordpress-148a48158ed2a590392455c4205415e9.yaml new file mode 100644 index 0000000000..c437c79f39 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-148a48158ed2a590392455c4205415e9.yaml @@ -0,0 +1,60 @@ +id: wordpress-148a48158ed2a590392455c4205415e9 + +info: + name: > + WordPress Core <= 3.1.2 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/861da9ac-fd73-4bb5-bc39-baf9efe71899?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.1.2') + - compare_versions(version_by_js, '<= 3.1.2') + - compare_versions(version_by_css, '<= 3.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-149dcf7cdb4497ad56e6c587550c43ab.yaml b/nuclei-templates/cve-less/unknown/wordpress-149dcf7cdb4497ad56e6c587550c43ab.yaml new file mode 100644 index 0000000000..f567c0d822 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-149dcf7cdb4497ad56e6c587550c43ab.yaml @@ -0,0 +1,60 @@ +id: wordpress-149dcf7cdb4497ad56e6c587550c43ab + +info: + name: > + WordPress Core < 4.7.3 - Cross-Site Scripting via Media Metadata + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/40502842-8505-41fb-9d3a-a5d567040921?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-16724a47d5d49b2de1c09e908584f9d1.yaml b/nuclei-templates/cve-less/unknown/wordpress-16724a47d5d49b2de1c09e908584f9d1.yaml new file mode 100644 index 0000000000..7798ce329b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-16724a47d5d49b2de1c09e908584f9d1.yaml @@ -0,0 +1,60 @@ +id: wordpress-16724a47d5d49b2de1c09e908584f9d1 + +info: + name: > + WordPress Core 5.8 beta - Stored Cross-Site Scripting in Custom HTML Block + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ba4aabcc-9db8-4385-90c2-58ed93df8f9d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.8 beta 1', '<= 5.8 beta 2') + - compare_versions(version_by_js, '>= 5.8 beta 1', '<= 5.8 beta 2') + - compare_versions(version_by_css, '>= 5.8 beta 1', '<= 5.8 beta 2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-172cb25c60ec97a4292f9de3be08e5ed.yaml b/nuclei-templates/cve-less/unknown/wordpress-172cb25c60ec97a4292f9de3be08e5ed.yaml new file mode 100644 index 0000000000..9626d9acd1 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-172cb25c60ec97a4292f9de3be08e5ed.yaml @@ -0,0 +1,60 @@ +id: wordpress-172cb25c60ec97a4292f9de3be08e5ed + +info: + name: > + WordPress Core <= 2.2.1 - Authenticated (Admin+) Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8f896e4a-565a-4545-9683-045cd08ccca0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.2.1') + - compare_versions(version_by_js, '<= 2.2.1') + - compare_versions(version_by_css, '<= 2.2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-1793fc29de6c51f3e1cf00f2d46b91e7.yaml b/nuclei-templates/cve-less/unknown/wordpress-1793fc29de6c51f3e1cf00f2d46b91e7.yaml new file mode 100644 index 0000000000..6285f03703 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-1793fc29de6c51f3e1cf00f2d46b91e7.yaml @@ -0,0 +1,60 @@ +id: wordpress-1793fc29de6c51f3e1cf00f2d46b91e7 + +info: + name: > + WordPress Core < 4.4.1 - Cross-Site Scripting via Theme Names + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8acf7327-2cdc-44ad-a04c-01cb0337d510?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.4') + - compare_versions(version_by_js, '4.4') + - compare_versions(version_by_css, '4.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-189bad7014e697047ef9a98286efd4ba.yaml b/nuclei-templates/cve-less/unknown/wordpress-189bad7014e697047ef9a98286efd4ba.yaml new file mode 100644 index 0000000000..08cc80efc4 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-189bad7014e697047ef9a98286efd4ba.yaml @@ -0,0 +1,60 @@ +id: wordpress-189bad7014e697047ef9a98286efd4ba + +info: + name: > + WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9498085-87c7-47e7-aac8-c0397264a7eb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_js, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_css, '>= 4.5', '<= 4.5.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-18a5b5370a8a2a0e00ab61aae434745f.yaml b/nuclei-templates/cve-less/unknown/wordpress-18a5b5370a8a2a0e00ab61aae434745f.yaml new file mode 100644 index 0000000000..1418aada3a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-18a5b5370a8a2a0e00ab61aae434745f.yaml @@ -0,0 +1,60 @@ +id: wordpress-18a5b5370a8a2a0e00ab61aae434745f + +info: + name: > + WordPress Core - All known versions - Unauthenticated Blind Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/112ed4f2-fe91-4d83-a3f7-eaf889870af4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= *') + - compare_versions(version_by_js, '<= *') + - compare_versions(version_by_css, '<= *') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-19e5f7c5a5cf8056d79bfab611f4ed1f.yaml b/nuclei-templates/cve-less/unknown/wordpress-19e5f7c5a5cf8056d79bfab611f4ed1f.yaml new file mode 100644 index 0000000000..0a60e5edac --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-19e5f7c5a5cf8056d79bfab611f4ed1f.yaml @@ -0,0 +1,60 @@ +id: wordpress-19e5f7c5a5cf8056d79bfab611f4ed1f + +info: + name: > + WordPress Core 1.5 - 2.3.1 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e9ec79e5-9f02-4a73-9437-58821ca855ef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 1.5', '<= 2.3.1') + - compare_versions(version_by_js, '>= 1.5', '<= 2.3.1') + - compare_versions(version_by_css, '>= 1.5', '<= 2.3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-1a0062d262d11a0e571fdb5d124e9b53.yaml b/nuclei-templates/cve-less/unknown/wordpress-1a0062d262d11a0e571fdb5d124e9b53.yaml new file mode 100644 index 0000000000..b1e5ba9ed4 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-1a0062d262d11a0e571fdb5d124e9b53.yaml @@ -0,0 +1,60 @@ +id: wordpress-1a0062d262d11a0e571fdb5d124e9b53 + +info: + name: > + WordPress Core <= 2.0.4 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83ec5fa5-2fd9-4c7d-a2f1-de885746d2d3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.4') + - compare_versions(version_by_js, '<= 2.0.4') + - compare_versions(version_by_css, '<= 2.0.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-1a4d30d913bd53f3bf815169c43ac1ad.yaml b/nuclei-templates/cve-less/unknown/wordpress-1a4d30d913bd53f3bf815169c43ac1ad.yaml new file mode 100644 index 0000000000..fc18072fe6 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-1a4d30d913bd53f3bf815169c43ac1ad.yaml @@ -0,0 +1,60 @@ +id: wordpress-1a4d30d913bd53f3bf815169c43ac1ad + +info: + name: > + WordPress Core < 4.7.1 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fd4ac2b0-120a-4e68-bf8d-e039336fe9dc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.0') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.0') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-1abbfdf71617c6521db72363fb8c98ab.yaml b/nuclei-templates/cve-less/unknown/wordpress-1abbfdf71617c6521db72363fb8c98ab.yaml new file mode 100644 index 0000000000..ab3ff12cd6 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-1abbfdf71617c6521db72363fb8c98ab.yaml @@ -0,0 +1,60 @@ +id: wordpress-1abbfdf71617c6521db72363fb8c98ab + +info: + name: > + WordPress Core < 5.2.3 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3802cbf7-6725-4f93-a178-2af02bb022a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-1e1fa5fdfbcb7b439b21c342af8ea92b.yaml b/nuclei-templates/cve-less/unknown/wordpress-1e1fa5fdfbcb7b439b21c342af8ea92b.yaml new file mode 100644 index 0000000000..ba93db6911 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-1e1fa5fdfbcb7b439b21c342af8ea92b.yaml @@ -0,0 +1,60 @@ +id: wordpress-1e1fa5fdfbcb7b439b21c342af8ea92b + +info: + name: > + WordPress Core < 3.6.1 - .swf and .exe File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ae92bd0c-936c-4fae-8c0c-c94706568527?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.6.1') + - compare_versions(version_by_js, '< 3.6.1') + - compare_versions(version_by_css, '< 3.6.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-1ea3d08c9b81a694b2e0d96737c7ca52.yaml b/nuclei-templates/cve-less/unknown/wordpress-1ea3d08c9b81a694b2e0d96737c7ca52.yaml new file mode 100644 index 0000000000..721d92e3f3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-1ea3d08c9b81a694b2e0d96737c7ca52.yaml @@ -0,0 +1,60 @@ +id: wordpress-1ea3d08c9b81a694b2e0d96737c7ca52 + +info: + name: > + WordPress Core < 4.1.2 - Cross-Site Scripting via Ephox in Plupload + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6346024c-61d5-4f73-b7f2-3a8fd3fb838e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.1', '<= 4.1.1') + - compare_versions(version_by_js, '>= 4.1', '<= 4.1.1') + - compare_versions(version_by_css, '>= 4.1', '<= 4.1.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-1f6e4ff349c5d43ed15c60cbc1c09fa3.yaml b/nuclei-templates/cve-less/unknown/wordpress-1f6e4ff349c5d43ed15c60cbc1c09fa3.yaml new file mode 100644 index 0000000000..fc07e7ca46 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-1f6e4ff349c5d43ed15c60cbc1c09fa3.yaml @@ -0,0 +1,60 @@ +id: wordpress-1f6e4ff349c5d43ed15c60cbc1c09fa3 + +info: + name: > + WordPress Core < 4.8.2 - Directory Traversal via Customizer + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bbe9eed9-9a96-47da-95fa-b942817a9d4f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_js, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_css, '>= 4.8', '<= 4.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-1f95c80da7bf46a567f64a143a9b6f0f.yaml b/nuclei-templates/cve-less/unknown/wordpress-1f95c80da7bf46a567f64a143a9b6f0f.yaml new file mode 100644 index 0000000000..9dd44f9258 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-1f95c80da7bf46a567f64a143a9b6f0f.yaml @@ -0,0 +1,60 @@ +id: wordpress-1f95c80da7bf46a567f64a143a9b6f0f + +info: + name: > + WordPress Core <= 3.5.1 - Denial of Service via wp-postpass cookie + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c0bba475-b498-4c2d-a3f2-f4766a2b8616?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.5.2') + - compare_versions(version_by_js, '< 3.5.2') + - compare_versions(version_by_css, '< 3.5.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-2034cdfa4d915e35ef9771b3de5a3733.yaml b/nuclei-templates/cve-less/unknown/wordpress-2034cdfa4d915e35ef9771b3de5a3733.yaml new file mode 100644 index 0000000000..b1c1faa736 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-2034cdfa4d915e35ef9771b3de5a3733.yaml @@ -0,0 +1,60 @@ +id: wordpress-2034cdfa4d915e35ef9771b3de5a3733 + +info: + name: > + WordPress Core < 3.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fe1178e-aca3-4f52-85e1-7d04b866a073?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.0.2') + - compare_versions(version_by_js, '< 3.0.2') + - compare_versions(version_by_css, '< 3.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-2059eacfa2b817cc7e2dee40b1d8ccd8.yaml b/nuclei-templates/cve-less/unknown/wordpress-2059eacfa2b817cc7e2dee40b1d8ccd8.yaml new file mode 100644 index 0000000000..0c030792b8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-2059eacfa2b817cc7e2dee40b1d8ccd8.yaml @@ -0,0 +1,60 @@ +id: wordpress-2059eacfa2b817cc7e2dee40b1d8ccd8 + +info: + name: > + WordPress Core < 4.7.5 - Stored Cross-Site Scripting via filenames + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/043d64ed-78dd-442e-87c9-92b5b64260b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-21896796785dd6864271e535041a630e.yaml b/nuclei-templates/cve-less/unknown/wordpress-21896796785dd6864271e535041a630e.yaml new file mode 100644 index 0000000000..22f7f0bf00 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-21896796785dd6864271e535041a630e.yaml @@ -0,0 +1,60 @@ +id: wordpress-21896796785dd6864271e535041a630e + +info: + name: > + WordPress Core < 5.1.1 - Cross-Site Request Forgery to Cross-Site Scripting via Comments + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a50531df-e876-463c-a06b-16b2f30aeefe?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.1') + - compare_versions(version_by_js, '5.1') + - compare_versions(version_by_css, '5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-2250da6b6f83d2978f8b20e578c03ce4.yaml b/nuclei-templates/cve-less/unknown/wordpress-2250da6b6f83d2978f8b20e578c03ce4.yaml new file mode 100644 index 0000000000..d5364b255e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-2250da6b6f83d2978f8b20e578c03ce4.yaml @@ -0,0 +1,60 @@ +id: wordpress-2250da6b6f83d2978f8b20e578c03ce4 + +info: + name: > + WordPress Core < 2.0.3 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cc0d15ab-e0a4-4ac5-8558-23aeaf00b11a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.2') + - compare_versions(version_by_js, '<= 2.0.2') + - compare_versions(version_by_css, '<= 2.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-231a713e0f5b7a207298611b69cf2d2e.yaml b/nuclei-templates/cve-less/unknown/wordpress-231a713e0f5b7a207298611b69cf2d2e.yaml new file mode 100644 index 0000000000..8c488165e7 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-231a713e0f5b7a207298611b69cf2d2e.yaml @@ -0,0 +1,60 @@ +id: wordpress-231a713e0f5b7a207298611b69cf2d2e + +info: + name: > + WordPress Core < 5.5.3 - PHP Object Injection Gadget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6345d360-5f58-44d2-bc2d-1a20ee43e146?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.5', '< 5.5.3') + - compare_versions(version_by_js, '>= 5.5', '< 5.5.3') + - compare_versions(version_by_css, '>= 5.5', '< 5.5.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-23b280de753c54a779bef1b8400aad8b.yaml b/nuclei-templates/cve-less/unknown/wordpress-23b280de753c54a779bef1b8400aad8b.yaml new file mode 100644 index 0000000000..fb4f640867 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-23b280de753c54a779bef1b8400aad8b.yaml @@ -0,0 +1,60 @@ +id: wordpress-23b280de753c54a779bef1b8400aad8b + +info: + name: > + WordPress Core <= 2.2 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ac4c6bd8-179f-4553-b1b4-549300bae374?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.2') + - compare_versions(version_by_js, '<= 2.2') + - compare_versions(version_by_css, '<= 2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-23b973e4e6f56dde6b9f085e9af4fc06.yaml b/nuclei-templates/cve-less/unknown/wordpress-23b973e4e6f56dde6b9f085e9af4fc06.yaml new file mode 100644 index 0000000000..d46ec42866 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-23b973e4e6f56dde6b9f085e9af4fc06.yaml @@ -0,0 +1,60 @@ +id: wordpress-23b973e4e6f56dde6b9f085e9af4fc06 + +info: + name: > + WordPress Core < 2.1 - Cross-Site Request Forgery to Denial of Service + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f8758fd2-9f43-4e31-b496-50b77180bc07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.11') + - compare_versions(version_by_js, '<= 2.0.11') + - compare_versions(version_by_css, '<= 2.0.11') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-23c7538b5ae837a8600364853bf7a88b.yaml b/nuclei-templates/cve-less/unknown/wordpress-23c7538b5ae837a8600364853bf7a88b.yaml new file mode 100644 index 0000000000..d6a26a4650 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-23c7538b5ae837a8600364853bf7a88b.yaml @@ -0,0 +1,60 @@ +id: wordpress-23c7538b5ae837a8600364853bf7a88b + +info: + name: > + WordPress Core < 4.7.2 - Authenticated SQL Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ddeaf57-df82-48f0-b53d-a35a6cd80aca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.1') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.1') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-24c78f38bf30593eb710d6e05f774c4e.yaml b/nuclei-templates/cve-less/unknown/wordpress-24c78f38bf30593eb710d6e05f774c4e.yaml new file mode 100644 index 0000000000..bf396bda3a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-24c78f38bf30593eb710d6e05f774c4e.yaml @@ -0,0 +1,60 @@ +id: wordpress-24c78f38bf30593eb710d6e05f774c4e + +info: + name: > + WordPress Core < 1.5.1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78669d4f-3c1e-49e6-af8d-56f105f99d01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 1.5.1.1') + - compare_versions(version_by_js, '<= 1.5.1.1') + - compare_versions(version_by_css, '<= 1.5.1.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-25c3fb96e305a88e28c455667db0b60d.yaml b/nuclei-templates/cve-less/unknown/wordpress-25c3fb96e305a88e28c455667db0b60d.yaml new file mode 100644 index 0000000000..75ae2590f1 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-25c3fb96e305a88e28c455667db0b60d.yaml @@ -0,0 +1,60 @@ +id: wordpress-25c3fb96e305a88e28c455667db0b60d + +info: + name: > + WordPress Core < 4.7.3 - Cross-Site Request Forgery via Press This + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/578a908a-d447-4b3e-b5d1-be86363c982a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-263b6b337d75675e2802e70806ebeca8.yaml b/nuclei-templates/cve-less/unknown/wordpress-263b6b337d75675e2802e70806ebeca8.yaml new file mode 100644 index 0000000000..1df378a11e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-263b6b337d75675e2802e70806ebeca8.yaml @@ -0,0 +1,60 @@ +id: wordpress-263b6b337d75675e2802e70806ebeca8 + +info: + name: > + WordPress Core < 4.0.1 - Cross-Site Request Forgery to Authentication Takeover + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b7cc5b51-5fb4-470b-8d2d-581eceadde7b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_js, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_css, '>= 3.9', '<= 3.9.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-26bf06ab275bab213d10ce0afaa80a4f.yaml b/nuclei-templates/cve-less/unknown/wordpress-26bf06ab275bab213d10ce0afaa80a4f.yaml new file mode 100644 index 0000000000..0432f8e1bc --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-26bf06ab275bab213d10ce0afaa80a4f.yaml @@ -0,0 +1,60 @@ +id: wordpress-26bf06ab275bab213d10ce0afaa80a4f + +info: + name: > + WordPress Core <= 3.3.1 - Same Origin Policy Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1ab4dc20-ce50-4ad0-aff4-9fc529d1911f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.3.2') + - compare_versions(version_by_js, '< 3.3.2') + - compare_versions(version_by_css, '< 3.3.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-28b5d87a0f1f5ae9250747db0c14829d.yaml b/nuclei-templates/cve-less/unknown/wordpress-28b5d87a0f1f5ae9250747db0c14829d.yaml new file mode 100644 index 0000000000..3dc1d3522f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-28b5d87a0f1f5ae9250747db0c14829d.yaml @@ -0,0 +1,60 @@ +id: wordpress-28b5d87a0f1f5ae9250747db0c14829d + +info: + name: > + WordPress Core <= 3.3.2 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ac7a936-70fa-41ce-89f7-ec6a77964c96?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.3.3') + - compare_versions(version_by_js, '< 3.3.3') + - compare_versions(version_by_css, '< 3.3.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-29c63f4f8f43d522bbc3e34ee2af25b8.yaml b/nuclei-templates/cve-less/unknown/wordpress-29c63f4f8f43d522bbc3e34ee2af25b8.yaml new file mode 100644 index 0000000000..c6087b9e67 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-29c63f4f8f43d522bbc3e34ee2af25b8.yaml @@ -0,0 +1,60 @@ +id: wordpress-29c63f4f8f43d522bbc3e34ee2af25b8 + +info: + name: > + WordPress Core <= 5.0.3 - Path Traversal and Local File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58e3b7f1-26f4-453a-ae1f-a1e6eed0348c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 5.0.2') + - compare_versions(version_by_js, '<= 5.0.2') + - compare_versions(version_by_css, '<= 5.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-2b109b6dc4142c9e0c4c485fa652e822.yaml b/nuclei-templates/cve-less/unknown/wordpress-2b109b6dc4142c9e0c4c485fa652e822.yaml new file mode 100644 index 0000000000..f21479590a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-2b109b6dc4142c9e0c4c485fa652e822.yaml @@ -0,0 +1,60 @@ +id: wordpress-2b109b6dc4142c9e0c4c485fa652e822 + +info: + name: > + WordPress Core < 4.5.3 - Password Change via Stolen Cookie + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/eb56da48-c928-42d4-8c71-de72f879d430?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_js, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_css, '>= 4.5', '<= 4.5.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-2b1628ae1959d93da06f5152aaf10e42.yaml b/nuclei-templates/cve-less/unknown/wordpress-2b1628ae1959d93da06f5152aaf10e42.yaml new file mode 100644 index 0000000000..0dcef8ba33 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-2b1628ae1959d93da06f5152aaf10e42.yaml @@ -0,0 +1,60 @@ +id: wordpress-2b1628ae1959d93da06f5152aaf10e42 + +info: + name: > + WordPress Core < 3.5.2 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d5f1ceb3-34b6-4d97-9787-d52a92f84662?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.5.1') + - compare_versions(version_by_js, '<= 3.5.1') + - compare_versions(version_by_css, '<= 3.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-2bb5d275fcf9ba493afcfa9fdcfc130b.yaml b/nuclei-templates/cve-less/unknown/wordpress-2bb5d275fcf9ba493afcfa9fdcfc130b.yaml new file mode 100644 index 0000000000..a2c94a199f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-2bb5d275fcf9ba493afcfa9fdcfc130b.yaml @@ -0,0 +1,60 @@ +id: wordpress-2bb5d275fcf9ba493afcfa9fdcfc130b + +info: + name: > + WordPress Core <= 3.0.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5804b9da-11cd-4cb4-aa92-2c9e90aa527f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.0.1') + - compare_versions(version_by_js, '<= 3.0.1') + - compare_versions(version_by_css, '<= 3.0.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-2bba5d9d8ab9c1e3d8162257b423cea8.yaml b/nuclei-templates/cve-less/unknown/wordpress-2bba5d9d8ab9c1e3d8162257b423cea8.yaml new file mode 100644 index 0000000000..06b7da65bb --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-2bba5d9d8ab9c1e3d8162257b423cea8.yaml @@ -0,0 +1,60 @@ +id: wordpress-2bba5d9d8ab9c1e3d8162257b423cea8 + +info: + name: > + WordPress Core < 4.8.2 - Cross-Site Scripting via Template Name + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ca4824fb-192a-499d-bf92-aa59410d8d4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_js, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_css, '>= 4.8', '<= 4.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-2d683b75b88baaf5f6918eb13ece302b.yaml b/nuclei-templates/cve-less/unknown/wordpress-2d683b75b88baaf5f6918eb13ece302b.yaml new file mode 100644 index 0000000000..f74e39ca6a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-2d683b75b88baaf5f6918eb13ece302b.yaml @@ -0,0 +1,60 @@ +id: wordpress-2d683b75b88baaf5f6918eb13ece302b + +info: + name: > + WordPress Core < 2.6.2 - Cryptographic Weakness + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edc0d90f-41a7-430a-a994-57be7fba8753?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.6.1') + - compare_versions(version_by_js, '<= 2.6.1') + - compare_versions(version_by_css, '<= 2.6.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-2d9b5e91617bc87b4e4b1a3a6e84d023.yaml b/nuclei-templates/cve-less/unknown/wordpress-2d9b5e91617bc87b4e4b1a3a6e84d023.yaml new file mode 100644 index 0000000000..02d02349cd --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-2d9b5e91617bc87b4e4b1a3a6e84d023.yaml @@ -0,0 +1,60 @@ +id: wordpress-2d9b5e91617bc87b4e4b1a3a6e84d023 + +info: + name: > + WordPress Core < 3.0.5 - Improper Authorization to Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2761c5e9-7c4c-4257-9b55-587c02d07153?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.0.4') + - compare_versions(version_by_js, '<= 3.0.4') + - compare_versions(version_by_css, '<= 3.0.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-2f8bebfb71e464107758ea4dd63e498d.yaml b/nuclei-templates/cve-less/unknown/wordpress-2f8bebfb71e464107758ea4dd63e498d.yaml new file mode 100644 index 0000000000..087b695b48 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-2f8bebfb71e464107758ea4dd63e498d.yaml @@ -0,0 +1,60 @@ +id: wordpress-2f8bebfb71e464107758ea4dd63e498d + +info: + name: > + WordPress Core 5.4 - 5.8 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b851fd6-1477-4370-abf9-42ae2b6f8899?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.8', '< 5.8.1') + - compare_versions(version_by_js, '>= 5.8', '< 5.8.1') + - compare_versions(version_by_css, '>= 5.8', '< 5.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-3074a73795d456075561a5d7473c924b.yaml b/nuclei-templates/cve-less/unknown/wordpress-3074a73795d456075561a5d7473c924b.yaml new file mode 100644 index 0000000000..b0d3e2ffe2 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-3074a73795d456075561a5d7473c924b.yaml @@ -0,0 +1,60 @@ +id: wordpress-3074a73795d456075561a5d7473c924b + +info: + name: > + WordPress Core <= 3.0.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2a521be2-b3ce-47de-8a28-aeff94942d85?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.0.3') + - compare_versions(version_by_js, '<= 3.0.3') + - compare_versions(version_by_css, '<= 3.0.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-30952d39ff2a472e779208731421f444.yaml b/nuclei-templates/cve-less/unknown/wordpress-30952d39ff2a472e779208731421f444.yaml new file mode 100644 index 0000000000..91bfc15e78 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-30952d39ff2a472e779208731421f444.yaml @@ -0,0 +1,60 @@ +id: wordpress-30952d39ff2a472e779208731421f444 + +info: + name: > + WordPress Core <= 2.0.9 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8fcc105-0b37-47a7-a726-fee33b86790e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.9') + - compare_versions(version_by_js, '<= 2.0.9') + - compare_versions(version_by_css, '<= 2.0.9') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-313251dbeb7159d2f2f5a878dc3f4bb6.yaml b/nuclei-templates/cve-less/unknown/wordpress-313251dbeb7159d2f2f5a878dc3f4bb6.yaml new file mode 100644 index 0000000000..83471a6876 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-313251dbeb7159d2f2f5a878dc3f4bb6.yaml @@ -0,0 +1,60 @@ +id: wordpress-313251dbeb7159d2f2f5a878dc3f4bb6 + +info: + name: > + WordPress Core < 4.2.3 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b50656b-6cb4-4920-aa36-2634d4d41f5c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.2', '<= 4.2.2') + - compare_versions(version_by_js, '>= 4.2', '<= 4.2.2') + - compare_versions(version_by_css, '>= 4.2', '<= 4.2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-316c061d993a8b4c5b6d2029e1b92155.yaml b/nuclei-templates/cve-less/unknown/wordpress-316c061d993a8b4c5b6d2029e1b92155.yaml new file mode 100644 index 0000000000..2b5c67e70f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-316c061d993a8b4c5b6d2029e1b92155.yaml @@ -0,0 +1,60 @@ +id: wordpress-316c061d993a8b4c5b6d2029e1b92155 + +info: + name: > + WordPress Core < 5.2.4 - Type Confusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04e0b17e-efab-4b08-8c8a-93e3e4baffaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-32b8a9f8b89c90d554be2f6666d5aeac.yaml b/nuclei-templates/cve-less/unknown/wordpress-32b8a9f8b89c90d554be2f6666d5aeac.yaml new file mode 100644 index 0000000000..107457c8a7 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-32b8a9f8b89c90d554be2f6666d5aeac.yaml @@ -0,0 +1,60 @@ +id: wordpress-32b8a9f8b89c90d554be2f6666d5aeac + +info: + name: > + WordPress Core < 2.3.3 - Improper Authorization Checks + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/940aabdc-e98e-45be-87dd-cafae45f2474?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.3.2') + - compare_versions(version_by_js, '<= 2.3.2') + - compare_versions(version_by_css, '<= 2.3.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-3510f50779dc56bfa49be67007f73119.yaml b/nuclei-templates/cve-less/unknown/wordpress-3510f50779dc56bfa49be67007f73119.yaml new file mode 100644 index 0000000000..4df5574b48 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-3510f50779dc56bfa49be67007f73119.yaml @@ -0,0 +1,60 @@ +id: wordpress-3510f50779dc56bfa49be67007f73119 + +info: + name: > + WordPress Core < 3.9.2 - Denial of Service via XML + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b389604-a999-45a1-a32f-7f8c951cb94c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_js, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_css, '>= 3.9', '<= 3.9.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-3556353803358c712408f57b48c86c15.yaml b/nuclei-templates/cve-less/unknown/wordpress-3556353803358c712408f57b48c86c15.yaml new file mode 100644 index 0000000000..93e3149e6e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-3556353803358c712408f57b48c86c15.yaml @@ -0,0 +1,60 @@ +id: wordpress-3556353803358c712408f57b48c86c15 + +info: + name: > + WordPress Core < 4.5.3 - Authorization Bypass to Remove Category Attribute + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c674bb2a-8ecf-4aea-a729-c9bdf4ee35fd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_js, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_css, '>= 4.5', '<= 4.5.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-369ae4d884e258889e1a003e1de57e8e.yaml b/nuclei-templates/cve-less/unknown/wordpress-369ae4d884e258889e1a003e1de57e8e.yaml new file mode 100644 index 0000000000..809bbba416 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-369ae4d884e258889e1a003e1de57e8e.yaml @@ -0,0 +1,60 @@ +id: wordpress-369ae4d884e258889e1a003e1de57e8e + +info: + name: > + WordPress Core < 3.8.2 - Contributor Users Can Publish Posts + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/696f7c68-d19a-48ee-abc0-044f1734dfdb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 3.8', '<= 3.8.1') + - compare_versions(version_by_js, '>= 3.8', '<= 3.8.1') + - compare_versions(version_by_css, '>= 3.8', '<= 3.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-3718fa429a69f29dc2387ac6b6099785.yaml b/nuclei-templates/cve-less/unknown/wordpress-3718fa429a69f29dc2387ac6b6099785.yaml new file mode 100644 index 0000000000..7e8a4a7d29 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-3718fa429a69f29dc2387ac6b6099785.yaml @@ -0,0 +1,60 @@ +id: wordpress-3718fa429a69f29dc2387ac6b6099785 + +info: + name: > + WordPress Core <= 3.1.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/86b2123f-9616-4dcc-904f-c7be802a8f8c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.1.2') + - compare_versions(version_by_js, '<= 3.1.2') + - compare_versions(version_by_css, '<= 3.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-380df031c42ca1baae8054ba3ed4d998.yaml b/nuclei-templates/cve-less/unknown/wordpress-380df031c42ca1baae8054ba3ed4d998.yaml new file mode 100644 index 0000000000..815ff1dfee --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-380df031c42ca1baae8054ba3ed4d998.yaml @@ -0,0 +1,60 @@ +id: wordpress-380df031c42ca1baae8054ba3ed4d998 + +info: + name: > + WordPress Core <= 2.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bd715375-6bf8-4602-9554-b1f81aa5afa2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.2') + - compare_versions(version_by_js, '<= 2.2') + - compare_versions(version_by_css, '<= 2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-386a05c63d77f093a8f98adaedbe1456.yaml b/nuclei-templates/cve-less/unknown/wordpress-386a05c63d77f093a8f98adaedbe1456.yaml new file mode 100644 index 0000000000..c5a0a51f8d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-386a05c63d77f093a8f98adaedbe1456.yaml @@ -0,0 +1,60 @@ +id: wordpress-386a05c63d77f093a8f98adaedbe1456 + +info: + name: > + WordPress Core - Informational - All known Versions - Weak Hashing Algorithm + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5dc87cd-4f45-4faf-b1e2-64e94eacb180?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= *') + - compare_versions(version_by_js, '<= *') + - compare_versions(version_by_css, '<= *') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-38c728ed42ed999f80951ce84048d1cf.yaml b/nuclei-templates/cve-less/unknown/wordpress-38c728ed42ed999f80951ce84048d1cf.yaml new file mode 100644 index 0000000000..2bb0de7b51 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-38c728ed42ed999f80951ce84048d1cf.yaml @@ -0,0 +1,60 @@ +id: wordpress-38c728ed42ed999f80951ce84048d1cf + +info: + name: > + WordPress Core < 3.5.1 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c544c86d-e414-49c2-ae57-3293b1a6409d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.5') + - compare_versions(version_by_js, '<= 3.5') + - compare_versions(version_by_css, '<= 3.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-38e1681925de50501e0141995c16e341.yaml b/nuclei-templates/cve-less/unknown/wordpress-38e1681925de50501e0141995c16e341.yaml new file mode 100644 index 0000000000..63a12a172b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-38e1681925de50501e0141995c16e341.yaml @@ -0,0 +1,60 @@ +id: wordpress-38e1681925de50501e0141995c16e341 + +info: + name: > + WordPress Core < 5.3.1 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5ceba1b2-2d39-4561-838b-b46e758517a3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.3') + - compare_versions(version_by_js, '5.3') + - compare_versions(version_by_css, '5.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-38ee495a4defefe501f09623f3dfcb68.yaml b/nuclei-templates/cve-less/unknown/wordpress-38ee495a4defefe501f09623f3dfcb68.yaml new file mode 100644 index 0000000000..b7e920097f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-38ee495a4defefe501f09623f3dfcb68.yaml @@ -0,0 +1,60 @@ +id: wordpress-38ee495a4defefe501f09623f3dfcb68 + +info: + name: > + WordPress Core < 2.9.2 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43d46ada-4cbf-40e4-a0e5-685d8bf1a8a5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.9.2') + - compare_versions(version_by_js, '< 2.9.2') + - compare_versions(version_by_css, '< 2.9.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-39916ed0568dcf6437aaa303323a2034.yaml b/nuclei-templates/cve-less/unknown/wordpress-39916ed0568dcf6437aaa303323a2034.yaml new file mode 100644 index 0000000000..1f8b45683f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-39916ed0568dcf6437aaa303323a2034.yaml @@ -0,0 +1,60 @@ +id: wordpress-39916ed0568dcf6437aaa303323a2034 + +info: + name: > + WordPress Core < 4.7.1 - Cross-Site Request Forgery via Uploading Flash File + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e620328e-f4f4-4f3a-8767-efbc676f72a4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.0') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.0') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-3a101d3a975b618c7868253e9b3c3651.yaml b/nuclei-templates/cve-less/unknown/wordpress-3a101d3a975b618c7868253e9b3c3651.yaml new file mode 100644 index 0000000000..1d890f7da9 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-3a101d3a975b618c7868253e9b3c3651.yaml @@ -0,0 +1,60 @@ +id: wordpress-3a101d3a975b618c7868253e9b3c3651 + +info: + name: > + WordPress Core <= 2.0.3 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f998b76-9fa8-47c4-a95b-bdb5db5893e4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.3') + - compare_versions(version_by_js, '<= 2.0.3') + - compare_versions(version_by_css, '<= 2.0.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-3adca9c91a89f4404c7c08be4c6cbad2.yaml b/nuclei-templates/cve-less/unknown/wordpress-3adca9c91a89f4404c7c08be4c6cbad2.yaml new file mode 100644 index 0000000000..bcc615c055 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-3adca9c91a89f4404c7c08be4c6cbad2.yaml @@ -0,0 +1,60 @@ +id: wordpress-3adca9c91a89f4404c7c08be4c6cbad2 + +info: + name: > + WordPress Core 2.0.2 - 2.0.5 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f50bca0a-7089-4b4e-820f-d311fdb88cf1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 2.0.2', '<= 2.0.5') + - compare_versions(version_by_js, '>= 2.0.2', '<= 2.0.5') + - compare_versions(version_by_css, '>= 2.0.2', '<= 2.0.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-3c2c8b06162030c304a3d8608d66a5c9.yaml b/nuclei-templates/cve-less/unknown/wordpress-3c2c8b06162030c304a3d8608d66a5c9.yaml new file mode 100644 index 0000000000..8979281df6 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-3c2c8b06162030c304a3d8608d66a5c9.yaml @@ -0,0 +1,60 @@ +id: wordpress-3c2c8b06162030c304a3d8608d66a5c9 + +info: + name: > + WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/431d352b-d79b-4a6b-91f9-95962be3049e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_js, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_css, '>= 5.3', '<= 5.3.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-3c756e26361631c05ea3774b32350834.yaml b/nuclei-templates/cve-less/unknown/wordpress-3c756e26361631c05ea3774b32350834.yaml new file mode 100644 index 0000000000..b7eb4a2df3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-3c756e26361631c05ea3774b32350834.yaml @@ -0,0 +1,60 @@ +id: wordpress-3c756e26361631c05ea3774b32350834 + +info: + name: > + WordPress Core <= 2.8.4 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81bf9a8d-fc70-45d9-a352-4a5bfb2c43f4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8.4') + - compare_versions(version_by_js, '<= 2.8.4') + - compare_versions(version_by_css, '<= 2.8.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-3dc787f0bf6215df748b832ffc87f8cd.yaml b/nuclei-templates/cve-less/unknown/wordpress-3dc787f0bf6215df748b832ffc87f8cd.yaml new file mode 100644 index 0000000000..781806e58c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-3dc787f0bf6215df748b832ffc87f8cd.yaml @@ -0,0 +1,60 @@ +id: wordpress-3dc787f0bf6215df748b832ffc87f8cd + +info: + name: > + WordPress Core < 4.9.1 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76516f23-487f-48f6-82c0-88df651ddc65?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.9') + - compare_versions(version_by_js, '4.9') + - compare_versions(version_by_css, '4.9') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-3ea050ab19cdfec8097a097615a833a6.yaml b/nuclei-templates/cve-less/unknown/wordpress-3ea050ab19cdfec8097a097615a833a6.yaml new file mode 100644 index 0000000000..f673d45a8e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-3ea050ab19cdfec8097a097615a833a6.yaml @@ -0,0 +1,60 @@ +id: wordpress-3ea050ab19cdfec8097a097615a833a6 + +info: + name: > + WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1bc0aa64-57a6-44ef-974a-70991cc3820f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.3') + - compare_versions(version_by_js, '5.3') + - compare_versions(version_by_css, '5.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-3fc6b5db894a1dc2f798d662d2962244.yaml b/nuclei-templates/cve-less/unknown/wordpress-3fc6b5db894a1dc2f798d662d2962244.yaml new file mode 100644 index 0000000000..e467ab89d3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-3fc6b5db894a1dc2f798d662d2962244.yaml @@ -0,0 +1,60 @@ +id: wordpress-3fc6b5db894a1dc2f798d662d2962244 + +info: + name: > + WordPress Core < 4.7.5 - Mishandling Post Meta Values via XML-RPC + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f7d66176-73a8-4076-8ae0-1f1fd8260f8e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4042aa3076d5d5e05f92a43c0f9299ab.yaml b/nuclei-templates/cve-less/unknown/wordpress-4042aa3076d5d5e05f92a43c0f9299ab.yaml new file mode 100644 index 0000000000..d288fe5429 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4042aa3076d5d5e05f92a43c0f9299ab.yaml @@ -0,0 +1,60 @@ +id: wordpress-4042aa3076d5d5e05f92a43c0f9299ab + +info: + name: > + WordPress Core < 4.2.4 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6ae2633-caf6-4319-ba81-e71a673c89ee?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_js, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_css, '>= 4.2', '<= 4.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4115627ccbaaf89d6f3ee368197fb571.yaml b/nuclei-templates/cve-less/unknown/wordpress-4115627ccbaaf89d6f3ee368197fb571.yaml new file mode 100644 index 0000000000..eedd39f93f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4115627ccbaaf89d6f3ee368197fb571.yaml @@ -0,0 +1,60 @@ +id: wordpress-4115627ccbaaf89d6f3ee368197fb571 + +info: + name: > + WordPress Core < 3.6.1 - Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d91ea0c9-ee41-4c8f-a16b-8b36c7f0a72e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.6') + - compare_versions(version_by_js, '<= 3.6') + - compare_versions(version_by_css, '<= 3.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-41bfd816790097549bf9b2c052568033.yaml b/nuclei-templates/cve-less/unknown/wordpress-41bfd816790097549bf9b2c052568033.yaml new file mode 100644 index 0000000000..e5d61ffde2 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-41bfd816790097549bf9b2c052568033.yaml @@ -0,0 +1,60 @@ +id: wordpress-41bfd816790097549bf9b2c052568033 + +info: + name: > + WordPress Core < 3.4.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/779ecd51-16d6-4799-aad7-372c5d5f2884?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.4.1') + - compare_versions(version_by_js, '<= 3.4.1') + - compare_versions(version_by_css, '<= 3.4.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-422b8bdaad97e0b40c02ad0f5a31ce10.yaml b/nuclei-templates/cve-less/unknown/wordpress-422b8bdaad97e0b40c02ad0f5a31ce10.yaml new file mode 100644 index 0000000000..07e7ce5fa3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-422b8bdaad97e0b40c02ad0f5a31ce10.yaml @@ -0,0 +1,60 @@ +id: wordpress-422b8bdaad97e0b40c02ad0f5a31ce10 + +info: + name: > + WordPress Core & WordPress MU < 2.8.1 - Username Enumeration + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b23308d-7439-4dd2-9ec7-57b987909121?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8') + - compare_versions(version_by_js, '<= 2.8') + - compare_versions(version_by_css, '<= 2.8') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-42b34351cf4116e30de29d20e17168cb.yaml b/nuclei-templates/cve-less/unknown/wordpress-42b34351cf4116e30de29d20e17168cb.yaml new file mode 100644 index 0000000000..76cbbf6353 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-42b34351cf4116e30de29d20e17168cb.yaml @@ -0,0 +1,60 @@ +id: wordpress-42b34351cf4116e30de29d20e17168cb + +info: + name: > + WordPress Core <= 6.3.1 - Authenticated(Contributor+) Sensitive Information Exposure via Comments on Protected Posts + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6bea6a77-79e8-4d3a-bd3e-2bb3d20b6fe9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 6.3', '<= 6.3.1') + - compare_versions(version_by_js, '>= 6.3', '<= 6.3.1') + - compare_versions(version_by_css, '>= 6.3', '<= 6.3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-43262c5eaf25f49cf932dd17aa5ab966.yaml b/nuclei-templates/cve-less/unknown/wordpress-43262c5eaf25f49cf932dd17aa5ab966.yaml new file mode 100644 index 0000000000..15b6408840 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-43262c5eaf25f49cf932dd17aa5ab966.yaml @@ -0,0 +1,60 @@ +id: wordpress-43262c5eaf25f49cf932dd17aa5ab966 + +info: + name: > + WordPress Core <= 3.3.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fdf49e7-c89e-4b05-9236-ca28e715bc4a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.3.1') + - compare_versions(version_by_js, '<= 3.3.1') + - compare_versions(version_by_css, '<= 3.3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-434185acc770b617ac0296a7924b385f.yaml b/nuclei-templates/cve-less/unknown/wordpress-434185acc770b617ac0296a7924b385f.yaml new file mode 100644 index 0000000000..0545be7045 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-434185acc770b617ac0296a7924b385f.yaml @@ -0,0 +1,60 @@ +id: wordpress-434185acc770b617ac0296a7924b385f + +info: + name: > + WordPress Core <= 2.8 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50f58944-1a12-4bac-9f90-8b0e1d109d11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8') + - compare_versions(version_by_js, '<= 2.8') + - compare_versions(version_by_css, '<= 2.8') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-440665cc216f121193f817a3884e395e.yaml b/nuclei-templates/cve-less/unknown/wordpress-440665cc216f121193f817a3884e395e.yaml new file mode 100644 index 0000000000..b2bb0bd1b3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-440665cc216f121193f817a3884e395e.yaml @@ -0,0 +1,60 @@ +id: wordpress-440665cc216f121193f817a3884e395e + +info: + name: > + WordPress Core < 4.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/856a6b88-f5fc-4b87-8a94-81e233f02e2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.0') + - compare_versions(version_by_js, '4.0') + - compare_versions(version_by_css, '4.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4431d9efa0fb14b6339a28be481b563f.yaml b/nuclei-templates/cve-less/unknown/wordpress-4431d9efa0fb14b6339a28be481b563f.yaml new file mode 100644 index 0000000000..84a45931d8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4431d9efa0fb14b6339a28be481b563f.yaml @@ -0,0 +1,60 @@ +id: wordpress-4431d9efa0fb14b6339a28be481b563f + +info: + name: > + WordPress Core < 4.7.2 - Arbitrary Page Modification + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2481f37b-a220-435d-9b43-6e7c5f42034f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.1') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.1') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-44d43af8a00799ed8cf48db72cbbf122.yaml b/nuclei-templates/cve-less/unknown/wordpress-44d43af8a00799ed8cf48db72cbbf122.yaml new file mode 100644 index 0000000000..c25d56b322 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-44d43af8a00799ed8cf48db72cbbf122.yaml @@ -0,0 +1,60 @@ +id: wordpress-44d43af8a00799ed8cf48db72cbbf122 + +info: + name: > + WordPress Core < 3.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5dee21da-dd92-41e7-8547-fb49eecec03c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.3.1') + - compare_versions(version_by_js, '<= 3.3.1') + - compare_versions(version_by_css, '<= 3.3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-451f562a663eda2ff6d506be6cf980bd.yaml b/nuclei-templates/cve-less/unknown/wordpress-451f562a663eda2ff6d506be6cf980bd.yaml new file mode 100644 index 0000000000..a2ec7594be --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-451f562a663eda2ff6d506be6cf980bd.yaml @@ -0,0 +1,60 @@ +id: wordpress-451f562a663eda2ff6d506be6cf980bd + +info: + name: > + WordPress Core < 4.9.5 - Authenticated Stored Cross-Site Scripting via Generator Tag + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d3039831-6a29-48de-bdf3-66cac7655719?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.9', '<= 4.9.4') + - compare_versions(version_by_js, '>= 4.9', '<= 4.9.4') + - compare_versions(version_by_css, '>= 4.9', '<= 4.9.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-46747c4e682ceeb0ba7de6d44fbb5912.yaml b/nuclei-templates/cve-less/unknown/wordpress-46747c4e682ceeb0ba7de6d44fbb5912.yaml new file mode 100644 index 0000000000..969c382383 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-46747c4e682ceeb0ba7de6d44fbb5912.yaml @@ -0,0 +1,60 @@ +id: wordpress-46747c4e682ceeb0ba7de6d44fbb5912 + +info: + name: > + WordPress Core <= 2.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/372632cb-8dfd-4d74-a765-c8fb9d0f1b78?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.3.2') + - compare_versions(version_by_js, '<= 2.3.2') + - compare_versions(version_by_css, '<= 2.3.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-46c3b494b5cc3ea133b4b6c9ec9dce06.yaml b/nuclei-templates/cve-less/unknown/wordpress-46c3b494b5cc3ea133b4b6c9ec9dce06.yaml new file mode 100644 index 0000000000..867f1f2b4a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-46c3b494b5cc3ea133b4b6c9ec9dce06.yaml @@ -0,0 +1,60 @@ +id: wordpress-46c3b494b5cc3ea133b4b6c9ec9dce06 + +info: + name: > + WordPress Core < 5.2.3 - Cross-Site Scripting via Media Uploads + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2be089a0-d4d5-4d64-8fb7-8c42286ebbcd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4819cd3d21f4a064107af0099a522595.yaml b/nuclei-templates/cve-less/unknown/wordpress-4819cd3d21f4a064107af0099a522595.yaml new file mode 100644 index 0000000000..239e7abcff --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4819cd3d21f4a064107af0099a522595.yaml @@ -0,0 +1,60 @@ +id: wordpress-4819cd3d21f4a064107af0099a522595 + +info: + name: > + WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 6.4.3') + - compare_versions(version_by_js, '<= 6.4.3') + - compare_versions(version_by_css, '<= 6.4.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-48b1a9619c581004c6369029ed573390.yaml b/nuclei-templates/cve-less/unknown/wordpress-48b1a9619c581004c6369029ed573390.yaml new file mode 100644 index 0000000000..311b1fce09 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-48b1a9619c581004c6369029ed573390.yaml @@ -0,0 +1,60 @@ +id: wordpress-48b1a9619c581004c6369029ed573390 + +info: + name: > + WordPress Core <= 2.8.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d0318ed9-a464-498b-a821-f7746740937c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8.1') + - compare_versions(version_by_js, '<= 2.8.1') + - compare_versions(version_by_css, '<= 2.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4975b9673fe108360602d6969c234af1.yaml b/nuclei-templates/cve-less/unknown/wordpress-4975b9673fe108360602d6969c234af1.yaml new file mode 100644 index 0000000000..e87c10d00c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4975b9673fe108360602d6969c234af1.yaml @@ -0,0 +1,60 @@ +id: wordpress-4975b9673fe108360602d6969c234af1 + +info: + name: > + WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8c483cf9-fb63-4c43-ad42-1404448540c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.3') + - compare_versions(version_by_js, '5.3') + - compare_versions(version_by_css, '5.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4a2f472a09c56b746d9e83f5b18b0a2d.yaml b/nuclei-templates/cve-less/unknown/wordpress-4a2f472a09c56b746d9e83f5b18b0a2d.yaml new file mode 100644 index 0000000000..afc14c3876 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4a2f472a09c56b746d9e83f5b18b0a2d.yaml @@ -0,0 +1,60 @@ +id: wordpress-4a2f472a09c56b746d9e83f5b18b0a2d + +info: + name: > + WordPress Core <= 0.70 - Remote File Inclusion + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/da760bcf-b252-4b88-9f54-af0a097e3295?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 0.70') + - compare_versions(version_by_js, '<= 0.70') + - compare_versions(version_by_css, '<= 0.70') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4be7cc1461615f97d2c9d9ca6cb4c5bd.yaml b/nuclei-templates/cve-less/unknown/wordpress-4be7cc1461615f97d2c9d9ca6cb4c5bd.yaml new file mode 100644 index 0000000000..d9d9cda34b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4be7cc1461615f97d2c9d9ca6cb4c5bd.yaml @@ -0,0 +1,60 @@ +id: wordpress-4be7cc1461615f97d2c9d9ca6cb4c5bd + +info: + name: > + WordPress Core < 5.0.1 Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ecdcad88-c926-490f-8e83-09d92ba080f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.0') + - compare_versions(version_by_js, '5.0') + - compare_versions(version_by_css, '5.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4c3a64465e0be7c8fcc2f551fa66d948.yaml b/nuclei-templates/cve-less/unknown/wordpress-4c3a64465e0be7c8fcc2f551fa66d948.yaml new file mode 100644 index 0000000000..1f38220be8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4c3a64465e0be7c8fcc2f551fa66d948.yaml @@ -0,0 +1,60 @@ +id: wordpress-4c3a64465e0be7c8fcc2f551fa66d948 + +info: + name: > + WordPress Core < 5.8.3 - Super Admin Multi-Site Installation Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5ebc99d-b82a-452b-8f53-bd96135aeecb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.8', '< 5.8.3') + - compare_versions(version_by_js, '>= 5.8', '< 5.8.3') + - compare_versions(version_by_css, '>= 5.8', '< 5.8.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4d3842acdc46ff06e37fb8e5dcc93e9b.yaml b/nuclei-templates/cve-less/unknown/wordpress-4d3842acdc46ff06e37fb8e5dcc93e9b.yaml new file mode 100644 index 0000000000..b32f497737 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4d3842acdc46ff06e37fb8e5dcc93e9b.yaml @@ -0,0 +1,60 @@ +id: wordpress-4d3842acdc46ff06e37fb8e5dcc93e9b + +info: + name: > + WordPress Core < 2.8.3 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/120fa415-81e3-4084-8943-df83cde334c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8.2') + - compare_versions(version_by_js, '<= 2.8.2') + - compare_versions(version_by_css, '<= 2.8.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4e0aed5ba89cef688a005d420e6d01ac.yaml b/nuclei-templates/cve-less/unknown/wordpress-4e0aed5ba89cef688a005d420e6d01ac.yaml new file mode 100644 index 0000000000..b319a7cf0d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4e0aed5ba89cef688a005d420e6d01ac.yaml @@ -0,0 +1,60 @@ +id: wordpress-4e0aed5ba89cef688a005d420e6d01ac + +info: + name: > + WordPress Core <= 2.3.3 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38b27ee7-0e92-47ad-89f8-1a3c8d5c9442?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '2.5') + - compare_versions(version_by_js, '2.5') + - compare_versions(version_by_css, '2.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4e1daaf317e651c619a375744a295c28.yaml b/nuclei-templates/cve-less/unknown/wordpress-4e1daaf317e651c619a375744a295c28.yaml new file mode 100644 index 0000000000..3f67e0234c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4e1daaf317e651c619a375744a295c28.yaml @@ -0,0 +1,60 @@ +id: wordpress-4e1daaf317e651c619a375744a295c28 + +info: + name: > + WordPress Core < 3.4.2 - Missing Authorization Checks on create_post + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14689386-fca5-48a6-9494-4a79b920d5f8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.4.2') + - compare_versions(version_by_js, '< 3.4.2') + - compare_versions(version_by_css, '< 3.4.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4e1e9436b4076f3758a4d810f786b17f.yaml b/nuclei-templates/cve-less/unknown/wordpress-4e1e9436b4076f3758a4d810f786b17f.yaml new file mode 100644 index 0000000000..6324611554 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4e1e9436b4076f3758a4d810f786b17f.yaml @@ -0,0 +1,60 @@ +id: wordpress-4e1e9436b4076f3758a4d810f786b17f + +info: + name: > + WordPress Core < 5.2.4 - Cache Poisoning + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2144ba9f-cb0a-4b54-a23f-3ecb2548a490?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4e2310a226a845a4294681273e42b4e0.yaml b/nuclei-templates/cve-less/unknown/wordpress-4e2310a226a845a4294681273e42b4e0.yaml new file mode 100644 index 0000000000..24bda3c50d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4e2310a226a845a4294681273e42b4e0.yaml @@ -0,0 +1,60 @@ +id: wordpress-4e2310a226a845a4294681273e42b4e0 + +info: + name: > + WordPress Core < 4.2.4 - Stored Cross-Site Scripting via accessibility-helper Title + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22b3ee70-7ba6-4f8a-add4-3c7f4765b3d1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_js, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_css, '>= 4.2', '<= 4.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-4ebee693b928957252cba5bead71759b.yaml b/nuclei-templates/cve-less/unknown/wordpress-4ebee693b928957252cba5bead71759b.yaml new file mode 100644 index 0000000000..762885c8ab --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-4ebee693b928957252cba5bead71759b.yaml @@ -0,0 +1,60 @@ +id: wordpress-4ebee693b928957252cba5bead71759b + +info: + name: > + WordPress Core 2.9.2 and 3.0.4 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3f389cbf-a327-46a1-9fb7-ed393212033a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '3.0.4') + - compare_versions(version_by_js, '3.0.4') + - compare_versions(version_by_css, '3.0.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5029e8612641d6988447e24dba421b66.yaml b/nuclei-templates/cve-less/unknown/wordpress-5029e8612641d6988447e24dba421b66.yaml new file mode 100644 index 0000000000..4660ed36a4 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5029e8612641d6988447e24dba421b66.yaml @@ -0,0 +1,60 @@ +id: wordpress-5029e8612641d6988447e24dba421b66 + +info: + name: > + WordPress Core < 5.0 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d5987cd-1304-487c-8d1c-cab0510fbb84?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 5.0') + - compare_versions(version_by_js, '< 5.0') + - compare_versions(version_by_css, '< 5.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5128144b38c4f8aac30be645fe67caaf.yaml b/nuclei-templates/cve-less/unknown/wordpress-5128144b38c4f8aac30be645fe67caaf.yaml new file mode 100644 index 0000000000..3af864feb6 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5128144b38c4f8aac30be645fe67caaf.yaml @@ -0,0 +1,60 @@ +id: wordpress-5128144b38c4f8aac30be645fe67caaf + +info: + name: > + WordPress Core <= 3.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/22bf2719-335d-4331-8c59-648f6f903ffa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.0.4') + - compare_versions(version_by_js, '<= 3.0.4') + - compare_versions(version_by_css, '<= 3.0.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5248a5bd925434add7e3be51c0e47bf5.yaml b/nuclei-templates/cve-less/unknown/wordpress-5248a5bd925434add7e3be51c0e47bf5.yaml new file mode 100644 index 0000000000..8023b7c093 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5248a5bd925434add7e3be51c0e47bf5.yaml @@ -0,0 +1,60 @@ +id: wordpress-5248a5bd925434add7e3be51c0e47bf5 + +info: + name: > + WordPress Core <= 2.0.5 - Cross-Site Request Forgery to Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/37f7f9ef-d57a-41e9-bd2c-2aa04a82b6c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.5') + - compare_versions(version_by_js, '<= 2.0.5') + - compare_versions(version_by_css, '<= 2.0.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-531502c1a73b5136edeed41b3c25b40a.yaml b/nuclei-templates/cve-less/unknown/wordpress-531502c1a73b5136edeed41b3c25b40a.yaml new file mode 100644 index 0000000000..027feb91a3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-531502c1a73b5136edeed41b3c25b40a.yaml @@ -0,0 +1,60 @@ +id: wordpress-531502c1a73b5136edeed41b3c25b40a + +info: + name: > + WordPress Core < 4.5.2 - Cross-Site Scripting via plupload.flash.swf + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26753b92-3ec5-4b65-8fc7-2d6488f12974?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.5', '<= 4.5.1') + - compare_versions(version_by_js, '>= 4.5', '<= 4.5.1') + - compare_versions(version_by_css, '>= 4.5', '<= 4.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5382cac551da0c76754442b2aa2316fe.yaml b/nuclei-templates/cve-less/unknown/wordpress-5382cac551da0c76754442b2aa2316fe.yaml new file mode 100644 index 0000000000..7ddf72f8b4 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5382cac551da0c76754442b2aa2316fe.yaml @@ -0,0 +1,60 @@ +id: wordpress-5382cac551da0c76754442b2aa2316fe + +info: + name: > + WordPress Core < 2.1.3 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/292be50c-6eab-4462-b46c-c7763e8aa223?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.1.2') + - compare_versions(version_by_js, '<= 2.1.2') + - compare_versions(version_by_css, '<= 2.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-53c3a2476763f7f2558688f9f26210ce.yaml b/nuclei-templates/cve-less/unknown/wordpress-53c3a2476763f7f2558688f9f26210ce.yaml new file mode 100644 index 0000000000..b0333d2789 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-53c3a2476763f7f2558688f9f26210ce.yaml @@ -0,0 +1,60 @@ +id: wordpress-53c3a2476763f7f2558688f9f26210ce + +info: + name: > + WordPress Core <= 3.3.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f29f9290-1f98-4019-997b-e33f2c151a5d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.3.3') + - compare_versions(version_by_js, '< 3.3.3') + - compare_versions(version_by_css, '< 3.3.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-54dec93948946561e928da0b2ec5342b.yaml b/nuclei-templates/cve-less/unknown/wordpress-54dec93948946561e928da0b2ec5342b.yaml new file mode 100644 index 0000000000..a5bf448f6b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-54dec93948946561e928da0b2ec5342b.yaml @@ -0,0 +1,60 @@ +id: wordpress-54dec93948946561e928da0b2ec5342b + +info: + name: > + WordPress Core < 4.7.1 - Cross-Site Scripting via Name and Version Header of Plugin + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4a4e3ef-ee88-4175-8628-c5511c20bf23?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.0') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.0') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-561f555d6e2f4252899dc7ab90e95785.yaml b/nuclei-templates/cve-less/unknown/wordpress-561f555d6e2f4252899dc7ab90e95785.yaml new file mode 100644 index 0000000000..164d231ede --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-561f555d6e2f4252899dc7ab90e95785.yaml @@ -0,0 +1,60 @@ +id: wordpress-561f555d6e2f4252899dc7ab90e95785 + +info: + name: > + WordPress Core < 2.8.4 - Forced Password Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d928b738-d8ed-447a-b604-e71e90d4d23d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8.3') + - compare_versions(version_by_js, '<= 2.8.3') + - compare_versions(version_by_css, '<= 2.8.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-568514847d2ecbfcd9be56c047f3a92a.yaml b/nuclei-templates/cve-less/unknown/wordpress-568514847d2ecbfcd9be56c047f3a92a.yaml new file mode 100644 index 0000000000..5aca38bbf8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-568514847d2ecbfcd9be56c047f3a92a.yaml @@ -0,0 +1,60 @@ +id: wordpress-568514847d2ecbfcd9be56c047f3a92a + +info: + name: > + SWFUpload <= 2.2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d311aab4-fca8-4e83-83cf-c4b8350d7dd1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.3.2') + - compare_versions(version_by_js, '< 3.3.2') + - compare_versions(version_by_css, '< 3.3.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5823843d6edd09b39aa59774f2f5fa9c.yaml b/nuclei-templates/cve-less/unknown/wordpress-5823843d6edd09b39aa59774f2f5fa9c.yaml new file mode 100644 index 0000000000..78ebe410b5 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5823843d6edd09b39aa59774f2f5fa9c.yaml @@ -0,0 +1,60 @@ +id: wordpress-5823843d6edd09b39aa59774f2f5fa9c + +info: + name: > + WordPress Core < 3.1.2 - Incorrect Authorization for Contributor-level users + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c248606f-2d79-46c1-8975-e111b9118ceb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.1.1') + - compare_versions(version_by_js, '<= 3.1.1') + - compare_versions(version_by_css, '<= 3.1.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-59207f954647d01d1fa75ac806c6318c.yaml b/nuclei-templates/cve-less/unknown/wordpress-59207f954647d01d1fa75ac806c6318c.yaml new file mode 100644 index 0000000000..57c0fc9522 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-59207f954647d01d1fa75ac806c6318c.yaml @@ -0,0 +1,60 @@ +id: wordpress-59207f954647d01d1fa75ac806c6318c + +info: + name: > + WordPress Core < 2.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cf803368-64ff-4dbe-85ae-af30e18bc833?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.6') + - compare_versions(version_by_js, '< 2.6') + - compare_versions(version_by_css, '< 2.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5a29aa05e41b6793e5d21a4fcf5c84c5.yaml b/nuclei-templates/cve-less/unknown/wordpress-5a29aa05e41b6793e5d21a4fcf5c84c5.yaml new file mode 100644 index 0000000000..cf3850f31a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5a29aa05e41b6793e5d21a4fcf5c84c5.yaml @@ -0,0 +1,60 @@ +id: wordpress-5a29aa05e41b6793e5d21a4fcf5c84c5 + +info: + name: > + WordPress Core < 5.0.1 - Authenticated Stored Cross-Site Scripting via Comments + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/88a3b4ad-7b8c-40ae-b81f-ccb979b49a47?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.0') + - compare_versions(version_by_js, '5.0') + - compare_versions(version_by_css, '5.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5c3e908d65f19d1769852fd727185485.yaml b/nuclei-templates/cve-less/unknown/wordpress-5c3e908d65f19d1769852fd727185485.yaml new file mode 100644 index 0000000000..9fb74940e1 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5c3e908d65f19d1769852fd727185485.yaml @@ -0,0 +1,60 @@ +id: wordpress-5c3e908d65f19d1769852fd727185485 + +info: + name: > + WordPress Core <= 1.2 - HTTP Response Splitting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ec8ad817-9716-4d29-a02a-57eb9aa58a13?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 1.2.1') + - compare_versions(version_by_js, '< 1.2.1') + - compare_versions(version_by_css, '< 1.2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5dbdb3a08effff0e267b66b5070f04cc.yaml b/nuclei-templates/cve-less/unknown/wordpress-5dbdb3a08effff0e267b66b5070f04cc.yaml new file mode 100644 index 0000000000..14600b10f8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5dbdb3a08effff0e267b66b5070f04cc.yaml @@ -0,0 +1,60 @@ +id: wordpress-5dbdb3a08effff0e267b66b5070f04cc + +info: + name: > + WordPress Core < 4.2.4 - Cross-Site Scripting in Theme Preview + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c2385865-ff03-4daf-bf81-3ec3ea11c91f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_js, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_css, '>= 4.2', '<= 4.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5eff05fff46321a5f4320842212fbb92.yaml b/nuclei-templates/cve-less/unknown/wordpress-5eff05fff46321a5f4320842212fbb92.yaml new file mode 100644 index 0000000000..35a8d0e720 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5eff05fff46321a5f4320842212fbb92.yaml @@ -0,0 +1,60 @@ +id: wordpress-5eff05fff46321a5f4320842212fbb92 + +info: + name: > + WordPress Core <= 2.0.4 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/be4515d8-0d5d-4925-a9a4-64ba9d51fe02?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.4') + - compare_versions(version_by_js, '<= 2.0.4') + - compare_versions(version_by_css, '<= 2.0.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5f16951718bafffb272463e01e90d230.yaml b/nuclei-templates/cve-less/unknown/wordpress-5f16951718bafffb272463e01e90d230.yaml new file mode 100644 index 0000000000..49db73e07a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5f16951718bafffb272463e01e90d230.yaml @@ -0,0 +1,60 @@ +id: wordpress-5f16951718bafffb272463e01e90d230 + +info: + name: > + WordPress Core < 3.0.6 - Incorrect Authorization Checks + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64f51991-f767-4f7b-94e7-68c0e2214849?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.0.6') + - compare_versions(version_by_js, '< 3.0.6') + - compare_versions(version_by_css, '< 3.0.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5f3b219095913ca0ac8eaef4013782dc.yaml b/nuclei-templates/cve-less/unknown/wordpress-5f3b219095913ca0ac8eaef4013782dc.yaml new file mode 100644 index 0000000000..54279a5d26 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5f3b219095913ca0ac8eaef4013782dc.yaml @@ -0,0 +1,60 @@ +id: wordpress-5f3b219095913ca0ac8eaef4013782dc + +info: + name: > + WordPress Core < 6.0.3 - Reflected Cross-Site Scripting via SQL Injection + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6f6aa094-6bac-463f-b46d-c65f591abbb3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 6.0', '<= 6.0.2') + - compare_versions(version_by_js, '>= 6.0', '<= 6.0.2') + - compare_versions(version_by_css, '>= 6.0', '<= 6.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-5ffbaa4e2b1d5d3387454a24d1df8151.yaml b/nuclei-templates/cve-less/unknown/wordpress-5ffbaa4e2b1d5d3387454a24d1df8151.yaml new file mode 100644 index 0000000000..fb808481ee --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-5ffbaa4e2b1d5d3387454a24d1df8151.yaml @@ -0,0 +1,60 @@ +id: wordpress-5ffbaa4e2b1d5d3387454a24d1df8151 + +info: + name: > + WordPress Core <= 1.5.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8ba30cbb-7a20-47aa-bbd6-82fdb27d4705?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 1.5.2') + - compare_versions(version_by_js, '<= 1.5.2') + - compare_versions(version_by_css, '<= 1.5.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-607a9df960ada3c91b07fd6d1e294e67.yaml b/nuclei-templates/cve-less/unknown/wordpress-607a9df960ada3c91b07fd6d1e294e67.yaml new file mode 100644 index 0000000000..7eccd1c107 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-607a9df960ada3c91b07fd6d1e294e67.yaml @@ -0,0 +1,60 @@ +id: wordpress-607a9df960ada3c91b07fd6d1e294e67 + +info: + name: > + WordPress Core < 5.8 - Dependency Confusion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/719fe585-369b-47ef-b3c1-15729f88ae2d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 5.7.5') + - compare_versions(version_by_js, '<= 5.7.5') + - compare_versions(version_by_css, '<= 5.7.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-62059d6f1640212c35e5b3f8330daee1.yaml b/nuclei-templates/cve-less/unknown/wordpress-62059d6f1640212c35e5b3f8330daee1.yaml new file mode 100644 index 0000000000..7d047873b0 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-62059d6f1640212c35e5b3f8330daee1.yaml @@ -0,0 +1,60 @@ +id: wordpress-62059d6f1640212c35e5b3f8330daee1 + +info: + name: > + WordPress Core < 1.2.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e8687bf7-4172-4cc3-bd6e-830fc5fc28e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 1.2') + - compare_versions(version_by_js, '< 1.2') + - compare_versions(version_by_css, '< 1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-623f8001867cd69f8a18b1dce53f3487.yaml b/nuclei-templates/cve-less/unknown/wordpress-623f8001867cd69f8a18b1dce53f3487.yaml new file mode 100644 index 0000000000..e15df4d1e4 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-623f8001867cd69f8a18b1dce53f3487.yaml @@ -0,0 +1,60 @@ +id: wordpress-623f8001867cd69f8a18b1dce53f3487 + +info: + name: > + WordPress Core < 5.5.2 - Deserialization Gadget + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/58300545-3e53-49be-bf55-eaf3e4cd82e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_js, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_css, '>= 5.5', '<= 5.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-628434356b9e4de217bb4ae54139a78f.yaml b/nuclei-templates/cve-less/unknown/wordpress-628434356b9e4de217bb4ae54139a78f.yaml new file mode 100644 index 0000000000..a8462facfa --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-628434356b9e4de217bb4ae54139a78f.yaml @@ -0,0 +1,60 @@ +id: wordpress-628434356b9e4de217bb4ae54139a78f + +info: + name: > + WordPress Core < 5.3.1 - Stored Cross-Site Scripting via Block Editor + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/78b98f21-ac0c-496b-8cb9-8d2f3bd751b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.3') + - compare_versions(version_by_js, '5.3') + - compare_versions(version_by_css, '5.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-62c0f4af115d106e4e2cbcfcbfb71c13.yaml b/nuclei-templates/cve-less/unknown/wordpress-62c0f4af115d106e4e2cbcfcbfb71c13.yaml new file mode 100644 index 0000000000..dd651c88c3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-62c0f4af115d106e4e2cbcfcbfb71c13.yaml @@ -0,0 +1,60 @@ +id: wordpress-62c0f4af115d106e4e2cbcfcbfb71c13 + +info: + name: > + WordPress Core < 3.5.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dbcdeda4-85b7-48d6-b89d-1d1756d183d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.5') + - compare_versions(version_by_js, '<= 3.5') + - compare_versions(version_by_css, '<= 3.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6375912d34ba2cc17be824f1910df6ff.yaml b/nuclei-templates/cve-less/unknown/wordpress-6375912d34ba2cc17be824f1910df6ff.yaml new file mode 100644 index 0000000000..3a82a1db48 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6375912d34ba2cc17be824f1910df6ff.yaml @@ -0,0 +1,60 @@ +id: wordpress-6375912d34ba2cc17be824f1910df6ff + +info: + name: > + WordPress Core < 4.8.2 - Open Redirect in Admin Dashboard + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/76af4656-547b-4daf-9078-8ed2b425d1ca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_js, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_css, '>= 4.8', '<= 4.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6450a70f3dd4ffaacec75fbc332a4cd2.yaml b/nuclei-templates/cve-less/unknown/wordpress-6450a70f3dd4ffaacec75fbc332a4cd2.yaml new file mode 100644 index 0000000000..2cc01d136d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6450a70f3dd4ffaacec75fbc332a4cd2.yaml @@ -0,0 +1,60 @@ +id: wordpress-6450a70f3dd4ffaacec75fbc332a4cd2 + +info: + name: > + WordPress Core < 3.1.3 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee01dab6-8e10-43aa-bc20-1f389f1e7d07?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.1.2') + - compare_versions(version_by_js, '<= 3.1.2') + - compare_versions(version_by_css, '<= 3.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-65fb786a832ae70556835ff6a5bf2139.yaml b/nuclei-templates/cve-less/unknown/wordpress-65fb786a832ae70556835ff6a5bf2139.yaml new file mode 100644 index 0000000000..bad4d95760 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-65fb786a832ae70556835ff6a5bf2139.yaml @@ -0,0 +1,60 @@ +id: wordpress-65fb786a832ae70556835ff6a5bf2139 + +info: + name: > + WordPress Core 5.4 - 5.8 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b801e7d9-0ca0-471e-a524-af19ea0d85be?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.8', '< 5.8.1') + - compare_versions(version_by_js, '>= 5.8', '< 5.8.1') + - compare_versions(version_by_css, '>= 5.8', '< 5.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-675247bc0cd9450ab659456e645f34ea.yaml b/nuclei-templates/cve-less/unknown/wordpress-675247bc0cd9450ab659456e645f34ea.yaml new file mode 100644 index 0000000000..cfd1cb1ca4 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-675247bc0cd9450ab659456e645f34ea.yaml @@ -0,0 +1,60 @@ +id: wordpress-675247bc0cd9450ab659456e645f34ea + +info: + name: > + WordPress Core 2.2.1 - Backdoor + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5539ad8-4203-4d22-9a40-0ed6e0471e19?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '2.2.1') + - compare_versions(version_by_js, '2.2.1') + - compare_versions(version_by_css, '2.2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-67be7dda8922a0b90c62a801231990f1.yaml b/nuclei-templates/cve-less/unknown/wordpress-67be7dda8922a0b90c62a801231990f1.yaml new file mode 100644 index 0000000000..47ab69e7af --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-67be7dda8922a0b90c62a801231990f1.yaml @@ -0,0 +1,60 @@ +id: wordpress-67be7dda8922a0b90c62a801231990f1 + +info: + name: > + WordPress Core < 5.4.1 - Authenticated Cross-Site Scripting via Customizer + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/adf3fb57-b080-4cda-b78b-14d94bad21a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.4') + - compare_versions(version_by_js, '5.4') + - compare_versions(version_by_css, '5.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-68cd0d8404410b84b22d009411f84df8.yaml b/nuclei-templates/cve-less/unknown/wordpress-68cd0d8404410b84b22d009411f84df8.yaml new file mode 100644 index 0000000000..c563e7b8be --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-68cd0d8404410b84b22d009411f84df8.yaml @@ -0,0 +1,60 @@ +id: wordpress-68cd0d8404410b84b22d009411f84df8 + +info: + name: > + WordPress Core < 4.6.1 - Authenticated Directory Traversal to Arbitrary File Access + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f19194c-dbe8-455d-bee7-2f7d4ce9224f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.6') + - compare_versions(version_by_js, '4.6') + - compare_versions(version_by_css, '4.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-69c16fc3d6749cd61a7b1d15ea116d00.yaml b/nuclei-templates/cve-less/unknown/wordpress-69c16fc3d6749cd61a7b1d15ea116d00.yaml new file mode 100644 index 0000000000..848ca5b943 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-69c16fc3d6749cd61a7b1d15ea116d00.yaml @@ -0,0 +1,60 @@ +id: wordpress-69c16fc3d6749cd61a7b1d15ea116d00 + +info: + name: > + WordPress Core < 3.6.1 - HTML File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5d70b447-4f7f-4196-a37b-167679cef229?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.6') + - compare_versions(version_by_js, '<= 3.6') + - compare_versions(version_by_css, '<= 3.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6aea7b52579f172c9bf983e50b0b1bb7.yaml b/nuclei-templates/cve-less/unknown/wordpress-6aea7b52579f172c9bf983e50b0b1bb7.yaml new file mode 100644 index 0000000000..61ada98d5c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6aea7b52579f172c9bf983e50b0b1bb7.yaml @@ -0,0 +1,60 @@ +id: wordpress-6aea7b52579f172c9bf983e50b0b1bb7 + +info: + name: > + WordPress Core < 4.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4d3191b0-829f-4d35-b8f6-323e7ea6f80b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.2', '<= 4.2.2') + - compare_versions(version_by_js, '>= 4.2', '<= 4.2.2') + - compare_versions(version_by_css, '>= 4.2', '<= 4.2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6afe85808d3f8414da9c4627bea64467.yaml b/nuclei-templates/cve-less/unknown/wordpress-6afe85808d3f8414da9c4627bea64467.yaml new file mode 100644 index 0000000000..e71d6fc90b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6afe85808d3f8414da9c4627bea64467.yaml @@ -0,0 +1,60 @@ +id: wordpress-6afe85808d3f8414da9c4627bea64467 + +info: + name: > + WordPress Core < 4.9.1- Stored Cross-Site Scripting via Language + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aa8a095b-abda-4a12-a4b9-246cda41fb4e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.9') + - compare_versions(version_by_js, '4.9') + - compare_versions(version_by_css, '4.9') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6c1fbf85c3d69e46273f9e4e6155212a.yaml b/nuclei-templates/cve-less/unknown/wordpress-6c1fbf85c3d69e46273f9e4e6155212a.yaml new file mode 100644 index 0000000000..f9977eff1c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6c1fbf85c3d69e46273f9e4e6155212a.yaml @@ -0,0 +1,60 @@ +id: wordpress-6c1fbf85c3d69e46273f9e4e6155212a + +info: + name: > + WordPress Core < 2.6.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e669ae60-c015-4b84-86a8-56aab9fe23bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.6.4') + - compare_versions(version_by_js, '<= 2.6.4') + - compare_versions(version_by_css, '<= 2.6.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6c7f46750ac05bc52e48465378b5740a.yaml b/nuclei-templates/cve-less/unknown/wordpress-6c7f46750ac05bc52e48465378b5740a.yaml new file mode 100644 index 0000000000..c9a080f0fc --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6c7f46750ac05bc52e48465378b5740a.yaml @@ -0,0 +1,60 @@ +id: wordpress-6c7f46750ac05bc52e48465378b5740a + +info: + name: > + WordPress Core < 3.6.1 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/45adeeba-22b0-4758-bc21-afc019653ce8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.6') + - compare_versions(version_by_js, '<= 3.6') + - compare_versions(version_by_css, '<= 3.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6ca3acaca2ec5a160156098938c75a1d.yaml b/nuclei-templates/cve-less/unknown/wordpress-6ca3acaca2ec5a160156098938c75a1d.yaml new file mode 100644 index 0000000000..44d8fb0a0c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6ca3acaca2ec5a160156098938c75a1d.yaml @@ -0,0 +1,60 @@ +id: wordpress-6ca3acaca2ec5a160156098938c75a1d + +info: + name: > + WordPress Core < 1.5.1.3 - Arbitrary Email Content Change + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f25d0409-dbca-4c5a-9f43-fc03e5307d0f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 1.5.1.2') + - compare_versions(version_by_js, '<= 1.5.1.2') + - compare_versions(version_by_css, '<= 1.5.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6ce77d46d871b23fbcd32fc17e129ed5.yaml b/nuclei-templates/cve-less/unknown/wordpress-6ce77d46d871b23fbcd32fc17e129ed5.yaml new file mode 100644 index 0000000000..2a179fe564 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6ce77d46d871b23fbcd32fc17e129ed5.yaml @@ -0,0 +1,60 @@ +id: wordpress-6ce77d46d871b23fbcd32fc17e129ed5 + +info: + name: > + WordPress Core < 5.0.1 - Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d61b06b-6709-4f60-8324-53775dbb3c04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.0') + - compare_versions(version_by_js, '5.0') + - compare_versions(version_by_css, '5.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6d2a23eb94e6d4b179593d1e2ef0da35.yaml b/nuclei-templates/cve-less/unknown/wordpress-6d2a23eb94e6d4b179593d1e2ef0da35.yaml new file mode 100644 index 0000000000..b6532b18be --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6d2a23eb94e6d4b179593d1e2ef0da35.yaml @@ -0,0 +1,60 @@ +id: wordpress-6d2a23eb94e6d4b179593d1e2ef0da35 + +info: + name: > + WordPress Core < 2.8.1 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cb072bfa-991a-4839-996d-fdc803427076?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.8.1') + - compare_versions(version_by_js, '< 2.8.1') + - compare_versions(version_by_css, '< 2.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6d56121149ca7bd6af4818d9b53bdc87.yaml b/nuclei-templates/cve-less/unknown/wordpress-6d56121149ca7bd6af4818d9b53bdc87.yaml new file mode 100644 index 0000000000..a99e365e9e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6d56121149ca7bd6af4818d9b53bdc87.yaml @@ -0,0 +1,60 @@ +id: wordpress-6d56121149ca7bd6af4818d9b53bdc87 + +info: + name: > + WordPress Core < 2.0.4 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d305711-7a84-46c2-b333-02f5a745d76c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.3') + - compare_versions(version_by_js, '<= 2.0.3') + - compare_versions(version_by_css, '<= 2.0.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6dae0916c42cb6d2e594be15be242836.yaml b/nuclei-templates/cve-less/unknown/wordpress-6dae0916c42cb6d2e594be15be242836.yaml new file mode 100644 index 0000000000..53fc07e5c8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6dae0916c42cb6d2e594be15be242836.yaml @@ -0,0 +1,60 @@ +id: wordpress-6dae0916c42cb6d2e594be15be242836 + +info: + name: > + WordPress Core < 4.5.2 - Cross-Site Scripting via MediaElement.js + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0987285b-4daf-4979-934b-7fa4a0ded99f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.5', '<= 4.5.1') + - compare_versions(version_by_js, '>= 4.5', '<= 4.5.1') + - compare_versions(version_by_css, '>= 4.5', '<= 4.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6ea13de5e88a490bbeb3409f32172b66.yaml b/nuclei-templates/cve-less/unknown/wordpress-6ea13de5e88a490bbeb3409f32172b66.yaml new file mode 100644 index 0000000000..c206880a66 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6ea13de5e88a490bbeb3409f32172b66.yaml @@ -0,0 +1,60 @@ +id: wordpress-6ea13de5e88a490bbeb3409f32172b66 + +info: + name: > + WordPress Core < 3.5.2 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d7d94443-3ab2-4d89-a580-2e9697d28cd7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.5.1') + - compare_versions(version_by_js, '<= 3.5.1') + - compare_versions(version_by_css, '<= 3.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6ef627f37f264d49a05282a3b5f99301.yaml b/nuclei-templates/cve-less/unknown/wordpress-6ef627f37f264d49a05282a3b5f99301.yaml new file mode 100644 index 0000000000..9d1251c79f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6ef627f37f264d49a05282a3b5f99301.yaml @@ -0,0 +1,60 @@ +id: wordpress-6ef627f37f264d49a05282a3b5f99301 + +info: + name: > + WordPress Core < 3.5.2 - XXE Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65465de9-c527-4b18-8a52-c9cd2d594f72?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.5.1') + - compare_versions(version_by_js, '<= 3.5.1') + - compare_versions(version_by_css, '<= 3.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-6f396d18ad1fbb1948ad9473860ec9d1.yaml b/nuclei-templates/cve-less/unknown/wordpress-6f396d18ad1fbb1948ad9473860ec9d1.yaml new file mode 100644 index 0000000000..c32a81be6b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-6f396d18ad1fbb1948ad9473860ec9d1.yaml @@ -0,0 +1,60 @@ +id: wordpress-6f396d18ad1fbb1948ad9473860ec9d1 + +info: + name: > + WordPress Core <= 2.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c7d04f7d-d114-4104-a7cb-298c148e2b6d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 2.1', '<= 2.1.2') + - compare_versions(version_by_js, '>= 2.1', '<= 2.1.2') + - compare_versions(version_by_css, '>= 2.1', '<= 2.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-70d9b727752f76af972d40070c1204ab.yaml b/nuclei-templates/cve-less/unknown/wordpress-70d9b727752f76af972d40070c1204ab.yaml new file mode 100644 index 0000000000..17b1efc981 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-70d9b727752f76af972d40070c1204ab.yaml @@ -0,0 +1,60 @@ +id: wordpress-70d9b727752f76af972d40070c1204ab + +info: + name: > + WordPress Core < 6.4.3 - Authenticated(Administrator+) PHP File Upload + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a6707ef-aab7-449c-8160-034bc188a998?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 6.4', '<= 6.4.2') + - compare_versions(version_by_js, '>= 6.4', '<= 6.4.2') + - compare_versions(version_by_css, '>= 6.4', '<= 6.4.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7146f57eea7535399fc69f60720aa24d.yaml b/nuclei-templates/cve-less/unknown/wordpress-7146f57eea7535399fc69f60720aa24d.yaml new file mode 100644 index 0000000000..86995366e3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7146f57eea7535399fc69f60720aa24d.yaml @@ -0,0 +1,60 @@ +id: wordpress-7146f57eea7535399fc69f60720aa24d + +info: + name: > + WordPress Core < 4.7.3 - Bypass URL Validation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0ed8ee65-d910-42a4-b6de-3229346dc59e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-728417a14c379621895872d93a4e491b.yaml b/nuclei-templates/cve-less/unknown/wordpress-728417a14c379621895872d93a4e491b.yaml new file mode 100644 index 0000000000..750b493720 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-728417a14c379621895872d93a4e491b.yaml @@ -0,0 +1,60 @@ +id: wordpress-728417a14c379621895872d93a4e491b + +info: + name: > + WordPress Core < 3.0.3 - Access Control Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0eff89a8-07b7-49fc-b68d-9efd87fcac3c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.0.2') + - compare_versions(version_by_js, '<= 3.0.2') + - compare_versions(version_by_css, '<= 3.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-72e74beba43d07abace57eff8d7de8c6.yaml b/nuclei-templates/cve-less/unknown/wordpress-72e74beba43d07abace57eff8d7de8c6.yaml new file mode 100644 index 0000000000..23d4428d8a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-72e74beba43d07abace57eff8d7de8c6.yaml @@ -0,0 +1,60 @@ +id: wordpress-72e74beba43d07abace57eff8d7de8c6 + +info: + name: > + WordPress Core < 2.6.2 - Arbitrary User Password Reset + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/354a5b89-8845-4486-8cc5-7339a6a107c0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.6.1') + - compare_versions(version_by_js, '<= 2.6.1') + - compare_versions(version_by_css, '<= 2.6.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-730ba88ca77574036c6425da8a44f82e.yaml b/nuclei-templates/cve-less/unknown/wordpress-730ba88ca77574036c6425da8a44f82e.yaml new file mode 100644 index 0000000000..5fbe5c681e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-730ba88ca77574036c6425da8a44f82e.yaml @@ -0,0 +1,60 @@ +id: wordpress-730ba88ca77574036c6425da8a44f82e + +info: + name: > + WordPress Core < 2.7 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/28bcaf28-bb75-4d55-9e9b-afa760fc793e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.6.1') + - compare_versions(version_by_js, '<= 2.6.1') + - compare_versions(version_by_css, '<= 2.6.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-747bcaf00a26e1c7e2c5dad1a47f8c51.yaml b/nuclei-templates/cve-less/unknown/wordpress-747bcaf00a26e1c7e2c5dad1a47f8c51.yaml new file mode 100644 index 0000000000..267564fcfa --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-747bcaf00a26e1c7e2c5dad1a47f8c51.yaml @@ -0,0 +1,60 @@ +id: wordpress-747bcaf00a26e1c7e2c5dad1a47f8c51 + +info: + name: > + WordPress Core < 5.0.1 - PHAR Unserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f846ffa-0dfa-4549-845a-7884a390462a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.0') + - compare_versions(version_by_js, '5.0') + - compare_versions(version_by_css, '5.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7665a25ea15e9e9b2d624d595bf5298e.yaml b/nuclei-templates/cve-less/unknown/wordpress-7665a25ea15e9e9b2d624d595bf5298e.yaml new file mode 100644 index 0000000000..0e2ceaf6f8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7665a25ea15e9e9b2d624d595bf5298e.yaml @@ -0,0 +1,60 @@ +id: wordpress-7665a25ea15e9e9b2d624d595bf5298e + +info: + name: > + WordPress Core < 4.9.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e5252b2f-c1a1-4fec-abaf-ad234affdcfb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.9') + - compare_versions(version_by_js, '4.9') + - compare_versions(version_by_css, '4.9') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-773aca706a31e2409dfb4bd8f1fa9e33.yaml b/nuclei-templates/cve-less/unknown/wordpress-773aca706a31e2409dfb4bd8f1fa9e33.yaml new file mode 100644 index 0000000000..41dcd70a30 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-773aca706a31e2409dfb4bd8f1fa9e33.yaml @@ -0,0 +1,60 @@ +id: wordpress-773aca706a31e2409dfb4bd8f1fa9e33 + +info: + name: > + WordPress Core < 5.4.1 - Cross-Site Scripting in the Block Editor + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/68f87cc7-fde5-4cd6-ab25-bf05cd3b5cde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.4') + - compare_versions(version_by_js, '5.4') + - compare_versions(version_by_css, '5.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-77b2d106f56be975fb3bb74f975f0127.yaml b/nuclei-templates/cve-less/unknown/wordpress-77b2d106f56be975fb3bb74f975f0127.yaml new file mode 100644 index 0000000000..d52895ea5b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-77b2d106f56be975fb3bb74f975f0127.yaml @@ -0,0 +1,60 @@ +id: wordpress-77b2d106f56be975fb3bb74f975f0127 + +info: + name: > + WordPress Core <= 3.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/00376356-4a85-4898-a101-710e1cb5c6bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.3') + - compare_versions(version_by_js, '<= 3.3') + - compare_versions(version_by_css, '<= 3.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-77ce3568929dc53b56e0c4f8840c178b.yaml b/nuclei-templates/cve-less/unknown/wordpress-77ce3568929dc53b56e0c4f8840c178b.yaml new file mode 100644 index 0000000000..9b1302b136 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-77ce3568929dc53b56e0c4f8840c178b.yaml @@ -0,0 +1,60 @@ +id: wordpress-77ce3568929dc53b56e0c4f8840c178b + +info: + name: > + WordPress Core < 5.2.3 - Stored Cross-Site Scripting via Comments via URLs + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/42dd1eeb-10b4-48f1-b392-dfa3a9d4b9c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-77d0dd5a2fc10c56c574031709910e3c.yaml b/nuclei-templates/cve-less/unknown/wordpress-77d0dd5a2fc10c56c574031709910e3c.yaml new file mode 100644 index 0000000000..f5a1805fa0 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-77d0dd5a2fc10c56c574031709910e3c.yaml @@ -0,0 +1,60 @@ +id: wordpress-77d0dd5a2fc10c56c574031709910e3c + +info: + name: > + WordPress Core < 4.8.2 - Cross-Site Scripting in oEmbed + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d2716f7e-ae73-482a-acf7-772884f0b3ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_js, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_css, '>= 4.8', '<= 4.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7849f4bf55847e7dee539697b18e4bc9.yaml b/nuclei-templates/cve-less/unknown/wordpress-7849f4bf55847e7dee539697b18e4bc9.yaml new file mode 100644 index 0000000000..fac4fde33d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7849f4bf55847e7dee539697b18e4bc9.yaml @@ -0,0 +1,60 @@ +id: wordpress-7849f4bf55847e7dee539697b18e4bc9 + +info: + name: > + WordPress Core <= 3.3.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/87333eee-36ae-4272-b300-7352eb133745?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.3.1') + - compare_versions(version_by_js, '<= 3.3.1') + - compare_versions(version_by_css, '<= 3.3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-78c0fa7115ae86c26deccf0e5ec633a7.yaml b/nuclei-templates/cve-less/unknown/wordpress-78c0fa7115ae86c26deccf0e5ec633a7.yaml new file mode 100644 index 0000000000..4156dd2f73 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-78c0fa7115ae86c26deccf0e5ec633a7.yaml @@ -0,0 +1,60 @@ +id: wordpress-78c0fa7115ae86c26deccf0e5ec633a7 + +info: + name: > + WordPress Core < 2.0.7 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c3b42bd3-f7d3-43d1-bdd8-4389fd82e1e9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.6') + - compare_versions(version_by_js, '<= 2.0.6') + - compare_versions(version_by_css, '<= 2.0.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-793575cb782549abec6279e8981305af.yaml b/nuclei-templates/cve-less/unknown/wordpress-793575cb782549abec6279e8981305af.yaml new file mode 100644 index 0000000000..bc722851df --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-793575cb782549abec6279e8981305af.yaml @@ -0,0 +1,60 @@ +id: wordpress-793575cb782549abec6279e8981305af + +info: + name: > + WordPress Core < 4.6 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6dfed14-bb6f-4418-bdd8-9c548e63dac0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 4.6') + - compare_versions(version_by_js, '< 4.6') + - compare_versions(version_by_css, '< 4.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7a8b8fa3bcccffed98e8c5f115c5183e.yaml b/nuclei-templates/cve-less/unknown/wordpress-7a8b8fa3bcccffed98e8c5f115c5183e.yaml new file mode 100644 index 0000000000..5eb3726c3f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7a8b8fa3bcccffed98e8c5f115c5183e.yaml @@ -0,0 +1,60 @@ +id: wordpress-7a8b8fa3bcccffed98e8c5f115c5183e + +info: + name: > + WordPress Core < 2.2.3 & WordPress MU < 1.2.5a - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5c290a1-b58a-4b5c-8112-076d5b17d940?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.2.3') + - compare_versions(version_by_js, '< 2.2.3') + - compare_versions(version_by_css, '< 2.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7aa910c9023680190c934154781b69ae.yaml b/nuclei-templates/cve-less/unknown/wordpress-7aa910c9023680190c934154781b69ae.yaml new file mode 100644 index 0000000000..eeb44e21e1 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7aa910c9023680190c934154781b69ae.yaml @@ -0,0 +1,60 @@ +id: wordpress-7aa910c9023680190c934154781b69ae + +info: + name: > + WordPress Core < 5.2.4 - Authenticated Stored Cross-Site Scripting via Customizer + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6af83daa-ad8c-43ba-b77e-ad085889277c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7c8aa1bb9118332e4c00a1f8fbc13540.yaml b/nuclei-templates/cve-less/unknown/wordpress-7c8aa1bb9118332e4c00a1f8fbc13540.yaml new file mode 100644 index 0000000000..62ed32cdd6 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7c8aa1bb9118332e4c00a1f8fbc13540.yaml @@ -0,0 +1,60 @@ +id: wordpress-7c8aa1bb9118332e4c00a1f8fbc13540 + +info: + name: > + WordPress Core < 4.7.3 - Authenticated Cross-Site Scripting in Youtube URL Embeds + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0788659e-be5b-413d-b4fb-d60df07075e1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7ca4840593432079c6f0f058b437eb99.yaml b/nuclei-templates/cve-less/unknown/wordpress-7ca4840593432079c6f0f058b437eb99.yaml new file mode 100644 index 0000000000..8deeb3afcc --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7ca4840593432079c6f0f058b437eb99.yaml @@ -0,0 +1,60 @@ +id: wordpress-7ca4840593432079c6f0f058b437eb99 + +info: + name: > + WordPress Core < 4.0.1 - Denial of Service via Long Password + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43c781c3-dc3e-4258-b594-689d0035cab0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.0') + - compare_versions(version_by_js, '4.0') + - compare_versions(version_by_css, '4.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7d2dd3cdc39b92aa9894971c9b053be4.yaml b/nuclei-templates/cve-less/unknown/wordpress-7d2dd3cdc39b92aa9894971c9b053be4.yaml new file mode 100644 index 0000000000..ad66504981 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7d2dd3cdc39b92aa9894971c9b053be4.yaml @@ -0,0 +1,60 @@ +id: wordpress-7d2dd3cdc39b92aa9894971c9b053be4 + +info: + name: > + WordPress Core < 2.6.1 - Cryptographic Weakness + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33e8a48e-0ddb-4278-a023-818aebe92dab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.6') + - compare_versions(version_by_js, '<= 2.6') + - compare_versions(version_by_css, '<= 2.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7dca337dc352e2c37f50cc2bc31726f0.yaml b/nuclei-templates/cve-less/unknown/wordpress-7dca337dc352e2c37f50cc2bc31726f0.yaml new file mode 100644 index 0000000000..b6609396a9 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7dca337dc352e2c37f50cc2bc31726f0.yaml @@ -0,0 +1,60 @@ +id: wordpress-7dca337dc352e2c37f50cc2bc31726f0 + +info: + name: > + WordPress Core <= 3.5.1 - Content-Spoofing Attacks + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7e42954c-1ae3-41ef-8dd3-16e5820aa36f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.5.1') + - compare_versions(version_by_js, '<= 3.5.1') + - compare_versions(version_by_css, '<= 3.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7ec18e3e7ba86c077b691dda2c9af2f0.yaml b/nuclei-templates/cve-less/unknown/wordpress-7ec18e3e7ba86c077b691dda2c9af2f0.yaml new file mode 100644 index 0000000000..ea140b2efb --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7ec18e3e7ba86c077b691dda2c9af2f0.yaml @@ -0,0 +1,60 @@ +id: wordpress-7ec18e3e7ba86c077b691dda2c9af2f0 + +info: + name: > + WordPress Core < 2.5.1 - Authentication Bypass + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0a16651c-613b-462b-9d73-10a74892ecdc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.5') + - compare_versions(version_by_js, '<= 2.5') + - compare_versions(version_by_css, '<= 2.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7ef92eee5a31d3c6abd88bc96bb35a15.yaml b/nuclei-templates/cve-less/unknown/wordpress-7ef92eee5a31d3c6abd88bc96bb35a15.yaml new file mode 100644 index 0000000000..629c1c584b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7ef92eee5a31d3c6abd88bc96bb35a15.yaml @@ -0,0 +1,60 @@ +id: wordpress-7ef92eee5a31d3c6abd88bc96bb35a15 + +info: + name: > + WordPress Core < 3.1.3 - Media Related Security Issue + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d0529df-70be-4559-a760-5537e0fd4d1e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.1.2') + - compare_versions(version_by_js, '<= 3.1.2') + - compare_versions(version_by_css, '<= 3.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7f744e0e462ab89c1256c26b44130ba6.yaml b/nuclei-templates/cve-less/unknown/wordpress-7f744e0e462ab89c1256c26b44130ba6.yaml new file mode 100644 index 0000000000..11a2746983 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7f744e0e462ab89c1256c26b44130ba6.yaml @@ -0,0 +1,60 @@ +id: wordpress-7f744e0e462ab89c1256c26b44130ba6 + +info: + name: > + WordPress Core < 4.5.3 - Bypass sanitize_file_name Protection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a7e8eb75-ba48-4385-9ddd-800d9bb907f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_js, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_css, '>= 4.5', '<= 4.5.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7f90e21d61d08de5a33db78b742d16b2.yaml b/nuclei-templates/cve-less/unknown/wordpress-7f90e21d61d08de5a33db78b742d16b2.yaml new file mode 100644 index 0000000000..4b6fab078f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7f90e21d61d08de5a33db78b742d16b2.yaml @@ -0,0 +1,60 @@ +id: wordpress-7f90e21d61d08de5a33db78b742d16b2 + +info: + name: > + WordPress Core < 1.5.1.3 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bf48087a-f729-488a-8e40-f4e010ccd5a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 1.5.1.2') + - compare_versions(version_by_js, '<= 1.5.1.2') + - compare_versions(version_by_css, '<= 1.5.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-7fdbdd031d5c39eb7f813226abb85c96.yaml b/nuclei-templates/cve-less/unknown/wordpress-7fdbdd031d5c39eb7f813226abb85c96.yaml new file mode 100644 index 0000000000..6dc46b3b49 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-7fdbdd031d5c39eb7f813226abb85c96.yaml @@ -0,0 +1,60 @@ +id: wordpress-7fdbdd031d5c39eb7f813226abb85c96 + +info: + name: > + WordPress Core < 3.5.2 - Cross-Site Scripting via Multiple Vectors + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/81022d05-d1fc-4f27-9f89-b6f9c79cc084?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.5.1') + - compare_versions(version_by_js, '<= 3.5.1') + - compare_versions(version_by_css, '<= 3.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-821019e522c0249cbe8769a0804c81b7.yaml b/nuclei-templates/cve-less/unknown/wordpress-821019e522c0249cbe8769a0804c81b7.yaml new file mode 100644 index 0000000000..db55414615 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-821019e522c0249cbe8769a0804c81b7.yaml @@ -0,0 +1,60 @@ +id: wordpress-821019e522c0249cbe8769a0804c81b7 + +info: + name: > + WordPress Core < 3.0.1 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/221872e2-7929-4fba-8a57-7d9fd73a76db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.0.1') + - compare_versions(version_by_js, '< 3.0.1') + - compare_versions(version_by_css, '< 3.0.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-83ae7383a40a2b386de5c8ed058c9c78.yaml b/nuclei-templates/cve-less/unknown/wordpress-83ae7383a40a2b386de5c8ed058c9c78.yaml new file mode 100644 index 0000000000..69b40478d8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-83ae7383a40a2b386de5c8ed058c9c78.yaml @@ -0,0 +1,60 @@ +id: wordpress-83ae7383a40a2b386de5c8ed058c9c78 + +info: + name: > + WordPress Core < 1.5.1.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/11d53df8-f7b3-467c-8b3a-515974f1ea69?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 1.5.1.3') + - compare_versions(version_by_js, '< 1.5.1.3') + - compare_versions(version_by_css, '< 1.5.1.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-83f854ccd5706dc6276ad2cb82d92fed.yaml b/nuclei-templates/cve-less/unknown/wordpress-83f854ccd5706dc6276ad2cb82d92fed.yaml new file mode 100644 index 0000000000..e7ecb763fe --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-83f854ccd5706dc6276ad2cb82d92fed.yaml @@ -0,0 +1,60 @@ +id: wordpress-83f854ccd5706dc6276ad2cb82d92fed + +info: + name: > + WordPress Core < 5.9.1 - jQuery Prototype Pollution + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c90844e1-0502-4d08-888f-4835f63f8dd0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.9', '<= 5.9.1') + - compare_versions(version_by_js, '>= 5.9', '<= 5.9.1') + - compare_versions(version_by_css, '>= 5.9', '<= 5.9.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-84b7f9f02a905463501c0c7b4e0beaa5.yaml b/nuclei-templates/cve-less/unknown/wordpress-84b7f9f02a905463501c0c7b4e0beaa5.yaml new file mode 100644 index 0000000000..d07d9943fa --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-84b7f9f02a905463501c0c7b4e0beaa5.yaml @@ -0,0 +1,60 @@ +id: wordpress-84b7f9f02a905463501c0c7b4e0beaa5 + +info: + name: > + WordPress Core < 4.4 - Brute Force Password Recovery Tokens + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b5e0b875-ba8c-438f-b2b1-6c713ef604e5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 4.4') + - compare_versions(version_by_js, '< 4.4') + - compare_versions(version_by_css, '< 4.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-84d821beb832812f438f3b3abdbb7ba4.yaml b/nuclei-templates/cve-less/unknown/wordpress-84d821beb832812f438f3b3abdbb7ba4.yaml new file mode 100644 index 0000000000..4d82bbc853 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-84d821beb832812f438f3b3abdbb7ba4.yaml @@ -0,0 +1,60 @@ +id: wordpress-84d821beb832812f438f3b3abdbb7ba4 + +info: + name: > + WordPress Core < 3.0.2 - Spam Protection Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/12072b77-fe68-4304-8230-7c137a8d05ac?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.0.2') + - compare_versions(version_by_js, '< 3.0.2') + - compare_versions(version_by_css, '< 3.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-85dfbc95d4932a9f83bfee5a6b2585d0.yaml b/nuclei-templates/cve-less/unknown/wordpress-85dfbc95d4932a9f83bfee5a6b2585d0.yaml new file mode 100644 index 0000000000..bfacfbb031 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-85dfbc95d4932a9f83bfee5a6b2585d0.yaml @@ -0,0 +1,60 @@ +id: wordpress-85dfbc95d4932a9f83bfee5a6b2585d0 + +info: + name: > + WordPress Core < 5.2.3 - Authenticated Cross-Site Scripting via Post Previews + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63590140-9723-4e91-884c-f2b11b67eb8d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8629a041445673190f74e67cf1a4f264.yaml b/nuclei-templates/cve-less/unknown/wordpress-8629a041445673190f74e67cf1a4f264.yaml new file mode 100644 index 0000000000..495f3c7a9e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8629a041445673190f74e67cf1a4f264.yaml @@ -0,0 +1,60 @@ +id: wordpress-8629a041445673190f74e67cf1a4f264 + +info: + name: > + WordPress Core 5.9-6.3.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Navigation Attributes + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/66b1f597-f357-4525-8c67-e0be3a07bcfa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 6.3', '<= 6.3.1') + - compare_versions(version_by_js, '>= 6.3', '<= 6.3.1') + - compare_versions(version_by_css, '>= 6.3', '<= 6.3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-864005b8c1fa8976ccdf0832bf56f581.yaml b/nuclei-templates/cve-less/unknown/wordpress-864005b8c1fa8976ccdf0832bf56f581.yaml new file mode 100644 index 0000000000..7f88920f17 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-864005b8c1fa8976ccdf0832bf56f581.yaml @@ -0,0 +1,60 @@ +id: wordpress-864005b8c1fa8976ccdf0832bf56f581 + +info: + name: > + WordPress Core < 2.2.2 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2822114a-ffc2-43dd-bbf1-e4504aababfb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.2.1') + - compare_versions(version_by_js, '<= 2.2.1') + - compare_versions(version_by_css, '<= 2.2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8706c4fcf348254bf454d8133d1ac0b8.yaml b/nuclei-templates/cve-less/unknown/wordpress-8706c4fcf348254bf454d8133d1ac0b8.yaml new file mode 100644 index 0000000000..48c2b1428f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8706c4fcf348254bf454d8133d1ac0b8.yaml @@ -0,0 +1,60 @@ +id: wordpress-8706c4fcf348254bf454d8133d1ac0b8 + +info: + name: > + WordPress Core < 2.1 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c84e274e-292f-4d0f-b847-4a786b4cb15a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.1') + - compare_versions(version_by_js, '< 2.1') + - compare_versions(version_by_css, '< 2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-88414da74c1432faaa821c60e30d70e4.yaml b/nuclei-templates/cve-less/unknown/wordpress-88414da74c1432faaa821c60e30d70e4.yaml new file mode 100644 index 0000000000..289a81716b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-88414da74c1432faaa821c60e30d70e4.yaml @@ -0,0 +1,60 @@ +id: wordpress-88414da74c1432faaa821c60e30d70e4 + +info: + name: > + WordPress Core < 4.9.2 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/01ebc1b1-2dd3-4e91-93b2-fc8e5e93e925?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.9', '<= 4.9.1') + - compare_versions(version_by_js, '>= 4.9', '<= 4.9.1') + - compare_versions(version_by_css, '>= 4.9', '<= 4.9.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8889c549d7832d5315ef07e7a0f1de5e.yaml b/nuclei-templates/cve-less/unknown/wordpress-8889c549d7832d5315ef07e7a0f1de5e.yaml new file mode 100644 index 0000000000..9f7628f3e9 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8889c549d7832d5315ef07e7a0f1de5e.yaml @@ -0,0 +1,60 @@ +id: wordpress-8889c549d7832d5315ef07e7a0f1de5e + +info: + name: > + WordPress Core < 1.5.2 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fbe42214-0a01-4b9c-8149-68c47082d9d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 1.5.1.3') + - compare_versions(version_by_js, '<= 1.5.1.3') + - compare_versions(version_by_css, '<= 1.5.1.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8938dff59eb11f70aad9ff142e2c967b.yaml b/nuclei-templates/cve-less/unknown/wordpress-8938dff59eb11f70aad9ff142e2c967b.yaml new file mode 100644 index 0000000000..5068ae4e1a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8938dff59eb11f70aad9ff142e2c967b.yaml @@ -0,0 +1,60 @@ +id: wordpress-8938dff59eb11f70aad9ff142e2c967b + +info: + name: > + WordPress Core < 1.5.2 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/5bfd1650-0cc1-4b1c-9fc2-c940d841a147?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 1.5.2') + - compare_versions(version_by_js, '< 1.5.2') + - compare_versions(version_by_css, '< 1.5.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-89ecd9115fcfef013346488bc602d8a5.yaml b/nuclei-templates/cve-less/unknown/wordpress-89ecd9115fcfef013346488bc602d8a5.yaml new file mode 100644 index 0000000000..90a7cbf41c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-89ecd9115fcfef013346488bc602d8a5.yaml @@ -0,0 +1,60 @@ +id: wordpress-89ecd9115fcfef013346488bc602d8a5 + +info: + name: > + WordPress Core <= 2.8.5 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9ce0ae8-4729-4236-b4e8-e5726f4d3101?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8.5') + - compare_versions(version_by_js, '<= 2.8.5') + - compare_versions(version_by_css, '<= 2.8.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8a33514ce48c43037c771803b9a985c1.yaml b/nuclei-templates/cve-less/unknown/wordpress-8a33514ce48c43037c771803b9a985c1.yaml new file mode 100644 index 0000000000..b28790fef8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8a33514ce48c43037c771803b9a985c1.yaml @@ -0,0 +1,60 @@ +id: wordpress-8a33514ce48c43037c771803b9a985c1 + +info: + name: > + WordPress Core < 4.0.1 - Cross-Site Scripting via CSS + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/04516d92-7f66-47b3-aeae-6752e03c1f95?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.0') + - compare_versions(version_by_js, '4.0') + - compare_versions(version_by_css, '4.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8b8bc9dc7287ba3ce3345c56bcac0bb7.yaml b/nuclei-templates/cve-less/unknown/wordpress-8b8bc9dc7287ba3ce3345c56bcac0bb7.yaml new file mode 100644 index 0000000000..2a9abb1db3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8b8bc9dc7287ba3ce3345c56bcac0bb7.yaml @@ -0,0 +1,60 @@ +id: wordpress-8b8bc9dc7287ba3ce3345c56bcac0bb7 + +info: + name: > + WordPress Core < 0.72 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0534bc03-5d7d-47fe-9c07-c9a61af38df2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 0.72') + - compare_versions(version_by_js, '< 0.72') + - compare_versions(version_by_css, '< 0.72') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8cfb86a7329c0d8dd964b15f121c0465.yaml b/nuclei-templates/cve-less/unknown/wordpress-8cfb86a7329c0d8dd964b15f121c0465.yaml new file mode 100644 index 0000000000..98ba768cab --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8cfb86a7329c0d8dd964b15f121c0465.yaml @@ -0,0 +1,60 @@ +id: wordpress-8cfb86a7329c0d8dd964b15f121c0465 + +info: + name: > + WordPress Core < 4.9.7 - Authenticated Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c38a5e59-3233-4b37-bd6f-baf5dc9f9a01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.9', '<= 4.9.6') + - compare_versions(version_by_js, '>= 4.9', '<= 4.9.6') + - compare_versions(version_by_css, '>= 4.9', '<= 4.9.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8d7f0213118d2e7594c423ff47139a2f.yaml b/nuclei-templates/cve-less/unknown/wordpress-8d7f0213118d2e7594c423ff47139a2f.yaml new file mode 100644 index 0000000000..8c2e5a4077 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8d7f0213118d2e7594c423ff47139a2f.yaml @@ -0,0 +1,60 @@ +id: wordpress-8d7f0213118d2e7594c423ff47139a2f + +info: + name: > + WordPress Core < 5.5.2 - Stored Cross-Site Scripting via post slugs + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8cf1ac25-2e55-4e27-af01-9b5b1997f339?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_js, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_css, '>= 5.5', '<= 5.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8daecb014dc988145299156f0c3a8f3b.yaml b/nuclei-templates/cve-less/unknown/wordpress-8daecb014dc988145299156f0c3a8f3b.yaml new file mode 100644 index 0000000000..1c47247d2b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8daecb014dc988145299156f0c3a8f3b.yaml @@ -0,0 +1,60 @@ +id: wordpress-8daecb014dc988145299156f0c3a8f3b + +info: + name: > + WordPress Core < 2.0.4 - Privilege Escalation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab6e751-dc23-442f-b22e-ee41fd6651f6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.0.4') + - compare_versions(version_by_js, '< 2.0.4') + - compare_versions(version_by_css, '< 2.0.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8e7628242a5e642029359540e3fcfb1f.yaml b/nuclei-templates/cve-less/unknown/wordpress-8e7628242a5e642029359540e3fcfb1f.yaml new file mode 100644 index 0000000000..f759eaf8e3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8e7628242a5e642029359540e3fcfb1f.yaml @@ -0,0 +1,60 @@ +id: wordpress-8e7628242a5e642029359540e3fcfb1f + +info: + name: > + WordPress Core < 3.9.2 - Deserialization via Widgets + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/99e0a243-3e0e-4e2b-82fd-95c3cfde8a1b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_js, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_css, '>= 3.9', '<= 3.9.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8e966b9a3ab397321c460171d68be9d5.yaml b/nuclei-templates/cve-less/unknown/wordpress-8e966b9a3ab397321c460171d68be9d5.yaml new file mode 100644 index 0000000000..0ccb6978ee --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8e966b9a3ab397321c460171d68be9d5.yaml @@ -0,0 +1,60 @@ +id: wordpress-8e966b9a3ab397321c460171d68be9d5 + +info: + name: > + WordPress Core < 6.5.2 - Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e363c09a-4381-4b3a-951c-9a0ff5669016?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 6.5', '<= 6.5.1') + - compare_versions(version_by_js, '>= 6.5', '<= 6.5.1') + - compare_versions(version_by_css, '>= 6.5', '<= 6.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-8f4884efdff27397d49a00e263f63112.yaml b/nuclei-templates/cve-less/unknown/wordpress-8f4884efdff27397d49a00e263f63112.yaml new file mode 100644 index 0000000000..8158342b74 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-8f4884efdff27397d49a00e263f63112.yaml @@ -0,0 +1,60 @@ +id: wordpress-8f4884efdff27397d49a00e263f63112 + +info: + name: > + WordPress Core < 4.8.2 - SQL Injection via Mishandled Placeholders + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6b558818-f459-4bc1-893c-8c1c7bf9d6d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_js, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_css, '>= 4.8', '<= 4.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-91015e7f81886f4b730bb4d9cace5ff4.yaml b/nuclei-templates/cve-less/unknown/wordpress-91015e7f81886f4b730bb4d9cace5ff4.yaml new file mode 100644 index 0000000000..342370a7db --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-91015e7f81886f4b730bb4d9cace5ff4.yaml @@ -0,0 +1,60 @@ +id: wordpress-91015e7f81886f4b730bb4d9cace5ff4 + +info: + name: > + WordPress Core < 3.4.1 - Cross-Site Request Forgery + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c77fce42-92e9-43bc-ab3b-599e036ed648?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.4') + - compare_versions(version_by_js, '<= 3.4') + - compare_versions(version_by_css, '<= 3.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-943fe1afe2239cabddc696ea99c54f87.yaml b/nuclei-templates/cve-less/unknown/wordpress-943fe1afe2239cabddc696ea99c54f87.yaml new file mode 100644 index 0000000000..fabf0c1ac0 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-943fe1afe2239cabddc696ea99c54f87.yaml @@ -0,0 +1,60 @@ +id: wordpress-943fe1afe2239cabddc696ea99c54f87 + +info: + name: > + WordPress Core < 3.9.2 - Authenticated Cross-Site Scripting via Avatar URL + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/855f5cca-b0cc-4a1b-be33-d11776ad7c08?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_js, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_css, '>= 3.9', '<= 3.9.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-94e875876e33f7910e533db7414662e9.yaml b/nuclei-templates/cve-less/unknown/wordpress-94e875876e33f7910e533db7414662e9.yaml new file mode 100644 index 0000000000..e09cd421b6 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-94e875876e33f7910e533db7414662e9.yaml @@ -0,0 +1,60 @@ +id: wordpress-94e875876e33f7910e533db7414662e9 + +info: + name: > + WordPress Core < 4.7.2 - Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8bed0637-6d1b-4c30-b87c-01c88d573ae6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.1') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.1') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-94ffba477783a49fe859db6d419a4e64.yaml b/nuclei-templates/cve-less/unknown/wordpress-94ffba477783a49fe859db6d419a4e64.yaml new file mode 100644 index 0000000000..5e44e32e9d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-94ffba477783a49fe859db6d419a4e64.yaml @@ -0,0 +1,60 @@ +id: wordpress-94ffba477783a49fe859db6d419a4e64 + +info: + name: > + WordPress Core < 5.8.3 - SQL Injection via WP_Meta_Query + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0114f098-713d-4eef-8643-901f607375de?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.8', '< 5.8.3') + - compare_versions(version_by_js, '>= 5.8', '< 5.8.3') + - compare_versions(version_by_css, '>= 5.8', '< 5.8.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-9559790b5854ee75fa9274674dff65a7.yaml b/nuclei-templates/cve-less/unknown/wordpress-9559790b5854ee75fa9274674dff65a7.yaml new file mode 100644 index 0000000000..788f26023d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-9559790b5854ee75fa9274674dff65a7.yaml @@ -0,0 +1,60 @@ +id: wordpress-9559790b5854ee75fa9274674dff65a7 + +info: + name: > + WordPress Core < 4.5.3 - Denial of Service via oEmbed Protocol + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/17646179-47ad-4846-a581-3e713df43c32?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_js, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_css, '>= 4.5', '<= 4.5.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-961869e098107f0663bca51ce71cbf50.yaml b/nuclei-templates/cve-less/unknown/wordpress-961869e098107f0663bca51ce71cbf50.yaml new file mode 100644 index 0000000000..6d6eb552b4 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-961869e098107f0663bca51ce71cbf50.yaml @@ -0,0 +1,60 @@ +id: wordpress-961869e098107f0663bca51ce71cbf50 + +info: + name: > + WordPress Core < 5.0.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/caa66246-7ffa-4944-ae3a-9c872300b7d4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.0') + - compare_versions(version_by_js, '5.0') + - compare_versions(version_by_css, '5.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-96bf3f16564c1ae9e8c567dffc5576d2.yaml b/nuclei-templates/cve-less/unknown/wordpress-96bf3f16564c1ae9e8c567dffc5576d2.yaml new file mode 100644 index 0000000000..cc3b7615d6 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-96bf3f16564c1ae9e8c567dffc5576d2.yaml @@ -0,0 +1,60 @@ +id: wordpress-96bf3f16564c1ae9e8c567dffc5576d2 + +info: + name: > + WordPress Core < 5.8.3 - SQL Injection via WP_Query + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ef885f-fd62-4513-83cb-65381b99a172?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.8', '< 5.8.3') + - compare_versions(version_by_js, '>= 5.8', '< 5.8.3') + - compare_versions(version_by_css, '>= 5.8', '< 5.8.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-9717160fae4fbf7e432e0ecf4fa6857d.yaml b/nuclei-templates/cve-less/unknown/wordpress-9717160fae4fbf7e432e0ecf4fa6857d.yaml new file mode 100644 index 0000000000..78a2a1e893 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-9717160fae4fbf7e432e0ecf4fa6857d.yaml @@ -0,0 +1,60 @@ +id: wordpress-9717160fae4fbf7e432e0ecf4fa6857d + +info: + name: > + WordPress Core < 3.4.2 - Missing Authorization Checks + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/342370a0-9364-40cd-9556-e53312e67548?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.4.1') + - compare_versions(version_by_js, '<= 3.4.1') + - compare_versions(version_by_css, '<= 3.4.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-9a47bc7022503d111499b3cff929ca66.yaml b/nuclei-templates/cve-less/unknown/wordpress-9a47bc7022503d111499b3cff929ca66.yaml new file mode 100644 index 0000000000..33c431d36d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-9a47bc7022503d111499b3cff929ca66.yaml @@ -0,0 +1,60 @@ +id: wordpress-9a47bc7022503d111499b3cff929ca66 + +info: + name: > + WordPress Core <= 2.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4a1e77de-0207-412d-857d-ab6947116669?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.5') + - compare_versions(version_by_js, '<= 2.5') + - compare_versions(version_by_css, '<= 2.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-9b2541766ae2ed11a30c45f083c00914.yaml b/nuclei-templates/cve-less/unknown/wordpress-9b2541766ae2ed11a30c45f083c00914.yaml new file mode 100644 index 0000000000..a2c507e640 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-9b2541766ae2ed11a30c45f083c00914.yaml @@ -0,0 +1,60 @@ +id: wordpress-9b2541766ae2ed11a30c45f083c00914 + +info: + name: > + WordPress Core < 3.5.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d116e432-ded9-4fc1-9509-710269dba5e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.5.1') + - compare_versions(version_by_js, '<= 3.5.1') + - compare_versions(version_by_css, '<= 3.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-9b495116efe81efbef767367233f8ed6.yaml b/nuclei-templates/cve-less/unknown/wordpress-9b495116efe81efbef767367233f8ed6.yaml new file mode 100644 index 0000000000..845ef28697 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-9b495116efe81efbef767367233f8ed6.yaml @@ -0,0 +1,60 @@ +id: wordpress-9b495116efe81efbef767367233f8ed6 + +info: + name: > + Wordpress Core < 5.5 - Unauthorized Password Reset via Interception + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/254b5dd2-c3d9-45d9-8328-6cc8ef29c9db?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 5.5') + - compare_versions(version_by_js, '< 5.5') + - compare_versions(version_by_css, '< 5.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-9c4f3bd913eaccae5ca356225972c475.yaml b/nuclei-templates/cve-less/unknown/wordpress-9c4f3bd913eaccae5ca356225972c475.yaml new file mode 100644 index 0000000000..ee587ee17b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-9c4f3bd913eaccae5ca356225972c475.yaml @@ -0,0 +1,60 @@ +id: wordpress-9c4f3bd913eaccae5ca356225972c475 + +info: + name: > + WordPress Core < 3.1.3 - Clickjacking + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ee2c5df2-250a-4e35-9219-2630d8d9253a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.1.2') + - compare_versions(version_by_js, '<= 3.1.2') + - compare_versions(version_by_css, '<= 3.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-9dceb7fcf519a862880765bef945d899.yaml b/nuclei-templates/cve-less/unknown/wordpress-9dceb7fcf519a862880765bef945d899.yaml new file mode 100644 index 0000000000..68f53754b7 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-9dceb7fcf519a862880765bef945d899.yaml @@ -0,0 +1,60 @@ +id: wordpress-9dceb7fcf519a862880765bef945d899 + +info: + name: > + WordPress Core < 3.1.3 - Username Enumeration + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/73163743-2bff-459d-bed9-593f6ce837fa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.1.2') + - compare_versions(version_by_js, '<= 3.1.2') + - compare_versions(version_by_css, '<= 3.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-9dd4cb0287dbb0c911539aa54dbf388e.yaml b/nuclei-templates/cve-less/unknown/wordpress-9dd4cb0287dbb0c911539aa54dbf388e.yaml new file mode 100644 index 0000000000..76df6c748a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-9dd4cb0287dbb0c911539aa54dbf388e.yaml @@ -0,0 +1,60 @@ +id: wordpress-9dd4cb0287dbb0c911539aa54dbf388e + +info: + name: > + WordPress Core < 3.1.1 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cefb979e-2b5b-4820-a350-ee106131f0f9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.1.1') + - compare_versions(version_by_js, '< 3.1.1') + - compare_versions(version_by_css, '< 3.1.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-a1f41447ffcf38fa9b963d8ece31aad9.yaml b/nuclei-templates/cve-less/unknown/wordpress-a1f41447ffcf38fa9b963d8ece31aad9.yaml new file mode 100644 index 0000000000..9c7cba2117 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-a1f41447ffcf38fa9b963d8ece31aad9.yaml @@ -0,0 +1,60 @@ +id: wordpress-a1f41447ffcf38fa9b963d8ece31aad9 + +info: + name: > + Twenty Fifteen Theme <= 1.1 & WordPress Core < 4.2.2 - Cross-Site Scripting via example.html + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/57666105-81e4-4ef4-8889-9ce9995d2629?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.2', '<= 4.2.1') + - compare_versions(version_by_js, '>= 4.2', '<= 4.2.1') + - compare_versions(version_by_css, '>= 4.2', '<= 4.2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-a360355ea7a6fa734846a138f34fc056.yaml b/nuclei-templates/cve-less/unknown/wordpress-a360355ea7a6fa734846a138f34fc056.yaml new file mode 100644 index 0000000000..4e97f6a07c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-a360355ea7a6fa734846a138f34fc056.yaml @@ -0,0 +1,60 @@ +id: wordpress-a360355ea7a6fa734846a138f34fc056 + +info: + name: > + WordPress Core < 4.8.2 - Directory Traversal during unzip + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8be739cd-e594-41a5-85a4-9cf7d3436953?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_js, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_css, '>= 4.8', '<= 4.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-a556f0ec8cc782b1df540c9037fded25.yaml b/nuclei-templates/cve-less/unknown/wordpress-a556f0ec8cc782b1df540c9037fded25.yaml new file mode 100644 index 0000000000..f259a733d6 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-a556f0ec8cc782b1df540c9037fded25.yaml @@ -0,0 +1,60 @@ +id: wordpress-a556f0ec8cc782b1df540c9037fded25 + +info: + name: > + WordPress Core <= 2.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c6670e56-ae81-4b1b-8274-bf355a411e92?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.1.1') + - compare_versions(version_by_js, '<= 2.1.1') + - compare_versions(version_by_css, '<= 2.1.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-a6040faf2015f580e86df44be5a5e505.yaml b/nuclei-templates/cve-less/unknown/wordpress-a6040faf2015f580e86df44be5a5e505.yaml new file mode 100644 index 0000000000..0935144d05 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-a6040faf2015f580e86df44be5a5e505.yaml @@ -0,0 +1,60 @@ +id: wordpress-a6040faf2015f580e86df44be5a5e505 + +info: + name: > + WordPress Core < 5.4.2 - Comment Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8055886f-d0a9-4784-8430-41816db6c884?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_js, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_css, '>= 5.3', '<= 5.3.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-a7765f598fd1a7f35b5c80f721d18a4c.yaml b/nuclei-templates/cve-less/unknown/wordpress-a7765f598fd1a7f35b5c80f721d18a4c.yaml new file mode 100644 index 0000000000..2bf9246b90 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-a7765f598fd1a7f35b5c80f721d18a4c.yaml @@ -0,0 +1,60 @@ +id: wordpress-a7765f598fd1a7f35b5c80f721d18a4c + +info: + name: > + WordPress Core 5.8 beta - Block Editor Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6ed9a567-fde4-4b6f-81c1-423c5cbba0a9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.8 beta 1') + - compare_versions(version_by_js, '5.8 beta 1') + - compare_versions(version_by_css, '5.8 beta 1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-a9813318cd00104cf812206e64197a1c.yaml b/nuclei-templates/cve-less/unknown/wordpress-a9813318cd00104cf812206e64197a1c.yaml new file mode 100644 index 0000000000..5be9b670cf --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-a9813318cd00104cf812206e64197a1c.yaml @@ -0,0 +1,60 @@ +id: wordpress-a9813318cd00104cf812206e64197a1c + +info: + name: > + WordPress Core < 1.5.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/faf3fb76-847f-447f-b6c6-49bd0d30d3c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 1.5.1') + - compare_versions(version_by_js, '< 1.5.1') + - compare_versions(version_by_css, '< 1.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-a9ad83e54783a948a61ebfff2f7f5203.yaml b/nuclei-templates/cve-less/unknown/wordpress-a9ad83e54783a948a61ebfff2f7f5203.yaml new file mode 100644 index 0000000000..66fb97325d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-a9ad83e54783a948a61ebfff2f7f5203.yaml @@ -0,0 +1,60 @@ +id: wordpress-a9ad83e54783a948a61ebfff2f7f5203 + +info: + name: > + WordPress Core < 4.2.4 - Timing Side-Channel Attack + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97ab2585-4178-4a5b-923f-2ce9ca44a8d7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_js, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_css, '>= 4.2', '<= 4.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-abd2276f34ac392ae9b6a69f93290abd.yaml b/nuclei-templates/cve-less/unknown/wordpress-abd2276f34ac392ae9b6a69f93290abd.yaml new file mode 100644 index 0000000000..9923287f48 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-abd2276f34ac392ae9b6a69f93290abd.yaml @@ -0,0 +1,60 @@ +id: wordpress-abd2276f34ac392ae9b6a69f93290abd + +info: + name: > + WordPress Core <= 2.2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26daa367-ef73-4ae0-843e-6d5366cc4ecd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.2.2') + - compare_versions(version_by_js, '<= 2.2.2') + - compare_versions(version_by_css, '<= 2.2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ace566c0a5525d35803c135eded9eab4.yaml b/nuclei-templates/cve-less/unknown/wordpress-ace566c0a5525d35803c135eded9eab4.yaml new file mode 100644 index 0000000000..a4ac018f22 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ace566c0a5525d35803c135eded9eab4.yaml @@ -0,0 +1,60 @@ +id: wordpress-ace566c0a5525d35803c135eded9eab4 + +info: + name: > + WordPress Core < 1.5.1 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3b090a-71a3-4430-871d-f19ee1033e01?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 1.5.1') + - compare_versions(version_by_js, '< 1.5.1') + - compare_versions(version_by_css, '< 1.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ad0fcad65404198d16818a14a8da0aef.yaml b/nuclei-templates/cve-less/unknown/wordpress-ad0fcad65404198d16818a14a8da0aef.yaml new file mode 100644 index 0000000000..cc4fe8c740 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ad0fcad65404198d16818a14a8da0aef.yaml @@ -0,0 +1,60 @@ +id: wordpress-ad0fcad65404198d16818a14a8da0aef + +info: + name: > + WordPress Core < 4.7.1 - Weak Multi-Site Activation Key for User and Site Signup + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/14b7fd1e-6e2d-49bb-8492-b072afeebd88?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.0') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.0') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ad38afb51962a3a64e23111606699305.yaml b/nuclei-templates/cve-less/unknown/wordpress-ad38afb51962a3a64e23111606699305.yaml new file mode 100644 index 0000000000..832984bd19 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ad38afb51962a3a64e23111606699305.yaml @@ -0,0 +1,60 @@ +id: wordpress-ad38afb51962a3a64e23111606699305 + +info: + name: > + WordPress Core < 2.3.2 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2ad674f7-aff6-432d-9c4c-95aebf8fcf6b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.3.1') + - compare_versions(version_by_js, '<= 2.3.1') + - compare_versions(version_by_css, '<= 2.3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ae7b7bb250ae769ff4beaa2dedd275b5.yaml b/nuclei-templates/cve-less/unknown/wordpress-ae7b7bb250ae769ff4beaa2dedd275b5.yaml new file mode 100644 index 0000000000..953592fb9c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ae7b7bb250ae769ff4beaa2dedd275b5.yaml @@ -0,0 +1,60 @@ +id: wordpress-ae7b7bb250ae769ff4beaa2dedd275b5 + +info: + name: > + WordPress Core <= 3.3.2 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/303380f7-d043-48d5-8edb-9d45f13d0d82?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.3.3') + - compare_versions(version_by_js, '< 3.3.3') + - compare_versions(version_by_css, '< 3.3.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-aedb8ef9dda4c39f43ef4bd8a3efbfb7.yaml b/nuclei-templates/cve-less/unknown/wordpress-aedb8ef9dda4c39f43ef4bd8a3efbfb7.yaml new file mode 100644 index 0000000000..a266ab6356 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-aedb8ef9dda4c39f43ef4bd8a3efbfb7.yaml @@ -0,0 +1,60 @@ +id: wordpress-aedb8ef9dda4c39f43ef4bd8a3efbfb7 + +info: + name: > + WordPress Core < 5.5.2 - Reflected Cross-Site Scripting via Global Variables + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4290ee15-0362-48c5-a570-4a1b6719a948?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_js, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_css, '>= 5.5', '<= 5.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-afdadb026d57db9d33e6ce88c87f98dc.yaml b/nuclei-templates/cve-less/unknown/wordpress-afdadb026d57db9d33e6ce88c87f98dc.yaml new file mode 100644 index 0000000000..49b0f6a08d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-afdadb026d57db9d33e6ce88c87f98dc.yaml @@ -0,0 +1,60 @@ +id: wordpress-afdadb026d57db9d33e6ce88c87f98dc + +info: + name: > + WordPress Core < 3.4.1 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/fceae728-ea72-4586-848f-3a45b6f9699a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.4') + - compare_versions(version_by_js, '<= 3.4') + - compare_versions(version_by_css, '<= 3.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b03b6f982ebdfada0df07b7e248419ae.yaml b/nuclei-templates/cve-less/unknown/wordpress-b03b6f982ebdfada0df07b7e248419ae.yaml new file mode 100644 index 0000000000..b737390b48 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b03b6f982ebdfada0df07b7e248419ae.yaml @@ -0,0 +1,60 @@ +id: wordpress-b03b6f982ebdfada0df07b7e248419ae + +info: + name: > + WordPress Core < 3.1.3 - Security Hardening + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/501e3c8a-350e-4431-b6a2-012e837320bc?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.1.2') + - compare_versions(version_by_js, '<= 3.1.2') + - compare_versions(version_by_css, '<= 3.1.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b1e81e2bb291b72a5171503a82225d78.yaml b/nuclei-templates/cve-less/unknown/wordpress-b1e81e2bb291b72a5171503a82225d78.yaml new file mode 100644 index 0000000000..7cb69db75f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b1e81e2bb291b72a5171503a82225d78.yaml @@ -0,0 +1,60 @@ +id: wordpress-b1e81e2bb291b72a5171503a82225d78 + +info: + name: > + WordPress Core < 3.9.2 - Brute Force of Cross-Site Request Forgery Tokens + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ad943111-24c1-4ff9-b34a-aa4e1ee8ee75?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_js, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_css, '>= 3.9', '<= 3.9.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b2845f73d8f9f13ca71ed2d0d53cc21a.yaml b/nuclei-templates/cve-less/unknown/wordpress-b2845f73d8f9f13ca71ed2d0d53cc21a.yaml new file mode 100644 index 0000000000..df094bef19 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b2845f73d8f9f13ca71ed2d0d53cc21a.yaml @@ -0,0 +1,60 @@ +id: wordpress-b2845f73d8f9f13ca71ed2d0d53cc21a + +info: + name: > + WordPress Core < 5.0.1 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/506d1518-658f-4deb-9c30-d0bce5ef9df4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.0') + - compare_versions(version_by_js, '5.0') + - compare_versions(version_by_css, '5.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b2f452da67fdef518c0ca5b8fbefe3fc.yaml b/nuclei-templates/cve-less/unknown/wordpress-b2f452da67fdef518c0ca5b8fbefe3fc.yaml new file mode 100644 index 0000000000..4748be2fdd --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b2f452da67fdef518c0ca5b8fbefe3fc.yaml @@ -0,0 +1,60 @@ +id: wordpress-b2f452da67fdef518c0ca5b8fbefe3fc + +info: + name: > + WordPress Core < 5.8.3 - Authenticated (Author+) Stored Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c272f769-65da-4963-aff0-8f68a277ea63?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.8', '< 5.8.3') + - compare_versions(version_by_js, '>= 5.8', '< 5.8.3') + - compare_versions(version_by_css, '>= 5.8', '< 5.8.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b31baacf3424b6f807916c83cd50d239.yaml b/nuclei-templates/cve-less/unknown/wordpress-b31baacf3424b6f807916c83cd50d239.yaml new file mode 100644 index 0000000000..937bd83a38 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b31baacf3424b6f807916c83cd50d239.yaml @@ -0,0 +1,60 @@ +id: wordpress-b31baacf3424b6f807916c83cd50d239 + +info: + name: > + WordPress Core < 4.7.5 - Cross-Site Scripting via Customizer + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f21c70aa-22be-456d-93bb-f478b70deaef?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b367af7a9973d3e1a783a97089bd971d.yaml b/nuclei-templates/cve-less/unknown/wordpress-b367af7a9973d3e1a783a97089bd971d.yaml new file mode 100644 index 0000000000..b43f620ee3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b367af7a9973d3e1a783a97089bd971d.yaml @@ -0,0 +1,60 @@ +id: wordpress-b367af7a9973d3e1a783a97089bd971d + +info: + name: > + WordPress Core < 2.0.10 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f7469ec-cbd5-4f13-8455-b907f2542836?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.0.10') + - compare_versions(version_by_js, '< 2.0.10') + - compare_versions(version_by_css, '< 2.0.10') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b4ae1cbd422cc707f6a60d7100bb98f1.yaml b/nuclei-templates/cve-less/unknown/wordpress-b4ae1cbd422cc707f6a60d7100bb98f1.yaml new file mode 100644 index 0000000000..7190d2cdc2 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b4ae1cbd422cc707f6a60d7100bb98f1.yaml @@ -0,0 +1,60 @@ +id: wordpress-b4ae1cbd422cc707f6a60d7100bb98f1 + +info: + name: > + WordPress Core < 4.5.3 - Cross-Site Scripting via Attachment Name #2 + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ffa252d6-0fe2-4d1f-802f-b902084822a7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_js, '>= 4.5', '<= 4.5.2') + - compare_versions(version_by_css, '>= 4.5', '<= 4.5.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b56f368057104a536902fcd79d840f4c.yaml b/nuclei-templates/cve-less/unknown/wordpress-b56f368057104a536902fcd79d840f4c.yaml new file mode 100644 index 0000000000..2c4aecd70e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b56f368057104a536902fcd79d840f4c.yaml @@ -0,0 +1,60 @@ +id: wordpress-b56f368057104a536902fcd79d840f4c + +info: + name: > + WordPress Core < 5.0.1 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c399687c-bb00-4b72-a17f-e3bf04918259?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.0') + - compare_versions(version_by_js, '5.0') + - compare_versions(version_by_css, '5.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b5f3aa91d8f686ecb64672be69232913.yaml b/nuclei-templates/cve-less/unknown/wordpress-b5f3aa91d8f686ecb64672be69232913.yaml new file mode 100644 index 0000000000..9571549bc5 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b5f3aa91d8f686ecb64672be69232913.yaml @@ -0,0 +1,60 @@ +id: wordpress-b5f3aa91d8f686ecb64672be69232913 + +info: + name: > + WordPress Core < 5.5.2 - Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/beb70eb8-9a9c-4116-832c-337fc2a03329?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_js, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_css, '>= 5.5', '<= 5.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b64a64e861339d55f5a2f0ac25277a51.yaml b/nuclei-templates/cve-less/unknown/wordpress-b64a64e861339d55f5a2f0ac25277a51.yaml new file mode 100644 index 0000000000..78e19dd3e8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b64a64e861339d55f5a2f0ac25277a51.yaml @@ -0,0 +1,60 @@ +id: wordpress-b64a64e861339d55f5a2f0ac25277a51 + +info: + name: > + WordPress Core < 3.0.2 - Missing Authorization + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a19ef0d7-fd44-45ea-8fb1-b99c270072c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.0.2') + - compare_versions(version_by_js, '< 3.0.2') + - compare_versions(version_by_css, '< 3.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b663b232442962620349fea8213563e3.yaml b/nuclei-templates/cve-less/unknown/wordpress-b663b232442962620349fea8213563e3.yaml new file mode 100644 index 0000000000..d76724577e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b663b232442962620349fea8213563e3.yaml @@ -0,0 +1,60 @@ +id: wordpress-b663b232442962620349fea8213563e3 + +info: + name: > + WordPress Core < 5.5.2 - Misconfiguration That Allows Trigger of New Installation + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b13f6a3f-cab6-4aff-a96e-58250fcf655a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_js, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_css, '>= 5.5', '<= 5.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b6ef12da904bae37326eb97a5edb0897.yaml b/nuclei-templates/cve-less/unknown/wordpress-b6ef12da904bae37326eb97a5edb0897.yaml new file mode 100644 index 0000000000..0f133ce79a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b6ef12da904bae37326eb97a5edb0897.yaml @@ -0,0 +1,60 @@ +id: wordpress-b6ef12da904bae37326eb97a5edb0897 + +info: + name: > + WordPress Core < 5.4.1 - Private Post Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6b6fb24-f70b-44b0-a1e8-12ebc0e0c105?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.4') + - compare_versions(version_by_js, '5.4') + - compare_versions(version_by_css, '5.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-b9356af48d41602f5f193ab6f4ff8815.yaml b/nuclei-templates/cve-less/unknown/wordpress-b9356af48d41602f5f193ab6f4ff8815.yaml new file mode 100644 index 0000000000..122b7f2e81 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-b9356af48d41602f5f193ab6f4ff8815.yaml @@ -0,0 +1,60 @@ +id: wordpress-b9356af48d41602f5f193ab6f4ff8815 + +info: + name: > + WordPress Core <= 2.2.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0848d526-9530-40f3-8430-499d96b9a1b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.2.1') + - compare_versions(version_by_js, '<= 2.2.1') + - compare_versions(version_by_css, '<= 2.2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ba3f57edd5942e41e1c356bb6facbe2e.yaml b/nuclei-templates/cve-less/unknown/wordpress-ba3f57edd5942e41e1c356bb6facbe2e.yaml new file mode 100644 index 0000000000..5255311154 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ba3f57edd5942e41e1c356bb6facbe2e.yaml @@ -0,0 +1,60 @@ +id: wordpress-ba3f57edd5942e41e1c356bb6facbe2e + +info: + name: > + WordPress Core < 4.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3d9f4fbe-6da6-4620-a071-00b7a462de45?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.1', '<= 4.1.1') + - compare_versions(version_by_js, '>= 4.1', '<= 4.1.1') + - compare_versions(version_by_css, '>= 4.1', '<= 4.1.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ba7a192dc11fbcdb8120bb496c3a824f.yaml b/nuclei-templates/cve-less/unknown/wordpress-ba7a192dc11fbcdb8120bb496c3a824f.yaml new file mode 100644 index 0000000000..0cb3e285f9 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ba7a192dc11fbcdb8120bb496c3a824f.yaml @@ -0,0 +1,60 @@ +id: wordpress-ba7a192dc11fbcdb8120bb496c3a824f + +info: + name: > + WordPress Core < 5.2.3 - Open Redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4b6f9700-eb29-4391-845c-58e1a2327b0b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ba9afcdc2c4064b274144b2089eea64e.yaml b/nuclei-templates/cve-less/unknown/wordpress-ba9afcdc2c4064b274144b2089eea64e.yaml new file mode 100644 index 0000000000..8337ad2b4f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ba9afcdc2c4064b274144b2089eea64e.yaml @@ -0,0 +1,60 @@ +id: wordpress-ba9afcdc2c4064b274144b2089eea64e + +info: + name: > + WordPress Core <= 4.5.3 - Denial of Service + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/83f8adea-4735-4c72-b274-58e813cab6ab?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 4.6') + - compare_versions(version_by_js, '< 4.6') + - compare_versions(version_by_css, '< 4.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-bb9587c8922bec5591eb7af4043b1550.yaml b/nuclei-templates/cve-less/unknown/wordpress-bb9587c8922bec5591eb7af4043b1550.yaml new file mode 100644 index 0000000000..a68e64bff3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-bb9587c8922bec5591eb7af4043b1550.yaml @@ -0,0 +1,60 @@ +id: wordpress-bb9587c8922bec5591eb7af4043b1550 + +info: + name: > + WordPress Core < 5.4.2 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/371deb9d-707f-47e4-96d7-1a287926b536?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_js, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_css, '>= 5.3', '<= 5.3.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-bbfd05e99343b74d08e0d99829773ed8.yaml b/nuclei-templates/cve-less/unknown/wordpress-bbfd05e99343b74d08e0d99829773ed8.yaml new file mode 100644 index 0000000000..6ac381e6f9 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-bbfd05e99343b74d08e0d99829773ed8.yaml @@ -0,0 +1,60 @@ +id: wordpress-bbfd05e99343b74d08e0d99829773ed8 + +info: + name: > + WordPress Core <= 2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/dab0ddfb-6e30-4bde-95fb-90570579ff04?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.1') + - compare_versions(version_by_js, '<= 2.0.1') + - compare_versions(version_by_css, '<= 2.0.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-bc3069fe10b3f1d27d4fca396970c629.yaml b/nuclei-templates/cve-less/unknown/wordpress-bc3069fe10b3f1d27d4fca396970c629.yaml new file mode 100644 index 0000000000..93d7a5059e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-bc3069fe10b3f1d27d4fca396970c629.yaml @@ -0,0 +1,60 @@ +id: wordpress-bc3069fe10b3f1d27d4fca396970c629 + +info: + name: > + WordPress Core <= 2.2.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/64b4faf1-c2f2-43cd-900e-22edce3145a8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 2.2', '<= 2.2.1') + - compare_versions(version_by_js, '>= 2.2', '<= 2.2.1') + - compare_versions(version_by_css, '>= 2.2', '<= 2.2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-bcdd353c7595eb2f2eb76b75cc1e43b8.yaml b/nuclei-templates/cve-less/unknown/wordpress-bcdd353c7595eb2f2eb76b75cc1e43b8.yaml new file mode 100644 index 0000000000..505bb9acb3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-bcdd353c7595eb2f2eb76b75cc1e43b8.yaml @@ -0,0 +1,60 @@ +id: wordpress-bcdd353c7595eb2f2eb76b75cc1e43b8 + +info: + name: > + WordPress Core < 4.7.1 - Cross-Site Request Forgery via Widget Editing + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/91e61664-3b98-4a97-b35c-1ec88034d05b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.7') + - compare_versions(version_by_js, '4.7') + - compare_versions(version_by_css, '4.7') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-bdc96e293d307a40e2fa7c21f5ce8481.yaml b/nuclei-templates/cve-less/unknown/wordpress-bdc96e293d307a40e2fa7c21f5ce8481.yaml new file mode 100644 index 0000000000..68eb293113 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-bdc96e293d307a40e2fa7c21f5ce8481.yaml @@ -0,0 +1,60 @@ +id: wordpress-bdc96e293d307a40e2fa7c21f5ce8481 + +info: + name: > + WordPress Core < 5.5.2 - Privilege Escalation via XML-RPC + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/36e15052-0e04-4b72-b573-b736109517b8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_js, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_css, '>= 5.5', '<= 5.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-be037ab5b01a52fa0b9478e50ded7b01.yaml b/nuclei-templates/cve-less/unknown/wordpress-be037ab5b01a52fa0b9478e50ded7b01.yaml new file mode 100644 index 0000000000..00a4cc42d0 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-be037ab5b01a52fa0b9478e50ded7b01.yaml @@ -0,0 +1,60 @@ +id: wordpress-be037ab5b01a52fa0b9478e50ded7b01 + +info: + name: > + WordPress Core < 2.1.3 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/65c72e79-f0a9-4293-98be-956d8e4afb83?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.1.3') + - compare_versions(version_by_js, '< 2.1.3') + - compare_versions(version_by_css, '< 2.1.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-be6c6a1b2aa1f77b87ad2b8134d3bc88.yaml b/nuclei-templates/cve-less/unknown/wordpress-be6c6a1b2aa1f77b87ad2b8134d3bc88.yaml new file mode 100644 index 0000000000..8181978ccd --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-be6c6a1b2aa1f77b87ad2b8134d3bc88.yaml @@ -0,0 +1,60 @@ +id: wordpress-be6c6a1b2aa1f77b87ad2b8134d3bc88 + +info: + name: > + WordPress Core < 2.0.2 - Reflected Cross-Site Scripting + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8313827-f3ce-451d-869a-99684f58daff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.0.2') + - compare_versions(version_by_js, '< 2.0.2') + - compare_versions(version_by_css, '< 2.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-bea5bcb6ac9b66b08b05c172c3f9bc32.yaml b/nuclei-templates/cve-less/unknown/wordpress-bea5bcb6ac9b66b08b05c172c3f9bc32.yaml new file mode 100644 index 0000000000..71867ae61f --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-bea5bcb6ac9b66b08b05c172c3f9bc32.yaml @@ -0,0 +1,60 @@ +id: wordpress-bea5bcb6ac9b66b08b05c172c3f9bc32 + +info: + name: > + WordPress Core < 2.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/54285c08-c9c8-4576-b1e8-e3b1c584c4bb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.0.2') + - compare_versions(version_by_js, '< 2.0.2') + - compare_versions(version_by_css, '< 2.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-bfe0f8e25d74b045cc4dd1aba2b7405e.yaml b/nuclei-templates/cve-less/unknown/wordpress-bfe0f8e25d74b045cc4dd1aba2b7405e.yaml new file mode 100644 index 0000000000..eba2da0531 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-bfe0f8e25d74b045cc4dd1aba2b7405e.yaml @@ -0,0 +1,60 @@ +id: wordpress-bfe0f8e25d74b045cc4dd1aba2b7405e + +info: + name: > + WordPress Core < 2.5 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/33c666af-b51f-4d9e-9c32-ca0a124cd4b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.4') + - compare_versions(version_by_js, '<= 2.4') + - compare_versions(version_by_css, '<= 2.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c0e5f2da98e1e5d6efb1f04d623a07e6.yaml b/nuclei-templates/cve-less/unknown/wordpress-c0e5f2da98e1e5d6efb1f04d623a07e6.yaml new file mode 100644 index 0000000000..07cd138df9 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c0e5f2da98e1e5d6efb1f04d623a07e6.yaml @@ -0,0 +1,60 @@ +id: wordpress-c0e5f2da98e1e5d6efb1f04d623a07e6 + +info: + name: > + WordPress Core - All Known Versions - Cleartext Storage of wp_signups.activation_key + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9fda5e15-fdf9-4b67-93d3-2dbfa94aefe9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= *') + - compare_versions(version_by_js, '<= *') + - compare_versions(version_by_css, '<= *') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c3b071ad95bfe73bbf502df3093126a9.yaml b/nuclei-templates/cve-less/unknown/wordpress-c3b071ad95bfe73bbf502df3093126a9.yaml new file mode 100644 index 0000000000..57ac066092 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c3b071ad95bfe73bbf502df3093126a9.yaml @@ -0,0 +1,60 @@ +id: wordpress-c3b071ad95bfe73bbf502df3093126a9 + +info: + name: > + WordPress Core < 4.2.1 - Cross-Site Scripting via Comments + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/cec5bfa6-96ed-4a5a-be19-63434af32c89?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.2') + - compare_versions(version_by_js, '4.2') + - compare_versions(version_by_css, '4.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c47b53146d2545c88e183d5ef720c114.yaml b/nuclei-templates/cve-less/unknown/wordpress-c47b53146d2545c88e183d5ef720c114.yaml new file mode 100644 index 0000000000..d6f28e9f9b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c47b53146d2545c88e183d5ef720c114.yaml @@ -0,0 +1,60 @@ +id: wordpress-c47b53146d2545c88e183d5ef720c114 + +info: + name: > + WordPress Core < 3.8.2 - Authentication Cookie Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a973dd0a-1a36-4ea2-a300-0f8bb277dfaa?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 3.8', '<= 3.8.1') + - compare_versions(version_by_js, '>= 3.8', '<= 3.8.1') + - compare_versions(version_by_css, '>= 3.8', '<= 3.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c4855e013484cc5dd3a682addca483bd.yaml b/nuclei-templates/cve-less/unknown/wordpress-c4855e013484cc5dd3a682addca483bd.yaml new file mode 100644 index 0000000000..37fc1c88ed --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c4855e013484cc5dd3a682addca483bd.yaml @@ -0,0 +1,60 @@ +id: wordpress-c4855e013484cc5dd3a682addca483bd + +info: + name: > + WordPress Core < 4.0.1 - Cross-Site Scripting via Shortcode Brackets + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/705a0e1f-79c6-4c2a-8622-fb3df944cf22?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.0') + - compare_versions(version_by_js, '4.0') + - compare_versions(version_by_css, '4.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c575c33345c6051166af7b34bab31833.yaml b/nuclei-templates/cve-less/unknown/wordpress-c575c33345c6051166af7b34bab31833.yaml new file mode 100644 index 0000000000..b13de15320 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c575c33345c6051166af7b34bab31833.yaml @@ -0,0 +1,60 @@ +id: wordpress-c575c33345c6051166af7b34bab31833 + +info: + name: > + WordPress Core < 4.4.2 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1351cd6b-ae22-4363-b36b-f892c504f5d9?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.4', '<= 4.4.1') + - compare_versions(version_by_js, '>= 4.4', '<= 4.4.1') + - compare_versions(version_by_css, '>= 4.4', '<= 4.4.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c5d886627a4d5a983d750643ae3293e4.yaml b/nuclei-templates/cve-less/unknown/wordpress-c5d886627a4d5a983d750643ae3293e4.yaml new file mode 100644 index 0000000000..e33d1a9e52 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c5d886627a4d5a983d750643ae3293e4.yaml @@ -0,0 +1,60 @@ +id: wordpress-c5d886627a4d5a983d750643ae3293e4 + +info: + name: > + WordPress Core < 4.4.2 - Open Redirect via wp_validate_redirect + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/e72e87ae-f5c0-4582-a644-b90e93d98e74?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.4', '<= 4.4.1') + - compare_versions(version_by_js, '>= 4.4', '<= 4.4.1') + - compare_versions(version_by_css, '>= 4.4', '<= 4.4.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c64e96aaac6f414a27f722db57e620e7.yaml b/nuclei-templates/cve-less/unknown/wordpress-c64e96aaac6f414a27f722db57e620e7.yaml new file mode 100644 index 0000000000..0641bb24d1 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c64e96aaac6f414a27f722db57e620e7.yaml @@ -0,0 +1,60 @@ +id: wordpress-c64e96aaac6f414a27f722db57e620e7 + +info: + name: > + WordPress Core < 4.8.2 - Cross-Site Scripting via Shortcodes + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b6066883-20e0-440d-9a96-7f4b06c670d2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_js, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_css, '>= 4.8', '<= 4.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c6bafdf6d7b65e0b18711ab77d0f0098.yaml b/nuclei-templates/cve-less/unknown/wordpress-c6bafdf6d7b65e0b18711ab77d0f0098.yaml new file mode 100644 index 0000000000..5ff3c9dd0b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c6bafdf6d7b65e0b18711ab77d0f0098.yaml @@ -0,0 +1,60 @@ +id: wordpress-c6bafdf6d7b65e0b18711ab77d0f0098 + +info: + name: > + WordPress Core <= 3.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4ac29d1c-0aae-4355-90df-24c99d23c411?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.1') + - compare_versions(version_by_js, '<= 3.1') + - compare_versions(version_by_css, '<= 3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c6fdb87042e16df5714392e20f18c2d7.yaml b/nuclei-templates/cve-less/unknown/wordpress-c6fdb87042e16df5714392e20f18c2d7.yaml new file mode 100644 index 0000000000..607050c0d4 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c6fdb87042e16df5714392e20f18c2d7.yaml @@ -0,0 +1,60 @@ +id: wordpress-c6fdb87042e16df5714392e20f18c2d7 + +info: + name: > + WordPress Core < 6.2.1 - Directory Traversal + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/edcf46b6-368e-49c0-b2c3-99bf6e2d358f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 6.2', '< 6.2.1') + - compare_versions(version_by_js, '>= 6.2', '< 6.2.1') + - compare_versions(version_by_css, '>= 6.2', '< 6.2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c74b3da5c9977a8515a2ae6aea10e45b.yaml b/nuclei-templates/cve-less/unknown/wordpress-c74b3da5c9977a8515a2ae6aea10e45b.yaml new file mode 100644 index 0000000000..5310ad686a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c74b3da5c9977a8515a2ae6aea10e45b.yaml @@ -0,0 +1,60 @@ +id: wordpress-c74b3da5c9977a8515a2ae6aea10e45b + +info: + name: > + WordPress Core <= 2.0.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4deae680-4829-4e24-b67b-4066ec9ce4da?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.5') + - compare_versions(version_by_js, '<= 2.0.5') + - compare_versions(version_by_css, '<= 2.0.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c8253916783474b27e7325c9525aa970.yaml b/nuclei-templates/cve-less/unknown/wordpress-c8253916783474b27e7325c9525aa970.yaml new file mode 100644 index 0000000000..a4200cfe47 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c8253916783474b27e7325c9525aa970.yaml @@ -0,0 +1,60 @@ +id: wordpress-c8253916783474b27e7325c9525aa970 + +info: + name: > + WordPress Core < 4.3.1 - Authenticated Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/24b89ed2-9dfb-4068-8459-cb2e708c7778?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.3') + - compare_versions(version_by_js, '4.3') + - compare_versions(version_by_css, '4.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c8fd14ca7da27ed4c689b2c4e745761c.yaml b/nuclei-templates/cve-less/unknown/wordpress-c8fd14ca7da27ed4c689b2c4e745761c.yaml new file mode 100644 index 0000000000..61b63a9e7d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c8fd14ca7da27ed4c689b2c4e745761c.yaml @@ -0,0 +1,60 @@ +id: wordpress-c8fd14ca7da27ed4c689b2c4e745761c + +info: + name: > + WordPress Core < 4.8.2 - Stored Cross-Site Scripting via Plugin Names + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2dccdaa8-5095-42c4-9ca8-90fb444c0ae4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_js, '>= 4.8', '<= 4.8.1') + - compare_versions(version_by_css, '>= 4.8', '<= 4.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c9150acbdbbdbe684264580cb26cfc8d.yaml b/nuclei-templates/cve-less/unknown/wordpress-c9150acbdbbdbe684264580cb26cfc8d.yaml new file mode 100644 index 0000000000..a22f9c9b62 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c9150acbdbbdbe684264580cb26cfc8d.yaml @@ -0,0 +1,60 @@ +id: wordpress-c9150acbdbbdbe684264580cb26cfc8d + +info: + name: > + WordPress Core < 4.6.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2d853bd5-4caa-4b90-a9a6-929fb18b9337?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.6') + - compare_versions(version_by_js, '4.6') + - compare_versions(version_by_css, '4.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-c9ee2e672c4f164ebd27ad2f98e4bfcc.yaml b/nuclei-templates/cve-less/unknown/wordpress-c9ee2e672c4f164ebd27ad2f98e4bfcc.yaml new file mode 100644 index 0000000000..50f37db27d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-c9ee2e672c4f164ebd27ad2f98e4bfcc.yaml @@ -0,0 +1,60 @@ +id: wordpress-c9ee2e672c4f164ebd27ad2f98e4bfcc + +info: + name: > + WordPress Core < 5.0.1 - PHP Object Injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/29778d95-4859-4383-91c7-15e7907b825c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.0') + - compare_versions(version_by_js, '5.0') + - compare_versions(version_by_css, '5.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-cadaed8f08573636b7f993185522f27e.yaml b/nuclei-templates/cve-less/unknown/wordpress-cadaed8f08573636b7f993185522f27e.yaml new file mode 100644 index 0000000000..82a6f49465 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-cadaed8f08573636b7f993185522f27e.yaml @@ -0,0 +1,60 @@ +id: wordpress-cadaed8f08573636b7f993185522f27e + +info: + name: > + WordPress Core < 5.5.2 - Spam Embed on Multisite Installations + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ff473c-c629-487c-9b18-e074534c7b79?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_js, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_css, '>= 5.5', '<= 5.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ccba560ddddde5bfcc32d210efed4a87.yaml b/nuclei-templates/cve-less/unknown/wordpress-ccba560ddddde5bfcc32d210efed4a87.yaml new file mode 100644 index 0000000000..3daad67442 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ccba560ddddde5bfcc32d210efed4a87.yaml @@ -0,0 +1,60 @@ +id: wordpress-ccba560ddddde5bfcc32d210efed4a87 + +info: + name: > + WordPress Core < 4.7.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab710963-64e2-476e-9a60-0a18b64b7550?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.1') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.1') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-cead183a9dda461254cfb1b5349eac2c.yaml b/nuclei-templates/cve-less/unknown/wordpress-cead183a9dda461254cfb1b5349eac2c.yaml new file mode 100644 index 0000000000..08d1bda020 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-cead183a9dda461254cfb1b5349eac2c.yaml @@ -0,0 +1,60 @@ +id: wordpress-cead183a9dda461254cfb1b5349eac2c + +info: + name: > + WordPress Core < 3.5.2 - Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f6b9a90-4fa8-4cd0-bec8-6fa69a1b4681?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.5.1') + - compare_versions(version_by_js, '<= 3.5.1') + - compare_versions(version_by_css, '<= 3.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-cfe7135ed23e14bad22532fdecc51d1d.yaml b/nuclei-templates/cve-less/unknown/wordpress-cfe7135ed23e14bad22532fdecc51d1d.yaml new file mode 100644 index 0000000000..fadee2c07c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-cfe7135ed23e14bad22532fdecc51d1d.yaml @@ -0,0 +1,60 @@ +id: wordpress-cfe7135ed23e14bad22532fdecc51d1d + +info: + name: > + WordPress Core 6.4.0 - 6.4.1 - Remote Code Execution POP Chain + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b170ac00-5d5c-46ef-95f3-e98ef4528999?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '6.4.1') + - compare_versions(version_by_js, '6.4.1') + - compare_versions(version_by_css, '6.4.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-d074931aafc725080c15b2bdcac913b3.yaml b/nuclei-templates/cve-less/unknown/wordpress-d074931aafc725080c15b2bdcac913b3.yaml new file mode 100644 index 0000000000..ad6732e700 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-d074931aafc725080c15b2bdcac913b3.yaml @@ -0,0 +1,60 @@ +id: wordpress-d074931aafc725080c15b2bdcac913b3 + +info: + name: > + WordPress Core < 5.5.2 - Privilege Escalation via XML-RPC + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f9bfa726-40e1-4417-9d59-289dbb3a17ff?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_js, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_css, '>= 5.5', '<= 5.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-d20630cf73b7e14ae89d411e09cd2dbc.yaml b/nuclei-templates/cve-less/unknown/wordpress-d20630cf73b7e14ae89d411e09cd2dbc.yaml new file mode 100644 index 0000000000..c1d35215f8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-d20630cf73b7e14ae89d411e09cd2dbc.yaml @@ -0,0 +1,60 @@ +id: wordpress-d20630cf73b7e14ae89d411e09cd2dbc + +info: + name: > + WordPress Core < 4.7.3 - Arbitrary File Deletion + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3779501-4ac7-4b76-8b2b-9852c6467f16?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.2') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-d3d2641e395785927385af18d7d9ae54.yaml b/nuclei-templates/cve-less/unknown/wordpress-d3d2641e395785927385af18d7d9ae54.yaml new file mode 100644 index 0000000000..1d21310c3e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-d3d2641e395785927385af18d7d9ae54.yaml @@ -0,0 +1,60 @@ +id: wordpress-d3d2641e395785927385af18d7d9ae54 + +info: + name: > + WordPress Core < 4.0.1 - Cross-Site Scripting via media-playlists + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c5bfa818-65e4-4b36-8b61-6f47b42eb6c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.0') + - compare_versions(version_by_js, '4.0') + - compare_versions(version_by_css, '4.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-d4039c617d9e8ba557c15897af4e49e9.yaml b/nuclei-templates/cve-less/unknown/wordpress-d4039c617d9e8ba557c15897af4e49e9.yaml new file mode 100644 index 0000000000..e757a711d6 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-d4039c617d9e8ba557c15897af4e49e9.yaml @@ -0,0 +1,60 @@ +id: wordpress-d4039c617d9e8ba557c15897af4e49e9 + +info: + name: > + WordPress Core < 4.9 - Insecure Deserialization + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/97a3fc27-4b58-400a-b831-6423e3de5cb7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 4.9') + - compare_versions(version_by_js, '< 4.9') + - compare_versions(version_by_css, '< 4.9') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-d4d4f0b2b3c59c669a7ce67356406643.yaml b/nuclei-templates/cve-less/unknown/wordpress-d4d4f0b2b3c59c669a7ce67356406643.yaml new file mode 100644 index 0000000000..6dc6e50af1 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-d4d4f0b2b3c59c669a7ce67356406643.yaml @@ -0,0 +1,60 @@ +id: wordpress-d4d4f0b2b3c59c669a7ce67356406643 + +info: + name: > + WordPress Core < 2.0.7 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b1446daf-662d-479c-8fc5-80b27b04d6c4?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.6') + - compare_versions(version_by_js, '<= 2.0.6') + - compare_versions(version_by_css, '<= 2.0.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-d73ed5db5dfb555a4c952e1a2ada36b5.yaml b/nuclei-templates/cve-less/unknown/wordpress-d73ed5db5dfb555a4c952e1a2ada36b5.yaml new file mode 100644 index 0000000000..8ca1e5cab3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-d73ed5db5dfb555a4c952e1a2ada36b5.yaml @@ -0,0 +1,60 @@ +id: wordpress-d73ed5db5dfb555a4c952e1a2ada36b5 + +info: + name: > + WordPress Core < 4.9.5 - Security Misconfiguration with URL Hostnames + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/70352973-5fa7-40b0-9e07-eab2e96520b7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.9', '<= 4.9.4') + - compare_versions(version_by_js, '>= 4.9', '<= 4.9.4') + - compare_versions(version_by_css, '>= 4.9', '<= 4.9.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-d8248f3fcefa841941bffb19efaa2940.yaml b/nuclei-templates/cve-less/unknown/wordpress-d8248f3fcefa841941bffb19efaa2940.yaml new file mode 100644 index 0000000000..b6da6ea17e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-d8248f3fcefa841941bffb19efaa2940.yaml @@ -0,0 +1,60 @@ +id: wordpress-d8248f3fcefa841941bffb19efaa2940 + +info: + name: > + WordPress Core < 2.09 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b16d675f-1b62-4e3e-b91b-7bdb1e70a221?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '2.1') + - compare_versions(version_by_js, '2.1') + - compare_versions(version_by_css, '2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-d99e5527ae670bb24a2f18d71f74f2a7.yaml b/nuclei-templates/cve-less/unknown/wordpress-d99e5527ae670bb24a2f18d71f74f2a7.yaml new file mode 100644 index 0000000000..db2ee60e0b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-d99e5527ae670bb24a2f18d71f74f2a7.yaml @@ -0,0 +1,60 @@ +id: wordpress-d99e5527ae670bb24a2f18d71f74f2a7 + +info: + name: > + WordPress Core < 5.7.1 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a57426d2-0ca4-405b-bfbf-0685e2c744a0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.7', '< 5.7.1') + - compare_versions(version_by_js, '>= 5.7', '< 5.7.1') + - compare_versions(version_by_css, '>= 5.7', '< 5.7.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-da357866cfc2e11d1d8ab076887b6560.yaml b/nuclei-templates/cve-less/unknown/wordpress-da357866cfc2e11d1d8ab076887b6560.yaml new file mode 100644 index 0000000000..117c3787f5 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-da357866cfc2e11d1d8ab076887b6560.yaml @@ -0,0 +1,60 @@ +id: wordpress-da357866cfc2e11d1d8ab076887b6560 + +info: + name: > + WordPress Core < 5.0.1 - Stored Cross-Site Scripting via File Uploads + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4df635b8-4c56-4b24-8446-8e39e6fe7441?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.0') + - compare_versions(version_by_js, '5.0') + - compare_versions(version_by_css, '5.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-dc3774ebe9e42f33446a6539151704fe.yaml b/nuclei-templates/cve-less/unknown/wordpress-dc3774ebe9e42f33446a6539151704fe.yaml new file mode 100644 index 0000000000..f1a8ffbb14 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-dc3774ebe9e42f33446a6539151704fe.yaml @@ -0,0 +1,60 @@ +id: wordpress-dc3774ebe9e42f33446a6539151704fe + +info: + name: > + WordPress Core < 5.2.3 - Reflected Cross-Site Scripting via Shortcode Previews + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c510063e-1c64-40fa-842a-e7efd3dc550a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-dc513fdad6b21426f271c55a4c19a3d1.yaml b/nuclei-templates/cve-less/unknown/wordpress-dc513fdad6b21426f271c55a4c19a3d1.yaml new file mode 100644 index 0000000000..90083b829d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-dc513fdad6b21426f271c55a4c19a3d1.yaml @@ -0,0 +1,60 @@ +id: wordpress-dc513fdad6b21426f271c55a4c19a3d1 + +info: + name: > + WordPress Core < 5.4.2 - Arbitrary User Meta Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8746bd3a-6e2b-4ed2-9b21-4ed5a0e58de8?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_js, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_css, '>= 5.3', '<= 5.3.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-dced04c5992536d443cadc0d8795aeb0.yaml b/nuclei-templates/cve-less/unknown/wordpress-dced04c5992536d443cadc0d8795aeb0.yaml new file mode 100644 index 0000000000..0f6f6e9e33 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-dced04c5992536d443cadc0d8795aeb0.yaml @@ -0,0 +1,60 @@ +id: wordpress-dced04c5992536d443cadc0d8795aeb0 + +info: + name: > + WordPress Core <= 1.5 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1d2f973a-1fb3-4c75-8c33-6d1fadf9c906?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 1.5.1') + - compare_versions(version_by_js, '<= 1.5.1') + - compare_versions(version_by_css, '<= 1.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-dda97c7f3b2cab605b5ded8dc805330d.yaml b/nuclei-templates/cve-less/unknown/wordpress-dda97c7f3b2cab605b5ded8dc805330d.yaml new file mode 100644 index 0000000000..e672235cc9 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-dda97c7f3b2cab605b5ded8dc805330d.yaml @@ -0,0 +1,60 @@ +id: wordpress-dda97c7f3b2cab605b5ded8dc805330d + +info: + name: > + WordPress Core < 4.5 - Cross-Site Scripting via Network Settings Page + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/23b2fc40-d8e3-4b84-ab8d-ff82a6f21842?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 4.5') + - compare_versions(version_by_js, '< 4.5') + - compare_versions(version_by_css, '< 4.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ddfc06bcb9cec3149d4f2bf8dcc315c4.yaml b/nuclei-templates/cve-less/unknown/wordpress-ddfc06bcb9cec3149d4f2bf8dcc315c4.yaml new file mode 100644 index 0000000000..c2feedf3df --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ddfc06bcb9cec3149d4f2bf8dcc315c4.yaml @@ -0,0 +1,60 @@ +id: wordpress-ddfc06bcb9cec3149d4f2bf8dcc315c4 + +info: + name: > + WordPress Core < 2.0.4 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/159b5565-f4d8-4514-9397-20b6a0890475?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.3') + - compare_versions(version_by_js, '<= 2.0.3') + - compare_versions(version_by_css, '<= 2.0.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-e0a9b092ccb5dabc15e9c9a8e43b0ea4.yaml b/nuclei-templates/cve-less/unknown/wordpress-e0a9b092ccb5dabc15e9c9a8e43b0ea4.yaml new file mode 100644 index 0000000000..7c261d594a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-e0a9b092ccb5dabc15e9c9a8e43b0ea4.yaml @@ -0,0 +1,60 @@ +id: wordpress-e0a9b092ccb5dabc15e9c9a8e43b0ea4 + +info: + name: > + WordPress Core < 4.9.1 - Cross-domain Flash injection + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/72b14197-560a-4dc2-9c23-a250f51dc51e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.9', '<= 4.9.1') + - compare_versions(version_by_js, '>= 4.9', '<= 4.9.1') + - compare_versions(version_by_css, '>= 4.9', '<= 4.9.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-e104142bc1fb6f9114a1a8ff34f8d8a2.yaml b/nuclei-templates/cve-less/unknown/wordpress-e104142bc1fb6f9114a1a8ff34f8d8a2.yaml new file mode 100644 index 0000000000..7986cfb311 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-e104142bc1fb6f9114a1a8ff34f8d8a2.yaml @@ -0,0 +1,60 @@ +id: wordpress-e104142bc1fb6f9114a1a8ff34f8d8a2 + +info: + name: > + WordPress Core < 4.7.1 - Stored Cross-Site Scripting via theme directory name + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f10fdf31-6941-4d41-8c15-90ed61addc2f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.0') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.0') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-e1b0c201fddb85e895eccaf4a0865020.yaml b/nuclei-templates/cve-less/unknown/wordpress-e1b0c201fddb85e895eccaf4a0865020.yaml new file mode 100644 index 0000000000..d095fe153c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-e1b0c201fddb85e895eccaf4a0865020.yaml @@ -0,0 +1,60 @@ +id: wordpress-e1b0c201fddb85e895eccaf4a0865020 + +info: + name: > + Wordpress Core < 4.0.1 - Hash Collision + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/05873114-ceed-404c-9cc2-d85aa92ef6f3?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.0') + - compare_versions(version_by_js, '4.0') + - compare_versions(version_by_css, '4.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-e46b887a41d8ee6fabb81ee3e309e2b3.yaml b/nuclei-templates/cve-less/unknown/wordpress-e46b887a41d8ee6fabb81ee3e309e2b3.yaml new file mode 100644 index 0000000000..812ae2b14e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-e46b887a41d8ee6fabb81ee3e309e2b3.yaml @@ -0,0 +1,60 @@ +id: wordpress-e46b887a41d8ee6fabb81ee3e309e2b3 + +info: + name: > + WordPress Core <= 2.1.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a9162c2e-e765-4bda-b09f-982603b5797a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.1.1') + - compare_versions(version_by_js, '<= 2.1.1') + - compare_versions(version_by_css, '<= 2.1.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-e609395c8f2ad6eb526c72692dc02d69.yaml b/nuclei-templates/cve-less/unknown/wordpress-e609395c8f2ad6eb526c72692dc02d69.yaml new file mode 100644 index 0000000000..0798092c4c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-e609395c8f2ad6eb526c72692dc02d69.yaml @@ -0,0 +1,60 @@ +id: wordpress-e609395c8f2ad6eb526c72692dc02d69 + +info: + name: > + WordPress Core < 4.0 - Missing Session Cookie Expiration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3cf00aef-427b-4256-9cbd-83c8e5059ecf?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 4.0') + - compare_versions(version_by_js, '< 4.0') + - compare_versions(version_by_css, '< 4.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-e6183bf44f39dd782d9e71f81eb0564e.yaml b/nuclei-templates/cve-less/unknown/wordpress-e6183bf44f39dd782d9e71f81eb0564e.yaml new file mode 100644 index 0000000000..493921d6fe --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-e6183bf44f39dd782d9e71f81eb0564e.yaml @@ -0,0 +1,60 @@ +id: wordpress-e6183bf44f39dd782d9e71f81eb0564e + +info: + name: > + WordPress Core 4.7.0 - 6.3.1 - Sensitive Information Exposure via User Search REST Endpoint + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/38b63167-e1a6-4279-97cf-900df0651f20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 6.3', '<= 6.3.1') + - compare_versions(version_by_js, '>= 6.3', '<= 6.3.1') + - compare_versions(version_by_css, '>= 6.3', '<= 6.3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-e6e816b404310825058a1adb6cc01862.yaml b/nuclei-templates/cve-less/unknown/wordpress-e6e816b404310825058a1adb6cc01862.yaml new file mode 100644 index 0000000000..3f0933cb41 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-e6e816b404310825058a1adb6cc01862.yaml @@ -0,0 +1,60 @@ +id: wordpress-e6e816b404310825058a1adb6cc01862 + +info: + name: > + WordPress Core < 5.2.4 - Server Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/c95505e3-6851-476e-af40-bb841eb01be7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-e7484c4ad6364e6bb025904632af06af.yaml b/nuclei-templates/cve-less/unknown/wordpress-e7484c4ad6364e6bb025904632af06af.yaml new file mode 100644 index 0000000000..0d35116c1b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-e7484c4ad6364e6bb025904632af06af.yaml @@ -0,0 +1,60 @@ +id: wordpress-e7484c4ad6364e6bb025904632af06af + +info: + name: > + WordPress Core < 4.7.1 - Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2b300f55-f1ee-4345-adc2-32cd3b081a30?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.7') + - compare_versions(version_by_js, '4.7') + - compare_versions(version_by_css, '4.7') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-e8698e8d301690dded028c942c072a23.yaml b/nuclei-templates/cve-less/unknown/wordpress-e8698e8d301690dded028c942c072a23.yaml new file mode 100644 index 0000000000..103baff506 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-e8698e8d301690dded028c942c072a23.yaml @@ -0,0 +1,60 @@ +id: wordpress-e8698e8d301690dded028c942c072a23 + +info: + name: > + WordPress Core <= 2.8.5 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9f9bbe9a-faac-4f41-b2be-ddf6ff80d9c7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8.5') + - compare_versions(version_by_js, '<= 2.8.5') + - compare_versions(version_by_css, '<= 2.8.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-e8d59ad5e812b7bb724e8a40d7c112fd.yaml b/nuclei-templates/cve-less/unknown/wordpress-e8d59ad5e812b7bb724e8a40d7c112fd.yaml new file mode 100644 index 0000000000..38f6031319 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-e8d59ad5e812b7bb724e8a40d7c112fd.yaml @@ -0,0 +1,60 @@ +id: wordpress-e8d59ad5e812b7bb724e8a40d7c112fd + +info: + name: > + WordPress Core < 4.7.5 - Authorization Bypass Allowing Post Meta Updates + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/801d6f21-1f52-48d4-9f8e-5c971dd037f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ea691d409e63dbe5a9b95c2c573dcfcb.yaml b/nuclei-templates/cve-less/unknown/wordpress-ea691d409e63dbe5a9b95c2c573dcfcb.yaml new file mode 100644 index 0000000000..8a9b11cc45 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ea691d409e63dbe5a9b95c2c573dcfcb.yaml @@ -0,0 +1,60 @@ +id: wordpress-ea691d409e63dbe5a9b95c2c573dcfcb + +info: + name: > + WordPress Core < 4.5 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ea26eb81-e6d1-4c6d-95f4-fd1b2d919632?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 4.5') + - compare_versions(version_by_js, '< 4.5') + - compare_versions(version_by_css, '< 4.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-eaaace6cb938cd367aee5bb46ada2d9a.yaml b/nuclei-templates/cve-less/unknown/wordpress-eaaace6cb938cd367aee5bb46ada2d9a.yaml new file mode 100644 index 0000000000..6e396231bd --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-eaaace6cb938cd367aee5bb46ada2d9a.yaml @@ -0,0 +1,60 @@ +id: wordpress-eaaace6cb938cd367aee5bb46ada2d9a + +info: + name: > + WordPress Core < 4.2.4 - Cross-Site Scripting via Widget Title + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/aba33487-f6c5-41e9-9500-73bef37381e6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_js, '>= 4.2', '<= 4.2.3') + - compare_versions(version_by_css, '>= 4.2', '<= 4.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-eac8868d56d1c09282753a6f5e51eca0.yaml b/nuclei-templates/cve-less/unknown/wordpress-eac8868d56d1c09282753a6f5e51eca0.yaml new file mode 100644 index 0000000000..01a92b5972 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-eac8868d56d1c09282753a6f5e51eca0.yaml @@ -0,0 +1,60 @@ +id: wordpress-eac8868d56d1c09282753a6f5e51eca0 + +info: + name: > + WordPress Core < 3.0.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/43039c47-a34f-4020-9009-473e93468e21?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.0.2') + - compare_versions(version_by_js, '< 3.0.2') + - compare_versions(version_by_css, '< 3.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-eb2a44740e588bb123bf745a7b8976f2.yaml b/nuclei-templates/cve-less/unknown/wordpress-eb2a44740e588bb123bf745a7b8976f2.yaml new file mode 100644 index 0000000000..2fac12dc56 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-eb2a44740e588bb123bf745a7b8976f2.yaml @@ -0,0 +1,60 @@ +id: wordpress-eb2a44740e588bb123bf745a7b8976f2 + +info: + name: > + WordPress Core < 5.2.3 - Stored Cross-Site Scripting via Comments + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bfcbf652-6cb4-4f3e-9032-ad262e8c8480?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.2') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-eb538474262da433b7015c817d7e5437.yaml b/nuclei-templates/cve-less/unknown/wordpress-eb538474262da433b7015c817d7e5437.yaml new file mode 100644 index 0000000000..f9118c9d7d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-eb538474262da433b7015c817d7e5437.yaml @@ -0,0 +1,60 @@ +id: wordpress-eb538474262da433b7015c817d7e5437 + +info: + name: > + WordPress Core < 5.4.1 - Reflected Cross Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cfc1f42-c9dd-4dcb-8be5-c440a568a02e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.4') + - compare_versions(version_by_js, '5.4') + - compare_versions(version_by_css, '5.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-eb8402ad8a020ad4edd366ea4d47048a.yaml b/nuclei-templates/cve-less/unknown/wordpress-eb8402ad8a020ad4edd366ea4d47048a.yaml new file mode 100644 index 0000000000..e54242dc65 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-eb8402ad8a020ad4edd366ea4d47048a.yaml @@ -0,0 +1,60 @@ +id: wordpress-eb8402ad8a020ad4edd366ea4d47048a + +info: + name: > + WordPress Core < 3.9.2 - Denial of Service via XML #2 + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/b0382227-48eb-4a97-8f3c-5c8fc4bcc0b6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_js, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_css, '>= 3.9', '<= 3.9.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ebca9e3a98a4b7e0c8afa5cc0c16f868.yaml b/nuclei-templates/cve-less/unknown/wordpress-ebca9e3a98a4b7e0c8afa5cc0c16f868.yaml new file mode 100644 index 0000000000..1e64f41c37 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ebca9e3a98a4b7e0c8afa5cc0c16f868.yaml @@ -0,0 +1,60 @@ +id: wordpress-ebca9e3a98a4b7e0c8afa5cc0c16f868 + +info: + name: > + WordPress Core < 2.8 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d84cf972-be7e-497c-b360-2ea491e44ad6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.7.1') + - compare_versions(version_by_js, '<= 2.7.1') + - compare_versions(version_by_css, '<= 2.7.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ec7a913d9be8141b4e808c283d60b654.yaml b/nuclei-templates/cve-less/unknown/wordpress-ec7a913d9be8141b4e808c283d60b654.yaml new file mode 100644 index 0000000000..5089462d91 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ec7a913d9be8141b4e808c283d60b654.yaml @@ -0,0 +1,60 @@ +id: wordpress-ec7a913d9be8141b4e808c283d60b654 + +info: + name: > + WordPress Core < 5.4.1 - Password Reset Link Non-Expiration + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71fe2687-0dc9-4c56-91a4-447420818cca?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.4') + - compare_versions(version_by_js, '5.4') + - compare_versions(version_by_css, '5.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ed09f8fa2b1f0c2f3b1b1ea2ddd6cf57.yaml b/nuclei-templates/cve-less/unknown/wordpress-ed09f8fa2b1f0c2f3b1b1ea2ddd6cf57.yaml new file mode 100644 index 0000000000..dce8bd63dd --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ed09f8fa2b1f0c2f3b1b1ea2ddd6cf57.yaml @@ -0,0 +1,60 @@ +id: wordpress-ed09f8fa2b1f0c2f3b1b1ea2ddd6cf57 + +info: + name: > + WordPress Core <= 2.3 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/044babea-8c04-4461-be53-80f2171da619?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.3') + - compare_versions(version_by_js, '<= 2.3') + - compare_versions(version_by_css, '<= 2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-edc700db5b7f85733c96d120d88dd36f.yaml b/nuclei-templates/cve-less/unknown/wordpress-edc700db5b7f85733c96d120d88dd36f.yaml new file mode 100644 index 0000000000..a06751f2c2 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-edc700db5b7f85733c96d120d88dd36f.yaml @@ -0,0 +1,60 @@ +id: wordpress-edc700db5b7f85733c96d120d88dd36f + +info: + name: > + WordPress Core < 4.3.1 - Authorization Bypass to Information Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3a71b8da-73dd-488e-b553-77116731f13f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.3') + - compare_versions(version_by_js, '4.3') + - compare_versions(version_by_css, '4.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-edccb43245b403365a70f7937b797b33.yaml b/nuclei-templates/cve-less/unknown/wordpress-edccb43245b403365a70f7937b797b33.yaml new file mode 100644 index 0000000000..49b8b0929e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-edccb43245b403365a70f7937b797b33.yaml @@ -0,0 +1,60 @@ +id: wordpress-edccb43245b403365a70f7937b797b33 + +info: + name: > + WordPress Core < 2.2.3 - Restriction Bypass + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5ef4d74-aa5d-4d6d-af2c-bda506fb394d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.2.2') + - compare_versions(version_by_js, '<= 2.2.2') + - compare_versions(version_by_css, '<= 2.2.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-eddfc65aa0440e5ea83aec9a271fa7b1.yaml b/nuclei-templates/cve-less/unknown/wordpress-eddfc65aa0440e5ea83aec9a271fa7b1.yaml new file mode 100644 index 0000000000..49f1b5cf62 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-eddfc65aa0440e5ea83aec9a271fa7b1.yaml @@ -0,0 +1,60 @@ +id: wordpress-eddfc65aa0440e5ea83aec9a271fa7b1 + +info: + name: > + WordPress Core < 2.0.2 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/06e4d7e3-c800-4b3d-9504-c69aa9a918fb?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.1') + - compare_versions(version_by_js, '<= 2.0.1') + - compare_versions(version_by_css, '<= 2.0.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f051252090bfca9b5a537f278ab9e40f.yaml b/nuclei-templates/cve-less/unknown/wordpress-f051252090bfca9b5a537f278ab9e40f.yaml new file mode 100644 index 0000000000..bc8e56e9c9 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f051252090bfca9b5a537f278ab9e40f.yaml @@ -0,0 +1,60 @@ +id: wordpress-f051252090bfca9b5a537f278ab9e40f + +info: + name: > + WordPress Core < 6.0.3 - Information Disclosure (Email Address) + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f0691a2a-734e-4726-97a1-9e0c796c2fb5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 6.0', '<= 6.0.2') + - compare_versions(version_by_js, '>= 6.0', '<= 6.0.2') + - compare_versions(version_by_css, '>= 6.0', '<= 6.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f091fee54b5af87e393409f73df7398b.yaml b/nuclei-templates/cve-less/unknown/wordpress-f091fee54b5af87e393409f73df7398b.yaml new file mode 100644 index 0000000000..8fa4d65f4b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f091fee54b5af87e393409f73df7398b.yaml @@ -0,0 +1,60 @@ +id: wordpress-f091fee54b5af87e393409f73df7398b + +info: + name: > + WordPress Core <= 2.5.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4fa453f3-d361-452c-940a-108252c9f302?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.5.1') + - compare_versions(version_by_js, '<= 2.5.1') + - compare_versions(version_by_css, '<= 2.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f16b50c0e395ccd17650f052fd2cbf91.yaml b/nuclei-templates/cve-less/unknown/wordpress-f16b50c0e395ccd17650f052fd2cbf91.yaml new file mode 100644 index 0000000000..0f28d49b62 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f16b50c0e395ccd17650f052fd2cbf91.yaml @@ -0,0 +1,60 @@ +id: wordpress-f16b50c0e395ccd17650f052fd2cbf91 + +info: + name: > + WordPress Core < 4.8.3 - SQL Injection due to Double Prepare approach + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/bb6182e8-ba5c-4873-aa18-45a79191c8c5?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.8', '<= 4.8.2') + - compare_versions(version_by_js, '>= 4.8', '<= 4.8.2') + - compare_versions(version_by_css, '>= 4.8', '<= 4.8.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f2245171b77d63e98ad0b380120e210f.yaml b/nuclei-templates/cve-less/unknown/wordpress-f2245171b77d63e98ad0b380120e210f.yaml new file mode 100644 index 0000000000..97d032b6ea --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f2245171b77d63e98ad0b380120e210f.yaml @@ -0,0 +1,60 @@ +id: wordpress-f2245171b77d63e98ad0b380120e210f + +info: + name: > + WordPress Core <= 2.0.5 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f4393526-6357-40ee-a024-f461d0430a62?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.5') + - compare_versions(version_by_js, '<= 2.0.5') + - compare_versions(version_by_css, '<= 2.0.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f22677490a8449ed9a279a27d7c29df2.yaml b/nuclei-templates/cve-less/unknown/wordpress-f22677490a8449ed9a279a27d7c29df2.yaml new file mode 100644 index 0000000000..cf313560a6 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f22677490a8449ed9a279a27d7c29df2.yaml @@ -0,0 +1,60 @@ +id: wordpress-f22677490a8449ed9a279a27d7c29df2 + +info: + name: > + WordPress Core < 3.9.2 - Cross-Site Request Forgery Protection Bypass + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3bdb73f9-d091-4de7-975c-10090ee1f749?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_js, '>= 3.9', '<= 3.9.1') + - compare_versions(version_by_css, '>= 3.9', '<= 3.9.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f2fb39e94dcb2f1ace2d3ba207356b55.yaml b/nuclei-templates/cve-less/unknown/wordpress-f2fb39e94dcb2f1ace2d3ba207356b55.yaml new file mode 100644 index 0000000000..45d3e81192 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f2fb39e94dcb2f1ace2d3ba207356b55.yaml @@ -0,0 +1,60 @@ +id: wordpress-f2fb39e94dcb2f1ace2d3ba207356b55 + +info: + name: > + WordPress Core < 5.2.4 - Server Side Request Forgery #2 + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d6a51962-fe99-4911-85c9-a75bd18e74c2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f3aa50bf420b4235c2de996ef5d37967.yaml b/nuclei-templates/cve-less/unknown/wordpress-f3aa50bf420b4235c2de996ef5d37967.yaml new file mode 100644 index 0000000000..31ac5b6a01 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f3aa50bf420b4235c2de996ef5d37967.yaml @@ -0,0 +1,60 @@ +id: wordpress-f3aa50bf420b4235c2de996ef5d37967 + +info: + name: > + WordPress Core < 5.4.1 - Authenticated (Author+) Cross-Site Scripting via File Uploads + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/3379dde1-d1fb-4ec8-b834-de00fb6a38f2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '5.4') + - compare_versions(version_by_js, '5.4') + - compare_versions(version_by_css, '5.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f4126d8b538ac1453cb97c3958cf463e.yaml b/nuclei-templates/cve-less/unknown/wordpress-f4126d8b538ac1453cb97c3958cf463e.yaml new file mode 100644 index 0000000000..536f6655e9 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f4126d8b538ac1453cb97c3958cf463e.yaml @@ -0,0 +1,60 @@ +id: wordpress-f4126d8b538ac1453cb97c3958cf463e + +info: + name: > + WordPress Core < 4.0.1 Cross-Site Request Forgery to Password Reset + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7aa73c13-3f58-423a-ba5f-bebaae2b8371?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.0') + - compare_versions(version_by_js, '4.0') + - compare_versions(version_by_css, '4.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f48a9fb689f8698b971abbab7d25b506.yaml b/nuclei-templates/cve-less/unknown/wordpress-f48a9fb689f8698b971abbab7d25b506.yaml new file mode 100644 index 0000000000..74b50ddfc3 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f48a9fb689f8698b971abbab7d25b506.yaml @@ -0,0 +1,60 @@ +id: wordpress-f48a9fb689f8698b971abbab7d25b506 + +info: + name: > + WordPress Core < 5.2.4 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/6cc6d71c-fb19-4142-a8be-4175afc1713c?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.3') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f505e5adff7df495d5e3883941625090.yaml b/nuclei-templates/cve-less/unknown/wordpress-f505e5adff7df495d5e3883941625090.yaml new file mode 100644 index 0000000000..0693fec753 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f505e5adff7df495d5e3883941625090.yaml @@ -0,0 +1,60 @@ +id: wordpress-f505e5adff7df495d5e3883941625090 + +info: + name: > + WordPress Core < 2.0.1 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8d874540-dced-420d-81c0-46c185df10f1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0') + - compare_versions(version_by_js, '<= 2.0') + - compare_versions(version_by_css, '<= 2.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f53eb1a5057e991c005e324155224f96.yaml b/nuclei-templates/cve-less/unknown/wordpress-f53eb1a5057e991c005e324155224f96.yaml new file mode 100644 index 0000000000..0fa633416d --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f53eb1a5057e991c005e324155224f96.yaml @@ -0,0 +1,60 @@ +id: wordpress-f53eb1a5057e991c005e324155224f96 + +info: + name: > + WordPress Core < 4.5 - Cross-Site Request Forgery via wp_ajax_wp_compression_test + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0fbb1044-dd42-469d-9299-135ef2e609e0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 4.5') + - compare_versions(version_by_js, '< 4.5') + - compare_versions(version_by_css, '< 4.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f5fbe606f950f69e7f8a0850ddd9a5f9.yaml b/nuclei-templates/cve-less/unknown/wordpress-f5fbe606f950f69e7f8a0850ddd9a5f9.yaml new file mode 100644 index 0000000000..d88687dc7b --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f5fbe606f950f69e7f8a0850ddd9a5f9.yaml @@ -0,0 +1,60 @@ +id: wordpress-f5fbe606f950f69e7f8a0850ddd9a5f9 + +info: + name: > + WordPress Core < 5.4.2 - Self-Cross Site Scripting via Theme Folder Name + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/92895f8e-59c9-4988-9d7a-2601880d71a2?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_js, '>= 5.3', '<= 5.3.3') + - compare_versions(version_by_css, '>= 5.3', '<= 5.3.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f7283f346fe85f39acdb5e20af5f97a4.yaml b/nuclei-templates/cve-less/unknown/wordpress-f7283f346fe85f39acdb5e20af5f97a4.yaml new file mode 100644 index 0000000000..cfd03d5097 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f7283f346fe85f39acdb5e20af5f97a4.yaml @@ -0,0 +1,60 @@ +id: wordpress-f7283f346fe85f39acdb5e20af5f97a4 + +info: + name: > + WordPress Core < 4.3.1 - Cross-Site Scripting via Shortcodes + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/4c1f4487-c684-4602-9b93-e547e2d38a64?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.3') + - compare_versions(version_by_js, '4.3') + - compare_versions(version_by_css, '4.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f773a7113074464a75bbe2d49bec8c41.yaml b/nuclei-templates/cve-less/unknown/wordpress-f773a7113074464a75bbe2d49bec8c41.yaml new file mode 100644 index 0000000000..1d9620a9a8 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f773a7113074464a75bbe2d49bec8c41.yaml @@ -0,0 +1,60 @@ +id: wordpress-f773a7113074464a75bbe2d49bec8c41 + +info: + name: > + WordPress Core <= 2.1.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a6074c97-619d-4f47-97c7-781c7a38019d?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 2.1', '<= 2.1.1') + - compare_versions(version_by_js, '>= 2.1', '<= 2.1.1') + - compare_versions(version_by_css, '>= 2.1', '<= 2.1.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f8aa33f110a6a6a856da312dc133ff24.yaml b/nuclei-templates/cve-less/unknown/wordpress-f8aa33f110a6a6a856da312dc133ff24.yaml new file mode 100644 index 0000000000..54b6d4e31a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f8aa33f110a6a6a856da312dc133ff24.yaml @@ -0,0 +1,60 @@ +id: wordpress-f8aa33f110a6a6a856da312dc133ff24 + +info: + name: > + WordPress Core < 2.0.3 - IP Address Spoofing + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/71b521b5-acb5-4439-90f8-7d341291d583?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.2') + - compare_versions(version_by_js, '<= 2.0.2') + - compare_versions(version_by_css, '<= 2.0.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-f9aa065f3c444f18387e5d91e2140e33.yaml b/nuclei-templates/cve-less/unknown/wordpress-f9aa065f3c444f18387e5d91e2140e33.yaml new file mode 100644 index 0000000000..5506d124e1 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-f9aa065f3c444f18387e5d91e2140e33.yaml @@ -0,0 +1,60 @@ +id: wordpress-f9aa065f3c444f18387e5d91e2140e33 + +info: + name: > + WordPress Core < 3.6.1 - Spoof Post Authorship + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/af420213-039b-41a4-b177-4035fc727867?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 3.6') + - compare_versions(version_by_js, '<= 3.6') + - compare_versions(version_by_css, '<= 3.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-fa885b11c40ebf76b2f4807510059410.yaml b/nuclei-templates/cve-less/unknown/wordpress-fa885b11c40ebf76b2f4807510059410.yaml new file mode 100644 index 0000000000..403e012078 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-fa885b11c40ebf76b2f4807510059410.yaml @@ -0,0 +1,60 @@ +id: wordpress-fa885b11c40ebf76b2f4807510059410 + +info: + name: > + WordPress < 2.0.6 - Username Enumeration via Error Messages + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/1f2845a5-7572-4533-8949-08bee99fca20?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.5') + - compare_versions(version_by_js, '<= 2.0.5') + - compare_versions(version_by_css, '<= 2.0.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-fa8a087263ff15310b12026bf0398947.yaml b/nuclei-templates/cve-less/unknown/wordpress-fa8a087263ff15310b12026bf0398947.yaml new file mode 100644 index 0000000000..782ed6f5a7 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-fa8a087263ff15310b12026bf0398947.yaml @@ -0,0 +1,60 @@ +id: wordpress-fa8a087263ff15310b12026bf0398947 + +info: + name: > + WordPress Core < 4.7.5 - Cross-Site Request Forgery Filesystem Credential Update + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/305ffc3b-5f1c-42fb-9fd5-0dfcbe1c661b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.4') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-fa8bb387e5a82ee63b7096bd66224a07.yaml b/nuclei-templates/cve-less/unknown/wordpress-fa8bb387e5a82ee63b7096bd66224a07.yaml new file mode 100644 index 0000000000..429d855553 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-fa8bb387e5a82ee63b7096bd66224a07.yaml @@ -0,0 +1,60 @@ +id: wordpress-fa8bb387e5a82ee63b7096bd66224a07 + +info: + name: > + WordPress Core < 2.1 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/63fd62b2-455e-449b-b46a-78c5d2b86cde?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.0.11') + - compare_versions(version_by_js, '<= 2.0.11') + - compare_versions(version_by_css, '<= 2.0.11') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-fb2282647c2ae8c5fc2f5ce43c10e3b4.yaml b/nuclei-templates/cve-less/unknown/wordpress-fb2282647c2ae8c5fc2f5ce43c10e3b4.yaml new file mode 100644 index 0000000000..968cec5c33 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-fb2282647c2ae8c5fc2f5ce43c10e3b4.yaml @@ -0,0 +1,60 @@ +id: wordpress-fb2282647c2ae8c5fc2f5ce43c10e3b4 + +info: + name: > + WordPress Core <= 2.2.1 - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/f582eb1d-fcd0-4758-9922-969f8eb6efea?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 2.2', '<= 2.2.1') + - compare_versions(version_by_js, '>= 2.2', '<= 2.2.1') + - compare_versions(version_by_css, '>= 2.2', '<= 2.2.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-fd3d7547948cd73ced21b0718db85821.yaml b/nuclei-templates/cve-less/unknown/wordpress-fd3d7547948cd73ced21b0718db85821.yaml new file mode 100644 index 0000000000..e1496f5b8e --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-fd3d7547948cd73ced21b0718db85821.yaml @@ -0,0 +1,60 @@ +id: wordpress-fd3d7547948cd73ced21b0718db85821 + +info: + name: > + WordPress Core < 2.8.3 - Authorization Bypass + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/9ab55dea-84d5-4ed6-a693-8c8de9b7c7dd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8.2') + - compare_versions(version_by_js, '<= 2.8.2') + - compare_versions(version_by_css, '<= 2.8.2') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-fd60b0f3d7e78edda1d649e26189d052.yaml b/nuclei-templates/cve-less/unknown/wordpress-fd60b0f3d7e78edda1d649e26189d052.yaml new file mode 100644 index 0000000000..7437168652 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-fd60b0f3d7e78edda1d649e26189d052.yaml @@ -0,0 +1,60 @@ +id: wordpress-fd60b0f3d7e78edda1d649e26189d052 + +info: + name: > + WordPress Core < 5.8.1 - LoDash Update + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/51cd834e-1b18-4702-9c6c-db7f34f2c687?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.8', '< 5.8.1') + - compare_versions(version_by_js, '>= 5.8', '< 5.8.1') + - compare_versions(version_by_css, '>= 5.8', '< 5.8.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-fd782d56e4b98d3f89d6bafb5ab8e0f0.yaml b/nuclei-templates/cve-less/unknown/wordpress-fd782d56e4b98d3f89d6bafb5ab8e0f0.yaml new file mode 100644 index 0000000000..a6f0854845 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-fd782d56e4b98d3f89d6bafb5ab8e0f0.yaml @@ -0,0 +1,60 @@ +id: wordpress-fd782d56e4b98d3f89d6bafb5ab8e0f0 + +info: + name: > + WordPress Core < 4.7.2 - Authorization Bypass to Term Disclosure + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7cfaf155-7766-4bb9-b89a-368d8adb889f?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 4.7', '<= 4.7.1') + - compare_versions(version_by_js, '>= 4.7', '<= 4.7.1') + - compare_versions(version_by_css, '>= 4.7', '<= 4.7.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-fdfa9359cb5ac819f5ca411e725dc0b7.yaml b/nuclei-templates/cve-less/unknown/wordpress-fdfa9359cb5ac819f5ca411e725dc0b7.yaml new file mode 100644 index 0000000000..8a14f28db0 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-fdfa9359cb5ac819f5ca411e725dc0b7.yaml @@ -0,0 +1,60 @@ +id: wordpress-fdfa9359cb5ac819f5ca411e725dc0b7 + +info: + name: > + WordPress Core < 4.0.1 - Server-Side Request Forgery + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/2e27cfff-6763-4e54-af5d-0f4cf23e72f7?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '4.0') + - compare_versions(version_by_js, '4.0') + - compare_versions(version_by_css, '4.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-fe4f40f017b3a3e3bc10dcffb6ae781d.yaml b/nuclei-templates/cve-less/unknown/wordpress-fe4f40f017b3a3e3bc10dcffb6ae781d.yaml new file mode 100644 index 0000000000..8c2a6ee4f0 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-fe4f40f017b3a3e3bc10dcffb6ae781d.yaml @@ -0,0 +1,60 @@ +id: wordpress-fe4f40f017b3a3e3bc10dcffb6ae781d + +info: + name: > + WordPress Core < 5.5.2 - Cross-Site Request Forgery to Theme Image Change + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7d6a09f5-029a-4710-b2bd-974d0d8348b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_js, '>= 5.5', '<= 5.5.1') + - compare_versions(version_by_css, '>= 5.5', '<= 5.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ff109dde1d54495dd369e80dd2dbfb9f.yaml b/nuclei-templates/cve-less/unknown/wordpress-ff109dde1d54495dd369e80dd2dbfb9f.yaml new file mode 100644 index 0000000000..cd3cab862c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ff109dde1d54495dd369e80dd2dbfb9f.yaml @@ -0,0 +1,60 @@ +id: wordpress-ff109dde1d54495dd369e80dd2dbfb9f + +info: + name: > + WordPress Core < 5.3.1 - Authenticated Stored Cross-Site Scripting + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/149eb7ef-be96-442e-925e-01d8d76e3a1a?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '>= 5.2', '<= 5.2.4') + - compare_versions(version_by_js, '>= 5.2', '<= 5.2.4') + - compare_versions(version_by_css, '>= 5.2', '<= 5.2.4') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wordpress-ff8227d1909738ca97650b31fc8d45f5.yaml b/nuclei-templates/cve-less/unknown/wordpress-ff8227d1909738ca97650b31fc8d45f5.yaml new file mode 100644 index 0000000000..a8db4b508a --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wordpress-ff8227d1909738ca97650b31fc8d45f5.yaml @@ -0,0 +1,60 @@ +id: wordpress-ff8227d1909738ca97650b31fc8d45f5 + +info: + name: > + WordPress Core < 3.5.1 - Stored Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/ab66ac69-0617-4f9f-8ad3-4ab1502892bd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 3.5.1') + - compare_versions(version_by_js, '< 3.5.1') + - compare_versions(version_by_css, '< 3.5.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wpmu-0237978a3384b095d5321701a9e4c218.yaml b/nuclei-templates/cve-less/unknown/wpmu-0237978a3384b095d5321701a9e4c218.yaml new file mode 100644 index 0000000000..bfeeb59d01 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wpmu-0237978a3384b095d5321701a9e4c218.yaml @@ -0,0 +1,60 @@ +id: wpmu-0237978a3384b095d5321701a9e4c218 + +info: + name: > + WordPress Core & WordPress MU < 2.8.1 - Full Path Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/79ea853e-9d1d-4be0-8fd4-a80a924018ae?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8') + - compare_versions(version_by_js, '<= 2.8') + - compare_versions(version_by_css, '<= 2.8') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wpmu-066a3076f693bdf1acf756f1b6327c5f.yaml b/nuclei-templates/cve-less/unknown/wpmu-066a3076f693bdf1acf756f1b6327c5f.yaml new file mode 100644 index 0000000000..18f32ab2bf --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wpmu-066a3076f693bdf1acf756f1b6327c5f.yaml @@ -0,0 +1,60 @@ +id: wpmu-066a3076f693bdf1acf756f1b6327c5f + +info: + name: > + WordPress Core < 2.3.3 & WordPress MU < 1.3.2 - Remote Code Execution + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/8afcb18c-71e6-4c77-b0f9-0700ee05966e?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 1.3.1') + - compare_versions(version_by_js, '<= 1.3.1') + - compare_versions(version_by_css, '<= 1.3.1') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wpmu-0a463c0e0d577561524cb644f755db53.yaml b/nuclei-templates/cve-less/unknown/wpmu-0a463c0e0d577561524cb644f755db53.yaml new file mode 100644 index 0000000000..6e9c1b6208 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wpmu-0a463c0e0d577561524cb644f755db53.yaml @@ -0,0 +1,60 @@ +id: wpmu-0a463c0e0d577561524cb644f755db53 + +info: + name: > + WordPress Core & WordPress MU < 2.8.1 - Username Enumeration + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/08f83fd1-5e8c-472f-819a-6078a5d2a56b?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8') + - compare_versions(version_by_js, '<= 2.8') + - compare_versions(version_by_css, '<= 2.8') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wpmu-2556d7722d4548d9067588a035ce357f.yaml b/nuclei-templates/cve-less/unknown/wpmu-2556d7722d4548d9067588a035ce357f.yaml new file mode 100644 index 0000000000..4eeab92b1c --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wpmu-2556d7722d4548d9067588a035ce357f.yaml @@ -0,0 +1,60 @@ +id: wpmu-2556d7722d4548d9067588a035ce357f + +info: + name: > + WordPress MU < 2.6 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/20283c28-6640-4082-82ca-7f8769e4ccc0?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.6') + - compare_versions(version_by_js, '< 2.6') + - compare_versions(version_by_css, '< 2.6') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wpmu-422b8bdaad97e0b40c02ad0f5a31ce10.yaml b/nuclei-templates/cve-less/unknown/wpmu-422b8bdaad97e0b40c02ad0f5a31ce10.yaml new file mode 100644 index 0000000000..97c9595147 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wpmu-422b8bdaad97e0b40c02ad0f5a31ce10.yaml @@ -0,0 +1,60 @@ +id: wpmu-422b8bdaad97e0b40c02ad0f5a31ce10 + +info: + name: > + WordPress Core & WordPress MU < 2.8.1 - Username Enumeration + author: topscoder + severity: medium + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b23308d-7439-4dd2-9ec7-57b987909121?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,medium + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8') + - compare_versions(version_by_js, '<= 2.8') + - compare_versions(version_by_css, '<= 2.8') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wpmu-434185acc770b617ac0296a7924b385f.yaml b/nuclei-templates/cve-less/unknown/wpmu-434185acc770b617ac0296a7924b385f.yaml new file mode 100644 index 0000000000..ddfea6ce46 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wpmu-434185acc770b617ac0296a7924b385f.yaml @@ -0,0 +1,60 @@ +id: wpmu-434185acc770b617ac0296a7924b385f + +info: + name: > + WordPress Core <= 2.8 - Sensitive Information Disclosure + author: topscoder + severity: low + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/50f58944-1a12-4bac-9f90-8b0e1d109d11?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,low + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 2.8') + - compare_versions(version_by_js, '<= 2.8') + - compare_versions(version_by_css, '<= 2.8') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wpmu-6639b89672c29c6f168a2b79f92361c6.yaml b/nuclei-templates/cve-less/unknown/wpmu-6639b89672c29c6f168a2b79f92361c6.yaml new file mode 100644 index 0000000000..0c212a52f7 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wpmu-6639b89672c29c6f168a2b79f92361c6.yaml @@ -0,0 +1,60 @@ +id: wpmu-6639b89672c29c6f168a2b79f92361c6 + +info: + name: > + WordPress MU < 2.7 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0cd4d88d-0a88-4b81-a2f6-a98a0ddfdfb6?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 2.7') + - compare_versions(version_by_js, '< 2.7') + - compare_versions(version_by_css, '< 2.7') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wpmu-7a8b8fa3bcccffed98e8c5f115c5183e.yaml b/nuclei-templates/cve-less/unknown/wpmu-7a8b8fa3bcccffed98e8c5f115c5183e.yaml new file mode 100644 index 0000000000..51a5e44592 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wpmu-7a8b8fa3bcccffed98e8c5f115c5183e.yaml @@ -0,0 +1,60 @@ +id: wpmu-7a8b8fa3bcccffed98e8c5f115c5183e + +info: + name: > + WordPress Core < 2.2.3 & WordPress MU < 1.2.5a - SQL Injection + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/a5c290a1-b58a-4b5c-8112-076d5b17d940?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 1.2.5') + - compare_versions(version_by_js, '< 1.2.5') + - compare_versions(version_by_css, '< 1.2.5') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wpmu-a4e5a5186ca39bcba5d872b9fb372cda.yaml b/nuclei-templates/cve-less/unknown/wpmu-a4e5a5186ca39bcba5d872b9fb372cda.yaml new file mode 100644 index 0000000000..ac1a539ba2 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wpmu-a4e5a5186ca39bcba5d872b9fb372cda.yaml @@ -0,0 +1,60 @@ +id: wpmu-a4e5a5186ca39bcba5d872b9fb372cda + +info: + name: > + WordPress MU <= 1.0 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/d1c80d7c-0eab-4437-ad03-9789d34638a1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 1.0') + - compare_versions(version_by_js, '<= 1.0') + - compare_versions(version_by_css, '<= 1.0') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wpmu-abd2276f34ac392ae9b6a69f93290abd.yaml b/nuclei-templates/cve-less/unknown/wpmu-abd2276f34ac392ae9b6a69f93290abd.yaml new file mode 100644 index 0000000000..e0a04573b7 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wpmu-abd2276f34ac392ae9b6a69f93290abd.yaml @@ -0,0 +1,60 @@ +id: wpmu-abd2276f34ac392ae9b6a69f93290abd + +info: + name: > + WordPress Core <= 2.2.2 - Cross-Site Scripting + author: topscoder + severity: high + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/26daa367-ef73-4ae0-843e-6d5366cc4ecd?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,high + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '< 1.2.5a') + - compare_versions(version_by_js, '< 1.2.5a') + - compare_versions(version_by_css, '< 1.2.5a') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b' diff --git a/nuclei-templates/cve-less/unknown/wpmu-b9356af48d41602f5f193ab6f4ff8815.yaml b/nuclei-templates/cve-less/unknown/wpmu-b9356af48d41602f5f193ab6f4ff8815.yaml new file mode 100644 index 0000000000..af6cfaafd2 --- /dev/null +++ b/nuclei-templates/cve-less/unknown/wpmu-b9356af48d41602f5f193ab6f4ff8815.yaml @@ -0,0 +1,60 @@ +id: wpmu-b9356af48d41602f5f193ab6f4ff8815 + +info: + name: > + WordPress Core <= 2.2.1 - Arbitrary File Upload + author: topscoder + severity: critical + description: > + + reference: + - https://www.wordfence.com/threat-intel/vulnerabilities/id/0848d526-9530-40f3-8430-499d96b9a1b1?source=api-scan + classification: + cvss-metrics: + cvss-score: + cve-id: + metadata: + shodan-query: 'vuln:' + tags: cve,wordpress,wp-core,critical + +http: + - method: GET + path: + - "{{BaseURL}}" + - "{{BaseURL}}/wp-admin/install.php" + - "{{BaseURL}}/feed/" + - "{{BaseURL}}/?feed=rss2" # alternative if /feed/ is blocked + + redirects: true + max-redirects: 2 + stop-at-first-match: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - compare_versions(version_by_generator, '<= 1.2.3') + - compare_versions(version_by_js, '<= 1.2.3') + - compare_versions(version_by_css, '<= 1.2.3') + + - type: status + status: + - 200 + + extractors: + - type: regex + name: version_by_generator + group: 1 + regex: + - '(?m)https:\/\/wordpress.org\/\?v=([0-9.]+)' + + - type: regex + name: version_by_js + group: 1 + regex: + - 'wp-emoji-release\.min\.js\?ver=((\d+\.?)+)\b' + + - type: regex + name: version_by_css + group: 1 + regex: + - 'install\.min\.css\?ver=((\d+\.?)+)\b'